cobaltstrike | 40eac1c5270cfbf50c2bf8987e477737cb25bb4f4d08ee2b76faeb13ffdab9c0

Analysis

max time kernel
150s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 01:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

11c050f20ac6c12da825a0d68009e99e
SHA1

3af4b81e1ad43f59094d0ac6b825f8ba2755cd65
SHA256

40eac1c5270cfbf50c2bf8987e477737cb25bb4f4d08ee2b76faeb13ffdab9c0
SHA512

67c97434972ab8baa3898281f975d48faaee2e9da82762a56985d36c406f9a48ab90d4418ed9eff7cb281e4ec253533fc404ed20dee6b7bfff139430cc159ebb
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012266-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000195c6-6.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001960c-8.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019643-23.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001975a-34.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001a03c-46.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000197fd-49.dat	cobalt_reflective_dll
behavioral1/files/0x002a0000000195bd-57.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a482-68.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a1-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49f-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49e-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ba-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ff-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b4-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ac-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a2-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a493-118.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a491-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48f-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48a-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a486-82.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a488-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a484-76.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a480-62.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3064-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x000c000000012266-3.dat	xmrig
behavioral1/files/0x00080000000195c6-6.dat	xmrig
behavioral1/memory/2824-16-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2932-15-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/files/0x000600000001960c-8.dat	xmrig
behavioral1/files/0x0006000000019643-23.dat	xmrig
behavioral1/files/0x000600000001975a-34.dat	xmrig
behavioral1/memory/2660-37-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x000600000001a03c-46.dat	xmrig
behavioral1/files/0x00080000000197fd-49.dat	xmrig
behavioral1/files/0x002a0000000195bd-57.dat	xmrig
behavioral1/files/0x000500000001a482-68.dat	xmrig
behavioral1/memory/2616-79-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/1056-70-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a48d-99.dat	xmrig
behavioral1/memory/2720-106-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x000500000001a49a-126.dat	xmrig
behavioral1/files/0x000500000001a4a1-139.dat	xmrig
behavioral1/files/0x000500000001a49f-135.dat	xmrig
behavioral1/files/0x000500000001a49e-131.dat	xmrig
behavioral1/memory/1056-140-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ab-151.dat	xmrig
behavioral1/files/0x000500000001a4ad-160.dat	xmrig
behavioral1/files/0x000500000001a4ba-169.dat	xmrig
behavioral1/memory/3064-302-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2720-429-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/3064-428-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ff-177.dat	xmrig
behavioral1/files/0x000500000001a4bf-173.dat	xmrig
behavioral1/memory/2616-162-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4b4-165.dat	xmrig
behavioral1/files/0x000500000001a4ac-156.dat	xmrig
behavioral1/files/0x000500000001a4a9-148.dat	xmrig
behavioral1/files/0x000500000001a4a2-143.dat	xmrig
behavioral1/files/0x000500000001a499-123.dat	xmrig
behavioral1/files/0x000500000001a493-118.dat	xmrig
behavioral1/files/0x000500000001a491-115.dat	xmrig
behavioral1/files/0x000500000001a48f-111.dat	xmrig
behavioral1/memory/3064-98-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/memory/2544-97-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2180-95-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/3064-107-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x000500000001a48a-91.dat	xmrig
behavioral1/memory/3064-105-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/files/0x000500000001a486-82.dat	xmrig
behavioral1/memory/1416-104-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2300-89-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a488-88.dat	xmrig
behavioral1/memory/2684-77-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x000500000001a484-76.dat	xmrig
behavioral1/memory/1416-58-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/1876-56-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/1932-65-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/2180-52-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x000500000001a480-62.dat	xmrig
behavioral1/memory/3064-38-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2684-29-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2868-26-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/memory/3064-22-0x0000000002410000-0x0000000002764000-memory.dmp	xmrig
behavioral1/memory/2932-1251-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2824-1250-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2660-1249-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2684-1248-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2932	GLaWiRW.exe
2824	WgOcpXL.exe
2868	zxDgVHF.exe
2684	XQFhEVu.exe
2660	snmKGtL.exe
2180	IUNromt.exe
1876	CYQWZnh.exe
1416	rugHXFG.exe
1932	OjkBOFd.exe
1056	orezsWo.exe
2616	cBdzLhR.exe
2300	KwAIUDL.exe
2544	POzUBhQ.exe
2720	XlcwsDW.exe
3016	FkTOEZj.exe
2860	jsmxeck.exe
3040	VpxonKU.exe
1176	sukxRAT.exe
2756	meOnKaY.exe
2448	VzjbHPO.exe
2356	rGqVoYi.exe
428	cbWrFOe.exe
768	rHGcAEf.exe
2468	QwByIHk.exe
2428	IXgcbvB.exe
1948	yOKaBjU.exe
1732	MwOCqYx.exe
1812	fxAQRQo.exe
2540	vUiNgUa.exe
976	jsheVQw.exe
960	HZigpkp.exe
1072	aRAxoqT.exe
776	DaQITYd.exe
972	gGRgBjF.exe
1520	hQIuFrQ.exe
652	NHPmTmY.exe
1648	apgDEvP.exe
1252	FDvCLNQ.exe
1464	DWJTiVb.exe
1540	MdpYnli.exe
1376	UIgxlTk.exe
1116	xxnJapQ.exe
2560	CASMbhn.exe
2268	ATcMhKO.exe
2572	SzoSLBM.exe
2016	nyWpkcC.exe
360	qHXuWSR.exe
2116	sHqqBfS.exe
836	nMYIyqB.exe
2580	KlygKaM.exe
1748	KklQnbZ.exe
888	zCmrVvR.exe
2160	RfdLGLv.exe
1604	wmClXZs.exe
2156	CiCodfn.exe
3032	isJUmsD.exe
2152	dwKkUVs.exe
1928	HOpwxLB.exe
2204	DFbnZTA.exe
2240	sqnAiaW.exe
1888	RkAwiUz.exe
876	ldrxqpP.exe
2748	wxMUnmb.exe
1144	MgzQKjC.exe

Loads dropped DLL 64 IoCs

pid	Process
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3064-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x000c000000012266-3.dat	upx
behavioral1/files/0x00080000000195c6-6.dat	upx
behavioral1/memory/2824-16-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2932-15-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/files/0x000600000001960c-8.dat	upx
behavioral1/files/0x0006000000019643-23.dat	upx
behavioral1/files/0x000600000001975a-34.dat	upx
behavioral1/memory/2660-37-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x000600000001a03c-46.dat	upx
behavioral1/files/0x00080000000197fd-49.dat	upx
behavioral1/files/0x002a0000000195bd-57.dat	upx
behavioral1/files/0x000500000001a482-68.dat	upx
behavioral1/memory/2616-79-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/1056-70-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x000500000001a48d-99.dat	upx
behavioral1/memory/2720-106-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x000500000001a49a-126.dat	upx
behavioral1/files/0x000500000001a4a1-139.dat	upx
behavioral1/files/0x000500000001a49f-135.dat	upx
behavioral1/files/0x000500000001a49e-131.dat	upx
behavioral1/memory/1056-140-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x000500000001a4ab-151.dat	upx
behavioral1/files/0x000500000001a4ad-160.dat	upx
behavioral1/files/0x000500000001a4ba-169.dat	upx
behavioral1/memory/2720-429-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/files/0x000500000001a4ff-177.dat	upx
behavioral1/files/0x000500000001a4bf-173.dat	upx
behavioral1/memory/2616-162-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/files/0x000500000001a4b4-165.dat	upx
behavioral1/files/0x000500000001a4ac-156.dat	upx
behavioral1/files/0x000500000001a4a9-148.dat	upx
behavioral1/files/0x000500000001a4a2-143.dat	upx
behavioral1/files/0x000500000001a499-123.dat	upx
behavioral1/files/0x000500000001a493-118.dat	upx
behavioral1/files/0x000500000001a491-115.dat	upx
behavioral1/files/0x000500000001a48f-111.dat	upx
behavioral1/memory/2544-97-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2180-95-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x000500000001a48a-91.dat	upx
behavioral1/files/0x000500000001a486-82.dat	upx
behavioral1/memory/1416-104-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2300-89-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x000500000001a488-88.dat	upx
behavioral1/memory/2684-77-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x000500000001a484-76.dat	upx
behavioral1/memory/1416-58-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/1876-56-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/1932-65-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2180-52-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x000500000001a480-62.dat	upx
behavioral1/memory/3064-38-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2684-29-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2868-26-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/2932-1251-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2824-1250-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2660-1249-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2684-1248-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2868-1247-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/memory/1932-1288-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/2180-1280-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1416-1307-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/1056-1308-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1876-1306-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rnDHtue.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WQMVvat.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMibZYd.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RPPicWA.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAXbemc.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onHNLto.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DgyHGjb.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbPwPsM.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQAvccv.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NubkPjW.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wMwJXWW.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yskYQeR.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xYmwwbs.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fneNZZI.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OZXUnHj.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRlGfWl.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuhRMAs.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCjhHNw.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOrqGyH.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnLrllC.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dShzklW.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHEQfAm.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GqfbHEs.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\duGmkOG.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NKCejQM.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFrajXn.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LuiJOrL.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtVgvcK.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCKFsuj.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZWUxvh.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pimETJb.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYVrUsu.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fuFQsLA.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgCyCRy.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rJPOMCY.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlWAzbU.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hphrbmx.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SyJKRMG.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pBIfIXh.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkzMZir.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bdLvElg.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tsOUgaz.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTWsWok.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVetlMP.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfYVTgg.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qQTyPmS.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\neDZXRq.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCmIeSJ.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDOjjMN.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owjnrhJ.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpTYuDt.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vqiXLOQ.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YOhDFFJ.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MweApsJ.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BHANjzr.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBqNLvR.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlEtZAQ.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fEThThu.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbdIgRs.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfCPmAi.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmEOdBl.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyPyxYA.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XywSDjh.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxalzWK.exe	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2932	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3064 wrote to memory of 2932	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3064 wrote to memory of 2932	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3064 wrote to memory of 2824	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3064 wrote to memory of 2824	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3064 wrote to memory of 2824	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3064 wrote to memory of 2868	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3064 wrote to memory of 2868	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3064 wrote to memory of 2868	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3064 wrote to memory of 2684	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3064 wrote to memory of 2684	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3064 wrote to memory of 2684	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3064 wrote to memory of 2660	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3064 wrote to memory of 2660	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3064 wrote to memory of 2660	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3064 wrote to memory of 1876	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3064 wrote to memory of 1876	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3064 wrote to memory of 1876	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3064 wrote to memory of 2180	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3064 wrote to memory of 2180	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3064 wrote to memory of 2180	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3064 wrote to memory of 1416	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3064 wrote to memory of 1416	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3064 wrote to memory of 1416	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3064 wrote to memory of 1932	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3064 wrote to memory of 1932	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3064 wrote to memory of 1932	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3064 wrote to memory of 1056	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3064 wrote to memory of 1056	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3064 wrote to memory of 1056	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3064 wrote to memory of 2616	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3064 wrote to memory of 2616	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3064 wrote to memory of 2616	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3064 wrote to memory of 2300	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3064 wrote to memory of 2300	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3064 wrote to memory of 2300	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3064 wrote to memory of 2544	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3064 wrote to memory of 2544	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3064 wrote to memory of 2544	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3064 wrote to memory of 3016	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3064 wrote to memory of 3016	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3064 wrote to memory of 3016	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3064 wrote to memory of 2720	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3064 wrote to memory of 2720	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3064 wrote to memory of 2720	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3064 wrote to memory of 2860	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3064 wrote to memory of 2860	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3064 wrote to memory of 2860	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3064 wrote to memory of 3040	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3064 wrote to memory of 3040	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3064 wrote to memory of 3040	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3064 wrote to memory of 1176	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3064 wrote to memory of 1176	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3064 wrote to memory of 1176	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3064 wrote to memory of 2756	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3064 wrote to memory of 2756	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3064 wrote to memory of 2756	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3064 wrote to memory of 2448	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3064 wrote to memory of 2448	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3064 wrote to memory of 2448	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3064 wrote to memory of 2356	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3064 wrote to memory of 2356	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3064 wrote to memory of 2356	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3064 wrote to memory of 428	3064	2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_11c050f20ac6c12da825a0d68009e99e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\System\GLaWiRW.exe
  C:\Windows\System\GLaWiRW.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\WgOcpXL.exe
  C:\Windows\System\WgOcpXL.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\zxDgVHF.exe
  C:\Windows\System\zxDgVHF.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\XQFhEVu.exe
  C:\Windows\System\XQFhEVu.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\snmKGtL.exe
  C:\Windows\System\snmKGtL.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\CYQWZnh.exe
  C:\Windows\System\CYQWZnh.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\IUNromt.exe
  C:\Windows\System\IUNromt.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\rugHXFG.exe
  C:\Windows\System\rugHXFG.exe
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Windows\System\OjkBOFd.exe
  C:\Windows\System\OjkBOFd.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\orezsWo.exe
  C:\Windows\System\orezsWo.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\cBdzLhR.exe
  C:\Windows\System\cBdzLhR.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\KwAIUDL.exe
  C:\Windows\System\KwAIUDL.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\POzUBhQ.exe
  C:\Windows\System\POzUBhQ.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\FkTOEZj.exe
  C:\Windows\System\FkTOEZj.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\XlcwsDW.exe
  C:\Windows\System\XlcwsDW.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\jsmxeck.exe
  C:\Windows\System\jsmxeck.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\VpxonKU.exe
  C:\Windows\System\VpxonKU.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\sukxRAT.exe
  C:\Windows\System\sukxRAT.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\meOnKaY.exe
  C:\Windows\System\meOnKaY.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\VzjbHPO.exe
  C:\Windows\System\VzjbHPO.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\rGqVoYi.exe
  C:\Windows\System\rGqVoYi.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\cbWrFOe.exe
  C:\Windows\System\cbWrFOe.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\rHGcAEf.exe
  C:\Windows\System\rHGcAEf.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\QwByIHk.exe
  C:\Windows\System\QwByIHk.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\IXgcbvB.exe
  C:\Windows\System\IXgcbvB.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\yOKaBjU.exe
  C:\Windows\System\yOKaBjU.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\MwOCqYx.exe
  C:\Windows\System\MwOCqYx.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\fxAQRQo.exe
  C:\Windows\System\fxAQRQo.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\vUiNgUa.exe
  C:\Windows\System\vUiNgUa.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\jsheVQw.exe
  C:\Windows\System\jsheVQw.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\HZigpkp.exe
  C:\Windows\System\HZigpkp.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\aRAxoqT.exe
  C:\Windows\System\aRAxoqT.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\DaQITYd.exe
  C:\Windows\System\DaQITYd.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\gGRgBjF.exe
  C:\Windows\System\gGRgBjF.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\hQIuFrQ.exe
  C:\Windows\System\hQIuFrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\NHPmTmY.exe
  C:\Windows\System\NHPmTmY.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\apgDEvP.exe
  C:\Windows\System\apgDEvP.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\FDvCLNQ.exe
  C:\Windows\System\FDvCLNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\DWJTiVb.exe
  C:\Windows\System\DWJTiVb.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\MdpYnli.exe
  C:\Windows\System\MdpYnli.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\UIgxlTk.exe
  C:\Windows\System\UIgxlTk.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\sHqqBfS.exe
  C:\Windows\System\sHqqBfS.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\xxnJapQ.exe
  C:\Windows\System\xxnJapQ.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\nMYIyqB.exe
  C:\Windows\System\nMYIyqB.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\CASMbhn.exe
  C:\Windows\System\CASMbhn.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\KlygKaM.exe
  C:\Windows\System\KlygKaM.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\ATcMhKO.exe
  C:\Windows\System\ATcMhKO.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\sqnAiaW.exe
  C:\Windows\System\sqnAiaW.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\SzoSLBM.exe
  C:\Windows\System\SzoSLBM.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\RkAwiUz.exe
  C:\Windows\System\RkAwiUz.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\nyWpkcC.exe
  C:\Windows\System\nyWpkcC.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\ldrxqpP.exe
  C:\Windows\System\ldrxqpP.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\qHXuWSR.exe
  C:\Windows\System\qHXuWSR.exe
  2⤵
  - Executes dropped EXE
  PID:360
- C:\Windows\System\MgzQKjC.exe
  C:\Windows\System\MgzQKjC.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\KklQnbZ.exe
  C:\Windows\System\KklQnbZ.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\AnLrllC.exe
  C:\Windows\System\AnLrllC.exe
  2⤵
  PID:2100
- C:\Windows\System\zCmrVvR.exe
  C:\Windows\System\zCmrVvR.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\hgYnwrs.exe
  C:\Windows\System\hgYnwrs.exe
  2⤵
  PID:752
- C:\Windows\System\RfdLGLv.exe
  C:\Windows\System\RfdLGLv.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\NxaiGEE.exe
  C:\Windows\System\NxaiGEE.exe
  2⤵
  PID:2104
- C:\Windows\System\wmClXZs.exe
  C:\Windows\System\wmClXZs.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\vETVbIs.exe
  C:\Windows\System\vETVbIs.exe
  2⤵
  PID:2900
- C:\Windows\System\CiCodfn.exe
  C:\Windows\System\CiCodfn.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\cJIrzAc.exe
  C:\Windows\System\cJIrzAc.exe
  2⤵
  PID:2780
- C:\Windows\System\isJUmsD.exe
  C:\Windows\System\isJUmsD.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\JskQQhP.exe
  C:\Windows\System\JskQQhP.exe
  2⤵
  PID:2692
- C:\Windows\System\dwKkUVs.exe
  C:\Windows\System\dwKkUVs.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\enNIVMD.exe
  C:\Windows\System\enNIVMD.exe
  2⤵
  PID:2500
- C:\Windows\System\HOpwxLB.exe
  C:\Windows\System\HOpwxLB.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\aMysnTL.exe
  C:\Windows\System\aMysnTL.exe
  2⤵
  PID:664
- C:\Windows\System\DFbnZTA.exe
  C:\Windows\System\DFbnZTA.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\NuUMdLp.exe
  C:\Windows\System\NuUMdLp.exe
  2⤵
  PID:2980
- C:\Windows\System\wxMUnmb.exe
  C:\Windows\System\wxMUnmb.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\AhaumzN.exe
  C:\Windows\System\AhaumzN.exe
  2⤵
  PID:3036
- C:\Windows\System\clHifWP.exe
  C:\Windows\System\clHifWP.exe
  2⤵
  PID:1992
- C:\Windows\System\UsmgOPD.exe
  C:\Windows\System\UsmgOPD.exe
  2⤵
  PID:1020
- C:\Windows\System\DHwBQpH.exe
  C:\Windows\System\DHwBQpH.exe
  2⤵
  PID:2420
- C:\Windows\System\DMJIeve.exe
  C:\Windows\System\DMJIeve.exe
  2⤵
  PID:2056
- C:\Windows\System\fJRkfQU.exe
  C:\Windows\System\fJRkfQU.exe
  2⤵
  PID:1956
- C:\Windows\System\BRSwSrw.exe
  C:\Windows\System\BRSwSrw.exe
  2⤵
  PID:2084
- C:\Windows\System\YFlNrWV.exe
  C:\Windows\System\YFlNrWV.exe
  2⤵
  PID:2080
- C:\Windows\System\azzawtN.exe
  C:\Windows\System\azzawtN.exe
  2⤵
  PID:1088
- C:\Windows\System\NsomLGP.exe
  C:\Windows\System\NsomLGP.exe
  2⤵
  PID:2368
- C:\Windows\System\ZShXphK.exe
  C:\Windows\System\ZShXphK.exe
  2⤵
  PID:860
- C:\Windows\System\RmdcHsR.exe
  C:\Windows\System\RmdcHsR.exe
  2⤵
  PID:2548
- C:\Windows\System\zFNErXF.exe
  C:\Windows\System\zFNErXF.exe
  2⤵
  PID:2612
- C:\Windows\System\PYpINzc.exe
  C:\Windows\System\PYpINzc.exe
  2⤵
  PID:1436
- C:\Windows\System\exmVuFQ.exe
  C:\Windows\System\exmVuFQ.exe
  2⤵
  PID:2376
- C:\Windows\System\rdentix.exe
  C:\Windows\System\rdentix.exe
  2⤵
  PID:1596
- C:\Windows\System\qOcUlQk.exe
  C:\Windows\System\qOcUlQk.exe
  2⤵
  PID:2672
- C:\Windows\System\BnpIXNi.exe
  C:\Windows\System\BnpIXNi.exe
  2⤵
  PID:812
- C:\Windows\System\yskYQeR.exe
  C:\Windows\System\yskYQeR.exe
  2⤵
  PID:1668
- C:\Windows\System\GlUHzfb.exe
  C:\Windows\System\GlUHzfb.exe
  2⤵
  PID:1976
- C:\Windows\System\VEAQcTM.exe
  C:\Windows\System\VEAQcTM.exe
  2⤵
  PID:940
- C:\Windows\System\WUiikfN.exe
  C:\Windows\System\WUiikfN.exe
  2⤵
  PID:2188
- C:\Windows\System\vBoFkIE.exe
  C:\Windows\System\vBoFkIE.exe
  2⤵
  PID:108
- C:\Windows\System\XiyFcUR.exe
  C:\Windows\System\XiyFcUR.exe
  2⤵
  PID:1388
- C:\Windows\System\oyDgSeG.exe
  C:\Windows\System\oyDgSeG.exe
  2⤵
  PID:1904
- C:\Windows\System\IHPyHGh.exe
  C:\Windows\System\IHPyHGh.exe
  2⤵
  PID:1988
- C:\Windows\System\ENyURJt.exe
  C:\Windows\System\ENyURJt.exe
  2⤵
  PID:2168
- C:\Windows\System\MjWoEoH.exe
  C:\Windows\System\MjWoEoH.exe
  2⤵
  PID:2816
- C:\Windows\System\xuckjFu.exe
  C:\Windows\System\xuckjFu.exe
  2⤵
  PID:2908
- C:\Windows\System\FRvVqYk.exe
  C:\Windows\System\FRvVqYk.exe
  2⤵
  PID:764
- C:\Windows\System\PqQOTpy.exe
  C:\Windows\System\PqQOTpy.exe
  2⤵
  PID:1652
- C:\Windows\System\IYVRRvY.exe
  C:\Windows\System\IYVRRvY.exe
  2⤵
  PID:692
- C:\Windows\System\PDHAHDm.exe
  C:\Windows\System\PDHAHDm.exe
  2⤵
  PID:3024
- C:\Windows\System\AEKnmZi.exe
  C:\Windows\System\AEKnmZi.exe
  2⤵
  PID:2384
- C:\Windows\System\MxLtogj.exe
  C:\Windows\System\MxLtogj.exe
  2⤵
  PID:3356
- C:\Windows\System\rJPOMCY.exe
  C:\Windows\System\rJPOMCY.exe
  2⤵
  PID:3372
- C:\Windows\System\WSokjdY.exe
  C:\Windows\System\WSokjdY.exe
  2⤵
  PID:3396
- C:\Windows\System\xbXTGsE.exe
  C:\Windows\System\xbXTGsE.exe
  2⤵
  PID:3412
- C:\Windows\System\eQtKLwV.exe
  C:\Windows\System\eQtKLwV.exe
  2⤵
  PID:3436
- C:\Windows\System\iCfvopl.exe
  C:\Windows\System\iCfvopl.exe
  2⤵
  PID:3460
- C:\Windows\System\pUcSUXR.exe
  C:\Windows\System\pUcSUXR.exe
  2⤵
  PID:3480
- C:\Windows\System\ksskote.exe
  C:\Windows\System\ksskote.exe
  2⤵
  PID:3500
- C:\Windows\System\hYdIBXS.exe
  C:\Windows\System\hYdIBXS.exe
  2⤵
  PID:3520
- C:\Windows\System\TJczxBy.exe
  C:\Windows\System\TJczxBy.exe
  2⤵
  PID:3544
- C:\Windows\System\jCsJaUx.exe
  C:\Windows\System\jCsJaUx.exe
  2⤵
  PID:3564
- C:\Windows\System\sSViwQE.exe
  C:\Windows\System\sSViwQE.exe
  2⤵
  PID:3580
- C:\Windows\System\nAguZbj.exe
  C:\Windows\System\nAguZbj.exe
  2⤵
  PID:3596
- C:\Windows\System\btMsCoX.exe
  C:\Windows\System\btMsCoX.exe
  2⤵
  PID:3620
- C:\Windows\System\MGzIXoT.exe
  C:\Windows\System\MGzIXoT.exe
  2⤵
  PID:3636
- C:\Windows\System\pjCzbQD.exe
  C:\Windows\System\pjCzbQD.exe
  2⤵
  PID:3656
- C:\Windows\System\yVifFlM.exe
  C:\Windows\System\yVifFlM.exe
  2⤵
  PID:3672
- C:\Windows\System\BDQIwhS.exe
  C:\Windows\System\BDQIwhS.exe
  2⤵
  PID:3688
- C:\Windows\System\PkTxJlW.exe
  C:\Windows\System\PkTxJlW.exe
  2⤵
  PID:3704
- C:\Windows\System\hQyeuWC.exe
  C:\Windows\System\hQyeuWC.exe
  2⤵
  PID:3736
- C:\Windows\System\scCdTpL.exe
  C:\Windows\System\scCdTpL.exe
  2⤵
  PID:3760
- C:\Windows\System\afiNVHE.exe
  C:\Windows\System\afiNVHE.exe
  2⤵
  PID:3776
- C:\Windows\System\WMLcEVx.exe
  C:\Windows\System\WMLcEVx.exe
  2⤵
  PID:3792
- C:\Windows\System\qGkZMdO.exe
  C:\Windows\System\qGkZMdO.exe
  2⤵
  PID:3812
- C:\Windows\System\BFrajXn.exe
  C:\Windows\System\BFrajXn.exe
  2⤵
  PID:3828
- C:\Windows\System\kCMQeWZ.exe
  C:\Windows\System\kCMQeWZ.exe
  2⤵
  PID:3848
- C:\Windows\System\uiJNJTR.exe
  C:\Windows\System\uiJNJTR.exe
  2⤵
  PID:3864
- C:\Windows\System\zhifZZX.exe
  C:\Windows\System\zhifZZX.exe
  2⤵
  PID:3892
- C:\Windows\System\OvXKnXa.exe
  C:\Windows\System\OvXKnXa.exe
  2⤵
  PID:3912
- C:\Windows\System\XpiKLMJ.exe
  C:\Windows\System\XpiKLMJ.exe
  2⤵
  PID:3932
- C:\Windows\System\ZLuDMPA.exe
  C:\Windows\System\ZLuDMPA.exe
  2⤵
  PID:3948
- C:\Windows\System\vdcTEBf.exe
  C:\Windows\System\vdcTEBf.exe
  2⤵
  PID:3968
- C:\Windows\System\kKHjbcW.exe
  C:\Windows\System\kKHjbcW.exe
  2⤵
  PID:3984
- C:\Windows\System\KbFXAql.exe
  C:\Windows\System\KbFXAql.exe
  2⤵
  PID:4000
- C:\Windows\System\QSUiHQc.exe
  C:\Windows\System\QSUiHQc.exe
  2⤵
  PID:4020
- C:\Windows\System\fUuLOqy.exe
  C:\Windows\System\fUuLOqy.exe
  2⤵
  PID:4036
- C:\Windows\System\itVcrci.exe
  C:\Windows\System\itVcrci.exe
  2⤵
  PID:4056
- C:\Windows\System\LuiJOrL.exe
  C:\Windows\System\LuiJOrL.exe
  2⤵
  PID:4076
- C:\Windows\System\HEKUwxE.exe
  C:\Windows\System\HEKUwxE.exe
  2⤵
  PID:4092
- C:\Windows\System\LiSSRoo.exe
  C:\Windows\System\LiSSRoo.exe
  2⤵
  PID:2784
- C:\Windows\System\hQRyenF.exe
  C:\Windows\System\hQRyenF.exe
  2⤵
  PID:1688
- C:\Windows\System\VBYIXSZ.exe
  C:\Windows\System\VBYIXSZ.exe
  2⤵
  PID:1612
- C:\Windows\System\zWoFgoH.exe
  C:\Windows\System\zWoFgoH.exe
  2⤵
  PID:436
- C:\Windows\System\PbBTybI.exe
  C:\Windows\System\PbBTybI.exe
  2⤵
  PID:2904
- C:\Windows\System\vjuQQNC.exe
  C:\Windows\System\vjuQQNC.exe
  2⤵
  PID:2348
- C:\Windows\System\GRdZdCg.exe
  C:\Windows\System\GRdZdCg.exe
  2⤵
  PID:2024
- C:\Windows\System\ASxLwAF.exe
  C:\Windows\System\ASxLwAF.exe
  2⤵
  PID:1632
- C:\Windows\System\EpwHMVx.exe
  C:\Windows\System\EpwHMVx.exe
  2⤵
  PID:1508
- C:\Windows\System\WphOZhm.exe
  C:\Windows\System\WphOZhm.exe
  2⤵
  PID:1804
- C:\Windows\System\VvWPLsC.exe
  C:\Windows\System\VvWPLsC.exe
  2⤵
  PID:2656
- C:\Windows\System\DdEqNSE.exe
  C:\Windows\System\DdEqNSE.exe
  2⤵
  PID:2676
- C:\Windows\System\eNVfmRM.exe
  C:\Windows\System\eNVfmRM.exe
  2⤵
  PID:3088
- C:\Windows\System\jabVQLa.exe
  C:\Windows\System\jabVQLa.exe
  2⤵
  PID:3104
- C:\Windows\System\ItmuFPW.exe
  C:\Windows\System\ItmuFPW.exe
  2⤵
  PID:3128
- C:\Windows\System\rJyVwzs.exe
  C:\Windows\System\rJyVwzs.exe
  2⤵
  PID:3144
- C:\Windows\System\WmyDdjT.exe
  C:\Windows\System\WmyDdjT.exe
  2⤵
  PID:3160
- C:\Windows\System\gmyOdth.exe
  C:\Windows\System\gmyOdth.exe
  2⤵
  PID:3176
- C:\Windows\System\JpyOxum.exe
  C:\Windows\System\JpyOxum.exe
  2⤵
  PID:3192
- C:\Windows\System\GXGhxdQ.exe
  C:\Windows\System\GXGhxdQ.exe
  2⤵
  PID:3208
- C:\Windows\System\jyPyxYA.exe
  C:\Windows\System\jyPyxYA.exe
  2⤵
  PID:3228
- C:\Windows\System\VvvhgGw.exe
  C:\Windows\System\VvvhgGw.exe
  2⤵
  PID:3240
- C:\Windows\System\ZJgpAyD.exe
  C:\Windows\System\ZJgpAyD.exe
  2⤵
  PID:3256
- C:\Windows\System\IfZweOc.exe
  C:\Windows\System\IfZweOc.exe
  2⤵
  PID:3272
- C:\Windows\System\yCdujfF.exe
  C:\Windows\System\yCdujfF.exe
  2⤵
  PID:3288
- C:\Windows\System\BcAlcbU.exe
  C:\Windows\System\BcAlcbU.exe
  2⤵
  PID:3304
- C:\Windows\System\fGXhOxG.exe
  C:\Windows\System\fGXhOxG.exe
  2⤵
  PID:3324
- C:\Windows\System\CdMfPQM.exe
  C:\Windows\System\CdMfPQM.exe
  2⤵
  PID:3336
- C:\Windows\System\KFAqSxK.exe
  C:\Windows\System\KFAqSxK.exe
  2⤵
  PID:1868
- C:\Windows\System\iTPxYAp.exe
  C:\Windows\System\iTPxYAp.exe
  2⤵
  PID:2556
- C:\Windows\System\yeLyIiS.exe
  C:\Windows\System\yeLyIiS.exe
  2⤵
  PID:3392
- C:\Windows\System\vpTYuDt.exe
  C:\Windows\System\vpTYuDt.exe
  2⤵
  PID:2844
- C:\Windows\System\MudFgkg.exe
  C:\Windows\System\MudFgkg.exe
  2⤵
  PID:3428
- C:\Windows\System\eQUnLqx.exe
  C:\Windows\System\eQUnLqx.exe
  2⤵
  PID:3444
- C:\Windows\System\eXFxRaV.exe
  C:\Windows\System\eXFxRaV.exe
  2⤵
  PID:2364
- C:\Windows\System\fhWsQFf.exe
  C:\Windows\System\fhWsQFf.exe
  2⤵
  PID:3476
- C:\Windows\System\OHKvjSC.exe
  C:\Windows\System\OHKvjSC.exe
  2⤵
  PID:3508
- C:\Windows\System\tiHOKoG.exe
  C:\Windows\System\tiHOKoG.exe
  2⤵
  PID:3512
- C:\Windows\System\NlhvGWh.exe
  C:\Windows\System\NlhvGWh.exe
  2⤵
  PID:2800
- C:\Windows\System\yMuOwnL.exe
  C:\Windows\System\yMuOwnL.exe
  2⤵
  PID:3552
- C:\Windows\System\zkzRVvU.exe
  C:\Windows\System\zkzRVvU.exe
  2⤵
  PID:3556
- C:\Windows\System\schUlqC.exe
  C:\Windows\System\schUlqC.exe
  2⤵
  PID:3628
- C:\Windows\System\hROMejR.exe
  C:\Windows\System\hROMejR.exe
  2⤵
  PID:3696
- C:\Windows\System\rDMIOvM.exe
  C:\Windows\System\rDMIOvM.exe
  2⤵
  PID:3756
- C:\Windows\System\xsfXpEh.exe
  C:\Windows\System\xsfXpEh.exe
  2⤵
  PID:3824
- C:\Windows\System\fbPwPsM.exe
  C:\Windows\System\fbPwPsM.exe
  2⤵
  PID:3908
- C:\Windows\System\rQBxXDo.exe
  C:\Windows\System\rQBxXDo.exe
  2⤵
  PID:3976
- C:\Windows\System\uDtisjE.exe
  C:\Windows\System\uDtisjE.exe
  2⤵
  PID:4012
- C:\Windows\System\dZPCNgR.exe
  C:\Windows\System\dZPCNgR.exe
  2⤵
  PID:4052
- C:\Windows\System\dEmIxar.exe
  C:\Windows\System\dEmIxar.exe
  2⤵
  PID:1720
- C:\Windows\System\MiroiQC.exe
  C:\Windows\System\MiroiQC.exe
  2⤵
  PID:932
- C:\Windows\System\TyWyoLi.exe
  C:\Windows\System\TyWyoLi.exe
  2⤵
  PID:2192
- C:\Windows\System\MzWZnaZ.exe
  C:\Windows\System\MzWZnaZ.exe
  2⤵
  PID:2212
- C:\Windows\System\OEGKGlM.exe
  C:\Windows\System\OEGKGlM.exe
  2⤵
  PID:3608
- C:\Windows\System\vraXtWi.exe
  C:\Windows\System\vraXtWi.exe
  2⤵
  PID:784
- C:\Windows\System\mdZRIId.exe
  C:\Windows\System\mdZRIId.exe
  2⤵
  PID:3648
- C:\Windows\System\wKlthPF.exe
  C:\Windows\System\wKlthPF.exe
  2⤵
  PID:3000
- C:\Windows\System\kSANTpQ.exe
  C:\Windows\System\kSANTpQ.exe
  2⤵
  PID:3136
- C:\Windows\System\HgaPcSk.exe
  C:\Windows\System\HgaPcSk.exe
  2⤵
  PID:3712
- C:\Windows\System\TWRavdt.exe
  C:\Windows\System\TWRavdt.exe
  2⤵
  PID:3196
- C:\Windows\System\QlWAzbU.exe
  C:\Windows\System\QlWAzbU.exe
  2⤵
  PID:3264
- C:\Windows\System\SyJKRMG.exe
  C:\Windows\System\SyJKRMG.exe
  2⤵
  PID:3328
- C:\Windows\System\MOKknjg.exe
  C:\Windows\System\MOKknjg.exe
  2⤵
  PID:1492
- C:\Windows\System\nZNfhys.exe
  C:\Windows\System\nZNfhys.exe
  2⤵
  PID:3408
- C:\Windows\System\UrfroEm.exe
  C:\Windows\System\UrfroEm.exe
  2⤵
  PID:3720
- C:\Windows\System\XUbcxqg.exe
  C:\Windows\System\XUbcxqg.exe
  2⤵
  PID:3496
- C:\Windows\System\QRyNPyG.exe
  C:\Windows\System\QRyNPyG.exe
  2⤵
  PID:1100
- C:\Windows\System\HFiYUJS.exe
  C:\Windows\System\HFiYUJS.exe
  2⤵
  PID:3744
- C:\Windows\System\QJDaViF.exe
  C:\Windows\System\QJDaViF.exe
  2⤵
  PID:3768
- C:\Windows\System\OZBFjXG.exe
  C:\Windows\System\OZBFjXG.exe
  2⤵
  PID:3900
- C:\Windows\System\BPiigKY.exe
  C:\Windows\System\BPiigKY.exe
  2⤵
  PID:4088
- C:\Windows\System\ZGawhTk.exe
  C:\Windows\System\ZGawhTk.exe
  2⤵
  PID:3800
- C:\Windows\System\SYDzCDx.exe
  C:\Windows\System\SYDzCDx.exe
  2⤵
  PID:3928
- C:\Windows\System\ipVAlgb.exe
  C:\Windows\System\ipVAlgb.exe
  2⤵
  PID:3220
- C:\Windows\System\OZXUnHj.exe
  C:\Windows\System\OZXUnHj.exe
  2⤵
  PID:1696
- C:\Windows\System\lVzytqX.exe
  C:\Windows\System\lVzytqX.exe
  2⤵
  PID:3340
- C:\Windows\System\OtVgvcK.exe
  C:\Windows\System\OtVgvcK.exe
  2⤵
  PID:2132
- C:\Windows\System\huzrsVd.exe
  C:\Windows\System\huzrsVd.exe
  2⤵
  PID:3312
- C:\Windows\System\ZRLKkbu.exe
  C:\Windows\System\ZRLKkbu.exe
  2⤵
  PID:2408
- C:\Windows\System\MZLzbGY.exe
  C:\Windows\System\MZLzbGY.exe
  2⤵
  PID:3168
- C:\Windows\System\LUQKIzf.exe
  C:\Windows\System\LUQKIzf.exe
  2⤵
  PID:3920
- C:\Windows\System\osFvgcF.exe
  C:\Windows\System\osFvgcF.exe
  2⤵
  PID:3300
- C:\Windows\System\tjjBWfi.exe
  C:\Windows\System\tjjBWfi.exe
  2⤵
  PID:3404
- C:\Windows\System\zjadCdx.exe
  C:\Windows\System\zjadCdx.exe
  2⤵
  PID:2760
- C:\Windows\System\WhMCXLR.exe
  C:\Windows\System\WhMCXLR.exe
  2⤵
  PID:2388
- C:\Windows\System\mUWNVdf.exe
  C:\Windows\System\mUWNVdf.exe
  2⤵
  PID:2668
- C:\Windows\System\bMMQOqj.exe
  C:\Windows\System\bMMQOqj.exe
  2⤵
  PID:3844
- C:\Windows\System\MoyEuuX.exe
  C:\Windows\System\MoyEuuX.exe
  2⤵
  PID:3880
- C:\Windows\System\PFYvkUF.exe
  C:\Windows\System\PFYvkUF.exe
  2⤵
  PID:4028
- C:\Windows\System\LszZjuI.exe
  C:\Windows\System\LszZjuI.exe
  2⤵
  PID:3184
- C:\Windows\System\eiARRKC.exe
  C:\Windows\System\eiARRKC.exe
  2⤵
  PID:3540
- C:\Windows\System\zSaNePP.exe
  C:\Windows\System\zSaNePP.exe
  2⤵
  PID:3664
- C:\Windows\System\zBGfEHD.exe
  C:\Windows\System\zBGfEHD.exe
  2⤵
  PID:3940
- C:\Windows\System\FKoEBXX.exe
  C:\Windows\System\FKoEBXX.exe
  2⤵
  PID:3572
- C:\Windows\System\GNtBfqv.exe
  C:\Windows\System\GNtBfqv.exe
  2⤵
  PID:1096
- C:\Windows\System\gelnRCy.exe
  C:\Windows\System\gelnRCy.exe
  2⤵
  PID:3332
- C:\Windows\System\uHSrJpz.exe
  C:\Windows\System\uHSrJpz.exe
  2⤵
  PID:3468
- C:\Windows\System\rfYVTgg.exe
  C:\Windows\System\rfYVTgg.exe
  2⤵
  PID:4008
- C:\Windows\System\VJFFNip.exe
  C:\Windows\System\VJFFNip.exe
  2⤵
  PID:3364
- C:\Windows\System\IXXnsaq.exe
  C:\Windows\System\IXXnsaq.exe
  2⤵
  PID:3472
- C:\Windows\System\mBRbmHE.exe
  C:\Windows\System\mBRbmHE.exe
  2⤵
  PID:2332
- C:\Windows\System\OMjEoDj.exe
  C:\Windows\System\OMjEoDj.exe
  2⤵
  PID:3996
- C:\Windows\System\rwvaYcO.exe
  C:\Windows\System\rwvaYcO.exe
  2⤵
  PID:3348
- C:\Windows\System\TvRdcIN.exe
  C:\Windows\System\TvRdcIN.exe
  2⤵
  PID:3492
- C:\Windows\System\tQAvccv.exe
  C:\Windows\System\tQAvccv.exe
  2⤵
  PID:3960
- C:\Windows\System\SYlDBDh.exe
  C:\Windows\System\SYlDBDh.exe
  2⤵
  PID:1664
- C:\Windows\System\LLXRtUT.exe
  C:\Windows\System\LLXRtUT.exe
  2⤵
  PID:2456
- C:\Windows\System\YkgeSwR.exe
  C:\Windows\System\YkgeSwR.exe
  2⤵
  PID:1488
- C:\Windows\System\SfuvXHr.exe
  C:\Windows\System\SfuvXHr.exe
  2⤵
  PID:2744
- C:\Windows\System\ZJJJgVa.exe
  C:\Windows\System\ZJJJgVa.exe
  2⤵
  PID:3924
- C:\Windows\System\NPllvKr.exe
  C:\Windows\System\NPllvKr.exe
  2⤵
  PID:3432
- C:\Windows\System\lrihlrN.exe
  C:\Windows\System\lrihlrN.exe
  2⤵
  PID:3788
- C:\Windows\System\TEMKKBR.exe
  C:\Windows\System\TEMKKBR.exe
  2⤵
  PID:3236
- C:\Windows\System\eWfcNNb.exe
  C:\Windows\System\eWfcNNb.exe
  2⤵
  PID:3772
- C:\Windows\System\zWZygsZ.exe
  C:\Windows\System\zWZygsZ.exe
  2⤵
  PID:2316
- C:\Windows\System\JZRenXz.exe
  C:\Windows\System\JZRenXz.exe
  2⤵
  PID:3100
- C:\Windows\System\mLQvEPD.exe
  C:\Windows\System\mLQvEPD.exe
  2⤵
  PID:3112
- C:\Windows\System\ANcXOSI.exe
  C:\Windows\System\ANcXOSI.exe
  2⤵
  PID:3124
- C:\Windows\System\bwDYWEr.exe
  C:\Windows\System\bwDYWEr.exe
  2⤵
  PID:3344
- C:\Windows\System\ZbsFocv.exe
  C:\Windows\System\ZbsFocv.exe
  2⤵
  PID:772
- C:\Windows\System\oHpAOjl.exe
  C:\Windows\System\oHpAOjl.exe
  2⤵
  PID:2256
- C:\Windows\System\sYYOhqX.exe
  C:\Windows\System\sYYOhqX.exe
  2⤵
  PID:3820
- C:\Windows\System\DVWDZYZ.exe
  C:\Windows\System\DVWDZYZ.exe
  2⤵
  PID:3752
- C:\Windows\System\OwIihKO.exe
  C:\Windows\System\OwIihKO.exe
  2⤵
  PID:3352
- C:\Windows\System\uoftiNx.exe
  C:\Windows\System\uoftiNx.exe
  2⤵
  PID:2528
- C:\Windows\System\wXEADdG.exe
  C:\Windows\System\wXEADdG.exe
  2⤵
  PID:3080
- C:\Windows\System\xomafsh.exe
  C:\Windows\System\xomafsh.exe
  2⤵
  PID:1972
- C:\Windows\System\tGkLiui.exe
  C:\Windows\System\tGkLiui.exe
  2⤵
  PID:2828
- C:\Windows\System\UtgRQOG.exe
  C:\Windows\System\UtgRQOG.exe
  2⤵
  PID:3808
- C:\Windows\System\kGvRyQm.exe
  C:\Windows\System\kGvRyQm.exe
  2⤵
  PID:3644
- C:\Windows\System\RFZWbkV.exe
  C:\Windows\System\RFZWbkV.exe
  2⤵
  PID:1808
- C:\Windows\System\AhJiyGf.exe
  C:\Windows\System\AhJiyGf.exe
  2⤵
  PID:2956
- C:\Windows\System\KIrnSZF.exe
  C:\Windows\System\KIrnSZF.exe
  2⤵
  PID:3748
- C:\Windows\System\UnAbvLg.exe
  C:\Windows\System\UnAbvLg.exe
  2⤵
  PID:3872
- C:\Windows\System\RmZnSBj.exe
  C:\Windows\System\RmZnSBj.exe
  2⤵
  PID:2216
- C:\Windows\System\huDFqjR.exe
  C:\Windows\System\huDFqjR.exe
  2⤵
  PID:2372
- C:\Windows\System\fuSNtsz.exe
  C:\Windows\System\fuSNtsz.exe
  2⤵
  PID:2600
- C:\Windows\System\CCCtYXX.exe
  C:\Windows\System\CCCtYXX.exe
  2⤵
  PID:3488
- C:\Windows\System\ZrsJwBt.exe
  C:\Windows\System\ZrsJwBt.exe
  2⤵
  PID:1444
- C:\Windows\System\UvPqQRC.exe
  C:\Windows\System\UvPqQRC.exe
  2⤵
  PID:2644
- C:\Windows\System\zDyIiKQ.exe
  C:\Windows\System\zDyIiKQ.exe
  2⤵
  PID:2788
- C:\Windows\System\KTFSRRj.exe
  C:\Windows\System\KTFSRRj.exe
  2⤵
  PID:2324
- C:\Windows\System\LDPJhOB.exe
  C:\Windows\System\LDPJhOB.exe
  2⤵
  PID:2992
- C:\Windows\System\wdJGCjS.exe
  C:\Windows\System\wdJGCjS.exe
  2⤵
  PID:4100
- C:\Windows\System\OHFWTZQ.exe
  C:\Windows\System\OHFWTZQ.exe
  2⤵
  PID:4124
- C:\Windows\System\VBxrRjM.exe
  C:\Windows\System\VBxrRjM.exe
  2⤵
  PID:4140
- C:\Windows\System\DlzVMSz.exe
  C:\Windows\System\DlzVMSz.exe
  2⤵
  PID:4160
- C:\Windows\System\ZsnAWFe.exe
  C:\Windows\System\ZsnAWFe.exe
  2⤵
  PID:4180
- C:\Windows\System\mKvdPXB.exe
  C:\Windows\System\mKvdPXB.exe
  2⤵
  PID:4216
- C:\Windows\System\iVguvbk.exe
  C:\Windows\System\iVguvbk.exe
  2⤵
  PID:4232
- C:\Windows\System\BOjCyWZ.exe
  C:\Windows\System\BOjCyWZ.exe
  2⤵
  PID:4248
- C:\Windows\System\GAaeOZM.exe
  C:\Windows\System\GAaeOZM.exe
  2⤵
  PID:4264
- C:\Windows\System\yfGQGTE.exe
  C:\Windows\System\yfGQGTE.exe
  2⤵
  PID:4284
- C:\Windows\System\isHEIJE.exe
  C:\Windows\System\isHEIJE.exe
  2⤵
  PID:4304
- C:\Windows\System\brDyEZA.exe
  C:\Windows\System\brDyEZA.exe
  2⤵
  PID:4320
- C:\Windows\System\YpuurfW.exe
  C:\Windows\System\YpuurfW.exe
  2⤵
  PID:4356
- C:\Windows\System\BveQVFh.exe
  C:\Windows\System\BveQVFh.exe
  2⤵
  PID:4372
- C:\Windows\System\vdlWUfL.exe
  C:\Windows\System\vdlWUfL.exe
  2⤵
  PID:4392
- C:\Windows\System\fOtXIPk.exe
  C:\Windows\System\fOtXIPk.exe
  2⤵
  PID:4408
- C:\Windows\System\bvYEJfF.exe
  C:\Windows\System\bvYEJfF.exe
  2⤵
  PID:4424
- C:\Windows\System\bBvyLMc.exe
  C:\Windows\System\bBvyLMc.exe
  2⤵
  PID:4440
- C:\Windows\System\GAiRSCq.exe
  C:\Windows\System\GAiRSCq.exe
  2⤵
  PID:4456
- C:\Windows\System\FnJZCPn.exe
  C:\Windows\System\FnJZCPn.exe
  2⤵
  PID:4472
- C:\Windows\System\xzEtQrP.exe
  C:\Windows\System\xzEtQrP.exe
  2⤵
  PID:4496
- C:\Windows\System\uClCLZO.exe
  C:\Windows\System\uClCLZO.exe
  2⤵
  PID:4512
- C:\Windows\System\FyCyqsx.exe
  C:\Windows\System\FyCyqsx.exe
  2⤵
  PID:4540
- C:\Windows\System\pdyUBWy.exe
  C:\Windows\System\pdyUBWy.exe
  2⤵
  PID:4556
- C:\Windows\System\KdkZmzg.exe
  C:\Windows\System\KdkZmzg.exe
  2⤵
  PID:4572
- C:\Windows\System\slwjjfk.exe
  C:\Windows\System\slwjjfk.exe
  2⤵
  PID:4588
- C:\Windows\System\VDXBfwf.exe
  C:\Windows\System\VDXBfwf.exe
  2⤵
  PID:4608
- C:\Windows\System\AxkYgKO.exe
  C:\Windows\System\AxkYgKO.exe
  2⤵
  PID:4628
- C:\Windows\System\yqMvsNK.exe
  C:\Windows\System\yqMvsNK.exe
  2⤵
  PID:4644
- C:\Windows\System\jUmaDCZ.exe
  C:\Windows\System\jUmaDCZ.exe
  2⤵
  PID:4668
- C:\Windows\System\NYduFMf.exe
  C:\Windows\System\NYduFMf.exe
  2⤵
  PID:4684
- C:\Windows\System\LNPHKOL.exe
  C:\Windows\System\LNPHKOL.exe
  2⤵
  PID:4704
- C:\Windows\System\OvDYHCT.exe
  C:\Windows\System\OvDYHCT.exe
  2⤵
  PID:4728
- C:\Windows\System\wXOeUbP.exe
  C:\Windows\System\wXOeUbP.exe
  2⤵
  PID:4744
- C:\Windows\System\DBWssBG.exe
  C:\Windows\System\DBWssBG.exe
  2⤵
  PID:4760
- C:\Windows\System\djntuit.exe
  C:\Windows\System\djntuit.exe
  2⤵
  PID:4776
- C:\Windows\System\QJBIAzk.exe
  C:\Windows\System\QJBIAzk.exe
  2⤵
  PID:4796
- C:\Windows\System\IqggIxR.exe
  C:\Windows\System\IqggIxR.exe
  2⤵
  PID:4816
- C:\Windows\System\YOSEmwC.exe
  C:\Windows\System\YOSEmwC.exe
  2⤵
  PID:4832
- C:\Windows\System\PqiECmo.exe
  C:\Windows\System\PqiECmo.exe
  2⤵
  PID:4848
- C:\Windows\System\TuWhcCP.exe
  C:\Windows\System\TuWhcCP.exe
  2⤵
  PID:4864
- C:\Windows\System\eDeQkwO.exe
  C:\Windows\System\eDeQkwO.exe
  2⤵
  PID:4884
- C:\Windows\System\FwpKKYd.exe
  C:\Windows\System\FwpKKYd.exe
  2⤵
  PID:4948
- C:\Windows\System\RmJxCYL.exe
  C:\Windows\System\RmJxCYL.exe
  2⤵
  PID:4964
- C:\Windows\System\ulQRBAH.exe
  C:\Windows\System\ulQRBAH.exe
  2⤵
  PID:5000
- C:\Windows\System\keOWInO.exe
  C:\Windows\System\keOWInO.exe
  2⤵
  PID:5016
- C:\Windows\System\xIywFZl.exe
  C:\Windows\System\xIywFZl.exe
  2⤵
  PID:5032
- C:\Windows\System\aQpfOYl.exe
  C:\Windows\System\aQpfOYl.exe
  2⤵
  PID:5056
- C:\Windows\System\SDqsAMK.exe
  C:\Windows\System\SDqsAMK.exe
  2⤵
  PID:5072
- C:\Windows\System\iDclAeg.exe
  C:\Windows\System\iDclAeg.exe
  2⤵
  PID:5096
- C:\Windows\System\vuspnOs.exe
  C:\Windows\System\vuspnOs.exe
  2⤵
  PID:5112
- C:\Windows\System\pSSOlVy.exe
  C:\Windows\System\pSSOlVy.exe
  2⤵
  PID:2276
- C:\Windows\System\WgpwHfN.exe
  C:\Windows\System\WgpwHfN.exe
  2⤵
  PID:4112
- C:\Windows\System\UGEkjhY.exe
  C:\Windows\System\UGEkjhY.exe
  2⤵
  PID:2452
- C:\Windows\System\IuHaAxb.exe
  C:\Windows\System\IuHaAxb.exe
  2⤵
  PID:704
- C:\Windows\System\iUlKaVl.exe
  C:\Windows\System\iUlKaVl.exe
  2⤵
  PID:2876
- C:\Windows\System\MLDoEJv.exe
  C:\Windows\System\MLDoEJv.exe
  2⤵
  PID:4208
- C:\Windows\System\OFkTNKn.exe
  C:\Windows\System\OFkTNKn.exe
  2⤵
  PID:4172
- C:\Windows\System\nOcxSOj.exe
  C:\Windows\System\nOcxSOj.exe
  2⤵
  PID:4240
- C:\Windows\System\bJNMOIt.exe
  C:\Windows\System\bJNMOIt.exe
  2⤵
  PID:4280
- C:\Windows\System\cDgAdFd.exe
  C:\Windows\System\cDgAdFd.exe
  2⤵
  PID:4292
- C:\Windows\System\dShzklW.exe
  C:\Windows\System\dShzklW.exe
  2⤵
  PID:4300
- C:\Windows\System\GgcdnoS.exe
  C:\Windows\System\GgcdnoS.exe
  2⤵
  PID:4368
- C:\Windows\System\GAXbemc.exe
  C:\Windows\System\GAXbemc.exe
  2⤵
  PID:4380
- C:\Windows\System\SmKfyjJ.exe
  C:\Windows\System\SmKfyjJ.exe
  2⤵
  PID:4452
- C:\Windows\System\ouaSUFf.exe
  C:\Windows\System\ouaSUFf.exe
  2⤵
  PID:4480
- C:\Windows\System\TLmyJnH.exe
  C:\Windows\System\TLmyJnH.exe
  2⤵
  PID:4504
- C:\Windows\System\MrTnmXz.exe
  C:\Windows\System\MrTnmXz.exe
  2⤵
  PID:2504
- C:\Windows\System\kMOHgCe.exe
  C:\Windows\System\kMOHgCe.exe
  2⤵
  PID:4552
- C:\Windows\System\nBwYmCQ.exe
  C:\Windows\System\nBwYmCQ.exe
  2⤵
  PID:4660
- C:\Windows\System\oiyFiLu.exe
  C:\Windows\System\oiyFiLu.exe
  2⤵
  PID:4656
- C:\Windows\System\oRakVKY.exe
  C:\Windows\System\oRakVKY.exe
  2⤵
  PID:4700
- C:\Windows\System\HwOdHKX.exe
  C:\Windows\System\HwOdHKX.exe
  2⤵
  PID:4492
- C:\Windows\System\IeIbJUI.exe
  C:\Windows\System\IeIbJUI.exe
  2⤵
  PID:4768
- C:\Windows\System\iBVpQZg.exe
  C:\Windows\System\iBVpQZg.exe
  2⤵
  PID:4812
- C:\Windows\System\nQXcQST.exe
  C:\Windows\System\nQXcQST.exe
  2⤵
  PID:4872
- C:\Windows\System\ObbDPiV.exe
  C:\Windows\System\ObbDPiV.exe
  2⤵
  PID:4680
- C:\Windows\System\EPHDpvR.exe
  C:\Windows\System\EPHDpvR.exe
  2⤵
  PID:4568
- C:\Windows\System\zMJIDeE.exe
  C:\Windows\System\zMJIDeE.exe
  2⤵
  PID:4640
- C:\Windows\System\lRCbskE.exe
  C:\Windows\System\lRCbskE.exe
  2⤵
  PID:4896
- C:\Windows\System\FEiqNOa.exe
  C:\Windows\System\FEiqNOa.exe
  2⤵
  PID:4904
- C:\Windows\System\Kcjixdq.exe
  C:\Windows\System\Kcjixdq.exe
  2⤵
  PID:1644
- C:\Windows\System\QkmhgVA.exe
  C:\Windows\System\QkmhgVA.exe
  2⤵
  PID:4940
- C:\Windows\System\NFhHIHD.exe
  C:\Windows\System\NFhHIHD.exe
  2⤵
  PID:4984
- C:\Windows\System\rJYbKld.exe
  C:\Windows\System\rJYbKld.exe
  2⤵
  PID:4980
- C:\Windows\System\GFztiiY.exe
  C:\Windows\System\GFztiiY.exe
  2⤵
  PID:5044
- C:\Windows\System\CxkmJYt.exe
  C:\Windows\System\CxkmJYt.exe
  2⤵
  PID:4116
- C:\Windows\System\IIXlVQL.exe
  C:\Windows\System\IIXlVQL.exe
  2⤵
  PID:4108
- C:\Windows\System\bvGesVd.exe
  C:\Windows\System\bvGesVd.exe
  2⤵
  PID:4156
- C:\Windows\System\fSMEWUe.exe
  C:\Windows\System\fSMEWUe.exe
  2⤵
  PID:928
- C:\Windows\System\NYCTMqo.exe
  C:\Windows\System\NYCTMqo.exe
  2⤵
  PID:3008
- C:\Windows\System\LvYjwva.exe
  C:\Windows\System\LvYjwva.exe
  2⤵
  PID:4340
- C:\Windows\System\EwnXQfX.exe
  C:\Windows\System\EwnXQfX.exe
  2⤵
  PID:4316
- C:\Windows\System\JGoFbxn.exe
  C:\Windows\System\JGoFbxn.exe
  2⤵
  PID:4352
- C:\Windows\System\cPKATpQ.exe
  C:\Windows\System\cPKATpQ.exe
  2⤵
  PID:4508
- C:\Windows\System\ORzBIua.exe
  C:\Windows\System\ORzBIua.exe
  2⤵
  PID:4616
- C:\Windows\System\FkoGBGj.exe
  C:\Windows\System\FkoGBGj.exe
  2⤵
  PID:4808
- C:\Windows\System\PebPHUL.exe
  C:\Windows\System\PebPHUL.exe
  2⤵
  PID:1292
- C:\Windows\System\tXWSxIp.exe
  C:\Windows\System\tXWSxIp.exe
  2⤵
  PID:4856
- C:\Windows\System\pLREZmf.exe
  C:\Windows\System\pLREZmf.exe
  2⤵
  PID:4580
- C:\Windows\System\jQzykQU.exe
  C:\Windows\System\jQzykQU.exe
  2⤵
  PID:4468
- C:\Windows\System\OmycOLu.exe
  C:\Windows\System\OmycOLu.exe
  2⤵
  PID:4520
- C:\Windows\System\EkXDDpx.exe
  C:\Windows\System\EkXDDpx.exe
  2⤵
  PID:4596
- C:\Windows\System\MDbGQIw.exe
  C:\Windows\System\MDbGQIw.exe
  2⤵
  PID:4916
- C:\Windows\System\bMoyhac.exe
  C:\Windows\System\bMoyhac.exe
  2⤵
  PID:4924
- C:\Windows\System\MAldfIV.exe
  C:\Windows\System\MAldfIV.exe
  2⤵
  PID:5028
- C:\Windows\System\jeAhhJq.exe
  C:\Windows\System\jeAhhJq.exe
  2⤵
  PID:4992
- C:\Windows\System\uHsIkOT.exe
  C:\Windows\System\uHsIkOT.exe
  2⤵
  PID:5084
- C:\Windows\System\WHqjtGY.exe
  C:\Windows\System\WHqjtGY.exe
  2⤵
  PID:5088
- C:\Windows\System\DpGdFtz.exe
  C:\Windows\System\DpGdFtz.exe
  2⤵
  PID:2304
- C:\Windows\System\AxppoaZ.exe
  C:\Windows\System\AxppoaZ.exe
  2⤵
  PID:4332
- C:\Windows\System\kGdkjxZ.exe
  C:\Windows\System\kGdkjxZ.exe
  2⤵
  PID:4696
- C:\Windows\System\VsHarcE.exe
  C:\Windows\System\VsHarcE.exe
  2⤵
  PID:4720
- C:\Windows\System\TiQBYBr.exe
  C:\Windows\System\TiQBYBr.exe
  2⤵
  PID:4824
- C:\Windows\System\yFqxyFC.exe
  C:\Windows\System\yFqxyFC.exe
  2⤵
  PID:4636
- C:\Windows\System\oKYKnYJ.exe
  C:\Windows\System\oKYKnYJ.exe
  2⤵
  PID:4932
- C:\Windows\System\wZkpWtu.exe
  C:\Windows\System\wZkpWtu.exe
  2⤵
  PID:4756
- C:\Windows\System\PmvsyxU.exe
  C:\Windows\System\PmvsyxU.exe
  2⤵
  PID:4536
- C:\Windows\System\nouShtz.exe
  C:\Windows\System\nouShtz.exe
  2⤵
  PID:5108
- C:\Windows\System\UVvJJGX.exe
  C:\Windows\System\UVvJJGX.exe
  2⤵
  PID:5064
- C:\Windows\System\JHLHeWz.exe
  C:\Windows\System\JHLHeWz.exe
  2⤵
  PID:2264
- C:\Windows\System\sIVqtiU.exe
  C:\Windows\System\sIVqtiU.exe
  2⤵
  PID:4256
- C:\Windows\System\FUoQWuv.exe
  C:\Windows\System\FUoQWuv.exe
  2⤵
  PID:2236
- C:\Windows\System\ofpkUGK.exe
  C:\Windows\System\ofpkUGK.exe
  2⤵
  PID:4960
- C:\Windows\System\BpoKdhc.exe
  C:\Windows\System\BpoKdhc.exe
  2⤵
  PID:4364
- C:\Windows\System\HcyRYcU.exe
  C:\Windows\System\HcyRYcU.exe
  2⤵
  PID:4196
- C:\Windows\System\URmSCYu.exe
  C:\Windows\System\URmSCYu.exe
  2⤵
  PID:4828
- C:\Windows\System\BrawUij.exe
  C:\Windows\System\BrawUij.exe
  2⤵
  PID:4976
- C:\Windows\System\HmGwDMK.exe
  C:\Windows\System\HmGwDMK.exe
  2⤵
  PID:4348
- C:\Windows\System\AmzAZSP.exe
  C:\Windows\System\AmzAZSP.exe
  2⤵
  PID:5136
- C:\Windows\System\Fklcwue.exe
  C:\Windows\System\Fklcwue.exe
  2⤵
  PID:5156
- C:\Windows\System\vGuFWuP.exe
  C:\Windows\System\vGuFWuP.exe
  2⤵
  PID:5172
- C:\Windows\System\TBPshWe.exe
  C:\Windows\System\TBPshWe.exe
  2⤵
  PID:5188
- C:\Windows\System\kfOqgCf.exe
  C:\Windows\System\kfOqgCf.exe
  2⤵
  PID:5208
- C:\Windows\System\UbzAVAa.exe
  C:\Windows\System\UbzAVAa.exe
  2⤵
  PID:5224
- C:\Windows\System\QHwMSqe.exe
  C:\Windows\System\QHwMSqe.exe
  2⤵
  PID:5240
- C:\Windows\System\nZuVkpL.exe
  C:\Windows\System\nZuVkpL.exe
  2⤵
  PID:5296
- C:\Windows\System\lRSjAvV.exe
  C:\Windows\System\lRSjAvV.exe
  2⤵
  PID:5316
- C:\Windows\System\akdWfon.exe
  C:\Windows\System\akdWfon.exe
  2⤵
  PID:5332
- C:\Windows\System\RpakIRk.exe
  C:\Windows\System\RpakIRk.exe
  2⤵
  PID:5348
- C:\Windows\System\haVvGSb.exe
  C:\Windows\System\haVvGSb.exe
  2⤵
  PID:5364
- C:\Windows\System\jeXuXJS.exe
  C:\Windows\System\jeXuXJS.exe
  2⤵
  PID:5388
- C:\Windows\System\pPRnqfz.exe
  C:\Windows\System\pPRnqfz.exe
  2⤵
  PID:5404
- C:\Windows\System\jqRLjtI.exe
  C:\Windows\System\jqRLjtI.exe
  2⤵
  PID:5420
- C:\Windows\System\quzduDI.exe
  C:\Windows\System\quzduDI.exe
  2⤵
  PID:5440
- C:\Windows\System\QqDnkFq.exe
  C:\Windows\System\QqDnkFq.exe
  2⤵
  PID:5464
- C:\Windows\System\EtAUELO.exe
  C:\Windows\System\EtAUELO.exe
  2⤵
  PID:5480
- C:\Windows\System\vQkqqkM.exe
  C:\Windows\System\vQkqqkM.exe
  2⤵
  PID:5496
- C:\Windows\System\FZxHLim.exe
  C:\Windows\System\FZxHLim.exe
  2⤵
  PID:5512
- C:\Windows\System\HiDGFEV.exe
  C:\Windows\System\HiDGFEV.exe
  2⤵
  PID:5540
- C:\Windows\System\vTfDMRi.exe
  C:\Windows\System\vTfDMRi.exe
  2⤵
  PID:5556
- C:\Windows\System\UaapraD.exe
  C:\Windows\System\UaapraD.exe
  2⤵
  PID:5572
- C:\Windows\System\AScgqAE.exe
  C:\Windows\System\AScgqAE.exe
  2⤵
  PID:5588
- C:\Windows\System\UHQyXEa.exe
  C:\Windows\System\UHQyXEa.exe
  2⤵
  PID:5604
- C:\Windows\System\NubkPjW.exe
  C:\Windows\System\NubkPjW.exe
  2⤵
  PID:5620
- C:\Windows\System\KBUcNql.exe
  C:\Windows\System\KBUcNql.exe
  2⤵
  PID:5636
- C:\Windows\System\PrfiDJb.exe
  C:\Windows\System\PrfiDJb.exe
  2⤵
  PID:5652
- C:\Windows\System\TfgOkEQ.exe
  C:\Windows\System\TfgOkEQ.exe
  2⤵
  PID:5688
- C:\Windows\System\BGKkOAA.exe
  C:\Windows\System\BGKkOAA.exe
  2⤵
  PID:5720
- C:\Windows\System\yeEGEWV.exe
  C:\Windows\System\yeEGEWV.exe
  2⤵
  PID:5740
- C:\Windows\System\gAVQklZ.exe
  C:\Windows\System\gAVQklZ.exe
  2⤵
  PID:5756
- C:\Windows\System\spwOePY.exe
  C:\Windows\System\spwOePY.exe
  2⤵
  PID:5772
- C:\Windows\System\nHEEtIn.exe
  C:\Windows\System\nHEEtIn.exe
  2⤵
  PID:5820
- C:\Windows\System\TLSJgMj.exe
  C:\Windows\System\TLSJgMj.exe
  2⤵
  PID:5844
- C:\Windows\System\GgCrWMI.exe
  C:\Windows\System\GgCrWMI.exe
  2⤵
  PID:5860
- C:\Windows\System\iMJkrpf.exe
  C:\Windows\System\iMJkrpf.exe
  2⤵
  PID:5880
- C:\Windows\System\mJUvdEO.exe
  C:\Windows\System\mJUvdEO.exe
  2⤵
  PID:5900
- C:\Windows\System\yxVQsWQ.exe
  C:\Windows\System\yxVQsWQ.exe
  2⤵
  PID:5916
- C:\Windows\System\WHuZLIg.exe
  C:\Windows\System\WHuZLIg.exe
  2⤵
  PID:5932
- C:\Windows\System\jdtwTuZ.exe
  C:\Windows\System\jdtwTuZ.exe
  2⤵
  PID:5952
- C:\Windows\System\NbIEvSv.exe
  C:\Windows\System\NbIEvSv.exe
  2⤵
  PID:5980
- C:\Windows\System\eIjkPCd.exe
  C:\Windows\System\eIjkPCd.exe
  2⤵
  PID:5996
- C:\Windows\System\XsRlbwI.exe
  C:\Windows\System\XsRlbwI.exe
  2⤵
  PID:6012
- C:\Windows\System\vCkrJbL.exe
  C:\Windows\System\vCkrJbL.exe
  2⤵
  PID:6032
- C:\Windows\System\GSfjgeL.exe
  C:\Windows\System\GSfjgeL.exe
  2⤵
  PID:6060
- C:\Windows\System\vqiXLOQ.exe
  C:\Windows\System\vqiXLOQ.exe
  2⤵
  PID:6080
- C:\Windows\System\nZteyGH.exe
  C:\Windows\System\nZteyGH.exe
  2⤵
  PID:6096
- C:\Windows\System\ysvfaVY.exe
  C:\Windows\System\ysvfaVY.exe
  2⤵
  PID:6112
- C:\Windows\System\qhzwnYz.exe
  C:\Windows\System\qhzwnYz.exe
  2⤵
  PID:6128
- C:\Windows\System\tjxPhdN.exe
  C:\Windows\System\tjxPhdN.exe
  2⤵
  PID:4740
- C:\Windows\System\TNkxIKb.exe
  C:\Windows\System\TNkxIKb.exe
  2⤵
  PID:5168
- C:\Windows\System\TwfTvhy.exe
  C:\Windows\System\TwfTvhy.exe
  2⤵
  PID:4912
- C:\Windows\System\tiYzuLS.exe
  C:\Windows\System\tiYzuLS.exe
  2⤵
  PID:5236
- C:\Windows\System\KrLGmqF.exe
  C:\Windows\System\KrLGmqF.exe
  2⤵
  PID:5128
- C:\Windows\System\EsHAJEJ.exe
  C:\Windows\System\EsHAJEJ.exe
  2⤵
  PID:5232
- C:\Windows\System\gjHrNhP.exe
  C:\Windows\System\gjHrNhP.exe
  2⤵
  PID:5152
- C:\Windows\System\AwquEpu.exe
  C:\Windows\System\AwquEpu.exe
  2⤵
  PID:5216
- C:\Windows\System\QRlGfWl.exe
  C:\Windows\System\QRlGfWl.exe
  2⤵
  PID:5324
- C:\Windows\System\OtszskK.exe
  C:\Windows\System\OtszskK.exe
  2⤵
  PID:4272
- C:\Windows\System\ywZeTAJ.exe
  C:\Windows\System\ywZeTAJ.exe
  2⤵
  PID:5376
- C:\Windows\System\kLEBxCh.exe
  C:\Windows\System\kLEBxCh.exe
  2⤵
  PID:5472
- C:\Windows\System\RzWxqCu.exe
  C:\Windows\System\RzWxqCu.exe
  2⤵
  PID:5416
- C:\Windows\System\XaDbYYx.exe
  C:\Windows\System\XaDbYYx.exe
  2⤵
  PID:5452
- C:\Windows\System\PJMfqzC.exe
  C:\Windows\System\PJMfqzC.exe
  2⤵
  PID:5520
- C:\Windows\System\EHCahec.exe
  C:\Windows\System\EHCahec.exe
  2⤵
  PID:5536
- C:\Windows\System\JYpRVky.exe
  C:\Windows\System\JYpRVky.exe
  2⤵
  PID:5564
- C:\Windows\System\XddpBnS.exe
  C:\Windows\System\XddpBnS.exe
  2⤵
  PID:5596
- C:\Windows\System\duGmkOG.exe
  C:\Windows\System\duGmkOG.exe
  2⤵
  PID:5664
- C:\Windows\System\wlEtZAQ.exe
  C:\Windows\System\wlEtZAQ.exe
  2⤵
  PID:5668
- C:\Windows\System\InHTmKj.exe
  C:\Windows\System\InHTmKj.exe
  2⤵
  PID:5684
- C:\Windows\System\FKKSCuF.exe
  C:\Windows\System\FKKSCuF.exe
  2⤵
  PID:5764
- C:\Windows\System\QgHwMcs.exe
  C:\Windows\System\QgHwMcs.exe
  2⤵
  PID:5696
- C:\Windows\System\GeGyMAm.exe
  C:\Windows\System\GeGyMAm.exe
  2⤵
  PID:5712
- C:\Windows\System\KjZgJiq.exe
  C:\Windows\System\KjZgJiq.exe
  2⤵
  PID:5836
- C:\Windows\System\kIVdvuF.exe
  C:\Windows\System\kIVdvuF.exe
  2⤵
  PID:5748
- C:\Windows\System\fKoULny.exe
  C:\Windows\System\fKoULny.exe
  2⤵
  PID:5812
- C:\Windows\System\DuZXOeA.exe
  C:\Windows\System\DuZXOeA.exe
  2⤵
  PID:5912
- C:\Windows\System\vOJzEOT.exe
  C:\Windows\System\vOJzEOT.exe
  2⤵
  PID:5908
- C:\Windows\System\FLERvOI.exe
  C:\Windows\System\FLERvOI.exe
  2⤵
  PID:4192
- C:\Windows\System\FQahMyQ.exe
  C:\Windows\System\FQahMyQ.exe
  2⤵
  PID:6040
- C:\Windows\System\wsHjzyj.exe
  C:\Windows\System\wsHjzyj.exe
  2⤵
  PID:6072
- C:\Windows\System\TGfKxUb.exe
  C:\Windows\System\TGfKxUb.exe
  2⤵
  PID:6108
- C:\Windows\System\YQQGWMG.exe
  C:\Windows\System\YQQGWMG.exe
  2⤵
  PID:6124
- C:\Windows\System\tdUzVyZ.exe
  C:\Windows\System\tdUzVyZ.exe
  2⤵
  PID:6140
- C:\Windows\System\OCxUYIJ.exe
  C:\Windows\System\OCxUYIJ.exe
  2⤵
  PID:5068
- C:\Windows\System\UNCgPwm.exe
  C:\Windows\System\UNCgPwm.exe
  2⤵
  PID:4200
- C:\Windows\System\SBxLuuc.exe
  C:\Windows\System\SBxLuuc.exe
  2⤵
  PID:5268
- C:\Windows\System\UQPlImI.exe
  C:\Windows\System\UQPlImI.exe
  2⤵
  PID:5256
- C:\Windows\System\WbtMJFG.exe
  C:\Windows\System\WbtMJFG.exe
  2⤵
  PID:5280
- C:\Windows\System\OLjGWKx.exe
  C:\Windows\System\OLjGWKx.exe
  2⤵
  PID:5260
- C:\Windows\System\KgMhBfn.exe
  C:\Windows\System\KgMhBfn.exe
  2⤵
  PID:5360
- C:\Windows\System\LbVbRTt.exe
  C:\Windows\System\LbVbRTt.exe
  2⤵
  PID:5400
- C:\Windows\System\xmlttKN.exe
  C:\Windows\System\xmlttKN.exe
  2⤵
  PID:5412
- C:\Windows\System\OSfdXKH.exe
  C:\Windows\System\OSfdXKH.exe
  2⤵
  PID:5492
- C:\Windows\System\BtRfYlI.exe
  C:\Windows\System\BtRfYlI.exe
  2⤵
  PID:5532
- C:\Windows\System\ddgRdwT.exe
  C:\Windows\System\ddgRdwT.exe
  2⤵
  PID:1456
- C:\Windows\System\bRjlfop.exe
  C:\Windows\System\bRjlfop.exe
  2⤵
  PID:5736
- C:\Windows\System\hUPgEJM.exe
  C:\Windows\System\hUPgEJM.exe
  2⤵
  PID:5644
- C:\Windows\System\GzLondY.exe
  C:\Windows\System\GzLondY.exe
  2⤵
  PID:5788
- C:\Windows\System\uxOezDg.exe
  C:\Windows\System\uxOezDg.exe
  2⤵
  PID:3232
- C:\Windows\System\eHBkbxt.exe
  C:\Windows\System\eHBkbxt.exe
  2⤵
  PID:3284
- C:\Windows\System\NuhRMAs.exe
  C:\Windows\System\NuhRMAs.exe
  2⤵
  PID:5928
- C:\Windows\System\vxHpGQA.exe
  C:\Windows\System\vxHpGQA.exe
  2⤵
  PID:5292
- C:\Windows\System\iSkDTrH.exe
  C:\Windows\System\iSkDTrH.exe
  2⤵
  PID:6020
- C:\Windows\System\AdmiEgo.exe
  C:\Windows\System\AdmiEgo.exe
  2⤵
  PID:6052
- C:\Windows\System\FRaZKFI.exe
  C:\Windows\System\FRaZKFI.exe
  2⤵
  PID:6104
- C:\Windows\System\czCBPhv.exe
  C:\Windows\System\czCBPhv.exe
  2⤵
  PID:4900
- C:\Windows\System\TaMNjpG.exe
  C:\Windows\System\TaMNjpG.exe
  2⤵
  PID:5148
- C:\Windows\System\HLwylYz.exe
  C:\Windows\System\HLwylYz.exe
  2⤵
  PID:5272
- C:\Windows\System\qhmyVTY.exe
  C:\Windows\System\qhmyVTY.exe
  2⤵
  PID:5276
- C:\Windows\System\QHCqVeU.exe
  C:\Windows\System\QHCqVeU.exe
  2⤵
  PID:5380
- C:\Windows\System\YirWMki.exe
  C:\Windows\System\YirWMki.exe
  2⤵
  PID:5528
- C:\Windows\System\qDkVPPc.exe
  C:\Windows\System\qDkVPPc.exe
  2⤵
  PID:5660
- C:\Windows\System\VXmtwDD.exe
  C:\Windows\System\VXmtwDD.exe
  2⤵
  PID:5752
- C:\Windows\System\aOxkBoX.exe
  C:\Windows\System\aOxkBoX.exe
  2⤵
  PID:5648
- C:\Windows\System\jYptrZV.exe
  C:\Windows\System\jYptrZV.exe
  2⤵
  PID:5796
- C:\Windows\System\lJFOxwp.exe
  C:\Windows\System\lJFOxwp.exe
  2⤵
  PID:5856
- C:\Windows\System\wrwnKqG.exe
  C:\Windows\System\wrwnKqG.exe
  2⤵
  PID:6008
- C:\Windows\System\mZCCBRs.exe
  C:\Windows\System\mZCCBRs.exe
  2⤵
  PID:5972
- C:\Windows\System\nacZaGf.exe
  C:\Windows\System\nacZaGf.exe
  2⤵
  PID:6092
- C:\Windows\System\baFIKpE.exe
  C:\Windows\System\baFIKpE.exe
  2⤵
  PID:4712
- C:\Windows\System\eHEQfAm.exe
  C:\Windows\System\eHEQfAm.exe
  2⤵
  PID:5184
- C:\Windows\System\kzTfRon.exe
  C:\Windows\System\kzTfRon.exe
  2⤵
  PID:5372
- C:\Windows\System\ZudCNXR.exe
  C:\Windows\System\ZudCNXR.exe
  2⤵
  PID:5552
- C:\Windows\System\coFwIjZ.exe
  C:\Windows\System\coFwIjZ.exe
  2⤵
  PID:5832
- C:\Windows\System\RKwwKiI.exe
  C:\Windows\System\RKwwKiI.exe
  2⤵
  PID:5892
- C:\Windows\System\dXirqGR.exe
  C:\Windows\System\dXirqGR.exe
  2⤵
  PID:5204
- C:\Windows\System\pwUnUNa.exe
  C:\Windows\System\pwUnUNa.exe
  2⤵
  PID:6044
- C:\Windows\System\jQcmtaW.exe
  C:\Windows\System\jQcmtaW.exe
  2⤵
  PID:5460
- C:\Windows\System\SboaGrW.exe
  C:\Windows\System\SboaGrW.exe
  2⤵
  PID:6004
- C:\Windows\System\ETRQnbh.exe
  C:\Windows\System\ETRQnbh.exe
  2⤵
  PID:5200
- C:\Windows\System\IIPGjig.exe
  C:\Windows\System\IIPGjig.exe
  2⤵
  PID:6088
- C:\Windows\System\OWUylOv.exe
  C:\Windows\System\OWUylOv.exe
  2⤵
  PID:5732
- C:\Windows\System\ZlTSFDV.exe
  C:\Windows\System\ZlTSFDV.exe
  2⤵
  PID:948
- C:\Windows\System\KuZkpCF.exe
  C:\Windows\System\KuZkpCF.exe
  2⤵
  PID:5968
- C:\Windows\System\iEQSALN.exe
  C:\Windows\System\iEQSALN.exe
  2⤵
  PID:6156
- C:\Windows\System\ohhmgjR.exe
  C:\Windows\System\ohhmgjR.exe
  2⤵
  PID:6176
- C:\Windows\System\qQTyPmS.exe
  C:\Windows\System\qQTyPmS.exe
  2⤵
  PID:6200
- C:\Windows\System\kUTrjuX.exe
  C:\Windows\System\kUTrjuX.exe
  2⤵
  PID:6216
- C:\Windows\System\wtexLJR.exe
  C:\Windows\System\wtexLJR.exe
  2⤵
  PID:6240
- C:\Windows\System\HpENrXS.exe
  C:\Windows\System\HpENrXS.exe
  2⤵
  PID:6256
- C:\Windows\System\ufnFsXO.exe
  C:\Windows\System\ufnFsXO.exe
  2⤵
  PID:6284
- C:\Windows\System\zpZitja.exe
  C:\Windows\System\zpZitja.exe
  2⤵
  PID:6300
- C:\Windows\System\YzFZkyP.exe
  C:\Windows\System\YzFZkyP.exe
  2⤵
  PID:6320
- C:\Windows\System\UWMElBU.exe
  C:\Windows\System\UWMElBU.exe
  2⤵
  PID:6344
- C:\Windows\System\bZZvsmM.exe
  C:\Windows\System\bZZvsmM.exe
  2⤵
  PID:6364
- C:\Windows\System\MAgdcuu.exe
  C:\Windows\System\MAgdcuu.exe
  2⤵
  PID:6380
- C:\Windows\System\cCPChYi.exe
  C:\Windows\System\cCPChYi.exe
  2⤵
  PID:6396
- C:\Windows\System\rsGrBOW.exe
  C:\Windows\System\rsGrBOW.exe
  2⤵
  PID:6424
- C:\Windows\System\NmBTbnV.exe
  C:\Windows\System\NmBTbnV.exe
  2⤵
  PID:6440
- C:\Windows\System\EUywqeS.exe
  C:\Windows\System\EUywqeS.exe
  2⤵
  PID:6456
- C:\Windows\System\uVdilFz.exe
  C:\Windows\System\uVdilFz.exe
  2⤵
  PID:6476
- C:\Windows\System\THKHSmD.exe
  C:\Windows\System\THKHSmD.exe
  2⤵
  PID:6496
- C:\Windows\System\menhAVm.exe
  C:\Windows\System\menhAVm.exe
  2⤵
  PID:6520
- C:\Windows\System\iDsfStW.exe
  C:\Windows\System\iDsfStW.exe
  2⤵
  PID:6544
- C:\Windows\System\KEoLIzG.exe
  C:\Windows\System\KEoLIzG.exe
  2⤵
  PID:6560
- C:\Windows\System\oVUShhI.exe
  C:\Windows\System\oVUShhI.exe
  2⤵
  PID:6580
- C:\Windows\System\bUgIIGR.exe
  C:\Windows\System\bUgIIGR.exe
  2⤵
  PID:6600
- C:\Windows\System\cJcbgkl.exe
  C:\Windows\System\cJcbgkl.exe
  2⤵
  PID:6620
- C:\Windows\System\oEcuOws.exe
  C:\Windows\System\oEcuOws.exe
  2⤵
  PID:6640
- C:\Windows\System\aJgVxID.exe
  C:\Windows\System\aJgVxID.exe
  2⤵
  PID:6656
- C:\Windows\System\BVDntDD.exe
  C:\Windows\System\BVDntDD.exe
  2⤵
  PID:6672
- C:\Windows\System\boSbOCv.exe
  C:\Windows\System\boSbOCv.exe
  2⤵
  PID:6696
- C:\Windows\System\CsUjFxE.exe
  C:\Windows\System\CsUjFxE.exe
  2⤵
  PID:6720
- C:\Windows\System\SoSiBEt.exe
  C:\Windows\System\SoSiBEt.exe
  2⤵
  PID:6740
- C:\Windows\System\YBWVqzf.exe
  C:\Windows\System\YBWVqzf.exe
  2⤵
  PID:6756
- C:\Windows\System\QsMtRfb.exe
  C:\Windows\System\QsMtRfb.exe
  2⤵
  PID:6776
- C:\Windows\System\joSosVf.exe
  C:\Windows\System\joSosVf.exe
  2⤵
  PID:6792
- C:\Windows\System\MSCSrCs.exe
  C:\Windows\System\MSCSrCs.exe
  2⤵
  PID:6824
- C:\Windows\System\SDQTulV.exe
  C:\Windows\System\SDQTulV.exe
  2⤵
  PID:6840
- C:\Windows\System\XwZUWHj.exe
  C:\Windows\System\XwZUWHj.exe
  2⤵
  PID:6860
- C:\Windows\System\wAxxQMm.exe
  C:\Windows\System\wAxxQMm.exe
  2⤵
  PID:6876
- C:\Windows\System\aZRWaEg.exe
  C:\Windows\System\aZRWaEg.exe
  2⤵
  PID:6908
- C:\Windows\System\ydrwWVK.exe
  C:\Windows\System\ydrwWVK.exe
  2⤵
  PID:6924
- C:\Windows\System\PliEmda.exe
  C:\Windows\System\PliEmda.exe
  2⤵
  PID:6940
- C:\Windows\System\lxmmWRq.exe
  C:\Windows\System\lxmmWRq.exe
  2⤵
  PID:6956
- C:\Windows\System\zcgOiGh.exe
  C:\Windows\System\zcgOiGh.exe
  2⤵
  PID:6988
- C:\Windows\System\oMWtcMu.exe
  C:\Windows\System\oMWtcMu.exe
  2⤵
  PID:7004
- C:\Windows\System\SRQaAyj.exe
  C:\Windows\System\SRQaAyj.exe
  2⤵
  PID:7020
- C:\Windows\System\MKpGORb.exe
  C:\Windows\System\MKpGORb.exe
  2⤵
  PID:7036
- C:\Windows\System\YMjNgDP.exe
  C:\Windows\System\YMjNgDP.exe
  2⤵
  PID:7068
- C:\Windows\System\wCXLdjb.exe
  C:\Windows\System\wCXLdjb.exe
  2⤵
  PID:7084
- C:\Windows\System\XZxxxwZ.exe
  C:\Windows\System\XZxxxwZ.exe
  2⤵
  PID:7100
- C:\Windows\System\VKMEIdF.exe
  C:\Windows\System\VKMEIdF.exe
  2⤵
  PID:7116
- C:\Windows\System\LaSktFT.exe
  C:\Windows\System\LaSktFT.exe
  2⤵
  PID:7144
- C:\Windows\System\GqfbHEs.exe
  C:\Windows\System\GqfbHEs.exe
  2⤵
  PID:7160
- C:\Windows\System\OUPfEEg.exe
  C:\Windows\System\OUPfEEg.exe
  2⤵
  PID:6148
- C:\Windows\System\RTWdZiO.exe
  C:\Windows\System\RTWdZiO.exe
  2⤵
  PID:5436
- C:\Windows\System\aVqUwha.exe
  C:\Windows\System\aVqUwha.exe
  2⤵
  PID:6164
- C:\Windows\System\rnDHtue.exe
  C:\Windows\System\rnDHtue.exe
  2⤵
  PID:6196
- C:\Windows\System\abmsFme.exe
  C:\Windows\System\abmsFme.exe
  2⤵
  PID:6236
- C:\Windows\System\BQIhvRH.exe
  C:\Windows\System\BQIhvRH.exe
  2⤵
  PID:6252
- C:\Windows\System\IvIuXyA.exe
  C:\Windows\System\IvIuXyA.exe
  2⤵
  PID:6268
- C:\Windows\System\VJyPPlY.exe
  C:\Windows\System\VJyPPlY.exe
  2⤵
  PID:6328
- C:\Windows\System\ZjLHoIo.exe
  C:\Windows\System\ZjLHoIo.exe
  2⤵
  PID:6360
- C:\Windows\System\OYzVAiC.exe
  C:\Windows\System\OYzVAiC.exe
  2⤵
  PID:6388
- C:\Windows\System\mwFNDfA.exe
  C:\Windows\System\mwFNDfA.exe
  2⤵
  PID:6376
- C:\Windows\System\mxakOrC.exe
  C:\Windows\System\mxakOrC.exe
  2⤵
  PID:6420
- C:\Windows\System\BvQQAnO.exe
  C:\Windows\System\BvQQAnO.exe
  2⤵
  PID:6472
- C:\Windows\System\WbcdpgY.exe
  C:\Windows\System\WbcdpgY.exe
  2⤵
  PID:6516
- C:\Windows\System\FHlsfvj.exe
  C:\Windows\System\FHlsfvj.exe
  2⤵
  PID:6528
- C:\Windows\System\cGRppfo.exe
  C:\Windows\System\cGRppfo.exe
  2⤵
  PID:6536
- C:\Windows\System\QCrwJSk.exe
  C:\Windows\System\QCrwJSk.exe
  2⤵
  PID:6556
- C:\Windows\System\xyuhFwY.exe
  C:\Windows\System\xyuhFwY.exe
  2⤵
  PID:6596
- C:\Windows\System\SJLUBqC.exe
  C:\Windows\System\SJLUBqC.exe
  2⤵
  PID:6664
- C:\Windows\System\HTHmScF.exe
  C:\Windows\System\HTHmScF.exe
  2⤵
  PID:6612
- C:\Windows\System\gOiQgTh.exe
  C:\Windows\System\gOiQgTh.exe
  2⤵
  PID:5568
- C:\Windows\System\SRsVlAU.exe
  C:\Windows\System\SRsVlAU.exe
  2⤵
  PID:6708
- C:\Windows\System\iemcdME.exe
  C:\Windows\System\iemcdME.exe
  2⤵
  PID:6692
- C:\Windows\System\VsLZEqi.exe
  C:\Windows\System\VsLZEqi.exe
  2⤵
  PID:6736
- C:\Windows\System\YmaOYou.exe
  C:\Windows\System\YmaOYou.exe
  2⤵
  PID:6916
- C:\Windows\System\vdMdbWZ.exe
  C:\Windows\System\vdMdbWZ.exe
  2⤵
  PID:6976
- C:\Windows\System\cfHjGSA.exe
  C:\Windows\System\cfHjGSA.exe
  2⤵
  PID:6972
- C:\Windows\System\bSUsFVg.exe
  C:\Windows\System\bSUsFVg.exe
  2⤵
  PID:6980
- C:\Windows\System\gCXqSYe.exe
  C:\Windows\System\gCXqSYe.exe
  2⤵
  PID:7092
- C:\Windows\System\vXsvYvc.exe
  C:\Windows\System\vXsvYvc.exe
  2⤵
  PID:7060
- C:\Windows\System\dsvRhcf.exe
  C:\Windows\System\dsvRhcf.exe
  2⤵
  PID:7124
- C:\Windows\System\AcdtXXh.exe
  C:\Windows\System\AcdtXXh.exe
  2⤵
  PID:7152
- C:\Windows\System\fJdLxDV.exe
  C:\Windows\System\fJdLxDV.exe
  2⤵
  PID:7112
- C:\Windows\System\zvkmeGW.exe
  C:\Windows\System\zvkmeGW.exe
  2⤵
  PID:4532
- C:\Windows\System\RZfxubw.exe
  C:\Windows\System\RZfxubw.exe
  2⤵
  PID:4928
- C:\Windows\System\Ycunobq.exe
  C:\Windows\System\Ycunobq.exe
  2⤵
  PID:4752
- C:\Windows\System\PeglJBM.exe
  C:\Windows\System\PeglJBM.exe
  2⤵
  PID:6504
- C:\Windows\System\xoTkLtm.exe
  C:\Windows\System\xoTkLtm.exe
  2⤵
  PID:6276
- C:\Windows\System\HvbdwMg.exe
  C:\Windows\System\HvbdwMg.exe
  2⤵
  PID:6404
- C:\Windows\System\nxDfaow.exe
  C:\Windows\System\nxDfaow.exe
  2⤵
  PID:6452
- C:\Windows\System\ZvOlVTy.exe
  C:\Windows\System\ZvOlVTy.exe
  2⤵
  PID:6616
- C:\Windows\System\YYEouHc.exe
  C:\Windows\System\YYEouHc.exe
  2⤵
  PID:6684
- C:\Windows\System\oKqOBhm.exe
  C:\Windows\System\oKqOBhm.exe
  2⤵
  PID:6712
- C:\Windows\System\QOBFnRF.exe
  C:\Windows\System\QOBFnRF.exe
  2⤵
  PID:6812
- C:\Windows\System\PHEPUfb.exe
  C:\Windows\System\PHEPUfb.exe
  2⤵
  PID:6752
- C:\Windows\System\PRFJBNs.exe
  C:\Windows\System\PRFJBNs.exe
  2⤵
  PID:6832
- C:\Windows\System\AMHaJfs.exe
  C:\Windows\System\AMHaJfs.exe
  2⤵
  PID:6848
- C:\Windows\System\hUWyTgg.exe
  C:\Windows\System\hUWyTgg.exe
  2⤵
  PID:6772
- C:\Windows\System\VfJTMea.exe
  C:\Windows\System\VfJTMea.exe
  2⤵
  PID:7000
- C:\Windows\System\WQMVvat.exe
  C:\Windows\System\WQMVvat.exe
  2⤵
  PID:7032
- C:\Windows\System\siOHkLy.exe
  C:\Windows\System\siOHkLy.exe
  2⤵
  PID:7096
- C:\Windows\System\HsRNeqN.exe
  C:\Windows\System\HsRNeqN.exe
  2⤵
  PID:7028
- C:\Windows\System\hGbLXda.exe
  C:\Windows\System\hGbLXda.exe
  2⤵
  PID:7156
- C:\Windows\System\cYMrFAw.exe
  C:\Windows\System\cYMrFAw.exe
  2⤵
  PID:6356
- C:\Windows\System\hntCgtV.exe
  C:\Windows\System\hntCgtV.exe
  2⤵
  PID:6488
- C:\Windows\System\ddmWpIT.exe
  C:\Windows\System\ddmWpIT.exe
  2⤵
  PID:6308
- C:\Windows\System\LXJXKMD.exe
  C:\Windows\System\LXJXKMD.exe
  2⤵
  PID:6680
- C:\Windows\System\xLvbMtJ.exe
  C:\Windows\System\xLvbMtJ.exe
  2⤵
  PID:6632
- C:\Windows\System\GXAKrLq.exe
  C:\Windows\System\GXAKrLq.exe
  2⤵
  PID:6808
- C:\Windows\System\EPMSmTk.exe
  C:\Windows\System\EPMSmTk.exe
  2⤵
  PID:1516
- C:\Windows\System\jyLRaZr.exe
  C:\Windows\System\jyLRaZr.exe
  2⤵
  PID:6852
- C:\Windows\System\VBoAHep.exe
  C:\Windows\System\VBoAHep.exe
  2⤵
  PID:6820
- C:\Windows\System\DEhQwIZ.exe
  C:\Windows\System\DEhQwIZ.exe
  2⤵
  PID:6248
- C:\Windows\System\SFWgbmA.exe
  C:\Windows\System\SFWgbmA.exe
  2⤵
  PID:1548
- C:\Windows\System\VyppfBd.exe
  C:\Windows\System\VyppfBd.exe
  2⤵
  PID:6636
- C:\Windows\System\qpCMoya.exe
  C:\Windows\System\qpCMoya.exe
  2⤵
  PID:7044
- C:\Windows\System\qLLiBOV.exe
  C:\Windows\System\qLLiBOV.exe
  2⤵
  PID:1128
- C:\Windows\System\UvkwOLn.exe
  C:\Windows\System\UvkwOLn.exe
  2⤵
  PID:6688
- C:\Windows\System\WYpqQYS.exe
  C:\Windows\System\WYpqQYS.exe
  2⤵
  PID:4436
- C:\Windows\System\IwbfCYS.exe
  C:\Windows\System\IwbfCYS.exe
  2⤵
  PID:6732
- C:\Windows\System\QVidcKN.exe
  C:\Windows\System\QVidcKN.exe
  2⤵
  PID:6280
- C:\Windows\System\PosSoQP.exe
  C:\Windows\System\PosSoQP.exe
  2⤵
  PID:6804
- C:\Windows\System\DpqNoNL.exe
  C:\Windows\System\DpqNoNL.exe
  2⤵
  PID:6416
- C:\Windows\System\eabjMzI.exe
  C:\Windows\System\eabjMzI.exe
  2⤵
  PID:1404
- C:\Windows\System\uWxVwtP.exe
  C:\Windows\System\uWxVwtP.exe
  2⤵
  PID:7056
- C:\Windows\System\tbBhOMe.exe
  C:\Windows\System\tbBhOMe.exe
  2⤵
  PID:6572
- C:\Windows\System\PcywILZ.exe
  C:\Windows\System\PcywILZ.exe
  2⤵
  PID:6172
- C:\Windows\System\BaYdXQo.exe
  C:\Windows\System\BaYdXQo.exe
  2⤵
  PID:7136
- C:\Windows\System\IDLBAvB.exe
  C:\Windows\System\IDLBAvB.exe
  2⤵
  PID:1736
- C:\Windows\System\ZzGUUDY.exe
  C:\Windows\System\ZzGUUDY.exe
  2⤵
  PID:6552
- C:\Windows\System\iqYMqal.exe
  C:\Windows\System\iqYMqal.exe
  2⤵
  PID:6232
- C:\Windows\System\nNAQaGD.exe
  C:\Windows\System\nNAQaGD.exe
  2⤵
  PID:7184
- C:\Windows\System\rROMrXw.exe
  C:\Windows\System\rROMrXw.exe
  2⤵
  PID:7216
- C:\Windows\System\DtwTHqH.exe
  C:\Windows\System\DtwTHqH.exe
  2⤵
  PID:7232
- C:\Windows\System\jIyQjse.exe
  C:\Windows\System\jIyQjse.exe
  2⤵
  PID:7248
- C:\Windows\System\bwijPwG.exe
  C:\Windows\System\bwijPwG.exe
  2⤵
  PID:7264
- C:\Windows\System\AEaUcrc.exe
  C:\Windows\System\AEaUcrc.exe
  2⤵
  PID:7284
- C:\Windows\System\hrdMdld.exe
  C:\Windows\System\hrdMdld.exe
  2⤵
  PID:7308
- C:\Windows\System\JTdfQOy.exe
  C:\Windows\System\JTdfQOy.exe
  2⤵
  PID:7324
- C:\Windows\System\KzSDgxx.exe
  C:\Windows\System\KzSDgxx.exe
  2⤵
  PID:7344
- C:\Windows\System\HeQJkEk.exe
  C:\Windows\System\HeQJkEk.exe
  2⤵
  PID:7380
- C:\Windows\System\JUdphgf.exe
  C:\Windows\System\JUdphgf.exe
  2⤵
  PID:7400
- C:\Windows\System\PWjYzAf.exe
  C:\Windows\System\PWjYzAf.exe
  2⤵
  PID:7416
- C:\Windows\System\HsSeKHy.exe
  C:\Windows\System\HsSeKHy.exe
  2⤵
  PID:7432
- C:\Windows\System\MHnGHKT.exe
  C:\Windows\System\MHnGHKT.exe
  2⤵
  PID:7452
- C:\Windows\System\ovImmOG.exe
  C:\Windows\System\ovImmOG.exe
  2⤵
  PID:7480
- C:\Windows\System\MBLjbxs.exe
  C:\Windows\System\MBLjbxs.exe
  2⤵
  PID:7496
- C:\Windows\System\gBKEuKJ.exe
  C:\Windows\System\gBKEuKJ.exe
  2⤵
  PID:7512
- C:\Windows\System\BEmCbze.exe
  C:\Windows\System\BEmCbze.exe
  2⤵
  PID:7532
- C:\Windows\System\LXNgjHz.exe
  C:\Windows\System\LXNgjHz.exe
  2⤵
  PID:7560
- C:\Windows\System\sfDAOsM.exe
  C:\Windows\System\sfDAOsM.exe
  2⤵
  PID:7580
- C:\Windows\System\KYnvFly.exe
  C:\Windows\System\KYnvFly.exe
  2⤵
  PID:7596
- C:\Windows\System\kUbjHcd.exe
  C:\Windows\System\kUbjHcd.exe
  2⤵
  PID:7616
- C:\Windows\System\oWrVorS.exe
  C:\Windows\System\oWrVorS.exe
  2⤵
  PID:7632
- C:\Windows\System\TUUnNoE.exe
  C:\Windows\System\TUUnNoE.exe
  2⤵
  PID:7668
- C:\Windows\System\RfJgNRr.exe
  C:\Windows\System\RfJgNRr.exe
  2⤵
  PID:7688
- C:\Windows\System\IgZCZBe.exe
  C:\Windows\System\IgZCZBe.exe
  2⤵
  PID:7704
- C:\Windows\System\oiOXSAw.exe
  C:\Windows\System\oiOXSAw.exe
  2⤵
  PID:7720
- C:\Windows\System\cmciBmR.exe
  C:\Windows\System\cmciBmR.exe
  2⤵
  PID:7740
- C:\Windows\System\tvDQzIz.exe
  C:\Windows\System\tvDQzIz.exe
  2⤵
  PID:7768
- C:\Windows\System\NBqpNNs.exe
  C:\Windows\System\NBqpNNs.exe
  2⤵
  PID:7784
- C:\Windows\System\UWvzAFo.exe
  C:\Windows\System\UWvzAFo.exe
  2⤵
  PID:7816
- C:\Windows\System\lAjRgcY.exe
  C:\Windows\System\lAjRgcY.exe
  2⤵
  PID:7832
- C:\Windows\System\YmtklNk.exe
  C:\Windows\System\YmtklNk.exe
  2⤵
  PID:7848
- C:\Windows\System\dAKlSHb.exe
  C:\Windows\System\dAKlSHb.exe
  2⤵
  PID:7864
- C:\Windows\System\gRNJoHz.exe
  C:\Windows\System\gRNJoHz.exe
  2⤵
  PID:7908
- C:\Windows\System\OwOjMAY.exe
  C:\Windows\System\OwOjMAY.exe
  2⤵
  PID:7924
- C:\Windows\System\qqWJVND.exe
  C:\Windows\System\qqWJVND.exe
  2⤵
  PID:7944
- C:\Windows\System\LcINAgd.exe
  C:\Windows\System\LcINAgd.exe
  2⤵
  PID:7960
- C:\Windows\System\NyBASBV.exe
  C:\Windows\System\NyBASBV.exe
  2⤵
  PID:7980
- C:\Windows\System\wHLvmuW.exe
  C:\Windows\System\wHLvmuW.exe
  2⤵
  PID:7996
- C:\Windows\System\bNOmwdu.exe
  C:\Windows\System\bNOmwdu.exe
  2⤵
  PID:8016
- C:\Windows\System\eOssDKD.exe
  C:\Windows\System\eOssDKD.exe
  2⤵
  PID:8032
- C:\Windows\System\gZmkSIM.exe
  C:\Windows\System\gZmkSIM.exe
  2⤵
  PID:8056
- C:\Windows\System\VIdTLkT.exe
  C:\Windows\System\VIdTLkT.exe
  2⤵
  PID:8072
- C:\Windows\System\gZQZaVW.exe
  C:\Windows\System\gZQZaVW.exe
  2⤵
  PID:8092
- C:\Windows\System\EhlHxwK.exe
  C:\Windows\System\EhlHxwK.exe
  2⤵
  PID:8140
- C:\Windows\System\UXkSpmm.exe
  C:\Windows\System\UXkSpmm.exe
  2⤵
  PID:8160
- C:\Windows\System\EfsSMta.exe
  C:\Windows\System\EfsSMta.exe
  2⤵
  PID:8176
- C:\Windows\System\bmfyKtF.exe
  C:\Windows\System\bmfyKtF.exe
  2⤵
  PID:1276
- C:\Windows\System\mVDdHVu.exe
  C:\Windows\System\mVDdHVu.exe
  2⤵
  PID:6800
- C:\Windows\System\XoqFaHk.exe
  C:\Windows\System\XoqFaHk.exe
  2⤵
  PID:7208
- C:\Windows\System\sJQZgQr.exe
  C:\Windows\System\sJQZgQr.exe
  2⤵
  PID:6212
- C:\Windows\System\mseWSkP.exe
  C:\Windows\System\mseWSkP.exe
  2⤵
  PID:7224
- C:\Windows\System\aQdLoam.exe
  C:\Windows\System\aQdLoam.exe
  2⤵
  PID:7304
- C:\Windows\System\nnRDWuY.exe
  C:\Windows\System\nnRDWuY.exe
  2⤵
  PID:7244
- C:\Windows\System\BlfOaiF.exe
  C:\Windows\System\BlfOaiF.exe
  2⤵
  PID:7320
- C:\Windows\System\eyitbbl.exe
  C:\Windows\System\eyitbbl.exe
  2⤵
  PID:7364
- C:\Windows\System\nkISLdv.exe
  C:\Windows\System\nkISLdv.exe
  2⤵
  PID:7392
- C:\Windows\System\vDTdtNq.exe
  C:\Windows\System\vDTdtNq.exe
  2⤵
  PID:7440
- C:\Windows\System\sukatkS.exe
  C:\Windows\System\sukatkS.exe
  2⤵
  PID:7508
- C:\Windows\System\bKwnFdB.exe
  C:\Windows\System\bKwnFdB.exe
  2⤵
  PID:7556
- C:\Windows\System\TJrWoHG.exe
  C:\Windows\System\TJrWoHG.exe
  2⤵
  PID:7588
- C:\Windows\System\pBjVABZ.exe
  C:\Windows\System\pBjVABZ.exe
  2⤵
  PID:7572
- C:\Windows\System\TgTgCHR.exe
  C:\Windows\System\TgTgCHR.exe
  2⤵
  PID:7568
- C:\Windows\System\henPxJy.exe
  C:\Windows\System\henPxJy.exe
  2⤵
  PID:7664
- C:\Windows\System\rMwAVjv.exe
  C:\Windows\System\rMwAVjv.exe
  2⤵
  PID:552
- C:\Windows\System\RgHiLTV.exe
  C:\Windows\System\RgHiLTV.exe
  2⤵
  PID:7764
- C:\Windows\System\JuNIPkY.exe
  C:\Windows\System\JuNIPkY.exe
  2⤵
  PID:7648
- C:\Windows\System\enMCdOz.exe
  C:\Windows\System\enMCdOz.exe
  2⤵
  PID:7776
- C:\Windows\System\SQfDViU.exe
  C:\Windows\System\SQfDViU.exe
  2⤵
  PID:7736
- C:\Windows\System\weXUnRL.exe
  C:\Windows\System\weXUnRL.exe
  2⤵
  PID:7844
- C:\Windows\System\fGXrxIp.exe
  C:\Windows\System\fGXrxIp.exe
  2⤵
  PID:7872
- C:\Windows\System\fqiMbPg.exe
  C:\Windows\System\fqiMbPg.exe
  2⤵
  PID:7824
- C:\Windows\System\IdUHuIe.exe
  C:\Windows\System\IdUHuIe.exe
  2⤵
  PID:7892
- C:\Windows\System\UgQlVHZ.exe
  C:\Windows\System\UgQlVHZ.exe
  2⤵
  PID:7896
- C:\Windows\System\EtLgRaC.exe
  C:\Windows\System\EtLgRaC.exe
  2⤵
  PID:7956
- C:\Windows\System\VOfdGxT.exe
  C:\Windows\System\VOfdGxT.exe
  2⤵
  PID:8024
- C:\Windows\System\odMqvYa.exe
  C:\Windows\System\odMqvYa.exe
  2⤵
  PID:8100
- C:\Windows\System\XGOsNfo.exe
  C:\Windows\System\XGOsNfo.exe
  2⤵
  PID:8120
- C:\Windows\System\KajWrkO.exe
  C:\Windows\System\KajWrkO.exe
  2⤵
  PID:7936
- C:\Windows\System\VoONZBR.exe
  C:\Windows\System\VoONZBR.exe
  2⤵
  PID:7976
- C:\Windows\System\YUYLRBx.exe
  C:\Windows\System\YUYLRBx.exe
  2⤵
  PID:8048
- C:\Windows\System\NnHgIkY.exe
  C:\Windows\System\NnHgIkY.exe
  2⤵
  PID:8128
- C:\Windows\System\PwFvoaq.exe
  C:\Windows\System\PwFvoaq.exe
  2⤵
  PID:6892
- C:\Windows\System\oIJnfyE.exe
  C:\Windows\System\oIJnfyE.exe
  2⤵
  PID:7132
- C:\Windows\System\SSRIEsK.exe
  C:\Windows\System\SSRIEsK.exe
  2⤵
  PID:8152
- C:\Windows\System\ULazjfC.exe
  C:\Windows\System\ULazjfC.exe
  2⤵
  PID:5488
- C:\Windows\System\SnUIxBG.exe
  C:\Windows\System\SnUIxBG.exe
  2⤵
  PID:7296
- C:\Windows\System\UVFCDQS.exe
  C:\Windows\System\UVFCDQS.exe
  2⤵
  PID:7204
- C:\Windows\System\TqhAyuf.exe
  C:\Windows\System\TqhAyuf.exe
  2⤵
  PID:7376
- C:\Windows\System\JDIlUjq.exe
  C:\Windows\System\JDIlUjq.exe
  2⤵
  PID:7424
- C:\Windows\System\weMXlaI.exe
  C:\Windows\System\weMXlaI.exe
  2⤵
  PID:7468
- C:\Windows\System\SEQwRoz.exe
  C:\Windows\System\SEQwRoz.exe
  2⤵
  PID:7428
- C:\Windows\System\joCvAHX.exe
  C:\Windows\System\joCvAHX.exe
  2⤵
  PID:2832
- C:\Windows\System\wEkceki.exe
  C:\Windows\System\wEkceki.exe
  2⤵
  PID:7492
- C:\Windows\System\hrLVPaD.exe
  C:\Windows\System\hrLVPaD.exe
  2⤵
  PID:7464
- C:\Windows\System\XGvCdfW.exe
  C:\Windows\System\XGvCdfW.exe
  2⤵
  PID:7604
- C:\Windows\System\kOCFNat.exe
  C:\Windows\System\kOCFNat.exe
  2⤵
  PID:7716
- C:\Windows\System\qgXgFRt.exe
  C:\Windows\System\qgXgFRt.exe
  2⤵
  PID:7552
- C:\Windows\System\pimETJb.exe
  C:\Windows\System\pimETJb.exe
  2⤵
  PID:7628
- C:\Windows\System\DdolKEM.exe
  C:\Windows\System\DdolKEM.exe
  2⤵
  PID:7728
- C:\Windows\System\qHEQbrB.exe
  C:\Windows\System\qHEQbrB.exe
  2⤵
  PID:1052
- C:\Windows\System\LbpWPYO.exe
  C:\Windows\System\LbpWPYO.exe
  2⤵
  PID:7876
- C:\Windows\System\iRHfVIZ.exe
  C:\Windows\System\iRHfVIZ.exe
  2⤵
  PID:1884
- C:\Windows\System\uSmhKuL.exe
  C:\Windows\System\uSmhKuL.exe
  2⤵
  PID:8028
- C:\Windows\System\pBIfIXh.exe
  C:\Windows\System\pBIfIXh.exe
  2⤵
  PID:7972
- C:\Windows\System\pmByxBQ.exe
  C:\Windows\System\pmByxBQ.exe
  2⤵
  PID:8080
- C:\Windows\System\GBDdhxt.exe
  C:\Windows\System\GBDdhxt.exe
  2⤵
  PID:8012
- C:\Windows\System\mYMrCGd.exe
  C:\Windows\System\mYMrCGd.exe
  2⤵
  PID:8044
- C:\Windows\System\SzXZhtD.exe
  C:\Windows\System\SzXZhtD.exe
  2⤵
  PID:7200
- C:\Windows\System\UKaVjBl.exe
  C:\Windows\System\UKaVjBl.exe
  2⤵
  PID:7272
- C:\Windows\System\xqBDsJS.exe
  C:\Windows\System\xqBDsJS.exe
  2⤵
  PID:7356
- C:\Windows\System\BMtGORY.exe
  C:\Windows\System\BMtGORY.exe
  2⤵
  PID:7360
- C:\Windows\System\UvfAxCc.exe
  C:\Windows\System\UvfAxCc.exe
  2⤵
  PID:7900
- C:\Windows\System\iPTlhsw.exe
  C:\Windows\System\iPTlhsw.exe
  2⤵
  PID:7612
- C:\Windows\System\hWauUuC.exe
  C:\Windows\System\hWauUuC.exe
  2⤵
  PID:1424
- C:\Windows\System\OQJXbfB.exe
  C:\Windows\System\OQJXbfB.exe
  2⤵
  PID:7856
- C:\Windows\System\IiOQKzS.exe
  C:\Windows\System\IiOQKzS.exe
  2⤵
  PID:7608
- C:\Windows\System\iOSAByz.exe
  C:\Windows\System\iOSAByz.exe
  2⤵
  PID:7968
- C:\Windows\System\gjJrbXf.exe
  C:\Windows\System\gjJrbXf.exe
  2⤵
  PID:6048
- C:\Windows\System\fguxELu.exe
  C:\Windows\System\fguxELu.exe
  2⤵
  PID:2776
- C:\Windows\System\kizoqQJ.exe
  C:\Windows\System\kizoqQJ.exe
  2⤵
  PID:7952
- C:\Windows\System\nqSEyOK.exe
  C:\Windows\System\nqSEyOK.exe
  2⤵
  PID:7196
- C:\Windows\System\EPZdesk.exe
  C:\Windows\System\EPZdesk.exe
  2⤵
  PID:7712
- C:\Windows\System\HKLlQBN.exe
  C:\Windows\System\HKLlQBN.exe
  2⤵
  PID:7988
- C:\Windows\System\LRAmarP.exe
  C:\Windows\System\LRAmarP.exe
  2⤵
  PID:7256
- C:\Windows\System\PPcHMVH.exe
  C:\Windows\System\PPcHMVH.exe
  2⤵
  PID:7412
- C:\Windows\System\yZDSETV.exe
  C:\Windows\System\yZDSETV.exe
  2⤵
  PID:2004
- C:\Windows\System\FZssvss.exe
  C:\Windows\System\FZssvss.exe
  2⤵
  PID:8168
- C:\Windows\System\xwazlEg.exe
  C:\Windows\System\xwazlEg.exe
  2⤵
  PID:8196
- C:\Windows\System\XiQhBBy.exe
  C:\Windows\System\XiQhBBy.exe
  2⤵
  PID:8212
- C:\Windows\System\pcxysSs.exe
  C:\Windows\System\pcxysSs.exe
  2⤵
  PID:8228
- C:\Windows\System\AWSKMSI.exe
  C:\Windows\System\AWSKMSI.exe
  2⤵
  PID:8244
- C:\Windows\System\purAVSz.exe
  C:\Windows\System\purAVSz.exe
  2⤵
  PID:8260
- C:\Windows\System\iVwyJXy.exe
  C:\Windows\System\iVwyJXy.exe
  2⤵
  PID:8276
- C:\Windows\System\NXNKSWE.exe
  C:\Windows\System\NXNKSWE.exe
  2⤵
  PID:8292
- C:\Windows\System\YkzMZir.exe
  C:\Windows\System\YkzMZir.exe
  2⤵
  PID:8308
- C:\Windows\System\AcQaxyR.exe
  C:\Windows\System\AcQaxyR.exe
  2⤵
  PID:8324
- C:\Windows\System\ESpPCSO.exe
  C:\Windows\System\ESpPCSO.exe
  2⤵
  PID:8344
- C:\Windows\System\JMKZruH.exe
  C:\Windows\System\JMKZruH.exe
  2⤵
  PID:8360
- C:\Windows\System\eENumGI.exe
  C:\Windows\System\eENumGI.exe
  2⤵
  PID:8376
- C:\Windows\System\Hsreaul.exe
  C:\Windows\System\Hsreaul.exe
  2⤵
  PID:8392
- C:\Windows\System\RRsHqHM.exe
  C:\Windows\System\RRsHqHM.exe
  2⤵
  PID:8408
- C:\Windows\System\lixNOqk.exe
  C:\Windows\System\lixNOqk.exe
  2⤵
  PID:8424
- C:\Windows\System\YygBSRM.exe
  C:\Windows\System\YygBSRM.exe
  2⤵
  PID:8444
- C:\Windows\System\ZENlXZr.exe
  C:\Windows\System\ZENlXZr.exe
  2⤵
  PID:8460
- C:\Windows\System\ZhGocwV.exe
  C:\Windows\System\ZhGocwV.exe
  2⤵
  PID:8476
- C:\Windows\System\FlXETBR.exe
  C:\Windows\System\FlXETBR.exe
  2⤵
  PID:8492
- C:\Windows\System\SYAYySj.exe
  C:\Windows\System\SYAYySj.exe
  2⤵
  PID:8508
- C:\Windows\System\IjtVEdm.exe
  C:\Windows\System\IjtVEdm.exe
  2⤵
  PID:8536
- C:\Windows\System\HVNPKSH.exe
  C:\Windows\System\HVNPKSH.exe
  2⤵
  PID:8560
- C:\Windows\System\ZFRDnyU.exe
  C:\Windows\System\ZFRDnyU.exe
  2⤵
  PID:8576
- C:\Windows\System\bUJYoSh.exe
  C:\Windows\System\bUJYoSh.exe
  2⤵
  PID:8596
- C:\Windows\System\RcwDLii.exe
  C:\Windows\System\RcwDLii.exe
  2⤵
  PID:8636
- C:\Windows\System\Xvgpwyv.exe
  C:\Windows\System\Xvgpwyv.exe
  2⤵
  PID:8656
- C:\Windows\System\rJcAnpB.exe
  C:\Windows\System\rJcAnpB.exe
  2⤵
  PID:8672
- C:\Windows\System\OSdZBbZ.exe
  C:\Windows\System\OSdZBbZ.exe
  2⤵
  PID:8688
- C:\Windows\System\FpclaeS.exe
  C:\Windows\System\FpclaeS.exe
  2⤵
  PID:8704
- C:\Windows\System\YOhDFFJ.exe
  C:\Windows\System\YOhDFFJ.exe
  2⤵
  PID:8720
- C:\Windows\System\GtANJZQ.exe
  C:\Windows\System\GtANJZQ.exe
  2⤵
  PID:8736
- C:\Windows\System\iUzXdyw.exe
  C:\Windows\System\iUzXdyw.exe
  2⤵
  PID:8752
- C:\Windows\System\ecKdFeE.exe
  C:\Windows\System\ecKdFeE.exe
  2⤵
  PID:8768
- C:\Windows\System\EVqaFPe.exe
  C:\Windows\System\EVqaFPe.exe
  2⤵
  PID:8784
- C:\Windows\System\zoNiuMI.exe
  C:\Windows\System\zoNiuMI.exe
  2⤵
  PID:8800
- C:\Windows\System\iERJfpD.exe
  C:\Windows\System\iERJfpD.exe
  2⤵
  PID:8816
- C:\Windows\System\hMGVgnc.exe
  C:\Windows\System\hMGVgnc.exe
  2⤵
  PID:8832
- C:\Windows\System\cYPDqWg.exe
  C:\Windows\System\cYPDqWg.exe
  2⤵
  PID:8852
- C:\Windows\System\gAtZnGg.exe
  C:\Windows\System\gAtZnGg.exe
  2⤵
  PID:8868
- C:\Windows\System\VlQrsLk.exe
  C:\Windows\System\VlQrsLk.exe
  2⤵
  PID:8884
- C:\Windows\System\OIsfSWR.exe
  C:\Windows\System\OIsfSWR.exe
  2⤵
  PID:8900
- C:\Windows\System\XhTSCmQ.exe
  C:\Windows\System\XhTSCmQ.exe
  2⤵
  PID:8916
- C:\Windows\System\RWMBAdA.exe
  C:\Windows\System\RWMBAdA.exe
  2⤵
  PID:8932
- C:\Windows\System\OUTmaBp.exe
  C:\Windows\System\OUTmaBp.exe
  2⤵
  PID:8948
- C:\Windows\System\YECSLVY.exe
  C:\Windows\System\YECSLVY.exe
  2⤵
  PID:8964
- C:\Windows\System\XhvFqBy.exe
  C:\Windows\System\XhvFqBy.exe
  2⤵
  PID:8984
- C:\Windows\System\yLQzaSe.exe
  C:\Windows\System\yLQzaSe.exe
  2⤵
  PID:9000
- C:\Windows\System\wpheZpT.exe
  C:\Windows\System\wpheZpT.exe
  2⤵
  PID:9016
- C:\Windows\System\ghDtEtA.exe
  C:\Windows\System\ghDtEtA.exe
  2⤵
  PID:9032
- C:\Windows\System\BRgcSNF.exe
  C:\Windows\System\BRgcSNF.exe
  2⤵
  PID:9048
- C:\Windows\System\QXkjpOK.exe
  C:\Windows\System\QXkjpOK.exe
  2⤵
  PID:9064
- C:\Windows\System\RATJgYd.exe
  C:\Windows\System\RATJgYd.exe
  2⤵
  PID:9080
- C:\Windows\System\SpMsLPW.exe
  C:\Windows\System\SpMsLPW.exe
  2⤵
  PID:9096
- C:\Windows\System\EinOtYz.exe
  C:\Windows\System\EinOtYz.exe
  2⤵
  PID:9112
- C:\Windows\System\YAdOWds.exe
  C:\Windows\System\YAdOWds.exe
  2⤵
  PID:9132
- C:\Windows\System\AoYhEYX.exe
  C:\Windows\System\AoYhEYX.exe
  2⤵
  PID:9148
- C:\Windows\System\jEWrZNA.exe
  C:\Windows\System\jEWrZNA.exe
  2⤵
  PID:9168
- C:\Windows\System\vmzWqXW.exe
  C:\Windows\System\vmzWqXW.exe
  2⤵
  PID:9184
- C:\Windows\System\iYHhYKH.exe
  C:\Windows\System\iYHhYKH.exe
  2⤵
  PID:9200
- C:\Windows\System\GOWhwfi.exe
  C:\Windows\System\GOWhwfi.exe
  2⤵
  PID:8116
- C:\Windows\System\DHDIoPw.exe
  C:\Windows\System\DHDIoPw.exe
  2⤵
  PID:7792
- C:\Windows\System\wNFvxbP.exe
  C:\Windows\System\wNFvxbP.exe
  2⤵
  PID:7488
- C:\Windows\System\xLZEVgZ.exe
  C:\Windows\System\xLZEVgZ.exe
  2⤵
  PID:8252
- C:\Windows\System\EePNfPG.exe
  C:\Windows\System\EePNfPG.exe
  2⤵
  PID:8236
- C:\Windows\System\SEXmhce.exe
  C:\Windows\System\SEXmhce.exe
  2⤵
  PID:8316
- C:\Windows\System\yLuHCff.exe
  C:\Windows\System\yLuHCff.exe
  2⤵
  PID:8356
- C:\Windows\System\xSjBVWu.exe
  C:\Windows\System\xSjBVWu.exe
  2⤵
  PID:8368
- C:\Windows\System\MlbrXpI.exe
  C:\Windows\System\MlbrXpI.exe
  2⤵
  PID:8332
- C:\Windows\System\tCsVwlm.exe
  C:\Windows\System\tCsVwlm.exe
  2⤵
  PID:8456
- C:\Windows\System\OYssLAr.exe
  C:\Windows\System\OYssLAr.exe
  2⤵
  PID:8468
- C:\Windows\System\wSSghoK.exe
  C:\Windows\System\wSSghoK.exe
  2⤵
  PID:8488
- C:\Windows\System\hgasGwt.exe
  C:\Windows\System\hgasGwt.exe
  2⤵
  PID:8500
- C:\Windows\System\PAYrFCy.exe
  C:\Windows\System\PAYrFCy.exe
  2⤵
  PID:8572
- C:\Windows\System\QCjhHNw.exe
  C:\Windows\System\QCjhHNw.exe
  2⤵
  PID:8556
- C:\Windows\System\TAtkiVR.exe
  C:\Windows\System\TAtkiVR.exe
  2⤵
  PID:8608
- C:\Windows\System\mSxwnUs.exe
  C:\Windows\System\mSxwnUs.exe
  2⤵
  PID:8620
- C:\Windows\System\UyTUggo.exe
  C:\Windows\System\UyTUggo.exe
  2⤵
  PID:8648
- C:\Windows\System\WsFYjUK.exe
  C:\Windows\System\WsFYjUK.exe
  2⤵
  PID:8684
- C:\Windows\System\EIMKQpi.exe
  C:\Windows\System\EIMKQpi.exe
  2⤵
  PID:8732
- C:\Windows\System\neDZXRq.exe
  C:\Windows\System\neDZXRq.exe
  2⤵
  PID:8792
- C:\Windows\System\pQnlOvx.exe
  C:\Windows\System\pQnlOvx.exe
  2⤵
  PID:8824
- C:\Windows\System\BqSmnNB.exe
  C:\Windows\System\BqSmnNB.exe
  2⤵
  PID:8840
- C:\Windows\System\mOViWaX.exe
  C:\Windows\System\mOViWaX.exe
  2⤵
  PID:8876
- C:\Windows\System\SYeCVQI.exe
  C:\Windows\System\SYeCVQI.exe
  2⤵
  PID:8924
- C:\Windows\System\vpGZeFW.exe
  C:\Windows\System\vpGZeFW.exe
  2⤵
  PID:8940
- C:\Windows\System\oCAsyQy.exe
  C:\Windows\System\oCAsyQy.exe
  2⤵
  PID:8992
- C:\Windows\System\hMgiQAl.exe
  C:\Windows\System\hMgiQAl.exe
  2⤵
  PID:9008
- C:\Windows\System\XRsJvlD.exe
  C:\Windows\System\XRsJvlD.exe
  2⤵
  PID:9088
- C:\Windows\System\hXSTdsW.exe
  C:\Windows\System\hXSTdsW.exe
  2⤵
  PID:9072
- C:\Windows\System\ZoyRjVZ.exe
  C:\Windows\System\ZoyRjVZ.exe
  2⤵
  PID:9124
- C:\Windows\System\YdvORKr.exe
  C:\Windows\System\YdvORKr.exe
  2⤵
  PID:9160
- C:\Windows\System\MweApsJ.exe
  C:\Windows\System\MweApsJ.exe
  2⤵
  PID:9176
- C:\Windows\System\zBodzUx.exe
  C:\Windows\System\zBodzUx.exe
  2⤵
  PID:7760
- C:\Windows\System\iYVrUsu.exe
  C:\Windows\System\iYVrUsu.exe
  2⤵
  PID:8220
- C:\Windows\System\rkHQpcW.exe
  C:\Windows\System\rkHQpcW.exe
  2⤵
  PID:8284
- C:\Windows\System\SIknSNd.exe
  C:\Windows\System\SIknSNd.exe
  2⤵
  PID:8420
- C:\Windows\System\DWJnNdl.exe
  C:\Windows\System\DWJnNdl.exe
  2⤵
  PID:8268
- C:\Windows\System\IYzHnZj.exe
  C:\Windows\System\IYzHnZj.exe
  2⤵
  PID:8352
- C:\Windows\System\PfIhBFK.exe
  C:\Windows\System\PfIhBFK.exe
  2⤵
  PID:8400
- C:\Windows\System\AkynIZD.exe
  C:\Windows\System\AkynIZD.exe
  2⤵
  PID:8532
- C:\Windows\System\lvipgSb.exe
  C:\Windows\System\lvipgSb.exe
  2⤵
  PID:8604
- C:\Windows\System\ctakBSn.exe
  C:\Windows\System\ctakBSn.exe
  2⤵
  PID:8712
- C:\Windows\System\ILgDjpK.exe
  C:\Windows\System\ILgDjpK.exe
  2⤵
  PID:8696
- C:\Windows\System\dOknjXU.exe
  C:\Windows\System\dOknjXU.exe
  2⤵
  PID:8744
- C:\Windows\System\WjoMEYL.exe
  C:\Windows\System\WjoMEYL.exe
  2⤵
  PID:8864
- C:\Windows\System\KXmWGzH.exe
  C:\Windows\System\KXmWGzH.exe
  2⤵
  PID:8716
- C:\Windows\System\LAdmbqd.exe
  C:\Windows\System\LAdmbqd.exe
  2⤵
  PID:9108
- C:\Windows\System\pwxXTzT.exe
  C:\Windows\System\pwxXTzT.exe
  2⤵
  PID:9196
- C:\Windows\System\PnQuItt.exe
  C:\Windows\System\PnQuItt.exe
  2⤵
  PID:8764
- C:\Windows\System\JERyBME.exe
  C:\Windows\System\JERyBME.exe
  2⤵
  PID:9208
- C:\Windows\System\XywSDjh.exe
  C:\Windows\System\XywSDjh.exe
  2⤵
  PID:8960
- C:\Windows\System\fEThThu.exe
  C:\Windows\System\fEThThu.exe
  2⤵
  PID:9060
- C:\Windows\System\bTWfbfS.exe
  C:\Windows\System\bTWfbfS.exe
  2⤵
  PID:8372
- C:\Windows\System\KhYKiaR.exe
  C:\Windows\System\KhYKiaR.exe
  2⤵
  PID:8208
- C:\Windows\System\OxqSvtI.exe
  C:\Windows\System\OxqSvtI.exe
  2⤵
  PID:8436
- C:\Windows\System\yMdUCXj.exe
  C:\Windows\System\yMdUCXj.exe
  2⤵
  PID:8528
- C:\Windows\System\RfgzTUa.exe
  C:\Windows\System\RfgzTUa.exe
  2⤵
  PID:8668
- C:\Windows\System\xlTCRwN.exe
  C:\Windows\System\xlTCRwN.exe
  2⤵
  PID:8912
- C:\Windows\System\orLBQyV.exe
  C:\Windows\System\orLBQyV.exe
  2⤵
  PID:8812
- C:\Windows\System\qznTPxT.exe
  C:\Windows\System\qznTPxT.exe
  2⤵
  PID:8928
- C:\Windows\System\ZfYMFzq.exe
  C:\Windows\System\ZfYMFzq.exe
  2⤵
  PID:8828
- C:\Windows\System\HpJTwct.exe
  C:\Windows\System\HpJTwct.exe
  2⤵
  PID:8340
- C:\Windows\System\iOfCrGp.exe
  C:\Windows\System\iOfCrGp.exe
  2⤵
  PID:8272
- C:\Windows\System\LqBCYTc.exe
  C:\Windows\System\LqBCYTc.exe
  2⤵
  PID:8972
- C:\Windows\System\ZzTWvYN.exe
  C:\Windows\System\ZzTWvYN.exe
  2⤵
  PID:9140
- C:\Windows\System\XjxjCzl.exe
  C:\Windows\System\XjxjCzl.exe
  2⤵
  PID:8524
- C:\Windows\System\gglkppE.exe
  C:\Windows\System\gglkppE.exe
  2⤵
  PID:8780
- C:\Windows\System\FCPVKKz.exe
  C:\Windows\System\FCPVKKz.exe
  2⤵
  PID:9156
- C:\Windows\System\WkUaBiK.exe
  C:\Windows\System\WkUaBiK.exe
  2⤵
  PID:8880
- C:\Windows\System\tNKchsA.exe
  C:\Windows\System\tNKchsA.exe
  2⤵
  PID:9232
- C:\Windows\System\OROsDkp.exe
  C:\Windows\System\OROsDkp.exe
  2⤵
  PID:9248
- C:\Windows\System\fsDdfhl.exe
  C:\Windows\System\fsDdfhl.exe
  2⤵
  PID:9268
- C:\Windows\System\dMCFhNF.exe
  C:\Windows\System\dMCFhNF.exe
  2⤵
  PID:9288
- C:\Windows\System\FoUMCXx.exe
  C:\Windows\System\FoUMCXx.exe
  2⤵
  PID:9304
- C:\Windows\System\PDAyKzU.exe
  C:\Windows\System\PDAyKzU.exe
  2⤵
  PID:9320
- C:\Windows\System\nGfqBvL.exe
  C:\Windows\System\nGfqBvL.exe
  2⤵
  PID:9336
- C:\Windows\System\snrlSQp.exe
  C:\Windows\System\snrlSQp.exe
  2⤵
  PID:9352
- C:\Windows\System\RcnPOMB.exe
  C:\Windows\System\RcnPOMB.exe
  2⤵
  PID:9368
- C:\Windows\System\knMLytd.exe
  C:\Windows\System\knMLytd.exe
  2⤵
  PID:9384
- C:\Windows\System\cUCfsZd.exe
  C:\Windows\System\cUCfsZd.exe
  2⤵
  PID:9400
- C:\Windows\System\FaVOkvq.exe
  C:\Windows\System\FaVOkvq.exe
  2⤵
  PID:9416
- C:\Windows\System\FzumMEB.exe
  C:\Windows\System\FzumMEB.exe
  2⤵
  PID:9432
- C:\Windows\System\DYOGQET.exe
  C:\Windows\System\DYOGQET.exe
  2⤵
  PID:9448
- C:\Windows\System\CIzztRl.exe
  C:\Windows\System\CIzztRl.exe
  2⤵
  PID:9464
- C:\Windows\System\HQcNmAe.exe
  C:\Windows\System\HQcNmAe.exe
  2⤵
  PID:9480
- C:\Windows\System\hFVEAOU.exe
  C:\Windows\System\hFVEAOU.exe
  2⤵
  PID:9496
- C:\Windows\System\pTzSqSJ.exe
  C:\Windows\System\pTzSqSJ.exe
  2⤵
  PID:9512
- C:\Windows\System\pMwSRQi.exe
  C:\Windows\System\pMwSRQi.exe
  2⤵
  PID:9528
- C:\Windows\System\OOFYreV.exe
  C:\Windows\System\OOFYreV.exe
  2⤵
  PID:9544
- C:\Windows\System\DTqOObf.exe
  C:\Windows\System\DTqOObf.exe
  2⤵
  PID:9560
- C:\Windows\System\eSJkXtq.exe
  C:\Windows\System\eSJkXtq.exe
  2⤵
  PID:9576
- C:\Windows\System\fdIqpgl.exe
  C:\Windows\System\fdIqpgl.exe
  2⤵
  PID:9592
- C:\Windows\System\ANEcbUk.exe
  C:\Windows\System\ANEcbUk.exe
  2⤵
  PID:9624
- C:\Windows\System\IMBUJQm.exe
  C:\Windows\System\IMBUJQm.exe
  2⤵
  PID:9644
- C:\Windows\System\MsVecJf.exe
  C:\Windows\System\MsVecJf.exe
  2⤵
  PID:9668
- C:\Windows\System\RKKTpvi.exe
  C:\Windows\System\RKKTpvi.exe
  2⤵
  PID:9704
- C:\Windows\System\zWRseCj.exe
  C:\Windows\System\zWRseCj.exe
  2⤵
  PID:9720
- C:\Windows\System\vWZwwRh.exe
  C:\Windows\System\vWZwwRh.exe
  2⤵
  PID:9736
- C:\Windows\System\BmbzgGz.exe
  C:\Windows\System\BmbzgGz.exe
  2⤵
  PID:9752
- C:\Windows\System\THjePgW.exe
  C:\Windows\System\THjePgW.exe
  2⤵
  PID:9772
- C:\Windows\System\KkQaSOg.exe
  C:\Windows\System\KkQaSOg.exe
  2⤵
  PID:9788
- C:\Windows\System\PtaYMzn.exe
  C:\Windows\System\PtaYMzn.exe
  2⤵
  PID:9804
- C:\Windows\System\CJiSdAG.exe
  C:\Windows\System\CJiSdAG.exe
  2⤵
  PID:9820
- C:\Windows\System\IbfxXCB.exe
  C:\Windows\System\IbfxXCB.exe
  2⤵
  PID:9836
- C:\Windows\System\udDNvmJ.exe
  C:\Windows\System\udDNvmJ.exe
  2⤵
  PID:9852
- C:\Windows\System\mrgKszs.exe
  C:\Windows\System\mrgKszs.exe
  2⤵
  PID:9868
- C:\Windows\System\HbhUWro.exe
  C:\Windows\System\HbhUWro.exe
  2⤵
  PID:9884
- C:\Windows\System\dJerKwc.exe
  C:\Windows\System\dJerKwc.exe
  2⤵
  PID:9900
- C:\Windows\System\JXvKajq.exe
  C:\Windows\System\JXvKajq.exe
  2⤵
  PID:9916
- C:\Windows\System\JGqEIcq.exe
  C:\Windows\System\JGqEIcq.exe
  2⤵
  PID:9932
- C:\Windows\System\YRmbPiE.exe
  C:\Windows\System\YRmbPiE.exe
  2⤵
  PID:9960
- C:\Windows\System\bMkUNuX.exe
  C:\Windows\System\bMkUNuX.exe
  2⤵
  PID:9980
- C:\Windows\System\LgChoeV.exe
  C:\Windows\System\LgChoeV.exe
  2⤵
  PID:9996
- C:\Windows\System\lctQVNA.exe
  C:\Windows\System\lctQVNA.exe
  2⤵
  PID:10012
- C:\Windows\System\NnWAGAI.exe
  C:\Windows\System\NnWAGAI.exe
  2⤵
  PID:10028
- C:\Windows\System\LRjfLVo.exe
  C:\Windows\System\LRjfLVo.exe
  2⤵
  PID:10044
- C:\Windows\System\VddmHmx.exe
  C:\Windows\System\VddmHmx.exe
  2⤵
  PID:10060
- C:\Windows\System\fuFQsLA.exe
  C:\Windows\System\fuFQsLA.exe
  2⤵
  PID:10076
- C:\Windows\System\DuzSdSj.exe
  C:\Windows\System\DuzSdSj.exe
  2⤵
  PID:10092
- C:\Windows\System\eIacsYK.exe
  C:\Windows\System\eIacsYK.exe
  2⤵
  PID:10112
- C:\Windows\System\xzimxwh.exe
  C:\Windows\System\xzimxwh.exe
  2⤵
  PID:10128
- C:\Windows\System\MhjKqzl.exe
  C:\Windows\System\MhjKqzl.exe
  2⤵
  PID:10144
- C:\Windows\System\BbqChEO.exe
  C:\Windows\System\BbqChEO.exe
  2⤵
  PID:10160
- C:\Windows\System\FHkpcGr.exe
  C:\Windows\System\FHkpcGr.exe
  2⤵
  PID:10176
- C:\Windows\System\BZCxCUE.exe
  C:\Windows\System\BZCxCUE.exe
  2⤵
  PID:10192
- C:\Windows\System\wydMhVz.exe
  C:\Windows\System\wydMhVz.exe
  2⤵
  PID:10208
- C:\Windows\System\SYcwaQE.exe
  C:\Windows\System\SYcwaQE.exe
  2⤵
  PID:10224
- C:\Windows\System\DavjRRk.exe
  C:\Windows\System\DavjRRk.exe
  2⤵
  PID:8320
- C:\Windows\System\yaCvOIN.exe
  C:\Windows\System\yaCvOIN.exe
  2⤵
  PID:8944
- C:\Windows\System\VBMhQGZ.exe
  C:\Windows\System\VBMhQGZ.exe
  2⤵
  PID:8896
- C:\Windows\System\FPigLtX.exe
  C:\Windows\System\FPigLtX.exe
  2⤵
  PID:9228
- C:\Windows\System\qbdIgRs.exe
  C:\Windows\System\qbdIgRs.exe
  2⤵
  PID:9264
- C:\Windows\System\xJBnGyo.exe
  C:\Windows\System\xJBnGyo.exe
  2⤵
  PID:9380
- C:\Windows\System\hVocDTt.exe
  C:\Windows\System\hVocDTt.exe
  2⤵
  PID:9440
- C:\Windows\System\nPUddke.exe
  C:\Windows\System\nPUddke.exe
  2⤵
  PID:9296
- C:\Windows\System\NMUkMIz.exe
  C:\Windows\System\NMUkMIz.exe
  2⤵
  PID:9396
- C:\Windows\System\KVKNtJn.exe
  C:\Windows\System\KVKNtJn.exe
  2⤵
  PID:9460
- C:\Windows\System\THkdiMF.exe
  C:\Windows\System\THkdiMF.exe
  2⤵
  PID:9488
- C:\Windows\System\jSwCfSB.exe
  C:\Windows\System\jSwCfSB.exe
  2⤵
  PID:9536
- C:\Windows\System\qqpkjWl.exe
  C:\Windows\System\qqpkjWl.exe
  2⤵
  PID:9588
- C:\Windows\System\MzejbBV.exe
  C:\Windows\System\MzejbBV.exe
  2⤵
  PID:9540
- C:\Windows\System\ygQHwXd.exe
  C:\Windows\System\ygQHwXd.exe
  2⤵
  PID:9284
- C:\Windows\System\UfCPmAi.exe
  C:\Windows\System\UfCPmAi.exe
  2⤵
  PID:9616
- C:\Windows\System\NKuLWDf.exe
  C:\Windows\System\NKuLWDf.exe
  2⤵
  PID:9664
- C:\Windows\System\bUknLJs.exe
  C:\Windows\System\bUknLJs.exe
  2⤵
  PID:9712
- C:\Windows\System\zWTgeGC.exe
  C:\Windows\System\zWTgeGC.exe
  2⤵
  PID:9696
- C:\Windows\System\sDMuHLU.exe
  C:\Windows\System\sDMuHLU.exe
  2⤵
  PID:9748
- C:\Windows\System\KYyFPBr.exe
  C:\Windows\System\KYyFPBr.exe
  2⤵
  PID:9732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CYQWZnh.exe

Filesize
6.0MB

MD5
3b0dfd9d4e8127ed7d7c4a40927ab8c7

SHA1
07ae56dac0941950075e49cc2f3aa1b3227b3699

SHA256
31ce02d77d74a9a8f2eeece04d3682583824694a5cc7ecf19b671d3210f19eb2

SHA512
335cae1236c2981fba4b4d30e44d1a39c7577e400e0889795e00af52a729624f9df651778f0e584c08f1a7d4a53ba6c7bc8ed0d54ab7b6a772930f8ff5aa74d1

Download Submit
C:\Windows\system\HZigpkp.exe

Filesize
6.0MB

MD5
4aa3b77b8bd9e2aa84f6fb67ea0ab621

SHA1
f06c4e56ff1582b769099058e2080dfe47f7828c

SHA256
06980e13a922c3b26fa1278e3e0011a2bf5a33ae07a37cdabb0a1b60f8588699

SHA512
3f673c35060e10b4431b18e5e637c7dd39b4cc5292b536914c1de8763a78e58ff883cc8d493dad5b42c168d31e7bcc26f42b2dd5e9ee2b18a926d6e3762f3d53

Download Submit
C:\Windows\system\IUNromt.exe

Filesize
6.0MB

MD5
4f0a2ace37907b1379ff74d2eea35945

SHA1
fb997a44ba2c5a776f11dd07f41aa0d8654f69a8

SHA256
f76862661a4c029f1accab68db2d5bdf62b6c7a1e4687bbcc4f9bdc99036d1b3

SHA512
5b6124639a193b37e6d65b5bbba27864d16aacdc740d00b57338121974787224f9ca0638d2916028b37c4608ffe5364c5f2323ea1426f10a3caebe97e194dc0b

Download Submit
C:\Windows\system\IXgcbvB.exe

Filesize
6.0MB

MD5
f697a7d806203c0d7171dc90e3a48b10

SHA1
3d4d9e3b9dd1fef96a760e1d70f3163c8eedc9b4

SHA256
0cfc904b03035225512d5600aacf0037c15a50bb416a5dfc999772f547d1e7d7

SHA512
7b305a654179876686a20d9a5fe9e3d3d9fe51a6e696838bb5f8b9f1371ed1663858d63409b455960b4ffd0020894a5387912891edbba8cb4ff60b81e882bc62

Download Submit
C:\Windows\system\KwAIUDL.exe

Filesize
6.0MB

MD5
50816ed4897312c73dc17b57b9b303ba

SHA1
24e16710611ebcdb13dc32449a8cf73d19302e9a

SHA256
f7e75e504b25ac073242c1d66d15d2f20d047cc54ef568e4d86fde3bff3fca20

SHA512
707c4b9450d098dbad686acdc97fb29841091158bbe2a63342a73efeb27f8f4390f029afcfd2b9e19838ff2a78d70e1052ba8896184c103f0cf5ba9bffdfac12

Download Submit
C:\Windows\system\MwOCqYx.exe

Filesize
6.0MB

MD5
0ad5e365a9c9ceb5bfd71453ed39b1df

SHA1
0c2b62a1d5493ef85585e5600ef87f89bfc23e7a

SHA256
f9ddcd390171162ab8017f2b370642235fcf182c22ddb94641133ce4914e8da3

SHA512
8c9eda15ee23bd23d52936c24370d21eb405defdd2f0bdefaa80abfd7482590a26d9260864a3152132edef83c369bb940e19e1c19b0e2ba211aef7c34d2f1f7c

Download Submit
C:\Windows\system\OjkBOFd.exe

Filesize
6.0MB

MD5
1997bbc6d3ccd36dc9b936645a49bb7d

SHA1
dbe0d117438ea566654a1dd047b15eddb141bc11

SHA256
01827a7fc642d44c3ce704b5d978c7d420713c9b2f3385239b2cd8fb2dd7c92b

SHA512
f542a18c16a845d990d259631a2610ffc2b8aea2d3cc92fd39b16e7269e7806d85951d7765fe657065f4ab828f0c9a918b03f108b340a5be3fe4c37f476787ed

Download Submit
C:\Windows\system\POzUBhQ.exe

Filesize
6.0MB

MD5
9f58495fa24ad975c7335bef9f374528

SHA1
0fe6e784f80f509728cdf03f45a5441d990ebb67

SHA256
8fdef7e53dd455f030782a3dfa4c13f8b049cdfc28c2a764223887e4935cb3f9

SHA512
542cb5bc58567f686197a8da4025a46e3c18a50196d05a1e7b724c821199dc22d14f5032e0fbc7f7c3cd81a76c94d06bb3499f949420a6ec56763b1a5867488b

Download Submit
C:\Windows\system\QwByIHk.exe

Filesize
6.0MB

MD5
d161e81161d614248cee82a4111a0357

SHA1
01cbc1552950ab3b59e092b5e412c12ea01b54cd

SHA256
97f905f814636c7766d4fb73128eaac403e5711cb84bbd6ae20cc3fcd8d0b72c

SHA512
eb36f5eadadf76817a238ae610463ac0617663976ab23854bff1ff3fd6e892a59b73b0a025d5a2074fd25abd189fadcc115d23a4e30ac65778b5bea8cfd88060

Download Submit
C:\Windows\system\VpxonKU.exe

Filesize
6.0MB

MD5
b9b406163758318d29328d400a7fd535

SHA1
64e9cc2344ba561a858cfaf931664cde0d7b4771

SHA256
eb212ac934374f3c10bf1c432aa53673064bed01fb6e2b88b27c8ead42eecfce

SHA512
1c9b95938234b09a7203bb7711b8041cfb115b3c0e612c9ddf73ba0ce695036789dbd72c5991ccc0181863c03f5f8c400d7618ad3342f95163247670f4fb2944

Download Submit
C:\Windows\system\VzjbHPO.exe

Filesize
6.0MB

MD5
10ebad1a23c38f40eb3c19d8fcec03b3

SHA1
6648494e2123ba561d8a1450874355bb0a4f45af

SHA256
4196e07804316a724ba397df301423513492f1ca65ac62a513d0d0a86d7c6d05

SHA512
5d1b0641988ad1b2e76ff129e2d5cd060f5e029d77fef832ddd2704548e62a3551ec20398697f3c20c1730a284fb21c93b3614e1d02778ffc2478b0888e3f116

Download Submit
C:\Windows\system\aRAxoqT.exe

Filesize
6.0MB

MD5
8b6f42aa4cfae8254e44097559fb40d6

SHA1
6c1fc0b87574e77a1f46f29110a6270d6742299c

SHA256
c0214063992ade82818daebce26b5bde59b17c2220db077eaa1fabb965b12426

SHA512
ea5f6a98d4cd939cbadb29357caa43d0124829ca443c14e6ac741aef3769635e68f8e616a320985d3beadce177b0709a28bf0f718775ac4611a5f34000f4f304

Download Submit
C:\Windows\system\cBdzLhR.exe

Filesize
6.0MB

MD5
267b35d2aa81b9045c1e71e8dc9aeb51

SHA1
a57ce2bf60b905f48315fcfb87b24cbdc0a0defb

SHA256
3a2469f26915c6fbc506d60036b8c38f14775cb7c5f9bc0c17898e395d63a373

SHA512
7a194274281e1d5c3f5d0b7ac310557eee463eeaec853772640c4af40bcdca3569cde118b12523e38c97805ab50fe443b149a542dc95f70a182da029f28290f3

Download Submit
C:\Windows\system\cbWrFOe.exe

Filesize
6.0MB

MD5
54e39fa07d64940097bf1242c35e2dc1

SHA1
911c43387f18e45b9c7a4b5b9d3d502b8139c0ae

SHA256
212ac918767673885a8f079660b970ec61d26470115a1ada19af0714babee511

SHA512
1544de8b5a2d470e1f8ba725224051c2c4c47343c19ac948e4981abae613ea6eab0b33bb727dd31f28ef7e0f445a368f014739a591af6982b2960bafa8ed3cfb

Download Submit
C:\Windows\system\fxAQRQo.exe

Filesize
6.0MB

MD5
d06c1fa96201e840beb95607fb7b3be9

SHA1
fc5d0ce22ac5c2141c7f110583998cb0c2c14db1

SHA256
3332126fe415f4e7c49772cb9bf9d3d8f2374e93fd3f8379f28ee15190f458ae

SHA512
a56f80d37794b1862b303ace473cfaa084efab2621fe7616fc64f8839cba849a4b2f9f6314444870a3038e031184d1fb038f5dc30326a984bccce94f25d6fa86

Download Submit
C:\Windows\system\jsheVQw.exe

Filesize
6.0MB

MD5
7b8e325c74ec2e8a790f3ca9acedf849

SHA1
4f4d3e68318013064923f18f849ebed2b18d56be

SHA256
39e9409f41aaca57333b1f821377b67cfee992f2f525bdd276be4c812ed0cf45

SHA512
ae23e86739ef11b6b1aada8eae4f2e78a8cf1a1bb025c550ec85ded36ad26cb223bcecbf5e5aff0ea86d3005dc92e83407eb3aac7dde9afa8051c0a559d78644

Download Submit
C:\Windows\system\jsmxeck.exe

Filesize
6.0MB

MD5
ec06aaf181a5756965f46778dd1c3a3d

SHA1
73ce34e8e89c8dbcf24c09ce5bf66726983324da

SHA256
5843867c23c66da95c97e0833d62a7f381dea7d37bad29b8c015a416a05c427d

SHA512
bbb4e3827543eca0a543b348dd3ad5464fc66bea52d77420daa88d55e449d49d19330d211181600d554750dcbc6b743e18bdb69c743f62f676aee67b194b4a90

Download Submit
C:\Windows\system\meOnKaY.exe

Filesize
6.0MB

MD5
69d474068ea964503ca6e0e7c3de633c

SHA1
130613557ae780273e2deaad786921f946b97fbb

SHA256
87703ef61d2fa2780ac206503c85042e1b6662eb15dd64406ad1568bcc3b7195

SHA512
819147917b33e192c81f146b14edcc74e4428ef8b01eaae4d12cabea9885e2335233b1186246fed760ce409c0463b8bdeb9e7d1094910d7232ed3a3d022f36a9

Download Submit
C:\Windows\system\orezsWo.exe

Filesize
6.0MB

MD5
0a37ca1bb445a6d6d7c7d3cf107a9ac0

SHA1
08ccf3b1dbbf7be2f243cc9c620ff79cc1f2d8fa

SHA256
9d6a9b6a3d5fb7ca69ea0b17abb24af771f4d47827fd32b3a270d9c8a579d5e1

SHA512
775bb919b08252fd1f2a78abab511f0a438c0f8148f814b4b17f103226c1f695eefc57dfb1482320523d94b72a6d75b8661f216feaa25cae9f5c8e98a0049a21

Download Submit
C:\Windows\system\rGqVoYi.exe

Filesize
6.0MB

MD5
bc5823ab0a1b212b6a9246676fcb4613

SHA1
fe93d44992b6d38ae1975c7c94a45176db36588c

SHA256
cda170f48252dba370b1c45dce45c5804e548a6af7acb069eb0102513024a14c

SHA512
3c8b3f248e4cc6356859174f21a342b2adb2bb529e01fc583d8a566e9eca53905f8de0c60d2b8c8651a1903369a45d9bbb34a1121d8abb5f4341bf558c4a870b

Download Submit
C:\Windows\system\rHGcAEf.exe

Filesize
6.0MB

MD5
ea4bf869ccad450491c6c57236708102

SHA1
96605b2cfd777ac6466f83cc2204a4753a7503ec

SHA256
c228580352a32f1d97d9114187d50b6d2259be3563f84e74b6ada7f1683359a8

SHA512
3582d8530013515b7bcb3b2183ba78f256a8c10e340b87fbbdb18885898d5285e669a92bae2c36ba96c82b90eab74dd912ac032cc9a8eb4fc897c341d5d080c8

Download Submit
C:\Windows\system\rugHXFG.exe

Filesize
6.0MB

MD5
23753d1ad4700f988cbd218cd8c4aa07

SHA1
156003fbec49653887bd937398d9fe63408a4cf3

SHA256
698b1dc56c4741edd1cd9794c24e2f4db207adff6d1e23be250fd8ab9aadfe0a

SHA512
cb9f23b51eafeb86aae153eafe9aaaa6cc0e2b7ff8dfc68ffd5f33e4271d059dbaab3c19f98db1f0e5387cd7c8d54091dba5a8bcf0642cf73a3f1d357a0274da

Download Submit
C:\Windows\system\snmKGtL.exe

Filesize
6.0MB

MD5
3dadb974cb4574c073e93017d7729cd4

SHA1
f08bec64c7bf97a07561f64e403aa4bd94c4ad49

SHA256
aea115c84898fcd8853f7fe2dd3c0c3c1c344c3598d603b84ca65c06822b72fb

SHA512
be8489d45ee20edec1d59723f185e5cd9ded19c9462b475dc785029a7f030e78efe898486961c00dc4c0e3b590292a727dc68546fe2afdcb6e712154d3efce18

Download Submit
C:\Windows\system\sukxRAT.exe

Filesize
6.0MB

MD5
7c16d5579976c29978284b1fe8791cbf

SHA1
f9b83c1b06bfc358001802f9bf579ed63d1c00d6

SHA256
e30ea3067857c2c1a8f6c90cdd0e55bb98840c6f0b17fd44b8a5d094eae6ca4e

SHA512
e7ba5a6ec918935d4940c4960d3bf29eaf117551e83d935329e583661d6231d8cd2fd416b1e3bda0ae0ba3a0430fcd0510485fdb926a6205eeb0e9594f7643ac

Download Submit
C:\Windows\system\vUiNgUa.exe

Filesize
6.0MB

MD5
8699428a00fdba57142980d5f0317dd2

SHA1
4c415e18406bcb35d8948940bd96dcd31cc4ba49

SHA256
a48ed6c7a37cff7c0b713a95c0d08266fc1f103ad24d5319d2f6845e00494b46

SHA512
0401adb125d75b5f5ca8232f5c9f5dd710136e05e6382584cf3bd68d71bba8f403246076ec03a7a7f7cd4c577adcfe5c0a00a72cdf6167da3d2058173465b831

Download Submit
C:\Windows\system\yOKaBjU.exe

Filesize
6.0MB

MD5
1a4c4df66aa8bc7cd5df073e33f355ea

SHA1
360e588fdf10fcfe1955643e39c2568ba49bace6

SHA256
03f0f78df454a151bd7582e8e5c15924820b6dd802b9d2a767e2f71815d56f68

SHA512
8f6ce90dfc02f1e074f904542bce0c02e0e16199333dca88e5834931d2565f402c767a9703ffe9be292ef28ea2acdba563d1015737b375b7217a2df6facc47f4

Download Submit
C:\Windows\system\zxDgVHF.exe

Filesize
6.0MB

MD5
b72c6718eb2f76e0b25f2af415f7cb40

SHA1
a9157cd2f79c32dd04693e68f87f1090f72e7b28

SHA256
4a0cc44f6188c88560d43f0218bd2e27ce9a247ad984e51e6ff112354c7efaa1

SHA512
4bb5d4def50fe4b5570d23309a366e242cf47a09216ae8c8963f7af78b80f3c3c31131dbdeea5f2f9493a8617ce94c28e870af578286908fc0155c55eabf8acc

Download Submit
\Windows\system\FkTOEZj.exe

Filesize
6.0MB

MD5
2b9070cb8c0f6d98a834374e0cc6097a

SHA1
3281e3133527ba88470e897ff8285669d6033e52

SHA256
2b3d2e3f1967989f1511af4f81a52e430bbcc89d849c3f807a5ba150b6585a63

SHA512
6185506e8c9804f58fb210d0a8c377d9d49a0b383de61d23048ec590ce76fe07648069312fc65ec822d5714aaa9b1ce9dc0aeff310bff127d1e330fca83c5836

Download Submit
\Windows\system\GLaWiRW.exe

Filesize
6.0MB

MD5
ad49b3abaa345c8fd4a0f357504c256a

SHA1
260fb62da28641cafead6c3a444dbbaafa8d40c5

SHA256
ba2360419b13bf6857ac8732246278c577f32677255610a5809e2806878ddc5c

SHA512
13d4c459129dfb723740876cefcee1d01101f066129b76437b3e2ee3a3ce3ff31e447952c8887304346758dff540eafb3595e813d1ec326cec80e8fba900cb6d

Download Submit
\Windows\system\WgOcpXL.exe

Filesize
6.0MB

MD5
c165e5c8c7e8c4ecc600b7df90eb53f9

SHA1
d82cbf62b43b2cc49036977b1632c37a62e85efe

SHA256
0fa40737695a5c7a699142ece74700c6df52b998f89e5176d8890973a76d0888

SHA512
ddd71936a53e948f0a4eb1fc884f212ff1e49971b9d5696e4534b17a217bba5871bdcba0b27e358afa34b7a3fe38613b40c90441939e07d96691bb835261dee6

Download Submit
\Windows\system\XQFhEVu.exe

Filesize
6.0MB

MD5
abeb363d03e3a4836059d210de8159b6

SHA1
f00b5b3bb575d61efe152ba0abbadb2e89279812

SHA256
070a00a45ea00fc18330cff9368d77210cb34793ef8915574fb40043f169f404

SHA512
17ace5010df63db065d9f845a2ebda2396c353627c2220ecab130d0162ddaece63f32e12d46b89932166921a52153e9afff60d73a2541058393e89c027d0a79a

Download Submit
\Windows\system\XlcwsDW.exe

Filesize
6.0MB

MD5
093201b51f0177a0a95a829e602d3a54

SHA1
9e25c99b88167a3554a7c017dedd726aaceec6a9

SHA256
3eaa78e69d52afdc961613de23ef13f0e4110ac2b2164e0dc27ee1a4b193b037

SHA512
17ac6fe55db6a248e122328c711b8f12b19531c6fdd3f0a09b0e8ba37cc3788212e1c4ba028f20664bf3173ed359b2e59fe0fb14df4c865341a79704b286e3f1

Download Submit
memory/1056-70-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-1308-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1056-140-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/1416-58-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1416-1307-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1416-104-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1306-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1876-56-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/1932-1288-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/1932-65-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2180-52-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2180-1280-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2180-95-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2300-1615-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2300-89-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-97-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2544-1614-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2616-79-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1613-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2616-162-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2660-1249-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2660-37-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1248-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2684-29-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2684-77-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1616-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2720-106-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2720-429-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2824-16-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1250-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1247-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2868-26-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1251-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-15-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-90-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-302-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/3064-50-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-39-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-38-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-64-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/3064-27-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/3064-36-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/3064-22-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3064-9-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-55-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3064-0-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-78-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3064-87-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-421-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3064-161-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download
memory/3064-428-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/3064-105-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/3064-11-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/3064-107-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/3064-94-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/3064-96-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/3064-98-0x0000000002410000-0x0000000002764000-memory.dmp

Filesize
3.3MB

Download