cobaltstrike | 80589f89c31b7baa78df15d0cd4e2a4c9131d3f34c959035a442a8fcdc2e9384

Analysis

max time kernel
149s
max time network
127s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
17-11-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fa5acf353bb6868b0c9953a053cefe71
SHA1

26f09641cb2fa1e1ae248e03513aab1d868dffc6
SHA256

80589f89c31b7baa78df15d0cd4e2a4c9131d3f34c959035a442a8fcdc2e9384
SHA512

8ca217c35b3f7f8e92f0e4da8615c6ee3ab1f7f6591b79004ff4e36cc6f664a57e67135565055de82c8d2d78207514bfc60581b276fda8a6ce48a3a15bb195c3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x002d000000018b59-12.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018f85-10.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001932a-24.dat	cobalt_reflective_dll
behavioral1/files/0x002e000000018baf-29.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193b8-35.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c7-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-49.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-79.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019480-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-70.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2888-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/files/0x000d000000012263-3.dat	xmrig
behavioral1/files/0x002d000000018b59-12.dat	xmrig
behavioral1/memory/2944-15-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2796-11-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0009000000018f85-10.dat	xmrig
behavioral1/memory/2956-22-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x000700000001932a-24.dat	xmrig
behavioral1/files/0x002e000000018baf-29.dat	xmrig
behavioral1/files/0x00060000000193b8-35.dat	xmrig
behavioral1/files/0x00060000000193c7-41.dat	xmrig
behavioral1/memory/2740-50-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2360-54-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2724-58-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/1240-55-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0007000000019470-49.dat	xmrig
behavioral1/memory/2656-47-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2888-67-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/1132-73-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2796-72-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x000500000001a03c-83.dat	xmrig
behavioral1/memory/2956-87-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2368-88-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2564-80-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x000500000001a049-91.dat	xmrig
behavioral1/memory/2132-95-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2488-103-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/1856-102-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-101.dat	xmrig
behavioral1/files/0x000500000001a309-109.dat	xmrig
behavioral1/files/0x000500000001a3fd-127.dat	xmrig
behavioral1/files/0x000500000001a400-134.dat	xmrig
behavioral1/memory/1132-140-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/files/0x000500000001a459-165.dat	xmrig
behavioral1/files/0x000500000001a471-197.dat	xmrig
behavioral1/memory/2368-279-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2132-281-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2564-213-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2488-283-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46f-191.dat	xmrig
behavioral1/files/0x000500000001a46d-187.dat	xmrig
behavioral1/files/0x000500000001a46b-181.dat	xmrig
behavioral1/files/0x000500000001a469-177.dat	xmrig
behavioral1/memory/2888-174-0x0000000002340000-0x0000000002694000-memory.dmp	xmrig
behavioral1/files/0x000500000001a463-170.dat	xmrig
behavioral1/files/0x000500000001a457-160.dat	xmrig
behavioral1/files/0x000500000001a44f-155.dat	xmrig
behavioral1/files/0x000500000001a44d-151.dat	xmrig
behavioral1/files/0x000500000001a438-145.dat	xmrig
behavioral1/files/0x000500000001a404-139.dat	xmrig
behavioral1/files/0x000500000001a3f8-124.dat	xmrig
behavioral1/files/0x000500000001a3f6-119.dat	xmrig
behavioral1/files/0x000500000001a3ab-114.dat	xmrig
behavioral1/files/0x0005000000019fdd-79.dat	xmrig
behavioral1/memory/1856-63-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0007000000019480-62.dat	xmrig
behavioral1/files/0x0005000000019fd4-70.dat	xmrig
behavioral1/memory/2888-68-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2944-1099-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2796-1109-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2956-1116-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/1240-1117-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2656-1118-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2740-1119-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2796	viqccyt.exe
2944	CHQrUZr.exe
2956	teAtJDh.exe
1240	AnCNENA.exe
2656	SKGnXZr.exe
2740	FdDFtnV.exe
2724	LVwzgOt.exe
2360	MgCOjwG.exe
1856	ujNPayK.exe
1132	EBVPDZk.exe
2564	QtRdlOw.exe
2368	dddPDYK.exe
2132	PHhKimh.exe
2488	OPqWnIu.exe
2192	mvMxBjP.exe
2972	mVgornh.exe
3004	YYuWemP.exe
1972	oJhsyXm.exe
2252	jmQZPUp.exe
2220	OMGBmvI.exe
2080	PkasbAx.exe
1760	ABrvDGv.exe
2412	qpqMSjd.exe
1316	fkCwdzq.exe
1152	zpdSDso.exe
2284	xGCnZew.exe
1408	xKkBTpp.exe
1652	FFscjrz.exe
1868	isoMbao.exe
2616	vgFbkKs.exe
960	JxMeJUy.exe
1756	npdljxt.exe
1660	WDsvsdF.exe
1776	xTzPiSO.exe
1348	jgpgPMM.exe
2008	cQyyusc.exe
1728	saUwrhd.exe
2332	bnpLzqq.exe
2244	evLiXBw.exe
1812	KrfwJzT.exe
900	cDAEJQc.exe
108	rlVPdZb.exe
1764	VKUZMVN.exe
2276	aJflxcu.exe
2484	AgLXvGb.exe
1036	SiDqHYp.exe
2436	EuNfnfm.exe
1516	BVRrMsJ.exe
1328	WecmArI.exe
1828	CYtRRtA.exe
2904	wDoLwDj.exe
1576	lJizrOG.exe
1612	NISilHy.exe
2824	mPcrfWA.exe
2908	giVmDba.exe
2864	DVfrAbh.exe
2696	yKiPWFe.exe
1212	DlGVLjU.exe
1504	rshyPAj.exe
1584	KrhHhyP.exe
2324	TFyJAYr.exe
2516	EfGQORK.exe
2448	kTNNOcx.exe
1520	zfDWcbw.exe

Loads dropped DLL 64 IoCs

pid	Process
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2888-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/files/0x000d000000012263-3.dat	upx
behavioral1/files/0x002d000000018b59-12.dat	upx
behavioral1/memory/2944-15-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2796-11-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0009000000018f85-10.dat	upx
behavioral1/memory/2956-22-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x000700000001932a-24.dat	upx
behavioral1/files/0x002e000000018baf-29.dat	upx
behavioral1/files/0x00060000000193b8-35.dat	upx
behavioral1/files/0x00060000000193c7-41.dat	upx
behavioral1/memory/2740-50-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2360-54-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2724-58-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/1240-55-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0007000000019470-49.dat	upx
behavioral1/memory/2656-47-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2888-67-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/1132-73-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2796-72-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x000500000001a03c-83.dat	upx
behavioral1/memory/2956-87-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2368-88-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2564-80-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x000500000001a049-91.dat	upx
behavioral1/memory/2132-95-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2488-103-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/1856-102-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x000500000001a0b6-101.dat	upx
behavioral1/files/0x000500000001a309-109.dat	upx
behavioral1/files/0x000500000001a3fd-127.dat	upx
behavioral1/files/0x000500000001a400-134.dat	upx
behavioral1/memory/1132-140-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/files/0x000500000001a459-165.dat	upx
behavioral1/files/0x000500000001a471-197.dat	upx
behavioral1/memory/2368-279-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2132-281-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2564-213-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2488-283-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/files/0x000500000001a46f-191.dat	upx
behavioral1/files/0x000500000001a46d-187.dat	upx
behavioral1/files/0x000500000001a46b-181.dat	upx
behavioral1/files/0x000500000001a469-177.dat	upx
behavioral1/files/0x000500000001a463-170.dat	upx
behavioral1/files/0x000500000001a457-160.dat	upx
behavioral1/files/0x000500000001a44f-155.dat	upx
behavioral1/files/0x000500000001a44d-151.dat	upx
behavioral1/files/0x000500000001a438-145.dat	upx
behavioral1/files/0x000500000001a404-139.dat	upx
behavioral1/files/0x000500000001a3f8-124.dat	upx
behavioral1/files/0x000500000001a3f6-119.dat	upx
behavioral1/files/0x000500000001a3ab-114.dat	upx
behavioral1/files/0x0005000000019fdd-79.dat	upx
behavioral1/memory/1856-63-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0007000000019480-62.dat	upx
behavioral1/files/0x0005000000019fd4-70.dat	upx
behavioral1/memory/2944-1099-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2796-1109-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2956-1116-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/1240-1117-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2656-1118-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2740-1119-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2360-1120-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/1856-1121-0x000000013F140000-0x000000013F494000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\tDTUDbu.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnFgqYx.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pLhUSUS.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\akcAOfa.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\woCGdRx.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzyZvQr.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAQdwoQ.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQzeDzC.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFaqtLA.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkWaUOb.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evNqJUB.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfZSaxU.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ypuTjfB.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWsrxen.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQlwMje.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdhQMdX.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AyjzgGA.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UuDAqNP.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDbAaUY.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTWNHjV.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKSVwzQ.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZevybUY.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrcFvju.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cyYKGvn.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnioqSO.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGDSURH.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyGXSrU.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwtULnc.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKKJRKg.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suFsOAc.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbWXxiF.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtrODTO.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fPhZEjE.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIpTPKo.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCYiJOU.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJTLnEO.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHLYTuc.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KrdLGhI.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICiwRwL.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qYPszWG.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCCweiU.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbfwCZb.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KhUTfvK.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxzPtfu.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LZcAoSK.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qfruzxV.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZazfOCY.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\slfvmDp.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMbupxo.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSvbsXk.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKOKpEX.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHSLTna.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EunjkCs.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nrUTOPe.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clAiOOx.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtHvSZI.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFLdbmS.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuSXEcO.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASgPrOz.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\puGxoLG.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVYTXxq.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiouRfD.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzVIjLz.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZayWEFf.exe	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2796	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2888 wrote to memory of 2796	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2888 wrote to memory of 2796	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2888 wrote to memory of 2944	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2888 wrote to memory of 2944	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2888 wrote to memory of 2944	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2888 wrote to memory of 2956	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2888 wrote to memory of 2956	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2888 wrote to memory of 2956	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2888 wrote to memory of 1240	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2888 wrote to memory of 1240	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2888 wrote to memory of 1240	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2888 wrote to memory of 2656	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2888 wrote to memory of 2656	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2888 wrote to memory of 2656	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2888 wrote to memory of 2740	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2888 wrote to memory of 2740	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2888 wrote to memory of 2740	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2888 wrote to memory of 2724	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2888 wrote to memory of 2724	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2888 wrote to memory of 2724	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2888 wrote to memory of 2360	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2888 wrote to memory of 2360	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2888 wrote to memory of 2360	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2888 wrote to memory of 1856	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2888 wrote to memory of 1856	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2888 wrote to memory of 1856	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2888 wrote to memory of 1132	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2888 wrote to memory of 1132	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2888 wrote to memory of 1132	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2888 wrote to memory of 2564	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2888 wrote to memory of 2564	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2888 wrote to memory of 2564	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2888 wrote to memory of 2368	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2888 wrote to memory of 2368	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2888 wrote to memory of 2368	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2888 wrote to memory of 2132	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2888 wrote to memory of 2132	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2888 wrote to memory of 2132	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2888 wrote to memory of 2488	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2888 wrote to memory of 2488	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2888 wrote to memory of 2488	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2888 wrote to memory of 2192	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2888 wrote to memory of 2192	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2888 wrote to memory of 2192	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2888 wrote to memory of 2972	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2888 wrote to memory of 2972	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2888 wrote to memory of 2972	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2888 wrote to memory of 3004	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2888 wrote to memory of 3004	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2888 wrote to memory of 3004	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2888 wrote to memory of 1972	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2888 wrote to memory of 1972	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2888 wrote to memory of 1972	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2888 wrote to memory of 2252	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2888 wrote to memory of 2252	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2888 wrote to memory of 2252	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2888 wrote to memory of 2220	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2888 wrote to memory of 2220	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2888 wrote to memory of 2220	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2888 wrote to memory of 2080	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2888 wrote to memory of 2080	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2888 wrote to memory of 2080	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2888 wrote to memory of 1760	2888	2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-17_fa5acf353bb6868b0c9953a053cefe71_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\System\viqccyt.exe
  C:\Windows\System\viqccyt.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\CHQrUZr.exe
  C:\Windows\System\CHQrUZr.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\teAtJDh.exe
  C:\Windows\System\teAtJDh.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\AnCNENA.exe
  C:\Windows\System\AnCNENA.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\SKGnXZr.exe
  C:\Windows\System\SKGnXZr.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\FdDFtnV.exe
  C:\Windows\System\FdDFtnV.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\LVwzgOt.exe
  C:\Windows\System\LVwzgOt.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\MgCOjwG.exe
  C:\Windows\System\MgCOjwG.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\ujNPayK.exe
  C:\Windows\System\ujNPayK.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\EBVPDZk.exe
  C:\Windows\System\EBVPDZk.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\QtRdlOw.exe
  C:\Windows\System\QtRdlOw.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\dddPDYK.exe
  C:\Windows\System\dddPDYK.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\PHhKimh.exe
  C:\Windows\System\PHhKimh.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\OPqWnIu.exe
  C:\Windows\System\OPqWnIu.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\mvMxBjP.exe
  C:\Windows\System\mvMxBjP.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\mVgornh.exe
  C:\Windows\System\mVgornh.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\YYuWemP.exe
  C:\Windows\System\YYuWemP.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\oJhsyXm.exe
  C:\Windows\System\oJhsyXm.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\jmQZPUp.exe
  C:\Windows\System\jmQZPUp.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\OMGBmvI.exe
  C:\Windows\System\OMGBmvI.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\PkasbAx.exe
  C:\Windows\System\PkasbAx.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\ABrvDGv.exe
  C:\Windows\System\ABrvDGv.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\qpqMSjd.exe
  C:\Windows\System\qpqMSjd.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\fkCwdzq.exe
  C:\Windows\System\fkCwdzq.exe
  2⤵
  - Executes dropped EXE
  PID:1316
- C:\Windows\System\zpdSDso.exe
  C:\Windows\System\zpdSDso.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\xGCnZew.exe
  C:\Windows\System\xGCnZew.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\xKkBTpp.exe
  C:\Windows\System\xKkBTpp.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\FFscjrz.exe
  C:\Windows\System\FFscjrz.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\isoMbao.exe
  C:\Windows\System\isoMbao.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\vgFbkKs.exe
  C:\Windows\System\vgFbkKs.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\JxMeJUy.exe
  C:\Windows\System\JxMeJUy.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\npdljxt.exe
  C:\Windows\System\npdljxt.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\WDsvsdF.exe
  C:\Windows\System\WDsvsdF.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\xTzPiSO.exe
  C:\Windows\System\xTzPiSO.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\jgpgPMM.exe
  C:\Windows\System\jgpgPMM.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\cQyyusc.exe
  C:\Windows\System\cQyyusc.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\bnpLzqq.exe
  C:\Windows\System\bnpLzqq.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\saUwrhd.exe
  C:\Windows\System\saUwrhd.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\evLiXBw.exe
  C:\Windows\System\evLiXBw.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\KrfwJzT.exe
  C:\Windows\System\KrfwJzT.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\cDAEJQc.exe
  C:\Windows\System\cDAEJQc.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\rlVPdZb.exe
  C:\Windows\System\rlVPdZb.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\aJflxcu.exe
  C:\Windows\System\aJflxcu.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\VKUZMVN.exe
  C:\Windows\System\VKUZMVN.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\SiDqHYp.exe
  C:\Windows\System\SiDqHYp.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\AgLXvGb.exe
  C:\Windows\System\AgLXvGb.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\BVRrMsJ.exe
  C:\Windows\System\BVRrMsJ.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\EuNfnfm.exe
  C:\Windows\System\EuNfnfm.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\WecmArI.exe
  C:\Windows\System\WecmArI.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\CYtRRtA.exe
  C:\Windows\System\CYtRRtA.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\wDoLwDj.exe
  C:\Windows\System\wDoLwDj.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\lJizrOG.exe
  C:\Windows\System\lJizrOG.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\NISilHy.exe
  C:\Windows\System\NISilHy.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\mPcrfWA.exe
  C:\Windows\System\mPcrfWA.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\giVmDba.exe
  C:\Windows\System\giVmDba.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\DVfrAbh.exe
  C:\Windows\System\DVfrAbh.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\yKiPWFe.exe
  C:\Windows\System\yKiPWFe.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\DlGVLjU.exe
  C:\Windows\System\DlGVLjU.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\rshyPAj.exe
  C:\Windows\System\rshyPAj.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\KrhHhyP.exe
  C:\Windows\System\KrhHhyP.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\TFyJAYr.exe
  C:\Windows\System\TFyJAYr.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\EfGQORK.exe
  C:\Windows\System\EfGQORK.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\kTNNOcx.exe
  C:\Windows\System\kTNNOcx.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\zfDWcbw.exe
  C:\Windows\System\zfDWcbw.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\AWOgFmJ.exe
  C:\Windows\System\AWOgFmJ.exe
  2⤵
  PID:2404
- C:\Windows\System\utpebuj.exe
  C:\Windows\System\utpebuj.exe
  2⤵
  PID:2416
- C:\Windows\System\aslHtYd.exe
  C:\Windows\System\aslHtYd.exe
  2⤵
  PID:696
- C:\Windows\System\KWuxxlm.exe
  C:\Windows\System\KWuxxlm.exe
  2⤵
  PID:2428
- C:\Windows\System\sJqZScu.exe
  C:\Windows\System\sJqZScu.exe
  2⤵
  PID:1376
- C:\Windows\System\KcBFOXM.exe
  C:\Windows\System\KcBFOXM.exe
  2⤵
  PID:904
- C:\Windows\System\FpFiclg.exe
  C:\Windows\System\FpFiclg.exe
  2⤵
  PID:1744
- C:\Windows\System\TGMfdSk.exe
  C:\Windows\System\TGMfdSk.exe
  2⤵
  PID:1264
- C:\Windows\System\OZEgSum.exe
  C:\Windows\System\OZEgSum.exe
  2⤵
  PID:1736
- C:\Windows\System\PvSTbNp.exe
  C:\Windows\System\PvSTbNp.exe
  2⤵
  PID:2204
- C:\Windows\System\npeybLw.exe
  C:\Windows\System\npeybLw.exe
  2⤵
  PID:296
- C:\Windows\System\yHrpJuL.exe
  C:\Windows\System\yHrpJuL.exe
  2⤵
  PID:3024
- C:\Windows\System\pfElOwv.exe
  C:\Windows\System\pfElOwv.exe
  2⤵
  PID:2036
- C:\Windows\System\GDZhBno.exe
  C:\Windows\System\GDZhBno.exe
  2⤵
  PID:1032
- C:\Windows\System\NapmxIM.exe
  C:\Windows\System\NapmxIM.exe
  2⤵
  PID:1672
- C:\Windows\System\QqbZbPK.exe
  C:\Windows\System\QqbZbPK.exe
  2⤵
  PID:1976
- C:\Windows\System\IagBZxn.exe
  C:\Windows\System\IagBZxn.exe
  2⤵
  PID:304
- C:\Windows\System\GyaPJLV.exe
  C:\Windows\System\GyaPJLV.exe
  2⤵
  PID:2120
- C:\Windows\System\clAiOOx.exe
  C:\Windows\System\clAiOOx.exe
  2⤵
  PID:1616
- C:\Windows\System\hetOOol.exe
  C:\Windows\System\hetOOol.exe
  2⤵
  PID:1712
- C:\Windows\System\NEFQatB.exe
  C:\Windows\System\NEFQatB.exe
  2⤵
  PID:2820
- C:\Windows\System\wXzWphP.exe
  C:\Windows\System\wXzWphP.exe
  2⤵
  PID:2684
- C:\Windows\System\wIGLROK.exe
  C:\Windows\System\wIGLROK.exe
  2⤵
  PID:2208
- C:\Windows\System\DkzpScG.exe
  C:\Windows\System\DkzpScG.exe
  2⤵
  PID:2092
- C:\Windows\System\HSrChUp.exe
  C:\Windows\System\HSrChUp.exe
  2⤵
  PID:436
- C:\Windows\System\qIkAbJp.exe
  C:\Windows\System\qIkAbJp.exe
  2⤵
  PID:2000
- C:\Windows\System\TtGzOaV.exe
  C:\Windows\System\TtGzOaV.exe
  2⤵
  PID:2772
- C:\Windows\System\DWIWhZG.exe
  C:\Windows\System\DWIWhZG.exe
  2⤵
  PID:1964
- C:\Windows\System\TqCPDvF.exe
  C:\Windows\System\TqCPDvF.exe
  2⤵
  PID:2828
- C:\Windows\System\vbTulpi.exe
  C:\Windows\System\vbTulpi.exe
  2⤵
  PID:2860
- C:\Windows\System\wOXPrQr.exe
  C:\Windows\System\wOXPrQr.exe
  2⤵
  PID:3056
- C:\Windows\System\KlXkDCI.exe
  C:\Windows\System\KlXkDCI.exe
  2⤵
  PID:2156
- C:\Windows\System\YSmUKZj.exe
  C:\Windows\System\YSmUKZj.exe
  2⤵
  PID:2640
- C:\Windows\System\vJyobod.exe
  C:\Windows\System\vJyobod.exe
  2⤵
  PID:1312
- C:\Windows\System\iiAlCOj.exe
  C:\Windows\System\iiAlCOj.exe
  2⤵
  PID:2456
- C:\Windows\System\HhKzIsM.exe
  C:\Windows\System\HhKzIsM.exe
  2⤵
  PID:2076
- C:\Windows\System\MXNZAXS.exe
  C:\Windows\System\MXNZAXS.exe
  2⤵
  PID:1096
- C:\Windows\System\lbPAdsi.exe
  C:\Windows\System\lbPAdsi.exe
  2⤵
  PID:956
- C:\Windows\System\KbfwCZb.exe
  C:\Windows\System\KbfwCZb.exe
  2⤵
  PID:808
- C:\Windows\System\mAWPJRR.exe
  C:\Windows\System\mAWPJRR.exe
  2⤵
  PID:1684
- C:\Windows\System\nlKbcuf.exe
  C:\Windows\System\nlKbcuf.exe
  2⤵
  PID:1780
- C:\Windows\System\ZxabSbF.exe
  C:\Windows\System\ZxabSbF.exe
  2⤵
  PID:1632
- C:\Windows\System\hSfijUn.exe
  C:\Windows\System\hSfijUn.exe
  2⤵
  PID:940
- C:\Windows\System\QgkxSsv.exe
  C:\Windows\System\QgkxSsv.exe
  2⤵
  PID:2508
- C:\Windows\System\GNYnhun.exe
  C:\Windows\System\GNYnhun.exe
  2⤵
  PID:3016
- C:\Windows\System\SoxddHR.exe
  C:\Windows\System\SoxddHR.exe
  2⤵
  PID:2248
- C:\Windows\System\yvoZygA.exe
  C:\Windows\System\yvoZygA.exe
  2⤵
  PID:1656
- C:\Windows\System\GpQzkhE.exe
  C:\Windows\System\GpQzkhE.exe
  2⤵
  PID:2716
- C:\Windows\System\zWHyIWu.exe
  C:\Windows\System\zWHyIWu.exe
  2⤵
  PID:2024
- C:\Windows\System\RkEtyKm.exe
  C:\Windows\System\RkEtyKm.exe
  2⤵
  PID:1484
- C:\Windows\System\DmpKxyi.exe
  C:\Windows\System\DmpKxyi.exe
  2⤵
  PID:2320
- C:\Windows\System\ebGhBSk.exe
  C:\Windows\System\ebGhBSk.exe
  2⤵
  PID:2844
- C:\Windows\System\LGlakLX.exe
  C:\Windows\System\LGlakLX.exe
  2⤵
  PID:2444
- C:\Windows\System\zSUHTke.exe
  C:\Windows\System\zSUHTke.exe
  2⤵
  PID:2088
- C:\Windows\System\tNcMlXW.exe
  C:\Windows\System\tNcMlXW.exe
  2⤵
  PID:772
- C:\Windows\System\FpbNUgV.exe
  C:\Windows\System\FpbNUgV.exe
  2⤵
  PID:2704
- C:\Windows\System\SrPvcvK.exe
  C:\Windows\System\SrPvcvK.exe
  2⤵
  PID:1088
- C:\Windows\System\gccxtNC.exe
  C:\Windows\System\gccxtNC.exe
  2⤵
  PID:2552
- C:\Windows\System\xliMCkc.exe
  C:\Windows\System\xliMCkc.exe
  2⤵
  PID:3012
- C:\Windows\System\GcUEqJl.exe
  C:\Windows\System\GcUEqJl.exe
  2⤵
  PID:2600
- C:\Windows\System\hzLhjiP.exe
  C:\Windows\System\hzLhjiP.exe
  2⤵
  PID:884
- C:\Windows\System\qfruzxV.exe
  C:\Windows\System\qfruzxV.exe
  2⤵
  PID:2020
- C:\Windows\System\PvqmCPM.exe
  C:\Windows\System\PvqmCPM.exe
  2⤵
  PID:2424
- C:\Windows\System\CTtFkzT.exe
  C:\Windows\System\CTtFkzT.exe
  2⤵
  PID:2816
- C:\Windows\System\CqFmMJd.exe
  C:\Windows\System\CqFmMJd.exe
  2⤵
  PID:2408
- C:\Windows\System\ACKVjkZ.exe
  C:\Windows\System\ACKVjkZ.exe
  2⤵
  PID:3032
- C:\Windows\System\rxOyWrP.exe
  C:\Windows\System\rxOyWrP.exe
  2⤵
  PID:2392
- C:\Windows\System\phLPEYt.exe
  C:\Windows\System\phLPEYt.exe
  2⤵
  PID:2400
- C:\Windows\System\gSvOrsL.exe
  C:\Windows\System\gSvOrsL.exe
  2⤵
  PID:1180
- C:\Windows\System\vQRuRSH.exe
  C:\Windows\System\vQRuRSH.exe
  2⤵
  PID:2340
- C:\Windows\System\tZtHXGo.exe
  C:\Windows\System\tZtHXGo.exe
  2⤵
  PID:2992
- C:\Windows\System\gKiQDUR.exe
  C:\Windows\System\gKiQDUR.exe
  2⤵
  PID:2304
- C:\Windows\System\PzqWclx.exe
  C:\Windows\System\PzqWclx.exe
  2⤵
  PID:2692
- C:\Windows\System\woCGdRx.exe
  C:\Windows\System\woCGdRx.exe
  2⤵
  PID:2476
- C:\Windows\System\ycTHKNr.exe
  C:\Windows\System\ycTHKNr.exe
  2⤵
  PID:2480
- C:\Windows\System\YBigjrt.exe
  C:\Windows\System\YBigjrt.exe
  2⤵
  PID:3076
- C:\Windows\System\rtDvAew.exe
  C:\Windows\System\rtDvAew.exe
  2⤵
  PID:3096
- C:\Windows\System\WbnlqNq.exe
  C:\Windows\System\WbnlqNq.exe
  2⤵
  PID:3116
- C:\Windows\System\yeZRRIh.exe
  C:\Windows\System\yeZRRIh.exe
  2⤵
  PID:3140
- C:\Windows\System\CbiqpjM.exe
  C:\Windows\System\CbiqpjM.exe
  2⤵
  PID:3160
- C:\Windows\System\ddZqbuf.exe
  C:\Windows\System\ddZqbuf.exe
  2⤵
  PID:3180
- C:\Windows\System\yuzpNEe.exe
  C:\Windows\System\yuzpNEe.exe
  2⤵
  PID:3200
- C:\Windows\System\NOHeSaP.exe
  C:\Windows\System\NOHeSaP.exe
  2⤵
  PID:3220
- C:\Windows\System\mmiZOMR.exe
  C:\Windows\System\mmiZOMR.exe
  2⤵
  PID:3240
- C:\Windows\System\iXRsPrs.exe
  C:\Windows\System\iXRsPrs.exe
  2⤵
  PID:3260
- C:\Windows\System\KhUTfvK.exe
  C:\Windows\System\KhUTfvK.exe
  2⤵
  PID:3284
- C:\Windows\System\QkUsXDa.exe
  C:\Windows\System\QkUsXDa.exe
  2⤵
  PID:3304
- C:\Windows\System\rotttiV.exe
  C:\Windows\System\rotttiV.exe
  2⤵
  PID:3320
- C:\Windows\System\xYTRSmy.exe
  C:\Windows\System\xYTRSmy.exe
  2⤵
  PID:3344
- C:\Windows\System\KQasyNQ.exe
  C:\Windows\System\KQasyNQ.exe
  2⤵
  PID:3364
- C:\Windows\System\UHjhahf.exe
  C:\Windows\System\UHjhahf.exe
  2⤵
  PID:3384
- C:\Windows\System\JQqqxlV.exe
  C:\Windows\System\JQqqxlV.exe
  2⤵
  PID:3404
- C:\Windows\System\WfZtJFw.exe
  C:\Windows\System\WfZtJFw.exe
  2⤵
  PID:3424
- C:\Windows\System\Lffwpmt.exe
  C:\Windows\System\Lffwpmt.exe
  2⤵
  PID:3440
- C:\Windows\System\EBhVVPM.exe
  C:\Windows\System\EBhVVPM.exe
  2⤵
  PID:3464
- C:\Windows\System\ZixEQpo.exe
  C:\Windows\System\ZixEQpo.exe
  2⤵
  PID:3484
- C:\Windows\System\aUqmAXx.exe
  C:\Windows\System\aUqmAXx.exe
  2⤵
  PID:3504
- C:\Windows\System\vZVQamL.exe
  C:\Windows\System\vZVQamL.exe
  2⤵
  PID:3524
- C:\Windows\System\AyjRmlw.exe
  C:\Windows\System\AyjRmlw.exe
  2⤵
  PID:3544
- C:\Windows\System\DrBNVOB.exe
  C:\Windows\System\DrBNVOB.exe
  2⤵
  PID:3564
- C:\Windows\System\oaKGVNE.exe
  C:\Windows\System\oaKGVNE.exe
  2⤵
  PID:3584
- C:\Windows\System\kVomauL.exe
  C:\Windows\System\kVomauL.exe
  2⤵
  PID:3600
- C:\Windows\System\gYenEIf.exe
  C:\Windows\System\gYenEIf.exe
  2⤵
  PID:3624
- C:\Windows\System\hceJycM.exe
  C:\Windows\System\hceJycM.exe
  2⤵
  PID:3648
- C:\Windows\System\zUPISaT.exe
  C:\Windows\System\zUPISaT.exe
  2⤵
  PID:3668
- C:\Windows\System\ajbGpFi.exe
  C:\Windows\System\ajbGpFi.exe
  2⤵
  PID:3688
- C:\Windows\System\XSUqfEn.exe
  C:\Windows\System\XSUqfEn.exe
  2⤵
  PID:3708
- C:\Windows\System\BvfkgmR.exe
  C:\Windows\System\BvfkgmR.exe
  2⤵
  PID:3728
- C:\Windows\System\hSgnJNq.exe
  C:\Windows\System\hSgnJNq.exe
  2⤵
  PID:3752
- C:\Windows\System\xhWhRyf.exe
  C:\Windows\System\xhWhRyf.exe
  2⤵
  PID:3772
- C:\Windows\System\ftttHzX.exe
  C:\Windows\System\ftttHzX.exe
  2⤵
  PID:3792
- C:\Windows\System\oDbAaUY.exe
  C:\Windows\System\oDbAaUY.exe
  2⤵
  PID:3812
- C:\Windows\System\kTVHomw.exe
  C:\Windows\System\kTVHomw.exe
  2⤵
  PID:3832
- C:\Windows\System\XDbOxfm.exe
  C:\Windows\System\XDbOxfm.exe
  2⤵
  PID:3852
- C:\Windows\System\djGYziw.exe
  C:\Windows\System\djGYziw.exe
  2⤵
  PID:3872
- C:\Windows\System\XoYZRZf.exe
  C:\Windows\System\XoYZRZf.exe
  2⤵
  PID:3888
- C:\Windows\System\MiouRfD.exe
  C:\Windows\System\MiouRfD.exe
  2⤵
  PID:3912
- C:\Windows\System\VmPoiNn.exe
  C:\Windows\System\VmPoiNn.exe
  2⤵
  PID:3932
- C:\Windows\System\DlVcWuv.exe
  C:\Windows\System\DlVcWuv.exe
  2⤵
  PID:3952
- C:\Windows\System\iQCDNyn.exe
  C:\Windows\System\iQCDNyn.exe
  2⤵
  PID:3972
- C:\Windows\System\CxacEHb.exe
  C:\Windows\System\CxacEHb.exe
  2⤵
  PID:3992
- C:\Windows\System\AyeRxbn.exe
  C:\Windows\System\AyeRxbn.exe
  2⤵
  PID:4012
- C:\Windows\System\iNEVnUD.exe
  C:\Windows\System\iNEVnUD.exe
  2⤵
  PID:4032
- C:\Windows\System\bHxLKLc.exe
  C:\Windows\System\bHxLKLc.exe
  2⤵
  PID:4056
- C:\Windows\System\KHoefER.exe
  C:\Windows\System\KHoefER.exe
  2⤵
  PID:4076
- C:\Windows\System\FbWOqEE.exe
  C:\Windows\System\FbWOqEE.exe
  2⤵
  PID:716
- C:\Windows\System\UscipYn.exe
  C:\Windows\System\UscipYn.exe
  2⤵
  PID:2752
- C:\Windows\System\YSLJucR.exe
  C:\Windows\System\YSLJucR.exe
  2⤵
  PID:2912
- C:\Windows\System\pTWNHjV.exe
  C:\Windows\System\pTWNHjV.exe
  2⤵
  PID:520
- C:\Windows\System\iGLXwKa.exe
  C:\Windows\System\iGLXwKa.exe
  2⤵
  PID:2756
- C:\Windows\System\CFEENJb.exe
  C:\Windows\System\CFEENJb.exe
  2⤵
  PID:396
- C:\Windows\System\ehbRLmw.exe
  C:\Windows\System\ehbRLmw.exe
  2⤵
  PID:3088
- C:\Windows\System\YaDPxce.exe
  C:\Windows\System\YaDPxce.exe
  2⤵
  PID:3132
- C:\Windows\System\WEzhgkP.exe
  C:\Windows\System\WEzhgkP.exe
  2⤵
  PID:3168
- C:\Windows\System\NCOxVrM.exe
  C:\Windows\System\NCOxVrM.exe
  2⤵
  PID:3156
- C:\Windows\System\xiHIvXT.exe
  C:\Windows\System\xiHIvXT.exe
  2⤵
  PID:3188
- C:\Windows\System\SGVJqKB.exe
  C:\Windows\System\SGVJqKB.exe
  2⤵
  PID:3252
- C:\Windows\System\hgLlYhC.exe
  C:\Windows\System\hgLlYhC.exe
  2⤵
  PID:3292
- C:\Windows\System\AxjTOQX.exe
  C:\Windows\System\AxjTOQX.exe
  2⤵
  PID:3328
- C:\Windows\System\IRfZsSn.exe
  C:\Windows\System\IRfZsSn.exe
  2⤵
  PID:3356
- C:\Windows\System\oxFZWiv.exe
  C:\Windows\System\oxFZWiv.exe
  2⤵
  PID:3376
- C:\Windows\System\nNuYWGY.exe
  C:\Windows\System\nNuYWGY.exe
  2⤵
  PID:3392
- C:\Windows\System\UrrqkuW.exe
  C:\Windows\System\UrrqkuW.exe
  2⤵
  PID:3456
- C:\Windows\System\fhZaMAl.exe
  C:\Windows\System\fhZaMAl.exe
  2⤵
  PID:3496
- C:\Windows\System\owTNjyD.exe
  C:\Windows\System\owTNjyD.exe
  2⤵
  PID:3476
- C:\Windows\System\CoQPOGt.exe
  C:\Windows\System\CoQPOGt.exe
  2⤵
  PID:3536
- C:\Windows\System\ETzeiCo.exe
  C:\Windows\System\ETzeiCo.exe
  2⤵
  PID:3552
- C:\Windows\System\IGJtIeC.exe
  C:\Windows\System\IGJtIeC.exe
  2⤵
  PID:3620
- C:\Windows\System\jJgskWR.exe
  C:\Windows\System\jJgskWR.exe
  2⤵
  PID:3592
- C:\Windows\System\gTUpDLp.exe
  C:\Windows\System\gTUpDLp.exe
  2⤵
  PID:3696
- C:\Windows\System\JgwLnnL.exe
  C:\Windows\System\JgwLnnL.exe
  2⤵
  PID:3748
- C:\Windows\System\VRjdxcC.exe
  C:\Windows\System\VRjdxcC.exe
  2⤵
  PID:3720
- C:\Windows\System\gSJNnUi.exe
  C:\Windows\System\gSJNnUi.exe
  2⤵
  PID:3784
- C:\Windows\System\iscQWqx.exe
  C:\Windows\System\iscQWqx.exe
  2⤵
  PID:3764
- C:\Windows\System\JMFaQzP.exe
  C:\Windows\System\JMFaQzP.exe
  2⤵
  PID:3808
- C:\Windows\System\drmXJAs.exe
  C:\Windows\System\drmXJAs.exe
  2⤵
  PID:3896
- C:\Windows\System\saEHfLp.exe
  C:\Windows\System\saEHfLp.exe
  2⤵
  PID:3884
- C:\Windows\System\FbZmELN.exe
  C:\Windows\System\FbZmELN.exe
  2⤵
  PID:3924
- C:\Windows\System\dEwFZcp.exe
  C:\Windows\System\dEwFZcp.exe
  2⤵
  PID:3980
- C:\Windows\System\bvPbWMz.exe
  C:\Windows\System\bvPbWMz.exe
  2⤵
  PID:3984
- C:\Windows\System\CUQmIMn.exe
  C:\Windows\System\CUQmIMn.exe
  2⤵
  PID:4008
- C:\Windows\System\fsUkxsT.exe
  C:\Windows\System\fsUkxsT.exe
  2⤵
  PID:4072
- C:\Windows\System\ZNrlDYT.exe
  C:\Windows\System\ZNrlDYT.exe
  2⤵
  PID:4092
- C:\Windows\System\ExxVFLV.exe
  C:\Windows\System\ExxVFLV.exe
  2⤵
  PID:3640
- C:\Windows\System\nLuSEkJ.exe
  C:\Windows\System\nLuSEkJ.exe
  2⤵
  PID:2072
- C:\Windows\System\LUDKWXB.exe
  C:\Windows\System\LUDKWXB.exe
  2⤵
  PID:1700
- C:\Windows\System\rNGkGum.exe
  C:\Windows\System\rNGkGum.exe
  2⤵
  PID:2012
- C:\Windows\System\orWzIrW.exe
  C:\Windows\System\orWzIrW.exe
  2⤵
  PID:2308
- C:\Windows\System\ALVezNj.exe
  C:\Windows\System\ALVezNj.exe
  2⤵
  PID:3196
- C:\Windows\System\eEYwQMF.exe
  C:\Windows\System\eEYwQMF.exe
  2⤵
  PID:3248
- C:\Windows\System\oIpmfRo.exe
  C:\Windows\System\oIpmfRo.exe
  2⤵
  PID:3272
- C:\Windows\System\rbDrIWb.exe
  C:\Windows\System\rbDrIWb.exe
  2⤵
  PID:3352
- C:\Windows\System\PCxreRA.exe
  C:\Windows\System\PCxreRA.exe
  2⤵
  PID:3340
- C:\Windows\System\lqdytYR.exe
  C:\Windows\System\lqdytYR.exe
  2⤵
  PID:3448
- C:\Windows\System\pEcPbRS.exe
  C:\Windows\System\pEcPbRS.exe
  2⤵
  PID:3500
- C:\Windows\System\EzHEebS.exe
  C:\Windows\System\EzHEebS.exe
  2⤵
  PID:3512
- C:\Windows\System\zJQfuWG.exe
  C:\Windows\System\zJQfuWG.exe
  2⤵
  PID:3576
- C:\Windows\System\gYiBpRg.exe
  C:\Windows\System\gYiBpRg.exe
  2⤵
  PID:3616
- C:\Windows\System\mmERbeT.exe
  C:\Windows\System\mmERbeT.exe
  2⤵
  PID:2356
- C:\Windows\System\hvwOtTW.exe
  C:\Windows\System\hvwOtTW.exe
  2⤵
  PID:3960
- C:\Windows\System\PlgGDol.exe
  C:\Windows\System\PlgGDol.exe
  2⤵
  PID:4020
- C:\Windows\System\HXEnIkA.exe
  C:\Windows\System\HXEnIkA.exe
  2⤵
  PID:3988
- C:\Windows\System\aJElPvH.exe
  C:\Windows\System\aJElPvH.exe
  2⤵
  PID:600
- C:\Windows\System\uJChbAj.exe
  C:\Windows\System\uJChbAj.exe
  2⤵
  PID:2352
- C:\Windows\System\jzffIVs.exe
  C:\Windows\System\jzffIVs.exe
  2⤵
  PID:1988
- C:\Windows\System\DqwheeR.exe
  C:\Windows\System\DqwheeR.exe
  2⤵
  PID:3092
- C:\Windows\System\mHeehuk.exe
  C:\Windows\System\mHeehuk.exe
  2⤵
  PID:3108
- C:\Windows\System\WlkDZrH.exe
  C:\Windows\System\WlkDZrH.exe
  2⤵
  PID:2632
- C:\Windows\System\SZJlpDp.exe
  C:\Windows\System\SZJlpDp.exe
  2⤵
  PID:2176
- C:\Windows\System\uLLIxGb.exe
  C:\Windows\System\uLLIxGb.exe
  2⤵
  PID:2232
- C:\Windows\System\BRBKTVf.exe
  C:\Windows\System\BRBKTVf.exe
  2⤵
  PID:3336
- C:\Windows\System\tAFzdlt.exe
  C:\Windows\System\tAFzdlt.exe
  2⤵
  PID:3452
- C:\Windows\System\BdKiqLJ.exe
  C:\Windows\System\BdKiqLJ.exe
  2⤵
  PID:3520
- C:\Windows\System\QsQNmZt.exe
  C:\Windows\System\QsQNmZt.exe
  2⤵
  PID:3480
- C:\Windows\System\ZnhNhRF.exe
  C:\Windows\System\ZnhNhRF.exe
  2⤵
  PID:3700
- C:\Windows\System\QyIOcqe.exe
  C:\Windows\System\QyIOcqe.exe
  2⤵
  PID:980
- C:\Windows\System\SFEHIdr.exe
  C:\Windows\System\SFEHIdr.exe
  2⤵
  PID:856
- C:\Windows\System\bJEJOwu.exe
  C:\Windows\System\bJEJOwu.exe
  2⤵
  PID:3048
- C:\Windows\System\bEehGuX.exe
  C:\Windows\System\bEehGuX.exe
  2⤵
  PID:3824
- C:\Windows\System\ZoFTLXE.exe
  C:\Windows\System\ZoFTLXE.exe
  2⤵
  PID:3632
- C:\Windows\System\GmjOzOl.exe
  C:\Windows\System\GmjOzOl.exe
  2⤵
  PID:2720
- C:\Windows\System\VeArwyy.exe
  C:\Windows\System\VeArwyy.exe
  2⤵
  PID:2200
- C:\Windows\System\pRAnvry.exe
  C:\Windows\System\pRAnvry.exe
  2⤵
  PID:332
- C:\Windows\System\ExbnAst.exe
  C:\Windows\System\ExbnAst.exe
  2⤵
  PID:2608
- C:\Windows\System\fkQvqWn.exe
  C:\Windows\System\fkQvqWn.exe
  2⤵
  PID:3944
- C:\Windows\System\qOoIylW.exe
  C:\Windows\System\qOoIylW.exe
  2⤵
  PID:2016
- C:\Windows\System\LdnsRLw.exe
  C:\Windows\System\LdnsRLw.exe
  2⤵
  PID:4044
- C:\Windows\System\fbIGAdF.exe
  C:\Windows\System\fbIGAdF.exe
  2⤵
  PID:3176
- C:\Windows\System\zcURHJP.exe
  C:\Windows\System\zcURHJP.exe
  2⤵
  PID:3128
- C:\Windows\System\pBmhVke.exe
  C:\Windows\System\pBmhVke.exe
  2⤵
  PID:2996
- C:\Windows\System\neKOQSC.exe
  C:\Windows\System\neKOQSC.exe
  2⤵
  PID:3136
- C:\Windows\System\DHuvWLX.exe
  C:\Windows\System\DHuvWLX.exe
  2⤵
  PID:568
- C:\Windows\System\adAsqBD.exe
  C:\Windows\System\adAsqBD.exe
  2⤵
  PID:3396
- C:\Windows\System\TDixHJR.exe
  C:\Windows\System\TDixHJR.exe
  2⤵
  PID:1572
- C:\Windows\System\fpObTZE.exe
  C:\Windows\System\fpObTZE.exe
  2⤵
  PID:952
- C:\Windows\System\fWdcRLF.exe
  C:\Windows\System\fWdcRLF.exe
  2⤵
  PID:2620
- C:\Windows\System\kBdzenv.exe
  C:\Windows\System\kBdzenv.exe
  2⤵
  PID:2420
- C:\Windows\System\wVyrEbh.exe
  C:\Windows\System\wVyrEbh.exe
  2⤵
  PID:2760
- C:\Windows\System\NkDmerB.exe
  C:\Windows\System\NkDmerB.exe
  2⤵
  PID:1020
- C:\Windows\System\ySMKzVb.exe
  C:\Windows\System\ySMKzVb.exe
  2⤵
  PID:3920
- C:\Windows\System\OwbJnyZ.exe
  C:\Windows\System\OwbJnyZ.exe
  2⤵
  PID:4052
- C:\Windows\System\cYRvuZw.exe
  C:\Windows\System\cYRvuZw.exe
  2⤵
  PID:872
- C:\Windows\System\EjWzZHj.exe
  C:\Windows\System\EjWzZHj.exe
  2⤵
  PID:2572
- C:\Windows\System\PWlqdbr.exe
  C:\Windows\System\PWlqdbr.exe
  2⤵
  PID:2148
- C:\Windows\System\joIAEnt.exe
  C:\Windows\System\joIAEnt.exe
  2⤵
  PID:3608
- C:\Windows\System\NpXYODt.exe
  C:\Windows\System\NpXYODt.exe
  2⤵
  PID:756
- C:\Windows\System\GTbEFAQ.exe
  C:\Windows\System\GTbEFAQ.exe
  2⤵
  PID:2664
- C:\Windows\System\GsEWMnu.exe
  C:\Windows\System\GsEWMnu.exe
  2⤵
  PID:2648
- C:\Windows\System\FnLLnov.exe
  C:\Windows\System\FnLLnov.exe
  2⤵
  PID:3880
- C:\Windows\System\EcdHWOC.exe
  C:\Windows\System\EcdHWOC.exe
  2⤵
  PID:3540
- C:\Windows\System\gzxzrGW.exe
  C:\Windows\System\gzxzrGW.exe
  2⤵
  PID:3232
- C:\Windows\System\FoionzR.exe
  C:\Windows\System\FoionzR.exe
  2⤵
  PID:748
- C:\Windows\System\yXGGQLb.exe
  C:\Windows\System\yXGGQLb.exe
  2⤵
  PID:888
- C:\Windows\System\JjpLBQu.exe
  C:\Windows\System\JjpLBQu.exe
  2⤵
  PID:3908
- C:\Windows\System\BaOClaU.exe
  C:\Windows\System\BaOClaU.exe
  2⤵
  PID:1936
- C:\Windows\System\OXmdHSB.exe
  C:\Windows\System\OXmdHSB.exe
  2⤵
  PID:3020
- C:\Windows\System\sgieYFY.exe
  C:\Windows\System\sgieYFY.exe
  2⤵
  PID:1568
- C:\Windows\System\WNxlMcD.exe
  C:\Windows\System\WNxlMcD.exe
  2⤵
  PID:3556
- C:\Windows\System\lkdubFa.exe
  C:\Windows\System\lkdubFa.exe
  2⤵
  PID:3848
- C:\Windows\System\UNabuPa.exe
  C:\Windows\System\UNabuPa.exe
  2⤵
  PID:4112
- C:\Windows\System\gniAPkx.exe
  C:\Windows\System\gniAPkx.exe
  2⤵
  PID:4140
- C:\Windows\System\RMyROfk.exe
  C:\Windows\System\RMyROfk.exe
  2⤵
  PID:4160
- C:\Windows\System\ypuTjfB.exe
  C:\Windows\System\ypuTjfB.exe
  2⤵
  PID:4180
- C:\Windows\System\RWSRAPE.exe
  C:\Windows\System\RWSRAPE.exe
  2⤵
  PID:4196
- C:\Windows\System\enQNOFB.exe
  C:\Windows\System\enQNOFB.exe
  2⤵
  PID:4220
- C:\Windows\System\TNPwZGK.exe
  C:\Windows\System\TNPwZGK.exe
  2⤵
  PID:4240
- C:\Windows\System\bqJUqbo.exe
  C:\Windows\System\bqJUqbo.exe
  2⤵
  PID:4256
- C:\Windows\System\lJaPTvZ.exe
  C:\Windows\System\lJaPTvZ.exe
  2⤵
  PID:4272
- C:\Windows\System\mubHsat.exe
  C:\Windows\System\mubHsat.exe
  2⤵
  PID:4292
- C:\Windows\System\ZJeAomh.exe
  C:\Windows\System\ZJeAomh.exe
  2⤵
  PID:4324
- C:\Windows\System\JQQfAXo.exe
  C:\Windows\System\JQQfAXo.exe
  2⤵
  PID:4340
- C:\Windows\System\ZpFFDGG.exe
  C:\Windows\System\ZpFFDGG.exe
  2⤵
  PID:4360
- C:\Windows\System\RuGJraI.exe
  C:\Windows\System\RuGJraI.exe
  2⤵
  PID:4376
- C:\Windows\System\vhfTzuW.exe
  C:\Windows\System\vhfTzuW.exe
  2⤵
  PID:4392
- C:\Windows\System\wXzhMIG.exe
  C:\Windows\System\wXzhMIG.exe
  2⤵
  PID:4420
- C:\Windows\System\hZrOYPC.exe
  C:\Windows\System\hZrOYPC.exe
  2⤵
  PID:4440
- C:\Windows\System\uIjMLxx.exe
  C:\Windows\System\uIjMLxx.exe
  2⤵
  PID:4464
- C:\Windows\System\ocxixsu.exe
  C:\Windows\System\ocxixsu.exe
  2⤵
  PID:4480
- C:\Windows\System\zszqVdJ.exe
  C:\Windows\System\zszqVdJ.exe
  2⤵
  PID:4500
- C:\Windows\System\unIoRtx.exe
  C:\Windows\System\unIoRtx.exe
  2⤵
  PID:4524
- C:\Windows\System\MiJodjH.exe
  C:\Windows\System\MiJodjH.exe
  2⤵
  PID:4548
- C:\Windows\System\obicPyu.exe
  C:\Windows\System\obicPyu.exe
  2⤵
  PID:4564
- C:\Windows\System\CioOfXX.exe
  C:\Windows\System\CioOfXX.exe
  2⤵
  PID:4584
- C:\Windows\System\swEaVrj.exe
  C:\Windows\System\swEaVrj.exe
  2⤵
  PID:4604
- C:\Windows\System\iyXReZl.exe
  C:\Windows\System\iyXReZl.exe
  2⤵
  PID:4624
- C:\Windows\System\gLtqSEk.exe
  C:\Windows\System\gLtqSEk.exe
  2⤵
  PID:4644
- C:\Windows\System\JDpeFPP.exe
  C:\Windows\System\JDpeFPP.exe
  2⤵
  PID:4668
- C:\Windows\System\mlpDHAr.exe
  C:\Windows\System\mlpDHAr.exe
  2⤵
  PID:4684
- C:\Windows\System\WmDwyme.exe
  C:\Windows\System\WmDwyme.exe
  2⤵
  PID:4708
- C:\Windows\System\ltwyZSo.exe
  C:\Windows\System\ltwyZSo.exe
  2⤵
  PID:4732
- C:\Windows\System\vrmUOvh.exe
  C:\Windows\System\vrmUOvh.exe
  2⤵
  PID:4756
- C:\Windows\System\mLkZlLq.exe
  C:\Windows\System\mLkZlLq.exe
  2⤵
  PID:4844
- C:\Windows\System\AhjfmGL.exe
  C:\Windows\System\AhjfmGL.exe
  2⤵
  PID:4868
- C:\Windows\System\bIneIWq.exe
  C:\Windows\System\bIneIWq.exe
  2⤵
  PID:4884
- C:\Windows\System\QzyZvQr.exe
  C:\Windows\System\QzyZvQr.exe
  2⤵
  PID:4908
- C:\Windows\System\XQBfCbL.exe
  C:\Windows\System\XQBfCbL.exe
  2⤵
  PID:4928
- C:\Windows\System\BoYzaxk.exe
  C:\Windows\System\BoYzaxk.exe
  2⤵
  PID:4948
- C:\Windows\System\EyGXSrU.exe
  C:\Windows\System\EyGXSrU.exe
  2⤵
  PID:4964
- C:\Windows\System\OWiNzjF.exe
  C:\Windows\System\OWiNzjF.exe
  2⤵
  PID:4980
- C:\Windows\System\EdbAHSr.exe
  C:\Windows\System\EdbAHSr.exe
  2⤵
  PID:5008
- C:\Windows\System\VYLKFGY.exe
  C:\Windows\System\VYLKFGY.exe
  2⤵
  PID:5024
- C:\Windows\System\aGoyOxW.exe
  C:\Windows\System\aGoyOxW.exe
  2⤵
  PID:5040
- C:\Windows\System\bmBnZrZ.exe
  C:\Windows\System\bmBnZrZ.exe
  2⤵
  PID:5060
- C:\Windows\System\QWovFRG.exe
  C:\Windows\System\QWovFRG.exe
  2⤵
  PID:5080
- C:\Windows\System\bgKKwOC.exe
  C:\Windows\System\bgKKwOC.exe
  2⤵
  PID:5108
- C:\Windows\System\sGYVIHH.exe
  C:\Windows\System\sGYVIHH.exe
  2⤵
  PID:924
- C:\Windows\System\PglCgSV.exe
  C:\Windows\System\PglCgSV.exe
  2⤵
  PID:4124
- C:\Windows\System\nwIkWcW.exe
  C:\Windows\System\nwIkWcW.exe
  2⤵
  PID:4132
- C:\Windows\System\lZfDLlI.exe
  C:\Windows\System\lZfDLlI.exe
  2⤵
  PID:4204
- C:\Windows\System\XlXTwbQ.exe
  C:\Windows\System\XlXTwbQ.exe
  2⤵
  PID:4212
- C:\Windows\System\VrqLZMv.exe
  C:\Windows\System\VrqLZMv.exe
  2⤵
  PID:4228
- C:\Windows\System\hjhNHNr.exe
  C:\Windows\System\hjhNHNr.exe
  2⤵
  PID:4284
- C:\Windows\System\fRYiAsP.exe
  C:\Windows\System\fRYiAsP.exe
  2⤵
  PID:4264
- C:\Windows\System\awUaAok.exe
  C:\Windows\System\awUaAok.exe
  2⤵
  PID:4332
- C:\Windows\System\NKqHTVu.exe
  C:\Windows\System\NKqHTVu.exe
  2⤵
  PID:4412
- C:\Windows\System\SkadUkj.exe
  C:\Windows\System\SkadUkj.exe
  2⤵
  PID:4352
- C:\Windows\System\SzVIjLz.exe
  C:\Windows\System\SzVIjLz.exe
  2⤵
  PID:4436
- C:\Windows\System\YhWQrQV.exe
  C:\Windows\System\YhWQrQV.exe
  2⤵
  PID:4488
- C:\Windows\System\MRnNYBO.exe
  C:\Windows\System\MRnNYBO.exe
  2⤵
  PID:4512
- C:\Windows\System\CozMefb.exe
  C:\Windows\System\CozMefb.exe
  2⤵
  PID:4520
- C:\Windows\System\lhrhbqK.exe
  C:\Windows\System\lhrhbqK.exe
  2⤵
  PID:4556
- C:\Windows\System\YvgZznW.exe
  C:\Windows\System\YvgZznW.exe
  2⤵
  PID:4612
- C:\Windows\System\aJwyhMS.exe
  C:\Windows\System\aJwyhMS.exe
  2⤵
  PID:4620
- C:\Windows\System\mzVfAHM.exe
  C:\Windows\System\mzVfAHM.exe
  2⤵
  PID:4632
- C:\Windows\System\ZayWEFf.exe
  C:\Windows\System\ZayWEFf.exe
  2⤵
  PID:4696
- C:\Windows\System\UjJcACb.exe
  C:\Windows\System\UjJcACb.exe
  2⤵
  PID:4740
- C:\Windows\System\tKYsdst.exe
  C:\Windows\System\tKYsdst.exe
  2⤵
  PID:4660
- C:\Windows\System\pCiRrCv.exe
  C:\Windows\System\pCiRrCv.exe
  2⤵
  PID:4780
- C:\Windows\System\oPgUWQX.exe
  C:\Windows\System\oPgUWQX.exe
  2⤵
  PID:4800
- C:\Windows\System\BHUGxrj.exe
  C:\Windows\System\BHUGxrj.exe
  2⤵
  PID:4820
- C:\Windows\System\IIMhlBZ.exe
  C:\Windows\System\IIMhlBZ.exe
  2⤵
  PID:4832
- C:\Windows\System\XPXIjvK.exe
  C:\Windows\System\XPXIjvK.exe
  2⤵
  PID:4876
- C:\Windows\System\JKMaKiu.exe
  C:\Windows\System\JKMaKiu.exe
  2⤵
  PID:4904
- C:\Windows\System\KPsTXeA.exe
  C:\Windows\System\KPsTXeA.exe
  2⤵
  PID:4936
- C:\Windows\System\zHmDAWR.exe
  C:\Windows\System\zHmDAWR.exe
  2⤵
  PID:4976
- C:\Windows\System\WNdopnd.exe
  C:\Windows\System\WNdopnd.exe
  2⤵
  PID:4992
- C:\Windows\System\PKPInaw.exe
  C:\Windows\System\PKPInaw.exe
  2⤵
  PID:5056
- C:\Windows\System\mfIosYK.exe
  C:\Windows\System\mfIosYK.exe
  2⤵
  PID:5068
- C:\Windows\System\MKwBAdC.exe
  C:\Windows\System\MKwBAdC.exe
  2⤵
  PID:4836
- C:\Windows\System\xAWAZBy.exe
  C:\Windows\System\xAWAZBy.exe
  2⤵
  PID:1716
- C:\Windows\System\tDTUDbu.exe
  C:\Windows\System\tDTUDbu.exe
  2⤵
  PID:4172
- C:\Windows\System\HkTfixR.exe
  C:\Windows\System\HkTfixR.exe
  2⤵
  PID:4216
- C:\Windows\System\gsdbbST.exe
  C:\Windows\System\gsdbbST.exe
  2⤵
  PID:4312
- C:\Windows\System\qJmgpjk.exe
  C:\Windows\System\qJmgpjk.exe
  2⤵
  PID:4248
- C:\Windows\System\hOGbyBo.exe
  C:\Windows\System\hOGbyBo.exe
  2⤵
  PID:4320
- C:\Windows\System\uNfTfkV.exe
  C:\Windows\System\uNfTfkV.exe
  2⤵
  PID:4404
- C:\Windows\System\xxbNGPX.exe
  C:\Windows\System\xxbNGPX.exe
  2⤵
  PID:4508
- C:\Windows\System\uDWdgAD.exe
  C:\Windows\System\uDWdgAD.exe
  2⤵
  PID:4536
- C:\Windows\System\UHRitbZ.exe
  C:\Windows\System\UHRitbZ.exe
  2⤵
  PID:4572
- C:\Windows\System\CSvbsXk.exe
  C:\Windows\System\CSvbsXk.exe
  2⤵
  PID:4680
- C:\Windows\System\kAyhEsK.exe
  C:\Windows\System\kAyhEsK.exe
  2⤵
  PID:4652
- C:\Windows\System\AiVVFHJ.exe
  C:\Windows\System\AiVVFHJ.exe
  2⤵
  PID:4720
- C:\Windows\System\MiHJITH.exe
  C:\Windows\System\MiHJITH.exe
  2⤵
  PID:4788
- C:\Windows\System\GgqJiPz.exe
  C:\Windows\System\GgqJiPz.exe
  2⤵
  PID:4828
- C:\Windows\System\wyypmZr.exe
  C:\Windows\System\wyypmZr.exe
  2⤵
  PID:4864
- C:\Windows\System\QhvovSZ.exe
  C:\Windows\System\QhvovSZ.exe
  2⤵
  PID:4988
- C:\Windows\System\mCYiJOU.exe
  C:\Windows\System\mCYiJOU.exe
  2⤵
  PID:4920
- C:\Windows\System\wWsrxen.exe
  C:\Windows\System\wWsrxen.exe
  2⤵
  PID:4944
- C:\Windows\System\VgmsgBW.exe
  C:\Windows\System\VgmsgBW.exe
  2⤵
  PID:5092
- C:\Windows\System\gaCQKJA.exe
  C:\Windows\System\gaCQKJA.exe
  2⤵
  PID:4120
- C:\Windows\System\ORstbBr.exe
  C:\Windows\System\ORstbBr.exe
  2⤵
  PID:4300
- C:\Windows\System\qLUCbfA.exe
  C:\Windows\System\qLUCbfA.exe
  2⤵
  PID:4348
- C:\Windows\System\SUUQVXO.exe
  C:\Windows\System\SUUQVXO.exe
  2⤵
  PID:4456
- C:\Windows\System\ATNirCO.exe
  C:\Windows\System\ATNirCO.exe
  2⤵
  PID:4476
- C:\Windows\System\rIIzDjS.exe
  C:\Windows\System\rIIzDjS.exe
  2⤵
  PID:2240
- C:\Windows\System\nRWJqom.exe
  C:\Windows\System\nRWJqom.exe
  2⤵
  PID:4700
- C:\Windows\System\RXPrmMr.exe
  C:\Windows\System\RXPrmMr.exe
  2⤵
  PID:4768
- C:\Windows\System\LKTRuYl.exe
  C:\Windows\System\LKTRuYl.exe
  2⤵
  PID:4900
- C:\Windows\System\SvxfaeO.exe
  C:\Windows\System\SvxfaeO.exe
  2⤵
  PID:5020
- C:\Windows\System\RQUownz.exe
  C:\Windows\System\RQUownz.exe
  2⤵
  PID:4860
- C:\Windows\System\cxzPtfu.exe
  C:\Windows\System\cxzPtfu.exe
  2⤵
  PID:4960
- C:\Windows\System\WQaeHAb.exe
  C:\Windows\System\WQaeHAb.exe
  2⤵
  PID:4128
- C:\Windows\System\QevAZim.exe
  C:\Windows\System\QevAZim.exe
  2⤵
  PID:4400
- C:\Windows\System\wsSansq.exe
  C:\Windows\System\wsSansq.exe
  2⤵
  PID:4416
- C:\Windows\System\QKWSBJN.exe
  C:\Windows\System\QKWSBJN.exe
  2⤵
  PID:4592
- C:\Windows\System\GEMywuU.exe
  C:\Windows\System\GEMywuU.exe
  2⤵
  PID:4776
- C:\Windows\System\rnJSOUK.exe
  C:\Windows\System\rnJSOUK.exe
  2⤵
  PID:4752
- C:\Windows\System\tgWvCNK.exe
  C:\Windows\System\tgWvCNK.exe
  2⤵
  PID:4840
- C:\Windows\System\PZtFSCK.exe
  C:\Windows\System\PZtFSCK.exe
  2⤵
  PID:5100
- C:\Windows\System\JyaSdZf.exe
  C:\Windows\System\JyaSdZf.exe
  2⤵
  PID:4280
- C:\Windows\System\ysSfaNM.exe
  C:\Windows\System\ysSfaNM.exe
  2⤵
  PID:4432
- C:\Windows\System\pKHCtRK.exe
  C:\Windows\System\pKHCtRK.exe
  2⤵
  PID:4496
- C:\Windows\System\HEYsEEC.exe
  C:\Windows\System\HEYsEEC.exe
  2⤵
  PID:5052
- C:\Windows\System\IlWYYcV.exe
  C:\Windows\System\IlWYYcV.exe
  2⤵
  PID:4428
- C:\Windows\System\IJNUETe.exe
  C:\Windows\System\IJNUETe.exe
  2⤵
  PID:4892
- C:\Windows\System\cvqswBc.exe
  C:\Windows\System\cvqswBc.exe
  2⤵
  PID:4156
- C:\Windows\System\LCudvKd.exe
  C:\Windows\System\LCudvKd.exe
  2⤵
  PID:4896
- C:\Windows\System\sHpSvwB.exe
  C:\Windows\System\sHpSvwB.exe
  2⤵
  PID:4724
- C:\Windows\System\TdATsYW.exe
  C:\Windows\System\TdATsYW.exe
  2⤵
  PID:5136
- C:\Windows\System\DMtrjmX.exe
  C:\Windows\System\DMtrjmX.exe
  2⤵
  PID:5152
- C:\Windows\System\vhqcEDD.exe
  C:\Windows\System\vhqcEDD.exe
  2⤵
  PID:5172
- C:\Windows\System\vmNLUbq.exe
  C:\Windows\System\vmNLUbq.exe
  2⤵
  PID:5192
- C:\Windows\System\KegKXaX.exe
  C:\Windows\System\KegKXaX.exe
  2⤵
  PID:5212
- C:\Windows\System\HerCZuV.exe
  C:\Windows\System\HerCZuV.exe
  2⤵
  PID:5236
- C:\Windows\System\baSvzWq.exe
  C:\Windows\System\baSvzWq.exe
  2⤵
  PID:5260
- C:\Windows\System\lEjABfo.exe
  C:\Windows\System\lEjABfo.exe
  2⤵
  PID:5276
- C:\Windows\System\KeMZjVr.exe
  C:\Windows\System\KeMZjVr.exe
  2⤵
  PID:5292
- C:\Windows\System\bcaVLnA.exe
  C:\Windows\System\bcaVLnA.exe
  2⤵
  PID:5312
- C:\Windows\System\xlYatFh.exe
  C:\Windows\System\xlYatFh.exe
  2⤵
  PID:5336
- C:\Windows\System\DRKhlfp.exe
  C:\Windows\System\DRKhlfp.exe
  2⤵
  PID:5352
- C:\Windows\System\ZAwiHvz.exe
  C:\Windows\System\ZAwiHvz.exe
  2⤵
  PID:5384
- C:\Windows\System\BdMeMex.exe
  C:\Windows\System\BdMeMex.exe
  2⤵
  PID:5400
- C:\Windows\System\VJTXgeK.exe
  C:\Windows\System\VJTXgeK.exe
  2⤵
  PID:5420
- C:\Windows\System\sRkabRE.exe
  C:\Windows\System\sRkabRE.exe
  2⤵
  PID:5448
- C:\Windows\System\FiUeLHu.exe
  C:\Windows\System\FiUeLHu.exe
  2⤵
  PID:5468
- C:\Windows\System\CWxwflW.exe
  C:\Windows\System\CWxwflW.exe
  2⤵
  PID:5484
- C:\Windows\System\AKrUuPo.exe
  C:\Windows\System\AKrUuPo.exe
  2⤵
  PID:5500
- C:\Windows\System\TzWOcXf.exe
  C:\Windows\System\TzWOcXf.exe
  2⤵
  PID:5516
- C:\Windows\System\BUjHZkQ.exe
  C:\Windows\System\BUjHZkQ.exe
  2⤵
  PID:5548
- C:\Windows\System\WQNVOzB.exe
  C:\Windows\System\WQNVOzB.exe
  2⤵
  PID:5564
- C:\Windows\System\etpqZWD.exe
  C:\Windows\System\etpqZWD.exe
  2⤵
  PID:5584
- C:\Windows\System\LZcAoSK.exe
  C:\Windows\System\LZcAoSK.exe
  2⤵
  PID:5600
- C:\Windows\System\LQlwMje.exe
  C:\Windows\System\LQlwMje.exe
  2⤵
  PID:5616
- C:\Windows\System\rcYRfSm.exe
  C:\Windows\System\rcYRfSm.exe
  2⤵
  PID:5632
- C:\Windows\System\OkMoZxb.exe
  C:\Windows\System\OkMoZxb.exe
  2⤵
  PID:5652
- C:\Windows\System\UEPRulL.exe
  C:\Windows\System\UEPRulL.exe
  2⤵
  PID:5676
- C:\Windows\System\ZKWSLxK.exe
  C:\Windows\System\ZKWSLxK.exe
  2⤵
  PID:5708
- C:\Windows\System\gwOiTSt.exe
  C:\Windows\System\gwOiTSt.exe
  2⤵
  PID:5724
- C:\Windows\System\TBskiep.exe
  C:\Windows\System\TBskiep.exe
  2⤵
  PID:5744
- C:\Windows\System\ubzHLVz.exe
  C:\Windows\System\ubzHLVz.exe
  2⤵
  PID:5780
- C:\Windows\System\hYnjGls.exe
  C:\Windows\System\hYnjGls.exe
  2⤵
  PID:5800
- C:\Windows\System\pvSAvuP.exe
  C:\Windows\System\pvSAvuP.exe
  2⤵
  PID:5816
- C:\Windows\System\BKOKpEX.exe
  C:\Windows\System\BKOKpEX.exe
  2⤵
  PID:5832
- C:\Windows\System\OJmjliB.exe
  C:\Windows\System\OJmjliB.exe
  2⤵
  PID:5852
- C:\Windows\System\rlszMjY.exe
  C:\Windows\System\rlszMjY.exe
  2⤵
  PID:5876
- C:\Windows\System\YwAbkRc.exe
  C:\Windows\System\YwAbkRc.exe
  2⤵
  PID:5892
- C:\Windows\System\HPRBGlL.exe
  C:\Windows\System\HPRBGlL.exe
  2⤵
  PID:5920
- C:\Windows\System\vrYRnfE.exe
  C:\Windows\System\vrYRnfE.exe
  2⤵
  PID:5936
- C:\Windows\System\KRvpMXz.exe
  C:\Windows\System\KRvpMXz.exe
  2⤵
  PID:5952
- C:\Windows\System\mrBbHLb.exe
  C:\Windows\System\mrBbHLb.exe
  2⤵
  PID:5980
- C:\Windows\System\KuGmwFc.exe
  C:\Windows\System\KuGmwFc.exe
  2⤵
  PID:5996
- C:\Windows\System\HPXZWyk.exe
  C:\Windows\System\HPXZWyk.exe
  2⤵
  PID:6012
- C:\Windows\System\BBkTRnn.exe
  C:\Windows\System\BBkTRnn.exe
  2⤵
  PID:6036
- C:\Windows\System\THnWwde.exe
  C:\Windows\System\THnWwde.exe
  2⤵
  PID:6060
- C:\Windows\System\VGPteyQ.exe
  C:\Windows\System\VGPteyQ.exe
  2⤵
  PID:6080
- C:\Windows\System\pLtkGmm.exe
  C:\Windows\System\pLtkGmm.exe
  2⤵
  PID:6104
- C:\Windows\System\owSOatR.exe
  C:\Windows\System\owSOatR.exe
  2⤵
  PID:6120
- C:\Windows\System\IVyQzJf.exe
  C:\Windows\System\IVyQzJf.exe
  2⤵
  PID:6140
- C:\Windows\System\xkCozPU.exe
  C:\Windows\System\xkCozPU.exe
  2⤵
  PID:5160
- C:\Windows\System\HoFMRxp.exe
  C:\Windows\System\HoFMRxp.exe
  2⤵
  PID:5208
- C:\Windows\System\zOKJhmX.exe
  C:\Windows\System\zOKJhmX.exe
  2⤵
  PID:5248
- C:\Windows\System\RxlNrEc.exe
  C:\Windows\System\RxlNrEc.exe
  2⤵
  PID:5180
- C:\Windows\System\zNGEkXi.exe
  C:\Windows\System\zNGEkXi.exe
  2⤵
  PID:5256
- C:\Windows\System\AjfmoHp.exe
  C:\Windows\System\AjfmoHp.exe
  2⤵
  PID:5328
- C:\Windows\System\smxgrbA.exe
  C:\Windows\System\smxgrbA.exe
  2⤵
  PID:5268
- C:\Windows\System\GBhntCV.exe
  C:\Windows\System\GBhntCV.exe
  2⤵
  PID:5304
- C:\Windows\System\dNxudvs.exe
  C:\Windows\System\dNxudvs.exe
  2⤵
  PID:5416
- C:\Windows\System\ijHWQnL.exe
  C:\Windows\System\ijHWQnL.exe
  2⤵
  PID:5456
- C:\Windows\System\XkyKZho.exe
  C:\Windows\System\XkyKZho.exe
  2⤵
  PID:5460
- C:\Windows\System\gnNLwdH.exe
  C:\Windows\System\gnNLwdH.exe
  2⤵
  PID:5480
- C:\Windows\System\ynBRXeV.exe
  C:\Windows\System\ynBRXeV.exe
  2⤵
  PID:5532
- C:\Windows\System\ZtcYLCj.exe
  C:\Windows\System\ZtcYLCj.exe
  2⤵
  PID:5572
- C:\Windows\System\npBhDOY.exe
  C:\Windows\System\npBhDOY.exe
  2⤵
  PID:5644
- C:\Windows\System\xokxEWK.exe
  C:\Windows\System\xokxEWK.exe
  2⤵
  PID:5592
- C:\Windows\System\ZLghUBj.exe
  C:\Windows\System\ZLghUBj.exe
  2⤵
  PID:5696
- C:\Windows\System\SHCPhIS.exe
  C:\Windows\System\SHCPhIS.exe
  2⤵
  PID:5664
- C:\Windows\System\uvokSmJ.exe
  C:\Windows\System\uvokSmJ.exe
  2⤵
  PID:5732
- C:\Windows\System\ONkUfYL.exe
  C:\Windows\System\ONkUfYL.exe
  2⤵
  PID:5752
- C:\Windows\System\PFNjTuL.exe
  C:\Windows\System\PFNjTuL.exe
  2⤵
  PID:5772
- C:\Windows\System\ZAfEIQp.exe
  C:\Windows\System\ZAfEIQp.exe
  2⤵
  PID:5792
- C:\Windows\System\oDRLUuJ.exe
  C:\Windows\System\oDRLUuJ.exe
  2⤵
  PID:5872
- C:\Windows\System\yThDEdn.exe
  C:\Windows\System\yThDEdn.exe
  2⤵
  PID:5844
- C:\Windows\System\RyveDgi.exe
  C:\Windows\System\RyveDgi.exe
  2⤵
  PID:5904
- C:\Windows\System\ivqYFGs.exe
  C:\Windows\System\ivqYFGs.exe
  2⤵
  PID:5948
- C:\Windows\System\lhetVMr.exe
  C:\Windows\System\lhetVMr.exe
  2⤵
  PID:5964
- C:\Windows\System\GFSjjGl.exe
  C:\Windows\System\GFSjjGl.exe
  2⤵
  PID:6008
- C:\Windows\System\wxcimsi.exe
  C:\Windows\System\wxcimsi.exe
  2⤵
  PID:6044
- C:\Windows\System\JZTjHcQ.exe
  C:\Windows\System\JZTjHcQ.exe
  2⤵
  PID:6072
- C:\Windows\System\drENBBr.exe
  C:\Windows\System\drENBBr.exe
  2⤵
  PID:6116
- C:\Windows\System\nmKMajV.exe
  C:\Windows\System\nmKMajV.exe
  2⤵
  PID:5132
- C:\Windows\System\zDBsTNv.exe
  C:\Windows\System\zDBsTNv.exe
  2⤵
  PID:5220
- C:\Windows\System\tGQVreK.exe
  C:\Windows\System\tGQVreK.exe
  2⤵
  PID:5232
- C:\Windows\System\wdoeooW.exe
  C:\Windows\System\wdoeooW.exe
  2⤵
  PID:5376
- C:\Windows\System\aMeIceh.exe
  C:\Windows\System\aMeIceh.exe
  2⤵
  PID:5272
- C:\Windows\System\dVtkvQH.exe
  C:\Windows\System\dVtkvQH.exe
  2⤵
  PID:5348
- C:\Windows\System\MtLOdAs.exe
  C:\Windows\System\MtLOdAs.exe
  2⤵
  PID:5396
- C:\Windows\System\DWvEldO.exe
  C:\Windows\System\DWvEldO.exe
  2⤵
  PID:5528
- C:\Windows\System\bJOqkOu.exe
  C:\Windows\System\bJOqkOu.exe
  2⤵
  PID:5640
- C:\Windows\System\DSNeHWi.exe
  C:\Windows\System\DSNeHWi.exe
  2⤵
  PID:5608
- C:\Windows\System\JnrOCZK.exe
  C:\Windows\System\JnrOCZK.exe
  2⤵
  PID:5668
- C:\Windows\System\CLlGnQU.exe
  C:\Windows\System\CLlGnQU.exe
  2⤵
  PID:5736
- C:\Windows\System\nwtULnc.exe
  C:\Windows\System\nwtULnc.exe
  2⤵
  PID:5704
- C:\Windows\System\edlBUdT.exe
  C:\Windows\System\edlBUdT.exe
  2⤵
  PID:5860
- C:\Windows\System\WbOxrVm.exe
  C:\Windows\System\WbOxrVm.exe
  2⤵
  PID:5884
- C:\Windows\System\ZaIKyOt.exe
  C:\Windows\System\ZaIKyOt.exe
  2⤵
  PID:5960
- C:\Windows\System\ciIQuiN.exe
  C:\Windows\System\ciIQuiN.exe
  2⤵
  PID:6096
- C:\Windows\System\EwicLPi.exe
  C:\Windows\System\EwicLPi.exe
  2⤵
  PID:6112
- C:\Windows\System\WoUrXNf.exe
  C:\Windows\System\WoUrXNf.exe
  2⤵
  PID:6020
- C:\Windows\System\XMAdXIE.exe
  C:\Windows\System\XMAdXIE.exe
  2⤵
  PID:5128
- C:\Windows\System\MKKJRKg.exe
  C:\Windows\System\MKKJRKg.exe
  2⤵
  PID:5368
- C:\Windows\System\eqrIfSU.exe
  C:\Windows\System\eqrIfSU.exe
  2⤵
  PID:5200
- C:\Windows\System\piqTwsH.exe
  C:\Windows\System\piqTwsH.exe
  2⤵
  PID:5144
- C:\Windows\System\HKXRENx.exe
  C:\Windows\System\HKXRENx.exe
  2⤵
  PID:5612
- C:\Windows\System\qjfZYbz.exe
  C:\Windows\System\qjfZYbz.exe
  2⤵
  PID:5828
- C:\Windows\System\KskZrbb.exe
  C:\Windows\System\KskZrbb.exe
  2⤵
  PID:5684
- C:\Windows\System\UZeSNOc.exe
  C:\Windows\System\UZeSNOc.exe
  2⤵
  PID:5796
- C:\Windows\System\HRAHSlH.exe
  C:\Windows\System\HRAHSlH.exe
  2⤵
  PID:5916
- C:\Windows\System\CeAlGfS.exe
  C:\Windows\System\CeAlGfS.exe
  2⤵
  PID:5848
- C:\Windows\System\kEdJLwS.exe
  C:\Windows\System\kEdJLwS.exe
  2⤵
  PID:5244
- C:\Windows\System\KZcRSMj.exe
  C:\Windows\System\KZcRSMj.exe
  2⤵
  PID:6052
- C:\Windows\System\FKDumzE.exe
  C:\Windows\System\FKDumzE.exe
  2⤵
  PID:5444
- C:\Windows\System\jRSvMTJ.exe
  C:\Windows\System\jRSvMTJ.exe
  2⤵
  PID:5432
- C:\Windows\System\mszeqdC.exe
  C:\Windows\System\mszeqdC.exe
  2⤵
  PID:5308
- C:\Windows\System\eKcoJvC.exe
  C:\Windows\System\eKcoJvC.exe
  2⤵
  PID:5908
- C:\Windows\System\xBvMlLl.exe
  C:\Windows\System\xBvMlLl.exe
  2⤵
  PID:5768
- C:\Windows\System\uPDlrOO.exe
  C:\Windows\System\uPDlrOO.exe
  2⤵
  PID:5188
- C:\Windows\System\QFRthVG.exe
  C:\Windows\System\QFRthVG.exe
  2⤵
  PID:5560
- C:\Windows\System\azraLhF.exe
  C:\Windows\System\azraLhF.exe
  2⤵
  PID:6100
- C:\Windows\System\GVzDwvI.exe
  C:\Windows\System\GVzDwvI.exe
  2⤵
  PID:5524
- C:\Windows\System\ebmwXUK.exe
  C:\Windows\System\ebmwXUK.exe
  2⤵
  PID:5624
- C:\Windows\System\ONLcfXE.exe
  C:\Windows\System\ONLcfXE.exe
  2⤵
  PID:5764
- C:\Windows\System\GieSsQu.exe
  C:\Windows\System\GieSsQu.exe
  2⤵
  PID:6164
- C:\Windows\System\llQEoYt.exe
  C:\Windows\System\llQEoYt.exe
  2⤵
  PID:6188
- C:\Windows\System\SUyBoAF.exe
  C:\Windows\System\SUyBoAF.exe
  2⤵
  PID:6216
- C:\Windows\System\WmjGLVJ.exe
  C:\Windows\System\WmjGLVJ.exe
  2⤵
  PID:6232
- C:\Windows\System\RHQOwEk.exe
  C:\Windows\System\RHQOwEk.exe
  2⤵
  PID:6252
- C:\Windows\System\LyHQRyn.exe
  C:\Windows\System\LyHQRyn.exe
  2⤵
  PID:6284
- C:\Windows\System\KXcnFXT.exe
  C:\Windows\System\KXcnFXT.exe
  2⤵
  PID:6300
- C:\Windows\System\aQSslZp.exe
  C:\Windows\System\aQSslZp.exe
  2⤵
  PID:6324
- C:\Windows\System\GBEUImd.exe
  C:\Windows\System\GBEUImd.exe
  2⤵
  PID:6344
- C:\Windows\System\CQsKRSp.exe
  C:\Windows\System\CQsKRSp.exe
  2⤵
  PID:6364
- C:\Windows\System\PJLTtIZ.exe
  C:\Windows\System\PJLTtIZ.exe
  2⤵
  PID:6380
- C:\Windows\System\QxbUjpt.exe
  C:\Windows\System\QxbUjpt.exe
  2⤵
  PID:6404
- C:\Windows\System\FawogOL.exe
  C:\Windows\System\FawogOL.exe
  2⤵
  PID:6428
- C:\Windows\System\nNJGXFq.exe
  C:\Windows\System\nNJGXFq.exe
  2⤵
  PID:6452
- C:\Windows\System\pIglHzo.exe
  C:\Windows\System\pIglHzo.exe
  2⤵
  PID:6472
- C:\Windows\System\thVZetO.exe
  C:\Windows\System\thVZetO.exe
  2⤵
  PID:6496
- C:\Windows\System\WhckHvg.exe
  C:\Windows\System\WhckHvg.exe
  2⤵
  PID:6512
- C:\Windows\System\hhHCAOK.exe
  C:\Windows\System\hhHCAOK.exe
  2⤵
  PID:6528
- C:\Windows\System\YgOoJgt.exe
  C:\Windows\System\YgOoJgt.exe
  2⤵
  PID:6548
- C:\Windows\System\PVfXwuW.exe
  C:\Windows\System\PVfXwuW.exe
  2⤵
  PID:6564
- C:\Windows\System\KAygvtz.exe
  C:\Windows\System\KAygvtz.exe
  2⤵
  PID:6580
- C:\Windows\System\PjGqvvY.exe
  C:\Windows\System\PjGqvvY.exe
  2⤵
  PID:6608
- C:\Windows\System\MqgMuhW.exe
  C:\Windows\System\MqgMuhW.exe
  2⤵
  PID:6624
- C:\Windows\System\qmjoAjP.exe
  C:\Windows\System\qmjoAjP.exe
  2⤵
  PID:6640
- C:\Windows\System\pOwNwvy.exe
  C:\Windows\System\pOwNwvy.exe
  2⤵
  PID:6656
- C:\Windows\System\aRVQREy.exe
  C:\Windows\System\aRVQREy.exe
  2⤵
  PID:6680
- C:\Windows\System\YgtBODd.exe
  C:\Windows\System\YgtBODd.exe
  2⤵
  PID:6704
- C:\Windows\System\EagkfYU.exe
  C:\Windows\System\EagkfYU.exe
  2⤵
  PID:6720
- C:\Windows\System\LAZovzX.exe
  C:\Windows\System\LAZovzX.exe
  2⤵
  PID:6756
- C:\Windows\System\tRQNVzr.exe
  C:\Windows\System\tRQNVzr.exe
  2⤵
  PID:6800
- C:\Windows\System\vgHGmKl.exe
  C:\Windows\System\vgHGmKl.exe
  2⤵
  PID:6820
- C:\Windows\System\gbDgdZv.exe
  C:\Windows\System\gbDgdZv.exe
  2⤵
  PID:6836
- C:\Windows\System\suFsOAc.exe
  C:\Windows\System\suFsOAc.exe
  2⤵
  PID:6852
- C:\Windows\System\ZUhaQTH.exe
  C:\Windows\System\ZUhaQTH.exe
  2⤵
  PID:6872
- C:\Windows\System\DlREiMv.exe
  C:\Windows\System\DlREiMv.exe
  2⤵
  PID:6888
- C:\Windows\System\XiMjNoh.exe
  C:\Windows\System\XiMjNoh.exe
  2⤵
  PID:6904
- C:\Windows\System\CViHFmg.exe
  C:\Windows\System\CViHFmg.exe
  2⤵
  PID:6920
- C:\Windows\System\WpkyOSu.exe
  C:\Windows\System\WpkyOSu.exe
  2⤵
  PID:6940
- C:\Windows\System\voaMyrU.exe
  C:\Windows\System\voaMyrU.exe
  2⤵
  PID:6964
- C:\Windows\System\SwfWvDo.exe
  C:\Windows\System\SwfWvDo.exe
  2⤵
  PID:6984
- C:\Windows\System\WUnBEDw.exe
  C:\Windows\System\WUnBEDw.exe
  2⤵
  PID:7000
- C:\Windows\System\aWAXTrZ.exe
  C:\Windows\System\aWAXTrZ.exe
  2⤵
  PID:7016
- C:\Windows\System\pcnagek.exe
  C:\Windows\System\pcnagek.exe
  2⤵
  PID:7032
- C:\Windows\System\lWEsKOZ.exe
  C:\Windows\System\lWEsKOZ.exe
  2⤵
  PID:7048
- C:\Windows\System\mYlYHCx.exe
  C:\Windows\System\mYlYHCx.exe
  2⤵
  PID:7064
- C:\Windows\System\kQejTuq.exe
  C:\Windows\System\kQejTuq.exe
  2⤵
  PID:7080
- C:\Windows\System\oiKrDwl.exe
  C:\Windows\System\oiKrDwl.exe
  2⤵
  PID:7096
- C:\Windows\System\yFvsrNI.exe
  C:\Windows\System\yFvsrNI.exe
  2⤵
  PID:7112
- C:\Windows\System\PzvdHYf.exe
  C:\Windows\System\PzvdHYf.exe
  2⤵
  PID:7128
- C:\Windows\System\pknTbLB.exe
  C:\Windows\System\pknTbLB.exe
  2⤵
  PID:7152
- C:\Windows\System\DfbtkmK.exe
  C:\Windows\System\DfbtkmK.exe
  2⤵
  PID:5868
- C:\Windows\System\ErqLqFE.exe
  C:\Windows\System\ErqLqFE.exe
  2⤵
  PID:6180
- C:\Windows\System\OtOqfnr.exe
  C:\Windows\System\OtOqfnr.exe
  2⤵
  PID:6088
- C:\Windows\System\ICiwRwL.exe
  C:\Windows\System\ICiwRwL.exe
  2⤵
  PID:6228
- C:\Windows\System\eceMjtl.exe
  C:\Windows\System\eceMjtl.exe
  2⤵
  PID:6276
- C:\Windows\System\uWHohIC.exe
  C:\Windows\System\uWHohIC.exe
  2⤵
  PID:6152
- C:\Windows\System\ushJIAo.exe
  C:\Windows\System\ushJIAo.exe
  2⤵
  PID:6312
- C:\Windows\System\PCBKHie.exe
  C:\Windows\System\PCBKHie.exe
  2⤵
  PID:6352
- C:\Windows\System\ZazfOCY.exe
  C:\Windows\System\ZazfOCY.exe
  2⤵
  PID:6340
- C:\Windows\System\dyyMtLT.exe
  C:\Windows\System\dyyMtLT.exe
  2⤵
  PID:6436
- C:\Windows\System\XlQKMUw.exe
  C:\Windows\System\XlQKMUw.exe
  2⤵
  PID:6376
- C:\Windows\System\SQyjkRR.exe
  C:\Windows\System\SQyjkRR.exe
  2⤵
  PID:6596
- C:\Windows\System\twogJfS.exe
  C:\Windows\System\twogJfS.exe
  2⤵
  PID:6636
- C:\Windows\System\eHUuOYz.exe
  C:\Windows\System\eHUuOYz.exe
  2⤵
  PID:6576
- C:\Windows\System\nxkQnxp.exe
  C:\Windows\System\nxkQnxp.exe
  2⤵
  PID:6544
- C:\Windows\System\uYJaIXb.exe
  C:\Windows\System\uYJaIXb.exe
  2⤵
  PID:6692
- C:\Windows\System\QBaLSOY.exe
  C:\Windows\System\QBaLSOY.exe
  2⤵
  PID:6736
- C:\Windows\System\QxDpOWu.exe
  C:\Windows\System\QxDpOWu.exe
  2⤵
  PID:6744
- C:\Windows\System\ASUEiDf.exe
  C:\Windows\System\ASUEiDf.exe
  2⤵
  PID:6440
- C:\Windows\System\FznBqyK.exe
  C:\Windows\System\FznBqyK.exe
  2⤵
  PID:828
- C:\Windows\System\KwsJQUe.exe
  C:\Windows\System\KwsJQUe.exe
  2⤵
  PID:6768
- C:\Windows\System\NroEzxy.exe
  C:\Windows\System\NroEzxy.exe
  2⤵
  PID:6860
- C:\Windows\System\fflnXYk.exe
  C:\Windows\System\fflnXYk.exe
  2⤵
  PID:6896
- C:\Windows\System\citfyzY.exe
  C:\Windows\System\citfyzY.exe
  2⤵
  PID:2100
- C:\Windows\System\QCVUWAP.exe
  C:\Windows\System\QCVUWAP.exe
  2⤵
  PID:6912
- C:\Windows\System\CpjLzOG.exe
  C:\Windows\System\CpjLzOG.exe
  2⤵
  PID:6952
- C:\Windows\System\MzsEtUQ.exe
  C:\Windows\System\MzsEtUQ.exe
  2⤵
  PID:7012
- C:\Windows\System\jDrCiHY.exe
  C:\Windows\System\jDrCiHY.exe
  2⤵
  PID:7056
- C:\Windows\System\XMOyySv.exe
  C:\Windows\System\XMOyySv.exe
  2⤵
  PID:7092
- C:\Windows\System\oTIczpE.exe
  C:\Windows\System\oTIczpE.exe
  2⤵
  PID:7124
- C:\Windows\System\nPHmpDr.exe
  C:\Windows\System\nPHmpDr.exe
  2⤵
  PID:7164
- C:\Windows\System\DLdQIQP.exe
  C:\Windows\System\DLdQIQP.exe
  2⤵
  PID:6204
- C:\Windows\System\HNQYjVB.exe
  C:\Windows\System\HNQYjVB.exe
  2⤵
  PID:6240
- C:\Windows\System\nalWhCS.exe
  C:\Windows\System\nalWhCS.exe
  2⤵
  PID:6248
- C:\Windows\System\GqJtxeb.exe
  C:\Windows\System\GqJtxeb.exe
  2⤵
  PID:6292
- C:\Windows\System\GtiJMuR.exe
  C:\Windows\System\GtiJMuR.exe
  2⤵
  PID:6392
- C:\Windows\System\UHSLTna.exe
  C:\Windows\System\UHSLTna.exe
  2⤵
  PID:2256
- C:\Windows\System\DUiPmPG.exe
  C:\Windows\System\DUiPmPG.exe
  2⤵
  PID:6460
- C:\Windows\System\pPfAwnx.exe
  C:\Windows\System\pPfAwnx.exe
  2⤵
  PID:6520
- C:\Windows\System\IzaWrRQ.exe
  C:\Windows\System\IzaWrRQ.exe
  2⤵
  PID:6588
- C:\Windows\System\TBiTurR.exe
  C:\Windows\System\TBiTurR.exe
  2⤵
  PID:6672
- C:\Windows\System\cTwlfaM.exe
  C:\Windows\System\cTwlfaM.exe
  2⤵
  PID:6632
- C:\Windows\System\WSYlbKg.exe
  C:\Windows\System\WSYlbKg.exe
  2⤵
  PID:6688
- C:\Windows\System\DAuQFPL.exe
  C:\Windows\System\DAuQFPL.exe
  2⤵
  PID:6780
- C:\Windows\System\VGlmsPJ.exe
  C:\Windows\System\VGlmsPJ.exe
  2⤵
  PID:5992
- C:\Windows\System\kPEaVgD.exe
  C:\Windows\System\kPEaVgD.exe
  2⤵
  PID:1468
- C:\Windows\System\btSJxqv.exe
  C:\Windows\System\btSJxqv.exe
  2⤵
  PID:6936
- C:\Windows\System\ESpFiCp.exe
  C:\Windows\System\ESpFiCp.exe
  2⤵
  PID:6932
- C:\Windows\System\VHkWwSi.exe
  C:\Windows\System\VHkWwSi.exe
  2⤵
  PID:6948
- C:\Windows\System\pjhrGML.exe
  C:\Windows\System\pjhrGML.exe
  2⤵
  PID:7008
- C:\Windows\System\lKSVwzQ.exe
  C:\Windows\System\lKSVwzQ.exe
  2⤵
  PID:7108
- C:\Windows\System\wdhQMdX.exe
  C:\Windows\System\wdhQMdX.exe
  2⤵
  PID:7160
- C:\Windows\System\oAwjvda.exe
  C:\Windows\System\oAwjvda.exe
  2⤵
  PID:6200
- C:\Windows\System\rDLzcDP.exe
  C:\Windows\System\rDLzcDP.exe
  2⤵
  PID:6308
- C:\Windows\System\slVJIYt.exe
  C:\Windows\System\slVJIYt.exe
  2⤵
  PID:6320
- C:\Windows\System\gCFQBeB.exe
  C:\Windows\System\gCFQBeB.exe
  2⤵
  PID:6336
- C:\Windows\System\gvRnahA.exe
  C:\Windows\System\gvRnahA.exe
  2⤵
  PID:6524
- C:\Windows\System\GTTGBAn.exe
  C:\Windows\System\GTTGBAn.exe
  2⤵
  PID:6676
- C:\Windows\System\nkTiTRF.exe
  C:\Windows\System\nkTiTRF.exe
  2⤵
  PID:6740
- C:\Windows\System\LqHnNOk.exe
  C:\Windows\System\LqHnNOk.exe
  2⤵
  PID:2124
- C:\Windows\System\lMZcMRx.exe
  C:\Windows\System\lMZcMRx.exe
  2⤵
  PID:6816
- C:\Windows\System\AUtTAVy.exe
  C:\Windows\System\AUtTAVy.exe
  2⤵
  PID:6868
- C:\Windows\System\GKqeBhT.exe
  C:\Windows\System\GKqeBhT.exe
  2⤵
  PID:7028
- C:\Windows\System\xGDOiyV.exe
  C:\Windows\System\xGDOiyV.exe
  2⤵
  PID:7144
- C:\Windows\System\kjUzVRe.exe
  C:\Windows\System\kjUzVRe.exe
  2⤵
  PID:6268
- C:\Windows\System\xOcawhr.exe
  C:\Windows\System\xOcawhr.exe
  2⤵
  PID:6156
- C:\Windows\System\qIVmtCg.exe
  C:\Windows\System\qIVmtCg.exe
  2⤵
  PID:6372
- C:\Windows\System\fBPzove.exe
  C:\Windows\System\fBPzove.exe
  2⤵
  PID:6492
- C:\Windows\System\PpaySMs.exe
  C:\Windows\System\PpaySMs.exe
  2⤵
  PID:6652
- C:\Windows\System\lkPNCwc.exe
  C:\Windows\System\lkPNCwc.exe
  2⤵
  PID:6728
- C:\Windows\System\vnFgqYx.exe
  C:\Windows\System\vnFgqYx.exe
  2⤵
  PID:6976
- C:\Windows\System\oimUBJd.exe
  C:\Windows\System\oimUBJd.exe
  2⤵
  PID:7120
- C:\Windows\System\sZtKMFW.exe
  C:\Windows\System\sZtKMFW.exe
  2⤵
  PID:6468
- C:\Windows\System\MstodbH.exe
  C:\Windows\System\MstodbH.exe
  2⤵
  PID:6508
- C:\Windows\System\jyZJeYw.exe
  C:\Windows\System\jyZJeYw.exe
  2⤵
  PID:6560
- C:\Windows\System\DrcFvju.exe
  C:\Windows\System\DrcFvju.exe
  2⤵
  PID:6956
- C:\Windows\System\vPSQgmD.exe
  C:\Windows\System\vPSQgmD.exe
  2⤵
  PID:6332
- C:\Windows\System\BIWouBL.exe
  C:\Windows\System\BIWouBL.exe
  2⤵
  PID:7044
- C:\Windows\System\gKXfOIb.exe
  C:\Windows\System\gKXfOIb.exe
  2⤵
  PID:6928
- C:\Windows\System\imvvQvA.exe
  C:\Windows\System\imvvQvA.exe
  2⤵
  PID:6772
- C:\Windows\System\EPXMwqL.exe
  C:\Windows\System\EPXMwqL.exe
  2⤵
  PID:6668
- C:\Windows\System\KgNeBKm.exe
  C:\Windows\System\KgNeBKm.exe
  2⤵
  PID:1668
- C:\Windows\System\fdUhxSU.exe
  C:\Windows\System\fdUhxSU.exe
  2⤵
  PID:7184
- C:\Windows\System\cNmoiPh.exe
  C:\Windows\System\cNmoiPh.exe
  2⤵
  PID:7212
- C:\Windows\System\VEkeEmf.exe
  C:\Windows\System\VEkeEmf.exe
  2⤵
  PID:7228
- C:\Windows\System\gtHvSZI.exe
  C:\Windows\System\gtHvSZI.exe
  2⤵
  PID:7252
- C:\Windows\System\JeQkVoc.exe
  C:\Windows\System\JeQkVoc.exe
  2⤵
  PID:7268
- C:\Windows\System\Gwdksgs.exe
  C:\Windows\System\Gwdksgs.exe
  2⤵
  PID:7292
- C:\Windows\System\HjFbuNi.exe
  C:\Windows\System\HjFbuNi.exe
  2⤵
  PID:7312
- C:\Windows\System\ViJQNdo.exe
  C:\Windows\System\ViJQNdo.exe
  2⤵
  PID:7332
- C:\Windows\System\CbpzHjf.exe
  C:\Windows\System\CbpzHjf.exe
  2⤵
  PID:7376
- C:\Windows\System\UmnMIoC.exe
  C:\Windows\System\UmnMIoC.exe
  2⤵
  PID:7396
- C:\Windows\System\fTFDvRQ.exe
  C:\Windows\System\fTFDvRQ.exe
  2⤵
  PID:7420
- C:\Windows\System\iEHiBzk.exe
  C:\Windows\System\iEHiBzk.exe
  2⤵
  PID:7440
- C:\Windows\System\laJxyyb.exe
  C:\Windows\System\laJxyyb.exe
  2⤵
  PID:7456
- C:\Windows\System\hcDtJva.exe
  C:\Windows\System\hcDtJva.exe
  2⤵
  PID:7476
- C:\Windows\System\LGQhnBt.exe
  C:\Windows\System\LGQhnBt.exe
  2⤵
  PID:7500
- C:\Windows\System\RsoCJpi.exe
  C:\Windows\System\RsoCJpi.exe
  2⤵
  PID:7516
- C:\Windows\System\BCMVrgN.exe
  C:\Windows\System\BCMVrgN.exe
  2⤵
  PID:7536
- C:\Windows\System\uPMhEhu.exe
  C:\Windows\System\uPMhEhu.exe
  2⤵
  PID:7552
- C:\Windows\System\LogfxfT.exe
  C:\Windows\System\LogfxfT.exe
  2⤵
  PID:7572
- C:\Windows\System\wlMyWvz.exe
  C:\Windows\System\wlMyWvz.exe
  2⤵
  PID:7588
- C:\Windows\System\DAzosmh.exe
  C:\Windows\System\DAzosmh.exe
  2⤵
  PID:7620
- C:\Windows\System\ccwsmOs.exe
  C:\Windows\System\ccwsmOs.exe
  2⤵
  PID:7640
- C:\Windows\System\XmlHeBS.exe
  C:\Windows\System\XmlHeBS.exe
  2⤵
  PID:7656
- C:\Windows\System\ixWVKct.exe
  C:\Windows\System\ixWVKct.exe
  2⤵
  PID:7672
- C:\Windows\System\smfGjOs.exe
  C:\Windows\System\smfGjOs.exe
  2⤵
  PID:7696
- C:\Windows\System\XYfRjBU.exe
  C:\Windows\System\XYfRjBU.exe
  2⤵
  PID:7712
- C:\Windows\System\nXnKIVg.exe
  C:\Windows\System\nXnKIVg.exe
  2⤵
  PID:7740
- C:\Windows\System\udeHqsk.exe
  C:\Windows\System\udeHqsk.exe
  2⤵
  PID:7760
- C:\Windows\System\DeAPOCe.exe
  C:\Windows\System\DeAPOCe.exe
  2⤵
  PID:7776
- C:\Windows\System\xUQsuug.exe
  C:\Windows\System\xUQsuug.exe
  2⤵
  PID:7804
- C:\Windows\System\TNZpWkJ.exe
  C:\Windows\System\TNZpWkJ.exe
  2⤵
  PID:7824
- C:\Windows\System\UNLNuIG.exe
  C:\Windows\System\UNLNuIG.exe
  2⤵
  PID:7844
- C:\Windows\System\LmumYZy.exe
  C:\Windows\System\LmumYZy.exe
  2⤵
  PID:7860
- C:\Windows\System\IRlwySc.exe
  C:\Windows\System\IRlwySc.exe
  2⤵
  PID:7876
- C:\Windows\System\prWyWIj.exe
  C:\Windows\System\prWyWIj.exe
  2⤵
  PID:7904
- C:\Windows\System\wYbACUN.exe
  C:\Windows\System\wYbACUN.exe
  2⤵
  PID:7924
- C:\Windows\System\TGFeEzb.exe
  C:\Windows\System\TGFeEzb.exe
  2⤵
  PID:7940
- C:\Windows\System\lUhZnhK.exe
  C:\Windows\System\lUhZnhK.exe
  2⤵
  PID:7964
- C:\Windows\System\nrSzsOg.exe
  C:\Windows\System\nrSzsOg.exe
  2⤵
  PID:7980
- C:\Windows\System\gwwOTBg.exe
  C:\Windows\System\gwwOTBg.exe
  2⤵
  PID:7996
- C:\Windows\System\mnCTTAn.exe
  C:\Windows\System\mnCTTAn.exe
  2⤵
  PID:8016
- C:\Windows\System\fRvEDYu.exe
  C:\Windows\System\fRvEDYu.exe
  2⤵
  PID:8036
- C:\Windows\System\FIEMZbn.exe
  C:\Windows\System\FIEMZbn.exe
  2⤵
  PID:8052
- C:\Windows\System\mCwpGUA.exe
  C:\Windows\System\mCwpGUA.exe
  2⤵
  PID:8084
- C:\Windows\System\fVPUpZn.exe
  C:\Windows\System\fVPUpZn.exe
  2⤵
  PID:8104
- C:\Windows\System\sajNxZn.exe
  C:\Windows\System\sajNxZn.exe
  2⤵
  PID:8120
- C:\Windows\System\XZvHRiK.exe
  C:\Windows\System\XZvHRiK.exe
  2⤵
  PID:8136
- C:\Windows\System\fGlPGHV.exe
  C:\Windows\System\fGlPGHV.exe
  2⤵
  PID:8160
- C:\Windows\System\wRNKoqM.exe
  C:\Windows\System\wRNKoqM.exe
  2⤵
  PID:8176
- C:\Windows\System\AOWEJxN.exe
  C:\Windows\System\AOWEJxN.exe
  2⤵
  PID:6176
- C:\Windows\System\clGLTIB.exe
  C:\Windows\System\clGLTIB.exe
  2⤵
  PID:7200
- C:\Windows\System\nMAuRkg.exe
  C:\Windows\System\nMAuRkg.exe
  2⤵
  PID:7224
- C:\Windows\System\hSGpbVv.exe
  C:\Windows\System\hSGpbVv.exe
  2⤵
  PID:7276
- C:\Windows\System\oMQqJZn.exe
  C:\Windows\System\oMQqJZn.exe
  2⤵
  PID:7300
- C:\Windows\System\dFaqtLA.exe
  C:\Windows\System\dFaqtLA.exe
  2⤵
  PID:7324
- C:\Windows\System\kyHGAFA.exe
  C:\Windows\System\kyHGAFA.exe
  2⤵
  PID:6212
- C:\Windows\System\TKWgdAL.exe
  C:\Windows\System\TKWgdAL.exe
  2⤵
  PID:7368
- C:\Windows\System\xTLARXX.exe
  C:\Windows\System\xTLARXX.exe
  2⤵
  PID:7372
- C:\Windows\System\slcgtWf.exe
  C:\Windows\System\slcgtWf.exe
  2⤵
  PID:7428
- C:\Windows\System\jLUpgXy.exe
  C:\Windows\System\jLUpgXy.exe
  2⤵
  PID:7464
- C:\Windows\System\jmhYfVS.exe
  C:\Windows\System\jmhYfVS.exe
  2⤵
  PID:7492
- C:\Windows\System\pLhUSUS.exe
  C:\Windows\System\pLhUSUS.exe
  2⤵
  PID:7548
- C:\Windows\System\tWHeJVG.exe
  C:\Windows\System\tWHeJVG.exe
  2⤵
  PID:7600
- C:\Windows\System\doFAWJK.exe
  C:\Windows\System\doFAWJK.exe
  2⤵
  PID:7528
- C:\Windows\System\cyYKGvn.exe
  C:\Windows\System\cyYKGvn.exe
  2⤵
  PID:7636
- C:\Windows\System\sQHoJsU.exe
  C:\Windows\System\sQHoJsU.exe
  2⤵
  PID:7648
- C:\Windows\System\QetfBRy.exe
  C:\Windows\System\QetfBRy.exe
  2⤵
  PID:7680
- C:\Windows\System\SKpeibV.exe
  C:\Windows\System\SKpeibV.exe
  2⤵
  PID:7724
- C:\Windows\System\UxtCCWH.exe
  C:\Windows\System\UxtCCWH.exe
  2⤵
  PID:7756
- C:\Windows\System\bgqRiiz.exe
  C:\Windows\System\bgqRiiz.exe
  2⤵
  PID:7800
- C:\Windows\System\bJuztiM.exe
  C:\Windows\System\bJuztiM.exe
  2⤵
  PID:7416
- C:\Windows\System\JIBiScx.exe
  C:\Windows\System\JIBiScx.exe
  2⤵
  PID:7868
- C:\Windows\System\DNqNXHY.exe
  C:\Windows\System\DNqNXHY.exe
  2⤵
  PID:7884
- C:\Windows\System\HpBQFkw.exe
  C:\Windows\System\HpBQFkw.exe
  2⤵
  PID:7920
- C:\Windows\System\btUIJpX.exe
  C:\Windows\System\btUIJpX.exe
  2⤵
  PID:7952
- C:\Windows\System\DnNsjFi.exe
  C:\Windows\System\DnNsjFi.exe
  2⤵
  PID:7988
- C:\Windows\System\EaOiOXr.exe
  C:\Windows\System\EaOiOXr.exe
  2⤵
  PID:8060
- C:\Windows\System\eQNerHo.exe
  C:\Windows\System\eQNerHo.exe
  2⤵
  PID:8008
- C:\Windows\System\UQCLjYF.exe
  C:\Windows\System\UQCLjYF.exe
  2⤵
  PID:8080
- C:\Windows\System\YaWgoKj.exe
  C:\Windows\System\YaWgoKj.exe
  2⤵
  PID:8112
- C:\Windows\System\zFLdbmS.exe
  C:\Windows\System\zFLdbmS.exe
  2⤵
  PID:8184
- C:\Windows\System\sCkvbCT.exe
  C:\Windows\System\sCkvbCT.exe
  2⤵
  PID:7180
- C:\Windows\System\VvbZIrz.exe
  C:\Windows\System\VvbZIrz.exe
  2⤵
  PID:7196
- C:\Windows\System\ncnpnTi.exe
  C:\Windows\System\ncnpnTi.exe
  2⤵
  PID:7248
- C:\Windows\System\NZOhPno.exe
  C:\Windows\System\NZOhPno.exe
  2⤵
  PID:7288
- C:\Windows\System\wMyWyVq.exe
  C:\Windows\System\wMyWyVq.exe
  2⤵
  PID:7328
- C:\Windows\System\EAbcdKe.exe
  C:\Windows\System\EAbcdKe.exe
  2⤵
  PID:7384
- C:\Windows\System\kQzttsx.exe
  C:\Windows\System\kQzttsx.exe
  2⤵
  PID:7432
- C:\Windows\System\dVazpTN.exe
  C:\Windows\System\dVazpTN.exe
  2⤵
  PID:7468
- C:\Windows\System\PpVfpiJ.exe
  C:\Windows\System\PpVfpiJ.exe
  2⤵
  PID:7512
- C:\Windows\System\jqZGlLg.exe
  C:\Windows\System\jqZGlLg.exe
  2⤵
  PID:7612
- C:\Windows\System\wWgIIUU.exe
  C:\Windows\System\wWgIIUU.exe
  2⤵
  PID:7664
- C:\Windows\System\hPRSjtB.exe
  C:\Windows\System\hPRSjtB.exe
  2⤵
  PID:7692
- C:\Windows\System\aMczOfa.exe
  C:\Windows\System\aMczOfa.exe
  2⤵
  PID:7784
- C:\Windows\System\ngnmOkM.exe
  C:\Windows\System\ngnmOkM.exe
  2⤵
  PID:7840
- C:\Windows\System\InJMhOc.exe
  C:\Windows\System\InJMhOc.exe
  2⤵
  PID:7896
- C:\Windows\System\MpSfZPq.exe
  C:\Windows\System\MpSfZPq.exe
  2⤵
  PID:7916
- C:\Windows\System\EyDlbiF.exe
  C:\Windows\System\EyDlbiF.exe
  2⤵
  PID:7932
- C:\Windows\System\hBYttnV.exe
  C:\Windows\System\hBYttnV.exe
  2⤵
  PID:8076
- C:\Windows\System\LkQodGU.exe
  C:\Windows\System\LkQodGU.exe
  2⤵
  PID:8048
- C:\Windows\System\uMUhKxV.exe
  C:\Windows\System\uMUhKxV.exe
  2⤵
  PID:8148
- C:\Windows\System\GBWdWmm.exe
  C:\Windows\System\GBWdWmm.exe
  2⤵
  PID:8156
- C:\Windows\System\PnVIghl.exe
  C:\Windows\System\PnVIghl.exe
  2⤵
  PID:7220
- C:\Windows\System\rSTHEtq.exe
  C:\Windows\System\rSTHEtq.exe
  2⤵
  PID:7796
- C:\Windows\System\xtpLdAL.exe
  C:\Windows\System\xtpLdAL.exe
  2⤵
  PID:6208
- C:\Windows\System\sRcCvRY.exe
  C:\Windows\System\sRcCvRY.exe
  2⤵
  PID:7496
- C:\Windows\System\pvnpDdH.exe
  C:\Windows\System\pvnpDdH.exe
  2⤵
  PID:7508
- C:\Windows\System\WjzTdlr.exe
  C:\Windows\System\WjzTdlr.exe
  2⤵
  PID:7708
- C:\Windows\System\tpWoFsf.exe
  C:\Windows\System\tpWoFsf.exe
  2⤵
  PID:7728
- C:\Windows\System\LRLIKFw.exe
  C:\Windows\System\LRLIKFw.exe
  2⤵
  PID:7856
- C:\Windows\System\DTpFtmy.exe
  C:\Windows\System\DTpFtmy.exe
  2⤵
  PID:7892
- C:\Windows\System\brfyaPE.exe
  C:\Windows\System\brfyaPE.exe
  2⤵
  PID:8188
- C:\Windows\System\eZEusXZ.exe
  C:\Windows\System\eZEusXZ.exe
  2⤵
  PID:7284
- C:\Windows\System\KXnXOtw.exe
  C:\Windows\System\KXnXOtw.exe
  2⤵
  PID:8024
- C:\Windows\System\bvuXtYf.exe
  C:\Windows\System\bvuXtYf.exe
  2⤵
  PID:7356
- C:\Windows\System\NGxGwAC.exe
  C:\Windows\System\NGxGwAC.exe
  2⤵
  PID:8144
- C:\Windows\System\gWGQTeZ.exe
  C:\Windows\System\gWGQTeZ.exe
  2⤵
  PID:7632
- C:\Windows\System\ftibWRS.exe
  C:\Windows\System\ftibWRS.exe
  2⤵
  PID:7832
- C:\Windows\System\OxkBtDH.exe
  C:\Windows\System\OxkBtDH.exe
  2⤵
  PID:7972
- C:\Windows\System\utTmxaJ.exe
  C:\Windows\System\utTmxaJ.exe
  2⤵
  PID:7260
- C:\Windows\System\REPypdA.exe
  C:\Windows\System\REPypdA.exe
  2⤵
  PID:7568
- C:\Windows\System\EwBZXxE.exe
  C:\Windows\System\EwBZXxE.exe
  2⤵
  PID:7532
- C:\Windows\System\lFeTSfx.exe
  C:\Windows\System\lFeTSfx.exe
  2⤵
  PID:7752
- C:\Windows\System\tOihLSq.exe
  C:\Windows\System\tOihLSq.exe
  2⤵
  PID:8044
- C:\Windows\System\rjoyzRd.exe
  C:\Windows\System\rjoyzRd.exe
  2⤵
  PID:7320
- C:\Windows\System\AHrhqxj.exe
  C:\Windows\System\AHrhqxj.exe
  2⤵
  PID:7192
- C:\Windows\System\jVFiNui.exe
  C:\Windows\System\jVFiNui.exe
  2⤵
  PID:7524
- C:\Windows\System\aBfQamf.exe
  C:\Windows\System\aBfQamf.exe
  2⤵
  PID:7816
- C:\Windows\System\FCpPjjM.exe
  C:\Windows\System\FCpPjjM.exe
  2⤵
  PID:7812
- C:\Windows\System\lXZiMvH.exe
  C:\Windows\System\lXZiMvH.exe
  2⤵
  PID:8096
- C:\Windows\System\NrJXzhT.exe
  C:\Windows\System\NrJXzhT.exe
  2⤵
  PID:8200
- C:\Windows\System\DlokcFf.exe
  C:\Windows\System\DlokcFf.exe
  2⤵
  PID:8220
- C:\Windows\System\ZtISqzr.exe
  C:\Windows\System\ZtISqzr.exe
  2⤵
  PID:8236
- C:\Windows\System\XOvJesM.exe
  C:\Windows\System\XOvJesM.exe
  2⤵
  PID:8260
- C:\Windows\System\IUWdnRz.exe
  C:\Windows\System\IUWdnRz.exe
  2⤵
  PID:8276
- C:\Windows\System\vinOfwL.exe
  C:\Windows\System\vinOfwL.exe
  2⤵
  PID:8300
- C:\Windows\System\HuzArLs.exe
  C:\Windows\System\HuzArLs.exe
  2⤵
  PID:8316
- C:\Windows\System\OVqOZmm.exe
  C:\Windows\System\OVqOZmm.exe
  2⤵
  PID:8336
- C:\Windows\System\iRTQceM.exe
  C:\Windows\System\iRTQceM.exe
  2⤵
  PID:8360
- C:\Windows\System\TtYtbkK.exe
  C:\Windows\System\TtYtbkK.exe
  2⤵
  PID:8380
- C:\Windows\System\wjglSjX.exe
  C:\Windows\System\wjglSjX.exe
  2⤵
  PID:8396
- C:\Windows\System\SunGHHH.exe
  C:\Windows\System\SunGHHH.exe
  2⤵
  PID:8420
- C:\Windows\System\ziHzGxR.exe
  C:\Windows\System\ziHzGxR.exe
  2⤵
  PID:8444
- C:\Windows\System\YZZPaWL.exe
  C:\Windows\System\YZZPaWL.exe
  2⤵
  PID:8464
- C:\Windows\System\hKaxApp.exe
  C:\Windows\System\hKaxApp.exe
  2⤵
  PID:8480
- C:\Windows\System\iFGuZSE.exe
  C:\Windows\System\iFGuZSE.exe
  2⤵
  PID:8504
- C:\Windows\System\mVlAoHl.exe
  C:\Windows\System\mVlAoHl.exe
  2⤵
  PID:8520
- C:\Windows\System\SeWzQEc.exe
  C:\Windows\System\SeWzQEc.exe
  2⤵
  PID:8544
- C:\Windows\System\FLTUVLU.exe
  C:\Windows\System\FLTUVLU.exe
  2⤵
  PID:8560
- C:\Windows\System\rqorrDG.exe
  C:\Windows\System\rqorrDG.exe
  2⤵
  PID:8576
- C:\Windows\System\PHmUDKD.exe
  C:\Windows\System\PHmUDKD.exe
  2⤵
  PID:8596
- C:\Windows\System\QnioqSO.exe
  C:\Windows\System\QnioqSO.exe
  2⤵
  PID:8612
- C:\Windows\System\VipDHUB.exe
  C:\Windows\System\VipDHUB.exe
  2⤵
  PID:8632
- C:\Windows\System\FuyHCKa.exe
  C:\Windows\System\FuyHCKa.exe
  2⤵
  PID:8652
- C:\Windows\System\rAfdUeP.exe
  C:\Windows\System\rAfdUeP.exe
  2⤵
  PID:8668
- C:\Windows\System\dauQTxq.exe
  C:\Windows\System\dauQTxq.exe
  2⤵
  PID:8704
- C:\Windows\System\vgQLDKw.exe
  C:\Windows\System\vgQLDKw.exe
  2⤵
  PID:8720
- C:\Windows\System\efoBEZe.exe
  C:\Windows\System\efoBEZe.exe
  2⤵
  PID:8736
- C:\Windows\System\fsURSfz.exe
  C:\Windows\System\fsURSfz.exe
  2⤵
  PID:8764
- C:\Windows\System\BScxfWP.exe
  C:\Windows\System\BScxfWP.exe
  2⤵
  PID:8780
- C:\Windows\System\UirnraV.exe
  C:\Windows\System\UirnraV.exe
  2⤵
  PID:8800
- C:\Windows\System\envIjsX.exe
  C:\Windows\System\envIjsX.exe
  2⤵
  PID:8824
- C:\Windows\System\ctrDuKt.exe
  C:\Windows\System\ctrDuKt.exe
  2⤵
  PID:8840
- C:\Windows\System\CehopgS.exe
  C:\Windows\System\CehopgS.exe
  2⤵
  PID:8860
- C:\Windows\System\sKcWoiX.exe
  C:\Windows\System\sKcWoiX.exe
  2⤵
  PID:8876
- C:\Windows\System\lJrpzaQ.exe
  C:\Windows\System\lJrpzaQ.exe
  2⤵
  PID:8896
- C:\Windows\System\hoiGIMx.exe
  C:\Windows\System\hoiGIMx.exe
  2⤵
  PID:8924
- C:\Windows\System\DYkWobc.exe
  C:\Windows\System\DYkWobc.exe
  2⤵
  PID:8940
- C:\Windows\System\XJknUEa.exe
  C:\Windows\System\XJknUEa.exe
  2⤵
  PID:8956
- C:\Windows\System\WJLfrkG.exe
  C:\Windows\System\WJLfrkG.exe
  2⤵
  PID:8972
- C:\Windows\System\IYWZXoG.exe
  C:\Windows\System\IYWZXoG.exe
  2⤵
  PID:8988
- C:\Windows\System\OOWMmyE.exe
  C:\Windows\System\OOWMmyE.exe
  2⤵
  PID:9028
- C:\Windows\System\gGDSURH.exe
  C:\Windows\System\gGDSURH.exe
  2⤵
  PID:9044
- C:\Windows\System\xXfOgGC.exe
  C:\Windows\System\xXfOgGC.exe
  2⤵
  PID:9064
- C:\Windows\System\oiMgHAa.exe
  C:\Windows\System\oiMgHAa.exe
  2⤵
  PID:9084
- C:\Windows\System\XwgemXG.exe
  C:\Windows\System\XwgemXG.exe
  2⤵
  PID:9108
- C:\Windows\System\fMvamkl.exe
  C:\Windows\System\fMvamkl.exe
  2⤵
  PID:9124
- C:\Windows\System\NFezCAT.exe
  C:\Windows\System\NFezCAT.exe
  2⤵
  PID:9144
- C:\Windows\System\uknDvVI.exe
  C:\Windows\System\uknDvVI.exe
  2⤵
  PID:9160
- C:\Windows\System\hkWaUOb.exe
  C:\Windows\System\hkWaUOb.exe
  2⤵
  PID:9188
- C:\Windows\System\cCsovtj.exe
  C:\Windows\System\cCsovtj.exe
  2⤵
  PID:9204
- C:\Windows\System\aArYDKX.exe
  C:\Windows\System\aArYDKX.exe
  2⤵
  PID:8208
- C:\Windows\System\RetpBGd.exe
  C:\Windows\System\RetpBGd.exe
  2⤵
  PID:8244
- C:\Windows\System\wZUniaW.exe
  C:\Windows\System\wZUniaW.exe
  2⤵
  PID:8232
- C:\Windows\System\XsksrDS.exe
  C:\Windows\System\XsksrDS.exe
  2⤵
  PID:8296
- C:\Windows\System\JqZIzyx.exe
  C:\Windows\System\JqZIzyx.exe
  2⤵
  PID:8312
- C:\Windows\System\MxIipkV.exe
  C:\Windows\System\MxIipkV.exe
  2⤵
  PID:8368
- C:\Windows\System\VuEhOBV.exe
  C:\Windows\System\VuEhOBV.exe
  2⤵
  PID:8392
- C:\Windows\System\ttiebkE.exe
  C:\Windows\System\ttiebkE.exe
  2⤵
  PID:8428
- C:\Windows\System\dFRRGDm.exe
  C:\Windows\System\dFRRGDm.exe
  2⤵
  PID:8460
- C:\Windows\System\zZNUQKh.exe
  C:\Windows\System\zZNUQKh.exe
  2⤵
  PID:8496
- C:\Windows\System\cCTeCur.exe
  C:\Windows\System\cCTeCur.exe
  2⤵
  PID:8540
- C:\Windows\System\xoRviNM.exe
  C:\Windows\System\xoRviNM.exe
  2⤵
  PID:8604
- C:\Windows\System\HreeZxL.exe
  C:\Windows\System\HreeZxL.exe
  2⤵
  PID:8680
- C:\Windows\System\CLZXSJH.exe
  C:\Windows\System\CLZXSJH.exe
  2⤵
  PID:8556
- C:\Windows\System\ffLSfPs.exe
  C:\Windows\System\ffLSfPs.exe
  2⤵
  PID:8592
- C:\Windows\System\SWCvlrb.exe
  C:\Windows\System\SWCvlrb.exe
  2⤵
  PID:8688
- C:\Windows\System\KjTVPcP.exe
  C:\Windows\System\KjTVPcP.exe
  2⤵
  PID:8716
- C:\Windows\System\eDUIEiJ.exe
  C:\Windows\System\eDUIEiJ.exe
  2⤵
  PID:8816
- C:\Windows\System\lozcmgR.exe
  C:\Windows\System\lozcmgR.exe
  2⤵
  PID:8744
- C:\Windows\System\bZwWRbx.exe
  C:\Windows\System\bZwWRbx.exe
  2⤵
  PID:8852
- C:\Windows\System\DmkZYvk.exe
  C:\Windows\System\DmkZYvk.exe
  2⤵
  PID:8888
- C:\Windows\System\BwGkADM.exe
  C:\Windows\System\BwGkADM.exe
  2⤵
  PID:8872
- C:\Windows\System\LlQmgrY.exe
  C:\Windows\System\LlQmgrY.exe
  2⤵
  PID:8968
- C:\Windows\System\mIkCoNb.exe
  C:\Windows\System\mIkCoNb.exe
  2⤵
  PID:8980
- C:\Windows\System\CXJOzgV.exe
  C:\Windows\System\CXJOzgV.exe
  2⤵
  PID:9016
- C:\Windows\System\yxNdMYu.exe
  C:\Windows\System\yxNdMYu.exe
  2⤵
  PID:9052
- C:\Windows\System\ldTUDNc.exe
  C:\Windows\System\ldTUDNc.exe
  2⤵
  PID:9080
- C:\Windows\System\taCYKQO.exe
  C:\Windows\System\taCYKQO.exe
  2⤵
  PID:9100
- C:\Windows\System\dJTLnEO.exe
  C:\Windows\System\dJTLnEO.exe
  2⤵
  PID:9168
- C:\Windows\System\LRTGywV.exe
  C:\Windows\System\LRTGywV.exe
  2⤵
  PID:9152
- C:\Windows\System\kbgVXmH.exe
  C:\Windows\System\kbgVXmH.exe
  2⤵
  PID:8152
- C:\Windows\System\OuelKpU.exe
  C:\Windows\System\OuelKpU.exe
  2⤵
  PID:8268
- C:\Windows\System\AHtbWTB.exe
  C:\Windows\System\AHtbWTB.exe
  2⤵
  PID:8328
- C:\Windows\System\amYUowz.exe
  C:\Windows\System\amYUowz.exe
  2⤵
  PID:8332
- C:\Windows\System\dbCMGDz.exe
  C:\Windows\System\dbCMGDz.exe
  2⤵
  PID:7704
- C:\Windows\System\ASgPrOz.exe
  C:\Windows\System\ASgPrOz.exe
  2⤵
  PID:8408
- C:\Windows\System\kQpIelX.exe
  C:\Windows\System\kQpIelX.exe
  2⤵
  PID:8500
- C:\Windows\System\mghkjls.exe
  C:\Windows\System\mghkjls.exe
  2⤵
  PID:8568
- C:\Windows\System\dcMYomp.exe
  C:\Windows\System\dcMYomp.exe
  2⤵
  PID:8644
- C:\Windows\System\XiBqaGv.exe
  C:\Windows\System\XiBqaGv.exe
  2⤵
  PID:9000
- C:\Windows\System\NAtzzrs.exe
  C:\Windows\System\NAtzzrs.exe
  2⤵
  PID:8692
- C:\Windows\System\RYTpUsr.exe
  C:\Windows\System\RYTpUsr.exe
  2⤵
  PID:8760
- C:\Windows\System\rOFMgOJ.exe
  C:\Windows\System\rOFMgOJ.exe
  2⤵
  PID:8832
- C:\Windows\System\DJLPqWN.exe
  C:\Windows\System\DJLPqWN.exe
  2⤵
  PID:8912
- C:\Windows\System\hSVoKhA.exe
  C:\Windows\System\hSVoKhA.exe
  2⤵
  PID:8932
- C:\Windows\System\GkVRfjU.exe
  C:\Windows\System\GkVRfjU.exe
  2⤵
  PID:8952
- C:\Windows\System\wcCkibS.exe
  C:\Windows\System\wcCkibS.exe
  2⤵
  PID:9024
- C:\Windows\System\GFiEtBt.exe
  C:\Windows\System\GFiEtBt.exe
  2⤵
  PID:9140
- C:\Windows\System\cAQdwoQ.exe
  C:\Windows\System\cAQdwoQ.exe
  2⤵
  PID:9156
- C:\Windows\System\vRRmTBO.exe
  C:\Windows\System\vRRmTBO.exe
  2⤵
  PID:8212
- C:\Windows\System\cLYybcW.exe
  C:\Windows\System\cLYybcW.exe
  2⤵
  PID:8284
- C:\Windows\System\PTUTUVm.exe
  C:\Windows\System\PTUTUVm.exe
  2⤵
  PID:8388
- C:\Windows\System\hWZUaKo.exe
  C:\Windows\System\hWZUaKo.exe
  2⤵
  PID:8476
- C:\Windows\System\iAxsPoO.exe
  C:\Windows\System\iAxsPoO.exe
  2⤵
  PID:8648
- C:\Windows\System\RHxpTQr.exe
  C:\Windows\System\RHxpTQr.exe
  2⤵
  PID:8552
- C:\Windows\System\UPjxOdv.exe
  C:\Windows\System\UPjxOdv.exe
  2⤵
  PID:8756
- C:\Windows\System\NvrMTnj.exe
  C:\Windows\System\NvrMTnj.exe
  2⤵
  PID:8748
- C:\Windows\System\GVWItlb.exe
  C:\Windows\System\GVWItlb.exe
  2⤵
  PID:8936
- C:\Windows\System\YmrUdMd.exe
  C:\Windows\System\YmrUdMd.exe
  2⤵
  PID:9072
- C:\Windows\System\ftfIYWX.exe
  C:\Windows\System\ftfIYWX.exe
  2⤵
  PID:9132
- C:\Windows\System\dbQdJer.exe
  C:\Windows\System\dbQdJer.exe
  2⤵
  PID:8272
- C:\Windows\System\QMvbvaj.exe
  C:\Windows\System\QMvbvaj.exe
  2⤵
  PID:1528
- C:\Windows\System\obuaKId.exe
  C:\Windows\System\obuaKId.exe
  2⤵
  PID:8436
- C:\Windows\System\GvcdtLB.exe
  C:\Windows\System\GvcdtLB.exe
  2⤵
  PID:8628
- C:\Windows\System\fKpRioH.exe
  C:\Windows\System\fKpRioH.exe
  2⤵
  PID:8820
- C:\Windows\System\BQvywos.exe
  C:\Windows\System\BQvywos.exe
  2⤵
  PID:9060
- C:\Windows\System\rRgSqBX.exe
  C:\Windows\System\rRgSqBX.exe
  2⤵
  PID:8920
- C:\Windows\System\DIxaVFL.exe
  C:\Windows\System\DIxaVFL.exe
  2⤵
  PID:9136
- C:\Windows\System\qYPszWG.exe
  C:\Windows\System\qYPszWG.exe
  2⤵
  PID:8324
- C:\Windows\System\LGmtdKX.exe
  C:\Windows\System\LGmtdKX.exe
  2⤵
  PID:8528
- C:\Windows\System\dmyZzxO.exe
  C:\Windows\System\dmyZzxO.exe
  2⤵
  PID:8536
- C:\Windows\System\ToaAyCM.exe
  C:\Windows\System\ToaAyCM.exe
  2⤵
  PID:9200
- C:\Windows\System\uOHgrNf.exe
  C:\Windows\System\uOHgrNf.exe
  2⤵
  PID:8256
- C:\Windows\System\bRvHXlJ.exe
  C:\Windows\System\bRvHXlJ.exe
  2⤵
  PID:8416
- C:\Windows\System\bYulwBA.exe
  C:\Windows\System\bYulwBA.exe
  2⤵
  PID:8812
- C:\Windows\System\PtGbybx.exe
  C:\Windows\System\PtGbybx.exe
  2⤵
  PID:8948
- C:\Windows\System\qTxDqBy.exe
  C:\Windows\System\qTxDqBy.exe
  2⤵
  PID:8620
- C:\Windows\System\FpGjuNk.exe
  C:\Windows\System\FpGjuNk.exe
  2⤵
  PID:8836
- C:\Windows\System\LoujaCT.exe
  C:\Windows\System\LoujaCT.exe
  2⤵
  PID:836
- C:\Windows\System\xTNunGb.exe
  C:\Windows\System\xTNunGb.exe
  2⤵
  PID:9232
- C:\Windows\System\AjUoaLU.exe
  C:\Windows\System\AjUoaLU.exe
  2⤵
  PID:9248
- C:\Windows\System\xDsVkjc.exe
  C:\Windows\System\xDsVkjc.exe
  2⤵
  PID:9264
- C:\Windows\System\houXJCv.exe
  C:\Windows\System\houXJCv.exe
  2⤵
  PID:9280
- C:\Windows\System\lbmTjpd.exe
  C:\Windows\System\lbmTjpd.exe
  2⤵
  PID:9296
- C:\Windows\System\kbddnGO.exe
  C:\Windows\System\kbddnGO.exe
  2⤵
  PID:9312
- C:\Windows\System\qZivVxx.exe
  C:\Windows\System\qZivVxx.exe
  2⤵
  PID:9328
- C:\Windows\System\VQXnzDx.exe
  C:\Windows\System\VQXnzDx.exe
  2⤵
  PID:9344
- C:\Windows\System\FxnclHQ.exe
  C:\Windows\System\FxnclHQ.exe
  2⤵
  PID:9360
- C:\Windows\System\gGrapqg.exe
  C:\Windows\System\gGrapqg.exe
  2⤵
  PID:9376
- C:\Windows\System\fladRjq.exe
  C:\Windows\System\fladRjq.exe
  2⤵
  PID:9392
- C:\Windows\System\XlrvniF.exe
  C:\Windows\System\XlrvniF.exe
  2⤵
  PID:9408
- C:\Windows\System\JtdrpEx.exe
  C:\Windows\System\JtdrpEx.exe
  2⤵
  PID:9424
- C:\Windows\System\qCSODNf.exe
  C:\Windows\System\qCSODNf.exe
  2⤵
  PID:9440
- C:\Windows\System\iwifUWv.exe
  C:\Windows\System\iwifUWv.exe
  2⤵
  PID:9456
- C:\Windows\System\ZevybUY.exe
  C:\Windows\System\ZevybUY.exe
  2⤵
  PID:9472
- C:\Windows\System\ICjIiqQ.exe
  C:\Windows\System\ICjIiqQ.exe
  2⤵
  PID:9488
- C:\Windows\System\BmYIVfN.exe
  C:\Windows\System\BmYIVfN.exe
  2⤵
  PID:9504
- C:\Windows\System\SqHTkVk.exe
  C:\Windows\System\SqHTkVk.exe
  2⤵
  PID:9520
- C:\Windows\System\bnRNivw.exe
  C:\Windows\System\bnRNivw.exe
  2⤵
  PID:9536
- C:\Windows\System\uBXCsAP.exe
  C:\Windows\System\uBXCsAP.exe
  2⤵
  PID:9552
- C:\Windows\System\cmaztOx.exe
  C:\Windows\System\cmaztOx.exe
  2⤵
  PID:9568
- C:\Windows\System\pHUebRP.exe
  C:\Windows\System\pHUebRP.exe
  2⤵
  PID:9584
- C:\Windows\System\ZJWklsz.exe
  C:\Windows\System\ZJWklsz.exe
  2⤵
  PID:9600
- C:\Windows\System\EpYWpRS.exe
  C:\Windows\System\EpYWpRS.exe
  2⤵
  PID:9616
- C:\Windows\System\DNhZLuk.exe
  C:\Windows\System\DNhZLuk.exe
  2⤵
  PID:9632
- C:\Windows\System\wgZLaEa.exe
  C:\Windows\System\wgZLaEa.exe
  2⤵
  PID:9652
- C:\Windows\System\matUsPo.exe
  C:\Windows\System\matUsPo.exe
  2⤵
  PID:9668
- C:\Windows\System\dIYnOWY.exe
  C:\Windows\System\dIYnOWY.exe
  2⤵
  PID:9684
- C:\Windows\System\ggZrtRa.exe
  C:\Windows\System\ggZrtRa.exe
  2⤵
  PID:9716
- C:\Windows\System\UqwKOsU.exe
  C:\Windows\System\UqwKOsU.exe
  2⤵
  PID:9732
- C:\Windows\System\YDTQouE.exe
  C:\Windows\System\YDTQouE.exe
  2⤵
  PID:9764
- C:\Windows\System\hRDYFHH.exe
  C:\Windows\System\hRDYFHH.exe
  2⤵
  PID:9780
- C:\Windows\System\KZxkDiO.exe
  C:\Windows\System\KZxkDiO.exe
  2⤵
  PID:9796
- C:\Windows\System\PTacRQH.exe
  C:\Windows\System\PTacRQH.exe
  2⤵
  PID:9812
- C:\Windows\System\qPdQlXg.exe
  C:\Windows\System\qPdQlXg.exe
  2⤵
  PID:9832
- C:\Windows\System\slfvmDp.exe
  C:\Windows\System\slfvmDp.exe
  2⤵
  PID:9856
- C:\Windows\System\JwYAvXG.exe
  C:\Windows\System\JwYAvXG.exe
  2⤵
  PID:9876
- C:\Windows\System\OrIMBsV.exe
  C:\Windows\System\OrIMBsV.exe
  2⤵
  PID:9900
- C:\Windows\System\TINlKuh.exe
  C:\Windows\System\TINlKuh.exe
  2⤵
  PID:9916
- C:\Windows\System\lJEqnfc.exe
  C:\Windows\System\lJEqnfc.exe
  2⤵
  PID:9936
- C:\Windows\System\FJkxjph.exe
  C:\Windows\System\FJkxjph.exe
  2⤵
  PID:9960
- C:\Windows\System\NxibFJE.exe
  C:\Windows\System\NxibFJE.exe
  2⤵
  PID:9980
- C:\Windows\System\fhkILlg.exe
  C:\Windows\System\fhkILlg.exe
  2⤵
  PID:10008
- C:\Windows\System\GhyjUQb.exe
  C:\Windows\System\GhyjUQb.exe
  2⤵
  PID:10036
- C:\Windows\System\KiwtTSC.exe
  C:\Windows\System\KiwtTSC.exe
  2⤵
  PID:10064
- C:\Windows\System\JqwDtAJ.exe
  C:\Windows\System\JqwDtAJ.exe
  2⤵
  PID:10080
- C:\Windows\System\nyQJEmi.exe
  C:\Windows\System\nyQJEmi.exe
  2⤵
  PID:10096
- C:\Windows\System\UlixDkT.exe
  C:\Windows\System\UlixDkT.exe
  2⤵
  PID:10124
- C:\Windows\System\sjAxaGt.exe
  C:\Windows\System\sjAxaGt.exe
  2⤵
  PID:10140
- C:\Windows\System\eiAGNQT.exe
  C:\Windows\System\eiAGNQT.exe
  2⤵
  PID:10156
- C:\Windows\System\EmiiFig.exe
  C:\Windows\System\EmiiFig.exe
  2⤵
  PID:10172
- C:\Windows\System\LyCXpEa.exe
  C:\Windows\System\LyCXpEa.exe
  2⤵
  PID:10188
- C:\Windows\System\VzTqmkY.exe
  C:\Windows\System\VzTqmkY.exe
  2⤵
  PID:10204
- C:\Windows\System\QHZXycz.exe
  C:\Windows\System\QHZXycz.exe
  2⤵
  PID:10220
- C:\Windows\System\YMhRVxh.exe
  C:\Windows\System\YMhRVxh.exe
  2⤵
  PID:9116
- C:\Windows\System\ajwHvuX.exe
  C:\Windows\System\ajwHvuX.exe
  2⤵
  PID:9260
- C:\Windows\System\FBGAGpm.exe
  C:\Windows\System\FBGAGpm.exe
  2⤵
  PID:9352
- C:\Windows\System\EunjkCs.exe
  C:\Windows\System\EunjkCs.exe
  2⤵
  PID:9384
- C:\Windows\System\eryyWqx.exe
  C:\Windows\System\eryyWqx.exe
  2⤵
  PID:9420
- C:\Windows\System\dhiffhp.exe
  C:\Windows\System\dhiffhp.exe
  2⤵
  PID:9464
- C:\Windows\System\PZDmeEO.exe
  C:\Windows\System\PZDmeEO.exe
  2⤵
  PID:9496
- C:\Windows\System\AyjzgGA.exe
  C:\Windows\System\AyjzgGA.exe
  2⤵
  PID:9528
- C:\Windows\System\JLdhDqI.exe
  C:\Windows\System\JLdhDqI.exe
  2⤵
  PID:9560
- C:\Windows\System\RdLjpHP.exe
  C:\Windows\System\RdLjpHP.exe
  2⤵
  PID:9592
- C:\Windows\System\JyaLdkv.exe
  C:\Windows\System\JyaLdkv.exe
  2⤵
  PID:9624
- C:\Windows\System\ubXwEVH.exe
  C:\Windows\System\ubXwEVH.exe
  2⤵
  PID:9680
- C:\Windows\System\OoqUHfR.exe
  C:\Windows\System\OoqUHfR.exe
  2⤵
  PID:9696
- C:\Windows\System\rcjtXve.exe
  C:\Windows\System\rcjtXve.exe
  2⤵
  PID:9752
- C:\Windows\System\zJIksAN.exe
  C:\Windows\System\zJIksAN.exe
  2⤵
  PID:9760
- C:\Windows\System\rJpqTId.exe
  C:\Windows\System\rJpqTId.exe
  2⤵
  PID:9792
- C:\Windows\System\baKQOQE.exe
  C:\Windows\System\baKQOQE.exe
  2⤵
  PID:9824
- C:\Windows\System\YsXviaw.exe
  C:\Windows\System\YsXviaw.exe
  2⤵
  PID:9908
- C:\Windows\System\BABRHIG.exe
  C:\Windows\System\BABRHIG.exe
  2⤵
  PID:9892
- C:\Windows\System\hVZWBcb.exe
  C:\Windows\System\hVZWBcb.exe
  2⤵
  PID:9948
- C:\Windows\System\aWlTnOC.exe
  C:\Windows\System\aWlTnOC.exe
  2⤵
  PID:9996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ABrvDGv.exe

Filesize
6.0MB

MD5
5296722860abbe193a91c4b15ae1f0b6

SHA1
eb20b5d88398f4f228a160e1c3cd68b22850898a

SHA256
04dc2a29daf5002c3a78d8a79a008ac0d3f7b844d24b0d44a49782477cee32a5

SHA512
6205bf0b6ce80ce6e83d730cb976252bdb4ea3b14b34448bc8cddc36bcb17faae11fa0f4ea5eb2600eb4a110e10600f04ac977adc49c21d0aa69fdbb5572b768

Download Submit
C:\Windows\system\CHQrUZr.exe

Filesize
6.0MB

MD5
f041d2c921babcb3f01c14b332637f14

SHA1
3716275389b25e23a67c6380d75e0b4fca063277

SHA256
24c3a4a61ade54bd9f9afc630d7131233e40f6bc2034aeeb40a40cb613b4bf6b

SHA512
c35395eb1f86ca022d55118e75928ec3085bf84f33833eca421e04a1763cd49522986bdfa64082715ae504744a05f8392dbed43b358b1511f5b6160b57492bcb

Download Submit
C:\Windows\system\EBVPDZk.exe

Filesize
6.0MB

MD5
04e00c279faf45aed981742323b27520

SHA1
4d685962edcf7c3d761e752a58816925a50bcb72

SHA256
86e60531c7eabd40f5e9ff4cc5188e3ccc374043f6e26bf692c43725db66e640

SHA512
41fce6acf21614c724750ce4e266209928a5bea5af0365bb9a224cdb87fe88f8799c6953dceb84e55fa6a17f607f58cfaef829f76c2ee39c217dcdd51ab5680f

Download Submit
C:\Windows\system\FFscjrz.exe

Filesize
6.0MB

MD5
bfbf0a9cc75da60843fd68fcde233187

SHA1
ffd8dcdcd898ac072591df8cc6b497c0c115d85c

SHA256
9014b75f6a67508f36ea01300fce67a5d5ba39f69cb751cb5336d4990ec959fa

SHA512
4381a34ea65ae20966efc663b23629c0c6e231c461081fff2c2c58d4af7d2e733ca4f035935223288191f6055165c0c637057634327254d27c10d3ebc592dc42

Download Submit
C:\Windows\system\JxMeJUy.exe

Filesize
6.0MB

MD5
e73dfee062bb06841f06eadecde34641

SHA1
40c82a5f196afd47b13dc2c214131e16b96904c5

SHA256
9b6df367536d99216b584a1cc6ace549263b987d9021405327c9d8ffbf24ed0e

SHA512
0621f67ada0a9ae70555d7fb02ec88d1a0a0dbd363029878db88e64cb0b7fd165c265727be6a0e43fc9af939712bcc2f6ba7a2f87a969bd330db4045db75a3ba

Download Submit
C:\Windows\system\MgCOjwG.exe

Filesize
6.0MB

MD5
d610061d42d0fd747ee55d42427b40f3

SHA1
9796f50897eb388894e5fdd75d7b82d697a000a1

SHA256
39e3d3b5f88e440a0f4175df061178314590453ac04183c3672ef138776c64f3

SHA512
14f2831089581aafa37976af17b45c14fb2f0f96a6731dda995c9a7488c7657aec0b0f9962b1308e28c917ea74ed55618e99d6d112df8d2a51c39f23e063b5e6

Download Submit
C:\Windows\system\OMGBmvI.exe

Filesize
6.0MB

MD5
b6b841686ed7016a92e519ef52303df3

SHA1
3251776d93ea48c2e317ead8efaa3735bdf2a454

SHA256
8a1090c51b4b0436663240c31591501db9517c62239205dedb1231826ed1ef2e

SHA512
259176a2f58e895df2113e3d830437dabe2ff3a246b1a8a6f6d43847ed3e609ba803e9c2a411079ab25e25ecd22a06c3778e8b01095c3c25da06695eea2c10cb

Download Submit
C:\Windows\system\OPqWnIu.exe

Filesize
6.0MB

MD5
edfae60082e581e74d3f5222b97cdb7d

SHA1
65d355f81fe569f260eebf8788802a1628e7eec5

SHA256
af22908c51817389c354dc01feded08727b65b9af329b6d1a57aa0f7d4df7332

SHA512
6d66a95a7a4960bd1044f37c7df5a7068292ead311cd666da3352f8c2bacb7b1bf22befbc7321b50dd5187ee03da163d325cc64ce1117442731bccc1667f1e38

Download Submit
C:\Windows\system\PkasbAx.exe

Filesize
6.0MB

MD5
45924c836188658e2acf4c5037218b5d

SHA1
d2dced9e3520a8e7b14d57536d1e050bbe14c070

SHA256
d7d0c3338828d5dd80c76fb24d2a845c803b1b363f67a0648989af262f771f19

SHA512
3b383a724af880b52725e945b04ac1a889bfc7cf9837b2266130aa1b6754937b36f2c93a1c539786583e91cd75eb446e69aa2089fc2c554957d55aaaeef0806d

Download Submit
C:\Windows\system\QtRdlOw.exe

Filesize
6.0MB

MD5
5d08697aedf4417b69d28a8e7de7b882

SHA1
2bb95796c74c88b14bfe57201d6f4de1fe4a3e4d

SHA256
239fcfc4f87fb1ea13845990b6ef9c99a3c539b5500cb2e42301eccc427db96d

SHA512
52d88f740c9d5fecb1043ceb33eee861513ef639a633689e7c8fb617867bf326d1efd4546cdaaa2483c794348712085f0a1b11734e7d90f437c9a4d0a53b5fb9

Download Submit
C:\Windows\system\YYuWemP.exe

Filesize
6.0MB

MD5
867695d19c4cebdb36d6e0a01f337869

SHA1
2ba284c52efbd94a7fdc3071cdeab83af051b2d0

SHA256
31c743c2cc414677a3b5057790b67115a0e63ea0d8547627636696e6b1966513

SHA512
aa31ad6ce19aa46852bca9de0d7398015e2963db80b95b66622b4d3c6a92bded70e901f2ca9a378b318aeb8db0a0e50660c217d5e9c374a05f7eacdf63aa78c6

Download Submit
C:\Windows\system\fkCwdzq.exe

Filesize
6.0MB

MD5
398ea195da747702e17c6b37ed0d79bb

SHA1
05a0b4cf6db537789f751f01607b3dff430d10e4

SHA256
73c97fa56c27ea6f7e2cd48980f62502f45f3b98409a1315e567b14e0abd5643

SHA512
d7ba3339ef894be3a74e68a4ea6fee642b8c07ce242423cdc4f6507be5646249f954656becf327a63823cc1a0fa381970a056c2849d3447a13018c41db55d2e0

Download Submit
C:\Windows\system\isoMbao.exe

Filesize
6.0MB

MD5
d33215bce5d16a509e67c72338c9dd23

SHA1
c78cad623e4e6cf92c945c83f082eb94ffc740f7

SHA256
b8cc88cbe9028a95d957f61de2a5d2e58ab46506baa7c0cf7971b757b8d07d09

SHA512
19f31d24f6ad4326aa7e179d7315e5792ee3b1b0cc650daaf0439f2fed7d359d9cc8f8db800c52459103cf9851c119f402e113f44651aaafec669f7ed8eb6253

Download Submit
C:\Windows\system\mVgornh.exe

Filesize
6.0MB

MD5
65a38faf2ef26f63f23881a7fa96c0bd

SHA1
dd955f8367d8e2b60eedeac59ebc2c3ebe87ab25

SHA256
d7b9ef7e38a472ebf0972b3acbf642ef06c66bbd2ba638973b07e7d13716d31c

SHA512
9124fb27d31a5ffb14773140f5fd58a7da74e1e8d6622bae0c08f53b60772c737c1939321271aac9ce1d666ea726e5de63dadad83bc1ba9640f88d1b2eb73001

Download Submit
C:\Windows\system\mvMxBjP.exe

Filesize
6.0MB

MD5
48bbd01d38174ad3cdf95b23b08d31f0

SHA1
e46b7ab1315ff4cf63a5f631467a6ec6470c63b6

SHA256
74e41782727155c93850b142d9b51076c39750bb7db28e4d21d3f9e945ad0263

SHA512
a7d648c6ca8d4ad07d97777b8f4d916b7d0022d63ef7a6cff0aa32a036c2fb040050332845a0df2df7e1764bb0b007545e1f718d8b7bed859f193001216fab4a

Download Submit
C:\Windows\system\npdljxt.exe

Filesize
6.0MB

MD5
746fde8bb62d3b5c67e136f282493227

SHA1
ef263cd341bb0e0dd38adf31ed62c2f01bbf4a73

SHA256
2c50e2ab90d76bd18eea4a3a8cfcb0806fe4fa23a7c5ca8c287076a6be795c0b

SHA512
fd4960105e6561babb4bf44d3f6ed0f582ae116d780db5bcfd9045f81575a945e492b9b91bbba288560c032cec659912aedf6846ff18e5896d6a5b442f4b3477

Download Submit
C:\Windows\system\oJhsyXm.exe

Filesize
6.0MB

MD5
3b95b8ff72e4e9fefa1d3530c3e25e0d

SHA1
38172ac18ef2855f057e19b892aaf58236a21fe0

SHA256
3fd9ba6e0216a8743265225f75c81161666dde3f2426d0319802083e5673718f

SHA512
1230b2098fd98de873953176c5d698b8e106b0d23b08398331844eccbafac8fa8899f84d205222fad52403569d3cc999cc27ae9f71ab3f18e5ec259d392ae8f8

Download Submit
C:\Windows\system\qpqMSjd.exe

Filesize
6.0MB

MD5
cfd7add3f0328e79a00c9f039e08e41a

SHA1
e0552c9a5f6a0610f3fe4805428884b579c06f39

SHA256
06f0e2dc92c704b030934970ac9e2ef1c0020a0af9a1c2244dc091200fd88aa9

SHA512
77dd54c981812184392094936711e38b8c6bc4db8ab82bef4438480f57768b3463ccd6bc9fd5f1469d9c9088b2854a108ab477cf537ffaae922d3ee3d7eefc79

Download Submit
C:\Windows\system\teAtJDh.exe

Filesize
6.0MB

MD5
a4e630c9e9c67acc0e576684f2d642ca

SHA1
c0cab3d476d5f2594183f1bb544fb5e554fae0b7

SHA256
074f6696906d69e59f9e75b114584a378f88badb920dd19b4534af9f70c9b6bb

SHA512
2a18a65648c24a9c8cd0aabfe1c6aa281fb4dcd1458dd94d020352ae66ee1bef3e4abdfcd7aa70fea0f237a5d9f6390c696b9ac59b922e2ca804641eafbd28b9

Download Submit
C:\Windows\system\ujNPayK.exe

Filesize
6.0MB

MD5
8b89059446a53116ebadf116d229eed4

SHA1
ebbd754533c4fff576af8c2896450134ed375503

SHA256
d952344ee08f23efec7f70148ce9709a14eb5cb909b3bd580b6248c507d42c66

SHA512
ae228e1749dcb4be5b8191713c6df6c727bbdb60cc22b6933400d1f2d76620ed9146415437575b36592ff0cdbea68dc916a0c90133bd22d72d269b73bf81e164

Download Submit
C:\Windows\system\vgFbkKs.exe

Filesize
6.0MB

MD5
68969e4ec0f039038aa064af11cde336

SHA1
5df39ac9d3d96095ce8cb9ea77ad0f853c5eaf9a

SHA256
bb7ef729edec30ae72d0c88fd5874a8f8bf4eca48016fd99646c3d482c4625e3

SHA512
0a7d5ef075b75ad00a71ed5da4939c037e9d90307829226f13af2095c1168bfb7051e9d1ade394e82286d5727bd47ce2dd8f31edb6e281a051a9dcb42dcaee07

Download Submit
C:\Windows\system\xGCnZew.exe

Filesize
6.0MB

MD5
b57596ff8e6f137d75a81b7ad3a8e955

SHA1
91a0db42b89574fbc2ffc70a6d61968a39178c79

SHA256
7a6f0e512d80b16ea14dd88fa32d1363bbf45ec986d26ea04374740df2a8a823

SHA512
875c09422a9a83fa373f0ba3a6ef2b491548047867078324b802c456a85bf4aa108666f539d9e6a33890f013054038d7529c72d378351ccf4bb00a897a3fc1fa

Download Submit
C:\Windows\system\xKkBTpp.exe

Filesize
6.0MB

MD5
a6af9c369b61b65993c99cd9d98aeb99

SHA1
55938fcc94b2be6030db91d910961c82859e624f

SHA256
1b7f8d33ee2ded6db796a2f7d4a716cb949992da634af7d1c90aebdbf56a7324

SHA512
65f8fe0fb32738c247c88bb9fd4a3c3e2cd2d11e94bfb0bf6a317d8da58d3bbaa8d6fae2919341384f3f86b8528e61bd3378255a0d155ff2c711568f79554d34

Download Submit
C:\Windows\system\zpdSDso.exe

Filesize
6.0MB

MD5
9402d7e5969ff4611ebab7dcdb2ecc45

SHA1
b1f5757fbe2cebf8542bb128f471fb00a287358b

SHA256
c4656d8ab7003ad91be3e9b86dbe1cf38b159518fcfa9e0d0144826ed36055df

SHA512
3309ce3584c54d180c169448f27c17b0fed9866823921e2582e319fa5804257a0e70b2e6d07b93db9387c1305487a7dbab39f07aaa32940f3a05168bf97db046

Download Submit
\Windows\system\AnCNENA.exe

Filesize
6.0MB

MD5
22fb98c063b67757078383e70fbb62a3

SHA1
948d16e107e51f2466ac6a9f3ee452df2c043af3

SHA256
014426c87752084c180e7667ee96a3c89bce83dc28c6bc669eef70fa88cdb652

SHA512
47f9dda80f51c2a1d3e051d4df107f1fea1c88258ce13c10bed2a57596976feada7481b75e2a6063560231e81905359dddabb25d57c1c7587833bbd35beb13ff

Download Submit
\Windows\system\FdDFtnV.exe

Filesize
6.0MB

MD5
f94c870f8d68a0d2cd14ee2f8791f3cb

SHA1
c536a566d8065707bbd171ee188dcdcaccf6cbf2

SHA256
86975d26b47fdef12d5de62f2b3efd589e22e8f2a0445a3da8d0d3d0d4eac470

SHA512
60360c22cbf4808345593458f50a72fa4e17b7560b3c35639fc5a9f5850200bc71048631b54a3040fbc6ba1ad48983b972ec1c775d2be4372310d2b9cc2aafab

Download Submit
\Windows\system\LVwzgOt.exe

Filesize
6.0MB

MD5
794582e0f0baff621fea081889fb7b7d

SHA1
c93e98df003cc61ecb96f8d6289aec205d0dcfef

SHA256
7912e9539ba13c5b316f7140ec5283538087ab65c08f4147e57a71c4a69587ac

SHA512
0cec9d384c323a5589e35d660c64e476a4f68dc760f806eb44ccde259a14d7f1af5183303bd731b5453d5d2df3f46aee436fff8cf2a401c74b74d38923705b38

Download Submit
\Windows\system\PHhKimh.exe

Filesize
6.0MB

MD5
4d4a57fd1b944858bd0a573f0e7c8615

SHA1
338de045e6ce358e91cf638855691e2a2278aa57

SHA256
506e10e51cc6c53242035d59d7d36c91bd1f8f397d6349a78f230ddfc92d6478

SHA512
1047245606a0742494dd219ecf344023b2d614b02a8781b0cc8e212620ef54e8c1247e07876ea67257aaca0151ab9aa44811c4e7e976f37b33f3d7feb1e3592d

Download Submit
\Windows\system\SKGnXZr.exe

Filesize
6.0MB

MD5
fff541df84f21a3f61b0154bfb66c02f

SHA1
b7d0b550e8ccbbd0ac12fad5e0e9208f7ecd5a43

SHA256
cfeff12c27ad6942c416810bac83d9770e3fb833a80545a0e4245e58d23b3e25

SHA512
84034965c4a11d41468ba5773a3895f06b7f1b9bd31d7ef0134cc027280b7f2b4513d9363a2916f7b794dea243f117c65cce4e3c6bd7ebb56a624ba07fb72344

Download Submit
\Windows\system\dddPDYK.exe

Filesize
6.0MB

MD5
0c7bd1663d2a8fdf32ce7fe87b0c6149

SHA1
e63cc5e88fff471d3c4c55b1748e514df946fa66

SHA256
6d6b28ff9fa2c16839269ca064f21c4f5d9243bce43c59b663fd6fe1dc71b9a9

SHA512
73604f094144916ee092fe3947ce8898a512bf501058187d0d32221c3d0a10ad23751626c67287b6d28c778f411ef8c71b4662b520137e8810d0ec4e27adda9a

Download Submit
\Windows\system\jmQZPUp.exe

Filesize
6.0MB

MD5
852041fe4aa4504d2e97e23db63e8c90

SHA1
e9058271f425ba2ac0f61f553711ec36182eddcf

SHA256
d3dd61f4b3f6717a4c2f5bfee23ea2e248db629833799b998fa3cfa9c9ad02f4

SHA512
8b864e35f70f6cef644961cdba01e1c082b8830027f0aca491cb862914a3a3571af96c19a62cb108f7b5ddd3431523f670620598851521191366c420199b327b

Download Submit
\Windows\system\viqccyt.exe

Filesize
6.0MB

MD5
c8ec3a4ba3eb270a277643eefe624fc7

SHA1
c78deaf6f7e04c07fc3c4fed0ff5b53feeb2a6b2

SHA256
f6e5cc6a3260eacebce519634ee1b2d6eb9b12bdf4c839930fc59a36d9c18224

SHA512
040bb4ecb04386399c8932eb141bcf59397a33999ada2f172a59067fe8a06e5bdf79674ce83c1dfa70ac93f48afa0e2462cd124e955bd0365bca0fb7ada263bc

Download Submit
memory/1132-1123-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1132-73-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1132-140-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1240-1117-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1240-55-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/1856-63-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1856-102-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1856-1121-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2132-281-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-95-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-1126-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2360-54-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2360-1120-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2368-88-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2368-279-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2368-1125-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2488-283-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-103-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2488-1127-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-1124-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2564-213-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2564-80-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1118-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2656-47-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1122-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2724-58-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2740-50-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-1119-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-72-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2796-11-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2796-1109-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2888-249-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2888-28-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2888-284-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2888-282-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-107-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2888-99-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-84-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2888-280-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-77-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2888-0-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2888-92-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-60-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2888-68-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2888-39-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2888-6-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2888-71-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2888-16-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2888-67-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2888-57-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2888-56-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-53-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2888-174-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2888-19-0x0000000002340000-0x0000000002694000-memory.dmp

Filesize
3.3MB

Download
memory/2944-15-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2944-1099-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2956-22-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1116-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2956-87-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download