cobaltstrike | d5c133abd138080d2b9996d8c8f4ba7eb32d4b8f9dcd1ab0ea34e940e8f70b9c

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1a73ded1f25464deff06dce4c43bc6dd
SHA1

414c940284921bca74baf6d37752493a6b5c329a
SHA256

d5c133abd138080d2b9996d8c8f4ba7eb32d4b8f9dcd1ab0ea34e940e8f70b9c
SHA512

1bbe77377337ae5922365fa2184b30d7d46d4db9146a9507e11bcefe7c8605e2f4c450ba2d73b76a656dc4876851598cf8a672db053afc13cd07dcd71fc6d894
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUv:T+q56utgpPF8u/7v

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\lUwmPGD.exe	cobalt_reflective_dll
C:\Windows\system\jDZupOL.exe	cobalt_reflective_dll
C:\Windows\system\ywHjilo.exe	cobalt_reflective_dll
C:\Windows\system\cQmaFpr.exe	cobalt_reflective_dll
C:\Windows\system\KqzWbky.exe	cobalt_reflective_dll
\Windows\system\qWeopFI.exe	cobalt_reflective_dll
\Windows\system\pvTHbuG.exe	cobalt_reflective_dll
C:\Windows\system\XmpjVaF.exe	cobalt_reflective_dll
\Windows\system\aHHFUVJ.exe	cobalt_reflective_dll
\Windows\system\icHLRDJ.exe	cobalt_reflective_dll
C:\Windows\system\aAULdxt.exe	cobalt_reflective_dll
\Windows\system\AHyGqyp.exe	cobalt_reflective_dll
\Windows\system\xMZaheH.exe	cobalt_reflective_dll
C:\Windows\system\eJniiZl.exe	cobalt_reflective_dll
C:\Windows\system\fTrQcvK.exe	cobalt_reflective_dll
C:\Windows\system\mQFAyhN.exe	cobalt_reflective_dll
C:\Windows\system\dUhgmCt.exe	cobalt_reflective_dll
C:\Windows\system\OpZswNj.exe	cobalt_reflective_dll
C:\Windows\system\PmzChcV.exe	cobalt_reflective_dll
C:\Windows\system\cvxmwPb.exe	cobalt_reflective_dll
C:\Windows\system\TVLuDZV.exe	cobalt_reflective_dll
C:\Windows\system\nPPAFye.exe	cobalt_reflective_dll
C:\Windows\system\dgGxuJY.exe	cobalt_reflective_dll
C:\Windows\system\GjEEAlt.exe	cobalt_reflective_dll
C:\Windows\system\JOESUEi.exe	cobalt_reflective_dll
C:\Windows\system\cylHDaX.exe	cobalt_reflective_dll
C:\Windows\system\NUecVMg.exe	cobalt_reflective_dll
C:\Windows\system\mHJqDjl.exe	cobalt_reflective_dll
C:\Windows\system\kCJahGR.exe	cobalt_reflective_dll
C:\Windows\system\MWaVhNF.exe	cobalt_reflective_dll
C:\Windows\system\hyszECz.exe	cobalt_reflective_dll
C:\Windows\system\SKsVuOq.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2856-0-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
\Windows\system\lUwmPGD.exe	xmrig
C:\Windows\system\jDZupOL.exe	xmrig
behavioral1/memory/2860-16-0x000000013F840000-0x000000013FB94000-memory.dmp	xmrig
behavioral1/memory/2784-11-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
C:\Windows\system\ywHjilo.exe	xmrig
behavioral1/memory/1076-26-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2712-29-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
C:\Windows\system\cQmaFpr.exe	xmrig
behavioral1/memory/2700-36-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
C:\Windows\system\KqzWbky.exe	xmrig
\Windows\system\qWeopFI.exe	xmrig
behavioral1/memory/2856-38-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2784-46-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
\Windows\system\pvTHbuG.exe	xmrig
behavioral1/memory/2588-56-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
C:\Windows\system\XmpjVaF.exe	xmrig
behavioral1/memory/1076-59-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/1016-50-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
\Windows\system\aHHFUVJ.exe	xmrig
behavioral1/memory/2708-60-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2856-41-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/memory/2712-64-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/1548-69-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2700-68-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
\Windows\system\icHLRDJ.exe	xmrig
behavioral1/memory/2856-77-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2332-80-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
C:\Windows\system\aAULdxt.exe	xmrig
behavioral1/memory/2588-86-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2856-87-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/memory/2708-89-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2628-88-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
\Windows\system\AHyGqyp.exe	xmrig
behavioral1/memory/2940-97-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
\Windows\system\xMZaheH.exe	xmrig
behavioral1/memory/3028-110-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2856-109-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
C:\Windows\system\eJniiZl.exe	xmrig
C:\Windows\system\fTrQcvK.exe	xmrig
C:\Windows\system\mQFAyhN.exe	xmrig
C:\Windows\system\dUhgmCt.exe	xmrig
C:\Windows\system\OpZswNj.exe	xmrig
behavioral1/memory/2952-400-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/3028-475-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2856-476-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2856-347-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2940-300-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
C:\Windows\system\PmzChcV.exe	xmrig
C:\Windows\system\cvxmwPb.exe	xmrig
C:\Windows\system\TVLuDZV.exe	xmrig
C:\Windows\system\nPPAFye.exe	xmrig
C:\Windows\system\dgGxuJY.exe	xmrig
behavioral1/memory/2856-175-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
C:\Windows\system\GjEEAlt.exe	xmrig
C:\Windows\system\JOESUEi.exe	xmrig
C:\Windows\system\cylHDaX.exe	xmrig
behavioral1/memory/2332-148-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
C:\Windows\system\NUecVMg.exe	xmrig
C:\Windows\system\mHJqDjl.exe	xmrig
C:\Windows\system\kCJahGR.exe	xmrig
C:\Windows\system\MWaVhNF.exe	xmrig
C:\Windows\system\hyszECz.exe	xmrig
behavioral1/memory/2856-114-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

lUwmPGD.exejDZupOL.exeywHjilo.execQmaFpr.exeKqzWbky.exeqWeopFI.exepvTHbuG.exeXmpjVaF.exeaHHFUVJ.exeicHLRDJ.exeaAULdxt.exeAHyGqyp.exeSKsVuOq.exexMZaheH.exehyszECz.exeeJniiZl.exeMWaVhNF.exekCJahGR.exemHJqDjl.exefTrQcvK.exeNUecVMg.exemQFAyhN.execylHDaX.exeJOESUEi.exeGjEEAlt.exedUhgmCt.exedgGxuJY.exenPPAFye.exeTVLuDZV.execvxmwPb.exePmzChcV.exeOpZswNj.exerOHzVZK.exeXqQYcMs.exewpBvdJp.exeeczYwlV.exebGDeKoE.exeitcCmEa.exedIfrHrx.exegGMhoEB.exeWpkITgK.exePvNYzDQ.exeUaeRPcC.exeMIqNLkY.exeNRmGIEV.exeAjuTxxB.exebfLwhFs.exeTKbGbGh.exeypEZupt.exeQKxcoEl.exesqcDPtO.exeWqIWsKH.exeAgaoNUf.exeRBeBDJh.exeFSlyIIa.exewlbtJSA.exetRxlkHI.exemuVkFMs.exeglGltLs.exeXpHxyPy.exeyFWTumr.exegEjmegq.exeYUAKlLX.exeMRHcKik.exe

pid	process
2784	lUwmPGD.exe
2860	jDZupOL.exe
1076	ywHjilo.exe
2712	cQmaFpr.exe
2700	KqzWbky.exe
1016	qWeopFI.exe
2588	pvTHbuG.exe
2708	XmpjVaF.exe
1548	aHHFUVJ.exe
2332	icHLRDJ.exe
2628	aAULdxt.exe
2940	AHyGqyp.exe
2952	SKsVuOq.exe
3028	xMZaheH.exe
2344	hyszECz.exe
3060	eJniiZl.exe
2196	MWaVhNF.exe
2948	kCJahGR.exe
612	mHJqDjl.exe
1400	fTrQcvK.exe
2380	NUecVMg.exe
2496	mQFAyhN.exe
2276	cylHDaX.exe
2184	JOESUEi.exe
2076	GjEEAlt.exe
2340	dUhgmCt.exe
964	dgGxuJY.exe
1432	nPPAFye.exe
1020	TVLuDZV.exe
1040	cvxmwPb.exe
1376	PmzChcV.exe
2084	OpZswNj.exe
1464	rOHzVZK.exe
1744	XqQYcMs.exe
1864	wpBvdJp.exe
2072	eczYwlV.exe
2052	bGDeKoE.exe
1304	itcCmEa.exe
1608	dIfrHrx.exe
1048	gGMhoEB.exe
2772	WpkITgK.exe
556	PvNYzDQ.exe
1776	UaeRPcC.exe
2316	MIqNLkY.exe
108	NRmGIEV.exe
1568	AjuTxxB.exe
884	bfLwhFs.exe
2604	TKbGbGh.exe
2540	ypEZupt.exe
1632	QKxcoEl.exe
1452	sqcDPtO.exe
2912	WqIWsKH.exe
2944	AgaoNUf.exe
2732	RBeBDJh.exe
2812	FSlyIIa.exe
2824	wlbtJSA.exe
2764	tRxlkHI.exe
3012	muVkFMs.exe
2228	glGltLs.exe
2728	XpHxyPy.exe
1120	yFWTumr.exe
2832	gEjmegq.exe
1468	YUAKlLX.exe
2620	MRHcKik.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2856-0-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
\Windows\system\lUwmPGD.exe	upx
C:\Windows\system\jDZupOL.exe	upx
behavioral1/memory/2860-16-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2784-11-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
C:\Windows\system\ywHjilo.exe	upx
behavioral1/memory/1076-26-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2712-29-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
C:\Windows\system\cQmaFpr.exe	upx
behavioral1/memory/2700-36-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
C:\Windows\system\KqzWbky.exe	upx
\Windows\system\qWeopFI.exe	upx
behavioral1/memory/2856-38-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2784-46-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
\Windows\system\pvTHbuG.exe	upx
behavioral1/memory/2588-56-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
C:\Windows\system\XmpjVaF.exe	upx
behavioral1/memory/1076-59-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/1016-50-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
\Windows\system\aHHFUVJ.exe	upx
behavioral1/memory/2708-60-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2712-64-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/1548-69-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2700-68-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
\Windows\system\icHLRDJ.exe	upx
behavioral1/memory/2332-80-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
C:\Windows\system\aAULdxt.exe	upx
behavioral1/memory/2588-86-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2708-89-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2628-88-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
\Windows\system\AHyGqyp.exe	upx
behavioral1/memory/2940-97-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
\Windows\system\xMZaheH.exe	upx
behavioral1/memory/3028-110-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
C:\Windows\system\eJniiZl.exe	upx
C:\Windows\system\fTrQcvK.exe	upx
C:\Windows\system\mQFAyhN.exe	upx
C:\Windows\system\dUhgmCt.exe	upx
C:\Windows\system\OpZswNj.exe	upx
behavioral1/memory/2952-400-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/3028-475-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2940-300-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
C:\Windows\system\PmzChcV.exe	upx
C:\Windows\system\cvxmwPb.exe	upx
C:\Windows\system\TVLuDZV.exe	upx
C:\Windows\system\nPPAFye.exe	upx
C:\Windows\system\dgGxuJY.exe	upx
C:\Windows\system\GjEEAlt.exe	upx
C:\Windows\system\JOESUEi.exe	upx
C:\Windows\system\cylHDaX.exe	upx
behavioral1/memory/2332-148-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
C:\Windows\system\NUecVMg.exe	upx
C:\Windows\system\mHJqDjl.exe	upx
C:\Windows\system\kCJahGR.exe	upx
C:\Windows\system\MWaVhNF.exe	upx
C:\Windows\system\hyszECz.exe	upx
behavioral1/memory/2952-102-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
C:\Windows\system\SKsVuOq.exe	upx
behavioral1/memory/1548-106-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2784-482-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2860-485-0x000000013F840000-0x000000013FB94000-memory.dmp	upx
behavioral1/memory/2712-487-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/1076-490-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/1016-571-0x000000013FE10000-0x0000000140164000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\wCzWQUk.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNMQNMJ.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zShJLJn.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nMYXUUn.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cSbkqFf.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHRZnOa.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abiKiaR.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LeCNjYA.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwlbSix.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyMrnjV.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EslgeAr.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsfZMNO.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wHEBvVK.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLncCKE.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnIXCby.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FKmhoIz.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RMEExhy.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQilSYK.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTGUrJY.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIZcwzF.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hyszECz.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDBUiBf.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPBEaAM.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NXCQmWK.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jezOTwk.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqqNMFP.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AZIBxps.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHwWSkY.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAPPzaN.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KoXyewX.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqBmtTB.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oeRRugl.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBpshOE.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXjgXPX.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRxlkHI.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbPwkOk.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIUosMz.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YuhKyeb.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTeyLej.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEmtWvH.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpZswNj.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xZfszoX.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHjKprF.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tvhLjww.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VzyLuQh.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzLCLdD.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVyujrL.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aShlwiJ.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JekkGXj.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIuOkVU.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uaKocsF.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKNoFAZ.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RHoRIiu.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESwuAos.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sPsjyyg.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBcOhTP.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlnKMyH.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRKTgIc.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFNesKW.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKkIrXj.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DaPZIsx.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INRzVtm.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxuGykA.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbciaqk.exe	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2856 wrote to memory of 2784	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	lUwmPGD.exe
PID 2856 wrote to memory of 2784	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	lUwmPGD.exe
PID 2856 wrote to memory of 2784	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	lUwmPGD.exe
PID 2856 wrote to memory of 2860	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	jDZupOL.exe
PID 2856 wrote to memory of 2860	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	jDZupOL.exe
PID 2856 wrote to memory of 2860	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	jDZupOL.exe
PID 2856 wrote to memory of 1076	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	ywHjilo.exe
PID 2856 wrote to memory of 1076	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	ywHjilo.exe
PID 2856 wrote to memory of 1076	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	ywHjilo.exe
PID 2856 wrote to memory of 2712	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	cQmaFpr.exe
PID 2856 wrote to memory of 2712	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	cQmaFpr.exe
PID 2856 wrote to memory of 2712	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	cQmaFpr.exe
PID 2856 wrote to memory of 2700	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	KqzWbky.exe
PID 2856 wrote to memory of 2700	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	KqzWbky.exe
PID 2856 wrote to memory of 2700	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	KqzWbky.exe
PID 2856 wrote to memory of 1016	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	qWeopFI.exe
PID 2856 wrote to memory of 1016	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	qWeopFI.exe
PID 2856 wrote to memory of 1016	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	qWeopFI.exe
PID 2856 wrote to memory of 2708	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	XmpjVaF.exe
PID 2856 wrote to memory of 2708	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	XmpjVaF.exe
PID 2856 wrote to memory of 2708	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	XmpjVaF.exe
PID 2856 wrote to memory of 2588	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	pvTHbuG.exe
PID 2856 wrote to memory of 2588	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	pvTHbuG.exe
PID 2856 wrote to memory of 2588	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	pvTHbuG.exe
PID 2856 wrote to memory of 1548	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	aHHFUVJ.exe
PID 2856 wrote to memory of 1548	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	aHHFUVJ.exe
PID 2856 wrote to memory of 1548	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	aHHFUVJ.exe
PID 2856 wrote to memory of 2332	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	icHLRDJ.exe
PID 2856 wrote to memory of 2332	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	icHLRDJ.exe
PID 2856 wrote to memory of 2332	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	icHLRDJ.exe
PID 2856 wrote to memory of 2628	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	aAULdxt.exe
PID 2856 wrote to memory of 2628	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	aAULdxt.exe
PID 2856 wrote to memory of 2628	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	aAULdxt.exe
PID 2856 wrote to memory of 2940	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	AHyGqyp.exe
PID 2856 wrote to memory of 2940	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	AHyGqyp.exe
PID 2856 wrote to memory of 2940	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	AHyGqyp.exe
PID 2856 wrote to memory of 2952	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	SKsVuOq.exe
PID 2856 wrote to memory of 2952	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	SKsVuOq.exe
PID 2856 wrote to memory of 2952	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	SKsVuOq.exe
PID 2856 wrote to memory of 3028	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	xMZaheH.exe
PID 2856 wrote to memory of 3028	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	xMZaheH.exe
PID 2856 wrote to memory of 3028	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	xMZaheH.exe
PID 2856 wrote to memory of 2344	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	hyszECz.exe
PID 2856 wrote to memory of 2344	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	hyszECz.exe
PID 2856 wrote to memory of 2344	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	hyszECz.exe
PID 2856 wrote to memory of 3060	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	eJniiZl.exe
PID 2856 wrote to memory of 3060	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	eJniiZl.exe
PID 2856 wrote to memory of 3060	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	eJniiZl.exe
PID 2856 wrote to memory of 2196	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	MWaVhNF.exe
PID 2856 wrote to memory of 2196	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	MWaVhNF.exe
PID 2856 wrote to memory of 2196	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	MWaVhNF.exe
PID 2856 wrote to memory of 2948	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	kCJahGR.exe
PID 2856 wrote to memory of 2948	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	kCJahGR.exe
PID 2856 wrote to memory of 2948	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	kCJahGR.exe
PID 2856 wrote to memory of 612	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	mHJqDjl.exe
PID 2856 wrote to memory of 612	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	mHJqDjl.exe
PID 2856 wrote to memory of 612	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	mHJqDjl.exe
PID 2856 wrote to memory of 1400	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	fTrQcvK.exe
PID 2856 wrote to memory of 1400	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	fTrQcvK.exe
PID 2856 wrote to memory of 1400	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	fTrQcvK.exe
PID 2856 wrote to memory of 2380	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	NUecVMg.exe
PID 2856 wrote to memory of 2380	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	NUecVMg.exe
PID 2856 wrote to memory of 2380	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	NUecVMg.exe
PID 2856 wrote to memory of 2496	2856	2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe	mQFAyhN.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_1a73ded1f25464deff06dce4c43bc6dd_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2856
- C:\Windows\System\lUwmPGD.exe
  C:\Windows\System\lUwmPGD.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\jDZupOL.exe
  C:\Windows\System\jDZupOL.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\ywHjilo.exe
  C:\Windows\System\ywHjilo.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\cQmaFpr.exe
  C:\Windows\System\cQmaFpr.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\KqzWbky.exe
  C:\Windows\System\KqzWbky.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\qWeopFI.exe
  C:\Windows\System\qWeopFI.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\XmpjVaF.exe
  C:\Windows\System\XmpjVaF.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\pvTHbuG.exe
  C:\Windows\System\pvTHbuG.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\aHHFUVJ.exe
  C:\Windows\System\aHHFUVJ.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\icHLRDJ.exe
  C:\Windows\System\icHLRDJ.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\aAULdxt.exe
  C:\Windows\System\aAULdxt.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\AHyGqyp.exe
  C:\Windows\System\AHyGqyp.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\SKsVuOq.exe
  C:\Windows\System\SKsVuOq.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\xMZaheH.exe
  C:\Windows\System\xMZaheH.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\hyszECz.exe
  C:\Windows\System\hyszECz.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\eJniiZl.exe
  C:\Windows\System\eJniiZl.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\MWaVhNF.exe
  C:\Windows\System\MWaVhNF.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\kCJahGR.exe
  C:\Windows\System\kCJahGR.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\mHJqDjl.exe
  C:\Windows\System\mHJqDjl.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\fTrQcvK.exe
  C:\Windows\System\fTrQcvK.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\NUecVMg.exe
  C:\Windows\System\NUecVMg.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\mQFAyhN.exe
  C:\Windows\System\mQFAyhN.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\cylHDaX.exe
  C:\Windows\System\cylHDaX.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\JOESUEi.exe
  C:\Windows\System\JOESUEi.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\GjEEAlt.exe
  C:\Windows\System\GjEEAlt.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\dUhgmCt.exe
  C:\Windows\System\dUhgmCt.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\dgGxuJY.exe
  C:\Windows\System\dgGxuJY.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\nPPAFye.exe
  C:\Windows\System\nPPAFye.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\TVLuDZV.exe
  C:\Windows\System\TVLuDZV.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\cvxmwPb.exe
  C:\Windows\System\cvxmwPb.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\PmzChcV.exe
  C:\Windows\System\PmzChcV.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\OpZswNj.exe
  C:\Windows\System\OpZswNj.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\rOHzVZK.exe
  C:\Windows\System\rOHzVZK.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\XqQYcMs.exe
  C:\Windows\System\XqQYcMs.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\wpBvdJp.exe
  C:\Windows\System\wpBvdJp.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\eczYwlV.exe
  C:\Windows\System\eczYwlV.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\bGDeKoE.exe
  C:\Windows\System\bGDeKoE.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\itcCmEa.exe
  C:\Windows\System\itcCmEa.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\dIfrHrx.exe
  C:\Windows\System\dIfrHrx.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\gGMhoEB.exe
  C:\Windows\System\gGMhoEB.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\WpkITgK.exe
  C:\Windows\System\WpkITgK.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\PvNYzDQ.exe
  C:\Windows\System\PvNYzDQ.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\UaeRPcC.exe
  C:\Windows\System\UaeRPcC.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\MIqNLkY.exe
  C:\Windows\System\MIqNLkY.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\NRmGIEV.exe
  C:\Windows\System\NRmGIEV.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\AjuTxxB.exe
  C:\Windows\System\AjuTxxB.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\bfLwhFs.exe
  C:\Windows\System\bfLwhFs.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\TKbGbGh.exe
  C:\Windows\System\TKbGbGh.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\ypEZupt.exe
  C:\Windows\System\ypEZupt.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\QKxcoEl.exe
  C:\Windows\System\QKxcoEl.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\sqcDPtO.exe
  C:\Windows\System\sqcDPtO.exe
  2⤵
  - Executes dropped EXE
  PID:1452
- C:\Windows\System\WqIWsKH.exe
  C:\Windows\System\WqIWsKH.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\AgaoNUf.exe
  C:\Windows\System\AgaoNUf.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\RBeBDJh.exe
  C:\Windows\System\RBeBDJh.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\FSlyIIa.exe
  C:\Windows\System\FSlyIIa.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\wlbtJSA.exe
  C:\Windows\System\wlbtJSA.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\tRxlkHI.exe
  C:\Windows\System\tRxlkHI.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\muVkFMs.exe
  C:\Windows\System\muVkFMs.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\glGltLs.exe
  C:\Windows\System\glGltLs.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\XpHxyPy.exe
  C:\Windows\System\XpHxyPy.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\yFWTumr.exe
  C:\Windows\System\yFWTumr.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\gEjmegq.exe
  C:\Windows\System\gEjmegq.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\YUAKlLX.exe
  C:\Windows\System\YUAKlLX.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\MRHcKik.exe
  C:\Windows\System\MRHcKik.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\RPSPruY.exe
  C:\Windows\System\RPSPruY.exe
  2⤵
  PID:2908
- C:\Windows\System\PDXjgMh.exe
  C:\Windows\System\PDXjgMh.exe
  2⤵
  PID:2844
- C:\Windows\System\aJaYmKy.exe
  C:\Windows\System\aJaYmKy.exe
  2⤵
  PID:3004
- C:\Windows\System\NsfZMNO.exe
  C:\Windows\System\NsfZMNO.exe
  2⤵
  PID:2996
- C:\Windows\System\MvCXElB.exe
  C:\Windows\System\MvCXElB.exe
  2⤵
  PID:2436
- C:\Windows\System\dotMXVw.exe
  C:\Windows\System\dotMXVw.exe
  2⤵
  PID:688
- C:\Windows\System\bSYtQFz.exe
  C:\Windows\System\bSYtQFz.exe
  2⤵
  PID:1028
- C:\Windows\System\hpHWTlf.exe
  C:\Windows\System\hpHWTlf.exe
  2⤵
  PID:432
- C:\Windows\System\CIlnUHF.exe
  C:\Windows\System\CIlnUHF.exe
  2⤵
  PID:2440
- C:\Windows\System\dyYTaBw.exe
  C:\Windows\System\dyYTaBw.exe
  2⤵
  PID:2464
- C:\Windows\System\mKHqBbN.exe
  C:\Windows\System\mKHqBbN.exe
  2⤵
  PID:1476
- C:\Windows\System\CVpqXAC.exe
  C:\Windows\System\CVpqXAC.exe
  2⤵
  PID:1328
- C:\Windows\System\MbzwIHg.exe
  C:\Windows\System\MbzwIHg.exe
  2⤵
  PID:1724
- C:\Windows\System\PcEnOHB.exe
  C:\Windows\System\PcEnOHB.exe
  2⤵
  PID:960
- C:\Windows\System\GuLBVEj.exe
  C:\Windows\System\GuLBVEj.exe
  2⤵
  PID:2136
- C:\Windows\System\WCeVVmf.exe
  C:\Windows\System\WCeVVmf.exe
  2⤵
  PID:1288
- C:\Windows\System\JCbaqNb.exe
  C:\Windows\System\JCbaqNb.exe
  2⤵
  PID:1948
- C:\Windows\System\tabdpBM.exe
  C:\Windows\System\tabdpBM.exe
  2⤵
  PID:2092
- C:\Windows\System\JyGEqlF.exe
  C:\Windows\System\JyGEqlF.exe
  2⤵
  PID:2236
- C:\Windows\System\XieBfmh.exe
  C:\Windows\System\XieBfmh.exe
  2⤵
  PID:2308
- C:\Windows\System\oUlXHWD.exe
  C:\Windows\System\oUlXHWD.exe
  2⤵
  PID:2112
- C:\Windows\System\OsMHiZq.exe
  C:\Windows\System\OsMHiZq.exe
  2⤵
  PID:2260
- C:\Windows\System\aAeOtum.exe
  C:\Windows\System\aAeOtum.exe
  2⤵
  PID:880
- C:\Windows\System\TDBUiBf.exe
  C:\Windows\System\TDBUiBf.exe
  2⤵
  PID:2548
- C:\Windows\System\PzDbKwf.exe
  C:\Windows\System\PzDbKwf.exe
  2⤵
  PID:1932
- C:\Windows\System\mugPvrS.exe
  C:\Windows\System\mugPvrS.exe
  2⤵
  PID:1508
- C:\Windows\System\onbHOzy.exe
  C:\Windows\System\onbHOzy.exe
  2⤵
  PID:2864
- C:\Windows\System\jvLZgZs.exe
  C:\Windows\System\jvLZgZs.exe
  2⤵
  PID:2816
- C:\Windows\System\LyGXDbj.exe
  C:\Windows\System\LyGXDbj.exe
  2⤵
  PID:1752
- C:\Windows\System\rlAzXFj.exe
  C:\Windows\System\rlAzXFj.exe
  2⤵
  PID:2740
- C:\Windows\System\BzxsbCV.exe
  C:\Windows\System\BzxsbCV.exe
  2⤵
  PID:948
- C:\Windows\System\qUoAcIQ.exe
  C:\Windows\System\qUoAcIQ.exe
  2⤵
  PID:2752
- C:\Windows\System\EBDdiLO.exe
  C:\Windows\System\EBDdiLO.exe
  2⤵
  PID:2876
- C:\Windows\System\ovRHwgJ.exe
  C:\Windows\System\ovRHwgJ.exe
  2⤵
  PID:2068
- C:\Windows\System\YgmKDFm.exe
  C:\Windows\System\YgmKDFm.exe
  2⤵
  PID:2680
- C:\Windows\System\nwncxEX.exe
  C:\Windows\System\nwncxEX.exe
  2⤵
  PID:2580
- C:\Windows\System\onwcvma.exe
  C:\Windows\System\onwcvma.exe
  2⤵
  PID:1172
- C:\Windows\System\pDRXhKJ.exe
  C:\Windows\System\pDRXhKJ.exe
  2⤵
  PID:2176
- C:\Windows\System\fmjFFRk.exe
  C:\Windows\System\fmjFFRk.exe
  2⤵
  PID:1680
- C:\Windows\System\VdUSWhu.exe
  C:\Windows\System\VdUSWhu.exe
  2⤵
  PID:1240
- C:\Windows\System\rFKRaKg.exe
  C:\Windows\System\rFKRaKg.exe
  2⤵
  PID:2452
- C:\Windows\System\RUnYQyx.exe
  C:\Windows\System\RUnYQyx.exe
  2⤵
  PID:1624
- C:\Windows\System\QgnYoSk.exe
  C:\Windows\System\QgnYoSk.exe
  2⤵
  PID:2024
- C:\Windows\System\fsPwCte.exe
  C:\Windows\System\fsPwCte.exe
  2⤵
  PID:1252
- C:\Windows\System\UrUTgvi.exe
  C:\Windows\System\UrUTgvi.exe
  2⤵
  PID:2240
- C:\Windows\System\XKFKZxR.exe
  C:\Windows\System\XKFKZxR.exe
  2⤵
  PID:2280
- C:\Windows\System\sonPLJX.exe
  C:\Windows\System\sonPLJX.exe
  2⤵
  PID:2288
- C:\Windows\System\defCSUt.exe
  C:\Windows\System\defCSUt.exe
  2⤵
  PID:852
- C:\Windows\System\jGLfsri.exe
  C:\Windows\System\jGLfsri.exe
  2⤵
  PID:2272
- C:\Windows\System\aDvxuyA.exe
  C:\Windows\System\aDvxuyA.exe
  2⤵
  PID:2456
- C:\Windows\System\sTFnMRj.exe
  C:\Windows\System\sTFnMRj.exe
  2⤵
  PID:2868
- C:\Windows\System\uVagsOE.exe
  C:\Windows\System\uVagsOE.exe
  2⤵
  PID:2916
- C:\Windows\System\uHGXHzN.exe
  C:\Windows\System\uHGXHzN.exe
  2⤵
  PID:3052
- C:\Windows\System\thjmAmd.exe
  C:\Windows\System\thjmAmd.exe
  2⤵
  PID:2612
- C:\Windows\System\ljqcQvL.exe
  C:\Windows\System\ljqcQvL.exe
  2⤵
  PID:2840
- C:\Windows\System\XQXkhWi.exe
  C:\Windows\System\XQXkhWi.exe
  2⤵
  PID:3008
- C:\Windows\System\grUnUGn.exe
  C:\Windows\System\grUnUGn.exe
  2⤵
  PID:304
- C:\Windows\System\ykxvdCQ.exe
  C:\Windows\System\ykxvdCQ.exe
  2⤵
  PID:1936
- C:\Windows\System\yUoUIFR.exe
  C:\Windows\System\yUoUIFR.exe
  2⤵
  PID:1940
- C:\Windows\System\IfwIkGR.exe
  C:\Windows\System\IfwIkGR.exe
  2⤵
  PID:2804
- C:\Windows\System\jDByLUO.exe
  C:\Windows\System\jDByLUO.exe
  2⤵
  PID:1128
- C:\Windows\System\JlfmwBL.exe
  C:\Windows\System\JlfmwBL.exe
  2⤵
  PID:1412
- C:\Windows\System\qORoYjD.exe
  C:\Windows\System\qORoYjD.exe
  2⤵
  PID:3016
- C:\Windows\System\XVDwmWQ.exe
  C:\Windows\System\XVDwmWQ.exe
  2⤵
  PID:396
- C:\Windows\System\ucPOtCs.exe
  C:\Windows\System\ucPOtCs.exe
  2⤵
  PID:2372
- C:\Windows\System\dmssdOD.exe
  C:\Windows\System\dmssdOD.exe
  2⤵
  PID:3000
- C:\Windows\System\DafdZhv.exe
  C:\Windows\System\DafdZhv.exe
  2⤵
  PID:3068
- C:\Windows\System\adtKVhw.exe
  C:\Windows\System\adtKVhw.exe
  2⤵
  PID:2356
- C:\Windows\System\cogNNPZ.exe
  C:\Windows\System\cogNNPZ.exe
  2⤵
  PID:1784
- C:\Windows\System\wHEBvVK.exe
  C:\Windows\System\wHEBvVK.exe
  2⤵
  PID:2492
- C:\Windows\System\HyQKhDM.exe
  C:\Windows\System\HyQKhDM.exe
  2⤵
  PID:1436
- C:\Windows\System\samBHRA.exe
  C:\Windows\System\samBHRA.exe
  2⤵
  PID:1968
- C:\Windows\System\NrordwY.exe
  C:\Windows\System\NrordwY.exe
  2⤵
  PID:2172
- C:\Windows\System\GCkrYhE.exe
  C:\Windows\System\GCkrYhE.exe
  2⤵
  PID:2600
- C:\Windows\System\xcFGuKG.exe
  C:\Windows\System\xcFGuKG.exe
  2⤵
  PID:2512
- C:\Windows\System\oYCYBhk.exe
  C:\Windows\System\oYCYBhk.exe
  2⤵
  PID:1428
- C:\Windows\System\AXRjNwe.exe
  C:\Windows\System\AXRjNwe.exe
  2⤵
  PID:2104
- C:\Windows\System\ExPpdTC.exe
  C:\Windows\System\ExPpdTC.exe
  2⤵
  PID:988
- C:\Windows\System\IctFDOc.exe
  C:\Windows\System\IctFDOc.exe
  2⤵
  PID:2608
- C:\Windows\System\DqkNcFU.exe
  C:\Windows\System\DqkNcFU.exe
  2⤵
  PID:928
- C:\Windows\System\WUVgxlD.exe
  C:\Windows\System\WUVgxlD.exe
  2⤵
  PID:2336
- C:\Windows\System\kVVclCz.exe
  C:\Windows\System\kVVclCz.exe
  2⤵
  PID:2800
- C:\Windows\System\awilJVi.exe
  C:\Windows\System\awilJVi.exe
  2⤵
  PID:2692
- C:\Windows\System\bHLwPTZ.exe
  C:\Windows\System\bHLwPTZ.exe
  2⤵
  PID:2564
- C:\Windows\System\xanhNxk.exe
  C:\Windows\System\xanhNxk.exe
  2⤵
  PID:332
- C:\Windows\System\qZwBbwh.exe
  C:\Windows\System\qZwBbwh.exe
  2⤵
  PID:1532
- C:\Windows\System\QXLTYRd.exe
  C:\Windows\System\QXLTYRd.exe
  2⤵
  PID:2392
- C:\Windows\System\vQUZcAN.exe
  C:\Windows\System\vQUZcAN.exe
  2⤵
  PID:2328
- C:\Windows\System\gfncyCL.exe
  C:\Windows\System\gfncyCL.exe
  2⤵
  PID:2956
- C:\Windows\System\uANynOY.exe
  C:\Windows\System\uANynOY.exe
  2⤵
  PID:368
- C:\Windows\System\tVCetqx.exe
  C:\Windows\System\tVCetqx.exe
  2⤵
  PID:2312
- C:\Windows\System\CRZQdmI.exe
  C:\Windows\System\CRZQdmI.exe
  2⤵
  PID:1544
- C:\Windows\System\pyZMqva.exe
  C:\Windows\System\pyZMqva.exe
  2⤵
  PID:1956
- C:\Windows\System\ykAKUOJ.exe
  C:\Windows\System\ykAKUOJ.exe
  2⤵
  PID:2688
- C:\Windows\System\jugPSbk.exe
  C:\Windows\System\jugPSbk.exe
  2⤵
  PID:2744
- C:\Windows\System\sftMYAq.exe
  C:\Windows\System\sftMYAq.exe
  2⤵
  PID:2676
- C:\Windows\System\DaPZIsx.exe
  C:\Windows\System\DaPZIsx.exe
  2⤵
  PID:2320
- C:\Windows\System\iIGuPpQ.exe
  C:\Windows\System\iIGuPpQ.exe
  2⤵
  PID:2152
- C:\Windows\System\uizxUXZ.exe
  C:\Windows\System\uizxUXZ.exe
  2⤵
  PID:1456
- C:\Windows\System\cqnLrRh.exe
  C:\Windows\System\cqnLrRh.exe
  2⤵
  PID:940
- C:\Windows\System\jezOTwk.exe
  C:\Windows\System\jezOTwk.exe
  2⤵
  PID:908
- C:\Windows\System\PrqaaTf.exe
  C:\Windows\System\PrqaaTf.exe
  2⤵
  PID:2780
- C:\Windows\System\pOLsBmK.exe
  C:\Windows\System\pOLsBmK.exe
  2⤵
  PID:1504
- C:\Windows\System\wwuMngD.exe
  C:\Windows\System\wwuMngD.exe
  2⤵
  PID:2736
- C:\Windows\System\MaNZVeg.exe
  C:\Windows\System\MaNZVeg.exe
  2⤵
  PID:1848
- C:\Windows\System\IoVslqz.exe
  C:\Windows\System\IoVslqz.exe
  2⤵
  PID:1972
- C:\Windows\System\xBarceX.exe
  C:\Windows\System\xBarceX.exe
  2⤵
  PID:620
- C:\Windows\System\bSrOHSe.exe
  C:\Windows\System\bSrOHSe.exe
  2⤵
  PID:1924
- C:\Windows\System\dNVYufh.exe
  C:\Windows\System\dNVYufh.exe
  2⤵
  PID:1560
- C:\Windows\System\lpNbKBD.exe
  C:\Windows\System\lpNbKBD.exe
  2⤵
  PID:1900
- C:\Windows\System\xaBgygY.exe
  C:\Windows\System\xaBgygY.exe
  2⤵
  PID:1944
- C:\Windows\System\RatppXR.exe
  C:\Windows\System\RatppXR.exe
  2⤵
  PID:2208
- C:\Windows\System\kgsGcLu.exe
  C:\Windows\System\kgsGcLu.exe
  2⤵
  PID:2884
- C:\Windows\System\hXAHXxU.exe
  C:\Windows\System\hXAHXxU.exe
  2⤵
  PID:3088
- C:\Windows\System\yGYWVjo.exe
  C:\Windows\System\yGYWVjo.exe
  2⤵
  PID:3120
- C:\Windows\System\CqoAtNo.exe
  C:\Windows\System\CqoAtNo.exe
  2⤵
  PID:3136
- C:\Windows\System\Jmtaors.exe
  C:\Windows\System\Jmtaors.exe
  2⤵
  PID:3152
- C:\Windows\System\MuZUGXk.exe
  C:\Windows\System\MuZUGXk.exe
  2⤵
  PID:3168
- C:\Windows\System\ZUkJqKj.exe
  C:\Windows\System\ZUkJqKj.exe
  2⤵
  PID:3188
- C:\Windows\System\nTlfMjZ.exe
  C:\Windows\System\nTlfMjZ.exe
  2⤵
  PID:3216
- C:\Windows\System\rzIPPDh.exe
  C:\Windows\System\rzIPPDh.exe
  2⤵
  PID:3240
- C:\Windows\System\VRkOJiP.exe
  C:\Windows\System\VRkOJiP.exe
  2⤵
  PID:3256
- C:\Windows\System\ZOFugsy.exe
  C:\Windows\System\ZOFugsy.exe
  2⤵
  PID:3272
- C:\Windows\System\ifWKPTz.exe
  C:\Windows\System\ifWKPTz.exe
  2⤵
  PID:3292
- C:\Windows\System\JlXlnGJ.exe
  C:\Windows\System\JlXlnGJ.exe
  2⤵
  PID:3320
- C:\Windows\System\SKYkTGz.exe
  C:\Windows\System\SKYkTGz.exe
  2⤵
  PID:3336
- C:\Windows\System\ExylZKQ.exe
  C:\Windows\System\ExylZKQ.exe
  2⤵
  PID:3356
- C:\Windows\System\zjVxueg.exe
  C:\Windows\System\zjVxueg.exe
  2⤵
  PID:3372
- C:\Windows\System\RpGHgoC.exe
  C:\Windows\System\RpGHgoC.exe
  2⤵
  PID:3388
- C:\Windows\System\ocvOjut.exe
  C:\Windows\System\ocvOjut.exe
  2⤵
  PID:3408
- C:\Windows\System\qleuUJq.exe
  C:\Windows\System\qleuUJq.exe
  2⤵
  PID:3432
- C:\Windows\System\WPAqAMd.exe
  C:\Windows\System\WPAqAMd.exe
  2⤵
  PID:3448
- C:\Windows\System\KzBbJSW.exe
  C:\Windows\System\KzBbJSW.exe
  2⤵
  PID:3472
- C:\Windows\System\CUcxZYY.exe
  C:\Windows\System\CUcxZYY.exe
  2⤵
  PID:3488
- C:\Windows\System\ywUpQQH.exe
  C:\Windows\System\ywUpQQH.exe
  2⤵
  PID:3520
- C:\Windows\System\XavFSat.exe
  C:\Windows\System\XavFSat.exe
  2⤵
  PID:3536
- C:\Windows\System\YbLmzwV.exe
  C:\Windows\System\YbLmzwV.exe
  2⤵
  PID:3556
- C:\Windows\System\sOabFhE.exe
  C:\Windows\System\sOabFhE.exe
  2⤵
  PID:3572
- C:\Windows\System\EcltaLD.exe
  C:\Windows\System\EcltaLD.exe
  2⤵
  PID:3592
- C:\Windows\System\hcvNZBS.exe
  C:\Windows\System\hcvNZBS.exe
  2⤵
  PID:3612
- C:\Windows\System\iiZWVfY.exe
  C:\Windows\System\iiZWVfY.exe
  2⤵
  PID:3640
- C:\Windows\System\gXGZJbF.exe
  C:\Windows\System\gXGZJbF.exe
  2⤵
  PID:3656
- C:\Windows\System\AeZPHXZ.exe
  C:\Windows\System\AeZPHXZ.exe
  2⤵
  PID:3684
- C:\Windows\System\xZfszoX.exe
  C:\Windows\System\xZfszoX.exe
  2⤵
  PID:3700
- C:\Windows\System\rCMNKrK.exe
  C:\Windows\System\rCMNKrK.exe
  2⤵
  PID:3724
- C:\Windows\System\JaFcsQP.exe
  C:\Windows\System\JaFcsQP.exe
  2⤵
  PID:3744
- C:\Windows\System\IGEygZU.exe
  C:\Windows\System\IGEygZU.exe
  2⤵
  PID:3772
- C:\Windows\System\eIzlKUx.exe
  C:\Windows\System\eIzlKUx.exe
  2⤵
  PID:3788
- C:\Windows\System\ToApGqN.exe
  C:\Windows\System\ToApGqN.exe
  2⤵
  PID:3804
- C:\Windows\System\JekkGXj.exe
  C:\Windows\System\JekkGXj.exe
  2⤵
  PID:3824
- C:\Windows\System\qPBKdyG.exe
  C:\Windows\System\qPBKdyG.exe
  2⤵
  PID:3856
- C:\Windows\System\wMaORvk.exe
  C:\Windows\System\wMaORvk.exe
  2⤵
  PID:3876
- C:\Windows\System\pmwDrzm.exe
  C:\Windows\System\pmwDrzm.exe
  2⤵
  PID:3900
- C:\Windows\System\vMZxnWm.exe
  C:\Windows\System\vMZxnWm.exe
  2⤵
  PID:3920
- C:\Windows\System\rnscgtU.exe
  C:\Windows\System\rnscgtU.exe
  2⤵
  PID:3936
- C:\Windows\System\CXnJLPH.exe
  C:\Windows\System\CXnJLPH.exe
  2⤵
  PID:3952
- C:\Windows\System\QReykkC.exe
  C:\Windows\System\QReykkC.exe
  2⤵
  PID:3976
- C:\Windows\System\dsxPqPu.exe
  C:\Windows\System\dsxPqPu.exe
  2⤵
  PID:4004
- C:\Windows\System\Zxkpwvt.exe
  C:\Windows\System\Zxkpwvt.exe
  2⤵
  PID:4020
- C:\Windows\System\ThYBrxJ.exe
  C:\Windows\System\ThYBrxJ.exe
  2⤵
  PID:4040
- C:\Windows\System\nMYXUUn.exe
  C:\Windows\System\nMYXUUn.exe
  2⤵
  PID:4060
- C:\Windows\System\yLwyzUX.exe
  C:\Windows\System\yLwyzUX.exe
  2⤵
  PID:4080
- C:\Windows\System\WPGYghH.exe
  C:\Windows\System\WPGYghH.exe
  2⤵
  PID:972
- C:\Windows\System\UBoAalV.exe
  C:\Windows\System\UBoAalV.exe
  2⤵
  PID:3096
- C:\Windows\System\oxGkHEL.exe
  C:\Windows\System\oxGkHEL.exe
  2⤵
  PID:3112
- C:\Windows\System\lBsrMDU.exe
  C:\Windows\System\lBsrMDU.exe
  2⤵
  PID:3128
- C:\Windows\System\CGMmKrz.exe
  C:\Windows\System\CGMmKrz.exe
  2⤵
  PID:3196
- C:\Windows\System\ZNOVgQh.exe
  C:\Windows\System\ZNOVgQh.exe
  2⤵
  PID:3224
- C:\Windows\System\RgBHzGT.exe
  C:\Windows\System\RgBHzGT.exe
  2⤵
  PID:3252
- C:\Windows\System\SYskSvp.exe
  C:\Windows\System\SYskSvp.exe
  2⤵
  PID:3268
- C:\Windows\System\EVzDcjP.exe
  C:\Windows\System\EVzDcjP.exe
  2⤵
  PID:3308
- C:\Windows\System\GRMeSxk.exe
  C:\Windows\System\GRMeSxk.exe
  2⤵
  PID:3380
- C:\Windows\System\HmBqVww.exe
  C:\Windows\System\HmBqVww.exe
  2⤵
  PID:3480
- C:\Windows\System\UBpPZwE.exe
  C:\Windows\System\UBpPZwE.exe
  2⤵
  PID:3396
- C:\Windows\System\hxyrDaM.exe
  C:\Windows\System\hxyrDaM.exe
  2⤵
  PID:3456
- C:\Windows\System\XYOBrsq.exe
  C:\Windows\System\XYOBrsq.exe
  2⤵
  PID:3496
- C:\Windows\System\wPBEaAM.exe
  C:\Windows\System\wPBEaAM.exe
  2⤵
  PID:3548
- C:\Windows\System\rbPMcik.exe
  C:\Windows\System\rbPMcik.exe
  2⤵
  PID:3528
- C:\Windows\System\JBClWOO.exe
  C:\Windows\System\JBClWOO.exe
  2⤵
  PID:3604
- C:\Windows\System\lVfaIQX.exe
  C:\Windows\System\lVfaIQX.exe
  2⤵
  PID:3624
- C:\Windows\System\qPDpiEv.exe
  C:\Windows\System\qPDpiEv.exe
  2⤵
  PID:2384
- C:\Windows\System\zZvRmjl.exe
  C:\Windows\System\zZvRmjl.exe
  2⤵
  PID:3708
- C:\Windows\System\ATCbKfp.exe
  C:\Windows\System\ATCbKfp.exe
  2⤵
  PID:3720
- C:\Windows\System\FcfvfdU.exe
  C:\Windows\System\FcfvfdU.exe
  2⤵
  PID:3760
- C:\Windows\System\mTVViUG.exe
  C:\Windows\System\mTVViUG.exe
  2⤵
  PID:3832
- C:\Windows\System\chdVhig.exe
  C:\Windows\System\chdVhig.exe
  2⤵
  PID:3812
- C:\Windows\System\rPwtiUs.exe
  C:\Windows\System\rPwtiUs.exe
  2⤵
  PID:3820
- C:\Windows\System\yIUrcnz.exe
  C:\Windows\System\yIUrcnz.exe
  2⤵
  PID:3888
- C:\Windows\System\NNnlkVN.exe
  C:\Windows\System\NNnlkVN.exe
  2⤵
  PID:3912
- C:\Windows\System\ypNAthZ.exe
  C:\Windows\System\ypNAthZ.exe
  2⤵
  PID:3972
- C:\Windows\System\yOswjMJ.exe
  C:\Windows\System\yOswjMJ.exe
  2⤵
  PID:3984
- C:\Windows\System\ZFeFdnx.exe
  C:\Windows\System\ZFeFdnx.exe
  2⤵
  PID:4028
- C:\Windows\System\NnBOFSr.exe
  C:\Windows\System\NnBOFSr.exe
  2⤵
  PID:4052
- C:\Windows\System\hBlTjXR.exe
  C:\Windows\System\hBlTjXR.exe
  2⤵
  PID:4088
- C:\Windows\System\jMpAGvZ.exe
  C:\Windows\System\jMpAGvZ.exe
  2⤵
  PID:3132
- C:\Windows\System\enLcZSl.exe
  C:\Windows\System\enLcZSl.exe
  2⤵
  PID:3176
- C:\Windows\System\tVRxhvI.exe
  C:\Windows\System\tVRxhvI.exe
  2⤵
  PID:236
- C:\Windows\System\oqgjYGL.exe
  C:\Windows\System\oqgjYGL.exe
  2⤵
  PID:3200
- C:\Windows\System\tkKdQoh.exe
  C:\Windows\System\tkKdQoh.exe
  2⤵
  PID:3304
- C:\Windows\System\JJTQJFA.exe
  C:\Windows\System\JJTQJFA.exe
  2⤵
  PID:3344
- C:\Windows\System\vvPHUcd.exe
  C:\Windows\System\vvPHUcd.exe
  2⤵
  PID:3404
- C:\Windows\System\RNXHVfU.exe
  C:\Windows\System\RNXHVfU.exe
  2⤵
  PID:3508
- C:\Windows\System\WcYRhsZ.exe
  C:\Windows\System\WcYRhsZ.exe
  2⤵
  PID:3464
- C:\Windows\System\ZNMMWIq.exe
  C:\Windows\System\ZNMMWIq.exe
  2⤵
  PID:3580
- C:\Windows\System\pFIylHv.exe
  C:\Windows\System\pFIylHv.exe
  2⤵
  PID:3628
- C:\Windows\System\cSbkqFf.exe
  C:\Windows\System\cSbkqFf.exe
  2⤵
  PID:3608
- C:\Windows\System\NiFoJKU.exe
  C:\Windows\System\NiFoJKU.exe
  2⤵
  PID:3736
- C:\Windows\System\KHyoFVi.exe
  C:\Windows\System\KHyoFVi.exe
  2⤵
  PID:3764
- C:\Windows\System\fCbvElU.exe
  C:\Windows\System\fCbvElU.exe
  2⤵
  PID:3928
- C:\Windows\System\vjELvLz.exe
  C:\Windows\System\vjELvLz.exe
  2⤵
  PID:3884
- C:\Windows\System\EyNTDGq.exe
  C:\Windows\System\EyNTDGq.exe
  2⤵
  PID:4000
- C:\Windows\System\xjdkJsX.exe
  C:\Windows\System\xjdkJsX.exe
  2⤵
  PID:4036
- C:\Windows\System\PyXonYK.exe
  C:\Windows\System\PyXonYK.exe
  2⤵
  PID:4068
- C:\Windows\System\gtYSThU.exe
  C:\Windows\System\gtYSThU.exe
  2⤵
  PID:3212
- C:\Windows\System\rhjvAXu.exe
  C:\Windows\System\rhjvAXu.exe
  2⤵
  PID:3284
- C:\Windows\System\LzbUioE.exe
  C:\Windows\System\LzbUioE.exe
  2⤵
  PID:2264
- C:\Windows\System\WVFouXQ.exe
  C:\Windows\System\WVFouXQ.exe
  2⤵
  PID:3424
- C:\Windows\System\RkcRHXl.exe
  C:\Windows\System\RkcRHXl.exe
  2⤵
  PID:3516
- C:\Windows\System\XrZrDGA.exe
  C:\Windows\System\XrZrDGA.exe
  2⤵
  PID:3648
- C:\Windows\System\MvWszjR.exe
  C:\Windows\System\MvWszjR.exe
  2⤵
  PID:3588
- C:\Windows\System\IXyjmKP.exe
  C:\Windows\System\IXyjmKP.exe
  2⤵
  PID:3692
- C:\Windows\System\vhzmqSe.exe
  C:\Windows\System\vhzmqSe.exe
  2⤵
  PID:3780
- C:\Windows\System\qKYhvvZ.exe
  C:\Windows\System\qKYhvvZ.exe
  2⤵
  PID:3896
- C:\Windows\System\IiyGjvQ.exe
  C:\Windows\System\IiyGjvQ.exe
  2⤵
  PID:3992
- C:\Windows\System\yvhMSzD.exe
  C:\Windows\System\yvhMSzD.exe
  2⤵
  PID:3960
- C:\Windows\System\oiplRzr.exe
  C:\Windows\System\oiplRzr.exe
  2⤵
  PID:4016
- C:\Windows\System\kfMUptn.exe
  C:\Windows\System\kfMUptn.exe
  2⤵
  PID:3228
- C:\Windows\System\YNmSIRM.exe
  C:\Windows\System\YNmSIRM.exe
  2⤵
  PID:2716
- C:\Windows\System\efSXLRP.exe
  C:\Windows\System\efSXLRP.exe
  2⤵
  PID:3332
- C:\Windows\System\TDTqEnj.exe
  C:\Windows\System\TDTqEnj.exe
  2⤵
  PID:3484
- C:\Windows\System\rsKWxja.exe
  C:\Windows\System\rsKWxja.exe
  2⤵
  PID:3632
- C:\Windows\System\jGKvRhM.exe
  C:\Windows\System\jGKvRhM.exe
  2⤵
  PID:3444
- C:\Windows\System\JwFmaJE.exe
  C:\Windows\System\JwFmaJE.exe
  2⤵
  PID:3948
- C:\Windows\System\BKrdDpo.exe
  C:\Windows\System\BKrdDpo.exe
  2⤵
  PID:4076
- C:\Windows\System\UJcjvpL.exe
  C:\Windows\System\UJcjvpL.exe
  2⤵
  PID:3420
- C:\Windows\System\ghGbCsG.exe
  C:\Windows\System\ghGbCsG.exe
  2⤵
  PID:3416
- C:\Windows\System\riLrbyr.exe
  C:\Windows\System\riLrbyr.exe
  2⤵
  PID:3680
- C:\Windows\System\GHxpBqX.exe
  C:\Windows\System\GHxpBqX.exe
  2⤵
  PID:3848
- C:\Windows\System\qVxppbO.exe
  C:\Windows\System\qVxppbO.exe
  2⤵
  PID:3364
- C:\Windows\System\GGWBFZP.exe
  C:\Windows\System\GGWBFZP.exe
  2⤵
  PID:3204
- C:\Windows\System\EPmMNXV.exe
  C:\Windows\System\EPmMNXV.exe
  2⤵
  PID:3468
- C:\Windows\System\KxBCBLx.exe
  C:\Windows\System\KxBCBLx.exe
  2⤵
  PID:4108
- C:\Windows\System\iTeVOCc.exe
  C:\Windows\System\iTeVOCc.exe
  2⤵
  PID:4132
- C:\Windows\System\AEXyRlo.exe
  C:\Windows\System\AEXyRlo.exe
  2⤵
  PID:4152
- C:\Windows\System\BIvkyiL.exe
  C:\Windows\System\BIvkyiL.exe
  2⤵
  PID:4168
- C:\Windows\System\aMyrjXp.exe
  C:\Windows\System\aMyrjXp.exe
  2⤵
  PID:4192
- C:\Windows\System\DXBTXnO.exe
  C:\Windows\System\DXBTXnO.exe
  2⤵
  PID:4212
- C:\Windows\System\RJbuaYo.exe
  C:\Windows\System\RJbuaYo.exe
  2⤵
  PID:4240
- C:\Windows\System\oZnVMAR.exe
  C:\Windows\System\oZnVMAR.exe
  2⤵
  PID:4260
- C:\Windows\System\OohcknF.exe
  C:\Windows\System\OohcknF.exe
  2⤵
  PID:4380
- C:\Windows\System\BXyDVCe.exe
  C:\Windows\System\BXyDVCe.exe
  2⤵
  PID:4396
- C:\Windows\System\DWnxfjC.exe
  C:\Windows\System\DWnxfjC.exe
  2⤵
  PID:4416
- C:\Windows\System\KlGgAqK.exe
  C:\Windows\System\KlGgAqK.exe
  2⤵
  PID:4436
- C:\Windows\System\WJvmQAC.exe
  C:\Windows\System\WJvmQAC.exe
  2⤵
  PID:4456
- C:\Windows\System\jDjtPNY.exe
  C:\Windows\System\jDjtPNY.exe
  2⤵
  PID:4472
- C:\Windows\System\VZRygKX.exe
  C:\Windows\System\VZRygKX.exe
  2⤵
  PID:4492
- C:\Windows\System\UrFcHrz.exe
  C:\Windows\System\UrFcHrz.exe
  2⤵
  PID:4520
- C:\Windows\System\XNaFQAp.exe
  C:\Windows\System\XNaFQAp.exe
  2⤵
  PID:4536
- C:\Windows\System\RiSlIdN.exe
  C:\Windows\System\RiSlIdN.exe
  2⤵
  PID:4560
- C:\Windows\System\WXnTzHD.exe
  C:\Windows\System\WXnTzHD.exe
  2⤵
  PID:4580
- C:\Windows\System\GDfUlcS.exe
  C:\Windows\System\GDfUlcS.exe
  2⤵
  PID:4600
- C:\Windows\System\yshwlLS.exe
  C:\Windows\System\yshwlLS.exe
  2⤵
  PID:4616
- C:\Windows\System\cQgQGjm.exe
  C:\Windows\System\cQgQGjm.exe
  2⤵
  PID:4636
- C:\Windows\System\AsykMci.exe
  C:\Windows\System\AsykMci.exe
  2⤵
  PID:4656
- C:\Windows\System\hVkyWnI.exe
  C:\Windows\System\hVkyWnI.exe
  2⤵
  PID:4676
- C:\Windows\System\XDvwiuK.exe
  C:\Windows\System\XDvwiuK.exe
  2⤵
  PID:4692
- C:\Windows\System\xbKsljA.exe
  C:\Windows\System\xbKsljA.exe
  2⤵
  PID:4716
- C:\Windows\System\GLncCKE.exe
  C:\Windows\System\GLncCKE.exe
  2⤵
  PID:4732
- C:\Windows\System\KOWRJzn.exe
  C:\Windows\System\KOWRJzn.exe
  2⤵
  PID:4756
- C:\Windows\System\YeABmrI.exe
  C:\Windows\System\YeABmrI.exe
  2⤵
  PID:4772
- C:\Windows\System\tCmCwJi.exe
  C:\Windows\System\tCmCwJi.exe
  2⤵
  PID:4796
- C:\Windows\System\QxDkXnG.exe
  C:\Windows\System\QxDkXnG.exe
  2⤵
  PID:4820
- C:\Windows\System\TbPwkOk.exe
  C:\Windows\System\TbPwkOk.exe
  2⤵
  PID:4840
- C:\Windows\System\XPBPRbg.exe
  C:\Windows\System\XPBPRbg.exe
  2⤵
  PID:4860
- C:\Windows\System\WqRpFtB.exe
  C:\Windows\System\WqRpFtB.exe
  2⤵
  PID:4876
- C:\Windows\System\QvrNnrw.exe
  C:\Windows\System\QvrNnrw.exe
  2⤵
  PID:4892
- C:\Windows\System\EeJvAOo.exe
  C:\Windows\System\EeJvAOo.exe
  2⤵
  PID:4920
- C:\Windows\System\SZRiZdL.exe
  C:\Windows\System\SZRiZdL.exe
  2⤵
  PID:4944
- C:\Windows\System\DDGDgrw.exe
  C:\Windows\System\DDGDgrw.exe
  2⤵
  PID:4960
- C:\Windows\System\jRSpfio.exe
  C:\Windows\System\jRSpfio.exe
  2⤵
  PID:4980
- C:\Windows\System\iRHAOKs.exe
  C:\Windows\System\iRHAOKs.exe
  2⤵
  PID:4996
- C:\Windows\System\qaJIClQ.exe
  C:\Windows\System\qaJIClQ.exe
  2⤵
  PID:5016
- C:\Windows\System\lfgixcp.exe
  C:\Windows\System\lfgixcp.exe
  2⤵
  PID:5036
- C:\Windows\System\WXxRgOd.exe
  C:\Windows\System\WXxRgOd.exe
  2⤵
  PID:5056
- C:\Windows\System\LYUhcBQ.exe
  C:\Windows\System\LYUhcBQ.exe
  2⤵
  PID:5072
- C:\Windows\System\YsxTIAo.exe
  C:\Windows\System\YsxTIAo.exe
  2⤵
  PID:5100
- C:\Windows\System\LoRHfKr.exe
  C:\Windows\System\LoRHfKr.exe
  2⤵
  PID:3584
- C:\Windows\System\yCrzBmA.exe
  C:\Windows\System\yCrzBmA.exe
  2⤵
  PID:3964
- C:\Windows\System\VLTadiC.exe
  C:\Windows\System\VLTadiC.exe
  2⤵
  PID:4204
- C:\Windows\System\fwtRcrj.exe
  C:\Windows\System\fwtRcrj.exe
  2⤵
  PID:4148
- C:\Windows\System\nvMfhSH.exe
  C:\Windows\System\nvMfhSH.exe
  2⤵
  PID:4220
- C:\Windows\System\guQzXUt.exe
  C:\Windows\System\guQzXUt.exe
  2⤵
  PID:4248
- C:\Windows\System\GcCFvDL.exe
  C:\Windows\System\GcCFvDL.exe
  2⤵
  PID:4268
- C:\Windows\System\gmvcqxp.exe
  C:\Windows\System\gmvcqxp.exe
  2⤵
  PID:4276
- C:\Windows\System\EvwYWpI.exe
  C:\Windows\System\EvwYWpI.exe
  2⤵
  PID:4304
- C:\Windows\System\vOocavT.exe
  C:\Windows\System\vOocavT.exe
  2⤵
  PID:4320
- C:\Windows\System\VsOcXYk.exe
  C:\Windows\System\VsOcXYk.exe
  2⤵
  PID:4340
- C:\Windows\System\uQUNrUI.exe
  C:\Windows\System\uQUNrUI.exe
  2⤵
  PID:4356
- C:\Windows\System\KvPSWZo.exe
  C:\Windows\System\KvPSWZo.exe
  2⤵
  PID:4368
- C:\Windows\System\yqlfkCG.exe
  C:\Windows\System\yqlfkCG.exe
  2⤵
  PID:4388
- C:\Windows\System\ZBIRFuf.exe
  C:\Windows\System\ZBIRFuf.exe
  2⤵
  PID:4428
- C:\Windows\System\zOCUvTJ.exe
  C:\Windows\System\zOCUvTJ.exe
  2⤵
  PID:4404
- C:\Windows\System\FqwkJcP.exe
  C:\Windows\System\FqwkJcP.exe
  2⤵
  PID:4448
- C:\Windows\System\nrJVLoR.exe
  C:\Windows\System\nrJVLoR.exe
  2⤵
  PID:4484
- C:\Windows\System\kpledNc.exe
  C:\Windows\System\kpledNc.exe
  2⤵
  PID:4516
- C:\Windows\System\ijGfpKS.exe
  C:\Windows\System\ijGfpKS.exe
  2⤵
  PID:4548
- C:\Windows\System\MlRUOPA.exe
  C:\Windows\System\MlRUOPA.exe
  2⤵
  PID:4576
- C:\Windows\System\uokJLRo.exe
  C:\Windows\System\uokJLRo.exe
  2⤵
  PID:4596
- C:\Windows\System\hUKEzdD.exe
  C:\Windows\System\hUKEzdD.exe
  2⤵
  PID:4644
- C:\Windows\System\ApesGdf.exe
  C:\Windows\System\ApesGdf.exe
  2⤵
  PID:4664
- C:\Windows\System\VgAeGne.exe
  C:\Windows\System\VgAeGne.exe
  2⤵
  PID:4700
- C:\Windows\System\ewhKIlI.exe
  C:\Windows\System\ewhKIlI.exe
  2⤵
  PID:4684
- C:\Windows\System\yoNEnza.exe
  C:\Windows\System\yoNEnza.exe
  2⤵
  PID:4748
- C:\Windows\System\hjswvST.exe
  C:\Windows\System\hjswvST.exe
  2⤵
  PID:4788
- C:\Windows\System\ePvCHoF.exe
  C:\Windows\System\ePvCHoF.exe
  2⤵
  PID:4764
- C:\Windows\System\DanBHZI.exe
  C:\Windows\System\DanBHZI.exe
  2⤵
  PID:4836
- C:\Windows\System\OkEUzwn.exe
  C:\Windows\System\OkEUzwn.exe
  2⤵
  PID:4868
- C:\Windows\System\yaNaged.exe
  C:\Windows\System\yaNaged.exe
  2⤵
  PID:4856
- C:\Windows\System\HFawMhG.exe
  C:\Windows\System\HFawMhG.exe
  2⤵
  PID:4376
- C:\Windows\System\GJsvfSB.exe
  C:\Windows\System\GJsvfSB.exe
  2⤵
  PID:4936
- C:\Windows\System\CkJzrzt.exe
  C:\Windows\System\CkJzrzt.exe
  2⤵
  PID:4956
- C:\Windows\System\PVJTAvB.exe
  C:\Windows\System\PVJTAvB.exe
  2⤵
  PID:4968
- C:\Windows\System\VzyLuQh.exe
  C:\Windows\System\VzyLuQh.exe
  2⤵
  PID:5004
- C:\Windows\System\dpIFfPn.exe
  C:\Windows\System\dpIFfPn.exe
  2⤵
  PID:5044
- C:\Windows\System\VfzKozM.exe
  C:\Windows\System\VfzKozM.exe
  2⤵
  PID:5096
- C:\Windows\System\HojyDDD.exe
  C:\Windows\System\HojyDDD.exe
  2⤵
  PID:5112
- C:\Windows\System\jJyBluJ.exe
  C:\Windows\System\jJyBluJ.exe
  2⤵
  PID:4200
- C:\Windows\System\FNzEGdG.exe
  C:\Windows\System\FNzEGdG.exe
  2⤵
  PID:4176
- C:\Windows\System\jUlDtod.exe
  C:\Windows\System\jUlDtod.exe
  2⤵
  PID:4288
- C:\Windows\System\CwNQKGf.exe
  C:\Windows\System\CwNQKGf.exe
  2⤵
  PID:4296
- C:\Windows\System\etKYAvL.exe
  C:\Windows\System\etKYAvL.exe
  2⤵
  PID:4360
- C:\Windows\System\WDtziki.exe
  C:\Windows\System\WDtziki.exe
  2⤵
  PID:4424
- C:\Windows\System\xjetxBE.exe
  C:\Windows\System\xjetxBE.exe
  2⤵
  PID:3868
- C:\Windows\System\TDJwPzz.exe
  C:\Windows\System\TDJwPzz.exe
  2⤵
  PID:4468
- C:\Windows\System\cAfbZfu.exe
  C:\Windows\System\cAfbZfu.exe
  2⤵
  PID:4528
- C:\Windows\System\sZXssqi.exe
  C:\Windows\System\sZXssqi.exe
  2⤵
  PID:4628
- C:\Windows\System\HJbbRdb.exe
  C:\Windows\System\HJbbRdb.exe
  2⤵
  PID:4652
- C:\Windows\System\EHFDMcu.exe
  C:\Windows\System\EHFDMcu.exe
  2⤵
  PID:4712
- C:\Windows\System\xsPaShk.exe
  C:\Windows\System\xsPaShk.exe
  2⤵
  PID:4792
- C:\Windows\System\egBFWNP.exe
  C:\Windows\System\egBFWNP.exe
  2⤵
  PID:4812
- C:\Windows\System\fFhGYmL.exe
  C:\Windows\System\fFhGYmL.exe
  2⤵
  PID:4832
- C:\Windows\System\gLvbFZJ.exe
  C:\Windows\System\gLvbFZJ.exe
  2⤵
  PID:4952
- C:\Windows\System\oXCMyLF.exe
  C:\Windows\System\oXCMyLF.exe
  2⤵
  PID:4884
- C:\Windows\System\uGozjxc.exe
  C:\Windows\System\uGozjxc.exe
  2⤵
  PID:5052
- C:\Windows\System\JeJVsZH.exe
  C:\Windows\System\JeJVsZH.exe
  2⤵
  PID:4816
- C:\Windows\System\scRQVYw.exe
  C:\Windows\System\scRQVYw.exe
  2⤵
  PID:4184
- C:\Windows\System\wSqVrbW.exe
  C:\Windows\System\wSqVrbW.exe
  2⤵
  PID:4236
- C:\Windows\System\QVZFXQs.exe
  C:\Windows\System\QVZFXQs.exe
  2⤵
  PID:4272
- C:\Windows\System\vxJKdKl.exe
  C:\Windows\System\vxJKdKl.exe
  2⤵
  PID:4464
- C:\Windows\System\esrznyN.exe
  C:\Windows\System\esrznyN.exe
  2⤵
  PID:4508
- C:\Windows\System\fHmTuEQ.exe
  C:\Windows\System\fHmTuEQ.exe
  2⤵
  PID:4704
- C:\Windows\System\KqngkCF.exe
  C:\Windows\System\KqngkCF.exe
  2⤵
  PID:4848
- C:\Windows\System\rNSXaUQ.exe
  C:\Windows\System\rNSXaUQ.exe
  2⤵
  PID:4612
- C:\Windows\System\MJIxaRo.exe
  C:\Windows\System\MJIxaRo.exe
  2⤵
  PID:4852
- C:\Windows\System\ftLrIsP.exe
  C:\Windows\System\ftLrIsP.exe
  2⤵
  PID:5080
- C:\Windows\System\PYTKXil.exe
  C:\Windows\System\PYTKXil.exe
  2⤵
  PID:4160
- C:\Windows\System\zUIHqGs.exe
  C:\Windows\System\zUIHqGs.exe
  2⤵
  PID:4372
- C:\Windows\System\ZHLXZvV.exe
  C:\Windows\System\ZHLXZvV.exe
  2⤵
  PID:4452
- C:\Windows\System\EnnQoTF.exe
  C:\Windows\System\EnnQoTF.exe
  2⤵
  PID:4976
- C:\Windows\System\VNMmKuf.exe
  C:\Windows\System\VNMmKuf.exe
  2⤵
  PID:4300
- C:\Windows\System\BWwsJRD.exe
  C:\Windows\System\BWwsJRD.exe
  2⤵
  PID:5108
- C:\Windows\System\gIDGKBA.exe
  C:\Windows\System\gIDGKBA.exe
  2⤵
  PID:4828
- C:\Windows\System\tpMGxRh.exe
  C:\Windows\System\tpMGxRh.exe
  2⤵
  PID:5128
- C:\Windows\System\IMUJoDQ.exe
  C:\Windows\System\IMUJoDQ.exe
  2⤵
  PID:5144
- C:\Windows\System\VowumuI.exe
  C:\Windows\System\VowumuI.exe
  2⤵
  PID:5160
- C:\Windows\System\VmACbEt.exe
  C:\Windows\System\VmACbEt.exe
  2⤵
  PID:5176
- C:\Windows\System\FMvSvIT.exe
  C:\Windows\System\FMvSvIT.exe
  2⤵
  PID:5192
- C:\Windows\System\RnmRcHc.exe
  C:\Windows\System\RnmRcHc.exe
  2⤵
  PID:5208
- C:\Windows\System\TXjeQPH.exe
  C:\Windows\System\TXjeQPH.exe
  2⤵
  PID:5224
- C:\Windows\System\NHRRdKY.exe
  C:\Windows\System\NHRRdKY.exe
  2⤵
  PID:5240
- C:\Windows\System\wNLUFNr.exe
  C:\Windows\System\wNLUFNr.exe
  2⤵
  PID:5256
- C:\Windows\System\UOdRbBn.exe
  C:\Windows\System\UOdRbBn.exe
  2⤵
  PID:5272
- C:\Windows\System\TrUPbeQ.exe
  C:\Windows\System\TrUPbeQ.exe
  2⤵
  PID:5288
- C:\Windows\System\efefvyQ.exe
  C:\Windows\System\efefvyQ.exe
  2⤵
  PID:5308
- C:\Windows\System\TqQynOM.exe
  C:\Windows\System\TqQynOM.exe
  2⤵
  PID:5324
- C:\Windows\System\prLaOat.exe
  C:\Windows\System\prLaOat.exe
  2⤵
  PID:5340
- C:\Windows\System\UMPckVe.exe
  C:\Windows\System\UMPckVe.exe
  2⤵
  PID:5356
- C:\Windows\System\aYpjmCN.exe
  C:\Windows\System\aYpjmCN.exe
  2⤵
  PID:5372
- C:\Windows\System\MdGRYct.exe
  C:\Windows\System\MdGRYct.exe
  2⤵
  PID:5388
- C:\Windows\System\bSvAFXg.exe
  C:\Windows\System\bSvAFXg.exe
  2⤵
  PID:5404
- C:\Windows\System\qucEDjF.exe
  C:\Windows\System\qucEDjF.exe
  2⤵
  PID:5420
- C:\Windows\System\pwMBOjE.exe
  C:\Windows\System\pwMBOjE.exe
  2⤵
  PID:5436
- C:\Windows\System\wtuRfZi.exe
  C:\Windows\System\wtuRfZi.exe
  2⤵
  PID:5452
- C:\Windows\System\JswINHg.exe
  C:\Windows\System\JswINHg.exe
  2⤵
  PID:5468
- C:\Windows\System\gmGhRnu.exe
  C:\Windows\System\gmGhRnu.exe
  2⤵
  PID:5484
- C:\Windows\System\RPbsQkG.exe
  C:\Windows\System\RPbsQkG.exe
  2⤵
  PID:5500
- C:\Windows\System\efYEHVa.exe
  C:\Windows\System\efYEHVa.exe
  2⤵
  PID:5516
- C:\Windows\System\MIdlUzH.exe
  C:\Windows\System\MIdlUzH.exe
  2⤵
  PID:5532
- C:\Windows\System\JvvpriQ.exe
  C:\Windows\System\JvvpriQ.exe
  2⤵
  PID:5548
- C:\Windows\System\AZdOTOT.exe
  C:\Windows\System\AZdOTOT.exe
  2⤵
  PID:5568
- C:\Windows\System\ZstwyTj.exe
  C:\Windows\System\ZstwyTj.exe
  2⤵
  PID:5584
- C:\Windows\System\LevsEPW.exe
  C:\Windows\System\LevsEPW.exe
  2⤵
  PID:5600
- C:\Windows\System\sxjuvJZ.exe
  C:\Windows\System\sxjuvJZ.exe
  2⤵
  PID:5616
- C:\Windows\System\fAeZFPq.exe
  C:\Windows\System\fAeZFPq.exe
  2⤵
  PID:5632
- C:\Windows\System\AKJQeIu.exe
  C:\Windows\System\AKJQeIu.exe
  2⤵
  PID:5648
- C:\Windows\System\xMdUFYd.exe
  C:\Windows\System\xMdUFYd.exe
  2⤵
  PID:5664
- C:\Windows\System\drhRYlR.exe
  C:\Windows\System\drhRYlR.exe
  2⤵
  PID:5680
- C:\Windows\System\mSXpVTF.exe
  C:\Windows\System\mSXpVTF.exe
  2⤵
  PID:5696
- C:\Windows\System\jndJnJh.exe
  C:\Windows\System\jndJnJh.exe
  2⤵
  PID:5712
- C:\Windows\System\pRKQGir.exe
  C:\Windows\System\pRKQGir.exe
  2⤵
  PID:5728
- C:\Windows\System\WAIktEc.exe
  C:\Windows\System\WAIktEc.exe
  2⤵
  PID:5744
- C:\Windows\System\TBzztbB.exe
  C:\Windows\System\TBzztbB.exe
  2⤵
  PID:5760
- C:\Windows\System\SmkYzdo.exe
  C:\Windows\System\SmkYzdo.exe
  2⤵
  PID:5776
- C:\Windows\System\MeBeHuV.exe
  C:\Windows\System\MeBeHuV.exe
  2⤵
  PID:5792
- C:\Windows\System\AEkWMvr.exe
  C:\Windows\System\AEkWMvr.exe
  2⤵
  PID:5808
- C:\Windows\System\SpGfzUC.exe
  C:\Windows\System\SpGfzUC.exe
  2⤵
  PID:5824
- C:\Windows\System\oPCgVdY.exe
  C:\Windows\System\oPCgVdY.exe
  2⤵
  PID:5840
- C:\Windows\System\RGpxfNu.exe
  C:\Windows\System\RGpxfNu.exe
  2⤵
  PID:5856
- C:\Windows\System\xVsRUDl.exe
  C:\Windows\System\xVsRUDl.exe
  2⤵
  PID:5872
- C:\Windows\System\fBgvLAZ.exe
  C:\Windows\System\fBgvLAZ.exe
  2⤵
  PID:5888
- C:\Windows\System\pQWEArI.exe
  C:\Windows\System\pQWEArI.exe
  2⤵
  PID:5904
- C:\Windows\System\OUGaICp.exe
  C:\Windows\System\OUGaICp.exe
  2⤵
  PID:5920
- C:\Windows\System\ktQACXM.exe
  C:\Windows\System\ktQACXM.exe
  2⤵
  PID:5936
- C:\Windows\System\LQvIwaV.exe
  C:\Windows\System\LQvIwaV.exe
  2⤵
  PID:5952
- C:\Windows\System\ETYVdRw.exe
  C:\Windows\System\ETYVdRw.exe
  2⤵
  PID:5968
- C:\Windows\System\kkNZacq.exe
  C:\Windows\System\kkNZacq.exe
  2⤵
  PID:5984
- C:\Windows\System\dbBdRcY.exe
  C:\Windows\System\dbBdRcY.exe
  2⤵
  PID:6000
- C:\Windows\System\KpJZvfJ.exe
  C:\Windows\System\KpJZvfJ.exe
  2⤵
  PID:6016
- C:\Windows\System\Rfgfzbh.exe
  C:\Windows\System\Rfgfzbh.exe
  2⤵
  PID:6032
- C:\Windows\System\FMKDhng.exe
  C:\Windows\System\FMKDhng.exe
  2⤵
  PID:6048
- C:\Windows\System\qjoutfe.exe
  C:\Windows\System\qjoutfe.exe
  2⤵
  PID:5992
- C:\Windows\System\CETFmgs.exe
  C:\Windows\System\CETFmgs.exe
  2⤵
  PID:6008
- C:\Windows\System\YIuOkVU.exe
  C:\Windows\System\YIuOkVU.exe
  2⤵
  PID:6044
- C:\Windows\System\ATbQpWT.exe
  C:\Windows\System\ATbQpWT.exe
  2⤵
  PID:6072
- C:\Windows\System\MxeWZRA.exe
  C:\Windows\System\MxeWZRA.exe
  2⤵
  PID:6088
- C:\Windows\System\YAqeKSV.exe
  C:\Windows\System\YAqeKSV.exe
  2⤵
  PID:6104
- C:\Windows\System\fuEevaT.exe
  C:\Windows\System\fuEevaT.exe
  2⤵
  PID:6124
- C:\Windows\System\CXYNZnx.exe
  C:\Windows\System\CXYNZnx.exe
  2⤵
  PID:4588
- C:\Windows\System\SdqsDky.exe
  C:\Windows\System\SdqsDky.exe
  2⤵
  PID:5168
- C:\Windows\System\NHjKprF.exe
  C:\Windows\System\NHjKprF.exe
  2⤵
  PID:5188
- C:\Windows\System\gUguyqZ.exe
  C:\Windows\System\gUguyqZ.exe
  2⤵
  PID:5232
- C:\Windows\System\KHmxZAL.exe
  C:\Windows\System\KHmxZAL.exe
  2⤵
  PID:5284
- C:\Windows\System\OzPwATL.exe
  C:\Windows\System\OzPwATL.exe
  2⤵
  PID:5304
- C:\Windows\System\kLXLEjj.exe
  C:\Windows\System\kLXLEjj.exe
  2⤵
  PID:5352
- C:\Windows\System\GYbMERI.exe
  C:\Windows\System\GYbMERI.exe
  2⤵
  PID:5560
- C:\Windows\System\egKMtYg.exe
  C:\Windows\System\egKMtYg.exe
  2⤵
  PID:5432
- C:\Windows\System\qdsfmLu.exe
  C:\Windows\System\qdsfmLu.exe
  2⤵
  PID:5508
- C:\Windows\System\ICXoVfs.exe
  C:\Windows\System\ICXoVfs.exe
  2⤵
  PID:5492
- C:\Windows\System\NisJdId.exe
  C:\Windows\System\NisJdId.exe
  2⤵
  PID:5580
- C:\Windows\System\exiGsdv.exe
  C:\Windows\System\exiGsdv.exe
  2⤵
  PID:5592
- C:\Windows\System\pBXXmCV.exe
  C:\Windows\System\pBXXmCV.exe
  2⤵
  PID:5628
- C:\Windows\System\gQFrczo.exe
  C:\Windows\System\gQFrczo.exe
  2⤵
  PID:5624
- C:\Windows\System\zXkwepR.exe
  C:\Windows\System\zXkwepR.exe
  2⤵
  PID:5692
- C:\Windows\System\KoUkYgv.exe
  C:\Windows\System\KoUkYgv.exe
  2⤵
  PID:5740
- C:\Windows\System\twHgFbw.exe
  C:\Windows\System\twHgFbw.exe
  2⤵
  PID:5772
- C:\Windows\System\HcMJmXR.exe
  C:\Windows\System\HcMJmXR.exe
  2⤵
  PID:5804
- C:\Windows\System\XmOcsvl.exe
  C:\Windows\System\XmOcsvl.exe
  2⤵
  PID:5816
- C:\Windows\System\OqMqvdD.exe
  C:\Windows\System\OqMqvdD.exe
  2⤵
  PID:5868
- C:\Windows\System\KtUwglR.exe
  C:\Windows\System\KtUwglR.exe
  2⤵
  PID:5964
- C:\Windows\System\gBPWbls.exe
  C:\Windows\System\gBPWbls.exe
  2⤵
  PID:6084
- C:\Windows\System\BWlWQub.exe
  C:\Windows\System\BWlWQub.exe
  2⤵
  PID:6096
- C:\Windows\System\jgfkLlM.exe
  C:\Windows\System\jgfkLlM.exe
  2⤵
  PID:6132
- C:\Windows\System\bCNbCHc.exe
  C:\Windows\System\bCNbCHc.exe
  2⤵
  PID:4568
- C:\Windows\System\wIUxZEB.exe
  C:\Windows\System\wIUxZEB.exe
  2⤵
  PID:6112
- C:\Windows\System\afJqtoj.exe
  C:\Windows\System\afJqtoj.exe
  2⤵
  PID:5204
- C:\Windows\System\PdFkyGv.exe
  C:\Windows\System\PdFkyGv.exe
  2⤵
  PID:5976
- C:\Windows\System\FGRHBJL.exe
  C:\Windows\System\FGRHBJL.exe
  2⤵
  PID:5380
- C:\Windows\System\arGSgpp.exe
  C:\Windows\System\arGSgpp.exe
  2⤵
  PID:5384
- C:\Windows\System\AjGIgGL.exe
  C:\Windows\System\AjGIgGL.exe
  2⤵
  PID:5476
- C:\Windows\System\xClUZEE.exe
  C:\Windows\System\xClUZEE.exe
  2⤵
  PID:5496
- C:\Windows\System\vujtTNb.exe
  C:\Windows\System\vujtTNb.exe
  2⤵
  PID:4224
- C:\Windows\System\NVWsJmt.exe
  C:\Windows\System\NVWsJmt.exe
  2⤵
  PID:5756
- C:\Windows\System\yzLCLdD.exe
  C:\Windows\System\yzLCLdD.exe
  2⤵
  PID:5820
- C:\Windows\System\wUPQikd.exe
  C:\Windows\System\wUPQikd.exe
  2⤵
  PID:5784
- C:\Windows\System\AUycRvo.exe
  C:\Windows\System\AUycRvo.exe
  2⤵
  PID:5948
- C:\Windows\System\YiMXLaT.exe
  C:\Windows\System\YiMXLaT.exe
  2⤵
  PID:5912
- C:\Windows\System\dnTWobZ.exe
  C:\Windows\System\dnTWobZ.exe
  2⤵
  PID:6056
- C:\Windows\System\NVZWhaG.exe
  C:\Windows\System\NVZWhaG.exe
  2⤵
  PID:5996
- C:\Windows\System\uheGbxP.exe
  C:\Windows\System\uheGbxP.exe
  2⤵
  PID:5124
- C:\Windows\System\fgNmuGB.exe
  C:\Windows\System\fgNmuGB.exe
  2⤵
  PID:5184
- C:\Windows\System\zpruCmn.exe
  C:\Windows\System\zpruCmn.exe
  2⤵
  PID:5300
- C:\Windows\System\bmgbiGY.exe
  C:\Windows\System\bmgbiGY.exe
  2⤵
  PID:5416
- C:\Windows\System\MsvzZjN.exe
  C:\Windows\System\MsvzZjN.exe
  2⤵
  PID:5428
- C:\Windows\System\INRzVtm.exe
  C:\Windows\System\INRzVtm.exe
  2⤵
  PID:5576
- C:\Windows\System\Xtmjtpr.exe
  C:\Windows\System\Xtmjtpr.exe
  2⤵
  PID:5752
- C:\Windows\System\fcvCiiK.exe
  C:\Windows\System\fcvCiiK.exe
  2⤵
  PID:5880
- C:\Windows\System\cHfGLRS.exe
  C:\Windows\System\cHfGLRS.exe
  2⤵
  PID:5900
- C:\Windows\System\bGHoHGL.exe
  C:\Windows\System\bGHoHGL.exe
  2⤵
  PID:6060
- C:\Windows\System\TsbyLlm.exe
  C:\Windows\System\TsbyLlm.exe
  2⤵
  PID:5248
- C:\Windows\System\PmqWzaE.exe
  C:\Windows\System\PmqWzaE.exe
  2⤵
  PID:5296
- C:\Windows\System\PGBudAu.exe
  C:\Windows\System\PGBudAu.exe
  2⤵
  PID:5720
- C:\Windows\System\yUhtsbj.exe
  C:\Windows\System\yUhtsbj.exe
  2⤵
  PID:5368
- C:\Windows\System\pcNDSvi.exe
  C:\Windows\System\pcNDSvi.exe
  2⤵
  PID:6064
- C:\Windows\System\QEWelfV.exe
  C:\Windows\System\QEWelfV.exe
  2⤵
  PID:5528
- C:\Windows\System\rCkhXIk.exe
  C:\Windows\System\rCkhXIk.exe
  2⤵
  PID:5156
- C:\Windows\System\yHtsIES.exe
  C:\Windows\System\yHtsIES.exe
  2⤵
  PID:5464
- C:\Windows\System\LaqXJhK.exe
  C:\Windows\System\LaqXJhK.exe
  2⤵
  PID:5704
- C:\Windows\System\RAFSBIk.exe
  C:\Windows\System\RAFSBIk.exe
  2⤵
  PID:5264
- C:\Windows\System\rNUXzVA.exe
  C:\Windows\System\rNUXzVA.exe
  2⤵
  PID:5140
- C:\Windows\System\VrjvlRy.exe
  C:\Windows\System\VrjvlRy.exe
  2⤵
  PID:4780
- C:\Windows\System\WOjbtlS.exe
  C:\Windows\System\WOjbtlS.exe
  2⤵
  PID:6168
- C:\Windows\System\LbwDgad.exe
  C:\Windows\System\LbwDgad.exe
  2⤵
  PID:6192
- C:\Windows\System\cazqrTU.exe
  C:\Windows\System\cazqrTU.exe
  2⤵
  PID:6208
- C:\Windows\System\qlqVguW.exe
  C:\Windows\System\qlqVguW.exe
  2⤵
  PID:6228
- C:\Windows\System\eMAjvgO.exe
  C:\Windows\System\eMAjvgO.exe
  2⤵
  PID:6252
- C:\Windows\System\vxQNCSn.exe
  C:\Windows\System\vxQNCSn.exe
  2⤵
  PID:6268
- C:\Windows\System\pEvwdDD.exe
  C:\Windows\System\pEvwdDD.exe
  2⤵
  PID:6284
- C:\Windows\System\WqLFgJK.exe
  C:\Windows\System\WqLFgJK.exe
  2⤵
  PID:6304
- C:\Windows\System\pvKEXhJ.exe
  C:\Windows\System\pvKEXhJ.exe
  2⤵
  PID:6324
- C:\Windows\System\nAgxMaY.exe
  C:\Windows\System\nAgxMaY.exe
  2⤵
  PID:6340
- C:\Windows\System\nyjDqON.exe
  C:\Windows\System\nyjDqON.exe
  2⤵
  PID:6360
- C:\Windows\System\ZakLZjT.exe
  C:\Windows\System\ZakLZjT.exe
  2⤵
  PID:6376
- C:\Windows\System\Sqaapdh.exe
  C:\Windows\System\Sqaapdh.exe
  2⤵
  PID:6396
- C:\Windows\System\YWJuRFp.exe
  C:\Windows\System\YWJuRFp.exe
  2⤵
  PID:6416
- C:\Windows\System\KHGYGaj.exe
  C:\Windows\System\KHGYGaj.exe
  2⤵
  PID:6436
- C:\Windows\System\cQUzaMo.exe
  C:\Windows\System\cQUzaMo.exe
  2⤵
  PID:6452
- C:\Windows\System\pnIXCby.exe
  C:\Windows\System\pnIXCby.exe
  2⤵
  PID:6472
- C:\Windows\System\VWiDWwV.exe
  C:\Windows\System\VWiDWwV.exe
  2⤵
  PID:6492
- C:\Windows\System\NIUosMz.exe
  C:\Windows\System\NIUosMz.exe
  2⤵
  PID:6532
- C:\Windows\System\qMsonrQ.exe
  C:\Windows\System\qMsonrQ.exe
  2⤵
  PID:6552
- C:\Windows\System\zDDNexq.exe
  C:\Windows\System\zDDNexq.exe
  2⤵
  PID:6572
- C:\Windows\System\kHSvgkn.exe
  C:\Windows\System\kHSvgkn.exe
  2⤵
  PID:6592
- C:\Windows\System\wJuupST.exe
  C:\Windows\System\wJuupST.exe
  2⤵
  PID:6616
- C:\Windows\System\tCGNmzr.exe
  C:\Windows\System\tCGNmzr.exe
  2⤵
  PID:6632
- C:\Windows\System\OQEgVhy.exe
  C:\Windows\System\OQEgVhy.exe
  2⤵
  PID:6656
- C:\Windows\System\tVBUgDJ.exe
  C:\Windows\System\tVBUgDJ.exe
  2⤵
  PID:6672
- C:\Windows\System\zIZasVs.exe
  C:\Windows\System\zIZasVs.exe
  2⤵
  PID:6692
- C:\Windows\System\QXkCYue.exe
  C:\Windows\System\QXkCYue.exe
  2⤵
  PID:6712
- C:\Windows\System\rgZhFAf.exe
  C:\Windows\System\rgZhFAf.exe
  2⤵
  PID:6728
- C:\Windows\System\AwbkXCM.exe
  C:\Windows\System\AwbkXCM.exe
  2⤵
  PID:6748
- C:\Windows\System\mtEqSsV.exe
  C:\Windows\System\mtEqSsV.exe
  2⤵
  PID:6764
- C:\Windows\System\KaoHTMF.exe
  C:\Windows\System\KaoHTMF.exe
  2⤵
  PID:6784
- C:\Windows\System\GieFuto.exe
  C:\Windows\System\GieFuto.exe
  2⤵
  PID:6800
- C:\Windows\System\HYCJSDt.exe
  C:\Windows\System\HYCJSDt.exe
  2⤵
  PID:6820
- C:\Windows\System\WEXpRyJ.exe
  C:\Windows\System\WEXpRyJ.exe
  2⤵
  PID:6852
- C:\Windows\System\LeCNjYA.exe
  C:\Windows\System\LeCNjYA.exe
  2⤵
  PID:6868
- C:\Windows\System\RAPRhET.exe
  C:\Windows\System\RAPRhET.exe
  2⤵
  PID:6884
- C:\Windows\System\kuepfqr.exe
  C:\Windows\System\kuepfqr.exe
  2⤵
  PID:6900
- C:\Windows\System\vSZlMAr.exe
  C:\Windows\System\vSZlMAr.exe
  2⤵
  PID:6920
- C:\Windows\System\WjkTMzD.exe
  C:\Windows\System\WjkTMzD.exe
  2⤵
  PID:6936
- C:\Windows\System\pPuEVWe.exe
  C:\Windows\System\pPuEVWe.exe
  2⤵
  PID:6972
- C:\Windows\System\WtJMhel.exe
  C:\Windows\System\WtJMhel.exe
  2⤵
  PID:6988
- C:\Windows\System\SuCZCxk.exe
  C:\Windows\System\SuCZCxk.exe
  2⤵
  PID:7004
- C:\Windows\System\AVNqPgu.exe
  C:\Windows\System\AVNqPgu.exe
  2⤵
  PID:7020
- C:\Windows\System\ikcydTj.exe
  C:\Windows\System\ikcydTj.exe
  2⤵
  PID:7044
- C:\Windows\System\mUCdRAC.exe
  C:\Windows\System\mUCdRAC.exe
  2⤵
  PID:7068
- C:\Windows\System\utwKAzE.exe
  C:\Windows\System\utwKAzE.exe
  2⤵
  PID:7096
- C:\Windows\System\rVNnLIY.exe
  C:\Windows\System\rVNnLIY.exe
  2⤵
  PID:7112
- C:\Windows\System\XuvyWDS.exe
  C:\Windows\System\XuvyWDS.exe
  2⤵
  PID:7132
- C:\Windows\System\YBVoOiM.exe
  C:\Windows\System\YBVoOiM.exe
  2⤵
  PID:7148
- C:\Windows\System\FhPITJW.exe
  C:\Windows\System\FhPITJW.exe
  2⤵
  PID:5688
- C:\Windows\System\TdfKzlE.exe
  C:\Windows\System\TdfKzlE.exe
  2⤵
  PID:6160
- C:\Windows\System\XPysaoX.exe
  C:\Windows\System\XPysaoX.exe
  2⤵
  PID:6188
- C:\Windows\System\YSdYhSm.exe
  C:\Windows\System\YSdYhSm.exe
  2⤵
  PID:6220
- C:\Windows\System\orGhzPI.exe
  C:\Windows\System\orGhzPI.exe
  2⤵
  PID:6248
- C:\Windows\System\gWDhtAm.exe
  C:\Windows\System\gWDhtAm.exe
  2⤵
  PID:6296
- C:\Windows\System\fkbzsox.exe
  C:\Windows\System\fkbzsox.exe
  2⤵
  PID:6276
- C:\Windows\System\OGzAvid.exe
  C:\Windows\System\OGzAvid.exe
  2⤵
  PID:6316
- C:\Windows\System\lbuLVnT.exe
  C:\Windows\System\lbuLVnT.exe
  2⤵
  PID:6356
- C:\Windows\System\SnnCELD.exe
  C:\Windows\System\SnnCELD.exe
  2⤵
  PID:6428
- C:\Windows\System\aRPloIO.exe
  C:\Windows\System\aRPloIO.exe
  2⤵
  PID:6508
- C:\Windows\System\bJCUAny.exe
  C:\Windows\System\bJCUAny.exe
  2⤵
  PID:6412
- C:\Windows\System\hakZuwq.exe
  C:\Windows\System\hakZuwq.exe
  2⤵
  PID:6372
- C:\Windows\System\xpWQndh.exe
  C:\Windows\System\xpWQndh.exe
  2⤵
  PID:6332
- C:\Windows\System\apczPlh.exe
  C:\Windows\System\apczPlh.exe
  2⤵
  PID:6504
- C:\Windows\System\PdlYYls.exe
  C:\Windows\System\PdlYYls.exe
  2⤵
  PID:6544
- C:\Windows\System\NpagwHS.exe
  C:\Windows\System\NpagwHS.exe
  2⤵
  PID:6580
- C:\Windows\System\isOtEfP.exe
  C:\Windows\System\isOtEfP.exe
  2⤵
  PID:6608
- C:\Windows\System\VqKbNNV.exe
  C:\Windows\System\VqKbNNV.exe
  2⤵
  PID:6640
- C:\Windows\System\fydOiNE.exe
  C:\Windows\System\fydOiNE.exe
  2⤵
  PID:6664
- C:\Windows\System\jGEqBmR.exe
  C:\Windows\System\jGEqBmR.exe
  2⤵
  PID:6720
- C:\Windows\System\JczoWgy.exe
  C:\Windows\System\JczoWgy.exe
  2⤵
  PID:6796
- C:\Windows\System\uxbkBvS.exe
  C:\Windows\System\uxbkBvS.exe
  2⤵
  PID:6840
- C:\Windows\System\wJXfRbr.exe
  C:\Windows\System\wJXfRbr.exe
  2⤵
  PID:6700
- C:\Windows\System\GqBuxqE.exe
  C:\Windows\System\GqBuxqE.exe
  2⤵
  PID:6812
- C:\Windows\System\SryVbuY.exe
  C:\Windows\System\SryVbuY.exe
  2⤵
  PID:6876
- C:\Windows\System\jsPhqNn.exe
  C:\Windows\System\jsPhqNn.exe
  2⤵
  PID:6892
- C:\Windows\System\AuOaKpA.exe
  C:\Windows\System\AuOaKpA.exe
  2⤵
  PID:6912
- C:\Windows\System\yPbDIWr.exe
  C:\Windows\System\yPbDIWr.exe
  2⤵
  PID:5320
- C:\Windows\System\tvhLjww.exe
  C:\Windows\System\tvhLjww.exe
  2⤵
  PID:7032
- C:\Windows\System\IHXjPGv.exe
  C:\Windows\System\IHXjPGv.exe
  2⤵
  PID:7012
- C:\Windows\System\zyQgcPJ.exe
  C:\Windows\System\zyQgcPJ.exe
  2⤵
  PID:7056
- C:\Windows\System\vvcIWqv.exe
  C:\Windows\System\vvcIWqv.exe
  2⤵
  PID:7084
- C:\Windows\System\ctRhStS.exe
  C:\Windows\System\ctRhStS.exe
  2⤵
  PID:7124
- C:\Windows\System\ymllWKP.exe
  C:\Windows\System\ymllWKP.exe
  2⤵
  PID:6152
- C:\Windows\System\MHrMxEY.exe
  C:\Windows\System\MHrMxEY.exe
  2⤵
  PID:6176
- C:\Windows\System\huliQHw.exe
  C:\Windows\System\huliQHw.exe
  2⤵
  PID:6464
- C:\Windows\System\sKQLNji.exe
  C:\Windows\System\sKQLNji.exe
  2⤵
  PID:6260
- C:\Windows\System\YGGStZI.exe
  C:\Windows\System\YGGStZI.exe
  2⤵
  PID:6348
- C:\Windows\System\rHwWSkY.exe
  C:\Windows\System\rHwWSkY.exe
  2⤵
  PID:6388
- C:\Windows\System\wlIhSkR.exe
  C:\Windows\System\wlIhSkR.exe
  2⤵
  PID:6468
- C:\Windows\System\MHElJSy.exe
  C:\Windows\System\MHElJSy.exe
  2⤵
  PID:6336
- C:\Windows\System\UySHLGs.exe
  C:\Windows\System\UySHLGs.exe
  2⤵
  PID:6484
- C:\Windows\System\wWOMsHS.exe
  C:\Windows\System\wWOMsHS.exe
  2⤵
  PID:6588
- C:\Windows\System\WEYYAXw.exe
  C:\Windows\System\WEYYAXw.exe
  2⤵
  PID:6740
- C:\Windows\System\wXJUdwV.exe
  C:\Windows\System\wXJUdwV.exe
  2⤵
  PID:6628
- C:\Windows\System\ZxxRTRd.exe
  C:\Windows\System\ZxxRTRd.exe
  2⤵
  PID:6832
- C:\Windows\System\ekLcZgx.exe
  C:\Windows\System\ekLcZgx.exe
  2⤵
  PID:6648
- C:\Windows\System\fViNnxg.exe
  C:\Windows\System\fViNnxg.exe
  2⤵
  PID:6836
- C:\Windows\System\BQeATWO.exe
  C:\Windows\System\BQeATWO.exe
  2⤵
  PID:6780
- C:\Windows\System\HOKKYbe.exe
  C:\Windows\System\HOKKYbe.exe
  2⤵
  PID:6960
- C:\Windows\System\qHRZnOa.exe
  C:\Windows\System\qHRZnOa.exe
  2⤵
  PID:6968
- C:\Windows\System\poUAUIg.exe
  C:\Windows\System\poUAUIg.exe
  2⤵
  PID:7160
- C:\Windows\System\yTffcQz.exe
  C:\Windows\System\yTffcQz.exe
  2⤵
  PID:6996
- C:\Windows\System\SPWGJfs.exe
  C:\Windows\System\SPWGJfs.exe
  2⤵
  PID:7092
- C:\Windows\System\bHmsLcz.exe
  C:\Windows\System\bHmsLcz.exe
  2⤵
  PID:5656
- C:\Windows\System\XqxNxdZ.exe
  C:\Windows\System\XqxNxdZ.exe
  2⤵
  PID:6200
- C:\Windows\System\JHhgZYn.exe
  C:\Windows\System\JHhgZYn.exe
  2⤵
  PID:6240
- C:\Windows\System\toPIdDb.exe
  C:\Windows\System\toPIdDb.exe
  2⤵
  PID:6424
- C:\Windows\System\uaKocsF.exe
  C:\Windows\System\uaKocsF.exe
  2⤵
  PID:6512
- C:\Windows\System\sDUEsWh.exe
  C:\Windows\System\sDUEsWh.exe
  2⤵
  PID:6404
- C:\Windows\System\LLUHUYX.exe
  C:\Windows\System\LLUHUYX.exe
  2⤵
  PID:6704
- C:\Windows\System\hJoBuPy.exe
  C:\Windows\System\hJoBuPy.exe
  2⤵
  PID:6564
- C:\Windows\System\EsossMi.exe
  C:\Windows\System\EsossMi.exe
  2⤵
  PID:6624
- C:\Windows\System\nGfmTam.exe
  C:\Windows\System\nGfmTam.exe
  2⤵
  PID:6952
- C:\Windows\System\fVJmhjr.exe
  C:\Windows\System\fVJmhjr.exe
  2⤵
  PID:7036
- C:\Windows\System\miKlrKy.exe
  C:\Windows\System\miKlrKy.exe
  2⤵
  PID:6948
- C:\Windows\System\HGvduLJ.exe
  C:\Windows\System\HGvduLJ.exe
  2⤵
  PID:6216
- C:\Windows\System\htriuaE.exe
  C:\Windows\System\htriuaE.exe
  2⤵
  PID:6156
- C:\Windows\System\fQsiOqp.exe
  C:\Windows\System\fQsiOqp.exe
  2⤵
  PID:3056
- C:\Windows\System\WzpHefk.exe
  C:\Windows\System\WzpHefk.exe
  2⤵
  PID:2504
- C:\Windows\System\HMUriMz.exe
  C:\Windows\System\HMUriMz.exe
  2⤵
  PID:6480
- C:\Windows\System\JoWqDej.exe
  C:\Windows\System\JoWqDej.exe
  2⤵
  PID:6600
- C:\Windows\System\OUJqGxu.exe
  C:\Windows\System\OUJqGxu.exe
  2⤵
  PID:7076
- C:\Windows\System\RiYOBbR.exe
  C:\Windows\System\RiYOBbR.exe
  2⤵
  PID:7104
- C:\Windows\System\rwlbSix.exe
  C:\Windows\System\rwlbSix.exe
  2⤵
  PID:1596
- C:\Windows\System\MEUWfZT.exe
  C:\Windows\System\MEUWfZT.exe
  2⤵
  PID:2248
- C:\Windows\System\Bashxmr.exe
  C:\Windows\System\Bashxmr.exe
  2⤵
  PID:6652
- C:\Windows\System\YPMjUqh.exe
  C:\Windows\System\YPMjUqh.exe
  2⤵
  PID:7064
- C:\Windows\System\knfKemx.exe
  C:\Windows\System\knfKemx.exe
  2⤵
  PID:7080
- C:\Windows\System\WEIXrEa.exe
  C:\Windows\System\WEIXrEa.exe
  2⤵
  PID:5092
- C:\Windows\System\mMSvaAq.exe
  C:\Windows\System\mMSvaAq.exe
  2⤵
  PID:6300
- C:\Windows\System\PJAmNdE.exe
  C:\Windows\System\PJAmNdE.exe
  2⤵
  PID:2100
- C:\Windows\System\gDVixlR.exe
  C:\Windows\System\gDVixlR.exe
  2⤵
  PID:6828
- C:\Windows\System\VhhfBgB.exe
  C:\Windows\System\VhhfBgB.exe
  2⤵
  PID:7180
- C:\Windows\System\KOAGFQD.exe
  C:\Windows\System\KOAGFQD.exe
  2⤵
  PID:7196
- C:\Windows\System\NJrALKh.exe
  C:\Windows\System\NJrALKh.exe
  2⤵
  PID:7220
- C:\Windows\System\IXnYnvc.exe
  C:\Windows\System\IXnYnvc.exe
  2⤵
  PID:7236
- C:\Windows\System\mSluTXn.exe
  C:\Windows\System\mSluTXn.exe
  2⤵
  PID:7252
- C:\Windows\System\KRJwebH.exe
  C:\Windows\System\KRJwebH.exe
  2⤵
  PID:7280
- C:\Windows\System\MuaaNIr.exe
  C:\Windows\System\MuaaNIr.exe
  2⤵
  PID:7296
- C:\Windows\System\RReajHj.exe
  C:\Windows\System\RReajHj.exe
  2⤵
  PID:7312
- C:\Windows\System\uXsYrMi.exe
  C:\Windows\System\uXsYrMi.exe
  2⤵
  PID:7332
- C:\Windows\System\lFRvEIh.exe
  C:\Windows\System\lFRvEIh.exe
  2⤵
  PID:7348
- C:\Windows\System\kSRiDCR.exe
  C:\Windows\System\kSRiDCR.exe
  2⤵
  PID:7372
- C:\Windows\System\mnfrZZT.exe
  C:\Windows\System\mnfrZZT.exe
  2⤵
  PID:7388
- C:\Windows\System\eOvUQBL.exe
  C:\Windows\System\eOvUQBL.exe
  2⤵
  PID:7404
- C:\Windows\System\FAGIjHz.exe
  C:\Windows\System\FAGIjHz.exe
  2⤵
  PID:7420
- C:\Windows\System\BKHTkeB.exe
  C:\Windows\System\BKHTkeB.exe
  2⤵
  PID:7436
- C:\Windows\System\pfueeaJ.exe
  C:\Windows\System\pfueeaJ.exe
  2⤵
  PID:7456
- C:\Windows\System\OYUoITD.exe
  C:\Windows\System\OYUoITD.exe
  2⤵
  PID:7488
- C:\Windows\System\MlQFjrp.exe
  C:\Windows\System\MlQFjrp.exe
  2⤵
  PID:7504
- C:\Windows\System\cWDYlKU.exe
  C:\Windows\System\cWDYlKU.exe
  2⤵
  PID:7520
- C:\Windows\System\QCADmkW.exe
  C:\Windows\System\QCADmkW.exe
  2⤵
  PID:7540
- C:\Windows\System\rVKsvBb.exe
  C:\Windows\System\rVKsvBb.exe
  2⤵
  PID:7560
- C:\Windows\System\nBxakqM.exe
  C:\Windows\System\nBxakqM.exe
  2⤵
  PID:7580
- C:\Windows\System\NlMuell.exe
  C:\Windows\System\NlMuell.exe
  2⤵
  PID:7600
- C:\Windows\System\RPFcEFl.exe
  C:\Windows\System\RPFcEFl.exe
  2⤵
  PID:7628
- C:\Windows\System\OVYvskv.exe
  C:\Windows\System\OVYvskv.exe
  2⤵
  PID:7648
- C:\Windows\System\kcEFTGW.exe
  C:\Windows\System\kcEFTGW.exe
  2⤵
  PID:7688
- C:\Windows\System\iruukTo.exe
  C:\Windows\System\iruukTo.exe
  2⤵
  PID:7704
- C:\Windows\System\YedWKCn.exe
  C:\Windows\System\YedWKCn.exe
  2⤵
  PID:7724
- C:\Windows\System\iizVhIA.exe
  C:\Windows\System\iizVhIA.exe
  2⤵
  PID:7740
- C:\Windows\System\jjqCIea.exe
  C:\Windows\System\jjqCIea.exe
  2⤵
  PID:7760
- C:\Windows\System\YdTptoX.exe
  C:\Windows\System\YdTptoX.exe
  2⤵
  PID:7780
- C:\Windows\System\abiKiaR.exe
  C:\Windows\System\abiKiaR.exe
  2⤵
  PID:7808
- C:\Windows\System\WMryJcM.exe
  C:\Windows\System\WMryJcM.exe
  2⤵
  PID:7824
- C:\Windows\System\IOQYIfM.exe
  C:\Windows\System\IOQYIfM.exe
  2⤵
  PID:7840
- C:\Windows\System\qtWspsL.exe
  C:\Windows\System\qtWspsL.exe
  2⤵
  PID:7860
- C:\Windows\System\TZceGmz.exe
  C:\Windows\System\TZceGmz.exe
  2⤵
  PID:7876
- C:\Windows\System\LRqVTfj.exe
  C:\Windows\System\LRqVTfj.exe
  2⤵
  PID:7896
- C:\Windows\System\lOathMm.exe
  C:\Windows\System\lOathMm.exe
  2⤵
  PID:7928
- C:\Windows\System\cOZIHRt.exe
  C:\Windows\System\cOZIHRt.exe
  2⤵
  PID:7948
- C:\Windows\System\ULZqawZ.exe
  C:\Windows\System\ULZqawZ.exe
  2⤵
  PID:7968
- C:\Windows\System\WKSZqQl.exe
  C:\Windows\System\WKSZqQl.exe
  2⤵
  PID:7992
- C:\Windows\System\ZotjZgG.exe
  C:\Windows\System\ZotjZgG.exe
  2⤵
  PID:8008
- C:\Windows\System\ErLFyDm.exe
  C:\Windows\System\ErLFyDm.exe
  2⤵
  PID:8028
- C:\Windows\System\MrPSPCW.exe
  C:\Windows\System\MrPSPCW.exe
  2⤵
  PID:8044
- C:\Windows\System\zOdZrQb.exe
  C:\Windows\System\zOdZrQb.exe
  2⤵
  PID:8068
- C:\Windows\System\fmOUEsd.exe
  C:\Windows\System\fmOUEsd.exe
  2⤵
  PID:8088
- C:\Windows\System\AfHzVIs.exe
  C:\Windows\System\AfHzVIs.exe
  2⤵
  PID:8104
- C:\Windows\System\jZgHiRR.exe
  C:\Windows\System\jZgHiRR.exe
  2⤵
  PID:8124
- C:\Windows\System\Wkllrzz.exe
  C:\Windows\System\Wkllrzz.exe
  2⤵
  PID:8140
- C:\Windows\System\kwUCepK.exe
  C:\Windows\System\kwUCepK.exe
  2⤵
  PID:8168
- C:\Windows\System\vRRvseA.exe
  C:\Windows\System\vRRvseA.exe
  2⤵
  PID:8188
- C:\Windows\System\oMStqqo.exe
  C:\Windows\System\oMStqqo.exe
  2⤵
  PID:1728
- C:\Windows\System\jcVOkPb.exe
  C:\Windows\System\jcVOkPb.exe
  2⤵
  PID:7188
- C:\Windows\System\xWEMGiz.exe
  C:\Windows\System\xWEMGiz.exe
  2⤵
  PID:7212
- C:\Windows\System\jvGhHMz.exe
  C:\Windows\System\jvGhHMz.exe
  2⤵
  PID:7232
- C:\Windows\System\pPOpBrY.exe
  C:\Windows\System\pPOpBrY.exe
  2⤵
  PID:7288
- C:\Windows\System\RrUcOKb.exe
  C:\Windows\System\RrUcOKb.exe
  2⤵
  PID:7328
- C:\Windows\System\smlDrEL.exe
  C:\Windows\System\smlDrEL.exe
  2⤵
  PID:7448
- C:\Windows\System\AMzgJsO.exe
  C:\Windows\System\AMzgJsO.exe
  2⤵
  PID:7452
- C:\Windows\System\XfNzCbo.exe
  C:\Windows\System\XfNzCbo.exe
  2⤵
  PID:7532
- C:\Windows\System\WexVDGa.exe
  C:\Windows\System\WexVDGa.exe
  2⤵
  PID:7368
- C:\Windows\System\ZKXMqMM.exe
  C:\Windows\System\ZKXMqMM.exe
  2⤵
  PID:7548
- C:\Windows\System\IFTqPcw.exe
  C:\Windows\System\IFTqPcw.exe
  2⤵
  PID:7432
- C:\Windows\System\qrrztSb.exe
  C:\Windows\System\qrrztSb.exe
  2⤵
  PID:7572
- C:\Windows\System\alvicFh.exe
  C:\Windows\System\alvicFh.exe
  2⤵
  PID:7592
- C:\Windows\System\gSpVPGM.exe
  C:\Windows\System\gSpVPGM.exe
  2⤵
  PID:7660
- C:\Windows\System\ZZWcdFn.exe
  C:\Windows\System\ZZWcdFn.exe
  2⤵
  PID:6816
- C:\Windows\System\MqvMHmw.exe
  C:\Windows\System\MqvMHmw.exe
  2⤵
  PID:7680
- C:\Windows\System\QAkzRFY.exe
  C:\Windows\System\QAkzRFY.exe
  2⤵
  PID:7712
- C:\Windows\System\qYgKDpC.exe
  C:\Windows\System\qYgKDpC.exe
  2⤵
  PID:7788
- C:\Windows\System\seBdSqX.exe
  C:\Windows\System\seBdSqX.exe
  2⤵
  PID:7816
- C:\Windows\System\EMUfXrT.exe
  C:\Windows\System\EMUfXrT.exe
  2⤵
  PID:7852
- C:\Windows\System\GtCHUGD.exe
  C:\Windows\System\GtCHUGD.exe
  2⤵
  PID:7800
- C:\Windows\System\hOffZJW.exe
  C:\Windows\System\hOffZJW.exe
  2⤵
  PID:7936
- C:\Windows\System\qwtyXPE.exe
  C:\Windows\System\qwtyXPE.exe
  2⤵
  PID:7868
- C:\Windows\System\DNKEvzJ.exe
  C:\Windows\System\DNKEvzJ.exe
  2⤵
  PID:7960
- C:\Windows\System\jcgoFeB.exe
  C:\Windows\System\jcgoFeB.exe
  2⤵
  PID:8016
- C:\Windows\System\PMRptQa.exe
  C:\Windows\System\PMRptQa.exe
  2⤵
  PID:8000
- C:\Windows\System\nEaSjZb.exe
  C:\Windows\System\nEaSjZb.exe
  2⤵
  PID:8060
- C:\Windows\System\gZsUqYf.exe
  C:\Windows\System\gZsUqYf.exe
  2⤵
  PID:8080
- C:\Windows\System\WAwUeKJ.exe
  C:\Windows\System\WAwUeKJ.exe
  2⤵
  PID:8112
- C:\Windows\System\SLPQJFW.exe
  C:\Windows\System\SLPQJFW.exe
  2⤵
  PID:8176
- C:\Windows\System\SuyvUEk.exe
  C:\Windows\System\SuyvUEk.exe
  2⤵
  PID:8160
- C:\Windows\System\FeENXPC.exe
  C:\Windows\System\FeENXPC.exe
  2⤵
  PID:7204
- C:\Windows\System\zALDEOO.exe
  C:\Windows\System\zALDEOO.exe
  2⤵
  PID:7248
- C:\Windows\System\yPvZEtt.exe
  C:\Windows\System\yPvZEtt.exe
  2⤵
  PID:7268
- C:\Windows\System\JdKUfCs.exe
  C:\Windows\System\JdKUfCs.exe
  2⤵
  PID:7384
- C:\Windows\System\rzuNMAI.exe
  C:\Windows\System\rzuNMAI.exe
  2⤵
  PID:7476
- C:\Windows\System\uPNVxUQ.exe
  C:\Windows\System\uPNVxUQ.exe
  2⤵
  PID:7496
- C:\Windows\System\NkOWtAU.exe
  C:\Windows\System\NkOWtAU.exe
  2⤵
  PID:7484
- C:\Windows\System\hraeVRT.exe
  C:\Windows\System\hraeVRT.exe
  2⤵
  PID:7568
- C:\Windows\System\eEkyJSw.exe
  C:\Windows\System\eEkyJSw.exe
  2⤵
  PID:7556
- C:\Windows\System\ypnqOdA.exe
  C:\Windows\System\ypnqOdA.exe
  2⤵
  PID:7676
- C:\Windows\System\ULopKWR.exe
  C:\Windows\System\ULopKWR.exe
  2⤵
  PID:7768
- C:\Windows\System\OOETIVr.exe
  C:\Windows\System\OOETIVr.exe
  2⤵
  PID:7804
- C:\Windows\System\wmVSpoh.exe
  C:\Windows\System\wmVSpoh.exe
  2⤵
  PID:7904
- C:\Windows\System\QwXKFGL.exe
  C:\Windows\System\QwXKFGL.exe
  2⤵
  PID:7888
- C:\Windows\System\bQvUMXW.exe
  C:\Windows\System\bQvUMXW.exe
  2⤵
  PID:7980
- C:\Windows\System\HuwnUWq.exe
  C:\Windows\System\HuwnUWq.exe
  2⤵
  PID:8056
- C:\Windows\System\TNrqDXO.exe
  C:\Windows\System\TNrqDXO.exe
  2⤵
  PID:8004
- C:\Windows\System\XHOqVlR.exe
  C:\Windows\System\XHOqVlR.exe
  2⤵
  PID:6928
- C:\Windows\System\FmEDvOv.exe
  C:\Windows\System\FmEDvOv.exe
  2⤵
  PID:8180
- C:\Windows\System\OAxuCXp.exe
  C:\Windows\System\OAxuCXp.exe
  2⤵
  PID:7276
- C:\Windows\System\ofrwECW.exe
  C:\Windows\System\ofrwECW.exe
  2⤵
  PID:8184
- C:\Windows\System\oeUzmyk.exe
  C:\Windows\System\oeUzmyk.exe
  2⤵
  PID:7412
- C:\Windows\System\xxAURmi.exe
  C:\Windows\System\xxAURmi.exe
  2⤵
  PID:7400
- C:\Windows\System\hRIBexn.exe
  C:\Windows\System\hRIBexn.exe
  2⤵
  PID:7552
- C:\Windows\System\EseyUTs.exe
  C:\Windows\System\EseyUTs.exe
  2⤵
  PID:7696
- C:\Windows\System\FeaTyrk.exe
  C:\Windows\System\FeaTyrk.exe
  2⤵
  PID:7716
- C:\Windows\System\CNhkSFy.exe
  C:\Windows\System\CNhkSFy.exe
  2⤵
  PID:7748
- C:\Windows\System\XtAMZEl.exe
  C:\Windows\System\XtAMZEl.exe
  2⤵
  PID:7892
- C:\Windows\System\JrjlaUZ.exe
  C:\Windows\System\JrjlaUZ.exe
  2⤵
  PID:7988
- C:\Windows\System\aEDSmzo.exe
  C:\Windows\System\aEDSmzo.exe
  2⤵
  PID:8052
- C:\Windows\System\vgePyKS.exe
  C:\Windows\System\vgePyKS.exe
  2⤵
  PID:7228
- C:\Windows\System\FWQsdHw.exe
  C:\Windows\System\FWQsdHw.exe
  2⤵
  PID:7192
- C:\Windows\System\FdBpxKQ.exe
  C:\Windows\System\FdBpxKQ.exe
  2⤵
  PID:7656
- C:\Windows\System\yzjFNNw.exe
  C:\Windows\System\yzjFNNw.exe
  2⤵
  PID:7752
- C:\Windows\System\AxIwTvr.exe
  C:\Windows\System\AxIwTvr.exe
  2⤵
  PID:7848
- C:\Windows\System\Fuoljpn.exe
  C:\Windows\System\Fuoljpn.exe
  2⤵
  PID:7940
- C:\Windows\System\okXAKtT.exe
  C:\Windows\System\okXAKtT.exe
  2⤵
  PID:7976
- C:\Windows\System\PIeVeqp.exe
  C:\Windows\System\PIeVeqp.exe
  2⤵
  PID:7324
- C:\Windows\System\ESYsBLv.exe
  C:\Windows\System\ESYsBLv.exe
  2⤵
  PID:5088
- C:\Windows\System\tNAFdfX.exe
  C:\Windows\System\tNAFdfX.exe
  2⤵
  PID:7640
- C:\Windows\System\LIcWHOz.exe
  C:\Windows\System\LIcWHOz.exe
  2⤵
  PID:7700
- C:\Windows\System\jXFDutO.exe
  C:\Windows\System\jXFDutO.exe
  2⤵
  PID:7172
- C:\Windows\System\URBSILU.exe
  C:\Windows\System\URBSILU.exe
  2⤵
  PID:8212
- C:\Windows\System\hGqsers.exe
  C:\Windows\System\hGqsers.exe
  2⤵
  PID:8244
- C:\Windows\System\SicwEsV.exe
  C:\Windows\System\SicwEsV.exe
  2⤵
  PID:8268
- C:\Windows\System\nWpjkFv.exe
  C:\Windows\System\nWpjkFv.exe
  2⤵
  PID:8288
- C:\Windows\System\sGQPUMW.exe
  C:\Windows\System\sGQPUMW.exe
  2⤵
  PID:8304
- C:\Windows\System\PEPtqKD.exe
  C:\Windows\System\PEPtqKD.exe
  2⤵
  PID:8324
- C:\Windows\System\AegptUe.exe
  C:\Windows\System\AegptUe.exe
  2⤵
  PID:8340
- C:\Windows\System\IuVnPwQ.exe
  C:\Windows\System\IuVnPwQ.exe
  2⤵
  PID:8360
- C:\Windows\System\KZUFBtS.exe
  C:\Windows\System\KZUFBtS.exe
  2⤵
  PID:8376
- C:\Windows\System\MjFbkoZ.exe
  C:\Windows\System\MjFbkoZ.exe
  2⤵
  PID:8396
- C:\Windows\System\tNFzKHk.exe
  C:\Windows\System\tNFzKHk.exe
  2⤵
  PID:8412
- C:\Windows\System\BLoIPTn.exe
  C:\Windows\System\BLoIPTn.exe
  2⤵
  PID:8452
- C:\Windows\System\YuQYdMl.exe
  C:\Windows\System\YuQYdMl.exe
  2⤵
  PID:8468
- C:\Windows\System\qqklmNH.exe
  C:\Windows\System\qqklmNH.exe
  2⤵
  PID:8484
- C:\Windows\System\tUrsLbt.exe
  C:\Windows\System\tUrsLbt.exe
  2⤵
  PID:8500
- C:\Windows\System\tQohCnm.exe
  C:\Windows\System\tQohCnm.exe
  2⤵
  PID:8516
- C:\Windows\System\LJnkxzI.exe
  C:\Windows\System\LJnkxzI.exe
  2⤵
  PID:8536
- C:\Windows\System\KOmoMXL.exe
  C:\Windows\System\KOmoMXL.exe
  2⤵
  PID:8564
- C:\Windows\System\lXkWyIa.exe
  C:\Windows\System\lXkWyIa.exe
  2⤵
  PID:8580
- C:\Windows\System\ioZfSoW.exe
  C:\Windows\System\ioZfSoW.exe
  2⤵
  PID:8608
- C:\Windows\System\lkNiDYz.exe
  C:\Windows\System\lkNiDYz.exe
  2⤵
  PID:8624
- C:\Windows\System\plEFPzA.exe
  C:\Windows\System\plEFPzA.exe
  2⤵
  PID:8644
- C:\Windows\System\eMhOOlV.exe
  C:\Windows\System\eMhOOlV.exe
  2⤵
  PID:8660
- C:\Windows\System\JfumBIB.exe
  C:\Windows\System\JfumBIB.exe
  2⤵
  PID:8676
- C:\Windows\System\RTBqWPF.exe
  C:\Windows\System\RTBqWPF.exe
  2⤵
  PID:8708
- C:\Windows\System\pSdsiGR.exe
  C:\Windows\System\pSdsiGR.exe
  2⤵
  PID:8724
- C:\Windows\System\LeNVcFw.exe
  C:\Windows\System\LeNVcFw.exe
  2⤵
  PID:8740
- C:\Windows\System\FKmhoIz.exe
  C:\Windows\System\FKmhoIz.exe
  2⤵
  PID:8760
- C:\Windows\System\ojvQuYi.exe
  C:\Windows\System\ojvQuYi.exe
  2⤵
  PID:8780
- C:\Windows\System\ZDJLxtu.exe
  C:\Windows\System\ZDJLxtu.exe
  2⤵
  PID:8796
- C:\Windows\System\LfjTRZk.exe
  C:\Windows\System\LfjTRZk.exe
  2⤵
  PID:8824
- C:\Windows\System\MIWWnjF.exe
  C:\Windows\System\MIWWnjF.exe
  2⤵
  PID:8840
- C:\Windows\System\tYuXPsr.exe
  C:\Windows\System\tYuXPsr.exe
  2⤵
  PID:8856
- C:\Windows\System\HvWaYFa.exe
  C:\Windows\System\HvWaYFa.exe
  2⤵
  PID:8872
- C:\Windows\System\bBrfoDW.exe
  C:\Windows\System\bBrfoDW.exe
  2⤵
  PID:8888
- C:\Windows\System\xiAwOEk.exe
  C:\Windows\System\xiAwOEk.exe
  2⤵
  PID:8904
- C:\Windows\System\kpaBQdI.exe
  C:\Windows\System\kpaBQdI.exe
  2⤵
  PID:8920
- C:\Windows\System\NHstDqe.exe
  C:\Windows\System\NHstDqe.exe
  2⤵
  PID:8948
- C:\Windows\System\HOmsWbU.exe
  C:\Windows\System\HOmsWbU.exe
  2⤵
  PID:9000
- C:\Windows\System\qAZqzNF.exe
  C:\Windows\System\qAZqzNF.exe
  2⤵
  PID:9016
- C:\Windows\System\ZXGkWgH.exe
  C:\Windows\System\ZXGkWgH.exe
  2⤵
  PID:9032
- C:\Windows\System\zsZHEch.exe
  C:\Windows\System\zsZHEch.exe
  2⤵
  PID:9048
- C:\Windows\System\KSbjWJD.exe
  C:\Windows\System\KSbjWJD.exe
  2⤵
  PID:9068
- C:\Windows\System\xAPPzaN.exe
  C:\Windows\System\xAPPzaN.exe
  2⤵
  PID:9088
- C:\Windows\System\WxbcaVi.exe
  C:\Windows\System\WxbcaVi.exe
  2⤵
  PID:9108
- C:\Windows\System\EKNoFAZ.exe
  C:\Windows\System\EKNoFAZ.exe
  2⤵
  PID:9128
- C:\Windows\System\renRrju.exe
  C:\Windows\System\renRrju.exe
  2⤵
  PID:9152
- C:\Windows\System\AEdutvO.exe
  C:\Windows\System\AEdutvO.exe
  2⤵
  PID:9180
- C:\Windows\System\QYcOMAh.exe
  C:\Windows\System\QYcOMAh.exe
  2⤵
  PID:9196
- C:\Windows\System\QkOLzwo.exe
  C:\Windows\System\QkOLzwo.exe
  2⤵
  PID:9212
- C:\Windows\System\EJpzGQu.exe
  C:\Windows\System\EJpzGQu.exe
  2⤵
  PID:7500
- C:\Windows\System\KZSauPM.exe
  C:\Windows\System\KZSauPM.exe
  2⤵
  PID:7776
- C:\Windows\System\HDjfhXP.exe
  C:\Windows\System\HDjfhXP.exe
  2⤵
  PID:8208
- C:\Windows\System\ZidweVN.exe
  C:\Windows\System\ZidweVN.exe
  2⤵
  PID:8240
- C:\Windows\System\CzsuRev.exe
  C:\Windows\System\CzsuRev.exe
  2⤵
  PID:8252
- C:\Windows\System\rlnAxgN.exe
  C:\Windows\System\rlnAxgN.exe
  2⤵
  PID:8300
- C:\Windows\System\KyACtGG.exe
  C:\Windows\System\KyACtGG.exe
  2⤵
  PID:8356
- C:\Windows\System\PpMkkZq.exe
  C:\Windows\System\PpMkkZq.exe
  2⤵
  PID:8420
- C:\Windows\System\FJOKYcP.exe
  C:\Windows\System\FJOKYcP.exe
  2⤵
  PID:8444
- C:\Windows\System\QdXYwpi.exe
  C:\Windows\System\QdXYwpi.exe
  2⤵
  PID:8408
- C:\Windows\System\lUWFurL.exe
  C:\Windows\System\lUWFurL.exe
  2⤵
  PID:8476
- C:\Windows\System\Qsctdjp.exe
  C:\Windows\System\Qsctdjp.exe
  2⤵
  PID:8544
- C:\Windows\System\iuYvWpE.exe
  C:\Windows\System\iuYvWpE.exe
  2⤵
  PID:8492
- C:\Windows\System\ODjGVWX.exe
  C:\Windows\System\ODjGVWX.exe
  2⤵
  PID:8556
- C:\Windows\System\uczXHlL.exe
  C:\Windows\System\uczXHlL.exe
  2⤵
  PID:8684
- C:\Windows\System\qEGtDgS.exe
  C:\Windows\System\qEGtDgS.exe
  2⤵
  PID:8652
- C:\Windows\System\kIQtPAQ.exe
  C:\Windows\System\kIQtPAQ.exe
  2⤵
  PID:8592
- C:\Windows\System\olNVSkD.exe
  C:\Windows\System\olNVSkD.exe
  2⤵
  PID:8732
- C:\Windows\System\eAVqyko.exe
  C:\Windows\System\eAVqyko.exe
  2⤵
  PID:8816
- C:\Windows\System\ymXNjBr.exe
  C:\Windows\System\ymXNjBr.exe
  2⤵
  PID:8912
- C:\Windows\System\sgBstif.exe
  C:\Windows\System\sgBstif.exe
  2⤵
  PID:8640
- C:\Windows\System\BPljUkm.exe
  C:\Windows\System\BPljUkm.exe
  2⤵
  PID:8980
- C:\Windows\System\pnJPNke.exe
  C:\Windows\System\pnJPNke.exe
  2⤵
  PID:8900
- C:\Windows\System\DNBeoRZ.exe
  C:\Windows\System\DNBeoRZ.exe
  2⤵
  PID:8752
- C:\Windows\System\DWpwGYF.exe
  C:\Windows\System\DWpwGYF.exe
  2⤵
  PID:8716
- C:\Windows\System\kvLkjzW.exe
  C:\Windows\System\kvLkjzW.exe
  2⤵
  PID:8868
- C:\Windows\System\QNIMxPb.exe
  C:\Windows\System\QNIMxPb.exe
  2⤵
  PID:9012
- C:\Windows\System\nmOxJtD.exe
  C:\Windows\System\nmOxJtD.exe
  2⤵
  PID:9044
- C:\Windows\System\KgnJkHb.exe
  C:\Windows\System\KgnJkHb.exe
  2⤵
  PID:9060
- C:\Windows\System\KgzGjON.exe
  C:\Windows\System\KgzGjON.exe
  2⤵
  PID:9116
- C:\Windows\System\MnTNXix.exe
  C:\Windows\System\MnTNXix.exe
  2⤵
  PID:9064
- C:\Windows\System\nRaMigO.exe
  C:\Windows\System\nRaMigO.exe
  2⤵
  PID:9176
- C:\Windows\System\LIcAGwB.exe
  C:\Windows\System\LIcAGwB.exe
  2⤵
  PID:7272
- C:\Windows\System\ZOqbPpx.exe
  C:\Windows\System\ZOqbPpx.exe
  2⤵
  PID:9188
- C:\Windows\System\SdRZQAI.exe
  C:\Windows\System\SdRZQAI.exe
  2⤵
  PID:8224
- C:\Windows\System\WPJgusW.exe
  C:\Windows\System\WPJgusW.exe
  2⤵
  PID:9104
- C:\Windows\System\WfOhjCX.exe
  C:\Windows\System\WfOhjCX.exe
  2⤵
  PID:7512
- C:\Windows\System\xpXSJQw.exe
  C:\Windows\System\xpXSJQw.exe
  2⤵
  PID:8200
- C:\Windows\System\nUXJpYD.exe
  C:\Windows\System\nUXJpYD.exe
  2⤵
  PID:8076
- C:\Windows\System\sUUiiBK.exe
  C:\Windows\System\sUUiiBK.exe
  2⤵
  PID:8320
- C:\Windows\System\tNwqHHR.exe
  C:\Windows\System\tNwqHHR.exe
  2⤵
  PID:8756
- C:\Windows\System\IWBLBfW.exe
  C:\Windows\System\IWBLBfW.exe
  2⤵
  PID:8440
- C:\Windows\System\kJWZTRR.exe
  C:\Windows\System\kJWZTRR.exe
  2⤵
  PID:8768
- C:\Windows\System\vbicVGS.exe
  C:\Windows\System\vbicVGS.exe
  2⤵
  PID:8808
- C:\Windows\System\gsvTOLm.exe
  C:\Windows\System\gsvTOLm.exe
  2⤵
  PID:8968
- C:\Windows\System\geLjrWe.exe
  C:\Windows\System\geLjrWe.exe
  2⤵
  PID:8848
- C:\Windows\System\JmAvUGf.exe
  C:\Windows\System\JmAvUGf.exe
  2⤵
  PID:8976
- C:\Windows\System\raUUaAr.exe
  C:\Windows\System\raUUaAr.exe
  2⤵
  PID:8832
- C:\Windows\System\nKkMbXX.exe
  C:\Windows\System\nKkMbXX.exe
  2⤵
  PID:9040
- C:\Windows\System\NhuYwNI.exe
  C:\Windows\System\NhuYwNI.exe
  2⤵
  PID:8996
- C:\Windows\System\KVyujrL.exe
  C:\Windows\System\KVyujrL.exe
  2⤵
  PID:9208
- C:\Windows\System\KvYQyrS.exe
  C:\Windows\System\KvYQyrS.exe
  2⤵
  PID:9120
- C:\Windows\System\acVpGyo.exe
  C:\Windows\System\acVpGyo.exe
  2⤵
  PID:8372
- C:\Windows\System\CRGywew.exe
  C:\Windows\System\CRGywew.exe
  2⤵
  PID:8264
- C:\Windows\System\AFlDvBS.exe
  C:\Windows\System\AFlDvBS.exe
  2⤵
  PID:7624
- C:\Windows\System\BctVixH.exe
  C:\Windows\System\BctVixH.exe
  2⤵
  PID:8464
- C:\Windows\System\pcyybxk.exe
  C:\Windows\System\pcyybxk.exe
  2⤵
  PID:8524
- C:\Windows\System\WWGmCyV.exe
  C:\Windows\System\WWGmCyV.exe
  2⤵
  PID:8688
- C:\Windows\System\NcEhphr.exe
  C:\Windows\System\NcEhphr.exe
  2⤵
  PID:8424
- C:\Windows\System\wqnAXkr.exe
  C:\Windows\System\wqnAXkr.exe
  2⤵
  PID:8772
- C:\Windows\System\eMYNjWW.exe
  C:\Windows\System\eMYNjWW.exe
  2⤵
  PID:8896
- C:\Windows\System\FWHIbYp.exe
  C:\Windows\System\FWHIbYp.exe
  2⤵
  PID:8668
- C:\Windows\System\bBcOhTP.exe
  C:\Windows\System\bBcOhTP.exe
  2⤵
  PID:8992
- C:\Windows\System\qgAcqnK.exe
  C:\Windows\System\qgAcqnK.exe
  2⤵
  PID:9084
- C:\Windows\System\VdlBZpn.exe
  C:\Windows\System\VdlBZpn.exe
  2⤵
  PID:9168
- C:\Windows\System\RTKLIhC.exe
  C:\Windows\System\RTKLIhC.exe
  2⤵
  PID:8232
- C:\Windows\System\pJPMgmB.exe
  C:\Windows\System\pJPMgmB.exe
  2⤵
  PID:8512
- C:\Windows\System\rqxpjEv.exe
  C:\Windows\System\rqxpjEv.exe
  2⤵
  PID:8312
- C:\Windows\System\yiwmOFT.exe
  C:\Windows\System\yiwmOFT.exe
  2⤵
  PID:8880
- C:\Windows\System\xmeUhIX.exe
  C:\Windows\System\xmeUhIX.exe
  2⤵
  PID:8636
- C:\Windows\System\QXRrSZg.exe
  C:\Windows\System\QXRrSZg.exe
  2⤵
  PID:8748
- C:\Windows\System\wCzWQUk.exe
  C:\Windows\System\wCzWQUk.exe
  2⤵
  PID:9148
- C:\Windows\System\LJDlFAc.exe
  C:\Windows\System\LJDlFAc.exe
  2⤵
  PID:9136
- C:\Windows\System\gAiZnYm.exe
  C:\Windows\System\gAiZnYm.exe
  2⤵
  PID:8528
- C:\Windows\System\JSnDeZQ.exe
  C:\Windows\System\JSnDeZQ.exe
  2⤵
  PID:8428
- C:\Windows\System\xHbuxov.exe
  C:\Windows\System\xHbuxov.exe
  2⤵
  PID:8596
- C:\Windows\System\tVguyrn.exe
  C:\Windows\System\tVguyrn.exe
  2⤵
  PID:8984
- C:\Windows\System\WzjVrvB.exe
  C:\Windows\System\WzjVrvB.exe
  2⤵
  PID:9172
- C:\Windows\System\JNaigWU.exe
  C:\Windows\System\JNaigWU.exe
  2⤵
  PID:9008
- C:\Windows\System\yPjzaBz.exe
  C:\Windows\System\yPjzaBz.exe
  2⤵
  PID:8588
- C:\Windows\System\wVOuptU.exe
  C:\Windows\System\wVOuptU.exe
  2⤵
  PID:8284
- C:\Windows\System\wggedba.exe
  C:\Windows\System\wggedba.exe
  2⤵
  PID:8616
- C:\Windows\System\ByNdnpD.exe
  C:\Windows\System\ByNdnpD.exe
  2⤵
  PID:8576
- C:\Windows\System\vYmCfsc.exe
  C:\Windows\System\vYmCfsc.exe
  2⤵
  PID:9232
- C:\Windows\System\bmfmlfL.exe
  C:\Windows\System\bmfmlfL.exe
  2⤵
  PID:9248
- C:\Windows\System\krsMNWI.exe
  C:\Windows\System\krsMNWI.exe
  2⤵
  PID:9264
- C:\Windows\System\gpmPjrw.exe
  C:\Windows\System\gpmPjrw.exe
  2⤵
  PID:9280
- C:\Windows\System\nICEKEx.exe
  C:\Windows\System\nICEKEx.exe
  2⤵
  PID:9296
- C:\Windows\System\LOnhFrr.exe
  C:\Windows\System\LOnhFrr.exe
  2⤵
  PID:9312
- C:\Windows\System\OAjJpqT.exe
  C:\Windows\System\OAjJpqT.exe
  2⤵
  PID:9328
- C:\Windows\System\GYGVBMz.exe
  C:\Windows\System\GYGVBMz.exe
  2⤵
  PID:9344
- C:\Windows\System\ydKdQyc.exe
  C:\Windows\System\ydKdQyc.exe
  2⤵
  PID:9360
- C:\Windows\System\bWpFbOd.exe
  C:\Windows\System\bWpFbOd.exe
  2⤵
  PID:9376
- C:\Windows\System\DDEKrGw.exe
  C:\Windows\System\DDEKrGw.exe
  2⤵
  PID:9392
- C:\Windows\System\oSrFKME.exe
  C:\Windows\System\oSrFKME.exe
  2⤵
  PID:9408
- C:\Windows\System\ZyWDaYP.exe
  C:\Windows\System\ZyWDaYP.exe
  2⤵
  PID:9428
- C:\Windows\System\PEFGZyB.exe
  C:\Windows\System\PEFGZyB.exe
  2⤵
  PID:9444
- C:\Windows\System\FpAyyFT.exe
  C:\Windows\System\FpAyyFT.exe
  2⤵
  PID:9460
- C:\Windows\System\RMEExhy.exe
  C:\Windows\System\RMEExhy.exe
  2⤵
  PID:9476
- C:\Windows\System\swIrMFM.exe
  C:\Windows\System\swIrMFM.exe
  2⤵
  PID:9492
- C:\Windows\System\qqMWRmb.exe
  C:\Windows\System\qqMWRmb.exe
  2⤵
  PID:9508
- C:\Windows\System\iZUZZNd.exe
  C:\Windows\System\iZUZZNd.exe
  2⤵
  PID:9524
- C:\Windows\System\tqHriEU.exe
  C:\Windows\System\tqHriEU.exe
  2⤵
  PID:9540
- C:\Windows\System\bYNqkct.exe
  C:\Windows\System\bYNqkct.exe
  2⤵
  PID:9560
- C:\Windows\System\YuovCRa.exe
  C:\Windows\System\YuovCRa.exe
  2⤵
  PID:9576
- C:\Windows\System\aHXzDBb.exe
  C:\Windows\System\aHXzDBb.exe
  2⤵
  PID:9592
- C:\Windows\System\ueArsjh.exe
  C:\Windows\System\ueArsjh.exe
  2⤵
  PID:9608
- C:\Windows\System\yJCxNfH.exe
  C:\Windows\System\yJCxNfH.exe
  2⤵
  PID:9624
- C:\Windows\System\dKDleZv.exe
  C:\Windows\System\dKDleZv.exe
  2⤵
  PID:9644
- C:\Windows\System\lKvULCI.exe
  C:\Windows\System\lKvULCI.exe
  2⤵
  PID:9660
- C:\Windows\System\lSXxkvm.exe
  C:\Windows\System\lSXxkvm.exe
  2⤵
  PID:9680
- C:\Windows\System\AanDNeX.exe
  C:\Windows\System\AanDNeX.exe
  2⤵
  PID:9696
- C:\Windows\System\tncVdoR.exe
  C:\Windows\System\tncVdoR.exe
  2⤵
  PID:9712
- C:\Windows\System\tRgesRC.exe
  C:\Windows\System\tRgesRC.exe
  2⤵
  PID:9728
- C:\Windows\System\KUGTdKe.exe
  C:\Windows\System\KUGTdKe.exe
  2⤵
  PID:9744
- C:\Windows\System\cKCDssg.exe
  C:\Windows\System\cKCDssg.exe
  2⤵
  PID:9760
- C:\Windows\System\JniXsgv.exe
  C:\Windows\System\JniXsgv.exe
  2⤵
  PID:9776
- C:\Windows\System\TUqrxAF.exe
  C:\Windows\System\TUqrxAF.exe
  2⤵
  PID:9792
- C:\Windows\System\qsAMJxM.exe
  C:\Windows\System\qsAMJxM.exe
  2⤵
  PID:9808
- C:\Windows\System\pWryPUf.exe
  C:\Windows\System\pWryPUf.exe
  2⤵
  PID:9828
- C:\Windows\System\imTJguP.exe
  C:\Windows\System\imTJguP.exe
  2⤵
  PID:9844
- C:\Windows\System\KBeqDAX.exe
  C:\Windows\System\KBeqDAX.exe
  2⤵
  PID:9860
- C:\Windows\System\iCbtBjh.exe
  C:\Windows\System\iCbtBjh.exe
  2⤵
  PID:9876
- C:\Windows\System\qpJYeBG.exe
  C:\Windows\System\qpJYeBG.exe
  2⤵
  PID:9892
- C:\Windows\System\QcVEshA.exe
  C:\Windows\System\QcVEshA.exe
  2⤵
  PID:9908
- C:\Windows\System\oajvpDQ.exe
  C:\Windows\System\oajvpDQ.exe
  2⤵
  PID:9924
- C:\Windows\System\ADgxvMw.exe
  C:\Windows\System\ADgxvMw.exe
  2⤵
  PID:9944
- C:\Windows\System\vpUvDdT.exe
  C:\Windows\System\vpUvDdT.exe
  2⤵
  PID:9960
- C:\Windows\System\wAwDEYN.exe
  C:\Windows\System\wAwDEYN.exe
  2⤵
  PID:9976
- C:\Windows\System\QvGzgHD.exe
  C:\Windows\System\QvGzgHD.exe
  2⤵
  PID:9992
- C:\Windows\System\ZWZljdM.exe
  C:\Windows\System\ZWZljdM.exe
  2⤵
  PID:10012
- C:\Windows\System\WBPKbcR.exe
  C:\Windows\System\WBPKbcR.exe
  2⤵
  PID:10028
- C:\Windows\System\enIJJHr.exe
  C:\Windows\System\enIJJHr.exe
  2⤵
  PID:10044
- C:\Windows\System\CaQXBKh.exe
  C:\Windows\System\CaQXBKh.exe
  2⤵
  PID:10060
- C:\Windows\System\iCXBgDM.exe
  C:\Windows\System\iCXBgDM.exe
  2⤵
  PID:10080
- C:\Windows\System\FYExEuM.exe
  C:\Windows\System\FYExEuM.exe
  2⤵
  PID:10096
- C:\Windows\System\DozIGui.exe
  C:\Windows\System\DozIGui.exe
  2⤵
  PID:10112
- C:\Windows\System\VshooVw.exe
  C:\Windows\System\VshooVw.exe
  2⤵
  PID:10128
- C:\Windows\System\OamNLnC.exe
  C:\Windows\System\OamNLnC.exe
  2⤵
  PID:10144
- C:\Windows\System\jNkrMHW.exe
  C:\Windows\System\jNkrMHW.exe
  2⤵
  PID:10160
- C:\Windows\System\flxPcAB.exe
  C:\Windows\System\flxPcAB.exe
  2⤵
  PID:10176
- C:\Windows\System\sVaAtGw.exe
  C:\Windows\System\sVaAtGw.exe
  2⤵
  PID:10192
- C:\Windows\System\TzZTCDl.exe
  C:\Windows\System\TzZTCDl.exe
  2⤵
  PID:10208
- C:\Windows\System\vDgsqtq.exe
  C:\Windows\System\vDgsqtq.exe
  2⤵
  PID:10224
- C:\Windows\System\FdGTvuU.exe
  C:\Windows\System\FdGTvuU.exe
  2⤵
  PID:8864
- C:\Windows\System\gppiiYU.exe
  C:\Windows\System\gppiiYU.exe
  2⤵
  PID:9240
- C:\Windows\System\eDMIPff.exe
  C:\Windows\System\eDMIPff.exe
  2⤵
  PID:9260
- C:\Windows\System\WorPrAB.exe
  C:\Windows\System\WorPrAB.exe
  2⤵
  PID:9336
- C:\Windows\System\BqGFIqV.exe
  C:\Windows\System\BqGFIqV.exe
  2⤵
  PID:9324
- C:\Windows\System\saVsOcn.exe
  C:\Windows\System\saVsOcn.exe
  2⤵
  PID:9388
- C:\Windows\System\bpwJucd.exe
  C:\Windows\System\bpwJucd.exe
  2⤵
  PID:9404
- C:\Windows\System\ZNIAVjL.exe
  C:\Windows\System\ZNIAVjL.exe
  2⤵
  PID:9468
- C:\Windows\System\JoUKvWG.exe
  C:\Windows\System\JoUKvWG.exe
  2⤵
  PID:9504
- C:\Windows\System\YWnxUsD.exe
  C:\Windows\System\YWnxUsD.exe
  2⤵
  PID:9556
- C:\Windows\System\VlnKMyH.exe
  C:\Windows\System\VlnKMyH.exe
  2⤵
  PID:9536
- C:\Windows\System\DMZZSTF.exe
  C:\Windows\System\DMZZSTF.exe
  2⤵
  PID:9604
- C:\Windows\System\rMzavwg.exe
  C:\Windows\System\rMzavwg.exe
  2⤵
  PID:9676
- C:\Windows\System\PCovzbD.exe
  C:\Windows\System\PCovzbD.exe
  2⤵
  PID:9688
- C:\Windows\System\kyvinGG.exe
  C:\Windows\System\kyvinGG.exe
  2⤵
  PID:9724
- C:\Windows\System\JYMXoor.exe
  C:\Windows\System\JYMXoor.exe
  2⤵
  PID:9816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\GjEEAlt.exe

Filesize
6.0MB

MD5
9faedff546b9ab1b65a9f029f3c48453

SHA1
ae94d5f17eed3a3c45e0003c397eb1c20ff201aa

SHA256
bf261dae672d168f194ebd441f931b5e2d00ff307589f043b44c19d7212ce53f

SHA512
93166a3cdfce52f28425b7664ed2e8f64ed5b2d7c9eeb78df75fd2d0f4b772b9405126ecb9a7696675150e3400f587ae0639919ec2f078c75e93411032c1ee35

Download Submit
C:\Windows\system\JOESUEi.exe

Filesize
6.0MB

MD5
9d9ec269e54e856e043f162f6d6d9570

SHA1
5bf5e953efc13beea13dd51132b6b01ef68d3279

SHA256
203e606d294502f4bf4f49209d9af137c53a8fc9b13ad9709f648442be599706

SHA512
d26f5f48dd730f599d9564a4fcd3e961aaaeb2fde24f8950e1781c777379dde58caadf44b4495d13b1ee0a592d7b29e733c3ed915bff94df3f94505c23e87f6d

Download Submit
C:\Windows\system\KqzWbky.exe

Filesize
6.0MB

MD5
24a837ee14cc8f10e58b3e09e148519b

SHA1
bc188cf0a42163e7a5432d2878f2e4deb8a8b547

SHA256
c7cc7773d496a638de2bdb41a4caeed32b02c593e7129aa0e340583967339662

SHA512
0043f1952b50746d69ba7a72a45eeeea45609d366c4674bd3274d823f76215ca67f7766e6061c0c3a945cfd76af8accb5e9dfcaca5a9a2f7e87303876133201c

Download Submit
C:\Windows\system\MWaVhNF.exe

Filesize
6.0MB

MD5
14964061bac997594bf05579819ebdac

SHA1
9d79ee3e9ce152c1328d40694b22cbb851151b0a

SHA256
cdf8a2dcda2cb91e1404a1d0ffabd6ce8c10d7f50fb8e69ba65ea9e60ceeb478

SHA512
c2532bc653549ba28a43350b705bfe6b8ea49d23e5293d864b1fffd69c75753a602df02b69920f93a33ac26d95c4bc535cc786c0caf276fe2df522a67a7202ae

Download Submit
C:\Windows\system\NUecVMg.exe

Filesize
6.0MB

MD5
efb881adc7649f256833ce67fc38607b

SHA1
85540dac6e5a917e79b3054688650a4f9cc3796a

SHA256
857b58d41a95346d5ba376279cfcf7beeb123924a17967a210e6746a7c27fd3a

SHA512
28c9871440bc93bc11a478a732942cee9bbc9b896874df996edb6896ff72294c38e55e4490054c0774cc350970833e73f3b998baf955d3eb23fa6273895fe5ed

Download Submit
C:\Windows\system\OpZswNj.exe

Filesize
6.0MB

MD5
f66008a1e0bd857796c2afb7bfaf7072

SHA1
ff106e8288adf1ba4e3732fa6b05f995675a7a93

SHA256
0ed0dc74d22534a9908b2401f92006e09d948329206684805386190b81d30bbe

SHA512
c48d02f478a26fe9aee81b31a3f83941ced46888e692074d9c057f0c482cb24dadf16a8f7bcd2fa5876f03776858d694b8fab533c4a615db75ab6e9bdbbcfa51

Download Submit
C:\Windows\system\PmzChcV.exe

Filesize
6.0MB

MD5
b63be1b2708891219976e6400014cab8

SHA1
1396e9bae561ab1c2c426a0537ee6f1e95065e34

SHA256
88d05f5c97c1ba2cc893173a244c9dd615a4827d62f7c360e1da65d735e48a0f

SHA512
99b283f0894e36e178b88d596d7861d480b6d8bec3bf236e85ce5310c111fed27489e6cf94b5c1f0662f7cc8d40196bc5d31b6ef509d26ba4b94ee424172a5a0

Download Submit
C:\Windows\system\SKsVuOq.exe

Filesize
6.0MB

MD5
03e2962fa797c243d5e4dc67a99755dc

SHA1
d89d1cfd2c6aa667d3a5a1cb2141c839668663d3

SHA256
0cdbb32dcae8e15fb46ad89c2003bb27956aacc2ed28a62d72dc1f9688fdc244

SHA512
a00d6ab4d49cae0f08b157f0fe0a5536da21c4016eb502006682ee1309ea8f6ccf47a45efebff9d0e8fefe53a2d6bfba653d02410106c8e44e406da7c7e450bb

Download Submit
C:\Windows\system\TVLuDZV.exe

Filesize
6.0MB

MD5
7509e81d4ac170816aee91d3d5136002

SHA1
f98241858ae6caeeb639aaa5ab7c445d5079251b

SHA256
c2f6e8182ea8ae911e4c703d4081a174c3fe706febc59e9a6c79dd72804812d1

SHA512
bb087b181cd0a760ee8a6a5cd4f227152adb3886300c67844fb0cba8bc85d5a1ecbb9250d09e0248664a1438310e21bb19d1e959a37f9e9b036f5fd4c5415cde

Download Submit
C:\Windows\system\XmpjVaF.exe

Filesize
6.0MB

MD5
a181f67828618793a8ba11c74e50de7b

SHA1
e3016259de552e1aaf47e460a22949df3754921a

SHA256
097181c2730f3b72dc13026275e188254bda43037d8beb68c23f3601d309e84a

SHA512
fd39c273b3512d02beadd3afb84ad840276a4e54dfd5485dd8bca43d79f563fe220813122b1e89ced9737ce0370ea94b3cdd315a6ed56de7161fd91f44c3ac75

Download Submit
C:\Windows\system\aAULdxt.exe

Filesize
6.0MB

MD5
430e3ed06ee357927c347d1e91fc3e01

SHA1
d0fa0e97ab977d152d4104c3afab9ac63e918a73

SHA256
6a79f172b6ce0ff1d97b20026ef23b117c24ae85f0b9855eef81cbec85c71954

SHA512
8eadca4b6d31d9cd5ccd75a47aa1329f8041e6f51a19b0f762adde90848ed81e23b4caa451d1726a876598e621d75b21d4d3cb1b486f1d34cddd670f9dfba552

Download Submit
C:\Windows\system\cQmaFpr.exe

Filesize
6.0MB

MD5
9c2c92092b6d2f73c2fa476125eec599

SHA1
d8db6265861d4c0785d571480f56e271b36230f5

SHA256
f73d3e570e6f727dcb06a6cfd309b5fcaed41497b32483423a88e012166c175d

SHA512
66b81400bedf7828f5e7dafe6d52e1d93faea1af17b1b6c0b3de5f29563da2e8955405453c7bd29ccf5894e94f60c25328e02a630a6084ea635f8def3e3e87e3

Download Submit
C:\Windows\system\cvxmwPb.exe

Filesize
6.0MB

MD5
2c6b08c516287ec0256946bbf8b4c33e

SHA1
52573979506b49eb3f80c9d0d5241697232f1d38

SHA256
9463f1c490326fc8ee94f3cc861d90b349cbbb34439130e546b54566915c0a3c

SHA512
d87028bc3cb70f5b7f92f521967182e67efaa08de8bed8ff05c5b229c2f73ecff6cd107446a368bf964dc96adf5ba12d3e932de679ae3d9d0ae49791c7b171bc

Download Submit
C:\Windows\system\cylHDaX.exe

Filesize
6.0MB

MD5
69f206fd080027ae3a0e396e254c96e6

SHA1
d2139020f36678051a406acd3c22e1587d923419

SHA256
db2fedb4116961243ecfdf49870d9211dc7ea7296473303dde4771187e2a2f33

SHA512
8c1e3c907e6c60cda7101a35556a613acaacbe2d435000f7ae89bf3959f299f981864a6289886db54a16eb8e0fb760c15a321c727d5f6f9ea96bc74390b28bc6

Download Submit
C:\Windows\system\dUhgmCt.exe

Filesize
6.0MB

MD5
11d3681958e6f6807ae55fb13e431356

SHA1
ba412db0e35e468098452d01e459f2375b9745eb

SHA256
0be0db38c04b044cdf96c3e964aeeb7e7cff11f395029864daa73bd5d496ebe9

SHA512
ec3307b1d80aae99b58f4c50f71b2b66369998a317dbb173cacc1aa616c095681f10227e913a4da302645b1064fa708d5b813ebc1b5f137bdb89467ca7940611

Download Submit
C:\Windows\system\dgGxuJY.exe

Filesize
6.0MB

MD5
8dd5d29fecdad0e6ccd21276ae4f4a33

SHA1
c298ffe67bdfd0e9092e2a0d9b1a5f4eeed00503

SHA256
bddb9fb093358d9f91d5a7770ad6ccf505f078e384f9552ce22dd11eae45648e

SHA512
0c2762a1532d78bbe60e5dd05e22370d11afb11cdcc2345f47e4606f8ff6afec3c8615a58c9fd35b0da53a38befd8be13341006784022df86b5da7a018201cbd

Download Submit
C:\Windows\system\eJniiZl.exe

Filesize
6.0MB

MD5
fc06464a9141007881bf2bbad58ce6b6

SHA1
67df95d38e6451b4ff218379533ddbcd64ad1ab5

SHA256
1b58fd62d244e403ac27a10d0345e1e25c8d46888036b1d754c68c837b4ec557

SHA512
0c2c06ef8e5c32e77572ed4941b53fe3a2692d4a11c4926891ef4ef321461bc58da8ead745900455e9e40696b103e2df9771b0f1931079c4e3774685cd9543f0

Download Submit
C:\Windows\system\fTrQcvK.exe

Filesize
6.0MB

MD5
bdcbde84ada0fc9187c01b1c24a7b233

SHA1
117cb27438846df99b5948dcb0116b67541d2c42

SHA256
4ab833becc465e61a444242e405cb34addc8b7d4f2090b67acee9d6301b1aa4e

SHA512
f8c36f4aff02f528cfd0072d4203766ffaaeddd64e2d7836f77e9159c81fddf675162d273dc348c080df5ec79f5cc81e910cf5ae0a4575f4edeadd69acabfba1

Download Submit
C:\Windows\system\hyszECz.exe

Filesize
6.0MB

MD5
3e3e881d3634eb4927e2c4ae3bd46ef3

SHA1
c5ef0cf5bb46a34bb3aa8bbdf882062f53ac94cb

SHA256
6404f4b4cdcfca7088d8a622d23c7ac1e0f93af40b1e7b49b208815bffc9349d

SHA512
1ffd6b2a3090c06e6ecd43ed2863d7446e2ceede9cfefb079f6e4c2904ebda13b13ec6a928fbc1d4ff85597ad7b04707922d55f5fbe32e679dad08473d4d464b

Download Submit
C:\Windows\system\jDZupOL.exe

Filesize
6.0MB

MD5
934cfa46a0af84dc8f564195f28beca7

SHA1
4b0f7d85f395cbe0af1234c44611d87bd792ce8e

SHA256
1f98cf92a2e6a20dcb5d4c9beaa4561d83de51f1e30e7859e16c31cdacb3c643

SHA512
64c7a51209b47f767bf605ed9a4d2d25a505454646b9bfee911f6499c44113a3c83cd6452bd63aa6ef96b812fd162d40a2aaec3e04ff8b8df9896839deadbb9e

Download Submit
C:\Windows\system\kCJahGR.exe

Filesize
6.0MB

MD5
97a3d2e529af8733a6720902a93ac3c6

SHA1
e726ea99dcbf06d2451eb8a173b49137ed3132a6

SHA256
76f9dac0c38b013be2195346e77b163975751b35d00d9510f323edf3bfc96b71

SHA512
67b4e78be30abe12b147501e98ccff143d4966cb8b36be7081d765066fd70d49fb4c9e52609bfb617d5f9b23c0dcb1989e372b52054087e5ce41a887dee0ac3f

Download Submit
C:\Windows\system\mHJqDjl.exe

Filesize
6.0MB

MD5
d7a4d9c3b1cd24805e639ff149a1366b

SHA1
abd34118a4e8725c976632e04a5b0e21be6681ab

SHA256
ef992cce7e24e3a791840b970a8037cbed49e5dd4457981d48a70924cc3ff955

SHA512
69c7e2dadbb28f76245fdae1a24ab0ebfbacfbff2cdb843b594662673579a99d5777d4463dc39d8fd28b56c67f362bd008a974991675b86dc13bad58a1346bfc

Download Submit
C:\Windows\system\mQFAyhN.exe

Filesize
6.0MB

MD5
3ef81f1c663af272398f73391fbd27e6

SHA1
33a91d9413ea098d1d7d31a7d1c55efdb59190ea

SHA256
832cb93dab96d02c1c3fefa34978c638dfe15815ca607551e27181ae2005ce24

SHA512
28e606c1048334e34e2c3fd4500af11f32a45f625c11cf6e5bb872a9090993005d8d18e3c895dd90850257b583fe462a6573ecc232d05acda5bd1bf017c291c7

Download Submit
C:\Windows\system\nPPAFye.exe

Filesize
6.0MB

MD5
228813c95c33f91faf04d7b92f7af35e

SHA1
cebe1d3710f74dedf30bcd14f803bbbfee2bea70

SHA256
4f56e6d4feefa47bac428e6792a9ed5327bc9f635ed5002e60c2efab9dc920bd

SHA512
5ba4f23eb25b7222a9cbe74c948f93c08f7e71f2176f829aa82615bea6def78e87d34b9857edbf9fb7423abff8e1e2cc5e8177187dbf69c5894dde9265a3cabe

Download Submit
C:\Windows\system\ywHjilo.exe

Filesize
6.0MB

MD5
267ba585bb3fe071fb4749e287401886

SHA1
eb278eb0f6089189d360c139b7f38cd9a7452422

SHA256
f14d5fbbb7cff4040a717a6415d9d58b592019c2b1a2140320233608a5af8f03

SHA512
3398933d6250e096ed569abdd8627601662f960785dbe90a979801aa3f10830fc0dd6da62e234417678aa4baec7aa516595a0c64a02b94851e5f5e8e273837d6

Download Submit
\Windows\system\AHyGqyp.exe

Filesize
6.0MB

MD5
bcaebd5e341fc780bca2a3e8fcf17e4a

SHA1
e50354b78883ca0e59237d04d8f3e67c2268d001

SHA256
2061d7e264db2197db6f50a8fa92303341c8ca43098754549d3d5c5cd1738df3

SHA512
127db07720e4a8bc421787b95e39de393e9b08a90f7e2751e34b455a40c333175c2c154dd2e667b7ed71654e6d052afa75401d02303934f9de79852179706edd

Download Submit
\Windows\system\aHHFUVJ.exe

Filesize
6.0MB

MD5
2c550406991bb10a7e834fcf8e80ad91

SHA1
dc17ab995c184687ebb57234bcfc4d3354ea3f2d

SHA256
243cb066ada8fcf3667a65326a745b54462f83bf960d2299e661273003004269

SHA512
786558b96c5341a670c1d0761757a38aa00a107c066ea4f98d1b0bdda0fcaf52888aa0fea9772129ab48851b2a560f97051688fba96d946b3a1fb8d34ca26fc9

Download Submit
\Windows\system\icHLRDJ.exe

Filesize
6.0MB

MD5
83acead009a27adbd11023d1435158ca

SHA1
ebbf93485423c0764ab75238d5f35c0d682ef56a

SHA256
5a116c8a2858b8f9e5cab68425d7f2f4af42acec308144f0f53055785cb162fe

SHA512
1be3f371d560344e602d76fa51a168e45fa4785ba872f944bcceb2d84810f80a67f47e703d5251e8df5dbdf8123b7c11ee719869a85892201d236bd4cbf5550f

Download Submit
\Windows\system\lUwmPGD.exe

Filesize
6.0MB

MD5
9bc3b218226d3d6248195f14285d384f

SHA1
91268a0a44dcc02e970a9fcdcaaa27074e2d336e

SHA256
7067614c4d2c7fe36218eadd537460508a2d69c50f90f71fa5f2e26c00a9b4b2

SHA512
99d92ac59740c7b87b5d5120d572f5ab6fa056a2bc90e06aa7455217b75422bdb019d478f8a585c6f4d2e10fbfda604c424ccbb2c695b35c44f262331a05b643

Download Submit
\Windows\system\pvTHbuG.exe

Filesize
6.0MB

MD5
a83a7b9b02cc4f1f87bbd64368e8a00f

SHA1
4a06c46b5944ede7674a230da69ecd6a3f8ee8dd

SHA256
0b3c4e88859c2c6d88ef28228cd28697686f78fa5390518c87cc80a786a6f0c7

SHA512
ee81cb42eed5c017a6ce5259e6692f4ea90b7b16cfe14197dee7db1dfdc90522ff342e970a0a3d07e7a41380e2b49d04ccae6ebdf6ac63a5380a64462c5bce03

Download Submit
\Windows\system\qWeopFI.exe

Filesize
6.0MB

MD5
331fc30ddc2e3318ade145d0ca84389f

SHA1
172148741205aab49ad8863e7becba87ed8221d6

SHA256
2753ac52b33b2cca3253499746586b973861f2e5cc1bc84cb6616b4ce0b8521a

SHA512
edc395a749d4147bed70ef64539743bfe23e40ccaae8e8408f90cab24699ca1140a0f1ed2b6b09a2ad546a62bb22e55c75200f2ab26345c77a83db5aa8c77712

Download Submit
\Windows\system\xMZaheH.exe

Filesize
6.0MB

MD5
86864da50dbe8c3bd61483ce49660fc3

SHA1
40705573a56de95032341caff0dd427b0a24acf7

SHA256
72a3db2dd5b11785826ee90cdbe9e1f5f5fbca10093607d51bf75f3fdfe5528c

SHA512
8acccb61fd77bc26b679e8d525893a0ff96e68fa2ce02a6d6d04128707ddabacd63ba131d1ee0b16ea5d65071a3d640806a7bb6e7e22636e984544efe9a37092

Download Submit
memory/1016-50-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/1016-571-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/1076-59-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1076-490-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1076-26-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1548-69-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1548-106-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1548-765-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-148-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2332-80-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2332-803-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2588-593-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-86-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-56-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-88-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-866-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-592-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2700-68-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2700-36-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2708-89-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2708-60-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2708-766-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2712-487-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2712-64-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2712-29-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2784-482-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2784-11-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2784-46-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2856-109-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/2856-77-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2856-250-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-401-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-54-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2856-476-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-38-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2856-34-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-175-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-76-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2856-20-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2856-30-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2856-87-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-55-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-0-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2856-63-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-91-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-15-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-114-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2856-92-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-6-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-99-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-45-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-72-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2856-347-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-41-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2860-485-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2860-16-0x000000013F840000-0x000000013FB94000-memory.dmp

Filesize
3.3MB

Download
memory/2940-97-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-300-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2940-934-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-102-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-400-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2952-1018-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-110-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-475-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-1042-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download