cobaltstrike | 729f12157878fbd0c3b477f73c8b251ea30fa85eaada9fe6664bf9761a894d88

Analysis

max time kernel
151s
max time network
38s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d524cfa31a8ebdcc13241592ae36139d
SHA1

c81497963fcac7aa37d27082748379c07c046896
SHA256

729f12157878fbd0c3b477f73c8b251ea30fa85eaada9fe6664bf9761a894d88
SHA512

39dab037ee6ab75737dbf6f9c3999dd5c5b9287d14e01911a54ef7f9b59a8ad490962ecc46948641328690cf7a1dc85c889de1cf2ba043d36abb7250cc2345a3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUL:T+q56utgpPF8u/7L

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\bVLCdhp.exe	cobalt_reflective_dll
\Windows\system\xRovKJE.exe	cobalt_reflective_dll
C:\Windows\system\WWyJqdt.exe	cobalt_reflective_dll
\Windows\system\uDCdbvl.exe	cobalt_reflective_dll
C:\Windows\system\bpFckoH.exe	cobalt_reflective_dll
C:\Windows\system\fPPNEFH.exe	cobalt_reflective_dll
C:\Windows\system\ruUDmQT.exe	cobalt_reflective_dll
C:\Windows\system\NeeRXcz.exe	cobalt_reflective_dll
C:\Windows\system\ugdhymt.exe	cobalt_reflective_dll
C:\Windows\system\MgfkxhB.exe	cobalt_reflective_dll
C:\Windows\system\cEvBLcp.exe	cobalt_reflective_dll
C:\Windows\system\qMVOOwg.exe	cobalt_reflective_dll
C:\Windows\system\HjcsGri.exe	cobalt_reflective_dll
C:\Windows\system\BEPZApo.exe	cobalt_reflective_dll
C:\Windows\system\xjmXqxJ.exe	cobalt_reflective_dll
C:\Windows\system\ktJGFHa.exe	cobalt_reflective_dll
C:\Windows\system\zZzPMab.exe	cobalt_reflective_dll
C:\Windows\system\phWIAsK.exe	cobalt_reflective_dll
C:\Windows\system\idMubEj.exe	cobalt_reflective_dll
C:\Windows\system\AeuENwg.exe	cobalt_reflective_dll
C:\Windows\system\HZpsUWL.exe	cobalt_reflective_dll
C:\Windows\system\bZvnHNm.exe	cobalt_reflective_dll
C:\Windows\system\VfBXyqk.exe	cobalt_reflective_dll
C:\Windows\system\sdKoXzp.exe	cobalt_reflective_dll
C:\Windows\system\tRRFZSV.exe	cobalt_reflective_dll
C:\Windows\system\oZwJdFZ.exe	cobalt_reflective_dll
C:\Windows\system\BFyoJsE.exe	cobalt_reflective_dll
C:\Windows\system\vPCiEAO.exe	cobalt_reflective_dll
C:\Windows\system\wmaVvpd.exe	cobalt_reflective_dll
C:\Windows\system\FSRRWVz.exe	cobalt_reflective_dll
C:\Windows\system\spoIVvG.exe	cobalt_reflective_dll
C:\Windows\system\kgGBpzz.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 63 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2384-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
\Windows\system\bVLCdhp.exe	xmrig
\Windows\system\xRovKJE.exe	xmrig
behavioral1/memory/2548-15-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
C:\Windows\system\WWyJqdt.exe	xmrig
\Windows\system\uDCdbvl.exe	xmrig
C:\Windows\system\bpFckoH.exe	xmrig
C:\Windows\system\fPPNEFH.exe	xmrig
C:\Windows\system\ruUDmQT.exe	xmrig
C:\Windows\system\NeeRXcz.exe	xmrig
C:\Windows\system\ugdhymt.exe	xmrig
C:\Windows\system\MgfkxhB.exe	xmrig
C:\Windows\system\cEvBLcp.exe	xmrig
C:\Windows\system\qMVOOwg.exe	xmrig
C:\Windows\system\HjcsGri.exe	xmrig
C:\Windows\system\BEPZApo.exe	xmrig
C:\Windows\system\xjmXqxJ.exe	xmrig
C:\Windows\system\ktJGFHa.exe	xmrig
C:\Windows\system\zZzPMab.exe	xmrig
C:\Windows\system\phWIAsK.exe	xmrig
behavioral1/memory/2876-376-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2100-373-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2892-380-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2784-1690-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2752-1706-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2632-1705-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2688-1704-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/3008-1703-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2804-1702-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2460-1701-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2116-1692-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2876-1664-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2892-1671-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2544-1636-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2100-1657-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2140-1651-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2548-1836-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2548-856-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2384-685-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2752-444-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2688-438-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2632-436-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2804-434-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/3008-432-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2116-428-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2460-388-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/2784-378-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2140-371-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
C:\Windows\system\idMubEj.exe	xmrig
C:\Windows\system\AeuENwg.exe	xmrig
C:\Windows\system\HZpsUWL.exe	xmrig
C:\Windows\system\bZvnHNm.exe	xmrig
C:\Windows\system\VfBXyqk.exe	xmrig
C:\Windows\system\sdKoXzp.exe	xmrig
C:\Windows\system\tRRFZSV.exe	xmrig
C:\Windows\system\oZwJdFZ.exe	xmrig
C:\Windows\system\BFyoJsE.exe	xmrig
C:\Windows\system\vPCiEAO.exe	xmrig
C:\Windows\system\wmaVvpd.exe	xmrig
C:\Windows\system\FSRRWVz.exe	xmrig
C:\Windows\system\spoIVvG.exe	xmrig
C:\Windows\system\kgGBpzz.exe	xmrig
behavioral1/memory/2544-12-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

bVLCdhp.exexRovKJE.exeWWyJqdt.exeuDCdbvl.exebpFckoH.exefPPNEFH.exeruUDmQT.exekgGBpzz.exeNeeRXcz.exespoIVvG.exeFSRRWVz.exewmaVvpd.exeugdhymt.exevPCiEAO.exeBFyoJsE.exeMgfkxhB.exeoZwJdFZ.execEvBLcp.exeqMVOOwg.exeHjcsGri.exeBEPZApo.exetRRFZSV.exexjmXqxJ.exektJGFHa.exezZzPMab.exephWIAsK.exesdKoXzp.exeVfBXyqk.exebZvnHNm.exeAeuENwg.exeHZpsUWL.exeidMubEj.exeoEcbvIq.exetJKfqxA.exejoeyeXu.exeRWJBbpW.exeUNXBsLe.exeJSYbljI.exeAujSEve.exehbAybKG.exespmPDIu.exeGvxyYll.exeqMaylIY.exekFIBlMB.exenHFgflP.exelnuTYnZ.exeGRprYme.exeLOYvJWz.exeTRnRbJp.exeEQsyCjT.exeAeLNJDA.exeWKzpElK.exemIRkWLF.exepYulzCJ.exeToGAzwJ.execbJQwxE.exehZJLYes.exeVDxpTLQ.exezTrJOZt.exeAvpcQEH.exeeZiNbAX.exeaIdKBZS.exeKbplCkW.exeutaekSw.exe

pid	process
2544	bVLCdhp.exe
2548	xRovKJE.exe
2140	WWyJqdt.exe
2100	uDCdbvl.exe
2876	bpFckoH.exe
2784	fPPNEFH.exe
2892	ruUDmQT.exe
2460	kgGBpzz.exe
2116	NeeRXcz.exe
3008	spoIVvG.exe
2804	FSRRWVz.exe
2632	wmaVvpd.exe
2688	ugdhymt.exe
2752	vPCiEAO.exe
2864	BFyoJsE.exe
2720	MgfkxhB.exe
2972	oZwJdFZ.exe
1036	cEvBLcp.exe
1924	qMVOOwg.exe
1280	HjcsGri.exe
1996	BEPZApo.exe
2432	tRRFZSV.exe
520	xjmXqxJ.exe
1020	ktJGFHa.exe
2684	zZzPMab.exe
1116	phWIAsK.exe
1944	sdKoXzp.exe
1952	VfBXyqk.exe
1808	bZvnHNm.exe
2328	AeuENwg.exe
2560	HZpsUWL.exe
3040	idMubEj.exe
2380	oEcbvIq.exe
3048	tJKfqxA.exe
900	joeyeXu.exe
972	RWJBbpW.exe
764	UNXBsLe.exe
2068	JSYbljI.exe
2496	AujSEve.exe
1368	hbAybKG.exe
2196	spmPDIu.exe
2472	GvxyYll.exe
2492	qMaylIY.exe
3060	kFIBlMB.exe
112	nHFgflP.exe
2016	lnuTYnZ.exe
880	GRprYme.exe
468	LOYvJWz.exe
2276	TRnRbJp.exe
2440	EQsyCjT.exe
2040	AeLNJDA.exe
1688	WKzpElK.exe
2200	mIRkWLF.exe
860	pYulzCJ.exe
1276	ToGAzwJ.exe
2292	cbJQwxE.exe
3028	hZJLYes.exe
1744	VDxpTLQ.exe
2812	zTrJOZt.exe
2532	AvpcQEH.exe
1508	eZiNbAX.exe
2280	aIdKBZS.exe
2592	KbplCkW.exe
2868	utaekSw.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2384-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
\Windows\system\bVLCdhp.exe	upx
\Windows\system\xRovKJE.exe	upx
behavioral1/memory/2548-15-0x000000013F140000-0x000000013F494000-memory.dmp	upx
C:\Windows\system\WWyJqdt.exe	upx
\Windows\system\uDCdbvl.exe	upx
C:\Windows\system\bpFckoH.exe	upx
C:\Windows\system\fPPNEFH.exe	upx
C:\Windows\system\ruUDmQT.exe	upx
C:\Windows\system\NeeRXcz.exe	upx
C:\Windows\system\ugdhymt.exe	upx
C:\Windows\system\MgfkxhB.exe	upx
C:\Windows\system\cEvBLcp.exe	upx
C:\Windows\system\qMVOOwg.exe	upx
C:\Windows\system\HjcsGri.exe	upx
C:\Windows\system\BEPZApo.exe	upx
C:\Windows\system\xjmXqxJ.exe	upx
C:\Windows\system\ktJGFHa.exe	upx
C:\Windows\system\zZzPMab.exe	upx
C:\Windows\system\phWIAsK.exe	upx
behavioral1/memory/2876-376-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2100-373-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2892-380-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2784-1690-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2752-1706-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2632-1705-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2688-1704-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/3008-1703-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2804-1702-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2460-1701-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2116-1692-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2876-1664-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2892-1671-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2544-1636-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2100-1657-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2140-1651-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2548-1836-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2548-856-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2384-685-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2752-444-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2688-438-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2632-436-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2804-434-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/3008-432-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2116-428-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2460-388-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2784-378-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2140-371-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
C:\Windows\system\idMubEj.exe	upx
C:\Windows\system\AeuENwg.exe	upx
C:\Windows\system\HZpsUWL.exe	upx
C:\Windows\system\bZvnHNm.exe	upx
C:\Windows\system\VfBXyqk.exe	upx
C:\Windows\system\sdKoXzp.exe	upx
C:\Windows\system\tRRFZSV.exe	upx
C:\Windows\system\oZwJdFZ.exe	upx
C:\Windows\system\BFyoJsE.exe	upx
C:\Windows\system\vPCiEAO.exe	upx
C:\Windows\system\wmaVvpd.exe	upx
C:\Windows\system\FSRRWVz.exe	upx
C:\Windows\system\spoIVvG.exe	upx
C:\Windows\system\kgGBpzz.exe	upx
behavioral1/memory/2544-12-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\SQTCuOX.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmCQxby.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvFFrrj.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aNKNWIG.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gQmcSIz.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAPRwta.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTikGLl.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtCybAy.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcBHWtB.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aDtWnfr.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqYTAWB.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPgxnDa.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnQYMfh.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KEIAYET.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWVxLSb.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRnJvBb.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEJlzoM.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygYBCcF.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYECpbk.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sehSQIh.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\isiOtil.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZZhjIis.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLBTkDw.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lpxQKgt.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQlQiwE.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbtiAuz.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZnSmAOt.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZFVwcY.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpFckoH.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AeLNJDA.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDVjjav.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGNIipT.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKbiMhb.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPhdnYg.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jlnBzTT.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHPPfCM.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gsJOhGr.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ysoSpNR.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EieiYjY.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDVCimG.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyuiMNn.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\leQDZWU.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxsqYik.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wqCNCEj.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycgXQsV.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIxuDAi.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eorAeHA.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwiZyjR.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\balTtZt.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbQtlKC.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCJaiXh.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrHJefO.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZJZdyr.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKrkHuJ.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUAZhCm.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BueRCPC.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eReiZwC.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eYSyxEn.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffWsWUr.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HayVqgc.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTEkFzB.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gENwONg.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjQjrBE.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rRCRUdx.exe	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2384 wrote to memory of 2544	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	bVLCdhp.exe
PID 2384 wrote to memory of 2544	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	bVLCdhp.exe
PID 2384 wrote to memory of 2544	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	bVLCdhp.exe
PID 2384 wrote to memory of 2548	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	xRovKJE.exe
PID 2384 wrote to memory of 2548	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	xRovKJE.exe
PID 2384 wrote to memory of 2548	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	xRovKJE.exe
PID 2384 wrote to memory of 2140	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	WWyJqdt.exe
PID 2384 wrote to memory of 2140	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	WWyJqdt.exe
PID 2384 wrote to memory of 2140	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	WWyJqdt.exe
PID 2384 wrote to memory of 2100	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	uDCdbvl.exe
PID 2384 wrote to memory of 2100	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	uDCdbvl.exe
PID 2384 wrote to memory of 2100	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	uDCdbvl.exe
PID 2384 wrote to memory of 2876	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	bpFckoH.exe
PID 2384 wrote to memory of 2876	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	bpFckoH.exe
PID 2384 wrote to memory of 2876	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	bpFckoH.exe
PID 2384 wrote to memory of 2784	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	fPPNEFH.exe
PID 2384 wrote to memory of 2784	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	fPPNEFH.exe
PID 2384 wrote to memory of 2784	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	fPPNEFH.exe
PID 2384 wrote to memory of 2892	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	ruUDmQT.exe
PID 2384 wrote to memory of 2892	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	ruUDmQT.exe
PID 2384 wrote to memory of 2892	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	ruUDmQT.exe
PID 2384 wrote to memory of 2460	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	kgGBpzz.exe
PID 2384 wrote to memory of 2460	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	kgGBpzz.exe
PID 2384 wrote to memory of 2460	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	kgGBpzz.exe
PID 2384 wrote to memory of 2116	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	NeeRXcz.exe
PID 2384 wrote to memory of 2116	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	NeeRXcz.exe
PID 2384 wrote to memory of 2116	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	NeeRXcz.exe
PID 2384 wrote to memory of 3008	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	spoIVvG.exe
PID 2384 wrote to memory of 3008	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	spoIVvG.exe
PID 2384 wrote to memory of 3008	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	spoIVvG.exe
PID 2384 wrote to memory of 2804	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	FSRRWVz.exe
PID 2384 wrote to memory of 2804	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	FSRRWVz.exe
PID 2384 wrote to memory of 2804	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	FSRRWVz.exe
PID 2384 wrote to memory of 2632	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	wmaVvpd.exe
PID 2384 wrote to memory of 2632	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	wmaVvpd.exe
PID 2384 wrote to memory of 2632	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	wmaVvpd.exe
PID 2384 wrote to memory of 2688	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	ugdhymt.exe
PID 2384 wrote to memory of 2688	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	ugdhymt.exe
PID 2384 wrote to memory of 2688	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	ugdhymt.exe
PID 2384 wrote to memory of 2752	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	vPCiEAO.exe
PID 2384 wrote to memory of 2752	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	vPCiEAO.exe
PID 2384 wrote to memory of 2752	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	vPCiEAO.exe
PID 2384 wrote to memory of 2864	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	BFyoJsE.exe
PID 2384 wrote to memory of 2864	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	BFyoJsE.exe
PID 2384 wrote to memory of 2864	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	BFyoJsE.exe
PID 2384 wrote to memory of 2720	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	MgfkxhB.exe
PID 2384 wrote to memory of 2720	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	MgfkxhB.exe
PID 2384 wrote to memory of 2720	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	MgfkxhB.exe
PID 2384 wrote to memory of 2972	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	oZwJdFZ.exe
PID 2384 wrote to memory of 2972	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	oZwJdFZ.exe
PID 2384 wrote to memory of 2972	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	oZwJdFZ.exe
PID 2384 wrote to memory of 1036	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	cEvBLcp.exe
PID 2384 wrote to memory of 1036	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	cEvBLcp.exe
PID 2384 wrote to memory of 1036	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	cEvBLcp.exe
PID 2384 wrote to memory of 1924	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	qMVOOwg.exe
PID 2384 wrote to memory of 1924	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	qMVOOwg.exe
PID 2384 wrote to memory of 1924	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	qMVOOwg.exe
PID 2384 wrote to memory of 1280	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	HjcsGri.exe
PID 2384 wrote to memory of 1280	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	HjcsGri.exe
PID 2384 wrote to memory of 1280	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	HjcsGri.exe
PID 2384 wrote to memory of 1996	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	BEPZApo.exe
PID 2384 wrote to memory of 1996	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	BEPZApo.exe
PID 2384 wrote to memory of 1996	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	BEPZApo.exe
PID 2384 wrote to memory of 2432	2384	2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe	tRRFZSV.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_d524cfa31a8ebdcc13241592ae36139d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Windows\System\bVLCdhp.exe
  C:\Windows\System\bVLCdhp.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\xRovKJE.exe
  C:\Windows\System\xRovKJE.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\WWyJqdt.exe
  C:\Windows\System\WWyJqdt.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\uDCdbvl.exe
  C:\Windows\System\uDCdbvl.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\bpFckoH.exe
  C:\Windows\System\bpFckoH.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\fPPNEFH.exe
  C:\Windows\System\fPPNEFH.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\ruUDmQT.exe
  C:\Windows\System\ruUDmQT.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\kgGBpzz.exe
  C:\Windows\System\kgGBpzz.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\NeeRXcz.exe
  C:\Windows\System\NeeRXcz.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\spoIVvG.exe
  C:\Windows\System\spoIVvG.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\FSRRWVz.exe
  C:\Windows\System\FSRRWVz.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\wmaVvpd.exe
  C:\Windows\System\wmaVvpd.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\ugdhymt.exe
  C:\Windows\System\ugdhymt.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\vPCiEAO.exe
  C:\Windows\System\vPCiEAO.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\BFyoJsE.exe
  C:\Windows\System\BFyoJsE.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\MgfkxhB.exe
  C:\Windows\System\MgfkxhB.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\oZwJdFZ.exe
  C:\Windows\System\oZwJdFZ.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\cEvBLcp.exe
  C:\Windows\System\cEvBLcp.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\qMVOOwg.exe
  C:\Windows\System\qMVOOwg.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\HjcsGri.exe
  C:\Windows\System\HjcsGri.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\BEPZApo.exe
  C:\Windows\System\BEPZApo.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\tRRFZSV.exe
  C:\Windows\System\tRRFZSV.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\xjmXqxJ.exe
  C:\Windows\System\xjmXqxJ.exe
  2⤵
  - Executes dropped EXE
  PID:520
- C:\Windows\System\ktJGFHa.exe
  C:\Windows\System\ktJGFHa.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\zZzPMab.exe
  C:\Windows\System\zZzPMab.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\phWIAsK.exe
  C:\Windows\System\phWIAsK.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\sdKoXzp.exe
  C:\Windows\System\sdKoXzp.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\VfBXyqk.exe
  C:\Windows\System\VfBXyqk.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\bZvnHNm.exe
  C:\Windows\System\bZvnHNm.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\AeuENwg.exe
  C:\Windows\System\AeuENwg.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\HZpsUWL.exe
  C:\Windows\System\HZpsUWL.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\idMubEj.exe
  C:\Windows\System\idMubEj.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\oEcbvIq.exe
  C:\Windows\System\oEcbvIq.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\tJKfqxA.exe
  C:\Windows\System\tJKfqxA.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\joeyeXu.exe
  C:\Windows\System\joeyeXu.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\RWJBbpW.exe
  C:\Windows\System\RWJBbpW.exe
  2⤵
  - Executes dropped EXE
  PID:972
- C:\Windows\System\UNXBsLe.exe
  C:\Windows\System\UNXBsLe.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\spmPDIu.exe
  C:\Windows\System\spmPDIu.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\JSYbljI.exe
  C:\Windows\System\JSYbljI.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\qMaylIY.exe
  C:\Windows\System\qMaylIY.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\AujSEve.exe
  C:\Windows\System\AujSEve.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\EQsyCjT.exe
  C:\Windows\System\EQsyCjT.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\hbAybKG.exe
  C:\Windows\System\hbAybKG.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\AeLNJDA.exe
  C:\Windows\System\AeLNJDA.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\GvxyYll.exe
  C:\Windows\System\GvxyYll.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\mIRkWLF.exe
  C:\Windows\System\mIRkWLF.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\kFIBlMB.exe
  C:\Windows\System\kFIBlMB.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\pYulzCJ.exe
  C:\Windows\System\pYulzCJ.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\nHFgflP.exe
  C:\Windows\System\nHFgflP.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\cbJQwxE.exe
  C:\Windows\System\cbJQwxE.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\lnuTYnZ.exe
  C:\Windows\System\lnuTYnZ.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\VDxpTLQ.exe
  C:\Windows\System\VDxpTLQ.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\GRprYme.exe
  C:\Windows\System\GRprYme.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\AvpcQEH.exe
  C:\Windows\System\AvpcQEH.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\LOYvJWz.exe
  C:\Windows\System\LOYvJWz.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\eZiNbAX.exe
  C:\Windows\System\eZiNbAX.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\TRnRbJp.exe
  C:\Windows\System\TRnRbJp.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\aIdKBZS.exe
  C:\Windows\System\aIdKBZS.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\WKzpElK.exe
  C:\Windows\System\WKzpElK.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\KbplCkW.exe
  C:\Windows\System\KbplCkW.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\ToGAzwJ.exe
  C:\Windows\System\ToGAzwJ.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\utaekSw.exe
  C:\Windows\System\utaekSw.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\hZJLYes.exe
  C:\Windows\System\hZJLYes.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\aPHsJbz.exe
  C:\Windows\System\aPHsJbz.exe
  2⤵
  PID:2920
- C:\Windows\System\zTrJOZt.exe
  C:\Windows\System\zTrJOZt.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\qaqPeLD.exe
  C:\Windows\System\qaqPeLD.exe
  2⤵
  PID:264
- C:\Windows\System\KDXPLKz.exe
  C:\Windows\System\KDXPLKz.exe
  2⤵
  PID:2988
- C:\Windows\System\WVDzkhA.exe
  C:\Windows\System\WVDzkhA.exe
  2⤵
  PID:2020
- C:\Windows\System\RARpKWQ.exe
  C:\Windows\System\RARpKWQ.exe
  2⤵
  PID:308
- C:\Windows\System\TnQYMfh.exe
  C:\Windows\System\TnQYMfh.exe
  2⤵
  PID:2536
- C:\Windows\System\FXeeImt.exe
  C:\Windows\System\FXeeImt.exe
  2⤵
  PID:1064
- C:\Windows\System\IXGMzcH.exe
  C:\Windows\System\IXGMzcH.exe
  2⤵
  PID:1972
- C:\Windows\System\zXYnOMM.exe
  C:\Windows\System\zXYnOMM.exe
  2⤵
  PID:872
- C:\Windows\System\hhqiNxy.exe
  C:\Windows\System\hhqiNxy.exe
  2⤵
  PID:1624
- C:\Windows\System\wgXyKYc.exe
  C:\Windows\System\wgXyKYc.exe
  2⤵
  PID:2580
- C:\Windows\System\dZJPzAY.exe
  C:\Windows\System\dZJPzAY.exe
  2⤵
  PID:2144
- C:\Windows\System\IfZYmFJ.exe
  C:\Windows\System\IfZYmFJ.exe
  2⤵
  PID:2192
- C:\Windows\System\QycDZUn.exe
  C:\Windows\System\QycDZUn.exe
  2⤵
  PID:3052
- C:\Windows\System\fQQkkkW.exe
  C:\Windows\System\fQQkkkW.exe
  2⤵
  PID:2364
- C:\Windows\System\kKpYtti.exe
  C:\Windows\System\kKpYtti.exe
  2⤵
  PID:1764
- C:\Windows\System\AcHQATM.exe
  C:\Windows\System\AcHQATM.exe
  2⤵
  PID:2348
- C:\Windows\System\ASfyztx.exe
  C:\Windows\System\ASfyztx.exe
  2⤵
  PID:784
- C:\Windows\System\vRWPlWw.exe
  C:\Windows\System\vRWPlWw.exe
  2⤵
  PID:2308
- C:\Windows\System\sFfIEdp.exe
  C:\Windows\System\sFfIEdp.exe
  2⤵
  PID:2132
- C:\Windows\System\cvZOENB.exe
  C:\Windows\System\cvZOENB.exe
  2⤵
  PID:556
- C:\Windows\System\IfeAfFd.exe
  C:\Windows\System\IfeAfFd.exe
  2⤵
  PID:2528
- C:\Windows\System\AHZkjBk.exe
  C:\Windows\System\AHZkjBk.exe
  2⤵
  PID:288
- C:\Windows\System\xefOQfD.exe
  C:\Windows\System\xefOQfD.exe
  2⤵
  PID:1664
- C:\Windows\System\hMpayZb.exe
  C:\Windows\System\hMpayZb.exe
  2⤵
  PID:1680
- C:\Windows\System\YoMXRGo.exe
  C:\Windows\System\YoMXRGo.exe
  2⤵
  PID:3004
- C:\Windows\System\eSjvdtP.exe
  C:\Windows\System\eSjvdtP.exe
  2⤵
  PID:2168
- C:\Windows\System\KEIAYET.exe
  C:\Windows\System\KEIAYET.exe
  2⤵
  PID:1124
- C:\Windows\System\fWJXwCO.exe
  C:\Windows\System\fWJXwCO.exe
  2⤵
  PID:2064
- C:\Windows\System\WoEreIV.exe
  C:\Windows\System\WoEreIV.exe
  2⤵
  PID:1596
- C:\Windows\System\gNnxdUr.exe
  C:\Windows\System\gNnxdUr.exe
  2⤵
  PID:2856
- C:\Windows\System\jszynaF.exe
  C:\Windows\System\jszynaF.exe
  2⤵
  PID:2848
- C:\Windows\System\luyVNqY.exe
  C:\Windows\System\luyVNqY.exe
  2⤵
  PID:2612
- C:\Windows\System\dHGbhHf.exe
  C:\Windows\System\dHGbhHf.exe
  2⤵
  PID:2824
- C:\Windows\System\SbexSXP.exe
  C:\Windows\System\SbexSXP.exe
  2⤵
  PID:236
- C:\Windows\System\CUMWCxP.exe
  C:\Windows\System\CUMWCxP.exe
  2⤵
  PID:1644
- C:\Windows\System\NTUACKF.exe
  C:\Windows\System\NTUACKF.exe
  2⤵
  PID:1452
- C:\Windows\System\lSpBJzq.exe
  C:\Windows\System\lSpBJzq.exe
  2⤵
  PID:1296
- C:\Windows\System\yeacrVX.exe
  C:\Windows\System\yeacrVX.exe
  2⤵
  PID:1588
- C:\Windows\System\QtcpzcY.exe
  C:\Windows\System\QtcpzcY.exe
  2⤵
  PID:948
- C:\Windows\System\huYVTzU.exe
  C:\Windows\System\huYVTzU.exe
  2⤵
  PID:2160
- C:\Windows\System\UkzCrup.exe
  C:\Windows\System\UkzCrup.exe
  2⤵
  PID:1120
- C:\Windows\System\zNiqwxw.exe
  C:\Windows\System\zNiqwxw.exe
  2⤵
  PID:2448
- C:\Windows\System\IwcdFRh.exe
  C:\Windows\System\IwcdFRh.exe
  2⤵
  PID:1748
- C:\Windows\System\TnfRLXA.exe
  C:\Windows\System\TnfRLXA.exe
  2⤵
  PID:1444
- C:\Windows\System\GKqynAf.exe
  C:\Windows\System\GKqynAf.exe
  2⤵
  PID:668
- C:\Windows\System\yUAZhCm.exe
  C:\Windows\System\yUAZhCm.exe
  2⤵
  PID:2344
- C:\Windows\System\FiNbYzg.exe
  C:\Windows\System\FiNbYzg.exe
  2⤵
  PID:1460
- C:\Windows\System\oTKWgFs.exe
  C:\Windows\System\oTKWgFs.exe
  2⤵
  PID:2596
- C:\Windows\System\eMgSUxw.exe
  C:\Windows\System\eMgSUxw.exe
  2⤵
  PID:432
- C:\Windows\System\HayVqgc.exe
  C:\Windows\System\HayVqgc.exe
  2⤵
  PID:3064
- C:\Windows\System\bpGFfGC.exe
  C:\Windows\System\bpGFfGC.exe
  2⤵
  PID:2256
- C:\Windows\System\oUTaWPg.exe
  C:\Windows\System\oUTaWPg.exe
  2⤵
  PID:3020
- C:\Windows\System\NOTWAaC.exe
  C:\Windows\System\NOTWAaC.exe
  2⤵
  PID:588
- C:\Windows\System\EUqmmXW.exe
  C:\Windows\System\EUqmmXW.exe
  2⤵
  PID:1564
- C:\Windows\System\KDOStDf.exe
  C:\Windows\System\KDOStDf.exe
  2⤵
  PID:2120
- C:\Windows\System\IHtyeYa.exe
  C:\Windows\System\IHtyeYa.exe
  2⤵
  PID:2284
- C:\Windows\System\WLAMDwt.exe
  C:\Windows\System\WLAMDwt.exe
  2⤵
  PID:2712
- C:\Windows\System\QzkXeXK.exe
  C:\Windows\System\QzkXeXK.exe
  2⤵
  PID:1728
- C:\Windows\System\qTQThBW.exe
  C:\Windows\System\qTQThBW.exe
  2⤵
  PID:3096
- C:\Windows\System\OvHUSEh.exe
  C:\Windows\System\OvHUSEh.exe
  2⤵
  PID:3116
- C:\Windows\System\ahwuAFV.exe
  C:\Windows\System\ahwuAFV.exe
  2⤵
  PID:3136
- C:\Windows\System\DxAjLiv.exe
  C:\Windows\System\DxAjLiv.exe
  2⤵
  PID:3152
- C:\Windows\System\DdbPqNe.exe
  C:\Windows\System\DdbPqNe.exe
  2⤵
  PID:3168
- C:\Windows\System\emimCxi.exe
  C:\Windows\System\emimCxi.exe
  2⤵
  PID:3200
- C:\Windows\System\UeZMkHy.exe
  C:\Windows\System\UeZMkHy.exe
  2⤵
  PID:3216
- C:\Windows\System\fPOnRtL.exe
  C:\Windows\System\fPOnRtL.exe
  2⤵
  PID:3232
- C:\Windows\System\UdsMFSI.exe
  C:\Windows\System\UdsMFSI.exe
  2⤵
  PID:3252
- C:\Windows\System\yOXqVnl.exe
  C:\Windows\System\yOXqVnl.exe
  2⤵
  PID:3268
- C:\Windows\System\WCEtLBk.exe
  C:\Windows\System\WCEtLBk.exe
  2⤵
  PID:3284
- C:\Windows\System\xJExuLa.exe
  C:\Windows\System\xJExuLa.exe
  2⤵
  PID:3304
- C:\Windows\System\rVmckfG.exe
  C:\Windows\System\rVmckfG.exe
  2⤵
  PID:3328
- C:\Windows\System\LeYLybG.exe
  C:\Windows\System\LeYLybG.exe
  2⤵
  PID:3368
- C:\Windows\System\NRWUqmZ.exe
  C:\Windows\System\NRWUqmZ.exe
  2⤵
  PID:3392
- C:\Windows\System\bmpQoQY.exe
  C:\Windows\System\bmpQoQY.exe
  2⤵
  PID:3412
- C:\Windows\System\gSCEPyt.exe
  C:\Windows\System\gSCEPyt.exe
  2⤵
  PID:3432
- C:\Windows\System\vNiDEeH.exe
  C:\Windows\System\vNiDEeH.exe
  2⤵
  PID:3452
- C:\Windows\System\fbwanVa.exe
  C:\Windows\System\fbwanVa.exe
  2⤵
  PID:3476
- C:\Windows\System\iDFoObB.exe
  C:\Windows\System\iDFoObB.exe
  2⤵
  PID:3492
- C:\Windows\System\AXwMHQb.exe
  C:\Windows\System\AXwMHQb.exe
  2⤵
  PID:3512
- C:\Windows\System\egGyPpv.exe
  C:\Windows\System\egGyPpv.exe
  2⤵
  PID:3532
- C:\Windows\System\XoUoOIB.exe
  C:\Windows\System\XoUoOIB.exe
  2⤵
  PID:3552
- C:\Windows\System\LRBuihn.exe
  C:\Windows\System\LRBuihn.exe
  2⤵
  PID:3572
- C:\Windows\System\HYlMFSS.exe
  C:\Windows\System\HYlMFSS.exe
  2⤵
  PID:3596
- C:\Windows\System\uLgMXbV.exe
  C:\Windows\System\uLgMXbV.exe
  2⤵
  PID:3612
- C:\Windows\System\WbyClRa.exe
  C:\Windows\System\WbyClRa.exe
  2⤵
  PID:3636
- C:\Windows\System\QLXQjyv.exe
  C:\Windows\System\QLXQjyv.exe
  2⤵
  PID:3660
- C:\Windows\System\nqeGOYn.exe
  C:\Windows\System\nqeGOYn.exe
  2⤵
  PID:3680
- C:\Windows\System\VFvIdXU.exe
  C:\Windows\System\VFvIdXU.exe
  2⤵
  PID:3696
- C:\Windows\System\AHLjUaN.exe
  C:\Windows\System\AHLjUaN.exe
  2⤵
  PID:3720
- C:\Windows\System\QTtQJgh.exe
  C:\Windows\System\QTtQJgh.exe
  2⤵
  PID:3736
- C:\Windows\System\SzvPPZz.exe
  C:\Windows\System\SzvPPZz.exe
  2⤵
  PID:3756
- C:\Windows\System\wXcnqNi.exe
  C:\Windows\System\wXcnqNi.exe
  2⤵
  PID:3780
- C:\Windows\System\JvKIbnb.exe
  C:\Windows\System\JvKIbnb.exe
  2⤵
  PID:3796
- C:\Windows\System\XuMxdFs.exe
  C:\Windows\System\XuMxdFs.exe
  2⤵
  PID:3820
- C:\Windows\System\wHwKtVO.exe
  C:\Windows\System\wHwKtVO.exe
  2⤵
  PID:3836
- C:\Windows\System\xquWcEE.exe
  C:\Windows\System\xquWcEE.exe
  2⤵
  PID:3860
- C:\Windows\System\kpQkKeV.exe
  C:\Windows\System\kpQkKeV.exe
  2⤵
  PID:3876
- C:\Windows\System\txHJMYn.exe
  C:\Windows\System\txHJMYn.exe
  2⤵
  PID:3900
- C:\Windows\System\Fxyqeou.exe
  C:\Windows\System\Fxyqeou.exe
  2⤵
  PID:3916
- C:\Windows\System\LFyEjnz.exe
  C:\Windows\System\LFyEjnz.exe
  2⤵
  PID:3936
- C:\Windows\System\FamxDrP.exe
  C:\Windows\System\FamxDrP.exe
  2⤵
  PID:3952
- C:\Windows\System\pHrUsSE.exe
  C:\Windows\System\pHrUsSE.exe
  2⤵
  PID:3968
- C:\Windows\System\yRnJvBb.exe
  C:\Windows\System\yRnJvBb.exe
  2⤵
  PID:3988
- C:\Windows\System\EzUevaK.exe
  C:\Windows\System\EzUevaK.exe
  2⤵
  PID:4008
- C:\Windows\System\dAwWCDF.exe
  C:\Windows\System\dAwWCDF.exe
  2⤵
  PID:4032
- C:\Windows\System\WrpKjiW.exe
  C:\Windows\System\WrpKjiW.exe
  2⤵
  PID:4048
- C:\Windows\System\SwdrpzW.exe
  C:\Windows\System\SwdrpzW.exe
  2⤵
  PID:4064
- C:\Windows\System\EMrFoiv.exe
  C:\Windows\System\EMrFoiv.exe
  2⤵
  PID:4080
- C:\Windows\System\zOKDFAi.exe
  C:\Windows\System\zOKDFAi.exe
  2⤵
  PID:1992
- C:\Windows\System\fJXcqDb.exe
  C:\Windows\System\fJXcqDb.exe
  2⤵
  PID:3088
- C:\Windows\System\xTJebGr.exe
  C:\Windows\System\xTJebGr.exe
  2⤵
  PID:3128
- C:\Windows\System\fQDAlQC.exe
  C:\Windows\System\fQDAlQC.exe
  2⤵
  PID:3240
- C:\Windows\System\MkEctCI.exe
  C:\Windows\System\MkEctCI.exe
  2⤵
  PID:2896
- C:\Windows\System\qcvIrFr.exe
  C:\Windows\System\qcvIrFr.exe
  2⤵
  PID:3248
- C:\Windows\System\QpZEGBd.exe
  C:\Windows\System\QpZEGBd.exe
  2⤵
  PID:3280
- C:\Windows\System\ebvDShS.exe
  C:\Windows\System\ebvDShS.exe
  2⤵
  PID:3324
- C:\Windows\System\gLVfwvd.exe
  C:\Windows\System\gLVfwvd.exe
  2⤵
  PID:1768
- C:\Windows\System\EowLXTO.exe
  C:\Windows\System\EowLXTO.exe
  2⤵
  PID:3112
- C:\Windows\System\FhcTmfX.exe
  C:\Windows\System\FhcTmfX.exe
  2⤵
  PID:3260
- C:\Windows\System\oneJAeM.exe
  C:\Windows\System\oneJAeM.exe
  2⤵
  PID:3336
- C:\Windows\System\duTawon.exe
  C:\Windows\System\duTawon.exe
  2⤵
  PID:3104
- C:\Windows\System\mQvNTIB.exe
  C:\Windows\System\mQvNTIB.exe
  2⤵
  PID:3352
- C:\Windows\System\ZJZDDiy.exe
  C:\Windows\System\ZJZDDiy.exe
  2⤵
  PID:3420
- C:\Windows\System\FxFFcqs.exe
  C:\Windows\System\FxFFcqs.exe
  2⤵
  PID:3460
- C:\Windows\System\VshAxoE.exe
  C:\Windows\System\VshAxoE.exe
  2⤵
  PID:3444
- C:\Windows\System\XLqDFIv.exe
  C:\Windows\System\XLqDFIv.exe
  2⤵
  PID:3508
- C:\Windows\System\QEohNGY.exe
  C:\Windows\System\QEohNGY.exe
  2⤵
  PID:3560
- C:\Windows\System\uWFufMo.exe
  C:\Windows\System\uWFufMo.exe
  2⤵
  PID:3628
- C:\Windows\System\imFNMdY.exe
  C:\Windows\System\imFNMdY.exe
  2⤵
  PID:3668
- C:\Windows\System\cYdjOVL.exe
  C:\Windows\System\cYdjOVL.exe
  2⤵
  PID:3708
- C:\Windows\System\EujvHyu.exe
  C:\Windows\System\EujvHyu.exe
  2⤵
  PID:3788
- C:\Windows\System\IEJlzoM.exe
  C:\Windows\System\IEJlzoM.exe
  2⤵
  PID:3872
- C:\Windows\System\CGbpAiP.exe
  C:\Windows\System\CGbpAiP.exe
  2⤵
  PID:3648
- C:\Windows\System\bdQyfgv.exe
  C:\Windows\System\bdQyfgv.exe
  2⤵
  PID:3976
- C:\Windows\System\fTEYnLZ.exe
  C:\Windows\System\fTEYnLZ.exe
  2⤵
  PID:4028
- C:\Windows\System\JmYCWKZ.exe
  C:\Windows\System\JmYCWKZ.exe
  2⤵
  PID:3688
- C:\Windows\System\yovyezb.exe
  C:\Windows\System\yovyezb.exe
  2⤵
  PID:3728
- C:\Windows\System\qUhXEZr.exe
  C:\Windows\System\qUhXEZr.exe
  2⤵
  PID:2332
- C:\Windows\System\NkHATgX.exe
  C:\Windows\System\NkHATgX.exe
  2⤵
  PID:1320
- C:\Windows\System\CjILwch.exe
  C:\Windows\System\CjILwch.exe
  2⤵
  PID:3196
- C:\Windows\System\gSQolBt.exe
  C:\Windows\System\gSQolBt.exe
  2⤵
  PID:3772
- C:\Windows\System\AhJGdeZ.exe
  C:\Windows\System\AhJGdeZ.exe
  2⤵
  PID:3808
- C:\Windows\System\cIEBEnb.exe
  C:\Windows\System\cIEBEnb.exe
  2⤵
  PID:3360
- C:\Windows\System\qLwzqKb.exe
  C:\Windows\System\qLwzqKb.exe
  2⤵
  PID:3472
- C:\Windows\System\jqPOSYw.exe
  C:\Windows\System\jqPOSYw.exe
  2⤵
  PID:3852
- C:\Windows\System\smFdJaB.exe
  C:\Windows\System\smFdJaB.exe
  2⤵
  PID:3888
- C:\Windows\System\lRemDiz.exe
  C:\Windows\System\lRemDiz.exe
  2⤵
  PID:3928
- C:\Windows\System\tRkyhWA.exe
  C:\Windows\System\tRkyhWA.exe
  2⤵
  PID:4000
- C:\Windows\System\mRpWXYI.exe
  C:\Windows\System\mRpWXYI.exe
  2⤵
  PID:4044
- C:\Windows\System\TqhbASQ.exe
  C:\Windows\System\TqhbASQ.exe
  2⤵
  PID:2176
- C:\Windows\System\dmCQxby.exe
  C:\Windows\System\dmCQxby.exe
  2⤵
  PID:3244
- C:\Windows\System\EgjoIhX.exe
  C:\Windows\System\EgjoIhX.exe
  2⤵
  PID:3580
- C:\Windows\System\HRskmbB.exe
  C:\Windows\System\HRskmbB.exe
  2⤵
  PID:3292
- C:\Windows\System\SjIEGlu.exe
  C:\Windows\System\SjIEGlu.exe
  2⤵
  PID:3524
- C:\Windows\System\TgEEKOQ.exe
  C:\Windows\System\TgEEKOQ.exe
  2⤵
  PID:3528
- C:\Windows\System\tvVJvux.exe
  C:\Windows\System\tvVJvux.exe
  2⤵
  PID:3500
- C:\Windows\System\aMqDcat.exe
  C:\Windows\System\aMqDcat.exe
  2⤵
  PID:3592
- C:\Windows\System\BloYWFT.exe
  C:\Windows\System\BloYWFT.exe
  2⤵
  PID:3748
- C:\Windows\System\tNJoZHm.exe
  C:\Windows\System\tNJoZHm.exe
  2⤵
  PID:4024
- C:\Windows\System\yHixoxp.exe
  C:\Windows\System\yHixoxp.exe
  2⤵
  PID:3224
- C:\Windows\System\cnbiBez.exe
  C:\Windows\System\cnbiBez.exe
  2⤵
  PID:3408
- C:\Windows\System\bPJFEwW.exe
  C:\Windows\System\bPJFEwW.exe
  2⤵
  PID:4104
- C:\Windows\System\CrnBJqe.exe
  C:\Windows\System\CrnBJqe.exe
  2⤵
  PID:4128
- C:\Windows\System\srdFhWU.exe
  C:\Windows\System\srdFhWU.exe
  2⤵
  PID:4148
- C:\Windows\System\WPvAFqh.exe
  C:\Windows\System\WPvAFqh.exe
  2⤵
  PID:4216
- C:\Windows\System\GiTmeHa.exe
  C:\Windows\System\GiTmeHa.exe
  2⤵
  PID:4236
- C:\Windows\System\oogJVhp.exe
  C:\Windows\System\oogJVhp.exe
  2⤵
  PID:4256
- C:\Windows\System\JWQaXFS.exe
  C:\Windows\System\JWQaXFS.exe
  2⤵
  PID:4272
- C:\Windows\System\xzhbbWp.exe
  C:\Windows\System\xzhbbWp.exe
  2⤵
  PID:4292
- C:\Windows\System\BYKHwJX.exe
  C:\Windows\System\BYKHwJX.exe
  2⤵
  PID:4308
- C:\Windows\System\KVdgRRA.exe
  C:\Windows\System\KVdgRRA.exe
  2⤵
  PID:4340
- C:\Windows\System\BkvmrHM.exe
  C:\Windows\System\BkvmrHM.exe
  2⤵
  PID:4360
- C:\Windows\System\YDmWzYL.exe
  C:\Windows\System\YDmWzYL.exe
  2⤵
  PID:4380
- C:\Windows\System\SfkZGDK.exe
  C:\Windows\System\SfkZGDK.exe
  2⤵
  PID:4404
- C:\Windows\System\hwBZJzV.exe
  C:\Windows\System\hwBZJzV.exe
  2⤵
  PID:4424
- C:\Windows\System\FrabWHN.exe
  C:\Windows\System\FrabWHN.exe
  2⤵
  PID:4440
- C:\Windows\System\qzJDBdi.exe
  C:\Windows\System\qzJDBdi.exe
  2⤵
  PID:4464
- C:\Windows\System\lGNYdBh.exe
  C:\Windows\System\lGNYdBh.exe
  2⤵
  PID:4484
- C:\Windows\System\SXUFWnd.exe
  C:\Windows\System\SXUFWnd.exe
  2⤵
  PID:4504
- C:\Windows\System\FCTroRT.exe
  C:\Windows\System\FCTroRT.exe
  2⤵
  PID:4520
- C:\Windows\System\dtNfJEi.exe
  C:\Windows\System\dtNfJEi.exe
  2⤵
  PID:4544
- C:\Windows\System\uxNzIfj.exe
  C:\Windows\System\uxNzIfj.exe
  2⤵
  PID:4560
- C:\Windows\System\xruEkgx.exe
  C:\Windows\System\xruEkgx.exe
  2⤵
  PID:4584
- C:\Windows\System\mIGHrQK.exe
  C:\Windows\System\mIGHrQK.exe
  2⤵
  PID:4600
- C:\Windows\System\dIIJuuZ.exe
  C:\Windows\System\dIIJuuZ.exe
  2⤵
  PID:4616
- C:\Windows\System\IIjJamM.exe
  C:\Windows\System\IIjJamM.exe
  2⤵
  PID:4636
- C:\Windows\System\ZkmKqTw.exe
  C:\Windows\System\ZkmKqTw.exe
  2⤵
  PID:4664
- C:\Windows\System\MPgOTtj.exe
  C:\Windows\System\MPgOTtj.exe
  2⤵
  PID:4680
- C:\Windows\System\WbNJKjn.exe
  C:\Windows\System\WbNJKjn.exe
  2⤵
  PID:4696
- C:\Windows\System\BTwlErU.exe
  C:\Windows\System\BTwlErU.exe
  2⤵
  PID:4736
- C:\Windows\System\xmClrcG.exe
  C:\Windows\System\xmClrcG.exe
  2⤵
  PID:4752
- C:\Windows\System\JpCwNzD.exe
  C:\Windows\System\JpCwNzD.exe
  2⤵
  PID:4776
- C:\Windows\System\ElCnSBZ.exe
  C:\Windows\System\ElCnSBZ.exe
  2⤵
  PID:4796
- C:\Windows\System\kUeTJPi.exe
  C:\Windows\System\kUeTJPi.exe
  2⤵
  PID:4812
- C:\Windows\System\etudZbE.exe
  C:\Windows\System\etudZbE.exe
  2⤵
  PID:4836
- C:\Windows\System\luVorEe.exe
  C:\Windows\System\luVorEe.exe
  2⤵
  PID:4856
- C:\Windows\System\dISfcDE.exe
  C:\Windows\System\dISfcDE.exe
  2⤵
  PID:4876
- C:\Windows\System\vvMJxBp.exe
  C:\Windows\System\vvMJxBp.exe
  2⤵
  PID:4900
- C:\Windows\System\nJbhtJG.exe
  C:\Windows\System\nJbhtJG.exe
  2⤵
  PID:4920
- C:\Windows\System\lwPAqVt.exe
  C:\Windows\System\lwPAqVt.exe
  2⤵
  PID:4936
- C:\Windows\System\HPNlIPI.exe
  C:\Windows\System\HPNlIPI.exe
  2⤵
  PID:5004
- C:\Windows\System\lBOOLRN.exe
  C:\Windows\System\lBOOLRN.exe
  2⤵
  PID:5024
- C:\Windows\System\sImvzqK.exe
  C:\Windows\System\sImvzqK.exe
  2⤵
  PID:5040
- C:\Windows\System\ZVAkCAr.exe
  C:\Windows\System\ZVAkCAr.exe
  2⤵
  PID:5060
- C:\Windows\System\LGLNvMK.exe
  C:\Windows\System\LGLNvMK.exe
  2⤵
  PID:5076
- C:\Windows\System\oUIKnou.exe
  C:\Windows\System\oUIKnou.exe
  2⤵
  PID:5104
- C:\Windows\System\QVlDjFj.exe
  C:\Windows\System\QVlDjFj.exe
  2⤵
  PID:3544
- C:\Windows\System\UaxOdXZ.exe
  C:\Windows\System\UaxOdXZ.exe
  2⤵
  PID:3212
- C:\Windows\System\TzqRJSG.exe
  C:\Windows\System\TzqRJSG.exe
  2⤵
  PID:3380
- C:\Windows\System\heZJiAD.exe
  C:\Windows\System\heZJiAD.exe
  2⤵
  PID:3652
- C:\Windows\System\dXHWlzW.exe
  C:\Windows\System\dXHWlzW.exe
  2⤵
  PID:3712
- C:\Windows\System\LIRqsya.exe
  C:\Windows\System\LIRqsya.exe
  2⤵
  PID:3340
- C:\Windows\System\MwTRhrP.exe
  C:\Windows\System\MwTRhrP.exe
  2⤵
  PID:4112
- C:\Windows\System\IupYdhx.exe
  C:\Windows\System\IupYdhx.exe
  2⤵
  PID:3868
- C:\Windows\System\HFrGfzI.exe
  C:\Windows\System\HFrGfzI.exe
  2⤵
  PID:3948
- C:\Windows\System\RkTAzbe.exe
  C:\Windows\System\RkTAzbe.exe
  2⤵
  PID:4172
- C:\Windows\System\jfddBaA.exe
  C:\Windows\System\jfddBaA.exe
  2⤵
  PID:3124
- C:\Windows\System\IjIyuUi.exe
  C:\Windows\System\IjIyuUi.exe
  2⤵
  PID:3812
- C:\Windows\System\bKEwJey.exe
  C:\Windows\System\bKEwJey.exe
  2⤵
  PID:3312
- C:\Windows\System\qGuTpYe.exe
  C:\Windows\System\qGuTpYe.exe
  2⤵
  PID:4192
- C:\Windows\System\eSCJJYe.exe
  C:\Windows\System\eSCJJYe.exe
  2⤵
  PID:4204
- C:\Windows\System\oBXtjyS.exe
  C:\Windows\System\oBXtjyS.exe
  2⤵
  PID:3588
- C:\Windows\System\OikdDFR.exe
  C:\Windows\System\OikdDFR.exe
  2⤵
  PID:2356
- C:\Windows\System\eDVjjav.exe
  C:\Windows\System\eDVjjav.exe
  2⤵
  PID:4100
- C:\Windows\System\YMCgmEw.exe
  C:\Windows\System\YMCgmEw.exe
  2⤵
  PID:2740
- C:\Windows\System\yNcmlgl.exe
  C:\Windows\System\yNcmlgl.exe
  2⤵
  PID:3884
- C:\Windows\System\RjjqhAX.exe
  C:\Windows\System\RjjqhAX.exe
  2⤵
  PID:4228
- C:\Windows\System\yUiyuWc.exe
  C:\Windows\System\yUiyuWc.exe
  2⤵
  PID:4288
- C:\Windows\System\GxDunZR.exe
  C:\Windows\System\GxDunZR.exe
  2⤵
  PID:4300
- C:\Windows\System\yGKLovp.exe
  C:\Windows\System\yGKLovp.exe
  2⤵
  PID:2660
- C:\Windows\System\mcJGphS.exe
  C:\Windows\System\mcJGphS.exe
  2⤵
  PID:4416
- C:\Windows\System\NHuxTXX.exe
  C:\Windows\System\NHuxTXX.exe
  2⤵
  PID:4500
- C:\Windows\System\quAlOGk.exe
  C:\Windows\System\quAlOGk.exe
  2⤵
  PID:4396
- C:\Windows\System\BtrRAVj.exe
  C:\Windows\System\BtrRAVj.exe
  2⤵
  PID:4472
- C:\Windows\System\MvVwtCg.exe
  C:\Windows\System\MvVwtCg.exe
  2⤵
  PID:4568
- C:\Windows\System\OrNjMqx.exe
  C:\Windows\System\OrNjMqx.exe
  2⤵
  PID:4608
- C:\Windows\System\SyEARzg.exe
  C:\Windows\System\SyEARzg.exe
  2⤵
  PID:4512
- C:\Windows\System\DzZdDIy.exe
  C:\Windows\System\DzZdDIy.exe
  2⤵
  PID:4592
- C:\Windows\System\xovVNBV.exe
  C:\Windows\System\xovVNBV.exe
  2⤵
  PID:2680
- C:\Windows\System\AYtCTuB.exe
  C:\Windows\System\AYtCTuB.exe
  2⤵
  PID:4704
- C:\Windows\System\EGDWmCQ.exe
  C:\Windows\System\EGDWmCQ.exe
  2⤵
  PID:4724
- C:\Windows\System\wgZsVmq.exe
  C:\Windows\System\wgZsVmq.exe
  2⤵
  PID:4748
- C:\Windows\System\jCqtWhf.exe
  C:\Windows\System\jCqtWhf.exe
  2⤵
  PID:4788
- C:\Windows\System\IABxoyC.exe
  C:\Windows\System\IABxoyC.exe
  2⤵
  PID:4864
- C:\Windows\System\MFpBZBc.exe
  C:\Windows\System\MFpBZBc.exe
  2⤵
  PID:4760
- C:\Windows\System\yENuhah.exe
  C:\Windows\System\yENuhah.exe
  2⤵
  PID:4844
- C:\Windows\System\tUmvVfv.exe
  C:\Windows\System\tUmvVfv.exe
  2⤵
  PID:4888
- C:\Windows\System\tLePShz.exe
  C:\Windows\System\tLePShz.exe
  2⤵
  PID:4932
- C:\Windows\System\paatTuN.exe
  C:\Windows\System\paatTuN.exe
  2⤵
  PID:5112
- C:\Windows\System\awIwTlC.exe
  C:\Windows\System\awIwTlC.exe
  2⤵
  PID:5052
- C:\Windows\System\UyezGHy.exe
  C:\Windows\System\UyezGHy.exe
  2⤵
  PID:5096
- C:\Windows\System\DcUZdSc.exe
  C:\Windows\System\DcUZdSc.exe
  2⤵
  PID:3080
- C:\Windows\System\QhJcPRg.exe
  C:\Windows\System\QhJcPRg.exe
  2⤵
  PID:3520
- C:\Windows\System\xoFRPBC.exe
  C:\Windows\System\xoFRPBC.exe
  2⤵
  PID:3984
- C:\Windows\System\TLtJGQK.exe
  C:\Windows\System\TLtJGQK.exe
  2⤵
  PID:3012
- C:\Windows\System\ORfxiSk.exe
  C:\Windows\System\ORfxiSk.exe
  2⤵
  PID:3828
- C:\Windows\System\OEchaOa.exe
  C:\Windows\System\OEchaOa.exe
  2⤵
  PID:4116
- C:\Windows\System\xbEcCbv.exe
  C:\Windows\System\xbEcCbv.exe
  2⤵
  PID:3184
- C:\Windows\System\vaXCvjI.exe
  C:\Windows\System\vaXCvjI.exe
  2⤵
  PID:4208
- C:\Windows\System\TDKrsRU.exe
  C:\Windows\System\TDKrsRU.exe
  2⤵
  PID:3768
- C:\Windows\System\KPTYMLi.exe
  C:\Windows\System\KPTYMLi.exe
  2⤵
  PID:3388
- C:\Windows\System\uSLzLxp.exe
  C:\Windows\System\uSLzLxp.exe
  2⤵
  PID:4328
- C:\Windows\System\rezacJX.exe
  C:\Windows\System\rezacJX.exe
  2⤵
  PID:1572
- C:\Windows\System\okpAejb.exe
  C:\Windows\System\okpAejb.exe
  2⤵
  PID:4336
- C:\Windows\System\IaVpoMl.exe
  C:\Windows\System\IaVpoMl.exe
  2⤵
  PID:4412
- C:\Windows\System\ERVejSv.exe
  C:\Windows\System\ERVejSv.exe
  2⤵
  PID:3960
- C:\Windows\System\GedErDq.exe
  C:\Windows\System\GedErDq.exe
  2⤵
  PID:4368
- C:\Windows\System\AygJmFL.exe
  C:\Windows\System\AygJmFL.exe
  2⤵
  PID:2976
- C:\Windows\System\sMRcpgo.exe
  C:\Windows\System\sMRcpgo.exe
  2⤵
  PID:4460
- C:\Windows\System\yxrtWmg.exe
  C:\Windows\System\yxrtWmg.exe
  2⤵
  PID:2512
- C:\Windows\System\cKvxfgd.exe
  C:\Windows\System\cKvxfgd.exe
  2⤵
  PID:4688
- C:\Windows\System\YoyfoAQ.exe
  C:\Windows\System\YoyfoAQ.exe
  2⤵
  PID:4580
- C:\Windows\System\bwnhZuP.exe
  C:\Windows\System\bwnhZuP.exe
  2⤵
  PID:316
- C:\Windows\System\OJEpqEL.exe
  C:\Windows\System\OJEpqEL.exe
  2⤵
  PID:4792
- C:\Windows\System\KPeGWbK.exe
  C:\Windows\System\KPeGWbK.exe
  2⤵
  PID:4868
- C:\Windows\System\eynVJZH.exe
  C:\Windows\System\eynVJZH.exe
  2⤵
  PID:4732
- C:\Windows\System\hcEjclX.exe
  C:\Windows\System\hcEjclX.exe
  2⤵
  PID:4804
- C:\Windows\System\THlkGlM.exe
  C:\Windows\System\THlkGlM.exe
  2⤵
  PID:5000
- C:\Windows\System\RACoDNe.exe
  C:\Windows\System\RACoDNe.exe
  2⤵
  PID:5068
- C:\Windows\System\wqCNCEj.exe
  C:\Windows\System\wqCNCEj.exe
  2⤵
  PID:5012
- C:\Windows\System\zpwjnqq.exe
  C:\Windows\System\zpwjnqq.exe
  2⤵
  PID:2952
- C:\Windows\System\OXCwEha.exe
  C:\Windows\System\OXCwEha.exe
  2⤵
  PID:2464
- C:\Windows\System\RqYTAWB.exe
  C:\Windows\System\RqYTAWB.exe
  2⤵
  PID:2260
- C:\Windows\System\zOhdygU.exe
  C:\Windows\System\zOhdygU.exe
  2⤵
  PID:2572
- C:\Windows\System\MTVSieH.exe
  C:\Windows\System\MTVSieH.exe
  2⤵
  PID:3704
- C:\Windows\System\tcVZTCb.exe
  C:\Windows\System\tcVZTCb.exe
  2⤵
  PID:2808
- C:\Windows\System\XAHMneH.exe
  C:\Windows\System\XAHMneH.exe
  2⤵
  PID:4200
- C:\Windows\System\QnzfGaO.exe
  C:\Windows\System\QnzfGaO.exe
  2⤵
  PID:3608
- C:\Windows\System\hVPjxEM.exe
  C:\Windows\System\hVPjxEM.exe
  2⤵
  PID:4332
- C:\Windows\System\Fuonhzi.exe
  C:\Windows\System\Fuonhzi.exe
  2⤵
  PID:2984
- C:\Windows\System\isiOtil.exe
  C:\Windows\System\isiOtil.exe
  2⤵
  PID:4388
- C:\Windows\System\IFHIBEf.exe
  C:\Windows\System\IFHIBEf.exe
  2⤵
  PID:4376
- C:\Windows\System\UNWKSjN.exe
  C:\Windows\System\UNWKSjN.exe
  2⤵
  PID:4532
- C:\Windows\System\bsBCWrh.exe
  C:\Windows\System\bsBCWrh.exe
  2⤵
  PID:2696
- C:\Windows\System\kvgAksK.exe
  C:\Windows\System\kvgAksK.exe
  2⤵
  PID:4436
- C:\Windows\System\axkPryh.exe
  C:\Windows\System\axkPryh.exe
  2⤵
  PID:4556
- C:\Windows\System\PAgLXwm.exe
  C:\Windows\System\PAgLXwm.exe
  2⤵
  PID:4720
- C:\Windows\System\MOynZTW.exe
  C:\Windows\System\MOynZTW.exe
  2⤵
  PID:4764
- C:\Windows\System\pEvLJLc.exe
  C:\Windows\System\pEvLJLc.exe
  2⤵
  PID:5036
- C:\Windows\System\XKAIUKt.exe
  C:\Windows\System\XKAIUKt.exe
  2⤵
  PID:5020
- C:\Windows\System\iLOgfiP.exe
  C:\Windows\System\iLOgfiP.exe
  2⤵
  PID:5048
- C:\Windows\System\yBZoIDa.exe
  C:\Windows\System\yBZoIDa.exe
  2⤵
  PID:4772
- C:\Windows\System\KdKmntR.exe
  C:\Windows\System\KdKmntR.exe
  2⤵
  PID:1156
- C:\Windows\System\ZqHbwEC.exe
  C:\Windows\System\ZqHbwEC.exe
  2⤵
  PID:3076
- C:\Windows\System\qtOSWQY.exe
  C:\Windows\System\qtOSWQY.exe
  2⤵
  PID:5128
- C:\Windows\System\TpKUcNu.exe
  C:\Windows\System\TpKUcNu.exe
  2⤵
  PID:5148
- C:\Windows\System\unnUOHR.exe
  C:\Windows\System\unnUOHR.exe
  2⤵
  PID:5168
- C:\Windows\System\Hqkjful.exe
  C:\Windows\System\Hqkjful.exe
  2⤵
  PID:5188
- C:\Windows\System\tCIyVtf.exe
  C:\Windows\System\tCIyVtf.exe
  2⤵
  PID:5208
- C:\Windows\System\gUQTCJx.exe
  C:\Windows\System\gUQTCJx.exe
  2⤵
  PID:5228
- C:\Windows\System\SlLSIIA.exe
  C:\Windows\System\SlLSIIA.exe
  2⤵
  PID:5252
- C:\Windows\System\PsAeVPw.exe
  C:\Windows\System\PsAeVPw.exe
  2⤵
  PID:5272
- C:\Windows\System\ZnRVmnZ.exe
  C:\Windows\System\ZnRVmnZ.exe
  2⤵
  PID:5292
- C:\Windows\System\QgaJqeC.exe
  C:\Windows\System\QgaJqeC.exe
  2⤵
  PID:5312
- C:\Windows\System\BgVgFTq.exe
  C:\Windows\System\BgVgFTq.exe
  2⤵
  PID:5332
- C:\Windows\System\auVYhxB.exe
  C:\Windows\System\auVYhxB.exe
  2⤵
  PID:5356
- C:\Windows\System\lEDKAfm.exe
  C:\Windows\System\lEDKAfm.exe
  2⤵
  PID:5376
- C:\Windows\System\oTEkFzB.exe
  C:\Windows\System\oTEkFzB.exe
  2⤵
  PID:5392
- C:\Windows\System\EceOPZC.exe
  C:\Windows\System\EceOPZC.exe
  2⤵
  PID:5416
- C:\Windows\System\VyqJjUZ.exe
  C:\Windows\System\VyqJjUZ.exe
  2⤵
  PID:5436
- C:\Windows\System\gXoIgkR.exe
  C:\Windows\System\gXoIgkR.exe
  2⤵
  PID:5456
- C:\Windows\System\OyuKRMQ.exe
  C:\Windows\System\OyuKRMQ.exe
  2⤵
  PID:5476
- C:\Windows\System\FIMRNaB.exe
  C:\Windows\System\FIMRNaB.exe
  2⤵
  PID:5496
- C:\Windows\System\ZkozcjJ.exe
  C:\Windows\System\ZkozcjJ.exe
  2⤵
  PID:5516
- C:\Windows\System\UMMYlbO.exe
  C:\Windows\System\UMMYlbO.exe
  2⤵
  PID:5536
- C:\Windows\System\yLFgOJJ.exe
  C:\Windows\System\yLFgOJJ.exe
  2⤵
  PID:5556
- C:\Windows\System\kKkYBCn.exe
  C:\Windows\System\kKkYBCn.exe
  2⤵
  PID:5576
- C:\Windows\System\ApLmmxp.exe
  C:\Windows\System\ApLmmxp.exe
  2⤵
  PID:5596
- C:\Windows\System\JMVhrLI.exe
  C:\Windows\System\JMVhrLI.exe
  2⤵
  PID:5620
- C:\Windows\System\YSEHScz.exe
  C:\Windows\System\YSEHScz.exe
  2⤵
  PID:5640
- C:\Windows\System\FhfsLHz.exe
  C:\Windows\System\FhfsLHz.exe
  2⤵
  PID:5660
- C:\Windows\System\LjunpYy.exe
  C:\Windows\System\LjunpYy.exe
  2⤵
  PID:5680
- C:\Windows\System\znztjOb.exe
  C:\Windows\System\znztjOb.exe
  2⤵
  PID:5700
- C:\Windows\System\KjMfdck.exe
  C:\Windows\System\KjMfdck.exe
  2⤵
  PID:5720
- C:\Windows\System\hJjAmdu.exe
  C:\Windows\System\hJjAmdu.exe
  2⤵
  PID:5740
- C:\Windows\System\XXBcIIc.exe
  C:\Windows\System\XXBcIIc.exe
  2⤵
  PID:5756
- C:\Windows\System\IlNlsfj.exe
  C:\Windows\System\IlNlsfj.exe
  2⤵
  PID:5776
- C:\Windows\System\LYXyoNX.exe
  C:\Windows\System\LYXyoNX.exe
  2⤵
  PID:5804
- C:\Windows\System\aVtjcCz.exe
  C:\Windows\System\aVtjcCz.exe
  2⤵
  PID:5824
- C:\Windows\System\VEXmBlQ.exe
  C:\Windows\System\VEXmBlQ.exe
  2⤵
  PID:5844
- C:\Windows\System\HHIzuzR.exe
  C:\Windows\System\HHIzuzR.exe
  2⤵
  PID:5864
- C:\Windows\System\grvmbAs.exe
  C:\Windows\System\grvmbAs.exe
  2⤵
  PID:5884
- C:\Windows\System\nrBTdhK.exe
  C:\Windows\System\nrBTdhK.exe
  2⤵
  PID:5904
- C:\Windows\System\FKoaNVR.exe
  C:\Windows\System\FKoaNVR.exe
  2⤵
  PID:5924
- C:\Windows\System\nOrGTYj.exe
  C:\Windows\System\nOrGTYj.exe
  2⤵
  PID:5944
- C:\Windows\System\pCIbgLw.exe
  C:\Windows\System\pCIbgLw.exe
  2⤵
  PID:5964
- C:\Windows\System\NYPtTmy.exe
  C:\Windows\System\NYPtTmy.exe
  2⤵
  PID:5980
- C:\Windows\System\YwpMBpY.exe
  C:\Windows\System\YwpMBpY.exe
  2⤵
  PID:6008
- C:\Windows\System\cAfuXQl.exe
  C:\Windows\System\cAfuXQl.exe
  2⤵
  PID:6028
- C:\Windows\System\lbiscVZ.exe
  C:\Windows\System\lbiscVZ.exe
  2⤵
  PID:6048
- C:\Windows\System\lYYnKoA.exe
  C:\Windows\System\lYYnKoA.exe
  2⤵
  PID:6068
- C:\Windows\System\guMKmHm.exe
  C:\Windows\System\guMKmHm.exe
  2⤵
  PID:6088
- C:\Windows\System\JBhmmif.exe
  C:\Windows\System\JBhmmif.exe
  2⤵
  PID:6108
- C:\Windows\System\hvaBQjf.exe
  C:\Windows\System\hvaBQjf.exe
  2⤵
  PID:6128
- C:\Windows\System\KYhQBXJ.exe
  C:\Windows\System\KYhQBXJ.exe
  2⤵
  PID:2888
- C:\Windows\System\ueSaijR.exe
  C:\Windows\System\ueSaijR.exe
  2⤵
  PID:2444
- C:\Windows\System\cHUhMpz.exe
  C:\Windows\System\cHUhMpz.exe
  2⤵
  PID:4224
- C:\Windows\System\XsicpDm.exe
  C:\Windows\System\XsicpDm.exe
  2⤵
  PID:4320
- C:\Windows\System\KNkCMIF.exe
  C:\Windows\System\KNkCMIF.exe
  2⤵
  PID:4456
- C:\Windows\System\GlNDDLU.exe
  C:\Windows\System\GlNDDLU.exe
  2⤵
  PID:4624
- C:\Windows\System\UvFFrrj.exe
  C:\Windows\System\UvFFrrj.exe
  2⤵
  PID:4528
- C:\Windows\System\rCiqpas.exe
  C:\Windows\System\rCiqpas.exe
  2⤵
  PID:3924
- C:\Windows\System\TuFEVYW.exe
  C:\Windows\System\TuFEVYW.exe
  2⤵
  PID:4728
- C:\Windows\System\AVEHhAg.exe
  C:\Windows\System\AVEHhAg.exe
  2⤵
  PID:3672
- C:\Windows\System\sBnDixi.exe
  C:\Windows\System\sBnDixi.exe
  2⤵
  PID:2832
- C:\Windows\System\zsQBhXl.exe
  C:\Windows\System\zsQBhXl.exe
  2⤵
  PID:4056
- C:\Windows\System\igKLTPw.exe
  C:\Windows\System\igKLTPw.exe
  2⤵
  PID:1916
- C:\Windows\System\lusWmaV.exe
  C:\Windows\System\lusWmaV.exe
  2⤵
  PID:5164
- C:\Windows\System\lDeCYoM.exe
  C:\Windows\System\lDeCYoM.exe
  2⤵
  PID:5204
- C:\Windows\System\mCniFxS.exe
  C:\Windows\System\mCniFxS.exe
  2⤵
  PID:5216
- C:\Windows\System\TxDxWoB.exe
  C:\Windows\System\TxDxWoB.exe
  2⤵
  PID:5240
- C:\Windows\System\eHIVPyP.exe
  C:\Windows\System\eHIVPyP.exe
  2⤵
  PID:5260
- C:\Windows\System\VeGmipz.exe
  C:\Windows\System\VeGmipz.exe
  2⤵
  PID:928
- C:\Windows\System\MmqGDcJ.exe
  C:\Windows\System\MmqGDcJ.exe
  2⤵
  PID:5340
- C:\Windows\System\SJlBVjk.exe
  C:\Windows\System\SJlBVjk.exe
  2⤵
  PID:5372
- C:\Windows\System\zSaMBPy.exe
  C:\Windows\System\zSaMBPy.exe
  2⤵
  PID:5388
- C:\Windows\System\ZFdGjqQ.exe
  C:\Windows\System\ZFdGjqQ.exe
  2⤵
  PID:5428
- C:\Windows\System\zHZqHlG.exe
  C:\Windows\System\zHZqHlG.exe
  2⤵
  PID:5464
- C:\Windows\System\ghYKAHz.exe
  C:\Windows\System\ghYKAHz.exe
  2⤵
  PID:5504
- C:\Windows\System\xaTbrZc.exe
  C:\Windows\System\xaTbrZc.exe
  2⤵
  PID:5544
- C:\Windows\System\QQxHSJB.exe
  C:\Windows\System\QQxHSJB.exe
  2⤵
  PID:5568
- C:\Windows\System\twfiooN.exe
  C:\Windows\System\twfiooN.exe
  2⤵
  PID:5352
- C:\Windows\System\KtDnbwt.exe
  C:\Windows\System\KtDnbwt.exe
  2⤵
  PID:5652
- C:\Windows\System\WaRHVKI.exe
  C:\Windows\System\WaRHVKI.exe
  2⤵
  PID:5688
- C:\Windows\System\bJUMEZM.exe
  C:\Windows\System\bJUMEZM.exe
  2⤵
  PID:5728
- C:\Windows\System\YBmsyzI.exe
  C:\Windows\System\YBmsyzI.exe
  2⤵
  PID:5772
- C:\Windows\System\dgUvrSW.exe
  C:\Windows\System\dgUvrSW.exe
  2⤵
  PID:5812
- C:\Windows\System\fwwkTnF.exe
  C:\Windows\System\fwwkTnF.exe
  2⤵
  PID:5792
- C:\Windows\System\ZzEeVjO.exe
  C:\Windows\System\ZzEeVjO.exe
  2⤵
  PID:5856
- C:\Windows\System\BJuXsxL.exe
  C:\Windows\System\BJuXsxL.exe
  2⤵
  PID:5880
- C:\Windows\System\APOfdFe.exe
  C:\Windows\System\APOfdFe.exe
  2⤵
  PID:5920
- C:\Windows\System\DbDomTZ.exe
  C:\Windows\System\DbDomTZ.exe
  2⤵
  PID:5972
- C:\Windows\System\qWyGXbn.exe
  C:\Windows\System\qWyGXbn.exe
  2⤵
  PID:6016
- C:\Windows\System\XOwcrJX.exe
  C:\Windows\System\XOwcrJX.exe
  2⤵
  PID:6056
- C:\Windows\System\bqUOLMx.exe
  C:\Windows\System\bqUOLMx.exe
  2⤵
  PID:6040
- C:\Windows\System\esEuZBR.exe
  C:\Windows\System\esEuZBR.exe
  2⤵
  PID:6104
- C:\Windows\System\JwnWqhb.exe
  C:\Windows\System\JwnWqhb.exe
  2⤵
  PID:4088
- C:\Windows\System\ELxoIZF.exe
  C:\Windows\System\ELxoIZF.exe
  2⤵
  PID:6120
- C:\Windows\System\htgfnjH.exe
  C:\Windows\System\htgfnjH.exe
  2⤵
  PID:3084
- C:\Windows\System\PDofngF.exe
  C:\Windows\System\PDofngF.exe
  2⤵
  PID:3404
- C:\Windows\System\AhkiNxe.exe
  C:\Windows\System\AhkiNxe.exe
  2⤵
  PID:2908
- C:\Windows\System\EfDnrJK.exe
  C:\Windows\System\EfDnrJK.exe
  2⤵
  PID:4944
- C:\Windows\System\kIeIfBt.exe
  C:\Windows\System\kIeIfBt.exe
  2⤵
  PID:4672
- C:\Windows\System\AVnLyuY.exe
  C:\Windows\System\AVnLyuY.exe
  2⤵
  PID:5016
- C:\Windows\System\vHYKdpv.exe
  C:\Windows\System\vHYKdpv.exe
  2⤵
  PID:3996
- C:\Windows\System\LoFrRKp.exe
  C:\Windows\System\LoFrRKp.exe
  2⤵
  PID:5144
- C:\Windows\System\ONeDROO.exe
  C:\Windows\System\ONeDROO.exe
  2⤵
  PID:5244
- C:\Windows\System\ITZdYNU.exe
  C:\Windows\System\ITZdYNU.exe
  2⤵
  PID:5180
- C:\Windows\System\zngpxcA.exe
  C:\Windows\System\zngpxcA.exe
  2⤵
  PID:1468
- C:\Windows\System\rNYWDGO.exe
  C:\Windows\System\rNYWDGO.exe
  2⤵
  PID:5424
- C:\Windows\System\HHxlXNv.exe
  C:\Windows\System\HHxlXNv.exe
  2⤵
  PID:5408
- C:\Windows\System\JbpMyMX.exe
  C:\Windows\System\JbpMyMX.exe
  2⤵
  PID:5492
- C:\Windows\System\yowIENR.exe
  C:\Windows\System\yowIENR.exe
  2⤵
  PID:5512
- C:\Windows\System\ndHpCIr.exe
  C:\Windows\System\ndHpCIr.exe
  2⤵
  PID:5656
- C:\Windows\System\LZCSuck.exe
  C:\Windows\System\LZCSuck.exe
  2⤵
  PID:5672
- C:\Windows\System\mmAUBmr.exe
  C:\Windows\System\mmAUBmr.exe
  2⤵
  PID:5696
- C:\Windows\System\BOFeSJp.exe
  C:\Windows\System\BOFeSJp.exe
  2⤵
  PID:5708
- C:\Windows\System\wEkUwgu.exe
  C:\Windows\System\wEkUwgu.exe
  2⤵
  PID:5820
- C:\Windows\System\QwapJgd.exe
  C:\Windows\System\QwapJgd.exe
  2⤵
  PID:5940
- C:\Windows\System\YuCNFsf.exe
  C:\Windows\System\YuCNFsf.exe
  2⤵
  PID:5952
- C:\Windows\System\OTyLTSK.exe
  C:\Windows\System\OTyLTSK.exe
  2⤵
  PID:6064
- C:\Windows\System\sFfpXPM.exe
  C:\Windows\System\sFfpXPM.exe
  2⤵
  PID:6100
- C:\Windows\System\pjMlvGw.exe
  C:\Windows\System\pjMlvGw.exe
  2⤵
  PID:4136
- C:\Windows\System\HDxOvNU.exe
  C:\Windows\System\HDxOvNU.exe
  2⤵
  PID:1684
- C:\Windows\System\CcrRYZL.exe
  C:\Windows\System\CcrRYZL.exe
  2⤵
  PID:3300
- C:\Windows\System\zyvKHTZ.exe
  C:\Windows\System\zyvKHTZ.exe
  2⤵
  PID:4828
- C:\Windows\System\AlRfKYl.exe
  C:\Windows\System\AlRfKYl.exe
  2⤵
  PID:4656
- C:\Windows\System\dEZuVTe.exe
  C:\Windows\System\dEZuVTe.exe
  2⤵
  PID:4164
- C:\Windows\System\dhXlcXf.exe
  C:\Windows\System\dhXlcXf.exe
  2⤵
  PID:5196
- C:\Windows\System\GAmYquI.exe
  C:\Windows\System\GAmYquI.exe
  2⤵
  PID:5224
- C:\Windows\System\TcXtRiS.exe
  C:\Windows\System\TcXtRiS.exe
  2⤵
  PID:5308
- C:\Windows\System\jLABrgI.exe
  C:\Windows\System\jLABrgI.exe
  2⤵
  PID:2816
- C:\Windows\System\XBQvAGn.exe
  C:\Windows\System\XBQvAGn.exe
  2⤵
  PID:5468
- C:\Windows\System\mrGbrjA.exe
  C:\Windows\System\mrGbrjA.exe
  2⤵
  PID:5788
- C:\Windows\System\mVmRuRJ.exe
  C:\Windows\System\mVmRuRJ.exe
  2⤵
  PID:5668
- C:\Windows\System\tJxdipp.exe
  C:\Windows\System\tJxdipp.exe
  2⤵
  PID:5932
- C:\Windows\System\iCfcrgs.exe
  C:\Windows\System\iCfcrgs.exe
  2⤵
  PID:5996
- C:\Windows\System\uSoRwqn.exe
  C:\Windows\System\uSoRwqn.exe
  2⤵
  PID:5960
- C:\Windows\System\CyEZATc.exe
  C:\Windows\System\CyEZATc.exe
  2⤵
  PID:6060
- C:\Windows\System\eWigcsK.exe
  C:\Windows\System\eWigcsK.exe
  2⤵
  PID:3400
- C:\Windows\System\FJLsaXW.exe
  C:\Windows\System\FJLsaXW.exe
  2⤵
  PID:4572
- C:\Windows\System\iZlArWi.exe
  C:\Windows\System\iZlArWi.exe
  2⤵
  PID:5184
- C:\Windows\System\tPpkcet.exe
  C:\Windows\System\tPpkcet.exe
  2⤵
  PID:2340
- C:\Windows\System\BbPDbzL.exe
  C:\Windows\System\BbPDbzL.exe
  2⤵
  PID:5488
- C:\Windows\System\JzFPzWt.exe
  C:\Windows\System\JzFPzWt.exe
  2⤵
  PID:5384
- C:\Windows\System\TCZjYhb.exe
  C:\Windows\System\TCZjYhb.exe
  2⤵
  PID:5616
- C:\Windows\System\vpZZoQy.exe
  C:\Windows\System\vpZZoQy.exe
  2⤵
  PID:5900
- C:\Windows\System\FXvAGgc.exe
  C:\Windows\System\FXvAGgc.exe
  2⤵
  PID:6020
- C:\Windows\System\pnigHjZ.exe
  C:\Windows\System\pnigHjZ.exe
  2⤵
  PID:1692
- C:\Windows\System\VoEMJnc.exe
  C:\Windows\System\VoEMJnc.exe
  2⤵
  PID:6152
- C:\Windows\System\UlXjJAJ.exe
  C:\Windows\System\UlXjJAJ.exe
  2⤵
  PID:6172
- C:\Windows\System\xwAqnZc.exe
  C:\Windows\System\xwAqnZc.exe
  2⤵
  PID:6188
- C:\Windows\System\ADWXunr.exe
  C:\Windows\System\ADWXunr.exe
  2⤵
  PID:6204
- C:\Windows\System\aNKNWIG.exe
  C:\Windows\System\aNKNWIG.exe
  2⤵
  PID:6228
- C:\Windows\System\ATquTqg.exe
  C:\Windows\System\ATquTqg.exe
  2⤵
  PID:6260
- C:\Windows\System\PQeUzwx.exe
  C:\Windows\System\PQeUzwx.exe
  2⤵
  PID:6280
- C:\Windows\System\rYZEyFx.exe
  C:\Windows\System\rYZEyFx.exe
  2⤵
  PID:6300
- C:\Windows\System\bOiGWLO.exe
  C:\Windows\System\bOiGWLO.exe
  2⤵
  PID:6328
- C:\Windows\System\ycgXQsV.exe
  C:\Windows\System\ycgXQsV.exe
  2⤵
  PID:6344
- C:\Windows\System\WcotsHq.exe
  C:\Windows\System\WcotsHq.exe
  2⤵
  PID:6360
- C:\Windows\System\hrmNMLh.exe
  C:\Windows\System\hrmNMLh.exe
  2⤵
  PID:6376
- C:\Windows\System\YQxjXKW.exe
  C:\Windows\System\YQxjXKW.exe
  2⤵
  PID:6408
- C:\Windows\System\yImbDbi.exe
  C:\Windows\System\yImbDbi.exe
  2⤵
  PID:6424
- C:\Windows\System\yupEHPL.exe
  C:\Windows\System\yupEHPL.exe
  2⤵
  PID:6440
- C:\Windows\System\BhIHsSB.exe
  C:\Windows\System\BhIHsSB.exe
  2⤵
  PID:6456
- C:\Windows\System\yBgGFJA.exe
  C:\Windows\System\yBgGFJA.exe
  2⤵
  PID:6544
- C:\Windows\System\ZdjDVAF.exe
  C:\Windows\System\ZdjDVAF.exe
  2⤵
  PID:6564
- C:\Windows\System\jadMGWW.exe
  C:\Windows\System\jadMGWW.exe
  2⤵
  PID:6584
- C:\Windows\System\qQHsvqz.exe
  C:\Windows\System\qQHsvqz.exe
  2⤵
  PID:6600
- C:\Windows\System\cCGjyIr.exe
  C:\Windows\System\cCGjyIr.exe
  2⤵
  PID:6620
- C:\Windows\System\snLbPpR.exe
  C:\Windows\System\snLbPpR.exe
  2⤵
  PID:6636
- C:\Windows\System\ZZhjIis.exe
  C:\Windows\System\ZZhjIis.exe
  2⤵
  PID:6652
- C:\Windows\System\szGptlD.exe
  C:\Windows\System\szGptlD.exe
  2⤵
  PID:6668
- C:\Windows\System\mIxuDAi.exe
  C:\Windows\System\mIxuDAi.exe
  2⤵
  PID:6684
- C:\Windows\System\zYRruci.exe
  C:\Windows\System\zYRruci.exe
  2⤵
  PID:6700
- C:\Windows\System\DNToOZB.exe
  C:\Windows\System\DNToOZB.exe
  2⤵
  PID:6716
- C:\Windows\System\SNsoyCl.exe
  C:\Windows\System\SNsoyCl.exe
  2⤵
  PID:6736
- C:\Windows\System\PQecfTz.exe
  C:\Windows\System\PQecfTz.exe
  2⤵
  PID:6752
- C:\Windows\System\EBRjRBg.exe
  C:\Windows\System\EBRjRBg.exe
  2⤵
  PID:6772
- C:\Windows\System\qkkMZOW.exe
  C:\Windows\System\qkkMZOW.exe
  2⤵
  PID:6792
- C:\Windows\System\GlhPnWy.exe
  C:\Windows\System\GlhPnWy.exe
  2⤵
  PID:6816
- C:\Windows\System\foEDuUp.exe
  C:\Windows\System\foEDuUp.exe
  2⤵
  PID:6832
- C:\Windows\System\ryntCRj.exe
  C:\Windows\System\ryntCRj.exe
  2⤵
  PID:6848
- C:\Windows\System\CWLBrjr.exe
  C:\Windows\System\CWLBrjr.exe
  2⤵
  PID:6876
- C:\Windows\System\qUGfuou.exe
  C:\Windows\System\qUGfuou.exe
  2⤵
  PID:6908
- C:\Windows\System\IIHgeiw.exe
  C:\Windows\System\IIHgeiw.exe
  2⤵
  PID:6932
- C:\Windows\System\rRCRUdx.exe
  C:\Windows\System\rRCRUdx.exe
  2⤵
  PID:6960
- C:\Windows\System\XOsLYOh.exe
  C:\Windows\System\XOsLYOh.exe
  2⤵
  PID:6996
- C:\Windows\System\rmCpETn.exe
  C:\Windows\System\rmCpETn.exe
  2⤵
  PID:7012
- C:\Windows\System\vdNOjOG.exe
  C:\Windows\System\vdNOjOG.exe
  2⤵
  PID:7028
- C:\Windows\System\ujJKCgt.exe
  C:\Windows\System\ujJKCgt.exe
  2⤵
  PID:7044
- C:\Windows\System\HWIxnxL.exe
  C:\Windows\System\HWIxnxL.exe
  2⤵
  PID:7064
- C:\Windows\System\YqOZmhR.exe
  C:\Windows\System\YqOZmhR.exe
  2⤵
  PID:7084
- C:\Windows\System\fTcXrtY.exe
  C:\Windows\System\fTcXrtY.exe
  2⤵
  PID:7100
- C:\Windows\System\gHqTZqT.exe
  C:\Windows\System\gHqTZqT.exe
  2⤵
  PID:7116
- C:\Windows\System\SXzSNpl.exe
  C:\Windows\System\SXzSNpl.exe
  2⤵
  PID:7132
- C:\Windows\System\KfqRSNN.exe
  C:\Windows\System\KfqRSNN.exe
  2⤵
  PID:7152
- C:\Windows\System\hLmGkTW.exe
  C:\Windows\System\hLmGkTW.exe
  2⤵
  PID:3656
- C:\Windows\System\UHBnGGn.exe
  C:\Windows\System\UHBnGGn.exe
  2⤵
  PID:5840
- C:\Windows\System\oZrNXtN.exe
  C:\Windows\System\oZrNXtN.exe
  2⤵
  PID:4628
- C:\Windows\System\SRrNvDy.exe
  C:\Windows\System\SRrNvDy.exe
  2⤵
  PID:5400
- C:\Windows\System\eQYCqYZ.exe
  C:\Windows\System\eQYCqYZ.exe
  2⤵
  PID:1292
- C:\Windows\System\PZMeWVq.exe
  C:\Windows\System\PZMeWVq.exe
  2⤵
  PID:6248
- C:\Windows\System\mIOvIoi.exe
  C:\Windows\System\mIOvIoi.exe
  2⤵
  PID:6268
- C:\Windows\System\yuZWjFD.exe
  C:\Windows\System\yuZWjFD.exe
  2⤵
  PID:5860
- C:\Windows\System\wQLSwgE.exe
  C:\Windows\System\wQLSwgE.exe
  2⤵
  PID:5836
- C:\Windows\System\kGSAnEl.exe
  C:\Windows\System\kGSAnEl.exe
  2⤵
  PID:6448
- C:\Windows\System\gnvIqSJ.exe
  C:\Windows\System\gnvIqSJ.exe
  2⤵
  PID:6180
- C:\Windows\System\EbRJdvO.exe
  C:\Windows\System\EbRJdvO.exe
  2⤵
  PID:6224
- C:\Windows\System\IamOzCJ.exe
  C:\Windows\System\IamOzCJ.exe
  2⤵
  PID:6392
- C:\Windows\System\BdhswGH.exe
  C:\Windows\System\BdhswGH.exe
  2⤵
  PID:6312
- C:\Windows\System\qtIEQRt.exe
  C:\Windows\System\qtIEQRt.exe
  2⤵
  PID:4948
- C:\Windows\System\oFlpMeG.exe
  C:\Windows\System\oFlpMeG.exe
  2⤵
  PID:4964
- C:\Windows\System\aKarjpS.exe
  C:\Windows\System\aKarjpS.exe
  2⤵
  PID:4980
- C:\Windows\System\pQxuffC.exe
  C:\Windows\System\pQxuffC.exe
  2⤵
  PID:4712
- C:\Windows\System\fIBkBFS.exe
  C:\Windows\System\fIBkBFS.exe
  2⤵
  PID:6504
- C:\Windows\System\eBcvnVy.exe
  C:\Windows\System\eBcvnVy.exe
  2⤵
  PID:5320
- C:\Windows\System\UzhOlPu.exe
  C:\Windows\System\UzhOlPu.exe
  2⤵
  PID:6384
- C:\Windows\System\NfWCaEN.exe
  C:\Windows\System\NfWCaEN.exe
  2⤵
  PID:6316
- C:\Windows\System\KKtLvVz.exe
  C:\Windows\System\KKtLvVz.exe
  2⤵
  PID:6404
- C:\Windows\System\RhlaiEm.exe
  C:\Windows\System\RhlaiEm.exe
  2⤵
  PID:2224
- C:\Windows\System\eNhJbOA.exe
  C:\Windows\System\eNhJbOA.exe
  2⤵
  PID:6476
- C:\Windows\System\sErLNwV.exe
  C:\Windows\System\sErLNwV.exe
  2⤵
  PID:2640
- C:\Windows\System\JsxhJbj.exe
  C:\Windows\System\JsxhJbj.exe
  2⤵
  PID:6528
- C:\Windows\System\aTJSHNb.exe
  C:\Windows\System\aTJSHNb.exe
  2⤵
  PID:6532
- C:\Windows\System\PgUdnGh.exe
  C:\Windows\System\PgUdnGh.exe
  2⤵
  PID:6540
- C:\Windows\System\LzQMAMp.exe
  C:\Windows\System\LzQMAMp.exe
  2⤵
  PID:6660
- C:\Windows\System\XSmZviy.exe
  C:\Windows\System\XSmZviy.exe
  2⤵
  PID:6728
- C:\Windows\System\VcxxFES.exe
  C:\Windows\System\VcxxFES.exe
  2⤵
  PID:6572
- C:\Windows\System\TfDMhoF.exe
  C:\Windows\System\TfDMhoF.exe
  2⤵
  PID:6768
- C:\Windows\System\foXBDuB.exe
  C:\Windows\System\foXBDuB.exe
  2⤵
  PID:2156
- C:\Windows\System\fvwSwPE.exe
  C:\Windows\System\fvwSwPE.exe
  2⤵
  PID:1732
- C:\Windows\System\DIoMuvI.exe
  C:\Windows\System\DIoMuvI.exe
  2⤵
  PID:6884
- C:\Windows\System\smmlwuW.exe
  C:\Windows\System\smmlwuW.exe
  2⤵
  PID:6900
- C:\Windows\System\LhGtbeP.exe
  C:\Windows\System\LhGtbeP.exe
  2⤵
  PID:6944
- C:\Windows\System\wWBXHxd.exe
  C:\Windows\System\wWBXHxd.exe
  2⤵
  PID:2500
- C:\Windows\System\ckNdrwm.exe
  C:\Windows\System\ckNdrwm.exe
  2⤵
  PID:6616
- C:\Windows\System\pCXPqSa.exe
  C:\Windows\System\pCXPqSa.exe
  2⤵
  PID:6708
- C:\Windows\System\BueRCPC.exe
  C:\Windows\System\BueRCPC.exe
  2⤵
  PID:6780
- C:\Windows\System\kzzhvDr.exe
  C:\Windows\System\kzzhvDr.exe
  2⤵
  PID:6828
- C:\Windows\System\ooYcjrz.exe
  C:\Windows\System\ooYcjrz.exe
  2⤵
  PID:6868
- C:\Windows\System\tQdrsiR.exe
  C:\Windows\System\tQdrsiR.exe
  2⤵
  PID:6924
- C:\Windows\System\CFlACcS.exe
  C:\Windows\System\CFlACcS.exe
  2⤵
  PID:2324
- C:\Windows\System\FjyXJld.exe
  C:\Windows\System\FjyXJld.exe
  2⤵
  PID:2112
- C:\Windows\System\zxaIHwi.exe
  C:\Windows\System\zxaIHwi.exe
  2⤵
  PID:6980
- C:\Windows\System\zQdXDcn.exe
  C:\Windows\System\zQdXDcn.exe
  2⤵
  PID:7004
- C:\Windows\System\tqGralG.exe
  C:\Windows\System\tqGralG.exe
  2⤵
  PID:7040
- C:\Windows\System\puRZirv.exe
  C:\Windows\System\puRZirv.exe
  2⤵
  PID:7092
- C:\Windows\System\gqqihEb.exe
  C:\Windows\System\gqqihEb.exe
  2⤵
  PID:7080
- C:\Windows\System\ythGkkU.exe
  C:\Windows\System\ythGkkU.exe
  2⤵
  PID:7148
- C:\Windows\System\uDapyau.exe
  C:\Windows\System\uDapyau.exe
  2⤵
  PID:2860
- C:\Windows\System\xLKrMDI.exe
  C:\Windows\System\xLKrMDI.exe
  2⤵
  PID:3632
- C:\Windows\System\gXKFJAt.exe
  C:\Windows\System\gXKFJAt.exe
  2⤵
  PID:6812
- C:\Windows\System\SAgHVeB.exe
  C:\Windows\System\SAgHVeB.exe
  2⤵
  PID:7128
- C:\Windows\System\nuIrPbm.exe
  C:\Windows\System\nuIrPbm.exe
  2⤵
  PID:2012
- C:\Windows\System\IbfVnfv.exe
  C:\Windows\System\IbfVnfv.exe
  2⤵
  PID:6292
- C:\Windows\System\YZwQNio.exe
  C:\Windows\System\YZwQNio.exe
  2⤵
  PID:7164
- C:\Windows\System\jXcoxbt.exe
  C:\Windows\System\jXcoxbt.exe
  2⤵
  PID:5304
- C:\Windows\System\xlRinxk.exe
  C:\Windows\System\xlRinxk.exe
  2⤵
  PID:2760
- C:\Windows\System\QrJxTOb.exe
  C:\Windows\System\QrJxTOb.exe
  2⤵
  PID:6452
- C:\Windows\System\kwSMWCG.exe
  C:\Windows\System\kwSMWCG.exe
  2⤵
  PID:2772
- C:\Windows\System\NTPJDsS.exe
  C:\Windows\System\NTPJDsS.exe
  2⤵
  PID:6324
- C:\Windows\System\Hqmobqq.exe
  C:\Windows\System\Hqmobqq.exe
  2⤵
  PID:6464
- C:\Windows\System\rmvZOTU.exe
  C:\Windows\System\rmvZOTU.exe
  2⤵
  PID:4976
- C:\Windows\System\MhipYyV.exe
  C:\Windows\System\MhipYyV.exe
  2⤵
  PID:6436
- C:\Windows\System\JyUdkON.exe
  C:\Windows\System\JyUdkON.exe
  2⤵
  PID:6488
- C:\Windows\System\gVufJoo.exe
  C:\Windows\System\gVufJoo.exe
  2⤵
  PID:4960
- C:\Windows\System\EPpVnzs.exe
  C:\Windows\System\EPpVnzs.exe
  2⤵
  PID:6352
- C:\Windows\System\qWJcOsk.exe
  C:\Windows\System\qWJcOsk.exe
  2⤵
  PID:6516
- C:\Windows\System\XGJlkYl.exe
  C:\Windows\System\XGJlkYl.exe
  2⤵
  PID:6556
- C:\Windows\System\qUBaDnd.exe
  C:\Windows\System\qUBaDnd.exe
  2⤵
  PID:6628
- C:\Windows\System\MCdFecS.exe
  C:\Windows\System\MCdFecS.exe
  2⤵
  PID:6760
- C:\Windows\System\eMsdarc.exe
  C:\Windows\System\eMsdarc.exe
  2⤵
  PID:2188
- C:\Windows\System\XnzfOKp.exe
  C:\Windows\System\XnzfOKp.exe
  2⤵
  PID:6896
- C:\Windows\System\fVafqyk.exe
  C:\Windows\System\fVafqyk.exe
  2⤵
  PID:6940
- C:\Windows\System\SdMOyFb.exe
  C:\Windows\System\SdMOyFb.exe
  2⤵
  PID:6676
- C:\Windows\System\LiVjKza.exe
  C:\Windows\System\LiVjKza.exe
  2⤵
  PID:6744
- C:\Windows\System\gENwONg.exe
  C:\Windows\System\gENwONg.exe
  2⤵
  PID:6920
- C:\Windows\System\EtOEKlP.exe
  C:\Windows\System\EtOEKlP.exe
  2⤵
  PID:6968
- C:\Windows\System\ijUyCWv.exe
  C:\Windows\System\ijUyCWv.exe
  2⤵
  PID:6984
- C:\Windows\System\REOdgQd.exe
  C:\Windows\System\REOdgQd.exe
  2⤵
  PID:7144
- C:\Windows\System\WKnpwNT.exe
  C:\Windows\System\WKnpwNT.exe
  2⤵
  PID:2420
- C:\Windows\System\yOMXofR.exe
  C:\Windows\System\yOMXofR.exe
  2⤵
  PID:5156
- C:\Windows\System\zhHIYOK.exe
  C:\Windows\System\zhHIYOK.exe
  2⤵
  PID:7124
- C:\Windows\System\ySqpFVa.exe
  C:\Windows\System\ySqpFVa.exe
  2⤵
  PID:6196
- C:\Windows\System\SwQsSLd.exe
  C:\Windows\System\SwQsSLd.exe
  2⤵
  PID:4956
- C:\Windows\System\oSGdBvD.exe
  C:\Windows\System\oSGdBvD.exe
  2⤵
  PID:6520
- C:\Windows\System\lgzGQZX.exe
  C:\Windows\System\lgzGQZX.exe
  2⤵
  PID:6432
- C:\Windows\System\aBnTCGb.exe
  C:\Windows\System\aBnTCGb.exe
  2⤵
  PID:2648
- C:\Windows\System\HUCNKPN.exe
  C:\Windows\System\HUCNKPN.exe
  2⤵
  PID:7024
- C:\Windows\System\YuExrIn.exe
  C:\Windows\System\YuExrIn.exe
  2⤵
  PID:6844
- C:\Windows\System\KPuTPNz.exe
  C:\Windows\System\KPuTPNz.exe
  2⤵
  PID:6864
- C:\Windows\System\KPfQEDD.exe
  C:\Windows\System\KPfQEDD.exe
  2⤵
  PID:5412
- C:\Windows\System\JxjoHAh.exe
  C:\Windows\System\JxjoHAh.exe
  2⤵
  PID:6372
- C:\Windows\System\fsaheAP.exe
  C:\Windows\System\fsaheAP.exe
  2⤵
  PID:6276
- C:\Windows\System\enklQpx.exe
  C:\Windows\System\enklQpx.exe
  2⤵
  PID:7160
- C:\Windows\System\OFBfZgq.exe
  C:\Windows\System\OFBfZgq.exe
  2⤵
  PID:6216
- C:\Windows\System\OMdiNfH.exe
  C:\Windows\System\OMdiNfH.exe
  2⤵
  PID:6916
- C:\Windows\System\Kyiayks.exe
  C:\Windows\System\Kyiayks.exe
  2⤵
  PID:6500
- C:\Windows\System\eMLKfxL.exe
  C:\Windows\System\eMLKfxL.exe
  2⤵
  PID:6680
- C:\Windows\System\BXZCHdE.exe
  C:\Windows\System\BXZCHdE.exe
  2⤵
  PID:6692
- C:\Windows\System\Mkecmbd.exe
  C:\Windows\System\Mkecmbd.exe
  2⤵
  PID:7072
- C:\Windows\System\WGNIipT.exe
  C:\Windows\System\WGNIipT.exe
  2⤵
  PID:7112
- C:\Windows\System\uIzrvPM.exe
  C:\Windows\System\uIzrvPM.exe
  2⤵
  PID:584
- C:\Windows\System\BQGdxvi.exe
  C:\Windows\System\BQGdxvi.exe
  2⤵
  PID:336
- C:\Windows\System\NGfUiwj.exe
  C:\Windows\System\NGfUiwj.exe
  2⤵
  PID:6892
- C:\Windows\System\MYLdtJY.exe
  C:\Windows\System\MYLdtJY.exe
  2⤵
  PID:6356
- C:\Windows\System\VkMAVfy.exe
  C:\Windows\System\VkMAVfy.exe
  2⤵
  PID:6904
- C:\Windows\System\Yctixsy.exe
  C:\Windows\System\Yctixsy.exe
  2⤵
  PID:5712
- C:\Windows\System\yEHEmbQ.exe
  C:\Windows\System\yEHEmbQ.exe
  2⤵
  PID:6396
- C:\Windows\System\FEpgGdJ.exe
  C:\Windows\System\FEpgGdJ.exe
  2⤵
  PID:4392
- C:\Windows\System\jdEKEBy.exe
  C:\Windows\System\jdEKEBy.exe
  2⤵
  PID:7172
- C:\Windows\System\kqoYMNB.exe
  C:\Windows\System\kqoYMNB.exe
  2⤵
  PID:7188
- C:\Windows\System\mfTrXrS.exe
  C:\Windows\System\mfTrXrS.exe
  2⤵
  PID:7204
- C:\Windows\System\lYKKTkC.exe
  C:\Windows\System\lYKKTkC.exe
  2⤵
  PID:7224
- C:\Windows\System\RhnBBnX.exe
  C:\Windows\System\RhnBBnX.exe
  2⤵
  PID:7252
- C:\Windows\System\qgrCNmf.exe
  C:\Windows\System\qgrCNmf.exe
  2⤵
  PID:7268
- C:\Windows\System\SrRIxYg.exe
  C:\Windows\System\SrRIxYg.exe
  2⤵
  PID:7284
- C:\Windows\System\amaqgKg.exe
  C:\Windows\System\amaqgKg.exe
  2⤵
  PID:7300
- C:\Windows\System\idQeRgj.exe
  C:\Windows\System\idQeRgj.exe
  2⤵
  PID:7316
- C:\Windows\System\DONiYrQ.exe
  C:\Windows\System\DONiYrQ.exe
  2⤵
  PID:7356
- C:\Windows\System\JQQoWBg.exe
  C:\Windows\System\JQQoWBg.exe
  2⤵
  PID:7376
- C:\Windows\System\SMKucRv.exe
  C:\Windows\System\SMKucRv.exe
  2⤵
  PID:7392
- C:\Windows\System\cyHPdbq.exe
  C:\Windows\System\cyHPdbq.exe
  2⤵
  PID:7408
- C:\Windows\System\fNLbQga.exe
  C:\Windows\System\fNLbQga.exe
  2⤵
  PID:7424
- C:\Windows\System\YStZxfq.exe
  C:\Windows\System\YStZxfq.exe
  2⤵
  PID:7448
- C:\Windows\System\MLzEcaO.exe
  C:\Windows\System\MLzEcaO.exe
  2⤵
  PID:7464
- C:\Windows\System\jWnSnmj.exe
  C:\Windows\System\jWnSnmj.exe
  2⤵
  PID:7488
- C:\Windows\System\YTFrNcW.exe
  C:\Windows\System\YTFrNcW.exe
  2⤵
  PID:7516
- C:\Windows\System\eHfkZja.exe
  C:\Windows\System\eHfkZja.exe
  2⤵
  PID:7532
- C:\Windows\System\towlGVM.exe
  C:\Windows\System\towlGVM.exe
  2⤵
  PID:7548
- C:\Windows\System\tUrtLyj.exe
  C:\Windows\System\tUrtLyj.exe
  2⤵
  PID:7564
- C:\Windows\System\TplobuH.exe
  C:\Windows\System\TplobuH.exe
  2⤵
  PID:7588
- C:\Windows\System\OTFdplp.exe
  C:\Windows\System\OTFdplp.exe
  2⤵
  PID:7612
- C:\Windows\System\hTgDLtb.exe
  C:\Windows\System\hTgDLtb.exe
  2⤵
  PID:7628
- C:\Windows\System\ftkfpun.exe
  C:\Windows\System\ftkfpun.exe
  2⤵
  PID:7644
- C:\Windows\System\JHKsUPI.exe
  C:\Windows\System\JHKsUPI.exe
  2⤵
  PID:7660
- C:\Windows\System\lOOEyWq.exe
  C:\Windows\System\lOOEyWq.exe
  2⤵
  PID:7676
- C:\Windows\System\VIUvGED.exe
  C:\Windows\System\VIUvGED.exe
  2⤵
  PID:7716
- C:\Windows\System\nLfbUOC.exe
  C:\Windows\System\nLfbUOC.exe
  2⤵
  PID:7732
- C:\Windows\System\uDOVPeF.exe
  C:\Windows\System\uDOVPeF.exe
  2⤵
  PID:7748
- C:\Windows\System\exOcgek.exe
  C:\Windows\System\exOcgek.exe
  2⤵
  PID:7764
- C:\Windows\System\pzHUMvd.exe
  C:\Windows\System\pzHUMvd.exe
  2⤵
  PID:7792
- C:\Windows\System\suwioQn.exe
  C:\Windows\System\suwioQn.exe
  2⤵
  PID:7812
- C:\Windows\System\GxmqBqW.exe
  C:\Windows\System\GxmqBqW.exe
  2⤵
  PID:7832
- C:\Windows\System\RHxLaUR.exe
  C:\Windows\System\RHxLaUR.exe
  2⤵
  PID:7852
- C:\Windows\System\DBvEoxY.exe
  C:\Windows\System\DBvEoxY.exe
  2⤵
  PID:7872
- C:\Windows\System\iCAYFSK.exe
  C:\Windows\System\iCAYFSK.exe
  2⤵
  PID:7896
- C:\Windows\System\gvQhKwt.exe
  C:\Windows\System\gvQhKwt.exe
  2⤵
  PID:7912
- C:\Windows\System\SClYnaN.exe
  C:\Windows\System\SClYnaN.exe
  2⤵
  PID:7932
- C:\Windows\System\ipzyWKO.exe
  C:\Windows\System\ipzyWKO.exe
  2⤵
  PID:7952
- C:\Windows\System\JjmHFIm.exe
  C:\Windows\System\JjmHFIm.exe
  2⤵
  PID:7968
- C:\Windows\System\skgGsnb.exe
  C:\Windows\System\skgGsnb.exe
  2⤵
  PID:7992
- C:\Windows\System\CHrkCyi.exe
  C:\Windows\System\CHrkCyi.exe
  2⤵
  PID:8008
- C:\Windows\System\JsanhcM.exe
  C:\Windows\System\JsanhcM.exe
  2⤵
  PID:8028
- C:\Windows\System\vGdRvHI.exe
  C:\Windows\System\vGdRvHI.exe
  2⤵
  PID:8052
- C:\Windows\System\TWKHCZH.exe
  C:\Windows\System\TWKHCZH.exe
  2⤵
  PID:8068
- C:\Windows\System\TOYYgCh.exe
  C:\Windows\System\TOYYgCh.exe
  2⤵
  PID:8084
- C:\Windows\System\GVIIcCp.exe
  C:\Windows\System\GVIIcCp.exe
  2⤵
  PID:8100
- C:\Windows\System\iLhROdt.exe
  C:\Windows\System\iLhROdt.exe
  2⤵
  PID:8116
- C:\Windows\System\PPVNMQZ.exe
  C:\Windows\System\PPVNMQZ.exe
  2⤵
  PID:8132
- C:\Windows\System\RHsqDAg.exe
  C:\Windows\System\RHsqDAg.exe
  2⤵
  PID:8148
- C:\Windows\System\RzjtSPQ.exe
  C:\Windows\System\RzjtSPQ.exe
  2⤵
  PID:8164
- C:\Windows\System\ObVrvob.exe
  C:\Windows\System\ObVrvob.exe
  2⤵
  PID:8180
- C:\Windows\System\pTikGLl.exe
  C:\Windows\System\pTikGLl.exe
  2⤵
  PID:7060
- C:\Windows\System\PFGCxBj.exe
  C:\Windows\System\PFGCxBj.exe
  2⤵
  PID:7036
- C:\Windows\System\McHvuLZ.exe
  C:\Windows\System\McHvuLZ.exe
  2⤵
  PID:7236
- C:\Windows\System\oFUtopb.exe
  C:\Windows\System\oFUtopb.exe
  2⤵
  PID:2692
- C:\Windows\System\vSMqXHO.exe
  C:\Windows\System\vSMqXHO.exe
  2⤵
  PID:7248
- C:\Windows\System\nyInvZa.exe
  C:\Windows\System\nyInvZa.exe
  2⤵
  PID:7180
- C:\Windows\System\vvJPKPp.exe
  C:\Windows\System\vvJPKPp.exe
  2⤵
  PID:7220
- C:\Windows\System\cedFNBc.exe
  C:\Windows\System\cedFNBc.exe
  2⤵
  PID:7336
- C:\Windows\System\lusUFeQ.exe
  C:\Windows\System\lusUFeQ.exe
  2⤵
  PID:7340
- C:\Windows\System\qLiBKfs.exe
  C:\Windows\System\qLiBKfs.exe
  2⤵
  PID:7384
- C:\Windows\System\XXDITpK.exe
  C:\Windows\System\XXDITpK.exe
  2⤵
  PID:7416
- C:\Windows\System\Wnoofcc.exe
  C:\Windows\System\Wnoofcc.exe
  2⤵
  PID:7440
- C:\Windows\System\HkesPZZ.exe
  C:\Windows\System\HkesPZZ.exe
  2⤵
  PID:7432
- C:\Windows\System\lvQaGkR.exe
  C:\Windows\System\lvQaGkR.exe
  2⤵
  PID:7480
- C:\Windows\System\kZTbHxR.exe
  C:\Windows\System\kZTbHxR.exe
  2⤵
  PID:7460
- C:\Windows\System\vJYbSnM.exe
  C:\Windows\System\vJYbSnM.exe
  2⤵
  PID:7512
- C:\Windows\System\kYawnlY.exe
  C:\Windows\System\kYawnlY.exe
  2⤵
  PID:7544
- C:\Windows\System\mtCybAy.exe
  C:\Windows\System\mtCybAy.exe
  2⤵
  PID:7584
- C:\Windows\System\rYHYtlL.exe
  C:\Windows\System\rYHYtlL.exe
  2⤵
  PID:7624
- C:\Windows\System\YixIFaV.exe
  C:\Windows\System\YixIFaV.exe
  2⤵
  PID:7688
- C:\Windows\System\EgemrAF.exe
  C:\Windows\System\EgemrAF.exe
  2⤵
  PID:7608
- C:\Windows\System\wcPyYbs.exe
  C:\Windows\System\wcPyYbs.exe
  2⤵
  PID:7692
- C:\Windows\System\beAmuCO.exe
  C:\Windows\System\beAmuCO.exe
  2⤵
  PID:7708
- C:\Windows\System\GuvUvDu.exe
  C:\Windows\System\GuvUvDu.exe
  2⤵
  PID:7772
- C:\Windows\System\OeFGdsx.exe
  C:\Windows\System\OeFGdsx.exe
  2⤵
  PID:7788
- C:\Windows\System\ktppQQR.exe
  C:\Windows\System\ktppQQR.exe
  2⤵
  PID:7800
- C:\Windows\System\kaPGMZw.exe
  C:\Windows\System\kaPGMZw.exe
  2⤵
  PID:7840
- C:\Windows\System\DpRQSvp.exe
  C:\Windows\System\DpRQSvp.exe
  2⤵
  PID:7828
- C:\Windows\System\mmeAXaz.exe
  C:\Windows\System\mmeAXaz.exe
  2⤵
  PID:7880
- C:\Windows\System\wlZUzII.exe
  C:\Windows\System\wlZUzII.exe
  2⤵
  PID:7928
- C:\Windows\System\WGgYGTQ.exe
  C:\Windows\System\WGgYGTQ.exe
  2⤵
  PID:7964
- C:\Windows\System\MicMHlX.exe
  C:\Windows\System\MicMHlX.exe
  2⤵
  PID:7940
- C:\Windows\System\IoLYHxp.exe
  C:\Windows\System\IoLYHxp.exe
  2⤵
  PID:7988
- C:\Windows\System\NZFldMN.exe
  C:\Windows\System\NZFldMN.exe
  2⤵
  PID:8020
- C:\Windows\System\fnezfGR.exe
  C:\Windows\System\fnezfGR.exe
  2⤵
  PID:8048
- C:\Windows\System\LAAuJzG.exe
  C:\Windows\System\LAAuJzG.exe
  2⤵
  PID:8064
- C:\Windows\System\bUEKOLI.exe
  C:\Windows\System\bUEKOLI.exe
  2⤵
  PID:8096
- C:\Windows\System\wvtTmSU.exe
  C:\Windows\System\wvtTmSU.exe
  2⤵
  PID:8140
- C:\Windows\System\wHzPMjx.exe
  C:\Windows\System\wHzPMjx.exe
  2⤵
  PID:8188
- C:\Windows\System\jKNSOST.exe
  C:\Windows\System\jKNSOST.exe
  2⤵
  PID:7196
- C:\Windows\System\ZHgQOHL.exe
  C:\Windows\System\ZHgQOHL.exe
  2⤵
  PID:6764
- C:\Windows\System\AeHGQpU.exe
  C:\Windows\System\AeHGQpU.exe
  2⤵
  PID:7216
- C:\Windows\System\wvOzLsl.exe
  C:\Windows\System\wvOzLsl.exe
  2⤵
  PID:7352
- C:\Windows\System\PJdxVVj.exe
  C:\Windows\System\PJdxVVj.exe
  2⤵
  PID:7420
- C:\Windows\System\mMdxucM.exe
  C:\Windows\System\mMdxucM.exe
  2⤵
  PID:7444
- C:\Windows\System\WSSMRFd.exe
  C:\Windows\System\WSSMRFd.exe
  2⤵
  PID:7500
- C:\Windows\System\ovLFWEb.exe
  C:\Windows\System\ovLFWEb.exe
  2⤵
  PID:7556
- C:\Windows\System\QpcqWmg.exe
  C:\Windows\System\QpcqWmg.exe
  2⤵
  PID:7576
- C:\Windows\System\eDzVFxz.exe
  C:\Windows\System\eDzVFxz.exe
  2⤵
  PID:7672
- C:\Windows\System\mATkuqh.exe
  C:\Windows\System\mATkuqh.exe
  2⤵
  PID:7656
- C:\Windows\System\qyEBHAx.exe
  C:\Windows\System\qyEBHAx.exe
  2⤵
  PID:7820
- C:\Windows\System\cayVUho.exe
  C:\Windows\System\cayVUho.exe
  2⤵
  PID:7824
- C:\Windows\System\IuUDDTZ.exe
  C:\Windows\System\IuUDDTZ.exe
  2⤵
  PID:8000
- C:\Windows\System\DrPtBCA.exe
  C:\Windows\System\DrPtBCA.exe
  2⤵
  PID:8060
- C:\Windows\System\OCQORrQ.exe
  C:\Windows\System\OCQORrQ.exe
  2⤵
  PID:7756
- C:\Windows\System\CXvljxH.exe
  C:\Windows\System\CXvljxH.exe
  2⤵
  PID:7808
- C:\Windows\System\UcLDhLy.exe
  C:\Windows\System\UcLDhLy.exe
  2⤵
  PID:7924
- C:\Windows\System\lvRhKhH.exe
  C:\Windows\System\lvRhKhH.exe
  2⤵
  PID:8156
- C:\Windows\System\LRWqrLZ.exe
  C:\Windows\System\LRWqrLZ.exe
  2⤵
  PID:8160
- C:\Windows\System\ZSHVebx.exe
  C:\Windows\System\ZSHVebx.exe
  2⤵
  PID:7264
- C:\Windows\System\avYxETR.exe
  C:\Windows\System\avYxETR.exe
  2⤵
  PID:7332
- C:\Windows\System\PcNUZZf.exe
  C:\Windows\System\PcNUZZf.exe
  2⤵
  PID:7292
- C:\Windows\System\AbNXBdD.exe
  C:\Windows\System\AbNXBdD.exe
  2⤵
  PID:1140
- C:\Windows\System\fZugLqj.exe
  C:\Windows\System\fZugLqj.exe
  2⤵
  PID:7684
- C:\Windows\System\mCJaiXh.exe
  C:\Windows\System\mCJaiXh.exe
  2⤵
  PID:576
- C:\Windows\System\qKPdatk.exe
  C:\Windows\System\qKPdatk.exe
  2⤵
  PID:2148
- C:\Windows\System\JQlQiwE.exe
  C:\Windows\System\JQlQiwE.exe
  2⤵
  PID:7844
- C:\Windows\System\GCXMcYy.exe
  C:\Windows\System\GCXMcYy.exe
  2⤵
  PID:8144
- C:\Windows\System\sdNxZqH.exe
  C:\Windows\System\sdNxZqH.exe
  2⤵
  PID:7700
- C:\Windows\System\vwUmNHP.exe
  C:\Windows\System\vwUmNHP.exe
  2⤵
  PID:7976
- C:\Windows\System\BGRKlHl.exe
  C:\Windows\System\BGRKlHl.exe
  2⤵
  PID:8036
- C:\Windows\System\JHBXdPb.exe
  C:\Windows\System\JHBXdPb.exe
  2⤵
  PID:7200
- C:\Windows\System\KQlUHxO.exe
  C:\Windows\System\KQlUHxO.exe
  2⤵
  PID:7324
- C:\Windows\System\SauDdtj.exe
  C:\Windows\System\SauDdtj.exe
  2⤵
  PID:7260
- C:\Windows\System\PYMOgMY.exe
  C:\Windows\System\PYMOgMY.exe
  2⤵
  PID:7784
- C:\Windows\System\kexSNCZ.exe
  C:\Windows\System\kexSNCZ.exe
  2⤵
  PID:8044
- C:\Windows\System\kgvmaMd.exe
  C:\Windows\System\kgvmaMd.exe
  2⤵
  PID:2404
- C:\Windows\System\pAZcFeR.exe
  C:\Windows\System\pAZcFeR.exe
  2⤵
  PID:1544
- C:\Windows\System\XRCKwWL.exe
  C:\Windows\System\XRCKwWL.exe
  2⤵
  PID:7892
- C:\Windows\System\LTDHbym.exe
  C:\Windows\System\LTDHbym.exe
  2⤵
  PID:7504
- C:\Windows\System\moaLnCD.exe
  C:\Windows\System\moaLnCD.exe
  2⤵
  PID:1636
- C:\Windows\System\iLtpMtT.exe
  C:\Windows\System\iLtpMtT.exe
  2⤵
  PID:2300
- C:\Windows\System\TEPBWHU.exe
  C:\Windows\System\TEPBWHU.exe
  2⤵
  PID:2416
- C:\Windows\System\WGcSzdP.exe
  C:\Windows\System\WGcSzdP.exe
  2⤵
  PID:7244
- C:\Windows\System\oQhNaQP.exe
  C:\Windows\System\oQhNaQP.exe
  2⤵
  PID:1148
- C:\Windows\System\mJpTWAt.exe
  C:\Windows\System\mJpTWAt.exe
  2⤵
  PID:7760
- C:\Windows\System\kHPPfCM.exe
  C:\Windows\System\kHPPfCM.exe
  2⤵
  PID:8208
- C:\Windows\System\vnXQxPb.exe
  C:\Windows\System\vnXQxPb.exe
  2⤵
  PID:8224
- C:\Windows\System\dGwrAuk.exe
  C:\Windows\System\dGwrAuk.exe
  2⤵
  PID:8240
- C:\Windows\System\gsJOhGr.exe
  C:\Windows\System\gsJOhGr.exe
  2⤵
  PID:8256
- C:\Windows\System\GaVbpgS.exe
  C:\Windows\System\GaVbpgS.exe
  2⤵
  PID:8272
- C:\Windows\System\uJnKDpC.exe
  C:\Windows\System\uJnKDpC.exe
  2⤵
  PID:8288
- C:\Windows\System\GrDjkwW.exe
  C:\Windows\System\GrDjkwW.exe
  2⤵
  PID:8304
- C:\Windows\System\VhCIBAQ.exe
  C:\Windows\System\VhCIBAQ.exe
  2⤵
  PID:8320
- C:\Windows\System\rRUfcoj.exe
  C:\Windows\System\rRUfcoj.exe
  2⤵
  PID:8336
- C:\Windows\System\cCNKLIo.exe
  C:\Windows\System\cCNKLIo.exe
  2⤵
  PID:8352
- C:\Windows\System\JvuAEtz.exe
  C:\Windows\System\JvuAEtz.exe
  2⤵
  PID:8368
- C:\Windows\System\EefCPYE.exe
  C:\Windows\System\EefCPYE.exe
  2⤵
  PID:8384
- C:\Windows\System\zFbuboF.exe
  C:\Windows\System\zFbuboF.exe
  2⤵
  PID:8400
- C:\Windows\System\vrxNUNs.exe
  C:\Windows\System\vrxNUNs.exe
  2⤵
  PID:8416
- C:\Windows\System\eywHQiq.exe
  C:\Windows\System\eywHQiq.exe
  2⤵
  PID:8432
- C:\Windows\System\ZNOspVX.exe
  C:\Windows\System\ZNOspVX.exe
  2⤵
  PID:8448
- C:\Windows\System\ehfcdfz.exe
  C:\Windows\System\ehfcdfz.exe
  2⤵
  PID:8464
- C:\Windows\System\tHbopWU.exe
  C:\Windows\System\tHbopWU.exe
  2⤵
  PID:8480
- C:\Windows\System\cjQjrBE.exe
  C:\Windows\System\cjQjrBE.exe
  2⤵
  PID:8496
- C:\Windows\System\qaOMeaH.exe
  C:\Windows\System\qaOMeaH.exe
  2⤵
  PID:8512
- C:\Windows\System\VlNhWtR.exe
  C:\Windows\System\VlNhWtR.exe
  2⤵
  PID:8528
- C:\Windows\System\GzHqQPK.exe
  C:\Windows\System\GzHqQPK.exe
  2⤵
  PID:8544
- C:\Windows\System\YQcDzWb.exe
  C:\Windows\System\YQcDzWb.exe
  2⤵
  PID:8780
- C:\Windows\System\FuFvofN.exe
  C:\Windows\System\FuFvofN.exe
  2⤵
  PID:9012
- C:\Windows\System\lRsYDop.exe
  C:\Windows\System\lRsYDop.exe
  2⤵
  PID:9028
- C:\Windows\System\nCLTXJm.exe
  C:\Windows\System\nCLTXJm.exe
  2⤵
  PID:9044
- C:\Windows\System\gHzSqPM.exe
  C:\Windows\System\gHzSqPM.exe
  2⤵
  PID:9064
- C:\Windows\System\HemdUIn.exe
  C:\Windows\System\HemdUIn.exe
  2⤵
  PID:9080
- C:\Windows\System\Rpozgqv.exe
  C:\Windows\System\Rpozgqv.exe
  2⤵
  PID:9096
- C:\Windows\System\UsUTmzR.exe
  C:\Windows\System\UsUTmzR.exe
  2⤵
  PID:9112
- C:\Windows\System\GkrnSgo.exe
  C:\Windows\System\GkrnSgo.exe
  2⤵
  PID:9128
- C:\Windows\System\ypzGBZo.exe
  C:\Windows\System\ypzGBZo.exe
  2⤵
  PID:9144
- C:\Windows\System\oLHlyTs.exe
  C:\Windows\System\oLHlyTs.exe
  2⤵
  PID:9160
- C:\Windows\System\AGwcnTK.exe
  C:\Windows\System\AGwcnTK.exe
  2⤵
  PID:9176
- C:\Windows\System\JCYkLAY.exe
  C:\Windows\System\JCYkLAY.exe
  2⤵
  PID:9192
- C:\Windows\System\HDFurqx.exe
  C:\Windows\System\HDFurqx.exe
  2⤵
  PID:9208
- C:\Windows\System\aqeWmsi.exe
  C:\Windows\System\aqeWmsi.exe
  2⤵
  PID:1792
- C:\Windows\System\hVqVFKz.exe
  C:\Windows\System\hVqVFKz.exe
  2⤵
  PID:1528
- C:\Windows\System\TpTzHLa.exe
  C:\Windows\System\TpTzHLa.exe
  2⤵
  PID:8204
- C:\Windows\System\nvadDxb.exe
  C:\Windows\System\nvadDxb.exe
  2⤵
  PID:8264
- C:\Windows\System\fPNXmwW.exe
  C:\Windows\System\fPNXmwW.exe
  2⤵
  PID:8248
- C:\Windows\System\HzyKXJV.exe
  C:\Windows\System\HzyKXJV.exe
  2⤵
  PID:8316
- C:\Windows\System\PVQNBEw.exe
  C:\Windows\System\PVQNBEw.exe
  2⤵
  PID:8376
- C:\Windows\System\pTasNOE.exe
  C:\Windows\System\pTasNOE.exe
  2⤵
  PID:8332
- C:\Windows\System\AVNAqlI.exe
  C:\Windows\System\AVNAqlI.exe
  2⤵
  PID:8364
- C:\Windows\System\oKyMelU.exe
  C:\Windows\System\oKyMelU.exe
  2⤵
  PID:8440
- C:\Windows\System\fHRnLal.exe
  C:\Windows\System\fHRnLal.exe
  2⤵
  PID:8504
- C:\Windows\System\iLTTbsM.exe
  C:\Windows\System\iLTTbsM.exe
  2⤵
  PID:8428
- C:\Windows\System\jgVxaAE.exe
  C:\Windows\System\jgVxaAE.exe
  2⤵
  PID:8492
- C:\Windows\System\ookJxFr.exe
  C:\Windows\System\ookJxFr.exe
  2⤵
  PID:8552
- C:\Windows\System\HmDnXSD.exe
  C:\Windows\System\HmDnXSD.exe
  2⤵
  PID:8576
- C:\Windows\System\WEYNSYy.exe
  C:\Windows\System\WEYNSYy.exe
  2⤵
  PID:8592
- C:\Windows\System\OeQjtHs.exe
  C:\Windows\System\OeQjtHs.exe
  2⤵
  PID:8608
- C:\Windows\System\DMoRlUB.exe
  C:\Windows\System\DMoRlUB.exe
  2⤵
  PID:8624
- C:\Windows\System\SVnkyYP.exe
  C:\Windows\System\SVnkyYP.exe
  2⤵
  PID:8636
- C:\Windows\System\fzYNgby.exe
  C:\Windows\System\fzYNgby.exe
  2⤵
  PID:8652
- C:\Windows\System\ulVEHKg.exe
  C:\Windows\System\ulVEHKg.exe
  2⤵
  PID:8668
- C:\Windows\System\meKtomR.exe
  C:\Windows\System\meKtomR.exe
  2⤵
  PID:8684
- C:\Windows\System\snquale.exe
  C:\Windows\System\snquale.exe
  2⤵
  PID:8700
- C:\Windows\System\DtEUCAb.exe
  C:\Windows\System\DtEUCAb.exe
  2⤵
  PID:8716
- C:\Windows\System\YdudzZx.exe
  C:\Windows\System\YdudzZx.exe
  2⤵
  PID:8728
- C:\Windows\System\MKYgQyw.exe
  C:\Windows\System\MKYgQyw.exe
  2⤵
  PID:8744
- C:\Windows\System\dScOtYb.exe
  C:\Windows\System\dScOtYb.exe
  2⤵
  PID:8760
- C:\Windows\System\uHKKEBy.exe
  C:\Windows\System\uHKKEBy.exe
  2⤵
  PID:8776
- C:\Windows\System\eorAeHA.exe
  C:\Windows\System\eorAeHA.exe
  2⤵
  PID:8800
- C:\Windows\System\pOyGIat.exe
  C:\Windows\System\pOyGIat.exe
  2⤵
  PID:8816
- C:\Windows\System\ZWYwwpC.exe
  C:\Windows\System\ZWYwwpC.exe
  2⤵
  PID:8832
- C:\Windows\System\UazkJWY.exe
  C:\Windows\System\UazkJWY.exe
  2⤵
  PID:8840
- C:\Windows\System\KInKGzJ.exe
  C:\Windows\System\KInKGzJ.exe
  2⤵
  PID:8856
- C:\Windows\System\arrdLWi.exe
  C:\Windows\System\arrdLWi.exe
  2⤵
  PID:8884
- C:\Windows\System\wVfRxBC.exe
  C:\Windows\System\wVfRxBC.exe
  2⤵
  PID:8896
- C:\Windows\System\wTGqrMY.exe
  C:\Windows\System\wTGqrMY.exe
  2⤵
  PID:8912
- C:\Windows\System\IiaXweF.exe
  C:\Windows\System\IiaXweF.exe
  2⤵
  PID:8928
- C:\Windows\System\jMoODKq.exe
  C:\Windows\System\jMoODKq.exe
  2⤵
  PID:8944
- C:\Windows\System\KGuaIYA.exe
  C:\Windows\System\KGuaIYA.exe
  2⤵
  PID:8960
- C:\Windows\System\MmSLnzy.exe
  C:\Windows\System\MmSLnzy.exe
  2⤵
  PID:8976
- C:\Windows\System\BdnTLFG.exe
  C:\Windows\System\BdnTLFG.exe
  2⤵
  PID:8992
- C:\Windows\System\PdDdtIe.exe
  C:\Windows\System\PdDdtIe.exe
  2⤵
  PID:9020
- C:\Windows\System\oWTSaNw.exe
  C:\Windows\System\oWTSaNw.exe
  2⤵
  PID:9036
- C:\Windows\System\ttrEpfT.exe
  C:\Windows\System\ttrEpfT.exe
  2⤵
  PID:9052
- C:\Windows\System\sngqfSj.exe
  C:\Windows\System\sngqfSj.exe
  2⤵
  PID:9156
- C:\Windows\System\hCDxPxL.exe
  C:\Windows\System\hCDxPxL.exe
  2⤵
  PID:9124
- C:\Windows\System\TLsTrsh.exe
  C:\Windows\System\TLsTrsh.exe
  2⤵
  PID:9140
- C:\Windows\System\MfmzqwZ.exe
  C:\Windows\System\MfmzqwZ.exe
  2⤵
  PID:1480
- C:\Windows\System\NsjdBxz.exe
  C:\Windows\System\NsjdBxz.exe
  2⤵
  PID:2216
- C:\Windows\System\NhGLZSv.exe
  C:\Windows\System\NhGLZSv.exe
  2⤵
  PID:1616
- C:\Windows\System\IGJYlvX.exe
  C:\Windows\System\IGJYlvX.exe
  2⤵
  PID:988
- C:\Windows\System\XAINHAP.exe
  C:\Windows\System\XAINHAP.exe
  2⤵
  PID:9184
- C:\Windows\System\iXOnFrh.exe
  C:\Windows\System\iXOnFrh.exe
  2⤵
  PID:8232
- C:\Windows\System\gwZXwUu.exe
  C:\Windows\System\gwZXwUu.exe
  2⤵
  PID:8268
- C:\Windows\System\iWIjpOd.exe
  C:\Windows\System\iWIjpOd.exe
  2⤵
  PID:8300
- C:\Windows\System\XkzfHEx.exe
  C:\Windows\System\XkzfHEx.exe
  2⤵
  PID:8348
- C:\Windows\System\ltbUVQl.exe
  C:\Windows\System\ltbUVQl.exe
  2⤵
  PID:8476
- C:\Windows\System\ViuaZvK.exe
  C:\Windows\System\ViuaZvK.exe
  2⤵
  PID:8572
- C:\Windows\System\zpJSqLU.exe
  C:\Windows\System\zpJSqLU.exe
  2⤵
  PID:8596
- C:\Windows\System\nsRNdss.exe
  C:\Windows\System\nsRNdss.exe
  2⤵
  PID:8660
- C:\Windows\System\VQYhKlO.exe
  C:\Windows\System\VQYhKlO.exe
  2⤵
  PID:8644
- C:\Windows\System\vaRNEor.exe
  C:\Windows\System\vaRNEor.exe
  2⤵
  PID:8584
- C:\Windows\System\zEvpvWh.exe
  C:\Windows\System\zEvpvWh.exe
  2⤵
  PID:8720
- C:\Windows\System\lvVcdBm.exe
  C:\Windows\System\lvVcdBm.exe
  2⤵
  PID:8680
- C:\Windows\System\upaRhwE.exe
  C:\Windows\System\upaRhwE.exe
  2⤵
  PID:8740
- C:\Windows\System\hgCTFPZ.exe
  C:\Windows\System\hgCTFPZ.exe
  2⤵
  PID:8808
- C:\Windows\System\CwUBPex.exe
  C:\Windows\System\CwUBPex.exe
  2⤵
  PID:8880
- C:\Windows\System\FrJUupH.exe
  C:\Windows\System\FrJUupH.exe
  2⤵
  PID:8892
- C:\Windows\System\KDVHpZX.exe
  C:\Windows\System\KDVHpZX.exe
  2⤵
  PID:8812
- C:\Windows\System\RsRonzg.exe
  C:\Windows\System\RsRonzg.exe
  2⤵
  PID:8940
- C:\Windows\System\wXNhCbi.exe
  C:\Windows\System\wXNhCbi.exe
  2⤵
  PID:8956
- C:\Windows\System\sTBcCxQ.exe
  C:\Windows\System\sTBcCxQ.exe
  2⤵
  PID:9004
- C:\Windows\System\VDVCimG.exe
  C:\Windows\System\VDVCimG.exe
  2⤵
  PID:9120
- C:\Windows\System\CODUWDt.exe
  C:\Windows\System\CODUWDt.exe
  2⤵
  PID:9040
- C:\Windows\System\PVcfRsE.exe
  C:\Windows\System\PVcfRsE.exe
  2⤵
  PID:8216
- C:\Windows\System\eYSyxEn.exe
  C:\Windows\System\eYSyxEn.exe
  2⤵
  PID:1712
- C:\Windows\System\WWXhyTi.exe
  C:\Windows\System\WWXhyTi.exe
  2⤵
  PID:2212
- C:\Windows\System\tESpOSE.exe
  C:\Windows\System\tESpOSE.exe
  2⤵
  PID:8328
- C:\Windows\System\gQmcSIz.exe
  C:\Windows\System\gQmcSIz.exe
  2⤵
  PID:8488
- C:\Windows\System\ieudqJn.exe
  C:\Windows\System\ieudqJn.exe
  2⤵
  PID:8092
- C:\Windows\System\WqIjiNg.exe
  C:\Windows\System\WqIjiNg.exe
  2⤵
  PID:8344
- C:\Windows\System\KNAZbJA.exe
  C:\Windows\System\KNAZbJA.exe
  2⤵
  PID:8676
- C:\Windows\System\bwuAFnx.exe
  C:\Windows\System\bwuAFnx.exe
  2⤵
  PID:8412
- C:\Windows\System\UECsroA.exe
  C:\Windows\System\UECsroA.exe
  2⤵
  PID:8620
- C:\Windows\System\poaUJDE.exe
  C:\Windows\System\poaUJDE.exe
  2⤵
  PID:8908
- C:\Windows\System\KzIiVcF.exe
  C:\Windows\System\KzIiVcF.exe
  2⤵
  PID:8736
- C:\Windows\System\GnkWqic.exe
  C:\Windows\System\GnkWqic.exe
  2⤵
  PID:8824
- C:\Windows\System\rOdErwS.exe
  C:\Windows\System\rOdErwS.exe
  2⤵
  PID:8952
- C:\Windows\System\YsVDgPQ.exe
  C:\Windows\System\YsVDgPQ.exe
  2⤵
  PID:9136
- C:\Windows\System\WGdsahs.exe
  C:\Windows\System\WGdsahs.exe
  2⤵
  PID:2616
- C:\Windows\System\YBSikAs.exe
  C:\Windows\System\YBSikAs.exe
  2⤵
  PID:2128
- C:\Windows\System\MbWYWNW.exe
  C:\Windows\System\MbWYWNW.exe
  2⤵
  PID:9204
- C:\Windows\System\LpAXXJo.exe
  C:\Windows\System\LpAXXJo.exe
  2⤵
  PID:8524
- C:\Windows\System\SbEKmtd.exe
  C:\Windows\System\SbEKmtd.exe
  2⤵
  PID:8556
- C:\Windows\System\QNNJzmy.exe
  C:\Windows\System\QNNJzmy.exe
  2⤵
  PID:8852
- C:\Windows\System\goqCrTF.exe
  C:\Windows\System\goqCrTF.exe
  2⤵
  PID:9104
- C:\Windows\System\cfxkDRu.exe
  C:\Windows\System\cfxkDRu.exe
  2⤵
  PID:8968
- C:\Windows\System\aWctoPp.exe
  C:\Windows\System\aWctoPp.exe
  2⤵
  PID:8876
- C:\Windows\System\lOCKbmn.exe
  C:\Windows\System\lOCKbmn.exe
  2⤵
  PID:9232
- C:\Windows\System\paRjCAh.exe
  C:\Windows\System\paRjCAh.exe
  2⤵
  PID:9248
- C:\Windows\System\ZoNUSxy.exe
  C:\Windows\System\ZoNUSxy.exe
  2⤵
  PID:9264
- C:\Windows\System\kfPxnbl.exe
  C:\Windows\System\kfPxnbl.exe
  2⤵
  PID:9280
- C:\Windows\System\jgwIqwE.exe
  C:\Windows\System\jgwIqwE.exe
  2⤵
  PID:9296
- C:\Windows\System\PGSpJLr.exe
  C:\Windows\System\PGSpJLr.exe
  2⤵
  PID:9312
- C:\Windows\System\VPezbpA.exe
  C:\Windows\System\VPezbpA.exe
  2⤵
  PID:9328
- C:\Windows\System\MLbBESb.exe
  C:\Windows\System\MLbBESb.exe
  2⤵
  PID:9344
- C:\Windows\System\AgSMpfc.exe
  C:\Windows\System\AgSMpfc.exe
  2⤵
  PID:9360
- C:\Windows\System\SvrrdWd.exe
  C:\Windows\System\SvrrdWd.exe
  2⤵
  PID:9376
- C:\Windows\System\vlvwHCD.exe
  C:\Windows\System\vlvwHCD.exe
  2⤵
  PID:9404
- C:\Windows\System\XWvgqYe.exe
  C:\Windows\System\XWvgqYe.exe
  2⤵
  PID:9420
- C:\Windows\System\WKucUms.exe
  C:\Windows\System\WKucUms.exe
  2⤵
  PID:9436
- C:\Windows\System\iaHyAcK.exe
  C:\Windows\System\iaHyAcK.exe
  2⤵
  PID:9452
- C:\Windows\System\KBYQAqq.exe
  C:\Windows\System\KBYQAqq.exe
  2⤵
  PID:9468
- C:\Windows\System\AuutAAE.exe
  C:\Windows\System\AuutAAE.exe
  2⤵
  PID:9484
- C:\Windows\System\mGCDWgp.exe
  C:\Windows\System\mGCDWgp.exe
  2⤵
  PID:9500
- C:\Windows\System\vQWdvYR.exe
  C:\Windows\System\vQWdvYR.exe
  2⤵
  PID:9516
- C:\Windows\System\LFtrmOl.exe
  C:\Windows\System\LFtrmOl.exe
  2⤵
  PID:9532
- C:\Windows\System\gUyqFnC.exe
  C:\Windows\System\gUyqFnC.exe
  2⤵
  PID:9548
- C:\Windows\System\UFPZHHN.exe
  C:\Windows\System\UFPZHHN.exe
  2⤵
  PID:9564
- C:\Windows\System\vhgRdVC.exe
  C:\Windows\System\vhgRdVC.exe
  2⤵
  PID:9584
- C:\Windows\System\MnVMbmk.exe
  C:\Windows\System\MnVMbmk.exe
  2⤵
  PID:9600
- C:\Windows\System\xomSDVh.exe
  C:\Windows\System\xomSDVh.exe
  2⤵
  PID:9616
- C:\Windows\System\ZzqLlzZ.exe
  C:\Windows\System\ZzqLlzZ.exe
  2⤵
  PID:9632
- C:\Windows\System\qtreVqS.exe
  C:\Windows\System\qtreVqS.exe
  2⤵
  PID:9648
- C:\Windows\System\LkeRgQA.exe
  C:\Windows\System\LkeRgQA.exe
  2⤵
  PID:9664
- C:\Windows\System\tTEhYhJ.exe
  C:\Windows\System\tTEhYhJ.exe
  2⤵
  PID:9680
- C:\Windows\System\QBPbpCt.exe
  C:\Windows\System\QBPbpCt.exe
  2⤵
  PID:9696
- C:\Windows\System\fDinyFu.exe
  C:\Windows\System\fDinyFu.exe
  2⤵
  PID:9712
- C:\Windows\System\ONsysdn.exe
  C:\Windows\System\ONsysdn.exe
  2⤵
  PID:9728
- C:\Windows\System\tGIpgyF.exe
  C:\Windows\System\tGIpgyF.exe
  2⤵
  PID:9744
- C:\Windows\System\EBRdWdk.exe
  C:\Windows\System\EBRdWdk.exe
  2⤵
  PID:9760
- C:\Windows\System\tpEmMol.exe
  C:\Windows\System\tpEmMol.exe
  2⤵
  PID:9776
- C:\Windows\System\tePQKXI.exe
  C:\Windows\System\tePQKXI.exe
  2⤵
  PID:9792
- C:\Windows\System\dKzYnwT.exe
  C:\Windows\System\dKzYnwT.exe
  2⤵
  PID:9808
- C:\Windows\System\BFTxVgU.exe
  C:\Windows\System\BFTxVgU.exe
  2⤵
  PID:9824
- C:\Windows\System\wPmMRiC.exe
  C:\Windows\System\wPmMRiC.exe
  2⤵
  PID:9840
- C:\Windows\System\cvIzCSQ.exe
  C:\Windows\System\cvIzCSQ.exe
  2⤵
  PID:9856
- C:\Windows\System\oWFZQrO.exe
  C:\Windows\System\oWFZQrO.exe
  2⤵
  PID:9872
- C:\Windows\System\KGqyQfZ.exe
  C:\Windows\System\KGqyQfZ.exe
  2⤵
  PID:9892
- C:\Windows\System\FmzwPkT.exe
  C:\Windows\System\FmzwPkT.exe
  2⤵
  PID:9908
- C:\Windows\System\IImOQkX.exe
  C:\Windows\System\IImOQkX.exe
  2⤵
  PID:9924
- C:\Windows\System\oVvzyjS.exe
  C:\Windows\System\oVvzyjS.exe
  2⤵
  PID:9940
- C:\Windows\System\ipOlyZK.exe
  C:\Windows\System\ipOlyZK.exe
  2⤵
  PID:9956
- C:\Windows\System\jcWMbss.exe
  C:\Windows\System\jcWMbss.exe
  2⤵
  PID:9972
- C:\Windows\System\NsWJbfJ.exe
  C:\Windows\System\NsWJbfJ.exe
  2⤵
  PID:9988
- C:\Windows\System\RrwFDDD.exe
  C:\Windows\System\RrwFDDD.exe
  2⤵
  PID:10004
- C:\Windows\System\ysoSpNR.exe
  C:\Windows\System\ysoSpNR.exe
  2⤵
  PID:10020
- C:\Windows\System\buoZWEb.exe
  C:\Windows\System\buoZWEb.exe
  2⤵
  PID:10036
- C:\Windows\System\ZkwwMSc.exe
  C:\Windows\System\ZkwwMSc.exe
  2⤵
  PID:10056
- C:\Windows\System\xuVWLbO.exe
  C:\Windows\System\xuVWLbO.exe
  2⤵
  PID:10076
- C:\Windows\System\UpDSkMu.exe
  C:\Windows\System\UpDSkMu.exe
  2⤵
  PID:10092
- C:\Windows\System\kPbhSGg.exe
  C:\Windows\System\kPbhSGg.exe
  2⤵
  PID:10108
- C:\Windows\System\VVmbuQs.exe
  C:\Windows\System\VVmbuQs.exe
  2⤵
  PID:10124
- C:\Windows\System\dWvEvir.exe
  C:\Windows\System\dWvEvir.exe
  2⤵
  PID:10140
- C:\Windows\System\uaTlIfh.exe
  C:\Windows\System\uaTlIfh.exe
  2⤵
  PID:10156
- C:\Windows\System\tpZpIdW.exe
  C:\Windows\System\tpZpIdW.exe
  2⤵
  PID:10176
- C:\Windows\System\tiyxihI.exe
  C:\Windows\System\tiyxihI.exe
  2⤵
  PID:10192
- C:\Windows\System\AydmJYV.exe
  C:\Windows\System\AydmJYV.exe
  2⤵
  PID:10208
- C:\Windows\System\zYsnMpm.exe
  C:\Windows\System\zYsnMpm.exe
  2⤵
  PID:10224
- C:\Windows\System\NdqRXCQ.exe
  C:\Windows\System\NdqRXCQ.exe
  2⤵
  PID:8200
- C:\Windows\System\cBllMTY.exe
  C:\Windows\System\cBllMTY.exe
  2⤵
  PID:9240
- C:\Windows\System\uISNoDT.exe
  C:\Windows\System\uISNoDT.exe
  2⤵
  PID:9276
- C:\Windows\System\jPEVFGF.exe
  C:\Windows\System\jPEVFGF.exe
  2⤵
  PID:9340
- C:\Windows\System\RKfyoPI.exe
  C:\Windows\System\RKfyoPI.exe
  2⤵
  PID:8996
- C:\Windows\System\DldRCKu.exe
  C:\Windows\System\DldRCKu.exe
  2⤵
  PID:9372
- C:\Windows\System\AEQqoda.exe
  C:\Windows\System\AEQqoda.exe
  2⤵
  PID:9292
- C:\Windows\System\ImuuOJr.exe
  C:\Windows\System\ImuuOJr.exe
  2⤵
  PID:9384
- C:\Windows\System\TKQQOMr.exe
  C:\Windows\System\TKQQOMr.exe
  2⤵
  PID:9428
- C:\Windows\System\baBVkVD.exe
  C:\Windows\System\baBVkVD.exe
  2⤵
  PID:9508
- C:\Windows\System\cMbOKRH.exe
  C:\Windows\System\cMbOKRH.exe
  2⤵
  PID:9572
- C:\Windows\System\ODMQnSN.exe
  C:\Windows\System\ODMQnSN.exe
  2⤵
  PID:9396
- C:\Windows\System\CuKZpkz.exe
  C:\Windows\System\CuKZpkz.exe
  2⤵
  PID:9496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AeuENwg.exe

Filesize
6.0MB

MD5
6d51fa319124ad4d3cb73890d341d8c6

SHA1
ce36cfe5e5c7b49866e853a32f4f1747ba4d1491

SHA256
41f2d70e99b08b63a66a15ec69d5c6deb3aa9bf47c39e061cadda776984daeea

SHA512
d9f331746eb32fd8f05e9ac1687753965d759d0862ed02e9b742a188d9aa97083d9b26021ee91cbbeff5a0f762d01904ba4665fb65f4e5e9a633d716f50cc3b9

Download Submit
C:\Windows\system\BEPZApo.exe

Filesize
6.0MB

MD5
bbe35886b02f504b5c5a8502e49e5727

SHA1
a7f7a1d5aed3906e2e72f611911921a76e614401

SHA256
87060e3ff2b6022d4be90ad6f385eab196ae611f8a2d910dee85d81740f82ed8

SHA512
1a78611e5543aa961ba83800481ccad9d98d74943b644487ab7972dd6d11f461ce5df761f44c149ffb69af65e8b5aa5d93f772d80587f93a21c3a48c10017c9c

Download Submit
C:\Windows\system\BFyoJsE.exe

Filesize
6.0MB

MD5
c374ee1e932c9742eeacb8cc2fa7655f

SHA1
95b34f16a05402852698a9c9289b16deccf86723

SHA256
7c84a898c8e6e78d5f0e28e57da520138d3e82be48d9ac532de9ec047b731fa2

SHA512
560b19106a7518d6d43effd346700a3de3e8f2b16ba4dcf5fef5408da05c703b18fb43c98c5f9970f14d52d94854f5989da59ee706de9fbef965e7bf70f19547

Download Submit
C:\Windows\system\FSRRWVz.exe

Filesize
6.0MB

MD5
19d0a09d53afaa82f103381217faf6ad

SHA1
1bb79a9b1488b08e1455f1d7b279f3caec945b7b

SHA256
c704c621b6c712e6b677e4f8e9ce5b033fb1c2b1a3094a78fe7a546a9b345820

SHA512
6be981b79981661a567ac47be9810943803c4db24dd4b9b3d85c767bc37a04f39850684b7a3b2bf7efdb36b6c5d56d5ab99e2ce09bd09d2173a622759fcceb44

Download Submit
C:\Windows\system\HZpsUWL.exe

Filesize
6.0MB

MD5
637d728ed2957406754cdfc505328735

SHA1
6e0f5c534045bb07387f05f7f14a9c6569309214

SHA256
418470b741e7c359ec95e8643691501f5ea549cd9820912937239f192937bccc

SHA512
2de55df6cd340e70e26d20cf9f8979bcf8cbd176ee397a78f6e5a5af748435210a217974db15c5faafdeaed79365f192daa8ae29c9e5fc045a6b84ed5f531ef1

Download Submit
C:\Windows\system\HjcsGri.exe

Filesize
6.0MB

MD5
103ba4ec810ce3adfe2156f03933bf5f

SHA1
e7241338a2aa7859b97b62ef5de4040352d405de

SHA256
cbe28b4bebbb42c428b19c8831caf41abfaf834301ca53c37665d6b2f46ff06c

SHA512
604adfdd66bf562bc4380b9c844171fbdc705031f9b7a5e18d6c16f1cbc0446eebbfad39f71d074b352112f0ddfe7504823ba902882014874214955fd046b5cd

Download Submit
C:\Windows\system\MgfkxhB.exe

Filesize
6.0MB

MD5
c0ed4dae482c38fbb0d43e6d519dacf0

SHA1
846331960677e647c73218275564e385e14511e6

SHA256
4bdcfa20667ab3088e342a49e3b78a158f90bfc90e318566093613446942c919

SHA512
bf9c5211d0aa59bcc3294d2a5796c63511344a527c70d0cec65253dc7eb13a06dbdfd5f95d7bc020e0f64bc9dd9409dc29651732164fb2bb4b0e30cfe872f0f7

Download Submit
C:\Windows\system\NeeRXcz.exe

Filesize
6.0MB

MD5
c1c3bcd7de5adceaa20fac4bebde2452

SHA1
013433149662fa246217547e3a72bd990cf655b8

SHA256
87fd55c2aebff64f8c40c408cc751018b2f666dcb98b33bb0741d9d4ce111aaa

SHA512
176cb07a1e9f76a4ad922956a878a6293e6289293276b691a4499852cec197283b36b37f32a2fd2854a233962ffea85007f281c35fa5a1eb5cee877704d32f11

Download Submit
C:\Windows\system\VfBXyqk.exe

Filesize
6.0MB

MD5
d092cb3eb409db95e9c63dfb326996ec

SHA1
39317f4ba798bea59dc41761a4723018cfc0d22a

SHA256
8b930fd041041f41262a5d69c4b5f0e5d9b3ca2f9b3f1a419c3df300a32c0461

SHA512
20a0b1eea7809bbf2df7fb0fd05a388a84bbb6a00f2d38daa0f705b66ba176b6fbd8467a42ebcca3cff10b1f0f9fd4217bd91e114d0989bbac7f60c25d0fcee4

Download Submit
C:\Windows\system\WWyJqdt.exe

Filesize
6.0MB

MD5
1ea47bb92853c42f93da7fc144f41e25

SHA1
ca61d4d1540e5109b282e2c57523694cb2d24770

SHA256
0a9eff57137eb084e233de7a779ab3da12249cddd51e874bfeaf8d1ab0424369

SHA512
6d81971a9153204e118897da0bd12129579345707c8621200ee43b1d2d18c4893333f048336425adb1a6a24d6d6c58cde2d199c77a4d78bd3c6a8b746d64ee8f

Download Submit
C:\Windows\system\bZvnHNm.exe

Filesize
6.0MB

MD5
ec6c172f45299a071fbdbee98090055a

SHA1
dcd3c7ca8796526262ba64e74929ed714c3b9639

SHA256
c8b0a214fd9515184dfc1a261e358af3e565e370a091bdb4b29bd84a26a4824a

SHA512
68e0b94b83f752a2de8066883fdd51f1f992d7fc3ac0036ebade6034fce61fecfa6ae881f8b77c5a8b64b6b3d31f27cb3fda24ed42e7772b888055d6a58f58b7

Download Submit
C:\Windows\system\bpFckoH.exe

Filesize
6.0MB

MD5
be07401ed8abb13c5736a7b2c014a787

SHA1
fd706e56aac1c36c6478a1d5f10ae6617c4095f9

SHA256
1ec1d0f049fd765f1398386394e004cab15c891600b062dde4b252d03f2878a2

SHA512
fe900a4dd8d05718535c9d49c911d15b3e26ffccb4b637266dd18af4ca767ed765bd15c30f6eed436ba337f81915725c40539220a8b2b1cc8341cc26bf6b0992

Download Submit
C:\Windows\system\cEvBLcp.exe

Filesize
6.0MB

MD5
ef85dfa06f8d08e3c675218d71157f41

SHA1
4095f582fe6a6acfc712fb0fec8f78650df0ab9a

SHA256
3d02b7a272f418cc2e036ecc5a036887b8b5c78c2727bdfa21b29b148d21b119

SHA512
ee27517cf0e086955dcfdcf150e04383b253c0c6b80b95a46c9ab87aae536a6f2f0283b921745438f11f21eb72b5f68e2490d5c6646d8362746af35e93faa156

Download Submit
C:\Windows\system\fPPNEFH.exe

Filesize
6.0MB

MD5
f85b0bbeed3dfa2893ca46e48b52c00a

SHA1
1aaa118c049b6a649efb297ce54eaa57bb27d9aa

SHA256
b5885a88b985ef2d84a1a9ae9692f756f7fea91fb41a658465afcab85707ecd4

SHA512
8d79652075a74382235a4a2b9d877154e2f693f791d391db318b2635fc90c56606a72eef46d08a41176e00b48355412d7c6d27891b251fdb0e24f3a6bcf82646

Download Submit
C:\Windows\system\idMubEj.exe

Filesize
6.0MB

MD5
e6a2e221d7f811549a47ab35abf0d8ba

SHA1
17e4b4c212beda729561e056b8603803f3a5223b

SHA256
a99fcecfb4ace48bc67cae95dc0d15cb4a1a8904e0f33291e063e124973e467b

SHA512
72afa2338e96caf619c7f09498656d1834b85af8352dbb83a790a284eab8c9101140433fc01caf7b793dc54005110684f450b45b49f59eaa04c8ab0a1559349d

Download Submit
C:\Windows\system\kgGBpzz.exe

Filesize
6.0MB

MD5
5db54ef6bb43aadbb216072b14711295

SHA1
13a4e54d2d6743c80ed92d3c97851d4b16220998

SHA256
d7a10b5d3c718335ee1face6d66e13a48e4454d7954f7aa825d0c287e0f3dd2a

SHA512
232ac1157cf1d127f8b615bc834156700a5f697ec204a787c172718334f3d53ee896fd1649374bf01cd7a469e33a2dad3edb1085add4e6c5975d833c4a27cbd7

Download Submit
C:\Windows\system\ktJGFHa.exe

Filesize
6.0MB

MD5
dd6de8976a5ee41afe5a8839b879725c

SHA1
7587fe70b5aade2e2a64454edf702946e6a2e4ba

SHA256
902e06758bb4109ae6717fff94675082ee240148a50391cbb150cbcc58886cc4

SHA512
f5ed810a8ccb01b6af7225ad9402e8365ba4023486cb65f637614ec65cbc384551995ff5078ff224db53acb6e3866543394ed85d0de502f801f611df39dac0df

Download Submit
C:\Windows\system\oZwJdFZ.exe

Filesize
6.0MB

MD5
d8661f3b771975b4de220c3012afbd89

SHA1
013bb5f927b06c2c36b25b0793cbec932f45c4fa

SHA256
84e3f2ba5684addcba3be573d4d0e5cc77bb5671b6c57db16b7048a273ea1690

SHA512
0df8662da3505dd61443812a3b9e722a26ed553bd80ffa0d10e3cb4f07c57cb3c4a01335e9d77de46944389b11d304fec73be20dc01b747391faf97b67f8d9b3

Download Submit
C:\Windows\system\phWIAsK.exe

Filesize
6.0MB

MD5
61f3084d3426a65f534bd376141c3439

SHA1
12c2f71bbdc3f5e6fef3bd12179e397e547a9fbe

SHA256
21c8067a3fe4156c394bd2f6652d03f0f210f9ae61e12b07a783aa8d4e1ab038

SHA512
b2247f2c6b21f737f31bf6f8f54bfcbe7850b064a0b104c399fa053aae79f3b6ac2dd7d0385e129cd5500849c2c9e36afa9dafb856206e6c4009e15d967671f1

Download Submit
C:\Windows\system\qMVOOwg.exe

Filesize
6.0MB

MD5
c1fc026e63db84436b61ad0cdf0e3e8f

SHA1
0d0333cb225ba9e4552df3b9a46a64c630d2bccc

SHA256
4a17c928d4f39a036826012a23a9d9db67c22477857fed8abe31362892c02ba3

SHA512
e4dad19ee31b576b3ac0a7f6d12376e6ca5b296fd2d9a7fa10bd3d0ee2f9465702cf62a6cb0da7b08c5751ae2881d3bb4e221d85a1c316381813be0ff92ec9d8

Download Submit
C:\Windows\system\ruUDmQT.exe

Filesize
6.0MB

MD5
577c8a0aa0dc925f815eb9e5be47fba7

SHA1
6af9f58cb7fcb62b605269eb766624c2d6108bd3

SHA256
2a0c8f6ae398b4dc5dd1e1ecab71b0d86ebc6484dedc3dedfee02959564ab520

SHA512
800c02bac49d0ed0692e47c20720480892b36b0307ed2e7e02476c9c7a7d9579f3b9cd9c71194ec3d4f1e3d6ccbcc40bad0f30f0d8f58d2d9beaf17f663ecc87

Download Submit
C:\Windows\system\sdKoXzp.exe

Filesize
6.0MB

MD5
579022fd48a55de01d44da8e6cd52844

SHA1
560911c29befc84415a0e967a96841ed6bb4cfd8

SHA256
46f66831e171d6510f9612affdb630210aa501226b3bee3de516699e9aba0f2d

SHA512
c181da9dd75f31ff6819498c13785cb675b4b2cfb93ab7f24fb8214bdcb32927a5290b5cdcd05ca4f648d9e2b068beff1ee763c858efc0f46a0541a525c33ef3

Download Submit
C:\Windows\system\spoIVvG.exe

Filesize
6.0MB

MD5
fecba9286916191e06da9a3c9c47fae5

SHA1
2140d56d981be7a03d19415d11cbe84f214f6d6e

SHA256
ca0c0430d728a33425c04de3d9ed8828b4e866cb4095686431a753111bfc5af8

SHA512
1fcf53f1a36a00f7ee911dbaa6fee9d9f22f4a7793acd97eb8b7e283f04e548cdb9a0b13a18438c2e9363b77abf369a1b9a71b4b07567e98f7d58640311e54ab

Download Submit
C:\Windows\system\tRRFZSV.exe

Filesize
6.0MB

MD5
fb21249649a6a5bfa724c27c2961cc02

SHA1
8ec8d3362b7e59b2b77a89ed619f59b206ca41f6

SHA256
a69a4c631a30d83e8c83cca0f696b00ddfe64e3de14b5c37e46f80314860487b

SHA512
1b5aed885d2e9f8f4361fa112de1f684dcc3b3c4ef7e0d6077b7f57472e10a55cb58488fb4d0c6cbb8530b5e85fe085d19f946f7a64202df6ebf627d1961bc14

Download Submit
C:\Windows\system\ugdhymt.exe

Filesize
6.0MB

MD5
9cddcd87aeea344e4a6a486d494978f7

SHA1
d5a5e0980e90a591c5b14d9504dfb6a1f9116911

SHA256
af00d967d70d388c60f03c6bedbd5433419b61c5e40b0236d97aef93ae36f5dd

SHA512
3674426b0dd4892c34b4afd5ec35c252f7a2b303b5c048410aaa29b542cedb1c86f77c345034b4c132a1d22d25b870daa177f1897fde7b47e4dc2b0aa616af3d

Download Submit
C:\Windows\system\vPCiEAO.exe

Filesize
6.0MB

MD5
d2181a174cf496b3ba6e1d4ffc091a31

SHA1
e03392bd56a02d07c3bd4bdcab9b56eb7f45b091

SHA256
2724fb004eaa5cd6b403d69e04905a524766dd86821f3db6ada662faf5a26fc7

SHA512
8c5f20088cebdb8e8cf52ba5def1803686bb43c47b6670d9fb45d13ec859653f669334cca49e8e5a4a5fa36ac06542bbc6a8ced565908a56bdeb0800fef4b38a

Download Submit
C:\Windows\system\wmaVvpd.exe

Filesize
6.0MB

MD5
00444600fec5c331e4df77689b2e3c14

SHA1
3973fdf442529ddfe3fac0c8e31788869112e21d

SHA256
05089dc177af6f7b55413db560eefee68a679d730f9ddbf368064aea5d948979

SHA512
1c575175eac912a8cf9f791d8235884a1f5ad0ce70e676cd915f42eca49ac5719f26aaec7b15dfed982c4c9f4359bf680f512597ff61fbc9937347b21aa71106

Download Submit
C:\Windows\system\xjmXqxJ.exe

Filesize
6.0MB

MD5
0ce6eb2f04f9666b1338c8ec2a92c48e

SHA1
eafdd6a5c51cd91caa0331a77655cf93fae7e13c

SHA256
2775c04960747503a49355354e0c7ac2a762d541bc302126ccf997771d204e75

SHA512
53e6c70ca14d9b239df684587730557f5373ab92d1a78b9ea87b648159296895a6f24f979c7b8e7cf6ac21caffa469b21c7b86087879fae3fc9e72597ab35f60

Download Submit
C:\Windows\system\zZzPMab.exe

Filesize
6.0MB

MD5
78917808156c7ff9d03dd78d2107ffb8

SHA1
1084344b71527c1d5128a6afc1f3ed652f61eb98

SHA256
50fabbca30981b64da501ed675f24f9588785643e383be4cb72eba4bb99386b5

SHA512
76d8655235098c58c8402f0e23367aa6995239989ac720996556943f9ef71e92a74e31a4ae35933dc3cddc087ab3564dabddca99f978861d967334262d835df4

Download Submit
\Windows\system\bVLCdhp.exe

Filesize
6.0MB

MD5
b3e897544d4827cdd957f4c48ac0e421

SHA1
1ab0708b3b2bda143fd818b18ea8d6c5b706b50f

SHA256
15573f811641ea6b684e4d762b6b95bd8deb93716c0fe49f35f886e5911d0e65

SHA512
345dcdbbbe96fe62715b81109558385ac59c9fb1c086e8b7f27d2e261eb25ec65684171794c5260882debcfa96f578027c1160fcf8e83dd68d5a1dd03bbdbfd0

Download Submit
\Windows\system\uDCdbvl.exe

Filesize
6.0MB

MD5
a31c034052047d7f22e48f26eda35987

SHA1
2a6991ff160ba1362bebd321c1d39d2a69308df1

SHA256
7030ff2f8a2d17800b8da5cde1f7d787974ac033910c765d8b8e98efb4dd205c

SHA512
2404144893463612e7fde5d35172f800b9af8d60941b7286cc8c31b0efd6abf3f049e5bed9f24b58c4738799c7bbd20f894f560723570632fdb5c9d07cb9ce0d

Download Submit
\Windows\system\xRovKJE.exe

Filesize
6.0MB

MD5
6ce89c15092cb23d1ed78034cd2679c7

SHA1
3af799b8f1cc7f4578fc103bc6644c414f80d3c3

SHA256
419fa71553919662ff76f610e62f46a49523cfe3ba2f9c563a982873afd8eacb

SHA512
1b97d889c3609c302b531fd005a6b9085eed1bac5a77315834358c8f2325ff5a90305ce69e6a078dd9c2eb4e19809b8cd2183d5173f66d2ebca39d0f4b401127

Download Submit
memory/2100-1657-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2100-373-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-428-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1692-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2140-371-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2140-1651-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-900-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-801-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-855-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2384-372-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-377-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-445-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2384-954-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-901-0x000000013F520000-0x000000013F874000-memory.dmp

Filesize
3.3MB

Download
memory/2384-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-898-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-897-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-896-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-895-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2384-894-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-893-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-892-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-891-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-886-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-379-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-899-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-685-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-14-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2384-443-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-431-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2384-437-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-8-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-435-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-385-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-433-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2384-374-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-446-0x0000000002320000-0x0000000002674000-memory.dmp

Filesize
3.3MB

Download
memory/2384-427-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/2460-388-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-1701-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-12-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2544-1636-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-15-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2548-856-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2548-1836-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2632-436-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2632-1705-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2688-438-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2688-1704-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2752-1706-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-444-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-1690-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-378-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-1702-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-434-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-376-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-1664-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1671-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-380-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-432-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1703-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download