cobaltstrike | ee32ff40c964115cbd2b159097659523ab31bfdb7acc4ec8b4ce7a5bd6c75b81

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/10/2024, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

546a6cd5d8e07290943de7a89181c1d5
SHA1

9d2c1f734161705b6fccb670c7133c04108c5ec0
SHA256

ee32ff40c964115cbd2b159097659523ab31bfdb7acc4ec8b4ce7a5bd6c75b81
SHA512

1524f2afaa97f54e720874fdcaf617df0328ca44a1f19972b3ac6ec23cc7a331393d4c1fe205dfb6b2f77fb81b23dbd8255046fcb4d49945de3adbe0b4391132
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUj:T+q56utgpPF8u/7j

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012254-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016276-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000167ea-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016a49-32.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001650a-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c36-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c53-49.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015fba-42.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019263-66.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dc1-63.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019280-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941a-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193ec-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-185.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c8-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b7-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938b-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019399-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019436-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019417-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d4-121.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/876-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x000d000000012254-3.dat	xmrig
behavioral1/memory/2492-10-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x0008000000016276-11.dat	xmrig
behavioral1/memory/1048-15-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x00070000000167ea-23.dat	xmrig
behavioral1/memory/2204-28-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2516-26-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/2696-33-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0007000000016a49-32.dat	xmrig
behavioral1/files/0x000800000001650a-19.dat	xmrig
behavioral1/memory/2492-34-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/876-35-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c36-41.dat	xmrig
behavioral1/files/0x0008000000016c53-49.dat	xmrig
behavioral1/memory/2796-50-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/876-47-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0009000000015fba-42.dat	xmrig
behavioral1/memory/2848-57-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019263-66.dat	xmrig
behavioral1/memory/2792-64-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x0008000000016dc1-63.dat	xmrig
behavioral1/memory/2772-62-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2516-61-0x000000013F520000-0x000000013F874000-memory.dmp	xmrig
behavioral1/memory/876-59-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/876-56-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2696-74-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x0005000000019278-75.dat	xmrig
behavioral1/memory/876-83-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/3012-82-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2796-81-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/876-79-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/files/0x0005000000019280-84.dat	xmrig
behavioral1/files/0x00050000000194bd-137.dat	xmrig
behavioral1/memory/876-142-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/files/0x00050000000194f3-152.dat	xmrig
behavioral1/files/0x0005000000019441-151.dat	xmrig
behavioral1/files/0x000500000001941a-150.dat	xmrig
behavioral1/files/0x00050000000193ec-149.dat	xmrig
behavioral1/files/0x000500000001960a-174.dat	xmrig
behavioral1/memory/876-905-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2576-486-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/876-365-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2792-254-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/files/0x000500000001960e-190.dat	xmrig
behavioral1/files/0x000500000001960c-180.dat	xmrig
behavioral1/files/0x0005000000019610-194.dat	xmrig
behavioral1/files/0x000500000001960d-185.dat	xmrig
behavioral1/files/0x00050000000195d9-169.dat	xmrig
behavioral1/files/0x0005000000019537-164.dat	xmrig
behavioral1/files/0x00050000000193c8-148.dat	xmrig
behavioral1/files/0x00050000000193b7-147.dat	xmrig
behavioral1/files/0x000500000001938b-146.dat	xmrig
behavioral1/memory/2772-136-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c1-106.dat	xmrig
behavioral1/files/0x0005000000019399-105.dat	xmrig
behavioral1/memory/876-91-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/files/0x0005000000019436-138.dat	xmrig
behavioral1/files/0x0005000000019417-122.dat	xmrig
behavioral1/files/0x00050000000193d4-121.dat	xmrig
behavioral1/memory/1212-114-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/1048-3705-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2204-3708-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2492-3712-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2492	MiNbgno.exe
1048	JtCJwSe.exe
2516	xdyPGtq.exe
2204	ImNjPZC.exe
2696	OLpxMSi.exe
2796	sFXIEjk.exe
2848	AuaHvqb.exe
2772	kIMwrRT.exe
2792	ABVLmsK.exe
2576	KAcYRQQ.exe
3012	ibNOFuH.exe
1212	RkNYGKd.exe
2776	NcNqfvd.exe
356	msPuaaf.exe
1896	AUIVTeB.exe
1456	SjJTKTb.exe
1696	PAJCJFG.exe
2856	UYvVAKn.exe
2044	SlWtwhD.exe
2384	obwHKtE.exe
2752	TgVoCgi.exe
1964	nhbtBiz.exe
1612	TSuxuUQ.exe
2916	RClRHfR.exe
2192	jmBgOGZ.exe
1512	PwAOpcM.exe
2024	LqoxLbS.exe
2136	yYZYBwo.exe
1204	WGNNHmj.exe
1556	WCGZryX.exe
2032	upUnWKK.exe
2744	eyCmOTV.exe
1960	PgkncGS.exe
924	zQYVtMB.exe
956	Qxneive.exe
2272	BxnypRo.exe
1704	jDCVlJH.exe
2064	TbgWhKI.exe
1616	gyfhnLG.exe
2260	ivePVAj.exe
2056	vbyKSXW.exe
564	sYplDZs.exe
644	lNLaHte.exe
2168	OJoSsdg.exe
1748	utWeySu.exe
2740	QjTQvVL.exe
340	qSjJExA.exe
1884	iYhzXGw.exe
2972	HAyXaPf.exe
1836	ScKoyag.exe
2096	LuwERXM.exe
332	YSTuJwp.exe
2640	nchRuHB.exe
2244	HgjiOlV.exe
2868	CknPXQY.exe
1056	LdybtzY.exe
2300	ZCLyFKa.exe
2880	MBGXgFH.exe
2240	NlXxPFI.exe
2368	ucpphLd.exe
2508	OGsRQdD.exe
2704	SiPMsLw.exe
2524	RiBfPul.exe
2832	xcPDSrK.exe

Loads dropped DLL 64 IoCs

pid	Process
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/876-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x000d000000012254-3.dat	upx
behavioral1/memory/2492-10-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x0008000000016276-11.dat	upx
behavioral1/memory/1048-15-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x00070000000167ea-23.dat	upx
behavioral1/memory/2204-28-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2516-26-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2696-33-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0007000000016a49-32.dat	upx
behavioral1/files/0x000800000001650a-19.dat	upx
behavioral1/memory/2492-34-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/876-35-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x0007000000016c36-41.dat	upx
behavioral1/files/0x0008000000016c53-49.dat	upx
behavioral1/memory/2796-50-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0009000000015fba-42.dat	upx
behavioral1/memory/2848-57-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/files/0x0005000000019263-66.dat	upx
behavioral1/memory/2792-64-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x0008000000016dc1-63.dat	upx
behavioral1/memory/2772-62-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2516-61-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2696-74-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x0005000000019278-75.dat	upx
behavioral1/memory/3012-82-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2796-81-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/files/0x0005000000019280-84.dat	upx
behavioral1/files/0x00050000000194bd-137.dat	upx
behavioral1/files/0x00050000000194f3-152.dat	upx
behavioral1/files/0x0005000000019441-151.dat	upx
behavioral1/files/0x000500000001941a-150.dat	upx
behavioral1/files/0x00050000000193ec-149.dat	upx
behavioral1/files/0x000500000001960a-174.dat	upx
behavioral1/memory/2576-486-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2792-254-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/files/0x000500000001960e-190.dat	upx
behavioral1/files/0x000500000001960c-180.dat	upx
behavioral1/files/0x0005000000019610-194.dat	upx
behavioral1/files/0x000500000001960d-185.dat	upx
behavioral1/files/0x00050000000195d9-169.dat	upx
behavioral1/files/0x0005000000019537-164.dat	upx
behavioral1/files/0x00050000000193c8-148.dat	upx
behavioral1/files/0x00050000000193b7-147.dat	upx
behavioral1/files/0x000500000001938b-146.dat	upx
behavioral1/memory/2772-136-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x00050000000193c1-106.dat	upx
behavioral1/files/0x0005000000019399-105.dat	upx
behavioral1/files/0x0005000000019436-138.dat	upx
behavioral1/files/0x0005000000019417-122.dat	upx
behavioral1/files/0x00050000000193d4-121.dat	upx
behavioral1/memory/1212-114-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/1048-3705-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2204-3708-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2492-3712-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2516-3726-0x000000013F520000-0x000000013F874000-memory.dmp	upx
behavioral1/memory/2848-3833-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2796-3837-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2576-3843-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2696-3840-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2772-3848-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2792-3851-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/3012-4070-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/1212-4071-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ueKoPFw.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjMwUOJ.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNSUVQq.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mERHuus.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaeeXBl.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyhkCsX.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwzIzOB.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSTuJwp.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKyjsJs.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlyrOOp.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yprlXlu.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPnNVbm.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rirdIeX.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjxcHrZ.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjCAKKA.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BXemSVh.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqQbdAL.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RINwANs.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msQXEha.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsPuiOD.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROtoXYV.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BxnypRo.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtDeFWG.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gzstfwb.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vtuxkdk.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fzqmtwY.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEmMHrC.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QXCOmpd.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wSaZAnu.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBkclyA.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGiwNIP.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KwbIVWi.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcNqfvd.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcPDSrK.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAXKowV.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEorgqZ.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BzpdWps.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uqVglOh.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msPuaaf.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LhWjUOl.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbwsYPb.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QFDUabH.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\srzsCdn.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UlUyXgH.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGOBbLA.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTMYEwF.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVhLBoG.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msWoPzU.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tBbrtfQ.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEewzhI.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FgHPfkh.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwcwTQs.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dopzWMu.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkCtvLO.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kiPfnQq.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJLyJjp.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ccJYUcp.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lxkMUyg.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPVoORY.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYvVAKn.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\spvgwPS.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAsukkp.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZuSHKRT.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVkntfc.exe	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 876 wrote to memory of 2492	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 876 wrote to memory of 2492	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 876 wrote to memory of 2492	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 876 wrote to memory of 1048	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 876 wrote to memory of 1048	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 876 wrote to memory of 1048	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 876 wrote to memory of 2516	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 876 wrote to memory of 2516	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 876 wrote to memory of 2516	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 876 wrote to memory of 2204	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 876 wrote to memory of 2204	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 876 wrote to memory of 2204	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 876 wrote to memory of 2696	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 876 wrote to memory of 2696	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 876 wrote to memory of 2696	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 876 wrote to memory of 2796	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 876 wrote to memory of 2796	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 876 wrote to memory of 2796	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 876 wrote to memory of 2772	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 876 wrote to memory of 2772	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 876 wrote to memory of 2772	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 876 wrote to memory of 2848	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 876 wrote to memory of 2848	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 876 wrote to memory of 2848	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 876 wrote to memory of 2792	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 876 wrote to memory of 2792	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 876 wrote to memory of 2792	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 876 wrote to memory of 2576	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 876 wrote to memory of 2576	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 876 wrote to memory of 2576	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 876 wrote to memory of 3012	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 876 wrote to memory of 3012	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 876 wrote to memory of 3012	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 876 wrote to memory of 1212	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 876 wrote to memory of 1212	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 876 wrote to memory of 1212	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 876 wrote to memory of 2044	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 876 wrote to memory of 2044	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 876 wrote to memory of 2044	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 876 wrote to memory of 2776	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 876 wrote to memory of 2776	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 876 wrote to memory of 2776	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 876 wrote to memory of 2384	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 876 wrote to memory of 2384	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 876 wrote to memory of 2384	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 876 wrote to memory of 356	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 876 wrote to memory of 356	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 876 wrote to memory of 356	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 876 wrote to memory of 2752	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 876 wrote to memory of 2752	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 876 wrote to memory of 2752	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 876 wrote to memory of 1896	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 876 wrote to memory of 1896	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 876 wrote to memory of 1896	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 876 wrote to memory of 1964	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 876 wrote to memory of 1964	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 876 wrote to memory of 1964	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 876 wrote to memory of 1456	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 876 wrote to memory of 1456	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 876 wrote to memory of 1456	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 876 wrote to memory of 1612	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 876 wrote to memory of 1612	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 876 wrote to memory of 1612	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 876 wrote to memory of 1696	876	2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-06_546a6cd5d8e07290943de7a89181c1d5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:876
- C:\Windows\System\MiNbgno.exe
  C:\Windows\System\MiNbgno.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\JtCJwSe.exe
  C:\Windows\System\JtCJwSe.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\xdyPGtq.exe
  C:\Windows\System\xdyPGtq.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\ImNjPZC.exe
  C:\Windows\System\ImNjPZC.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\OLpxMSi.exe
  C:\Windows\System\OLpxMSi.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\sFXIEjk.exe
  C:\Windows\System\sFXIEjk.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\kIMwrRT.exe
  C:\Windows\System\kIMwrRT.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\AuaHvqb.exe
  C:\Windows\System\AuaHvqb.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\ABVLmsK.exe
  C:\Windows\System\ABVLmsK.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\KAcYRQQ.exe
  C:\Windows\System\KAcYRQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\ibNOFuH.exe
  C:\Windows\System\ibNOFuH.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\RkNYGKd.exe
  C:\Windows\System\RkNYGKd.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\SlWtwhD.exe
  C:\Windows\System\SlWtwhD.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\NcNqfvd.exe
  C:\Windows\System\NcNqfvd.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\obwHKtE.exe
  C:\Windows\System\obwHKtE.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\msPuaaf.exe
  C:\Windows\System\msPuaaf.exe
  2⤵
  - Executes dropped EXE
  PID:356
- C:\Windows\System\TgVoCgi.exe
  C:\Windows\System\TgVoCgi.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\AUIVTeB.exe
  C:\Windows\System\AUIVTeB.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\nhbtBiz.exe
  C:\Windows\System\nhbtBiz.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\SjJTKTb.exe
  C:\Windows\System\SjJTKTb.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\TSuxuUQ.exe
  C:\Windows\System\TSuxuUQ.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\PAJCJFG.exe
  C:\Windows\System\PAJCJFG.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\RClRHfR.exe
  C:\Windows\System\RClRHfR.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\UYvVAKn.exe
  C:\Windows\System\UYvVAKn.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\jmBgOGZ.exe
  C:\Windows\System\jmBgOGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\PwAOpcM.exe
  C:\Windows\System\PwAOpcM.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\LqoxLbS.exe
  C:\Windows\System\LqoxLbS.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\yYZYBwo.exe
  C:\Windows\System\yYZYBwo.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\WGNNHmj.exe
  C:\Windows\System\WGNNHmj.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\WCGZryX.exe
  C:\Windows\System\WCGZryX.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\upUnWKK.exe
  C:\Windows\System\upUnWKK.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\eyCmOTV.exe
  C:\Windows\System\eyCmOTV.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\PgkncGS.exe
  C:\Windows\System\PgkncGS.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\zQYVtMB.exe
  C:\Windows\System\zQYVtMB.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\Qxneive.exe
  C:\Windows\System\Qxneive.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\BxnypRo.exe
  C:\Windows\System\BxnypRo.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\jDCVlJH.exe
  C:\Windows\System\jDCVlJH.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\TbgWhKI.exe
  C:\Windows\System\TbgWhKI.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\gyfhnLG.exe
  C:\Windows\System\gyfhnLG.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\ivePVAj.exe
  C:\Windows\System\ivePVAj.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\vbyKSXW.exe
  C:\Windows\System\vbyKSXW.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\sYplDZs.exe
  C:\Windows\System\sYplDZs.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\lNLaHte.exe
  C:\Windows\System\lNLaHte.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\OJoSsdg.exe
  C:\Windows\System\OJoSsdg.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\utWeySu.exe
  C:\Windows\System\utWeySu.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\QjTQvVL.exe
  C:\Windows\System\QjTQvVL.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\qSjJExA.exe
  C:\Windows\System\qSjJExA.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\iYhzXGw.exe
  C:\Windows\System\iYhzXGw.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\HAyXaPf.exe
  C:\Windows\System\HAyXaPf.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\ScKoyag.exe
  C:\Windows\System\ScKoyag.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\LuwERXM.exe
  C:\Windows\System\LuwERXM.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\YSTuJwp.exe
  C:\Windows\System\YSTuJwp.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\nchRuHB.exe
  C:\Windows\System\nchRuHB.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\HgjiOlV.exe
  C:\Windows\System\HgjiOlV.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\CknPXQY.exe
  C:\Windows\System\CknPXQY.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\LdybtzY.exe
  C:\Windows\System\LdybtzY.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\ZCLyFKa.exe
  C:\Windows\System\ZCLyFKa.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\MBGXgFH.exe
  C:\Windows\System\MBGXgFH.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\NlXxPFI.exe
  C:\Windows\System\NlXxPFI.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\ucpphLd.exe
  C:\Windows\System\ucpphLd.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\OGsRQdD.exe
  C:\Windows\System\OGsRQdD.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\SiPMsLw.exe
  C:\Windows\System\SiPMsLw.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\RiBfPul.exe
  C:\Windows\System\RiBfPul.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\xcPDSrK.exe
  C:\Windows\System\xcPDSrK.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\lcUdFfW.exe
  C:\Windows\System\lcUdFfW.exe
  2⤵
  PID:2580
- C:\Windows\System\fJuJAsa.exe
  C:\Windows\System\fJuJAsa.exe
  2⤵
  PID:2728
- C:\Windows\System\kiEhNqD.exe
  C:\Windows\System\kiEhNqD.exe
  2⤵
  PID:2872
- C:\Windows\System\fqCQfye.exe
  C:\Windows\System\fqCQfye.exe
  2⤵
  PID:1472
- C:\Windows\System\wFAGtZI.exe
  C:\Windows\System\wFAGtZI.exe
  2⤵
  PID:1780
- C:\Windows\System\cHhuOcD.exe
  C:\Windows\System\cHhuOcD.exe
  2⤵
  PID:840
- C:\Windows\System\tgmrKFI.exe
  C:\Windows\System\tgmrKFI.exe
  2⤵
  PID:2184
- C:\Windows\System\MjLPxOT.exe
  C:\Windows\System\MjLPxOT.exe
  2⤵
  PID:1844
- C:\Windows\System\pbQMDtK.exe
  C:\Windows\System\pbQMDtK.exe
  2⤵
  PID:920
- C:\Windows\System\IOHCJqe.exe
  C:\Windows\System\IOHCJqe.exe
  2⤵
  PID:2896
- C:\Windows\System\dbMAnZW.exe
  C:\Windows\System\dbMAnZW.exe
  2⤵
  PID:2232
- C:\Windows\System\pCzBWjF.exe
  C:\Windows\System\pCzBWjF.exe
  2⤵
  PID:1968
- C:\Windows\System\PydBIlL.exe
  C:\Windows\System\PydBIlL.exe
  2⤵
  PID:1156
- C:\Windows\System\mRXxViV.exe
  C:\Windows\System\mRXxViV.exe
  2⤵
  PID:2268
- C:\Windows\System\sohnoRh.exe
  C:\Windows\System\sohnoRh.exe
  2⤵
  PID:1948
- C:\Windows\System\cvHQFOk.exe
  C:\Windows\System\cvHQFOk.exe
  2⤵
  PID:272
- C:\Windows\System\WklmJWV.exe
  C:\Windows\System\WklmJWV.exe
  2⤵
  PID:616
- C:\Windows\System\kLlVvLy.exe
  C:\Windows\System\kLlVvLy.exe
  2⤵
  PID:108
- C:\Windows\System\iLqRCgJ.exe
  C:\Windows\System\iLqRCgJ.exe
  2⤵
  PID:1680
- C:\Windows\System\qwaFupN.exe
  C:\Windows\System\qwaFupN.exe
  2⤵
  PID:2596
- C:\Windows\System\ZtIRDNg.exe
  C:\Windows\System\ZtIRDNg.exe
  2⤵
  PID:2156
- C:\Windows\System\icJvFdE.exe
  C:\Windows\System\icJvFdE.exe
  2⤵
  PID:1444
- C:\Windows\System\fUeoFCo.exe
  C:\Windows\System\fUeoFCo.exe
  2⤵
  PID:1588
- C:\Windows\System\CYIkGFq.exe
  C:\Windows\System\CYIkGFq.exe
  2⤵
  PID:304
- C:\Windows\System\tLvtjni.exe
  C:\Windows\System\tLvtjni.exe
  2⤵
  PID:2968
- C:\Windows\System\ZqvCmae.exe
  C:\Windows\System\ZqvCmae.exe
  2⤵
  PID:1520
- C:\Windows\System\xaHojLd.exe
  C:\Windows\System\xaHojLd.exe
  2⤵
  PID:2344
- C:\Windows\System\OFhKsQK.exe
  C:\Windows\System\OFhKsQK.exe
  2⤵
  PID:1572
- C:\Windows\System\lBIZHdG.exe
  C:\Windows\System\lBIZHdG.exe
  2⤵
  PID:2864
- C:\Windows\System\TNTAkFH.exe
  C:\Windows\System\TNTAkFH.exe
  2⤵
  PID:2664
- C:\Windows\System\KkPeiET.exe
  C:\Windows\System\KkPeiET.exe
  2⤵
  PID:2800
- C:\Windows\System\FOpOlBH.exe
  C:\Windows\System\FOpOlBH.exe
  2⤵
  PID:3048
- C:\Windows\System\MUQKapW.exe
  C:\Windows\System\MUQKapW.exe
  2⤵
  PID:2936
- C:\Windows\System\njLLrqD.exe
  C:\Windows\System\njLLrqD.exe
  2⤵
  PID:2556
- C:\Windows\System\dJTeAsm.exe
  C:\Windows\System\dJTeAsm.exe
  2⤵
  PID:2068
- C:\Windows\System\wUmgWOC.exe
  C:\Windows\System\wUmgWOC.exe
  2⤵
  PID:2372
- C:\Windows\System\APlWnvj.exe
  C:\Windows\System\APlWnvj.exe
  2⤵
  PID:2852
- C:\Windows\System\YTAwpvB.exe
  C:\Windows\System\YTAwpvB.exe
  2⤵
  PID:3016
- C:\Windows\System\MFZLOAA.exe
  C:\Windows\System\MFZLOAA.exe
  2⤵
  PID:668
- C:\Windows\System\MXNwCIH.exe
  C:\Windows\System\MXNwCIH.exe
  2⤵
  PID:448
- C:\Windows\System\jhIFvCf.exe
  C:\Windows\System\jhIFvCf.exe
  2⤵
  PID:320
- C:\Windows\System\OfYQolf.exe
  C:\Windows\System\OfYQolf.exe
  2⤵
  PID:2760
- C:\Windows\System\IfOQOvb.exe
  C:\Windows\System\IfOQOvb.exe
  2⤵
  PID:636
- C:\Windows\System\xbxmwfV.exe
  C:\Windows\System\xbxmwfV.exe
  2⤵
  PID:1440
- C:\Windows\System\xEDowqh.exe
  C:\Windows\System\xEDowqh.exe
  2⤵
  PID:2484
- C:\Windows\System\zANitBH.exe
  C:\Windows\System\zANitBH.exe
  2⤵
  PID:1708
- C:\Windows\System\PlldkkI.exe
  C:\Windows\System\PlldkkI.exe
  2⤵
  PID:1448
- C:\Windows\System\YoNQjMi.exe
  C:\Windows\System\YoNQjMi.exe
  2⤵
  PID:2188
- C:\Windows\System\vfnmutc.exe
  C:\Windows\System\vfnmutc.exe
  2⤵
  PID:2420
- C:\Windows\System\MZFShzF.exe
  C:\Windows\System\MZFShzF.exe
  2⤵
  PID:2296
- C:\Windows\System\jPGORBp.exe
  C:\Windows\System\jPGORBp.exe
  2⤵
  PID:1956
- C:\Windows\System\hVFBuOt.exe
  C:\Windows\System\hVFBuOt.exe
  2⤵
  PID:1652
- C:\Windows\System\xJHNzHO.exe
  C:\Windows\System\xJHNzHO.exe
  2⤵
  PID:2324
- C:\Windows\System\iaVAHsN.exe
  C:\Windows\System\iaVAHsN.exe
  2⤵
  PID:2724
- C:\Windows\System\WrvpRgj.exe
  C:\Windows\System\WrvpRgj.exe
  2⤵
  PID:2552
- C:\Windows\System\fQsMmqS.exe
  C:\Windows\System\fQsMmqS.exe
  2⤵
  PID:568
- C:\Windows\System\SYXidgs.exe
  C:\Windows\System\SYXidgs.exe
  2⤵
  PID:1736
- C:\Windows\System\BXemSVh.exe
  C:\Windows\System\BXemSVh.exe
  2⤵
  PID:960
- C:\Windows\System\DGnMTbA.exe
  C:\Windows\System\DGnMTbA.exe
  2⤵
  PID:1740
- C:\Windows\System\lhcagMP.exe
  C:\Windows\System\lhcagMP.exe
  2⤵
  PID:1232
- C:\Windows\System\moBDfdk.exe
  C:\Windows\System\moBDfdk.exe
  2⤵
  PID:892
- C:\Windows\System\NKrqdPV.exe
  C:\Windows\System\NKrqdPV.exe
  2⤵
  PID:1492
- C:\Windows\System\dfpPNsk.exe
  C:\Windows\System\dfpPNsk.exe
  2⤵
  PID:2112
- C:\Windows\System\kdyrKLh.exe
  C:\Windows\System\kdyrKLh.exe
  2⤵
  PID:1320
- C:\Windows\System\iqQBdUl.exe
  C:\Windows\System\iqQBdUl.exe
  2⤵
  PID:2844
- C:\Windows\System\YjjstuD.exe
  C:\Windows\System\YjjstuD.exe
  2⤵
  PID:1648
- C:\Windows\System\uGpCxoW.exe
  C:\Windows\System\uGpCxoW.exe
  2⤵
  PID:1424
- C:\Windows\System\zkefKap.exe
  C:\Windows\System\zkefKap.exe
  2⤵
  PID:2836
- C:\Windows\System\txMTPht.exe
  C:\Windows\System\txMTPht.exe
  2⤵
  PID:1620
- C:\Windows\System\FBetccx.exe
  C:\Windows\System\FBetccx.exe
  2⤵
  PID:592
- C:\Windows\System\QInsdfS.exe
  C:\Windows\System\QInsdfS.exe
  2⤵
  PID:1252
- C:\Windows\System\PDMBQaW.exe
  C:\Windows\System\PDMBQaW.exe
  2⤵
  PID:2016
- C:\Windows\System\kZhKEND.exe
  C:\Windows\System\kZhKEND.exe
  2⤵
  PID:2540
- C:\Windows\System\quNBGEu.exe
  C:\Windows\System\quNBGEu.exe
  2⤵
  PID:1640
- C:\Windows\System\DGLRzxE.exe
  C:\Windows\System\DGLRzxE.exe
  2⤵
  PID:3092
- C:\Windows\System\qdOQSji.exe
  C:\Windows\System\qdOQSji.exe
  2⤵
  PID:3112
- C:\Windows\System\TFxlQlZ.exe
  C:\Windows\System\TFxlQlZ.exe
  2⤵
  PID:3132
- C:\Windows\System\PaXKWLM.exe
  C:\Windows\System\PaXKWLM.exe
  2⤵
  PID:3152
- C:\Windows\System\qKMUmfH.exe
  C:\Windows\System\qKMUmfH.exe
  2⤵
  PID:3172
- C:\Windows\System\GIopKuD.exe
  C:\Windows\System\GIopKuD.exe
  2⤵
  PID:3192
- C:\Windows\System\nxomLnj.exe
  C:\Windows\System\nxomLnj.exe
  2⤵
  PID:3212
- C:\Windows\System\HciwMYW.exe
  C:\Windows\System\HciwMYW.exe
  2⤵
  PID:3228
- C:\Windows\System\UbasZDN.exe
  C:\Windows\System\UbasZDN.exe
  2⤵
  PID:3248
- C:\Windows\System\wdJaBCa.exe
  C:\Windows\System\wdJaBCa.exe
  2⤵
  PID:3272
- C:\Windows\System\qTyNMPj.exe
  C:\Windows\System\qTyNMPj.exe
  2⤵
  PID:3292
- C:\Windows\System\bIPdRIn.exe
  C:\Windows\System\bIPdRIn.exe
  2⤵
  PID:3312
- C:\Windows\System\RvRJHwe.exe
  C:\Windows\System\RvRJHwe.exe
  2⤵
  PID:3332
- C:\Windows\System\LuUHFRD.exe
  C:\Windows\System\LuUHFRD.exe
  2⤵
  PID:3348
- C:\Windows\System\kVzgOiQ.exe
  C:\Windows\System\kVzgOiQ.exe
  2⤵
  PID:3372
- C:\Windows\System\BmKhQBO.exe
  C:\Windows\System\BmKhQBO.exe
  2⤵
  PID:3388
- C:\Windows\System\alznAOe.exe
  C:\Windows\System\alznAOe.exe
  2⤵
  PID:3412
- C:\Windows\System\jDnRSzI.exe
  C:\Windows\System\jDnRSzI.exe
  2⤵
  PID:3428
- C:\Windows\System\WnMFoJj.exe
  C:\Windows\System\WnMFoJj.exe
  2⤵
  PID:3452
- C:\Windows\System\MOyVBaI.exe
  C:\Windows\System\MOyVBaI.exe
  2⤵
  PID:3468
- C:\Windows\System\jIYOltB.exe
  C:\Windows\System\jIYOltB.exe
  2⤵
  PID:3488
- C:\Windows\System\HxMuNHY.exe
  C:\Windows\System\HxMuNHY.exe
  2⤵
  PID:3508
- C:\Windows\System\qlCbAqT.exe
  C:\Windows\System\qlCbAqT.exe
  2⤵
  PID:3528
- C:\Windows\System\pRCoDMw.exe
  C:\Windows\System\pRCoDMw.exe
  2⤵
  PID:3548
- C:\Windows\System\UEflGOU.exe
  C:\Windows\System\UEflGOU.exe
  2⤵
  PID:3572
- C:\Windows\System\poCQjlE.exe
  C:\Windows\System\poCQjlE.exe
  2⤵
  PID:3592
- C:\Windows\System\xAQGhxt.exe
  C:\Windows\System\xAQGhxt.exe
  2⤵
  PID:3612
- C:\Windows\System\FsJsQfh.exe
  C:\Windows\System\FsJsQfh.exe
  2⤵
  PID:3628
- C:\Windows\System\BuEGUXm.exe
  C:\Windows\System\BuEGUXm.exe
  2⤵
  PID:3652
- C:\Windows\System\tucwrBo.exe
  C:\Windows\System\tucwrBo.exe
  2⤵
  PID:3672
- C:\Windows\System\kgATLDH.exe
  C:\Windows\System\kgATLDH.exe
  2⤵
  PID:3692
- C:\Windows\System\nUaqVmQ.exe
  C:\Windows\System\nUaqVmQ.exe
  2⤵
  PID:3716
- C:\Windows\System\GntBaoa.exe
  C:\Windows\System\GntBaoa.exe
  2⤵
  PID:3736
- C:\Windows\System\kiPfnQq.exe
  C:\Windows\System\kiPfnQq.exe
  2⤵
  PID:3756
- C:\Windows\System\CbNWPHz.exe
  C:\Windows\System\CbNWPHz.exe
  2⤵
  PID:3776
- C:\Windows\System\LakNysO.exe
  C:\Windows\System\LakNysO.exe
  2⤵
  PID:3796
- C:\Windows\System\ddtXnib.exe
  C:\Windows\System\ddtXnib.exe
  2⤵
  PID:3816
- C:\Windows\System\dPmlgqK.exe
  C:\Windows\System\dPmlgqK.exe
  2⤵
  PID:3836
- C:\Windows\System\EOzuuFk.exe
  C:\Windows\System\EOzuuFk.exe
  2⤵
  PID:3856
- C:\Windows\System\cygPxNj.exe
  C:\Windows\System\cygPxNj.exe
  2⤵
  PID:3876
- C:\Windows\System\fzLHOsk.exe
  C:\Windows\System\fzLHOsk.exe
  2⤵
  PID:3896
- C:\Windows\System\LRtODCd.exe
  C:\Windows\System\LRtODCd.exe
  2⤵
  PID:3916
- C:\Windows\System\SoFgBfi.exe
  C:\Windows\System\SoFgBfi.exe
  2⤵
  PID:3936
- C:\Windows\System\fdsDlfO.exe
  C:\Windows\System\fdsDlfO.exe
  2⤵
  PID:3956
- C:\Windows\System\zaFtSbK.exe
  C:\Windows\System\zaFtSbK.exe
  2⤵
  PID:3976
- C:\Windows\System\lyrtMKy.exe
  C:\Windows\System\lyrtMKy.exe
  2⤵
  PID:3996
- C:\Windows\System\HOekclG.exe
  C:\Windows\System\HOekclG.exe
  2⤵
  PID:4016
- C:\Windows\System\phVxteO.exe
  C:\Windows\System\phVxteO.exe
  2⤵
  PID:4036
- C:\Windows\System\LabuxBi.exe
  C:\Windows\System\LabuxBi.exe
  2⤵
  PID:4056
- C:\Windows\System\RfZYhJN.exe
  C:\Windows\System\RfZYhJN.exe
  2⤵
  PID:4076
- C:\Windows\System\VtzguVI.exe
  C:\Windows\System\VtzguVI.exe
  2⤵
  PID:2816
- C:\Windows\System\ZWcioxu.exe
  C:\Windows\System\ZWcioxu.exe
  2⤵
  PID:2804
- C:\Windows\System\PuDUZsA.exe
  C:\Windows\System\PuDUZsA.exe
  2⤵
  PID:2688
- C:\Windows\System\mVNbaAz.exe
  C:\Windows\System\mVNbaAz.exe
  2⤵
  PID:940
- C:\Windows\System\YtzjEdE.exe
  C:\Windows\System\YtzjEdE.exe
  2⤵
  PID:772
- C:\Windows\System\gAAbkxe.exe
  C:\Windows\System\gAAbkxe.exe
  2⤵
  PID:1580
- C:\Windows\System\cQfzTjr.exe
  C:\Windows\System\cQfzTjr.exe
  2⤵
  PID:3080
- C:\Windows\System\xucPIxJ.exe
  C:\Windows\System\xucPIxJ.exe
  2⤵
  PID:3104
- C:\Windows\System\sYTQeeo.exe
  C:\Windows\System\sYTQeeo.exe
  2⤵
  PID:3144
- C:\Windows\System\TwFuNjM.exe
  C:\Windows\System\TwFuNjM.exe
  2⤵
  PID:3184
- C:\Windows\System\DUhuPcg.exe
  C:\Windows\System\DUhuPcg.exe
  2⤵
  PID:3244
- C:\Windows\System\WBtMkXC.exe
  C:\Windows\System\WBtMkXC.exe
  2⤵
  PID:3224
- C:\Windows\System\QIRHMQb.exe
  C:\Windows\System\QIRHMQb.exe
  2⤵
  PID:3264
- C:\Windows\System\bdkaUfU.exe
  C:\Windows\System\bdkaUfU.exe
  2⤵
  PID:3088
- C:\Windows\System\pgevERY.exe
  C:\Windows\System\pgevERY.exe
  2⤵
  PID:3364
- C:\Windows\System\kIoIEFD.exe
  C:\Windows\System\kIoIEFD.exe
  2⤵
  PID:3340
- C:\Windows\System\iCodObq.exe
  C:\Windows\System\iCodObq.exe
  2⤵
  PID:3448
- C:\Windows\System\msWoPzU.exe
  C:\Windows\System\msWoPzU.exe
  2⤵
  PID:3420
- C:\Windows\System\hMNiusp.exe
  C:\Windows\System\hMNiusp.exe
  2⤵
  PID:3524
- C:\Windows\System\Oggirig.exe
  C:\Windows\System\Oggirig.exe
  2⤵
  PID:3500
- C:\Windows\System\ZSgToyq.exe
  C:\Windows\System\ZSgToyq.exe
  2⤵
  PID:3560
- C:\Windows\System\hvivTms.exe
  C:\Windows\System\hvivTms.exe
  2⤵
  PID:3600
- C:\Windows\System\xiCnUma.exe
  C:\Windows\System\xiCnUma.exe
  2⤵
  PID:3636
- C:\Windows\System\KsXvHJc.exe
  C:\Windows\System\KsXvHJc.exe
  2⤵
  PID:3644
- C:\Windows\System\jAYAHqL.exe
  C:\Windows\System\jAYAHqL.exe
  2⤵
  PID:3664
- C:\Windows\System\cdjmPJi.exe
  C:\Windows\System\cdjmPJi.exe
  2⤵
  PID:3724
- C:\Windows\System\hvXkAtR.exe
  C:\Windows\System\hvXkAtR.exe
  2⤵
  PID:3772
- C:\Windows\System\oHORGBn.exe
  C:\Windows\System\oHORGBn.exe
  2⤵
  PID:3784
- C:\Windows\System\gDlRxlV.exe
  C:\Windows\System\gDlRxlV.exe
  2⤵
  PID:3792
- C:\Windows\System\VUCowEL.exe
  C:\Windows\System\VUCowEL.exe
  2⤵
  PID:3832
- C:\Windows\System\eqvVyft.exe
  C:\Windows\System\eqvVyft.exe
  2⤵
  PID:3888
- C:\Windows\System\RmQqfBe.exe
  C:\Windows\System\RmQqfBe.exe
  2⤵
  PID:3908
- C:\Windows\System\HvjRSpN.exe
  C:\Windows\System\HvjRSpN.exe
  2⤵
  PID:3972
- C:\Windows\System\PTHYgpx.exe
  C:\Windows\System\PTHYgpx.exe
  2⤵
  PID:4004
- C:\Windows\System\lZCkjZK.exe
  C:\Windows\System\lZCkjZK.exe
  2⤵
  PID:3992
- C:\Windows\System\EioFdCv.exe
  C:\Windows\System\EioFdCv.exe
  2⤵
  PID:4048
- C:\Windows\System\VPCRdiY.exe
  C:\Windows\System\VPCRdiY.exe
  2⤵
  PID:4032
- C:\Windows\System\zhZdszu.exe
  C:\Windows\System\zhZdszu.exe
  2⤵
  PID:3004
- C:\Windows\System\jyrwONg.exe
  C:\Windows\System\jyrwONg.exe
  2⤵
  PID:1548
- C:\Windows\System\fEZxDvp.exe
  C:\Windows\System\fEZxDvp.exe
  2⤵
  PID:596
- C:\Windows\System\wZcbhcl.exe
  C:\Windows\System\wZcbhcl.exe
  2⤵
  PID:2052
- C:\Windows\System\IJVCqlj.exe
  C:\Windows\System\IJVCqlj.exe
  2⤵
  PID:3124
- C:\Windows\System\mDWXyhU.exe
  C:\Windows\System\mDWXyhU.exe
  2⤵
  PID:3164
- C:\Windows\System\tzHgKSE.exe
  C:\Windows\System\tzHgKSE.exe
  2⤵
  PID:3204
- C:\Windows\System\DfvODzM.exe
  C:\Windows\System\DfvODzM.exe
  2⤵
  PID:3260
- C:\Windows\System\gltLgDD.exe
  C:\Windows\System\gltLgDD.exe
  2⤵
  PID:3328
- C:\Windows\System\TCUyzLH.exe
  C:\Windows\System\TCUyzLH.exe
  2⤵
  PID:3436
- C:\Windows\System\hComlvT.exe
  C:\Windows\System\hComlvT.exe
  2⤵
  PID:3408
- C:\Windows\System\nsvzotW.exe
  C:\Windows\System\nsvzotW.exe
  2⤵
  PID:3384
- C:\Windows\System\gExSSRS.exe
  C:\Windows\System\gExSSRS.exe
  2⤵
  PID:3540
- C:\Windows\System\gCkaZmP.exe
  C:\Windows\System\gCkaZmP.exe
  2⤵
  PID:3604
- C:\Windows\System\RkWmGiZ.exe
  C:\Windows\System\RkWmGiZ.exe
  2⤵
  PID:3624
- C:\Windows\System\SaUEIHN.exe
  C:\Windows\System\SaUEIHN.exe
  2⤵
  PID:3708
- C:\Windows\System\QVisSTg.exe
  C:\Windows\System\QVisSTg.exe
  2⤵
  PID:3744
- C:\Windows\System\KVpQkkd.exe
  C:\Windows\System\KVpQkkd.exe
  2⤵
  PID:3808
- C:\Windows\System\mRzdOkE.exe
  C:\Windows\System\mRzdOkE.exe
  2⤵
  PID:3848
- C:\Windows\System\CSIcBof.exe
  C:\Windows\System\CSIcBof.exe
  2⤵
  PID:1792
- C:\Windows\System\ZUlwhPD.exe
  C:\Windows\System\ZUlwhPD.exe
  2⤵
  PID:4008
- C:\Windows\System\ByWjXtN.exe
  C:\Windows\System\ByWjXtN.exe
  2⤵
  PID:3952
- C:\Windows\System\DGDJfqh.exe
  C:\Windows\System\DGDJfqh.exe
  2⤵
  PID:4028
- C:\Windows\System\WgbfKhz.exe
  C:\Windows\System\WgbfKhz.exe
  2⤵
  PID:4052
- C:\Windows\System\QFxAdwR.exe
  C:\Windows\System\QFxAdwR.exe
  2⤵
  PID:2088
- C:\Windows\System\vNUYzUb.exe
  C:\Windows\System\vNUYzUb.exe
  2⤵
  PID:800
- C:\Windows\System\GeMLqwD.exe
  C:\Windows\System\GeMLqwD.exe
  2⤵
  PID:2616
- C:\Windows\System\PFFevCO.exe
  C:\Windows\System\PFFevCO.exe
  2⤵
  PID:3236
- C:\Windows\System\bPQLLSa.exe
  C:\Windows\System\bPQLLSa.exe
  2⤵
  PID:3308
- C:\Windows\System\tBbrtfQ.exe
  C:\Windows\System\tBbrtfQ.exe
  2⤵
  PID:3484
- C:\Windows\System\jwguXNf.exe
  C:\Windows\System\jwguXNf.exe
  2⤵
  PID:3516
- C:\Windows\System\UlUyXgH.exe
  C:\Windows\System\UlUyXgH.exe
  2⤵
  PID:3476
- C:\Windows\System\HQFyLgj.exe
  C:\Windows\System\HQFyLgj.exe
  2⤵
  PID:3640
- C:\Windows\System\gJFkBmb.exe
  C:\Windows\System\gJFkBmb.exe
  2⤵
  PID:3668
- C:\Windows\System\PMTJqep.exe
  C:\Windows\System\PMTJqep.exe
  2⤵
  PID:3928
- C:\Windows\System\XmTYvPt.exe
  C:\Windows\System\XmTYvPt.exe
  2⤵
  PID:756
- C:\Windows\System\znGBFBA.exe
  C:\Windows\System\znGBFBA.exe
  2⤵
  PID:3924
- C:\Windows\System\bRiWMMe.exe
  C:\Windows\System\bRiWMMe.exe
  2⤵
  PID:2884
- C:\Windows\System\vFqamFp.exe
  C:\Windows\System\vFqamFp.exe
  2⤵
  PID:2608
- C:\Windows\System\ZEewzhI.exe
  C:\Windows\System\ZEewzhI.exe
  2⤵
  PID:4072
- C:\Windows\System\vHSgQrd.exe
  C:\Windows\System\vHSgQrd.exe
  2⤵
  PID:3368
- C:\Windows\System\mRdMmeq.exe
  C:\Windows\System\mRdMmeq.exe
  2⤵
  PID:3556
- C:\Windows\System\fckWSGl.exe
  C:\Windows\System\fckWSGl.exe
  2⤵
  PID:3844
- C:\Windows\System\AyIYFBM.exe
  C:\Windows\System\AyIYFBM.exe
  2⤵
  PID:3648
- C:\Windows\System\ueKoPFw.exe
  C:\Windows\System\ueKoPFw.exe
  2⤵
  PID:3904
- C:\Windows\System\IvxTmQK.exe
  C:\Windows\System\IvxTmQK.exe
  2⤵
  PID:2336
- C:\Windows\System\GKQiKgQ.exe
  C:\Windows\System\GKQiKgQ.exe
  2⤵
  PID:3140
- C:\Windows\System\AAXKowV.exe
  C:\Windows\System\AAXKowV.exe
  2⤵
  PID:584
- C:\Windows\System\elLuDhw.exe
  C:\Windows\System\elLuDhw.exe
  2⤵
  PID:3356
- C:\Windows\System\NbaWVGW.exe
  C:\Windows\System\NbaWVGW.exe
  2⤵
  PID:4108
- C:\Windows\System\CyiXofK.exe
  C:\Windows\System\CyiXofK.exe
  2⤵
  PID:4124
- C:\Windows\System\jzLvrhe.exe
  C:\Windows\System\jzLvrhe.exe
  2⤵
  PID:4144
- C:\Windows\System\ffmDppu.exe
  C:\Windows\System\ffmDppu.exe
  2⤵
  PID:4164
- C:\Windows\System\BvugTsE.exe
  C:\Windows\System\BvugTsE.exe
  2⤵
  PID:4184
- C:\Windows\System\fuLTnlk.exe
  C:\Windows\System\fuLTnlk.exe
  2⤵
  PID:4204
- C:\Windows\System\pCRzjSn.exe
  C:\Windows\System\pCRzjSn.exe
  2⤵
  PID:4228
- C:\Windows\System\AemmYoP.exe
  C:\Windows\System\AemmYoP.exe
  2⤵
  PID:4244
- C:\Windows\System\iqQbdAL.exe
  C:\Windows\System\iqQbdAL.exe
  2⤵
  PID:4264
- C:\Windows\System\NZawLqw.exe
  C:\Windows\System\NZawLqw.exe
  2⤵
  PID:4284
- C:\Windows\System\fyDkFmj.exe
  C:\Windows\System\fyDkFmj.exe
  2⤵
  PID:4304
- C:\Windows\System\LgCoqLK.exe
  C:\Windows\System\LgCoqLK.exe
  2⤵
  PID:4320
- C:\Windows\System\IOPUwfM.exe
  C:\Windows\System\IOPUwfM.exe
  2⤵
  PID:4340
- C:\Windows\System\pWnhfVk.exe
  C:\Windows\System\pWnhfVk.exe
  2⤵
  PID:4360
- C:\Windows\System\VVkpJMV.exe
  C:\Windows\System\VVkpJMV.exe
  2⤵
  PID:4380
- C:\Windows\System\osIqCTC.exe
  C:\Windows\System\osIqCTC.exe
  2⤵
  PID:4396
- C:\Windows\System\qiLDnkj.exe
  C:\Windows\System\qiLDnkj.exe
  2⤵
  PID:4416
- C:\Windows\System\StKkOTn.exe
  C:\Windows\System\StKkOTn.exe
  2⤵
  PID:4436
- C:\Windows\System\CYTKaXD.exe
  C:\Windows\System\CYTKaXD.exe
  2⤵
  PID:4456
- C:\Windows\System\EHfJMig.exe
  C:\Windows\System\EHfJMig.exe
  2⤵
  PID:4476
- C:\Windows\System\lEaiqWW.exe
  C:\Windows\System\lEaiqWW.exe
  2⤵
  PID:4508
- C:\Windows\System\UnKwyka.exe
  C:\Windows\System\UnKwyka.exe
  2⤵
  PID:4524
- C:\Windows\System\qbkydCp.exe
  C:\Windows\System\qbkydCp.exe
  2⤵
  PID:4544
- C:\Windows\System\vEYAcFV.exe
  C:\Windows\System\vEYAcFV.exe
  2⤵
  PID:4568
- C:\Windows\System\AYcvWKC.exe
  C:\Windows\System\AYcvWKC.exe
  2⤵
  PID:4588
- C:\Windows\System\rGbPSNk.exe
  C:\Windows\System\rGbPSNk.exe
  2⤵
  PID:4608
- C:\Windows\System\SrxshfA.exe
  C:\Windows\System\SrxshfA.exe
  2⤵
  PID:4628
- C:\Windows\System\imJtxZe.exe
  C:\Windows\System\imJtxZe.exe
  2⤵
  PID:4644
- C:\Windows\System\hbEXORb.exe
  C:\Windows\System\hbEXORb.exe
  2⤵
  PID:4668
- C:\Windows\System\VfvuqZF.exe
  C:\Windows\System\VfvuqZF.exe
  2⤵
  PID:4688
- C:\Windows\System\dKMsOEW.exe
  C:\Windows\System\dKMsOEW.exe
  2⤵
  PID:4712
- C:\Windows\System\eyZIUGX.exe
  C:\Windows\System\eyZIUGX.exe
  2⤵
  PID:4732
- C:\Windows\System\UWHYrtQ.exe
  C:\Windows\System\UWHYrtQ.exe
  2⤵
  PID:4752
- C:\Windows\System\mOjZBdM.exe
  C:\Windows\System\mOjZBdM.exe
  2⤵
  PID:4776
- C:\Windows\System\hjSqJOn.exe
  C:\Windows\System\hjSqJOn.exe
  2⤵
  PID:4796
- C:\Windows\System\hkVDozJ.exe
  C:\Windows\System\hkVDozJ.exe
  2⤵
  PID:4816
- C:\Windows\System\ZvgaOCg.exe
  C:\Windows\System\ZvgaOCg.exe
  2⤵
  PID:4836
- C:\Windows\System\IgqVPDx.exe
  C:\Windows\System\IgqVPDx.exe
  2⤵
  PID:4856
- C:\Windows\System\GXqIMzh.exe
  C:\Windows\System\GXqIMzh.exe
  2⤵
  PID:4876
- C:\Windows\System\DnpemKW.exe
  C:\Windows\System\DnpemKW.exe
  2⤵
  PID:4896
- C:\Windows\System\qukpjTd.exe
  C:\Windows\System\qukpjTd.exe
  2⤵
  PID:4916
- C:\Windows\System\AZatuCV.exe
  C:\Windows\System\AZatuCV.exe
  2⤵
  PID:4932
- C:\Windows\System\ZDvfEXu.exe
  C:\Windows\System\ZDvfEXu.exe
  2⤵
  PID:4952
- C:\Windows\System\FRLXRGr.exe
  C:\Windows\System\FRLXRGr.exe
  2⤵
  PID:4976
- C:\Windows\System\RINwANs.exe
  C:\Windows\System\RINwANs.exe
  2⤵
  PID:5000
- C:\Windows\System\LRUlWzl.exe
  C:\Windows\System\LRUlWzl.exe
  2⤵
  PID:5016
- C:\Windows\System\xGQnMeK.exe
  C:\Windows\System\xGQnMeK.exe
  2⤵
  PID:5036
- C:\Windows\System\iuCAMEX.exe
  C:\Windows\System\iuCAMEX.exe
  2⤵
  PID:5060
- C:\Windows\System\wYroRdk.exe
  C:\Windows\System\wYroRdk.exe
  2⤵
  PID:5080
- C:\Windows\System\CDRpeCF.exe
  C:\Windows\System\CDRpeCF.exe
  2⤵
  PID:5096
- C:\Windows\System\FKyjsJs.exe
  C:\Windows\System\FKyjsJs.exe
  2⤵
  PID:3480
- C:\Windows\System\TbNdEFr.exe
  C:\Windows\System\TbNdEFr.exe
  2⤵
  PID:4044
- C:\Windows\System\dPNDsCM.exe
  C:\Windows\System\dPNDsCM.exe
  2⤵
  PID:3984
- C:\Windows\System\spvgwPS.exe
  C:\Windows\System\spvgwPS.exe
  2⤵
  PID:4104
- C:\Windows\System\boSUZpV.exe
  C:\Windows\System\boSUZpV.exe
  2⤵
  PID:4092
- C:\Windows\System\WzZhsLA.exe
  C:\Windows\System\WzZhsLA.exe
  2⤵
  PID:3128
- C:\Windows\System\FEIQJPO.exe
  C:\Windows\System\FEIQJPO.exe
  2⤵
  PID:4176
- C:\Windows\System\bcieSNG.exe
  C:\Windows\System\bcieSNG.exe
  2⤵
  PID:4224
- C:\Windows\System\RtszZjF.exe
  C:\Windows\System\RtszZjF.exe
  2⤵
  PID:4120
- C:\Windows\System\WJdNhjE.exe
  C:\Windows\System\WJdNhjE.exe
  2⤵
  PID:2444
- C:\Windows\System\JTmglyE.exe
  C:\Windows\System\JTmglyE.exe
  2⤵
  PID:4192
- C:\Windows\System\RjBuKSt.exe
  C:\Windows\System\RjBuKSt.exe
  2⤵
  PID:4372
- C:\Windows\System\QbPezYJ.exe
  C:\Windows\System\QbPezYJ.exe
  2⤵
  PID:4240
- C:\Windows\System\CuhQvEK.exe
  C:\Windows\System\CuhQvEK.exe
  2⤵
  PID:4276
- C:\Windows\System\hMGcLTU.exe
  C:\Windows\System\hMGcLTU.exe
  2⤵
  PID:4280
- C:\Windows\System\GyfEZrU.exe
  C:\Windows\System\GyfEZrU.exe
  2⤵
  PID:4488
- C:\Windows\System\qxCebBC.exe
  C:\Windows\System\qxCebBC.exe
  2⤵
  PID:4432
- C:\Windows\System\HZLXCAt.exe
  C:\Windows\System\HZLXCAt.exe
  2⤵
  PID:4352
- C:\Windows\System\TEEyyCQ.exe
  C:\Windows\System\TEEyyCQ.exe
  2⤵
  PID:4392
- C:\Windows\System\mYEhuTH.exe
  C:\Windows\System\mYEhuTH.exe
  2⤵
  PID:4536
- C:\Windows\System\DJPHIRJ.exe
  C:\Windows\System\DJPHIRJ.exe
  2⤵
  PID:4520
- C:\Windows\System\tiSwGpB.exe
  C:\Windows\System\tiSwGpB.exe
  2⤵
  PID:4560
- C:\Windows\System\IxUgRtT.exe
  C:\Windows\System\IxUgRtT.exe
  2⤵
  PID:4624
- C:\Windows\System\eYTUHdO.exe
  C:\Windows\System\eYTUHdO.exe
  2⤵
  PID:1188
- C:\Windows\System\SPnKBki.exe
  C:\Windows\System\SPnKBki.exe
  2⤵
  PID:4604
- C:\Windows\System\ASriwEz.exe
  C:\Windows\System\ASriwEz.exe
  2⤵
  PID:2876
- C:\Windows\System\AMWlJIG.exe
  C:\Windows\System\AMWlJIG.exe
  2⤵
  PID:4700
- C:\Windows\System\YtfXLuL.exe
  C:\Windows\System\YtfXLuL.exe
  2⤵
  PID:4740
- C:\Windows\System\msQXEha.exe
  C:\Windows\System\msQXEha.exe
  2⤵
  PID:4724
- C:\Windows\System\oJLyJjp.exe
  C:\Windows\System\oJLyJjp.exe
  2⤵
  PID:4824
- C:\Windows\System\bBTJOUL.exe
  C:\Windows\System\bBTJOUL.exe
  2⤵
  PID:4864
- C:\Windows\System\mDxwcil.exe
  C:\Windows\System\mDxwcil.exe
  2⤵
  PID:4848
- C:\Windows\System\IFTyZjv.exe
  C:\Windows\System\IFTyZjv.exe
  2⤵
  PID:1408
- C:\Windows\System\FxwGptJ.exe
  C:\Windows\System\FxwGptJ.exe
  2⤵
  PID:5024
- C:\Windows\System\KeUKWWc.exe
  C:\Windows\System\KeUKWWc.exe
  2⤵
  PID:4968
- C:\Windows\System\OmxYLWa.exe
  C:\Windows\System\OmxYLWa.exe
  2⤵
  PID:3028
- C:\Windows\System\LAOVvPq.exe
  C:\Windows\System\LAOVvPq.exe
  2⤵
  PID:5048
- C:\Windows\System\uBrltUZ.exe
  C:\Windows\System\uBrltUZ.exe
  2⤵
  PID:5072
- C:\Windows\System\jsXTFyP.exe
  C:\Windows\System\jsXTFyP.exe
  2⤵
  PID:5116
- C:\Windows\System\KPIymqt.exe
  C:\Windows\System\KPIymqt.exe
  2⤵
  PID:5092
- C:\Windows\System\xxGdIaM.exe
  C:\Windows\System\xxGdIaM.exe
  2⤵
  PID:3584
- C:\Windows\System\eWDlHfW.exe
  C:\Windows\System\eWDlHfW.exe
  2⤵
  PID:2132
- C:\Windows\System\alLayDr.exe
  C:\Windows\System\alLayDr.exe
  2⤵
  PID:4252
- C:\Windows\System\rSLZumz.exe
  C:\Windows\System\rSLZumz.exe
  2⤵
  PID:3884
- C:\Windows\System\GfGpLIc.exe
  C:\Windows\System\GfGpLIc.exe
  2⤵
  PID:4256
- C:\Windows\System\AyxAQFA.exe
  C:\Windows\System\AyxAQFA.exe
  2⤵
  PID:2544
- C:\Windows\System\BleEgaJ.exe
  C:\Windows\System\BleEgaJ.exe
  2⤵
  PID:1888
- C:\Windows\System\XAGvndN.exe
  C:\Windows\System\XAGvndN.exe
  2⤵
  PID:2432
- C:\Windows\System\ESJJiEF.exe
  C:\Windows\System\ESJJiEF.exe
  2⤵
  PID:2312
- C:\Windows\System\ZxDLfli.exe
  C:\Windows\System\ZxDLfli.exe
  2⤵
  PID:2404
- C:\Windows\System\FolKstX.exe
  C:\Windows\System\FolKstX.exe
  2⤵
  PID:2536
- C:\Windows\System\IuNUUVD.exe
  C:\Windows\System\IuNUUVD.exe
  2⤵
  PID:4348
- C:\Windows\System\OjMTQsz.exe
  C:\Windows\System\OjMTQsz.exe
  2⤵
  PID:4656
- C:\Windows\System\ccJYUcp.exe
  C:\Windows\System\ccJYUcp.exe
  2⤵
  PID:4640
- C:\Windows\System\UHIzwfy.exe
  C:\Windows\System\UHIzwfy.exe
  2⤵
  PID:2376
- C:\Windows\System\vVtrhSD.exe
  C:\Windows\System\vVtrhSD.exe
  2⤵
  PID:4556
- C:\Windows\System\xMZzPBV.exe
  C:\Windows\System\xMZzPBV.exe
  2⤵
  PID:4504
- C:\Windows\System\ZHrXCMg.exe
  C:\Windows\System\ZHrXCMg.exe
  2⤵
  PID:4696
- C:\Windows\System\yctyGtw.exe
  C:\Windows\System\yctyGtw.exe
  2⤵
  PID:4596
- C:\Windows\System\qFsUWJd.exe
  C:\Windows\System\qFsUWJd.exe
  2⤵
  PID:4720
- C:\Windows\System\mbFOFCB.exe
  C:\Windows\System\mbFOFCB.exe
  2⤵
  PID:4788
- C:\Windows\System\PvrOtZd.exe
  C:\Windows\System\PvrOtZd.exe
  2⤵
  PID:4812
- C:\Windows\System\nGJQeyU.exe
  C:\Windows\System\nGJQeyU.exe
  2⤵
  PID:4940
- C:\Windows\System\DrBiyNl.exe
  C:\Windows\System\DrBiyNl.exe
  2⤵
  PID:4928
- C:\Windows\System\bdyiXze.exe
  C:\Windows\System\bdyiXze.exe
  2⤵
  PID:1928
- C:\Windows\System\xkKOirm.exe
  C:\Windows\System\xkKOirm.exe
  2⤵
  PID:4180
- C:\Windows\System\XiOWXyW.exe
  C:\Windows\System\XiOWXyW.exe
  2⤵
  PID:3208
- C:\Windows\System\wTdpYih.exe
  C:\Windows\System\wTdpYih.exe
  2⤵
  PID:4300
- C:\Windows\System\GtkRDHi.exe
  C:\Windows\System\GtkRDHi.exe
  2⤵
  PID:3588
- C:\Windows\System\IiwSOME.exe
  C:\Windows\System\IiwSOME.exe
  2⤵
  PID:884
- C:\Windows\System\kBkclyA.exe
  C:\Windows\System\kBkclyA.exe
  2⤵
  PID:2908
- C:\Windows\System\ZSmLSPT.exe
  C:\Windows\System\ZSmLSPT.exe
  2⤵
  PID:5056
- C:\Windows\System\CbgqSTQ.exe
  C:\Windows\System\CbgqSTQ.exe
  2⤵
  PID:4292
- C:\Windows\System\ssyBfSs.exe
  C:\Windows\System\ssyBfSs.exe
  2⤵
  PID:4272
- C:\Windows\System\XHiwDny.exe
  C:\Windows\System\XHiwDny.exe
  2⤵
  PID:4576
- C:\Windows\System\rDBdjox.exe
  C:\Windows\System\rDBdjox.exe
  2⤵
  PID:5088
- C:\Windows\System\pOmseLc.exe
  C:\Windows\System\pOmseLc.exe
  2⤵
  PID:4708
- C:\Windows\System\Riimhbq.exe
  C:\Windows\System\Riimhbq.exe
  2⤵
  PID:4484
- C:\Windows\System\nSeKShp.exe
  C:\Windows\System\nSeKShp.exe
  2⤵
  PID:4424
- C:\Windows\System\cijTYKy.exe
  C:\Windows\System\cijTYKy.exe
  2⤵
  PID:4844
- C:\Windows\System\bSoclmF.exe
  C:\Windows\System\bSoclmF.exe
  2⤵
  PID:4924
- C:\Windows\System\nEVEWhI.exe
  C:\Windows\System\nEVEWhI.exe
  2⤵
  PID:5104
- C:\Windows\System\GafmEyz.exe
  C:\Windows\System\GafmEyz.exe
  2⤵
  PID:4904
- C:\Windows\System\ftJyGFR.exe
  C:\Windows\System\ftJyGFR.exe
  2⤵
  PID:2392
- C:\Windows\System\XpUcEvr.exe
  C:\Windows\System\XpUcEvr.exe
  2⤵
  PID:2624
- C:\Windows\System\aMGRVKu.exe
  C:\Windows\System\aMGRVKu.exe
  2⤵
  PID:4160
- C:\Windows\System\anJBDMk.exe
  C:\Windows\System\anJBDMk.exe
  2⤵
  PID:2408
- C:\Windows\System\HBpeFeh.exe
  C:\Windows\System\HBpeFeh.exe
  2⤵
  PID:1600
- C:\Windows\System\cAzRKvb.exe
  C:\Windows\System\cAzRKvb.exe
  2⤵
  PID:1376
- C:\Windows\System\rJeeJgM.exe
  C:\Windows\System\rJeeJgM.exe
  2⤵
  PID:1924
- C:\Windows\System\lGYwdjg.exe
  C:\Windows\System\lGYwdjg.exe
  2⤵
  PID:4804
- C:\Windows\System\HOaCjCU.exe
  C:\Windows\System\HOaCjCU.exe
  2⤵
  PID:4948
- C:\Windows\System\hTqDGdI.exe
  C:\Windows\System\hTqDGdI.exe
  2⤵
  PID:4944
- C:\Windows\System\beuylwi.exe
  C:\Windows\System\beuylwi.exe
  2⤵
  PID:3912
- C:\Windows\System\zCvStxW.exe
  C:\Windows\System\zCvStxW.exe
  2⤵
  PID:3400
- C:\Windows\System\nxemNMw.exe
  C:\Windows\System\nxemNMw.exe
  2⤵
  PID:4216
- C:\Windows\System\BhLJcop.exe
  C:\Windows\System\BhLJcop.exe
  2⤵
  PID:3564
- C:\Windows\System\HoextXa.exe
  C:\Windows\System\HoextXa.exe
  2⤵
  PID:4652
- C:\Windows\System\TdckdQH.exe
  C:\Windows\System\TdckdQH.exe
  2⤵
  PID:1840
- C:\Windows\System\kjFvpRM.exe
  C:\Windows\System\kjFvpRM.exe
  2⤵
  PID:4412
- C:\Windows\System\BtjYUvv.exe
  C:\Windows\System\BtjYUvv.exe
  2⤵
  PID:4704
- C:\Windows\System\kxyiTre.exe
  C:\Windows\System\kxyiTre.exe
  2⤵
  PID:4212
- C:\Windows\System\xTeHiSe.exe
  C:\Windows\System\xTeHiSe.exe
  2⤵
  PID:4552
- C:\Windows\System\ygbqOtL.exe
  C:\Windows\System\ygbqOtL.exe
  2⤵
  PID:1528
- C:\Windows\System\jCVFfxh.exe
  C:\Windows\System\jCVFfxh.exe
  2⤵
  PID:1460
- C:\Windows\System\mRirBwm.exe
  C:\Windows\System\mRirBwm.exe
  2⤵
  PID:5128
- C:\Windows\System\JUXCuPL.exe
  C:\Windows\System\JUXCuPL.exe
  2⤵
  PID:5152
- C:\Windows\System\ofgRknY.exe
  C:\Windows\System\ofgRknY.exe
  2⤵
  PID:5172
- C:\Windows\System\kMNEDCR.exe
  C:\Windows\System\kMNEDCR.exe
  2⤵
  PID:5188
- C:\Windows\System\lxkMUyg.exe
  C:\Windows\System\lxkMUyg.exe
  2⤵
  PID:5204
- C:\Windows\System\hzQUdok.exe
  C:\Windows\System\hzQUdok.exe
  2⤵
  PID:5244
- C:\Windows\System\yqvDYvV.exe
  C:\Windows\System\yqvDYvV.exe
  2⤵
  PID:5260
- C:\Windows\System\hEMTVPw.exe
  C:\Windows\System\hEMTVPw.exe
  2⤵
  PID:5280
- C:\Windows\System\qSjdkCr.exe
  C:\Windows\System\qSjdkCr.exe
  2⤵
  PID:5296
- C:\Windows\System\nWvpqOX.exe
  C:\Windows\System\nWvpqOX.exe
  2⤵
  PID:5312
- C:\Windows\System\HaNznrI.exe
  C:\Windows\System\HaNznrI.exe
  2⤵
  PID:5340
- C:\Windows\System\lzPnAPJ.exe
  C:\Windows\System\lzPnAPJ.exe
  2⤵
  PID:5356
- C:\Windows\System\tUhRoIb.exe
  C:\Windows\System\tUhRoIb.exe
  2⤵
  PID:5372
- C:\Windows\System\OJxkSTJ.exe
  C:\Windows\System\OJxkSTJ.exe
  2⤵
  PID:5396
- C:\Windows\System\nunAjtG.exe
  C:\Windows\System\nunAjtG.exe
  2⤵
  PID:5412
- C:\Windows\System\ZHTLjkh.exe
  C:\Windows\System\ZHTLjkh.exe
  2⤵
  PID:5428
- C:\Windows\System\urBmPsS.exe
  C:\Windows\System\urBmPsS.exe
  2⤵
  PID:5444
- C:\Windows\System\LBTNIgU.exe
  C:\Windows\System\LBTNIgU.exe
  2⤵
  PID:5464
- C:\Windows\System\sUHeaYL.exe
  C:\Windows\System\sUHeaYL.exe
  2⤵
  PID:5484
- C:\Windows\System\BQcqRhR.exe
  C:\Windows\System\BQcqRhR.exe
  2⤵
  PID:5500
- C:\Windows\System\IKYQEys.exe
  C:\Windows\System\IKYQEys.exe
  2⤵
  PID:5516
- C:\Windows\System\MvQQXau.exe
  C:\Windows\System\MvQQXau.exe
  2⤵
  PID:5536
- C:\Windows\System\tYUFFWx.exe
  C:\Windows\System\tYUFFWx.exe
  2⤵
  PID:5560
- C:\Windows\System\jDqJHmd.exe
  C:\Windows\System\jDqJHmd.exe
  2⤵
  PID:5604
- C:\Windows\System\wySSopy.exe
  C:\Windows\System\wySSopy.exe
  2⤵
  PID:5620
- C:\Windows\System\jlyrOOp.exe
  C:\Windows\System\jlyrOOp.exe
  2⤵
  PID:5636
- C:\Windows\System\TUWmshv.exe
  C:\Windows\System\TUWmshv.exe
  2⤵
  PID:5652
- C:\Windows\System\XboHjcv.exe
  C:\Windows\System\XboHjcv.exe
  2⤵
  PID:5672
- C:\Windows\System\RTbeImD.exe
  C:\Windows\System\RTbeImD.exe
  2⤵
  PID:5688
- C:\Windows\System\amvwKIp.exe
  C:\Windows\System\amvwKIp.exe
  2⤵
  PID:5704
- C:\Windows\System\PjEuVst.exe
  C:\Windows\System\PjEuVst.exe
  2⤵
  PID:5720
- C:\Windows\System\tjMwUOJ.exe
  C:\Windows\System\tjMwUOJ.exe
  2⤵
  PID:5736
- C:\Windows\System\XhNpsNx.exe
  C:\Windows\System\XhNpsNx.exe
  2⤵
  PID:5756
- C:\Windows\System\DcodAaY.exe
  C:\Windows\System\DcodAaY.exe
  2⤵
  PID:5776
- C:\Windows\System\sNSUVQq.exe
  C:\Windows\System\sNSUVQq.exe
  2⤵
  PID:5796
- C:\Windows\System\zWrAHFD.exe
  C:\Windows\System\zWrAHFD.exe
  2⤵
  PID:5812
- C:\Windows\System\AwjXYgN.exe
  C:\Windows\System\AwjXYgN.exe
  2⤵
  PID:5828
- C:\Windows\System\lcvDWDX.exe
  C:\Windows\System\lcvDWDX.exe
  2⤵
  PID:5844
- C:\Windows\System\TyRLzsc.exe
  C:\Windows\System\TyRLzsc.exe
  2⤵
  PID:5860
- C:\Windows\System\NdjKEXe.exe
  C:\Windows\System\NdjKEXe.exe
  2⤵
  PID:5884
- C:\Windows\System\VPebxtI.exe
  C:\Windows\System\VPebxtI.exe
  2⤵
  PID:5904
- C:\Windows\System\uIZnRpS.exe
  C:\Windows\System\uIZnRpS.exe
  2⤵
  PID:5920
- C:\Windows\System\wYTjrfJ.exe
  C:\Windows\System\wYTjrfJ.exe
  2⤵
  PID:5940
- C:\Windows\System\namUrgV.exe
  C:\Windows\System\namUrgV.exe
  2⤵
  PID:5960
- C:\Windows\System\WFmDVLY.exe
  C:\Windows\System\WFmDVLY.exe
  2⤵
  PID:5976
- C:\Windows\System\XWpytyM.exe
  C:\Windows\System\XWpytyM.exe
  2⤵
  PID:5992
- C:\Windows\System\imqhfDn.exe
  C:\Windows\System\imqhfDn.exe
  2⤵
  PID:6020
- C:\Windows\System\dKrjZqv.exe
  C:\Windows\System\dKrjZqv.exe
  2⤵
  PID:6056
- C:\Windows\System\mEorgqZ.exe
  C:\Windows\System\mEorgqZ.exe
  2⤵
  PID:6088
- C:\Windows\System\MRvNbqi.exe
  C:\Windows\System\MRvNbqi.exe
  2⤵
  PID:6120
- C:\Windows\System\VSWYkYP.exe
  C:\Windows\System\VSWYkYP.exe
  2⤵
  PID:6136
- C:\Windows\System\sbLwcrZ.exe
  C:\Windows\System\sbLwcrZ.exe
  2⤵
  PID:4368
- C:\Windows\System\FwdxiOh.exe
  C:\Windows\System\FwdxiOh.exe
  2⤵
  PID:2764
- C:\Windows\System\XywkByf.exe
  C:\Windows\System\XywkByf.exe
  2⤵
  PID:5180
- C:\Windows\System\xwWOiVy.exe
  C:\Windows\System\xwWOiVy.exe
  2⤵
  PID:4996
- C:\Windows\System\ZQPUERG.exe
  C:\Windows\System\ZQPUERG.exe
  2⤵
  PID:5220
- C:\Windows\System\KUqJoEw.exe
  C:\Windows\System\KUqJoEw.exe
  2⤵
  PID:5236
- C:\Windows\System\FgHPfkh.exe
  C:\Windows\System\FgHPfkh.exe
  2⤵
  PID:5276
- C:\Windows\System\InJyQFc.exe
  C:\Windows\System\InJyQFc.exe
  2⤵
  PID:5292
- C:\Windows\System\sbKCkdw.exe
  C:\Windows\System\sbKCkdw.exe
  2⤵
  PID:5324
- C:\Windows\System\lEBCSjS.exe
  C:\Windows\System\lEBCSjS.exe
  2⤵
  PID:5352
- C:\Windows\System\fVmfQfX.exe
  C:\Windows\System\fVmfQfX.exe
  2⤵
  PID:5332
- C:\Windows\System\XOwrkbx.exe
  C:\Windows\System\XOwrkbx.exe
  2⤵
  PID:5456
- C:\Windows\System\gSLpwCq.exe
  C:\Windows\System\gSLpwCq.exe
  2⤵
  PID:5496
- C:\Windows\System\AWgrtwD.exe
  C:\Windows\System\AWgrtwD.exe
  2⤵
  PID:5408
- C:\Windows\System\JTCAYBv.exe
  C:\Windows\System\JTCAYBv.exe
  2⤵
  PID:4332
- C:\Windows\System\RWJIWIH.exe
  C:\Windows\System\RWJIWIH.exe
  2⤵
  PID:5556
- C:\Windows\System\SykcKny.exe
  C:\Windows\System\SykcKny.exe
  2⤵
  PID:5600
- C:\Windows\System\xKbniGl.exe
  C:\Windows\System\xKbniGl.exe
  2⤵
  PID:5664
- C:\Windows\System\AEOrUiK.exe
  C:\Windows\System\AEOrUiK.exe
  2⤵
  PID:5764
- C:\Windows\System\hZtcgZZ.exe
  C:\Windows\System\hZtcgZZ.exe
  2⤵
  PID:5772
- C:\Windows\System\GFzkEiO.exe
  C:\Windows\System\GFzkEiO.exe
  2⤵
  PID:5912
- C:\Windows\System\BcZlZJt.exe
  C:\Windows\System\BcZlZJt.exe
  2⤵
  PID:5872
- C:\Windows\System\FJIonrS.exe
  C:\Windows\System\FJIonrS.exe
  2⤵
  PID:5956
- C:\Windows\System\FgoaeeT.exe
  C:\Windows\System\FgoaeeT.exe
  2⤵
  PID:5972
- C:\Windows\System\AMRNrRz.exe
  C:\Windows\System\AMRNrRz.exe
  2⤵
  PID:5932
- C:\Windows\System\gvtagIm.exe
  C:\Windows\System\gvtagIm.exe
  2⤵
  PID:5616
- C:\Windows\System\qGaspRO.exe
  C:\Windows\System\qGaspRO.exe
  2⤵
  PID:5684
- C:\Windows\System\RvHOZTI.exe
  C:\Windows\System\RvHOZTI.exe
  2⤵
  PID:6000
- C:\Windows\System\otJLgfk.exe
  C:\Windows\System\otJLgfk.exe
  2⤵
  PID:6012
- C:\Windows\System\gqKOmsT.exe
  C:\Windows\System\gqKOmsT.exe
  2⤵
  PID:6096
- C:\Windows\System\aizzEdY.exe
  C:\Windows\System\aizzEdY.exe
  2⤵
  PID:6112
- C:\Windows\System\aVHIcQP.exe
  C:\Windows\System\aVHIcQP.exe
  2⤵
  PID:4068
- C:\Windows\System\dvmUUXk.exe
  C:\Windows\System\dvmUUXk.exe
  2⤵
  PID:6072
- C:\Windows\System\IgeloMa.exe
  C:\Windows\System\IgeloMa.exe
  2⤵
  PID:6084
- C:\Windows\System\KParKkq.exe
  C:\Windows\System\KParKkq.exe
  2⤵
  PID:5164
- C:\Windows\System\zZMNHdW.exe
  C:\Windows\System\zZMNHdW.exe
  2⤵
  PID:4892
- C:\Windows\System\qHqAgyb.exe
  C:\Windows\System\qHqAgyb.exe
  2⤵
  PID:5200
- C:\Windows\System\HozTQVF.exe
  C:\Windows\System\HozTQVF.exe
  2⤵
  PID:5320
- C:\Windows\System\IcvVbof.exe
  C:\Windows\System\IcvVbof.exe
  2⤵
  PID:5472
- C:\Windows\System\dfoGGpC.exe
  C:\Windows\System\dfoGGpC.exe
  2⤵
  PID:5368
- C:\Windows\System\kFygDYV.exe
  C:\Windows\System\kFygDYV.exe
  2⤵
  PID:5336
- C:\Windows\System\OUuycAE.exe
  C:\Windows\System\OUuycAE.exe
  2⤵
  PID:5588
- C:\Windows\System\MtfTAEr.exe
  C:\Windows\System\MtfTAEr.exe
  2⤵
  PID:5232
- C:\Windows\System\TSoiPHS.exe
  C:\Windows\System\TSoiPHS.exe
  2⤵
  PID:5728
- C:\Windows\System\EuAxnnI.exe
  C:\Windows\System\EuAxnnI.exe
  2⤵
  PID:5768
- C:\Windows\System\gVSUcuN.exe
  C:\Windows\System\gVSUcuN.exe
  2⤵
  PID:5732
- C:\Windows\System\zaAUUsX.exe
  C:\Windows\System\zaAUUsX.exe
  2⤵
  PID:5948
- C:\Windows\System\ASzjwgG.exe
  C:\Windows\System\ASzjwgG.exe
  2⤵
  PID:5928
- C:\Windows\System\yiqFAJD.exe
  C:\Windows\System\yiqFAJD.exe
  2⤵
  PID:5716
- C:\Windows\System\NQNctpF.exe
  C:\Windows\System\NQNctpF.exe
  2⤵
  PID:6016
- C:\Windows\System\OUjwXhk.exe
  C:\Windows\System\OUjwXhk.exe
  2⤵
  PID:5988
- C:\Windows\System\rjpFxtb.exe
  C:\Windows\System\rjpFxtb.exe
  2⤵
  PID:6052
- C:\Windows\System\dTGTZlR.exe
  C:\Windows\System\dTGTZlR.exe
  2⤵
  PID:6064
- C:\Windows\System\psxzowH.exe
  C:\Windows\System\psxzowH.exe
  2⤵
  PID:5196
- C:\Windows\System\gzNeavm.exe
  C:\Windows\System\gzNeavm.exe
  2⤵
  PID:5492
- C:\Windows\System\IKZDRHv.exe
  C:\Windows\System\IKZDRHv.exe
  2⤵
  PID:5288
- C:\Windows\System\dbzIqIM.exe
  C:\Windows\System\dbzIqIM.exe
  2⤵
  PID:5124
- C:\Windows\System\CJSvOyd.exe
  C:\Windows\System\CJSvOyd.exe
  2⤵
  PID:5532
- C:\Windows\System\fNuuRiy.exe
  C:\Windows\System\fNuuRiy.exe
  2⤵
  PID:5628
- C:\Windows\System\yrtmECi.exe
  C:\Windows\System\yrtmECi.exe
  2⤵
  PID:5836
- C:\Windows\System\WgMQQVM.exe
  C:\Windows\System\WgMQQVM.exe
  2⤵
  PID:5852
- C:\Windows\System\bkjWPXP.exe
  C:\Windows\System\bkjWPXP.exe
  2⤵
  PID:6104
- C:\Windows\System\fBAfJmp.exe
  C:\Windows\System\fBAfJmp.exe
  2⤵
  PID:5460
- C:\Windows\System\yJOpPCk.exe
  C:\Windows\System\yJOpPCk.exe
  2⤵
  PID:4532
- C:\Windows\System\JsNWUoX.exe
  C:\Windows\System\JsNWUoX.exe
  2⤵
  PID:5868
- C:\Windows\System\rChsVUS.exe
  C:\Windows\System\rChsVUS.exe
  2⤵
  PID:5712
- C:\Windows\System\pZEFngi.exe
  C:\Windows\System\pZEFngi.exe
  2⤵
  PID:5136
- C:\Windows\System\sbzDZME.exe
  C:\Windows\System\sbzDZME.exe
  2⤵
  PID:6132
- C:\Windows\System\IGrmqrk.exe
  C:\Windows\System\IGrmqrk.exe
  2⤵
  PID:5256
- C:\Windows\System\zEpDqza.exe
  C:\Windows\System\zEpDqza.exe
  2⤵
  PID:5584
- C:\Windows\System\VYLJwsw.exe
  C:\Windows\System\VYLJwsw.exe
  2⤵
  PID:5916
- C:\Windows\System\caUoRNf.exe
  C:\Windows\System\caUoRNf.exe
  2⤵
  PID:6156
- C:\Windows\System\QVjhrKJ.exe
  C:\Windows\System\QVjhrKJ.exe
  2⤵
  PID:6196
- C:\Windows\System\BagKaAA.exe
  C:\Windows\System\BagKaAA.exe
  2⤵
  PID:6216
- C:\Windows\System\gpGKHFb.exe
  C:\Windows\System\gpGKHFb.exe
  2⤵
  PID:6232
- C:\Windows\System\VFEDGAu.exe
  C:\Windows\System\VFEDGAu.exe
  2⤵
  PID:6256
- C:\Windows\System\YItNGuw.exe
  C:\Windows\System\YItNGuw.exe
  2⤵
  PID:6276
- C:\Windows\System\bnRQtij.exe
  C:\Windows\System\bnRQtij.exe
  2⤵
  PID:6292
- C:\Windows\System\KHHYybz.exe
  C:\Windows\System\KHHYybz.exe
  2⤵
  PID:6308
- C:\Windows\System\RAiSGiQ.exe
  C:\Windows\System\RAiSGiQ.exe
  2⤵
  PID:6324
- C:\Windows\System\iNgqtvw.exe
  C:\Windows\System\iNgqtvw.exe
  2⤵
  PID:6348
- C:\Windows\System\gOLGREd.exe
  C:\Windows\System\gOLGREd.exe
  2⤵
  PID:6376
- C:\Windows\System\PDJScBx.exe
  C:\Windows\System\PDJScBx.exe
  2⤵
  PID:6396
- C:\Windows\System\WNyaEEi.exe
  C:\Windows\System\WNyaEEi.exe
  2⤵
  PID:6412
- C:\Windows\System\SAmeRKr.exe
  C:\Windows\System\SAmeRKr.exe
  2⤵
  PID:6428
- C:\Windows\System\gWFaBLj.exe
  C:\Windows\System\gWFaBLj.exe
  2⤵
  PID:6444
- C:\Windows\System\ZMfCnGi.exe
  C:\Windows\System\ZMfCnGi.exe
  2⤵
  PID:6464
- C:\Windows\System\ziksPVc.exe
  C:\Windows\System\ziksPVc.exe
  2⤵
  PID:6480
- C:\Windows\System\omctAqG.exe
  C:\Windows\System\omctAqG.exe
  2⤵
  PID:6508
- C:\Windows\System\TsBbqVg.exe
  C:\Windows\System\TsBbqVg.exe
  2⤵
  PID:6524
- C:\Windows\System\GCOsRWZ.exe
  C:\Windows\System\GCOsRWZ.exe
  2⤵
  PID:6540
- C:\Windows\System\vhdeZnH.exe
  C:\Windows\System\vhdeZnH.exe
  2⤵
  PID:6576
- C:\Windows\System\OeHLGPw.exe
  C:\Windows\System\OeHLGPw.exe
  2⤵
  PID:6600
- C:\Windows\System\rKoLMSx.exe
  C:\Windows\System\rKoLMSx.exe
  2⤵
  PID:6616
- C:\Windows\System\nISGoNo.exe
  C:\Windows\System\nISGoNo.exe
  2⤵
  PID:6632
- C:\Windows\System\yprlXlu.exe
  C:\Windows\System\yprlXlu.exe
  2⤵
  PID:6648
- C:\Windows\System\zOOTOzU.exe
  C:\Windows\System\zOOTOzU.exe
  2⤵
  PID:6676
- C:\Windows\System\XtDeFWG.exe
  C:\Windows\System\XtDeFWG.exe
  2⤵
  PID:6696
- C:\Windows\System\SdVeXqE.exe
  C:\Windows\System\SdVeXqE.exe
  2⤵
  PID:6712
- C:\Windows\System\HOqcwcq.exe
  C:\Windows\System\HOqcwcq.exe
  2⤵
  PID:6728
- C:\Windows\System\FiGKCmj.exe
  C:\Windows\System\FiGKCmj.exe
  2⤵
  PID:6752
- C:\Windows\System\wiPJInJ.exe
  C:\Windows\System\wiPJInJ.exe
  2⤵
  PID:6768
- C:\Windows\System\OJHREMe.exe
  C:\Windows\System\OJHREMe.exe
  2⤵
  PID:6784
- C:\Windows\System\OZqnJSH.exe
  C:\Windows\System\OZqnJSH.exe
  2⤵
  PID:6804
- C:\Windows\System\vcymKjy.exe
  C:\Windows\System\vcymKjy.exe
  2⤵
  PID:6824
- C:\Windows\System\RmqJhnX.exe
  C:\Windows\System\RmqJhnX.exe
  2⤵
  PID:6844
- C:\Windows\System\QGHugAM.exe
  C:\Windows\System\QGHugAM.exe
  2⤵
  PID:6880
- C:\Windows\System\ctjsElM.exe
  C:\Windows\System\ctjsElM.exe
  2⤵
  PID:6896
- C:\Windows\System\pbNrIEN.exe
  C:\Windows\System\pbNrIEN.exe
  2⤵
  PID:6912
- C:\Windows\System\dLtMQtx.exe
  C:\Windows\System\dLtMQtx.exe
  2⤵
  PID:6928
- C:\Windows\System\wIKcTJl.exe
  C:\Windows\System\wIKcTJl.exe
  2⤵
  PID:6944
- C:\Windows\System\jJotssA.exe
  C:\Windows\System\jJotssA.exe
  2⤵
  PID:6964
- C:\Windows\System\HvYwIIm.exe
  C:\Windows\System\HvYwIIm.exe
  2⤵
  PID:6980
- C:\Windows\System\eoaBiKw.exe
  C:\Windows\System\eoaBiKw.exe
  2⤵
  PID:7000
- C:\Windows\System\yScRixy.exe
  C:\Windows\System\yScRixy.exe
  2⤵
  PID:7020
- C:\Windows\System\lBDcVYR.exe
  C:\Windows\System\lBDcVYR.exe
  2⤵
  PID:7036
- C:\Windows\System\kDRcOHb.exe
  C:\Windows\System\kDRcOHb.exe
  2⤵
  PID:7052
- C:\Windows\System\VIidphP.exe
  C:\Windows\System\VIidphP.exe
  2⤵
  PID:7068
- C:\Windows\System\yjruxzW.exe
  C:\Windows\System\yjruxzW.exe
  2⤵
  PID:7088
- C:\Windows\System\TvSLsiH.exe
  C:\Windows\System\TvSLsiH.exe
  2⤵
  PID:7108
- C:\Windows\System\UNxrLGK.exe
  C:\Windows\System\UNxrLGK.exe
  2⤵
  PID:7124
- C:\Windows\System\gvOksBz.exe
  C:\Windows\System\gvOksBz.exe
  2⤵
  PID:5308
- C:\Windows\System\SyjWaaa.exe
  C:\Windows\System\SyjWaaa.exe
  2⤵
  PID:6048
- C:\Windows\System\PlqpkPh.exe
  C:\Windows\System\PlqpkPh.exe
  2⤵
  PID:5272
- C:\Windows\System\JQEqdpU.exe
  C:\Windows\System\JQEqdpU.exe
  2⤵
  PID:6176
- C:\Windows\System\AdVStSU.exe
  C:\Windows\System\AdVStSU.exe
  2⤵
  PID:6192
- C:\Windows\System\clwDWib.exe
  C:\Windows\System\clwDWib.exe
  2⤵
  PID:5568
- C:\Windows\System\WKyXycM.exe
  C:\Windows\System\WKyXycM.exe
  2⤵
  PID:5576
- C:\Windows\System\DZajEIs.exe
  C:\Windows\System\DZajEIs.exe
  2⤵
  PID:6264
- C:\Windows\System\jacLkHV.exe
  C:\Windows\System\jacLkHV.exe
  2⤵
  PID:6204
- C:\Windows\System\TyNBOSr.exe
  C:\Windows\System\TyNBOSr.exe
  2⤵
  PID:6272
- C:\Windows\System\lXeaAxH.exe
  C:\Windows\System\lXeaAxH.exe
  2⤵
  PID:6332
- C:\Windows\System\WeTkYiZ.exe
  C:\Windows\System\WeTkYiZ.exe
  2⤵
  PID:6340
- C:\Windows\System\ERCiftP.exe
  C:\Windows\System\ERCiftP.exe
  2⤵
  PID:6392
- C:\Windows\System\BVeXUma.exe
  C:\Windows\System\BVeXUma.exe
  2⤵
  PID:6488
- C:\Windows\System\DzsqGWD.exe
  C:\Windows\System\DzsqGWD.exe
  2⤵
  PID:6356
- C:\Windows\System\JsPuiOD.exe
  C:\Windows\System\JsPuiOD.exe
  2⤵
  PID:6368
- C:\Windows\System\oOrlEVw.exe
  C:\Windows\System\oOrlEVw.exe
  2⤵
  PID:6408
- C:\Windows\System\cwORPnF.exe
  C:\Windows\System\cwORPnF.exe
  2⤵
  PID:6564
- C:\Windows\System\QANUPPs.exe
  C:\Windows\System\QANUPPs.exe
  2⤵
  PID:6588
- C:\Windows\System\rYkcxEw.exe
  C:\Windows\System\rYkcxEw.exe
  2⤵
  PID:6628
- C:\Windows\System\DxXnozo.exe
  C:\Windows\System\DxXnozo.exe
  2⤵
  PID:6608
- C:\Windows\System\cEWZXfI.exe
  C:\Windows\System\cEWZXfI.exe
  2⤵
  PID:6684
- C:\Windows\System\URzZrZH.exe
  C:\Windows\System\URzZrZH.exe
  2⤵
  PID:6736
- C:\Windows\System\jluSOFu.exe
  C:\Windows\System\jluSOFu.exe
  2⤵
  PID:6816
- C:\Windows\System\ntipAqa.exe
  C:\Windows\System\ntipAqa.exe
  2⤵
  PID:6688
- C:\Windows\System\AhHxRdn.exe
  C:\Windows\System\AhHxRdn.exe
  2⤵
  PID:6872
- C:\Windows\System\wZVDaCq.exe
  C:\Windows\System\wZVDaCq.exe
  2⤵
  PID:6800
- C:\Windows\System\xiZSjXl.exe
  C:\Windows\System\xiZSjXl.exe
  2⤵
  PID:6856
- C:\Windows\System\htbNQDB.exe
  C:\Windows\System\htbNQDB.exe
  2⤵
  PID:6888
- C:\Windows\System\SoYxabl.exe
  C:\Windows\System\SoYxabl.exe
  2⤵
  PID:6924
- C:\Windows\System\XKcyxST.exe
  C:\Windows\System\XKcyxST.exe
  2⤵
  PID:7008
- C:\Windows\System\hoGWiaQ.exe
  C:\Windows\System\hoGWiaQ.exe
  2⤵
  PID:7048
- C:\Windows\System\RcBTtef.exe
  C:\Windows\System\RcBTtef.exe
  2⤵
  PID:7116
- C:\Windows\System\YBzQvtq.exe
  C:\Windows\System\YBzQvtq.exe
  2⤵
  PID:6996
- C:\Windows\System\HstXlGS.exe
  C:\Windows\System\HstXlGS.exe
  2⤵
  PID:7064
- C:\Windows\System\bFuuNsP.exe
  C:\Windows\System\bFuuNsP.exe
  2⤵
  PID:7136
- C:\Windows\System\zzxPyeK.exe
  C:\Windows\System\zzxPyeK.exe
  2⤵
  PID:5644
- C:\Windows\System\MHeTqYR.exe
  C:\Windows\System\MHeTqYR.exe
  2⤵
  PID:4448
- C:\Windows\System\yrvCgWW.exe
  C:\Windows\System\yrvCgWW.exe
  2⤵
  PID:6148
- C:\Windows\System\tlvUzGA.exe
  C:\Windows\System\tlvUzGA.exe
  2⤵
  PID:6336
- C:\Windows\System\NYJSPxp.exe
  C:\Windows\System\NYJSPxp.exe
  2⤵
  PID:6284
- C:\Windows\System\dJMQABM.exe
  C:\Windows\System\dJMQABM.exe
  2⤵
  PID:6388
- C:\Windows\System\URjTQFf.exe
  C:\Windows\System\URjTQFf.exe
  2⤵
  PID:6128
- C:\Windows\System\PHKgpLE.exe
  C:\Windows\System\PHKgpLE.exe
  2⤵
  PID:6212
- C:\Windows\System\mhhqzZt.exe
  C:\Windows\System\mhhqzZt.exe
  2⤵
  PID:6560
- C:\Windows\System\tasfwMh.exe
  C:\Windows\System\tasfwMh.exe
  2⤵
  PID:6624
- C:\Windows\System\uVguBXr.exe
  C:\Windows\System\uVguBXr.exe
  2⤵
  PID:6520
- C:\Windows\System\Gzstfwb.exe
  C:\Windows\System\Gzstfwb.exe
  2⤵
  PID:6548
- C:\Windows\System\gUZUTqg.exe
  C:\Windows\System\gUZUTqg.exe
  2⤵
  PID:6776
- C:\Windows\System\LmjpIwy.exe
  C:\Windows\System\LmjpIwy.exe
  2⤵
  PID:6516
- C:\Windows\System\KwbIVWi.exe
  C:\Windows\System\KwbIVWi.exe
  2⤵
  PID:6860
- C:\Windows\System\eLdgdKw.exe
  C:\Windows\System\eLdgdKw.exe
  2⤵
  PID:6876
- C:\Windows\System\zhqimgC.exe
  C:\Windows\System\zhqimgC.exe
  2⤵
  PID:6760
- C:\Windows\System\TPmmWEg.exe
  C:\Windows\System\TPmmWEg.exe
  2⤵
  PID:6936
- C:\Windows\System\CPVoORY.exe
  C:\Windows\System\CPVoORY.exe
  2⤵
  PID:7044
- C:\Windows\System\UprYfCy.exe
  C:\Windows\System\UprYfCy.exe
  2⤵
  PID:5784
- C:\Windows\System\ieYpUJM.exe
  C:\Windows\System\ieYpUJM.exe
  2⤵
  PID:6792
- C:\Windows\System\JgAdxxL.exe
  C:\Windows\System\JgAdxxL.exe
  2⤵
  PID:6956
- C:\Windows\System\vsLqJBU.exe
  C:\Windows\System\vsLqJBU.exe
  2⤵
  PID:5572
- C:\Windows\System\bSdJJCi.exe
  C:\Windows\System\bSdJJCi.exe
  2⤵
  PID:5404
- C:\Windows\System\myWRqxb.exe
  C:\Windows\System\myWRqxb.exe
  2⤵
  PID:5388
- C:\Windows\System\ZjLwcOZ.exe
  C:\Windows\System\ZjLwcOZ.exe
  2⤵
  PID:6320
- C:\Windows\System\tGMTVLp.exe
  C:\Windows\System\tGMTVLp.exe
  2⤵
  PID:6500
- C:\Windows\System\gTGjIqh.exe
  C:\Windows\System\gTGjIqh.exe
  2⤵
  PID:6472
- C:\Windows\System\CYHwLIA.exe
  C:\Windows\System\CYHwLIA.exe
  2⤵
  PID:6440
- C:\Windows\System\waMmkPh.exe
  C:\Windows\System\waMmkPh.exe
  2⤵
  PID:6364
- C:\Windows\System\KMxlnbU.exe
  C:\Windows\System\KMxlnbU.exe
  2⤵
  PID:6704
- C:\Windows\System\kmBzTmi.exe
  C:\Windows\System\kmBzTmi.exe
  2⤵
  PID:6796
- C:\Windows\System\fOdYHIi.exe
  C:\Windows\System\fOdYHIi.exe
  2⤵
  PID:5792
- C:\Windows\System\KOaMHwS.exe
  C:\Windows\System\KOaMHwS.exe
  2⤵
  PID:6248
- C:\Windows\System\BxGsXUi.exe
  C:\Windows\System\BxGsXUi.exe
  2⤵
  PID:6656
- C:\Windows\System\ODlFLCi.exe
  C:\Windows\System\ODlFLCi.exe
  2⤵
  PID:6224
- C:\Windows\System\foYhlCC.exe
  C:\Windows\System\foYhlCC.exe
  2⤵
  PID:6300
- C:\Windows\System\kileBJj.exe
  C:\Windows\System\kileBJj.exe
  2⤵
  PID:7184
- C:\Windows\System\uIgnhOS.exe
  C:\Windows\System\uIgnhOS.exe
  2⤵
  PID:7200
- C:\Windows\System\fpjmwtk.exe
  C:\Windows\System\fpjmwtk.exe
  2⤵
  PID:7216
- C:\Windows\System\PHonLKJ.exe
  C:\Windows\System\PHonLKJ.exe
  2⤵
  PID:7240
- C:\Windows\System\nqKkXut.exe
  C:\Windows\System\nqKkXut.exe
  2⤵
  PID:7256
- C:\Windows\System\dTgINoq.exe
  C:\Windows\System\dTgINoq.exe
  2⤵
  PID:7272
- C:\Windows\System\XwcwTQs.exe
  C:\Windows\System\XwcwTQs.exe
  2⤵
  PID:7296
- C:\Windows\System\GIDoSrz.exe
  C:\Windows\System\GIDoSrz.exe
  2⤵
  PID:7388
- C:\Windows\System\XJKjgiU.exe
  C:\Windows\System\XJKjgiU.exe
  2⤵
  PID:7408
- C:\Windows\System\ZgVObNi.exe
  C:\Windows\System\ZgVObNi.exe
  2⤵
  PID:7428
- C:\Windows\System\WkyLFaK.exe
  C:\Windows\System\WkyLFaK.exe
  2⤵
  PID:7448
- C:\Windows\System\MnHYars.exe
  C:\Windows\System\MnHYars.exe
  2⤵
  PID:7464
- C:\Windows\System\bhIkfJN.exe
  C:\Windows\System\bhIkfJN.exe
  2⤵
  PID:7480
- C:\Windows\System\SJgqxdY.exe
  C:\Windows\System\SJgqxdY.exe
  2⤵
  PID:7496
- C:\Windows\System\JdOrDWY.exe
  C:\Windows\System\JdOrDWY.exe
  2⤵
  PID:7516
- C:\Windows\System\sSmzdgO.exe
  C:\Windows\System\sSmzdgO.exe
  2⤵
  PID:7544
- C:\Windows\System\NuaTzxr.exe
  C:\Windows\System\NuaTzxr.exe
  2⤵
  PID:7560
- C:\Windows\System\DCrNwXT.exe
  C:\Windows\System\DCrNwXT.exe
  2⤵
  PID:7576
- C:\Windows\System\fWcvmAJ.exe
  C:\Windows\System\fWcvmAJ.exe
  2⤵
  PID:7592
- C:\Windows\System\bFHpirn.exe
  C:\Windows\System\bFHpirn.exe
  2⤵
  PID:7608
- C:\Windows\System\wAsukkp.exe
  C:\Windows\System\wAsukkp.exe
  2⤵
  PID:7624
- C:\Windows\System\HckTguk.exe
  C:\Windows\System\HckTguk.exe
  2⤵
  PID:7640
- C:\Windows\System\wnGlysz.exe
  C:\Windows\System\wnGlysz.exe
  2⤵
  PID:7664
- C:\Windows\System\OWaHckh.exe
  C:\Windows\System\OWaHckh.exe
  2⤵
  PID:7684
- C:\Windows\System\eqkPRgx.exe
  C:\Windows\System\eqkPRgx.exe
  2⤵
  PID:7700
- C:\Windows\System\QXzePYd.exe
  C:\Windows\System\QXzePYd.exe
  2⤵
  PID:7728
- C:\Windows\System\jjAMCdI.exe
  C:\Windows\System\jjAMCdI.exe
  2⤵
  PID:7748
- C:\Windows\System\YxMgjmA.exe
  C:\Windows\System\YxMgjmA.exe
  2⤵
  PID:7768
- C:\Windows\System\iOFdAtK.exe
  C:\Windows\System\iOFdAtK.exe
  2⤵
  PID:7784
- C:\Windows\System\dwwDhLV.exe
  C:\Windows\System\dwwDhLV.exe
  2⤵
  PID:7824
- C:\Windows\System\stjPjQf.exe
  C:\Windows\System\stjPjQf.exe
  2⤵
  PID:7840
- C:\Windows\System\iyXqGRl.exe
  C:\Windows\System\iyXqGRl.exe
  2⤵
  PID:7856
- C:\Windows\System\DQSWOQy.exe
  C:\Windows\System\DQSWOQy.exe
  2⤵
  PID:7872
- C:\Windows\System\zoWNHsQ.exe
  C:\Windows\System\zoWNHsQ.exe
  2⤵
  PID:7888
- C:\Windows\System\DDnxtwI.exe
  C:\Windows\System\DDnxtwI.exe
  2⤵
  PID:7904
- C:\Windows\System\qxZUMIh.exe
  C:\Windows\System\qxZUMIh.exe
  2⤵
  PID:7920
- C:\Windows\System\qTsmbhE.exe
  C:\Windows\System\qTsmbhE.exe
  2⤵
  PID:7944
- C:\Windows\System\mgOqGFl.exe
  C:\Windows\System\mgOqGFl.exe
  2⤵
  PID:7964
- C:\Windows\System\vHRysnh.exe
  C:\Windows\System\vHRysnh.exe
  2⤵
  PID:7980
- C:\Windows\System\mERHuus.exe
  C:\Windows\System\mERHuus.exe
  2⤵
  PID:8004
- C:\Windows\System\SFDnmlT.exe
  C:\Windows\System\SFDnmlT.exe
  2⤵
  PID:8020
- C:\Windows\System\Vtuxkdk.exe
  C:\Windows\System\Vtuxkdk.exe
  2⤵
  PID:8072
- C:\Windows\System\yqiQMsm.exe
  C:\Windows\System\yqiQMsm.exe
  2⤵
  PID:8088
- C:\Windows\System\DMGxMNf.exe
  C:\Windows\System\DMGxMNf.exe
  2⤵
  PID:8104
- C:\Windows\System\Lecqfim.exe
  C:\Windows\System\Lecqfim.exe
  2⤵
  PID:8120
- C:\Windows\System\zYftgHa.exe
  C:\Windows\System\zYftgHa.exe
  2⤵
  PID:8144
- C:\Windows\System\bbMzRGq.exe
  C:\Windows\System\bbMzRGq.exe
  2⤵
  PID:8164
- C:\Windows\System\lKKdcUn.exe
  C:\Windows\System\lKKdcUn.exe
  2⤵
  PID:8180
- C:\Windows\System\jPJBatG.exe
  C:\Windows\System\jPJBatG.exe
  2⤵
  PID:6724
- C:\Windows\System\uzxAsdb.exe
  C:\Windows\System\uzxAsdb.exe
  2⤵
  PID:7060
- C:\Windows\System\UIchMiH.exe
  C:\Windows\System\UIchMiH.exe
  2⤵
  PID:7176
- C:\Windows\System\FMHuJsn.exe
  C:\Windows\System\FMHuJsn.exe
  2⤵
  PID:7164
- C:\Windows\System\ajxLNIt.exe
  C:\Windows\System\ajxLNIt.exe
  2⤵
  PID:6852
- C:\Windows\System\mgqTKkR.exe
  C:\Windows\System\mgqTKkR.exe
  2⤵
  PID:7192
- C:\Windows\System\hLJUjZP.exe
  C:\Windows\System\hLJUjZP.exe
  2⤵
  PID:5900
- C:\Windows\System\iYPUAQL.exe
  C:\Windows\System\iYPUAQL.exe
  2⤵
  PID:6812
- C:\Windows\System\ipVVXMl.exe
  C:\Windows\System\ipVVXMl.exe
  2⤵
  PID:7248
- C:\Windows\System\tciSNeT.exe
  C:\Windows\System\tciSNeT.exe
  2⤵
  PID:7284
- C:\Windows\System\dopzWMu.exe
  C:\Windows\System\dopzWMu.exe
  2⤵
  PID:7324
- C:\Windows\System\vofYrcY.exe
  C:\Windows\System\vofYrcY.exe
  2⤵
  PID:7312
- C:\Windows\System\dopDGMM.exe
  C:\Windows\System\dopDGMM.exe
  2⤵
  PID:7336
- C:\Windows\System\UkLAFEN.exe
  C:\Windows\System\UkLAFEN.exe
  2⤵
  PID:7364
- C:\Windows\System\GROMtrU.exe
  C:\Windows\System\GROMtrU.exe
  2⤵
  PID:7368
- C:\Windows\System\SZYzzix.exe
  C:\Windows\System\SZYzzix.exe
  2⤵
  PID:7396
- C:\Windows\System\sYOtKVI.exe
  C:\Windows\System\sYOtKVI.exe
  2⤵
  PID:7488
- C:\Windows\System\RNwhKIU.exe
  C:\Windows\System\RNwhKIU.exe
  2⤵
  PID:7492
- C:\Windows\System\EKkLphV.exe
  C:\Windows\System\EKkLphV.exe
  2⤵
  PID:7568
- C:\Windows\System\jhBWbhj.exe
  C:\Windows\System\jhBWbhj.exe
  2⤵
  PID:7632
- C:\Windows\System\qARCmBI.exe
  C:\Windows\System\qARCmBI.exe
  2⤵
  PID:7680
- C:\Windows\System\qiYtlqL.exe
  C:\Windows\System\qiYtlqL.exe
  2⤵
  PID:7616
- C:\Windows\System\ekXQktq.exe
  C:\Windows\System\ekXQktq.exe
  2⤵
  PID:7652
- C:\Windows\System\kGzyClP.exe
  C:\Windows\System\kGzyClP.exe
  2⤵
  PID:7660
- C:\Windows\System\ZqShDmi.exe
  C:\Windows\System\ZqShDmi.exe
  2⤵
  PID:7740
- C:\Windows\System\ThrmmZo.exe
  C:\Windows\System\ThrmmZo.exe
  2⤵
  PID:7712
- C:\Windows\System\jOtxCpb.exe
  C:\Windows\System\jOtxCpb.exe
  2⤵
  PID:7796
- C:\Windows\System\eaeeXBl.exe
  C:\Windows\System\eaeeXBl.exe
  2⤵
  PID:7868
- C:\Windows\System\bmfdmHt.exe
  C:\Windows\System\bmfdmHt.exe
  2⤵
  PID:7936
- C:\Windows\System\jXJkclf.exe
  C:\Windows\System\jXJkclf.exe
  2⤵
  PID:7884
- C:\Windows\System\FBZSWmu.exe
  C:\Windows\System\FBZSWmu.exe
  2⤵
  PID:7956
- C:\Windows\System\tGOBbLA.exe
  C:\Windows\System\tGOBbLA.exe
  2⤵
  PID:7996
- C:\Windows\System\JlBYeec.exe
  C:\Windows\System\JlBYeec.exe
  2⤵
  PID:7812
- C:\Windows\System\PDWwsDM.exe
  C:\Windows\System\PDWwsDM.exe
  2⤵
  PID:8044
- C:\Windows\System\oFgjWCw.exe
  C:\Windows\System\oFgjWCw.exe
  2⤵
  PID:8064
- C:\Windows\System\CaeAboF.exe
  C:\Windows\System\CaeAboF.exe
  2⤵
  PID:8112
- C:\Windows\System\PhBEhSJ.exe
  C:\Windows\System\PhBEhSJ.exe
  2⤵
  PID:6920
- C:\Windows\System\WNkxEAn.exe
  C:\Windows\System\WNkxEAn.exe
  2⤵
  PID:7084
- C:\Windows\System\ouUJtUW.exe
  C:\Windows\System\ouUJtUW.exe
  2⤵
  PID:7212
- C:\Windows\System\ujzqtGF.exe
  C:\Windows\System\ujzqtGF.exe
  2⤵
  PID:8136
- C:\Windows\System\bCeOBcj.exe
  C:\Windows\System\bCeOBcj.exe
  2⤵
  PID:5968
- C:\Windows\System\dyfOVgg.exe
  C:\Windows\System\dyfOVgg.exe
  2⤵
  PID:7080
- C:\Windows\System\ygHnDzz.exe
  C:\Windows\System\ygHnDzz.exe
  2⤵
  PID:7228
- C:\Windows\System\bvFePkW.exe
  C:\Windows\System\bvFePkW.exe
  2⤵
  PID:7104
- C:\Windows\System\ymiNNpW.exe
  C:\Windows\System\ymiNNpW.exe
  2⤵
  PID:7376
- C:\Windows\System\XsUnvhW.exe
  C:\Windows\System\XsUnvhW.exe
  2⤵
  PID:7440
- C:\Windows\System\xihfvAT.exe
  C:\Windows\System\xihfvAT.exe
  2⤵
  PID:7356
- C:\Windows\System\qeAGDFn.exe
  C:\Windows\System\qeAGDFn.exe
  2⤵
  PID:7360
- C:\Windows\System\ZyhkCsX.exe
  C:\Windows\System\ZyhkCsX.exe
  2⤵
  PID:7524
- C:\Windows\System\qTnMySM.exe
  C:\Windows\System\qTnMySM.exe
  2⤵
  PID:7776
- C:\Windows\System\TWnibzi.exe
  C:\Windows\System\TWnibzi.exe
  2⤵
  PID:7900
- C:\Windows\System\KWzfdHp.exe
  C:\Windows\System\KWzfdHp.exe
  2⤵
  PID:7928
- C:\Windows\System\jNOvxWv.exe
  C:\Windows\System\jNOvxWv.exe
  2⤵
  PID:7604
- C:\Windows\System\AOctRcM.exe
  C:\Windows\System\AOctRcM.exe
  2⤵
  PID:7584
- C:\Windows\System\RojJQJD.exe
  C:\Windows\System\RojJQJD.exe
  2⤵
  PID:8016
- C:\Windows\System\LeYWWbR.exe
  C:\Windows\System\LeYWWbR.exe
  2⤵
  PID:7792
- C:\Windows\System\oPnNVbm.exe
  C:\Windows\System\oPnNVbm.exe
  2⤵
  PID:8028
- C:\Windows\System\VyLcfni.exe
  C:\Windows\System\VyLcfni.exe
  2⤵
  PID:8052
- C:\Windows\System\JjrZITp.exe
  C:\Windows\System\JjrZITp.exe
  2⤵
  PID:7988
- C:\Windows\System\UfjOYQw.exe
  C:\Windows\System\UfjOYQw.exe
  2⤵
  PID:8036
- C:\Windows\System\LyYHILR.exe
  C:\Windows\System\LyYHILR.exe
  2⤵
  PID:6152
- C:\Windows\System\ksceAJH.exe
  C:\Windows\System\ksceAJH.exe
  2⤵
  PID:7292
- C:\Windows\System\fywSCJG.exe
  C:\Windows\System\fywSCJG.exe
  2⤵
  PID:6868
- C:\Windows\System\TFoNEzE.exe
  C:\Windows\System\TFoNEzE.exe
  2⤵
  PID:6840
- C:\Windows\System\RWalsOD.exe
  C:\Windows\System\RWalsOD.exe
  2⤵
  PID:7416
- C:\Windows\System\PvJRDcy.exe
  C:\Windows\System\PvJRDcy.exe
  2⤵
  PID:7456
- C:\Windows\System\twUBBur.exe
  C:\Windows\System\twUBBur.exe
  2⤵
  PID:7280
- C:\Windows\System\cSXJwxr.exe
  C:\Windows\System\cSXJwxr.exe
  2⤵
  PID:7836
- C:\Windows\System\YtGtWcd.exe
  C:\Windows\System\YtGtWcd.exe
  2⤵
  PID:7804
- C:\Windows\System\qARCpuL.exe
  C:\Windows\System\qARCpuL.exe
  2⤵
  PID:7976
- C:\Windows\System\TKGvmbC.exe
  C:\Windows\System\TKGvmbC.exe
  2⤵
  PID:8156
- C:\Windows\System\ymQPdho.exe
  C:\Windows\System\ymQPdho.exe
  2⤵
  PID:7932
- C:\Windows\System\SWSHHqX.exe
  C:\Windows\System\SWSHHqX.exe
  2⤵
  PID:7620
- C:\Windows\System\dUOyLoa.exe
  C:\Windows\System\dUOyLoa.exe
  2⤵
  PID:8060
- C:\Windows\System\iQmXmqw.exe
  C:\Windows\System\iQmXmqw.exe
  2⤵
  PID:6584
- C:\Windows\System\canCCku.exe
  C:\Windows\System\canCCku.exe
  2⤵
  PID:6976
- C:\Windows\System\duXsArn.exe
  C:\Windows\System\duXsArn.exe
  2⤵
  PID:8132
- C:\Windows\System\NBjkQET.exe
  C:\Windows\System\NBjkQET.exe
  2⤵
  PID:7972
- C:\Windows\System\ncZJqbi.exe
  C:\Windows\System\ncZJqbi.exe
  2⤵
  PID:8188
- C:\Windows\System\ghYMOLz.exe
  C:\Windows\System\ghYMOLz.exe
  2⤵
  PID:7476
- C:\Windows\System\rirdIeX.exe
  C:\Windows\System\rirdIeX.exe
  2⤵
  PID:7528
- C:\Windows\System\NrWVOGL.exe
  C:\Windows\System\NrWVOGL.exe
  2⤵
  PID:8172
- C:\Windows\System\rSYkPhk.exe
  C:\Windows\System\rSYkPhk.exe
  2⤵
  PID:7328
- C:\Windows\System\ocwOBbm.exe
  C:\Windows\System\ocwOBbm.exe
  2⤵
  PID:8128
- C:\Windows\System\CvCBHvv.exe
  C:\Windows\System\CvCBHvv.exe
  2⤵
  PID:7708
- C:\Windows\System\afYieRy.exe
  C:\Windows\System\afYieRy.exe
  2⤵
  PID:7672
- C:\Windows\System\nBFyzpo.exe
  C:\Windows\System\nBFyzpo.exe
  2⤵
  PID:7880
- C:\Windows\System\EdmtTch.exe
  C:\Windows\System\EdmtTch.exe
  2⤵
  PID:7032
- C:\Windows\System\KkSvCme.exe
  C:\Windows\System\KkSvCme.exe
  2⤵
  PID:7332
- C:\Windows\System\pOPkEou.exe
  C:\Windows\System\pOPkEou.exe
  2⤵
  PID:7372
- C:\Windows\System\ASEDRYZ.exe
  C:\Windows\System\ASEDRYZ.exe
  2⤵
  PID:6536
- C:\Windows\System\pyyOXKK.exe
  C:\Windows\System\pyyOXKK.exe
  2⤵
  PID:7820
- C:\Windows\System\YlozQna.exe
  C:\Windows\System\YlozQna.exe
  2⤵
  PID:8204
- C:\Windows\System\fbHtsRx.exe
  C:\Windows\System\fbHtsRx.exe
  2⤵
  PID:8220
- C:\Windows\System\JHpTlkY.exe
  C:\Windows\System\JHpTlkY.exe
  2⤵
  PID:8236
- C:\Windows\System\wUWqTXQ.exe
  C:\Windows\System\wUWqTXQ.exe
  2⤵
  PID:8256
- C:\Windows\System\XTwuHzF.exe
  C:\Windows\System\XTwuHzF.exe
  2⤵
  PID:8276
- C:\Windows\System\ERTqklZ.exe
  C:\Windows\System\ERTqklZ.exe
  2⤵
  PID:8300
- C:\Windows\System\cjjzMNZ.exe
  C:\Windows\System\cjjzMNZ.exe
  2⤵
  PID:8336
- C:\Windows\System\GzyTstz.exe
  C:\Windows\System\GzyTstz.exe
  2⤵
  PID:8352
- C:\Windows\System\XfcgFAl.exe
  C:\Windows\System\XfcgFAl.exe
  2⤵
  PID:8376
- C:\Windows\System\oNoFNiV.exe
  C:\Windows\System\oNoFNiV.exe
  2⤵
  PID:8392
- C:\Windows\System\Ankjzjk.exe
  C:\Windows\System\Ankjzjk.exe
  2⤵
  PID:8408
- C:\Windows\System\mOHJcVr.exe
  C:\Windows\System\mOHJcVr.exe
  2⤵
  PID:8436
- C:\Windows\System\vIDRtQe.exe
  C:\Windows\System\vIDRtQe.exe
  2⤵
  PID:8456
- C:\Windows\System\FHitmKP.exe
  C:\Windows\System\FHitmKP.exe
  2⤵
  PID:8496
- C:\Windows\System\dvmRKZs.exe
  C:\Windows\System\dvmRKZs.exe
  2⤵
  PID:8512
- C:\Windows\System\yasmSIE.exe
  C:\Windows\System\yasmSIE.exe
  2⤵
  PID:8532
- C:\Windows\System\nDVydgn.exe
  C:\Windows\System\nDVydgn.exe
  2⤵
  PID:8548
- C:\Windows\System\MmsjfUh.exe
  C:\Windows\System\MmsjfUh.exe
  2⤵
  PID:8568
- C:\Windows\System\XwZNRPM.exe
  C:\Windows\System\XwZNRPM.exe
  2⤵
  PID:8592
- C:\Windows\System\WeTBgiw.exe
  C:\Windows\System\WeTBgiw.exe
  2⤵
  PID:8612
- C:\Windows\System\qHcJGZx.exe
  C:\Windows\System\qHcJGZx.exe
  2⤵
  PID:8628
- C:\Windows\System\GjxcHrZ.exe
  C:\Windows\System\GjxcHrZ.exe
  2⤵
  PID:8644
- C:\Windows\System\enMbNhb.exe
  C:\Windows\System\enMbNhb.exe
  2⤵
  PID:8660
- C:\Windows\System\nzrACAB.exe
  C:\Windows\System\nzrACAB.exe
  2⤵
  PID:8688
- C:\Windows\System\OsaRGRC.exe
  C:\Windows\System\OsaRGRC.exe
  2⤵
  PID:8720
- C:\Windows\System\mTCMEDC.exe
  C:\Windows\System\mTCMEDC.exe
  2⤵
  PID:8736
- C:\Windows\System\QhoCMKJ.exe
  C:\Windows\System\QhoCMKJ.exe
  2⤵
  PID:8760
- C:\Windows\System\XTMYEwF.exe
  C:\Windows\System\XTMYEwF.exe
  2⤵
  PID:8780
- C:\Windows\System\obzjBmH.exe
  C:\Windows\System\obzjBmH.exe
  2⤵
  PID:8804
- C:\Windows\System\XzCpNLI.exe
  C:\Windows\System\XzCpNLI.exe
  2⤵
  PID:8824
- C:\Windows\System\nfwsFrj.exe
  C:\Windows\System\nfwsFrj.exe
  2⤵
  PID:8844
- C:\Windows\System\urTZIiB.exe
  C:\Windows\System\urTZIiB.exe
  2⤵
  PID:8860
- C:\Windows\System\NbLOfiY.exe
  C:\Windows\System\NbLOfiY.exe
  2⤵
  PID:8880
- C:\Windows\System\oyqvNYB.exe
  C:\Windows\System\oyqvNYB.exe
  2⤵
  PID:8896
- C:\Windows\System\EyegPWa.exe
  C:\Windows\System\EyegPWa.exe
  2⤵
  PID:8916
- C:\Windows\System\gPeMerr.exe
  C:\Windows\System\gPeMerr.exe
  2⤵
  PID:8932
- C:\Windows\System\RrzsvcS.exe
  C:\Windows\System\RrzsvcS.exe
  2⤵
  PID:8952
- C:\Windows\System\VbYjMWd.exe
  C:\Windows\System\VbYjMWd.exe
  2⤵
  PID:8968
- C:\Windows\System\tLjQHDh.exe
  C:\Windows\System\tLjQHDh.exe
  2⤵
  PID:8984
- C:\Windows\System\ZSIqCgH.exe
  C:\Windows\System\ZSIqCgH.exe
  2⤵
  PID:9008
- C:\Windows\System\WnAwGry.exe
  C:\Windows\System\WnAwGry.exe
  2⤵
  PID:9024
- C:\Windows\System\CTrAwgw.exe
  C:\Windows\System\CTrAwgw.exe
  2⤵
  PID:9044
- C:\Windows\System\DXKswoZ.exe
  C:\Windows\System\DXKswoZ.exe
  2⤵
  PID:9072
- C:\Windows\System\FXBygnf.exe
  C:\Windows\System\FXBygnf.exe
  2⤵
  PID:9088
- C:\Windows\System\Glceoxk.exe
  C:\Windows\System\Glceoxk.exe
  2⤵
  PID:9128
- C:\Windows\System\LkjfPkN.exe
  C:\Windows\System\LkjfPkN.exe
  2⤵
  PID:9144
- C:\Windows\System\GOHXTFY.exe
  C:\Windows\System\GOHXTFY.exe
  2⤵
  PID:9160
- C:\Windows\System\GepdZxw.exe
  C:\Windows\System\GepdZxw.exe
  2⤵
  PID:9176
- C:\Windows\System\OdzDWFi.exe
  C:\Windows\System\OdzDWFi.exe
  2⤵
  PID:9196
- C:\Windows\System\yoAIANX.exe
  C:\Windows\System\yoAIANX.exe
  2⤵
  PID:8200
- C:\Windows\System\ZMOcaFk.exe
  C:\Windows\System\ZMOcaFk.exe
  2⤵
  PID:8232
- C:\Windows\System\pcYpuEO.exe
  C:\Windows\System\pcYpuEO.exe
  2⤵
  PID:8212
- C:\Windows\System\hxoYbiR.exe
  C:\Windows\System\hxoYbiR.exe
  2⤵
  PID:8216
- C:\Windows\System\WxOSJuK.exe
  C:\Windows\System\WxOSJuK.exe
  2⤵
  PID:8316
- C:\Windows\System\qRhsmOJ.exe
  C:\Windows\System\qRhsmOJ.exe
  2⤵
  PID:8344
- C:\Windows\System\ezewDDY.exe
  C:\Windows\System\ezewDDY.exe
  2⤵
  PID:8372
- C:\Windows\System\HSRLUkm.exe
  C:\Windows\System\HSRLUkm.exe
  2⤵
  PID:8416
- C:\Windows\System\xiFisZz.exe
  C:\Windows\System\xiFisZz.exe
  2⤵
  PID:8424
- C:\Windows\System\pvZJKji.exe
  C:\Windows\System\pvZJKji.exe
  2⤵
  PID:8464
- C:\Windows\System\QAqDFoy.exe
  C:\Windows\System\QAqDFoy.exe
  2⤵
  PID:8508
- C:\Windows\System\iyHMXPZ.exe
  C:\Windows\System\iyHMXPZ.exe
  2⤵
  PID:8524
- C:\Windows\System\pAhvtSB.exe
  C:\Windows\System\pAhvtSB.exe
  2⤵
  PID:8564
- C:\Windows\System\URfBEou.exe
  C:\Windows\System\URfBEou.exe
  2⤵
  PID:8580
- C:\Windows\System\ByxTrdP.exe
  C:\Windows\System\ByxTrdP.exe
  2⤵
  PID:8696
- C:\Windows\System\LYoyGlb.exe
  C:\Windows\System\LYoyGlb.exe
  2⤵
  PID:8680
- C:\Windows\System\fHgmaLQ.exe
  C:\Windows\System\fHgmaLQ.exe
  2⤵
  PID:8704
- C:\Windows\System\DtodbhO.exe
  C:\Windows\System\DtodbhO.exe
  2⤵
  PID:8732
- C:\Windows\System\nOyjTQy.exe
  C:\Windows\System\nOyjTQy.exe
  2⤵
  PID:8788
- C:\Windows\System\RXXzQNX.exe
  C:\Windows\System\RXXzQNX.exe
  2⤵
  PID:8812
- C:\Windows\System\uwngzGu.exe
  C:\Windows\System\uwngzGu.exe
  2⤵
  PID:8840
- C:\Windows\System\TbHCucn.exe
  C:\Windows\System\TbHCucn.exe
  2⤵
  PID:8944
- C:\Windows\System\QEthHUN.exe
  C:\Windows\System\QEthHUN.exe
  2⤵
  PID:9052
- C:\Windows\System\NVSeBUi.exe
  C:\Windows\System\NVSeBUi.exe
  2⤵
  PID:9060
- C:\Windows\System\VjtSfUc.exe
  C:\Windows\System\VjtSfUc.exe
  2⤵
  PID:8888
- C:\Windows\System\ynWPFdP.exe
  C:\Windows\System\ynWPFdP.exe
  2⤵
  PID:8996
- C:\Windows\System\MVIEPhb.exe
  C:\Windows\System\MVIEPhb.exe
  2⤵
  PID:9040
- C:\Windows\System\exYHnhE.exe
  C:\Windows\System\exYHnhE.exe
  2⤵
  PID:8748
- C:\Windows\System\tEKcGsz.exe
  C:\Windows\System\tEKcGsz.exe
  2⤵
  PID:9152
- C:\Windows\System\KhxueMM.exe
  C:\Windows\System\KhxueMM.exe
  2⤵
  PID:9184
- C:\Windows\System\zFJgUDq.exe
  C:\Windows\System\zFJgUDq.exe
  2⤵
  PID:9208
- C:\Windows\System\UMuxgRs.exe
  C:\Windows\System\UMuxgRs.exe
  2⤵
  PID:8228
- C:\Windows\System\QXNHvgK.exe
  C:\Windows\System\QXNHvgK.exe
  2⤵
  PID:8244
- C:\Windows\System\ZCsFjcA.exe
  C:\Windows\System\ZCsFjcA.exe
  2⤵
  PID:8388
- C:\Windows\System\MzFEfwr.exe
  C:\Windows\System\MzFEfwr.exe
  2⤵
  PID:8448
- C:\Windows\System\daUCEem.exe
  C:\Windows\System\daUCEem.exe
  2⤵
  PID:8248
- C:\Windows\System\kEHDEXL.exe
  C:\Windows\System\kEHDEXL.exe
  2⤵
  PID:8404
- C:\Windows\System\BrUXBpZ.exe
  C:\Windows\System\BrUXBpZ.exe
  2⤵
  PID:8556
- C:\Windows\System\aZZHBYy.exe
  C:\Windows\System\aZZHBYy.exe
  2⤵
  PID:8640
- C:\Windows\System\pQYluHx.exe
  C:\Windows\System\pQYluHx.exe
  2⤵
  PID:8776
- C:\Windows\System\HqcmpjG.exe
  C:\Windows\System\HqcmpjG.exe
  2⤵
  PID:8672
- C:\Windows\System\wrnoyWH.exe
  C:\Windows\System\wrnoyWH.exe
  2⤵
  PID:8908
- C:\Windows\System\mvMxqiG.exe
  C:\Windows\System\mvMxqiG.exe
  2⤵
  PID:8600
- C:\Windows\System\EVkAGtq.exe
  C:\Windows\System\EVkAGtq.exe
  2⤵
  PID:8940
- C:\Windows\System\NZbLxCD.exe
  C:\Windows\System\NZbLxCD.exe
  2⤵
  PID:9064
- C:\Windows\System\ZdZwvPD.exe
  C:\Windows\System\ZdZwvPD.exe
  2⤵
  PID:8960
- C:\Windows\System\hUclvLq.exe
  C:\Windows\System\hUclvLq.exe
  2⤵
  PID:8964
- C:\Windows\System\AAkfGsX.exe
  C:\Windows\System\AAkfGsX.exe
  2⤵
  PID:9108
- C:\Windows\System\DuXQPUm.exe
  C:\Windows\System\DuXQPUm.exe
  2⤵
  PID:9140
- C:\Windows\System\myNPmGb.exe
  C:\Windows\System\myNPmGb.exe
  2⤵
  PID:7648
- C:\Windows\System\lwYrhIw.exe
  C:\Windows\System\lwYrhIw.exe
  2⤵
  PID:8272
- C:\Windows\System\hTUPrvP.exe
  C:\Windows\System\hTUPrvP.exe
  2⤵
  PID:8852
- C:\Windows\System\kwMrkeE.exe
  C:\Windows\System\kwMrkeE.exe
  2⤵
  PID:8588
- C:\Windows\System\wdDcOlE.exe
  C:\Windows\System\wdDcOlE.exe
  2⤵
  PID:8772
- C:\Windows\System\XGMUHTg.exe
  C:\Windows\System\XGMUHTg.exe
  2⤵
  PID:8872
- C:\Windows\System\aBJQVYG.exe
  C:\Windows\System\aBJQVYG.exe
  2⤵
  PID:8904
- C:\Windows\System\wFluRze.exe
  C:\Windows\System\wFluRze.exe
  2⤵
  PID:8656
- C:\Windows\System\fAjntLA.exe
  C:\Windows\System\fAjntLA.exe
  2⤵
  PID:9032
- C:\Windows\System\HfegYpM.exe
  C:\Windows\System\HfegYpM.exe
  2⤵
  PID:9172
- C:\Windows\System\cItwjED.exe
  C:\Windows\System\cItwjED.exe
  2⤵
  PID:9192
- C:\Windows\System\emvxDOM.exe
  C:\Windows\System\emvxDOM.exe
  2⤵
  PID:8892
- C:\Windows\System\hTYKKED.exe
  C:\Windows\System\hTYKKED.exe
  2⤵
  PID:9136
- C:\Windows\System\RhJVHiO.exe
  C:\Windows\System\RhJVHiO.exe
  2⤵
  PID:9124
- C:\Windows\System\FQyyXyF.exe
  C:\Windows\System\FQyyXyF.exe
  2⤵
  PID:8540
- C:\Windows\System\OTAglzJ.exe
  C:\Windows\System\OTAglzJ.exe
  2⤵
  PID:8492
- C:\Windows\System\IcGIdJy.exe
  C:\Windows\System\IcGIdJy.exe
  2⤵
  PID:9120
- C:\Windows\System\ZBAqbSo.exe
  C:\Windows\System\ZBAqbSo.exe
  2⤵
  PID:8832
- C:\Windows\System\TAyTYEt.exe
  C:\Windows\System\TAyTYEt.exe
  2⤵
  PID:8296
- C:\Windows\System\goohMly.exe
  C:\Windows\System\goohMly.exe
  2⤵
  PID:8328
- C:\Windows\System\rmiIicZ.exe
  C:\Windows\System\rmiIicZ.exe
  2⤵
  PID:8716
- C:\Windows\System\NLNkUWe.exe
  C:\Windows\System\NLNkUWe.exe
  2⤵
  PID:9232
- C:\Windows\System\dWmqAbG.exe
  C:\Windows\System\dWmqAbG.exe
  2⤵
  PID:9248
- C:\Windows\System\jtpCHFq.exe
  C:\Windows\System\jtpCHFq.exe
  2⤵
  PID:9264
- C:\Windows\System\bhLakIQ.exe
  C:\Windows\System\bhLakIQ.exe
  2⤵
  PID:9300
- C:\Windows\System\WBGwoch.exe
  C:\Windows\System\WBGwoch.exe
  2⤵
  PID:9320
- C:\Windows\System\SaTJIkp.exe
  C:\Windows\System\SaTJIkp.exe
  2⤵
  PID:9336
- C:\Windows\System\KyhUVnj.exe
  C:\Windows\System\KyhUVnj.exe
  2⤵
  PID:9352
- C:\Windows\System\DrymlIR.exe
  C:\Windows\System\DrymlIR.exe
  2⤵
  PID:9368
- C:\Windows\System\fzqmtwY.exe
  C:\Windows\System\fzqmtwY.exe
  2⤵
  PID:9384
- C:\Windows\System\mjCAKKA.exe
  C:\Windows\System\mjCAKKA.exe
  2⤵
  PID:9412
- C:\Windows\System\dkyqkhW.exe
  C:\Windows\System\dkyqkhW.exe
  2⤵
  PID:9428
- C:\Windows\System\BHlJgQQ.exe
  C:\Windows\System\BHlJgQQ.exe
  2⤵
  PID:9444
- C:\Windows\System\VpzMxBS.exe
  C:\Windows\System\VpzMxBS.exe
  2⤵
  PID:9460
- C:\Windows\System\zmnDLYb.exe
  C:\Windows\System\zmnDLYb.exe
  2⤵
  PID:9476
- C:\Windows\System\tvdlxdL.exe
  C:\Windows\System\tvdlxdL.exe
  2⤵
  PID:9508
- C:\Windows\System\KerFeEI.exe
  C:\Windows\System\KerFeEI.exe
  2⤵
  PID:9532
- C:\Windows\System\mqCIyFg.exe
  C:\Windows\System\mqCIyFg.exe
  2⤵
  PID:9560
- C:\Windows\System\PkCtvLO.exe
  C:\Windows\System\PkCtvLO.exe
  2⤵
  PID:9584
- C:\Windows\System\ZURevQW.exe
  C:\Windows\System\ZURevQW.exe
  2⤵
  PID:9600
- C:\Windows\System\ZNbQqSz.exe
  C:\Windows\System\ZNbQqSz.exe
  2⤵
  PID:9624
- C:\Windows\System\WlZHXKx.exe
  C:\Windows\System\WlZHXKx.exe
  2⤵
  PID:9640
- C:\Windows\System\gVKpamk.exe
  C:\Windows\System\gVKpamk.exe
  2⤵
  PID:9656
- C:\Windows\System\WVBWFwO.exe
  C:\Windows\System\WVBWFwO.exe
  2⤵
  PID:9676
- C:\Windows\System\nlwzvUd.exe
  C:\Windows\System\nlwzvUd.exe
  2⤵
  PID:9700
- C:\Windows\System\JJlYlpk.exe
  C:\Windows\System\JJlYlpk.exe
  2⤵
  PID:9720
- C:\Windows\System\fRJemRh.exe
  C:\Windows\System\fRJemRh.exe
  2⤵
  PID:9736
- C:\Windows\System\HnqCtoF.exe
  C:\Windows\System\HnqCtoF.exe
  2⤵
  PID:9756
- C:\Windows\System\xQwyIgQ.exe
  C:\Windows\System\xQwyIgQ.exe
  2⤵
  PID:9776
- C:\Windows\System\ewXvOGT.exe
  C:\Windows\System\ewXvOGT.exe
  2⤵
  PID:9800
- C:\Windows\System\coLSjIt.exe
  C:\Windows\System\coLSjIt.exe
  2⤵
  PID:9816
- C:\Windows\System\zWmfAhI.exe
  C:\Windows\System\zWmfAhI.exe
  2⤵
  PID:9832
- C:\Windows\System\CpFziZJ.exe
  C:\Windows\System\CpFziZJ.exe
  2⤵
  PID:9852
- C:\Windows\System\CLVbbOK.exe
  C:\Windows\System\CLVbbOK.exe
  2⤵
  PID:9876
- C:\Windows\System\qIYPNHg.exe
  C:\Windows\System\qIYPNHg.exe
  2⤵
  PID:9892
- C:\Windows\System\fLbIefh.exe
  C:\Windows\System\fLbIefh.exe
  2⤵
  PID:9908
- C:\Windows\System\GBALPoJ.exe
  C:\Windows\System\GBALPoJ.exe
  2⤵
  PID:9924
- C:\Windows\System\xacripC.exe
  C:\Windows\System\xacripC.exe
  2⤵
  PID:9944
- C:\Windows\System\nvkYYZg.exe
  C:\Windows\System\nvkYYZg.exe
  2⤵
  PID:9968
- C:\Windows\System\hAePtUF.exe
  C:\Windows\System\hAePtUF.exe
  2⤵
  PID:9984
- C:\Windows\System\tyKvCoZ.exe
  C:\Windows\System\tyKvCoZ.exe
  2⤵
  PID:10000
- C:\Windows\System\RJAbZjL.exe
  C:\Windows\System\RJAbZjL.exe
  2⤵
  PID:10020
- C:\Windows\System\pSKBAkq.exe
  C:\Windows\System\pSKBAkq.exe
  2⤵
  PID:10040
- C:\Windows\System\Bpdkqkh.exe
  C:\Windows\System\Bpdkqkh.exe
  2⤵
  PID:10060
- C:\Windows\System\dnbPhNf.exe
  C:\Windows\System\dnbPhNf.exe
  2⤵
  PID:10076
- C:\Windows\System\MzmWlxE.exe
  C:\Windows\System\MzmWlxE.exe
  2⤵
  PID:10092
- C:\Windows\System\TtqhQGy.exe
  C:\Windows\System\TtqhQGy.exe
  2⤵
  PID:10112
- C:\Windows\System\IpngYNL.exe
  C:\Windows\System\IpngYNL.exe
  2⤵
  PID:10136
- C:\Windows\System\iFHeWny.exe
  C:\Windows\System\iFHeWny.exe
  2⤵
  PID:10168
- C:\Windows\System\WaOwHcM.exe
  C:\Windows\System\WaOwHcM.exe
  2⤵
  PID:10184
- C:\Windows\System\cxsqrcC.exe
  C:\Windows\System\cxsqrcC.exe
  2⤵
  PID:10204
- C:\Windows\System\GRgEPvL.exe
  C:\Windows\System\GRgEPvL.exe
  2⤵
  PID:8752
- C:\Windows\System\ZuSHKRT.exe
  C:\Windows\System\ZuSHKRT.exe
  2⤵
  PID:9020
- C:\Windows\System\ItvzFwv.exe
  C:\Windows\System\ItvzFwv.exe
  2⤵
  PID:9240
- C:\Windows\System\itfaeUI.exe
  C:\Windows\System\itfaeUI.exe
  2⤵
  PID:9244
- C:\Windows\System\mPsuRwo.exe
  C:\Windows\System\mPsuRwo.exe
  2⤵
  PID:9296
- C:\Windows\System\MzVdNgD.exe
  C:\Windows\System\MzVdNgD.exe
  2⤵
  PID:9292
- C:\Windows\System\uqQrHVk.exe
  C:\Windows\System\uqQrHVk.exe
  2⤵
  PID:9308
- C:\Windows\System\AYywehQ.exe
  C:\Windows\System\AYywehQ.exe
  2⤵
  PID:9380
- C:\Windows\System\AMJLwCu.exe
  C:\Windows\System\AMJLwCu.exe
  2⤵
  PID:9396
- C:\Windows\System\hifHHtd.exe
  C:\Windows\System\hifHHtd.exe
  2⤵
  PID:9344
- C:\Windows\System\sMlLFxM.exe
  C:\Windows\System\sMlLFxM.exe
  2⤵
  PID:9484
- C:\Windows\System\Xljhhif.exe
  C:\Windows\System\Xljhhif.exe
  2⤵
  PID:9516
- C:\Windows\System\XIoadGl.exe
  C:\Windows\System\XIoadGl.exe
  2⤵
  PID:9540
- C:\Windows\System\kWzMgfS.exe
  C:\Windows\System\kWzMgfS.exe
  2⤵
  PID:9568
- C:\Windows\System\dMyBokB.exe
  C:\Windows\System\dMyBokB.exe
  2⤵
  PID:9596
- C:\Windows\System\VqSKPEN.exe
  C:\Windows\System\VqSKPEN.exe
  2⤵
  PID:9648
- C:\Windows\System\BOKuPyT.exe
  C:\Windows\System\BOKuPyT.exe
  2⤵
  PID:9612
- C:\Windows\System\rAHANXK.exe
  C:\Windows\System\rAHANXK.exe
  2⤵
  PID:9664
- C:\Windows\System\whChEtS.exe
  C:\Windows\System\whChEtS.exe
  2⤵
  PID:9712
- C:\Windows\System\xwwSHmH.exe
  C:\Windows\System\xwwSHmH.exe
  2⤵
  PID:9716
- C:\Windows\System\AGrTVGu.exe
  C:\Windows\System\AGrTVGu.exe
  2⤵
  PID:9808
- C:\Windows\System\BPlnvZO.exe
  C:\Windows\System\BPlnvZO.exe
  2⤵
  PID:9888
- C:\Windows\System\OtpLrIS.exe
  C:\Windows\System\OtpLrIS.exe
  2⤵
  PID:9956
- C:\Windows\System\jzuDWeN.exe
  C:\Windows\System\jzuDWeN.exe
  2⤵
  PID:10028
- C:\Windows\System\bFsqYza.exe
  C:\Windows\System\bFsqYza.exe
  2⤵
  PID:10072
- C:\Windows\System\lekqAiT.exe
  C:\Windows\System\lekqAiT.exe
  2⤵
  PID:10144
- C:\Windows\System\CwzIzOB.exe
  C:\Windows\System\CwzIzOB.exe
  2⤵
  PID:10156
- C:\Windows\System\TsycqjN.exe
  C:\Windows\System\TsycqjN.exe
  2⤵
  PID:10148
- C:\Windows\System\KHUnajo.exe
  C:\Windows\System\KHUnajo.exe
  2⤵
  PID:9792
- C:\Windows\System\srzsCdn.exe
  C:\Windows\System\srzsCdn.exe
  2⤵
  PID:9980
- C:\Windows\System\WtpQfWi.exe
  C:\Windows\System\WtpQfWi.exe
  2⤵
  PID:9860
- C:\Windows\System\jAIyJUn.exe
  C:\Windows\System\jAIyJUn.exe
  2⤵
  PID:10084
- C:\Windows\System\wQqJHkG.exe
  C:\Windows\System\wQqJHkG.exe
  2⤵
  PID:10212
- C:\Windows\System\yHBnVxW.exe
  C:\Windows\System\yHBnVxW.exe
  2⤵
  PID:8756
- C:\Windows\System\yFndlHu.exe
  C:\Windows\System\yFndlHu.exe
  2⤵
  PID:10236
- C:\Windows\System\qrfymRO.exe
  C:\Windows\System\qrfymRO.exe
  2⤵
  PID:8520
- C:\Windows\System\owKRDqO.exe
  C:\Windows\System\owKRDqO.exe
  2⤵
  PID:9284
- C:\Windows\System\rsroRsR.exe
  C:\Windows\System\rsroRsR.exe
  2⤵
  PID:9376
- C:\Windows\System\QyuZpFa.exe
  C:\Windows\System\QyuZpFa.exe
  2⤵
  PID:9492
- C:\Windows\System\bMXwjHz.exe
  C:\Windows\System\bMXwjHz.exe
  2⤵
  PID:9456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ABVLmsK.exe

Filesize
6.0MB

MD5
9b39f4f05a17fe67b7b11d2999a6d48b

SHA1
bd5b61caaddee83bd4b6f59abc2d1fbc866cdee6

SHA256
1c0ed1232db7b08471362459045b3f9463d3307281c5cf3154651b7a77f7781a

SHA512
d338047808589bd826545f861db1b9143b7778c14c6ca18a03dd58cb9bbc6eff027e17ab299ce81a42daa40274f596c73354c0868e2742c1753881bb27d63cfe

Download Submit
C:\Windows\system\AUIVTeB.exe

Filesize
6.0MB

MD5
44f463ee263cdc41facb25be0fed12d8

SHA1
f2258b8063a9b6bba043f346c8a4b7bf1b9ddb05

SHA256
8955787c3464fab639ce053c9c4935ef9240e7db3cd7ffa3fabf2c01e5dcc229

SHA512
80ea308db76aef39a2211b65d3dcbf41a281dba18b755507ee82b7586b116d40b1222c333bd77b187c923a4cc8fa28a957f1e11c78f73de75ea1851f0f85dff0

Download Submit
C:\Windows\system\AuaHvqb.exe

Filesize
6.0MB

MD5
ffd7a479038a78612b5c66067ac2598f

SHA1
adf24725d1838323a55305f299bb7982a2041c7c

SHA256
c7f7ee4871f77ef30a466256aef981b6ae00e99c9348201bb76095525e9d1f9e

SHA512
5524c2e72988accd7106b75182ccdc12a49c2c629278297ed827c09ddf254e48256ce3a07af623d602c55fe6493e5266a6c43726ba6ba090a249822d70a98228

Download Submit
C:\Windows\system\ImNjPZC.exe

Filesize
6.0MB

MD5
c23a2b29236a71c4e36ac22ae05f950f

SHA1
76ee12090f739cb06d6976aee4cf4ec80f3226d6

SHA256
a9dc51f85213c1bec0a69588987d1f57b7622e5090eebc4539939e1743c9cab7

SHA512
ce4fbdae2ba2ed873efa688a6aa569328cf5157e0a148aeb15708d24145dcd92f1becd9b74485986762fe09ca24a9d4d82d41228d60634059f192744486350dd

Download Submit
C:\Windows\system\JtCJwSe.exe

Filesize
6.0MB

MD5
adb4cf88abb58baf61fe62c5c4fee448

SHA1
979b5d31c52d1bc4f554e59f97eb4da41360f1ad

SHA256
83f6e5a5c96827db93a65d54f832630423b2c8f1e61bec3afbac93987b2d4310

SHA512
bc0a7644cd01dd6ea132b3399356e8db1429d58826027dce5a7dcd167b053838b89644c3bf08902fff2f17dc3eb8c5041a32327088ee397c979be71cc68385a6

Download Submit
C:\Windows\system\LqoxLbS.exe

Filesize
6.0MB

MD5
d90cc6f71b1f884a992a000067d34541

SHA1
03b0756e62dadb6551377e6970b72b169ecfdfa5

SHA256
a1759742cf995ce2c97d73adea63ef3411971f4cf4d53f39da26d38a175930f4

SHA512
13f9a8b71276b378835c04ebf24c4651b415c410a4c64a6a45314003c99cfaefb1273f545e3fc252ae0ecd2b0555e0e2fa0ed57c2c0bc48197471561748ddd0b

Download Submit
C:\Windows\system\NcNqfvd.exe

Filesize
6.0MB

MD5
ab17dfe2e28fd5d5849ff755ee166e50

SHA1
4ad681c9dbc03b60e1541ca5c8966d1c0e9c0a5f

SHA256
e3e827e5d24c5fe82a60d4a442626759875d00459897f9ba1d135df71e5b9aec

SHA512
7006b242f37bb96f1e0edaf8fb08d02fa7edaa72a1b77d33e81e3a6e0d812a6e64626b7192984c5bfd9e1e484a4b45277eb7e507aa431e095f4566e9048aeeb9

Download Submit
C:\Windows\system\OLpxMSi.exe

Filesize
6.0MB

MD5
b8790c42d5157a53aee657c37ee023f8

SHA1
0c0a0d0192edae77ab2d07a0f886b721e4693c31

SHA256
935914c4dc1b1cd01234e0676088fdb760ee8f96829e160d682cfd0872ed6e69

SHA512
023111d42310915850df5c5faf17a505e59a9150c5dafda6c23b3b472ed2fe568a1b40e7c36a283e5259aa37fd5505b8afef887adeba44aa43351455af2ec9dc

Download Submit
C:\Windows\system\PAJCJFG.exe

Filesize
6.0MB

MD5
3c91ce67bd741faaed9af2c900c2f4a0

SHA1
121ce803a93cbd95b92484726c7a9342550be4a6

SHA256
2a4d6c51b15092e03ac2e0b1ca7b13a50e9a808dd8ed3bb71ad3768aa4507ec8

SHA512
08cb18db24c65814f4d0c9de2ce32c6c0f7e587abc699d776c01907af3bcbab8e718ed2233ef12b12f3eab6854486d0a579a34c3d703e4fc13ac058c5a5d304e

Download Submit
C:\Windows\system\PwAOpcM.exe

Filesize
6.0MB

MD5
d8603851a0a140173307935c831764c3

SHA1
b94e52326b7ff85b17357082db42545c06036aa7

SHA256
5937cf0816287f8f528a9f7cac0d28d8411dc60b6554bff909a8df7219076d0a

SHA512
1b20d4528d98027d8b37660d87803f9a3b2cfbcf87fc8b46ede0c6a6640767ebd857e448fd91dad285f54e4682cee32476fc2bb11e49593cc1ab09e93b1e6b0a

Download Submit
C:\Windows\system\RClRHfR.exe

Filesize
6.0MB

MD5
7c18b3ec3a1a8e86d2508a4f6c090f02

SHA1
e5e40f3d81e47b1edc7df5a30a0e634e496532b8

SHA256
842281a9570ba8df313c185b3b4476bd9c5a07e5df8df4bf664ce77aec132597

SHA512
592faa551f482a261c9fae53a7dc8b8115ad2cb4106168f20af8c1dabaeabb06b1611dc16628dd780ac9791d5a187979c64134787765d8c937fa64a5c2cfb5b9

Download Submit
C:\Windows\system\SjJTKTb.exe

Filesize
6.0MB

MD5
cfbe2fabbf3713102c366461823f1676

SHA1
467066a779df4e34445ced0136a2b0f078d6c1fd

SHA256
9d212b6e66945ec0bb37c67b6c730c961df6eae9afd9756d632413978254c00d

SHA512
bc573b4abd5bfebd554b7bd05e25b9650d86d63e24126fa148d33eeaf7824b6ab0436bc40e61d842adcd54d2cf65a67ddc0f3138868be2b6d6c6ac3ad6fd5340

Download Submit
C:\Windows\system\SlWtwhD.exe

Filesize
6.0MB

MD5
ca4512681ae3704bac39feefd5d33137

SHA1
4a2a458a15f4da0d68b9e277a4c3ca959267e815

SHA256
5ba0d98177e7bdee01ef83dcae5c1e842101932f43b4c087d0d56ddc99b17be3

SHA512
45377bb15a4078aa2aeb0ae985fe86283753953408324eaf721739dcdbc289643ae6268f4dc10ae5fafdd9db2d64dafa7db3452006a55446ee34c3f83aff62df

Download Submit
C:\Windows\system\TSuxuUQ.exe

Filesize
6.0MB

MD5
9dcb31199abd09e19a8a31723ca24be6

SHA1
e1b49d72f23257d310791e22e54f35bdb9bb8e65

SHA256
8c578ced11919a707aa910194c3cceb810ec5a45ce5f85259ab2e083cec564ef

SHA512
0d763599e473a98fa1d2ec500e424f7dbf471d6a528cf7cfee504fb36382612361f5af73b953286b5286e55379dd3fa1ea8ac46074b4615ec7837f06c1a7a306

Download Submit
C:\Windows\system\TgVoCgi.exe

Filesize
6.0MB

MD5
83ce196a4a7094181eaac53df4e102c5

SHA1
80c33c30c015c88e92064a9dfe165040f2b5e9e4

SHA256
2953766aad3807bafd8df0aa9f4434dbebe7d5c28fd732ea62f39ad9dd29b28a

SHA512
782debf4bbb132861c692acec8deb7c5c310a0a8d5197efc4b9db5e3e2db3b5bb5f092d531137f506682fb6c5804b65041a15fcea5119b67b9c004af70b3f3b6

Download Submit
C:\Windows\system\WCGZryX.exe

Filesize
6.0MB

MD5
2bc757d5bfb21d5b2a81e603593e1fd4

SHA1
81775b8770c2bc0cd4c1583584b32156aca33f2b

SHA256
edfcafb52b3239fb1a00fa3da4fa469540b0d3a1256a9e21c75feca4dfa9ac31

SHA512
ab4765caf7918429263106c2d0cd4dceb9287706667468e9e9c8c688de9ac439e1c6e539585ae2cba24d4c019a089046fb73351355b84ac43c858d8472d7e57b

Download Submit
C:\Windows\system\WGNNHmj.exe

Filesize
6.0MB

MD5
0793dd282c22347c6e55582539419b80

SHA1
41042c2ac2e0e8114b9be21c4276892db7b92d26

SHA256
4e43b4c1b7d1a11f59922d0173166f6160cf00fc340d01849aabdc8a729a9551

SHA512
988345f0de6d4168348683bffc8a62fa87706ce02739500288aec483fb0e56fce4015fa83b7ed4e9409f32c70e38f93c8e0799c52f051a378b1b9cbc2df4a9bc

Download Submit
C:\Windows\system\eyCmOTV.exe

Filesize
6.0MB

MD5
886b69695d0ad72e6363f15032a5d4f5

SHA1
8bfb02ef4530f1c67e1cd7977fe9fe62c582ef96

SHA256
e6264581a72d96c81ebff13a7baf74b31673373636e9b25793f0867c90bda7ef

SHA512
7f875009d873536211d6d081d7931fe29c2bc33de62e922e46d56caa7a0ba416ef21eb64f8d97cca88fac84d0ca9e61e7ba6a620ff8ff5b65b592bf1a5cb9990

Download Submit
C:\Windows\system\jmBgOGZ.exe

Filesize
6.0MB

MD5
72032f0de793810bd262cd8621cbc0c9

SHA1
b4204f5c923d16aa1b935295dba9313b2c0be036

SHA256
4e7e26869055a8a7732738a0b6257bdf01da0eba3a8378509c8a75e22d6357e3

SHA512
859c3614c7208c680b982bf6b350e75627eee343977099b536c6fa1333ca62d615b38c607b314b37729f8cde0a0ce8a77e55a04fb8c5466ba6d965f21fd1278f

Download Submit
C:\Windows\system\msPuaaf.exe

Filesize
6.0MB

MD5
050695f41d2792449aa81d0ce9278a76

SHA1
e9bae499cdc965457f39400aec323e9736e17703

SHA256
9f9ed0c9ea615275516de37cd3d8706c584654739f3b01ab01361f4ceb4464b6

SHA512
67b61edea6032b96c4becd0beff377949282afc83de32e2a77dc6f8b2ffd67b088ea3690d21c0423388d2ff85a128a2eeeb830b46bed46c7c9a129db6c327c7a

Download Submit
C:\Windows\system\nhbtBiz.exe

Filesize
6.0MB

MD5
38090f68691fca77208da6748c13bcb2

SHA1
212dfedb57e86e7789aecbfcbfd916bf2e4404a2

SHA256
bcc4589bb89ce31c69a7acfcabfb00645c552317afb022e2361918c02e151800

SHA512
ff016c25b210f45b6314e739e8a2d5055edaeba0652cc32c2f16624e60a8872f4c1664d8ac7d7fde60170af1fafe42264372f7e5029e03c940201bd24a69390e

Download Submit
C:\Windows\system\obwHKtE.exe

Filesize
6.0MB

MD5
12a9b75eef2f3258eba3677bf9830036

SHA1
99348a976124ed0efed8dbb5cb575fd469c679b3

SHA256
de5234f2acf9418134003609d07c5973f472bd690b10610fcc74f010dbf93879

SHA512
015d9c1350ea20d6aede7e20b65c0fbde346eed308d57eb55e9e72626939555ba673388dadd28cbf5bb742bdccc27cd7e1fb16e3a48158a06624354097ee6bb7

Download Submit
C:\Windows\system\sFXIEjk.exe

Filesize
6.0MB

MD5
6b9ba3a5fa20e11253672b22a1fc7c3b

SHA1
251b7feff402d6e8d4675992a280ce29aeb2ec88

SHA256
bfe51cd0a8df003c95a41c3b7fc9aa199ce3cbb10b251d5c98884055d44d75e2

SHA512
ee19b1d493379aa21132b21f03f10910839bb5453c582d1f33474c63e214e9da9320b822655f0f80c6bc6df5b04758fbaccb7a1fb8fcbd97a83ac0874bf34d75

Download Submit
C:\Windows\system\upUnWKK.exe

Filesize
6.0MB

MD5
a179fd24d45228437eba7de61cf5720b

SHA1
b312e104fb05e07501f4f00f97186a1b7612e552

SHA256
358af414406a3a6826037d80101b7e4259eab7fa9173da646c4f7a68c301fa31

SHA512
c5cefcb12b055427d8ac94b237f25d26e9bfd95fa91ab81bb1aabb95cbf3525f0726ddf99393434b1e9455e477976f91a3965ec6e19ba28860f5319bd8f803cb

Download Submit
C:\Windows\system\xdyPGtq.exe

Filesize
6.0MB

MD5
177833f1f5bdada6d7f6910096652fb5

SHA1
0c9a6277b7003b4b6df1493a0f2ee7b6f4860e36

SHA256
9070efa5d517bfbea9052bce3e19c90171daf5e9fd27d6fdc42ae523595605a5

SHA512
8128ac0e879f347adff669b92f5a7aaddd67e71970ced2ded495a2d94eedd05924f75083d1daccaed228ac8c4df749d51c44c0803d3607314a0e510f8fbe43d0

Download Submit
C:\Windows\system\yYZYBwo.exe

Filesize
6.0MB

MD5
cc5f217eb8365ce89137a66d370dd425

SHA1
60960c1a4922fafa2ac5c0c73c15145b427b189f

SHA256
a85b8bf62459bf1205d36b82a6365b8a3ffd35ee6a92aed9cf0e96fdf092d91c

SHA512
ca44224736908dc957b7c2dcd718aa7585381b6ef3898f11d4c195779cae1597cff72f1a175aed65aa8494902ebfea1098072eb8f901a0e12c02748149a0b6b7

Download Submit
\Windows\system\KAcYRQQ.exe

Filesize
6.0MB

MD5
a307191f530bedab7e216b9e628f3125

SHA1
a727ff3e37ea08b41bab803f60d41db2d6a10c44

SHA256
7f6ea3da1f12d6681c30b8be44af3099c67a8f752305a436639227dc2d1b65a6

SHA512
4f13623afdbad67813be54d10da12d90700765d155c247f4a22396d64fc092dc795988e30ed000b53f3321bfd3214ba9bcb002b581fd09b3059c9f9df1985f74

Download Submit
\Windows\system\MiNbgno.exe

Filesize
6.0MB

MD5
c019b5c389ac26adbec8165ce51f6347

SHA1
d6f83b311a6384998c38455758df8309a7b2a583

SHA256
3e7ca78fff4ba269e3ab57386511654ec77c21457c8218d6cf5cb70470c6f01a

SHA512
b2b13b714f5d04b54b94a28423e64af6e58d95dbe6b593517e2de00fc64d9dd40fed47d797bd900b5aaf5e3a53452054939c8aee39812e3c380e503e8f6dce41

Download Submit
\Windows\system\RkNYGKd.exe

Filesize
6.0MB

MD5
d2565b327d62674183ee98b353555b37

SHA1
4448ac8a8133dd63a6a299052d75f3c960cce213

SHA256
8af758f33eb4b7050ee9ee15326a6d54e70785f1db314158300bd418a3e3e406

SHA512
a78343c7d42e27821e8d7355354a9828774af3baaf8c34264e93968203ca3c2d6458657faec05b69ddf5edfcf5c9ec44fcaacbbdf6ae692ddca767928537d123

Download Submit
\Windows\system\UYvVAKn.exe

Filesize
6.0MB

MD5
a2c0c9bbffbf3aeec963cd1c30cd646b

SHA1
0adec6ef918edf53d5a47a631f48350646e33082

SHA256
d435546075a0a55708ac0e29ac6f5ff293c18d16b909a0bcda7cf39b0cedcce7

SHA512
37606515e98e48b8069ae13320844677715f30a5b9a2959728546f4bf5dec2c36fbde3bd766cab4344d34f4279d40c124dd8624ce4d14180bdb0f6fd48419dd1

Download Submit
\Windows\system\ibNOFuH.exe

Filesize
6.0MB

MD5
9a7d93b6fe77ca3ace7bbe2ad69e9974

SHA1
d4d83bd76922dc22ef24b57c26ff1c560bf01a33

SHA256
1137e73679d38d1da302f19316e7a78ab21e9f88365a35f77185602483e156e5

SHA512
a1b320fe6dc0e78b63c2cb9679a50260529041a0549c2244bb97aed0942d4a0ad7db6564d0b1aef588a329bef807a47b06efce78bca57c4dab64e3642efc0f13

Download Submit
\Windows\system\kIMwrRT.exe

Filesize
6.0MB

MD5
c859cbc0a98e6ea0f34a6de5743667bd

SHA1
85c062345763845f68003ead5441e25cd0977690

SHA256
55d06986e80dc7f35bef816ac812c2b8f90e44b4aae71945b81aad4a1d6f833c

SHA512
ecb05dda5e05d8df5eb549ad1d7197ed0ca92fc7998cb0bac65ccc608d6dd53ac27a88daeee57d3ae1fd5d18e19056f196c9dfecc208b375c04641a1be05b80d

Download Submit
memory/876-47-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/876-14-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/876-56-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/876-83-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/876-102-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/876-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/876-79-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/876-58-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/876-59-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/876-142-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/876-99-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/876-91-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/876-27-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/876-118-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/876-68-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/876-128-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/876-784-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/876-1017-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/876-1104-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/876-905-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/876-30-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/876-365-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/876-35-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/876-1228-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/876-1226-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/876-0-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/876-53-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-3705-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-15-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/1212-4071-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1212-114-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2204-28-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2204-3708-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2492-34-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2492-3712-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2492-10-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3726-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2516-26-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2516-61-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3843-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2576-486-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3840-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2696-74-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2696-33-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2772-136-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3848-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2772-62-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-64-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3851-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2792-254-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2796-50-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3837-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2796-81-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3833-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-57-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-82-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/3012-4070-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download