cobaltstrike | a3f9839e5c6abb80f48f9bd8bb4cfd95162028357267695c62d6aa506fc12539

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 01:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

eca295cac34324b2610841733d419bc9
SHA1

e19a6aea198e2096c1ebd8d070cacff4c5ce22da
SHA256

a3f9839e5c6abb80f48f9bd8bb4cfd95162028357267695c62d6aa506fc12539
SHA512

e3e2911fe0cea8143212f6373ffa490259b7c84999c9bab01001ece40bd241fe7f4e5875edb5b2e8fda1843ef626f0647c7f696a72fae5800684511596fef6ac
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUz:eOl56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012263-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f96-24.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-71.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000015db6-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-117.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-201.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-196.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-191.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-186.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-181.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-166.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-160.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-151.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-146.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-141.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-131.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-121.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-107.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-98.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-83.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-67.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016645-59.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000164db-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016210-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016334-41.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016009-25.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ed2-11.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2316-0-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x000b000000012263-3.dat	xmrig
behavioral1/memory/2316-6-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015f96-24.dat	xmrig
behavioral1/memory/2316-29-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2228-30-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2712-42-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2608-60-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x0006000000016eb8-71.dat	xmrig
behavioral1/memory/2012-76-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x0009000000015db6-89.dat	xmrig
behavioral1/memory/2108-85-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x0006000000017400-117.dat	xmrig
behavioral1/files/0x00060000000174a6-136.dat	xmrig
behavioral1/files/0x0005000000018696-157.dat	xmrig
behavioral1/memory/1704-861-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2316-800-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/1076-707-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/1744-535-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2316-445-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2108-375-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2012-222-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x00050000000191f6-201.dat	xmrig
behavioral1/files/0x00050000000191d2-196.dat	xmrig
behavioral1/files/0x00060000000190e1-191.dat	xmrig
behavioral1/files/0x000600000001904c-186.dat	xmrig
behavioral1/files/0x0006000000018f65-181.dat	xmrig
behavioral1/files/0x0006000000018c44-176.dat	xmrig
behavioral1/files/0x00050000000187a2-166.dat	xmrig
behavioral1/files/0x0006000000018c34-171.dat	xmrig
behavioral1/files/0x0005000000018697-160.dat	xmrig
behavioral1/files/0x0015000000018676-151.dat	xmrig
behavioral1/files/0x000600000001757f-146.dat	xmrig
behavioral1/files/0x00060000000174c3-141.dat	xmrig
behavioral1/files/0x0006000000017488-131.dat	xmrig
behavioral1/files/0x000600000001746a-126.dat	xmrig
behavioral1/files/0x0006000000017403-121.dat	xmrig
behavioral1/memory/1704-109-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2640-108-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f3-107.dat	xmrig
behavioral1/memory/2316-104-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/1076-100-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2608-99-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x000600000001707c-98.dat	xmrig
behavioral1/memory/2712-84-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0006000000016edb-83.dat	xmrig
behavioral1/memory/1744-91-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2904-90-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2640-68-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x0006000000016de8-67.dat	xmrig
behavioral1/memory/2316-65-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2284-64-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2860-75-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0009000000016645-59.dat	xmrig
behavioral1/memory/2904-53-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2336-52-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/1332-51-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x00070000000164db-49.dat	xmrig
behavioral1/memory/2316-46-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/2860-36-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0007000000016210-35.dat	xmrig
behavioral1/files/0x0007000000016334-41.dat	xmrig
behavioral1/memory/2316-39-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2284-27-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1332	TVuOLwj.exe
2336	wytYTdi.exe
2228	guHSiQZ.exe
2284	vJCypaA.exe
2860	AFUEcnD.exe
2712	ePERUZP.exe
2904	OFbPPtk.exe
2608	tGZOWQP.exe
2640	pRTqOWf.exe
2012	uOVdolO.exe
2108	eXdowns.exe
1744	juOnsxs.exe
1076	OhQGuLT.exe
1704	hrfoHEj.exe
2320	KrkHcMM.exe
108	RLPTzsQ.exe
1368	XtxcaqH.exe
2932	uJTPVAc.exe
2800	NGncrFL.exe
2208	niEmCkn.exe
3036	BgROwgg.exe
2084	kxUSQXU.exe
2952	haVrLvK.exe
1512	yzxzQFN.exe
1664	wlxSWsY.exe
1620	diGmbiR.exe
2796	TFqSWSi.exe
1500	VKdyfNd.exe
1616	MTCNszn.exe
2540	ZFsVxfZ.exe
2008	ZbWFGSE.exe
1868	kutwGHN.exe
636	IvJBpZy.exe
2680	UZGJWdU.exe
1388	DylJiLo.exe
2276	ANWQahV.exe
1988	cwSFPnA.exe
2396	ihfuxCV.exe
2504	rQaCwUD.exe
1488	rehhFZp.exe
1636	CJcZVBa.exe
1628	fxQoCuM.exe
1924	DgkNJGo.exe
980	ZuRyTVq.exe
692	swYLSqS.exe
884	ZfuBGPf.exe
2268	IOxjHwt.exe
2104	qaNRoPY.exe
1560	WhbXcFw.exe
1596	KcYIGIB.exe
2328	BOVzcdP.exe
2964	LgldwHE.exe
2592	WKcJCUG.exe
2716	VxFEFLd.exe
2612	SnGnaVS.exe
3056	MvAOOfv.exe
1892	ntefRJc.exe
2628	KOAOEdo.exe
1996	FAslXTS.exe
1764	invMXXC.exe
1840	rpMpDqo.exe
1440	CDoLftv.exe
1436	JnFCVws.exe
2948	nUXRsha.exe

Loads dropped DLL 64 IoCs

pid	Process
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2316-0-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000b000000012263-3.dat	upx
behavioral1/files/0x0008000000015f96-24.dat	upx
behavioral1/memory/2228-30-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2712-42-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2608-60-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x0006000000016eb8-71.dat	upx
behavioral1/memory/2012-76-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x0009000000015db6-89.dat	upx
behavioral1/memory/2108-85-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x0006000000017400-117.dat	upx
behavioral1/files/0x00060000000174a6-136.dat	upx
behavioral1/files/0x0005000000018696-157.dat	upx
behavioral1/memory/1704-861-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1076-707-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/1744-535-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2108-375-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2012-222-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x00050000000191f6-201.dat	upx
behavioral1/files/0x00050000000191d2-196.dat	upx
behavioral1/files/0x00060000000190e1-191.dat	upx
behavioral1/files/0x000600000001904c-186.dat	upx
behavioral1/files/0x0006000000018f65-181.dat	upx
behavioral1/files/0x0006000000018c44-176.dat	upx
behavioral1/files/0x00050000000187a2-166.dat	upx
behavioral1/files/0x0006000000018c34-171.dat	upx
behavioral1/files/0x0005000000018697-160.dat	upx
behavioral1/files/0x0015000000018676-151.dat	upx
behavioral1/files/0x000600000001757f-146.dat	upx
behavioral1/files/0x00060000000174c3-141.dat	upx
behavioral1/files/0x0006000000017488-131.dat	upx
behavioral1/files/0x000600000001746a-126.dat	upx
behavioral1/files/0x0006000000017403-121.dat	upx
behavioral1/memory/1704-109-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2640-108-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x00060000000173f3-107.dat	upx
behavioral1/memory/1076-100-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2608-99-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x000600000001707c-98.dat	upx
behavioral1/memory/2712-84-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0006000000016edb-83.dat	upx
behavioral1/memory/1744-91-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2904-90-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2640-68-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x0006000000016de8-67.dat	upx
behavioral1/memory/2284-64-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2860-75-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0009000000016645-59.dat	upx
behavioral1/memory/2904-53-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2336-52-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/1332-51-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x00070000000164db-49.dat	upx
behavioral1/memory/2316-46-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/2860-36-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0007000000016210-35.dat	upx
behavioral1/files/0x0007000000016334-41.dat	upx
behavioral1/memory/2284-27-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/files/0x0008000000016009-25.dat	upx
behavioral1/memory/2336-15-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/1332-13-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0008000000015ed2-11.dat	upx
behavioral1/memory/2228-3529-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/1332-3531-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2284-3530-0x000000013F640000-0x000000013F994000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\jtmTWzr.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoFfKuk.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQEqPCy.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TsZqcLT.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBpWmHi.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uNrXPqu.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkMNodR.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lIilkwr.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DHdJsCw.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjLCMzM.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IPgXnpX.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhKCTWo.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjivJgu.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eUvWOBy.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vjbQgft.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkiXaWm.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDkXUQF.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfCkYcS.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHZoklK.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\luMyIIc.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZirngPh.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBzZEgi.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjPFEKh.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAzPxeY.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFLvsOr.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIPQiCi.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkaAsDE.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\toxUXNH.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diJdleB.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAtCKew.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\viKJpew.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ctIDfxm.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtxcaqH.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQJwQWm.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJvbRDx.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWVzBjv.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrleLpo.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLeEXIX.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BTiVjkt.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVYWlWf.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yGWsTVj.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qncWRUt.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JsCovwt.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Pwjqvzw.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mrxoorm.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLwBhGy.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETssLOH.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AyeUBmh.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inCPlCh.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyuMJnw.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffMKzJN.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJmieYE.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EiEzHDk.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOpGkBm.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMUZvrK.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YgDDseG.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ezHvsLq.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DagvFLK.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKOcIJT.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DAPyymM.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTsZpNl.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vseZBuh.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXQYeKU.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItLADIP.exe	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 1332	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2316 wrote to memory of 1332	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2316 wrote to memory of 1332	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2316 wrote to memory of 2336	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2316 wrote to memory of 2336	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2316 wrote to memory of 2336	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2316 wrote to memory of 2228	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2316 wrote to memory of 2228	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2316 wrote to memory of 2228	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2316 wrote to memory of 2284	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2316 wrote to memory of 2284	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2316 wrote to memory of 2284	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2316 wrote to memory of 2860	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2316 wrote to memory of 2860	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2316 wrote to memory of 2860	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2316 wrote to memory of 2712	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2316 wrote to memory of 2712	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2316 wrote to memory of 2712	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2316 wrote to memory of 2904	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2316 wrote to memory of 2904	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2316 wrote to memory of 2904	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2316 wrote to memory of 2608	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2316 wrote to memory of 2608	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2316 wrote to memory of 2608	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2316 wrote to memory of 2640	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2316 wrote to memory of 2640	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2316 wrote to memory of 2640	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2316 wrote to memory of 2012	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2316 wrote to memory of 2012	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2316 wrote to memory of 2012	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2316 wrote to memory of 2108	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2316 wrote to memory of 2108	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2316 wrote to memory of 2108	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2316 wrote to memory of 1744	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2316 wrote to memory of 1744	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2316 wrote to memory of 1744	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2316 wrote to memory of 1076	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2316 wrote to memory of 1076	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2316 wrote to memory of 1076	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2316 wrote to memory of 1704	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2316 wrote to memory of 1704	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2316 wrote to memory of 1704	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2316 wrote to memory of 2320	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2316 wrote to memory of 2320	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2316 wrote to memory of 2320	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2316 wrote to memory of 108	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2316 wrote to memory of 108	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2316 wrote to memory of 108	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2316 wrote to memory of 1368	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2316 wrote to memory of 1368	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2316 wrote to memory of 1368	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2316 wrote to memory of 2932	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2316 wrote to memory of 2932	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2316 wrote to memory of 2932	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2316 wrote to memory of 2800	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2316 wrote to memory of 2800	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2316 wrote to memory of 2800	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2316 wrote to memory of 2208	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2316 wrote to memory of 2208	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2316 wrote to memory of 2208	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2316 wrote to memory of 3036	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2316 wrote to memory of 3036	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2316 wrote to memory of 3036	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2316 wrote to memory of 2084	2316	2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_eca295cac34324b2610841733d419bc9_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Windows\System\TVuOLwj.exe
  C:\Windows\System\TVuOLwj.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\wytYTdi.exe
  C:\Windows\System\wytYTdi.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\guHSiQZ.exe
  C:\Windows\System\guHSiQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\vJCypaA.exe
  C:\Windows\System\vJCypaA.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\AFUEcnD.exe
  C:\Windows\System\AFUEcnD.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\ePERUZP.exe
  C:\Windows\System\ePERUZP.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\OFbPPtk.exe
  C:\Windows\System\OFbPPtk.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\tGZOWQP.exe
  C:\Windows\System\tGZOWQP.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\pRTqOWf.exe
  C:\Windows\System\pRTqOWf.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\uOVdolO.exe
  C:\Windows\System\uOVdolO.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\eXdowns.exe
  C:\Windows\System\eXdowns.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\juOnsxs.exe
  C:\Windows\System\juOnsxs.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\OhQGuLT.exe
  C:\Windows\System\OhQGuLT.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\hrfoHEj.exe
  C:\Windows\System\hrfoHEj.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\KrkHcMM.exe
  C:\Windows\System\KrkHcMM.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\RLPTzsQ.exe
  C:\Windows\System\RLPTzsQ.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\XtxcaqH.exe
  C:\Windows\System\XtxcaqH.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\uJTPVAc.exe
  C:\Windows\System\uJTPVAc.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\NGncrFL.exe
  C:\Windows\System\NGncrFL.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\niEmCkn.exe
  C:\Windows\System\niEmCkn.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\BgROwgg.exe
  C:\Windows\System\BgROwgg.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\kxUSQXU.exe
  C:\Windows\System\kxUSQXU.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\haVrLvK.exe
  C:\Windows\System\haVrLvK.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\yzxzQFN.exe
  C:\Windows\System\yzxzQFN.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\wlxSWsY.exe
  C:\Windows\System\wlxSWsY.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\diGmbiR.exe
  C:\Windows\System\diGmbiR.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\TFqSWSi.exe
  C:\Windows\System\TFqSWSi.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\VKdyfNd.exe
  C:\Windows\System\VKdyfNd.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\MTCNszn.exe
  C:\Windows\System\MTCNszn.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\ZFsVxfZ.exe
  C:\Windows\System\ZFsVxfZ.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ZbWFGSE.exe
  C:\Windows\System\ZbWFGSE.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\kutwGHN.exe
  C:\Windows\System\kutwGHN.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\IvJBpZy.exe
  C:\Windows\System\IvJBpZy.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\UZGJWdU.exe
  C:\Windows\System\UZGJWdU.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\DylJiLo.exe
  C:\Windows\System\DylJiLo.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\ANWQahV.exe
  C:\Windows\System\ANWQahV.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\cwSFPnA.exe
  C:\Windows\System\cwSFPnA.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\ihfuxCV.exe
  C:\Windows\System\ihfuxCV.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\rQaCwUD.exe
  C:\Windows\System\rQaCwUD.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\rehhFZp.exe
  C:\Windows\System\rehhFZp.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\CJcZVBa.exe
  C:\Windows\System\CJcZVBa.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\fxQoCuM.exe
  C:\Windows\System\fxQoCuM.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\DgkNJGo.exe
  C:\Windows\System\DgkNJGo.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\ZuRyTVq.exe
  C:\Windows\System\ZuRyTVq.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\swYLSqS.exe
  C:\Windows\System\swYLSqS.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\ZfuBGPf.exe
  C:\Windows\System\ZfuBGPf.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\IOxjHwt.exe
  C:\Windows\System\IOxjHwt.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\qaNRoPY.exe
  C:\Windows\System\qaNRoPY.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\WhbXcFw.exe
  C:\Windows\System\WhbXcFw.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\KcYIGIB.exe
  C:\Windows\System\KcYIGIB.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\BOVzcdP.exe
  C:\Windows\System\BOVzcdP.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\LgldwHE.exe
  C:\Windows\System\LgldwHE.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\WKcJCUG.exe
  C:\Windows\System\WKcJCUG.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\VxFEFLd.exe
  C:\Windows\System\VxFEFLd.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\SnGnaVS.exe
  C:\Windows\System\SnGnaVS.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\MvAOOfv.exe
  C:\Windows\System\MvAOOfv.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\ntefRJc.exe
  C:\Windows\System\ntefRJc.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\KOAOEdo.exe
  C:\Windows\System\KOAOEdo.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\FAslXTS.exe
  C:\Windows\System\FAslXTS.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\invMXXC.exe
  C:\Windows\System\invMXXC.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\rpMpDqo.exe
  C:\Windows\System\rpMpDqo.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\CDoLftv.exe
  C:\Windows\System\CDoLftv.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\JnFCVws.exe
  C:\Windows\System\JnFCVws.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\nUXRsha.exe
  C:\Windows\System\nUXRsha.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\bGypJYc.exe
  C:\Windows\System\bGypJYc.exe
  2⤵
  PID:908
- C:\Windows\System\qEjSqWh.exe
  C:\Windows\System\qEjSqWh.exe
  2⤵
  PID:1624
- C:\Windows\System\TSPXRcG.exe
  C:\Windows\System\TSPXRcG.exe
  2⤵
  PID:2036
- C:\Windows\System\SVhUUox.exe
  C:\Windows\System\SVhUUox.exe
  2⤵
  PID:1372
- C:\Windows\System\YKTfOfL.exe
  C:\Windows\System\YKTfOfL.exe
  2⤵
  PID:1784
- C:\Windows\System\OcAtvBK.exe
  C:\Windows\System\OcAtvBK.exe
  2⤵
  PID:2272
- C:\Windows\System\cagZxBk.exe
  C:\Windows\System\cagZxBk.exe
  2⤵
  PID:1748
- C:\Windows\System\sQKmESh.exe
  C:\Windows\System\sQKmESh.exe
  2⤵
  PID:496
- C:\Windows\System\daCCKYS.exe
  C:\Windows\System\daCCKYS.exe
  2⤵
  PID:1736
- C:\Windows\System\aHarbRX.exe
  C:\Windows\System\aHarbRX.exe
  2⤵
  PID:2288
- C:\Windows\System\JjJBkRW.exe
  C:\Windows\System\JjJBkRW.exe
  2⤵
  PID:2148
- C:\Windows\System\zxxBTIi.exe
  C:\Windows\System\zxxBTIi.exe
  2⤵
  PID:2552
- C:\Windows\System\ASLgAib.exe
  C:\Windows\System\ASLgAib.exe
  2⤵
  PID:992
- C:\Windows\System\nkcMsCE.exe
  C:\Windows\System\nkcMsCE.exe
  2⤵
  PID:2240
- C:\Windows\System\pqivBsE.exe
  C:\Windows\System\pqivBsE.exe
  2⤵
  PID:3012
- C:\Windows\System\tJnUErk.exe
  C:\Windows\System\tJnUErk.exe
  2⤵
  PID:1404
- C:\Windows\System\hTxdSiv.exe
  C:\Windows\System\hTxdSiv.exe
  2⤵
  PID:2828
- C:\Windows\System\CDJtsEv.exe
  C:\Windows\System\CDJtsEv.exe
  2⤵
  PID:2872
- C:\Windows\System\pccQwhv.exe
  C:\Windows\System\pccQwhv.exe
  2⤵
  PID:2660
- C:\Windows\System\mdRvuvm.exe
  C:\Windows\System\mdRvuvm.exe
  2⤵
  PID:2600
- C:\Windows\System\ysXdXrI.exe
  C:\Windows\System\ysXdXrI.exe
  2⤵
  PID:1800
- C:\Windows\System\dffRSAb.exe
  C:\Windows\System\dffRSAb.exe
  2⤵
  PID:2940
- C:\Windows\System\qFSkoQn.exe
  C:\Windows\System\qFSkoQn.exe
  2⤵
  PID:2792
- C:\Windows\System\zBurZOg.exe
  C:\Windows\System\zBurZOg.exe
  2⤵
  PID:2944
- C:\Windows\System\qlRlBUx.exe
  C:\Windows\System\qlRlBUx.exe
  2⤵
  PID:1072
- C:\Windows\System\kYslvdE.exe
  C:\Windows\System\kYslvdE.exe
  2⤵
  PID:1320
- C:\Windows\System\pPDwrrS.exe
  C:\Windows\System\pPDwrrS.exe
  2⤵
  PID:1224
- C:\Windows\System\EQhfKsH.exe
  C:\Windows\System\EQhfKsH.exe
  2⤵
  PID:2144
- C:\Windows\System\VVInlcz.exe
  C:\Windows\System\VVInlcz.exe
  2⤵
  PID:1540
- C:\Windows\System\HwVESxT.exe
  C:\Windows\System\HwVESxT.exe
  2⤵
  PID:1888
- C:\Windows\System\aMjIClI.exe
  C:\Windows\System\aMjIClI.exe
  2⤵
  PID:1272
- C:\Windows\System\Pvfoqbt.exe
  C:\Windows\System\Pvfoqbt.exe
  2⤵
  PID:1880
- C:\Windows\System\LxOKubx.exe
  C:\Windows\System\LxOKubx.exe
  2⤵
  PID:888
- C:\Windows\System\heaKVBR.exe
  C:\Windows\System\heaKVBR.exe
  2⤵
  PID:2052
- C:\Windows\System\NsXkqhQ.exe
  C:\Windows\System\NsXkqhQ.exe
  2⤵
  PID:2756
- C:\Windows\System\xZiwllM.exe
  C:\Windows\System\xZiwllM.exe
  2⤵
  PID:824
- C:\Windows\System\RFZouJV.exe
  C:\Windows\System\RFZouJV.exe
  2⤵
  PID:1056
- C:\Windows\System\IvvFXIq.exe
  C:\Windows\System\IvvFXIq.exe
  2⤵
  PID:2188
- C:\Windows\System\RXOoPMK.exe
  C:\Windows\System\RXOoPMK.exe
  2⤵
  PID:2936
- C:\Windows\System\pDckzTm.exe
  C:\Windows\System\pDckzTm.exe
  2⤵
  PID:2568
- C:\Windows\System\CxSUhfm.exe
  C:\Windows\System\CxSUhfm.exe
  2⤵
  PID:1612
- C:\Windows\System\kdofgvO.exe
  C:\Windows\System\kdofgvO.exe
  2⤵
  PID:1700
- C:\Windows\System\rVrXdAu.exe
  C:\Windows\System\rVrXdAu.exe
  2⤵
  PID:3084
- C:\Windows\System\RYzEXQT.exe
  C:\Windows\System\RYzEXQT.exe
  2⤵
  PID:3104
- C:\Windows\System\CTQbQHI.exe
  C:\Windows\System\CTQbQHI.exe
  2⤵
  PID:3124
- C:\Windows\System\oGFNYtU.exe
  C:\Windows\System\oGFNYtU.exe
  2⤵
  PID:3144
- C:\Windows\System\pKLNIFn.exe
  C:\Windows\System\pKLNIFn.exe
  2⤵
  PID:3164
- C:\Windows\System\boIbQrd.exe
  C:\Windows\System\boIbQrd.exe
  2⤵
  PID:3184
- C:\Windows\System\vUchjID.exe
  C:\Windows\System\vUchjID.exe
  2⤵
  PID:3208
- C:\Windows\System\uErAFrK.exe
  C:\Windows\System\uErAFrK.exe
  2⤵
  PID:3228
- C:\Windows\System\geEtwkN.exe
  C:\Windows\System\geEtwkN.exe
  2⤵
  PID:3248
- C:\Windows\System\EsKUvcN.exe
  C:\Windows\System\EsKUvcN.exe
  2⤵
  PID:3268
- C:\Windows\System\NLeEXIX.exe
  C:\Windows\System\NLeEXIX.exe
  2⤵
  PID:3288
- C:\Windows\System\tERoDiy.exe
  C:\Windows\System\tERoDiy.exe
  2⤵
  PID:3308
- C:\Windows\System\nxKzkGb.exe
  C:\Windows\System\nxKzkGb.exe
  2⤵
  PID:3328
- C:\Windows\System\IrPwzvk.exe
  C:\Windows\System\IrPwzvk.exe
  2⤵
  PID:3348
- C:\Windows\System\GgVOeQQ.exe
  C:\Windows\System\GgVOeQQ.exe
  2⤵
  PID:3368
- C:\Windows\System\nDlayaz.exe
  C:\Windows\System\nDlayaz.exe
  2⤵
  PID:3388
- C:\Windows\System\IixfaVW.exe
  C:\Windows\System\IixfaVW.exe
  2⤵
  PID:3408
- C:\Windows\System\VoKIfug.exe
  C:\Windows\System\VoKIfug.exe
  2⤵
  PID:3428
- C:\Windows\System\HxktgpD.exe
  C:\Windows\System\HxktgpD.exe
  2⤵
  PID:3448
- C:\Windows\System\kMcFhXZ.exe
  C:\Windows\System\kMcFhXZ.exe
  2⤵
  PID:3468
- C:\Windows\System\NJrylJa.exe
  C:\Windows\System\NJrylJa.exe
  2⤵
  PID:3488
- C:\Windows\System\nhlKWWj.exe
  C:\Windows\System\nhlKWWj.exe
  2⤵
  PID:3508
- C:\Windows\System\DJsPkpA.exe
  C:\Windows\System\DJsPkpA.exe
  2⤵
  PID:3528
- C:\Windows\System\aHARudx.exe
  C:\Windows\System\aHARudx.exe
  2⤵
  PID:3544
- C:\Windows\System\MVKVFZx.exe
  C:\Windows\System\MVKVFZx.exe
  2⤵
  PID:3568
- C:\Windows\System\tuGxile.exe
  C:\Windows\System\tuGxile.exe
  2⤵
  PID:3588
- C:\Windows\System\nTKPQCR.exe
  C:\Windows\System\nTKPQCR.exe
  2⤵
  PID:3608
- C:\Windows\System\yCdJBOt.exe
  C:\Windows\System\yCdJBOt.exe
  2⤵
  PID:3628
- C:\Windows\System\qtGeBpn.exe
  C:\Windows\System\qtGeBpn.exe
  2⤵
  PID:3648
- C:\Windows\System\tHLjeDF.exe
  C:\Windows\System\tHLjeDF.exe
  2⤵
  PID:3664
- C:\Windows\System\BmGtAPp.exe
  C:\Windows\System\BmGtAPp.exe
  2⤵
  PID:3688
- C:\Windows\System\AfuWEjy.exe
  C:\Windows\System\AfuWEjy.exe
  2⤵
  PID:3708
- C:\Windows\System\KAQuapt.exe
  C:\Windows\System\KAQuapt.exe
  2⤵
  PID:3728
- C:\Windows\System\bnaTwPW.exe
  C:\Windows\System\bnaTwPW.exe
  2⤵
  PID:3748
- C:\Windows\System\NYZKHiN.exe
  C:\Windows\System\NYZKHiN.exe
  2⤵
  PID:3768
- C:\Windows\System\iqnADEc.exe
  C:\Windows\System\iqnADEc.exe
  2⤵
  PID:3784
- C:\Windows\System\dwBmyTA.exe
  C:\Windows\System\dwBmyTA.exe
  2⤵
  PID:3812
- C:\Windows\System\YrKzDoy.exe
  C:\Windows\System\YrKzDoy.exe
  2⤵
  PID:3832
- C:\Windows\System\sIaJYLf.exe
  C:\Windows\System\sIaJYLf.exe
  2⤵
  PID:3852
- C:\Windows\System\hajlXpv.exe
  C:\Windows\System\hajlXpv.exe
  2⤵
  PID:3872
- C:\Windows\System\rKeotjk.exe
  C:\Windows\System\rKeotjk.exe
  2⤵
  PID:3892
- C:\Windows\System\NafEQjB.exe
  C:\Windows\System\NafEQjB.exe
  2⤵
  PID:3912
- C:\Windows\System\elBEzHy.exe
  C:\Windows\System\elBEzHy.exe
  2⤵
  PID:3932
- C:\Windows\System\sErOrNi.exe
  C:\Windows\System\sErOrNi.exe
  2⤵
  PID:3952
- C:\Windows\System\LDVTQJv.exe
  C:\Windows\System\LDVTQJv.exe
  2⤵
  PID:3972
- C:\Windows\System\vMztDFs.exe
  C:\Windows\System\vMztDFs.exe
  2⤵
  PID:3992
- C:\Windows\System\SbauXXg.exe
  C:\Windows\System\SbauXXg.exe
  2⤵
  PID:4012
- C:\Windows\System\mdRdHTF.exe
  C:\Windows\System\mdRdHTF.exe
  2⤵
  PID:4032
- C:\Windows\System\OtLXhyi.exe
  C:\Windows\System\OtLXhyi.exe
  2⤵
  PID:4052
- C:\Windows\System\IBejvwB.exe
  C:\Windows\System\IBejvwB.exe
  2⤵
  PID:4072
- C:\Windows\System\JOaJfjZ.exe
  C:\Windows\System\JOaJfjZ.exe
  2⤵
  PID:4092
- C:\Windows\System\pVRydcM.exe
  C:\Windows\System\pVRydcM.exe
  2⤵
  PID:2248
- C:\Windows\System\UfJBZlQ.exe
  C:\Windows\System\UfJBZlQ.exe
  2⤵
  PID:2984
- C:\Windows\System\nVRyOun.exe
  C:\Windows\System\nVRyOun.exe
  2⤵
  PID:2112
- C:\Windows\System\xZhWFOT.exe
  C:\Windows\System\xZhWFOT.exe
  2⤵
  PID:2784
- C:\Windows\System\pfhYafw.exe
  C:\Windows\System\pfhYafw.exe
  2⤵
  PID:2776
- C:\Windows\System\mSIRqKF.exe
  C:\Windows\System\mSIRqKF.exe
  2⤵
  PID:2516
- C:\Windows\System\GYYrKVX.exe
  C:\Windows\System\GYYrKVX.exe
  2⤵
  PID:2532
- C:\Windows\System\JHMVqoA.exe
  C:\Windows\System\JHMVqoA.exe
  2⤵
  PID:3120
- C:\Windows\System\OSJidLD.exe
  C:\Windows\System\OSJidLD.exe
  2⤵
  PID:3160
- C:\Windows\System\bZAAIAV.exe
  C:\Windows\System\bZAAIAV.exe
  2⤵
  PID:3140
- C:\Windows\System\WAzTpDd.exe
  C:\Windows\System\WAzTpDd.exe
  2⤵
  PID:3180
- C:\Windows\System\Hryrliw.exe
  C:\Windows\System\Hryrliw.exe
  2⤵
  PID:3220
- C:\Windows\System\PaMezOO.exe
  C:\Windows\System\PaMezOO.exe
  2⤵
  PID:3280
- C:\Windows\System\Fqzxxhn.exe
  C:\Windows\System\Fqzxxhn.exe
  2⤵
  PID:3324
- C:\Windows\System\ClXtevA.exe
  C:\Windows\System\ClXtevA.exe
  2⤵
  PID:3336
- C:\Windows\System\uLQdTSl.exe
  C:\Windows\System\uLQdTSl.exe
  2⤵
  PID:3404
- C:\Windows\System\XzDMleF.exe
  C:\Windows\System\XzDMleF.exe
  2⤵
  PID:3436
- C:\Windows\System\LobOHjd.exe
  C:\Windows\System\LobOHjd.exe
  2⤵
  PID:3476
- C:\Windows\System\IqLqQdA.exe
  C:\Windows\System\IqLqQdA.exe
  2⤵
  PID:3456
- C:\Windows\System\oFyHpPt.exe
  C:\Windows\System\oFyHpPt.exe
  2⤵
  PID:3496
- C:\Windows\System\sFfyNMJ.exe
  C:\Windows\System\sFfyNMJ.exe
  2⤵
  PID:3552
- C:\Windows\System\WqIAppN.exe
  C:\Windows\System\WqIAppN.exe
  2⤵
  PID:3596
- C:\Windows\System\ybBbNmB.exe
  C:\Windows\System\ybBbNmB.exe
  2⤵
  PID:3636
- C:\Windows\System\ufzsilp.exe
  C:\Windows\System\ufzsilp.exe
  2⤵
  PID:3684
- C:\Windows\System\aaqzLNX.exe
  C:\Windows\System\aaqzLNX.exe
  2⤵
  PID:3720
- C:\Windows\System\FaIyCDX.exe
  C:\Windows\System\FaIyCDX.exe
  2⤵
  PID:3660
- C:\Windows\System\okacRVT.exe
  C:\Windows\System\okacRVT.exe
  2⤵
  PID:3744
- C:\Windows\System\qlQTBgb.exe
  C:\Windows\System\qlQTBgb.exe
  2⤵
  PID:3740
- C:\Windows\System\mROvlxM.exe
  C:\Windows\System\mROvlxM.exe
  2⤵
  PID:3780
- C:\Windows\System\mkRvrhj.exe
  C:\Windows\System\mkRvrhj.exe
  2⤵
  PID:3828
- C:\Windows\System\xXKMSaJ.exe
  C:\Windows\System\xXKMSaJ.exe
  2⤵
  PID:3860
- C:\Windows\System\ikAHXLI.exe
  C:\Windows\System\ikAHXLI.exe
  2⤵
  PID:3900
- C:\Windows\System\GMCHxGe.exe
  C:\Windows\System\GMCHxGe.exe
  2⤵
  PID:3960
- C:\Windows\System\FZakrng.exe
  C:\Windows\System\FZakrng.exe
  2⤵
  PID:3964
- C:\Windows\System\VezwciN.exe
  C:\Windows\System\VezwciN.exe
  2⤵
  PID:3984
- C:\Windows\System\daQdLuQ.exe
  C:\Windows\System\daQdLuQ.exe
  2⤵
  PID:4024
- C:\Windows\System\pmJWTHS.exe
  C:\Windows\System\pmJWTHS.exe
  2⤵
  PID:4068
- C:\Windows\System\RVhNJwZ.exe
  C:\Windows\System\RVhNJwZ.exe
  2⤵
  PID:2408
- C:\Windows\System\takVfrS.exe
  C:\Windows\System\takVfrS.exe
  2⤵
  PID:3048
- C:\Windows\System\UcgNGDF.exe
  C:\Windows\System\UcgNGDF.exe
  2⤵
  PID:1820
- C:\Windows\System\jjkoCvn.exe
  C:\Windows\System\jjkoCvn.exe
  2⤵
  PID:2960
- C:\Windows\System\QdqqEVe.exe
  C:\Windows\System\QdqqEVe.exe
  2⤵
  PID:3192
- C:\Windows\System\OWkxJym.exe
  C:\Windows\System\OWkxJym.exe
  2⤵
  PID:3236
- C:\Windows\System\WfYXApg.exe
  C:\Windows\System\WfYXApg.exe
  2⤵
  PID:3152
- C:\Windows\System\FYeeBfa.exe
  C:\Windows\System\FYeeBfa.exe
  2⤵
  PID:3204
- C:\Windows\System\ihgBkSq.exe
  C:\Windows\System\ihgBkSq.exe
  2⤵
  PID:3396
- C:\Windows\System\VSUXwSv.exe
  C:\Windows\System\VSUXwSv.exe
  2⤵
  PID:3460
- C:\Windows\System\xBmuOIg.exe
  C:\Windows\System\xBmuOIg.exe
  2⤵
  PID:3564
- C:\Windows\System\iSvKBRp.exe
  C:\Windows\System\iSvKBRp.exe
  2⤵
  PID:3676
- C:\Windows\System\VHdpZDX.exe
  C:\Windows\System\VHdpZDX.exe
  2⤵
  PID:3624
- C:\Windows\System\qyFahYC.exe
  C:\Windows\System\qyFahYC.exe
  2⤵
  PID:3480
- C:\Windows\System\jOyIxYD.exe
  C:\Windows\System\jOyIxYD.exe
  2⤵
  PID:3848
- C:\Windows\System\mJQRrVp.exe
  C:\Windows\System\mJQRrVp.exe
  2⤵
  PID:3600
- C:\Windows\System\QzrCGLT.exe
  C:\Windows\System\QzrCGLT.exe
  2⤵
  PID:3884
- C:\Windows\System\dVXwNLT.exe
  C:\Windows\System\dVXwNLT.exe
  2⤵
  PID:3808
- C:\Windows\System\tJKlQZB.exe
  C:\Windows\System\tJKlQZB.exe
  2⤵
  PID:3944
- C:\Windows\System\nKGrrmt.exe
  C:\Windows\System\nKGrrmt.exe
  2⤵
  PID:3880
- C:\Windows\System\ZGKieuO.exe
  C:\Windows\System\ZGKieuO.exe
  2⤵
  PID:3980
- C:\Windows\System\eDkDRGu.exe
  C:\Windows\System\eDkDRGu.exe
  2⤵
  PID:2844
- C:\Windows\System\mXEDjDc.exe
  C:\Windows\System\mXEDjDc.exe
  2⤵
  PID:4084
- C:\Windows\System\DPNiozG.exe
  C:\Windows\System\DPNiozG.exe
  2⤵
  PID:3132
- C:\Windows\System\hfzzrnB.exe
  C:\Windows\System\hfzzrnB.exe
  2⤵
  PID:3076
- C:\Windows\System\JnJybcS.exe
  C:\Windows\System\JnJybcS.exe
  2⤵
  PID:3340
- C:\Windows\System\HkPteYR.exe
  C:\Windows\System\HkPteYR.exe
  2⤵
  PID:3300
- C:\Windows\System\gEJwKrt.exe
  C:\Windows\System\gEJwKrt.exe
  2⤵
  PID:3224
- C:\Windows\System\zvxRTMP.exe
  C:\Windows\System\zvxRTMP.exe
  2⤵
  PID:3320
- C:\Windows\System\HCXRbDW.exe
  C:\Windows\System\HCXRbDW.exe
  2⤵
  PID:3792
- C:\Windows\System\FrBlfRc.exe
  C:\Windows\System\FrBlfRc.exe
  2⤵
  PID:3584
- C:\Windows\System\TUsnHEo.exe
  C:\Windows\System\TUsnHEo.exe
  2⤵
  PID:3580
- C:\Windows\System\pAxHWgF.exe
  C:\Windows\System\pAxHWgF.exe
  2⤵
  PID:3704
- C:\Windows\System\NNfsKoN.exe
  C:\Windows\System\NNfsKoN.exe
  2⤵
  PID:1640
- C:\Windows\System\XAmrXeh.exe
  C:\Windows\System\XAmrXeh.exe
  2⤵
  PID:4008
- C:\Windows\System\lcFuBaL.exe
  C:\Windows\System\lcFuBaL.exe
  2⤵
  PID:2444
- C:\Windows\System\aBPXYgg.exe
  C:\Windows\System\aBPXYgg.exe
  2⤵
  PID:3276
- C:\Windows\System\JVFoIsl.exe
  C:\Windows\System\JVFoIsl.exe
  2⤵
  PID:3920
- C:\Windows\System\QUjcjRz.exe
  C:\Windows\System\QUjcjRz.exe
  2⤵
  PID:3116
- C:\Windows\System\qiTTqLr.exe
  C:\Windows\System\qiTTqLr.exe
  2⤵
  PID:3948
- C:\Windows\System\DLyMJQw.exe
  C:\Windows\System\DLyMJQw.exe
  2⤵
  PID:4108
- C:\Windows\System\LkgdXmo.exe
  C:\Windows\System\LkgdXmo.exe
  2⤵
  PID:4128
- C:\Windows\System\NbTzvQX.exe
  C:\Windows\System\NbTzvQX.exe
  2⤵
  PID:4148
- C:\Windows\System\XHqWQQJ.exe
  C:\Windows\System\XHqWQQJ.exe
  2⤵
  PID:4168
- C:\Windows\System\eccauYe.exe
  C:\Windows\System\eccauYe.exe
  2⤵
  PID:4192
- C:\Windows\System\LJautdt.exe
  C:\Windows\System\LJautdt.exe
  2⤵
  PID:4212
- C:\Windows\System\ZVqgZGO.exe
  C:\Windows\System\ZVqgZGO.exe
  2⤵
  PID:4232
- C:\Windows\System\VqpCJWe.exe
  C:\Windows\System\VqpCJWe.exe
  2⤵
  PID:4256
- C:\Windows\System\eaaonQv.exe
  C:\Windows\System\eaaonQv.exe
  2⤵
  PID:4276
- C:\Windows\System\MLWdyoh.exe
  C:\Windows\System\MLWdyoh.exe
  2⤵
  PID:4300
- C:\Windows\System\vPtGlNx.exe
  C:\Windows\System\vPtGlNx.exe
  2⤵
  PID:4320
- C:\Windows\System\DBZNygD.exe
  C:\Windows\System\DBZNygD.exe
  2⤵
  PID:4336
- C:\Windows\System\Hwfohgq.exe
  C:\Windows\System\Hwfohgq.exe
  2⤵
  PID:4356
- C:\Windows\System\iqMRHdU.exe
  C:\Windows\System\iqMRHdU.exe
  2⤵
  PID:4380
- C:\Windows\System\XEOnygv.exe
  C:\Windows\System\XEOnygv.exe
  2⤵
  PID:4400
- C:\Windows\System\kLXlxaX.exe
  C:\Windows\System\kLXlxaX.exe
  2⤵
  PID:4424
- C:\Windows\System\TudUHwr.exe
  C:\Windows\System\TudUHwr.exe
  2⤵
  PID:4444
- C:\Windows\System\mcPDXDO.exe
  C:\Windows\System\mcPDXDO.exe
  2⤵
  PID:4460
- C:\Windows\System\vojNxnq.exe
  C:\Windows\System\vojNxnq.exe
  2⤵
  PID:4484
- C:\Windows\System\VmuQctv.exe
  C:\Windows\System\VmuQctv.exe
  2⤵
  PID:4504
- C:\Windows\System\ibnWAZx.exe
  C:\Windows\System\ibnWAZx.exe
  2⤵
  PID:4524
- C:\Windows\System\NclcHkN.exe
  C:\Windows\System\NclcHkN.exe
  2⤵
  PID:4544
- C:\Windows\System\GFpZUzM.exe
  C:\Windows\System\GFpZUzM.exe
  2⤵
  PID:4564
- C:\Windows\System\iFyjVue.exe
  C:\Windows\System\iFyjVue.exe
  2⤵
  PID:4584
- C:\Windows\System\kVApSGk.exe
  C:\Windows\System\kVApSGk.exe
  2⤵
  PID:4604
- C:\Windows\System\JUkdKRm.exe
  C:\Windows\System\JUkdKRm.exe
  2⤵
  PID:4624
- C:\Windows\System\PiKPBqa.exe
  C:\Windows\System\PiKPBqa.exe
  2⤵
  PID:4644
- C:\Windows\System\hSIKuAq.exe
  C:\Windows\System\hSIKuAq.exe
  2⤵
  PID:4664
- C:\Windows\System\XIoBlxA.exe
  C:\Windows\System\XIoBlxA.exe
  2⤵
  PID:4684
- C:\Windows\System\UBMQceF.exe
  C:\Windows\System\UBMQceF.exe
  2⤵
  PID:4704
- C:\Windows\System\AzQcIUK.exe
  C:\Windows\System\AzQcIUK.exe
  2⤵
  PID:4724
- C:\Windows\System\pZxormB.exe
  C:\Windows\System\pZxormB.exe
  2⤵
  PID:4744
- C:\Windows\System\szOxfeh.exe
  C:\Windows\System\szOxfeh.exe
  2⤵
  PID:4764
- C:\Windows\System\OAkrnlr.exe
  C:\Windows\System\OAkrnlr.exe
  2⤵
  PID:4784
- C:\Windows\System\bHDnKNB.exe
  C:\Windows\System\bHDnKNB.exe
  2⤵
  PID:4804
- C:\Windows\System\ORpQCDY.exe
  C:\Windows\System\ORpQCDY.exe
  2⤵
  PID:4824
- C:\Windows\System\mcgDybu.exe
  C:\Windows\System\mcgDybu.exe
  2⤵
  PID:4844
- C:\Windows\System\ykDHNpY.exe
  C:\Windows\System\ykDHNpY.exe
  2⤵
  PID:4860
- C:\Windows\System\fvGWpJP.exe
  C:\Windows\System\fvGWpJP.exe
  2⤵
  PID:4884
- C:\Windows\System\DUoHLrV.exe
  C:\Windows\System\DUoHLrV.exe
  2⤵
  PID:4904
- C:\Windows\System\IdbkIRE.exe
  C:\Windows\System\IdbkIRE.exe
  2⤵
  PID:4924
- C:\Windows\System\uroQFTZ.exe
  C:\Windows\System\uroQFTZ.exe
  2⤵
  PID:4944
- C:\Windows\System\CyXDxSx.exe
  C:\Windows\System\CyXDxSx.exe
  2⤵
  PID:4964
- C:\Windows\System\mbGflbT.exe
  C:\Windows\System\mbGflbT.exe
  2⤵
  PID:4984
- C:\Windows\System\jrsMfjq.exe
  C:\Windows\System\jrsMfjq.exe
  2⤵
  PID:5004
- C:\Windows\System\MzMLkmV.exe
  C:\Windows\System\MzMLkmV.exe
  2⤵
  PID:5028
- C:\Windows\System\TBEDKzT.exe
  C:\Windows\System\TBEDKzT.exe
  2⤵
  PID:5048
- C:\Windows\System\eoyFaFO.exe
  C:\Windows\System\eoyFaFO.exe
  2⤵
  PID:5068
- C:\Windows\System\PlHcGrN.exe
  C:\Windows\System\PlHcGrN.exe
  2⤵
  PID:5088
- C:\Windows\System\SXtlNJD.exe
  C:\Windows\System\SXtlNJD.exe
  2⤵
  PID:5108
- C:\Windows\System\YCMvxbC.exe
  C:\Windows\System\YCMvxbC.exe
  2⤵
  PID:4004
- C:\Windows\System\zFgEipe.exe
  C:\Windows\System\zFgEipe.exe
  2⤵
  PID:3356
- C:\Windows\System\SeLwTgC.exe
  C:\Windows\System\SeLwTgC.exe
  2⤵
  PID:3284
- C:\Windows\System\FLohVGn.exe
  C:\Windows\System\FLohVGn.exe
  2⤵
  PID:2348
- C:\Windows\System\xbYffMm.exe
  C:\Windows\System\xbYffMm.exe
  2⤵
  PID:3928
- C:\Windows\System\QVbuYKy.exe
  C:\Windows\System\QVbuYKy.exe
  2⤵
  PID:4100
- C:\Windows\System\Xqaeghe.exe
  C:\Windows\System\Xqaeghe.exe
  2⤵
  PID:4140
- C:\Windows\System\HrEVwcm.exe
  C:\Windows\System\HrEVwcm.exe
  2⤵
  PID:4188
- C:\Windows\System\wWICdfn.exe
  C:\Windows\System\wWICdfn.exe
  2⤵
  PID:4124
- C:\Windows\System\xMSuouP.exe
  C:\Windows\System\xMSuouP.exe
  2⤵
  PID:4228
- C:\Windows\System\FvDyvkW.exe
  C:\Windows\System\FvDyvkW.exe
  2⤵
  PID:4208
- C:\Windows\System\TzTCocj.exe
  C:\Windows\System\TzTCocj.exe
  2⤵
  PID:4244
- C:\Windows\System\aPZlHTh.exe
  C:\Windows\System\aPZlHTh.exe
  2⤵
  PID:4296
- C:\Windows\System\LHrFiXu.exe
  C:\Windows\System\LHrFiXu.exe
  2⤵
  PID:4316
- C:\Windows\System\yQtUqpY.exe
  C:\Windows\System\yQtUqpY.exe
  2⤵
  PID:4288
- C:\Windows\System\SUjknFY.exe
  C:\Windows\System\SUjknFY.exe
  2⤵
  PID:4396
- C:\Windows\System\uSeyjsi.exe
  C:\Windows\System\uSeyjsi.exe
  2⤵
  PID:4432
- C:\Windows\System\gsXnGOE.exe
  C:\Windows\System\gsXnGOE.exe
  2⤵
  PID:4412
- C:\Windows\System\pXkqvmP.exe
  C:\Windows\System\pXkqvmP.exe
  2⤵
  PID:4492
- C:\Windows\System\YLAUXfz.exe
  C:\Windows\System\YLAUXfz.exe
  2⤵
  PID:4516
- C:\Windows\System\krXDldg.exe
  C:\Windows\System\krXDldg.exe
  2⤵
  PID:4560
- C:\Windows\System\kHgKqzp.exe
  C:\Windows\System\kHgKqzp.exe
  2⤵
  PID:4596
- C:\Windows\System\pytuORW.exe
  C:\Windows\System\pytuORW.exe
  2⤵
  PID:4632
- C:\Windows\System\Xtkphed.exe
  C:\Windows\System\Xtkphed.exe
  2⤵
  PID:4620
- C:\Windows\System\ZEBwMaS.exe
  C:\Windows\System\ZEBwMaS.exe
  2⤵
  PID:4676
- C:\Windows\System\NfynXXf.exe
  C:\Windows\System\NfynXXf.exe
  2⤵
  PID:4716
- C:\Windows\System\tkMNodR.exe
  C:\Windows\System\tkMNodR.exe
  2⤵
  PID:4732
- C:\Windows\System\bfCnisa.exe
  C:\Windows\System\bfCnisa.exe
  2⤵
  PID:4792
- C:\Windows\System\gdRWCHq.exe
  C:\Windows\System\gdRWCHq.exe
  2⤵
  PID:4832
- C:\Windows\System\dYLUFZf.exe
  C:\Windows\System\dYLUFZf.exe
  2⤵
  PID:2312
- C:\Windows\System\mYZdNgP.exe
  C:\Windows\System\mYZdNgP.exe
  2⤵
  PID:4880
- C:\Windows\System\jomdfLr.exe
  C:\Windows\System\jomdfLr.exe
  2⤵
  PID:4920
- C:\Windows\System\ckOBRGa.exe
  C:\Windows\System\ckOBRGa.exe
  2⤵
  PID:4932
- C:\Windows\System\xybEJUz.exe
  C:\Windows\System\xybEJUz.exe
  2⤵
  PID:4956
- C:\Windows\System\bTJnsXe.exe
  C:\Windows\System\bTJnsXe.exe
  2⤵
  PID:4996
- C:\Windows\System\lFxMjwb.exe
  C:\Windows\System\lFxMjwb.exe
  2⤵
  PID:5020
- C:\Windows\System\NeIdEED.exe
  C:\Windows\System\NeIdEED.exe
  2⤵
  PID:5076
- C:\Windows\System\XYKdXwS.exe
  C:\Windows\System\XYKdXwS.exe
  2⤵
  PID:5096
- C:\Windows\System\NhWPcVv.exe
  C:\Windows\System\NhWPcVv.exe
  2⤵
  PID:5100
- C:\Windows\System\HEqbMLy.exe
  C:\Windows\System\HEqbMLy.exe
  2⤵
  PID:3384
- C:\Windows\System\GXoTFHJ.exe
  C:\Windows\System\GXoTFHJ.exe
  2⤵
  PID:3700
- C:\Windows\System\bjefESr.exe
  C:\Windows\System\bjefESr.exe
  2⤵
  PID:3736
- C:\Windows\System\rhIbBNm.exe
  C:\Windows\System\rhIbBNm.exe
  2⤵
  PID:3440
- C:\Windows\System\mxXtdZC.exe
  C:\Windows\System\mxXtdZC.exe
  2⤵
  PID:4176
- C:\Windows\System\eAGIijI.exe
  C:\Windows\System\eAGIijI.exe
  2⤵
  PID:4156
- C:\Windows\System\XBIyFqA.exe
  C:\Windows\System\XBIyFqA.exe
  2⤵
  PID:4292
- C:\Windows\System\xAxuHYR.exe
  C:\Windows\System\xAxuHYR.exe
  2⤵
  PID:4268
- C:\Windows\System\lIilkwr.exe
  C:\Windows\System\lIilkwr.exe
  2⤵
  PID:2848
- C:\Windows\System\UlkhacP.exe
  C:\Windows\System\UlkhacP.exe
  2⤵
  PID:4368
- C:\Windows\System\zRYlBZA.exe
  C:\Windows\System\zRYlBZA.exe
  2⤵
  PID:4436
- C:\Windows\System\IgwXOfZ.exe
  C:\Windows\System\IgwXOfZ.exe
  2⤵
  PID:4552
- C:\Windows\System\liBhxUD.exe
  C:\Windows\System\liBhxUD.exe
  2⤵
  PID:4540
- C:\Windows\System\rxNfACu.exe
  C:\Windows\System\rxNfACu.exe
  2⤵
  PID:4652
- C:\Windows\System\RPsONLi.exe
  C:\Windows\System\RPsONLi.exe
  2⤵
  PID:4696
- C:\Windows\System\WPjYPpG.exe
  C:\Windows\System\WPjYPpG.exe
  2⤵
  PID:4700
- C:\Windows\System\LaXWcLC.exe
  C:\Windows\System\LaXWcLC.exe
  2⤵
  PID:4756
- C:\Windows\System\KCcxXtI.exe
  C:\Windows\System\KCcxXtI.exe
  2⤵
  PID:4740
- C:\Windows\System\fxTyGMg.exe
  C:\Windows\System\fxTyGMg.exe
  2⤵
  PID:4836
- C:\Windows\System\OvMpTAx.exe
  C:\Windows\System\OvMpTAx.exe
  2⤵
  PID:4952
- C:\Windows\System\YqrPLXO.exe
  C:\Windows\System\YqrPLXO.exe
  2⤵
  PID:4852
- C:\Windows\System\cFuenuS.exe
  C:\Windows\System\cFuenuS.exe
  2⤵
  PID:5016
- C:\Windows\System\cWilddP.exe
  C:\Windows\System\cWilddP.exe
  2⤵
  PID:5012
- C:\Windows\System\wnSTSdW.exe
  C:\Windows\System\wnSTSdW.exe
  2⤵
  PID:3576
- C:\Windows\System\zWbaylL.exe
  C:\Windows\System\zWbaylL.exe
  2⤵
  PID:4144
- C:\Windows\System\zsRddgh.exe
  C:\Windows\System\zsRddgh.exe
  2⤵
  PID:2064
- C:\Windows\System\fQMMNUz.exe
  C:\Windows\System\fQMMNUz.exe
  2⤵
  PID:588
- C:\Windows\System\KbaDesR.exe
  C:\Windows\System\KbaDesR.exe
  2⤵
  PID:4376
- C:\Windows\System\VRZmjXa.exe
  C:\Windows\System\VRZmjXa.exe
  2⤵
  PID:4204
- C:\Windows\System\OdXoCPj.exe
  C:\Windows\System\OdXoCPj.exe
  2⤵
  PID:4348
- C:\Windows\System\HqpAzLa.exe
  C:\Windows\System\HqpAzLa.exe
  2⤵
  PID:4580
- C:\Windows\System\UUmKOXI.exe
  C:\Windows\System\UUmKOXI.exe
  2⤵
  PID:4600
- C:\Windows\System\XAeuVQo.exe
  C:\Windows\System\XAeuVQo.exe
  2⤵
  PID:4692
- C:\Windows\System\ovlmHZi.exe
  C:\Windows\System\ovlmHZi.exe
  2⤵
  PID:1812
- C:\Windows\System\CXpddln.exe
  C:\Windows\System\CXpddln.exe
  2⤵
  PID:4712
- C:\Windows\System\lvZAMwg.exe
  C:\Windows\System\lvZAMwg.exe
  2⤵
  PID:5000
- C:\Windows\System\UcBxBGa.exe
  C:\Windows\System\UcBxBGa.exe
  2⤵
  PID:2644
- C:\Windows\System\ZnZhiyK.exe
  C:\Windows\System\ZnZhiyK.exe
  2⤵
  PID:5040
- C:\Windows\System\uYGgfpf.exe
  C:\Windows\System\uYGgfpf.exe
  2⤵
  PID:5132
- C:\Windows\System\dGTakQp.exe
  C:\Windows\System\dGTakQp.exe
  2⤵
  PID:5152
- C:\Windows\System\gfPSidv.exe
  C:\Windows\System\gfPSidv.exe
  2⤵
  PID:5172
- C:\Windows\System\fSZDspn.exe
  C:\Windows\System\fSZDspn.exe
  2⤵
  PID:5192
- C:\Windows\System\tklIeoQ.exe
  C:\Windows\System\tklIeoQ.exe
  2⤵
  PID:5212
- C:\Windows\System\BXQkaMc.exe
  C:\Windows\System\BXQkaMc.exe
  2⤵
  PID:5232
- C:\Windows\System\VSBatQL.exe
  C:\Windows\System\VSBatQL.exe
  2⤵
  PID:5252
- C:\Windows\System\mqjmiwc.exe
  C:\Windows\System\mqjmiwc.exe
  2⤵
  PID:5272
- C:\Windows\System\CEybDnN.exe
  C:\Windows\System\CEybDnN.exe
  2⤵
  PID:5292
- C:\Windows\System\CibgRwr.exe
  C:\Windows\System\CibgRwr.exe
  2⤵
  PID:5312
- C:\Windows\System\fiAlDEE.exe
  C:\Windows\System\fiAlDEE.exe
  2⤵
  PID:5332
- C:\Windows\System\qdKPFim.exe
  C:\Windows\System\qdKPFim.exe
  2⤵
  PID:5352
- C:\Windows\System\cydXXaH.exe
  C:\Windows\System\cydXXaH.exe
  2⤵
  PID:5372
- C:\Windows\System\xzLOFCc.exe
  C:\Windows\System\xzLOFCc.exe
  2⤵
  PID:5392
- C:\Windows\System\mEPnaUG.exe
  C:\Windows\System\mEPnaUG.exe
  2⤵
  PID:5412
- C:\Windows\System\VYZxBfA.exe
  C:\Windows\System\VYZxBfA.exe
  2⤵
  PID:5432
- C:\Windows\System\ESKwiGR.exe
  C:\Windows\System\ESKwiGR.exe
  2⤵
  PID:5452
- C:\Windows\System\MXAcfLS.exe
  C:\Windows\System\MXAcfLS.exe
  2⤵
  PID:5472
- C:\Windows\System\lVzahXI.exe
  C:\Windows\System\lVzahXI.exe
  2⤵
  PID:5492
- C:\Windows\System\GUFyNOY.exe
  C:\Windows\System\GUFyNOY.exe
  2⤵
  PID:5512
- C:\Windows\System\SVWvlfE.exe
  C:\Windows\System\SVWvlfE.exe
  2⤵
  PID:5532
- C:\Windows\System\hhFfWpq.exe
  C:\Windows\System\hhFfWpq.exe
  2⤵
  PID:5552
- C:\Windows\System\LPqacOy.exe
  C:\Windows\System\LPqacOy.exe
  2⤵
  PID:5572
- C:\Windows\System\khhcuxB.exe
  C:\Windows\System\khhcuxB.exe
  2⤵
  PID:5592
- C:\Windows\System\NjqVZnN.exe
  C:\Windows\System\NjqVZnN.exe
  2⤵
  PID:5612
- C:\Windows\System\pZIlSrR.exe
  C:\Windows\System\pZIlSrR.exe
  2⤵
  PID:5632
- C:\Windows\System\ImdxptF.exe
  C:\Windows\System\ImdxptF.exe
  2⤵
  PID:5652
- C:\Windows\System\bdBYNne.exe
  C:\Windows\System\bdBYNne.exe
  2⤵
  PID:5672
- C:\Windows\System\GTWXkfZ.exe
  C:\Windows\System\GTWXkfZ.exe
  2⤵
  PID:5692
- C:\Windows\System\kQdEIBI.exe
  C:\Windows\System\kQdEIBI.exe
  2⤵
  PID:5712
- C:\Windows\System\mUfSxfA.exe
  C:\Windows\System\mUfSxfA.exe
  2⤵
  PID:5728
- C:\Windows\System\hMlfCCh.exe
  C:\Windows\System\hMlfCCh.exe
  2⤵
  PID:5752
- C:\Windows\System\gqrGApy.exe
  C:\Windows\System\gqrGApy.exe
  2⤵
  PID:5768
- C:\Windows\System\ptjQvJz.exe
  C:\Windows\System\ptjQvJz.exe
  2⤵
  PID:5792
- C:\Windows\System\ICVTEvO.exe
  C:\Windows\System\ICVTEvO.exe
  2⤵
  PID:5812
- C:\Windows\System\vLhIwgn.exe
  C:\Windows\System\vLhIwgn.exe
  2⤵
  PID:5832
- C:\Windows\System\tACQzXn.exe
  C:\Windows\System\tACQzXn.exe
  2⤵
  PID:5852
- C:\Windows\System\KJhnZjU.exe
  C:\Windows\System\KJhnZjU.exe
  2⤵
  PID:5872
- C:\Windows\System\vtSsRCk.exe
  C:\Windows\System\vtSsRCk.exe
  2⤵
  PID:5892
- C:\Windows\System\ZOhABrY.exe
  C:\Windows\System\ZOhABrY.exe
  2⤵
  PID:5912
- C:\Windows\System\ryoeaWN.exe
  C:\Windows\System\ryoeaWN.exe
  2⤵
  PID:5932
- C:\Windows\System\uuTtjHS.exe
  C:\Windows\System\uuTtjHS.exe
  2⤵
  PID:5952
- C:\Windows\System\dAQbdXj.exe
  C:\Windows\System\dAQbdXj.exe
  2⤵
  PID:5968
- C:\Windows\System\JrklOSk.exe
  C:\Windows\System\JrklOSk.exe
  2⤵
  PID:5992
- C:\Windows\System\YSWQVOe.exe
  C:\Windows\System\YSWQVOe.exe
  2⤵
  PID:6012
- C:\Windows\System\SpapmtH.exe
  C:\Windows\System\SpapmtH.exe
  2⤵
  PID:6032
- C:\Windows\System\GBaZDTF.exe
  C:\Windows\System\GBaZDTF.exe
  2⤵
  PID:6048
- C:\Windows\System\GDWQgGg.exe
  C:\Windows\System\GDWQgGg.exe
  2⤵
  PID:6072
- C:\Windows\System\sIhZIbG.exe
  C:\Windows\System\sIhZIbG.exe
  2⤵
  PID:6088
- C:\Windows\System\vWhauAW.exe
  C:\Windows\System\vWhauAW.exe
  2⤵
  PID:6112
- C:\Windows\System\GWvHaRc.exe
  C:\Windows\System\GWvHaRc.exe
  2⤵
  PID:6132
- C:\Windows\System\JKtohLd.exe
  C:\Windows\System\JKtohLd.exe
  2⤵
  PID:5064
- C:\Windows\System\sNRGDUb.exe
  C:\Windows\System\sNRGDUb.exe
  2⤵
  PID:2772
- C:\Windows\System\yvLRUsX.exe
  C:\Windows\System\yvLRUsX.exe
  2⤵
  PID:2788
- C:\Windows\System\VXlEiqG.exe
  C:\Windows\System\VXlEiqG.exe
  2⤵
  PID:3620
- C:\Windows\System\rCpogDr.exe
  C:\Windows\System\rCpogDr.exe
  2⤵
  PID:4364
- C:\Windows\System\pzDyayf.exe
  C:\Windows\System\pzDyayf.exe
  2⤵
  PID:2620
- C:\Windows\System\gSRUscA.exe
  C:\Windows\System\gSRUscA.exe
  2⤵
  PID:4480
- C:\Windows\System\fYCZZZJ.exe
  C:\Windows\System\fYCZZZJ.exe
  2⤵
  PID:4636
- C:\Windows\System\KZivlxg.exe
  C:\Windows\System\KZivlxg.exe
  2⤵
  PID:4796
- C:\Windows\System\HjivJgu.exe
  C:\Windows\System\HjivJgu.exe
  2⤵
  PID:4936
- C:\Windows\System\mxRYRcS.exe
  C:\Windows\System\mxRYRcS.exe
  2⤵
  PID:5128
- C:\Windows\System\zheZauo.exe
  C:\Windows\System\zheZauo.exe
  2⤵
  PID:5160
- C:\Windows\System\wKXQElk.exe
  C:\Windows\System\wKXQElk.exe
  2⤵
  PID:5184
- C:\Windows\System\EZccIkB.exe
  C:\Windows\System\EZccIkB.exe
  2⤵
  PID:5228
- C:\Windows\System\iDFVKGf.exe
  C:\Windows\System\iDFVKGf.exe
  2⤵
  PID:5268
- C:\Windows\System\QBNwvUS.exe
  C:\Windows\System\QBNwvUS.exe
  2⤵
  PID:5308
- C:\Windows\System\tWDNiNG.exe
  C:\Windows\System\tWDNiNG.exe
  2⤵
  PID:5340
- C:\Windows\System\futHGyO.exe
  C:\Windows\System\futHGyO.exe
  2⤵
  PID:5344
- C:\Windows\System\COrhUig.exe
  C:\Windows\System\COrhUig.exe
  2⤵
  PID:852
- C:\Windows\System\UZvmEPt.exe
  C:\Windows\System\UZvmEPt.exe
  2⤵
  PID:5420
- C:\Windows\System\KYvQLAt.exe
  C:\Windows\System\KYvQLAt.exe
  2⤵
  PID:5424
- C:\Windows\System\PhkSNID.exe
  C:\Windows\System\PhkSNID.exe
  2⤵
  PID:5500
- C:\Windows\System\CakANpS.exe
  C:\Windows\System\CakANpS.exe
  2⤵
  PID:5508
- C:\Windows\System\zYVgXmX.exe
  C:\Windows\System\zYVgXmX.exe
  2⤵
  PID:5520
- C:\Windows\System\CKyIikG.exe
  C:\Windows\System\CKyIikG.exe
  2⤵
  PID:2596
- C:\Windows\System\XkBXyey.exe
  C:\Windows\System\XkBXyey.exe
  2⤵
  PID:5568
- C:\Windows\System\lsTVdgi.exe
  C:\Windows\System\lsTVdgi.exe
  2⤵
  PID:5608
- C:\Windows\System\wGAXabX.exe
  C:\Windows\System\wGAXabX.exe
  2⤵
  PID:5640
- C:\Windows\System\UiIzfsi.exe
  C:\Windows\System\UiIzfsi.exe
  2⤵
  PID:5700
- C:\Windows\System\SMyNfxh.exe
  C:\Windows\System\SMyNfxh.exe
  2⤵
  PID:5736
- C:\Windows\System\FhHwxQW.exe
  C:\Windows\System\FhHwxQW.exe
  2⤵
  PID:5724
- C:\Windows\System\cJmieYE.exe
  C:\Windows\System\cJmieYE.exe
  2⤵
  PID:5764
- C:\Windows\System\EMfcKQD.exe
  C:\Windows\System\EMfcKQD.exe
  2⤵
  PID:5824
- C:\Windows\System\zBuRgaj.exe
  C:\Windows\System\zBuRgaj.exe
  2⤵
  PID:5808
- C:\Windows\System\IJbbvrO.exe
  C:\Windows\System\IJbbvrO.exe
  2⤵
  PID:5844
- C:\Windows\System\vMGFpqT.exe
  C:\Windows\System\vMGFpqT.exe
  2⤵
  PID:5888
- C:\Windows\System\cnjlXHM.exe
  C:\Windows\System\cnjlXHM.exe
  2⤵
  PID:5940
- C:\Windows\System\zmCGsNl.exe
  C:\Windows\System\zmCGsNl.exe
  2⤵
  PID:5988
- C:\Windows\System\EySNdbQ.exe
  C:\Windows\System\EySNdbQ.exe
  2⤵
  PID:2024
- C:\Windows\System\LmWyEzP.exe
  C:\Windows\System\LmWyEzP.exe
  2⤵
  PID:6028
- C:\Windows\System\eXmtiIM.exe
  C:\Windows\System\eXmtiIM.exe
  2⤵
  PID:6064
- C:\Windows\System\xgQTIRm.exe
  C:\Windows\System\xgQTIRm.exe
  2⤵
  PID:6060
- C:\Windows\System\RyfZKBh.exe
  C:\Windows\System\RyfZKBh.exe
  2⤵
  PID:6080
- C:\Windows\System\oEatDOQ.exe
  C:\Windows\System\oEatDOQ.exe
  2⤵
  PID:3092
- C:\Windows\System\hypmJRC.exe
  C:\Windows\System\hypmJRC.exe
  2⤵
  PID:3904
- C:\Windows\System\bzxGbaV.exe
  C:\Windows\System\bzxGbaV.exe
  2⤵
  PID:2196
- C:\Windows\System\DbZwTXm.exe
  C:\Windows\System\DbZwTXm.exe
  2⤵
  PID:2692
- C:\Windows\System\UqasjLV.exe
  C:\Windows\System\UqasjLV.exe
  2⤵
  PID:2360
- C:\Windows\System\VltAqrB.exe
  C:\Windows\System\VltAqrB.exe
  2⤵
  PID:4512
- C:\Windows\System\vBwHjqG.exe
  C:\Windows\System\vBwHjqG.exe
  2⤵
  PID:2920
- C:\Windows\System\lpwiHTW.exe
  C:\Windows\System\lpwiHTW.exe
  2⤵
  PID:5164
- C:\Windows\System\nYvkPKO.exe
  C:\Windows\System\nYvkPKO.exe
  2⤵
  PID:5200
- C:\Windows\System\ThOMohf.exe
  C:\Windows\System\ThOMohf.exe
  2⤵
  PID:1716
- C:\Windows\System\XqsHhux.exe
  C:\Windows\System\XqsHhux.exe
  2⤵
  PID:5304
- C:\Windows\System\CYHUPTL.exe
  C:\Windows\System\CYHUPTL.exe
  2⤵
  PID:5368
- C:\Windows\System\cYGApbM.exe
  C:\Windows\System\cYGApbM.exe
  2⤵
  PID:5408
- C:\Windows\System\isYnVpN.exe
  C:\Windows\System\isYnVpN.exe
  2⤵
  PID:5404
- C:\Windows\System\xVbRDrr.exe
  C:\Windows\System\xVbRDrr.exe
  2⤵
  PID:5488
- C:\Windows\System\mgRUjKt.exe
  C:\Windows\System\mgRUjKt.exe
  2⤵
  PID:5524
- C:\Windows\System\oRNgncR.exe
  C:\Windows\System\oRNgncR.exe
  2⤵
  PID:5584
- C:\Windows\System\JojhyTK.exe
  C:\Windows\System\JojhyTK.exe
  2⤵
  PID:5680
- C:\Windows\System\IqkDkoD.exe
  C:\Windows\System\IqkDkoD.exe
  2⤵
  PID:5704
- C:\Windows\System\RAUzPCi.exe
  C:\Windows\System\RAUzPCi.exe
  2⤵
  PID:1108
- C:\Windows\System\phwDQyc.exe
  C:\Windows\System\phwDQyc.exe
  2⤵
  PID:5760
- C:\Windows\System\qIZFaxP.exe
  C:\Windows\System\qIZFaxP.exe
  2⤵
  PID:5900
- C:\Windows\System\FEEALXC.exe
  C:\Windows\System\FEEALXC.exe
  2⤵
  PID:3064
- C:\Windows\System\LUOtMMJ.exe
  C:\Windows\System\LUOtMMJ.exe
  2⤵
  PID:5944
- C:\Windows\System\nglMBfr.exe
  C:\Windows\System\nglMBfr.exe
  2⤵
  PID:5980
- C:\Windows\System\JwgzISX.exe
  C:\Windows\System\JwgzISX.exe
  2⤵
  PID:6024
- C:\Windows\System\uAIZReq.exe
  C:\Windows\System\uAIZReq.exe
  2⤵
  PID:6040
- C:\Windows\System\SxhWALW.exe
  C:\Windows\System\SxhWALW.exe
  2⤵
  PID:6124
- C:\Windows\System\IhgXEZt.exe
  C:\Windows\System\IhgXEZt.exe
  2⤵
  PID:2704
- C:\Windows\System\PLbqxcz.exe
  C:\Windows\System\PLbqxcz.exe
  2⤵
  PID:4760
- C:\Windows\System\YtIggYd.exe
  C:\Windows\System\YtIggYd.exe
  2⤵
  PID:4856
- C:\Windows\System\DufQPJD.exe
  C:\Windows\System\DufQPJD.exe
  2⤵
  PID:4940
- C:\Windows\System\RbWGwtG.exe
  C:\Windows\System\RbWGwtG.exe
  2⤵
  PID:5168
- C:\Windows\System\UbTmVJB.exe
  C:\Windows\System\UbTmVJB.exe
  2⤵
  PID:5288
- C:\Windows\System\BaSRGyt.exe
  C:\Windows\System\BaSRGyt.exe
  2⤵
  PID:5324
- C:\Windows\System\FNOxuRM.exe
  C:\Windows\System\FNOxuRM.exe
  2⤵
  PID:5600
- C:\Windows\System\MEBQXUt.exe
  C:\Windows\System\MEBQXUt.exe
  2⤵
  PID:2968
- C:\Windows\System\rDpfIDP.exe
  C:\Windows\System\rDpfIDP.exe
  2⤵
  PID:5748
- C:\Windows\System\emLujxt.exe
  C:\Windows\System\emLujxt.exe
  2⤵
  PID:5688
- C:\Windows\System\TrPGVkU.exe
  C:\Windows\System\TrPGVkU.exe
  2⤵
  PID:5644
- C:\Windows\System\ZjsOkzk.exe
  C:\Windows\System\ZjsOkzk.exe
  2⤵
  PID:5884
- C:\Windows\System\CMetSvR.exe
  C:\Windows\System\CMetSvR.exe
  2⤵
  PID:5920
- C:\Windows\System\GHdhAjS.exe
  C:\Windows\System\GHdhAjS.exe
  2⤵
  PID:5976
- C:\Windows\System\RnCVtFa.exe
  C:\Windows\System\RnCVtFa.exe
  2⤵
  PID:6096
- C:\Windows\System\cJcjqhV.exe
  C:\Windows\System\cJcjqhV.exe
  2⤵
  PID:3520
- C:\Windows\System\NepJTot.exe
  C:\Windows\System\NepJTot.exe
  2⤵
  PID:4240
- C:\Windows\System\zIainJA.exe
  C:\Windows\System\zIainJA.exe
  2⤵
  PID:4772
- C:\Windows\System\pLVIzRM.exe
  C:\Windows\System\pLVIzRM.exe
  2⤵
  PID:5240
- C:\Windows\System\VrhhvUb.exe
  C:\Windows\System\VrhhvUb.exe
  2⤵
  PID:5504
- C:\Windows\System\bNMnPoA.exe
  C:\Windows\System\bNMnPoA.exe
  2⤵
  PID:2584
- C:\Windows\System\GzFYxii.exe
  C:\Windows\System\GzFYxii.exe
  2⤵
  PID:5624
- C:\Windows\System\kcZlYjY.exe
  C:\Windows\System\kcZlYjY.exe
  2⤵
  PID:5588
- C:\Windows\System\zLKJCMb.exe
  C:\Windows\System\zLKJCMb.exe
  2⤵
  PID:5880
- C:\Windows\System\QQtjfxY.exe
  C:\Windows\System\QQtjfxY.exe
  2⤵
  PID:6056
- C:\Windows\System\ADEfeqn.exe
  C:\Windows\System\ADEfeqn.exe
  2⤵
  PID:5960
- C:\Windows\System\sbntuRW.exe
  C:\Windows\System\sbntuRW.exe
  2⤵
  PID:6108
- C:\Windows\System\vGmBvgG.exe
  C:\Windows\System\vGmBvgG.exe
  2⤵
  PID:2688
- C:\Windows\System\YOHOzcy.exe
  C:\Windows\System\YOHOzcy.exe
  2⤵
  PID:5548
- C:\Windows\System\XORgMdr.exe
  C:\Windows\System\XORgMdr.exe
  2⤵
  PID:5124
- C:\Windows\System\divygFs.exe
  C:\Windows\System\divygFs.exe
  2⤵
  PID:2440
- C:\Windows\System\iwVWpSO.exe
  C:\Windows\System\iwVWpSO.exe
  2⤵
  PID:6160
- C:\Windows\System\wlaIkwU.exe
  C:\Windows\System\wlaIkwU.exe
  2⤵
  PID:6180
- C:\Windows\System\ZDKlmqe.exe
  C:\Windows\System\ZDKlmqe.exe
  2⤵
  PID:6200
- C:\Windows\System\GZAEOeO.exe
  C:\Windows\System\GZAEOeO.exe
  2⤵
  PID:6220
- C:\Windows\System\qLsVdXC.exe
  C:\Windows\System\qLsVdXC.exe
  2⤵
  PID:6240
- C:\Windows\System\ZGsjTwP.exe
  C:\Windows\System\ZGsjTwP.exe
  2⤵
  PID:6260
- C:\Windows\System\NtPsAhh.exe
  C:\Windows\System\NtPsAhh.exe
  2⤵
  PID:6280
- C:\Windows\System\YdGMlLL.exe
  C:\Windows\System\YdGMlLL.exe
  2⤵
  PID:6300
- C:\Windows\System\AVJEkfb.exe
  C:\Windows\System\AVJEkfb.exe
  2⤵
  PID:6320
- C:\Windows\System\mTtiQgs.exe
  C:\Windows\System\mTtiQgs.exe
  2⤵
  PID:6340
- C:\Windows\System\SYFKyQA.exe
  C:\Windows\System\SYFKyQA.exe
  2⤵
  PID:6360
- C:\Windows\System\EnxkHjf.exe
  C:\Windows\System\EnxkHjf.exe
  2⤵
  PID:6380
- C:\Windows\System\CXkdsIe.exe
  C:\Windows\System\CXkdsIe.exe
  2⤵
  PID:6400
- C:\Windows\System\pmOObuQ.exe
  C:\Windows\System\pmOObuQ.exe
  2⤵
  PID:6420
- C:\Windows\System\yBHdocI.exe
  C:\Windows\System\yBHdocI.exe
  2⤵
  PID:6440
- C:\Windows\System\gamHHiq.exe
  C:\Windows\System\gamHHiq.exe
  2⤵
  PID:6460
- C:\Windows\System\DFSorHc.exe
  C:\Windows\System\DFSorHc.exe
  2⤵
  PID:6480
- C:\Windows\System\WZjRMCR.exe
  C:\Windows\System\WZjRMCR.exe
  2⤵
  PID:6500
- C:\Windows\System\DKKpAlr.exe
  C:\Windows\System\DKKpAlr.exe
  2⤵
  PID:6520
- C:\Windows\System\TyVyOoP.exe
  C:\Windows\System\TyVyOoP.exe
  2⤵
  PID:6540
- C:\Windows\System\AdksdED.exe
  C:\Windows\System\AdksdED.exe
  2⤵
  PID:6560
- C:\Windows\System\gyayInA.exe
  C:\Windows\System\gyayInA.exe
  2⤵
  PID:6580
- C:\Windows\System\BVruoSB.exe
  C:\Windows\System\BVruoSB.exe
  2⤵
  PID:6600
- C:\Windows\System\WHCYhyt.exe
  C:\Windows\System\WHCYhyt.exe
  2⤵
  PID:6620
- C:\Windows\System\waHlBHr.exe
  C:\Windows\System\waHlBHr.exe
  2⤵
  PID:6640
- C:\Windows\System\GiNWIwv.exe
  C:\Windows\System\GiNWIwv.exe
  2⤵
  PID:6660
- C:\Windows\System\PGZthGB.exe
  C:\Windows\System\PGZthGB.exe
  2⤵
  PID:6680
- C:\Windows\System\Nvupiti.exe
  C:\Windows\System\Nvupiti.exe
  2⤵
  PID:6700
- C:\Windows\System\TqVQtOL.exe
  C:\Windows\System\TqVQtOL.exe
  2⤵
  PID:6720
- C:\Windows\System\stoSHWf.exe
  C:\Windows\System\stoSHWf.exe
  2⤵
  PID:6740
- C:\Windows\System\ZeBOBND.exe
  C:\Windows\System\ZeBOBND.exe
  2⤵
  PID:6760
- C:\Windows\System\WbIKzUG.exe
  C:\Windows\System\WbIKzUG.exe
  2⤵
  PID:6780
- C:\Windows\System\RMztpVB.exe
  C:\Windows\System\RMztpVB.exe
  2⤵
  PID:6800
- C:\Windows\System\KZXFNgP.exe
  C:\Windows\System\KZXFNgP.exe
  2⤵
  PID:6820
- C:\Windows\System\vSsIxgn.exe
  C:\Windows\System\vSsIxgn.exe
  2⤵
  PID:6840
- C:\Windows\System\VoeTdpv.exe
  C:\Windows\System\VoeTdpv.exe
  2⤵
  PID:6860
- C:\Windows\System\GdDdyJn.exe
  C:\Windows\System\GdDdyJn.exe
  2⤵
  PID:6880
- C:\Windows\System\IOonEEp.exe
  C:\Windows\System\IOonEEp.exe
  2⤵
  PID:6900
- C:\Windows\System\EHcbkSu.exe
  C:\Windows\System\EHcbkSu.exe
  2⤵
  PID:6920
- C:\Windows\System\gfkmhzu.exe
  C:\Windows\System\gfkmhzu.exe
  2⤵
  PID:6940
- C:\Windows\System\tJWQacQ.exe
  C:\Windows\System\tJWQacQ.exe
  2⤵
  PID:6964
- C:\Windows\System\DjHHjPd.exe
  C:\Windows\System\DjHHjPd.exe
  2⤵
  PID:6984
- C:\Windows\System\JESjkXT.exe
  C:\Windows\System\JESjkXT.exe
  2⤵
  PID:7004
- C:\Windows\System\hegCozj.exe
  C:\Windows\System\hegCozj.exe
  2⤵
  PID:7024
- C:\Windows\System\JCwAcew.exe
  C:\Windows\System\JCwAcew.exe
  2⤵
  PID:7044
- C:\Windows\System\XmWqLPR.exe
  C:\Windows\System\XmWqLPR.exe
  2⤵
  PID:7064
- C:\Windows\System\kYGagdv.exe
  C:\Windows\System\kYGagdv.exe
  2⤵
  PID:7084
- C:\Windows\System\WDPeCOU.exe
  C:\Windows\System\WDPeCOU.exe
  2⤵
  PID:7104
- C:\Windows\System\JMdkkXP.exe
  C:\Windows\System\JMdkkXP.exe
  2⤵
  PID:7124
- C:\Windows\System\CENIdmF.exe
  C:\Windows\System\CENIdmF.exe
  2⤵
  PID:7144
- C:\Windows\System\TyRfLtP.exe
  C:\Windows\System\TyRfLtP.exe
  2⤵
  PID:7164
- C:\Windows\System\OUJCkLK.exe
  C:\Windows\System\OUJCkLK.exe
  2⤵
  PID:5848
- C:\Windows\System\MpxPpbf.exe
  C:\Windows\System\MpxPpbf.exe
  2⤵
  PID:2164
- C:\Windows\System\qjBjFMG.exe
  C:\Windows\System\qjBjFMG.exe
  2⤵
  PID:1164
- C:\Windows\System\lljLseN.exe
  C:\Windows\System\lljLseN.exe
  2⤵
  PID:4892
- C:\Windows\System\qvnzQsf.exe
  C:\Windows\System\qvnzQsf.exe
  2⤵
  PID:3296
- C:\Windows\System\bXrjEJH.exe
  C:\Windows\System\bXrjEJH.exe
  2⤵
  PID:6152
- C:\Windows\System\XVyzBMj.exe
  C:\Windows\System\XVyzBMj.exe
  2⤵
  PID:6216
- C:\Windows\System\bAAjelK.exe
  C:\Windows\System\bAAjelK.exe
  2⤵
  PID:6248
- C:\Windows\System\kIorcLe.exe
  C:\Windows\System\kIorcLe.exe
  2⤵
  PID:6268
- C:\Windows\System\EYOuVJu.exe
  C:\Windows\System\EYOuVJu.exe
  2⤵
  PID:6292
- C:\Windows\System\RcMitWg.exe
  C:\Windows\System\RcMitWg.exe
  2⤵
  PID:6332
- C:\Windows\System\ZJMvZfu.exe
  C:\Windows\System\ZJMvZfu.exe
  2⤵
  PID:6376
- C:\Windows\System\tLcYdpD.exe
  C:\Windows\System\tLcYdpD.exe
  2⤵
  PID:6408
- C:\Windows\System\SNthGgo.exe
  C:\Windows\System\SNthGgo.exe
  2⤵
  PID:6428
- C:\Windows\System\dLnwWdJ.exe
  C:\Windows\System\dLnwWdJ.exe
  2⤵
  PID:6468
- C:\Windows\System\OlXDycv.exe
  C:\Windows\System\OlXDycv.exe
  2⤵
  PID:6492
- C:\Windows\System\pmSnsLf.exe
  C:\Windows\System\pmSnsLf.exe
  2⤵
  PID:6512
- C:\Windows\System\qLyKcCd.exe
  C:\Windows\System\qLyKcCd.exe
  2⤵
  PID:6572
- C:\Windows\System\eksAbkL.exe
  C:\Windows\System\eksAbkL.exe
  2⤵
  PID:2892
- C:\Windows\System\CKFjMig.exe
  C:\Windows\System\CKFjMig.exe
  2⤵
  PID:6648
- C:\Windows\System\crfdDKO.exe
  C:\Windows\System\crfdDKO.exe
  2⤵
  PID:6656
- C:\Windows\System\lhdrcOS.exe
  C:\Windows\System\lhdrcOS.exe
  2⤵
  PID:6672
- C:\Windows\System\FikYnQx.exe
  C:\Windows\System\FikYnQx.exe
  2⤵
  PID:6712
- C:\Windows\System\lprvAfS.exe
  C:\Windows\System\lprvAfS.exe
  2⤵
  PID:6776
- C:\Windows\System\RLkCmIY.exe
  C:\Windows\System\RLkCmIY.exe
  2⤵
  PID:6796
- C:\Windows\System\naQDjMj.exe
  C:\Windows\System\naQDjMj.exe
  2⤵
  PID:6828
- C:\Windows\System\MlbgoAO.exe
  C:\Windows\System\MlbgoAO.exe
  2⤵
  PID:2432
- C:\Windows\System\zxqsbZP.exe
  C:\Windows\System\zxqsbZP.exe
  2⤵
  PID:6872
- C:\Windows\System\opsTxeX.exe
  C:\Windows\System\opsTxeX.exe
  2⤵
  PID:6936
- C:\Windows\System\TNkvEoM.exe
  C:\Windows\System\TNkvEoM.exe
  2⤵
  PID:6976
- C:\Windows\System\oyqMVNR.exe
  C:\Windows\System\oyqMVNR.exe
  2⤵
  PID:6960
- C:\Windows\System\ytSsben.exe
  C:\Windows\System\ytSsben.exe
  2⤵
  PID:7016
- C:\Windows\System\EWYfkmV.exe
  C:\Windows\System\EWYfkmV.exe
  2⤵
  PID:7040
- C:\Windows\System\qUuOfmr.exe
  C:\Windows\System\qUuOfmr.exe
  2⤵
  PID:7096
- C:\Windows\System\sTSZIbZ.exe
  C:\Windows\System\sTSZIbZ.exe
  2⤵
  PID:7120
- C:\Windows\System\WLqrZTk.exe
  C:\Windows\System\WLqrZTk.exe
  2⤵
  PID:7116
- C:\Windows\System\FuMvPER.exe
  C:\Windows\System\FuMvPER.exe
  2⤵
  PID:5776
- C:\Windows\System\wlvPtXm.exe
  C:\Windows\System\wlvPtXm.exe
  2⤵
  PID:5740
- C:\Windows\System\ggsZqaE.exe
  C:\Windows\System\ggsZqaE.exe
  2⤵
  PID:5328
- C:\Windows\System\yWkdvuI.exe
  C:\Windows\System\yWkdvuI.exe
  2⤵
  PID:6208
- C:\Windows\System\HxAIsFE.exe
  C:\Windows\System\HxAIsFE.exe
  2⤵
  PID:6192
- C:\Windows\System\uogeioE.exe
  C:\Windows\System\uogeioE.exe
  2⤵
  PID:6228
- C:\Windows\System\HrvMRxn.exe
  C:\Windows\System\HrvMRxn.exe
  2⤵
  PID:6336
- C:\Windows\System\DrKneut.exe
  C:\Windows\System\DrKneut.exe
  2⤵
  PID:6348
- C:\Windows\System\GOCCQzb.exe
  C:\Windows\System\GOCCQzb.exe
  2⤵
  PID:6432
- C:\Windows\System\HWMZIWZ.exe
  C:\Windows\System\HWMZIWZ.exe
  2⤵
  PID:6472
- C:\Windows\System\ZjnmBfu.exe
  C:\Windows\System\ZjnmBfu.exe
  2⤵
  PID:6576
- C:\Windows\System\KpZXBrJ.exe
  C:\Windows\System\KpZXBrJ.exe
  2⤵
  PID:6616
- C:\Windows\System\wdPacaw.exe
  C:\Windows\System\wdPacaw.exe
  2⤵
  PID:6692
- C:\Windows\System\NqnMNcV.exe
  C:\Windows\System\NqnMNcV.exe
  2⤵
  PID:6688
- C:\Windows\System\loHDBjl.exe
  C:\Windows\System\loHDBjl.exe
  2⤵
  PID:6772
- C:\Windows\System\LZRTkki.exe
  C:\Windows\System\LZRTkki.exe
  2⤵
  PID:6792
- C:\Windows\System\UpMUByl.exe
  C:\Windows\System\UpMUByl.exe
  2⤵
  PID:1976
- C:\Windows\System\SxNrvDK.exe
  C:\Windows\System\SxNrvDK.exe
  2⤵
  PID:1720
- C:\Windows\System\eXQYeKU.exe
  C:\Windows\System\eXQYeKU.exe
  2⤵
  PID:6932
- C:\Windows\System\UIDsHSh.exe
  C:\Windows\System\UIDsHSh.exe
  2⤵
  PID:6972
- C:\Windows\System\LDvoaZu.exe
  C:\Windows\System\LDvoaZu.exe
  2⤵
  PID:7032
- C:\Windows\System\AJBrJTr.exe
  C:\Windows\System\AJBrJTr.exe
  2⤵
  PID:7092
- C:\Windows\System\QPEJEiU.exe
  C:\Windows\System\QPEJEiU.exe
  2⤵
  PID:5828
- C:\Windows\System\NuqkDsd.exe
  C:\Windows\System\NuqkDsd.exe
  2⤵
  PID:2728
- C:\Windows\System\WQXVoyT.exe
  C:\Windows\System\WQXVoyT.exe
  2⤵
  PID:6140
- C:\Windows\System\YZbksOh.exe
  C:\Windows\System\YZbksOh.exe
  2⤵
  PID:6168
- C:\Windows\System\GhTYgOe.exe
  C:\Windows\System\GhTYgOe.exe
  2⤵
  PID:2884
- C:\Windows\System\gGSAyxF.exe
  C:\Windows\System\gGSAyxF.exe
  2⤵
  PID:6256
- C:\Windows\System\YfuHUFn.exe
  C:\Windows\System\YfuHUFn.exe
  2⤵
  PID:6296
- C:\Windows\System\SjBvrEa.exe
  C:\Windows\System\SjBvrEa.exe
  2⤵
  PID:6388
- C:\Windows\System\LDEyjdz.exe
  C:\Windows\System\LDEyjdz.exe
  2⤵
  PID:2212
- C:\Windows\System\vLKMrAO.exe
  C:\Windows\System\vLKMrAO.exe
  2⤵
  PID:972
- C:\Windows\System\jGFThTg.exe
  C:\Windows\System\jGFThTg.exe
  2⤵
  PID:6392
- C:\Windows\System\YRjJpOe.exe
  C:\Windows\System\YRjJpOe.exe
  2⤵
  PID:484
- C:\Windows\System\ANnETMX.exe
  C:\Windows\System\ANnETMX.exe
  2⤵
  PID:6596
- C:\Windows\System\ZPhvAVF.exe
  C:\Windows\System\ZPhvAVF.exe
  2⤵
  PID:6536
- C:\Windows\System\IDWrRKd.exe
  C:\Windows\System\IDWrRKd.exe
  2⤵
  PID:6568
- C:\Windows\System\ZXRMcTk.exe
  C:\Windows\System\ZXRMcTk.exe
  2⤵
  PID:6612
- C:\Windows\System\OYweGMN.exe
  C:\Windows\System\OYweGMN.exe
  2⤵
  PID:6852
- C:\Windows\System\jtmTWzr.exe
  C:\Windows\System\jtmTWzr.exe
  2⤵
  PID:6948
- C:\Windows\System\AcIgxjm.exe
  C:\Windows\System\AcIgxjm.exe
  2⤵
  PID:6676
- C:\Windows\System\GLOPhXd.exe
  C:\Windows\System\GLOPhXd.exe
  2⤵
  PID:6928
- C:\Windows\System\ddyGtBo.exe
  C:\Windows\System\ddyGtBo.exe
  2⤵
  PID:7060
- C:\Windows\System\PpBMCmT.exe
  C:\Windows\System\PpBMCmT.exe
  2⤵
  PID:2856
- C:\Windows\System\MGJghrL.exe
  C:\Windows\System\MGJghrL.exe
  2⤵
  PID:6148
- C:\Windows\System\orwoPkm.exe
  C:\Windows\System\orwoPkm.exe
  2⤵
  PID:1556
- C:\Windows\System\fhRUWTj.exe
  C:\Windows\System\fhRUWTj.exe
  2⤵
  PID:7136
- C:\Windows\System\qbGTqBY.exe
  C:\Windows\System\qbGTqBY.exe
  2⤵
  PID:2560
- C:\Windows\System\ilkwlDb.exe
  C:\Windows\System\ilkwlDb.exe
  2⤵
  PID:848
- C:\Windows\System\LQiuLeT.exe
  C:\Windows\System\LQiuLeT.exe
  2⤵
  PID:1724
- C:\Windows\System\HkPgTtj.exe
  C:\Windows\System\HkPgTtj.exe
  2⤵
  PID:288
- C:\Windows\System\GAfLgBE.exe
  C:\Windows\System\GAfLgBE.exe
  2⤵
  PID:468
- C:\Windows\System\JlsWbUt.exe
  C:\Windows\System\JlsWbUt.exe
  2⤵
  PID:6632
- C:\Windows\System\QZcXuWf.exe
  C:\Windows\System\QZcXuWf.exe
  2⤵
  PID:6748
- C:\Windows\System\YzlxbiP.exe
  C:\Windows\System\YzlxbiP.exe
  2⤵
  PID:7076
- C:\Windows\System\HkgFoUZ.exe
  C:\Windows\System\HkgFoUZ.exe
  2⤵
  PID:7000
- C:\Windows\System\AcjBbFJ.exe
  C:\Windows\System\AcjBbFJ.exe
  2⤵
  PID:7132
- C:\Windows\System\PsDtEZX.exe
  C:\Windows\System\PsDtEZX.exe
  2⤵
  PID:1028
- C:\Windows\System\WTRpCyw.exe
  C:\Windows\System\WTRpCyw.exe
  2⤵
  PID:2808
- C:\Windows\System\ayvvNcv.exe
  C:\Windows\System\ayvvNcv.exe
  2⤵
  PID:6732
- C:\Windows\System\SRcAtAS.exe
  C:\Windows\System\SRcAtAS.exe
  2⤵
  PID:1696
- C:\Windows\System\DcvItOg.exe
  C:\Windows\System\DcvItOg.exe
  2⤵
  PID:1708
- C:\Windows\System\leAYmcq.exe
  C:\Windows\System\leAYmcq.exe
  2⤵
  PID:2092
- C:\Windows\System\JRQoexK.exe
  C:\Windows\System\JRQoexK.exe
  2⤵
  PID:6996
- C:\Windows\System\XZyfJRX.exe
  C:\Windows\System\XZyfJRX.exe
  2⤵
  PID:6252
- C:\Windows\System\petELgp.exe
  C:\Windows\System\petELgp.exe
  2⤵
  PID:2880
- C:\Windows\System\QrzVNaT.exe
  C:\Windows\System\QrzVNaT.exe
  2⤵
  PID:6488
- C:\Windows\System\VEccnCP.exe
  C:\Windows\System\VEccnCP.exe
  2⤵
  PID:2820
- C:\Windows\System\SBTrAWc.exe
  C:\Windows\System\SBTrAWc.exe
  2⤵
  PID:2156
- C:\Windows\System\sHLJDbm.exe
  C:\Windows\System\sHLJDbm.exe
  2⤵
  PID:896
- C:\Windows\System\TIfcZtO.exe
  C:\Windows\System\TIfcZtO.exe
  2⤵
  PID:6992
- C:\Windows\System\MVeOUml.exe
  C:\Windows\System\MVeOUml.exe
  2⤵
  PID:6716
- C:\Windows\System\gYVYxsu.exe
  C:\Windows\System\gYVYxsu.exe
  2⤵
  PID:1872
- C:\Windows\System\mVrNnfI.exe
  C:\Windows\System\mVrNnfI.exe
  2⤵
  PID:6548
- C:\Windows\System\JmDUScC.exe
  C:\Windows\System\JmDUScC.exe
  2⤵
  PID:1040
- C:\Windows\System\ByIVIPr.exe
  C:\Windows\System\ByIVIPr.exe
  2⤵
  PID:6980
- C:\Windows\System\HvdrTLE.exe
  C:\Windows\System\HvdrTLE.exe
  2⤵
  PID:7172
- C:\Windows\System\DcmVpYs.exe
  C:\Windows\System\DcmVpYs.exe
  2⤵
  PID:7188
- C:\Windows\System\zTnKaPB.exe
  C:\Windows\System\zTnKaPB.exe
  2⤵
  PID:7208
- C:\Windows\System\zmWHjle.exe
  C:\Windows\System\zmWHjle.exe
  2⤵
  PID:7224
- C:\Windows\System\AjNPiwq.exe
  C:\Windows\System\AjNPiwq.exe
  2⤵
  PID:7240
- C:\Windows\System\EOxRjLf.exe
  C:\Windows\System\EOxRjLf.exe
  2⤵
  PID:7260
- C:\Windows\System\XkleGau.exe
  C:\Windows\System\XkleGau.exe
  2⤵
  PID:7296
- C:\Windows\System\pWKwgRS.exe
  C:\Windows\System\pWKwgRS.exe
  2⤵
  PID:7312
- C:\Windows\System\eSgKbwB.exe
  C:\Windows\System\eSgKbwB.exe
  2⤵
  PID:7332
- C:\Windows\System\SlEfuST.exe
  C:\Windows\System\SlEfuST.exe
  2⤵
  PID:7348
- C:\Windows\System\WRDwjar.exe
  C:\Windows\System\WRDwjar.exe
  2⤵
  PID:7368
- C:\Windows\System\YgDDseG.exe
  C:\Windows\System\YgDDseG.exe
  2⤵
  PID:7388
- C:\Windows\System\tFXdOUF.exe
  C:\Windows\System\tFXdOUF.exe
  2⤵
  PID:7404
- C:\Windows\System\KwbMvgK.exe
  C:\Windows\System\KwbMvgK.exe
  2⤵
  PID:7420
- C:\Windows\System\AWSlzFe.exe
  C:\Windows\System\AWSlzFe.exe
  2⤵
  PID:7436
- C:\Windows\System\itdITdu.exe
  C:\Windows\System\itdITdu.exe
  2⤵
  PID:7452
- C:\Windows\System\XoFfKuk.exe
  C:\Windows\System\XoFfKuk.exe
  2⤵
  PID:7480
- C:\Windows\System\uJNIdXy.exe
  C:\Windows\System\uJNIdXy.exe
  2⤵
  PID:7500
- C:\Windows\System\XJRdvVP.exe
  C:\Windows\System\XJRdvVP.exe
  2⤵
  PID:7516
- C:\Windows\System\rOcyvPM.exe
  C:\Windows\System\rOcyvPM.exe
  2⤵
  PID:7536
- C:\Windows\System\uVKzWcK.exe
  C:\Windows\System\uVKzWcK.exe
  2⤵
  PID:7552
- C:\Windows\System\BZwyAXE.exe
  C:\Windows\System\BZwyAXE.exe
  2⤵
  PID:7592
- C:\Windows\System\EiEzHDk.exe
  C:\Windows\System\EiEzHDk.exe
  2⤵
  PID:7612
- C:\Windows\System\BssmucD.exe
  C:\Windows\System\BssmucD.exe
  2⤵
  PID:7628
- C:\Windows\System\xvWrwoj.exe
  C:\Windows\System\xvWrwoj.exe
  2⤵
  PID:7644
- C:\Windows\System\YVQrncz.exe
  C:\Windows\System\YVQrncz.exe
  2⤵
  PID:7660
- C:\Windows\System\NKsIuuS.exe
  C:\Windows\System\NKsIuuS.exe
  2⤵
  PID:7676
- C:\Windows\System\LlEEQOi.exe
  C:\Windows\System\LlEEQOi.exe
  2⤵
  PID:7700
- C:\Windows\System\NQIgbfc.exe
  C:\Windows\System\NQIgbfc.exe
  2⤵
  PID:7716
- C:\Windows\System\fwGwGKD.exe
  C:\Windows\System\fwGwGKD.exe
  2⤵
  PID:7744
- C:\Windows\System\rYCAlbF.exe
  C:\Windows\System\rYCAlbF.exe
  2⤵
  PID:7760
- C:\Windows\System\hDxbzIi.exe
  C:\Windows\System\hDxbzIi.exe
  2⤵
  PID:7776
- C:\Windows\System\XUaBVMD.exe
  C:\Windows\System\XUaBVMD.exe
  2⤵
  PID:7816
- C:\Windows\System\hXSLjIc.exe
  C:\Windows\System\hXSLjIc.exe
  2⤵
  PID:7832
- C:\Windows\System\lfMTgrX.exe
  C:\Windows\System\lfMTgrX.exe
  2⤵
  PID:7848
- C:\Windows\System\PxOwkyx.exe
  C:\Windows\System\PxOwkyx.exe
  2⤵
  PID:7868
- C:\Windows\System\LjgsdyR.exe
  C:\Windows\System\LjgsdyR.exe
  2⤵
  PID:7888
- C:\Windows\System\ZFWrAep.exe
  C:\Windows\System\ZFWrAep.exe
  2⤵
  PID:7904
- C:\Windows\System\sziQfIT.exe
  C:\Windows\System\sziQfIT.exe
  2⤵
  PID:7924
- C:\Windows\System\mKkTrsx.exe
  C:\Windows\System\mKkTrsx.exe
  2⤵
  PID:7940
- C:\Windows\System\buNinlK.exe
  C:\Windows\System\buNinlK.exe
  2⤵
  PID:7960
- C:\Windows\System\mwozeuI.exe
  C:\Windows\System\mwozeuI.exe
  2⤵
  PID:7984
- C:\Windows\System\syVVOwQ.exe
  C:\Windows\System\syVVOwQ.exe
  2⤵
  PID:8016
- C:\Windows\System\tMWKhMA.exe
  C:\Windows\System\tMWKhMA.exe
  2⤵
  PID:8032
- C:\Windows\System\OPdLNeB.exe
  C:\Windows\System\OPdLNeB.exe
  2⤵
  PID:8048
- C:\Windows\System\tcwmiVC.exe
  C:\Windows\System\tcwmiVC.exe
  2⤵
  PID:8068
- C:\Windows\System\FpXmkmg.exe
  C:\Windows\System\FpXmkmg.exe
  2⤵
  PID:8084
- C:\Windows\System\quqJJiX.exe
  C:\Windows\System\quqJJiX.exe
  2⤵
  PID:8104
- C:\Windows\System\lBRQZhj.exe
  C:\Windows\System\lBRQZhj.exe
  2⤵
  PID:8120
- C:\Windows\System\LMhXIJX.exe
  C:\Windows\System\LMhXIJX.exe
  2⤵
  PID:8140
- C:\Windows\System\azrpsBK.exe
  C:\Windows\System\azrpsBK.exe
  2⤵
  PID:8156
- C:\Windows\System\CcpKlqt.exe
  C:\Windows\System\CcpKlqt.exe
  2⤵
  PID:8172
- C:\Windows\System\DoHMNLa.exe
  C:\Windows\System\DoHMNLa.exe
  2⤵
  PID:1632
- C:\Windows\System\rhtFExn.exe
  C:\Windows\System\rhtFExn.exe
  2⤵
  PID:956
- C:\Windows\System\MuyuQML.exe
  C:\Windows\System\MuyuQML.exe
  2⤵
  PID:7232
- C:\Windows\System\BnmnlxF.exe
  C:\Windows\System\BnmnlxF.exe
  2⤵
  PID:7280
- C:\Windows\System\aSggqyF.exe
  C:\Windows\System\aSggqyF.exe
  2⤵
  PID:7288
- C:\Windows\System\YhisZBj.exe
  C:\Windows\System\YhisZBj.exe
  2⤵
  PID:7252
- C:\Windows\System\XLcEQtc.exe
  C:\Windows\System\XLcEQtc.exe
  2⤵
  PID:7308
- C:\Windows\System\PvWKGHy.exe
  C:\Windows\System\PvWKGHy.exe
  2⤵
  PID:7356
- C:\Windows\System\AfSfvsS.exe
  C:\Windows\System\AfSfvsS.exe
  2⤵
  PID:7464
- C:\Windows\System\BLPgbnc.exe
  C:\Windows\System\BLPgbnc.exe
  2⤵
  PID:7340
- C:\Windows\System\hkmbUbr.exe
  C:\Windows\System\hkmbUbr.exe
  2⤵
  PID:7508
- C:\Windows\System\lYpfBbw.exe
  C:\Windows\System\lYpfBbw.exe
  2⤵
  PID:7496
- C:\Windows\System\DkNHkoL.exe
  C:\Windows\System\DkNHkoL.exe
  2⤵
  PID:7560
- C:\Windows\System\LTyLFjZ.exe
  C:\Windows\System\LTyLFjZ.exe
  2⤵
  PID:7580
- C:\Windows\System\REJlJrZ.exe
  C:\Windows\System\REJlJrZ.exe
  2⤵
  PID:7604
- C:\Windows\System\aonlQjx.exe
  C:\Windows\System\aonlQjx.exe
  2⤵
  PID:7620
- C:\Windows\System\ithbocB.exe
  C:\Windows\System\ithbocB.exe
  2⤵
  PID:7708
- C:\Windows\System\ySkWWvU.exe
  C:\Windows\System\ySkWWvU.exe
  2⤵
  PID:7684
- C:\Windows\System\XdBiXhN.exe
  C:\Windows\System\XdBiXhN.exe
  2⤵
  PID:7732
- C:\Windows\System\CDSrIzT.exe
  C:\Windows\System\CDSrIzT.exe
  2⤵
  PID:7740
- C:\Windows\System\iEjPKvI.exe
  C:\Windows\System\iEjPKvI.exe
  2⤵
  PID:7800
- C:\Windows\System\aMgwAUt.exe
  C:\Windows\System\aMgwAUt.exe
  2⤵
  PID:7828
- C:\Windows\System\hmYhsSa.exe
  C:\Windows\System\hmYhsSa.exe
  2⤵
  PID:7876
- C:\Windows\System\eyyzZuD.exe
  C:\Windows\System\eyyzZuD.exe
  2⤵
  PID:7916
- C:\Windows\System\qCHzVEv.exe
  C:\Windows\System\qCHzVEv.exe
  2⤵
  PID:7956
- C:\Windows\System\mOdGwHH.exe
  C:\Windows\System\mOdGwHH.exe
  2⤵
  PID:7936
- C:\Windows\System\ZQIzPtH.exe
  C:\Windows\System\ZQIzPtH.exe
  2⤵
  PID:7972
- C:\Windows\System\IFhknpU.exe
  C:\Windows\System\IFhknpU.exe
  2⤵
  PID:8000
- C:\Windows\System\CLBmTEp.exe
  C:\Windows\System\CLBmTEp.exe
  2⤵
  PID:8148
- C:\Windows\System\eToKFQT.exe
  C:\Windows\System\eToKFQT.exe
  2⤵
  PID:8100
- C:\Windows\System\xJLalyA.exe
  C:\Windows\System\xJLalyA.exe
  2⤵
  PID:8128
- C:\Windows\System\qUllXVA.exe
  C:\Windows\System\qUllXVA.exe
  2⤵
  PID:8184
- C:\Windows\System\MwDNbkH.exe
  C:\Windows\System\MwDNbkH.exe
  2⤵
  PID:6288
- C:\Windows\System\enSBucO.exe
  C:\Windows\System\enSBucO.exe
  2⤵
  PID:7304
- C:\Windows\System\PDceqgs.exe
  C:\Windows\System\PDceqgs.exe
  2⤵
  PID:7396
- C:\Windows\System\hnBTNUt.exe
  C:\Windows\System\hnBTNUt.exe
  2⤵
  PID:7268
- C:\Windows\System\LKQmiXp.exe
  C:\Windows\System\LKQmiXp.exe
  2⤵
  PID:7416
- C:\Windows\System\GneEEPk.exe
  C:\Windows\System\GneEEPk.exe
  2⤵
  PID:7412
- C:\Windows\System\zanFwrW.exe
  C:\Windows\System\zanFwrW.exe
  2⤵
  PID:7476
- C:\Windows\System\hsyuqGG.exe
  C:\Windows\System\hsyuqGG.exe
  2⤵
  PID:7576
- C:\Windows\System\pVAVduH.exe
  C:\Windows\System\pVAVduH.exe
  2⤵
  PID:7692
- C:\Windows\System\UffVqAf.exe
  C:\Windows\System\UffVqAf.exe
  2⤵
  PID:7784
- C:\Windows\System\DmdjJzv.exe
  C:\Windows\System\DmdjJzv.exe
  2⤵
  PID:7564
- C:\Windows\System\XbnmkyR.exe
  C:\Windows\System\XbnmkyR.exe
  2⤵
  PID:7824
- C:\Windows\System\nUJtcpC.exe
  C:\Windows\System\nUJtcpC.exe
  2⤵
  PID:7952
- C:\Windows\System\djDvvug.exe
  C:\Windows\System\djDvvug.exe
  2⤵
  PID:7712
- C:\Windows\System\MMlZwbq.exe
  C:\Windows\System\MMlZwbq.exe
  2⤵
  PID:7808
- C:\Windows\System\InDCHuE.exe
  C:\Windows\System\InDCHuE.exe
  2⤵
  PID:8028
- C:\Windows\System\OBAFMTs.exe
  C:\Windows\System\OBAFMTs.exe
  2⤵
  PID:2976
- C:\Windows\System\QXfAkWm.exe
  C:\Windows\System\QXfAkWm.exe
  2⤵
  PID:3008
- C:\Windows\System\XCYeoKZ.exe
  C:\Windows\System\XCYeoKZ.exe
  2⤵
  PID:7980
- C:\Windows\System\EFHtBje.exe
  C:\Windows\System\EFHtBje.exe
  2⤵
  PID:8136
- C:\Windows\System\xsRwdqi.exe
  C:\Windows\System\xsRwdqi.exe
  2⤵
  PID:7204
- C:\Windows\System\wUjhaQq.exe
  C:\Windows\System\wUjhaQq.exe
  2⤵
  PID:7432
- C:\Windows\System\xgTceiM.exe
  C:\Windows\System\xgTceiM.exe
  2⤵
  PID:7272
- C:\Windows\System\bgAByTw.exe
  C:\Windows\System\bgAByTw.exe
  2⤵
  PID:7788
- C:\Windows\System\euqTkln.exe
  C:\Windows\System\euqTkln.exe
  2⤵
  PID:7948
- C:\Windows\System\KOGqPip.exe
  C:\Windows\System\KOGqPip.exe
  2⤵
  PID:7736
- C:\Windows\System\YqVhGvy.exe
  C:\Windows\System\YqVhGvy.exe
  2⤵
  PID:8076
- C:\Windows\System\ynzZohK.exe
  C:\Windows\System\ynzZohK.exe
  2⤵
  PID:7640
- C:\Windows\System\YnxyHjT.exe
  C:\Windows\System\YnxyHjT.exe
  2⤵
  PID:7248
- C:\Windows\System\eBCsUBv.exe
  C:\Windows\System\eBCsUBv.exe
  2⤵
  PID:8044
- C:\Windows\System\cCxOAZz.exe
  C:\Windows\System\cCxOAZz.exe
  2⤵
  PID:8180
- C:\Windows\System\vjjyPtJ.exe
  C:\Windows\System\vjjyPtJ.exe
  2⤵
  PID:7184
- C:\Windows\System\fnQuFHP.exe
  C:\Windows\System\fnQuFHP.exe
  2⤵
  PID:7792
- C:\Windows\System\RDXQnjx.exe
  C:\Windows\System\RDXQnjx.exe
  2⤵
  PID:7860
- C:\Windows\System\dEUodEy.exe
  C:\Windows\System\dEUodEy.exe
  2⤵
  PID:7756
- C:\Windows\System\xJhUGNP.exe
  C:\Windows\System\xJhUGNP.exe
  2⤵
  PID:7844
- C:\Windows\System\WWLscHN.exe
  C:\Windows\System\WWLscHN.exe
  2⤵
  PID:7884
- C:\Windows\System\LfUhMlF.exe
  C:\Windows\System\LfUhMlF.exe
  2⤵
  PID:7492
- C:\Windows\System\hYjnaNn.exe
  C:\Windows\System\hYjnaNn.exe
  2⤵
  PID:7448
- C:\Windows\System\ddRfsPp.exe
  C:\Windows\System\ddRfsPp.exe
  2⤵
  PID:7864
- C:\Windows\System\TmkjBNs.exe
  C:\Windows\System\TmkjBNs.exe
  2⤵
  PID:7724
- C:\Windows\System\hvJSHce.exe
  C:\Windows\System\hvJSHce.exe
  2⤵
  PID:7932
- C:\Windows\System\bLRrzgS.exe
  C:\Windows\System\bLRrzgS.exe
  2⤵
  PID:8240
- C:\Windows\System\GCzrxHJ.exe
  C:\Windows\System\GCzrxHJ.exe
  2⤵
  PID:8256
- C:\Windows\System\ELDjglv.exe
  C:\Windows\System\ELDjglv.exe
  2⤵
  PID:8272
- C:\Windows\System\qRFlGks.exe
  C:\Windows\System\qRFlGks.exe
  2⤵
  PID:8288
- C:\Windows\System\IIJrufw.exe
  C:\Windows\System\IIJrufw.exe
  2⤵
  PID:8304
- C:\Windows\System\MlbQJDJ.exe
  C:\Windows\System\MlbQJDJ.exe
  2⤵
  PID:8320
- C:\Windows\System\HzFlqaO.exe
  C:\Windows\System\HzFlqaO.exe
  2⤵
  PID:8340
- C:\Windows\System\uETevUd.exe
  C:\Windows\System\uETevUd.exe
  2⤵
  PID:8360
- C:\Windows\System\dmlSUtB.exe
  C:\Windows\System\dmlSUtB.exe
  2⤵
  PID:8388
- C:\Windows\System\LFTlLiw.exe
  C:\Windows\System\LFTlLiw.exe
  2⤵
  PID:8404
- C:\Windows\System\vvbUYth.exe
  C:\Windows\System\vvbUYth.exe
  2⤵
  PID:8424
- C:\Windows\System\QEbSnPo.exe
  C:\Windows\System\QEbSnPo.exe
  2⤵
  PID:8448
- C:\Windows\System\YoeOQSw.exe
  C:\Windows\System\YoeOQSw.exe
  2⤵
  PID:8468
- C:\Windows\System\rwqMHEv.exe
  C:\Windows\System\rwqMHEv.exe
  2⤵
  PID:8484
- C:\Windows\System\uLqZMCI.exe
  C:\Windows\System\uLqZMCI.exe
  2⤵
  PID:8500
- C:\Windows\System\aZIoZSY.exe
  C:\Windows\System\aZIoZSY.exe
  2⤵
  PID:8540
- C:\Windows\System\VFmXokd.exe
  C:\Windows\System\VFmXokd.exe
  2⤵
  PID:8556
- C:\Windows\System\nkeatdk.exe
  C:\Windows\System\nkeatdk.exe
  2⤵
  PID:8592
- C:\Windows\System\BZnACTp.exe
  C:\Windows\System\BZnACTp.exe
  2⤵
  PID:8608
- C:\Windows\System\zhXNNDu.exe
  C:\Windows\System\zhXNNDu.exe
  2⤵
  PID:8624
- C:\Windows\System\brXWrnU.exe
  C:\Windows\System\brXWrnU.exe
  2⤵
  PID:8652
- C:\Windows\System\APiBtJZ.exe
  C:\Windows\System\APiBtJZ.exe
  2⤵
  PID:8668
- C:\Windows\System\Qrooqdg.exe
  C:\Windows\System\Qrooqdg.exe
  2⤵
  PID:8684
- C:\Windows\System\BoyEnBI.exe
  C:\Windows\System\BoyEnBI.exe
  2⤵
  PID:8700
- C:\Windows\System\gvoPbkd.exe
  C:\Windows\System\gvoPbkd.exe
  2⤵
  PID:8716
- C:\Windows\System\yIzEAcy.exe
  C:\Windows\System\yIzEAcy.exe
  2⤵
  PID:8732
- C:\Windows\System\STgUvaX.exe
  C:\Windows\System\STgUvaX.exe
  2⤵
  PID:8748
- C:\Windows\System\WCAxlov.exe
  C:\Windows\System\WCAxlov.exe
  2⤵
  PID:8764
- C:\Windows\System\LMDOJuu.exe
  C:\Windows\System\LMDOJuu.exe
  2⤵
  PID:8784
- C:\Windows\System\CpXaBto.exe
  C:\Windows\System\CpXaBto.exe
  2⤵
  PID:8808
- C:\Windows\System\XqDsfqA.exe
  C:\Windows\System\XqDsfqA.exe
  2⤵
  PID:8832
- C:\Windows\System\DcaENXc.exe
  C:\Windows\System\DcaENXc.exe
  2⤵
  PID:8848
- C:\Windows\System\HdrsWZn.exe
  C:\Windows\System\HdrsWZn.exe
  2⤵
  PID:8864
- C:\Windows\System\alOxvkg.exe
  C:\Windows\System\alOxvkg.exe
  2⤵
  PID:8880
- C:\Windows\System\AyeUBmh.exe
  C:\Windows\System\AyeUBmh.exe
  2⤵
  PID:8916
- C:\Windows\System\cHfRYKm.exe
  C:\Windows\System\cHfRYKm.exe
  2⤵
  PID:8932
- C:\Windows\System\LCIqbrZ.exe
  C:\Windows\System\LCIqbrZ.exe
  2⤵
  PID:8960
- C:\Windows\System\zMTSiPR.exe
  C:\Windows\System\zMTSiPR.exe
  2⤵
  PID:8988
- C:\Windows\System\wrLThah.exe
  C:\Windows\System\wrLThah.exe
  2⤵
  PID:9012
- C:\Windows\System\HgtruDX.exe
  C:\Windows\System\HgtruDX.exe
  2⤵
  PID:9032
- C:\Windows\System\lJKBGqp.exe
  C:\Windows\System\lJKBGqp.exe
  2⤵
  PID:9048
- C:\Windows\System\qnvvJKW.exe
  C:\Windows\System\qnvvJKW.exe
  2⤵
  PID:9064
- C:\Windows\System\rBlyvOq.exe
  C:\Windows\System\rBlyvOq.exe
  2⤵
  PID:9080
- C:\Windows\System\cDGkzda.exe
  C:\Windows\System\cDGkzda.exe
  2⤵
  PID:9096
- C:\Windows\System\nveDeYw.exe
  C:\Windows\System\nveDeYw.exe
  2⤵
  PID:9116
- C:\Windows\System\CMlxYUr.exe
  C:\Windows\System\CMlxYUr.exe
  2⤵
  PID:9136
- C:\Windows\System\xpLcMiu.exe
  C:\Windows\System\xpLcMiu.exe
  2⤵
  PID:9156
- C:\Windows\System\dXCleDI.exe
  C:\Windows\System\dXCleDI.exe
  2⤵
  PID:9180
- C:\Windows\System\JcSNhvF.exe
  C:\Windows\System\JcSNhvF.exe
  2⤵
  PID:9200
- C:\Windows\System\QXuBmrI.exe
  C:\Windows\System\QXuBmrI.exe
  2⤵
  PID:8212
- C:\Windows\System\ssOwUSz.exe
  C:\Windows\System\ssOwUSz.exe
  2⤵
  PID:8232
- C:\Windows\System\zxeGMPx.exe
  C:\Windows\System\zxeGMPx.exe
  2⤵
  PID:7460
- C:\Windows\System\ujoiCee.exe
  C:\Windows\System\ujoiCee.exe
  2⤵
  PID:8264
- C:\Windows\System\ueMPjmj.exe
  C:\Windows\System\ueMPjmj.exe
  2⤵
  PID:8384
- C:\Windows\System\gLwBhGy.exe
  C:\Windows\System\gLwBhGy.exe
  2⤵
  PID:7912
- C:\Windows\System\TmSWlwD.exe
  C:\Windows\System\TmSWlwD.exe
  2⤵
  PID:8348
- C:\Windows\System\inCPlCh.exe
  C:\Windows\System\inCPlCh.exe
  2⤵
  PID:8400
- C:\Windows\System\PGGBaNE.exe
  C:\Windows\System\PGGBaNE.exe
  2⤵
  PID:8460
- C:\Windows\System\LMngjkJ.exe
  C:\Windows\System\LMngjkJ.exe
  2⤵
  PID:8476
- C:\Windows\System\FSqIXfU.exe
  C:\Windows\System\FSqIXfU.exe
  2⤵
  PID:8516
- C:\Windows\System\WIgtSdt.exe
  C:\Windows\System\WIgtSdt.exe
  2⤵
  PID:8528
- C:\Windows\System\JDUZIQO.exe
  C:\Windows\System\JDUZIQO.exe
  2⤵
  PID:8572
- C:\Windows\System\ZVNgQtb.exe
  C:\Windows\System\ZVNgQtb.exe
  2⤵
  PID:8620
- C:\Windows\System\NRgfRhM.exe
  C:\Windows\System\NRgfRhM.exe
  2⤵
  PID:8644
- C:\Windows\System\DJjQCXP.exe
  C:\Windows\System\DJjQCXP.exe
  2⤵
  PID:8696
- C:\Windows\System\EtTXHgi.exe
  C:\Windows\System\EtTXHgi.exe
  2⤵
  PID:8712
- C:\Windows\System\tEKaqyq.exe
  C:\Windows\System\tEKaqyq.exe
  2⤵
  PID:8776
- C:\Windows\System\IvXpznN.exe
  C:\Windows\System\IvXpznN.exe
  2⤵
  PID:8828
- C:\Windows\System\oWKvOTu.exe
  C:\Windows\System\oWKvOTu.exe
  2⤵
  PID:8860
- C:\Windows\System\hDjUeyC.exe
  C:\Windows\System\hDjUeyC.exe
  2⤵
  PID:8800
- C:\Windows\System\qxkbdio.exe
  C:\Windows\System\qxkbdio.exe
  2⤵
  PID:8900
- C:\Windows\System\xIpxKEm.exe
  C:\Windows\System\xIpxKEm.exe
  2⤵
  PID:8924
- C:\Windows\System\DSFAKIT.exe
  C:\Windows\System\DSFAKIT.exe
  2⤵
  PID:8972
- C:\Windows\System\KSPfZds.exe
  C:\Windows\System\KSPfZds.exe
  2⤵
  PID:9004
- C:\Windows\System\nFZjlMn.exe
  C:\Windows\System\nFZjlMn.exe
  2⤵
  PID:9000
- C:\Windows\System\KbuSvxJ.exe
  C:\Windows\System\KbuSvxJ.exe
  2⤵
  PID:9040
- C:\Windows\System\MJfWbmW.exe
  C:\Windows\System\MJfWbmW.exe
  2⤵
  PID:9152
- C:\Windows\System\WWNySUA.exe
  C:\Windows\System\WWNySUA.exe
  2⤵
  PID:9132
- C:\Windows\System\IQJwQWm.exe
  C:\Windows\System\IQJwQWm.exe
  2⤵
  PID:9092
- C:\Windows\System\mjFlbVE.exe
  C:\Windows\System\mjFlbVE.exe
  2⤵
  PID:9088
- C:\Windows\System\XbjPRFl.exe
  C:\Windows\System\XbjPRFl.exe
  2⤵
  PID:9212
- C:\Windows\System\HZqICmV.exe
  C:\Windows\System\HZqICmV.exe
  2⤵
  PID:8200
- C:\Windows\System\GoLaIFB.exe
  C:\Windows\System\GoLaIFB.exe
  2⤵
  PID:8204
- C:\Windows\System\oEJpmxL.exe
  C:\Windows\System\oEJpmxL.exe
  2⤵
  PID:8332
- C:\Windows\System\KbFOSgH.exe
  C:\Windows\System\KbFOSgH.exe
  2⤵
  PID:8416
- C:\Windows\System\Eynqagc.exe
  C:\Windows\System\Eynqagc.exe
  2⤵
  PID:8456
- C:\Windows\System\fCYjhdQ.exe
  C:\Windows\System\fCYjhdQ.exe
  2⤵
  PID:8536
- C:\Windows\System\YCIyTnx.exe
  C:\Windows\System\YCIyTnx.exe
  2⤵
  PID:8632
- C:\Windows\System\AUItslP.exe
  C:\Windows\System\AUItslP.exe
  2⤵
  PID:8564
- C:\Windows\System\bXzldkk.exe
  C:\Windows\System\bXzldkk.exe
  2⤵
  PID:8636
- C:\Windows\System\hqdhqRh.exe
  C:\Windows\System\hqdhqRh.exe
  2⤵
  PID:8772
- C:\Windows\System\xYBkyzQ.exe
  C:\Windows\System\xYBkyzQ.exe
  2⤵
  PID:8888
- C:\Windows\System\fAMuIsK.exe
  C:\Windows\System\fAMuIsK.exe
  2⤵
  PID:8844
- C:\Windows\System\aFwzQhL.exe
  C:\Windows\System\aFwzQhL.exe
  2⤵
  PID:8908
- C:\Windows\System\wQSYjZS.exe
  C:\Windows\System\wQSYjZS.exe
  2⤵
  PID:8940
- C:\Windows\System\xHWTXDs.exe
  C:\Windows\System\xHWTXDs.exe
  2⤵
  PID:8372
- C:\Windows\System\YIWWPaZ.exe
  C:\Windows\System\YIWWPaZ.exe
  2⤵
  PID:9044
- C:\Windows\System\iVvSZXm.exe
  C:\Windows\System\iVvSZXm.exe
  2⤵
  PID:9148
- C:\Windows\System\SmMPVcY.exe
  C:\Windows\System\SmMPVcY.exe
  2⤵
  PID:9168
- C:\Windows\System\hoYHSUF.exe
  C:\Windows\System\hoYHSUF.exe
  2⤵
  PID:7056
- C:\Windows\System\nLoeBDb.exe
  C:\Windows\System\nLoeBDb.exe
  2⤵
  PID:8356
- C:\Windows\System\NuLWajM.exe
  C:\Windows\System\NuLWajM.exe
  2⤵
  PID:8532
- C:\Windows\System\FKOiGPc.exe
  C:\Windows\System\FKOiGPc.exe
  2⤵
  PID:8300
- C:\Windows\System\kDaaXzj.exe
  C:\Windows\System\kDaaXzj.exe
  2⤵
  PID:8396
- C:\Windows\System\ionhcMa.exe
  C:\Windows\System\ionhcMa.exe
  2⤵
  PID:8664
- C:\Windows\System\obCgDhq.exe
  C:\Windows\System\obCgDhq.exe
  2⤵
  PID:8724
- C:\Windows\System\bfcvmfV.exe
  C:\Windows\System\bfcvmfV.exe
  2⤵
  PID:8840
- C:\Windows\System\aDdoNHI.exe
  C:\Windows\System\aDdoNHI.exe
  2⤵
  PID:8756
- C:\Windows\System\lhfYwuo.exe
  C:\Windows\System\lhfYwuo.exe
  2⤵
  PID:8948
- C:\Windows\System\hECuzUf.exe
  C:\Windows\System\hECuzUf.exe
  2⤵
  PID:9028
- C:\Windows\System\DgouhBL.exe
  C:\Windows\System\DgouhBL.exe
  2⤵
  PID:9108
- C:\Windows\System\khsgoUq.exe
  C:\Windows\System\khsgoUq.exe
  2⤵
  PID:7532
- C:\Windows\System\QOIGgFK.exe
  C:\Windows\System\QOIGgFK.exe
  2⤵
  PID:9172
- C:\Windows\System\VBqMaRv.exe
  C:\Windows\System\VBqMaRv.exe
  2⤵
  PID:8436
- C:\Windows\System\BiMNbsu.exe
  C:\Windows\System\BiMNbsu.exe
  2⤵
  PID:8744
- C:\Windows\System\KxDpxAF.exe
  C:\Windows\System\KxDpxAF.exe
  2⤵
  PID:9104
- C:\Windows\System\pSIlrHG.exe
  C:\Windows\System\pSIlrHG.exe
  2⤵
  PID:9076
- C:\Windows\System\zVUoHhT.exe
  C:\Windows\System\zVUoHhT.exe
  2⤵
  PID:8896
- C:\Windows\System\ReUaTnG.exe
  C:\Windows\System\ReUaTnG.exe
  2⤵
  PID:8412
- C:\Windows\System\TsWICZA.exe
  C:\Windows\System\TsWICZA.exe
  2⤵
  PID:8284
- C:\Windows\System\pSfQrbb.exe
  C:\Windows\System\pSfQrbb.exe
  2⤵
  PID:8792
- C:\Windows\System\AsNYlhB.exe
  C:\Windows\System\AsNYlhB.exe
  2⤵
  PID:8760
- C:\Windows\System\wtVjupE.exe
  C:\Windows\System\wtVjupE.exe
  2⤵
  PID:8228
- C:\Windows\System\ZtXvLzF.exe
  C:\Windows\System\ZtXvLzF.exe
  2⤵
  PID:8296
- C:\Windows\System\BFLDYGy.exe
  C:\Windows\System\BFLDYGy.exe
  2⤵
  PID:8312
- C:\Windows\System\IVvkwAU.exe
  C:\Windows\System\IVvkwAU.exe
  2⤵
  PID:8512
- C:\Windows\System\xRaPHfB.exe
  C:\Windows\System\xRaPHfB.exe
  2⤵
  PID:8660
- C:\Windows\System\fFyjCbO.exe
  C:\Windows\System\fFyjCbO.exe
  2⤵
  PID:9224
- C:\Windows\System\eEqSKhZ.exe
  C:\Windows\System\eEqSKhZ.exe
  2⤵
  PID:9248
- C:\Windows\System\GOVCwQe.exe
  C:\Windows\System\GOVCwQe.exe
  2⤵
  PID:9264
- C:\Windows\System\LbbfvjQ.exe
  C:\Windows\System\LbbfvjQ.exe
  2⤵
  PID:9284
- C:\Windows\System\VmJTVwr.exe
  C:\Windows\System\VmJTVwr.exe
  2⤵
  PID:9304
- C:\Windows\System\Qipvprt.exe
  C:\Windows\System\Qipvprt.exe
  2⤵
  PID:9320
- C:\Windows\System\IdGpdnm.exe
  C:\Windows\System\IdGpdnm.exe
  2⤵
  PID:9344
- C:\Windows\System\QYrDYoX.exe
  C:\Windows\System\QYrDYoX.exe
  2⤵
  PID:9360
- C:\Windows\System\aaojBMi.exe
  C:\Windows\System\aaojBMi.exe
  2⤵
  PID:9388
- C:\Windows\System\ykUaIxn.exe
  C:\Windows\System\ykUaIxn.exe
  2⤵
  PID:9408
- C:\Windows\System\NpoDxpw.exe
  C:\Windows\System\NpoDxpw.exe
  2⤵
  PID:9428
- C:\Windows\System\VMkxMMU.exe
  C:\Windows\System\VMkxMMU.exe
  2⤵
  PID:9444
- C:\Windows\System\mnMGmkP.exe
  C:\Windows\System\mnMGmkP.exe
  2⤵
  PID:9464
- C:\Windows\System\VwMNELX.exe
  C:\Windows\System\VwMNELX.exe
  2⤵
  PID:9480
- C:\Windows\System\PUTWpnL.exe
  C:\Windows\System\PUTWpnL.exe
  2⤵
  PID:9500
- C:\Windows\System\VBcVVAp.exe
  C:\Windows\System\VBcVVAp.exe
  2⤵
  PID:9520
- C:\Windows\System\ciktVlQ.exe
  C:\Windows\System\ciktVlQ.exe
  2⤵
  PID:9548
- C:\Windows\System\MFkVXAT.exe
  C:\Windows\System\MFkVXAT.exe
  2⤵
  PID:9568
- C:\Windows\System\XvbACyR.exe
  C:\Windows\System\XvbACyR.exe
  2⤵
  PID:9588
- C:\Windows\System\vOQndfE.exe
  C:\Windows\System\vOQndfE.exe
  2⤵
  PID:9604
- C:\Windows\System\PmvfXJO.exe
  C:\Windows\System\PmvfXJO.exe
  2⤵
  PID:9620
- C:\Windows\System\ltoZZZS.exe
  C:\Windows\System\ltoZZZS.exe
  2⤵
  PID:9636
- C:\Windows\System\LBvNhQx.exe
  C:\Windows\System\LBvNhQx.exe
  2⤵
  PID:9652
- C:\Windows\System\NSokcLN.exe
  C:\Windows\System\NSokcLN.exe
  2⤵
  PID:9668
- C:\Windows\System\LvsExIO.exe
  C:\Windows\System\LvsExIO.exe
  2⤵
  PID:9684
- C:\Windows\System\KpvcaQM.exe
  C:\Windows\System\KpvcaQM.exe
  2⤵
  PID:9704
- C:\Windows\System\hkUUpFQ.exe
  C:\Windows\System\hkUUpFQ.exe
  2⤵
  PID:9720
- C:\Windows\System\BYkhgkW.exe
  C:\Windows\System\BYkhgkW.exe
  2⤵
  PID:9740
- C:\Windows\System\uzPQQEl.exe
  C:\Windows\System\uzPQQEl.exe
  2⤵
  PID:9760
- C:\Windows\System\QKjYWaC.exe
  C:\Windows\System\QKjYWaC.exe
  2⤵
  PID:9776
- C:\Windows\System\MBRYhcA.exe
  C:\Windows\System\MBRYhcA.exe
  2⤵
  PID:9792
- C:\Windows\System\wxMByya.exe
  C:\Windows\System\wxMByya.exe
  2⤵
  PID:9808
- C:\Windows\System\xcgRrKo.exe
  C:\Windows\System\xcgRrKo.exe
  2⤵
  PID:9824
- C:\Windows\System\NKToloE.exe
  C:\Windows\System\NKToloE.exe
  2⤵
  PID:9840
- C:\Windows\System\KnBGBRw.exe
  C:\Windows\System\KnBGBRw.exe
  2⤵
  PID:9896
- C:\Windows\System\AscUTBq.exe
  C:\Windows\System\AscUTBq.exe
  2⤵
  PID:9912
- C:\Windows\System\YkwLpgW.exe
  C:\Windows\System\YkwLpgW.exe
  2⤵
  PID:9936
- C:\Windows\System\TGlmRfO.exe
  C:\Windows\System\TGlmRfO.exe
  2⤵
  PID:9956
- C:\Windows\System\WwScuZE.exe
  C:\Windows\System\WwScuZE.exe
  2⤵
  PID:9984
- C:\Windows\System\UoNWMmh.exe
  C:\Windows\System\UoNWMmh.exe
  2⤵
  PID:10000
- C:\Windows\System\ItLADIP.exe
  C:\Windows\System\ItLADIP.exe
  2⤵
  PID:10016
- C:\Windows\System\pjMvLIQ.exe
  C:\Windows\System\pjMvLIQ.exe
  2⤵
  PID:10032
- C:\Windows\System\LtJolYu.exe
  C:\Windows\System\LtJolYu.exe
  2⤵
  PID:10048
- C:\Windows\System\bgAvtZc.exe
  C:\Windows\System\bgAvtZc.exe
  2⤵
  PID:10064
- C:\Windows\System\InfdDgX.exe
  C:\Windows\System\InfdDgX.exe
  2⤵
  PID:10088
- C:\Windows\System\oZSJJcT.exe
  C:\Windows\System\oZSJJcT.exe
  2⤵
  PID:10108
- C:\Windows\System\ORKAutw.exe
  C:\Windows\System\ORKAutw.exe
  2⤵
  PID:10124
- C:\Windows\System\ffVFWXF.exe
  C:\Windows\System\ffVFWXF.exe
  2⤵
  PID:10144
- C:\Windows\System\XWrhFSj.exe
  C:\Windows\System\XWrhFSj.exe
  2⤵
  PID:10160
- C:\Windows\System\aoUURNR.exe
  C:\Windows\System\aoUURNR.exe
  2⤵
  PID:10176
- C:\Windows\System\YNcDRsF.exe
  C:\Windows\System\YNcDRsF.exe
  2⤵
  PID:10192
- C:\Windows\System\CXwZxKS.exe
  C:\Windows\System\CXwZxKS.exe
  2⤵
  PID:10212
- C:\Windows\System\dOaYHHu.exe
  C:\Windows\System\dOaYHHu.exe
  2⤵
  PID:8604
- C:\Windows\System\FcKwHQR.exe
  C:\Windows\System\FcKwHQR.exe
  2⤵
  PID:9244
- C:\Windows\System\nEYPsXZ.exe
  C:\Windows\System\nEYPsXZ.exe
  2⤵
  PID:9260
- C:\Windows\System\IeAbdig.exe
  C:\Windows\System\IeAbdig.exe
  2⤵
  PID:9328
- C:\Windows\System\GPVBGbN.exe
  C:\Windows\System\GPVBGbN.exe
  2⤵
  PID:9376
- C:\Windows\System\vmYtdJW.exe
  C:\Windows\System\vmYtdJW.exe
  2⤵
  PID:9424
- C:\Windows\System\noVLqKC.exe
  C:\Windows\System\noVLqKC.exe
  2⤵
  PID:9452
- C:\Windows\System\avRkrqb.exe
  C:\Windows\System\avRkrqb.exe
  2⤵
  PID:9488
- C:\Windows\System\sXsbXlc.exe
  C:\Windows\System\sXsbXlc.exe
  2⤵
  PID:9512
- C:\Windows\System\kVjnqyk.exe
  C:\Windows\System\kVjnqyk.exe
  2⤵
  PID:9528
- C:\Windows\System\SgiIMOE.exe
  C:\Windows\System\SgiIMOE.exe
  2⤵
  PID:9564
- C:\Windows\System\loGSMyr.exe
  C:\Windows\System\loGSMyr.exe
  2⤵
  PID:9648
- C:\Windows\System\ofEvxUc.exe
  C:\Windows\System\ofEvxUc.exe
  2⤵
  PID:9716
- C:\Windows\System\wTnFGwd.exe
  C:\Windows\System\wTnFGwd.exe
  2⤵
  PID:9784
- C:\Windows\System\wNUcMZC.exe
  C:\Windows\System\wNUcMZC.exe
  2⤵
  PID:9864
- C:\Windows\System\FhyAXNq.exe
  C:\Windows\System\FhyAXNq.exe
  2⤵
  PID:9632
- C:\Windows\System\YMDxQXa.exe
  C:\Windows\System\YMDxQXa.exe
  2⤵
  PID:9888
- C:\Windows\System\tctmrfG.exe
  C:\Windows\System\tctmrfG.exe
  2⤵
  PID:9692
- C:\Windows\System\yoZDTyy.exe
  C:\Windows\System\yoZDTyy.exe
  2⤵
  PID:9728
- C:\Windows\System\dDxwApk.exe
  C:\Windows\System\dDxwApk.exe
  2⤵
  PID:9800
- C:\Windows\System\PbcpaBm.exe
  C:\Windows\System\PbcpaBm.exe
  2⤵
  PID:9944
- C:\Windows\System\RlbCIkp.exe
  C:\Windows\System\RlbCIkp.exe
  2⤵
  PID:10024
- C:\Windows\System\MGiDIgs.exe
  C:\Windows\System\MGiDIgs.exe
  2⤵
  PID:10060
- C:\Windows\System\XShLGzZ.exe
  C:\Windows\System\XShLGzZ.exe
  2⤵
  PID:10012
- C:\Windows\System\onesbyr.exe
  C:\Windows\System\onesbyr.exe
  2⤵
  PID:10132
- C:\Windows\System\KVQTEzw.exe
  C:\Windows\System\KVQTEzw.exe
  2⤵
  PID:9976
- C:\Windows\System\MKujkHv.exe
  C:\Windows\System\MKujkHv.exe
  2⤵
  PID:10084
- C:\Windows\System\xjyvmtP.exe
  C:\Windows\System\xjyvmtP.exe
  2⤵
  PID:10152
- C:\Windows\System\uMggdMz.exe
  C:\Windows\System\uMggdMz.exe
  2⤵
  PID:10208
- C:\Windows\System\vLRTZZO.exe
  C:\Windows\System\vLRTZZO.exe
  2⤵
  PID:10224
- C:\Windows\System\EgNUUDt.exe
  C:\Windows\System\EgNUUDt.exe
  2⤵
  PID:10228
- C:\Windows\System\gqrOsCH.exe
  C:\Windows\System\gqrOsCH.exe
  2⤵
  PID:9276
- C:\Windows\System\odthtqi.exe
  C:\Windows\System\odthtqi.exe
  2⤵
  PID:9256
- C:\Windows\System\dOBSyaZ.exe
  C:\Windows\System\dOBSyaZ.exe
  2⤵
  PID:9404
- C:\Windows\System\wETAIuD.exe
  C:\Windows\System\wETAIuD.exe
  2⤵
  PID:9472
- C:\Windows\System\dWUfobg.exe
  C:\Windows\System\dWUfobg.exe
  2⤵
  PID:9544
- C:\Windows\System\cuBMJKf.exe
  C:\Windows\System\cuBMJKf.exe
  2⤵
  PID:9456
- C:\Windows\System\LzKYkqN.exe
  C:\Windows\System\LzKYkqN.exe
  2⤵
  PID:9616
- C:\Windows\System\kEPeHZB.exe
  C:\Windows\System\kEPeHZB.exe
  2⤵
  PID:9600
- C:\Windows\System\JfoQsnb.exe
  C:\Windows\System\JfoQsnb.exe
  2⤵
  PID:9868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AFUEcnD.exe

Filesize
6.0MB

MD5
6d70d685a34580032fd57d84d9a55a5f

SHA1
6139571898b1c74a24bb1522fee7670ba98f2a6e

SHA256
b3221ca77dd5ef2b9a22a9f601bfd30838451787dfa358350f4b3b9d1180aa1c

SHA512
3db8bc59371d3aa3e811cc47e7c2440cb66569ac4eddfa0bd82d23fce3e1f8a20154a6775592c431e269bec16345f2b10a4ecc053c04e946233450e0baff81b3

Download Submit
C:\Windows\system\BgROwgg.exe

Filesize
6.0MB

MD5
787032fc2876a3b6304a537bc3eb9c91

SHA1
b646fe449332b46deeaf87b6a6c46621dfbcee77

SHA256
3321b573ccbe2c1374aa7f23826d907f59c09f1334f211a8ffc45053505eadcc

SHA512
5d83f0b2e835e164c39937ab56e7c33b309e25a52214f480fa3925e5471a4dd8634a8dcae7690d39e18f7b3b1c0881c5ae88f2b94f29e4fc2f00c1e6ddc1cc6f

Download Submit
C:\Windows\system\KrkHcMM.exe

Filesize
6.0MB

MD5
195007bc1c9fdd10a93c39fbd3e78b81

SHA1
615363277a0913ba655bbb844e45133f4bfff804

SHA256
b85df88149574eafe4717d8326f21b29b67fceb202236efcdc155602462d2606

SHA512
4442897f13624664509037480aa02b0b5de8b28079c217290a4efd3410ec14017d80f852a9b6985aabf40fde1b075d36170cfc2ab20fb0bbda4527ee92e12f9a

Download Submit
C:\Windows\system\MTCNszn.exe

Filesize
6.0MB

MD5
a823b7944124d1914d166b6f9645d99f

SHA1
ca2cf3d7e26328f5549118f7971a0b6596c00e79

SHA256
8e092769aba1e98cd1a61a4e1461ad90f220e1f0aa577266180d08270aa08e03

SHA512
15b67fb6aa24e3f1bbe69ddf209d0374d0b88c8c7e0e61d78b28713aafd5932f2aa46bcb0a17d3e8fa9e8355049febf64d20765dfbf385b7c881328001a7e0c4

Download Submit
C:\Windows\system\NGncrFL.exe

Filesize
6.0MB

MD5
41c01485d24ff7bc484caeb3f147ca63

SHA1
88f506dd6a1cd0aa5553c72f1c5b1de8641d7b2f

SHA256
fb9df660c6c68001758a7c8f408a235f13e69cd7b2d265af21f3b23c9fa202de

SHA512
7afd0261e00d34251148b600bd88dda186199d0ddec5d88d83e9e5931480f53168c3473c3716216279680c892f17222a0ff97434f4ba052b506fea0959bc7862

Download Submit
C:\Windows\system\OFbPPtk.exe

Filesize
6.0MB

MD5
e8b8c5e07f85de1083ecc2511daea0ab

SHA1
333468fc21c4f30d4d403681554a46c46954b41e

SHA256
337f61bd366c482ffaedd94a164a01c0f49c2e682383cfd87a5b12ecf2f71589

SHA512
1d778a6506f3cf4f26edb123a0cff4709a3c594b417d86636cbbbe7688d8f72294d91503ed2a9bf76fa7884c732c1764689378f50bca95bdc324aab2b2b1139e

Download Submit
C:\Windows\system\OhQGuLT.exe

Filesize
6.0MB

MD5
52532de4243a17dc90d5f6f1c198b33c

SHA1
572bbb2531e2104dab0ff9a51df19c98716803af

SHA256
8216d9c1ac2b7fad3e2abd51e1983f4a184975c74cd418d73cd0ba761f018943

SHA512
cbc2df0fb739b9528c08f41bb4adb1f0dcc6539ccca65158bf66574be437a430da3dc17f59359ee9dae0bf27e3291a47cc4a96122e9a953f2ce0faa9a94d25aa

Download Submit
C:\Windows\system\QhcAFWJ.exe

Filesize
8B

MD5
8d102c8b9dcad6ecccfdb8a106567085

SHA1
ccbbb62ce86585ad44e013e6f5284d3fbd102636

SHA256
c958ee5f7dd8c8e21a17662941d2aea112fba85281c1f9a687b05f1cbea124d5

SHA512
41369d6d6d7d8368f3035b90818409c8baec11f52940d23540683f0d6444508b916e54dca16704a555c6f0ca0605170ffedaecb64d2244711492d4effb18d6a4

Download Submit
C:\Windows\system\RLPTzsQ.exe

Filesize
6.0MB

MD5
79129cace31eb1de6cbfe8305fe45c0d

SHA1
3d8a3c8bb7ca173071b0ece0fac96568a379c657

SHA256
e6c2080ef3d30ef4d3d3e5d96e2323b19af68fde814c51a6a3c21f5d5615eb1e

SHA512
35eec677a910de62bf3b864b6e4dc0f31b109bc97ec4c7a9876b862114a28a0c9f543fa93ef08ebfff94adced2d30083038c6f5bdc4c5f348a596f94958d195e

Download Submit
C:\Windows\system\TFqSWSi.exe

Filesize
6.0MB

MD5
8cb829db7440d16b188c46a7cf75b9a1

SHA1
22ecb4fca3b05df19ea51be51606811f6e0df720

SHA256
7eae27eb15c913bd1b8ce477864006d189375a1fda75170146da2bc595746acd

SHA512
3006a8d3ca592d2945f0b3f79172aeb3ee0c14155ccd8294167fbfdbb4dce457041b0a335e1f4a9da704e5c69db3c59836c3bb79d84403046c2ffd3aee96a5f8

Download Submit
C:\Windows\system\VKdyfNd.exe

Filesize
6.0MB

MD5
1a9835ddd765adc8ddfdf97a4467be73

SHA1
1798b4a76c9b56dcabc1b478ba00634b67a4dcec

SHA256
e17980ac22daa6c59c9bd524c21524d5fc0ba4de9524d9fcf46e5f907f5bf3ad

SHA512
c0e45a53b4a092a49db6fa76a08b08545c2ece2ed59ea43f58c9f269ba3e49d87b6b4c9af22ba9478afb480a12c895cf2a3cb2709b9f6b6a9a46884747954fe7

Download Submit
C:\Windows\system\XtxcaqH.exe

Filesize
6.0MB

MD5
7c94711fae11a03ccecfd5c8c638e88d

SHA1
4ed8713f7452a04cf81f7cd70398618433708b30

SHA256
d7c54ee9e5c56c3e32dacd74bbec2041f78842806e46208d0ba1d19c05daa481

SHA512
251d490487e0a9ddb10d62c1c556f9b5656a4e57cf0be113999da04d11c304d6fc2099dc5ec77617f08a553e932f04a81e534f921778cdfecb45735367f4346d

Download Submit
C:\Windows\system\ZFsVxfZ.exe

Filesize
6.0MB

MD5
77fd0ace879fad4d17ad44de52630d9f

SHA1
1f7a62207bbe2e836b158ab5a237c84f4eb66f0d

SHA256
26250f938bd25e64fad38d9528c23d4550f328323127c15b86b33ffc7b87f4cb

SHA512
b4d8566296eb25dae28e2c94d6944b9292ca26a33830ec758ed835cd7b50d70642bd5317e974afda71122e0b629f0f633d1bbcac0471e0b5d68794bddebbb8f6

Download Submit
C:\Windows\system\ZbWFGSE.exe

Filesize
6.0MB

MD5
046ce5c4e7c094f643097fe46d4ae67e

SHA1
4fa0223475819ec7340d5c15d0a093897bf5dc16

SHA256
ab10765d20e99c78cd27a4c4d572cdd168854e6916b3be0a8cb6d9e1ae36fc7c

SHA512
dd4fa4b64460d9768f795d156c2411c51f04f153987006ba6901b5318bb656aa0431972c027349379105516bd5f08f234145dae41d7a51e89794223debb00635

Download Submit
C:\Windows\system\diGmbiR.exe

Filesize
6.0MB

MD5
72a3e2ebabde00503954a766d32d587a

SHA1
16364ee0728453b05717607b0902e955bc23a922

SHA256
a1286971e612c998e3a05b2fcb3d537a447a22cb40494651a04a2c5015801fb3

SHA512
7965f51bbed9c1ce93e58f9785aa972bc83317a104a6bda53f6174baed815427b75a80ce3ac71a50f99bb5316a1ff56fbeeddab4d94cd42f13e5e068d28b9115

Download Submit
C:\Windows\system\ePERUZP.exe

Filesize
6.0MB

MD5
b7b319f2081e80aa9bd92a7881a532d1

SHA1
a1c5df128d1b7ee1331fcdd13a65928f8d45a393

SHA256
029d86458f1398af3f3e0d138722361473d25d6f34ef7ad869c1d947e1558a2b

SHA512
9d8a9ee815da43ebfc65ad9e1375071aa96f79241dc4d05117547363faa585336518759318d038456f442e6154e5633756235b0a06a15157cefbc05d41af7182

Download Submit
C:\Windows\system\eXdowns.exe

Filesize
6.0MB

MD5
578388d12549510f379caa8dcea496b9

SHA1
f2ebdce9ca31986d80755fe15eabac2a3ca729ea

SHA256
803357d4ab3efd6748f813f65c0e2888282f9bd2bb17fd06fe9432a8e6213c00

SHA512
f7d54be35fd63d5f3794d70bfb71e15a5cf1e2dc7ae3975075c0a376ab7a72097d3a277ce1b1fb41fe81296ba8785145607023b8069d509289c1121214411ab1

Download Submit
C:\Windows\system\guHSiQZ.exe

Filesize
6.0MB

MD5
5cfa51a467e93db18cab0cc9a9cd8339

SHA1
ce128657947647681d25f920783cf8782b30f63d

SHA256
1eec5df816bccd15ce9b639921663b1314ef16ed953e7794bf2c058f5497fcd4

SHA512
7a8d2aad7107aa40e8182142e1554a92a6f4783f1a2af6ff3ac2d9d620f27addba7cb42c22b392197e9e8a1d90aa91930fcf4c23ca02f4d5ff4f7813312d203e

Download Submit
C:\Windows\system\haVrLvK.exe

Filesize
6.0MB

MD5
6a922f553b7fdf5b46fe83e493d04d6f

SHA1
b349e5b9ba9609f8ce7312b9bc86bc741060984f

SHA256
9b87720ef2ef4cd8f51e6ee797e4e3ff81ba3817062acb25e83b67bf067d6cae

SHA512
ac26f28faaa71a1832ac3960c0a05342db48468a3d3b006bf24f5b255a4fe68b57b16d2f65944ab7a47e874e76988134ef8b59c282ee81b41683b7cb8a2b2558

Download Submit
C:\Windows\system\hrfoHEj.exe

Filesize
6.0MB

MD5
9e02e9c1a4c78fb6228b5e877b1a9e8e

SHA1
b835d2461890c2c64039fe2c105f127e3f51ddf6

SHA256
7b70a2656dbc94911971fdba5696d308be371aa30b426da1d40b1b004a36b746

SHA512
4fe7a8f1d67f5a8bc7cac75d53282326952c2d713673c2710256735a86ffd99e6303efa2ed98c8a717d9fbea3778b198ea500157fbfd43f1ba2c9158bcfb4c7c

Download Submit
C:\Windows\system\juOnsxs.exe

Filesize
6.0MB

MD5
cb9666515f040cd1c049649f9f9283c8

SHA1
2c46b5107a110794d9668b440480ef13dc04ee5f

SHA256
956242df1bba6a6d5966f45e8e8adde82b707246d26db440f6ca3680420d815b

SHA512
945e0c58426bf1c4ef61610f7df4442b464fab55352212620f9be40ee6f49fed4c890e4e7819015fc03b1e84b9db0b501a18876b51e2bad3326e3c636655c225

Download Submit
C:\Windows\system\kutwGHN.exe

Filesize
6.0MB

MD5
246b39b27830a5a169204167363c0c88

SHA1
1a90dd805c81d679e50e44710b7bf1c55b37199a

SHA256
a8b025d13b3e1fa9e62a4bd020ca0f9deeb01c8d5ab5c12dae4093d7e5d165ae

SHA512
429308fcbbdd47aa67f2af0964487a3ffb04e489062f7d7109c599e732e9f19f299d90a480d91c977cf12a6b387c5271b2d6ec05210b22b6f08cd9ec73532d89

Download Submit
C:\Windows\system\kxUSQXU.exe

Filesize
6.0MB

MD5
6b530a95a68b17ff30ae52d90d9b88e4

SHA1
994b5cb70faf54a141a717212c7ddc253b3f4bf1

SHA256
fa85392342503b0f535ca9a75e3bcecc79c8928cadb6c09198fee68541ea857c

SHA512
5101f20ccb899658003dc63d0e5a6c18e84db354568862bc41c25dba12005c3312a55006023b6714589a0abd5bf4050c0b7b8282b67306f128ec95cd3e0108db

Download Submit
C:\Windows\system\niEmCkn.exe

Filesize
6.0MB

MD5
e296cb88cdac90122ce17063a0ae75f5

SHA1
9b1deb0224a66a337b2cbc5e921b0d0069e4f7c0

SHA256
42bd36a36d407936e704ba470c04afb1189ba33324b6d57b5c018798bc46ce50

SHA512
37cd2f13f8f04694ae8270df64e1a7ce24fb0bb48de2b2f946870c3016ef3b67dafbbba0e179f392b543dadc13ccfe60835c5ab70bc8b4d719080fac3dfcaa28

Download Submit
C:\Windows\system\pRTqOWf.exe

Filesize
6.0MB

MD5
c5a6f22989816a86d38e0407050d6855

SHA1
2d696c16d5cf68ff3b7ed4fe5d9ea5856a33a962

SHA256
400891282442f932c18babf394cf191bb4244b9e2c2734a319ae0b79f0333ec4

SHA512
c06900cecb7e19fa3e1540998eb55f44ccaf9731760b2b965c8af19448d3bdd48ca8443b75dac40d728df5fb6a9374efbef2d9e2c0010766dac518a8209650c9

Download Submit
C:\Windows\system\tGZOWQP.exe

Filesize
6.0MB

MD5
8b865bf5b0f18b15df3a7b02ed529485

SHA1
7e88c24b9bea6cf9a4ee0eb2bdb562732abde67a

SHA256
61df024b2bae35d32f7b34df11bc719de8b7ea58c624ab7e3aa85ddcac92c544

SHA512
868209968fb837d23f6fc2cb9028b3ce0543ee482627bbbd2a17bdb166286c5dcc68f419855b288d45874b0fce9a0ffff91308c4f5b4defe51081c08b2cc8659

Download Submit
C:\Windows\system\uJTPVAc.exe

Filesize
6.0MB

MD5
efdda7feacc554cd5c04bd21573b0b6e

SHA1
1583518bfc5d8a74024ba55ba79df3c7bad9c357

SHA256
5382b0061b16eb95f70bdf7225cb01af7af6eb6c8b96294997217b2d23ddac2e

SHA512
154f5e0c683cde49401892a2a7e97dca39bcca0307612a8825155fca797732b78e1107b9c935eae4fd9f1a02905977eb2ac440aa11d92af9065fb130a93c49f9

Download Submit
C:\Windows\system\vJCypaA.exe

Filesize
6.0MB

MD5
43308e27e4e69a5b606482454029e98b

SHA1
2d018cfadde8adc82a5a82781bf02ca1c8dab178

SHA256
abc669ea6de77d1954792b966ead85174644721a79183895dd05bac025fac22a

SHA512
593f8dd7a47c416fc3847e12a2503c9a239b7be1ea5d4ab9dcf7a310fa01bfdf7cf350b750bc76065613dbb56e4e8da7ea71f43867b3a52da2cdc86d5d1910db

Download Submit
C:\Windows\system\wlxSWsY.exe

Filesize
6.0MB

MD5
9a529230c48dd4e08841fd1703e8e059

SHA1
113945fcd2c96d1d945611e914fba871996df497

SHA256
caeba845a17f5e17a73401ca934dfc166922e6e5158179db042438bbb52af051

SHA512
6824fa59955e47eefd76bf79cc8eba50b25396a7b4c650ba8f6ddd5f84e7e051189e08e20a6f8ba9a006639102bf19ac1fcedb4c30944f6272332539c0920f1d

Download Submit
C:\Windows\system\wytYTdi.exe

Filesize
6.0MB

MD5
10ab689a4812f0a585df4115e29917b0

SHA1
7abb1aa96ce8e40213e9aade6dfd41f415ca8fae

SHA256
9e92130fb527a525ae430915eecc50d520040a2d704710bb694283c5972a6fc6

SHA512
c73161aec9bbb527853ca118ca61f914ae119e44845c465199a64fd99e0bf80175668628e06cf9185bd503e1ca4f9e0ba1a35d71521cd568600a3bc8d7a021dc

Download Submit
C:\Windows\system\yzxzQFN.exe

Filesize
6.0MB

MD5
fb87e6c81b181cadd2ce2b30404f86e6

SHA1
14963f3cd5917acba268bf5161b841f22118606a

SHA256
c593af938c9fddeed795b0446867ecb13a87a4f5075300bab7547131f6c92e8d

SHA512
e2154f7a73e987b09646c0fd7392ee5b18a9e780d8dcc65731e496fd0fd80bb3c351c1eded6f10c0bda2b4ef4fdc27bb27c8424075add98128979dc42e9e8626

Download Submit
\Windows\system\TVuOLwj.exe

Filesize
6.0MB

MD5
a97c04c72d888be1a8b3c62ba89c3d26

SHA1
03f3b7a0d3d716eddd8ce8a5c34b5c72c134d09f

SHA256
397dade6f9ac55218e726ccbfab160633453710a10ce7b5c4ec40d1bf6068961

SHA512
da1207c8ddc0393a3f7ea34aafc47c217cf59532c86ec440077c4fb9faefd5ce47a4dbd75db89724b3a2b5a741637e892a5297fc1ff573f0c2ce99005403bcc1

Download Submit
\Windows\system\uOVdolO.exe

Filesize
6.0MB

MD5
0a531e6944416b55f965aa13aa0bfa5b

SHA1
abce2370754942a7548efadc081af96534ebeba4

SHA256
d0f9d7b5b9cc2908261036a0cc787a68ab3399d3cf53e27a66cc50aaa082ad85

SHA512
7a88b1cc2589c77dd5b9de554e582664d9e3d1f7c44157e1c04437dcce2b5b456e598a81402f7e362c3a4f2982d1fa7ad3f5802ec7d0a00aba011d87c510f295

Download Submit
memory/1076-100-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1076-707-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1076-3587-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/1332-51-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1332-3531-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1332-13-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1704-109-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-861-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-3582-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1744-91-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1744-3570-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1744-535-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2012-3565-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2012-76-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2012-222-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2108-375-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2108-85-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2108-3581-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2228-3529-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-30-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2284-3530-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2284-64-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2284-27-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2316-104-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2316-113-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2316-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2316-6-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-19-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2316-95-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-65-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2316-96-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2316-29-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-72-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2316-56-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2316-57-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-953-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-800-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-0-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2316-50-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-105-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-46-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2316-620-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2316-445-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-32-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2316-80-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-39-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-114-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-299-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/2316-23-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-52-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2336-3522-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2336-15-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2608-60-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3545-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2608-99-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2640-108-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2640-3580-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2640-68-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2712-42-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2712-84-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3534-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3543-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2860-75-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2860-36-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3562-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2904-90-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2904-53-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download