cobaltstrike | f8e60ec9fd252220dee538ee2abdf9d8244e3b2c0a638d452fd9971e91787ac4

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

31eaa8c3839ab47611b5eaa3bde2582d
SHA1

549fce6bfe79675825805ba3b5ff4389daa1459e
SHA256

f8e60ec9fd252220dee538ee2abdf9d8244e3b2c0a638d452fd9971e91787ac4
SHA512

2a63811edfa2aa96a010da851811887bed1d2bb4ad6d3ff7d9036678c8ef00d13ede6a21bb12d1aca9f7d5da195dde900de316009b5ef79be927a0d20dda8bb9
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 39 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x0008000000012102-6.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001867d-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000186c8-10.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001878d-18.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c6-33.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000174bf-26.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000190c9-31.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000191fd-48.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42b-110.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46a-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c8-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c0-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c4-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4aa-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49c-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48c-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48e-144.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019217-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a431-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a301-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a345-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a1-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a067-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db8-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f9f-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019da4-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ca-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c6-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a434-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42f-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07b-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fb9-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d44-65.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000191f3-63.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/804-0-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000012102-6.dat	xmrig
behavioral1/files/0x000700000001867d-11.dat	xmrig
behavioral1/files/0x00070000000186c8-10.dat	xmrig
behavioral1/files/0x000600000001878d-18.dat	xmrig
behavioral1/memory/2420-37-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2296-36-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x00070000000190c6-33.dat	xmrig
behavioral1/files/0x00090000000174bf-26.dat	xmrig
behavioral1/files/0x00070000000190c9-31.dat	xmrig
behavioral1/files/0x00070000000191fd-48.dat	xmrig
behavioral1/memory/804-42-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a42b-110.dat	xmrig
behavioral1/memory/804-58-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x000500000001a46a-138.dat	xmrig
behavioral1/files/0x000500000001a4c8-181.dat	xmrig
behavioral1/memory/1336-1394-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/1228-1567-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/804-456-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4c0-175.dat	xmrig
behavioral1/files/0x000500000001a4c4-172.dat	xmrig
behavioral1/files/0x000500000001a4bb-166.dat	xmrig
behavioral1/files/0x000500000001a4aa-161.dat	xmrig
behavioral1/files/0x000500000001a4b5-158.dat	xmrig
behavioral1/files/0x000500000001a49c-152.dat	xmrig
behavioral1/files/0x000500000001a48c-147.dat	xmrig
behavioral1/files/0x000500000001a48e-144.dat	xmrig
behavioral1/files/0x0007000000019217-132.dat	xmrig
behavioral1/files/0x000500000001a431-128.dat	xmrig
behavioral1/files/0x000500000001a301-120.dat	xmrig
behavioral1/files/0x000500000001a42d-115.dat	xmrig
behavioral1/files/0x000500000001a345-107.dat	xmrig
behavioral1/memory/804-103-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0a1-100.dat	xmrig
behavioral1/files/0x000500000001a067-90.dat	xmrig
behavioral1/files/0x0005000000019db8-85.dat	xmrig
behavioral1/files/0x0005000000019f9f-82.dat	xmrig
behavioral1/memory/804-77-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/2632-74-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2928-73-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x0005000000019da4-71.dat	xmrig
behavioral1/memory/2828-57-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ca-192.dat	xmrig
behavioral1/files/0x000500000001a4c6-179.dat	xmrig
behavioral1/files/0x000500000001a4b7-164.dat	xmrig
behavioral1/files/0x000500000001a49a-150.dat	xmrig
behavioral1/files/0x000500000001a434-135.dat	xmrig
behavioral1/files/0x000500000001a42f-127.dat	xmrig
behavioral1/memory/1228-99-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1336-98-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x000500000001a07b-97.dat	xmrig
behavioral1/files/0x0005000000019fb9-96.dat	xmrig
behavioral1/memory/2952-70-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/804-67-0x0000000002350000-0x00000000026A4000-memory.dmp	xmrig
behavioral1/memory/2880-66-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d44-65.dat	xmrig
behavioral1/files/0x00060000000191f3-63.dat	xmrig
behavioral1/memory/2604-47-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
behavioral1/memory/804-55-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2460-53-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2160-52-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2420-4024-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2160-4025-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2604-4026-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

kYeJTeN.exeAKwHfbn.exeqJMDUQf.exemOcvzCI.exepEaLGze.exeocYQYnb.exevjEdGZu.exeVlUBwLV.exeqDdqKxw.exeWPKCcAs.exeIPnULEH.execweWBMB.exeDZzMVXO.execGgJnRO.exeKnVNarB.exeZNrtlcy.exepotqNcI.exeRHYTFlN.exehHUoJrg.exeHuPnDXF.exeGxRIXVr.exeSmhJjYR.exehyJjFYh.exerFlBPeR.exeqkvoedK.exeiTDqjto.exehmdOMSJ.exeXduMtGp.exeNScLUYs.exeAVAEykN.exesHhRwiF.exeBbsdndt.exervsvuom.exejdTPMpr.exeKYJrodl.exelcTeNEB.exeabYHTtK.exeZJuNCse.exeGmUqWsk.exeVToqAzY.exeyFKKFlo.exeVZBCgqP.exelXLtSUW.exevihlyQp.exerfsFhEj.exeIKOdgze.exeYQMHtKY.exedFaYUUt.exeWgXTjrn.exeRqdOKEu.exewuCEyca.exetkCVmMt.exezejAcmO.exeAQQNqMV.exexvoXaUQ.exeApvDoNV.exeRLKPLRF.exeFhBdVNl.exefCRLDKx.exefxPqnfu.exekLiayaw.exePMHuJCB.exehyeILbT.exehonVwcE.exe

pid	Process
2420	kYeJTeN.exe
2604	AKwHfbn.exe
2160	qJMDUQf.exe
2460	mOcvzCI.exe
2296	pEaLGze.exe
2880	ocYQYnb.exe
2828	vjEdGZu.exe
2952	VlUBwLV.exe
2928	qDdqKxw.exe
2632	WPKCcAs.exe
1336	IPnULEH.exe
1228	cweWBMB.exe
1352	DZzMVXO.exe
592	cGgJnRO.exe
2096	KnVNarB.exe
640	ZNrtlcy.exe
2804	potqNcI.exe
1780	RHYTFlN.exe
2064	hHUoJrg.exe
3004	HuPnDXF.exe
2600	GxRIXVr.exe
2508	SmhJjYR.exe
1412	hyJjFYh.exe
1644	rFlBPeR.exe
1800	qkvoedK.exe
1744	iTDqjto.exe
1580	hmdOMSJ.exe
976	XduMtGp.exe
2348	NScLUYs.exe
2476	AVAEykN.exe
2256	sHhRwiF.exe
628	Bbsdndt.exe
284	rvsvuom.exe
1408	jdTPMpr.exe
2172	KYJrodl.exe
1632	lcTeNEB.exe
2428	abYHTtK.exe
2136	ZJuNCse.exe
572	GmUqWsk.exe
2872	VToqAzY.exe
2832	yFKKFlo.exe
2628	VZBCgqP.exe
400	lXLtSUW.exe
1100	vihlyQp.exe
2968	rfsFhEj.exe
700	IKOdgze.exe
2692	YQMHtKY.exe
1532	dFaYUUt.exe
1264	WgXTjrn.exe
2860	RqdOKEu.exe
316	wuCEyca.exe
2228	tkCVmMt.exe
1204	zejAcmO.exe
2412	AQQNqMV.exe
3000	xvoXaUQ.exe
1132	ApvDoNV.exe
1700	RLKPLRF.exe
1956	FhBdVNl.exe
1216	fCRLDKx.exe
1740	fxPqnfu.exe
2536	kLiayaw.exe
2060	PMHuJCB.exe
1820	hyeILbT.exe
2144	honVwcE.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/804-0-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0008000000012102-6.dat	upx
behavioral1/files/0x000700000001867d-11.dat	upx
behavioral1/files/0x00070000000186c8-10.dat	upx
behavioral1/files/0x000600000001878d-18.dat	upx
behavioral1/memory/2420-37-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2296-36-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x00070000000190c6-33.dat	upx
behavioral1/files/0x00090000000174bf-26.dat	upx
behavioral1/files/0x00070000000190c9-31.dat	upx
behavioral1/files/0x00070000000191fd-48.dat	upx
behavioral1/files/0x000500000001a42b-110.dat	upx
behavioral1/files/0x000500000001a46a-138.dat	upx
behavioral1/files/0x000500000001a4c8-181.dat	upx
behavioral1/memory/1336-1394-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/1228-1567-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/804-456-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x000500000001a4c0-175.dat	upx
behavioral1/files/0x000500000001a4c4-172.dat	upx
behavioral1/files/0x000500000001a4bb-166.dat	upx
behavioral1/files/0x000500000001a4aa-161.dat	upx
behavioral1/files/0x000500000001a4b5-158.dat	upx
behavioral1/files/0x000500000001a49c-152.dat	upx
behavioral1/files/0x000500000001a48c-147.dat	upx
behavioral1/files/0x000500000001a48e-144.dat	upx
behavioral1/files/0x0007000000019217-132.dat	upx
behavioral1/files/0x000500000001a431-128.dat	upx
behavioral1/files/0x000500000001a301-120.dat	upx
behavioral1/files/0x000500000001a42d-115.dat	upx
behavioral1/files/0x000500000001a345-107.dat	upx
behavioral1/files/0x000500000001a0a1-100.dat	upx
behavioral1/files/0x000500000001a067-90.dat	upx
behavioral1/files/0x0005000000019db8-85.dat	upx
behavioral1/files/0x0005000000019f9f-82.dat	upx
behavioral1/memory/2632-74-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2928-73-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x0005000000019da4-71.dat	upx
behavioral1/memory/2828-57-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x000500000001a4ca-192.dat	upx
behavioral1/files/0x000500000001a4c6-179.dat	upx
behavioral1/files/0x000500000001a4b7-164.dat	upx
behavioral1/files/0x000500000001a49a-150.dat	upx
behavioral1/files/0x000500000001a434-135.dat	upx
behavioral1/files/0x000500000001a42f-127.dat	upx
behavioral1/memory/1228-99-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1336-98-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x000500000001a07b-97.dat	upx
behavioral1/files/0x0005000000019fb9-96.dat	upx
behavioral1/memory/2952-70-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2880-66-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x0005000000019d44-65.dat	upx
behavioral1/files/0x00060000000191f3-63.dat	upx
behavioral1/memory/2604-47-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2460-53-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2160-52-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2420-4024-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2160-4025-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2604-4026-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2296-4027-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2460-4029-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2828-4028-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2880-4030-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2952-4031-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2632-4032-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\geliWoU.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuXlRCB.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSHBIqS.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLEEWGq.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGYHigD.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdTmKes.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ruFvZDj.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoQruul.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmhJjYR.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VcwJLMf.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JrBOrQm.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzgxMQj.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIwkkct.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tEVsQyF.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TARyXSj.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vuvhmiv.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkoEuoK.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyjfPNl.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vITlVQV.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYxnrTl.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VofzpFG.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khIxvlJ.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXFXmRW.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKRiWtp.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkRgNvN.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OcyFVds.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogzclez.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mtdVSZB.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UUEHIFS.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vlGnmGb.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XcdAnln.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLKPLRF.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRFSfpF.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmqIISP.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\islesjT.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsmKdTt.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJxuTKc.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXeaCif.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEuUwnK.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUTCnKg.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPvQWMu.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClcHALI.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhxWBCT.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DcFmgsg.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVKDVHU.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWAvSjH.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLcOfdC.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxzNgKe.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\djyStiS.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iLqzzTN.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\weyAPCB.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCEubOF.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KeTnsBV.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXDzuDY.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAPMJqz.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sYucvbr.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJuUnlD.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjigxAm.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soRxeQj.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qARxKRB.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWbqhzz.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmMgBog.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bquhWQX.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nviqnbN.exe	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 804 wrote to memory of 2420	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 804 wrote to memory of 2420	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 804 wrote to memory of 2420	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 804 wrote to memory of 2604	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 804 wrote to memory of 2604	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 804 wrote to memory of 2604	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 804 wrote to memory of 2160	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 804 wrote to memory of 2160	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 804 wrote to memory of 2160	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 804 wrote to memory of 2460	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 804 wrote to memory of 2460	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 804 wrote to memory of 2460	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 804 wrote to memory of 2296	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 804 wrote to memory of 2296	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 804 wrote to memory of 2296	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 804 wrote to memory of 2828	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 804 wrote to memory of 2828	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 804 wrote to memory of 2828	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 804 wrote to memory of 2880	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 804 wrote to memory of 2880	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 804 wrote to memory of 2880	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 804 wrote to memory of 2928	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 804 wrote to memory of 2928	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 804 wrote to memory of 2928	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 804 wrote to memory of 2952	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 804 wrote to memory of 2952	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 804 wrote to memory of 2952	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 804 wrote to memory of 2804	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 804 wrote to memory of 2804	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 804 wrote to memory of 2804	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 804 wrote to memory of 2632	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 804 wrote to memory of 2632	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 804 wrote to memory of 2632	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 804 wrote to memory of 2172	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 804 wrote to memory of 2172	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 804 wrote to memory of 2172	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 804 wrote to memory of 1336	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 804 wrote to memory of 1336	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 804 wrote to memory of 1336	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 804 wrote to memory of 572	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 804 wrote to memory of 572	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 804 wrote to memory of 572	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 804 wrote to memory of 1228	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 804 wrote to memory of 1228	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 804 wrote to memory of 1228	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 804 wrote to memory of 2872	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 804 wrote to memory of 2872	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 804 wrote to memory of 2872	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 804 wrote to memory of 1352	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 804 wrote to memory of 1352	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 804 wrote to memory of 1352	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 804 wrote to memory of 1100	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 804 wrote to memory of 1100	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 804 wrote to memory of 1100	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 804 wrote to memory of 592	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 804 wrote to memory of 592	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 804 wrote to memory of 592	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 804 wrote to memory of 2692	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 804 wrote to memory of 2692	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 804 wrote to memory of 2692	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 804 wrote to memory of 2096	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 804 wrote to memory of 2096	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 804 wrote to memory of 2096	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 804 wrote to memory of 1532	804	2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_31eaa8c3839ab47611b5eaa3bde2582d_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\System\kYeJTeN.exe
  C:\Windows\System\kYeJTeN.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\AKwHfbn.exe
  C:\Windows\System\AKwHfbn.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\qJMDUQf.exe
  C:\Windows\System\qJMDUQf.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\mOcvzCI.exe
  C:\Windows\System\mOcvzCI.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\pEaLGze.exe
  C:\Windows\System\pEaLGze.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\vjEdGZu.exe
  C:\Windows\System\vjEdGZu.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\ocYQYnb.exe
  C:\Windows\System\ocYQYnb.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\qDdqKxw.exe
  C:\Windows\System\qDdqKxw.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\VlUBwLV.exe
  C:\Windows\System\VlUBwLV.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\potqNcI.exe
  C:\Windows\System\potqNcI.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\WPKCcAs.exe
  C:\Windows\System\WPKCcAs.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\KYJrodl.exe
  C:\Windows\System\KYJrodl.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\IPnULEH.exe
  C:\Windows\System\IPnULEH.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\GmUqWsk.exe
  C:\Windows\System\GmUqWsk.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\cweWBMB.exe
  C:\Windows\System\cweWBMB.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\VToqAzY.exe
  C:\Windows\System\VToqAzY.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\DZzMVXO.exe
  C:\Windows\System\DZzMVXO.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\vihlyQp.exe
  C:\Windows\System\vihlyQp.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\cGgJnRO.exe
  C:\Windows\System\cGgJnRO.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\YQMHtKY.exe
  C:\Windows\System\YQMHtKY.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\KnVNarB.exe
  C:\Windows\System\KnVNarB.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\dFaYUUt.exe
  C:\Windows\System\dFaYUUt.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\ZNrtlcy.exe
  C:\Windows\System\ZNrtlcy.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\WgXTjrn.exe
  C:\Windows\System\WgXTjrn.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\RHYTFlN.exe
  C:\Windows\System\RHYTFlN.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\RqdOKEu.exe
  C:\Windows\System\RqdOKEu.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\hHUoJrg.exe
  C:\Windows\System\hHUoJrg.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\wuCEyca.exe
  C:\Windows\System\wuCEyca.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\HuPnDXF.exe
  C:\Windows\System\HuPnDXF.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\AQQNqMV.exe
  C:\Windows\System\AQQNqMV.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\GxRIXVr.exe
  C:\Windows\System\GxRIXVr.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\xvoXaUQ.exe
  C:\Windows\System\xvoXaUQ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\SmhJjYR.exe
  C:\Windows\System\SmhJjYR.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\ApvDoNV.exe
  C:\Windows\System\ApvDoNV.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\hyJjFYh.exe
  C:\Windows\System\hyJjFYh.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\FhBdVNl.exe
  C:\Windows\System\FhBdVNl.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\rFlBPeR.exe
  C:\Windows\System\rFlBPeR.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\fCRLDKx.exe
  C:\Windows\System\fCRLDKx.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\qkvoedK.exe
  C:\Windows\System\qkvoedK.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\fxPqnfu.exe
  C:\Windows\System\fxPqnfu.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\iTDqjto.exe
  C:\Windows\System\iTDqjto.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\PMHuJCB.exe
  C:\Windows\System\PMHuJCB.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\hmdOMSJ.exe
  C:\Windows\System\hmdOMSJ.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\hyeILbT.exe
  C:\Windows\System\hyeILbT.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\XduMtGp.exe
  C:\Windows\System\XduMtGp.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\honVwcE.exe
  C:\Windows\System\honVwcE.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\NScLUYs.exe
  C:\Windows\System\NScLUYs.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\IRJTtbf.exe
  C:\Windows\System\IRJTtbf.exe
  2⤵
  PID:3032
- C:\Windows\System\AVAEykN.exe
  C:\Windows\System\AVAEykN.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\vcXAieX.exe
  C:\Windows\System\vcXAieX.exe
  2⤵
  PID:3036
- C:\Windows\System\sHhRwiF.exe
  C:\Windows\System\sHhRwiF.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\PygOBJw.exe
  C:\Windows\System\PygOBJw.exe
  2⤵
  PID:288
- C:\Windows\System\Bbsdndt.exe
  C:\Windows\System\Bbsdndt.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\oRWiFoI.exe
  C:\Windows\System\oRWiFoI.exe
  2⤵
  PID:848
- C:\Windows\System\rvsvuom.exe
  C:\Windows\System\rvsvuom.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\XVDunNR.exe
  C:\Windows\System\XVDunNR.exe
  2⤵
  PID:1536
- C:\Windows\System\jdTPMpr.exe
  C:\Windows\System\jdTPMpr.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\lPivlIv.exe
  C:\Windows\System\lPivlIv.exe
  2⤵
  PID:2108
- C:\Windows\System\lcTeNEB.exe
  C:\Windows\System\lcTeNEB.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ZJfrWvp.exe
  C:\Windows\System\ZJfrWvp.exe
  2⤵
  PID:2112
- C:\Windows\System\abYHTtK.exe
  C:\Windows\System\abYHTtK.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\soRxeQj.exe
  C:\Windows\System\soRxeQj.exe
  2⤵
  PID:1976
- C:\Windows\System\ZJuNCse.exe
  C:\Windows\System\ZJuNCse.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\NrSOIDj.exe
  C:\Windows\System\NrSOIDj.exe
  2⤵
  PID:2868
- C:\Windows\System\yFKKFlo.exe
  C:\Windows\System\yFKKFlo.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\eQlbARe.exe
  C:\Windows\System\eQlbARe.exe
  2⤵
  PID:2948
- C:\Windows\System\VZBCgqP.exe
  C:\Windows\System\VZBCgqP.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\mZAkFaQ.exe
  C:\Windows\System\mZAkFaQ.exe
  2⤵
  PID:476
- C:\Windows\System\lXLtSUW.exe
  C:\Windows\System\lXLtSUW.exe
  2⤵
  - Executes dropped EXE
  PID:400
- C:\Windows\System\VlRuqdU.exe
  C:\Windows\System\VlRuqdU.exe
  2⤵
  PID:2036
- C:\Windows\System\rfsFhEj.exe
  C:\Windows\System\rfsFhEj.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\ccFzJkC.exe
  C:\Windows\System\ccFzJkC.exe
  2⤵
  PID:2544
- C:\Windows\System\IKOdgze.exe
  C:\Windows\System\IKOdgze.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\BPliYJb.exe
  C:\Windows\System\BPliYJb.exe
  2⤵
  PID:1236
- C:\Windows\System\tkCVmMt.exe
  C:\Windows\System\tkCVmMt.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\ADRMSGY.exe
  C:\Windows\System\ADRMSGY.exe
  2⤵
  PID:2484
- C:\Windows\System\zejAcmO.exe
  C:\Windows\System\zejAcmO.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\qHCCfJd.exe
  C:\Windows\System\qHCCfJd.exe
  2⤵
  PID:2024
- C:\Windows\System\RLKPLRF.exe
  C:\Windows\System\RLKPLRF.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\xrmMbel.exe
  C:\Windows\System\xrmMbel.exe
  2⤵
  PID:2816
- C:\Windows\System\kLiayaw.exe
  C:\Windows\System\kLiayaw.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\gAeZzsS.exe
  C:\Windows\System\gAeZzsS.exe
  2⤵
  PID:3096
- C:\Windows\System\UdOWVIk.exe
  C:\Windows\System\UdOWVIk.exe
  2⤵
  PID:3120
- C:\Windows\System\cjJsIAl.exe
  C:\Windows\System\cjJsIAl.exe
  2⤵
  PID:3148
- C:\Windows\System\oecOESJ.exe
  C:\Windows\System\oecOESJ.exe
  2⤵
  PID:3260
- C:\Windows\System\egzSbcf.exe
  C:\Windows\System\egzSbcf.exe
  2⤵
  PID:3312
- C:\Windows\System\XTfGuND.exe
  C:\Windows\System\XTfGuND.exe
  2⤵
  PID:3328
- C:\Windows\System\ikPUJoS.exe
  C:\Windows\System\ikPUJoS.exe
  2⤵
  PID:3344
- C:\Windows\System\ybbnoLP.exe
  C:\Windows\System\ybbnoLP.exe
  2⤵
  PID:3372
- C:\Windows\System\lqiDQZi.exe
  C:\Windows\System\lqiDQZi.exe
  2⤵
  PID:3388
- C:\Windows\System\fOGIPny.exe
  C:\Windows\System\fOGIPny.exe
  2⤵
  PID:3404
- C:\Windows\System\tomUkyr.exe
  C:\Windows\System\tomUkyr.exe
  2⤵
  PID:3424
- C:\Windows\System\tRHcjXZ.exe
  C:\Windows\System\tRHcjXZ.exe
  2⤵
  PID:3444
- C:\Windows\System\UgLszyG.exe
  C:\Windows\System\UgLszyG.exe
  2⤵
  PID:3460
- C:\Windows\System\pNtaDpv.exe
  C:\Windows\System\pNtaDpv.exe
  2⤵
  PID:3480
- C:\Windows\System\GOBMTYZ.exe
  C:\Windows\System\GOBMTYZ.exe
  2⤵
  PID:3504
- C:\Windows\System\HESjoZV.exe
  C:\Windows\System\HESjoZV.exe
  2⤵
  PID:3524
- C:\Windows\System\itaerSP.exe
  C:\Windows\System\itaerSP.exe
  2⤵
  PID:3540
- C:\Windows\System\CITRuaU.exe
  C:\Windows\System\CITRuaU.exe
  2⤵
  PID:3556
- C:\Windows\System\veFvTSO.exe
  C:\Windows\System\veFvTSO.exe
  2⤵
  PID:3584
- C:\Windows\System\tkKLJHZ.exe
  C:\Windows\System\tkKLJHZ.exe
  2⤵
  PID:3612
- C:\Windows\System\fMDtDre.exe
  C:\Windows\System\fMDtDre.exe
  2⤵
  PID:3632
- C:\Windows\System\djyStiS.exe
  C:\Windows\System\djyStiS.exe
  2⤵
  PID:3652
- C:\Windows\System\VcwJLMf.exe
  C:\Windows\System\VcwJLMf.exe
  2⤵
  PID:3672
- C:\Windows\System\sjYbENl.exe
  C:\Windows\System\sjYbENl.exe
  2⤵
  PID:3692
- C:\Windows\System\ZLvvVQR.exe
  C:\Windows\System\ZLvvVQR.exe
  2⤵
  PID:3712
- C:\Windows\System\txCFhne.exe
  C:\Windows\System\txCFhne.exe
  2⤵
  PID:3728
- C:\Windows\System\XotJuLL.exe
  C:\Windows\System\XotJuLL.exe
  2⤵
  PID:3752
- C:\Windows\System\hXzfacH.exe
  C:\Windows\System\hXzfacH.exe
  2⤵
  PID:3772
- C:\Windows\System\qARxKRB.exe
  C:\Windows\System\qARxKRB.exe
  2⤵
  PID:3788
- C:\Windows\System\UJllpzb.exe
  C:\Windows\System\UJllpzb.exe
  2⤵
  PID:3804
- C:\Windows\System\NtLZPjk.exe
  C:\Windows\System\NtLZPjk.exe
  2⤵
  PID:3820
- C:\Windows\System\nMUUCJV.exe
  C:\Windows\System\nMUUCJV.exe
  2⤵
  PID:3836
- C:\Windows\System\rwePTCi.exe
  C:\Windows\System\rwePTCi.exe
  2⤵
  PID:3860
- C:\Windows\System\DQFFasO.exe
  C:\Windows\System\DQFFasO.exe
  2⤵
  PID:3888
- C:\Windows\System\dqyNIsP.exe
  C:\Windows\System\dqyNIsP.exe
  2⤵
  PID:3912
- C:\Windows\System\VdwPDZR.exe
  C:\Windows\System\VdwPDZR.exe
  2⤵
  PID:3932
- C:\Windows\System\uRbiLKM.exe
  C:\Windows\System\uRbiLKM.exe
  2⤵
  PID:3948
- C:\Windows\System\pUibhGX.exe
  C:\Windows\System\pUibhGX.exe
  2⤵
  PID:3968
- C:\Windows\System\HjFNthS.exe
  C:\Windows\System\HjFNthS.exe
  2⤵
  PID:3992
- C:\Windows\System\pglGZft.exe
  C:\Windows\System\pglGZft.exe
  2⤵
  PID:4008
- C:\Windows\System\iLbtRqc.exe
  C:\Windows\System\iLbtRqc.exe
  2⤵
  PID:4024
- C:\Windows\System\MYoTuNg.exe
  C:\Windows\System\MYoTuNg.exe
  2⤵
  PID:4044
- C:\Windows\System\ShRadVJ.exe
  C:\Windows\System\ShRadVJ.exe
  2⤵
  PID:4076
- C:\Windows\System\zhySfpJ.exe
  C:\Windows\System\zhySfpJ.exe
  2⤵
  PID:2076
- C:\Windows\System\pXjbQtY.exe
  C:\Windows\System\pXjbQtY.exe
  2⤵
  PID:2744
- C:\Windows\System\aieRhmI.exe
  C:\Windows\System\aieRhmI.exe
  2⤵
  PID:2480
- C:\Windows\System\UCKEQpE.exe
  C:\Windows\System\UCKEQpE.exe
  2⤵
  PID:1220
- C:\Windows\System\NcwpFUF.exe
  C:\Windows\System\NcwpFUF.exe
  2⤵
  PID:1928
- C:\Windows\System\nJiEXxc.exe
  C:\Windows\System\nJiEXxc.exe
  2⤵
  PID:996
- C:\Windows\System\iCFmerA.exe
  C:\Windows\System\iCFmerA.exe
  2⤵
  PID:2452
- C:\Windows\System\KblYrZf.exe
  C:\Windows\System\KblYrZf.exe
  2⤵
  PID:1880
- C:\Windows\System\wXjoarb.exe
  C:\Windows\System\wXjoarb.exe
  2⤵
  PID:3088
- C:\Windows\System\LUMhhlu.exe
  C:\Windows\System\LUMhhlu.exe
  2⤵
  PID:3136
- C:\Windows\System\jpdeBlr.exe
  C:\Windows\System\jpdeBlr.exe
  2⤵
  PID:2516
- C:\Windows\System\hJkhogS.exe
  C:\Windows\System\hJkhogS.exe
  2⤵
  PID:1608
- C:\Windows\System\bquhWQX.exe
  C:\Windows\System\bquhWQX.exe
  2⤵
  PID:1184
- C:\Windows\System\TDBDSon.exe
  C:\Windows\System\TDBDSon.exe
  2⤵
  PID:1448
- C:\Windows\System\RDToezL.exe
  C:\Windows\System\RDToezL.exe
  2⤵
  PID:1452
- C:\Windows\System\isWxvXP.exe
  C:\Windows\System\isWxvXP.exe
  2⤵
  PID:2416
- C:\Windows\System\JWbqhzz.exe
  C:\Windows\System\JWbqhzz.exe
  2⤵
  PID:1628
- C:\Windows\System\gWGtvlZ.exe
  C:\Windows\System\gWGtvlZ.exe
  2⤵
  PID:1164
- C:\Windows\System\qfcOPaS.exe
  C:\Windows\System\qfcOPaS.exe
  2⤵
  PID:2512
- C:\Windows\System\bXDzuDY.exe
  C:\Windows\System\bXDzuDY.exe
  2⤵
  PID:3272
- C:\Windows\System\VofzpFG.exe
  C:\Windows\System\VofzpFG.exe
  2⤵
  PID:3292
- C:\Windows\System\bhuOsjj.exe
  C:\Windows\System\bhuOsjj.exe
  2⤵
  PID:1812
- C:\Windows\System\pMsNvIs.exe
  C:\Windows\System\pMsNvIs.exe
  2⤵
  PID:3156
- C:\Windows\System\VsIkKVa.exe
  C:\Windows\System\VsIkKVa.exe
  2⤵
  PID:1512
- C:\Windows\System\gIABGCi.exe
  C:\Windows\System\gIABGCi.exe
  2⤵
  PID:2668
- C:\Windows\System\yRdQQUa.exe
  C:\Windows\System\yRdQQUa.exe
  2⤵
  PID:2908
- C:\Windows\System\SvlhCfk.exe
  C:\Windows\System\SvlhCfk.exe
  2⤵
  PID:2432
- C:\Windows\System\uVKGETu.exe
  C:\Windows\System\uVKGETu.exe
  2⤵
  PID:900
- C:\Windows\System\khIxvlJ.exe
  C:\Windows\System\khIxvlJ.exe
  2⤵
  PID:3308
- C:\Windows\System\feWdfss.exe
  C:\Windows\System\feWdfss.exe
  2⤵
  PID:3228
- C:\Windows\System\rhLxvxF.exe
  C:\Windows\System\rhLxvxF.exe
  2⤵
  PID:3244
- C:\Windows\System\WkoPxUL.exe
  C:\Windows\System\WkoPxUL.exe
  2⤵
  PID:3340
- C:\Windows\System\xRuasWH.exe
  C:\Windows\System\xRuasWH.exe
  2⤵
  PID:3416
- C:\Windows\System\BtAeifT.exe
  C:\Windows\System\BtAeifT.exe
  2⤵
  PID:3324
- C:\Windows\System\tnSMpiM.exe
  C:\Windows\System\tnSMpiM.exe
  2⤵
  PID:3496
- C:\Windows\System\KFdnteX.exe
  C:\Windows\System\KFdnteX.exe
  2⤵
  PID:3432
- C:\Windows\System\tEVsQyF.exe
  C:\Windows\System\tEVsQyF.exe
  2⤵
  PID:3564
- C:\Windows\System\eUxFFFj.exe
  C:\Windows\System\eUxFFFj.exe
  2⤵
  PID:3468
- C:\Windows\System\rnRUEdQ.exe
  C:\Windows\System\rnRUEdQ.exe
  2⤵
  PID:3592
- C:\Windows\System\uwLlYMf.exe
  C:\Windows\System\uwLlYMf.exe
  2⤵
  PID:3624
- C:\Windows\System\dXuLsHA.exe
  C:\Windows\System\dXuLsHA.exe
  2⤵
  PID:3608
- C:\Windows\System\MZfCttG.exe
  C:\Windows\System\MZfCttG.exe
  2⤵
  PID:3640
- C:\Windows\System\pTCeeXx.exe
  C:\Windows\System\pTCeeXx.exe
  2⤵
  PID:3704
- C:\Windows\System\JrBOrQm.exe
  C:\Windows\System\JrBOrQm.exe
  2⤵
  PID:3680
- C:\Windows\System\sKnaYOt.exe
  C:\Windows\System\sKnaYOt.exe
  2⤵
  PID:3784
- C:\Windows\System\ByeAPAK.exe
  C:\Windows\System\ByeAPAK.exe
  2⤵
  PID:3844
- C:\Windows\System\nviqnbN.exe
  C:\Windows\System\nviqnbN.exe
  2⤵
  PID:3856
- C:\Windows\System\xsMopYO.exe
  C:\Windows\System\xsMopYO.exe
  2⤵
  PID:3872
- C:\Windows\System\SgpcjfL.exe
  C:\Windows\System\SgpcjfL.exe
  2⤵
  PID:3904
- C:\Windows\System\cGPQbBU.exe
  C:\Windows\System\cGPQbBU.exe
  2⤵
  PID:3944
- C:\Windows\System\kDLqENi.exe
  C:\Windows\System\kDLqENi.exe
  2⤵
  PID:3920
- C:\Windows\System\UtglthE.exe
  C:\Windows\System\UtglthE.exe
  2⤵
  PID:4016
- C:\Windows\System\fOqWAGo.exe
  C:\Windows\System\fOqWAGo.exe
  2⤵
  PID:4040
- C:\Windows\System\uTkrlke.exe
  C:\Windows\System\uTkrlke.exe
  2⤵
  PID:4072
- C:\Windows\System\wlROFIY.exe
  C:\Windows\System\wlROFIY.exe
  2⤵
  PID:4092
- C:\Windows\System\IQuiRMW.exe
  C:\Windows\System\IQuiRMW.exe
  2⤵
  PID:2864
- C:\Windows\System\vfvOImv.exe
  C:\Windows\System\vfvOImv.exe
  2⤵
  PID:2748
- C:\Windows\System\KvisobM.exe
  C:\Windows\System\KvisobM.exe
  2⤵
  PID:2104
- C:\Windows\System\kUvmiMI.exe
  C:\Windows\System\kUvmiMI.exe
  2⤵
  PID:2616
- C:\Windows\System\meGKgXq.exe
  C:\Windows\System\meGKgXq.exe
  2⤵
  PID:3084
- C:\Windows\System\YFUoRtm.exe
  C:\Windows\System\YFUoRtm.exe
  2⤵
  PID:1592
- C:\Windows\System\egfsnCH.exe
  C:\Windows\System\egfsnCH.exe
  2⤵
  PID:1308
- C:\Windows\System\mvZQvkg.exe
  C:\Windows\System\mvZQvkg.exe
  2⤵
  PID:2120
- C:\Windows\System\YdihDLN.exe
  C:\Windows\System\YdihDLN.exe
  2⤵
  PID:2972
- C:\Windows\System\HqjDIHp.exe
  C:\Windows\System\HqjDIHp.exe
  2⤵
  PID:2796
- C:\Windows\System\ljOxljJ.exe
  C:\Windows\System\ljOxljJ.exe
  2⤵
  PID:1584
- C:\Windows\System\spEQHJy.exe
  C:\Windows\System\spEQHJy.exe
  2⤵
  PID:3284
- C:\Windows\System\RRaMAwn.exe
  C:\Windows\System\RRaMAwn.exe
  2⤵
  PID:3108
- C:\Windows\System\ZVLXYPT.exe
  C:\Windows\System\ZVLXYPT.exe
  2⤵
  PID:1904
- C:\Windows\System\aHPuKDv.exe
  C:\Windows\System\aHPuKDv.exe
  2⤵
  PID:1624
- C:\Windows\System\OLcggVv.exe
  C:\Windows\System\OLcggVv.exe
  2⤵
  PID:2128
- C:\Windows\System\IacfHxx.exe
  C:\Windows\System\IacfHxx.exe
  2⤵
  PID:1964
- C:\Windows\System\qiTlXAH.exe
  C:\Windows\System\qiTlXAH.exe
  2⤵
  PID:3256
- C:\Windows\System\nyUgOZM.exe
  C:\Windows\System\nyUgOZM.exe
  2⤵
  PID:3320
- C:\Windows\System\jNACoaW.exe
  C:\Windows\System\jNACoaW.exe
  2⤵
  PID:3492
- C:\Windows\System\dmHolvk.exe
  C:\Windows\System\dmHolvk.exe
  2⤵
  PID:3536
- C:\Windows\System\HzgxMQj.exe
  C:\Windows\System\HzgxMQj.exe
  2⤵
  PID:3472
- C:\Windows\System\FCgZyCd.exe
  C:\Windows\System\FCgZyCd.exe
  2⤵
  PID:3664
- C:\Windows\System\plDpdwq.exe
  C:\Windows\System\plDpdwq.exe
  2⤵
  PID:3748
- C:\Windows\System\kMNwzAK.exe
  C:\Windows\System\kMNwzAK.exe
  2⤵
  PID:3648
- C:\Windows\System\RWeZnVu.exe
  C:\Windows\System\RWeZnVu.exe
  2⤵
  PID:3832
- C:\Windows\System\agMANuc.exe
  C:\Windows\System\agMANuc.exe
  2⤵
  PID:3780
- C:\Windows\System\MVrJRmG.exe
  C:\Windows\System\MVrJRmG.exe
  2⤵
  PID:3800
- C:\Windows\System\IHEEeGE.exe
  C:\Windows\System\IHEEeGE.exe
  2⤵
  PID:3956
- C:\Windows\System\DeyAjgb.exe
  C:\Windows\System\DeyAjgb.exe
  2⤵
  PID:4064
- C:\Windows\System\lrfRCUX.exe
  C:\Windows\System\lrfRCUX.exe
  2⤵
  PID:2292
- C:\Windows\System\iTORSHy.exe
  C:\Windows\System\iTORSHy.exe
  2⤵
  PID:3980
- C:\Windows\System\fDIjjzv.exe
  C:\Windows\System\fDIjjzv.exe
  2⤵
  PID:2156
- C:\Windows\System\QnPBqFI.exe
  C:\Windows\System\QnPBqFI.exe
  2⤵
  PID:3052
- C:\Windows\System\swoQUAz.exe
  C:\Windows\System\swoQUAz.exe
  2⤵
  PID:3268
- C:\Windows\System\FqwIUdM.exe
  C:\Windows\System\FqwIUdM.exe
  2⤵
  PID:2068
- C:\Windows\System\cawtHEN.exe
  C:\Windows\System\cawtHEN.exe
  2⤵
  PID:2056
- C:\Windows\System\zhSTjee.exe
  C:\Windows\System\zhSTjee.exe
  2⤵
  PID:924
- C:\Windows\System\ojqlHwf.exe
  C:\Windows\System\ojqlHwf.exe
  2⤵
  PID:2040
- C:\Windows\System\qYHcfCm.exe
  C:\Windows\System\qYHcfCm.exe
  2⤵
  PID:2244
- C:\Windows\System\YebJEyz.exe
  C:\Windows\System\YebJEyz.exe
  2⤵
  PID:3420
- C:\Windows\System\kpBpJka.exe
  C:\Windows\System\kpBpJka.exe
  2⤵
  PID:1676
- C:\Windows\System\mlGjktg.exe
  C:\Windows\System\mlGjktg.exe
  2⤵
  PID:3220
- C:\Windows\System\hLwsKTY.exe
  C:\Windows\System\hLwsKTY.exe
  2⤵
  PID:3576
- C:\Windows\System\pcFXXfS.exe
  C:\Windows\System\pcFXXfS.exe
  2⤵
  PID:3668
- C:\Windows\System\nuFwXnE.exe
  C:\Windows\System\nuFwXnE.exe
  2⤵
  PID:3488
- C:\Windows\System\swDiZiF.exe
  C:\Windows\System\swDiZiF.exe
  2⤵
  PID:3900
- C:\Windows\System\eSXECDG.exe
  C:\Windows\System\eSXECDG.exe
  2⤵
  PID:3928
- C:\Windows\System\mVvybdr.exe
  C:\Windows\System\mVvybdr.exe
  2⤵
  PID:3572
- C:\Windows\System\cvaUwGU.exe
  C:\Windows\System\cvaUwGU.exe
  2⤵
  PID:3816
- C:\Windows\System\mIInhrm.exe
  C:\Windows\System\mIInhrm.exe
  2⤵
  PID:1944
- C:\Windows\System\uWbqGoF.exe
  C:\Windows\System\uWbqGoF.exe
  2⤵
  PID:4100
- C:\Windows\System\AyKfTBD.exe
  C:\Windows\System\AyKfTBD.exe
  2⤵
  PID:4120
- C:\Windows\System\IawxynJ.exe
  C:\Windows\System\IawxynJ.exe
  2⤵
  PID:4140
- C:\Windows\System\zqdDcCh.exe
  C:\Windows\System\zqdDcCh.exe
  2⤵
  PID:4160
- C:\Windows\System\gBBzllm.exe
  C:\Windows\System\gBBzllm.exe
  2⤵
  PID:4184
- C:\Windows\System\MnGPtVM.exe
  C:\Windows\System\MnGPtVM.exe
  2⤵
  PID:4204
- C:\Windows\System\hmeFKdd.exe
  C:\Windows\System\hmeFKdd.exe
  2⤵
  PID:4224
- C:\Windows\System\GWAiSKE.exe
  C:\Windows\System\GWAiSKE.exe
  2⤵
  PID:4252
- C:\Windows\System\MabLSor.exe
  C:\Windows\System\MabLSor.exe
  2⤵
  PID:4276
- C:\Windows\System\nRFSfpF.exe
  C:\Windows\System\nRFSfpF.exe
  2⤵
  PID:4296
- C:\Windows\System\LZiYBbk.exe
  C:\Windows\System\LZiYBbk.exe
  2⤵
  PID:4316
- C:\Windows\System\nTGgArd.exe
  C:\Windows\System\nTGgArd.exe
  2⤵
  PID:4336
- C:\Windows\System\MKksYSR.exe
  C:\Windows\System\MKksYSR.exe
  2⤵
  PID:4356
- C:\Windows\System\EEDXtPI.exe
  C:\Windows\System\EEDXtPI.exe
  2⤵
  PID:4376
- C:\Windows\System\nOWbySm.exe
  C:\Windows\System\nOWbySm.exe
  2⤵
  PID:4392
- C:\Windows\System\hgPLThg.exe
  C:\Windows\System\hgPLThg.exe
  2⤵
  PID:4416
- C:\Windows\System\gBRUlyI.exe
  C:\Windows\System\gBRUlyI.exe
  2⤵
  PID:4436
- C:\Windows\System\gBaUgDn.exe
  C:\Windows\System\gBaUgDn.exe
  2⤵
  PID:4456
- C:\Windows\System\TARyXSj.exe
  C:\Windows\System\TARyXSj.exe
  2⤵
  PID:4476
- C:\Windows\System\wQTQMbz.exe
  C:\Windows\System\wQTQMbz.exe
  2⤵
  PID:4492
- C:\Windows\System\ayKTuWK.exe
  C:\Windows\System\ayKTuWK.exe
  2⤵
  PID:4516
- C:\Windows\System\mGcfAVQ.exe
  C:\Windows\System\mGcfAVQ.exe
  2⤵
  PID:4536
- C:\Windows\System\BAcQSPv.exe
  C:\Windows\System\BAcQSPv.exe
  2⤵
  PID:4556
- C:\Windows\System\zuHVAVB.exe
  C:\Windows\System\zuHVAVB.exe
  2⤵
  PID:4576
- C:\Windows\System\LmPyMQM.exe
  C:\Windows\System\LmPyMQM.exe
  2⤵
  PID:4596
- C:\Windows\System\NJSYoSQ.exe
  C:\Windows\System\NJSYoSQ.exe
  2⤵
  PID:4616
- C:\Windows\System\SwEhyCc.exe
  C:\Windows\System\SwEhyCc.exe
  2⤵
  PID:4636
- C:\Windows\System\kZvtyPv.exe
  C:\Windows\System\kZvtyPv.exe
  2⤵
  PID:4656
- C:\Windows\System\EEEHWeE.exe
  C:\Windows\System\EEEHWeE.exe
  2⤵
  PID:4676
- C:\Windows\System\CUEtFlI.exe
  C:\Windows\System\CUEtFlI.exe
  2⤵
  PID:4692
- C:\Windows\System\yWDutPw.exe
  C:\Windows\System\yWDutPw.exe
  2⤵
  PID:4716
- C:\Windows\System\muyuCZm.exe
  C:\Windows\System\muyuCZm.exe
  2⤵
  PID:4736
- C:\Windows\System\ArcZhjR.exe
  C:\Windows\System\ArcZhjR.exe
  2⤵
  PID:4756
- C:\Windows\System\HTJgOTD.exe
  C:\Windows\System\HTJgOTD.exe
  2⤵
  PID:4776
- C:\Windows\System\DrDfQFD.exe
  C:\Windows\System\DrDfQFD.exe
  2⤵
  PID:4796
- C:\Windows\System\VCPwWpx.exe
  C:\Windows\System\VCPwWpx.exe
  2⤵
  PID:4816
- C:\Windows\System\jjWvyvj.exe
  C:\Windows\System\jjWvyvj.exe
  2⤵
  PID:4836
- C:\Windows\System\IKZKtRl.exe
  C:\Windows\System\IKZKtRl.exe
  2⤵
  PID:4856
- C:\Windows\System\IKJJiCD.exe
  C:\Windows\System\IKJJiCD.exe
  2⤵
  PID:4876
- C:\Windows\System\VnzlKnj.exe
  C:\Windows\System\VnzlKnj.exe
  2⤵
  PID:4896
- C:\Windows\System\XSAXmrC.exe
  C:\Windows\System\XSAXmrC.exe
  2⤵
  PID:4916
- C:\Windows\System\cARpDrW.exe
  C:\Windows\System\cARpDrW.exe
  2⤵
  PID:4936
- C:\Windows\System\iLqzzTN.exe
  C:\Windows\System\iLqzzTN.exe
  2⤵
  PID:4956
- C:\Windows\System\xFDwtnY.exe
  C:\Windows\System\xFDwtnY.exe
  2⤵
  PID:4976
- C:\Windows\System\JSLmiRR.exe
  C:\Windows\System\JSLmiRR.exe
  2⤵
  PID:4996
- C:\Windows\System\xYexORD.exe
  C:\Windows\System\xYexORD.exe
  2⤵
  PID:5016
- C:\Windows\System\mtdVSZB.exe
  C:\Windows\System\mtdVSZB.exe
  2⤵
  PID:5036
- C:\Windows\System\eaeUqsl.exe
  C:\Windows\System\eaeUqsl.exe
  2⤵
  PID:5056
- C:\Windows\System\laJiFHw.exe
  C:\Windows\System\laJiFHw.exe
  2⤵
  PID:5076
- C:\Windows\System\ZvbuLYc.exe
  C:\Windows\System\ZvbuLYc.exe
  2⤵
  PID:5096
- C:\Windows\System\CHqUXQf.exe
  C:\Windows\System\CHqUXQf.exe
  2⤵
  PID:5112
- C:\Windows\System\kTiFrrs.exe
  C:\Windows\System\kTiFrrs.exe
  2⤵
  PID:3960
- C:\Windows\System\kYATbEZ.exe
  C:\Windows\System\kYATbEZ.exe
  2⤵
  PID:3132
- C:\Windows\System\GzEmqIq.exe
  C:\Windows\System\GzEmqIq.exe
  2⤵
  PID:1612
- C:\Windows\System\ipwBTjr.exe
  C:\Windows\System\ipwBTjr.exe
  2⤵
  PID:3008
- C:\Windows\System\AHerJzk.exe
  C:\Windows\System\AHerJzk.exe
  2⤵
  PID:2520
- C:\Windows\System\iZRUeAs.exe
  C:\Windows\System\iZRUeAs.exe
  2⤵
  PID:1664
- C:\Windows\System\mXFbOSk.exe
  C:\Windows\System\mXFbOSk.exe
  2⤵
  PID:3868
- C:\Windows\System\iGHPIEP.exe
  C:\Windows\System\iGHPIEP.exe
  2⤵
  PID:3440
- C:\Windows\System\OIpopSh.exe
  C:\Windows\System\OIpopSh.exe
  2⤵
  PID:2724
- C:\Windows\System\oNAZZye.exe
  C:\Windows\System\oNAZZye.exe
  2⤵
  PID:4156
- C:\Windows\System\SYgqVLT.exe
  C:\Windows\System\SYgqVLT.exe
  2⤵
  PID:4192
- C:\Windows\System\OXtXcWS.exe
  C:\Windows\System\OXtXcWS.exe
  2⤵
  PID:3552
- C:\Windows\System\oFGWAdN.exe
  C:\Windows\System\oFGWAdN.exe
  2⤵
  PID:4196
- C:\Windows\System\nXbhENI.exe
  C:\Windows\System\nXbhENI.exe
  2⤵
  PID:4216
- C:\Windows\System\aVqiQJp.exe
  C:\Windows\System\aVqiQJp.exe
  2⤵
  PID:4168
- C:\Windows\System\ERCavAN.exe
  C:\Windows\System\ERCavAN.exe
  2⤵
  PID:4236
- C:\Windows\System\hKsCXSF.exe
  C:\Windows\System\hKsCXSF.exe
  2⤵
  PID:4288
- C:\Windows\System\TvNqAdA.exe
  C:\Windows\System\TvNqAdA.exe
  2⤵
  PID:4312
- C:\Windows\System\LwxdZyL.exe
  C:\Windows\System\LwxdZyL.exe
  2⤵
  PID:4352
- C:\Windows\System\AMiIYxY.exe
  C:\Windows\System\AMiIYxY.exe
  2⤵
  PID:4368
- C:\Windows\System\FpKHhPT.exe
  C:\Windows\System\FpKHhPT.exe
  2⤵
  PID:4412
- C:\Windows\System\NUhCnTJ.exe
  C:\Windows\System\NUhCnTJ.exe
  2⤵
  PID:2924
- C:\Windows\System\UyFQyUE.exe
  C:\Windows\System\UyFQyUE.exe
  2⤵
  PID:4484
- C:\Windows\System\MzrdNIy.exe
  C:\Windows\System\MzrdNIy.exe
  2⤵
  PID:4488
- C:\Windows\System\PjsujtI.exe
  C:\Windows\System\PjsujtI.exe
  2⤵
  PID:4504
- C:\Windows\System\OrDAcGr.exe
  C:\Windows\System\OrDAcGr.exe
  2⤵
  PID:4552
- C:\Windows\System\QidqrPe.exe
  C:\Windows\System\QidqrPe.exe
  2⤵
  PID:4604
- C:\Windows\System\XtkYIIH.exe
  C:\Windows\System\XtkYIIH.exe
  2⤵
  PID:4624
- C:\Windows\System\imVUlDr.exe
  C:\Windows\System\imVUlDr.exe
  2⤵
  PID:4684
- C:\Windows\System\IFNaLlg.exe
  C:\Windows\System\IFNaLlg.exe
  2⤵
  PID:4668
- C:\Windows\System\wYqndGd.exe
  C:\Windows\System\wYqndGd.exe
  2⤵
  PID:4724
- C:\Windows\System\yukuAoo.exe
  C:\Windows\System\yukuAoo.exe
  2⤵
  PID:4744
- C:\Windows\System\RpLFjvo.exe
  C:\Windows\System\RpLFjvo.exe
  2⤵
  PID:4804
- C:\Windows\System\lhSbJed.exe
  C:\Windows\System\lhSbJed.exe
  2⤵
  PID:4824
- C:\Windows\System\VRbnrPg.exe
  C:\Windows\System\VRbnrPg.exe
  2⤵
  PID:4848
- C:\Windows\System\yOZfkSz.exe
  C:\Windows\System\yOZfkSz.exe
  2⤵
  PID:4892
- C:\Windows\System\hjVFqyF.exe
  C:\Windows\System\hjVFqyF.exe
  2⤵
  PID:4964
- C:\Windows\System\iZIDzjK.exe
  C:\Windows\System\iZIDzjK.exe
  2⤵
  PID:4944
- C:\Windows\System\AoyhOCC.exe
  C:\Windows\System\AoyhOCC.exe
  2⤵
  PID:5008
- C:\Windows\System\bdfKXBZ.exe
  C:\Windows\System\bdfKXBZ.exe
  2⤵
  PID:5024
- C:\Windows\System\BPuumyB.exe
  C:\Windows\System\BPuumyB.exe
  2⤵
  PID:5052
- C:\Windows\System\JZnqyAi.exe
  C:\Windows\System\JZnqyAi.exe
  2⤵
  PID:5092
- C:\Windows\System\QIqTiVJ.exe
  C:\Windows\System\QIqTiVJ.exe
  2⤵
  PID:3104
- C:\Windows\System\xKGpcNm.exe
  C:\Windows\System\xKGpcNm.exe
  2⤵
  PID:5072
- C:\Windows\System\XINHQlD.exe
  C:\Windows\System\XINHQlD.exe
  2⤵
  PID:3112
- C:\Windows\System\VPGsZAA.exe
  C:\Windows\System\VPGsZAA.exe
  2⤵
  PID:1772
- C:\Windows\System\oUTCnKg.exe
  C:\Windows\System\oUTCnKg.exe
  2⤵
  PID:1380
- C:\Windows\System\UBVQOae.exe
  C:\Windows\System\UBVQOae.exe
  2⤵
  PID:4084
- C:\Windows\System\TZVxfSG.exe
  C:\Windows\System\TZVxfSG.exe
  2⤵
  PID:3740
- C:\Windows\System\gmFqzkW.exe
  C:\Windows\System\gmFqzkW.exe
  2⤵
  PID:3852
- C:\Windows\System\XSrgCmX.exe
  C:\Windows\System\XSrgCmX.exe
  2⤵
  PID:4112
- C:\Windows\System\tmbetZl.exe
  C:\Windows\System\tmbetZl.exe
  2⤵
  PID:3896
- C:\Windows\System\QQAaKnG.exe
  C:\Windows\System\QQAaKnG.exe
  2⤵
  PID:4248
- C:\Windows\System\iQzYGUl.exe
  C:\Windows\System\iQzYGUl.exe
  2⤵
  PID:4344
- C:\Windows\System\ugJssmy.exe
  C:\Windows\System\ugJssmy.exe
  2⤵
  PID:4404
- C:\Windows\System\pOoyPfl.exe
  C:\Windows\System\pOoyPfl.exe
  2⤵
  PID:4348
- C:\Windows\System\BXONhAe.exe
  C:\Windows\System\BXONhAe.exe
  2⤵
  PID:4444
- C:\Windows\System\DBIwfUS.exe
  C:\Windows\System\DBIwfUS.exe
  2⤵
  PID:4508
- C:\Windows\System\vPBKQjG.exe
  C:\Windows\System\vPBKQjG.exe
  2⤵
  PID:4568
- C:\Windows\System\CgzHSwr.exe
  C:\Windows\System\CgzHSwr.exe
  2⤵
  PID:4584
- C:\Windows\System\EBQPXEq.exe
  C:\Windows\System\EBQPXEq.exe
  2⤵
  PID:4608
- C:\Windows\System\qtwXMyr.exe
  C:\Windows\System\qtwXMyr.exe
  2⤵
  PID:4712
- C:\Windows\System\YcZfspy.exe
  C:\Windows\System\YcZfspy.exe
  2⤵
  PID:4784
- C:\Windows\System\HAPMJqz.exe
  C:\Windows\System\HAPMJqz.exe
  2⤵
  PID:4808
- C:\Windows\System\GsdHgwX.exe
  C:\Windows\System\GsdHgwX.exe
  2⤵
  PID:4884
- C:\Windows\System\QfoPtpd.exe
  C:\Windows\System\QfoPtpd.exe
  2⤵
  PID:4932
- C:\Windows\System\lheDOqx.exe
  C:\Windows\System\lheDOqx.exe
  2⤵
  PID:4908
- C:\Windows\System\uFqmxcZ.exe
  C:\Windows\System\uFqmxcZ.exe
  2⤵
  PID:2824
- C:\Windows\System\ibTLosg.exe
  C:\Windows\System\ibTLosg.exe
  2⤵
  PID:5084
- C:\Windows\System\DFryJlX.exe
  C:\Windows\System\DFryJlX.exe
  2⤵
  PID:3252
- C:\Windows\System\mjAJuba.exe
  C:\Windows\System\mjAJuba.exe
  2⤵
  PID:2548
- C:\Windows\System\lZOtTpu.exe
  C:\Windows\System\lZOtTpu.exe
  2⤵
  PID:5108
- C:\Windows\System\NErvCDi.exe
  C:\Windows\System\NErvCDi.exe
  2⤵
  PID:3336
- C:\Windows\System\AVUnQYn.exe
  C:\Windows\System\AVUnQYn.exe
  2⤵
  PID:2468
- C:\Windows\System\bZbFOVb.exe
  C:\Windows\System\bZbFOVb.exe
  2⤵
  PID:4180
- C:\Windows\System\WHYWdYt.exe
  C:\Windows\System\WHYWdYt.exe
  2⤵
  PID:4172
- C:\Windows\System\XQXdGTc.exe
  C:\Windows\System\XQXdGTc.exe
  2⤵
  PID:5144
- C:\Windows\System\grMiVaK.exe
  C:\Windows\System\grMiVaK.exe
  2⤵
  PID:5164
- C:\Windows\System\iQGySrR.exe
  C:\Windows\System\iQGySrR.exe
  2⤵
  PID:5184
- C:\Windows\System\FGKDTdE.exe
  C:\Windows\System\FGKDTdE.exe
  2⤵
  PID:5204
- C:\Windows\System\tRaveZP.exe
  C:\Windows\System\tRaveZP.exe
  2⤵
  PID:5224
- C:\Windows\System\ZuoJngP.exe
  C:\Windows\System\ZuoJngP.exe
  2⤵
  PID:5244
- C:\Windows\System\gnKOLzh.exe
  C:\Windows\System\gnKOLzh.exe
  2⤵
  PID:5264
- C:\Windows\System\cOffwid.exe
  C:\Windows\System\cOffwid.exe
  2⤵
  PID:5284
- C:\Windows\System\pNSbaQx.exe
  C:\Windows\System\pNSbaQx.exe
  2⤵
  PID:5304
- C:\Windows\System\TAEQKGO.exe
  C:\Windows\System\TAEQKGO.exe
  2⤵
  PID:5324
- C:\Windows\System\MmVgeYg.exe
  C:\Windows\System\MmVgeYg.exe
  2⤵
  PID:5348
- C:\Windows\System\Fnqxgmt.exe
  C:\Windows\System\Fnqxgmt.exe
  2⤵
  PID:5364
- C:\Windows\System\KbCNnte.exe
  C:\Windows\System\KbCNnte.exe
  2⤵
  PID:5388
- C:\Windows\System\TUiZFJW.exe
  C:\Windows\System\TUiZFJW.exe
  2⤵
  PID:5408
- C:\Windows\System\JztVovQ.exe
  C:\Windows\System\JztVovQ.exe
  2⤵
  PID:5428
- C:\Windows\System\ETOrXze.exe
  C:\Windows\System\ETOrXze.exe
  2⤵
  PID:5448
- C:\Windows\System\LXJENGK.exe
  C:\Windows\System\LXJENGK.exe
  2⤵
  PID:5468
- C:\Windows\System\VSWqgDb.exe
  C:\Windows\System\VSWqgDb.exe
  2⤵
  PID:5488
- C:\Windows\System\jrSrSiq.exe
  C:\Windows\System\jrSrSiq.exe
  2⤵
  PID:5508
- C:\Windows\System\vdAqPeA.exe
  C:\Windows\System\vdAqPeA.exe
  2⤵
  PID:5528
- C:\Windows\System\cSGDuRk.exe
  C:\Windows\System\cSGDuRk.exe
  2⤵
  PID:5548
- C:\Windows\System\DFiocDO.exe
  C:\Windows\System\DFiocDO.exe
  2⤵
  PID:5568
- C:\Windows\System\QWkLVxC.exe
  C:\Windows\System\QWkLVxC.exe
  2⤵
  PID:5588
- C:\Windows\System\pEZjOiY.exe
  C:\Windows\System\pEZjOiY.exe
  2⤵
  PID:5608
- C:\Windows\System\kCqALsI.exe
  C:\Windows\System\kCqALsI.exe
  2⤵
  PID:5628
- C:\Windows\System\dynXoSD.exe
  C:\Windows\System\dynXoSD.exe
  2⤵
  PID:5644
- C:\Windows\System\hoJUnUR.exe
  C:\Windows\System\hoJUnUR.exe
  2⤵
  PID:5668
- C:\Windows\System\gNjNesF.exe
  C:\Windows\System\gNjNesF.exe
  2⤵
  PID:5688
- C:\Windows\System\AhWXvGt.exe
  C:\Windows\System\AhWXvGt.exe
  2⤵
  PID:5708
- C:\Windows\System\FXFXmRW.exe
  C:\Windows\System\FXFXmRW.exe
  2⤵
  PID:5728
- C:\Windows\System\TWWHSdX.exe
  C:\Windows\System\TWWHSdX.exe
  2⤵
  PID:5748
- C:\Windows\System\Xpphvwm.exe
  C:\Windows\System\Xpphvwm.exe
  2⤵
  PID:5768
- C:\Windows\System\AIGTVdE.exe
  C:\Windows\System\AIGTVdE.exe
  2⤵
  PID:5788
- C:\Windows\System\EGqRDSO.exe
  C:\Windows\System\EGqRDSO.exe
  2⤵
  PID:5808
- C:\Windows\System\DxFwVDX.exe
  C:\Windows\System\DxFwVDX.exe
  2⤵
  PID:5828
- C:\Windows\System\FpzpLYF.exe
  C:\Windows\System\FpzpLYF.exe
  2⤵
  PID:5848
- C:\Windows\System\xpXGQSM.exe
  C:\Windows\System\xpXGQSM.exe
  2⤵
  PID:5868
- C:\Windows\System\DQgHlof.exe
  C:\Windows\System\DQgHlof.exe
  2⤵
  PID:5892
- C:\Windows\System\McClVfk.exe
  C:\Windows\System\McClVfk.exe
  2⤵
  PID:5912
- C:\Windows\System\Nidsxmc.exe
  C:\Windows\System\Nidsxmc.exe
  2⤵
  PID:5932
- C:\Windows\System\sIfGwYh.exe
  C:\Windows\System\sIfGwYh.exe
  2⤵
  PID:5952
- C:\Windows\System\eprYtFE.exe
  C:\Windows\System\eprYtFE.exe
  2⤵
  PID:5972
- C:\Windows\System\bwZUugP.exe
  C:\Windows\System\bwZUugP.exe
  2⤵
  PID:5992
- C:\Windows\System\NHsnUWp.exe
  C:\Windows\System\NHsnUWp.exe
  2⤵
  PID:6008
- C:\Windows\System\KRCbZbb.exe
  C:\Windows\System\KRCbZbb.exe
  2⤵
  PID:6032
- C:\Windows\System\TkYfoJs.exe
  C:\Windows\System\TkYfoJs.exe
  2⤵
  PID:6052
- C:\Windows\System\zVifVZK.exe
  C:\Windows\System\zVifVZK.exe
  2⤵
  PID:6072
- C:\Windows\System\pLRSHNK.exe
  C:\Windows\System\pLRSHNK.exe
  2⤵
  PID:6092
- C:\Windows\System\Ybpxbge.exe
  C:\Windows\System\Ybpxbge.exe
  2⤵
  PID:6112
- C:\Windows\System\vGYHigD.exe
  C:\Windows\System\vGYHigD.exe
  2⤵
  PID:6128
- C:\Windows\System\PeOGpQd.exe
  C:\Windows\System\PeOGpQd.exe
  2⤵
  PID:4284
- C:\Windows\System\LiGHaNP.exe
  C:\Windows\System\LiGHaNP.exe
  2⤵
  PID:4448
- C:\Windows\System\TJcJVnH.exe
  C:\Windows\System\TJcJVnH.exe
  2⤵
  PID:4468
- C:\Windows\System\jTUlnAP.exe
  C:\Windows\System\jTUlnAP.exe
  2⤵
  PID:2696
- C:\Windows\System\JxmKxMA.exe
  C:\Windows\System\JxmKxMA.exe
  2⤵
  PID:4592
- C:\Windows\System\tRcVUQR.exe
  C:\Windows\System\tRcVUQR.exe
  2⤵
  PID:4768
- C:\Windows\System\CRKFOaL.exe
  C:\Windows\System\CRKFOaL.exe
  2⤵
  PID:4812
- C:\Windows\System\FjyEGCa.exe
  C:\Windows\System\FjyEGCa.exe
  2⤵
  PID:4948
- C:\Windows\System\Vuvhmiv.exe
  C:\Windows\System\Vuvhmiv.exe
  2⤵
  PID:2464
- C:\Windows\System\NlzuKbk.exe
  C:\Windows\System\NlzuKbk.exe
  2⤵
  PID:4992
- C:\Windows\System\YIobXvg.exe
  C:\Windows\System\YIobXvg.exe
  2⤵
  PID:5064
- C:\Windows\System\HIhfxsO.exe
  C:\Windows\System\HIhfxsO.exe
  2⤵
  PID:1540
- C:\Windows\System\ZQzbtPm.exe
  C:\Windows\System\ZQzbtPm.exe
  2⤵
  PID:2504
- C:\Windows\System\hCLemRW.exe
  C:\Windows\System\hCLemRW.exe
  2⤵
  PID:4116
- C:\Windows\System\GdJbGmO.exe
  C:\Windows\System\GdJbGmO.exe
  2⤵
  PID:3548
- C:\Windows\System\rgOXNEA.exe
  C:\Windows\System\rgOXNEA.exe
  2⤵
  PID:5212
- C:\Windows\System\sbNjdXi.exe
  C:\Windows\System\sbNjdXi.exe
  2⤵
  PID:5156
- C:\Windows\System\HxMzeef.exe
  C:\Windows\System\HxMzeef.exe
  2⤵
  PID:5232
- C:\Windows\System\fZcFtWj.exe
  C:\Windows\System\fZcFtWj.exe
  2⤵
  PID:5292
- C:\Windows\System\OAqursh.exe
  C:\Windows\System\OAqursh.exe
  2⤵
  PID:5296
- C:\Windows\System\UUEHIFS.exe
  C:\Windows\System\UUEHIFS.exe
  2⤵
  PID:5336
- C:\Windows\System\UQXIYzX.exe
  C:\Windows\System\UQXIYzX.exe
  2⤵
  PID:5372
- C:\Windows\System\NYnmthk.exe
  C:\Windows\System\NYnmthk.exe
  2⤵
  PID:5416
- C:\Windows\System\hZBybSf.exe
  C:\Windows\System\hZBybSf.exe
  2⤵
  PID:5420
- C:\Windows\System\ODFAyOK.exe
  C:\Windows\System\ODFAyOK.exe
  2⤵
  PID:5440
- C:\Windows\System\vVGkZjr.exe
  C:\Windows\System\vVGkZjr.exe
  2⤵
  PID:5500
- C:\Windows\System\jXDdbrN.exe
  C:\Windows\System\jXDdbrN.exe
  2⤵
  PID:5576
- C:\Windows\System\rVImmZs.exe
  C:\Windows\System\rVImmZs.exe
  2⤵
  PID:5580
- C:\Windows\System\vFbHUvJ.exe
  C:\Windows\System\vFbHUvJ.exe
  2⤵
  PID:5600
- C:\Windows\System\pGsuXVX.exe
  C:\Windows\System\pGsuXVX.exe
  2⤵
  PID:5652
- C:\Windows\System\wFWgUok.exe
  C:\Windows\System\wFWgUok.exe
  2⤵
  PID:5676
- C:\Windows\System\baRyXBm.exe
  C:\Windows\System\baRyXBm.exe
  2⤵
  PID:5700
- C:\Windows\System\wfeMfIP.exe
  C:\Windows\System\wfeMfIP.exe
  2⤵
  PID:5744
- C:\Windows\System\wPahVhE.exe
  C:\Windows\System\wPahVhE.exe
  2⤵
  PID:5760
- C:\Windows\System\fKRiWtp.exe
  C:\Windows\System\fKRiWtp.exe
  2⤵
  PID:5804
- C:\Windows\System\bxNCErN.exe
  C:\Windows\System\bxNCErN.exe
  2⤵
  PID:5864
- C:\Windows\System\QOLKhMp.exe
  C:\Windows\System\QOLKhMp.exe
  2⤵
  PID:5904
- C:\Windows\System\nTVUWJX.exe
  C:\Windows\System\nTVUWJX.exe
  2⤵
  PID:5940
- C:\Windows\System\vMXCKnA.exe
  C:\Windows\System\vMXCKnA.exe
  2⤵
  PID:5924
- C:\Windows\System\mZkaVZw.exe
  C:\Windows\System\mZkaVZw.exe
  2⤵
  PID:6016
- C:\Windows\System\hnPMaEf.exe
  C:\Windows\System\hnPMaEf.exe
  2⤵
  PID:6060
- C:\Windows\System\HyJAjQl.exe
  C:\Windows\System\HyJAjQl.exe
  2⤵
  PID:6044
- C:\Windows\System\KbdaJJf.exe
  C:\Windows\System\KbdaJJf.exe
  2⤵
  PID:6108
- C:\Windows\System\vcnZiAE.exe
  C:\Windows\System\vcnZiAE.exe
  2⤵
  PID:2372
- C:\Windows\System\PCHbtZc.exe
  C:\Windows\System\PCHbtZc.exe
  2⤵
  PID:4432
- C:\Windows\System\vdTmKes.exe
  C:\Windows\System\vdTmKes.exe
  2⤵
  PID:4772
- C:\Windows\System\iadnNxQ.exe
  C:\Windows\System\iadnNxQ.exe
  2⤵
  PID:4528
- C:\Windows\System\eyLJoDI.exe
  C:\Windows\System\eyLJoDI.exe
  2⤵
  PID:4664
- C:\Windows\System\tmqIISP.exe
  C:\Windows\System\tmqIISP.exe
  2⤵
  PID:2736
- C:\Windows\System\DbocjhM.exe
  C:\Windows\System\DbocjhM.exe
  2⤵
  PID:1052
- C:\Windows\System\sZhZGsx.exe
  C:\Windows\System\sZhZGsx.exe
  2⤵
  PID:4292
- C:\Windows\System\RjmYvZh.exe
  C:\Windows\System\RjmYvZh.exe
  2⤵
  PID:3300
- C:\Windows\System\dUARLEC.exe
  C:\Windows\System\dUARLEC.exe
  2⤵
  PID:5160
- C:\Windows\System\AyzvZZt.exe
  C:\Windows\System\AyzvZZt.exe
  2⤵
  PID:5260
- C:\Windows\System\daDhVyz.exe
  C:\Windows\System\daDhVyz.exe
  2⤵
  PID:5176
- C:\Windows\System\HgAnOLP.exe
  C:\Windows\System\HgAnOLP.exe
  2⤵
  PID:5252
- C:\Windows\System\PddphkR.exe
  C:\Windows\System\PddphkR.exe
  2⤵
  PID:5320
- C:\Windows\System\dqVcxZl.exe
  C:\Windows\System\dqVcxZl.exe
  2⤵
  PID:5484
- C:\Windows\System\HbJJOgN.exe
  C:\Windows\System\HbJJOgN.exe
  2⤵
  PID:5564
- C:\Windows\System\KkYrpBo.exe
  C:\Windows\System\KkYrpBo.exe
  2⤵
  PID:5540
- C:\Windows\System\LstaQjt.exe
  C:\Windows\System\LstaQjt.exe
  2⤵
  PID:5704
- C:\Windows\System\TmazFAb.exe
  C:\Windows\System\TmazFAb.exe
  2⤵
  PID:5776
- C:\Windows\System\QnDCdVD.exe
  C:\Windows\System\QnDCdVD.exe
  2⤵
  PID:5764
- C:\Windows\System\hsNrHjK.exe
  C:\Windows\System\hsNrHjK.exe
  2⤵
  PID:5844
- C:\Windows\System\nfkGDCe.exe
  C:\Windows\System\nfkGDCe.exe
  2⤵
  PID:5820
- C:\Windows\System\RjzupbD.exe
  C:\Windows\System\RjzupbD.exe
  2⤵
  PID:5900
- C:\Windows\System\fGndcgh.exe
  C:\Windows\System\fGndcgh.exe
  2⤵
  PID:5944
- C:\Windows\System\RLbUBBD.exe
  C:\Windows\System\RLbUBBD.exe
  2⤵
  PID:6000
- C:\Windows\System\dEQdnri.exe
  C:\Windows\System\dEQdnri.exe
  2⤵
  PID:2708
- C:\Windows\System\WVeUsxb.exe
  C:\Windows\System\WVeUsxb.exe
  2⤵
  PID:6084
- C:\Windows\System\RBCfuJS.exe
  C:\Windows\System\RBCfuJS.exe
  2⤵
  PID:4644
- C:\Windows\System\QUXFaLw.exe
  C:\Windows\System\QUXFaLw.exe
  2⤵
  PID:4324
- C:\Windows\System\uiJdXPd.exe
  C:\Windows\System\uiJdXPd.exe
  2⤵
  PID:892
- C:\Windows\System\KwqrHEq.exe
  C:\Windows\System\KwqrHEq.exe
  2⤵
  PID:4748
- C:\Windows\System\JYRslVF.exe
  C:\Windows\System\JYRslVF.exe
  2⤵
  PID:5216
- C:\Windows\System\ZEpDOau.exe
  C:\Windows\System\ZEpDOau.exe
  2⤵
  PID:5360
- C:\Windows\System\nZpwOZN.exe
  C:\Windows\System\nZpwOZN.exe
  2⤵
  PID:5340
- C:\Windows\System\iPBAULF.exe
  C:\Windows\System\iPBAULF.exe
  2⤵
  PID:5496
- C:\Windows\System\WQEjCsB.exe
  C:\Windows\System\WQEjCsB.exe
  2⤵
  PID:5460
- C:\Windows\System\mXejjBa.exe
  C:\Windows\System\mXejjBa.exe
  2⤵
  PID:5604
- C:\Windows\System\eLURchO.exe
  C:\Windows\System\eLURchO.exe
  2⤵
  PID:6148
- C:\Windows\System\eyzzDHd.exe
  C:\Windows\System\eyzzDHd.exe
  2⤵
  PID:6168
- C:\Windows\System\gRVYqIY.exe
  C:\Windows\System\gRVYqIY.exe
  2⤵
  PID:6188
- C:\Windows\System\ljEEMfw.exe
  C:\Windows\System\ljEEMfw.exe
  2⤵
  PID:6204
- C:\Windows\System\mnUizyn.exe
  C:\Windows\System\mnUizyn.exe
  2⤵
  PID:6232
- C:\Windows\System\GLSGlhr.exe
  C:\Windows\System\GLSGlhr.exe
  2⤵
  PID:6252
- C:\Windows\System\iVWZPKW.exe
  C:\Windows\System\iVWZPKW.exe
  2⤵
  PID:6268
- C:\Windows\System\cdADcJo.exe
  C:\Windows\System\cdADcJo.exe
  2⤵
  PID:6292
- C:\Windows\System\LgUKDfR.exe
  C:\Windows\System\LgUKDfR.exe
  2⤵
  PID:6312
- C:\Windows\System\KhtOENl.exe
  C:\Windows\System\KhtOENl.exe
  2⤵
  PID:6332
- C:\Windows\System\WYLbsou.exe
  C:\Windows\System\WYLbsou.exe
  2⤵
  PID:6352
- C:\Windows\System\hfKxEAL.exe
  C:\Windows\System\hfKxEAL.exe
  2⤵
  PID:6372
- C:\Windows\System\VafYrkW.exe
  C:\Windows\System\VafYrkW.exe
  2⤵
  PID:6392
- C:\Windows\System\QqlDPGF.exe
  C:\Windows\System\QqlDPGF.exe
  2⤵
  PID:6412
- C:\Windows\System\qSBWWOa.exe
  C:\Windows\System\qSBWWOa.exe
  2⤵
  PID:6432
- C:\Windows\System\FwpRlIN.exe
  C:\Windows\System\FwpRlIN.exe
  2⤵
  PID:6452
- C:\Windows\System\IuNTBFr.exe
  C:\Windows\System\IuNTBFr.exe
  2⤵
  PID:6472
- C:\Windows\System\duRXOvv.exe
  C:\Windows\System\duRXOvv.exe
  2⤵
  PID:6492
- C:\Windows\System\oXrCGwU.exe
  C:\Windows\System\oXrCGwU.exe
  2⤵
  PID:6512
- C:\Windows\System\iwUZlVB.exe
  C:\Windows\System\iwUZlVB.exe
  2⤵
  PID:6532
- C:\Windows\System\BYopgCb.exe
  C:\Windows\System\BYopgCb.exe
  2⤵
  PID:6552
- C:\Windows\System\AVsqihQ.exe
  C:\Windows\System\AVsqihQ.exe
  2⤵
  PID:6576
- C:\Windows\System\zPfAAlS.exe
  C:\Windows\System\zPfAAlS.exe
  2⤵
  PID:6596
- C:\Windows\System\TvelMxU.exe
  C:\Windows\System\TvelMxU.exe
  2⤵
  PID:6616
- C:\Windows\System\kThQdSa.exe
  C:\Windows\System\kThQdSa.exe
  2⤵
  PID:6632
- C:\Windows\System\GiZqUsB.exe
  C:\Windows\System\GiZqUsB.exe
  2⤵
  PID:6656
- C:\Windows\System\yhPKDyy.exe
  C:\Windows\System\yhPKDyy.exe
  2⤵
  PID:6676
- C:\Windows\System\ceFYrVL.exe
  C:\Windows\System\ceFYrVL.exe
  2⤵
  PID:6696
- C:\Windows\System\MQOWqlx.exe
  C:\Windows\System\MQOWqlx.exe
  2⤵
  PID:6712
- C:\Windows\System\aCCsrFA.exe
  C:\Windows\System\aCCsrFA.exe
  2⤵
  PID:6732
- C:\Windows\System\MTWBsuI.exe
  C:\Windows\System\MTWBsuI.exe
  2⤵
  PID:6752
- C:\Windows\System\awWVLFK.exe
  C:\Windows\System\awWVLFK.exe
  2⤵
  PID:6776
- C:\Windows\System\uwrQAot.exe
  C:\Windows\System\uwrQAot.exe
  2⤵
  PID:6796
- C:\Windows\System\uztrZaP.exe
  C:\Windows\System\uztrZaP.exe
  2⤵
  PID:6816
- C:\Windows\System\nVWkcTL.exe
  C:\Windows\System\nVWkcTL.exe
  2⤵
  PID:6836
- C:\Windows\System\dSkaiNx.exe
  C:\Windows\System\dSkaiNx.exe
  2⤵
  PID:6856
- C:\Windows\System\PWbrIOT.exe
  C:\Windows\System\PWbrIOT.exe
  2⤵
  PID:6876
- C:\Windows\System\Ziwwjus.exe
  C:\Windows\System\Ziwwjus.exe
  2⤵
  PID:6896
- C:\Windows\System\CyVDArh.exe
  C:\Windows\System\CyVDArh.exe
  2⤵
  PID:6916
- C:\Windows\System\slQRVIx.exe
  C:\Windows\System\slQRVIx.exe
  2⤵
  PID:6936
- C:\Windows\System\NisDYli.exe
  C:\Windows\System\NisDYli.exe
  2⤵
  PID:6956
- C:\Windows\System\GTMAUxN.exe
  C:\Windows\System\GTMAUxN.exe
  2⤵
  PID:6976
- C:\Windows\System\GxXdPXc.exe
  C:\Windows\System\GxXdPXc.exe
  2⤵
  PID:6992
- C:\Windows\System\oLUUAqG.exe
  C:\Windows\System\oLUUAqG.exe
  2⤵
  PID:7012
- C:\Windows\System\HKVpdVA.exe
  C:\Windows\System\HKVpdVA.exe
  2⤵
  PID:7032
- C:\Windows\System\opvcIda.exe
  C:\Windows\System\opvcIda.exe
  2⤵
  PID:7056
- C:\Windows\System\kIfOSNL.exe
  C:\Windows\System\kIfOSNL.exe
  2⤵
  PID:7076
- C:\Windows\System\TyRBKJA.exe
  C:\Windows\System\TyRBKJA.exe
  2⤵
  PID:7096
- C:\Windows\System\HFojKSU.exe
  C:\Windows\System\HFojKSU.exe
  2⤵
  PID:7116
- C:\Windows\System\KJxjHZu.exe
  C:\Windows\System\KJxjHZu.exe
  2⤵
  PID:7136
- C:\Windows\System\FbtGeAF.exe
  C:\Windows\System\FbtGeAF.exe
  2⤵
  PID:7156
- C:\Windows\System\NayXUYs.exe
  C:\Windows\System\NayXUYs.exe
  2⤵
  PID:5840
- C:\Windows\System\mdnmDtY.exe
  C:\Windows\System\mdnmDtY.exe
  2⤵
  PID:5968
- C:\Windows\System\qaLlcJi.exe
  C:\Windows\System\qaLlcJi.exe
  2⤵
  PID:6028
- C:\Windows\System\mkRgNvN.exe
  C:\Windows\System\mkRgNvN.exe
  2⤵
  PID:5988
- C:\Windows\System\DmyxAda.exe
  C:\Windows\System\DmyxAda.exe
  2⤵
  PID:6100
- C:\Windows\System\mKLCMqZ.exe
  C:\Windows\System\mKLCMqZ.exe
  2⤵
  PID:4672
- C:\Windows\System\vlGnmGb.exe
  C:\Windows\System\vlGnmGb.exe
  2⤵
  PID:5044
- C:\Windows\System\tpprLcD.exe
  C:\Windows\System\tpprLcD.exe
  2⤵
  PID:5280
- C:\Windows\System\BPkRLSw.exe
  C:\Windows\System\BPkRLSw.exe
  2⤵
  PID:4212
- C:\Windows\System\icFcDsA.exe
  C:\Windows\System\icFcDsA.exe
  2⤵
  PID:5356
- C:\Windows\System\uXfeKwx.exe
  C:\Windows\System\uXfeKwx.exe
  2⤵
  PID:2884
- C:\Windows\System\nOxDrjH.exe
  C:\Windows\System\nOxDrjH.exe
  2⤵
  PID:5664
- C:\Windows\System\JBwLcrP.exe
  C:\Windows\System\JBwLcrP.exe
  2⤵
  PID:6184
- C:\Windows\System\GCHYAte.exe
  C:\Windows\System\GCHYAte.exe
  2⤵
  PID:6240
- C:\Windows\System\pVENqVA.exe
  C:\Windows\System\pVENqVA.exe
  2⤵
  PID:6280
- C:\Windows\System\cJqEyRH.exe
  C:\Windows\System\cJqEyRH.exe
  2⤵
  PID:6264
- C:\Windows\System\PeizhnA.exe
  C:\Windows\System\PeizhnA.exe
  2⤵
  PID:6304
- C:\Windows\System\MsWFVEQ.exe
  C:\Windows\System\MsWFVEQ.exe
  2⤵
  PID:6400
- C:\Windows\System\vpJJSVF.exe
  C:\Windows\System\vpJJSVF.exe
  2⤵
  PID:6404
- C:\Windows\System\gQrOUIb.exe
  C:\Windows\System\gQrOUIb.exe
  2⤵
  PID:6444
- C:\Windows\System\zsUynco.exe
  C:\Windows\System\zsUynco.exe
  2⤵
  PID:6480
- C:\Windows\System\qoPgRSe.exe
  C:\Windows\System\qoPgRSe.exe
  2⤵
  PID:6500
- C:\Windows\System\ivggWmu.exe
  C:\Windows\System\ivggWmu.exe
  2⤵
  PID:6504
- C:\Windows\System\VcgVeOo.exe
  C:\Windows\System\VcgVeOo.exe
  2⤵
  PID:6544
- C:\Windows\System\qxftHIv.exe
  C:\Windows\System\qxftHIv.exe
  2⤵
  PID:6584
- C:\Windows\System\cFsIcsi.exe
  C:\Windows\System\cFsIcsi.exe
  2⤵
  PID:6652
- C:\Windows\System\qNaZkIM.exe
  C:\Windows\System\qNaZkIM.exe
  2⤵
  PID:6628
- C:\Windows\System\ZRhgGdQ.exe
  C:\Windows\System\ZRhgGdQ.exe
  2⤵
  PID:6672
- C:\Windows\System\IMQfaDX.exe
  C:\Windows\System\IMQfaDX.exe
  2⤵
  PID:6768
- C:\Windows\System\TKfasEs.exe
  C:\Windows\System\TKfasEs.exe
  2⤵
  PID:6748
- C:\Windows\System\kITslqy.exe
  C:\Windows\System\kITslqy.exe
  2⤵
  PID:6792
- C:\Windows\System\TFNoDIE.exe
  C:\Windows\System\TFNoDIE.exe
  2⤵
  PID:6848
- C:\Windows\System\HgLGDiD.exe
  C:\Windows\System\HgLGDiD.exe
  2⤵
  PID:6828
- C:\Windows\System\usOemxJ.exe
  C:\Windows\System\usOemxJ.exe
  2⤵
  PID:6904
- C:\Windows\System\jrXRSAm.exe
  C:\Windows\System\jrXRSAm.exe
  2⤵
  PID:6908
- C:\Windows\System\sMEMITd.exe
  C:\Windows\System\sMEMITd.exe
  2⤵
  PID:6968
- C:\Windows\System\geliWoU.exe
  C:\Windows\System\geliWoU.exe
  2⤵
  PID:7008
- C:\Windows\System\RfXKNeS.exe
  C:\Windows\System\RfXKNeS.exe
  2⤵
  PID:7092
- C:\Windows\System\FAaknLU.exe
  C:\Windows\System\FAaknLU.exe
  2⤵
  PID:7020
- C:\Windows\System\NXOvqRb.exe
  C:\Windows\System\NXOvqRb.exe
  2⤵
  PID:7072
- C:\Windows\System\MvfhtEM.exe
  C:\Windows\System\MvfhtEM.exe
  2⤵
  PID:7108
- C:\Windows\System\RorIaFt.exe
  C:\Windows\System\RorIaFt.exe
  2⤵
  PID:7164
- C:\Windows\System\XSjzvPl.exe
  C:\Windows\System\XSjzvPl.exe
  2⤵
  PID:5964
- C:\Windows\System\jFMOwvI.exe
  C:\Windows\System\jFMOwvI.exe
  2⤵
  PID:3396
- C:\Windows\System\eZfIaXL.exe
  C:\Windows\System\eZfIaXL.exe
  2⤵
  PID:5920
- C:\Windows\System\VCwigrB.exe
  C:\Windows\System\VCwigrB.exe
  2⤵
  PID:5824
- C:\Windows\System\altBigE.exe
  C:\Windows\System\altBigE.exe
  2⤵
  PID:2496
- C:\Windows\System\cBXdIZj.exe
  C:\Windows\System\cBXdIZj.exe
  2⤵
  PID:1000
- C:\Windows\System\hJyaWKi.exe
  C:\Windows\System\hJyaWKi.exe
  2⤵
  PID:5276
- C:\Windows\System\xGLaTsz.exe
  C:\Windows\System\xGLaTsz.exe
  2⤵
  PID:5620
- C:\Windows\System\hflpkhd.exe
  C:\Windows\System\hflpkhd.exe
  2⤵
  PID:6200
- C:\Windows\System\UkoEuoK.exe
  C:\Windows\System\UkoEuoK.exe
  2⤵
  PID:6164
- C:\Windows\System\SstrYGD.exe
  C:\Windows\System\SstrYGD.exe
  2⤵
  PID:6276
- C:\Windows\System\KrfOwhE.exe
  C:\Windows\System\KrfOwhE.exe
  2⤵
  PID:6220
- C:\Windows\System\wyZjFFw.exe
  C:\Windows\System\wyZjFFw.exe
  2⤵
  PID:6308
- C:\Windows\System\QQNvxhd.exe
  C:\Windows\System\QQNvxhd.exe
  2⤵
  PID:6344
- C:\Windows\System\kTLryiZ.exe
  C:\Windows\System\kTLryiZ.exe
  2⤵
  PID:6460
- C:\Windows\System\gCfiuYO.exe
  C:\Windows\System\gCfiuYO.exe
  2⤵
  PID:6448
- C:\Windows\System\zQcjXZP.exe
  C:\Windows\System\zQcjXZP.exe
  2⤵
  PID:6484
- C:\Windows\System\poQZWeC.exe
  C:\Windows\System\poQZWeC.exe
  2⤵
  PID:6612
- C:\Windows\System\OhyfYoO.exe
  C:\Windows\System\OhyfYoO.exe
  2⤵
  PID:6540
- C:\Windows\System\kCpRFQI.exe
  C:\Windows\System\kCpRFQI.exe
  2⤵
  PID:6588
- C:\Windows\System\pmZsUgh.exe
  C:\Windows\System\pmZsUgh.exe
  2⤵
  PID:6704
- C:\Windows\System\uEvEKpS.exe
  C:\Windows\System\uEvEKpS.exe
  2⤵
  PID:6808
- C:\Windows\System\ciEIkNP.exe
  C:\Windows\System\ciEIkNP.exe
  2⤵
  PID:6824
- C:\Windows\System\cMojGgl.exe
  C:\Windows\System\cMojGgl.exe
  2⤵
  PID:7000
- C:\Windows\System\RCknVrj.exe
  C:\Windows\System\RCknVrj.exe
  2⤵
  PID:6740
- C:\Windows\System\XcdAnln.exe
  C:\Windows\System\XcdAnln.exe
  2⤵
  PID:6988
- C:\Windows\System\fbnodmA.exe
  C:\Windows\System\fbnodmA.exe
  2⤵
  PID:7104
- C:\Windows\System\tKhhKPG.exe
  C:\Windows\System\tKhhKPG.exe
  2⤵
  PID:5980
- C:\Windows\System\pHEFZkk.exe
  C:\Windows\System\pHEFZkk.exe
  2⤵
  PID:4972
- C:\Windows\System\TFNuLam.exe
  C:\Windows\System\TFNuLam.exe
  2⤵
  PID:6944
- C:\Windows\System\gHQMVUQ.exe
  C:\Windows\System\gHQMVUQ.exe
  2⤵
  PID:6964
- C:\Windows\System\JdXEmyG.exe
  C:\Windows\System\JdXEmyG.exe
  2⤵
  PID:7048
- C:\Windows\System\dXhGWLb.exe
  C:\Windows\System\dXhGWLb.exe
  2⤵
  PID:7152
- C:\Windows\System\UpMqvZA.exe
  C:\Windows\System\UpMqvZA.exe
  2⤵
  PID:6120
- C:\Windows\System\WNfhgRA.exe
  C:\Windows\System\WNfhgRA.exe
  2⤵
  PID:1912
- C:\Windows\System\kemZQgl.exe
  C:\Windows\System\kemZQgl.exe
  2⤵
  PID:5544
- C:\Windows\System\EHyuRON.exe
  C:\Windows\System\EHyuRON.exe
  2⤵
  PID:2176
- C:\Windows\System\raTecIX.exe
  C:\Windows\System\raTecIX.exe
  2⤵
  PID:1692
- C:\Windows\System\jlEjnOa.exe
  C:\Windows\System\jlEjnOa.exe
  2⤵
  PID:6048
- C:\Windows\System\PYlymhA.exe
  C:\Windows\System\PYlymhA.exe
  2⤵
  PID:7124
- C:\Windows\System\GMsZYDU.exe
  C:\Windows\System\GMsZYDU.exe
  2⤵
  PID:5332
- C:\Windows\System\OpZPrtU.exe
  C:\Windows\System\OpZPrtU.exe
  2⤵
  PID:5444
- C:\Windows\System\zYmlYUv.exe
  C:\Windows\System\zYmlYUv.exe
  2⤵
  PID:6364
- C:\Windows\System\NpysfHx.exe
  C:\Windows\System\NpysfHx.exe
  2⤵
  PID:6888
- C:\Windows\System\moyIzUr.exe
  C:\Windows\System\moyIzUr.exe
  2⤵
  PID:6428
- C:\Windows\System\qpMdUPQ.exe
  C:\Windows\System\qpMdUPQ.exe
  2⤵
  PID:6844
- C:\Windows\System\KCkeajF.exe
  C:\Windows\System\KCkeajF.exe
  2⤵
  PID:2240
- C:\Windows\System\ISHLfgK.exe
  C:\Windows\System\ISHLfgK.exe
  2⤵
  PID:6688
- C:\Windows\System\iQOwVMK.exe
  C:\Windows\System\iQOwVMK.exe
  2⤵
  PID:1032
- C:\Windows\System\RWsVpYF.exe
  C:\Windows\System\RWsVpYF.exe
  2⤵
  PID:6868
- C:\Windows\System\XPjoxuB.exe
  C:\Windows\System\XPjoxuB.exe
  2⤵
  PID:1316
- C:\Windows\System\oaZfkVf.exe
  C:\Windows\System\oaZfkVf.exe
  2⤵
  PID:5836
- C:\Windows\System\HYhofQh.exe
  C:\Windows\System\HYhofQh.exe
  2⤵
  PID:2640
- C:\Windows\System\FGXmpfu.exe
  C:\Windows\System\FGXmpfu.exe
  2⤵
  PID:7052
- C:\Windows\System\bUhrtkn.exe
  C:\Windows\System\bUhrtkn.exe
  2⤵
  PID:2676
- C:\Windows\System\YtZaibu.exe
  C:\Windows\System\YtZaibu.exe
  2⤵
  PID:2812
- C:\Windows\System\BqWWjlB.exe
  C:\Windows\System\BqWWjlB.exe
  2⤵
  PID:2180
- C:\Windows\System\lgHoXeL.exe
  C:\Windows\System\lgHoXeL.exe
  2⤵
  PID:1832
- C:\Windows\System\vknHSYc.exe
  C:\Windows\System\vknHSYc.exe
  2⤵
  PID:1116
- C:\Windows\System\tDhtxtg.exe
  C:\Windows\System\tDhtxtg.exe
  2⤵
  PID:5524
- C:\Windows\System\pgMAIXz.exe
  C:\Windows\System\pgMAIXz.exe
  2⤵
  PID:1068
- C:\Windows\System\XuXlRCB.exe
  C:\Windows\System\XuXlRCB.exe
  2⤵
  PID:6784
- C:\Windows\System\WxQOrmX.exe
  C:\Windows\System\WxQOrmX.exe
  2⤵
  PID:3056
- C:\Windows\System\CftBACN.exe
  C:\Windows\System\CftBACN.exe
  2⤵
  PID:6468
- C:\Windows\System\ruFvZDj.exe
  C:\Windows\System\ruFvZDj.exe
  2⤵
  PID:6648
- C:\Windows\System\jaTvMLb.exe
  C:\Windows\System\jaTvMLb.exe
  2⤵
  PID:6524
- C:\Windows\System\CYhKnZY.exe
  C:\Windows\System\CYhKnZY.exe
  2⤵
  PID:3040
- C:\Windows\System\DnYpwYu.exe
  C:\Windows\System\DnYpwYu.exe
  2⤵
  PID:6360
- C:\Windows\System\quqSqNm.exe
  C:\Windows\System\quqSqNm.exe
  2⤵
  PID:7172
- C:\Windows\System\MyzTHZk.exe
  C:\Windows\System\MyzTHZk.exe
  2⤵
  PID:7188
- C:\Windows\System\iYffyaB.exe
  C:\Windows\System\iYffyaB.exe
  2⤵
  PID:7204
- C:\Windows\System\sddTBtX.exe
  C:\Windows\System\sddTBtX.exe
  2⤵
  PID:7220
- C:\Windows\System\QYGEjHL.exe
  C:\Windows\System\QYGEjHL.exe
  2⤵
  PID:7236
- C:\Windows\System\CwBIjKz.exe
  C:\Windows\System\CwBIjKz.exe
  2⤵
  PID:7252
- C:\Windows\System\kmQXJzx.exe
  C:\Windows\System\kmQXJzx.exe
  2⤵
  PID:7268
- C:\Windows\System\qMJGJnf.exe
  C:\Windows\System\qMJGJnf.exe
  2⤵
  PID:7284
- C:\Windows\System\eUbFRpf.exe
  C:\Windows\System\eUbFRpf.exe
  2⤵
  PID:7300
- C:\Windows\System\cWvFwUw.exe
  C:\Windows\System\cWvFwUw.exe
  2⤵
  PID:7316
- C:\Windows\System\DzmrWwW.exe
  C:\Windows\System\DzmrWwW.exe
  2⤵
  PID:7332
- C:\Windows\System\iEzTFqI.exe
  C:\Windows\System\iEzTFqI.exe
  2⤵
  PID:7348
- C:\Windows\System\wwcuaaB.exe
  C:\Windows\System\wwcuaaB.exe
  2⤵
  PID:7364
- C:\Windows\System\TbbfMPx.exe
  C:\Windows\System\TbbfMPx.exe
  2⤵
  PID:7380
- C:\Windows\System\WisjQHQ.exe
  C:\Windows\System\WisjQHQ.exe
  2⤵
  PID:7396
- C:\Windows\System\pYlkFYJ.exe
  C:\Windows\System\pYlkFYJ.exe
  2⤵
  PID:7412
- C:\Windows\System\IBPQjer.exe
  C:\Windows\System\IBPQjer.exe
  2⤵
  PID:7428
- C:\Windows\System\pOEDKNM.exe
  C:\Windows\System\pOEDKNM.exe
  2⤵
  PID:7444
- C:\Windows\System\ubaWQxb.exe
  C:\Windows\System\ubaWQxb.exe
  2⤵
  PID:7460
- C:\Windows\System\OJmzUnm.exe
  C:\Windows\System\OJmzUnm.exe
  2⤵
  PID:7476
- C:\Windows\System\GLNKWXx.exe
  C:\Windows\System\GLNKWXx.exe
  2⤵
  PID:7492
- C:\Windows\System\QXGXLQp.exe
  C:\Windows\System\QXGXLQp.exe
  2⤵
  PID:7508
- C:\Windows\System\suJXdAm.exe
  C:\Windows\System\suJXdAm.exe
  2⤵
  PID:7532
- C:\Windows\System\eWWwhzF.exe
  C:\Windows\System\eWWwhzF.exe
  2⤵
  PID:7548
- C:\Windows\System\zMrTpOl.exe
  C:\Windows\System\zMrTpOl.exe
  2⤵
  PID:7564
- C:\Windows\System\AGtXeLz.exe
  C:\Windows\System\AGtXeLz.exe
  2⤵
  PID:7580
- C:\Windows\System\GbysoZl.exe
  C:\Windows\System\GbysoZl.exe
  2⤵
  PID:7596
- C:\Windows\System\dNlmgNz.exe
  C:\Windows\System\dNlmgNz.exe
  2⤵
  PID:7612
- C:\Windows\System\GnebJky.exe
  C:\Windows\System\GnebJky.exe
  2⤵
  PID:7632
- C:\Windows\System\eDddWst.exe
  C:\Windows\System\eDddWst.exe
  2⤵
  PID:7648
- C:\Windows\System\zDEmOfF.exe
  C:\Windows\System\zDEmOfF.exe
  2⤵
  PID:7668
- C:\Windows\System\NiMuxkR.exe
  C:\Windows\System\NiMuxkR.exe
  2⤵
  PID:7684
- C:\Windows\System\puKPKQz.exe
  C:\Windows\System\puKPKQz.exe
  2⤵
  PID:7700
- C:\Windows\System\wCQoqlV.exe
  C:\Windows\System\wCQoqlV.exe
  2⤵
  PID:7716
- C:\Windows\System\ukFBGrq.exe
  C:\Windows\System\ukFBGrq.exe
  2⤵
  PID:7732
- C:\Windows\System\GVKDVHU.exe
  C:\Windows\System\GVKDVHU.exe
  2⤵
  PID:7748
- C:\Windows\System\UuyGTEB.exe
  C:\Windows\System\UuyGTEB.exe
  2⤵
  PID:7764
- C:\Windows\System\xIdPpPN.exe
  C:\Windows\System\xIdPpPN.exe
  2⤵
  PID:7784
- C:\Windows\System\IGGPVcL.exe
  C:\Windows\System\IGGPVcL.exe
  2⤵
  PID:7800
- C:\Windows\System\JmAtGWm.exe
  C:\Windows\System\JmAtGWm.exe
  2⤵
  PID:7816
- C:\Windows\System\mSFcLCs.exe
  C:\Windows\System\mSFcLCs.exe
  2⤵
  PID:7832
- C:\Windows\System\lxjajBh.exe
  C:\Windows\System\lxjajBh.exe
  2⤵
  PID:7848
- C:\Windows\System\YABgKwd.exe
  C:\Windows\System\YABgKwd.exe
  2⤵
  PID:7864
- C:\Windows\System\ctbOyRG.exe
  C:\Windows\System\ctbOyRG.exe
  2⤵
  PID:7880
- C:\Windows\System\hMOkvHk.exe
  C:\Windows\System\hMOkvHk.exe
  2⤵
  PID:7896
- C:\Windows\System\xmzhLjW.exe
  C:\Windows\System\xmzhLjW.exe
  2⤵
  PID:7912
- C:\Windows\System\LnpIjRT.exe
  C:\Windows\System\LnpIjRT.exe
  2⤵
  PID:7928
- C:\Windows\System\IyfxUwn.exe
  C:\Windows\System\IyfxUwn.exe
  2⤵
  PID:7944
- C:\Windows\System\imajUbH.exe
  C:\Windows\System\imajUbH.exe
  2⤵
  PID:7960
- C:\Windows\System\qrAWbjV.exe
  C:\Windows\System\qrAWbjV.exe
  2⤵
  PID:7976
- C:\Windows\System\udTWXIU.exe
  C:\Windows\System\udTWXIU.exe
  2⤵
  PID:7992
- C:\Windows\System\yyrCtSj.exe
  C:\Windows\System\yyrCtSj.exe
  2⤵
  PID:8008
- C:\Windows\System\ShInhMb.exe
  C:\Windows\System\ShInhMb.exe
  2⤵
  PID:8024
- C:\Windows\System\DSPedUR.exe
  C:\Windows\System\DSPedUR.exe
  2⤵
  PID:8040
- C:\Windows\System\KcpTBkX.exe
  C:\Windows\System\KcpTBkX.exe
  2⤵
  PID:8056
- C:\Windows\System\PnKWmNU.exe
  C:\Windows\System\PnKWmNU.exe
  2⤵
  PID:8076
- C:\Windows\System\KKVzQzy.exe
  C:\Windows\System\KKVzQzy.exe
  2⤵
  PID:8092
- C:\Windows\System\PtJEBld.exe
  C:\Windows\System\PtJEBld.exe
  2⤵
  PID:8108
- C:\Windows\System\DjMMuhT.exe
  C:\Windows\System\DjMMuhT.exe
  2⤵
  PID:8124
- C:\Windows\System\RzJRdKN.exe
  C:\Windows\System\RzJRdKN.exe
  2⤵
  PID:8140
- C:\Windows\System\STyJXtE.exe
  C:\Windows\System\STyJXtE.exe
  2⤵
  PID:8156
- C:\Windows\System\rBcfakK.exe
  C:\Windows\System\rBcfakK.exe
  2⤵
  PID:8172
- C:\Windows\System\DFVXSPg.exe
  C:\Windows\System\DFVXSPg.exe
  2⤵
  PID:8188
- C:\Windows\System\EhsxGwN.exe
  C:\Windows\System\EhsxGwN.exe
  2⤵
  PID:6508
- C:\Windows\System\islesjT.exe
  C:\Windows\System\islesjT.exe
  2⤵
  PID:2656
- C:\Windows\System\OOkiYsf.exe
  C:\Windows\System\OOkiYsf.exe
  2⤵
  PID:6724
- C:\Windows\System\Lzgxfwm.exe
  C:\Windows\System\Lzgxfwm.exe
  2⤵
  PID:2768
- C:\Windows\System\otFrJnz.exe
  C:\Windows\System\otFrJnz.exe
  2⤵
  PID:880
- C:\Windows\System\BEKcWCT.exe
  C:\Windows\System\BEKcWCT.exe
  2⤵
  PID:7200
- C:\Windows\System\xWAvSjH.exe
  C:\Windows\System\xWAvSjH.exe
  2⤵
  PID:2932
- C:\Windows\System\TlofUtW.exe
  C:\Windows\System\TlofUtW.exe
  2⤵
  PID:7292
- C:\Windows\System\gtHcCjA.exe
  C:\Windows\System\gtHcCjA.exe
  2⤵
  PID:320
- C:\Windows\System\dPPiEZd.exe
  C:\Windows\System\dPPiEZd.exe
  2⤵
  PID:6088
- C:\Windows\System\zRwInGQ.exe
  C:\Windows\System\zRwInGQ.exe
  2⤵
  PID:1656
- C:\Windows\System\RLxjqYV.exe
  C:\Windows\System\RLxjqYV.exe
  2⤵
  PID:7328
- C:\Windows\System\BQQPqph.exe
  C:\Windows\System\BQQPqph.exe
  2⤵
  PID:7216
- C:\Windows\System\NvUTXKY.exe
  C:\Windows\System\NvUTXKY.exe
  2⤵
  PID:7276
- C:\Windows\System\OzkNtUo.exe
  C:\Windows\System\OzkNtUo.exe
  2⤵
  PID:7340
- C:\Windows\System\qJtnEiV.exe
  C:\Windows\System\qJtnEiV.exe
  2⤵
  PID:7392
- C:\Windows\System\oadRluE.exe
  C:\Windows\System\oadRluE.exe
  2⤵
  PID:2072
- C:\Windows\System\IGeThlF.exe
  C:\Windows\System\IGeThlF.exe
  2⤵
  PID:7408
- C:\Windows\System\jjdwCvB.exe
  C:\Windows\System\jjdwCvB.exe
  2⤵
  PID:7436
- C:\Windows\System\STIVhKJ.exe
  C:\Windows\System\STIVhKJ.exe
  2⤵
  PID:7528
- C:\Windows\System\tMqGAan.exe
  C:\Windows\System\tMqGAan.exe
  2⤵
  PID:7472
- C:\Windows\System\WIlyQVC.exe
  C:\Windows\System\WIlyQVC.exe
  2⤵
  PID:2892
- C:\Windows\System\HMFVmXm.exe
  C:\Windows\System\HMFVmXm.exe
  2⤵
  PID:7540
- C:\Windows\System\BjYknyf.exe
  C:\Windows\System\BjYknyf.exe
  2⤵
  PID:7576
- C:\Windows\System\eGrRMhq.exe
  C:\Windows\System\eGrRMhq.exe
  2⤵
  PID:7660
- C:\Windows\System\iwZAhwl.exe
  C:\Windows\System\iwZAhwl.exe
  2⤵
  PID:7676
- C:\Windows\System\gPkcXdm.exe
  C:\Windows\System\gPkcXdm.exe
  2⤵
  PID:344
- C:\Windows\System\ubJpfLo.exe
  C:\Windows\System\ubJpfLo.exe
  2⤵
  PID:2888
- C:\Windows\System\eDGgIPt.exe
  C:\Windows\System\eDGgIPt.exe
  2⤵
  PID:844
- C:\Windows\System\WsDxiHn.exe
  C:\Windows\System\WsDxiHn.exe
  2⤵
  PID:7760
- C:\Windows\System\RLLKQri.exe
  C:\Windows\System\RLLKQri.exe
  2⤵
  PID:2320
- C:\Windows\System\gyjfPNl.exe
  C:\Windows\System\gyjfPNl.exe
  2⤵
  PID:1948
- C:\Windows\System\FKhRvfy.exe
  C:\Windows\System\FKhRvfy.exe
  2⤵
  PID:7780
- C:\Windows\System\aUkChOY.exe
  C:\Windows\System\aUkChOY.exe
  2⤵
  PID:7844
- C:\Windows\System\rKwExtF.exe
  C:\Windows\System\rKwExtF.exe
  2⤵
  PID:7856
- C:\Windows\System\gINrxOT.exe
  C:\Windows\System\gINrxOT.exe
  2⤵
  PID:7924
- C:\Windows\System\eJRfbRw.exe
  C:\Windows\System\eJRfbRw.exe
  2⤵
  PID:7984
- C:\Windows\System\AZEVKuw.exe
  C:\Windows\System\AZEVKuw.exe
  2⤵
  PID:7968
- C:\Windows\System\QiXuasa.exe
  C:\Windows\System\QiXuasa.exe
  2⤵
  PID:8000
- C:\Windows\System\ZvnhUMi.exe
  C:\Windows\System\ZvnhUMi.exe
  2⤵
  PID:8036
- C:\Windows\System\lsSDBrc.exe
  C:\Windows\System\lsSDBrc.exe
  2⤵
  PID:8100
- C:\Windows\System\wvpvJgI.exe
  C:\Windows\System\wvpvJgI.exe
  2⤵
  PID:8164
- C:\Windows\System\weyAPCB.exe
  C:\Windows\System\weyAPCB.exe
  2⤵
  PID:2260
- C:\Windows\System\JmecDDW.exe
  C:\Windows\System\JmecDDW.exe
  2⤵
  PID:8020
- C:\Windows\System\hahHfuZ.exe
  C:\Windows\System\hahHfuZ.exe
  2⤵
  PID:8148
- C:\Windows\System\DjSOdwV.exe
  C:\Windows\System\DjSOdwV.exe
  2⤵
  PID:8152
- C:\Windows\System\NLZYDqr.exe
  C:\Windows\System\NLZYDqr.exe
  2⤵
  PID:7196
- C:\Windows\System\MxYcTQc.exe
  C:\Windows\System\MxYcTQc.exe
  2⤵
  PID:6984
- C:\Windows\System\SOdIRxB.exe
  C:\Windows\System\SOdIRxB.exe
  2⤵
  PID:5180
- C:\Windows\System\CCEubOF.exe
  C:\Windows\System\CCEubOF.exe
  2⤵
  PID:7324
- C:\Windows\System\ZRRDKKK.exe
  C:\Windows\System\ZRRDKKK.exe
  2⤵
  PID:7184
- C:\Windows\System\gdRdHHD.exe
  C:\Windows\System\gdRdHHD.exe
  2⤵
  PID:7404
- C:\Windows\System\VMqoqdP.exe
  C:\Windows\System\VMqoqdP.exe
  2⤵
  PID:7312
- C:\Windows\System\xAqSYBy.exe
  C:\Windows\System\xAqSYBy.exe
  2⤵
  PID:7488
- C:\Windows\System\yeRIxnK.exe
  C:\Windows\System\yeRIxnK.exe
  2⤵
  PID:7560
- C:\Windows\System\NKuSSrW.exe
  C:\Windows\System\NKuSSrW.exe
  2⤵
  PID:7680
- C:\Windows\System\Jbzbwku.exe
  C:\Windows\System\Jbzbwku.exe
  2⤵
  PID:2808
- C:\Windows\System\MmvSbbc.exe
  C:\Windows\System\MmvSbbc.exe
  2⤵
  PID:7656
- C:\Windows\System\mEyUimf.exe
  C:\Windows\System\mEyUimf.exe
  2⤵
  PID:2380
- C:\Windows\System\fdZoqft.exe
  C:\Windows\System\fdZoqft.exe
  2⤵
  PID:1180
- C:\Windows\System\kqWMITk.exe
  C:\Windows\System\kqWMITk.exe
  2⤵
  PID:7828
- C:\Windows\System\zzyLOSa.exe
  C:\Windows\System\zzyLOSa.exe
  2⤵
  PID:2956
- C:\Windows\System\kuzqrRU.exe
  C:\Windows\System\kuzqrRU.exe
  2⤵
  PID:7920
- C:\Windows\System\BAaHsJg.exe
  C:\Windows\System\BAaHsJg.exe
  2⤵
  PID:7952
- C:\Windows\System\TnDyAOB.exe
  C:\Windows\System\TnDyAOB.exe
  2⤵
  PID:8068
- C:\Windows\System\vhlxRtI.exe
  C:\Windows\System\vhlxRtI.exe
  2⤵
  PID:2984
- C:\Windows\System\zTDSZYv.exe
  C:\Windows\System\zTDSZYv.exe
  2⤵
  PID:8132
- C:\Windows\System\GaEYgcs.exe
  C:\Windows\System\GaEYgcs.exe
  2⤵
  PID:7144
- C:\Windows\System\YACbpFv.exe
  C:\Windows\System\YACbpFv.exe
  2⤵
  PID:8184
- C:\Windows\System\llaVpYA.exe
  C:\Windows\System\llaVpYA.exe
  2⤵
  PID:7624
- C:\Windows\System\FTEecxs.exe
  C:\Windows\System\FTEecxs.exe
  2⤵
  PID:5536
- C:\Windows\System\fXOxnXa.exe
  C:\Windows\System\fXOxnXa.exe
  2⤵
  PID:7376
- C:\Windows\System\Nmpuwtv.exe
  C:\Windows\System\Nmpuwtv.exe
  2⤵
  PID:7484
- C:\Windows\System\NJEeaNH.exe
  C:\Windows\System\NJEeaNH.exe
  2⤵
  PID:7644
- C:\Windows\System\QwZpziK.exe
  C:\Windows\System\QwZpziK.exe
  2⤵
  PID:7588
- C:\Windows\System\FLPdzeh.exe
  C:\Windows\System\FLPdzeh.exe
  2⤵
  PID:2288
- C:\Windows\System\QODazMe.exe
  C:\Windows\System\QODazMe.exe
  2⤵
  PID:7904
- C:\Windows\System\onAhcQC.exe
  C:\Windows\System\onAhcQC.exe
  2⤵
  PID:6720
- C:\Windows\System\VRGypVv.exe
  C:\Windows\System\VRGypVv.exe
  2⤵
  PID:7940
- C:\Windows\System\TfqCppu.exe
  C:\Windows\System\TfqCppu.exe
  2⤵
  PID:8116
- C:\Windows\System\GAwSuSx.exe
  C:\Windows\System\GAwSuSx.exe
  2⤵
  PID:7344
- C:\Windows\System\wtzhKcn.exe
  C:\Windows\System\wtzhKcn.exe
  2⤵
  PID:7776
- C:\Windows\System\ENGBXuj.exe
  C:\Windows\System\ENGBXuj.exe
  2⤵
  PID:7692
- C:\Windows\System\IjaqDSh.exe
  C:\Windows\System\IjaqDSh.exe
  2⤵
  PID:7608
- C:\Windows\System\EBskfNb.exe
  C:\Windows\System\EBskfNb.exe
  2⤵
  PID:8200
- C:\Windows\System\AtwvrxL.exe
  C:\Windows\System\AtwvrxL.exe
  2⤵
  PID:8216
- C:\Windows\System\lruiYdr.exe
  C:\Windows\System\lruiYdr.exe
  2⤵
  PID:8232
- C:\Windows\System\fieBUIX.exe
  C:\Windows\System\fieBUIX.exe
  2⤵
  PID:8248
- C:\Windows\System\gSwHwIY.exe
  C:\Windows\System\gSwHwIY.exe
  2⤵
  PID:8264
- C:\Windows\System\uBXATqB.exe
  C:\Windows\System\uBXATqB.exe
  2⤵
  PID:8280
- C:\Windows\System\mLnjsFi.exe
  C:\Windows\System\mLnjsFi.exe
  2⤵
  PID:8296
- C:\Windows\System\ZrfnTUJ.exe
  C:\Windows\System\ZrfnTUJ.exe
  2⤵
  PID:8312
- C:\Windows\System\naYhXuu.exe
  C:\Windows\System\naYhXuu.exe
  2⤵
  PID:8328
- C:\Windows\System\tBAQnsS.exe
  C:\Windows\System\tBAQnsS.exe
  2⤵
  PID:8344
- C:\Windows\System\cZKOcmO.exe
  C:\Windows\System\cZKOcmO.exe
  2⤵
  PID:8360
- C:\Windows\System\CdbvuPJ.exe
  C:\Windows\System\CdbvuPJ.exe
  2⤵
  PID:8376
- C:\Windows\System\oCGhdsp.exe
  C:\Windows\System\oCGhdsp.exe
  2⤵
  PID:8392
- C:\Windows\System\nEDNDkw.exe
  C:\Windows\System\nEDNDkw.exe
  2⤵
  PID:8408
- C:\Windows\System\BbHEomu.exe
  C:\Windows\System\BbHEomu.exe
  2⤵
  PID:8424
- C:\Windows\System\UfmnZfe.exe
  C:\Windows\System\UfmnZfe.exe
  2⤵
  PID:8440
- C:\Windows\System\rHpaPTv.exe
  C:\Windows\System\rHpaPTv.exe
  2⤵
  PID:8456
- C:\Windows\System\cMmwCjA.exe
  C:\Windows\System\cMmwCjA.exe
  2⤵
  PID:8472
- C:\Windows\System\kBqoVyC.exe
  C:\Windows\System\kBqoVyC.exe
  2⤵
  PID:8488
- C:\Windows\System\HplRpUw.exe
  C:\Windows\System\HplRpUw.exe
  2⤵
  PID:8504
- C:\Windows\System\HlLWhan.exe
  C:\Windows\System\HlLWhan.exe
  2⤵
  PID:8520
- C:\Windows\System\SOvVerc.exe
  C:\Windows\System\SOvVerc.exe
  2⤵
  PID:8536
- C:\Windows\System\BblLPZx.exe
  C:\Windows\System\BblLPZx.exe
  2⤵
  PID:8552
- C:\Windows\System\kFWwEcZ.exe
  C:\Windows\System\kFWwEcZ.exe
  2⤵
  PID:8568
- C:\Windows\System\SthASPQ.exe
  C:\Windows\System\SthASPQ.exe
  2⤵
  PID:8584
- C:\Windows\System\XniQpir.exe
  C:\Windows\System\XniQpir.exe
  2⤵
  PID:8600
- C:\Windows\System\fmUKyJj.exe
  C:\Windows\System\fmUKyJj.exe
  2⤵
  PID:8616
- C:\Windows\System\VSVGirw.exe
  C:\Windows\System\VSVGirw.exe
  2⤵
  PID:8632
- C:\Windows\System\DWyMOQl.exe
  C:\Windows\System\DWyMOQl.exe
  2⤵
  PID:8648
- C:\Windows\System\bkXrVRD.exe
  C:\Windows\System\bkXrVRD.exe
  2⤵
  PID:8664
- C:\Windows\System\brlBmbl.exe
  C:\Windows\System\brlBmbl.exe
  2⤵
  PID:8680
- C:\Windows\System\gtCaTkn.exe
  C:\Windows\System\gtCaTkn.exe
  2⤵
  PID:8696
- C:\Windows\System\FEmCOUb.exe
  C:\Windows\System\FEmCOUb.exe
  2⤵
  PID:8712
- C:\Windows\System\LLcOfdC.exe
  C:\Windows\System\LLcOfdC.exe
  2⤵
  PID:8728
- C:\Windows\System\tQgdsSr.exe
  C:\Windows\System\tQgdsSr.exe
  2⤵
  PID:8744
- C:\Windows\System\xWAwDTg.exe
  C:\Windows\System\xWAwDTg.exe
  2⤵
  PID:8760
- C:\Windows\System\wcXFapx.exe
  C:\Windows\System\wcXFapx.exe
  2⤵
  PID:8780
- C:\Windows\System\aomAEcK.exe
  C:\Windows\System\aomAEcK.exe
  2⤵
  PID:8796
- C:\Windows\System\TSHBIqS.exe
  C:\Windows\System\TSHBIqS.exe
  2⤵
  PID:8812
- C:\Windows\System\ZMsRmas.exe
  C:\Windows\System\ZMsRmas.exe
  2⤵
  PID:8828
- C:\Windows\System\jHRXrUb.exe
  C:\Windows\System\jHRXrUb.exe
  2⤵
  PID:8844
- C:\Windows\System\bAXfxgt.exe
  C:\Windows\System\bAXfxgt.exe
  2⤵
  PID:8860
- C:\Windows\System\VRgArCv.exe
  C:\Windows\System\VRgArCv.exe
  2⤵
  PID:8876
- C:\Windows\System\oJyGJbs.exe
  C:\Windows\System\oJyGJbs.exe
  2⤵
  PID:8892
- C:\Windows\System\NZeNaNX.exe
  C:\Windows\System\NZeNaNX.exe
  2⤵
  PID:8908
- C:\Windows\System\BQfvhnt.exe
  C:\Windows\System\BQfvhnt.exe
  2⤵
  PID:8924
- C:\Windows\System\TLDvzmi.exe
  C:\Windows\System\TLDvzmi.exe
  2⤵
  PID:8940
- C:\Windows\System\wmlESnw.exe
  C:\Windows\System\wmlESnw.exe
  2⤵
  PID:8956
- C:\Windows\System\hFVZaPC.exe
  C:\Windows\System\hFVZaPC.exe
  2⤵
  PID:8972
- C:\Windows\System\cutXdwX.exe
  C:\Windows\System\cutXdwX.exe
  2⤵
  PID:8988
- C:\Windows\System\VFycxbD.exe
  C:\Windows\System\VFycxbD.exe
  2⤵
  PID:9004
- C:\Windows\System\DuhrnVn.exe
  C:\Windows\System\DuhrnVn.exe
  2⤵
  PID:9020
- C:\Windows\System\ckmqOSs.exe
  C:\Windows\System\ckmqOSs.exe
  2⤵
  PID:9036
- C:\Windows\System\BlfySNl.exe
  C:\Windows\System\BlfySNl.exe
  2⤵
  PID:9052
- C:\Windows\System\MzSnrQy.exe
  C:\Windows\System\MzSnrQy.exe
  2⤵
  PID:9068
- C:\Windows\System\jDZsguX.exe
  C:\Windows\System\jDZsguX.exe
  2⤵
  PID:9084
- C:\Windows\System\ErvghGX.exe
  C:\Windows\System\ErvghGX.exe
  2⤵
  PID:9100
- C:\Windows\System\tnncZfx.exe
  C:\Windows\System\tnncZfx.exe
  2⤵
  PID:9120
- C:\Windows\System\AaiFnOl.exe
  C:\Windows\System\AaiFnOl.exe
  2⤵
  PID:9136
- C:\Windows\System\hjOgSdn.exe
  C:\Windows\System\hjOgSdn.exe
  2⤵
  PID:9152
- C:\Windows\System\zSvRUoY.exe
  C:\Windows\System\zSvRUoY.exe
  2⤵
  PID:9168
- C:\Windows\System\pDJGVvI.exe
  C:\Windows\System\pDJGVvI.exe
  2⤵
  PID:9184
- C:\Windows\System\jiWIdcy.exe
  C:\Windows\System\jiWIdcy.exe
  2⤵
  PID:9200
- C:\Windows\System\WkPThka.exe
  C:\Windows\System\WkPThka.exe
  2⤵
  PID:1240
- C:\Windows\System\gEUucwL.exe
  C:\Windows\System\gEUucwL.exe
  2⤵
  PID:8224
- C:\Windows\System\mKcSPYj.exe
  C:\Windows\System\mKcSPYj.exe
  2⤵
  PID:8260
- C:\Windows\System\NUMHsUk.exe
  C:\Windows\System\NUMHsUk.exe
  2⤵
  PID:8320
- C:\Windows\System\xPdEnOo.exe
  C:\Windows\System\xPdEnOo.exe
  2⤵
  PID:7840
- C:\Windows\System\RfMeJSE.exe
  C:\Windows\System\RfMeJSE.exe
  2⤵
  PID:8304
- C:\Windows\System\XIwkkct.exe
  C:\Windows\System\XIwkkct.exe
  2⤵
  PID:8016
- C:\Windows\System\LIZbFUU.exe
  C:\Windows\System\LIZbFUU.exe
  2⤵
  PID:8420
- C:\Windows\System\WHNGMDD.exe
  C:\Windows\System\WHNGMDD.exe
  2⤵
  PID:8452
- C:\Windows\System\NoktkZv.exe
  C:\Windows\System\NoktkZv.exe
  2⤵
  PID:8272
- C:\Windows\System\mVoYFAz.exe
  C:\Windows\System\mVoYFAz.exe
  2⤵
  PID:8480
- C:\Windows\System\wRsavFa.exe
  C:\Windows\System\wRsavFa.exe
  2⤵
  PID:8544
- C:\Windows\System\dVhRExZ.exe
  C:\Windows\System\dVhRExZ.exe
  2⤵
  PID:8612
- C:\Windows\System\BqHykfe.exe
  C:\Windows\System\BqHykfe.exe
  2⤵
  PID:8464
- C:\Windows\System\iasbYuR.exe
  C:\Windows\System\iasbYuR.exe
  2⤵
  PID:8432
- C:\Windows\System\SIOyIhd.exe
  C:\Windows\System\SIOyIhd.exe
  2⤵
  PID:8596
- C:\Windows\System\fPuLxfX.exe
  C:\Windows\System\fPuLxfX.exe
  2⤵
  PID:8532
- C:\Windows\System\YfbceKm.exe
  C:\Windows\System\YfbceKm.exe
  2⤵
  PID:8628
- C:\Windows\System\lrDtbmG.exe
  C:\Windows\System\lrDtbmG.exe
  2⤵
  PID:8676
- C:\Windows\System\ZnKJHsh.exe
  C:\Windows\System\ZnKJHsh.exe
  2⤵
  PID:8768
- C:\Windows\System\yqqERIm.exe
  C:\Windows\System\yqqERIm.exe
  2⤵
  PID:8692
- C:\Windows\System\IPYuCoh.exe
  C:\Windows\System\IPYuCoh.exe
  2⤵
  PID:8772
- C:\Windows\System\kjjSpVP.exe
  C:\Windows\System\kjjSpVP.exe
  2⤵
  PID:8840
- C:\Windows\System\wwAroik.exe
  C:\Windows\System\wwAroik.exe
  2⤵
  PID:8872
- C:\Windows\System\evlGxIG.exe
  C:\Windows\System\evlGxIG.exe
  2⤵
  PID:8856
- C:\Windows\System\UjuccXH.exe
  C:\Windows\System\UjuccXH.exe
  2⤵
  PID:8904
- C:\Windows\System\erZgdzb.exe
  C:\Windows\System\erZgdzb.exe
  2⤵
  PID:8968
- C:\Windows\System\BEpgPQT.exe
  C:\Windows\System\BEpgPQT.exe
  2⤵
  PID:9032
- C:\Windows\System\LZrYEuh.exe
  C:\Windows\System\LZrYEuh.exe
  2⤵
  PID:9096
- C:\Windows\System\vqDhMme.exe
  C:\Windows\System\vqDhMme.exe
  2⤵
  PID:9192
- C:\Windows\System\gxNcNEU.exe
  C:\Windows\System\gxNcNEU.exe
  2⤵
  PID:8196
- C:\Windows\System\QkVgCuK.exe
  C:\Windows\System\QkVgCuK.exe
  2⤵
  PID:8388
- C:\Windows\System\qKrAzqV.exe
  C:\Windows\System\qKrAzqV.exe
  2⤵
  PID:8212
- C:\Windows\System\haozpAv.exe
  C:\Windows\System\haozpAv.exe
  2⤵
  PID:8920
- C:\Windows\System\gqFrCaB.exe
  C:\Windows\System\gqFrCaB.exe
  2⤵
  PID:8952
- C:\Windows\System\VIFlVtD.exe
  C:\Windows\System\VIFlVtD.exe
  2⤵
  PID:9116
- C:\Windows\System\uMIdBQS.exe
  C:\Windows\System\uMIdBQS.exe
  2⤵
  PID:9144
- C:\Windows\System\vITlVQV.exe
  C:\Windows\System\vITlVQV.exe
  2⤵
  PID:9212
- C:\Windows\System\URoAxUv.exe
  C:\Windows\System\URoAxUv.exe
  2⤵
  PID:8356
- C:\Windows\System\rCnIynj.exe
  C:\Windows\System\rCnIynj.exe
  2⤵
  PID:8448
- C:\Windows\System\BusvzoR.exe
  C:\Windows\System\BusvzoR.exe
  2⤵
  PID:8608
- C:\Windows\System\XaSErdB.exe
  C:\Windows\System\XaSErdB.exe
  2⤵
  PID:2700
- C:\Windows\System\GhyQlAW.exe
  C:\Windows\System\GhyQlAW.exe
  2⤵
  PID:9016
- C:\Windows\System\baaxdQY.exe
  C:\Windows\System\baaxdQY.exe
  2⤵
  PID:8516
- C:\Windows\System\LseUAWD.exe
  C:\Windows\System\LseUAWD.exe
  2⤵
  PID:7604
- C:\Windows\System\NwBQFrb.exe
  C:\Windows\System\NwBQFrb.exe
  2⤵
  PID:8400
- C:\Windows\System\glrNvJV.exe
  C:\Windows\System\glrNvJV.exe
  2⤵
  PID:8624
- C:\Windows\System\NsmKdTt.exe
  C:\Windows\System\NsmKdTt.exe
  2⤵
  PID:8644
- C:\Windows\System\sJMhhLd.exe
  C:\Windows\System\sJMhhLd.exe
  2⤵
  PID:8708
- C:\Windows\System\rgSTLqY.exe
  C:\Windows\System\rgSTLqY.exe
  2⤵
  PID:8900
- C:\Windows\System\trYeCKY.exe
  C:\Windows\System\trYeCKY.exe
  2⤵
  PID:8852
- C:\Windows\System\WmCosBj.exe
  C:\Windows\System\WmCosBj.exe
  2⤵
  PID:9132
- C:\Windows\System\sYucvbr.exe
  C:\Windows\System\sYucvbr.exe
  2⤵
  PID:8980
- C:\Windows\System\KVfbFcS.exe
  C:\Windows\System\KVfbFcS.exe
  2⤵
  PID:9176
- C:\Windows\System\uDgAUuC.exe
  C:\Windows\System\uDgAUuC.exe
  2⤵
  PID:7180
- C:\Windows\System\PuiZNcn.exe
  C:\Windows\System\PuiZNcn.exe
  2⤵
  PID:9160
- C:\Windows\System\VsqQWQu.exe
  C:\Windows\System\VsqQWQu.exe
  2⤵
  PID:8592
- C:\Windows\System\AJxuTKc.exe
  C:\Windows\System\AJxuTKc.exe
  2⤵
  PID:9000
- C:\Windows\System\tVYAnHO.exe
  C:\Windows\System\tVYAnHO.exe
  2⤵
  PID:9080
- C:\Windows\System\bkXRxQH.exe
  C:\Windows\System\bkXRxQH.exe
  2⤵
  PID:8836
- C:\Windows\System\CVmwXxI.exe
  C:\Windows\System\CVmwXxI.exe
  2⤵
  PID:8352
- C:\Windows\System\bClqHuN.exe
  C:\Windows\System\bClqHuN.exe
  2⤵
  PID:8752
- C:\Windows\System\tQOPEgv.exe
  C:\Windows\System\tQOPEgv.exe
  2⤵
  PID:8824
- C:\Windows\System\mojegQB.exe
  C:\Windows\System\mojegQB.exe
  2⤵
  PID:9028
- C:\Windows\System\RKtyNvT.exe
  C:\Windows\System\RKtyNvT.exe
  2⤵
  PID:9220
- C:\Windows\System\FrPpTsY.exe
  C:\Windows\System\FrPpTsY.exe
  2⤵
  PID:9244
- C:\Windows\System\dvESnrV.exe
  C:\Windows\System\dvESnrV.exe
  2⤵
  PID:9272
- C:\Windows\System\oWBPpgc.exe
  C:\Windows\System\oWBPpgc.exe
  2⤵
  PID:9288
- C:\Windows\System\dnoqyap.exe
  C:\Windows\System\dnoqyap.exe
  2⤵
  PID:9324
- C:\Windows\System\sCGunPk.exe
  C:\Windows\System\sCGunPk.exe
  2⤵
  PID:9348
- C:\Windows\System\eavIQsQ.exe
  C:\Windows\System\eavIQsQ.exe
  2⤵
  PID:9372
- C:\Windows\System\ioSbhEz.exe
  C:\Windows\System\ioSbhEz.exe
  2⤵
  PID:9516
- C:\Windows\System\LUOwgAj.exe
  C:\Windows\System\LUOwgAj.exe
  2⤵
  PID:9540
- C:\Windows\System\KSTCjBR.exe
  C:\Windows\System\KSTCjBR.exe
  2⤵
  PID:9556
- C:\Windows\System\UDHtoRO.exe
  C:\Windows\System\UDHtoRO.exe
  2⤵
  PID:9572
- C:\Windows\System\cTBTVAg.exe
  C:\Windows\System\cTBTVAg.exe
  2⤵
  PID:9588
- C:\Windows\System\RugkXUN.exe
  C:\Windows\System\RugkXUN.exe
  2⤵
  PID:9604
- C:\Windows\System\QiOYAEF.exe
  C:\Windows\System\QiOYAEF.exe
  2⤵
  PID:9620
- C:\Windows\System\aNpFxba.exe
  C:\Windows\System\aNpFxba.exe
  2⤵
  PID:9636
- C:\Windows\System\xStxWQB.exe
  C:\Windows\System\xStxWQB.exe
  2⤵
  PID:9652
- C:\Windows\System\WpGJUQQ.exe
  C:\Windows\System\WpGJUQQ.exe
  2⤵
  PID:9668
- C:\Windows\System\uLkbovF.exe
  C:\Windows\System\uLkbovF.exe
  2⤵
  PID:9684
- C:\Windows\System\qCBVjyV.exe
  C:\Windows\System\qCBVjyV.exe
  2⤵
  PID:9700
- C:\Windows\System\xBwPEoo.exe
  C:\Windows\System\xBwPEoo.exe
  2⤵
  PID:9716
- C:\Windows\System\rQFQrXA.exe
  C:\Windows\System\rQFQrXA.exe
  2⤵
  PID:9732
- C:\Windows\System\PatWHfq.exe
  C:\Windows\System\PatWHfq.exe
  2⤵
  PID:9748
- C:\Windows\System\qFepFRo.exe
  C:\Windows\System\qFepFRo.exe
  2⤵
  PID:9764
- C:\Windows\System\vpNQMxw.exe
  C:\Windows\System\vpNQMxw.exe
  2⤵
  PID:9780
- C:\Windows\System\PKBfFxl.exe
  C:\Windows\System\PKBfFxl.exe
  2⤵
  PID:9796
- C:\Windows\System\ErnMBao.exe
  C:\Windows\System\ErnMBao.exe
  2⤵
  PID:9812
- C:\Windows\System\LknMbHr.exe
  C:\Windows\System\LknMbHr.exe
  2⤵
  PID:9828
- C:\Windows\System\eyPUwON.exe
  C:\Windows\System\eyPUwON.exe
  2⤵
  PID:9844
- C:\Windows\System\CyLDnBd.exe
  C:\Windows\System\CyLDnBd.exe
  2⤵
  PID:9864
- C:\Windows\System\afQQEHl.exe
  C:\Windows\System\afQQEHl.exe
  2⤵
  PID:9880
- C:\Windows\System\TGVcnfo.exe
  C:\Windows\System\TGVcnfo.exe
  2⤵
  PID:9896
- C:\Windows\System\IfDDATd.exe
  C:\Windows\System\IfDDATd.exe
  2⤵
  PID:9912
- C:\Windows\System\GPsnvHr.exe
  C:\Windows\System\GPsnvHr.exe
  2⤵
  PID:9928
- C:\Windows\System\XZOhLKA.exe
  C:\Windows\System\XZOhLKA.exe
  2⤵
  PID:9948
- C:\Windows\System\lmMgBog.exe
  C:\Windows\System\lmMgBog.exe
  2⤵
  PID:9964
- C:\Windows\System\nBtKbAY.exe
  C:\Windows\System\nBtKbAY.exe
  2⤵
  PID:9980
- C:\Windows\System\QNyxElE.exe
  C:\Windows\System\QNyxElE.exe
  2⤵
  PID:9996
- C:\Windows\System\gPCIXUM.exe
  C:\Windows\System\gPCIXUM.exe
  2⤵
  PID:10016
- C:\Windows\System\WlzokDh.exe
  C:\Windows\System\WlzokDh.exe
  2⤵
  PID:10060
- C:\Windows\System\NEPudEw.exe
  C:\Windows\System\NEPudEw.exe
  2⤵
  PID:10076
- C:\Windows\System\QrgdPeD.exe
  C:\Windows\System\QrgdPeD.exe
  2⤵
  PID:10092
- C:\Windows\System\fySmSjB.exe
  C:\Windows\System\fySmSjB.exe
  2⤵
  PID:10108
- C:\Windows\System\mNmJJpm.exe
  C:\Windows\System\mNmJJpm.exe
  2⤵
  PID:10132
- C:\Windows\System\CyNeqQK.exe
  C:\Windows\System\CyNeqQK.exe
  2⤵
  PID:10148
- C:\Windows\System\YGfxZfM.exe
  C:\Windows\System\YGfxZfM.exe
  2⤵
  PID:8308
- C:\Windows\System\vYUdfvY.exe
  C:\Windows\System\vYUdfvY.exe
  2⤵
  PID:9260
- C:\Windows\System\atUFAKX.exe
  C:\Windows\System\atUFAKX.exe
  2⤵
  PID:8672
- C:\Windows\System\PJEcgNI.exe
  C:\Windows\System\PJEcgNI.exe
  2⤵
  PID:9280
- C:\Windows\System\JNogKUz.exe
  C:\Windows\System\JNogKUz.exe
  2⤵
  PID:9444
- C:\Windows\System\whLzway.exe
  C:\Windows\System\whLzway.exe
  2⤵
  PID:9772
- C:\Windows\System\wMTYanS.exe
  C:\Windows\System\wMTYanS.exe
  2⤵
  PID:9528
- C:\Windows\System\iwdBVqO.exe
  C:\Windows\System\iwdBVqO.exe
  2⤵
  PID:10116
- C:\Windows\System\yXnRhJe.exe
  C:\Windows\System\yXnRhJe.exe
  2⤵
  PID:9252
- C:\Windows\System\AXeaCif.exe
  C:\Windows\System\AXeaCif.exe
  2⤵
  PID:10192
- C:\Windows\System\tZCdWOq.exe
  C:\Windows\System\tZCdWOq.exe
  2⤵
  PID:9548
- C:\Windows\System\NMkOxFr.exe
  C:\Windows\System\NMkOxFr.exe
  2⤵
  PID:9628
- C:\Windows\System\xuZePFk.exe
  C:\Windows\System\xuZePFk.exe
  2⤵
  PID:9744
- C:\Windows\System\ULYRqeU.exe
  C:\Windows\System\ULYRqeU.exe
  2⤵
  PID:9664
- C:\Windows\System\BtTqnsk.exe
  C:\Windows\System\BtTqnsk.exe
  2⤵
  PID:9696
- C:\Windows\System\GEmJykf.exe
  C:\Windows\System\GEmJykf.exe
  2⤵
  PID:10012
- C:\Windows\System\vTwVdPZ.exe
  C:\Windows\System\vTwVdPZ.exe
  2⤵
  PID:9992
- C:\Windows\System\RYLJTia.exe
  C:\Windows\System\RYLJTia.exe
  2⤵
  PID:10004
- C:\Windows\System\tqCATLi.exe
  C:\Windows\System\tqCATLi.exe
  2⤵
  PID:10088
- C:\Windows\System\AZQFgOJ.exe
  C:\Windows\System\AZQFgOJ.exe
  2⤵
  PID:10168
- C:\Windows\System\KWPqbTu.exe
  C:\Windows\System\KWPqbTu.exe
  2⤵
  PID:10220
- C:\Windows\System\EIlmHDj.exe
  C:\Windows\System\EIlmHDj.exe
  2⤵
  PID:10180
- C:\Windows\System\qQCBgaV.exe
  C:\Windows\System\qQCBgaV.exe
  2⤵
  PID:10228
- C:\Windows\System\QAfpqTn.exe
  C:\Windows\System\QAfpqTn.exe
  2⤵
  PID:8240
- C:\Windows\System\LQzfUcd.exe
  C:\Windows\System\LQzfUcd.exe
  2⤵
  PID:9236
- C:\Windows\System\FxpgtZr.exe
  C:\Windows\System\FxpgtZr.exe
  2⤵
  PID:9240
- C:\Windows\System\EDBSXrt.exe
  C:\Windows\System\EDBSXrt.exe
  2⤵
  PID:9332
- C:\Windows\System\lYvoHzw.exe
  C:\Windows\System\lYvoHzw.exe
  2⤵
  PID:9296
- C:\Windows\System\GCtmLPr.exe
  C:\Windows\System\GCtmLPr.exe
  2⤵
  PID:8500
- C:\Windows\System\gbrcupw.exe
  C:\Windows\System\gbrcupw.exe
  2⤵
  PID:9412
- C:\Windows\System\Jnnywkt.exe
  C:\Windows\System\Jnnywkt.exe
  2⤵
  PID:9428
- C:\Windows\System\QIKocWW.exe
  C:\Windows\System\QIKocWW.exe
  2⤵
  PID:9476
- C:\Windows\System\TLozDvt.exe
  C:\Windows\System\TLozDvt.exe
  2⤵
  PID:9632
- C:\Windows\System\EEycWXY.exe
  C:\Windows\System\EEycWXY.exe
  2⤵
  PID:9492
- C:\Windows\System\YmsFifA.exe
  C:\Windows\System\YmsFifA.exe
  2⤵
  PID:9596
- C:\Windows\System\JGYskHJ.exe
  C:\Windows\System\JGYskHJ.exe
  2⤵
  PID:2716
- C:\Windows\System\ElPuQSr.exe
  C:\Windows\System\ElPuQSr.exe
  2⤵
  PID:9820
- C:\Windows\System\lWFeuKy.exe
  C:\Windows\System\lWFeuKy.exe
  2⤵
  PID:9856
- C:\Windows\System\gAJxisn.exe
  C:\Windows\System\gAJxisn.exe
  2⤵
  PID:7756
- C:\Windows\System\ZeTNdQG.exe
  C:\Windows\System\ZeTNdQG.exe
  2⤵
  PID:9740
- C:\Windows\System\pydGJlQ.exe
  C:\Windows\System\pydGJlQ.exe
  2⤵
  PID:10068
- C:\Windows\System\XjQhUCB.exe
  C:\Windows\System\XjQhUCB.exe
  2⤵
  PID:10084
- C:\Windows\System\HWbbDmi.exe
  C:\Windows\System\HWbbDmi.exe
  2⤵
  PID:8888
- C:\Windows\System\mUjYfgQ.exe
  C:\Windows\System\mUjYfgQ.exe
  2⤵
  PID:9644
- C:\Windows\System\isJBFaj.exe
  C:\Windows\System\isJBFaj.exe
  2⤵
  PID:9836
- C:\Windows\System\QjtiOrD.exe
  C:\Windows\System\QjtiOrD.exe
  2⤵
  PID:2992
- C:\Windows\System\PVvQmHO.exe
  C:\Windows\System\PVvQmHO.exe
  2⤵
  PID:9424
- C:\Windows\System\ZNIEPet.exe
  C:\Windows\System\ZNIEPet.exe
  2⤵
  PID:8936
- C:\Windows\System\HXPrWfJ.exe
  C:\Windows\System\HXPrWfJ.exe
  2⤵
  PID:9924
- C:\Windows\System\hoQruul.exe
  C:\Windows\System\hoQruul.exe
  2⤵
  PID:10036
- C:\Windows\System\pUwCYrb.exe
  C:\Windows\System\pUwCYrb.exe
  2⤵
  PID:9612
- C:\Windows\System\TLEEWGq.exe
  C:\Windows\System\TLEEWGq.exe
  2⤵
  PID:9756
- C:\Windows\System\EGCSniu.exe
  C:\Windows\System\EGCSniu.exe
  2⤵
  PID:9616
- C:\Windows\System\MomkkXa.exe
  C:\Windows\System\MomkkXa.exe
  2⤵
  PID:9464
- C:\Windows\System\OuxGULH.exe
  C:\Windows\System\OuxGULH.exe
  2⤵
  PID:10204
- C:\Windows\System\ljslPwx.exe
  C:\Windows\System\ljslPwx.exe
  2⤵
  PID:9316
- C:\Windows\System\DKiDUYU.exe
  C:\Windows\System\DKiDUYU.exe
  2⤵
  PID:9860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AKwHfbn.exe

Filesize
6.0MB

MD5
c7ddc8780263428cdb499957d15ba7b0

SHA1
117ec6c147e83aa06c91dd855eff94ac817f764d

SHA256
11cf9e8f57550a818774c370ef1f9deb92c4260b4c927daaef212b1d3bd01a84

SHA512
a005059fdb3a5298244d63e8c84eb1434b28a106f13d86cb983fa8136df735bf429ebb2445dfbe99a02edb56b6e7002d4a4c2ef40e02eaa81ed78077f5532f3a

Download Submit
C:\Windows\system\DZzMVXO.exe

Filesize
6.0MB

MD5
0c076df4434ee70019ef15a55de902ee

SHA1
1c80003c90f2eabbe17111ae178ae1b12766b6be

SHA256
2928636f0069a8c27dded38a33a01d31fc6bb2f1932f6ed017ad93bbb71c7196

SHA512
884e2eaa21851d25b0f5c7e98c04b2136c6c63df92365346cfb82e9258be46539571c3dbcd9f38c8b1cab3faaeb572c7b9f4745ea9ba726b411044ab2ec2d893

Download Submit
C:\Windows\system\GxRIXVr.exe

Filesize
6.0MB

MD5
3ea0b78125c9664a1dd8a6079348cb50

SHA1
ecab0c4015801a8b3a6408fde17434ed8049d41d

SHA256
4a150d3c744fcc5fa64ef027da94e798d0e39618f138b4c47964d726a079eb60

SHA512
e221589294f630302a3660601f960216dc0872e13178285de70b2ae8e632219739687ff0e64e044bd276f7d0cba8f82465002a258deae56436e44c4be50f6dcf

Download Submit
C:\Windows\system\HuPnDXF.exe

Filesize
6.0MB

MD5
e568be4ebf0cbd82ef05f03797c2f63c

SHA1
dc0974a73e221684d31ad908e669f7eaebfb5f74

SHA256
aee3a22726ccaa19c0809361214d6007f16ad3e640ee79c884c7d0dc8fc33cd8

SHA512
bef0aeca00a4cc032192d44cc22e22eb54c9c5a27318634e0c34d4535a051ef6dea15b8faa75b9e47ce881d9585b4b28b1c092ea7b21329c1d16c028c909e4e9

Download Submit
C:\Windows\system\IPnULEH.exe

Filesize
6.0MB

MD5
5b4b9b43dec73a7be248195dbaf35c0f

SHA1
06c5ed51f4f68dea76cab0992cb682c8af3459e5

SHA256
a361a49fe64a1953f5b4f0e99d78928d70c1be1e100e0fb5513ee4f189639a66

SHA512
1c1a6c8ccc895635a282d81db9dd0f375a71d9bb0bab533aa13b6786d2009c7a22aa01b2af059484e827e98792687525511c3c98fe989ef6510cfa69b6d72ca1

Download Submit
C:\Windows\system\RHYTFlN.exe

Filesize
6.0MB

MD5
fb10c661ffa9b09c71d14ae514bfb7c2

SHA1
b379b5c8b2945446d139e17a8af68fb7beda36aa

SHA256
c29ca6d51b31ab12ba66d5dee51ec367207d60f8896c1ae2c290dd341082b94d

SHA512
8c1fd2a9176178432528b41b3eb8d75d6373c47657215d85d8852ebac3408c88c2d2f2b49e46986f5261632b30fa1fba42b0fb7c5a58ce4ee9b1df5f85e2cccf

Download Submit
C:\Windows\system\SmhJjYR.exe

Filesize
6.0MB

MD5
b28c8ff18e0ee507c5b809f2f80e30c9

SHA1
9a85671e99b4396ac3a8d54712957a49bc401f8f

SHA256
1c3a2e4d372844c45c44d419e82e1d111b47217e0427440fbd11fcf506765f08

SHA512
133f62b46ccdfd7d7ff20c0dc7fbd31ed84c6308f75350cdb7b12688c4b345cf87c0cd381574b4d9733ecc5945c9096c5b02e79f4faedf67df640cdab4e0d9d7

Download Submit
C:\Windows\system\WPKCcAs.exe

Filesize
6.0MB

MD5
686c32ac5f426f0dabe5016931755fde

SHA1
9cc89d028a32d7dfe36ec0e0029f492625e68556

SHA256
94573ac8563bb78868860210d96bdad3642c684cf41bc21293c4ab43e59ae5b3

SHA512
9742c208c870baac43dafe1256f445d47fa744cb44b426e0fcbbc9a11d686d4a523f04ab961b33c0940ce136a7bf4c31f2367eb02ac3a894525552352846e9ae

Download Submit
C:\Windows\system\ZNrtlcy.exe

Filesize
6.0MB

MD5
0310dd5d18d21c61b29f970f71dd253b

SHA1
4e2795bf675c7512c5b44ee19c90b97eb33e586c

SHA256
bad36d21d91e08e57baa132e1d00fb231366305ad62dd44878facc4caf0229a6

SHA512
250ba8c236ed4d03eaa10df268ba82cd7ae09204979d9e17b80d02fb17740ec2863e46bf24e4719a0bba2cecefa75bee4feb5764de960a5e50908391f782f353

Download Submit
C:\Windows\system\cGgJnRO.exe

Filesize
6.0MB

MD5
8f44eca6e74ceb8fe3d4ee9243f4d883

SHA1
4209276ef06540b727a8d2042a17cd25450568f2

SHA256
7132ab5205f53482209b8058d4364cb33a636dc4b1f8ab337d18bc0d4608461c

SHA512
d96767553baab5b39764423097d90b67f3050a27d654b6222655c8be534b5c5de07f86a948cb195a6c9fd3f930bfb800a0fdc0729119a8a12b588901e5818b3d

Download Submit
C:\Windows\system\cweWBMB.exe

Filesize
6.0MB

MD5
63df541c53a27bf1b9da743180d09473

SHA1
48260f341cee94e463d75c97a8125d60c65e9025

SHA256
005d871ae7f8177b1ce27b38c64053f9bdb190e289472e7656185afae6e594c0

SHA512
5b2f48a01f2e9ad3a8ee93b1fa069ada6a8a8b0474924908f5537840131a4d4efb860654d4eaee50aee37ff93e2bcef366f23e9f61168d9b7b3d4d769eb2a3de

Download Submit
C:\Windows\system\hHUoJrg.exe

Filesize
6.0MB

MD5
ae3fc222dfd1eb52220b51de9ebb44e8

SHA1
1bdd49f200008faddbf9f1bff9b1a8d63bebfea7

SHA256
de22bdf10da5be40c1adfeb4111a3f2cb333bbe054e95f84e7e1c2d5913667a7

SHA512
8555f68a9b4f1d6daaf0cb267f4f749f7c4b893cc332ec2b0197f886c0bb6fc61a7ce7155b4353432f159684be33dadbad2d4b024f031ca4b99499b122f8cb3f

Download Submit
C:\Windows\system\hyJjFYh.exe

Filesize
6.0MB

MD5
b157c1787512d6f887966fa59c24f7ba

SHA1
55c764069defcfb7d807bb99c287b6215557240a

SHA256
4dcef9d76ddea02d6109b49b5a27d116816a37f67c96fa771543435208027ad9

SHA512
4d59e14fb4a72e1dc8a6182698c917ecfb3239f5403d6217626825e25051abd08dc606d29d536fa24e8fb7cd9a14a6ff5bc9e3cad37b60e3f3a837dff40e67a8

Download Submit
C:\Windows\system\kYeJTeN.exe

Filesize
6.0MB

MD5
4d6b00934f619fb50e0cd1e2279b20b1

SHA1
8b6913177305230a06daac02b56e443f16fdb2be

SHA256
c2085ce2e303e9d0eed1d4541327a5c25cb598fb14065d0c9bd44eb5b91a1945

SHA512
9e7146213e4cf3f97611f5f83d9b62b33bd151fe00db02759d42b16403ea278738f1c26e8080056e7743fd2f3812ce1255125adb6b310bfb6c0ab66702a49dca

Download Submit
C:\Windows\system\pEaLGze.exe

Filesize
6.0MB

MD5
462a63e4cc7bb928e4fc7cadf1472588

SHA1
0820a07b6acd24c9943a16707046efe2e2db98b0

SHA256
155358349e4ffb2a656b5a2d8dfd5df1f650edf0543ac2fa810b8b74604d76e2

SHA512
be8e4e47d4e7dc1975dadbe9204ee27fa8ed069271e7d9b2a09078b9650cd01db7f711082f93579e9c772ca416cc5022f065fcf44670959b441b654f6ea83e8f

Download Submit
C:\Windows\system\potqNcI.exe

Filesize
6.0MB

MD5
e78725540ea4678690e3a0a3f8aeaf15

SHA1
f279393cf3221d73bbcd934abd2202d46a58a5bc

SHA256
430282c8e9b033794c62af5715ccbf387c52dd0263b466a3da757183d6bd413d

SHA512
60fd8db1d3ab0205b49e239c424b52d1ab53b5cb504132ba4bef67a81ffc840e2f71fba8b3d11aa4294a34acb1e0f512f0d6cc14701de9f5f6c53b0ef95b6206

Download Submit
C:\Windows\system\qDdqKxw.exe

Filesize
6.0MB

MD5
298834494ba8026f1c57cea4bc158577

SHA1
8b8d4f2909a4893759bcc26c36c406cab425a4c3

SHA256
3ee55afd410cbcd551c89c145f3ef110d715427c4ee7ed60ffd530b08a36c278

SHA512
3e386b6fca314be1f44918ddd54ed1df5632a6feda88af3f5ce9ee22d5c0f66455188e3277b096cdf332858aad8d3ab540bbd09b4877e1b597972a6089343134

Download Submit
C:\Windows\system\qJMDUQf.exe

Filesize
6.0MB

MD5
53ec683f711c18fa2763abf040bb380b

SHA1
568f535dcca20706f2c09af7129bdb20b35883c6

SHA256
c2a99dc33e49869525b88defbc1a394d2d801076fa805ce78ec265274190b16c

SHA512
0eaeca5d005ae4c3b5307c46ae454ebaaa9fbbad6a47265b3d220b04573a551aac593d8df2a6f0c0cfd23a35b159c277d55a6932fac065b53524351023573c68

Download Submit
C:\Windows\system\qkvoedK.exe

Filesize
6.0MB

MD5
b994886eb171cc608fed7b62f07872cf

SHA1
259aa3d3b95495d73fcc28f631799c4ab880062f

SHA256
6b2d645155f56c8b479263201f51f8567f24bc09e14118b018d17c08fe80c8d3

SHA512
07f1a7c979a997ae9a565c6b64db8e2706a28b0e5778b67af9a0ebe0cd7467e53c5b4df2b1384b5cb660c64738225898f155ebdebd76e3abc5fd18932da6a1f5

Download Submit
C:\Windows\system\rFlBPeR.exe

Filesize
6.0MB

MD5
3a11efcd4746fcade2015052329dd7c9

SHA1
938766b17f93c6860fc0b1884f21ea6a40539260

SHA256
a0f35f8e794da6d8f05495bcf6914564317afe2a8c1bc8251a350e8817e20f5e

SHA512
331e7faa4c8547f2e9d71072ea02dbeff13aeb0b36beb93d5f7d7c35d5d439fce3c20c5c897fe39f02a9753a9e0aaa88ed426508fead295afcedf3570e79827b

Download Submit
\Windows\system\AQQNqMV.exe

Filesize
6.0MB

MD5
616345f03c40730892ea61b2ecd14d26

SHA1
88467c4eb3938625303243bff3b05463a0a71df7

SHA256
e7b632ff947acbd2c4596131dde792f62ef7cc83b2b61d6caae5f34f411ac681

SHA512
797f3e9aed37dd49ab4b665195608bebd7bc5d4a8d5818beda4585bf820246be09f7a36e9212b77e46efd7b3cf69b3a1d17ceda84bf9aeb96ad2f776c3ebcf2d

Download Submit
\Windows\system\ApvDoNV.exe

Filesize
6.0MB

MD5
af3d21a5ca8c7cb162f5fb496e900cb1

SHA1
e52518ae7e11f9a6cff36251641c346b859d1145

SHA256
93da9011e76f2d7629990fbe8da09ad9357d50e263b951dc553b493049cb20cd

SHA512
6c91372142b09646c44d11ac32b8486da742b5d8934b50ae51553de1285ff9534336f73c1ffe201068be90f16c5566942f94709eef374c76fd9d2d36a1ef12b8

Download Submit
\Windows\system\FhBdVNl.exe

Filesize
6.0MB

MD5
9295d8651ed609a4f6a4a9868d8b6de7

SHA1
e0a3d4516639642de99fd11276bbe361454ef8e8

SHA256
2c4fcb8e6474668b540e484e11b6d2b0c56f611bdedd939320809485c04340b3

SHA512
ce2ed65862e188d0c1ecee28405d3ce2755dd6d669448bd5f0f5f24583dd01acf825220ee31a07a15dd10f0368c6f42eda68ac8d8ffd911cd3c4d70dc332d062

Download Submit
\Windows\system\GmUqWsk.exe

Filesize
6.0MB

MD5
cc2610e45af1be6dcc79d2e2d92c57a2

SHA1
a19ffe91fb4596ff816e92f3b6463def46160136

SHA256
87e77b4845f2fb19b952bc8689cf9ef87d0feb3bc4c5ad4ae7bf6ffce113c3ef

SHA512
d6cf2773672334485ede8d4dd9670776591288884f2db4859f2568a86eb3d8cced814dedb850ccbf7fca79664eca1e1112ce4f5d0aab92fcf0769292500ffbbc

Download Submit
\Windows\system\KYJrodl.exe

Filesize
6.0MB

MD5
0a53f6b2c23f983a73f1c4492cdba2ae

SHA1
07e6bb45dee58c1cf039062c0cee8eec854f98cb

SHA256
2ceb4cef07f8361abb7a24d5181424e2eb1cb816d703fce8bbab086bdf797d5b

SHA512
2f67b01dba74eee24f55155c6ca3f7e6b030e3a7d57d403138581fce8b1ec40d9f2ab1b97bae213e8f00142a4fdf2bc2dbc27b3bd74ab9360adc64104a2686be

Download Submit
\Windows\system\KnVNarB.exe

Filesize
6.0MB

MD5
11facdddb23949855689b6626b87ec6e

SHA1
2f8a0d6b9ed51112f4c86b4780d3412750ceba7a

SHA256
c3018b166478b6aeaac0fcd44a3e0640462cc37ef906e7c496139ee455f49a8d

SHA512
1b906e5b3ef5904651a17ab721d4ad1f2bb02598c9a2d34e39fd6efe1605e5892cc0f20ecc20f9f2239cd8a9a33f645dfd570c9ee17ae865455e211e545d8cca

Download Submit
\Windows\system\RqdOKEu.exe

Filesize
6.0MB

MD5
eb99a505b79b1877b5f351876b7fcac8

SHA1
4b637801d417333d3f25338579a61ef04851dd0e

SHA256
495df1e44e94f24ddd8710fae453352152191e846e6105e0f2844221bf6f8a43

SHA512
64f6fbdac23a007b84875d7c095776ba0c37c99242380b2c781d21d14e9f286924b0d3efd089030891e3436d899e8d7d774b8ac9bade5872236b8a463c76989a

Download Submit
\Windows\system\VToqAzY.exe

Filesize
6.0MB

MD5
0d75e03f1fc7e7dac276fb75fdb1e772

SHA1
09d71ea0fa0b3b041d0fdf98f75235e8a0b84278

SHA256
2c6c624df7f0c9bcf6e5a6065a73a6bc4b565644ea6b551557ae04fac5abca18

SHA512
19f7cdf0fd573048ac6befcb91101866e72e4c27830e6d16f6d091d981e573477c4be227d456417a539c3e042b2cac1c46c12b080a056f595df8d509482dbb5c

Download Submit
\Windows\system\VlUBwLV.exe

Filesize
6.0MB

MD5
6cf7fae64780bcc7f07520fe97158c39

SHA1
8e1c1f7ac1f225d937c788e05d78e72d95f87e30

SHA256
b00a4177dc3f3916d7007c2852a8b40cc2af4ddbcf897668528b5018a750f8bf

SHA512
fc47d26e094bd2a0cf7cbc5fc8dcdc87b9c0ca22b612b0329f05f1e9e3266e2d16716e403ac6a9ad1775ba6df91b9279195ab602418e93b8e99d370ca6806901

Download Submit
\Windows\system\WgXTjrn.exe

Filesize
6.0MB

MD5
453ef0ce53c646eac5c10a2f4e760fc1

SHA1
be9199c2a5df3b18143f59f26f558528942b5481

SHA256
288dca21140bebaecffe136085967e07222ecff7c54f159398d12fbdc5d0410c

SHA512
b1c9cc046d3864af7cbf598ca106b6dd0f46c524264104170bacaa42d11f2f0e783ed4968a917612503f6058e2552f672200032dd88b2c435c421ec98f9baf81

Download Submit
\Windows\system\YQMHtKY.exe

Filesize
6.0MB

MD5
a598b8655bd9e96a82362c3c40556ce3

SHA1
fa7cdd54c90361a9e7fd7a57392ca7ed4a62955b

SHA256
4ff49ae5292bb1ed4a011486195da3e6a518a64326b1519bbfa71ac1a9638afa

SHA512
5c0e303a995a500af1063ac203136fa82062b1ac72b62a7020ed8546010d7a83b0c4e2114eb3ca379c763e3655208606130b779f5e0cbcd5bf24dfe5c05131fb

Download Submit
\Windows\system\dFaYUUt.exe

Filesize
6.0MB

MD5
f187442ad2eeecd28cdce7490f515c42

SHA1
e00e70e18be31c85b64a77334fe53f463f22d454

SHA256
f07b48a4361b991e8e78d1785b05b3bb30147dad3647077b4501eca1338ad8ea

SHA512
621f39b3e7b783e99fbc3a7e9591eedc3cd132365429a2da03a5706de6d9a1a5b0c6d1906dcc910d86d1cf04e558daa2f227e863d67145d457538b419b7f9101

Download Submit
\Windows\system\fCRLDKx.exe

Filesize
6.0MB

MD5
97b1865c48c0b666c6dab5173590a1cc

SHA1
0400c33396d0f792a94669800e95d2ddaa127b35

SHA256
f97f3872b78577c68caec253ed6fa9cdb542452173c318643ea30cc3b1f4343c

SHA512
b40a33628db39167b55a29bdc1ce1aff3414af4444887744919230cedc8779389f6976653b53b25f52b45558c0b9e9897d35d741e01a2eaeee5ce7e5e883e6af

Download Submit
\Windows\system\mOcvzCI.exe

Filesize
6.0MB

MD5
67d7630e20682b44f4f00edd4e9a3e91

SHA1
60fca2465168da90e786c75bfcf3883df07584a4

SHA256
ff3e2a659a83ab69deee9acc91b5659c22194373bf3ef98d39789e1db28ab97f

SHA512
74d6b4d13bac45a91df9cf6e58eee5050018142565c25d45cf4f28a5a33449918d23ca46516b4a04cad28ae4f110628810c96b160cf184ba8f4e845eecc49d64

Download Submit
\Windows\system\ocYQYnb.exe

Filesize
6.0MB

MD5
a77824f4c66ac2bd5c79ea41c47fec88

SHA1
d0ce9495164d2498bc4f182f2775237d8075fe7b

SHA256
f38d046563a8ac8c1cef6ab5573cc5fcd9d5c15dddaa60d1f75a8034a37dfecc

SHA512
05dc73810314c308a2ab39572b09c9e498d12712c0436ec7b65ec422ab7d9756d7207636ba28fb0a338a7c62447643c4ea2630d15c5f22a98ead1f7b71d08f41

Download Submit
\Windows\system\vihlyQp.exe

Filesize
6.0MB

MD5
b36d1833cad2ac2f23223df86657e504

SHA1
acf6bee4468083a8e4390cfcddb43bbbc886010f

SHA256
52b1cd9dfcade3799c1e998a1f05f050e3d4c214bcbdaa6b0a07d498c37f2c10

SHA512
e0d2b18aa39089d55c11a0bd9431536e195ba16437465f36ed0dcb79e8f63f6e2fb7a8039d5239debeba8eabbd1747d94190fb1432571f55b80de90bc56dfe54

Download Submit
\Windows\system\vjEdGZu.exe

Filesize
6.0MB

MD5
217d436f827d2c125a992da3fa4ea3bf

SHA1
cbfd8d9301b5dd0174184d65e991f4a463e1e018

SHA256
1cc4b06d7ca7bf687e3fe7e02dc125f813a9d187fd260ef6e7a663ee80036615

SHA512
7bffd56102249ec82f896b03570229804f9695ca93316732e07929943d606450f9548562f9aabc5f7c413c7c72ebf5275ac6202a0c24d0a600284b7b7ad40d33

Download Submit
\Windows\system\wuCEyca.exe

Filesize
6.0MB

MD5
3ef40b5742faed3296ad33840a77dfb2

SHA1
8cbf7687846e50d0130d79b6aaebba29a4ed16f6

SHA256
8ad960302d51aea8aaac30b33830e551a04a4fee1927461257e9344a58546b74

SHA512
9bdf82c6490754e8db04c6d41e71ce73878278ceb1c65ab91aea7eeb50041a5783625562b41394bca8eb7f74fbd729c1cd2496b0926b9c673e3780e4a0e2e22b

Download Submit
\Windows\system\xvoXaUQ.exe

Filesize
6.0MB

MD5
74415f61ce5951c020702147d0651eb5

SHA1
5d60420e06c7b7e08c4e1c81edd0b9712b057036

SHA256
3c897b0d3bb77b546404e20e8b827398503ee83b10b1c22634f71a661e733af3

SHA512
b407984b51fc50d43d7ebe166b75cebb048d0a27a48bb89438224ebf8fa72a334869cd7fb3ee52e6541bf153b0ed05be6d6e8f46d3ea83231b4b3f59d7152630

Download Submit
memory/804-89-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-103-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/804-456-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/804-667-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-808-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-1196-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-77-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-67-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/804-72-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-1393-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-0-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/804-55-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/804-17-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-58-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/804-42-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-30-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/804-34-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-126-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/804-112-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/804-81-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/1228-99-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1228-1567-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1228-4033-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1336-4034-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1336-98-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/1336-1394-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2160-52-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2160-4025-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2296-36-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-4027-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-37-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-4024-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-4029-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2460-53-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4026-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-47-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-4032-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-74-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-57-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4028-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4030-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2880-66-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2928-73-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2928-4035-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2952-4031-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2952-70-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download