cobaltstrike | 938a9a3f4ec4ffcb7f4df755cce21e9a0acc4bb0dde1a98cbc63f2360b21c44c

Analysis

max time kernel
125s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
12-12-2024 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

02816d7997975608373683556cc131a3
SHA1

26c8db74da4e4e2e749ebbb5e95f874d05f021e3
SHA256

938a9a3f4ec4ffcb7f4df755cce21e9a0acc4bb0dde1a98cbc63f2360b21c44c
SHA512

cc687d3ae96139e39432b260bf3f75139c05ad31c1fb7fef18a40ab9072cd86b009af3e3d7c2e8cd8de8073dde755f314c89af15b259a70d63b1651a16d711d3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012280-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0e-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d18-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d41-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d59-26.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d81-36.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015d89-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d2a-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3a-65.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-160.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-150.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-124.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-120.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-110.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-115.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-104.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-95.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015cd1-90.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-80.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d43-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf5-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cd7-50.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c88-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015d79-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral1/memory/3032-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x000b000000012280-3.dat	xmrig
behavioral1/files/0x0008000000015d0e-8.dat	xmrig
behavioral1/files/0x0008000000015d18-12.dat	xmrig
behavioral1/files/0x0007000000015d41-21.dat	xmrig
behavioral1/files/0x0007000000015d59-26.dat	xmrig
behavioral1/files/0x0009000000015d81-36.dat	xmrig
behavioral1/files/0x0009000000015d89-41.dat	xmrig
behavioral1/files/0x0006000000016d2a-60.dat	xmrig
behavioral1/files/0x0006000000016d3a-65.dat	xmrig
behavioral1/files/0x0006000000016d4b-75.dat	xmrig
behavioral1/files/0x0006000000016d6f-99.dat	xmrig
behavioral1/files/0x0006000000016ecf-130.dat	xmrig
behavioral1/files/0x0005000000018686-155.dat	xmrig
behavioral1/memory/3064-2023-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/1500-2026-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/3032-2062-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/3032-2107-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/3032-2109-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2876-2108-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2832-2184-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2984-2187-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2848-2222-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2800-2121-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2312-2106-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2492-2061-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x00050000000186e7-160.dat	xmrig
behavioral1/files/0x000600000001755b-150.dat	xmrig
behavioral1/files/0x000600000001749c-144.dat	xmrig
behavioral1/files/0x0006000000017497-140.dat	xmrig
behavioral1/files/0x0006000000017049-135.dat	xmrig
behavioral1/files/0x0006000000016df3-124.dat	xmrig
behavioral1/files/0x0006000000016dea-120.dat	xmrig
behavioral1/files/0x0006000000016d9f-110.dat	xmrig
behavioral1/files/0x0006000000016de8-115.dat	xmrig
behavioral1/files/0x0006000000016d77-104.dat	xmrig
behavioral1/files/0x0006000000016d6b-95.dat	xmrig
behavioral1/files/0x0009000000015cd1-90.dat	xmrig
behavioral1/files/0x0006000000016d67-86.dat	xmrig
behavioral1/files/0x0006000000016d54-80.dat	xmrig
behavioral1/files/0x0006000000016d43-70.dat	xmrig
behavioral1/files/0x0006000000016cf5-55.dat	xmrig
behavioral1/files/0x0006000000016cd7-50.dat	xmrig
behavioral1/files/0x0009000000016c88-45.dat	xmrig
behavioral1/files/0x0007000000015d79-30.dat	xmrig
behavioral1/memory/3032-2780-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/3032-2874-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/3032-2929-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/3032-2923-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/1500-3562-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2312-3567-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2800-3558-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2492-3587-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2984-3597-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2940-3613-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2876-3618-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2832-3657-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/3064-3663-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2848-3664-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3064	WbZMoEc.exe
1500	WGewSxv.exe
2492	WynOmQx.exe
2312	MlNoHiU.exe
2876	pdysMyU.exe
2800	QBKazVd.exe
2832	wtTuEeq.exe
2984	BbiILAf.exe
2848	ekpGMJG.exe
2940	fYhZEII.exe
2880	TijnjFn.exe
2892	xIGVQaK.exe
2420	CcfiRtX.exe
1996	wsLkyhk.exe
2708	VSgkdcU.exe
2540	QZQJIby.exe
2488	NxfUAPt.exe
2732	vBmfeux.exe
1976	lzJJckQ.exe
1624	RSoBwnZ.exe
2384	rygbbHI.exe
1924	jVlGbOj.exe
1256	SyUVChO.exe
1748	odAnnTr.exe
1588	ipJQHix.exe
1568	wcTKnjo.exe
2908	kYDVqkn.exe
1324	DxuWzMR.exe
2508	EqesiJL.exe
2236	OJcwArf.exe
3008	veIkCxY.exe
2064	egcKFAK.exe
556	GVTImTt.exe
1136	XIGpmum.exe
2780	tcuIGGS.exe
2248	aVpQhHh.exe
1352	CZtQRYK.exe
1872	nBZZZBn.exe
2404	xcMtNZP.exe
1052	shpYvSG.exe
1380	cwCeAUi.exe
2068	XCbAvde.exe
1980	MsZfujF.exe
1808	MzzZxcf.exe
1028	WyuiVNm.exe
2576	GWquIcd.exe
764	hwlyTUl.exe
1944	PgEfQWe.exe
2240	hnpzxtF.exe
2840	zeoPted.exe
2620	DlEtNBL.exe
916	jneNCQK.exe
2188	VRIDYzp.exe
2304	ZBAwgKQ.exe
352	gRrUsXI.exe
1820	uSiPPjT.exe
2640	vbPhfjH.exe
1584	MkowCNP.exe
1620	hcQgdim.exe
2612	VPUSbKt.exe
2092	EoUcGEO.exe
2060	xyGKohO.exe
2828	WVtYHNL.exe
3040	pxgsGJR.exe

Loads dropped DLL 64 IoCs

pid	Process
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 53 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3032-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x000b000000012280-3.dat	upx
behavioral1/files/0x0008000000015d0e-8.dat	upx
behavioral1/files/0x0008000000015d18-12.dat	upx
behavioral1/files/0x0007000000015d41-21.dat	upx
behavioral1/files/0x0007000000015d59-26.dat	upx
behavioral1/files/0x0009000000015d81-36.dat	upx
behavioral1/files/0x0009000000015d89-41.dat	upx
behavioral1/files/0x0006000000016d2a-60.dat	upx
behavioral1/files/0x0006000000016d3a-65.dat	upx
behavioral1/files/0x0006000000016d4b-75.dat	upx
behavioral1/files/0x0006000000016d6f-99.dat	upx
behavioral1/files/0x0006000000016ecf-130.dat	upx
behavioral1/files/0x0005000000018686-155.dat	upx
behavioral1/memory/3064-2023-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/1500-2026-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2876-2108-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2832-2184-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2984-2187-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2848-2222-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2800-2121-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2312-2106-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2492-2061-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x00050000000186e7-160.dat	upx
behavioral1/files/0x000600000001755b-150.dat	upx
behavioral1/files/0x000600000001749c-144.dat	upx
behavioral1/files/0x0006000000017497-140.dat	upx
behavioral1/files/0x0006000000017049-135.dat	upx
behavioral1/files/0x0006000000016df3-124.dat	upx
behavioral1/files/0x0006000000016dea-120.dat	upx
behavioral1/files/0x0006000000016d9f-110.dat	upx
behavioral1/files/0x0006000000016de8-115.dat	upx
behavioral1/files/0x0006000000016d77-104.dat	upx
behavioral1/files/0x0006000000016d6b-95.dat	upx
behavioral1/files/0x0009000000015cd1-90.dat	upx
behavioral1/files/0x0006000000016d67-86.dat	upx
behavioral1/files/0x0006000000016d54-80.dat	upx
behavioral1/files/0x0006000000016d43-70.dat	upx
behavioral1/files/0x0006000000016cf5-55.dat	upx
behavioral1/files/0x0006000000016cd7-50.dat	upx
behavioral1/files/0x0009000000016c88-45.dat	upx
behavioral1/files/0x0007000000015d79-30.dat	upx
behavioral1/memory/3032-2780-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/1500-3562-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2312-3567-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2800-3558-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2492-3587-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2984-3597-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2940-3613-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2876-3618-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2832-3657-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/3064-3663-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2848-3664-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MwIDxVw.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbFfRxf.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYHHvyl.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oeeuBVd.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFpXfND.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lopSLfe.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PepDiwF.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hYrZRvS.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vYwChzY.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFUlGzU.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlvcvUV.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEKbfgT.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jBEWpTd.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFMeXBv.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjbmoIy.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQAVZnH.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hhrifkp.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnGxLsu.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTnNBVH.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixIIaNZ.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jelzeLg.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rkuTcJu.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPVJdvE.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NFBjrfh.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmOzvpf.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKCFrAp.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JfaoPjV.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPcvmnS.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYaelkm.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VyDYSTF.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIqyQJy.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RWHZwpL.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgGpOAf.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aLOYSSV.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twvQKdc.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRrUsXI.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jxlaNNZ.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBroiwe.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zZubILY.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GTNQcnd.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYUVvpp.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtGZlKa.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJTJwsB.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGYWrll.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGEjuHG.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BagoIyt.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NANjwJi.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTBzFtx.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djrRljL.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsNOumc.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjqFTwv.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\olHQjHU.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMKNsND.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgzPfGV.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgEfQWe.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTIONSv.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyJvcNl.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjSQzul.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlaVmLs.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qIsZtOS.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZrqFGr.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idtSMJA.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OGFIPTh.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOZVvXJ.exe	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 3064	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3032 wrote to memory of 3064	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3032 wrote to memory of 3064	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3032 wrote to memory of 1500	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3032 wrote to memory of 1500	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3032 wrote to memory of 1500	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3032 wrote to memory of 2492	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3032 wrote to memory of 2492	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3032 wrote to memory of 2492	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3032 wrote to memory of 2312	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3032 wrote to memory of 2312	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3032 wrote to memory of 2312	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3032 wrote to memory of 2876	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3032 wrote to memory of 2876	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3032 wrote to memory of 2876	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3032 wrote to memory of 2800	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3032 wrote to memory of 2800	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3032 wrote to memory of 2800	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3032 wrote to memory of 2832	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3032 wrote to memory of 2832	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3032 wrote to memory of 2832	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3032 wrote to memory of 2984	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3032 wrote to memory of 2984	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3032 wrote to memory of 2984	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3032 wrote to memory of 2848	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3032 wrote to memory of 2848	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3032 wrote to memory of 2848	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3032 wrote to memory of 2940	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3032 wrote to memory of 2940	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3032 wrote to memory of 2940	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3032 wrote to memory of 2880	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3032 wrote to memory of 2880	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3032 wrote to memory of 2880	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3032 wrote to memory of 2892	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3032 wrote to memory of 2892	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3032 wrote to memory of 2892	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3032 wrote to memory of 2420	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3032 wrote to memory of 2420	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3032 wrote to memory of 2420	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3032 wrote to memory of 1996	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3032 wrote to memory of 1996	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3032 wrote to memory of 1996	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3032 wrote to memory of 2708	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3032 wrote to memory of 2708	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3032 wrote to memory of 2708	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3032 wrote to memory of 2540	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3032 wrote to memory of 2540	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3032 wrote to memory of 2540	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3032 wrote to memory of 2488	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3032 wrote to memory of 2488	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3032 wrote to memory of 2488	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3032 wrote to memory of 2732	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3032 wrote to memory of 2732	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3032 wrote to memory of 2732	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3032 wrote to memory of 1976	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3032 wrote to memory of 1976	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3032 wrote to memory of 1976	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3032 wrote to memory of 1624	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3032 wrote to memory of 1624	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3032 wrote to memory of 1624	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3032 wrote to memory of 2384	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3032 wrote to memory of 2384	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3032 wrote to memory of 2384	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3032 wrote to memory of 1924	3032	2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-12_02816d7997975608373683556cc131a3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\System\WbZMoEc.exe
  C:\Windows\System\WbZMoEc.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\WGewSxv.exe
  C:\Windows\System\WGewSxv.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\WynOmQx.exe
  C:\Windows\System\WynOmQx.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\MlNoHiU.exe
  C:\Windows\System\MlNoHiU.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\pdysMyU.exe
  C:\Windows\System\pdysMyU.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\QBKazVd.exe
  C:\Windows\System\QBKazVd.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\wtTuEeq.exe
  C:\Windows\System\wtTuEeq.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\BbiILAf.exe
  C:\Windows\System\BbiILAf.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\ekpGMJG.exe
  C:\Windows\System\ekpGMJG.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\fYhZEII.exe
  C:\Windows\System\fYhZEII.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\TijnjFn.exe
  C:\Windows\System\TijnjFn.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\xIGVQaK.exe
  C:\Windows\System\xIGVQaK.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\CcfiRtX.exe
  C:\Windows\System\CcfiRtX.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\wsLkyhk.exe
  C:\Windows\System\wsLkyhk.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\VSgkdcU.exe
  C:\Windows\System\VSgkdcU.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\QZQJIby.exe
  C:\Windows\System\QZQJIby.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\NxfUAPt.exe
  C:\Windows\System\NxfUAPt.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\vBmfeux.exe
  C:\Windows\System\vBmfeux.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\lzJJckQ.exe
  C:\Windows\System\lzJJckQ.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\RSoBwnZ.exe
  C:\Windows\System\RSoBwnZ.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\rygbbHI.exe
  C:\Windows\System\rygbbHI.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\jVlGbOj.exe
  C:\Windows\System\jVlGbOj.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\SyUVChO.exe
  C:\Windows\System\SyUVChO.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\odAnnTr.exe
  C:\Windows\System\odAnnTr.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\ipJQHix.exe
  C:\Windows\System\ipJQHix.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\wcTKnjo.exe
  C:\Windows\System\wcTKnjo.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\kYDVqkn.exe
  C:\Windows\System\kYDVqkn.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\DxuWzMR.exe
  C:\Windows\System\DxuWzMR.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\EqesiJL.exe
  C:\Windows\System\EqesiJL.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\OJcwArf.exe
  C:\Windows\System\OJcwArf.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\veIkCxY.exe
  C:\Windows\System\veIkCxY.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\egcKFAK.exe
  C:\Windows\System\egcKFAK.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\GVTImTt.exe
  C:\Windows\System\GVTImTt.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\XIGpmum.exe
  C:\Windows\System\XIGpmum.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\tcuIGGS.exe
  C:\Windows\System\tcuIGGS.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\aVpQhHh.exe
  C:\Windows\System\aVpQhHh.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\CZtQRYK.exe
  C:\Windows\System\CZtQRYK.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\nBZZZBn.exe
  C:\Windows\System\nBZZZBn.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\xcMtNZP.exe
  C:\Windows\System\xcMtNZP.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\shpYvSG.exe
  C:\Windows\System\shpYvSG.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\cwCeAUi.exe
  C:\Windows\System\cwCeAUi.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\XCbAvde.exe
  C:\Windows\System\XCbAvde.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\MsZfujF.exe
  C:\Windows\System\MsZfujF.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\MzzZxcf.exe
  C:\Windows\System\MzzZxcf.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\WyuiVNm.exe
  C:\Windows\System\WyuiVNm.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\GWquIcd.exe
  C:\Windows\System\GWquIcd.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\hwlyTUl.exe
  C:\Windows\System\hwlyTUl.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\PgEfQWe.exe
  C:\Windows\System\PgEfQWe.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\hnpzxtF.exe
  C:\Windows\System\hnpzxtF.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\zeoPted.exe
  C:\Windows\System\zeoPted.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\DlEtNBL.exe
  C:\Windows\System\DlEtNBL.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\jneNCQK.exe
  C:\Windows\System\jneNCQK.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\VRIDYzp.exe
  C:\Windows\System\VRIDYzp.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ZBAwgKQ.exe
  C:\Windows\System\ZBAwgKQ.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\gRrUsXI.exe
  C:\Windows\System\gRrUsXI.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\uSiPPjT.exe
  C:\Windows\System\uSiPPjT.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\vbPhfjH.exe
  C:\Windows\System\vbPhfjH.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\MkowCNP.exe
  C:\Windows\System\MkowCNP.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\hcQgdim.exe
  C:\Windows\System\hcQgdim.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\VPUSbKt.exe
  C:\Windows\System\VPUSbKt.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\EoUcGEO.exe
  C:\Windows\System\EoUcGEO.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\xyGKohO.exe
  C:\Windows\System\xyGKohO.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\WVtYHNL.exe
  C:\Windows\System\WVtYHNL.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\pxgsGJR.exe
  C:\Windows\System\pxgsGJR.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\KYHbyFV.exe
  C:\Windows\System\KYHbyFV.exe
  2⤵
  PID:2180
- C:\Windows\System\bSAKpNX.exe
  C:\Windows\System\bSAKpNX.exe
  2⤵
  PID:2808
- C:\Windows\System\WRIIWxF.exe
  C:\Windows\System\WRIIWxF.exe
  2⤵
  PID:2528
- C:\Windows\System\HucsPYN.exe
  C:\Windows\System\HucsPYN.exe
  2⤵
  PID:2148
- C:\Windows\System\agKhwSp.exe
  C:\Windows\System\agKhwSp.exe
  2⤵
  PID:2768
- C:\Windows\System\xiimeYw.exe
  C:\Windows\System\xiimeYw.exe
  2⤵
  PID:932
- C:\Windows\System\jnhCkOZ.exe
  C:\Windows\System\jnhCkOZ.exe
  2⤵
  PID:2140
- C:\Windows\System\xYtTJoR.exe
  C:\Windows\System\xYtTJoR.exe
  2⤵
  PID:1260
- C:\Windows\System\hJJKhLw.exe
  C:\Windows\System\hJJKhLw.exe
  2⤵
  PID:1792
- C:\Windows\System\PMUlOgv.exe
  C:\Windows\System\PMUlOgv.exe
  2⤵
  PID:848
- C:\Windows\System\sFpXfND.exe
  C:\Windows\System\sFpXfND.exe
  2⤵
  PID:1280
- C:\Windows\System\VNRaXjx.exe
  C:\Windows\System\VNRaXjx.exe
  2⤵
  PID:2916
- C:\Windows\System\mwTIwXI.exe
  C:\Windows\System\mwTIwXI.exe
  2⤵
  PID:2128
- C:\Windows\System\jhQkPoG.exe
  C:\Windows\System\jhQkPoG.exe
  2⤵
  PID:2256
- C:\Windows\System\ZCVleSl.exe
  C:\Windows\System\ZCVleSl.exe
  2⤵
  PID:2464
- C:\Windows\System\GQTTdjW.exe
  C:\Windows\System\GQTTdjW.exe
  2⤵
  PID:2272
- C:\Windows\System\ULfzudV.exe
  C:\Windows\System\ULfzudV.exe
  2⤵
  PID:1756
- C:\Windows\System\stjHaJh.exe
  C:\Windows\System\stjHaJh.exe
  2⤵
  PID:548
- C:\Windows\System\DojIzFK.exe
  C:\Windows\System\DojIzFK.exe
  2⤵
  PID:2000
- C:\Windows\System\FHbDpWb.exe
  C:\Windows\System\FHbDpWb.exe
  2⤵
  PID:1652
- C:\Windows\System\uAThydB.exe
  C:\Windows\System\uAThydB.exe
  2⤵
  PID:2004
- C:\Windows\System\AbHqKmp.exe
  C:\Windows\System\AbHqKmp.exe
  2⤵
  PID:1552
- C:\Windows\System\OaYzfat.exe
  C:\Windows\System\OaYzfat.exe
  2⤵
  PID:2652
- C:\Windows\System\jWisOmh.exe
  C:\Windows\System\jWisOmh.exe
  2⤵
  PID:2112
- C:\Windows\System\pRdxlJP.exe
  C:\Windows\System\pRdxlJP.exe
  2⤵
  PID:2444
- C:\Windows\System\JhFSvLA.exe
  C:\Windows\System\JhFSvLA.exe
  2⤵
  PID:1268
- C:\Windows\System\KYRxgnM.exe
  C:\Windows\System\KYRxgnM.exe
  2⤵
  PID:892
- C:\Windows\System\rRETjCQ.exe
  C:\Windows\System\rRETjCQ.exe
  2⤵
  PID:880
- C:\Windows\System\cHWcOan.exe
  C:\Windows\System\cHWcOan.exe
  2⤵
  PID:2108
- C:\Windows\System\BkoaJiV.exe
  C:\Windows\System\BkoaJiV.exe
  2⤵
  PID:2636
- C:\Windows\System\blEkvkI.exe
  C:\Windows\System\blEkvkI.exe
  2⤵
  PID:2056
- C:\Windows\System\mdFGdTF.exe
  C:\Windows\System\mdFGdTF.exe
  2⤵
  PID:2500
- C:\Windows\System\jfURiPL.exe
  C:\Windows\System\jfURiPL.exe
  2⤵
  PID:320
- C:\Windows\System\inwiAqM.exe
  C:\Windows\System\inwiAqM.exe
  2⤵
  PID:2796
- C:\Windows\System\niHtZmb.exe
  C:\Windows\System\niHtZmb.exe
  2⤵
  PID:2220
- C:\Windows\System\vfnuTzP.exe
  C:\Windows\System\vfnuTzP.exe
  2⤵
  PID:2704
- C:\Windows\System\vMHiKuP.exe
  C:\Windows\System\vMHiKuP.exe
  2⤵
  PID:2352
- C:\Windows\System\tnUOZrv.exe
  C:\Windows\System\tnUOZrv.exe
  2⤵
  PID:1744
- C:\Windows\System\HliuFJg.exe
  C:\Windows\System\HliuFJg.exe
  2⤵
  PID:2020
- C:\Windows\System\KBFBVqh.exe
  C:\Windows\System\KBFBVqh.exe
  2⤵
  PID:1532
- C:\Windows\System\BELLdmK.exe
  C:\Windows\System\BELLdmK.exe
  2⤵
  PID:2900
- C:\Windows\System\XGjGCyw.exe
  C:\Windows\System\XGjGCyw.exe
  2⤵
  PID:3028
- C:\Windows\System\lwSkLMk.exe
  C:\Windows\System\lwSkLMk.exe
  2⤵
  PID:408
- C:\Windows\System\mLLaUFo.exe
  C:\Windows\System\mLLaUFo.exe
  2⤵
  PID:1936
- C:\Windows\System\oCXUzLY.exe
  C:\Windows\System\oCXUzLY.exe
  2⤵
  PID:1676
- C:\Windows\System\jBEWpTd.exe
  C:\Windows\System\jBEWpTd.exe
  2⤵
  PID:2136
- C:\Windows\System\yuCVWAu.exe
  C:\Windows\System\yuCVWAu.exe
  2⤵
  PID:884
- C:\Windows\System\VPOvOwh.exe
  C:\Windows\System\VPOvOwh.exe
  2⤵
  PID:588
- C:\Windows\System\RiZspFy.exe
  C:\Windows\System\RiZspFy.exe
  2⤵
  PID:2208
- C:\Windows\System\WtuLMIW.exe
  C:\Windows\System\WtuLMIW.exe
  2⤵
  PID:1496
- C:\Windows\System\kFyjCyC.exe
  C:\Windows\System\kFyjCyC.exe
  2⤵
  PID:2196
- C:\Windows\System\deZtJGJ.exe
  C:\Windows\System\deZtJGJ.exe
  2⤵
  PID:3088
- C:\Windows\System\wDIGEbM.exe
  C:\Windows\System\wDIGEbM.exe
  2⤵
  PID:3108
- C:\Windows\System\WteloQO.exe
  C:\Windows\System\WteloQO.exe
  2⤵
  PID:3128
- C:\Windows\System\jxlaNNZ.exe
  C:\Windows\System\jxlaNNZ.exe
  2⤵
  PID:3148
- C:\Windows\System\HhVHsKl.exe
  C:\Windows\System\HhVHsKl.exe
  2⤵
  PID:3168
- C:\Windows\System\FCQjcqL.exe
  C:\Windows\System\FCQjcqL.exe
  2⤵
  PID:3192
- C:\Windows\System\gNcdvxL.exe
  C:\Windows\System\gNcdvxL.exe
  2⤵
  PID:3212
- C:\Windows\System\KMipHjm.exe
  C:\Windows\System\KMipHjm.exe
  2⤵
  PID:3232
- C:\Windows\System\QuDQjtG.exe
  C:\Windows\System\QuDQjtG.exe
  2⤵
  PID:3252
- C:\Windows\System\ZnQgMkg.exe
  C:\Windows\System\ZnQgMkg.exe
  2⤵
  PID:3272
- C:\Windows\System\CJsUNyC.exe
  C:\Windows\System\CJsUNyC.exe
  2⤵
  PID:3292
- C:\Windows\System\utxrqGj.exe
  C:\Windows\System\utxrqGj.exe
  2⤵
  PID:3312
- C:\Windows\System\pvAprFu.exe
  C:\Windows\System\pvAprFu.exe
  2⤵
  PID:3332
- C:\Windows\System\XbTJgwH.exe
  C:\Windows\System\XbTJgwH.exe
  2⤵
  PID:3352
- C:\Windows\System\MDquvJz.exe
  C:\Windows\System\MDquvJz.exe
  2⤵
  PID:3372
- C:\Windows\System\SlBYbVk.exe
  C:\Windows\System\SlBYbVk.exe
  2⤵
  PID:3392
- C:\Windows\System\AONPuuH.exe
  C:\Windows\System\AONPuuH.exe
  2⤵
  PID:3412
- C:\Windows\System\WTOUWqG.exe
  C:\Windows\System\WTOUWqG.exe
  2⤵
  PID:3432
- C:\Windows\System\wyVCgNz.exe
  C:\Windows\System\wyVCgNz.exe
  2⤵
  PID:3452
- C:\Windows\System\QkEbwHg.exe
  C:\Windows\System\QkEbwHg.exe
  2⤵
  PID:3472
- C:\Windows\System\UKFjJza.exe
  C:\Windows\System\UKFjJza.exe
  2⤵
  PID:3492
- C:\Windows\System\xNkbhyi.exe
  C:\Windows\System\xNkbhyi.exe
  2⤵
  PID:3512
- C:\Windows\System\LkelLip.exe
  C:\Windows\System\LkelLip.exe
  2⤵
  PID:3532
- C:\Windows\System\UthedTa.exe
  C:\Windows\System\UthedTa.exe
  2⤵
  PID:3552
- C:\Windows\System\aBKDHhQ.exe
  C:\Windows\System\aBKDHhQ.exe
  2⤵
  PID:3572
- C:\Windows\System\FiBJiIf.exe
  C:\Windows\System\FiBJiIf.exe
  2⤵
  PID:3592
- C:\Windows\System\TUjpzbA.exe
  C:\Windows\System\TUjpzbA.exe
  2⤵
  PID:3612
- C:\Windows\System\rOVxiMr.exe
  C:\Windows\System\rOVxiMr.exe
  2⤵
  PID:3632
- C:\Windows\System\fvDMsPE.exe
  C:\Windows\System\fvDMsPE.exe
  2⤵
  PID:3652
- C:\Windows\System\awCGwcK.exe
  C:\Windows\System\awCGwcK.exe
  2⤵
  PID:3672
- C:\Windows\System\ZuduELk.exe
  C:\Windows\System\ZuduELk.exe
  2⤵
  PID:3692
- C:\Windows\System\NXyxbKW.exe
  C:\Windows\System\NXyxbKW.exe
  2⤵
  PID:3712
- C:\Windows\System\YPJMiDe.exe
  C:\Windows\System\YPJMiDe.exe
  2⤵
  PID:3732
- C:\Windows\System\CKhmHbD.exe
  C:\Windows\System\CKhmHbD.exe
  2⤵
  PID:3752
- C:\Windows\System\GxVKQzT.exe
  C:\Windows\System\GxVKQzT.exe
  2⤵
  PID:3772
- C:\Windows\System\LusBYxw.exe
  C:\Windows\System\LusBYxw.exe
  2⤵
  PID:3792
- C:\Windows\System\yQpjOjp.exe
  C:\Windows\System\yQpjOjp.exe
  2⤵
  PID:3812
- C:\Windows\System\CETfeNt.exe
  C:\Windows\System\CETfeNt.exe
  2⤵
  PID:3832
- C:\Windows\System\loEVBdn.exe
  C:\Windows\System\loEVBdn.exe
  2⤵
  PID:3852
- C:\Windows\System\jRJbfRf.exe
  C:\Windows\System\jRJbfRf.exe
  2⤵
  PID:3872
- C:\Windows\System\hkxBDFM.exe
  C:\Windows\System\hkxBDFM.exe
  2⤵
  PID:3892
- C:\Windows\System\UNurseG.exe
  C:\Windows\System\UNurseG.exe
  2⤵
  PID:3912
- C:\Windows\System\ReUjaTM.exe
  C:\Windows\System\ReUjaTM.exe
  2⤵
  PID:3932
- C:\Windows\System\QWHtfDh.exe
  C:\Windows\System\QWHtfDh.exe
  2⤵
  PID:3952
- C:\Windows\System\jUTlbcO.exe
  C:\Windows\System\jUTlbcO.exe
  2⤵
  PID:3972
- C:\Windows\System\GsIhygJ.exe
  C:\Windows\System\GsIhygJ.exe
  2⤵
  PID:3992
- C:\Windows\System\JivFRVk.exe
  C:\Windows\System\JivFRVk.exe
  2⤵
  PID:4012
- C:\Windows\System\lgtllaX.exe
  C:\Windows\System\lgtllaX.exe
  2⤵
  PID:4032
- C:\Windows\System\thILXpl.exe
  C:\Windows\System\thILXpl.exe
  2⤵
  PID:4052
- C:\Windows\System\PMOSELy.exe
  C:\Windows\System\PMOSELy.exe
  2⤵
  PID:4072
- C:\Windows\System\JNGABSW.exe
  C:\Windows\System\JNGABSW.exe
  2⤵
  PID:2228
- C:\Windows\System\vGbXsfV.exe
  C:\Windows\System\vGbXsfV.exe
  2⤵
  PID:2120
- C:\Windows\System\XNhxzkr.exe
  C:\Windows\System\XNhxzkr.exe
  2⤵
  PID:2204
- C:\Windows\System\oETPxuK.exe
  C:\Windows\System\oETPxuK.exe
  2⤵
  PID:2308
- C:\Windows\System\zPVmHOm.exe
  C:\Windows\System\zPVmHOm.exe
  2⤵
  PID:2700
- C:\Windows\System\xQsMKEW.exe
  C:\Windows\System\xQsMKEW.exe
  2⤵
  PID:1724
- C:\Windows\System\mnhCjwa.exe
  C:\Windows\System\mnhCjwa.exe
  2⤵
  PID:1740
- C:\Windows\System\VGhbrUx.exe
  C:\Windows\System\VGhbrUx.exe
  2⤵
  PID:1708
- C:\Windows\System\uAdnIoL.exe
  C:\Windows\System\uAdnIoL.exe
  2⤵
  PID:2176
- C:\Windows\System\QrFXMis.exe
  C:\Windows\System\QrFXMis.exe
  2⤵
  PID:1284
- C:\Windows\System\SbzhBxL.exe
  C:\Windows\System\SbzhBxL.exe
  2⤵
  PID:1560
- C:\Windows\System\XdDJQnP.exe
  C:\Windows\System\XdDJQnP.exe
  2⤵
  PID:1608
- C:\Windows\System\RtkEJyO.exe
  C:\Windows\System\RtkEJyO.exe
  2⤵
  PID:568
- C:\Windows\System\jKpLNen.exe
  C:\Windows\System\jKpLNen.exe
  2⤵
  PID:3076
- C:\Windows\System\kvGAsqg.exe
  C:\Windows\System\kvGAsqg.exe
  2⤵
  PID:3116
- C:\Windows\System\jiBQKte.exe
  C:\Windows\System\jiBQKte.exe
  2⤵
  PID:3144
- C:\Windows\System\pIXXYAp.exe
  C:\Windows\System\pIXXYAp.exe
  2⤵
  PID:3200
- C:\Windows\System\bduMOYz.exe
  C:\Windows\System\bduMOYz.exe
  2⤵
  PID:3204
- C:\Windows\System\AqAhcrb.exe
  C:\Windows\System\AqAhcrb.exe
  2⤵
  PID:3224
- C:\Windows\System\IxvtiXE.exe
  C:\Windows\System\IxvtiXE.exe
  2⤵
  PID:3288
- C:\Windows\System\lAStFNk.exe
  C:\Windows\System\lAStFNk.exe
  2⤵
  PID:3320
- C:\Windows\System\jOXIzjE.exe
  C:\Windows\System\jOXIzjE.exe
  2⤵
  PID:3348
- C:\Windows\System\IAxGHVc.exe
  C:\Windows\System\IAxGHVc.exe
  2⤵
  PID:3380
- C:\Windows\System\fchmdkg.exe
  C:\Windows\System\fchmdkg.exe
  2⤵
  PID:3404
- C:\Windows\System\xWMhNDQ.exe
  C:\Windows\System\xWMhNDQ.exe
  2⤵
  PID:3448
- C:\Windows\System\cYnWIPg.exe
  C:\Windows\System\cYnWIPg.exe
  2⤵
  PID:3480
- C:\Windows\System\uaAxSEb.exe
  C:\Windows\System\uaAxSEb.exe
  2⤵
  PID:3528
- C:\Windows\System\zBroiwe.exe
  C:\Windows\System\zBroiwe.exe
  2⤵
  PID:3560
- C:\Windows\System\MZmJGns.exe
  C:\Windows\System\MZmJGns.exe
  2⤵
  PID:3580
- C:\Windows\System\GnDHbwB.exe
  C:\Windows\System\GnDHbwB.exe
  2⤵
  PID:3604
- C:\Windows\System\TFtDQOl.exe
  C:\Windows\System\TFtDQOl.exe
  2⤵
  PID:3624
- C:\Windows\System\KHThFxU.exe
  C:\Windows\System\KHThFxU.exe
  2⤵
  PID:3668
- C:\Windows\System\ksyiWXr.exe
  C:\Windows\System\ksyiWXr.exe
  2⤵
  PID:3720
- C:\Windows\System\TkDsvxY.exe
  C:\Windows\System\TkDsvxY.exe
  2⤵
  PID:3760
- C:\Windows\System\PlVGflc.exe
  C:\Windows\System\PlVGflc.exe
  2⤵
  PID:3780
- C:\Windows\System\vMRcRyF.exe
  C:\Windows\System\vMRcRyF.exe
  2⤵
  PID:3804
- C:\Windows\System\ubuOxAG.exe
  C:\Windows\System\ubuOxAG.exe
  2⤵
  PID:3848
- C:\Windows\System\EmkTRls.exe
  C:\Windows\System\EmkTRls.exe
  2⤵
  PID:3868
- C:\Windows\System\kQtkhwh.exe
  C:\Windows\System\kQtkhwh.exe
  2⤵
  PID:3900
- C:\Windows\System\AVnHEJR.exe
  C:\Windows\System\AVnHEJR.exe
  2⤵
  PID:3960
- C:\Windows\System\gqGZWEQ.exe
  C:\Windows\System\gqGZWEQ.exe
  2⤵
  PID:3980
- C:\Windows\System\iYMqXJZ.exe
  C:\Windows\System\iYMqXJZ.exe
  2⤵
  PID:4004
- C:\Windows\System\kzXXcCp.exe
  C:\Windows\System\kzXXcCp.exe
  2⤵
  PID:4024
- C:\Windows\System\Udktpso.exe
  C:\Windows\System\Udktpso.exe
  2⤵
  PID:4068
- C:\Windows\System\WYjOfJZ.exe
  C:\Windows\System\WYjOfJZ.exe
  2⤵
  PID:2772
- C:\Windows\System\njNocqF.exe
  C:\Windows\System\njNocqF.exe
  2⤵
  PID:2972
- C:\Windows\System\cyWeeFi.exe
  C:\Windows\System\cyWeeFi.exe
  2⤵
  PID:1992
- C:\Windows\System\hqhEKnJ.exe
  C:\Windows\System\hqhEKnJ.exe
  2⤵
  PID:1520
- C:\Windows\System\NZwCqRT.exe
  C:\Windows\System\NZwCqRT.exe
  2⤵
  PID:2288
- C:\Windows\System\zRWjcwQ.exe
  C:\Windows\System\zRWjcwQ.exe
  2⤵
  PID:768
- C:\Windows\System\BcJMpgH.exe
  C:\Windows\System\BcJMpgH.exe
  2⤵
  PID:2132
- C:\Windows\System\UOARnSc.exe
  C:\Windows\System\UOARnSc.exe
  2⤵
  PID:3080
- C:\Windows\System\KzUxMeE.exe
  C:\Windows\System\KzUxMeE.exe
  2⤵
  PID:3160
- C:\Windows\System\gPJwoDx.exe
  C:\Windows\System\gPJwoDx.exe
  2⤵
  PID:3208
- C:\Windows\System\sOcjXZw.exe
  C:\Windows\System\sOcjXZw.exe
  2⤵
  PID:3240
- C:\Windows\System\LsXZjlP.exe
  C:\Windows\System\LsXZjlP.exe
  2⤵
  PID:3308
- C:\Windows\System\bLiRPJE.exe
  C:\Windows\System\bLiRPJE.exe
  2⤵
  PID:3340
- C:\Windows\System\mWsmjPq.exe
  C:\Windows\System\mWsmjPq.exe
  2⤵
  PID:3384
- C:\Windows\System\SjhGHxO.exe
  C:\Windows\System\SjhGHxO.exe
  2⤵
  PID:3484
- C:\Windows\System\uMTGBvw.exe
  C:\Windows\System\uMTGBvw.exe
  2⤵
  PID:3544
- C:\Windows\System\zvCySHn.exe
  C:\Windows\System\zvCySHn.exe
  2⤵
  PID:3568
- C:\Windows\System\WdXmTYK.exe
  C:\Windows\System\WdXmTYK.exe
  2⤵
  PID:3600
- C:\Windows\System\wSTdwjQ.exe
  C:\Windows\System\wSTdwjQ.exe
  2⤵
  PID:3664
- C:\Windows\System\LduoNXU.exe
  C:\Windows\System\LduoNXU.exe
  2⤵
  PID:3704
- C:\Windows\System\KZrqFGr.exe
  C:\Windows\System\KZrqFGr.exe
  2⤵
  PID:3808
- C:\Windows\System\plTEoub.exe
  C:\Windows\System\plTEoub.exe
  2⤵
  PID:3860
- C:\Windows\System\TDJOIen.exe
  C:\Windows\System\TDJOIen.exe
  2⤵
  PID:3920
- C:\Windows\System\xeicxek.exe
  C:\Windows\System\xeicxek.exe
  2⤵
  PID:3924
- C:\Windows\System\NCmQSxF.exe
  C:\Windows\System\NCmQSxF.exe
  2⤵
  PID:4028
- C:\Windows\System\NReqaLv.exe
  C:\Windows\System\NReqaLv.exe
  2⤵
  PID:4088
- C:\Windows\System\oOOzSDZ.exe
  C:\Windows\System\oOOzSDZ.exe
  2⤵
  PID:2960
- C:\Windows\System\SzTZhLI.exe
  C:\Windows\System\SzTZhLI.exe
  2⤵
  PID:1672
- C:\Windows\System\iKdMoFI.exe
  C:\Windows\System\iKdMoFI.exe
  2⤵
  PID:1696
- C:\Windows\System\AQPeCdn.exe
  C:\Windows\System\AQPeCdn.exe
  2⤵
  PID:1780
- C:\Windows\System\zQiJGGH.exe
  C:\Windows\System\zQiJGGH.exe
  2⤵
  PID:1516
- C:\Windows\System\ijlqzeh.exe
  C:\Windows\System\ijlqzeh.exe
  2⤵
  PID:3136
- C:\Windows\System\HWaUTLV.exe
  C:\Windows\System\HWaUTLV.exe
  2⤵
  PID:3328
- C:\Windows\System\PIZlxGw.exe
  C:\Windows\System\PIZlxGw.exe
  2⤵
  PID:3368
- C:\Windows\System\pIWkWqk.exe
  C:\Windows\System\pIWkWqk.exe
  2⤵
  PID:3428
- C:\Windows\System\mjjfObL.exe
  C:\Windows\System\mjjfObL.exe
  2⤵
  PID:3564
- C:\Windows\System\KyipAUg.exe
  C:\Windows\System\KyipAUg.exe
  2⤵
  PID:4116
- C:\Windows\System\FrFWKAN.exe
  C:\Windows\System\FrFWKAN.exe
  2⤵
  PID:4136
- C:\Windows\System\lknVVAD.exe
  C:\Windows\System\lknVVAD.exe
  2⤵
  PID:4156
- C:\Windows\System\BexHfUq.exe
  C:\Windows\System\BexHfUq.exe
  2⤵
  PID:4176
- C:\Windows\System\wcHSNYt.exe
  C:\Windows\System\wcHSNYt.exe
  2⤵
  PID:4196
- C:\Windows\System\gkWWpaC.exe
  C:\Windows\System\gkWWpaC.exe
  2⤵
  PID:4216
- C:\Windows\System\GSdQDqf.exe
  C:\Windows\System\GSdQDqf.exe
  2⤵
  PID:4236
- C:\Windows\System\IRiWvKL.exe
  C:\Windows\System\IRiWvKL.exe
  2⤵
  PID:4256
- C:\Windows\System\iHsjuWB.exe
  C:\Windows\System\iHsjuWB.exe
  2⤵
  PID:4276
- C:\Windows\System\fyPdeia.exe
  C:\Windows\System\fyPdeia.exe
  2⤵
  PID:4296
- C:\Windows\System\xjAPGKG.exe
  C:\Windows\System\xjAPGKG.exe
  2⤵
  PID:4316
- C:\Windows\System\YHcMLZB.exe
  C:\Windows\System\YHcMLZB.exe
  2⤵
  PID:4336
- C:\Windows\System\sMtJaBp.exe
  C:\Windows\System\sMtJaBp.exe
  2⤵
  PID:4356
- C:\Windows\System\ldyHXWh.exe
  C:\Windows\System\ldyHXWh.exe
  2⤵
  PID:4376
- C:\Windows\System\IfzqCnM.exe
  C:\Windows\System\IfzqCnM.exe
  2⤵
  PID:4396
- C:\Windows\System\WptwSqS.exe
  C:\Windows\System\WptwSqS.exe
  2⤵
  PID:4416
- C:\Windows\System\WWqSjSY.exe
  C:\Windows\System\WWqSjSY.exe
  2⤵
  PID:4436
- C:\Windows\System\wLIeyxA.exe
  C:\Windows\System\wLIeyxA.exe
  2⤵
  PID:4456
- C:\Windows\System\VNeqezi.exe
  C:\Windows\System\VNeqezi.exe
  2⤵
  PID:4476
- C:\Windows\System\OiFBpLZ.exe
  C:\Windows\System\OiFBpLZ.exe
  2⤵
  PID:4496
- C:\Windows\System\NqqFEJZ.exe
  C:\Windows\System\NqqFEJZ.exe
  2⤵
  PID:4516
- C:\Windows\System\nsNOumc.exe
  C:\Windows\System\nsNOumc.exe
  2⤵
  PID:4536
- C:\Windows\System\BXTxEki.exe
  C:\Windows\System\BXTxEki.exe
  2⤵
  PID:4556
- C:\Windows\System\TpJMRkx.exe
  C:\Windows\System\TpJMRkx.exe
  2⤵
  PID:4576
- C:\Windows\System\EwGelSk.exe
  C:\Windows\System\EwGelSk.exe
  2⤵
  PID:4596
- C:\Windows\System\vedTGiM.exe
  C:\Windows\System\vedTGiM.exe
  2⤵
  PID:4616
- C:\Windows\System\RBUFiwx.exe
  C:\Windows\System\RBUFiwx.exe
  2⤵
  PID:4636
- C:\Windows\System\RUhseNj.exe
  C:\Windows\System\RUhseNj.exe
  2⤵
  PID:4656
- C:\Windows\System\WEaFgdt.exe
  C:\Windows\System\WEaFgdt.exe
  2⤵
  PID:4676
- C:\Windows\System\MbRdTtz.exe
  C:\Windows\System\MbRdTtz.exe
  2⤵
  PID:4696
- C:\Windows\System\eIpTDYC.exe
  C:\Windows\System\eIpTDYC.exe
  2⤵
  PID:4716
- C:\Windows\System\jzcdyqt.exe
  C:\Windows\System\jzcdyqt.exe
  2⤵
  PID:4736
- C:\Windows\System\jhrGrVC.exe
  C:\Windows\System\jhrGrVC.exe
  2⤵
  PID:4756
- C:\Windows\System\IHbZcpx.exe
  C:\Windows\System\IHbZcpx.exe
  2⤵
  PID:4776
- C:\Windows\System\DYhUYwJ.exe
  C:\Windows\System\DYhUYwJ.exe
  2⤵
  PID:4796
- C:\Windows\System\cXgnAFY.exe
  C:\Windows\System\cXgnAFY.exe
  2⤵
  PID:4816
- C:\Windows\System\tfwEZTn.exe
  C:\Windows\System\tfwEZTn.exe
  2⤵
  PID:4836
- C:\Windows\System\wiZDfbS.exe
  C:\Windows\System\wiZDfbS.exe
  2⤵
  PID:4856
- C:\Windows\System\Mwupabx.exe
  C:\Windows\System\Mwupabx.exe
  2⤵
  PID:4876
- C:\Windows\System\NkFYATP.exe
  C:\Windows\System\NkFYATP.exe
  2⤵
  PID:4896
- C:\Windows\System\fPSjbEU.exe
  C:\Windows\System\fPSjbEU.exe
  2⤵
  PID:4920
- C:\Windows\System\rWkTTBs.exe
  C:\Windows\System\rWkTTBs.exe
  2⤵
  PID:4940
- C:\Windows\System\qkUAkAc.exe
  C:\Windows\System\qkUAkAc.exe
  2⤵
  PID:4960
- C:\Windows\System\MPQAoDw.exe
  C:\Windows\System\MPQAoDw.exe
  2⤵
  PID:4980
- C:\Windows\System\BtKtuAd.exe
  C:\Windows\System\BtKtuAd.exe
  2⤵
  PID:5000
- C:\Windows\System\TaWqLqb.exe
  C:\Windows\System\TaWqLqb.exe
  2⤵
  PID:5020
- C:\Windows\System\lCVTQaD.exe
  C:\Windows\System\lCVTQaD.exe
  2⤵
  PID:5040
- C:\Windows\System\aLOYSSV.exe
  C:\Windows\System\aLOYSSV.exe
  2⤵
  PID:5060
- C:\Windows\System\AwWEkog.exe
  C:\Windows\System\AwWEkog.exe
  2⤵
  PID:5080
- C:\Windows\System\kAaBLKO.exe
  C:\Windows\System\kAaBLKO.exe
  2⤵
  PID:5100
- C:\Windows\System\EBTyOnK.exe
  C:\Windows\System\EBTyOnK.exe
  2⤵
  PID:3524
- C:\Windows\System\ngbVZPF.exe
  C:\Windows\System\ngbVZPF.exe
  2⤵
  PID:3688
- C:\Windows\System\gupEPrk.exe
  C:\Windows\System\gupEPrk.exe
  2⤵
  PID:3724
- C:\Windows\System\QQdzIuO.exe
  C:\Windows\System\QQdzIuO.exe
  2⤵
  PID:3884
- C:\Windows\System\fwdMYsU.exe
  C:\Windows\System\fwdMYsU.exe
  2⤵
  PID:4000
- C:\Windows\System\TqihUWq.exe
  C:\Windows\System\TqihUWq.exe
  2⤵
  PID:4040
- C:\Windows\System\RvzQPLf.exe
  C:\Windows\System\RvzQPLf.exe
  2⤵
  PID:4080
- C:\Windows\System\CXfhYMq.exe
  C:\Windows\System\CXfhYMq.exe
  2⤵
  PID:1400
- C:\Windows\System\nuRLlFK.exe
  C:\Windows\System\nuRLlFK.exe
  2⤵
  PID:2076
- C:\Windows\System\oUkbiSA.exe
  C:\Windows\System\oUkbiSA.exe
  2⤵
  PID:3248
- C:\Windows\System\lopSLfe.exe
  C:\Windows\System\lopSLfe.exe
  2⤵
  PID:3360
- C:\Windows\System\asFVjYT.exe
  C:\Windows\System\asFVjYT.exe
  2⤵
  PID:3500
- C:\Windows\System\gDQIQol.exe
  C:\Windows\System\gDQIQol.exe
  2⤵
  PID:4108
- C:\Windows\System\IkptPMS.exe
  C:\Windows\System\IkptPMS.exe
  2⤵
  PID:4152
- C:\Windows\System\grgHzeI.exe
  C:\Windows\System\grgHzeI.exe
  2⤵
  PID:4168
- C:\Windows\System\twvQKdc.exe
  C:\Windows\System\twvQKdc.exe
  2⤵
  PID:4224
- C:\Windows\System\xDcjbrt.exe
  C:\Windows\System\xDcjbrt.exe
  2⤵
  PID:4252
- C:\Windows\System\sLWJHDw.exe
  C:\Windows\System\sLWJHDw.exe
  2⤵
  PID:4284
- C:\Windows\System\sByKneI.exe
  C:\Windows\System\sByKneI.exe
  2⤵
  PID:4308
- C:\Windows\System\gsYKxMS.exe
  C:\Windows\System\gsYKxMS.exe
  2⤵
  PID:4352
- C:\Windows\System\uHwCqgj.exe
  C:\Windows\System\uHwCqgj.exe
  2⤵
  PID:4392
- C:\Windows\System\kQEFmos.exe
  C:\Windows\System\kQEFmos.exe
  2⤵
  PID:4412
- C:\Windows\System\RPpVaFY.exe
  C:\Windows\System\RPpVaFY.exe
  2⤵
  PID:4452
- C:\Windows\System\sXSwHSc.exe
  C:\Windows\System\sXSwHSc.exe
  2⤵
  PID:4484
- C:\Windows\System\VwxawPH.exe
  C:\Windows\System\VwxawPH.exe
  2⤵
  PID:4508
- C:\Windows\System\WANnIbF.exe
  C:\Windows\System\WANnIbF.exe
  2⤵
  PID:4552
- C:\Windows\System\QRqTViA.exe
  C:\Windows\System\QRqTViA.exe
  2⤵
  PID:4568
- C:\Windows\System\wtpSKvb.exe
  C:\Windows\System\wtpSKvb.exe
  2⤵
  PID:4632
- C:\Windows\System\idtSMJA.exe
  C:\Windows\System\idtSMJA.exe
  2⤵
  PID:4652
- C:\Windows\System\hYrZRvS.exe
  C:\Windows\System\hYrZRvS.exe
  2⤵
  PID:4684
- C:\Windows\System\VLQyUyZ.exe
  C:\Windows\System\VLQyUyZ.exe
  2⤵
  PID:4708
- C:\Windows\System\KtUzNph.exe
  C:\Windows\System\KtUzNph.exe
  2⤵
  PID:4728
- C:\Windows\System\zroZfjK.exe
  C:\Windows\System\zroZfjK.exe
  2⤵
  PID:4792
- C:\Windows\System\vcEyBpZ.exe
  C:\Windows\System\vcEyBpZ.exe
  2⤵
  PID:4832
- C:\Windows\System\bqjaVZC.exe
  C:\Windows\System\bqjaVZC.exe
  2⤵
  PID:4844
- C:\Windows\System\SvantOu.exe
  C:\Windows\System\SvantOu.exe
  2⤵
  PID:4892
- C:\Windows\System\zoIGSCv.exe
  C:\Windows\System\zoIGSCv.exe
  2⤵
  PID:4948
- C:\Windows\System\qCAvnWg.exe
  C:\Windows\System\qCAvnWg.exe
  2⤵
  PID:4952
- C:\Windows\System\ZgajoFM.exe
  C:\Windows\System\ZgajoFM.exe
  2⤵
  PID:4996
- C:\Windows\System\pjtMKUs.exe
  C:\Windows\System\pjtMKUs.exe
  2⤵
  PID:5032
- C:\Windows\System\JstsZBr.exe
  C:\Windows\System\JstsZBr.exe
  2⤵
  PID:5068
- C:\Windows\System\vWkrfMS.exe
  C:\Windows\System\vWkrfMS.exe
  2⤵
  PID:5096
- C:\Windows\System\pdZmfJE.exe
  C:\Windows\System\pdZmfJE.exe
  2⤵
  PID:3608
- C:\Windows\System\RZFsUrr.exe
  C:\Windows\System\RZFsUrr.exe
  2⤵
  PID:3680
- C:\Windows\System\JtfJmZL.exe
  C:\Windows\System\JtfJmZL.exe
  2⤵
  PID:3824
- C:\Windows\System\RFBAMBn.exe
  C:\Windows\System\RFBAMBn.exe
  2⤵
  PID:3984
- C:\Windows\System\VAMGAFT.exe
  C:\Windows\System\VAMGAFT.exe
  2⤵
  PID:2924
- C:\Windows\System\SYubLOq.exe
  C:\Windows\System\SYubLOq.exe
  2⤵
  PID:3280
- C:\Windows\System\NOlFGMI.exe
  C:\Windows\System\NOlFGMI.exe
  2⤵
  PID:3388
- C:\Windows\System\NrKhEMc.exe
  C:\Windows\System\NrKhEMc.exe
  2⤵
  PID:3460
- C:\Windows\System\NRhJoLe.exe
  C:\Windows\System\NRhJoLe.exe
  2⤵
  PID:4128
- C:\Windows\System\wXPfPPd.exe
  C:\Windows\System\wXPfPPd.exe
  2⤵
  PID:4208
- C:\Windows\System\PcGDRFv.exe
  C:\Windows\System\PcGDRFv.exe
  2⤵
  PID:4292
- C:\Windows\System\wSDNKcm.exe
  C:\Windows\System\wSDNKcm.exe
  2⤵
  PID:4384
- C:\Windows\System\UrJhLNd.exe
  C:\Windows\System\UrJhLNd.exe
  2⤵
  PID:4424
- C:\Windows\System\VtuoCDL.exe
  C:\Windows\System\VtuoCDL.exe
  2⤵
  PID:4404
- C:\Windows\System\xmsNHHx.exe
  C:\Windows\System\xmsNHHx.exe
  2⤵
  PID:4472
- C:\Windows\System\bxvFjXw.exe
  C:\Windows\System\bxvFjXw.exe
  2⤵
  PID:4544
- C:\Windows\System\qQLffNt.exe
  C:\Windows\System\qQLffNt.exe
  2⤵
  PID:4608
- C:\Windows\System\YgKUYbD.exe
  C:\Windows\System\YgKUYbD.exe
  2⤵
  PID:4668
- C:\Windows\System\EVeVwPH.exe
  C:\Windows\System\EVeVwPH.exe
  2⤵
  PID:4732
- C:\Windows\System\iyyjuho.exe
  C:\Windows\System\iyyjuho.exe
  2⤵
  PID:4768
- C:\Windows\System\tTgOjfp.exe
  C:\Windows\System\tTgOjfp.exe
  2⤵
  PID:4864
- C:\Windows\System\lKPWFna.exe
  C:\Windows\System\lKPWFna.exe
  2⤵
  PID:4868
- C:\Windows\System\Tddoufz.exe
  C:\Windows\System\Tddoufz.exe
  2⤵
  PID:4932
- C:\Windows\System\zBvWEaM.exe
  C:\Windows\System\zBvWEaM.exe
  2⤵
  PID:5036
- C:\Windows\System\qCIfZRZ.exe
  C:\Windows\System\qCIfZRZ.exe
  2⤵
  PID:5076
- C:\Windows\System\HIwFcbA.exe
  C:\Windows\System\HIwFcbA.exe
  2⤵
  PID:5092
- C:\Windows\System\EVAqqCs.exe
  C:\Windows\System\EVAqqCs.exe
  2⤵
  PID:3744
- C:\Windows\System\jRRutQi.exe
  C:\Windows\System\jRRutQi.exe
  2⤵
  PID:3940
- C:\Windows\System\gnIRlXl.exe
  C:\Windows\System\gnIRlXl.exe
  2⤵
  PID:3096
- C:\Windows\System\FdGcFtC.exe
  C:\Windows\System\FdGcFtC.exe
  2⤵
  PID:3424
- C:\Windows\System\XFBbFkk.exe
  C:\Windows\System\XFBbFkk.exe
  2⤵
  PID:4204
- C:\Windows\System\KgzsNjr.exe
  C:\Windows\System\KgzsNjr.exe
  2⤵
  PID:4272
- C:\Windows\System\STdKEWq.exe
  C:\Windows\System\STdKEWq.exe
  2⤵
  PID:4332
- C:\Windows\System\cIFHLqw.exe
  C:\Windows\System\cIFHLqw.exe
  2⤵
  PID:4468
- C:\Windows\System\omCEGHW.exe
  C:\Windows\System\omCEGHW.exe
  2⤵
  PID:4624
- C:\Windows\System\KewxKIQ.exe
  C:\Windows\System\KewxKIQ.exe
  2⤵
  PID:5136
- C:\Windows\System\MXoFeZt.exe
  C:\Windows\System\MXoFeZt.exe
  2⤵
  PID:5156
- C:\Windows\System\WZoqFAQ.exe
  C:\Windows\System\WZoqFAQ.exe
  2⤵
  PID:5176
- C:\Windows\System\BXNEgOm.exe
  C:\Windows\System\BXNEgOm.exe
  2⤵
  PID:5196
- C:\Windows\System\QKiXfrO.exe
  C:\Windows\System\QKiXfrO.exe
  2⤵
  PID:5216
- C:\Windows\System\XjZIDUZ.exe
  C:\Windows\System\XjZIDUZ.exe
  2⤵
  PID:5236
- C:\Windows\System\MFswGJo.exe
  C:\Windows\System\MFswGJo.exe
  2⤵
  PID:5256
- C:\Windows\System\LnSMJLz.exe
  C:\Windows\System\LnSMJLz.exe
  2⤵
  PID:5276
- C:\Windows\System\ocjhjVE.exe
  C:\Windows\System\ocjhjVE.exe
  2⤵
  PID:5296
- C:\Windows\System\pCaPdaP.exe
  C:\Windows\System\pCaPdaP.exe
  2⤵
  PID:5316
- C:\Windows\System\TPoHMzD.exe
  C:\Windows\System\TPoHMzD.exe
  2⤵
  PID:5336
- C:\Windows\System\MDrIkQA.exe
  C:\Windows\System\MDrIkQA.exe
  2⤵
  PID:5356
- C:\Windows\System\TngiMHm.exe
  C:\Windows\System\TngiMHm.exe
  2⤵
  PID:5376
- C:\Windows\System\EWbAkOC.exe
  C:\Windows\System\EWbAkOC.exe
  2⤵
  PID:5396
- C:\Windows\System\PepDiwF.exe
  C:\Windows\System\PepDiwF.exe
  2⤵
  PID:5416
- C:\Windows\System\dBsKGkI.exe
  C:\Windows\System\dBsKGkI.exe
  2⤵
  PID:5436
- C:\Windows\System\EUOlJHI.exe
  C:\Windows\System\EUOlJHI.exe
  2⤵
  PID:5456
- C:\Windows\System\iLZKNTn.exe
  C:\Windows\System\iLZKNTn.exe
  2⤵
  PID:5476
- C:\Windows\System\GuSUnTL.exe
  C:\Windows\System\GuSUnTL.exe
  2⤵
  PID:5496
- C:\Windows\System\BBCqGaZ.exe
  C:\Windows\System\BBCqGaZ.exe
  2⤵
  PID:5516
- C:\Windows\System\aUBPcUi.exe
  C:\Windows\System\aUBPcUi.exe
  2⤵
  PID:5536
- C:\Windows\System\RPAGMEz.exe
  C:\Windows\System\RPAGMEz.exe
  2⤵
  PID:5556
- C:\Windows\System\VzUPqlL.exe
  C:\Windows\System\VzUPqlL.exe
  2⤵
  PID:5576
- C:\Windows\System\KRQfowh.exe
  C:\Windows\System\KRQfowh.exe
  2⤵
  PID:5596
- C:\Windows\System\cQwAuQu.exe
  C:\Windows\System\cQwAuQu.exe
  2⤵
  PID:5616
- C:\Windows\System\zMQITJS.exe
  C:\Windows\System\zMQITJS.exe
  2⤵
  PID:5636
- C:\Windows\System\qHjFVkk.exe
  C:\Windows\System\qHjFVkk.exe
  2⤵
  PID:5656
- C:\Windows\System\FXjRqhg.exe
  C:\Windows\System\FXjRqhg.exe
  2⤵
  PID:5676
- C:\Windows\System\OklPrbF.exe
  C:\Windows\System\OklPrbF.exe
  2⤵
  PID:5696
- C:\Windows\System\QOZVvXJ.exe
  C:\Windows\System\QOZVvXJ.exe
  2⤵
  PID:5716
- C:\Windows\System\VNSyfcG.exe
  C:\Windows\System\VNSyfcG.exe
  2⤵
  PID:5736
- C:\Windows\System\aqYzKWF.exe
  C:\Windows\System\aqYzKWF.exe
  2⤵
  PID:5756
- C:\Windows\System\bASFonB.exe
  C:\Windows\System\bASFonB.exe
  2⤵
  PID:5776
- C:\Windows\System\mawWRyI.exe
  C:\Windows\System\mawWRyI.exe
  2⤵
  PID:5796
- C:\Windows\System\CEsGjZc.exe
  C:\Windows\System\CEsGjZc.exe
  2⤵
  PID:5816
- C:\Windows\System\vIDEZCj.exe
  C:\Windows\System\vIDEZCj.exe
  2⤵
  PID:5836
- C:\Windows\System\sSiXspV.exe
  C:\Windows\System\sSiXspV.exe
  2⤵
  PID:5860
- C:\Windows\System\HUOwcqH.exe
  C:\Windows\System\HUOwcqH.exe
  2⤵
  PID:5880
- C:\Windows\System\EIleRmD.exe
  C:\Windows\System\EIleRmD.exe
  2⤵
  PID:5900
- C:\Windows\System\TTdykVV.exe
  C:\Windows\System\TTdykVV.exe
  2⤵
  PID:5920
- C:\Windows\System\CMGlOVD.exe
  C:\Windows\System\CMGlOVD.exe
  2⤵
  PID:5940
- C:\Windows\System\DNvDKyC.exe
  C:\Windows\System\DNvDKyC.exe
  2⤵
  PID:5960
- C:\Windows\System\ISQphju.exe
  C:\Windows\System\ISQphju.exe
  2⤵
  PID:5980
- C:\Windows\System\cloMrZs.exe
  C:\Windows\System\cloMrZs.exe
  2⤵
  PID:6000
- C:\Windows\System\oGGCNlJ.exe
  C:\Windows\System\oGGCNlJ.exe
  2⤵
  PID:6020
- C:\Windows\System\QcoKqQc.exe
  C:\Windows\System\QcoKqQc.exe
  2⤵
  PID:6040
- C:\Windows\System\JfaoPjV.exe
  C:\Windows\System\JfaoPjV.exe
  2⤵
  PID:6060
- C:\Windows\System\lXhrDAA.exe
  C:\Windows\System\lXhrDAA.exe
  2⤵
  PID:6080
- C:\Windows\System\UTwXzeO.exe
  C:\Windows\System\UTwXzeO.exe
  2⤵
  PID:6100
- C:\Windows\System\jtslmiX.exe
  C:\Windows\System\jtslmiX.exe
  2⤵
  PID:6120
- C:\Windows\System\oLesTZS.exe
  C:\Windows\System\oLesTZS.exe
  2⤵
  PID:6140
- C:\Windows\System\ryzYsWj.exe
  C:\Windows\System\ryzYsWj.exe
  2⤵
  PID:4712
- C:\Windows\System\pBBfHaz.exe
  C:\Windows\System\pBBfHaz.exe
  2⤵
  PID:4824
- C:\Windows\System\skfcUCo.exe
  C:\Windows\System\skfcUCo.exe
  2⤵
  PID:4848
- C:\Windows\System\posJZIN.exe
  C:\Windows\System\posJZIN.exe
  2⤵
  PID:4988
- C:\Windows\System\uNoXDFg.exe
  C:\Windows\System\uNoXDFg.exe
  2⤵
  PID:4972
- C:\Windows\System\bGRizFt.exe
  C:\Windows\System\bGRizFt.exe
  2⤵
  PID:3964
- C:\Windows\System\errawTl.exe
  C:\Windows\System\errawTl.exe
  2⤵
  PID:4060
- C:\Windows\System\CPcvmnS.exe
  C:\Windows\System\CPcvmnS.exe
  2⤵
  PID:4144
- C:\Windows\System\rmlSbFY.exe
  C:\Windows\System\rmlSbFY.exe
  2⤵
  PID:4328
- C:\Windows\System\bPgWjln.exe
  C:\Windows\System\bPgWjln.exe
  2⤵
  PID:4388
- C:\Windows\System\XbGgvkV.exe
  C:\Windows\System\XbGgvkV.exe
  2⤵
  PID:4584
- C:\Windows\System\zmPMwTs.exe
  C:\Windows\System\zmPMwTs.exe
  2⤵
  PID:5128
- C:\Windows\System\ygdEbCE.exe
  C:\Windows\System\ygdEbCE.exe
  2⤵
  PID:5184
- C:\Windows\System\ASzjugp.exe
  C:\Windows\System\ASzjugp.exe
  2⤵
  PID:5224
- C:\Windows\System\BPjUxpP.exe
  C:\Windows\System\BPjUxpP.exe
  2⤵
  PID:5252
- C:\Windows\System\xNDhEnY.exe
  C:\Windows\System\xNDhEnY.exe
  2⤵
  PID:5284
- C:\Windows\System\MZbSiYy.exe
  C:\Windows\System\MZbSiYy.exe
  2⤵
  PID:5308
- C:\Windows\System\SZkhLwu.exe
  C:\Windows\System\SZkhLwu.exe
  2⤵
  PID:5328
- C:\Windows\System\qOdBMYK.exe
  C:\Windows\System\qOdBMYK.exe
  2⤵
  PID:5368
- C:\Windows\System\njYjEKy.exe
  C:\Windows\System\njYjEKy.exe
  2⤵
  PID:5424
- C:\Windows\System\WGPvfHb.exe
  C:\Windows\System\WGPvfHb.exe
  2⤵
  PID:5452
- C:\Windows\System\UlmQitr.exe
  C:\Windows\System\UlmQitr.exe
  2⤵
  PID:5504
- C:\Windows\System\nIptBQf.exe
  C:\Windows\System\nIptBQf.exe
  2⤵
  PID:5508
- C:\Windows\System\gSBqpaH.exe
  C:\Windows\System\gSBqpaH.exe
  2⤵
  PID:5552
- C:\Windows\System\OeKExfD.exe
  C:\Windows\System\OeKExfD.exe
  2⤵
  PID:5568
- C:\Windows\System\MWNSoLP.exe
  C:\Windows\System\MWNSoLP.exe
  2⤵
  PID:5632
- C:\Windows\System\uJUPWZi.exe
  C:\Windows\System\uJUPWZi.exe
  2⤵
  PID:5644
- C:\Windows\System\lsBKbDI.exe
  C:\Windows\System\lsBKbDI.exe
  2⤵
  PID:5668
- C:\Windows\System\Hhrifkp.exe
  C:\Windows\System\Hhrifkp.exe
  2⤵
  PID:5708
- C:\Windows\System\CkCibaq.exe
  C:\Windows\System\CkCibaq.exe
  2⤵
  PID:5752
- C:\Windows\System\Bndayhu.exe
  C:\Windows\System\Bndayhu.exe
  2⤵
  PID:5768
- C:\Windows\System\PrfCJVi.exe
  C:\Windows\System\PrfCJVi.exe
  2⤵
  PID:5832
- C:\Windows\System\SBZhSVz.exe
  C:\Windows\System\SBZhSVz.exe
  2⤵
  PID:5856
- C:\Windows\System\qoZcXEf.exe
  C:\Windows\System\qoZcXEf.exe
  2⤵
  PID:5888
- C:\Windows\System\DWiIRCN.exe
  C:\Windows\System\DWiIRCN.exe
  2⤵
  PID:5912
- C:\Windows\System\jUyMQjj.exe
  C:\Windows\System\jUyMQjj.exe
  2⤵
  PID:5956
- C:\Windows\System\shuVtQs.exe
  C:\Windows\System\shuVtQs.exe
  2⤵
  PID:5972
- C:\Windows\System\NANjwJi.exe
  C:\Windows\System\NANjwJi.exe
  2⤵
  PID:6012
- C:\Windows\System\nXRVVyg.exe
  C:\Windows\System\nXRVVyg.exe
  2⤵
  PID:6056
- C:\Windows\System\rGILDAE.exe
  C:\Windows\System\rGILDAE.exe
  2⤵
  PID:6088
- C:\Windows\System\NEyxNVk.exe
  C:\Windows\System\NEyxNVk.exe
  2⤵
  PID:6112
- C:\Windows\System\kRCybQK.exe
  C:\Windows\System\kRCybQK.exe
  2⤵
  PID:6132
- C:\Windows\System\jtiWVpV.exe
  C:\Windows\System\jtiWVpV.exe
  2⤵
  PID:4784
- C:\Windows\System\htctnFP.exe
  C:\Windows\System\htctnFP.exe
  2⤵
  PID:5048
- C:\Windows\System\xpXKlgL.exe
  C:\Windows\System\xpXKlgL.exe
  2⤵
  PID:5116
- C:\Windows\System\JYwUpQt.exe
  C:\Windows\System\JYwUpQt.exe
  2⤵
  PID:3052
- C:\Windows\System\EbmjFdS.exe
  C:\Windows\System\EbmjFdS.exe
  2⤵
  PID:3520
- C:\Windows\System\cDlwhxb.exe
  C:\Windows\System\cDlwhxb.exe
  2⤵
  PID:4488
- C:\Windows\System\gspCirg.exe
  C:\Windows\System\gspCirg.exe
  2⤵
  PID:5144
- C:\Windows\System\JMqpcCf.exe
  C:\Windows\System\JMqpcCf.exe
  2⤵
  PID:5208
- C:\Windows\System\uvZZicu.exe
  C:\Windows\System\uvZZicu.exe
  2⤵
  PID:5268
- C:\Windows\System\bXfzoso.exe
  C:\Windows\System\bXfzoso.exe
  2⤵
  PID:5344
- C:\Windows\System\ciHsOuU.exe
  C:\Windows\System\ciHsOuU.exe
  2⤵
  PID:5384
- C:\Windows\System\voGqMoH.exe
  C:\Windows\System\voGqMoH.exe
  2⤵
  PID:5444
- C:\Windows\System\QbwRBYM.exe
  C:\Windows\System\QbwRBYM.exe
  2⤵
  PID:5488
- C:\Windows\System\xrPSEoC.exe
  C:\Windows\System\xrPSEoC.exe
  2⤵
  PID:5572
- C:\Windows\System\yiZZSOD.exe
  C:\Windows\System\yiZZSOD.exe
  2⤵
  PID:5624
- C:\Windows\System\znPcnwL.exe
  C:\Windows\System\znPcnwL.exe
  2⤵
  PID:5652
- C:\Windows\System\khGUCLm.exe
  C:\Windows\System\khGUCLm.exe
  2⤵
  PID:5692
- C:\Windows\System\McfCLmC.exe
  C:\Windows\System\McfCLmC.exe
  2⤵
  PID:5772
- C:\Windows\System\LcbVGDl.exe
  C:\Windows\System\LcbVGDl.exe
  2⤵
  PID:5808
- C:\Windows\System\rIWCdvX.exe
  C:\Windows\System\rIWCdvX.exe
  2⤵
  PID:5892
- C:\Windows\System\KxzvMLm.exe
  C:\Windows\System\KxzvMLm.exe
  2⤵
  PID:5948
- C:\Windows\System\ovhixET.exe
  C:\Windows\System\ovhixET.exe
  2⤵
  PID:6016
- C:\Windows\System\CIOafQC.exe
  C:\Windows\System\CIOafQC.exe
  2⤵
  PID:6032
- C:\Windows\System\kQeROXv.exe
  C:\Windows\System\kQeROXv.exe
  2⤵
  PID:6116
- C:\Windows\System\SswKVxO.exe
  C:\Windows\System\SswKVxO.exe
  2⤵
  PID:6136
- C:\Windows\System\gCJkEAs.exe
  C:\Windows\System\gCJkEAs.exe
  2⤵
  PID:3740
- C:\Windows\System\iBYcQBh.exe
  C:\Windows\System\iBYcQBh.exe
  2⤵
  PID:3084
- C:\Windows\System\voqdzqH.exe
  C:\Windows\System\voqdzqH.exe
  2⤵
  PID:4372
- C:\Windows\System\hhdoexZ.exe
  C:\Windows\System\hhdoexZ.exe
  2⤵
  PID:5228
- C:\Windows\System\dkhXaiP.exe
  C:\Windows\System\dkhXaiP.exe
  2⤵
  PID:5188
- C:\Windows\System\ePCXvqP.exe
  C:\Windows\System\ePCXvqP.exe
  2⤵
  PID:5352
- C:\Windows\System\xRHYhEA.exe
  C:\Windows\System\xRHYhEA.exe
  2⤵
  PID:5428
- C:\Windows\System\IRPwEiK.exe
  C:\Windows\System\IRPwEiK.exe
  2⤵
  PID:5532
- C:\Windows\System\lVFGPTj.exe
  C:\Windows\System\lVFGPTj.exe
  2⤵
  PID:6152
- C:\Windows\System\NhwkwjS.exe
  C:\Windows\System\NhwkwjS.exe
  2⤵
  PID:6172
- C:\Windows\System\djAHwms.exe
  C:\Windows\System\djAHwms.exe
  2⤵
  PID:6192
- C:\Windows\System\kpRSLaV.exe
  C:\Windows\System\kpRSLaV.exe
  2⤵
  PID:6212
- C:\Windows\System\CYxXjIJ.exe
  C:\Windows\System\CYxXjIJ.exe
  2⤵
  PID:6232
- C:\Windows\System\bTBzFtx.exe
  C:\Windows\System\bTBzFtx.exe
  2⤵
  PID:6252
- C:\Windows\System\VzpvLeS.exe
  C:\Windows\System\VzpvLeS.exe
  2⤵
  PID:6272
- C:\Windows\System\EHlHGks.exe
  C:\Windows\System\EHlHGks.exe
  2⤵
  PID:6292
- C:\Windows\System\fvNKVRR.exe
  C:\Windows\System\fvNKVRR.exe
  2⤵
  PID:6312
- C:\Windows\System\SIGxRhZ.exe
  C:\Windows\System\SIGxRhZ.exe
  2⤵
  PID:6332
- C:\Windows\System\snGkvQk.exe
  C:\Windows\System\snGkvQk.exe
  2⤵
  PID:6352
- C:\Windows\System\CdvTXbv.exe
  C:\Windows\System\CdvTXbv.exe
  2⤵
  PID:6372
- C:\Windows\System\apQilNf.exe
  C:\Windows\System\apQilNf.exe
  2⤵
  PID:6392
- C:\Windows\System\IrpbcGQ.exe
  C:\Windows\System\IrpbcGQ.exe
  2⤵
  PID:6412
- C:\Windows\System\gcSpwVY.exe
  C:\Windows\System\gcSpwVY.exe
  2⤵
  PID:6432
- C:\Windows\System\ptqDZjN.exe
  C:\Windows\System\ptqDZjN.exe
  2⤵
  PID:6452
- C:\Windows\System\PbXjXqj.exe
  C:\Windows\System\PbXjXqj.exe
  2⤵
  PID:6472
- C:\Windows\System\pAMHkBj.exe
  C:\Windows\System\pAMHkBj.exe
  2⤵
  PID:6488
- C:\Windows\System\dbuWWwx.exe
  C:\Windows\System\dbuWWwx.exe
  2⤵
  PID:6512
- C:\Windows\System\KdTTCRx.exe
  C:\Windows\System\KdTTCRx.exe
  2⤵
  PID:6532
- C:\Windows\System\qLfjjVR.exe
  C:\Windows\System\qLfjjVR.exe
  2⤵
  PID:6552
- C:\Windows\System\fxMSsfv.exe
  C:\Windows\System\fxMSsfv.exe
  2⤵
  PID:6572
- C:\Windows\System\sKPRtyi.exe
  C:\Windows\System\sKPRtyi.exe
  2⤵
  PID:6592
- C:\Windows\System\kdssbPf.exe
  C:\Windows\System\kdssbPf.exe
  2⤵
  PID:6612
- C:\Windows\System\NjBIXBy.exe
  C:\Windows\System\NjBIXBy.exe
  2⤵
  PID:6628
- C:\Windows\System\eEmmWkA.exe
  C:\Windows\System\eEmmWkA.exe
  2⤵
  PID:6652
- C:\Windows\System\zoOoWZN.exe
  C:\Windows\System\zoOoWZN.exe
  2⤵
  PID:6668
- C:\Windows\System\NZQmSEe.exe
  C:\Windows\System\NZQmSEe.exe
  2⤵
  PID:6688
- C:\Windows\System\bgcsiWG.exe
  C:\Windows\System\bgcsiWG.exe
  2⤵
  PID:6708
- C:\Windows\System\MCtHhzq.exe
  C:\Windows\System\MCtHhzq.exe
  2⤵
  PID:6732
- C:\Windows\System\vtdmPur.exe
  C:\Windows\System\vtdmPur.exe
  2⤵
  PID:6752
- C:\Windows\System\qRsyQOs.exe
  C:\Windows\System\qRsyQOs.exe
  2⤵
  PID:6772
- C:\Windows\System\VGqbsEr.exe
  C:\Windows\System\VGqbsEr.exe
  2⤵
  PID:6792
- C:\Windows\System\VMhoXEN.exe
  C:\Windows\System\VMhoXEN.exe
  2⤵
  PID:6812
- C:\Windows\System\iKaNAgL.exe
  C:\Windows\System\iKaNAgL.exe
  2⤵
  PID:6832
- C:\Windows\System\cvPzBJQ.exe
  C:\Windows\System\cvPzBJQ.exe
  2⤵
  PID:6848
- C:\Windows\System\ryYDEaK.exe
  C:\Windows\System\ryYDEaK.exe
  2⤵
  PID:6868
- C:\Windows\System\hVfKQsI.exe
  C:\Windows\System\hVfKQsI.exe
  2⤵
  PID:6892
- C:\Windows\System\HWQjnJx.exe
  C:\Windows\System\HWQjnJx.exe
  2⤵
  PID:6912
- C:\Windows\System\AEjRdBI.exe
  C:\Windows\System\AEjRdBI.exe
  2⤵
  PID:6936
- C:\Windows\System\mPimqxr.exe
  C:\Windows\System\mPimqxr.exe
  2⤵
  PID:6956
- C:\Windows\System\IILDQsM.exe
  C:\Windows\System\IILDQsM.exe
  2⤵
  PID:6976
- C:\Windows\System\JwWWjjK.exe
  C:\Windows\System\JwWWjjK.exe
  2⤵
  PID:6996
- C:\Windows\System\SkrbUsH.exe
  C:\Windows\System\SkrbUsH.exe
  2⤵
  PID:7012
- C:\Windows\System\QjeoOuT.exe
  C:\Windows\System\QjeoOuT.exe
  2⤵
  PID:7032
- C:\Windows\System\EPSchbj.exe
  C:\Windows\System\EPSchbj.exe
  2⤵
  PID:7052
- C:\Windows\System\DfWSQkt.exe
  C:\Windows\System\DfWSQkt.exe
  2⤵
  PID:7072
- C:\Windows\System\hzhAQRe.exe
  C:\Windows\System\hzhAQRe.exe
  2⤵
  PID:7092
- C:\Windows\System\kecWxkG.exe
  C:\Windows\System\kecWxkG.exe
  2⤵
  PID:7112
- C:\Windows\System\fUnzsPb.exe
  C:\Windows\System\fUnzsPb.exe
  2⤵
  PID:7128
- C:\Windows\System\ZfITCfS.exe
  C:\Windows\System\ZfITCfS.exe
  2⤵
  PID:7152
- C:\Windows\System\LRBamFe.exe
  C:\Windows\System\LRBamFe.exe
  2⤵
  PID:5628
- C:\Windows\System\BWyzOUU.exe
  C:\Windows\System\BWyzOUU.exe
  2⤵
  PID:5728
- C:\Windows\System\RgGafOE.exe
  C:\Windows\System\RgGafOE.exe
  2⤵
  PID:5804
- C:\Windows\System\oOeeQRr.exe
  C:\Windows\System\oOeeQRr.exe
  2⤵
  PID:5872
- C:\Windows\System\HcUDkQr.exe
  C:\Windows\System\HcUDkQr.exe
  2⤵
  PID:6008
- C:\Windows\System\BaWMtqG.exe
  C:\Windows\System\BaWMtqG.exe
  2⤵
  PID:4644
- C:\Windows\System\kDmmZOn.exe
  C:\Windows\System\kDmmZOn.exe
  2⤵
  PID:4628
- C:\Windows\System\yjwRVpL.exe
  C:\Windows\System\yjwRVpL.exe
  2⤵
  PID:1716
- C:\Windows\System\hnGxLsu.exe
  C:\Windows\System\hnGxLsu.exe
  2⤵
  PID:5152
- C:\Windows\System\JQwimjh.exe
  C:\Windows\System\JQwimjh.exe
  2⤵
  PID:5212
- C:\Windows\System\dentwCw.exe
  C:\Windows\System\dentwCw.exe
  2⤵
  PID:5468
- C:\Windows\System\pbeNKhF.exe
  C:\Windows\System\pbeNKhF.exe
  2⤵
  PID:6148
- C:\Windows\System\kbpfSKa.exe
  C:\Windows\System\kbpfSKa.exe
  2⤵
  PID:6180
- C:\Windows\System\OVzfbig.exe
  C:\Windows\System\OVzfbig.exe
  2⤵
  PID:6220
- C:\Windows\System\GNldEKx.exe
  C:\Windows\System\GNldEKx.exe
  2⤵
  PID:6244
- C:\Windows\System\iNgBIcO.exe
  C:\Windows\System\iNgBIcO.exe
  2⤵
  PID:6268
- C:\Windows\System\wvxpFxP.exe
  C:\Windows\System\wvxpFxP.exe
  2⤵
  PID:6324
- C:\Windows\System\cySuldC.exe
  C:\Windows\System\cySuldC.exe
  2⤵
  PID:6340
- C:\Windows\System\GnsOmhm.exe
  C:\Windows\System\GnsOmhm.exe
  2⤵
  PID:6400
- C:\Windows\System\CgQiuum.exe
  C:\Windows\System\CgQiuum.exe
  2⤵
  PID:6404
- C:\Windows\System\ugSLzWa.exe
  C:\Windows\System\ugSLzWa.exe
  2⤵
  PID:6420
- C:\Windows\System\VXqGjUU.exe
  C:\Windows\System\VXqGjUU.exe
  2⤵
  PID:6460
- C:\Windows\System\wxLonnW.exe
  C:\Windows\System\wxLonnW.exe
  2⤵
  PID:6528
- C:\Windows\System\LTvnVKc.exe
  C:\Windows\System\LTvnVKc.exe
  2⤵
  PID:6508
- C:\Windows\System\LibVSnk.exe
  C:\Windows\System\LibVSnk.exe
  2⤵
  PID:6600
- C:\Windows\System\RKVdhyc.exe
  C:\Windows\System\RKVdhyc.exe
  2⤵
  PID:6604
- C:\Windows\System\GJxbZwo.exe
  C:\Windows\System\GJxbZwo.exe
  2⤵
  PID:6584
- C:\Windows\System\FyNpPXX.exe
  C:\Windows\System\FyNpPXX.exe
  2⤵
  PID:6664
- C:\Windows\System\jBBSGEW.exe
  C:\Windows\System\jBBSGEW.exe
  2⤵
  PID:6700
- C:\Windows\System\YjEKwkI.exe
  C:\Windows\System\YjEKwkI.exe
  2⤵
  PID:6764
- C:\Windows\System\OWUnEEh.exe
  C:\Windows\System\OWUnEEh.exe
  2⤵
  PID:6808
- C:\Windows\System\aaXgXyM.exe
  C:\Windows\System\aaXgXyM.exe
  2⤵
  PID:6784
- C:\Windows\System\AfsHdNV.exe
  C:\Windows\System\AfsHdNV.exe
  2⤵
  PID:6876
- C:\Windows\System\yZVRYWI.exe
  C:\Windows\System\yZVRYWI.exe
  2⤵
  PID:6928
- C:\Windows\System\cjsSYcJ.exe
  C:\Windows\System\cjsSYcJ.exe
  2⤵
  PID:6860
- C:\Windows\System\gogTjEI.exe
  C:\Windows\System\gogTjEI.exe
  2⤵
  PID:6900
- C:\Windows\System\RqQBOAz.exe
  C:\Windows\System\RqQBOAz.exe
  2⤵
  PID:7044
- C:\Windows\System\nKRClFL.exe
  C:\Windows\System\nKRClFL.exe
  2⤵
  PID:2608
- C:\Windows\System\LuuQmCk.exe
  C:\Windows\System\LuuQmCk.exe
  2⤵
  PID:6948
- C:\Windows\System\ImUrDoT.exe
  C:\Windows\System\ImUrDoT.exe
  2⤵
  PID:7020
- C:\Windows\System\JieIksN.exe
  C:\Windows\System\JieIksN.exe
  2⤵
  PID:7164
- C:\Windows\System\IerSXJo.exe
  C:\Windows\System\IerSXJo.exe
  2⤵
  PID:7060
- C:\Windows\System\POBzjRH.exe
  C:\Windows\System\POBzjRH.exe
  2⤵
  PID:7100
- C:\Windows\System\DsKCqNc.exe
  C:\Windows\System\DsKCqNc.exe
  2⤵
  PID:2400
- C:\Windows\System\ECunRaF.exe
  C:\Windows\System\ECunRaF.exe
  2⤵
  PID:4572
- C:\Windows\System\cdxzcbm.exe
  C:\Windows\System\cdxzcbm.exe
  2⤵
  PID:5412
- C:\Windows\System\vhBSipN.exe
  C:\Windows\System\vhBSipN.exe
  2⤵
  PID:6224
- C:\Windows\System\yodMUjM.exe
  C:\Windows\System\yodMUjM.exe
  2⤵
  PID:6448
- C:\Windows\System\lyPYxGr.exe
  C:\Windows\System\lyPYxGr.exe
  2⤵
  PID:6520
- C:\Windows\System\MPOyORy.exe
  C:\Windows\System\MPOyORy.exe
  2⤵
  PID:5876
- C:\Windows\System\BbGEYEG.exe
  C:\Windows\System\BbGEYEG.exe
  2⤵
  PID:5056
- C:\Windows\System\LSleaBY.exe
  C:\Windows\System\LSleaBY.exe
  2⤵
  PID:5492
- C:\Windows\System\iyTSaxN.exe
  C:\Windows\System\iyTSaxN.exe
  2⤵
  PID:6208
- C:\Windows\System\MMegQFl.exe
  C:\Windows\System\MMegQFl.exe
  2⤵
  PID:6648
- C:\Windows\System\BpShePo.exe
  C:\Windows\System\BpShePo.exe
  2⤵
  PID:6284
- C:\Windows\System\eGzMcRT.exe
  C:\Windows\System\eGzMcRT.exe
  2⤵
  PID:6304
- C:\Windows\System\CXkiqxa.exe
  C:\Windows\System\CXkiqxa.exe
  2⤵
  PID:6560
- C:\Windows\System\ZenBABI.exe
  C:\Windows\System\ZenBABI.exe
  2⤵
  PID:6544
- C:\Windows\System\mRYKLqH.exe
  C:\Windows\System\mRYKLqH.exe
  2⤵
  PID:6424
- C:\Windows\System\ZFlbFaX.exe
  C:\Windows\System\ZFlbFaX.exe
  2⤵
  PID:6644
- C:\Windows\System\JXkSzVh.exe
  C:\Windows\System\JXkSzVh.exe
  2⤵
  PID:6680
- C:\Windows\System\PcjoVyw.exe
  C:\Windows\System\PcjoVyw.exe
  2⤵
  PID:6856
- C:\Windows\System\kMCKfwO.exe
  C:\Windows\System\kMCKfwO.exe
  2⤵
  PID:6944
- C:\Windows\System\KPLtvBo.exe
  C:\Windows\System\KPLtvBo.exe
  2⤵
  PID:6888
- C:\Windows\System\SgZwfYS.exe
  C:\Windows\System\SgZwfYS.exe
  2⤵
  PID:4664
- C:\Windows\System\ZEhlHCa.exe
  C:\Windows\System\ZEhlHCa.exe
  2⤵
  PID:5648
- C:\Windows\System\vwmhGuQ.exe
  C:\Windows\System\vwmhGuQ.exe
  2⤵
  PID:6908
- C:\Windows\System\DAIAiIw.exe
  C:\Windows\System\DAIAiIw.exe
  2⤵
  PID:6992
- C:\Windows\System\TVSSJKH.exe
  C:\Windows\System\TVSSJKH.exe
  2⤵
  PID:6288
- C:\Windows\System\vugLfoW.exe
  C:\Windows\System\vugLfoW.exe
  2⤵
  PID:6480
- C:\Windows\System\jpuMOlZ.exe
  C:\Windows\System\jpuMOlZ.exe
  2⤵
  PID:6988
- C:\Windows\System\JPWnUge.exe
  C:\Windows\System\JPWnUge.exe
  2⤵
  PID:6828
- C:\Windows\System\ggBuMgb.exe
  C:\Windows\System\ggBuMgb.exe
  2⤵
  PID:7140
- C:\Windows\System\PGBumQv.exe
  C:\Windows\System\PGBumQv.exe
  2⤵
  PID:5364
- C:\Windows\System\oqWGfiw.exe
  C:\Windows\System\oqWGfiw.exe
  2⤵
  PID:6780
- C:\Windows\System\uHKvXiv.exe
  C:\Windows\System\uHKvXiv.exe
  2⤵
  PID:6036
- C:\Windows\System\wXXbiKt.exe
  C:\Windows\System\wXXbiKt.exe
  2⤵
  PID:6184
- C:\Windows\System\HCzCpMw.exe
  C:\Windows\System\HCzCpMw.exe
  2⤵
  PID:7160
- C:\Windows\System\VgllsVR.exe
  C:\Windows\System\VgllsVR.exe
  2⤵
  PID:7088
- C:\Windows\System\SYaelkm.exe
  C:\Windows\System\SYaelkm.exe
  2⤵
  PID:6824
- C:\Windows\System\HIcsWcz.exe
  C:\Windows\System\HIcsWcz.exe
  2⤵
  PID:7068
- C:\Windows\System\YfNFXUw.exe
  C:\Windows\System\YfNFXUw.exe
  2⤵
  PID:6840
- C:\Windows\System\kTvjpwx.exe
  C:\Windows\System\kTvjpwx.exe
  2⤵
  PID:6200
- C:\Windows\System\hsWsweP.exe
  C:\Windows\System\hsWsweP.exe
  2⤵
  PID:6364
- C:\Windows\System\EjsOYIe.exe
  C:\Windows\System\EjsOYIe.exe
  2⤵
  PID:5164
- C:\Windows\System\YkpoyCV.exe
  C:\Windows\System\YkpoyCV.exe
  2⤵
  PID:6540
- C:\Windows\System\YGHPkXR.exe
  C:\Windows\System\YGHPkXR.exe
  2⤵
  PID:6504
- C:\Windows\System\VrcwRTX.exe
  C:\Windows\System\VrcwRTX.exe
  2⤵
  PID:5908
- C:\Windows\System\aNWkQpi.exe
  C:\Windows\System\aNWkQpi.exe
  2⤵
  PID:6768
- C:\Windows\System\WTGJRnZ.exe
  C:\Windows\System\WTGJRnZ.exe
  2⤵
  PID:6308
- C:\Windows\System\EYRZbZb.exe
  C:\Windows\System\EYRZbZb.exe
  2⤵
  PID:5584
- C:\Windows\System\ICSZqza.exe
  C:\Windows\System\ICSZqza.exe
  2⤵
  PID:6844
- C:\Windows\System\FfVnMJH.exe
  C:\Windows\System\FfVnMJH.exe
  2⤵
  PID:6924
- C:\Windows\System\ZhXfOZc.exe
  C:\Windows\System\ZhXfOZc.exe
  2⤵
  PID:6696
- C:\Windows\System\wTagUTU.exe
  C:\Windows\System\wTagUTU.exe
  2⤵
  PID:6368
- C:\Windows\System\AmdIWax.exe
  C:\Windows\System\AmdIWax.exe
  2⤵
  PID:6748
- C:\Windows\System\rTkwFnZ.exe
  C:\Windows\System\rTkwFnZ.exe
  2⤵
  PID:6160
- C:\Windows\System\VXarNQV.exe
  C:\Windows\System\VXarNQV.exe
  2⤵
  PID:2980
- C:\Windows\System\UaFzZYz.exe
  C:\Windows\System\UaFzZYz.exe
  2⤵
  PID:5976
- C:\Windows\System\ddEhgUU.exe
  C:\Windows\System\ddEhgUU.exe
  2⤵
  PID:7192
- C:\Windows\System\qILuQTy.exe
  C:\Windows\System\qILuQTy.exe
  2⤵
  PID:7208
- C:\Windows\System\EPRJABz.exe
  C:\Windows\System\EPRJABz.exe
  2⤵
  PID:7228
- C:\Windows\System\tXfCjNs.exe
  C:\Windows\System\tXfCjNs.exe
  2⤵
  PID:7244
- C:\Windows\System\UUKdJKn.exe
  C:\Windows\System\UUKdJKn.exe
  2⤵
  PID:7264
- C:\Windows\System\azDdtRB.exe
  C:\Windows\System\azDdtRB.exe
  2⤵
  PID:7284
- C:\Windows\System\LunfZxO.exe
  C:\Windows\System\LunfZxO.exe
  2⤵
  PID:7336
- C:\Windows\System\hWRFTpu.exe
  C:\Windows\System\hWRFTpu.exe
  2⤵
  PID:7416
- C:\Windows\System\lyimpdi.exe
  C:\Windows\System\lyimpdi.exe
  2⤵
  PID:7436
- C:\Windows\System\qFQvMtF.exe
  C:\Windows\System\qFQvMtF.exe
  2⤵
  PID:7456
- C:\Windows\System\HsogRgP.exe
  C:\Windows\System\HsogRgP.exe
  2⤵
  PID:7488
- C:\Windows\System\HOQFEep.exe
  C:\Windows\System\HOQFEep.exe
  2⤵
  PID:7504
- C:\Windows\System\zoRWWNg.exe
  C:\Windows\System\zoRWWNg.exe
  2⤵
  PID:7520
- C:\Windows\System\wttIsgG.exe
  C:\Windows\System\wttIsgG.exe
  2⤵
  PID:7536
- C:\Windows\System\XcrhsIy.exe
  C:\Windows\System\XcrhsIy.exe
  2⤵
  PID:7552
- C:\Windows\System\yaqoVff.exe
  C:\Windows\System\yaqoVff.exe
  2⤵
  PID:7568
- C:\Windows\System\FqQBJWg.exe
  C:\Windows\System\FqQBJWg.exe
  2⤵
  PID:7584
- C:\Windows\System\DCjypkJ.exe
  C:\Windows\System\DCjypkJ.exe
  2⤵
  PID:7600
- C:\Windows\System\bCCPBpd.exe
  C:\Windows\System\bCCPBpd.exe
  2⤵
  PID:7616
- C:\Windows\System\DtcgDvJ.exe
  C:\Windows\System\DtcgDvJ.exe
  2⤵
  PID:7632
- C:\Windows\System\qJpoLur.exe
  C:\Windows\System\qJpoLur.exe
  2⤵
  PID:7692
- C:\Windows\System\fjlMUfi.exe
  C:\Windows\System\fjlMUfi.exe
  2⤵
  PID:7708
- C:\Windows\System\rliDdRJ.exe
  C:\Windows\System\rliDdRJ.exe
  2⤵
  PID:7724
- C:\Windows\System\jVHxqAJ.exe
  C:\Windows\System\jVHxqAJ.exe
  2⤵
  PID:7740
- C:\Windows\System\FDlVCwn.exe
  C:\Windows\System\FDlVCwn.exe
  2⤵
  PID:7764
- C:\Windows\System\YrUKgZv.exe
  C:\Windows\System\YrUKgZv.exe
  2⤵
  PID:7780
- C:\Windows\System\WcBEeqZ.exe
  C:\Windows\System\WcBEeqZ.exe
  2⤵
  PID:7800
- C:\Windows\System\PecMsSx.exe
  C:\Windows\System\PecMsSx.exe
  2⤵
  PID:7816
- C:\Windows\System\XALiDEc.exe
  C:\Windows\System\XALiDEc.exe
  2⤵
  PID:7844
- C:\Windows\System\Dzcnphz.exe
  C:\Windows\System\Dzcnphz.exe
  2⤵
  PID:7868
- C:\Windows\System\GiDLARc.exe
  C:\Windows\System\GiDLARc.exe
  2⤵
  PID:7888
- C:\Windows\System\JGvBaCq.exe
  C:\Windows\System\JGvBaCq.exe
  2⤵
  PID:7904
- C:\Windows\System\LkNlDoy.exe
  C:\Windows\System\LkNlDoy.exe
  2⤵
  PID:7924
- C:\Windows\System\gYEPzft.exe
  C:\Windows\System\gYEPzft.exe
  2⤵
  PID:7940
- C:\Windows\System\ILrsrOp.exe
  C:\Windows\System\ILrsrOp.exe
  2⤵
  PID:8008
- C:\Windows\System\UFdSKQQ.exe
  C:\Windows\System\UFdSKQQ.exe
  2⤵
  PID:8036
- C:\Windows\System\fdwYNJD.exe
  C:\Windows\System\fdwYNJD.exe
  2⤵
  PID:8064
- C:\Windows\System\bjfUtVG.exe
  C:\Windows\System\bjfUtVG.exe
  2⤵
  PID:8080
- C:\Windows\System\yBJOZXO.exe
  C:\Windows\System\yBJOZXO.exe
  2⤵
  PID:8104
- C:\Windows\System\yPMpLkj.exe
  C:\Windows\System\yPMpLkj.exe
  2⤵
  PID:8120
- C:\Windows\System\RraVEtm.exe
  C:\Windows\System\RraVEtm.exe
  2⤵
  PID:8140
- C:\Windows\System\oIqyQJy.exe
  C:\Windows\System\oIqyQJy.exe
  2⤵
  PID:8156
- C:\Windows\System\cgaPBtT.exe
  C:\Windows\System\cgaPBtT.exe
  2⤵
  PID:8172
- C:\Windows\System\ZDPigBx.exe
  C:\Windows\System\ZDPigBx.exe
  2⤵
  PID:6660
- C:\Windows\System\nIMsEUZ.exe
  C:\Windows\System\nIMsEUZ.exe
  2⤵
  PID:5704
- C:\Windows\System\GwuuvlK.exe
  C:\Windows\System\GwuuvlK.exe
  2⤵
  PID:7204
- C:\Windows\System\prngkIf.exe
  C:\Windows\System\prngkIf.exe
  2⤵
  PID:7276
- C:\Windows\System\OVvShPs.exe
  C:\Windows\System\OVvShPs.exe
  2⤵
  PID:6564
- C:\Windows\System\aQOfPYl.exe
  C:\Windows\System\aQOfPYl.exe
  2⤵
  PID:6580
- C:\Windows\System\FfOuMBx.exe
  C:\Windows\System\FfOuMBx.exe
  2⤵
  PID:7224
- C:\Windows\System\WrfgvjN.exe
  C:\Windows\System\WrfgvjN.exe
  2⤵
  PID:984
- C:\Windows\System\xNSlJwc.exe
  C:\Windows\System\xNSlJwc.exe
  2⤵
  PID:2744
- C:\Windows\System\IlmryQA.exe
  C:\Windows\System\IlmryQA.exe
  2⤵
  PID:2764
- C:\Windows\System\WUIfKzo.exe
  C:\Windows\System\WUIfKzo.exe
  2⤵
  PID:2360
- C:\Windows\System\FzdIMGE.exe
  C:\Windows\System\FzdIMGE.exe
  2⤵
  PID:580
- C:\Windows\System\lwuSntI.exe
  C:\Windows\System\lwuSntI.exe
  2⤵
  PID:2252
- C:\Windows\System\sRKRAIu.exe
  C:\Windows\System\sRKRAIu.exe
  2⤵
  PID:2696
- C:\Windows\System\rvtuEYy.exe
  C:\Windows\System\rvtuEYy.exe
  2⤵
  PID:2440
- C:\Windows\System\SDGLmpC.exe
  C:\Windows\System\SDGLmpC.exe
  2⤵
  PID:1236
- C:\Windows\System\UzrcwAT.exe
  C:\Windows\System\UzrcwAT.exe
  2⤵
  PID:7468
- C:\Windows\System\VYzaKip.exe
  C:\Windows\System\VYzaKip.exe
  2⤵
  PID:7484
- C:\Windows\System\EfSljeK.exe
  C:\Windows\System\EfSljeK.exe
  2⤵
  PID:7544
- C:\Windows\System\MkhhNnS.exe
  C:\Windows\System\MkhhNnS.exe
  2⤵
  PID:7608
- C:\Windows\System\kaOLUjr.exe
  C:\Windows\System\kaOLUjr.exe
  2⤵
  PID:7452
- C:\Windows\System\QxWSSZI.exe
  C:\Windows\System\QxWSSZI.exe
  2⤵
  PID:7628
- C:\Windows\System\CPkAvSD.exe
  C:\Windows\System\CPkAvSD.exe
  2⤵
  PID:7668
- C:\Windows\System\dpaDYXp.exe
  C:\Windows\System\dpaDYXp.exe
  2⤵
  PID:2716
- C:\Windows\System\VkkfGVC.exe
  C:\Windows\System\VkkfGVC.exe
  2⤵
  PID:7704
- C:\Windows\System\FcBYZzC.exe
  C:\Windows\System\FcBYZzC.exe
  2⤵
  PID:7776
- C:\Windows\System\FaOvBul.exe
  C:\Windows\System\FaOvBul.exe
  2⤵
  PID:7852
- C:\Windows\System\jyTlmuK.exe
  C:\Windows\System\jyTlmuK.exe
  2⤵
  PID:2356
- C:\Windows\System\HPLhQdQ.exe
  C:\Windows\System\HPLhQdQ.exe
  2⤵
  PID:7720
- C:\Windows\System\ZfZGjSh.exe
  C:\Windows\System\ZfZGjSh.exe
  2⤵
  PID:7792
- C:\Windows\System\TIswtoY.exe
  C:\Windows\System\TIswtoY.exe
  2⤵
  PID:7832
- C:\Windows\System\uRZYrJT.exe
  C:\Windows\System\uRZYrJT.exe
  2⤵
  PID:7936
- C:\Windows\System\ASNQlJh.exe
  C:\Windows\System\ASNQlJh.exe
  2⤵
  PID:7912
- C:\Windows\System\ehBluCH.exe
  C:\Windows\System\ehBluCH.exe
  2⤵
  PID:2888
- C:\Windows\System\ZyexzXb.exe
  C:\Windows\System\ZyexzXb.exe
  2⤵
  PID:2432
- C:\Windows\System\XQOIFwH.exe
  C:\Windows\System\XQOIFwH.exe
  2⤵
  PID:2928
- C:\Windows\System\VLLaxFn.exe
  C:\Windows\System\VLLaxFn.exe
  2⤵
  PID:7984
- C:\Windows\System\AFefjMY.exe
  C:\Windows\System\AFefjMY.exe
  2⤵
  PID:2268
- C:\Windows\System\NWnchDn.exe
  C:\Windows\System\NWnchDn.exe
  2⤵
  PID:7996
- C:\Windows\System\olHQjHU.exe
  C:\Windows\System\olHQjHU.exe
  2⤵
  PID:8032
- C:\Windows\System\DYMnHsu.exe
  C:\Windows\System\DYMnHsu.exe
  2⤵
  PID:8052
- C:\Windows\System\OlbeLGi.exe
  C:\Windows\System\OlbeLGi.exe
  2⤵
  PID:8096
- C:\Windows\System\PhwLZWv.exe
  C:\Windows\System\PhwLZWv.exe
  2⤵
  PID:8100
- C:\Windows\System\eiohenw.exe
  C:\Windows\System\eiohenw.exe
  2⤵
  PID:8152
- C:\Windows\System\cCuXamG.exe
  C:\Windows\System\cCuXamG.exe
  2⤵
  PID:7200
- C:\Windows\System\GYNTmIj.exe
  C:\Windows\System\GYNTmIj.exe
  2⤵
  PID:8128
- C:\Windows\System\YNYYXFf.exe
  C:\Windows\System\YNYYXFf.exe
  2⤵
  PID:7272
- C:\Windows\System\BJxrxep.exe
  C:\Windows\System\BJxrxep.exe
  2⤵
  PID:8168
- C:\Windows\System\jUsvepA.exe
  C:\Windows\System\jUsvepA.exe
  2⤵
  PID:2504
- C:\Windows\System\kKkCEpv.exe
  C:\Windows\System\kKkCEpv.exe
  2⤵
  PID:7292
- C:\Windows\System\ZoyChak.exe
  C:\Windows\System\ZoyChak.exe
  2⤵
  PID:1580
- C:\Windows\System\dSkpsgY.exe
  C:\Windows\System\dSkpsgY.exe
  2⤵
  PID:7408
- C:\Windows\System\roZAXIg.exe
  C:\Windows\System\roZAXIg.exe
  2⤵
  PID:7532
- C:\Windows\System\IIxvsmk.exe
  C:\Windows\System\IIxvsmk.exe
  2⤵
  PID:7576
- C:\Windows\System\InnfvwN.exe
  C:\Windows\System\InnfvwN.exe
  2⤵
  PID:1804
- C:\Windows\System\tRmHkCX.exe
  C:\Windows\System\tRmHkCX.exe
  2⤵
  PID:7624
- C:\Windows\System\HNrHBxk.exe
  C:\Windows\System\HNrHBxk.exe
  2⤵
  PID:7900
- C:\Windows\System\ZfQmECX.exe
  C:\Windows\System\ZfQmECX.exe
  2⤵
  PID:7896
- C:\Windows\System\xmEmSkE.exe
  C:\Windows\System\xmEmSkE.exe
  2⤵
  PID:7828
- C:\Windows\System\YucBsSO.exe
  C:\Windows\System\YucBsSO.exe
  2⤵
  PID:7952
- C:\Windows\System\wNsKltZ.exe
  C:\Windows\System\wNsKltZ.exe
  2⤵
  PID:8004
- C:\Windows\System\tusbgFB.exe
  C:\Windows\System\tusbgFB.exe
  2⤵
  PID:8180
- C:\Windows\System\vuVfbvS.exe
  C:\Windows\System\vuVfbvS.exe
  2⤵
  PID:8184
- C:\Windows\System\wUHCKBI.exe
  C:\Windows\System\wUHCKBI.exe
  2⤵
  PID:7240
- C:\Windows\System\zsIWPnC.exe
  C:\Windows\System\zsIWPnC.exe
  2⤵
  PID:8164
- C:\Windows\System\qFSxZjH.exe
  C:\Windows\System\qFSxZjH.exe
  2⤵
  PID:7180
- C:\Windows\System\sjqlvij.exe
  C:\Windows\System\sjqlvij.exe
  2⤵
  PID:7260
- C:\Windows\System\EWLbOZG.exe
  C:\Windows\System\EWLbOZG.exe
  2⤵
  PID:2852
- C:\Windows\System\AwMHHAx.exe
  C:\Windows\System\AwMHHAx.exe
  2⤵
  PID:2728
- C:\Windows\System\YeqelOA.exe
  C:\Windows\System\YeqelOA.exe
  2⤵
  PID:2024
- C:\Windows\System\SvlthFe.exe
  C:\Windows\System\SvlthFe.exe
  2⤵
  PID:7528
- C:\Windows\System\LznfWvT.exe
  C:\Windows\System\LznfWvT.exe
  2⤵
  PID:7812
- C:\Windows\System\gsQUOaw.exe
  C:\Windows\System\gsQUOaw.exe
  2⤵
  PID:324
- C:\Windows\System\OPswNLw.exe
  C:\Windows\System\OPswNLw.exe
  2⤵
  PID:7880
- C:\Windows\System\wiIlXvX.exe
  C:\Windows\System\wiIlXvX.exe
  2⤵
  PID:7992
- C:\Windows\System\aOioryq.exe
  C:\Windows\System\aOioryq.exe
  2⤵
  PID:1192
- C:\Windows\System\SWDBEEc.exe
  C:\Windows\System\SWDBEEc.exe
  2⤵
  PID:8112
- C:\Windows\System\eMxBXOa.exe
  C:\Windows\System\eMxBXOa.exe
  2⤵
  PID:7988
- C:\Windows\System\EfSQyTL.exe
  C:\Windows\System\EfSQyTL.exe
  2⤵
  PID:1064
- C:\Windows\System\GbdYQIP.exe
  C:\Windows\System\GbdYQIP.exe
  2⤵
  PID:1948
- C:\Windows\System\ReLRTKw.exe
  C:\Windows\System\ReLRTKw.exe
  2⤵
  PID:7980
- C:\Windows\System\dWaOkAb.exe
  C:\Windows\System\dWaOkAb.exe
  2⤵
  PID:5288
- C:\Windows\System\zWLaGaY.exe
  C:\Windows\System\zWLaGaY.exe
  2⤵
  PID:7220
- C:\Windows\System\ywzTtET.exe
  C:\Windows\System\ywzTtET.exe
  2⤵
  PID:7512
- C:\Windows\System\frMFUFp.exe
  C:\Windows\System\frMFUFp.exe
  2⤵
  PID:7500
- C:\Windows\System\ccDsizY.exe
  C:\Windows\System\ccDsizY.exe
  2⤵
  PID:7580
- C:\Windows\System\mPhQXEb.exe
  C:\Windows\System\mPhQXEb.exe
  2⤵
  PID:7640
- C:\Windows\System\ywPDmNS.exe
  C:\Windows\System\ywPDmNS.exe
  2⤵
  PID:7864
- C:\Windows\System\mjbReGM.exe
  C:\Windows\System\mjbReGM.exe
  2⤵
  PID:7932
- C:\Windows\System\QddqiPv.exe
  C:\Windows\System\QddqiPv.exe
  2⤵
  PID:7216
- C:\Windows\System\ZRIBKFW.exe
  C:\Windows\System\ZRIBKFW.exe
  2⤵
  PID:8056
- C:\Windows\System\lhFTvQW.exe
  C:\Windows\System\lhFTvQW.exe
  2⤵
  PID:7480
- C:\Windows\System\heITfIV.exe
  C:\Windows\System\heITfIV.exe
  2⤵
  PID:1384
- C:\Windows\System\yrHWphw.exe
  C:\Windows\System\yrHWphw.exe
  2⤵
  PID:7948
- C:\Windows\System\wNjUThZ.exe
  C:\Windows\System\wNjUThZ.exe
  2⤵
  PID:8028
- C:\Windows\System\UHBizJi.exe
  C:\Windows\System\UHBizJi.exe
  2⤵
  PID:8208
- C:\Windows\System\zFiiOFL.exe
  C:\Windows\System\zFiiOFL.exe
  2⤵
  PID:8224
- C:\Windows\System\WOGTrjU.exe
  C:\Windows\System\WOGTrjU.exe
  2⤵
  PID:8240
- C:\Windows\System\rDdiBfD.exe
  C:\Windows\System\rDdiBfD.exe
  2⤵
  PID:8256
- C:\Windows\System\xTsHSuh.exe
  C:\Windows\System\xTsHSuh.exe
  2⤵
  PID:8276
- C:\Windows\System\BgUKxad.exe
  C:\Windows\System\BgUKxad.exe
  2⤵
  PID:8292
- C:\Windows\System\dzWeAzF.exe
  C:\Windows\System\dzWeAzF.exe
  2⤵
  PID:8312
- C:\Windows\System\FTgLnAH.exe
  C:\Windows\System\FTgLnAH.exe
  2⤵
  PID:8340
- C:\Windows\System\CNdAidK.exe
  C:\Windows\System\CNdAidK.exe
  2⤵
  PID:8364
- C:\Windows\System\deDCgrB.exe
  C:\Windows\System\deDCgrB.exe
  2⤵
  PID:8380
- C:\Windows\System\GnymsBX.exe
  C:\Windows\System\GnymsBX.exe
  2⤵
  PID:8396
- C:\Windows\System\HORCKCE.exe
  C:\Windows\System\HORCKCE.exe
  2⤵
  PID:8412
- C:\Windows\System\sLRPTBz.exe
  C:\Windows\System\sLRPTBz.exe
  2⤵
  PID:8428
- C:\Windows\System\lUyntbZ.exe
  C:\Windows\System\lUyntbZ.exe
  2⤵
  PID:8448
- C:\Windows\System\JgjOKYn.exe
  C:\Windows\System\JgjOKYn.exe
  2⤵
  PID:8464
- C:\Windows\System\PsJdAHW.exe
  C:\Windows\System\PsJdAHW.exe
  2⤵
  PID:8480
- C:\Windows\System\HItnKgb.exe
  C:\Windows\System\HItnKgb.exe
  2⤵
  PID:8496
- C:\Windows\System\etvyvKN.exe
  C:\Windows\System\etvyvKN.exe
  2⤵
  PID:8516
- C:\Windows\System\JhtfftZ.exe
  C:\Windows\System\JhtfftZ.exe
  2⤵
  PID:8536
- C:\Windows\System\wMmpqJG.exe
  C:\Windows\System\wMmpqJG.exe
  2⤵
  PID:8552
- C:\Windows\System\pmDfIRo.exe
  C:\Windows\System\pmDfIRo.exe
  2⤵
  PID:8568
- C:\Windows\System\AQjNWyb.exe
  C:\Windows\System\AQjNWyb.exe
  2⤵
  PID:8584
- C:\Windows\System\kPvVFkb.exe
  C:\Windows\System\kPvVFkb.exe
  2⤵
  PID:8600
- C:\Windows\System\vMKMoTt.exe
  C:\Windows\System\vMKMoTt.exe
  2⤵
  PID:8616
- C:\Windows\System\ZBeMvVv.exe
  C:\Windows\System\ZBeMvVv.exe
  2⤵
  PID:8632
- C:\Windows\System\vAoaoGk.exe
  C:\Windows\System\vAoaoGk.exe
  2⤵
  PID:8648
- C:\Windows\System\bbongqS.exe
  C:\Windows\System\bbongqS.exe
  2⤵
  PID:8664
- C:\Windows\System\UIffebk.exe
  C:\Windows\System\UIffebk.exe
  2⤵
  PID:8684
- C:\Windows\System\qiSFjjm.exe
  C:\Windows\System\qiSFjjm.exe
  2⤵
  PID:8704
- C:\Windows\System\BkEqtGY.exe
  C:\Windows\System\BkEqtGY.exe
  2⤵
  PID:8720
- C:\Windows\System\UYRNsCA.exe
  C:\Windows\System\UYRNsCA.exe
  2⤵
  PID:8736
- C:\Windows\System\yhaWIcU.exe
  C:\Windows\System\yhaWIcU.exe
  2⤵
  PID:8752
- C:\Windows\System\MwIDxVw.exe
  C:\Windows\System\MwIDxVw.exe
  2⤵
  PID:8768
- C:\Windows\System\vlHnKFI.exe
  C:\Windows\System\vlHnKFI.exe
  2⤵
  PID:8784
- C:\Windows\System\esygHls.exe
  C:\Windows\System\esygHls.exe
  2⤵
  PID:8800
- C:\Windows\System\bdhgANI.exe
  C:\Windows\System\bdhgANI.exe
  2⤵
  PID:8816
- C:\Windows\System\JhWqqbO.exe
  C:\Windows\System\JhWqqbO.exe
  2⤵
  PID:8832
- C:\Windows\System\xYaKnJk.exe
  C:\Windows\System\xYaKnJk.exe
  2⤵
  PID:8848
- C:\Windows\System\nkEdeaf.exe
  C:\Windows\System\nkEdeaf.exe
  2⤵
  PID:8864
- C:\Windows\System\WtFOYQS.exe
  C:\Windows\System\WtFOYQS.exe
  2⤵
  PID:8884
- C:\Windows\System\EMSMTmI.exe
  C:\Windows\System\EMSMTmI.exe
  2⤵
  PID:8912
- C:\Windows\System\pSEcWNQ.exe
  C:\Windows\System\pSEcWNQ.exe
  2⤵
  PID:9112
- C:\Windows\System\vbbUdOu.exe
  C:\Windows\System\vbbUdOu.exe
  2⤵
  PID:9128
- C:\Windows\System\EyrwETa.exe
  C:\Windows\System\EyrwETa.exe
  2⤵
  PID:9148
- C:\Windows\System\YkWgOTC.exe
  C:\Windows\System\YkWgOTC.exe
  2⤵
  PID:9164
- C:\Windows\System\GkWNbKv.exe
  C:\Windows\System\GkWNbKv.exe
  2⤵
  PID:9184
- C:\Windows\System\KiTBcaD.exe
  C:\Windows\System\KiTBcaD.exe
  2⤵
  PID:9200
- C:\Windows\System\IofbFJj.exe
  C:\Windows\System\IofbFJj.exe
  2⤵
  PID:1828
- C:\Windows\System\aQOYviC.exe
  C:\Windows\System\aQOYviC.exe
  2⤵
  PID:2592
- C:\Windows\System\YtZiqtU.exe
  C:\Windows\System\YtZiqtU.exe
  2⤵
  PID:1248
- C:\Windows\System\qupokqo.exe
  C:\Windows\System\qupokqo.exe
  2⤵
  PID:8220
- C:\Windows\System\wgmLgLy.exe
  C:\Windows\System\wgmLgLy.exe
  2⤵
  PID:8284
- C:\Windows\System\dkIVJlR.exe
  C:\Windows\System\dkIVJlR.exe
  2⤵
  PID:8324
- C:\Windows\System\GWvUefC.exe
  C:\Windows\System\GWvUefC.exe
  2⤵
  PID:7752
- C:\Windows\System\SHqmbaF.exe
  C:\Windows\System\SHqmbaF.exe
  2⤵
  PID:8308
- C:\Windows\System\RZPupNe.exe
  C:\Windows\System\RZPupNe.exe
  2⤵
  PID:8272
- C:\Windows\System\yYdOaKu.exe
  C:\Windows\System\yYdOaKu.exe
  2⤵
  PID:8268
- C:\Windows\System\RKRolBO.exe
  C:\Windows\System\RKRolBO.exe
  2⤵
  PID:8408
- C:\Windows\System\UvdyRLg.exe
  C:\Windows\System\UvdyRLg.exe
  2⤵
  PID:8472
- C:\Windows\System\DiNGhxs.exe
  C:\Windows\System\DiNGhxs.exe
  2⤵
  PID:8504
- C:\Windows\System\QCiFzzK.exe
  C:\Windows\System\QCiFzzK.exe
  2⤵
  PID:8488
- C:\Windows\System\CejPPes.exe
  C:\Windows\System\CejPPes.exe
  2⤵
  PID:8456
- C:\Windows\System\dDLybwN.exe
  C:\Windows\System\dDLybwN.exe
  2⤵
  PID:8532
- C:\Windows\System\dyEuWSg.exe
  C:\Windows\System\dyEuWSg.exe
  2⤵
  PID:8612
- C:\Windows\System\KqzrVAH.exe
  C:\Windows\System\KqzrVAH.exe
  2⤵
  PID:8680
- C:\Windows\System\XHlZbDt.exe
  C:\Windows\System\XHlZbDt.exe
  2⤵
  PID:8592
- C:\Windows\System\BtAHqaf.exe
  C:\Windows\System\BtAHqaf.exe
  2⤵
  PID:8728
- C:\Windows\System\HPfoTwp.exe
  C:\Windows\System\HPfoTwp.exe
  2⤵
  PID:8692
- C:\Windows\System\QFMeXBv.exe
  C:\Windows\System\QFMeXBv.exe
  2⤵
  PID:8576
- C:\Windows\System\kHigASG.exe
  C:\Windows\System\kHigASG.exe
  2⤵
  PID:8776
- C:\Windows\System\fQFxmEC.exe
  C:\Windows\System\fQFxmEC.exe
  2⤵
  PID:8796
- C:\Windows\System\SaGZLpn.exe
  C:\Windows\System\SaGZLpn.exe
  2⤵
  PID:8892
- C:\Windows\System\bOLigiq.exe
  C:\Windows\System\bOLigiq.exe
  2⤵
  PID:8900
- C:\Windows\System\EbEpYDf.exe
  C:\Windows\System\EbEpYDf.exe
  2⤵
  PID:8876
- C:\Windows\System\FdVhYDK.exe
  C:\Windows\System\FdVhYDK.exe
  2⤵
  PID:7688
- C:\Windows\System\OSVVPjq.exe
  C:\Windows\System\OSVVPjq.exe
  2⤵
  PID:8932
- C:\Windows\System\LmhdLdS.exe
  C:\Windows\System\LmhdLdS.exe
  2⤵
  PID:8956
- C:\Windows\System\djrRljL.exe
  C:\Windows\System\djrRljL.exe
  2⤵
  PID:8988
- C:\Windows\System\FssAiuc.exe
  C:\Windows\System\FssAiuc.exe
  2⤵
  PID:8972
- C:\Windows\System\VYzXugf.exe
  C:\Windows\System\VYzXugf.exe
  2⤵
  PID:9016
- C:\Windows\System\EzFygeU.exe
  C:\Windows\System\EzFygeU.exe
  2⤵
  PID:9004
- C:\Windows\System\lhwtjfu.exe
  C:\Windows\System\lhwtjfu.exe
  2⤵
  PID:9040
- C:\Windows\System\xBbSjwV.exe
  C:\Windows\System\xBbSjwV.exe
  2⤵
  PID:9056
- C:\Windows\System\mEgISYJ.exe
  C:\Windows\System\mEgISYJ.exe
  2⤵
  PID:9072
- C:\Windows\System\rhSCvHE.exe
  C:\Windows\System\rhSCvHE.exe
  2⤵
  PID:9144
- C:\Windows\System\ZReonfS.exe
  C:\Windows\System\ZReonfS.exe
  2⤵
  PID:1540
- C:\Windows\System\ItkbBEP.exe
  C:\Windows\System\ItkbBEP.exe
  2⤵
  PID:8248
- C:\Windows\System\vmOzvpf.exe
  C:\Windows\System\vmOzvpf.exe
  2⤵
  PID:7396
- C:\Windows\System\VeOwQoW.exe
  C:\Windows\System\VeOwQoW.exe
  2⤵
  PID:8264
- C:\Windows\System\ZHLYzdt.exe
  C:\Windows\System\ZHLYzdt.exe
  2⤵
  PID:8352
- C:\Windows\System\krEqmBg.exe
  C:\Windows\System\krEqmBg.exe
  2⤵
  PID:8356
- C:\Windows\System\ViFxhzD.exe
  C:\Windows\System\ViFxhzD.exe
  2⤵
  PID:8204
- C:\Windows\System\zeeZhZm.exe
  C:\Windows\System\zeeZhZm.exe
  2⤵
  PID:8548
- C:\Windows\System\HcJnShv.exe
  C:\Windows\System\HcJnShv.exe
  2⤵
  PID:8564
- C:\Windows\System\DdwEvMF.exe
  C:\Windows\System\DdwEvMF.exe
  2⤵
  PID:8780
- C:\Windows\System\QFOvqoZ.exe
  C:\Windows\System\QFOvqoZ.exe
  2⤵
  PID:8872
- C:\Windows\System\YeyqyEH.exe
  C:\Windows\System\YeyqyEH.exe
  2⤵
  PID:8924
- C:\Windows\System\YplkVZq.exe
  C:\Windows\System\YplkVZq.exe
  2⤵
  PID:9008
- C:\Windows\System\hzJpmGy.exe
  C:\Windows\System\hzJpmGy.exe
  2⤵
  PID:1156
- C:\Windows\System\UjKAchm.exe
  C:\Windows\System\UjKAchm.exe
  2⤵
  PID:8908
- C:\Windows\System\fioarSz.exe
  C:\Windows\System\fioarSz.exe
  2⤵
  PID:9052
- C:\Windows\System\thAEEFi.exe
  C:\Windows\System\thAEEFi.exe
  2⤵
  PID:9088
- C:\Windows\System\BEYMffO.exe
  C:\Windows\System\BEYMffO.exe
  2⤵
  PID:9212
- C:\Windows\System\PhRhorh.exe
  C:\Windows\System\PhRhorh.exe
  2⤵
  PID:7860
- C:\Windows\System\pSXCxko.exe
  C:\Windows\System\pSXCxko.exe
  2⤵
  PID:9156
- C:\Windows\System\XnnHSRR.exe
  C:\Windows\System\XnnHSRR.exe
  2⤵
  PID:7968
- C:\Windows\System\AkXJYsL.exe
  C:\Windows\System\AkXJYsL.exe
  2⤵
  PID:8132
- C:\Windows\System\xeInotK.exe
  C:\Windows\System\xeInotK.exe
  2⤵
  PID:8300
- C:\Windows\System\AVRsktq.exe
  C:\Windows\System\AVRsktq.exe
  2⤵
  PID:8444
- C:\Windows\System\GQJkEos.exe
  C:\Windows\System\GQJkEos.exe
  2⤵
  PID:8252
- C:\Windows\System\jqDeSqc.exe
  C:\Windows\System\jqDeSqc.exe
  2⤵
  PID:8460
- C:\Windows\System\ZnNVSCS.exe
  C:\Windows\System\ZnNVSCS.exe
  2⤵
  PID:8644
- C:\Windows\System\GWLmkwF.exe
  C:\Windows\System\GWLmkwF.exe
  2⤵
  PID:8828
- C:\Windows\System\Niezcxu.exe
  C:\Windows\System\Niezcxu.exe
  2⤵
  PID:8844
- C:\Windows\System\WPVJdvE.exe
  C:\Windows\System\WPVJdvE.exe
  2⤵
  PID:8904
- C:\Windows\System\ixIIaNZ.exe
  C:\Windows\System\ixIIaNZ.exe
  2⤵
  PID:8980
- C:\Windows\System\uOssEEQ.exe
  C:\Windows\System\uOssEEQ.exe
  2⤵
  PID:9080
- C:\Windows\System\JVeKyvW.exe
  C:\Windows\System\JVeKyvW.exe
  2⤵
  PID:9084
- C:\Windows\System\CYcIjSj.exe
  C:\Windows\System\CYcIjSj.exe
  2⤵
  PID:9172
- C:\Windows\System\UbFfRxf.exe
  C:\Windows\System\UbFfRxf.exe
  2⤵
  PID:7296
- C:\Windows\System\aGoqceY.exe
  C:\Windows\System\aGoqceY.exe
  2⤵
  PID:2212
- C:\Windows\System\urNKwcF.exe
  C:\Windows\System\urNKwcF.exe
  2⤵
  PID:8320
- C:\Windows\System\PiKsyNe.exe
  C:\Windows\System\PiKsyNe.exe
  2⤵
  PID:1424
- C:\Windows\System\absApKW.exe
  C:\Windows\System\absApKW.exe
  2⤵
  PID:8856
- C:\Windows\System\RjRjbQP.exe
  C:\Windows\System\RjRjbQP.exe
  2⤵
  PID:8996
- C:\Windows\System\zreWOvm.exe
  C:\Windows\System\zreWOvm.exe
  2⤵
  PID:7412
- C:\Windows\System\SBhigpp.exe
  C:\Windows\System\SBhigpp.exe
  2⤵
  PID:9104
- C:\Windows\System\FhFmDOL.exe
  C:\Windows\System\FhFmDOL.exe
  2⤵
  PID:8336
- C:\Windows\System\nqRBtXL.exe
  C:\Windows\System\nqRBtXL.exe
  2⤵
  PID:8024
- C:\Windows\System\hVqIXFn.exe
  C:\Windows\System\hVqIXFn.exe
  2⤵
  PID:8424
- C:\Windows\System\oiChrtR.exe
  C:\Windows\System\oiChrtR.exe
  2⤵
  PID:8660
- C:\Windows\System\FJsBxnn.exe
  C:\Windows\System\FJsBxnn.exe
  2⤵
  PID:8948
- C:\Windows\System\GKjtbJy.exe
  C:\Windows\System\GKjtbJy.exe
  2⤵
  PID:9176
- C:\Windows\System\inslENJ.exe
  C:\Windows\System\inslENJ.exe
  2⤵
  PID:9032
- C:\Windows\System\TUPpntg.exe
  C:\Windows\System\TUPpntg.exe
  2⤵
  PID:7380
- C:\Windows\System\dGxykhV.exe
  C:\Windows\System\dGxykhV.exe
  2⤵
  PID:9100
- C:\Windows\System\DNCamVx.exe
  C:\Windows\System\DNCamVx.exe
  2⤵
  PID:9232
- C:\Windows\System\xoAlbTb.exe
  C:\Windows\System\xoAlbTb.exe
  2⤵
  PID:9252
- C:\Windows\System\ktdJpoZ.exe
  C:\Windows\System\ktdJpoZ.exe
  2⤵
  PID:9268
- C:\Windows\System\OeIMjtI.exe
  C:\Windows\System\OeIMjtI.exe
  2⤵
  PID:9292
- C:\Windows\System\vhnDzRb.exe
  C:\Windows\System\vhnDzRb.exe
  2⤵
  PID:9312
- C:\Windows\System\VvAxKOn.exe
  C:\Windows\System\VvAxKOn.exe
  2⤵
  PID:9328
- C:\Windows\System\XqnOtVa.exe
  C:\Windows\System\XqnOtVa.exe
  2⤵
  PID:9348
- C:\Windows\System\bJZIZVb.exe
  C:\Windows\System\bJZIZVb.exe
  2⤵
  PID:9364
- C:\Windows\System\yziPgnw.exe
  C:\Windows\System\yziPgnw.exe
  2⤵
  PID:9384
- C:\Windows\System\voocAig.exe
  C:\Windows\System\voocAig.exe
  2⤵
  PID:9400
- C:\Windows\System\AORotjE.exe
  C:\Windows\System\AORotjE.exe
  2⤵
  PID:9416
- C:\Windows\System\dfSElFI.exe
  C:\Windows\System\dfSElFI.exe
  2⤵
  PID:9432
- C:\Windows\System\ibWUHSh.exe
  C:\Windows\System\ibWUHSh.exe
  2⤵
  PID:9452
- C:\Windows\System\lDCFSPj.exe
  C:\Windows\System\lDCFSPj.exe
  2⤵
  PID:9468
- C:\Windows\System\rSnZhFr.exe
  C:\Windows\System\rSnZhFr.exe
  2⤵
  PID:9496
- C:\Windows\System\BpjZsLr.exe
  C:\Windows\System\BpjZsLr.exe
  2⤵
  PID:9512
- C:\Windows\System\gkDFyJM.exe
  C:\Windows\System\gkDFyJM.exe
  2⤵
  PID:9532
- C:\Windows\System\YUZWWZn.exe
  C:\Windows\System\YUZWWZn.exe
  2⤵
  PID:9548
- C:\Windows\System\pRxDFbY.exe
  C:\Windows\System\pRxDFbY.exe
  2⤵
  PID:9564
- C:\Windows\System\LKWLJpg.exe
  C:\Windows\System\LKWLJpg.exe
  2⤵
  PID:9584
- C:\Windows\System\dQtmPAQ.exe
  C:\Windows\System\dQtmPAQ.exe
  2⤵
  PID:9600
- C:\Windows\System\DZmDtMU.exe
  C:\Windows\System\DZmDtMU.exe
  2⤵
  PID:9620
- C:\Windows\System\tRiaKLy.exe
  C:\Windows\System\tRiaKLy.exe
  2⤵
  PID:9640
- C:\Windows\System\WSsiabt.exe
  C:\Windows\System\WSsiabt.exe
  2⤵
  PID:9656
- C:\Windows\System\TUUskhk.exe
  C:\Windows\System\TUUskhk.exe
  2⤵
  PID:9680
- C:\Windows\System\noihPOJ.exe
  C:\Windows\System\noihPOJ.exe
  2⤵
  PID:9696
- C:\Windows\System\fwKwYvI.exe
  C:\Windows\System\fwKwYvI.exe
  2⤵
  PID:9712
- C:\Windows\System\SviDXWA.exe
  C:\Windows\System\SviDXWA.exe
  2⤵
  PID:9728
- C:\Windows\System\XjVRjLc.exe
  C:\Windows\System\XjVRjLc.exe
  2⤵
  PID:9748
- C:\Windows\System\iHqfDUL.exe
  C:\Windows\System\iHqfDUL.exe
  2⤵
  PID:9772
- C:\Windows\System\TgjDwdP.exe
  C:\Windows\System\TgjDwdP.exe
  2⤵
  PID:9888
- C:\Windows\System\CJCGuIG.exe
  C:\Windows\System\CJCGuIG.exe
  2⤵
  PID:9908
- C:\Windows\System\eRILcee.exe
  C:\Windows\System\eRILcee.exe
  2⤵
  PID:9924
- C:\Windows\System\zTIONSv.exe
  C:\Windows\System\zTIONSv.exe
  2⤵
  PID:9940
- C:\Windows\System\RWHZwpL.exe
  C:\Windows\System\RWHZwpL.exe
  2⤵
  PID:9960
- C:\Windows\System\IBdyNID.exe
  C:\Windows\System\IBdyNID.exe
  2⤵
  PID:9976
- C:\Windows\System\hSCVFhW.exe
  C:\Windows\System\hSCVFhW.exe
  2⤵
  PID:9992
- C:\Windows\System\GkwxKkk.exe
  C:\Windows\System\GkwxKkk.exe
  2⤵
  PID:10012
- C:\Windows\System\yaVGLLW.exe
  C:\Windows\System\yaVGLLW.exe
  2⤵
  PID:10040
- C:\Windows\System\BiEUoKT.exe
  C:\Windows\System\BiEUoKT.exe
  2⤵
  PID:10064
- C:\Windows\System\hFcyHgt.exe
  C:\Windows\System\hFcyHgt.exe
  2⤵
  PID:10084
- C:\Windows\System\zrxAOCU.exe
  C:\Windows\System\zrxAOCU.exe
  2⤵
  PID:10100
- C:\Windows\System\pVqnsTa.exe
  C:\Windows\System\pVqnsTa.exe
  2⤵
  PID:10120
- C:\Windows\System\GxZSrwV.exe
  C:\Windows\System\GxZSrwV.exe
  2⤵
  PID:10136
- C:\Windows\System\osiGbLP.exe
  C:\Windows\System\osiGbLP.exe
  2⤵
  PID:10156
- C:\Windows\System\zOOqbnt.exe
  C:\Windows\System\zOOqbnt.exe
  2⤵
  PID:10180
- C:\Windows\System\fBtXzjm.exe
  C:\Windows\System\fBtXzjm.exe
  2⤵
  PID:10196
- C:\Windows\System\vbsWfIT.exe
  C:\Windows\System\vbsWfIT.exe
  2⤵
  PID:10232
- C:\Windows\System\xcXlDxZ.exe
  C:\Windows\System\xcXlDxZ.exe
  2⤵
  PID:9244
- C:\Windows\System\YUYkaBR.exe
  C:\Windows\System\YUYkaBR.exe
  2⤵
  PID:9276
- C:\Windows\System\qzXUwTk.exe
  C:\Windows\System\qzXUwTk.exe
  2⤵
  PID:9356
- C:\Windows\System\oLargYB.exe
  C:\Windows\System\oLargYB.exe
  2⤵
  PID:9424
- C:\Windows\System\YYUVvpp.exe
  C:\Windows\System\YYUVvpp.exe
  2⤵
  PID:9576
- C:\Windows\System\rZdCRsK.exe
  C:\Windows\System\rZdCRsK.exe
  2⤵
  PID:9616
- C:\Windows\System\gjrbNOn.exe
  C:\Windows\System\gjrbNOn.exe
  2⤵
  PID:9760
- C:\Windows\System\RFHBakM.exe
  C:\Windows\System\RFHBakM.exe
  2⤵
  PID:9228
- C:\Windows\System\QgYSaoV.exe
  C:\Windows\System\QgYSaoV.exe
  2⤵
  PID:9572
- C:\Windows\System\BZGbvYK.exe
  C:\Windows\System\BZGbvYK.exe
  2⤵
  PID:8304
- C:\Windows\System\GHdRBzm.exe
  C:\Windows\System\GHdRBzm.exe
  2⤵
  PID:9744
- C:\Windows\System\kcEiGyS.exe
  C:\Windows\System\kcEiGyS.exe
  2⤵
  PID:9896
- C:\Windows\System\cqtZXyG.exe
  C:\Windows\System\cqtZXyG.exe
  2⤵
  PID:9936
- C:\Windows\System\oTvnCQP.exe
  C:\Windows\System\oTvnCQP.exe
  2⤵
  PID:9968
- C:\Windows\System\pMAELYr.exe
  C:\Windows\System\pMAELYr.exe
  2⤵
  PID:10008
- C:\Windows\System\ZewkrUR.exe
  C:\Windows\System\ZewkrUR.exe
  2⤵
  PID:9556
- C:\Windows\System\QlOYTcG.exe
  C:\Windows\System\QlOYTcG.exe
  2⤵
  PID:8088
- C:\Windows\System\YzjEOtn.exe
  C:\Windows\System\YzjEOtn.exe
  2⤵
  PID:8116
- C:\Windows\System\XpKQMpu.exe
  C:\Windows\System\XpKQMpu.exe
  2⤵
  PID:9340
- C:\Windows\System\DhuzHpX.exe
  C:\Windows\System\DhuzHpX.exe
  2⤵
  PID:9480
- C:\Windows\System\NDsprTA.exe
  C:\Windows\System\NDsprTA.exe
  2⤵
  PID:9592
- C:\Windows\System\UIuDNYj.exe
  C:\Windows\System\UIuDNYj.exe
  2⤵
  PID:9676
- C:\Windows\System\rkltstF.exe
  C:\Windows\System\rkltstF.exe
  2⤵
  PID:9816
- C:\Windows\System\NnQXPMy.exe
  C:\Windows\System\NnQXPMy.exe
  2⤵
  PID:9984
- C:\Windows\System\vJceBba.exe
  C:\Windows\System\vJceBba.exe
  2⤵
  PID:9860
- C:\Windows\System\qmPjQNG.exe
  C:\Windows\System\qmPjQNG.exe
  2⤵
  PID:9948
- C:\Windows\System\cpsjBNO.exe
  C:\Windows\System\cpsjBNO.exe
  2⤵
  PID:10048
- C:\Windows\System\NFKzcjA.exe
  C:\Windows\System\NFKzcjA.exe
  2⤵
  PID:10036
- C:\Windows\System\zAiHRnn.exe
  C:\Windows\System\zAiHRnn.exe
  2⤵
  PID:10092
- C:\Windows\System\WqWomLL.exe
  C:\Windows\System\WqWomLL.exe
  2⤵
  PID:10164
- C:\Windows\System\PSlYoHw.exe
  C:\Windows\System\PSlYoHw.exe
  2⤵
  PID:10204
- C:\Windows\System\IRMxCcL.exe
  C:\Windows\System\IRMxCcL.exe
  2⤵
  PID:10216
- C:\Windows\System\LHdBmGU.exe
  C:\Windows\System\LHdBmGU.exe
  2⤵
  PID:10080
- C:\Windows\System\dwlJcWZ.exe
  C:\Windows\System\dwlJcWZ.exe
  2⤵
  PID:10144
- C:\Windows\System\NcDCKta.exe
  C:\Windows\System\NcDCKta.exe
  2⤵
  PID:9284
- C:\Windows\System\DWZODEB.exe
  C:\Windows\System\DWZODEB.exe
  2⤵
  PID:9428
- C:\Windows\System\QKueAwC.exe
  C:\Windows\System\QKueAwC.exe
  2⤵
  PID:9652
- C:\Windows\System\YQocuGE.exe
  C:\Windows\System\YQocuGE.exe
  2⤵
  PID:9324
- C:\Windows\System\YYPtxvn.exe
  C:\Windows\System\YYPtxvn.exe
  2⤵
  PID:9612
- C:\Windows\System\UVGvcGP.exe
  C:\Windows\System\UVGvcGP.exe
  2⤵
  PID:9264
- C:\Windows\System\ygrTcqg.exe
  C:\Windows\System\ygrTcqg.exe
  2⤵
  PID:9788
- C:\Windows\System\YKKbtUI.exe
  C:\Windows\System\YKKbtUI.exe
  2⤵
  PID:9476
- C:\Windows\System\tqDpfic.exe
  C:\Windows\System\tqDpfic.exe
  2⤵
  PID:9380
- C:\Windows\System\CPNyicD.exe
  C:\Windows\System\CPNyicD.exe
  2⤵
  PID:9440
- C:\Windows\System\Frspqwu.exe
  C:\Windows\System\Frspqwu.exe
  2⤵
  PID:9376
- C:\Windows\System\qPKJLCz.exe
  C:\Windows\System\qPKJLCz.exe
  2⤵
  PID:9872
- C:\Windows\System\wXJXlsQ.exe
  C:\Windows\System\wXJXlsQ.exe
  2⤵
  PID:9920
- C:\Windows\System\iWrumxK.exe
  C:\Windows\System\iWrumxK.exe
  2⤵
  PID:9780
- C:\Windows\System\eVKSyaH.exe
  C:\Windows\System\eVKSyaH.exe
  2⤵
  PID:10032
- C:\Windows\System\sKQawYF.exe
  C:\Windows\System\sKQawYF.exe
  2⤵
  PID:10112
- C:\Windows\System\elUGNtN.exe
  C:\Windows\System\elUGNtN.exe
  2⤵
  PID:9240
- C:\Windows\System\YYrVYIA.exe
  C:\Windows\System\YYrVYIA.exe
  2⤵
  PID:9372
- C:\Windows\System\MduJbxj.exe
  C:\Windows\System\MduJbxj.exe
  2⤵
  PID:10056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BbiILAf.exe

Filesize
6.0MB

MD5
26630723cae6144f70f41f3b602b553e

SHA1
5fe7aacfd667f903bfe1462721b9135af03b86ce

SHA256
777846a9f94c0c940d4b96ce43bebe1070661f59ae797b272fd084ab9f5b20f9

SHA512
0dea5c09e875bc3c44b22d784c900223a05e3de9b9e10eb9f9c85e4bad5605165227cf76914d73f4b9fa5401f139a999a3954d02631eabb33c496888106d6459

Download Submit
C:\Windows\system\CcfiRtX.exe

Filesize
6.0MB

MD5
8baa43927b9464b1b0c7899e7f931f6b

SHA1
b538851988316899725523be00f6e28567c03a6a

SHA256
91c915fb459a5982c9267d41a3fc49f86d6f10a428d306985d35e12e7f1cdaf6

SHA512
03f3cbda63bc458017157b1e87926d05459c22b9d2b2d1636818f165360b9d79a53ee209458505556116b7d2b16b9fbb095e5f40fb149ab2739188424ad80f9d

Download Submit
C:\Windows\system\DxuWzMR.exe

Filesize
6.0MB

MD5
e2ebcd946a730f7f7df2fafe32014c5c

SHA1
4da0643741409319515f4963ff18931a24c3f5c3

SHA256
1188afb51af958bde65eaf57ac4f2446ecc6157cea0885db02b688d01f707507

SHA512
1fd93282d232584d511f97b9a19cfd42432bde1974f9377666d3bcee6c4b73e79f5e2b808ac0a1f17204fb995377b4afb5f76b427b438e416ed900c76e7cbc13

Download Submit
C:\Windows\system\EqesiJL.exe

Filesize
6.0MB

MD5
122c06eebacc884608b4581c9a9db980

SHA1
0284d1fd115103c15172b508a4bbd1d03c937060

SHA256
7e707d8594f560a236557b7b34448baea9814579a7d0b3b5f1aa521090129223

SHA512
5b793273a9e1c88de36aa1b6d0553a5242cf076a1dca30faba8a962ceb7ceab7123f18f08fc1168a42bc1d7cf6db9211cc07e78bc93c088fb4b54365708702ac

Download Submit
C:\Windows\system\MlNoHiU.exe

Filesize
6.0MB

MD5
7a96981afa43c4a041cee7f0fc629a95

SHA1
b7f815fd3767ad51badfe5265a60b06a220e14f6

SHA256
e44d8e16a5f0631ff796592c18b0b73ed3951b0b6d829696491f68f4b23a7425

SHA512
4268a8d2ee98a13916edca1bd0ce06ed2865f80369dca736bcca6d682d1dfad0785ca1619fb210893e5a51418590c42743c8ad0c19adf3c8436a41f67bb10b88

Download Submit
C:\Windows\system\NxfUAPt.exe

Filesize
6.0MB

MD5
850748ccadbfe0ba7727475343fc9228

SHA1
c94a3e7e1ce42107c67f0b73d49bce665cebaff2

SHA256
0877fa521a7dc9b59a472db087daa3804c0aa2c6a3d42e1cf32fa21d1427f62c

SHA512
880ed7fb3821ce9266dbe6f05ce1931ba58da370369327fd39c5d1a1f08ad6558898ce347b7b7c5195fbde383eee3fc1d9ca0b829f432166f3f2bb1939bb1f56

Download Submit
C:\Windows\system\OJcwArf.exe

Filesize
6.0MB

MD5
d221538f5a181735f3e90ffc8ec1acd3

SHA1
b6beb8a0d514db7f3954f59ec6ed5c292be1fd05

SHA256
fa6d16823f479cdf591309b5e7defe83fc9d77496c014471a79d5ada99e9a7da

SHA512
7ef8fc9a9e8a4af2d79cb58b79ee8ac6817ef2883b49b44080c72ed257b5a4580c102060b06482566ce9e3014ac5796b8b7638772d5a19743175442a27b24ed0

Download Submit
C:\Windows\system\QBKazVd.exe

Filesize
6.0MB

MD5
3f742981d7521d5acf1838271ecce775

SHA1
2c41082c88f3e550698d7702148fc5c65e959e85

SHA256
460446b15fc4a264a5aa92d43a8f1dd541b8f348cc4295b3001c5b6e57e286ee

SHA512
c355a84d424352ec431690204e48112b733866d1bcf23d29a7fc9e82eb0af128ddd6b596b47d4b9b719268e3991b6a3ce5f92651a91cc94464427ce19e31bfe8

Download Submit
C:\Windows\system\QZQJIby.exe

Filesize
6.0MB

MD5
170937430a07806404070852a7812442

SHA1
00b8adffebf3623f58cd24e9aca5aead4fc7f0cf

SHA256
5b0ec146d7e4c18b8b819dc71ab6456e6bc93d22445d32b2dcc6bc0a3b5c2593

SHA512
d946b9c890e6d284f8fc5450ddbcbad388cb1eefce7271d546c4ea302c203b335cd0222bf72cc1e91eaad497fdc659058131803b0e36aebb4040fb230b33e840

Download Submit
C:\Windows\system\RSoBwnZ.exe

Filesize
6.0MB

MD5
3549de0bfe4d3aa2b75f22ca337f1832

SHA1
014b98879e9a96ead98d4624208097fabd4a2326

SHA256
a8b28e2701ea420b8f4fe86b95b417bfbe304b4ef65ef64ce8457f1f44ee3c05

SHA512
f4534a2e2ed3a01e6e4dc90bd38e323a4fe3fb2d8d2e717b4cb5fd664b0310f16b6c4c975f49a714624727b5b713955607eb7ceb83392c45d21c2f54a4ca118b

Download Submit
C:\Windows\system\SyUVChO.exe

Filesize
6.0MB

MD5
0e2a9b71d27176951850553da2d06899

SHA1
b81a81e713ddd7782f46be112aa31b83b6cc24bb

SHA256
34668e84d8490ea2661a4a179f4eeea8e82adb7d4a73ce0866366e8a449e8215

SHA512
7811b5d6bd6eb4d346b837393e7e87eeb1372c3156a1ce84817808b2eafa05a7408dd61a81b3dde189fc7369b6e5e9128790089d6bcdddc987441e6e8cbeaaa2

Download Submit
C:\Windows\system\TijnjFn.exe

Filesize
6.0MB

MD5
a44870340ae2e7b913ee77c4ea67b773

SHA1
1f5857f8b65784d53a256a2e2962906ced8c2368

SHA256
7153be86db1d71ebb18e9ceecb1508f8f9b8be0006262a57d0d67dd1909ab994

SHA512
6d8dce38146e90dfac3c2d9c788de4d545dfc9ee5269c85e1f510e924225662ed4fcf4d7ade330446f7bf423fe049a6c40572a56e651365988f7b3c02583a222

Download Submit
C:\Windows\system\VSgkdcU.exe

Filesize
6.0MB

MD5
c358e415a3f68a3e161fc23f6a3754f9

SHA1
3434e82149bcb7dfa62b227d6afb1ae688a177d8

SHA256
7e726ad22a48395c058077d6ebbf0e414bd434f6d163806b7fdbb9dc7ce908a0

SHA512
553ca22f5acc910de87b2bf67da35c80c46b4692d839bf27fab5d3b4ec7ca43a17982b5b3bc0a9fadffe58dcd667a90daafb9dff6da9e7ed81aebf821f509002

Download Submit
C:\Windows\system\egcKFAK.exe

Filesize
6.0MB

MD5
99225817f8ac63ade3ec2841bceb67f9

SHA1
125c4c4e3e8263f63119df44d1ddf09b9652c4a8

SHA256
60b3ef69f90a63b228fa040059c5ac33422140e7ca775d709a868e2cc94a00d6

SHA512
e94151b2c517f9f66cf9979958e0b02b83657da1bb7e5398b6a6366c2c2e2010ee5cff305a5c5c40acc98d7578e6e744e04da63b19d8b9c2cfeb2b9291ad7442

Download Submit
C:\Windows\system\ekpGMJG.exe

Filesize
6.0MB

MD5
51d6e12920e95d2161ffb0acd793c790

SHA1
6f71a235dd736705829a1056a2e5dde6f22ce565

SHA256
2f9987dde79c22b72a2599a1e0515eeddb6bf1e049dc8517b5e5cd06de6dd168

SHA512
e644c3ebd9c497767e82deebfe077c485bd00a6d87999907fea0552340d43264c373880d7261855c46b187df0bff0aeb65d8da5d1fa2f6fa834423b01d6a3b2a

Download Submit
C:\Windows\system\fYhZEII.exe

Filesize
6.0MB

MD5
4e43b945fb04b224a1b4ae55b500e14f

SHA1
5ed158323b16a5a89cf1830bbc27ad53a6ff2462

SHA256
492d7014b425e89560240e584e7542a606579ec0b8a161ae6f9c68e5358223ec

SHA512
c3ba52268f5a1d0c8ae12be3d93bab7338a9275108f29c63f070732210ec6a37886e55414098c1a2cb8ffe842342e9f6586ac22dfef34d6ecedbed112a4af0ae

Download Submit
C:\Windows\system\ipJQHix.exe

Filesize
6.0MB

MD5
9ad9f978b807cd2f46014a787cd85dc4

SHA1
4918db2d68b6e19f190c4fb0d6bad9de86557e48

SHA256
4f629d25ffb67176d2574180446ea2a67bf491bb00bd304a36b80dc710416044

SHA512
7313e7b98acc275a9ad356d0a18f4a9a51bce3c11b912979ba258adc8a00c57e00aee56522fbea8ff53360689b857c08278bd6b63d504928a7f5b25f2b40ecda

Download Submit
C:\Windows\system\jVlGbOj.exe

Filesize
6.0MB

MD5
3d48996f740913c1610a82ad84c226a1

SHA1
17e3c347c2157afa639f9943939cc56f239d94a3

SHA256
129ddded89aa02cb12db65e40e3eccfbca35226ba74b7599f91206d69eb73498

SHA512
2c319c2c8271c90e1b9fda0351302209439e4b0da309fb4e86a247a9e675fe30bfe8b40b61c55b1ba4ac3d04d5b7438e540849ce40088225b04ccda9e8739efd

Download Submit
C:\Windows\system\kYDVqkn.exe

Filesize
6.0MB

MD5
2578bdcf8d9d7dfec1c738bf0ded27e9

SHA1
e80f75a0ca129b4cc94a194d9f2c86ecfc722456

SHA256
adb603c6005c05a66f97cd1f10692ead77ccbbd9982911e496f09d6a9ecc5cf7

SHA512
8406ac7639c2868613f1bcbf830dd632d38a180c7230dbbb9ee195b1a762d67e91cd0f257bf3a124e7524f8ed9e546c23e766e0c0df44619d2f239bcbc0e601f

Download Submit
C:\Windows\system\lzJJckQ.exe

Filesize
6.0MB

MD5
c935b64cfb14edc94736c1bdfd8b6daa

SHA1
5d94ed1d3fe6c71f113a654b8840d7afc85bc953

SHA256
4afa3523d2972beff247c2633c2a86752e381ae9314f16dc95b8b9dd0bb215b6

SHA512
b645aa3c1e1b632cc673a0d17cb0b0aa00902f363aeffebae4eaca8fbd5a5f8a118d1d88e367bf707ecbe80fbb7a32f310774c48e51076c45e0989f70af539d4

Download Submit
C:\Windows\system\odAnnTr.exe

Filesize
6.0MB

MD5
46463d99fb029403886e8aace2160c66

SHA1
2420bed7facc8cf151332aa8f4eb6f92ab6e1642

SHA256
c2d9c4e7c3ece1c67f96431057236d06024dac6625b73dea367beacd8ec316a1

SHA512
a79f9b13c8c970b83aa93a3aef6a6d2850cbdd468e85b0dd2cdb211362fa05335ccece494c783c40f4935b4b06f05268df526431a8aba83a164ea6079a5f3e92

Download Submit
C:\Windows\system\pdysMyU.exe

Filesize
6.0MB

MD5
3d2d90df7df42d41c402daa438655bc4

SHA1
6f640429af7bdeeac8dfd651b0744f1ccbdb11a4

SHA256
eedc156f1999452c89fae1391797d09ba5ef47d1cc30f185a944c412f9974f03

SHA512
8b86103f44c5cd3c673f1053f4023214422c667b41e3c1c60122dedf24e0acc041de70bd901ecbff4e6a510a4c68f66607e6acbd4a02d3e0f58e4ca352fb71a3

Download Submit
C:\Windows\system\rygbbHI.exe

Filesize
6.0MB

MD5
4d222a7f4f3964b74442bd723df10486

SHA1
d164b73682e326d99341fa43c8b3569462a894d7

SHA256
c68019d6f2d9583713a91cf0e8e20c9793f47f02dffdc0a00f742c3376813a27

SHA512
fe53cf8ee4f2f6d4388206c88335f7d91ef0c007205b6fe3e17a36838d83effde63d09557324a5fbd14a9b03b54fb2e45fd4ac9c8b3aefb775dd87a6b5bb2011

Download Submit
C:\Windows\system\vBmfeux.exe

Filesize
6.0MB

MD5
1de4b1132a03234447ee75eb939e69b7

SHA1
dd787b1981a5a52ebac1f9e73e859ff436ad7f79

SHA256
33bea8b3f39c6e5c115ed453394321ae66494766edb2bae13f3a41c3380527f7

SHA512
a438b211909c35e6d2fa9eff958a605c036349b23f850903278d876f8d63f7ad66f67c30c416419020548c6f5ba03555dbf663ce44150491a41dcff66fc115b3

Download Submit
C:\Windows\system\veIkCxY.exe

Filesize
6.0MB

MD5
cf554263a6a53d07d0a106b2bdae455c

SHA1
3bb6cc1a5af092bd5c6c527e405139de848ca1b6

SHA256
9daa30047d8b30884761e7e208538ff6135ca7ba7a98ee4dbfd7c05d576fc694

SHA512
234e57c9ded2ea25f7627c09f5ca90dddacce6c9caf8fcb6b4f6c023fddb933d1c0a90a1922e95fe8c6ce29dbd10abaf0d57569a1721d602d03d8b46be9efc51

Download Submit
C:\Windows\system\wcTKnjo.exe

Filesize
6.0MB

MD5
1cd3ffced476175beca14a1c914215e3

SHA1
a79b18d8bf2f4baebf2cd94d518aaa3ad93bfccf

SHA256
14803c90ec9d14a239a27f1b0dc82df938bad62c605ce51c45787cdb7997c04b

SHA512
ba2e23e75e7d307cea7e1f36ac8e9b3f703256e52f0308f349606af7af6b579b69d3a800cf20041dd4a48ac58b5b3a26f473a81fc3964b9db385bc737aa3a6df

Download Submit
C:\Windows\system\wsLkyhk.exe

Filesize
6.0MB

MD5
10b5c5437d11b84a27a5d459f232e948

SHA1
d65cb65b2530c2c9705223983af6c3474033ca61

SHA256
a99a5eb50e2cd5ac8e243d986df46829b5f046cc3b49bb37666c566d36b461cb

SHA512
959232ad6fa8bce8d12264c24a674eef873d2f1cf6dbe88c4240b3ecda751ad74aa005742d19da92ca2e18c6d89c8b7425ac1bcc924157838d13f52470d33ead

Download Submit
C:\Windows\system\wtTuEeq.exe

Filesize
6.0MB

MD5
da5b4bc5a3f128b662b0107b84914a09

SHA1
317c584b7a310f42cc871050ac1207e379ed0f6e

SHA256
d56110ab34f19d43dab591836cf43c477ce983cd274ba4e3c498af29493ec052

SHA512
ce07c830b279af0f24e89f3c9c7c217f38428d2acc8a01a18267d6d23dd27b792b964c7299ec2e75a79a95a0b492f713fe760889d18500099a73eef2d33b9a2c

Download Submit
C:\Windows\system\xIGVQaK.exe

Filesize
6.0MB

MD5
5eb155303cf80a880a533d9e7fabdd83

SHA1
13cf6d1e3686e2bcad31c88a64b49fc3181092a5

SHA256
3be2263b09dcab6fc97608f2cd6bb05c393fda1f270cf1ddcdff6940b15d5747

SHA512
02427409bdf17af9cf0d579f077ea3fcae44ce55ac68d276be5e9a573c731ccd7f744637fef44387f1eb34d56904082768d026a2ac02844953daef3abe35e07d

Download Submit
\Windows\system\WGewSxv.exe

Filesize
6.0MB

MD5
3e4f7aca1f3ee8264ebeeff40d12dd11

SHA1
e5365ff2fc9916db7a9090ae8b3df7e324bb85b2

SHA256
70655bbe9d2d14a85866141680c451c5526120e06dc5e2212dc16137c613bf21

SHA512
18395df2b672b0ddbe91531ecee83df83da8dcbfaeb13afd5e2625cd6027ef073676a6d5acede6028d3dec105c77748a9a706730dc2f0f49d88b75146c577c91

Download Submit
\Windows\system\WbZMoEc.exe

Filesize
6.0MB

MD5
3a24621e69adc7940b7d8a5c17076c35

SHA1
8fb386f92094ee64bd6e2ee8e2148bdf41caed62

SHA256
38162b9e3512258d6495ff19f1b4452c2b86d2ddcfd8b369da9a87c70b3a1ae5

SHA512
6f84386b03c7439579398248b6d86d2de35765fea56079d322236f2b9ed464c249cd3d413728e386f8048b2801ca251d11c7d311935e60e6535e6ed30cb7b8b1

Download Submit
\Windows\system\WynOmQx.exe

Filesize
6.0MB

MD5
12ca7ec6ff3e6a3b1bbbbb05b34ef0ec

SHA1
c7ba965e062532d9e93bc4910a30060c91feeb5e

SHA256
426bedaedb8bc7dd79141c3c887df6fec389a2da52d7ac5370532a91981dc85c

SHA512
608fc56f3dc7a6141ec4e2362336945981a476f033794c811d3f9d618db0ecfe103394ffc68783eb15c78ca0f27bfa547743e43ff7b82c1da37f302fa4e1049a

Download Submit
memory/1500-3562-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1500-2026-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3567-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-2106-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-3587-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2492-2061-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2800-2121-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3558-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3657-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2184-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2848-2222-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3664-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3618-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2876-2108-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2940-3613-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2984-3597-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2187-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2027-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2923-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2781-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2780-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2892-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2907-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2874-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2886-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2929-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2928-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2925-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2124-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2185-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2189-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2225-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2109-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2107-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/3032-2062-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-0-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/3032-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3064-3663-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-2023-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download