cobaltstrike | 36113452384c447c66c0f8baa512b70cddfcc5b3047b731edcdb577286021289

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-09-2024 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fd4ed93881dd771af8728c37961a5382
SHA1

6d77b0819a7fe3d7d4ea270a287efb7ef49970f4
SHA256

36113452384c447c66c0f8baa512b70cddfcc5b3047b731edcdb577286021289
SHA512

9e96b7a12c6c2a789997a649e700bff61295a378f0f6b6174377431c5876caaa2114c134dbb99dd1216f2e24455fab9ad98339e6eea9914079a2e4ddfb8c25d0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUz:T+q56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000f000000012782-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cc4-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-14.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ca5-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce0-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cf0-36.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d04-48.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-52.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-172.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2404-0-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x000f000000012782-3.dat	xmrig
behavioral1/memory/2404-7-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2176-9-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cc4-10.dat	xmrig
behavioral1/files/0x0007000000016cd7-14.dat	xmrig
behavioral1/memory/2312-19-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2140-21-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ca5-23.dat	xmrig
behavioral1/memory/2380-29-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ce0-30.dat	xmrig
behavioral1/memory/2852-35-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/files/0x0009000000016cf0-36.dat	xmrig
behavioral1/memory/2844-43-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2404-41-0x0000000002310000-0x0000000002664000-memory.dmp	xmrig
behavioral1/memory/2404-37-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2696-50-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2312-49-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d04-48.dat	xmrig
behavioral1/files/0x00050000000193a8-52.dat	xmrig
behavioral1/memory/2404-55-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2728-58-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d1-59.dat	xmrig
behavioral1/memory/2704-66-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2380-62-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e6-76.dat	xmrig
behavioral1/files/0x000500000001945c-89.dat	xmrig
behavioral1/files/0x00050000000195c2-101.dat	xmrig
behavioral1/memory/2404-102-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f0-71.dat	xmrig
behavioral1/memory/2404-112-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2696-108-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c4-105.dat	xmrig
behavioral1/memory/2404-99-0x0000000002310000-0x0000000002664000-memory.dmp	xmrig
behavioral1/files/0x000500000001958b-97.dat	xmrig
behavioral1/files/0x000500000001948d-81.dat	xmrig
behavioral1/files/0x00050000000195c6-113.dat	xmrig
behavioral1/memory/2844-96-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2404-95-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/1684-94-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2232-92-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194e2-90.dat	xmrig
behavioral1/memory/2544-88-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2852-70-0x000000013F8E0000-0x000000013FC34000-memory.dmp	xmrig
behavioral1/memory/2404-122-0x0000000002310000-0x0000000002664000-memory.dmp	xmrig
behavioral1/memory/2404-125-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-130.dat	xmrig
behavioral1/files/0x00050000000195c8-132.dat	xmrig
behavioral1/files/0x00050000000195ca-140.dat	xmrig
behavioral1/files/0x00050000000195cc-142.dat	xmrig
behavioral1/files/0x00050000000195ce-148.dat	xmrig
behavioral1/files/0x00050000000195d0-152.dat	xmrig
behavioral1/files/0x00050000000195e0-156.dat	xmrig
behavioral1/files/0x0005000000019624-160.dat	xmrig
behavioral1/files/0x0005000000019665-164.dat	xmrig
behavioral1/files/0x00050000000196a0-168.dat	xmrig
behavioral1/files/0x0005000000019bf2-184.dat	xmrig
behavioral1/memory/2404-271-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2232-266-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf0-181.dat	xmrig
behavioral1/files/0x0005000000019bec-176.dat	xmrig
behavioral1/files/0x0005000000019931-172.dat	xmrig
behavioral1/memory/2176-3388-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2312-3454-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2176	NWgSCLD.exe
2312	fxNzxpw.exe
2140	iYMSUKV.exe
2380	FsZnPIs.exe
2852	VEgRurP.exe
2844	iyqEipo.exe
2696	FNQYMwD.exe
2728	LGiTsDb.exe
2704	mpQzFCw.exe
2544	bgRqidI.exe
2232	kQrGgzi.exe
1684	dRDgdUM.exe
1640	vRNjMfP.exe
2596	HXfRtAv.exe
976	MMPjCkC.exe
1916	YHrjHnp.exe
2600	KWaicQp.exe
2000	lhlKstO.exe
1060	gxgpgDD.exe
1820	XTfhloT.exe
2976	RTkSuRZ.exe
2912	xyaTpiU.exe
2972	OuitGqC.exe
2092	LxyrTrf.exe
1196	YQWIvcH.exe
2184	JUAwgCn.exe
804	Ialheos.exe
1440	HsTVBZA.exe
1660	YLFoUnj.exe
2160	QJcobbf.exe
2336	EyKCwiD.exe
1696	XnXIaeO.exe
736	pjRjjIp.exe
1864	xFZtaoz.exe
1008	GRNGXef.exe
2392	ZqczDns.exe
1728	mYiCkdt.exe
888	zKybdcu.exe
1512	uPZgMHU.exe
1892	vkmihmr.exe
1752	wkgznts.exe
1680	dVgQppT.exe
1564	bdoXLzm.exe
1284	sHtTnTK.exe
1296	SPvOLWU.exe
2968	dbSHZyV.exe
580	dsWzKCT.exe
2264	jeSUjHh.exe
3036	NExAhGE.exe
3044	PJXumaa.exe
1984	ALEoYlv.exe
1560	GOxrlJP.exe
2088	ZunTExX.exe
1508	JulaIZp.exe
1028	CifcbJe.exe
1496	PNYEtEB.exe
640	bYTYfUo.exe
1700	VTfALDm.exe
2320	yRuGcRP.exe
1612	ckDaDOd.exe
1724	qPrZmCe.exe
1736	ibylrwK.exe
2472	fLMvOyT.exe
2276	XaipIpq.exe

Loads dropped DLL 64 IoCs

pid	Process
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2404-0-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x000f000000012782-3.dat	upx
behavioral1/memory/2404-7-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2176-9-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0009000000016cc4-10.dat	upx
behavioral1/files/0x0007000000016cd7-14.dat	upx
behavioral1/memory/2312-19-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2140-21-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x0009000000016ca5-23.dat	upx
behavioral1/memory/2380-29-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0007000000016ce0-30.dat	upx
behavioral1/memory/2852-35-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x0009000000016cf0-36.dat	upx
behavioral1/memory/2844-43-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2404-37-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2696-50-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2312-49-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0009000000016d04-48.dat	upx
behavioral1/files/0x00050000000193a8-52.dat	upx
behavioral1/memory/2728-58-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x00050000000193d1-59.dat	upx
behavioral1/memory/2704-66-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2380-62-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x00050000000193e6-76.dat	upx
behavioral1/files/0x000500000001945c-89.dat	upx
behavioral1/files/0x00050000000195c2-101.dat	upx
behavioral1/files/0x00050000000193f0-71.dat	upx
behavioral1/memory/2404-112-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2696-108-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x00050000000195c4-105.dat	upx
behavioral1/files/0x000500000001958b-97.dat	upx
behavioral1/files/0x000500000001948d-81.dat	upx
behavioral1/files/0x00050000000195c6-113.dat	upx
behavioral1/memory/2844-96-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/1684-94-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2232-92-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x00050000000194e2-90.dat	upx
behavioral1/memory/2544-88-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2852-70-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-130.dat	upx
behavioral1/files/0x00050000000195c8-132.dat	upx
behavioral1/files/0x00050000000195ca-140.dat	upx
behavioral1/files/0x00050000000195cc-142.dat	upx
behavioral1/files/0x00050000000195ce-148.dat	upx
behavioral1/files/0x00050000000195d0-152.dat	upx
behavioral1/files/0x00050000000195e0-156.dat	upx
behavioral1/files/0x0005000000019624-160.dat	upx
behavioral1/files/0x0005000000019665-164.dat	upx
behavioral1/files/0x00050000000196a0-168.dat	upx
behavioral1/files/0x0005000000019bf2-184.dat	upx
behavioral1/memory/2232-266-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x0005000000019bf0-181.dat	upx
behavioral1/files/0x0005000000019bec-176.dat	upx
behavioral1/files/0x0005000000019931-172.dat	upx
behavioral1/memory/2176-3388-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2312-3454-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2140-3509-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2380-3549-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/memory/2844-3596-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2852-3597-0x000000013F8E0000-0x000000013FC34000-memory.dmp	upx
behavioral1/memory/2728-3731-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2544-3740-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/1684-3742-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2704-3741-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rxaaaPI.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fxNzxpw.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDilffK.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOXIxox.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqAqarj.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjMurHJ.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BMJXUVE.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWMLcrf.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JulaIZp.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ydRXPdk.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQxTBYs.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OSSUAMA.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XCFKFEy.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MeBZaNE.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eyTKbbX.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GIiTvfz.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pihJEMS.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xFZtaoz.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWPQUjx.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwlqFKd.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wXDcvhY.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxbRAnA.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FNQYMwD.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ckDaDOd.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qqdwlDl.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WJwxoMX.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXTSHKr.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXGDrjq.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnMsOjG.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EIERvog.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RzEDxKz.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MelfLJY.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXyoGqV.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekSjbvD.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qwGhpzZ.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxsNjpp.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLdLSkI.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMWxIMg.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhlKstO.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtHrTQk.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRPBwGU.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VubrtGd.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIkOFRx.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KHevfKA.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQHXlCP.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrCMiPL.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mfCqxts.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSltslR.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJcDlbw.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTTdFkz.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIEizDm.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZXhxHY.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YpMAqZm.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RlpRZjL.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ReiMMUa.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrpMsUo.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGOLwKD.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IoMurSr.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZzTHwK.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXMKjNr.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pISbfnR.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\deHxYIC.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puvBTww.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QKsBMjB.exe	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 2176	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 2176	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 2176	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2404 wrote to memory of 2312	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 2312	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 2312	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2404 wrote to memory of 2140	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 2140	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 2140	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2404 wrote to memory of 2380	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 2380	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 2380	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2404 wrote to memory of 2852	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 2852	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 2852	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2404 wrote to memory of 2844	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2404 wrote to memory of 2844	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2404 wrote to memory of 2844	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2404 wrote to memory of 2696	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 2696	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 2696	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2404 wrote to memory of 2728	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2728	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2728	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2404 wrote to memory of 2704	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2704	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2704	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2404 wrote to memory of 2544	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2544	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2544	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2404 wrote to memory of 2596	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2596	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2596	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2404 wrote to memory of 2232	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 2232	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 2232	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2404 wrote to memory of 976	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 976	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 976	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2404 wrote to memory of 1684	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 1684	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 1684	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2404 wrote to memory of 1916	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 1916	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 1916	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2404 wrote to memory of 1640	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 1640	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 1640	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2404 wrote to memory of 2600	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 2600	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 2600	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2404 wrote to memory of 2000	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 2000	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 2000	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2404 wrote to memory of 1060	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 1060	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 1060	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2404 wrote to memory of 1820	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 1820	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 1820	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2404 wrote to memory of 2976	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2404 wrote to memory of 2976	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2404 wrote to memory of 2976	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2404 wrote to memory of 2912	2404	2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-22_fd4ed93881dd771af8728c37961a5382_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Windows\System\NWgSCLD.exe
  C:\Windows\System\NWgSCLD.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\fxNzxpw.exe
  C:\Windows\System\fxNzxpw.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\iYMSUKV.exe
  C:\Windows\System\iYMSUKV.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\FsZnPIs.exe
  C:\Windows\System\FsZnPIs.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\VEgRurP.exe
  C:\Windows\System\VEgRurP.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\iyqEipo.exe
  C:\Windows\System\iyqEipo.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\FNQYMwD.exe
  C:\Windows\System\FNQYMwD.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\LGiTsDb.exe
  C:\Windows\System\LGiTsDb.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\mpQzFCw.exe
  C:\Windows\System\mpQzFCw.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\bgRqidI.exe
  C:\Windows\System\bgRqidI.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\HXfRtAv.exe
  C:\Windows\System\HXfRtAv.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\kQrGgzi.exe
  C:\Windows\System\kQrGgzi.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\MMPjCkC.exe
  C:\Windows\System\MMPjCkC.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\dRDgdUM.exe
  C:\Windows\System\dRDgdUM.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\YHrjHnp.exe
  C:\Windows\System\YHrjHnp.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\vRNjMfP.exe
  C:\Windows\System\vRNjMfP.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\KWaicQp.exe
  C:\Windows\System\KWaicQp.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\lhlKstO.exe
  C:\Windows\System\lhlKstO.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\gxgpgDD.exe
  C:\Windows\System\gxgpgDD.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\XTfhloT.exe
  C:\Windows\System\XTfhloT.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\RTkSuRZ.exe
  C:\Windows\System\RTkSuRZ.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\xyaTpiU.exe
  C:\Windows\System\xyaTpiU.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\OuitGqC.exe
  C:\Windows\System\OuitGqC.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\LxyrTrf.exe
  C:\Windows\System\LxyrTrf.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\YQWIvcH.exe
  C:\Windows\System\YQWIvcH.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\JUAwgCn.exe
  C:\Windows\System\JUAwgCn.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\Ialheos.exe
  C:\Windows\System\Ialheos.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\HsTVBZA.exe
  C:\Windows\System\HsTVBZA.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\YLFoUnj.exe
  C:\Windows\System\YLFoUnj.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\QJcobbf.exe
  C:\Windows\System\QJcobbf.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\EyKCwiD.exe
  C:\Windows\System\EyKCwiD.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\XnXIaeO.exe
  C:\Windows\System\XnXIaeO.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\pjRjjIp.exe
  C:\Windows\System\pjRjjIp.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\xFZtaoz.exe
  C:\Windows\System\xFZtaoz.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\GRNGXef.exe
  C:\Windows\System\GRNGXef.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\ZqczDns.exe
  C:\Windows\System\ZqczDns.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\mYiCkdt.exe
  C:\Windows\System\mYiCkdt.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\zKybdcu.exe
  C:\Windows\System\zKybdcu.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\uPZgMHU.exe
  C:\Windows\System\uPZgMHU.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\vkmihmr.exe
  C:\Windows\System\vkmihmr.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\wkgznts.exe
  C:\Windows\System\wkgznts.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\dVgQppT.exe
  C:\Windows\System\dVgQppT.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\bdoXLzm.exe
  C:\Windows\System\bdoXLzm.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\sHtTnTK.exe
  C:\Windows\System\sHtTnTK.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\SPvOLWU.exe
  C:\Windows\System\SPvOLWU.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\dbSHZyV.exe
  C:\Windows\System\dbSHZyV.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\dsWzKCT.exe
  C:\Windows\System\dsWzKCT.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\jeSUjHh.exe
  C:\Windows\System\jeSUjHh.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\NExAhGE.exe
  C:\Windows\System\NExAhGE.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\PJXumaa.exe
  C:\Windows\System\PJXumaa.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\ALEoYlv.exe
  C:\Windows\System\ALEoYlv.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\GOxrlJP.exe
  C:\Windows\System\GOxrlJP.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\ZunTExX.exe
  C:\Windows\System\ZunTExX.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\JulaIZp.exe
  C:\Windows\System\JulaIZp.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\CifcbJe.exe
  C:\Windows\System\CifcbJe.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\PNYEtEB.exe
  C:\Windows\System\PNYEtEB.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\bYTYfUo.exe
  C:\Windows\System\bYTYfUo.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\VTfALDm.exe
  C:\Windows\System\VTfALDm.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\yRuGcRP.exe
  C:\Windows\System\yRuGcRP.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\ckDaDOd.exe
  C:\Windows\System\ckDaDOd.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\qPrZmCe.exe
  C:\Windows\System\qPrZmCe.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\ibylrwK.exe
  C:\Windows\System\ibylrwK.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\fLMvOyT.exe
  C:\Windows\System\fLMvOyT.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\XaipIpq.exe
  C:\Windows\System\XaipIpq.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\HeMaxfH.exe
  C:\Windows\System\HeMaxfH.exe
  2⤵
  PID:2244
- C:\Windows\System\saiVvLp.exe
  C:\Windows\System\saiVvLp.exe
  2⤵
  PID:2624
- C:\Windows\System\KHcxohc.exe
  C:\Windows\System\KHcxohc.exe
  2⤵
  PID:1952
- C:\Windows\System\SFhxkvW.exe
  C:\Windows\System\SFhxkvW.exe
  2⤵
  PID:2688
- C:\Windows\System\dXEsRJR.exe
  C:\Windows\System\dXEsRJR.exe
  2⤵
  PID:2536
- C:\Windows\System\rXZfxhO.exe
  C:\Windows\System\rXZfxhO.exe
  2⤵
  PID:2684
- C:\Windows\System\rJcMMjh.exe
  C:\Windows\System\rJcMMjh.exe
  2⤵
  PID:2996
- C:\Windows\System\tDilffK.exe
  C:\Windows\System\tDilffK.exe
  2⤵
  PID:2904
- C:\Windows\System\uGrNvre.exe
  C:\Windows\System\uGrNvre.exe
  2⤵
  PID:2860
- C:\Windows\System\NFxMgha.exe
  C:\Windows\System\NFxMgha.exe
  2⤵
  PID:2784
- C:\Windows\System\JkVmUZf.exe
  C:\Windows\System\JkVmUZf.exe
  2⤵
  PID:780
- C:\Windows\System\djFEzwm.exe
  C:\Windows\System\djFEzwm.exe
  2⤵
  PID:2872
- C:\Windows\System\VAsDzXl.exe
  C:\Windows\System\VAsDzXl.exe
  2⤵
  PID:1080
- C:\Windows\System\bkkYKTX.exe
  C:\Windows\System\bkkYKTX.exe
  2⤵
  PID:1768
- C:\Windows\System\ydRXPdk.exe
  C:\Windows\System\ydRXPdk.exe
  2⤵
  PID:2896
- C:\Windows\System\qqdwlDl.exe
  C:\Windows\System\qqdwlDl.exe
  2⤵
  PID:1176
- C:\Windows\System\IdhZxou.exe
  C:\Windows\System\IdhZxou.exe
  2⤵
  PID:1428
- C:\Windows\System\riMyGLr.exe
  C:\Windows\System\riMyGLr.exe
  2⤵
  PID:448
- C:\Windows\System\HCzACQY.exe
  C:\Windows\System\HCzACQY.exe
  2⤵
  PID:948
- C:\Windows\System\INwktZV.exe
  C:\Windows\System\INwktZV.exe
  2⤵
  PID:1076
- C:\Windows\System\ygwTXeG.exe
  C:\Windows\System\ygwTXeG.exe
  2⤵
  PID:3028
- C:\Windows\System\dRQUKwQ.exe
  C:\Windows\System\dRQUKwQ.exe
  2⤵
  PID:568
- C:\Windows\System\IyjVVuD.exe
  C:\Windows\System\IyjVVuD.exe
  2⤵
  PID:2504
- C:\Windows\System\ouUTGTW.exe
  C:\Windows\System\ouUTGTW.exe
  2⤵
  PID:2056
- C:\Windows\System\codpzBw.exe
  C:\Windows\System\codpzBw.exe
  2⤵
  PID:1932
- C:\Windows\System\KWjtcyO.exe
  C:\Windows\System\KWjtcyO.exe
  2⤵
  PID:2432
- C:\Windows\System\FXuFaWN.exe
  C:\Windows\System\FXuFaWN.exe
  2⤵
  PID:2488
- C:\Windows\System\cvmayvH.exe
  C:\Windows\System\cvmayvH.exe
  2⤵
  PID:972
- C:\Windows\System\eWAThqW.exe
  C:\Windows\System\eWAThqW.exe
  2⤵
  PID:1756
- C:\Windows\System\CxNjrGK.exe
  C:\Windows\System\CxNjrGK.exe
  2⤵
  PID:2364
- C:\Windows\System\pvsQVIU.exe
  C:\Windows\System\pvsQVIU.exe
  2⤵
  PID:2440
- C:\Windows\System\iicTxSk.exe
  C:\Windows\System\iicTxSk.exe
  2⤵
  PID:1336
- C:\Windows\System\rfxyUxG.exe
  C:\Windows\System\rfxyUxG.exe
  2⤵
  PID:532
- C:\Windows\System\LagyHti.exe
  C:\Windows\System\LagyHti.exe
  2⤵
  PID:2180
- C:\Windows\System\vUvhJPM.exe
  C:\Windows\System\vUvhJPM.exe
  2⤵
  PID:2216
- C:\Windows\System\pXkQxLA.exe
  C:\Windows\System\pXkQxLA.exe
  2⤵
  PID:2656
- C:\Windows\System\dSCaTLs.exe
  C:\Windows\System\dSCaTLs.exe
  2⤵
  PID:2796
- C:\Windows\System\JSpYioi.exe
  C:\Windows\System\JSpYioi.exe
  2⤵
  PID:2676
- C:\Windows\System\uEttbVm.exe
  C:\Windows\System\uEttbVm.exe
  2⤵
  PID:2776
- C:\Windows\System\HqsfmkF.exe
  C:\Windows\System\HqsfmkF.exe
  2⤵
  PID:2856
- C:\Windows\System\ueyOINW.exe
  C:\Windows\System\ueyOINW.exe
  2⤵
  PID:1956
- C:\Windows\System\zxwvDMe.exe
  C:\Windows\System\zxwvDMe.exe
  2⤵
  PID:1636
- C:\Windows\System\MwVpmNy.exe
  C:\Windows\System\MwVpmNy.exe
  2⤵
  PID:836
- C:\Windows\System\zPXJBXO.exe
  C:\Windows\System\zPXJBXO.exe
  2⤵
  PID:2644
- C:\Windows\System\EbmpyLV.exe
  C:\Windows\System\EbmpyLV.exe
  2⤵
  PID:1572
- C:\Windows\System\VNBbVHM.exe
  C:\Windows\System\VNBbVHM.exe
  2⤵
  PID:1128
- C:\Windows\System\KSVqvps.exe
  C:\Windows\System\KSVqvps.exe
  2⤵
  PID:2888
- C:\Windows\System\BGSzXjA.exe
  C:\Windows\System\BGSzXjA.exe
  2⤵
  PID:1708
- C:\Windows\System\uzgFLmi.exe
  C:\Windows\System\uzgFLmi.exe
  2⤵
  PID:2384
- C:\Windows\System\WSIWPeZ.exe
  C:\Windows\System\WSIWPeZ.exe
  2⤵
  PID:2512
- C:\Windows\System\dhprQUv.exe
  C:\Windows\System\dhprQUv.exe
  2⤵
  PID:1324
- C:\Windows\System\fUXQnqK.exe
  C:\Windows\System\fUXQnqK.exe
  2⤵
  PID:1828
- C:\Windows\System\AqTimyp.exe
  C:\Windows\System\AqTimyp.exe
  2⤵
  PID:1644
- C:\Windows\System\WNDRqYS.exe
  C:\Windows\System\WNDRqYS.exe
  2⤵
  PID:960
- C:\Windows\System\yEeXkLb.exe
  C:\Windows\System\yEeXkLb.exe
  2⤵
  PID:2756
- C:\Windows\System\wCQIWqv.exe
  C:\Windows\System\wCQIWqv.exe
  2⤵
  PID:2908
- C:\Windows\System\BORKCoU.exe
  C:\Windows\System\BORKCoU.exe
  2⤵
  PID:2960
- C:\Windows\System\ObOXyaa.exe
  C:\Windows\System\ObOXyaa.exe
  2⤵
  PID:2952
- C:\Windows\System\ZlzfMbV.exe
  C:\Windows\System\ZlzfMbV.exe
  2⤵
  PID:1632
- C:\Windows\System\XNUXrvP.exe
  C:\Windows\System\XNUXrvP.exe
  2⤵
  PID:624
- C:\Windows\System\dHznhfw.exe
  C:\Windows\System\dHznhfw.exe
  2⤵
  PID:1608
- C:\Windows\System\qIGgSik.exe
  C:\Windows\System\qIGgSik.exe
  2⤵
  PID:1748
- C:\Windows\System\ksWnFct.exe
  C:\Windows\System\ksWnFct.exe
  2⤵
  PID:2172
- C:\Windows\System\FYCFAss.exe
  C:\Windows\System\FYCFAss.exe
  2⤵
  PID:2916
- C:\Windows\System\dGYDbON.exe
  C:\Windows\System\dGYDbON.exe
  2⤵
  PID:1316
- C:\Windows\System\eZytiNC.exe
  C:\Windows\System\eZytiNC.exe
  2⤵
  PID:2204
- C:\Windows\System\IsHyIYE.exe
  C:\Windows\System\IsHyIYE.exe
  2⤵
  PID:2640
- C:\Windows\System\SemoDkv.exe
  C:\Windows\System\SemoDkv.exe
  2⤵
  PID:1540
- C:\Windows\System\rTPWgbR.exe
  C:\Windows\System\rTPWgbR.exe
  2⤵
  PID:1592
- C:\Windows\System\ZXMKjNr.exe
  C:\Windows\System\ZXMKjNr.exe
  2⤵
  PID:2196
- C:\Windows\System\yZKpWkj.exe
  C:\Windows\System\yZKpWkj.exe
  2⤵
  PID:2764
- C:\Windows\System\WppxOfl.exe
  C:\Windows\System\WppxOfl.exe
  2⤵
  PID:2700
- C:\Windows\System\pSLwfOn.exe
  C:\Windows\System\pSLwfOn.exe
  2⤵
  PID:2028
- C:\Windows\System\eYIAKjS.exe
  C:\Windows\System\eYIAKjS.exe
  2⤵
  PID:2780
- C:\Windows\System\JGehvaA.exe
  C:\Windows\System\JGehvaA.exe
  2⤵
  PID:2632
- C:\Windows\System\CRZqUbp.exe
  C:\Windows\System\CRZqUbp.exe
  2⤵
  PID:2508
- C:\Windows\System\AZYpkax.exe
  C:\Windows\System\AZYpkax.exe
  2⤵
  PID:1264
- C:\Windows\System\dcCANLK.exe
  C:\Windows\System\dcCANLK.exe
  2⤵
  PID:944
- C:\Windows\System\ruEYNhC.exe
  C:\Windows\System\ruEYNhC.exe
  2⤵
  PID:1328
- C:\Windows\System\fJMgJTc.exe
  C:\Windows\System\fJMgJTc.exe
  2⤵
  PID:2628
- C:\Windows\System\VAUwgBq.exe
  C:\Windows\System\VAUwgBq.exe
  2⤵
  PID:1928
- C:\Windows\System\vXXJkVR.exe
  C:\Windows\System\vXXJkVR.exe
  2⤵
  PID:1732
- C:\Windows\System\BYyucRq.exe
  C:\Windows\System\BYyucRq.exe
  2⤵
  PID:560
- C:\Windows\System\FXGDrjq.exe
  C:\Windows\System\FXGDrjq.exe
  2⤵
  PID:880
- C:\Windows\System\sLofhKZ.exe
  C:\Windows\System\sLofhKZ.exe
  2⤵
  PID:2864
- C:\Windows\System\KAXuhIL.exe
  C:\Windows\System\KAXuhIL.exe
  2⤵
  PID:1084
- C:\Windows\System\axdBdkg.exe
  C:\Windows\System\axdBdkg.exe
  2⤵
  PID:2592
- C:\Windows\System\GoNeybS.exe
  C:\Windows\System\GoNeybS.exe
  2⤵
  PID:1792
- C:\Windows\System\rQxTBYs.exe
  C:\Windows\System\rQxTBYs.exe
  2⤵
  PID:2368
- C:\Windows\System\hRktzRr.exe
  C:\Windows\System\hRktzRr.exe
  2⤵
  PID:524
- C:\Windows\System\TemQaAA.exe
  C:\Windows\System\TemQaAA.exe
  2⤵
  PID:2004
- C:\Windows\System\lmmTSel.exe
  C:\Windows\System\lmmTSel.exe
  2⤵
  PID:2124
- C:\Windows\System\jzKIqNu.exe
  C:\Windows\System\jzKIqNu.exe
  2⤵
  PID:2588
- C:\Windows\System\MkDGgnj.exe
  C:\Windows\System\MkDGgnj.exe
  2⤵
  PID:1396
- C:\Windows\System\RceLRHM.exe
  C:\Windows\System\RceLRHM.exe
  2⤵
  PID:2980
- C:\Windows\System\LbQkNAe.exe
  C:\Windows\System\LbQkNAe.exe
  2⤵
  PID:2208
- C:\Windows\System\BrKJSgN.exe
  C:\Windows\System\BrKJSgN.exe
  2⤵
  PID:1960
- C:\Windows\System\CVCGXgW.exe
  C:\Windows\System\CVCGXgW.exe
  2⤵
  PID:784
- C:\Windows\System\SCXpPYH.exe
  C:\Windows\System\SCXpPYH.exe
  2⤵
  PID:2792
- C:\Windows\System\RsqRhMS.exe
  C:\Windows\System\RsqRhMS.exe
  2⤵
  PID:1940
- C:\Windows\System\KaoGuxA.exe
  C:\Windows\System\KaoGuxA.exe
  2⤵
  PID:1604
- C:\Windows\System\LSVhQlF.exe
  C:\Windows\System\LSVhQlF.exe
  2⤵
  PID:2272
- C:\Windows\System\mWxawpL.exe
  C:\Windows\System\mWxawpL.exe
  2⤵
  PID:2360
- C:\Windows\System\NhdHfKr.exe
  C:\Windows\System\NhdHfKr.exe
  2⤵
  PID:2924
- C:\Windows\System\zYgRbea.exe
  C:\Windows\System\zYgRbea.exe
  2⤵
  PID:2604
- C:\Windows\System\TmyZBXu.exe
  C:\Windows\System\TmyZBXu.exe
  2⤵
  PID:2580
- C:\Windows\System\jyOlFWA.exe
  C:\Windows\System\jyOlFWA.exe
  2⤵
  PID:2152
- C:\Windows\System\CwdbdtR.exe
  C:\Windows\System\CwdbdtR.exe
  2⤵
  PID:2932
- C:\Windows\System\wCnfigr.exe
  C:\Windows\System\wCnfigr.exe
  2⤵
  PID:1740
- C:\Windows\System\pilrzCW.exe
  C:\Windows\System\pilrzCW.exe
  2⤵
  PID:2316
- C:\Windows\System\wnUpuxj.exe
  C:\Windows\System\wnUpuxj.exe
  2⤵
  PID:2556
- C:\Windows\System\FLFQEPQ.exe
  C:\Windows\System\FLFQEPQ.exe
  2⤵
  PID:1764
- C:\Windows\System\LphGLBY.exe
  C:\Windows\System\LphGLBY.exe
  2⤵
  PID:3084
- C:\Windows\System\HloQrZR.exe
  C:\Windows\System\HloQrZR.exe
  2⤵
  PID:3100
- C:\Windows\System\bLCZAWs.exe
  C:\Windows\System\bLCZAWs.exe
  2⤵
  PID:3116
- C:\Windows\System\MeBZaNE.exe
  C:\Windows\System\MeBZaNE.exe
  2⤵
  PID:3132
- C:\Windows\System\CwOysvx.exe
  C:\Windows\System\CwOysvx.exe
  2⤵
  PID:3148
- C:\Windows\System\vkqFSdW.exe
  C:\Windows\System\vkqFSdW.exe
  2⤵
  PID:3164
- C:\Windows\System\mBDUgwy.exe
  C:\Windows\System\mBDUgwy.exe
  2⤵
  PID:3184
- C:\Windows\System\UduukLd.exe
  C:\Windows\System\UduukLd.exe
  2⤵
  PID:3208
- C:\Windows\System\qIXksSv.exe
  C:\Windows\System\qIXksSv.exe
  2⤵
  PID:3232
- C:\Windows\System\wdLgieL.exe
  C:\Windows\System\wdLgieL.exe
  2⤵
  PID:3252
- C:\Windows\System\vDqPQFU.exe
  C:\Windows\System\vDqPQFU.exe
  2⤵
  PID:3268
- C:\Windows\System\GZfFOdU.exe
  C:\Windows\System\GZfFOdU.exe
  2⤵
  PID:3292
- C:\Windows\System\HQXgNrO.exe
  C:\Windows\System\HQXgNrO.exe
  2⤵
  PID:3312
- C:\Windows\System\PJiwiZp.exe
  C:\Windows\System\PJiwiZp.exe
  2⤵
  PID:3372
- C:\Windows\System\JplISkn.exe
  C:\Windows\System\JplISkn.exe
  2⤵
  PID:3392
- C:\Windows\System\CsmYbDn.exe
  C:\Windows\System\CsmYbDn.exe
  2⤵
  PID:3408
- C:\Windows\System\zKyRmdn.exe
  C:\Windows\System\zKyRmdn.exe
  2⤵
  PID:3424
- C:\Windows\System\ahGsYDh.exe
  C:\Windows\System\ahGsYDh.exe
  2⤵
  PID:3440
- C:\Windows\System\MWFiwqF.exe
  C:\Windows\System\MWFiwqF.exe
  2⤵
  PID:3456
- C:\Windows\System\WrknsXj.exe
  C:\Windows\System\WrknsXj.exe
  2⤵
  PID:3476
- C:\Windows\System\nFZqPsp.exe
  C:\Windows\System\nFZqPsp.exe
  2⤵
  PID:3504
- C:\Windows\System\zidyyAH.exe
  C:\Windows\System\zidyyAH.exe
  2⤵
  PID:3520
- C:\Windows\System\MMZruTj.exe
  C:\Windows\System\MMZruTj.exe
  2⤵
  PID:3544
- C:\Windows\System\JizsVqK.exe
  C:\Windows\System\JizsVqK.exe
  2⤵
  PID:3568
- C:\Windows\System\JKIUJaP.exe
  C:\Windows\System\JKIUJaP.exe
  2⤵
  PID:3584
- C:\Windows\System\RseHwuG.exe
  C:\Windows\System\RseHwuG.exe
  2⤵
  PID:3604
- C:\Windows\System\PqaTWbD.exe
  C:\Windows\System\PqaTWbD.exe
  2⤵
  PID:3620
- C:\Windows\System\PTuVLnY.exe
  C:\Windows\System\PTuVLnY.exe
  2⤵
  PID:3644
- C:\Windows\System\xQbKecJ.exe
  C:\Windows\System\xQbKecJ.exe
  2⤵
  PID:3672
- C:\Windows\System\jLppKdM.exe
  C:\Windows\System\jLppKdM.exe
  2⤵
  PID:3688
- C:\Windows\System\tQZNmaT.exe
  C:\Windows\System\tQZNmaT.exe
  2⤵
  PID:3704
- C:\Windows\System\eJrSOXs.exe
  C:\Windows\System\eJrSOXs.exe
  2⤵
  PID:3720
- C:\Windows\System\KLJYtkJ.exe
  C:\Windows\System\KLJYtkJ.exe
  2⤵
  PID:3736
- C:\Windows\System\RbULbjU.exe
  C:\Windows\System\RbULbjU.exe
  2⤵
  PID:3756
- C:\Windows\System\UvIbSNO.exe
  C:\Windows\System\UvIbSNO.exe
  2⤵
  PID:3772
- C:\Windows\System\PcZaQnK.exe
  C:\Windows\System\PcZaQnK.exe
  2⤵
  PID:3788
- C:\Windows\System\VnSNnfl.exe
  C:\Windows\System\VnSNnfl.exe
  2⤵
  PID:3816
- C:\Windows\System\PLuoOmd.exe
  C:\Windows\System\PLuoOmd.exe
  2⤵
  PID:3832
- C:\Windows\System\RowxwPX.exe
  C:\Windows\System\RowxwPX.exe
  2⤵
  PID:3872
- C:\Windows\System\bkVDtzM.exe
  C:\Windows\System\bkVDtzM.exe
  2⤵
  PID:3892
- C:\Windows\System\DsPNmFr.exe
  C:\Windows\System\DsPNmFr.exe
  2⤵
  PID:3908
- C:\Windows\System\TWRQSAB.exe
  C:\Windows\System\TWRQSAB.exe
  2⤵
  PID:3928
- C:\Windows\System\YidpOCY.exe
  C:\Windows\System\YidpOCY.exe
  2⤵
  PID:3948
- C:\Windows\System\yQPhDXe.exe
  C:\Windows\System\yQPhDXe.exe
  2⤵
  PID:3968
- C:\Windows\System\eCbzojT.exe
  C:\Windows\System\eCbzojT.exe
  2⤵
  PID:3984
- C:\Windows\System\WrTyYdw.exe
  C:\Windows\System\WrTyYdw.exe
  2⤵
  PID:4000
- C:\Windows\System\ekSjbvD.exe
  C:\Windows\System\ekSjbvD.exe
  2⤵
  PID:4016
- C:\Windows\System\rGkEovi.exe
  C:\Windows\System\rGkEovi.exe
  2⤵
  PID:4032
- C:\Windows\System\QeUpPNh.exe
  C:\Windows\System\QeUpPNh.exe
  2⤵
  PID:4056
- C:\Windows\System\gGrsUsP.exe
  C:\Windows\System\gGrsUsP.exe
  2⤵
  PID:4080
- C:\Windows\System\zhbpNcG.exe
  C:\Windows\System\zhbpNcG.exe
  2⤵
  PID:2540
- C:\Windows\System\tgYnrQk.exe
  C:\Windows\System\tgYnrQk.exe
  2⤵
  PID:3112
- C:\Windows\System\ZzaPdOB.exe
  C:\Windows\System\ZzaPdOB.exe
  2⤵
  PID:3176
- C:\Windows\System\VJGAVZG.exe
  C:\Windows\System\VJGAVZG.exe
  2⤵
  PID:2424
- C:\Windows\System\XfvkXaT.exe
  C:\Windows\System\XfvkXaT.exe
  2⤵
  PID:3304
- C:\Windows\System\hXEZwfz.exe
  C:\Windows\System\hXEZwfz.exe
  2⤵
  PID:3160
- C:\Windows\System\JWUpspi.exe
  C:\Windows\System\JWUpspi.exe
  2⤵
  PID:3204
- C:\Windows\System\RlABAVz.exe
  C:\Windows\System\RlABAVz.exe
  2⤵
  PID:3276
- C:\Windows\System\cAaUhKn.exe
  C:\Windows\System\cAaUhKn.exe
  2⤵
  PID:1776
- C:\Windows\System\lYcXLUK.exe
  C:\Windows\System\lYcXLUK.exe
  2⤵
  PID:3124
- C:\Windows\System\vxUfpoT.exe
  C:\Windows\System\vxUfpoT.exe
  2⤵
  PID:3336
- C:\Windows\System\tunEPHf.exe
  C:\Windows\System\tunEPHf.exe
  2⤵
  PID:3356
- C:\Windows\System\yUxtUji.exe
  C:\Windows\System\yUxtUji.exe
  2⤵
  PID:3384
- C:\Windows\System\DyyjMHx.exe
  C:\Windows\System\DyyjMHx.exe
  2⤵
  PID:3432
- C:\Windows\System\NYKcpMt.exe
  C:\Windows\System\NYKcpMt.exe
  2⤵
  PID:3464
- C:\Windows\System\GpLJkpv.exe
  C:\Windows\System\GpLJkpv.exe
  2⤵
  PID:3500
- C:\Windows\System\wchdIRJ.exe
  C:\Windows\System\wchdIRJ.exe
  2⤵
  PID:3472
- C:\Windows\System\RvJXEOK.exe
  C:\Windows\System\RvJXEOK.exe
  2⤵
  PID:3512
- C:\Windows\System\hrJGrvR.exe
  C:\Windows\System\hrJGrvR.exe
  2⤵
  PID:3516
- C:\Windows\System\sGjyZgm.exe
  C:\Windows\System\sGjyZgm.exe
  2⤵
  PID:3664
- C:\Windows\System\viBBZRl.exe
  C:\Windows\System\viBBZRl.exe
  2⤵
  PID:3656
- C:\Windows\System\yGkjhJx.exe
  C:\Windows\System\yGkjhJx.exe
  2⤵
  PID:3728
- C:\Windows\System\AlTnsFu.exe
  C:\Windows\System\AlTnsFu.exe
  2⤵
  PID:3796
- C:\Windows\System\xFfoNRB.exe
  C:\Windows\System\xFfoNRB.exe
  2⤵
  PID:3840
- C:\Windows\System\nWJWRyg.exe
  C:\Windows\System\nWJWRyg.exe
  2⤵
  PID:3716
- C:\Windows\System\OdSfCwd.exe
  C:\Windows\System\OdSfCwd.exe
  2⤵
  PID:3824
- C:\Windows\System\PgRrcUa.exe
  C:\Windows\System\PgRrcUa.exe
  2⤵
  PID:3900
- C:\Windows\System\zCUgZWy.exe
  C:\Windows\System\zCUgZWy.exe
  2⤵
  PID:3936
- C:\Windows\System\SNBWdhz.exe
  C:\Windows\System\SNBWdhz.exe
  2⤵
  PID:3980
- C:\Windows\System\wyBZLpb.exe
  C:\Windows\System\wyBZLpb.exe
  2⤵
  PID:3924
- C:\Windows\System\yxQXkyP.exe
  C:\Windows\System\yxQXkyP.exe
  2⤵
  PID:4048
- C:\Windows\System\ZGsFTII.exe
  C:\Windows\System\ZGsFTII.exe
  2⤵
  PID:2716
- C:\Windows\System\zaeZgwv.exe
  C:\Windows\System\zaeZgwv.exe
  2⤵
  PID:3216
- C:\Windows\System\TDHQzHO.exe
  C:\Windows\System\TDHQzHO.exe
  2⤵
  PID:3996
- C:\Windows\System\CBaZOpn.exe
  C:\Windows\System\CBaZOpn.exe
  2⤵
  PID:396
- C:\Windows\System\xOmSMkC.exe
  C:\Windows\System\xOmSMkC.exe
  2⤵
  PID:4068
- C:\Windows\System\vTRhcTL.exe
  C:\Windows\System\vTRhcTL.exe
  2⤵
  PID:1480
- C:\Windows\System\vMUNBZF.exe
  C:\Windows\System\vMUNBZF.exe
  2⤵
  PID:3332
- C:\Windows\System\IdCQdwv.exe
  C:\Windows\System\IdCQdwv.exe
  2⤵
  PID:3156
- C:\Windows\System\iiMhXwk.exe
  C:\Windows\System\iiMhXwk.exe
  2⤵
  PID:3348
- C:\Windows\System\gYhfOfa.exe
  C:\Windows\System\gYhfOfa.exe
  2⤵
  PID:3360
- C:\Windows\System\spMwoud.exe
  C:\Windows\System\spMwoud.exe
  2⤵
  PID:3244
- C:\Windows\System\QJlirCk.exe
  C:\Windows\System\QJlirCk.exe
  2⤵
  PID:3484
- C:\Windows\System\eVZmJkJ.exe
  C:\Windows\System\eVZmJkJ.exe
  2⤵
  PID:3556
- C:\Windows\System\DpaPodk.exe
  C:\Windows\System\DpaPodk.exe
  2⤵
  PID:3560
- C:\Windows\System\LnEzzqa.exe
  C:\Windows\System\LnEzzqa.exe
  2⤵
  PID:2300
- C:\Windows\System\blDsEpc.exe
  C:\Windows\System\blDsEpc.exe
  2⤵
  PID:3564
- C:\Windows\System\xoIvGAY.exe
  C:\Windows\System\xoIvGAY.exe
  2⤵
  PID:3848
- C:\Windows\System\WQFTQBm.exe
  C:\Windows\System\WQFTQBm.exe
  2⤵
  PID:3860
- C:\Windows\System\IVZXnJl.exe
  C:\Windows\System\IVZXnJl.exe
  2⤵
  PID:3976
- C:\Windows\System\UCEOyWm.exe
  C:\Windows\System\UCEOyWm.exe
  2⤵
  PID:3144
- C:\Windows\System\wJjHGem.exe
  C:\Windows\System\wJjHGem.exe
  2⤵
  PID:4076
- C:\Windows\System\MTRLIfq.exe
  C:\Windows\System\MTRLIfq.exe
  2⤵
  PID:3992
- C:\Windows\System\ZhojAOa.exe
  C:\Windows\System\ZhojAOa.exe
  2⤵
  PID:3964
- C:\Windows\System\GkpRdnF.exe
  C:\Windows\System\GkpRdnF.exe
  2⤵
  PID:3200
- C:\Windows\System\ihhVKns.exe
  C:\Windows\System\ihhVKns.exe
  2⤵
  PID:3096
- C:\Windows\System\PxnFbrV.exe
  C:\Windows\System\PxnFbrV.exe
  2⤵
  PID:3552
- C:\Windows\System\AZJsPZO.exe
  C:\Windows\System\AZJsPZO.exe
  2⤵
  PID:3780
- C:\Windows\System\WuDeJlW.exe
  C:\Windows\System\WuDeJlW.exe
  2⤵
  PID:3768
- C:\Windows\System\NtzayNb.exe
  C:\Windows\System\NtzayNb.exe
  2⤵
  PID:3804
- C:\Windows\System\zobvLFF.exe
  C:\Windows\System\zobvLFF.exe
  2⤵
  PID:3684
- C:\Windows\System\RmaawJb.exe
  C:\Windows\System\RmaawJb.exe
  2⤵
  PID:3808
- C:\Windows\System\iSPyiHr.exe
  C:\Windows\System\iSPyiHr.exe
  2⤵
  PID:3264
- C:\Windows\System\DBzthDJ.exe
  C:\Windows\System\DBzthDJ.exe
  2⤵
  PID:3404
- C:\Windows\System\HlOzzcH.exe
  C:\Windows\System\HlOzzcH.exe
  2⤵
  PID:3856
- C:\Windows\System\iQoNXNB.exe
  C:\Windows\System\iQoNXNB.exe
  2⤵
  PID:3300
- C:\Windows\System\qZmEUnb.exe
  C:\Windows\System\qZmEUnb.exe
  2⤵
  PID:3532
- C:\Windows\System\zcsvkyb.exe
  C:\Windows\System\zcsvkyb.exe
  2⤵
  PID:3492
- C:\Windows\System\LHtSgNv.exe
  C:\Windows\System\LHtSgNv.exe
  2⤵
  PID:3784
- C:\Windows\System\rSDlOIM.exe
  C:\Windows\System\rSDlOIM.exe
  2⤵
  PID:3468
- C:\Windows\System\fvUVsut.exe
  C:\Windows\System\fvUVsut.exe
  2⤵
  PID:3108
- C:\Windows\System\dmxMOmd.exe
  C:\Windows\System\dmxMOmd.exe
  2⤵
  PID:4108
- C:\Windows\System\jFZagKL.exe
  C:\Windows\System\jFZagKL.exe
  2⤵
  PID:4128
- C:\Windows\System\oLFKQtT.exe
  C:\Windows\System\oLFKQtT.exe
  2⤵
  PID:4144
- C:\Windows\System\rnUyQAv.exe
  C:\Windows\System\rnUyQAv.exe
  2⤵
  PID:4200
- C:\Windows\System\mfCqxts.exe
  C:\Windows\System\mfCqxts.exe
  2⤵
  PID:4216
- C:\Windows\System\MFTtAWQ.exe
  C:\Windows\System\MFTtAWQ.exe
  2⤵
  PID:4232
- C:\Windows\System\MXAitiD.exe
  C:\Windows\System\MXAitiD.exe
  2⤵
  PID:4252
- C:\Windows\System\GONfWOh.exe
  C:\Windows\System\GONfWOh.exe
  2⤵
  PID:4268
- C:\Windows\System\vTFhRwF.exe
  C:\Windows\System\vTFhRwF.exe
  2⤵
  PID:4284
- C:\Windows\System\beYYlOw.exe
  C:\Windows\System\beYYlOw.exe
  2⤵
  PID:4300
- C:\Windows\System\rAuVQQC.exe
  C:\Windows\System\rAuVQQC.exe
  2⤵
  PID:4320
- C:\Windows\System\fgqcVKK.exe
  C:\Windows\System\fgqcVKK.exe
  2⤵
  PID:4344
- C:\Windows\System\VMUrtgl.exe
  C:\Windows\System\VMUrtgl.exe
  2⤵
  PID:4364
- C:\Windows\System\DjEypNP.exe
  C:\Windows\System\DjEypNP.exe
  2⤵
  PID:4392
- C:\Windows\System\xEpOHhK.exe
  C:\Windows\System\xEpOHhK.exe
  2⤵
  PID:4408
- C:\Windows\System\mrcHOiD.exe
  C:\Windows\System\mrcHOiD.exe
  2⤵
  PID:4424
- C:\Windows\System\cqHXREx.exe
  C:\Windows\System\cqHXREx.exe
  2⤵
  PID:4444
- C:\Windows\System\IjTTdrm.exe
  C:\Windows\System\IjTTdrm.exe
  2⤵
  PID:4472
- C:\Windows\System\xBzmhZR.exe
  C:\Windows\System\xBzmhZR.exe
  2⤵
  PID:4492
- C:\Windows\System\plDMLHj.exe
  C:\Windows\System\plDMLHj.exe
  2⤵
  PID:4512
- C:\Windows\System\rCLZaJp.exe
  C:\Windows\System\rCLZaJp.exe
  2⤵
  PID:4528
- C:\Windows\System\mEShagD.exe
  C:\Windows\System\mEShagD.exe
  2⤵
  PID:4552
- C:\Windows\System\plPBDnE.exe
  C:\Windows\System\plPBDnE.exe
  2⤵
  PID:4568
- C:\Windows\System\YQAKchD.exe
  C:\Windows\System\YQAKchD.exe
  2⤵
  PID:4584
- C:\Windows\System\OVeyGVR.exe
  C:\Windows\System\OVeyGVR.exe
  2⤵
  PID:4624
- C:\Windows\System\jPeSEya.exe
  C:\Windows\System\jPeSEya.exe
  2⤵
  PID:4644
- C:\Windows\System\PnzcwZg.exe
  C:\Windows\System\PnzcwZg.exe
  2⤵
  PID:4660
- C:\Windows\System\ujyHhOW.exe
  C:\Windows\System\ujyHhOW.exe
  2⤵
  PID:4676
- C:\Windows\System\bZtQwaJ.exe
  C:\Windows\System\bZtQwaJ.exe
  2⤵
  PID:4696
- C:\Windows\System\JhXfkpG.exe
  C:\Windows\System\JhXfkpG.exe
  2⤵
  PID:4712
- C:\Windows\System\egZBIIg.exe
  C:\Windows\System\egZBIIg.exe
  2⤵
  PID:4732
- C:\Windows\System\AYGkYPF.exe
  C:\Windows\System\AYGkYPF.exe
  2⤵
  PID:4760
- C:\Windows\System\SKgJuxP.exe
  C:\Windows\System\SKgJuxP.exe
  2⤵
  PID:4776
- C:\Windows\System\ubQKBnD.exe
  C:\Windows\System\ubQKBnD.exe
  2⤵
  PID:4792
- C:\Windows\System\dnPEHRW.exe
  C:\Windows\System\dnPEHRW.exe
  2⤵
  PID:4808
- C:\Windows\System\eXfElYP.exe
  C:\Windows\System\eXfElYP.exe
  2⤵
  PID:4824
- C:\Windows\System\ILWUHFV.exe
  C:\Windows\System\ILWUHFV.exe
  2⤵
  PID:4860
- C:\Windows\System\ZRZqNtf.exe
  C:\Windows\System\ZRZqNtf.exe
  2⤵
  PID:4880
- C:\Windows\System\qPtvXJF.exe
  C:\Windows\System\qPtvXJF.exe
  2⤵
  PID:4900
- C:\Windows\System\hfrhWbB.exe
  C:\Windows\System\hfrhWbB.exe
  2⤵
  PID:4916
- C:\Windows\System\YCEaRtN.exe
  C:\Windows\System\YCEaRtN.exe
  2⤵
  PID:4936
- C:\Windows\System\CDtZWZI.exe
  C:\Windows\System\CDtZWZI.exe
  2⤵
  PID:4952
- C:\Windows\System\eWPDTwj.exe
  C:\Windows\System\eWPDTwj.exe
  2⤵
  PID:4968
- C:\Windows\System\tmhZweU.exe
  C:\Windows\System\tmhZweU.exe
  2⤵
  PID:4984
- C:\Windows\System\ZHdevXy.exe
  C:\Windows\System\ZHdevXy.exe
  2⤵
  PID:5004
- C:\Windows\System\yhOsTOL.exe
  C:\Windows\System\yhOsTOL.exe
  2⤵
  PID:5028
- C:\Windows\System\WZmyMcm.exe
  C:\Windows\System\WZmyMcm.exe
  2⤵
  PID:5048
- C:\Windows\System\GLllKfm.exe
  C:\Windows\System\GLllKfm.exe
  2⤵
  PID:5064
- C:\Windows\System\IFplxqs.exe
  C:\Windows\System\IFplxqs.exe
  2⤵
  PID:5084
- C:\Windows\System\EIUQToH.exe
  C:\Windows\System\EIUQToH.exe
  2⤵
  PID:5108
- C:\Windows\System\xTZrhNR.exe
  C:\Windows\System\xTZrhNR.exe
  2⤵
  PID:3636
- C:\Windows\System\pISbfnR.exe
  C:\Windows\System\pISbfnR.exe
  2⤵
  PID:3448
- C:\Windows\System\HnMsOjG.exe
  C:\Windows\System\HnMsOjG.exe
  2⤵
  PID:3864
- C:\Windows\System\sPEkCdu.exe
  C:\Windows\System\sPEkCdu.exe
  2⤵
  PID:4152
- C:\Windows\System\VobsQDl.exe
  C:\Windows\System\VobsQDl.exe
  2⤵
  PID:4176
- C:\Windows\System\doMfzGw.exe
  C:\Windows\System\doMfzGw.exe
  2⤵
  PID:4136
- C:\Windows\System\BVCcums.exe
  C:\Windows\System\BVCcums.exe
  2⤵
  PID:3196
- C:\Windows\System\wbMUNfp.exe
  C:\Windows\System\wbMUNfp.exe
  2⤵
  PID:4160
- C:\Windows\System\yHBAlXh.exe
  C:\Windows\System\yHBAlXh.exe
  2⤵
  PID:4260
- C:\Windows\System\VlSrUrL.exe
  C:\Windows\System\VlSrUrL.exe
  2⤵
  PID:4244
- C:\Windows\System\uzcGhEz.exe
  C:\Windows\System\uzcGhEz.exe
  2⤵
  PID:4308
- C:\Windows\System\AEptTGx.exe
  C:\Windows\System\AEptTGx.exe
  2⤵
  PID:4376
- C:\Windows\System\DSltslR.exe
  C:\Windows\System\DSltslR.exe
  2⤵
  PID:4416
- C:\Windows\System\dwGeZUL.exe
  C:\Windows\System\dwGeZUL.exe
  2⤵
  PID:4456
- C:\Windows\System\oNpyZYU.exe
  C:\Windows\System\oNpyZYU.exe
  2⤵
  PID:4520
- C:\Windows\System\NXrmIyx.exe
  C:\Windows\System\NXrmIyx.exe
  2⤵
  PID:4436
- C:\Windows\System\oPDvijj.exe
  C:\Windows\System\oPDvijj.exe
  2⤵
  PID:4576
- C:\Windows\System\dKHcQMt.exe
  C:\Windows\System\dKHcQMt.exe
  2⤵
  PID:4580
- C:\Windows\System\qnxkqFk.exe
  C:\Windows\System\qnxkqFk.exe
  2⤵
  PID:4596
- C:\Windows\System\WmredUt.exe
  C:\Windows\System\WmredUt.exe
  2⤵
  PID:4612
- C:\Windows\System\maEXCFu.exe
  C:\Windows\System\maEXCFu.exe
  2⤵
  PID:4636
- C:\Windows\System\cDdqwtc.exe
  C:\Windows\System\cDdqwtc.exe
  2⤵
  PID:4704
- C:\Windows\System\zaWziqV.exe
  C:\Windows\System\zaWziqV.exe
  2⤵
  PID:4740
- C:\Windows\System\MdptlgR.exe
  C:\Windows\System\MdptlgR.exe
  2⤵
  PID:4744
- C:\Windows\System\BsQFOwW.exe
  C:\Windows\System\BsQFOwW.exe
  2⤵
  PID:4656
- C:\Windows\System\zHfFjmB.exe
  C:\Windows\System\zHfFjmB.exe
  2⤵
  PID:4820
- C:\Windows\System\OifUAWq.exe
  C:\Windows\System\OifUAWq.exe
  2⤵
  PID:4840
- C:\Windows\System\Uvshvmd.exe
  C:\Windows\System\Uvshvmd.exe
  2⤵
  PID:4856
- C:\Windows\System\jcAcYqM.exe
  C:\Windows\System\jcAcYqM.exe
  2⤵
  PID:4876
- C:\Windows\System\ErqTqZc.exe
  C:\Windows\System\ErqTqZc.exe
  2⤵
  PID:4948
- C:\Windows\System\clmsYWB.exe
  C:\Windows\System\clmsYWB.exe
  2⤵
  PID:4976
- C:\Windows\System\YlvLKYM.exe
  C:\Windows\System\YlvLKYM.exe
  2⤵
  PID:4896
- C:\Windows\System\kQlOGUU.exe
  C:\Windows\System\kQlOGUU.exe
  2⤵
  PID:5000
- C:\Windows\System\cfodbbZ.exe
  C:\Windows\System\cfodbbZ.exe
  2⤵
  PID:5024
- C:\Windows\System\UarSJVT.exe
  C:\Windows\System\UarSJVT.exe
  2⤵
  PID:5096
- C:\Windows\System\PUdgqsO.exe
  C:\Windows\System\PUdgqsO.exe
  2⤵
  PID:3368
- C:\Windows\System\sakfLxf.exe
  C:\Windows\System\sakfLxf.exe
  2⤵
  PID:4184
- C:\Windows\System\DCZRCqu.exe
  C:\Windows\System\DCZRCqu.exe
  2⤵
  PID:4092
- C:\Windows\System\RCzthlb.exe
  C:\Windows\System\RCzthlb.exe
  2⤵
  PID:5044
- C:\Windows\System\xOSnxsz.exe
  C:\Windows\System\xOSnxsz.exe
  2⤵
  PID:4228
- C:\Windows\System\kelifUG.exe
  C:\Windows\System\kelifUG.exe
  2⤵
  PID:4316
- C:\Windows\System\sSubRiy.exe
  C:\Windows\System\sSubRiy.exe
  2⤵
  PID:4212
- C:\Windows\System\WHRpSxq.exe
  C:\Windows\System\WHRpSxq.exe
  2⤵
  PID:4208
- C:\Windows\System\kjpnuBs.exe
  C:\Windows\System\kjpnuBs.exe
  2⤵
  PID:4464
- C:\Windows\System\jRVoUrw.exe
  C:\Windows\System\jRVoUrw.exe
  2⤵
  PID:4500
- C:\Windows\System\IneKQwH.exe
  C:\Windows\System\IneKQwH.exe
  2⤵
  PID:4432
- C:\Windows\System\PTcgQKC.exe
  C:\Windows\System\PTcgQKC.exe
  2⤵
  PID:4488
- C:\Windows\System\rklAhvF.exe
  C:\Windows\System\rklAhvF.exe
  2⤵
  PID:4592
- C:\Windows\System\jAktYWt.exe
  C:\Windows\System\jAktYWt.exe
  2⤵
  PID:4752
- C:\Windows\System\hHjFyCT.exe
  C:\Windows\System\hHjFyCT.exe
  2⤵
  PID:4620
- C:\Windows\System\nBEDygQ.exe
  C:\Windows\System\nBEDygQ.exe
  2⤵
  PID:4604
- C:\Windows\System\LqtxAbm.exe
  C:\Windows\System\LqtxAbm.exe
  2⤵
  PID:4652
- C:\Windows\System\DwJtkcY.exe
  C:\Windows\System\DwJtkcY.exe
  2⤵
  PID:4924
- C:\Windows\System\TILTxrS.exe
  C:\Windows\System\TILTxrS.exe
  2⤵
  PID:4872
- C:\Windows\System\QPSMAFb.exe
  C:\Windows\System\QPSMAFb.exe
  2⤵
  PID:5012
- C:\Windows\System\YwMBJMb.exe
  C:\Windows\System\YwMBJMb.exe
  2⤵
  PID:4104
- C:\Windows\System\sKmdiUE.exe
  C:\Windows\System\sKmdiUE.exe
  2⤵
  PID:5092
- C:\Windows\System\gLOHqpX.exe
  C:\Windows\System\gLOHqpX.exe
  2⤵
  PID:4196
- C:\Windows\System\PIZKHFy.exe
  C:\Windows\System\PIZKHFy.exe
  2⤵
  PID:5040
- C:\Windows\System\FvFvISs.exe
  C:\Windows\System\FvFvISs.exe
  2⤵
  PID:3752
- C:\Windows\System\NFnTceK.exe
  C:\Windows\System\NFnTceK.exe
  2⤵
  PID:3640
- C:\Windows\System\iZNtpMa.exe
  C:\Windows\System\iZNtpMa.exe
  2⤵
  PID:4384
- C:\Windows\System\MOXIxox.exe
  C:\Windows\System\MOXIxox.exe
  2⤵
  PID:4328
- C:\Windows\System\TOoZosK.exe
  C:\Windows\System\TOoZosK.exe
  2⤵
  PID:4668
- C:\Windows\System\DcZXFjQ.exe
  C:\Windows\System\DcZXFjQ.exe
  2⤵
  PID:4336
- C:\Windows\System\SDAGVQS.exe
  C:\Windows\System\SDAGVQS.exe
  2⤵
  PID:4816
- C:\Windows\System\iBfdoSE.exe
  C:\Windows\System\iBfdoSE.exe
  2⤵
  PID:4800
- C:\Windows\System\taUNqWG.exe
  C:\Windows\System\taUNqWG.exe
  2⤵
  PID:4120
- C:\Windows\System\fYYHQZU.exe
  C:\Windows\System\fYYHQZU.exe
  2⤵
  PID:4852
- C:\Windows\System\rXZxWId.exe
  C:\Windows\System\rXZxWId.exe
  2⤵
  PID:4164
- C:\Windows\System\NuFyPUt.exe
  C:\Windows\System\NuFyPUt.exe
  2⤵
  PID:4460
- C:\Windows\System\IfBLEPw.exe
  C:\Windows\System\IfBLEPw.exe
  2⤵
  PID:4564
- C:\Windows\System\DfzYObU.exe
  C:\Windows\System\DfzYObU.exe
  2⤵
  PID:4772
- C:\Windows\System\jHlQTrT.exe
  C:\Windows\System\jHlQTrT.exe
  2⤵
  PID:4608
- C:\Windows\System\EBACMgS.exe
  C:\Windows\System\EBACMgS.exe
  2⤵
  PID:4672
- C:\Windows\System\pnuBJRO.exe
  C:\Windows\System\pnuBJRO.exe
  2⤵
  PID:4932
- C:\Windows\System\OUDeJVs.exe
  C:\Windows\System\OUDeJVs.exe
  2⤵
  PID:5076
- C:\Windows\System\ntVstME.exe
  C:\Windows\System\ntVstME.exe
  2⤵
  PID:5060
- C:\Windows\System\wxwmsBZ.exe
  C:\Windows\System\wxwmsBZ.exe
  2⤵
  PID:4292
- C:\Windows\System\QvsxIpr.exe
  C:\Windows\System\QvsxIpr.exe
  2⤵
  PID:4868
- C:\Windows\System\zmqgmfH.exe
  C:\Windows\System\zmqgmfH.exe
  2⤵
  PID:5144
- C:\Windows\System\SjxEAbc.exe
  C:\Windows\System\SjxEAbc.exe
  2⤵
  PID:5160
- C:\Windows\System\PaKzNPq.exe
  C:\Windows\System\PaKzNPq.exe
  2⤵
  PID:5180
- C:\Windows\System\MyLbhSh.exe
  C:\Windows\System\MyLbhSh.exe
  2⤵
  PID:5196
- C:\Windows\System\eyTKbbX.exe
  C:\Windows\System\eyTKbbX.exe
  2⤵
  PID:5212
- C:\Windows\System\qpBmpiS.exe
  C:\Windows\System\qpBmpiS.exe
  2⤵
  PID:5228
- C:\Windows\System\ocWUDpK.exe
  C:\Windows\System\ocWUDpK.exe
  2⤵
  PID:5248
- C:\Windows\System\XKOZBVG.exe
  C:\Windows\System\XKOZBVG.exe
  2⤵
  PID:5268
- C:\Windows\System\asXpSBV.exe
  C:\Windows\System\asXpSBV.exe
  2⤵
  PID:5312
- C:\Windows\System\NvacWQt.exe
  C:\Windows\System\NvacWQt.exe
  2⤵
  PID:5332
- C:\Windows\System\cnLPAVH.exe
  C:\Windows\System\cnLPAVH.exe
  2⤵
  PID:5352
- C:\Windows\System\VnlQSFR.exe
  C:\Windows\System\VnlQSFR.exe
  2⤵
  PID:5368
- C:\Windows\System\PJPAumo.exe
  C:\Windows\System\PJPAumo.exe
  2⤵
  PID:5388
- C:\Windows\System\WMiIcVE.exe
  C:\Windows\System\WMiIcVE.exe
  2⤵
  PID:5404
- C:\Windows\System\XRUwYUv.exe
  C:\Windows\System\XRUwYUv.exe
  2⤵
  PID:5420
- C:\Windows\System\XNnSPck.exe
  C:\Windows\System\XNnSPck.exe
  2⤵
  PID:5448
- C:\Windows\System\YnUWpZq.exe
  C:\Windows\System\YnUWpZq.exe
  2⤵
  PID:5464
- C:\Windows\System\DnjbHac.exe
  C:\Windows\System\DnjbHac.exe
  2⤵
  PID:5480
- C:\Windows\System\RVglybx.exe
  C:\Windows\System\RVglybx.exe
  2⤵
  PID:5504
- C:\Windows\System\RbEzrHA.exe
  C:\Windows\System\RbEzrHA.exe
  2⤵
  PID:5524
- C:\Windows\System\hsgsLqb.exe
  C:\Windows\System\hsgsLqb.exe
  2⤵
  PID:5552
- C:\Windows\System\OtneCcQ.exe
  C:\Windows\System\OtneCcQ.exe
  2⤵
  PID:5572
- C:\Windows\System\CpTyQGK.exe
  C:\Windows\System\CpTyQGK.exe
  2⤵
  PID:5592
- C:\Windows\System\mTIFpMo.exe
  C:\Windows\System\mTIFpMo.exe
  2⤵
  PID:5608
- C:\Windows\System\FxnMlRb.exe
  C:\Windows\System\FxnMlRb.exe
  2⤵
  PID:5632
- C:\Windows\System\BaUWMqz.exe
  C:\Windows\System\BaUWMqz.exe
  2⤵
  PID:5656
- C:\Windows\System\MpywCmL.exe
  C:\Windows\System\MpywCmL.exe
  2⤵
  PID:5672
- C:\Windows\System\zNcHLOB.exe
  C:\Windows\System\zNcHLOB.exe
  2⤵
  PID:5688
- C:\Windows\System\LEPpoxy.exe
  C:\Windows\System\LEPpoxy.exe
  2⤵
  PID:5708
- C:\Windows\System\URbcrTb.exe
  C:\Windows\System\URbcrTb.exe
  2⤵
  PID:5724
- C:\Windows\System\vKyaPjz.exe
  C:\Windows\System\vKyaPjz.exe
  2⤵
  PID:5740
- C:\Windows\System\NXyMguw.exe
  C:\Windows\System\NXyMguw.exe
  2⤵
  PID:5772
- C:\Windows\System\kQBfUVw.exe
  C:\Windows\System\kQBfUVw.exe
  2⤵
  PID:5788
- C:\Windows\System\ztvNkrY.exe
  C:\Windows\System\ztvNkrY.exe
  2⤵
  PID:5804
- C:\Windows\System\meTWUdK.exe
  C:\Windows\System\meTWUdK.exe
  2⤵
  PID:5820
- C:\Windows\System\FdmZNWP.exe
  C:\Windows\System\FdmZNWP.exe
  2⤵
  PID:5840
- C:\Windows\System\Hjjmeip.exe
  C:\Windows\System\Hjjmeip.exe
  2⤵
  PID:5860
- C:\Windows\System\JVAtjlK.exe
  C:\Windows\System\JVAtjlK.exe
  2⤵
  PID:5876
- C:\Windows\System\XJMYfRC.exe
  C:\Windows\System\XJMYfRC.exe
  2⤵
  PID:5892
- C:\Windows\System\EGvhPrC.exe
  C:\Windows\System\EGvhPrC.exe
  2⤵
  PID:5908
- C:\Windows\System\RmpLbDo.exe
  C:\Windows\System\RmpLbDo.exe
  2⤵
  PID:5928
- C:\Windows\System\xiRQRcX.exe
  C:\Windows\System\xiRQRcX.exe
  2⤵
  PID:5948
- C:\Windows\System\kJhzgSA.exe
  C:\Windows\System\kJhzgSA.exe
  2⤵
  PID:5996
- C:\Windows\System\sxpqDzs.exe
  C:\Windows\System\sxpqDzs.exe
  2⤵
  PID:6016
- C:\Windows\System\SIELYQI.exe
  C:\Windows\System\SIELYQI.exe
  2⤵
  PID:6032
- C:\Windows\System\yjbCePK.exe
  C:\Windows\System\yjbCePK.exe
  2⤵
  PID:6056
- C:\Windows\System\yCcxNmH.exe
  C:\Windows\System\yCcxNmH.exe
  2⤵
  PID:6072
- C:\Windows\System\IVglZQa.exe
  C:\Windows\System\IVglZQa.exe
  2⤵
  PID:6088
- C:\Windows\System\YUrPzuV.exe
  C:\Windows\System\YUrPzuV.exe
  2⤵
  PID:6104
- C:\Windows\System\ZImoGVf.exe
  C:\Windows\System\ZImoGVf.exe
  2⤵
  PID:6120
- C:\Windows\System\kWPQUjx.exe
  C:\Windows\System\kWPQUjx.exe
  2⤵
  PID:6140
- C:\Windows\System\qZknFlO.exe
  C:\Windows\System\qZknFlO.exe
  2⤵
  PID:4804
- C:\Windows\System\HpweUGo.exe
  C:\Windows\System\HpweUGo.exe
  2⤵
  PID:5220
- C:\Windows\System\ioEjLrQ.exe
  C:\Windows\System\ioEjLrQ.exe
  2⤵
  PID:5264
- C:\Windows\System\XqGbYSn.exe
  C:\Windows\System\XqGbYSn.exe
  2⤵
  PID:5204
- C:\Windows\System\BdFtGtg.exe
  C:\Windows\System\BdFtGtg.exe
  2⤵
  PID:4240
- C:\Windows\System\wZyUgZO.exe
  C:\Windows\System\wZyUgZO.exe
  2⤵
  PID:5132
- C:\Windows\System\jTjlvrV.exe
  C:\Windows\System\jTjlvrV.exe
  2⤵
  PID:5292
- C:\Windows\System\ODyrNux.exe
  C:\Windows\System\ODyrNux.exe
  2⤵
  PID:5320
- C:\Windows\System\GvURMob.exe
  C:\Windows\System\GvURMob.exe
  2⤵
  PID:5360
- C:\Windows\System\iMPjTlM.exe
  C:\Windows\System\iMPjTlM.exe
  2⤵
  PID:5428
- C:\Windows\System\hRdSqlA.exe
  C:\Windows\System\hRdSqlA.exe
  2⤵
  PID:5348
- C:\Windows\System\zzONvya.exe
  C:\Windows\System\zzONvya.exe
  2⤵
  PID:5456
- C:\Windows\System\aUwbPwS.exe
  C:\Windows\System\aUwbPwS.exe
  2⤵
  PID:5376
- C:\Windows\System\rcCtpZN.exe
  C:\Windows\System\rcCtpZN.exe
  2⤵
  PID:5500
- C:\Windows\System\BdKLseY.exe
  C:\Windows\System\BdKLseY.exe
  2⤵
  PID:5496
- C:\Windows\System\TtEDtGM.exe
  C:\Windows\System\TtEDtGM.exe
  2⤵
  PID:5536
- C:\Windows\System\WhgtjLg.exe
  C:\Windows\System\WhgtjLg.exe
  2⤵
  PID:5604
- C:\Windows\System\hXSoMho.exe
  C:\Windows\System\hXSoMho.exe
  2⤵
  PID:5648
- C:\Windows\System\AtHrTQk.exe
  C:\Windows\System\AtHrTQk.exe
  2⤵
  PID:5716
- C:\Windows\System\UidzEnA.exe
  C:\Windows\System\UidzEnA.exe
  2⤵
  PID:5760
- C:\Windows\System\sdGUaaQ.exe
  C:\Windows\System\sdGUaaQ.exe
  2⤵
  PID:5732
- C:\Windows\System\IYQpIFD.exe
  C:\Windows\System\IYQpIFD.exe
  2⤵
  PID:5832
- C:\Windows\System\KVFaMzu.exe
  C:\Windows\System\KVFaMzu.exe
  2⤵
  PID:5936
- C:\Windows\System\RAvuXfn.exe
  C:\Windows\System\RAvuXfn.exe
  2⤵
  PID:5700
- C:\Windows\System\uuULQxU.exe
  C:\Windows\System\uuULQxU.exe
  2⤵
  PID:5856
- C:\Windows\System\hIZQUKU.exe
  C:\Windows\System\hIZQUKU.exe
  2⤵
  PID:5984
- C:\Windows\System\kAuhkbP.exe
  C:\Windows\System\kAuhkbP.exe
  2⤵
  PID:5976
- C:\Windows\System\tkNnMlG.exe
  C:\Windows\System\tkNnMlG.exe
  2⤵
  PID:5988
- C:\Windows\System\PfSTncl.exe
  C:\Windows\System\PfSTncl.exe
  2⤵
  PID:6008
- C:\Windows\System\YtVvebz.exe
  C:\Windows\System\YtVvebz.exe
  2⤵
  PID:6044
- C:\Windows\System\fZaRHFU.exe
  C:\Windows\System\fZaRHFU.exe
  2⤵
  PID:6112
- C:\Windows\System\FoKLOLS.exe
  C:\Windows\System\FoKLOLS.exe
  2⤵
  PID:6096
- C:\Windows\System\KNlgraZ.exe
  C:\Windows\System\KNlgraZ.exe
  2⤵
  PID:5152
- C:\Windows\System\cwfwLzj.exe
  C:\Windows\System\cwfwLzj.exe
  2⤵
  PID:5176
- C:\Windows\System\ZWreAst.exe
  C:\Windows\System\ZWreAst.exe
  2⤵
  PID:5172
- C:\Windows\System\plmOHtK.exe
  C:\Windows\System\plmOHtK.exe
  2⤵
  PID:5288
- C:\Windows\System\NtCeuxD.exe
  C:\Windows\System\NtCeuxD.exe
  2⤵
  PID:5344
- C:\Windows\System\OIPiQzm.exe
  C:\Windows\System\OIPiQzm.exe
  2⤵
  PID:5080
- C:\Windows\System\QxKMkdR.exe
  C:\Windows\System\QxKMkdR.exe
  2⤵
  PID:5568
- C:\Windows\System\PTgDZcn.exe
  C:\Windows\System\PTgDZcn.exe
  2⤵
  PID:5300
- C:\Windows\System\WihfpJt.exe
  C:\Windows\System\WihfpJt.exe
  2⤵
  PID:5124
- C:\Windows\System\AAtxkyk.exe
  C:\Windows\System\AAtxkyk.exe
  2⤵
  PID:5440
- C:\Windows\System\cTuyHbT.exe
  C:\Windows\System\cTuyHbT.exe
  2⤵
  PID:5492
- C:\Windows\System\kfYSKQZ.exe
  C:\Windows\System\kfYSKQZ.exe
  2⤵
  PID:5640
- C:\Windows\System\arCXkZk.exe
  C:\Windows\System\arCXkZk.exe
  2⤵
  PID:5620
- C:\Windows\System\WVfImuy.exe
  C:\Windows\System\WVfImuy.exe
  2⤵
  PID:5684
- C:\Windows\System\DMqXijT.exe
  C:\Windows\System\DMqXijT.exe
  2⤵
  PID:5916
- C:\Windows\System\QrUSEfU.exe
  C:\Windows\System\QrUSEfU.exe
  2⤵
  PID:5944
- C:\Windows\System\rhgVAcs.exe
  C:\Windows\System\rhgVAcs.exe
  2⤵
  PID:5920
- C:\Windows\System\lPNBfQn.exe
  C:\Windows\System\lPNBfQn.exe
  2⤵
  PID:5980
- C:\Windows\System\vOjoasx.exe
  C:\Windows\System\vOjoasx.exe
  2⤵
  PID:6024
- C:\Windows\System\DQtGSpT.exe
  C:\Windows\System\DQtGSpT.exe
  2⤵
  PID:5188
- C:\Windows\System\vpEXCdj.exe
  C:\Windows\System\vpEXCdj.exe
  2⤵
  PID:6064
- C:\Windows\System\DeSiyLo.exe
  C:\Windows\System\DeSiyLo.exe
  2⤵
  PID:5260
- C:\Windows\System\ojnrAKt.exe
  C:\Windows\System\ojnrAKt.exe
  2⤵
  PID:5340
- C:\Windows\System\GqesYYe.exe
  C:\Windows\System\GqesYYe.exe
  2⤵
  PID:5396
- C:\Windows\System\rCeWYqz.exe
  C:\Windows\System\rCeWYqz.exe
  2⤵
  PID:5488
- C:\Windows\System\JHAukqf.exe
  C:\Windows\System\JHAukqf.exe
  2⤵
  PID:5704
- C:\Windows\System\uhOQdgU.exe
  C:\Windows\System\uhOQdgU.exe
  2⤵
  PID:5532
- C:\Windows\System\SzdtFzG.exe
  C:\Windows\System\SzdtFzG.exe
  2⤵
  PID:5616
- C:\Windows\System\fpjEukT.exe
  C:\Windows\System\fpjEukT.exe
  2⤵
  PID:5784
- C:\Windows\System\qhyIrfm.exe
  C:\Windows\System\qhyIrfm.exe
  2⤵
  PID:5812
- C:\Windows\System\vPidAau.exe
  C:\Windows\System\vPidAau.exe
  2⤵
  PID:6004
- C:\Windows\System\vnbLPJe.exe
  C:\Windows\System\vnbLPJe.exe
  2⤵
  PID:4524
- C:\Windows\System\QINOhyw.exe
  C:\Windows\System\QINOhyw.exe
  2⤵
  PID:5128
- C:\Windows\System\dwGPQzB.exe
  C:\Windows\System\dwGPQzB.exe
  2⤵
  PID:5600
- C:\Windows\System\lqAqarj.exe
  C:\Windows\System\lqAqarj.exe
  2⤵
  PID:6028
- C:\Windows\System\HfzzZUF.exe
  C:\Windows\System\HfzzZUF.exe
  2⤵
  PID:5308
- C:\Windows\System\xwsedQx.exe
  C:\Windows\System\xwsedQx.exe
  2⤵
  PID:6128
- C:\Windows\System\RMGRhsH.exe
  C:\Windows\System\RMGRhsH.exe
  2⤵
  PID:5580
- C:\Windows\System\QYAMruf.exe
  C:\Windows\System\QYAMruf.exe
  2⤵
  PID:5472
- C:\Windows\System\VRlkZhK.exe
  C:\Windows\System\VRlkZhK.exe
  2⤵
  PID:6136
- C:\Windows\System\vuXqGmL.exe
  C:\Windows\System\vuXqGmL.exe
  2⤵
  PID:6012
- C:\Windows\System\JNGmRcm.exe
  C:\Windows\System\JNGmRcm.exe
  2⤵
  PID:5780
- C:\Windows\System\XRGVGcf.exe
  C:\Windows\System\XRGVGcf.exe
  2⤵
  PID:6160
- C:\Windows\System\buAmamN.exe
  C:\Windows\System\buAmamN.exe
  2⤵
  PID:6200
- C:\Windows\System\aXIbfbD.exe
  C:\Windows\System\aXIbfbD.exe
  2⤵
  PID:6216
- C:\Windows\System\PWzkyAu.exe
  C:\Windows\System\PWzkyAu.exe
  2⤵
  PID:6232
- C:\Windows\System\hBmhgEh.exe
  C:\Windows\System\hBmhgEh.exe
  2⤵
  PID:6256
- C:\Windows\System\skfrsXt.exe
  C:\Windows\System\skfrsXt.exe
  2⤵
  PID:6280
- C:\Windows\System\JBvQzxv.exe
  C:\Windows\System\JBvQzxv.exe
  2⤵
  PID:6296
- C:\Windows\System\enjNpnf.exe
  C:\Windows\System\enjNpnf.exe
  2⤵
  PID:6312
- C:\Windows\System\OSSUAMA.exe
  C:\Windows\System\OSSUAMA.exe
  2⤵
  PID:6328
- C:\Windows\System\tnshtcr.exe
  C:\Windows\System\tnshtcr.exe
  2⤵
  PID:6344
- C:\Windows\System\YSdpnyg.exe
  C:\Windows\System\YSdpnyg.exe
  2⤵
  PID:6360
- C:\Windows\System\eHNCExA.exe
  C:\Windows\System\eHNCExA.exe
  2⤵
  PID:6380
- C:\Windows\System\MUTjnts.exe
  C:\Windows\System\MUTjnts.exe
  2⤵
  PID:6404
- C:\Windows\System\bQdpMBj.exe
  C:\Windows\System\bQdpMBj.exe
  2⤵
  PID:6420
- C:\Windows\System\zVjLxfb.exe
  C:\Windows\System\zVjLxfb.exe
  2⤵
  PID:6452
- C:\Windows\System\mFDtSth.exe
  C:\Windows\System\mFDtSth.exe
  2⤵
  PID:6472
- C:\Windows\System\WkLPCGp.exe
  C:\Windows\System\WkLPCGp.exe
  2⤵
  PID:6496
- C:\Windows\System\crxMQzR.exe
  C:\Windows\System\crxMQzR.exe
  2⤵
  PID:6516
- C:\Windows\System\VXVLQcG.exe
  C:\Windows\System\VXVLQcG.exe
  2⤵
  PID:6544
- C:\Windows\System\zXykRrH.exe
  C:\Windows\System\zXykRrH.exe
  2⤵
  PID:6560
- C:\Windows\System\hJBxnvS.exe
  C:\Windows\System\hJBxnvS.exe
  2⤵
  PID:6576
- C:\Windows\System\mPmDrkd.exe
  C:\Windows\System\mPmDrkd.exe
  2⤵
  PID:6592
- C:\Windows\System\HsjxEgl.exe
  C:\Windows\System\HsjxEgl.exe
  2⤵
  PID:6608
- C:\Windows\System\xutCgAV.exe
  C:\Windows\System\xutCgAV.exe
  2⤵
  PID:6624
- C:\Windows\System\EErkhFx.exe
  C:\Windows\System\EErkhFx.exe
  2⤵
  PID:6640
- C:\Windows\System\mHgxzBw.exe
  C:\Windows\System\mHgxzBw.exe
  2⤵
  PID:6656
- C:\Windows\System\SVLiPZv.exe
  C:\Windows\System\SVLiPZv.exe
  2⤵
  PID:6672
- C:\Windows\System\XKoKqQV.exe
  C:\Windows\System\XKoKqQV.exe
  2⤵
  PID:6688
- C:\Windows\System\psXYYco.exe
  C:\Windows\System\psXYYco.exe
  2⤵
  PID:6736
- C:\Windows\System\FVnzFhO.exe
  C:\Windows\System\FVnzFhO.exe
  2⤵
  PID:6760
- C:\Windows\System\ZDzpipw.exe
  C:\Windows\System\ZDzpipw.exe
  2⤵
  PID:6776
- C:\Windows\System\wveHoHo.exe
  C:\Windows\System\wveHoHo.exe
  2⤵
  PID:6796
- C:\Windows\System\VteJitW.exe
  C:\Windows\System\VteJitW.exe
  2⤵
  PID:6812
- C:\Windows\System\ANxFJEB.exe
  C:\Windows\System\ANxFJEB.exe
  2⤵
  PID:6828
- C:\Windows\System\BJhAADp.exe
  C:\Windows\System\BJhAADp.exe
  2⤵
  PID:6848
- C:\Windows\System\kZvbFQj.exe
  C:\Windows\System\kZvbFQj.exe
  2⤵
  PID:6864
- C:\Windows\System\tZAYQwn.exe
  C:\Windows\System\tZAYQwn.exe
  2⤵
  PID:6880
- C:\Windows\System\zsGCaWR.exe
  C:\Windows\System\zsGCaWR.exe
  2⤵
  PID:6900
- C:\Windows\System\KwvaNfM.exe
  C:\Windows\System\KwvaNfM.exe
  2⤵
  PID:6916
- C:\Windows\System\glPbglK.exe
  C:\Windows\System\glPbglK.exe
  2⤵
  PID:6936
- C:\Windows\System\JSqkAtz.exe
  C:\Windows\System\JSqkAtz.exe
  2⤵
  PID:6988
- C:\Windows\System\OxFQKoc.exe
  C:\Windows\System\OxFQKoc.exe
  2⤵
  PID:7004
- C:\Windows\System\TLVfxrV.exe
  C:\Windows\System\TLVfxrV.exe
  2⤵
  PID:7020
- C:\Windows\System\WJwxoMX.exe
  C:\Windows\System\WJwxoMX.exe
  2⤵
  PID:7044
- C:\Windows\System\NtpNLQv.exe
  C:\Windows\System\NtpNLQv.exe
  2⤵
  PID:7060
- C:\Windows\System\sipqOvW.exe
  C:\Windows\System\sipqOvW.exe
  2⤵
  PID:7084
- C:\Windows\System\mjMurHJ.exe
  C:\Windows\System\mjMurHJ.exe
  2⤵
  PID:7104
- C:\Windows\System\yROPYvf.exe
  C:\Windows\System\yROPYvf.exe
  2⤵
  PID:7120
- C:\Windows\System\jXWSjOe.exe
  C:\Windows\System\jXWSjOe.exe
  2⤵
  PID:7140
- C:\Windows\System\dRBjJYz.exe
  C:\Windows\System\dRBjJYz.exe
  2⤵
  PID:7160
- C:\Windows\System\hAkBrLa.exe
  C:\Windows\System\hAkBrLa.exe
  2⤵
  PID:6084
- C:\Windows\System\McCWFma.exe
  C:\Windows\System\McCWFma.exe
  2⤵
  PID:5168
- C:\Windows\System\afCpyCK.exe
  C:\Windows\System\afCpyCK.exe
  2⤵
  PID:6172
- C:\Windows\System\qEBDzFd.exe
  C:\Windows\System\qEBDzFd.exe
  2⤵
  PID:5752
- C:\Windows\System\deHxYIC.exe
  C:\Windows\System\deHxYIC.exe
  2⤵
  PID:6176
- C:\Windows\System\pJcDlbw.exe
  C:\Windows\System\pJcDlbw.exe
  2⤵
  PID:6208
- C:\Windows\System\snNiMWF.exe
  C:\Windows\System\snNiMWF.exe
  2⤵
  PID:6224
- C:\Windows\System\iFnVfph.exe
  C:\Windows\System\iFnVfph.exe
  2⤵
  PID:6352
- C:\Windows\System\vATdQuY.exe
  C:\Windows\System\vATdQuY.exe
  2⤵
  PID:6396
- C:\Windows\System\WOXjcNk.exe
  C:\Windows\System\WOXjcNk.exe
  2⤵
  PID:6304
- C:\Windows\System\cylxLlv.exe
  C:\Windows\System\cylxLlv.exe
  2⤵
  PID:6340
- C:\Windows\System\gCsqmCT.exe
  C:\Windows\System\gCsqmCT.exe
  2⤵
  PID:6448
- C:\Windows\System\YpMAqZm.exe
  C:\Windows\System\YpMAqZm.exe
  2⤵
  PID:6368
- C:\Windows\System\OIZQHHg.exe
  C:\Windows\System\OIZQHHg.exe
  2⤵
  PID:6416
- C:\Windows\System\ZUFwYZG.exe
  C:\Windows\System\ZUFwYZG.exe
  2⤵
  PID:6524
- C:\Windows\System\qjgepOR.exe
  C:\Windows\System\qjgepOR.exe
  2⤵
  PID:6468
- C:\Windows\System\IAaaThB.exe
  C:\Windows\System\IAaaThB.exe
  2⤵
  PID:6540
- C:\Windows\System\XIBTJxX.exe
  C:\Windows\System\XIBTJxX.exe
  2⤵
  PID:6604
- C:\Windows\System\gLiVEqH.exe
  C:\Windows\System\gLiVEqH.exe
  2⤵
  PID:6668
- C:\Windows\System\tjzkdFR.exe
  C:\Windows\System\tjzkdFR.exe
  2⤵
  PID:6708
- C:\Windows\System\zYnsqFM.exe
  C:\Windows\System\zYnsqFM.exe
  2⤵
  PID:6556
- C:\Windows\System\xoAMrAS.exe
  C:\Windows\System\xoAMrAS.exe
  2⤵
  PID:6648
- C:\Windows\System\UOzivmY.exe
  C:\Windows\System\UOzivmY.exe
  2⤵
  PID:6732
- C:\Windows\System\Ntpavxz.exe
  C:\Windows\System\Ntpavxz.exe
  2⤵
  PID:6768
- C:\Windows\System\BsfxMSg.exe
  C:\Windows\System\BsfxMSg.exe
  2⤵
  PID:6804
- C:\Windows\System\ROAoecs.exe
  C:\Windows\System\ROAoecs.exe
  2⤵
  PID:6908
- C:\Windows\System\cZEWOnX.exe
  C:\Windows\System\cZEWOnX.exe
  2⤵
  PID:6912
- C:\Windows\System\ZQZNTOt.exe
  C:\Windows\System\ZQZNTOt.exe
  2⤵
  PID:6824
- C:\Windows\System\VkEUPTE.exe
  C:\Windows\System\VkEUPTE.exe
  2⤵
  PID:6892
- C:\Windows\System\EfbyIoA.exe
  C:\Windows\System\EfbyIoA.exe
  2⤵
  PID:6980
- C:\Windows\System\wvSCrLC.exe
  C:\Windows\System\wvSCrLC.exe
  2⤵
  PID:7012
- C:\Windows\System\BRMAcXD.exe
  C:\Windows\System\BRMAcXD.exe
  2⤵
  PID:7032
- C:\Windows\System\qwGhpzZ.exe
  C:\Windows\System\qwGhpzZ.exe
  2⤵
  PID:7076
- C:\Windows\System\fxQWHEu.exe
  C:\Windows\System\fxQWHEu.exe
  2⤵
  PID:7100
- C:\Windows\System\SKKsDlw.exe
  C:\Windows\System\SKKsDlw.exe
  2⤵
  PID:7116
- C:\Windows\System\vhWfHvU.exe
  C:\Windows\System\vhWfHvU.exe
  2⤵
  PID:5956
- C:\Windows\System\ZBaSgDs.exe
  C:\Windows\System\ZBaSgDs.exe
  2⤵
  PID:5476
- C:\Windows\System\hhHQowM.exe
  C:\Windows\System\hhHQowM.exe
  2⤵
  PID:6252
- C:\Windows\System\rxZKDcx.exe
  C:\Windows\System\rxZKDcx.exe
  2⤵
  PID:6392
- C:\Windows\System\BGaaekG.exe
  C:\Windows\System\BGaaekG.exe
  2⤵
  PID:6272
- C:\Windows\System\ByXBQRM.exe
  C:\Windows\System\ByXBQRM.exe
  2⤵
  PID:6664
- C:\Windows\System\ogBpqBH.exe
  C:\Windows\System\ogBpqBH.exe
  2⤵
  PID:6680
- C:\Windows\System\MGSXkbc.exe
  C:\Windows\System\MGSXkbc.exe
  2⤵
  PID:6752
- C:\Windows\System\wiYDYKE.exe
  C:\Windows\System\wiYDYKE.exe
  2⤵
  PID:6428
- C:\Windows\System\JvGjdnD.exe
  C:\Windows\System\JvGjdnD.exe
  2⤵
  PID:6872
- C:\Windows\System\qSKcEst.exe
  C:\Windows\System\qSKcEst.exe
  2⤵
  PID:6464
- C:\Windows\System\puvBTww.exe
  C:\Windows\System\puvBTww.exe
  2⤵
  PID:6620
- C:\Windows\System\GhlOtQl.exe
  C:\Windows\System\GhlOtQl.exe
  2⤵
  PID:6788
- C:\Windows\System\CUbsJNz.exe
  C:\Windows\System\CUbsJNz.exe
  2⤵
  PID:6964
- C:\Windows\System\iIESDwn.exe
  C:\Windows\System\iIESDwn.exe
  2⤵
  PID:6376
- C:\Windows\System\BIlzPsL.exe
  C:\Windows\System\BIlzPsL.exe
  2⤵
  PID:6932
- C:\Windows\System\WEMcyvU.exe
  C:\Windows\System\WEMcyvU.exe
  2⤵
  PID:6888
- C:\Windows\System\YHDYFvn.exe
  C:\Windows\System\YHDYFvn.exe
  2⤵
  PID:7072
- C:\Windows\System\OJXcuWb.exe
  C:\Windows\System\OJXcuWb.exe
  2⤵
  PID:5924
- C:\Windows\System\vaXsoLk.exe
  C:\Windows\System\vaXsoLk.exe
  2⤵
  PID:7148
- C:\Windows\System\bcsYpbb.exe
  C:\Windows\System\bcsYpbb.exe
  2⤵
  PID:6192
- C:\Windows\System\qZBGzpF.exe
  C:\Windows\System\qZBGzpF.exe
  2⤵
  PID:7068
- C:\Windows\System\EIERvog.exe
  C:\Windows\System\EIERvog.exe
  2⤵
  PID:5696
- C:\Windows\System\lhChamD.exe
  C:\Windows\System\lhChamD.exe
  2⤵
  PID:6244
- C:\Windows\System\daNYCtG.exe
  C:\Windows\System\daNYCtG.exe
  2⤵
  PID:6264
- C:\Windows\System\GjfvIGG.exe
  C:\Windows\System\GjfvIGG.exe
  2⤵
  PID:6536
- C:\Windows\System\KIMnQos.exe
  C:\Windows\System\KIMnQos.exe
  2⤵
  PID:6756
- C:\Windows\System\zcXRCuL.exe
  C:\Windows\System\zcXRCuL.exe
  2⤵
  PID:6844
- C:\Windows\System\BeHJaBk.exe
  C:\Windows\System\BeHJaBk.exe
  2⤵
  PID:6928
- C:\Windows\System\QnNJQGF.exe
  C:\Windows\System\QnNJQGF.exe
  2⤵
  PID:6724
- C:\Windows\System\SITYCeZ.exe
  C:\Windows\System\SITYCeZ.exe
  2⤵
  PID:6168
- C:\Windows\System\ctJzFOH.exe
  C:\Windows\System\ctJzFOH.exe
  2⤵
  PID:6492
- C:\Windows\System\hkwjeLM.exe
  C:\Windows\System\hkwjeLM.exe
  2⤵
  PID:7052
- C:\Windows\System\HTTdFkz.exe
  C:\Windows\System\HTTdFkz.exe
  2⤵
  PID:6976
- C:\Windows\System\wvNhtTX.exe
  C:\Windows\System\wvNhtTX.exe
  2⤵
  PID:6720
- C:\Windows\System\YkbqDRm.exe
  C:\Windows\System\YkbqDRm.exe
  2⤵
  PID:7184
- C:\Windows\System\GxeVgSK.exe
  C:\Windows\System\GxeVgSK.exe
  2⤵
  PID:7200
- C:\Windows\System\DvwfPLj.exe
  C:\Windows\System\DvwfPLj.exe
  2⤵
  PID:7216
- C:\Windows\System\coOlJsH.exe
  C:\Windows\System\coOlJsH.exe
  2⤵
  PID:7244
- C:\Windows\System\yfwBnPI.exe
  C:\Windows\System\yfwBnPI.exe
  2⤵
  PID:7260
- C:\Windows\System\nzZxGVa.exe
  C:\Windows\System\nzZxGVa.exe
  2⤵
  PID:7276
- C:\Windows\System\SrRuPyc.exe
  C:\Windows\System\SrRuPyc.exe
  2⤵
  PID:7292
- C:\Windows\System\tNvYWKj.exe
  C:\Windows\System\tNvYWKj.exe
  2⤵
  PID:7344
- C:\Windows\System\AHssgzY.exe
  C:\Windows\System\AHssgzY.exe
  2⤵
  PID:7360
- C:\Windows\System\jOMlkBG.exe
  C:\Windows\System\jOMlkBG.exe
  2⤵
  PID:7376
- C:\Windows\System\YGsTMrc.exe
  C:\Windows\System\YGsTMrc.exe
  2⤵
  PID:7392
- C:\Windows\System\PJwalQX.exe
  C:\Windows\System\PJwalQX.exe
  2⤵
  PID:7408
- C:\Windows\System\BCgHUEz.exe
  C:\Windows\System\BCgHUEz.exe
  2⤵
  PID:7432
- C:\Windows\System\rRJNoZB.exe
  C:\Windows\System\rRJNoZB.exe
  2⤵
  PID:7452
- C:\Windows\System\qSfcCCR.exe
  C:\Windows\System\qSfcCCR.exe
  2⤵
  PID:7468
- C:\Windows\System\WScOYZv.exe
  C:\Windows\System\WScOYZv.exe
  2⤵
  PID:7484
- C:\Windows\System\SOYtoxb.exe
  C:\Windows\System\SOYtoxb.exe
  2⤵
  PID:7512
- C:\Windows\System\TkKFwSU.exe
  C:\Windows\System\TkKFwSU.exe
  2⤵
  PID:7532
- C:\Windows\System\BgNfIVi.exe
  C:\Windows\System\BgNfIVi.exe
  2⤵
  PID:7548
- C:\Windows\System\rZMinYv.exe
  C:\Windows\System\rZMinYv.exe
  2⤵
  PID:7588
- C:\Windows\System\XcNMNsf.exe
  C:\Windows\System\XcNMNsf.exe
  2⤵
  PID:7604
- C:\Windows\System\SQFOkUi.exe
  C:\Windows\System\SQFOkUi.exe
  2⤵
  PID:7620
- C:\Windows\System\CqJdHMh.exe
  C:\Windows\System\CqJdHMh.exe
  2⤵
  PID:7636
- C:\Windows\System\UvLpDnk.exe
  C:\Windows\System\UvLpDnk.exe
  2⤵
  PID:7652
- C:\Windows\System\fyGFRCT.exe
  C:\Windows\System\fyGFRCT.exe
  2⤵
  PID:7668
- C:\Windows\System\JMiiFcN.exe
  C:\Windows\System\JMiiFcN.exe
  2⤵
  PID:7688
- C:\Windows\System\oWiGjxe.exe
  C:\Windows\System\oWiGjxe.exe
  2⤵
  PID:7708
- C:\Windows\System\PmkdSTZ.exe
  C:\Windows\System\PmkdSTZ.exe
  2⤵
  PID:7724
- C:\Windows\System\sVKpzDs.exe
  C:\Windows\System\sVKpzDs.exe
  2⤵
  PID:7752
- C:\Windows\System\MbUrsEe.exe
  C:\Windows\System\MbUrsEe.exe
  2⤵
  PID:7768
- C:\Windows\System\DXuISIT.exe
  C:\Windows\System\DXuISIT.exe
  2⤵
  PID:7784
- C:\Windows\System\iOkrNEQ.exe
  C:\Windows\System\iOkrNEQ.exe
  2⤵
  PID:7828
- C:\Windows\System\WdfAkJD.exe
  C:\Windows\System\WdfAkJD.exe
  2⤵
  PID:7848
- C:\Windows\System\PjiyeOq.exe
  C:\Windows\System\PjiyeOq.exe
  2⤵
  PID:7864
- C:\Windows\System\mJeqxlu.exe
  C:\Windows\System\mJeqxlu.exe
  2⤵
  PID:7888
- C:\Windows\System\RtEaktc.exe
  C:\Windows\System\RtEaktc.exe
  2⤵
  PID:7904
- C:\Windows\System\FVpIAlO.exe
  C:\Windows\System\FVpIAlO.exe
  2⤵
  PID:7920
- C:\Windows\System\nKpoYaZ.exe
  C:\Windows\System\nKpoYaZ.exe
  2⤵
  PID:7936
- C:\Windows\System\kMuVGjM.exe
  C:\Windows\System\kMuVGjM.exe
  2⤵
  PID:7956
- C:\Windows\System\uwSIMFX.exe
  C:\Windows\System\uwSIMFX.exe
  2⤵
  PID:7976
- C:\Windows\System\unpqSpR.exe
  C:\Windows\System\unpqSpR.exe
  2⤵
  PID:7992
- C:\Windows\System\yOYqsri.exe
  C:\Windows\System\yOYqsri.exe
  2⤵
  PID:8008
- C:\Windows\System\hZITxHH.exe
  C:\Windows\System\hZITxHH.exe
  2⤵
  PID:8024
- C:\Windows\System\kfySvxG.exe
  C:\Windows\System\kfySvxG.exe
  2⤵
  PID:8048
- C:\Windows\System\DMVFtbt.exe
  C:\Windows\System\DMVFtbt.exe
  2⤵
  PID:8064
- C:\Windows\System\mAMdsWz.exe
  C:\Windows\System\mAMdsWz.exe
  2⤵
  PID:8108
- C:\Windows\System\LJcmGFK.exe
  C:\Windows\System\LJcmGFK.exe
  2⤵
  PID:8128
- C:\Windows\System\CaqXnfc.exe
  C:\Windows\System\CaqXnfc.exe
  2⤵
  PID:8144
- C:\Windows\System\tFtpTXI.exe
  C:\Windows\System\tFtpTXI.exe
  2⤵
  PID:8160
- C:\Windows\System\iRfaJCr.exe
  C:\Windows\System\iRfaJCr.exe
  2⤵
  PID:8184
- C:\Windows\System\eOAAbTR.exe
  C:\Windows\System\eOAAbTR.exe
  2⤵
  PID:6440
- C:\Windows\System\yeQqtNl.exe
  C:\Windows\System\yeQqtNl.exe
  2⤵
  PID:6956
- C:\Windows\System\XbVIxnU.exe
  C:\Windows\System\XbVIxnU.exe
  2⤵
  PID:5968
- C:\Windows\System\raBTBfJ.exe
  C:\Windows\System\raBTBfJ.exe
  2⤵
  PID:5904
- C:\Windows\System\VTbhkmi.exe
  C:\Windows\System\VTbhkmi.exe
  2⤵
  PID:6572
- C:\Windows\System\HpZhQcG.exe
  C:\Windows\System\HpZhQcG.exe
  2⤵
  PID:7036
- C:\Windows\System\ohydsQP.exe
  C:\Windows\System\ohydsQP.exe
  2⤵
  PID:7232
- C:\Windows\System\AndoSdX.exe
  C:\Windows\System\AndoSdX.exe
  2⤵
  PID:7272
- C:\Windows\System\CxdPxJS.exe
  C:\Windows\System\CxdPxJS.exe
  2⤵
  PID:7308
- C:\Windows\System\crpPYAX.exe
  C:\Windows\System\crpPYAX.exe
  2⤵
  PID:7028
- C:\Windows\System\vIrUPlN.exe
  C:\Windows\System\vIrUPlN.exe
  2⤵
  PID:7208
- C:\Windows\System\lUdMSup.exe
  C:\Windows\System\lUdMSup.exe
  2⤵
  PID:7284
- C:\Windows\System\RJwhQyf.exe
  C:\Windows\System\RJwhQyf.exe
  2⤵
  PID:7320
- C:\Windows\System\sDWmOeM.exe
  C:\Windows\System\sDWmOeM.exe
  2⤵
  PID:7416
- C:\Windows\System\TYSbhXm.exe
  C:\Windows\System\TYSbhXm.exe
  2⤵
  PID:7508
- C:\Windows\System\pLgpWmE.exe
  C:\Windows\System\pLgpWmE.exe
  2⤵
  PID:7480
- C:\Windows\System\JvVnuBM.exe
  C:\Windows\System\JvVnuBM.exe
  2⤵
  PID:7524
- C:\Windows\System\ZFNgYQK.exe
  C:\Windows\System\ZFNgYQK.exe
  2⤵
  PID:7404
- C:\Windows\System\TZbAbNO.exe
  C:\Windows\System\TZbAbNO.exe
  2⤵
  PID:7440
- C:\Windows\System\eDHoblh.exe
  C:\Windows\System\eDHoblh.exe
  2⤵
  PID:7596
- C:\Windows\System\XxsNjpp.exe
  C:\Windows\System\XxsNjpp.exe
  2⤵
  PID:7696
- C:\Windows\System\OzzbosM.exe
  C:\Windows\System\OzzbosM.exe
  2⤵
  PID:7732
- C:\Windows\System\amNtiDE.exe
  C:\Windows\System\amNtiDE.exe
  2⤵
  PID:7748
- C:\Windows\System\GiyKsgs.exe
  C:\Windows\System\GiyKsgs.exe
  2⤵
  PID:7644
- C:\Windows\System\CWFLcJg.exe
  C:\Windows\System\CWFLcJg.exe
  2⤵
  PID:7716
- C:\Windows\System\XCFKFEy.exe
  C:\Windows\System\XCFKFEy.exe
  2⤵
  PID:7812
- C:\Windows\System\pfWlBFv.exe
  C:\Windows\System\pfWlBFv.exe
  2⤵
  PID:7804
- C:\Windows\System\YSzXqHf.exe
  C:\Windows\System\YSzXqHf.exe
  2⤵
  PID:7836
- C:\Windows\System\wgFUBRB.exe
  C:\Windows\System\wgFUBRB.exe
  2⤵
  PID:7876
- C:\Windows\System\NKnDKNV.exe
  C:\Windows\System\NKnDKNV.exe
  2⤵
  PID:7948
- C:\Windows\System\gZacrOs.exe
  C:\Windows\System\gZacrOs.exe
  2⤵
  PID:7928
- C:\Windows\System\zlCzCSr.exe
  C:\Windows\System\zlCzCSr.exe
  2⤵
  PID:8016
- C:\Windows\System\yFNtGVV.exe
  C:\Windows\System\yFNtGVV.exe
  2⤵
  PID:8072
- C:\Windows\System\RLAddey.exe
  C:\Windows\System\RLAddey.exe
  2⤵
  PID:8004
- C:\Windows\System\EEYEklk.exe
  C:\Windows\System\EEYEklk.exe
  2⤵
  PID:8044
- C:\Windows\System\QfinIXH.exe
  C:\Windows\System\QfinIXH.exe
  2⤵
  PID:8092
- C:\Windows\System\UkMLSTR.exe
  C:\Windows\System\UkMLSTR.exe
  2⤵
  PID:8096
- C:\Windows\System\DtZTNtt.exe
  C:\Windows\System\DtZTNtt.exe
  2⤵
  PID:8152
- C:\Windows\System\WMvBqCm.exe
  C:\Windows\System\WMvBqCm.exe
  2⤵
  PID:8168
- C:\Windows\System\ywgblkQ.exe
  C:\Windows\System\ywgblkQ.exe
  2⤵
  PID:6744
- C:\Windows\System\xjKGcIT.exe
  C:\Windows\System\xjKGcIT.exe
  2⤵
  PID:5284
- C:\Windows\System\ADtggAa.exe
  C:\Windows\System\ADtggAa.exe
  2⤵
  PID:7196
- C:\Windows\System\lpeZIYZ.exe
  C:\Windows\System\lpeZIYZ.exe
  2⤵
  PID:7228
- C:\Windows\System\uRPBwGU.exe
  C:\Windows\System\uRPBwGU.exe
  2⤵
  PID:6924
- C:\Windows\System\wcXfuiI.exe
  C:\Windows\System\wcXfuiI.exe
  2⤵
  PID:7180
- C:\Windows\System\qRLRNfu.exe
  C:\Windows\System\qRLRNfu.exe
  2⤵
  PID:7428
- C:\Windows\System\CmXkbjF.exe
  C:\Windows\System\CmXkbjF.exe
  2⤵
  PID:7268
- C:\Windows\System\nmalZxS.exe
  C:\Windows\System\nmalZxS.exe
  2⤵
  PID:7256
- C:\Windows\System\NWQmqEN.exe
  C:\Windows\System\NWQmqEN.exe
  2⤵
  PID:7352
- C:\Windows\System\PGhvgup.exe
  C:\Windows\System\PGhvgup.exe
  2⤵
  PID:7496
- C:\Windows\System\QKsBMjB.exe
  C:\Windows\System\QKsBMjB.exe
  2⤵
  PID:7424
- C:\Windows\System\eyQRXfd.exe
  C:\Windows\System\eyQRXfd.exe
  2⤵
  PID:7568
- C:\Windows\System\srPkRIV.exe
  C:\Windows\System\srPkRIV.exe
  2⤵
  PID:7664
- C:\Windows\System\sHYCttm.exe
  C:\Windows\System\sHYCttm.exe
  2⤵
  PID:7584
- C:\Windows\System\SPcPQwd.exe
  C:\Windows\System\SPcPQwd.exe
  2⤵
  PID:7648
- C:\Windows\System\wZGpTyx.exe
  C:\Windows\System\wZGpTyx.exe
  2⤵
  PID:7400
- C:\Windows\System\iENIlAD.exe
  C:\Windows\System\iENIlAD.exe
  2⤵
  PID:7720
- C:\Windows\System\GClyBMR.exe
  C:\Windows\System\GClyBMR.exe
  2⤵
  PID:7840
- C:\Windows\System\PlImTuI.exe
  C:\Windows\System\PlImTuI.exe
  2⤵
  PID:7824
- C:\Windows\System\hLtsFLp.exe
  C:\Windows\System\hLtsFLp.exe
  2⤵
  PID:7856
- C:\Windows\System\SHzdKZP.exe
  C:\Windows\System\SHzdKZP.exe
  2⤵
  PID:7912
- C:\Windows\System\RlpRZjL.exe
  C:\Windows\System\RlpRZjL.exe
  2⤵
  PID:8000
- C:\Windows\System\kpEKLZP.exe
  C:\Windows\System\kpEKLZP.exe
  2⤵
  PID:8104
- C:\Windows\System\XPIEpMA.exe
  C:\Windows\System\XPIEpMA.exe
  2⤵
  PID:7972
- C:\Windows\System\xUWpOkW.exe
  C:\Windows\System\xUWpOkW.exe
  2⤵
  PID:8120
- C:\Windows\System\pklbALx.exe
  C:\Windows\System\pklbALx.exe
  2⤵
  PID:6512
- C:\Windows\System\GacSoAd.exe
  C:\Windows\System\GacSoAd.exe
  2⤵
  PID:8088
- C:\Windows\System\GFTrpAf.exe
  C:\Windows\System\GFTrpAf.exe
  2⤵
  PID:8176
- C:\Windows\System\pfRzJzi.exe
  C:\Windows\System\pfRzJzi.exe
  2⤵
  PID:7356
- C:\Windows\System\fAeCdQG.exe
  C:\Windows\System\fAeCdQG.exe
  2⤵
  PID:7660
- C:\Windows\System\VFVxEvO.exe
  C:\Windows\System\VFVxEvO.exe
  2⤵
  PID:7224
- C:\Windows\System\cvqzjhz.exe
  C:\Windows\System\cvqzjhz.exe
  2⤵
  PID:6820
- C:\Windows\System\asNcbnM.exe
  C:\Windows\System\asNcbnM.exe
  2⤵
  PID:7576
- C:\Windows\System\WKITZDQ.exe
  C:\Windows\System\WKITZDQ.exe
  2⤵
  PID:7680
- C:\Windows\System\lmsPCMB.exe
  C:\Windows\System\lmsPCMB.exe
  2⤵
  PID:7780
- C:\Windows\System\IPGVJny.exe
  C:\Windows\System\IPGVJny.exe
  2⤵
  PID:7880
- C:\Windows\System\qdNyVRu.exe
  C:\Windows\System\qdNyVRu.exe
  2⤵
  PID:7820
- C:\Windows\System\Tghuvmi.exe
  C:\Windows\System\Tghuvmi.exe
  2⤵
  PID:8084
- C:\Windows\System\SpeRpyx.exe
  C:\Windows\System\SpeRpyx.exe
  2⤵
  PID:7096
- C:\Windows\System\lbpygmo.exe
  C:\Windows\System\lbpygmo.exe
  2⤵
  PID:7240
- C:\Windows\System\KwlqFKd.exe
  C:\Windows\System\KwlqFKd.exe
  2⤵
  PID:6588
- C:\Windows\System\XuOHNWE.exe
  C:\Windows\System\XuOHNWE.exe
  2⤵
  PID:7336
- C:\Windows\System\JEoyXDx.exe
  C:\Windows\System\JEoyXDx.exe
  2⤵
  PID:7252
- C:\Windows\System\tLTMrzv.exe
  C:\Windows\System\tLTMrzv.exe
  2⤵
  PID:7572
- C:\Windows\System\VLPEeFN.exe
  C:\Windows\System\VLPEeFN.exe
  2⤵
  PID:7860
- C:\Windows\System\pHzhzOm.exe
  C:\Windows\System\pHzhzOm.exe
  2⤵
  PID:8040
- C:\Windows\System\FAKrDho.exe
  C:\Windows\System\FAKrDho.exe
  2⤵
  PID:7632
- C:\Windows\System\fosyvLr.exe
  C:\Windows\System\fosyvLr.exe
  2⤵
  PID:7504
- C:\Windows\System\yAdyUKJ.exe
  C:\Windows\System\yAdyUKJ.exe
  2⤵
  PID:7464
- C:\Windows\System\nrGzymL.exe
  C:\Windows\System\nrGzymL.exe
  2⤵
  PID:6156
- C:\Windows\System\iOnRFOZ.exe
  C:\Windows\System\iOnRFOZ.exe
  2⤵
  PID:8204
- C:\Windows\System\FAHmJOF.exe
  C:\Windows\System\FAHmJOF.exe
  2⤵
  PID:8224
- C:\Windows\System\vSJCFBQ.exe
  C:\Windows\System\vSJCFBQ.exe
  2⤵
  PID:8240
- C:\Windows\System\ioduABM.exe
  C:\Windows\System\ioduABM.exe
  2⤵
  PID:8256
- C:\Windows\System\vAeHpBp.exe
  C:\Windows\System\vAeHpBp.exe
  2⤵
  PID:8272
- C:\Windows\System\dYBswSy.exe
  C:\Windows\System\dYBswSy.exe
  2⤵
  PID:8288
- C:\Windows\System\WUNADvh.exe
  C:\Windows\System\WUNADvh.exe
  2⤵
  PID:8304
- C:\Windows\System\sBeFqNA.exe
  C:\Windows\System\sBeFqNA.exe
  2⤵
  PID:8320
- C:\Windows\System\GGOLwKD.exe
  C:\Windows\System\GGOLwKD.exe
  2⤵
  PID:8336
- C:\Windows\System\XiNtJNT.exe
  C:\Windows\System\XiNtJNT.exe
  2⤵
  PID:8352
- C:\Windows\System\xNgCXfQ.exe
  C:\Windows\System\xNgCXfQ.exe
  2⤵
  PID:8368
- C:\Windows\System\gATTcnW.exe
  C:\Windows\System\gATTcnW.exe
  2⤵
  PID:8384
- C:\Windows\System\gqpyFcZ.exe
  C:\Windows\System\gqpyFcZ.exe
  2⤵
  PID:8404
- C:\Windows\System\uLdLSkI.exe
  C:\Windows\System\uLdLSkI.exe
  2⤵
  PID:8420
- C:\Windows\System\MtpwaiV.exe
  C:\Windows\System\MtpwaiV.exe
  2⤵
  PID:8440
- C:\Windows\System\cTnkQqX.exe
  C:\Windows\System\cTnkQqX.exe
  2⤵
  PID:8460
- C:\Windows\System\MHosYpi.exe
  C:\Windows\System\MHosYpi.exe
  2⤵
  PID:8476
- C:\Windows\System\bOXiqpQ.exe
  C:\Windows\System\bOXiqpQ.exe
  2⤵
  PID:8492
- C:\Windows\System\mFaTMWp.exe
  C:\Windows\System\mFaTMWp.exe
  2⤵
  PID:8508
- C:\Windows\System\AZCWuGo.exe
  C:\Windows\System\AZCWuGo.exe
  2⤵
  PID:8524
- C:\Windows\System\JdsofHG.exe
  C:\Windows\System\JdsofHG.exe
  2⤵
  PID:8540
- C:\Windows\System\oqxGtnk.exe
  C:\Windows\System\oqxGtnk.exe
  2⤵
  PID:8556
- C:\Windows\System\qRGgrKV.exe
  C:\Windows\System\qRGgrKV.exe
  2⤵
  PID:8572
- C:\Windows\System\UfiFztQ.exe
  C:\Windows\System\UfiFztQ.exe
  2⤵
  PID:8612
- C:\Windows\System\BMJXUVE.exe
  C:\Windows\System\BMJXUVE.exe
  2⤵
  PID:8636
- C:\Windows\System\ZOIwMOl.exe
  C:\Windows\System\ZOIwMOl.exe
  2⤵
  PID:8660
- C:\Windows\System\fXFcGLR.exe
  C:\Windows\System\fXFcGLR.exe
  2⤵
  PID:8692
- C:\Windows\System\FHmrdxK.exe
  C:\Windows\System\FHmrdxK.exe
  2⤵
  PID:8720
- C:\Windows\System\TDYcHJF.exe
  C:\Windows\System\TDYcHJF.exe
  2⤵
  PID:8756
- C:\Windows\System\MSAqHwV.exe
  C:\Windows\System\MSAqHwV.exe
  2⤵
  PID:8784
- C:\Windows\System\WtsAKxN.exe
  C:\Windows\System\WtsAKxN.exe
  2⤵
  PID:8928
- C:\Windows\System\JFBcOpG.exe
  C:\Windows\System\JFBcOpG.exe
  2⤵
  PID:9052
- C:\Windows\System\NlqVyxA.exe
  C:\Windows\System\NlqVyxA.exe
  2⤵
  PID:9072
- C:\Windows\System\knUzzpO.exe
  C:\Windows\System\knUzzpO.exe
  2⤵
  PID:9092
- C:\Windows\System\RFuNTKn.exe
  C:\Windows\System\RFuNTKn.exe
  2⤵
  PID:9116
- C:\Windows\System\ReGSHPC.exe
  C:\Windows\System\ReGSHPC.exe
  2⤵
  PID:9140
- C:\Windows\System\qbwcNwK.exe
  C:\Windows\System\qbwcNwK.exe
  2⤵
  PID:7448
- C:\Windows\System\ySpPEqa.exe
  C:\Windows\System\ySpPEqa.exe
  2⤵
  PID:8232
- C:\Windows\System\egHYJUF.exe
  C:\Windows\System\egHYJUF.exe
  2⤵
  PID:8264
- C:\Windows\System\HicFiPc.exe
  C:\Windows\System\HicFiPc.exe
  2⤵
  PID:8328
- C:\Windows\System\wnuPvkk.exe
  C:\Windows\System\wnuPvkk.exe
  2⤵
  PID:8344
- C:\Windows\System\EQaTbmt.exe
  C:\Windows\System\EQaTbmt.exe
  2⤵
  PID:8284
- C:\Windows\System\hufGhnI.exe
  C:\Windows\System\hufGhnI.exe
  2⤵
  PID:7944
- C:\Windows\System\lINOxAy.exe
  C:\Windows\System\lINOxAy.exe
  2⤵
  PID:8468
- C:\Windows\System\RVymCPA.exe
  C:\Windows\System\RVymCPA.exe
  2⤵
  PID:8532
- C:\Windows\System\TEfDjso.exe
  C:\Windows\System\TEfDjso.exe
  2⤵
  PID:8632
- C:\Windows\System\QBHMUtz.exe
  C:\Windows\System\QBHMUtz.exe
  2⤵
  PID:8680
- C:\Windows\System\FUYXEMM.exe
  C:\Windows\System\FUYXEMM.exe
  2⤵
  PID:8732
- C:\Windows\System\dMIVEzp.exe
  C:\Windows\System\dMIVEzp.exe
  2⤵
  PID:8752
- C:\Windows\System\DuccqdG.exe
  C:\Windows\System\DuccqdG.exe
  2⤵
  PID:8596
- C:\Windows\System\ACIwEtQ.exe
  C:\Windows\System\ACIwEtQ.exe
  2⤵
  PID:8516
- C:\Windows\System\wXDcvhY.exe
  C:\Windows\System\wXDcvhY.exe
  2⤵
  PID:8484
- C:\Windows\System\GUIvjrL.exe
  C:\Windows\System\GUIvjrL.exe
  2⤵
  PID:8652
- C:\Windows\System\YolPyeg.exe
  C:\Windows\System\YolPyeg.exe
  2⤵
  PID:8712
- C:\Windows\System\grPEoGo.exe
  C:\Windows\System\grPEoGo.exe
  2⤵
  PID:8772
- C:\Windows\System\oOkbsal.exe
  C:\Windows\System\oOkbsal.exe
  2⤵
  PID:8592
- C:\Windows\System\dihKfFq.exe
  C:\Windows\System\dihKfFq.exe
  2⤵
  PID:8812
- C:\Windows\System\IvXldDY.exe
  C:\Windows\System\IvXldDY.exe
  2⤵
  PID:8828
- C:\Windows\System\fEEAqSQ.exe
  C:\Windows\System\fEEAqSQ.exe
  2⤵
  PID:8844
- C:\Windows\System\DwSlRUA.exe
  C:\Windows\System\DwSlRUA.exe
  2⤵
  PID:8864
- C:\Windows\System\YeNJtIr.exe
  C:\Windows\System\YeNJtIr.exe
  2⤵
  PID:8948
- C:\Windows\System\nrhhfWv.exe
  C:\Windows\System\nrhhfWv.exe
  2⤵
  PID:8972
- C:\Windows\System\RzEDxKz.exe
  C:\Windows\System\RzEDxKz.exe
  2⤵
  PID:9004
- C:\Windows\System\bzpcFBJ.exe
  C:\Windows\System\bzpcFBJ.exe
  2⤵
  PID:9028
- C:\Windows\System\VuvnqPP.exe
  C:\Windows\System\VuvnqPP.exe
  2⤵
  PID:9044
- C:\Windows\System\XYEtjHx.exe
  C:\Windows\System\XYEtjHx.exe
  2⤵
  PID:9084
- C:\Windows\System\yQZPUbG.exe
  C:\Windows\System\yQZPUbG.exe
  2⤵
  PID:9148
- C:\Windows\System\ljGouZc.exe
  C:\Windows\System\ljGouZc.exe
  2⤵
  PID:9196
- C:\Windows\System\hfLkMht.exe
  C:\Windows\System\hfLkMht.exe
  2⤵
  PID:9204
- C:\Windows\System\aVnvWab.exe
  C:\Windows\System\aVnvWab.exe
  2⤵
  PID:9172
- C:\Windows\System\UgvHIuq.exe
  C:\Windows\System\UgvHIuq.exe
  2⤵
  PID:8200
- C:\Windows\System\fqJdhqA.exe
  C:\Windows\System\fqJdhqA.exe
  2⤵
  PID:8212
- C:\Windows\System\neINXOK.exe
  C:\Windows\System\neINXOK.exe
  2⤵
  PID:8252
- C:\Windows\System\ZRsMIsB.exe
  C:\Windows\System\ZRsMIsB.exe
  2⤵
  PID:8364
- C:\Windows\System\zHRZBha.exe
  C:\Windows\System\zHRZBha.exe
  2⤵
  PID:8668
- C:\Windows\System\zFwCyEW.exe
  C:\Windows\System\zFwCyEW.exe
  2⤵
  PID:8624
- C:\Windows\System\LkQDOgP.exe
  C:\Windows\System\LkQDOgP.exe
  2⤵
  PID:8448
- C:\Windows\System\AzQtTbq.exe
  C:\Windows\System\AzQtTbq.exe
  2⤵
  PID:8584
- C:\Windows\System\JcDtnIp.exe
  C:\Windows\System\JcDtnIp.exe
  2⤵
  PID:8564
- C:\Windows\System\kMyFdCn.exe
  C:\Windows\System\kMyFdCn.exe
  2⤵
  PID:8708
- C:\Windows\System\pKuZNpt.exe
  C:\Windows\System\pKuZNpt.exe
  2⤵
  PID:8604
- C:\Windows\System\FnslKnj.exe
  C:\Windows\System\FnslKnj.exe
  2⤵
  PID:8776
- C:\Windows\System\QNNjhnh.exe
  C:\Windows\System\QNNjhnh.exe
  2⤵
  PID:8924
- C:\Windows\System\jTMuDlD.exe
  C:\Windows\System\jTMuDlD.exe
  2⤵
  PID:8856
- C:\Windows\System\lpuMqJB.exe
  C:\Windows\System\lpuMqJB.exe
  2⤵
  PID:8964
- C:\Windows\System\Eczmtkz.exe
  C:\Windows\System\Eczmtkz.exe
  2⤵
  PID:9124
- C:\Windows\System\yFGtcFT.exe
  C:\Windows\System\yFGtcFT.exe
  2⤵
  PID:9112
- C:\Windows\System\SbMXXpq.exe
  C:\Windows\System\SbMXXpq.exe
  2⤵
  PID:9128
- C:\Windows\System\doVhhSN.exe
  C:\Windows\System\doVhhSN.exe
  2⤵
  PID:9100
- C:\Windows\System\pCROnOY.exe
  C:\Windows\System\pCROnOY.exe
  2⤵
  PID:9164
- C:\Windows\System\TuUINPc.exe
  C:\Windows\System\TuUINPc.exe
  2⤵
  PID:9212
- C:\Windows\System\bWmDSMo.exe
  C:\Windows\System\bWmDSMo.exe
  2⤵
  PID:9188
- C:\Windows\System\sTmHNvL.exe
  C:\Windows\System\sTmHNvL.exe
  2⤵
  PID:8380
- C:\Windows\System\LIEizDm.exe
  C:\Windows\System\LIEizDm.exe
  2⤵
  PID:8676
- C:\Windows\System\LOXjKqQ.exe
  C:\Windows\System\LOXjKqQ.exe
  2⤵
  PID:8688
- C:\Windows\System\bDWVATn.exe
  C:\Windows\System\bDWVATn.exe
  2⤵
  PID:8436
- C:\Windows\System\qygrZbe.exe
  C:\Windows\System\qygrZbe.exe
  2⤵
  PID:8764
- C:\Windows\System\gBHaEFC.exe
  C:\Windows\System\gBHaEFC.exe
  2⤵
  PID:8992
- C:\Windows\System\sirtfVP.exe
  C:\Windows\System\sirtfVP.exe
  2⤵
  PID:8968
- C:\Windows\System\HcLJhbr.exe
  C:\Windows\System\HcLJhbr.exe
  2⤵
  PID:9024
- C:\Windows\System\lmWPiJQ.exe
  C:\Windows\System\lmWPiJQ.exe
  2⤵
  PID:8984
- C:\Windows\System\gLEiYbZ.exe
  C:\Windows\System\gLEiYbZ.exe
  2⤵
  PID:9012
- C:\Windows\System\xJrFoBN.exe
  C:\Windows\System\xJrFoBN.exe
  2⤵
  PID:9176
- C:\Windows\System\OHrQSNX.exe
  C:\Windows\System\OHrQSNX.exe
  2⤵
  PID:8504
- C:\Windows\System\cJnOHMZ.exe
  C:\Windows\System\cJnOHMZ.exe
  2⤵
  PID:8628
- C:\Windows\System\WGmIYyl.exe
  C:\Windows\System\WGmIYyl.exe
  2⤵
  PID:8428
- C:\Windows\System\kFXqfki.exe
  C:\Windows\System\kFXqfki.exe
  2⤵
  PID:8796
- C:\Windows\System\hZnIOXU.exe
  C:\Windows\System\hZnIOXU.exe
  2⤵
  PID:8552
- C:\Windows\System\GdvQGaJ.exe
  C:\Windows\System\GdvQGaJ.exe
  2⤵
  PID:9060
- C:\Windows\System\gzCvoPq.exe
  C:\Windows\System\gzCvoPq.exe
  2⤵
  PID:9080
- C:\Windows\System\gPgiyCL.exe
  C:\Windows\System\gPgiyCL.exe
  2⤵
  PID:7764
- C:\Windows\System\zqGYlTA.exe
  C:\Windows\System\zqGYlTA.exe
  2⤵
  PID:9168
- C:\Windows\System\DJPNvdv.exe
  C:\Windows\System\DJPNvdv.exe
  2⤵
  PID:8296
- C:\Windows\System\DJcqByt.exe
  C:\Windows\System\DJcqByt.exe
  2⤵
  PID:8840
- C:\Windows\System\aeAqOky.exe
  C:\Windows\System\aeAqOky.exe
  2⤵
  PID:9040
- C:\Windows\System\XIBlJXp.exe
  C:\Windows\System\XIBlJXp.exe
  2⤵
  PID:8804
- C:\Windows\System\WgeejBd.exe
  C:\Windows\System\WgeejBd.exe
  2⤵
  PID:9200
- C:\Windows\System\BGNKkBd.exe
  C:\Windows\System\BGNKkBd.exe
  2⤵
  PID:9108
- C:\Windows\System\tMCQkyE.exe
  C:\Windows\System\tMCQkyE.exe
  2⤵
  PID:7808
- C:\Windows\System\irLQqTZ.exe
  C:\Windows\System\irLQqTZ.exe
  2⤵
  PID:8748
- C:\Windows\System\INdUwmD.exe
  C:\Windows\System\INdUwmD.exe
  2⤵
  PID:8656
- C:\Windows\System\sfsiJgc.exe
  C:\Windows\System\sfsiJgc.exe
  2⤵
  PID:8848
- C:\Windows\System\dJidoeT.exe
  C:\Windows\System\dJidoeT.exe
  2⤵
  PID:9224
- C:\Windows\System\uDJUIVc.exe
  C:\Windows\System\uDJUIVc.exe
  2⤵
  PID:9240
- C:\Windows\System\DvRLGpl.exe
  C:\Windows\System\DvRLGpl.exe
  2⤵
  PID:9256
- C:\Windows\System\wpxyvwI.exe
  C:\Windows\System\wpxyvwI.exe
  2⤵
  PID:9280
- C:\Windows\System\xIuPSnn.exe
  C:\Windows\System\xIuPSnn.exe
  2⤵
  PID:9296
- C:\Windows\System\YTlCvTt.exe
  C:\Windows\System\YTlCvTt.exe
  2⤵
  PID:9312
- C:\Windows\System\joWBynv.exe
  C:\Windows\System\joWBynv.exe
  2⤵
  PID:9328
- C:\Windows\System\MtdBmyF.exe
  C:\Windows\System\MtdBmyF.exe
  2⤵
  PID:9344
- C:\Windows\System\eVmiRfL.exe
  C:\Windows\System\eVmiRfL.exe
  2⤵
  PID:9360
- C:\Windows\System\btCMAFW.exe
  C:\Windows\System\btCMAFW.exe
  2⤵
  PID:9376
- C:\Windows\System\EVFNmKF.exe
  C:\Windows\System\EVFNmKF.exe
  2⤵
  PID:9392
- C:\Windows\System\YnkVstF.exe
  C:\Windows\System\YnkVstF.exe
  2⤵
  PID:9408
- C:\Windows\System\AfZMCgZ.exe
  C:\Windows\System\AfZMCgZ.exe
  2⤵
  PID:9436
- C:\Windows\System\NwmaSkQ.exe
  C:\Windows\System\NwmaSkQ.exe
  2⤵
  PID:9460
- C:\Windows\System\bvRZWuz.exe
  C:\Windows\System\bvRZWuz.exe
  2⤵
  PID:9496
- C:\Windows\System\XfZbakH.exe
  C:\Windows\System\XfZbakH.exe
  2⤵
  PID:9520
- C:\Windows\System\pvThOBI.exe
  C:\Windows\System\pvThOBI.exe
  2⤵
  PID:9544
- C:\Windows\System\cYsjJNW.exe
  C:\Windows\System\cYsjJNW.exe
  2⤵
  PID:9568
- C:\Windows\System\ieMUtBH.exe
  C:\Windows\System\ieMUtBH.exe
  2⤵
  PID:9592
- C:\Windows\System\UsPaPGp.exe
  C:\Windows\System\UsPaPGp.exe
  2⤵
  PID:9612
- C:\Windows\System\YhApRFa.exe
  C:\Windows\System\YhApRFa.exe
  2⤵
  PID:9628
- C:\Windows\System\RjGqpHC.exe
  C:\Windows\System\RjGqpHC.exe
  2⤵
  PID:9652
- C:\Windows\System\EcvNqyF.exe
  C:\Windows\System\EcvNqyF.exe
  2⤵
  PID:9668
- C:\Windows\System\ujesQWi.exe
  C:\Windows\System\ujesQWi.exe
  2⤵
  PID:9684
- C:\Windows\System\nJOTrbA.exe
  C:\Windows\System\nJOTrbA.exe
  2⤵
  PID:9704
- C:\Windows\System\JWFEknQ.exe
  C:\Windows\System\JWFEknQ.exe
  2⤵
  PID:9728
- C:\Windows\System\lApdvII.exe
  C:\Windows\System\lApdvII.exe
  2⤵
  PID:9748
- C:\Windows\System\qXgghdn.exe
  C:\Windows\System\qXgghdn.exe
  2⤵
  PID:9764
- C:\Windows\System\suKBijp.exe
  C:\Windows\System\suKBijp.exe
  2⤵
  PID:9784
- C:\Windows\System\onMaFvg.exe
  C:\Windows\System\onMaFvg.exe
  2⤵
  PID:9804
- C:\Windows\System\KCNpRzb.exe
  C:\Windows\System\KCNpRzb.exe
  2⤵
  PID:9824
- C:\Windows\System\YdvOQUx.exe
  C:\Windows\System\YdvOQUx.exe
  2⤵
  PID:9844
- C:\Windows\System\LlNdnVm.exe
  C:\Windows\System\LlNdnVm.exe
  2⤵
  PID:9860
- C:\Windows\System\UmCVrzW.exe
  C:\Windows\System\UmCVrzW.exe
  2⤵
  PID:9876
- C:\Windows\System\NSQmMWF.exe
  C:\Windows\System\NSQmMWF.exe
  2⤵
  PID:9892
- C:\Windows\System\HkYxLNc.exe
  C:\Windows\System\HkYxLNc.exe
  2⤵
  PID:9924
- C:\Windows\System\ruloLSY.exe
  C:\Windows\System\ruloLSY.exe
  2⤵
  PID:9940
- C:\Windows\System\GQhkhfr.exe
  C:\Windows\System\GQhkhfr.exe
  2⤵
  PID:9956
- C:\Windows\System\QsxYvFY.exe
  C:\Windows\System\QsxYvFY.exe
  2⤵
  PID:9972
- C:\Windows\System\kEHfOSu.exe
  C:\Windows\System\kEHfOSu.exe
  2⤵
  PID:9988
- C:\Windows\System\zXpelyu.exe
  C:\Windows\System\zXpelyu.exe
  2⤵
  PID:10004
- C:\Windows\System\cATDvuF.exe
  C:\Windows\System\cATDvuF.exe
  2⤵
  PID:10020
- C:\Windows\System\UQEiYgc.exe
  C:\Windows\System\UQEiYgc.exe
  2⤵
  PID:10036
- C:\Windows\System\DqnPZwR.exe
  C:\Windows\System\DqnPZwR.exe
  2⤵
  PID:10056
- C:\Windows\System\SkOewQa.exe
  C:\Windows\System\SkOewQa.exe
  2⤵
  PID:10076
- C:\Windows\System\pEcbwYk.exe
  C:\Windows\System\pEcbwYk.exe
  2⤵
  PID:10108
- C:\Windows\System\algPSYS.exe
  C:\Windows\System\algPSYS.exe
  2⤵
  PID:10128
- C:\Windows\System\hkEOjvM.exe
  C:\Windows\System\hkEOjvM.exe
  2⤵
  PID:10148
- C:\Windows\System\IoMurSr.exe
  C:\Windows\System\IoMurSr.exe
  2⤵
  PID:10164
- C:\Windows\System\TBdpXST.exe
  C:\Windows\System\TBdpXST.exe
  2⤵
  PID:10180
- C:\Windows\System\voyqQuq.exe
  C:\Windows\System\voyqQuq.exe
  2⤵
  PID:10200
- C:\Windows\System\nTYxpeJ.exe
  C:\Windows\System\nTYxpeJ.exe
  2⤵
  PID:10232
- C:\Windows\System\iLJbUzg.exe
  C:\Windows\System\iLJbUzg.exe
  2⤵
  PID:9264
- C:\Windows\System\CUhyMje.exe
  C:\Windows\System\CUhyMje.exe
  2⤵
  PID:9292
- C:\Windows\System\jbeBqvF.exe
  C:\Windows\System\jbeBqvF.exe
  2⤵
  PID:9352
- C:\Windows\System\PPFGTTb.exe
  C:\Windows\System\PPFGTTb.exe
  2⤵
  PID:9104
- C:\Windows\System\BiKtNcu.exe
  C:\Windows\System\BiKtNcu.exe
  2⤵
  PID:9432
- C:\Windows\System\waRwixu.exe
  C:\Windows\System\waRwixu.exe
  2⤵
  PID:9444
- C:\Windows\System\iqGFxxJ.exe
  C:\Windows\System\iqGFxxJ.exe
  2⤵
  PID:9480
- C:\Windows\System\AbnkaAo.exe
  C:\Windows\System\AbnkaAo.exe
  2⤵
  PID:9476
- C:\Windows\System\brHrfWZ.exe
  C:\Windows\System\brHrfWZ.exe
  2⤵
  PID:9516
- C:\Windows\System\QWLRWqA.exe
  C:\Windows\System\QWLRWqA.exe
  2⤵
  PID:9540
- C:\Windows\System\hdIiAqK.exe
  C:\Windows\System\hdIiAqK.exe
  2⤵
  PID:9576
- C:\Windows\System\LmjXIKT.exe
  C:\Windows\System\LmjXIKT.exe
  2⤵
  PID:9600
- C:\Windows\System\fNZKxvN.exe
  C:\Windows\System\fNZKxvN.exe
  2⤵
  PID:9636
- C:\Windows\System\QcWifmt.exe
  C:\Windows\System\QcWifmt.exe
  2⤵
  PID:9712
- C:\Windows\System\WciKsfe.exe
  C:\Windows\System\WciKsfe.exe
  2⤵
  PID:9736
- C:\Windows\System\UjpWXJb.exe
  C:\Windows\System\UjpWXJb.exe
  2⤵
  PID:9760
- C:\Windows\System\saPyDzz.exe
  C:\Windows\System\saPyDzz.exe
  2⤵
  PID:9796
- C:\Windows\System\VDSNaFo.exe
  C:\Windows\System\VDSNaFo.exe
  2⤵
  PID:9816
- C:\Windows\System\DTIYPrg.exe
  C:\Windows\System\DTIYPrg.exe
  2⤵
  PID:9900
- C:\Windows\System\yFUqEaY.exe
  C:\Windows\System\yFUqEaY.exe
  2⤵
  PID:9920
- C:\Windows\System\NxMhQRr.exe
  C:\Windows\System\NxMhQRr.exe
  2⤵
  PID:9852
- C:\Windows\System\yrawugs.exe
  C:\Windows\System\yrawugs.exe
  2⤵
  PID:9884
- C:\Windows\System\TzECdqj.exe
  C:\Windows\System\TzECdqj.exe
  2⤵
  PID:9996
- C:\Windows\System\RiVdygs.exe
  C:\Windows\System\RiVdygs.exe
  2⤵
  PID:10068
- C:\Windows\System\KHevfKA.exe
  C:\Windows\System\KHevfKA.exe
  2⤵
  PID:10156
- C:\Windows\System\gIzHptX.exe
  C:\Windows\System\gIzHptX.exe
  2⤵
  PID:10192
- C:\Windows\System\wqFIOqh.exe
  C:\Windows\System\wqFIOqh.exe
  2⤵
  PID:10012
- C:\Windows\System\eZfDiWs.exe
  C:\Windows\System\eZfDiWs.exe
  2⤵
  PID:10092
- C:\Windows\System\bEjxlXY.exe
  C:\Windows\System\bEjxlXY.exe
  2⤵
  PID:10104
- C:\Windows\System\LYDIwmP.exe
  C:\Windows\System\LYDIwmP.exe
  2⤵
  PID:10176
- C:\Windows\System\qbpniwf.exe
  C:\Windows\System\qbpniwf.exe
  2⤵
  PID:8452
- C:\Windows\System\mnNxQAA.exe
  C:\Windows\System\mnNxQAA.exe
  2⤵
  PID:9276
- C:\Windows\System\VkArTCL.exe
  C:\Windows\System\VkArTCL.exe
  2⤵
  PID:9304
- C:\Windows\System\ejjnsHY.exe
  C:\Windows\System\ejjnsHY.exe
  2⤵
  PID:9324
- C:\Windows\System\ZifMnhj.exe
  C:\Windows\System\ZifMnhj.exe
  2⤵
  PID:9416
- C:\Windows\System\YzlUhWA.exe
  C:\Windows\System\YzlUhWA.exe
  2⤵
  PID:9492
- C:\Windows\System\xtEpsbK.exe
  C:\Windows\System\xtEpsbK.exe
  2⤵
  PID:9584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EyKCwiD.exe

Filesize
6.0MB

MD5
079a35ceac911587a2977f550e1872a4

SHA1
9abc2d5579081367524b139f4f437650655f458f

SHA256
d4e571310ee3e9af7fe5e5ec87af63ee940801307f7f8bbcb2a449767ee3f93a

SHA512
4b03130d0e89ff4525d5828b6eedd8c92d368a5326d2178c09c25585c17d0907a1c910ee2c410c0597ff929af02564790733138ff7100a0364d5f655c7762298

Download Submit
C:\Windows\system\FNQYMwD.exe

Filesize
6.0MB

MD5
cd3625303f3dd1834a592b921be39d54

SHA1
2ad5f479562c8e01f41f58a4ce95234a73e3d14f

SHA256
5e70518d375384074024a6567f101b25cd4cc2fbe146dcca90cb7698683184f0

SHA512
48414f3ff55c07759706c1ce6feb6d6dd45c01f789449574158f8a6feac3cb5fd82c005c8c0513af4e6715b410953e7c669f89e3e1b9d8842e5b8d0943fccec5

Download Submit
C:\Windows\system\HsTVBZA.exe

Filesize
6.0MB

MD5
f09d846db34c3767570727f7872333d8

SHA1
828f31ffbf36c1d722de13225aace869d8cc31ed

SHA256
29c229b09c62689225b998fc9dfff5783880a5e4581349fa2c4f569fe5400e4e

SHA512
a3272f2c3ad9dd46675ba5417c439861842c30a669e31fc34ae9e21c065df8e5b8dfe9da289a0903527c6fc660357728d50dec5d6d137d3d59a0b471f2ac765d

Download Submit
C:\Windows\system\Ialheos.exe

Filesize
6.0MB

MD5
bd224938a80b035e0f233b1d2263294b

SHA1
5afdc53100801b0d11caf7ca2566daef610d2023

SHA256
9ec62a23b03799742d9a909aa75a2161f0cba4b3182d15e9306d2325c893dd6c

SHA512
0f18f96d452c53e791aced9d825bc8750c80643cac572373d420cc8e7bace3c19a81bcaf0969ae022f48ee002fb13dc976e815fc7a2779690896b764058dca9b

Download Submit
C:\Windows\system\JUAwgCn.exe

Filesize
6.0MB

MD5
bfa664ed47197006a063b153c6418309

SHA1
3283ae05a2086f8d916fd363addba2f5003c1e56

SHA256
b1d5c41261980a8d68a781ffd46d8581371b85c1b7f51f7f37c7d99821a25155

SHA512
7b5113589729853077ac09633d119c676e69fcb716a6e996d5aa277398bb31fa7792a04ee88d6d3f6920fdc9e87f7328eb4134488e926173bd20fe3e43e3c71d

Download Submit
C:\Windows\system\LxyrTrf.exe

Filesize
6.0MB

MD5
20bcb5d7a88e22a27fe5f10162b89085

SHA1
47ab31067e16ff3f941f8eee64e84e2a22278530

SHA256
8d9f0c1e43217e2966f2dd496a2fa734d3143066832a6f4e14c58016008a494a

SHA512
84ee689a2436e1a5885d35b2f1c72fd7f0afa54120b5cfcb9861b13913442ec9fb600baeb7eed1e4b700cb98e683b01528a8ece932f2286ce152b88ddb44a999

Download Submit
C:\Windows\system\OuitGqC.exe

Filesize
6.0MB

MD5
a3c5a5597650e5aab4d074f2991dd450

SHA1
9d75deb27bcd1cef4ae29652d41845a391e44ffd

SHA256
906b091681dcac7f5ae971e5934f89cdc65a462f54a203d2f7f722f2f0953f68

SHA512
ed2b55d2ee6918f50004d3f93ce148c998677df89a563166bb7e5b9ecfab025cfde7978458789f950f4e33b2d68022f1f80d934595f6353886f23f1ce9cc1cd3

Download Submit
C:\Windows\system\QJcobbf.exe

Filesize
6.0MB

MD5
e4dc42571536ba9b9d2162fd3591e891

SHA1
b05fe1c79a7240a0050d698355dd4a8fe66f20d9

SHA256
e14ca339400f7403948dde13a82a0d6bfc89a014cea2b88a93d761e20b954a4f

SHA512
917cc6a2aded59edf77525fef0c47031e7767a6d2f87c30cd89400ca2936dd816db330b0551deda9156ad9992a64b9e51288be8a80f5a54761f399dcee50f85a

Download Submit
C:\Windows\system\RTkSuRZ.exe

Filesize
6.0MB

MD5
aab4843ac1f3c9dbc61bcf3952576647

SHA1
e9bd1ab95857ae488abe98871e2f0d183a848f14

SHA256
6d1dd1441d156c0b90172582e3898da4770775b70d933b8812a13b8749f9d92c

SHA512
1017d00384bffe35e8d7f39b0ad767c52d8f597fd4db15e79d4124aca4d447410851ec5d2c56f0841c10a643e80c2ff400e1dcde7055eb28546c7aee734ae105

Download Submit
C:\Windows\system\XnXIaeO.exe

Filesize
6.0MB

MD5
68795dda1b03a7db848ef3fbb369e1eb

SHA1
75ba6c8c9b84cc98ee26ed0a59af82c49c30b1ed

SHA256
5a8a1f059a1470330aac44b31ad10e12ad1fdee2a40657f0bc8f7034dcf9dc1d

SHA512
dafea166d813fda07272c975b835035b8144876ece1a7d99e50d940b3c2a0f54e7c6280f86cce9bb3d835da9ebd3279a3ad69b1b5c1ada42df0ad259600ed8df

Download Submit
C:\Windows\system\YLFoUnj.exe

Filesize
6.0MB

MD5
efd5046e0b4950a0551f977a3229bd52

SHA1
ec03226bad0166dbbc3e1bce6f4b14c92b1c4aec

SHA256
5dbd33e91e2864f2a0ca845452c29a6aa7db917d6443acf2dbf844ab140f9391

SHA512
e59a11d3ee48281eb184fc751e21964869937df078fc5d91553684c543943424733a1fcc09111e8217284619bdf0799c6055d34601201202ada70d3aa5dc0ef8

Download Submit
C:\Windows\system\YQWIvcH.exe

Filesize
6.0MB

MD5
23d2d53a35d9e5742f0af2576372982f

SHA1
4983550b4a60c42c8f63df9539b30ce69dd8df20

SHA256
c7ee99fe9e38f48df67135d4bb3183bded0c672a5f62108534a0e83ef9b1bc9a

SHA512
929a14d919e93c838b18cd9c33b9e56cc67b68e7573f9c66e9ee5451fb83e3aa1d5d5339b25b7d63b660638f2db5c4cda29bdb2b2336495a1b80761cb60812b3

Download Submit
C:\Windows\system\bgRqidI.exe

Filesize
6.0MB

MD5
9083af14eb38f3b574803cc5c8b38f81

SHA1
f78324e2af174342060b90df822dc177fac9afc7

SHA256
d2fdf7be757ff69083bbcdafd74d8fcc53693a673cc7000f7f5b7ccd9c92da4b

SHA512
27447b9c0e5091d2de63f8805fc8472f3eae816850916b36fadb6b8fd5519b8a73ac0fa398db8292378fd6ba953393289e86e5f1983befdb01d9e03964996a49

Download Submit
C:\Windows\system\dRDgdUM.exe

Filesize
6.0MB

MD5
b0d54da555f8eb4f4f1443b87a32bf3e

SHA1
2b51b6aeed540f59a2c909c47b3bf11772852d9d

SHA256
5e581f8739af32ef097cb5586d7f9f06670085835bda4c59b66fdcbc08e2007e

SHA512
efba74ae881e9a6bafb74906b0797e715a2d9de68825806c41bc195bdbe3acb5dbafbaae4cfd1ddcd1a3622b31088412530b74c2136514020de690a515ba35a6

Download Submit
C:\Windows\system\gxgpgDD.exe

Filesize
6.0MB

MD5
9abaa02f8549a58b475156a68002d87c

SHA1
82a8483ca46e161cfa9ce77c69345bc1fcdc71a7

SHA256
6e052c530089bc4494fe54f9f8c3c545fffa42bf31930cae214be793bc77d8cc

SHA512
dd1c650a933be16412aa8d2e2a2c801a730d5870638d642f947d2baff0a7cc828cf6b89f413db939a06116888bae3033668819779d4350cc71b4445ab57bf6e1

Download Submit
C:\Windows\system\kQrGgzi.exe

Filesize
6.0MB

MD5
2f3963dcf6dd760eb0d23bb25166c27f

SHA1
bab1d53599a4f9e544c3b51cf3a797e58f3b4e01

SHA256
f7224fa26a8fe77bc58546b11561d845d48ee40ee503862b37384f94e2a056bb

SHA512
7093fbd1a4f54bfe40cb5b97e96ef79c854b3b7697189f5967372d9652c05807a26c14aac6d76b6da8c63ddd0ab3ad6d0245f0252a54dd40997a93771d2c0d62

Download Submit
\Windows\system\FsZnPIs.exe

Filesize
6.0MB

MD5
931ee81ac124c0a5ff2812961edf2d9c

SHA1
e2b1288832d59f8e73872e8d7b9d260e6741f68b

SHA256
fdc4f30bf746a7e0fa95b771a9f5ec1482ed1f4928e4b18e1b8ffe5fcc7cfa58

SHA512
ca99f12c9168ee4ab2cbcb5cff194df01929da338440cbd7967202d65ecc4bbe08560fa58ace225664924d4b06253bfa8ebdc3f72d00e5697122b82011cb0e00

Download Submit
\Windows\system\HXfRtAv.exe

Filesize
6.0MB

MD5
255e650c6ff8140bddb0314e79aaef38

SHA1
1cf52352713ee12064ea0be321ff07e3822926be

SHA256
fe3ff14d88bc3bb81ac3a0d5568b6d9152273f20d09c760a5df8807e25e3451d

SHA512
2ef46c8134eb371ea52345a1678082176af8055402d1136be074a9ee256cd94e01b95ce39ed9ca537040ed041954c8b3efe55337eb56c27c33f1697f21f9a411

Download Submit
\Windows\system\KWaicQp.exe

Filesize
6.0MB

MD5
49dce56025790ba61e6973f20cd39540

SHA1
fb627cde0ebb491c811a56a8211bb57ad25bbcf2

SHA256
9c1ce28c06cd00969d30dbb0daa2509259bc9cc927e84d0839c12dd37c0f5bce

SHA512
47abc4b258033a12714028302dd5c4e04efce411132535130e5b24f4d16dfddfb9e9332de297038354251cffd9ba7b26051e375f9f392273fee4f3adaf85fc6a

Download Submit
\Windows\system\LGiTsDb.exe

Filesize
6.0MB

MD5
d28caf67d4cc8c1141e259db58dd5cac

SHA1
dba00e8be7a3f81c8bcb14e19eda3a5e7adb7e79

SHA256
b0e46b15669dce11af72f07603c4936a955c12070a69f6ffde7ccfcf4e69e8cc

SHA512
ca566888593ff2cfc8b8800ece660e3263496ca5a6a69ebe3016584ef3345d71294493eefb23d861c8fa91d32dbe914e77fe2185b5869f3672b1cf1864f5a8a1

Download Submit
\Windows\system\MMPjCkC.exe

Filesize
6.0MB

MD5
5d9e537fe182df988b3a3c0e2d49821f

SHA1
437c023a7b0f773a0d650430fdd9acc40dec517f

SHA256
d0d800a8f9dbef7e8538abc43f50e0aede377383bdd61c4f2a1d07f644988744

SHA512
06591db29467f3965a43536b3b8adb82a4e3d35820047337ad84ebdf39832c199881d577bc0082d91f885e9288ee2d55909359a92f565f648a27209c53b0c752

Download Submit
\Windows\system\NWgSCLD.exe

Filesize
6.0MB

MD5
b33cd67aff6ae30f92d83930618447e2

SHA1
13069904cf56b7fa9992431a3a9ea0a2172162c3

SHA256
5dbaf2e73d3c4b48a48e174794723bafc5b02ac3ea90a86bdca3f14769177e1f

SHA512
e5107dd09e0b22afab97e36e4b4b0ff1e2e3c158dd195dcfeba470b4f1dc9e6b3508dcb7596a7aea83a7cf829c2845650ec6380892fd52e1d0f28177494ef40a

Download Submit
\Windows\system\VEgRurP.exe

Filesize
6.0MB

MD5
c16f0e32972c8d584160d1f80483d6de

SHA1
3effdd49f29f6ba2a6c2e076486b9779aef8e6fb

SHA256
452b8aa1ca9ddc26495c06552725dde4b66de45cdf25ab077424b85e85001ec7

SHA512
79ff3e51b74f9d84de4ed1f0ffddb72fb21280d1bc0336f6f8e4ea88762984518004fda084f20d5beeeff85ad535de2524b3bfde921fcba17eab50f577ce820c

Download Submit
\Windows\system\XTfhloT.exe

Filesize
6.0MB

MD5
141d6b8a20e7ff5ac9a924e7c8a8049c

SHA1
44237f0c762b7fd3e85ba556f47958e282e1adb6

SHA256
bb10c00dcd43c75d57c728d2b79073bd8e91162519be2e667c1e03546bbf8266

SHA512
7a73f254990f7fc158b292c6a2b6698b12199c1a10c1cfe097294f88869d45ed42f3736cc6d16e15242ba8b6db7b6cd562312139d311405190dd7882b55d2efc

Download Submit
\Windows\system\YHrjHnp.exe

Filesize
6.0MB

MD5
96c70b499b1d78ef0559540fcd7e83ec

SHA1
f52fbd0bf2fb7f1ee0d00f301a1c543c22a95135

SHA256
77cbf226ee2c26fae30aa4ad8bbe03769fb2467b7960f5ca71f8c105d9d0abbb

SHA512
ecd7488f613e6b100271903f9382da8d6f02113f81806ac49b46051f8f85c84c96a07a0dde7b2cd7ccccd457082bbb04ca36c501f4fa6abd26ec3b04e178cf31

Download Submit
\Windows\system\fxNzxpw.exe

Filesize
6.0MB

MD5
431e2d5aacdc805fb6c910875d3e7da6

SHA1
f6c149752f45d83673fbaa320bf362658825bfb6

SHA256
6b947694a611e2efaa746d56d2330c76e7d2983bd2ddf368ee3160276a27eaa7

SHA512
17b0b76dbd045ff9cf90766d56dd069210306b3c6b04e770641dc080d3bcc70fe0c6923a1a717ce6f4ad326eb87fdfd66c384c61e7d242598e112ce5990a9b2f

Download Submit
\Windows\system\iYMSUKV.exe

Filesize
6.0MB

MD5
458547139199a4f70b45f3a53f9bdb0b

SHA1
4f351fcd092e4a5a39ea32735039644944bb999f

SHA256
09eee84b42cbed6bf8bcde78bba5b3040a9c65ad39722b90130427c76a277535

SHA512
f97d825c0372e3846e80bd2e1aeb4059b1d28b80abc051b1e1cd5d0cb42a6e59299c656896c48048d4bf2fe3e80735a152d8d9232fa0d724a51cf2c3a11abf96

Download Submit
\Windows\system\iyqEipo.exe

Filesize
6.0MB

MD5
f9378a2c1e31e39e4848770949e52d25

SHA1
721c38dd13b36d7a7b6d925fee3175c82614c656

SHA256
277e0f0bfa551376ed6fa775d84536f88bd7575186186da6fe924b01a9a99808

SHA512
57ba9facb633a733fc00bad9ddf72e44983b3b3e5894ea29f27bf51066047af45d5b86ff68c1708401d7df4d2edebcddac76549688693c283c60d45890470547

Download Submit
\Windows\system\lhlKstO.exe

Filesize
6.0MB

MD5
a07a1af4acccf0974cf252382a45d856

SHA1
460cd0591f741f84027cc32cd7e4b9e8d70f4501

SHA256
0ce94062306a2ddd81398ae1fe0f6d8dec8c4a20508f6ebdc6350c2e5ca05bee

SHA512
cc075cb6b9ba23de534cd92d430119577dedd9fe5a641862a6f9985fad396e2c063baf22d3c4353b2a2576ca6ada0caba02b2b183409440d0220c39efefa23bb

Download Submit
\Windows\system\mpQzFCw.exe

Filesize
6.0MB

MD5
6fc3407e87da536d79d345652caf53b1

SHA1
b1ba34c2a08bd9a329e1df6ac83d24a3a2b15e7d

SHA256
95e9bd314338cdbaabb8d48c33bd4b3c546b8c46ffd5375ac352d91966b7a173

SHA512
7569d65d2a211bab766d32cd0eb50093f4aaa70a6bc43cfbea23b2c1c74812f6da39f263ed221714dfcdbb918bd3a21091d6bd1fa81fe7772f451854f13f7a1c

Download Submit
\Windows\system\vRNjMfP.exe

Filesize
6.0MB

MD5
82fa3c03b46daefa1a93526c78800cbf

SHA1
18e7b13cc2366a39dcd6177a6614492695f04916

SHA256
7bc8d6c6e15c05ff5893a3cd0875a77d21736683147ffc11ac84654127082c51

SHA512
48a04796398a0d62423c0600a0e4f45c8c8f48478eeb84e25be675c8ac07a86e301ed32674fd6696a73de75a8ba16fcf18c954ad6efc47b1d5b2ef84fd0bc342

Download Submit
\Windows\system\xyaTpiU.exe

Filesize
6.0MB

MD5
689aa0ba528118b30a4d4bda0a3a43c6

SHA1
a8a8b04832ab097515413b15fce7b4a9db41cf46

SHA256
aac1d0e3df38454370ccd684bf9130791618086cb45580e0a88ac72631dfd907

SHA512
ffc63ae2847f358ad7685d23e81bf424d2c86b2561b29de172959f4368ba14f77c199396e7c3e024864343300d684b1c655485607eb5638f59673fa42c9ec6f6

Download Submit
memory/1684-3742-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/1684-94-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2140-21-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2140-3509-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2176-3388-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2176-9-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2232-92-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-266-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2232-3743-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-19-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-3454-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2312-49-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-29-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3549-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-62-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-99-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2404-107-0x000000013FDD0000-0x0000000140124000-memory.dmp

Filesize
3.3MB

Download
memory/2404-65-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2404-55-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2404-80-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2404-102-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2404-121-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2404-122-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2404-125-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-84-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2404-33-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2404-329-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2404-74-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-41-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2404-26-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-22-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2404-0-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2404-322-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2404-37-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2404-95-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-271-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2404-270-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2404-112-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2404-7-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3740-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-88-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-108-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3749-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2696-50-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2704-66-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-3741-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3731-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2728-58-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3596-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2844-43-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2844-96-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3597-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2852-70-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download
memory/2852-35-0x000000013F8E0000-0x000000013FC34000-memory.dmp

Filesize
3.3MB

Download