cobaltstrike | e1c162b7146b0a742d934de90900286e68278c626b22e6714758cc486e67879f

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-11-2024 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

bacc3bfa8d8ebd9bb0a71e16da0dddc9
SHA1

1157adca50fa725cb74f4b06968b373005a2f226
SHA256

e1c162b7146b0a742d934de90900286e68278c626b22e6714758cc486e67879f
SHA512

5515c639ee20c5655a105ad337aa843a4c6c623187d2ee77d63e84b6c8b30b1b9cfe3860978887f61259f0b3d70e1a91fc70035ada8340d5a83a019f509c7349
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000014b4f-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018c34-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018c44-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018f65-22.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001904c-28.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190e1-40.dat	cobalt_reflective_dll
behavioral1/files/0x0018000000018676-52.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-64.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0f-190.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c6c-195.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0d-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a72-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964b-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c2-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964a-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019642-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019640-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019485-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947d-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019479-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001946a-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-89.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191f6-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019465-96.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191d2-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2012-0-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/files/0x000c000000014b4f-3.dat	xmrig
behavioral1/memory/1356-7-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018c34-12.dat	xmrig
behavioral1/files/0x0008000000018c44-10.dat	xmrig
behavioral1/files/0x0007000000018f65-22.dat	xmrig
behavioral1/memory/3036-27-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x000700000001904c-28.dat	xmrig
behavioral1/files/0x00070000000190e1-40.dat	xmrig
behavioral1/memory/1356-41-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2268-34-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2012-29-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2748-44-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2176-21-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/352-17-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2676-51-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/352-50-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x0018000000018676-52.dat	xmrig
behavioral1/memory/2236-58-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2176-57-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0005000000019433-64.dat	xmrig
behavioral1/memory/2548-69-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019450-77.dat	xmrig
behavioral1/memory/3016-81-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2432-98-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d7-130.dat	xmrig
behavioral1/memory/2432-811-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2004-951-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2012-864-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2620-645-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/3016-483-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2720-319-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019b0f-190.dat	xmrig
behavioral1/files/0x0005000000019c6c-195.dat	xmrig
behavioral1/files/0x0005000000019b0d-186.dat	xmrig
behavioral1/files/0x0005000000019a72-180.dat	xmrig
behavioral1/files/0x000500000001964b-170.dat	xmrig
behavioral1/files/0x00050000000197c2-175.dat	xmrig
behavioral1/files/0x000500000001964a-166.dat	xmrig
behavioral1/files/0x0005000000019642-160.dat	xmrig
behavioral1/files/0x0005000000019640-156.dat	xmrig
behavioral1/files/0x000500000001953e-150.dat	xmrig
behavioral1/files/0x0005000000019513-145.dat	xmrig
behavioral1/files/0x000500000001950e-140.dat	xmrig
behavioral1/files/0x00050000000194df-135.dat	xmrig
behavioral1/files/0x0005000000019485-125.dat	xmrig
behavioral1/files/0x000500000001947d-120.dat	xmrig
behavioral1/files/0x0005000000019479-112.dat	xmrig
behavioral1/files/0x000500000001946a-108.dat	xmrig
behavioral1/memory/2004-107-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2548-106-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001945b-105.dat	xmrig
behavioral1/memory/2012-103-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2012-102-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2620-91-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019446-89.dat	xmrig
behavioral1/memory/2012-85-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x00070000000191f6-75.dat	xmrig
behavioral1/memory/2268-73-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x0005000000019465-96.dat	xmrig
behavioral1/memory/2012-94-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2236-93-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2012-66-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/3036-65-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1356	jYORbNF.exe
352	AbKLIiA.exe
2176	ZOoCWov.exe
3036	FOgJxWj.exe
2268	NXTVRmI.exe
2748	frVvHvb.exe
2676	QfdtBMO.exe
2236	cgLHAww.exe
2548	CLPwemh.exe
2720	eydNIZU.exe
3016	NOCPZeV.exe
2620	IIvDPIA.exe
2432	mkVqAtP.exe
2004	weuvbAg.exe
1040	qyhPvoL.exe
1888	RhyKUPL.exe
948	LSdlSZB.exe
544	liKVJUz.exe
388	KBbmdRb.exe
2020	DrqJofT.exe
1704	rqtQvOK.exe
2616	ncquYVV.exe
2988	tyECKJJ.exe
2884	XqXwUDe.exe
2644	DITUtGl.exe
2888	gTwsFns.exe
2948	dhlmdgO.exe
1180	aavxQKe.exe
1664	LhWslap.exe
1596	uPDgyDX.exe
2164	eIoUfOo.exe
2532	cdLOHFz.exe
1628	SmcmWxZ.exe
1236	mwjgRBM.exe
1008	OmHuXUC.exe
2116	UlrRuLj.exe
2204	DTcWEua.exe
572	lXbxYeM.exe
2260	OuONQtp.exe
776	TmWlldJ.exe
2384	VztRjPi.exe
2168	UftRHIX.exe
2288	fWxgzoG.exe
1936	DnkLziz.exe
2376	rUcSUMA.exe
2996	nkHkpUM.exe
2928	elFUmpG.exe
3040	vyTvstF.exe
896	NCPTGbg.exe
496	IdtWMYV.exe
2980	JTeiCXk.exe
1492	bESWmTP.exe
1496	VBoGkBG.exe
2512	MSsJvSx.exe
2160	yythlnE.exe
540	jhFBTet.exe
2700	sudhGLY.exe
2808	hqncakb.exe
2568	EVvnyek.exe
3028	WQySWLC.exe
2664	upCmkUT.exe
1952	ULqNYaw.exe
2272	KlLSnhG.exe
1256	vRXHtLK.exe

Loads dropped DLL 64 IoCs

pid	Process
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2012-0-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/files/0x000c000000014b4f-3.dat	upx
behavioral1/memory/1356-7-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x0008000000018c34-12.dat	upx
behavioral1/files/0x0008000000018c44-10.dat	upx
behavioral1/files/0x0007000000018f65-22.dat	upx
behavioral1/memory/3036-27-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x000700000001904c-28.dat	upx
behavioral1/files/0x00070000000190e1-40.dat	upx
behavioral1/memory/1356-41-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2268-34-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2012-29-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/2748-44-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2176-21-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/352-17-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2676-51-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/352-50-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x0018000000018676-52.dat	upx
behavioral1/memory/2236-58-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2176-57-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0005000000019433-64.dat	upx
behavioral1/memory/2548-69-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x0005000000019450-77.dat	upx
behavioral1/memory/3016-81-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2432-98-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/files/0x00050000000194d7-130.dat	upx
behavioral1/memory/2432-811-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2004-951-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2620-645-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/3016-483-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2720-319-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/files/0x0005000000019b0f-190.dat	upx
behavioral1/files/0x0005000000019c6c-195.dat	upx
behavioral1/files/0x0005000000019b0d-186.dat	upx
behavioral1/files/0x0005000000019a72-180.dat	upx
behavioral1/files/0x000500000001964b-170.dat	upx
behavioral1/files/0x00050000000197c2-175.dat	upx
behavioral1/files/0x000500000001964a-166.dat	upx
behavioral1/files/0x0005000000019642-160.dat	upx
behavioral1/files/0x0005000000019640-156.dat	upx
behavioral1/files/0x000500000001953e-150.dat	upx
behavioral1/files/0x0005000000019513-145.dat	upx
behavioral1/files/0x000500000001950e-140.dat	upx
behavioral1/files/0x00050000000194df-135.dat	upx
behavioral1/files/0x0005000000019485-125.dat	upx
behavioral1/files/0x000500000001947d-120.dat	upx
behavioral1/files/0x0005000000019479-112.dat	upx
behavioral1/files/0x000500000001946a-108.dat	upx
behavioral1/memory/2004-107-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2548-106-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/files/0x000500000001945b-105.dat	upx
behavioral1/memory/2620-91-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0005000000019446-89.dat	upx
behavioral1/files/0x00070000000191f6-75.dat	upx
behavioral1/memory/2268-73-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x0005000000019465-96.dat	upx
behavioral1/memory/2236-93-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/3036-65-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x00070000000191d2-49.dat	upx
behavioral1/memory/1356-3484-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/3036-3497-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/352-3489-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2176-3505-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2268-3504-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LTtUqWg.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EiriJEA.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbEuKUL.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLIcbWR.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTNlqCD.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxbGXvC.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zAAqteu.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lFRaRAY.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kfPmazR.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxKdvYj.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UaImVJi.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuMpZuo.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOhjXWd.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fXbABjm.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPcvwKY.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxzPuny.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PEpYUuq.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOsTRXm.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFRZOKk.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bodlSHP.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxKyKaz.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qSBRUiF.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDiDfun.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZGCPxV.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSJETer.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jpLHBmP.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUxZSZU.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYiCdLO.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IomFnuE.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubHtVLR.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsOxDuA.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWitXPS.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzwAsZo.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUWUVYi.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\URrTwnz.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMkyuMl.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJmUXfd.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isfWvRy.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFmEbTK.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STkJpCW.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSmLZqB.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwoHqKZ.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SchuBIn.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMSSPSZ.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rZuotmQ.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aavxQKe.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLWNXvT.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MlBuysX.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEzesdb.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIlgmTm.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EzfpXkP.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Spcwoek.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FObnAoc.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXhQeuF.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VtXyjty.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCrKDNM.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzIlqwV.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zarWlpS.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FmwOFgT.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BvURbaq.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxQIxGO.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAhSZev.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyEZcqJ.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVjfAjl.exe	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1356	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2012 wrote to memory of 1356	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2012 wrote to memory of 1356	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2012 wrote to memory of 352	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2012 wrote to memory of 352	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2012 wrote to memory of 352	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2012 wrote to memory of 2176	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2012 wrote to memory of 2176	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2012 wrote to memory of 2176	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2012 wrote to memory of 3036	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2012 wrote to memory of 3036	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2012 wrote to memory of 3036	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2012 wrote to memory of 2268	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2012 wrote to memory of 2268	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2012 wrote to memory of 2268	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2012 wrote to memory of 2748	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2012 wrote to memory of 2748	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2012 wrote to memory of 2748	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2012 wrote to memory of 2676	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2012 wrote to memory of 2676	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2012 wrote to memory of 2676	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2012 wrote to memory of 2236	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2012 wrote to memory of 2236	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2012 wrote to memory of 2236	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2012 wrote to memory of 2720	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2012 wrote to memory of 2720	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2012 wrote to memory of 2720	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2012 wrote to memory of 2548	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2012 wrote to memory of 2548	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2012 wrote to memory of 2548	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2012 wrote to memory of 2620	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2012 wrote to memory of 2620	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2012 wrote to memory of 2620	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2012 wrote to memory of 3016	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2012 wrote to memory of 3016	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2012 wrote to memory of 3016	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2012 wrote to memory of 2004	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2012 wrote to memory of 2004	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2012 wrote to memory of 2004	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2012 wrote to memory of 2432	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2012 wrote to memory of 2432	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2012 wrote to memory of 2432	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2012 wrote to memory of 1040	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2012 wrote to memory of 1040	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2012 wrote to memory of 1040	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2012 wrote to memory of 1888	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2012 wrote to memory of 1888	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2012 wrote to memory of 1888	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2012 wrote to memory of 948	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2012 wrote to memory of 948	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2012 wrote to memory of 948	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2012 wrote to memory of 544	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2012 wrote to memory of 544	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2012 wrote to memory of 544	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2012 wrote to memory of 388	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2012 wrote to memory of 388	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2012 wrote to memory of 388	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2012 wrote to memory of 2020	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2012 wrote to memory of 2020	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2012 wrote to memory of 2020	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2012 wrote to memory of 1704	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	53
PID 2012 wrote to memory of 1704	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	53
PID 2012 wrote to memory of 1704	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	53
PID 2012 wrote to memory of 2616	2012	2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe	54

C:\Users\Admin\AppData\Local\Temp\2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-11_bacc3bfa8d8ebd9bb0a71e16da0dddc9_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Windows\System\jYORbNF.exe
  C:\Windows\System\jYORbNF.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\AbKLIiA.exe
  C:\Windows\System\AbKLIiA.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\ZOoCWov.exe
  C:\Windows\System\ZOoCWov.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\FOgJxWj.exe
  C:\Windows\System\FOgJxWj.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\NXTVRmI.exe
  C:\Windows\System\NXTVRmI.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\frVvHvb.exe
  C:\Windows\System\frVvHvb.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\QfdtBMO.exe
  C:\Windows\System\QfdtBMO.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\cgLHAww.exe
  C:\Windows\System\cgLHAww.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\eydNIZU.exe
  C:\Windows\System\eydNIZU.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\CLPwemh.exe
  C:\Windows\System\CLPwemh.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\IIvDPIA.exe
  C:\Windows\System\IIvDPIA.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\NOCPZeV.exe
  C:\Windows\System\NOCPZeV.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\weuvbAg.exe
  C:\Windows\System\weuvbAg.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\mkVqAtP.exe
  C:\Windows\System\mkVqAtP.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\qyhPvoL.exe
  C:\Windows\System\qyhPvoL.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\RhyKUPL.exe
  C:\Windows\System\RhyKUPL.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\LSdlSZB.exe
  C:\Windows\System\LSdlSZB.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\liKVJUz.exe
  C:\Windows\System\liKVJUz.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\KBbmdRb.exe
  C:\Windows\System\KBbmdRb.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\DrqJofT.exe
  C:\Windows\System\DrqJofT.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\rqtQvOK.exe
  C:\Windows\System\rqtQvOK.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\ncquYVV.exe
  C:\Windows\System\ncquYVV.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\tyECKJJ.exe
  C:\Windows\System\tyECKJJ.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\XqXwUDe.exe
  C:\Windows\System\XqXwUDe.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\DITUtGl.exe
  C:\Windows\System\DITUtGl.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\gTwsFns.exe
  C:\Windows\System\gTwsFns.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\dhlmdgO.exe
  C:\Windows\System\dhlmdgO.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\aavxQKe.exe
  C:\Windows\System\aavxQKe.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\LhWslap.exe
  C:\Windows\System\LhWslap.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\uPDgyDX.exe
  C:\Windows\System\uPDgyDX.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\eIoUfOo.exe
  C:\Windows\System\eIoUfOo.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\cdLOHFz.exe
  C:\Windows\System\cdLOHFz.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\SmcmWxZ.exe
  C:\Windows\System\SmcmWxZ.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\mwjgRBM.exe
  C:\Windows\System\mwjgRBM.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\OmHuXUC.exe
  C:\Windows\System\OmHuXUC.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\UlrRuLj.exe
  C:\Windows\System\UlrRuLj.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\DTcWEua.exe
  C:\Windows\System\DTcWEua.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\lXbxYeM.exe
  C:\Windows\System\lXbxYeM.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\OuONQtp.exe
  C:\Windows\System\OuONQtp.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\TmWlldJ.exe
  C:\Windows\System\TmWlldJ.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\VztRjPi.exe
  C:\Windows\System\VztRjPi.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\UftRHIX.exe
  C:\Windows\System\UftRHIX.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\fWxgzoG.exe
  C:\Windows\System\fWxgzoG.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\DnkLziz.exe
  C:\Windows\System\DnkLziz.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\rUcSUMA.exe
  C:\Windows\System\rUcSUMA.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\nkHkpUM.exe
  C:\Windows\System\nkHkpUM.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\elFUmpG.exe
  C:\Windows\System\elFUmpG.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\vyTvstF.exe
  C:\Windows\System\vyTvstF.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\NCPTGbg.exe
  C:\Windows\System\NCPTGbg.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\IdtWMYV.exe
  C:\Windows\System\IdtWMYV.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\JTeiCXk.exe
  C:\Windows\System\JTeiCXk.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\bESWmTP.exe
  C:\Windows\System\bESWmTP.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\VBoGkBG.exe
  C:\Windows\System\VBoGkBG.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\MSsJvSx.exe
  C:\Windows\System\MSsJvSx.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\yythlnE.exe
  C:\Windows\System\yythlnE.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\jhFBTet.exe
  C:\Windows\System\jhFBTet.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\sudhGLY.exe
  C:\Windows\System\sudhGLY.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\hqncakb.exe
  C:\Windows\System\hqncakb.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\EVvnyek.exe
  C:\Windows\System\EVvnyek.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\WQySWLC.exe
  C:\Windows\System\WQySWLC.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\upCmkUT.exe
  C:\Windows\System\upCmkUT.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ULqNYaw.exe
  C:\Windows\System\ULqNYaw.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\KlLSnhG.exe
  C:\Windows\System\KlLSnhG.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\vRXHtLK.exe
  C:\Windows\System\vRXHtLK.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\QMqKcac.exe
  C:\Windows\System\QMqKcac.exe
  2⤵
  PID:1368
- C:\Windows\System\TraNuXd.exe
  C:\Windows\System\TraNuXd.exe
  2⤵
  PID:2032
- C:\Windows\System\amFVVpG.exe
  C:\Windows\System\amFVVpG.exe
  2⤵
  PID:2028
- C:\Windows\System\vLHHxlW.exe
  C:\Windows\System\vLHHxlW.exe
  2⤵
  PID:2148
- C:\Windows\System\avKuDFE.exe
  C:\Windows\System\avKuDFE.exe
  2⤵
  PID:2756
- C:\Windows\System\eHEOxNP.exe
  C:\Windows\System\eHEOxNP.exe
  2⤵
  PID:1004
- C:\Windows\System\iEaaPlq.exe
  C:\Windows\System\iEaaPlq.exe
  2⤵
  PID:1264
- C:\Windows\System\bGFYQhC.exe
  C:\Windows\System\bGFYQhC.exe
  2⤵
  PID:1512
- C:\Windows\System\NgOFBPb.exe
  C:\Windows\System\NgOFBPb.exe
  2⤵
  PID:1592
- C:\Windows\System\VBDXCsc.exe
  C:\Windows\System\VBDXCsc.exe
  2⤵
  PID:328
- C:\Windows\System\gzIlqwV.exe
  C:\Windows\System\gzIlqwV.exe
  2⤵
  PID:2436
- C:\Windows\System\wHhdrka.exe
  C:\Windows\System\wHhdrka.exe
  2⤵
  PID:576
- C:\Windows\System\YfcVlhh.exe
  C:\Windows\System\YfcVlhh.exe
  2⤵
  PID:1440
- C:\Windows\System\WgwrVMG.exe
  C:\Windows\System\WgwrVMG.exe
  2⤵
  PID:1292
- C:\Windows\System\EqEtWNt.exe
  C:\Windows\System\EqEtWNt.exe
  2⤵
  PID:3052
- C:\Windows\System\BcYAfZh.exe
  C:\Windows\System\BcYAfZh.exe
  2⤵
  PID:2408
- C:\Windows\System\JnvyXjn.exe
  C:\Windows\System\JnvyXjn.exe
  2⤵
  PID:880
- C:\Windows\System\QbZzGrK.exe
  C:\Windows\System\QbZzGrK.exe
  2⤵
  PID:2508
- C:\Windows\System\lgOwRdK.exe
  C:\Windows\System\lgOwRdK.exe
  2⤵
  PID:1048
- C:\Windows\System\UkEodmT.exe
  C:\Windows\System\UkEodmT.exe
  2⤵
  PID:2208
- C:\Windows\System\mhTBfSM.exe
  C:\Windows\System\mhTBfSM.exe
  2⤵
  PID:2336
- C:\Windows\System\zVLtuhl.exe
  C:\Windows\System\zVLtuhl.exe
  2⤵
  PID:2356
- C:\Windows\System\oenIctm.exe
  C:\Windows\System\oenIctm.exe
  2⤵
  PID:2660
- C:\Windows\System\pdBCfmK.exe
  C:\Windows\System\pdBCfmK.exe
  2⤵
  PID:2772
- C:\Windows\System\NPqdGns.exe
  C:\Windows\System\NPqdGns.exe
  2⤵
  PID:1924
- C:\Windows\System\sTtsjkn.exe
  C:\Windows\System\sTtsjkn.exe
  2⤵
  PID:324
- C:\Windows\System\KGaVMeG.exe
  C:\Windows\System\KGaVMeG.exe
  2⤵
  PID:1508
- C:\Windows\System\LMTQzah.exe
  C:\Windows\System\LMTQzah.exe
  2⤵
  PID:1876
- C:\Windows\System\SDLHZMB.exe
  C:\Windows\System\SDLHZMB.exe
  2⤵
  PID:1796
- C:\Windows\System\cdQCsMP.exe
  C:\Windows\System\cdQCsMP.exe
  2⤵
  PID:1720
- C:\Windows\System\pFsGpYq.exe
  C:\Windows\System\pFsGpYq.exe
  2⤵
  PID:2868
- C:\Windows\System\iIYXrQm.exe
  C:\Windows\System\iIYXrQm.exe
  2⤵
  PID:1624
- C:\Windows\System\ruZukXi.exe
  C:\Windows\System\ruZukXi.exe
  2⤵
  PID:1612
- C:\Windows\System\mpMhVrT.exe
  C:\Windows\System\mpMhVrT.exe
  2⤵
  PID:1692
- C:\Windows\System\AmFokub.exe
  C:\Windows\System\AmFokub.exe
  2⤵
  PID:1764
- C:\Windows\System\ZafMenH.exe
  C:\Windows\System\ZafMenH.exe
  2⤵
  PID:3044
- C:\Windows\System\jFnsiUz.exe
  C:\Windows\System\jFnsiUz.exe
  2⤵
  PID:1652
- C:\Windows\System\AiPqYlS.exe
  C:\Windows\System\AiPqYlS.exe
  2⤵
  PID:1360
- C:\Windows\System\GVpOMhV.exe
  C:\Windows\System\GVpOMhV.exe
  2⤵
  PID:1932
- C:\Windows\System\rlhZfAO.exe
  C:\Windows\System\rlhZfAO.exe
  2⤵
  PID:3000
- C:\Windows\System\imsiiwQ.exe
  C:\Windows\System\imsiiwQ.exe
  2⤵
  PID:1500
- C:\Windows\System\arYtHbL.exe
  C:\Windows\System\arYtHbL.exe
  2⤵
  PID:2612
- C:\Windows\System\WIoXmvQ.exe
  C:\Windows\System\WIoXmvQ.exe
  2⤵
  PID:2604
- C:\Windows\System\khZxRiU.exe
  C:\Windows\System\khZxRiU.exe
  2⤵
  PID:2008
- C:\Windows\System\rqHYfLU.exe
  C:\Windows\System\rqHYfLU.exe
  2⤵
  PID:2536
- C:\Windows\System\uKFWpCD.exe
  C:\Windows\System\uKFWpCD.exe
  2⤵
  PID:2876
- C:\Windows\System\wdBcyvJ.exe
  C:\Windows\System\wdBcyvJ.exe
  2⤵
  PID:1536
- C:\Windows\System\aEVaXfH.exe
  C:\Windows\System\aEVaXfH.exe
  2⤵
  PID:3080
- C:\Windows\System\vDlnoGU.exe
  C:\Windows\System\vDlnoGU.exe
  2⤵
  PID:3100
- C:\Windows\System\gTqXjoD.exe
  C:\Windows\System\gTqXjoD.exe
  2⤵
  PID:3116
- C:\Windows\System\dXbQfGi.exe
  C:\Windows\System\dXbQfGi.exe
  2⤵
  PID:3140
- C:\Windows\System\ndVowLw.exe
  C:\Windows\System\ndVowLw.exe
  2⤵
  PID:3160
- C:\Windows\System\ErxgwJs.exe
  C:\Windows\System\ErxgwJs.exe
  2⤵
  PID:3180
- C:\Windows\System\UzNWGGD.exe
  C:\Windows\System\UzNWGGD.exe
  2⤵
  PID:3200
- C:\Windows\System\sLSXiVl.exe
  C:\Windows\System\sLSXiVl.exe
  2⤵
  PID:3220
- C:\Windows\System\mVTGXaQ.exe
  C:\Windows\System\mVTGXaQ.exe
  2⤵
  PID:3240
- C:\Windows\System\orfrmCO.exe
  C:\Windows\System\orfrmCO.exe
  2⤵
  PID:3260
- C:\Windows\System\zwPWhBv.exe
  C:\Windows\System\zwPWhBv.exe
  2⤵
  PID:3280
- C:\Windows\System\PhwssVx.exe
  C:\Windows\System\PhwssVx.exe
  2⤵
  PID:3300
- C:\Windows\System\hUCdUmY.exe
  C:\Windows\System\hUCdUmY.exe
  2⤵
  PID:3320
- C:\Windows\System\CMlcaAi.exe
  C:\Windows\System\CMlcaAi.exe
  2⤵
  PID:3340
- C:\Windows\System\sPtgliU.exe
  C:\Windows\System\sPtgliU.exe
  2⤵
  PID:3360
- C:\Windows\System\dCIyXYh.exe
  C:\Windows\System\dCIyXYh.exe
  2⤵
  PID:3380
- C:\Windows\System\ovIattm.exe
  C:\Windows\System\ovIattm.exe
  2⤵
  PID:3404
- C:\Windows\System\NoUAmsm.exe
  C:\Windows\System\NoUAmsm.exe
  2⤵
  PID:3424
- C:\Windows\System\QkZhtEq.exe
  C:\Windows\System\QkZhtEq.exe
  2⤵
  PID:3444
- C:\Windows\System\ZnxvsRC.exe
  C:\Windows\System\ZnxvsRC.exe
  2⤵
  PID:3464
- C:\Windows\System\cBPZvGD.exe
  C:\Windows\System\cBPZvGD.exe
  2⤵
  PID:3484
- C:\Windows\System\SLttife.exe
  C:\Windows\System\SLttife.exe
  2⤵
  PID:3504
- C:\Windows\System\ZOhNpVP.exe
  C:\Windows\System\ZOhNpVP.exe
  2⤵
  PID:3524
- C:\Windows\System\cRbQjUy.exe
  C:\Windows\System\cRbQjUy.exe
  2⤵
  PID:3544
- C:\Windows\System\DWaotFJ.exe
  C:\Windows\System\DWaotFJ.exe
  2⤵
  PID:3564
- C:\Windows\System\VMgCDDo.exe
  C:\Windows\System\VMgCDDo.exe
  2⤵
  PID:3584
- C:\Windows\System\WQiIqXF.exe
  C:\Windows\System\WQiIqXF.exe
  2⤵
  PID:3604
- C:\Windows\System\eMnlGnv.exe
  C:\Windows\System\eMnlGnv.exe
  2⤵
  PID:3624
- C:\Windows\System\rHBfMAL.exe
  C:\Windows\System\rHBfMAL.exe
  2⤵
  PID:3644
- C:\Windows\System\xiMaTBc.exe
  C:\Windows\System\xiMaTBc.exe
  2⤵
  PID:3664
- C:\Windows\System\HgMAwhc.exe
  C:\Windows\System\HgMAwhc.exe
  2⤵
  PID:3684
- C:\Windows\System\GGUwDbf.exe
  C:\Windows\System\GGUwDbf.exe
  2⤵
  PID:3704
- C:\Windows\System\ydWcBjs.exe
  C:\Windows\System\ydWcBjs.exe
  2⤵
  PID:3724
- C:\Windows\System\LANsBTd.exe
  C:\Windows\System\LANsBTd.exe
  2⤵
  PID:3744
- C:\Windows\System\oCQgXNy.exe
  C:\Windows\System\oCQgXNy.exe
  2⤵
  PID:3764
- C:\Windows\System\FpYlEZS.exe
  C:\Windows\System\FpYlEZS.exe
  2⤵
  PID:3784
- C:\Windows\System\UswoYmC.exe
  C:\Windows\System\UswoYmC.exe
  2⤵
  PID:3804
- C:\Windows\System\MWQszFf.exe
  C:\Windows\System\MWQszFf.exe
  2⤵
  PID:3824
- C:\Windows\System\bKJZKqJ.exe
  C:\Windows\System\bKJZKqJ.exe
  2⤵
  PID:3844
- C:\Windows\System\kJHvAiv.exe
  C:\Windows\System\kJHvAiv.exe
  2⤵
  PID:3864
- C:\Windows\System\FCNqNkT.exe
  C:\Windows\System\FCNqNkT.exe
  2⤵
  PID:3884
- C:\Windows\System\yNfzEJm.exe
  C:\Windows\System\yNfzEJm.exe
  2⤵
  PID:3904
- C:\Windows\System\ZYIjGWP.exe
  C:\Windows\System\ZYIjGWP.exe
  2⤵
  PID:3924
- C:\Windows\System\chGTDFP.exe
  C:\Windows\System\chGTDFP.exe
  2⤵
  PID:3944
- C:\Windows\System\QaxnsYS.exe
  C:\Windows\System\QaxnsYS.exe
  2⤵
  PID:3964
- C:\Windows\System\fXbABjm.exe
  C:\Windows\System\fXbABjm.exe
  2⤵
  PID:3988
- C:\Windows\System\zjmsHbz.exe
  C:\Windows\System\zjmsHbz.exe
  2⤵
  PID:4008
- C:\Windows\System\ZCxhGwX.exe
  C:\Windows\System\ZCxhGwX.exe
  2⤵
  PID:4028
- C:\Windows\System\ftpbGiy.exe
  C:\Windows\System\ftpbGiy.exe
  2⤵
  PID:4048
- C:\Windows\System\oNDWUmh.exe
  C:\Windows\System\oNDWUmh.exe
  2⤵
  PID:4068
- C:\Windows\System\BDRQmOr.exe
  C:\Windows\System\BDRQmOr.exe
  2⤵
  PID:4088
- C:\Windows\System\YFLBGYh.exe
  C:\Windows\System\YFLBGYh.exe
  2⤵
  PID:2852
- C:\Windows\System\THDMpJG.exe
  C:\Windows\System\THDMpJG.exe
  2⤵
  PID:884
- C:\Windows\System\ylJBNrp.exe
  C:\Windows\System\ylJBNrp.exe
  2⤵
  PID:1432
- C:\Windows\System\jiMYyyj.exe
  C:\Windows\System\jiMYyyj.exe
  2⤵
  PID:2984
- C:\Windows\System\GwJwDft.exe
  C:\Windows\System\GwJwDft.exe
  2⤵
  PID:2992
- C:\Windows\System\YZfQqej.exe
  C:\Windows\System\YZfQqej.exe
  2⤵
  PID:2076
- C:\Windows\System\kYUDnHh.exe
  C:\Windows\System\kYUDnHh.exe
  2⤵
  PID:1940
- C:\Windows\System\BVPwnJV.exe
  C:\Windows\System\BVPwnJV.exe
  2⤵
  PID:2916
- C:\Windows\System\fTbpGDO.exe
  C:\Windows\System\fTbpGDO.exe
  2⤵
  PID:3096
- C:\Windows\System\lbQbshY.exe
  C:\Windows\System\lbQbshY.exe
  2⤵
  PID:3124
- C:\Windows\System\VyFgIJd.exe
  C:\Windows\System\VyFgIJd.exe
  2⤵
  PID:3112
- C:\Windows\System\Mzzvjhd.exe
  C:\Windows\System\Mzzvjhd.exe
  2⤵
  PID:3156
- C:\Windows\System\eZBINaY.exe
  C:\Windows\System\eZBINaY.exe
  2⤵
  PID:3216
- C:\Windows\System\uveLCwX.exe
  C:\Windows\System\uveLCwX.exe
  2⤵
  PID:3248
- C:\Windows\System\ZHcDnWb.exe
  C:\Windows\System\ZHcDnWb.exe
  2⤵
  PID:3292
- C:\Windows\System\innzitZ.exe
  C:\Windows\System\innzitZ.exe
  2⤵
  PID:3308
- C:\Windows\System\KdeDYAg.exe
  C:\Windows\System\KdeDYAg.exe
  2⤵
  PID:3312
- C:\Windows\System\HZFupTh.exe
  C:\Windows\System\HZFupTh.exe
  2⤵
  PID:3356
- C:\Windows\System\kriAwsX.exe
  C:\Windows\System\kriAwsX.exe
  2⤵
  PID:3416
- C:\Windows\System\MrrczAY.exe
  C:\Windows\System\MrrczAY.exe
  2⤵
  PID:3452
- C:\Windows\System\iLAOKZt.exe
  C:\Windows\System\iLAOKZt.exe
  2⤵
  PID:3500
- C:\Windows\System\zbhiYKn.exe
  C:\Windows\System\zbhiYKn.exe
  2⤵
  PID:3512
- C:\Windows\System\PvexEzU.exe
  C:\Windows\System\PvexEzU.exe
  2⤵
  PID:3540
- C:\Windows\System\cMmmPWL.exe
  C:\Windows\System\cMmmPWL.exe
  2⤵
  PID:3580
- C:\Windows\System\ZTIzHzn.exe
  C:\Windows\System\ZTIzHzn.exe
  2⤵
  PID:3596
- C:\Windows\System\JIyBwbM.exe
  C:\Windows\System\JIyBwbM.exe
  2⤵
  PID:3636
- C:\Windows\System\ANHhoQR.exe
  C:\Windows\System\ANHhoQR.exe
  2⤵
  PID:3672
- C:\Windows\System\piybHrb.exe
  C:\Windows\System\piybHrb.exe
  2⤵
  PID:3676
- C:\Windows\System\kDiPxEM.exe
  C:\Windows\System\kDiPxEM.exe
  2⤵
  PID:3740
- C:\Windows\System\PXozYUX.exe
  C:\Windows\System\PXozYUX.exe
  2⤵
  PID:3756
- C:\Windows\System\efWnbMr.exe
  C:\Windows\System\efWnbMr.exe
  2⤵
  PID:3800
- C:\Windows\System\QXTYkEl.exe
  C:\Windows\System\QXTYkEl.exe
  2⤵
  PID:3832
- C:\Windows\System\uiUPEZK.exe
  C:\Windows\System\uiUPEZK.exe
  2⤵
  PID:3892
- C:\Windows\System\WyArSQI.exe
  C:\Windows\System\WyArSQI.exe
  2⤵
  PID:3896
- C:\Windows\System\nWqPZRE.exe
  C:\Windows\System\nWqPZRE.exe
  2⤵
  PID:3916
- C:\Windows\System\BtfyIXW.exe
  C:\Windows\System\BtfyIXW.exe
  2⤵
  PID:3976
- C:\Windows\System\CeyKpNZ.exe
  C:\Windows\System\CeyKpNZ.exe
  2⤵
  PID:4016
- C:\Windows\System\WrBmFVF.exe
  C:\Windows\System\WrBmFVF.exe
  2⤵
  PID:4036
- C:\Windows\System\ElvkXMF.exe
  C:\Windows\System\ElvkXMF.exe
  2⤵
  PID:4040
- C:\Windows\System\hkggVxr.exe
  C:\Windows\System\hkggVxr.exe
  2⤵
  PID:1716
- C:\Windows\System\KSKcSai.exe
  C:\Windows\System\KSKcSai.exe
  2⤵
  PID:300
- C:\Windows\System\OuayKRv.exe
  C:\Windows\System\OuayKRv.exe
  2⤵
  PID:1672
- C:\Windows\System\AisVFuw.exe
  C:\Windows\System\AisVFuw.exe
  2⤵
  PID:2296
- C:\Windows\System\LUJzmia.exe
  C:\Windows\System\LUJzmia.exe
  2⤵
  PID:1016
- C:\Windows\System\MOtzfTb.exe
  C:\Windows\System\MOtzfTb.exe
  2⤵
  PID:1632
- C:\Windows\System\KrHHsAE.exe
  C:\Windows\System\KrHHsAE.exe
  2⤵
  PID:3148
- C:\Windows\System\RodPREW.exe
  C:\Windows\System\RodPREW.exe
  2⤵
  PID:2764
- C:\Windows\System\ruSYIPT.exe
  C:\Windows\System\ruSYIPT.exe
  2⤵
  PID:3288
- C:\Windows\System\IzNkIdj.exe
  C:\Windows\System\IzNkIdj.exe
  2⤵
  PID:3316
- C:\Windows\System\JbYpyHJ.exe
  C:\Windows\System\JbYpyHJ.exe
  2⤵
  PID:3372
- C:\Windows\System\AloBjsi.exe
  C:\Windows\System\AloBjsi.exe
  2⤵
  PID:3392
- C:\Windows\System\zSwtIxY.exe
  C:\Windows\System\zSwtIxY.exe
  2⤵
  PID:2736
- C:\Windows\System\wrkWjpO.exe
  C:\Windows\System\wrkWjpO.exe
  2⤵
  PID:3516
- C:\Windows\System\TZkxshR.exe
  C:\Windows\System\TZkxshR.exe
  2⤵
  PID:2696
- C:\Windows\System\nQIVJZM.exe
  C:\Windows\System\nQIVJZM.exe
  2⤵
  PID:3552
- C:\Windows\System\cHPMhDs.exe
  C:\Windows\System\cHPMhDs.exe
  2⤵
  PID:3600
- C:\Windows\System\xZpomDO.exe
  C:\Windows\System\xZpomDO.exe
  2⤵
  PID:3716
- C:\Windows\System\ePhbrkH.exe
  C:\Windows\System\ePhbrkH.exe
  2⤵
  PID:3792
- C:\Windows\System\ZprwexI.exe
  C:\Windows\System\ZprwexI.exe
  2⤵
  PID:3816
- C:\Windows\System\GQaLpfh.exe
  C:\Windows\System\GQaLpfh.exe
  2⤵
  PID:3912
- C:\Windows\System\sfncpBb.exe
  C:\Windows\System\sfncpBb.exe
  2⤵
  PID:3880
- C:\Windows\System\lMtmGUA.exe
  C:\Windows\System\lMtmGUA.exe
  2⤵
  PID:3952
- C:\Windows\System\lhCzWqM.exe
  C:\Windows\System\lhCzWqM.exe
  2⤵
  PID:4060
- C:\Windows\System\RPVqIIQ.exe
  C:\Windows\System\RPVqIIQ.exe
  2⤵
  PID:1688
- C:\Windows\System\PhUBbSV.exe
  C:\Windows\System\PhUBbSV.exe
  2⤵
  PID:4080
- C:\Windows\System\kcBdWsw.exe
  C:\Windows\System\kcBdWsw.exe
  2⤵
  PID:2400
- C:\Windows\System\eKiEAYs.exe
  C:\Windows\System\eKiEAYs.exe
  2⤵
  PID:2760
- C:\Windows\System\btujpIc.exe
  C:\Windows\System\btujpIc.exe
  2⤵
  PID:3188
- C:\Windows\System\umGyUWb.exe
  C:\Windows\System\umGyUWb.exe
  2⤵
  PID:3268
- C:\Windows\System\IfUygjS.exe
  C:\Windows\System\IfUygjS.exe
  2⤵
  PID:3332
- C:\Windows\System\FvucPzN.exe
  C:\Windows\System\FvucPzN.exe
  2⤵
  PID:3432
- C:\Windows\System\EdotiWv.exe
  C:\Windows\System\EdotiWv.exe
  2⤵
  PID:3492
- C:\Windows\System\qAGVWmC.exe
  C:\Windows\System\qAGVWmC.exe
  2⤵
  PID:3520
- C:\Windows\System\OsbOelv.exe
  C:\Windows\System\OsbOelv.exe
  2⤵
  PID:3660
- C:\Windows\System\irWSozA.exe
  C:\Windows\System\irWSozA.exe
  2⤵
  PID:3696
- C:\Windows\System\DVveLSq.exe
  C:\Windows\System\DVveLSq.exe
  2⤵
  PID:3856
- C:\Windows\System\QtPKZza.exe
  C:\Windows\System\QtPKZza.exe
  2⤵
  PID:4004
- C:\Windows\System\FQnLdVI.exe
  C:\Windows\System\FQnLdVI.exe
  2⤵
  PID:3956
- C:\Windows\System\fflcsYp.exe
  C:\Windows\System\fflcsYp.exe
  2⤵
  PID:4084
- C:\Windows\System\uwmqVZV.exe
  C:\Windows\System\uwmqVZV.exe
  2⤵
  PID:2036
- C:\Windows\System\aUxZSZU.exe
  C:\Windows\System\aUxZSZU.exe
  2⤵
  PID:3236
- C:\Windows\System\EctFPOV.exe
  C:\Windows\System\EctFPOV.exe
  2⤵
  PID:3076
- C:\Windows\System\jcynMeo.exe
  C:\Windows\System\jcynMeo.exe
  2⤵
  PID:3376
- C:\Windows\System\ZvzbGEU.exe
  C:\Windows\System\ZvzbGEU.exe
  2⤵
  PID:3612
- C:\Windows\System\wIkCrns.exe
  C:\Windows\System\wIkCrns.exe
  2⤵
  PID:4100
- C:\Windows\System\aDewZKk.exe
  C:\Windows\System\aDewZKk.exe
  2⤵
  PID:4124
- C:\Windows\System\SvdkQCh.exe
  C:\Windows\System\SvdkQCh.exe
  2⤵
  PID:4144
- C:\Windows\System\LqJNmXd.exe
  C:\Windows\System\LqJNmXd.exe
  2⤵
  PID:4164
- C:\Windows\System\hamBqhW.exe
  C:\Windows\System\hamBqhW.exe
  2⤵
  PID:4184
- C:\Windows\System\QHcpmiJ.exe
  C:\Windows\System\QHcpmiJ.exe
  2⤵
  PID:4204
- C:\Windows\System\wMwVWwm.exe
  C:\Windows\System\wMwVWwm.exe
  2⤵
  PID:4228
- C:\Windows\System\axAeIeN.exe
  C:\Windows\System\axAeIeN.exe
  2⤵
  PID:4248
- C:\Windows\System\XjVYZrq.exe
  C:\Windows\System\XjVYZrq.exe
  2⤵
  PID:4268
- C:\Windows\System\kQbLURx.exe
  C:\Windows\System\kQbLURx.exe
  2⤵
  PID:4288
- C:\Windows\System\DGmamRr.exe
  C:\Windows\System\DGmamRr.exe
  2⤵
  PID:4308
- C:\Windows\System\VIRpYwV.exe
  C:\Windows\System\VIRpYwV.exe
  2⤵
  PID:4328
- C:\Windows\System\ijDCswo.exe
  C:\Windows\System\ijDCswo.exe
  2⤵
  PID:4348
- C:\Windows\System\TmSfooL.exe
  C:\Windows\System\TmSfooL.exe
  2⤵
  PID:4368
- C:\Windows\System\faPXErY.exe
  C:\Windows\System\faPXErY.exe
  2⤵
  PID:4388
- C:\Windows\System\Ekqjdyo.exe
  C:\Windows\System\Ekqjdyo.exe
  2⤵
  PID:4408
- C:\Windows\System\YmmVlrf.exe
  C:\Windows\System\YmmVlrf.exe
  2⤵
  PID:4428
- C:\Windows\System\jWUfCoq.exe
  C:\Windows\System\jWUfCoq.exe
  2⤵
  PID:4448
- C:\Windows\System\vdXVijp.exe
  C:\Windows\System\vdXVijp.exe
  2⤵
  PID:4468
- C:\Windows\System\KKlDBaB.exe
  C:\Windows\System\KKlDBaB.exe
  2⤵
  PID:4488
- C:\Windows\System\ctzpqxa.exe
  C:\Windows\System\ctzpqxa.exe
  2⤵
  PID:4508
- C:\Windows\System\qNwRDQy.exe
  C:\Windows\System\qNwRDQy.exe
  2⤵
  PID:4528
- C:\Windows\System\ikbPrJh.exe
  C:\Windows\System\ikbPrJh.exe
  2⤵
  PID:4548
- C:\Windows\System\oPvVtST.exe
  C:\Windows\System\oPvVtST.exe
  2⤵
  PID:4568
- C:\Windows\System\zRrqpNf.exe
  C:\Windows\System\zRrqpNf.exe
  2⤵
  PID:4588
- C:\Windows\System\cTrNfoG.exe
  C:\Windows\System\cTrNfoG.exe
  2⤵
  PID:4608
- C:\Windows\System\fAmakjS.exe
  C:\Windows\System\fAmakjS.exe
  2⤵
  PID:4628
- C:\Windows\System\VVLSVRV.exe
  C:\Windows\System\VVLSVRV.exe
  2⤵
  PID:4648
- C:\Windows\System\tfpBfhl.exe
  C:\Windows\System\tfpBfhl.exe
  2⤵
  PID:4668
- C:\Windows\System\dTRXtTC.exe
  C:\Windows\System\dTRXtTC.exe
  2⤵
  PID:4688
- C:\Windows\System\WRktHDv.exe
  C:\Windows\System\WRktHDv.exe
  2⤵
  PID:4708
- C:\Windows\System\MmImguR.exe
  C:\Windows\System\MmImguR.exe
  2⤵
  PID:4728
- C:\Windows\System\ApiyrSZ.exe
  C:\Windows\System\ApiyrSZ.exe
  2⤵
  PID:4748
- C:\Windows\System\otbbGfc.exe
  C:\Windows\System\otbbGfc.exe
  2⤵
  PID:4768
- C:\Windows\System\FKqwsWY.exe
  C:\Windows\System\FKqwsWY.exe
  2⤵
  PID:4788
- C:\Windows\System\uowhoja.exe
  C:\Windows\System\uowhoja.exe
  2⤵
  PID:4812
- C:\Windows\System\gvInwgt.exe
  C:\Windows\System\gvInwgt.exe
  2⤵
  PID:4832
- C:\Windows\System\jAVgNdW.exe
  C:\Windows\System\jAVgNdW.exe
  2⤵
  PID:4848
- C:\Windows\System\HUZbujz.exe
  C:\Windows\System\HUZbujz.exe
  2⤵
  PID:4872
- C:\Windows\System\VdebhJS.exe
  C:\Windows\System\VdebhJS.exe
  2⤵
  PID:4892
- C:\Windows\System\DbnkvQX.exe
  C:\Windows\System\DbnkvQX.exe
  2⤵
  PID:4912
- C:\Windows\System\dEHLeCL.exe
  C:\Windows\System\dEHLeCL.exe
  2⤵
  PID:4932
- C:\Windows\System\WjuYmdK.exe
  C:\Windows\System\WjuYmdK.exe
  2⤵
  PID:4952
- C:\Windows\System\oVXrFln.exe
  C:\Windows\System\oVXrFln.exe
  2⤵
  PID:4972
- C:\Windows\System\jqwHprJ.exe
  C:\Windows\System\jqwHprJ.exe
  2⤵
  PID:4992
- C:\Windows\System\OIjXJER.exe
  C:\Windows\System\OIjXJER.exe
  2⤵
  PID:5012
- C:\Windows\System\tByKjGQ.exe
  C:\Windows\System\tByKjGQ.exe
  2⤵
  PID:5032
- C:\Windows\System\CMdybAL.exe
  C:\Windows\System\CMdybAL.exe
  2⤵
  PID:5052
- C:\Windows\System\WkhdTjY.exe
  C:\Windows\System\WkhdTjY.exe
  2⤵
  PID:5072
- C:\Windows\System\CDJGblR.exe
  C:\Windows\System\CDJGblR.exe
  2⤵
  PID:5092
- C:\Windows\System\fwVXQFg.exe
  C:\Windows\System\fwVXQFg.exe
  2⤵
  PID:5112
- C:\Windows\System\sORxSkK.exe
  C:\Windows\System\sORxSkK.exe
  2⤵
  PID:3700
- C:\Windows\System\wKPoOEr.exe
  C:\Windows\System\wKPoOEr.exe
  2⤵
  PID:3820
- C:\Windows\System\ABDWGXi.exe
  C:\Windows\System\ABDWGXi.exe
  2⤵
  PID:3996
- C:\Windows\System\EmKEwFX.exe
  C:\Windows\System\EmKEwFX.exe
  2⤵
  PID:2816
- C:\Windows\System\GewFWYD.exe
  C:\Windows\System\GewFWYD.exe
  2⤵
  PID:3388
- C:\Windows\System\XgeostQ.exe
  C:\Windows\System\XgeostQ.exe
  2⤵
  PID:3472
- C:\Windows\System\yvySwmC.exe
  C:\Windows\System\yvySwmC.exe
  2⤵
  PID:3592
- C:\Windows\System\hzOmYAP.exe
  C:\Windows\System\hzOmYAP.exe
  2⤵
  PID:4140
- C:\Windows\System\gXFzIYl.exe
  C:\Windows\System\gXFzIYl.exe
  2⤵
  PID:4180
- C:\Windows\System\IBHqMXN.exe
  C:\Windows\System\IBHqMXN.exe
  2⤵
  PID:4216
- C:\Windows\System\trLhTiI.exe
  C:\Windows\System\trLhTiI.exe
  2⤵
  PID:2740
- C:\Windows\System\UIBYMpt.exe
  C:\Windows\System\UIBYMpt.exe
  2⤵
  PID:4264
- C:\Windows\System\VScyLFM.exe
  C:\Windows\System\VScyLFM.exe
  2⤵
  PID:4284
- C:\Windows\System\aAVGrWu.exe
  C:\Windows\System\aAVGrWu.exe
  2⤵
  PID:4324
- C:\Windows\System\UorpFpy.exe
  C:\Windows\System\UorpFpy.exe
  2⤵
  PID:2328
- C:\Windows\System\qPyjCmB.exe
  C:\Windows\System\qPyjCmB.exe
  2⤵
  PID:4384
- C:\Windows\System\TZCnFTr.exe
  C:\Windows\System\TZCnFTr.exe
  2⤵
  PID:4400
- C:\Windows\System\vPoylCj.exe
  C:\Windows\System\vPoylCj.exe
  2⤵
  PID:4464
- C:\Windows\System\zWHqPWQ.exe
  C:\Windows\System\zWHqPWQ.exe
  2⤵
  PID:4496
- C:\Windows\System\yMEDcgE.exe
  C:\Windows\System\yMEDcgE.exe
  2⤵
  PID:4516
- C:\Windows\System\PIjbbnS.exe
  C:\Windows\System\PIjbbnS.exe
  2⤵
  PID:4520
- C:\Windows\System\vTluTGz.exe
  C:\Windows\System\vTluTGz.exe
  2⤵
  PID:4564
- C:\Windows\System\crVKQbx.exe
  C:\Windows\System\crVKQbx.exe
  2⤵
  PID:4596
- C:\Windows\System\ZoPKHkP.exe
  C:\Windows\System\ZoPKHkP.exe
  2⤵
  PID:4664
- C:\Windows\System\tGRNzQe.exe
  C:\Windows\System\tGRNzQe.exe
  2⤵
  PID:4704
- C:\Windows\System\HhwQTYv.exe
  C:\Windows\System\HhwQTYv.exe
  2⤵
  PID:4684
- C:\Windows\System\ZOxGMxa.exe
  C:\Windows\System\ZOxGMxa.exe
  2⤵
  PID:4716
- C:\Windows\System\kTPeHwB.exe
  C:\Windows\System\kTPeHwB.exe
  2⤵
  PID:4764
- C:\Windows\System\YTmQUvR.exe
  C:\Windows\System\YTmQUvR.exe
  2⤵
  PID:4796
- C:\Windows\System\SmvUTTI.exe
  C:\Windows\System\SmvUTTI.exe
  2⤵
  PID:4800
- C:\Windows\System\mHCPzEU.exe
  C:\Windows\System\mHCPzEU.exe
  2⤵
  PID:4844
- C:\Windows\System\jFcQSYY.exe
  C:\Windows\System\jFcQSYY.exe
  2⤵
  PID:4884
- C:\Windows\System\VOVsGnB.exe
  C:\Windows\System\VOVsGnB.exe
  2⤵
  PID:4928
- C:\Windows\System\tGkxOnM.exe
  C:\Windows\System\tGkxOnM.exe
  2⤵
  PID:4980
- C:\Windows\System\VoXBCVY.exe
  C:\Windows\System\VoXBCVY.exe
  2⤵
  PID:5000
- C:\Windows\System\SQxIuVH.exe
  C:\Windows\System\SQxIuVH.exe
  2⤵
  PID:5024
- C:\Windows\System\xFChyzi.exe
  C:\Windows\System\xFChyzi.exe
  2⤵
  PID:5048
- C:\Windows\System\NVbaYQV.exe
  C:\Windows\System\NVbaYQV.exe
  2⤵
  PID:5100
- C:\Windows\System\AoyFGFA.exe
  C:\Windows\System\AoyFGFA.exe
  2⤵
  PID:3840
- C:\Windows\System\lPdCJgl.exe
  C:\Windows\System\lPdCJgl.exe
  2⤵
  PID:4064
- C:\Windows\System\EwoHqKZ.exe
  C:\Windows\System\EwoHqKZ.exe
  2⤵
  PID:2496
- C:\Windows\System\opBJbsU.exe
  C:\Windows\System\opBJbsU.exe
  2⤵
  PID:3176
- C:\Windows\System\KKkxasr.exe
  C:\Windows\System\KKkxasr.exe
  2⤵
  PID:4112
- C:\Windows\System\ePOUrhV.exe
  C:\Windows\System\ePOUrhV.exe
  2⤵
  PID:4176
- C:\Windows\System\hZmwPQe.exe
  C:\Windows\System\hZmwPQe.exe
  2⤵
  PID:4200
- C:\Windows\System\RjFiSMv.exe
  C:\Windows\System\RjFiSMv.exe
  2⤵
  PID:4240
- C:\Windows\System\GbxPlcp.exe
  C:\Windows\System\GbxPlcp.exe
  2⤵
  PID:4304
- C:\Windows\System\aoWUaBQ.exe
  C:\Windows\System\aoWUaBQ.exe
  2⤵
  PID:4376
- C:\Windows\System\WqRzzHd.exe
  C:\Windows\System\WqRzzHd.exe
  2⤵
  PID:4420
- C:\Windows\System\pnRtYei.exe
  C:\Windows\System\pnRtYei.exe
  2⤵
  PID:4436
- C:\Windows\System\pNGhAYB.exe
  C:\Windows\System\pNGhAYB.exe
  2⤵
  PID:4480
- C:\Windows\System\ulbYSMA.exe
  C:\Windows\System\ulbYSMA.exe
  2⤵
  PID:4544
- C:\Windows\System\MaoETFD.exe
  C:\Windows\System\MaoETFD.exe
  2⤵
  PID:2872
- C:\Windows\System\HXEcmBZ.exe
  C:\Windows\System\HXEcmBZ.exe
  2⤵
  PID:4620
- C:\Windows\System\UeBrGnX.exe
  C:\Windows\System\UeBrGnX.exe
  2⤵
  PID:4676
- C:\Windows\System\nqgqEAO.exe
  C:\Windows\System\nqgqEAO.exe
  2⤵
  PID:4744
- C:\Windows\System\tgKTKjm.exe
  C:\Windows\System\tgKTKjm.exe
  2⤵
  PID:4808
- C:\Windows\System\BJLgLIX.exe
  C:\Windows\System\BJLgLIX.exe
  2⤵
  PID:4860
- C:\Windows\System\IcTdqvS.exe
  C:\Windows\System\IcTdqvS.exe
  2⤵
  PID:4864
- C:\Windows\System\BxZWebG.exe
  C:\Windows\System\BxZWebG.exe
  2⤵
  PID:2628
- C:\Windows\System\auminai.exe
  C:\Windows\System\auminai.exe
  2⤵
  PID:4984
- C:\Windows\System\OqJZdml.exe
  C:\Windows\System\OqJZdml.exe
  2⤵
  PID:5064
- C:\Windows\System\qJkRKZy.exe
  C:\Windows\System\qJkRKZy.exe
  2⤵
  PID:3812
- C:\Windows\System\EmJSIAv.exe
  C:\Windows\System\EmJSIAv.exe
  2⤵
  PID:4020
- C:\Windows\System\KgITHxr.exe
  C:\Windows\System\KgITHxr.exe
  2⤵
  PID:3496
- C:\Windows\System\bWvCmKV.exe
  C:\Windows\System\bWvCmKV.exe
  2⤵
  PID:4152
- C:\Windows\System\eOljQuv.exe
  C:\Windows\System\eOljQuv.exe
  2⤵
  PID:2092
- C:\Windows\System\hOyUMyw.exe
  C:\Windows\System\hOyUMyw.exe
  2⤵
  PID:2692
- C:\Windows\System\FiulSAG.exe
  C:\Windows\System\FiulSAG.exe
  2⤵
  PID:4336
- C:\Windows\System\pzGitds.exe
  C:\Windows\System\pzGitds.exe
  2⤵
  PID:2804
- C:\Windows\System\JPZkXmp.exe
  C:\Windows\System\JPZkXmp.exe
  2⤵
  PID:4500
- C:\Windows\System\viBIaZY.exe
  C:\Windows\System\viBIaZY.exe
  2⤵
  PID:4584
- C:\Windows\System\UMjHnXP.exe
  C:\Windows\System\UMjHnXP.exe
  2⤵
  PID:5128
- C:\Windows\System\QzEGmfX.exe
  C:\Windows\System\QzEGmfX.exe
  2⤵
  PID:5148
- C:\Windows\System\eGytKsW.exe
  C:\Windows\System\eGytKsW.exe
  2⤵
  PID:5168
- C:\Windows\System\EEXVInA.exe
  C:\Windows\System\EEXVInA.exe
  2⤵
  PID:5188
- C:\Windows\System\KKaWTkG.exe
  C:\Windows\System\KKaWTkG.exe
  2⤵
  PID:5208
- C:\Windows\System\kXnXRXM.exe
  C:\Windows\System\kXnXRXM.exe
  2⤵
  PID:5228
- C:\Windows\System\bLSZiQB.exe
  C:\Windows\System\bLSZiQB.exe
  2⤵
  PID:5248
- C:\Windows\System\WfljObd.exe
  C:\Windows\System\WfljObd.exe
  2⤵
  PID:5268
- C:\Windows\System\euLjVvv.exe
  C:\Windows\System\euLjVvv.exe
  2⤵
  PID:5288
- C:\Windows\System\nZKZgTU.exe
  C:\Windows\System\nZKZgTU.exe
  2⤵
  PID:5308
- C:\Windows\System\LZTgFsq.exe
  C:\Windows\System\LZTgFsq.exe
  2⤵
  PID:5328
- C:\Windows\System\OVDnLfT.exe
  C:\Windows\System\OVDnLfT.exe
  2⤵
  PID:5348
- C:\Windows\System\MPTDUma.exe
  C:\Windows\System\MPTDUma.exe
  2⤵
  PID:5368
- C:\Windows\System\jfTVvIP.exe
  C:\Windows\System\jfTVvIP.exe
  2⤵
  PID:5388
- C:\Windows\System\tILXoIt.exe
  C:\Windows\System\tILXoIt.exe
  2⤵
  PID:5408
- C:\Windows\System\yndCnFt.exe
  C:\Windows\System\yndCnFt.exe
  2⤵
  PID:5428
- C:\Windows\System\TOJorTY.exe
  C:\Windows\System\TOJorTY.exe
  2⤵
  PID:5448
- C:\Windows\System\ChFMDeA.exe
  C:\Windows\System\ChFMDeA.exe
  2⤵
  PID:5468
- C:\Windows\System\fKlnKdU.exe
  C:\Windows\System\fKlnKdU.exe
  2⤵
  PID:5488
- C:\Windows\System\oqKgepP.exe
  C:\Windows\System\oqKgepP.exe
  2⤵
  PID:5508
- C:\Windows\System\ABHmxBx.exe
  C:\Windows\System\ABHmxBx.exe
  2⤵
  PID:5528
- C:\Windows\System\xZRUEUA.exe
  C:\Windows\System\xZRUEUA.exe
  2⤵
  PID:5548
- C:\Windows\System\bZLZoOL.exe
  C:\Windows\System\bZLZoOL.exe
  2⤵
  PID:5572
- C:\Windows\System\jQKjJKO.exe
  C:\Windows\System\jQKjJKO.exe
  2⤵
  PID:5592
- C:\Windows\System\SQEoOEu.exe
  C:\Windows\System\SQEoOEu.exe
  2⤵
  PID:5612
- C:\Windows\System\jBoIqVG.exe
  C:\Windows\System\jBoIqVG.exe
  2⤵
  PID:5632
- C:\Windows\System\RDfiPHh.exe
  C:\Windows\System\RDfiPHh.exe
  2⤵
  PID:5652
- C:\Windows\System\nRGTkgb.exe
  C:\Windows\System\nRGTkgb.exe
  2⤵
  PID:5672
- C:\Windows\System\WMLJKeV.exe
  C:\Windows\System\WMLJKeV.exe
  2⤵
  PID:5692
- C:\Windows\System\cTrbmBj.exe
  C:\Windows\System\cTrbmBj.exe
  2⤵
  PID:5712
- C:\Windows\System\GPQXFRM.exe
  C:\Windows\System\GPQXFRM.exe
  2⤵
  PID:5732
- C:\Windows\System\gKwLnCb.exe
  C:\Windows\System\gKwLnCb.exe
  2⤵
  PID:5752
- C:\Windows\System\VijSYHp.exe
  C:\Windows\System\VijSYHp.exe
  2⤵
  PID:5772
- C:\Windows\System\RozYXmd.exe
  C:\Windows\System\RozYXmd.exe
  2⤵
  PID:5792
- C:\Windows\System\nMrrWWz.exe
  C:\Windows\System\nMrrWWz.exe
  2⤵
  PID:5812
- C:\Windows\System\lTsqnzJ.exe
  C:\Windows\System\lTsqnzJ.exe
  2⤵
  PID:5832
- C:\Windows\System\ygEinEz.exe
  C:\Windows\System\ygEinEz.exe
  2⤵
  PID:5852
- C:\Windows\System\tcmYzME.exe
  C:\Windows\System\tcmYzME.exe
  2⤵
  PID:5872
- C:\Windows\System\PLGqEcC.exe
  C:\Windows\System\PLGqEcC.exe
  2⤵
  PID:5892
- C:\Windows\System\IVXYNpf.exe
  C:\Windows\System\IVXYNpf.exe
  2⤵
  PID:5912
- C:\Windows\System\oSpVOTl.exe
  C:\Windows\System\oSpVOTl.exe
  2⤵
  PID:5932
- C:\Windows\System\IomFnuE.exe
  C:\Windows\System\IomFnuE.exe
  2⤵
  PID:5952
- C:\Windows\System\XJhDylb.exe
  C:\Windows\System\XJhDylb.exe
  2⤵
  PID:5972
- C:\Windows\System\bsskXBl.exe
  C:\Windows\System\bsskXBl.exe
  2⤵
  PID:5992
- C:\Windows\System\jCzpfWf.exe
  C:\Windows\System\jCzpfWf.exe
  2⤵
  PID:6012
- C:\Windows\System\ObihbLH.exe
  C:\Windows\System\ObihbLH.exe
  2⤵
  PID:6032
- C:\Windows\System\NJypTkg.exe
  C:\Windows\System\NJypTkg.exe
  2⤵
  PID:6052
- C:\Windows\System\tgatMiG.exe
  C:\Windows\System\tgatMiG.exe
  2⤵
  PID:6072
- C:\Windows\System\YlLpkor.exe
  C:\Windows\System\YlLpkor.exe
  2⤵
  PID:6092
- C:\Windows\System\KCSkNBK.exe
  C:\Windows\System\KCSkNBK.exe
  2⤵
  PID:6112
- C:\Windows\System\yMAMBbF.exe
  C:\Windows\System\yMAMBbF.exe
  2⤵
  PID:6132
- C:\Windows\System\EDsNmLE.exe
  C:\Windows\System\EDsNmLE.exe
  2⤵
  PID:2924
- C:\Windows\System\SgYGpBU.exe
  C:\Windows\System\SgYGpBU.exe
  2⤵
  PID:4756
- C:\Windows\System\unZdAqV.exe
  C:\Windows\System\unZdAqV.exe
  2⤵
  PID:4784
- C:\Windows\System\YjrLpSg.exe
  C:\Windows\System\YjrLpSg.exe
  2⤵
  PID:4900
- C:\Windows\System\azORWVV.exe
  C:\Windows\System\azORWVV.exe
  2⤵
  PID:5028
- C:\Windows\System\ygPwLNA.exe
  C:\Windows\System\ygPwLNA.exe
  2⤵
  PID:5068
- C:\Windows\System\VMDaCEY.exe
  C:\Windows\System\VMDaCEY.exe
  2⤵
  PID:3760
- C:\Windows\System\fCMUgTw.exe
  C:\Windows\System\fCMUgTw.exe
  2⤵
  PID:4116
- C:\Windows\System\MkortzK.exe
  C:\Windows\System\MkortzK.exe
  2⤵
  PID:4160
- C:\Windows\System\cqxxpqQ.exe
  C:\Windows\System\cqxxpqQ.exe
  2⤵
  PID:1948
- C:\Windows\System\QdzNYzD.exe
  C:\Windows\System\QdzNYzD.exe
  2⤵
  PID:2592
- C:\Windows\System\OlDsuBR.exe
  C:\Windows\System\OlDsuBR.exe
  2⤵
  PID:2668
- C:\Windows\System\apNHCwv.exe
  C:\Windows\System\apNHCwv.exe
  2⤵
  PID:4616
- C:\Windows\System\PyUmbqG.exe
  C:\Windows\System\PyUmbqG.exe
  2⤵
  PID:5140
- C:\Windows\System\OwEoQsm.exe
  C:\Windows\System\OwEoQsm.exe
  2⤵
  PID:5160
- C:\Windows\System\LVfSTbI.exe
  C:\Windows\System\LVfSTbI.exe
  2⤵
  PID:5204
- C:\Windows\System\hrEnUEE.exe
  C:\Windows\System\hrEnUEE.exe
  2⤵
  PID:5240
- C:\Windows\System\LNZjBZU.exe
  C:\Windows\System\LNZjBZU.exe
  2⤵
  PID:5276
- C:\Windows\System\raaFBWs.exe
  C:\Windows\System\raaFBWs.exe
  2⤵
  PID:5336
- C:\Windows\System\VTIXfiF.exe
  C:\Windows\System\VTIXfiF.exe
  2⤵
  PID:2792
- C:\Windows\System\BuAghff.exe
  C:\Windows\System\BuAghff.exe
  2⤵
  PID:5384
- C:\Windows\System\PlmhMvI.exe
  C:\Windows\System\PlmhMvI.exe
  2⤵
  PID:5416
- C:\Windows\System\xJyfXAu.exe
  C:\Windows\System\xJyfXAu.exe
  2⤵
  PID:5460
- C:\Windows\System\nzsSKrY.exe
  C:\Windows\System\nzsSKrY.exe
  2⤵
  PID:2640
- C:\Windows\System\lpFTtmr.exe
  C:\Windows\System\lpFTtmr.exe
  2⤵
  PID:5500
- C:\Windows\System\xZlhXKF.exe
  C:\Windows\System\xZlhXKF.exe
  2⤵
  PID:5544
- C:\Windows\System\WqVwKLO.exe
  C:\Windows\System\WqVwKLO.exe
  2⤵
  PID:5588
- C:\Windows\System\pKovhYH.exe
  C:\Windows\System\pKovhYH.exe
  2⤵
  PID:5604
- C:\Windows\System\QEUvsjX.exe
  C:\Windows\System\QEUvsjX.exe
  2⤵
  PID:5640
- C:\Windows\System\vQfpWKT.exe
  C:\Windows\System\vQfpWKT.exe
  2⤵
  PID:5680
- C:\Windows\System\UbZrfxh.exe
  C:\Windows\System\UbZrfxh.exe
  2⤵
  PID:5704
- C:\Windows\System\ZJHYORx.exe
  C:\Windows\System\ZJHYORx.exe
  2⤵
  PID:5748
- C:\Windows\System\STkJpCW.exe
  C:\Windows\System\STkJpCW.exe
  2⤵
  PID:5788
- C:\Windows\System\gXFdwpF.exe
  C:\Windows\System\gXFdwpF.exe
  2⤵
  PID:5800
- C:\Windows\System\bodlSHP.exe
  C:\Windows\System\bodlSHP.exe
  2⤵
  PID:5860
- C:\Windows\System\ihLmVtU.exe
  C:\Windows\System\ihLmVtU.exe
  2⤵
  PID:5868
- C:\Windows\System\jfGTKBT.exe
  C:\Windows\System\jfGTKBT.exe
  2⤵
  PID:5888
- C:\Windows\System\OfyCuFc.exe
  C:\Windows\System\OfyCuFc.exe
  2⤵
  PID:5924
- C:\Windows\System\ImDmyXK.exe
  C:\Windows\System\ImDmyXK.exe
  2⤵
  PID:5988
- C:\Windows\System\VVUQneN.exe
  C:\Windows\System\VVUQneN.exe
  2⤵
  PID:6020
- C:\Windows\System\DLWNXvT.exe
  C:\Windows\System\DLWNXvT.exe
  2⤵
  PID:6060
- C:\Windows\System\HWwJozv.exe
  C:\Windows\System\HWwJozv.exe
  2⤵
  PID:6068
- C:\Windows\System\iBhxaLE.exe
  C:\Windows\System\iBhxaLE.exe
  2⤵
  PID:6088
- C:\Windows\System\WAKZpkl.exe
  C:\Windows\System\WAKZpkl.exe
  2⤵
  PID:6128
- C:\Windows\System\qxAIMRI.exe
  C:\Windows\System\qxAIMRI.exe
  2⤵
  PID:4736
- C:\Windows\System\phmslIb.exe
  C:\Windows\System\phmslIb.exe
  2⤵
  PID:2488
- C:\Windows\System\QlNWLJC.exe
  C:\Windows\System\QlNWLJC.exe
  2⤵
  PID:4940
- C:\Windows\System\cPgGojR.exe
  C:\Windows\System\cPgGojR.exe
  2⤵
  PID:5104
- C:\Windows\System\lgRmLgV.exe
  C:\Windows\System\lgRmLgV.exe
  2⤵
  PID:1144
- C:\Windows\System\DjjxKNa.exe
  C:\Windows\System\DjjxKNa.exe
  2⤵
  PID:4344
- C:\Windows\System\htjSaFk.exe
  C:\Windows\System\htjSaFk.exe
  2⤵
  PID:4364
- C:\Windows\System\qkyXbVV.exe
  C:\Windows\System\qkyXbVV.exe
  2⤵
  PID:5136
- C:\Windows\System\GeUaKUl.exe
  C:\Windows\System\GeUaKUl.exe
  2⤵
  PID:5156
- C:\Windows\System\gTJtmmL.exe
  C:\Windows\System\gTJtmmL.exe
  2⤵
  PID:5244
- C:\Windows\System\tzGACvX.exe
  C:\Windows\System\tzGACvX.exe
  2⤵
  PID:5280
- C:\Windows\System\oRgOuPM.exe
  C:\Windows\System\oRgOuPM.exe
  2⤵
  PID:5344
- C:\Windows\System\zQYrLmo.exe
  C:\Windows\System\zQYrLmo.exe
  2⤵
  PID:5396
- C:\Windows\System\CWebhtp.exe
  C:\Windows\System\CWebhtp.exe
  2⤵
  PID:5440
- C:\Windows\System\yCdPjHQ.exe
  C:\Windows\System\yCdPjHQ.exe
  2⤵
  PID:5504
- C:\Windows\System\LGuefpm.exe
  C:\Windows\System\LGuefpm.exe
  2⤵
  PID:5524
- C:\Windows\System\OxWYbRJ.exe
  C:\Windows\System\OxWYbRJ.exe
  2⤵
  PID:5660
- C:\Windows\System\tfjhpkN.exe
  C:\Windows\System\tfjhpkN.exe
  2⤵
  PID:5708
- C:\Windows\System\hoXOPhq.exe
  C:\Windows\System\hoXOPhq.exe
  2⤵
  PID:5760
- C:\Windows\System\gLuvyko.exe
  C:\Windows\System\gLuvyko.exe
  2⤵
  PID:5764
- C:\Windows\System\NDNzNwA.exe
  C:\Windows\System\NDNzNwA.exe
  2⤵
  PID:5824
- C:\Windows\System\mNqTtOh.exe
  C:\Windows\System\mNqTtOh.exe
  2⤵
  PID:5904
- C:\Windows\System\fMjGmIA.exe
  C:\Windows\System\fMjGmIA.exe
  2⤵
  PID:5980
- C:\Windows\System\VsJnACP.exe
  C:\Windows\System\VsJnACP.exe
  2⤵
  PID:6000
- C:\Windows\System\goYhGfN.exe
  C:\Windows\System\goYhGfN.exe
  2⤵
  PID:6100
- C:\Windows\System\ZulkHSv.exe
  C:\Windows\System\ZulkHSv.exe
  2⤵
  PID:6104
- C:\Windows\System\oLhQuZs.exe
  C:\Windows\System\oLhQuZs.exe
  2⤵
  PID:4556
- C:\Windows\System\RuMCfdQ.exe
  C:\Windows\System\RuMCfdQ.exe
  2⤵
  PID:4644
- C:\Windows\System\xTuwyTx.exe
  C:\Windows\System\xTuwyTx.exe
  2⤵
  PID:4968
- C:\Windows\System\DeVeuly.exe
  C:\Windows\System\DeVeuly.exe
  2⤵
  PID:4192
- C:\Windows\System\PPRZFKe.exe
  C:\Windows\System\PPRZFKe.exe
  2⤵
  PID:4540
- C:\Windows\System\ytwbVdD.exe
  C:\Windows\System\ytwbVdD.exe
  2⤵
  PID:5184
- C:\Windows\System\lbeWcNO.exe
  C:\Windows\System\lbeWcNO.exe
  2⤵
  PID:5260
- C:\Windows\System\XyAbntq.exe
  C:\Windows\System\XyAbntq.exe
  2⤵
  PID:5420
- C:\Windows\System\GJrdKge.exe
  C:\Windows\System\GJrdKge.exe
  2⤵
  PID:5436
- C:\Windows\System\svwMlgU.exe
  C:\Windows\System\svwMlgU.exe
  2⤵
  PID:5584
- C:\Windows\System\JvNdBWI.exe
  C:\Windows\System\JvNdBWI.exe
  2⤵
  PID:5624
- C:\Windows\System\MLNoAvg.exe
  C:\Windows\System\MLNoAvg.exe
  2⤵
  PID:5688
- C:\Windows\System\VdubPyg.exe
  C:\Windows\System\VdubPyg.exe
  2⤵
  PID:5820
- C:\Windows\System\pVycMEj.exe
  C:\Windows\System\pVycMEj.exe
  2⤵
  PID:5900
- C:\Windows\System\xYYJRYt.exe
  C:\Windows\System\xYYJRYt.exe
  2⤵
  PID:6024
- C:\Windows\System\qVFrjea.exe
  C:\Windows\System\qVFrjea.exe
  2⤵
  PID:6120
- C:\Windows\System\tjhbPoK.exe
  C:\Windows\System\tjhbPoK.exe
  2⤵
  PID:4600
- C:\Windows\System\zJKBxAc.exe
  C:\Windows\System\zJKBxAc.exe
  2⤵
  PID:5060
- C:\Windows\System\FybFYsQ.exe
  C:\Windows\System\FybFYsQ.exe
  2⤵
  PID:6156
- C:\Windows\System\mOrbQLg.exe
  C:\Windows\System\mOrbQLg.exe
  2⤵
  PID:6176
- C:\Windows\System\mBEQyAE.exe
  C:\Windows\System\mBEQyAE.exe
  2⤵
  PID:6196
- C:\Windows\System\LCblphB.exe
  C:\Windows\System\LCblphB.exe
  2⤵
  PID:6216
- C:\Windows\System\ZeoNQHD.exe
  C:\Windows\System\ZeoNQHD.exe
  2⤵
  PID:6236
- C:\Windows\System\xzJpWEI.exe
  C:\Windows\System\xzJpWEI.exe
  2⤵
  PID:6256
- C:\Windows\System\omoMgfj.exe
  C:\Windows\System\omoMgfj.exe
  2⤵
  PID:6276
- C:\Windows\System\bgZCpgx.exe
  C:\Windows\System\bgZCpgx.exe
  2⤵
  PID:6296
- C:\Windows\System\qedgdei.exe
  C:\Windows\System\qedgdei.exe
  2⤵
  PID:6316
- C:\Windows\System\MQARlTj.exe
  C:\Windows\System\MQARlTj.exe
  2⤵
  PID:6336
- C:\Windows\System\yvRGPcG.exe
  C:\Windows\System\yvRGPcG.exe
  2⤵
  PID:6356
- C:\Windows\System\guHhOfx.exe
  C:\Windows\System\guHhOfx.exe
  2⤵
  PID:6376
- C:\Windows\System\SmXItvn.exe
  C:\Windows\System\SmXItvn.exe
  2⤵
  PID:6396
- C:\Windows\System\kTUPbtI.exe
  C:\Windows\System\kTUPbtI.exe
  2⤵
  PID:6416
- C:\Windows\System\fAxinAL.exe
  C:\Windows\System\fAxinAL.exe
  2⤵
  PID:6436
- C:\Windows\System\dCDSUEU.exe
  C:\Windows\System\dCDSUEU.exe
  2⤵
  PID:6456
- C:\Windows\System\xYtqVxZ.exe
  C:\Windows\System\xYtqVxZ.exe
  2⤵
  PID:6476
- C:\Windows\System\kffeXtx.exe
  C:\Windows\System\kffeXtx.exe
  2⤵
  PID:6496
- C:\Windows\System\VHofgvw.exe
  C:\Windows\System\VHofgvw.exe
  2⤵
  PID:6516
- C:\Windows\System\ZeCtkjf.exe
  C:\Windows\System\ZeCtkjf.exe
  2⤵
  PID:6540
- C:\Windows\System\pHWiPnB.exe
  C:\Windows\System\pHWiPnB.exe
  2⤵
  PID:6560
- C:\Windows\System\StDkHsR.exe
  C:\Windows\System\StDkHsR.exe
  2⤵
  PID:6580
- C:\Windows\System\ZMSSPSZ.exe
  C:\Windows\System\ZMSSPSZ.exe
  2⤵
  PID:6600
- C:\Windows\System\GJCGYAD.exe
  C:\Windows\System\GJCGYAD.exe
  2⤵
  PID:6620
- C:\Windows\System\kzBQMlq.exe
  C:\Windows\System\kzBQMlq.exe
  2⤵
  PID:6640
- C:\Windows\System\gZgVPck.exe
  C:\Windows\System\gZgVPck.exe
  2⤵
  PID:6660
- C:\Windows\System\uGOwXRb.exe
  C:\Windows\System\uGOwXRb.exe
  2⤵
  PID:6680
- C:\Windows\System\TbBkKhN.exe
  C:\Windows\System\TbBkKhN.exe
  2⤵
  PID:6700
- C:\Windows\System\MmPLKDK.exe
  C:\Windows\System\MmPLKDK.exe
  2⤵
  PID:6720
- C:\Windows\System\SrrjNtJ.exe
  C:\Windows\System\SrrjNtJ.exe
  2⤵
  PID:6740
- C:\Windows\System\UshGuXH.exe
  C:\Windows\System\UshGuXH.exe
  2⤵
  PID:6760
- C:\Windows\System\uRRRIXY.exe
  C:\Windows\System\uRRRIXY.exe
  2⤵
  PID:6780
- C:\Windows\System\AqzUAiE.exe
  C:\Windows\System\AqzUAiE.exe
  2⤵
  PID:6800
- C:\Windows\System\JFPRJZz.exe
  C:\Windows\System\JFPRJZz.exe
  2⤵
  PID:6820
- C:\Windows\System\KJptQdE.exe
  C:\Windows\System\KJptQdE.exe
  2⤵
  PID:6840
- C:\Windows\System\EZGCPxV.exe
  C:\Windows\System\EZGCPxV.exe
  2⤵
  PID:6860
- C:\Windows\System\IKbMrWw.exe
  C:\Windows\System\IKbMrWw.exe
  2⤵
  PID:6880
- C:\Windows\System\cnGYjEY.exe
  C:\Windows\System\cnGYjEY.exe
  2⤵
  PID:6900
- C:\Windows\System\qMcHVlD.exe
  C:\Windows\System\qMcHVlD.exe
  2⤵
  PID:6920
- C:\Windows\System\GpZbKYK.exe
  C:\Windows\System\GpZbKYK.exe
  2⤵
  PID:6940
- C:\Windows\System\EoKjRoM.exe
  C:\Windows\System\EoKjRoM.exe
  2⤵
  PID:6960
- C:\Windows\System\uPahEQd.exe
  C:\Windows\System\uPahEQd.exe
  2⤵
  PID:6980
- C:\Windows\System\wZOkdrW.exe
  C:\Windows\System\wZOkdrW.exe
  2⤵
  PID:7000
- C:\Windows\System\PCWaTan.exe
  C:\Windows\System\PCWaTan.exe
  2⤵
  PID:7020
- C:\Windows\System\ScbOkoZ.exe
  C:\Windows\System\ScbOkoZ.exe
  2⤵
  PID:7040
- C:\Windows\System\qGSOQGj.exe
  C:\Windows\System\qGSOQGj.exe
  2⤵
  PID:7060
- C:\Windows\System\CoTaXOC.exe
  C:\Windows\System\CoTaXOC.exe
  2⤵
  PID:7080
- C:\Windows\System\DSJETer.exe
  C:\Windows\System\DSJETer.exe
  2⤵
  PID:7100
- C:\Windows\System\MJvIqrp.exe
  C:\Windows\System\MJvIqrp.exe
  2⤵
  PID:7120
- C:\Windows\System\jpLHBmP.exe
  C:\Windows\System\jpLHBmP.exe
  2⤵
  PID:7140
- C:\Windows\System\mZJmYHw.exe
  C:\Windows\System\mZJmYHw.exe
  2⤵
  PID:7160
- C:\Windows\System\PWUEhMV.exe
  C:\Windows\System\PWUEhMV.exe
  2⤵
  PID:4316
- C:\Windows\System\HxYqETk.exe
  C:\Windows\System\HxYqETk.exe
  2⤵
  PID:4476
- C:\Windows\System\unLjjrI.exe
  C:\Windows\System\unLjjrI.exe
  2⤵
  PID:5340
- C:\Windows\System\xFVUEYb.exe
  C:\Windows\System\xFVUEYb.exe
  2⤵
  PID:5520
- C:\Windows\System\BUiGmfE.exe
  C:\Windows\System\BUiGmfE.exe
  2⤵
  PID:5728
- C:\Windows\System\edgphGm.exe
  C:\Windows\System\edgphGm.exe
  2⤵
  PID:2752
- C:\Windows\System\NZKSeHE.exe
  C:\Windows\System\NZKSeHE.exe
  2⤵
  PID:5960
- C:\Windows\System\EzfpXkP.exe
  C:\Windows\System\EzfpXkP.exe
  2⤵
  PID:6080
- C:\Windows\System\zpvPmWx.exe
  C:\Windows\System\zpvPmWx.exe
  2⤵
  PID:5004
- C:\Windows\System\lLCDICl.exe
  C:\Windows\System\lLCDICl.exe
  2⤵
  PID:6184
- C:\Windows\System\DbPjzpx.exe
  C:\Windows\System\DbPjzpx.exe
  2⤵
  PID:6204
- C:\Windows\System\TCIqGwL.exe
  C:\Windows\System\TCIqGwL.exe
  2⤵
  PID:6228
- C:\Windows\System\bSCVKTU.exe
  C:\Windows\System\bSCVKTU.exe
  2⤵
  PID:6272
- C:\Windows\System\IskFXeX.exe
  C:\Windows\System\IskFXeX.exe
  2⤵
  PID:6308
- C:\Windows\System\rkrOYvR.exe
  C:\Windows\System\rkrOYvR.exe
  2⤵
  PID:6332
- C:\Windows\System\KUVJNaK.exe
  C:\Windows\System\KUVJNaK.exe
  2⤵
  PID:6372
- C:\Windows\System\DECeqwZ.exe
  C:\Windows\System\DECeqwZ.exe
  2⤵
  PID:6424
- C:\Windows\System\HLeLNFH.exe
  C:\Windows\System\HLeLNFH.exe
  2⤵
  PID:6444
- C:\Windows\System\VAWEuqB.exe
  C:\Windows\System\VAWEuqB.exe
  2⤵
  PID:6468
- C:\Windows\System\qziIMsz.exe
  C:\Windows\System\qziIMsz.exe
  2⤵
  PID:6512
- C:\Windows\System\irFkBUZ.exe
  C:\Windows\System\irFkBUZ.exe
  2⤵
  PID:6548
- C:\Windows\System\UeZtwhr.exe
  C:\Windows\System\UeZtwhr.exe
  2⤵
  PID:6588
- C:\Windows\System\kxlppSp.exe
  C:\Windows\System\kxlppSp.exe
  2⤵
  PID:6592
- C:\Windows\System\YZygCqU.exe
  C:\Windows\System\YZygCqU.exe
  2⤵
  PID:6616
- C:\Windows\System\zlpjTsc.exe
  C:\Windows\System\zlpjTsc.exe
  2⤵
  PID:6668
- C:\Windows\System\bscpGuP.exe
  C:\Windows\System\bscpGuP.exe
  2⤵
  PID:6696
- C:\Windows\System\XqIPHkw.exe
  C:\Windows\System\XqIPHkw.exe
  2⤵
  PID:6748
- C:\Windows\System\fsCoXZx.exe
  C:\Windows\System\fsCoXZx.exe
  2⤵
  PID:6768
- C:\Windows\System\ZEyYrXT.exe
  C:\Windows\System\ZEyYrXT.exe
  2⤵
  PID:6792
- C:\Windows\System\FOEdQvH.exe
  C:\Windows\System\FOEdQvH.exe
  2⤵
  PID:6828
- C:\Windows\System\iMbcVoV.exe
  C:\Windows\System\iMbcVoV.exe
  2⤵
  PID:6852
- C:\Windows\System\cJkWhxc.exe
  C:\Windows\System\cJkWhxc.exe
  2⤵
  PID:6896
- C:\Windows\System\RSecwWa.exe
  C:\Windows\System\RSecwWa.exe
  2⤵
  PID:6928
- C:\Windows\System\EhZwdGI.exe
  C:\Windows\System\EhZwdGI.exe
  2⤵
  PID:6952
- C:\Windows\System\ezMYBwJ.exe
  C:\Windows\System\ezMYBwJ.exe
  2⤵
  PID:6996
- C:\Windows\System\dIKxYIJ.exe
  C:\Windows\System\dIKxYIJ.exe
  2⤵
  PID:7036
- C:\Windows\System\PWxXiol.exe
  C:\Windows\System\PWxXiol.exe
  2⤵
  PID:7068
- C:\Windows\System\UgUiZmJ.exe
  C:\Windows\System\UgUiZmJ.exe
  2⤵
  PID:7096
- C:\Windows\System\VXetqJB.exe
  C:\Windows\System\VXetqJB.exe
  2⤵
  PID:7128
- C:\Windows\System\vuWnCRu.exe
  C:\Windows\System\vuWnCRu.exe
  2⤵
  PID:7152
- C:\Windows\System\KTTiGEa.exe
  C:\Windows\System\KTTiGEa.exe
  2⤵
  PID:5164
- C:\Windows\System\WyrlIVW.exe
  C:\Windows\System\WyrlIVW.exe
  2⤵
  PID:5496
- C:\Windows\System\GjMJdIp.exe
  C:\Windows\System\GjMJdIp.exe
  2⤵
  PID:5556
- C:\Windows\System\Smrqxrw.exe
  C:\Windows\System\Smrqxrw.exe
  2⤵
  PID:5944
- C:\Windows\System\YYXVUgT.exe
  C:\Windows\System\YYXVUgT.exe
  2⤵
  PID:6108
- C:\Windows\System\MJFgVeN.exe
  C:\Windows\System\MJFgVeN.exe
  2⤵
  PID:6148
- C:\Windows\System\JlOgIcp.exe
  C:\Windows\System\JlOgIcp.exe
  2⤵
  PID:6224
- C:\Windows\System\aDuMQUP.exe
  C:\Windows\System\aDuMQUP.exe
  2⤵
  PID:6284
- C:\Windows\System\nyMcgkC.exe
  C:\Windows\System\nyMcgkC.exe
  2⤵
  PID:6348
- C:\Windows\System\ePRhuMZ.exe
  C:\Windows\System\ePRhuMZ.exe
  2⤵
  PID:6392
- C:\Windows\System\lFRaRAY.exe
  C:\Windows\System\lFRaRAY.exe
  2⤵
  PID:6428
- C:\Windows\System\pacKokF.exe
  C:\Windows\System\pacKokF.exe
  2⤵
  PID:6472
- C:\Windows\System\lwFQrIL.exe
  C:\Windows\System\lwFQrIL.exe
  2⤵
  PID:6524
- C:\Windows\System\hbeGYbW.exe
  C:\Windows\System\hbeGYbW.exe
  2⤵
  PID:6612
- C:\Windows\System\OTbvkUY.exe
  C:\Windows\System\OTbvkUY.exe
  2⤵
  PID:6648
- C:\Windows\System\gJGefZL.exe
  C:\Windows\System\gJGefZL.exe
  2⤵
  PID:6708
- C:\Windows\System\UyeTfNs.exe
  C:\Windows\System\UyeTfNs.exe
  2⤵
  PID:6736
- C:\Windows\System\AIvMsOo.exe
  C:\Windows\System\AIvMsOo.exe
  2⤵
  PID:6816
- C:\Windows\System\AniXBFE.exe
  C:\Windows\System\AniXBFE.exe
  2⤵
  PID:6848
- C:\Windows\System\SnomIDY.exe
  C:\Windows\System\SnomIDY.exe
  2⤵
  PID:6936
- C:\Windows\System\BlTfKrV.exe
  C:\Windows\System\BlTfKrV.exe
  2⤵
  PID:6912
- C:\Windows\System\tTLiHzy.exe
  C:\Windows\System\tTLiHzy.exe
  2⤵
  PID:7016
- C:\Windows\System\CQdyywT.exe
  C:\Windows\System\CQdyywT.exe
  2⤵
  PID:7052
- C:\Windows\System\tCFzZeo.exe
  C:\Windows\System\tCFzZeo.exe
  2⤵
  PID:7136
- C:\Windows\System\rljIcuh.exe
  C:\Windows\System\rljIcuh.exe
  2⤵
  PID:2728
- C:\Windows\System\qbDjirR.exe
  C:\Windows\System\qbDjirR.exe
  2⤵
  PID:5320
- C:\Windows\System\LaOaSsS.exe
  C:\Windows\System\LaOaSsS.exe
  2⤵
  PID:5600
- C:\Windows\System\NuHmarS.exe
  C:\Windows\System\NuHmarS.exe
  2⤵
  PID:5844
- C:\Windows\System\TuqpiHy.exe
  C:\Windows\System\TuqpiHy.exe
  2⤵
  PID:6188
- C:\Windows\System\SobLKnu.exe
  C:\Windows\System\SobLKnu.exe
  2⤵
  PID:6352
- C:\Windows\System\ynkJSZP.exe
  C:\Windows\System\ynkJSZP.exe
  2⤵
  PID:6432
- C:\Windows\System\HShFZwZ.exe
  C:\Windows\System\HShFZwZ.exe
  2⤵
  PID:6492
- C:\Windows\System\fWKJvLh.exe
  C:\Windows\System\fWKJvLh.exe
  2⤵
  PID:6568
- C:\Windows\System\iJAmBjd.exe
  C:\Windows\System\iJAmBjd.exe
  2⤵
  PID:6608
- C:\Windows\System\PvsJzXJ.exe
  C:\Windows\System\PvsJzXJ.exe
  2⤵
  PID:6812
- C:\Windows\System\IzhAyzc.exe
  C:\Windows\System\IzhAyzc.exe
  2⤵
  PID:6688
- C:\Windows\System\nbaVBHr.exe
  C:\Windows\System\nbaVBHr.exe
  2⤵
  PID:3400
- C:\Windows\System\UtfcGcC.exe
  C:\Windows\System\UtfcGcC.exe
  2⤵
  PID:6972
- C:\Windows\System\BxEdVgS.exe
  C:\Windows\System\BxEdVgS.exe
  2⤵
  PID:7116
- C:\Windows\System\iuTCWWK.exe
  C:\Windows\System\iuTCWWK.exe
  2⤵
  PID:5404
- C:\Windows\System\xXgFmAq.exe
  C:\Windows\System\xXgFmAq.exe
  2⤵
  PID:5220
- C:\Windows\System\ZTYupAu.exe
  C:\Windows\System\ZTYupAu.exe
  2⤵
  PID:5580
- C:\Windows\System\LiipCLg.exe
  C:\Windows\System\LiipCLg.exe
  2⤵
  PID:6264
- C:\Windows\System\mdgHsiA.exe
  C:\Windows\System\mdgHsiA.exe
  2⤵
  PID:6388
- C:\Windows\System\oxWjAWz.exe
  C:\Windows\System\oxWjAWz.exe
  2⤵
  PID:2544
- C:\Windows\System\YzxmcNC.exe
  C:\Windows\System\YzxmcNC.exe
  2⤵
  PID:6716
- C:\Windows\System\USaJGnG.exe
  C:\Windows\System\USaJGnG.exe
  2⤵
  PID:2932
- C:\Windows\System\jrtzeWg.exe
  C:\Windows\System\jrtzeWg.exe
  2⤵
  PID:6988
- C:\Windows\System\xKPExJM.exe
  C:\Windows\System\xKPExJM.exe
  2⤵
  PID:6916
- C:\Windows\System\bSPzGzx.exe
  C:\Windows\System\bSPzGzx.exe
  2⤵
  PID:7188
- C:\Windows\System\BpMZwky.exe
  C:\Windows\System\BpMZwky.exe
  2⤵
  PID:7208
- C:\Windows\System\XljqclE.exe
  C:\Windows\System\XljqclE.exe
  2⤵
  PID:7228
- C:\Windows\System\pZjsxnM.exe
  C:\Windows\System\pZjsxnM.exe
  2⤵
  PID:7248
- C:\Windows\System\EuJzPwr.exe
  C:\Windows\System\EuJzPwr.exe
  2⤵
  PID:7268
- C:\Windows\System\TxsjJeI.exe
  C:\Windows\System\TxsjJeI.exe
  2⤵
  PID:7292
- C:\Windows\System\vWJVHBq.exe
  C:\Windows\System\vWJVHBq.exe
  2⤵
  PID:7312
- C:\Windows\System\UokpjdO.exe
  C:\Windows\System\UokpjdO.exe
  2⤵
  PID:7332
- C:\Windows\System\jjQbUWH.exe
  C:\Windows\System\jjQbUWH.exe
  2⤵
  PID:7352
- C:\Windows\System\wzICrsa.exe
  C:\Windows\System\wzICrsa.exe
  2⤵
  PID:7372
- C:\Windows\System\CGhmgZy.exe
  C:\Windows\System\CGhmgZy.exe
  2⤵
  PID:7392
- C:\Windows\System\YztAOBF.exe
  C:\Windows\System\YztAOBF.exe
  2⤵
  PID:7412
- C:\Windows\System\PSeixWB.exe
  C:\Windows\System\PSeixWB.exe
  2⤵
  PID:7432
- C:\Windows\System\eFFyLDG.exe
  C:\Windows\System\eFFyLDG.exe
  2⤵
  PID:7452
- C:\Windows\System\kSDXwYH.exe
  C:\Windows\System\kSDXwYH.exe
  2⤵
  PID:7472
- C:\Windows\System\rdMgVnM.exe
  C:\Windows\System\rdMgVnM.exe
  2⤵
  PID:7492
- C:\Windows\System\caNMvQq.exe
  C:\Windows\System\caNMvQq.exe
  2⤵
  PID:7512
- C:\Windows\System\dWdRZuy.exe
  C:\Windows\System\dWdRZuy.exe
  2⤵
  PID:7532
- C:\Windows\System\NOoRlOz.exe
  C:\Windows\System\NOoRlOz.exe
  2⤵
  PID:7552
- C:\Windows\System\nXKhyzG.exe
  C:\Windows\System\nXKhyzG.exe
  2⤵
  PID:7572
- C:\Windows\System\GSGOmFD.exe
  C:\Windows\System\GSGOmFD.exe
  2⤵
  PID:7592
- C:\Windows\System\grxAknV.exe
  C:\Windows\System\grxAknV.exe
  2⤵
  PID:7616
- C:\Windows\System\KVYXeNx.exe
  C:\Windows\System\KVYXeNx.exe
  2⤵
  PID:7636
- C:\Windows\System\ssOldET.exe
  C:\Windows\System\ssOldET.exe
  2⤵
  PID:7656
- C:\Windows\System\UMcmXwu.exe
  C:\Windows\System\UMcmXwu.exe
  2⤵
  PID:7676
- C:\Windows\System\YQvrLoR.exe
  C:\Windows\System\YQvrLoR.exe
  2⤵
  PID:7696
- C:\Windows\System\qVuwKIY.exe
  C:\Windows\System\qVuwKIY.exe
  2⤵
  PID:7716
- C:\Windows\System\nanxzfL.exe
  C:\Windows\System\nanxzfL.exe
  2⤵
  PID:7736
- C:\Windows\System\JvNYkip.exe
  C:\Windows\System\JvNYkip.exe
  2⤵
  PID:7756
- C:\Windows\System\KcaiXmO.exe
  C:\Windows\System\KcaiXmO.exe
  2⤵
  PID:7776
- C:\Windows\System\tVjBzHn.exe
  C:\Windows\System\tVjBzHn.exe
  2⤵
  PID:7796
- C:\Windows\System\CLRLCsb.exe
  C:\Windows\System\CLRLCsb.exe
  2⤵
  PID:7816
- C:\Windows\System\KkVGDtq.exe
  C:\Windows\System\KkVGDtq.exe
  2⤵
  PID:7836
- C:\Windows\System\ZSijloC.exe
  C:\Windows\System\ZSijloC.exe
  2⤵
  PID:7856
- C:\Windows\System\sjgAoTU.exe
  C:\Windows\System\sjgAoTU.exe
  2⤵
  PID:7876
- C:\Windows\System\MzGjKLK.exe
  C:\Windows\System\MzGjKLK.exe
  2⤵
  PID:7896
- C:\Windows\System\RgqrwzF.exe
  C:\Windows\System\RgqrwzF.exe
  2⤵
  PID:7916
- C:\Windows\System\yLtMtJu.exe
  C:\Windows\System\yLtMtJu.exe
  2⤵
  PID:7936
- C:\Windows\System\AzLohyI.exe
  C:\Windows\System\AzLohyI.exe
  2⤵
  PID:7956
- C:\Windows\System\YhhmANu.exe
  C:\Windows\System\YhhmANu.exe
  2⤵
  PID:7976
- C:\Windows\System\ZUUlKQS.exe
  C:\Windows\System\ZUUlKQS.exe
  2⤵
  PID:7996
- C:\Windows\System\SPDzjuy.exe
  C:\Windows\System\SPDzjuy.exe
  2⤵
  PID:8016
- C:\Windows\System\MkAbxih.exe
  C:\Windows\System\MkAbxih.exe
  2⤵
  PID:8036
- C:\Windows\System\cDnYDRc.exe
  C:\Windows\System\cDnYDRc.exe
  2⤵
  PID:8056
- C:\Windows\System\EttgXXm.exe
  C:\Windows\System\EttgXXm.exe
  2⤵
  PID:8092
- C:\Windows\System\QUwcQEq.exe
  C:\Windows\System\QUwcQEq.exe
  2⤵
  PID:8124
- C:\Windows\System\OjRRipm.exe
  C:\Windows\System\OjRRipm.exe
  2⤵
  PID:8144
- C:\Windows\System\htdKpMp.exe
  C:\Windows\System\htdKpMp.exe
  2⤵
  PID:8164
- C:\Windows\System\qqAhUcY.exe
  C:\Windows\System\qqAhUcY.exe
  2⤵
  PID:8184
- C:\Windows\System\IEELjVr.exe
  C:\Windows\System\IEELjVr.exe
  2⤵
  PID:7088
- C:\Windows\System\jWiAyvv.exe
  C:\Windows\System\jWiAyvv.exe
  2⤵
  PID:6028
- C:\Windows\System\zEweGFB.exe
  C:\Windows\System\zEweGFB.exe
  2⤵
  PID:6168
- C:\Windows\System\TjCapxX.exe
  C:\Windows\System\TjCapxX.exe
  2⤵
  PID:6324
- C:\Windows\System\ntFpNqm.exe
  C:\Windows\System\ntFpNqm.exe
  2⤵
  PID:6344
- C:\Windows\System\aUWUVYi.exe
  C:\Windows\System\aUWUVYi.exe
  2⤵
  PID:3024
- C:\Windows\System\hIZETvg.exe
  C:\Windows\System\hIZETvg.exe
  2⤵
  PID:2936
- C:\Windows\System\PIIhTdM.exe
  C:\Windows\System\PIIhTdM.exe
  2⤵
  PID:7176
- C:\Windows\System\EaKMuFo.exe
  C:\Windows\System\EaKMuFo.exe
  2⤵
  PID:7204
- C:\Windows\System\MlEsdGu.exe
  C:\Windows\System\MlEsdGu.exe
  2⤵
  PID:7256
- C:\Windows\System\TDQHJZV.exe
  C:\Windows\System\TDQHJZV.exe
  2⤵
  PID:7276
- C:\Windows\System\zfPkQMp.exe
  C:\Windows\System\zfPkQMp.exe
  2⤵
  PID:7308
- C:\Windows\System\FCBaydS.exe
  C:\Windows\System\FCBaydS.exe
  2⤵
  PID:7364
- C:\Windows\System\WxVulYk.exe
  C:\Windows\System\WxVulYk.exe
  2⤵
  PID:7400
- C:\Windows\System\pAAnSWR.exe
  C:\Windows\System\pAAnSWR.exe
  2⤵
  PID:7404
- C:\Windows\System\jHnFfVH.exe
  C:\Windows\System\jHnFfVH.exe
  2⤵
  PID:7440
- C:\Windows\System\JLbShjc.exe
  C:\Windows\System\JLbShjc.exe
  2⤵
  PID:7480
- C:\Windows\System\gQCmNhs.exe
  C:\Windows\System\gQCmNhs.exe
  2⤵
  PID:7484
- C:\Windows\System\tFNwtiB.exe
  C:\Windows\System\tFNwtiB.exe
  2⤵
  PID:780
- C:\Windows\System\MHaTCyk.exe
  C:\Windows\System\MHaTCyk.exe
  2⤵
  PID:7544
- C:\Windows\System\RKaybRn.exe
  C:\Windows\System\RKaybRn.exe
  2⤵
  PID:1020
- C:\Windows\System\fLPlPqP.exe
  C:\Windows\System\fLPlPqP.exe
  2⤵
  PID:7564
- C:\Windows\System\lfaJnfU.exe
  C:\Windows\System\lfaJnfU.exe
  2⤵
  PID:7600
- C:\Windows\System\qAxPNRd.exe
  C:\Windows\System\qAxPNRd.exe
  2⤵
  PID:2608
- C:\Windows\System\wBPqRHI.exe
  C:\Windows\System\wBPqRHI.exe
  2⤵
  PID:2144
- C:\Windows\System\WhTORuo.exe
  C:\Windows\System\WhTORuo.exe
  2⤵
  PID:7688
- C:\Windows\System\akSSsAg.exe
  C:\Windows\System\akSSsAg.exe
  2⤵
  PID:7732
- C:\Windows\System\shDYuup.exe
  C:\Windows\System\shDYuup.exe
  2⤵
  PID:2464
- C:\Windows\System\siZvuPC.exe
  C:\Windows\System\siZvuPC.exe
  2⤵
  PID:7768
- C:\Windows\System\hhBLLsc.exe
  C:\Windows\System\hhBLLsc.exe
  2⤵
  PID:1296
- C:\Windows\System\KVFYheD.exe
  C:\Windows\System\KVFYheD.exe
  2⤵
  PID:7832
- C:\Windows\System\DCDwpxU.exe
  C:\Windows\System\DCDwpxU.exe
  2⤵
  PID:7828
- C:\Windows\System\FeIHJQY.exe
  C:\Windows\System\FeIHJQY.exe
  2⤵
  PID:7872
- C:\Windows\System\bTYnhpq.exe
  C:\Windows\System\bTYnhpq.exe
  2⤵
  PID:2860
- C:\Windows\System\xBaaCob.exe
  C:\Windows\System\xBaaCob.exe
  2⤵
  PID:7912
- C:\Windows\System\GxfEPwq.exe
  C:\Windows\System\GxfEPwq.exe
  2⤵
  PID:7892
- C:\Windows\System\MyFIrFM.exe
  C:\Windows\System\MyFIrFM.exe
  2⤵
  PID:7928
- C:\Windows\System\mLIUuXK.exe
  C:\Windows\System\mLIUuXK.exe
  2⤵
  PID:2652
- C:\Windows\System\sPqdyDa.exe
  C:\Windows\System\sPqdyDa.exe
  2⤵
  PID:7968
- C:\Windows\System\ickMCmN.exe
  C:\Windows\System\ickMCmN.exe
  2⤵
  PID:8032
- C:\Windows\System\iZTadns.exe
  C:\Windows\System\iZTadns.exe
  2⤵
  PID:2368
- C:\Windows\System\BmgpRao.exe
  C:\Windows\System\BmgpRao.exe
  2⤵
  PID:856
- C:\Windows\System\SUdPZvC.exe
  C:\Windows\System\SUdPZvC.exe
  2⤵
  PID:8048
- C:\Windows\System\eRPEMtR.exe
  C:\Windows\System\eRPEMtR.exe
  2⤵
  PID:8112
- C:\Windows\System\vgtmENw.exe
  C:\Windows\System\vgtmENw.exe
  2⤵
  PID:1872
- C:\Windows\System\iMOJlQD.exe
  C:\Windows\System\iMOJlQD.exe
  2⤵
  PID:2044
- C:\Windows\System\THbCGfy.exe
  C:\Windows\System\THbCGfy.exe
  2⤵
  PID:8140
- C:\Windows\System\FfHsbmP.exe
  C:\Windows\System\FfHsbmP.exe
  2⤵
  PID:7072
- C:\Windows\System\MuMFabN.exe
  C:\Windows\System\MuMFabN.exe
  2⤵
  PID:4172
- C:\Windows\System\RFDddTB.exe
  C:\Windows\System\RFDddTB.exe
  2⤵
  PID:2576
- C:\Windows\System\eWXHJwq.exe
  C:\Windows\System\eWXHJwq.exe
  2⤵
  PID:7300
- C:\Windows\System\mqEXmuw.exe
  C:\Windows\System\mqEXmuw.exe
  2⤵
  PID:7184
- C:\Windows\System\eBNQWis.exe
  C:\Windows\System\eBNQWis.exe
  2⤵
  PID:7264
- C:\Windows\System\HgVzCEj.exe
  C:\Windows\System\HgVzCEj.exe
  2⤵
  PID:7328
- C:\Windows\System\QzLEAuE.exe
  C:\Windows\System\QzLEAuE.exe
  2⤵
  PID:7324
- C:\Windows\System\VxVvdHl.exe
  C:\Windows\System\VxVvdHl.exe
  2⤵
  PID:7320
- C:\Windows\System\jNQPfnO.exe
  C:\Windows\System\jNQPfnO.exe
  2⤵
  PID:7420
- C:\Windows\System\JRvuAVq.exe
  C:\Windows\System\JRvuAVq.exe
  2⤵
  PID:7560
- C:\Windows\System\ubssupN.exe
  C:\Windows\System\ubssupN.exe
  2⤵
  PID:7548
- C:\Windows\System\UXycsTD.exe
  C:\Windows\System\UXycsTD.exe
  2⤵
  PID:7624
- C:\Windows\System\VRQDthD.exe
  C:\Windows\System\VRQDthD.exe
  2⤵
  PID:7628
- C:\Windows\System\VEOBUYe.exe
  C:\Windows\System\VEOBUYe.exe
  2⤵
  PID:7752
- C:\Windows\System\NpDtCFP.exe
  C:\Windows\System\NpDtCFP.exe
  2⤵
  PID:1140
- C:\Windows\System\SIRttEa.exe
  C:\Windows\System\SIRttEa.exe
  2⤵
  PID:7672
- C:\Windows\System\kfPmazR.exe
  C:\Windows\System\kfPmazR.exe
  2⤵
  PID:7724
- C:\Windows\System\rKOvSJr.exe
  C:\Windows\System\rKOvSJr.exe
  2⤵
  PID:7764
- C:\Windows\System\IgGnFMq.exe
  C:\Windows\System\IgGnFMq.exe
  2⤵
  PID:1528
- C:\Windows\System\IGsnoSR.exe
  C:\Windows\System\IGsnoSR.exe
  2⤵
  PID:7904
- C:\Windows\System\UVEZfnI.exe
  C:\Windows\System\UVEZfnI.exe
  2⤵
  PID:408
- C:\Windows\System\jWiOKzp.exe
  C:\Windows\System\jWiOKzp.exe
  2⤵
  PID:8024
- C:\Windows\System\YqptoCv.exe
  C:\Windows\System\YqptoCv.exe
  2⤵
  PID:1452
- C:\Windows\System\hctKnbN.exe
  C:\Windows\System\hctKnbN.exe
  2⤵
  PID:8100
- C:\Windows\System\zkEHOyl.exe
  C:\Windows\System\zkEHOyl.exe
  2⤵
  PID:1972
- C:\Windows\System\QnXkBvZ.exe
  C:\Windows\System\QnXkBvZ.exe
  2⤵
  PID:8180
- C:\Windows\System\ZMfvfGm.exe
  C:\Windows\System\ZMfvfGm.exe
  2⤵
  PID:8044
- C:\Windows\System\jgJKUKu.exe
  C:\Windows\System\jgJKUKu.exe
  2⤵
  PID:6596
- C:\Windows\System\pCBIMiF.exe
  C:\Windows\System\pCBIMiF.exe
  2⤵
  PID:1548
- C:\Windows\System\FyOpCLv.exe
  C:\Windows\System\FyOpCLv.exe
  2⤵
  PID:7304
- C:\Windows\System\akbBsDf.exe
  C:\Windows\System\akbBsDf.exe
  2⤵
  PID:7444
- C:\Windows\System\cchYPNc.exe
  C:\Windows\System\cchYPNc.exe
  2⤵
  PID:7540
- C:\Windows\System\ridRSVE.exe
  C:\Windows\System\ridRSVE.exe
  2⤵
  PID:7632
- C:\Windows\System\rpFoqNC.exe
  C:\Windows\System\rpFoqNC.exe
  2⤵
  PID:7608
- C:\Windows\System\KtogHyJ.exe
  C:\Windows\System\KtogHyJ.exe
  2⤵
  PID:7488
- C:\Windows\System\rSmHyuC.exe
  C:\Windows\System\rSmHyuC.exe
  2⤵
  PID:7852
- C:\Windows\System\TGVuoVh.exe
  C:\Windows\System\TGVuoVh.exe
  2⤵
  PID:2216
- C:\Windows\System\SzeSqcU.exe
  C:\Windows\System\SzeSqcU.exe
  2⤵
  PID:7864
- C:\Windows\System\wEXnvga.exe
  C:\Windows\System\wEXnvga.exe
  2⤵
  PID:2636
- C:\Windows\System\ZZLTVUa.exe
  C:\Windows\System\ZZLTVUa.exe
  2⤵
  PID:7824
- C:\Windows\System\yoRVnyM.exe
  C:\Windows\System\yoRVnyM.exe
  2⤵
  PID:7988
- C:\Windows\System\sKIwVqD.exe
  C:\Windows\System\sKIwVqD.exe
  2⤵
  PID:7984
- C:\Windows\System\QMpYIkz.exe
  C:\Windows\System\QMpYIkz.exe
  2⤵
  PID:7972
- C:\Windows\System\jXMhzhv.exe
  C:\Windows\System\jXMhzhv.exe
  2⤵
  PID:8160
- C:\Windows\System\xLKRLxB.exe
  C:\Windows\System\xLKRLxB.exe
  2⤵
  PID:8136
- C:\Windows\System\SpIUthE.exe
  C:\Windows\System\SpIUthE.exe
  2⤵
  PID:6672
- C:\Windows\System\TyZChAE.exe
  C:\Windows\System\TyZChAE.exe
  2⤵
  PID:7424
- C:\Windows\System\ZdioJHy.exe
  C:\Windows\System\ZdioJHy.exe
  2⤵
  PID:8176
- C:\Windows\System\QfbIlNP.exe
  C:\Windows\System\QfbIlNP.exe
  2⤵
  PID:7508
- C:\Windows\System\HaoPpgj.exe
  C:\Windows\System\HaoPpgj.exe
  2⤵
  PID:7944
- C:\Windows\System\AbYMkuY.exe
  C:\Windows\System\AbYMkuY.exe
  2⤵
  PID:7992
- C:\Windows\System\URrTwnz.exe
  C:\Windows\System\URrTwnz.exe
  2⤵
  PID:1568
- C:\Windows\System\MEHFYQH.exe
  C:\Windows\System\MEHFYQH.exe
  2⤵
  PID:7360
- C:\Windows\System\LkAgwny.exe
  C:\Windows\System\LkAgwny.exe
  2⤵
  PID:8172
- C:\Windows\System\JUWXrVl.exe
  C:\Windows\System\JUWXrVl.exe
  2⤵
  PID:2524
- C:\Windows\System\pHCyzVQ.exe
  C:\Windows\System\pHCyzVQ.exe
  2⤵
  PID:7240
- C:\Windows\System\eIjQgpr.exe
  C:\Windows\System\eIjQgpr.exe
  2⤵
  PID:7684
- C:\Windows\System\GAhMDBa.exe
  C:\Windows\System\GAhMDBa.exe
  2⤵
  PID:8064
- C:\Windows\System\lpFyVZw.exe
  C:\Windows\System\lpFyVZw.exe
  2⤵
  PID:2120
- C:\Windows\System\ilMDocX.exe
  C:\Windows\System\ilMDocX.exe
  2⤵
  PID:7244
- C:\Windows\System\QABeCmx.exe
  C:\Windows\System\QABeCmx.exe
  2⤵
  PID:7844
- C:\Windows\System\gnNxBet.exe
  C:\Windows\System\gnNxBet.exe
  2⤵
  PID:7808
- C:\Windows\System\OvNXdxj.exe
  C:\Windows\System\OvNXdxj.exe
  2⤵
  PID:2504
- C:\Windows\System\zuXkOVg.exe
  C:\Windows\System\zuXkOVg.exe
  2⤵
  PID:4636
- C:\Windows\System\eoSSXhO.exe
  C:\Windows\System\eoSSXhO.exe
  2⤵
  PID:7224
- C:\Windows\System\rEZFCXT.exe
  C:\Windows\System\rEZFCXT.exe
  2⤵
  PID:7384
- C:\Windows\System\poYIGPW.exe
  C:\Windows\System\poYIGPW.exe
  2⤵
  PID:8068
- C:\Windows\System\WSmiDEp.exe
  C:\Windows\System\WSmiDEp.exe
  2⤵
  PID:736
- C:\Windows\System\dzvEdSt.exe
  C:\Windows\System\dzvEdSt.exe
  2⤵
  PID:8208
- C:\Windows\System\jEtiaDG.exe
  C:\Windows\System\jEtiaDG.exe
  2⤵
  PID:8248
- C:\Windows\System\GHDvUQT.exe
  C:\Windows\System\GHDvUQT.exe
  2⤵
  PID:8268
- C:\Windows\System\QiItJgI.exe
  C:\Windows\System\QiItJgI.exe
  2⤵
  PID:8288
- C:\Windows\System\CJTNXDA.exe
  C:\Windows\System\CJTNXDA.exe
  2⤵
  PID:8304
- C:\Windows\System\rmqYmjM.exe
  C:\Windows\System\rmqYmjM.exe
  2⤵
  PID:8320
- C:\Windows\System\gnjpHKl.exe
  C:\Windows\System\gnjpHKl.exe
  2⤵
  PID:8336
- C:\Windows\System\eXeTtWm.exe
  C:\Windows\System\eXeTtWm.exe
  2⤵
  PID:8356
- C:\Windows\System\ryaonzj.exe
  C:\Windows\System\ryaonzj.exe
  2⤵
  PID:8376
- C:\Windows\System\shrPtEB.exe
  C:\Windows\System\shrPtEB.exe
  2⤵
  PID:8396
- C:\Windows\System\gLVzUtm.exe
  C:\Windows\System\gLVzUtm.exe
  2⤵
  PID:8412
- C:\Windows\System\DMHhoVn.exe
  C:\Windows\System\DMHhoVn.exe
  2⤵
  PID:8440
- C:\Windows\System\JjtZXkV.exe
  C:\Windows\System\JjtZXkV.exe
  2⤵
  PID:8460
- C:\Windows\System\ugpouQx.exe
  C:\Windows\System\ugpouQx.exe
  2⤵
  PID:8476
- C:\Windows\System\cAWxbxC.exe
  C:\Windows\System\cAWxbxC.exe
  2⤵
  PID:8508
- C:\Windows\System\PzpOEfc.exe
  C:\Windows\System\PzpOEfc.exe
  2⤵
  PID:8540
- C:\Windows\System\uxRfrkq.exe
  C:\Windows\System\uxRfrkq.exe
  2⤵
  PID:8560
- C:\Windows\System\HjPBRUn.exe
  C:\Windows\System\HjPBRUn.exe
  2⤵
  PID:8580
- C:\Windows\System\ciZkdEA.exe
  C:\Windows\System\ciZkdEA.exe
  2⤵
  PID:8596
- C:\Windows\System\kDzSxjd.exe
  C:\Windows\System\kDzSxjd.exe
  2⤵
  PID:8612
- C:\Windows\System\DHFQyGT.exe
  C:\Windows\System\DHFQyGT.exe
  2⤵
  PID:8628
- C:\Windows\System\zmiDmrd.exe
  C:\Windows\System\zmiDmrd.exe
  2⤵
  PID:8656
- C:\Windows\System\ABPowsl.exe
  C:\Windows\System\ABPowsl.exe
  2⤵
  PID:8672
- C:\Windows\System\imKSUpk.exe
  C:\Windows\System\imKSUpk.exe
  2⤵
  PID:8688
- C:\Windows\System\KdCzozr.exe
  C:\Windows\System\KdCzozr.exe
  2⤵
  PID:8704
- C:\Windows\System\JvoyeYl.exe
  C:\Windows\System\JvoyeYl.exe
  2⤵
  PID:8728
- C:\Windows\System\GdmWaju.exe
  C:\Windows\System\GdmWaju.exe
  2⤵
  PID:8744
- C:\Windows\System\wxjUgiU.exe
  C:\Windows\System\wxjUgiU.exe
  2⤵
  PID:8764
- C:\Windows\System\jrmXfnp.exe
  C:\Windows\System\jrmXfnp.exe
  2⤵
  PID:8792
- C:\Windows\System\cbzRDIQ.exe
  C:\Windows\System\cbzRDIQ.exe
  2⤵
  PID:8812
- C:\Windows\System\qFAJDvA.exe
  C:\Windows\System\qFAJDvA.exe
  2⤵
  PID:8844
- C:\Windows\System\vqJstfV.exe
  C:\Windows\System\vqJstfV.exe
  2⤵
  PID:8860
- C:\Windows\System\lKWiWwF.exe
  C:\Windows\System\lKWiWwF.exe
  2⤵
  PID:8876
- C:\Windows\System\BXvPPgM.exe
  C:\Windows\System\BXvPPgM.exe
  2⤵
  PID:8896
- C:\Windows\System\NnnILqy.exe
  C:\Windows\System\NnnILqy.exe
  2⤵
  PID:8920
- C:\Windows\System\hhzcqae.exe
  C:\Windows\System\hhzcqae.exe
  2⤵
  PID:8936
- C:\Windows\System\udCnykQ.exe
  C:\Windows\System\udCnykQ.exe
  2⤵
  PID:8952
- C:\Windows\System\ktJGuqU.exe
  C:\Windows\System\ktJGuqU.exe
  2⤵
  PID:8972
- C:\Windows\System\NccLfiU.exe
  C:\Windows\System\NccLfiU.exe
  2⤵
  PID:8988
- C:\Windows\System\wqjxosa.exe
  C:\Windows\System\wqjxosa.exe
  2⤵
  PID:9008
- C:\Windows\System\TrQITQL.exe
  C:\Windows\System\TrQITQL.exe
  2⤵
  PID:9028
- C:\Windows\System\jngKpkn.exe
  C:\Windows\System\jngKpkn.exe
  2⤵
  PID:9044
- C:\Windows\System\PhLvwmV.exe
  C:\Windows\System\PhLvwmV.exe
  2⤵
  PID:9084
- C:\Windows\System\QzzNkje.exe
  C:\Windows\System\QzzNkje.exe
  2⤵
  PID:9100
- C:\Windows\System\cuFElib.exe
  C:\Windows\System\cuFElib.exe
  2⤵
  PID:9116
- C:\Windows\System\dXeWded.exe
  C:\Windows\System\dXeWded.exe
  2⤵
  PID:9148
- C:\Windows\System\yxGupKY.exe
  C:\Windows\System\yxGupKY.exe
  2⤵
  PID:9164
- C:\Windows\System\MDlyqVU.exe
  C:\Windows\System\MDlyqVU.exe
  2⤵
  PID:9180
- C:\Windows\System\UheCDsM.exe
  C:\Windows\System\UheCDsM.exe
  2⤵
  PID:9196
- C:\Windows\System\rteuxRa.exe
  C:\Windows\System\rteuxRa.exe
  2⤵
  PID:2672
- C:\Windows\System\JLVIkDy.exe
  C:\Windows\System\JLVIkDy.exe
  2⤵
  PID:8220
- C:\Windows\System\jDwxqGu.exe
  C:\Windows\System\jDwxqGu.exe
  2⤵
  PID:8236
- C:\Windows\System\ToOICks.exe
  C:\Windows\System\ToOICks.exe
  2⤵
  PID:8316
- C:\Windows\System\usmWqjR.exe
  C:\Windows\System\usmWqjR.exe
  2⤵
  PID:8384
- C:\Windows\System\XqadHcN.exe
  C:\Windows\System\XqadHcN.exe
  2⤵
  PID:8420
- C:\Windows\System\PLtUcip.exe
  C:\Windows\System\PLtUcip.exe
  2⤵
  PID:8368
- C:\Windows\System\UTbnTxQ.exe
  C:\Windows\System\UTbnTxQ.exe
  2⤵
  PID:8404
- C:\Windows\System\RumBMVj.exe
  C:\Windows\System\RumBMVj.exe
  2⤵
  PID:8468
- C:\Windows\System\rqZvxrJ.exe
  C:\Windows\System\rqZvxrJ.exe
  2⤵
  PID:8496
- C:\Windows\System\uxYIahH.exe
  C:\Windows\System\uxYIahH.exe
  2⤵
  PID:8528
- C:\Windows\System\FziFEDT.exe
  C:\Windows\System\FziFEDT.exe
  2⤵
  PID:8552
- C:\Windows\System\fRyATmO.exe
  C:\Windows\System\fRyATmO.exe
  2⤵
  PID:8604
- C:\Windows\System\fJvthfI.exe
  C:\Windows\System\fJvthfI.exe
  2⤵
  PID:8640
- C:\Windows\System\bvazYOf.exe
  C:\Windows\System\bvazYOf.exe
  2⤵
  PID:8716
- C:\Windows\System\lJmUXfd.exe
  C:\Windows\System\lJmUXfd.exe
  2⤵
  PID:8720
- C:\Windows\System\KMOZwUr.exe
  C:\Windows\System\KMOZwUr.exe
  2⤵
  PID:8736
- C:\Windows\System\iEzesdb.exe
  C:\Windows\System\iEzesdb.exe
  2⤵
  PID:8800
- C:\Windows\System\PqIMgGR.exe
  C:\Windows\System\PqIMgGR.exe
  2⤵
  PID:8808
- C:\Windows\System\PvKWzkj.exe
  C:\Windows\System\PvKWzkj.exe
  2⤵
  PID:8836
- C:\Windows\System\QWUNdhL.exe
  C:\Windows\System\QWUNdhL.exe
  2⤵
  PID:8888
- C:\Windows\System\tHPmDFE.exe
  C:\Windows\System\tHPmDFE.exe
  2⤵
  PID:8928
- C:\Windows\System\qVlcidR.exe
  C:\Windows\System\qVlcidR.exe
  2⤵
  PID:8996
- C:\Windows\System\pClFzzX.exe
  C:\Windows\System\pClFzzX.exe
  2⤵
  PID:9040
- C:\Windows\System\XGOJYSc.exe
  C:\Windows\System\XGOJYSc.exe
  2⤵
  PID:9016
- C:\Windows\System\NfJjSFa.exe
  C:\Windows\System\NfJjSFa.exe
  2⤵
  PID:8944
- C:\Windows\System\oBeyVMr.exe
  C:\Windows\System\oBeyVMr.exe
  2⤵
  PID:9068
- C:\Windows\System\VtXyjty.exe
  C:\Windows\System\VtXyjty.exe
  2⤵
  PID:9092
- C:\Windows\System\DLvMWav.exe
  C:\Windows\System\DLvMWav.exe
  2⤵
  PID:9108
- C:\Windows\System\hnTozIF.exe
  C:\Windows\System\hnTozIF.exe
  2⤵
  PID:9204
- C:\Windows\System\duWHTHY.exe
  C:\Windows\System\duWHTHY.exe
  2⤵
  PID:9156
- C:\Windows\System\ckeoZYs.exe
  C:\Windows\System\ckeoZYs.exe
  2⤵
  PID:2912
- C:\Windows\System\gjBlCuk.exe
  C:\Windows\System\gjBlCuk.exe
  2⤵
  PID:8840
- C:\Windows\System\bETCaSl.exe
  C:\Windows\System\bETCaSl.exe
  2⤵
  PID:8348
- C:\Windows\System\Simgddx.exe
  C:\Windows\System\Simgddx.exe
  2⤵
  PID:8332
- C:\Windows\System\OAWgvym.exe
  C:\Windows\System\OAWgvym.exe
  2⤵
  PID:8408
- C:\Windows\System\PTAArTW.exe
  C:\Windows\System\PTAArTW.exe
  2⤵
  PID:8520
- C:\Windows\System\zOxhMBU.exe
  C:\Windows\System\zOxhMBU.exe
  2⤵
  PID:8680
- C:\Windows\System\TyqZYTj.exe
  C:\Windows\System\TyqZYTj.exe
  2⤵
  PID:8760
- C:\Windows\System\vQguOzg.exe
  C:\Windows\System\vQguOzg.exe
  2⤵
  PID:8804
- C:\Windows\System\EfbrLKK.exe
  C:\Windows\System\EfbrLKK.exe
  2⤵
  PID:8668
- C:\Windows\System\ZEZJUSP.exe
  C:\Windows\System\ZEZJUSP.exe
  2⤵
  PID:8648
- C:\Windows\System\xeOoYBL.exe
  C:\Windows\System\xeOoYBL.exe
  2⤵
  PID:8820
- C:\Windows\System\eBisEBr.exe
  C:\Windows\System\eBisEBr.exe
  2⤵
  PID:8856
- C:\Windows\System\MbUxIvM.exe
  C:\Windows\System\MbUxIvM.exe
  2⤵
  PID:8968
- C:\Windows\System\vgtHlGa.exe
  C:\Windows\System\vgtHlGa.exe
  2⤵
  PID:9056
- C:\Windows\System\mgLBAfO.exe
  C:\Windows\System\mgLBAfO.exe
  2⤵
  PID:8912
- C:\Windows\System\HFDDnwd.exe
  C:\Windows\System\HFDDnwd.exe
  2⤵
  PID:9176
- C:\Windows\System\JnUpKWH.exe
  C:\Windows\System\JnUpKWH.exe
  2⤵
  PID:8200
- C:\Windows\System\AnXErWr.exe
  C:\Windows\System\AnXErWr.exe
  2⤵
  PID:8256
- C:\Windows\System\oVvmOVd.exe
  C:\Windows\System\oVvmOVd.exe
  2⤵
  PID:8392
- C:\Windows\System\tfTfgCN.exe
  C:\Windows\System\tfTfgCN.exe
  2⤵
  PID:8296
- C:\Windows\System\upMubCN.exe
  C:\Windows\System\upMubCN.exe
  2⤵
  PID:8436
- C:\Windows\System\PwlLYqx.exe
  C:\Windows\System\PwlLYqx.exe
  2⤵
  PID:8504
- C:\Windows\System\oWSrBjj.exe
  C:\Windows\System\oWSrBjj.exe
  2⤵
  PID:8756
- C:\Windows\System\hPEbQZQ.exe
  C:\Windows\System\hPEbQZQ.exe
  2⤵
  PID:8644
- C:\Windows\System\QGSQztZ.exe
  C:\Windows\System\QGSQztZ.exe
  2⤵
  PID:9020
- C:\Windows\System\tpdzEIA.exe
  C:\Windows\System\tpdzEIA.exe
  2⤵
  PID:9036
- C:\Windows\System\WRNeUQC.exe
  C:\Windows\System\WRNeUQC.exe
  2⤵
  PID:9140
- C:\Windows\System\zXGflLM.exe
  C:\Windows\System\zXGflLM.exe
  2⤵
  PID:9076
- C:\Windows\System\VBcLZYY.exe
  C:\Windows\System\VBcLZYY.exe
  2⤵
  PID:8280
- C:\Windows\System\ZCxRUTK.exe
  C:\Windows\System\ZCxRUTK.exe
  2⤵
  PID:8548
- C:\Windows\System\SHPrnbj.exe
  C:\Windows\System\SHPrnbj.exe
  2⤵
  PID:8872
- C:\Windows\System\kTVJYbJ.exe
  C:\Windows\System\kTVJYbJ.exe
  2⤵
  PID:8492
- C:\Windows\System\gilgTQB.exe
  C:\Windows\System\gilgTQB.exe
  2⤵
  PID:8908
- C:\Windows\System\qQHrxNM.exe
  C:\Windows\System\qQHrxNM.exe
  2⤵
  PID:9132
- C:\Windows\System\dOgxTET.exe
  C:\Windows\System\dOgxTET.exe
  2⤵
  PID:9128
- C:\Windows\System\HtBbsOh.exe
  C:\Windows\System\HtBbsOh.exe
  2⤵
  PID:8576
- C:\Windows\System\LStaNkA.exe
  C:\Windows\System\LStaNkA.exe
  2⤵
  PID:8300
- C:\Windows\System\iOIRfNG.exe
  C:\Windows\System\iOIRfNG.exe
  2⤵
  PID:8784
- C:\Windows\System\zyUoorQ.exe
  C:\Windows\System\zyUoorQ.exe
  2⤵
  PID:9160
- C:\Windows\System\ByKcyRL.exe
  C:\Windows\System\ByKcyRL.exe
  2⤵
  PID:8960
- C:\Windows\System\SMjLQzs.exe
  C:\Windows\System\SMjLQzs.exe
  2⤵
  PID:8780
- C:\Windows\System\aitFlZY.exe
  C:\Windows\System\aitFlZY.exe
  2⤵
  PID:8488
- C:\Windows\System\xTKcFnG.exe
  C:\Windows\System\xTKcFnG.exe
  2⤵
  PID:9228
- C:\Windows\System\uResepC.exe
  C:\Windows\System\uResepC.exe
  2⤵
  PID:9244
- C:\Windows\System\iYjRlJi.exe
  C:\Windows\System\iYjRlJi.exe
  2⤵
  PID:9260
- C:\Windows\System\WnfTGFK.exe
  C:\Windows\System\WnfTGFK.exe
  2⤵
  PID:9280
- C:\Windows\System\DaWKSYC.exe
  C:\Windows\System\DaWKSYC.exe
  2⤵
  PID:9296
- C:\Windows\System\iiiKuSJ.exe
  C:\Windows\System\iiiKuSJ.exe
  2⤵
  PID:9328
- C:\Windows\System\uMUNADD.exe
  C:\Windows\System\uMUNADD.exe
  2⤵
  PID:9356
- C:\Windows\System\dzSPoKw.exe
  C:\Windows\System\dzSPoKw.exe
  2⤵
  PID:9380
- C:\Windows\System\bqMUZeG.exe
  C:\Windows\System\bqMUZeG.exe
  2⤵
  PID:9396
- C:\Windows\System\Duwigvf.exe
  C:\Windows\System\Duwigvf.exe
  2⤵
  PID:9420
- C:\Windows\System\sLtUAmf.exe
  C:\Windows\System\sLtUAmf.exe
  2⤵
  PID:9440
- C:\Windows\System\nfxYBpT.exe
  C:\Windows\System\nfxYBpT.exe
  2⤵
  PID:9456
- C:\Windows\System\EBzEjXW.exe
  C:\Windows\System\EBzEjXW.exe
  2⤵
  PID:9472
- C:\Windows\System\faJeGBt.exe
  C:\Windows\System\faJeGBt.exe
  2⤵
  PID:9488
- C:\Windows\System\HOeXxyl.exe
  C:\Windows\System\HOeXxyl.exe
  2⤵
  PID:9508
- C:\Windows\System\zkwbIoD.exe
  C:\Windows\System\zkwbIoD.exe
  2⤵
  PID:9524
- C:\Windows\System\MRikowT.exe
  C:\Windows\System\MRikowT.exe
  2⤵
  PID:9540
- C:\Windows\System\fxXentX.exe
  C:\Windows\System\fxXentX.exe
  2⤵
  PID:9560
- C:\Windows\System\SIkLqEW.exe
  C:\Windows\System\SIkLqEW.exe
  2⤵
  PID:9584
- C:\Windows\System\eihHUsc.exe
  C:\Windows\System\eihHUsc.exe
  2⤵
  PID:9608
- C:\Windows\System\sCtYbXN.exe
  C:\Windows\System\sCtYbXN.exe
  2⤵
  PID:9636
- C:\Windows\System\CQMTtJQ.exe
  C:\Windows\System\CQMTtJQ.exe
  2⤵
  PID:9656
- C:\Windows\System\scsBSec.exe
  C:\Windows\System\scsBSec.exe
  2⤵
  PID:9672
- C:\Windows\System\EfNnwQM.exe
  C:\Windows\System\EfNnwQM.exe
  2⤵
  PID:9688
- C:\Windows\System\ppKuQUr.exe
  C:\Windows\System\ppKuQUr.exe
  2⤵
  PID:9704
- C:\Windows\System\TLeeHiK.exe
  C:\Windows\System\TLeeHiK.exe
  2⤵
  PID:9724
- C:\Windows\System\CeBgMCo.exe
  C:\Windows\System\CeBgMCo.exe
  2⤵
  PID:9748
- C:\Windows\System\qmDvRmu.exe
  C:\Windows\System\qmDvRmu.exe
  2⤵
  PID:9776
- C:\Windows\System\Wgpixgv.exe
  C:\Windows\System\Wgpixgv.exe
  2⤵
  PID:9792
- C:\Windows\System\MTDWSIB.exe
  C:\Windows\System\MTDWSIB.exe
  2⤵
  PID:9808
- C:\Windows\System\vfXZnuf.exe
  C:\Windows\System\vfXZnuf.exe
  2⤵
  PID:9824
- C:\Windows\System\FRGXOiA.exe
  C:\Windows\System\FRGXOiA.exe
  2⤵
  PID:9848
- C:\Windows\System\meLtqep.exe
  C:\Windows\System\meLtqep.exe
  2⤵
  PID:9872
- C:\Windows\System\apaUxnC.exe
  C:\Windows\System\apaUxnC.exe
  2⤵
  PID:9892
- C:\Windows\System\yIEblic.exe
  C:\Windows\System\yIEblic.exe
  2⤵
  PID:9912
- C:\Windows\System\UUAiFnj.exe
  C:\Windows\System\UUAiFnj.exe
  2⤵
  PID:9936
- C:\Windows\System\DAsIYTj.exe
  C:\Windows\System\DAsIYTj.exe
  2⤵
  PID:9956
- C:\Windows\System\hsqttJE.exe
  C:\Windows\System\hsqttJE.exe
  2⤵
  PID:9976
- C:\Windows\System\VWrPLmB.exe
  C:\Windows\System\VWrPLmB.exe
  2⤵
  PID:9992
- C:\Windows\System\xUVmcrM.exe
  C:\Windows\System\xUVmcrM.exe
  2⤵
  PID:10008
- C:\Windows\System\khcYwuv.exe
  C:\Windows\System\khcYwuv.exe
  2⤵
  PID:10028
- C:\Windows\System\pniOTMY.exe
  C:\Windows\System\pniOTMY.exe
  2⤵
  PID:10044
- C:\Windows\System\GDPIEls.exe
  C:\Windows\System\GDPIEls.exe
  2⤵
  PID:10068
- C:\Windows\System\iDLbGXl.exe
  C:\Windows\System\iDLbGXl.exe
  2⤵
  PID:10088
- C:\Windows\System\JRkdPuc.exe
  C:\Windows\System\JRkdPuc.exe
  2⤵
  PID:10108
- C:\Windows\System\zjIbAfE.exe
  C:\Windows\System\zjIbAfE.exe
  2⤵
  PID:10132
- C:\Windows\System\usErzsu.exe
  C:\Windows\System\usErzsu.exe
  2⤵
  PID:10160
- C:\Windows\System\cYaeIdk.exe
  C:\Windows\System\cYaeIdk.exe
  2⤵
  PID:10176
- C:\Windows\System\JfUkOnp.exe
  C:\Windows\System\JfUkOnp.exe
  2⤵
  PID:10200
- C:\Windows\System\gaiEljP.exe
  C:\Windows\System\gaiEljP.exe
  2⤵
  PID:10220
- C:\Windows\System\fBRPBpI.exe
  C:\Windows\System\fBRPBpI.exe
  2⤵
  PID:10236
- C:\Windows\System\gXudALw.exe
  C:\Windows\System\gXudALw.exe
  2⤵
  PID:9252
- C:\Windows\System\vIQSZBK.exe
  C:\Windows\System\vIQSZBK.exe
  2⤵
  PID:8328
- C:\Windows\System\cTyLvXB.exe
  C:\Windows\System\cTyLvXB.exe
  2⤵
  PID:9268
- C:\Windows\System\FedCbla.exe
  C:\Windows\System\FedCbla.exe
  2⤵
  PID:9320
- C:\Windows\System\GaoBOzY.exe
  C:\Windows\System\GaoBOzY.exe
  2⤵
  PID:9312
- C:\Windows\System\wcsCDdf.exe
  C:\Windows\System\wcsCDdf.exe
  2⤵
  PID:9368
- C:\Windows\System\NhyJjHM.exe
  C:\Windows\System\NhyJjHM.exe
  2⤵
  PID:9376
- C:\Windows\System\DpXhMpB.exe
  C:\Windows\System\DpXhMpB.exe
  2⤵
  PID:9408
- C:\Windows\System\qufhtIW.exe
  C:\Windows\System\qufhtIW.exe
  2⤵
  PID:9464
- C:\Windows\System\RWXHdll.exe
  C:\Windows\System\RWXHdll.exe
  2⤵
  PID:9568
- C:\Windows\System\qAJuQbN.exe
  C:\Windows\System\qAJuQbN.exe
  2⤵
  PID:9484
- C:\Windows\System\EWOBbdw.exe
  C:\Windows\System\EWOBbdw.exe
  2⤵
  PID:9520
- C:\Windows\System\MPEGxmY.exe
  C:\Windows\System\MPEGxmY.exe
  2⤵
  PID:9604
- C:\Windows\System\kJRBqXg.exe
  C:\Windows\System\kJRBqXg.exe
  2⤵
  PID:9668
- C:\Windows\System\agtETmR.exe
  C:\Windows\System\agtETmR.exe
  2⤵
  PID:9716
- C:\Windows\System\HkGJqfH.exe
  C:\Windows\System\HkGJqfH.exe
  2⤵
  PID:9732
- C:\Windows\System\tbEuKUL.exe
  C:\Windows\System\tbEuKUL.exe
  2⤵
  PID:9784
- C:\Windows\System\lnphfOu.exe
  C:\Windows\System\lnphfOu.exe
  2⤵
  PID:9768
- C:\Windows\System\uDLAAKM.exe
  C:\Windows\System\uDLAAKM.exe
  2⤵
  PID:9856
- C:\Windows\System\yXsSODH.exe
  C:\Windows\System\yXsSODH.exe
  2⤵
  PID:9832
- C:\Windows\System\VHgHVCT.exe
  C:\Windows\System\VHgHVCT.exe
  2⤵
  PID:9900
- C:\Windows\System\KWatsse.exe
  C:\Windows\System\KWatsse.exe
  2⤵
  PID:9880
- C:\Windows\System\ErxQtHw.exe
  C:\Windows\System\ErxQtHw.exe
  2⤵
  PID:9944
- C:\Windows\System\lOKuTro.exe
  C:\Windows\System\lOKuTro.exe
  2⤵
  PID:9988
- C:\Windows\System\GmbvFfc.exe
  C:\Windows\System\GmbvFfc.exe
  2⤵
  PID:10020
- C:\Windows\System\NWoKhqY.exe
  C:\Windows\System\NWoKhqY.exe
  2⤵
  PID:10060
- C:\Windows\System\xxKdvYj.exe
  C:\Windows\System\xxKdvYj.exe
  2⤵
  PID:10040
- C:\Windows\System\SevSQnq.exe
  C:\Windows\System\SevSQnq.exe
  2⤵
  PID:10004
- C:\Windows\System\cvrUKni.exe
  C:\Windows\System\cvrUKni.exe
  2⤵
  PID:10128
- C:\Windows\System\tdEWKiF.exe
  C:\Windows\System\tdEWKiF.exe
  2⤵
  PID:10144
- C:\Windows\System\PGPssef.exe
  C:\Windows\System\PGPssef.exe
  2⤵
  PID:10168
- C:\Windows\System\MrxIKFH.exe
  C:\Windows\System\MrxIKFH.exe
  2⤵
  PID:9276
- C:\Windows\System\jlwPEml.exe
  C:\Windows\System\jlwPEml.exe
  2⤵
  PID:9336
- C:\Windows\System\OIsDSmb.exe
  C:\Windows\System\OIsDSmb.exe
  2⤵
  PID:9352
- C:\Windows\System\ZikmrYz.exe
  C:\Windows\System\ZikmrYz.exe
  2⤵
  PID:9236
- C:\Windows\System\BgFuwUD.exe
  C:\Windows\System\BgFuwUD.exe
  2⤵
  PID:10216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AbKLIiA.exe

Filesize
6.0MB

MD5
f2705246ef959df6f3d05462ecb9c1ab

SHA1
a3070670bd2e9f2ad9975006fc249dc4f3a97315

SHA256
828e6765e42ef79f6ed121e511944689dd82e2ea0b178d77eda25ab53b7bfa8e

SHA512
d970394d4a3ef0adca60dead2b3f11c0a48dcd86b06e3b3b65dab5213dfd31f2743f932c58168255b873799b67e321690df30ec90ccd9dfa2b0c3da7ab9f0f21

Download Submit
C:\Windows\system\DITUtGl.exe

Filesize
6.0MB

MD5
2b7bb183e43baf2b4d79c2a94677d51d

SHA1
703fa6849e4cbe7d4eeaf80f83979eb9c09d9028

SHA256
0f14e40ce092cf49b26d501cd24b78c82aae5e99f76ca8dbf155293dd7d36399

SHA512
f0ccb165cd7ec28289da8f8e6218de4dac67838405d596053b0d42d5a5dc88490c6618af716b39695d76a19078ce8cc39a52a1a04fc06c90062ff0eefa595ae5

Download Submit
C:\Windows\system\DrqJofT.exe

Filesize
6.0MB

MD5
ed7d514c89e07573e5761d5ae57b25a7

SHA1
5d266262b326c89345af782c2625deec05320af0

SHA256
00687fa16bc4f2f53a6be7d12c27881a4b1eff3c1077aa16dde20bdac4e76268

SHA512
c0adda38f61d383f2fd815f1baa9ce278c2467ff04fa22e165beb38452eded7ed51fbc2db6b890cf7f4f588833f944dab0d301cd5845f79ace184b66cad6a7bd

Download Submit
C:\Windows\system\IIvDPIA.exe

Filesize
6.0MB

MD5
1926100fcb064beeb7e4577806acfa96

SHA1
668251203defd26b063671ea2c040310f3f2e8df

SHA256
688f1634571f6abcb188c12c791c3757f562b0d642eae088680418dd08b79457

SHA512
2a749b46e83b205ebc6a5d3ad354d13bf852facb0f2d3c782e5701ab9b83b062abd375d4c27ae3d18392387d824b86423047e8a376e364f47849c943223d4ae1

Download Submit
C:\Windows\system\KBbmdRb.exe

Filesize
6.0MB

MD5
47a80f26ee4998426458a0f43a5acb64

SHA1
6f4d292bb51d9185972d31870c6d7cf6f1ddfd73

SHA256
6e1642ba340dfb1538913cd595461b952d2b8e988e2db6b1d4bc8f25aaf38a28

SHA512
ea10259a262cd173e23ffbe66f2cd3c847b97ba0dc05518566eabe1f5fd1c1dfdacc9996209d33410dba8d88c81029b43c32e08495f496462d3fcd154658dc0b

Download Submit
C:\Windows\system\LSdlSZB.exe

Filesize
6.0MB

MD5
9208bd477daaf4803b5506d761a3d912

SHA1
63319c0d110432f3b08f9ee684531a9c507859a5

SHA256
ca4f71f04ef133b9489a5834ad58855c39683af2d04db557f5fdd82c7b41c878

SHA512
ff3083bb52d7f1a84fa191524a29d25e239ab86f844138a72738bc19afc6b40fe3792c7353610f1c59b51a2ace7d22ab12df09957eb89029419f68ee72151f97

Download Submit
C:\Windows\system\LhWslap.exe

Filesize
6.0MB

MD5
de2e93873c82237eccb121e3787ed7bc

SHA1
a4a24d20b5bb83b48f725c5eb667831729aa72db

SHA256
8189358caae0be1333d7be751e5314dc65ba9c8931eaa5f7751d0ada41727f5a

SHA512
dd948b1d26e1ddd9dfbb4d4842da231fb5a37fb0f50ed8e1032bfe73276ed5b550b4ad517787499ce497a1408870b30d0569a73709aaffe1a5fb48e7d00846d7

Download Submit
C:\Windows\system\QfdtBMO.exe

Filesize
6.0MB

MD5
2690856036f283e95042c63fdf9d4b0c

SHA1
f76b39573bff02d65787f20cd3274c2befc826ab

SHA256
1b86e8169471628b22136cbc010ebcbbfed428e82562042208501a588957c67d

SHA512
f3d1bf379ea79d21404f16b281ef7dbae8103e89b51dafbe5dc526ce0c4a20042294ae887597b05879e71854344beaa3011088c74c05a53e3297da0749458b7e

Download Submit
C:\Windows\system\RhyKUPL.exe

Filesize
6.0MB

MD5
eef420c0aeef97512167cda3c6bf0e24

SHA1
3ebdcab51f060ed15ed5f66e875442b6b37dd3cc

SHA256
4d85b9e9a285570cf59e506b326330589907e4cf74cd9c30fd6337d59b669c7a

SHA512
bb2136f37503b77023320bd09073e5043d1902c04c910faaa41e3777a6f609221a2d97bd39d6ab163bebedf055330ce41bda9edcac066801b6cde66993f1661c

Download Submit
C:\Windows\system\TVQyxJC.exe

Filesize
8B

MD5
14772372203a5d018d2ffac193d18992

SHA1
06cebd2e70580489c6439203171851ca8047c074

SHA256
21c57bb1a82455329f12d89f5975108045f6b3f9a77fd23c506e383c90c7abf6

SHA512
57fd7b91832596687494a007e09b192c79a1de53a10aff12106ba7bbf24cc04056764f9348dd40e7fa6afafe0ad520f0dfc814ee24f4c53b6b2d4bdf8ab57b71

Download Submit
C:\Windows\system\XqXwUDe.exe

Filesize
6.0MB

MD5
d55857f6da56605674c3a01a3f1f95b6

SHA1
b39cd1ce8b8f87127826a6f8e44597b1377425dd

SHA256
94498e339dd3b0b27dfc0819f79ab2f54f6faa61d7386f2edb55205ae4afa641

SHA512
8bd91eb60be900afd87bc3cb1af0b26ae0aa56f624c93c0a20d8cd120d41c580b86ddde36f8ee5fe6c1b1792cbeabceb2a50cffc4e5b848b1a1e4822fe679fc8

Download Submit
C:\Windows\system\ZOoCWov.exe

Filesize
6.0MB

MD5
c73c70f4947111af83cd4384052cc94c

SHA1
a82685b9dc950d088fa269c0cf95c2403c3e0207

SHA256
f8375f5345f3533c699c003d08ae5c98d33440f2224fc93b1e0c338f6ca3d444

SHA512
ff563282e85d9ebeb587d536777b6b671f5f0aad8c686b9e6f4ff215d13e19cbd76ffcc321aa7352d5342f57213b088185d2383f454fdd858f8b1e843a643c70

Download Submit
C:\Windows\system\aavxQKe.exe

Filesize
6.0MB

MD5
d5a64de81a6a796e66408849d05e2f5d

SHA1
d0d510f30213764bc0d8a2c082092fc1cb476100

SHA256
d042b52bf9040d716b144a1eaa6fea7c7f948065a54a66a77a53a09cf83a47fd

SHA512
df83eb363c7b1fee35bc8fa2327e030598d92f7ef47614ddd05a372699d307e4376e50e73d90d91273014fa484020354bc542c730a3d956046a98383a9062884

Download Submit
C:\Windows\system\cdLOHFz.exe

Filesize
6.0MB

MD5
c5018b3a1e31c430f29c3cd3cda6764b

SHA1
87388ff2181cfa794b70f065b577c411ddb5d8ef

SHA256
055135688656377e1290528811f609ea8dd876fcf3ce61d2fbba5af41b7a72b5

SHA512
a52466b27b129dd7346234532b37e18068bc9e1c5dfea39ce2e4c14ac9abbfd4af051e7e632ea64f97d0d47995782175dac53717b5c4b15cca1ab837a77cbb01

Download Submit
C:\Windows\system\dhlmdgO.exe

Filesize
6.0MB

MD5
190839b7cfe1c00916a06499f0aaba32

SHA1
c5655d5316c010e78d5646964a253b2e086e672f

SHA256
8021abf3e1393a761d7e69d636de7a71ca031d4631194f99a5f94cabe882d2c4

SHA512
f61bb021ae43300779e143a1b3ad6ed3de1d39f3279ce4e35cd8b74714479eb56ec86742ba9bf477221f96e0b13a6ce9eba4bb49d47356779eee31c0125c27ed

Download Submit
C:\Windows\system\eIoUfOo.exe

Filesize
6.0MB

MD5
a4edba3f2d56d0c92cc18555aacf4ac5

SHA1
724956f16aed8348d42bc7020858a2b8174b5a26

SHA256
16996fd4d2040f2ed11203c6b0e5910da3cc950a72fdd4714cef265f8e7ea761

SHA512
ecd640ba7acc34ee945401c526d3736bc623c10589490eff90ca3ad38d014976f7effb5eb8a64e62402692876d293089f93e649393b63398202a17acbc62fc7f

Download Submit
C:\Windows\system\eydNIZU.exe

Filesize
6.0MB

MD5
c6b69256d1814ea453e9f64617a4b35c

SHA1
06cf41fa21bc7202513e613a288432a4e58dd79a

SHA256
342d6be823b7978c8f3d8474dd383900b0b00a1cdf3a1078079a74b89fd89504

SHA512
d5d003bbedf32667a8668588e6adbc45dda7d5493883d839a699c0f14f4d4dfa72f229bf1f2529b738c867bc66cc8db55a63b05f11335e716df279c497176021

Download Submit
C:\Windows\system\frVvHvb.exe

Filesize
6.0MB

MD5
c6f8bfd23a7509f00bb9a162fbfda964

SHA1
9fb471921534476b99c8e3e3d67377cd6210bce8

SHA256
36fb5a2b6b08fe9d4cfba4bac02fb6023d69f88a19b53061ced7798695611158

SHA512
066209768a9ece011bef1ba165d04f8f892361d8e1268f03cc7a6fc8b728636be1ea5d8d5f9faf907ed6e4c12b0a864194b8873b4b0fda03304366c97b4b548c

Download Submit
C:\Windows\system\gTwsFns.exe

Filesize
6.0MB

MD5
9f9b40ff0212ad76fb05cef911bba07f

SHA1
74a2c1dfa805a607c998df7ab0da2f37cd860221

SHA256
6b5549c9b619f7894fd7233036e2fb4d2aef7fe33d076ff5ed59588eef8eff88

SHA512
bc8ddc5cde3347959c115c86ff124c119323aa6df9f4b19f7c0d385dd64d8b317e45bbaec702543abae9efca42ccbd8d97c8d3bad06b3aa1374758acd39faba7

Download Submit
C:\Windows\system\liKVJUz.exe

Filesize
6.0MB

MD5
cd20ef177764fb32eea73e8a1227abe9

SHA1
7f97bc2cf10967a86476528df7d8e9fdb7bd0320

SHA256
5a0298c6960db89999fad760bd3db0f071df151fd642fbe41c7899f92493590e

SHA512
cc061f5b4cc101b287482911e3752798b3eaa2f5dfc14d561210f44181069a27f4789c4bf7638790c664b0031bf606765fda731a217dbdfc8c6aa7be2cbffcee

Download Submit
C:\Windows\system\mkVqAtP.exe

Filesize
6.0MB

MD5
f87281499db4aeae9143092f51fbf0f9

SHA1
a25baaa734b73af3fbe219b2b7b976a8d97e9e2a

SHA256
3cf098e61ba9849d70f97daeb2ef1061405086bfc98bd9aad0e26e1f5a764753

SHA512
32211f7fa1a57125daee8b7e46cb1b028bc0840ccc2bb684a0dd8a125eeedbb11a48bc9d704b175acb6e4ddfc1bc0d4b6630ac4527fd25b6bf2bb77cf3bb3913

Download Submit
C:\Windows\system\ncquYVV.exe

Filesize
6.0MB

MD5
5fcb0b066f0c7d587d6c87ea811179f0

SHA1
81d102f37d6d1af9e1077d77be2dbd3c8a39cf7d

SHA256
04e82b112397820de19e850847c8f5d88942a26f466a3b240243588a8f658a93

SHA512
95fc7059f0f95223ba98afdc4fc70ec0a63e07f1cbf8f4eba6514f8266fab5f69d6379443e413e6c324f6ad92448ef7f2b43d6b30ead772873531d275037850a

Download Submit
C:\Windows\system\qyhPvoL.exe

Filesize
6.0MB

MD5
d3eeca560ae8cef04141015d35aa6c2e

SHA1
ecb047f638306f08d84731c20995cf641e8b7143

SHA256
4b8b30c51cea08f5d4f7df9d63cf116d4eead69713eeddc3a60894df1b6265ce

SHA512
c0cc63000947197a797f6cd10864856a4d048e5c3f317258f0fd50e93a911293515306df9f084f74c5ca5832953e67294dab33829ba3c774fcd37a9c8782f0ce

Download Submit
C:\Windows\system\rqtQvOK.exe

Filesize
6.0MB

MD5
2abb090b91083e197f8bf6edf9addb08

SHA1
a0f35b3dfe6001b6a2c1f12c821c9b23cf10ff4c

SHA256
4882537d80005b509bc81759d8448d5aa29aa1fa7656749eec04aacd8d650674

SHA512
3fb9288016e60d8300a9d2bf034b2461cc1c22a4907e5ae983b5de302e6583def0e64ba38fa849093cdde7a5b42613a4528c0a52d26755a9209a20a85fa255d0

Download Submit
C:\Windows\system\tyECKJJ.exe

Filesize
6.0MB

MD5
243c997d2fb529d4895d2a0201f589f2

SHA1
029db753580b2cb6b72c073391298cd64fb75c94

SHA256
737223cb5fed52c6ac0eb4dde4c4311f0130a2a8d9a875cb4938afd4f1a4145f

SHA512
1afba8b012dcf9c328b3666692935d6e7a2f1ef303d60a71c50210b97b4a51a975227ecd7e7a05a3fe95f17f0c124a4e30b3fee4b16afaed7060147b2aeb6ec0

Download Submit
C:\Windows\system\uPDgyDX.exe

Filesize
6.0MB

MD5
8a060621ceba39dd0349e9320abfd1d2

SHA1
4e7dc07227ca886b292551254ad16206e807b6f4

SHA256
2e71a570e5290799cdca910d28ffd02ce6f7c89c37c231316cc806c487081300

SHA512
99cd6528bc2d64dccba5e017ca8021cfcae080e1349a7fd8a3e948edebf4c7ff710bb77802bdde095bddb71d22b26d8489a54864742231656170e83268065068

Download Submit
C:\Windows\system\weuvbAg.exe

Filesize
6.0MB

MD5
dfcff5089db3b5445c56dc4ce8456fe3

SHA1
34218beb83382521d5436c7c4963efe0fbc1a1ba

SHA256
243d49dad5d004389889846a68f9fbd3b4784937f59fe3d8f56960542f135e8b

SHA512
1377f963a5f85dd19934444fc2f6f6d1098eb98d46353be73075095d18e0edbd66afe3c038aa15350f0b7d587fd156c1cd033da5665b30e48f1c10e7a03db0c7

Download Submit
\Windows\system\CLPwemh.exe

Filesize
6.0MB

MD5
e280c11baa22584025d1c0462c292cbf

SHA1
eae8582d6759b9a7114880aef24f9770acab4df0

SHA256
53ac022176d26531959e2be53ec9645c98ae7bf03f7bf7cc07132dabc681a708

SHA512
a9768b30635ce22d0abbb07898b41822a868df69ecb57ac600196c89d4b9378fe7426863fb89a1a723e5278e7ce90dfb71d68913d41e96ee3ff8ec87a6eb92f4

Download Submit
\Windows\system\FOgJxWj.exe

Filesize
6.0MB

MD5
8d368c11157cbf4afb0272b67ee31462

SHA1
7413a7a960f6d7fbed845e6f614658158662821b

SHA256
c239453bca3fe1f87c84000c794df29a0f24844cdab222f1d048b76a705039dc

SHA512
d5834a650093b914746036bcb032fba9b09de39e135d9ddccd6aed051f78572e9f3ee54e914c0b9698b4c2ae6cee2f7b0b1f64bfce04a7a7e0f006a42b9a972a

Download Submit
\Windows\system\NOCPZeV.exe

Filesize
6.0MB

MD5
bcf1a226387affb2673ec6d69736250e

SHA1
5093c2847395c2534cab5b5bcbbfb5b1af46b811

SHA256
e97fed2ef49348b3b0fff1cf6357d74ff3a903ee81eb00f5142c05b0b7328342

SHA512
238ececf056033e4e3741ad8bf75712149a01c5d8df95d43f5009d00659c75bfe92a8af290b47b6ef54c3db3f067791632e2ae049f58ba196c7530087daf9f60

Download Submit
\Windows\system\NXTVRmI.exe

Filesize
6.0MB

MD5
6a4a101dfce2e8547ca1be7fa9cf0769

SHA1
6df70438037a37fe8252045478a9f0199cfb6a17

SHA256
5c70643dcd98b7c76705b02eec6d3905de48ca8f1f73fe70096eb44aa40fed8b

SHA512
5033913ea8ce6920e501a9f24638375a8b7c4c89a46d44323aab9609d20ad3e4c27246bbab0acf924ac55d911e94aef41b668cbbee852a99236059ba3927e3f1

Download Submit
\Windows\system\cgLHAww.exe

Filesize
6.0MB

MD5
d0dc85a7d76afab541dcaccb5ba165e5

SHA1
c9063d36e491e85d357d947b08c1f131fd60e008

SHA256
2e70d798dce05cfab4f1e1e5bb160edec31b04b052ac581c173d0d4c5ad205bd

SHA512
54d27678c8342fb6f005a6c5ab526464de0e3ed073bf1a6662f04f4713fd4318d7e23874be5e095eacbf15edb8764c36ca4a6fe891103ecf0244f43e724406cf

Download Submit
\Windows\system\jYORbNF.exe

Filesize
6.0MB

MD5
39a26c19fbcc4f2d978e56dd683a070f

SHA1
675a11dc051eb436158b3df89fe4a8fbc39c75fc

SHA256
3facef76a98f91e15200e317e7e82d6406b98537caabd9cf4c93828e293d5ef4

SHA512
8fcaabf687cae1e688b74fa6a22f1b1cbdf752492156b330026bf1a6b67c581d2317eb25e62ee07f18944fcf73f2bcda144a284b30651cc745d59a091cdf6b24

Download Submit
memory/352-50-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/352-3489-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/352-17-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-3484-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-7-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/1356-41-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-951-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-107-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-3614-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-97-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-61-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2012-568-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-11-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-864-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-36-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-730-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2012-46-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-29-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2012-53-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2012-25-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2012-66-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-80-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2012-19-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2012-94-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2012-85-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-103-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-102-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2012-0-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2012-90-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2176-57-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2176-21-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2176-3505-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2236-58-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2236-3568-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2236-93-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2268-34-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2268-73-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2268-3504-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2432-98-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3611-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2432-811-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3584-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-69-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-106-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3616-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-645-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2620-91-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-51-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2676-5235-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3607-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-319-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3511-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2748-44-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/3016-3592-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/3016-81-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/3016-483-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/3036-27-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/3036-3497-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/3036-65-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download