cobaltstrike | a5c64281e2ce92f0e9acf1248ac876dbf3867ae67e9f362e93ee20034f2c362e

Analysis

max time kernel
124s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

44fc11d4dc2146103ff1301f7006afa1
SHA1

bd0ac91dce69f5fc82057dc704ae6517294bede9
SHA256

a5c64281e2ce92f0e9acf1248ac876dbf3867ae67e9f362e93ee20034f2c362e
SHA512

c0fc4c7ec27101696661263efda23c1efa11cb4ecc99c594fa32df93b2dc35795fa9c5c3ed42016015408ffc00b9366b565fde750ebde82b53c2e55ca6bdbf86
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000900000001225f-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c03-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c7c-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca5-21.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016cbc-30.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016cc4-36.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019345-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019369-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019371-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-71.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-95.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-80.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001678f-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-61.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017355-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cb2-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2348-0-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x000900000001225f-6.dat	xmrig
behavioral1/files/0x0008000000016c03-11.dat	xmrig
behavioral1/files/0x0007000000016c7c-12.dat	xmrig
behavioral1/files/0x0007000000016ca5-21.dat	xmrig
behavioral1/files/0x000a000000016cbc-30.dat	xmrig
behavioral1/files/0x0009000000016cc4-36.dat	xmrig
behavioral1/files/0x0005000000019345-45.dat	xmrig
behavioral1/files/0x0005000000019369-50.dat	xmrig
behavioral1/files/0x0005000000019371-55.dat	xmrig
behavioral1/files/0x000500000001938e-71.dat	xmrig
behavioral1/files/0x00050000000193e6-91.dat	xmrig
behavioral1/files/0x00050000000195c4-126.dat	xmrig
behavioral1/files/0x00050000000195c6-131.dat	xmrig
behavioral1/files/0x00050000000195ca-145.dat	xmrig
behavioral1/files/0x00050000000195d0-160.dat	xmrig
behavioral1/memory/2736-880-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2708-1270-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2888-1662-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2576-1776-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2596-1786-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2784-1467-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/3000-1866-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/632-1938-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/1152-1367-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2928-1179-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/1836-2001-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2684-1105-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2264-975-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1364-821-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ce-155.dat	xmrig
behavioral1/files/0x00050000000195cc-151.dat	xmrig
behavioral1/files/0x00050000000195c8-141.dat	xmrig
behavioral1/files/0x00050000000195c7-135.dat	xmrig
behavioral1/files/0x00050000000195c2-120.dat	xmrig
behavioral1/files/0x000500000001958b-115.dat	xmrig
behavioral1/files/0x00050000000194e2-110.dat	xmrig
behavioral1/files/0x000500000001948d-105.dat	xmrig
behavioral1/files/0x000500000001945c-100.dat	xmrig
behavioral1/files/0x00050000000193f0-95.dat	xmrig
behavioral1/files/0x00050000000193d1-85.dat	xmrig
behavioral1/files/0x00050000000193a8-80.dat	xmrig
behavioral1/files/0x000900000001678f-75.dat	xmrig
behavioral1/files/0x0005000000019382-65.dat	xmrig
behavioral1/files/0x000500000001937b-61.dat	xmrig
behavioral1/files/0x0008000000017355-40.dat	xmrig
behavioral1/files/0x0007000000016cb2-26.dat	xmrig
behavioral1/memory/2348-2554-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2348-2686-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2348-2659-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2264-3461-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1152-3460-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1836-3459-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2928-3458-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2684-3457-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/3000-3456-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/632-3455-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2576-3454-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1364-3453-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2784-3452-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2708-3451-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2888-3450-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2736-3449-0x000000013FAD0000-0x000000013FE24000-memory.dmp	xmrig
behavioral1/memory/2596-3448-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1364	ZlbpWuI.exe
2736	eoDwunm.exe
2264	bhOxUwD.exe
2684	nsKFfRG.exe
2928	jPGqAcD.exe
2708	gFTtdWh.exe
1152	okbWkoL.exe
2784	CFWjtBW.exe
2888	HwNuqzQ.exe
2576	MQUKBUG.exe
2596	lbDQgUF.exe
3000	QhadpSt.exe
632	rGgtJlD.exe
1836	IXKWYrg.exe
276	GxlgVeI.exe
1464	gRNguGQ.exe
1764	ZaEzKrH.exe
2456	hmwFQfD.exe
548	HUJCLUH.exe
1912	obtYRVL.exe
2612	eunzvdO.exe
796	AxvNnCU.exe
1968	vCwcqoJ.exe
1796	PMSJLOa.exe
1068	iCuWTtd.exe
2224	vmrcSZQ.exe
2052	RTmirLi.exe
2220	iXUezyy.exe
2384	smLonQt.exe
3068	PvOeqqk.exe
2880	JMuVwJc.exe
1072	UJEbwqZ.exe
1932	kecHTEw.exe
1264	UPIqrsi.exe
928	hmubYUJ.exe
2104	ULuUWHH.exe
1680	ebGGTqA.exe
1532	LigfJwU.exe
1740	CYwNllM.exe
2180	rYnZwao.exe
1780	VdfYufB.exe
1088	sRexpoZ.exe
2344	rtsLcCm.exe
1704	VbDSoVH.exe
1980	mWehuOj.exe
2272	jDCdXnO.exe
2188	xcFJWjX.exe
1756	VisEjqb.exe
1472	hZYOTIr.exe
2212	ZLNQGkv.exe
900	xhiqZxq.exe
2336	zZpCILR.exe
1776	OBwYtCN.exe
888	rHUBenu.exe
340	dVXlhkP.exe
2496	XKqsPrg.exe
1584	dsgtCGP.exe
3020	CkCmAsg.exe
3036	XOnwVPb.exe
2660	gUNPdio.exe
2768	alhNhGS.exe
2704	MRLDGur.exe
2440	JLZMxVX.exe
1600	CkUEsZN.exe

Loads dropped DLL 64 IoCs

pid	Process
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2348-0-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x000900000001225f-6.dat	upx
behavioral1/files/0x0008000000016c03-11.dat	upx
behavioral1/files/0x0007000000016c7c-12.dat	upx
behavioral1/files/0x0007000000016ca5-21.dat	upx
behavioral1/files/0x000a000000016cbc-30.dat	upx
behavioral1/files/0x0009000000016cc4-36.dat	upx
behavioral1/files/0x0005000000019345-45.dat	upx
behavioral1/files/0x0005000000019369-50.dat	upx
behavioral1/files/0x0005000000019371-55.dat	upx
behavioral1/files/0x000500000001938e-71.dat	upx
behavioral1/files/0x00050000000193e6-91.dat	upx
behavioral1/files/0x00050000000195c4-126.dat	upx
behavioral1/files/0x00050000000195c6-131.dat	upx
behavioral1/files/0x00050000000195ca-145.dat	upx
behavioral1/files/0x00050000000195d0-160.dat	upx
behavioral1/memory/2736-880-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2708-1270-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2888-1662-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2576-1776-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2596-1786-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2784-1467-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/3000-1866-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/632-1938-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/1152-1367-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2928-1179-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/1836-2001-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2684-1105-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2264-975-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1364-821-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x00050000000195ce-155.dat	upx
behavioral1/files/0x00050000000195cc-151.dat	upx
behavioral1/files/0x00050000000195c8-141.dat	upx
behavioral1/files/0x00050000000195c7-135.dat	upx
behavioral1/files/0x00050000000195c2-120.dat	upx
behavioral1/files/0x000500000001958b-115.dat	upx
behavioral1/files/0x00050000000194e2-110.dat	upx
behavioral1/files/0x000500000001948d-105.dat	upx
behavioral1/files/0x000500000001945c-100.dat	upx
behavioral1/files/0x00050000000193f0-95.dat	upx
behavioral1/files/0x00050000000193d1-85.dat	upx
behavioral1/files/0x00050000000193a8-80.dat	upx
behavioral1/files/0x000900000001678f-75.dat	upx
behavioral1/files/0x0005000000019382-65.dat	upx
behavioral1/files/0x000500000001937b-61.dat	upx
behavioral1/files/0x0008000000017355-40.dat	upx
behavioral1/files/0x0007000000016cb2-26.dat	upx
behavioral1/memory/2348-2554-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2264-3461-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1152-3460-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1836-3459-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2928-3458-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2684-3457-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/3000-3456-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/632-3455-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2576-3454-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1364-3453-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2784-3452-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2708-3451-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2888-3450-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2736-3449-0x000000013FAD0000-0x000000013FE24000-memory.dmp	upx
behavioral1/memory/2596-3448-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\CKZQFaa.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTxsaYp.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlayzuY.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GAGRxGT.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMzLkpK.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LuxsAQp.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTHDBEE.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HRBOVHf.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tInHVfG.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRKDxWV.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lyGVUkr.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hlvetcu.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxNkahW.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eoGJELb.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjNPEvi.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cxJwCID.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sRexpoZ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBwYtCN.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDFfCKE.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMVKGab.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kecHTEw.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpMlJPi.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JCZIghy.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFnBqje.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnOwsoY.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXZvEpl.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRCSySv.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlpzaVY.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJlwVOx.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kppANAz.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WjBUIQK.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gRNguGQ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YSgJotl.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SARTKaG.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VsmAowq.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzIqxLN.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rejfgbO.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPCsyHq.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xRyjIte.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwJELxe.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CKLfWUU.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAEjZNo.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gcCawep.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtPFYXu.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXWpCTS.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dQBwGkb.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISBmSZF.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRzNzlZ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivkMTTb.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNNdQlT.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EascFXT.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGgVreF.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVMIXYg.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJXCnfP.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hlHodLy.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNgZxDQ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KcqnOUZ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HYhvAnE.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnziVcA.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tLzNLfN.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQNuuod.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GYmeVQe.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vZSrPWk.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXKTLmQ.exe	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1364	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2348 wrote to memory of 1364	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2348 wrote to memory of 1364	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2348 wrote to memory of 2736	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2348 wrote to memory of 2736	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2348 wrote to memory of 2736	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2348 wrote to memory of 2264	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2348 wrote to memory of 2264	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2348 wrote to memory of 2264	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2348 wrote to memory of 2684	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2348 wrote to memory of 2684	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2348 wrote to memory of 2684	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2348 wrote to memory of 2928	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2348 wrote to memory of 2928	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2348 wrote to memory of 2928	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2348 wrote to memory of 2708	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2348 wrote to memory of 2708	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2348 wrote to memory of 2708	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2348 wrote to memory of 1152	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2348 wrote to memory of 1152	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2348 wrote to memory of 1152	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2348 wrote to memory of 2784	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2348 wrote to memory of 2784	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2348 wrote to memory of 2784	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2348 wrote to memory of 2888	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2348 wrote to memory of 2888	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2348 wrote to memory of 2888	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2348 wrote to memory of 2576	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2348 wrote to memory of 2576	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2348 wrote to memory of 2576	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2348 wrote to memory of 2596	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2348 wrote to memory of 2596	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2348 wrote to memory of 2596	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2348 wrote to memory of 3000	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2348 wrote to memory of 3000	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2348 wrote to memory of 3000	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2348 wrote to memory of 632	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2348 wrote to memory of 632	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2348 wrote to memory of 632	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2348 wrote to memory of 1836	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2348 wrote to memory of 1836	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2348 wrote to memory of 1836	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2348 wrote to memory of 276	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2348 wrote to memory of 276	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2348 wrote to memory of 276	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2348 wrote to memory of 1464	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2348 wrote to memory of 1464	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2348 wrote to memory of 1464	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2348 wrote to memory of 1764	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2348 wrote to memory of 1764	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2348 wrote to memory of 1764	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2348 wrote to memory of 2456	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2348 wrote to memory of 2456	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2348 wrote to memory of 2456	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2348 wrote to memory of 548	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2348 wrote to memory of 548	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2348 wrote to memory of 548	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2348 wrote to memory of 1912	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2348 wrote to memory of 1912	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2348 wrote to memory of 1912	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2348 wrote to memory of 2612	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2348 wrote to memory of 2612	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2348 wrote to memory of 2612	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2348 wrote to memory of 796	2348	2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_44fc11d4dc2146103ff1301f7006afa1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\System\ZlbpWuI.exe
  C:\Windows\System\ZlbpWuI.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\eoDwunm.exe
  C:\Windows\System\eoDwunm.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\bhOxUwD.exe
  C:\Windows\System\bhOxUwD.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\nsKFfRG.exe
  C:\Windows\System\nsKFfRG.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\jPGqAcD.exe
  C:\Windows\System\jPGqAcD.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\gFTtdWh.exe
  C:\Windows\System\gFTtdWh.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\okbWkoL.exe
  C:\Windows\System\okbWkoL.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\CFWjtBW.exe
  C:\Windows\System\CFWjtBW.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\HwNuqzQ.exe
  C:\Windows\System\HwNuqzQ.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\MQUKBUG.exe
  C:\Windows\System\MQUKBUG.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\lbDQgUF.exe
  C:\Windows\System\lbDQgUF.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\QhadpSt.exe
  C:\Windows\System\QhadpSt.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\rGgtJlD.exe
  C:\Windows\System\rGgtJlD.exe
  2⤵
  - Executes dropped EXE
  PID:632
- C:\Windows\System\IXKWYrg.exe
  C:\Windows\System\IXKWYrg.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\GxlgVeI.exe
  C:\Windows\System\GxlgVeI.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\gRNguGQ.exe
  C:\Windows\System\gRNguGQ.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\ZaEzKrH.exe
  C:\Windows\System\ZaEzKrH.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\hmwFQfD.exe
  C:\Windows\System\hmwFQfD.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\HUJCLUH.exe
  C:\Windows\System\HUJCLUH.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\obtYRVL.exe
  C:\Windows\System\obtYRVL.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\eunzvdO.exe
  C:\Windows\System\eunzvdO.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\AxvNnCU.exe
  C:\Windows\System\AxvNnCU.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\vCwcqoJ.exe
  C:\Windows\System\vCwcqoJ.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\PMSJLOa.exe
  C:\Windows\System\PMSJLOa.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\iCuWTtd.exe
  C:\Windows\System\iCuWTtd.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\vmrcSZQ.exe
  C:\Windows\System\vmrcSZQ.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\RTmirLi.exe
  C:\Windows\System\RTmirLi.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\iXUezyy.exe
  C:\Windows\System\iXUezyy.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\smLonQt.exe
  C:\Windows\System\smLonQt.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\PvOeqqk.exe
  C:\Windows\System\PvOeqqk.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\JMuVwJc.exe
  C:\Windows\System\JMuVwJc.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\UJEbwqZ.exe
  C:\Windows\System\UJEbwqZ.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\kecHTEw.exe
  C:\Windows\System\kecHTEw.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\UPIqrsi.exe
  C:\Windows\System\UPIqrsi.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\hmubYUJ.exe
  C:\Windows\System\hmubYUJ.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\ULuUWHH.exe
  C:\Windows\System\ULuUWHH.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ebGGTqA.exe
  C:\Windows\System\ebGGTqA.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\LigfJwU.exe
  C:\Windows\System\LigfJwU.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\CYwNllM.exe
  C:\Windows\System\CYwNllM.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\rYnZwao.exe
  C:\Windows\System\rYnZwao.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\VdfYufB.exe
  C:\Windows\System\VdfYufB.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\sRexpoZ.exe
  C:\Windows\System\sRexpoZ.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\rtsLcCm.exe
  C:\Windows\System\rtsLcCm.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\VbDSoVH.exe
  C:\Windows\System\VbDSoVH.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\mWehuOj.exe
  C:\Windows\System\mWehuOj.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\jDCdXnO.exe
  C:\Windows\System\jDCdXnO.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\xcFJWjX.exe
  C:\Windows\System\xcFJWjX.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\VisEjqb.exe
  C:\Windows\System\VisEjqb.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\hZYOTIr.exe
  C:\Windows\System\hZYOTIr.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\ZLNQGkv.exe
  C:\Windows\System\ZLNQGkv.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\xhiqZxq.exe
  C:\Windows\System\xhiqZxq.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\zZpCILR.exe
  C:\Windows\System\zZpCILR.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\OBwYtCN.exe
  C:\Windows\System\OBwYtCN.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\rHUBenu.exe
  C:\Windows\System\rHUBenu.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\dVXlhkP.exe
  C:\Windows\System\dVXlhkP.exe
  2⤵
  - Executes dropped EXE
  PID:340
- C:\Windows\System\XKqsPrg.exe
  C:\Windows\System\XKqsPrg.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\dsgtCGP.exe
  C:\Windows\System\dsgtCGP.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\CkCmAsg.exe
  C:\Windows\System\CkCmAsg.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\XOnwVPb.exe
  C:\Windows\System\XOnwVPb.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\gUNPdio.exe
  C:\Windows\System\gUNPdio.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\alhNhGS.exe
  C:\Windows\System\alhNhGS.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\MRLDGur.exe
  C:\Windows\System\MRLDGur.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\JLZMxVX.exe
  C:\Windows\System\JLZMxVX.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\CkUEsZN.exe
  C:\Windows\System\CkUEsZN.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\GgNdYsp.exe
  C:\Windows\System\GgNdYsp.exe
  2⤵
  PID:2808
- C:\Windows\System\wwyLLnL.exe
  C:\Windows\System\wwyLLnL.exe
  2⤵
  PID:2428
- C:\Windows\System\vxybEOn.exe
  C:\Windows\System\vxybEOn.exe
  2⤵
  PID:2444
- C:\Windows\System\TnOwsoY.exe
  C:\Windows\System\TnOwsoY.exe
  2⤵
  PID:892
- C:\Windows\System\MtFgBbR.exe
  C:\Windows\System\MtFgBbR.exe
  2⤵
  PID:1992
- C:\Windows\System\rjheblC.exe
  C:\Windows\System\rjheblC.exe
  2⤵
  PID:320
- C:\Windows\System\eAcrxnT.exe
  C:\Windows\System\eAcrxnT.exe
  2⤵
  PID:1064
- C:\Windows\System\twmckDp.exe
  C:\Windows\System\twmckDp.exe
  2⤵
  PID:1896
- C:\Windows\System\HvmcNvA.exe
  C:\Windows\System\HvmcNvA.exe
  2⤵
  PID:2044
- C:\Windows\System\ElqvhHj.exe
  C:\Windows\System\ElqvhHj.exe
  2⤵
  PID:2984
- C:\Windows\System\chpvsof.exe
  C:\Windows\System\chpvsof.exe
  2⤵
  PID:2420
- C:\Windows\System\AsXasVE.exe
  C:\Windows\System\AsXasVE.exe
  2⤵
  PID:2156
- C:\Windows\System\xlkDeNZ.exe
  C:\Windows\System\xlkDeNZ.exe
  2⤵
  PID:2136
- C:\Windows\System\FsGhFWc.exe
  C:\Windows\System\FsGhFWc.exe
  2⤵
  PID:1032
- C:\Windows\System\tcHZAZZ.exe
  C:\Windows\System\tcHZAZZ.exe
  2⤵
  PID:2652
- C:\Windows\System\jHzMMNP.exe
  C:\Windows\System\jHzMMNP.exe
  2⤵
  PID:1036
- C:\Windows\System\RGyUJFd.exe
  C:\Windows\System\RGyUJFd.exe
  2⤵
  PID:1720
- C:\Windows\System\bxNkahW.exe
  C:\Windows\System\bxNkahW.exe
  2⤵
  PID:696
- C:\Windows\System\FyFWNKL.exe
  C:\Windows\System\FyFWNKL.exe
  2⤵
  PID:1528
- C:\Windows\System\qpEaMVp.exe
  C:\Windows\System\qpEaMVp.exe
  2⤵
  PID:1696
- C:\Windows\System\WvmwDRx.exe
  C:\Windows\System\WvmwDRx.exe
  2⤵
  PID:684
- C:\Windows\System\DgeYxlm.exe
  C:\Windows\System\DgeYxlm.exe
  2⤵
  PID:1964
- C:\Windows\System\aETDgkL.exe
  C:\Windows\System\aETDgkL.exe
  2⤵
  PID:2312
- C:\Windows\System\ijfVPOP.exe
  C:\Windows\System\ijfVPOP.exe
  2⤵
  PID:2072
- C:\Windows\System\tMcnndI.exe
  C:\Windows\System\tMcnndI.exe
  2⤵
  PID:2452
- C:\Windows\System\sAcZsDE.exe
  C:\Windows\System\sAcZsDE.exe
  2⤵
  PID:1356
- C:\Windows\System\URqKZuy.exe
  C:\Windows\System\URqKZuy.exe
  2⤵
  PID:2968
- C:\Windows\System\DjHFvaY.exe
  C:\Windows\System\DjHFvaY.exe
  2⤵
  PID:1588
- C:\Windows\System\icYyQeh.exe
  C:\Windows\System\icYyQeh.exe
  2⤵
  PID:1692
- C:\Windows\System\ULAXpuq.exe
  C:\Windows\System\ULAXpuq.exe
  2⤵
  PID:1904
- C:\Windows\System\ErtQEwv.exe
  C:\Windows\System\ErtQEwv.exe
  2⤵
  PID:2700
- C:\Windows\System\HNnSKxE.exe
  C:\Windows\System\HNnSKxE.exe
  2⤵
  PID:2876
- C:\Windows\System\GJBggyK.exe
  C:\Windows\System\GJBggyK.exe
  2⤵
  PID:2688
- C:\Windows\System\cjcvvPV.exe
  C:\Windows\System\cjcvvPV.exe
  2⤵
  PID:2388
- C:\Windows\System\IvfGzcv.exe
  C:\Windows\System\IvfGzcv.exe
  2⤵
  PID:1516
- C:\Windows\System\ReaAZrS.exe
  C:\Windows\System\ReaAZrS.exe
  2⤵
  PID:1092
- C:\Windows\System\ThMUBIW.exe
  C:\Windows\System\ThMUBIW.exe
  2⤵
  PID:2008
- C:\Windows\System\TFRVEIu.exe
  C:\Windows\System\TFRVEIu.exe
  2⤵
  PID:1016
- C:\Windows\System\kvHEOHf.exe
  C:\Windows\System\kvHEOHf.exe
  2⤵
  PID:2864
- C:\Windows\System\IYTvGqN.exe
  C:\Windows\System\IYTvGqN.exe
  2⤵
  PID:2236
- C:\Windows\System\QyqRhmJ.exe
  C:\Windows\System\QyqRhmJ.exe
  2⤵
  PID:2292
- C:\Windows\System\AFnBqje.exe
  C:\Windows\System\AFnBqje.exe
  2⤵
  PID:2124
- C:\Windows\System\KKMmyrI.exe
  C:\Windows\System\KKMmyrI.exe
  2⤵
  PID:1544
- C:\Windows\System\pUeSLzl.exe
  C:\Windows\System\pUeSLzl.exe
  2⤵
  PID:1808
- C:\Windows\System\XimZVsD.exe
  C:\Windows\System\XimZVsD.exe
  2⤵
  PID:2852
- C:\Windows\System\eLYmwhk.exe
  C:\Windows\System\eLYmwhk.exe
  2⤵
  PID:2352
- C:\Windows\System\mGzvTXO.exe
  C:\Windows\System\mGzvTXO.exe
  2⤵
  PID:2204
- C:\Windows\System\tglMiVF.exe
  C:\Windows\System\tglMiVF.exe
  2⤵
  PID:400
- C:\Windows\System\mFSEkua.exe
  C:\Windows\System\mFSEkua.exe
  2⤵
  PID:1492
- C:\Windows\System\erLcABQ.exe
  C:\Windows\System\erLcABQ.exe
  2⤵
  PID:1596
- C:\Windows\System\BUXrDxQ.exe
  C:\Windows\System\BUXrDxQ.exe
  2⤵
  PID:2756
- C:\Windows\System\inswlQI.exe
  C:\Windows\System\inswlQI.exe
  2⤵
  PID:2364
- C:\Windows\System\SRvMvlY.exe
  C:\Windows\System\SRvMvlY.exe
  2⤵
  PID:2548
- C:\Windows\System\jTTouit.exe
  C:\Windows\System\jTTouit.exe
  2⤵
  PID:2860
- C:\Windows\System\YlMHDnR.exe
  C:\Windows\System\YlMHDnR.exe
  2⤵
  PID:2368
- C:\Windows\System\ESMSiGL.exe
  C:\Windows\System\ESMSiGL.exe
  2⤵
  PID:2392
- C:\Windows\System\srwsihd.exe
  C:\Windows\System\srwsihd.exe
  2⤵
  PID:3080
- C:\Windows\System\bZyizqn.exe
  C:\Windows\System\bZyizqn.exe
  2⤵
  PID:3104
- C:\Windows\System\iTeIdmA.exe
  C:\Windows\System\iTeIdmA.exe
  2⤵
  PID:3124
- C:\Windows\System\pvholZx.exe
  C:\Windows\System\pvholZx.exe
  2⤵
  PID:3144
- C:\Windows\System\LcqkBWg.exe
  C:\Windows\System\LcqkBWg.exe
  2⤵
  PID:3164
- C:\Windows\System\tTHDBEE.exe
  C:\Windows\System\tTHDBEE.exe
  2⤵
  PID:3184
- C:\Windows\System\xTtrKFj.exe
  C:\Windows\System\xTtrKFj.exe
  2⤵
  PID:3204
- C:\Windows\System\lkpyeZo.exe
  C:\Windows\System\lkpyeZo.exe
  2⤵
  PID:3220
- C:\Windows\System\lvynLQk.exe
  C:\Windows\System\lvynLQk.exe
  2⤵
  PID:3240
- C:\Windows\System\QZzRHzI.exe
  C:\Windows\System\QZzRHzI.exe
  2⤵
  PID:3264
- C:\Windows\System\cYZJaYQ.exe
  C:\Windows\System\cYZJaYQ.exe
  2⤵
  PID:3284
- C:\Windows\System\aOyIxIg.exe
  C:\Windows\System\aOyIxIg.exe
  2⤵
  PID:3300
- C:\Windows\System\VWWpIOH.exe
  C:\Windows\System\VWWpIOH.exe
  2⤵
  PID:3324
- C:\Windows\System\lSecdWt.exe
  C:\Windows\System\lSecdWt.exe
  2⤵
  PID:3344
- C:\Windows\System\IpZFGdR.exe
  C:\Windows\System\IpZFGdR.exe
  2⤵
  PID:3364
- C:\Windows\System\oxDPWRY.exe
  C:\Windows\System\oxDPWRY.exe
  2⤵
  PID:3384
- C:\Windows\System\kSSYBsC.exe
  C:\Windows\System\kSSYBsC.exe
  2⤵
  PID:3404
- C:\Windows\System\AcSakmj.exe
  C:\Windows\System\AcSakmj.exe
  2⤵
  PID:3424
- C:\Windows\System\fZcWuZM.exe
  C:\Windows\System\fZcWuZM.exe
  2⤵
  PID:3440
- C:\Windows\System\HPfEEHS.exe
  C:\Windows\System\HPfEEHS.exe
  2⤵
  PID:3464
- C:\Windows\System\sNNdQlT.exe
  C:\Windows\System\sNNdQlT.exe
  2⤵
  PID:3484
- C:\Windows\System\gmakLPO.exe
  C:\Windows\System\gmakLPO.exe
  2⤵
  PID:3504
- C:\Windows\System\jXNLIel.exe
  C:\Windows\System\jXNLIel.exe
  2⤵
  PID:3524
- C:\Windows\System\vckzUrh.exe
  C:\Windows\System\vckzUrh.exe
  2⤵
  PID:3540
- C:\Windows\System\QKAzUMh.exe
  C:\Windows\System\QKAzUMh.exe
  2⤵
  PID:3564
- C:\Windows\System\bGDxPbo.exe
  C:\Windows\System\bGDxPbo.exe
  2⤵
  PID:3584
- C:\Windows\System\XCnlyQQ.exe
  C:\Windows\System\XCnlyQQ.exe
  2⤵
  PID:3604
- C:\Windows\System\aHSBTvl.exe
  C:\Windows\System\aHSBTvl.exe
  2⤵
  PID:3624
- C:\Windows\System\GecUigA.exe
  C:\Windows\System\GecUigA.exe
  2⤵
  PID:3644
- C:\Windows\System\EQNvvNH.exe
  C:\Windows\System\EQNvvNH.exe
  2⤵
  PID:3664
- C:\Windows\System\MDFfCKE.exe
  C:\Windows\System\MDFfCKE.exe
  2⤵
  PID:3684
- C:\Windows\System\FcpNhSI.exe
  C:\Windows\System\FcpNhSI.exe
  2⤵
  PID:3708
- C:\Windows\System\QJvVQTl.exe
  C:\Windows\System\QJvVQTl.exe
  2⤵
  PID:3728
- C:\Windows\System\pPXZYxX.exe
  C:\Windows\System\pPXZYxX.exe
  2⤵
  PID:3748
- C:\Windows\System\olEixRT.exe
  C:\Windows\System\olEixRT.exe
  2⤵
  PID:3764
- C:\Windows\System\qkxtAsc.exe
  C:\Windows\System\qkxtAsc.exe
  2⤵
  PID:3788
- C:\Windows\System\BozjcId.exe
  C:\Windows\System\BozjcId.exe
  2⤵
  PID:3808
- C:\Windows\System\MnyJgge.exe
  C:\Windows\System\MnyJgge.exe
  2⤵
  PID:3828
- C:\Windows\System\JnUDEcH.exe
  C:\Windows\System\JnUDEcH.exe
  2⤵
  PID:3844
- C:\Windows\System\iEzEuZn.exe
  C:\Windows\System\iEzEuZn.exe
  2⤵
  PID:3868
- C:\Windows\System\GsKCRPR.exe
  C:\Windows\System\GsKCRPR.exe
  2⤵
  PID:3888
- C:\Windows\System\meFyehY.exe
  C:\Windows\System\meFyehY.exe
  2⤵
  PID:3904
- C:\Windows\System\vLixIBp.exe
  C:\Windows\System\vLixIBp.exe
  2⤵
  PID:3928
- C:\Windows\System\dyaYwIv.exe
  C:\Windows\System\dyaYwIv.exe
  2⤵
  PID:3948
- C:\Windows\System\VwMQanb.exe
  C:\Windows\System\VwMQanb.exe
  2⤵
  PID:3968
- C:\Windows\System\uTDsBWy.exe
  C:\Windows\System\uTDsBWy.exe
  2⤵
  PID:3988
- C:\Windows\System\RSCcDgz.exe
  C:\Windows\System\RSCcDgz.exe
  2⤵
  PID:4008
- C:\Windows\System\yvVZvTq.exe
  C:\Windows\System\yvVZvTq.exe
  2⤵
  PID:4028
- C:\Windows\System\hEIvpee.exe
  C:\Windows\System\hEIvpee.exe
  2⤵
  PID:4048
- C:\Windows\System\krCMiTe.exe
  C:\Windows\System\krCMiTe.exe
  2⤵
  PID:4068
- C:\Windows\System\hhfsWzp.exe
  C:\Windows\System\hhfsWzp.exe
  2⤵
  PID:4084
- C:\Windows\System\fBIaqYZ.exe
  C:\Windows\System\fBIaqYZ.exe
  2⤵
  PID:2248
- C:\Windows\System\sbkDXPv.exe
  C:\Windows\System\sbkDXPv.exe
  2⤵
  PID:2196
- C:\Windows\System\hXSwTpY.exe
  C:\Windows\System\hXSwTpY.exe
  2⤵
  PID:1732
- C:\Windows\System\BxRZNZG.exe
  C:\Windows\System\BxRZNZG.exe
  2⤵
  PID:1488
- C:\Windows\System\pjQWLLH.exe
  C:\Windows\System\pjQWLLH.exe
  2⤵
  PID:876
- C:\Windows\System\flkTlDH.exe
  C:\Windows\System\flkTlDH.exe
  2⤵
  PID:2304
- C:\Windows\System\cxhLvBk.exe
  C:\Windows\System\cxhLvBk.exe
  2⤵
  PID:2752
- C:\Windows\System\upJAbuO.exe
  C:\Windows\System\upJAbuO.exe
  2⤵
  PID:2284
- C:\Windows\System\IBmwmns.exe
  C:\Windows\System\IBmwmns.exe
  2⤵
  PID:828
- C:\Windows\System\DjXQXBO.exe
  C:\Windows\System\DjXQXBO.exe
  2⤵
  PID:3088
- C:\Windows\System\CnRZGUm.exe
  C:\Windows\System\CnRZGUm.exe
  2⤵
  PID:940
- C:\Windows\System\JigBxos.exe
  C:\Windows\System\JigBxos.exe
  2⤵
  PID:3116
- C:\Windows\System\WMDXcQe.exe
  C:\Windows\System\WMDXcQe.exe
  2⤵
  PID:3160
- C:\Windows\System\tyMRTSU.exe
  C:\Windows\System\tyMRTSU.exe
  2⤵
  PID:3200
- C:\Windows\System\tcPmZwr.exe
  C:\Windows\System\tcPmZwr.exe
  2⤵
  PID:3252
- C:\Windows\System\PbmPuOo.exe
  C:\Windows\System\PbmPuOo.exe
  2⤵
  PID:3296
- C:\Windows\System\HTGDeCQ.exe
  C:\Windows\System\HTGDeCQ.exe
  2⤵
  PID:3312
- C:\Windows\System\UNqDQiq.exe
  C:\Windows\System\UNqDQiq.exe
  2⤵
  PID:3336
- C:\Windows\System\UlbfRhb.exe
  C:\Windows\System\UlbfRhb.exe
  2⤵
  PID:3376
- C:\Windows\System\srLfoKg.exe
  C:\Windows\System\srLfoKg.exe
  2⤵
  PID:3420
- C:\Windows\System\gypcMUb.exe
  C:\Windows\System\gypcMUb.exe
  2⤵
  PID:3448
- C:\Windows\System\nabJOmw.exe
  C:\Windows\System\nabJOmw.exe
  2⤵
  PID:3472
- C:\Windows\System\gJtedQk.exe
  C:\Windows\System\gJtedQk.exe
  2⤵
  PID:3496
- C:\Windows\System\RNplyuf.exe
  C:\Windows\System\RNplyuf.exe
  2⤵
  PID:3580
- C:\Windows\System\vNGhKbi.exe
  C:\Windows\System\vNGhKbi.exe
  2⤵
  PID:3560
- C:\Windows\System\rUJxeFo.exe
  C:\Windows\System\rUJxeFo.exe
  2⤵
  PID:3616
- C:\Windows\System\VVEoIZe.exe
  C:\Windows\System\VVEoIZe.exe
  2⤵
  PID:3652
- C:\Windows\System\kpJUXId.exe
  C:\Windows\System\kpJUXId.exe
  2⤵
  PID:3660
- C:\Windows\System\EFiWqjG.exe
  C:\Windows\System\EFiWqjG.exe
  2⤵
  PID:3696
- C:\Windows\System\xKOJBES.exe
  C:\Windows\System\xKOJBES.exe
  2⤵
  PID:3740
- C:\Windows\System\Zdwxtxb.exe
  C:\Windows\System\Zdwxtxb.exe
  2⤵
  PID:3776
- C:\Windows\System\CXZvEpl.exe
  C:\Windows\System\CXZvEpl.exe
  2⤵
  PID:3800
- C:\Windows\System\dCPLsac.exe
  C:\Windows\System\dCPLsac.exe
  2⤵
  PID:3852
- C:\Windows\System\PkghuJp.exe
  C:\Windows\System\PkghuJp.exe
  2⤵
  PID:3896
- C:\Windows\System\awWhifZ.exe
  C:\Windows\System\awWhifZ.exe
  2⤵
  PID:3912
- C:\Windows\System\fSnqYpK.exe
  C:\Windows\System\fSnqYpK.exe
  2⤵
  PID:3944
- C:\Windows\System\TSxJvmO.exe
  C:\Windows\System\TSxJvmO.exe
  2⤵
  PID:4016
- C:\Windows\System\yPCCnKT.exe
  C:\Windows\System\yPCCnKT.exe
  2⤵
  PID:4004
- C:\Windows\System\XRCSySv.exe
  C:\Windows\System\XRCSySv.exe
  2⤵
  PID:4064
- C:\Windows\System\PxGIRir.exe
  C:\Windows\System\PxGIRir.exe
  2⤵
  PID:4036
- C:\Windows\System\ZehGDXa.exe
  C:\Windows\System\ZehGDXa.exe
  2⤵
  PID:4080
- C:\Windows\System\TvvjIMa.exe
  C:\Windows\System\TvvjIMa.exe
  2⤵
  PID:4076
- C:\Windows\System\gMfASfp.exe
  C:\Windows\System\gMfASfp.exe
  2⤵
  PID:984
- C:\Windows\System\ZGAZJKu.exe
  C:\Windows\System\ZGAZJKu.exe
  2⤵
  PID:1324
- C:\Windows\System\xrNguzM.exe
  C:\Windows\System\xrNguzM.exe
  2⤵
  PID:536
- C:\Windows\System\RTIEVTX.exe
  C:\Windows\System\RTIEVTX.exe
  2⤵
  PID:3092
- C:\Windows\System\LtPFYXu.exe
  C:\Windows\System\LtPFYXu.exe
  2⤵
  PID:3216
- C:\Windows\System\RgLIEdn.exe
  C:\Windows\System\RgLIEdn.exe
  2⤵
  PID:1496
- C:\Windows\System\UmbPpsR.exe
  C:\Windows\System\UmbPpsR.exe
  2⤵
  PID:3248
- C:\Windows\System\YGzjWPJ.exe
  C:\Windows\System\YGzjWPJ.exe
  2⤵
  PID:3192
- C:\Windows\System\uDfhswD.exe
  C:\Windows\System\uDfhswD.exe
  2⤵
  PID:3256
- C:\Windows\System\WfHUoPW.exe
  C:\Windows\System\WfHUoPW.exe
  2⤵
  PID:3380
- C:\Windows\System\VuFFkAq.exe
  C:\Windows\System\VuFFkAq.exe
  2⤵
  PID:3476
- C:\Windows\System\OsrEPvz.exe
  C:\Windows\System\OsrEPvz.exe
  2⤵
  PID:3432
- C:\Windows\System\cPsBYzW.exe
  C:\Windows\System\cPsBYzW.exe
  2⤵
  PID:3392
- C:\Windows\System\iRnUMxL.exe
  C:\Windows\System\iRnUMxL.exe
  2⤵
  PID:3532
- C:\Windows\System\whZickC.exe
  C:\Windows\System\whZickC.exe
  2⤵
  PID:3556
- C:\Windows\System\DeaMhTt.exe
  C:\Windows\System\DeaMhTt.exe
  2⤵
  PID:3724
- C:\Windows\System\neEwyub.exe
  C:\Windows\System\neEwyub.exe
  2⤵
  PID:3784
- C:\Windows\System\UMMCFmu.exe
  C:\Windows\System\UMMCFmu.exe
  2⤵
  PID:3836
- C:\Windows\System\EoJpbzW.exe
  C:\Windows\System\EoJpbzW.exe
  2⤵
  PID:3656
- C:\Windows\System\wlpzaVY.exe
  C:\Windows\System\wlpzaVY.exe
  2⤵
  PID:3976
- C:\Windows\System\JriOtmq.exe
  C:\Windows\System\JriOtmq.exe
  2⤵
  PID:3876
- C:\Windows\System\NiiVMge.exe
  C:\Windows\System\NiiVMge.exe
  2⤵
  PID:3960
- C:\Windows\System\UKiIvvf.exe
  C:\Windows\System\UKiIvvf.exe
  2⤵
  PID:572
- C:\Windows\System\lvktohP.exe
  C:\Windows\System\lvktohP.exe
  2⤵
  PID:2828
- C:\Windows\System\yHDUCAy.exe
  C:\Windows\System\yHDUCAy.exe
  2⤵
  PID:3120
- C:\Windows\System\jwPxEOs.exe
  C:\Windows\System\jwPxEOs.exe
  2⤵
  PID:2720
- C:\Windows\System\RdUUXmw.exe
  C:\Windows\System\RdUUXmw.exe
  2⤵
  PID:3480
- C:\Windows\System\paxAjpB.exe
  C:\Windows\System\paxAjpB.exe
  2⤵
  PID:3332
- C:\Windows\System\ryiiOts.exe
  C:\Windows\System\ryiiOts.exe
  2⤵
  PID:3412
- C:\Windows\System\MtVMFSn.exe
  C:\Windows\System\MtVMFSn.exe
  2⤵
  PID:3316
- C:\Windows\System\QgBOUYT.exe
  C:\Windows\System\QgBOUYT.exe
  2⤵
  PID:3884
- C:\Windows\System\MvhCGyQ.exe
  C:\Windows\System\MvhCGyQ.exe
  2⤵
  PID:3620
- C:\Windows\System\TbjqMjh.exe
  C:\Windows\System\TbjqMjh.exe
  2⤵
  PID:3804
- C:\Windows\System\ZnMpAzV.exe
  C:\Windows\System\ZnMpAzV.exe
  2⤵
  PID:3548
- C:\Windows\System\EYccAuA.exe
  C:\Windows\System\EYccAuA.exe
  2⤵
  PID:4040
- C:\Windows\System\qmgmRRh.exe
  C:\Windows\System\qmgmRRh.exe
  2⤵
  PID:3920
- C:\Windows\System\XIOVtWh.exe
  C:\Windows\System\XIOVtWh.exe
  2⤵
  PID:3292
- C:\Windows\System\kYtpXpr.exe
  C:\Windows\System\kYtpXpr.exe
  2⤵
  PID:3212
- C:\Windows\System\titrfZQ.exe
  C:\Windows\System\titrfZQ.exe
  2⤵
  PID:3744
- C:\Windows\System\OoeNVKf.exe
  C:\Windows\System\OoeNVKf.exe
  2⤵
  PID:2100
- C:\Windows\System\OrWFZUD.exe
  C:\Windows\System\OrWFZUD.exe
  2⤵
  PID:2020
- C:\Windows\System\GXyFvij.exe
  C:\Windows\System\GXyFvij.exe
  2⤵
  PID:3860
- C:\Windows\System\keqsQwB.exe
  C:\Windows\System\keqsQwB.exe
  2⤵
  PID:2320
- C:\Windows\System\zhXceai.exe
  C:\Windows\System\zhXceai.exe
  2⤵
  PID:4104
- C:\Windows\System\YPtaCQg.exe
  C:\Windows\System\YPtaCQg.exe
  2⤵
  PID:4128
- C:\Windows\System\DQqVixL.exe
  C:\Windows\System\DQqVixL.exe
  2⤵
  PID:4144
- C:\Windows\System\rpVEtDa.exe
  C:\Windows\System\rpVEtDa.exe
  2⤵
  PID:4164
- C:\Windows\System\ihKhicl.exe
  C:\Windows\System\ihKhicl.exe
  2⤵
  PID:4184
- C:\Windows\System\sEFMjWI.exe
  C:\Windows\System\sEFMjWI.exe
  2⤵
  PID:4204
- C:\Windows\System\CKZQFaa.exe
  C:\Windows\System\CKZQFaa.exe
  2⤵
  PID:4228
- C:\Windows\System\hHuJdWp.exe
  C:\Windows\System\hHuJdWp.exe
  2⤵
  PID:4248
- C:\Windows\System\UqCSSVv.exe
  C:\Windows\System\UqCSSVv.exe
  2⤵
  PID:4264
- C:\Windows\System\iRbbmIv.exe
  C:\Windows\System\iRbbmIv.exe
  2⤵
  PID:4284
- C:\Windows\System\uDjssGi.exe
  C:\Windows\System\uDjssGi.exe
  2⤵
  PID:4304
- C:\Windows\System\FNTskwh.exe
  C:\Windows\System\FNTskwh.exe
  2⤵
  PID:4324
- C:\Windows\System\vgEoyWq.exe
  C:\Windows\System\vgEoyWq.exe
  2⤵
  PID:4348
- C:\Windows\System\WaBfZst.exe
  C:\Windows\System\WaBfZst.exe
  2⤵
  PID:4364
- C:\Windows\System\OhofJeI.exe
  C:\Windows\System\OhofJeI.exe
  2⤵
  PID:4384
- C:\Windows\System\IXtDVQQ.exe
  C:\Windows\System\IXtDVQQ.exe
  2⤵
  PID:4404
- C:\Windows\System\GbXfABW.exe
  C:\Windows\System\GbXfABW.exe
  2⤵
  PID:4436
- C:\Windows\System\gXzurgR.exe
  C:\Windows\System\gXzurgR.exe
  2⤵
  PID:4452
- C:\Windows\System\zhfZbFv.exe
  C:\Windows\System\zhfZbFv.exe
  2⤵
  PID:4476
- C:\Windows\System\zkDAnJF.exe
  C:\Windows\System\zkDAnJF.exe
  2⤵
  PID:4492
- C:\Windows\System\pOwFUFg.exe
  C:\Windows\System\pOwFUFg.exe
  2⤵
  PID:4512
- C:\Windows\System\fTteuEo.exe
  C:\Windows\System\fTteuEo.exe
  2⤵
  PID:4536
- C:\Windows\System\MZmXAcJ.exe
  C:\Windows\System\MZmXAcJ.exe
  2⤵
  PID:4552
- C:\Windows\System\SEfiCnY.exe
  C:\Windows\System\SEfiCnY.exe
  2⤵
  PID:4576
- C:\Windows\System\MwWIHFe.exe
  C:\Windows\System\MwWIHFe.exe
  2⤵
  PID:4592
- C:\Windows\System\FxoLlpg.exe
  C:\Windows\System\FxoLlpg.exe
  2⤵
  PID:4612
- C:\Windows\System\aAQyegq.exe
  C:\Windows\System\aAQyegq.exe
  2⤵
  PID:4636
- C:\Windows\System\NDFhyWc.exe
  C:\Windows\System\NDFhyWc.exe
  2⤵
  PID:4660
- C:\Windows\System\EyJTaRY.exe
  C:\Windows\System\EyJTaRY.exe
  2⤵
  PID:4676
- C:\Windows\System\DXclUGS.exe
  C:\Windows\System\DXclUGS.exe
  2⤵
  PID:4692
- C:\Windows\System\orRyiYC.exe
  C:\Windows\System\orRyiYC.exe
  2⤵
  PID:4712
- C:\Windows\System\pddluIM.exe
  C:\Windows\System\pddluIM.exe
  2⤵
  PID:4736
- C:\Windows\System\THDYVcx.exe
  C:\Windows\System\THDYVcx.exe
  2⤵
  PID:4752
- C:\Windows\System\nGdOcuU.exe
  C:\Windows\System\nGdOcuU.exe
  2⤵
  PID:4776
- C:\Windows\System\KFCRPNs.exe
  C:\Windows\System\KFCRPNs.exe
  2⤵
  PID:4796
- C:\Windows\System\VJwxdBm.exe
  C:\Windows\System\VJwxdBm.exe
  2⤵
  PID:4816
- C:\Windows\System\yulDLmW.exe
  C:\Windows\System\yulDLmW.exe
  2⤵
  PID:4832
- C:\Windows\System\kdpNcEy.exe
  C:\Windows\System\kdpNcEy.exe
  2⤵
  PID:4856
- C:\Windows\System\OPiVATe.exe
  C:\Windows\System\OPiVATe.exe
  2⤵
  PID:4876
- C:\Windows\System\vmOllkG.exe
  C:\Windows\System\vmOllkG.exe
  2⤵
  PID:4900
- C:\Windows\System\mHbrLyo.exe
  C:\Windows\System\mHbrLyo.exe
  2⤵
  PID:4916
- C:\Windows\System\jWMvzZx.exe
  C:\Windows\System\jWMvzZx.exe
  2⤵
  PID:4932
- C:\Windows\System\GJAxuwi.exe
  C:\Windows\System\GJAxuwi.exe
  2⤵
  PID:4956
- C:\Windows\System\XPfjMTW.exe
  C:\Windows\System\XPfjMTW.exe
  2⤵
  PID:4976
- C:\Windows\System\TJVyHbm.exe
  C:\Windows\System\TJVyHbm.exe
  2⤵
  PID:4996
- C:\Windows\System\iDAYBUu.exe
  C:\Windows\System\iDAYBUu.exe
  2⤵
  PID:5020
- C:\Windows\System\HDkmQwv.exe
  C:\Windows\System\HDkmQwv.exe
  2⤵
  PID:5040
- C:\Windows\System\DpDNGdZ.exe
  C:\Windows\System\DpDNGdZ.exe
  2⤵
  PID:5064
- C:\Windows\System\XmONOuV.exe
  C:\Windows\System\XmONOuV.exe
  2⤵
  PID:5088
- C:\Windows\System\GAkTzSw.exe
  C:\Windows\System\GAkTzSw.exe
  2⤵
  PID:5104
- C:\Windows\System\qCvzvyR.exe
  C:\Windows\System\qCvzvyR.exe
  2⤵
  PID:3132
- C:\Windows\System\PGmsfPW.exe
  C:\Windows\System\PGmsfPW.exe
  2⤵
  PID:2884
- C:\Windows\System\edUYrCq.exe
  C:\Windows\System\edUYrCq.exe
  2⤵
  PID:3276
- C:\Windows\System\XmZYSdu.exe
  C:\Windows\System\XmZYSdu.exe
  2⤵
  PID:3632
- C:\Windows\System\LTsOkJz.exe
  C:\Windows\System\LTsOkJz.exe
  2⤵
  PID:3840
- C:\Windows\System\fzjDjBV.exe
  C:\Windows\System\fzjDjBV.exe
  2⤵
  PID:4112
- C:\Windows\System\hCbdPfP.exe
  C:\Windows\System\hCbdPfP.exe
  2⤵
  PID:3352
- C:\Windows\System\SzKDwEI.exe
  C:\Windows\System\SzKDwEI.exe
  2⤵
  PID:4192
- C:\Windows\System\hAIylxn.exe
  C:\Windows\System\hAIylxn.exe
  2⤵
  PID:2288
- C:\Windows\System\tptomTd.exe
  C:\Windows\System\tptomTd.exe
  2⤵
  PID:4240
- C:\Windows\System\IFNOZXI.exe
  C:\Windows\System\IFNOZXI.exe
  2⤵
  PID:4272
- C:\Windows\System\mJlwVOx.exe
  C:\Windows\System\mJlwVOx.exe
  2⤵
  PID:4312
- C:\Windows\System\arQffEg.exe
  C:\Windows\System\arQffEg.exe
  2⤵
  PID:4300
- C:\Windows\System\UxgYWgb.exe
  C:\Windows\System\UxgYWgb.exe
  2⤵
  PID:4340
- C:\Windows\System\qxjNTYd.exe
  C:\Windows\System\qxjNTYd.exe
  2⤵
  PID:4444
- C:\Windows\System\RHeBahY.exe
  C:\Windows\System\RHeBahY.exe
  2⤵
  PID:4488
- C:\Windows\System\RhVAkXe.exe
  C:\Windows\System\RhVAkXe.exe
  2⤵
  PID:824
- C:\Windows\System\aVXrAqr.exe
  C:\Windows\System\aVXrAqr.exe
  2⤵
  PID:4524
- C:\Windows\System\xgAPJHK.exe
  C:\Windows\System\xgAPJHK.exe
  2⤵
  PID:4564
- C:\Windows\System\eyZmYxo.exe
  C:\Windows\System\eyZmYxo.exe
  2⤵
  PID:4600
- C:\Windows\System\ATppQaR.exe
  C:\Windows\System\ATppQaR.exe
  2⤵
  PID:4644
- C:\Windows\System\SypiTxC.exe
  C:\Windows\System\SypiTxC.exe
  2⤵
  PID:4584
- C:\Windows\System\tZVVsxG.exe
  C:\Windows\System\tZVVsxG.exe
  2⤵
  PID:4720
- C:\Windows\System\cSEYgEC.exe
  C:\Windows\System\cSEYgEC.exe
  2⤵
  PID:4588
- C:\Windows\System\HRXUSzW.exe
  C:\Windows\System\HRXUSzW.exe
  2⤵
  PID:4628
- C:\Windows\System\DsndhEX.exe
  C:\Windows\System\DsndhEX.exe
  2⤵
  PID:4764
- C:\Windows\System\jLOjoCP.exe
  C:\Windows\System\jLOjoCP.exe
  2⤵
  PID:4704
- C:\Windows\System\lxwjFAs.exe
  C:\Windows\System\lxwjFAs.exe
  2⤵
  PID:4792
- C:\Windows\System\YMBsHSk.exe
  C:\Windows\System\YMBsHSk.exe
  2⤵
  PID:4840
- C:\Windows\System\GCaPJPd.exe
  C:\Windows\System\GCaPJPd.exe
  2⤵
  PID:4884
- C:\Windows\System\UAkxpbD.exe
  C:\Windows\System\UAkxpbD.exe
  2⤵
  PID:4964
- C:\Windows\System\teWpoLa.exe
  C:\Windows\System\teWpoLa.exe
  2⤵
  PID:4908
- C:\Windows\System\fwKmsPq.exe
  C:\Windows\System\fwKmsPq.exe
  2⤵
  PID:4944
- C:\Windows\System\bfQuUay.exe
  C:\Windows\System\bfQuUay.exe
  2⤵
  PID:4940
- C:\Windows\System\bMqbPZa.exe
  C:\Windows\System\bMqbPZa.exe
  2⤵
  PID:5060
- C:\Windows\System\MXWpCTS.exe
  C:\Windows\System\MXWpCTS.exe
  2⤵
  PID:3940
- C:\Windows\System\mDIOgpi.exe
  C:\Windows\System\mDIOgpi.exe
  2⤵
  PID:5076
- C:\Windows\System\rHvXAkg.exe
  C:\Windows\System\rHvXAkg.exe
  2⤵
  PID:5112
- C:\Windows\System\bSrBiCI.exe
  C:\Windows\System\bSrBiCI.exe
  2⤵
  PID:3460
- C:\Windows\System\YbbZKEr.exe
  C:\Windows\System\YbbZKEr.exe
  2⤵
  PID:4172
- C:\Windows\System\AnCHOYJ.exe
  C:\Windows\System\AnCHOYJ.exe
  2⤵
  PID:4400
- C:\Windows\System\QEytlPo.exe
  C:\Windows\System\QEytlPo.exe
  2⤵
  PID:3552
- C:\Windows\System\llMBucf.exe
  C:\Windows\System\llMBucf.exe
  2⤵
  PID:4472
- C:\Windows\System\bnNuJuD.exe
  C:\Windows\System\bnNuJuD.exe
  2⤵
  PID:4152
- C:\Windows\System\CrbEvbz.exe
  C:\Windows\System\CrbEvbz.exe
  2⤵
  PID:4804
- C:\Windows\System\uSHItUG.exe
  C:\Windows\System\uSHItUG.exe
  2⤵
  PID:4808
- C:\Windows\System\ETXWcfq.exe
  C:\Windows\System\ETXWcfq.exe
  2⤵
  PID:4196
- C:\Windows\System\rjDbrhh.exe
  C:\Windows\System\rjDbrhh.exe
  2⤵
  PID:4872
- C:\Windows\System\HrmVUmp.exe
  C:\Windows\System\HrmVUmp.exe
  2⤵
  PID:4296
- C:\Windows\System\xUCBals.exe
  C:\Windows\System\xUCBals.exe
  2⤵
  PID:5028
- C:\Windows\System\GcCZrRa.exe
  C:\Windows\System\GcCZrRa.exe
  2⤵
  PID:4604
- C:\Windows\System\ikZYeFv.exe
  C:\Windows\System\ikZYeFv.exe
  2⤵
  PID:3172
- C:\Windows\System\XengPuL.exe
  C:\Windows\System\XengPuL.exe
  2⤵
  PID:4684
- C:\Windows\System\TTxsaYp.exe
  C:\Windows\System\TTxsaYp.exe
  2⤵
  PID:4160
- C:\Windows\System\DtMFtJa.exe
  C:\Windows\System\DtMFtJa.exe
  2⤵
  PID:4784
- C:\Windows\System\NjsQTZQ.exe
  C:\Windows\System\NjsQTZQ.exe
  2⤵
  PID:4928
- C:\Windows\System\HGDFChq.exe
  C:\Windows\System\HGDFChq.exe
  2⤵
  PID:4992
- C:\Windows\System\NFpnBiX.exe
  C:\Windows\System\NFpnBiX.exe
  2⤵
  PID:3980
- C:\Windows\System\KcjaFuE.exe
  C:\Windows\System\KcjaFuE.exe
  2⤵
  PID:1060
- C:\Windows\System\kTlSpbP.exe
  C:\Windows\System\kTlSpbP.exe
  2⤵
  PID:4280
- C:\Windows\System\OnEposQ.exe
  C:\Windows\System\OnEposQ.exe
  2⤵
  PID:4124
- C:\Windows\System\dDyloIC.exe
  C:\Windows\System\dDyloIC.exe
  2⤵
  PID:5128
- C:\Windows\System\DPnHhJv.exe
  C:\Windows\System\DPnHhJv.exe
  2⤵
  PID:5148
- C:\Windows\System\VNTQyTj.exe
  C:\Windows\System\VNTQyTj.exe
  2⤵
  PID:5164
- C:\Windows\System\BOvhzrd.exe
  C:\Windows\System\BOvhzrd.exe
  2⤵
  PID:5192
- C:\Windows\System\BtEvOtw.exe
  C:\Windows\System\BtEvOtw.exe
  2⤵
  PID:5220
- C:\Windows\System\tCmprqr.exe
  C:\Windows\System\tCmprqr.exe
  2⤵
  PID:5236
- C:\Windows\System\WfOEUFI.exe
  C:\Windows\System\WfOEUFI.exe
  2⤵
  PID:5260
- C:\Windows\System\tkEoMYH.exe
  C:\Windows\System\tkEoMYH.exe
  2⤵
  PID:5280
- C:\Windows\System\DLnedID.exe
  C:\Windows\System\DLnedID.exe
  2⤵
  PID:5296
- C:\Windows\System\OCyNCSI.exe
  C:\Windows\System\OCyNCSI.exe
  2⤵
  PID:5320
- C:\Windows\System\hxsxefe.exe
  C:\Windows\System\hxsxefe.exe
  2⤵
  PID:5340
- C:\Windows\System\UaqLPFS.exe
  C:\Windows\System\UaqLPFS.exe
  2⤵
  PID:5356
- C:\Windows\System\EFMfQiJ.exe
  C:\Windows\System\EFMfQiJ.exe
  2⤵
  PID:5376
- C:\Windows\System\DtdtUQw.exe
  C:\Windows\System\DtdtUQw.exe
  2⤵
  PID:5392
- C:\Windows\System\pAgcjdY.exe
  C:\Windows\System\pAgcjdY.exe
  2⤵
  PID:5412
- C:\Windows\System\pXiOPkr.exe
  C:\Windows\System\pXiOPkr.exe
  2⤵
  PID:5428
- C:\Windows\System\NpRzDkI.exe
  C:\Windows\System\NpRzDkI.exe
  2⤵
  PID:5460
- C:\Windows\System\oZDHYtm.exe
  C:\Windows\System\oZDHYtm.exe
  2⤵
  PID:5480
- C:\Windows\System\jpxgsaz.exe
  C:\Windows\System\jpxgsaz.exe
  2⤵
  PID:5500
- C:\Windows\System\gcCawep.exe
  C:\Windows\System\gcCawep.exe
  2⤵
  PID:5516
- C:\Windows\System\nsegXjK.exe
  C:\Windows\System\nsegXjK.exe
  2⤵
  PID:5536
- C:\Windows\System\ZtvBPfm.exe
  C:\Windows\System\ZtvBPfm.exe
  2⤵
  PID:5556
- C:\Windows\System\SOpJcTO.exe
  C:\Windows\System\SOpJcTO.exe
  2⤵
  PID:5576
- C:\Windows\System\TMFDEAB.exe
  C:\Windows\System\TMFDEAB.exe
  2⤵
  PID:5592
- C:\Windows\System\kEoGrTb.exe
  C:\Windows\System\kEoGrTb.exe
  2⤵
  PID:5616
- C:\Windows\System\lhclqTD.exe
  C:\Windows\System\lhclqTD.exe
  2⤵
  PID:5640
- C:\Windows\System\PqGAyzh.exe
  C:\Windows\System\PqGAyzh.exe
  2⤵
  PID:5664
- C:\Windows\System\xlVngMS.exe
  C:\Windows\System\xlVngMS.exe
  2⤵
  PID:5680
- C:\Windows\System\NkBkzCT.exe
  C:\Windows\System\NkBkzCT.exe
  2⤵
  PID:5700
- C:\Windows\System\lwdparT.exe
  C:\Windows\System\lwdparT.exe
  2⤵
  PID:5720
- C:\Windows\System\vTWnWSX.exe
  C:\Windows\System\vTWnWSX.exe
  2⤵
  PID:5740
- C:\Windows\System\RzSzlHe.exe
  C:\Windows\System\RzSzlHe.exe
  2⤵
  PID:5760
- C:\Windows\System\ErsrweB.exe
  C:\Windows\System\ErsrweB.exe
  2⤵
  PID:5792
- C:\Windows\System\GswgefO.exe
  C:\Windows\System\GswgefO.exe
  2⤵
  PID:5808
- C:\Windows\System\DUrruOj.exe
  C:\Windows\System\DUrruOj.exe
  2⤵
  PID:5824
- C:\Windows\System\FlayzuY.exe
  C:\Windows\System\FlayzuY.exe
  2⤵
  PID:5848
- C:\Windows\System\ytZWSUY.exe
  C:\Windows\System\ytZWSUY.exe
  2⤵
  PID:5872
- C:\Windows\System\GPmTYJX.exe
  C:\Windows\System\GPmTYJX.exe
  2⤵
  PID:5888
- C:\Windows\System\AUcNHUE.exe
  C:\Windows\System\AUcNHUE.exe
  2⤵
  PID:5908
- C:\Windows\System\zvZjVrB.exe
  C:\Windows\System\zvZjVrB.exe
  2⤵
  PID:5924
- C:\Windows\System\SdUblNT.exe
  C:\Windows\System\SdUblNT.exe
  2⤵
  PID:5944
- C:\Windows\System\DAwMxkz.exe
  C:\Windows\System\DAwMxkz.exe
  2⤵
  PID:5964
- C:\Windows\System\YfwWhyc.exe
  C:\Windows\System\YfwWhyc.exe
  2⤵
  PID:5984
- C:\Windows\System\jYDbVgc.exe
  C:\Windows\System\jYDbVgc.exe
  2⤵
  PID:6004
- C:\Windows\System\yqrOQBS.exe
  C:\Windows\System\yqrOQBS.exe
  2⤵
  PID:6032
- C:\Windows\System\DlZDjGh.exe
  C:\Windows\System\DlZDjGh.exe
  2⤵
  PID:6048
- C:\Windows\System\pMtdzZF.exe
  C:\Windows\System\pMtdzZF.exe
  2⤵
  PID:6064
- C:\Windows\System\mkgUuUG.exe
  C:\Windows\System\mkgUuUG.exe
  2⤵
  PID:6084
- C:\Windows\System\zKaXksT.exe
  C:\Windows\System\zKaXksT.exe
  2⤵
  PID:6104
- C:\Windows\System\yaeYMdI.exe
  C:\Windows\System\yaeYMdI.exe
  2⤵
  PID:6132
- C:\Windows\System\nCHfIMy.exe
  C:\Windows\System\nCHfIMy.exe
  2⤵
  PID:4968
- C:\Windows\System\ozzBYDl.exe
  C:\Windows\System\ozzBYDl.exe
  2⤵
  PID:4528
- C:\Windows\System\IcpHMvY.exe
  C:\Windows\System\IcpHMvY.exe
  2⤵
  PID:4500
- C:\Windows\System\ukgWahm.exe
  C:\Windows\System\ukgWahm.exe
  2⤵
  PID:4852
- C:\Windows\System\wvNfVTd.exe
  C:\Windows\System\wvNfVTd.exe
  2⤵
  PID:4316
- C:\Windows\System\ylJRfvq.exe
  C:\Windows\System\ylJRfvq.exe
  2⤵
  PID:4460
- C:\Windows\System\XKemWlM.exe
  C:\Windows\System\XKemWlM.exe
  2⤵
  PID:1608
- C:\Windows\System\jjgvraR.exe
  C:\Windows\System\jjgvraR.exe
  2⤵
  PID:4768
- C:\Windows\System\kppANAz.exe
  C:\Windows\System\kppANAz.exe
  2⤵
  PID:4624
- C:\Windows\System\MRDcAmu.exe
  C:\Windows\System\MRDcAmu.exe
  2⤵
  PID:3996
- C:\Windows\System\maRwzzq.exe
  C:\Windows\System\maRwzzq.exe
  2⤵
  PID:5124
- C:\Windows\System\OOAWuJr.exe
  C:\Windows\System\OOAWuJr.exe
  2⤵
  PID:5140
- C:\Windows\System\loNJGYe.exe
  C:\Windows\System\loNJGYe.exe
  2⤵
  PID:5200
- C:\Windows\System\MuJAgbv.exe
  C:\Windows\System\MuJAgbv.exe
  2⤵
  PID:5212
- C:\Windows\System\PfAwwbi.exe
  C:\Windows\System\PfAwwbi.exe
  2⤵
  PID:5188
- C:\Windows\System\ZQXbFOj.exe
  C:\Windows\System\ZQXbFOj.exe
  2⤵
  PID:5328
- C:\Windows\System\lgBEQYy.exe
  C:\Windows\System\lgBEQYy.exe
  2⤵
  PID:5312
- C:\Windows\System\ZwsXxYC.exe
  C:\Windows\System\ZwsXxYC.exe
  2⤵
  PID:5372
- C:\Windows\System\dQBwGkb.exe
  C:\Windows\System\dQBwGkb.exe
  2⤵
  PID:5440
- C:\Windows\System\UcZtyjM.exe
  C:\Windows\System\UcZtyjM.exe
  2⤵
  PID:5352
- C:\Windows\System\DfHVvbP.exe
  C:\Windows\System\DfHVvbP.exe
  2⤵
  PID:5468
- C:\Windows\System\gmLvpWV.exe
  C:\Windows\System\gmLvpWV.exe
  2⤵
  PID:5472
- C:\Windows\System\LpFTlXY.exe
  C:\Windows\System\LpFTlXY.exe
  2⤵
  PID:5508
- C:\Windows\System\aiIyGQZ.exe
  C:\Windows\System\aiIyGQZ.exe
  2⤵
  PID:4568
- C:\Windows\System\FkMZmij.exe
  C:\Windows\System\FkMZmij.exe
  2⤵
  PID:5600
- C:\Windows\System\SRlWrxk.exe
  C:\Windows\System\SRlWrxk.exe
  2⤵
  PID:5628
- C:\Windows\System\RETiwYa.exe
  C:\Windows\System\RETiwYa.exe
  2⤵
  PID:5636
- C:\Windows\System\TCLhtAB.exe
  C:\Windows\System\TCLhtAB.exe
  2⤵
  PID:5696
- C:\Windows\System\jiKFROl.exe
  C:\Windows\System\jiKFROl.exe
  2⤵
  PID:5736
- C:\Windows\System\WsDDsmn.exe
  C:\Windows\System\WsDDsmn.exe
  2⤵
  PID:5756
- C:\Windows\System\TwOwfUG.exe
  C:\Windows\System\TwOwfUG.exe
  2⤵
  PID:5816
- C:\Windows\System\kcWFmbZ.exe
  C:\Windows\System\kcWFmbZ.exe
  2⤵
  PID:5868
- C:\Windows\System\ZhOxBPW.exe
  C:\Windows\System\ZhOxBPW.exe
  2⤵
  PID:5804
- C:\Windows\System\cFVXEEH.exe
  C:\Windows\System\cFVXEEH.exe
  2⤵
  PID:5832
- C:\Windows\System\ncPiLaK.exe
  C:\Windows\System\ncPiLaK.exe
  2⤵
  PID:5976
- C:\Windows\System\NUkFbGC.exe
  C:\Windows\System\NUkFbGC.exe
  2⤵
  PID:5956
- C:\Windows\System\lhlpqGR.exe
  C:\Windows\System\lhlpqGR.exe
  2⤵
  PID:6020
- C:\Windows\System\ipYHQUf.exe
  C:\Windows\System\ipYHQUf.exe
  2⤵
  PID:6092
- C:\Windows\System\roaWGGg.exe
  C:\Windows\System\roaWGGg.exe
  2⤵
  PID:6096
- C:\Windows\System\UVGLVzd.exe
  C:\Windows\System\UVGLVzd.exe
  2⤵
  PID:6140
- C:\Windows\System\WQOzyvP.exe
  C:\Windows\System\WQOzyvP.exe
  2⤵
  PID:5096
- C:\Windows\System\rrVeXRa.exe
  C:\Windows\System\rrVeXRa.exe
  2⤵
  PID:6112
- C:\Windows\System\lbwziaY.exe
  C:\Windows\System\lbwziaY.exe
  2⤵
  PID:6120
- C:\Windows\System\evTiGUj.exe
  C:\Windows\System\evTiGUj.exe
  2⤵
  PID:4924
- C:\Windows\System\zmcUjOp.exe
  C:\Windows\System\zmcUjOp.exe
  2⤵
  PID:4748
- C:\Windows\System\YfGDgXu.exe
  C:\Windows\System\YfGDgXu.exe
  2⤵
  PID:4464
- C:\Windows\System\jKxRVtt.exe
  C:\Windows\System\jKxRVtt.exe
  2⤵
  PID:5184
- C:\Windows\System\ZtkosVC.exe
  C:\Windows\System\ZtkosVC.exe
  2⤵
  PID:5288
- C:\Windows\System\toVBwdA.exe
  C:\Windows\System\toVBwdA.exe
  2⤵
  PID:5160
- C:\Windows\System\bjcMpYu.exe
  C:\Windows\System\bjcMpYu.exe
  2⤵
  PID:2772
- C:\Windows\System\ggCbIxs.exe
  C:\Windows\System\ggCbIxs.exe
  2⤵
  PID:5216
- C:\Windows\System\adkCwak.exe
  C:\Windows\System\adkCwak.exe
  2⤵
  PID:5268
- C:\Windows\System\yQwvFfp.exe
  C:\Windows\System\yQwvFfp.exe
  2⤵
  PID:5388
- C:\Windows\System\eiWZGkp.exe
  C:\Windows\System\eiWZGkp.exe
  2⤵
  PID:5588
- C:\Windows\System\sdDrBVW.exe
  C:\Windows\System\sdDrBVW.exe
  2⤵
  PID:5232
- C:\Windows\System\rSgjZdH.exe
  C:\Windows\System\rSgjZdH.exe
  2⤵
  PID:2932
- C:\Windows\System\pyPOiZi.exe
  C:\Windows\System\pyPOiZi.exe
  2⤵
  PID:5708
- C:\Windows\System\avkqiwL.exe
  C:\Windows\System\avkqiwL.exe
  2⤵
  PID:5780
- C:\Windows\System\vALYjCG.exe
  C:\Windows\System\vALYjCG.exe
  2⤵
  PID:5904
- C:\Windows\System\IwbXoBT.exe
  C:\Windows\System\IwbXoBT.exe
  2⤵
  PID:5552
- C:\Windows\System\SoVNlJx.exe
  C:\Windows\System\SoVNlJx.exe
  2⤵
  PID:5844
- C:\Windows\System\pcdqZzX.exe
  C:\Windows\System\pcdqZzX.exe
  2⤵
  PID:2116
- C:\Windows\System\FjCQVkc.exe
  C:\Windows\System\FjCQVkc.exe
  2⤵
  PID:5676
- C:\Windows\System\ICFzwgz.exe
  C:\Windows\System\ICFzwgz.exe
  2⤵
  PID:5932
- C:\Windows\System\rvRCVfT.exe
  C:\Windows\System\rvRCVfT.exe
  2⤵
  PID:2572
- C:\Windows\System\eqvTHnG.exe
  C:\Windows\System\eqvTHnG.exe
  2⤵
  PID:4632
- C:\Windows\System\tgWZCzl.exe
  C:\Windows\System\tgWZCzl.exe
  2⤵
  PID:2324
- C:\Windows\System\vuUOQEC.exe
  C:\Windows\System\vuUOQEC.exe
  2⤵
  PID:5916
- C:\Windows\System\IKxUdoV.exe
  C:\Windows\System\IKxUdoV.exe
  2⤵
  PID:6080
- C:\Windows\System\rcJXzfL.exe
  C:\Windows\System\rcJXzfL.exe
  2⤵
  PID:6024
- C:\Windows\System\AfIrEyH.exe
  C:\Windows\System\AfIrEyH.exe
  2⤵
  PID:5384
- C:\Windows\System\BNFPilu.exe
  C:\Windows\System\BNFPilu.exe
  2⤵
  PID:5408
- C:\Windows\System\wasCmcN.exe
  C:\Windows\System\wasCmcN.exe
  2⤵
  PID:5452
- C:\Windows\System\DbSxRzZ.exe
  C:\Windows\System\DbSxRzZ.exe
  2⤵
  PID:5788
- C:\Windows\System\NkqeqaC.exe
  C:\Windows\System\NkqeqaC.exe
  2⤵
  PID:5512
- C:\Windows\System\mfGcxkl.exe
  C:\Windows\System\mfGcxkl.exe
  2⤵
  PID:2668
- C:\Windows\System\dIttITi.exe
  C:\Windows\System\dIttITi.exe
  2⤵
  PID:4432
- C:\Windows\System\UahMVEL.exe
  C:\Windows\System\UahMVEL.exe
  2⤵
  PID:5656
- C:\Windows\System\qZXGvyu.exe
  C:\Windows\System\qZXGvyu.exe
  2⤵
  PID:5996
- C:\Windows\System\CQDwllv.exe
  C:\Windows\System\CQDwllv.exe
  2⤵
  PID:5496
- C:\Windows\System\OAvThRM.exe
  C:\Windows\System\OAvThRM.exe
  2⤵
  PID:5936
- C:\Windows\System\NMyrfsu.exe
  C:\Windows\System\NMyrfsu.exe
  2⤵
  PID:6044
- C:\Windows\System\QHRxrGj.exe
  C:\Windows\System\QHRxrGj.exe
  2⤵
  PID:2080
- C:\Windows\System\chFYDHR.exe
  C:\Windows\System\chFYDHR.exe
  2⤵
  PID:5420
- C:\Windows\System\uHjTrTB.exe
  C:\Windows\System\uHjTrTB.exe
  2⤵
  PID:6060
- C:\Windows\System\rjuYXyI.exe
  C:\Windows\System\rjuYXyI.exe
  2⤵
  PID:2916
- C:\Windows\System\gupUElw.exe
  C:\Windows\System\gupUElw.exe
  2⤵
  PID:4760
- C:\Windows\System\BmvkSUJ.exe
  C:\Windows\System\BmvkSUJ.exe
  2⤵
  PID:2092
- C:\Windows\System\ahFVdcc.exe
  C:\Windows\System\ahFVdcc.exe
  2⤵
  PID:5436
- C:\Windows\System\arBpOhj.exe
  C:\Windows\System\arBpOhj.exe
  2⤵
  PID:5248
- C:\Windows\System\JMRLcfU.exe
  C:\Windows\System\JMRLcfU.exe
  2⤵
  PID:4788
- C:\Windows\System\jqmHVRh.exe
  C:\Windows\System\jqmHVRh.exe
  2⤵
  PID:964
- C:\Windows\System\LJbUwSI.exe
  C:\Windows\System\LJbUwSI.exe
  2⤵
  PID:5752
- C:\Windows\System\SEQJtjY.exe
  C:\Windows\System\SEQJtjY.exe
  2⤵
  PID:5548
- C:\Windows\System\JEiZyoG.exe
  C:\Windows\System\JEiZyoG.exe
  2⤵
  PID:5444
- C:\Windows\System\DEldhwZ.exe
  C:\Windows\System\DEldhwZ.exe
  2⤵
  PID:5860
- C:\Windows\System\FMYyYIM.exe
  C:\Windows\System\FMYyYIM.exe
  2⤵
  PID:4156
- C:\Windows\System\ENxPyvt.exe
  C:\Windows\System\ENxPyvt.exe
  2⤵
  PID:2376
- C:\Windows\System\GodIofA.exe
  C:\Windows\System\GodIofA.exe
  2⤵
  PID:1628
- C:\Windows\System\ytHhqGW.exe
  C:\Windows\System\ytHhqGW.exe
  2⤵
  PID:1096
- C:\Windows\System\ykpWQgp.exe
  C:\Windows\System\ykpWQgp.exe
  2⤵
  PID:1204
- C:\Windows\System\bnWrtOD.exe
  C:\Windows\System\bnWrtOD.exe
  2⤵
  PID:2620
- C:\Windows\System\ijkZodB.exe
  C:\Windows\System\ijkZodB.exe
  2⤵
  PID:1684
- C:\Windows\System\ymMFcih.exe
  C:\Windows\System\ymMFcih.exe
  2⤵
  PID:2184
- C:\Windows\System\ygEVkDd.exe
  C:\Windows\System\ygEVkDd.exe
  2⤵
  PID:908
- C:\Windows\System\RECzmet.exe
  C:\Windows\System\RECzmet.exe
  2⤵
  PID:4484
- C:\Windows\System\znygdEX.exe
  C:\Windows\System\znygdEX.exe
  2⤵
  PID:2308
- C:\Windows\System\RBiWstH.exe
  C:\Windows\System\RBiWstH.exe
  2⤵
  PID:4672
- C:\Windows\System\SEeXJsE.exe
  C:\Windows\System\SEeXJsE.exe
  2⤵
  PID:1344
- C:\Windows\System\tqeEgxD.exe
  C:\Windows\System\tqeEgxD.exe
  2⤵
  PID:6100
- C:\Windows\System\avLPpxJ.exe
  C:\Windows\System\avLPpxJ.exe
  2⤵
  PID:2948
- C:\Windows\System\weYprCQ.exe
  C:\Windows\System\weYprCQ.exe
  2⤵
  PID:6160
- C:\Windows\System\BqYtUAU.exe
  C:\Windows\System\BqYtUAU.exe
  2⤵
  PID:6180
- C:\Windows\System\ZMvWqzA.exe
  C:\Windows\System\ZMvWqzA.exe
  2⤵
  PID:6196
- C:\Windows\System\Ezjqzrd.exe
  C:\Windows\System\Ezjqzrd.exe
  2⤵
  PID:6216
- C:\Windows\System\GNPtnXQ.exe
  C:\Windows\System\GNPtnXQ.exe
  2⤵
  PID:6232
- C:\Windows\System\XElxTAD.exe
  C:\Windows\System\XElxTAD.exe
  2⤵
  PID:6252
- C:\Windows\System\TNCcQDv.exe
  C:\Windows\System\TNCcQDv.exe
  2⤵
  PID:6268
- C:\Windows\System\vivtHLw.exe
  C:\Windows\System\vivtHLw.exe
  2⤵
  PID:6284
- C:\Windows\System\hYUYacy.exe
  C:\Windows\System\hYUYacy.exe
  2⤵
  PID:6300
- C:\Windows\System\GajRmEn.exe
  C:\Windows\System\GajRmEn.exe
  2⤵
  PID:6316
- C:\Windows\System\mQgwykV.exe
  C:\Windows\System\mQgwykV.exe
  2⤵
  PID:6332
- C:\Windows\System\GhXXEok.exe
  C:\Windows\System\GhXXEok.exe
  2⤵
  PID:6348
- C:\Windows\System\TdYPDsZ.exe
  C:\Windows\System\TdYPDsZ.exe
  2⤵
  PID:6364
- C:\Windows\System\mxBGcAL.exe
  C:\Windows\System\mxBGcAL.exe
  2⤵
  PID:6380
- C:\Windows\System\OVWctZS.exe
  C:\Windows\System\OVWctZS.exe
  2⤵
  PID:6396
- C:\Windows\System\AXxpxNR.exe
  C:\Windows\System\AXxpxNR.exe
  2⤵
  PID:6412
- C:\Windows\System\YSUEFGs.exe
  C:\Windows\System\YSUEFGs.exe
  2⤵
  PID:6428
- C:\Windows\System\FHohLif.exe
  C:\Windows\System\FHohLif.exe
  2⤵
  PID:6444
- C:\Windows\System\laAFsIp.exe
  C:\Windows\System\laAFsIp.exe
  2⤵
  PID:6460
- C:\Windows\System\RMcYVyg.exe
  C:\Windows\System\RMcYVyg.exe
  2⤵
  PID:6476
- C:\Windows\System\Yieassp.exe
  C:\Windows\System\Yieassp.exe
  2⤵
  PID:6492
- C:\Windows\System\XWohRKC.exe
  C:\Windows\System\XWohRKC.exe
  2⤵
  PID:6508
- C:\Windows\System\AIGCoAW.exe
  C:\Windows\System\AIGCoAW.exe
  2⤵
  PID:6528
- C:\Windows\System\hzsTFnC.exe
  C:\Windows\System\hzsTFnC.exe
  2⤵
  PID:6544
- C:\Windows\System\avEMSyp.exe
  C:\Windows\System\avEMSyp.exe
  2⤵
  PID:6560
- C:\Windows\System\cxJwCID.exe
  C:\Windows\System\cxJwCID.exe
  2⤵
  PID:6576
- C:\Windows\System\CGxyBss.exe
  C:\Windows\System\CGxyBss.exe
  2⤵
  PID:6592
- C:\Windows\System\bCOyyQD.exe
  C:\Windows\System\bCOyyQD.exe
  2⤵
  PID:6608
- C:\Windows\System\XVyaPvi.exe
  C:\Windows\System\XVyaPvi.exe
  2⤵
  PID:6624
- C:\Windows\System\jBQSSEg.exe
  C:\Windows\System\jBQSSEg.exe
  2⤵
  PID:6640
- C:\Windows\System\nNdKHDN.exe
  C:\Windows\System\nNdKHDN.exe
  2⤵
  PID:6656
- C:\Windows\System\uNwIAZm.exe
  C:\Windows\System\uNwIAZm.exe
  2⤵
  PID:6672
- C:\Windows\System\KZXJeym.exe
  C:\Windows\System\KZXJeym.exe
  2⤵
  PID:6688
- C:\Windows\System\wrwNdOD.exe
  C:\Windows\System\wrwNdOD.exe
  2⤵
  PID:6704
- C:\Windows\System\qaHjaJi.exe
  C:\Windows\System\qaHjaJi.exe
  2⤵
  PID:6720
- C:\Windows\System\xyqYkhl.exe
  C:\Windows\System\xyqYkhl.exe
  2⤵
  PID:6736
- C:\Windows\System\dELWDAN.exe
  C:\Windows\System\dELWDAN.exe
  2⤵
  PID:6752
- C:\Windows\System\VMIiUhs.exe
  C:\Windows\System\VMIiUhs.exe
  2⤵
  PID:6768
- C:\Windows\System\cIEFBLZ.exe
  C:\Windows\System\cIEFBLZ.exe
  2⤵
  PID:6784
- C:\Windows\System\yxKgZBZ.exe
  C:\Windows\System\yxKgZBZ.exe
  2⤵
  PID:6800
- C:\Windows\System\TusXfNW.exe
  C:\Windows\System\TusXfNW.exe
  2⤵
  PID:6816
- C:\Windows\System\XFsvyvh.exe
  C:\Windows\System\XFsvyvh.exe
  2⤵
  PID:6832
- C:\Windows\System\GPcyHRt.exe
  C:\Windows\System\GPcyHRt.exe
  2⤵
  PID:6856
- C:\Windows\System\DoHYotA.exe
  C:\Windows\System\DoHYotA.exe
  2⤵
  PID:6872
- C:\Windows\System\sIfwrKY.exe
  C:\Windows\System\sIfwrKY.exe
  2⤵
  PID:6896
- C:\Windows\System\CMlfvUF.exe
  C:\Windows\System\CMlfvUF.exe
  2⤵
  PID:6916
- C:\Windows\System\VRIrfRQ.exe
  C:\Windows\System\VRIrfRQ.exe
  2⤵
  PID:6932
- C:\Windows\System\cvfKnFP.exe
  C:\Windows\System\cvfKnFP.exe
  2⤵
  PID:6952
- C:\Windows\System\QEDfwDP.exe
  C:\Windows\System\QEDfwDP.exe
  2⤵
  PID:7040
- C:\Windows\System\YkMOGFa.exe
  C:\Windows\System\YkMOGFa.exe
  2⤵
  PID:7120
- C:\Windows\System\dinSGOr.exe
  C:\Windows\System\dinSGOr.exe
  2⤵
  PID:7136
- C:\Windows\System\nwiwBqA.exe
  C:\Windows\System\nwiwBqA.exe
  2⤵
  PID:7152
- C:\Windows\System\EkoQYqZ.exe
  C:\Windows\System\EkoQYqZ.exe
  2⤵
  PID:6204
- C:\Windows\System\SoEFWXw.exe
  C:\Windows\System\SoEFWXw.exe
  2⤵
  PID:5364
- C:\Windows\System\PAEhCrw.exe
  C:\Windows\System\PAEhCrw.exe
  2⤵
  PID:6264
- C:\Windows\System\xfNqcMV.exe
  C:\Windows\System\xfNqcMV.exe
  2⤵
  PID:6296
- C:\Windows\System\yOKZgav.exe
  C:\Windows\System\yOKZgav.exe
  2⤵
  PID:2760
- C:\Windows\System\WqrLxTv.exe
  C:\Windows\System\WqrLxTv.exe
  2⤵
  PID:6228
- C:\Windows\System\RasTzLj.exe
  C:\Windows\System\RasTzLj.exe
  2⤵
  PID:2748
- C:\Windows\System\oHYeVQH.exe
  C:\Windows\System\oHYeVQH.exe
  2⤵
  PID:6424
- C:\Windows\System\YUmRRmi.exe
  C:\Windows\System\YUmRRmi.exe
  2⤵
  PID:6516
- C:\Windows\System\sHLTPcN.exe
  C:\Windows\System\sHLTPcN.exe
  2⤵
  PID:6456
- C:\Windows\System\uyVCMtt.exe
  C:\Windows\System\uyVCMtt.exe
  2⤵
  PID:6588
- C:\Windows\System\qSWMEks.exe
  C:\Windows\System\qSWMEks.exe
  2⤵
  PID:6312
- C:\Windows\System\NDjUeAr.exe
  C:\Windows\System\NDjUeAr.exe
  2⤵
  PID:2788
- C:\Windows\System\kSyBzrs.exe
  C:\Windows\System\kSyBzrs.exe
  2⤵
  PID:2824
- C:\Windows\System\YABUdyK.exe
  C:\Windows\System\YABUdyK.exe
  2⤵
  PID:6408
- C:\Windows\System\XvflOAY.exe
  C:\Windows\System\XvflOAY.exe
  2⤵
  PID:6472
- C:\Windows\System\TXgvcXA.exe
  C:\Windows\System\TXgvcXA.exe
  2⤵
  PID:6540
- C:\Windows\System\TphNmbb.exe
  C:\Windows\System\TphNmbb.exe
  2⤵
  PID:6604
- C:\Windows\System\AsnoOsv.exe
  C:\Windows\System\AsnoOsv.exe
  2⤵
  PID:6668
- C:\Windows\System\fqdrrIa.exe
  C:\Windows\System\fqdrrIa.exe
  2⤵
  PID:5048
- C:\Windows\System\SjoRDxO.exe
  C:\Windows\System\SjoRDxO.exe
  2⤵
  PID:2680
- C:\Windows\System\HRFfhbk.exe
  C:\Windows\System\HRFfhbk.exe
  2⤵
  PID:6792
- C:\Windows\System\CLlJlcO.exe
  C:\Windows\System\CLlJlcO.exe
  2⤵
  PID:5856
- C:\Windows\System\ETjjBRa.exe
  C:\Windows\System\ETjjBRa.exe
  2⤵
  PID:6824
- C:\Windows\System\KMaWBji.exe
  C:\Windows\System\KMaWBji.exe
  2⤵
  PID:6884
- C:\Windows\System\oVkYUBC.exe
  C:\Windows\System\oVkYUBC.exe
  2⤵
  PID:6964
- C:\Windows\System\iBzfpMa.exe
  C:\Windows\System\iBzfpMa.exe
  2⤵
  PID:7016
- C:\Windows\System\PNpQzJJ.exe
  C:\Windows\System\PNpQzJJ.exe
  2⤵
  PID:1476
- C:\Windows\System\XmaZjGj.exe
  C:\Windows\System\XmaZjGj.exe
  2⤵
  PID:2168
- C:\Windows\System\bksaBxL.exe
  C:\Windows\System\bksaBxL.exe
  2⤵
  PID:1624
- C:\Windows\System\QxSuUlx.exe
  C:\Windows\System\QxSuUlx.exe
  2⤵
  PID:1824
- C:\Windows\System\zEJldmM.exe
  C:\Windows\System\zEJldmM.exe
  2⤵
  PID:7080
- C:\Windows\System\GklgPoA.exe
  C:\Windows\System\GklgPoA.exe
  2⤵
  PID:7096
- C:\Windows\System\QBHkqPx.exe
  C:\Windows\System\QBHkqPx.exe
  2⤵
  PID:4412
- C:\Windows\System\PPyzKLi.exe
  C:\Windows\System\PPyzKLi.exe
  2⤵
  PID:2436
- C:\Windows\System\jMVacYL.exe
  C:\Windows\System\jMVacYL.exe
  2⤵
  PID:7144
- C:\Windows\System\ZBEmSBN.exe
  C:\Windows\System\ZBEmSBN.exe
  2⤵
  PID:6260
- C:\Windows\System\tOTBpUF.exe
  C:\Windows\System\tOTBpUF.exe
  2⤵
  PID:6488
- C:\Windows\System\povmfuf.exe
  C:\Windows\System\povmfuf.exe
  2⤵
  PID:6308
- C:\Windows\System\MwlyKTv.exe
  C:\Windows\System\MwlyKTv.exe
  2⤵
  PID:6572
- C:\Windows\System\QZLyzGD.exe
  C:\Windows\System\QZLyzGD.exe
  2⤵
  PID:6760
- C:\Windows\System\gujAdcL.exe
  C:\Windows\System\gujAdcL.exe
  2⤵
  PID:6504
- C:\Windows\System\dxIQCMM.exe
  C:\Windows\System\dxIQCMM.exe
  2⤵
  PID:2780
- C:\Windows\System\yTawYFZ.exe
  C:\Windows\System\yTawYFZ.exe
  2⤵
  PID:6524
- C:\Windows\System\tnCkMOG.exe
  C:\Windows\System\tnCkMOG.exe
  2⤵
  PID:6812
- C:\Windows\System\uNiCbvk.exe
  C:\Windows\System\uNiCbvk.exe
  2⤵
  PID:6940
- C:\Windows\System\nCVBRCJ.exe
  C:\Windows\System\nCVBRCJ.exe
  2⤵
  PID:6924
- C:\Windows\System\xJFoSHB.exe
  C:\Windows\System\xJFoSHB.exe
  2⤵
  PID:7048
- C:\Windows\System\exLLFpF.exe
  C:\Windows\System\exLLFpF.exe
  2⤵
  PID:7008
- C:\Windows\System\OszGBqI.exe
  C:\Windows\System\OszGBqI.exe
  2⤵
  PID:7024
- C:\Windows\System\DCGMQnf.exe
  C:\Windows\System\DCGMQnf.exe
  2⤵
  PID:1524
- C:\Windows\System\UqBzRAB.exe
  C:\Windows\System\UqBzRAB.exe
  2⤵
  PID:3012
- C:\Windows\System\raeDhFV.exe
  C:\Windows\System\raeDhFV.exe
  2⤵
  PID:1996
- C:\Windows\System\VaFhzam.exe
  C:\Windows\System\VaFhzam.exe
  2⤵
  PID:7100
- C:\Windows\System\jSgvLOy.exe
  C:\Windows\System\jSgvLOy.exe
  2⤵
  PID:4416
- C:\Windows\System\gkgjNFy.exe
  C:\Windows\System\gkgjNFy.exe
  2⤵
  PID:1316
- C:\Windows\System\eoGJELb.exe
  C:\Windows\System\eoGJELb.exe
  2⤵
  PID:6240
- C:\Windows\System\ACaQjTr.exe
  C:\Windows\System\ACaQjTr.exe
  2⤵
  PID:2800
- C:\Windows\System\KmlTSit.exe
  C:\Windows\System\KmlTSit.exe
  2⤵
  PID:7132
- C:\Windows\System\ksmtSxj.exe
  C:\Windows\System\ksmtSxj.exe
  2⤵
  PID:5476
- C:\Windows\System\sIRFAMD.exe
  C:\Windows\System\sIRFAMD.exe
  2⤵
  PID:6552
- C:\Windows\System\QbZlPuU.exe
  C:\Windows\System\QbZlPuU.exe
  2⤵
  PID:6392
- C:\Windows\System\zaGRxBg.exe
  C:\Windows\System\zaGRxBg.exe
  2⤵
  PID:6376
- C:\Windows\System\msPKDYF.exe
  C:\Windows\System\msPKDYF.exe
  2⤵
  PID:7068
- C:\Windows\System\CWGKAyA.exe
  C:\Windows\System\CWGKAyA.exe
  2⤵
  PID:6664
- C:\Windows\System\BTqUFxU.exe
  C:\Windows\System\BTqUFxU.exe
  2⤵
  PID:6840
- C:\Windows\System\BuaYkdv.exe
  C:\Windows\System\BuaYkdv.exe
  2⤵
  PID:7056
- C:\Windows\System\eljLuTN.exe
  C:\Windows\System\eljLuTN.exe
  2⤵
  PID:7076
- C:\Windows\System\wGjpJoi.exe
  C:\Windows\System\wGjpJoi.exe
  2⤵
  PID:7108
- C:\Windows\System\LmgjZbl.exe
  C:\Windows\System\LmgjZbl.exe
  2⤵
  PID:6852
- C:\Windows\System\kXRbvga.exe
  C:\Windows\System\kXRbvga.exe
  2⤵
  PID:7112
- C:\Windows\System\cnmJBbS.exe
  C:\Windows\System\cnmJBbS.exe
  2⤵
  PID:7128
- C:\Windows\System\XdULVrN.exe
  C:\Windows\System\XdULVrN.exe
  2⤵
  PID:6176
- C:\Windows\System\UWIfCDn.exe
  C:\Windows\System\UWIfCDn.exe
  2⤵
  PID:1120
- C:\Windows\System\ImcNxjq.exe
  C:\Windows\System\ImcNxjq.exe
  2⤵
  PID:7012
- C:\Windows\System\rYzYJMX.exe
  C:\Windows\System\rYzYJMX.exe
  2⤵
  PID:4260
- C:\Windows\System\hUmvOUQ.exe
  C:\Windows\System\hUmvOUQ.exe
  2⤵
  PID:3060
- C:\Windows\System\ZMtvMCI.exe
  C:\Windows\System\ZMtvMCI.exe
  2⤵
  PID:6224
- C:\Windows\System\MNPcfOD.exe
  C:\Windows\System\MNPcfOD.exe
  2⤵
  PID:6748
- C:\Windows\System\wKOtrzh.exe
  C:\Windows\System\wKOtrzh.exe
  2⤵
  PID:6280
- C:\Windows\System\RvvIYME.exe
  C:\Windows\System\RvvIYME.exe
  2⤵
  PID:6636
- C:\Windows\System\VtQhtoY.exe
  C:\Windows\System\VtQhtoY.exe
  2⤵
  PID:6944
- C:\Windows\System\rIOpGTk.exe
  C:\Windows\System\rIOpGTk.exe
  2⤵
  PID:6960
- C:\Windows\System\MMpLXNE.exe
  C:\Windows\System\MMpLXNE.exe
  2⤵
  PID:6156
- C:\Windows\System\VtzUBcP.exe
  C:\Windows\System\VtzUBcP.exe
  2⤵
  PID:756
- C:\Windows\System\yWoRLCo.exe
  C:\Windows\System\yWoRLCo.exe
  2⤵
  PID:4952
- C:\Windows\System\sgQFrVo.exe
  C:\Windows\System\sgQFrVo.exe
  2⤵
  PID:1936
- C:\Windows\System\dlzsiAf.exe
  C:\Windows\System\dlzsiAf.exe
  2⤵
  PID:7092
- C:\Windows\System\CthYRqT.exe
  C:\Windows\System\CthYRqT.exe
  2⤵
  PID:1184
- C:\Windows\System\tqzvwAv.exe
  C:\Windows\System\tqzvwAv.exe
  2⤵
  PID:6652
- C:\Windows\System\ICjkqKY.exe
  C:\Windows\System\ICjkqKY.exe
  2⤵
  PID:4428
- C:\Windows\System\zNKfMZd.exe
  C:\Windows\System\zNKfMZd.exe
  2⤵
  PID:2648
- C:\Windows\System\cmwYRYg.exe
  C:\Windows\System\cmwYRYg.exe
  2⤵
  PID:5980
- C:\Windows\System\xUvCJQq.exe
  C:\Windows\System\xUvCJQq.exe
  2⤵
  PID:7116
- C:\Windows\System\MOSqCao.exe
  C:\Windows\System\MOSqCao.exe
  2⤵
  PID:7004
- C:\Windows\System\QppXlIC.exe
  C:\Windows\System\QppXlIC.exe
  2⤵
  PID:6684
- C:\Windows\System\hNqqcIb.exe
  C:\Windows\System\hNqqcIb.exe
  2⤵
  PID:6864
- C:\Windows\System\UpqAIuW.exe
  C:\Windows\System\UpqAIuW.exe
  2⤵
  PID:1960
- C:\Windows\System\RzuMwVv.exe
  C:\Windows\System\RzuMwVv.exe
  2⤵
  PID:7180
- C:\Windows\System\yfgJquJ.exe
  C:\Windows\System\yfgJquJ.exe
  2⤵
  PID:7196
- C:\Windows\System\HoHZXPj.exe
  C:\Windows\System\HoHZXPj.exe
  2⤵
  PID:7216
- C:\Windows\System\iVHdmoO.exe
  C:\Windows\System\iVHdmoO.exe
  2⤵
  PID:7240
- C:\Windows\System\ikypZXx.exe
  C:\Windows\System\ikypZXx.exe
  2⤵
  PID:7260
- C:\Windows\System\HeJkWQM.exe
  C:\Windows\System\HeJkWQM.exe
  2⤵
  PID:7280
- C:\Windows\System\ygeWyBw.exe
  C:\Windows\System\ygeWyBw.exe
  2⤵
  PID:7296
- C:\Windows\System\czmsMJF.exe
  C:\Windows\System\czmsMJF.exe
  2⤵
  PID:7316
- C:\Windows\System\hBrUpvm.exe
  C:\Windows\System\hBrUpvm.exe
  2⤵
  PID:7336
- C:\Windows\System\vEmIDQo.exe
  C:\Windows\System\vEmIDQo.exe
  2⤵
  PID:7352
- C:\Windows\System\mwRsang.exe
  C:\Windows\System\mwRsang.exe
  2⤵
  PID:7368
- C:\Windows\System\dEKCrsO.exe
  C:\Windows\System\dEKCrsO.exe
  2⤵
  PID:7388
- C:\Windows\System\dYgbCcc.exe
  C:\Windows\System\dYgbCcc.exe
  2⤵
  PID:7408
- C:\Windows\System\ooRRkzb.exe
  C:\Windows\System\ooRRkzb.exe
  2⤵
  PID:7424
- C:\Windows\System\YAYMvyx.exe
  C:\Windows\System\YAYMvyx.exe
  2⤵
  PID:7440
- C:\Windows\System\ZFrvGQa.exe
  C:\Windows\System\ZFrvGQa.exe
  2⤵
  PID:7460
- C:\Windows\System\CrkPzqf.exe
  C:\Windows\System\CrkPzqf.exe
  2⤵
  PID:7480
- C:\Windows\System\TpNKkTg.exe
  C:\Windows\System\TpNKkTg.exe
  2⤵
  PID:7504
- C:\Windows\System\tLzNLfN.exe
  C:\Windows\System\tLzNLfN.exe
  2⤵
  PID:7520
- C:\Windows\System\syLOtBy.exe
  C:\Windows\System\syLOtBy.exe
  2⤵
  PID:7544
- C:\Windows\System\gSJvmKP.exe
  C:\Windows\System\gSJvmKP.exe
  2⤵
  PID:7612
- C:\Windows\System\gMufLfB.exe
  C:\Windows\System\gMufLfB.exe
  2⤵
  PID:7628
- C:\Windows\System\QSaMgtG.exe
  C:\Windows\System\QSaMgtG.exe
  2⤵
  PID:7648
- C:\Windows\System\cpSZbVa.exe
  C:\Windows\System\cpSZbVa.exe
  2⤵
  PID:7664
- C:\Windows\System\eLEgJcf.exe
  C:\Windows\System\eLEgJcf.exe
  2⤵
  PID:7680
- C:\Windows\System\wLyXJGf.exe
  C:\Windows\System\wLyXJGf.exe
  2⤵
  PID:7696
- C:\Windows\System\vBXsNjo.exe
  C:\Windows\System\vBXsNjo.exe
  2⤵
  PID:7716
- C:\Windows\System\RQojGfp.exe
  C:\Windows\System\RQojGfp.exe
  2⤵
  PID:7736
- C:\Windows\System\BgHqjRN.exe
  C:\Windows\System\BgHqjRN.exe
  2⤵
  PID:7752
- C:\Windows\System\FpbkmfY.exe
  C:\Windows\System\FpbkmfY.exe
  2⤵
  PID:7768
- C:\Windows\System\VWajjia.exe
  C:\Windows\System\VWajjia.exe
  2⤵
  PID:7784
- C:\Windows\System\KnFxdhN.exe
  C:\Windows\System\KnFxdhN.exe
  2⤵
  PID:7800
- C:\Windows\System\uDgUHOT.exe
  C:\Windows\System\uDgUHOT.exe
  2⤵
  PID:7816
- C:\Windows\System\vCXvMvQ.exe
  C:\Windows\System\vCXvMvQ.exe
  2⤵
  PID:7840
- C:\Windows\System\Crozuhu.exe
  C:\Windows\System\Crozuhu.exe
  2⤵
  PID:7856
- C:\Windows\System\lMnrUby.exe
  C:\Windows\System\lMnrUby.exe
  2⤵
  PID:7876
- C:\Windows\System\Jmjulaw.exe
  C:\Windows\System\Jmjulaw.exe
  2⤵
  PID:7896
- C:\Windows\System\fvjFevJ.exe
  C:\Windows\System\fvjFevJ.exe
  2⤵
  PID:7928
- C:\Windows\System\oVMIXYg.exe
  C:\Windows\System\oVMIXYg.exe
  2⤵
  PID:7944
- C:\Windows\System\rdVNSfT.exe
  C:\Windows\System\rdVNSfT.exe
  2⤵
  PID:7960
- C:\Windows\System\uuDyOLs.exe
  C:\Windows\System\uuDyOLs.exe
  2⤵
  PID:7976
- C:\Windows\System\IsWLVzy.exe
  C:\Windows\System\IsWLVzy.exe
  2⤵
  PID:8036
- C:\Windows\System\bBVgnXz.exe
  C:\Windows\System\bBVgnXz.exe
  2⤵
  PID:8052
- C:\Windows\System\WwxxMaz.exe
  C:\Windows\System\WwxxMaz.exe
  2⤵
  PID:8068
- C:\Windows\System\wosbzBI.exe
  C:\Windows\System\wosbzBI.exe
  2⤵
  PID:8088
- C:\Windows\System\URePjUr.exe
  C:\Windows\System\URePjUr.exe
  2⤵
  PID:8104
- C:\Windows\System\fdrUmpj.exe
  C:\Windows\System\fdrUmpj.exe
  2⤵
  PID:8120
- C:\Windows\System\aCLndgL.exe
  C:\Windows\System\aCLndgL.exe
  2⤵
  PID:8136
- C:\Windows\System\AMeHFQL.exe
  C:\Windows\System\AMeHFQL.exe
  2⤵
  PID:8152
- C:\Windows\System\ZkGLJut.exe
  C:\Windows\System\ZkGLJut.exe
  2⤵
  PID:8168
- C:\Windows\System\XoKwLRa.exe
  C:\Windows\System\XoKwLRa.exe
  2⤵
  PID:5180
- C:\Windows\System\MgNFnJc.exe
  C:\Windows\System\MgNFnJc.exe
  2⤵
  PID:2644
- C:\Windows\System\JrYxCpB.exe
  C:\Windows\System\JrYxCpB.exe
  2⤵
  PID:7360
- C:\Windows\System\wzWzAVl.exe
  C:\Windows\System\wzWzAVl.exe
  2⤵
  PID:7400
- C:\Windows\System\DEuFVmw.exe
  C:\Windows\System\DEuFVmw.exe
  2⤵
  PID:7472
- C:\Windows\System\tPdjphp.exe
  C:\Windows\System\tPdjphp.exe
  2⤵
  PID:7552
- C:\Windows\System\qPOlsZP.exe
  C:\Windows\System\qPOlsZP.exe
  2⤵
  PID:7572
- C:\Windows\System\HndxYec.exe
  C:\Windows\System\HndxYec.exe
  2⤵
  PID:7584
- C:\Windows\System\NDKYQES.exe
  C:\Windows\System\NDKYQES.exe
  2⤵
  PID:1676
- C:\Windows\System\xOraEwh.exe
  C:\Windows\System\xOraEwh.exe
  2⤵
  PID:7272
- C:\Windows\System\RpYhrgW.exe
  C:\Windows\System\RpYhrgW.exe
  2⤵
  PID:6808
- C:\Windows\System\wlxFutC.exe
  C:\Windows\System\wlxFutC.exe
  2⤵
  PID:7228
- C:\Windows\System\IcBHskF.exe
  C:\Windows\System\IcBHskF.exe
  2⤵
  PID:7268
- C:\Windows\System\KxIxOLp.exe
  C:\Windows\System\KxIxOLp.exe
  2⤵
  PID:7348
- C:\Windows\System\hflHvxP.exe
  C:\Windows\System\hflHvxP.exe
  2⤵
  PID:7420
- C:\Windows\System\VlBavbq.exe
  C:\Windows\System\VlBavbq.exe
  2⤵
  PID:7492
- C:\Windows\System\gLCCtjL.exe
  C:\Windows\System\gLCCtjL.exe
  2⤵
  PID:7532
- C:\Windows\System\wfwJiYH.exe
  C:\Windows\System\wfwJiYH.exe
  2⤵
  PID:7600
- C:\Windows\System\eyrwAdn.exe
  C:\Windows\System\eyrwAdn.exe
  2⤵
  PID:7636
- C:\Windows\System\sUUCMAy.exe
  C:\Windows\System\sUUCMAy.exe
  2⤵
  PID:7676
- C:\Windows\System\pNSxEwN.exe
  C:\Windows\System\pNSxEwN.exe
  2⤵
  PID:7748
- C:\Windows\System\iooAwtA.exe
  C:\Windows\System\iooAwtA.exe
  2⤵
  PID:7812
- C:\Windows\System\oBJRZgw.exe
  C:\Windows\System\oBJRZgw.exe
  2⤵
  PID:7692
- C:\Windows\System\hHIfoAi.exe
  C:\Windows\System\hHIfoAi.exe
  2⤵
  PID:7660
- C:\Windows\System\JFzmBTQ.exe
  C:\Windows\System\JFzmBTQ.exe
  2⤵
  PID:7712
- C:\Windows\System\sFHJzqL.exe
  C:\Windows\System\sFHJzqL.exe
  2⤵
  PID:8048
- C:\Windows\System\UtdAGBe.exe
  C:\Windows\System\UtdAGBe.exe
  2⤵
  PID:8116
- C:\Windows\System\RQUXImS.exe
  C:\Windows\System\RQUXImS.exe
  2⤵
  PID:7984
- C:\Windows\System\OBrvifg.exe
  C:\Windows\System\OBrvifg.exe
  2⤵
  PID:8024
- C:\Windows\System\YWOqltq.exe
  C:\Windows\System\YWOqltq.exe
  2⤵
  PID:8004
- C:\Windows\System\HBhgriF.exe
  C:\Windows\System\HBhgriF.exe
  2⤵
  PID:8184
- C:\Windows\System\yOjzVbr.exe
  C:\Windows\System\yOjzVbr.exe
  2⤵
  PID:8100
- C:\Windows\System\XMDbWwD.exe
  C:\Windows\System\XMDbWwD.exe
  2⤵
  PID:8064
- C:\Windows\System\vUbSztO.exe
  C:\Windows\System\vUbSztO.exe
  2⤵
  PID:8164
- C:\Windows\System\ysYqHzM.exe
  C:\Windows\System\ysYqHzM.exe
  2⤵
  PID:7208
- C:\Windows\System\nECIKnn.exe
  C:\Windows\System\nECIKnn.exe
  2⤵
  PID:7576
- C:\Windows\System\TWsrfeI.exe
  C:\Windows\System\TWsrfeI.exe
  2⤵
  PID:7516
- C:\Windows\System\vgLYUWP.exe
  C:\Windows\System\vgLYUWP.exe
  2⤵
  PID:7468
- C:\Windows\System\AMwjVdj.exe
  C:\Windows\System\AMwjVdj.exe
  2⤵
  PID:6908
- C:\Windows\System\dQsFaTm.exe
  C:\Windows\System\dQsFaTm.exe
  2⤵
  PID:7276
- C:\Windows\System\RNshasj.exe
  C:\Windows\System\RNshasj.exe
  2⤵
  PID:7496
- C:\Windows\System\TPdYEZW.exe
  C:\Windows\System\TPdYEZW.exe
  2⤵
  PID:7560
- C:\Windows\System\sEiPTYJ.exe
  C:\Windows\System\sEiPTYJ.exe
  2⤵
  PID:7808
- C:\Windows\System\idjDddo.exe
  C:\Windows\System\idjDddo.exe
  2⤵
  PID:7620
- C:\Windows\System\xfTUoac.exe
  C:\Windows\System\xfTUoac.exe
  2⤵
  PID:7644
- C:\Windows\System\WvrGOfo.exe
  C:\Windows\System\WvrGOfo.exe
  2⤵
  PID:7764
- C:\Windows\System\xhJFWFl.exe
  C:\Windows\System\xhJFWFl.exe
  2⤵
  PID:7864
- C:\Windows\System\sVlaoub.exe
  C:\Windows\System\sVlaoub.exe
  2⤵
  PID:7824
- C:\Windows\System\mrxacAV.exe
  C:\Windows\System\mrxacAV.exe
  2⤵
  PID:7832
- C:\Windows\System\IhzWpbu.exe
  C:\Windows\System\IhzWpbu.exe
  2⤵
  PID:7968
- C:\Windows\System\aPCsyHq.exe
  C:\Windows\System\aPCsyHq.exe
  2⤵
  PID:7920
- C:\Windows\System\ArcTkib.exe
  C:\Windows\System\ArcTkib.exe
  2⤵
  PID:8044
- C:\Windows\System\ZXFlEKS.exe
  C:\Windows\System\ZXFlEKS.exe
  2⤵
  PID:8148
- C:\Windows\System\YAJsCal.exe
  C:\Windows\System\YAJsCal.exe
  2⤵
  PID:8132
- C:\Windows\System\WmtLUtf.exe
  C:\Windows\System\WmtLUtf.exe
  2⤵
  PID:7992
- C:\Windows\System\KNmaofc.exe
  C:\Windows\System\KNmaofc.exe
  2⤵
  PID:6356
- C:\Windows\System\sTPmYwX.exe
  C:\Windows\System\sTPmYwX.exe
  2⤵
  PID:8160
- C:\Windows\System\gTDCLpq.exe
  C:\Windows\System\gTDCLpq.exe
  2⤵
  PID:7888
- C:\Windows\System\tGGeysg.exe
  C:\Windows\System\tGGeysg.exe
  2⤵
  PID:7328
- C:\Windows\System\HRBOVHf.exe
  C:\Windows\System\HRBOVHf.exe
  2⤵
  PID:7188
- C:\Windows\System\ttdXPre.exe
  C:\Windows\System\ttdXPre.exe
  2⤵
  PID:7236
- C:\Windows\System\CjyKaeg.exe
  C:\Windows\System\CjyKaeg.exe
  2⤵
  PID:7436
- C:\Windows\System\FUdSKfU.exe
  C:\Windows\System\FUdSKfU.exe
  2⤵
  PID:7380
- C:\Windows\System\XGxmGge.exe
  C:\Windows\System\XGxmGge.exe
  2⤵
  PID:7744
- C:\Windows\System\cGklOov.exe
  C:\Windows\System\cGklOov.exe
  2⤵
  PID:7836
- C:\Windows\System\EVIxWgP.exe
  C:\Windows\System\EVIxWgP.exe
  2⤵
  PID:7904
- C:\Windows\System\QhmzRGZ.exe
  C:\Windows\System\QhmzRGZ.exe
  2⤵
  PID:8016
- C:\Windows\System\VmkmHlh.exe
  C:\Windows\System\VmkmHlh.exe
  2⤵
  PID:7940
- C:\Windows\System\MJdhiBc.exe
  C:\Windows\System\MJdhiBc.exe
  2⤵
  PID:8180
- C:\Windows\System\jVzIqgd.exe
  C:\Windows\System\jVzIqgd.exe
  2⤵
  PID:7332
- C:\Windows\System\ZspIGzM.exe
  C:\Windows\System\ZspIGzM.exe
  2⤵
  PID:7448
- C:\Windows\System\cvGeaHU.exe
  C:\Windows\System\cvGeaHU.exe
  2⤵
  PID:3048
- C:\Windows\System\nnbNLTh.exe
  C:\Windows\System\nnbNLTh.exe
  2⤵
  PID:7404
- C:\Windows\System\IeYBpTA.exe
  C:\Windows\System\IeYBpTA.exe
  2⤵
  PID:7780
- C:\Windows\System\OmLULlB.exe
  C:\Windows\System\OmLULlB.exe
  2⤵
  PID:7936
- C:\Windows\System\SKBZwcf.exe
  C:\Windows\System\SKBZwcf.exe
  2⤵
  PID:7568
- C:\Windows\System\coxXvwb.exe
  C:\Windows\System\coxXvwb.exe
  2⤵
  PID:4140
- C:\Windows\System\wtpglCB.exe
  C:\Windows\System\wtpglCB.exe
  2⤵
  PID:7956
- C:\Windows\System\kuAWzvI.exe
  C:\Windows\System\kuAWzvI.exe
  2⤵
  PID:7252
- C:\Windows\System\ZZPritT.exe
  C:\Windows\System\ZZPritT.exe
  2⤵
  PID:7212
- C:\Windows\System\jRMvzMk.exe
  C:\Windows\System\jRMvzMk.exe
  2⤵
  PID:8208
- C:\Windows\System\zKPTsMP.exe
  C:\Windows\System\zKPTsMP.exe
  2⤵
  PID:8224
- C:\Windows\System\wmFdWaU.exe
  C:\Windows\System\wmFdWaU.exe
  2⤵
  PID:8240
- C:\Windows\System\hyyqOuX.exe
  C:\Windows\System\hyyqOuX.exe
  2⤵
  PID:8256
- C:\Windows\System\YzAHkUp.exe
  C:\Windows\System\YzAHkUp.exe
  2⤵
  PID:8272
- C:\Windows\System\HxWyhiE.exe
  C:\Windows\System\HxWyhiE.exe
  2⤵
  PID:8288
- C:\Windows\System\ZJXbhHp.exe
  C:\Windows\System\ZJXbhHp.exe
  2⤵
  PID:8304
- C:\Windows\System\frDgQkk.exe
  C:\Windows\System\frDgQkk.exe
  2⤵
  PID:8320
- C:\Windows\System\crhcNNZ.exe
  C:\Windows\System\crhcNNZ.exe
  2⤵
  PID:8340
- C:\Windows\System\AVOMpHH.exe
  C:\Windows\System\AVOMpHH.exe
  2⤵
  PID:8356
- C:\Windows\System\jngscKF.exe
  C:\Windows\System\jngscKF.exe
  2⤵
  PID:8372
- C:\Windows\System\BYHGbeS.exe
  C:\Windows\System\BYHGbeS.exe
  2⤵
  PID:8388
- C:\Windows\System\RYoStIz.exe
  C:\Windows\System\RYoStIz.exe
  2⤵
  PID:8404
- C:\Windows\System\ArZdsDI.exe
  C:\Windows\System\ArZdsDI.exe
  2⤵
  PID:8420
- C:\Windows\System\OvyywsI.exe
  C:\Windows\System\OvyywsI.exe
  2⤵
  PID:8436
- C:\Windows\System\GVngJqS.exe
  C:\Windows\System\GVngJqS.exe
  2⤵
  PID:8452
- C:\Windows\System\ukMfNOW.exe
  C:\Windows\System\ukMfNOW.exe
  2⤵
  PID:8468
- C:\Windows\System\vgoZzQB.exe
  C:\Windows\System\vgoZzQB.exe
  2⤵
  PID:8484
- C:\Windows\System\ldpkbXw.exe
  C:\Windows\System\ldpkbXw.exe
  2⤵
  PID:8500
- C:\Windows\System\csHyBBR.exe
  C:\Windows\System\csHyBBR.exe
  2⤵
  PID:8516
- C:\Windows\System\GcAJwkm.exe
  C:\Windows\System\GcAJwkm.exe
  2⤵
  PID:8532
- C:\Windows\System\kYSkOEu.exe
  C:\Windows\System\kYSkOEu.exe
  2⤵
  PID:8548
- C:\Windows\System\lpjOiUF.exe
  C:\Windows\System\lpjOiUF.exe
  2⤵
  PID:8564
- C:\Windows\System\aAENJzt.exe
  C:\Windows\System\aAENJzt.exe
  2⤵
  PID:8580
- C:\Windows\System\VOVuLrk.exe
  C:\Windows\System\VOVuLrk.exe
  2⤵
  PID:8596
- C:\Windows\System\pIEMBbD.exe
  C:\Windows\System\pIEMBbD.exe
  2⤵
  PID:8612
- C:\Windows\System\jyOPWTh.exe
  C:\Windows\System\jyOPWTh.exe
  2⤵
  PID:8628
- C:\Windows\System\BqnoJNy.exe
  C:\Windows\System\BqnoJNy.exe
  2⤵
  PID:8644
- C:\Windows\System\FLirBWW.exe
  C:\Windows\System\FLirBWW.exe
  2⤵
  PID:8660
- C:\Windows\System\grwZfHB.exe
  C:\Windows\System\grwZfHB.exe
  2⤵
  PID:8676
- C:\Windows\System\EvyfuuJ.exe
  C:\Windows\System\EvyfuuJ.exe
  2⤵
  PID:8692
- C:\Windows\System\PZkxqGe.exe
  C:\Windows\System\PZkxqGe.exe
  2⤵
  PID:8716
- C:\Windows\System\EcJqXlx.exe
  C:\Windows\System\EcJqXlx.exe
  2⤵
  PID:8732
- C:\Windows\System\WjBUIQK.exe
  C:\Windows\System\WjBUIQK.exe
  2⤵
  PID:8752
- C:\Windows\System\wuTReBP.exe
  C:\Windows\System\wuTReBP.exe
  2⤵
  PID:8768
- C:\Windows\System\IMAZWrW.exe
  C:\Windows\System\IMAZWrW.exe
  2⤵
  PID:8784
- C:\Windows\System\qukogHM.exe
  C:\Windows\System\qukogHM.exe
  2⤵
  PID:8800
- C:\Windows\System\IHIpvmE.exe
  C:\Windows\System\IHIpvmE.exe
  2⤵
  PID:8816
- C:\Windows\System\pOvmbOx.exe
  C:\Windows\System\pOvmbOx.exe
  2⤵
  PID:8844
- C:\Windows\System\RJMLRjq.exe
  C:\Windows\System\RJMLRjq.exe
  2⤵
  PID:8864
- C:\Windows\System\IUpQivt.exe
  C:\Windows\System\IUpQivt.exe
  2⤵
  PID:8880
- C:\Windows\System\GXbqEBI.exe
  C:\Windows\System\GXbqEBI.exe
  2⤵
  PID:8920
- C:\Windows\System\LxtDgkc.exe
  C:\Windows\System\LxtDgkc.exe
  2⤵
  PID:8984
- C:\Windows\System\YIDpHBo.exe
  C:\Windows\System\YIDpHBo.exe
  2⤵
  PID:9024
- C:\Windows\System\FXUxPAJ.exe
  C:\Windows\System\FXUxPAJ.exe
  2⤵
  PID:9040
- C:\Windows\System\gMdaHFy.exe
  C:\Windows\System\gMdaHFy.exe
  2⤵
  PID:9060
- C:\Windows\System\vgrfLti.exe
  C:\Windows\System\vgrfLti.exe
  2⤵
  PID:9120
- C:\Windows\System\dzNwNhT.exe
  C:\Windows\System\dzNwNhT.exe
  2⤵
  PID:9164
- C:\Windows\System\LhOwqdd.exe
  C:\Windows\System\LhOwqdd.exe
  2⤵
  PID:9208
- C:\Windows\System\UsQLDAG.exe
  C:\Windows\System\UsQLDAG.exe
  2⤵
  PID:8204
- C:\Windows\System\zFKxGrB.exe
  C:\Windows\System\zFKxGrB.exe
  2⤵
  PID:8268
- C:\Windows\System\Swbzyav.exe
  C:\Windows\System\Swbzyav.exe
  2⤵
  PID:8220
- C:\Windows\System\hwtpHdP.exe
  C:\Windows\System\hwtpHdP.exe
  2⤵
  PID:8396
- C:\Windows\System\sChLQNL.exe
  C:\Windows\System\sChLQNL.exe
  2⤵
  PID:8460
- C:\Windows\System\EascFXT.exe
  C:\Windows\System\EascFXT.exe
  2⤵
  PID:8524
- C:\Windows\System\KtJyLku.exe
  C:\Windows\System\KtJyLku.exe
  2⤵
  PID:8592
- C:\Windows\System\RsUXDLr.exe
  C:\Windows\System\RsUXDLr.exe
  2⤵
  PID:8656
- C:\Windows\System\tInHVfG.exe
  C:\Windows\System\tInHVfG.exe
  2⤵
  PID:8384
- C:\Windows\System\oBgNtzT.exe
  C:\Windows\System\oBgNtzT.exe
  2⤵
  PID:8476
- C:\Windows\System\zOJDehK.exe
  C:\Windows\System\zOJDehK.exe
  2⤵
  PID:8540
- C:\Windows\System\lnziVcA.exe
  C:\Windows\System\lnziVcA.exe
  2⤵
  PID:8604
- C:\Windows\System\ntjrcTy.exe
  C:\Windows\System\ntjrcTy.exe
  2⤵
  PID:8668
- C:\Windows\System\lCeTXPe.exe
  C:\Windows\System\lCeTXPe.exe
  2⤵
  PID:8744
- C:\Windows\System\tbXPIyc.exe
  C:\Windows\System\tbXPIyc.exe
  2⤵
  PID:8792
- C:\Windows\System\VwGaqYL.exe
  C:\Windows\System\VwGaqYL.exe
  2⤵
  PID:8808
- C:\Windows\System\iMMcxlr.exe
  C:\Windows\System\iMMcxlr.exe
  2⤵
  PID:8832
- C:\Windows\System\SsJOrEV.exe
  C:\Windows\System\SsJOrEV.exe
  2⤵
  PID:8872
- C:\Windows\System\AlgXsSR.exe
  C:\Windows\System\AlgXsSR.exe
  2⤵
  PID:8896
- C:\Windows\System\IIggfLY.exe
  C:\Windows\System\IIggfLY.exe
  2⤵
  PID:8904
- C:\Windows\System\muIpmSy.exe
  C:\Windows\System\muIpmSy.exe
  2⤵
  PID:8948
- C:\Windows\System\VhxyuFj.exe
  C:\Windows\System\VhxyuFj.exe
  2⤵
  PID:8956
- C:\Windows\System\iyElPgm.exe
  C:\Windows\System\iyElPgm.exe
  2⤵
  PID:9000
- C:\Windows\System\NkvLNtr.exe
  C:\Windows\System\NkvLNtr.exe
  2⤵
  PID:9012
- C:\Windows\System\hunKVBE.exe
  C:\Windows\System\hunKVBE.exe
  2⤵
  PID:9036
- C:\Windows\System\PINjRMW.exe
  C:\Windows\System\PINjRMW.exe
  2⤵
  PID:9052
- C:\Windows\System\cPpLsoR.exe
  C:\Windows\System\cPpLsoR.exe
  2⤵
  PID:9076
- C:\Windows\System\pymcCWZ.exe
  C:\Windows\System\pymcCWZ.exe
  2⤵
  PID:9136
- C:\Windows\System\MUnmTcf.exe
  C:\Windows\System\MUnmTcf.exe
  2⤵
  PID:9104
- C:\Windows\System\ktCtmpF.exe
  C:\Windows\System\ktCtmpF.exe
  2⤵
  PID:9144
- C:\Windows\System\rXsbwig.exe
  C:\Windows\System\rXsbwig.exe
  2⤵
  PID:9160
- C:\Windows\System\hlbcNaU.exe
  C:\Windows\System\hlbcNaU.exe
  2⤵
  PID:9176
- C:\Windows\System\jiXrmsA.exe
  C:\Windows\System\jiXrmsA.exe
  2⤵
  PID:8328
- C:\Windows\System\AwTCSog.exe
  C:\Windows\System\AwTCSog.exe
  2⤵
  PID:8248
- C:\Windows\System\PdLhASd.exe
  C:\Windows\System\PdLhASd.exe
  2⤵
  PID:7396
- C:\Windows\System\iFxyTJc.exe
  C:\Windows\System\iFxyTJc.exe
  2⤵
  PID:8496
- C:\Windows\System\kDGVMMP.exe
  C:\Windows\System\kDGVMMP.exe
  2⤵
  PID:8364
- C:\Windows\System\tGSynRs.exe
  C:\Windows\System\tGSynRs.exe
  2⤵
  PID:8684
- C:\Windows\System\kNphPYE.exe
  C:\Windows\System\kNphPYE.exe
  2⤵
  PID:8652
- C:\Windows\System\fKaFuZa.exe
  C:\Windows\System\fKaFuZa.exe
  2⤵
  PID:8932
- C:\Windows\System\AngMEkT.exe
  C:\Windows\System\AngMEkT.exe
  2⤵
  PID:9020
- C:\Windows\System\TaAugXN.exe
  C:\Windows\System\TaAugXN.exe
  2⤵
  PID:9048
- C:\Windows\System\sDyWSjS.exe
  C:\Windows\System\sDyWSjS.exe
  2⤵
  PID:9100
- C:\Windows\System\eJXCnfP.exe
  C:\Windows\System\eJXCnfP.exe
  2⤵
  PID:9180
- C:\Windows\System\ZftBVqo.exe
  C:\Windows\System\ZftBVqo.exe
  2⤵
  PID:9196
- C:\Windows\System\stWCeNi.exe
  C:\Windows\System\stWCeNi.exe
  2⤵
  PID:8560
- C:\Windows\System\lsYaESI.exe
  C:\Windows\System\lsYaESI.exe
  2⤵
  PID:8380
- C:\Windows\System\JFlLyUC.exe
  C:\Windows\System\JFlLyUC.exe
  2⤵
  PID:8928
- C:\Windows\System\qYwVHwy.exe
  C:\Windows\System\qYwVHwy.exe
  2⤵
  PID:8316
- C:\Windows\System\KDapovw.exe
  C:\Windows\System\KDapovw.exe
  2⤵
  PID:8828
- C:\Windows\System\uIoBRGv.exe
  C:\Windows\System\uIoBRGv.exe
  2⤵
  PID:9008
- C:\Windows\System\oABnOdK.exe
  C:\Windows\System\oABnOdK.exe
  2⤵
  PID:9184
- C:\Windows\System\vmQaZVh.exe
  C:\Windows\System\vmQaZVh.exe
  2⤵
  PID:8700
- C:\Windows\System\ueZRSUj.exe
  C:\Windows\System\ueZRSUj.exe
  2⤵
  PID:8724
- C:\Windows\System\ALkMlbr.exe
  C:\Windows\System\ALkMlbr.exe
  2⤵
  PID:8296
- C:\Windows\System\iCzINkY.exe
  C:\Windows\System\iCzINkY.exe
  2⤵
  PID:8912
- C:\Windows\System\lmtaExC.exe
  C:\Windows\System\lmtaExC.exe
  2⤵
  PID:9084
- C:\Windows\System\pHzIknM.exe
  C:\Windows\System\pHzIknM.exe
  2⤵
  PID:9156
- C:\Windows\System\Yclmugc.exe
  C:\Windows\System\Yclmugc.exe
  2⤵
  PID:8916
- C:\Windows\System\JgVWxdz.exe
  C:\Windows\System\JgVWxdz.exe
  2⤵
  PID:8348
- C:\Windows\System\hlHodLy.exe
  C:\Windows\System\hlHodLy.exe
  2⤵
  PID:8284
- C:\Windows\System\VsmAowq.exe
  C:\Windows\System\VsmAowq.exe
  2⤵
  PID:8416
- C:\Windows\System\cBrNXTj.exe
  C:\Windows\System\cBrNXTj.exe
  2⤵
  PID:8368
- C:\Windows\System\RokHSJV.exe
  C:\Windows\System\RokHSJV.exe
  2⤵
  PID:9192
- C:\Windows\System\NmmdTfB.exe
  C:\Windows\System\NmmdTfB.exe
  2⤵
  PID:8980
- C:\Windows\System\OmLKKUF.exe
  C:\Windows\System\OmLKKUF.exe
  2⤵
  PID:8968
- C:\Windows\System\lrgxCJC.exe
  C:\Windows\System\lrgxCJC.exe
  2⤵
  PID:8556
- C:\Windows\System\EKnjtpL.exe
  C:\Windows\System\EKnjtpL.exe
  2⤵
  PID:9132
- C:\Windows\System\zLmGbBW.exe
  C:\Windows\System\zLmGbBW.exe
  2⤵
  PID:8448
- C:\Windows\System\BDXNsJf.exe
  C:\Windows\System\BDXNsJf.exe
  2⤵
  PID:8576
- C:\Windows\System\ISBmSZF.exe
  C:\Windows\System\ISBmSZF.exe
  2⤵
  PID:8444
- C:\Windows\System\opoLElu.exe
  C:\Windows\System\opoLElu.exe
  2⤵
  PID:8840
- C:\Windows\System\WIEwjzs.exe
  C:\Windows\System\WIEwjzs.exe
  2⤵
  PID:7592
- C:\Windows\System\KavBqsM.exe
  C:\Windows\System\KavBqsM.exe
  2⤵
  PID:9128
- C:\Windows\System\rHkFhUH.exe
  C:\Windows\System\rHkFhUH.exe
  2⤵
  PID:8852
- C:\Windows\System\ycKgNFW.exe
  C:\Windows\System\ycKgNFW.exe
  2⤵
  PID:7972
- C:\Windows\System\uhMwsfq.exe
  C:\Windows\System\uhMwsfq.exe
  2⤵
  PID:9220
- C:\Windows\System\tWtRsFi.exe
  C:\Windows\System\tWtRsFi.exe
  2⤵
  PID:9236
- C:\Windows\System\zHMCtQQ.exe
  C:\Windows\System\zHMCtQQ.exe
  2⤵
  PID:9252
- C:\Windows\System\BbgBiWT.exe
  C:\Windows\System\BbgBiWT.exe
  2⤵
  PID:9268
- C:\Windows\System\GAGRxGT.exe
  C:\Windows\System\GAGRxGT.exe
  2⤵
  PID:9284
- C:\Windows\System\tMbFHam.exe
  C:\Windows\System\tMbFHam.exe
  2⤵
  PID:9300
- C:\Windows\System\qvWVXAs.exe
  C:\Windows\System\qvWVXAs.exe
  2⤵
  PID:9316
- C:\Windows\System\ADelxzU.exe
  C:\Windows\System\ADelxzU.exe
  2⤵
  PID:9332
- C:\Windows\System\QExlEga.exe
  C:\Windows\System\QExlEga.exe
  2⤵
  PID:9352
- C:\Windows\System\wVfjYtK.exe
  C:\Windows\System\wVfjYtK.exe
  2⤵
  PID:9368
- C:\Windows\System\KjGFIAv.exe
  C:\Windows\System\KjGFIAv.exe
  2⤵
  PID:9384
- C:\Windows\System\EyYkevI.exe
  C:\Windows\System\EyYkevI.exe
  2⤵
  PID:9404
- C:\Windows\System\ymROlng.exe
  C:\Windows\System\ymROlng.exe
  2⤵
  PID:9420
- C:\Windows\System\MDjiJmU.exe
  C:\Windows\System\MDjiJmU.exe
  2⤵
  PID:9436
- C:\Windows\System\tbHkdFt.exe
  C:\Windows\System\tbHkdFt.exe
  2⤵
  PID:9452
- C:\Windows\System\lpqdlbn.exe
  C:\Windows\System\lpqdlbn.exe
  2⤵
  PID:9468
- C:\Windows\System\qtFADHn.exe
  C:\Windows\System\qtFADHn.exe
  2⤵
  PID:9484
- C:\Windows\System\BrWdPvk.exe
  C:\Windows\System\BrWdPvk.exe
  2⤵
  PID:9504
- C:\Windows\System\gKbGxGO.exe
  C:\Windows\System\gKbGxGO.exe
  2⤵
  PID:9520
- C:\Windows\System\qGPeKdW.exe
  C:\Windows\System\qGPeKdW.exe
  2⤵
  PID:9536
- C:\Windows\System\EjAhLLm.exe
  C:\Windows\System\EjAhLLm.exe
  2⤵
  PID:9556
- C:\Windows\System\MULantQ.exe
  C:\Windows\System\MULantQ.exe
  2⤵
  PID:9572
- C:\Windows\System\SRfipAz.exe
  C:\Windows\System\SRfipAz.exe
  2⤵
  PID:9588
- C:\Windows\System\PzIqxLN.exe
  C:\Windows\System\PzIqxLN.exe
  2⤵
  PID:9640
- C:\Windows\System\LGhzzKB.exe
  C:\Windows\System\LGhzzKB.exe
  2⤵
  PID:9664
- C:\Windows\System\rAEYRcy.exe
  C:\Windows\System\rAEYRcy.exe
  2⤵
  PID:9688
- C:\Windows\System\HEYcoxO.exe
  C:\Windows\System\HEYcoxO.exe
  2⤵
  PID:9704
- C:\Windows\System\APOllsq.exe
  C:\Windows\System\APOllsq.exe
  2⤵
  PID:9724
- C:\Windows\System\DMVKGab.exe
  C:\Windows\System\DMVKGab.exe
  2⤵
  PID:9740
- C:\Windows\System\IlzccDE.exe
  C:\Windows\System\IlzccDE.exe
  2⤵
  PID:9756
- C:\Windows\System\JEhQrff.exe
  C:\Windows\System\JEhQrff.exe
  2⤵
  PID:9772
- C:\Windows\System\YNVcRXM.exe
  C:\Windows\System\YNVcRXM.exe
  2⤵
  PID:9788
- C:\Windows\System\RbWCnqo.exe
  C:\Windows\System\RbWCnqo.exe
  2⤵
  PID:9804
- C:\Windows\System\AfCTLqV.exe
  C:\Windows\System\AfCTLqV.exe
  2⤵
  PID:9820
- C:\Windows\System\NtDHoSW.exe
  C:\Windows\System\NtDHoSW.exe
  2⤵
  PID:9836
- C:\Windows\System\lustaBx.exe
  C:\Windows\System\lustaBx.exe
  2⤵
  PID:9852
- C:\Windows\System\CbGlcpe.exe
  C:\Windows\System\CbGlcpe.exe
  2⤵
  PID:9868
- C:\Windows\System\FbboRRc.exe
  C:\Windows\System\FbboRRc.exe
  2⤵
  PID:9884
- C:\Windows\System\DJnRoXF.exe
  C:\Windows\System\DJnRoXF.exe
  2⤵
  PID:9900
- C:\Windows\System\DRjxzHn.exe
  C:\Windows\System\DRjxzHn.exe
  2⤵
  PID:9916
- C:\Windows\System\NOHYDWk.exe
  C:\Windows\System\NOHYDWk.exe
  2⤵
  PID:9932
- C:\Windows\System\mzaiGhA.exe
  C:\Windows\System\mzaiGhA.exe
  2⤵
  PID:9948
- C:\Windows\System\DbRHnHA.exe
  C:\Windows\System\DbRHnHA.exe
  2⤵
  PID:9964
- C:\Windows\System\rQQCEbK.exe
  C:\Windows\System\rQQCEbK.exe
  2⤵
  PID:9980
- C:\Windows\System\sTcgjdA.exe
  C:\Windows\System\sTcgjdA.exe
  2⤵
  PID:9996
- C:\Windows\System\gHJczDX.exe
  C:\Windows\System\gHJczDX.exe
  2⤵
  PID:10012
- C:\Windows\System\LYbEdOQ.exe
  C:\Windows\System\LYbEdOQ.exe
  2⤵
  PID:10028
- C:\Windows\System\pikLSLl.exe
  C:\Windows\System\pikLSLl.exe
  2⤵
  PID:10044
- C:\Windows\System\MaBODfP.exe
  C:\Windows\System\MaBODfP.exe
  2⤵
  PID:10064
- C:\Windows\System\dkArnmH.exe
  C:\Windows\System\dkArnmH.exe
  2⤵
  PID:10080
- C:\Windows\System\oWzmPdH.exe
  C:\Windows\System\oWzmPdH.exe
  2⤵
  PID:10096
- C:\Windows\System\JvpMHyX.exe
  C:\Windows\System\JvpMHyX.exe
  2⤵
  PID:10112
- C:\Windows\System\WBFGtro.exe
  C:\Windows\System\WBFGtro.exe
  2⤵
  PID:10128
- C:\Windows\System\qOOKdVF.exe
  C:\Windows\System\qOOKdVF.exe
  2⤵
  PID:10144
- C:\Windows\System\WNKQLba.exe
  C:\Windows\System\WNKQLba.exe
  2⤵
  PID:10160
- C:\Windows\System\bNLFrUO.exe
  C:\Windows\System\bNLFrUO.exe
  2⤵
  PID:10176
- C:\Windows\System\ppbbeGv.exe
  C:\Windows\System\ppbbeGv.exe
  2⤵
  PID:10192
- C:\Windows\System\JwdPcBd.exe
  C:\Windows\System\JwdPcBd.exe
  2⤵
  PID:10208
- C:\Windows\System\bJGAMWf.exe
  C:\Windows\System\bJGAMWf.exe
  2⤵
  PID:10224
- C:\Windows\System\HNorRam.exe
  C:\Windows\System\HNorRam.exe
  2⤵
  PID:8940
- C:\Windows\System\EnTAVTG.exe
  C:\Windows\System\EnTAVTG.exe
  2⤵
  PID:9116
- C:\Windows\System\xKvlmyJ.exe
  C:\Windows\System\xKvlmyJ.exe
  2⤵
  PID:9244
- C:\Windows\System\ZkawQxZ.exe
  C:\Windows\System\ZkawQxZ.exe
  2⤵
  PID:9260
- C:\Windows\System\QnfhPpe.exe
  C:\Windows\System\QnfhPpe.exe
  2⤵
  PID:9296
- C:\Windows\System\LdERVQC.exe
  C:\Windows\System\LdERVQC.exe
  2⤵
  PID:9360
- C:\Windows\System\UzKYhFQ.exe
  C:\Windows\System\UzKYhFQ.exe
  2⤵
  PID:9396
- C:\Windows\System\EFPYYaH.exe
  C:\Windows\System\EFPYYaH.exe
  2⤵
  PID:9400
- C:\Windows\System\dCteGPB.exe
  C:\Windows\System\dCteGPB.exe
  2⤵
  PID:9376
- C:\Windows\System\DxqlHOi.exe
  C:\Windows\System\DxqlHOi.exe
  2⤵
  PID:9444
- C:\Windows\System\IbKMNAu.exe
  C:\Windows\System\IbKMNAu.exe
  2⤵
  PID:9500
- C:\Windows\System\KiQJHgR.exe
  C:\Windows\System\KiQJHgR.exe
  2⤵
  PID:9476
- C:\Windows\System\NkdIVDb.exe
  C:\Windows\System\NkdIVDb.exe
  2⤵
  PID:9544
- C:\Windows\System\hZGemAH.exe
  C:\Windows\System\hZGemAH.exe
  2⤵
  PID:9568
- C:\Windows\System\RmsUyqQ.exe
  C:\Windows\System\RmsUyqQ.exe
  2⤵
  PID:9636
- C:\Windows\System\aOOpfMk.exe
  C:\Windows\System\aOOpfMk.exe
  2⤵
  PID:9620
- C:\Windows\System\PMVeLzS.exe
  C:\Windows\System\PMVeLzS.exe
  2⤵
  PID:9648
- C:\Windows\System\IoBeKVf.exe
  C:\Windows\System\IoBeKVf.exe
  2⤵
  PID:9680
- C:\Windows\System\JETHvXB.exe
  C:\Windows\System\JETHvXB.exe
  2⤵
  PID:9652
- C:\Windows\System\hfRPeDa.exe
  C:\Windows\System\hfRPeDa.exe
  2⤵
  PID:9700
- C:\Windows\System\mzTFMFt.exe
  C:\Windows\System\mzTFMFt.exe
  2⤵
  PID:9752
- C:\Windows\System\bOaiYge.exe
  C:\Windows\System\bOaiYge.exe
  2⤵
  PID:9844
- C:\Windows\System\RpSLqEE.exe
  C:\Windows\System\RpSLqEE.exe
  2⤵
  PID:9908
- C:\Windows\System\egvMpGM.exe
  C:\Windows\System\egvMpGM.exe
  2⤵
  PID:9976
- C:\Windows\System\ujCxjOD.exe
  C:\Windows\System\ujCxjOD.exe
  2⤵
  PID:10008
- C:\Windows\System\ylOhjrV.exe
  C:\Windows\System\ylOhjrV.exe
  2⤵
  PID:9832
- C:\Windows\System\VLNiTaX.exe
  C:\Windows\System\VLNiTaX.exe
  2⤵
  PID:9768
- C:\Windows\System\fmWPWhP.exe
  C:\Windows\System\fmWPWhP.exe
  2⤵
  PID:10052
- C:\Windows\System\UYUNChS.exe
  C:\Windows\System\UYUNChS.exe
  2⤵
  PID:9924
- C:\Windows\System\AKEOzXh.exe
  C:\Windows\System\AKEOzXh.exe
  2⤵
  PID:9988
- C:\Windows\System\gNmvDlw.exe
  C:\Windows\System\gNmvDlw.exe
  2⤵
  PID:10072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AxvNnCU.exe

Filesize
6.0MB

MD5
befe7c891a48ae215043ffffb30c4c4e

SHA1
bef7a4087b5a6fc554f52f5ce51ec0b9a20c113f

SHA256
a87656fecd10f6138071592dd073a7adc993be0add962980e7aa2ec48441c9a8

SHA512
5b394fbab76741a2ef3c8cb6332a174d9bc78e73a76453f2e213b8a82d94192e1be0e6a8ae114e3fa47d569e23beb2f864711421c12e8ad7a755187e494d5ca1

Download Submit
C:\Windows\system\CFWjtBW.exe

Filesize
6.0MB

MD5
1546190336e3cf4facf2090dcb7a9b34

SHA1
8f5c57cca1e889e98f259308740e8057cf5cac1a

SHA256
0caad0a955b91b4f398a066fa0d70ab52dfde7590489b63333d48d27ba43821f

SHA512
ed518a55ae98d2a736485c611e95003cb721550b903753477b8967dfb2681aee6832730f6ca542f61c2f0857c51b3d514739294a52278f2d5661256b67b94f1f

Download Submit
C:\Windows\system\GxlgVeI.exe

Filesize
6.0MB

MD5
0b0874582cad439010e1f234400a82f8

SHA1
21085118309a533c9bbcd61f1f137111d466673d

SHA256
97495786df10c275990ae87460ac1ca987e95f1ca72105001ab33cf803966860

SHA512
7272eced31f0ceb02b29e241c13c32548029eb661dd5d6f42dfd4709ec812896a50220731e42578063e182ae836c78dbb9e0de86779f974a4187c2f53fc2e1a8

Download Submit
C:\Windows\system\HUJCLUH.exe

Filesize
6.0MB

MD5
3ca17d93cc176c9477d3fc76faabf3a5

SHA1
b453f335100188b9d554467d7f8e1af2cb6e4bc6

SHA256
155f1b1dc816152ab386bf72f50a8787be97ab6411750766e59b4ab714180822

SHA512
64760263e5fadef5b4aed368b92c39e7091a4dde6db1448ed5fb42eb0d9b0d4010b59cbe5789e26aa94023d5a6a464a8f1fb5a5030b5e0561589aff5a26b0b57

Download Submit
C:\Windows\system\HwNuqzQ.exe

Filesize
6.0MB

MD5
3a57218a23094a2e3632934d34f0d31f

SHA1
85d0d555abf2384dc21505281de1505e345ec1d7

SHA256
f347444d6c1701e44d5cb9c7ec1380be5563c2afb34970586e0506d126d2b2f0

SHA512
f04cb6b15bf5af2433866d7d3982388b26d714f41a9107e3f96b9d9872005f3454d9a6f59816b6f9d75eda8a1896f5d10743a8e927165b1d289cec9b82d8ffa8

Download Submit
C:\Windows\system\IXKWYrg.exe

Filesize
6.0MB

MD5
c9d9430d4ee970c42751eb1af67e1875

SHA1
ac7b63b33a1301445bc811f162277df692b99e7c

SHA256
6cbbd92fc20e9f441fc4995fdd920664d95edda6d7268819d27d0d8da8ca9659

SHA512
c3dc30503b17257cbddb8ad3ac0ab11f50b48e65fa33b598c4f43bbf6de4043beb44b9dcaf43d3dfeda134f98cec349dbde3f40194361183e9624b289dae1a5f

Download Submit
C:\Windows\system\JMuVwJc.exe

Filesize
6.0MB

MD5
7d00b6ba926e65d6c49ef43c5be52b80

SHA1
607cb5a4ba26ec3eff7a069c6e3f32c2061dcbc2

SHA256
c34d1609bbf18031ea3fb9626eccdd9a8636187a922481d609f7e88562d4ba5b

SHA512
fd2e868ea4649565f29380a800a8acc499cb169dab6426f64f0ab171077dbb2131f3e16ab0db85cefab24ed2f5ea01f0854355d5f156f5fee2800ad904ae8055

Download Submit
C:\Windows\system\MQUKBUG.exe

Filesize
6.0MB

MD5
595e29d8dfd87bd65904a229d2ab3917

SHA1
bc871cbee6f192e950fb771971b4d3cb0ccb9d93

SHA256
2e0bdab87510c3100aa549b55bec1131aea64dcb7be1766fd18b84362fec287e

SHA512
ecdbf729870e54239e63497c897457f586ed42aff6e179a52462c2448e999b1c24c237fd15441ef9c8152c760b8bebe48f364ee2eb4d594d14215d7508773bac

Download Submit
C:\Windows\system\PMSJLOa.exe

Filesize
6.0MB

MD5
c2c333b2052f56480ebb5b3cb11ed6b8

SHA1
feada73690be9ce47b2808056552cea07bf65b8e

SHA256
7e4b9d88c7d3429908f3d040b69b32c4b3ac355b4b4b53ee230e77d2556fa078

SHA512
071b8486113b19a57fc595805d241a559f81d8eeb6ef1e8cf0f2f0d26ecbfb2a4cc0215ae4e513b895f39c2efcf7b8fb891a72bb6713a3222029536bf257a860

Download Submit
C:\Windows\system\PvOeqqk.exe

Filesize
6.0MB

MD5
0b653d1f380737e63539343e09e486c5

SHA1
75a7cfabc3a1f745ebae5cbbc50e0601004f32bf

SHA256
b1843c3afe049dbc5feced7f07bdeaf46cb9dc0ffcd336004cccad79054ce44a

SHA512
a82cd34ad4f16a9806b8359f8ccba5454a72fd30d9e0af7558b962f5e513ef87e9c659b317971d61797994f0139cd5abe74e0ecb7ab27e08c91cc7de951080a9

Download Submit
C:\Windows\system\QhadpSt.exe

Filesize
6.0MB

MD5
09b5440d1733ae7d38d8ae159d2424ae

SHA1
556d134258d3ebf57101b0185c673380c1d64157

SHA256
cea88bc14644607e0156758e20db904cd7969683bfa773582d36191edec91d62

SHA512
8ff8bcff0cc596ba1fd8b5cf337906771779cdcd26288614b5cefec845e9494072467dc0a9f795459e12d0b1763e2f15e49e85c1a94c6493cbbe58544db92323

Download Submit
C:\Windows\system\RTmirLi.exe

Filesize
6.0MB

MD5
d9383a22df1dc1e36b42434071a9dd9f

SHA1
a53816792958c5a78ccaec14cf810238382df2da

SHA256
4444003d7a300ec2c523efd32cb5f8290d837441897b45387a982279718af49a

SHA512
1a95bf80e1a99116e003491ae57a7876b60e38e56f613ddaa4f377c9a9c26b8c746d6a4723d19d983b4668c58e3a7a8e6c0adf0cdc4db6dfede704d3c0698ed4

Download Submit
C:\Windows\system\UJEbwqZ.exe

Filesize
6.0MB

MD5
6acdeea91849f2e134ea2f709815e3d9

SHA1
07b06e17781ce84f3a6d3665371f265474155280

SHA256
fb2473cce1a17b5a6c1bd5cb0a570f674f0ccefea940fa46234ef672d20a62b2

SHA512
cd5b6235bba67107d72b940411e640616f5f402a6fcc25267fd089c772ad2d25dfc5e6f175eabb64aa9f57899f1d033a87ddaceaa19883f26da71d25bb461d2c

Download Submit
C:\Windows\system\ZaEzKrH.exe

Filesize
6.0MB

MD5
7a84a0626ded954c70e26d8898f800ee

SHA1
2f19b4f990cda4cddbb02c878aac454aea2e9641

SHA256
c9f6da70ca95a202c117e9aa7751e3c1eeb1ef7a6f8fe033cdb0117087a659e3

SHA512
d1dcf0d3d4804179b020d8cc0d44db9b3a2cc0630c5cfab7e2bb3aa90663d459be4530d89790566b1514080789a2d9b5a1e0c7f864a35e1b3863b4a803aaff21

Download Submit
C:\Windows\system\ZlbpWuI.exe

Filesize
6.0MB

MD5
dd0539a145dc890f9ee2d61b888ab614

SHA1
4d59a21f52e43653a5f53b71819b8ac8457a702d

SHA256
da026fc977f32c5aede04498fa041514f6f451e2296cf9019a4471b3889aa189

SHA512
7f02af69afa6fc4c101f621e3a21704bdec8be993c25d8d983bcd3200739df38af43811493f1320cd28210b2cfda395927b0727533ee72133b50d18fa09e4e17

Download Submit
C:\Windows\system\eoDwunm.exe

Filesize
6.0MB

MD5
d91aa0996aef7464c7de2b2f9c97df16

SHA1
f894770b55b1c37c44f893eb30491f811bbf940d

SHA256
2e8208cd7f8a8d9a540c4a4c11b5ed1883ba13eee826b949d4b05396c281176c

SHA512
1f72b2615373438d976cf66c3e8451bd6131bf8e1ad1c58da4d9d70ed417cd594e3bbde965be1d2911e5c4a80a9aa127166171f6646b4d3af600c451b3684d61

Download Submit
C:\Windows\system\eunzvdO.exe

Filesize
6.0MB

MD5
4f99f7cc81e802f523d6cf3b0bb30948

SHA1
bd6407a9c1aa47492dd7a1aefe865231ef710aac

SHA256
31bfa11a093e3d645505da2bc45bec4bb5c100f03f2250baf55d050e01dac0f5

SHA512
0d2f5dcbf746427a30a27fd6291bc38b8f0e48c07dafa9e240216aa5c0144a9a01c0105aaf64e01dce304a31c3a95786f037e493b706eec135891498855c0ab1

Download Submit
C:\Windows\system\gFTtdWh.exe

Filesize
6.0MB

MD5
08a22113aeeacc2ac28a0b70cb8b46b9

SHA1
b87a85c4b541a5dc9b01bb12daa7efaeec175f22

SHA256
07d1b846fa9409b28ef269f18bd78b59f2b41887c181771a46807f31b1175251

SHA512
67452c65f9f0744b20a9625b020dbd447347cc9c4afe97c01352e5250f62f1ccc0b022f6173ec66c02995deeadb47d5895861e81117d6abadb2de638362c6f72

Download Submit
C:\Windows\system\gRNguGQ.exe

Filesize
6.0MB

MD5
c31dd337cdceb341dd15ed9dcd6c5fd6

SHA1
2cb68c0929ac7f9479c6918ccf45d83199706b8b

SHA256
826506b712a29c57a7dabbc0e376d84b2aa2884afb5c78c2c4a84f37102a74c7

SHA512
31ef2b77ee38d18afed7c5d7056381074ae1cf4bdfaa9985512e487ae08250ffaba622c02c85fa06668292362f5d3514f2bc253e26edb4eae7e4e43f8acb56e6

Download Submit
C:\Windows\system\hmwFQfD.exe

Filesize
6.0MB

MD5
3ce65133e11e4ea987358382cdb168d0

SHA1
3e6e024d31ed3669156fe477b7ff624ff92ea164

SHA256
e460786ebfefe35263a99d3c1e6ecdd1558c90e167790eb679667c4e5b4d5488

SHA512
82d81a4ef8f64c5dc6012506aee27aaea2587fdb6385a85ced0937a66ae0a712ef16380c91922eddf368db779e80e5683d7880a443d3d5db3cbd40edc8aac179

Download Submit
C:\Windows\system\iCuWTtd.exe

Filesize
6.0MB

MD5
35440dba583132a0e885d32bee2d3462

SHA1
191c84b8ee548f5cb588dca90eb197354ea48633

SHA256
79507aa67b263fa20c6a6be54cfacdcd1573193b7336ec500f33d9cece98e884

SHA512
07b2984ecbd3756a06d7b6d43a465c0bc03539eaa928424872806f347d213b2a06163873ed42e7aa565398afb21040c31aa7aff76a2638c19328fee5fa2556cd

Download Submit
C:\Windows\system\iXUezyy.exe

Filesize
6.0MB

MD5
db59067203aea5a07154d72ae3c1ea65

SHA1
f38eae0754efe09c35bd6ae671907307059612b0

SHA256
38ded208e3d59d82cb870b63ac46844dccb32b3f01d215c1551161b6727e43ac

SHA512
fa6c103628ae4ce25bd0a21fa0b1d9177a467873740b74fcb539c56c860dde886522d570f74d280ba48c17457354155d54775cb90813196c678617b1b9b68af0

Download Submit
C:\Windows\system\jPGqAcD.exe

Filesize
6.0MB

MD5
7ced23eaebd59dff8172f6748771ee9e

SHA1
912fb1c8740d21400e24d7810352b16046a15204

SHA256
68e801aa26e3d9e43f7231c6f5b71b9f72076a717b9e9301697d7c59f7c81f10

SHA512
c41de6d6b4bf6489e42dcf8a8f583cc36d7b99fb4bae92a151fa7c71f64e06fea2fe9ed91cc5ecc972ba3735d3162fad61e844a9f2299437e441c4b92e982aec

Download Submit
C:\Windows\system\lbDQgUF.exe

Filesize
6.0MB

MD5
768f996086d0c047f225bae153c16282

SHA1
6b3818e5135879bccc20992c3ca7c7904bf8dc69

SHA256
d3951dcb4da683c06986bd5c83f401cd10f91680fdd0c732b7d622eba04176de

SHA512
c842205b3028f767fb7ec4a4a6e432a08155a1915073e0ddfa738b5c3c2fb330c1ba92b66dc8584526d8880179b77097e33baca14ce03921b0b7884660aed97b

Download Submit
C:\Windows\system\nsKFfRG.exe

Filesize
6.0MB

MD5
e4306459c9c4cee03332ad0f2a7b8dea

SHA1
40f7bd3fb014f16358998bfce7a45ae7a30aa54e

SHA256
250d52b103b0539bdab4fe58b81ed74569bce4d574a7c34870b6d9eb5b4c391c

SHA512
aa083dd0fed3d3df3f1f97712f4bd042abf5fa9bc15b28e126116292796b566831b46f3fed16a35fb32fb7d162ee07a271930839806b3fe0675737cde9cdf95c

Download Submit
C:\Windows\system\obtYRVL.exe

Filesize
6.0MB

MD5
69a75aa5536d337b9bdbb9e813c9003d

SHA1
1916391b73332f68f5583303d5dd3754a0b5bff5

SHA256
72a8c0d849fa7f848d62ebfbd7a3c8cffc3524d438b85ee3049e8ffc02ee83b9

SHA512
e2cc1a0f407e9e3b9b635c6a187fc28f18aa99c1aadb0e580438b8dc5570df9a20d7fb3fee8101b4f8b56f74042dde49a0c82097ed183571c679fd1b1063b89b

Download Submit
C:\Windows\system\okbWkoL.exe

Filesize
6.0MB

MD5
bdc15f3f1ef1f1396266cae347a2b7c3

SHA1
daa96f8ea0a50b8d8babec500ea2723bc01e4d40

SHA256
525a160770d11faea358c679c97cedcf59de7832ee061fe37bb2ecd1a1a6b689

SHA512
4db141e9b897d3c55499f741e9c35aad5dd3bed2789ae176a478645b1eec7d1054f6d5f5e4a96fed59ebe7143ac019702ea2b9ca7bf2952ff580c5c7c621e4c9

Download Submit
C:\Windows\system\rGgtJlD.exe

Filesize
6.0MB

MD5
9a4f8e5c842eafed2cc1828e9605810a

SHA1
b0f16e092f2ed6f2d91920592495c65a98dec5c3

SHA256
58cc68fe9351e1ac7d8264d08d299d5094ff8dfb2aab09d3bec0171d6e012e10

SHA512
90b782746b9e31e7f524128ad934dd1b70f5e7ae962b894ba5e8fcd593d12a824463c30de28bdd36b137bc7b6c7124eeb1c5ea40ad908b1344673cdb4ff8e7ef

Download Submit
C:\Windows\system\smLonQt.exe

Filesize
6.0MB

MD5
c581b941d15994d1a961b659e1236fc4

SHA1
0e14070269907a246569ad6d1c817fccf08c569e

SHA256
48f6babdebc4d9eb93c28c991f9a358ac0a4a1314520994dc695cc8845f5f796

SHA512
4cc5c910eb4ec53897387b0db51b704e312e41aa37f39c76c2ad5b0d1b49d66f3cfccdff725c519351bd36fe65a9199d345a97fed1334154c4b8331309ef3b83

Download Submit
C:\Windows\system\vCwcqoJ.exe

Filesize
6.0MB

MD5
6fdead1e9c38e598db95db769c4ca258

SHA1
2a8833b25a932045527cfcee3fcb7449586f6963

SHA256
61644ed43b9cedacab41287131b94909fe639af8d4d6ea7be2eb0f19a10ba61a

SHA512
748d11f215753e1562a961f80591b7e9f11fdb07c31a513bfe3f1111d9d3d1f1813e81deddbf714c53baa805f318f599adedd350cdf3ca30b8b3c04decbd95f5

Download Submit
C:\Windows\system\vmrcSZQ.exe

Filesize
6.0MB

MD5
37db3ce430d00fb2c11d8f1ae27cd73e

SHA1
6cb778ff3f8589306acb40cfee2e82a4073b64bd

SHA256
9810fa116707e7c6fb1af8a1270773ae73ac5376be78b31f4a5f54632a231bcf

SHA512
a0313445b39a23089e8ccab96419a97528b392bf86f51562b7c52fd1e86a38b4bf154dbfedc03fe51d05d152562e2ef0bc9408b383ff1ff59e211ed090caf0cc

Download Submit
\Windows\system\bhOxUwD.exe

Filesize
6.0MB

MD5
5b162cefe5bd1f5f67ccda61451d49aa

SHA1
26bfeb0f28329995757364a8975985ebafbc2c5a

SHA256
f63bb62a3f4bc703d912bcf99aad4dd7c46968a732b7c394e187e7506b4b1f1e

SHA512
5bae91c4c17ff0c5345bb845d06270a65a2003baedc44eba22bb8e429f30e374f3267b7aa29287aed3cc6077e3f5e47104117c7bede441ee911954e4b0032b63

Download Submit
memory/632-3455-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/632-1938-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-1367-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1152-3460-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-3453-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1364-821-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-3459-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1836-2001-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-975-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-3461-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2699-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1271-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-881-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2348-1106-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2003-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2002-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2348-756-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1180-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1368-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1943-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-976-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1868-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2666-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1788-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2659-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1781-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2678-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1760-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2724-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1468-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2554-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2615-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2629-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2652-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2700-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2681-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2348-0-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2698-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2691-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2675-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-2686-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3454-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2576-1776-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1786-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3448-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1105-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3457-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2708-1270-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3451-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-880-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3449-0x000000013FAD0000-0x000000013FE24000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3452-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-1467-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1662-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3450-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2928-3458-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-1179-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3456-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/3000-1866-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download