cobaltstrike | e2688f31ad73441fc4052b4951c7e9522ac4b595b1b90c9b2689b37c36cc67a6

Analysis

max time kernel
146s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

bfd6691f384689d18e7cac4f5bacf1be
SHA1

56d6dd461b7798f2202b23f7dc0b559b9cf0471d
SHA256

e2688f31ad73441fc4052b4951c7e9522ac4b595b1b90c9b2689b37c36cc67a6
SHA512

eedd98fbbd94a384e6f588f7977b8ad01e6e97e072002908075cd107cfeabb586b3a70130814d81d46d958a05e7572627c3a17b7004bdc1e8634be404ea4738d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUj:T+q56utgpPF8u/7j

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012280-6.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000162e4-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016399-12.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f02-46.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-172.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-168.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-153.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-151.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-142.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-159.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015fa6-130.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-94.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-88.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-145.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016df8-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016689-29.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-120.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001660e-117.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164de-16.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-74.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-73.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016890-42.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 60 IoCs

miner

resource	yara_rule
behavioral1/memory/2548-0-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x000c000000012280-6.dat	xmrig
behavioral1/files/0x00090000000162e4-8.dat	xmrig
behavioral1/files/0x0008000000016399-12.dat	xmrig
behavioral1/memory/2360-26-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2052-21-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x0006000000016f02-46.dat	xmrig
behavioral1/files/0x000500000001924f-182.dat	xmrig
behavioral1/memory/2360-871-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2768-761-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2052-755-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2548-660-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0005000000019261-187.dat	xmrig
behavioral1/files/0x0005000000019237-177.dat	xmrig
behavioral1/files/0x0005000000019203-172.dat	xmrig
behavioral1/files/0x0006000000019056-168.dat	xmrig
behavioral1/files/0x0006000000018be7-156.dat	xmrig
behavioral1/files/0x000500000001871c-153.dat	xmrig
behavioral1/files/0x0006000000018d83-151.dat	xmrig
behavioral1/files/0x000d000000018683-142.dat	xmrig
behavioral1/files/0x00060000000175f1-140.dat	xmrig
behavioral1/files/0x0006000000018fdf-159.dat	xmrig
behavioral1/files/0x0009000000015fa6-130.dat	xmrig
behavioral1/files/0x00060000000174b4-128.dat	xmrig
behavioral1/memory/2452-100-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x0005000000018697-96.dat	xmrig
behavioral1/files/0x0005000000018706-94.dat	xmrig
behavioral1/files/0x00060000000175f7-88.dat	xmrig
behavioral1/memory/2768-81-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2548-69-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x0006000000018d7b-145.dat	xmrig
behavioral1/memory/2752-61-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016df8-37.dat	xmrig
behavioral1/memory/2104-30-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0007000000016689-29.dat	xmrig
behavioral1/files/0x0005000000018745-133.dat	xmrig
behavioral1/files/0x000500000001870c-120.dat	xmrig
behavioral1/files/0x000700000001660e-117.dat	xmrig
behavioral1/files/0x00070000000164de-16.dat	xmrig
behavioral1/memory/2548-108-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2848-107-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2616-92-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017570-74.dat	xmrig
behavioral1/files/0x00060000000174f8-73.dat	xmrig
behavioral1/memory/2788-57-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x000600000001707f-55.dat	xmrig
behavioral1/memory/2680-45-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x0006000000016edc-43.dat	xmrig
behavioral1/files/0x0007000000016890-42.dat	xmrig
behavioral1/memory/2548-36-0x0000000002430000-0x0000000002784000-memory.dmp	xmrig
behavioral1/memory/2680-3503-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2052-3499-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2104-3502-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2360-3501-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2452-3500-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2768-3701-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2848-3705-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	xmrig
behavioral1/memory/2616-3706-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2752-3710-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2788-3704-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2052	KxtNCZm.exe
2360	HFUVzqW.exe
2104	eqWziwq.exe
2680	fednHoj.exe
2788	BjDLktt.exe
2752	LslunwP.exe
2848	GMhhptp.exe
2768	CGlCVem.exe
2616	JWokgbm.exe
2452	tYgklkA.exe
1636	cjKXSzX.exe
2456	EoLpnPI.exe
2876	EqhCRkB.exe
2288	ntAlTII.exe
584	wiceHIR.exe
2812	UBOorGl.exe
2952	mWnVlKb.exe
2652	LEWUwtc.exe
1764	PvryFbT.exe
1560	kTFikKX.exe
1456	JikTQuv.exe
2928	cVBrZOr.exe
1808	jtYurPZ.exe
2832	IWieHdl.exe
2972	hzgqFIp.exe
2192	WmbWHuK.exe
1996	ZNompfj.exe
1520	xkxPPPY.exe
2432	YNhgNVd.exe
3020	EmutBgI.exe
1192	oBWIDBs.exe
676	ImChyQG.exe
1804	ODAfHuC.exe
1984	wCmEVYE.exe
1104	WipPdCs.exe
1640	koqXzQT.exe
1668	DvimODQ.exe
1544	iXzUAqX.exe
1020	sqcDaJr.exe
2956	ESsaIfw.exe
2364	buMEqbi.exe
1992	AcSGAxv.exe
3068	IuAryWm.exe
1672	bAKUHNM.exe
264	pYMMmDg.exe
1856	KXsPxxQ.exe
2496	arDbeSV.exe
1900	zqCVdNB.exe
1908	SWWhUhh.exe
2992	AnDrtzQ.exe
1748	eDSNMdm.exe
2312	OwdCxXT.exe
1576	AfUThDm.exe
2064	oudguwJ.exe
1376	NmOTXLN.exe
2100	DCRyirH.exe
2704	Rmjjmbc.exe
2396	rHyIMXU.exe
2660	ZigXqgu.exe
1444	cJTInYm.exe
1704	dbJSsNu.exe
1712	valUCoH.exe
2800	uyEGLsU.exe
2904	mUeFbRc.exe

Loads dropped DLL 64 IoCs

pid	Process
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 57 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2548-0-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x000c000000012280-6.dat	upx
behavioral1/files/0x00090000000162e4-8.dat	upx
behavioral1/files/0x0008000000016399-12.dat	upx
behavioral1/memory/2360-26-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2052-21-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x0006000000016f02-46.dat	upx
behavioral1/files/0x000500000001924f-182.dat	upx
behavioral1/memory/2360-871-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2768-761-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2052-755-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2548-660-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0005000000019261-187.dat	upx
behavioral1/files/0x0005000000019237-177.dat	upx
behavioral1/files/0x0005000000019203-172.dat	upx
behavioral1/files/0x0006000000019056-168.dat	upx
behavioral1/files/0x0006000000018be7-156.dat	upx
behavioral1/files/0x000500000001871c-153.dat	upx
behavioral1/files/0x0006000000018d83-151.dat	upx
behavioral1/files/0x000d000000018683-142.dat	upx
behavioral1/files/0x00060000000175f1-140.dat	upx
behavioral1/files/0x0006000000018fdf-159.dat	upx
behavioral1/files/0x0009000000015fa6-130.dat	upx
behavioral1/files/0x00060000000174b4-128.dat	upx
behavioral1/memory/2452-100-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x0005000000018697-96.dat	upx
behavioral1/files/0x0005000000018706-94.dat	upx
behavioral1/files/0x00060000000175f7-88.dat	upx
behavioral1/memory/2768-81-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/files/0x0006000000018d7b-145.dat	upx
behavioral1/memory/2752-61-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0007000000016df8-37.dat	upx
behavioral1/memory/2104-30-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0007000000016689-29.dat	upx
behavioral1/files/0x0005000000018745-133.dat	upx
behavioral1/files/0x000500000001870c-120.dat	upx
behavioral1/files/0x000700000001660e-117.dat	upx
behavioral1/files/0x00070000000164de-16.dat	upx
behavioral1/memory/2848-107-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2616-92-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x0006000000017570-74.dat	upx
behavioral1/files/0x00060000000174f8-73.dat	upx
behavioral1/memory/2788-57-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x000600000001707f-55.dat	upx
behavioral1/memory/2680-45-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x0006000000016edc-43.dat	upx
behavioral1/files/0x0007000000016890-42.dat	upx
behavioral1/memory/2680-3503-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2052-3499-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2104-3502-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2360-3501-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2452-3500-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2768-3701-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2848-3705-0x000000013F4A0000-0x000000013F7F4000-memory.dmp	upx
behavioral1/memory/2616-3706-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2752-3710-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2788-3704-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JikTQuv.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NWhsQYq.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETNozCH.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qohDgEz.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGxGtgL.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gemHcZC.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fVWjadb.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wCETgXj.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmiwobD.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfzrrwD.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkkFPBi.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYlEfGW.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELYnymj.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXSgdiO.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTTiWdN.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjjfkDy.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOxbmcX.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HeVVMQI.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XHMmqvj.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\coGnEsO.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLmBzGH.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LmJGfjy.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnxRWML.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\joixnXE.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VJQZWqy.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MVKZDYB.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKExZQM.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAUysuP.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhBljbN.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbOaQTo.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zJNlGrJ.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSTvyFU.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSssKaX.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oajpkQS.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqXcYEm.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjtyCIE.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfwnTPy.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDyfSei.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfoWquC.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kdOubku.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADIqDok.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rVpJPJR.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khgtCwo.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIwjolW.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odTlzdH.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPKjTDg.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCTpBUP.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xPuTSSn.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\feZjdmQ.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpoboKj.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgIHaSJ.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAqMmvY.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxbgolM.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAVFqtn.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\raRaYMY.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VQbjsoL.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NSupCvG.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SgRAYtS.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjxhSOO.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxeqqSt.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZWXDrFL.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXVNcXF.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpDfnIV.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMxtqsp.exe	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2052	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2548 wrote to memory of 2052	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2548 wrote to memory of 2052	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2548 wrote to memory of 2360	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2548 wrote to memory of 2360	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2548 wrote to memory of 2360	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2548 wrote to memory of 2104	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2548 wrote to memory of 2104	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2548 wrote to memory of 2104	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2548 wrote to memory of 2680	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2548 wrote to memory of 2680	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2548 wrote to memory of 2680	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2548 wrote to memory of 2288	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2548 wrote to memory of 2288	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2548 wrote to memory of 2288	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2548 wrote to memory of 2456	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2548 wrote to memory of 2456	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2548 wrote to memory of 2456	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2548 wrote to memory of 2788	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2548 wrote to memory of 2788	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2548 wrote to memory of 2788	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2548 wrote to memory of 2876	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2548 wrote to memory of 2876	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2548 wrote to memory of 2876	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2548 wrote to memory of 2752	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2548 wrote to memory of 2752	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2548 wrote to memory of 2752	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2548 wrote to memory of 2812	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2548 wrote to memory of 2812	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2548 wrote to memory of 2812	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2548 wrote to memory of 2848	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2548 wrote to memory of 2848	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2548 wrote to memory of 2848	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2548 wrote to memory of 2952	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2548 wrote to memory of 2952	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2548 wrote to memory of 2952	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2548 wrote to memory of 2768	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2548 wrote to memory of 2768	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2548 wrote to memory of 2768	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2548 wrote to memory of 2652	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2548 wrote to memory of 2652	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2548 wrote to memory of 2652	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2548 wrote to memory of 2616	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2548 wrote to memory of 2616	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2548 wrote to memory of 2616	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2548 wrote to memory of 1560	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2548 wrote to memory of 1560	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2548 wrote to memory of 1560	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2548 wrote to memory of 2452	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2548 wrote to memory of 2452	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2548 wrote to memory of 2452	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2548 wrote to memory of 1456	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2548 wrote to memory of 1456	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2548 wrote to memory of 1456	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2548 wrote to memory of 1636	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2548 wrote to memory of 1636	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2548 wrote to memory of 1636	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2548 wrote to memory of 1808	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2548 wrote to memory of 1808	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2548 wrote to memory of 1808	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2548 wrote to memory of 584	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2548 wrote to memory of 584	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2548 wrote to memory of 584	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2548 wrote to memory of 2832	2548	2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_bfd6691f384689d18e7cac4f5bacf1be_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\System\KxtNCZm.exe
  C:\Windows\System\KxtNCZm.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\HFUVzqW.exe
  C:\Windows\System\HFUVzqW.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\eqWziwq.exe
  C:\Windows\System\eqWziwq.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\fednHoj.exe
  C:\Windows\System\fednHoj.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ntAlTII.exe
  C:\Windows\System\ntAlTII.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\EoLpnPI.exe
  C:\Windows\System\EoLpnPI.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\BjDLktt.exe
  C:\Windows\System\BjDLktt.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\EqhCRkB.exe
  C:\Windows\System\EqhCRkB.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\LslunwP.exe
  C:\Windows\System\LslunwP.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\UBOorGl.exe
  C:\Windows\System\UBOorGl.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\GMhhptp.exe
  C:\Windows\System\GMhhptp.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\mWnVlKb.exe
  C:\Windows\System\mWnVlKb.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\CGlCVem.exe
  C:\Windows\System\CGlCVem.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\LEWUwtc.exe
  C:\Windows\System\LEWUwtc.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\JWokgbm.exe
  C:\Windows\System\JWokgbm.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\kTFikKX.exe
  C:\Windows\System\kTFikKX.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\tYgklkA.exe
  C:\Windows\System\tYgklkA.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\JikTQuv.exe
  C:\Windows\System\JikTQuv.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\cjKXSzX.exe
  C:\Windows\System\cjKXSzX.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\jtYurPZ.exe
  C:\Windows\System\jtYurPZ.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\wiceHIR.exe
  C:\Windows\System\wiceHIR.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\IWieHdl.exe
  C:\Windows\System\IWieHdl.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\PvryFbT.exe
  C:\Windows\System\PvryFbT.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\hzgqFIp.exe
  C:\Windows\System\hzgqFIp.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\cVBrZOr.exe
  C:\Windows\System\cVBrZOr.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\ZNompfj.exe
  C:\Windows\System\ZNompfj.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\WmbWHuK.exe
  C:\Windows\System\WmbWHuK.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\xkxPPPY.exe
  C:\Windows\System\xkxPPPY.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\YNhgNVd.exe
  C:\Windows\System\YNhgNVd.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\EmutBgI.exe
  C:\Windows\System\EmutBgI.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\oBWIDBs.exe
  C:\Windows\System\oBWIDBs.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\ImChyQG.exe
  C:\Windows\System\ImChyQG.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\ODAfHuC.exe
  C:\Windows\System\ODAfHuC.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\wCmEVYE.exe
  C:\Windows\System\wCmEVYE.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\WipPdCs.exe
  C:\Windows\System\WipPdCs.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\koqXzQT.exe
  C:\Windows\System\koqXzQT.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\DvimODQ.exe
  C:\Windows\System\DvimODQ.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\iXzUAqX.exe
  C:\Windows\System\iXzUAqX.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\sqcDaJr.exe
  C:\Windows\System\sqcDaJr.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\ESsaIfw.exe
  C:\Windows\System\ESsaIfw.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\buMEqbi.exe
  C:\Windows\System\buMEqbi.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\AcSGAxv.exe
  C:\Windows\System\AcSGAxv.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\IuAryWm.exe
  C:\Windows\System\IuAryWm.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\bAKUHNM.exe
  C:\Windows\System\bAKUHNM.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\pYMMmDg.exe
  C:\Windows\System\pYMMmDg.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\KXsPxxQ.exe
  C:\Windows\System\KXsPxxQ.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\arDbeSV.exe
  C:\Windows\System\arDbeSV.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\zqCVdNB.exe
  C:\Windows\System\zqCVdNB.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\SWWhUhh.exe
  C:\Windows\System\SWWhUhh.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\AnDrtzQ.exe
  C:\Windows\System\AnDrtzQ.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\eDSNMdm.exe
  C:\Windows\System\eDSNMdm.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\OwdCxXT.exe
  C:\Windows\System\OwdCxXT.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\AfUThDm.exe
  C:\Windows\System\AfUThDm.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\oudguwJ.exe
  C:\Windows\System\oudguwJ.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\NmOTXLN.exe
  C:\Windows\System\NmOTXLN.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\DCRyirH.exe
  C:\Windows\System\DCRyirH.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\Rmjjmbc.exe
  C:\Windows\System\Rmjjmbc.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\rHyIMXU.exe
  C:\Windows\System\rHyIMXU.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\ZigXqgu.exe
  C:\Windows\System\ZigXqgu.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\cJTInYm.exe
  C:\Windows\System\cJTInYm.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\dbJSsNu.exe
  C:\Windows\System\dbJSsNu.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\valUCoH.exe
  C:\Windows\System\valUCoH.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\uyEGLsU.exe
  C:\Windows\System\uyEGLsU.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\mUeFbRc.exe
  C:\Windows\System\mUeFbRc.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\NWhsQYq.exe
  C:\Windows\System\NWhsQYq.exe
  2⤵
  PID:2760
- C:\Windows\System\OgeyMUi.exe
  C:\Windows\System\OgeyMUi.exe
  2⤵
  PID:2608
- C:\Windows\System\CqLhwrr.exe
  C:\Windows\System\CqLhwrr.exe
  2⤵
  PID:1676
- C:\Windows\System\QjprnMq.exe
  C:\Windows\System\QjprnMq.exe
  2⤵
  PID:2144
- C:\Windows\System\TcegcJy.exe
  C:\Windows\System\TcegcJy.exe
  2⤵
  PID:1892
- C:\Windows\System\TFyPFBJ.exe
  C:\Windows\System\TFyPFBJ.exe
  2⤵
  PID:2228
- C:\Windows\System\FtruoMo.exe
  C:\Windows\System\FtruoMo.exe
  2⤵
  PID:1652
- C:\Windows\System\KPlLFcA.exe
  C:\Windows\System\KPlLFcA.exe
  2⤵
  PID:1088
- C:\Windows\System\fCCHinO.exe
  C:\Windows\System\fCCHinO.exe
  2⤵
  PID:964
- C:\Windows\System\gdDlmTa.exe
  C:\Windows\System\gdDlmTa.exe
  2⤵
  PID:612
- C:\Windows\System\kDCrKkd.exe
  C:\Windows\System\kDCrKkd.exe
  2⤵
  PID:304
- C:\Windows\System\CHOiPTP.exe
  C:\Windows\System\CHOiPTP.exe
  2⤵
  PID:1648
- C:\Windows\System\AzeDYCm.exe
  C:\Windows\System\AzeDYCm.exe
  2⤵
  PID:628
- C:\Windows\System\WlNjKmr.exe
  C:\Windows\System\WlNjKmr.exe
  2⤵
  PID:1000
- C:\Windows\System\gLKQSYK.exe
  C:\Windows\System\gLKQSYK.exe
  2⤵
  PID:880
- C:\Windows\System\zyvPBDn.exe
  C:\Windows\System\zyvPBDn.exe
  2⤵
  PID:2036
- C:\Windows\System\cbAksEv.exe
  C:\Windows\System\cbAksEv.exe
  2⤵
  PID:792
- C:\Windows\System\RLPnPcP.exe
  C:\Windows\System\RLPnPcP.exe
  2⤵
  PID:1904
- C:\Windows\System\uSEffMP.exe
  C:\Windows\System\uSEffMP.exe
  2⤵
  PID:2460
- C:\Windows\System\XnmoyjG.exe
  C:\Windows\System\XnmoyjG.exe
  2⤵
  PID:2328
- C:\Windows\System\ttdYppn.exe
  C:\Windows\System\ttdYppn.exe
  2⤵
  PID:1884
- C:\Windows\System\UixMOQq.exe
  C:\Windows\System\UixMOQq.exe
  2⤵
  PID:2376
- C:\Windows\System\zpsUjQj.exe
  C:\Windows\System\zpsUjQj.exe
  2⤵
  PID:1584
- C:\Windows\System\sREKbkw.exe
  C:\Windows\System\sREKbkw.exe
  2⤵
  PID:2540
- C:\Windows\System\hLreOju.exe
  C:\Windows\System\hLreOju.exe
  2⤵
  PID:2816
- C:\Windows\System\bQPMbRl.exe
  C:\Windows\System\bQPMbRl.exe
  2⤵
  PID:2668
- C:\Windows\System\uYZkehr.exe
  C:\Windows\System\uYZkehr.exe
  2⤵
  PID:2900
- C:\Windows\System\yJQiLOJ.exe
  C:\Windows\System\yJQiLOJ.exe
  2⤵
  PID:1380
- C:\Windows\System\rUXlCFq.exe
  C:\Windows\System\rUXlCFq.exe
  2⤵
  PID:1752
- C:\Windows\System\dTyKFrc.exe
  C:\Windows\System\dTyKFrc.exe
  2⤵
  PID:2592
- C:\Windows\System\LJZlDzA.exe
  C:\Windows\System\LJZlDzA.exe
  2⤵
  PID:2692
- C:\Windows\System\upPxHgN.exe
  C:\Windows\System\upPxHgN.exe
  2⤵
  PID:2916
- C:\Windows\System\LXhachw.exe
  C:\Windows\System\LXhachw.exe
  2⤵
  PID:2200
- C:\Windows\System\zLazILH.exe
  C:\Windows\System\zLazILH.exe
  2⤵
  PID:2772
- C:\Windows\System\lukTXTF.exe
  C:\Windows\System\lukTXTF.exe
  2⤵
  PID:2964
- C:\Windows\System\wonGLlt.exe
  C:\Windows\System\wonGLlt.exe
  2⤵
  PID:1340
- C:\Windows\System\CVUMSoQ.exe
  C:\Windows\System\CVUMSoQ.exe
  2⤵
  PID:1980
- C:\Windows\System\EIIZCAS.exe
  C:\Windows\System\EIIZCAS.exe
  2⤵
  PID:1288
- C:\Windows\System\AikFwKK.exe
  C:\Windows\System\AikFwKK.exe
  2⤵
  PID:3088
- C:\Windows\System\OHKElZG.exe
  C:\Windows\System\OHKElZG.exe
  2⤵
  PID:3108
- C:\Windows\System\DdMjLox.exe
  C:\Windows\System\DdMjLox.exe
  2⤵
  PID:3128
- C:\Windows\System\NXMiCGB.exe
  C:\Windows\System\NXMiCGB.exe
  2⤵
  PID:3148
- C:\Windows\System\vASYlzu.exe
  C:\Windows\System\vASYlzu.exe
  2⤵
  PID:3168
- C:\Windows\System\jjfPLcc.exe
  C:\Windows\System\jjfPLcc.exe
  2⤵
  PID:3188
- C:\Windows\System\PbXOWMw.exe
  C:\Windows\System\PbXOWMw.exe
  2⤵
  PID:3208
- C:\Windows\System\PhyvRVP.exe
  C:\Windows\System\PhyvRVP.exe
  2⤵
  PID:3228
- C:\Windows\System\fPLfIUv.exe
  C:\Windows\System\fPLfIUv.exe
  2⤵
  PID:3248
- C:\Windows\System\YfUFplO.exe
  C:\Windows\System\YfUFplO.exe
  2⤵
  PID:3268
- C:\Windows\System\odTlzdH.exe
  C:\Windows\System\odTlzdH.exe
  2⤵
  PID:3288
- C:\Windows\System\zlLdxOE.exe
  C:\Windows\System\zlLdxOE.exe
  2⤵
  PID:3308
- C:\Windows\System\oqDvGjx.exe
  C:\Windows\System\oqDvGjx.exe
  2⤵
  PID:3328
- C:\Windows\System\xVEVkEb.exe
  C:\Windows\System\xVEVkEb.exe
  2⤵
  PID:3348
- C:\Windows\System\CZlIpWF.exe
  C:\Windows\System\CZlIpWF.exe
  2⤵
  PID:3368
- C:\Windows\System\HdpWhPB.exe
  C:\Windows\System\HdpWhPB.exe
  2⤵
  PID:3388
- C:\Windows\System\OSOqCrF.exe
  C:\Windows\System\OSOqCrF.exe
  2⤵
  PID:3408
- C:\Windows\System\qNvXIAO.exe
  C:\Windows\System\qNvXIAO.exe
  2⤵
  PID:3428
- C:\Windows\System\LlIIhXj.exe
  C:\Windows\System\LlIIhXj.exe
  2⤵
  PID:3456
- C:\Windows\System\KgFBdFc.exe
  C:\Windows\System\KgFBdFc.exe
  2⤵
  PID:3480
- C:\Windows\System\znaRciF.exe
  C:\Windows\System\znaRciF.exe
  2⤵
  PID:3520
- C:\Windows\System\VMlpNtz.exe
  C:\Windows\System\VMlpNtz.exe
  2⤵
  PID:3540
- C:\Windows\System\ILdMhZW.exe
  C:\Windows\System\ILdMhZW.exe
  2⤵
  PID:3564
- C:\Windows\System\BsgiUBj.exe
  C:\Windows\System\BsgiUBj.exe
  2⤵
  PID:3584
- C:\Windows\System\sJUzSTj.exe
  C:\Windows\System\sJUzSTj.exe
  2⤵
  PID:3604
- C:\Windows\System\aRnUPUx.exe
  C:\Windows\System\aRnUPUx.exe
  2⤵
  PID:3624
- C:\Windows\System\dmMbBTd.exe
  C:\Windows\System\dmMbBTd.exe
  2⤵
  PID:3644
- C:\Windows\System\YFdSERg.exe
  C:\Windows\System\YFdSERg.exe
  2⤵
  PID:3664
- C:\Windows\System\wmQSvpa.exe
  C:\Windows\System\wmQSvpa.exe
  2⤵
  PID:3684
- C:\Windows\System\jeIimeO.exe
  C:\Windows\System\jeIimeO.exe
  2⤵
  PID:3704
- C:\Windows\System\nQRWjZg.exe
  C:\Windows\System\nQRWjZg.exe
  2⤵
  PID:3724
- C:\Windows\System\IQdYrTe.exe
  C:\Windows\System\IQdYrTe.exe
  2⤵
  PID:3744
- C:\Windows\System\uDGyLjz.exe
  C:\Windows\System\uDGyLjz.exe
  2⤵
  PID:3764
- C:\Windows\System\kBFarOK.exe
  C:\Windows\System\kBFarOK.exe
  2⤵
  PID:3788
- C:\Windows\System\cvKURTI.exe
  C:\Windows\System\cvKURTI.exe
  2⤵
  PID:3808
- C:\Windows\System\UGoPTwp.exe
  C:\Windows\System\UGoPTwp.exe
  2⤵
  PID:3828
- C:\Windows\System\SMvjERr.exe
  C:\Windows\System\SMvjERr.exe
  2⤵
  PID:3848
- C:\Windows\System\jbCrhZr.exe
  C:\Windows\System\jbCrhZr.exe
  2⤵
  PID:3868
- C:\Windows\System\aKkXsEd.exe
  C:\Windows\System\aKkXsEd.exe
  2⤵
  PID:3888
- C:\Windows\System\zljpYUH.exe
  C:\Windows\System\zljpYUH.exe
  2⤵
  PID:3908
- C:\Windows\System\YYIQMSu.exe
  C:\Windows\System\YYIQMSu.exe
  2⤵
  PID:3928
- C:\Windows\System\ZdVbrjF.exe
  C:\Windows\System\ZdVbrjF.exe
  2⤵
  PID:3948
- C:\Windows\System\dOncTUT.exe
  C:\Windows\System\dOncTUT.exe
  2⤵
  PID:3968
- C:\Windows\System\MdlGEdG.exe
  C:\Windows\System\MdlGEdG.exe
  2⤵
  PID:3988
- C:\Windows\System\kdouWAN.exe
  C:\Windows\System\kdouWAN.exe
  2⤵
  PID:4008
- C:\Windows\System\gfaPEcU.exe
  C:\Windows\System\gfaPEcU.exe
  2⤵
  PID:4028
- C:\Windows\System\NtKUYIg.exe
  C:\Windows\System\NtKUYIg.exe
  2⤵
  PID:4048
- C:\Windows\System\yMWytsY.exe
  C:\Windows\System\yMWytsY.exe
  2⤵
  PID:4068
- C:\Windows\System\iOQiryQ.exe
  C:\Windows\System\iOQiryQ.exe
  2⤵
  PID:4088
- C:\Windows\System\zwNgieX.exe
  C:\Windows\System\zwNgieX.exe
  2⤵
  PID:724
- C:\Windows\System\EfjljVK.exe
  C:\Windows\System\EfjljVK.exe
  2⤵
  PID:2208
- C:\Windows\System\gHhPWvC.exe
  C:\Windows\System\gHhPWvC.exe
  2⤵
  PID:2404
- C:\Windows\System\VqzlXjD.exe
  C:\Windows\System\VqzlXjD.exe
  2⤵
  PID:1860
- C:\Windows\System\JlxNPKa.exe
  C:\Windows\System\JlxNPKa.exe
  2⤵
  PID:1580
- C:\Windows\System\GwJYErB.exe
  C:\Windows\System\GwJYErB.exe
  2⤵
  PID:2708
- C:\Windows\System\HecOxbJ.exe
  C:\Windows\System\HecOxbJ.exe
  2⤵
  PID:1784
- C:\Windows\System\XEqSeSd.exe
  C:\Windows\System\XEqSeSd.exe
  2⤵
  PID:2744
- C:\Windows\System\RdpUamf.exe
  C:\Windows\System\RdpUamf.exe
  2⤵
  PID:1508
- C:\Windows\System\OCeZCNy.exe
  C:\Windows\System\OCeZCNy.exe
  2⤵
  PID:1056
- C:\Windows\System\lEvLQuN.exe
  C:\Windows\System\lEvLQuN.exe
  2⤵
  PID:3028
- C:\Windows\System\nfvVsaE.exe
  C:\Windows\System\nfvVsaE.exe
  2⤵
  PID:2580
- C:\Windows\System\BDPayob.exe
  C:\Windows\System\BDPayob.exe
  2⤵
  PID:1796
- C:\Windows\System\gTHdUIK.exe
  C:\Windows\System\gTHdUIK.exe
  2⤵
  PID:3084
- C:\Windows\System\gfwnTPy.exe
  C:\Windows\System\gfwnTPy.exe
  2⤵
  PID:3116
- C:\Windows\System\mEyHEwC.exe
  C:\Windows\System\mEyHEwC.exe
  2⤵
  PID:3140
- C:\Windows\System\UZxwwhf.exe
  C:\Windows\System\UZxwwhf.exe
  2⤵
  PID:3184
- C:\Windows\System\VPzfTXY.exe
  C:\Windows\System\VPzfTXY.exe
  2⤵
  PID:3200
- C:\Windows\System\XXFEZGp.exe
  C:\Windows\System\XXFEZGp.exe
  2⤵
  PID:3240
- C:\Windows\System\PDLnKEu.exe
  C:\Windows\System\PDLnKEu.exe
  2⤵
  PID:3276
- C:\Windows\System\lpDfnIV.exe
  C:\Windows\System\lpDfnIV.exe
  2⤵
  PID:3316
- C:\Windows\System\xGPGrQa.exe
  C:\Windows\System\xGPGrQa.exe
  2⤵
  PID:3340
- C:\Windows\System\dPbYYhv.exe
  C:\Windows\System\dPbYYhv.exe
  2⤵
  PID:3384
- C:\Windows\System\KDyfSei.exe
  C:\Windows\System\KDyfSei.exe
  2⤵
  PID:3424
- C:\Windows\System\UpbwrwF.exe
  C:\Windows\System\UpbwrwF.exe
  2⤵
  PID:3444
- C:\Windows\System\zDzZRqZ.exe
  C:\Windows\System\zDzZRqZ.exe
  2⤵
  PID:3496
- C:\Windows\System\iXJUmFW.exe
  C:\Windows\System\iXJUmFW.exe
  2⤵
  PID:3552
- C:\Windows\System\pLVKBRb.exe
  C:\Windows\System\pLVKBRb.exe
  2⤵
  PID:3580
- C:\Windows\System\cJFbOWD.exe
  C:\Windows\System\cJFbOWD.exe
  2⤵
  PID:3616
- C:\Windows\System\MMbLLxb.exe
  C:\Windows\System\MMbLLxb.exe
  2⤵
  PID:3660
- C:\Windows\System\fLYAzvh.exe
  C:\Windows\System\fLYAzvh.exe
  2⤵
  PID:3680
- C:\Windows\System\CIpeBny.exe
  C:\Windows\System\CIpeBny.exe
  2⤵
  PID:3720
- C:\Windows\System\csibIbD.exe
  C:\Windows\System\csibIbD.exe
  2⤵
  PID:3756
- C:\Windows\System\OHgxYPX.exe
  C:\Windows\System\OHgxYPX.exe
  2⤵
  PID:3796
- C:\Windows\System\ZOALPGe.exe
  C:\Windows\System\ZOALPGe.exe
  2⤵
  PID:3836
- C:\Windows\System\kMVZIki.exe
  C:\Windows\System\kMVZIki.exe
  2⤵
  PID:3856
- C:\Windows\System\JBGmKIp.exe
  C:\Windows\System\JBGmKIp.exe
  2⤵
  PID:3896
- C:\Windows\System\isFIYJh.exe
  C:\Windows\System\isFIYJh.exe
  2⤵
  PID:3920
- C:\Windows\System\sdSxhQQ.exe
  C:\Windows\System\sdSxhQQ.exe
  2⤵
  PID:3976
- C:\Windows\System\Xwidtae.exe
  C:\Windows\System\Xwidtae.exe
  2⤵
  PID:4000
- C:\Windows\System\nYVZFyo.exe
  C:\Windows\System\nYVZFyo.exe
  2⤵
  PID:4020
- C:\Windows\System\fQyinIa.exe
  C:\Windows\System\fQyinIa.exe
  2⤵
  PID:4060
- C:\Windows\System\KjYHxmd.exe
  C:\Windows\System\KjYHxmd.exe
  2⤵
  PID:820
- C:\Windows\System\PIqCwvR.exe
  C:\Windows\System\PIqCwvR.exe
  2⤵
  PID:592
- C:\Windows\System\TFNKdVj.exe
  C:\Windows\System\TFNKdVj.exe
  2⤵
  PID:2332
- C:\Windows\System\vdgxvdQ.exe
  C:\Windows\System\vdgxvdQ.exe
  2⤵
  PID:2868
- C:\Windows\System\nzBtsTp.exe
  C:\Windows\System\nzBtsTp.exe
  2⤵
  PID:2748
- C:\Windows\System\RrMSNkr.exe
  C:\Windows\System\RrMSNkr.exe
  2⤵
  PID:2732
- C:\Windows\System\BEqiyse.exe
  C:\Windows\System\BEqiyse.exe
  2⤵
  PID:1004
- C:\Windows\System\rPwKXwo.exe
  C:\Windows\System\rPwKXwo.exe
  2⤵
  PID:2180
- C:\Windows\System\HpfURIP.exe
  C:\Windows\System\HpfURIP.exe
  2⤵
  PID:3100
- C:\Windows\System\XhtZEOc.exe
  C:\Windows\System\XhtZEOc.exe
  2⤵
  PID:3196
- C:\Windows\System\yrydTjU.exe
  C:\Windows\System\yrydTjU.exe
  2⤵
  PID:3260
- C:\Windows\System\DeuYTOf.exe
  C:\Windows\System\DeuYTOf.exe
  2⤵
  PID:3244
- C:\Windows\System\mcvIxrL.exe
  C:\Windows\System\mcvIxrL.exe
  2⤵
  PID:3304
- C:\Windows\System\ZfMQaZj.exe
  C:\Windows\System\ZfMQaZj.exe
  2⤵
  PID:3396
- C:\Windows\System\UuUJrqy.exe
  C:\Windows\System\UuUJrqy.exe
  2⤵
  PID:3440
- C:\Windows\System\zMMEFmQ.exe
  C:\Windows\System\zMMEFmQ.exe
  2⤵
  PID:3556
- C:\Windows\System\KEtfTJk.exe
  C:\Windows\System\KEtfTJk.exe
  2⤵
  PID:3528
- C:\Windows\System\VmwLfLq.exe
  C:\Windows\System\VmwLfLq.exe
  2⤵
  PID:3532
- C:\Windows\System\OblRVKP.exe
  C:\Windows\System\OblRVKP.exe
  2⤵
  PID:3656
- C:\Windows\System\lvhekqH.exe
  C:\Windows\System\lvhekqH.exe
  2⤵
  PID:3784
- C:\Windows\System\lCfMTFq.exe
  C:\Windows\System\lCfMTFq.exe
  2⤵
  PID:3816
- C:\Windows\System\qWSwspl.exe
  C:\Windows\System\qWSwspl.exe
  2⤵
  PID:3916
- C:\Windows\System\CgqUCEc.exe
  C:\Windows\System\CgqUCEc.exe
  2⤵
  PID:3944
- C:\Windows\System\oXOpoxL.exe
  C:\Windows\System\oXOpoxL.exe
  2⤵
  PID:3980
- C:\Windows\System\VctFHwd.exe
  C:\Windows\System\VctFHwd.exe
  2⤵
  PID:4076
- C:\Windows\System\kWbUmVJ.exe
  C:\Windows\System\kWbUmVJ.exe
  2⤵
  PID:1524
- C:\Windows\System\VQZtiTQ.exe
  C:\Windows\System\VQZtiTQ.exe
  2⤵
  PID:4108
- C:\Windows\System\MNHxDEr.exe
  C:\Windows\System\MNHxDEr.exe
  2⤵
  PID:4132
- C:\Windows\System\PlJvpVa.exe
  C:\Windows\System\PlJvpVa.exe
  2⤵
  PID:4152
- C:\Windows\System\OiuXdTe.exe
  C:\Windows\System\OiuXdTe.exe
  2⤵
  PID:4172
- C:\Windows\System\PWMYvwc.exe
  C:\Windows\System\PWMYvwc.exe
  2⤵
  PID:4188
- C:\Windows\System\fdtUDTF.exe
  C:\Windows\System\fdtUDTF.exe
  2⤵
  PID:4212
- C:\Windows\System\CLFCuMV.exe
  C:\Windows\System\CLFCuMV.exe
  2⤵
  PID:4228
- C:\Windows\System\SNkBdNJ.exe
  C:\Windows\System\SNkBdNJ.exe
  2⤵
  PID:4260
- C:\Windows\System\kxmGATO.exe
  C:\Windows\System\kxmGATO.exe
  2⤵
  PID:4280
- C:\Windows\System\tPKjTDg.exe
  C:\Windows\System\tPKjTDg.exe
  2⤵
  PID:4300
- C:\Windows\System\CmiwobD.exe
  C:\Windows\System\CmiwobD.exe
  2⤵
  PID:4320
- C:\Windows\System\WCTpBUP.exe
  C:\Windows\System\WCTpBUP.exe
  2⤵
  PID:4340
- C:\Windows\System\RMYKoQX.exe
  C:\Windows\System\RMYKoQX.exe
  2⤵
  PID:4360
- C:\Windows\System\xpNCkKw.exe
  C:\Windows\System\xpNCkKw.exe
  2⤵
  PID:4380
- C:\Windows\System\MocInOF.exe
  C:\Windows\System\MocInOF.exe
  2⤵
  PID:4400
- C:\Windows\System\JrCURhg.exe
  C:\Windows\System\JrCURhg.exe
  2⤵
  PID:4420
- C:\Windows\System\UlmGaKW.exe
  C:\Windows\System\UlmGaKW.exe
  2⤵
  PID:4440
- C:\Windows\System\ObQJOPL.exe
  C:\Windows\System\ObQJOPL.exe
  2⤵
  PID:4460
- C:\Windows\System\AAXZAvb.exe
  C:\Windows\System\AAXZAvb.exe
  2⤵
  PID:4480
- C:\Windows\System\qyTXkyl.exe
  C:\Windows\System\qyTXkyl.exe
  2⤵
  PID:4500
- C:\Windows\System\AUylivc.exe
  C:\Windows\System\AUylivc.exe
  2⤵
  PID:4524
- C:\Windows\System\pMuVfhw.exe
  C:\Windows\System\pMuVfhw.exe
  2⤵
  PID:4544
- C:\Windows\System\xPuTSSn.exe
  C:\Windows\System\xPuTSSn.exe
  2⤵
  PID:4564
- C:\Windows\System\eMvUqqH.exe
  C:\Windows\System\eMvUqqH.exe
  2⤵
  PID:4584
- C:\Windows\System\uMGGjwo.exe
  C:\Windows\System\uMGGjwo.exe
  2⤵
  PID:4604
- C:\Windows\System\qMewfjE.exe
  C:\Windows\System\qMewfjE.exe
  2⤵
  PID:4624
- C:\Windows\System\xxafVBt.exe
  C:\Windows\System\xxafVBt.exe
  2⤵
  PID:4644
- C:\Windows\System\LWyGbdY.exe
  C:\Windows\System\LWyGbdY.exe
  2⤵
  PID:4664
- C:\Windows\System\PFNMdPI.exe
  C:\Windows\System\PFNMdPI.exe
  2⤵
  PID:4684
- C:\Windows\System\nIWHyRs.exe
  C:\Windows\System\nIWHyRs.exe
  2⤵
  PID:4704
- C:\Windows\System\kdPsbnH.exe
  C:\Windows\System\kdPsbnH.exe
  2⤵
  PID:4724
- C:\Windows\System\dmAuNVe.exe
  C:\Windows\System\dmAuNVe.exe
  2⤵
  PID:4744
- C:\Windows\System\eOBIzLX.exe
  C:\Windows\System\eOBIzLX.exe
  2⤵
  PID:4764
- C:\Windows\System\JliWFov.exe
  C:\Windows\System\JliWFov.exe
  2⤵
  PID:4784
- C:\Windows\System\JOOIXkG.exe
  C:\Windows\System\JOOIXkG.exe
  2⤵
  PID:4804
- C:\Windows\System\gmkacrV.exe
  C:\Windows\System\gmkacrV.exe
  2⤵
  PID:4824
- C:\Windows\System\bvkwgQq.exe
  C:\Windows\System\bvkwgQq.exe
  2⤵
  PID:4844
- C:\Windows\System\KqPNryD.exe
  C:\Windows\System\KqPNryD.exe
  2⤵
  PID:4864
- C:\Windows\System\raEPwlM.exe
  C:\Windows\System\raEPwlM.exe
  2⤵
  PID:4884
- C:\Windows\System\AOoHLvu.exe
  C:\Windows\System\AOoHLvu.exe
  2⤵
  PID:4908
- C:\Windows\System\RXhlvpU.exe
  C:\Windows\System\RXhlvpU.exe
  2⤵
  PID:4924
- C:\Windows\System\ewvTFnm.exe
  C:\Windows\System\ewvTFnm.exe
  2⤵
  PID:4940
- C:\Windows\System\ANpvhcw.exe
  C:\Windows\System\ANpvhcw.exe
  2⤵
  PID:4960
- C:\Windows\System\hyUSzuI.exe
  C:\Windows\System\hyUSzuI.exe
  2⤵
  PID:4980
- C:\Windows\System\ysYNHpV.exe
  C:\Windows\System\ysYNHpV.exe
  2⤵
  PID:4996
- C:\Windows\System\feZjdmQ.exe
  C:\Windows\System\feZjdmQ.exe
  2⤵
  PID:5032
- C:\Windows\System\hQZHRPT.exe
  C:\Windows\System\hQZHRPT.exe
  2⤵
  PID:5052
- C:\Windows\System\fEEZmRH.exe
  C:\Windows\System\fEEZmRH.exe
  2⤵
  PID:5072
- C:\Windows\System\WlIugry.exe
  C:\Windows\System\WlIugry.exe
  2⤵
  PID:5092
- C:\Windows\System\EUVgvTH.exe
  C:\Windows\System\EUVgvTH.exe
  2⤵
  PID:5112
- C:\Windows\System\bSmjKEf.exe
  C:\Windows\System\bSmjKEf.exe
  2⤵
  PID:332
- C:\Windows\System\tWzdURt.exe
  C:\Windows\System\tWzdURt.exe
  2⤵
  PID:2784
- C:\Windows\System\GskURUq.exe
  C:\Windows\System\GskURUq.exe
  2⤵
  PID:3136
- C:\Windows\System\rEJlHBp.exe
  C:\Windows\System\rEJlHBp.exe
  2⤵
  PID:2944
- C:\Windows\System\RlliXAc.exe
  C:\Windows\System\RlliXAc.exe
  2⤵
  PID:3080
- C:\Windows\System\KwwWRdO.exe
  C:\Windows\System\KwwWRdO.exe
  2⤵
  PID:3176
- C:\Windows\System\XVvoXFu.exe
  C:\Windows\System\XVvoXFu.exe
  2⤵
  PID:3280
- C:\Windows\System\cxTmbMy.exe
  C:\Windows\System\cxTmbMy.exe
  2⤵
  PID:3488
- C:\Windows\System\iTGTxvO.exe
  C:\Windows\System\iTGTxvO.exe
  2⤵
  PID:3712
- C:\Windows\System\AxbCoBH.exe
  C:\Windows\System\AxbCoBH.exe
  2⤵
  PID:3876
- C:\Windows\System\QSPbdYf.exe
  C:\Windows\System\QSPbdYf.exe
  2⤵
  PID:3612
- C:\Windows\System\WuIMYdY.exe
  C:\Windows\System\WuIMYdY.exe
  2⤵
  PID:3804
- C:\Windows\System\GSwgCvM.exe
  C:\Windows\System\GSwgCvM.exe
  2⤵
  PID:3880
- C:\Windows\System\aHbRiNL.exe
  C:\Windows\System\aHbRiNL.exe
  2⤵
  PID:4024
- C:\Windows\System\LqcAVZf.exe
  C:\Windows\System\LqcAVZf.exe
  2⤵
  PID:4116
- C:\Windows\System\ecucZNk.exe
  C:\Windows\System\ecucZNk.exe
  2⤵
  PID:4164
- C:\Windows\System\RHRMsnY.exe
  C:\Windows\System\RHRMsnY.exe
  2⤵
  PID:4148
- C:\Windows\System\hbEJXYf.exe
  C:\Windows\System\hbEJXYf.exe
  2⤵
  PID:4236
- C:\Windows\System\dkbWlxD.exe
  C:\Windows\System\dkbWlxD.exe
  2⤵
  PID:4224
- C:\Windows\System\lSbzgNo.exe
  C:\Windows\System\lSbzgNo.exe
  2⤵
  PID:4288
- C:\Windows\System\suTCSFf.exe
  C:\Windows\System\suTCSFf.exe
  2⤵
  PID:4312
- C:\Windows\System\jcoPFgy.exe
  C:\Windows\System\jcoPFgy.exe
  2⤵
  PID:4348
- C:\Windows\System\VzLdzgZ.exe
  C:\Windows\System\VzLdzgZ.exe
  2⤵
  PID:4408
- C:\Windows\System\roiYvNT.exe
  C:\Windows\System\roiYvNT.exe
  2⤵
  PID:4452
- C:\Windows\System\NvKmtlA.exe
  C:\Windows\System\NvKmtlA.exe
  2⤵
  PID:4540
- C:\Windows\System\rXavtcw.exe
  C:\Windows\System\rXavtcw.exe
  2⤵
  PID:4392
- C:\Windows\System\mpMtFSJ.exe
  C:\Windows\System\mpMtFSJ.exe
  2⤵
  PID:4432
- C:\Windows\System\emlOMzY.exe
  C:\Windows\System\emlOMzY.exe
  2⤵
  PID:4508
- C:\Windows\System\wWzWiEr.exe
  C:\Windows\System\wWzWiEr.exe
  2⤵
  PID:4592
- C:\Windows\System\QgJMGMN.exe
  C:\Windows\System\QgJMGMN.exe
  2⤵
  PID:4596
- C:\Windows\System\CWDhlUs.exe
  C:\Windows\System\CWDhlUs.exe
  2⤵
  PID:4640
- C:\Windows\System\HJlhnxO.exe
  C:\Windows\System\HJlhnxO.exe
  2⤵
  PID:4780
- C:\Windows\System\SDdOCWA.exe
  C:\Windows\System\SDdOCWA.exe
  2⤵
  PID:4680
- C:\Windows\System\BtXgNfN.exe
  C:\Windows\System\BtXgNfN.exe
  2⤵
  PID:4820
- C:\Windows\System\IhLgmEl.exe
  C:\Windows\System\IhLgmEl.exe
  2⤵
  PID:4800
- C:\Windows\System\rkAKZws.exe
  C:\Windows\System\rkAKZws.exe
  2⤵
  PID:4832
- C:\Windows\System\TYFbfja.exe
  C:\Windows\System\TYFbfja.exe
  2⤵
  PID:4872
- C:\Windows\System\fnGIdaK.exe
  C:\Windows\System\fnGIdaK.exe
  2⤵
  PID:4976
- C:\Windows\System\pWcRIom.exe
  C:\Windows\System\pWcRIom.exe
  2⤵
  PID:4988
- C:\Windows\System\fVRbwYo.exe
  C:\Windows\System\fVRbwYo.exe
  2⤵
  PID:5004
- C:\Windows\System\NNehvgb.exe
  C:\Windows\System\NNehvgb.exe
  2⤵
  PID:5028
- C:\Windows\System\BreTljW.exe
  C:\Windows\System\BreTljW.exe
  2⤵
  PID:5060
- C:\Windows\System\hfZcYBL.exe
  C:\Windows\System\hfZcYBL.exe
  2⤵
  PID:5100
- C:\Windows\System\OpvUQoS.exe
  C:\Windows\System\OpvUQoS.exe
  2⤵
  PID:2032
- C:\Windows\System\eCMGwOH.exe
  C:\Windows\System\eCMGwOH.exe
  2⤵
  PID:2412
- C:\Windows\System\BRNeMRs.exe
  C:\Windows\System\BRNeMRs.exe
  2⤵
  PID:3220
- C:\Windows\System\oajpkQS.exe
  C:\Windows\System\oajpkQS.exe
  2⤵
  PID:3752
- C:\Windows\System\CsXuLGX.exe
  C:\Windows\System\CsXuLGX.exe
  2⤵
  PID:1532
- C:\Windows\System\sZFrvVo.exe
  C:\Windows\System\sZFrvVo.exe
  2⤵
  PID:3364
- C:\Windows\System\CnzvGyN.exe
  C:\Windows\System\CnzvGyN.exe
  2⤵
  PID:3696
- C:\Windows\System\qQHylMK.exe
  C:\Windows\System\qQHylMK.exe
  2⤵
  PID:3776
- C:\Windows\System\ocGtoEZ.exe
  C:\Windows\System\ocGtoEZ.exe
  2⤵
  PID:4016
- C:\Windows\System\krdAQHm.exe
  C:\Windows\System\krdAQHm.exe
  2⤵
  PID:4220
- C:\Windows\System\GGzSfbZ.exe
  C:\Windows\System\GGzSfbZ.exe
  2⤵
  PID:4276
- C:\Windows\System\AEsRmjq.exe
  C:\Windows\System\AEsRmjq.exe
  2⤵
  PID:4104
- C:\Windows\System\WfcKRFn.exe
  C:\Windows\System\WfcKRFn.exe
  2⤵
  PID:4256
- C:\Windows\System\mfXtpif.exe
  C:\Windows\System\mfXtpif.exe
  2⤵
  PID:4308
- C:\Windows\System\ftnrRhG.exe
  C:\Windows\System\ftnrRhG.exe
  2⤵
  PID:4448
- C:\Windows\System\XximuVP.exe
  C:\Windows\System\XximuVP.exe
  2⤵
  PID:4572
- C:\Windows\System\NYVFzFA.exe
  C:\Windows\System\NYVFzFA.exe
  2⤵
  PID:4600
- C:\Windows\System\MBJBHZq.exe
  C:\Windows\System\MBJBHZq.exe
  2⤵
  PID:4576
- C:\Windows\System\UTIgBoq.exe
  C:\Windows\System\UTIgBoq.exe
  2⤵
  PID:4732
- C:\Windows\System\AzUIZEs.exe
  C:\Windows\System\AzUIZEs.exe
  2⤵
  PID:4660
- C:\Windows\System\lGtlIfC.exe
  C:\Windows\System\lGtlIfC.exe
  2⤵
  PID:4716
- C:\Windows\System\JTEaPdp.exe
  C:\Windows\System\JTEaPdp.exe
  2⤵
  PID:4852
- C:\Windows\System\CHUNxjH.exe
  C:\Windows\System\CHUNxjH.exe
  2⤵
  PID:4856
- C:\Windows\System\Pjluxtk.exe
  C:\Windows\System\Pjluxtk.exe
  2⤵
  PID:4876
- C:\Windows\System\pwTxgCr.exe
  C:\Windows\System\pwTxgCr.exe
  2⤵
  PID:5012
- C:\Windows\System\nOyUlSq.exe
  C:\Windows\System\nOyUlSq.exe
  2⤵
  PID:5040
- C:\Windows\System\KHRCoXo.exe
  C:\Windows\System\KHRCoXo.exe
  2⤵
  PID:5104
- C:\Windows\System\NvfLImG.exe
  C:\Windows\System\NvfLImG.exe
  2⤵
  PID:2712
- C:\Windows\System\zVLEvwm.exe
  C:\Windows\System\zVLEvwm.exe
  2⤵
  PID:5140
- C:\Windows\System\przOeyN.exe
  C:\Windows\System\przOeyN.exe
  2⤵
  PID:5160
- C:\Windows\System\fTOwUne.exe
  C:\Windows\System\fTOwUne.exe
  2⤵
  PID:5180
- C:\Windows\System\lwKzZIG.exe
  C:\Windows\System\lwKzZIG.exe
  2⤵
  PID:5200
- C:\Windows\System\dwwQPPK.exe
  C:\Windows\System\dwwQPPK.exe
  2⤵
  PID:5220
- C:\Windows\System\uFdSOGQ.exe
  C:\Windows\System\uFdSOGQ.exe
  2⤵
  PID:5240
- C:\Windows\System\dRHDDdq.exe
  C:\Windows\System\dRHDDdq.exe
  2⤵
  PID:5264
- C:\Windows\System\SgRAYtS.exe
  C:\Windows\System\SgRAYtS.exe
  2⤵
  PID:5284
- C:\Windows\System\sjSRwJH.exe
  C:\Windows\System\sjSRwJH.exe
  2⤵
  PID:5304
- C:\Windows\System\dMrxSLj.exe
  C:\Windows\System\dMrxSLj.exe
  2⤵
  PID:5324
- C:\Windows\System\DEFitzW.exe
  C:\Windows\System\DEFitzW.exe
  2⤵
  PID:5344
- C:\Windows\System\CvibVRJ.exe
  C:\Windows\System\CvibVRJ.exe
  2⤵
  PID:5364
- C:\Windows\System\VrjrgEd.exe
  C:\Windows\System\VrjrgEd.exe
  2⤵
  PID:5384
- C:\Windows\System\tHCFLBl.exe
  C:\Windows\System\tHCFLBl.exe
  2⤵
  PID:5404
- C:\Windows\System\FNGEydY.exe
  C:\Windows\System\FNGEydY.exe
  2⤵
  PID:5424
- C:\Windows\System\PHzNcyB.exe
  C:\Windows\System\PHzNcyB.exe
  2⤵
  PID:5444
- C:\Windows\System\PaXeiPm.exe
  C:\Windows\System\PaXeiPm.exe
  2⤵
  PID:5464
- C:\Windows\System\KsxDFfW.exe
  C:\Windows\System\KsxDFfW.exe
  2⤵
  PID:5484
- C:\Windows\System\uAwBYeu.exe
  C:\Windows\System\uAwBYeu.exe
  2⤵
  PID:5504
- C:\Windows\System\HHVsNkS.exe
  C:\Windows\System\HHVsNkS.exe
  2⤵
  PID:5524
- C:\Windows\System\RCEBPJJ.exe
  C:\Windows\System\RCEBPJJ.exe
  2⤵
  PID:5544
- C:\Windows\System\MVbXWiL.exe
  C:\Windows\System\MVbXWiL.exe
  2⤵
  PID:5564
- C:\Windows\System\uyllAmV.exe
  C:\Windows\System\uyllAmV.exe
  2⤵
  PID:5584
- C:\Windows\System\QFjlgkC.exe
  C:\Windows\System\QFjlgkC.exe
  2⤵
  PID:5604
- C:\Windows\System\zPbYKXI.exe
  C:\Windows\System\zPbYKXI.exe
  2⤵
  PID:5624
- C:\Windows\System\MuazhCW.exe
  C:\Windows\System\MuazhCW.exe
  2⤵
  PID:5644
- C:\Windows\System\cCyoqNu.exe
  C:\Windows\System\cCyoqNu.exe
  2⤵
  PID:5664
- C:\Windows\System\bSbBBRU.exe
  C:\Windows\System\bSbBBRU.exe
  2⤵
  PID:5684
- C:\Windows\System\cYcySJE.exe
  C:\Windows\System\cYcySJE.exe
  2⤵
  PID:5704
- C:\Windows\System\EmQpNfo.exe
  C:\Windows\System\EmQpNfo.exe
  2⤵
  PID:5724
- C:\Windows\System\fSGiyho.exe
  C:\Windows\System\fSGiyho.exe
  2⤵
  PID:5744
- C:\Windows\System\qQaTJNI.exe
  C:\Windows\System\qQaTJNI.exe
  2⤵
  PID:5764
- C:\Windows\System\oHJUjUO.exe
  C:\Windows\System\oHJUjUO.exe
  2⤵
  PID:5784
- C:\Windows\System\GshQQjN.exe
  C:\Windows\System\GshQQjN.exe
  2⤵
  PID:5804
- C:\Windows\System\BTZDHPR.exe
  C:\Windows\System\BTZDHPR.exe
  2⤵
  PID:5824
- C:\Windows\System\iOyRNWQ.exe
  C:\Windows\System\iOyRNWQ.exe
  2⤵
  PID:5844
- C:\Windows\System\yALiRkk.exe
  C:\Windows\System\yALiRkk.exe
  2⤵
  PID:5864
- C:\Windows\System\svVvPUB.exe
  C:\Windows\System\svVvPUB.exe
  2⤵
  PID:5884
- C:\Windows\System\tOaIkwJ.exe
  C:\Windows\System\tOaIkwJ.exe
  2⤵
  PID:5904
- C:\Windows\System\IVQrxCC.exe
  C:\Windows\System\IVQrxCC.exe
  2⤵
  PID:5924
- C:\Windows\System\YVWAbsd.exe
  C:\Windows\System\YVWAbsd.exe
  2⤵
  PID:5944
- C:\Windows\System\IwuiwYv.exe
  C:\Windows\System\IwuiwYv.exe
  2⤵
  PID:5964
- C:\Windows\System\qfKVoZG.exe
  C:\Windows\System\qfKVoZG.exe
  2⤵
  PID:5984
- C:\Windows\System\ZSjpsbJ.exe
  C:\Windows\System\ZSjpsbJ.exe
  2⤵
  PID:6004
- C:\Windows\System\egrQUAH.exe
  C:\Windows\System\egrQUAH.exe
  2⤵
  PID:6024
- C:\Windows\System\tEmACFT.exe
  C:\Windows\System\tEmACFT.exe
  2⤵
  PID:6044
- C:\Windows\System\bjLMRFH.exe
  C:\Windows\System\bjLMRFH.exe
  2⤵
  PID:6064
- C:\Windows\System\OoBdfhE.exe
  C:\Windows\System\OoBdfhE.exe
  2⤵
  PID:6084
- C:\Windows\System\wolQKiP.exe
  C:\Windows\System\wolQKiP.exe
  2⤵
  PID:6104
- C:\Windows\System\ivLmqJH.exe
  C:\Windows\System\ivLmqJH.exe
  2⤵
  PID:6124
- C:\Windows\System\HLEjvZE.exe
  C:\Windows\System\HLEjvZE.exe
  2⤵
  PID:3296
- C:\Windows\System\QnxRWML.exe
  C:\Windows\System\QnxRWML.exe
  2⤵
  PID:3404
- C:\Windows\System\tCzXkCB.exe
  C:\Windows\System\tCzXkCB.exe
  2⤵
  PID:1936
- C:\Windows\System\ZzZoHOI.exe
  C:\Windows\System\ZzZoHOI.exe
  2⤵
  PID:3820
- C:\Windows\System\nowcKuG.exe
  C:\Windows\System\nowcKuG.exe
  2⤵
  PID:4100
- C:\Windows\System\zjgVtHj.exe
  C:\Windows\System\zjgVtHj.exe
  2⤵
  PID:4268
- C:\Windows\System\WdNNHOj.exe
  C:\Windows\System\WdNNHOj.exe
  2⤵
  PID:4252
- C:\Windows\System\EkEZITH.exe
  C:\Windows\System\EkEZITH.exe
  2⤵
  PID:4316
- C:\Windows\System\IQAmxtS.exe
  C:\Windows\System\IQAmxtS.exe
  2⤵
  PID:4476
- C:\Windows\System\QrSTmRd.exe
  C:\Windows\System\QrSTmRd.exe
  2⤵
  PID:4436
- C:\Windows\System\gzhldbG.exe
  C:\Windows\System\gzhldbG.exe
  2⤵
  PID:4696
- C:\Windows\System\wZrjYYE.exe
  C:\Windows\System\wZrjYYE.exe
  2⤵
  PID:4760
- C:\Windows\System\WDDmKHp.exe
  C:\Windows\System\WDDmKHp.exe
  2⤵
  PID:4836
- C:\Windows\System\goOaoDr.exe
  C:\Windows\System\goOaoDr.exe
  2⤵
  PID:4920
- C:\Windows\System\VqXcYEm.exe
  C:\Windows\System\VqXcYEm.exe
  2⤵
  PID:5068
- C:\Windows\System\ZKQtzve.exe
  C:\Windows\System\ZKQtzve.exe
  2⤵
  PID:5136
- C:\Windows\System\sRkvXpx.exe
  C:\Windows\System\sRkvXpx.exe
  2⤵
  PID:5156
- C:\Windows\System\TsxSWzu.exe
  C:\Windows\System\TsxSWzu.exe
  2⤵
  PID:5188
- C:\Windows\System\yVvXzVk.exe
  C:\Windows\System\yVvXzVk.exe
  2⤵
  PID:5212
- C:\Windows\System\qVeaUAo.exe
  C:\Windows\System\qVeaUAo.exe
  2⤵
  PID:5232
- C:\Windows\System\GYUZDbB.exe
  C:\Windows\System\GYUZDbB.exe
  2⤵
  PID:5280
- C:\Windows\System\zMdTzti.exe
  C:\Windows\System\zMdTzti.exe
  2⤵
  PID:5332
- C:\Windows\System\BsqcQEV.exe
  C:\Windows\System\BsqcQEV.exe
  2⤵
  PID:5372
- C:\Windows\System\iIjGMku.exe
  C:\Windows\System\iIjGMku.exe
  2⤵
  PID:5392
- C:\Windows\System\iHBsOrV.exe
  C:\Windows\System\iHBsOrV.exe
  2⤵
  PID:5416
- C:\Windows\System\zwbGWEx.exe
  C:\Windows\System\zwbGWEx.exe
  2⤵
  PID:5460
- C:\Windows\System\HvqSAJp.exe
  C:\Windows\System\HvqSAJp.exe
  2⤵
  PID:5492
- C:\Windows\System\hRGCqwF.exe
  C:\Windows\System\hRGCqwF.exe
  2⤵
  PID:5540
- C:\Windows\System\qGQuhly.exe
  C:\Windows\System\qGQuhly.exe
  2⤵
  PID:5560
- C:\Windows\System\vzyZqQu.exe
  C:\Windows\System\vzyZqQu.exe
  2⤵
  PID:5592
- C:\Windows\System\wFcnqnH.exe
  C:\Windows\System\wFcnqnH.exe
  2⤵
  PID:5616
- C:\Windows\System\RcPtprU.exe
  C:\Windows\System\RcPtprU.exe
  2⤵
  PID:5660
- C:\Windows\System\KTFwkck.exe
  C:\Windows\System\KTFwkck.exe
  2⤵
  PID:5680
- C:\Windows\System\DBSoyJe.exe
  C:\Windows\System\DBSoyJe.exe
  2⤵
  PID:5716
- C:\Windows\System\Bcateci.exe
  C:\Windows\System\Bcateci.exe
  2⤵
  PID:5760
- C:\Windows\System\IqnBxHS.exe
  C:\Windows\System\IqnBxHS.exe
  2⤵
  PID:5792
- C:\Windows\System\IytxrUL.exe
  C:\Windows\System\IytxrUL.exe
  2⤵
  PID:5816
- C:\Windows\System\JryFiBl.exe
  C:\Windows\System\JryFiBl.exe
  2⤵
  PID:5860
- C:\Windows\System\ILWlZUt.exe
  C:\Windows\System\ILWlZUt.exe
  2⤵
  PID:5876
- C:\Windows\System\NApsvfY.exe
  C:\Windows\System\NApsvfY.exe
  2⤵
  PID:5932
- C:\Windows\System\qWXtOYX.exe
  C:\Windows\System\qWXtOYX.exe
  2⤵
  PID:5972
- C:\Windows\System\mhRgMFK.exe
  C:\Windows\System\mhRgMFK.exe
  2⤵
  PID:1976
- C:\Windows\System\SzurTzp.exe
  C:\Windows\System\SzurTzp.exe
  2⤵
  PID:6000
- C:\Windows\System\aOMVtKB.exe
  C:\Windows\System\aOMVtKB.exe
  2⤵
  PID:6052
- C:\Windows\System\fbOaQTo.exe
  C:\Windows\System\fbOaQTo.exe
  2⤵
  PID:6080
- C:\Windows\System\sUKymkn.exe
  C:\Windows\System\sUKymkn.exe
  2⤵
  PID:6132
- C:\Windows\System\wmJYfrT.exe
  C:\Windows\System\wmJYfrT.exe
  2⤵
  PID:6136
- C:\Windows\System\JvvHZkb.exe
  C:\Windows\System\JvvHZkb.exe
  2⤵
  PID:3420
- C:\Windows\System\HaPjoYd.exe
  C:\Windows\System\HaPjoYd.exe
  2⤵
  PID:3640
- C:\Windows\System\XOTNwqM.exe
  C:\Windows\System\XOTNwqM.exe
  2⤵
  PID:4272
- C:\Windows\System\ETNozCH.exe
  C:\Windows\System\ETNozCH.exe
  2⤵
  PID:4200
- C:\Windows\System\qiOSIiN.exe
  C:\Windows\System\qiOSIiN.exe
  2⤵
  PID:4472
- C:\Windows\System\FAjcuiN.exe
  C:\Windows\System\FAjcuiN.exe
  2⤵
  PID:4512
- C:\Windows\System\iTnlFBS.exe
  C:\Windows\System\iTnlFBS.exe
  2⤵
  PID:4712
- C:\Windows\System\NuMhIIr.exe
  C:\Windows\System\NuMhIIr.exe
  2⤵
  PID:4936
- C:\Windows\System\yWSFgzu.exe
  C:\Windows\System\yWSFgzu.exe
  2⤵
  PID:824
- C:\Windows\System\sCijFRv.exe
  C:\Windows\System\sCijFRv.exe
  2⤵
  PID:5172
- C:\Windows\System\QpoboKj.exe
  C:\Windows\System\QpoboKj.exe
  2⤵
  PID:5248
- C:\Windows\System\rLQUMWm.exe
  C:\Windows\System\rLQUMWm.exe
  2⤵
  PID:5292
- C:\Windows\System\ZfoWquC.exe
  C:\Windows\System\ZfoWquC.exe
  2⤵
  PID:5320
- C:\Windows\System\YBTvxHs.exe
  C:\Windows\System\YBTvxHs.exe
  2⤵
  PID:5420
- C:\Windows\System\IHZRFIT.exe
  C:\Windows\System\IHZRFIT.exe
  2⤵
  PID:5472
- C:\Windows\System\ihSMNWZ.exe
  C:\Windows\System\ihSMNWZ.exe
  2⤵
  PID:5532
- C:\Windows\System\XWeYFJA.exe
  C:\Windows\System\XWeYFJA.exe
  2⤵
  PID:5572
- C:\Windows\System\kAcLgXK.exe
  C:\Windows\System\kAcLgXK.exe
  2⤵
  PID:5612
- C:\Windows\System\MmcToOW.exe
  C:\Windows\System\MmcToOW.exe
  2⤵
  PID:5700
- C:\Windows\System\eiMYVTL.exe
  C:\Windows\System\eiMYVTL.exe
  2⤵
  PID:5712
- C:\Windows\System\PGyqgfB.exe
  C:\Windows\System\PGyqgfB.exe
  2⤵
  PID:5800
- C:\Windows\System\zKUXUzO.exe
  C:\Windows\System\zKUXUzO.exe
  2⤵
  PID:5840
- C:\Windows\System\FnCrpaK.exe
  C:\Windows\System\FnCrpaK.exe
  2⤵
  PID:5880
- C:\Windows\System\GGqnIgT.exe
  C:\Windows\System\GGqnIgT.exe
  2⤵
  PID:636
- C:\Windows\System\iHzkrfh.exe
  C:\Windows\System\iHzkrfh.exe
  2⤵
  PID:5956
- C:\Windows\System\EEriZZB.exe
  C:\Windows\System\EEriZZB.exe
  2⤵
  PID:6036
- C:\Windows\System\lsoRxYc.exe
  C:\Windows\System\lsoRxYc.exe
  2⤵
  PID:6076
- C:\Windows\System\haVeCpF.exe
  C:\Windows\System\haVeCpF.exe
  2⤵
  PID:6120
- C:\Windows\System\BFJdZEk.exe
  C:\Windows\System\BFJdZEk.exe
  2⤵
  PID:3636
- C:\Windows\System\mhiDdzA.exe
  C:\Windows\System\mhiDdzA.exe
  2⤵
  PID:4412
- C:\Windows\System\BQLhxGs.exe
  C:\Windows\System\BQLhxGs.exe
  2⤵
  PID:4736
- C:\Windows\System\MEwLQvk.exe
  C:\Windows\System\MEwLQvk.exe
  2⤵
  PID:5016
- C:\Windows\System\PICIIIS.exe
  C:\Windows\System\PICIIIS.exe
  2⤵
  PID:6160
- C:\Windows\System\zWxxeBV.exe
  C:\Windows\System\zWxxeBV.exe
  2⤵
  PID:6180
- C:\Windows\System\gwgeZBK.exe
  C:\Windows\System\gwgeZBK.exe
  2⤵
  PID:6200
- C:\Windows\System\ZuJfpZz.exe
  C:\Windows\System\ZuJfpZz.exe
  2⤵
  PID:6220
- C:\Windows\System\teUIDWm.exe
  C:\Windows\System\teUIDWm.exe
  2⤵
  PID:6240
- C:\Windows\System\YkWUPxS.exe
  C:\Windows\System\YkWUPxS.exe
  2⤵
  PID:6260
- C:\Windows\System\iEwHITX.exe
  C:\Windows\System\iEwHITX.exe
  2⤵
  PID:6280
- C:\Windows\System\WSHiKqq.exe
  C:\Windows\System\WSHiKqq.exe
  2⤵
  PID:6300
- C:\Windows\System\poHDOmF.exe
  C:\Windows\System\poHDOmF.exe
  2⤵
  PID:6320
- C:\Windows\System\GejarMl.exe
  C:\Windows\System\GejarMl.exe
  2⤵
  PID:6340
- C:\Windows\System\EpsylWA.exe
  C:\Windows\System\EpsylWA.exe
  2⤵
  PID:6360
- C:\Windows\System\eqkqoTb.exe
  C:\Windows\System\eqkqoTb.exe
  2⤵
  PID:6380
- C:\Windows\System\RwWtiiP.exe
  C:\Windows\System\RwWtiiP.exe
  2⤵
  PID:6400
- C:\Windows\System\ylGLBcS.exe
  C:\Windows\System\ylGLBcS.exe
  2⤵
  PID:6420
- C:\Windows\System\BmrZTBk.exe
  C:\Windows\System\BmrZTBk.exe
  2⤵
  PID:6440
- C:\Windows\System\YViavnn.exe
  C:\Windows\System\YViavnn.exe
  2⤵
  PID:6460
- C:\Windows\System\VfIrNoL.exe
  C:\Windows\System\VfIrNoL.exe
  2⤵
  PID:6480
- C:\Windows\System\UtMevUz.exe
  C:\Windows\System\UtMevUz.exe
  2⤵
  PID:6500
- C:\Windows\System\rJzaQUs.exe
  C:\Windows\System\rJzaQUs.exe
  2⤵
  PID:6520
- C:\Windows\System\XvexBAg.exe
  C:\Windows\System\XvexBAg.exe
  2⤵
  PID:6540
- C:\Windows\System\LDIyoTs.exe
  C:\Windows\System\LDIyoTs.exe
  2⤵
  PID:6560
- C:\Windows\System\Buerxoj.exe
  C:\Windows\System\Buerxoj.exe
  2⤵
  PID:6580
- C:\Windows\System\DUPtkrR.exe
  C:\Windows\System\DUPtkrR.exe
  2⤵
  PID:6600
- C:\Windows\System\rdhITPQ.exe
  C:\Windows\System\rdhITPQ.exe
  2⤵
  PID:6620
- C:\Windows\System\nFoZVdn.exe
  C:\Windows\System\nFoZVdn.exe
  2⤵
  PID:6640
- C:\Windows\System\lObKeEV.exe
  C:\Windows\System\lObKeEV.exe
  2⤵
  PID:6660
- C:\Windows\System\dBTxWoz.exe
  C:\Windows\System\dBTxWoz.exe
  2⤵
  PID:6680
- C:\Windows\System\VwMDbGe.exe
  C:\Windows\System\VwMDbGe.exe
  2⤵
  PID:6700
- C:\Windows\System\vmEkDMs.exe
  C:\Windows\System\vmEkDMs.exe
  2⤵
  PID:6720
- C:\Windows\System\TpbQIUX.exe
  C:\Windows\System\TpbQIUX.exe
  2⤵
  PID:6744
- C:\Windows\System\wMRSSnr.exe
  C:\Windows\System\wMRSSnr.exe
  2⤵
  PID:6764
- C:\Windows\System\sXixpea.exe
  C:\Windows\System\sXixpea.exe
  2⤵
  PID:6784
- C:\Windows\System\CtHeVmf.exe
  C:\Windows\System\CtHeVmf.exe
  2⤵
  PID:6804
- C:\Windows\System\fQTQBOd.exe
  C:\Windows\System\fQTQBOd.exe
  2⤵
  PID:6824
- C:\Windows\System\sbpnYer.exe
  C:\Windows\System\sbpnYer.exe
  2⤵
  PID:6844
- C:\Windows\System\kdOubku.exe
  C:\Windows\System\kdOubku.exe
  2⤵
  PID:6864
- C:\Windows\System\zygvGLJ.exe
  C:\Windows\System\zygvGLJ.exe
  2⤵
  PID:6884
- C:\Windows\System\gmlryon.exe
  C:\Windows\System\gmlryon.exe
  2⤵
  PID:6904
- C:\Windows\System\WgJPlBn.exe
  C:\Windows\System\WgJPlBn.exe
  2⤵
  PID:6924
- C:\Windows\System\KQYXncf.exe
  C:\Windows\System\KQYXncf.exe
  2⤵
  PID:6944
- C:\Windows\System\GnNIkXL.exe
  C:\Windows\System\GnNIkXL.exe
  2⤵
  PID:6964
- C:\Windows\System\DYeNGnZ.exe
  C:\Windows\System\DYeNGnZ.exe
  2⤵
  PID:6984
- C:\Windows\System\vBpDekA.exe
  C:\Windows\System\vBpDekA.exe
  2⤵
  PID:7004
- C:\Windows\System\tSLEnge.exe
  C:\Windows\System\tSLEnge.exe
  2⤵
  PID:7024
- C:\Windows\System\JOjmbiE.exe
  C:\Windows\System\JOjmbiE.exe
  2⤵
  PID:7044
- C:\Windows\System\khgtCwo.exe
  C:\Windows\System\khgtCwo.exe
  2⤵
  PID:7064
- C:\Windows\System\JaHJmtf.exe
  C:\Windows\System\JaHJmtf.exe
  2⤵
  PID:7084
- C:\Windows\System\YwoSJJu.exe
  C:\Windows\System\YwoSJJu.exe
  2⤵
  PID:7104
- C:\Windows\System\algGdLl.exe
  C:\Windows\System\algGdLl.exe
  2⤵
  PID:7124
- C:\Windows\System\vkngEpO.exe
  C:\Windows\System\vkngEpO.exe
  2⤵
  PID:7144
- C:\Windows\System\jzomTvz.exe
  C:\Windows\System\jzomTvz.exe
  2⤵
  PID:7164
- C:\Windows\System\xWLCWya.exe
  C:\Windows\System\xWLCWya.exe
  2⤵
  PID:5084
- C:\Windows\System\MmzZiKQ.exe
  C:\Windows\System\MmzZiKQ.exe
  2⤵
  PID:5192
- C:\Windows\System\uRdYVzw.exe
  C:\Windows\System\uRdYVzw.exe
  2⤵
  PID:5340
- C:\Windows\System\byaBpDG.exe
  C:\Windows\System\byaBpDG.exe
  2⤵
  PID:5376
- C:\Windows\System\tcXDiRN.exe
  C:\Windows\System\tcXDiRN.exe
  2⤵
  PID:5496
- C:\Windows\System\VeQPzwl.exe
  C:\Windows\System\VeQPzwl.exe
  2⤵
  PID:5620
- C:\Windows\System\qfoPtSt.exe
  C:\Windows\System\qfoPtSt.exe
  2⤵
  PID:5640
- C:\Windows\System\RfaJFTS.exe
  C:\Windows\System\RfaJFTS.exe
  2⤵
  PID:5720
- C:\Windows\System\jLDzaZl.exe
  C:\Windows\System\jLDzaZl.exe
  2⤵
  PID:5736
- C:\Windows\System\KWMsokS.exe
  C:\Windows\System\KWMsokS.exe
  2⤵
  PID:5912
- C:\Windows\System\hHdypCf.exe
  C:\Windows\System\hHdypCf.exe
  2⤵
  PID:6012
- C:\Windows\System\YzTQpuK.exe
  C:\Windows\System\YzTQpuK.exe
  2⤵
  PID:2988
- C:\Windows\System\BvdHYFh.exe
  C:\Windows\System\BvdHYFh.exe
  2⤵
  PID:3436
- C:\Windows\System\uFAjorM.exe
  C:\Windows\System\uFAjorM.exe
  2⤵
  PID:4372
- C:\Windows\System\nVoIdBV.exe
  C:\Windows\System\nVoIdBV.exe
  2⤵
  PID:4636
- C:\Windows\System\YSJxuyg.exe
  C:\Windows\System\YSJxuyg.exe
  2⤵
  PID:6152
- C:\Windows\System\pBxvMaz.exe
  C:\Windows\System\pBxvMaz.exe
  2⤵
  PID:6208
- C:\Windows\System\AIbAUWa.exe
  C:\Windows\System\AIbAUWa.exe
  2⤵
  PID:6248
- C:\Windows\System\BOENOGK.exe
  C:\Windows\System\BOENOGK.exe
  2⤵
  PID:6252
- C:\Windows\System\OLBTqlE.exe
  C:\Windows\System\OLBTqlE.exe
  2⤵
  PID:6296
- C:\Windows\System\zJNlGrJ.exe
  C:\Windows\System\zJNlGrJ.exe
  2⤵
  PID:6336
- C:\Windows\System\pGZYclG.exe
  C:\Windows\System\pGZYclG.exe
  2⤵
  PID:6352
- C:\Windows\System\gAsYcmt.exe
  C:\Windows\System\gAsYcmt.exe
  2⤵
  PID:6396
- C:\Windows\System\IcNJqTK.exe
  C:\Windows\System\IcNJqTK.exe
  2⤵
  PID:6428
- C:\Windows\System\bQkZzhJ.exe
  C:\Windows\System\bQkZzhJ.exe
  2⤵
  PID:6452
- C:\Windows\System\hVqSowB.exe
  C:\Windows\System\hVqSowB.exe
  2⤵
  PID:6496
- C:\Windows\System\bdlifnV.exe
  C:\Windows\System\bdlifnV.exe
  2⤵
  PID:6536
- C:\Windows\System\ovmOwaK.exe
  C:\Windows\System\ovmOwaK.exe
  2⤵
  PID:6552
- C:\Windows\System\AOVDzmp.exe
  C:\Windows\System\AOVDzmp.exe
  2⤵
  PID:6596
- C:\Windows\System\XhDJgGz.exe
  C:\Windows\System\XhDJgGz.exe
  2⤵
  PID:6628
- C:\Windows\System\EHadhhH.exe
  C:\Windows\System\EHadhhH.exe
  2⤵
  PID:6656
- C:\Windows\System\mKKOAvl.exe
  C:\Windows\System\mKKOAvl.exe
  2⤵
  PID:6796
- C:\Windows\System\vYVZwZf.exe
  C:\Windows\System\vYVZwZf.exe
  2⤵
  PID:6852
- C:\Windows\System\OKCkqWo.exe
  C:\Windows\System\OKCkqWo.exe
  2⤵
  PID:6872
- C:\Windows\System\eYXucEz.exe
  C:\Windows\System\eYXucEz.exe
  2⤵
  PID:6900
- C:\Windows\System\qNbhpeK.exe
  C:\Windows\System\qNbhpeK.exe
  2⤵
  PID:6932
- C:\Windows\System\XXhdaae.exe
  C:\Windows\System\XXhdaae.exe
  2⤵
  PID:6952
- C:\Windows\System\rSEKGAr.exe
  C:\Windows\System\rSEKGAr.exe
  2⤵
  PID:6980
- C:\Windows\System\tEdnKVz.exe
  C:\Windows\System\tEdnKVz.exe
  2⤵
  PID:7020
- C:\Windows\System\vGGVFaG.exe
  C:\Windows\System\vGGVFaG.exe
  2⤵
  PID:7032
- C:\Windows\System\yRrQDmc.exe
  C:\Windows\System\yRrQDmc.exe
  2⤵
  PID:7060
- C:\Windows\System\MwNZDdO.exe
  C:\Windows\System\MwNZDdO.exe
  2⤵
  PID:7076
- C:\Windows\System\eMoQxgc.exe
  C:\Windows\System\eMoQxgc.exe
  2⤵
  PID:7112
- C:\Windows\System\uKCBZPj.exe
  C:\Windows\System\uKCBZPj.exe
  2⤵
  PID:7140
- C:\Windows\System\EUQRxzM.exe
  C:\Windows\System\EUQRxzM.exe
  2⤵
  PID:7160
- C:\Windows\System\AiOxRmv.exe
  C:\Windows\System\AiOxRmv.exe
  2⤵
  PID:5196
- C:\Windows\System\QlRtVWO.exe
  C:\Windows\System\QlRtVWO.exe
  2⤵
  PID:5236
- C:\Windows\System\sBrfhBR.exe
  C:\Windows\System\sBrfhBR.exe
  2⤵
  PID:5440
- C:\Windows\System\pOhksQy.exe
  C:\Windows\System\pOhksQy.exe
  2⤵
  PID:5512
- C:\Windows\System\kDfaWLL.exe
  C:\Windows\System\kDfaWLL.exe
  2⤵
  PID:5672
- C:\Windows\System\rCcrrIE.exe
  C:\Windows\System\rCcrrIE.exe
  2⤵
  PID:2292
- C:\Windows\System\PUtBEbd.exe
  C:\Windows\System\PUtBEbd.exe
  2⤵
  PID:5756
- C:\Windows\System\SwsIMCJ.exe
  C:\Windows\System\SwsIMCJ.exe
  2⤵
  PID:2604
- C:\Windows\System\XbyUrxL.exe
  C:\Windows\System\XbyUrxL.exe
  2⤵
  PID:6100
- C:\Windows\System\VWAmztQ.exe
  C:\Windows\System\VWAmztQ.exe
  2⤵
  PID:4160
- C:\Windows\System\ZKHRyMb.exe
  C:\Windows\System\ZKHRyMb.exe
  2⤵
  PID:4204
- C:\Windows\System\IrYzOHy.exe
  C:\Windows\System\IrYzOHy.exe
  2⤵
  PID:6156
- C:\Windows\System\pTydeZx.exe
  C:\Windows\System\pTydeZx.exe
  2⤵
  PID:6212
- C:\Windows\System\gRWlRde.exe
  C:\Windows\System\gRWlRde.exe
  2⤵
  PID:6256
- C:\Windows\System\XHMmqvj.exe
  C:\Windows\System\XHMmqvj.exe
  2⤵
  PID:6272
- C:\Windows\System\GkTuHYu.exe
  C:\Windows\System\GkTuHYu.exe
  2⤵
  PID:6332
- C:\Windows\System\DvRMYND.exe
  C:\Windows\System\DvRMYND.exe
  2⤵
  PID:6388
- C:\Windows\System\LDMhZJW.exe
  C:\Windows\System\LDMhZJW.exe
  2⤵
  PID:6392
- C:\Windows\System\Hgpnkkn.exe
  C:\Windows\System\Hgpnkkn.exe
  2⤵
  PID:6516
- C:\Windows\System\KNuwKih.exe
  C:\Windows\System\KNuwKih.exe
  2⤵
  PID:6588
- C:\Windows\System\tLFzfZp.exe
  C:\Windows\System\tLFzfZp.exe
  2⤵
  PID:6616
- C:\Windows\System\dtHbuyU.exe
  C:\Windows\System\dtHbuyU.exe
  2⤵
  PID:2004
- C:\Windows\System\gEBjoAz.exe
  C:\Windows\System\gEBjoAz.exe
  2⤵
  PID:1316
- C:\Windows\System\UuSBmif.exe
  C:\Windows\System\UuSBmif.exe
  2⤵
  PID:2040
- C:\Windows\System\dgIHaSJ.exe
  C:\Windows\System\dgIHaSJ.exe
  2⤵
  PID:2160
- C:\Windows\System\CpkwBMq.exe
  C:\Windows\System\CpkwBMq.exe
  2⤵
  PID:3964
- C:\Windows\System\hGJQjdn.exe
  C:\Windows\System\hGJQjdn.exe
  2⤵
  PID:4128
- C:\Windows\System\jDAYymB.exe
  C:\Windows\System\jDAYymB.exe
  2⤵
  PID:2316
- C:\Windows\System\PsDCUjH.exe
  C:\Windows\System\PsDCUjH.exe
  2⤵
  PID:4904
- C:\Windows\System\IPIrfUL.exe
  C:\Windows\System\IPIrfUL.exe
  2⤵
  PID:2544
- C:\Windows\System\JFyccDx.exe
  C:\Windows\System\JFyccDx.exe
  2⤵
  PID:1552
- C:\Windows\System\rvryHuw.exe
  C:\Windows\System\rvryHuw.exe
  2⤵
  PID:6792
- C:\Windows\System\bSICMPC.exe
  C:\Windows\System\bSICMPC.exe
  2⤵
  PID:2824
- C:\Windows\System\NsSzbfa.exe
  C:\Windows\System\NsSzbfa.exe
  2⤵
  PID:7096
- C:\Windows\System\ERtypeB.exe
  C:\Windows\System\ERtypeB.exe
  2⤵
  PID:7152
- C:\Windows\System\jMEziIX.exe
  C:\Windows\System\jMEziIX.exe
  2⤵
  PID:7156
- C:\Windows\System\nwKSDxW.exe
  C:\Windows\System\nwKSDxW.exe
  2⤵
  PID:2068
- C:\Windows\System\mwvBaWw.exe
  C:\Windows\System\mwvBaWw.exe
  2⤵
  PID:5596
- C:\Windows\System\QBRDbZm.exe
  C:\Windows\System\QBRDbZm.exe
  2⤵
  PID:5892
- C:\Windows\System\npfTLHn.exe
  C:\Windows\System\npfTLHn.exe
  2⤵
  PID:6188
- C:\Windows\System\LAaeRFf.exe
  C:\Windows\System\LAaeRFf.exe
  2⤵
  PID:6316
- C:\Windows\System\kJnGlJm.exe
  C:\Windows\System\kJnGlJm.exe
  2⤵
  PID:1480
- C:\Windows\System\AoPSEAm.exe
  C:\Windows\System\AoPSEAm.exe
  2⤵
  PID:6288
- C:\Windows\System\dRbhmdT.exe
  C:\Windows\System\dRbhmdT.exe
  2⤵
  PID:2676
- C:\Windows\System\cqIdMgJ.exe
  C:\Windows\System\cqIdMgJ.exe
  2⤵
  PID:6488
- C:\Windows\System\GplHzVC.exe
  C:\Windows\System\GplHzVC.exe
  2⤵
  PID:6800
- C:\Windows\System\Botekww.exe
  C:\Windows\System\Botekww.exe
  2⤵
  PID:2028
- C:\Windows\System\TVMiQnu.exe
  C:\Windows\System\TVMiQnu.exe
  2⤵
  PID:2756
- C:\Windows\System\KmRkntT.exe
  C:\Windows\System\KmRkntT.exe
  2⤵
  PID:2908
- C:\Windows\System\VDzoXHn.exe
  C:\Windows\System\VDzoXHn.exe
  2⤵
  PID:2644
- C:\Windows\System\lpphmJE.exe
  C:\Windows\System\lpphmJE.exe
  2⤵
  PID:1684
- C:\Windows\System\EAChWYv.exe
  C:\Windows\System\EAChWYv.exe
  2⤵
  PID:2012
- C:\Windows\System\FGshZgf.exe
  C:\Windows\System\FGshZgf.exe
  2⤵
  PID:3012
- C:\Windows\System\XmVQwbp.exe
  C:\Windows\System\XmVQwbp.exe
  2⤵
  PID:2576
- C:\Windows\System\cRFRWmT.exe
  C:\Windows\System\cRFRWmT.exe
  2⤵
  PID:1244
- C:\Windows\System\aaxcLcb.exe
  C:\Windows\System\aaxcLcb.exe
  2⤵
  PID:6816
- C:\Windows\System\shYUftH.exe
  C:\Windows\System\shYUftH.exe
  2⤵
  PID:6856
- C:\Windows\System\Lenoegy.exe
  C:\Windows\System\Lenoegy.exe
  2⤵
  PID:6940
- C:\Windows\System\ZYpSubE.exe
  C:\Windows\System\ZYpSubE.exe
  2⤵
  PID:6996
- C:\Windows\System\pBSlXzn.exe
  C:\Windows\System\pBSlXzn.exe
  2⤵
  PID:5436
- C:\Windows\System\QGqUQFv.exe
  C:\Windows\System\QGqUQFv.exe
  2⤵
  PID:2620
- C:\Windows\System\tQyTgkk.exe
  C:\Windows\System\tQyTgkk.exe
  2⤵
  PID:6168
- C:\Windows\System\RMiwRJM.exe
  C:\Windows\System\RMiwRJM.exe
  2⤵
  PID:7132
- C:\Windows\System\HTKSeMw.exe
  C:\Windows\System\HTKSeMw.exe
  2⤵
  PID:6196
- C:\Windows\System\Mifopaj.exe
  C:\Windows\System\Mifopaj.exe
  2⤵
  PID:6508
- C:\Windows\System\ueOhJmr.exe
  C:\Windows\System\ueOhJmr.exe
  2⤵
  PID:2720
- C:\Windows\System\wVTxMTR.exe
  C:\Windows\System\wVTxMTR.exe
  2⤵
  PID:1012
- C:\Windows\System\wWMSIYi.exe
  C:\Windows\System\wWMSIYi.exe
  2⤵
  PID:6348
- C:\Windows\System\tliUbCL.exe
  C:\Windows\System\tliUbCL.exe
  2⤵
  PID:4560
- C:\Windows\System\RDfeqAY.exe
  C:\Windows\System\RDfeqAY.exe
  2⤵
  PID:6476
- C:\Windows\System\BowHDhH.exe
  C:\Windows\System\BowHDhH.exe
  2⤵
  PID:2700
- C:\Windows\System\qccXyke.exe
  C:\Windows\System\qccXyke.exe
  2⤵
  PID:2500
- C:\Windows\System\Zyyjmcp.exe
  C:\Windows\System\Zyyjmcp.exe
  2⤵
  PID:6920
- C:\Windows\System\XmxBblL.exe
  C:\Windows\System\XmxBblL.exe
  2⤵
  PID:6328
- C:\Windows\System\udGxfgY.exe
  C:\Windows\System\udGxfgY.exe
  2⤵
  PID:6456
- C:\Windows\System\JUcbBsH.exe
  C:\Windows\System\JUcbBsH.exe
  2⤵
  PID:2656
- C:\Windows\System\wlJFezg.exe
  C:\Windows\System\wlJFezg.exe
  2⤵
  PID:6668
- C:\Windows\System\USMrFEy.exe
  C:\Windows\System\USMrFEy.exe
  2⤵
  PID:2488
- C:\Windows\System\CMAKSWI.exe
  C:\Windows\System\CMAKSWI.exe
  2⤵
  PID:1276
- C:\Windows\System\DZCEntg.exe
  C:\Windows\System\DZCEntg.exe
  2⤵
  PID:1008
- C:\Windows\System\ZPYbiJG.exe
  C:\Windows\System\ZPYbiJG.exe
  2⤵
  PID:6648
- C:\Windows\System\xJYKFpW.exe
  C:\Windows\System\xJYKFpW.exe
  2⤵
  PID:2888
- C:\Windows\System\iXafHsW.exe
  C:\Windows\System\iXafHsW.exe
  2⤵
  PID:1872
- C:\Windows\System\gDmTqjB.exe
  C:\Windows\System\gDmTqjB.exe
  2⤵
  PID:2740
- C:\Windows\System\RZTXJzp.exe
  C:\Windows\System\RZTXJzp.exe
  2⤵
  PID:2344
- C:\Windows\System\bPqcqxM.exe
  C:\Windows\System\bPqcqxM.exe
  2⤵
  PID:1876
- C:\Windows\System\KWDdvfw.exe
  C:\Windows\System\KWDdvfw.exe
  2⤵
  PID:1512
- C:\Windows\System\TSktwNG.exe
  C:\Windows\System\TSktwNG.exe
  2⤵
  PID:6548
- C:\Windows\System\vBvWdRp.exe
  C:\Windows\System\vBvWdRp.exe
  2⤵
  PID:1736
- C:\Windows\System\XXSdEfb.exe
  C:\Windows\System\XXSdEfb.exe
  2⤵
  PID:6860
- C:\Windows\System\NfVwypC.exe
  C:\Windows\System\NfVwypC.exe
  2⤵
  PID:7036
- C:\Windows\System\NjUJirO.exe
  C:\Windows\System\NjUJirO.exe
  2⤵
  PID:1140
- C:\Windows\System\XXvmmxP.exe
  C:\Windows\System\XXvmmxP.exe
  2⤵
  PID:2984
- C:\Windows\System\LQpjfBP.exe
  C:\Windows\System\LQpjfBP.exe
  2⤵
  PID:2348
- C:\Windows\System\nrjTHRs.exe
  C:\Windows\System\nrjTHRs.exe
  2⤵
  PID:2636
- C:\Windows\System\sQVXrqS.exe
  C:\Windows\System\sQVXrqS.exe
  2⤵
  PID:2176
- C:\Windows\System\ORrlwcN.exe
  C:\Windows\System\ORrlwcN.exe
  2⤵
  PID:2232
- C:\Windows\System\EeyVpqY.exe
  C:\Windows\System\EeyVpqY.exe
  2⤵
  PID:1156
- C:\Windows\System\EJPCtOw.exe
  C:\Windows\System\EJPCtOw.exe
  2⤵
  PID:6992
- C:\Windows\System\fddskjE.exe
  C:\Windows\System\fddskjE.exe
  2⤵
  PID:2684
- C:\Windows\System\lJpbrsQ.exe
  C:\Windows\System\lJpbrsQ.exe
  2⤵
  PID:2648
- C:\Windows\System\mAfCYxx.exe
  C:\Windows\System\mAfCYxx.exe
  2⤵
  PID:6956
- C:\Windows\System\HWDsUmM.exe
  C:\Windows\System\HWDsUmM.exe
  2⤵
  PID:2596
- C:\Windows\System\PeSvHuz.exe
  C:\Windows\System\PeSvHuz.exe
  2⤵
  PID:2476
- C:\Windows\System\WpJrOCQ.exe
  C:\Windows\System\WpJrOCQ.exe
  2⤵
  PID:7180
- C:\Windows\System\CRREBJT.exe
  C:\Windows\System\CRREBJT.exe
  2⤵
  PID:7200
- C:\Windows\System\EBKOAHV.exe
  C:\Windows\System\EBKOAHV.exe
  2⤵
  PID:7216
- C:\Windows\System\VZIxsHS.exe
  C:\Windows\System\VZIxsHS.exe
  2⤵
  PID:7232
- C:\Windows\System\HFiftEH.exe
  C:\Windows\System\HFiftEH.exe
  2⤵
  PID:7248
- C:\Windows\System\efGCIyu.exe
  C:\Windows\System\efGCIyu.exe
  2⤵
  PID:7272
- C:\Windows\System\TNGWgXQ.exe
  C:\Windows\System\TNGWgXQ.exe
  2⤵
  PID:7288
- C:\Windows\System\eojcacR.exe
  C:\Windows\System\eojcacR.exe
  2⤵
  PID:7308
- C:\Windows\System\TvZapZQ.exe
  C:\Windows\System\TvZapZQ.exe
  2⤵
  PID:7332
- C:\Windows\System\kLiTVSg.exe
  C:\Windows\System\kLiTVSg.exe
  2⤵
  PID:7352
- C:\Windows\System\sEkqiPy.exe
  C:\Windows\System\sEkqiPy.exe
  2⤵
  PID:7368
- C:\Windows\System\LQSJXTz.exe
  C:\Windows\System\LQSJXTz.exe
  2⤵
  PID:7388
- C:\Windows\System\refIKxx.exe
  C:\Windows\System\refIKxx.exe
  2⤵
  PID:7404
- C:\Windows\System\bSoMSBp.exe
  C:\Windows\System\bSoMSBp.exe
  2⤵
  PID:7424
- C:\Windows\System\joixnXE.exe
  C:\Windows\System\joixnXE.exe
  2⤵
  PID:7452
- C:\Windows\System\RXqdGdS.exe
  C:\Windows\System\RXqdGdS.exe
  2⤵
  PID:7472
- C:\Windows\System\fgOqMyn.exe
  C:\Windows\System\fgOqMyn.exe
  2⤵
  PID:7488
- C:\Windows\System\LLWdADG.exe
  C:\Windows\System\LLWdADG.exe
  2⤵
  PID:7504
- C:\Windows\System\GTheMrB.exe
  C:\Windows\System\GTheMrB.exe
  2⤵
  PID:7524
- C:\Windows\System\CcHmqCC.exe
  C:\Windows\System\CcHmqCC.exe
  2⤵
  PID:7544
- C:\Windows\System\ECtZmxm.exe
  C:\Windows\System\ECtZmxm.exe
  2⤵
  PID:7560
- C:\Windows\System\XddIZOj.exe
  C:\Windows\System\XddIZOj.exe
  2⤵
  PID:7580
- C:\Windows\System\mdNIcwl.exe
  C:\Windows\System\mdNIcwl.exe
  2⤵
  PID:7600
- C:\Windows\System\KTFyRko.exe
  C:\Windows\System\KTFyRko.exe
  2⤵
  PID:7616
- C:\Windows\System\tVLsIDg.exe
  C:\Windows\System\tVLsIDg.exe
  2⤵
  PID:7680
- C:\Windows\System\PdSKtsJ.exe
  C:\Windows\System\PdSKtsJ.exe
  2⤵
  PID:7700
- C:\Windows\System\sJeFpQz.exe
  C:\Windows\System\sJeFpQz.exe
  2⤵
  PID:7716
- C:\Windows\System\AlYEniY.exe
  C:\Windows\System\AlYEniY.exe
  2⤵
  PID:7732
- C:\Windows\System\poiLLIL.exe
  C:\Windows\System\poiLLIL.exe
  2⤵
  PID:7748
- C:\Windows\System\bqbSTzO.exe
  C:\Windows\System\bqbSTzO.exe
  2⤵
  PID:7764
- C:\Windows\System\GaWxude.exe
  C:\Windows\System\GaWxude.exe
  2⤵
  PID:7784
- C:\Windows\System\dGFcilu.exe
  C:\Windows\System\dGFcilu.exe
  2⤵
  PID:7804
- C:\Windows\System\qohDgEz.exe
  C:\Windows\System\qohDgEz.exe
  2⤵
  PID:7824
- C:\Windows\System\jKYfnmT.exe
  C:\Windows\System\jKYfnmT.exe
  2⤵
  PID:7848
- C:\Windows\System\sMVbqoA.exe
  C:\Windows\System\sMVbqoA.exe
  2⤵
  PID:7864
- C:\Windows\System\AczzvGJ.exe
  C:\Windows\System\AczzvGJ.exe
  2⤵
  PID:7884
- C:\Windows\System\HsCvoIO.exe
  C:\Windows\System\HsCvoIO.exe
  2⤵
  PID:7900
- C:\Windows\System\DZLnnaS.exe
  C:\Windows\System\DZLnnaS.exe
  2⤵
  PID:7920
- C:\Windows\System\gnevmlm.exe
  C:\Windows\System\gnevmlm.exe
  2⤵
  PID:7936
- C:\Windows\System\cnOBYix.exe
  C:\Windows\System\cnOBYix.exe
  2⤵
  PID:7956
- C:\Windows\System\tjtVBuJ.exe
  C:\Windows\System\tjtVBuJ.exe
  2⤵
  PID:7972
- C:\Windows\System\FuqHUDj.exe
  C:\Windows\System\FuqHUDj.exe
  2⤵
  PID:7992
- C:\Windows\System\gPkdnmn.exe
  C:\Windows\System\gPkdnmn.exe
  2⤵
  PID:8016
- C:\Windows\System\oQipilR.exe
  C:\Windows\System\oQipilR.exe
  2⤵
  PID:8036
- C:\Windows\System\BBvpMsE.exe
  C:\Windows\System\BBvpMsE.exe
  2⤵
  PID:8052
- C:\Windows\System\dJxLTGG.exe
  C:\Windows\System\dJxLTGG.exe
  2⤵
  PID:8072
- C:\Windows\System\iObEuDe.exe
  C:\Windows\System\iObEuDe.exe
  2⤵
  PID:8108
- C:\Windows\System\WzgQvgt.exe
  C:\Windows\System\WzgQvgt.exe
  2⤵
  PID:8132
- C:\Windows\System\btAqwhW.exe
  C:\Windows\System\btAqwhW.exe
  2⤵
  PID:8148
- C:\Windows\System\VTPPTbp.exe
  C:\Windows\System\VTPPTbp.exe
  2⤵
  PID:8168
- C:\Windows\System\MhlrwJw.exe
  C:\Windows\System\MhlrwJw.exe
  2⤵
  PID:2664
- C:\Windows\System\whLCJio.exe
  C:\Windows\System\whLCJio.exe
  2⤵
  PID:7316
- C:\Windows\System\vjbQdqu.exe
  C:\Windows\System\vjbQdqu.exe
  2⤵
  PID:7396
- C:\Windows\System\hZSRRRp.exe
  C:\Windows\System\hZSRRRp.exe
  2⤵
  PID:7444
- C:\Windows\System\KrbzmMg.exe
  C:\Windows\System\KrbzmMg.exe
  2⤵
  PID:7484
- C:\Windows\System\JXduZhm.exe
  C:\Windows\System\JXduZhm.exe
  2⤵
  PID:7552
- C:\Windows\System\CkcFDmU.exe
  C:\Windows\System\CkcFDmU.exe
  2⤵
  PID:7624
- C:\Windows\System\unakiKa.exe
  C:\Windows\System\unakiKa.exe
  2⤵
  PID:1968
- C:\Windows\System\UqJLCYy.exe
  C:\Windows\System\UqJLCYy.exe
  2⤵
  PID:2184
- C:\Windows\System\oetohwl.exe
  C:\Windows\System\oetohwl.exe
  2⤵
  PID:7192
- C:\Windows\System\XWGFNZI.exe
  C:\Windows\System\XWGFNZI.exe
  2⤵
  PID:7572
- C:\Windows\System\atjeLAY.exe
  C:\Windows\System\atjeLAY.exe
  2⤵
  PID:7500
- C:\Windows\System\ACgkptb.exe
  C:\Windows\System\ACgkptb.exe
  2⤵
  PID:7420
- C:\Windows\System\ecOpnZv.exe
  C:\Windows\System\ecOpnZv.exe
  2⤵
  PID:7228
- C:\Windows\System\QJzFqoT.exe
  C:\Windows\System\QJzFqoT.exe
  2⤵
  PID:7304
- C:\Windows\System\BtSiQTh.exe
  C:\Windows\System\BtSiQTh.exe
  2⤵
  PID:7224
- C:\Windows\System\nDdTeGD.exe
  C:\Windows\System\nDdTeGD.exe
  2⤵
  PID:7644
- C:\Windows\System\PVoRKdi.exe
  C:\Windows\System\PVoRKdi.exe
  2⤵
  PID:7664
- C:\Windows\System\WcteYzk.exe
  C:\Windows\System\WcteYzk.exe
  2⤵
  PID:7688
- C:\Windows\System\NLLLDOF.exe
  C:\Windows\System\NLLLDOF.exe
  2⤵
  PID:7776
- C:\Windows\System\XcdXUEX.exe
  C:\Windows\System\XcdXUEX.exe
  2⤵
  PID:7820
- C:\Windows\System\hJsXaRk.exe
  C:\Windows\System\hJsXaRk.exe
  2⤵
  PID:7928
- C:\Windows\System\OicsIma.exe
  C:\Windows\System\OicsIma.exe
  2⤵
  PID:7724
- C:\Windows\System\wGICmnJ.exe
  C:\Windows\System\wGICmnJ.exe
  2⤵
  PID:7696
- C:\Windows\System\qQxBjTL.exe
  C:\Windows\System\qQxBjTL.exe
  2⤵
  PID:8004
- C:\Windows\System\oGJGhcv.exe
  C:\Windows\System\oGJGhcv.exe
  2⤵
  PID:7760
- C:\Windows\System\poWVMix.exe
  C:\Windows\System\poWVMix.exe
  2⤵
  PID:8104
- C:\Windows\System\HzQPaWk.exe
  C:\Windows\System\HzQPaWk.exe
  2⤵
  PID:8140
- C:\Windows\System\LBGdrmK.exe
  C:\Windows\System\LBGdrmK.exe
  2⤵
  PID:8176
- C:\Windows\System\bcAxyZI.exe
  C:\Windows\System\bcAxyZI.exe
  2⤵
  PID:7988
- C:\Windows\System\IxSncBJ.exe
  C:\Windows\System\IxSncBJ.exe
  2⤵
  PID:8060
- C:\Windows\System\ZfZOzse.exe
  C:\Windows\System\ZfZOzse.exe
  2⤵
  PID:8124
- C:\Windows\System\HExQMTA.exe
  C:\Windows\System\HExQMTA.exe
  2⤵
  PID:7208
- C:\Windows\System\UOfnVBW.exe
  C:\Windows\System\UOfnVBW.exe
  2⤵
  PID:7280
- C:\Windows\System\DfHIbnf.exe
  C:\Windows\System\DfHIbnf.exe
  2⤵
  PID:7480
- C:\Windows\System\pUQOXog.exe
  C:\Windows\System\pUQOXog.exe
  2⤵
  PID:4892
- C:\Windows\System\oNuXmDj.exe
  C:\Windows\System\oNuXmDj.exe
  2⤵
  PID:7464
- C:\Windows\System\cIUIqSe.exe
  C:\Windows\System\cIUIqSe.exe
  2⤵
  PID:7632
- C:\Windows\System\EDyXreq.exe
  C:\Windows\System\EDyXreq.exe
  2⤵
  PID:7812
- C:\Windows\System\xAhfESI.exe
  C:\Windows\System\xAhfESI.exe
  2⤵
  PID:8000
- C:\Windows\System\rrHLAwl.exe
  C:\Windows\System\rrHLAwl.exe
  2⤵
  PID:7796
- C:\Windows\System\SwAviJd.exe
  C:\Windows\System\SwAviJd.exe
  2⤵
  PID:2252
- C:\Windows\System\EYvtnlA.exe
  C:\Windows\System\EYvtnlA.exe
  2⤵
  PID:8080
- C:\Windows\System\lRoxJAP.exe
  C:\Windows\System\lRoxJAP.exe
  2⤵
  PID:8092
- C:\Windows\System\McCkYeB.exe
  C:\Windows\System\McCkYeB.exe
  2⤵
  PID:7256
- C:\Windows\System\pRXzHZt.exe
  C:\Windows\System\pRXzHZt.exe
  2⤵
  PID:7380
- C:\Windows\System\gqqLDVp.exe
  C:\Windows\System\gqqLDVp.exe
  2⤵
  PID:7660
- C:\Windows\System\dFyFKAH.exe
  C:\Windows\System\dFyFKAH.exe
  2⤵
  PID:7892
- C:\Windows\System\pJMcSqz.exe
  C:\Windows\System\pJMcSqz.exe
  2⤵
  PID:7980
- C:\Windows\System\lrBwxon.exe
  C:\Windows\System\lrBwxon.exe
  2⤵
  PID:7328
- C:\Windows\System\tknIYMu.exe
  C:\Windows\System\tknIYMu.exe
  2⤵
  PID:7244
- C:\Windows\System\ydCaXUU.exe
  C:\Windows\System\ydCaXUU.exe
  2⤵
  PID:7668
- C:\Windows\System\WePneTk.exe
  C:\Windows\System\WePneTk.exe
  2⤵
  PID:7912
- C:\Windows\System\EKnfzVF.exe
  C:\Windows\System\EKnfzVF.exe
  2⤵
  PID:8116
- C:\Windows\System\yOKMCHR.exe
  C:\Windows\System\yOKMCHR.exe
  2⤵
  PID:7348
- C:\Windows\System\ivfkTix.exe
  C:\Windows\System\ivfkTix.exe
  2⤵
  PID:7436
- C:\Windows\System\uoSpVID.exe
  C:\Windows\System\uoSpVID.exe
  2⤵
  PID:8068
- C:\Windows\System\JowfVAm.exe
  C:\Windows\System\JowfVAm.exe
  2⤵
  PID:7596
- C:\Windows\System\xRmFdEi.exe
  C:\Windows\System\xRmFdEi.exe
  2⤵
  PID:7876
- C:\Windows\System\DpxMBfe.exe
  C:\Windows\System\DpxMBfe.exe
  2⤵
  PID:7212
- C:\Windows\System\POiSgYl.exe
  C:\Windows\System\POiSgYl.exe
  2⤵
  PID:7968
- C:\Windows\System\IhMcsWS.exe
  C:\Windows\System\IhMcsWS.exe
  2⤵
  PID:7540
- C:\Windows\System\ZkAGeSc.exe
  C:\Windows\System\ZkAGeSc.exe
  2⤵
  PID:7908
- C:\Windows\System\aPrABkI.exe
  C:\Windows\System\aPrABkI.exe
  2⤵
  PID:7744
- C:\Windows\System\zoCMeQg.exe
  C:\Windows\System\zoCMeQg.exe
  2⤵
  PID:7340
- C:\Windows\System\FXULkSa.exe
  C:\Windows\System\FXULkSa.exe
  2⤵
  PID:7948
- C:\Windows\System\qFBIGGr.exe
  C:\Windows\System\qFBIGGr.exe
  2⤵
  PID:8196
- C:\Windows\System\LsHlMEh.exe
  C:\Windows\System\LsHlMEh.exe
  2⤵
  PID:8212
- C:\Windows\System\wXyysBo.exe
  C:\Windows\System\wXyysBo.exe
  2⤵
  PID:8236
- C:\Windows\System\ZSsnkgF.exe
  C:\Windows\System\ZSsnkgF.exe
  2⤵
  PID:8256
- C:\Windows\System\EqoMCRp.exe
  C:\Windows\System\EqoMCRp.exe
  2⤵
  PID:8272
- C:\Windows\System\MjTgznp.exe
  C:\Windows\System\MjTgznp.exe
  2⤵
  PID:8288
- C:\Windows\System\bEIWymP.exe
  C:\Windows\System\bEIWymP.exe
  2⤵
  PID:8308
- C:\Windows\System\XKwZChU.exe
  C:\Windows\System\XKwZChU.exe
  2⤵
  PID:8328
- C:\Windows\System\NxTipaj.exe
  C:\Windows\System\NxTipaj.exe
  2⤵
  PID:8344
- C:\Windows\System\BXUwExH.exe
  C:\Windows\System\BXUwExH.exe
  2⤵
  PID:8360
- C:\Windows\System\TpsElgL.exe
  C:\Windows\System\TpsElgL.exe
  2⤵
  PID:8380
- C:\Windows\System\pMGJKSk.exe
  C:\Windows\System\pMGJKSk.exe
  2⤵
  PID:8400
- C:\Windows\System\fgnfGMS.exe
  C:\Windows\System\fgnfGMS.exe
  2⤵
  PID:8416
- C:\Windows\System\BnVEIiI.exe
  C:\Windows\System\BnVEIiI.exe
  2⤵
  PID:8436
- C:\Windows\System\eGxGtgL.exe
  C:\Windows\System\eGxGtgL.exe
  2⤵
  PID:8452
- C:\Windows\System\iLXiMMr.exe
  C:\Windows\System\iLXiMMr.exe
  2⤵
  PID:8472
- C:\Windows\System\AdIMkNw.exe
  C:\Windows\System\AdIMkNw.exe
  2⤵
  PID:8544
- C:\Windows\System\wLljvlW.exe
  C:\Windows\System\wLljvlW.exe
  2⤵
  PID:8560
- C:\Windows\System\xOYAbik.exe
  C:\Windows\System\xOYAbik.exe
  2⤵
  PID:8580
- C:\Windows\System\XnJZAYc.exe
  C:\Windows\System\XnJZAYc.exe
  2⤵
  PID:8600
- C:\Windows\System\eRmjhlU.exe
  C:\Windows\System\eRmjhlU.exe
  2⤵
  PID:8616
- C:\Windows\System\HEQtTcL.exe
  C:\Windows\System\HEQtTcL.exe
  2⤵
  PID:8636
- C:\Windows\System\giZBdiW.exe
  C:\Windows\System\giZBdiW.exe
  2⤵
  PID:8652
- C:\Windows\System\OoOKqVh.exe
  C:\Windows\System\OoOKqVh.exe
  2⤵
  PID:8684
- C:\Windows\System\qwKUcJw.exe
  C:\Windows\System\qwKUcJw.exe
  2⤵
  PID:8700
- C:\Windows\System\uuAjQeu.exe
  C:\Windows\System\uuAjQeu.exe
  2⤵
  PID:8720
- C:\Windows\System\NPAmXld.exe
  C:\Windows\System\NPAmXld.exe
  2⤵
  PID:8736
- C:\Windows\System\lTKyXZw.exe
  C:\Windows\System\lTKyXZw.exe
  2⤵
  PID:8752
- C:\Windows\System\GCZpYZH.exe
  C:\Windows\System\GCZpYZH.exe
  2⤵
  PID:8768
- C:\Windows\System\AiyARiX.exe
  C:\Windows\System\AiyARiX.exe
  2⤵
  PID:8788
- C:\Windows\System\AlPQOhG.exe
  C:\Windows\System\AlPQOhG.exe
  2⤵
  PID:8804
- C:\Windows\System\PwVdsaT.exe
  C:\Windows\System\PwVdsaT.exe
  2⤵
  PID:8820
- C:\Windows\System\uVfxVxc.exe
  C:\Windows\System\uVfxVxc.exe
  2⤵
  PID:8836
- C:\Windows\System\rLcLLZI.exe
  C:\Windows\System\rLcLLZI.exe
  2⤵
  PID:8852
- C:\Windows\System\coGnEsO.exe
  C:\Windows\System\coGnEsO.exe
  2⤵
  PID:8868
- C:\Windows\System\yOpcoIm.exe
  C:\Windows\System\yOpcoIm.exe
  2⤵
  PID:8884
- C:\Windows\System\VpnXeGw.exe
  C:\Windows\System\VpnXeGw.exe
  2⤵
  PID:8900
- C:\Windows\System\QyGJLaL.exe
  C:\Windows\System\QyGJLaL.exe
  2⤵
  PID:8916
- C:\Windows\System\OuAIsDE.exe
  C:\Windows\System\OuAIsDE.exe
  2⤵
  PID:8932
- C:\Windows\System\iNmlNRE.exe
  C:\Windows\System\iNmlNRE.exe
  2⤵
  PID:8952
- C:\Windows\System\odEoqFZ.exe
  C:\Windows\System\odEoqFZ.exe
  2⤵
  PID:8968
- C:\Windows\System\yNZmBdn.exe
  C:\Windows\System\yNZmBdn.exe
  2⤵
  PID:8984
- C:\Windows\System\XZxKibR.exe
  C:\Windows\System\XZxKibR.exe
  2⤵
  PID:9020
- C:\Windows\System\fhmsKwa.exe
  C:\Windows\System\fhmsKwa.exe
  2⤵
  PID:9036
- C:\Windows\System\ISuDEHs.exe
  C:\Windows\System\ISuDEHs.exe
  2⤵
  PID:9052
- C:\Windows\System\VzTsdfc.exe
  C:\Windows\System\VzTsdfc.exe
  2⤵
  PID:9068
- C:\Windows\System\ZCNOIjR.exe
  C:\Windows\System\ZCNOIjR.exe
  2⤵
  PID:9084
- C:\Windows\System\XhhYzoC.exe
  C:\Windows\System\XhhYzoC.exe
  2⤵
  PID:9100
- C:\Windows\System\LWcrlAJ.exe
  C:\Windows\System\LWcrlAJ.exe
  2⤵
  PID:9116
- C:\Windows\System\dxuKwgQ.exe
  C:\Windows\System\dxuKwgQ.exe
  2⤵
  PID:9136
- C:\Windows\System\fcnEBZj.exe
  C:\Windows\System\fcnEBZj.exe
  2⤵
  PID:9152
- C:\Windows\System\krcYkEb.exe
  C:\Windows\System\krcYkEb.exe
  2⤵
  PID:9168
- C:\Windows\System\lJpSYSe.exe
  C:\Windows\System\lJpSYSe.exe
  2⤵
  PID:9184
- C:\Windows\System\pavhmCQ.exe
  C:\Windows\System\pavhmCQ.exe
  2⤵
  PID:9200
- C:\Windows\System\gemHcZC.exe
  C:\Windows\System\gemHcZC.exe
  2⤵
  PID:7432
- C:\Windows\System\ADIqDok.exe
  C:\Windows\System\ADIqDok.exe
  2⤵
  PID:8232
- C:\Windows\System\QjjfkDy.exe
  C:\Windows\System\QjjfkDy.exe
  2⤵
  PID:8300
- C:\Windows\System\YCJwJTJ.exe
  C:\Windows\System\YCJwJTJ.exe
  2⤵
  PID:8368
- C:\Windows\System\OMAxWmk.exe
  C:\Windows\System\OMAxWmk.exe
  2⤵
  PID:8488
- C:\Windows\System\aNMbTza.exe
  C:\Windows\System\aNMbTza.exe
  2⤵
  PID:7576
- C:\Windows\System\EbuWzAa.exe
  C:\Windows\System\EbuWzAa.exe
  2⤵
  PID:7188
- C:\Windows\System\wKhNLyn.exe
  C:\Windows\System\wKhNLyn.exe
  2⤵
  PID:8512
- C:\Windows\System\aozvrOQ.exe
  C:\Windows\System\aozvrOQ.exe
  2⤵
  PID:8524
- C:\Windows\System\TMsgWYN.exe
  C:\Windows\System\TMsgWYN.exe
  2⤵
  PID:8528
- C:\Windows\System\FvqGBxv.exe
  C:\Windows\System\FvqGBxv.exe
  2⤵
  PID:7268
- C:\Windows\System\gRZWMvU.exe
  C:\Windows\System\gRZWMvU.exe
  2⤵
  PID:8284
- C:\Windows\System\jCnCOKZ.exe
  C:\Windows\System\jCnCOKZ.exe
  2⤵
  PID:8088
- C:\Windows\System\hTBSlRv.exe
  C:\Windows\System\hTBSlRv.exe
  2⤵
  PID:7608
- C:\Windows\System\HTnQgNh.exe
  C:\Windows\System\HTnQgNh.exe
  2⤵
  PID:7832
- C:\Windows\System\ZXkroqV.exe
  C:\Windows\System\ZXkroqV.exe
  2⤵
  PID:8244
- C:\Windows\System\KwfgyvO.exe
  C:\Windows\System\KwfgyvO.exe
  2⤵
  PID:8316
- C:\Windows\System\vJxFzUi.exe
  C:\Windows\System\vJxFzUi.exe
  2⤵
  PID:8460
- C:\Windows\System\KBIdiKl.exe
  C:\Windows\System\KBIdiKl.exe
  2⤵
  PID:8536
- C:\Windows\System\wCyEzKH.exe
  C:\Windows\System\wCyEzKH.exe
  2⤵
  PID:8572
- C:\Windows\System\vQmNIwz.exe
  C:\Windows\System\vQmNIwz.exe
  2⤵
  PID:8644
- C:\Windows\System\kRvTNXJ.exe
  C:\Windows\System\kRvTNXJ.exe
  2⤵
  PID:8660
- C:\Windows\System\rOjxaFJ.exe
  C:\Windows\System\rOjxaFJ.exe
  2⤵
  PID:8588
- C:\Windows\System\YYPHDlg.exe
  C:\Windows\System\YYPHDlg.exe
  2⤵
  PID:8628
- C:\Windows\System\MSmkGMi.exe
  C:\Windows\System\MSmkGMi.exe
  2⤵
  PID:8676
- C:\Windows\System\bVFKddY.exe
  C:\Windows\System\bVFKddY.exe
  2⤵
  PID:8712
- C:\Windows\System\uTgQLSe.exe
  C:\Windows\System\uTgQLSe.exe
  2⤵
  PID:8760
- C:\Windows\System\qwfAZfu.exe
  C:\Windows\System\qwfAZfu.exe
  2⤵
  PID:8796
- C:\Windows\System\wMxtqsp.exe
  C:\Windows\System\wMxtqsp.exe
  2⤵
  PID:8816
- C:\Windows\System\xGKNjuM.exe
  C:\Windows\System\xGKNjuM.exe
  2⤵
  PID:8912
- C:\Windows\System\QquGjwb.exe
  C:\Windows\System\QquGjwb.exe
  2⤵
  PID:8832
- C:\Windows\System\OVXIMrW.exe
  C:\Windows\System\OVXIMrW.exe
  2⤵
  PID:7772
- C:\Windows\System\eJHomBE.exe
  C:\Windows\System\eJHomBE.exe
  2⤵
  PID:8928
- C:\Windows\System\OlGjSAH.exe
  C:\Windows\System\OlGjSAH.exe
  2⤵
  PID:8980
- C:\Windows\System\DgfuWUJ.exe
  C:\Windows\System\DgfuWUJ.exe
  2⤵
  PID:9032
- C:\Windows\System\ppQqfNv.exe
  C:\Windows\System\ppQqfNv.exe
  2⤵
  PID:9012
- C:\Windows\System\ljBTnOh.exe
  C:\Windows\System\ljBTnOh.exe
  2⤵
  PID:9096
- C:\Windows\System\OvxazPD.exe
  C:\Windows\System\OvxazPD.exe
  2⤵
  PID:9108
- C:\Windows\System\OSTzUGa.exe
  C:\Windows\System\OSTzUGa.exe
  2⤵
  PID:9144
- C:\Windows\System\NxVhDhV.exe
  C:\Windows\System\NxVhDhV.exe
  2⤵
  PID:9196
- C:\Windows\System\wMsSJXK.exe
  C:\Windows\System\wMsSJXK.exe
  2⤵
  PID:8340
- C:\Windows\System\VUCSWYo.exe
  C:\Windows\System\VUCSWYo.exe
  2⤵
  PID:9212
- C:\Windows\System\pIjAEeL.exe
  C:\Windows\System\pIjAEeL.exe
  2⤵
  PID:9124
- C:\Windows\System\swcScVP.exe
  C:\Windows\System\swcScVP.exe
  2⤵
  PID:8408
- C:\Windows\System\aDxbWSp.exe
  C:\Windows\System\aDxbWSp.exe
  2⤵
  PID:8448
- C:\Windows\System\kBVHwyd.exe
  C:\Windows\System\kBVHwyd.exe
  2⤵
  PID:7344
- C:\Windows\System\rhHXYff.exe
  C:\Windows\System\rhHXYff.exe
  2⤵
  PID:7364
- C:\Windows\System\mDOWubL.exe
  C:\Windows\System\mDOWubL.exe
  2⤵
  PID:8208
- C:\Windows\System\RKlmiBf.exe
  C:\Windows\System\RKlmiBf.exe
  2⤵
  PID:8188
- C:\Windows\System\zaCUsGz.exe
  C:\Windows\System\zaCUsGz.exe
  2⤵
  PID:8352
- C:\Windows\System\PMuuKFI.exe
  C:\Windows\System\PMuuKFI.exe
  2⤵
  PID:8252
- C:\Windows\System\XfzxGSN.exe
  C:\Windows\System\XfzxGSN.exe
  2⤵
  PID:8540
- C:\Windows\System\MpPVkOO.exe
  C:\Windows\System\MpPVkOO.exe
  2⤵
  PID:8592
- C:\Windows\System\yehLXWB.exe
  C:\Windows\System\yehLXWB.exe
  2⤵
  PID:8468
- C:\Windows\System\hKVnqCk.exe
  C:\Windows\System\hKVnqCk.exe
  2⤵
  PID:8668
- C:\Windows\System\SwKKETq.exe
  C:\Windows\System\SwKKETq.exe
  2⤵
  PID:8800
- C:\Windows\System\CpWvYUh.exe
  C:\Windows\System\CpWvYUh.exe
  2⤵
  PID:8680
- C:\Windows\System\vLXUgRR.exe
  C:\Windows\System\vLXUgRR.exe
  2⤵
  PID:8924
- C:\Windows\System\RsijUmz.exe
  C:\Windows\System\RsijUmz.exe
  2⤵
  PID:8908
- C:\Windows\System\rXfhbUD.exe
  C:\Windows\System\rXfhbUD.exe
  2⤵
  PID:8964
- C:\Windows\System\JRJRYge.exe
  C:\Windows\System\JRJRYge.exe
  2⤵
  PID:9112
- C:\Windows\System\cIqbeiE.exe
  C:\Windows\System\cIqbeiE.exe
  2⤵
  PID:8296
- C:\Windows\System\CqOlpSr.exe
  C:\Windows\System\CqOlpSr.exe
  2⤵
  PID:8336
- C:\Windows\System\CZdyZbT.exe
  C:\Windows\System\CZdyZbT.exe
  2⤵
  PID:8412
- C:\Windows\System\OBdXZJf.exe
  C:\Windows\System\OBdXZJf.exe
  2⤵
  PID:7520
- C:\Windows\System\VJQZWqy.exe
  C:\Windows\System\VJQZWqy.exe
  2⤵
  PID:8504
- C:\Windows\System\jKQXFNt.exe
  C:\Windows\System\jKQXFNt.exe
  2⤵
  PID:1920
- C:\Windows\System\tLmBzGH.exe
  C:\Windows\System\tLmBzGH.exe
  2⤵
  PID:8556
- C:\Windows\System\rKUjHhE.exe
  C:\Windows\System\rKUjHhE.exe
  2⤵
  PID:8396
- C:\Windows\System\zZdgTjQ.exe
  C:\Windows\System\zZdgTjQ.exe
  2⤵
  PID:8744
- C:\Windows\System\wgEitYx.exe
  C:\Windows\System\wgEitYx.exe
  2⤵
  PID:8976
- C:\Windows\System\nzmvpiz.exe
  C:\Windows\System\nzmvpiz.exe
  2⤵
  PID:8776
- C:\Windows\System\wtFQREF.exe
  C:\Windows\System\wtFQREF.exe
  2⤵
  PID:8940
- C:\Windows\System\YYyyQqx.exe
  C:\Windows\System\YYyyQqx.exe
  2⤵
  PID:9048
- C:\Windows\System\YfdjCXl.exe
  C:\Windows\System\YfdjCXl.exe
  2⤵
  PID:8224
- C:\Windows\System\JqsvzIO.exe
  C:\Windows\System\JqsvzIO.exe
  2⤵
  PID:7360
- C:\Windows\System\XPzyYtj.exe
  C:\Windows\System\XPzyYtj.exe
  2⤵
  PID:8028
- C:\Windows\System\MFerECY.exe
  C:\Windows\System\MFerECY.exe
  2⤵
  PID:8624
- C:\Windows\System\lDQIumr.exe
  C:\Windows\System\lDQIumr.exe
  2⤵
  PID:9220
- C:\Windows\System\nNvKkFZ.exe
  C:\Windows\System\nNvKkFZ.exe
  2⤵
  PID:9236
- C:\Windows\System\csvjpKs.exe
  C:\Windows\System\csvjpKs.exe
  2⤵
  PID:9252
- C:\Windows\System\tfZKnEa.exe
  C:\Windows\System\tfZKnEa.exe
  2⤵
  PID:9268
- C:\Windows\System\XaGqBxa.exe
  C:\Windows\System\XaGqBxa.exe
  2⤵
  PID:9284
- C:\Windows\System\XKgGftH.exe
  C:\Windows\System\XKgGftH.exe
  2⤵
  PID:9300
- C:\Windows\System\tBDiwec.exe
  C:\Windows\System\tBDiwec.exe
  2⤵
  PID:9316
- C:\Windows\System\KCATrvQ.exe
  C:\Windows\System\KCATrvQ.exe
  2⤵
  PID:9332
- C:\Windows\System\xLUPhaB.exe
  C:\Windows\System\xLUPhaB.exe
  2⤵
  PID:9348
- C:\Windows\System\MhIOVWQ.exe
  C:\Windows\System\MhIOVWQ.exe
  2⤵
  PID:9364
- C:\Windows\System\KAjLtwb.exe
  C:\Windows\System\KAjLtwb.exe
  2⤵
  PID:9380
- C:\Windows\System\yONjeeC.exe
  C:\Windows\System\yONjeeC.exe
  2⤵
  PID:9396
- C:\Windows\System\UyQeKGP.exe
  C:\Windows\System\UyQeKGP.exe
  2⤵
  PID:9412
- C:\Windows\System\wfeItEh.exe
  C:\Windows\System\wfeItEh.exe
  2⤵
  PID:9428
- C:\Windows\System\ttIyNcz.exe
  C:\Windows\System\ttIyNcz.exe
  2⤵
  PID:9448
- C:\Windows\System\qyJackW.exe
  C:\Windows\System\qyJackW.exe
  2⤵
  PID:9464
- C:\Windows\System\zLplfVC.exe
  C:\Windows\System\zLplfVC.exe
  2⤵
  PID:9480
- C:\Windows\System\wtNfEfl.exe
  C:\Windows\System\wtNfEfl.exe
  2⤵
  PID:9496
- C:\Windows\System\XkZKsCs.exe
  C:\Windows\System\XkZKsCs.exe
  2⤵
  PID:9512
- C:\Windows\System\ENNICIV.exe
  C:\Windows\System\ENNICIV.exe
  2⤵
  PID:9528
- C:\Windows\System\EJZpZyV.exe
  C:\Windows\System\EJZpZyV.exe
  2⤵
  PID:9544
- C:\Windows\System\glGSjgi.exe
  C:\Windows\System\glGSjgi.exe
  2⤵
  PID:9560
- C:\Windows\System\OCRrywZ.exe
  C:\Windows\System\OCRrywZ.exe
  2⤵
  PID:9576
- C:\Windows\System\wclsAZp.exe
  C:\Windows\System\wclsAZp.exe
  2⤵
  PID:9592
- C:\Windows\System\vJgZLkR.exe
  C:\Windows\System\vJgZLkR.exe
  2⤵
  PID:9608
- C:\Windows\System\LOgDJNL.exe
  C:\Windows\System\LOgDJNL.exe
  2⤵
  PID:9624
- C:\Windows\System\IPHCOQx.exe
  C:\Windows\System\IPHCOQx.exe
  2⤵
  PID:9640
- C:\Windows\System\EEyHcOu.exe
  C:\Windows\System\EEyHcOu.exe
  2⤵
  PID:9656
- C:\Windows\System\MwAqRSJ.exe
  C:\Windows\System\MwAqRSJ.exe
  2⤵
  PID:9672
- C:\Windows\System\ZuZvAwI.exe
  C:\Windows\System\ZuZvAwI.exe
  2⤵
  PID:9688
- C:\Windows\System\Rcajkyt.exe
  C:\Windows\System\Rcajkyt.exe
  2⤵
  PID:9704
- C:\Windows\System\WyfLpSL.exe
  C:\Windows\System\WyfLpSL.exe
  2⤵
  PID:9720
- C:\Windows\System\vleLWdT.exe
  C:\Windows\System\vleLWdT.exe
  2⤵
  PID:9736
- C:\Windows\System\QHwnsVP.exe
  C:\Windows\System\QHwnsVP.exe
  2⤵
  PID:9752
- C:\Windows\System\PzwjhTg.exe
  C:\Windows\System\PzwjhTg.exe
  2⤵
  PID:9768
- C:\Windows\System\iOxbmcX.exe
  C:\Windows\System\iOxbmcX.exe
  2⤵
  PID:9784
- C:\Windows\System\RABybzO.exe
  C:\Windows\System\RABybzO.exe
  2⤵
  PID:9800
- C:\Windows\System\weNepNe.exe
  C:\Windows\System\weNepNe.exe
  2⤵
  PID:9816
- C:\Windows\System\nEzAhSf.exe
  C:\Windows\System\nEzAhSf.exe
  2⤵
  PID:9832
- C:\Windows\System\UYMANgM.exe
  C:\Windows\System\UYMANgM.exe
  2⤵
  PID:9848
- C:\Windows\System\sVWHPKF.exe
  C:\Windows\System\sVWHPKF.exe
  2⤵
  PID:9868
- C:\Windows\System\VMYNWJg.exe
  C:\Windows\System\VMYNWJg.exe
  2⤵
  PID:9892
- C:\Windows\System\xpreFbg.exe
  C:\Windows\System\xpreFbg.exe
  2⤵
  PID:9908
- C:\Windows\System\sXplZjV.exe
  C:\Windows\System\sXplZjV.exe
  2⤵
  PID:9924
- C:\Windows\System\OwBydcr.exe
  C:\Windows\System\OwBydcr.exe
  2⤵
  PID:9940
- C:\Windows\System\NKcBkbB.exe
  C:\Windows\System\NKcBkbB.exe
  2⤵
  PID:9956
- C:\Windows\System\JaiaiRj.exe
  C:\Windows\System\JaiaiRj.exe
  2⤵
  PID:9972
- C:\Windows\System\DvlMyLP.exe
  C:\Windows\System\DvlMyLP.exe
  2⤵
  PID:9988
- C:\Windows\System\MuuQyIp.exe
  C:\Windows\System\MuuQyIp.exe
  2⤵
  PID:10004
- C:\Windows\System\EniEHRC.exe
  C:\Windows\System\EniEHRC.exe
  2⤵
  PID:10020
- C:\Windows\System\fSCVIIL.exe
  C:\Windows\System\fSCVIIL.exe
  2⤵
  PID:10036
- C:\Windows\System\fXmgwYx.exe
  C:\Windows\System\fXmgwYx.exe
  2⤵
  PID:10056
- C:\Windows\System\yudqHyS.exe
  C:\Windows\System\yudqHyS.exe
  2⤵
  PID:10072
- C:\Windows\System\eKcZLoT.exe
  C:\Windows\System\eKcZLoT.exe
  2⤵
  PID:10088
- C:\Windows\System\lHXispk.exe
  C:\Windows\System\lHXispk.exe
  2⤵
  PID:10104
- C:\Windows\System\YrbPFaZ.exe
  C:\Windows\System\YrbPFaZ.exe
  2⤵
  PID:10120
- C:\Windows\System\rhTiaBp.exe
  C:\Windows\System\rhTiaBp.exe
  2⤵
  PID:10136
- C:\Windows\System\EgKNeDs.exe
  C:\Windows\System\EgKNeDs.exe
  2⤵
  PID:10152
- C:\Windows\System\lbgDdoq.exe
  C:\Windows\System\lbgDdoq.exe
  2⤵
  PID:10168
- C:\Windows\System\lHfrapx.exe
  C:\Windows\System\lHfrapx.exe
  2⤵
  PID:10184
- C:\Windows\System\qAsNgpC.exe
  C:\Windows\System\qAsNgpC.exe
  2⤵
  PID:10200
- C:\Windows\System\OIMxDpv.exe
  C:\Windows\System\OIMxDpv.exe
  2⤵
  PID:10216
- C:\Windows\System\xwByxxp.exe
  C:\Windows\System\xwByxxp.exe
  2⤵
  PID:10232
- C:\Windows\System\ocAComn.exe
  C:\Windows\System\ocAComn.exe
  2⤵
  PID:8844
- C:\Windows\System\TasAYpc.exe
  C:\Windows\System\TasAYpc.exe
  2⤵
  PID:8696
- C:\Windows\System\SjxSgWi.exe
  C:\Windows\System\SjxSgWi.exe
  2⤵
  PID:9008
- C:\Windows\System\uSLNNhQ.exe
  C:\Windows\System\uSLNNhQ.exe
  2⤵
  PID:9228
- C:\Windows\System\VpUXvYO.exe
  C:\Windows\System\VpUXvYO.exe
  2⤵
  PID:9264
- C:\Windows\System\vQJdpjl.exe
  C:\Windows\System\vQJdpjl.exe
  2⤵
  PID:9276
- C:\Windows\System\CrHqtAl.exe
  C:\Windows\System\CrHqtAl.exe
  2⤵
  PID:9280
- C:\Windows\System\lGfTfQm.exe
  C:\Windows\System\lGfTfQm.exe
  2⤵
  PID:9344
- C:\Windows\System\ApCuSSZ.exe
  C:\Windows\System\ApCuSSZ.exe
  2⤵
  PID:9328
- C:\Windows\System\tjxlkhq.exe
  C:\Windows\System\tjxlkhq.exe
  2⤵
  PID:9520
- C:\Windows\System\VRfsfoo.exe
  C:\Windows\System\VRfsfoo.exe
  2⤵
  PID:9552
- C:\Windows\System\MKplxIL.exe
  C:\Windows\System\MKplxIL.exe
  2⤵
  PID:9404
- C:\Windows\System\uiDTTNQ.exe
  C:\Windows\System\uiDTTNQ.exe
  2⤵
  PID:9588
- C:\Windows\System\tKJWIhb.exe
  C:\Windows\System\tKJWIhb.exe
  2⤵
  PID:9504
- C:\Windows\System\ayJRaVq.exe
  C:\Windows\System\ayJRaVq.exe
  2⤵
  PID:9568
- C:\Windows\System\YwmXbxp.exe
  C:\Windows\System\YwmXbxp.exe
  2⤵
  PID:9632
- C:\Windows\System\vnbWbgv.exe
  C:\Windows\System\vnbWbgv.exe
  2⤵
  PID:9664
- C:\Windows\System\BfOMkXK.exe
  C:\Windows\System\BfOMkXK.exe
  2⤵
  PID:9700
- C:\Windows\System\fBlXUzh.exe
  C:\Windows\System\fBlXUzh.exe
  2⤵
  PID:9648
- C:\Windows\System\ItMtLXz.exe
  C:\Windows\System\ItMtLXz.exe
  2⤵
  PID:9824
- C:\Windows\System\rkuJeBg.exe
  C:\Windows\System\rkuJeBg.exe
  2⤵
  PID:9684
- C:\Windows\System\sATqmTo.exe
  C:\Windows\System\sATqmTo.exe
  2⤵
  PID:9748
- C:\Windows\System\enUZORc.exe
  C:\Windows\System\enUZORc.exe
  2⤵
  PID:9860
- C:\Windows\System\iUbgBbu.exe
  C:\Windows\System\iUbgBbu.exe
  2⤵
  PID:9884
- C:\Windows\System\YGhkiyx.exe
  C:\Windows\System\YGhkiyx.exe
  2⤵
  PID:9888
- C:\Windows\System\iPfIlDB.exe
  C:\Windows\System\iPfIlDB.exe
  2⤵
  PID:9980
- C:\Windows\System\vjxhSOO.exe
  C:\Windows\System\vjxhSOO.exe
  2⤵
  PID:9996
- C:\Windows\System\csqslcH.exe
  C:\Windows\System\csqslcH.exe
  2⤵
  PID:8392
- C:\Windows\System\cnEJqiF.exe
  C:\Windows\System\cnEJqiF.exe
  2⤵
  PID:10044
- C:\Windows\System\GaBFcFx.exe
  C:\Windows\System\GaBFcFx.exe
  2⤵
  PID:10048
- C:\Windows\System\tdbvsio.exe
  C:\Windows\System\tdbvsio.exe
  2⤵
  PID:10128
- C:\Windows\System\OtuvBem.exe
  C:\Windows\System\OtuvBem.exe
  2⤵
  PID:10116
- C:\Windows\System\zLdaktn.exe
  C:\Windows\System\zLdaktn.exe
  2⤵
  PID:10148
- C:\Windows\System\JUfPDkj.exe
  C:\Windows\System\JUfPDkj.exe
  2⤵
  PID:10228
- C:\Windows\System\FmdRmQs.exe
  C:\Windows\System\FmdRmQs.exe
  2⤵
  PID:9248
- C:\Windows\System\hNmimbM.exe
  C:\Windows\System\hNmimbM.exe
  2⤵
  PID:9060
- C:\Windows\System\bZPiPQn.exe
  C:\Windows\System\bZPiPQn.exe
  2⤵
  PID:9340
- C:\Windows\System\EYIsLRa.exe
  C:\Windows\System\EYIsLRa.exe
  2⤵
  PID:9460
- C:\Windows\System\EpAFODR.exe
  C:\Windows\System\EpAFODR.exe
  2⤵
  PID:8728
- C:\Windows\System\oaGnRgd.exe
  C:\Windows\System\oaGnRgd.exe
  2⤵
  PID:8388
- C:\Windows\System\GctAtcV.exe
  C:\Windows\System\GctAtcV.exe
  2⤵
  PID:9492
- C:\Windows\System\sLaPHIG.exe
  C:\Windows\System\sLaPHIG.exe
  2⤵
  PID:9476
- C:\Windows\System\dvtAUXv.exe
  C:\Windows\System\dvtAUXv.exe
  2⤵
  PID:9536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BjDLktt.exe

Filesize
6.0MB

MD5
528de5852e8cedfe3405809d0b71d2c7

SHA1
ab11391eb518d15896cace3d320ceb5cf3ba5460

SHA256
9e5b53ea4f82c4b897248c6f18d2f62ddf14837d06added58b248b39166449b2

SHA512
7471a2cff9cf2342b41dea031f3823849c38b16f763cde37874db57348f02605ca5812e9fc5a06516e22e1e9354815b4d061a25a5c25f2ec77cfd5a14a21053a

Download Submit
C:\Windows\system\CGlCVem.exe

Filesize
6.0MB

MD5
166867ce029a42916ce1229f8de9646c

SHA1
3564d3cf3885545ed367864dcd581c007d7cabd7

SHA256
004815ed82ff0b4bfc4722d35967db03164ec2e79467c17056f221ab2d814941

SHA512
0b94659355048b1037a9daf171d2105fe6b2c020b005c19afc5a6e7790ad48ad57cb7387d44ddf19c9c99bdca18dd4158d15ba5252a29f2d988f2de2462ebfe5

Download Submit
C:\Windows\system\EmutBgI.exe

Filesize
6.0MB

MD5
4cdcba129fe7bc54c0e74be775a2b207

SHA1
ec469c5f9b7cec481390c98ab4d722b3d19c1959

SHA256
835734205f60516674dd390796f6d1d7d1bb53db01b3e891071d06ac8dbe2e78

SHA512
ab3aefa65d9d53ac7648a6f0cf1560578a49319180b04bd3377a55438edde3166e8a8f59582dad866b66160f2d333a94277eeeb355cb36d3a49a93e34db44048

Download Submit
C:\Windows\system\GMhhptp.exe

Filesize
6.0MB

MD5
31f4b9ce35782f53c2ea081c9070ab57

SHA1
76da509e1860f5f01431a88b0b34259b241f83a5

SHA256
8c3f6d9114df6f3b017950ab2efa4ce1ba4464763501b73803315754c473fe6e

SHA512
dc1480a0ca6ce1a407fee9899727a5e2a11b2028ec20f10fd2c01a0ebf47935d6b332b2f3e84c6dc32f1c540925f07d7aaef863dcf067afe44d9cfbf3972b921

Download Submit
C:\Windows\system\IWieHdl.exe

Filesize
6.0MB

MD5
5d3028bbe4af7d72beb109fd3b25ec00

SHA1
3a79a628ce3b8161e45677ad550f98ba3cf8a5e6

SHA256
93419ea2463a5e21aacacf7574e70bc270060a743a61c7e11a1d3f70c001e10e

SHA512
bbf679deb9a037c2a87191607572f48981e5d67aecaa8db384e3fa28d297d2dc934f7353025db703a4b7df4eb5c2d4cf8b5551e2ccb96400e597402d7d1ebf08

Download Submit
C:\Windows\system\ImChyQG.exe

Filesize
6.0MB

MD5
93f1395434a57ef8fdc0bffdc3435aa5

SHA1
a66564026c5c86531974103ec9c8119b170a7193

SHA256
86d34bf61d0db3fd9daad1e94f066918b0e102f0feacda2b385cfd4655393b61

SHA512
a2d257b1ad1c819d8a6e7885d1130d7ec9f0a4d0b7b0e2b07702f24e9758faa025397c601c704a6eec3cc00a7758b72b17c3b091caee8daa10335e5c627480e6

Download Submit
C:\Windows\system\JWokgbm.exe

Filesize
6.0MB

MD5
9da3b8c4ab9743ede0541417aa6c7d97

SHA1
7cc833040c4cb55805b9b14bcd101cd038b57f96

SHA256
15bb257451bd72f493b8ae580dbd19f8d8781435fe7bae8079963a0547994c0d

SHA512
258ea05e2485f7cd8297e997d21b62d8b723e5bc5d17b68b09adcfa3800187e7bef78408b9f607464f2602436647ae77c60e0c80b9d61d93571af346167a8f9a

Download Submit
C:\Windows\system\JikTQuv.exe

Filesize
6.0MB

MD5
e87600051f15faa655d272fe4d2c033e

SHA1
df666f8e18b9d8d09862c10a6a5b0b45b9db0ace

SHA256
57d219c572e9a77310109415c4712d5353f5daeecfaf406f7db3083cf32d7b90

SHA512
f8d91d2b4714cb2bd9aba9f7a87aeba0247fcb1a61f299b9713963d00ec664bcae4ca060e83c680516e8046bd004a8d7a2223c6f19bdf7de18101b3ddb3e5d8c

Download Submit
C:\Windows\system\KxtNCZm.exe

Filesize
6.0MB

MD5
f74a6713c063612ce4482065b6ac9898

SHA1
c92175a3dd257fea4e09c8d94f90e819c2bb8e4c

SHA256
bf65ef21828c491d80916cf1fd4b7eb8b6b9e733e2826c17c744b237f224e888

SHA512
ef4c10cc4cdf21b28ae84a483f26241f1dc9a2643d4a5ed2079ce86704889165264acb99eaa3f2f38555d641914ac0366a27000c7f9785a85fc9ba23014cd70d

Download Submit
C:\Windows\system\LEWUwtc.exe

Filesize
6.0MB

MD5
781ff04921cb931b2ad8755c1d60c3d5

SHA1
27e8539bd76f5a604ece6b0c1ec8c52ba7e3e61c

SHA256
62a8114ca0c37b63e8bd21d6a9fedc6410b38b78eb9ccf36b5db8bc6e1862e3b

SHA512
a4fdae1e83388e2c5a526a8eb31529c4977b68117d32f390b8a1bce5d40c99f404c13e10002ebd9bd2066a4d04afcab2a017430099e8439a59f06b8603eacc16

Download Submit
C:\Windows\system\LslunwP.exe

Filesize
6.0MB

MD5
34510134ffbd520f31f2a87c15c278a1

SHA1
be6528c6f33ded94da535c193f24cb8d32295dbd

SHA256
556474e397682f8e262dee2ac905c863d64ff015ade333695c13be2a6747484a

SHA512
c066c3ba21f648fc1f6cd88e1dfa274caad0fa37c406bddebc00e283ade2cda9ef7af92a0fde78c4868b26597b76f4b5acd351c8fb529af48927e8bad24bea94

Download Submit
C:\Windows\system\PvryFbT.exe

Filesize
6.0MB

MD5
60b9b7accf2c000cbd2c8694949ad1e8

SHA1
d27f1df094084a892f1e902158d3134473bba2cd

SHA256
b1b50f4e39046762dec4969064d1a2aee426bab7348a949e94ae861996ca5725

SHA512
6faa21ca9bd4c00f8edc0b1e7bb0565b6825706f8a7d4cb0ea50982642cd40f769724722024231cf90f9acb12ff88ddeb450530249bca1149dfecdbfbf0248fe

Download Submit
C:\Windows\system\WmbWHuK.exe

Filesize
6.0MB

MD5
727383f7eaf722d5237ccd29e4291673

SHA1
9e16ceaf20be2bf6834c2cbed1f62b77d79d4bc2

SHA256
48b4635c1719d62f7bbaab73bd82ac5d89bc1a49ec6efba9eaf9d115d2727789

SHA512
5c2dcae7b7797f00868212f5b5976df87d45872e3272f75cbeb162e3932d34d79a8b53071fb8a9a640210b98a9f8e0a4d723d67955c921762f30831df2bf741e

Download Submit
C:\Windows\system\YNhgNVd.exe

Filesize
6.0MB

MD5
592f7358ec522c9e456b4f921881768d

SHA1
d34f325fc9c9633989cda59849038f244b10a53b

SHA256
5fc9bec14d046397d7318f49359d48a54dec851f0cbf764618c51bb67e1464c7

SHA512
cec7fe4ff8dc04b72d81600c9febac20aa5b2aff5a911e48f4f786f75ab90b9a28ebff57ae00ef7f17c0f7e989586cf769249902bfe3d7fff0cd79bec8db3dc5

Download Submit
C:\Windows\system\cVBrZOr.exe

Filesize
6.0MB

MD5
830e91a93230dc42e62db0822ee63b72

SHA1
884cfa4542fa53c4bac551e4d729596901c8d91d

SHA256
52770302b3d00f68afc36437c61dbcc2aa47493207a11bc7b6e55da53bb71817

SHA512
3b679fa8fa0c84033739231b99bb4074b635c4b8d3caa9d5b1b82a4ed555d2d4372835c2d13dd05c09362c0a7b3f7f123493debdffa9714f7e6b47e143a98bfd

Download Submit
C:\Windows\system\cjKXSzX.exe

Filesize
6.0MB

MD5
cca459b82614656be1481e4be012e3f5

SHA1
f01b8be420044b9c5bdc40e51d165c3c03bbb253

SHA256
74c4cfc69d33d8f7e08b21f9feb37d5c0f4af39714442e8797965306346ae29a

SHA512
1a17954d10997b631e14b08d4c663aa090168f1df6ffa3362b923f9d2c8cae011c7cfa8567089271b288fe405f3311da5e507d746356403e44b6dde5c3295d4f

Download Submit
C:\Windows\system\hzgqFIp.exe

Filesize
6.0MB

MD5
b93006e223e8223cff4df8d20e21f2b6

SHA1
53f466db147514bb7f7247919a0bd628c68ac574

SHA256
3b70cf099ae54290ab5463252e5a6332d27477dbb2f8dbda4e5372be7fa159f0

SHA512
21225fe2d80490e41dc6183f3298eef34826349c59c311ed1889c6762826001cb4d5e6e89072d5dbb25174aa0dd4eae18c84a7198cbeafada5db241675296a52

Download Submit
C:\Windows\system\kTFikKX.exe

Filesize
6.0MB

MD5
90eda4a1c121e21d4f93cd5da4add2fa

SHA1
6f1fb6ba76ffbec71d115792fdf7e05c08fd458a

SHA256
7da01799feac87995087198082006ad106b824f6cf4c83cfe56355c4fe059eff

SHA512
85452b69e195aff7c9e9fc92c2c2c28b8a3546219e198a793d8c5aaf4db01611c0b72109ab665ffd319e114aea8f1b0e61c7440a1ba993031c3ea9b53570ab3c

Download Submit
C:\Windows\system\mWnVlKb.exe

Filesize
6.0MB

MD5
314dbf439a99cc237933a6c0544b59b4

SHA1
3e4d16cf227f2077edba64771f23124301bfffbe

SHA256
5cd347f227a9daf44bc08c8657236dfe07c5e646ac6ab630fedafa80be7a6dc6

SHA512
0ad1bd4620ae22ecb3591e0b906df7f0499f057a298497c864ab38ce2ed9aa1723da3866a71875f65977a3ad4ad895996bb1ef2f19469760b8a2a7de16d50874

Download Submit
C:\Windows\system\ntAlTII.exe

Filesize
6.0MB

MD5
8fc60c9ca9568d31e1fed52f2c084316

SHA1
df05723b0bae3de0c41e742afb6e32f8e5ba9f3b

SHA256
5b796428a7735ea822d340fb6b8bbc59bf64f1b48a5b9c717e6d21ad568536e7

SHA512
cd636d1840f2fc555986c61f83ff84358e5163e247a1f230e4cbd82db33eff8fc846e89027648662c5b2240d1ad6afba84c434c8fefc74e62f6db60129b22ccc

Download Submit
C:\Windows\system\oBWIDBs.exe

Filesize
6.0MB

MD5
6c10a87928da40a991cebd7377c1e13c

SHA1
5857711851dfa55691dc6d50c96ea7b83734ab68

SHA256
86fdf33373448ce41d6f6d27162f671a6ec5a61648510af18658d3641407f1d9

SHA512
489ae5e2ef5dd9b1255b6d58e7f374a6b9e905457f9964af57dd8c671b563713f73b1504cefbfceae4403da6a53e24f8c089a465564efdc1124ff70d69a3afb1

Download Submit
C:\Windows\system\tYgklkA.exe

Filesize
6.0MB

MD5
1298ff17b20371d1aa104d6e77ca8f5d

SHA1
670f2e197af384f72356044ab7bddf0c6a11495e

SHA256
c4d9e2df51442c41afc49a9ac91370c0b1e0010c6a3a1f680835a53b39987992

SHA512
795d9482871353b474e68a2040b88444dc6f29df338631fd7e1146aad3da896883e903e7ed5024f921c10ce2eb1008c590e3d2984a2ba20432d1a5cce969671c

Download Submit
C:\Windows\system\wiceHIR.exe

Filesize
6.0MB

MD5
3931d85aa4ad028fbc77bf8e0bfea427

SHA1
770ee75c6048a14f31a39f6be8648a5b147cb93f

SHA256
8686be851e127a29e63cd247075ff0ea2d0c5bfb157e1abc8eaef81f6c7e83e6

SHA512
2f48af439801578e8a0b092a7e72ee5719c3e9adee0a7651870ff20a161efd81a1a5fbddcf9ed7968cfed21517787fec02fcdecad439220712b0f71912f6959a

Download Submit
C:\Windows\system\xkxPPPY.exe

Filesize
6.0MB

MD5
065ff60817d80607bb8c4967a6e1bb3b

SHA1
80fee595d35a4d26f24dd40cbe8ff43b44bf1351

SHA256
0f64198f8933069386b5dab1a555e4f37e20e98e91a9864f713968418db2d351

SHA512
a86292d328e99d39825d9370b3ad9a05b41df978e0febadd707e9422daeeb69924d6a3d450c9bbcaac9044d5e0911571cba11b3f9306a96bc03535536d552ffd

Download Submit
\Windows\system\EoLpnPI.exe

Filesize
6.0MB

MD5
c8f5d7302dd0a16fa3d146e199ab2445

SHA1
f73289e154ab64f58093909157c9016588466056

SHA256
3dac85f0b9903277a37cbb86b757d5f0b6bf2906395ad4b6aeb599b7fa6790ce

SHA512
48a84764804d298315c0ca6795b4d23ee230f8fd450955dc4082d96f96261a58247d286e6c26c1c5e841b56ddfac730552da0740277fa1d6a98727f370bb01d0

Download Submit
\Windows\system\EqhCRkB.exe

Filesize
6.0MB

MD5
b8473e174b8b8bd20f4e75b2ae8dbfc1

SHA1
9eadc385c81830a0fa7ca79e970f01ea4602724b

SHA256
4f6e2350a4ca773f77ccd4a58342c0f89ae0aa29615550be5e654911000cdf6f

SHA512
88f7ce523b1deb4180490592865eebdfab52f5d0396b7054ab8711176b07deced565cc43331672547602b154d9c812d03b1a66dae1112b4cfa296ba1b3d2acf3

Download Submit
\Windows\system\HFUVzqW.exe

Filesize
6.0MB

MD5
0134b760c9c53802634a2ff03e9421a0

SHA1
843172b2f9b2c85cf078c9c3c2c91d796b145aed

SHA256
98e642822ad03f7e80d976a905097422a9c2090590ef18911b44a1938b91eed8

SHA512
4062f4724e1acc854faa3e3425ae13461bb305fbba028deb38a7bafafb8ceb0aaebb444b485fb63015449f7b5caa6db0fdcd5730931c9cb28870990283256932

Download Submit
\Windows\system\UBOorGl.exe

Filesize
6.0MB

MD5
259906c4fab42ed40e6a8837132a5081

SHA1
c7fc4a6237a795138a1cafe0c21dcc60f90434e7

SHA256
80781df8352a590f5a652309da5a9ab36758624b0433bf336f0217349d52e826

SHA512
9bff2bfdabe48c56af26b0bac78cc1ddb768035e2339f68fb225178bedc2cadabf0c5742ede90a0b75fdb9299e58a91d1a5d9d184c29ce3343e0617ec56e2f72

Download Submit
\Windows\system\ZNompfj.exe

Filesize
6.0MB

MD5
58ab3c1f75eb12c1103270dea2b86e06

SHA1
2b8dff1158b38d7c54a0f8bccdd0c2674271cf2f

SHA256
f6bfd1bf8f007449d05e441c9b53e63bbe030e599e4c20cea84b2e0566ab05ac

SHA512
c4888ed3acea344a55f8b11d0876275cdc6262cb879f0ad99bdcd96ebb3be38615ef819d647c9248d74dc6f54e582bccf42eafddcbd7d5fc1957f742f2deee78

Download Submit
\Windows\system\eqWziwq.exe

Filesize
6.0MB

MD5
1fe15f983b4c7373d0a4f6bd7a9511e2

SHA1
4270aafcdc776b60222c7db68e45117be0c7c2ac

SHA256
9b4df8aec134366c0fd00f2c892bfec4da8c4101598a53dd72e5abff9c624a85

SHA512
9fc977335da88d07f18e3f888bdded95ff100aeb88f162d0f5c5c93326bce641869c192aa4f5f6cb448ecb3ce8ced55e986de333bc074e84219221b8c120c1dd

Download Submit
\Windows\system\fednHoj.exe

Filesize
6.0MB

MD5
3818e8a2927c0a5af2816bdf956aca80

SHA1
e2bee54fcb44c097c15c19a45254f8c763d271a0

SHA256
ee19d2704722f18392cfa759628f3892d0315b8baeb7b1252626e64c49817ca6

SHA512
20390c5067c72b443eadb6c087ff972c512e18657bc59319ff7cde590dec5048a0e142f2fd1974ee3bdeb12b06f258e09b2ece59ef9367ca5b23729c8bd7616c

Download Submit
\Windows\system\jtYurPZ.exe

Filesize
6.0MB

MD5
74da223c2f0d02f089c703e87bc6fb45

SHA1
2ffbd22c35db8e9fda3e181adb4e2b9ccf5d99e2

SHA256
f10c563a378722af7733b1f838abdae578edc71a9b85caa1a3497ada09bf84c0

SHA512
4d2a929baa069c8d5d9a2dce0972bc01125487fbe5fb6ce64de30ce90095924f33f18a9ca3d726811ead896a13c4a04bcbdeb1c9782c3e32df7db73d34a5f6d4

Download Submit
memory/2052-3499-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2052-21-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2052-755-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2104-3502-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2104-30-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2360-26-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-871-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-3501-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-100-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2452-3500-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-51-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-104-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2548-980-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2548-69-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2548-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2548-98-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-110-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2548-109-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2548-660-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2548-108-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2548-28-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2548-106-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2548-105-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2548-36-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2548-103-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2548-102-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2548-872-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2548-77-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-76-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2548-661-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2548-111-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2548-981-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2548-56-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2548-757-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2548-0-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2616-92-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3706-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3503-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2680-45-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2752-61-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3710-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-761-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2768-81-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3701-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2788-57-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3704-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2848-107-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3705-0x000000013F4A0000-0x000000013F7F4000-memory.dmp

Filesize
3.3MB

Download