cobaltstrike | 053119f87a0f4859008b2e3ba0abe4cbd32857d72a85a32a522cc8c8cc9767c0

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-11-2024 13:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7a33799782b2447965df0b41f1b88ddd
SHA1

68e4d666035c0783c163d07e2053783d0cfda2bc
SHA256

053119f87a0f4859008b2e3ba0abe4cbd32857d72a85a32a522cc8c8cc9767c0
SHA512

1f0e052dddf3147a29f942a35c94804e9565268948145f06d008ff9b96157576792fd814abd15344173a3b496498ef386721d7aa637af2ba80162f6d9dd5fad3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\mKMLXjs.exe	cobalt_reflective_dll
\Windows\system\cffKgYU.exe	cobalt_reflective_dll
\Windows\system\TXkTdfl.exe	cobalt_reflective_dll
C:\Windows\system\XfdfqWG.exe	cobalt_reflective_dll
C:\Windows\system\YXrBcpu.exe	cobalt_reflective_dll
C:\Windows\system\pSiJLsH.exe	cobalt_reflective_dll
\Windows\system\bVpLAhb.exe	cobalt_reflective_dll
C:\Windows\system\scyiawI.exe	cobalt_reflective_dll
\Windows\system\JvgQmBA.exe	cobalt_reflective_dll
\Windows\system\tPhqITD.exe	cobalt_reflective_dll
\Windows\system\CglBBRP.exe	cobalt_reflective_dll
\Windows\system\MGhQVxc.exe	cobalt_reflective_dll
\Windows\system\jESfNay.exe	cobalt_reflective_dll
C:\Windows\system\ooruxIZ.exe	cobalt_reflective_dll
\Windows\system\krOUIfz.exe	cobalt_reflective_dll
C:\Windows\system\cRqKZhp.exe	cobalt_reflective_dll
C:\Windows\system\vnmesan.exe	cobalt_reflective_dll
C:\Windows\system\REamNiV.exe	cobalt_reflective_dll
C:\Windows\system\bhXAprq.exe	cobalt_reflective_dll
C:\Windows\system\vVewXkR.exe	cobalt_reflective_dll
C:\Windows\system\TfSfscn.exe	cobalt_reflective_dll
C:\Windows\system\XRdhIGq.exe	cobalt_reflective_dll
C:\Windows\system\qcrVMVA.exe	cobalt_reflective_dll
C:\Windows\system\kXCbbtY.exe	cobalt_reflective_dll
C:\Windows\system\xNnrxdF.exe	cobalt_reflective_dll
C:\Windows\system\vdTRkWH.exe	cobalt_reflective_dll
C:\Windows\system\jqXcdbY.exe	cobalt_reflective_dll
C:\Windows\system\jOUfGxo.exe	cobalt_reflective_dll
C:\Windows\system\ftkMRjj.exe	cobalt_reflective_dll
C:\Windows\system\fBgbXGk.exe	cobalt_reflective_dll
C:\Windows\system\ZdAtKjk.exe	cobalt_reflective_dll
C:\Windows\system\HMsmDfH.exe	cobalt_reflective_dll
C:\Windows\system\aXJdXqR.exe	cobalt_reflective_dll
C:\Windows\system\edVaEqE.exe	cobalt_reflective_dll
C:\Windows\system\xTkSBUF.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 41 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1988-0-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
\Windows\system\mKMLXjs.exe	xmrig
\Windows\system\cffKgYU.exe	xmrig
\Windows\system\TXkTdfl.exe	xmrig
C:\Windows\system\XfdfqWG.exe	xmrig
C:\Windows\system\YXrBcpu.exe	xmrig
C:\Windows\system\pSiJLsH.exe	xmrig
\Windows\system\bVpLAhb.exe	xmrig
C:\Windows\system\scyiawI.exe	xmrig
\Windows\system\JvgQmBA.exe	xmrig
\Windows\system\tPhqITD.exe	xmrig
\Windows\system\CglBBRP.exe	xmrig
\Windows\system\MGhQVxc.exe	xmrig
\Windows\system\jESfNay.exe	xmrig
C:\Windows\system\ooruxIZ.exe	xmrig
\Windows\system\krOUIfz.exe	xmrig
C:\Windows\system\cRqKZhp.exe	xmrig
C:\Windows\system\vnmesan.exe	xmrig
C:\Windows\system\REamNiV.exe	xmrig
C:\Windows\system\bhXAprq.exe	xmrig
C:\Windows\system\vVewXkR.exe	xmrig
C:\Windows\system\TfSfscn.exe	xmrig
C:\Windows\system\XRdhIGq.exe	xmrig
C:\Windows\system\qcrVMVA.exe	xmrig
C:\Windows\system\kXCbbtY.exe	xmrig
C:\Windows\system\xNnrxdF.exe	xmrig
C:\Windows\system\vdTRkWH.exe	xmrig
C:\Windows\system\jqXcdbY.exe	xmrig
C:\Windows\system\jOUfGxo.exe	xmrig
C:\Windows\system\ftkMRjj.exe	xmrig
C:\Windows\system\fBgbXGk.exe	xmrig
C:\Windows\system\ZdAtKjk.exe	xmrig
C:\Windows\system\HMsmDfH.exe	xmrig
C:\Windows\system\aXJdXqR.exe	xmrig
C:\Windows\system\edVaEqE.exe	xmrig
C:\Windows\system\xTkSBUF.exe	xmrig
behavioral1/memory/2116-2483-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2064-2512-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2064-3758-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2116-4004-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/1988-4052-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

mKMLXjs.execffKgYU.exeTXkTdfl.exeXfdfqWG.exexTkSBUF.exeedVaEqE.exeaXJdXqR.exeHMsmDfH.exeZdAtKjk.exeYXrBcpu.exefBgbXGk.exeftkMRjj.exepSiJLsH.exejOUfGxo.exejqXcdbY.exebVpLAhb.exevdTRkWH.exexNnrxdF.exekXCbbtY.exeqcrVMVA.exeXRdhIGq.exescyiawI.exeTfSfscn.exeooruxIZ.exevVewXkR.exebhXAprq.exeREamNiV.exevnmesan.execRqKZhp.exekrOUIfz.exeUlpwmvo.exeJvgQmBA.exejESfNay.exeMGhQVxc.exeCglBBRP.exetPhqITD.exeMSnVsHt.exeWcAvquO.exeNTkXtsy.exeRYrkzjF.exekSdyuMX.exeiaqFidh.exeFkFxLTE.exeMcguIBa.exeuKzPclN.exezBqbWfA.exeKVKLAkT.exeGUueEaj.exeMTGaQud.exedVaXeFN.exexOuGzZM.exekgfTcAp.exeefMgTDL.exeRnRZCGM.exekEUDvIf.exeLbdgwwy.exeoPjOLQr.exedrUYyHx.exeoCaiVvx.exeVpbqbjy.exeQZoZHVd.exeueCWBAs.exeymRrGAj.exeCkZEsQy.exe

pid	process
2188	mKMLXjs.exe
2116	cffKgYU.exe
2064	TXkTdfl.exe
2292	XfdfqWG.exe
2756	xTkSBUF.exe
2820	edVaEqE.exe
316	aXJdXqR.exe
2932	HMsmDfH.exe
2956	ZdAtKjk.exe
2660	YXrBcpu.exe
3036	fBgbXGk.exe
2800	ftkMRjj.exe
2624	pSiJLsH.exe
2668	jOUfGxo.exe
1864	jqXcdbY.exe
2156	bVpLAhb.exe
840	vdTRkWH.exe
2960	xNnrxdF.exe
2264	kXCbbtY.exe
2912	qcrVMVA.exe
2892	XRdhIGq.exe
2996	scyiawI.exe
3068	TfSfscn.exe
2688	ooruxIZ.exe
3024	vVewXkR.exe
2360	bhXAprq.exe
1700	REamNiV.exe
884	vnmesan.exe
784	cRqKZhp.exe
964	krOUIfz.exe
1212	Ulpwmvo.exe
2328	JvgQmBA.exe
2400	jESfNay.exe
2724	MGhQVxc.exe
1092	CglBBRP.exe
1872	tPhqITD.exe
960	MSnVsHt.exe
700	WcAvquO.exe
1756	NTkXtsy.exe
760	RYrkzjF.exe
968	kSdyuMX.exe
2544	iaqFidh.exe
1696	FkFxLTE.exe
2248	McguIBa.exe
1112	uKzPclN.exe
1508	zBqbWfA.exe
1824	KVKLAkT.exe
2056	GUueEaj.exe
1260	MTGaQud.exe
1060	dVaXeFN.exe
812	xOuGzZM.exe
2484	kgfTcAp.exe
2356	efMgTDL.exe
2008	RnRZCGM.exe
1728	kEUDvIf.exe
2072	Lbdgwwy.exe
2376	oPjOLQr.exe
2840	drUYyHx.exe
2752	oCaiVvx.exe
1936	Vpbqbjy.exe
3052	QZoZHVd.exe
2680	ueCWBAs.exe
2644	ymRrGAj.exe
2308	CkZEsQy.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 41 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1988-0-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
\Windows\system\mKMLXjs.exe	upx
\Windows\system\cffKgYU.exe	upx
\Windows\system\TXkTdfl.exe	upx
C:\Windows\system\XfdfqWG.exe	upx
C:\Windows\system\YXrBcpu.exe	upx
C:\Windows\system\pSiJLsH.exe	upx
\Windows\system\bVpLAhb.exe	upx
C:\Windows\system\scyiawI.exe	upx
\Windows\system\JvgQmBA.exe	upx
\Windows\system\tPhqITD.exe	upx
\Windows\system\CglBBRP.exe	upx
\Windows\system\MGhQVxc.exe	upx
\Windows\system\jESfNay.exe	upx
C:\Windows\system\ooruxIZ.exe	upx
\Windows\system\krOUIfz.exe	upx
C:\Windows\system\cRqKZhp.exe	upx
C:\Windows\system\vnmesan.exe	upx
C:\Windows\system\REamNiV.exe	upx
C:\Windows\system\bhXAprq.exe	upx
C:\Windows\system\vVewXkR.exe	upx
C:\Windows\system\TfSfscn.exe	upx
C:\Windows\system\XRdhIGq.exe	upx
C:\Windows\system\qcrVMVA.exe	upx
C:\Windows\system\kXCbbtY.exe	upx
C:\Windows\system\xNnrxdF.exe	upx
C:\Windows\system\vdTRkWH.exe	upx
C:\Windows\system\jqXcdbY.exe	upx
C:\Windows\system\jOUfGxo.exe	upx
C:\Windows\system\ftkMRjj.exe	upx
C:\Windows\system\fBgbXGk.exe	upx
C:\Windows\system\ZdAtKjk.exe	upx
C:\Windows\system\HMsmDfH.exe	upx
C:\Windows\system\aXJdXqR.exe	upx
C:\Windows\system\edVaEqE.exe	upx
C:\Windows\system\xTkSBUF.exe	upx
behavioral1/memory/2116-2483-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2064-2512-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2064-3758-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2116-4004-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/1988-4052-0x000000013FD40000-0x0000000140094000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\EItWZXf.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RYrkzjF.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxxJkpr.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSZNFrx.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zcvXXSc.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPhqITD.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdGTlCi.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yDVIsCi.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csYUgYe.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgoXVjG.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoaMTjH.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILijzHU.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFKOkcR.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FkyfcbF.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dpxjmLe.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbJsZtI.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uOXlbEz.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UtcHYpG.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXgzCwL.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GotGrgY.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJvUtFY.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\addnbuE.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNQWHWk.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okxKaoa.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmVEqrJ.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATkrJKB.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUOdFFD.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRFIOrR.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JmnPhVt.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSaXpfn.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVewXkR.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSnVsHt.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lgWbEiW.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHDIjVw.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQLchbl.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thyBGDk.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KAEystf.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDAcCtm.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfVRYxE.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgWjygr.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hLeclxb.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAYOsjn.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CGbsyzv.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbvQMHc.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BSBRisM.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYQDBrD.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ltTFMTi.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SaXEkkw.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uhcYgAW.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBxlkLi.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfSYHzQ.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NnBFGCr.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lLcSeSn.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLcBCcd.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtFVwRH.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOEcpqf.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weyiMJp.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\REHFMGE.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDolXWm.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KDTljJv.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtaIDDJ.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfwjpNE.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvGThaC.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPpQjjn.exe	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 1988 wrote to memory of 2188	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	mKMLXjs.exe
PID 1988 wrote to memory of 2188	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	mKMLXjs.exe
PID 1988 wrote to memory of 2188	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	mKMLXjs.exe
PID 1988 wrote to memory of 2116	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	cffKgYU.exe
PID 1988 wrote to memory of 2116	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	cffKgYU.exe
PID 1988 wrote to memory of 2116	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	cffKgYU.exe
PID 1988 wrote to memory of 2064	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	TXkTdfl.exe
PID 1988 wrote to memory of 2064	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	TXkTdfl.exe
PID 1988 wrote to memory of 2064	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	TXkTdfl.exe
PID 1988 wrote to memory of 2292	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	XfdfqWG.exe
PID 1988 wrote to memory of 2292	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	XfdfqWG.exe
PID 1988 wrote to memory of 2292	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	XfdfqWG.exe
PID 1988 wrote to memory of 2756	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	xTkSBUF.exe
PID 1988 wrote to memory of 2756	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	xTkSBUF.exe
PID 1988 wrote to memory of 2756	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	xTkSBUF.exe
PID 1988 wrote to memory of 2820	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	edVaEqE.exe
PID 1988 wrote to memory of 2820	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	edVaEqE.exe
PID 1988 wrote to memory of 2820	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	edVaEqE.exe
PID 1988 wrote to memory of 316	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	aXJdXqR.exe
PID 1988 wrote to memory of 316	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	aXJdXqR.exe
PID 1988 wrote to memory of 316	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	aXJdXqR.exe
PID 1988 wrote to memory of 2932	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	HMsmDfH.exe
PID 1988 wrote to memory of 2932	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	HMsmDfH.exe
PID 1988 wrote to memory of 2932	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	HMsmDfH.exe
PID 1988 wrote to memory of 2956	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	ZdAtKjk.exe
PID 1988 wrote to memory of 2956	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	ZdAtKjk.exe
PID 1988 wrote to memory of 2956	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	ZdAtKjk.exe
PID 1988 wrote to memory of 2660	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	YXrBcpu.exe
PID 1988 wrote to memory of 2660	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	YXrBcpu.exe
PID 1988 wrote to memory of 2660	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	YXrBcpu.exe
PID 1988 wrote to memory of 3036	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	fBgbXGk.exe
PID 1988 wrote to memory of 3036	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	fBgbXGk.exe
PID 1988 wrote to memory of 3036	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	fBgbXGk.exe
PID 1988 wrote to memory of 2800	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	ftkMRjj.exe
PID 1988 wrote to memory of 2800	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	ftkMRjj.exe
PID 1988 wrote to memory of 2800	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	ftkMRjj.exe
PID 1988 wrote to memory of 2624	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	pSiJLsH.exe
PID 1988 wrote to memory of 2624	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	pSiJLsH.exe
PID 1988 wrote to memory of 2624	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	pSiJLsH.exe
PID 1988 wrote to memory of 2668	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	jOUfGxo.exe
PID 1988 wrote to memory of 2668	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	jOUfGxo.exe
PID 1988 wrote to memory of 2668	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	jOUfGxo.exe
PID 1988 wrote to memory of 1864	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	jqXcdbY.exe
PID 1988 wrote to memory of 1864	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	jqXcdbY.exe
PID 1988 wrote to memory of 1864	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	jqXcdbY.exe
PID 1988 wrote to memory of 2156	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	bVpLAhb.exe
PID 1988 wrote to memory of 2156	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	bVpLAhb.exe
PID 1988 wrote to memory of 2156	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	bVpLAhb.exe
PID 1988 wrote to memory of 840	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	vdTRkWH.exe
PID 1988 wrote to memory of 840	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	vdTRkWH.exe
PID 1988 wrote to memory of 840	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	vdTRkWH.exe
PID 1988 wrote to memory of 2960	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	xNnrxdF.exe
PID 1988 wrote to memory of 2960	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	xNnrxdF.exe
PID 1988 wrote to memory of 2960	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	xNnrxdF.exe
PID 1988 wrote to memory of 2264	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	kXCbbtY.exe
PID 1988 wrote to memory of 2264	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	kXCbbtY.exe
PID 1988 wrote to memory of 2264	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	kXCbbtY.exe
PID 1988 wrote to memory of 2912	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	qcrVMVA.exe
PID 1988 wrote to memory of 2912	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	qcrVMVA.exe
PID 1988 wrote to memory of 2912	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	qcrVMVA.exe
PID 1988 wrote to memory of 2892	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	XRdhIGq.exe
PID 1988 wrote to memory of 2892	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	XRdhIGq.exe
PID 1988 wrote to memory of 2892	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	XRdhIGq.exe
PID 1988 wrote to memory of 2996	1988	2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe	scyiawI.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_7a33799782b2447965df0b41f1b88ddd_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\System\mKMLXjs.exe
  C:\Windows\System\mKMLXjs.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\cffKgYU.exe
  C:\Windows\System\cffKgYU.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\TXkTdfl.exe
  C:\Windows\System\TXkTdfl.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\XfdfqWG.exe
  C:\Windows\System\XfdfqWG.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\xTkSBUF.exe
  C:\Windows\System\xTkSBUF.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\edVaEqE.exe
  C:\Windows\System\edVaEqE.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\aXJdXqR.exe
  C:\Windows\System\aXJdXqR.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\HMsmDfH.exe
  C:\Windows\System\HMsmDfH.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\ZdAtKjk.exe
  C:\Windows\System\ZdAtKjk.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\YXrBcpu.exe
  C:\Windows\System\YXrBcpu.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\fBgbXGk.exe
  C:\Windows\System\fBgbXGk.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\ftkMRjj.exe
  C:\Windows\System\ftkMRjj.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\pSiJLsH.exe
  C:\Windows\System\pSiJLsH.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\jOUfGxo.exe
  C:\Windows\System\jOUfGxo.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\jqXcdbY.exe
  C:\Windows\System\jqXcdbY.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\bVpLAhb.exe
  C:\Windows\System\bVpLAhb.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\vdTRkWH.exe
  C:\Windows\System\vdTRkWH.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\xNnrxdF.exe
  C:\Windows\System\xNnrxdF.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\kXCbbtY.exe
  C:\Windows\System\kXCbbtY.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\qcrVMVA.exe
  C:\Windows\System\qcrVMVA.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\XRdhIGq.exe
  C:\Windows\System\XRdhIGq.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\scyiawI.exe
  C:\Windows\System\scyiawI.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\TfSfscn.exe
  C:\Windows\System\TfSfscn.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\ooruxIZ.exe
  C:\Windows\System\ooruxIZ.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\vVewXkR.exe
  C:\Windows\System\vVewXkR.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\JvgQmBA.exe
  C:\Windows\System\JvgQmBA.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\bhXAprq.exe
  C:\Windows\System\bhXAprq.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\jESfNay.exe
  C:\Windows\System\jESfNay.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\REamNiV.exe
  C:\Windows\System\REamNiV.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\MGhQVxc.exe
  C:\Windows\System\MGhQVxc.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\vnmesan.exe
  C:\Windows\System\vnmesan.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\CglBBRP.exe
  C:\Windows\System\CglBBRP.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\cRqKZhp.exe
  C:\Windows\System\cRqKZhp.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\tPhqITD.exe
  C:\Windows\System\tPhqITD.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\krOUIfz.exe
  C:\Windows\System\krOUIfz.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\MSnVsHt.exe
  C:\Windows\System\MSnVsHt.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\Ulpwmvo.exe
  C:\Windows\System\Ulpwmvo.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\WcAvquO.exe
  C:\Windows\System\WcAvquO.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\NTkXtsy.exe
  C:\Windows\System\NTkXtsy.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\kSdyuMX.exe
  C:\Windows\System\kSdyuMX.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\RYrkzjF.exe
  C:\Windows\System\RYrkzjF.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\FkFxLTE.exe
  C:\Windows\System\FkFxLTE.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\iaqFidh.exe
  C:\Windows\System\iaqFidh.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\McguIBa.exe
  C:\Windows\System\McguIBa.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\uKzPclN.exe
  C:\Windows\System\uKzPclN.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\zBqbWfA.exe
  C:\Windows\System\zBqbWfA.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\KVKLAkT.exe
  C:\Windows\System\KVKLAkT.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\GUueEaj.exe
  C:\Windows\System\GUueEaj.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\MTGaQud.exe
  C:\Windows\System\MTGaQud.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\dVaXeFN.exe
  C:\Windows\System\dVaXeFN.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\xOuGzZM.exe
  C:\Windows\System\xOuGzZM.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\kgfTcAp.exe
  C:\Windows\System\kgfTcAp.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\efMgTDL.exe
  C:\Windows\System\efMgTDL.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\RnRZCGM.exe
  C:\Windows\System\RnRZCGM.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\kEUDvIf.exe
  C:\Windows\System\kEUDvIf.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\Lbdgwwy.exe
  C:\Windows\System\Lbdgwwy.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\oPjOLQr.exe
  C:\Windows\System\oPjOLQr.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\drUYyHx.exe
  C:\Windows\System\drUYyHx.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\oCaiVvx.exe
  C:\Windows\System\oCaiVvx.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\Vpbqbjy.exe
  C:\Windows\System\Vpbqbjy.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\QZoZHVd.exe
  C:\Windows\System\QZoZHVd.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\ueCWBAs.exe
  C:\Windows\System\ueCWBAs.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\ymRrGAj.exe
  C:\Windows\System\ymRrGAj.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\CkZEsQy.exe
  C:\Windows\System\CkZEsQy.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\uEOmfTd.exe
  C:\Windows\System\uEOmfTd.exe
  2⤵
  PID:1588
- C:\Windows\System\dNikbGh.exe
  C:\Windows\System\dNikbGh.exe
  2⤵
  PID:1492
- C:\Windows\System\rPnIZJI.exe
  C:\Windows\System\rPnIZJI.exe
  2⤵
  PID:2988
- C:\Windows\System\uOXlbEz.exe
  C:\Windows\System\uOXlbEz.exe
  2⤵
  PID:2276
- C:\Windows\System\DBUAsHR.exe
  C:\Windows\System\DBUAsHR.exe
  2⤵
  PID:1856
- C:\Windows\System\UshFymM.exe
  C:\Windows\System\UshFymM.exe
  2⤵
  PID:2044
- C:\Windows\System\orgZwUt.exe
  C:\Windows\System\orgZwUt.exe
  2⤵
  PID:2428
- C:\Windows\System\BdroBQw.exe
  C:\Windows\System\BdroBQw.exe
  2⤵
  PID:2888
- C:\Windows\System\atCkSje.exe
  C:\Windows\System\atCkSje.exe
  2⤵
  PID:3012
- C:\Windows\System\kFjNqbr.exe
  C:\Windows\System\kFjNqbr.exe
  2⤵
  PID:2424
- C:\Windows\System\VwhRWhR.exe
  C:\Windows\System\VwhRWhR.exe
  2⤵
  PID:2364
- C:\Windows\System\JKQIsUe.exe
  C:\Windows\System\JKQIsUe.exe
  2⤵
  PID:1052
- C:\Windows\System\wtWgwjk.exe
  C:\Windows\System\wtWgwjk.exe
  2⤵
  PID:1780
- C:\Windows\System\SaXEkkw.exe
  C:\Windows\System\SaXEkkw.exe
  2⤵
  PID:1924
- C:\Windows\System\EPUZEnP.exe
  C:\Windows\System\EPUZEnP.exe
  2⤵
  PID:900
- C:\Windows\System\YbkFshw.exe
  C:\Windows\System\YbkFshw.exe
  2⤵
  PID:2092
- C:\Windows\System\gAQOrvc.exe
  C:\Windows\System\gAQOrvc.exe
  2⤵
  PID:2260
- C:\Windows\System\ATSNoJy.exe
  C:\Windows\System\ATSNoJy.exe
  2⤵
  PID:572
- C:\Windows\System\hSryPEp.exe
  C:\Windows\System\hSryPEp.exe
  2⤵
  PID:1784
- C:\Windows\System\xquvZRr.exe
  C:\Windows\System\xquvZRr.exe
  2⤵
  PID:1808
- C:\Windows\System\PZjDBHp.exe
  C:\Windows\System\PZjDBHp.exe
  2⤵
  PID:1568
- C:\Windows\System\QxJHzRw.exe
  C:\Windows\System\QxJHzRw.exe
  2⤵
  PID:1940
- C:\Windows\System\ryRCMHs.exe
  C:\Windows\System\ryRCMHs.exe
  2⤵
  PID:1972
- C:\Windows\System\kxaZqoO.exe
  C:\Windows\System\kxaZqoO.exe
  2⤵
  PID:2448
- C:\Windows\System\oAVVzig.exe
  C:\Windows\System\oAVVzig.exe
  2⤵
  PID:2316
- C:\Windows\System\VaNdsXb.exe
  C:\Windows\System\VaNdsXb.exe
  2⤵
  PID:1692
- C:\Windows\System\gKdkEOI.exe
  C:\Windows\System\gKdkEOI.exe
  2⤵
  PID:2788
- C:\Windows\System\pTiGXse.exe
  C:\Windows\System\pTiGXse.exe
  2⤵
  PID:2972
- C:\Windows\System\DjDyGHa.exe
  C:\Windows\System\DjDyGHa.exe
  2⤵
  PID:2636
- C:\Windows\System\pFRkmFm.exe
  C:\Windows\System\pFRkmFm.exe
  2⤵
  PID:1008
- C:\Windows\System\iNLRhKK.exe
  C:\Windows\System\iNLRhKK.exe
  2⤵
  PID:2860
- C:\Windows\System\mpnGnfQ.exe
  C:\Windows\System\mpnGnfQ.exe
  2⤵
  PID:2540
- C:\Windows\System\WgUDskk.exe
  C:\Windows\System\WgUDskk.exe
  2⤵
  PID:2492
- C:\Windows\System\FXWKErO.exe
  C:\Windows\System\FXWKErO.exe
  2⤵
  PID:560
- C:\Windows\System\QZScEdJ.exe
  C:\Windows\System\QZScEdJ.exe
  2⤵
  PID:780
- C:\Windows\System\GuSxMzQ.exe
  C:\Windows\System\GuSxMzQ.exe
  2⤵
  PID:1744
- C:\Windows\System\vSErvkg.exe
  C:\Windows\System\vSErvkg.exe
  2⤵
  PID:844
- C:\Windows\System\OZFMEtJ.exe
  C:\Windows\System\OZFMEtJ.exe
  2⤵
  PID:2108
- C:\Windows\System\HOFPMOC.exe
  C:\Windows\System\HOFPMOC.exe
  2⤵
  PID:2480
- C:\Windows\System\NxSbpJH.exe
  C:\Windows\System\NxSbpJH.exe
  2⤵
  PID:628
- C:\Windows\System\mUEVwQP.exe
  C:\Windows\System\mUEVwQP.exe
  2⤵
  PID:1704
- C:\Windows\System\zOtBPyr.exe
  C:\Windows\System\zOtBPyr.exe
  2⤵
  PID:2564
- C:\Windows\System\NBOEQNE.exe
  C:\Windows\System\NBOEQNE.exe
  2⤵
  PID:2508
- C:\Windows\System\WfWeECw.exe
  C:\Windows\System\WfWeECw.exe
  2⤵
  PID:1612
- C:\Windows\System\QEZlzHZ.exe
  C:\Windows\System\QEZlzHZ.exe
  2⤵
  PID:2940
- C:\Windows\System\WVsfkKA.exe
  C:\Windows\System\WVsfkKA.exe
  2⤵
  PID:2784
- C:\Windows\System\NfgeHeX.exe
  C:\Windows\System\NfgeHeX.exe
  2⤵
  PID:3092
- C:\Windows\System\lmVEqrJ.exe
  C:\Windows\System\lmVEqrJ.exe
  2⤵
  PID:3108
- C:\Windows\System\EPrFxID.exe
  C:\Windows\System\EPrFxID.exe
  2⤵
  PID:3132
- C:\Windows\System\HSLABFE.exe
  C:\Windows\System\HSLABFE.exe
  2⤵
  PID:3152
- C:\Windows\System\dukMwnw.exe
  C:\Windows\System\dukMwnw.exe
  2⤵
  PID:3168
- C:\Windows\System\RzPiFea.exe
  C:\Windows\System\RzPiFea.exe
  2⤵
  PID:3192
- C:\Windows\System\DbWivFb.exe
  C:\Windows\System\DbWivFb.exe
  2⤵
  PID:3208
- C:\Windows\System\PhlUjci.exe
  C:\Windows\System\PhlUjci.exe
  2⤵
  PID:3228
- C:\Windows\System\tFtStDY.exe
  C:\Windows\System\tFtStDY.exe
  2⤵
  PID:3248
- C:\Windows\System\nqCFmre.exe
  C:\Windows\System\nqCFmre.exe
  2⤵
  PID:3272
- C:\Windows\System\UtcHYpG.exe
  C:\Windows\System\UtcHYpG.exe
  2⤵
  PID:3292
- C:\Windows\System\uqghffM.exe
  C:\Windows\System\uqghffM.exe
  2⤵
  PID:3308
- C:\Windows\System\XKniGDU.exe
  C:\Windows\System\XKniGDU.exe
  2⤵
  PID:3332
- C:\Windows\System\bbmsiRK.exe
  C:\Windows\System\bbmsiRK.exe
  2⤵
  PID:3348
- C:\Windows\System\teWXkpJ.exe
  C:\Windows\System\teWXkpJ.exe
  2⤵
  PID:3372
- C:\Windows\System\sEdqQwl.exe
  C:\Windows\System\sEdqQwl.exe
  2⤵
  PID:3392
- C:\Windows\System\IZeILif.exe
  C:\Windows\System\IZeILif.exe
  2⤵
  PID:3412
- C:\Windows\System\KhTSwTg.exe
  C:\Windows\System\KhTSwTg.exe
  2⤵
  PID:3428
- C:\Windows\System\WcpRmcB.exe
  C:\Windows\System\WcpRmcB.exe
  2⤵
  PID:3448
- C:\Windows\System\IEFYHmP.exe
  C:\Windows\System\IEFYHmP.exe
  2⤵
  PID:3464
- C:\Windows\System\eLhKxuV.exe
  C:\Windows\System\eLhKxuV.exe
  2⤵
  PID:3484
- C:\Windows\System\yiflaRD.exe
  C:\Windows\System\yiflaRD.exe
  2⤵
  PID:3508
- C:\Windows\System\AajAsda.exe
  C:\Windows\System\AajAsda.exe
  2⤵
  PID:3528
- C:\Windows\System\KBfYzec.exe
  C:\Windows\System\KBfYzec.exe
  2⤵
  PID:3544
- C:\Windows\System\upcdAKF.exe
  C:\Windows\System\upcdAKF.exe
  2⤵
  PID:3564
- C:\Windows\System\OmpwUgj.exe
  C:\Windows\System\OmpwUgj.exe
  2⤵
  PID:3580
- C:\Windows\System\ZXmlRwP.exe
  C:\Windows\System\ZXmlRwP.exe
  2⤵
  PID:3612
- C:\Windows\System\rfvSggT.exe
  C:\Windows\System\rfvSggT.exe
  2⤵
  PID:3632
- C:\Windows\System\hcxVeOk.exe
  C:\Windows\System\hcxVeOk.exe
  2⤵
  PID:3652
- C:\Windows\System\YNOvYlZ.exe
  C:\Windows\System\YNOvYlZ.exe
  2⤵
  PID:3672
- C:\Windows\System\WlnoPFS.exe
  C:\Windows\System\WlnoPFS.exe
  2⤵
  PID:3692
- C:\Windows\System\AhglAvY.exe
  C:\Windows\System\AhglAvY.exe
  2⤵
  PID:3712
- C:\Windows\System\ONjhZrR.exe
  C:\Windows\System\ONjhZrR.exe
  2⤵
  PID:3732
- C:\Windows\System\xtbAMvz.exe
  C:\Windows\System\xtbAMvz.exe
  2⤵
  PID:3752
- C:\Windows\System\PRDLITI.exe
  C:\Windows\System\PRDLITI.exe
  2⤵
  PID:3772
- C:\Windows\System\idQBPzF.exe
  C:\Windows\System\idQBPzF.exe
  2⤵
  PID:3792
- C:\Windows\System\AcbbUVc.exe
  C:\Windows\System\AcbbUVc.exe
  2⤵
  PID:3812
- C:\Windows\System\ZzDDJYN.exe
  C:\Windows\System\ZzDDJYN.exe
  2⤵
  PID:3832
- C:\Windows\System\ylhaHWO.exe
  C:\Windows\System\ylhaHWO.exe
  2⤵
  PID:3852
- C:\Windows\System\QYywKNg.exe
  C:\Windows\System\QYywKNg.exe
  2⤵
  PID:3872
- C:\Windows\System\ROlEUOJ.exe
  C:\Windows\System\ROlEUOJ.exe
  2⤵
  PID:3892
- C:\Windows\System\wCgFvmh.exe
  C:\Windows\System\wCgFvmh.exe
  2⤵
  PID:3912
- C:\Windows\System\lhNFVTu.exe
  C:\Windows\System\lhNFVTu.exe
  2⤵
  PID:3932
- C:\Windows\System\slyoqTM.exe
  C:\Windows\System\slyoqTM.exe
  2⤵
  PID:3952
- C:\Windows\System\gymNcGZ.exe
  C:\Windows\System\gymNcGZ.exe
  2⤵
  PID:3972
- C:\Windows\System\bwsLcGe.exe
  C:\Windows\System\bwsLcGe.exe
  2⤵
  PID:3992
- C:\Windows\System\rinyHHV.exe
  C:\Windows\System\rinyHHV.exe
  2⤵
  PID:4012
- C:\Windows\System\TryvaVb.exe
  C:\Windows\System\TryvaVb.exe
  2⤵
  PID:4032
- C:\Windows\System\vFdfaSQ.exe
  C:\Windows\System\vFdfaSQ.exe
  2⤵
  PID:4052
- C:\Windows\System\gHNcmHi.exe
  C:\Windows\System\gHNcmHi.exe
  2⤵
  PID:4072
- C:\Windows\System\gYofCHu.exe
  C:\Windows\System\gYofCHu.exe
  2⤵
  PID:4092
- C:\Windows\System\YnDEgeD.exe
  C:\Windows\System\YnDEgeD.exe
  2⤵
  PID:2700
- C:\Windows\System\uEqMUBU.exe
  C:\Windows\System\uEqMUBU.exe
  2⤵
  PID:2908
- C:\Windows\System\IPSPujG.exe
  C:\Windows\System\IPSPujG.exe
  2⤵
  PID:2060
- C:\Windows\System\uvvrhLr.exe
  C:\Windows\System\uvvrhLr.exe
  2⤵
  PID:2992
- C:\Windows\System\yHTZUfX.exe
  C:\Windows\System\yHTZUfX.exe
  2⤵
  PID:1752
- C:\Windows\System\FHZewsK.exe
  C:\Windows\System\FHZewsK.exe
  2⤵
  PID:544
- C:\Windows\System\KcyesHg.exe
  C:\Windows\System\KcyesHg.exe
  2⤵
  PID:1680
- C:\Windows\System\JlzmYgc.exe
  C:\Windows\System\JlzmYgc.exe
  2⤵
  PID:1736
- C:\Windows\System\noQjggT.exe
  C:\Windows\System\noQjggT.exe
  2⤵
  PID:2216
- C:\Windows\System\ilKAGjH.exe
  C:\Windows\System\ilKAGjH.exe
  2⤵
  PID:2744
- C:\Windows\System\VxnUmTj.exe
  C:\Windows\System\VxnUmTj.exe
  2⤵
  PID:3140
- C:\Windows\System\lxTTxjL.exe
  C:\Windows\System\lxTTxjL.exe
  2⤵
  PID:3080
- C:\Windows\System\xPUvGJY.exe
  C:\Windows\System\xPUvGJY.exe
  2⤵
  PID:3124
- C:\Windows\System\aSjbnAQ.exe
  C:\Windows\System\aSjbnAQ.exe
  2⤵
  PID:3188
- C:\Windows\System\fYUoZah.exe
  C:\Windows\System\fYUoZah.exe
  2⤵
  PID:3220
- C:\Windows\System\lGnXGzW.exe
  C:\Windows\System\lGnXGzW.exe
  2⤵
  PID:3256
- C:\Windows\System\wmrqFSC.exe
  C:\Windows\System\wmrqFSC.exe
  2⤵
  PID:3244
- C:\Windows\System\HaSnZfW.exe
  C:\Windows\System\HaSnZfW.exe
  2⤵
  PID:3284
- C:\Windows\System\wpssEIW.exe
  C:\Windows\System\wpssEIW.exe
  2⤵
  PID:3320
- C:\Windows\System\gDcubOd.exe
  C:\Windows\System\gDcubOd.exe
  2⤵
  PID:3364
- C:\Windows\System\htLiKDE.exe
  C:\Windows\System\htLiKDE.exe
  2⤵
  PID:3420
- C:\Windows\System\ndJcVuh.exe
  C:\Windows\System\ndJcVuh.exe
  2⤵
  PID:3492
- C:\Windows\System\KVioAwA.exe
  C:\Windows\System\KVioAwA.exe
  2⤵
  PID:3440
- C:\Windows\System\iULqznb.exe
  C:\Windows\System\iULqznb.exe
  2⤵
  PID:3480
- C:\Windows\System\rhJwDcG.exe
  C:\Windows\System\rhJwDcG.exe
  2⤵
  PID:3556
- C:\Windows\System\gKsrJVe.exe
  C:\Windows\System\gKsrJVe.exe
  2⤵
  PID:3588
- C:\Windows\System\FTSlYrB.exe
  C:\Windows\System\FTSlYrB.exe
  2⤵
  PID:3604
- C:\Windows\System\NUEuaUT.exe
  C:\Windows\System\NUEuaUT.exe
  2⤵
  PID:3644
- C:\Windows\System\DlZkpNq.exe
  C:\Windows\System\DlZkpNq.exe
  2⤵
  PID:3688
- C:\Windows\System\CuFXmIY.exe
  C:\Windows\System\CuFXmIY.exe
  2⤵
  PID:3720
- C:\Windows\System\GKUhpDn.exe
  C:\Windows\System\GKUhpDn.exe
  2⤵
  PID:3744
- C:\Windows\System\PSOLHRl.exe
  C:\Windows\System\PSOLHRl.exe
  2⤵
  PID:3764
- C:\Windows\System\JqIYPET.exe
  C:\Windows\System\JqIYPET.exe
  2⤵
  PID:3820
- C:\Windows\System\XjDixZD.exe
  C:\Windows\System\XjDixZD.exe
  2⤵
  PID:3844
- C:\Windows\System\qRsNcjv.exe
  C:\Windows\System\qRsNcjv.exe
  2⤵
  PID:3880
- C:\Windows\System\grxpEtZ.exe
  C:\Windows\System\grxpEtZ.exe
  2⤵
  PID:3920
- C:\Windows\System\YRSKHPo.exe
  C:\Windows\System\YRSKHPo.exe
  2⤵
  PID:3944
- C:\Windows\System\JhmMuVB.exe
  C:\Windows\System\JhmMuVB.exe
  2⤵
  PID:3968
- C:\Windows\System\VLQhXyX.exe
  C:\Windows\System\VLQhXyX.exe
  2⤵
  PID:4020
- C:\Windows\System\rMXliQw.exe
  C:\Windows\System\rMXliQw.exe
  2⤵
  PID:4044
- C:\Windows\System\pBKkzLU.exe
  C:\Windows\System\pBKkzLU.exe
  2⤵
  PID:4088
- C:\Windows\System\UnFmXhR.exe
  C:\Windows\System\UnFmXhR.exe
  2⤵
  PID:3048
- C:\Windows\System\PJBtUaj.exe
  C:\Windows\System\PJBtUaj.exe
  2⤵
  PID:1488
- C:\Windows\System\qYKRGET.exe
  C:\Windows\System\qYKRGET.exe
  2⤵
  PID:1516
- C:\Windows\System\oufAfzk.exe
  C:\Windows\System\oufAfzk.exe
  2⤵
  PID:1272
- C:\Windows\System\sanpNnv.exe
  C:\Windows\System\sanpNnv.exe
  2⤵
  PID:2100
- C:\Windows\System\QbNMBgY.exe
  C:\Windows\System\QbNMBgY.exe
  2⤵
  PID:3044
- C:\Windows\System\WxHKAsc.exe
  C:\Windows\System\WxHKAsc.exe
  2⤵
  PID:2772
- C:\Windows\System\qIzFrUh.exe
  C:\Windows\System\qIzFrUh.exe
  2⤵
  PID:3176
- C:\Windows\System\yaKEaBV.exe
  C:\Windows\System\yaKEaBV.exe
  2⤵
  PID:3164
- C:\Windows\System\FhifzYr.exe
  C:\Windows\System\FhifzYr.exe
  2⤵
  PID:3236
- C:\Windows\System\gNDuGkk.exe
  C:\Windows\System\gNDuGkk.exe
  2⤵
  PID:3344
- C:\Windows\System\dZhjdqY.exe
  C:\Windows\System\dZhjdqY.exe
  2⤵
  PID:3388
- C:\Windows\System\XRUOdmZ.exe
  C:\Windows\System\XRUOdmZ.exe
  2⤵
  PID:3400
- C:\Windows\System\qfiSOLa.exe
  C:\Windows\System\qfiSOLa.exe
  2⤵
  PID:3496
- C:\Windows\System\TwHIWJj.exe
  C:\Windows\System\TwHIWJj.exe
  2⤵
  PID:3524
- C:\Windows\System\yAKftJG.exe
  C:\Windows\System\yAKftJG.exe
  2⤵
  PID:3520
- C:\Windows\System\zHXXxVX.exe
  C:\Windows\System\zHXXxVX.exe
  2⤵
  PID:3648
- C:\Windows\System\ugwULUt.exe
  C:\Windows\System\ugwULUt.exe
  2⤵
  PID:3684
- C:\Windows\System\eqezNNi.exe
  C:\Windows\System\eqezNNi.exe
  2⤵
  PID:3728
- C:\Windows\System\eWhRoer.exe
  C:\Windows\System\eWhRoer.exe
  2⤵
  PID:3780
- C:\Windows\System\HEBwIGm.exe
  C:\Windows\System\HEBwIGm.exe
  2⤵
  PID:3864
- C:\Windows\System\lwGMhwv.exe
  C:\Windows\System\lwGMhwv.exe
  2⤵
  PID:3908
- C:\Windows\System\Lrybeuw.exe
  C:\Windows\System\Lrybeuw.exe
  2⤵
  PID:3960
- C:\Windows\System\dcTThTy.exe
  C:\Windows\System\dcTThTy.exe
  2⤵
  PID:4024
- C:\Windows\System\KGqWNex.exe
  C:\Windows\System\KGqWNex.exe
  2⤵
  PID:4064
- C:\Windows\System\irAIsjY.exe
  C:\Windows\System\irAIsjY.exe
  2⤵
  PID:556
- C:\Windows\System\jxlcgAS.exe
  C:\Windows\System\jxlcgAS.exe
  2⤵
  PID:2384
- C:\Windows\System\brjQbiA.exe
  C:\Windows\System\brjQbiA.exe
  2⤵
  PID:1652
- C:\Windows\System\oLNhozt.exe
  C:\Windows\System\oLNhozt.exe
  2⤵
  PID:3116
- C:\Windows\System\EvOFTcv.exe
  C:\Windows\System\EvOFTcv.exe
  2⤵
  PID:3224
- C:\Windows\System\AATOXNY.exe
  C:\Windows\System\AATOXNY.exe
  2⤵
  PID:3324
- C:\Windows\System\aGbGFAd.exe
  C:\Windows\System\aGbGFAd.exe
  2⤵
  PID:3328
- C:\Windows\System\HguNskt.exe
  C:\Windows\System\HguNskt.exe
  2⤵
  PID:4108
- C:\Windows\System\VJxWHMd.exe
  C:\Windows\System\VJxWHMd.exe
  2⤵
  PID:4136
- C:\Windows\System\pHlDJuu.exe
  C:\Windows\System\pHlDJuu.exe
  2⤵
  PID:4156
- C:\Windows\System\hbpPeYz.exe
  C:\Windows\System\hbpPeYz.exe
  2⤵
  PID:4176
- C:\Windows\System\ukEMbuU.exe
  C:\Windows\System\ukEMbuU.exe
  2⤵
  PID:4196
- C:\Windows\System\zKSxkTP.exe
  C:\Windows\System\zKSxkTP.exe
  2⤵
  PID:4216
- C:\Windows\System\iOEcpqf.exe
  C:\Windows\System\iOEcpqf.exe
  2⤵
  PID:4236
- C:\Windows\System\oirKhVp.exe
  C:\Windows\System\oirKhVp.exe
  2⤵
  PID:4256
- C:\Windows\System\RTLLDSF.exe
  C:\Windows\System\RTLLDSF.exe
  2⤵
  PID:4276
- C:\Windows\System\mIANWqe.exe
  C:\Windows\System\mIANWqe.exe
  2⤵
  PID:4300
- C:\Windows\System\KMFGPME.exe
  C:\Windows\System\KMFGPME.exe
  2⤵
  PID:4320
- C:\Windows\System\YbnDzCB.exe
  C:\Windows\System\YbnDzCB.exe
  2⤵
  PID:4344
- C:\Windows\System\xzepUyx.exe
  C:\Windows\System\xzepUyx.exe
  2⤵
  PID:4364
- C:\Windows\System\sMCXGnT.exe
  C:\Windows\System\sMCXGnT.exe
  2⤵
  PID:4388
- C:\Windows\System\MiIZCBB.exe
  C:\Windows\System\MiIZCBB.exe
  2⤵
  PID:4408
- C:\Windows\System\ZwQIxPB.exe
  C:\Windows\System\ZwQIxPB.exe
  2⤵
  PID:4428
- C:\Windows\System\wrpaMAp.exe
  C:\Windows\System\wrpaMAp.exe
  2⤵
  PID:4448
- C:\Windows\System\EpdJhRY.exe
  C:\Windows\System\EpdJhRY.exe
  2⤵
  PID:4468
- C:\Windows\System\PheuRFD.exe
  C:\Windows\System\PheuRFD.exe
  2⤵
  PID:4496
- C:\Windows\System\WbvSghG.exe
  C:\Windows\System\WbvSghG.exe
  2⤵
  PID:4516
- C:\Windows\System\BlKqoys.exe
  C:\Windows\System\BlKqoys.exe
  2⤵
  PID:4536
- C:\Windows\System\YgtRSmM.exe
  C:\Windows\System\YgtRSmM.exe
  2⤵
  PID:4556
- C:\Windows\System\lFMfnGp.exe
  C:\Windows\System\lFMfnGp.exe
  2⤵
  PID:4576
- C:\Windows\System\usGNdwF.exe
  C:\Windows\System\usGNdwF.exe
  2⤵
  PID:4596
- C:\Windows\System\PAseLeT.exe
  C:\Windows\System\PAseLeT.exe
  2⤵
  PID:4616
- C:\Windows\System\DOfYdBP.exe
  C:\Windows\System\DOfYdBP.exe
  2⤵
  PID:4636
- C:\Windows\System\OYffdXW.exe
  C:\Windows\System\OYffdXW.exe
  2⤵
  PID:4656
- C:\Windows\System\YurLxQk.exe
  C:\Windows\System\YurLxQk.exe
  2⤵
  PID:4676
- C:\Windows\System\ATaOmjs.exe
  C:\Windows\System\ATaOmjs.exe
  2⤵
  PID:4696
- C:\Windows\System\bwpXbaZ.exe
  C:\Windows\System\bwpXbaZ.exe
  2⤵
  PID:4716
- C:\Windows\System\TCaJadE.exe
  C:\Windows\System\TCaJadE.exe
  2⤵
  PID:4736
- C:\Windows\System\iXkwWwC.exe
  C:\Windows\System\iXkwWwC.exe
  2⤵
  PID:4756
- C:\Windows\System\WzNjsPv.exe
  C:\Windows\System\WzNjsPv.exe
  2⤵
  PID:4780
- C:\Windows\System\AUCGmjt.exe
  C:\Windows\System\AUCGmjt.exe
  2⤵
  PID:4800
- C:\Windows\System\VISQqpd.exe
  C:\Windows\System\VISQqpd.exe
  2⤵
  PID:4820
- C:\Windows\System\IRfroqH.exe
  C:\Windows\System\IRfroqH.exe
  2⤵
  PID:4844
- C:\Windows\System\ElxrAnJ.exe
  C:\Windows\System\ElxrAnJ.exe
  2⤵
  PID:4864
- C:\Windows\System\iuTVDGe.exe
  C:\Windows\System\iuTVDGe.exe
  2⤵
  PID:4884
- C:\Windows\System\KGpJmdY.exe
  C:\Windows\System\KGpJmdY.exe
  2⤵
  PID:4904
- C:\Windows\System\pGxfjmz.exe
  C:\Windows\System\pGxfjmz.exe
  2⤵
  PID:4924
- C:\Windows\System\TsdrUSH.exe
  C:\Windows\System\TsdrUSH.exe
  2⤵
  PID:4944
- C:\Windows\System\qZCexIR.exe
  C:\Windows\System\qZCexIR.exe
  2⤵
  PID:4964
- C:\Windows\System\ESUTNfQ.exe
  C:\Windows\System\ESUTNfQ.exe
  2⤵
  PID:4984
- C:\Windows\System\TgBWdOs.exe
  C:\Windows\System\TgBWdOs.exe
  2⤵
  PID:5004
- C:\Windows\System\xSYLSBN.exe
  C:\Windows\System\xSYLSBN.exe
  2⤵
  PID:5024
- C:\Windows\System\nMMwFhM.exe
  C:\Windows\System\nMMwFhM.exe
  2⤵
  PID:5044
- C:\Windows\System\iVGmOHN.exe
  C:\Windows\System\iVGmOHN.exe
  2⤵
  PID:5064
- C:\Windows\System\CHpARey.exe
  C:\Windows\System\CHpARey.exe
  2⤵
  PID:5084
- C:\Windows\System\AvDieez.exe
  C:\Windows\System\AvDieez.exe
  2⤵
  PID:5104
- C:\Windows\System\JZxcRqI.exe
  C:\Windows\System\JZxcRqI.exe
  2⤵
  PID:3408
- C:\Windows\System\weyiMJp.exe
  C:\Windows\System\weyiMJp.exe
  2⤵
  PID:3476
- C:\Windows\System\poOTNiH.exe
  C:\Windows\System\poOTNiH.exe
  2⤵
  PID:3628
- C:\Windows\System\BYyhKOE.exe
  C:\Windows\System\BYyhKOE.exe
  2⤵
  PID:3800
- C:\Windows\System\USvkBAs.exe
  C:\Windows\System\USvkBAs.exe
  2⤵
  PID:3804
- C:\Windows\System\fwJNqhF.exe
  C:\Windows\System\fwJNqhF.exe
  2⤵
  PID:3948
- C:\Windows\System\AwrDaWm.exe
  C:\Windows\System\AwrDaWm.exe
  2⤵
  PID:4000
- C:\Windows\System\CYhpCSQ.exe
  C:\Windows\System\CYhpCSQ.exe
  2⤵
  PID:4080
- C:\Windows\System\VBcpvbt.exe
  C:\Windows\System\VBcpvbt.exe
  2⤵
  PID:2120
- C:\Windows\System\bKHjXzk.exe
  C:\Windows\System\bKHjXzk.exe
  2⤵
  PID:2096
- C:\Windows\System\VuBfJUi.exe
  C:\Windows\System\VuBfJUi.exe
  2⤵
  PID:3088
- C:\Windows\System\QEwSOJc.exe
  C:\Windows\System\QEwSOJc.exe
  2⤵
  PID:3340
- C:\Windows\System\aiutvfQ.exe
  C:\Windows\System\aiutvfQ.exe
  2⤵
  PID:4116
- C:\Windows\System\DmRZANc.exe
  C:\Windows\System\DmRZANc.exe
  2⤵
  PID:4148
- C:\Windows\System\AkSaTqk.exe
  C:\Windows\System\AkSaTqk.exe
  2⤵
  PID:4192
- C:\Windows\System\OQRUACc.exe
  C:\Windows\System\OQRUACc.exe
  2⤵
  PID:4208
- C:\Windows\System\iHEuCpz.exe
  C:\Windows\System\iHEuCpz.exe
  2⤵
  PID:4248
- C:\Windows\System\DxuYdaX.exe
  C:\Windows\System\DxuYdaX.exe
  2⤵
  PID:4284
- C:\Windows\System\hxQtxci.exe
  C:\Windows\System\hxQtxci.exe
  2⤵
  PID:4328
- C:\Windows\System\MQDtZFb.exe
  C:\Windows\System\MQDtZFb.exe
  2⤵
  PID:4336
- C:\Windows\System\ipkqojC.exe
  C:\Windows\System\ipkqojC.exe
  2⤵
  PID:4400
- C:\Windows\System\UxnUzJZ.exe
  C:\Windows\System\UxnUzJZ.exe
  2⤵
  PID:4444
- C:\Windows\System\urXOxzG.exe
  C:\Windows\System\urXOxzG.exe
  2⤵
  PID:4460
- C:\Windows\System\tPocemq.exe
  C:\Windows\System\tPocemq.exe
  2⤵
  PID:4532
- C:\Windows\System\ytNBTIZ.exe
  C:\Windows\System\ytNBTIZ.exe
  2⤵
  PID:4564
- C:\Windows\System\wIqkRtB.exe
  C:\Windows\System\wIqkRtB.exe
  2⤵
  PID:4584
- C:\Windows\System\gvUALkX.exe
  C:\Windows\System\gvUALkX.exe
  2⤵
  PID:4608
- C:\Windows\System\sDhGmhZ.exe
  C:\Windows\System\sDhGmhZ.exe
  2⤵
  PID:4652
- C:\Windows\System\MTFMCFQ.exe
  C:\Windows\System\MTFMCFQ.exe
  2⤵
  PID:4684
- C:\Windows\System\zqaPXuK.exe
  C:\Windows\System\zqaPXuK.exe
  2⤵
  PID:4708
- C:\Windows\System\TYIiDFu.exe
  C:\Windows\System\TYIiDFu.exe
  2⤵
  PID:4752
- C:\Windows\System\bsRuTmN.exe
  C:\Windows\System\bsRuTmN.exe
  2⤵
  PID:4788
- C:\Windows\System\ISJtYbT.exe
  C:\Windows\System\ISJtYbT.exe
  2⤵
  PID:4812
- C:\Windows\System\wznXoII.exe
  C:\Windows\System\wznXoII.exe
  2⤵
  PID:4860
- C:\Windows\System\hsePvmK.exe
  C:\Windows\System\hsePvmK.exe
  2⤵
  PID:4900
- C:\Windows\System\FzIQRxb.exe
  C:\Windows\System\FzIQRxb.exe
  2⤵
  PID:4916
- C:\Windows\System\RxOORDv.exe
  C:\Windows\System\RxOORDv.exe
  2⤵
  PID:4972
- C:\Windows\System\TYpPyLg.exe
  C:\Windows\System\TYpPyLg.exe
  2⤵
  PID:4992
- C:\Windows\System\xfvYeyQ.exe
  C:\Windows\System\xfvYeyQ.exe
  2⤵
  PID:5016
- C:\Windows\System\iUNMMdY.exe
  C:\Windows\System\iUNMMdY.exe
  2⤵
  PID:5060
- C:\Windows\System\ZBHqoLi.exe
  C:\Windows\System\ZBHqoLi.exe
  2⤵
  PID:5076
- C:\Windows\System\XGpeOTM.exe
  C:\Windows\System\XGpeOTM.exe
  2⤵
  PID:3456
- C:\Windows\System\QWNvOYv.exe
  C:\Windows\System\QWNvOYv.exe
  2⤵
  PID:3608
- C:\Windows\System\swPXqiz.exe
  C:\Windows\System\swPXqiz.exe
  2⤵
  PID:3748
- C:\Windows\System\UBvakUZ.exe
  C:\Windows\System\UBvakUZ.exe
  2⤵
  PID:3848
- C:\Windows\System\rjnjYeY.exe
  C:\Windows\System\rjnjYeY.exe
  2⤵
  PID:2748
- C:\Windows\System\JWrQzzG.exe
  C:\Windows\System\JWrQzzG.exe
  2⤵
  PID:1580
- C:\Windows\System\ivQKJmj.exe
  C:\Windows\System\ivQKJmj.exe
  2⤵
  PID:3264
- C:\Windows\System\ABAmfpG.exe
  C:\Windows\System\ABAmfpG.exe
  2⤵
  PID:4100
- C:\Windows\System\LwlvqVE.exe
  C:\Windows\System\LwlvqVE.exe
  2⤵
  PID:4184
- C:\Windows\System\pOtRoOq.exe
  C:\Windows\System\pOtRoOq.exe
  2⤵
  PID:4212
- C:\Windows\System\DGdRdfH.exe
  C:\Windows\System\DGdRdfH.exe
  2⤵
  PID:4308
- C:\Windows\System\WAhMpyu.exe
  C:\Windows\System\WAhMpyu.exe
  2⤵
  PID:4316
- C:\Windows\System\eGJLXSD.exe
  C:\Windows\System\eGJLXSD.exe
  2⤵
  PID:4424
- C:\Windows\System\LdCOkLG.exe
  C:\Windows\System\LdCOkLG.exe
  2⤵
  PID:4464
- C:\Windows\System\erkfXSz.exe
  C:\Windows\System\erkfXSz.exe
  2⤵
  PID:4508
- C:\Windows\System\csYUgYe.exe
  C:\Windows\System\csYUgYe.exe
  2⤵
  PID:4528
- C:\Windows\System\GmlewBC.exe
  C:\Windows\System\GmlewBC.exe
  2⤵
  PID:4644
- C:\Windows\System\xtHgJTr.exe
  C:\Windows\System\xtHgJTr.exe
  2⤵
  PID:4712
- C:\Windows\System\sBpDtdh.exe
  C:\Windows\System\sBpDtdh.exe
  2⤵
  PID:4728
- C:\Windows\System\mSmPBCk.exe
  C:\Windows\System\mSmPBCk.exe
  2⤵
  PID:4816
- C:\Windows\System\ZkrzEEW.exe
  C:\Windows\System\ZkrzEEW.exe
  2⤵
  PID:4896
- C:\Windows\System\cLEWFlI.exe
  C:\Windows\System\cLEWFlI.exe
  2⤵
  PID:4912
- C:\Windows\System\AUvWwdg.exe
  C:\Windows\System\AUvWwdg.exe
  2⤵
  PID:4936
- C:\Windows\System\RNUzRJG.exe
  C:\Windows\System\RNUzRJG.exe
  2⤵
  PID:5052
- C:\Windows\System\cuRSMDN.exe
  C:\Windows\System\cuRSMDN.exe
  2⤵
  PID:5080
- C:\Windows\System\JvYkFrj.exe
  C:\Windows\System\JvYkFrj.exe
  2⤵
  PID:3516
- C:\Windows\System\DyhQKex.exe
  C:\Windows\System\DyhQKex.exe
  2⤵
  PID:3868
- C:\Windows\System\GTfORaU.exe
  C:\Windows\System\GTfORaU.exe
  2⤵
  PID:3988
- C:\Windows\System\gTKTHIu.exe
  C:\Windows\System\gTKTHIu.exe
  2⤵
  PID:3216
- C:\Windows\System\PBGcoXQ.exe
  C:\Windows\System\PBGcoXQ.exe
  2⤵
  PID:4120
- C:\Windows\System\IHsJRkQ.exe
  C:\Windows\System\IHsJRkQ.exe
  2⤵
  PID:4252
- C:\Windows\System\hZxNCbO.exe
  C:\Windows\System\hZxNCbO.exe
  2⤵
  PID:5132
- C:\Windows\System\VwNznMu.exe
  C:\Windows\System\VwNznMu.exe
  2⤵
  PID:5152
- C:\Windows\System\HbUNhzr.exe
  C:\Windows\System\HbUNhzr.exe
  2⤵
  PID:5172
- C:\Windows\System\AXgzCwL.exe
  C:\Windows\System\AXgzCwL.exe
  2⤵
  PID:5192
- C:\Windows\System\qyVfcMu.exe
  C:\Windows\System\qyVfcMu.exe
  2⤵
  PID:5212
- C:\Windows\System\kqYHEqA.exe
  C:\Windows\System\kqYHEqA.exe
  2⤵
  PID:5232
- C:\Windows\System\ATkrJKB.exe
  C:\Windows\System\ATkrJKB.exe
  2⤵
  PID:5252
- C:\Windows\System\zgsjAbd.exe
  C:\Windows\System\zgsjAbd.exe
  2⤵
  PID:5272
- C:\Windows\System\HXSmUOk.exe
  C:\Windows\System\HXSmUOk.exe
  2⤵
  PID:5292
- C:\Windows\System\AafCdhF.exe
  C:\Windows\System\AafCdhF.exe
  2⤵
  PID:5316
- C:\Windows\System\DRRqGEx.exe
  C:\Windows\System\DRRqGEx.exe
  2⤵
  PID:5336
- C:\Windows\System\CGbsyzv.exe
  C:\Windows\System\CGbsyzv.exe
  2⤵
  PID:5356
- C:\Windows\System\YUOdFFD.exe
  C:\Windows\System\YUOdFFD.exe
  2⤵
  PID:5376
- C:\Windows\System\vdfAYUi.exe
  C:\Windows\System\vdfAYUi.exe
  2⤵
  PID:5396
- C:\Windows\System\rwGXvDU.exe
  C:\Windows\System\rwGXvDU.exe
  2⤵
  PID:5416
- C:\Windows\System\UgFDFtZ.exe
  C:\Windows\System\UgFDFtZ.exe
  2⤵
  PID:5436
- C:\Windows\System\apEReqo.exe
  C:\Windows\System\apEReqo.exe
  2⤵
  PID:5456
- C:\Windows\System\kdzrfbL.exe
  C:\Windows\System\kdzrfbL.exe
  2⤵
  PID:5476
- C:\Windows\System\AmezWDT.exe
  C:\Windows\System\AmezWDT.exe
  2⤵
  PID:5496
- C:\Windows\System\LVJlyBg.exe
  C:\Windows\System\LVJlyBg.exe
  2⤵
  PID:5516
- C:\Windows\System\enFGCIf.exe
  C:\Windows\System\enFGCIf.exe
  2⤵
  PID:5536
- C:\Windows\System\ahaEioD.exe
  C:\Windows\System\ahaEioD.exe
  2⤵
  PID:5556
- C:\Windows\System\nnbsxBs.exe
  C:\Windows\System\nnbsxBs.exe
  2⤵
  PID:5576
- C:\Windows\System\cxZKPXP.exe
  C:\Windows\System\cxZKPXP.exe
  2⤵
  PID:5596
- C:\Windows\System\QBWLdmp.exe
  C:\Windows\System\QBWLdmp.exe
  2⤵
  PID:5616
- C:\Windows\System\vtLBTKv.exe
  C:\Windows\System\vtLBTKv.exe
  2⤵
  PID:5636
- C:\Windows\System\pjHkgal.exe
  C:\Windows\System\pjHkgal.exe
  2⤵
  PID:5656
- C:\Windows\System\BeApQPi.exe
  C:\Windows\System\BeApQPi.exe
  2⤵
  PID:5676
- C:\Windows\System\kHrcLSv.exe
  C:\Windows\System\kHrcLSv.exe
  2⤵
  PID:5696
- C:\Windows\System\OcCDPsr.exe
  C:\Windows\System\OcCDPsr.exe
  2⤵
  PID:5716
- C:\Windows\System\eadUpeo.exe
  C:\Windows\System\eadUpeo.exe
  2⤵
  PID:5736
- C:\Windows\System\DNOWXyn.exe
  C:\Windows\System\DNOWXyn.exe
  2⤵
  PID:5756
- C:\Windows\System\XOhQKBV.exe
  C:\Windows\System\XOhQKBV.exe
  2⤵
  PID:5776
- C:\Windows\System\XojisVs.exe
  C:\Windows\System\XojisVs.exe
  2⤵
  PID:5796
- C:\Windows\System\wAFrCtt.exe
  C:\Windows\System\wAFrCtt.exe
  2⤵
  PID:5816
- C:\Windows\System\hLGHoop.exe
  C:\Windows\System\hLGHoop.exe
  2⤵
  PID:5836
- C:\Windows\System\bzUmdoG.exe
  C:\Windows\System\bzUmdoG.exe
  2⤵
  PID:5856
- C:\Windows\System\DiVlCno.exe
  C:\Windows\System\DiVlCno.exe
  2⤵
  PID:5876
- C:\Windows\System\GotGrgY.exe
  C:\Windows\System\GotGrgY.exe
  2⤵
  PID:5896
- C:\Windows\System\lbPfbIZ.exe
  C:\Windows\System\lbPfbIZ.exe
  2⤵
  PID:5916
- C:\Windows\System\eAAquOn.exe
  C:\Windows\System\eAAquOn.exe
  2⤵
  PID:5936
- C:\Windows\System\XoPIXfN.exe
  C:\Windows\System\XoPIXfN.exe
  2⤵
  PID:5956
- C:\Windows\System\KGYGCBE.exe
  C:\Windows\System\KGYGCBE.exe
  2⤵
  PID:5976
- C:\Windows\System\EheqdQY.exe
  C:\Windows\System\EheqdQY.exe
  2⤵
  PID:5996
- C:\Windows\System\BrGXcdM.exe
  C:\Windows\System\BrGXcdM.exe
  2⤵
  PID:6016
- C:\Windows\System\LvOwzHC.exe
  C:\Windows\System\LvOwzHC.exe
  2⤵
  PID:6036
- C:\Windows\System\LUDOtyQ.exe
  C:\Windows\System\LUDOtyQ.exe
  2⤵
  PID:6060
- C:\Windows\System\QazQXLN.exe
  C:\Windows\System\QazQXLN.exe
  2⤵
  PID:6080
- C:\Windows\System\CxwxjZP.exe
  C:\Windows\System\CxwxjZP.exe
  2⤵
  PID:6100
- C:\Windows\System\TblRwJl.exe
  C:\Windows\System\TblRwJl.exe
  2⤵
  PID:6120
- C:\Windows\System\nxaBDsR.exe
  C:\Windows\System\nxaBDsR.exe
  2⤵
  PID:6140
- C:\Windows\System\EuwKKxE.exe
  C:\Windows\System\EuwKKxE.exe
  2⤵
  PID:4404
- C:\Windows\System\oTjkBMt.exe
  C:\Windows\System\oTjkBMt.exe
  2⤵
  PID:4476
- C:\Windows\System\UtegZyC.exe
  C:\Windows\System\UtegZyC.exe
  2⤵
  PID:4544
- C:\Windows\System\aCftiBX.exe
  C:\Windows\System\aCftiBX.exe
  2⤵
  PID:4664
- C:\Windows\System\zNDDWOP.exe
  C:\Windows\System\zNDDWOP.exe
  2⤵
  PID:4668
- C:\Windows\System\GywRAHU.exe
  C:\Windows\System\GywRAHU.exe
  2⤵
  PID:4852
- C:\Windows\System\buHCgna.exe
  C:\Windows\System\buHCgna.exe
  2⤵
  PID:4976
- C:\Windows\System\GJsfHMW.exe
  C:\Windows\System\GJsfHMW.exe
  2⤵
  PID:5036
- C:\Windows\System\lTGXUvS.exe
  C:\Windows\System\lTGXUvS.exe
  2⤵
  PID:3552
- C:\Windows\System\CJMRnHM.exe
  C:\Windows\System\CJMRnHM.exe
  2⤵
  PID:3940
- C:\Windows\System\lVJjMzT.exe
  C:\Windows\System\lVJjMzT.exe
  2⤵
  PID:2924
- C:\Windows\System\bumCrGI.exe
  C:\Windows\System\bumCrGI.exe
  2⤵
  PID:4172
- C:\Windows\System\kmuTfZW.exe
  C:\Windows\System\kmuTfZW.exe
  2⤵
  PID:5140
- C:\Windows\System\mYEXrvz.exe
  C:\Windows\System\mYEXrvz.exe
  2⤵
  PID:5180
- C:\Windows\System\SmujLjD.exe
  C:\Windows\System\SmujLjD.exe
  2⤵
  PID:5220
- C:\Windows\System\SSJuYWz.exe
  C:\Windows\System\SSJuYWz.exe
  2⤵
  PID:5240
- C:\Windows\System\llZvJDZ.exe
  C:\Windows\System\llZvJDZ.exe
  2⤵
  PID:5264
- C:\Windows\System\hVwudTe.exe
  C:\Windows\System\hVwudTe.exe
  2⤵
  PID:5284
- C:\Windows\System\ZbZVWzM.exe
  C:\Windows\System\ZbZVWzM.exe
  2⤵
  PID:5332
- C:\Windows\System\HxxJkpr.exe
  C:\Windows\System\HxxJkpr.exe
  2⤵
  PID:5372
- C:\Windows\System\nsjIsKT.exe
  C:\Windows\System\nsjIsKT.exe
  2⤵
  PID:5424
- C:\Windows\System\tRkBVUB.exe
  C:\Windows\System\tRkBVUB.exe
  2⤵
  PID:5444
- C:\Windows\System\fcPJuCl.exe
  C:\Windows\System\fcPJuCl.exe
  2⤵
  PID:5468
- C:\Windows\System\kIfDSXP.exe
  C:\Windows\System\kIfDSXP.exe
  2⤵
  PID:5512
- C:\Windows\System\xWlOJKC.exe
  C:\Windows\System\xWlOJKC.exe
  2⤵
  PID:5532
- C:\Windows\System\wqjVesJ.exe
  C:\Windows\System\wqjVesJ.exe
  2⤵
  PID:5592
- C:\Windows\System\OkRmrkW.exe
  C:\Windows\System\OkRmrkW.exe
  2⤵
  PID:5624
- C:\Windows\System\idhSYUE.exe
  C:\Windows\System\idhSYUE.exe
  2⤵
  PID:5644
- C:\Windows\System\RERmVFx.exe
  C:\Windows\System\RERmVFx.exe
  2⤵
  PID:5668
- C:\Windows\System\WjgHDEn.exe
  C:\Windows\System\WjgHDEn.exe
  2⤵
  PID:5712
- C:\Windows\System\aeTjhgD.exe
  C:\Windows\System\aeTjhgD.exe
  2⤵
  PID:5728
- C:\Windows\System\RKPuYyo.exe
  C:\Windows\System\RKPuYyo.exe
  2⤵
  PID:5772
- C:\Windows\System\HJvUtFY.exe
  C:\Windows\System\HJvUtFY.exe
  2⤵
  PID:5812
- C:\Windows\System\MyAtymX.exe
  C:\Windows\System\MyAtymX.exe
  2⤵
  PID:5852
- C:\Windows\System\OFDkAGz.exe
  C:\Windows\System\OFDkAGz.exe
  2⤵
  PID:5904
- C:\Windows\System\hjazAvs.exe
  C:\Windows\System\hjazAvs.exe
  2⤵
  PID:5908
- C:\Windows\System\QqVgENb.exe
  C:\Windows\System\QqVgENb.exe
  2⤵
  PID:5928
- C:\Windows\System\dJyVmAD.exe
  C:\Windows\System\dJyVmAD.exe
  2⤵
  PID:5968
- C:\Windows\System\FvYZUxH.exe
  C:\Windows\System\FvYZUxH.exe
  2⤵
  PID:6032
- C:\Windows\System\OwKzbbN.exe
  C:\Windows\System\OwKzbbN.exe
  2⤵
  PID:6068
- C:\Windows\System\igtVeil.exe
  C:\Windows\System\igtVeil.exe
  2⤵
  PID:6088
- C:\Windows\System\eFvjrAB.exe
  C:\Windows\System\eFvjrAB.exe
  2⤵
  PID:6112
- C:\Windows\System\tqKZele.exe
  C:\Windows\System\tqKZele.exe
  2⤵
  PID:4356
- C:\Windows\System\KdxccED.exe
  C:\Windows\System\KdxccED.exe
  2⤵
  PID:4436
- C:\Windows\System\LGauKxw.exe
  C:\Windows\System\LGauKxw.exe
  2⤵
  PID:4604
- C:\Windows\System\qxRwiQo.exe
  C:\Windows\System\qxRwiQo.exe
  2⤵
  PID:4872
- C:\Windows\System\RFIrDqh.exe
  C:\Windows\System\RFIrDqh.exe
  2⤵
  PID:4956
- C:\Windows\System\REHFMGE.exe
  C:\Windows\System\REHFMGE.exe
  2⤵
  PID:5020
- C:\Windows\System\aDWCcfL.exe
  C:\Windows\System\aDWCcfL.exe
  2⤵
  PID:1020
- C:\Windows\System\hEhXOKI.exe
  C:\Windows\System\hEhXOKI.exe
  2⤵
  PID:4104
- C:\Windows\System\gPFWlcP.exe
  C:\Windows\System\gPFWlcP.exe
  2⤵
  PID:5200
- C:\Windows\System\rHmUdsr.exe
  C:\Windows\System\rHmUdsr.exe
  2⤵
  PID:5224
- C:\Windows\System\CHxMOsw.exe
  C:\Windows\System\CHxMOsw.exe
  2⤵
  PID:5288
- C:\Windows\System\ECKEQkg.exe
  C:\Windows\System\ECKEQkg.exe
  2⤵
  PID:5344
- C:\Windows\System\CkWhEvs.exe
  C:\Windows\System\CkWhEvs.exe
  2⤵
  PID:5404
- C:\Windows\System\cvZWUta.exe
  C:\Windows\System\cvZWUta.exe
  2⤵
  PID:5432
- C:\Windows\System\FyBmkUA.exe
  C:\Windows\System\FyBmkUA.exe
  2⤵
  PID:5524
- C:\Windows\System\iGLYIGD.exe
  C:\Windows\System\iGLYIGD.exe
  2⤵
  PID:5568
- C:\Windows\System\QftwSZQ.exe
  C:\Windows\System\QftwSZQ.exe
  2⤵
  PID:5608
- C:\Windows\System\yzcrwnK.exe
  C:\Windows\System\yzcrwnK.exe
  2⤵
  PID:5648
- C:\Windows\System\pIJOHbI.exe
  C:\Windows\System\pIJOHbI.exe
  2⤵
  PID:5732
- C:\Windows\System\dfVRYxE.exe
  C:\Windows\System\dfVRYxE.exe
  2⤵
  PID:5788
- C:\Windows\System\TQpNdOJ.exe
  C:\Windows\System\TQpNdOJ.exe
  2⤵
  PID:5868
- C:\Windows\System\nOzusJH.exe
  C:\Windows\System\nOzusJH.exe
  2⤵
  PID:5944
- C:\Windows\System\ZlVciAX.exe
  C:\Windows\System\ZlVciAX.exe
  2⤵
  PID:5964
- C:\Windows\System\hNvNaNF.exe
  C:\Windows\System\hNvNaNF.exe
  2⤵
  PID:6004
- C:\Windows\System\lUeQwIC.exe
  C:\Windows\System\lUeQwIC.exe
  2⤵
  PID:6076
- C:\Windows\System\CKiVQgw.exe
  C:\Windows\System\CKiVQgw.exe
  2⤵
  PID:6096
- C:\Windows\System\ESimFOD.exe
  C:\Windows\System\ESimFOD.exe
  2⤵
  PID:4612
- C:\Windows\System\TuGvOaG.exe
  C:\Windows\System\TuGvOaG.exe
  2⤵
  PID:4832
- C:\Windows\System\gKZIAih.exe
  C:\Windows\System\gKZIAih.exe
  2⤵
  PID:5000
- C:\Windows\System\flueMxR.exe
  C:\Windows\System\flueMxR.exe
  2⤵
  PID:4272
- C:\Windows\System\xGIlOPf.exe
  C:\Windows\System\xGIlOPf.exe
  2⤵
  PID:5144
- C:\Windows\System\WPUBglL.exe
  C:\Windows\System\WPUBglL.exe
  2⤵
  PID:5244
- C:\Windows\System\SIZnPWg.exe
  C:\Windows\System\SIZnPWg.exe
  2⤵
  PID:5312
- C:\Windows\System\vDceDoZ.exe
  C:\Windows\System\vDceDoZ.exe
  2⤵
  PID:5428
- C:\Windows\System\QIIhzzK.exe
  C:\Windows\System\QIIhzzK.exe
  2⤵
  PID:5564
- C:\Windows\System\jctZrrr.exe
  C:\Windows\System\jctZrrr.exe
  2⤵
  PID:5628
- C:\Windows\System\VbfNgNl.exe
  C:\Windows\System\VbfNgNl.exe
  2⤵
  PID:5692
- C:\Windows\System\GrUmxFX.exe
  C:\Windows\System\GrUmxFX.exe
  2⤵
  PID:6164
- C:\Windows\System\nhkNHGL.exe
  C:\Windows\System\nhkNHGL.exe
  2⤵
  PID:6184
- C:\Windows\System\qBHxcxM.exe
  C:\Windows\System\qBHxcxM.exe
  2⤵
  PID:6204
- C:\Windows\System\ibwVXZT.exe
  C:\Windows\System\ibwVXZT.exe
  2⤵
  PID:6224
- C:\Windows\System\tUfAchM.exe
  C:\Windows\System\tUfAchM.exe
  2⤵
  PID:6244
- C:\Windows\System\CQVCCuD.exe
  C:\Windows\System\CQVCCuD.exe
  2⤵
  PID:6264
- C:\Windows\System\fGxLwSB.exe
  C:\Windows\System\fGxLwSB.exe
  2⤵
  PID:6284
- C:\Windows\System\VvXZoJH.exe
  C:\Windows\System\VvXZoJH.exe
  2⤵
  PID:6304
- C:\Windows\System\TwbqcHZ.exe
  C:\Windows\System\TwbqcHZ.exe
  2⤵
  PID:6324
- C:\Windows\System\YxdczAo.exe
  C:\Windows\System\YxdczAo.exe
  2⤵
  PID:6344
- C:\Windows\System\jxTvcKB.exe
  C:\Windows\System\jxTvcKB.exe
  2⤵
  PID:6364
- C:\Windows\System\mhVQgTb.exe
  C:\Windows\System\mhVQgTb.exe
  2⤵
  PID:6384
- C:\Windows\System\hCIFLoe.exe
  C:\Windows\System\hCIFLoe.exe
  2⤵
  PID:6404
- C:\Windows\System\BhVTWIj.exe
  C:\Windows\System\BhVTWIj.exe
  2⤵
  PID:6424
- C:\Windows\System\HvyZQnp.exe
  C:\Windows\System\HvyZQnp.exe
  2⤵
  PID:6444
- C:\Windows\System\vWnQcbI.exe
  C:\Windows\System\vWnQcbI.exe
  2⤵
  PID:6464
- C:\Windows\System\npEIUhU.exe
  C:\Windows\System\npEIUhU.exe
  2⤵
  PID:6484
- C:\Windows\System\ovThikK.exe
  C:\Windows\System\ovThikK.exe
  2⤵
  PID:6504
- C:\Windows\System\sqqBvml.exe
  C:\Windows\System\sqqBvml.exe
  2⤵
  PID:6524
- C:\Windows\System\jjCrllX.exe
  C:\Windows\System\jjCrllX.exe
  2⤵
  PID:6544
- C:\Windows\System\vDgQYfm.exe
  C:\Windows\System\vDgQYfm.exe
  2⤵
  PID:6564
- C:\Windows\System\bfwjpNE.exe
  C:\Windows\System\bfwjpNE.exe
  2⤵
  PID:6588
- C:\Windows\System\rsnuZTQ.exe
  C:\Windows\System\rsnuZTQ.exe
  2⤵
  PID:6608
- C:\Windows\System\WNANFSJ.exe
  C:\Windows\System\WNANFSJ.exe
  2⤵
  PID:6628
- C:\Windows\System\kLCpZkP.exe
  C:\Windows\System\kLCpZkP.exe
  2⤵
  PID:6648
- C:\Windows\System\oohZvkb.exe
  C:\Windows\System\oohZvkb.exe
  2⤵
  PID:6668
- C:\Windows\System\CfSYHzQ.exe
  C:\Windows\System\CfSYHzQ.exe
  2⤵
  PID:6688
- C:\Windows\System\xHHShnU.exe
  C:\Windows\System\xHHShnU.exe
  2⤵
  PID:6708
- C:\Windows\System\dkiCnxv.exe
  C:\Windows\System\dkiCnxv.exe
  2⤵
  PID:6728
- C:\Windows\System\KGqbmqu.exe
  C:\Windows\System\KGqbmqu.exe
  2⤵
  PID:6748
- C:\Windows\System\dvGThaC.exe
  C:\Windows\System\dvGThaC.exe
  2⤵
  PID:6768
- C:\Windows\System\KzBtOAY.exe
  C:\Windows\System\KzBtOAY.exe
  2⤵
  PID:6788
- C:\Windows\System\zayLQEi.exe
  C:\Windows\System\zayLQEi.exe
  2⤵
  PID:6808
- C:\Windows\System\MmoZjKR.exe
  C:\Windows\System\MmoZjKR.exe
  2⤵
  PID:6828
- C:\Windows\System\CSZNFrx.exe
  C:\Windows\System\CSZNFrx.exe
  2⤵
  PID:6848
- C:\Windows\System\qObyoRK.exe
  C:\Windows\System\qObyoRK.exe
  2⤵
  PID:6868
- C:\Windows\System\CyXITZY.exe
  C:\Windows\System\CyXITZY.exe
  2⤵
  PID:6888
- C:\Windows\System\HbzSamV.exe
  C:\Windows\System\HbzSamV.exe
  2⤵
  PID:6908
- C:\Windows\System\vJVKlRp.exe
  C:\Windows\System\vJVKlRp.exe
  2⤵
  PID:6928
- C:\Windows\System\HMAcSRV.exe
  C:\Windows\System\HMAcSRV.exe
  2⤵
  PID:6948
- C:\Windows\System\THAJoxY.exe
  C:\Windows\System\THAJoxY.exe
  2⤵
  PID:6968
- C:\Windows\System\vheVFZZ.exe
  C:\Windows\System\vheVFZZ.exe
  2⤵
  PID:6988
- C:\Windows\System\jpEeMls.exe
  C:\Windows\System\jpEeMls.exe
  2⤵
  PID:7008
- C:\Windows\System\GBljHqS.exe
  C:\Windows\System\GBljHqS.exe
  2⤵
  PID:7028
- C:\Windows\System\fahtaqn.exe
  C:\Windows\System\fahtaqn.exe
  2⤵
  PID:7048
- C:\Windows\System\UjbZQFk.exe
  C:\Windows\System\UjbZQFk.exe
  2⤵
  PID:7068
- C:\Windows\System\pErQUpc.exe
  C:\Windows\System\pErQUpc.exe
  2⤵
  PID:7088
- C:\Windows\System\addnbuE.exe
  C:\Windows\System\addnbuE.exe
  2⤵
  PID:7108
- C:\Windows\System\nKqdnTB.exe
  C:\Windows\System\nKqdnTB.exe
  2⤵
  PID:7128
- C:\Windows\System\aroFlQt.exe
  C:\Windows\System\aroFlQt.exe
  2⤵
  PID:7148
- C:\Windows\System\MOgUDoV.exe
  C:\Windows\System\MOgUDoV.exe
  2⤵
  PID:5748
- C:\Windows\System\OKonqXu.exe
  C:\Windows\System\OKonqXu.exe
  2⤵
  PID:5784
- C:\Windows\System\AGIqSdC.exe
  C:\Windows\System\AGIqSdC.exe
  2⤵
  PID:5912
- C:\Windows\System\IPRhxbO.exe
  C:\Windows\System\IPRhxbO.exe
  2⤵
  PID:6072
- C:\Windows\System\hgWjygr.exe
  C:\Windows\System\hgWjygr.exe
  2⤵
  PID:4632
- C:\Windows\System\kqnLeem.exe
  C:\Windows\System\kqnLeem.exe
  2⤵
  PID:4792
- C:\Windows\System\dftkndc.exe
  C:\Windows\System\dftkndc.exe
  2⤵
  PID:5112
- C:\Windows\System\sDkZekr.exe
  C:\Windows\System\sDkZekr.exe
  2⤵
  PID:5204
- C:\Windows\System\HdHWvZb.exe
  C:\Windows\System\HdHWvZb.exe
  2⤵
  PID:5352
- C:\Windows\System\ZuDyImg.exe
  C:\Windows\System\ZuDyImg.exe
  2⤵
  PID:5552
- C:\Windows\System\VkviTHs.exe
  C:\Windows\System\VkviTHs.exe
  2⤵
  PID:5688
- C:\Windows\System\Njacjbf.exe
  C:\Windows\System\Njacjbf.exe
  2⤵
  PID:6156
- C:\Windows\System\gqvGdUf.exe
  C:\Windows\System\gqvGdUf.exe
  2⤵
  PID:6200
- C:\Windows\System\vhAomcB.exe
  C:\Windows\System\vhAomcB.exe
  2⤵
  PID:6232
- C:\Windows\System\mSEZBZT.exe
  C:\Windows\System\mSEZBZT.exe
  2⤵
  PID:6256
- C:\Windows\System\ZDFEAdM.exe
  C:\Windows\System\ZDFEAdM.exe
  2⤵
  PID:6300
- C:\Windows\System\eptGqcb.exe
  C:\Windows\System\eptGqcb.exe
  2⤵
  PID:6340
- C:\Windows\System\YhERzSN.exe
  C:\Windows\System\YhERzSN.exe
  2⤵
  PID:6360
- C:\Windows\System\hHIZsAB.exe
  C:\Windows\System\hHIZsAB.exe
  2⤵
  PID:6400
- C:\Windows\System\QEjFLZZ.exe
  C:\Windows\System\QEjFLZZ.exe
  2⤵
  PID:6432
- C:\Windows\System\yIjEyby.exe
  C:\Windows\System\yIjEyby.exe
  2⤵
  PID:6460
- C:\Windows\System\KVzmbqq.exe
  C:\Windows\System\KVzmbqq.exe
  2⤵
  PID:6500
- C:\Windows\System\tnVZprT.exe
  C:\Windows\System\tnVZprT.exe
  2⤵
  PID:6516
- C:\Windows\System\wlaIHja.exe
  C:\Windows\System\wlaIHja.exe
  2⤵
  PID:6572
- C:\Windows\System\lYgFjCT.exe
  C:\Windows\System\lYgFjCT.exe
  2⤵
  PID:6616
- C:\Windows\System\ioGNVKz.exe
  C:\Windows\System\ioGNVKz.exe
  2⤵
  PID:6636
- C:\Windows\System\hnWGiXJ.exe
  C:\Windows\System\hnWGiXJ.exe
  2⤵
  PID:6640
- C:\Windows\System\faRdfJL.exe
  C:\Windows\System\faRdfJL.exe
  2⤵
  PID:6676
- C:\Windows\System\hxJuvRz.exe
  C:\Windows\System\hxJuvRz.exe
  2⤵
  PID:6740
- C:\Windows\System\bHaeQIk.exe
  C:\Windows\System\bHaeQIk.exe
  2⤵
  PID:6764
- C:\Windows\System\pJQdDNA.exe
  C:\Windows\System\pJQdDNA.exe
  2⤵
  PID:6816
- C:\Windows\System\RcoirxZ.exe
  C:\Windows\System\RcoirxZ.exe
  2⤵
  PID:6836
- C:\Windows\System\qeICJwN.exe
  C:\Windows\System\qeICJwN.exe
  2⤵
  PID:6840
- C:\Windows\System\EoHusjv.exe
  C:\Windows\System\EoHusjv.exe
  2⤵
  PID:6900
- C:\Windows\System\iSSqltF.exe
  C:\Windows\System\iSSqltF.exe
  2⤵
  PID:6916
- C:\Windows\System\IoLQbMf.exe
  C:\Windows\System\IoLQbMf.exe
  2⤵
  PID:6976
- C:\Windows\System\BplqKCa.exe
  C:\Windows\System\BplqKCa.exe
  2⤵
  PID:7000
- C:\Windows\System\qELnKeJ.exe
  C:\Windows\System\qELnKeJ.exe
  2⤵
  PID:7044
- C:\Windows\System\WUILyRq.exe
  C:\Windows\System\WUILyRq.exe
  2⤵
  PID:7096
- C:\Windows\System\mupniHW.exe
  C:\Windows\System\mupniHW.exe
  2⤵
  PID:7080
- C:\Windows\System\VFKOkcR.exe
  C:\Windows\System\VFKOkcR.exe
  2⤵
  PID:7120
- C:\Windows\System\mxZrugK.exe
  C:\Windows\System\mxZrugK.exe
  2⤵
  PID:5764
- C:\Windows\System\vHGBkvd.exe
  C:\Windows\System\vHGBkvd.exe
  2⤵
  PID:6048
- C:\Windows\System\LvphGKS.exe
  C:\Windows\System\LvphGKS.exe
  2⤵
  PID:6136
- C:\Windows\System\JutaLtw.exe
  C:\Windows\System\JutaLtw.exe
  2⤵
  PID:6092
- C:\Windows\System\KpFJuhg.exe
  C:\Windows\System\KpFJuhg.exe
  2⤵
  PID:5164
- C:\Windows\System\eanvIxf.exe
  C:\Windows\System\eanvIxf.exe
  2⤵
  PID:5488
- C:\Windows\System\qzQmxtC.exe
  C:\Windows\System\qzQmxtC.exe
  2⤵
  PID:6160
- C:\Windows\System\lwpBEBz.exe
  C:\Windows\System\lwpBEBz.exe
  2⤵
  PID:6220
- C:\Windows\System\VfSZZOB.exe
  C:\Windows\System\VfSZZOB.exe
  2⤵
  PID:6280
- C:\Windows\System\nQgNRRz.exe
  C:\Windows\System\nQgNRRz.exe
  2⤵
  PID:6336
- C:\Windows\System\NnBFGCr.exe
  C:\Windows\System\NnBFGCr.exe
  2⤵
  PID:6320
- C:\Windows\System\izuvUHB.exe
  C:\Windows\System\izuvUHB.exe
  2⤵
  PID:6376
- C:\Windows\System\rMFAlxP.exe
  C:\Windows\System\rMFAlxP.exe
  2⤵
  PID:6480
- C:\Windows\System\SgZbGxJ.exe
  C:\Windows\System\SgZbGxJ.exe
  2⤵
  PID:6536
- C:\Windows\System\ZXwvRuN.exe
  C:\Windows\System\ZXwvRuN.exe
  2⤵
  PID:6620
- C:\Windows\System\BIsJVOq.exe
  C:\Windows\System\BIsJVOq.exe
  2⤵
  PID:6596
- C:\Windows\System\ZqbpOsk.exe
  C:\Windows\System\ZqbpOsk.exe
  2⤵
  PID:6724
- C:\Windows\System\zxtVCTR.exe
  C:\Windows\System\zxtVCTR.exe
  2⤵
  PID:6756
- C:\Windows\System\SiQtWdz.exe
  C:\Windows\System\SiQtWdz.exe
  2⤵
  PID:6784
- C:\Windows\System\lLcSeSn.exe
  C:\Windows\System\lLcSeSn.exe
  2⤵
  PID:6896
- C:\Windows\System\vCIOdpA.exe
  C:\Windows\System\vCIOdpA.exe
  2⤵
  PID:6964
- C:\Windows\System\rLiDFQX.exe
  C:\Windows\System\rLiDFQX.exe
  2⤵
  PID:7024
- C:\Windows\System\bmMtbRE.exe
  C:\Windows\System\bmMtbRE.exe
  2⤵
  PID:7020
- C:\Windows\System\yMrgJRE.exe
  C:\Windows\System\yMrgJRE.exe
  2⤵
  PID:7040
- C:\Windows\System\HGPgbJW.exe
  C:\Windows\System\HGPgbJW.exe
  2⤵
  PID:7124
- C:\Windows\System\FVWohVu.exe
  C:\Windows\System\FVWohVu.exe
  2⤵
  PID:7160
- C:\Windows\System\CdEWxTN.exe
  C:\Windows\System\CdEWxTN.exe
  2⤵
  PID:6024
- C:\Windows\System\TUjrprY.exe
  C:\Windows\System\TUjrprY.exe
  2⤵
  PID:5724
- C:\Windows\System\HChYAxh.exe
  C:\Windows\System\HChYAxh.exe
  2⤵
  PID:6236
- C:\Windows\System\jQGJurC.exe
  C:\Windows\System\jQGJurC.exe
  2⤵
  PID:6176
- C:\Windows\System\lGJxgxD.exe
  C:\Windows\System\lGJxgxD.exe
  2⤵
  PID:6352
- C:\Windows\System\UTucmQB.exe
  C:\Windows\System\UTucmQB.exe
  2⤵
  PID:6476
- C:\Windows\System\YNuAdKv.exe
  C:\Windows\System\YNuAdKv.exe
  2⤵
  PID:6452
- C:\Windows\System\uFtkrZZ.exe
  C:\Windows\System\uFtkrZZ.exe
  2⤵
  PID:6664
- C:\Windows\System\WyzBnSC.exe
  C:\Windows\System\WyzBnSC.exe
  2⤵
  PID:6744
- C:\Windows\System\LXezCED.exe
  C:\Windows\System\LXezCED.exe
  2⤵
  PID:6800
- C:\Windows\System\skUUMCO.exe
  C:\Windows\System\skUUMCO.exe
  2⤵
  PID:7184
- C:\Windows\System\PjpHsUm.exe
  C:\Windows\System\PjpHsUm.exe
  2⤵
  PID:7200
- C:\Windows\System\EbcNfcd.exe
  C:\Windows\System\EbcNfcd.exe
  2⤵
  PID:7224
- C:\Windows\System\scPomyo.exe
  C:\Windows\System\scPomyo.exe
  2⤵
  PID:7244
- C:\Windows\System\nqOABzs.exe
  C:\Windows\System\nqOABzs.exe
  2⤵
  PID:7264
- C:\Windows\System\ompqpsR.exe
  C:\Windows\System\ompqpsR.exe
  2⤵
  PID:7284
- C:\Windows\System\ckxReek.exe
  C:\Windows\System\ckxReek.exe
  2⤵
  PID:7304
- C:\Windows\System\iRnNylp.exe
  C:\Windows\System\iRnNylp.exe
  2⤵
  PID:7324
- C:\Windows\System\yfGFyFj.exe
  C:\Windows\System\yfGFyFj.exe
  2⤵
  PID:7344
- C:\Windows\System\VMQLVvU.exe
  C:\Windows\System\VMQLVvU.exe
  2⤵
  PID:7360
- C:\Windows\System\VTZYbWo.exe
  C:\Windows\System\VTZYbWo.exe
  2⤵
  PID:7384
- C:\Windows\System\tggkuQW.exe
  C:\Windows\System\tggkuQW.exe
  2⤵
  PID:7400
- C:\Windows\System\DNJoQSO.exe
  C:\Windows\System\DNJoQSO.exe
  2⤵
  PID:7424
- C:\Windows\System\hwQQSLi.exe
  C:\Windows\System\hwQQSLi.exe
  2⤵
  PID:7444
- C:\Windows\System\UjkzVwA.exe
  C:\Windows\System\UjkzVwA.exe
  2⤵
  PID:7464
- C:\Windows\System\EBHKwYh.exe
  C:\Windows\System\EBHKwYh.exe
  2⤵
  PID:7484
- C:\Windows\System\ipZWxnB.exe
  C:\Windows\System\ipZWxnB.exe
  2⤵
  PID:7504
- C:\Windows\System\woNBMon.exe
  C:\Windows\System\woNBMon.exe
  2⤵
  PID:7524
- C:\Windows\System\TKTedNT.exe
  C:\Windows\System\TKTedNT.exe
  2⤵
  PID:7544
- C:\Windows\System\fuiZggS.exe
  C:\Windows\System\fuiZggS.exe
  2⤵
  PID:7564
- C:\Windows\System\SzFTOxW.exe
  C:\Windows\System\SzFTOxW.exe
  2⤵
  PID:7584
- C:\Windows\System\ZiTQiJa.exe
  C:\Windows\System\ZiTQiJa.exe
  2⤵
  PID:7604
- C:\Windows\System\ndRFCko.exe
  C:\Windows\System\ndRFCko.exe
  2⤵
  PID:7624
- C:\Windows\System\csxtKVS.exe
  C:\Windows\System\csxtKVS.exe
  2⤵
  PID:7644
- C:\Windows\System\ESrONEK.exe
  C:\Windows\System\ESrONEK.exe
  2⤵
  PID:7668
- C:\Windows\System\ZrUvayI.exe
  C:\Windows\System\ZrUvayI.exe
  2⤵
  PID:7688
- C:\Windows\System\BWEhYWD.exe
  C:\Windows\System\BWEhYWD.exe
  2⤵
  PID:7708
- C:\Windows\System\bTBcVEw.exe
  C:\Windows\System\bTBcVEw.exe
  2⤵
  PID:7728
- C:\Windows\System\fSOKlGH.exe
  C:\Windows\System\fSOKlGH.exe
  2⤵
  PID:7748
- C:\Windows\System\zOCKFUQ.exe
  C:\Windows\System\zOCKFUQ.exe
  2⤵
  PID:7768
- C:\Windows\System\TFkoPYw.exe
  C:\Windows\System\TFkoPYw.exe
  2⤵
  PID:7788
- C:\Windows\System\VIOsfzZ.exe
  C:\Windows\System\VIOsfzZ.exe
  2⤵
  PID:7804
- C:\Windows\System\kExaLYX.exe
  C:\Windows\System\kExaLYX.exe
  2⤵
  PID:7828
- C:\Windows\System\dcyPuiE.exe
  C:\Windows\System\dcyPuiE.exe
  2⤵
  PID:7852
- C:\Windows\System\eGlndRH.exe
  C:\Windows\System\eGlndRH.exe
  2⤵
  PID:7868
- C:\Windows\System\LSRRLKa.exe
  C:\Windows\System\LSRRLKa.exe
  2⤵
  PID:7892
- C:\Windows\System\IaCstgT.exe
  C:\Windows\System\IaCstgT.exe
  2⤵
  PID:7912
- C:\Windows\System\XnFflPf.exe
  C:\Windows\System\XnFflPf.exe
  2⤵
  PID:7932
- C:\Windows\System\fkOSnIH.exe
  C:\Windows\System\fkOSnIH.exe
  2⤵
  PID:7952
- C:\Windows\System\SmFTqNI.exe
  C:\Windows\System\SmFTqNI.exe
  2⤵
  PID:7972
- C:\Windows\System\SFGtdPa.exe
  C:\Windows\System\SFGtdPa.exe
  2⤵
  PID:7992
- C:\Windows\System\mIjRHqm.exe
  C:\Windows\System\mIjRHqm.exe
  2⤵
  PID:8008
- C:\Windows\System\IbvQMHc.exe
  C:\Windows\System\IbvQMHc.exe
  2⤵
  PID:8032
- C:\Windows\System\jrAFClK.exe
  C:\Windows\System\jrAFClK.exe
  2⤵
  PID:8048
- C:\Windows\System\dYrOtlV.exe
  C:\Windows\System\dYrOtlV.exe
  2⤵
  PID:8072
- C:\Windows\System\yEMNCWd.exe
  C:\Windows\System\yEMNCWd.exe
  2⤵
  PID:8092
- C:\Windows\System\eJpDwbr.exe
  C:\Windows\System\eJpDwbr.exe
  2⤵
  PID:8112
- C:\Windows\System\qoaMTjH.exe
  C:\Windows\System\qoaMTjH.exe
  2⤵
  PID:8132
- C:\Windows\System\nDjuItK.exe
  C:\Windows\System\nDjuItK.exe
  2⤵
  PID:8152
- C:\Windows\System\UPYdGZA.exe
  C:\Windows\System\UPYdGZA.exe
  2⤵
  PID:8172
- C:\Windows\System\KMBRbRt.exe
  C:\Windows\System\KMBRbRt.exe
  2⤵
  PID:6860
- C:\Windows\System\TOTBEYY.exe
  C:\Windows\System\TOTBEYY.exe
  2⤵
  PID:6960
- C:\Windows\System\GLcBCcd.exe
  C:\Windows\System\GLcBCcd.exe
  2⤵
  PID:7004
- C:\Windows\System\JJDjgWQ.exe
  C:\Windows\System\JJDjgWQ.exe
  2⤵
  PID:7104
- C:\Windows\System\HSaUyMv.exe
  C:\Windows\System\HSaUyMv.exe
  2⤵
  PID:5832
- C:\Windows\System\uieJuSJ.exe
  C:\Windows\System\uieJuSJ.exe
  2⤵
  PID:4880
- C:\Windows\System\UnGVCGZ.exe
  C:\Windows\System\UnGVCGZ.exe
  2⤵
  PID:6316
- C:\Windows\System\uqomKUI.exe
  C:\Windows\System\uqomKUI.exe
  2⤵
  PID:6392
- C:\Windows\System\CnUNReq.exe
  C:\Windows\System\CnUNReq.exe
  2⤵
  PID:6552
- C:\Windows\System\jNRHhVV.exe
  C:\Windows\System\jNRHhVV.exe
  2⤵
  PID:6644
- C:\Windows\System\HLspoln.exe
  C:\Windows\System\HLspoln.exe
  2⤵
  PID:7180
- C:\Windows\System\JmGjUtD.exe
  C:\Windows\System\JmGjUtD.exe
  2⤵
  PID:7220
- C:\Windows\System\xKgbBja.exe
  C:\Windows\System\xKgbBja.exe
  2⤵
  PID:7252
- C:\Windows\System\iKYauBm.exe
  C:\Windows\System\iKYauBm.exe
  2⤵
  PID:7256
- C:\Windows\System\YyAtLKN.exe
  C:\Windows\System\YyAtLKN.exe
  2⤵
  PID:7276
- C:\Windows\System\YOpAJcd.exe
  C:\Windows\System\YOpAJcd.exe
  2⤵
  PID:7320
- C:\Windows\System\fpclBfm.exe
  C:\Windows\System\fpclBfm.exe
  2⤵
  PID:7376
- C:\Windows\System\ZQIwFRm.exe
  C:\Windows\System\ZQIwFRm.exe
  2⤵
  PID:7392
- C:\Windows\System\aEudCBu.exe
  C:\Windows\System\aEudCBu.exe
  2⤵
  PID:7432
- C:\Windows\System\NldhDva.exe
  C:\Windows\System\NldhDva.exe
  2⤵
  PID:7456
- C:\Windows\System\KdiGhiV.exe
  C:\Windows\System\KdiGhiV.exe
  2⤵
  PID:7500
- C:\Windows\System\KrUACXN.exe
  C:\Windows\System\KrUACXN.exe
  2⤵
  PID:7532
- C:\Windows\System\Umlgabh.exe
  C:\Windows\System\Umlgabh.exe
  2⤵
  PID:7592
- C:\Windows\System\pvlAYIc.exe
  C:\Windows\System\pvlAYIc.exe
  2⤵
  PID:7616
- C:\Windows\System\CgynkFp.exe
  C:\Windows\System\CgynkFp.exe
  2⤵
  PID:7660
- C:\Windows\System\fDbBqwv.exe
  C:\Windows\System\fDbBqwv.exe
  2⤵
  PID:7680
- C:\Windows\System\dJSHhGx.exe
  C:\Windows\System\dJSHhGx.exe
  2⤵
  PID:7720
- C:\Windows\System\LVOzipJ.exe
  C:\Windows\System\LVOzipJ.exe
  2⤵
  PID:7764
- C:\Windows\System\EJDEXCH.exe
  C:\Windows\System\EJDEXCH.exe
  2⤵
  PID:7796
- C:\Windows\System\vXZhNjG.exe
  C:\Windows\System\vXZhNjG.exe
  2⤵
  PID:7820
- C:\Windows\System\rmsKKFL.exe
  C:\Windows\System\rmsKKFL.exe
  2⤵
  PID:7844
- C:\Windows\System\EJEEYYW.exe
  C:\Windows\System\EJEEYYW.exe
  2⤵
  PID:7880
- C:\Windows\System\GfTtvBI.exe
  C:\Windows\System\GfTtvBI.exe
  2⤵
  PID:7928
- C:\Windows\System\DurgXOF.exe
  C:\Windows\System\DurgXOF.exe
  2⤵
  PID:7960
- C:\Windows\System\pcNkHEF.exe
  C:\Windows\System\pcNkHEF.exe
  2⤵
  PID:8016
- C:\Windows\System\uDBoMDU.exe
  C:\Windows\System\uDBoMDU.exe
  2⤵
  PID:8020
- C:\Windows\System\uLfnFbC.exe
  C:\Windows\System\uLfnFbC.exe
  2⤵
  PID:8040
- C:\Windows\System\LiPLxcf.exe
  C:\Windows\System\LiPLxcf.exe
  2⤵
  PID:8100
- C:\Windows\System\gEWCkIh.exe
  C:\Windows\System\gEWCkIh.exe
  2⤵
  PID:8120
- C:\Windows\System\MIBnMjN.exe
  C:\Windows\System\MIBnMjN.exe
  2⤵
  PID:8148
- C:\Windows\System\sczZclR.exe
  C:\Windows\System\sczZclR.exe
  2⤵
  PID:8188
- C:\Windows\System\odncXGE.exe
  C:\Windows\System\odncXGE.exe
  2⤵
  PID:6940
- C:\Windows\System\lxUpUYF.exe
  C:\Windows\System\lxUpUYF.exe
  2⤵
  PID:7136
- C:\Windows\System\NFlnCDV.exe
  C:\Windows\System\NFlnCDV.exe
  2⤵
  PID:6192
- C:\Windows\System\VCzRIzH.exe
  C:\Windows\System\VCzRIzH.exe
  2⤵
  PID:6216
- C:\Windows\System\jIExKqS.exe
  C:\Windows\System\jIExKqS.exe
  2⤵
  PID:6492
- C:\Windows\System\gmsDUZH.exe
  C:\Windows\System\gmsDUZH.exe
  2⤵
  PID:6556
- C:\Windows\System\QpeKDEx.exe
  C:\Windows\System\QpeKDEx.exe
  2⤵
  PID:2560
- C:\Windows\System\JTUntoD.exe
  C:\Windows\System\JTUntoD.exe
  2⤵
  PID:7272
- C:\Windows\System\PYkfEAT.exe
  C:\Windows\System\PYkfEAT.exe
  2⤵
  PID:7336
- C:\Windows\System\XrpdjBd.exe
  C:\Windows\System\XrpdjBd.exe
  2⤵
  PID:7368
- C:\Windows\System\yzRiMWR.exe
  C:\Windows\System\yzRiMWR.exe
  2⤵
  PID:7420
- C:\Windows\System\HATIYMh.exe
  C:\Windows\System\HATIYMh.exe
  2⤵
  PID:7496
- C:\Windows\System\SsBCSff.exe
  C:\Windows\System\SsBCSff.exe
  2⤵
  PID:7476
- C:\Windows\System\bRvPhgc.exe
  C:\Windows\System\bRvPhgc.exe
  2⤵
  PID:7652
- C:\Windows\System\LaCJHiL.exe
  C:\Windows\System\LaCJHiL.exe
  2⤵
  PID:7640
- C:\Windows\System\gUhZBAv.exe
  C:\Windows\System\gUhZBAv.exe
  2⤵
  PID:7684
- C:\Windows\System\TGnWkys.exe
  C:\Windows\System\TGnWkys.exe
  2⤵
  PID:7780
- C:\Windows\System\hgoXVjG.exe
  C:\Windows\System\hgoXVjG.exe
  2⤵
  PID:7848
- C:\Windows\System\LrsvnIq.exe
  C:\Windows\System\LrsvnIq.exe
  2⤵
  PID:7884
- C:\Windows\System\thyBGDk.exe
  C:\Windows\System\thyBGDk.exe
  2⤵
  PID:7984
- C:\Windows\System\zIpVSgy.exe
  C:\Windows\System\zIpVSgy.exe
  2⤵
  PID:8028
- C:\Windows\System\NhhvzTB.exe
  C:\Windows\System\NhhvzTB.exe
  2⤵
  PID:8068
- C:\Windows\System\SlgyxDB.exe
  C:\Windows\System\SlgyxDB.exe
  2⤵
  PID:8084
- C:\Windows\System\dwNDFlr.exe
  C:\Windows\System\dwNDFlr.exe
  2⤵
  PID:8124
- C:\Windows\System\CUmPsWd.exe
  C:\Windows\System\CUmPsWd.exe
  2⤵
  PID:6884
- C:\Windows\System\svfKcmv.exe
  C:\Windows\System\svfKcmv.exe
  2⤵
  PID:7100
- C:\Windows\System\gqwYshL.exe
  C:\Windows\System\gqwYshL.exe
  2⤵
  PID:6680
- C:\Windows\System\zMIncUO.exe
  C:\Windows\System\zMIncUO.exe
  2⤵
  PID:6704
- C:\Windows\System\WKXfCZh.exe
  C:\Windows\System\WKXfCZh.exe
  2⤵
  PID:7176
- C:\Windows\System\ofibBBe.exe
  C:\Windows\System\ofibBBe.exe
  2⤵
  PID:7340
- C:\Windows\System\WikZedt.exe
  C:\Windows\System\WikZedt.exe
  2⤵
  PID:7332
- C:\Windows\System\gGhXFLG.exe
  C:\Windows\System\gGhXFLG.exe
  2⤵
  PID:7396
- C:\Windows\System\pgfvVrO.exe
  C:\Windows\System\pgfvVrO.exe
  2⤵
  PID:7520
- C:\Windows\System\bXqWdJF.exe
  C:\Windows\System\bXqWdJF.exe
  2⤵
  PID:7596
- C:\Windows\System\zAXXaPu.exe
  C:\Windows\System\zAXXaPu.exe
  2⤵
  PID:7740
- C:\Windows\System\jhJuLJo.exe
  C:\Windows\System\jhJuLJo.exe
  2⤵
  PID:7756
- C:\Windows\System\RCzAkeB.exe
  C:\Windows\System\RCzAkeB.exe
  2⤵
  PID:7908
- C:\Windows\System\KgLMXYC.exe
  C:\Windows\System\KgLMXYC.exe
  2⤵
  PID:7988
- C:\Windows\System\KkyBtTk.exe
  C:\Windows\System\KkyBtTk.exe
  2⤵
  PID:8180
- C:\Windows\System\LBZspTW.exe
  C:\Windows\System\LBZspTW.exe
  2⤵
  PID:8080
- C:\Windows\System\JhdQSHa.exe
  C:\Windows\System\JhdQSHa.exe
  2⤵
  PID:8212
- C:\Windows\System\aUTWGqv.exe
  C:\Windows\System\aUTWGqv.exe
  2⤵
  PID:8232
- C:\Windows\System\FEZxpwR.exe
  C:\Windows\System\FEZxpwR.exe
  2⤵
  PID:8252
- C:\Windows\System\sxqMNvL.exe
  C:\Windows\System\sxqMNvL.exe
  2⤵
  PID:8272
- C:\Windows\System\fEDjDlU.exe
  C:\Windows\System\fEDjDlU.exe
  2⤵
  PID:8288
- C:\Windows\System\MQoBmKW.exe
  C:\Windows\System\MQoBmKW.exe
  2⤵
  PID:8312
- C:\Windows\System\uIvoFcd.exe
  C:\Windows\System\uIvoFcd.exe
  2⤵
  PID:8332
- C:\Windows\System\gbExxcq.exe
  C:\Windows\System\gbExxcq.exe
  2⤵
  PID:8352
- C:\Windows\System\VCLfqbh.exe
  C:\Windows\System\VCLfqbh.exe
  2⤵
  PID:8368
- C:\Windows\System\XKENRaU.exe
  C:\Windows\System\XKENRaU.exe
  2⤵
  PID:8388
- C:\Windows\System\ITrjjyZ.exe
  C:\Windows\System\ITrjjyZ.exe
  2⤵
  PID:8404
- C:\Windows\System\aeBVeBD.exe
  C:\Windows\System\aeBVeBD.exe
  2⤵
  PID:8424
- C:\Windows\System\SPKncFi.exe
  C:\Windows\System\SPKncFi.exe
  2⤵
  PID:8444
- C:\Windows\System\yTukjwz.exe
  C:\Windows\System\yTukjwz.exe
  2⤵
  PID:8464
- C:\Windows\System\MUweLvI.exe
  C:\Windows\System\MUweLvI.exe
  2⤵
  PID:8488
- C:\Windows\System\pilnnxp.exe
  C:\Windows\System\pilnnxp.exe
  2⤵
  PID:8512
- C:\Windows\System\WmEVPLd.exe
  C:\Windows\System\WmEVPLd.exe
  2⤵
  PID:8536
- C:\Windows\System\sXzvuiv.exe
  C:\Windows\System\sXzvuiv.exe
  2⤵
  PID:8556
- C:\Windows\System\WDJhSoA.exe
  C:\Windows\System\WDJhSoA.exe
  2⤵
  PID:8576
- C:\Windows\System\LFxTRAi.exe
  C:\Windows\System\LFxTRAi.exe
  2⤵
  PID:8596
- C:\Windows\System\LlOVDjv.exe
  C:\Windows\System\LlOVDjv.exe
  2⤵
  PID:8620
- C:\Windows\System\MzgnTyt.exe
  C:\Windows\System\MzgnTyt.exe
  2⤵
  PID:8640
- C:\Windows\System\cUwukpD.exe
  C:\Windows\System\cUwukpD.exe
  2⤵
  PID:8660
- C:\Windows\System\UExRwUl.exe
  C:\Windows\System\UExRwUl.exe
  2⤵
  PID:8680
- C:\Windows\System\nshdRee.exe
  C:\Windows\System\nshdRee.exe
  2⤵
  PID:8700
- C:\Windows\System\LqvfAyh.exe
  C:\Windows\System\LqvfAyh.exe
  2⤵
  PID:8720
- C:\Windows\System\jpEtsgj.exe
  C:\Windows\System\jpEtsgj.exe
  2⤵
  PID:8740
- C:\Windows\System\WXlWTpQ.exe
  C:\Windows\System\WXlWTpQ.exe
  2⤵
  PID:8760
- C:\Windows\System\RGYtPZT.exe
  C:\Windows\System\RGYtPZT.exe
  2⤵
  PID:8780
- C:\Windows\System\QIYCSAo.exe
  C:\Windows\System\QIYCSAo.exe
  2⤵
  PID:8800
- C:\Windows\System\JPwQqeC.exe
  C:\Windows\System\JPwQqeC.exe
  2⤵
  PID:8820
- C:\Windows\System\GjAOujX.exe
  C:\Windows\System\GjAOujX.exe
  2⤵
  PID:8840
- C:\Windows\System\zyPOddC.exe
  C:\Windows\System\zyPOddC.exe
  2⤵
  PID:8860
- C:\Windows\System\AbxhAXy.exe
  C:\Windows\System\AbxhAXy.exe
  2⤵
  PID:8880
- C:\Windows\System\POtztgN.exe
  C:\Windows\System\POtztgN.exe
  2⤵
  PID:8900
- C:\Windows\System\ltEzWOU.exe
  C:\Windows\System\ltEzWOU.exe
  2⤵
  PID:8920
- C:\Windows\System\gonMNCi.exe
  C:\Windows\System\gonMNCi.exe
  2⤵
  PID:8940
- C:\Windows\System\Tuwadyr.exe
  C:\Windows\System\Tuwadyr.exe
  2⤵
  PID:8960
- C:\Windows\System\cawtpaL.exe
  C:\Windows\System\cawtpaL.exe
  2⤵
  PID:8980
- C:\Windows\System\IAgUlFG.exe
  C:\Windows\System\IAgUlFG.exe
  2⤵
  PID:9000
- C:\Windows\System\FKSATSD.exe
  C:\Windows\System\FKSATSD.exe
  2⤵
  PID:9020
- C:\Windows\System\xbrPFtj.exe
  C:\Windows\System\xbrPFtj.exe
  2⤵
  PID:9040
- C:\Windows\System\HXjxEzN.exe
  C:\Windows\System\HXjxEzN.exe
  2⤵
  PID:9060
- C:\Windows\System\HUmtKeY.exe
  C:\Windows\System\HUmtKeY.exe
  2⤵
  PID:9080
- C:\Windows\System\RxDAgoo.exe
  C:\Windows\System\RxDAgoo.exe
  2⤵
  PID:9096
- C:\Windows\System\CCPxHYa.exe
  C:\Windows\System\CCPxHYa.exe
  2⤵
  PID:9120
- C:\Windows\System\pBtCTxh.exe
  C:\Windows\System\pBtCTxh.exe
  2⤵
  PID:9140
- C:\Windows\System\gJqhvWQ.exe
  C:\Windows\System\gJqhvWQ.exe
  2⤵
  PID:9160
- C:\Windows\System\jDhCYdl.exe
  C:\Windows\System\jDhCYdl.exe
  2⤵
  PID:9180
- C:\Windows\System\wxgZxxS.exe
  C:\Windows\System\wxgZxxS.exe
  2⤵
  PID:9200
- C:\Windows\System\pGpxJHQ.exe
  C:\Windows\System\pGpxJHQ.exe
  2⤵
  PID:5072
- C:\Windows\System\FBRXCCD.exe
  C:\Windows\System\FBRXCCD.exe
  2⤵
  PID:3300
- C:\Windows\System\SJtoJJw.exe
  C:\Windows\System\SJtoJJw.exe
  2⤵
  PID:7232
- C:\Windows\System\TgTbhum.exe
  C:\Windows\System\TgTbhum.exe
  2⤵
  PID:7472
- C:\Windows\System\uRmvojm.exe
  C:\Windows\System\uRmvojm.exe
  2⤵
  PID:2440
- C:\Windows\System\GPLQkAY.exe
  C:\Windows\System\GPLQkAY.exe
  2⤵
  PID:7864
- C:\Windows\System\BSBRisM.exe
  C:\Windows\System\BSBRisM.exe
  2⤵
  PID:2420
- C:\Windows\System\EVzxJRs.exe
  C:\Windows\System\EVzxJRs.exe
  2⤵
  PID:8060
- C:\Windows\System\kFcUFvk.exe
  C:\Windows\System\kFcUFvk.exe
  2⤵
  PID:8044
- C:\Windows\System\PEBCNus.exe
  C:\Windows\System\PEBCNus.exe
  2⤵
  PID:7816
- C:\Windows\System\hhzGlTM.exe
  C:\Windows\System\hhzGlTM.exe
  2⤵
  PID:8260
- C:\Windows\System\CrmDnkI.exe
  C:\Windows\System\CrmDnkI.exe
  2⤵
  PID:8196
- C:\Windows\System\JsUFcDi.exe
  C:\Windows\System\JsUFcDi.exe
  2⤵
  PID:8300
- C:\Windows\System\UoFjcGu.exe
  C:\Windows\System\UoFjcGu.exe
  2⤵
  PID:8248
- C:\Windows\System\cBupvTY.exe
  C:\Windows\System\cBupvTY.exe
  2⤵
  PID:8340
- C:\Windows\System\bjKOYcR.exe
  C:\Windows\System\bjKOYcR.exe
  2⤵
  PID:8376
- C:\Windows\System\IIQNcjJ.exe
  C:\Windows\System\IIQNcjJ.exe
  2⤵
  PID:8416
- C:\Windows\System\gSDzhmr.exe
  C:\Windows\System\gSDzhmr.exe
  2⤵
  PID:8460
- C:\Windows\System\QHoFwET.exe
  C:\Windows\System\QHoFwET.exe
  2⤵
  PID:8476
- C:\Windows\System\rXeDbIz.exe
  C:\Windows\System\rXeDbIz.exe
  2⤵
  PID:8432
- C:\Windows\System\EfTYEZd.exe
  C:\Windows\System\EfTYEZd.exe
  2⤵
  PID:8500
- C:\Windows\System\HAYOsjn.exe
  C:\Windows\System\HAYOsjn.exe
  2⤵
  PID:8520
- C:\Windows\System\xiWmXjx.exe
  C:\Windows\System\xiWmXjx.exe
  2⤵
  PID:8584
- C:\Windows\System\yODTYiD.exe
  C:\Windows\System\yODTYiD.exe
  2⤵
  PID:8588
- C:\Windows\System\ncPRhIO.exe
  C:\Windows\System\ncPRhIO.exe
  2⤵
  PID:8608
- C:\Windows\System\bjkrOeV.exe
  C:\Windows\System\bjkrOeV.exe
  2⤵
  PID:2620
- C:\Windows\System\rOMoxJn.exe
  C:\Windows\System\rOMoxJn.exe
  2⤵
  PID:8672
- C:\Windows\System\dZcHyuh.exe
  C:\Windows\System\dZcHyuh.exe
  2⤵
  PID:8728
- C:\Windows\System\RZissry.exe
  C:\Windows\System\RZissry.exe
  2⤵
  PID:8756
- C:\Windows\System\RjRgxKO.exe
  C:\Windows\System\RjRgxKO.exe
  2⤵
  PID:1804
- C:\Windows\System\fOVGHdH.exe
  C:\Windows\System\fOVGHdH.exe
  2⤵
  PID:8772
- C:\Windows\System\ooaGQVe.exe
  C:\Windows\System\ooaGQVe.exe
  2⤵
  PID:8812
- C:\Windows\System\YrKYZea.exe
  C:\Windows\System\YrKYZea.exe
  2⤵
  PID:8856
- C:\Windows\System\qiCTCfE.exe
  C:\Windows\System\qiCTCfE.exe
  2⤵
  PID:8912
- C:\Windows\System\AabFvee.exe
  C:\Windows\System\AabFvee.exe
  2⤵
  PID:8932
- C:\Windows\System\CmShraw.exe
  C:\Windows\System\CmShraw.exe
  2⤵
  PID:8988
- C:\Windows\System\RuxwoyP.exe
  C:\Windows\System\RuxwoyP.exe
  2⤵
  PID:8992
- C:\Windows\System\ljAYxcy.exe
  C:\Windows\System\ljAYxcy.exe
  2⤵
  PID:9036
- C:\Windows\System\IibLQcJ.exe
  C:\Windows\System\IibLQcJ.exe
  2⤵
  PID:9012
- C:\Windows\System\uhcYgAW.exe
  C:\Windows\System\uhcYgAW.exe
  2⤵
  PID:9076
- C:\Windows\System\TFPlXjM.exe
  C:\Windows\System\TFPlXjM.exe
  2⤵
  PID:9072
- C:\Windows\System\uJLxStj.exe
  C:\Windows\System\uJLxStj.exe
  2⤵
  PID:9112
- C:\Windows\System\TSxIvwn.exe
  C:\Windows\System\TSxIvwn.exe
  2⤵
  PID:2416
- C:\Windows\System\ePiqARD.exe
  C:\Windows\System\ePiqARD.exe
  2⤵
  PID:9152
- C:\Windows\System\KAbyEDm.exe
  C:\Windows\System\KAbyEDm.exe
  2⤵
  PID:1832
- C:\Windows\System\PIjYzvn.exe
  C:\Windows\System\PIjYzvn.exe
  2⤵
  PID:9192
- C:\Windows\System\wNZeyEz.exe
  C:\Windows\System\wNZeyEz.exe
  2⤵
  PID:4288
- C:\Windows\System\FMWZLVr.exe
  C:\Windows\System\FMWZLVr.exe
  2⤵
  PID:3028
- C:\Windows\System\QNsoCtS.exe
  C:\Windows\System\QNsoCtS.exe
  2⤵
  PID:8168
- C:\Windows\System\TJkjVLd.exe
  C:\Windows\System\TJkjVLd.exe
  2⤵
  PID:1708
- C:\Windows\System\peCxLAp.exe
  C:\Windows\System\peCxLAp.exe
  2⤵
  PID:1640
- C:\Windows\System\aHorvPn.exe
  C:\Windows\System\aHorvPn.exe
  2⤵
  PID:1920
- C:\Windows\System\OVmgOXj.exe
  C:\Windows\System\OVmgOXj.exe
  2⤵
  PID:792
- C:\Windows\System\BSwTnjN.exe
  C:\Windows\System\BSwTnjN.exe
  2⤵
  PID:2780
- C:\Windows\System\zKhfKXI.exe
  C:\Windows\System\zKhfKXI.exe
  2⤵
  PID:7724
- C:\Windows\System\XXMZLvP.exe
  C:\Windows\System\XXMZLvP.exe
  2⤵
  PID:7744
- C:\Windows\System\OvRFWBN.exe
  C:\Windows\System\OvRFWBN.exe
  2⤵
  PID:2180
- C:\Windows\System\zoySGKN.exe
  C:\Windows\System\zoySGKN.exe
  2⤵
  PID:7876
- C:\Windows\System\cdGTlCi.exe
  C:\Windows\System\cdGTlCi.exe
  2⤵
  PID:8064
- C:\Windows\System\GQFIEKE.exe
  C:\Windows\System\GQFIEKE.exe
  2⤵
  PID:7556
- C:\Windows\System\QXQJECB.exe
  C:\Windows\System\QXQJECB.exe
  2⤵
  PID:8264
- C:\Windows\System\gNQWHWk.exe
  C:\Windows\System\gNQWHWk.exe
  2⤵
  PID:2968
- C:\Windows\System\ApTaozp.exe
  C:\Windows\System\ApTaozp.exe
  2⤵
  PID:3020
- C:\Windows\System\omWjAwU.exe
  C:\Windows\System\omWjAwU.exe
  2⤵
  PID:8144
- C:\Windows\System\EGBkOyK.exe
  C:\Windows\System\EGBkOyK.exe
  2⤵
  PID:8280
- C:\Windows\System\mDOgRKB.exe
  C:\Windows\System\mDOgRKB.exe
  2⤵
  PID:8412
- C:\Windows\System\DRxMrMc.exe
  C:\Windows\System\DRxMrMc.exe
  2⤵
  PID:8440
- C:\Windows\System\URPUihH.exe
  C:\Windows\System\URPUihH.exe
  2⤵
  PID:8508
- C:\Windows\System\jGlpIwf.exe
  C:\Windows\System\jGlpIwf.exe
  2⤵
  PID:8436
- C:\Windows\System\BnXdpaH.exe
  C:\Windows\System\BnXdpaH.exe
  2⤵
  PID:8548
- C:\Windows\System\MlbEoTl.exe
  C:\Windows\System\MlbEoTl.exe
  2⤵
  PID:8612
- C:\Windows\System\mhRQsBu.exe
  C:\Windows\System\mhRQsBu.exe
  2⤵
  PID:8636
- C:\Windows\System\rDBiYRn.exe
  C:\Windows\System\rDBiYRn.exe
  2⤵
  PID:8648
- C:\Windows\System\SoxXQVJ.exe
  C:\Windows\System\SoxXQVJ.exe
  2⤵
  PID:8716
- C:\Windows\System\KamjYgi.exe
  C:\Windows\System\KamjYgi.exe
  2⤵
  PID:600
- C:\Windows\System\edlwbKY.exe
  C:\Windows\System\edlwbKY.exe
  2⤵
  PID:8828
- C:\Windows\System\sJtvlHI.exe
  C:\Windows\System\sJtvlHI.exe
  2⤵
  PID:8792
- C:\Windows\System\FoeAyWi.exe
  C:\Windows\System\FoeAyWi.exe
  2⤵
  PID:8848
- C:\Windows\System\BtqIxZX.exe
  C:\Windows\System\BtqIxZX.exe
  2⤵
  PID:1552
- C:\Windows\System\oMeaZWl.exe
  C:\Windows\System\oMeaZWl.exe
  2⤵
  PID:8896
- C:\Windows\System\OrDTzMT.exe
  C:\Windows\System\OrDTzMT.exe
  2⤵
  PID:8852
- C:\Windows\System\KbnoSIV.exe
  C:\Windows\System\KbnoSIV.exe
  2⤵
  PID:8996
- C:\Windows\System\PMulPSB.exe
  C:\Windows\System\PMulPSB.exe
  2⤵
  PID:9032
- C:\Windows\System\tKMGVLT.exe
  C:\Windows\System\tKMGVLT.exe
  2⤵
  PID:9088
- C:\Windows\System\SwNeHdw.exe
  C:\Windows\System\SwNeHdw.exe
  2⤵
  PID:9136
- C:\Windows\System\KfxWSzj.exe
  C:\Windows\System\KfxWSzj.exe
  2⤵
  PID:8652
- C:\Windows\System\HpEaBmv.exe
  C:\Windows\System\HpEaBmv.exe
  2⤵
  PID:9208
- C:\Windows\System\iDFveOx.exe
  C:\Windows\System\iDFveOx.exe
  2⤵
  PID:9172
- C:\Windows\System\hewLPhC.exe
  C:\Windows\System\hewLPhC.exe
  2⤵
  PID:2672
- C:\Windows\System\blheSWR.exe
  C:\Windows\System\blheSWR.exe
  2⤵
  PID:9212
- C:\Windows\System\sOgpVsD.exe
  C:\Windows\System\sOgpVsD.exe
  2⤵
  PID:7676
- C:\Windows\System\GyKyVeQ.exe
  C:\Windows\System\GyKyVeQ.exe
  2⤵
  PID:7240
- C:\Windows\System\KcGQknI.exe
  C:\Windows\System\KcGQknI.exe
  2⤵
  PID:7560
- C:\Windows\System\yizJPnL.exe
  C:\Windows\System\yizJPnL.exe
  2⤵
  PID:1396
- C:\Windows\System\WbVVESj.exe
  C:\Windows\System\WbVVESj.exe
  2⤵
  PID:1776
- C:\Windows\System\oTHMhQH.exe
  C:\Windows\System\oTHMhQH.exe
  2⤵
  PID:8472
- C:\Windows\System\FkyfcbF.exe
  C:\Windows\System\FkyfcbF.exe
  2⤵
  PID:8204
- C:\Windows\System\wEjpjUL.exe
  C:\Windows\System\wEjpjUL.exe
  2⤵
  PID:8572
- C:\Windows\System\hOSttKF.exe
  C:\Windows\System\hOSttKF.exe
  2⤵
  PID:8360
- C:\Windows\System\WtAMcYT.exe
  C:\Windows\System\WtAMcYT.exe
  2⤵
  PID:8748
- C:\Windows\System\WdfFSQY.exe
  C:\Windows\System\WdfFSQY.exe
  2⤵
  PID:8832
- C:\Windows\System\inVaazO.exe
  C:\Windows\System\inVaazO.exe
  2⤵
  PID:8320
- C:\Windows\System\UdUikwW.exe
  C:\Windows\System\UdUikwW.exe
  2⤵
  PID:8888
- C:\Windows\System\iazMGeF.exe
  C:\Windows\System\iazMGeF.exe
  2⤵
  PID:8936
- C:\Windows\System\pwVSzsl.exe
  C:\Windows\System\pwVSzsl.exe
  2⤵
  PID:8956
- C:\Windows\System\MaFMtHL.exe
  C:\Windows\System\MaFMtHL.exe
  2⤵
  PID:7516
- C:\Windows\System\GopuyrH.exe
  C:\Windows\System\GopuyrH.exe
  2⤵
  PID:9188
- C:\Windows\System\KKtDMIA.exe
  C:\Windows\System\KKtDMIA.exe
  2⤵
  PID:2716
- C:\Windows\System\LvUCAle.exe
  C:\Windows\System\LvUCAle.exe
  2⤵
  PID:8708
- C:\Windows\System\Qkmhtry.exe
  C:\Windows\System\Qkmhtry.exe
  2⤵
  PID:2928
- C:\Windows\System\pjQbAaN.exe
  C:\Windows\System\pjQbAaN.exe
  2⤵
  PID:8524
- C:\Windows\System\ugWQSrA.exe
  C:\Windows\System\ugWQSrA.exe
  2⤵
  PID:8692
- C:\Windows\System\ilbbUfU.exe
  C:\Windows\System\ilbbUfU.exe
  2⤵
  PID:9016
- C:\Windows\System\WmIYUGg.exe
  C:\Windows\System\WmIYUGg.exe
  2⤵
  PID:9068
- C:\Windows\System\wyvBTKL.exe
  C:\Windows\System\wyvBTKL.exe
  2⤵
  PID:684
- C:\Windows\System\LsTAlRm.exe
  C:\Windows\System\LsTAlRm.exe
  2⤵
  PID:2764
- C:\Windows\System\ApbGigC.exe
  C:\Windows\System\ApbGigC.exe
  2⤵
  PID:1144
- C:\Windows\System\SWqJAEL.exe
  C:\Windows\System\SWqJAEL.exe
  2⤵
  PID:8308
- C:\Windows\System\fFnoOnK.exe
  C:\Windows\System\fFnoOnK.exe
  2⤵
  PID:7552
- C:\Windows\System\waevcqP.exe
  C:\Windows\System\waevcqP.exe
  2⤵
  PID:8776
- C:\Windows\System\zKjGVgc.exe
  C:\Windows\System\zKjGVgc.exe
  2⤵
  PID:9232
- C:\Windows\System\uLFYupf.exe
  C:\Windows\System\uLFYupf.exe
  2⤵
  PID:9248
- C:\Windows\System\HOahZjM.exe
  C:\Windows\System\HOahZjM.exe
  2⤵
  PID:9264
- C:\Windows\System\kNKJpnE.exe
  C:\Windows\System\kNKJpnE.exe
  2⤵
  PID:9280
- C:\Windows\System\sYUTrMJ.exe
  C:\Windows\System\sYUTrMJ.exe
  2⤵
  PID:9296
- C:\Windows\System\NfsWhfV.exe
  C:\Windows\System\NfsWhfV.exe
  2⤵
  PID:9316
- C:\Windows\System\XnVQuWo.exe
  C:\Windows\System\XnVQuWo.exe
  2⤵
  PID:9332
- C:\Windows\System\lkxlGbJ.exe
  C:\Windows\System\lkxlGbJ.exe
  2⤵
  PID:9348
- C:\Windows\System\nfFgccf.exe
  C:\Windows\System\nfFgccf.exe
  2⤵
  PID:9364
- C:\Windows\System\xpPrQkl.exe
  C:\Windows\System\xpPrQkl.exe
  2⤵
  PID:9380
- C:\Windows\System\tceLbXz.exe
  C:\Windows\System\tceLbXz.exe
  2⤵
  PID:9396
- C:\Windows\System\kyyhrKZ.exe
  C:\Windows\System\kyyhrKZ.exe
  2⤵
  PID:9412
- C:\Windows\System\pVKSMWz.exe
  C:\Windows\System\pVKSMWz.exe
  2⤵
  PID:9428
- C:\Windows\System\dhBAcnh.exe
  C:\Windows\System\dhBAcnh.exe
  2⤵
  PID:9444
- C:\Windows\System\KfYPyBv.exe
  C:\Windows\System\KfYPyBv.exe
  2⤵
  PID:9460
- C:\Windows\System\kYoNees.exe
  C:\Windows\System\kYoNees.exe
  2⤵
  PID:9480
- C:\Windows\System\ZtFVwRH.exe
  C:\Windows\System\ZtFVwRH.exe
  2⤵
  PID:9500
- C:\Windows\System\cMINsTY.exe
  C:\Windows\System\cMINsTY.exe
  2⤵
  PID:9516
- C:\Windows\System\QGqqqhT.exe
  C:\Windows\System\QGqqqhT.exe
  2⤵
  PID:9532
- C:\Windows\System\MUnNVqG.exe
  C:\Windows\System\MUnNVqG.exe
  2⤵
  PID:9548
- C:\Windows\System\gdPBlbW.exe
  C:\Windows\System\gdPBlbW.exe
  2⤵
  PID:9564
- C:\Windows\System\jbspCKp.exe
  C:\Windows\System\jbspCKp.exe
  2⤵
  PID:9580
- C:\Windows\System\sWaobBY.exe
  C:\Windows\System\sWaobBY.exe
  2⤵
  PID:9596
- C:\Windows\System\GGogRQG.exe
  C:\Windows\System\GGogRQG.exe
  2⤵
  PID:9612
- C:\Windows\System\yLCXbYO.exe
  C:\Windows\System\yLCXbYO.exe
  2⤵
  PID:9628
- C:\Windows\System\HkKagYQ.exe
  C:\Windows\System\HkKagYQ.exe
  2⤵
  PID:9644
- C:\Windows\System\dICFppf.exe
  C:\Windows\System\dICFppf.exe
  2⤵
  PID:9664
- C:\Windows\System\OZpizNY.exe
  C:\Windows\System\OZpizNY.exe
  2⤵
  PID:9680
- C:\Windows\System\YbkksOM.exe
  C:\Windows\System\YbkksOM.exe
  2⤵
  PID:9696
- C:\Windows\System\KAkGmyL.exe
  C:\Windows\System\KAkGmyL.exe
  2⤵
  PID:9712
- C:\Windows\System\JVevbyG.exe
  C:\Windows\System\JVevbyG.exe
  2⤵
  PID:9728
- C:\Windows\System\KvwzaaG.exe
  C:\Windows\System\KvwzaaG.exe
  2⤵
  PID:9744
- C:\Windows\System\hssLeEP.exe
  C:\Windows\System\hssLeEP.exe
  2⤵
  PID:9760
- C:\Windows\System\JTjfjQO.exe
  C:\Windows\System\JTjfjQO.exe
  2⤵
  PID:9776
- C:\Windows\System\dBxlkLi.exe
  C:\Windows\System\dBxlkLi.exe
  2⤵
  PID:9796
- C:\Windows\System\lwTPYPF.exe
  C:\Windows\System\lwTPYPF.exe
  2⤵
  PID:9812
- C:\Windows\System\QerEiPO.exe
  C:\Windows\System\QerEiPO.exe
  2⤵
  PID:10016
- C:\Windows\System\zbGcPzf.exe
  C:\Windows\System\zbGcPzf.exe
  2⤵
  PID:10032
- C:\Windows\System\RPdFBcg.exe
  C:\Windows\System\RPdFBcg.exe
  2⤵
  PID:10056
- C:\Windows\System\lAVJUvp.exe
  C:\Windows\System\lAVJUvp.exe
  2⤵
  PID:10084
- C:\Windows\System\dMSblaa.exe
  C:\Windows\System\dMSblaa.exe
  2⤵
  PID:10100
- C:\Windows\System\hGTscnE.exe
  C:\Windows\System\hGTscnE.exe
  2⤵
  PID:10116
- C:\Windows\System\LQOvHFc.exe
  C:\Windows\System\LQOvHFc.exe
  2⤵
  PID:10132
- C:\Windows\System\RoVQpst.exe
  C:\Windows\System\RoVQpst.exe
  2⤵
  PID:10160
- C:\Windows\System\IXWqWeQ.exe
  C:\Windows\System\IXWqWeQ.exe
  2⤵
  PID:10176
- C:\Windows\System\ACDjJfu.exe
  C:\Windows\System\ACDjJfu.exe
  2⤵
  PID:10192
- C:\Windows\System\TsWjJal.exe
  C:\Windows\System\TsWjJal.exe
  2⤵
  PID:10216
- C:\Windows\System\uOsfPox.exe
  C:\Windows\System\uOsfPox.exe
  2⤵
  PID:10232
- C:\Windows\System\PkHMnMx.exe
  C:\Windows\System\PkHMnMx.exe
  2⤵
  PID:9256
- C:\Windows\System\NMShxUI.exe
  C:\Windows\System\NMShxUI.exe
  2⤵
  PID:7980
- C:\Windows\System\SMFjkzb.exe
  C:\Windows\System\SMFjkzb.exe
  2⤵
  PID:9452
- C:\Windows\System\qQnCbhK.exe
  C:\Windows\System\qQnCbhK.exe
  2⤵
  PID:9488
- C:\Windows\System\JMDRLDx.exe
  C:\Windows\System\JMDRLDx.exe
  2⤵
  PID:9544
- C:\Windows\System\rtQVXuV.exe
  C:\Windows\System\rtQVXuV.exe
  2⤵
  PID:9588
- C:\Windows\System\AaRRfdM.exe
  C:\Windows\System\AaRRfdM.exe
  2⤵
  PID:9604
- C:\Windows\System\QKWiSxg.exe
  C:\Windows\System\QKWiSxg.exe
  2⤵
  PID:9656
- C:\Windows\System\vACDKfp.exe
  C:\Windows\System\vACDKfp.exe
  2⤵
  PID:9720
- C:\Windows\System\pDPysKk.exe
  C:\Windows\System\pDPysKk.exe
  2⤵
  PID:9784
- C:\Windows\System\XImZaxl.exe
  C:\Windows\System\XImZaxl.exe
  2⤵
  PID:9708
- C:\Windows\System\bFzDXud.exe
  C:\Windows\System\bFzDXud.exe
  2⤵
  PID:9772
- C:\Windows\System\zjNTUQx.exe
  C:\Windows\System\zjNTUQx.exe
  2⤵
  PID:9820
- C:\Windows\System\EAKKEqo.exe
  C:\Windows\System\EAKKEqo.exe
  2⤵
  PID:9836
- C:\Windows\System\VZJGTNX.exe
  C:\Windows\System\VZJGTNX.exe
  2⤵
  PID:9852
- C:\Windows\System\XTCUzQz.exe
  C:\Windows\System\XTCUzQz.exe
  2⤵
  PID:9880
- C:\Windows\System\LiBgwaz.exe
  C:\Windows\System\LiBgwaz.exe
  2⤵
  PID:9896
- C:\Windows\System\YbtfUOj.exe
  C:\Windows\System\YbtfUOj.exe
  2⤵
  PID:9912
- C:\Windows\System\nusTvMS.exe
  C:\Windows\System\nusTvMS.exe
  2⤵
  PID:9932
- C:\Windows\System\lXbaTWm.exe
  C:\Windows\System\lXbaTWm.exe
  2⤵
  PID:9968
- C:\Windows\System\keDgRvg.exe
  C:\Windows\System\keDgRvg.exe
  2⤵
  PID:9864
- C:\Windows\System\PweFrsJ.exe
  C:\Windows\System\PweFrsJ.exe
  2⤵
  PID:9964
- C:\Windows\System\QSjavAI.exe
  C:\Windows\System\QSjavAI.exe
  2⤵
  PID:9984
- C:\Windows\System\qojSOSK.exe
  C:\Windows\System\qojSOSK.exe
  2⤵
  PID:10000
- C:\Windows\System\cQEtSsY.exe
  C:\Windows\System\cQEtSsY.exe
  2⤵
  PID:9944
- C:\Windows\System\kXHGMRX.exe
  C:\Windows\System\kXHGMRX.exe
  2⤵
  PID:10068
- C:\Windows\System\TNONdTa.exe
  C:\Windows\System\TNONdTa.exe
  2⤵
  PID:10040
- C:\Windows\System\yDVIsCi.exe
  C:\Windows\System\yDVIsCi.exe
  2⤵
  PID:10096
- C:\Windows\System\XycGJIX.exe
  C:\Windows\System\XycGJIX.exe
  2⤵
  PID:10112
- C:\Windows\System\BQEzTpC.exe
  C:\Windows\System\BQEzTpC.exe
  2⤵
  PID:10156
- C:\Windows\System\SqNElsq.exe
  C:\Windows\System\SqNElsq.exe
  2⤵
  PID:10200
- C:\Windows\System\awpGSaV.exe
  C:\Windows\System\awpGSaV.exe
  2⤵
  PID:10188
- C:\Windows\System\uXwloQK.exe
  C:\Windows\System\uXwloQK.exe
  2⤵
  PID:10204
- C:\Windows\System\EYrcQGA.exe
  C:\Windows\System\EYrcQGA.exe
  2⤵
  PID:9228
- C:\Windows\System\mrTVTTB.exe
  C:\Windows\System\mrTVTTB.exe
  2⤵
  PID:9328
- C:\Windows\System\QPhQTNl.exe
  C:\Windows\System\QPhQTNl.exe
  2⤵
  PID:2240
- C:\Windows\System\wDyCvTH.exe
  C:\Windows\System\wDyCvTH.exe
  2⤵
  PID:9312
- C:\Windows\System\qjIhRlM.exe
  C:\Windows\System\qjIhRlM.exe
  2⤵
  PID:9420
- C:\Windows\System\HueMfIW.exe
  C:\Windows\System\HueMfIW.exe
  2⤵
  PID:9404
- C:\Windows\System\VDolXWm.exe
  C:\Windows\System\VDolXWm.exe
  2⤵
  PID:9340
- C:\Windows\System\wipzkJo.exe
  C:\Windows\System\wipzkJo.exe
  2⤵
  PID:9356
- C:\Windows\System\rVigaGl.exe
  C:\Windows\System\rVigaGl.exe
  2⤵
  PID:9508
- C:\Windows\System\lpTMBvc.exe
  C:\Windows\System\lpTMBvc.exe
  2⤵
  PID:9620
- C:\Windows\System\ZMrvWxK.exe
  C:\Windows\System\ZMrvWxK.exe
  2⤵
  PID:9692
- C:\Windows\System\YJVMnry.exe
  C:\Windows\System\YJVMnry.exe
  2⤵
  PID:9556
- C:\Windows\System\ujdwxuH.exe
  C:\Windows\System\ujdwxuH.exe
  2⤵
  PID:9752
- C:\Windows\System\JVYBKdf.exe
  C:\Windows\System\JVYBKdf.exe
  2⤵
  PID:9848
- C:\Windows\System\vZMtkPM.exe
  C:\Windows\System\vZMtkPM.exe
  2⤵
  PID:9920
- C:\Windows\System\NKrTGJR.exe
  C:\Windows\System\NKrTGJR.exe
  2⤵
  PID:9976
- C:\Windows\System\mpwtxsN.exe
  C:\Windows\System\mpwtxsN.exe
  2⤵
  PID:9768
- C:\Windows\System\YysfRqK.exe
  C:\Windows\System\YysfRqK.exe
  2⤵
  PID:10108
- C:\Windows\System\ziwyATM.exe
  C:\Windows\System\ziwyATM.exe
  2⤵
  PID:8604
- C:\Windows\System\TxiLvfX.exe
  C:\Windows\System\TxiLvfX.exe
  2⤵
  PID:9904
- C:\Windows\System\guSLVcO.exe
  C:\Windows\System\guSLVcO.exe
  2⤵
  PID:9388
- C:\Windows\System\KAEystf.exe
  C:\Windows\System\KAEystf.exe
  2⤵
  PID:9756
- C:\Windows\System\fUlWeKK.exe
  C:\Windows\System\fUlWeKK.exe
  2⤵
  PID:9372
- C:\Windows\System\nlxNNXZ.exe
  C:\Windows\System\nlxNNXZ.exe
  2⤵
  PID:9540
- C:\Windows\System\BInIbFm.exe
  C:\Windows\System\BInIbFm.exe
  2⤵
  PID:9844
- C:\Windows\System\VMMZrxH.exe
  C:\Windows\System\VMMZrxH.exe
  2⤵
  PID:9792
- C:\Windows\System\DjuWzDg.exe
  C:\Windows\System\DjuWzDg.exe
  2⤵
  PID:10128
- C:\Windows\System\KDAdhYA.exe
  C:\Windows\System\KDAdhYA.exe
  2⤵
  PID:9740
- C:\Windows\System\ffwUiGB.exe
  C:\Windows\System\ffwUiGB.exe
  2⤵
  PID:10152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\HMsmDfH.exe

Filesize
6.0MB

MD5
cb27ecbe2fb08fca9e8b95ea83c0df98

SHA1
570d9e90f56f4cb4d2fcf0127356296960170855

SHA256
dfed4fc3f4387320ed232b9a2138bfdbe7d34b09b24a606dade48c8277ce4133

SHA512
853c046d0b5b9452bcb0c3b2957de9a32e47ec5107b18a8afcdb7d8024a9ab803688dcf7dcc36fd0be75d4d2215b97f8dd5c731cc7a19ccf0439c9112d836b58

Download Submit
C:\Windows\system\REamNiV.exe

Filesize
6.0MB

MD5
a9ff2eca101066db42f38343030626f2

SHA1
e7083317740ed7b2b0e6757cde2b9daf89df1564

SHA256
1e84e4cfe2f005dbbd3b2069fbab35f118c7d4f28154555336d5c4c197bc5fb1

SHA512
9e1b9c1e5a303be84691a54df747a2fd35b9d29626dd1a971676f0fe325d340072ad3e5d4da107d00228c6c995cc8536a5096bac0c5b942ae39665838371b63a

Download Submit
C:\Windows\system\TfSfscn.exe

Filesize
6.0MB

MD5
05fb7ed64dae4c2e9a13d9e559dfa835

SHA1
0e885a22712393cf33a377eeee6042bf685be8c3

SHA256
dd2d3599497041dbaf329d3b0329a0964f817422129d81f75157246c87f03271

SHA512
14aa3a9dc2f243ce227a708b35f422548dcff01f6438304a8851f54676c576ec2a471432192d3e32b1a079b16dadeb0ac4fafef9b535b59b5eda48b235a01321

Download Submit
C:\Windows\system\XRdhIGq.exe

Filesize
6.0MB

MD5
956a5577a673efb164c56147991f0be9

SHA1
395a2bac65a29d0b26954b7caa97c3dcae7a978c

SHA256
2e563789282cbdb7e299ff5f2eae500d41a2f5942740ea5dadb623ea094a2f0e

SHA512
d93ffaf065ea9e408a27da05000dd1a8eba83acdb5cbee1c27eed764d08eb9d1e343fe2eae1ecd63aa10fd9517e82946b307f9a3ad619bb6d126b43c9a336cee

Download Submit
C:\Windows\system\XfdfqWG.exe

Filesize
6.0MB

MD5
4d83f0f42f950be948c2ee226d32a222

SHA1
3d926c7271bdb5af88b65079d7f5ac818b7b3874

SHA256
e866c9f1bf0ac119cbb428169e7559672b1960a1d14a72841bbd9717cd48865b

SHA512
eeda29fad82263ced0a48ea8fd49ef14a3d749aa6b47784d4d7473e4342cb4b544b5bf90eba8eb528aceca46f44c09428409cb0995b912320b47bfe7996451df

Download Submit
C:\Windows\system\YXrBcpu.exe

Filesize
6.0MB

MD5
fabe9f77801e7278a3f7b88424112982

SHA1
0b591feb8d4de4f1340c89e9e0443b2e8ed136b3

SHA256
57cf7f3e9d14358d28e542a2dcb6f91a2ad1c3388d2ba21ecced73c288b611e1

SHA512
e725fea25ad2eba82d1afecf889174916a535ae611eaa7141604feb72bc078a5aa5e40923ea1a98551c859ede4f15e22189d60f1d1e74e9c98a6680ad55d44b9

Download Submit
C:\Windows\system\ZdAtKjk.exe

Filesize
6.0MB

MD5
9a7cbc6f7569a1c288613683ee7b4e42

SHA1
aac0bc0c54c3da51af1e8087c53e9fc015cb241c

SHA256
1dde14e3f385f4e55af43ebb2374cff5efeca75a73e431df70a5f863fb964f1d

SHA512
fc08c649aa58a33a2b0c162aaa190f87e2c1eec3c9f7d1b3730833932632f64411d568a2cddafc69b358b8e415c95d013a4667b66518f3da1ed08ad245e6c8ad

Download Submit
C:\Windows\system\aXJdXqR.exe

Filesize
6.0MB

MD5
14c8ac41bdb2bd61d92151440e7a2d94

SHA1
3031a1e46e3a66e44599e3fa2e5af436a098b695

SHA256
96eedc8c32dcbab653c82174f6867d90ae4bf3e696a9a7f144ee35317ecb9a56

SHA512
727758c269dbb622d2770ec7a9026b045ef1cc6aa946b9b2a15953e85bddc1d075e5aa567bf5a8db92378074881d4330ce74db7a6d1e4612235c5c4924a5485a

Download Submit
C:\Windows\system\bhXAprq.exe

Filesize
6.0MB

MD5
ded229723d98a174ecd68781def85657

SHA1
961cf3557a9b8a8a9c5e4a55c7c980cca589074c

SHA256
7be65d36cd55c6e4ad17f558c2ec23e988c8ee4fa60432bce24dfc809c0f6d79

SHA512
228f743619e05e43f9ee907b3517b21ab84f07a846c56fffac91b3305efac371ccc75e2dfe8b1283ab53198d1ed8b33a670074d560beee89064ed3befd1b1d62

Download Submit
C:\Windows\system\cRqKZhp.exe

Filesize
6.0MB

MD5
45c01adde36dd1796a115b39b0f695c3

SHA1
2d80255581104368f2475912f2f36bc506abd832

SHA256
0384e7c2d3b916a94c455a9e99ba1673a684e0f42c7dea034cc1bfe76109d99d

SHA512
672d7e74404fd0e3422dcbd9f60cd5041c46465acec8c2b848bbb5efb9ecf30dfa5dd1c3b56e9bc7d7f28f7e82e1149c263f169700c091c27e03be2f920001ce

Download Submit
C:\Windows\system\edVaEqE.exe

Filesize
6.0MB

MD5
1c8ac9f940532dfaaa03ba8f827a1138

SHA1
628e3037657c7e020cb30d3acb7fdbba48b44331

SHA256
7496d307055a6ad641f43467dd178a96d77e90d2d066a37e1cae2dcf89dc3edf

SHA512
d4359326b05775ce1f62e6443dfa0cacd78d1a4709045cd66ba0b257a59de0da05dbbe057bcb16f393679cbbcc50cb765891e4a59758cea3c7417479d6bd5188

Download Submit
C:\Windows\system\fBgbXGk.exe

Filesize
6.0MB

MD5
54f64bfb1d0cf2ecc3cf3d1428ada2fe

SHA1
efb56188db0b7be64ebb25d0455932453c71f9bf

SHA256
57e7aa90ba1d5b9a888437e0c3b82294310b1ca95a5d4e84c3aa21ea6a20249b

SHA512
dbc470effd1ac1cd8d6e837d8b7b0954bce1a296cd4c7f94b83b3dd7d3e4f2fdf9cfd4f6f28109ea037b02570b8d7b0ee7050108ef5a2c01b5d2197edca28107

Download Submit
C:\Windows\system\ftkMRjj.exe

Filesize
6.0MB

MD5
30388ca6de1feb07ebc3ba9155af7742

SHA1
3012658900a1ea6cd9396c86e8ed90ad44496071

SHA256
eb55af40290f7b7812357ae39bc52850bae0863987d3e8f6a0a08b291a49fff1

SHA512
562e3425baa4cd8d276c2edc426a344d50fa2a12e4806a4fb4bc23c27427cc592d4f94b22c9d7225df959c5bede46f2446b037d5f932f51a1c5bef1375ffbc03

Download Submit
C:\Windows\system\jOUfGxo.exe

Filesize
6.0MB

MD5
78cdd4c70821a8329fa312d6cbba74d5

SHA1
1fbca1cd50cfec9822679b28c4a110e52da38052

SHA256
dc20eb4cc9243646bb62e3282f5201084c6e0ea28d42f040060b646df11d32b7

SHA512
880e7aedc366074038147e1f60d15081dc8820e5378edc60e4a3b942b44cae4858b7be30d500dd1000bccacf39b2e9c4f0f20b8800c2e4c451e81a059136e6dd

Download Submit
C:\Windows\system\jqXcdbY.exe

Filesize
6.0MB

MD5
3a18c9ce709a0edf6496197b4a871ecf

SHA1
6358065476330700e15380a429c8241ccf8e34d8

SHA256
f5f445fa39f12d0326d6531de7251f6fd866dba281ce7cfd1d068bcba1b9a6c9

SHA512
59e5bf595e9f1ce464bd391a2cab0e0cd44d35b0aa03044e4238cd02054cdd8e5ea1c832d6fb51ba76431521c28dbb1e490f6664044a273aed5af9e5723802ed

Download Submit
C:\Windows\system\kXCbbtY.exe

Filesize
6.0MB

MD5
4af7b876923a261f01184950321c7bea

SHA1
93a19dc739ff69fcd7f2503ff8183ccdb216ce21

SHA256
a0290f8a6b7fbfdddd20c0aa73fb0464927a869364a54fa9fff2aea0b1f4137f

SHA512
218c6d5c0299af62310fc9f9e06a7c8f36ca5d9d6d971e115a4f7e7c8313b549017a49af2746476652e229d0e858c1a4f311e0fa11134e3295dc9ff83ceb2165

Download Submit
C:\Windows\system\ooruxIZ.exe

Filesize
6.0MB

MD5
761c90acaeb7a02520cfbdf0393eb05b

SHA1
5da94293025270a649425b040dd868be4f1cf65a

SHA256
b08b0d6f0050e5c97d84631364a893d6ca23ca7aae49ab93eaac23c4d237c954

SHA512
4d6d2456a279e6774210618a07cfe78b640ba13ab6274eed8bc76472e73025af7a2bfc514b0a9186cceab6bfd01a2d3caec5563cd4d141c5701af6ef912eadfe

Download Submit
C:\Windows\system\pSiJLsH.exe

Filesize
6.0MB

MD5
32fd72cb1c95fa001f3fe642b064567b

SHA1
dd4991c33e16fcd7455c449d353805aabb417c81

SHA256
afb619bd5d1baef591707212a22545cbd7f30ed61f1920813fa8ba3319c0c840

SHA512
a6f013f43934d05c210f5b2e731e72229582625efaa39e47988983e797192a1db2482666118ab25dd3d35a7cf432c4689dbc0e44f2f6c1565a218f6427296dae

Download Submit
C:\Windows\system\qcrVMVA.exe

Filesize
6.0MB

MD5
d964fdf9d3a7f1f2a071547ab02aa85f

SHA1
acc4b49bc8bab773a29ff716158c414c119e4dfd

SHA256
3d32da8d21a760d481a8133e6acb63172ae3bfea6b23fa9b730008239817de8e

SHA512
a4728ec89c1e20ccdce042720ccdaa56babe3fd41551806acfc08bb2390599f5c6c5d4d26179b358cec3a9dc7ddb27497970e6d2b11bea564e102c4e636be6f4

Download Submit
C:\Windows\system\scyiawI.exe

Filesize
6.0MB

MD5
0d1238b20587bf8b8330de9d20fb8ebe

SHA1
7259847c71af5861eaa7421ae6edc4aee9d9adfb

SHA256
b81b78606a4b5681c776333ba776afc963a35fe47ad901092ebf0df1c94722bb

SHA512
e67b4dd5877193c4fa4438300c3d680e06f56bec48884d439e5bc53d76bb2c5c16a0c19a578b8bd0925200969e51e662fb8c6e575205862b2ca847e3118c7f77

Download Submit
C:\Windows\system\vVewXkR.exe

Filesize
6.0MB

MD5
a50af3c66d684c7eb1edd60bc91e80b6

SHA1
74414b6f8d0465eb7448408e8589f22ff708d89c

SHA256
c3efcfde630767c1dcd0f15858a181c28279e754d9ef6ec93c1b05ae9d5129b5

SHA512
b0be97ef0c56265cf94ce6c44b3bb6b3bd32b44c7ec105cafaec77dab1415c65d77b4a622704f080ec3717426864d201083a33794079a0fab7aa37d71f294f44

Download Submit
C:\Windows\system\vdTRkWH.exe

Filesize
6.0MB

MD5
ae5227e7fff42c71810e062880011622

SHA1
31fe5e6ad40431d353ab4aa4697d31489dcb471c

SHA256
439d64cb3d482172106e15c30ce1be35b9a879e174559c93f5d914d5e27ce159

SHA512
f9807eb83dc30b038593fabbbeb5a10ae8134cf8198891de93cb4479c3cc3b6f8e3739c8ceb551e95fd9b2e633bbfc237a985fdf02bf5e61496462f1267eb6ec

Download Submit
C:\Windows\system\vnmesan.exe

Filesize
6.0MB

MD5
d168763abe7435685a2575fbb98524fc

SHA1
5b730921a40ee91d34db639de98676a93d1b5002

SHA256
776615df53b539d43e22fe9cb534d40ad6c4d586ddaea2b40de5ac6ae326fa2c

SHA512
1c109c878607376fc1f40c1b93445f4aa83134ffd6175b724148cfd989a9d58787e6da8a0de976082f45f31402d0d5a0a0171556d795e6b3bf368fc0dd4ced24

Download Submit
C:\Windows\system\xNnrxdF.exe

Filesize
6.0MB

MD5
8f68e9786118395aa2bd93ee6f1a40de

SHA1
3b1c63476a07f2a177ece2b2fbf5575a50c5be35

SHA256
24b771d7a81d36393cd54079e09511c53ec6ed5dca0465d75f87ac80313b1e98

SHA512
addcfd652ce22211d870d0c30f7d0009ea437e07d119c0c8209582d1be2e2173b724ea1264f93ebe9f476707b4786da4893afb514bcb44062a4567ff7a1dddf6

Download Submit
C:\Windows\system\xTkSBUF.exe

Filesize
6.0MB

MD5
0c50889b7fb042779b5c55453ae5c039

SHA1
96c4d1f1beca7e5a07364e4799d6ef0704252757

SHA256
f20d199ba6f6a777f76cbbf3dea781f5ee2d62e9dc11d9d11565059dcbf95b72

SHA512
648a363a520267a9ecc2bbbeb1603aff2cd49e2f6c6e1141b1033baca53d93f16a1429c61cfe3493d5a890ae51705c1d0beed415d1b900c7ff474e6ddeccea00

Download Submit
\Windows\system\CglBBRP.exe

Filesize
6.0MB

MD5
d9b690ac9adabdec097076910f25d6b9

SHA1
31e054ae687ca6affd3d5199a387a73487db3e8c

SHA256
1d2360fae7d6894c363ccd6b18a6500bd28bf8932d98f1e756a3792459c60541

SHA512
6058ffa716af2ea11e3ede7ee892e7ec22659b71086b05346a75ca3f56e89cac839ed4a9a06542c6a37197120ae363e7931b7098d069c240499d7fe586a46474

Download Submit
\Windows\system\JvgQmBA.exe

Filesize
6.0MB

MD5
08542592d6369299e1c5b21d5f15ed23

SHA1
d41827324cd3771cd7e3d407a7924008f9292c9d

SHA256
82110c5a2c36a17ead3541919dc696a809452b18c43dc310de36628e9b86af4a

SHA512
261c39d86322516ff49d2f5802815abeecc3427dafb0b3ab6b99982e5c0096e869341b536cc1277059c7e8d7beed382191f0273318c31d45c873188c504fee26

Download Submit
\Windows\system\MGhQVxc.exe

Filesize
6.0MB

MD5
6fe61010a6b65d245b362d0aa5943283

SHA1
b68b55b3d86eee5b40a0bbc2fd315c2bcfcce8e8

SHA256
a4abd07b8308d6a8238fb66b7acdfa6de904cee6108fa57c6046cbc187b86248

SHA512
5b692935650f8f9784c88339921b177be2bb3b4efb598808666fa585699590108ee9c1e6acea74525df805432aaa698a4f64c40e155b2276899ac79c0e9f7fa4

Download Submit
\Windows\system\TXkTdfl.exe

Filesize
6.0MB

MD5
ee4524be58fca6798381064d3010e31f

SHA1
5c9e5df47f1e6a14a678009aa76378e57bd526dc

SHA256
9e667b0877d8e22858bd11482661426adbd53cbb82f5edbd58ab363a61880d2f

SHA512
c7fc016fd227ba503890d9e2194239199b45017b5057e5040edb0ecdd8984a2966daf6a1662314fbeab0108677745ba539584e92d42ab85fe25d7f46e7d3256e

Download Submit
\Windows\system\bVpLAhb.exe

Filesize
6.0MB

MD5
ff0ecbfacb933f0018685093b344d0d8

SHA1
508adde338a58d27581b626f7ee825cf88033637

SHA256
f55073dc9fcd8e8c0f19b297acb62bbcd5741d32838d1a14e8b0e3276d4a7bc8

SHA512
e2bd5fd275d24b541037fa6ae65ebf4a2a4c7e21e1058d1d205e7a349a2aadccb9d4596ce0dfa176267d72d1d420a7a44dab71b975257b2835c15254d5554374

Download Submit
\Windows\system\cffKgYU.exe

Filesize
6.0MB

MD5
9148fa2ca5d127e4a03e041290d54d31

SHA1
6b9e8714623c471578b9761b4e8c1e0fb4f7c2d8

SHA256
a80ab8cac55f4b9f8109188d1466d600c37ce39f3d798a9b1b81dba5aa89bd81

SHA512
af590447ce3b0a6de866f96dd46a8003a2c0bd90e27441c87b0a9550f0c85ca2cc072187acf50863b7ec3724d3f67988187bd8a094ec274db76c47e06f569363

Download Submit
\Windows\system\jESfNay.exe

Filesize
6.0MB

MD5
7da6d3edb22a0c5a0562e3d4244e47fa

SHA1
a655adf9260bb1a0e52fa3c9e61f9c6e2f395918

SHA256
0ce841c1a908f45007211b760dd5e120ed65c3804446e7927da9c6834165e53d

SHA512
fda1fb6ba412a11909cfd8a69e507aeededb3a60a74dc618741afc7d35149e9142274f421942338ed0beb189f2b80a1baf0a1f0e5a4eb50458c3876239ef2fff

Download Submit
\Windows\system\krOUIfz.exe

Filesize
6.0MB

MD5
92edacfebab4ea896b5d380c755170fe

SHA1
f7678d08e2438135a3dadec51fa6252afa3ed907

SHA256
809f45ec06d1aeae4b741dfabd001a1223cacfd3706cd7652b67b071fea8f196

SHA512
b7e86c9d06ffb71d256f0112b4c53cc39daded8d93ea5cefe9b5d0b9e235f75517d0a3c8fdfabde2d0913b8f6f00aa3a3211ea6b562bc9d4ed9187ce4c39a918

Download Submit
\Windows\system\mKMLXjs.exe

Filesize
6.0MB

MD5
73abd1ea5e31eb09c1a187e918603fb6

SHA1
4d01bd19a25bfafd92e13de3d1bda44c54a37a3d

SHA256
5adcdea1be18164be35e302bfddb8f74f6b38e73effad8baeb846b35a4b28fb9

SHA512
1df3fd80e750c9cd725f5737a0720e70084f9af8967f9a05fa0ffd9a4b9e230da6d563f5cb5259f8cb92306b112c21708b76bae2aa790846116e73844a999c3f

Download Submit
\Windows\system\tPhqITD.exe

Filesize
6.0MB

MD5
4f79c7a7ca4a60a4b734f2c8a229f503

SHA1
d63d3948cb901f41a2f7ed52bfa49494b0280216

SHA256
3653a3d20d457e8890e54b04560209a18e7e1974de496a866e20e9e8754b3d47

SHA512
a8a6af0c35a1876c6c597ce733c358603c6f7ca1faa388fd0bbdc73133a12254bb57554e405adf7022ac69cd9014cfdd295cd6ac251aa7f21bf5346599e29eab

Download Submit
memory/1988-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1988-0-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/1988-2484-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/1988-4052-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2064-2512-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3758-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2116-2483-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-4004-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download