cobaltstrike | d283f527a34e9a005e6883562a04c434cc73eba8a612ad7f9368f7eddedad0f5

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2b786720245a9a737f69533fb6005161
SHA1

bd1113476051f3c07b55b9c5ea0d1be5c48b8ef0
SHA256

d283f527a34e9a005e6883562a04c434cc73eba8a612ad7f9368f7eddedad0f5
SHA512

35bb0772baa6923fac456583f697a7b3c81e532fb4d070613a1f8ec4e198c21d751da05bc88da4095e2fde7f4727d216d776913c023717ebd909fff111d02b53
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUx:T+q56utgpPF8u/7x

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000c000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0b-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cfe-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d13-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d24-31.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2e-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d36-47.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c58-50.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3f-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d47-64.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-75.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-80.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-92.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-108.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-131.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-147.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-110.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-91.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2516-0-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012263-3.dat	xmrig
behavioral1/files/0x0007000000016d0b-12.dat	xmrig
behavioral1/memory/3000-21-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2052-22-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2516-17-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2940-16-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cfe-15.dat	xmrig
behavioral1/files/0x0008000000016d13-23.dat	xmrig
behavioral1/memory/2764-34-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/3028-32-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d24-31.dat	xmrig
behavioral1/files/0x0007000000016d2e-39.dat	xmrig
behavioral1/memory/2516-43-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2772-42-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d36-47.dat	xmrig
behavioral1/memory/2736-49-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig
behavioral1/files/0x0009000000016c58-50.dat	xmrig
behavioral1/files/0x0008000000016d3f-55.dat	xmrig
behavioral1/memory/2600-61-0x000000013F320000-0x000000013F674000-memory.dmp	xmrig
behavioral1/memory/2744-63-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2516-62-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d47-64.dat	xmrig
behavioral1/memory/2596-71-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/3028-67-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2764-76-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/3012-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp	xmrig
behavioral1/files/0x00060000000174ac-75.dat	xmrig
behavioral1/files/0x000600000001752f-80.dat	xmrig
behavioral1/memory/1764-85-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/files/0x0009000000018678-92.dat	xmrig
behavioral1/files/0x00060000000190d6-108.dat	xmrig
behavioral1/files/0x00050000000191f7-131.dat	xmrig
behavioral1/files/0x00060000000190cd-103.dat	xmrig
behavioral1/memory/2516-250-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/1764-784-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/1852-955-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2516-556-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2596-434-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2516-329-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c4-187.dat	xmrig
behavioral1/files/0x00050000000193be-182.dat	xmrig
behavioral1/files/0x0005000000019389-177.dat	xmrig
behavioral1/files/0x0005000000019382-172.dat	xmrig
behavioral1/files/0x0005000000019273-162.dat	xmrig
behavioral1/files/0x0005000000019277-167.dat	xmrig
behavioral1/files/0x0005000000019271-158.dat	xmrig
behavioral1/files/0x000500000001926b-152.dat	xmrig
behavioral1/files/0x0005000000019234-142.dat	xmrig
behavioral1/files/0x000500000001924c-147.dat	xmrig
behavioral1/files/0x0005000000019218-126.dat	xmrig
behavioral1/files/0x00050000000191f3-114.dat	xmrig
behavioral1/files/0x0005000000019229-132.dat	xmrig
behavioral1/files/0x0005000000018690-122.dat	xmrig
behavioral1/files/0x000500000001879b-110.dat	xmrig
behavioral1/memory/1852-100-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x001500000001866d-91.dat	xmrig
behavioral1/memory/3000-3919-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2940-3921-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2052-3920-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/3028-3924-0x000000013FEC0000-0x0000000140214000-memory.dmp	xmrig
behavioral1/memory/2764-3929-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2772-3939-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2736-3992-0x000000013F210000-0x000000013F564000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

eSYOuDJ.exeQLSpnIM.exeYHjjDYm.exesgMmVGM.exeQUWrfOU.exeeYxJxRv.exeJRalTBN.exedbjWJUj.exeTrRuWOZ.exeXVyHGqe.exeCKcwCcf.exevtTryvL.exeuvcAGDe.exeoErdKiv.exeDAcTtdD.exeirKQStw.exeoZxhjLr.exeDihhJSP.exePocRlLl.exeQbZYfQR.exeaXdibAo.exeSVmSXdk.exeMTxVwGN.exeEtwRjVc.exehewjtnU.exetvQIcps.exeWukeGDV.exevVQZRJt.exeNdZvdxN.exeZEyIhcu.exebHYKPTG.exeUTyYDhw.exefDNjouh.exebtRyBIf.exeJyGgqmT.exeCgyNvcE.exeirEwgnk.exezPgxNUt.exegeDLeBC.execGwoefU.exehmogLgO.exelFPmDFb.exeRFqcTfA.exeSAmpLta.exebpKaqOb.exegoGgWbA.exemVWKDcr.exeWYtIJRN.exebvCJuoN.exeAccVTPM.exeLSgdiyj.exeVBgsjVP.exekOoYxAC.exevqVmFmO.exedHgElaz.exeGfTfXDx.exeGPQOdGZ.exempIbUNP.exeNTWQfnH.exeZDTcBkT.exeAGFhFqH.exetcczyqx.exekXtqqcS.exewJgdUeF.exe

pid	Process
2940	eSYOuDJ.exe
3000	QLSpnIM.exe
2052	YHjjDYm.exe
3028	sgMmVGM.exe
2764	QUWrfOU.exe
2772	eYxJxRv.exe
2736	JRalTBN.exe
2600	dbjWJUj.exe
2744	TrRuWOZ.exe
2596	XVyHGqe.exe
3012	CKcwCcf.exe
1764	vtTryvL.exe
1852	uvcAGDe.exe
1240	oErdKiv.exe
1940	DAcTtdD.exe
2396	irKQStw.exe
2644	oZxhjLr.exe
1700	DihhJSP.exe
1624	PocRlLl.exe
1044	QbZYfQR.exe
2328	aXdibAo.exe
1656	SVmSXdk.exe
1248	MTxVwGN.exe
2116	EtwRjVc.exe
1612	hewjtnU.exe
2220	tvQIcps.exe
2216	WukeGDV.exe
2124	vVQZRJt.exe
584	NdZvdxN.exe
2444	ZEyIhcu.exe
448	bHYKPTG.exe
3052	UTyYDhw.exe
2548	fDNjouh.exe
968	btRyBIf.exe
336	JyGgqmT.exe
1108	CgyNvcE.exe
908	irEwgnk.exe
1224	zPgxNUt.exe
1592	geDLeBC.exe
1896	cGwoefU.exe
904	hmogLgO.exe
680	lFPmDFb.exe
2300	RFqcTfA.exe
328	SAmpLta.exe
2096	bpKaqOb.exe
2076	goGgWbA.exe
604	mVWKDcr.exe
2492	WYtIJRN.exe
2100	bvCJuoN.exe
1416	AccVTPM.exe
352	LSgdiyj.exe
896	VBgsjVP.exe
2340	kOoYxAC.exe
2372	vqVmFmO.exe
2520	dHgElaz.exe
1988	GfTfXDx.exe
2384	GPQOdGZ.exe
2756	mpIbUNP.exe
2716	NTWQfnH.exe
3044	ZDTcBkT.exe
2832	AGFhFqH.exe
2580	tcczyqx.exe
2688	kXtqqcS.exe
1492	wJgdUeF.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2516-0-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x000c000000012263-3.dat	upx
behavioral1/files/0x0007000000016d0b-12.dat	upx
behavioral1/memory/3000-21-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2052-22-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2940-16-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x0008000000016cfe-15.dat	upx
behavioral1/files/0x0008000000016d13-23.dat	upx
behavioral1/memory/2764-34-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/3028-32-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/files/0x0007000000016d24-31.dat	upx
behavioral1/files/0x0007000000016d2e-39.dat	upx
behavioral1/memory/2516-43-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2772-42-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x0007000000016d36-47.dat	upx
behavioral1/memory/2736-49-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/files/0x0009000000016c58-50.dat	upx
behavioral1/files/0x0008000000016d3f-55.dat	upx
behavioral1/memory/2600-61-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2744-63-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/files/0x0008000000016d47-64.dat	upx
behavioral1/memory/2596-71-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/3028-67-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2764-76-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/3012-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp	upx
behavioral1/files/0x00060000000174ac-75.dat	upx
behavioral1/files/0x000600000001752f-80.dat	upx
behavioral1/memory/1764-85-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/files/0x0009000000018678-92.dat	upx
behavioral1/files/0x00060000000190d6-108.dat	upx
behavioral1/files/0x00050000000191f7-131.dat	upx
behavioral1/files/0x00060000000190cd-103.dat	upx
behavioral1/memory/1764-784-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/1852-955-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2596-434-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x00050000000193c4-187.dat	upx
behavioral1/files/0x00050000000193be-182.dat	upx
behavioral1/files/0x0005000000019389-177.dat	upx
behavioral1/files/0x0005000000019382-172.dat	upx
behavioral1/files/0x0005000000019273-162.dat	upx
behavioral1/files/0x0005000000019277-167.dat	upx
behavioral1/files/0x0005000000019271-158.dat	upx
behavioral1/files/0x000500000001926b-152.dat	upx
behavioral1/files/0x0005000000019234-142.dat	upx
behavioral1/files/0x000500000001924c-147.dat	upx
behavioral1/files/0x0005000000019218-126.dat	upx
behavioral1/files/0x00050000000191f3-114.dat	upx
behavioral1/files/0x0005000000019229-132.dat	upx
behavioral1/files/0x0005000000018690-122.dat	upx
behavioral1/files/0x000500000001879b-110.dat	upx
behavioral1/memory/1852-100-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x001500000001866d-91.dat	upx
behavioral1/memory/3000-3919-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2940-3921-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2052-3920-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/3028-3924-0x000000013FEC0000-0x0000000140214000-memory.dmp	upx
behavioral1/memory/2764-3929-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2772-3939-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2736-3992-0x000000013F210000-0x000000013F564000-memory.dmp	upx
behavioral1/memory/2600-4018-0x000000013F320000-0x000000013F674000-memory.dmp	upx
behavioral1/memory/2744-4031-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2596-4037-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/1764-4083-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/1852-4085-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\QLSpnIM.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAYuTAS.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYbSFvc.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUrhIub.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPKvaUB.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjqacTU.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qXxQpoT.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SnxtVQv.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EuOzKPd.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LSgdiyj.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKNZQAE.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UWkLYdL.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kpAaPqN.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YETbOGx.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUuxBED.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txUqRNZ.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkAjTcB.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yBpGWIg.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDkoIDZ.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqplPoR.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmstLGb.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHnnmZp.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lNBmMCs.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSpBgKE.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxXnnkm.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlAsByz.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riLHPSr.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUxqfkN.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxEqqHL.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GnmZkEa.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGfpZPC.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HsyKDDB.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOhcXMe.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aHpmLOI.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgIyZGd.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iDhdyks.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucmJzER.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNAdeZg.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJlTwRy.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkYNuoW.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUvIEvo.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMYjFdG.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sowojkK.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vhqwOEr.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wsgLgMv.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxKSsuu.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GSzvgzl.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cXmzKGB.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUwtWVy.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwgQzBN.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OYnRkmM.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdEbWug.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJAZIPk.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnOmiiC.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjXXior.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swTXEyA.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aooRRrD.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrbndNX.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsdNdbG.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TOBCiZP.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAiIEhY.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cemavva.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdnJTvx.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgjIXvK.exe	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2516 wrote to memory of 2940	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2516 wrote to memory of 2940	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2516 wrote to memory of 2940	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2516 wrote to memory of 3000	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2516 wrote to memory of 3000	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2516 wrote to memory of 3000	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2516 wrote to memory of 2052	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2516 wrote to memory of 2052	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2516 wrote to memory of 2052	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2516 wrote to memory of 3028	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2516 wrote to memory of 3028	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2516 wrote to memory of 3028	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2516 wrote to memory of 2764	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2516 wrote to memory of 2764	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2516 wrote to memory of 2764	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2516 wrote to memory of 2772	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2516 wrote to memory of 2772	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2516 wrote to memory of 2772	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2516 wrote to memory of 2736	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2516 wrote to memory of 2736	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2516 wrote to memory of 2736	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2516 wrote to memory of 2600	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2516 wrote to memory of 2600	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2516 wrote to memory of 2600	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2516 wrote to memory of 2744	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2516 wrote to memory of 2744	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2516 wrote to memory of 2744	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2516 wrote to memory of 2596	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2516 wrote to memory of 2596	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2516 wrote to memory of 2596	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2516 wrote to memory of 3012	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2516 wrote to memory of 3012	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2516 wrote to memory of 3012	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2516 wrote to memory of 1764	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2516 wrote to memory of 1764	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2516 wrote to memory of 1764	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2516 wrote to memory of 1852	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2516 wrote to memory of 1852	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2516 wrote to memory of 1852	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2516 wrote to memory of 1240	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2516 wrote to memory of 1240	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2516 wrote to memory of 1240	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2516 wrote to memory of 2644	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2516 wrote to memory of 2644	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2516 wrote to memory of 2644	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2516 wrote to memory of 1940	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2516 wrote to memory of 1940	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2516 wrote to memory of 1940	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2516 wrote to memory of 1700	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2516 wrote to memory of 1700	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2516 wrote to memory of 1700	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2516 wrote to memory of 2396	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2516 wrote to memory of 2396	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2516 wrote to memory of 2396	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2516 wrote to memory of 2328	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2516 wrote to memory of 2328	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2516 wrote to memory of 2328	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2516 wrote to memory of 1624	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2516 wrote to memory of 1624	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2516 wrote to memory of 1624	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2516 wrote to memory of 1656	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2516 wrote to memory of 1656	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2516 wrote to memory of 1656	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2516 wrote to memory of 1044	2516	2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_2b786720245a9a737f69533fb6005161_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Windows\System\eSYOuDJ.exe
  C:\Windows\System\eSYOuDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\QLSpnIM.exe
  C:\Windows\System\QLSpnIM.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\YHjjDYm.exe
  C:\Windows\System\YHjjDYm.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\sgMmVGM.exe
  C:\Windows\System\sgMmVGM.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\QUWrfOU.exe
  C:\Windows\System\QUWrfOU.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\eYxJxRv.exe
  C:\Windows\System\eYxJxRv.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\JRalTBN.exe
  C:\Windows\System\JRalTBN.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\dbjWJUj.exe
  C:\Windows\System\dbjWJUj.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\TrRuWOZ.exe
  C:\Windows\System\TrRuWOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\XVyHGqe.exe
  C:\Windows\System\XVyHGqe.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\CKcwCcf.exe
  C:\Windows\System\CKcwCcf.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\vtTryvL.exe
  C:\Windows\System\vtTryvL.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\uvcAGDe.exe
  C:\Windows\System\uvcAGDe.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\oErdKiv.exe
  C:\Windows\System\oErdKiv.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\oZxhjLr.exe
  C:\Windows\System\oZxhjLr.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\DAcTtdD.exe
  C:\Windows\System\DAcTtdD.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\DihhJSP.exe
  C:\Windows\System\DihhJSP.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\irKQStw.exe
  C:\Windows\System\irKQStw.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\aXdibAo.exe
  C:\Windows\System\aXdibAo.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\PocRlLl.exe
  C:\Windows\System\PocRlLl.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\SVmSXdk.exe
  C:\Windows\System\SVmSXdk.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\QbZYfQR.exe
  C:\Windows\System\QbZYfQR.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\MTxVwGN.exe
  C:\Windows\System\MTxVwGN.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\EtwRjVc.exe
  C:\Windows\System\EtwRjVc.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\hewjtnU.exe
  C:\Windows\System\hewjtnU.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\tvQIcps.exe
  C:\Windows\System\tvQIcps.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\WukeGDV.exe
  C:\Windows\System\WukeGDV.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\vVQZRJt.exe
  C:\Windows\System\vVQZRJt.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\NdZvdxN.exe
  C:\Windows\System\NdZvdxN.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\ZEyIhcu.exe
  C:\Windows\System\ZEyIhcu.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\bHYKPTG.exe
  C:\Windows\System\bHYKPTG.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\UTyYDhw.exe
  C:\Windows\System\UTyYDhw.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\fDNjouh.exe
  C:\Windows\System\fDNjouh.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\btRyBIf.exe
  C:\Windows\System\btRyBIf.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\JyGgqmT.exe
  C:\Windows\System\JyGgqmT.exe
  2⤵
  - Executes dropped EXE
  PID:336
- C:\Windows\System\CgyNvcE.exe
  C:\Windows\System\CgyNvcE.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\irEwgnk.exe
  C:\Windows\System\irEwgnk.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\zPgxNUt.exe
  C:\Windows\System\zPgxNUt.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\geDLeBC.exe
  C:\Windows\System\geDLeBC.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\cGwoefU.exe
  C:\Windows\System\cGwoefU.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\hmogLgO.exe
  C:\Windows\System\hmogLgO.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\lFPmDFb.exe
  C:\Windows\System\lFPmDFb.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\RFqcTfA.exe
  C:\Windows\System\RFqcTfA.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\SAmpLta.exe
  C:\Windows\System\SAmpLta.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\bpKaqOb.exe
  C:\Windows\System\bpKaqOb.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\goGgWbA.exe
  C:\Windows\System\goGgWbA.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\mVWKDcr.exe
  C:\Windows\System\mVWKDcr.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\WYtIJRN.exe
  C:\Windows\System\WYtIJRN.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\bvCJuoN.exe
  C:\Windows\System\bvCJuoN.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\AccVTPM.exe
  C:\Windows\System\AccVTPM.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\LSgdiyj.exe
  C:\Windows\System\LSgdiyj.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\VBgsjVP.exe
  C:\Windows\System\VBgsjVP.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\kOoYxAC.exe
  C:\Windows\System\kOoYxAC.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\vqVmFmO.exe
  C:\Windows\System\vqVmFmO.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\dHgElaz.exe
  C:\Windows\System\dHgElaz.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\GfTfXDx.exe
  C:\Windows\System\GfTfXDx.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\GPQOdGZ.exe
  C:\Windows\System\GPQOdGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\mpIbUNP.exe
  C:\Windows\System\mpIbUNP.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\NTWQfnH.exe
  C:\Windows\System\NTWQfnH.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\ZDTcBkT.exe
  C:\Windows\System\ZDTcBkT.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\AGFhFqH.exe
  C:\Windows\System\AGFhFqH.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\tcczyqx.exe
  C:\Windows\System\tcczyqx.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\kXtqqcS.exe
  C:\Windows\System\kXtqqcS.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\wJgdUeF.exe
  C:\Windows\System\wJgdUeF.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\PBzvQwf.exe
  C:\Windows\System\PBzvQwf.exe
  2⤵
  PID:2992
- C:\Windows\System\pBvdeKY.exe
  C:\Windows\System\pBvdeKY.exe
  2⤵
  PID:668
- C:\Windows\System\RBsHkHX.exe
  C:\Windows\System\RBsHkHX.exe
  2⤵
  PID:1836
- C:\Windows\System\TOOnMBR.exe
  C:\Windows\System\TOOnMBR.exe
  2⤵
  PID:1648
- C:\Windows\System\JZqyMxi.exe
  C:\Windows\System\JZqyMxi.exe
  2⤵
  PID:2120
- C:\Windows\System\GWgnESq.exe
  C:\Windows\System\GWgnESq.exe
  2⤵
  PID:1352
- C:\Windows\System\RmgEvfw.exe
  C:\Windows\System\RmgEvfw.exe
  2⤵
  PID:1720
- C:\Windows\System\MtBWXOY.exe
  C:\Windows\System\MtBWXOY.exe
  2⤵
  PID:856
- C:\Windows\System\uSGZsCz.exe
  C:\Windows\System\uSGZsCz.exe
  2⤵
  PID:1684
- C:\Windows\System\iCMtojA.exe
  C:\Windows\System\iCMtojA.exe
  2⤵
  PID:2676
- C:\Windows\System\jjnjvyU.exe
  C:\Windows\System\jjnjvyU.exe
  2⤵
  PID:964
- C:\Windows\System\OoxGxeB.exe
  C:\Windows\System\OoxGxeB.exe
  2⤵
  PID:2916
- C:\Windows\System\WmipiLH.exe
  C:\Windows\System\WmipiLH.exe
  2⤵
  PID:1768
- C:\Windows\System\OeonuqA.exe
  C:\Windows\System\OeonuqA.exe
  2⤵
  PID:2392
- C:\Windows\System\YUvIEvo.exe
  C:\Windows\System\YUvIEvo.exe
  2⤵
  PID:2636
- C:\Windows\System\psajFPX.exe
  C:\Windows\System\psajFPX.exe
  2⤵
  PID:1552
- C:\Windows\System\feiyYOQ.exe
  C:\Windows\System\feiyYOQ.exe
  2⤵
  PID:1472
- C:\Windows\System\DtGyOhI.exe
  C:\Windows\System\DtGyOhI.exe
  2⤵
  PID:1596
- C:\Windows\System\VTLvyMu.exe
  C:\Windows\System\VTLvyMu.exe
  2⤵
  PID:860
- C:\Windows\System\XeDoKse.exe
  C:\Windows\System\XeDoKse.exe
  2⤵
  PID:540
- C:\Windows\System\OVkDjFV.exe
  C:\Windows\System\OVkDjFV.exe
  2⤵
  PID:3040
- C:\Windows\System\UnsVRGe.exe
  C:\Windows\System\UnsVRGe.exe
  2⤵
  PID:2088
- C:\Windows\System\NGyelyR.exe
  C:\Windows\System\NGyelyR.exe
  2⤵
  PID:1604
- C:\Windows\System\DMpzKqZ.exe
  C:\Windows\System\DMpzKqZ.exe
  2⤵
  PID:316
- C:\Windows\System\wsgLgMv.exe
  C:\Windows\System\wsgLgMv.exe
  2⤵
  PID:112
- C:\Windows\System\xNROnuP.exe
  C:\Windows\System\xNROnuP.exe
  2⤵
  PID:3048
- C:\Windows\System\AtPRMdq.exe
  C:\Windows\System\AtPRMdq.exe
  2⤵
  PID:1516
- C:\Windows\System\nydUxMI.exe
  C:\Windows\System\nydUxMI.exe
  2⤵
  PID:1512
- C:\Windows\System\JotmOst.exe
  C:\Windows\System\JotmOst.exe
  2⤵
  PID:2724
- C:\Windows\System\bUzTqtA.exe
  C:\Windows\System\bUzTqtA.exe
  2⤵
  PID:2784
- C:\Windows\System\HrEFoAf.exe
  C:\Windows\System\HrEFoAf.exe
  2⤵
  PID:2768
- C:\Windows\System\tCDiLZO.exe
  C:\Windows\System\tCDiLZO.exe
  2⤵
  PID:2996
- C:\Windows\System\cnaKEZz.exe
  C:\Windows\System\cnaKEZz.exe
  2⤵
  PID:2692
- C:\Windows\System\GkfpXic.exe
  C:\Windows\System\GkfpXic.exe
  2⤵
  PID:1636
- C:\Windows\System\IzQEVpV.exe
  C:\Windows\System\IzQEVpV.exe
  2⤵
  PID:2020
- C:\Windows\System\mwgQzBN.exe
  C:\Windows\System\mwgQzBN.exe
  2⤵
  PID:1844
- C:\Windows\System\PYqJhPG.exe
  C:\Windows\System\PYqJhPG.exe
  2⤵
  PID:2908
- C:\Windows\System\offkNgg.exe
  C:\Windows\System\offkNgg.exe
  2⤵
  PID:2672
- C:\Windows\System\jBqvjAE.exe
  C:\Windows\System\jBqvjAE.exe
  2⤵
  PID:1620
- C:\Windows\System\xrHjWMC.exe
  C:\Windows\System\xrHjWMC.exe
  2⤵
  PID:2380
- C:\Windows\System\WkCbIVP.exe
  C:\Windows\System\WkCbIVP.exe
  2⤵
  PID:1756
- C:\Windows\System\YvDmioh.exe
  C:\Windows\System\YvDmioh.exe
  2⤵
  PID:1204
- C:\Windows\System\CjUsRmI.exe
  C:\Windows\System\CjUsRmI.exe
  2⤵
  PID:1468
- C:\Windows\System\IWtcmMa.exe
  C:\Windows\System\IWtcmMa.exe
  2⤵
  PID:1932
- C:\Windows\System\VjESpKy.exe
  C:\Windows\System\VjESpKy.exe
  2⤵
  PID:1208
- C:\Windows\System\YBoyyMg.exe
  C:\Windows\System\YBoyyMg.exe
  2⤵
  PID:3064
- C:\Windows\System\TiTPmDZ.exe
  C:\Windows\System\TiTPmDZ.exe
  2⤵
  PID:1976
- C:\Windows\System\rsupGEA.exe
  C:\Windows\System\rsupGEA.exe
  2⤵
  PID:1484
- C:\Windows\System\gRqUjHm.exe
  C:\Windows\System\gRqUjHm.exe
  2⤵
  PID:2960
- C:\Windows\System\fopiCHF.exe
  C:\Windows\System\fopiCHF.exe
  2⤵
  PID:2936
- C:\Windows\System\EhHtvKK.exe
  C:\Windows\System\EhHtvKK.exe
  2⤵
  PID:2656
- C:\Windows\System\qVKhOxW.exe
  C:\Windows\System\qVKhOxW.exe
  2⤵
  PID:2852
- C:\Windows\System\YjwRaSe.exe
  C:\Windows\System\YjwRaSe.exe
  2⤵
  PID:1868
- C:\Windows\System\srSxlSD.exe
  C:\Windows\System\srSxlSD.exe
  2⤵
  PID:1192
- C:\Windows\System\MuzUuyd.exe
  C:\Windows\System\MuzUuyd.exe
  2⤵
  PID:2616
- C:\Windows\System\HgRAQqn.exe
  C:\Windows\System\HgRAQqn.exe
  2⤵
  PID:1840
- C:\Windows\System\kFBeokS.exe
  C:\Windows\System\kFBeokS.exe
  2⤵
  PID:1016
- C:\Windows\System\uEsOJzR.exe
  C:\Windows\System\uEsOJzR.exe
  2⤵
  PID:2224
- C:\Windows\System\XezEiWI.exe
  C:\Windows\System\XezEiWI.exe
  2⤵
  PID:2272
- C:\Windows\System\AYyMZRA.exe
  C:\Windows\System\AYyMZRA.exe
  2⤵
  PID:1652
- C:\Windows\System\SwSbENh.exe
  C:\Windows\System\SwSbENh.exe
  2⤵
  PID:2404
- C:\Windows\System\uIiOfAt.exe
  C:\Windows\System\uIiOfAt.exe
  2⤵
  PID:2360
- C:\Windows\System\NBRjlfj.exe
  C:\Windows\System\NBRjlfj.exe
  2⤵
  PID:2612
- C:\Windows\System\ABjHBsW.exe
  C:\Windows\System\ABjHBsW.exe
  2⤵
  PID:2160
- C:\Windows\System\xvERnhZ.exe
  C:\Windows\System\xvERnhZ.exe
  2⤵
  PID:2604
- C:\Windows\System\dbJKzDf.exe
  C:\Windows\System\dbJKzDf.exe
  2⤵
  PID:2128
- C:\Windows\System\iAGSqdi.exe
  C:\Windows\System\iAGSqdi.exe
  2⤵
  PID:536
- C:\Windows\System\AUvkSxT.exe
  C:\Windows\System\AUvkSxT.exe
  2⤵
  PID:2560
- C:\Windows\System\CbDcqvH.exe
  C:\Windows\System\CbDcqvH.exe
  2⤵
  PID:736
- C:\Windows\System\EMzsNUF.exe
  C:\Windows\System\EMzsNUF.exe
  2⤵
  PID:760
- C:\Windows\System\DtYPsXo.exe
  C:\Windows\System\DtYPsXo.exe
  2⤵
  PID:808
- C:\Windows\System\jZNMTCQ.exe
  C:\Windows\System\jZNMTCQ.exe
  2⤵
  PID:1536
- C:\Windows\System\vdxctPq.exe
  C:\Windows\System\vdxctPq.exe
  2⤵
  PID:2868
- C:\Windows\System\OZiasDG.exe
  C:\Windows\System\OZiasDG.exe
  2⤵
  PID:3088
- C:\Windows\System\QtaRxnf.exe
  C:\Windows\System\QtaRxnf.exe
  2⤵
  PID:3108
- C:\Windows\System\bltUMFJ.exe
  C:\Windows\System\bltUMFJ.exe
  2⤵
  PID:3124
- C:\Windows\System\OKIQfbP.exe
  C:\Windows\System\OKIQfbP.exe
  2⤵
  PID:3144
- C:\Windows\System\aPnxdbr.exe
  C:\Windows\System\aPnxdbr.exe
  2⤵
  PID:3164
- C:\Windows\System\PenjRJq.exe
  C:\Windows\System\PenjRJq.exe
  2⤵
  PID:3184
- C:\Windows\System\dZVmzQY.exe
  C:\Windows\System\dZVmzQY.exe
  2⤵
  PID:3204
- C:\Windows\System\huqgyMd.exe
  C:\Windows\System\huqgyMd.exe
  2⤵
  PID:3224
- C:\Windows\System\LArizpK.exe
  C:\Windows\System\LArizpK.exe
  2⤵
  PID:3248
- C:\Windows\System\HAuCCrn.exe
  C:\Windows\System\HAuCCrn.exe
  2⤵
  PID:3268
- C:\Windows\System\FXFTiGd.exe
  C:\Windows\System\FXFTiGd.exe
  2⤵
  PID:3284
- C:\Windows\System\eSYChFA.exe
  C:\Windows\System\eSYChFA.exe
  2⤵
  PID:3308
- C:\Windows\System\lyouiME.exe
  C:\Windows\System\lyouiME.exe
  2⤵
  PID:3324
- C:\Windows\System\HsyKDDB.exe
  C:\Windows\System\HsyKDDB.exe
  2⤵
  PID:3344
- C:\Windows\System\FTgbWBA.exe
  C:\Windows\System\FTgbWBA.exe
  2⤵
  PID:3364
- C:\Windows\System\hhDLaWe.exe
  C:\Windows\System\hhDLaWe.exe
  2⤵
  PID:3384
- C:\Windows\System\txUqRNZ.exe
  C:\Windows\System\txUqRNZ.exe
  2⤵
  PID:3400
- C:\Windows\System\OcvKQGu.exe
  C:\Windows\System\OcvKQGu.exe
  2⤵
  PID:3424
- C:\Windows\System\gbZPZdr.exe
  C:\Windows\System\gbZPZdr.exe
  2⤵
  PID:3444
- C:\Windows\System\hJyDQSl.exe
  C:\Windows\System\hJyDQSl.exe
  2⤵
  PID:3464
- C:\Windows\System\nkFiycC.exe
  C:\Windows\System\nkFiycC.exe
  2⤵
  PID:3480
- C:\Windows\System\dbrkhCY.exe
  C:\Windows\System\dbrkhCY.exe
  2⤵
  PID:3500
- C:\Windows\System\wKgCFIP.exe
  C:\Windows\System\wKgCFIP.exe
  2⤵
  PID:3520
- C:\Windows\System\ojXKMga.exe
  C:\Windows\System\ojXKMga.exe
  2⤵
  PID:3540
- C:\Windows\System\gKldnyQ.exe
  C:\Windows\System\gKldnyQ.exe
  2⤵
  PID:3556
- C:\Windows\System\GkaeCrC.exe
  C:\Windows\System\GkaeCrC.exe
  2⤵
  PID:3576
- C:\Windows\System\UEofEge.exe
  C:\Windows\System\UEofEge.exe
  2⤵
  PID:3600
- C:\Windows\System\YjCPEDK.exe
  C:\Windows\System\YjCPEDK.exe
  2⤵
  PID:3624
- C:\Windows\System\DBknZYL.exe
  C:\Windows\System\DBknZYL.exe
  2⤵
  PID:3644
- C:\Windows\System\EAYuTAS.exe
  C:\Windows\System\EAYuTAS.exe
  2⤵
  PID:3664
- C:\Windows\System\ONikpsf.exe
  C:\Windows\System\ONikpsf.exe
  2⤵
  PID:3692
- C:\Windows\System\aTGCJyM.exe
  C:\Windows\System\aTGCJyM.exe
  2⤵
  PID:3712
- C:\Windows\System\PqsIOCi.exe
  C:\Windows\System\PqsIOCi.exe
  2⤵
  PID:3728
- C:\Windows\System\buaqYhb.exe
  C:\Windows\System\buaqYhb.exe
  2⤵
  PID:3748
- C:\Windows\System\vgjOoQk.exe
  C:\Windows\System\vgjOoQk.exe
  2⤵
  PID:3768
- C:\Windows\System\zpKwxGT.exe
  C:\Windows\System\zpKwxGT.exe
  2⤵
  PID:3788
- C:\Windows\System\HihUhKI.exe
  C:\Windows\System\HihUhKI.exe
  2⤵
  PID:3804
- C:\Windows\System\qlrsRHA.exe
  C:\Windows\System\qlrsRHA.exe
  2⤵
  PID:3824
- C:\Windows\System\cejBdHN.exe
  C:\Windows\System\cejBdHN.exe
  2⤵
  PID:3844
- C:\Windows\System\DWFEXXo.exe
  C:\Windows\System\DWFEXXo.exe
  2⤵
  PID:3864
- C:\Windows\System\pNqhiXY.exe
  C:\Windows\System\pNqhiXY.exe
  2⤵
  PID:3884
- C:\Windows\System\cMenTlw.exe
  C:\Windows\System\cMenTlw.exe
  2⤵
  PID:3904
- C:\Windows\System\RMLuQpA.exe
  C:\Windows\System\RMLuQpA.exe
  2⤵
  PID:3924
- C:\Windows\System\spOWYTZ.exe
  C:\Windows\System\spOWYTZ.exe
  2⤵
  PID:3944
- C:\Windows\System\TEeIprO.exe
  C:\Windows\System\TEeIprO.exe
  2⤵
  PID:3972
- C:\Windows\System\pckczoj.exe
  C:\Windows\System\pckczoj.exe
  2⤵
  PID:3992
- C:\Windows\System\LacAPtA.exe
  C:\Windows\System\LacAPtA.exe
  2⤵
  PID:4012
- C:\Windows\System\sptuJHz.exe
  C:\Windows\System\sptuJHz.exe
  2⤵
  PID:4032
- C:\Windows\System\qoNHflG.exe
  C:\Windows\System\qoNHflG.exe
  2⤵
  PID:4048
- C:\Windows\System\sSdCbIT.exe
  C:\Windows\System\sSdCbIT.exe
  2⤵
  PID:4068
- C:\Windows\System\jgjHcmt.exe
  C:\Windows\System\jgjHcmt.exe
  2⤵
  PID:4088
- C:\Windows\System\QPHYBbN.exe
  C:\Windows\System\QPHYBbN.exe
  2⤵
  PID:2348
- C:\Windows\System\FLqZjap.exe
  C:\Windows\System\FLqZjap.exe
  2⤵
  PID:280
- C:\Windows\System\DCnFozA.exe
  C:\Windows\System\DCnFozA.exe
  2⤵
  PID:3004
- C:\Windows\System\nlKlnMG.exe
  C:\Windows\System\nlKlnMG.exe
  2⤵
  PID:2332
- C:\Windows\System\BYbSFvc.exe
  C:\Windows\System\BYbSFvc.exe
  2⤵
  PID:1220
- C:\Windows\System\BjQeWbA.exe
  C:\Windows\System\BjQeWbA.exe
  2⤵
  PID:3136
- C:\Windows\System\SkQbmPU.exe
  C:\Windows\System\SkQbmPU.exe
  2⤵
  PID:3172
- C:\Windows\System\OYnRkmM.exe
  C:\Windows\System\OYnRkmM.exe
  2⤵
  PID:3152
- C:\Windows\System\jGBLugm.exe
  C:\Windows\System\jGBLugm.exe
  2⤵
  PID:3216
- C:\Windows\System\MEDljAk.exe
  C:\Windows\System\MEDljAk.exe
  2⤵
  PID:3292
- C:\Windows\System\egLTYoJ.exe
  C:\Windows\System\egLTYoJ.exe
  2⤵
  PID:3340
- C:\Windows\System\ZhsAIyT.exe
  C:\Windows\System\ZhsAIyT.exe
  2⤵
  PID:3420
- C:\Windows\System\RejMRCl.exe
  C:\Windows\System\RejMRCl.exe
  2⤵
  PID:3192
- C:\Windows\System\MIFkdja.exe
  C:\Windows\System\MIFkdja.exe
  2⤵
  PID:3460
- C:\Windows\System\sVTUGHB.exe
  C:\Windows\System\sVTUGHB.exe
  2⤵
  PID:3280
- C:\Windows\System\dmsOGiM.exe
  C:\Windows\System\dmsOGiM.exe
  2⤵
  PID:3528
- C:\Windows\System\esOJHGV.exe
  C:\Windows\System\esOJHGV.exe
  2⤵
  PID:3356
- C:\Windows\System\bflHJxN.exe
  C:\Windows\System\bflHJxN.exe
  2⤵
  PID:3608
- C:\Windows\System\GbHuqLN.exe
  C:\Windows\System\GbHuqLN.exe
  2⤵
  PID:3516
- C:\Windows\System\KPRKDJR.exe
  C:\Windows\System\KPRKDJR.exe
  2⤵
  PID:3512
- C:\Windows\System\YtkFMXg.exe
  C:\Windows\System\YtkFMXg.exe
  2⤵
  PID:3432
- C:\Windows\System\fIxsOYf.exe
  C:\Windows\System\fIxsOYf.exe
  2⤵
  PID:3552
- C:\Windows\System\JuikIKW.exe
  C:\Windows\System\JuikIKW.exe
  2⤵
  PID:3744
- C:\Windows\System\FcJySig.exe
  C:\Windows\System\FcJySig.exe
  2⤵
  PID:3636
- C:\Windows\System\hgHHAAS.exe
  C:\Windows\System\hgHHAAS.exe
  2⤵
  PID:3640
- C:\Windows\System\AIosUID.exe
  C:\Windows\System\AIosUID.exe
  2⤵
  PID:3816
- C:\Windows\System\jhJfQtZ.exe
  C:\Windows\System\jhJfQtZ.exe
  2⤵
  PID:3688
- C:\Windows\System\YMPGozT.exe
  C:\Windows\System\YMPGozT.exe
  2⤵
  PID:3724
- C:\Windows\System\whwDTOF.exe
  C:\Windows\System\whwDTOF.exe
  2⤵
  PID:3764
- C:\Windows\System\BKbcDYa.exe
  C:\Windows\System\BKbcDYa.exe
  2⤵
  PID:3836
- C:\Windows\System\DJrxSik.exe
  C:\Windows\System\DJrxSik.exe
  2⤵
  PID:3980
- C:\Windows\System\mOITUnP.exe
  C:\Windows\System\mOITUnP.exe
  2⤵
  PID:3952
- C:\Windows\System\NuMbHQD.exe
  C:\Windows\System\NuMbHQD.exe
  2⤵
  PID:3872
- C:\Windows\System\RKDRWft.exe
  C:\Windows\System\RKDRWft.exe
  2⤵
  PID:3968
- C:\Windows\System\gmlUegi.exe
  C:\Windows\System\gmlUegi.exe
  2⤵
  PID:4000
- C:\Windows\System\gHOwkSC.exe
  C:\Windows\System\gHOwkSC.exe
  2⤵
  PID:2208
- C:\Windows\System\UJCFotZ.exe
  C:\Windows\System\UJCFotZ.exe
  2⤵
  PID:1392
- C:\Windows\System\tIcIwWb.exe
  C:\Windows\System\tIcIwWb.exe
  2⤵
  PID:4080
- C:\Windows\System\QrNqwwZ.exe
  C:\Windows\System\QrNqwwZ.exe
  2⤵
  PID:2564
- C:\Windows\System\TazSIIp.exe
  C:\Windows\System\TazSIIp.exe
  2⤵
  PID:3084
- C:\Windows\System\AiqktuM.exe
  C:\Windows\System\AiqktuM.exe
  2⤵
  PID:2788
- C:\Windows\System\MfwWoGX.exe
  C:\Windows\System\MfwWoGX.exe
  2⤵
  PID:3120
- C:\Windows\System\uqcuKJd.exe
  C:\Windows\System\uqcuKJd.exe
  2⤵
  PID:3300
- C:\Windows\System\eoGvNrf.exe
  C:\Windows\System\eoGvNrf.exe
  2⤵
  PID:3236
- C:\Windows\System\rkZBSpy.exe
  C:\Windows\System\rkZBSpy.exe
  2⤵
  PID:3496
- C:\Windows\System\NyVnYaJ.exe
  C:\Windows\System\NyVnYaJ.exe
  2⤵
  PID:3240
- C:\Windows\System\DKZrBHk.exe
  C:\Windows\System\DKZrBHk.exe
  2⤵
  PID:2972
- C:\Windows\System\QcHQCtu.exe
  C:\Windows\System\QcHQCtu.exe
  2⤵
  PID:3564
- C:\Windows\System\kxQozwW.exe
  C:\Windows\System\kxQozwW.exe
  2⤵
  PID:3440
- C:\Windows\System\TZsGoEK.exe
  C:\Windows\System\TZsGoEK.exe
  2⤵
  PID:3704
- C:\Windows\System\LIKivQj.exe
  C:\Windows\System\LIKivQj.exe
  2⤵
  PID:3676
- C:\Windows\System\MEpSJFN.exe
  C:\Windows\System\MEpSJFN.exe
  2⤵
  PID:3784
- C:\Windows\System\DeLDbov.exe
  C:\Windows\System\DeLDbov.exe
  2⤵
  PID:3812
- C:\Windows\System\CAwqTtb.exe
  C:\Windows\System\CAwqTtb.exe
  2⤵
  PID:1712
- C:\Windows\System\cRCQffl.exe
  C:\Windows\System\cRCQffl.exe
  2⤵
  PID:3720
- C:\Windows\System\RWenanU.exe
  C:\Windows\System\RWenanU.exe
  2⤵
  PID:3832
- C:\Windows\System\vHUsAUe.exe
  C:\Windows\System\vHUsAUe.exe
  2⤵
  PID:2816
- C:\Windows\System\Wnlwwyx.exe
  C:\Windows\System\Wnlwwyx.exe
  2⤵
  PID:4028
- C:\Windows\System\zxUdQiy.exe
  C:\Windows\System\zxUdQiy.exe
  2⤵
  PID:2576
- C:\Windows\System\vOnyQXA.exe
  C:\Windows\System\vOnyQXA.exe
  2⤵
  PID:3964
- C:\Windows\System\JhUqLHR.exe
  C:\Windows\System\JhUqLHR.exe
  2⤵
  PID:4060
- C:\Windows\System\pqaqGde.exe
  C:\Windows\System\pqaqGde.exe
  2⤵
  PID:4044
- C:\Windows\System\KIMCRal.exe
  C:\Windows\System\KIMCRal.exe
  2⤵
  PID:3408
- C:\Windows\System\VnDjToo.exe
  C:\Windows\System\VnDjToo.exe
  2⤵
  PID:892
- C:\Windows\System\yPhqXwp.exe
  C:\Windows\System\yPhqXwp.exe
  2⤵
  PID:3316
- C:\Windows\System\iNdAPaL.exe
  C:\Windows\System\iNdAPaL.exe
  2⤵
  PID:3244
- C:\Windows\System\bHIialq.exe
  C:\Windows\System\bHIialq.exe
  2⤵
  PID:3436
- C:\Windows\System\eTewDIw.exe
  C:\Windows\System\eTewDIw.exe
  2⤵
  PID:3548
- C:\Windows\System\aAeYqbM.exe
  C:\Windows\System\aAeYqbM.exe
  2⤵
  PID:3736
- C:\Windows\System\hcHIOmU.exe
  C:\Windows\System\hcHIOmU.exe
  2⤵
  PID:3776
- C:\Windows\System\WdkKjwY.exe
  C:\Windows\System\WdkKjwY.exe
  2⤵
  PID:2704
- C:\Windows\System\OQNbKtr.exe
  C:\Windows\System\OQNbKtr.exe
  2⤵
  PID:3880
- C:\Windows\System\riLdrYA.exe
  C:\Windows\System\riLdrYA.exe
  2⤵
  PID:2204
- C:\Windows\System\dnrHQQY.exe
  C:\Windows\System\dnrHQQY.exe
  2⤵
  PID:2776
- C:\Windows\System\HNZLDqO.exe
  C:\Windows\System\HNZLDqO.exe
  2⤵
  PID:4024
- C:\Windows\System\fXRmzBw.exe
  C:\Windows\System\fXRmzBw.exe
  2⤵
  PID:3876
- C:\Windows\System\NHnnmZp.exe
  C:\Windows\System\NHnnmZp.exe
  2⤵
  PID:3376
- C:\Windows\System\CFlJMdg.exe
  C:\Windows\System\CFlJMdg.exe
  2⤵
  PID:3196
- C:\Windows\System\YtUCTPx.exe
  C:\Windows\System\YtUCTPx.exe
  2⤵
  PID:3572
- C:\Windows\System\NGChAnt.exe
  C:\Windows\System\NGChAnt.exe
  2⤵
  PID:2648
- C:\Windows\System\hOhcXMe.exe
  C:\Windows\System\hOhcXMe.exe
  2⤵
  PID:3756
- C:\Windows\System\iqJxvsR.exe
  C:\Windows\System\iqJxvsR.exe
  2⤵
  PID:3592
- C:\Windows\System\UIcmyXx.exe
  C:\Windows\System\UIcmyXx.exe
  2⤵
  PID:4020
- C:\Windows\System\uKNZQAE.exe
  C:\Windows\System\uKNZQAE.exe
  2⤵
  PID:3936
- C:\Windows\System\trlXiTH.exe
  C:\Windows\System\trlXiTH.exe
  2⤵
  PID:3304
- C:\Windows\System\XxnIauv.exe
  C:\Windows\System\XxnIauv.exe
  2⤵
  PID:1924
- C:\Windows\System\bxOMgjk.exe
  C:\Windows\System\bxOMgjk.exe
  2⤵
  PID:3372
- C:\Windows\System\iHPJeCw.exe
  C:\Windows\System\iHPJeCw.exe
  2⤵
  PID:3800
- C:\Windows\System\gjITxay.exe
  C:\Windows\System\gjITxay.exe
  2⤵
  PID:3708
- C:\Windows\System\JpmtxRq.exe
  C:\Windows\System\JpmtxRq.exe
  2⤵
  PID:2316
- C:\Windows\System\wquXcMi.exe
  C:\Windows\System\wquXcMi.exe
  2⤵
  PID:4100
- C:\Windows\System\ZuanbVX.exe
  C:\Windows\System\ZuanbVX.exe
  2⤵
  PID:4116
- C:\Windows\System\gFxMZLq.exe
  C:\Windows\System\gFxMZLq.exe
  2⤵
  PID:4140
- C:\Windows\System\wIjdEnx.exe
  C:\Windows\System\wIjdEnx.exe
  2⤵
  PID:4160
- C:\Windows\System\oLUiZhC.exe
  C:\Windows\System\oLUiZhC.exe
  2⤵
  PID:4180
- C:\Windows\System\LFVCLuj.exe
  C:\Windows\System\LFVCLuj.exe
  2⤵
  PID:4196
- C:\Windows\System\MVqVBQP.exe
  C:\Windows\System\MVqVBQP.exe
  2⤵
  PID:4220
- C:\Windows\System\MgvRKMx.exe
  C:\Windows\System\MgvRKMx.exe
  2⤵
  PID:4244
- C:\Windows\System\ZQdTiQB.exe
  C:\Windows\System\ZQdTiQB.exe
  2⤵
  PID:4268
- C:\Windows\System\DGskZjQ.exe
  C:\Windows\System\DGskZjQ.exe
  2⤵
  PID:4288
- C:\Windows\System\GbndgIN.exe
  C:\Windows\System\GbndgIN.exe
  2⤵
  PID:4308
- C:\Windows\System\HzwBfBg.exe
  C:\Windows\System\HzwBfBg.exe
  2⤵
  PID:4324
- C:\Windows\System\SywgBlb.exe
  C:\Windows\System\SywgBlb.exe
  2⤵
  PID:4348
- C:\Windows\System\QvMmfFc.exe
  C:\Windows\System\QvMmfFc.exe
  2⤵
  PID:4368
- C:\Windows\System\oXyvHjF.exe
  C:\Windows\System\oXyvHjF.exe
  2⤵
  PID:4388
- C:\Windows\System\agDqPVc.exe
  C:\Windows\System\agDqPVc.exe
  2⤵
  PID:4408
- C:\Windows\System\KwTpWAY.exe
  C:\Windows\System\KwTpWAY.exe
  2⤵
  PID:4428
- C:\Windows\System\pAPVLiR.exe
  C:\Windows\System\pAPVLiR.exe
  2⤵
  PID:4444
- C:\Windows\System\ykPxGhE.exe
  C:\Windows\System\ykPxGhE.exe
  2⤵
  PID:4468
- C:\Windows\System\bUrhIub.exe
  C:\Windows\System\bUrhIub.exe
  2⤵
  PID:4484
- C:\Windows\System\DnohQQI.exe
  C:\Windows\System\DnohQQI.exe
  2⤵
  PID:4504
- C:\Windows\System\rwWPwkF.exe
  C:\Windows\System\rwWPwkF.exe
  2⤵
  PID:4528
- C:\Windows\System\JygyDBt.exe
  C:\Windows\System\JygyDBt.exe
  2⤵
  PID:4548
- C:\Windows\System\YsioSgz.exe
  C:\Windows\System\YsioSgz.exe
  2⤵
  PID:4564
- C:\Windows\System\dyPDNrW.exe
  C:\Windows\System\dyPDNrW.exe
  2⤵
  PID:4584
- C:\Windows\System\UAIuriL.exe
  C:\Windows\System\UAIuriL.exe
  2⤵
  PID:4604
- C:\Windows\System\ACPzeeG.exe
  C:\Windows\System\ACPzeeG.exe
  2⤵
  PID:4624
- C:\Windows\System\EDXerrA.exe
  C:\Windows\System\EDXerrA.exe
  2⤵
  PID:4644
- C:\Windows\System\bvPDSwE.exe
  C:\Windows\System\bvPDSwE.exe
  2⤵
  PID:4664
- C:\Windows\System\DTMIDPc.exe
  C:\Windows\System\DTMIDPc.exe
  2⤵
  PID:4684
- C:\Windows\System\ebfQOPi.exe
  C:\Windows\System\ebfQOPi.exe
  2⤵
  PID:4708
- C:\Windows\System\MGOYeZQ.exe
  C:\Windows\System\MGOYeZQ.exe
  2⤵
  PID:4728
- C:\Windows\System\QNXSAai.exe
  C:\Windows\System\QNXSAai.exe
  2⤵
  PID:4748
- C:\Windows\System\niTZmkG.exe
  C:\Windows\System\niTZmkG.exe
  2⤵
  PID:4764
- C:\Windows\System\AItLgVn.exe
  C:\Windows\System\AItLgVn.exe
  2⤵
  PID:4788
- C:\Windows\System\MAgYYVh.exe
  C:\Windows\System\MAgYYVh.exe
  2⤵
  PID:4808
- C:\Windows\System\uecUJTG.exe
  C:\Windows\System\uecUJTG.exe
  2⤵
  PID:4828
- C:\Windows\System\sdyqaIC.exe
  C:\Windows\System\sdyqaIC.exe
  2⤵
  PID:4848
- C:\Windows\System\jEbrjsr.exe
  C:\Windows\System\jEbrjsr.exe
  2⤵
  PID:4868
- C:\Windows\System\kPKvaUB.exe
  C:\Windows\System\kPKvaUB.exe
  2⤵
  PID:4884
- C:\Windows\System\daQnIvR.exe
  C:\Windows\System\daQnIvR.exe
  2⤵
  PID:4908
- C:\Windows\System\difhdPJ.exe
  C:\Windows\System\difhdPJ.exe
  2⤵
  PID:4928
- C:\Windows\System\RbnKQAA.exe
  C:\Windows\System\RbnKQAA.exe
  2⤵
  PID:4948
- C:\Windows\System\wqTUUNz.exe
  C:\Windows\System\wqTUUNz.exe
  2⤵
  PID:4964
- C:\Windows\System\prfLSXn.exe
  C:\Windows\System\prfLSXn.exe
  2⤵
  PID:4984
- C:\Windows\System\QzZsbIO.exe
  C:\Windows\System\QzZsbIO.exe
  2⤵
  PID:5008
- C:\Windows\System\fnepavh.exe
  C:\Windows\System\fnepavh.exe
  2⤵
  PID:5028
- C:\Windows\System\UyJwsiZ.exe
  C:\Windows\System\UyJwsiZ.exe
  2⤵
  PID:5044
- C:\Windows\System\qeVmqwz.exe
  C:\Windows\System\qeVmqwz.exe
  2⤵
  PID:5064
- C:\Windows\System\duiPIzM.exe
  C:\Windows\System\duiPIzM.exe
  2⤵
  PID:5084
- C:\Windows\System\aDqHKae.exe
  C:\Windows\System\aDqHKae.exe
  2⤵
  PID:5100
- C:\Windows\System\UrZcFaZ.exe
  C:\Windows\System\UrZcFaZ.exe
  2⤵
  PID:2808
- C:\Windows\System\gjxmLRk.exe
  C:\Windows\System\gjxmLRk.exe
  2⤵
  PID:1948
- C:\Windows\System\yNCniGO.exe
  C:\Windows\System\yNCniGO.exe
  2⤵
  PID:3680
- C:\Windows\System\UeFeqli.exe
  C:\Windows\System\UeFeqli.exe
  2⤵
  PID:2620
- C:\Windows\System\iMwkuZZ.exe
  C:\Windows\System\iMwkuZZ.exe
  2⤵
  PID:4136
- C:\Windows\System\jbpxukh.exe
  C:\Windows\System\jbpxukh.exe
  2⤵
  PID:4176
- C:\Windows\System\Cemavva.exe
  C:\Windows\System\Cemavva.exe
  2⤵
  PID:4216
- C:\Windows\System\wwVBbYO.exe
  C:\Windows\System\wwVBbYO.exe
  2⤵
  PID:4252
- C:\Windows\System\eTmHQPR.exe
  C:\Windows\System\eTmHQPR.exe
  2⤵
  PID:4264
- C:\Windows\System\YqjRpgZ.exe
  C:\Windows\System\YqjRpgZ.exe
  2⤵
  PID:4300
- C:\Windows\System\lqZEZgE.exe
  C:\Windows\System\lqZEZgE.exe
  2⤵
  PID:4332
- C:\Windows\System\jIFswDZ.exe
  C:\Windows\System\jIFswDZ.exe
  2⤵
  PID:4316
- C:\Windows\System\fKqzZyO.exe
  C:\Windows\System\fKqzZyO.exe
  2⤵
  PID:4364
- C:\Windows\System\vhussMM.exe
  C:\Windows\System\vhussMM.exe
  2⤵
  PID:4360
- C:\Windows\System\ThyOIuX.exe
  C:\Windows\System\ThyOIuX.exe
  2⤵
  PID:4452
- C:\Windows\System\SUjoFlO.exe
  C:\Windows\System\SUjoFlO.exe
  2⤵
  PID:4492
- C:\Windows\System\bjvvSMn.exe
  C:\Windows\System\bjvvSMn.exe
  2⤵
  PID:4544
- C:\Windows\System\Uiulenx.exe
  C:\Windows\System\Uiulenx.exe
  2⤵
  PID:4516
- C:\Windows\System\IvVKZGR.exe
  C:\Windows\System\IvVKZGR.exe
  2⤵
  PID:4616
- C:\Windows\System\rVhlPMj.exe
  C:\Windows\System\rVhlPMj.exe
  2⤵
  PID:4556
- C:\Windows\System\ZxScVOp.exe
  C:\Windows\System\ZxScVOp.exe
  2⤵
  PID:4692
- C:\Windows\System\zdEbWug.exe
  C:\Windows\System\zdEbWug.exe
  2⤵
  PID:2624
- C:\Windows\System\udDabLw.exe
  C:\Windows\System\udDabLw.exe
  2⤵
  PID:4744
- C:\Windows\System\mgDlLjm.exe
  C:\Windows\System\mgDlLjm.exe
  2⤵
  PID:4720
- C:\Windows\System\oXsEQyE.exe
  C:\Windows\System\oXsEQyE.exe
  2⤵
  PID:4776
- C:\Windows\System\PXgASsf.exe
  C:\Windows\System\PXgASsf.exe
  2⤵
  PID:4816
- C:\Windows\System\CQsFKzP.exe
  C:\Windows\System\CQsFKzP.exe
  2⤵
  PID:4860
- C:\Windows\System\DZTQnAV.exe
  C:\Windows\System\DZTQnAV.exe
  2⤵
  PID:4892
- C:\Windows\System\GsEilNZ.exe
  C:\Windows\System\GsEilNZ.exe
  2⤵
  PID:4936
- C:\Windows\System\LEIhpLY.exe
  C:\Windows\System\LEIhpLY.exe
  2⤵
  PID:4916
- C:\Windows\System\hZdwKry.exe
  C:\Windows\System\hZdwKry.exe
  2⤵
  PID:5016
- C:\Windows\System\avXAaqv.exe
  C:\Windows\System\avXAaqv.exe
  2⤵
  PID:5056
- C:\Windows\System\JiCJulr.exe
  C:\Windows\System\JiCJulr.exe
  2⤵
  PID:4992
- C:\Windows\System\ipEGUoC.exe
  C:\Windows\System\ipEGUoC.exe
  2⤵
  PID:5000
- C:\Windows\System\nefSdLY.exe
  C:\Windows\System\nefSdLY.exe
  2⤵
  PID:5072
- C:\Windows\System\SxovwmW.exe
  C:\Windows\System\SxovwmW.exe
  2⤵
  PID:3912
- C:\Windows\System\EZubFFy.exe
  C:\Windows\System\EZubFFy.exe
  2⤵
  PID:2792
- C:\Windows\System\tXKZzyX.exe
  C:\Windows\System\tXKZzyX.exe
  2⤵
  PID:2760
- C:\Windows\System\oZDAPeQ.exe
  C:\Windows\System\oZDAPeQ.exe
  2⤵
  PID:372
- C:\Windows\System\osWbtam.exe
  C:\Windows\System\osWbtam.exe
  2⤵
  PID:4112
- C:\Windows\System\RMizAvv.exe
  C:\Windows\System\RMizAvv.exe
  2⤵
  PID:4168
- C:\Windows\System\GmMbaku.exe
  C:\Windows\System\GmMbaku.exe
  2⤵
  PID:4156
- C:\Windows\System\jkdygrl.exe
  C:\Windows\System\jkdygrl.exe
  2⤵
  PID:764
- C:\Windows\System\UgGiJyR.exe
  C:\Windows\System\UgGiJyR.exe
  2⤵
  PID:4232
- C:\Windows\System\LIubFRB.exe
  C:\Windows\System\LIubFRB.exe
  2⤵
  PID:4344
- C:\Windows\System\ZwgzEHC.exe
  C:\Windows\System\ZwgzEHC.exe
  2⤵
  PID:4152
- C:\Windows\System\uMYjFdG.exe
  C:\Windows\System\uMYjFdG.exe
  2⤵
  PID:4456
- C:\Windows\System\tfhklHH.exe
  C:\Windows\System\tfhklHH.exe
  2⤵
  PID:4356
- C:\Windows\System\HwPjfQe.exe
  C:\Windows\System\HwPjfQe.exe
  2⤵
  PID:4612
- C:\Windows\System\jJUBfSR.exe
  C:\Windows\System\jJUBfSR.exe
  2⤵
  PID:4696
- C:\Windows\System\xHzicNq.exe
  C:\Windows\System\xHzicNq.exe
  2⤵
  PID:1580
- C:\Windows\System\zfnehQv.exe
  C:\Windows\System\zfnehQv.exe
  2⤵
  PID:772
- C:\Windows\System\vXyjNKL.exe
  C:\Windows\System\vXyjNKL.exe
  2⤵
  PID:4756
- C:\Windows\System\EduRyLB.exe
  C:\Windows\System\EduRyLB.exe
  2⤵
  PID:4796
- C:\Windows\System\kKVcQdl.exe
  C:\Windows\System\kKVcQdl.exe
  2⤵
  PID:4864
- C:\Windows\System\eRurhFx.exe
  C:\Windows\System\eRurhFx.exe
  2⤵
  PID:4940
- C:\Windows\System\vRrKHyQ.exe
  C:\Windows\System\vRrKHyQ.exe
  2⤵
  PID:4876
- C:\Windows\System\AmQTqeh.exe
  C:\Windows\System\AmQTqeh.exe
  2⤵
  PID:4924
- C:\Windows\System\DVRBUhe.exe
  C:\Windows\System\DVRBUhe.exe
  2⤵
  PID:5060
- C:\Windows\System\ahOPbeU.exe
  C:\Windows\System\ahOPbeU.exe
  2⤵
  PID:5036
- C:\Windows\System\lrdqRwH.exe
  C:\Windows\System\lrdqRwH.exe
  2⤵
  PID:1384
- C:\Windows\System\iqQqdRi.exe
  C:\Windows\System\iqQqdRi.exe
  2⤵
  PID:5112
- C:\Windows\System\umThWcu.exe
  C:\Windows\System\umThWcu.exe
  2⤵
  PID:4404
- C:\Windows\System\hCoqdPD.exe
  C:\Windows\System\hCoqdPD.exe
  2⤵
  PID:4192
- C:\Windows\System\WpGFHbV.exe
  C:\Windows\System\WpGFHbV.exe
  2⤵
  PID:3264
- C:\Windows\System\PmzLQbe.exe
  C:\Windows\System\PmzLQbe.exe
  2⤵
  PID:4128
- C:\Windows\System\aHpmLOI.exe
  C:\Windows\System\aHpmLOI.exe
  2⤵
  PID:1832
- C:\Windows\System\LTBlCRQ.exe
  C:\Windows\System\LTBlCRQ.exe
  2⤵
  PID:4284
- C:\Windows\System\kxKSsuu.exe
  C:\Windows\System\kxKSsuu.exe
  2⤵
  PID:4496
- C:\Windows\System\DBDxtyV.exe
  C:\Windows\System\DBDxtyV.exe
  2⤵
  PID:4600
- C:\Windows\System\hfzhgse.exe
  C:\Windows\System\hfzhgse.exe
  2⤵
  PID:4640
- C:\Windows\System\Qsvycaq.exe
  C:\Windows\System\Qsvycaq.exe
  2⤵
  PID:4904
- C:\Windows\System\EiuHojG.exe
  C:\Windows\System\EiuHojG.exe
  2⤵
  PID:3416
- C:\Windows\System\dAhlUjE.exe
  C:\Windows\System\dAhlUjE.exe
  2⤵
  PID:2628
- C:\Windows\System\GcZIsrJ.exe
  C:\Windows\System\GcZIsrJ.exe
  2⤵
  PID:4856
- C:\Windows\System\VZHrAvv.exe
  C:\Windows\System\VZHrAvv.exe
  2⤵
  PID:5020
- C:\Windows\System\MlqNZRX.exe
  C:\Windows\System\MlqNZRX.exe
  2⤵
  PID:2416
- C:\Windows\System\bgIpYyr.exe
  C:\Windows\System\bgIpYyr.exe
  2⤵
  PID:1944
- C:\Windows\System\MdHTWxt.exe
  C:\Windows\System\MdHTWxt.exe
  2⤵
  PID:4280
- C:\Windows\System\eNglWMY.exe
  C:\Windows\System\eNglWMY.exe
  2⤵
  PID:4896
- C:\Windows\System\ZrkgaEb.exe
  C:\Windows\System\ZrkgaEb.exe
  2⤵
  PID:5116
- C:\Windows\System\luIOYMw.exe
  C:\Windows\System\luIOYMw.exe
  2⤵
  PID:2804
- C:\Windows\System\IEgGTLb.exe
  C:\Windows\System\IEgGTLb.exe
  2⤵
  PID:4656
- C:\Windows\System\BSYfkjR.exe
  C:\Windows\System\BSYfkjR.exe
  2⤵
  PID:4256
- C:\Windows\System\vpzAghm.exe
  C:\Windows\System\vpzAghm.exe
  2⤵
  PID:4824
- C:\Windows\System\PGGqhEs.exe
  C:\Windows\System\PGGqhEs.exe
  2⤵
  PID:4596
- C:\Windows\System\IWjnDPP.exe
  C:\Windows\System\IWjnDPP.exe
  2⤵
  PID:4520
- C:\Windows\System\kkSRFTr.exe
  C:\Windows\System\kkSRFTr.exe
  2⤵
  PID:2812
- C:\Windows\System\cldVinn.exe
  C:\Windows\System\cldVinn.exe
  2⤵
  PID:5108
- C:\Windows\System\IxlneXa.exe
  C:\Windows\System\IxlneXa.exe
  2⤵
  PID:4376
- C:\Windows\System\OjXRpyT.exe
  C:\Windows\System\OjXRpyT.exe
  2⤵
  PID:5132
- C:\Windows\System\zohrRYE.exe
  C:\Windows\System\zohrRYE.exe
  2⤵
  PID:5148
- C:\Windows\System\rTQOvXi.exe
  C:\Windows\System\rTQOvXi.exe
  2⤵
  PID:5176
- C:\Windows\System\mzFdjMA.exe
  C:\Windows\System\mzFdjMA.exe
  2⤵
  PID:5196
- C:\Windows\System\ocHGvcu.exe
  C:\Windows\System\ocHGvcu.exe
  2⤵
  PID:5216
- C:\Windows\System\ouSklpr.exe
  C:\Windows\System\ouSklpr.exe
  2⤵
  PID:5232
- C:\Windows\System\vdhTFPO.exe
  C:\Windows\System\vdhTFPO.exe
  2⤵
  PID:5248
- C:\Windows\System\FosNObj.exe
  C:\Windows\System\FosNObj.exe
  2⤵
  PID:5264
- C:\Windows\System\JMYFGvE.exe
  C:\Windows\System\JMYFGvE.exe
  2⤵
  PID:5284
- C:\Windows\System\nUtRTdN.exe
  C:\Windows\System\nUtRTdN.exe
  2⤵
  PID:5304
- C:\Windows\System\ZSZdGXx.exe
  C:\Windows\System\ZSZdGXx.exe
  2⤵
  PID:5320
- C:\Windows\System\qToScvY.exe
  C:\Windows\System\qToScvY.exe
  2⤵
  PID:5352
- C:\Windows\System\XOvoZFM.exe
  C:\Windows\System\XOvoZFM.exe
  2⤵
  PID:5372
- C:\Windows\System\RybPszj.exe
  C:\Windows\System\RybPszj.exe
  2⤵
  PID:5388
- C:\Windows\System\Jaevarl.exe
  C:\Windows\System\Jaevarl.exe
  2⤵
  PID:5440
- C:\Windows\System\ZWSKIPj.exe
  C:\Windows\System\ZWSKIPj.exe
  2⤵
  PID:5456
- C:\Windows\System\BHMvBkq.exe
  C:\Windows\System\BHMvBkq.exe
  2⤵
  PID:5472
- C:\Windows\System\KfmfaQG.exe
  C:\Windows\System\KfmfaQG.exe
  2⤵
  PID:5496
- C:\Windows\System\oBhzPLW.exe
  C:\Windows\System\oBhzPLW.exe
  2⤵
  PID:5512
- C:\Windows\System\luAIctD.exe
  C:\Windows\System\luAIctD.exe
  2⤵
  PID:5528
- C:\Windows\System\pehrXIS.exe
  C:\Windows\System\pehrXIS.exe
  2⤵
  PID:5544
- C:\Windows\System\AkggJfm.exe
  C:\Windows\System\AkggJfm.exe
  2⤵
  PID:5564
- C:\Windows\System\tJSdvtS.exe
  C:\Windows\System\tJSdvtS.exe
  2⤵
  PID:5588
- C:\Windows\System\rusriBy.exe
  C:\Windows\System\rusriBy.exe
  2⤵
  PID:5604
- C:\Windows\System\zbXSyeC.exe
  C:\Windows\System\zbXSyeC.exe
  2⤵
  PID:5624
- C:\Windows\System\EyePEKy.exe
  C:\Windows\System\EyePEKy.exe
  2⤵
  PID:5640
- C:\Windows\System\RblyIxe.exe
  C:\Windows\System\RblyIxe.exe
  2⤵
  PID:5660
- C:\Windows\System\dzTrrkh.exe
  C:\Windows\System\dzTrrkh.exe
  2⤵
  PID:5676
- C:\Windows\System\GbbKliP.exe
  C:\Windows\System\GbbKliP.exe
  2⤵
  PID:5692
- C:\Windows\System\EHIZNwX.exe
  C:\Windows\System\EHIZNwX.exe
  2⤵
  PID:5740
- C:\Windows\System\pdEGMLQ.exe
  C:\Windows\System\pdEGMLQ.exe
  2⤵
  PID:5756
- C:\Windows\System\rPlEowp.exe
  C:\Windows\System\rPlEowp.exe
  2⤵
  PID:5772
- C:\Windows\System\fKHLVqr.exe
  C:\Windows\System\fKHLVqr.exe
  2⤵
  PID:5788
- C:\Windows\System\tRGzJvx.exe
  C:\Windows\System\tRGzJvx.exe
  2⤵
  PID:5812
- C:\Windows\System\TMwMNEB.exe
  C:\Windows\System\TMwMNEB.exe
  2⤵
  PID:5832
- C:\Windows\System\QZCyQWk.exe
  C:\Windows\System\QZCyQWk.exe
  2⤵
  PID:5848
- C:\Windows\System\nrOCCgD.exe
  C:\Windows\System\nrOCCgD.exe
  2⤵
  PID:5876
- C:\Windows\System\WgIyZGd.exe
  C:\Windows\System\WgIyZGd.exe
  2⤵
  PID:5892
- C:\Windows\System\rRPMHjT.exe
  C:\Windows\System\rRPMHjT.exe
  2⤵
  PID:5912
- C:\Windows\System\qaWnGQe.exe
  C:\Windows\System\qaWnGQe.exe
  2⤵
  PID:5940
- C:\Windows\System\yJbtEXS.exe
  C:\Windows\System\yJbtEXS.exe
  2⤵
  PID:5956
- C:\Windows\System\ZUCbIwZ.exe
  C:\Windows\System\ZUCbIwZ.exe
  2⤵
  PID:5972
- C:\Windows\System\MBWtdNb.exe
  C:\Windows\System\MBWtdNb.exe
  2⤵
  PID:5992
- C:\Windows\System\SrtFcJu.exe
  C:\Windows\System\SrtFcJu.exe
  2⤵
  PID:6008
- C:\Windows\System\sqJqapV.exe
  C:\Windows\System\sqJqapV.exe
  2⤵
  PID:6032
- C:\Windows\System\WvMFMpb.exe
  C:\Windows\System\WvMFMpb.exe
  2⤵
  PID:6056
- C:\Windows\System\jXSSCnh.exe
  C:\Windows\System\jXSSCnh.exe
  2⤵
  PID:6076
- C:\Windows\System\GuPzhOy.exe
  C:\Windows\System\GuPzhOy.exe
  2⤵
  PID:6092
- C:\Windows\System\UJLgnzX.exe
  C:\Windows\System\UJLgnzX.exe
  2⤵
  PID:6108
- C:\Windows\System\DQhRVTo.exe
  C:\Windows\System\DQhRVTo.exe
  2⤵
  PID:6124
- C:\Windows\System\hYjXxGo.exe
  C:\Windows\System\hYjXxGo.exe
  2⤵
  PID:1540
- C:\Windows\System\qGaOrgG.exe
  C:\Windows\System\qGaOrgG.exe
  2⤵
  PID:2172
- C:\Windows\System\lbZmfEh.exe
  C:\Windows\System\lbZmfEh.exe
  2⤵
  PID:5144
- C:\Windows\System\rykGSom.exe
  C:\Windows\System\rykGSom.exe
  2⤵
  PID:5256
- C:\Windows\System\HEyiLEe.exe
  C:\Windows\System\HEyiLEe.exe
  2⤵
  PID:5296
- C:\Windows\System\cTLakNd.exe
  C:\Windows\System\cTLakNd.exe
  2⤵
  PID:5316
- C:\Windows\System\NkFStSh.exe
  C:\Windows\System\NkFStSh.exe
  2⤵
  PID:4296
- C:\Windows\System\HgQvitN.exe
  C:\Windows\System\HgQvitN.exe
  2⤵
  PID:5344
- C:\Windows\System\TEbLixA.exe
  C:\Windows\System\TEbLixA.exe
  2⤵
  PID:5160
- C:\Windows\System\htmCUrI.exe
  C:\Windows\System\htmCUrI.exe
  2⤵
  PID:5244
- C:\Windows\System\ybjqhFB.exe
  C:\Windows\System\ybjqhFB.exe
  2⤵
  PID:5432
- C:\Windows\System\rTkFcJF.exe
  C:\Windows\System\rTkFcJF.exe
  2⤵
  PID:5404
- C:\Windows\System\JQmcuUw.exe
  C:\Windows\System\JQmcuUw.exe
  2⤵
  PID:5424
- C:\Windows\System\QUGffwc.exe
  C:\Windows\System\QUGffwc.exe
  2⤵
  PID:5452
- C:\Windows\System\fOwIvek.exe
  C:\Windows\System\fOwIvek.exe
  2⤵
  PID:5488
- C:\Windows\System\VoUsgXZ.exe
  C:\Windows\System\VoUsgXZ.exe
  2⤵
  PID:5552
- C:\Windows\System\eueBFRx.exe
  C:\Windows\System\eueBFRx.exe
  2⤵
  PID:5632
- C:\Windows\System\juvRWWS.exe
  C:\Windows\System\juvRWWS.exe
  2⤵
  PID:5572
- C:\Windows\System\iDhdyks.exe
  C:\Windows\System\iDhdyks.exe
  2⤵
  PID:5620
- C:\Windows\System\AIcwMcL.exe
  C:\Windows\System\AIcwMcL.exe
  2⤵
  PID:5652
- C:\Windows\System\XqUUKFc.exe
  C:\Windows\System\XqUUKFc.exe
  2⤵
  PID:5712
- C:\Windows\System\UBhSBpv.exe
  C:\Windows\System\UBhSBpv.exe
  2⤵
  PID:5704
- C:\Windows\System\RVjMbFl.exe
  C:\Windows\System\RVjMbFl.exe
  2⤵
  PID:5728
- C:\Windows\System\ToCSYMv.exe
  C:\Windows\System\ToCSYMv.exe
  2⤵
  PID:1708
- C:\Windows\System\rqOAsPB.exe
  C:\Windows\System\rqOAsPB.exe
  2⤵
  PID:5796
- C:\Windows\System\FqhMdcR.exe
  C:\Windows\System\FqhMdcR.exe
  2⤵
  PID:2240
- C:\Windows\System\iFDqIkC.exe
  C:\Windows\System\iFDqIkC.exe
  2⤵
  PID:5864
- C:\Windows\System\fHHTaQs.exe
  C:\Windows\System\fHHTaQs.exe
  2⤵
  PID:5908
- C:\Windows\System\pFDZCGO.exe
  C:\Windows\System\pFDZCGO.exe
  2⤵
  PID:4780
- C:\Windows\System\EsEbDhi.exe
  C:\Windows\System\EsEbDhi.exe
  2⤵
  PID:5952
- C:\Windows\System\IRWdZvU.exe
  C:\Windows\System\IRWdZvU.exe
  2⤵
  PID:6000
- C:\Windows\System\QqfiFkV.exe
  C:\Windows\System\QqfiFkV.exe
  2⤵
  PID:6048
- C:\Windows\System\DZGLgNb.exe
  C:\Windows\System\DZGLgNb.exe
  2⤵
  PID:6120
- C:\Windows\System\WTuVvYA.exe
  C:\Windows\System\WTuVvYA.exe
  2⤵
  PID:5188
- C:\Windows\System\bGnuCHY.exe
  C:\Windows\System\bGnuCHY.exe
  2⤵
  PID:2920
- C:\Windows\System\ccBZhzv.exe
  C:\Windows\System\ccBZhzv.exe
  2⤵
  PID:6024
- C:\Windows\System\HCKRNzM.exe
  C:\Windows\System\HCKRNzM.exe
  2⤵
  PID:6140
- C:\Windows\System\OImUvnj.exe
  C:\Windows\System\OImUvnj.exe
  2⤵
  PID:6104
- C:\Windows\System\bjlSQVD.exe
  C:\Windows\System\bjlSQVD.exe
  2⤵
  PID:5312
- C:\Windows\System\MrneNcg.exe
  C:\Windows\System\MrneNcg.exe
  2⤵
  PID:5340
- C:\Windows\System\YOqCyai.exe
  C:\Windows\System\YOqCyai.exe
  2⤵
  PID:5212
- C:\Windows\System\vMXpcWZ.exe
  C:\Windows\System\vMXpcWZ.exe
  2⤵
  PID:6068
- C:\Windows\System\Qydqfuc.exe
  C:\Windows\System\Qydqfuc.exe
  2⤵
  PID:5384
- C:\Windows\System\MnZXlwB.exe
  C:\Windows\System\MnZXlwB.exe
  2⤵
  PID:5364
- C:\Windows\System\PqSsXau.exe
  C:\Windows\System\PqSsXau.exe
  2⤵
  PID:5436
- C:\Windows\System\ZZCgkqY.exe
  C:\Windows\System\ZZCgkqY.exe
  2⤵
  PID:5524
- C:\Windows\System\WzbxlVE.exe
  C:\Windows\System\WzbxlVE.exe
  2⤵
  PID:5420
- C:\Windows\System\clDxlUK.exe
  C:\Windows\System\clDxlUK.exe
  2⤵
  PID:1172
- C:\Windows\System\DMWiAxj.exe
  C:\Windows\System\DMWiAxj.exe
  2⤵
  PID:1936
- C:\Windows\System\rHuimAA.exe
  C:\Windows\System\rHuimAA.exe
  2⤵
  PID:5732
- C:\Windows\System\fpZQLfG.exe
  C:\Windows\System\fpZQLfG.exe
  2⤵
  PID:5768
- C:\Windows\System\JJzmTCc.exe
  C:\Windows\System\JJzmTCc.exe
  2⤵
  PID:5872
- C:\Windows\System\YrVCxCM.exe
  C:\Windows\System\YrVCxCM.exe
  2⤵
  PID:5616
- C:\Windows\System\kjStuzt.exe
  C:\Windows\System\kjStuzt.exe
  2⤵
  PID:5724
- C:\Windows\System\xBnEgtJ.exe
  C:\Windows\System\xBnEgtJ.exe
  2⤵
  PID:5780
- C:\Windows\System\brIGfyQ.exe
  C:\Windows\System\brIGfyQ.exe
  2⤵
  PID:3160
- C:\Windows\System\NJlsalN.exe
  C:\Windows\System\NJlsalN.exe
  2⤵
  PID:5924
- C:\Windows\System\qEFBLpA.exe
  C:\Windows\System\qEFBLpA.exe
  2⤵
  PID:1820
- C:\Windows\System\PBAxydD.exe
  C:\Windows\System\PBAxydD.exe
  2⤵
  PID:4416
- C:\Windows\System\JhXDwRw.exe
  C:\Windows\System\JhXDwRw.exe
  2⤵
  PID:5292
- C:\Windows\System\xkrnJdb.exe
  C:\Windows\System\xkrnJdb.exe
  2⤵
  PID:6132
- C:\Windows\System\CyenLsn.exe
  C:\Windows\System\CyenLsn.exe
  2⤵
  PID:4740
- C:\Windows\System\YxpPlEl.exe
  C:\Windows\System\YxpPlEl.exe
  2⤵
  PID:5468
- C:\Windows\System\BIcVlJr.exe
  C:\Windows\System\BIcVlJr.exe
  2⤵
  PID:5172
- C:\Windows\System\wVEdlfG.exe
  C:\Windows\System\wVEdlfG.exe
  2⤵
  PID:5720
- C:\Windows\System\CTVTCUV.exe
  C:\Windows\System\CTVTCUV.exe
  2⤵
  PID:5904
- C:\Windows\System\JVLfQKE.exe
  C:\Windows\System\JVLfQKE.exe
  2⤵
  PID:5224
- C:\Windows\System\KWXjqZx.exe
  C:\Windows\System\KWXjqZx.exe
  2⤵
  PID:5328
- C:\Windows\System\JHIbqGU.exe
  C:\Windows\System\JHIbqGU.exe
  2⤵
  PID:6084
- C:\Windows\System\cdnIOFY.exe
  C:\Windows\System\cdnIOFY.exe
  2⤵
  PID:5808
- C:\Windows\System\wTpuSpE.exe
  C:\Windows\System\wTpuSpE.exe
  2⤵
  PID:5920
- C:\Windows\System\pLlhaOU.exe
  C:\Windows\System\pLlhaOU.exe
  2⤵
  PID:1564
- C:\Windows\System\VfNrEeu.exe
  C:\Windows\System\VfNrEeu.exe
  2⤵
  PID:5396
- C:\Windows\System\kUxqfkN.exe
  C:\Windows\System\kUxqfkN.exe
  2⤵
  PID:5416
- C:\Windows\System\XqoCMbV.exe
  C:\Windows\System\XqoCMbV.exe
  2⤵
  PID:5600
- C:\Windows\System\wdMRibs.exe
  C:\Windows\System\wdMRibs.exe
  2⤵
  PID:5672
- C:\Windows\System\hAoaPTg.exe
  C:\Windows\System\hAoaPTg.exe
  2⤵
  PID:5504
- C:\Windows\System\RMoydRA.exe
  C:\Windows\System\RMoydRA.exe
  2⤵
  PID:5208
- C:\Windows\System\LEAYaLy.exe
  C:\Windows\System\LEAYaLy.exe
  2⤵
  PID:5964
- C:\Windows\System\wBPzAOA.exe
  C:\Windows\System\wBPzAOA.exe
  2⤵
  PID:1000
- C:\Windows\System\HvElyhM.exe
  C:\Windows\System\HvElyhM.exe
  2⤵
  PID:5448
- C:\Windows\System\ZMpVEpf.exe
  C:\Windows\System\ZMpVEpf.exe
  2⤵
  PID:4240
- C:\Windows\System\xUgfiOB.exe
  C:\Windows\System\xUgfiOB.exe
  2⤵
  PID:5368
- C:\Windows\System\NEAALNw.exe
  C:\Windows\System\NEAALNw.exe
  2⤵
  PID:1696
- C:\Windows\System\kghqIJg.exe
  C:\Windows\System\kghqIJg.exe
  2⤵
  PID:5228
- C:\Windows\System\OnXJSSt.exe
  C:\Windows\System\OnXJSSt.exe
  2⤵
  PID:5520
- C:\Windows\System\KRwvjwC.exe
  C:\Windows\System\KRwvjwC.exe
  2⤵
  PID:4236
- C:\Windows\System\KiQlKGY.exe
  C:\Windows\System\KiQlKGY.exe
  2⤵
  PID:6160
- C:\Windows\System\PtvbxHB.exe
  C:\Windows\System\PtvbxHB.exe
  2⤵
  PID:6176
- C:\Windows\System\GIZqSzj.exe
  C:\Windows\System\GIZqSzj.exe
  2⤵
  PID:6192
- C:\Windows\System\UWkLYdL.exe
  C:\Windows\System\UWkLYdL.exe
  2⤵
  PID:6208
- C:\Windows\System\DHWLEbx.exe
  C:\Windows\System\DHWLEbx.exe
  2⤵
  PID:6240
- C:\Windows\System\VpMJoMe.exe
  C:\Windows\System\VpMJoMe.exe
  2⤵
  PID:6256
- C:\Windows\System\mCvXYDU.exe
  C:\Windows\System\mCvXYDU.exe
  2⤵
  PID:6280
- C:\Windows\System\svnLheX.exe
  C:\Windows\System\svnLheX.exe
  2⤵
  PID:6296
- C:\Windows\System\JWUCZpc.exe
  C:\Windows\System\JWUCZpc.exe
  2⤵
  PID:6312
- C:\Windows\System\nQGriZd.exe
  C:\Windows\System\nQGriZd.exe
  2⤵
  PID:6348
- C:\Windows\System\ZETaJkS.exe
  C:\Windows\System\ZETaJkS.exe
  2⤵
  PID:6384
- C:\Windows\System\CzlqyQU.exe
  C:\Windows\System\CzlqyQU.exe
  2⤵
  PID:6400
- C:\Windows\System\JwVakVs.exe
  C:\Windows\System\JwVakVs.exe
  2⤵
  PID:6420
- C:\Windows\System\AxTalbN.exe
  C:\Windows\System\AxTalbN.exe
  2⤵
  PID:6436
- C:\Windows\System\RjgahBe.exe
  C:\Windows\System\RjgahBe.exe
  2⤵
  PID:6452
- C:\Windows\System\oaDiRpY.exe
  C:\Windows\System\oaDiRpY.exe
  2⤵
  PID:6476
- C:\Windows\System\DlQTQwd.exe
  C:\Windows\System\DlQTQwd.exe
  2⤵
  PID:6492
- C:\Windows\System\sTqCIYL.exe
  C:\Windows\System\sTqCIYL.exe
  2⤵
  PID:6508
- C:\Windows\System\XgFPAVD.exe
  C:\Windows\System\XgFPAVD.exe
  2⤵
  PID:6532
- C:\Windows\System\JlIoPxI.exe
  C:\Windows\System\JlIoPxI.exe
  2⤵
  PID:6556
- C:\Windows\System\qvYiNCA.exe
  C:\Windows\System\qvYiNCA.exe
  2⤵
  PID:6572
- C:\Windows\System\RoJVXxQ.exe
  C:\Windows\System\RoJVXxQ.exe
  2⤵
  PID:6588
- C:\Windows\System\PLxZGuC.exe
  C:\Windows\System\PLxZGuC.exe
  2⤵
  PID:6604
- C:\Windows\System\aKGLlxt.exe
  C:\Windows\System\aKGLlxt.exe
  2⤵
  PID:6620
- C:\Windows\System\ezUNist.exe
  C:\Windows\System\ezUNist.exe
  2⤵
  PID:6636
- C:\Windows\System\hvbgzDP.exe
  C:\Windows\System\hvbgzDP.exe
  2⤵
  PID:6652
- C:\Windows\System\UUETTAI.exe
  C:\Windows\System\UUETTAI.exe
  2⤵
  PID:6676
- C:\Windows\System\TAclGxt.exe
  C:\Windows\System\TAclGxt.exe
  2⤵
  PID:6692
- C:\Windows\System\VxEqqHL.exe
  C:\Windows\System\VxEqqHL.exe
  2⤵
  PID:6712
- C:\Windows\System\UJAZIPk.exe
  C:\Windows\System\UJAZIPk.exe
  2⤵
  PID:6732
- C:\Windows\System\ORKWEiH.exe
  C:\Windows\System\ORKWEiH.exe
  2⤵
  PID:6752
- C:\Windows\System\RpqTkhU.exe
  C:\Windows\System\RpqTkhU.exe
  2⤵
  PID:6772
- C:\Windows\System\gXuMQsa.exe
  C:\Windows\System\gXuMQsa.exe
  2⤵
  PID:6824
- C:\Windows\System\wULqPmw.exe
  C:\Windows\System\wULqPmw.exe
  2⤵
  PID:6840
- C:\Windows\System\vUwdKiD.exe
  C:\Windows\System\vUwdKiD.exe
  2⤵
  PID:6856
- C:\Windows\System\Jacjjgb.exe
  C:\Windows\System\Jacjjgb.exe
  2⤵
  PID:6872
- C:\Windows\System\enhpoXf.exe
  C:\Windows\System\enhpoXf.exe
  2⤵
  PID:6888
- C:\Windows\System\WzBWtXs.exe
  C:\Windows\System\WzBWtXs.exe
  2⤵
  PID:6904
- C:\Windows\System\ivRNvNO.exe
  C:\Windows\System\ivRNvNO.exe
  2⤵
  PID:6920
- C:\Windows\System\RcJzWGA.exe
  C:\Windows\System\RcJzWGA.exe
  2⤵
  PID:6936
- C:\Windows\System\yxHnCjM.exe
  C:\Windows\System\yxHnCjM.exe
  2⤵
  PID:6952
- C:\Windows\System\dmbzgFE.exe
  C:\Windows\System\dmbzgFE.exe
  2⤵
  PID:6968
- C:\Windows\System\LLkVVVG.exe
  C:\Windows\System\LLkVVVG.exe
  2⤵
  PID:6984
- C:\Windows\System\lpWaYou.exe
  C:\Windows\System\lpWaYou.exe
  2⤵
  PID:7004
- C:\Windows\System\OVcshbE.exe
  C:\Windows\System\OVcshbE.exe
  2⤵
  PID:7052
- C:\Windows\System\WSXOrwE.exe
  C:\Windows\System\WSXOrwE.exe
  2⤵
  PID:7068
- C:\Windows\System\Lcfzxbj.exe
  C:\Windows\System\Lcfzxbj.exe
  2⤵
  PID:7100
- C:\Windows\System\kKbOXeU.exe
  C:\Windows\System\kKbOXeU.exe
  2⤵
  PID:7116
- C:\Windows\System\eMPRXqK.exe
  C:\Windows\System\eMPRXqK.exe
  2⤵
  PID:7132
- C:\Windows\System\UQXHWMJ.exe
  C:\Windows\System\UQXHWMJ.exe
  2⤵
  PID:7148
- C:\Windows\System\BJKilpP.exe
  C:\Windows\System\BJKilpP.exe
  2⤵
  PID:7164
- C:\Windows\System\QqulZYk.exe
  C:\Windows\System\QqulZYk.exe
  2⤵
  PID:6152
- C:\Windows\System\muzVfLv.exe
  C:\Windows\System\muzVfLv.exe
  2⤵
  PID:5824
- C:\Windows\System\YEvVqJa.exe
  C:\Windows\System\YEvVqJa.exe
  2⤵
  PID:6232
- C:\Windows\System\EKPbNBD.exe
  C:\Windows\System\EKPbNBD.exe
  2⤵
  PID:6264
- C:\Windows\System\fJTsbmc.exe
  C:\Windows\System\fJTsbmc.exe
  2⤵
  PID:6304
- C:\Windows\System\abOIDrH.exe
  C:\Windows\System\abOIDrH.exe
  2⤵
  PID:6052
- C:\Windows\System\pEHqnZL.exe
  C:\Windows\System\pEHqnZL.exe
  2⤵
  PID:5928
- C:\Windows\System\pJJixhu.exe
  C:\Windows\System\pJJixhu.exe
  2⤵
  PID:6328
- C:\Windows\System\bOgrcMp.exe
  C:\Windows\System\bOgrcMp.exe
  2⤵
  PID:6376
- C:\Windows\System\soLUtmG.exe
  C:\Windows\System\soLUtmG.exe
  2⤵
  PID:6416
- C:\Windows\System\oWieMRD.exe
  C:\Windows\System\oWieMRD.exe
  2⤵
  PID:6488
- C:\Windows\System\YlirlLG.exe
  C:\Windows\System\YlirlLG.exe
  2⤵
  PID:6468
- C:\Windows\System\RUciXME.exe
  C:\Windows\System\RUciXME.exe
  2⤵
  PID:6528
- C:\Windows\System\uQeBWDL.exe
  C:\Windows\System\uQeBWDL.exe
  2⤵
  PID:6548
- C:\Windows\System\lUeGqte.exe
  C:\Windows\System\lUeGqte.exe
  2⤵
  PID:6600
- C:\Windows\System\VWnUmnu.exe
  C:\Windows\System\VWnUmnu.exe
  2⤵
  PID:6672
- C:\Windows\System\yXidzef.exe
  C:\Windows\System\yXidzef.exe
  2⤵
  PID:6792
- C:\Windows\System\dWcEJns.exe
  C:\Windows\System\dWcEJns.exe
  2⤵
  PID:6644
- C:\Windows\System\leaDUZY.exe
  C:\Windows\System\leaDUZY.exe
  2⤵
  PID:6760
- C:\Windows\System\nyHALMh.exe
  C:\Windows\System\nyHALMh.exe
  2⤵
  PID:6584
- C:\Windows\System\iAyNpfW.exe
  C:\Windows\System\iAyNpfW.exe
  2⤵
  PID:6832
- C:\Windows\System\ucmJzER.exe
  C:\Windows\System\ucmJzER.exe
  2⤵
  PID:6912
- C:\Windows\System\MvgzKiU.exe
  C:\Windows\System\MvgzKiU.exe
  2⤵
  PID:6880
- C:\Windows\System\BzXngNF.exe
  C:\Windows\System\BzXngNF.exe
  2⤵
  PID:6944
- C:\Windows\System\PeQMJJX.exe
  C:\Windows\System\PeQMJJX.exe
  2⤵
  PID:6896
- C:\Windows\System\RfgjEgi.exe
  C:\Windows\System\RfgjEgi.exe
  2⤵
  PID:7028
- C:\Windows\System\CqEOzet.exe
  C:\Windows\System\CqEOzet.exe
  2⤵
  PID:7044
- C:\Windows\System\EjWLVpz.exe
  C:\Windows\System\EjWLVpz.exe
  2⤵
  PID:7092
- C:\Windows\System\EnOmiiC.exe
  C:\Windows\System\EnOmiiC.exe
  2⤵
  PID:7128
- C:\Windows\System\GMmHEEs.exe
  C:\Windows\System\GMmHEEs.exe
  2⤵
  PID:6188
- C:\Windows\System\CcYOKeY.exe
  C:\Windows\System\CcYOKeY.exe
  2⤵
  PID:5140
- C:\Windows\System\ZDmxkZR.exe
  C:\Windows\System\ZDmxkZR.exe
  2⤵
  PID:6356
- C:\Windows\System\yGkHVsK.exe
  C:\Windows\System\yGkHVsK.exe
  2⤵
  PID:7140
- C:\Windows\System\xGqoYkk.exe
  C:\Windows\System\xGqoYkk.exe
  2⤵
  PID:6992
- C:\Windows\System\mMgLlzz.exe
  C:\Windows\System\mMgLlzz.exe
  2⤵
  PID:5752
- C:\Windows\System\gzIdZxe.exe
  C:\Windows\System\gzIdZxe.exe
  2⤵
  PID:6200
- C:\Windows\System\oJcFQiw.exe
  C:\Windows\System\oJcFQiw.exe
  2⤵
  PID:6292
- C:\Windows\System\EeqMevG.exe
  C:\Windows\System\EeqMevG.exe
  2⤵
  PID:6392
- C:\Windows\System\YRKmWCu.exe
  C:\Windows\System\YRKmWCu.exe
  2⤵
  PID:6544
- C:\Windows\System\ndqPxMl.exe
  C:\Windows\System\ndqPxMl.exe
  2⤵
  PID:6632
- C:\Windows\System\zpUQvnl.exe
  C:\Windows\System\zpUQvnl.exe
  2⤵
  PID:6668
- C:\Windows\System\uJMSAJr.exe
  C:\Windows\System\uJMSAJr.exe
  2⤵
  PID:6540
- C:\Windows\System\okPfRJW.exe
  C:\Windows\System\okPfRJW.exe
  2⤵
  PID:6748
- C:\Windows\System\gEXsYML.exe
  C:\Windows\System\gEXsYML.exe
  2⤵
  PID:6684
- C:\Windows\System\OjraIxx.exe
  C:\Windows\System\OjraIxx.exe
  2⤵
  PID:6580
- C:\Windows\System\WFJMbIz.exe
  C:\Windows\System\WFJMbIz.exe
  2⤵
  PID:6980
- C:\Windows\System\pxjRMUD.exe
  C:\Windows\System\pxjRMUD.exe
  2⤵
  PID:7080
- C:\Windows\System\OrOxYBq.exe
  C:\Windows\System\OrOxYBq.exe
  2⤵
  PID:6960
- C:\Windows\System\noUeybK.exe
  C:\Windows\System\noUeybK.exe
  2⤵
  PID:7112
- C:\Windows\System\JfCrHFZ.exe
  C:\Windows\System\JfCrHFZ.exe
  2⤵
  PID:5612
- C:\Windows\System\gDvHEDU.exe
  C:\Windows\System\gDvHEDU.exe
  2⤵
  PID:7024
- C:\Windows\System\lNBmMCs.exe
  C:\Windows\System\lNBmMCs.exe
  2⤵
  PID:6524
- C:\Windows\System\kCTrUqo.exe
  C:\Windows\System\kCTrUqo.exe
  2⤵
  PID:7160
- C:\Windows\System\DDsPcXd.exe
  C:\Windows\System\DDsPcXd.exe
  2⤵
  PID:6664
- C:\Windows\System\AmRZido.exe
  C:\Windows\System\AmRZido.exe
  2⤵
  PID:6804
- C:\Windows\System\SyVSbGT.exe
  C:\Windows\System\SyVSbGT.exe
  2⤵
  PID:6324
- C:\Windows\System\JeNkRcr.exe
  C:\Windows\System\JeNkRcr.exe
  2⤵
  PID:7040
- C:\Windows\System\gMQZUXo.exe
  C:\Windows\System\gMQZUXo.exe
  2⤵
  PID:7000
- C:\Windows\System\XLGHVtr.exe
  C:\Windows\System\XLGHVtr.exe
  2⤵
  PID:6808
- C:\Windows\System\tNAdeZg.exe
  C:\Windows\System\tNAdeZg.exe
  2⤵
  PID:5688
- C:\Windows\System\qnICAjs.exe
  C:\Windows\System\qnICAjs.exe
  2⤵
  PID:6784
- C:\Windows\System\TxRkeqa.exe
  C:\Windows\System\TxRkeqa.exe
  2⤵
  PID:7088
- C:\Windows\System\lFKjwDk.exe
  C:\Windows\System\lFKjwDk.exe
  2⤵
  PID:6464
- C:\Windows\System\kWSqbQJ.exe
  C:\Windows\System\kWSqbQJ.exe
  2⤵
  PID:7020
- C:\Windows\System\RXQurYq.exe
  C:\Windows\System\RXQurYq.exe
  2⤵
  PID:7036
- C:\Windows\System\yicyQcL.exe
  C:\Windows\System\yicyQcL.exe
  2⤵
  PID:6964
- C:\Windows\System\jPCLfHX.exe
  C:\Windows\System\jPCLfHX.exe
  2⤵
  PID:6216
- C:\Windows\System\IQeVjYs.exe
  C:\Windows\System\IQeVjYs.exe
  2⤵
  PID:6248
- C:\Windows\System\mpIcdBW.exe
  C:\Windows\System\mpIcdBW.exe
  2⤵
  PID:6320
- C:\Windows\System\YqrAnYk.exe
  C:\Windows\System\YqrAnYk.exe
  2⤵
  PID:6184
- C:\Windows\System\RjqacTU.exe
  C:\Windows\System\RjqacTU.exe
  2⤵
  PID:7176
- C:\Windows\System\ugnOiut.exe
  C:\Windows\System\ugnOiut.exe
  2⤵
  PID:7200
- C:\Windows\System\wlFFjNL.exe
  C:\Windows\System\wlFFjNL.exe
  2⤵
  PID:7220
- C:\Windows\System\QPoMrlc.exe
  C:\Windows\System\QPoMrlc.exe
  2⤵
  PID:7248
- C:\Windows\System\MGnFOrd.exe
  C:\Windows\System\MGnFOrd.exe
  2⤵
  PID:7276
- C:\Windows\System\uNxqxva.exe
  C:\Windows\System\uNxqxva.exe
  2⤵
  PID:7292
- C:\Windows\System\pqzpLRq.exe
  C:\Windows\System\pqzpLRq.exe
  2⤵
  PID:7316
- C:\Windows\System\QsRonjt.exe
  C:\Windows\System\QsRonjt.exe
  2⤵
  PID:7336
- C:\Windows\System\wNDVaXT.exe
  C:\Windows\System\wNDVaXT.exe
  2⤵
  PID:7352
- C:\Windows\System\BmkzKkO.exe
  C:\Windows\System\BmkzKkO.exe
  2⤵
  PID:7372
- C:\Windows\System\kpAaPqN.exe
  C:\Windows\System\kpAaPqN.exe
  2⤵
  PID:7400
- C:\Windows\System\JYEYytr.exe
  C:\Windows\System\JYEYytr.exe
  2⤵
  PID:7420
- C:\Windows\System\wIcTtNY.exe
  C:\Windows\System\wIcTtNY.exe
  2⤵
  PID:7440
- C:\Windows\System\dGgLTvo.exe
  C:\Windows\System\dGgLTvo.exe
  2⤵
  PID:7460
- C:\Windows\System\yEYzAhi.exe
  C:\Windows\System\yEYzAhi.exe
  2⤵
  PID:7484
- C:\Windows\System\zrUGCeI.exe
  C:\Windows\System\zrUGCeI.exe
  2⤵
  PID:7504
- C:\Windows\System\EwlwHAn.exe
  C:\Windows\System\EwlwHAn.exe
  2⤵
  PID:7520
- C:\Windows\System\DWldmss.exe
  C:\Windows\System\DWldmss.exe
  2⤵
  PID:7540
- C:\Windows\System\BdcRJFR.exe
  C:\Windows\System\BdcRJFR.exe
  2⤵
  PID:7564
- C:\Windows\System\xINEacI.exe
  C:\Windows\System\xINEacI.exe
  2⤵
  PID:7584
- C:\Windows\System\iveNqsv.exe
  C:\Windows\System\iveNqsv.exe
  2⤵
  PID:7600
- C:\Windows\System\DYJWTIM.exe
  C:\Windows\System\DYJWTIM.exe
  2⤵
  PID:7620
- C:\Windows\System\MxlqiFR.exe
  C:\Windows\System\MxlqiFR.exe
  2⤵
  PID:7644
- C:\Windows\System\hwsgKXV.exe
  C:\Windows\System\hwsgKXV.exe
  2⤵
  PID:7664
- C:\Windows\System\GhRiDOu.exe
  C:\Windows\System\GhRiDOu.exe
  2⤵
  PID:7688
- C:\Windows\System\RGRfUOv.exe
  C:\Windows\System\RGRfUOv.exe
  2⤵
  PID:7712
- C:\Windows\System\bvNCcxP.exe
  C:\Windows\System\bvNCcxP.exe
  2⤵
  PID:7728
- C:\Windows\System\SoLfDDI.exe
  C:\Windows\System\SoLfDDI.exe
  2⤵
  PID:7744
- C:\Windows\System\rZfUwYm.exe
  C:\Windows\System\rZfUwYm.exe
  2⤵
  PID:7764
- C:\Windows\System\SYPHlYt.exe
  C:\Windows\System\SYPHlYt.exe
  2⤵
  PID:7784
- C:\Windows\System\HKZfAEr.exe
  C:\Windows\System\HKZfAEr.exe
  2⤵
  PID:7800
- C:\Windows\System\NKdomFj.exe
  C:\Windows\System\NKdomFj.exe
  2⤵
  PID:7816
- C:\Windows\System\FivhkLr.exe
  C:\Windows\System\FivhkLr.exe
  2⤵
  PID:7836
- C:\Windows\System\DkOciWi.exe
  C:\Windows\System\DkOciWi.exe
  2⤵
  PID:7856
- C:\Windows\System\OiJhJQx.exe
  C:\Windows\System\OiJhJQx.exe
  2⤵
  PID:7876
- C:\Windows\System\OnLmOFU.exe
  C:\Windows\System\OnLmOFU.exe
  2⤵
  PID:7892
- C:\Windows\System\MpbGnVr.exe
  C:\Windows\System\MpbGnVr.exe
  2⤵
  PID:7912
- C:\Windows\System\BgshJua.exe
  C:\Windows\System\BgshJua.exe
  2⤵
  PID:7936
- C:\Windows\System\ZpnKDPR.exe
  C:\Windows\System\ZpnKDPR.exe
  2⤵
  PID:7956
- C:\Windows\System\yLsinsS.exe
  C:\Windows\System\yLsinsS.exe
  2⤵
  PID:7984
- C:\Windows\System\zaylYvb.exe
  C:\Windows\System\zaylYvb.exe
  2⤵
  PID:8000
- C:\Windows\System\npqxBIG.exe
  C:\Windows\System\npqxBIG.exe
  2⤵
  PID:8020
- C:\Windows\System\lfUIPkI.exe
  C:\Windows\System\lfUIPkI.exe
  2⤵
  PID:8044
- C:\Windows\System\tnpSaBN.exe
  C:\Windows\System\tnpSaBN.exe
  2⤵
  PID:8068
- C:\Windows\System\lDmWPre.exe
  C:\Windows\System\lDmWPre.exe
  2⤵
  PID:8084
- C:\Windows\System\xZiQjhZ.exe
  C:\Windows\System\xZiQjhZ.exe
  2⤵
  PID:8108
- C:\Windows\System\RssAtyE.exe
  C:\Windows\System\RssAtyE.exe
  2⤵
  PID:8132
- C:\Windows\System\DikFQDr.exe
  C:\Windows\System\DikFQDr.exe
  2⤵
  PID:8152
- C:\Windows\System\kZlDFJf.exe
  C:\Windows\System\kZlDFJf.exe
  2⤵
  PID:8168
- C:\Windows\System\PMAYlpE.exe
  C:\Windows\System\PMAYlpE.exe
  2⤵
  PID:8188
- C:\Windows\System\AzVLkUi.exe
  C:\Windows\System\AzVLkUi.exe
  2⤵
  PID:7172
- C:\Windows\System\ghKujMx.exe
  C:\Windows\System\ghKujMx.exe
  2⤵
  PID:6428
- C:\Windows\System\ElaihdY.exe
  C:\Windows\System\ElaihdY.exe
  2⤵
  PID:7084
- C:\Windows\System\EHilwqP.exe
  C:\Windows\System\EHilwqP.exe
  2⤵
  PID:7196
- C:\Windows\System\ekIXcqF.exe
  C:\Windows\System\ekIXcqF.exe
  2⤵
  PID:7228
- C:\Windows\System\csLwfIt.exe
  C:\Windows\System\csLwfIt.exe
  2⤵
  PID:7188
- C:\Windows\System\gMhThMc.exe
  C:\Windows\System\gMhThMc.exe
  2⤵
  PID:7272
- C:\Windows\System\wutvQAM.exe
  C:\Windows\System\wutvQAM.exe
  2⤵
  PID:7312
- C:\Windows\System\GqnZbPC.exe
  C:\Windows\System\GqnZbPC.exe
  2⤵
  PID:7348
- C:\Windows\System\AKAmVqr.exe
  C:\Windows\System\AKAmVqr.exe
  2⤵
  PID:7388
- C:\Windows\System\KaOqVfz.exe
  C:\Windows\System\KaOqVfz.exe
  2⤵
  PID:7408
- C:\Windows\System\HMyyPiM.exe
  C:\Windows\System\HMyyPiM.exe
  2⤵
  PID:7448
- C:\Windows\System\uQzRpSW.exe
  C:\Windows\System\uQzRpSW.exe
  2⤵
  PID:7476
- C:\Windows\System\NnoxUDD.exe
  C:\Windows\System\NnoxUDD.exe
  2⤵
  PID:7516
- C:\Windows\System\DyHKcKV.exe
  C:\Windows\System\DyHKcKV.exe
  2⤵
  PID:7560
- C:\Windows\System\NkJvbQR.exe
  C:\Windows\System\NkJvbQR.exe
  2⤵
  PID:7592
- C:\Windows\System\tJClwyY.exe
  C:\Windows\System\tJClwyY.exe
  2⤵
  PID:7632
- C:\Windows\System\ftwscJz.exe
  C:\Windows\System\ftwscJz.exe
  2⤵
  PID:7616
- C:\Windows\System\MLyCJFh.exe
  C:\Windows\System\MLyCJFh.exe
  2⤵
  PID:7676
- C:\Windows\System\fukADJU.exe
  C:\Windows\System\fukADJU.exe
  2⤵
  PID:7724
- C:\Windows\System\vUQNefC.exe
  C:\Windows\System\vUQNefC.exe
  2⤵
  PID:7796
- C:\Windows\System\nNleiji.exe
  C:\Windows\System\nNleiji.exe
  2⤵
  PID:7736
- C:\Windows\System\hNHkebu.exe
  C:\Windows\System\hNHkebu.exe
  2⤵
  PID:7900
- C:\Windows\System\KenFNyS.exe
  C:\Windows\System\KenFNyS.exe
  2⤵
  PID:7948
- C:\Windows\System\hdbQIxi.exe
  C:\Windows\System\hdbQIxi.exe
  2⤵
  PID:7996
- C:\Windows\System\ilGprrS.exe
  C:\Windows\System\ilGprrS.exe
  2⤵
  PID:8032
- C:\Windows\System\OQnhPRH.exe
  C:\Windows\System\OQnhPRH.exe
  2⤵
  PID:7932
- C:\Windows\System\NMhpFeW.exe
  C:\Windows\System\NMhpFeW.exe
  2⤵
  PID:7928
- C:\Windows\System\UHoZLca.exe
  C:\Windows\System\UHoZLca.exe
  2⤵
  PID:8012
- C:\Windows\System\zSXxvTi.exe
  C:\Windows\System\zSXxvTi.exe
  2⤵
  PID:8056
- C:\Windows\System\Zdxsjnj.exe
  C:\Windows\System\Zdxsjnj.exe
  2⤵
  PID:8096
- C:\Windows\System\yQCjofs.exe
  C:\Windows\System\yQCjofs.exe
  2⤵
  PID:8128
- C:\Windows\System\iJgnyUN.exe
  C:\Windows\System\iJgnyUN.exe
  2⤵
  PID:8160
- C:\Windows\System\UpoexhT.exe
  C:\Windows\System\UpoexhT.exe
  2⤵
  PID:8184
- C:\Windows\System\fxwBmmc.exe
  C:\Windows\System\fxwBmmc.exe
  2⤵
  PID:6268
- C:\Windows\System\BKhnmDG.exe
  C:\Windows\System\BKhnmDG.exe
  2⤵
  PID:7236
- C:\Windows\System\bpybekA.exe
  C:\Windows\System\bpybekA.exe
  2⤵
  PID:7212
- C:\Windows\System\opvsWNq.exe
  C:\Windows\System\opvsWNq.exe
  2⤵
  PID:7232
- C:\Windows\System\XcByMvc.exe
  C:\Windows\System\XcByMvc.exe
  2⤵
  PID:7428
- C:\Windows\System\GPjRMlC.exe
  C:\Windows\System\GPjRMlC.exe
  2⤵
  PID:7384
- C:\Windows\System\jGGSVGP.exe
  C:\Windows\System\jGGSVGP.exe
  2⤵
  PID:7324
- C:\Windows\System\oFqhWgZ.exe
  C:\Windows\System\oFqhWgZ.exe
  2⤵
  PID:7548
- C:\Windows\System\ISDHxYy.exe
  C:\Windows\System\ISDHxYy.exe
  2⤵
  PID:7556
- C:\Windows\System\iurrPGy.exe
  C:\Windows\System\iurrPGy.exe
  2⤵
  PID:7628
- C:\Windows\System\QPgZGzu.exe
  C:\Windows\System\QPgZGzu.exe
  2⤵
  PID:7756
- C:\Windows\System\HXMLpeW.exe
  C:\Windows\System\HXMLpeW.exe
  2⤵
  PID:7868
- C:\Windows\System\fvErWwk.exe
  C:\Windows\System\fvErWwk.exe
  2⤵
  PID:7812
- C:\Windows\System\hLIMmtc.exe
  C:\Windows\System\hLIMmtc.exe
  2⤵
  PID:7832
- C:\Windows\System\FZvQtkn.exe
  C:\Windows\System\FZvQtkn.exe
  2⤵
  PID:7952
- C:\Windows\System\DhczXJt.exe
  C:\Windows\System\DhczXJt.exe
  2⤵
  PID:7696
- C:\Windows\System\PigsrQX.exe
  C:\Windows\System\PigsrQX.exe
  2⤵
  PID:8080
- C:\Windows\System\yKWzAGk.exe
  C:\Windows\System\yKWzAGk.exe
  2⤵
  PID:8060
- C:\Windows\System\KSilmlP.exe
  C:\Windows\System\KSilmlP.exe
  2⤵
  PID:8040
- C:\Windows\System\HbgutDQ.exe
  C:\Windows\System\HbgutDQ.exe
  2⤵
  PID:8144
- C:\Windows\System\vOjEIzD.exe
  C:\Windows\System\vOjEIzD.exe
  2⤵
  PID:7264
- C:\Windows\System\iGIeude.exe
  C:\Windows\System\iGIeude.exe
  2⤵
  PID:8180
- C:\Windows\System\KrareUU.exe
  C:\Windows\System\KrareUU.exe
  2⤵
  PID:7364
- C:\Windows\System\rWvBJuo.exe
  C:\Windows\System\rWvBJuo.exe
  2⤵
  PID:7452
- C:\Windows\System\BWBQBCu.exe
  C:\Windows\System\BWBQBCu.exe
  2⤵
  PID:7672
- C:\Windows\System\LtDBYDk.exe
  C:\Windows\System\LtDBYDk.exe
  2⤵
  PID:7480
- C:\Windows\System\rAMYOIA.exe
  C:\Windows\System\rAMYOIA.exe
  2⤵
  PID:7580
- C:\Windows\System\vHKVOWV.exe
  C:\Windows\System\vHKVOWV.exe
  2⤵
  PID:7760
- C:\Windows\System\qTIWWrk.exe
  C:\Windows\System\qTIWWrk.exe
  2⤵
  PID:7976
- C:\Windows\System\dpXJGhW.exe
  C:\Windows\System\dpXJGhW.exe
  2⤵
  PID:7888
- C:\Windows\System\bSpBgKE.exe
  C:\Windows\System\bSpBgKE.exe
  2⤵
  PID:7772
- C:\Windows\System\dxzQhFa.exe
  C:\Windows\System\dxzQhFa.exe
  2⤵
  PID:6852
- C:\Windows\System\MMXkaIB.exe
  C:\Windows\System\MMXkaIB.exe
  2⤵
  PID:7060
- C:\Windows\System\iVoXUul.exe
  C:\Windows\System\iVoXUul.exe
  2⤵
  PID:7344
- C:\Windows\System\HHWrsqv.exe
  C:\Windows\System\HHWrsqv.exe
  2⤵
  PID:7328
- C:\Windows\System\MgvfhWX.exe
  C:\Windows\System\MgvfhWX.exe
  2⤵
  PID:7552
- C:\Windows\System\QLebppx.exe
  C:\Windows\System\QLebppx.exe
  2⤵
  PID:8028
- C:\Windows\System\yJznehT.exe
  C:\Windows\System\yJznehT.exe
  2⤵
  PID:7780
- C:\Windows\System\CROXFZp.exe
  C:\Windows\System\CROXFZp.exe
  2⤵
  PID:6552
- C:\Windows\System\HxfDuZA.exe
  C:\Windows\System\HxfDuZA.exe
  2⤵
  PID:7300
- C:\Windows\System\ICjgxbR.exe
  C:\Windows\System\ICjgxbR.exe
  2⤵
  PID:7660
- C:\Windows\System\NguOgPD.exe
  C:\Windows\System\NguOgPD.exe
  2⤵
  PID:7436
- C:\Windows\System\ojixOwN.exe
  C:\Windows\System\ojixOwN.exe
  2⤵
  PID:7828
- C:\Windows\System\yVJpoKt.exe
  C:\Windows\System\yVJpoKt.exe
  2⤵
  PID:7684
- C:\Windows\System\yIyvcuW.exe
  C:\Windows\System\yIyvcuW.exe
  2⤵
  PID:6408
- C:\Windows\System\uuhMTfN.exe
  C:\Windows\System\uuhMTfN.exe
  2⤵
  PID:7992
- C:\Windows\System\aSsbfdD.exe
  C:\Windows\System\aSsbfdD.exe
  2⤵
  PID:7532
- C:\Windows\System\OHDFOaq.exe
  C:\Windows\System\OHDFOaq.exe
  2⤵
  PID:8100
- C:\Windows\System\zSVdiKU.exe
  C:\Windows\System\zSVdiKU.exe
  2⤵
  PID:7980
- C:\Windows\System\MUBjnLR.exe
  C:\Windows\System\MUBjnLR.exe
  2⤵
  PID:8120
- C:\Windows\System\TAEItCh.exe
  C:\Windows\System\TAEItCh.exe
  2⤵
  PID:7208
- C:\Windows\System\JfiVbhl.exe
  C:\Windows\System\JfiVbhl.exe
  2⤵
  PID:8212
- C:\Windows\System\cZOkpAQ.exe
  C:\Windows\System\cZOkpAQ.exe
  2⤵
  PID:8236
- C:\Windows\System\BJlTwRy.exe
  C:\Windows\System\BJlTwRy.exe
  2⤵
  PID:8252
- C:\Windows\System\CdnJTvx.exe
  C:\Windows\System\CdnJTvx.exe
  2⤵
  PID:8272
- C:\Windows\System\kRMVTCj.exe
  C:\Windows\System\kRMVTCj.exe
  2⤵
  PID:8292
- C:\Windows\System\tAbtcrB.exe
  C:\Windows\System\tAbtcrB.exe
  2⤵
  PID:8308
- C:\Windows\System\GnmZkEa.exe
  C:\Windows\System\GnmZkEa.exe
  2⤵
  PID:8324
- C:\Windows\System\vJvgdkL.exe
  C:\Windows\System\vJvgdkL.exe
  2⤵
  PID:8352
- C:\Windows\System\vjXXior.exe
  C:\Windows\System\vjXXior.exe
  2⤵
  PID:8372
- C:\Windows\System\bMvhboQ.exe
  C:\Windows\System\bMvhboQ.exe
  2⤵
  PID:8392
- C:\Windows\System\olukpIk.exe
  C:\Windows\System\olukpIk.exe
  2⤵
  PID:8416
- C:\Windows\System\yrJslOd.exe
  C:\Windows\System\yrJslOd.exe
  2⤵
  PID:8436
- C:\Windows\System\kxXnnkm.exe
  C:\Windows\System\kxXnnkm.exe
  2⤵
  PID:8460
- C:\Windows\System\HtLrMHH.exe
  C:\Windows\System\HtLrMHH.exe
  2⤵
  PID:8476
- C:\Windows\System\iFyuTQc.exe
  C:\Windows\System\iFyuTQc.exe
  2⤵
  PID:8496
- C:\Windows\System\TQhoCFw.exe
  C:\Windows\System\TQhoCFw.exe
  2⤵
  PID:8516
- C:\Windows\System\iDaOHzd.exe
  C:\Windows\System\iDaOHzd.exe
  2⤵
  PID:8540
- C:\Windows\System\zufLUqf.exe
  C:\Windows\System\zufLUqf.exe
  2⤵
  PID:8556
- C:\Windows\System\sowojkK.exe
  C:\Windows\System\sowojkK.exe
  2⤵
  PID:8572
- C:\Windows\System\DaAscWV.exe
  C:\Windows\System\DaAscWV.exe
  2⤵
  PID:8600
- C:\Windows\System\VREcIaK.exe
  C:\Windows\System\VREcIaK.exe
  2⤵
  PID:8616
- C:\Windows\System\AxEsQYK.exe
  C:\Windows\System\AxEsQYK.exe
  2⤵
  PID:8632
- C:\Windows\System\zuEdryi.exe
  C:\Windows\System\zuEdryi.exe
  2⤵
  PID:8648
- C:\Windows\System\qXxQpoT.exe
  C:\Windows\System\qXxQpoT.exe
  2⤵
  PID:8664
- C:\Windows\System\rlcAhnj.exe
  C:\Windows\System\rlcAhnj.exe
  2⤵
  PID:8688
- C:\Windows\System\LqHWkXa.exe
  C:\Windows\System\LqHWkXa.exe
  2⤵
  PID:8708
- C:\Windows\System\ZwWxOBD.exe
  C:\Windows\System\ZwWxOBD.exe
  2⤵
  PID:8724
- C:\Windows\System\wJJWSeQ.exe
  C:\Windows\System\wJJWSeQ.exe
  2⤵
  PID:8740
- C:\Windows\System\ReorgLm.exe
  C:\Windows\System\ReorgLm.exe
  2⤵
  PID:8764
- C:\Windows\System\mhZAlPR.exe
  C:\Windows\System\mhZAlPR.exe
  2⤵
  PID:8784
- C:\Windows\System\ndgYgls.exe
  C:\Windows\System\ndgYgls.exe
  2⤵
  PID:8800
- C:\Windows\System\ViLpJlN.exe
  C:\Windows\System\ViLpJlN.exe
  2⤵
  PID:8824
- C:\Windows\System\XHdJhlp.exe
  C:\Windows\System\XHdJhlp.exe
  2⤵
  PID:8856
- C:\Windows\System\MpjrPpl.exe
  C:\Windows\System\MpjrPpl.exe
  2⤵
  PID:8872
- C:\Windows\System\yzCKfzv.exe
  C:\Windows\System\yzCKfzv.exe
  2⤵
  PID:8888
- C:\Windows\System\rofxBgn.exe
  C:\Windows\System\rofxBgn.exe
  2⤵
  PID:8908
- C:\Windows\System\mkAjTcB.exe
  C:\Windows\System\mkAjTcB.exe
  2⤵
  PID:8924
- C:\Windows\System\RRtvocp.exe
  C:\Windows\System\RRtvocp.exe
  2⤵
  PID:8944
- C:\Windows\System\ybFYuBZ.exe
  C:\Windows\System\ybFYuBZ.exe
  2⤵
  PID:8960
- C:\Windows\System\fQCMSuG.exe
  C:\Windows\System\fQCMSuG.exe
  2⤵
  PID:8992
- C:\Windows\System\bgAjGop.exe
  C:\Windows\System\bgAjGop.exe
  2⤵
  PID:9012
- C:\Windows\System\ZoWREKJ.exe
  C:\Windows\System\ZoWREKJ.exe
  2⤵
  PID:9028
- C:\Windows\System\tKsbvTt.exe
  C:\Windows\System\tKsbvTt.exe
  2⤵
  PID:9052
- C:\Windows\System\huvBiUA.exe
  C:\Windows\System\huvBiUA.exe
  2⤵
  PID:9084
- C:\Windows\System\YRLtzwY.exe
  C:\Windows\System\YRLtzwY.exe
  2⤵
  PID:9100
- C:\Windows\System\gUozxCH.exe
  C:\Windows\System\gUozxCH.exe
  2⤵
  PID:9120
- C:\Windows\System\jJXceZW.exe
  C:\Windows\System\jJXceZW.exe
  2⤵
  PID:9136
- C:\Windows\System\WenIDDZ.exe
  C:\Windows\System\WenIDDZ.exe
  2⤵
  PID:9152
- C:\Windows\System\EJagJbj.exe
  C:\Windows\System\EJagJbj.exe
  2⤵
  PID:9184
- C:\Windows\System\edqsRki.exe
  C:\Windows\System\edqsRki.exe
  2⤵
  PID:9200
- C:\Windows\System\dbGYWvH.exe
  C:\Windows\System\dbGYWvH.exe
  2⤵
  PID:8220
- C:\Windows\System\pFKSULO.exe
  C:\Windows\System\pFKSULO.exe
  2⤵
  PID:8232
- C:\Windows\System\cuAcyOe.exe
  C:\Windows\System\cuAcyOe.exe
  2⤵
  PID:8280
- C:\Windows\System\CwkYiCK.exe
  C:\Windows\System\CwkYiCK.exe
  2⤵
  PID:8336
- C:\Windows\System\zukDOsA.exe
  C:\Windows\System\zukDOsA.exe
  2⤵
  PID:8320
- C:\Windows\System\Pobtyju.exe
  C:\Windows\System\Pobtyju.exe
  2⤵
  PID:8384
- C:\Windows\System\zXAbFgO.exe
  C:\Windows\System\zXAbFgO.exe
  2⤵
  PID:8404
- C:\Windows\System\LFFgXPs.exe
  C:\Windows\System\LFFgXPs.exe
  2⤵
  PID:8428
- C:\Windows\System\pLPwjQi.exe
  C:\Windows\System\pLPwjQi.exe
  2⤵
  PID:8448
- C:\Windows\System\OdOMHkN.exe
  C:\Windows\System\OdOMHkN.exe
  2⤵
  PID:8504
- C:\Windows\System\EjIxuEm.exe
  C:\Windows\System\EjIxuEm.exe
  2⤵
  PID:8528
- C:\Windows\System\RRoyQGB.exe
  C:\Windows\System\RRoyQGB.exe
  2⤵
  PID:8568
- C:\Windows\System\sLORskc.exe
  C:\Windows\System\sLORskc.exe
  2⤵
  PID:8536
- C:\Windows\System\EgjIXvK.exe
  C:\Windows\System\EgjIXvK.exe
  2⤵
  PID:8696
- C:\Windows\System\PenmtrD.exe
  C:\Windows\System\PenmtrD.exe
  2⤵
  PID:8672
- C:\Windows\System\swTXEyA.exe
  C:\Windows\System\swTXEyA.exe
  2⤵
  PID:8612
- C:\Windows\System\OnmyvmM.exe
  C:\Windows\System\OnmyvmM.exe
  2⤵
  PID:8680
- C:\Windows\System\vvTkoEU.exe
  C:\Windows\System\vvTkoEU.exe
  2⤵
  PID:8720
- C:\Windows\System\tJDGvDz.exe
  C:\Windows\System\tJDGvDz.exe
  2⤵
  PID:8820
- C:\Windows\System\nGDcaZS.exe
  C:\Windows\System\nGDcaZS.exe
  2⤵
  PID:8868
- C:\Windows\System\yzomJZh.exe
  C:\Windows\System\yzomJZh.exe
  2⤵
  PID:8904
- C:\Windows\System\EKZGnah.exe
  C:\Windows\System\EKZGnah.exe
  2⤵
  PID:8848
- C:\Windows\System\bFcaOUD.exe
  C:\Windows\System\bFcaOUD.exe
  2⤵
  PID:8972
- C:\Windows\System\gnIFmRR.exe
  C:\Windows\System\gnIFmRR.exe
  2⤵
  PID:8880
- C:\Windows\System\aJwCCWZ.exe
  C:\Windows\System\aJwCCWZ.exe
  2⤵
  PID:9000
- C:\Windows\System\LdSHKnK.exe
  C:\Windows\System\LdSHKnK.exe
  2⤵
  PID:9044
- C:\Windows\System\aooRRrD.exe
  C:\Windows\System\aooRRrD.exe
  2⤵
  PID:9072
- C:\Windows\System\SFvUUCl.exe
  C:\Windows\System\SFvUUCl.exe
  2⤵
  PID:9116
- C:\Windows\System\YizMCZQ.exe
  C:\Windows\System\YizMCZQ.exe
  2⤵
  PID:9160
- C:\Windows\System\hyQkdCt.exe
  C:\Windows\System\hyQkdCt.exe
  2⤵
  PID:9076
- C:\Windows\System\vnbCBjO.exe
  C:\Windows\System\vnbCBjO.exe
  2⤵
  PID:9212
- C:\Windows\System\fEcfkxy.exe
  C:\Windows\System\fEcfkxy.exe
  2⤵
  PID:8228
- C:\Windows\System\MrbndNX.exe
  C:\Windows\System\MrbndNX.exe
  2⤵
  PID:8268
- C:\Windows\System\OfOAwdW.exe
  C:\Windows\System\OfOAwdW.exe
  2⤵
  PID:8344
- C:\Windows\System\CkxbGdY.exe
  C:\Windows\System\CkxbGdY.exe
  2⤵
  PID:8472
- C:\Windows\System\YdGjsec.exe
  C:\Windows\System\YdGjsec.exe
  2⤵
  PID:8360
- C:\Windows\System\TOBmZaV.exe
  C:\Windows\System\TOBmZaV.exe
  2⤵
  PID:8508
- C:\Windows\System\OayqPtY.exe
  C:\Windows\System\OayqPtY.exe
  2⤵
  PID:8524
- C:\Windows\System\AAsXTmH.exe
  C:\Windows\System\AAsXTmH.exe
  2⤵
  PID:8592
- C:\Windows\System\BBAlFWs.exe
  C:\Windows\System\BBAlFWs.exe
  2⤵
  PID:8772
- C:\Windows\System\mteuaOe.exe
  C:\Windows\System\mteuaOe.exe
  2⤵
  PID:8676
- C:\Windows\System\SundZpP.exe
  C:\Windows\System\SundZpP.exe
  2⤵
  PID:8796
- C:\Windows\System\dKDYVaF.exe
  C:\Windows\System\dKDYVaF.exe
  2⤵
  PID:8864
- C:\Windows\System\xVDOIcu.exe
  C:\Windows\System\xVDOIcu.exe
  2⤵
  PID:8940
- C:\Windows\System\jUQXiAb.exe
  C:\Windows\System\jUQXiAb.exe
  2⤵
  PID:9024
- C:\Windows\System\FxHVXmc.exe
  C:\Windows\System\FxHVXmc.exe
  2⤵
  PID:9064
- C:\Windows\System\SRqlSic.exe
  C:\Windows\System\SRqlSic.exe
  2⤵
  PID:9092
- C:\Windows\System\LwGXmnu.exe
  C:\Windows\System\LwGXmnu.exe
  2⤵
  PID:9132
- C:\Windows\System\LqenAaU.exe
  C:\Windows\System\LqenAaU.exe
  2⤵
  PID:8208
- C:\Windows\System\TjWZbfI.exe
  C:\Windows\System\TjWZbfI.exe
  2⤵
  PID:8300
- C:\Windows\System\TZPWRLi.exe
  C:\Windows\System\TZPWRLi.exe
  2⤵
  PID:8468
- C:\Windows\System\hpildlf.exe
  C:\Windows\System\hpildlf.exe
  2⤵
  PID:8548
- C:\Windows\System\XRYluOW.exe
  C:\Windows\System\XRYluOW.exe
  2⤵
  PID:8348
- C:\Windows\System\tbjlWWk.exe
  C:\Windows\System\tbjlWWk.exe
  2⤵
  PID:8608
- C:\Windows\System\CvDsjOE.exe
  C:\Windows\System\CvDsjOE.exe
  2⤵
  PID:8840
- C:\Windows\System\mBSLNmi.exe
  C:\Windows\System\mBSLNmi.exe
  2⤵
  PID:8588
- C:\Windows\System\XyPtEFN.exe
  C:\Windows\System\XyPtEFN.exe
  2⤵
  PID:8640
- C:\Windows\System\voUrhdT.exe
  C:\Windows\System\voUrhdT.exe
  2⤵
  PID:9108
- C:\Windows\System\twNjQoj.exe
  C:\Windows\System\twNjQoj.exe
  2⤵
  PID:9040
- C:\Windows\System\rZSBizN.exe
  C:\Windows\System\rZSBizN.exe
  2⤵
  PID:8264
- C:\Windows\System\ImeemgW.exe
  C:\Windows\System\ImeemgW.exe
  2⤵
  PID:8380
- C:\Windows\System\TIzxeOk.exe
  C:\Windows\System\TIzxeOk.exe
  2⤵
  PID:8736
- C:\Windows\System\sfvTzzi.exe
  C:\Windows\System\sfvTzzi.exe
  2⤵
  PID:8900
- C:\Windows\System\aSAUBgo.exe
  C:\Windows\System\aSAUBgo.exe
  2⤵
  PID:9112
- C:\Windows\System\SoNwvSQ.exe
  C:\Windows\System\SoNwvSQ.exe
  2⤵
  PID:1004
- C:\Windows\System\FXbrlji.exe
  C:\Windows\System\FXbrlji.exe
  2⤵
  PID:8816
- C:\Windows\System\XvURWPs.exe
  C:\Windows\System\XvURWPs.exe
  2⤵
  PID:7260
- C:\Windows\System\cCyiWkZ.exe
  C:\Windows\System\cCyiWkZ.exe
  2⤵
  PID:8364
- C:\Windows\System\NhRSTfY.exe
  C:\Windows\System\NhRSTfY.exe
  2⤵
  PID:8988
- C:\Windows\System\EVOuiLP.exe
  C:\Windows\System\EVOuiLP.exe
  2⤵
  PID:9036
- C:\Windows\System\PjmPfta.exe
  C:\Windows\System\PjmPfta.exe
  2⤵
  PID:7332
- C:\Windows\System\xpKUuNj.exe
  C:\Windows\System\xpKUuNj.exe
  2⤵
  PID:8412
- C:\Windows\System\xzURPCM.exe
  C:\Windows\System\xzURPCM.exe
  2⤵
  PID:8792
- C:\Windows\System\OAJqhNK.exe
  C:\Windows\System\OAJqhNK.exe
  2⤵
  PID:9168
- C:\Windows\System\DPUyfPD.exe
  C:\Windows\System\DPUyfPD.exe
  2⤵
  PID:9148
- C:\Windows\System\MtwZctq.exe
  C:\Windows\System\MtwZctq.exe
  2⤵
  PID:9164
- C:\Windows\System\owLJWUO.exe
  C:\Windows\System\owLJWUO.exe
  2⤵
  PID:8400
- C:\Windows\System\rrMEFsL.exe
  C:\Windows\System\rrMEFsL.exe
  2⤵
  PID:9236
- C:\Windows\System\szQOdbE.exe
  C:\Windows\System\szQOdbE.exe
  2⤵
  PID:9256
- C:\Windows\System\yWPXTNA.exe
  C:\Windows\System\yWPXTNA.exe
  2⤵
  PID:9280
- C:\Windows\System\tsdNdbG.exe
  C:\Windows\System\tsdNdbG.exe
  2⤵
  PID:9296
- C:\Windows\System\vOkVDwk.exe
  C:\Windows\System\vOkVDwk.exe
  2⤵
  PID:9316
- C:\Windows\System\fcqXzdR.exe
  C:\Windows\System\fcqXzdR.exe
  2⤵
  PID:9336
- C:\Windows\System\cdYVlCR.exe
  C:\Windows\System\cdYVlCR.exe
  2⤵
  PID:9360
- C:\Windows\System\mJfGAGP.exe
  C:\Windows\System\mJfGAGP.exe
  2⤵
  PID:9384
- C:\Windows\System\SnxtVQv.exe
  C:\Windows\System\SnxtVQv.exe
  2⤵
  PID:9400
- C:\Windows\System\eYdoYuF.exe
  C:\Windows\System\eYdoYuF.exe
  2⤵
  PID:9420
- C:\Windows\System\RRAuVwv.exe
  C:\Windows\System\RRAuVwv.exe
  2⤵
  PID:9444
- C:\Windows\System\DcRwOhT.exe
  C:\Windows\System\DcRwOhT.exe
  2⤵
  PID:9464
- C:\Windows\System\fZlQQoX.exe
  C:\Windows\System\fZlQQoX.exe
  2⤵
  PID:9484
- C:\Windows\System\hXXfWUb.exe
  C:\Windows\System\hXXfWUb.exe
  2⤵
  PID:9500
- C:\Windows\System\OTDaati.exe
  C:\Windows\System\OTDaati.exe
  2⤵
  PID:9520
- C:\Windows\System\hrsDmJz.exe
  C:\Windows\System\hrsDmJz.exe
  2⤵
  PID:9544
- C:\Windows\System\sogVcdm.exe
  C:\Windows\System\sogVcdm.exe
  2⤵
  PID:9560
- C:\Windows\System\hnPIqCq.exe
  C:\Windows\System\hnPIqCq.exe
  2⤵
  PID:9584
- C:\Windows\System\FowEkVT.exe
  C:\Windows\System\FowEkVT.exe
  2⤵
  PID:9604
- C:\Windows\System\yWBpLDM.exe
  C:\Windows\System\yWBpLDM.exe
  2⤵
  PID:9620
- C:\Windows\System\dBFfCPR.exe
  C:\Windows\System\dBFfCPR.exe
  2⤵
  PID:9640
- C:\Windows\System\qjYmsxf.exe
  C:\Windows\System\qjYmsxf.exe
  2⤵
  PID:9656
- C:\Windows\System\rCgwaoR.exe
  C:\Windows\System\rCgwaoR.exe
  2⤵
  PID:9684
- C:\Windows\System\TXHQsli.exe
  C:\Windows\System\TXHQsli.exe
  2⤵
  PID:9700
- C:\Windows\System\sAlFYUJ.exe
  C:\Windows\System\sAlFYUJ.exe
  2⤵
  PID:9724
- C:\Windows\System\clicyJC.exe
  C:\Windows\System\clicyJC.exe
  2⤵
  PID:9740
- C:\Windows\System\oDJjWTH.exe
  C:\Windows\System\oDJjWTH.exe
  2⤵
  PID:9760
- C:\Windows\System\FRULCsi.exe
  C:\Windows\System\FRULCsi.exe
  2⤵
  PID:9776
- C:\Windows\System\YETbOGx.exe
  C:\Windows\System\YETbOGx.exe
  2⤵
  PID:9804
- C:\Windows\System\fFkJpJI.exe
  C:\Windows\System\fFkJpJI.exe
  2⤵
  PID:9820
- C:\Windows\System\LCpqRFt.exe
  C:\Windows\System\LCpqRFt.exe
  2⤵
  PID:9836
- C:\Windows\System\XVYcZag.exe
  C:\Windows\System\XVYcZag.exe
  2⤵
  PID:9856
- C:\Windows\System\bUuxBED.exe
  C:\Windows\System\bUuxBED.exe
  2⤵
  PID:9872
- C:\Windows\System\RUEIMiW.exe
  C:\Windows\System\RUEIMiW.exe
  2⤵
  PID:9892
- C:\Windows\System\EhTSQjR.exe
  C:\Windows\System\EhTSQjR.exe
  2⤵
  PID:9916
- C:\Windows\System\PdQUIqX.exe
  C:\Windows\System\PdQUIqX.exe
  2⤵
  PID:9940
- C:\Windows\System\LyZPuAw.exe
  C:\Windows\System\LyZPuAw.exe
  2⤵
  PID:9956
- C:\Windows\System\attVuXk.exe
  C:\Windows\System\attVuXk.exe
  2⤵
  PID:9980
- C:\Windows\System\saHonKQ.exe
  C:\Windows\System\saHonKQ.exe
  2⤵
  PID:10000
- C:\Windows\System\FRjIYil.exe
  C:\Windows\System\FRjIYil.exe
  2⤵
  PID:10020
- C:\Windows\System\wdPBBzm.exe
  C:\Windows\System\wdPBBzm.exe
  2⤵
  PID:10036
- C:\Windows\System\JyGaGWB.exe
  C:\Windows\System\JyGaGWB.exe
  2⤵
  PID:10060
- C:\Windows\System\VMBaKTA.exe
  C:\Windows\System\VMBaKTA.exe
  2⤵
  PID:10076
- C:\Windows\System\qMJzQZJ.exe
  C:\Windows\System\qMJzQZJ.exe
  2⤵
  PID:10092
- C:\Windows\System\lmbDfFt.exe
  C:\Windows\System\lmbDfFt.exe
  2⤵
  PID:10112
- C:\Windows\System\DmOlGte.exe
  C:\Windows\System\DmOlGte.exe
  2⤵
  PID:10136
- C:\Windows\System\eflBMQJ.exe
  C:\Windows\System\eflBMQJ.exe
  2⤵
  PID:10152
- C:\Windows\System\tpWGrpE.exe
  C:\Windows\System\tpWGrpE.exe
  2⤵
  PID:10168
- C:\Windows\System\pBpKRhb.exe
  C:\Windows\System\pBpKRhb.exe
  2⤵
  PID:10204
- C:\Windows\System\naIYOyH.exe
  C:\Windows\System\naIYOyH.exe
  2⤵
  PID:10220
- C:\Windows\System\bWhhZVn.exe
  C:\Windows\System\bWhhZVn.exe
  2⤵
  PID:10236
- C:\Windows\System\VpaBrPW.exe
  C:\Windows\System\VpaBrPW.exe
  2⤵
  PID:9228
- C:\Windows\System\cGITkDh.exe
  C:\Windows\System\cGITkDh.exe
  2⤵
  PID:9276
- C:\Windows\System\nzCeVVP.exe
  C:\Windows\System\nzCeVVP.exe
  2⤵
  PID:9292
- C:\Windows\System\NCEbKdP.exe
  C:\Windows\System\NCEbKdP.exe
  2⤵
  PID:9328
- C:\Windows\System\DlAsByz.exe
  C:\Windows\System\DlAsByz.exe
  2⤵
  PID:9356
- C:\Windows\System\jIxzpYB.exe
  C:\Windows\System\jIxzpYB.exe
  2⤵
  PID:9392
- C:\Windows\System\ngyNXVY.exe
  C:\Windows\System\ngyNXVY.exe
  2⤵
  PID:9440
- C:\Windows\System\lttdZNy.exe
  C:\Windows\System\lttdZNy.exe
  2⤵
  PID:9476
- C:\Windows\System\KzwmmEO.exe
  C:\Windows\System\KzwmmEO.exe
  2⤵
  PID:9516
- C:\Windows\System\mJNjJmt.exe
  C:\Windows\System\mJNjJmt.exe
  2⤵
  PID:9536
- C:\Windows\System\jVbPDMw.exe
  C:\Windows\System\jVbPDMw.exe
  2⤵
  PID:9580
- C:\Windows\System\SfNuiDY.exe
  C:\Windows\System\SfNuiDY.exe
  2⤵
  PID:9596
- C:\Windows\System\odpXToP.exe
  C:\Windows\System\odpXToP.exe
  2⤵
  PID:9648
- C:\Windows\System\IxUUPzA.exe
  C:\Windows\System\IxUUPzA.exe
  2⤵
  PID:9668
- C:\Windows\System\RIXHnzv.exe
  C:\Windows\System\RIXHnzv.exe
  2⤵
  PID:9720
- C:\Windows\System\OWiKGlJ.exe
  C:\Windows\System\OWiKGlJ.exe
  2⤵
  PID:9748
- C:\Windows\System\NoDQXeE.exe
  C:\Windows\System\NoDQXeE.exe
  2⤵
  PID:9796
- C:\Windows\System\jWtgTro.exe
  C:\Windows\System\jWtgTro.exe
  2⤵
  PID:9816
- C:\Windows\System\KxvcSXT.exe
  C:\Windows\System\KxvcSXT.exe
  2⤵
  PID:9868
- C:\Windows\System\Rpijyyv.exe
  C:\Windows\System\Rpijyyv.exe
  2⤵
  PID:9904
- C:\Windows\System\FTXkVFv.exe
  C:\Windows\System\FTXkVFv.exe
  2⤵
  PID:9852
- C:\Windows\System\CakPyLi.exe
  C:\Windows\System\CakPyLi.exe
  2⤵
  PID:9952
- C:\Windows\System\RhejzMy.exe
  C:\Windows\System\RhejzMy.exe
  2⤵
  PID:9972
- C:\Windows\System\hiifoXe.exe
  C:\Windows\System\hiifoXe.exe
  2⤵
  PID:10008
- C:\Windows\System\RHIiOZV.exe
  C:\Windows\System\RHIiOZV.exe
  2⤵
  PID:10032
- C:\Windows\System\GSzvgzl.exe
  C:\Windows\System\GSzvgzl.exe
  2⤵
  PID:10100
- C:\Windows\System\iohEfhd.exe
  C:\Windows\System\iohEfhd.exe
  2⤵
  PID:10144
- C:\Windows\System\EusbhjZ.exe
  C:\Windows\System\EusbhjZ.exe
  2⤵
  PID:10188
- C:\Windows\System\RSXtwsM.exe
  C:\Windows\System\RSXtwsM.exe
  2⤵
  PID:10132
- C:\Windows\System\ZloWeNQ.exe
  C:\Windows\System\ZloWeNQ.exe
  2⤵
  PID:10200
- C:\Windows\System\KxhYMRB.exe
  C:\Windows\System\KxhYMRB.exe
  2⤵
  PID:9268
- C:\Windows\System\FseoLzc.exe
  C:\Windows\System\FseoLzc.exe
  2⤵
  PID:9368
- C:\Windows\System\ugtcRWC.exe
  C:\Windows\System\ugtcRWC.exe
  2⤵
  PID:9452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CKcwCcf.exe

Filesize
6.0MB

MD5
6369f65c0c24d8cee5cbe4d0b2f75c25

SHA1
529c510080f0f4a233699fa04b44a12ddffcc42f

SHA256
715740a5421fe65d887e8a0868fd41036ca262711b8533ac8a28dbc8d60cab20

SHA512
bc34fd279c5331e3bd6c79e9e1ed827c2140fa3bfe81e7b57047038959352ca0510dfee214549aeee0fcb4df8c597a254ee2a703aa2a71b2fa9e50a0074db95a

Download Submit
C:\Windows\system\DAcTtdD.exe

Filesize
6.0MB

MD5
a364ec413ecf5efd8b00462b4a495452

SHA1
5cc2fc587ee3bafd4a3cdb1dfa51ad183009ae6e

SHA256
a60063bbb10dbc6ade9ef064dbf3bc9f581104ee13c50282c7dc44b161cdaf29

SHA512
f4da34b103c923b2886a08b51ac6f17fdd9f9d136ffadf219f903a3a11a35845fa3837e07a7eb8e96700d039252d9bb1b1cbed7a07da35905597fa0038e7ee83

Download Submit
C:\Windows\system\EtwRjVc.exe

Filesize
6.0MB

MD5
67ab37bfbcb033893b62690c6228bee9

SHA1
887214a42c069f9b899ccfe5796f97deede39373

SHA256
6045603a83940b1a8dc6e4f4e82e22c214b2f6fe3153c9bced202a1e668e7b42

SHA512
46cfcbaf7e3f68937264939cd425a35ef744fa4bf8e67148c84c6a05e916709e4d774f4e5b93132a47f5043e19a530a6e90164329cd4024486efcf3d33095c7d

Download Submit
C:\Windows\system\JRalTBN.exe

Filesize
6.0MB

MD5
6940d8c4284dfa2729b20d340e6bf858

SHA1
a7f552583ab74f68e08bdc693232bb1883155527

SHA256
c36022f699aa346e9c1ad69b9be7600b342033e179ca3e140349f5776f43c997

SHA512
72b5de496dcf8161076cb7763355445c8827bc6a8bac88c49ea72a630924e7361d05725e1035477a343a980ab3cf2ef937eccefd6a91d3a69bb54dd68b024570

Download Submit
C:\Windows\system\MTxVwGN.exe

Filesize
6.0MB

MD5
39f0db4805188816aeec85934457e947

SHA1
558144dc564c652e7c9ce633e846cec3333d7799

SHA256
c398ef4222bf49b96f03677d49d20431eb401fc4f4b82a47986b7cfb8f97336f

SHA512
e1bdc5b76281a0343a5cae8a52635f49b63d0a8e330dada7426cc29a9f60234c9da19e24bd8e81e770bcecfb0302a54c2c360b20e952ee504c727de23e3350dd

Download Submit
C:\Windows\system\NdZvdxN.exe

Filesize
6.0MB

MD5
8b7918d4812ffc296863a33710f3f9d9

SHA1
83113a925bf870b9c64c4f8b46c705d57d02ae84

SHA256
e88dc6419941865252cf75c5ef6fa247e7239b1f20cbcf5508fe1198adc84629

SHA512
b402a3b7cf27a1ae754783369059405efbd98969109f3d1054724b9545ff4785d900860e21184818dce53f4ff718c31473062eb0c6ebb8082c3e20a75d58def2

Download Submit
C:\Windows\system\PocRlLl.exe

Filesize
6.0MB

MD5
a5a7b0aefa483e344f4824ef2feb4859

SHA1
b99f75f891fa5d9b4995e055e7662a01be1b62cb

SHA256
a8c2b6724e893b73be82652202de34ba1cc8e70e603ed64c916b5d04dc70aa59

SHA512
34f60c92871b912c5e2470ba4715ad1aba472210457bce9c97a42b091be7df3044443b6a255c449bf7e3a6499e2ca8c6b43dff4d6ad7b2431bcddbf9033103ad

Download Submit
C:\Windows\system\QLSpnIM.exe

Filesize
6.0MB

MD5
0a1d4546d2a4729b8af3c4240f7355a2

SHA1
07bcf441e4a0e0c34fa4b7fe0f7fa405b792897e

SHA256
02f4f34ab81376ff3fb1d3e13e65bc374f6b0bbe5828e661f7413cb312d964a6

SHA512
deb7248bcbc66882e04b8ec240a5de5805e933507deaf4c5b4fe9ecbcf882ad0806d562583f2d81b1c291cb4ccf921e2a3917f31d8ef3b24da70f859a2987cbe

Download Submit
C:\Windows\system\QUWrfOU.exe

Filesize
6.0MB

MD5
c31ecd366913f2436ffbd4af17b962f7

SHA1
3ac47044d71a33ed6a3393526bc63c8a3f87aa65

SHA256
5999b8104e29615d32562c5aec55fa7f02a2f0d9f12a77c2c05d79457ba772a9

SHA512
a34c9b92f903507ac72cea3459cd9bb8d34bd694baf644dbee6a9c473422d386cbcf8275824ff97db0b1aa26c7c1fd23783ef3addf9b9304b4165201245d4d95

Download Submit
C:\Windows\system\QbZYfQR.exe

Filesize
6.0MB

MD5
7c35c4f5c358e5b94e4868d2ddd46fce

SHA1
ce11ebe975d02d34566cac7d61cf3988941181b5

SHA256
6e7e4751c81358b1a1681b20dbc1ff436472e69cc33aa6008a8e32641c4a6c1f

SHA512
79fb5d1373f7d24cd0d14c935be876c396f861b98911edd204ad7f14e08ea1c7b3e7503ef69dc9d255b01ad9a3fa37a6782ca43a3925700a86938ddb72b532a5

Download Submit
C:\Windows\system\UTyYDhw.exe

Filesize
6.0MB

MD5
01fc6a8e1937e8f67422e05aa1d5e545

SHA1
5fed3d7d2644d1a68d34ee6e586cda0fdccfa2f5

SHA256
f3e91ad3feb75a6652eeb32f96ebfb1c50ad4d17321ae2af4d917b7f7725377e

SHA512
4554a1f5aabc7f160d12139a2419eadf623e48fb8116173ec47b1aa7103c0d611ff25863f4cb0a3c1ce429094f6f40d6ac85f7053d2b7dead2ef5261cde56c3f

Download Submit
C:\Windows\system\WukeGDV.exe

Filesize
6.0MB

MD5
eb9ef12b480b7713d3dc27b2e0cef194

SHA1
ac3af9b9a3c857735f26cbaed562a3759b42a5e1

SHA256
76b6ca219d6576aab6b65f42c35caa16097a87ec6e0dfb656a83afeb900e4107

SHA512
584d1992cdd4ccbf84f884c3e1df5c62ba6ce732cac023af1318e7ee34bba2f95e4133eb8d81505ee4d42847dcdb1f0ea0de8153162437d9ffe5cdf06888ebda

Download Submit
C:\Windows\system\ZEyIhcu.exe

Filesize
6.0MB

MD5
a16231dfadfe64e2b672eb10a2fe1a82

SHA1
8a743023725a0fc75b47407ce207cf003d2d40fc

SHA256
0624a69b83c59e678d57796ec7d9425286259acdd5bd557cef717e67143847ed

SHA512
1adf190f08d290f9c42d1d1633a51f9745d58ccf87b8e8af80d346c7b4dd05540443f63a52edfb2abf4bdfabe7c844873052c246689b4c66d60fd5d87e8251ba

Download Submit
C:\Windows\system\bHYKPTG.exe

Filesize
6.0MB

MD5
091d0734dd7d0cad4f8ec15f00ba8373

SHA1
a625dbf81c06cded14f1fdb3160be0785789fe41

SHA256
8686802d21783ddb15d9e1a5752b928e021efb2e95d040d0e178150f4b31a2d0

SHA512
eca55e5d454e147bbf4079bac5d03648c77f73e31cdcd9d83582ba1d3932a5b4fa6575b18a2e0d1094b32275e58db4bec4a5e16953bb2398ebaa8e83867c008c

Download Submit
C:\Windows\system\eYxJxRv.exe

Filesize
6.0MB

MD5
eace0d3a1fee7b7135d9617aefb94b10

SHA1
a4607da784f3698348d2a34307a41891e41b1e60

SHA256
9435c9158bb473dd9ea024c30ab5a2dc2149ce4734b74b01401a26cd649b9180

SHA512
74459cd7bdd563390b46e87313cf973362f5d0264c3be6e410f697839411d18ce6cb2af4b8a65bf988cab284085fec422029ec9f2acbec1f868557d16b1f1e2c

Download Submit
C:\Windows\system\hewjtnU.exe

Filesize
6.0MB

MD5
33c4cc394ab3b5637f594f1c0937bc42

SHA1
e0600801366172b0d1c12e13a94dd15c7fb26e29

SHA256
bec3e0466c9e64cc37ff9c66b930b658ef845f7712121ed668da78a589f15f44

SHA512
6392d43297c93992b0b63feb6e2401eac5240b60830c67ee8e58efb2e8c13e67054d949023ccd726ced7ea1aecd41f4f7d9ab6c96c1eb2c7b044cac1ea6ecedc

Download Submit
C:\Windows\system\oZxhjLr.exe

Filesize
6.0MB

MD5
f3ef8e6e9174d301c42827a5d8c3dac3

SHA1
6b5c1d14a95365582cd81de8dc49d7d05d7ec34c

SHA256
c19111927c2a010d98dac6d7f6a8897980b45b105819d86dfe137c6c57b37b08

SHA512
cff3492c170a1af60947ee848bec2adbb66b29b5a8c332bd958ec8e7800d0d47d3da487ab305e3af8793c97addbb5c5a21066e38dcaeede1d6047e9e3273e2e9

Download Submit
C:\Windows\system\tvQIcps.exe

Filesize
6.0MB

MD5
554093ab7bf76ddca689948a73167770

SHA1
13bae05d05ca39dddf70a5412a7bb53380ebf778

SHA256
de441e0b49c5c99273a24c119cc5a2f7de681aeb5b2fe9a67fb347dcadff516c

SHA512
a2699eaf6439808dff3ea67e6fdf92085ef7368c8f9a1a7db12824f023d897d12a69c9b44475d848abf726cd5616457e9cf34195273a518b50c8bb673bd15c8f

Download Submit
C:\Windows\system\uvcAGDe.exe

Filesize
6.0MB

MD5
6b68b828b41159a11a27903b97e0b16b

SHA1
563d3dde135bc31fe0e0a974ee133989f4927abb

SHA256
3ec5931a6dd5714c7decd7a02645c8d437163dfe687e731bed586113eb00bd9f

SHA512
5b200a08aebadc94bd9f931f9129c025d8bd3a13ebf79629fcb05d17930ed1aac874c815bbcbc30c4882767b64d72a61109bd24494ddeba90081358264cb1e57

Download Submit
C:\Windows\system\vVQZRJt.exe

Filesize
6.0MB

MD5
1932c8bf6b94ee31f2895734094f3420

SHA1
9a4a28d5fbd54367f6e896ff0406a6626fbf70e6

SHA256
4284522e15948b38e8ce697cd69ce11a1a3aa48e82005b4921b8ef828909b8f6

SHA512
a9992278031b9df669f39920af081bbd81d1b60b5c45fe90e3c8dea5e94fc043246d57e35404bba64f774a89517ab389491548a5d58c06b9ae955785374dc7d3

Download Submit
\Windows\system\DihhJSP.exe

Filesize
6.0MB

MD5
6b08cd89618b088d045ec1e8d52d7c70

SHA1
568d915361b8ecc68cdffaedd509b1eed1dca03e

SHA256
271992c89814a55e3c2b1e4236c3affccaad2cc555deb4dc1d56b9336e26f1a7

SHA512
575b44419177aa480a2ea863ee28d90a42b9dc6dd9837f31f5b1d39f3f9662b0decd4e9df1d4f8928c8ea49273238cb383577a5b13d87df77dddb6ddc94a560f

Download Submit
\Windows\system\SVmSXdk.exe

Filesize
6.0MB

MD5
2fad8aff01f8500a34298e1a139185c9

SHA1
922b83ec7e579cba0475f1a33141fe79afac7edb

SHA256
cb8e3a06c198283670b469e7515784d61f30b74f8c456d63b187a48270eb9fc4

SHA512
61de98e06ffbbea96756f9de3b93bd587138a4ebdc4d04157367f2547ef9643f593ab49fbfbb5833f6ba57f22dad92ac1f3fcad6a479ee870d2b35b3512adeaf

Download Submit
\Windows\system\TrRuWOZ.exe

Filesize
6.0MB

MD5
9cc71eacb816477412dcae99c5a237ad

SHA1
1b5a01ff5680ecaf87ae3782bef43c3ee73dd731

SHA256
f923a4902bc81ed892923fe0b27e2024eb0af7d65e477d1fd79dfb69195f7c1c

SHA512
6513cdd152bd66720d41a9d967cbbf62bc209ac1dc5107315703d99e662683261deb7cffafd8263789d5ce689f4a6b6fa034a39882d21da2f361b000e8ac5cf8

Download Submit
\Windows\system\XVyHGqe.exe

Filesize
6.0MB

MD5
80d27f3ba6873da89e0b9eef2d27a086

SHA1
558d8c2343dc09c8e18fa32b24643545a3a019c9

SHA256
f14dd8b3f26bbcc2fb34b8684e9e500a5c3a0c5c6f8aea56d73f7643b00188bc

SHA512
130a67cf83c8e8b7998550d29b94a03b7a55a361bfde9db171bf60d83e26df44d896c2f0dccc9aa155231e131c158ca60670e5b6c8d3a05afc3c1cd3d0bed208

Download Submit
\Windows\system\YHjjDYm.exe

Filesize
6.0MB

MD5
10b73e17f8f3632489c30395eff71fe0

SHA1
48cae794e1d04801db603732e3ed1d88cfbc9a8f

SHA256
4506803641743e2b2dc00d5cfc0686dc3991ced4c26ebac3351935e30748f941

SHA512
94cb46ba86509d8faeee254bef75b1dc92b2e7ed106d893a1ba585d25bc3e1e8ef82345cf4d11f7d2d4758d629294cae658de1d088098c3d1df096700b24795b

Download Submit
\Windows\system\aXdibAo.exe

Filesize
6.0MB

MD5
2333375e4e4bb7fd889cee0465f78008

SHA1
679e990366b8df8d34a0715958c73c36e506c200

SHA256
5752dd497c6a0492418db44d4fb2083d9d88e7b50b660cacf041dbbb7b5c64aa

SHA512
0cfc46160a42f6268d2670181722b6e640810912453119dad2a6e3f65cb06f262a05b7459fae422c5729c454bdf3a5374815bbb105e7f245b0b110227ba20564

Download Submit
\Windows\system\dbjWJUj.exe

Filesize
6.0MB

MD5
472d7dd56f6304aa670a10d865f46df7

SHA1
d34a27ed31deceb073d506f041bcdfc61ba6c5fc

SHA256
7d2eb50e8388992d0821fa4aba9f08e27d816b57e089e6f303d63c3f6cb92de6

SHA512
3ace7851536aad2b11f4d9b760161bba27e0acdd96f1d45b6c339bfb76fd88422ef4699ad265dec8a57644f09dfeb4647771d23e6ce62169fd6805ddd5ccc9f1

Download Submit
\Windows\system\eSYOuDJ.exe

Filesize
6.0MB

MD5
9b30685bb2386a726ba71c8fc9c39fef

SHA1
9d73fd46cb896643fa6b1f77742435393ae9d03f

SHA256
1c3facf02aebcedeccfdecde05d1e551e25cd147cce78907568a13736972faa2

SHA512
ad16112b8a2ac64e7946ce464c2338827598359d10a35c769040b84096696540c0a212bc3ecd6f66d1da89902bedbceaf99e02062abaf98545cf1a3c38d45b5e

Download Submit
\Windows\system\irKQStw.exe

Filesize
6.0MB

MD5
34dcd091c3c0c1c05d6b39a23a1b1b56

SHA1
bfcd48fdbb5bc1aef46c57b744b67cad75bdb544

SHA256
c36ca7cbefae7c243be4459e79c91ab00631609602734b1256116829d598461d

SHA512
3e98fab3ba95220a26c539f34fb1b4f8bec34f8728296b0ff1450e528aa3a91544744d3e10505da9fef3261e450a1097040efd68625dd6bbf06566abbf564124

Download Submit
\Windows\system\oErdKiv.exe

Filesize
6.0MB

MD5
737ef44ce23c284b1ffaa1afa3c7186c

SHA1
6cf9432bc90a928ded11963149bc5c6314cfe4cc

SHA256
6adfe538a59c6c8e0851ab558c68c23c849cedd6e52e582125a3abae1dbc2655

SHA512
1b78f3e4bf1eeef2340f43721b8fc9c0d28a53c228233ebf530dcace59739aac3961de023d47eaf1b68bc22f5de3d0941302bcf104a27d6fed9b7dcd53147cc1

Download Submit
\Windows\system\sgMmVGM.exe

Filesize
6.0MB

MD5
69b584c0565bad65b1c014e884ecf156

SHA1
5a999edd33f4a8078de12368a25ab43256d25734

SHA256
a1e7ebfbc8bc562c4c5582c2fd03251dff15e4664769fc79bf9b297f1525d482

SHA512
3cedb2f3d7ba91b6740bbb4357b6dd673341e8501e14b583253be9228d6cf3b7da0cd21df54adfca263c32a0ec5efeb579126ad2356ddd04412dc3155c3aafc8

Download Submit
\Windows\system\vtTryvL.exe

Filesize
6.0MB

MD5
8476bcfdfabd8fb61bab23f4c5737a60

SHA1
957a53a646f6f7b4f746b974c6eecee4cdcde9bd

SHA256
ac6940424b1fdfacbaa799b25e46ac147d5bf8e37d8583ed1947a3eb6510307e

SHA512
aea22a8d54be8382a297ed3c5652c7aec71e3ed200b3c473b12ad0efa0ca932a260d865e99eabbded89c7eb6ca3f790871f8ff37529c7c9c6e66a8a7ded72b75

Download Submit
memory/1764-4083-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1764-784-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1764-85-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1852-100-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1852-955-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1852-4085-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2052-3920-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-22-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-17-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-117-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2516-250-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-83-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-783-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-1218-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-0-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-954-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-556-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-78-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-329-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-10-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-43-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-35-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2516-89-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-68-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2516-59-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2516-113-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-41-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-62-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-434-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-4037-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-71-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-61-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2600-4018-0x000000013F320000-0x000000013F674000-memory.dmp

Filesize
3.3MB

Download
memory/2736-49-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3992-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/2744-63-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2744-4031-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2764-34-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2764-76-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3929-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2772-42-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3939-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3921-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-16-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3919-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/3000-21-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/3012-79-0x000000013F8C0000-0x000000013FC14000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3924-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/3028-67-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download
memory/3028-32-0x000000013FEC0000-0x0000000140214000-memory.dmp

Filesize
3.3MB

Download