cobaltstrike | de395a108601c1fe3bb25d4764f125ec482610ae8b1dce9245cb9fa88f1a8181

Analysis

max time kernel
87s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24-09-2024 19:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

db1b7e9ee3f29603926de9ec1dd3e6a0
SHA1

221fee67b97b759431fb9309ab8fc38c4bad2154
SHA256

de395a108601c1fe3bb25d4764f125ec482610ae8b1dce9245cb9fa88f1a8181
SHA512

8122f637cb4ea493735f9199e7c1ed2a8a034a60022737bdfad5ffbb8ef77db772bb3d59e7f395e4c502bc70780bc449b4146ec2a92fe327cabf091c12819e47
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUO:T+q56utgpPF8u/7O

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000016688-11.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001211b-3.dat	cobalt_reflective_dll
behavioral1/files/0x000a00000001688f-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016b85-25.dat	cobalt_reflective_dll
behavioral1/files/0x0038000000016398-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cef-48.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d72-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016caa-44.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707e-65.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f7-88.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001756f-100.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000170da-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017226-83.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c9f-39.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018708-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870a-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b7f-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bf9-156.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c33-174.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019054-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193da-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939d-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938c-186.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c31-172.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c11-166.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c05-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be5-151.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018bb0-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187c0-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187ac-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a7-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871a-121.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2536-0-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0008000000016688-11.dat	xmrig
behavioral1/files/0x000700000001211b-3.dat	xmrig
behavioral1/memory/2536-8-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x000a00000001688f-9.dat	xmrig
behavioral1/memory/456-16-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/2808-22-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2448-15-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016b85-25.dat	xmrig
behavioral1/memory/2860-29-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/files/0x0038000000016398-30.dat	xmrig
behavioral1/files/0x0007000000016cef-48.dat	xmrig
behavioral1/files/0x0009000000016d72-55.dat	xmrig
behavioral1/files/0x0007000000016caa-44.dat	xmrig
behavioral1/files/0x000800000001707e-65.dat	xmrig
behavioral1/memory/3060-69-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2724-64-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2788-62-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2808-80-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/620-76-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2708-85-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x00060000000174f7-88.dat	xmrig
behavioral1/files/0x000600000001756f-100.dat	xmrig
behavioral1/memory/1124-101-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2536-99-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/2104-93-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2744-92-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x00060000000170da-75.dat	xmrig
behavioral1/files/0x0006000000017226-83.dat	xmrig
behavioral1/memory/2536-81-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2536-102-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2536-61-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2936-60-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2536-59-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2876-58-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2536-66-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2536-34-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/3060-103-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c9f-39.dat	xmrig
behavioral1/memory/2744-38-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2536-104-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/files/0x0005000000018708-112.dat	xmrig
behavioral1/files/0x000500000001870a-116.dat	xmrig
behavioral1/files/0x0006000000018b7f-141.dat	xmrig
behavioral1/files/0x0006000000018bf9-156.dat	xmrig
behavioral1/files/0x0006000000018c33-174.dat	xmrig
behavioral1/files/0x0006000000019054-181.dat	xmrig
behavioral1/files/0x00050000000193da-194.dat	xmrig
behavioral1/memory/2104-518-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/1124-703-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/2536-588-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/memory/2708-313-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2536-205-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x000500000001939d-191.dat	xmrig
behavioral1/files/0x000500000001938c-186.dat	xmrig
behavioral1/files/0x0006000000018c31-172.dat	xmrig
behavioral1/files/0x0006000000018c11-166.dat	xmrig
behavioral1/files/0x0006000000018c05-161.dat	xmrig
behavioral1/files/0x0006000000018be5-151.dat	xmrig
behavioral1/files/0x0006000000018bb0-146.dat	xmrig
behavioral1/files/0x00050000000187c0-136.dat	xmrig
behavioral1/files/0x00050000000187ac-131.dat	xmrig
behavioral1/files/0x00050000000187a7-126.dat	xmrig
behavioral1/files/0x000500000001871a-121.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2448	ZGvHhGp.exe
456	EkJqGma.exe
2808	SJeYrlo.exe
2860	RCYXUZx.exe
2744	gQhOwWc.exe
2876	kAgNTbY.exe
2936	XBuMcGZ.exe
2788	ZeRZMLq.exe
2724	ggsMXjE.exe
3060	VEZUQEp.exe
620	zWgbEKw.exe
2708	ENaBtLS.exe
2104	IwPyudP.exe
1124	GJIMxjd.exe
2000	XmaFLKX.exe
340	RpFaRIH.exe
2024	KDPBMMi.exe
1924	BWBfWML.exe
2700	jTXMOHd.exe
1020	NycEIqV.exe
1992	XMXxliY.exe
1080	PKUrbEQ.exe
2168	PJxuEDK.exe
2988	QuxiPsr.exe
2208	rsLqdZn.exe
1040	dxDDxGo.exe
2200	XXrOAIL.exe
1708	emKttia.exe
1996	RbXcfKQ.exe
1128	lVeyoNW.exe
1512	DoXWLwn.exe
3008	wDyKpFE.exe
1684	DQNgxfz.exe
1000	WoYDplW.exe
2392	PqWkCiR.exe
1540	wqIqvfS.exe
1724	iODOwtF.exe
2868	CQFqPVS.exe
756	lqMDzta.exe
1296	zUNhoZk.exe
2412	dRwDmnf.exe
2532	qVFvYOr.exe
2560	gORxzTi.exe
2456	IjNLxYn.exe
2996	vseSrKf.exe
968	UViwHTf.exe
1288	xiCmUam.exe
876	lXIpaeh.exe
1272	CGqCMfQ.exe
2324	xasbghR.exe
2332	PTSdgry.exe
1596	SetyjyY.exe
2692	lIkMJiK.exe
1108	TYZBJEw.exe
2832	xOcvHtr.exe
2732	IOOWmQi.exe
2920	qjvMORZ.exe
1068	JyhoPcC.exe
2784	uzGRqRa.exe
1140	RKAwLYK.exe
2072	SVcHSZA.exe
2108	rYeouMh.exe
2056	vnTpSmf.exe
2972	HLjgHcP.exe

Loads dropped DLL 64 IoCs

pid	Process
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2536-0-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0008000000016688-11.dat	upx
behavioral1/files/0x000700000001211b-3.dat	upx
behavioral1/files/0x000a00000001688f-9.dat	upx
behavioral1/memory/456-16-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2808-22-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2448-15-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0008000000016b85-25.dat	upx
behavioral1/memory/2860-29-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/files/0x0038000000016398-30.dat	upx
behavioral1/files/0x0007000000016cef-48.dat	upx
behavioral1/files/0x0009000000016d72-55.dat	upx
behavioral1/files/0x0007000000016caa-44.dat	upx
behavioral1/files/0x000800000001707e-65.dat	upx
behavioral1/memory/3060-69-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2724-64-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2788-62-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2808-80-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/620-76-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2708-85-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x00060000000174f7-88.dat	upx
behavioral1/files/0x000600000001756f-100.dat	upx
behavioral1/memory/1124-101-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2104-93-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2744-92-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x00060000000170da-75.dat	upx
behavioral1/files/0x0006000000017226-83.dat	upx
behavioral1/memory/2936-60-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2876-58-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2536-34-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/3060-103-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0007000000016c9f-39.dat	upx
behavioral1/memory/2744-38-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x0005000000018708-112.dat	upx
behavioral1/files/0x000500000001870a-116.dat	upx
behavioral1/files/0x0006000000018b7f-141.dat	upx
behavioral1/files/0x0006000000018bf9-156.dat	upx
behavioral1/files/0x0006000000018c33-174.dat	upx
behavioral1/files/0x0006000000019054-181.dat	upx
behavioral1/files/0x00050000000193da-194.dat	upx
behavioral1/memory/2104-518-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/1124-703-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2708-313-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x000500000001939d-191.dat	upx
behavioral1/files/0x000500000001938c-186.dat	upx
behavioral1/files/0x0006000000018c31-172.dat	upx
behavioral1/files/0x0006000000018c11-166.dat	upx
behavioral1/files/0x0006000000018c05-161.dat	upx
behavioral1/files/0x0006000000018be5-151.dat	upx
behavioral1/files/0x0006000000018bb0-146.dat	upx
behavioral1/files/0x00050000000187c0-136.dat	upx
behavioral1/files/0x00050000000187ac-131.dat	upx
behavioral1/files/0x00050000000187a7-126.dat	upx
behavioral1/files/0x000500000001871a-121.dat	upx
behavioral1/memory/620-107-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2448-3813-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/456-3828-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2808-3885-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2860-3890-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2876-3906-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2788-3903-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/3060-3926-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2708-3940-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2936-3955-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\MCpbLBb.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qIYPRpK.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQBhlxq.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyvpUOr.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsteJRZ.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qDzjkJW.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnBhwZZ.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnQAzaw.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jiAtLlY.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESOawZF.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfCCibD.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvrRSvK.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiXRThh.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzoSaJp.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPstdWh.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbgStWj.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctfFBsa.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntLAmZS.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojCaFab.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAjdhUK.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trzyeWl.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUSopfH.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQrSrSn.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQrXNrt.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kvOEcoH.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ljWsGuT.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TepQOYs.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSDYKIw.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zsuyxdh.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYPoccl.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMGZEYk.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCckgZb.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xDbRLnA.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOcvHtr.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eIWMDYP.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVwEHsU.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PyoAZJW.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMfzIIE.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kevSWyf.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYtIAXu.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZoOlOoG.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLgKRqb.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhctlNF.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYiknJJ.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOElJKv.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvdukez.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\quQWMxx.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjhlcxT.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqIYMHE.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtxYpXM.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXBgSsT.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pRrqecQ.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYdMbwQ.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISoRtna.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TluoqwC.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soWKXgC.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhVNrVX.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPTGLkf.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUbIZYE.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyztbmk.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqUTZwt.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lWfOacL.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xasbghR.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dEEYMKG.exe	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 456	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2536 wrote to memory of 456	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2536 wrote to memory of 456	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2536 wrote to memory of 2448	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2536 wrote to memory of 2448	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2536 wrote to memory of 2448	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2536 wrote to memory of 2808	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2536 wrote to memory of 2808	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2536 wrote to memory of 2808	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2536 wrote to memory of 2860	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2536 wrote to memory of 2860	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2536 wrote to memory of 2860	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2536 wrote to memory of 2744	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2536 wrote to memory of 2744	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2536 wrote to memory of 2744	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2536 wrote to memory of 2876	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2536 wrote to memory of 2876	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2536 wrote to memory of 2876	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2536 wrote to memory of 2936	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2536 wrote to memory of 2936	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2536 wrote to memory of 2936	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2536 wrote to memory of 2788	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2536 wrote to memory of 2788	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2536 wrote to memory of 2788	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2536 wrote to memory of 2724	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2536 wrote to memory of 2724	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2536 wrote to memory of 2724	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2536 wrote to memory of 3060	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2536 wrote to memory of 3060	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2536 wrote to memory of 3060	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2536 wrote to memory of 620	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2536 wrote to memory of 620	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2536 wrote to memory of 620	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2536 wrote to memory of 2708	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2536 wrote to memory of 2708	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2536 wrote to memory of 2708	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2536 wrote to memory of 2104	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2536 wrote to memory of 2104	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2536 wrote to memory of 2104	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2536 wrote to memory of 1124	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2536 wrote to memory of 1124	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2536 wrote to memory of 1124	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2536 wrote to memory of 2000	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2536 wrote to memory of 2000	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2536 wrote to memory of 2000	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2536 wrote to memory of 340	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2536 wrote to memory of 340	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2536 wrote to memory of 340	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2536 wrote to memory of 2024	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2536 wrote to memory of 2024	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2536 wrote to memory of 2024	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2536 wrote to memory of 1924	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2536 wrote to memory of 1924	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2536 wrote to memory of 1924	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2536 wrote to memory of 2700	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2536 wrote to memory of 2700	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2536 wrote to memory of 2700	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2536 wrote to memory of 1020	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2536 wrote to memory of 1020	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2536 wrote to memory of 1020	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2536 wrote to memory of 1992	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2536 wrote to memory of 1992	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2536 wrote to memory of 1992	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2536 wrote to memory of 1080	2536	2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-09-24_db1b7e9ee3f29603926de9ec1dd3e6a0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Windows\System\EkJqGma.exe
  C:\Windows\System\EkJqGma.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\ZGvHhGp.exe
  C:\Windows\System\ZGvHhGp.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\SJeYrlo.exe
  C:\Windows\System\SJeYrlo.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\RCYXUZx.exe
  C:\Windows\System\RCYXUZx.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\gQhOwWc.exe
  C:\Windows\System\gQhOwWc.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\kAgNTbY.exe
  C:\Windows\System\kAgNTbY.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\XBuMcGZ.exe
  C:\Windows\System\XBuMcGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\ZeRZMLq.exe
  C:\Windows\System\ZeRZMLq.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\ggsMXjE.exe
  C:\Windows\System\ggsMXjE.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\VEZUQEp.exe
  C:\Windows\System\VEZUQEp.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\zWgbEKw.exe
  C:\Windows\System\zWgbEKw.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\ENaBtLS.exe
  C:\Windows\System\ENaBtLS.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\IwPyudP.exe
  C:\Windows\System\IwPyudP.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\GJIMxjd.exe
  C:\Windows\System\GJIMxjd.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\XmaFLKX.exe
  C:\Windows\System\XmaFLKX.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\RpFaRIH.exe
  C:\Windows\System\RpFaRIH.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\KDPBMMi.exe
  C:\Windows\System\KDPBMMi.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\BWBfWML.exe
  C:\Windows\System\BWBfWML.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\jTXMOHd.exe
  C:\Windows\System\jTXMOHd.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\NycEIqV.exe
  C:\Windows\System\NycEIqV.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\XMXxliY.exe
  C:\Windows\System\XMXxliY.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\PKUrbEQ.exe
  C:\Windows\System\PKUrbEQ.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\PJxuEDK.exe
  C:\Windows\System\PJxuEDK.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\QuxiPsr.exe
  C:\Windows\System\QuxiPsr.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\rsLqdZn.exe
  C:\Windows\System\rsLqdZn.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\dxDDxGo.exe
  C:\Windows\System\dxDDxGo.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\XXrOAIL.exe
  C:\Windows\System\XXrOAIL.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\emKttia.exe
  C:\Windows\System\emKttia.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\RbXcfKQ.exe
  C:\Windows\System\RbXcfKQ.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\lVeyoNW.exe
  C:\Windows\System\lVeyoNW.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\DoXWLwn.exe
  C:\Windows\System\DoXWLwn.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\wDyKpFE.exe
  C:\Windows\System\wDyKpFE.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\DQNgxfz.exe
  C:\Windows\System\DQNgxfz.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\WoYDplW.exe
  C:\Windows\System\WoYDplW.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\PqWkCiR.exe
  C:\Windows\System\PqWkCiR.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\wqIqvfS.exe
  C:\Windows\System\wqIqvfS.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\iODOwtF.exe
  C:\Windows\System\iODOwtF.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\CQFqPVS.exe
  C:\Windows\System\CQFqPVS.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\lqMDzta.exe
  C:\Windows\System\lqMDzta.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\zUNhoZk.exe
  C:\Windows\System\zUNhoZk.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\dRwDmnf.exe
  C:\Windows\System\dRwDmnf.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\qVFvYOr.exe
  C:\Windows\System\qVFvYOr.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\gORxzTi.exe
  C:\Windows\System\gORxzTi.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\IjNLxYn.exe
  C:\Windows\System\IjNLxYn.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\vseSrKf.exe
  C:\Windows\System\vseSrKf.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\UViwHTf.exe
  C:\Windows\System\UViwHTf.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\xiCmUam.exe
  C:\Windows\System\xiCmUam.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\lXIpaeh.exe
  C:\Windows\System\lXIpaeh.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\CGqCMfQ.exe
  C:\Windows\System\CGqCMfQ.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\xasbghR.exe
  C:\Windows\System\xasbghR.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\PTSdgry.exe
  C:\Windows\System\PTSdgry.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\SetyjyY.exe
  C:\Windows\System\SetyjyY.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\lIkMJiK.exe
  C:\Windows\System\lIkMJiK.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\TYZBJEw.exe
  C:\Windows\System\TYZBJEw.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\xOcvHtr.exe
  C:\Windows\System\xOcvHtr.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\IOOWmQi.exe
  C:\Windows\System\IOOWmQi.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\qjvMORZ.exe
  C:\Windows\System\qjvMORZ.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\JyhoPcC.exe
  C:\Windows\System\JyhoPcC.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\uzGRqRa.exe
  C:\Windows\System\uzGRqRa.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\RKAwLYK.exe
  C:\Windows\System\RKAwLYK.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\SVcHSZA.exe
  C:\Windows\System\SVcHSZA.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\rYeouMh.exe
  C:\Windows\System\rYeouMh.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\vnTpSmf.exe
  C:\Windows\System\vnTpSmf.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\HLjgHcP.exe
  C:\Windows\System\HLjgHcP.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\uChHklP.exe
  C:\Windows\System\uChHklP.exe
  2⤵
  PID:1820
- C:\Windows\System\UTizOkg.exe
  C:\Windows\System\UTizOkg.exe
  2⤵
  PID:2500
- C:\Windows\System\IfabCIx.exe
  C:\Windows\System\IfabCIx.exe
  2⤵
  PID:1328
- C:\Windows\System\vBlnAVz.exe
  C:\Windows\System\vBlnAVz.exe
  2⤵
  PID:2932
- C:\Windows\System\gcUBxPm.exe
  C:\Windows\System\gcUBxPm.exe
  2⤵
  PID:684
- C:\Windows\System\geybkgv.exe
  C:\Windows\System\geybkgv.exe
  2⤵
  PID:1192
- C:\Windows\System\OxsuBEa.exe
  C:\Windows\System\OxsuBEa.exe
  2⤵
  PID:2388
- C:\Windows\System\cRIcMxa.exe
  C:\Windows\System\cRIcMxa.exe
  2⤵
  PID:2440
- C:\Windows\System\MCpbLBb.exe
  C:\Windows\System\MCpbLBb.exe
  2⤵
  PID:1772
- C:\Windows\System\iEyueIa.exe
  C:\Windows\System\iEyueIa.exe
  2⤵
  PID:1764
- C:\Windows\System\IuKgDyk.exe
  C:\Windows\System\IuKgDyk.exe
  2⤵
  PID:2272
- C:\Windows\System\krCOAxo.exe
  C:\Windows\System\krCOAxo.exe
  2⤵
  PID:2196
- C:\Windows\System\WheWBTg.exe
  C:\Windows\System\WheWBTg.exe
  2⤵
  PID:648
- C:\Windows\System\nhKiGOL.exe
  C:\Windows\System\nhKiGOL.exe
  2⤵
  PID:2164
- C:\Windows\System\JfMqAVO.exe
  C:\Windows\System\JfMqAVO.exe
  2⤵
  PID:1740
- C:\Windows\System\KsbhjBE.exe
  C:\Windows\System\KsbhjBE.exe
  2⤵
  PID:1356
- C:\Windows\System\VFPRnGA.exe
  C:\Windows\System\VFPRnGA.exe
  2⤵
  PID:360
- C:\Windows\System\XCBYtDM.exe
  C:\Windows\System\XCBYtDM.exe
  2⤵
  PID:1312
- C:\Windows\System\pqHTStF.exe
  C:\Windows\System\pqHTStF.exe
  2⤵
  PID:1560
- C:\Windows\System\uqgMAGa.exe
  C:\Windows\System\uqgMAGa.exe
  2⤵
  PID:776
- C:\Windows\System\UtiMovv.exe
  C:\Windows\System\UtiMovv.exe
  2⤵
  PID:572
- C:\Windows\System\CrDeWDJ.exe
  C:\Windows\System\CrDeWDJ.exe
  2⤵
  PID:2192
- C:\Windows\System\gKQnAUp.exe
  C:\Windows\System\gKQnAUp.exe
  2⤵
  PID:1400
- C:\Windows\System\JeRCeLd.exe
  C:\Windows\System\JeRCeLd.exe
  2⤵
  PID:1284
- C:\Windows\System\djNLrON.exe
  C:\Windows\System\djNLrON.exe
  2⤵
  PID:1492
- C:\Windows\System\ZoDruws.exe
  C:\Windows\System\ZoDruws.exe
  2⤵
  PID:1620
- C:\Windows\System\zOiFGLW.exe
  C:\Windows\System\zOiFGLW.exe
  2⤵
  PID:1592
- C:\Windows\System\BVHxjAz.exe
  C:\Windows\System\BVHxjAz.exe
  2⤵
  PID:2064
- C:\Windows\System\JmvQttS.exe
  C:\Windows\System\JmvQttS.exe
  2⤵
  PID:2644
- C:\Windows\System\NxtioTO.exe
  C:\Windows\System\NxtioTO.exe
  2⤵
  PID:2636
- C:\Windows\System\rlVlGpP.exe
  C:\Windows\System\rlVlGpP.exe
  2⤵
  PID:2880
- C:\Windows\System\NvgUduF.exe
  C:\Windows\System\NvgUduF.exe
  2⤵
  PID:2828
- C:\Windows\System\aHYAIJM.exe
  C:\Windows\System\aHYAIJM.exe
  2⤵
  PID:2940
- C:\Windows\System\HPfromT.exe
  C:\Windows\System\HPfromT.exe
  2⤵
  PID:2756
- C:\Windows\System\zqKbURj.exe
  C:\Windows\System\zqKbURj.exe
  2⤵
  PID:2036
- C:\Windows\System\WepJNFE.exe
  C:\Windows\System\WepJNFE.exe
  2⤵
  PID:1576
- C:\Windows\System\aOlbeAr.exe
  C:\Windows\System\aOlbeAr.exe
  2⤵
  PID:900
- C:\Windows\System\TKOZlYV.exe
  C:\Windows\System\TKOZlYV.exe
  2⤵
  PID:2424
- C:\Windows\System\OGcdfDd.exe
  C:\Windows\System\OGcdfDd.exe
  2⤵
  PID:2004
- C:\Windows\System\QhIDYXq.exe
  C:\Windows\System\QhIDYXq.exe
  2⤵
  PID:2176
- C:\Windows\System\PiKpheV.exe
  C:\Windows\System\PiKpheV.exe
  2⤵
  PID:3056
- C:\Windows\System\rmdWLkj.exe
  C:\Windows\System\rmdWLkj.exe
  2⤵
  PID:1672
- C:\Windows\System\NXxzrJV.exe
  C:\Windows\System\NXxzrJV.exe
  2⤵
  PID:2508
- C:\Windows\System\MwWUgTl.exe
  C:\Windows\System\MwWUgTl.exe
  2⤵
  PID:2976
- C:\Windows\System\fTBJBgh.exe
  C:\Windows\System\fTBJBgh.exe
  2⤵
  PID:2812
- C:\Windows\System\YUqFsGr.exe
  C:\Windows\System\YUqFsGr.exe
  2⤵
  PID:1792
- C:\Windows\System\MKbkXrU.exe
  C:\Windows\System\MKbkXrU.exe
  2⤵
  PID:1624
- C:\Windows\System\xmUFVVl.exe
  C:\Windows\System\xmUFVVl.exe
  2⤵
  PID:700
- C:\Windows\System\rxOHBDC.exe
  C:\Windows\System\rxOHBDC.exe
  2⤵
  PID:600
- C:\Windows\System\UkwXyzb.exe
  C:\Windows\System\UkwXyzb.exe
  2⤵
  PID:2540
- C:\Windows\System\qwKaeUg.exe
  C:\Windows\System\qwKaeUg.exe
  2⤵
  PID:2956
- C:\Windows\System\IsslIle.exe
  C:\Windows\System\IsslIle.exe
  2⤵
  PID:2760
- C:\Windows\System\mpZkxds.exe
  C:\Windows\System\mpZkxds.exe
  2⤵
  PID:2840
- C:\Windows\System\WPPCaOM.exe
  C:\Windows\System\WPPCaOM.exe
  2⤵
  PID:3044
- C:\Windows\System\lexQbeR.exe
  C:\Windows\System\lexQbeR.exe
  2⤵
  PID:2244
- C:\Windows\System\bNfZkCF.exe
  C:\Windows\System\bNfZkCF.exe
  2⤵
  PID:1692
- C:\Windows\System\PVeiALl.exe
  C:\Windows\System\PVeiALl.exe
  2⤵
  PID:1604
- C:\Windows\System\duwRejl.exe
  C:\Windows\System\duwRejl.exe
  2⤵
  PID:1268
- C:\Windows\System\OsPtNtc.exe
  C:\Windows\System\OsPtNtc.exe
  2⤵
  PID:2248
- C:\Windows\System\OYvYJOi.exe
  C:\Windows\System\OYvYJOi.exe
  2⤵
  PID:2952
- C:\Windows\System\gbpjnPz.exe
  C:\Windows\System\gbpjnPz.exe
  2⤵
  PID:2516
- C:\Windows\System\qwvZuSb.exe
  C:\Windows\System\qwvZuSb.exe
  2⤵
  PID:2008
- C:\Windows\System\vaMOKlH.exe
  C:\Windows\System\vaMOKlH.exe
  2⤵
  PID:1700
- C:\Windows\System\gLDXnvw.exe
  C:\Windows\System\gLDXnvw.exe
  2⤵
  PID:2556
- C:\Windows\System\msXVBSI.exe
  C:\Windows\System\msXVBSI.exe
  2⤵
  PID:3068
- C:\Windows\System\zZZKgVn.exe
  C:\Windows\System\zZZKgVn.exe
  2⤵
  PID:2888
- C:\Windows\System\iKvxXml.exe
  C:\Windows\System\iKvxXml.exe
  2⤵
  PID:2752
- C:\Windows\System\SWQYveN.exe
  C:\Windows\System\SWQYveN.exe
  2⤵
  PID:2580
- C:\Windows\System\YFASUoH.exe
  C:\Windows\System\YFASUoH.exe
  2⤵
  PID:2848
- C:\Windows\System\LqmNYuf.exe
  C:\Windows\System\LqmNYuf.exe
  2⤵
  PID:1972
- C:\Windows\System\CoxUavw.exe
  C:\Windows\System\CoxUavw.exe
  2⤵
  PID:2156
- C:\Windows\System\zcndHWQ.exe
  C:\Windows\System\zcndHWQ.exe
  2⤵
  PID:236
- C:\Windows\System\tjolGAQ.exe
  C:\Windows\System\tjolGAQ.exe
  2⤵
  PID:2964
- C:\Windows\System\LNJzGku.exe
  C:\Windows\System\LNJzGku.exe
  2⤵
  PID:2960
- C:\Windows\System\xcTkPaq.exe
  C:\Windows\System\xcTkPaq.exe
  2⤵
  PID:2716
- C:\Windows\System\GQkDntQ.exe
  C:\Windows\System\GQkDntQ.exe
  2⤵
  PID:2836
- C:\Windows\System\MXBgSsT.exe
  C:\Windows\System\MXBgSsT.exe
  2⤵
  PID:2232
- C:\Windows\System\aoCrMZR.exe
  C:\Windows\System\aoCrMZR.exe
  2⤵
  PID:2668
- C:\Windows\System\NkAKAxR.exe
  C:\Windows\System\NkAKAxR.exe
  2⤵
  PID:2312
- C:\Windows\System\OHFdiyY.exe
  C:\Windows\System\OHFdiyY.exe
  2⤵
  PID:2524
- C:\Windows\System\LKKpPAq.exe
  C:\Windows\System\LKKpPAq.exe
  2⤵
  PID:2612
- C:\Windows\System\gyxzKNU.exe
  C:\Windows\System\gyxzKNU.exe
  2⤵
  PID:3088
- C:\Windows\System\rFvPnqJ.exe
  C:\Windows\System\rFvPnqJ.exe
  2⤵
  PID:3108
- C:\Windows\System\dmexfrI.exe
  C:\Windows\System\dmexfrI.exe
  2⤵
  PID:3128
- C:\Windows\System\RMGZEYk.exe
  C:\Windows\System\RMGZEYk.exe
  2⤵
  PID:3148
- C:\Windows\System\trcStTC.exe
  C:\Windows\System\trcStTC.exe
  2⤵
  PID:3168
- C:\Windows\System\LirMgeN.exe
  C:\Windows\System\LirMgeN.exe
  2⤵
  PID:3188
- C:\Windows\System\SINsfRJ.exe
  C:\Windows\System\SINsfRJ.exe
  2⤵
  PID:3208
- C:\Windows\System\gRecJhg.exe
  C:\Windows\System\gRecJhg.exe
  2⤵
  PID:3228
- C:\Windows\System\xEbNGlC.exe
  C:\Windows\System\xEbNGlC.exe
  2⤵
  PID:3248
- C:\Windows\System\PvmSOkn.exe
  C:\Windows\System\PvmSOkn.exe
  2⤵
  PID:3268
- C:\Windows\System\NvDZEGd.exe
  C:\Windows\System\NvDZEGd.exe
  2⤵
  PID:3288
- C:\Windows\System\FPUOAjP.exe
  C:\Windows\System\FPUOAjP.exe
  2⤵
  PID:3308
- C:\Windows\System\OdEztyv.exe
  C:\Windows\System\OdEztyv.exe
  2⤵
  PID:3328
- C:\Windows\System\YWmwYDH.exe
  C:\Windows\System\YWmwYDH.exe
  2⤵
  PID:3352
- C:\Windows\System\aUeFWje.exe
  C:\Windows\System\aUeFWje.exe
  2⤵
  PID:3372
- C:\Windows\System\HOmPDkF.exe
  C:\Windows\System\HOmPDkF.exe
  2⤵
  PID:3392
- C:\Windows\System\MUSopfH.exe
  C:\Windows\System\MUSopfH.exe
  2⤵
  PID:3412
- C:\Windows\System\aAbMPTU.exe
  C:\Windows\System\aAbMPTU.exe
  2⤵
  PID:3436
- C:\Windows\System\iavMyID.exe
  C:\Windows\System\iavMyID.exe
  2⤵
  PID:3460
- C:\Windows\System\uYvRmin.exe
  C:\Windows\System\uYvRmin.exe
  2⤵
  PID:3480
- C:\Windows\System\fsWNAZR.exe
  C:\Windows\System\fsWNAZR.exe
  2⤵
  PID:3500
- C:\Windows\System\mxqPsLd.exe
  C:\Windows\System\mxqPsLd.exe
  2⤵
  PID:3520
- C:\Windows\System\IvkAVby.exe
  C:\Windows\System\IvkAVby.exe
  2⤵
  PID:3540
- C:\Windows\System\fbjccdQ.exe
  C:\Windows\System\fbjccdQ.exe
  2⤵
  PID:3560
- C:\Windows\System\cDmgQwa.exe
  C:\Windows\System\cDmgQwa.exe
  2⤵
  PID:3580
- C:\Windows\System\aNxPMeH.exe
  C:\Windows\System\aNxPMeH.exe
  2⤵
  PID:3600
- C:\Windows\System\pVRNSji.exe
  C:\Windows\System\pVRNSji.exe
  2⤵
  PID:3620
- C:\Windows\System\PsteJRZ.exe
  C:\Windows\System\PsteJRZ.exe
  2⤵
  PID:3640
- C:\Windows\System\inArpzE.exe
  C:\Windows\System\inArpzE.exe
  2⤵
  PID:3660
- C:\Windows\System\ZIGbZWg.exe
  C:\Windows\System\ZIGbZWg.exe
  2⤵
  PID:3680
- C:\Windows\System\EjoWaDs.exe
  C:\Windows\System\EjoWaDs.exe
  2⤵
  PID:3700
- C:\Windows\System\pMshfJs.exe
  C:\Windows\System\pMshfJs.exe
  2⤵
  PID:3720
- C:\Windows\System\zbUBxcM.exe
  C:\Windows\System\zbUBxcM.exe
  2⤵
  PID:3740
- C:\Windows\System\uWmquZU.exe
  C:\Windows\System\uWmquZU.exe
  2⤵
  PID:3760
- C:\Windows\System\Thywmts.exe
  C:\Windows\System\Thywmts.exe
  2⤵
  PID:3780
- C:\Windows\System\SEfqxLF.exe
  C:\Windows\System\SEfqxLF.exe
  2⤵
  PID:3800
- C:\Windows\System\rcQsaki.exe
  C:\Windows\System\rcQsaki.exe
  2⤵
  PID:3820
- C:\Windows\System\iCZlOJX.exe
  C:\Windows\System\iCZlOJX.exe
  2⤵
  PID:3840
- C:\Windows\System\eRMqnDO.exe
  C:\Windows\System\eRMqnDO.exe
  2⤵
  PID:3860
- C:\Windows\System\ZmhLiza.exe
  C:\Windows\System\ZmhLiza.exe
  2⤵
  PID:3880
- C:\Windows\System\ljWsGuT.exe
  C:\Windows\System\ljWsGuT.exe
  2⤵
  PID:3900
- C:\Windows\System\WpmTFMI.exe
  C:\Windows\System\WpmTFMI.exe
  2⤵
  PID:3920
- C:\Windows\System\eJgoCBJ.exe
  C:\Windows\System\eJgoCBJ.exe
  2⤵
  PID:3940
- C:\Windows\System\uiKAVBR.exe
  C:\Windows\System\uiKAVBR.exe
  2⤵
  PID:3960
- C:\Windows\System\OcrNCSi.exe
  C:\Windows\System\OcrNCSi.exe
  2⤵
  PID:3980
- C:\Windows\System\WEUzCCn.exe
  C:\Windows\System\WEUzCCn.exe
  2⤵
  PID:4000
- C:\Windows\System\gRIAhVr.exe
  C:\Windows\System\gRIAhVr.exe
  2⤵
  PID:4020
- C:\Windows\System\LMofubC.exe
  C:\Windows\System\LMofubC.exe
  2⤵
  PID:4040
- C:\Windows\System\yUouAtn.exe
  C:\Windows\System\yUouAtn.exe
  2⤵
  PID:4060
- C:\Windows\System\XDEhZzz.exe
  C:\Windows\System\XDEhZzz.exe
  2⤵
  PID:4080
- C:\Windows\System\TISJiYp.exe
  C:\Windows\System\TISJiYp.exe
  2⤵
  PID:2896
- C:\Windows\System\LvICoYD.exe
  C:\Windows\System\LvICoYD.exe
  2⤵
  PID:2020
- C:\Windows\System\LpZugBY.exe
  C:\Windows\System\LpZugBY.exe
  2⤵
  PID:2772
- C:\Windows\System\QXtWmPS.exe
  C:\Windows\System\QXtWmPS.exe
  2⤵
  PID:1372
- C:\Windows\System\dYfsCaG.exe
  C:\Windows\System\dYfsCaG.exe
  2⤵
  PID:3076
- C:\Windows\System\rHycxFh.exe
  C:\Windows\System\rHycxFh.exe
  2⤵
  PID:3116
- C:\Windows\System\HHMeMqc.exe
  C:\Windows\System\HHMeMqc.exe
  2⤵
  PID:3120
- C:\Windows\System\STethxo.exe
  C:\Windows\System\STethxo.exe
  2⤵
  PID:3184
- C:\Windows\System\CMRQBtE.exe
  C:\Windows\System\CMRQBtE.exe
  2⤵
  PID:3200
- C:\Windows\System\WHhsBVk.exe
  C:\Windows\System\WHhsBVk.exe
  2⤵
  PID:3256
- C:\Windows\System\raOJJCY.exe
  C:\Windows\System\raOJJCY.exe
  2⤵
  PID:3296
- C:\Windows\System\HIuvsmB.exe
  C:\Windows\System\HIuvsmB.exe
  2⤵
  PID:3324
- C:\Windows\System\dEEYMKG.exe
  C:\Windows\System\dEEYMKG.exe
  2⤵
  PID:3360
- C:\Windows\System\VbsVxUd.exe
  C:\Windows\System\VbsVxUd.exe
  2⤵
  PID:3384
- C:\Windows\System\cQawAaf.exe
  C:\Windows\System\cQawAaf.exe
  2⤵
  PID:2728
- C:\Windows\System\kevSWyf.exe
  C:\Windows\System\kevSWyf.exe
  2⤵
  PID:3428
- C:\Windows\System\FtXOnmO.exe
  C:\Windows\System\FtXOnmO.exe
  2⤵
  PID:3444
- C:\Windows\System\NzSoxLc.exe
  C:\Windows\System\NzSoxLc.exe
  2⤵
  PID:3516
- C:\Windows\System\rusWDhs.exe
  C:\Windows\System\rusWDhs.exe
  2⤵
  PID:3488
- C:\Windows\System\HJEhPWG.exe
  C:\Windows\System\HJEhPWG.exe
  2⤵
  PID:3536
- C:\Windows\System\SjWDBdQ.exe
  C:\Windows\System\SjWDBdQ.exe
  2⤵
  PID:3596
- C:\Windows\System\FGeKjhz.exe
  C:\Windows\System\FGeKjhz.exe
  2⤵
  PID:3616
- C:\Windows\System\FWdhjpI.exe
  C:\Windows\System\FWdhjpI.exe
  2⤵
  PID:3652
- C:\Windows\System\PxSNLxP.exe
  C:\Windows\System\PxSNLxP.exe
  2⤵
  PID:3708
- C:\Windows\System\fIhhSKv.exe
  C:\Windows\System\fIhhSKv.exe
  2⤵
  PID:3748
- C:\Windows\System\NUFDJUC.exe
  C:\Windows\System\NUFDJUC.exe
  2⤵
  PID:3752
- C:\Windows\System\pkxvUiY.exe
  C:\Windows\System\pkxvUiY.exe
  2⤵
  PID:3772
- C:\Windows\System\bqVTCWk.exe
  C:\Windows\System\bqVTCWk.exe
  2⤵
  PID:3828
- C:\Windows\System\miFTFiB.exe
  C:\Windows\System\miFTFiB.exe
  2⤵
  PID:3028
- C:\Windows\System\dhOHCUj.exe
  C:\Windows\System\dhOHCUj.exe
  2⤵
  PID:3852
- C:\Windows\System\tuGksfV.exe
  C:\Windows\System\tuGksfV.exe
  2⤵
  PID:3892
- C:\Windows\System\NDtXRQP.exe
  C:\Windows\System\NDtXRQP.exe
  2⤵
  PID:888
- C:\Windows\System\sABWvNm.exe
  C:\Windows\System\sABWvNm.exe
  2⤵
  PID:3952
- C:\Windows\System\NuxJjsC.exe
  C:\Windows\System\NuxJjsC.exe
  2⤵
  PID:3972
- C:\Windows\System\blVBmeG.exe
  C:\Windows\System\blVBmeG.exe
  2⤵
  PID:4016
- C:\Windows\System\eDHhULu.exe
  C:\Windows\System\eDHhULu.exe
  2⤵
  PID:4072
- C:\Windows\System\xGRSbLg.exe
  C:\Windows\System\xGRSbLg.exe
  2⤵
  PID:2884
- C:\Windows\System\dbSavGQ.exe
  C:\Windows\System\dbSavGQ.exe
  2⤵
  PID:2372
- C:\Windows\System\wKjwqMw.exe
  C:\Windows\System\wKjwqMw.exe
  2⤵
  PID:1796
- C:\Windows\System\utpGSrY.exe
  C:\Windows\System\utpGSrY.exe
  2⤵
  PID:2680
- C:\Windows\System\zRjOEct.exe
  C:\Windows\System\zRjOEct.exe
  2⤵
  PID:3124
- C:\Windows\System\iuSFrBE.exe
  C:\Windows\System\iuSFrBE.exe
  2⤵
  PID:3236
- C:\Windows\System\xlQYicZ.exe
  C:\Windows\System\xlQYicZ.exe
  2⤵
  PID:3284
- C:\Windows\System\vxEWiZA.exe
  C:\Windows\System\vxEWiZA.exe
  2⤵
  PID:3280
- C:\Windows\System\UUSqcJu.exe
  C:\Windows\System\UUSqcJu.exe
  2⤵
  PID:3340
- C:\Windows\System\guZXjbk.exe
  C:\Windows\System\guZXjbk.exe
  2⤵
  PID:2900
- C:\Windows\System\hbZRCBs.exe
  C:\Windows\System\hbZRCBs.exe
  2⤵
  PID:3448
- C:\Windows\System\BZrnQZD.exe
  C:\Windows\System\BZrnQZD.exe
  2⤵
  PID:3528
- C:\Windows\System\lJeHuKj.exe
  C:\Windows\System\lJeHuKj.exe
  2⤵
  PID:3548
- C:\Windows\System\ycaSAEZ.exe
  C:\Windows\System\ycaSAEZ.exe
  2⤵
  PID:3636
- C:\Windows\System\pRrqecQ.exe
  C:\Windows\System\pRrqecQ.exe
  2⤵
  PID:3632
- C:\Windows\System\BUIqlxu.exe
  C:\Windows\System\BUIqlxu.exe
  2⤵
  PID:3672
- C:\Windows\System\sWJRYcO.exe
  C:\Windows\System\sWJRYcO.exe
  2⤵
  PID:3732
- C:\Windows\System\NruVTnM.exe
  C:\Windows\System\NruVTnM.exe
  2⤵
  PID:2792
- C:\Windows\System\IlatYww.exe
  C:\Windows\System\IlatYww.exe
  2⤵
  PID:3812
- C:\Windows\System\xAYAQbY.exe
  C:\Windows\System\xAYAQbY.exe
  2⤵
  PID:3928
- C:\Windows\System\HqcUfFW.exe
  C:\Windows\System\HqcUfFW.exe
  2⤵
  PID:3988
- C:\Windows\System\nObblJW.exe
  C:\Windows\System\nObblJW.exe
  2⤵
  PID:4028
- C:\Windows\System\vCRqqLh.exe
  C:\Windows\System\vCRqqLh.exe
  2⤵
  PID:4036
- C:\Windows\System\tyyQSMU.exe
  C:\Windows\System\tyyQSMU.exe
  2⤵
  PID:4088
- C:\Windows\System\hPpwhGO.exe
  C:\Windows\System\hPpwhGO.exe
  2⤵
  PID:1256
- C:\Windows\System\SwfNDCh.exe
  C:\Windows\System\SwfNDCh.exe
  2⤵
  PID:3204
- C:\Windows\System\oVZBFYX.exe
  C:\Windows\System\oVZBFYX.exe
  2⤵
  PID:3224
- C:\Windows\System\coScpAk.exe
  C:\Windows\System\coScpAk.exe
  2⤵
  PID:3260
- C:\Windows\System\dUbhVjR.exe
  C:\Windows\System\dUbhVjR.exe
  2⤵
  PID:3400
- C:\Windows\System\WaxjWmt.exe
  C:\Windows\System\WaxjWmt.exe
  2⤵
  PID:3424
- C:\Windows\System\toDQgRl.exe
  C:\Windows\System\toDQgRl.exe
  2⤵
  PID:2088
- C:\Windows\System\oInFScJ.exe
  C:\Windows\System\oInFScJ.exe
  2⤵
  PID:2092
- C:\Windows\System\bysFQFO.exe
  C:\Windows\System\bysFQFO.exe
  2⤵
  PID:3676
- C:\Windows\System\ICjvbWX.exe
  C:\Windows\System\ICjvbWX.exe
  2⤵
  PID:3776
- C:\Windows\System\HDXafTx.exe
  C:\Windows\System\HDXafTx.exe
  2⤵
  PID:3848
- C:\Windows\System\GTARsQs.exe
  C:\Windows\System\GTARsQs.exe
  2⤵
  PID:3936
- C:\Windows\System\UzEJPTt.exe
  C:\Windows\System\UzEJPTt.exe
  2⤵
  PID:4052
- C:\Windows\System\rTiuiII.exe
  C:\Windows\System\rTiuiII.exe
  2⤵
  PID:304
- C:\Windows\System\tnsKdQL.exe
  C:\Windows\System\tnsKdQL.exe
  2⤵
  PID:2344
- C:\Windows\System\WfvwcAR.exe
  C:\Windows\System\WfvwcAR.exe
  2⤵
  PID:3240
- C:\Windows\System\cGEhWkD.exe
  C:\Windows\System\cGEhWkD.exe
  2⤵
  PID:3388
- C:\Windows\System\mCsNkVZ.exe
  C:\Windows\System\mCsNkVZ.exe
  2⤵
  PID:3556
- C:\Windows\System\xCvIsuQ.exe
  C:\Windows\System\xCvIsuQ.exe
  2⤵
  PID:3796
- C:\Windows\System\hglrytD.exe
  C:\Windows\System\hglrytD.exe
  2⤵
  PID:3768
- C:\Windows\System\fzHLtBh.exe
  C:\Windows\System\fzHLtBh.exe
  2⤵
  PID:3896
- C:\Windows\System\xHPJBmT.exe
  C:\Windows\System\xHPJBmT.exe
  2⤵
  PID:3996
- C:\Windows\System\CZvSMPG.exe
  C:\Windows\System\CZvSMPG.exe
  2⤵
  PID:3316
- C:\Windows\System\ZbgStWj.exe
  C:\Windows\System\ZbgStWj.exe
  2⤵
  PID:3588
- C:\Windows\System\KnclhtN.exe
  C:\Windows\System\KnclhtN.exe
  2⤵
  PID:3688
- C:\Windows\System\oCckgZb.exe
  C:\Windows\System\oCckgZb.exe
  2⤵
  PID:3496
- C:\Windows\System\ksSYmtL.exe
  C:\Windows\System\ksSYmtL.exe
  2⤵
  PID:4032
- C:\Windows\System\yErSSpi.exe
  C:\Windows\System\yErSSpi.exe
  2⤵
  PID:4112
- C:\Windows\System\nwPhDTe.exe
  C:\Windows\System\nwPhDTe.exe
  2⤵
  PID:4132
- C:\Windows\System\UXTyQQw.exe
  C:\Windows\System\UXTyQQw.exe
  2⤵
  PID:4152
- C:\Windows\System\RyAkULJ.exe
  C:\Windows\System\RyAkULJ.exe
  2⤵
  PID:4172
- C:\Windows\System\kkLufnF.exe
  C:\Windows\System\kkLufnF.exe
  2⤵
  PID:4192
- C:\Windows\System\bxZrNJa.exe
  C:\Windows\System\bxZrNJa.exe
  2⤵
  PID:4212
- C:\Windows\System\YyZLZli.exe
  C:\Windows\System\YyZLZli.exe
  2⤵
  PID:4232
- C:\Windows\System\Fdjisym.exe
  C:\Windows\System\Fdjisym.exe
  2⤵
  PID:4252
- C:\Windows\System\kLccnoG.exe
  C:\Windows\System\kLccnoG.exe
  2⤵
  PID:4272
- C:\Windows\System\XeBZQzf.exe
  C:\Windows\System\XeBZQzf.exe
  2⤵
  PID:4292
- C:\Windows\System\wutAVgv.exe
  C:\Windows\System\wutAVgv.exe
  2⤵
  PID:4312
- C:\Windows\System\Kxidrxs.exe
  C:\Windows\System\Kxidrxs.exe
  2⤵
  PID:4332
- C:\Windows\System\VACcvhT.exe
  C:\Windows\System\VACcvhT.exe
  2⤵
  PID:4356
- C:\Windows\System\AaWmsmh.exe
  C:\Windows\System\AaWmsmh.exe
  2⤵
  PID:4376
- C:\Windows\System\oyAlNJA.exe
  C:\Windows\System\oyAlNJA.exe
  2⤵
  PID:4396
- C:\Windows\System\UeRxPvM.exe
  C:\Windows\System\UeRxPvM.exe
  2⤵
  PID:4416
- C:\Windows\System\eZjzfTb.exe
  C:\Windows\System\eZjzfTb.exe
  2⤵
  PID:4436
- C:\Windows\System\bMgsayQ.exe
  C:\Windows\System\bMgsayQ.exe
  2⤵
  PID:4456
- C:\Windows\System\JFjOaQN.exe
  C:\Windows\System\JFjOaQN.exe
  2⤵
  PID:4476
- C:\Windows\System\aZQyyDH.exe
  C:\Windows\System\aZQyyDH.exe
  2⤵
  PID:4496
- C:\Windows\System\DmIBYOE.exe
  C:\Windows\System\DmIBYOE.exe
  2⤵
  PID:4516
- C:\Windows\System\jzHkLNK.exe
  C:\Windows\System\jzHkLNK.exe
  2⤵
  PID:4536
- C:\Windows\System\NjIZAHg.exe
  C:\Windows\System\NjIZAHg.exe
  2⤵
  PID:4556
- C:\Windows\System\DhvDJtD.exe
  C:\Windows\System\DhvDJtD.exe
  2⤵
  PID:4576
- C:\Windows\System\wNBXjoV.exe
  C:\Windows\System\wNBXjoV.exe
  2⤵
  PID:4596
- C:\Windows\System\nJtinoy.exe
  C:\Windows\System\nJtinoy.exe
  2⤵
  PID:4616
- C:\Windows\System\eFecsMX.exe
  C:\Windows\System\eFecsMX.exe
  2⤵
  PID:4636
- C:\Windows\System\pJVoSBn.exe
  C:\Windows\System\pJVoSBn.exe
  2⤵
  PID:4656
- C:\Windows\System\umlkfKV.exe
  C:\Windows\System\umlkfKV.exe
  2⤵
  PID:4676
- C:\Windows\System\ZpTiTrR.exe
  C:\Windows\System\ZpTiTrR.exe
  2⤵
  PID:4692
- C:\Windows\System\HKpfYkO.exe
  C:\Windows\System\HKpfYkO.exe
  2⤵
  PID:4716
- C:\Windows\System\TYGMMUf.exe
  C:\Windows\System\TYGMMUf.exe
  2⤵
  PID:4736
- C:\Windows\System\UPoSjQC.exe
  C:\Windows\System\UPoSjQC.exe
  2⤵
  PID:4756
- C:\Windows\System\VWawQfX.exe
  C:\Windows\System\VWawQfX.exe
  2⤵
  PID:4776
- C:\Windows\System\QYyhjNJ.exe
  C:\Windows\System\QYyhjNJ.exe
  2⤵
  PID:4796
- C:\Windows\System\XUSTFgZ.exe
  C:\Windows\System\XUSTFgZ.exe
  2⤵
  PID:4816
- C:\Windows\System\fSbdBXm.exe
  C:\Windows\System\fSbdBXm.exe
  2⤵
  PID:4836
- C:\Windows\System\cjDpmmz.exe
  C:\Windows\System\cjDpmmz.exe
  2⤵
  PID:4856
- C:\Windows\System\bvuLDqI.exe
  C:\Windows\System\bvuLDqI.exe
  2⤵
  PID:4876
- C:\Windows\System\qKZqEnN.exe
  C:\Windows\System\qKZqEnN.exe
  2⤵
  PID:4896
- C:\Windows\System\lTJAbMQ.exe
  C:\Windows\System\lTJAbMQ.exe
  2⤵
  PID:4916
- C:\Windows\System\NjrKQcZ.exe
  C:\Windows\System\NjrKQcZ.exe
  2⤵
  PID:4936
- C:\Windows\System\pSrnpwi.exe
  C:\Windows\System\pSrnpwi.exe
  2⤵
  PID:4956
- C:\Windows\System\gWcmEGz.exe
  C:\Windows\System\gWcmEGz.exe
  2⤵
  PID:4976
- C:\Windows\System\xZkzpGJ.exe
  C:\Windows\System\xZkzpGJ.exe
  2⤵
  PID:4996
- C:\Windows\System\txtJjMc.exe
  C:\Windows\System\txtJjMc.exe
  2⤵
  PID:5016
- C:\Windows\System\udiBFJd.exe
  C:\Windows\System\udiBFJd.exe
  2⤵
  PID:5040
- C:\Windows\System\zHkZUwd.exe
  C:\Windows\System\zHkZUwd.exe
  2⤵
  PID:5056
- C:\Windows\System\qIYPRpK.exe
  C:\Windows\System\qIYPRpK.exe
  2⤵
  PID:5072
- C:\Windows\System\HaOOxFu.exe
  C:\Windows\System\HaOOxFu.exe
  2⤵
  PID:5100
- C:\Windows\System\UZcuHLL.exe
  C:\Windows\System\UZcuHLL.exe
  2⤵
  PID:3144
- C:\Windows\System\wTIwBvs.exe
  C:\Windows\System\wTIwBvs.exe
  2⤵
  PID:2748
- C:\Windows\System\GOHRLfK.exe
  C:\Windows\System\GOHRLfK.exe
  2⤵
  PID:3380
- C:\Windows\System\PpMUPmL.exe
  C:\Windows\System\PpMUPmL.exe
  2⤵
  PID:4100
- C:\Windows\System\gJjBGTh.exe
  C:\Windows\System\gJjBGTh.exe
  2⤵
  PID:4140
- C:\Windows\System\pelRRBI.exe
  C:\Windows\System\pelRRBI.exe
  2⤵
  PID:4148
- C:\Windows\System\WqzxAQG.exe
  C:\Windows\System\WqzxAQG.exe
  2⤵
  PID:4180
- C:\Windows\System\iMlUkSF.exe
  C:\Windows\System\iMlUkSF.exe
  2⤵
  PID:4200
- C:\Windows\System\BNVoqfQ.exe
  C:\Windows\System\BNVoqfQ.exe
  2⤵
  PID:4240
- C:\Windows\System\DaEKKmp.exe
  C:\Windows\System\DaEKKmp.exe
  2⤵
  PID:4268
- C:\Windows\System\JpmPost.exe
  C:\Windows\System\JpmPost.exe
  2⤵
  PID:4284
- C:\Windows\System\CADRChe.exe
  C:\Windows\System\CADRChe.exe
  2⤵
  PID:4340
- C:\Windows\System\hphydPQ.exe
  C:\Windows\System\hphydPQ.exe
  2⤵
  PID:4328
- C:\Windows\System\usBEKrK.exe
  C:\Windows\System\usBEKrK.exe
  2⤵
  PID:4388
- C:\Windows\System\NtBirAn.exe
  C:\Windows\System\NtBirAn.exe
  2⤵
  PID:4412
- C:\Windows\System\xjyRTZC.exe
  C:\Windows\System\xjyRTZC.exe
  2⤵
  PID:4444
- C:\Windows\System\fjKWZEQ.exe
  C:\Windows\System\fjKWZEQ.exe
  2⤵
  PID:4472
- C:\Windows\System\fvfVLCM.exe
  C:\Windows\System\fvfVLCM.exe
  2⤵
  PID:4544
- C:\Windows\System\CejdoIn.exe
  C:\Windows\System\CejdoIn.exe
  2⤵
  PID:4588
- C:\Windows\System\GOdyLfL.exe
  C:\Windows\System\GOdyLfL.exe
  2⤵
  PID:4628
- C:\Windows\System\qKSHbou.exe
  C:\Windows\System\qKSHbou.exe
  2⤵
  PID:4672
- C:\Windows\System\ZBEBSop.exe
  C:\Windows\System\ZBEBSop.exe
  2⤵
  PID:4712
- C:\Windows\System\nMbDIDK.exe
  C:\Windows\System\nMbDIDK.exe
  2⤵
  PID:4724
- C:\Windows\System\QbABoSk.exe
  C:\Windows\System\QbABoSk.exe
  2⤵
  PID:4752
- C:\Windows\System\OTdpCcz.exe
  C:\Windows\System\OTdpCcz.exe
  2⤵
  PID:4784
- C:\Windows\System\ypWdZRS.exe
  C:\Windows\System\ypWdZRS.exe
  2⤵
  PID:1056
- C:\Windows\System\VYQyjAx.exe
  C:\Windows\System\VYQyjAx.exe
  2⤵
  PID:4812
- C:\Windows\System\UTTFlLl.exe
  C:\Windows\System\UTTFlLl.exe
  2⤵
  PID:2040
- C:\Windows\System\xYdMbwQ.exe
  C:\Windows\System\xYdMbwQ.exe
  2⤵
  PID:4872
- C:\Windows\System\LvvFgyn.exe
  C:\Windows\System\LvvFgyn.exe
  2⤵
  PID:1160
- C:\Windows\System\quVuwSh.exe
  C:\Windows\System\quVuwSh.exe
  2⤵
  PID:4912
- C:\Windows\System\RuvNAxP.exe
  C:\Windows\System\RuvNAxP.exe
  2⤵
  PID:4944
- C:\Windows\System\giBRbud.exe
  C:\Windows\System\giBRbud.exe
  2⤵
  PID:4948
- C:\Windows\System\gNtQeml.exe
  C:\Windows\System\gNtQeml.exe
  2⤵
  PID:2408
- C:\Windows\System\ISoRtna.exe
  C:\Windows\System\ISoRtna.exe
  2⤵
  PID:336
- C:\Windows\System\xyywVxV.exe
  C:\Windows\System\xyywVxV.exe
  2⤵
  PID:4988
- C:\Windows\System\ITXTwPQ.exe
  C:\Windows\System\ITXTwPQ.exe
  2⤵
  PID:5024
- C:\Windows\System\lrlUJbM.exe
  C:\Windows\System\lrlUJbM.exe
  2⤵
  PID:1736
- C:\Windows\System\iHHhQiu.exe
  C:\Windows\System\iHHhQiu.exe
  2⤵
  PID:2360
- C:\Windows\System\zcqlfLe.exe
  C:\Windows\System\zcqlfLe.exe
  2⤵
  PID:1824
- C:\Windows\System\uPuQCbH.exe
  C:\Windows\System\uPuQCbH.exe
  2⤵
  PID:1748
- C:\Windows\System\vUtmBbi.exe
  C:\Windows\System\vUtmBbi.exe
  2⤵
  PID:5088
- C:\Windows\System\BHQxGkd.exe
  C:\Windows\System\BHQxGkd.exe
  2⤵
  PID:3364
- C:\Windows\System\zQGlXaP.exe
  C:\Windows\System\zQGlXaP.exe
  2⤵
  PID:4108
- C:\Windows\System\eJjFJrh.exe
  C:\Windows\System\eJjFJrh.exe
  2⤵
  PID:4164
- C:\Windows\System\dEHGhAs.exe
  C:\Windows\System\dEHGhAs.exe
  2⤵
  PID:4344
- C:\Windows\System\vYkqsBa.exe
  C:\Windows\System\vYkqsBa.exe
  2⤵
  PID:4404
- C:\Windows\System\VgrxkFZ.exe
  C:\Windows\System\VgrxkFZ.exe
  2⤵
  PID:4244
- C:\Windows\System\ZaQlWQv.exe
  C:\Windows\System\ZaQlWQv.exe
  2⤵
  PID:4392
- C:\Windows\System\cEmTMTS.exe
  C:\Windows\System\cEmTMTS.exe
  2⤵
  PID:4188
- C:\Windows\System\uSneUHV.exe
  C:\Windows\System\uSneUHV.exe
  2⤵
  PID:4524
- C:\Windows\System\YEeNcuy.exe
  C:\Windows\System\YEeNcuy.exe
  2⤵
  PID:4564
- C:\Windows\System\ZkSlzXM.exe
  C:\Windows\System\ZkSlzXM.exe
  2⤵
  PID:4592
- C:\Windows\System\ctfFBsa.exe
  C:\Windows\System\ctfFBsa.exe
  2⤵
  PID:4652
- C:\Windows\System\RDMmOiO.exe
  C:\Windows\System\RDMmOiO.exe
  2⤵
  PID:4624
- C:\Windows\System\zydoWRq.exe
  C:\Windows\System\zydoWRq.exe
  2⤵
  PID:4728
- C:\Windows\System\fsplyVl.exe
  C:\Windows\System\fsplyVl.exe
  2⤵
  PID:4608
- C:\Windows\System\NuXYHgZ.exe
  C:\Windows\System\NuXYHgZ.exe
  2⤵
  PID:4852
- C:\Windows\System\Ecrpcyd.exe
  C:\Windows\System\Ecrpcyd.exe
  2⤵
  PID:4848
- C:\Windows\System\eNfeMRp.exe
  C:\Windows\System\eNfeMRp.exe
  2⤵
  PID:4932
- C:\Windows\System\iOQcOZB.exe
  C:\Windows\System\iOQcOZB.exe
  2⤵
  PID:2568
- C:\Windows\System\ChEybgb.exe
  C:\Windows\System\ChEybgb.exe
  2⤵
  PID:2916
- C:\Windows\System\BKQbkJA.exe
  C:\Windows\System\BKQbkJA.exe
  2⤵
  PID:4868
- C:\Windows\System\HzjQSBM.exe
  C:\Windows\System\HzjQSBM.exe
  2⤵
  PID:2712
- C:\Windows\System\lsOAvcQ.exe
  C:\Windows\System\lsOAvcQ.exe
  2⤵
  PID:2416
- C:\Windows\System\uTTaJQo.exe
  C:\Windows\System\uTTaJQo.exe
  2⤵
  PID:2496
- C:\Windows\System\dTODlTX.exe
  C:\Windows\System\dTODlTX.exe
  2⤵
  PID:5084
- C:\Windows\System\uFhVhHt.exe
  C:\Windows\System\uFhVhHt.exe
  2⤵
  PID:2116
- C:\Windows\System\TukRUeu.exe
  C:\Windows\System\TukRUeu.exe
  2⤵
  PID:4372
- C:\Windows\System\AHQgsnO.exe
  C:\Windows\System\AHQgsnO.exe
  2⤵
  PID:4448
- C:\Windows\System\GSVGkVQ.exe
  C:\Windows\System\GSVGkVQ.exe
  2⤵
  PID:4428
- C:\Windows\System\HwdZVYJ.exe
  C:\Windows\System\HwdZVYJ.exe
  2⤵
  PID:4700
- C:\Windows\System\IIUJUMM.exe
  C:\Windows\System\IIUJUMM.exe
  2⤵
  PID:4924
- C:\Windows\System\dDQWzLF.exe
  C:\Windows\System\dDQWzLF.exe
  2⤵
  PID:4128
- C:\Windows\System\GhjhRqr.exe
  C:\Windows\System\GhjhRqr.exe
  2⤵
  PID:4584
- C:\Windows\System\puWXaPA.exe
  C:\Windows\System\puWXaPA.exe
  2⤵
  PID:2096
- C:\Windows\System\LTwkVHN.exe
  C:\Windows\System\LTwkVHN.exe
  2⤵
  PID:4824
- C:\Windows\System\YpQewYr.exe
  C:\Windows\System\YpQewYr.exe
  2⤵
  PID:2384
- C:\Windows\System\zCvPBaD.exe
  C:\Windows\System\zCvPBaD.exe
  2⤵
  PID:2396
- C:\Windows\System\gSBqbUW.exe
  C:\Windows\System\gSBqbUW.exe
  2⤵
  PID:1904
- C:\Windows\System\VIxhvKf.exe
  C:\Windows\System\VIxhvKf.exe
  2⤵
  PID:4532
- C:\Windows\System\zvDCdpj.exe
  C:\Windows\System\zvDCdpj.exe
  2⤵
  PID:4888
- C:\Windows\System\iYOslfa.exe
  C:\Windows\System\iYOslfa.exe
  2⤵
  PID:3976
- C:\Windows\System\ereamDp.exe
  C:\Windows\System\ereamDp.exe
  2⤵
  PID:4884
- C:\Windows\System\JqmQIra.exe
  C:\Windows\System\JqmQIra.exe
  2⤵
  PID:4972
- C:\Windows\System\EyyjxJj.exe
  C:\Windows\System\EyyjxJj.exe
  2⤵
  PID:4228
- C:\Windows\System\VyGtSdO.exe
  C:\Windows\System\VyGtSdO.exe
  2⤵
  PID:2216
- C:\Windows\System\qrRUAql.exe
  C:\Windows\System\qrRUAql.exe
  2⤵
  PID:4788
- C:\Windows\System\ctpHYKO.exe
  C:\Windows\System\ctpHYKO.exe
  2⤵
  PID:5116
- C:\Windows\System\sPAVpqF.exe
  C:\Windows\System\sPAVpqF.exe
  2⤵
  PID:988
- C:\Windows\System\HvRpJQQ.exe
  C:\Windows\System\HvRpJQQ.exe
  2⤵
  PID:4772
- C:\Windows\System\LpatxwY.exe
  C:\Windows\System\LpatxwY.exe
  2⤵
  PID:4664
- C:\Windows\System\YBUvAIS.exe
  C:\Windows\System\YBUvAIS.exe
  2⤵
  PID:4904
- C:\Windows\System\DNDncnx.exe
  C:\Windows\System\DNDncnx.exe
  2⤵
  PID:4320
- C:\Windows\System\NxHHAsa.exe
  C:\Windows\System\NxHHAsa.exe
  2⤵
  PID:4704
- C:\Windows\System\djZOhKQ.exe
  C:\Windows\System\djZOhKQ.exe
  2⤵
  PID:4224
- C:\Windows\System\nPnaRvw.exe
  C:\Windows\System\nPnaRvw.exe
  2⤵
  PID:864
- C:\Windows\System\IkGKePB.exe
  C:\Windows\System\IkGKePB.exe
  2⤵
  PID:2796
- C:\Windows\System\YdlkdOz.exe
  C:\Windows\System\YdlkdOz.exe
  2⤵
  PID:5132
- C:\Windows\System\cHxaUPj.exe
  C:\Windows\System\cHxaUPj.exe
  2⤵
  PID:5152
- C:\Windows\System\RefuDBR.exe
  C:\Windows\System\RefuDBR.exe
  2⤵
  PID:5168
- C:\Windows\System\OzYWHVn.exe
  C:\Windows\System\OzYWHVn.exe
  2⤵
  PID:5184
- C:\Windows\System\gBWReHp.exe
  C:\Windows\System\gBWReHp.exe
  2⤵
  PID:5208
- C:\Windows\System\xhKQXXb.exe
  C:\Windows\System\xhKQXXb.exe
  2⤵
  PID:5228
- C:\Windows\System\puvPxuz.exe
  C:\Windows\System\puvPxuz.exe
  2⤵
  PID:5252
- C:\Windows\System\WyIoMWO.exe
  C:\Windows\System\WyIoMWO.exe
  2⤵
  PID:5268
- C:\Windows\System\JnfXjby.exe
  C:\Windows\System\JnfXjby.exe
  2⤵
  PID:5284
- C:\Windows\System\UNeqBYH.exe
  C:\Windows\System\UNeqBYH.exe
  2⤵
  PID:5300
- C:\Windows\System\DzozNHp.exe
  C:\Windows\System\DzozNHp.exe
  2⤵
  PID:5320
- C:\Windows\System\DycxIjZ.exe
  C:\Windows\System\DycxIjZ.exe
  2⤵
  PID:5348
- C:\Windows\System\lGsZbRZ.exe
  C:\Windows\System\lGsZbRZ.exe
  2⤵
  PID:5364
- C:\Windows\System\verVAdL.exe
  C:\Windows\System\verVAdL.exe
  2⤵
  PID:5384
- C:\Windows\System\NaMjnaP.exe
  C:\Windows\System\NaMjnaP.exe
  2⤵
  PID:5400
- C:\Windows\System\WkEsjUD.exe
  C:\Windows\System\WkEsjUD.exe
  2⤵
  PID:5420
- C:\Windows\System\uotXmEo.exe
  C:\Windows\System\uotXmEo.exe
  2⤵
  PID:5436
- C:\Windows\System\DmBflEY.exe
  C:\Windows\System\DmBflEY.exe
  2⤵
  PID:5488
- C:\Windows\System\VBmPXNA.exe
  C:\Windows\System\VBmPXNA.exe
  2⤵
  PID:5504
- C:\Windows\System\JtdeDFh.exe
  C:\Windows\System\JtdeDFh.exe
  2⤵
  PID:5524
- C:\Windows\System\BXsDfMv.exe
  C:\Windows\System\BXsDfMv.exe
  2⤵
  PID:5540
- C:\Windows\System\qfaBTMk.exe
  C:\Windows\System\qfaBTMk.exe
  2⤵
  PID:5564
- C:\Windows\System\ZOElJKv.exe
  C:\Windows\System\ZOElJKv.exe
  2⤵
  PID:5580
- C:\Windows\System\LalbNoU.exe
  C:\Windows\System\LalbNoU.exe
  2⤵
  PID:5596
- C:\Windows\System\VbFwnWS.exe
  C:\Windows\System\VbFwnWS.exe
  2⤵
  PID:5612
- C:\Windows\System\HSCCSyl.exe
  C:\Windows\System\HSCCSyl.exe
  2⤵
  PID:5628
- C:\Windows\System\XDAsUuE.exe
  C:\Windows\System\XDAsUuE.exe
  2⤵
  PID:5644
- C:\Windows\System\xXKVPnA.exe
  C:\Windows\System\xXKVPnA.exe
  2⤵
  PID:5660
- C:\Windows\System\RRBtQRT.exe
  C:\Windows\System\RRBtQRT.exe
  2⤵
  PID:5676
- C:\Windows\System\RUalrmD.exe
  C:\Windows\System\RUalrmD.exe
  2⤵
  PID:5692
- C:\Windows\System\BwMcopl.exe
  C:\Windows\System\BwMcopl.exe
  2⤵
  PID:5732
- C:\Windows\System\dBFAIVG.exe
  C:\Windows\System\dBFAIVG.exe
  2⤵
  PID:5748
- C:\Windows\System\BwnwMxm.exe
  C:\Windows\System\BwnwMxm.exe
  2⤵
  PID:5764
- C:\Windows\System\IPCkxcm.exe
  C:\Windows\System\IPCkxcm.exe
  2⤵
  PID:5804
- C:\Windows\System\UXItdnL.exe
  C:\Windows\System\UXItdnL.exe
  2⤵
  PID:5824
- C:\Windows\System\ftfilRH.exe
  C:\Windows\System\ftfilRH.exe
  2⤵
  PID:5840
- C:\Windows\System\twMtxuk.exe
  C:\Windows\System\twMtxuk.exe
  2⤵
  PID:5860
- C:\Windows\System\eEdGTGS.exe
  C:\Windows\System\eEdGTGS.exe
  2⤵
  PID:5876
- C:\Windows\System\nvPBwEL.exe
  C:\Windows\System\nvPBwEL.exe
  2⤵
  PID:5892
- C:\Windows\System\xiieDth.exe
  C:\Windows\System\xiieDth.exe
  2⤵
  PID:5908
- C:\Windows\System\xFnvjqi.exe
  C:\Windows\System\xFnvjqi.exe
  2⤵
  PID:5928
- C:\Windows\System\TluoqwC.exe
  C:\Windows\System\TluoqwC.exe
  2⤵
  PID:5944
- C:\Windows\System\GRTSpfv.exe
  C:\Windows\System\GRTSpfv.exe
  2⤵
  PID:5960
- C:\Windows\System\qDzjkJW.exe
  C:\Windows\System\qDzjkJW.exe
  2⤵
  PID:5976
- C:\Windows\System\pZSvosB.exe
  C:\Windows\System\pZSvosB.exe
  2⤵
  PID:5996
- C:\Windows\System\YLaePoq.exe
  C:\Windows\System\YLaePoq.exe
  2⤵
  PID:6016
- C:\Windows\System\jjFWeYh.exe
  C:\Windows\System\jjFWeYh.exe
  2⤵
  PID:6036
- C:\Windows\System\BzfPUSS.exe
  C:\Windows\System\BzfPUSS.exe
  2⤵
  PID:6056
- C:\Windows\System\nccwBqN.exe
  C:\Windows\System\nccwBqN.exe
  2⤵
  PID:6084
- C:\Windows\System\pCAhnbj.exe
  C:\Windows\System\pCAhnbj.exe
  2⤵
  PID:6104
- C:\Windows\System\VMVsaUW.exe
  C:\Windows\System\VMVsaUW.exe
  2⤵
  PID:4220
- C:\Windows\System\PRooSlg.exe
  C:\Windows\System\PRooSlg.exe
  2⤵
  PID:5128
- C:\Windows\System\fqvUmLc.exe
  C:\Windows\System\fqvUmLc.exe
  2⤵
  PID:5196
- C:\Windows\System\miRXbTT.exe
  C:\Windows\System\miRXbTT.exe
  2⤵
  PID:5240
- C:\Windows\System\eIWMDYP.exe
  C:\Windows\System\eIWMDYP.exe
  2⤵
  PID:5280
- C:\Windows\System\vAhVWoE.exe
  C:\Windows\System\vAhVWoE.exe
  2⤵
  PID:4828
- C:\Windows\System\ihcfcRL.exe
  C:\Windows\System\ihcfcRL.exe
  2⤵
  PID:5308
- C:\Windows\System\NFocytB.exe
  C:\Windows\System\NFocytB.exe
  2⤵
  PID:5396
- C:\Windows\System\ExJadyg.exe
  C:\Windows\System\ExJadyg.exe
  2⤵
  PID:5176
- C:\Windows\System\BwigJfZ.exe
  C:\Windows\System\BwigJfZ.exe
  2⤵
  PID:3420
- C:\Windows\System\IJOippV.exe
  C:\Windows\System\IJOippV.exe
  2⤵
  PID:5344
- C:\Windows\System\KTeMFbd.exe
  C:\Windows\System\KTeMFbd.exe
  2⤵
  PID:5380
- C:\Windows\System\VlGmBna.exe
  C:\Windows\System\VlGmBna.exe
  2⤵
  PID:5460
- C:\Windows\System\ymhURtc.exe
  C:\Windows\System\ymhURtc.exe
  2⤵
  PID:5476
- C:\Windows\System\kXenVOK.exe
  C:\Windows\System\kXenVOK.exe
  2⤵
  PID:5496
- C:\Windows\System\ZBRHYpL.exe
  C:\Windows\System\ZBRHYpL.exe
  2⤵
  PID:5532
- C:\Windows\System\jpfQWQP.exe
  C:\Windows\System\jpfQWQP.exe
  2⤵
  PID:5572
- C:\Windows\System\vrEPWWe.exe
  C:\Windows\System\vrEPWWe.exe
  2⤵
  PID:5640
- C:\Windows\System\mFVDrXX.exe
  C:\Windows\System\mFVDrXX.exe
  2⤵
  PID:5704
- C:\Windows\System\dWFTKpU.exe
  C:\Windows\System\dWFTKpU.exe
  2⤵
  PID:5560
- C:\Windows\System\vHgDCPd.exe
  C:\Windows\System\vHgDCPd.exe
  2⤵
  PID:5592
- C:\Windows\System\irWLeDO.exe
  C:\Windows\System\irWLeDO.exe
  2⤵
  PID:5740
- C:\Windows\System\zWwcRcs.exe
  C:\Windows\System\zWwcRcs.exe
  2⤵
  PID:5624
- C:\Windows\System\ovaVBVZ.exe
  C:\Windows\System\ovaVBVZ.exe
  2⤵
  PID:5688
- C:\Windows\System\xYIFdXJ.exe
  C:\Windows\System\xYIFdXJ.exe
  2⤵
  PID:5820
- C:\Windows\System\pAursCD.exe
  C:\Windows\System\pAursCD.exe
  2⤵
  PID:5884
- C:\Windows\System\HxCZQMH.exe
  C:\Windows\System\HxCZQMH.exe
  2⤵
  PID:5924
- C:\Windows\System\rvdukez.exe
  C:\Windows\System\rvdukez.exe
  2⤵
  PID:5988
- C:\Windows\System\RHQndvW.exe
  C:\Windows\System\RHQndvW.exe
  2⤵
  PID:6064
- C:\Windows\System\abNmddZ.exe
  C:\Windows\System\abNmddZ.exe
  2⤵
  PID:6080
- C:\Windows\System\gieFkqH.exe
  C:\Windows\System\gieFkqH.exe
  2⤵
  PID:6004
- C:\Windows\System\uGhGfqV.exe
  C:\Windows\System\uGhGfqV.exe
  2⤵
  PID:6052
- C:\Windows\System\yyUmGsV.exe
  C:\Windows\System\yyUmGsV.exe
  2⤵
  PID:5940
- C:\Windows\System\eCslzdb.exe
  C:\Windows\System\eCslzdb.exe
  2⤵
  PID:6120
- C:\Windows\System\BllFFti.exe
  C:\Windows\System\BllFFti.exe
  2⤵
  PID:5144
- C:\Windows\System\DUlmRDO.exe
  C:\Windows\System\DUlmRDO.exe
  2⤵
  PID:1988
- C:\Windows\System\TmIvGBH.exe
  C:\Windows\System\TmIvGBH.exe
  2⤵
  PID:5220
- C:\Windows\System\zJBVYVo.exe
  C:\Windows\System\zJBVYVo.exe
  2⤵
  PID:5264
- C:\Windows\System\HRRzdov.exe
  C:\Windows\System\HRRzdov.exe
  2⤵
  PID:5180
- C:\Windows\System\HgloKVv.exe
  C:\Windows\System\HgloKVv.exe
  2⤵
  PID:5140
- C:\Windows\System\aDnvYUl.exe
  C:\Windows\System\aDnvYUl.exe
  2⤵
  PID:5452
- C:\Windows\System\wfkuZVs.exe
  C:\Windows\System\wfkuZVs.exe
  2⤵
  PID:5520
- C:\Windows\System\zhSBSnu.exe
  C:\Windows\System\zhSBSnu.exe
  2⤵
  PID:5724
- C:\Windows\System\JgIDEAK.exe
  C:\Windows\System\JgIDEAK.exe
  2⤵
  PID:5516
- C:\Windows\System\BZoTnxf.exe
  C:\Windows\System\BZoTnxf.exe
  2⤵
  PID:5548
- C:\Windows\System\xzaKXXs.exe
  C:\Windows\System\xzaKXXs.exe
  2⤵
  PID:5464
- C:\Windows\System\KnWiODl.exe
  C:\Windows\System\KnWiODl.exe
  2⤵
  PID:5920
- C:\Windows\System\xJoyyfB.exe
  C:\Windows\System\xJoyyfB.exe
  2⤵
  PID:5868
- C:\Windows\System\fTDGmkF.exe
  C:\Windows\System\fTDGmkF.exe
  2⤵
  PID:5472
- C:\Windows\System\SQrSrSn.exe
  C:\Windows\System\SQrSrSn.exe
  2⤵
  PID:5832
- C:\Windows\System\pOATQSs.exe
  C:\Windows\System\pOATQSs.exe
  2⤵
  PID:6100
- C:\Windows\System\WarcUaM.exe
  C:\Windows\System\WarcUaM.exe
  2⤵
  PID:5248
- C:\Windows\System\yUeKmLk.exe
  C:\Windows\System\yUeKmLk.exe
  2⤵
  PID:6124
- C:\Windows\System\eJXDDka.exe
  C:\Windows\System\eJXDDka.exe
  2⤵
  PID:5852
- C:\Windows\System\GYtIAXu.exe
  C:\Windows\System\GYtIAXu.exe
  2⤵
  PID:4568
- C:\Windows\System\KZSiddK.exe
  C:\Windows\System\KZSiddK.exe
  2⤵
  PID:5360
- C:\Windows\System\ktXYNgy.exe
  C:\Windows\System\ktXYNgy.exe
  2⤵
  PID:5292
- C:\Windows\System\kykqJRo.exe
  C:\Windows\System\kykqJRo.exe
  2⤵
  PID:5700
- C:\Windows\System\LkudCMr.exe
  C:\Windows\System\LkudCMr.exe
  2⤵
  PID:5448
- C:\Windows\System\DQJPySg.exe
  C:\Windows\System\DQJPySg.exe
  2⤵
  PID:5376
- C:\Windows\System\lWpFcMe.exe
  C:\Windows\System\lWpFcMe.exe
  2⤵
  PID:5760
- C:\Windows\System\gVFwKYu.exe
  C:\Windows\System\gVFwKYu.exe
  2⤵
  PID:5772
- C:\Windows\System\GDgrlbt.exe
  C:\Windows\System\GDgrlbt.exe
  2⤵
  PID:5904
- C:\Windows\System\ryqaajH.exe
  C:\Windows\System\ryqaajH.exe
  2⤵
  PID:6076
- C:\Windows\System\oyWBPtY.exe
  C:\Windows\System\oyWBPtY.exe
  2⤵
  PID:6116
- C:\Windows\System\usPulZr.exe
  C:\Windows\System\usPulZr.exe
  2⤵
  PID:5656
- C:\Windows\System\IiAGrQF.exe
  C:\Windows\System\IiAGrQF.exe
  2⤵
  PID:5340
- C:\Windows\System\wsAnzlq.exe
  C:\Windows\System\wsAnzlq.exe
  2⤵
  PID:5716
- C:\Windows\System\UEswARr.exe
  C:\Windows\System\UEswARr.exe
  2⤵
  PID:5780
- C:\Windows\System\kFJuCLg.exe
  C:\Windows\System\kFJuCLg.exe
  2⤵
  PID:6136
- C:\Windows\System\vfCCibD.exe
  C:\Windows\System\vfCCibD.exe
  2⤵
  PID:6096
- C:\Windows\System\gCQVtgo.exe
  C:\Windows\System\gCQVtgo.exe
  2⤵
  PID:5792
- C:\Windows\System\ZoOlOoG.exe
  C:\Windows\System\ZoOlOoG.exe
  2⤵
  PID:5484
- C:\Windows\System\ghTyvzc.exe
  C:\Windows\System\ghTyvzc.exe
  2⤵
  PID:5164
- C:\Windows\System\CSibwBn.exe
  C:\Windows\System\CSibwBn.exe
  2⤵
  PID:5432
- C:\Windows\System\AeBmGKG.exe
  C:\Windows\System\AeBmGKG.exe
  2⤵
  PID:6028
- C:\Windows\System\GNOojfp.exe
  C:\Windows\System\GNOojfp.exe
  2⤵
  PID:6160
- C:\Windows\System\eQjCMEx.exe
  C:\Windows\System\eQjCMEx.exe
  2⤵
  PID:6208
- C:\Windows\System\zMtrNzl.exe
  C:\Windows\System\zMtrNzl.exe
  2⤵
  PID:6224
- C:\Windows\System\vwthuSG.exe
  C:\Windows\System\vwthuSG.exe
  2⤵
  PID:6240
- C:\Windows\System\yyRPVsi.exe
  C:\Windows\System\yyRPVsi.exe
  2⤵
  PID:6256
- C:\Windows\System\stQCjLD.exe
  C:\Windows\System\stQCjLD.exe
  2⤵
  PID:6280
- C:\Windows\System\LCRHMCz.exe
  C:\Windows\System\LCRHMCz.exe
  2⤵
  PID:6296
- C:\Windows\System\WqmvZji.exe
  C:\Windows\System\WqmvZji.exe
  2⤵
  PID:6312
- C:\Windows\System\aQqWZEB.exe
  C:\Windows\System\aQqWZEB.exe
  2⤵
  PID:6328
- C:\Windows\System\NwGBkcQ.exe
  C:\Windows\System\NwGBkcQ.exe
  2⤵
  PID:6344
- C:\Windows\System\upvmSVZ.exe
  C:\Windows\System\upvmSVZ.exe
  2⤵
  PID:6364
- C:\Windows\System\sSyrixz.exe
  C:\Windows\System\sSyrixz.exe
  2⤵
  PID:6384
- C:\Windows\System\tAiThJu.exe
  C:\Windows\System\tAiThJu.exe
  2⤵
  PID:6408
- C:\Windows\System\uEszuvx.exe
  C:\Windows\System\uEszuvx.exe
  2⤵
  PID:6428
- C:\Windows\System\oCsAWCE.exe
  C:\Windows\System\oCsAWCE.exe
  2⤵
  PID:6444
- C:\Windows\System\soWKXgC.exe
  C:\Windows\System\soWKXgC.exe
  2⤵
  PID:6460
- C:\Windows\System\YRNdNLg.exe
  C:\Windows\System\YRNdNLg.exe
  2⤵
  PID:6500
- C:\Windows\System\sBUDKnH.exe
  C:\Windows\System\sBUDKnH.exe
  2⤵
  PID:6520
- C:\Windows\System\oPaKGew.exe
  C:\Windows\System\oPaKGew.exe
  2⤵
  PID:6536
- C:\Windows\System\kGKIeOx.exe
  C:\Windows\System\kGKIeOx.exe
  2⤵
  PID:6552
- C:\Windows\System\pJglcUq.exe
  C:\Windows\System\pJglcUq.exe
  2⤵
  PID:6572
- C:\Windows\System\igvGosY.exe
  C:\Windows\System\igvGosY.exe
  2⤵
  PID:6588
- C:\Windows\System\YMaGuNc.exe
  C:\Windows\System\YMaGuNc.exe
  2⤵
  PID:6604
- C:\Windows\System\OEnQZsB.exe
  C:\Windows\System\OEnQZsB.exe
  2⤵
  PID:6624
- C:\Windows\System\gLQPoLL.exe
  C:\Windows\System\gLQPoLL.exe
  2⤵
  PID:6644
- C:\Windows\System\tzcYlaY.exe
  C:\Windows\System\tzcYlaY.exe
  2⤵
  PID:6664
- C:\Windows\System\vCByHXx.exe
  C:\Windows\System\vCByHXx.exe
  2⤵
  PID:6684
- C:\Windows\System\HrdAnMs.exe
  C:\Windows\System\HrdAnMs.exe
  2⤵
  PID:6704
- C:\Windows\System\eOBGhTy.exe
  C:\Windows\System\eOBGhTy.exe
  2⤵
  PID:6720
- C:\Windows\System\ygHyoSK.exe
  C:\Windows\System\ygHyoSK.exe
  2⤵
  PID:6736
- C:\Windows\System\yXxfmFT.exe
  C:\Windows\System\yXxfmFT.exe
  2⤵
  PID:6776
- C:\Windows\System\bPhZQQe.exe
  C:\Windows\System\bPhZQQe.exe
  2⤵
  PID:6792
- C:\Windows\System\krQQQYA.exe
  C:\Windows\System\krQQQYA.exe
  2⤵
  PID:6812
- C:\Windows\System\gYBouPv.exe
  C:\Windows\System\gYBouPv.exe
  2⤵
  PID:6828
- C:\Windows\System\yiZjbzc.exe
  C:\Windows\System\yiZjbzc.exe
  2⤵
  PID:6844
- C:\Windows\System\ftvtpqD.exe
  C:\Windows\System\ftvtpqD.exe
  2⤵
  PID:6864
- C:\Windows\System\IukHfXY.exe
  C:\Windows\System\IukHfXY.exe
  2⤵
  PID:6880
- C:\Windows\System\wlnEbpx.exe
  C:\Windows\System\wlnEbpx.exe
  2⤵
  PID:6896
- C:\Windows\System\sdgKUVh.exe
  C:\Windows\System\sdgKUVh.exe
  2⤵
  PID:6916
- C:\Windows\System\sEAttLe.exe
  C:\Windows\System\sEAttLe.exe
  2⤵
  PID:6940
- C:\Windows\System\ESPCWpU.exe
  C:\Windows\System\ESPCWpU.exe
  2⤵
  PID:6968
- C:\Windows\System\mDDHfgr.exe
  C:\Windows\System\mDDHfgr.exe
  2⤵
  PID:6984
- C:\Windows\System\EKmmNxW.exe
  C:\Windows\System\EKmmNxW.exe
  2⤵
  PID:7000
- C:\Windows\System\ErPDZck.exe
  C:\Windows\System\ErPDZck.exe
  2⤵
  PID:7016
- C:\Windows\System\XtLLArB.exe
  C:\Windows\System\XtLLArB.exe
  2⤵
  PID:7056
- C:\Windows\System\ZSsPkcB.exe
  C:\Windows\System\ZSsPkcB.exe
  2⤵
  PID:7076
- C:\Windows\System\cZCgpYu.exe
  C:\Windows\System\cZCgpYu.exe
  2⤵
  PID:7092
- C:\Windows\System\rLngpQS.exe
  C:\Windows\System\rLngpQS.exe
  2⤵
  PID:7108
- C:\Windows\System\ymPKakY.exe
  C:\Windows\System\ymPKakY.exe
  2⤵
  PID:7124
- C:\Windows\System\IzeWDfr.exe
  C:\Windows\System\IzeWDfr.exe
  2⤵
  PID:7144
- C:\Windows\System\jefLEFy.exe
  C:\Windows\System\jefLEFy.exe
  2⤵
  PID:7164
- C:\Windows\System\FyVFzNu.exe
  C:\Windows\System\FyVFzNu.exe
  2⤵
  PID:5608
- C:\Windows\System\czuhLQO.exe
  C:\Windows\System\czuhLQO.exe
  2⤵
  PID:5372
- C:\Windows\System\wNjqFnF.exe
  C:\Windows\System\wNjqFnF.exe
  2⤵
  PID:6184
- C:\Windows\System\VUhWebA.exe
  C:\Windows\System\VUhWebA.exe
  2⤵
  PID:5788
- C:\Windows\System\vOFyRBp.exe
  C:\Windows\System\vOFyRBp.exe
  2⤵
  PID:6168
- C:\Windows\System\dirJPZu.exe
  C:\Windows\System\dirJPZu.exe
  2⤵
  PID:6288
- C:\Windows\System\XtjuiPx.exe
  C:\Windows\System\XtjuiPx.exe
  2⤵
  PID:6356
- C:\Windows\System\qAGhgWP.exe
  C:\Windows\System\qAGhgWP.exe
  2⤵
  PID:6476
- C:\Windows\System\SPsgBCr.exe
  C:\Windows\System\SPsgBCr.exe
  2⤵
  PID:6416
- C:\Windows\System\VrxBeMS.exe
  C:\Windows\System\VrxBeMS.exe
  2⤵
  PID:6272
- C:\Windows\System\quQWMxx.exe
  C:\Windows\System\quQWMxx.exe
  2⤵
  PID:6340
- C:\Windows\System\dgqGwMb.exe
  C:\Windows\System\dgqGwMb.exe
  2⤵
  PID:6336
- C:\Windows\System\hxrYWuI.exe
  C:\Windows\System\hxrYWuI.exe
  2⤵
  PID:6636
- C:\Windows\System\LmKjGSw.exe
  C:\Windows\System\LmKjGSw.exe
  2⤵
  PID:6560
- C:\Windows\System\jQLJCsW.exe
  C:\Windows\System\jQLJCsW.exe
  2⤵
  PID:6640
- C:\Windows\System\DgiPYid.exe
  C:\Windows\System\DgiPYid.exe
  2⤵
  PID:6548
- C:\Windows\System\YUmeuqL.exe
  C:\Windows\System\YUmeuqL.exe
  2⤵
  PID:6756
- C:\Windows\System\EnBhwZZ.exe
  C:\Windows\System\EnBhwZZ.exe
  2⤵
  PID:6512
- C:\Windows\System\UwNDWGq.exe
  C:\Windows\System\UwNDWGq.exe
  2⤵
  PID:6616
- C:\Windows\System\cgOacFW.exe
  C:\Windows\System\cgOacFW.exe
  2⤵
  PID:6808
- C:\Windows\System\FOySQfs.exe
  C:\Windows\System\FOySQfs.exe
  2⤵
  PID:6904
- C:\Windows\System\MbMaJow.exe
  C:\Windows\System\MbMaJow.exe
  2⤵
  PID:6948
- C:\Windows\System\JnpIuHB.exe
  C:\Windows\System\JnpIuHB.exe
  2⤵
  PID:6964
- C:\Windows\System\TepQOYs.exe
  C:\Windows\System\TepQOYs.exe
  2⤵
  PID:7024
- C:\Windows\System\YecKJYH.exe
  C:\Windows\System\YecKJYH.exe
  2⤵
  PID:6692
- C:\Windows\System\PsWicAf.exe
  C:\Windows\System\PsWicAf.exe
  2⤵
  PID:6788
- C:\Windows\System\zlkFKbV.exe
  C:\Windows\System\zlkFKbV.exe
  2⤵
  PID:7044
- C:\Windows\System\pzuZKzH.exe
  C:\Windows\System\pzuZKzH.exe
  2⤵
  PID:6928
- C:\Windows\System\bPxPaHL.exe
  C:\Windows\System\bPxPaHL.exe
  2⤵
  PID:6824
- C:\Windows\System\QgyJbTs.exe
  C:\Windows\System\QgyJbTs.exe
  2⤵
  PID:7088
- C:\Windows\System\cyCUgzC.exe
  C:\Windows\System\cyCUgzC.exe
  2⤵
  PID:7156
- C:\Windows\System\CnQAzaw.exe
  C:\Windows\System\CnQAzaw.exe
  2⤵
  PID:6156
- C:\Windows\System\qvjUkif.exe
  C:\Windows\System\qvjUkif.exe
  2⤵
  PID:6180
- C:\Windows\System\aXEjDCh.exe
  C:\Windows\System\aXEjDCh.exe
  2⤵
  PID:6200
- C:\Windows\System\fDvKoOH.exe
  C:\Windows\System\fDvKoOH.exe
  2⤵
  PID:7140
- C:\Windows\System\XxoRTpV.exe
  C:\Windows\System\XxoRTpV.exe
  2⤵
  PID:5192
- C:\Windows\System\qnYKqOd.exe
  C:\Windows\System\qnYKqOd.exe
  2⤵
  PID:5836
- C:\Windows\System\phplnxg.exe
  C:\Windows\System\phplnxg.exe
  2⤵
  PID:6352
- C:\Windows\System\BhiyDVV.exe
  C:\Windows\System\BhiyDVV.exe
  2⤵
  PID:6264
- C:\Windows\System\wDrFAfU.exe
  C:\Windows\System\wDrFAfU.exe
  2⤵
  PID:6236
- C:\Windows\System\bnByqOw.exe
  C:\Windows\System\bnByqOw.exe
  2⤵
  PID:6268
- C:\Windows\System\kMFCtjb.exe
  C:\Windows\System\kMFCtjb.exe
  2⤵
  PID:6508
- C:\Windows\System\YWCPpun.exe
  C:\Windows\System\YWCPpun.exe
  2⤵
  PID:6600
- C:\Windows\System\clLEfab.exe
  C:\Windows\System\clLEfab.exe
  2⤵
  PID:6712
- C:\Windows\System\OtEDzwy.exe
  C:\Windows\System\OtEDzwy.exe
  2⤵
  PID:6768
- C:\Windows\System\beECSng.exe
  C:\Windows\System\beECSng.exe
  2⤵
  PID:6748
- C:\Windows\System\nsKPYwy.exe
  C:\Windows\System\nsKPYwy.exe
  2⤵
  PID:6912
- C:\Windows\System\HUNZVEw.exe
  C:\Windows\System\HUNZVEw.exe
  2⤵
  PID:7032
- C:\Windows\System\zmirObA.exe
  C:\Windows\System\zmirObA.exe
  2⤵
  PID:6892
- C:\Windows\System\uEULrSM.exe
  C:\Windows\System\uEULrSM.exe
  2⤵
  PID:6924
- C:\Windows\System\qSJcMMm.exe
  C:\Windows\System\qSJcMMm.exe
  2⤵
  PID:6820
- C:\Windows\System\jqRHenK.exe
  C:\Windows\System\jqRHenK.exe
  2⤵
  PID:7132
- C:\Windows\System\MYzjFWF.exe
  C:\Windows\System\MYzjFWF.exe
  2⤵
  PID:7064
- C:\Windows\System\KKPkvfa.exe
  C:\Windows\System\KKPkvfa.exe
  2⤵
  PID:6396
- C:\Windows\System\mgZsrNt.exe
  C:\Windows\System\mgZsrNt.exe
  2⤵
  PID:7152
- C:\Windows\System\QrVQRcj.exe
  C:\Windows\System\QrVQRcj.exe
  2⤵
  PID:7104
- C:\Windows\System\RGFJCXm.exe
  C:\Windows\System\RGFJCXm.exe
  2⤵
  PID:6204
- C:\Windows\System\PEppjaU.exe
  C:\Windows\System\PEppjaU.exe
  2⤵
  PID:6632
- C:\Windows\System\JXyuoaR.exe
  C:\Windows\System\JXyuoaR.exe
  2⤵
  PID:6372
- C:\Windows\System\BHLyZSF.exe
  C:\Windows\System\BHLyZSF.exe
  2⤵
  PID:6380
- C:\Windows\System\giEtAEI.exe
  C:\Windows\System\giEtAEI.exe
  2⤵
  PID:6764
- C:\Windows\System\TUgWXDi.exe
  C:\Windows\System\TUgWXDi.exe
  2⤵
  PID:6800
- C:\Windows\System\efpXgHx.exe
  C:\Windows\System\efpXgHx.exe
  2⤵
  PID:6960
- C:\Windows\System\BvZDrID.exe
  C:\Windows\System\BvZDrID.exe
  2⤵
  PID:7172
- C:\Windows\System\fUMmJyP.exe
  C:\Windows\System\fUMmJyP.exe
  2⤵
  PID:7192
- C:\Windows\System\JnhyjsU.exe
  C:\Windows\System\JnhyjsU.exe
  2⤵
  PID:7220
- C:\Windows\System\uuLFzNS.exe
  C:\Windows\System\uuLFzNS.exe
  2⤵
  PID:7248
- C:\Windows\System\RjjcqqK.exe
  C:\Windows\System\RjjcqqK.exe
  2⤵
  PID:7308
- C:\Windows\System\QWlKIpx.exe
  C:\Windows\System\QWlKIpx.exe
  2⤵
  PID:7324
- C:\Windows\System\JcKkkoH.exe
  C:\Windows\System\JcKkkoH.exe
  2⤵
  PID:7344
- C:\Windows\System\LEsbNga.exe
  C:\Windows\System\LEsbNga.exe
  2⤵
  PID:7360
- C:\Windows\System\OrVYRPA.exe
  C:\Windows\System\OrVYRPA.exe
  2⤵
  PID:7376
- C:\Windows\System\fqVJXgQ.exe
  C:\Windows\System\fqVJXgQ.exe
  2⤵
  PID:7396
- C:\Windows\System\WYHgSpm.exe
  C:\Windows\System\WYHgSpm.exe
  2⤵
  PID:7412
- C:\Windows\System\nBFxuXG.exe
  C:\Windows\System\nBFxuXG.exe
  2⤵
  PID:7428
- C:\Windows\System\KbHQGDG.exe
  C:\Windows\System\KbHQGDG.exe
  2⤵
  PID:7456
- C:\Windows\System\DLgKRqb.exe
  C:\Windows\System\DLgKRqb.exe
  2⤵
  PID:7476
- C:\Windows\System\IArxLzB.exe
  C:\Windows\System\IArxLzB.exe
  2⤵
  PID:7508
- C:\Windows\System\pnabkOH.exe
  C:\Windows\System\pnabkOH.exe
  2⤵
  PID:7524
- C:\Windows\System\VoiugFh.exe
  C:\Windows\System\VoiugFh.exe
  2⤵
  PID:7544
- C:\Windows\System\tNYQQNT.exe
  C:\Windows\System\tNYQQNT.exe
  2⤵
  PID:7564
- C:\Windows\System\TzsAyXB.exe
  C:\Windows\System\TzsAyXB.exe
  2⤵
  PID:7580
- C:\Windows\System\QoaKyUw.exe
  C:\Windows\System\QoaKyUw.exe
  2⤵
  PID:7596
- C:\Windows\System\EXPCxyo.exe
  C:\Windows\System\EXPCxyo.exe
  2⤵
  PID:7616
- C:\Windows\System\psxWuML.exe
  C:\Windows\System\psxWuML.exe
  2⤵
  PID:7636
- C:\Windows\System\FDwhbrK.exe
  C:\Windows\System\FDwhbrK.exe
  2⤵
  PID:7652
- C:\Windows\System\eKLbfew.exe
  C:\Windows\System\eKLbfew.exe
  2⤵
  PID:7668
- C:\Windows\System\eTuaHXL.exe
  C:\Windows\System\eTuaHXL.exe
  2⤵
  PID:7684
- C:\Windows\System\EjmktOR.exe
  C:\Windows\System\EjmktOR.exe
  2⤵
  PID:7728
- C:\Windows\System\mCyUHQl.exe
  C:\Windows\System\mCyUHQl.exe
  2⤵
  PID:7748
- C:\Windows\System\EGvRPbg.exe
  C:\Windows\System\EGvRPbg.exe
  2⤵
  PID:7764
- C:\Windows\System\ihZsbbQ.exe
  C:\Windows\System\ihZsbbQ.exe
  2⤵
  PID:7780
- C:\Windows\System\HZQAYXr.exe
  C:\Windows\System\HZQAYXr.exe
  2⤵
  PID:7800
- C:\Windows\System\CgwoalL.exe
  C:\Windows\System\CgwoalL.exe
  2⤵
  PID:7820
- C:\Windows\System\ZuTWZby.exe
  C:\Windows\System\ZuTWZby.exe
  2⤵
  PID:7836
- C:\Windows\System\NyReYwW.exe
  C:\Windows\System\NyReYwW.exe
  2⤵
  PID:7856
- C:\Windows\System\YORrSJH.exe
  C:\Windows\System\YORrSJH.exe
  2⤵
  PID:7876
- C:\Windows\System\ZJaCpoA.exe
  C:\Windows\System\ZJaCpoA.exe
  2⤵
  PID:7896
- C:\Windows\System\iLIPwvV.exe
  C:\Windows\System\iLIPwvV.exe
  2⤵
  PID:7912
- C:\Windows\System\xqDGbLU.exe
  C:\Windows\System\xqDGbLU.exe
  2⤵
  PID:7928
- C:\Windows\System\AdznOtF.exe
  C:\Windows\System\AdznOtF.exe
  2⤵
  PID:7976
- C:\Windows\System\KkKmdSh.exe
  C:\Windows\System\KkKmdSh.exe
  2⤵
  PID:7996
- C:\Windows\System\OxiRABz.exe
  C:\Windows\System\OxiRABz.exe
  2⤵
  PID:8012
- C:\Windows\System\jSDYKIw.exe
  C:\Windows\System\jSDYKIw.exe
  2⤵
  PID:8028
- C:\Windows\System\WtiePfC.exe
  C:\Windows\System\WtiePfC.exe
  2⤵
  PID:8044
- C:\Windows\System\UhctlNF.exe
  C:\Windows\System\UhctlNF.exe
  2⤵
  PID:8076
- C:\Windows\System\xJaLUNC.exe
  C:\Windows\System\xJaLUNC.exe
  2⤵
  PID:8096
- C:\Windows\System\hlbamil.exe
  C:\Windows\System\hlbamil.exe
  2⤵
  PID:8120
- C:\Windows\System\DGWFPJf.exe
  C:\Windows\System\DGWFPJf.exe
  2⤵
  PID:8136
- C:\Windows\System\OftPxMb.exe
  C:\Windows\System\OftPxMb.exe
  2⤵
  PID:8160
- C:\Windows\System\NHbRKyq.exe
  C:\Windows\System\NHbRKyq.exe
  2⤵
  PID:8176
- C:\Windows\System\NRxXNal.exe
  C:\Windows\System\NRxXNal.exe
  2⤵
  PID:6152
- C:\Windows\System\MjCTwEv.exe
  C:\Windows\System\MjCTwEv.exe
  2⤵
  PID:6732
- C:\Windows\System\eCTYTzU.exe
  C:\Windows\System\eCTYTzU.exe
  2⤵
  PID:6248
- C:\Windows\System\UxiuIGx.exe
  C:\Windows\System\UxiuIGx.exe
  2⤵
  PID:6676
- C:\Windows\System\xnDPKIw.exe
  C:\Windows\System\xnDPKIw.exe
  2⤵
  PID:6856
- C:\Windows\System\ZURZVxI.exe
  C:\Windows\System\ZURZVxI.exe
  2⤵
  PID:6324
- C:\Windows\System\LiVgdfk.exe
  C:\Windows\System\LiVgdfk.exe
  2⤵
  PID:6772
- C:\Windows\System\NMSVKPI.exe
  C:\Windows\System\NMSVKPI.exe
  2⤵
  PID:6484
- C:\Windows\System\pXQymVx.exe
  C:\Windows\System\pXQymVx.exe
  2⤵
  PID:7072
- C:\Windows\System\XhzyZBO.exe
  C:\Windows\System\XhzyZBO.exe
  2⤵
  PID:7208
- C:\Windows\System\VuFMyzR.exe
  C:\Windows\System\VuFMyzR.exe
  2⤵
  PID:7260
- C:\Windows\System\KuIHfnH.exe
  C:\Windows\System\KuIHfnH.exe
  2⤵
  PID:7280
- C:\Windows\System\xKpmsYe.exe
  C:\Windows\System\xKpmsYe.exe
  2⤵
  PID:7292
- C:\Windows\System\zgQGeBM.exe
  C:\Windows\System\zgQGeBM.exe
  2⤵
  PID:7336
- C:\Windows\System\YjbfVRy.exe
  C:\Windows\System\YjbfVRy.exe
  2⤵
  PID:5236
- C:\Windows\System\irPxxYf.exe
  C:\Windows\System\irPxxYf.exe
  2⤵
  PID:7436
- C:\Windows\System\pkJuysZ.exe
  C:\Windows\System\pkJuysZ.exe
  2⤵
  PID:7320
- C:\Windows\System\ZogqkPz.exe
  C:\Windows\System\ZogqkPz.exe
  2⤵
  PID:7464
- C:\Windows\System\gqqbPZP.exe
  C:\Windows\System\gqqbPZP.exe
  2⤵
  PID:7500
- C:\Windows\System\rVENHCR.exe
  C:\Windows\System\rVENHCR.exe
  2⤵
  PID:7504
- C:\Windows\System\yXSYsoX.exe
  C:\Windows\System\yXSYsoX.exe
  2⤵
  PID:7516
- C:\Windows\System\XuEyRXy.exe
  C:\Windows\System\XuEyRXy.exe
  2⤵
  PID:7644
- C:\Windows\System\KoZayWb.exe
  C:\Windows\System\KoZayWb.exe
  2⤵
  PID:7592
- C:\Windows\System\pqIYMHE.exe
  C:\Windows\System\pqIYMHE.exe
  2⤵
  PID:7692
- C:\Windows\System\oqLzOVi.exe
  C:\Windows\System\oqLzOVi.exe
  2⤵
  PID:7560
- C:\Windows\System\UyCNHAv.exe
  C:\Windows\System\UyCNHAv.exe
  2⤵
  PID:7744
- C:\Windows\System\kVLAxfi.exe
  C:\Windows\System\kVLAxfi.exe
  2⤵
  PID:7808
- C:\Windows\System\tswtBgA.exe
  C:\Windows\System\tswtBgA.exe
  2⤵
  PID:7724
- C:\Windows\System\Izlcuww.exe
  C:\Windows\System\Izlcuww.exe
  2⤵
  PID:7760
- C:\Windows\System\CbzYcEi.exe
  C:\Windows\System\CbzYcEi.exe
  2⤵
  PID:7832
- C:\Windows\System\BfgJdIF.exe
  C:\Windows\System\BfgJdIF.exe
  2⤵
  PID:7884
- C:\Windows\System\CiEeGIJ.exe
  C:\Windows\System\CiEeGIJ.exe
  2⤵
  PID:7924
- C:\Windows\System\oGZGmSK.exe
  C:\Windows\System\oGZGmSK.exe
  2⤵
  PID:7712
- C:\Windows\System\doyFHDa.exe
  C:\Windows\System\doyFHDa.exe
  2⤵
  PID:7868
- C:\Windows\System\XiivDPN.exe
  C:\Windows\System\XiivDPN.exe
  2⤵
  PID:7992
- C:\Windows\System\XJlvcSl.exe
  C:\Windows\System\XJlvcSl.exe
  2⤵
  PID:8064
- C:\Windows\System\cvBJzXk.exe
  C:\Windows\System\cvBJzXk.exe
  2⤵
  PID:8056
- C:\Windows\System\rlGeACn.exe
  C:\Windows\System\rlGeACn.exe
  2⤵
  PID:8104
- C:\Windows\System\WUvGmhH.exe
  C:\Windows\System\WUvGmhH.exe
  2⤵
  PID:8132
- C:\Windows\System\ScXqknL.exe
  C:\Windows\System\ScXqknL.exe
  2⤵
  PID:8168
- C:\Windows\System\iiGEeYL.exe
  C:\Windows\System\iiGEeYL.exe
  2⤵
  PID:7036
- C:\Windows\System\XJIAfXm.exe
  C:\Windows\System\XJIAfXm.exe
  2⤵
  PID:7184
- C:\Windows\System\PrsHNSs.exe
  C:\Windows\System\PrsHNSs.exe
  2⤵
  PID:7136
- C:\Windows\System\QRYHOCd.exe
  C:\Windows\System\QRYHOCd.exe
  2⤵
  PID:7120
- C:\Windows\System\CFhpmqh.exe
  C:\Windows\System\CFhpmqh.exe
  2⤵
  PID:7216
- C:\Windows\System\JDwGSUZ.exe
  C:\Windows\System\JDwGSUZ.exe
  2⤵
  PID:7232
- C:\Windows\System\FdHMrDQ.exe
  C:\Windows\System\FdHMrDQ.exe
  2⤵
  PID:7284
- C:\Windows\System\fKWnhBu.exe
  C:\Windows\System\fKWnhBu.exe
  2⤵
  PID:7452
- C:\Windows\System\qppgxWw.exe
  C:\Windows\System\qppgxWw.exe
  2⤵
  PID:7540
- C:\Windows\System\tCvXLTD.exe
  C:\Windows\System\tCvXLTD.exe
  2⤵
  PID:7488
- C:\Windows\System\oGGpOgL.exe
  C:\Windows\System\oGGpOgL.exe
  2⤵
  PID:7352
- C:\Windows\System\ehpPPkp.exe
  C:\Windows\System\ehpPPkp.exe
  2⤵
  PID:7604
- C:\Windows\System\fcepYlu.exe
  C:\Windows\System\fcepYlu.exe
  2⤵
  PID:7680
- C:\Windows\System\jOFJORK.exe
  C:\Windows\System\jOFJORK.exe
  2⤵
  PID:7844
- C:\Windows\System\GIsIbVI.exe
  C:\Windows\System\GIsIbVI.exe
  2⤵
  PID:7776
- C:\Windows\System\oNZINWx.exe
  C:\Windows\System\oNZINWx.exe
  2⤵
  PID:7664
- C:\Windows\System\oEGnSCA.exe
  C:\Windows\System\oEGnSCA.exe
  2⤵
  PID:7720
- C:\Windows\System\tvUpeLb.exe
  C:\Windows\System\tvUpeLb.exe
  2⤵
  PID:7756
- C:\Windows\System\WJOBMfA.exe
  C:\Windows\System\WJOBMfA.exe
  2⤵
  PID:7968
- C:\Windows\System\aWvBcMY.exe
  C:\Windows\System\aWvBcMY.exe
  2⤵
  PID:7988
- C:\Windows\System\qCqPqJK.exe
  C:\Windows\System\qCqPqJK.exe
  2⤵
  PID:7796
- C:\Windows\System\tDeLOwR.exe
  C:\Windows\System\tDeLOwR.exe
  2⤵
  PID:8108
- C:\Windows\System\sYzWzsA.exe
  C:\Windows\System\sYzWzsA.exe
  2⤵
  PID:8156
- C:\Windows\System\AZaEoty.exe
  C:\Windows\System\AZaEoty.exe
  2⤵
  PID:6436
- C:\Windows\System\dBXZSdG.exe
  C:\Windows\System\dBXZSdG.exe
  2⤵
  PID:6752
- C:\Windows\System\AyfUMcV.exe
  C:\Windows\System\AyfUMcV.exe
  2⤵
  PID:7256
- C:\Windows\System\jiAtLlY.exe
  C:\Windows\System\jiAtLlY.exe
  2⤵
  PID:5984
- C:\Windows\System\xstWcvA.exe
  C:\Windows\System\xstWcvA.exe
  2⤵
  PID:7188
- C:\Windows\System\PuVZgMG.exe
  C:\Windows\System\PuVZgMG.exe
  2⤵
  PID:7472
- C:\Windows\System\oDVbtGE.exe
  C:\Windows\System\oDVbtGE.exe
  2⤵
  PID:7384
- C:\Windows\System\krnqOPv.exe
  C:\Windows\System\krnqOPv.exe
  2⤵
  PID:7572
- C:\Windows\System\RIqedOo.exe
  C:\Windows\System\RIqedOo.exe
  2⤵
  PID:7772
- C:\Windows\System\sCIRJan.exe
  C:\Windows\System\sCIRJan.exe
  2⤵
  PID:7956
- C:\Windows\System\IaOZCGU.exe
  C:\Windows\System\IaOZCGU.exe
  2⤵
  PID:7940
- C:\Windows\System\hLpWMdu.exe
  C:\Windows\System\hLpWMdu.exe
  2⤵
  PID:8072
- C:\Windows\System\aZnWKDz.exe
  C:\Windows\System\aZnWKDz.exe
  2⤵
  PID:7100
- C:\Windows\System\NezVHNt.exe
  C:\Windows\System\NezVHNt.exe
  2⤵
  PID:8008
- C:\Windows\System\cxKjUDg.exe
  C:\Windows\System\cxKjUDg.exe
  2⤵
  PID:7372
- C:\Windows\System\oLyrVfx.exe
  C:\Windows\System\oLyrVfx.exe
  2⤵
  PID:7612
- C:\Windows\System\AicShmh.exe
  C:\Windows\System\AicShmh.exe
  2⤵
  PID:7984
- C:\Windows\System\HkUSJOf.exe
  C:\Windows\System\HkUSJOf.exe
  2⤵
  PID:7424
- C:\Windows\System\KMpXSWi.exe
  C:\Windows\System\KMpXSWi.exe
  2⤵
  PID:7304
- C:\Windows\System\hYmwTEH.exe
  C:\Windows\System\hYmwTEH.exe
  2⤵
  PID:7696
- C:\Windows\System\hhGQMda.exe
  C:\Windows\System\hhGQMda.exe
  2⤵
  PID:8128
- C:\Windows\System\ZktCExa.exe
  C:\Windows\System\ZktCExa.exe
  2⤵
  PID:7240
- C:\Windows\System\rJRCnhT.exe
  C:\Windows\System\rJRCnhT.exe
  2⤵
  PID:7556
- C:\Windows\System\WUipqHJ.exe
  C:\Windows\System\WUipqHJ.exe
  2⤵
  PID:8088
- C:\Windows\System\MfWdPLy.exe
  C:\Windows\System\MfWdPLy.exe
  2⤵
  PID:7908
- C:\Windows\System\vcAvDvA.exe
  C:\Windows\System\vcAvDvA.exe
  2⤵
  PID:8152
- C:\Windows\System\JDsakUl.exe
  C:\Windows\System\JDsakUl.exe
  2⤵
  PID:6528
- C:\Windows\System\oBeUkGb.exe
  C:\Windows\System\oBeUkGb.exe
  2⤵
  PID:7532
- C:\Windows\System\VxnEOsm.exe
  C:\Windows\System\VxnEOsm.exe
  2⤵
  PID:8196
- C:\Windows\System\FJnNDFQ.exe
  C:\Windows\System\FJnNDFQ.exe
  2⤵
  PID:8216
- C:\Windows\System\jTYOroi.exe
  C:\Windows\System\jTYOroi.exe
  2⤵
  PID:8236
- C:\Windows\System\BTerqkw.exe
  C:\Windows\System\BTerqkw.exe
  2⤵
  PID:8256
- C:\Windows\System\oYAIvUc.exe
  C:\Windows\System\oYAIvUc.exe
  2⤵
  PID:8276
- C:\Windows\System\RgbSMzI.exe
  C:\Windows\System\RgbSMzI.exe
  2⤵
  PID:8296
- C:\Windows\System\RndAAtf.exe
  C:\Windows\System\RndAAtf.exe
  2⤵
  PID:8320
- C:\Windows\System\RgLiJTK.exe
  C:\Windows\System\RgLiJTK.exe
  2⤵
  PID:8336
- C:\Windows\System\WzHqAzF.exe
  C:\Windows\System\WzHqAzF.exe
  2⤵
  PID:8364
- C:\Windows\System\QUUePTv.exe
  C:\Windows\System\QUUePTv.exe
  2⤵
  PID:8380
- C:\Windows\System\TKWKRlv.exe
  C:\Windows\System\TKWKRlv.exe
  2⤵
  PID:8400
- C:\Windows\System\ziAhHCG.exe
  C:\Windows\System\ziAhHCG.exe
  2⤵
  PID:8420
- C:\Windows\System\HMydYZK.exe
  C:\Windows\System\HMydYZK.exe
  2⤵
  PID:8444
- C:\Windows\System\gRYTCmc.exe
  C:\Windows\System\gRYTCmc.exe
  2⤵
  PID:8464
- C:\Windows\System\ptryPAS.exe
  C:\Windows\System\ptryPAS.exe
  2⤵
  PID:8480
- C:\Windows\System\GIgKjQP.exe
  C:\Windows\System\GIgKjQP.exe
  2⤵
  PID:8508
- C:\Windows\System\cClPTIF.exe
  C:\Windows\System\cClPTIF.exe
  2⤵
  PID:8532
- C:\Windows\System\WOhdXVo.exe
  C:\Windows\System\WOhdXVo.exe
  2⤵
  PID:8556
- C:\Windows\System\lsgHcPz.exe
  C:\Windows\System\lsgHcPz.exe
  2⤵
  PID:8572
- C:\Windows\System\XvivOYs.exe
  C:\Windows\System\XvivOYs.exe
  2⤵
  PID:8588
- C:\Windows\System\MIEdqkP.exe
  C:\Windows\System\MIEdqkP.exe
  2⤵
  PID:8604
- C:\Windows\System\wuHyVOb.exe
  C:\Windows\System\wuHyVOb.exe
  2⤵
  PID:8636
- C:\Windows\System\CiehJQs.exe
  C:\Windows\System\CiehJQs.exe
  2⤵
  PID:8656
- C:\Windows\System\CBpAsxv.exe
  C:\Windows\System\CBpAsxv.exe
  2⤵
  PID:8676
- C:\Windows\System\xDbRLnA.exe
  C:\Windows\System\xDbRLnA.exe
  2⤵
  PID:8692
- C:\Windows\System\VElbyZm.exe
  C:\Windows\System\VElbyZm.exe
  2⤵
  PID:8708
- C:\Windows\System\MKdTtvk.exe
  C:\Windows\System\MKdTtvk.exe
  2⤵
  PID:8736
- C:\Windows\System\RNHdMkm.exe
  C:\Windows\System\RNHdMkm.exe
  2⤵
  PID:8752
- C:\Windows\System\EHOvRQk.exe
  C:\Windows\System\EHOvRQk.exe
  2⤵
  PID:8772
- C:\Windows\System\qmIyfxQ.exe
  C:\Windows\System\qmIyfxQ.exe
  2⤵
  PID:8788
- C:\Windows\System\wvrRSvK.exe
  C:\Windows\System\wvrRSvK.exe
  2⤵
  PID:8804
- C:\Windows\System\xFeFfzA.exe
  C:\Windows\System\xFeFfzA.exe
  2⤵
  PID:8820
- C:\Windows\System\rLAgiNd.exe
  C:\Windows\System\rLAgiNd.exe
  2⤵
  PID:8836
- C:\Windows\System\zcfWQca.exe
  C:\Windows\System\zcfWQca.exe
  2⤵
  PID:8852
- C:\Windows\System\xqxNsYz.exe
  C:\Windows\System\xqxNsYz.exe
  2⤵
  PID:8872
- C:\Windows\System\yfykGEE.exe
  C:\Windows\System\yfykGEE.exe
  2⤵
  PID:8892
- C:\Windows\System\FarDlJf.exe
  C:\Windows\System\FarDlJf.exe
  2⤵
  PID:8920
- C:\Windows\System\fgovmtA.exe
  C:\Windows\System\fgovmtA.exe
  2⤵
  PID:8944
- C:\Windows\System\sDUQxDa.exe
  C:\Windows\System\sDUQxDa.exe
  2⤵
  PID:8960
- C:\Windows\System\CesCCoG.exe
  C:\Windows\System\CesCCoG.exe
  2⤵
  PID:8984
- C:\Windows\System\mVwEHsU.exe
  C:\Windows\System\mVwEHsU.exe
  2⤵
  PID:9008
- C:\Windows\System\ECIcbsu.exe
  C:\Windows\System\ECIcbsu.exe
  2⤵
  PID:9036
- C:\Windows\System\gtcZUfR.exe
  C:\Windows\System\gtcZUfR.exe
  2⤵
  PID:9056
- C:\Windows\System\pCWGIaW.exe
  C:\Windows\System\pCWGIaW.exe
  2⤵
  PID:9072
- C:\Windows\System\fKQLvbE.exe
  C:\Windows\System\fKQLvbE.exe
  2⤵
  PID:9088
- C:\Windows\System\BoELJpG.exe
  C:\Windows\System\BoELJpG.exe
  2⤵
  PID:9108
- C:\Windows\System\AAhKlud.exe
  C:\Windows\System\AAhKlud.exe
  2⤵
  PID:9124
- C:\Windows\System\uriVGUL.exe
  C:\Windows\System\uriVGUL.exe
  2⤵
  PID:9140
- C:\Windows\System\BiengHD.exe
  C:\Windows\System\BiengHD.exe
  2⤵
  PID:9164
- C:\Windows\System\pndlxBA.exe
  C:\Windows\System\pndlxBA.exe
  2⤵
  PID:9180
- C:\Windows\System\eSjQSGM.exe
  C:\Windows\System\eSjQSGM.exe
  2⤵
  PID:9204
- C:\Windows\System\YsdYWbv.exe
  C:\Windows\System\YsdYWbv.exe
  2⤵
  PID:7008
- C:\Windows\System\bwLkSyZ.exe
  C:\Windows\System\bwLkSyZ.exe
  2⤵
  PID:8248
- C:\Windows\System\irlnrof.exe
  C:\Windows\System\irlnrof.exe
  2⤵
  PID:8284
- C:\Windows\System\ytavRtz.exe
  C:\Windows\System\ytavRtz.exe
  2⤵
  PID:7300
- C:\Windows\System\bFQtyHP.exe
  C:\Windows\System\bFQtyHP.exe
  2⤵
  PID:8268
- C:\Windows\System\ROItLsT.exe
  C:\Windows\System\ROItLsT.exe
  2⤵
  PID:8304
- C:\Windows\System\VGaTyVs.exe
  C:\Windows\System\VGaTyVs.exe
  2⤵
  PID:8312
- C:\Windows\System\NTRiMhJ.exe
  C:\Windows\System\NTRiMhJ.exe
  2⤵
  PID:8388
- C:\Windows\System\tOjHnsy.exe
  C:\Windows\System\tOjHnsy.exe
  2⤵
  PID:8428
- C:\Windows\System\BPiWxTy.exe
  C:\Windows\System\BPiWxTy.exe
  2⤵
  PID:8432
- C:\Windows\System\IxPezXD.exe
  C:\Windows\System\IxPezXD.exe
  2⤵
  PID:8492
- C:\Windows\System\uqjivzu.exe
  C:\Windows\System\uqjivzu.exe
  2⤵
  PID:8540
- C:\Windows\System\esTYvCJ.exe
  C:\Windows\System\esTYvCJ.exe
  2⤵
  PID:8580
- C:\Windows\System\ivmVhLq.exe
  C:\Windows\System\ivmVhLq.exe
  2⤵
  PID:8600
- C:\Windows\System\dDKVCpT.exe
  C:\Windows\System\dDKVCpT.exe
  2⤵
  PID:8632
- C:\Windows\System\aeRApof.exe
  C:\Windows\System\aeRApof.exe
  2⤵
  PID:8664
- C:\Windows\System\BMxwHDF.exe
  C:\Windows\System\BMxwHDF.exe
  2⤵
  PID:8688
- C:\Windows\System\vhbTcUI.exe
  C:\Windows\System\vhbTcUI.exe
  2⤵
  PID:8732
- C:\Windows\System\TRLjCye.exe
  C:\Windows\System\TRLjCye.exe
  2⤵
  PID:8796
- C:\Windows\System\FAwVaRj.exe
  C:\Windows\System\FAwVaRj.exe
  2⤵
  PID:8812
- C:\Windows\System\dVOZmpP.exe
  C:\Windows\System\dVOZmpP.exe
  2⤵
  PID:8848
- C:\Windows\System\NPPsdKL.exe
  C:\Windows\System\NPPsdKL.exe
  2⤵
  PID:8932
- C:\Windows\System\wDzddeo.exe
  C:\Windows\System\wDzddeo.exe
  2⤵
  PID:8976
- C:\Windows\System\guMOeFI.exe
  C:\Windows\System\guMOeFI.exe
  2⤵
  PID:9032
- C:\Windows\System\sZJTuOb.exe
  C:\Windows\System\sZJTuOb.exe
  2⤵
  PID:8868
- C:\Windows\System\pUjMgEr.exe
  C:\Windows\System\pUjMgEr.exe
  2⤵
  PID:9064
- C:\Windows\System\YzsltOx.exe
  C:\Windows\System\YzsltOx.exe
  2⤵
  PID:9132
- C:\Windows\System\UFPOsIV.exe
  C:\Windows\System\UFPOsIV.exe
  2⤵
  PID:8956
- C:\Windows\System\CojhlIH.exe
  C:\Windows\System\CojhlIH.exe
  2⤵
  PID:9000
- C:\Windows\System\vHPuBoM.exe
  C:\Windows\System\vHPuBoM.exe
  2⤵
  PID:9148
- C:\Windows\System\KrSeRDN.exe
  C:\Windows\System\KrSeRDN.exe
  2⤵
  PID:9048
- C:\Windows\System\qUWUZyy.exe
  C:\Windows\System\qUWUZyy.exe
  2⤵
  PID:7792
- C:\Windows\System\UfGoCUb.exe
  C:\Windows\System\UfGoCUb.exe
  2⤵
  PID:8208
- C:\Windows\System\OqUTZwt.exe
  C:\Windows\System\OqUTZwt.exe
  2⤵
  PID:7964
- C:\Windows\System\AnQEFzW.exe
  C:\Windows\System\AnQEFzW.exe
  2⤵
  PID:8348
- C:\Windows\System\zsuyxdh.exe
  C:\Windows\System\zsuyxdh.exe
  2⤵
  PID:8328
- C:\Windows\System\hcTzEnQ.exe
  C:\Windows\System\hcTzEnQ.exe
  2⤵
  PID:8412
- C:\Windows\System\jLKJsiO.exe
  C:\Windows\System\jLKJsiO.exe
  2⤵
  PID:8472
- C:\Windows\System\qdWKnpa.exe
  C:\Windows\System\qdWKnpa.exe
  2⤵
  PID:8360
- C:\Windows\System\zSwZMpm.exe
  C:\Windows\System\zSwZMpm.exe
  2⤵
  PID:8528
- C:\Windows\System\NYGAiaC.exe
  C:\Windows\System\NYGAiaC.exe
  2⤵
  PID:8612
- C:\Windows\System\utiqaMb.exe
  C:\Windows\System\utiqaMb.exe
  2⤵
  PID:8620
- C:\Windows\System\yjMenlB.exe
  C:\Windows\System\yjMenlB.exe
  2⤵
  PID:8684
- C:\Windows\System\aYiknJJ.exe
  C:\Windows\System\aYiknJJ.exe
  2⤵
  PID:8212
- C:\Windows\System\pnRhhAA.exe
  C:\Windows\System\pnRhhAA.exe
  2⤵
  PID:8844
- C:\Windows\System\DCCeumc.exe
  C:\Windows\System\DCCeumc.exe
  2⤵
  PID:8972
- C:\Windows\System\cnUnwNU.exe
  C:\Windows\System\cnUnwNU.exe
  2⤵
  PID:9020
- C:\Windows\System\ntLAmZS.exe
  C:\Windows\System\ntLAmZS.exe
  2⤵
  PID:8928
- C:\Windows\System\YXlfqja.exe
  C:\Windows\System\YXlfqja.exe
  2⤵
  PID:8908
- C:\Windows\System\vHDuWWN.exe
  C:\Windows\System\vHDuWWN.exe
  2⤵
  PID:8992
- C:\Windows\System\eejVaSP.exe
  C:\Windows\System\eejVaSP.exe
  2⤵
  PID:9052
- C:\Windows\System\LImDtNd.exe
  C:\Windows\System\LImDtNd.exe
  2⤵
  PID:9212
- C:\Windows\System\ncKspFn.exe
  C:\Windows\System\ncKspFn.exe
  2⤵
  PID:9160
- C:\Windows\System\nnYFLzk.exe
  C:\Windows\System\nnYFLzk.exe
  2⤵
  PID:8252
- C:\Windows\System\aHEqPCt.exe
  C:\Windows\System\aHEqPCt.exe
  2⤵
  PID:8232
- C:\Windows\System\yDCrrGi.exe
  C:\Windows\System\yDCrrGi.exe
  2⤵
  PID:8408
- C:\Windows\System\haJUrTr.exe
  C:\Windows\System\haJUrTr.exe
  2⤵
  PID:8524
- C:\Windows\System\qcUkFRk.exe
  C:\Windows\System\qcUkFRk.exe
  2⤵
  PID:8768
- C:\Windows\System\XOaeztF.exe
  C:\Windows\System\XOaeztF.exe
  2⤵
  PID:8720
- C:\Windows\System\kDJtptp.exe
  C:\Windows\System\kDJtptp.exe
  2⤵
  PID:8904
- C:\Windows\System\iiHYfIC.exe
  C:\Windows\System\iiHYfIC.exe
  2⤵
  PID:9120
- C:\Windows\System\RQannht.exe
  C:\Windows\System\RQannht.exe
  2⤵
  PID:9084
- C:\Windows\System\YGhLEII.exe
  C:\Windows\System\YGhLEII.exe
  2⤵
  PID:8332
- C:\Windows\System\bROKnyp.exe
  C:\Windows\System\bROKnyp.exe
  2⤵
  PID:9080
- C:\Windows\System\IChwpuz.exe
  C:\Windows\System\IChwpuz.exe
  2⤵
  PID:9172
- C:\Windows\System\UVRuZCN.exe
  C:\Windows\System\UVRuZCN.exe
  2⤵
  PID:8392
- C:\Windows\System\SpmXgoa.exe
  C:\Windows\System\SpmXgoa.exe
  2⤵
  PID:8460
- C:\Windows\System\DUMkRTX.exe
  C:\Windows\System\DUMkRTX.exe
  2⤵
  PID:9024
- C:\Windows\System\jWhiQLl.exe
  C:\Windows\System\jWhiQLl.exe
  2⤵
  PID:8800
- C:\Windows\System\ipLcnzK.exe
  C:\Windows\System\ipLcnzK.exe
  2⤵
  PID:7288
- C:\Windows\System\QxOtdFw.exe
  C:\Windows\System\QxOtdFw.exe
  2⤵
  PID:8780
- C:\Windows\System\JkjWlaz.exe
  C:\Windows\System\JkjWlaz.exe
  2⤵
  PID:8440
- C:\Windows\System\sZMnyMq.exe
  C:\Windows\System\sZMnyMq.exe
  2⤵
  PID:8584
- C:\Windows\System\ECObPxd.exe
  C:\Windows\System\ECObPxd.exe
  2⤵
  PID:9028
- C:\Windows\System\bqkajMX.exe
  C:\Windows\System\bqkajMX.exe
  2⤵
  PID:8728
- C:\Windows\System\utCLXxO.exe
  C:\Windows\System\utCLXxO.exe
  2⤵
  PID:8112
- C:\Windows\System\OyvQikf.exe
  C:\Windows\System\OyvQikf.exe
  2⤵
  PID:8548
- C:\Windows\System\OmegVuQ.exe
  C:\Windows\System\OmegVuQ.exe
  2⤵
  PID:9196
- C:\Windows\System\GXGbjAI.exe
  C:\Windows\System\GXGbjAI.exe
  2⤵
  PID:9224
- C:\Windows\System\DZsrztI.exe
  C:\Windows\System\DZsrztI.exe
  2⤵
  PID:9248
- C:\Windows\System\sKRuHaR.exe
  C:\Windows\System\sKRuHaR.exe
  2⤵
  PID:9280
- C:\Windows\System\ktdqhyk.exe
  C:\Windows\System\ktdqhyk.exe
  2⤵
  PID:9296
- C:\Windows\System\ExabMSp.exe
  C:\Windows\System\ExabMSp.exe
  2⤵
  PID:9316
- C:\Windows\System\UKAwChp.exe
  C:\Windows\System\UKAwChp.exe
  2⤵
  PID:9332
- C:\Windows\System\utMdGYi.exe
  C:\Windows\System\utMdGYi.exe
  2⤵
  PID:9348
- C:\Windows\System\vjPboxb.exe
  C:\Windows\System\vjPboxb.exe
  2⤵
  PID:9364
- C:\Windows\System\OCXmxkk.exe
  C:\Windows\System\OCXmxkk.exe
  2⤵
  PID:9380
- C:\Windows\System\vgxKbum.exe
  C:\Windows\System\vgxKbum.exe
  2⤵
  PID:9396
- C:\Windows\System\kNryvBU.exe
  C:\Windows\System\kNryvBU.exe
  2⤵
  PID:9412
- C:\Windows\System\tMfzIIE.exe
  C:\Windows\System\tMfzIIE.exe
  2⤵
  PID:9428
- C:\Windows\System\dMsEYCq.exe
  C:\Windows\System\dMsEYCq.exe
  2⤵
  PID:9444
- C:\Windows\System\KbYgjXa.exe
  C:\Windows\System\KbYgjXa.exe
  2⤵
  PID:9460
- C:\Windows\System\QPBwSoX.exe
  C:\Windows\System\QPBwSoX.exe
  2⤵
  PID:9476
- C:\Windows\System\aNNehFR.exe
  C:\Windows\System\aNNehFR.exe
  2⤵
  PID:9492
- C:\Windows\System\RaoJJfp.exe
  C:\Windows\System\RaoJJfp.exe
  2⤵
  PID:9508
- C:\Windows\System\RKLOiHt.exe
  C:\Windows\System\RKLOiHt.exe
  2⤵
  PID:9524
- C:\Windows\System\mobGAnh.exe
  C:\Windows\System\mobGAnh.exe
  2⤵
  PID:9540
- C:\Windows\System\tLwFxlD.exe
  C:\Windows\System\tLwFxlD.exe
  2⤵
  PID:9556
- C:\Windows\System\FyHPUOO.exe
  C:\Windows\System\FyHPUOO.exe
  2⤵
  PID:9572
- C:\Windows\System\XnexCkk.exe
  C:\Windows\System\XnexCkk.exe
  2⤵
  PID:9592
- C:\Windows\System\GOHLNex.exe
  C:\Windows\System\GOHLNex.exe
  2⤵
  PID:9608
- C:\Windows\System\VohnQXy.exe
  C:\Windows\System\VohnQXy.exe
  2⤵
  PID:9624
- C:\Windows\System\LznoUYT.exe
  C:\Windows\System\LznoUYT.exe
  2⤵
  PID:9652
- C:\Windows\System\DAuADNN.exe
  C:\Windows\System\DAuADNN.exe
  2⤵
  PID:9692
- C:\Windows\System\UHysyol.exe
  C:\Windows\System\UHysyol.exe
  2⤵
  PID:9712
- C:\Windows\System\mqRFFoT.exe
  C:\Windows\System\mqRFFoT.exe
  2⤵
  PID:9736
- C:\Windows\System\crLCmjT.exe
  C:\Windows\System\crLCmjT.exe
  2⤵
  PID:9752
- C:\Windows\System\AOFgXjl.exe
  C:\Windows\System\AOFgXjl.exe
  2⤵
  PID:9772
- C:\Windows\System\gNGxImU.exe
  C:\Windows\System\gNGxImU.exe
  2⤵
  PID:9788
- C:\Windows\System\DVYWPea.exe
  C:\Windows\System\DVYWPea.exe
  2⤵
  PID:9812
- C:\Windows\System\EHKKpWx.exe
  C:\Windows\System\EHKKpWx.exe
  2⤵
  PID:9836
- C:\Windows\System\WmjqoiC.exe
  C:\Windows\System\WmjqoiC.exe
  2⤵
  PID:9856
- C:\Windows\System\ZMVwtQL.exe
  C:\Windows\System\ZMVwtQL.exe
  2⤵
  PID:9884
- C:\Windows\System\vmuBWQE.exe
  C:\Windows\System\vmuBWQE.exe
  2⤵
  PID:9916
- C:\Windows\System\XctMVla.exe
  C:\Windows\System\XctMVla.exe
  2⤵
  PID:9944
- C:\Windows\System\mOQbhGT.exe
  C:\Windows\System\mOQbhGT.exe
  2⤵
  PID:9968
- C:\Windows\System\Fubdvmi.exe
  C:\Windows\System\Fubdvmi.exe
  2⤵
  PID:9992
- C:\Windows\System\vyQzBZq.exe
  C:\Windows\System\vyQzBZq.exe
  2⤵
  PID:10016
- C:\Windows\System\uxIKZYa.exe
  C:\Windows\System\uxIKZYa.exe
  2⤵
  PID:10032
- C:\Windows\System\GbyNuKY.exe
  C:\Windows\System\GbyNuKY.exe
  2⤵
  PID:10056
- C:\Windows\System\BvJZwYW.exe
  C:\Windows\System\BvJZwYW.exe
  2⤵
  PID:10072
- C:\Windows\System\PYkxynB.exe
  C:\Windows\System\PYkxynB.exe
  2⤵
  PID:10092
- C:\Windows\System\bWaQqNl.exe
  C:\Windows\System\bWaQqNl.exe
  2⤵
  PID:10108
- C:\Windows\System\EUiqmUX.exe
  C:\Windows\System\EUiqmUX.exe
  2⤵
  PID:10128
- C:\Windows\System\eRiPNBE.exe
  C:\Windows\System\eRiPNBE.exe
  2⤵
  PID:10144
- C:\Windows\System\HHLBHLx.exe
  C:\Windows\System\HHLBHLx.exe
  2⤵
  PID:10164
- C:\Windows\System\jtxYpXM.exe
  C:\Windows\System\jtxYpXM.exe
  2⤵
  PID:10184
- C:\Windows\System\EIUwXbH.exe
  C:\Windows\System\EIUwXbH.exe
  2⤵
  PID:10200
- C:\Windows\System\fJuyWFV.exe
  C:\Windows\System\fJuyWFV.exe
  2⤵
  PID:10220
- C:\Windows\System\CKFkUoV.exe
  C:\Windows\System\CKFkUoV.exe
  2⤵
  PID:9268
- C:\Windows\System\NPsTpdD.exe
  C:\Windows\System\NPsTpdD.exe
  2⤵
  PID:9232
- C:\Windows\System\PzTUbMR.exe
  C:\Windows\System\PzTUbMR.exe
  2⤵
  PID:9272
- C:\Windows\System\txVcPBK.exe
  C:\Windows\System\txVcPBK.exe
  2⤵
  PID:9372
- C:\Windows\System\KYidBcI.exe
  C:\Windows\System\KYidBcI.exe
  2⤵
  PID:9376
- C:\Windows\System\TRAOtbD.exe
  C:\Windows\System\TRAOtbD.exe
  2⤵
  PID:9356
- C:\Windows\System\GUYWaZe.exe
  C:\Windows\System\GUYWaZe.exe
  2⤵
  PID:9420
- C:\Windows\System\PVWtmeI.exe
  C:\Windows\System\PVWtmeI.exe
  2⤵
  PID:9484
- C:\Windows\System\chcFkUe.exe
  C:\Windows\System\chcFkUe.exe
  2⤵
  PID:9548
- C:\Windows\System\gxhhGiz.exe
  C:\Windows\System\gxhhGiz.exe
  2⤵
  PID:9408
- C:\Windows\System\limneCE.exe
  C:\Windows\System\limneCE.exe
  2⤵
  PID:9500
- C:\Windows\System\jPGgsem.exe
  C:\Windows\System\jPGgsem.exe
  2⤵
  PID:9588
- C:\Windows\System\arzRHTK.exe
  C:\Windows\System\arzRHTK.exe
  2⤵
  PID:9632
- C:\Windows\System\GoyPduh.exe
  C:\Windows\System\GoyPduh.exe
  2⤵
  PID:9784
- C:\Windows\System\FmCZZsa.exe
  C:\Windows\System\FmCZZsa.exe
  2⤵
  PID:9880
- C:\Windows\System\zedmoPH.exe
  C:\Windows\System\zedmoPH.exe
  2⤵
  PID:9732
- C:\Windows\System\fMJJJJh.exe
  C:\Windows\System\fMJJJJh.exe
  2⤵
  PID:9932
- C:\Windows\System\dQrXNrt.exe
  C:\Windows\System\dQrXNrt.exe
  2⤵
  PID:9980
- C:\Windows\System\LpFaPsG.exe
  C:\Windows\System\LpFaPsG.exe
  2⤵
  PID:9804
- C:\Windows\System\hEgoefQ.exe
  C:\Windows\System\hEgoefQ.exe
  2⤵
  PID:9852
- C:\Windows\System\xJPVVvL.exe
  C:\Windows\System\xJPVVvL.exe
  2⤵
  PID:9904
- C:\Windows\System\pXntqJD.exe
  C:\Windows\System\pXntqJD.exe
  2⤵
  PID:9676
- C:\Windows\System\cWtbPZA.exe
  C:\Windows\System\cWtbPZA.exe
  2⤵
  PID:9724
- C:\Windows\System\EWtAxMj.exe
  C:\Windows\System\EWtAxMj.exe
  2⤵
  PID:9796
- C:\Windows\System\nWiSYyl.exe
  C:\Windows\System\nWiSYyl.exe
  2⤵
  PID:9896
- C:\Windows\System\vQKvujh.exe
  C:\Windows\System\vQKvujh.exe
  2⤵
  PID:10008
- C:\Windows\System\bSREfga.exe
  C:\Windows\System\bSREfga.exe
  2⤵
  PID:10064
- C:\Windows\System\MRyjTqN.exe
  C:\Windows\System\MRyjTqN.exe
  2⤵
  PID:10136
- C:\Windows\System\hFENSYF.exe
  C:\Windows\System\hFENSYF.exe
  2⤵
  PID:10208
- C:\Windows\System\EuWPbDo.exe
  C:\Windows\System\EuWPbDo.exe
  2⤵
  PID:10152
- C:\Windows\System\NlivHZx.exe
  C:\Windows\System\NlivHZx.exe
  2⤵
  PID:10196
- C:\Windows\System\LREzzdR.exe
  C:\Windows\System\LREzzdR.exe
  2⤵
  PID:10232
- C:\Windows\System\aPFncLG.exe
  C:\Windows\System\aPFncLG.exe
  2⤵
  PID:8980
- C:\Windows\System\BhVNrVX.exe
  C:\Windows\System\BhVNrVX.exe
  2⤵
  PID:9304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BWBfWML.exe

Filesize
6.0MB

MD5
18732b710ab65e9fa50e01a39ac0c459

SHA1
78467efef9bb8a19e6e0cd32dd6e78c193a4d5d6

SHA256
d141afca05dfcc511d9d210cf99c69eda46040ad4ae1b6c387225ed5ed47fbd8

SHA512
f4f3c26a25239ff4d424ebbe4113bac1cdf0e2a20476003014b13b545ba8eb2fa158302a6813ddffb52350b257ab1ab4b3aa52f7e6550c4d48806371aa29934f

Download Submit
C:\Windows\system\DoXWLwn.exe

Filesize
6.0MB

MD5
5ab4fe6f89fa5ccde60afee60147269b

SHA1
47da6b6ea87edf2a3f956635e3d855bb0d4f7249

SHA256
11fce16a7280c6c3bb2e902eceb409e2900acad5b59897475db1f2127d3035bb

SHA512
fc084ff74014daa8740c56f8c4491a074f6538f65ab16d17602d79181dea32dc6b4f3ab33455b07c28646c9f807f220aafe94fe977047963820bbbe796be87b1

Download Submit
C:\Windows\system\ENaBtLS.exe

Filesize
6.0MB

MD5
ef90079d707d1b11996aeaef47868f72

SHA1
f2e06afed7df19775c8060198fb7c74f83b5c2c1

SHA256
4704fbb6370b48b0e3bc2eb13ce68d17e3419ac295c4a7e72485ef0addfbea58

SHA512
c529f0e6976525e6466a5c85a67728a19f69be768c60677bcfd465aa351f4cd23cfc6acf1c10e02e901427a63dded1c0c9dcc9d8a77da754a6425e5a4b17d5a8

Download Submit
C:\Windows\system\GJIMxjd.exe

Filesize
6.0MB

MD5
da5436eeea5cccd3d985d9e03e84177d

SHA1
5e53b4382d7023f6906453e54c7b6b26436e8a9c

SHA256
b5bba543eb0d0aac1a5bb2cfc7429beb0fc93272abdade581c233cb944b4c95e

SHA512
9dcde772df77ac628df2b241c509ac68eef2adb37cf8f9bb834ed64baec00a21a6d933cac7dca5dc0647172a4140425f0c60cd1491202f93b795f0421c8ebeb1

Download Submit
C:\Windows\system\KDPBMMi.exe

Filesize
6.0MB

MD5
f60f04c8056023eae6d75933e6990a31

SHA1
cc80444159000d0c42edaa98bd2758dc21882e70

SHA256
1d4e7fd146d5e1000a2ebe5ba76380226002026b6d018952b2253cb126b0d6c6

SHA512
1e28b869d0c349c04aa5dc9b066c2ba9953380d419af78389128934c8a41c8739e771317ac2e0ded21830fb29c90f3107cfab13f137207d3d8b95131ab43545d

Download Submit
C:\Windows\system\NycEIqV.exe

Filesize
6.0MB

MD5
58d5cac080df662b93a6226aea55bac3

SHA1
bd24099a070b8354c785d7769d3364a9e99e24d1

SHA256
444719b2c6d0bd32d245edebb14001bd09934b92f38650129ffba1e86841a569

SHA512
a7cf609b37d96e6e13e06e9e45be02cc4660f3c7d8eb252effb0291c81996ae5deffa41378fa45e8935f9a4fb334badcf36ec32393f5bc90797b26f33b2e7074

Download Submit
C:\Windows\system\PJxuEDK.exe

Filesize
6.0MB

MD5
0f363a36129cfe39f994ec2ab1b988e7

SHA1
23f1d3f03697937a1c1fae51f8240aec34d65b72

SHA256
8159eb21eba5ad30e4da6dfc82b0c22ef69c5d2b84aeea022ec2aac623b6eeba

SHA512
2b901d62820f4b288c1bf734d0718d09494f54b214e6926f29a32267067a69897b0402e8f6494ae8a7782d0a73e9a478a7d48c7a1743ce98cd75e663ccf8034e

Download Submit
C:\Windows\system\PKUrbEQ.exe

Filesize
6.0MB

MD5
ae2a9d3b1c4922daab962da6aa7afd6d

SHA1
1b1d92f1ce46903c97e024d11ce545b6a91fbff6

SHA256
afcf35174b29a3e873c358bd440362a647292af9717179ade2afad83d6c38e63

SHA512
9c22711f04861167db79c4660d2a4ebe275b0bc15ad2d46e618b9766a0cb5b468f44c3fa43fd2efef4ad630b070a00d7be52713b4cb26ff813810df321e3281d

Download Submit
C:\Windows\system\QuxiPsr.exe

Filesize
6.0MB

MD5
eb4dcc7e4f8aefa7f2db5327383a1c04

SHA1
7d27202942128f73237952ee52bb69bf683a82c5

SHA256
9e27c957a1e06f661ae8f1e64ad5c292009c8a4ea761c8ec45b03f410b8ec890

SHA512
dcd77f84ff8c1009e8ca62bb3289996bb0cde8b817f7137e72da90a6d3bb47f6f1ffd76fb287438bdb50f405f1f4d1092764dc8a9766190357429a60046a5223

Download Submit
C:\Windows\system\RCYXUZx.exe

Filesize
6.0MB

MD5
19f9a6aed40c438150d02de70b5b4c70

SHA1
2c27859909da7b3534be39101e9556191d343828

SHA256
d09f44b1afb87af5cbdc66913965beec23cf5b47f5e7e5e0f90744b500093ff7

SHA512
2d3b1e13f4d4d4c5ae79ed0ef81302739f15ed01e86f99be358a445456b55a6c0d796596680ab3d0e257d70b23e7ac35e6d973c6a86a4cb20c389675738af83a

Download Submit
C:\Windows\system\RbXcfKQ.exe

Filesize
6.0MB

MD5
bb8ae82a9e7a80bb3621a8f101fb9abe

SHA1
adfeadf470a934f8742449b1b631733b3f433188

SHA256
67ead58b664f75dcfc2a3a33a08b8cfb4150d768e5ddc92c61a3d7b81c8078c1

SHA512
878e336fdd653b4c4d4e78b48ea03b518fcb2d67ff71ee1e75a6054e77c6d022c85f0ad8bc97f7341e29872fcb1d9a929e7cd65704e27f9b3da30b112f6a7721

Download Submit
C:\Windows\system\RpFaRIH.exe

Filesize
6.0MB

MD5
71a6bdcf1e9f038b2839797254a383c3

SHA1
15606b07a7fb38f05a6da8c6207f02d2f829a697

SHA256
1811f11fe01fa650bd6267a076dbdf10e96f292a7abf56c3a811e0b001efbd09

SHA512
99ee98c9e4aff7b7736909a58e16ffdf19baff36608e76d8b22abc3e3fd635a28d25d19587ae567838e84e8677abec7aae703acaa537953f95a56e01186d7763

Download Submit
C:\Windows\system\SJeYrlo.exe

Filesize
6.0MB

MD5
40b74c61de0f4c903fc896f3a9b4f1c4

SHA1
2e6631d61589d70685583b09ef1ed90e295bb347

SHA256
81ba7a3e90737f5d54bb7c8f932308ada76ef2dde7bffb5d98ba4d61c4fc684f

SHA512
ec2a46b674be5ab9ae504184bdd58a7c0b51e5325e29df8870642eb5ef8fb0b2667c1ec452cc6006168156e2208dae99b49e54541de4d57cebff3e78de811335

Download Submit
C:\Windows\system\XBuMcGZ.exe

Filesize
6.0MB

MD5
62d4a2de366a09ef0402635f55229d27

SHA1
34570bf28691743921553034866e5803e77f27b6

SHA256
f02c69aaa90b266b11c4e5750374bb78d6a74f3ca10c7b07e89b69f5755b2880

SHA512
6e4cb701ecaeb3ba2f9a14e312aa1acf3fbbfc00373cc7a330e025fbe4e37dfebfce51fe17f544d4274404960d70e482105d4f89402a58316bc756e8bda5047b

Download Submit
C:\Windows\system\XMXxliY.exe

Filesize
6.0MB

MD5
7e590e77d56885554999d604238cb2ec

SHA1
673858959d66751a8f174e46c6fa4a0ea8bac9fe

SHA256
5cfde42851fe81960887720d14e64443816a8f401d7cf6c8c5f3fedc210b4346

SHA512
c5577bea70d1d6936c564ff29a4aac2c1c5c78c3035e8ee32f78008c9f77c21d186802136fa51f577dfc54722c4e6c2e1aeea1a92535b69e23a5dbd89f21888a

Download Submit
C:\Windows\system\XXrOAIL.exe

Filesize
6.0MB

MD5
b386cf6b2a9cc54208a7a43ef55722dd

SHA1
140ccf17aae50b990dbf32d0c0cbe49d67964d3c

SHA256
55691505ebc4976fcd0adf53d552f971f5c8403b5f5a6f13e8562149772ce34a

SHA512
4660ea2c9cdc87d34079a9956fbfd0e00527e5237fef343ea02710189bc85bb1876e4ea86aaa4e34cbb9feae62268d88a975668cba24ce26429a6e08847ba96b

Download Submit
C:\Windows\system\XmaFLKX.exe

Filesize
6.0MB

MD5
0ccb15819c3da94b22a9e3aff7decf68

SHA1
b6aa5f39147ce21b6f8c11ba87e9d24d1ef70ca7

SHA256
916ef63614d27f366b226a1db4d505eda364c36b6497a0d39d21b889e770fa86

SHA512
69cb286abd9b90994c2bab91dc5994d713d4797de64bdee65ef6ec5fa1827c90a48e1090943f5a0dcc503f39718f4cfe479db147f4a3f32b97ac8a84b1cb067b

Download Submit
C:\Windows\system\ZGvHhGp.exe

Filesize
6.0MB

MD5
a9d42bccfa4aa0ac8abe15b95c0e1809

SHA1
49eb8596af9d8d3c56a82a36b9a2bb2a24c3ffa4

SHA256
d09f523900d1a83b2c27dcf0ea4233132af4dd8c5ebbc1d56b5c98bb5ad61d6d

SHA512
98e27c1a16649f365186237866b5e771e8a42d20c926169318a2542b185750caa585215a80668e3fc39a576f1689c036675d942b514de4c0b7fab46b1c85c756

Download Submit
C:\Windows\system\ZeRZMLq.exe

Filesize
6.0MB

MD5
f28bd45525c6d2cbcbd87973464300f3

SHA1
7975bba913ee3ca95b57bc1b0b0e0d167f9ff410

SHA256
fbb2712f282a19ea3b53a964e78eb18811e91424ec0cd28055d754883dc04a02

SHA512
21f06e67e53ace0f22731a1dcd3ee73cb9968cdce9cb2324eb625965b4dd2a52c4f39224a7e93029831da65a1df6a4a61e87fb8002f81d93ac553d87963074da

Download Submit
C:\Windows\system\dxDDxGo.exe

Filesize
6.0MB

MD5
10821e8cf1587c3300e75e47564d8530

SHA1
0d68a53aa2d578ffa0fbc2f0054a2161cb910ebe

SHA256
d63210dbcc9669665f74e3d20d83c3c93c98f568902be53e3870ae5119ae03b9

SHA512
b832109dc5481e713de9449f71c4c57858e9c242de9a242202c9f35c4bdbd978c86462041bb5f6a0bcc2c12604f6b2a65d86eee3efef797868ebc649e3888d25

Download Submit
C:\Windows\system\ggsMXjE.exe

Filesize
6.0MB

MD5
d978d2a06ac74a2855151e8265c5bef8

SHA1
28f87d14a10f7f5eb6d87ef013f993fc63378fb9

SHA256
8b72c71e3e000c7c189b36fc8223d25c9f9e163fcac5582f2438279aeb76f66b

SHA512
1cc8d60d743636a028937fe499043fcf3d252a7c592a9dea03941e34c05c1496460482da0cd6541e7706a4d2ba1ca121bcfcb996385577b0fdec2386ad953e47

Download Submit
C:\Windows\system\jTXMOHd.exe

Filesize
6.0MB

MD5
4f839435ec6ff709317f013a1ee92483

SHA1
d57cb01021192ef6282eec854d0ae85053a5834f

SHA256
a0381ad4c945e77048ecac772c72a425fac586521a2d22443c8dd25e5a3ed733

SHA512
2175cea173ddd1a5586409aa45b4a40dc8d76bfebf8a5dbcdabe8908fe14f600f458ba273916e81688999f019889a3316d68eae11a5483d61e52088146ffd46d

Download Submit
C:\Windows\system\kAgNTbY.exe

Filesize
6.0MB

MD5
081323b356b38c759cde94a4b811ee7e

SHA1
030d84300f6783342e4030d07abd2fa2387ce2a2

SHA256
1346cc334890c5d196c3f989c4f99c1bf7642d5dec95ecb650c972d7bb8835e1

SHA512
72d861c6d56984eef959519101af51ec3318eeb9dd8761d491f4578cadc0cf9a340dc7441ba181edf0063bb75675f02fb8055a424c8d411b2ccb24361e214c9a

Download Submit
C:\Windows\system\lVeyoNW.exe

Filesize
6.0MB

MD5
a8ede85f761d5e20babe654177bb836d

SHA1
a61bb2a9a22a88777071af486cd541b50afff379

SHA256
b04467779d9078e7dc11c2cc7ac3ab4b7ddf2b84921a31c16b61da2cac0f28d0

SHA512
51ad9424d7c8d7ddda4835fbdc0e20b2b183c2c2078afe3be7830f962f615f213231509735da40dc69db274a3cd09009a4ba531feb0f36f1133003e220703056

Download Submit
C:\Windows\system\rsLqdZn.exe

Filesize
6.0MB

MD5
3602b77e8c4cc531288c3fea7303f866

SHA1
9183f86f75984a5581b8e3897c7f585c775e9625

SHA256
6f5950d06e1111ae24f85f59c9756b81af3d8fd9abaca11547570679ba4c7ef8

SHA512
7d34bd95a60cfa93b7f563c17ce4b47ef6c40a33e102c663dc054b6e4be35b2a92fd8cf9e6f7ed4d7a419fb076483bc71d98348c9e9dd48863375f1eaa71dde2

Download Submit
C:\Windows\system\zWgbEKw.exe

Filesize
6.0MB

MD5
97c04620cf2b1b42371c4a18212da16e

SHA1
2d49058cdf3b3b5ef01d546927962e03da4df4bb

SHA256
81dee4ff166af11a24da69a6eb5a4b33525e25bbbe8b0242765e4df09888086c

SHA512
62591e10fe9c54c981bc016b935e23a1de545676f8f9f595b3cc242d40777dd7482ad0201c35373f57c1333a8c478303ab71d5a86f2dd90f4f0cca557479535b

Download Submit
\Windows\system\EkJqGma.exe

Filesize
6.0MB

MD5
cdc00b8db107257351095d55f08c16ad

SHA1
5d10313a24cfb41a0d09cec1a66fd84cd8899aa4

SHA256
249b143143b41f166201b9e2fb948dc49e2977252f04a7fd0e8e085bb8249844

SHA512
ed9b4387b632278236896b297c517f208286eba7ba6bbf6865717da03da70de8ed24b15023fc3c5846deb2d50a9ae86a474760f508af29f3e9a93c650d78275d

Download Submit
\Windows\system\IwPyudP.exe

Filesize
6.0MB

MD5
bf986352a96902b73e5a1424ee5b385e

SHA1
bc1c9581e646f2c669eba30126554cf23b83194c

SHA256
d58cbb33decec76610532044de9a4d21f86ea656254edf52ff6c5708d2148a76

SHA512
5ef624298ac3f8407c8b4b3f4a93de978bed9d0c8ffbe1b5c5dac18ab389c72b2e1724fd0a2445f5dd3af8d122fc4f077b8a43aa35867fddb45ea45ab314796a

Download Submit
\Windows\system\VEZUQEp.exe

Filesize
6.0MB

MD5
8b59ba5901220adfaa17af1c51cbcc6c

SHA1
4979e8705d72f3269c36c63162f2d32cb32f4bb2

SHA256
f8e6711095c6f9521a59d8419a3bdff93f85ef655c0755ca3f3479d278a995ae

SHA512
a21d7480b1f66db0c14f0b4fba3281b24d9878de6b3405f0cab224b8b1849ae7be3325e9ac1d6150481490e5d61456bd10fb1aa383ca6a392980357f61b68906

Download Submit
\Windows\system\emKttia.exe

Filesize
6.0MB

MD5
badf899f26adc8441b46d136b57c00f3

SHA1
db6c8d5919ef4768f2ec23245a83307ea03c37be

SHA256
e9b44d09dd106c37174903f678524ad3105669a2e565df3ffb0b9b6b439219a8

SHA512
1854813d1c66a8c9cd6ca471cef425af5a93e37eef7659ae9e7fe0c9b3ff05fd81db5fad87d1418b9b47bb4b3e0de15dc602db102cdd97526f9ee6ad0170fabd

Download Submit
\Windows\system\gQhOwWc.exe

Filesize
6.0MB

MD5
502cccb5771f5cbfa83731e4d9bcc4ca

SHA1
cb8e207d258bafbd308381f8f3a6290906bc592b

SHA256
c46ceb1e062cf0dc13320ac0c104f0b174247e3597c0d182e1232c8d33e4ccbb

SHA512
ab4fa857a8b216633011fdc364ca78c5636358337b15fb0d3047960d5b130cdc635647c9eb96b66c8dccec7ee40eed076bf07294a75d0cf27621089c76b2bb14

Download Submit
\Windows\system\wDyKpFE.exe

Filesize
6.0MB

MD5
7d4f3d7d7bef91c52f74c7fbe4d4a3b1

SHA1
a7f59021352782475f9fc30be545d726dd83fad3

SHA256
a420aee4f79a9c5a51f273b2beae827c55537ee333301a31867d918dbf8cc631

SHA512
c103964e5d60d1ad0a6234c1d2f0e09d8b2ad46bb2c737909ca92722c2ae4244f37907d3ee2d15d17d214260f6c20f5d61e803e23a0238b0dad293e7447433ba

Download Submit
memory/456-3828-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/456-16-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/620-76-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/620-3979-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/620-107-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1124-703-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1124-101-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/1124-4081-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2104-3976-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-518-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2104-93-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-3813-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-15-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-34-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2536-73-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2536-19-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2536-104-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2536-0-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2536-66-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2536-10-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2536-59-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-8-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-61-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2536-102-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2536-81-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2536-84-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-588-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2536-1099-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-205-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2536-108-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-89-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-63-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2536-99-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2536-97-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2536-31-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2708-85-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2708-313-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3940-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2724-64-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2724-3970-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2744-92-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3971-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2744-38-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2788-62-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3903-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2808-80-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3885-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-22-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3890-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-29-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3906-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-58-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3955-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-60-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/3060-3926-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3060-69-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3060-103-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download