cobaltstrike | 0c0359b98d2a054aa35db96d49f2a72d60b4e39e7e7e644b2582a8d4d9d7b5ba

Analysis

max time kernel
152s
max time network
33s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

51bc98e936dd17a6177173bb3b6a1535
SHA1

1bc05d8dd47a9af5027de84bce866846b96ea471
SHA256

0c0359b98d2a054aa35db96d49f2a72d60b4e39e7e7e644b2582a8d4d9d7b5ba
SHA512

ca122032017cfd5d9c74627c3db88f4894d5d18eb73275ced77a70bfc67f4f2db7e26867ce17c016deb53114dc07d4b17119cd888f12b355e5f8c4cc90e070a6
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUe:T+q56utgpPF8u/7e

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012264-3.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756e-13.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-12.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bb-23.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000016fc9-32.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c3-39.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b28-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b05-51.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b8-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-121.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-200.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-82.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b50-66.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2808-0-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012264-3.dat	xmrig
behavioral1/files/0x000900000001756e-13.dat	xmrig
behavioral1/files/0x0002000000018334-12.dat	xmrig
behavioral1/memory/2860-11-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2808-7-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2844-22-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2996-19-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x00060000000186bb-23.dat	xmrig
behavioral1/memory/2808-24-0x0000000002480000-0x00000000027D4000-memory.dmp	xmrig
behavioral1/memory/2136-30-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2808-31-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x0014000000016fc9-32.dat	xmrig
behavioral1/memory/2764-38-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x00060000000186c3-39.dat	xmrig
behavioral1/memory/2736-44-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2996-40-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b28-55.dat	xmrig
behavioral1/memory/2136-60-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2600-52-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b05-51.dat	xmrig
behavioral1/memory/2808-49-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2764-71-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/files/0x00070000000193b8-74.dat	xmrig
behavioral1/memory/2808-75-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/1576-68-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-85.dat	xmrig
behavioral1/memory/2308-91-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/968-83-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-103.dat	xmrig
behavioral1/memory/1576-107-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1616-99-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x00050000000197fd-121.dat	xmrig
behavioral1/files/0x0005000000019bf5-139.dat	xmrig
behavioral1/files/0x0005000000019bf6-143.dat	xmrig
behavioral1/files/0x0005000000019d61-160.dat	xmrig
behavioral1/files/0x0005000000019d6d-169.dat	xmrig
behavioral1/files/0x0005000000019fdd-182.dat	xmrig
behavioral1/files/0x000500000001a0b6-200.dat	xmrig
behavioral1/files/0x000500000001a049-195.dat	xmrig
behavioral1/memory/968-203-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2308-224-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/2136-1536-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2844-1537-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2860-1504-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2996-1470-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/3036-308-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2900-237-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a03c-190.dat	xmrig
behavioral1/files/0x0005000000019fd4-179.dat	xmrig
behavioral1/files/0x0005000000019e92-174.dat	xmrig
behavioral1/files/0x0005000000019d62-164.dat	xmrig
behavioral1/files/0x0005000000019c3c-154.dat	xmrig
behavioral1/files/0x0005000000019bf9-149.dat	xmrig
behavioral1/memory/2812-146-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000500000001998d-133.dat	xmrig
behavioral1/files/0x0005000000019820-128.dat	xmrig
behavioral1/files/0x000500000001975a-113.dat	xmrig
behavioral1/files/0x0005000000019761-118.dat	xmrig
behavioral1/memory/2900-100-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-98.dat	xmrig
behavioral1/memory/3036-108-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-82.dat	xmrig
behavioral1/memory/2808-79-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2860	pGXstoC.exe
2996	JEfKhOh.exe
2844	ZSkuhuE.exe
2136	vDHlssL.exe
2764	WogbPjP.exe
2736	KPkLJcn.exe
2600	Yesieha.exe
1616	XXYBLiR.exe
1576	HFqGuJN.exe
2812	FgPQkDC.exe
968	FWHBgUt.exe
2308	flxUCsT.exe
2900	LaKXZcL.exe
3036	qvXHlSS.exe
1360	BIUYVkr.exe
892	VEVwsDj.exe
2504	oyvZfoF.exe
1636	EdIyWcV.exe
632	ROhijoD.exe
1820	LmpEaIL.exe
2480	eHVVeNC.exe
2128	GRhHvFi.exe
2144	rySKXae.exe
2084	AqOqNvJ.exe
1732	BBRzDOr.exe
2684	omsXDbO.exe
528	JmrFFiW.exe
1956	vbYZsiT.exe
824	jRStRRY.exe
1872	kYJSyCJ.exe
1272	FbriTBj.exe
1480	JwLXiMa.exe
1512	khClfHo.exe
1916	xoLjDJR.exe
964	jGydcIV.exe
1364	MooXAFz.exe
1020	mzbiVqC.exe
1040	efhQOjt.exe
2164	oMESWUT.exe
1384	gHHVpJg.exe
2008	BtmnkVU.exe
1816	imtWXpN.exe
2344	fWXyfcR.exe
2624	xGoHfyN.exe
1716	mjZVamU.exe
864	nNJNrzM.exe
2424	GlIOMSv.exe
1536	XOnnQKb.exe
1668	eTBlFXR.exe
2976	VhwExnC.exe
2724	ByCrxSD.exe
1528	wredbFf.exe
3004	aeVSuJK.exe
3020	EfhDQCn.exe
2696	bhqEPam.exe
2268	lOIDpNK.exe
752	wUDHFOf.exe
2088	YrnSylM.exe
2920	aLccNXT.exe
2416	uMRHvfW.exe
2628	OdIYTHz.exe
1952	ILCtIMD.exe
2100	prWqXaF.exe
1088	HXLJPwb.exe

Loads dropped DLL 64 IoCs

pid	Process
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2808-0-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x000c000000012264-3.dat	upx
behavioral1/files/0x000900000001756e-13.dat	upx
behavioral1/files/0x0002000000018334-12.dat	upx
behavioral1/memory/2860-11-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2844-22-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2996-19-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x00060000000186bb-23.dat	upx
behavioral1/memory/2136-30-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2808-31-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x0014000000016fc9-32.dat	upx
behavioral1/memory/2764-38-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x00060000000186c3-39.dat	upx
behavioral1/memory/2736-44-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2996-40-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x0008000000018b28-55.dat	upx
behavioral1/memory/2136-60-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2600-52-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0007000000018b05-51.dat	upx
behavioral1/memory/2764-71-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/files/0x00070000000193b8-74.dat	upx
behavioral1/memory/1576-68-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-85.dat	upx
behavioral1/memory/2308-91-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/968-83-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0005000000019643-103.dat	upx
behavioral1/memory/1576-107-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1616-99-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x00050000000197fd-121.dat	upx
behavioral1/files/0x0005000000019bf5-139.dat	upx
behavioral1/files/0x0005000000019bf6-143.dat	upx
behavioral1/files/0x0005000000019d61-160.dat	upx
behavioral1/files/0x0005000000019d6d-169.dat	upx
behavioral1/files/0x0005000000019fdd-182.dat	upx
behavioral1/files/0x000500000001a0b6-200.dat	upx
behavioral1/files/0x000500000001a049-195.dat	upx
behavioral1/memory/968-203-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2308-224-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/2136-1536-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2844-1537-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2860-1504-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2996-1470-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/3036-308-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2900-237-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x000500000001a03c-190.dat	upx
behavioral1/files/0x0005000000019fd4-179.dat	upx
behavioral1/files/0x0005000000019e92-174.dat	upx
behavioral1/files/0x0005000000019d62-164.dat	upx
behavioral1/files/0x0005000000019c3c-154.dat	upx
behavioral1/files/0x0005000000019bf9-149.dat	upx
behavioral1/memory/2812-146-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000500000001998d-133.dat	upx
behavioral1/files/0x0005000000019820-128.dat	upx
behavioral1/files/0x000500000001975a-113.dat	upx
behavioral1/files/0x0005000000019761-118.dat	upx
behavioral1/memory/2900-100-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x000500000001960c-98.dat	upx
behavioral1/memory/3036-108-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x00050000000195c6-82.dat	upx
behavioral1/memory/2736-78-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2600-90-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0008000000018b50-66.dat	upx
behavioral1/memory/2844-48-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2736-1538-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xGVAvFf.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpUbfsG.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CMIAkua.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBGjazA.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSmDJEB.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHNuJsO.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvdmrmY.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHkrxeA.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFGtNQE.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZBhxgfN.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFGecJa.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EXaLwkA.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzRYwrg.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyAvlqc.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdXmIqz.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLriZhq.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsSyKbG.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\euxdmwS.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SjVTXWY.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FbIBmld.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjlCHrR.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heckrPQ.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycTRLWX.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIaguSj.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcNeLIm.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKWMBMV.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUfKxTO.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQZDRPf.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHZPcsu.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDKmkBa.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWySYaQ.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xceaUyV.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isTxibl.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tuXJyaH.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxMQgvp.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYJSyCJ.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JwANafN.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgGuYqe.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFdBuCT.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jydaVlL.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XleFMKi.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zgVpKfX.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IscfVQe.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bEdbvkf.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\liZwmil.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsdtHhP.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YHuKiGo.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cUKaXHg.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FraonQE.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlPuusk.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQzGTCF.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KliVKaR.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwvgzRW.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DwUfFSw.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grdglQp.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCFfxZB.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivTBDxg.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWzbriN.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miJsvcK.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FVJSnMA.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lwWdSwh.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hxnBEYB.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jPvAkJP.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZbTZVN.exe	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2860	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2808 wrote to memory of 2860	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2808 wrote to memory of 2860	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2808 wrote to memory of 2996	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2808 wrote to memory of 2996	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2808 wrote to memory of 2996	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2808 wrote to memory of 2844	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2808 wrote to memory of 2844	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2808 wrote to memory of 2844	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2808 wrote to memory of 2136	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2808 wrote to memory of 2136	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2808 wrote to memory of 2136	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2808 wrote to memory of 2764	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2808 wrote to memory of 2764	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2808 wrote to memory of 2764	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2808 wrote to memory of 2736	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2808 wrote to memory of 2736	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2808 wrote to memory of 2736	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2808 wrote to memory of 2600	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2808 wrote to memory of 2600	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2808 wrote to memory of 2600	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2808 wrote to memory of 1616	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2808 wrote to memory of 1616	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2808 wrote to memory of 1616	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2808 wrote to memory of 1576	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2808 wrote to memory of 1576	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2808 wrote to memory of 1576	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2808 wrote to memory of 2812	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2808 wrote to memory of 2812	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2808 wrote to memory of 2812	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2808 wrote to memory of 968	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2808 wrote to memory of 968	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2808 wrote to memory of 968	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2808 wrote to memory of 2308	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2808 wrote to memory of 2308	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2808 wrote to memory of 2308	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2808 wrote to memory of 2900	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2808 wrote to memory of 2900	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2808 wrote to memory of 2900	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2808 wrote to memory of 3036	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2808 wrote to memory of 3036	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2808 wrote to memory of 3036	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2808 wrote to memory of 1360	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2808 wrote to memory of 1360	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2808 wrote to memory of 1360	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2808 wrote to memory of 892	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2808 wrote to memory of 892	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2808 wrote to memory of 892	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2808 wrote to memory of 2504	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2808 wrote to memory of 2504	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2808 wrote to memory of 2504	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2808 wrote to memory of 1636	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2808 wrote to memory of 1636	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2808 wrote to memory of 1636	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2808 wrote to memory of 632	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2808 wrote to memory of 632	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2808 wrote to memory of 632	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2808 wrote to memory of 1820	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2808 wrote to memory of 1820	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2808 wrote to memory of 1820	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2808 wrote to memory of 2480	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2808 wrote to memory of 2480	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2808 wrote to memory of 2480	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2808 wrote to memory of 2128	2808	2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_51bc98e936dd17a6177173bb3b6a1535_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\System\pGXstoC.exe
  C:\Windows\System\pGXstoC.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\JEfKhOh.exe
  C:\Windows\System\JEfKhOh.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\ZSkuhuE.exe
  C:\Windows\System\ZSkuhuE.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\vDHlssL.exe
  C:\Windows\System\vDHlssL.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\WogbPjP.exe
  C:\Windows\System\WogbPjP.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\KPkLJcn.exe
  C:\Windows\System\KPkLJcn.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\Yesieha.exe
  C:\Windows\System\Yesieha.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\XXYBLiR.exe
  C:\Windows\System\XXYBLiR.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\HFqGuJN.exe
  C:\Windows\System\HFqGuJN.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\FgPQkDC.exe
  C:\Windows\System\FgPQkDC.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\FWHBgUt.exe
  C:\Windows\System\FWHBgUt.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\flxUCsT.exe
  C:\Windows\System\flxUCsT.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\LaKXZcL.exe
  C:\Windows\System\LaKXZcL.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\qvXHlSS.exe
  C:\Windows\System\qvXHlSS.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\BIUYVkr.exe
  C:\Windows\System\BIUYVkr.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\VEVwsDj.exe
  C:\Windows\System\VEVwsDj.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\oyvZfoF.exe
  C:\Windows\System\oyvZfoF.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\EdIyWcV.exe
  C:\Windows\System\EdIyWcV.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\ROhijoD.exe
  C:\Windows\System\ROhijoD.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\LmpEaIL.exe
  C:\Windows\System\LmpEaIL.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\eHVVeNC.exe
  C:\Windows\System\eHVVeNC.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\GRhHvFi.exe
  C:\Windows\System\GRhHvFi.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\rySKXae.exe
  C:\Windows\System\rySKXae.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\AqOqNvJ.exe
  C:\Windows\System\AqOqNvJ.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\BBRzDOr.exe
  C:\Windows\System\BBRzDOr.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\omsXDbO.exe
  C:\Windows\System\omsXDbO.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\JmrFFiW.exe
  C:\Windows\System\JmrFFiW.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\vbYZsiT.exe
  C:\Windows\System\vbYZsiT.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\jRStRRY.exe
  C:\Windows\System\jRStRRY.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\kYJSyCJ.exe
  C:\Windows\System\kYJSyCJ.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\FbriTBj.exe
  C:\Windows\System\FbriTBj.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\JwLXiMa.exe
  C:\Windows\System\JwLXiMa.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\khClfHo.exe
  C:\Windows\System\khClfHo.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\xoLjDJR.exe
  C:\Windows\System\xoLjDJR.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\jGydcIV.exe
  C:\Windows\System\jGydcIV.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\MooXAFz.exe
  C:\Windows\System\MooXAFz.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\mzbiVqC.exe
  C:\Windows\System\mzbiVqC.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\efhQOjt.exe
  C:\Windows\System\efhQOjt.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\oMESWUT.exe
  C:\Windows\System\oMESWUT.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\gHHVpJg.exe
  C:\Windows\System\gHHVpJg.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\BtmnkVU.exe
  C:\Windows\System\BtmnkVU.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\imtWXpN.exe
  C:\Windows\System\imtWXpN.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\fWXyfcR.exe
  C:\Windows\System\fWXyfcR.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\xGoHfyN.exe
  C:\Windows\System\xGoHfyN.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\mjZVamU.exe
  C:\Windows\System\mjZVamU.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\nNJNrzM.exe
  C:\Windows\System\nNJNrzM.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\GlIOMSv.exe
  C:\Windows\System\GlIOMSv.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\XOnnQKb.exe
  C:\Windows\System\XOnnQKb.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\eTBlFXR.exe
  C:\Windows\System\eTBlFXR.exe
  2⤵
  - Executes dropped EXE
  PID:1668
- C:\Windows\System\VhwExnC.exe
  C:\Windows\System\VhwExnC.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\ByCrxSD.exe
  C:\Windows\System\ByCrxSD.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\wredbFf.exe
  C:\Windows\System\wredbFf.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\aeVSuJK.exe
  C:\Windows\System\aeVSuJK.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\EfhDQCn.exe
  C:\Windows\System\EfhDQCn.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\bhqEPam.exe
  C:\Windows\System\bhqEPam.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\lOIDpNK.exe
  C:\Windows\System\lOIDpNK.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\wUDHFOf.exe
  C:\Windows\System\wUDHFOf.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\YrnSylM.exe
  C:\Windows\System\YrnSylM.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\aLccNXT.exe
  C:\Windows\System\aLccNXT.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\uMRHvfW.exe
  C:\Windows\System\uMRHvfW.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\OdIYTHz.exe
  C:\Windows\System\OdIYTHz.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\ILCtIMD.exe
  C:\Windows\System\ILCtIMD.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\prWqXaF.exe
  C:\Windows\System\prWqXaF.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\HXLJPwb.exe
  C:\Windows\System\HXLJPwb.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\nDlRmyw.exe
  C:\Windows\System\nDlRmyw.exe
  2⤵
  PID:2464
- C:\Windows\System\bkiWBAl.exe
  C:\Windows\System\bkiWBAl.exe
  2⤵
  PID:2988
- C:\Windows\System\fqqjQdj.exe
  C:\Windows\System\fqqjQdj.exe
  2⤵
  PID:2160
- C:\Windows\System\XcBvuBG.exe
  C:\Windows\System\XcBvuBG.exe
  2⤵
  PID:2408
- C:\Windows\System\YpGyyUV.exe
  C:\Windows\System\YpGyyUV.exe
  2⤵
  PID:468
- C:\Windows\System\wEVoQgV.exe
  C:\Windows\System\wEVoQgV.exe
  2⤵
  PID:1688
- C:\Windows\System\zoTrvdx.exe
  C:\Windows\System\zoTrvdx.exe
  2⤵
  PID:600
- C:\Windows\System\gNmlmSd.exe
  C:\Windows\System\gNmlmSd.exe
  2⤵
  PID:2672
- C:\Windows\System\PdDMCqe.exe
  C:\Windows\System\PdDMCqe.exe
  2⤵
  PID:2384
- C:\Windows\System\tXtHsYt.exe
  C:\Windows\System\tXtHsYt.exe
  2⤵
  PID:1332
- C:\Windows\System\CinRqgq.exe
  C:\Windows\System\CinRqgq.exe
  2⤵
  PID:552
- C:\Windows\System\kmpvTuI.exe
  C:\Windows\System\kmpvTuI.exe
  2⤵
  PID:1656
- C:\Windows\System\efCVXIN.exe
  C:\Windows\System\efCVXIN.exe
  2⤵
  PID:540
- C:\Windows\System\NaneuJa.exe
  C:\Windows\System\NaneuJa.exe
  2⤵
  PID:1288
- C:\Windows\System\gedkCFf.exe
  C:\Windows\System\gedkCFf.exe
  2⤵
  PID:1056
- C:\Windows\System\PoIGpOw.exe
  C:\Windows\System\PoIGpOw.exe
  2⤵
  PID:2592
- C:\Windows\System\SyVqzbS.exe
  C:\Windows\System\SyVqzbS.exe
  2⤵
  PID:936
- C:\Windows\System\xOKCrcu.exe
  C:\Windows\System\xOKCrcu.exe
  2⤵
  PID:684
- C:\Windows\System\oswEpqR.exe
  C:\Windows\System\oswEpqR.exe
  2⤵
  PID:2656
- C:\Windows\System\ilcrxwX.exe
  C:\Windows\System\ilcrxwX.exe
  2⤵
  PID:2608
- C:\Windows\System\dzhXGSs.exe
  C:\Windows\System\dzhXGSs.exe
  2⤵
  PID:2820
- C:\Windows\System\sGCjFqz.exe
  C:\Windows\System\sGCjFqz.exe
  2⤵
  PID:2912
- C:\Windows\System\vkPsfIh.exe
  C:\Windows\System\vkPsfIh.exe
  2⤵
  PID:2876
- C:\Windows\System\AFPSRrL.exe
  C:\Windows\System\AFPSRrL.exe
  2⤵
  PID:3016
- C:\Windows\System\xRcwrsH.exe
  C:\Windows\System\xRcwrsH.exe
  2⤵
  PID:1128
- C:\Windows\System\MueTNqe.exe
  C:\Windows\System\MueTNqe.exe
  2⤵
  PID:3012
- C:\Windows\System\VYkrZop.exe
  C:\Windows\System\VYkrZop.exe
  2⤵
  PID:2756
- C:\Windows\System\exWFYVM.exe
  C:\Windows\System\exWFYVM.exe
  2⤵
  PID:1788
- C:\Windows\System\ZxBTEvs.exe
  C:\Windows\System\ZxBTEvs.exe
  2⤵
  PID:2320
- C:\Windows\System\XzhRnZJ.exe
  C:\Windows\System\XzhRnZJ.exe
  2⤵
  PID:2536
- C:\Windows\System\EuYsgDp.exe
  C:\Windows\System\EuYsgDp.exe
  2⤵
  PID:2520
- C:\Windows\System\cMTojDX.exe
  C:\Windows\System\cMTojDX.exe
  2⤵
  PID:2440
- C:\Windows\System\goSOXUS.exe
  C:\Windows\System\goSOXUS.exe
  2⤵
  PID:2456
- C:\Windows\System\OfigvzJ.exe
  C:\Windows\System\OfigvzJ.exe
  2⤵
  PID:1600
- C:\Windows\System\MhIDDjh.exe
  C:\Windows\System\MhIDDjh.exe
  2⤵
  PID:2468
- C:\Windows\System\ezQxWlW.exe
  C:\Windows\System\ezQxWlW.exe
  2⤵
  PID:764
- C:\Windows\System\ZxzNqdy.exe
  C:\Windows\System\ZxzNqdy.exe
  2⤵
  PID:2800
- C:\Windows\System\RJAlIGL.exe
  C:\Windows\System\RJAlIGL.exe
  2⤵
  PID:2604
- C:\Windows\System\jaktIBP.exe
  C:\Windows\System\jaktIBP.exe
  2⤵
  PID:2648
- C:\Windows\System\wMAStFN.exe
  C:\Windows\System\wMAStFN.exe
  2⤵
  PID:1752
- C:\Windows\System\cURjqrX.exe
  C:\Windows\System\cURjqrX.exe
  2⤵
  PID:2368
- C:\Windows\System\waJEtJK.exe
  C:\Windows\System\waJEtJK.exe
  2⤵
  PID:2276
- C:\Windows\System\NTZiXyV.exe
  C:\Windows\System\NTZiXyV.exe
  2⤵
  PID:2972
- C:\Windows\System\unRNBxA.exe
  C:\Windows\System\unRNBxA.exe
  2⤵
  PID:2436
- C:\Windows\System\QaRYQjq.exe
  C:\Windows\System\QaRYQjq.exe
  2⤵
  PID:2072
- C:\Windows\System\aHNXhrm.exe
  C:\Windows\System\aHNXhrm.exe
  2⤵
  PID:568
- C:\Windows\System\qtTGYGy.exe
  C:\Windows\System\qtTGYGy.exe
  2⤵
  PID:1704
- C:\Windows\System\hnbdLuO.exe
  C:\Windows\System\hnbdLuO.exe
  2⤵
  PID:2676
- C:\Windows\System\GequQYW.exe
  C:\Windows\System\GequQYW.exe
  2⤵
  PID:2196
- C:\Windows\System\kQVpmqY.exe
  C:\Windows\System\kQVpmqY.exe
  2⤵
  PID:2532
- C:\Windows\System\zDhOOES.exe
  C:\Windows\System\zDhOOES.exe
  2⤵
  PID:1428
- C:\Windows\System\UvcUOgO.exe
  C:\Windows\System\UvcUOgO.exe
  2⤵
  PID:2780
- C:\Windows\System\LLjrHoi.exe
  C:\Windows\System\LLjrHoi.exe
  2⤵
  PID:1336
- C:\Windows\System\IWonpKz.exe
  C:\Windows\System\IWonpKz.exe
  2⤵
  PID:1832
- C:\Windows\System\bsLvFBW.exe
  C:\Windows\System\bsLvFBW.exe
  2⤵
  PID:2348
- C:\Windows\System\wzUsOtg.exe
  C:\Windows\System\wzUsOtg.exe
  2⤵
  PID:1504
- C:\Windows\System\dofLKlV.exe
  C:\Windows\System\dofLKlV.exe
  2⤵
  PID:1568
- C:\Windows\System\NcCdSCo.exe
  C:\Windows\System\NcCdSCo.exe
  2⤵
  PID:1740
- C:\Windows\System\HZORvqN.exe
  C:\Windows\System\HZORvqN.exe
  2⤵
  PID:2980
- C:\Windows\System\JaXBszZ.exe
  C:\Windows\System\JaXBszZ.exe
  2⤵
  PID:2104
- C:\Windows\System\fkenKtz.exe
  C:\Windows\System\fkenKtz.exe
  2⤵
  PID:1944
- C:\Windows\System\gWfDqlY.exe
  C:\Windows\System\gWfDqlY.exe
  2⤵
  PID:1796
- C:\Windows\System\KzVJuTD.exe
  C:\Windows\System\KzVJuTD.exe
  2⤵
  PID:3092
- C:\Windows\System\HDRxGsa.exe
  C:\Windows\System\HDRxGsa.exe
  2⤵
  PID:3116
- C:\Windows\System\tYviSKF.exe
  C:\Windows\System\tYviSKF.exe
  2⤵
  PID:3136
- C:\Windows\System\rysRtqC.exe
  C:\Windows\System\rysRtqC.exe
  2⤵
  PID:3156
- C:\Windows\System\PDvyCIP.exe
  C:\Windows\System\PDvyCIP.exe
  2⤵
  PID:3176
- C:\Windows\System\EcfBrUg.exe
  C:\Windows\System\EcfBrUg.exe
  2⤵
  PID:3196
- C:\Windows\System\wvowhdH.exe
  C:\Windows\System\wvowhdH.exe
  2⤵
  PID:3216
- C:\Windows\System\GJuARbO.exe
  C:\Windows\System\GJuARbO.exe
  2⤵
  PID:3236
- C:\Windows\System\iVnxGjD.exe
  C:\Windows\System\iVnxGjD.exe
  2⤵
  PID:3256
- C:\Windows\System\EgjIJxT.exe
  C:\Windows\System\EgjIJxT.exe
  2⤵
  PID:3272
- C:\Windows\System\aoqyZNS.exe
  C:\Windows\System\aoqyZNS.exe
  2⤵
  PID:3292
- C:\Windows\System\AQLwgKY.exe
  C:\Windows\System\AQLwgKY.exe
  2⤵
  PID:3312
- C:\Windows\System\lLfVgfY.exe
  C:\Windows\System\lLfVgfY.exe
  2⤵
  PID:3336
- C:\Windows\System\GWzbriN.exe
  C:\Windows\System\GWzbriN.exe
  2⤵
  PID:3356
- C:\Windows\System\sIdSJls.exe
  C:\Windows\System\sIdSJls.exe
  2⤵
  PID:3376
- C:\Windows\System\HYzuthZ.exe
  C:\Windows\System\HYzuthZ.exe
  2⤵
  PID:3396
- C:\Windows\System\SlDUqFm.exe
  C:\Windows\System\SlDUqFm.exe
  2⤵
  PID:3416
- C:\Windows\System\HmJzmMZ.exe
  C:\Windows\System\HmJzmMZ.exe
  2⤵
  PID:3436
- C:\Windows\System\wXMmpTK.exe
  C:\Windows\System\wXMmpTK.exe
  2⤵
  PID:3456
- C:\Windows\System\vwIsfTA.exe
  C:\Windows\System\vwIsfTA.exe
  2⤵
  PID:3476
- C:\Windows\System\hPedywF.exe
  C:\Windows\System\hPedywF.exe
  2⤵
  PID:3496
- C:\Windows\System\MHNWCVa.exe
  C:\Windows\System\MHNWCVa.exe
  2⤵
  PID:3516
- C:\Windows\System\jAEvVfm.exe
  C:\Windows\System\jAEvVfm.exe
  2⤵
  PID:3536
- C:\Windows\System\tLYzckv.exe
  C:\Windows\System\tLYzckv.exe
  2⤵
  PID:3560
- C:\Windows\System\zrUOpzL.exe
  C:\Windows\System\zrUOpzL.exe
  2⤵
  PID:3580
- C:\Windows\System\WoCtyIK.exe
  C:\Windows\System\WoCtyIK.exe
  2⤵
  PID:3604
- C:\Windows\System\apoWmsL.exe
  C:\Windows\System\apoWmsL.exe
  2⤵
  PID:3624
- C:\Windows\System\qIzEvdU.exe
  C:\Windows\System\qIzEvdU.exe
  2⤵
  PID:3644
- C:\Windows\System\MPHfCRu.exe
  C:\Windows\System\MPHfCRu.exe
  2⤵
  PID:3664
- C:\Windows\System\QahxbCx.exe
  C:\Windows\System\QahxbCx.exe
  2⤵
  PID:3684
- C:\Windows\System\tkjfbsQ.exe
  C:\Windows\System\tkjfbsQ.exe
  2⤵
  PID:3704
- C:\Windows\System\aXbmyXc.exe
  C:\Windows\System\aXbmyXc.exe
  2⤵
  PID:3724
- C:\Windows\System\uIaguSj.exe
  C:\Windows\System\uIaguSj.exe
  2⤵
  PID:3744
- C:\Windows\System\SdnLEVI.exe
  C:\Windows\System\SdnLEVI.exe
  2⤵
  PID:3764
- C:\Windows\System\AuoUCXH.exe
  C:\Windows\System\AuoUCXH.exe
  2⤵
  PID:3784
- C:\Windows\System\FMsAbdD.exe
  C:\Windows\System\FMsAbdD.exe
  2⤵
  PID:3804
- C:\Windows\System\MZEYOpK.exe
  C:\Windows\System\MZEYOpK.exe
  2⤵
  PID:3824
- C:\Windows\System\dBBUOrA.exe
  C:\Windows\System\dBBUOrA.exe
  2⤵
  PID:3840
- C:\Windows\System\roKWwDH.exe
  C:\Windows\System\roKWwDH.exe
  2⤵
  PID:3864
- C:\Windows\System\RsYuczb.exe
  C:\Windows\System\RsYuczb.exe
  2⤵
  PID:3888
- C:\Windows\System\SHFioYT.exe
  C:\Windows\System\SHFioYT.exe
  2⤵
  PID:3908
- C:\Windows\System\zGheoEv.exe
  C:\Windows\System\zGheoEv.exe
  2⤵
  PID:3928
- C:\Windows\System\EzIjKPp.exe
  C:\Windows\System\EzIjKPp.exe
  2⤵
  PID:3948
- C:\Windows\System\cnEoEwY.exe
  C:\Windows\System\cnEoEwY.exe
  2⤵
  PID:3968
- C:\Windows\System\FiSJgji.exe
  C:\Windows\System\FiSJgji.exe
  2⤵
  PID:3988
- C:\Windows\System\UXIXJZL.exe
  C:\Windows\System\UXIXJZL.exe
  2⤵
  PID:4008
- C:\Windows\System\ZqrLmbu.exe
  C:\Windows\System\ZqrLmbu.exe
  2⤵
  PID:4032
- C:\Windows\System\QhiZlkz.exe
  C:\Windows\System\QhiZlkz.exe
  2⤵
  PID:4052
- C:\Windows\System\XJUnzER.exe
  C:\Windows\System\XJUnzER.exe
  2⤵
  PID:4072
- C:\Windows\System\qdmxmOp.exe
  C:\Windows\System\qdmxmOp.exe
  2⤵
  PID:4092
- C:\Windows\System\ekgbBHl.exe
  C:\Windows\System\ekgbBHl.exe
  2⤵
  PID:948
- C:\Windows\System\mpyYrlD.exe
  C:\Windows\System\mpyYrlD.exe
  2⤵
  PID:2884
- C:\Windows\System\XleFMKi.exe
  C:\Windows\System\XleFMKi.exe
  2⤵
  PID:2460
- C:\Windows\System\VLjYygl.exe
  C:\Windows\System\VLjYygl.exe
  2⤵
  PID:2984
- C:\Windows\System\paUHECM.exe
  C:\Windows\System\paUHECM.exe
  2⤵
  PID:2872
- C:\Windows\System\cAJPcnS.exe
  C:\Windows\System\cAJPcnS.exe
  2⤵
  PID:820
- C:\Windows\System\LKlAUOW.exe
  C:\Windows\System\LKlAUOW.exe
  2⤵
  PID:3088
- C:\Windows\System\luHkiWH.exe
  C:\Windows\System\luHkiWH.exe
  2⤵
  PID:3100
- C:\Windows\System\xwLHFGf.exe
  C:\Windows\System\xwLHFGf.exe
  2⤵
  PID:3172
- C:\Windows\System\YTpOnTY.exe
  C:\Windows\System\YTpOnTY.exe
  2⤵
  PID:3204
- C:\Windows\System\rtjIWqI.exe
  C:\Windows\System\rtjIWqI.exe
  2⤵
  PID:3192
- C:\Windows\System\kvnIkVf.exe
  C:\Windows\System\kvnIkVf.exe
  2⤵
  PID:3252
- C:\Windows\System\mJEhlSI.exe
  C:\Windows\System\mJEhlSI.exe
  2⤵
  PID:3264
- C:\Windows\System\npNiqjk.exe
  C:\Windows\System\npNiqjk.exe
  2⤵
  PID:3332
- C:\Windows\System\mDCFflZ.exe
  C:\Windows\System\mDCFflZ.exe
  2⤵
  PID:3344
- C:\Windows\System\RSGnhoO.exe
  C:\Windows\System\RSGnhoO.exe
  2⤵
  PID:3368
- C:\Windows\System\TokFknq.exe
  C:\Windows\System\TokFknq.exe
  2⤵
  PID:3412
- C:\Windows\System\RJSGZAA.exe
  C:\Windows\System\RJSGZAA.exe
  2⤵
  PID:3452
- C:\Windows\System\OmPEZGt.exe
  C:\Windows\System\OmPEZGt.exe
  2⤵
  PID:3492
- C:\Windows\System\IwjEWZR.exe
  C:\Windows\System\IwjEWZR.exe
  2⤵
  PID:3512
- C:\Windows\System\KvldBFu.exe
  C:\Windows\System\KvldBFu.exe
  2⤵
  PID:3576
- C:\Windows\System\bxxylGe.exe
  C:\Windows\System\bxxylGe.exe
  2⤵
  PID:3612
- C:\Windows\System\heckrPQ.exe
  C:\Windows\System\heckrPQ.exe
  2⤵
  PID:3616
- C:\Windows\System\VezNZQx.exe
  C:\Windows\System\VezNZQx.exe
  2⤵
  PID:3636
- C:\Windows\System\azGwdNC.exe
  C:\Windows\System\azGwdNC.exe
  2⤵
  PID:3676
- C:\Windows\System\dWUcsDl.exe
  C:\Windows\System\dWUcsDl.exe
  2⤵
  PID:3596
- C:\Windows\System\eaaPjKf.exe
  C:\Windows\System\eaaPjKf.exe
  2⤵
  PID:3760
- C:\Windows\System\MOGIovF.exe
  C:\Windows\System\MOGIovF.exe
  2⤵
  PID:3792
- C:\Windows\System\IkfuLJs.exe
  C:\Windows\System\IkfuLJs.exe
  2⤵
  PID:3816
- C:\Windows\System\NelLPLP.exe
  C:\Windows\System\NelLPLP.exe
  2⤵
  PID:3860
- C:\Windows\System\VCexkRk.exe
  C:\Windows\System\VCexkRk.exe
  2⤵
  PID:3900
- C:\Windows\System\xFiGfSL.exe
  C:\Windows\System\xFiGfSL.exe
  2⤵
  PID:3916
- C:\Windows\System\GXswpFh.exe
  C:\Windows\System\GXswpFh.exe
  2⤵
  PID:3944
- C:\Windows\System\QksJMJw.exe
  C:\Windows\System\QksJMJw.exe
  2⤵
  PID:264
- C:\Windows\System\IgfRMJF.exe
  C:\Windows\System\IgfRMJF.exe
  2⤵
  PID:2768
- C:\Windows\System\HlPuusk.exe
  C:\Windows\System\HlPuusk.exe
  2⤵
  PID:4000
- C:\Windows\System\XQnaADG.exe
  C:\Windows\System\XQnaADG.exe
  2⤵
  PID:4040
- C:\Windows\System\jnfzyUW.exe
  C:\Windows\System\jnfzyUW.exe
  2⤵
  PID:4020
- C:\Windows\System\rJzVSwr.exe
  C:\Windows\System\rJzVSwr.exe
  2⤵
  PID:2704
- C:\Windows\System\mupKmDd.exe
  C:\Windows\System\mupKmDd.exe
  2⤵
  PID:1936
- C:\Windows\System\XhJleez.exe
  C:\Windows\System\XhJleez.exe
  2⤵
  PID:2392
- C:\Windows\System\rwgFhgv.exe
  C:\Windows\System\rwgFhgv.exe
  2⤵
  PID:2224
- C:\Windows\System\BkmyGST.exe
  C:\Windows\System\BkmyGST.exe
  2⤵
  PID:2668
- C:\Windows\System\XHRusQB.exe
  C:\Windows\System\XHRusQB.exe
  2⤵
  PID:3164
- C:\Windows\System\jbkWeBG.exe
  C:\Windows\System\jbkWeBG.exe
  2⤵
  PID:3188
- C:\Windows\System\OhmfmGm.exe
  C:\Windows\System\OhmfmGm.exe
  2⤵
  PID:1032
- C:\Windows\System\dSWomgM.exe
  C:\Windows\System\dSWomgM.exe
  2⤵
  PID:3232
- C:\Windows\System\RMJhqij.exe
  C:\Windows\System\RMJhqij.exe
  2⤵
  PID:3320
- C:\Windows\System\kESPDHW.exe
  C:\Windows\System\kESPDHW.exe
  2⤵
  PID:3364
- C:\Windows\System\qKxHnji.exe
  C:\Windows\System\qKxHnji.exe
  2⤵
  PID:3444
- C:\Windows\System\aqQXsPg.exe
  C:\Windows\System\aqQXsPg.exe
  2⤵
  PID:3488
- C:\Windows\System\zLTnczx.exe
  C:\Windows\System\zLTnczx.exe
  2⤵
  PID:3528
- C:\Windows\System\qUkJRJV.exe
  C:\Windows\System\qUkJRJV.exe
  2⤵
  PID:3592
- C:\Windows\System\xGVAvFf.exe
  C:\Windows\System\xGVAvFf.exe
  2⤵
  PID:3640
- C:\Windows\System\ykuraJy.exe
  C:\Windows\System\ykuraJy.exe
  2⤵
  PID:2760
- C:\Windows\System\PuQZQPe.exe
  C:\Windows\System\PuQZQPe.exe
  2⤵
  PID:3772
- C:\Windows\System\AydQjAm.exe
  C:\Windows\System\AydQjAm.exe
  2⤵
  PID:3756
- C:\Windows\System\yueLufv.exe
  C:\Windows\System\yueLufv.exe
  2⤵
  PID:3856
- C:\Windows\System\LOaWIEM.exe
  C:\Windows\System\LOaWIEM.exe
  2⤵
  PID:2576
- C:\Windows\System\KLnCobh.exe
  C:\Windows\System\KLnCobh.exe
  2⤵
  PID:1476
- C:\Windows\System\YllHkPb.exe
  C:\Windows\System\YllHkPb.exe
  2⤵
  PID:3996
- C:\Windows\System\rPYQXuP.exe
  C:\Windows\System\rPYQXuP.exe
  2⤵
  PID:4004
- C:\Windows\System\wtmwYsH.exe
  C:\Windows\System\wtmwYsH.exe
  2⤵
  PID:4044
- C:\Windows\System\pugoCqO.exe
  C:\Windows\System\pugoCqO.exe
  2⤵
  PID:1700
- C:\Windows\System\vmudlgg.exe
  C:\Windows\System\vmudlgg.exe
  2⤵
  PID:3080
- C:\Windows\System\pYqGMnX.exe
  C:\Windows\System\pYqGMnX.exe
  2⤵
  PID:3064
- C:\Windows\System\pRnuuLj.exe
  C:\Windows\System\pRnuuLj.exe
  2⤵
  PID:3212
- C:\Windows\System\dDMUhCz.exe
  C:\Windows\System\dDMUhCz.exe
  2⤵
  PID:3148
- C:\Windows\System\qyERaZW.exe
  C:\Windows\System\qyERaZW.exe
  2⤵
  PID:3308
- C:\Windows\System\faqsoOx.exe
  C:\Windows\System\faqsoOx.exe
  2⤵
  PID:3104
- C:\Windows\System\fHtNWAU.exe
  C:\Windows\System\fHtNWAU.exe
  2⤵
  PID:3372
- C:\Windows\System\YSparVo.exe
  C:\Windows\System\YSparVo.exe
  2⤵
  PID:3588
- C:\Windows\System\OwtUXVv.exe
  C:\Windows\System\OwtUXVv.exe
  2⤵
  PID:3652
- C:\Windows\System\iYjyLUO.exe
  C:\Windows\System\iYjyLUO.exe
  2⤵
  PID:3716
- C:\Windows\System\tGvGIog.exe
  C:\Windows\System\tGvGIog.exe
  2⤵
  PID:3428
- C:\Windows\System\XMcvWwt.exe
  C:\Windows\System\XMcvWwt.exe
  2⤵
  PID:2776
- C:\Windows\System\oTZNlOO.exe
  C:\Windows\System\oTZNlOO.exe
  2⤵
  PID:3920
- C:\Windows\System\jwBREbc.exe
  C:\Windows\System\jwBREbc.exe
  2⤵
  PID:3976
- C:\Windows\System\LvYhzBS.exe
  C:\Windows\System\LvYhzBS.exe
  2⤵
  PID:3040
- C:\Windows\System\KJOJVzr.exe
  C:\Windows\System\KJOJVzr.exe
  2⤵
  PID:2772
- C:\Windows\System\xbFQcKV.exe
  C:\Windows\System\xbFQcKV.exe
  2⤵
  PID:972
- C:\Windows\System\lqGmNqM.exe
  C:\Windows\System\lqGmNqM.exe
  2⤵
  PID:2960
- C:\Windows\System\jimpUkb.exe
  C:\Windows\System\jimpUkb.exe
  2⤵
  PID:3280
- C:\Windows\System\tgrEvjy.exe
  C:\Windows\System\tgrEvjy.exe
  2⤵
  PID:3404
- C:\Windows\System\uslUoNr.exe
  C:\Windows\System\uslUoNr.exe
  2⤵
  PID:3392
- C:\Windows\System\RNVYyEa.exe
  C:\Windows\System\RNVYyEa.exe
  2⤵
  PID:3736
- C:\Windows\System\wnPretE.exe
  C:\Windows\System\wnPretE.exe
  2⤵
  PID:4116
- C:\Windows\System\xcyhFHB.exe
  C:\Windows\System\xcyhFHB.exe
  2⤵
  PID:4136
- C:\Windows\System\CJLgIjw.exe
  C:\Windows\System\CJLgIjw.exe
  2⤵
  PID:4160
- C:\Windows\System\paXyIPP.exe
  C:\Windows\System\paXyIPP.exe
  2⤵
  PID:4180
- C:\Windows\System\xrEvJJn.exe
  C:\Windows\System\xrEvJJn.exe
  2⤵
  PID:4200
- C:\Windows\System\mOSBMKR.exe
  C:\Windows\System\mOSBMKR.exe
  2⤵
  PID:4220
- C:\Windows\System\CJhoatm.exe
  C:\Windows\System\CJhoatm.exe
  2⤵
  PID:4240
- C:\Windows\System\MYLNqaV.exe
  C:\Windows\System\MYLNqaV.exe
  2⤵
  PID:4260
- C:\Windows\System\QAzbUkC.exe
  C:\Windows\System\QAzbUkC.exe
  2⤵
  PID:4280
- C:\Windows\System\dTuwRXL.exe
  C:\Windows\System\dTuwRXL.exe
  2⤵
  PID:4300
- C:\Windows\System\EueCQVH.exe
  C:\Windows\System\EueCQVH.exe
  2⤵
  PID:4320
- C:\Windows\System\PhDMFgI.exe
  C:\Windows\System\PhDMFgI.exe
  2⤵
  PID:4340
- C:\Windows\System\KnjnOWb.exe
  C:\Windows\System\KnjnOWb.exe
  2⤵
  PID:4360
- C:\Windows\System\NSmPPBB.exe
  C:\Windows\System\NSmPPBB.exe
  2⤵
  PID:4380
- C:\Windows\System\MdkAYrj.exe
  C:\Windows\System\MdkAYrj.exe
  2⤵
  PID:4400
- C:\Windows\System\dXfFmqE.exe
  C:\Windows\System\dXfFmqE.exe
  2⤵
  PID:4420
- C:\Windows\System\XWrQEnM.exe
  C:\Windows\System\XWrQEnM.exe
  2⤵
  PID:4444
- C:\Windows\System\cJzlTHO.exe
  C:\Windows\System\cJzlTHO.exe
  2⤵
  PID:4464
- C:\Windows\System\ohwZQmR.exe
  C:\Windows\System\ohwZQmR.exe
  2⤵
  PID:4484
- C:\Windows\System\mpnsTTv.exe
  C:\Windows\System\mpnsTTv.exe
  2⤵
  PID:4504
- C:\Windows\System\XWTPXfS.exe
  C:\Windows\System\XWTPXfS.exe
  2⤵
  PID:4524
- C:\Windows\System\SQubLgw.exe
  C:\Windows\System\SQubLgw.exe
  2⤵
  PID:4544
- C:\Windows\System\ENVotOx.exe
  C:\Windows\System\ENVotOx.exe
  2⤵
  PID:4564
- C:\Windows\System\aIaMpfb.exe
  C:\Windows\System\aIaMpfb.exe
  2⤵
  PID:4584
- C:\Windows\System\gHSYpat.exe
  C:\Windows\System\gHSYpat.exe
  2⤵
  PID:4604
- C:\Windows\System\jhvqXTX.exe
  C:\Windows\System\jhvqXTX.exe
  2⤵
  PID:4624
- C:\Windows\System\timOatN.exe
  C:\Windows\System\timOatN.exe
  2⤵
  PID:4644
- C:\Windows\System\miJsvcK.exe
  C:\Windows\System\miJsvcK.exe
  2⤵
  PID:4668
- C:\Windows\System\Rdfxrlr.exe
  C:\Windows\System\Rdfxrlr.exe
  2⤵
  PID:4688
- C:\Windows\System\iMHTQMJ.exe
  C:\Windows\System\iMHTQMJ.exe
  2⤵
  PID:4708
- C:\Windows\System\LLygbjE.exe
  C:\Windows\System\LLygbjE.exe
  2⤵
  PID:4728
- C:\Windows\System\FUjiPSa.exe
  C:\Windows\System\FUjiPSa.exe
  2⤵
  PID:4748
- C:\Windows\System\BAtYGPI.exe
  C:\Windows\System\BAtYGPI.exe
  2⤵
  PID:4768
- C:\Windows\System\WcrWvlG.exe
  C:\Windows\System\WcrWvlG.exe
  2⤵
  PID:4788
- C:\Windows\System\IYSeXfW.exe
  C:\Windows\System\IYSeXfW.exe
  2⤵
  PID:4808
- C:\Windows\System\qDTNEZf.exe
  C:\Windows\System\qDTNEZf.exe
  2⤵
  PID:4828
- C:\Windows\System\njaaRRj.exe
  C:\Windows\System\njaaRRj.exe
  2⤵
  PID:4852
- C:\Windows\System\cDMSMrl.exe
  C:\Windows\System\cDMSMrl.exe
  2⤵
  PID:4872
- C:\Windows\System\lASTnuJ.exe
  C:\Windows\System\lASTnuJ.exe
  2⤵
  PID:4892
- C:\Windows\System\JpLoQKx.exe
  C:\Windows\System\JpLoQKx.exe
  2⤵
  PID:4912
- C:\Windows\System\dIdSHRU.exe
  C:\Windows\System\dIdSHRU.exe
  2⤵
  PID:4932
- C:\Windows\System\eQalZdN.exe
  C:\Windows\System\eQalZdN.exe
  2⤵
  PID:4952
- C:\Windows\System\rgjjuWR.exe
  C:\Windows\System\rgjjuWR.exe
  2⤵
  PID:4972
- C:\Windows\System\DwUfFSw.exe
  C:\Windows\System\DwUfFSw.exe
  2⤵
  PID:4992
- C:\Windows\System\JDahQfu.exe
  C:\Windows\System\JDahQfu.exe
  2⤵
  PID:5012
- C:\Windows\System\WHxFxJQ.exe
  C:\Windows\System\WHxFxJQ.exe
  2⤵
  PID:5032
- C:\Windows\System\hYLKjal.exe
  C:\Windows\System\hYLKjal.exe
  2⤵
  PID:5052
- C:\Windows\System\PoBRfXj.exe
  C:\Windows\System\PoBRfXj.exe
  2⤵
  PID:5072
- C:\Windows\System\bhhSRrK.exe
  C:\Windows\System\bhhSRrK.exe
  2⤵
  PID:5092
- C:\Windows\System\lwXPLVx.exe
  C:\Windows\System\lwXPLVx.exe
  2⤵
  PID:5112
- C:\Windows\System\wDYCGBP.exe
  C:\Windows\System\wDYCGBP.exe
  2⤵
  PID:3964
- C:\Windows\System\Kmoorcg.exe
  C:\Windows\System\Kmoorcg.exe
  2⤵
  PID:3936
- C:\Windows\System\IhavPLd.exe
  C:\Windows\System\IhavPLd.exe
  2⤵
  PID:3960
- C:\Windows\System\CQyzXtJ.exe
  C:\Windows\System\CQyzXtJ.exe
  2⤵
  PID:1760
- C:\Windows\System\HIcogHV.exe
  C:\Windows\System\HIcogHV.exe
  2⤵
  PID:3128
- C:\Windows\System\iWZdDBL.exe
  C:\Windows\System\iWZdDBL.exe
  2⤵
  PID:3572
- C:\Windows\System\hSfiJDF.exe
  C:\Windows\System\hSfiJDF.exe
  2⤵
  PID:3568
- C:\Windows\System\JjNhMmW.exe
  C:\Windows\System\JjNhMmW.exe
  2⤵
  PID:4144
- C:\Windows\System\zHXndfz.exe
  C:\Windows\System\zHXndfz.exe
  2⤵
  PID:4148
- C:\Windows\System\QdqMFLk.exe
  C:\Windows\System\QdqMFLk.exe
  2⤵
  PID:4176
- C:\Windows\System\xIJoHKz.exe
  C:\Windows\System\xIJoHKz.exe
  2⤵
  PID:4212
- C:\Windows\System\eDloCvy.exe
  C:\Windows\System\eDloCvy.exe
  2⤵
  PID:4268
- C:\Windows\System\FAgRIsB.exe
  C:\Windows\System\FAgRIsB.exe
  2⤵
  PID:4308
- C:\Windows\System\LBGjazA.exe
  C:\Windows\System\LBGjazA.exe
  2⤵
  PID:4288
- C:\Windows\System\grOuDMw.exe
  C:\Windows\System\grOuDMw.exe
  2⤵
  PID:4336
- C:\Windows\System\HZIAoBi.exe
  C:\Windows\System\HZIAoBi.exe
  2⤵
  PID:4396
- C:\Windows\System\aDCDZfK.exe
  C:\Windows\System\aDCDZfK.exe
  2⤵
  PID:4416
- C:\Windows\System\iAOvBYy.exe
  C:\Windows\System\iAOvBYy.exe
  2⤵
  PID:4436
- C:\Windows\System\uOxTcLJ.exe
  C:\Windows\System\uOxTcLJ.exe
  2⤵
  PID:4476
- C:\Windows\System\kqjrNuT.exe
  C:\Windows\System\kqjrNuT.exe
  2⤵
  PID:4496
- C:\Windows\System\arJMEsI.exe
  C:\Windows\System\arJMEsI.exe
  2⤵
  PID:4556
- C:\Windows\System\DdHzczN.exe
  C:\Windows\System\DdHzczN.exe
  2⤵
  PID:4576
- C:\Windows\System\rxkBScq.exe
  C:\Windows\System\rxkBScq.exe
  2⤵
  PID:4640
- C:\Windows\System\jGtpSUA.exe
  C:\Windows\System\jGtpSUA.exe
  2⤵
  PID:4664
- C:\Windows\System\PSMZEyc.exe
  C:\Windows\System\PSMZEyc.exe
  2⤵
  PID:4716
- C:\Windows\System\XgWqPhS.exe
  C:\Windows\System\XgWqPhS.exe
  2⤵
  PID:4700
- C:\Windows\System\lUeMkfe.exe
  C:\Windows\System\lUeMkfe.exe
  2⤵
  PID:4764
- C:\Windows\System\gkaUfni.exe
  C:\Windows\System\gkaUfni.exe
  2⤵
  PID:4800
- C:\Windows\System\YvxUIuR.exe
  C:\Windows\System\YvxUIuR.exe
  2⤵
  PID:4848
- C:\Windows\System\nWwusWR.exe
  C:\Windows\System\nWwusWR.exe
  2⤵
  PID:4880
- C:\Windows\System\bzPgxwj.exe
  C:\Windows\System\bzPgxwj.exe
  2⤵
  PID:4884
- C:\Windows\System\IWcDISY.exe
  C:\Windows\System\IWcDISY.exe
  2⤵
  PID:4928
- C:\Windows\System\xgzBRbu.exe
  C:\Windows\System\xgzBRbu.exe
  2⤵
  PID:4944
- C:\Windows\System\XIWKahc.exe
  C:\Windows\System\XIWKahc.exe
  2⤵
  PID:5008
- C:\Windows\System\UiEzALW.exe
  C:\Windows\System\UiEzALW.exe
  2⤵
  PID:4660
- C:\Windows\System\tdVhIuC.exe
  C:\Windows\System\tdVhIuC.exe
  2⤵
  PID:5024
- C:\Windows\System\eoAMtCl.exe
  C:\Windows\System\eoAMtCl.exe
  2⤵
  PID:5080
- C:\Windows\System\ZSjeShH.exe
  C:\Windows\System\ZSjeShH.exe
  2⤵
  PID:5104
- C:\Windows\System\kMcGSPo.exe
  C:\Windows\System\kMcGSPo.exe
  2⤵
  PID:3872
- C:\Windows\System\bzXZhIs.exe
  C:\Windows\System\bzXZhIs.exe
  2⤵
  PID:2388
- C:\Windows\System\RfbSXNv.exe
  C:\Windows\System\RfbSXNv.exe
  2⤵
  PID:1076
- C:\Windows\System\rjYAPxn.exe
  C:\Windows\System\rjYAPxn.exe
  2⤵
  PID:3432
- C:\Windows\System\jmVSizz.exe
  C:\Windows\System\jmVSizz.exe
  2⤵
  PID:4132
- C:\Windows\System\NZnzWuw.exe
  C:\Windows\System\NZnzWuw.exe
  2⤵
  PID:4216
- C:\Windows\System\HnmJoJA.exe
  C:\Windows\System\HnmJoJA.exe
  2⤵
  PID:2192
- C:\Windows\System\xtHliwg.exe
  C:\Windows\System\xtHliwg.exe
  2⤵
  PID:4252
- C:\Windows\System\IgmmYjo.exe
  C:\Windows\System\IgmmYjo.exe
  2⤵
  PID:4356
- C:\Windows\System\XvBuTzT.exe
  C:\Windows\System\XvBuTzT.exe
  2⤵
  PID:328
- C:\Windows\System\gudYJvJ.exe
  C:\Windows\System\gudYJvJ.exe
  2⤵
  PID:4456
- C:\Windows\System\AZolXjB.exe
  C:\Windows\System\AZolXjB.exe
  2⤵
  PID:4532
- C:\Windows\System\evUBiZf.exe
  C:\Windows\System\evUBiZf.exe
  2⤵
  PID:4492
- C:\Windows\System\ueperwZ.exe
  C:\Windows\System\ueperwZ.exe
  2⤵
  PID:4600
- C:\Windows\System\seeJZNo.exe
  C:\Windows\System\seeJZNo.exe
  2⤵
  PID:4680
- C:\Windows\System\oSXgGow.exe
  C:\Windows\System\oSXgGow.exe
  2⤵
  PID:4744
- C:\Windows\System\vXZYZkA.exe
  C:\Windows\System\vXZYZkA.exe
  2⤵
  PID:4760
- C:\Windows\System\mwWNxgA.exe
  C:\Windows\System\mwWNxgA.exe
  2⤵
  PID:4780
- C:\Windows\System\zVEuuyq.exe
  C:\Windows\System\zVEuuyq.exe
  2⤵
  PID:4820
- C:\Windows\System\nOCmufv.exe
  C:\Windows\System\nOCmufv.exe
  2⤵
  PID:4920
- C:\Windows\System\oOZjKol.exe
  C:\Windows\System\oOZjKol.exe
  2⤵
  PID:4968
- C:\Windows\System\PJErgfY.exe
  C:\Windows\System\PJErgfY.exe
  2⤵
  PID:5028
- C:\Windows\System\SzKWxES.exe
  C:\Windows\System\SzKWxES.exe
  2⤵
  PID:5084
- C:\Windows\System\XZVDAhD.exe
  C:\Windows\System\XZVDAhD.exe
  2⤵
  PID:5100
- C:\Windows\System\UGaNHUO.exe
  C:\Windows\System\UGaNHUO.exe
  2⤵
  PID:4016
- C:\Windows\System\cDQyckE.exe
  C:\Windows\System\cDQyckE.exe
  2⤵
  PID:1012
- C:\Windows\System\lCEQQjC.exe
  C:\Windows\System\lCEQQjC.exe
  2⤵
  PID:4104
- C:\Windows\System\ctABIUk.exe
  C:\Windows\System\ctABIUk.exe
  2⤵
  PID:4312
- C:\Windows\System\GudeqRH.exe
  C:\Windows\System\GudeqRH.exe
  2⤵
  PID:4372
- C:\Windows\System\BdBDtER.exe
  C:\Windows\System\BdBDtER.exe
  2⤵
  PID:4392
- C:\Windows\System\haryETm.exe
  C:\Windows\System\haryETm.exe
  2⤵
  PID:4460
- C:\Windows\System\eYXlSEF.exe
  C:\Windows\System\eYXlSEF.exe
  2⤵
  PID:4616
- C:\Windows\System\ixUnIyc.exe
  C:\Windows\System\ixUnIyc.exe
  2⤵
  PID:4652
- C:\Windows\System\NizfkNl.exe
  C:\Windows\System\NizfkNl.exe
  2⤵
  PID:4736
- C:\Windows\System\CCTXONZ.exe
  C:\Windows\System\CCTXONZ.exe
  2⤵
  PID:4864
- C:\Windows\System\UBJNtHy.exe
  C:\Windows\System\UBJNtHy.exe
  2⤵
  PID:4984
- C:\Windows\System\KYWieLI.exe
  C:\Windows\System\KYWieLI.exe
  2⤵
  PID:4964
- C:\Windows\System\HWQoEts.exe
  C:\Windows\System\HWQoEts.exe
  2⤵
  PID:2952
- C:\Windows\System\VYmVkoY.exe
  C:\Windows\System\VYmVkoY.exe
  2⤵
  PID:2260
- C:\Windows\System\pwMifYu.exe
  C:\Windows\System\pwMifYu.exe
  2⤵
  PID:1660
- C:\Windows\System\HzzTuci.exe
  C:\Windows\System\HzzTuci.exe
  2⤵
  PID:4156
- C:\Windows\System\GnudknL.exe
  C:\Windows\System\GnudknL.exe
  2⤵
  PID:4440
- C:\Windows\System\DtZkwwH.exe
  C:\Windows\System\DtZkwwH.exe
  2⤵
  PID:4612
- C:\Windows\System\JfMDxzm.exe
  C:\Windows\System\JfMDxzm.exe
  2⤵
  PID:4656
- C:\Windows\System\aypxnhY.exe
  C:\Windows\System\aypxnhY.exe
  2⤵
  PID:5140
- C:\Windows\System\yRGuVgU.exe
  C:\Windows\System\yRGuVgU.exe
  2⤵
  PID:5164
- C:\Windows\System\woVUCDY.exe
  C:\Windows\System\woVUCDY.exe
  2⤵
  PID:5184
- C:\Windows\System\iKUxTGp.exe
  C:\Windows\System\iKUxTGp.exe
  2⤵
  PID:5204
- C:\Windows\System\XhLfKNC.exe
  C:\Windows\System\XhLfKNC.exe
  2⤵
  PID:5228
- C:\Windows\System\zeDAQoZ.exe
  C:\Windows\System\zeDAQoZ.exe
  2⤵
  PID:5248
- C:\Windows\System\NZIczEs.exe
  C:\Windows\System\NZIczEs.exe
  2⤵
  PID:5268
- C:\Windows\System\KVfjofF.exe
  C:\Windows\System\KVfjofF.exe
  2⤵
  PID:5288
- C:\Windows\System\KqobOTK.exe
  C:\Windows\System\KqobOTK.exe
  2⤵
  PID:5308
- C:\Windows\System\zELuhXV.exe
  C:\Windows\System\zELuhXV.exe
  2⤵
  PID:5328
- C:\Windows\System\SjVTXWY.exe
  C:\Windows\System\SjVTXWY.exe
  2⤵
  PID:5348
- C:\Windows\System\BFapgbF.exe
  C:\Windows\System\BFapgbF.exe
  2⤵
  PID:5368
- C:\Windows\System\ckFMkKh.exe
  C:\Windows\System\ckFMkKh.exe
  2⤵
  PID:5388
- C:\Windows\System\mIZUpJw.exe
  C:\Windows\System\mIZUpJw.exe
  2⤵
  PID:5408
- C:\Windows\System\aGEpLNP.exe
  C:\Windows\System\aGEpLNP.exe
  2⤵
  PID:5428
- C:\Windows\System\CBrelTT.exe
  C:\Windows\System\CBrelTT.exe
  2⤵
  PID:5448
- C:\Windows\System\PzcFVjf.exe
  C:\Windows\System\PzcFVjf.exe
  2⤵
  PID:5468
- C:\Windows\System\EhgQYuj.exe
  C:\Windows\System\EhgQYuj.exe
  2⤵
  PID:5488
- C:\Windows\System\fRajAGy.exe
  C:\Windows\System\fRajAGy.exe
  2⤵
  PID:5508
- C:\Windows\System\hgxZdJP.exe
  C:\Windows\System\hgxZdJP.exe
  2⤵
  PID:5528
- C:\Windows\System\DYDkwhG.exe
  C:\Windows\System\DYDkwhG.exe
  2⤵
  PID:5548
- C:\Windows\System\JHvbqJa.exe
  C:\Windows\System\JHvbqJa.exe
  2⤵
  PID:5572
- C:\Windows\System\GABOCOE.exe
  C:\Windows\System\GABOCOE.exe
  2⤵
  PID:5592
- C:\Windows\System\uOjOrxB.exe
  C:\Windows\System\uOjOrxB.exe
  2⤵
  PID:5612
- C:\Windows\System\XFGtNQE.exe
  C:\Windows\System\XFGtNQE.exe
  2⤵
  PID:5632
- C:\Windows\System\wWUcjrq.exe
  C:\Windows\System\wWUcjrq.exe
  2⤵
  PID:5652
- C:\Windows\System\ssaAeuS.exe
  C:\Windows\System\ssaAeuS.exe
  2⤵
  PID:5672
- C:\Windows\System\RyUxOTp.exe
  C:\Windows\System\RyUxOTp.exe
  2⤵
  PID:5692
- C:\Windows\System\kwrdpgt.exe
  C:\Windows\System\kwrdpgt.exe
  2⤵
  PID:5716
- C:\Windows\System\ugqcjJm.exe
  C:\Windows\System\ugqcjJm.exe
  2⤵
  PID:5736
- C:\Windows\System\psJftZr.exe
  C:\Windows\System\psJftZr.exe
  2⤵
  PID:5756
- C:\Windows\System\pJTIRRA.exe
  C:\Windows\System\pJTIRRA.exe
  2⤵
  PID:5776
- C:\Windows\System\OMimPUQ.exe
  C:\Windows\System\OMimPUQ.exe
  2⤵
  PID:5796
- C:\Windows\System\YVEjATc.exe
  C:\Windows\System\YVEjATc.exe
  2⤵
  PID:5816
- C:\Windows\System\pBCFIgB.exe
  C:\Windows\System\pBCFIgB.exe
  2⤵
  PID:5836
- C:\Windows\System\rKRNzEV.exe
  C:\Windows\System\rKRNzEV.exe
  2⤵
  PID:5856
- C:\Windows\System\ApObQMn.exe
  C:\Windows\System\ApObQMn.exe
  2⤵
  PID:5876
- C:\Windows\System\vxWzoqQ.exe
  C:\Windows\System\vxWzoqQ.exe
  2⤵
  PID:5896
- C:\Windows\System\kqyKDEq.exe
  C:\Windows\System\kqyKDEq.exe
  2⤵
  PID:5916
- C:\Windows\System\FFIMsZO.exe
  C:\Windows\System\FFIMsZO.exe
  2⤵
  PID:5936
- C:\Windows\System\IjbAUke.exe
  C:\Windows\System\IjbAUke.exe
  2⤵
  PID:5960
- C:\Windows\System\MsENthT.exe
  C:\Windows\System\MsENthT.exe
  2⤵
  PID:5980
- C:\Windows\System\JYHEnUI.exe
  C:\Windows\System\JYHEnUI.exe
  2⤵
  PID:6000
- C:\Windows\System\gSKacVz.exe
  C:\Windows\System\gSKacVz.exe
  2⤵
  PID:6020
- C:\Windows\System\gvNPvHG.exe
  C:\Windows\System\gvNPvHG.exe
  2⤵
  PID:6040
- C:\Windows\System\KFrphug.exe
  C:\Windows\System\KFrphug.exe
  2⤵
  PID:6060
- C:\Windows\System\CwZvDeo.exe
  C:\Windows\System\CwZvDeo.exe
  2⤵
  PID:6080
- C:\Windows\System\krLlsEN.exe
  C:\Windows\System\krLlsEN.exe
  2⤵
  PID:6100
- C:\Windows\System\GFCMROv.exe
  C:\Windows\System\GFCMROv.exe
  2⤵
  PID:6120
- C:\Windows\System\scVwhgw.exe
  C:\Windows\System\scVwhgw.exe
  2⤵
  PID:6140
- C:\Windows\System\stxeTug.exe
  C:\Windows\System\stxeTug.exe
  2⤵
  PID:912
- C:\Windows\System\yaGOOZu.exe
  C:\Windows\System\yaGOOZu.exe
  2⤵
  PID:4924
- C:\Windows\System\vLRaSLm.exe
  C:\Windows\System\vLRaSLm.exe
  2⤵
  PID:5004
- C:\Windows\System\gjEhILq.exe
  C:\Windows\System\gjEhILq.exe
  2⤵
  PID:3424
- C:\Windows\System\BpPgQti.exe
  C:\Windows\System\BpPgQti.exe
  2⤵
  PID:4296
- C:\Windows\System\DfvNuHZ.exe
  C:\Windows\System\DfvNuHZ.exe
  2⤵
  PID:4408
- C:\Windows\System\ZBnGVwZ.exe
  C:\Windows\System\ZBnGVwZ.exe
  2⤵
  PID:5128
- C:\Windows\System\gpMaHEi.exe
  C:\Windows\System\gpMaHEi.exe
  2⤵
  PID:5148
- C:\Windows\System\gPvQgXn.exe
  C:\Windows\System\gPvQgXn.exe
  2⤵
  PID:5224
- C:\Windows\System\knbWXaK.exe
  C:\Windows\System\knbWXaK.exe
  2⤵
  PID:1772
- C:\Windows\System\TzRYwrg.exe
  C:\Windows\System\TzRYwrg.exe
  2⤵
  PID:5240
- C:\Windows\System\MmKxQUb.exe
  C:\Windows\System\MmKxQUb.exe
  2⤵
  PID:5280
- C:\Windows\System\vmJZVbW.exe
  C:\Windows\System\vmJZVbW.exe
  2⤵
  PID:5344
- C:\Windows\System\zgVpKfX.exe
  C:\Windows\System\zgVpKfX.exe
  2⤵
  PID:5364
- C:\Windows\System\nsslizX.exe
  C:\Windows\System\nsslizX.exe
  2⤵
  PID:5380
- C:\Windows\System\IHhRfMl.exe
  C:\Windows\System\IHhRfMl.exe
  2⤵
  PID:5424
- C:\Windows\System\AikqJJB.exe
  C:\Windows\System\AikqJJB.exe
  2⤵
  PID:5444
- C:\Windows\System\xaSktms.exe
  C:\Windows\System\xaSktms.exe
  2⤵
  PID:5504
- C:\Windows\System\qSmDJEB.exe
  C:\Windows\System\qSmDJEB.exe
  2⤵
  PID:5500
- C:\Windows\System\uYkmiNE.exe
  C:\Windows\System\uYkmiNE.exe
  2⤵
  PID:5540
- C:\Windows\System\gvtcXFE.exe
  C:\Windows\System\gvtcXFE.exe
  2⤵
  PID:5588
- C:\Windows\System\fbcWlIh.exe
  C:\Windows\System\fbcWlIh.exe
  2⤵
  PID:5604
- C:\Windows\System\elqtwbj.exe
  C:\Windows\System\elqtwbj.exe
  2⤵
  PID:5648
- C:\Windows\System\upxglBA.exe
  C:\Windows\System\upxglBA.exe
  2⤵
  PID:5700
- C:\Windows\System\rhgtXkA.exe
  C:\Windows\System\rhgtXkA.exe
  2⤵
  PID:5724
- C:\Windows\System\TQeEzVJ.exe
  C:\Windows\System\TQeEzVJ.exe
  2⤵
  PID:5748
- C:\Windows\System\xZxKBlu.exe
  C:\Windows\System\xZxKBlu.exe
  2⤵
  PID:5792
- C:\Windows\System\XEswGTg.exe
  C:\Windows\System\XEswGTg.exe
  2⤵
  PID:5812
- C:\Windows\System\EoBWcqq.exe
  C:\Windows\System\EoBWcqq.exe
  2⤵
  PID:5844
- C:\Windows\System\TvwlzEO.exe
  C:\Windows\System\TvwlzEO.exe
  2⤵
  PID:5868
- C:\Windows\System\EOrvOjx.exe
  C:\Windows\System\EOrvOjx.exe
  2⤵
  PID:6112
- C:\Windows\System\AQZDRPf.exe
  C:\Windows\System\AQZDRPf.exe
  2⤵
  PID:6128
- C:\Windows\System\ifkRglI.exe
  C:\Windows\System\ifkRglI.exe
  2⤵
  PID:4560
- C:\Windows\System\BJFkXrF.exe
  C:\Windows\System\BJFkXrF.exe
  2⤵
  PID:4824
- C:\Windows\System\ywnWZgM.exe
  C:\Windows\System\ywnWZgM.exe
  2⤵
  PID:3672
- C:\Windows\System\RFasgZh.exe
  C:\Windows\System\RFasgZh.exe
  2⤵
  PID:2688
- C:\Windows\System\OQsQLYp.exe
  C:\Windows\System\OQsQLYp.exe
  2⤵
  PID:1132
- C:\Windows\System\ILQDwtk.exe
  C:\Windows\System\ILQDwtk.exe
  2⤵
  PID:5132
- C:\Windows\System\BRyHtsv.exe
  C:\Windows\System\BRyHtsv.exe
  2⤵
  PID:5244
- C:\Windows\System\TCTelpo.exe
  C:\Windows\System\TCTelpo.exe
  2⤵
  PID:5260
- C:\Windows\System\QIlCwaQ.exe
  C:\Windows\System\QIlCwaQ.exe
  2⤵
  PID:2784
- C:\Windows\System\teJVlwJ.exe
  C:\Windows\System\teJVlwJ.exe
  2⤵
  PID:5376
- C:\Windows\System\QIRYzrI.exe
  C:\Windows\System\QIRYzrI.exe
  2⤵
  PID:5456
- C:\Windows\System\bOWyHaB.exe
  C:\Windows\System\bOWyHaB.exe
  2⤵
  PID:2212
- C:\Windows\System\lZeCopc.exe
  C:\Windows\System\lZeCopc.exe
  2⤵
  PID:5464
- C:\Windows\System\AfWqgKn.exe
  C:\Windows\System\AfWqgKn.exe
  2⤵
  PID:2256
- C:\Windows\System\pCPOcAa.exe
  C:\Windows\System\pCPOcAa.exe
  2⤵
  PID:572
- C:\Windows\System\OMAQjfm.exe
  C:\Windows\System\OMAQjfm.exe
  2⤵
  PID:5544
- C:\Windows\System\cycdLqi.exe
  C:\Windows\System\cycdLqi.exe
  2⤵
  PID:2364
- C:\Windows\System\avYPqxx.exe
  C:\Windows\System\avYPqxx.exe
  2⤵
  PID:5600
- C:\Windows\System\JrIzBWS.exe
  C:\Windows\System\JrIzBWS.exe
  2⤵
  PID:5668
- C:\Windows\System\LMFJUsa.exe
  C:\Windows\System\LMFJUsa.exe
  2⤵
  PID:2204
- C:\Windows\System\lSRSPvN.exe
  C:\Windows\System\lSRSPvN.exe
  2⤵
  PID:2272
- C:\Windows\System\ZCgZJyb.exe
  C:\Windows\System\ZCgZJyb.exe
  2⤵
  PID:4208
- C:\Windows\System\XRIPKXL.exe
  C:\Windows\System\XRIPKXL.exe
  2⤵
  PID:2076
- C:\Windows\System\VytcUap.exe
  C:\Windows\System\VytcUap.exe
  2⤵
  PID:2244
- C:\Windows\System\LbYNFJS.exe
  C:\Windows\System\LbYNFJS.exe
  2⤵
  PID:5864
- C:\Windows\System\cvoaFzu.exe
  C:\Windows\System\cvoaFzu.exe
  2⤵
  PID:5520
- C:\Windows\System\xXFPVMx.exe
  C:\Windows\System\xXFPVMx.exe
  2⤵
  PID:5956
- C:\Windows\System\lwWdSwh.exe
  C:\Windows\System\lwWdSwh.exe
  2⤵
  PID:5968
- C:\Windows\System\QKIrFbx.exe
  C:\Windows\System\QKIrFbx.exe
  2⤵
  PID:6008
- C:\Windows\System\uqqjdjL.exe
  C:\Windows\System\uqqjdjL.exe
  2⤵
  PID:6032
- C:\Windows\System\JMzFEIg.exe
  C:\Windows\System\JMzFEIg.exe
  2⤵
  PID:772
- C:\Windows\System\vgGuYqe.exe
  C:\Windows\System\vgGuYqe.exe
  2⤵
  PID:6088
- C:\Windows\System\ySHhjOm.exe
  C:\Windows\System\ySHhjOm.exe
  2⤵
  PID:2168
- C:\Windows\System\OjKQAju.exe
  C:\Windows\System\OjKQAju.exe
  2⤵
  PID:6092
- C:\Windows\System\ldYZKpL.exe
  C:\Windows\System\ldYZKpL.exe
  2⤵
  PID:2180
- C:\Windows\System\xRRRsxE.exe
  C:\Windows\System\xRRRsxE.exe
  2⤵
  PID:4328
- C:\Windows\System\XDdRkbO.exe
  C:\Windows\System\XDdRkbO.exe
  2⤵
  PID:5296
- C:\Windows\System\TeEHOzc.exe
  C:\Windows\System\TeEHOzc.exe
  2⤵
  PID:5304
- C:\Windows\System\joDBUFk.exe
  C:\Windows\System\joDBUFk.exe
  2⤵
  PID:5256
- C:\Windows\System\tnZgZRD.exe
  C:\Windows\System\tnZgZRD.exe
  2⤵
  PID:2488
- C:\Windows\System\BDHGkhp.exe
  C:\Windows\System\BDHGkhp.exe
  2⤵
  PID:2248
- C:\Windows\System\WdvCxeC.exe
  C:\Windows\System\WdvCxeC.exe
  2⤵
  PID:5564
- C:\Windows\System\jicibmd.exe
  C:\Windows\System\jicibmd.exe
  2⤵
  PID:1920
- C:\Windows\System\YgOHgan.exe
  C:\Windows\System\YgOHgan.exe
  2⤵
  PID:996
- C:\Windows\System\MjvPRnF.exe
  C:\Windows\System\MjvPRnF.exe
  2⤵
  PID:2540
- C:\Windows\System\HOpifWl.exe
  C:\Windows\System\HOpifWl.exe
  2⤵
  PID:2060
- C:\Windows\System\TvXkJUU.exe
  C:\Windows\System\TvXkJUU.exe
  2⤵
  PID:5664
- C:\Windows\System\jSyFLxB.exe
  C:\Windows\System\jSyFLxB.exe
  2⤵
  PID:976
- C:\Windows\System\qJCCEMz.exe
  C:\Windows\System\qJCCEMz.exe
  2⤵
  PID:5192
- C:\Windows\System\grdglQp.exe
  C:\Windows\System\grdglQp.exe
  2⤵
  PID:5988
- C:\Windows\System\CprDZNK.exe
  C:\Windows\System\CprDZNK.exe
  2⤵
  PID:6012
- C:\Windows\System\mYEvUIM.exe
  C:\Windows\System\mYEvUIM.exe
  2⤵
  PID:932
- C:\Windows\System\XZLUSLm.exe
  C:\Windows\System\XZLUSLm.exe
  2⤵
  PID:4940
- C:\Windows\System\rfAcfZK.exe
  C:\Windows\System\rfAcfZK.exe
  2⤵
  PID:4192
- C:\Windows\System\wPmCSOW.exe
  C:\Windows\System\wPmCSOW.exe
  2⤵
  PID:2740
- C:\Windows\System\xNJnLYy.exe
  C:\Windows\System\xNJnLYy.exe
  2⤵
  PID:2596
- C:\Windows\System\xBKJTrC.exe
  C:\Windows\System\xBKJTrC.exe
  2⤵
  PID:1756
- C:\Windows\System\iOrkbeL.exe
  C:\Windows\System\iOrkbeL.exe
  2⤵
  PID:5620
- C:\Windows\System\WtVjIzz.exe
  C:\Windows\System\WtVjIzz.exe
  2⤵
  PID:2616
- C:\Windows\System\NCCejtt.exe
  C:\Windows\System\NCCejtt.exe
  2⤵
  PID:6116
- C:\Windows\System\lmcYPbp.exe
  C:\Windows\System\lmcYPbp.exe
  2⤵
  PID:5828
- C:\Windows\System\WTcmyVX.exe
  C:\Windows\System\WTcmyVX.exe
  2⤵
  PID:5872
- C:\Windows\System\srOOriE.exe
  C:\Windows\System\srOOriE.exe
  2⤵
  PID:5928
- C:\Windows\System\TPnvFJX.exe
  C:\Windows\System\TPnvFJX.exe
  2⤵
  PID:2288
- C:\Windows\System\GvlhAUj.exe
  C:\Windows\System\GvlhAUj.exe
  2⤵
  PID:6108
- C:\Windows\System\xytwuCn.exe
  C:\Windows\System\xytwuCn.exe
  2⤵
  PID:5320
- C:\Windows\System\iIYJRKt.exe
  C:\Windows\System\iIYJRKt.exe
  2⤵
  PID:5284
- C:\Windows\System\zQALuRN.exe
  C:\Windows\System\zQALuRN.exe
  2⤵
  PID:2944
- C:\Windows\System\HslZaZU.exe
  C:\Windows\System\HslZaZU.exe
  2⤵
  PID:5704
- C:\Windows\System\kJRLEpV.exe
  C:\Windows\System\kJRLEpV.exe
  2⤵
  PID:5744
- C:\Windows\System\OvWvAJu.exe
  C:\Windows\System\OvWvAJu.exe
  2⤵
  PID:6036
- C:\Windows\System\embEucF.exe
  C:\Windows\System\embEucF.exe
  2⤵
  PID:6048
- C:\Windows\System\iNbTyvM.exe
  C:\Windows\System\iNbTyvM.exe
  2⤵
  PID:5176
- C:\Windows\System\KjouurU.exe
  C:\Windows\System\KjouurU.exe
  2⤵
  PID:5496
- C:\Windows\System\fjlMMIO.exe
  C:\Windows\System\fjlMMIO.exe
  2⤵
  PID:5972
- C:\Windows\System\WGhdDjK.exe
  C:\Windows\System\WGhdDjK.exe
  2⤵
  PID:4480
- C:\Windows\System\aSYKkyt.exe
  C:\Windows\System\aSYKkyt.exe
  2⤵
  PID:5752
- C:\Windows\System\wmsKHHw.exe
  C:\Windows\System\wmsKHHw.exe
  2⤵
  PID:2472
- C:\Windows\System\KiToRjG.exe
  C:\Windows\System\KiToRjG.exe
  2⤵
  PID:6152
- C:\Windows\System\VyJiAxw.exe
  C:\Windows\System\VyJiAxw.exe
  2⤵
  PID:6184
- C:\Windows\System\egOjVAU.exe
  C:\Windows\System\egOjVAU.exe
  2⤵
  PID:6200
- C:\Windows\System\RCfFXjl.exe
  C:\Windows\System\RCfFXjl.exe
  2⤵
  PID:6220
- C:\Windows\System\HhAnNGP.exe
  C:\Windows\System\HhAnNGP.exe
  2⤵
  PID:6244
- C:\Windows\System\QoPtkSI.exe
  C:\Windows\System\QoPtkSI.exe
  2⤵
  PID:6260
- C:\Windows\System\mqWPZUn.exe
  C:\Windows\System\mqWPZUn.exe
  2⤵
  PID:6280
- C:\Windows\System\LNXIfqI.exe
  C:\Windows\System\LNXIfqI.exe
  2⤵
  PID:6300
- C:\Windows\System\IxslVCO.exe
  C:\Windows\System\IxslVCO.exe
  2⤵
  PID:6320
- C:\Windows\System\uYnzFID.exe
  C:\Windows\System\uYnzFID.exe
  2⤵
  PID:6336
- C:\Windows\System\SjzZrVi.exe
  C:\Windows\System\SjzZrVi.exe
  2⤵
  PID:6368
- C:\Windows\System\UbriIWU.exe
  C:\Windows\System\UbriIWU.exe
  2⤵
  PID:6384
- C:\Windows\System\ufdPJGH.exe
  C:\Windows\System\ufdPJGH.exe
  2⤵
  PID:6404
- C:\Windows\System\DwUtECP.exe
  C:\Windows\System\DwUtECP.exe
  2⤵
  PID:6420
- C:\Windows\System\dkrjJCm.exe
  C:\Windows\System\dkrjJCm.exe
  2⤵
  PID:6444
- C:\Windows\System\CPbouSW.exe
  C:\Windows\System\CPbouSW.exe
  2⤵
  PID:6464
- C:\Windows\System\dWHwHpt.exe
  C:\Windows\System\dWHwHpt.exe
  2⤵
  PID:6488
- C:\Windows\System\LzsIMhn.exe
  C:\Windows\System\LzsIMhn.exe
  2⤵
  PID:6504
- C:\Windows\System\OJjKHBC.exe
  C:\Windows\System\OJjKHBC.exe
  2⤵
  PID:6528
- C:\Windows\System\bkbqdPl.exe
  C:\Windows\System\bkbqdPl.exe
  2⤵
  PID:6544
- C:\Windows\System\eLnwcts.exe
  C:\Windows\System\eLnwcts.exe
  2⤵
  PID:6564
- C:\Windows\System\FNdHIfX.exe
  C:\Windows\System\FNdHIfX.exe
  2⤵
  PID:6584
- C:\Windows\System\iJIPqiF.exe
  C:\Windows\System\iJIPqiF.exe
  2⤵
  PID:6600
- C:\Windows\System\uEQEzLl.exe
  C:\Windows\System\uEQEzLl.exe
  2⤵
  PID:6628
- C:\Windows\System\WlSTANt.exe
  C:\Windows\System\WlSTANt.exe
  2⤵
  PID:6648
- C:\Windows\System\KYwyonY.exe
  C:\Windows\System\KYwyonY.exe
  2⤵
  PID:6664
- C:\Windows\System\EdjGIfH.exe
  C:\Windows\System\EdjGIfH.exe
  2⤵
  PID:6684
- C:\Windows\System\EPxUBjd.exe
  C:\Windows\System\EPxUBjd.exe
  2⤵
  PID:6704
- C:\Windows\System\aZIkhsU.exe
  C:\Windows\System\aZIkhsU.exe
  2⤵
  PID:6720
- C:\Windows\System\bjlUpCU.exe
  C:\Windows\System\bjlUpCU.exe
  2⤵
  PID:6740
- C:\Windows\System\wwGlOdr.exe
  C:\Windows\System\wwGlOdr.exe
  2⤵
  PID:6764
- C:\Windows\System\cmFmgBA.exe
  C:\Windows\System\cmFmgBA.exe
  2⤵
  PID:6784
- C:\Windows\System\FokiMxC.exe
  C:\Windows\System\FokiMxC.exe
  2⤵
  PID:6804
- C:\Windows\System\FIXVlkX.exe
  C:\Windows\System\FIXVlkX.exe
  2⤵
  PID:6820
- C:\Windows\System\vGbRbZO.exe
  C:\Windows\System\vGbRbZO.exe
  2⤵
  PID:6840
- C:\Windows\System\DqSFLby.exe
  C:\Windows\System\DqSFLby.exe
  2⤵
  PID:6856
- C:\Windows\System\NpBvQkj.exe
  C:\Windows\System\NpBvQkj.exe
  2⤵
  PID:6916
- C:\Windows\System\xtYWyMK.exe
  C:\Windows\System\xtYWyMK.exe
  2⤵
  PID:6932
- C:\Windows\System\CDuJraM.exe
  C:\Windows\System\CDuJraM.exe
  2⤵
  PID:6948
- C:\Windows\System\AsrRRxx.exe
  C:\Windows\System\AsrRRxx.exe
  2⤵
  PID:6964
- C:\Windows\System\EmKhNxh.exe
  C:\Windows\System\EmKhNxh.exe
  2⤵
  PID:6996
- C:\Windows\System\UQJvPRz.exe
  C:\Windows\System\UQJvPRz.exe
  2⤵
  PID:7020
- C:\Windows\System\ZCbArlA.exe
  C:\Windows\System\ZCbArlA.exe
  2⤵
  PID:7040
- C:\Windows\System\YcEodkF.exe
  C:\Windows\System\YcEodkF.exe
  2⤵
  PID:7056
- C:\Windows\System\mhGGtqH.exe
  C:\Windows\System\mhGGtqH.exe
  2⤵
  PID:7084
- C:\Windows\System\CpATITU.exe
  C:\Windows\System\CpATITU.exe
  2⤵
  PID:7100
- C:\Windows\System\nkkXkDb.exe
  C:\Windows\System\nkkXkDb.exe
  2⤵
  PID:7120
- C:\Windows\System\TgDDVmk.exe
  C:\Windows\System\TgDDVmk.exe
  2⤵
  PID:7136
- C:\Windows\System\xRbBgsA.exe
  C:\Windows\System\xRbBgsA.exe
  2⤵
  PID:7164
- C:\Windows\System\nauAzCR.exe
  C:\Windows\System\nauAzCR.exe
  2⤵
  PID:5924
- C:\Windows\System\FMtwszr.exe
  C:\Windows\System\FMtwszr.exe
  2⤵
  PID:2332
- C:\Windows\System\GLLRcXI.exe
  C:\Windows\System\GLLRcXI.exe
  2⤵
  PID:6172
- C:\Windows\System\OMilydo.exe
  C:\Windows\System\OMilydo.exe
  2⤵
  PID:6192
- C:\Windows\System\jtahEUP.exe
  C:\Windows\System\jtahEUP.exe
  2⤵
  PID:2428
- C:\Windows\System\QcKscXf.exe
  C:\Windows\System\QcKscXf.exe
  2⤵
  PID:6208
- C:\Windows\System\axBpZcW.exe
  C:\Windows\System\axBpZcW.exe
  2⤵
  PID:6240
- C:\Windows\System\YSIGkxD.exe
  C:\Windows\System\YSIGkxD.exe
  2⤵
  PID:6252
- C:\Windows\System\pyAvlqc.exe
  C:\Windows\System\pyAvlqc.exe
  2⤵
  PID:6308
- C:\Windows\System\KLUiUSB.exe
  C:\Windows\System\KLUiUSB.exe
  2⤵
  PID:6356
- C:\Windows\System\yysPFzT.exe
  C:\Windows\System\yysPFzT.exe
  2⤵
  PID:6396
- C:\Windows\System\LVtNeyY.exe
  C:\Windows\System\LVtNeyY.exe
  2⤵
  PID:6432
- C:\Windows\System\TscUQsw.exe
  C:\Windows\System\TscUQsw.exe
  2⤵
  PID:6440
- C:\Windows\System\vKLfnVZ.exe
  C:\Windows\System\vKLfnVZ.exe
  2⤵
  PID:6472
- C:\Windows\System\fLwVSva.exe
  C:\Windows\System\fLwVSva.exe
  2⤵
  PID:6500
- C:\Windows\System\JQSleRe.exe
  C:\Windows\System\JQSleRe.exe
  2⤵
  PID:6556
- C:\Windows\System\jUMBvZM.exe
  C:\Windows\System\jUMBvZM.exe
  2⤵
  PID:2476
- C:\Windows\System\BcCfMik.exe
  C:\Windows\System\BcCfMik.exe
  2⤵
  PID:6616
- C:\Windows\System\VmQkOIr.exe
  C:\Windows\System\VmQkOIr.exe
  2⤵
  PID:6640
- C:\Windows\System\FiYArPo.exe
  C:\Windows\System\FiYArPo.exe
  2⤵
  PID:6680
- C:\Windows\System\ICYLMvI.exe
  C:\Windows\System\ICYLMvI.exe
  2⤵
  PID:6716
- C:\Windows\System\bZMcpGh.exe
  C:\Windows\System\bZMcpGh.exe
  2⤵
  PID:6760
- C:\Windows\System\gZKaVmH.exe
  C:\Windows\System\gZKaVmH.exe
  2⤵
  PID:6780
- C:\Windows\System\zHEavFy.exe
  C:\Windows\System\zHEavFy.exe
  2⤵
  PID:6828
- C:\Windows\System\UGKTUbn.exe
  C:\Windows\System\UGKTUbn.exe
  2⤵
  PID:6832
- C:\Windows\System\MZaXFlr.exe
  C:\Windows\System\MZaXFlr.exe
  2⤵
  PID:6884
- C:\Windows\System\tXjKGjV.exe
  C:\Windows\System\tXjKGjV.exe
  2⤵
  PID:2184
- C:\Windows\System\vijovil.exe
  C:\Windows\System\vijovil.exe
  2⤵
  PID:2744
- C:\Windows\System\rqZXREi.exe
  C:\Windows\System\rqZXREi.exe
  2⤵
  PID:6972
- C:\Windows\System\ThsEjiF.exe
  C:\Windows\System\ThsEjiF.exe
  2⤵
  PID:6980
- C:\Windows\System\lpUbfsG.exe
  C:\Windows\System\lpUbfsG.exe
  2⤵
  PID:6976
- C:\Windows\System\LZyZaxU.exe
  C:\Windows\System\LZyZaxU.exe
  2⤵
  PID:7036
- C:\Windows\System\rVsXTTn.exe
  C:\Windows\System\rVsXTTn.exe
  2⤵
  PID:7048
- C:\Windows\System\EliLnPL.exe
  C:\Windows\System\EliLnPL.exe
  2⤵
  PID:7076
- C:\Windows\System\DsdtHhP.exe
  C:\Windows\System\DsdtHhP.exe
  2⤵
  PID:7116
- C:\Windows\System\YUsAFXv.exe
  C:\Windows\System\YUsAFXv.exe
  2⤵
  PID:7160
- C:\Windows\System\eTjoAUz.exe
  C:\Windows\System\eTjoAUz.exe
  2⤵
  PID:2280
- C:\Windows\System\BWESbHX.exe
  C:\Windows\System\BWESbHX.exe
  2⤵
  PID:2636
- C:\Windows\System\nCXMUGv.exe
  C:\Windows\System\nCXMUGv.exe
  2⤵
  PID:6136
- C:\Windows\System\TvATfse.exe
  C:\Windows\System\TvATfse.exe
  2⤵
  PID:2448
- C:\Windows\System\fCjKyvL.exe
  C:\Windows\System\fCjKyvL.exe
  2⤵
  PID:6288
- C:\Windows\System\xIxtolC.exe
  C:\Windows\System\xIxtolC.exe
  2⤵
  PID:6332
- C:\Windows\System\zlPlbqX.exe
  C:\Windows\System\zlPlbqX.exe
  2⤵
  PID:6228
- C:\Windows\System\uPRndrj.exe
  C:\Windows\System\uPRndrj.exe
  2⤵
  PID:6516
- C:\Windows\System\TjbYhLi.exe
  C:\Windows\System\TjbYhLi.exe
  2⤵
  PID:6412
- C:\Windows\System\toGsSxB.exe
  C:\Windows\System\toGsSxB.exe
  2⤵
  PID:6576
- C:\Windows\System\EELElLB.exe
  C:\Windows\System\EELElLB.exe
  2⤵
  PID:6660
- C:\Windows\System\dzlevpV.exe
  C:\Windows\System\dzlevpV.exe
  2⤵
  PID:6712
- C:\Windows\System\cVyiaYd.exe
  C:\Windows\System\cVyiaYd.exe
  2⤵
  PID:6736
- C:\Windows\System\BprPifC.exe
  C:\Windows\System\BprPifC.exe
  2⤵
  PID:6812
- C:\Windows\System\LizujMz.exe
  C:\Windows\System\LizujMz.exe
  2⤵
  PID:6852
- C:\Windows\System\hooRRQk.exe
  C:\Windows\System\hooRRQk.exe
  2⤵
  PID:1968
- C:\Windows\System\eYiAMzE.exe
  C:\Windows\System\eYiAMzE.exe
  2⤵
  PID:3032
- C:\Windows\System\ZVOfOrV.exe
  C:\Windows\System\ZVOfOrV.exe
  2⤵
  PID:6960
- C:\Windows\System\XnNEXlk.exe
  C:\Windows\System\XnNEXlk.exe
  2⤵
  PID:6912
- C:\Windows\System\uKlPMEa.exe
  C:\Windows\System\uKlPMEa.exe
  2⤵
  PID:7068
- C:\Windows\System\kMXIlTP.exe
  C:\Windows\System\kMXIlTP.exe
  2⤵
  PID:7112
- C:\Windows\System\EAEdwSA.exe
  C:\Windows\System\EAEdwSA.exe
  2⤵
  PID:6148
- C:\Windows\System\HKrNKvy.exe
  C:\Windows\System\HKrNKvy.exe
  2⤵
  PID:6164
- C:\Windows\System\MIRdIKp.exe
  C:\Windows\System\MIRdIKp.exe
  2⤵
  PID:6276
- C:\Windows\System\RyFyqcg.exe
  C:\Windows\System\RyFyqcg.exe
  2⤵
  PID:6364
- C:\Windows\System\FVJSnMA.exe
  C:\Windows\System\FVJSnMA.exe
  2⤵
  PID:6456
- C:\Windows\System\HMWZkir.exe
  C:\Windows\System\HMWZkir.exe
  2⤵
  PID:6560
- C:\Windows\System\UxjmhfW.exe
  C:\Windows\System\UxjmhfW.exe
  2⤵
  PID:6580
- C:\Windows\System\WdaxqAX.exe
  C:\Windows\System\WdaxqAX.exe
  2⤵
  PID:6624
- C:\Windows\System\rrsWIpt.exe
  C:\Windows\System\rrsWIpt.exe
  2⤵
  PID:6700
- C:\Windows\System\WTpmTCU.exe
  C:\Windows\System\WTpmTCU.exe
  2⤵
  PID:6888
- C:\Windows\System\RTOdhZj.exe
  C:\Windows\System\RTOdhZj.exe
  2⤵
  PID:6940
- C:\Windows\System\NreZCrt.exe
  C:\Windows\System\NreZCrt.exe
  2⤵
  PID:6896
- C:\Windows\System\pHsTACw.exe
  C:\Windows\System\pHsTACw.exe
  2⤵
  PID:6992
- C:\Windows\System\unnuWDZ.exe
  C:\Windows\System\unnuWDZ.exe
  2⤵
  PID:6348
- C:\Windows\System\EjOMTUZ.exe
  C:\Windows\System\EjOMTUZ.exe
  2⤵
  PID:2524
- C:\Windows\System\BBaqZxP.exe
  C:\Windows\System\BBaqZxP.exe
  2⤵
  PID:6512
- C:\Windows\System\MfsZDiT.exe
  C:\Windows\System\MfsZDiT.exe
  2⤵
  PID:6800
- C:\Windows\System\PONpCRQ.exe
  C:\Windows\System\PONpCRQ.exe
  2⤵
  PID:6460
- C:\Windows\System\kXDGPic.exe
  C:\Windows\System\kXDGPic.exe
  2⤵
  PID:6880
- C:\Windows\System\GHdxcYr.exe
  C:\Windows\System\GHdxcYr.exe
  2⤵
  PID:7072
- C:\Windows\System\rKMUPKD.exe
  C:\Windows\System\rKMUPKD.exe
  2⤵
  PID:7156
- C:\Windows\System\MOUaRDt.exe
  C:\Windows\System\MOUaRDt.exe
  2⤵
  PID:6292
- C:\Windows\System\ezNVAMY.exe
  C:\Windows\System\ezNVAMY.exe
  2⤵
  PID:6776
- C:\Windows\System\mJfJxGD.exe
  C:\Windows\System\mJfJxGD.exe
  2⤵
  PID:6924
- C:\Windows\System\vdmOzjp.exe
  C:\Windows\System\vdmOzjp.exe
  2⤵
  PID:7108
- C:\Windows\System\ItqXvuF.exe
  C:\Windows\System\ItqXvuF.exe
  2⤵
  PID:7152
- C:\Windows\System\TjKSXib.exe
  C:\Windows\System\TjKSXib.exe
  2⤵
  PID:6232
- C:\Windows\System\qGQEYoF.exe
  C:\Windows\System\qGQEYoF.exe
  2⤵
  PID:6676
- C:\Windows\System\QhqyjyZ.exe
  C:\Windows\System\QhqyjyZ.exe
  2⤵
  PID:7128
- C:\Windows\System\WXDXuCL.exe
  C:\Windows\System\WXDXuCL.exe
  2⤵
  PID:6816
- C:\Windows\System\wWKRWYj.exe
  C:\Windows\System\wWKRWYj.exe
  2⤵
  PID:7028
- C:\Windows\System\ZniwudL.exe
  C:\Windows\System\ZniwudL.exe
  2⤵
  PID:7196
- C:\Windows\System\fMsnXkW.exe
  C:\Windows\System\fMsnXkW.exe
  2⤵
  PID:7216
- C:\Windows\System\CuooKZa.exe
  C:\Windows\System\CuooKZa.exe
  2⤵
  PID:7232
- C:\Windows\System\IRehMrh.exe
  C:\Windows\System\IRehMrh.exe
  2⤵
  PID:7252
- C:\Windows\System\xWmgatO.exe
  C:\Windows\System\xWmgatO.exe
  2⤵
  PID:7268
- C:\Windows\System\BSRNLAU.exe
  C:\Windows\System\BSRNLAU.exe
  2⤵
  PID:7284
- C:\Windows\System\BREhUCD.exe
  C:\Windows\System\BREhUCD.exe
  2⤵
  PID:7312
- C:\Windows\System\wKQOCRw.exe
  C:\Windows\System\wKQOCRw.exe
  2⤵
  PID:7328
- C:\Windows\System\mUhOYde.exe
  C:\Windows\System\mUhOYde.exe
  2⤵
  PID:7344
- C:\Windows\System\EPFZLdt.exe
  C:\Windows\System\EPFZLdt.exe
  2⤵
  PID:7376
- C:\Windows\System\bcEJMBt.exe
  C:\Windows\System\bcEJMBt.exe
  2⤵
  PID:7392
- C:\Windows\System\itqxPKt.exe
  C:\Windows\System\itqxPKt.exe
  2⤵
  PID:7416
- C:\Windows\System\FSVIINQ.exe
  C:\Windows\System\FSVIINQ.exe
  2⤵
  PID:7432
- C:\Windows\System\svJxuJg.exe
  C:\Windows\System\svJxuJg.exe
  2⤵
  PID:7448
- C:\Windows\System\WfmukxH.exe
  C:\Windows\System\WfmukxH.exe
  2⤵
  PID:7464
- C:\Windows\System\HmxunQc.exe
  C:\Windows\System\HmxunQc.exe
  2⤵
  PID:7484
- C:\Windows\System\FbIBmld.exe
  C:\Windows\System\FbIBmld.exe
  2⤵
  PID:7500
- C:\Windows\System\wdXmIqz.exe
  C:\Windows\System\wdXmIqz.exe
  2⤵
  PID:7520
- C:\Windows\System\yOHwrrY.exe
  C:\Windows\System\yOHwrrY.exe
  2⤵
  PID:7536
- C:\Windows\System\TxbWaEO.exe
  C:\Windows\System\TxbWaEO.exe
  2⤵
  PID:7572
- C:\Windows\System\VlISBnW.exe
  C:\Windows\System\VlISBnW.exe
  2⤵
  PID:7596
- C:\Windows\System\qMKorPZ.exe
  C:\Windows\System\qMKorPZ.exe
  2⤵
  PID:7612
- C:\Windows\System\uPZxyFq.exe
  C:\Windows\System\uPZxyFq.exe
  2⤵
  PID:7628
- C:\Windows\System\HzNZLdu.exe
  C:\Windows\System\HzNZLdu.exe
  2⤵
  PID:7648
- C:\Windows\System\OieAkqK.exe
  C:\Windows\System\OieAkqK.exe
  2⤵
  PID:7664
- C:\Windows\System\Odfgxgw.exe
  C:\Windows\System\Odfgxgw.exe
  2⤵
  PID:7688
- C:\Windows\System\utWkZHm.exe
  C:\Windows\System\utWkZHm.exe
  2⤵
  PID:7712
- C:\Windows\System\FbUfouD.exe
  C:\Windows\System\FbUfouD.exe
  2⤵
  PID:7740
- C:\Windows\System\VRoICCz.exe
  C:\Windows\System\VRoICCz.exe
  2⤵
  PID:7756
- C:\Windows\System\oaoakCR.exe
  C:\Windows\System\oaoakCR.exe
  2⤵
  PID:7772
- C:\Windows\System\dMmqYVc.exe
  C:\Windows\System\dMmqYVc.exe
  2⤵
  PID:7824
- C:\Windows\System\igjYear.exe
  C:\Windows\System\igjYear.exe
  2⤵
  PID:7840
- C:\Windows\System\vXOlqvG.exe
  C:\Windows\System\vXOlqvG.exe
  2⤵
  PID:7856
- C:\Windows\System\hxnBEYB.exe
  C:\Windows\System\hxnBEYB.exe
  2⤵
  PID:7872
- C:\Windows\System\SPryBEO.exe
  C:\Windows\System\SPryBEO.exe
  2⤵
  PID:7888
- C:\Windows\System\tvUNOQz.exe
  C:\Windows\System\tvUNOQz.exe
  2⤵
  PID:7904
- C:\Windows\System\yphYrlp.exe
  C:\Windows\System\yphYrlp.exe
  2⤵
  PID:7920
- C:\Windows\System\fKEaUXM.exe
  C:\Windows\System\fKEaUXM.exe
  2⤵
  PID:7936
- C:\Windows\System\ognXLGX.exe
  C:\Windows\System\ognXLGX.exe
  2⤵
  PID:7952
- C:\Windows\System\ivTBDxg.exe
  C:\Windows\System\ivTBDxg.exe
  2⤵
  PID:7968
- C:\Windows\System\GXfzkPM.exe
  C:\Windows\System\GXfzkPM.exe
  2⤵
  PID:7984
- C:\Windows\System\CgGmwfo.exe
  C:\Windows\System\CgGmwfo.exe
  2⤵
  PID:8000
- C:\Windows\System\bThAhOH.exe
  C:\Windows\System\bThAhOH.exe
  2⤵
  PID:8016
- C:\Windows\System\xZKSjnV.exe
  C:\Windows\System\xZKSjnV.exe
  2⤵
  PID:8032
- C:\Windows\System\yDtMhyZ.exe
  C:\Windows\System\yDtMhyZ.exe
  2⤵
  PID:8048
- C:\Windows\System\KqkqBwR.exe
  C:\Windows\System\KqkqBwR.exe
  2⤵
  PID:8064
- C:\Windows\System\IKhtbCJ.exe
  C:\Windows\System\IKhtbCJ.exe
  2⤵
  PID:8080
- C:\Windows\System\LVKkjTg.exe
  C:\Windows\System\LVKkjTg.exe
  2⤵
  PID:8096
- C:\Windows\System\AItvQNZ.exe
  C:\Windows\System\AItvQNZ.exe
  2⤵
  PID:8112
- C:\Windows\System\oNLlhBS.exe
  C:\Windows\System\oNLlhBS.exe
  2⤵
  PID:8128
- C:\Windows\System\gBYYphx.exe
  C:\Windows\System\gBYYphx.exe
  2⤵
  PID:8144
- C:\Windows\System\EViEawM.exe
  C:\Windows\System\EViEawM.exe
  2⤵
  PID:8160
- C:\Windows\System\IgispQP.exe
  C:\Windows\System\IgispQP.exe
  2⤵
  PID:8176
- C:\Windows\System\oKdCGQt.exe
  C:\Windows\System\oKdCGQt.exe
  2⤵
  PID:6328
- C:\Windows\System\DSIeAvp.exe
  C:\Windows\System\DSIeAvp.exe
  2⤵
  PID:7184
- C:\Windows\System\JYWbViz.exe
  C:\Windows\System\JYWbViz.exe
  2⤵
  PID:7176
- C:\Windows\System\FeYBktG.exe
  C:\Windows\System\FeYBktG.exe
  2⤵
  PID:7244
- C:\Windows\System\DJtQHYH.exe
  C:\Windows\System\DJtQHYH.exe
  2⤵
  PID:7224
- C:\Windows\System\YwdDqdm.exe
  C:\Windows\System\YwdDqdm.exe
  2⤵
  PID:7264
- C:\Windows\System\xspwdLK.exe
  C:\Windows\System\xspwdLK.exe
  2⤵
  PID:7340
- C:\Windows\System\SwjchYL.exe
  C:\Windows\System\SwjchYL.exe
  2⤵
  PID:7352
- C:\Windows\System\lQmVkAZ.exe
  C:\Windows\System\lQmVkAZ.exe
  2⤵
  PID:7364
- C:\Windows\System\nfESBWo.exe
  C:\Windows\System\nfESBWo.exe
  2⤵
  PID:7404
- C:\Windows\System\vHrnhWe.exe
  C:\Windows\System\vHrnhWe.exe
  2⤵
  PID:7444
- C:\Windows\System\vfzRxwV.exe
  C:\Windows\System\vfzRxwV.exe
  2⤵
  PID:7508
- C:\Windows\System\xOpnWot.exe
  C:\Windows\System\xOpnWot.exe
  2⤵
  PID:7548
- C:\Windows\System\vpDNsxJ.exe
  C:\Windows\System\vpDNsxJ.exe
  2⤵
  PID:7560
- C:\Windows\System\BguvGac.exe
  C:\Windows\System\BguvGac.exe
  2⤵
  PID:7528
- C:\Windows\System\lLJvcBD.exe
  C:\Windows\System\lLJvcBD.exe
  2⤵
  PID:7460
- C:\Windows\System\DHYnCEF.exe
  C:\Windows\System\DHYnCEF.exe
  2⤵
  PID:7624
- C:\Windows\System\QyLaxcW.exe
  C:\Windows\System\QyLaxcW.exe
  2⤵
  PID:7672
- C:\Windows\System\TEVtRVN.exe
  C:\Windows\System\TEVtRVN.exe
  2⤵
  PID:7660
- C:\Windows\System\uOWynOM.exe
  C:\Windows\System\uOWynOM.exe
  2⤵
  PID:7696
- C:\Windows\System\XDnfTnU.exe
  C:\Windows\System\XDnfTnU.exe
  2⤵
  PID:7728
- C:\Windows\System\MgBZzON.exe
  C:\Windows\System\MgBZzON.exe
  2⤵
  PID:7780
- C:\Windows\System\IttmQrz.exe
  C:\Windows\System\IttmQrz.exe
  2⤵
  PID:1500
- C:\Windows\System\DDKmkBa.exe
  C:\Windows\System\DDKmkBa.exe
  2⤵
  PID:7812
- C:\Windows\System\MUXlnVw.exe
  C:\Windows\System\MUXlnVw.exe
  2⤵
  PID:7836
- C:\Windows\System\TVvDOrL.exe
  C:\Windows\System\TVvDOrL.exe
  2⤵
  PID:7896
- C:\Windows\System\FsRIPvI.exe
  C:\Windows\System\FsRIPvI.exe
  2⤵
  PID:7916
- C:\Windows\System\KvRWkYv.exe
  C:\Windows\System\KvRWkYv.exe
  2⤵
  PID:7944
- C:\Windows\System\lnYCFTA.exe
  C:\Windows\System\lnYCFTA.exe
  2⤵
  PID:8056
- C:\Windows\System\VfEPtWc.exe
  C:\Windows\System\VfEPtWc.exe
  2⤵
  PID:8072
- C:\Windows\System\jHTmWqz.exe
  C:\Windows\System\jHTmWqz.exe
  2⤵
  PID:8168
- C:\Windows\System\SRQfief.exe
  C:\Windows\System\SRQfief.exe
  2⤵
  PID:6428
- C:\Windows\System\HkVIriI.exe
  C:\Windows\System\HkVIriI.exe
  2⤵
  PID:7188
- C:\Windows\System\HsdwnTl.exe
  C:\Windows\System\HsdwnTl.exe
  2⤵
  PID:7280
- C:\Windows\System\DBIbHFT.exe
  C:\Windows\System\DBIbHFT.exe
  2⤵
  PID:7260
- C:\Windows\System\NHbmNSv.exe
  C:\Windows\System\NHbmNSv.exe
  2⤵
  PID:7304
- C:\Windows\System\drZjcEm.exe
  C:\Windows\System\drZjcEm.exe
  2⤵
  PID:7400
- C:\Windows\System\iHdiWvY.exe
  C:\Windows\System\iHdiWvY.exe
  2⤵
  PID:7556
- C:\Windows\System\NBGhFBp.exe
  C:\Windows\System\NBGhFBp.exe
  2⤵
  PID:7428
- C:\Windows\System\arRjUIw.exe
  C:\Windows\System\arRjUIw.exe
  2⤵
  PID:7644
- C:\Windows\System\TCeRHDM.exe
  C:\Windows\System\TCeRHDM.exe
  2⤵
  PID:7704
- C:\Windows\System\VPejPIq.exe
  C:\Windows\System\VPejPIq.exe
  2⤵
  PID:7736
- C:\Windows\System\IscfVQe.exe
  C:\Windows\System\IscfVQe.exe
  2⤵
  PID:2584
- C:\Windows\System\vNaWIpd.exe
  C:\Windows\System\vNaWIpd.exe
  2⤵
  PID:7784
- C:\Windows\System\IfuUFYG.exe
  C:\Windows\System\IfuUFYG.exe
  2⤵
  PID:7864
- C:\Windows\System\JwANafN.exe
  C:\Windows\System\JwANafN.exe
  2⤵
  PID:7928
- C:\Windows\System\epJhxko.exe
  C:\Windows\System\epJhxko.exe
  2⤵
  PID:7992
- C:\Windows\System\ZFrlZiv.exe
  C:\Windows\System\ZFrlZiv.exe
  2⤵
  PID:8008
- C:\Windows\System\ReXqQXn.exe
  C:\Windows\System\ReXqQXn.exe
  2⤵
  PID:8088
- C:\Windows\System\sjfHzNM.exe
  C:\Windows\System\sjfHzNM.exe
  2⤵
  PID:8136
- C:\Windows\System\CKOUpmE.exe
  C:\Windows\System\CKOUpmE.exe
  2⤵
  PID:8184
- C:\Windows\System\qUiRJUU.exe
  C:\Windows\System\qUiRJUU.exe
  2⤵
  PID:7276
- C:\Windows\System\jPvAkJP.exe
  C:\Windows\System\jPvAkJP.exe
  2⤵
  PID:7384
- C:\Windows\System\DiuTpsx.exe
  C:\Windows\System\DiuTpsx.exe
  2⤵
  PID:7412
- C:\Windows\System\eMIYurz.exe
  C:\Windows\System\eMIYurz.exe
  2⤵
  PID:7620
- C:\Windows\System\IVkKbcy.exe
  C:\Windows\System\IVkKbcy.exe
  2⤵
  PID:7720
- C:\Windows\System\oxVyJiR.exe
  C:\Windows\System\oxVyJiR.exe
  2⤵
  PID:7796
- C:\Windows\System\ULzbIwG.exe
  C:\Windows\System\ULzbIwG.exe
  2⤵
  PID:7852
- C:\Windows\System\wOGjjKY.exe
  C:\Windows\System\wOGjjKY.exe
  2⤵
  PID:7964
- C:\Windows\System\gOZTBDW.exe
  C:\Windows\System\gOZTBDW.exe
  2⤵
  PID:7996
- C:\Windows\System\jYBNckS.exe
  C:\Windows\System\jYBNckS.exe
  2⤵
  PID:8120
- C:\Windows\System\psDIraV.exe
  C:\Windows\System\psDIraV.exe
  2⤵
  PID:1340
- C:\Windows\System\sDiynjH.exe
  C:\Windows\System\sDiynjH.exe
  2⤵
  PID:7240
- C:\Windows\System\EfqPVfw.exe
  C:\Windows\System\EfqPVfw.exe
  2⤵
  PID:7476
- C:\Windows\System\RFYZnQG.exe
  C:\Windows\System\RFYZnQG.exe
  2⤵
  PID:8092
- C:\Windows\System\RbqFwrX.exe
  C:\Windows\System\RbqFwrX.exe
  2⤵
  PID:8012
- C:\Windows\System\OXiEHrf.exe
  C:\Windows\System\OXiEHrf.exe
  2⤵
  PID:7584
- C:\Windows\System\ULFVuWw.exe
  C:\Windows\System\ULFVuWw.exe
  2⤵
  PID:7588
- C:\Windows\System\QxHsaVi.exe
  C:\Windows\System\QxHsaVi.exe
  2⤵
  PID:7976
- C:\Windows\System\MaeYEuO.exe
  C:\Windows\System\MaeYEuO.exe
  2⤵
  PID:6772
- C:\Windows\System\DgYCZRQ.exe
  C:\Windows\System\DgYCZRQ.exe
  2⤵
  PID:8188
- C:\Windows\System\UHNuJsO.exe
  C:\Windows\System\UHNuJsO.exe
  2⤵
  PID:7496
- C:\Windows\System\yqvZWHn.exe
  C:\Windows\System\yqvZWHn.exe
  2⤵
  PID:8200
- C:\Windows\System\GgEszBK.exe
  C:\Windows\System\GgEszBK.exe
  2⤵
  PID:8216
- C:\Windows\System\cagskkh.exe
  C:\Windows\System\cagskkh.exe
  2⤵
  PID:8240
- C:\Windows\System\EQaPnAj.exe
  C:\Windows\System\EQaPnAj.exe
  2⤵
  PID:8256
- C:\Windows\System\lYdhlOl.exe
  C:\Windows\System\lYdhlOl.exe
  2⤵
  PID:8288
- C:\Windows\System\QDDAnTw.exe
  C:\Windows\System\QDDAnTw.exe
  2⤵
  PID:8304
- C:\Windows\System\XDAizLj.exe
  C:\Windows\System\XDAizLj.exe
  2⤵
  PID:8328
- C:\Windows\System\nyEdiKe.exe
  C:\Windows\System\nyEdiKe.exe
  2⤵
  PID:8348
- C:\Windows\System\ZLcmWVO.exe
  C:\Windows\System\ZLcmWVO.exe
  2⤵
  PID:8368
- C:\Windows\System\BdNJXll.exe
  C:\Windows\System\BdNJXll.exe
  2⤵
  PID:8388
- C:\Windows\System\LplmZdw.exe
  C:\Windows\System\LplmZdw.exe
  2⤵
  PID:8408
- C:\Windows\System\qHZPcsu.exe
  C:\Windows\System\qHZPcsu.exe
  2⤵
  PID:8428
- C:\Windows\System\jwXPgwF.exe
  C:\Windows\System\jwXPgwF.exe
  2⤵
  PID:8448
- C:\Windows\System\lfCSgcZ.exe
  C:\Windows\System\lfCSgcZ.exe
  2⤵
  PID:8464
- C:\Windows\System\ettIquY.exe
  C:\Windows\System\ettIquY.exe
  2⤵
  PID:8492
- C:\Windows\System\jRfLNdl.exe
  C:\Windows\System\jRfLNdl.exe
  2⤵
  PID:8508
- C:\Windows\System\HJOuljc.exe
  C:\Windows\System\HJOuljc.exe
  2⤵
  PID:8524
- C:\Windows\System\qEImLlF.exe
  C:\Windows\System\qEImLlF.exe
  2⤵
  PID:8548
- C:\Windows\System\ZvlMTts.exe
  C:\Windows\System\ZvlMTts.exe
  2⤵
  PID:8568
- C:\Windows\System\EgYDUlH.exe
  C:\Windows\System\EgYDUlH.exe
  2⤵
  PID:8584
- C:\Windows\System\ZUYhmsP.exe
  C:\Windows\System\ZUYhmsP.exe
  2⤵
  PID:8608
- C:\Windows\System\YHuKiGo.exe
  C:\Windows\System\YHuKiGo.exe
  2⤵
  PID:8632
- C:\Windows\System\jcvzpOn.exe
  C:\Windows\System\jcvzpOn.exe
  2⤵
  PID:8652
- C:\Windows\System\VSPrvGI.exe
  C:\Windows\System\VSPrvGI.exe
  2⤵
  PID:8668
- C:\Windows\System\QnkJBSf.exe
  C:\Windows\System\QnkJBSf.exe
  2⤵
  PID:8684
- C:\Windows\System\tflGpEd.exe
  C:\Windows\System\tflGpEd.exe
  2⤵
  PID:8700
- C:\Windows\System\ZcqbGIm.exe
  C:\Windows\System\ZcqbGIm.exe
  2⤵
  PID:8732
- C:\Windows\System\YsBRQUu.exe
  C:\Windows\System\YsBRQUu.exe
  2⤵
  PID:8748
- C:\Windows\System\aXHNYlq.exe
  C:\Windows\System\aXHNYlq.exe
  2⤵
  PID:8768
- C:\Windows\System\VtWJgpm.exe
  C:\Windows\System\VtWJgpm.exe
  2⤵
  PID:8792
- C:\Windows\System\FnswsKT.exe
  C:\Windows\System\FnswsKT.exe
  2⤵
  PID:8816
- C:\Windows\System\ZbxdjGa.exe
  C:\Windows\System\ZbxdjGa.exe
  2⤵
  PID:8832
- C:\Windows\System\OHqsotC.exe
  C:\Windows\System\OHqsotC.exe
  2⤵
  PID:8852
- C:\Windows\System\iruahfh.exe
  C:\Windows\System\iruahfh.exe
  2⤵
  PID:8868
- C:\Windows\System\gSQlEJS.exe
  C:\Windows\System\gSQlEJS.exe
  2⤵
  PID:8896
- C:\Windows\System\nnPYRhq.exe
  C:\Windows\System\nnPYRhq.exe
  2⤵
  PID:8912
- C:\Windows\System\NuLtFJt.exe
  C:\Windows\System\NuLtFJt.exe
  2⤵
  PID:8928
- C:\Windows\System\osKntQH.exe
  C:\Windows\System\osKntQH.exe
  2⤵
  PID:8944
- C:\Windows\System\jQzGTCF.exe
  C:\Windows\System\jQzGTCF.exe
  2⤵
  PID:8976
- C:\Windows\System\qXukjOC.exe
  C:\Windows\System\qXukjOC.exe
  2⤵
  PID:8992
- C:\Windows\System\jiMLFVe.exe
  C:\Windows\System\jiMLFVe.exe
  2⤵
  PID:9032
- C:\Windows\System\STvyWAO.exe
  C:\Windows\System\STvyWAO.exe
  2⤵
  PID:9048
- C:\Windows\System\onoFmEJ.exe
  C:\Windows\System\onoFmEJ.exe
  2⤵
  PID:9068
- C:\Windows\System\mChAPnn.exe
  C:\Windows\System\mChAPnn.exe
  2⤵
  PID:9088
- C:\Windows\System\LrTytKQ.exe
  C:\Windows\System\LrTytKQ.exe
  2⤵
  PID:9112
- C:\Windows\System\ImQyPDW.exe
  C:\Windows\System\ImQyPDW.exe
  2⤵
  PID:9136
- C:\Windows\System\uayKcQz.exe
  C:\Windows\System\uayKcQz.exe
  2⤵
  PID:9156
- C:\Windows\System\FIquWqo.exe
  C:\Windows\System\FIquWqo.exe
  2⤵
  PID:9176
- C:\Windows\System\NXbTHrs.exe
  C:\Windows\System\NXbTHrs.exe
  2⤵
  PID:9192
- C:\Windows\System\qFXgtGs.exe
  C:\Windows\System\qFXgtGs.exe
  2⤵
  PID:9208
- C:\Windows\System\LPNYvtV.exe
  C:\Windows\System\LPNYvtV.exe
  2⤵
  PID:8196
- C:\Windows\System\QcmptXq.exe
  C:\Windows\System\QcmptXq.exe
  2⤵
  PID:7724
- C:\Windows\System\ntPuOar.exe
  C:\Windows\System\ntPuOar.exe
  2⤵
  PID:8208
- C:\Windows\System\KuIYydA.exe
  C:\Windows\System\KuIYydA.exe
  2⤵
  PID:8236
- C:\Windows\System\tsbJzIl.exe
  C:\Windows\System\tsbJzIl.exe
  2⤵
  PID:8272
- C:\Windows\System\tXgoyCr.exe
  C:\Windows\System\tXgoyCr.exe
  2⤵
  PID:8316
- C:\Windows\System\jEkwaNL.exe
  C:\Windows\System\jEkwaNL.exe
  2⤵
  PID:8296
- C:\Windows\System\QHnHTqJ.exe
  C:\Windows\System\QHnHTqJ.exe
  2⤵
  PID:8336
- C:\Windows\System\NrqExgI.exe
  C:\Windows\System\NrqExgI.exe
  2⤵
  PID:8380
- C:\Windows\System\rLcuqkd.exe
  C:\Windows\System\rLcuqkd.exe
  2⤵
  PID:8416
- C:\Windows\System\UkYHNZa.exe
  C:\Windows\System\UkYHNZa.exe
  2⤵
  PID:8424
- C:\Windows\System\LwnRvFN.exe
  C:\Windows\System\LwnRvFN.exe
  2⤵
  PID:8500
- C:\Windows\System\JApOndV.exe
  C:\Windows\System\JApOndV.exe
  2⤵
  PID:8564
- C:\Windows\System\knnzmMC.exe
  C:\Windows\System\knnzmMC.exe
  2⤵
  PID:8540
- C:\Windows\System\wkeMGER.exe
  C:\Windows\System\wkeMGER.exe
  2⤵
  PID:8604
- C:\Windows\System\bbPsZwy.exe
  C:\Windows\System\bbPsZwy.exe
  2⤵
  PID:8624
- C:\Windows\System\MqwjTNp.exe
  C:\Windows\System\MqwjTNp.exe
  2⤵
  PID:8644
- C:\Windows\System\OAuGTek.exe
  C:\Windows\System\OAuGTek.exe
  2⤵
  PID:8712
- C:\Windows\System\DxhZTNr.exe
  C:\Windows\System\DxhZTNr.exe
  2⤵
  PID:7308
- C:\Windows\System\ZaHnCSB.exe
  C:\Windows\System\ZaHnCSB.exe
  2⤵
  PID:8776
- C:\Windows\System\MByNlhx.exe
  C:\Windows\System\MByNlhx.exe
  2⤵
  PID:8808
- C:\Windows\System\LvJdwmO.exe
  C:\Windows\System\LvJdwmO.exe
  2⤵
  PID:8828
- C:\Windows\System\jLFJZgO.exe
  C:\Windows\System\jLFJZgO.exe
  2⤵
  PID:8880
- C:\Windows\System\UCeDQKe.exe
  C:\Windows\System\UCeDQKe.exe
  2⤵
  PID:8920
- C:\Windows\System\yaNLVwX.exe
  C:\Windows\System\yaNLVwX.exe
  2⤵
  PID:8940
- C:\Windows\System\GQlBovT.exe
  C:\Windows\System\GQlBovT.exe
  2⤵
  PID:8960
- C:\Windows\System\irjuoxK.exe
  C:\Windows\System\irjuoxK.exe
  2⤵
  PID:9000
- C:\Windows\System\emtDnkA.exe
  C:\Windows\System\emtDnkA.exe
  2⤵
  PID:9016
- C:\Windows\System\kpznXmA.exe
  C:\Windows\System\kpznXmA.exe
  2⤵
  PID:9040
- C:\Windows\System\AFerFJm.exe
  C:\Windows\System\AFerFJm.exe
  2⤵
  PID:9084
- C:\Windows\System\KhLrTaW.exe
  C:\Windows\System\KhLrTaW.exe
  2⤵
  PID:9120
- C:\Windows\System\QBkRQfL.exe
  C:\Windows\System\QBkRQfL.exe
  2⤵
  PID:9144
- C:\Windows\System\PMPTDEy.exe
  C:\Windows\System\PMPTDEy.exe
  2⤵
  PID:9184
- C:\Windows\System\ijEhzkD.exe
  C:\Windows\System\ijEhzkD.exe
  2⤵
  PID:9200
- C:\Windows\System\eBzmiQn.exe
  C:\Windows\System\eBzmiQn.exe
  2⤵
  PID:7440
- C:\Windows\System\XwxjtXq.exe
  C:\Windows\System\XwxjtXq.exe
  2⤵
  PID:8152
- C:\Windows\System\ElBdNMT.exe
  C:\Windows\System\ElBdNMT.exe
  2⤵
  PID:8252
- C:\Windows\System\pFSZQIf.exe
  C:\Windows\System\pFSZQIf.exe
  2⤵
  PID:8376
- C:\Windows\System\lVMyRwl.exe
  C:\Windows\System\lVMyRwl.exe
  2⤵
  PID:8360
- C:\Windows\System\BzUrKhe.exe
  C:\Windows\System\BzUrKhe.exe
  2⤵
  PID:8476
- C:\Windows\System\mZHCyzx.exe
  C:\Windows\System\mZHCyzx.exe
  2⤵
  PID:8520
- C:\Windows\System\cgBBgfU.exe
  C:\Windows\System\cgBBgfU.exe
  2⤵
  PID:8536
- C:\Windows\System\tkfJjpr.exe
  C:\Windows\System\tkfJjpr.exe
  2⤵
  PID:8620
- C:\Windows\System\RXkVpRq.exe
  C:\Windows\System\RXkVpRq.exe
  2⤵
  PID:8696
- C:\Windows\System\utowdtk.exe
  C:\Windows\System\utowdtk.exe
  2⤵
  PID:8692
- C:\Windows\System\yAQRWfU.exe
  C:\Windows\System\yAQRWfU.exe
  2⤵
  PID:8760
- C:\Windows\System\yvTtwhA.exe
  C:\Windows\System\yvTtwhA.exe
  2⤵
  PID:8860
- C:\Windows\System\akcrHOF.exe
  C:\Windows\System\akcrHOF.exe
  2⤵
  PID:8888
- C:\Windows\System\PxLxXCz.exe
  C:\Windows\System\PxLxXCz.exe
  2⤵
  PID:8988
- C:\Windows\System\HlZHECb.exe
  C:\Windows\System\HlZHECb.exe
  2⤵
  PID:9004
- C:\Windows\System\EMgxmhC.exe
  C:\Windows\System\EMgxmhC.exe
  2⤵
  PID:9076
- C:\Windows\System\PsGzKeY.exe
  C:\Windows\System\PsGzKeY.exe
  2⤵
  PID:9100
- C:\Windows\System\RBWzLlY.exe
  C:\Windows\System\RBWzLlY.exe
  2⤵
  PID:9164
- C:\Windows\System\aeraQqS.exe
  C:\Windows\System\aeraQqS.exe
  2⤵
  PID:7456
- C:\Windows\System\VmRNRtv.exe
  C:\Windows\System\VmRNRtv.exe
  2⤵
  PID:8280
- C:\Windows\System\OMyrSLJ.exe
  C:\Windows\System\OMyrSLJ.exe
  2⤵
  PID:8212
- C:\Windows\System\MWRQYQr.exe
  C:\Windows\System\MWRQYQr.exe
  2⤵
  PID:9104
- C:\Windows\System\uTesHYJ.exe
  C:\Windows\System\uTesHYJ.exe
  2⤵
  PID:8420
- C:\Windows\System\cUfKxTO.exe
  C:\Windows\System\cUfKxTO.exe
  2⤵
  PID:8560
- C:\Windows\System\lsAWDYv.exe
  C:\Windows\System\lsAWDYv.exe
  2⤵
  PID:8784
- C:\Windows\System\ynGpEba.exe
  C:\Windows\System\ynGpEba.exe
  2⤵
  PID:8764
- C:\Windows\System\sNvpkHH.exe
  C:\Windows\System\sNvpkHH.exe
  2⤵
  PID:8840
- C:\Windows\System\nRWNHJi.exe
  C:\Windows\System\nRWNHJi.exe
  2⤵
  PID:8972
- C:\Windows\System\HhWETDf.exe
  C:\Windows\System\HhWETDf.exe
  2⤵
  PID:8952
- C:\Windows\System\wTDETbD.exe
  C:\Windows\System\wTDETbD.exe
  2⤵
  PID:9128
- C:\Windows\System\giBXSQq.exe
  C:\Windows\System\giBXSQq.exe
  2⤵
  PID:7640
- C:\Windows\System\mUEXFoa.exe
  C:\Windows\System\mUEXFoa.exe
  2⤵
  PID:7708
- C:\Windows\System\PINEYNi.exe
  C:\Windows\System\PINEYNi.exe
  2⤵
  PID:8484
- C:\Windows\System\JVtNYOS.exe
  C:\Windows\System\JVtNYOS.exe
  2⤵
  PID:8532
- C:\Windows\System\BVODjZG.exe
  C:\Windows\System\BVODjZG.exe
  2⤵
  PID:8728
- C:\Windows\System\cHBofQm.exe
  C:\Windows\System\cHBofQm.exe
  2⤵
  PID:8804
- C:\Windows\System\RwcyLEp.exe
  C:\Windows\System\RwcyLEp.exe
  2⤵
  PID:9012
- C:\Windows\System\jBduXNu.exe
  C:\Windows\System\jBduXNu.exe
  2⤵
  PID:9152
- C:\Windows\System\mjgwkkV.exe
  C:\Windows\System\mjgwkkV.exe
  2⤵
  PID:8104
- C:\Windows\System\rMspNQP.exe
  C:\Windows\System\rMspNQP.exe
  2⤵
  PID:8440
- C:\Windows\System\PiSPReP.exe
  C:\Windows\System\PiSPReP.exe
  2⤵
  PID:8708
- C:\Windows\System\XPYuPya.exe
  C:\Windows\System\XPYuPya.exe
  2⤵
  PID:9124
- C:\Windows\System\vOMDvDA.exe
  C:\Windows\System\vOMDvDA.exe
  2⤵
  PID:8364
- C:\Windows\System\xKZhFTC.exe
  C:\Windows\System\xKZhFTC.exe
  2⤵
  PID:8936
- C:\Windows\System\GrtHbWu.exe
  C:\Windows\System\GrtHbWu.exe
  2⤵
  PID:8600
- C:\Windows\System\hAzZOaj.exe
  C:\Windows\System\hAzZOaj.exe
  2⤵
  PID:9080
- C:\Windows\System\ovylpiY.exe
  C:\Windows\System\ovylpiY.exe
  2⤵
  PID:7768
- C:\Windows\System\HbTYyqm.exe
  C:\Windows\System\HbTYyqm.exe
  2⤵
  PID:9244
- C:\Windows\System\mshbWTe.exe
  C:\Windows\System\mshbWTe.exe
  2⤵
  PID:9260
- C:\Windows\System\GKqhaJS.exe
  C:\Windows\System\GKqhaJS.exe
  2⤵
  PID:9276
- C:\Windows\System\OdCpxBS.exe
  C:\Windows\System\OdCpxBS.exe
  2⤵
  PID:9300
- C:\Windows\System\ZGHBtBh.exe
  C:\Windows\System\ZGHBtBh.exe
  2⤵
  PID:9324
- C:\Windows\System\pxWEiLQ.exe
  C:\Windows\System\pxWEiLQ.exe
  2⤵
  PID:9340
- C:\Windows\System\veLFxuH.exe
  C:\Windows\System\veLFxuH.exe
  2⤵
  PID:9356
- C:\Windows\System\CRCblgu.exe
  C:\Windows\System\CRCblgu.exe
  2⤵
  PID:9376
- C:\Windows\System\efGnxat.exe
  C:\Windows\System\efGnxat.exe
  2⤵
  PID:9404
- C:\Windows\System\XNpBkWe.exe
  C:\Windows\System\XNpBkWe.exe
  2⤵
  PID:9420
- C:\Windows\System\LoRWagv.exe
  C:\Windows\System\LoRWagv.exe
  2⤵
  PID:9444
- C:\Windows\System\IHcBCgU.exe
  C:\Windows\System\IHcBCgU.exe
  2⤵
  PID:9460
- C:\Windows\System\WcodybI.exe
  C:\Windows\System\WcodybI.exe
  2⤵
  PID:9480
- C:\Windows\System\jAPphEP.exe
  C:\Windows\System\jAPphEP.exe
  2⤵
  PID:9500
- C:\Windows\System\ruFgzOd.exe
  C:\Windows\System\ruFgzOd.exe
  2⤵
  PID:9520
- C:\Windows\System\EHNfjke.exe
  C:\Windows\System\EHNfjke.exe
  2⤵
  PID:9540
- C:\Windows\System\CxhyvQM.exe
  C:\Windows\System\CxhyvQM.exe
  2⤵
  PID:9556
- C:\Windows\System\WLpoFjk.exe
  C:\Windows\System\WLpoFjk.exe
  2⤵
  PID:9584
- C:\Windows\System\ouMLfvJ.exe
  C:\Windows\System\ouMLfvJ.exe
  2⤵
  PID:9604
- C:\Windows\System\wCnyFvn.exe
  C:\Windows\System\wCnyFvn.exe
  2⤵
  PID:9620
- C:\Windows\System\jMWgXQW.exe
  C:\Windows\System\jMWgXQW.exe
  2⤵
  PID:9636
- C:\Windows\System\QVGiYZM.exe
  C:\Windows\System\QVGiYZM.exe
  2⤵
  PID:9660
- C:\Windows\System\NkHwCCi.exe
  C:\Windows\System\NkHwCCi.exe
  2⤵
  PID:9676
- C:\Windows\System\PTNRnni.exe
  C:\Windows\System\PTNRnni.exe
  2⤵
  PID:9700
- C:\Windows\System\yDDADoo.exe
  C:\Windows\System\yDDADoo.exe
  2⤵
  PID:9724
- C:\Windows\System\xNjNreC.exe
  C:\Windows\System\xNjNreC.exe
  2⤵
  PID:9740
- C:\Windows\System\SCdwlRz.exe
  C:\Windows\System\SCdwlRz.exe
  2⤵
  PID:9760
- C:\Windows\System\eXmEIZM.exe
  C:\Windows\System\eXmEIZM.exe
  2⤵
  PID:9780
- C:\Windows\System\ySACmyk.exe
  C:\Windows\System\ySACmyk.exe
  2⤵
  PID:9808
- C:\Windows\System\NbmUuoq.exe
  C:\Windows\System\NbmUuoq.exe
  2⤵
  PID:9824
- C:\Windows\System\HpCRjPV.exe
  C:\Windows\System\HpCRjPV.exe
  2⤵
  PID:9840
- C:\Windows\System\rGhbpke.exe
  C:\Windows\System\rGhbpke.exe
  2⤵
  PID:9860
- C:\Windows\System\pWsYrNH.exe
  C:\Windows\System\pWsYrNH.exe
  2⤵
  PID:9880
- C:\Windows\System\aUCzRZk.exe
  C:\Windows\System\aUCzRZk.exe
  2⤵
  PID:9900
- C:\Windows\System\fHOuFFC.exe
  C:\Windows\System\fHOuFFC.exe
  2⤵
  PID:9920
- C:\Windows\System\fzTOLFH.exe
  C:\Windows\System\fzTOLFH.exe
  2⤵
  PID:9940
- C:\Windows\System\ghUneWY.exe
  C:\Windows\System\ghUneWY.exe
  2⤵
  PID:9976
- C:\Windows\System\UHYrhhy.exe
  C:\Windows\System\UHYrhhy.exe
  2⤵
  PID:9996
- C:\Windows\System\GqxKaNS.exe
  C:\Windows\System\GqxKaNS.exe
  2⤵
  PID:10012
- C:\Windows\System\LnHgSWK.exe
  C:\Windows\System\LnHgSWK.exe
  2⤵
  PID:10028
- C:\Windows\System\sweIKrB.exe
  C:\Windows\System\sweIKrB.exe
  2⤵
  PID:10048
- C:\Windows\System\OTImJne.exe
  C:\Windows\System\OTImJne.exe
  2⤵
  PID:10064
- C:\Windows\System\WYvFSoh.exe
  C:\Windows\System\WYvFSoh.exe
  2⤵
  PID:10080
- C:\Windows\System\RvXbvkb.exe
  C:\Windows\System\RvXbvkb.exe
  2⤵
  PID:10096
- C:\Windows\System\UOaDKZj.exe
  C:\Windows\System\UOaDKZj.exe
  2⤵
  PID:10112
- C:\Windows\System\RzFKEsb.exe
  C:\Windows\System\RzFKEsb.exe
  2⤵
  PID:10128
- C:\Windows\System\bEdbvkf.exe
  C:\Windows\System\bEdbvkf.exe
  2⤵
  PID:10148
- C:\Windows\System\sTkqGbo.exe
  C:\Windows\System\sTkqGbo.exe
  2⤵
  PID:10164
- C:\Windows\System\HMLKEGJ.exe
  C:\Windows\System\HMLKEGJ.exe
  2⤵
  PID:10180
- C:\Windows\System\wGMZoff.exe
  C:\Windows\System\wGMZoff.exe
  2⤵
  PID:10196
- C:\Windows\System\etxNLzW.exe
  C:\Windows\System\etxNLzW.exe
  2⤵
  PID:10212
- C:\Windows\System\bZwhwTn.exe
  C:\Windows\System\bZwhwTn.exe
  2⤵
  PID:10228
- C:\Windows\System\ZJLICZE.exe
  C:\Windows\System\ZJLICZE.exe
  2⤵
  PID:8716
- C:\Windows\System\JmXNajl.exe
  C:\Windows\System\JmXNajl.exe
  2⤵
  PID:9224
- C:\Windows\System\DZbTZVN.exe
  C:\Windows\System\DZbTZVN.exe
  2⤵
  PID:9240
- C:\Windows\System\JiBHcVc.exe
  C:\Windows\System\JiBHcVc.exe
  2⤵
  PID:9272
- C:\Windows\System\rygFJcC.exe
  C:\Windows\System\rygFJcC.exe
  2⤵
  PID:9308
- C:\Windows\System\brluJMk.exe
  C:\Windows\System\brluJMk.exe
  2⤵
  PID:9348
- C:\Windows\System\OSnXOFB.exe
  C:\Windows\System\OSnXOFB.exe
  2⤵
  PID:9364
- C:\Windows\System\PWjdreu.exe
  C:\Windows\System\PWjdreu.exe
  2⤵
  PID:9368
- C:\Windows\System\fXdiWnm.exe
  C:\Windows\System\fXdiWnm.exe
  2⤵
  PID:9428
- C:\Windows\System\jNjJOAc.exe
  C:\Windows\System\jNjJOAc.exe
  2⤵
  PID:9432
- C:\Windows\System\xopJxOO.exe
  C:\Windows\System\xopJxOO.exe
  2⤵
  PID:9472
- C:\Windows\System\aGYtpYk.exe
  C:\Windows\System\aGYtpYk.exe
  2⤵
  PID:9488
- C:\Windows\System\xmoOVwx.exe
  C:\Windows\System\xmoOVwx.exe
  2⤵
  PID:9568
- C:\Windows\System\nVsnoVi.exe
  C:\Windows\System\nVsnoVi.exe
  2⤵
  PID:9580
- C:\Windows\System\IkaBtKm.exe
  C:\Windows\System\IkaBtKm.exe
  2⤵
  PID:9596
- C:\Windows\System\upqWcEI.exe
  C:\Windows\System\upqWcEI.exe
  2⤵
  PID:9672
- C:\Windows\System\khLKkHv.exe
  C:\Windows\System\khLKkHv.exe
  2⤵
  PID:9652
- C:\Windows\System\MtGHcnX.exe
  C:\Windows\System\MtGHcnX.exe
  2⤵
  PID:9684
- C:\Windows\System\HCFfxZB.exe
  C:\Windows\System\HCFfxZB.exe
  2⤵
  PID:9756
- C:\Windows\System\LeFZtjZ.exe
  C:\Windows\System\LeFZtjZ.exe
  2⤵
  PID:9788
- C:\Windows\System\BpFrRKA.exe
  C:\Windows\System\BpFrRKA.exe
  2⤵
  PID:9816
- C:\Windows\System\cbWUrWX.exe
  C:\Windows\System\cbWUrWX.exe
  2⤵
  PID:9868
- C:\Windows\System\ZfJWjvh.exe
  C:\Windows\System\ZfJWjvh.exe
  2⤵
  PID:9912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AqOqNvJ.exe

Filesize
6.0MB

MD5
b663c171fb2e1893008acbcc0f6f6422

SHA1
14c50160a2ae5d6d50df7b16e02b77b2ffa0eada

SHA256
0684227689203d27018b6d925a8750bec6cf094de42e489751ae9ee5ff4e5e53

SHA512
e8dc2ad24682aa87731e6c22f7f617482f708966b09bc7213e90dcb2ed77b402ac639d255c99492b10d9d18a36825415574b75099d321c154a3811001f76aa67

Download Submit
C:\Windows\system\BBRzDOr.exe

Filesize
6.0MB

MD5
4c99c7b2947a68ac2f964d4316c24b09

SHA1
0822c6f29e69c0561648cdfdc21ccbe55fdd76f1

SHA256
030578c4e72daab0bac58a41d6b213bc3eae81e22bfeb04539e5ecffa88d657f

SHA512
6fe23c704e1ffca52259a4751ea60949ec6a7940702df4003f6b8a47d4d6108f89288d67c7faa5172afb7b66ed132418092eb9681e0f0f6a6e0ea977eb44a503

Download Submit
C:\Windows\system\BIUYVkr.exe

Filesize
6.0MB

MD5
07f2c696263f16d50f0e28437d503c39

SHA1
0f221ad940ff1dc2655a085ed409ceefb0b38e0e

SHA256
2f766aee7cda869f6969a9358000da59f56c1d9ecd07809cc9179af0ff746d41

SHA512
9d903f9c570b7e5fac4140059f2b69d98ef3e8215ad3a9021a8e29176c5d1e2dc846f2e87a99573a8f24bd0890417facaa974ae86a3e276fe086e23c2a3f7942

Download Submit
C:\Windows\system\EdIyWcV.exe

Filesize
6.0MB

MD5
ea29ddcbc887fe645aa4d11a158358b0

SHA1
9df7f830374025c86fbe85b8d5ec448f3c0c6945

SHA256
ee76d634bd2df7955bfd59a28f98bde825ebebc69493963d859d2926efcd3efe

SHA512
4c7d1230d1af357f082378c1939ee073b74e44a0bd6bf0b31ab0a2563674cf6d9b897abc3feb23fc502aefcd3e363e488297c88c2c91850fcebd0bfa114d4732

Download Submit
C:\Windows\system\FWHBgUt.exe

Filesize
6.0MB

MD5
9722963aae8bba8ec4c77820387270ee

SHA1
7829f744e9a0140c038ae307b4ef08d3ccc3d285

SHA256
a530a12b462311e7b32374e7d685812656c6d474198f2faee73597e45816792a

SHA512
5ad67af1381cb90c5d2c22e7854479ea99180744199e31bf13809f692fb71dd9e310990884d57b29f1434e0c0a4df7fbac712e4c116c7aa2f2c00a20ec0eeed8

Download Submit
C:\Windows\system\FbriTBj.exe

Filesize
6.0MB

MD5
4de742a1f098d82c03a9ba396a726738

SHA1
8db2039bec708619e9e9cd45f12da493493e9173

SHA256
fba84dc04afa28083efc25dde3bc92be494adfefb8ea863b90cb6b11d47e1187

SHA512
04cee30808a8adc6ebbb8e70ff359918e9caf7faf203c80f056e09ec12de584cd256948d257b54f5219f9a3e88647c4e98aec45b9034322219c0cb1868621c8a

Download Submit
C:\Windows\system\FgPQkDC.exe

Filesize
6.0MB

MD5
e535c31fc752f8474469e0950ff8046f

SHA1
cec8367ee7e0b044120062d879c808b72e58eb7e

SHA256
8ad9a6aa95daea22e05349a8d9c52851fea1db0d9822feda3e9a8128a008d343

SHA512
b2e90afcb8cbb22576d983e6ec32a8dfa7b702cc087dd15c0f86e009879b51803faa963d73460249e83f2668c6c87c10b3f07c81fb6d9f886ffeb3cacdf7be6e

Download Submit
C:\Windows\system\GRhHvFi.exe

Filesize
6.0MB

MD5
22e1f3a11626954a61e7585b77ac1a87

SHA1
25d75cca47d8159cef3b65cb43c940fb53c079ae

SHA256
f2348e6eb414e1e4b8469cdd745e6d07192ca6e4c7e636bca659bd00d73e6745

SHA512
30241bc1524817603575b8cc8bdb1f035675a48efcdd0f94858402af8b0c885776a2a32d7bf69e67d470af8ec82414684a5732c96627dae46b4cd0752f595000

Download Submit
C:\Windows\system\HFqGuJN.exe

Filesize
6.0MB

MD5
edf54d50bbb37097456cae60e527c101

SHA1
89a3818791325a7288f7e940a2d0901058468acf

SHA256
a596f2647da85ba813586226450ccea63c5731bfeb7ebcff1d1d5b13beb4a58d

SHA512
9e53959d4a18dbb584aff5a494c43b25ec2907c78e3310a56f03e3ca1f676fd867c0cb6b8b57a97f318d811e905105adeae0a59f204b6fa89392be3d3a271150

Download Submit
C:\Windows\system\JEfKhOh.exe

Filesize
6.0MB

MD5
4a9d2cedb647a0a7b91f21b19a6464d2

SHA1
08893bbbef3121262efee028ffaf91c20aa5b15f

SHA256
ef2b922ea8e6ec961acdc1fd22edf22aa15aeff6c7de510bd9cb47222f777c42

SHA512
86ff2e9750b18831f2d25283aee752f91ae19e9119811c4f126ae57502962bdaa53e14fcedd454bb185bc07ceef4a42b97e0420d7283ab632c9b10fdaa70256e

Download Submit
C:\Windows\system\JmrFFiW.exe

Filesize
6.0MB

MD5
0f35f4bef828cbae7af412206171d11b

SHA1
f91eef42ed07fc4df14769fe7ea5a11236ae1d08

SHA256
32496dddfee7b8cb13792f730fda3155895491bedf064955f558e3c8730a554d

SHA512
56cea1ecfbbb469b3406d473a0bbebe54e7e5f6990d1ca2bc6a5aea7ac51e9a68f7f9a77fc9ccba992ef841b2268a218586eecd923362224a1c11a28a40cde1d

Download Submit
C:\Windows\system\JwLXiMa.exe

Filesize
6.0MB

MD5
f6e8c543e2d85ff3109dd6d149c6179d

SHA1
5e6c237dfb1143479b59e50541a3c2badd77700d

SHA256
e9b661d82c97fd9c06f4b48b774f194a71fa7af9dda06de7dc3b9a2c8a201a96

SHA512
89f11f7cd66ff5b740f43cf658a35df18d9bd8391fd273f666811e55418503132526140f4156cc2e1614c97907013a801f5b8da5047b5922cd3c56f45c91a49e

Download Submit
C:\Windows\system\LaKXZcL.exe

Filesize
6.0MB

MD5
8ef50269a3732bdc575f7842b8a8a45a

SHA1
5d7a0b395c16ccb9fbf3e44af39a7c5d0c349a5f

SHA256
88d4ea7f69c740e03a6d05e3a02c4fdc089cc09a565d3088f53aa6741401fd9c

SHA512
3111f5430bf33d1649f4e3913502a749dca443deedb0a69899a1697f2fcf55f7efa15769b04d53df36e91581aa02012276d9f1d734a3c9ee405e7118e603d77f

Download Submit
C:\Windows\system\LmpEaIL.exe

Filesize
6.0MB

MD5
492a8b9631570a05085d2ade19dbd4ae

SHA1
91407714d4e64d09dbc01bf02c6ecc12b49f1cba

SHA256
77045bebdfacd04c911bfee9bca91a9f3a9cc1d411b172e546909bcc8c5cbc99

SHA512
3463b884d9666d761dbd111a5eb5c3f1fc39eb9c7fd1099826cd7528b104ce66c6817922dab4c74d0a7321f15c32d22e487eabaaac4dd39c58006e91a82ef1e6

Download Submit
C:\Windows\system\ROhijoD.exe

Filesize
6.0MB

MD5
9474887ba78f68d28757b9de523689c2

SHA1
951609fb203b2b375ea76a998c0119f4e7a882ef

SHA256
34cdb2b23c69efec17a7659bf10606f5c65607d4380c134dcb8cb258a594a25a

SHA512
e904e3c17a8004affa34581a0233a3fe2bd841f1b973336fda602d171292805c443bdcde967155c1e9c6bc3de7f380fc43071b9329afbee3e6b88da677a0121f

Download Submit
C:\Windows\system\VEVwsDj.exe

Filesize
6.0MB

MD5
4cae078a0b0838d6b2788026966ecec6

SHA1
e81bba8bdafbb2e7ca5a80ab43191a25076e8f22

SHA256
0172d9cbed137016d897c15ad716aab2d569281257f75f41807065aa3ad49736

SHA512
b4baeb8459fd0d82c37e2b8a77d793d0a6f13be6598767f1daf21a57fface413bc3524199cbb38556826d1ef809970e2ed25ba14dbfd30917a3f0189c875df9e

Download Submit
C:\Windows\system\Yesieha.exe

Filesize
6.0MB

MD5
c85a7e339693060f9cf4221a8ef3863c

SHA1
36b45e21c34ee45688682ff01afe3a88d430b3d2

SHA256
5d71ca0077276038c4092b0e9fecf0363f102ed7b6026c3af211fdd3f5cbabe7

SHA512
1011f683cb2b99e7305f71d086191a75ab6743616a02168081f5cb1b324691a7c62a1bebbe99342051a534c460fe182c7f53236fb0ecc0c959906c63cb902ade

Download Submit
C:\Windows\system\ZSkuhuE.exe

Filesize
6.0MB

MD5
867d8ebca536db7542163c0dbfeac766

SHA1
eb2fcdefea065524fcee7cc9ce89c3061480767d

SHA256
cb19add8d58f8374183c6c27c4103c79e3c4a3844619fdcaffe68a3517f0a06a

SHA512
853a91d421fe34139c6edff6cf37e63003a3c0d72d319616be01593789833ac365684495c747e85680a85234f01f70019b499b6808d8d2c56129e5610cf599bd

Download Submit
C:\Windows\system\eHVVeNC.exe

Filesize
6.0MB

MD5
4af93a3a5ce7bf6193509489c932ba94

SHA1
68b6464b44e8a562e54928203d8e7aca15343a37

SHA256
15a11101c59564b029f8844e7c6a3b898a47d6e337a05c97ff48f221cbd60bbc

SHA512
be89e80e5cd0ad71845fbb5abc433c439935f81ccf0cdab35868cac55503c52158e12f082f706b8f6ca87d50966262664c023eea9a03a1e03b12bede47eb0a90

Download Submit
C:\Windows\system\kYJSyCJ.exe

Filesize
6.0MB

MD5
2afb183a8c6325ad26ef425805d6b3bb

SHA1
f22a744b7b2a1bfc928308c9cdd1348bb73b51bb

SHA256
4b16031a678259ec4a2049dc83a60c60d1d2b30968a16cd7fa3fa10187e4b246

SHA512
cb26da5e0146470e9341cbd906b98e372581c3ca4c13f4acd61710f907431f17d7fd020db4abdab44fd2ff08df4e0755d111ccf903bca0f1e4f25da829134a19

Download Submit
C:\Windows\system\omsXDbO.exe

Filesize
6.0MB

MD5
8658173e6614a399b0d74253a1ae5add

SHA1
d307d1577b12b59d276a21915e1bc9ad6aa939af

SHA256
139524827461844c2c51f539782cf3df2dd6b7ec17633876ce28f1b85850dc01

SHA512
284b98432cfdaa035bb2c5c86e9536b44f6908328b0b3e3f4853c96fb23d7829dd085d3df96e2c6720be6d5b1a9926813e3c181553cf65995a0818394d6496ba

Download Submit
C:\Windows\system\rySKXae.exe

Filesize
6.0MB

MD5
fa177ca4a11f91e295ad8f807aae5096

SHA1
169a0d8ce105e0907fcfd7e380dae2f143ccc26b

SHA256
2b5b3e556050d792697cfc7b500b92178793f116d7658c5aafe3d28028a96762

SHA512
9b2a80076a6159450570376a8d2d8a06c6933308c86d1fa93a024519dc3d6de4c60d5a2a851c27320f75816d3106ffaa826e1043b4faf28919d263729f5c6503

Download Submit
C:\Windows\system\vbYZsiT.exe

Filesize
6.0MB

MD5
fb83f31494341c2f2932aec7a29c8bbd

SHA1
254068fb43876e581af41b7cf995d3e21d380a8c

SHA256
e0f6524e32816b4f4bdf90fd3b1900040f6179636f55911fdcc8c7b279186c2e

SHA512
b906bfdf1295d6c947b77b0f5e3a5092f3f2eff54d063486223e0d738af73ff81cbfc6ab72c9a21d07ee25a51057a71d39b64a8fb455a184a4b543c71dbbe1e2

Download Submit
\Windows\system\KPkLJcn.exe

Filesize
6.0MB

MD5
51f2cb960f9f2f5f9eef60a835270847

SHA1
d66404b35c9023dd605eb74af67924793339965b

SHA256
c0dfa575971609b6d0fbb768e0114dcbe56219fdb7e55c98568065213057d55f

SHA512
cca7308489187cc6e947f7e25b51b298639171bcade0c6ad0661fbe27619f08f795d40755ddafd3b320997c5c8f9f0c5f2454504182b9347cce269fc2ca94d1c

Download Submit
\Windows\system\WogbPjP.exe

Filesize
6.0MB

MD5
5a22ee4451e1bfe68742759ec4f1123d

SHA1
e4799ac1fcd4666bb5d3c6a54c4a38d02c655242

SHA256
c31f11a1226d8c7051e22f98d69df3709f91712f5f4f7d0487c54a136e64e027

SHA512
7884563d96558c138dd20fdcf166a494917671d125840a3de1036c107652c029e2a2fde23a56c7963955ec33980fa3da5edf2f36587c841b49810ad84c32f199

Download Submit
\Windows\system\XXYBLiR.exe

Filesize
6.0MB

MD5
014322548cecf005cbbd5a4579bf890b

SHA1
22e94abc3ecff958296f891897015cc39a67d307

SHA256
5ab3a108e2a416d2367dbd80ba7ce7e511e29c03696b29483877816831918b71

SHA512
c108c3c7fe940f2da76089f5af7e19adb4adf7a7926c1705e0acd0eff5cc45097c3a6ab97a356c7e9af8cc121be121c1bf96d2f3f41031b9efc9dfddc4333010

Download Submit
\Windows\system\flxUCsT.exe

Filesize
6.0MB

MD5
62f584c723e61b6d58061c6ead130a57

SHA1
ba0a1f9f191e09c5ceb7fd217211fa8b0005a487

SHA256
33cf79c7beab54e167684b0667f83e4073e10539693e0d1b764798512112de96

SHA512
3f775ce7e9158e0793d5efb976f71dbfd236e82fbfd32745a214acc1034388560faa3ea7cdc5d8060495672447774bf048f572b111cbacd725d679be80f00777

Download Submit
\Windows\system\jRStRRY.exe

Filesize
6.0MB

MD5
672d5c58e6dd24ae72b4dc39a1710a96

SHA1
0f0dd021cc75610dc8bb1819640a369191b15b5c

SHA256
1cb4e0a355a019223e40f92e22bfd2208e3819a0cb53a9d36ad7deb4475bd3a7

SHA512
6736bd55745c42b317628082da2ddf36ec8482c9c76f0ab3ee8b4dd5555406d1a242bc5f202741d3b13592c25d374ce18008790ed4e594a99d26db1fcea5fa9e

Download Submit
\Windows\system\oyvZfoF.exe

Filesize
6.0MB

MD5
be18864750e8515e559c65b720db1e2a

SHA1
1d7ab306da21e72e898a48916e6abcacd8eb8961

SHA256
fc73e5e1aae1cc41985d431f089db1749716f734fbd7e7674a4261aba972a01c

SHA512
a82f1326ab8018592afdc3a601ef5599fbdedfee613bf21611588413151d49c83358e6af2b6c62356da1e679dcc005488fe84a2b989ef412c988589c8affc043

Download Submit
\Windows\system\pGXstoC.exe

Filesize
6.0MB

MD5
7b00dfaf6eac555cedb6dd220a8740e7

SHA1
e440ecd3ee3a05e34909f29a66e12b739b637f33

SHA256
a0be288c9d56c7a53125b5843737adf87f62f5c805f96e56cc4e560763e9ccbd

SHA512
df072abb8bd9aaada21d8c9bb4fd087e2e6eb4538242b3f9257c7cd066e18738da3f099106663e0246de807e2dd57540819eb1b9a6103b0e2ac76a82566bb00f

Download Submit
\Windows\system\qvXHlSS.exe

Filesize
6.0MB

MD5
9471270d4ed012062e2fcb8234eaf756

SHA1
5bd02ec0877f8fc5a7c32eb74691675959881f2f

SHA256
12e817148a696deb3f3382918dadb814e1b2396f2c439ac5717a62591c91699e

SHA512
d06f82a537c87713acab6e0381cfa06066d8cc3b4a7106be951fa7efe0604aeb900937c85660b5038ea20631345d17369d9eaf088590ecd359d01f662733a4ce

Download Submit
\Windows\system\vDHlssL.exe

Filesize
6.0MB

MD5
a8ce3cfcc0daeec04ec5d41ca130a644

SHA1
7077043c0df01cbae4d70c639a8064068edf71e8

SHA256
61449acd1379ea14f204a684b0b2074d79eaca896e01791347148637ed46822e

SHA512
50778f57b1afd65e95f002e4a71ecce3803f8ef0418f17fcbb39300535370ce468cef107cc05b8da6eb540a7a5ce80a885e815f57b3b5a4e51a333652afcd96f

Download Submit
memory/968-203-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/968-1543-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/968-83-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1576-107-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1576-68-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1576-1541-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1616-1540-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1616-99-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2136-60-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2136-1536-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2136-30-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1544-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2308-91-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2308-224-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1539-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2600-90-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2600-52-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1538-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2736-44-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2736-78-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2764-71-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2764-1547-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2764-38-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2808-216-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2808-7-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2808-187-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2808-268-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-35-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2808-67-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2808-31-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-75-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2808-24-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-86-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2808-49-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2808-20-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-87-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2808-41-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/2808-0-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-96-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-95-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-225-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-104-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-14-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-79-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2808-56-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-63-0x0000000002480000-0x00000000027D4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-1542-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2812-146-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2844-48-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2844-22-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1537-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1504-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2860-11-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2900-237-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1545-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-100-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1470-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2996-19-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2996-40-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/3036-108-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/3036-1546-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/3036-308-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download