cobaltstrike | d7b529caf6366253ebd14ea9917b02292bcbe07dbc9218cdc27983062e19c6f3

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

602351f1f9c4a8caf621d935e3be568b
SHA1

aa92b3612b8bc04e5575ef171925b1ff10a0e2cd
SHA256

d7b529caf6366253ebd14ea9917b02292bcbe07dbc9218cdc27983062e19c6f3
SHA512

310fdf58b0379aa5a0006a3c9310ec5415699d381c190a3a7a4669ccfd2ab9b565cc29fdb8bd4079a19c63bdc037f0455e6e310d9cc050ab8648d81b970bf112
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUY:T+q56utgpPF8u/7Y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012115-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193c4-7.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019403-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019401-23.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193d9-15.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001942f-37.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998a-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d2d-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08b-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a443-168.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a441-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43f-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a354-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a43d-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a311-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b3-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a078-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fc9-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019faf-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc1-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019db5-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d54-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c63-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c4a-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c48-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c43-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196f6-84.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196be-79.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001967d-69.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001947e-55.dat	cobalt_reflective_dll
behavioral1/files/0x0032000000019382-62.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019441-46.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2132-0-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x0007000000012115-3.dat	xmrig
behavioral1/files/0x00070000000193c4-7.dat	xmrig
behavioral1/memory/2796-21-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019403-32.dat	xmrig
behavioral1/files/0x0006000000019401-23.dat	xmrig
behavioral1/memory/2540-20-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2684-18-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x00070000000193d9-15.dat	xmrig
behavioral1/memory/2728-28-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x000600000001942f-37.dat	xmrig
behavioral1/memory/2432-49-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2684-57-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2144-76-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x000500000001998a-89.dat	xmrig
behavioral1/files/0x0005000000019d2d-112.dat	xmrig
behavioral1/files/0x000500000001a08b-140.dat	xmrig
behavioral1/memory/1652-1225-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a443-168.dat	xmrig
behavioral1/files/0x000500000001a441-165.dat	xmrig
behavioral1/files/0x000500000001a43f-160.dat	xmrig
behavioral1/files/0x000500000001a354-153.dat	xmrig
behavioral1/files/0x000500000001a43d-157.dat	xmrig
behavioral1/files/0x000500000001a311-148.dat	xmrig
behavioral1/files/0x000500000001a0b3-144.dat	xmrig
behavioral1/files/0x000500000001a078-136.dat	xmrig
behavioral1/files/0x0005000000019fc9-132.dat	xmrig
behavioral1/files/0x0005000000019faf-128.dat	xmrig
behavioral1/files/0x0005000000019dc1-124.dat	xmrig
behavioral1/files/0x0005000000019db5-120.dat	xmrig
behavioral1/files/0x0005000000019d54-116.dat	xmrig
behavioral1/files/0x0005000000019c63-108.dat	xmrig
behavioral1/files/0x0005000000019c4a-104.dat	xmrig
behavioral1/files/0x0005000000019c48-101.dat	xmrig
behavioral1/memory/1652-97-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c43-96.dat	xmrig
behavioral1/memory/2100-94-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2356-86-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2528-85-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x00050000000196f6-84.dat	xmrig
behavioral1/memory/1704-83-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x00050000000196be-79.dat	xmrig
behavioral1/files/0x000600000001967d-69.dat	xmrig
behavioral1/memory/2096-66-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2728-64-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/540-58-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x000800000001947e-55.dat	xmrig
behavioral1/files/0x0032000000019382-62.dat	xmrig
behavioral1/memory/2132-50-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x0008000000019441-46.dat	xmrig
behavioral1/memory/2528-42-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/2700-36-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2540-3165-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2796-3159-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2096-3157-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2700-3164-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2432-3153-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2684-3185-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2728-3182-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2144-3211-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/memory/2528-3179-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/memory/540-3174-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/1704-3766-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/2100-3762-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2796	CgeWmYX.exe
2684	JFZOrFp.exe
2540	PksxWVq.exe
2728	fdovPtI.exe
2700	EzpWktM.exe
2528	wDbRWFh.exe
2432	CCQJkJh.exe
540	sLMgCrd.exe
2096	thbTQEY.exe
2144	VfeNcPg.exe
1704	takFcIZ.exe
2356	XnkXoQs.exe
2100	cGnAHfu.exe
1652	NGzGDeh.exe
1940	VESPZbI.exe
1720	cozvzIa.exe
572	vzOhTOr.exe
2448	TfwTYoV.exe
1116	QTHqUIT.exe
836	oBPkwiO.exe
2164	kTLOiwT.exe
2864	RUFcCoM.exe
1500	bzRjrqK.exe
2440	bhLTfGy.exe
2980	OSEYEkX.exe
3024	sSjyhkC.exe
2064	pSqScDv.exe
2192	CPPIATp.exe
2396	UlDgCTp.exe
1136	iJcDBax.exe
2404	dyrUgJs.exe
772	xzyCvaM.exe
1860	LraNmWF.exe
2288	RdauUDY.exe
2300	FSPAIPf.exe
1740	mIPkiCK.exe
992	opuUZwx.exe
2856	JFCmqDN.exe
2072	VXqWoCO.exe
3052	ROhBAqW.exe
1552	uqqhfDo.exe
1228	gjUTbqx.exe
1360	rTUsMWX.exe
2500	goksTPz.exe
1028	HqPULjT.exe
1592	yqpJKAR.exe
840	pEPldch.exe
2484	yAPsojz.exe
1840	uxrirEm.exe
1848	biyMHft.exe
2412	XhfvxZC.exe
2236	QlLUPeI.exe
2076	vMTdkGH.exe
2892	vtATBtp.exe
1404	CyKHpwD.exe
2108	IcdxcFH.exe
2840	lMjbjtw.exe
1168	nFPocKD.exe
316	waMEyJA.exe
1744	OZgSvQl.exe
2148	ffoqMoz.exe
2952	MUZSPkg.exe
2916	ihtoEeC.exe
1568	gSAcAOH.exe

Loads dropped DLL 64 IoCs

pid	Process
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2132-0-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x0007000000012115-3.dat	upx
behavioral1/files/0x00070000000193c4-7.dat	upx
behavioral1/memory/2796-21-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/files/0x0006000000019403-32.dat	upx
behavioral1/files/0x0006000000019401-23.dat	upx
behavioral1/memory/2540-20-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2684-18-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x00070000000193d9-15.dat	upx
behavioral1/memory/2728-28-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x000600000001942f-37.dat	upx
behavioral1/memory/2432-49-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2684-57-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2144-76-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x000500000001998a-89.dat	upx
behavioral1/files/0x0005000000019d2d-112.dat	upx
behavioral1/files/0x000500000001a08b-140.dat	upx
behavioral1/memory/1652-1225-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x000500000001a443-168.dat	upx
behavioral1/files/0x000500000001a441-165.dat	upx
behavioral1/files/0x000500000001a43f-160.dat	upx
behavioral1/files/0x000500000001a354-153.dat	upx
behavioral1/files/0x000500000001a43d-157.dat	upx
behavioral1/files/0x000500000001a311-148.dat	upx
behavioral1/files/0x000500000001a0b3-144.dat	upx
behavioral1/files/0x000500000001a078-136.dat	upx
behavioral1/files/0x0005000000019fc9-132.dat	upx
behavioral1/files/0x0005000000019faf-128.dat	upx
behavioral1/files/0x0005000000019dc1-124.dat	upx
behavioral1/files/0x0005000000019db5-120.dat	upx
behavioral1/files/0x0005000000019d54-116.dat	upx
behavioral1/files/0x0005000000019c63-108.dat	upx
behavioral1/files/0x0005000000019c4a-104.dat	upx
behavioral1/files/0x0005000000019c48-101.dat	upx
behavioral1/memory/1652-97-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0005000000019c43-96.dat	upx
behavioral1/memory/2100-94-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2356-86-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2528-85-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x00050000000196f6-84.dat	upx
behavioral1/memory/1704-83-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x00050000000196be-79.dat	upx
behavioral1/files/0x000600000001967d-69.dat	upx
behavioral1/memory/2096-66-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2728-64-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/540-58-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x000800000001947e-55.dat	upx
behavioral1/files/0x0032000000019382-62.dat	upx
behavioral1/memory/2132-50-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x0008000000019441-46.dat	upx
behavioral1/memory/2528-42-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2700-36-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2540-3165-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2796-3159-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2096-3157-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2700-3164-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2432-3153-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2684-3185-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2728-3182-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2144-3211-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/memory/2528-3179-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/540-3174-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/1704-3766-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/2100-3762-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PuaYcvk.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgBEjAQ.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dAirgJi.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgGcEnW.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vSygZEI.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thbTQEY.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\apIoFJh.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gvWMnEb.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPyFnHc.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FyBeNmj.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VqplYeM.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ymnWTEt.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kIEIcLD.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlMjvnq.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blnSDrn.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\svNOvFH.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbKtXLT.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gkUQBgm.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYvdlUS.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUaUXZj.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PICIGbA.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ddxlwlr.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EphTafD.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MsxzhMD.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkaUpkn.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYECmba.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCqetvQ.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrmwSUl.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDOcnGw.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDgLOny.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHMFHwK.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INyBjfC.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpzZzwO.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLbwZtq.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YBmXSkI.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WabHSkB.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EQyxmke.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SdMPiyA.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDwhPfz.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdtVAqM.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DmBNsaV.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OaehUhX.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yAqslyh.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIFiNTs.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BBvotud.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUtJTjo.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xUEgXKO.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JdxOcAA.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfhDTqk.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fuvYnEi.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPicyOS.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xjQSArP.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCgGltG.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFcITgH.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\boWDGbZ.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxNkUmc.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgdDnYR.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgeWmYX.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XnkXoQs.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlLUPeI.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAJimEa.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPQqTty.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nebgDmr.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AtQPUWu.exe	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2796	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2132 wrote to memory of 2796	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2132 wrote to memory of 2796	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2132 wrote to memory of 2684	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2132 wrote to memory of 2684	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2132 wrote to memory of 2684	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2132 wrote to memory of 2540	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2132 wrote to memory of 2540	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2132 wrote to memory of 2540	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2132 wrote to memory of 2728	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2132 wrote to memory of 2728	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2132 wrote to memory of 2728	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2132 wrote to memory of 2700	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2132 wrote to memory of 2700	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2132 wrote to memory of 2700	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2132 wrote to memory of 2528	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2132 wrote to memory of 2528	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2132 wrote to memory of 2528	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2132 wrote to memory of 2432	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2132 wrote to memory of 2432	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2132 wrote to memory of 2432	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2132 wrote to memory of 540	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2132 wrote to memory of 540	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2132 wrote to memory of 540	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2132 wrote to memory of 2096	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2132 wrote to memory of 2096	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2132 wrote to memory of 2096	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2132 wrote to memory of 2144	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2132 wrote to memory of 2144	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2132 wrote to memory of 2144	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2132 wrote to memory of 1704	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2132 wrote to memory of 1704	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2132 wrote to memory of 1704	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2132 wrote to memory of 2356	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2132 wrote to memory of 2356	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2132 wrote to memory of 2356	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2132 wrote to memory of 2100	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2132 wrote to memory of 2100	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2132 wrote to memory of 2100	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2132 wrote to memory of 1652	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2132 wrote to memory of 1652	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2132 wrote to memory of 1652	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2132 wrote to memory of 1940	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2132 wrote to memory of 1940	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2132 wrote to memory of 1940	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2132 wrote to memory of 1720	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2132 wrote to memory of 1720	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2132 wrote to memory of 1720	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2132 wrote to memory of 572	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2132 wrote to memory of 572	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2132 wrote to memory of 572	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2132 wrote to memory of 2448	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2132 wrote to memory of 2448	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2132 wrote to memory of 2448	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2132 wrote to memory of 1116	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2132 wrote to memory of 1116	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2132 wrote to memory of 1116	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2132 wrote to memory of 836	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2132 wrote to memory of 836	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2132 wrote to memory of 836	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2132 wrote to memory of 2164	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2132 wrote to memory of 2164	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2132 wrote to memory of 2164	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2132 wrote to memory of 2864	2132	2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_602351f1f9c4a8caf621d935e3be568b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\System\CgeWmYX.exe
  C:\Windows\System\CgeWmYX.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\JFZOrFp.exe
  C:\Windows\System\JFZOrFp.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\PksxWVq.exe
  C:\Windows\System\PksxWVq.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\fdovPtI.exe
  C:\Windows\System\fdovPtI.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\EzpWktM.exe
  C:\Windows\System\EzpWktM.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\wDbRWFh.exe
  C:\Windows\System\wDbRWFh.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\CCQJkJh.exe
  C:\Windows\System\CCQJkJh.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\sLMgCrd.exe
  C:\Windows\System\sLMgCrd.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\thbTQEY.exe
  C:\Windows\System\thbTQEY.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\VfeNcPg.exe
  C:\Windows\System\VfeNcPg.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\takFcIZ.exe
  C:\Windows\System\takFcIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\XnkXoQs.exe
  C:\Windows\System\XnkXoQs.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\cGnAHfu.exe
  C:\Windows\System\cGnAHfu.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\NGzGDeh.exe
  C:\Windows\System\NGzGDeh.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\VESPZbI.exe
  C:\Windows\System\VESPZbI.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\cozvzIa.exe
  C:\Windows\System\cozvzIa.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\vzOhTOr.exe
  C:\Windows\System\vzOhTOr.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\TfwTYoV.exe
  C:\Windows\System\TfwTYoV.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\QTHqUIT.exe
  C:\Windows\System\QTHqUIT.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\oBPkwiO.exe
  C:\Windows\System\oBPkwiO.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\kTLOiwT.exe
  C:\Windows\System\kTLOiwT.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\RUFcCoM.exe
  C:\Windows\System\RUFcCoM.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\bzRjrqK.exe
  C:\Windows\System\bzRjrqK.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\bhLTfGy.exe
  C:\Windows\System\bhLTfGy.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\OSEYEkX.exe
  C:\Windows\System\OSEYEkX.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\sSjyhkC.exe
  C:\Windows\System\sSjyhkC.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\pSqScDv.exe
  C:\Windows\System\pSqScDv.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\CPPIATp.exe
  C:\Windows\System\CPPIATp.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\UlDgCTp.exe
  C:\Windows\System\UlDgCTp.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\iJcDBax.exe
  C:\Windows\System\iJcDBax.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\dyrUgJs.exe
  C:\Windows\System\dyrUgJs.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\xzyCvaM.exe
  C:\Windows\System\xzyCvaM.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\LraNmWF.exe
  C:\Windows\System\LraNmWF.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\RdauUDY.exe
  C:\Windows\System\RdauUDY.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\FSPAIPf.exe
  C:\Windows\System\FSPAIPf.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\opuUZwx.exe
  C:\Windows\System\opuUZwx.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\mIPkiCK.exe
  C:\Windows\System\mIPkiCK.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\JFCmqDN.exe
  C:\Windows\System\JFCmqDN.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\VXqWoCO.exe
  C:\Windows\System\VXqWoCO.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\ROhBAqW.exe
  C:\Windows\System\ROhBAqW.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\uqqhfDo.exe
  C:\Windows\System\uqqhfDo.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\rTUsMWX.exe
  C:\Windows\System\rTUsMWX.exe
  2⤵
  - Executes dropped EXE
  PID:1360
- C:\Windows\System\gjUTbqx.exe
  C:\Windows\System\gjUTbqx.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\goksTPz.exe
  C:\Windows\System\goksTPz.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\HqPULjT.exe
  C:\Windows\System\HqPULjT.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\yqpJKAR.exe
  C:\Windows\System\yqpJKAR.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\pEPldch.exe
  C:\Windows\System\pEPldch.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\yAPsojz.exe
  C:\Windows\System\yAPsojz.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\uxrirEm.exe
  C:\Windows\System\uxrirEm.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\biyMHft.exe
  C:\Windows\System\biyMHft.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\XhfvxZC.exe
  C:\Windows\System\XhfvxZC.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\QlLUPeI.exe
  C:\Windows\System\QlLUPeI.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\vMTdkGH.exe
  C:\Windows\System\vMTdkGH.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\vtATBtp.exe
  C:\Windows\System\vtATBtp.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\CyKHpwD.exe
  C:\Windows\System\CyKHpwD.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\IcdxcFH.exe
  C:\Windows\System\IcdxcFH.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\lMjbjtw.exe
  C:\Windows\System\lMjbjtw.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\nFPocKD.exe
  C:\Windows\System\nFPocKD.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\waMEyJA.exe
  C:\Windows\System\waMEyJA.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\OZgSvQl.exe
  C:\Windows\System\OZgSvQl.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\ffoqMoz.exe
  C:\Windows\System\ffoqMoz.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\MUZSPkg.exe
  C:\Windows\System\MUZSPkg.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\ihtoEeC.exe
  C:\Windows\System\ihtoEeC.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\gSAcAOH.exe
  C:\Windows\System\gSAcAOH.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\pUtBbJa.exe
  C:\Windows\System\pUtBbJa.exe
  2⤵
  PID:2808
- C:\Windows\System\yytCGID.exe
  C:\Windows\System\yytCGID.exe
  2⤵
  PID:2780
- C:\Windows\System\McEfMRW.exe
  C:\Windows\System\McEfMRW.exe
  2⤵
  PID:2848
- C:\Windows\System\VnnbYUZ.exe
  C:\Windows\System\VnnbYUZ.exe
  2⤵
  PID:2816
- C:\Windows\System\UpPqEpJ.exe
  C:\Windows\System\UpPqEpJ.exe
  2⤵
  PID:2708
- C:\Windows\System\iJniuZH.exe
  C:\Windows\System\iJniuZH.exe
  2⤵
  PID:2656
- C:\Windows\System\XotoTAV.exe
  C:\Windows\System\XotoTAV.exe
  2⤵
  PID:2732
- C:\Windows\System\xcedCFz.exe
  C:\Windows\System\xcedCFz.exe
  2⤵
  PID:2372
- C:\Windows\System\gCfmznQ.exe
  C:\Windows\System\gCfmznQ.exe
  2⤵
  PID:2820
- C:\Windows\System\bOWEfhS.exe
  C:\Windows\System\bOWEfhS.exe
  2⤵
  PID:2160
- C:\Windows\System\agidrvz.exe
  C:\Windows\System\agidrvz.exe
  2⤵
  PID:780
- C:\Windows\System\CCAOFtn.exe
  C:\Windows\System\CCAOFtn.exe
  2⤵
  PID:616
- C:\Windows\System\mZyIEuo.exe
  C:\Windows\System\mZyIEuo.exe
  2⤵
  PID:752
- C:\Windows\System\dVeJkEn.exe
  C:\Windows\System\dVeJkEn.exe
  2⤵
  PID:2036
- C:\Windows\System\YVJXAzz.exe
  C:\Windows\System\YVJXAzz.exe
  2⤵
  PID:1680
- C:\Windows\System\DhybnHc.exe
  C:\Windows\System\DhybnHc.exe
  2⤵
  PID:1700
- C:\Windows\System\DCwTPpd.exe
  C:\Windows\System\DCwTPpd.exe
  2⤵
  PID:2436
- C:\Windows\System\mpkMJzH.exe
  C:\Windows\System\mpkMJzH.exe
  2⤵
  PID:2248
- C:\Windows\System\SyUDqSZ.exe
  C:\Windows\System\SyUDqSZ.exe
  2⤵
  PID:408
- C:\Windows\System\SIntONT.exe
  C:\Windows\System\SIntONT.exe
  2⤵
  PID:1316
- C:\Windows\System\pNrGUcH.exe
  C:\Windows\System\pNrGUcH.exe
  2⤵
  PID:1320
- C:\Windows\System\UVvHQpy.exe
  C:\Windows\System\UVvHQpy.exe
  2⤵
  PID:2268
- C:\Windows\System\TVFiOcn.exe
  C:\Windows\System\TVFiOcn.exe
  2⤵
  PID:1528
- C:\Windows\System\yvdpebb.exe
  C:\Windows\System\yvdpebb.exe
  2⤵
  PID:2124
- C:\Windows\System\AvTvyWf.exe
  C:\Windows\System\AvTvyWf.exe
  2⤵
  PID:1512
- C:\Windows\System\OHgPMbx.exe
  C:\Windows\System\OHgPMbx.exe
  2⤵
  PID:1676
- C:\Windows\System\RqIAzTK.exe
  C:\Windows\System\RqIAzTK.exe
  2⤵
  PID:1032
- C:\Windows\System\EOTDkuo.exe
  C:\Windows\System\EOTDkuo.exe
  2⤵
  PID:948
- C:\Windows\System\llxSWKi.exe
  C:\Windows\System\llxSWKi.exe
  2⤵
  PID:1304
- C:\Windows\System\BbzjJak.exe
  C:\Windows\System\BbzjJak.exe
  2⤵
  PID:2088
- C:\Windows\System\tONDtri.exe
  C:\Windows\System\tONDtri.exe
  2⤵
  PID:560
- C:\Windows\System\UFrLNAI.exe
  C:\Windows\System\UFrLNAI.exe
  2⤵
  PID:352
- C:\Windows\System\wvdkFsx.exe
  C:\Windows\System\wvdkFsx.exe
  2⤵
  PID:1004
- C:\Windows\System\EPLXGIc.exe
  C:\Windows\System\EPLXGIc.exe
  2⤵
  PID:108
- C:\Windows\System\pbcPxJo.exe
  C:\Windows\System\pbcPxJo.exe
  2⤵
  PID:2904
- C:\Windows\System\TXdFdwi.exe
  C:\Windows\System\TXdFdwi.exe
  2⤵
  PID:1576
- C:\Windows\System\mlMjvnq.exe
  C:\Windows\System\mlMjvnq.exe
  2⤵
  PID:2760
- C:\Windows\System\gzizsvU.exe
  C:\Windows\System\gzizsvU.exe
  2⤵
  PID:2556
- C:\Windows\System\FzwDXdd.exe
  C:\Windows\System\FzwDXdd.exe
  2⤵
  PID:2588
- C:\Windows\System\EwArsVZ.exe
  C:\Windows\System\EwArsVZ.exe
  2⤵
  PID:2724
- C:\Windows\System\vhPueFD.exe
  C:\Windows\System\vhPueFD.exe
  2⤵
  PID:1636
- C:\Windows\System\eaHpUIC.exe
  C:\Windows\System\eaHpUIC.exe
  2⤵
  PID:988
- C:\Windows\System\tMBCPhb.exe
  C:\Windows\System\tMBCPhb.exe
  2⤵
  PID:1732
- C:\Windows\System\qVKNgjc.exe
  C:\Windows\System\qVKNgjc.exe
  2⤵
  PID:2080
- C:\Windows\System\TtaKfQj.exe
  C:\Windows\System\TtaKfQj.exe
  2⤵
  PID:2180
- C:\Windows\System\aeejjch.exe
  C:\Windows\System\aeejjch.exe
  2⤵
  PID:2632
- C:\Windows\System\FCGlexl.exe
  C:\Windows\System\FCGlexl.exe
  2⤵
  PID:1748
- C:\Windows\System\xMIYxCs.exe
  C:\Windows\System\xMIYxCs.exe
  2⤵
  PID:3048
- C:\Windows\System\UrwJFcd.exe
  C:\Windows\System\UrwJFcd.exe
  2⤵
  PID:2084
- C:\Windows\System\ktuXIYB.exe
  C:\Windows\System\ktuXIYB.exe
  2⤵
  PID:2320
- C:\Windows\System\rZxmrUR.exe
  C:\Windows\System\rZxmrUR.exe
  2⤵
  PID:1336
- C:\Windows\System\SsiuLCT.exe
  C:\Windows\System\SsiuLCT.exe
  2⤵
  PID:2280
- C:\Windows\System\UlWJjpL.exe
  C:\Windows\System\UlWJjpL.exe
  2⤵
  PID:2912
- C:\Windows\System\wujsaXf.exe
  C:\Windows\System\wujsaXf.exe
  2⤵
  PID:2784
- C:\Windows\System\VGoEINS.exe
  C:\Windows\System\VGoEINS.exe
  2⤵
  PID:2756
- C:\Windows\System\ZHMFHwK.exe
  C:\Windows\System\ZHMFHwK.exe
  2⤵
  PID:3084
- C:\Windows\System\mDYApqP.exe
  C:\Windows\System\mDYApqP.exe
  2⤵
  PID:3100
- C:\Windows\System\NNrVECu.exe
  C:\Windows\System\NNrVECu.exe
  2⤵
  PID:3116
- C:\Windows\System\YVwKONT.exe
  C:\Windows\System\YVwKONT.exe
  2⤵
  PID:3132
- C:\Windows\System\XqiMjSz.exe
  C:\Windows\System\XqiMjSz.exe
  2⤵
  PID:3148
- C:\Windows\System\xNLinRj.exe
  C:\Windows\System\xNLinRj.exe
  2⤵
  PID:3164
- C:\Windows\System\eYVEDLd.exe
  C:\Windows\System\eYVEDLd.exe
  2⤵
  PID:3180
- C:\Windows\System\ktvkzAF.exe
  C:\Windows\System\ktvkzAF.exe
  2⤵
  PID:3196
- C:\Windows\System\UDwhPfz.exe
  C:\Windows\System\UDwhPfz.exe
  2⤵
  PID:3212
- C:\Windows\System\LIgGBUz.exe
  C:\Windows\System\LIgGBUz.exe
  2⤵
  PID:3228
- C:\Windows\System\MQbtUvY.exe
  C:\Windows\System\MQbtUvY.exe
  2⤵
  PID:3244
- C:\Windows\System\jyZskIq.exe
  C:\Windows\System\jyZskIq.exe
  2⤵
  PID:3260
- C:\Windows\System\pKRwetr.exe
  C:\Windows\System\pKRwetr.exe
  2⤵
  PID:3276
- C:\Windows\System\QEKkbCJ.exe
  C:\Windows\System\QEKkbCJ.exe
  2⤵
  PID:3292
- C:\Windows\System\WbSjnvw.exe
  C:\Windows\System\WbSjnvw.exe
  2⤵
  PID:3308
- C:\Windows\System\OmJTvOz.exe
  C:\Windows\System\OmJTvOz.exe
  2⤵
  PID:3324
- C:\Windows\System\LvywGKg.exe
  C:\Windows\System\LvywGKg.exe
  2⤵
  PID:3340
- C:\Windows\System\VvKmDBt.exe
  C:\Windows\System\VvKmDBt.exe
  2⤵
  PID:3356
- C:\Windows\System\fDEVFEU.exe
  C:\Windows\System\fDEVFEU.exe
  2⤵
  PID:3372
- C:\Windows\System\IEhAhpN.exe
  C:\Windows\System\IEhAhpN.exe
  2⤵
  PID:3388
- C:\Windows\System\LhsaHkH.exe
  C:\Windows\System\LhsaHkH.exe
  2⤵
  PID:3404
- C:\Windows\System\ViOMzNu.exe
  C:\Windows\System\ViOMzNu.exe
  2⤵
  PID:3420
- C:\Windows\System\kbJpFnv.exe
  C:\Windows\System\kbJpFnv.exe
  2⤵
  PID:3436
- C:\Windows\System\lqfMLpT.exe
  C:\Windows\System\lqfMLpT.exe
  2⤵
  PID:3452
- C:\Windows\System\hkSnqJh.exe
  C:\Windows\System\hkSnqJh.exe
  2⤵
  PID:3468
- C:\Windows\System\XBRTDmR.exe
  C:\Windows\System\XBRTDmR.exe
  2⤵
  PID:3484
- C:\Windows\System\yVZMaeQ.exe
  C:\Windows\System\yVZMaeQ.exe
  2⤵
  PID:3500
- C:\Windows\System\gvWMnEb.exe
  C:\Windows\System\gvWMnEb.exe
  2⤵
  PID:3516
- C:\Windows\System\qcinsZv.exe
  C:\Windows\System\qcinsZv.exe
  2⤵
  PID:3532
- C:\Windows\System\iKgdgPq.exe
  C:\Windows\System\iKgdgPq.exe
  2⤵
  PID:3548
- C:\Windows\System\XeCwHkV.exe
  C:\Windows\System\XeCwHkV.exe
  2⤵
  PID:3564
- C:\Windows\System\VfeOcYd.exe
  C:\Windows\System\VfeOcYd.exe
  2⤵
  PID:3580
- C:\Windows\System\togCUsQ.exe
  C:\Windows\System\togCUsQ.exe
  2⤵
  PID:3596
- C:\Windows\System\PtebRGA.exe
  C:\Windows\System\PtebRGA.exe
  2⤵
  PID:3612
- C:\Windows\System\NDnLBiI.exe
  C:\Windows\System\NDnLBiI.exe
  2⤵
  PID:3628
- C:\Windows\System\StIqofU.exe
  C:\Windows\System\StIqofU.exe
  2⤵
  PID:3644
- C:\Windows\System\oODfcEh.exe
  C:\Windows\System\oODfcEh.exe
  2⤵
  PID:3660
- C:\Windows\System\JfBYwRA.exe
  C:\Windows\System\JfBYwRA.exe
  2⤵
  PID:3676
- C:\Windows\System\DSxzWro.exe
  C:\Windows\System\DSxzWro.exe
  2⤵
  PID:3692
- C:\Windows\System\rmvjumG.exe
  C:\Windows\System\rmvjumG.exe
  2⤵
  PID:3708
- C:\Windows\System\sRSLGJw.exe
  C:\Windows\System\sRSLGJw.exe
  2⤵
  PID:3724
- C:\Windows\System\CnoNJBH.exe
  C:\Windows\System\CnoNJBH.exe
  2⤵
  PID:3740
- C:\Windows\System\MLeDfJP.exe
  C:\Windows\System\MLeDfJP.exe
  2⤵
  PID:3756
- C:\Windows\System\ttuJJnK.exe
  C:\Windows\System\ttuJJnK.exe
  2⤵
  PID:3772
- C:\Windows\System\BCvGBWR.exe
  C:\Windows\System\BCvGBWR.exe
  2⤵
  PID:3788
- C:\Windows\System\DEWVfMS.exe
  C:\Windows\System\DEWVfMS.exe
  2⤵
  PID:3804
- C:\Windows\System\OFdxDeB.exe
  C:\Windows\System\OFdxDeB.exe
  2⤵
  PID:3820
- C:\Windows\System\wPaVzqC.exe
  C:\Windows\System\wPaVzqC.exe
  2⤵
  PID:3836
- C:\Windows\System\AIdErck.exe
  C:\Windows\System\AIdErck.exe
  2⤵
  PID:3852
- C:\Windows\System\kEcAyyz.exe
  C:\Windows\System\kEcAyyz.exe
  2⤵
  PID:3868
- C:\Windows\System\iWkuLjf.exe
  C:\Windows\System\iWkuLjf.exe
  2⤵
  PID:3884
- C:\Windows\System\XfbNLIo.exe
  C:\Windows\System\XfbNLIo.exe
  2⤵
  PID:3900
- C:\Windows\System\rCgElxj.exe
  C:\Windows\System\rCgElxj.exe
  2⤵
  PID:3916
- C:\Windows\System\ovALJhz.exe
  C:\Windows\System\ovALJhz.exe
  2⤵
  PID:3932
- C:\Windows\System\sfmJprI.exe
  C:\Windows\System\sfmJprI.exe
  2⤵
  PID:3948
- C:\Windows\System\TzEbQcu.exe
  C:\Windows\System\TzEbQcu.exe
  2⤵
  PID:3964
- C:\Windows\System\gmjnxBN.exe
  C:\Windows\System\gmjnxBN.exe
  2⤵
  PID:3980
- C:\Windows\System\oSupzSm.exe
  C:\Windows\System\oSupzSm.exe
  2⤵
  PID:3996
- C:\Windows\System\qfkZHAU.exe
  C:\Windows\System\qfkZHAU.exe
  2⤵
  PID:4012
- C:\Windows\System\AsogbQt.exe
  C:\Windows\System\AsogbQt.exe
  2⤵
  PID:4028
- C:\Windows\System\wcllIYT.exe
  C:\Windows\System\wcllIYT.exe
  2⤵
  PID:4044
- C:\Windows\System\OwGcYFS.exe
  C:\Windows\System\OwGcYFS.exe
  2⤵
  PID:4060
- C:\Windows\System\gnttHEY.exe
  C:\Windows\System\gnttHEY.exe
  2⤵
  PID:4076
- C:\Windows\System\azaPjIT.exe
  C:\Windows\System\azaPjIT.exe
  2⤵
  PID:4092
- C:\Windows\System\ntwwEkF.exe
  C:\Windows\System\ntwwEkF.exe
  2⤵
  PID:1856
- C:\Windows\System\xzhDcev.exe
  C:\Windows\System\xzhDcev.exe
  2⤵
  PID:1204
- C:\Windows\System\sAIIzJY.exe
  C:\Windows\System\sAIIzJY.exe
  2⤵
  PID:1788
- C:\Windows\System\ViXwxNi.exe
  C:\Windows\System\ViXwxNi.exe
  2⤵
  PID:2336
- C:\Windows\System\ycDiUjG.exe
  C:\Windows\System\ycDiUjG.exe
  2⤵
  PID:1036
- C:\Windows\System\oorREeu.exe
  C:\Windows\System\oorREeu.exe
  2⤵
  PID:2316
- C:\Windows\System\AYBfEsU.exe
  C:\Windows\System\AYBfEsU.exe
  2⤵
  PID:1192
- C:\Windows\System\MSIxHVN.exe
  C:\Windows\System\MSIxHVN.exe
  2⤵
  PID:2704
- C:\Windows\System\ASBldBP.exe
  C:\Windows\System\ASBldBP.exe
  2⤵
  PID:3096
- C:\Windows\System\DAabHal.exe
  C:\Windows\System\DAabHal.exe
  2⤵
  PID:3140
- C:\Windows\System\mpWCYWN.exe
  C:\Windows\System\mpWCYWN.exe
  2⤵
  PID:3156
- C:\Windows\System\SOccjMJ.exe
  C:\Windows\System\SOccjMJ.exe
  2⤵
  PID:3204
- C:\Windows\System\MoGPpku.exe
  C:\Windows\System\MoGPpku.exe
  2⤵
  PID:3220
- C:\Windows\System\ZajOknh.exe
  C:\Windows\System\ZajOknh.exe
  2⤵
  PID:3252
- C:\Windows\System\xWFiYfR.exe
  C:\Windows\System\xWFiYfR.exe
  2⤵
  PID:3300
- C:\Windows\System\lIxsfNG.exe
  C:\Windows\System\lIxsfNG.exe
  2⤵
  PID:3316
- C:\Windows\System\RsgCwEB.exe
  C:\Windows\System\RsgCwEB.exe
  2⤵
  PID:3348
- C:\Windows\System\dIwqzpM.exe
  C:\Windows\System\dIwqzpM.exe
  2⤵
  PID:3380
- C:\Windows\System\XuoFFKO.exe
  C:\Windows\System\XuoFFKO.exe
  2⤵
  PID:3412
- C:\Windows\System\uOauBwq.exe
  C:\Windows\System\uOauBwq.exe
  2⤵
  PID:3444
- C:\Windows\System\PpEHtew.exe
  C:\Windows\System\PpEHtew.exe
  2⤵
  PID:3492
- C:\Windows\System\cpUTxAr.exe
  C:\Windows\System\cpUTxAr.exe
  2⤵
  PID:3508
- C:\Windows\System\SlDOvAg.exe
  C:\Windows\System\SlDOvAg.exe
  2⤵
  PID:3540
- C:\Windows\System\ckdqXWp.exe
  C:\Windows\System\ckdqXWp.exe
  2⤵
  PID:3572
- C:\Windows\System\lJrScsa.exe
  C:\Windows\System\lJrScsa.exe
  2⤵
  PID:3604
- C:\Windows\System\AwLYDZb.exe
  C:\Windows\System\AwLYDZb.exe
  2⤵
  PID:3636
- C:\Windows\System\anbkIcV.exe
  C:\Windows\System\anbkIcV.exe
  2⤵
  PID:3668
- C:\Windows\System\DrTTLps.exe
  C:\Windows\System\DrTTLps.exe
  2⤵
  PID:3672
- C:\Windows\System\QDcnLsk.exe
  C:\Windows\System\QDcnLsk.exe
  2⤵
  PID:3720
- C:\Windows\System\cYQsbPl.exe
  C:\Windows\System\cYQsbPl.exe
  2⤵
  PID:3736
- C:\Windows\System\rsfimeu.exe
  C:\Windows\System\rsfimeu.exe
  2⤵
  PID:3784
- C:\Windows\System\GZurkiZ.exe
  C:\Windows\System\GZurkiZ.exe
  2⤵
  PID:3812
- C:\Windows\System\OzmCVCh.exe
  C:\Windows\System\OzmCVCh.exe
  2⤵
  PID:3844
- C:\Windows\System\WyUoQNj.exe
  C:\Windows\System\WyUoQNj.exe
  2⤵
  PID:3876
- C:\Windows\System\YRHuhOX.exe
  C:\Windows\System\YRHuhOX.exe
  2⤵
  PID:3912
- C:\Windows\System\nthHcjz.exe
  C:\Windows\System\nthHcjz.exe
  2⤵
  PID:3944
- C:\Windows\System\npeplgL.exe
  C:\Windows\System\npeplgL.exe
  2⤵
  PID:3956
- C:\Windows\System\zICkQsZ.exe
  C:\Windows\System\zICkQsZ.exe
  2⤵
  PID:4008
- C:\Windows\System\XMDoLzN.exe
  C:\Windows\System\XMDoLzN.exe
  2⤵
  PID:4072
- C:\Windows\System\drcUMAH.exe
  C:\Windows\System\drcUMAH.exe
  2⤵
  PID:3992
- C:\Windows\System\xfevZTg.exe
  C:\Windows\System\xfevZTg.exe
  2⤵
  PID:4088
- C:\Windows\System\YbOPmji.exe
  C:\Windows\System\YbOPmji.exe
  2⤵
  PID:812
- C:\Windows\System\tMOmPOW.exe
  C:\Windows\System\tMOmPOW.exe
  2⤵
  PID:2020
- C:\Windows\System\rKRbfcr.exe
  C:\Windows\System\rKRbfcr.exe
  2⤵
  PID:3092
- C:\Windows\System\FNYRSvS.exe
  C:\Windows\System\FNYRSvS.exe
  2⤵
  PID:2776
- C:\Windows\System\oARHWcO.exe
  C:\Windows\System\oARHWcO.exe
  2⤵
  PID:3128
- C:\Windows\System\eUcBObQ.exe
  C:\Windows\System\eUcBObQ.exe
  2⤵
  PID:3208
- C:\Windows\System\dfQVYIQ.exe
  C:\Windows\System\dfQVYIQ.exe
  2⤵
  PID:3176
- C:\Windows\System\Reockkm.exe
  C:\Windows\System\Reockkm.exe
  2⤵
  PID:3240
- C:\Windows\System\zIsEWRE.exe
  C:\Windows\System\zIsEWRE.exe
  2⤵
  PID:3288
- C:\Windows\System\SYDWhCx.exe
  C:\Windows\System\SYDWhCx.exe
  2⤵
  PID:3480
- C:\Windows\System\JMSuIXa.exe
  C:\Windows\System\JMSuIXa.exe
  2⤵
  PID:3496
- C:\Windows\System\zYpjgSL.exe
  C:\Windows\System\zYpjgSL.exe
  2⤵
  PID:3560
- C:\Windows\System\tPicyOS.exe
  C:\Windows\System\tPicyOS.exe
  2⤵
  PID:3640
- C:\Windows\System\NPyFnHc.exe
  C:\Windows\System\NPyFnHc.exe
  2⤵
  PID:3780
- C:\Windows\System\IUGeCRM.exe
  C:\Windows\System\IUGeCRM.exe
  2⤵
  PID:3908
- C:\Windows\System\ImruQoW.exe
  C:\Windows\System\ImruQoW.exe
  2⤵
  PID:3684
- C:\Windows\System\PeriCWZ.exe
  C:\Windows\System\PeriCWZ.exe
  2⤵
  PID:3768
- C:\Windows\System\hOriFZG.exe
  C:\Windows\System\hOriFZG.exe
  2⤵
  PID:3896
- C:\Windows\System\tEVhqok.exe
  C:\Windows\System\tEVhqok.exe
  2⤵
  PID:4036
- C:\Windows\System\sHUVxzR.exe
  C:\Windows\System\sHUVxzR.exe
  2⤵
  PID:4056
- C:\Windows\System\FuIWoBh.exe
  C:\Windows\System\FuIWoBh.exe
  2⤵
  PID:4024
- C:\Windows\System\iQuUJqe.exe
  C:\Windows\System\iQuUJqe.exe
  2⤵
  PID:2092
- C:\Windows\System\CzIaziG.exe
  C:\Windows\System\CzIaziG.exe
  2⤵
  PID:2480
- C:\Windows\System\pNShkXQ.exe
  C:\Windows\System\pNShkXQ.exe
  2⤵
  PID:3460
- C:\Windows\System\eydSovN.exe
  C:\Windows\System\eydSovN.exe
  2⤵
  PID:3716
- C:\Windows\System\IRjHINP.exe
  C:\Windows\System\IRjHINP.exe
  2⤵
  PID:2136
- C:\Windows\System\XKLEPhs.exe
  C:\Windows\System\XKLEPhs.exe
  2⤵
  PID:3928
- C:\Windows\System\wlgWNCv.exe
  C:\Windows\System\wlgWNCv.exe
  2⤵
  PID:916
- C:\Windows\System\oKpDwnt.exe
  C:\Windows\System\oKpDwnt.exe
  2⤵
  PID:3880
- C:\Windows\System\rVdfObA.exe
  C:\Windows\System\rVdfObA.exe
  2⤵
  PID:2744
- C:\Windows\System\yOpzfUc.exe
  C:\Windows\System\yOpzfUc.exe
  2⤵
  PID:4040
- C:\Windows\System\NHcARnb.exe
  C:\Windows\System\NHcARnb.exe
  2⤵
  PID:3076
- C:\Windows\System\ucQyyZl.exe
  C:\Windows\System\ucQyyZl.exe
  2⤵
  PID:3976
- C:\Windows\System\tYLzfxl.exe
  C:\Windows\System\tYLzfxl.exe
  2⤵
  PID:4108
- C:\Windows\System\VUxbBAk.exe
  C:\Windows\System\VUxbBAk.exe
  2⤵
  PID:4124
- C:\Windows\System\KbQOdCw.exe
  C:\Windows\System\KbQOdCw.exe
  2⤵
  PID:4140
- C:\Windows\System\fitPIEx.exe
  C:\Windows\System\fitPIEx.exe
  2⤵
  PID:4156
- C:\Windows\System\zcoGGdB.exe
  C:\Windows\System\zcoGGdB.exe
  2⤵
  PID:4172
- C:\Windows\System\xjQSArP.exe
  C:\Windows\System\xjQSArP.exe
  2⤵
  PID:4188
- C:\Windows\System\DDDksRZ.exe
  C:\Windows\System\DDDksRZ.exe
  2⤵
  PID:4204
- C:\Windows\System\PuaYcvk.exe
  C:\Windows\System\PuaYcvk.exe
  2⤵
  PID:4220
- C:\Windows\System\YHFpkVf.exe
  C:\Windows\System\YHFpkVf.exe
  2⤵
  PID:4236
- C:\Windows\System\RmInwcr.exe
  C:\Windows\System\RmInwcr.exe
  2⤵
  PID:4252
- C:\Windows\System\ugLJPVQ.exe
  C:\Windows\System\ugLJPVQ.exe
  2⤵
  PID:4268
- C:\Windows\System\cmvhlnQ.exe
  C:\Windows\System\cmvhlnQ.exe
  2⤵
  PID:4284
- C:\Windows\System\GYBcGoH.exe
  C:\Windows\System\GYBcGoH.exe
  2⤵
  PID:4300
- C:\Windows\System\XNPNEkM.exe
  C:\Windows\System\XNPNEkM.exe
  2⤵
  PID:4316
- C:\Windows\System\RZXPsDn.exe
  C:\Windows\System\RZXPsDn.exe
  2⤵
  PID:4332
- C:\Windows\System\xrrxYaT.exe
  C:\Windows\System\xrrxYaT.exe
  2⤵
  PID:4348
- C:\Windows\System\zPAXabB.exe
  C:\Windows\System\zPAXabB.exe
  2⤵
  PID:4364
- C:\Windows\System\nUletHI.exe
  C:\Windows\System\nUletHI.exe
  2⤵
  PID:4380
- C:\Windows\System\qXTEqBn.exe
  C:\Windows\System\qXTEqBn.exe
  2⤵
  PID:4396
- C:\Windows\System\DpBxxvo.exe
  C:\Windows\System\DpBxxvo.exe
  2⤵
  PID:4428
- C:\Windows\System\LxNlmRF.exe
  C:\Windows\System\LxNlmRF.exe
  2⤵
  PID:4568
- C:\Windows\System\BwBZwuq.exe
  C:\Windows\System\BwBZwuq.exe
  2⤵
  PID:4584
- C:\Windows\System\SkgRcYN.exe
  C:\Windows\System\SkgRcYN.exe
  2⤵
  PID:4600
- C:\Windows\System\nnDGkhs.exe
  C:\Windows\System\nnDGkhs.exe
  2⤵
  PID:4620
- C:\Windows\System\QBEQTOh.exe
  C:\Windows\System\QBEQTOh.exe
  2⤵
  PID:4636
- C:\Windows\System\RswXfDh.exe
  C:\Windows\System\RswXfDh.exe
  2⤵
  PID:4660
- C:\Windows\System\MQdfTuW.exe
  C:\Windows\System\MQdfTuW.exe
  2⤵
  PID:4676
- C:\Windows\System\xOVMDTy.exe
  C:\Windows\System\xOVMDTy.exe
  2⤵
  PID:4692
- C:\Windows\System\yvprFqw.exe
  C:\Windows\System\yvprFqw.exe
  2⤵
  PID:4708
- C:\Windows\System\JbQjboW.exe
  C:\Windows\System\JbQjboW.exe
  2⤵
  PID:4724
- C:\Windows\System\KiTRPlo.exe
  C:\Windows\System\KiTRPlo.exe
  2⤵
  PID:4740
- C:\Windows\System\orgafUv.exe
  C:\Windows\System\orgafUv.exe
  2⤵
  PID:4756
- C:\Windows\System\mgXlhvc.exe
  C:\Windows\System\mgXlhvc.exe
  2⤵
  PID:4772
- C:\Windows\System\ENzTAWz.exe
  C:\Windows\System\ENzTAWz.exe
  2⤵
  PID:4788
- C:\Windows\System\gbllIJo.exe
  C:\Windows\System\gbllIJo.exe
  2⤵
  PID:4804
- C:\Windows\System\SjXfXhS.exe
  C:\Windows\System\SjXfXhS.exe
  2⤵
  PID:4820
- C:\Windows\System\pOaBGmU.exe
  C:\Windows\System\pOaBGmU.exe
  2⤵
  PID:4836
- C:\Windows\System\ZLdVdNk.exe
  C:\Windows\System\ZLdVdNk.exe
  2⤵
  PID:4852
- C:\Windows\System\KbkPAQN.exe
  C:\Windows\System\KbkPAQN.exe
  2⤵
  PID:4868
- C:\Windows\System\lXogbSo.exe
  C:\Windows\System\lXogbSo.exe
  2⤵
  PID:4884
- C:\Windows\System\PgrNVgm.exe
  C:\Windows\System\PgrNVgm.exe
  2⤵
  PID:4900
- C:\Windows\System\pDYXFCK.exe
  C:\Windows\System\pDYXFCK.exe
  2⤵
  PID:4916
- C:\Windows\System\BRqkHEF.exe
  C:\Windows\System\BRqkHEF.exe
  2⤵
  PID:4932
- C:\Windows\System\nhDLKMR.exe
  C:\Windows\System\nhDLKMR.exe
  2⤵
  PID:4948
- C:\Windows\System\dQSeWmt.exe
  C:\Windows\System\dQSeWmt.exe
  2⤵
  PID:4964
- C:\Windows\System\cqYxVBR.exe
  C:\Windows\System\cqYxVBR.exe
  2⤵
  PID:4980
- C:\Windows\System\EphTafD.exe
  C:\Windows\System\EphTafD.exe
  2⤵
  PID:4996
- C:\Windows\System\RlApWYl.exe
  C:\Windows\System\RlApWYl.exe
  2⤵
  PID:5012
- C:\Windows\System\grAKWPp.exe
  C:\Windows\System\grAKWPp.exe
  2⤵
  PID:5028
- C:\Windows\System\LnwOXgW.exe
  C:\Windows\System\LnwOXgW.exe
  2⤵
  PID:5044
- C:\Windows\System\qjauDdR.exe
  C:\Windows\System\qjauDdR.exe
  2⤵
  PID:5060
- C:\Windows\System\cVsTzdL.exe
  C:\Windows\System\cVsTzdL.exe
  2⤵
  PID:5076
- C:\Windows\System\WGvEXrl.exe
  C:\Windows\System\WGvEXrl.exe
  2⤵
  PID:5092
- C:\Windows\System\xzpPnFe.exe
  C:\Windows\System\xzpPnFe.exe
  2⤵
  PID:5108
- C:\Windows\System\FjReSXC.exe
  C:\Windows\System\FjReSXC.exe
  2⤵
  PID:3160
- C:\Windows\System\LyRHIzR.exe
  C:\Windows\System\LyRHIzR.exe
  2⤵
  PID:2188
- C:\Windows\System\okzpYJF.exe
  C:\Windows\System\okzpYJF.exe
  2⤵
  PID:3400
- C:\Windows\System\xnkDfhm.exe
  C:\Windows\System\xnkDfhm.exe
  2⤵
  PID:3860
- C:\Windows\System\tLxXjrB.exe
  C:\Windows\System\tLxXjrB.exe
  2⤵
  PID:4132
- C:\Windows\System\gZlQSIw.exe
  C:\Windows\System\gZlQSIw.exe
  2⤵
  PID:4168
- C:\Windows\System\FqdMgcK.exe
  C:\Windows\System\FqdMgcK.exe
  2⤵
  PID:3336
- C:\Windows\System\cPdOVhT.exe
  C:\Windows\System\cPdOVhT.exe
  2⤵
  PID:2068
- C:\Windows\System\nCgGltG.exe
  C:\Windows\System\nCgGltG.exe
  2⤵
  PID:4152
- C:\Windows\System\DAChaHn.exe
  C:\Windows\System\DAChaHn.exe
  2⤵
  PID:4216
- C:\Windows\System\EtuXgIh.exe
  C:\Windows\System\EtuXgIh.exe
  2⤵
  PID:4292
- C:\Windows\System\ZczFNce.exe
  C:\Windows\System\ZczFNce.exe
  2⤵
  PID:4324
- C:\Windows\System\uKFXxFb.exe
  C:\Windows\System\uKFXxFb.exe
  2⤵
  PID:4356
- C:\Windows\System\BsufSJN.exe
  C:\Windows\System\BsufSJN.exe
  2⤵
  PID:4308
- C:\Windows\System\UGGDApB.exe
  C:\Windows\System\UGGDApB.exe
  2⤵
  PID:4388
- C:\Windows\System\tVHZWTq.exe
  C:\Windows\System\tVHZWTq.exe
  2⤵
  PID:4444
- C:\Windows\System\fhgtLPp.exe
  C:\Windows\System\fhgtLPp.exe
  2⤵
  PID:4460
- C:\Windows\System\kTIzhPP.exe
  C:\Windows\System\kTIzhPP.exe
  2⤵
  PID:4468
- C:\Windows\System\JTALhMg.exe
  C:\Windows\System\JTALhMg.exe
  2⤵
  PID:4484
- C:\Windows\System\EwAjOPU.exe
  C:\Windows\System\EwAjOPU.exe
  2⤵
  PID:4500
- C:\Windows\System\DUtJTjo.exe
  C:\Windows\System\DUtJTjo.exe
  2⤵
  PID:4516
- C:\Windows\System\QRISALk.exe
  C:\Windows\System\QRISALk.exe
  2⤵
  PID:4536
- C:\Windows\System\VnubBSr.exe
  C:\Windows\System\VnubBSr.exe
  2⤵
  PID:4552
- C:\Windows\System\YbcyVsR.exe
  C:\Windows\System\YbcyVsR.exe
  2⤵
  PID:4408
- C:\Windows\System\higoDKz.exe
  C:\Windows\System\higoDKz.exe
  2⤵
  PID:4424
- C:\Windows\System\IDUUOtA.exe
  C:\Windows\System\IDUUOtA.exe
  2⤵
  PID:4628
- C:\Windows\System\lGqsOzJ.exe
  C:\Windows\System\lGqsOzJ.exe
  2⤵
  PID:4580
- C:\Windows\System\PYMkOJV.exe
  C:\Windows\System\PYMkOJV.exe
  2⤵
  PID:4704
- C:\Windows\System\JPVprQj.exe
  C:\Windows\System\JPVprQj.exe
  2⤵
  PID:4764
- C:\Windows\System\SHvGhnm.exe
  C:\Windows\System\SHvGhnm.exe
  2⤵
  PID:2176
- C:\Windows\System\puyabzB.exe
  C:\Windows\System\puyabzB.exe
  2⤵
  PID:4828
- C:\Windows\System\zWckERF.exe
  C:\Windows\System\zWckERF.exe
  2⤵
  PID:4892
- C:\Windows\System\YTdkWmd.exe
  C:\Windows\System\YTdkWmd.exe
  2⤵
  PID:4784
- C:\Windows\System\GlItBYP.exe
  C:\Windows\System\GlItBYP.exe
  2⤵
  PID:4928
- C:\Windows\System\YzUulmv.exe
  C:\Windows\System\YzUulmv.exe
  2⤵
  PID:4988
- C:\Windows\System\kocWVHS.exe
  C:\Windows\System\kocWVHS.exe
  2⤵
  PID:5052
- C:\Windows\System\EMQnOWw.exe
  C:\Windows\System\EMQnOWw.exe
  2⤵
  PID:800
- C:\Windows\System\znxjBaW.exe
  C:\Windows\System\znxjBaW.exe
  2⤵
  PID:4972
- C:\Windows\System\QeGTLSd.exe
  C:\Windows\System\QeGTLSd.exe
  2⤵
  PID:5004
- C:\Windows\System\fwsHPmD.exe
  C:\Windows\System\fwsHPmD.exe
  2⤵
  PID:2680
- C:\Windows\System\ARfDXDD.exe
  C:\Windows\System\ARfDXDD.exe
  2⤵
  PID:2924
- C:\Windows\System\fkdOZWh.exe
  C:\Windows\System\fkdOZWh.exe
  2⤵
  PID:5036
- C:\Windows\System\oKbWOsK.exe
  C:\Windows\System\oKbWOsK.exe
  2⤵
  PID:2664
- C:\Windows\System\jfaDzUU.exe
  C:\Windows\System\jfaDzUU.exe
  2⤵
  PID:4212
- C:\Windows\System\dGyaiuo.exe
  C:\Windows\System\dGyaiuo.exe
  2⤵
  PID:4344
- C:\Windows\System\otqnjnp.exe
  C:\Windows\System\otqnjnp.exe
  2⤵
  PID:4480
- C:\Windows\System\npoHPoy.exe
  C:\Windows\System\npoHPoy.exe
  2⤵
  PID:4512
- C:\Windows\System\MseHLgh.exe
  C:\Windows\System\MseHLgh.exe
  2⤵
  PID:4436
- C:\Windows\System\vOdpGAq.exe
  C:\Windows\System\vOdpGAq.exe
  2⤵
  PID:4544
- C:\Windows\System\NjEutNR.exe
  C:\Windows\System\NjEutNR.exe
  2⤵
  PID:4560
- C:\Windows\System\xzdXQPC.exe
  C:\Windows\System\xzdXQPC.exe
  2⤵
  PID:4576
- C:\Windows\System\oQGngib.exe
  C:\Windows\System\oQGngib.exe
  2⤵
  PID:4736
- C:\Windows\System\JHyCjFZ.exe
  C:\Windows\System\JHyCjFZ.exe
  2⤵
  PID:4688
- C:\Windows\System\CdIKgZn.exe
  C:\Windows\System\CdIKgZn.exe
  2⤵
  PID:4800
- C:\Windows\System\btFwCrU.exe
  C:\Windows\System\btFwCrU.exe
  2⤵
  PID:2600
- C:\Windows\System\KQlSNaD.exe
  C:\Windows\System\KQlSNaD.exe
  2⤵
  PID:4896
- C:\Windows\System\ZqJnaSH.exe
  C:\Windows\System\ZqJnaSH.exe
  2⤵
  PID:5088
- C:\Windows\System\lUIAeEH.exe
  C:\Windows\System\lUIAeEH.exe
  2⤵
  PID:4844
- C:\Windows\System\wLbKSUi.exe
  C:\Windows\System\wLbKSUi.exe
  2⤵
  PID:4908
- C:\Windows\System\qrZBvII.exe
  C:\Windows\System\qrZBvII.exe
  2⤵
  PID:4104
- C:\Windows\System\XTzNFCy.exe
  C:\Windows\System\XTzNFCy.exe
  2⤵
  PID:3512
- C:\Windows\System\LTajBtN.exe
  C:\Windows\System\LTajBtN.exe
  2⤵
  PID:4068
- C:\Windows\System\SnEQeyi.exe
  C:\Windows\System\SnEQeyi.exe
  2⤵
  PID:2476
- C:\Windows\System\mwuhQHQ.exe
  C:\Windows\System\mwuhQHQ.exe
  2⤵
  PID:4376
- C:\Windows\System\MTKSYHc.exe
  C:\Windows\System\MTKSYHc.exe
  2⤵
  PID:2584
- C:\Windows\System\yFFhJsS.exe
  C:\Windows\System\yFFhJsS.exe
  2⤵
  PID:4612
- C:\Windows\System\ttSGaZC.exe
  C:\Windows\System\ttSGaZC.exe
  2⤵
  PID:4616
- C:\Windows\System\oDMSBhz.exe
  C:\Windows\System\oDMSBhz.exe
  2⤵
  PID:5136
- C:\Windows\System\QoeaiKm.exe
  C:\Windows\System\QoeaiKm.exe
  2⤵
  PID:5160
- C:\Windows\System\xLiBzVa.exe
  C:\Windows\System\xLiBzVa.exe
  2⤵
  PID:5184
- C:\Windows\System\KuEqnnm.exe
  C:\Windows\System\KuEqnnm.exe
  2⤵
  PID:5200
- C:\Windows\System\AwhKWkh.exe
  C:\Windows\System\AwhKWkh.exe
  2⤵
  PID:5228
- C:\Windows\System\BjeHyXZ.exe
  C:\Windows\System\BjeHyXZ.exe
  2⤵
  PID:5248
- C:\Windows\System\fdbyWnO.exe
  C:\Windows\System\fdbyWnO.exe
  2⤵
  PID:5268
- C:\Windows\System\QcuegvR.exe
  C:\Windows\System\QcuegvR.exe
  2⤵
  PID:5288
- C:\Windows\System\WODeMMs.exe
  C:\Windows\System\WODeMMs.exe
  2⤵
  PID:5312
- C:\Windows\System\lpVgJDj.exe
  C:\Windows\System\lpVgJDj.exe
  2⤵
  PID:5328
- C:\Windows\System\EdXqXer.exe
  C:\Windows\System\EdXqXer.exe
  2⤵
  PID:5344
- C:\Windows\System\WZopvDQ.exe
  C:\Windows\System\WZopvDQ.exe
  2⤵
  PID:5364
- C:\Windows\System\LwyJoZq.exe
  C:\Windows\System\LwyJoZq.exe
  2⤵
  PID:5384
- C:\Windows\System\XhXJBVt.exe
  C:\Windows\System\XhXJBVt.exe
  2⤵
  PID:5404
- C:\Windows\System\PtibzZK.exe
  C:\Windows\System\PtibzZK.exe
  2⤵
  PID:5424
- C:\Windows\System\HdhxdTR.exe
  C:\Windows\System\HdhxdTR.exe
  2⤵
  PID:5440
- C:\Windows\System\pAqHaCI.exe
  C:\Windows\System\pAqHaCI.exe
  2⤵
  PID:5464
- C:\Windows\System\vnMxryn.exe
  C:\Windows\System\vnMxryn.exe
  2⤵
  PID:5488
- C:\Windows\System\lGLGKas.exe
  C:\Windows\System\lGLGKas.exe
  2⤵
  PID:5512
- C:\Windows\System\TiHwJNp.exe
  C:\Windows\System\TiHwJNp.exe
  2⤵
  PID:5528
- C:\Windows\System\vhVPbbo.exe
  C:\Windows\System\vhVPbbo.exe
  2⤵
  PID:5544
- C:\Windows\System\TyOgAuX.exe
  C:\Windows\System\TyOgAuX.exe
  2⤵
  PID:5568
- C:\Windows\System\eKUwNuO.exe
  C:\Windows\System\eKUwNuO.exe
  2⤵
  PID:5600
- C:\Windows\System\rnZNZyR.exe
  C:\Windows\System\rnZNZyR.exe
  2⤵
  PID:5644
- C:\Windows\System\QuRNFgx.exe
  C:\Windows\System\QuRNFgx.exe
  2⤵
  PID:5664
- C:\Windows\System\QrKAfpx.exe
  C:\Windows\System\QrKAfpx.exe
  2⤵
  PID:5680
- C:\Windows\System\iUnuDDI.exe
  C:\Windows\System\iUnuDDI.exe
  2⤵
  PID:5720
- C:\Windows\System\tovzMnb.exe
  C:\Windows\System\tovzMnb.exe
  2⤵
  PID:5760
- C:\Windows\System\chHtGaC.exe
  C:\Windows\System\chHtGaC.exe
  2⤵
  PID:5824
- C:\Windows\System\mIuSfwx.exe
  C:\Windows\System\mIuSfwx.exe
  2⤵
  PID:5844
- C:\Windows\System\dTmCSVz.exe
  C:\Windows\System\dTmCSVz.exe
  2⤵
  PID:5860
- C:\Windows\System\uDtKoSw.exe
  C:\Windows\System\uDtKoSw.exe
  2⤵
  PID:5880
- C:\Windows\System\HXjgxgU.exe
  C:\Windows\System\HXjgxgU.exe
  2⤵
  PID:5900
- C:\Windows\System\ykCwZIb.exe
  C:\Windows\System\ykCwZIb.exe
  2⤵
  PID:5916
- C:\Windows\System\nJjddur.exe
  C:\Windows\System\nJjddur.exe
  2⤵
  PID:5960
- C:\Windows\System\oITDqEo.exe
  C:\Windows\System\oITDqEo.exe
  2⤵
  PID:6024
- C:\Windows\System\lZQPrqx.exe
  C:\Windows\System\lZQPrqx.exe
  2⤵
  PID:6080
- C:\Windows\System\atrAymy.exe
  C:\Windows\System\atrAymy.exe
  2⤵
  PID:6104
- C:\Windows\System\AcWkcTm.exe
  C:\Windows\System\AcWkcTm.exe
  2⤵
  PID:6120
- C:\Windows\System\ebIvJZj.exe
  C:\Windows\System\ebIvJZj.exe
  2⤵
  PID:6136
- C:\Windows\System\eCqetvQ.exe
  C:\Windows\System\eCqetvQ.exe
  2⤵
  PID:4752
- C:\Windows\System\tBncNUB.exe
  C:\Windows\System\tBncNUB.exe
  2⤵
  PID:5104
- C:\Windows\System\PUamFYs.exe
  C:\Windows\System\PUamFYs.exe
  2⤵
  PID:4360
- C:\Windows\System\bryyETl.exe
  C:\Windows\System\bryyETl.exe
  2⤵
  PID:4528
- C:\Windows\System\xcPlpxA.exe
  C:\Windows\System\xcPlpxA.exe
  2⤵
  PID:5168
- C:\Windows\System\lqxHkos.exe
  C:\Windows\System\lqxHkos.exe
  2⤵
  PID:6068
- C:\Windows\System\geTEEvn.exe
  C:\Windows\System\geTEEvn.exe
  2⤵
  PID:4020
- C:\Windows\System\fgARGCH.exe
  C:\Windows\System\fgARGCH.exe
  2⤵
  PID:4340
- C:\Windows\System\dkHmalr.exe
  C:\Windows\System\dkHmalr.exe
  2⤵
  PID:4700
- C:\Windows\System\INyBjfC.exe
  C:\Windows\System\INyBjfC.exe
  2⤵
  PID:1768
- C:\Windows\System\OsAcFLp.exe
  C:\Windows\System\OsAcFLp.exe
  2⤵
  PID:5240
- C:\Windows\System\AJgfemR.exe
  C:\Windows\System\AJgfemR.exe
  2⤵
  PID:4372
- C:\Windows\System\XSqYtOa.exe
  C:\Windows\System\XSqYtOa.exe
  2⤵
  PID:5256
- C:\Windows\System\bkCHlBi.exe
  C:\Windows\System\bkCHlBi.exe
  2⤵
  PID:5296
- C:\Windows\System\gkYBOqW.exe
  C:\Windows\System\gkYBOqW.exe
  2⤵
  PID:5308
- C:\Windows\System\dFfwEFs.exe
  C:\Windows\System\dFfwEFs.exe
  2⤵
  PID:2652
- C:\Windows\System\FayYqAK.exe
  C:\Windows\System\FayYqAK.exe
  2⤵
  PID:5432
- C:\Windows\System\LnJkYAV.exe
  C:\Windows\System\LnJkYAV.exe
  2⤵
  PID:5412
- C:\Windows\System\PfBDliT.exe
  C:\Windows\System\PfBDliT.exe
  2⤵
  PID:5452
- C:\Windows\System\IFNONWR.exe
  C:\Windows\System\IFNONWR.exe
  2⤵
  PID:5484
- C:\Windows\System\CVSkCCH.exe
  C:\Windows\System\CVSkCCH.exe
  2⤵
  PID:5524
- C:\Windows\System\pVtGPfZ.exe
  C:\Windows\System\pVtGPfZ.exe
  2⤵
  PID:5616
- C:\Windows\System\PtcwnwN.exe
  C:\Windows\System\PtcwnwN.exe
  2⤵
  PID:5632
- C:\Windows\System\uUJaPdD.exe
  C:\Windows\System\uUJaPdD.exe
  2⤵
  PID:5676
- C:\Windows\System\IZxwnSE.exe
  C:\Windows\System\IZxwnSE.exe
  2⤵
  PID:5732
- C:\Windows\System\WGutSbX.exe
  C:\Windows\System\WGutSbX.exe
  2⤵
  PID:5840
- C:\Windows\System\vnlYjHE.exe
  C:\Windows\System\vnlYjHE.exe
  2⤵
  PID:5912
- C:\Windows\System\ijTOKdD.exe
  C:\Windows\System\ijTOKdD.exe
  2⤵
  PID:5984
- C:\Windows\System\ylRrdBf.exe
  C:\Windows\System\ylRrdBf.exe
  2⤵
  PID:6004
- C:\Windows\System\gamErOk.exe
  C:\Windows\System\gamErOk.exe
  2⤵
  PID:2920
- C:\Windows\System\qFcITgH.exe
  C:\Windows\System\qFcITgH.exe
  2⤵
  PID:876
- C:\Windows\System\JFoNrqN.exe
  C:\Windows\System\JFoNrqN.exe
  2⤵
  PID:5584
- C:\Windows\System\LeIiBoy.exe
  C:\Windows\System\LeIiBoy.exe
  2⤵
  PID:5660
- C:\Windows\System\boWDGbZ.exe
  C:\Windows\System\boWDGbZ.exe
  2⤵
  PID:5700
- C:\Windows\System\vvXZjXS.exe
  C:\Windows\System\vvXZjXS.exe
  2⤵
  PID:6088
- C:\Windows\System\kgBEjAQ.exe
  C:\Windows\System\kgBEjAQ.exe
  2⤵
  PID:5784
- C:\Windows\System\ryZqLtg.exe
  C:\Windows\System\ryZqLtg.exe
  2⤵
  PID:5804
- C:\Windows\System\rWXQarw.exe
  C:\Windows\System\rWXQarw.exe
  2⤵
  PID:5816
- C:\Windows\System\OTrNWio.exe
  C:\Windows\System\OTrNWio.exe
  2⤵
  PID:6096
- C:\Windows\System\OsvKEep.exe
  C:\Windows\System\OsvKEep.exe
  2⤵
  PID:6132
- C:\Windows\System\lCxFNeE.exe
  C:\Windows\System\lCxFNeE.exe
  2⤵
  PID:5924
- C:\Windows\System\WziDDYL.exe
  C:\Windows\System\WziDDYL.exe
  2⤵
  PID:5936
- C:\Windows\System\PpnqKic.exe
  C:\Windows\System\PpnqKic.exe
  2⤵
  PID:4924
- C:\Windows\System\DEoWufx.exe
  C:\Windows\System\DEoWufx.exe
  2⤵
  PID:6036
- C:\Windows\System\dTKWWss.exe
  C:\Windows\System\dTKWWss.exe
  2⤵
  PID:6056
- C:\Windows\System\dAirgJi.exe
  C:\Windows\System\dAirgJi.exe
  2⤵
  PID:4248
- C:\Windows\System\eGYFQJX.exe
  C:\Windows\System\eGYFQJX.exe
  2⤵
  PID:4476
- C:\Windows\System\SlGxORI.exe
  C:\Windows\System\SlGxORI.exe
  2⤵
  PID:5020
- C:\Windows\System\OVYRnyl.exe
  C:\Windows\System\OVYRnyl.exe
  2⤵
  PID:5072
- C:\Windows\System\tbrgFpF.exe
  C:\Windows\System\tbrgFpF.exe
  2⤵
  PID:4180
- C:\Windows\System\vLhRFQu.exe
  C:\Windows\System\vLhRFQu.exe
  2⤵
  PID:5124
- C:\Windows\System\lifiqdH.exe
  C:\Windows\System\lifiqdH.exe
  2⤵
  PID:2788
- C:\Windows\System\LzhKssQ.exe
  C:\Windows\System\LzhKssQ.exe
  2⤵
  PID:5196
- C:\Windows\System\VDimGiU.exe
  C:\Windows\System\VDimGiU.exe
  2⤵
  PID:5212
- C:\Windows\System\GkznAPR.exe
  C:\Windows\System\GkznAPR.exe
  2⤵
  PID:5260
- C:\Windows\System\DBHGXqB.exe
  C:\Windows\System\DBHGXqB.exe
  2⤵
  PID:5356
- C:\Windows\System\zgShDYs.exe
  C:\Windows\System\zgShDYs.exe
  2⤵
  PID:5392
- C:\Windows\System\Mgsidgf.exe
  C:\Windows\System\Mgsidgf.exe
  2⤵
  PID:5396
- C:\Windows\System\CKTSshu.exe
  C:\Windows\System\CKTSshu.exe
  2⤵
  PID:5448
- C:\Windows\System\nTbhKlA.exe
  C:\Windows\System\nTbhKlA.exe
  2⤵
  PID:5476
- C:\Windows\System\wSAlMQB.exe
  C:\Windows\System\wSAlMQB.exe
  2⤵
  PID:5640
- C:\Windows\System\BvCkMMw.exe
  C:\Windows\System\BvCkMMw.exe
  2⤵
  PID:5736
- C:\Windows\System\khnGTCr.exe
  C:\Windows\System\khnGTCr.exe
  2⤵
  PID:5744
- C:\Windows\System\pRWLrDN.exe
  C:\Windows\System\pRWLrDN.exe
  2⤵
  PID:5976
- C:\Windows\System\GXQIOJz.exe
  C:\Windows\System\GXQIOJz.exe
  2⤵
  PID:6012
- C:\Windows\System\QgrwFBY.exe
  C:\Windows\System\QgrwFBY.exe
  2⤵
  PID:5508
- C:\Windows\System\bdNXiVq.exe
  C:\Windows\System\bdNXiVq.exe
  2⤵
  PID:5588
- C:\Windows\System\qCjNuVS.exe
  C:\Windows\System\qCjNuVS.exe
  2⤵
  PID:5696
- C:\Windows\System\BFHxglF.exe
  C:\Windows\System\BFHxglF.exe
  2⤵
  PID:5712
- C:\Windows\System\ERqPbEd.exe
  C:\Windows\System\ERqPbEd.exe
  2⤵
  PID:5808
- C:\Windows\System\xeCAvSP.exe
  C:\Windows\System\xeCAvSP.exe
  2⤵
  PID:6092
- C:\Windows\System\WLdtOSv.exe
  C:\Windows\System\WLdtOSv.exe
  2⤵
  PID:2032
- C:\Windows\System\aZZACdP.exe
  C:\Windows\System\aZZACdP.exe
  2⤵
  PID:5896
- C:\Windows\System\aHKNYEJ.exe
  C:\Windows\System\aHKNYEJ.exe
  2⤵
  PID:6032
- C:\Windows\System\iwRVREC.exe
  C:\Windows\System\iwRVREC.exe
  2⤵
  PID:6060
- C:\Windows\System\PXirjrY.exe
  C:\Windows\System\PXirjrY.exe
  2⤵
  PID:1728
- C:\Windows\System\igSYysf.exe
  C:\Windows\System\igSYysf.exe
  2⤵
  PID:6112
- C:\Windows\System\JVFSuZm.exe
  C:\Windows\System\JVFSuZm.exe
  2⤵
  PID:4864
- C:\Windows\System\qDIaoHL.exe
  C:\Windows\System\qDIaoHL.exe
  2⤵
  PID:2648
- C:\Windows\System\qhNysDB.exe
  C:\Windows\System\qhNysDB.exe
  2⤵
  PID:4732
- C:\Windows\System\drOtQFI.exe
  C:\Windows\System\drOtQFI.exe
  2⤵
  PID:5264
- C:\Windows\System\SvmBMst.exe
  C:\Windows\System\SvmBMst.exe
  2⤵
  PID:5216
- C:\Windows\System\AZpRXWY.exe
  C:\Windows\System\AZpRXWY.exe
  2⤵
  PID:5300
- C:\Windows\System\UbVlxWB.exe
  C:\Windows\System\UbVlxWB.exe
  2⤵
  PID:5608
- C:\Windows\System\FFLEEUZ.exe
  C:\Windows\System\FFLEEUZ.exe
  2⤵
  PID:5672
- C:\Windows\System\iuNgeXK.exe
  C:\Windows\System\iuNgeXK.exe
  2⤵
  PID:5756
- C:\Windows\System\rNnopGC.exe
  C:\Windows\System\rNnopGC.exe
  2⤵
  PID:5972
- C:\Windows\System\kifVjtc.exe
  C:\Windows\System\kifVjtc.exe
  2⤵
  PID:6016
- C:\Windows\System\YhrJnDl.exe
  C:\Windows\System\YhrJnDl.exe
  2⤵
  PID:5688
- C:\Windows\System\rURSabD.exe
  C:\Windows\System\rURSabD.exe
  2⤵
  PID:5704
- C:\Windows\System\BxuXZRJ.exe
  C:\Windows\System\BxuXZRJ.exe
  2⤵
  PID:5856
- C:\Windows\System\cAJimEa.exe
  C:\Windows\System\cAJimEa.exe
  2⤵
  PID:1540
- C:\Windows\System\LOhKMws.exe
  C:\Windows\System\LOhKMws.exe
  2⤵
  PID:5948
- C:\Windows\System\zsPHSEm.exe
  C:\Windows\System\zsPHSEm.exe
  2⤵
  PID:6048
- C:\Windows\System\PqUHMoW.exe
  C:\Windows\System\PqUHMoW.exe
  2⤵
  PID:6116
- C:\Windows\System\HlrKZiM.exe
  C:\Windows\System\HlrKZiM.exe
  2⤵
  PID:5180
- C:\Windows\System\BpbGRJD.exe
  C:\Windows\System\BpbGRJD.exe
  2⤵
  PID:5208
- C:\Windows\System\HbqHgRB.exe
  C:\Windows\System\HbqHgRB.exe
  2⤵
  PID:5380
- C:\Windows\System\nnUCGJA.exe
  C:\Windows\System\nnUCGJA.exe
  2⤵
  PID:5400
- C:\Windows\System\ImStDea.exe
  C:\Windows\System\ImStDea.exe
  2⤵
  PID:5612
- C:\Windows\System\advxiEn.exe
  C:\Windows\System\advxiEn.exe
  2⤵
  PID:5836
- C:\Windows\System\FyBeNmj.exe
  C:\Windows\System\FyBeNmj.exe
  2⤵
  PID:6160
- C:\Windows\System\nhEzxgP.exe
  C:\Windows\System\nhEzxgP.exe
  2⤵
  PID:6180
- C:\Windows\System\xKreiJI.exe
  C:\Windows\System\xKreiJI.exe
  2⤵
  PID:6200
- C:\Windows\System\LPWjzRA.exe
  C:\Windows\System\LPWjzRA.exe
  2⤵
  PID:6220
- C:\Windows\System\fXDBEwJ.exe
  C:\Windows\System\fXDBEwJ.exe
  2⤵
  PID:6244
- C:\Windows\System\xfRAtSM.exe
  C:\Windows\System\xfRAtSM.exe
  2⤵
  PID:6264
- C:\Windows\System\iwggbjS.exe
  C:\Windows\System\iwggbjS.exe
  2⤵
  PID:6284
- C:\Windows\System\ORiiBLy.exe
  C:\Windows\System\ORiiBLy.exe
  2⤵
  PID:6304
- C:\Windows\System\TsQqLkZ.exe
  C:\Windows\System\TsQqLkZ.exe
  2⤵
  PID:6324
- C:\Windows\System\tNvYzDx.exe
  C:\Windows\System\tNvYzDx.exe
  2⤵
  PID:6344
- C:\Windows\System\VaFtyhr.exe
  C:\Windows\System\VaFtyhr.exe
  2⤵
  PID:6364
- C:\Windows\System\YAlwYco.exe
  C:\Windows\System\YAlwYco.exe
  2⤵
  PID:6384
- C:\Windows\System\JfoVHCS.exe
  C:\Windows\System\JfoVHCS.exe
  2⤵
  PID:6404
- C:\Windows\System\MsxzhMD.exe
  C:\Windows\System\MsxzhMD.exe
  2⤵
  PID:6424
- C:\Windows\System\zMLpUdM.exe
  C:\Windows\System\zMLpUdM.exe
  2⤵
  PID:6444
- C:\Windows\System\xmzlmtI.exe
  C:\Windows\System\xmzlmtI.exe
  2⤵
  PID:6464
- C:\Windows\System\UxHqgUL.exe
  C:\Windows\System\UxHqgUL.exe
  2⤵
  PID:6484
- C:\Windows\System\NqruGVE.exe
  C:\Windows\System\NqruGVE.exe
  2⤵
  PID:6504
- C:\Windows\System\yZoBsmy.exe
  C:\Windows\System\yZoBsmy.exe
  2⤵
  PID:6524
- C:\Windows\System\jrgaxBV.exe
  C:\Windows\System\jrgaxBV.exe
  2⤵
  PID:6544
- C:\Windows\System\gAeBRPZ.exe
  C:\Windows\System\gAeBRPZ.exe
  2⤵
  PID:6564
- C:\Windows\System\zxhfKFC.exe
  C:\Windows\System\zxhfKFC.exe
  2⤵
  PID:6584
- C:\Windows\System\VmXsqXd.exe
  C:\Windows\System\VmXsqXd.exe
  2⤵
  PID:6604
- C:\Windows\System\zvfMpFK.exe
  C:\Windows\System\zvfMpFK.exe
  2⤵
  PID:6624
- C:\Windows\System\RYGPsXu.exe
  C:\Windows\System\RYGPsXu.exe
  2⤵
  PID:6644
- C:\Windows\System\blnSDrn.exe
  C:\Windows\System\blnSDrn.exe
  2⤵
  PID:6664
- C:\Windows\System\tNKGwAJ.exe
  C:\Windows\System\tNKGwAJ.exe
  2⤵
  PID:6684
- C:\Windows\System\qfoNRPe.exe
  C:\Windows\System\qfoNRPe.exe
  2⤵
  PID:6704
- C:\Windows\System\OYaIJAt.exe
  C:\Windows\System\OYaIJAt.exe
  2⤵
  PID:6724
- C:\Windows\System\PVIwGbk.exe
  C:\Windows\System\PVIwGbk.exe
  2⤵
  PID:6744
- C:\Windows\System\bVoWlkN.exe
  C:\Windows\System\bVoWlkN.exe
  2⤵
  PID:6764
- C:\Windows\System\QCXWUun.exe
  C:\Windows\System\QCXWUun.exe
  2⤵
  PID:6784
- C:\Windows\System\IiYLuwG.exe
  C:\Windows\System\IiYLuwG.exe
  2⤵
  PID:6804
- C:\Windows\System\lyQdCYl.exe
  C:\Windows\System\lyQdCYl.exe
  2⤵
  PID:6820
- C:\Windows\System\OQMJwNO.exe
  C:\Windows\System\OQMJwNO.exe
  2⤵
  PID:6844
- C:\Windows\System\jlpddMy.exe
  C:\Windows\System\jlpddMy.exe
  2⤵
  PID:6864
- C:\Windows\System\rlNLNXC.exe
  C:\Windows\System\rlNLNXC.exe
  2⤵
  PID:6884
- C:\Windows\System\qHEBniQ.exe
  C:\Windows\System\qHEBniQ.exe
  2⤵
  PID:6904
- C:\Windows\System\xYAJAac.exe
  C:\Windows\System\xYAJAac.exe
  2⤵
  PID:6924
- C:\Windows\System\RaiwjQG.exe
  C:\Windows\System\RaiwjQG.exe
  2⤵
  PID:6944
- C:\Windows\System\MsmrKEE.exe
  C:\Windows\System\MsmrKEE.exe
  2⤵
  PID:6964
- C:\Windows\System\KPPlmOq.exe
  C:\Windows\System\KPPlmOq.exe
  2⤵
  PID:6984
- C:\Windows\System\UrlKoYW.exe
  C:\Windows\System\UrlKoYW.exe
  2⤵
  PID:7004
- C:\Windows\System\amzWkxJ.exe
  C:\Windows\System\amzWkxJ.exe
  2⤵
  PID:7020
- C:\Windows\System\LLmqkTP.exe
  C:\Windows\System\LLmqkTP.exe
  2⤵
  PID:7048
- C:\Windows\System\edUfJnF.exe
  C:\Windows\System\edUfJnF.exe
  2⤵
  PID:7068
- C:\Windows\System\jxFOKDL.exe
  C:\Windows\System\jxFOKDL.exe
  2⤵
  PID:7088
- C:\Windows\System\SWKlTob.exe
  C:\Windows\System\SWKlTob.exe
  2⤵
  PID:7108
- C:\Windows\System\PUnObAH.exe
  C:\Windows\System\PUnObAH.exe
  2⤵
  PID:7128
- C:\Windows\System\qdtVAqM.exe
  C:\Windows\System\qdtVAqM.exe
  2⤵
  PID:7148
- C:\Windows\System\fpWIheV.exe
  C:\Windows\System\fpWIheV.exe
  2⤵
  PID:5996
- C:\Windows\System\xjDldTB.exe
  C:\Windows\System\xjDldTB.exe
  2⤵
  PID:5540
- C:\Windows\System\OOpvKME.exe
  C:\Windows\System\OOpvKME.exe
  2⤵
  PID:5776
- C:\Windows\System\ElAhKOD.exe
  C:\Windows\System\ElAhKOD.exe
  2⤵
  PID:5796
- C:\Windows\System\NqXUWaS.exe
  C:\Windows\System\NqXUWaS.exe
  2⤵
  PID:1612
- C:\Windows\System\vfbFIiK.exe
  C:\Windows\System\vfbFIiK.exe
  2⤵
  PID:4880
- C:\Windows\System\rziCzjo.exe
  C:\Windows\System\rziCzjo.exe
  2⤵
  PID:320
- C:\Windows\System\HHoHyTm.exe
  C:\Windows\System\HHoHyTm.exe
  2⤵
  PID:5152
- C:\Windows\System\ZWIvQRu.exe
  C:\Windows\System\ZWIvQRu.exe
  2⤵
  PID:5556
- C:\Windows\System\URsFwJQ.exe
  C:\Windows\System\URsFwJQ.exe
  2⤵
  PID:6148
- C:\Windows\System\haZwPFP.exe
  C:\Windows\System\haZwPFP.exe
  2⤵
  PID:6168
- C:\Windows\System\MGemfOC.exe
  C:\Windows\System\MGemfOC.exe
  2⤵
  PID:6172
- C:\Windows\System\LRfyofZ.exe
  C:\Windows\System\LRfyofZ.exe
  2⤵
  PID:2880
- C:\Windows\System\QUosysc.exe
  C:\Windows\System\QUosysc.exe
  2⤵
  PID:6280
- C:\Windows\System\mkUTPEN.exe
  C:\Windows\System\mkUTPEN.exe
  2⤵
  PID:6312
- C:\Windows\System\ibIXRNj.exe
  C:\Windows\System\ibIXRNj.exe
  2⤵
  PID:6296
- C:\Windows\System\piAxWVw.exe
  C:\Windows\System\piAxWVw.exe
  2⤵
  PID:6360
- C:\Windows\System\VOhPrdL.exe
  C:\Windows\System\VOhPrdL.exe
  2⤵
  PID:6400
- C:\Windows\System\uvppmmc.exe
  C:\Windows\System\uvppmmc.exe
  2⤵
  PID:6412
- C:\Windows\System\svNOvFH.exe
  C:\Windows\System\svNOvFH.exe
  2⤵
  PID:6440
- C:\Windows\System\njckwSp.exe
  C:\Windows\System\njckwSp.exe
  2⤵
  PID:6480
- C:\Windows\System\yTGmtLO.exe
  C:\Windows\System\yTGmtLO.exe
  2⤵
  PID:6512
- C:\Windows\System\yGTboEE.exe
  C:\Windows\System\yGTboEE.exe
  2⤵
  PID:6496
- C:\Windows\System\mZyTrrY.exe
  C:\Windows\System\mZyTrrY.exe
  2⤵
  PID:6532
- C:\Windows\System\mNlnVIt.exe
  C:\Windows\System\mNlnVIt.exe
  2⤵
  PID:6592
- C:\Windows\System\TkbvPrn.exe
  C:\Windows\System\TkbvPrn.exe
  2⤵
  PID:6596
- C:\Windows\System\jMkAdmB.exe
  C:\Windows\System\jMkAdmB.exe
  2⤵
  PID:6640
- C:\Windows\System\KziRXRP.exe
  C:\Windows\System\KziRXRP.exe
  2⤵
  PID:6652
- C:\Windows\System\fKGqfPT.exe
  C:\Windows\System\fKGqfPT.exe
  2⤵
  PID:6712
- C:\Windows\System\dxlNJEG.exe
  C:\Windows\System\dxlNJEG.exe
  2⤵
  PID:6716
- C:\Windows\System\UgytwmB.exe
  C:\Windows\System\UgytwmB.exe
  2⤵
  PID:6736
- C:\Windows\System\jBAOZcd.exe
  C:\Windows\System\jBAOZcd.exe
  2⤵
  PID:6780
- C:\Windows\System\ZcJjcXK.exe
  C:\Windows\System\ZcJjcXK.exe
  2⤵
  PID:6836
- C:\Windows\System\MoTdMuB.exe
  C:\Windows\System\MoTdMuB.exe
  2⤵
  PID:6832
- C:\Windows\System\KoLlyTR.exe
  C:\Windows\System\KoLlyTR.exe
  2⤵
  PID:6880
- C:\Windows\System\IvAWiNw.exe
  C:\Windows\System\IvAWiNw.exe
  2⤵
  PID:6956
- C:\Windows\System\xCzJrEp.exe
  C:\Windows\System\xCzJrEp.exe
  2⤵
  PID:6976
- C:\Windows\System\QgWRXLx.exe
  C:\Windows\System\QgWRXLx.exe
  2⤵
  PID:7012
- C:\Windows\System\ZqoJPdM.exe
  C:\Windows\System\ZqoJPdM.exe
  2⤵
  PID:7040
- C:\Windows\System\oefWzWo.exe
  C:\Windows\System\oefWzWo.exe
  2⤵
  PID:7056
- C:\Windows\System\xUEgXKO.exe
  C:\Windows\System\xUEgXKO.exe
  2⤵
  PID:7060
- C:\Windows\System\bVGtDyJ.exe
  C:\Windows\System\bVGtDyJ.exe
  2⤵
  PID:7104
- C:\Windows\System\efSKWRf.exe
  C:\Windows\System\efSKWRf.exe
  2⤵
  PID:7136
- C:\Windows\System\QfmgAwG.exe
  C:\Windows\System\QfmgAwG.exe
  2⤵
  PID:7144
- C:\Windows\System\MIcAgKh.exe
  C:\Windows\System\MIcAgKh.exe
  2⤵
  PID:536
- C:\Windows\System\lnTcwCj.exe
  C:\Windows\System\lnTcwCj.exe
  2⤵
  PID:5800
- C:\Windows\System\YZtmjBi.exe
  C:\Windows\System\YZtmjBi.exe
  2⤵
  PID:5812
- C:\Windows\System\sqSjCjl.exe
  C:\Windows\System\sqSjCjl.exe
  2⤵
  PID:4184
- C:\Windows\System\OjUAmsl.exe
  C:\Windows\System\OjUAmsl.exe
  2⤵
  PID:2220
- C:\Windows\System\SeehaIt.exe
  C:\Windows\System\SeehaIt.exe
  2⤵
  PID:5480
- C:\Windows\System\eHtBHAY.exe
  C:\Windows\System\eHtBHAY.exe
  2⤵
  PID:5360
- C:\Windows\System\ofYUkgx.exe
  C:\Windows\System\ofYUkgx.exe
  2⤵
  PID:5624
- C:\Windows\System\ORePDLa.exe
  C:\Windows\System\ORePDLa.exe
  2⤵
  PID:6236
- C:\Windows\System\ZYKpOGq.exe
  C:\Windows\System\ZYKpOGq.exe
  2⤵
  PID:1504
- C:\Windows\System\PRUIBcX.exe
  C:\Windows\System\PRUIBcX.exe
  2⤵
  PID:6380
- C:\Windows\System\BbCRASv.exe
  C:\Windows\System\BbCRASv.exe
  2⤵
  PID:2620
- C:\Windows\System\yniGWeW.exe
  C:\Windows\System\yniGWeW.exe
  2⤵
  PID:2456
- C:\Windows\System\vgiKyOt.exe
  C:\Windows\System\vgiKyOt.exe
  2⤵
  PID:6572
- C:\Windows\System\iQidtXb.exe
  C:\Windows\System\iQidtXb.exe
  2⤵
  PID:2044
- C:\Windows\System\sLvsJPq.exe
  C:\Windows\System\sLvsJPq.exe
  2⤵
  PID:6692
- C:\Windows\System\xTAPIWT.exe
  C:\Windows\System\xTAPIWT.exe
  2⤵
  PID:6732
- C:\Windows\System\mrSIuis.exe
  C:\Windows\System\mrSIuis.exe
  2⤵
  PID:6600
- C:\Windows\System\WlTafsv.exe
  C:\Windows\System\WlTafsv.exe
  2⤵
  PID:864
- C:\Windows\System\oRnQDZg.exe
  C:\Windows\System\oRnQDZg.exe
  2⤵
  PID:6620
- C:\Windows\System\OHWFmml.exe
  C:\Windows\System\OHWFmml.exe
  2⤵
  PID:2428
- C:\Windows\System\SbBsKEN.exe
  C:\Windows\System\SbBsKEN.exe
  2⤵
  PID:6812
- C:\Windows\System\AEYCkcy.exe
  C:\Windows\System\AEYCkcy.exe
  2⤵
  PID:6980
- C:\Windows\System\jXcyqAr.exe
  C:\Windows\System\jXcyqAr.exe
  2⤵
  PID:1668
- C:\Windows\System\MjongCE.exe
  C:\Windows\System\MjongCE.exe
  2⤵
  PID:2828
- C:\Windows\System\xEmagFS.exe
  C:\Windows\System\xEmagFS.exe
  2⤵
  PID:768
- C:\Windows\System\sxbUgJN.exe
  C:\Windows\System\sxbUgJN.exe
  2⤵
  PID:7116
- C:\Windows\System\BwooFvw.exe
  C:\Windows\System\BwooFvw.exe
  2⤵
  PID:7164
- C:\Windows\System\baDuHdg.exe
  C:\Windows\System\baDuHdg.exe
  2⤵
  PID:2352
- C:\Windows\System\zgKWBOV.exe
  C:\Windows\System\zgKWBOV.exe
  2⤵
  PID:6316
- C:\Windows\System\bygiubi.exe
  C:\Windows\System\bygiubi.exe
  2⤵
  PID:1640
- C:\Windows\System\ZzruyQY.exe
  C:\Windows\System\ZzruyQY.exe
  2⤵
  PID:2940
- C:\Windows\System\tcLpOGW.exe
  C:\Windows\System\tcLpOGW.exe
  2⤵
  PID:6632
- C:\Windows\System\BbKtXLT.exe
  C:\Windows\System\BbKtXLT.exe
  2⤵
  PID:2616
- C:\Windows\System\BklAzmH.exe
  C:\Windows\System\BklAzmH.exe
  2⤵
  PID:1672
- C:\Windows\System\MhEXSoB.exe
  C:\Windows\System\MhEXSoB.exe
  2⤵
  PID:6212
- C:\Windows\System\BYrUkgD.exe
  C:\Windows\System\BYrUkgD.exe
  2⤵
  PID:2504
- C:\Windows\System\HydzypO.exe
  C:\Windows\System\HydzypO.exe
  2⤵
  PID:6552
- C:\Windows\System\FoRuhaN.exe
  C:\Windows\System\FoRuhaN.exe
  2⤵
  PID:6772
- C:\Windows\System\soqvvZp.exe
  C:\Windows\System\soqvvZp.exe
  2⤵
  PID:2564
- C:\Windows\System\TyLJLid.exe
  C:\Windows\System\TyLJLid.exe
  2⤵
  PID:7000
- C:\Windows\System\stCwtDz.exe
  C:\Windows\System\stCwtDz.exe
  2⤵
  PID:7120
- C:\Windows\System\OOAwUoK.exe
  C:\Windows\System\OOAwUoK.exe
  2⤵
  PID:5564
- C:\Windows\System\rptEQIV.exe
  C:\Windows\System\rptEQIV.exe
  2⤵
  PID:2972
- C:\Windows\System\yKTwOcQ.exe
  C:\Windows\System\yKTwOcQ.exe
  2⤵
  PID:6336
- C:\Windows\System\qaaAJBV.exe
  C:\Windows\System\qaaAJBV.exe
  2⤵
  PID:6416
- C:\Windows\System\oIAzJPF.exe
  C:\Windows\System\oIAzJPF.exe
  2⤵
  PID:2876
- C:\Windows\System\kkodFmU.exe
  C:\Windows\System\kkodFmU.exe
  2⤵
  PID:6228
- C:\Windows\System\WICwPro.exe
  C:\Windows\System\WICwPro.exe
  2⤵
  PID:2944
- C:\Windows\System\coCepVN.exe
  C:\Windows\System\coCepVN.exe
  2⤵
  PID:6240
- C:\Windows\System\FiLkHtD.exe
  C:\Windows\System\FiLkHtD.exe
  2⤵
  PID:6272
- C:\Windows\System\wnPfBhQ.exe
  C:\Windows\System\wnPfBhQ.exe
  2⤵
  PID:6252
- C:\Windows\System\cBhEKzK.exe
  C:\Windows\System\cBhEKzK.exe
  2⤵
  PID:6616
- C:\Windows\System\iYPoTXR.exe
  C:\Windows\System\iYPoTXR.exe
  2⤵
  PID:6500
- C:\Windows\System\TYTaEKb.exe
  C:\Windows\System\TYTaEKb.exe
  2⤵
  PID:5952
- C:\Windows\System\eCkxtNn.exe
  C:\Windows\System\eCkxtNn.exe
  2⤵
  PID:4960
- C:\Windows\System\TNjitXZ.exe
  C:\Windows\System\TNjitXZ.exe
  2⤵
  PID:592
- C:\Windows\System\QisWuIC.exe
  C:\Windows\System\QisWuIC.exe
  2⤵
  PID:1532
- C:\Windows\System\CzHipYp.exe
  C:\Windows\System\CzHipYp.exe
  2⤵
  PID:6372
- C:\Windows\System\wjHAkoO.exe
  C:\Windows\System\wjHAkoO.exe
  2⤵
  PID:2612
- C:\Windows\System\KNXNFkS.exe
  C:\Windows\System\KNXNFkS.exe
  2⤵
  PID:7188
- C:\Windows\System\ooxUgJY.exe
  C:\Windows\System\ooxUgJY.exe
  2⤵
  PID:7208
- C:\Windows\System\MfVEfFD.exe
  C:\Windows\System\MfVEfFD.exe
  2⤵
  PID:7228
- C:\Windows\System\CGdUlGP.exe
  C:\Windows\System\CGdUlGP.exe
  2⤵
  PID:7248
- C:\Windows\System\KvIAgmn.exe
  C:\Windows\System\KvIAgmn.exe
  2⤵
  PID:7272
- C:\Windows\System\wAKzZnd.exe
  C:\Windows\System\wAKzZnd.exe
  2⤵
  PID:7288
- C:\Windows\System\hSuYnRy.exe
  C:\Windows\System\hSuYnRy.exe
  2⤵
  PID:7308
- C:\Windows\System\uPQqTty.exe
  C:\Windows\System\uPQqTty.exe
  2⤵
  PID:7328
- C:\Windows\System\yYuJaAQ.exe
  C:\Windows\System\yYuJaAQ.exe
  2⤵
  PID:7352
- C:\Windows\System\VCZlnAw.exe
  C:\Windows\System\VCZlnAw.exe
  2⤵
  PID:7372
- C:\Windows\System\sRTtGbs.exe
  C:\Windows\System\sRTtGbs.exe
  2⤵
  PID:7392
- C:\Windows\System\laSGcap.exe
  C:\Windows\System\laSGcap.exe
  2⤵
  PID:7412
- C:\Windows\System\aarbRah.exe
  C:\Windows\System\aarbRah.exe
  2⤵
  PID:7428
- C:\Windows\System\JTFQkOs.exe
  C:\Windows\System\JTFQkOs.exe
  2⤵
  PID:7448
- C:\Windows\System\LYUpWMR.exe
  C:\Windows\System\LYUpWMR.exe
  2⤵
  PID:7464
- C:\Windows\System\PbwOwRN.exe
  C:\Windows\System\PbwOwRN.exe
  2⤵
  PID:7480
- C:\Windows\System\VJBdeMq.exe
  C:\Windows\System\VJBdeMq.exe
  2⤵
  PID:7496
- C:\Windows\System\EXvxHKy.exe
  C:\Windows\System\EXvxHKy.exe
  2⤵
  PID:7512
- C:\Windows\System\tkaBLeU.exe
  C:\Windows\System\tkaBLeU.exe
  2⤵
  PID:7532
- C:\Windows\System\ijlArIu.exe
  C:\Windows\System\ijlArIu.exe
  2⤵
  PID:7552
- C:\Windows\System\iRbSCPY.exe
  C:\Windows\System\iRbSCPY.exe
  2⤵
  PID:7568
- C:\Windows\System\UQpvemS.exe
  C:\Windows\System\UQpvemS.exe
  2⤵
  PID:7588
- C:\Windows\System\NnECxBD.exe
  C:\Windows\System\NnECxBD.exe
  2⤵
  PID:7680
- C:\Windows\System\ctpvPRZ.exe
  C:\Windows\System\ctpvPRZ.exe
  2⤵
  PID:7704
- C:\Windows\System\WWhuqfM.exe
  C:\Windows\System\WWhuqfM.exe
  2⤵
  PID:7720
- C:\Windows\System\oltqKdc.exe
  C:\Windows\System\oltqKdc.exe
  2⤵
  PID:7736
- C:\Windows\System\kfymyuv.exe
  C:\Windows\System\kfymyuv.exe
  2⤵
  PID:7752
- C:\Windows\System\LLNqkSk.exe
  C:\Windows\System\LLNqkSk.exe
  2⤵
  PID:7768
- C:\Windows\System\SQqeaYU.exe
  C:\Windows\System\SQqeaYU.exe
  2⤵
  PID:7784
- C:\Windows\System\CSMIBPs.exe
  C:\Windows\System\CSMIBPs.exe
  2⤵
  PID:7800
- C:\Windows\System\RcBsXMG.exe
  C:\Windows\System\RcBsXMG.exe
  2⤵
  PID:7816
- C:\Windows\System\bhkqplT.exe
  C:\Windows\System\bhkqplT.exe
  2⤵
  PID:7832
- C:\Windows\System\WoPdAJm.exe
  C:\Windows\System\WoPdAJm.exe
  2⤵
  PID:7848
- C:\Windows\System\bByLdyZ.exe
  C:\Windows\System\bByLdyZ.exe
  2⤵
  PID:7868
- C:\Windows\System\PtvFqnD.exe
  C:\Windows\System\PtvFqnD.exe
  2⤵
  PID:7888
- C:\Windows\System\DmBNsaV.exe
  C:\Windows\System\DmBNsaV.exe
  2⤵
  PID:7908
- C:\Windows\System\lgvxojZ.exe
  C:\Windows\System\lgvxojZ.exe
  2⤵
  PID:7928
- C:\Windows\System\cGLvwjw.exe
  C:\Windows\System\cGLvwjw.exe
  2⤵
  PID:7944
- C:\Windows\System\UPITGNN.exe
  C:\Windows\System\UPITGNN.exe
  2⤵
  PID:7960
- C:\Windows\System\lbTdjIJ.exe
  C:\Windows\System\lbTdjIJ.exe
  2⤵
  PID:7980
- C:\Windows\System\GxwpikB.exe
  C:\Windows\System\GxwpikB.exe
  2⤵
  PID:8000
- C:\Windows\System\OlzOcBY.exe
  C:\Windows\System\OlzOcBY.exe
  2⤵
  PID:8020
- C:\Windows\System\eYqFkYk.exe
  C:\Windows\System\eYqFkYk.exe
  2⤵
  PID:8040
- C:\Windows\System\kYNXKtE.exe
  C:\Windows\System\kYNXKtE.exe
  2⤵
  PID:8060
- C:\Windows\System\yGCAKEY.exe
  C:\Windows\System\yGCAKEY.exe
  2⤵
  PID:8080
- C:\Windows\System\kQNgOUq.exe
  C:\Windows\System\kQNgOUq.exe
  2⤵
  PID:8096
- C:\Windows\System\uwzriEw.exe
  C:\Windows\System\uwzriEw.exe
  2⤵
  PID:8116
- C:\Windows\System\tVnxecU.exe
  C:\Windows\System\tVnxecU.exe
  2⤵
  PID:8132
- C:\Windows\System\kWThOsR.exe
  C:\Windows\System\kWThOsR.exe
  2⤵
  PID:8148
- C:\Windows\System\yOzlSED.exe
  C:\Windows\System\yOzlSED.exe
  2⤵
  PID:8164
- C:\Windows\System\cNskdXb.exe
  C:\Windows\System\cNskdXb.exe
  2⤵
  PID:8180
- C:\Windows\System\vMFJNCc.exe
  C:\Windows\System\vMFJNCc.exe
  2⤵
  PID:6740
- C:\Windows\System\EeQHvKS.exe
  C:\Windows\System\EeQHvKS.exe
  2⤵
  PID:2332
- C:\Windows\System\WEvgiIa.exe
  C:\Windows\System\WEvgiIa.exe
  2⤵
  PID:2212
- C:\Windows\System\WmFFBvd.exe
  C:\Windows\System\WmFFBvd.exe
  2⤵
  PID:6208
- C:\Windows\System\zBLFVUw.exe
  C:\Windows\System\zBLFVUw.exe
  2⤵
  PID:1148
- C:\Windows\System\goWEbEF.exe
  C:\Windows\System\goWEbEF.exe
  2⤵
  PID:6452
- C:\Windows\System\gJBGAEk.exe
  C:\Windows\System\gJBGAEk.exe
  2⤵
  PID:7320
- C:\Windows\System\zkchmrq.exe
  C:\Windows\System\zkchmrq.exe
  2⤵
  PID:7368
- C:\Windows\System\gTDyGhF.exe
  C:\Windows\System\gTDyGhF.exe
  2⤵
  PID:7444
- C:\Windows\System\JxusXwA.exe
  C:\Windows\System\JxusXwA.exe
  2⤵
  PID:7064
- C:\Windows\System\yjmEtmo.exe
  C:\Windows\System\yjmEtmo.exe
  2⤵
  PID:7584
- C:\Windows\System\kyMjNLe.exe
  C:\Windows\System\kyMjNLe.exe
  2⤵
  PID:816
- C:\Windows\System\CgWrabS.exe
  C:\Windows\System\CgWrabS.exe
  2⤵
  PID:7420
- C:\Windows\System\obxplWa.exe
  C:\Windows\System\obxplWa.exe
  2⤵
  PID:7520
- C:\Windows\System\zmBfjTa.exe
  C:\Windows\System\zmBfjTa.exe
  2⤵
  PID:4492
- C:\Windows\System\mCHgNyd.exe
  C:\Windows\System\mCHgNyd.exe
  2⤵
  PID:7184
- C:\Windows\System\oUCikMY.exe
  C:\Windows\System\oUCikMY.exe
  2⤵
  PID:7256
- C:\Windows\System\kqIAZQy.exe
  C:\Windows\System\kqIAZQy.exe
  2⤵
  PID:7300
- C:\Windows\System\DhofDTw.exe
  C:\Windows\System\DhofDTw.exe
  2⤵
  PID:7348
- C:\Windows\System\qyGppOp.exe
  C:\Windows\System\qyGppOp.exe
  2⤵
  PID:7456
- C:\Windows\System\KPGXJBM.exe
  C:\Windows\System\KPGXJBM.exe
  2⤵
  PID:7672
- C:\Windows\System\UDpyMUC.exe
  C:\Windows\System\UDpyMUC.exe
  2⤵
  PID:7616
- C:\Windows\System\gomvVoq.exe
  C:\Windows\System\gomvVoq.exe
  2⤵
  PID:7728
- C:\Windows\System\AsVetBh.exe
  C:\Windows\System\AsVetBh.exe
  2⤵
  PID:7760
- C:\Windows\System\QrmwSUl.exe
  C:\Windows\System\QrmwSUl.exe
  2⤵
  PID:8048
- C:\Windows\System\gkUQBgm.exe
  C:\Windows\System\gkUQBgm.exe
  2⤵
  PID:8092
- C:\Windows\System\PVcQEks.exe
  C:\Windows\System\PVcQEks.exe
  2⤵
  PID:8160
- C:\Windows\System\EmxwWUL.exe
  C:\Windows\System\EmxwWUL.exe
  2⤵
  PID:6792
- C:\Windows\System\rruxDKI.exe
  C:\Windows\System\rruxDKI.exe
  2⤵
  PID:7284
- C:\Windows\System\NpKftmy.exe
  C:\Windows\System\NpKftmy.exe
  2⤵
  PID:7440
- C:\Windows\System\vUpsDTm.exe
  C:\Windows\System\vUpsDTm.exe
  2⤵
  PID:7296
- C:\Windows\System\WVSSFjT.exe
  C:\Windows\System\WVSSFjT.exe
  2⤵
  PID:7808
- C:\Windows\System\ymcfNVi.exe
  C:\Windows\System\ymcfNVi.exe
  2⤵
  PID:7344
- C:\Windows\System\lnudcbj.exe
  C:\Windows\System\lnudcbj.exe
  2⤵
  PID:7716
- C:\Windows\System\GOTQrox.exe
  C:\Windows\System\GOTQrox.exe
  2⤵
  PID:7796
- C:\Windows\System\EcrtaxG.exe
  C:\Windows\System\EcrtaxG.exe
  2⤵
  PID:7648
- C:\Windows\System\XOGAQTU.exe
  C:\Windows\System\XOGAQTU.exe
  2⤵
  PID:7656
- C:\Windows\System\voZqwbo.exe
  C:\Windows\System\voZqwbo.exe
  2⤵
  PID:7968
- C:\Windows\System\zqijpas.exe
  C:\Windows\System\zqijpas.exe
  2⤵
  PID:7676
- C:\Windows\System\bFYrAGE.exe
  C:\Windows\System\bFYrAGE.exe
  2⤵
  PID:8008
- C:\Windows\System\gqchQJM.exe
  C:\Windows\System\gqchQJM.exe
  2⤵
  PID:7988
- C:\Windows\System\PyyzEYN.exe
  C:\Windows\System\PyyzEYN.exe
  2⤵
  PID:6376
- C:\Windows\System\qrGPSvn.exe
  C:\Windows\System\qrGPSvn.exe
  2⤵
  PID:7096
- C:\Windows\System\fqhEEHn.exe
  C:\Windows\System\fqhEEHn.exe
  2⤵
  PID:7840
- C:\Windows\System\uijmJmc.exe
  C:\Windows\System\uijmJmc.exe
  2⤵
  PID:7924
- C:\Windows\System\CEBLEhY.exe
  C:\Windows\System\CEBLEhY.exe
  2⤵
  PID:8036
- C:\Windows\System\EMnfXjp.exe
  C:\Windows\System\EMnfXjp.exe
  2⤵
  PID:8144
- C:\Windows\System\ZRlKOJh.exe
  C:\Windows\System\ZRlKOJh.exe
  2⤵
  PID:6612
- C:\Windows\System\dDUrloZ.exe
  C:\Windows\System\dDUrloZ.exe
  2⤵
  PID:7364
- C:\Windows\System\nXTmfqh.exe
  C:\Windows\System\nXTmfqh.exe
  2⤵
  PID:6700
- C:\Windows\System\KufCeCe.exe
  C:\Windows\System\KufCeCe.exe
  2⤵
  PID:7180
- C:\Windows\System\kDYazYi.exe
  C:\Windows\System\kDYazYi.exe
  2⤵
  PID:7644
- C:\Windows\System\MazIlTj.exe
  C:\Windows\System\MazIlTj.exe
  2⤵
  PID:7632
- C:\Windows\System\kviCGoE.exe
  C:\Windows\System\kviCGoE.exe
  2⤵
  PID:8156
- C:\Windows\System\qWmYUNC.exe
  C:\Windows\System\qWmYUNC.exe
  2⤵
  PID:7712
- C:\Windows\System\mESYzNc.exe
  C:\Windows\System\mESYzNc.exe
  2⤵
  PID:7636
- C:\Windows\System\leimPaF.exe
  C:\Windows\System\leimPaF.exe
  2⤵
  PID:8088
- C:\Windows\System\vhdHiZv.exe
  C:\Windows\System\vhdHiZv.exe
  2⤵
  PID:6860
- C:\Windows\System\oaEgkzz.exe
  C:\Windows\System\oaEgkzz.exe
  2⤵
  PID:7992
- C:\Windows\System\kFTugIa.exe
  C:\Windows\System\kFTugIa.exe
  2⤵
  PID:8108
- C:\Windows\System\PpRosSV.exe
  C:\Windows\System\PpRosSV.exe
  2⤵
  PID:7972
- C:\Windows\System\WfopwYb.exe
  C:\Windows\System\WfopwYb.exe
  2⤵
  PID:8176
- C:\Windows\System\bROlNzZ.exe
  C:\Windows\System\bROlNzZ.exe
  2⤵
  PID:7780
- C:\Windows\System\yGbVphD.exe
  C:\Windows\System\yGbVphD.exe
  2⤵
  PID:7884
- C:\Windows\System\bhbLLzn.exe
  C:\Windows\System\bhbLLzn.exe
  2⤵
  PID:7324
- C:\Windows\System\osDfASR.exe
  C:\Windows\System\osDfASR.exe
  2⤵
  PID:7876
- C:\Windows\System\TfDfnuE.exe
  C:\Windows\System\TfDfnuE.exe
  2⤵
  PID:7204
- C:\Windows\System\MMYlVKS.exe
  C:\Windows\System\MMYlVKS.exe
  2⤵
  PID:7624
- C:\Windows\System\hQSYKOK.exe
  C:\Windows\System\hQSYKOK.exe
  2⤵
  PID:7856
- C:\Windows\System\ZwZHmNM.exe
  C:\Windows\System\ZwZHmNM.exe
  2⤵
  PID:7476
- C:\Windows\System\zJFPkhf.exe
  C:\Windows\System\zJFPkhf.exe
  2⤵
  PID:7576
- C:\Windows\System\JtUAJOL.exe
  C:\Windows\System\JtUAJOL.exe
  2⤵
  PID:8200
- C:\Windows\System\DnSniVX.exe
  C:\Windows\System\DnSniVX.exe
  2⤵
  PID:8216
- C:\Windows\System\ZsQouPA.exe
  C:\Windows\System\ZsQouPA.exe
  2⤵
  PID:8236
- C:\Windows\System\TJYUFTY.exe
  C:\Windows\System\TJYUFTY.exe
  2⤵
  PID:8256
- C:\Windows\System\KPrKIuC.exe
  C:\Windows\System\KPrKIuC.exe
  2⤵
  PID:8344
- C:\Windows\System\jexLsJY.exe
  C:\Windows\System\jexLsJY.exe
  2⤵
  PID:8364
- C:\Windows\System\isfNlox.exe
  C:\Windows\System\isfNlox.exe
  2⤵
  PID:8380
- C:\Windows\System\hGkYFab.exe
  C:\Windows\System\hGkYFab.exe
  2⤵
  PID:8400
- C:\Windows\System\yKFdwlM.exe
  C:\Windows\System\yKFdwlM.exe
  2⤵
  PID:8420
- C:\Windows\System\DwkbHOZ.exe
  C:\Windows\System\DwkbHOZ.exe
  2⤵
  PID:8436
- C:\Windows\System\IGThuAv.exe
  C:\Windows\System\IGThuAv.exe
  2⤵
  PID:8452
- C:\Windows\System\IDHtVNJ.exe
  C:\Windows\System\IDHtVNJ.exe
  2⤵
  PID:8484
- C:\Windows\System\kjbJWjt.exe
  C:\Windows\System\kjbJWjt.exe
  2⤵
  PID:8508
- C:\Windows\System\wkTAjjV.exe
  C:\Windows\System\wkTAjjV.exe
  2⤵
  PID:8524
- C:\Windows\System\etjHyft.exe
  C:\Windows\System\etjHyft.exe
  2⤵
  PID:8540
- C:\Windows\System\gYYhLEI.exe
  C:\Windows\System\gYYhLEI.exe
  2⤵
  PID:8556
- C:\Windows\System\vmPzBwt.exe
  C:\Windows\System\vmPzBwt.exe
  2⤵
  PID:8572
- C:\Windows\System\jOLcWqR.exe
  C:\Windows\System\jOLcWqR.exe
  2⤵
  PID:8588
- C:\Windows\System\UOVdJQo.exe
  C:\Windows\System\UOVdJQo.exe
  2⤵
  PID:8604
- C:\Windows\System\jcbgwRF.exe
  C:\Windows\System\jcbgwRF.exe
  2⤵
  PID:8620
- C:\Windows\System\hNAekEc.exe
  C:\Windows\System\hNAekEc.exe
  2⤵
  PID:8644
- C:\Windows\System\ODUwslR.exe
  C:\Windows\System\ODUwslR.exe
  2⤵
  PID:8676
- C:\Windows\System\eQwlDcR.exe
  C:\Windows\System\eQwlDcR.exe
  2⤵
  PID:8692
- C:\Windows\System\CMoFWUd.exe
  C:\Windows\System\CMoFWUd.exe
  2⤵
  PID:8708
- C:\Windows\System\VqplYeM.exe
  C:\Windows\System\VqplYeM.exe
  2⤵
  PID:8724
- C:\Windows\System\CmZNcWB.exe
  C:\Windows\System\CmZNcWB.exe
  2⤵
  PID:8740
- C:\Windows\System\GpgGwZs.exe
  C:\Windows\System\GpgGwZs.exe
  2⤵
  PID:8756
- C:\Windows\System\lXGhUNn.exe
  C:\Windows\System\lXGhUNn.exe
  2⤵
  PID:8772
- C:\Windows\System\EjUDRKx.exe
  C:\Windows\System\EjUDRKx.exe
  2⤵
  PID:8788
- C:\Windows\System\MavlBkV.exe
  C:\Windows\System\MavlBkV.exe
  2⤵
  PID:8804
- C:\Windows\System\EkaUpkn.exe
  C:\Windows\System\EkaUpkn.exe
  2⤵
  PID:8820
- C:\Windows\System\mhMgSvy.exe
  C:\Windows\System\mhMgSvy.exe
  2⤵
  PID:8836
- C:\Windows\System\hUKJXMo.exe
  C:\Windows\System\hUKJXMo.exe
  2⤵
  PID:8852
- C:\Windows\System\ZGxsIzj.exe
  C:\Windows\System\ZGxsIzj.exe
  2⤵
  PID:8868
- C:\Windows\System\mMfmHmc.exe
  C:\Windows\System\mMfmHmc.exe
  2⤵
  PID:8888
- C:\Windows\System\opMXltX.exe
  C:\Windows\System\opMXltX.exe
  2⤵
  PID:8904
- C:\Windows\System\tWOQUmj.exe
  C:\Windows\System\tWOQUmj.exe
  2⤵
  PID:8920
- C:\Windows\System\pPZztEn.exe
  C:\Windows\System\pPZztEn.exe
  2⤵
  PID:8936
- C:\Windows\System\LCckzNh.exe
  C:\Windows\System\LCckzNh.exe
  2⤵
  PID:8952
- C:\Windows\System\JdyWJkZ.exe
  C:\Windows\System\JdyWJkZ.exe
  2⤵
  PID:8968
- C:\Windows\System\WJDbfyx.exe
  C:\Windows\System\WJDbfyx.exe
  2⤵
  PID:8984
- C:\Windows\System\YSpUNSi.exe
  C:\Windows\System\YSpUNSi.exe
  2⤵
  PID:9000
- C:\Windows\System\hueMqHv.exe
  C:\Windows\System\hueMqHv.exe
  2⤵
  PID:9016
- C:\Windows\System\mtXygft.exe
  C:\Windows\System\mtXygft.exe
  2⤵
  PID:9032
- C:\Windows\System\IKmPkev.exe
  C:\Windows\System\IKmPkev.exe
  2⤵
  PID:9056
- C:\Windows\System\qoBYfxO.exe
  C:\Windows\System\qoBYfxO.exe
  2⤵
  PID:9072
- C:\Windows\System\SIKZofZ.exe
  C:\Windows\System\SIKZofZ.exe
  2⤵
  PID:9092
- C:\Windows\System\PJXCSWs.exe
  C:\Windows\System\PJXCSWs.exe
  2⤵
  PID:9108
- C:\Windows\System\khyoUfO.exe
  C:\Windows\System\khyoUfO.exe
  2⤵
  PID:9124
- C:\Windows\System\uCksPWj.exe
  C:\Windows\System\uCksPWj.exe
  2⤵
  PID:9140
- C:\Windows\System\rJznyEx.exe
  C:\Windows\System\rJznyEx.exe
  2⤵
  PID:9156
- C:\Windows\System\SJaNDJd.exe
  C:\Windows\System\SJaNDJd.exe
  2⤵
  PID:9188
- C:\Windows\System\tDtoPIf.exe
  C:\Windows\System\tDtoPIf.exe
  2⤵
  PID:9208
- C:\Windows\System\nebgDmr.exe
  C:\Windows\System\nebgDmr.exe
  2⤵
  PID:7956
- C:\Windows\System\cnPbhwE.exe
  C:\Windows\System\cnPbhwE.exe
  2⤵
  PID:8248
- C:\Windows\System\YmLUjma.exe
  C:\Windows\System\YmLUjma.exe
  2⤵
  PID:7436
- C:\Windows\System\DeGQeFd.exe
  C:\Windows\System\DeGQeFd.exe
  2⤵
  PID:8264
- C:\Windows\System\ndOdIsv.exe
  C:\Windows\System\ndOdIsv.exe
  2⤵
  PID:7540
- C:\Windows\System\HDhpuFb.exe
  C:\Windows\System\HDhpuFb.exe
  2⤵
  PID:7896
- C:\Windows\System\eGXLQpY.exe
  C:\Windows\System\eGXLQpY.exe
  2⤵
  PID:8172
- C:\Windows\System\SUiNsVf.exe
  C:\Windows\System\SUiNsVf.exe
  2⤵
  PID:8232
- C:\Windows\System\ayxocqS.exe
  C:\Windows\System\ayxocqS.exe
  2⤵
  PID:7268
- C:\Windows\System\XXplNqP.exe
  C:\Windows\System\XXplNqP.exe
  2⤵
  PID:7336
- C:\Windows\System\PSrDSOO.exe
  C:\Windows\System\PSrDSOO.exe
  2⤵
  PID:8140
- C:\Windows\System\eOHNEPN.exe
  C:\Windows\System\eOHNEPN.exe
  2⤵
  PID:7828
- C:\Windows\System\nAUbVGY.exe
  C:\Windows\System\nAUbVGY.exe
  2⤵
  PID:8228
- C:\Windows\System\fYvdlUS.exe
  C:\Windows\System\fYvdlUS.exe
  2⤵
  PID:8284
- C:\Windows\System\ifdRtSN.exe
  C:\Windows\System\ifdRtSN.exe
  2⤵
  PID:8304
- C:\Windows\System\VqHtBlG.exe
  C:\Windows\System\VqHtBlG.exe
  2⤵
  PID:8320
- C:\Windows\System\TzbobEI.exe
  C:\Windows\System\TzbobEI.exe
  2⤵
  PID:8336
- C:\Windows\System\VToQWeY.exe
  C:\Windows\System\VToQWeY.exe
  2⤵
  PID:8356
- C:\Windows\System\lNUVWZR.exe
  C:\Windows\System\lNUVWZR.exe
  2⤵
  PID:8388
- C:\Windows\System\QajjDvQ.exe
  C:\Windows\System\QajjDvQ.exe
  2⤵
  PID:8412
- C:\Windows\System\izMYLMZ.exe
  C:\Windows\System\izMYLMZ.exe
  2⤵
  PID:8448
- C:\Windows\System\atiIIqa.exe
  C:\Windows\System\atiIIqa.exe
  2⤵
  PID:8472
- C:\Windows\System\AAxjMZb.exe
  C:\Windows\System\AAxjMZb.exe
  2⤵
  PID:8536
- C:\Windows\System\LfOApnj.exe
  C:\Windows\System\LfOApnj.exe
  2⤵
  PID:8600
- C:\Windows\System\mMvjyzP.exe
  C:\Windows\System\mMvjyzP.exe
  2⤵
  PID:8548
- C:\Windows\System\VcNyRXO.exe
  C:\Windows\System\VcNyRXO.exe
  2⤵
  PID:8584
- C:\Windows\System\BmoazdZ.exe
  C:\Windows\System\BmoazdZ.exe
  2⤵
  PID:8628
- C:\Windows\System\lNFGSyt.exe
  C:\Windows\System\lNFGSyt.exe
  2⤵
  PID:8652
- C:\Windows\System\DjmcKVU.exe
  C:\Windows\System\DjmcKVU.exe
  2⤵
  PID:8716
- C:\Windows\System\zrRsFVF.exe
  C:\Windows\System\zrRsFVF.exe
  2⤵
  PID:8704
- C:\Windows\System\rftuIrg.exe
  C:\Windows\System\rftuIrg.exe
  2⤵
  PID:8736
- C:\Windows\System\vDdARcV.exe
  C:\Windows\System\vDdARcV.exe
  2⤵
  PID:8800
- C:\Windows\System\ToFYRes.exe
  C:\Windows\System\ToFYRes.exe
  2⤵
  PID:8848
- C:\Windows\System\usPlAeA.exe
  C:\Windows\System\usPlAeA.exe
  2⤵
  PID:8816
- C:\Windows\System\Rmipnhh.exe
  C:\Windows\System\Rmipnhh.exe
  2⤵
  PID:8912
- C:\Windows\System\vnsUYLC.exe
  C:\Windows\System\vnsUYLC.exe
  2⤵
  PID:8960
- C:\Windows\System\mRLbfrM.exe
  C:\Windows\System\mRLbfrM.exe
  2⤵
  PID:8944
- C:\Windows\System\bQiwroq.exe
  C:\Windows\System\bQiwroq.exe
  2⤵
  PID:9012
- C:\Windows\System\AtksizR.exe
  C:\Windows\System\AtksizR.exe
  2⤵
  PID:9068
- C:\Windows\System\RYyoIDI.exe
  C:\Windows\System\RYyoIDI.exe
  2⤵
  PID:9136
- C:\Windows\System\sjLMzPr.exe
  C:\Windows\System\sjLMzPr.exe
  2⤵
  PID:9116
- C:\Windows\System\SKBeZVp.exe
  C:\Windows\System\SKBeZVp.exe
  2⤵
  PID:9164
- C:\Windows\System\SpdHONd.exe
  C:\Windows\System\SpdHONd.exe
  2⤵
  PID:9176
- C:\Windows\System\pGEgDoh.exe
  C:\Windows\System\pGEgDoh.exe
  2⤵
  PID:8112
- C:\Windows\System\jxHVeZP.exe
  C:\Windows\System\jxHVeZP.exe
  2⤵
  PID:9204
- C:\Windows\System\MprRTCx.exe
  C:\Windows\System\MprRTCx.exe
  2⤵
  PID:7492
- C:\Windows\System\NPpwDRC.exe
  C:\Windows\System\NPpwDRC.exe
  2⤵
  PID:8468
- C:\Windows\System\EwSavKv.exe
  C:\Windows\System\EwSavKv.exe
  2⤵
  PID:7920
- C:\Windows\System\OpDAzdD.exe
  C:\Windows\System\OpDAzdD.exe
  2⤵
  PID:7880
- C:\Windows\System\oOlMINa.exe
  C:\Windows\System\oOlMINa.exe
  2⤵
  PID:7688
- C:\Windows\System\ugDEQtY.exe
  C:\Windows\System\ugDEQtY.exe
  2⤵
  PID:8276
- C:\Windows\System\OBFmxAC.exe
  C:\Windows\System\OBFmxAC.exe
  2⤵
  PID:8300
- C:\Windows\System\AzcgTIO.exe
  C:\Windows\System\AzcgTIO.exe
  2⤵
  PID:8392
- C:\Windows\System\lixrWir.exe
  C:\Windows\System\lixrWir.exe
  2⤵
  PID:8532
- C:\Windows\System\JdTbbmv.exe
  C:\Windows\System\JdTbbmv.exe
  2⤵
  PID:8668
- C:\Windows\System\VySYeJI.exe
  C:\Windows\System\VySYeJI.exe
  2⤵
  PID:8352
- C:\Windows\System\DbMtyYP.exe
  C:\Windows\System\DbMtyYP.exe
  2⤵
  PID:8516
- C:\Windows\System\NegEZzr.exe
  C:\Windows\System\NegEZzr.exe
  2⤵
  PID:8748
- C:\Windows\System\EbiCAWx.exe
  C:\Windows\System\EbiCAWx.exe
  2⤵
  PID:9152
- C:\Windows\System\pSditcu.exe
  C:\Windows\System\pSditcu.exe
  2⤵
  PID:8104
- C:\Windows\System\IhbhSms.exe
  C:\Windows\System\IhbhSms.exe
  2⤵
  PID:9084
- C:\Windows\System\yRdRnhs.exe
  C:\Windows\System\yRdRnhs.exe
  2⤵
  PID:7668
- C:\Windows\System\SowIqgo.exe
  C:\Windows\System\SowIqgo.exe
  2⤵
  PID:7996
- C:\Windows\System\DAIpiwc.exe
  C:\Windows\System\DAIpiwc.exe
  2⤵
  PID:8328
- C:\Windows\System\OuoFCxO.exe
  C:\Windows\System\OuoFCxO.exe
  2⤵
  PID:8464
- C:\Windows\System\IIAVpdN.exe
  C:\Windows\System\IIAVpdN.exe
  2⤵
  PID:8568
- C:\Windows\System\KUVuDpv.exe
  C:\Windows\System\KUVuDpv.exe
  2⤵
  PID:8552
- C:\Windows\System\OzNUwXU.exe
  C:\Windows\System\OzNUwXU.exe
  2⤵
  PID:6188
- C:\Windows\System\oDMOQSW.exe
  C:\Windows\System\oDMOQSW.exe
  2⤵
  PID:8784
- C:\Windows\System\NRzfoua.exe
  C:\Windows\System\NRzfoua.exe
  2⤵
  PID:8916
- C:\Windows\System\LCrZDTe.exe
  C:\Windows\System\LCrZDTe.exe
  2⤵
  PID:8812
- C:\Windows\System\lWxApUE.exe
  C:\Windows\System\lWxApUE.exe
  2⤵
  PID:8768
- C:\Windows\System\xhvOKPn.exe
  C:\Windows\System\xhvOKPn.exe
  2⤵
  PID:9040
- C:\Windows\System\xNzTOLd.exe
  C:\Windows\System\xNzTOLd.exe
  2⤵
  PID:9052
- C:\Windows\System\DWWuToA.exe
  C:\Windows\System\DWWuToA.exe
  2⤵
  PID:9196
- C:\Windows\System\GGzzgel.exe
  C:\Windows\System\GGzzgel.exe
  2⤵
  PID:9200
- C:\Windows\System\LkTSSGW.exe
  C:\Windows\System\LkTSSGW.exe
  2⤵
  PID:8752
- C:\Windows\System\EQAipEV.exe
  C:\Windows\System\EQAipEV.exe
  2⤵
  PID:8332
- C:\Windows\System\RYGCmzI.exe
  C:\Windows\System\RYGCmzI.exe
  2⤵
  PID:8428
- C:\Windows\System\AvdTxYC.exe
  C:\Windows\System\AvdTxYC.exe
  2⤵
  PID:8932
- C:\Windows\System\Vclbnmh.exe
  C:\Windows\System\Vclbnmh.exe
  2⤵
  PID:9132
- C:\Windows\System\AZRtPQX.exe
  C:\Windows\System\AZRtPQX.exe
  2⤵
  PID:7628
- C:\Windows\System\VBNZRBG.exe
  C:\Windows\System\VBNZRBG.exe
  2⤵
  PID:8636
- C:\Windows\System\JKJOHzX.exe
  C:\Windows\System\JKJOHzX.exe
  2⤵
  PID:8796
- C:\Windows\System\mDOcnGw.exe
  C:\Windows\System\mDOcnGw.exe
  2⤵
  PID:9228
- C:\Windows\System\oFNwyva.exe
  C:\Windows\System\oFNwyva.exe
  2⤵
  PID:9244
- C:\Windows\System\aimzzLL.exe
  C:\Windows\System\aimzzLL.exe
  2⤵
  PID:9260
- C:\Windows\System\aEyPnwe.exe
  C:\Windows\System\aEyPnwe.exe
  2⤵
  PID:9276
- C:\Windows\System\KRHmtCa.exe
  C:\Windows\System\KRHmtCa.exe
  2⤵
  PID:9292
- C:\Windows\System\oOGkErv.exe
  C:\Windows\System\oOGkErv.exe
  2⤵
  PID:9312
- C:\Windows\System\WLqqOlH.exe
  C:\Windows\System\WLqqOlH.exe
  2⤵
  PID:9328
- C:\Windows\System\BkuKLWQ.exe
  C:\Windows\System\BkuKLWQ.exe
  2⤵
  PID:9344
- C:\Windows\System\bnLvkTH.exe
  C:\Windows\System\bnLvkTH.exe
  2⤵
  PID:9360
- C:\Windows\System\tNBkOJi.exe
  C:\Windows\System\tNBkOJi.exe
  2⤵
  PID:9376
- C:\Windows\System\UFPBSgV.exe
  C:\Windows\System\UFPBSgV.exe
  2⤵
  PID:9392
- C:\Windows\System\GPPkhcu.exe
  C:\Windows\System\GPPkhcu.exe
  2⤵
  PID:9408
- C:\Windows\System\bEGCjOJ.exe
  C:\Windows\System\bEGCjOJ.exe
  2⤵
  PID:9424
- C:\Windows\System\QLpAXMO.exe
  C:\Windows\System\QLpAXMO.exe
  2⤵
  PID:9440
- C:\Windows\System\JOdxfrP.exe
  C:\Windows\System\JOdxfrP.exe
  2⤵
  PID:9456
- C:\Windows\System\wIuMoGK.exe
  C:\Windows\System\wIuMoGK.exe
  2⤵
  PID:9472
- C:\Windows\System\AGfTYcz.exe
  C:\Windows\System\AGfTYcz.exe
  2⤵
  PID:9492
- C:\Windows\System\eLnvouO.exe
  C:\Windows\System\eLnvouO.exe
  2⤵
  PID:9508
- C:\Windows\System\IuhIpES.exe
  C:\Windows\System\IuhIpES.exe
  2⤵
  PID:9524
- C:\Windows\System\foeggEK.exe
  C:\Windows\System\foeggEK.exe
  2⤵
  PID:9540
- C:\Windows\System\iQAkuob.exe
  C:\Windows\System\iQAkuob.exe
  2⤵
  PID:9556
- C:\Windows\System\oXOkDWv.exe
  C:\Windows\System\oXOkDWv.exe
  2⤵
  PID:9572
- C:\Windows\System\PwHKQWP.exe
  C:\Windows\System\PwHKQWP.exe
  2⤵
  PID:9588
- C:\Windows\System\MxNkUmc.exe
  C:\Windows\System\MxNkUmc.exe
  2⤵
  PID:9604
- C:\Windows\System\ymnWTEt.exe
  C:\Windows\System\ymnWTEt.exe
  2⤵
  PID:9620
- C:\Windows\System\BTjhbUr.exe
  C:\Windows\System\BTjhbUr.exe
  2⤵
  PID:9636
- C:\Windows\System\ZYBDLHW.exe
  C:\Windows\System\ZYBDLHW.exe
  2⤵
  PID:9652
- C:\Windows\System\clSLERD.exe
  C:\Windows\System\clSLERD.exe
  2⤵
  PID:9668
- C:\Windows\System\NyFrAsV.exe
  C:\Windows\System\NyFrAsV.exe
  2⤵
  PID:9684
- C:\Windows\System\OIAffum.exe
  C:\Windows\System\OIAffum.exe
  2⤵
  PID:9700
- C:\Windows\System\JKymTXW.exe
  C:\Windows\System\JKymTXW.exe
  2⤵
  PID:9716
- C:\Windows\System\plmFDRW.exe
  C:\Windows\System\plmFDRW.exe
  2⤵
  PID:9732
- C:\Windows\System\VupHciB.exe
  C:\Windows\System\VupHciB.exe
  2⤵
  PID:9748
- C:\Windows\System\XarDLEM.exe
  C:\Windows\System\XarDLEM.exe
  2⤵
  PID:9764
- C:\Windows\System\PoiJvjl.exe
  C:\Windows\System\PoiJvjl.exe
  2⤵
  PID:9780
- C:\Windows\System\OdzQcZk.exe
  C:\Windows\System\OdzQcZk.exe
  2⤵
  PID:9796
- C:\Windows\System\KyaHehN.exe
  C:\Windows\System\KyaHehN.exe
  2⤵
  PID:9812
- C:\Windows\System\lXnqpIg.exe
  C:\Windows\System\lXnqpIg.exe
  2⤵
  PID:9828
- C:\Windows\System\lyqmAqK.exe
  C:\Windows\System\lyqmAqK.exe
  2⤵
  PID:9844
- C:\Windows\System\gvgkeHn.exe
  C:\Windows\System\gvgkeHn.exe
  2⤵
  PID:9860
- C:\Windows\System\HhRBPTl.exe
  C:\Windows\System\HhRBPTl.exe
  2⤵
  PID:9876
- C:\Windows\System\HhLnMAY.exe
  C:\Windows\System\HhLnMAY.exe
  2⤵
  PID:9892
- C:\Windows\System\pfaLlOW.exe
  C:\Windows\System\pfaLlOW.exe
  2⤵
  PID:9912
- C:\Windows\System\enWRjYo.exe
  C:\Windows\System\enWRjYo.exe
  2⤵
  PID:9928
- C:\Windows\System\HTxHyhE.exe
  C:\Windows\System\HTxHyhE.exe
  2⤵
  PID:9944
- C:\Windows\System\QwWagpp.exe
  C:\Windows\System\QwWagpp.exe
  2⤵
  PID:9960
- C:\Windows\System\MBxLCxw.exe
  C:\Windows\System\MBxLCxw.exe
  2⤵
  PID:9980
- C:\Windows\System\lcDhqYQ.exe
  C:\Windows\System\lcDhqYQ.exe
  2⤵
  PID:10000
- C:\Windows\System\dfKCeHM.exe
  C:\Windows\System\dfKCeHM.exe
  2⤵
  PID:10024
- C:\Windows\System\NcAXbdC.exe
  C:\Windows\System\NcAXbdC.exe
  2⤵
  PID:10040
- C:\Windows\System\LuSzeXt.exe
  C:\Windows\System\LuSzeXt.exe
  2⤵
  PID:10064
- C:\Windows\System\hOVRdHU.exe
  C:\Windows\System\hOVRdHU.exe
  2⤵
  PID:10080
- C:\Windows\System\TUtAFze.exe
  C:\Windows\System\TUtAFze.exe
  2⤵
  PID:10112
- C:\Windows\System\AsDIdUX.exe
  C:\Windows\System\AsDIdUX.exe
  2⤵
  PID:10128
- C:\Windows\System\kMvQbJe.exe
  C:\Windows\System\kMvQbJe.exe
  2⤵
  PID:10144
- C:\Windows\System\AftqNvu.exe
  C:\Windows\System\AftqNvu.exe
  2⤵
  PID:10160
- C:\Windows\System\UScYSrW.exe
  C:\Windows\System\UScYSrW.exe
  2⤵
  PID:10176
- C:\Windows\System\UQWRapm.exe
  C:\Windows\System\UQWRapm.exe
  2⤵
  PID:10192
- C:\Windows\System\SeTRkbJ.exe
  C:\Windows\System\SeTRkbJ.exe
  2⤵
  PID:10208
- C:\Windows\System\oyxPMER.exe
  C:\Windows\System\oyxPMER.exe
  2⤵
  PID:10224
- C:\Windows\System\OurmLKM.exe
  C:\Windows\System\OurmLKM.exe
  2⤵
  PID:7216
- C:\Windows\System\kMRGKPt.exe
  C:\Windows\System\kMRGKPt.exe
  2⤵
  PID:9252
- C:\Windows\System\ibYcuwS.exe
  C:\Windows\System\ibYcuwS.exe
  2⤵
  PID:9320
- C:\Windows\System\dGWroQf.exe
  C:\Windows\System\dGWroQf.exe
  2⤵
  PID:9384
- C:\Windows\System\HFNelZo.exe
  C:\Windows\System\HFNelZo.exe
  2⤵
  PID:9452
- C:\Windows\System\kRbFZBc.exe
  C:\Windows\System\kRbFZBc.exe
  2⤵
  PID:8884
- C:\Windows\System\PUEQTHJ.exe
  C:\Windows\System\PUEQTHJ.exe
  2⤵
  PID:9236
- C:\Windows\System\OocFEOI.exe
  C:\Windows\System\OocFEOI.exe
  2⤵
  PID:9372
- C:\Windows\System\cejvFib.exe
  C:\Windows\System\cejvFib.exe
  2⤵
  PID:9516
- C:\Windows\System\EicGdYY.exe
  C:\Windows\System\EicGdYY.exe
  2⤵
  PID:2516
- C:\Windows\System\spJxXqP.exe
  C:\Windows\System\spJxXqP.exe
  2⤵
  PID:9580
- C:\Windows\System\YfbEtrI.exe
  C:\Windows\System\YfbEtrI.exe
  2⤵
  PID:8900
- C:\Windows\System\MkRtcay.exe
  C:\Windows\System\MkRtcay.exe
  2⤵
  PID:9304
- C:\Windows\System\WvgOATi.exe
  C:\Windows\System\WvgOATi.exe
  2⤵
  PID:9400
- C:\Windows\System\lsYqoXf.exe
  C:\Windows\System\lsYqoXf.exe
  2⤵
  PID:9468
- C:\Windows\System\tozoPkq.exe
  C:\Windows\System\tozoPkq.exe
  2⤵
  PID:9564
- C:\Windows\System\GNvNtHz.exe
  C:\Windows\System\GNvNtHz.exe
  2⤵
  PID:9632
- C:\Windows\System\mQgDEDo.exe
  C:\Windows\System\mQgDEDo.exe
  2⤵
  PID:9648
- C:\Windows\System\GbNERwO.exe
  C:\Windows\System\GbNERwO.exe
  2⤵
  PID:9772
- C:\Windows\System\QlcyQvz.exe
  C:\Windows\System\QlcyQvz.exe
  2⤵
  PID:9788
- C:\Windows\System\VlpTYKN.exe
  C:\Windows\System\VlpTYKN.exe
  2⤵
  PID:9820
- C:\Windows\System\DxBnVun.exe
  C:\Windows\System\DxBnVun.exe
  2⤵
  PID:9868
- C:\Windows\System\kgSFAzM.exe
  C:\Windows\System\kgSFAzM.exe
  2⤵
  PID:9856
- C:\Windows\System\tlvfUxY.exe
  C:\Windows\System\tlvfUxY.exe
  2⤵
  PID:9920
- C:\Windows\System\URvFtrN.exe
  C:\Windows\System\URvFtrN.exe
  2⤵
  PID:9952
- C:\Windows\System\nBNUgst.exe
  C:\Windows\System\nBNUgst.exe
  2⤵
  PID:9976
- C:\Windows\System\ANeUdUg.exe
  C:\Windows\System\ANeUdUg.exe
  2⤵
  PID:10008
- C:\Windows\System\RUFipSU.exe
  C:\Windows\System\RUFipSU.exe
  2⤵
  PID:9488
- C:\Windows\System\NpNCqzg.exe
  C:\Windows\System\NpNCqzg.exe
  2⤵
  PID:10060
- C:\Windows\System\oNOjsRn.exe
  C:\Windows\System\oNOjsRn.exe
  2⤵
  PID:10076
- C:\Windows\System\fDuWjLj.exe
  C:\Windows\System\fDuWjLj.exe
  2⤵
  PID:10120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CCQJkJh.exe

Filesize
6.0MB

MD5
04801386e8f27dea14b6c9f9c978e604

SHA1
3a014a684033d587672a8753782dd875057dbc80

SHA256
2c0c2fa5cccc9a58987344fe5d293b50e2b4457c9671e9ef45b88bdaec335199

SHA512
be5484589c632098c37c985f15f8886b2cdc8bd8bddf6459da3edf68a74245691e54943ea11e5c4ebbacbc055f436adb0479d8f2be0b53e62018753519a86ba9

Download Submit
C:\Windows\system\CPPIATp.exe

Filesize
6.0MB

MD5
c7d06c9fd55dba3b9be59270013d65b5

SHA1
ed2b4e3b9410bc71a4b227ffc45af0ce4a3ffa45

SHA256
2622d43b1ca4ca3767e7495d051bd1ef8679297e9d62bc0e8116bcca9e2d6221

SHA512
d49bd03706d49363746cc842a6291ab77881c0a5a9ad903a3e21ae9641f1e265b6c5b41176455c55debbfcfadf83b6dd262b16679a4c6ebbb00b2163fab4c332

Download Submit
C:\Windows\system\EzpWktM.exe

Filesize
6.0MB

MD5
d5d1fade3b9565e0ee2543cb3c0f3bde

SHA1
1a4cce02bf96366273b7a8f9d5da552c2c1310b9

SHA256
c2ce805bbe16505965b320bbc970ac7ffff51e7514c48a5e6b79baaf29c88a9c

SHA512
670d3bcc1c32c93796f21715bd04d38af19dba3f3e7544cf847cfba37c12bfeb16c797749f218a9d525168ed1783ef0bd2dda3c5287d1b1fd4cb2200f9394c11

Download Submit
C:\Windows\system\NGzGDeh.exe

Filesize
6.0MB

MD5
3e9e508deec5d1351bd43edbc75f8f70

SHA1
e12b975c3be57a1452ea2e771752c5947823ca26

SHA256
943560908a3f577d8e51045c6e5f209cc0d1ada0cfd277497de54738f34c9e1f

SHA512
a12444fcaf0854aae6df92acd8e2788dade72276ad708c717202c179adb1bbdad2fa4e4328c86e80a9891fc4ed96c9ca99cda2a9ddc7a1cbc0ca3388f844b4e3

Download Submit
C:\Windows\system\OSEYEkX.exe

Filesize
6.0MB

MD5
9f565ee433722abb65a9eda362dd53f9

SHA1
02715fb0422c041d2499c11b5027d4f6e6cdfe33

SHA256
1233111f0f67cb6c12b93fb98187c6ea8c85d1cd79584a27a7f293eb7b7d7b95

SHA512
c28c88e441e1a1bcc000b10edec46fa54c0e6558f6e498f7bfa4061b0da723256cdbaa9fe8f442cad46fef546fc25ade5391b1e8f5248038279c612f2af21b17

Download Submit
C:\Windows\system\PksxWVq.exe

Filesize
6.0MB

MD5
298a9c13fcab9d5967c3fd3d3f4bed21

SHA1
9f888ec8cbde5437997682f6ccec628c8b57d713

SHA256
7d10faed63f18cdfb6b0dd392232db49f382a620e81ea85972aea231caa5d21e

SHA512
d46aa34b14c2710dab113354dab6fbae6ae6c103ac80b1bd7307b0b70af9fc22502916516cc51a741351abad53e8d0990da1fac2e5db0b6c157daa25a89b5fe9

Download Submit
C:\Windows\system\QTHqUIT.exe

Filesize
6.0MB

MD5
3beaa0048b9e8b79ab790d1697b718f7

SHA1
9e5d684d5e4f0e5715a8c3ef0f112b6a32511fb4

SHA256
4fb62feeb4fea42c9689c6b264ec7aa4d85bdfa6f69145341d0499e2f89cadd9

SHA512
599ac39781c9ef69aa2cada34ee2d219f386828aa3640c358a3a72d05a56b023872011a785789f9f0852099c7f49c644a5ef2b2a317108cafba39b05e638f92e

Download Submit
C:\Windows\system\RUFcCoM.exe

Filesize
6.0MB

MD5
6179b43b12a1396ca57abb186d14a5fb

SHA1
a8993247349ad9251f2b1b2298b0342c576a5d36

SHA256
083f94a748ebc84ba2d54dcc2a5675fba575e78baf38efc331ab93af58281fdc

SHA512
024c877b1e74d14bccaedf3ccddbeb3637e04e08fd48ea7673b04a70b2f72394165cd55784760e15dc96cdb81bcaf8cbc59b8bdd0fd45eedea47a1df12d8ca59

Download Submit
C:\Windows\system\TfwTYoV.exe

Filesize
6.0MB

MD5
a321d1d0fd155cc785973e8efca7b786

SHA1
74d644ab81a4a0a5ef61c49663b9259222eeee9e

SHA256
f32762012c642c409cf4ea67b50f6cca5665c181f16cf6e1c85856485c427992

SHA512
1dc96bf2a7cc2b961b35a3594e2eb57037d88b0af8559d400b1ffcbd84413e081c64f6c8f78ff4ae8795b1f543c85e71f861cb568b2b14c8796701a7891f79de

Download Submit
C:\Windows\system\UlDgCTp.exe

Filesize
6.0MB

MD5
316e015722e18ca1e70c7504737ce027

SHA1
7a60cdb78cd9bcb23a58cee1a95f1c044913c017

SHA256
2419fb9cea5337fc16f9dce33b4a3fac154c789eabd61e61edadaad22346b019

SHA512
0db351868625af1c01c8f099624b282394da61b05776d5f48093b9eeae59c80a56d667cbbe938d91d5a04be134912004d6badfec762215045e2884b4f5b29112

Download Submit
C:\Windows\system\VESPZbI.exe

Filesize
6.0MB

MD5
e393fce1ab7dd3478950fc1b50948961

SHA1
6343891ca2e3c507e9d47017417f707c545fd397

SHA256
b5e17008a173750719d5d11b55b25474da4a94ab741673f96764cf2a5cbf1900

SHA512
b52ecf22ece2e7222b9f6f72da526bdcf1ea9333c8195d3219372b2ef333b343da7e805dbc2b76c88cb1215b5419a134c451dd6fc9c129a0939fdaabe905a792

Download Submit
C:\Windows\system\VfeNcPg.exe

Filesize
6.0MB

MD5
14ae35680c42138f85578bd55d2ae48b

SHA1
4edfc44daf77b6b64a299e00aa966c9ffe213ab4

SHA256
34a7d48aba28e94157fa50ce79a0cb4c4e107b3d3ab73b40194047fe186611c4

SHA512
9bdf7ba90362e886e0f07b531cf8d4781b5c5825902404b11ea4dd0834a30576fe29dac2c8d6cb1b57083af2e9ccb55315bdbe3b767b1378661ce004469cc8dc

Download Submit
C:\Windows\system\XnkXoQs.exe

Filesize
6.0MB

MD5
c904f9867440c172afa6a72f5f6c4ae8

SHA1
0bd4aa5c826261f3af98312dff48d9df4c73b247

SHA256
d0263377508edb0766d18f2610fc406757723622fda8e968b4476debc7ee14ef

SHA512
5a796404ab203ada8393f487591fdf7d1ffacf6e33dfe9d3e731c6b1f4fb0013d3935b87caeedd3d15f51ea7a2c21b19b484ec0539513ade1cec0141303c2f54

Download Submit
C:\Windows\system\bhLTfGy.exe

Filesize
6.0MB

MD5
c7bd46079203c62cb125b3d77cabe090

SHA1
c9050d161817df8cee9a74b37dfe71a338edd4a4

SHA256
86761af5752595376e9fa0e7001ef407d3f65e357147dcd6faf6ff609559f90c

SHA512
c60548b91f0bc5c62530326a101bde637cc756a1c6d6d1c9ca5227b665395f7e25d6600d3dcdc6db5b6c0967f0db2b1422929678070fedc18402a6fa4196e5fa

Download Submit
C:\Windows\system\bzRjrqK.exe

Filesize
6.0MB

MD5
a1fc387c0fb78f34870e68e7388240b8

SHA1
f3dd316d8c614a9887cced7d287fe0bb1ca6cbb5

SHA256
51119a9eb6f260ed1d2d30b4acf57145c3223a6d25ae44459cb684cc38fecbc7

SHA512
2bb9e9f98e24489631e50291e2b5e73dd23a4ec8239aa0540f9e3452359ffc560ba9545707cf5b2e8ba01e5bf1e1497fc6a0703628beed374f2ba24bc3f7eae4

Download Submit
C:\Windows\system\cGnAHfu.exe

Filesize
6.0MB

MD5
f0031ae33568b043593afc2a871494fc

SHA1
ea7130a1c269e14d355f91b841fb9cc84f5f15c5

SHA256
2703002c3924425241b7408a16fdc01b5938d760bdedc0e0700475c2384cbc4b

SHA512
b0e4945269016ecf48f11f16f1eeb11e2c226d38608a0cfc5d4829a9883cc9190ead09a0555e88114aff78a825e3c0f1a112fc8f7e822667521253fe8904d6f7

Download Submit
C:\Windows\system\cozvzIa.exe

Filesize
6.0MB

MD5
a1a965b4fb2a7b753b63568ac38554bd

SHA1
210b9c6d92533f3c1efb9c9ae48a915a703f7ae1

SHA256
807da7bc87481a0e6e3dd4756651b49370c75aaf73d9b90f8e5d3a3309d6cb5e

SHA512
aceb233184010addf503daffd7068132f8fa73e283f09cb4d7eb2e6b08173f3fe43610bc781796fcc0aaedc9c5b474a88d33139170131686bce390dc938832b9

Download Submit
C:\Windows\system\dyrUgJs.exe

Filesize
6.0MB

MD5
4f43dc83cd57baf97f12f445e761a1a7

SHA1
dd139d265573eccae0dc1891fd3424ddf7376b79

SHA256
4216bf30084a0e675e8850a3d535a0941ef7229e396e4b8dd6130c21abceb467

SHA512
80595527c27e6c6c3e00123c03c58d557d5d00d80d2ec16e2a4f05f53570a111d83d30415920b993f234e141db79a9b27cdc565e47d68f153346726359452f4f

Download Submit
C:\Windows\system\iJcDBax.exe

Filesize
6.0MB

MD5
fac1be5731e355f4bf22d51006000936

SHA1
627d5ece3cf07b67a5c4b10c0cea3999a15265bc

SHA256
a8014be35eb937375d0b67311bf27dd9e07cf6b4b0b5a3055b5bc3aadca0a772

SHA512
cad14fa5e798e06b2e60d9f99cd0c3eb3f99b50642fb94be807d1677e9b477fb3db18d4638606a499168069d7c19f9e22ffbcd7fe4496d0469ac66cf73558656

Download Submit
C:\Windows\system\kTLOiwT.exe

Filesize
6.0MB

MD5
3f59916aeb96f418c338af1aa94fe658

SHA1
f2be4a95079a12a262b7573628bd8553231a4ac7

SHA256
a7a4fdfb29e14b3cf9ee96ff29fc71984afaef0512f2535904d15fc0beaee062

SHA512
e08dabf28a455734684af595c2607dc9edbe948a75f660ce8db8ac22018f36e5307ad25cae051e117c67fbbf6b732daf74b2f1b351d7162cb206b9ef1742661d

Download Submit
C:\Windows\system\oBPkwiO.exe

Filesize
6.0MB

MD5
621354d857410262fcdecb056939b32e

SHA1
bd1ac64e0a31b28c0410331bd5bc1bf0dc7b2ab5

SHA256
645fbb67c40176094105674aeddec53054791e32a183a8b37518e2bb79cd7bf3

SHA512
88677920072814b411a7bca5f4e04369cf3ffbdd76ab3b84940a9aef81ae2f3abd04658e68e4e4e57de92d5a606918ece63c329be7589dcd584ad1549a2d2707

Download Submit
C:\Windows\system\pSqScDv.exe

Filesize
6.0MB

MD5
6a614b95eff2511711e21912b72d3cb9

SHA1
bb301c0bef57301a3cc3280a0cbed4cf8047ee9e

SHA256
b8ce5c1eda95600d4594bccd4bb0018bc32209c31c31bbdea9a40f4f9bb3d5f1

SHA512
d56051354f9933d7c27c522ac5fc621c2c1e226cb7902f153a766310b4b9f379aea53c5ba0495ff8c1953a951b5dd27e5a5747a7c3c29442f6a591ed580e7e0d

Download Submit
C:\Windows\system\sLMgCrd.exe

Filesize
6.0MB

MD5
597d894f480586aed16f6e60d5a2db9f

SHA1
7e24aece791d79b2c8abaaf6b2d38a981e588420

SHA256
84bbc6c913cff782f0a5b5d1e7c1a7e83876548bc0b5ae863abe2be7e48f07b4

SHA512
f2a1ff30e071e7e15e640d33cefbe9a8d88b64bc9a9d491ea0696034a4eed3fde00c1f1d0f1fb5e52a6f2ece61581f0e4f756c7c335393f6e504d1d7dacc12f3

Download Submit
C:\Windows\system\sSjyhkC.exe

Filesize
6.0MB

MD5
866d53b32f920005ddd8c22f2d538f9e

SHA1
0b92d5b0dfaacd924829b25325ecdb93075c1aa3

SHA256
34fa223fadd6c94506546571acff2a86bef9b53c2846668b95ef8f628d6335a2

SHA512
741f7cbcbdbaf4c5e67b432e34e3a032ade5322a380b46742371cf85040a2f4a342659fc501c5bbd00f5a0a17026d8379ebcd730c78af5ba189fea6a3c944764

Download Submit
C:\Windows\system\takFcIZ.exe

Filesize
6.0MB

MD5
f86e1985e8f3edb06ac1095d1a2a842e

SHA1
4f51fa217a838664f4084ce16634ff6834b508ed

SHA256
74ef60ebbfb96b4fa43b2be89ac1b495d4d8831a4b00afd79277b10a15e48304

SHA512
90612201c72303d658e40e97d69ad8baa45bac124586465d02b8595238bae65a12d405650076a9f4ec2b737883f29c90df83dff81abc3e2b9d5cffbfe16560d0

Download Submit
C:\Windows\system\thbTQEY.exe

Filesize
6.0MB

MD5
2b772fdaac0ba4b17149b7d8c4cc3846

SHA1
9a8610edaceacb5dc57079bc68326d57dd9c86b5

SHA256
2138d4fb271181bb52d0ede03766ba791a9b47f73dea06bb5be4346e0405afe2

SHA512
331e01b4049b73d319f3035ce3abd4f493ec4ef2a865542d545b35e675105f274153622ada7c2639c5075b3840eb9ee138d6a774ce4d159339eb666d2a3aaf20

Download Submit
C:\Windows\system\vzOhTOr.exe

Filesize
6.0MB

MD5
209d88306e534eed9a1110a35fa6e687

SHA1
706dee6d00f5a87843049c0fea74c1a71b8e4687

SHA256
6eebc3190627ee868bcbb233a8913fa35194146f668f717c9c91bdc1d105ff97

SHA512
972353dc9d706d2058897d03cf1b4156e3725911711dcfd922d33aca04a62cc61ccac614198ec544a02fa51e8af1f4c7be2ed04b9e7596bc63c064e657a679fe

Download Submit
C:\Windows\system\xzyCvaM.exe

Filesize
6.0MB

MD5
0bb59405cfe2100d1e74ba82fadf894c

SHA1
12a1b8785d0a2e859c9d5f67478d81fb8ade81a2

SHA256
97848c38b9ca7bce0936242d26e04a5f4c40bc8e5a9ecfc61c5b0e9cf5b46259

SHA512
614eec87089ae9296c41a5f0eff8479f004cac79a86161d3ebd7316dc0db3fb76c1d3c01736f2ff99855a1afc1049ba384bc38d66078c8950192f24dc74e7d59

Download Submit
\Windows\system\CgeWmYX.exe

Filesize
6.0MB

MD5
8d6e6215e68d23be96614ca709aa6c46

SHA1
3a5df09fe143bd05dc31983cd7ecff5245c2d90e

SHA256
c338dde945e0f2b102aac972fa8daf1dc35ba7dedd5b21c68ffbb8303ec54d10

SHA512
cb20d8e5f7e535555bb15314609126b1be67998e86470f5b6b1133e02106bd12b2130a3f99ea64f0dc41521618551fa3b1656dbc29378dbaf80881bfcf49dfc3

Download Submit
\Windows\system\JFZOrFp.exe

Filesize
6.0MB

MD5
ae74740471c2f91336020b51666d8959

SHA1
0059143e27f18607cded51e788311c0df66553e2

SHA256
74d225455a91974ef55d3727f2822b92a35bc46605b3ef1889792cbebfa1e64a

SHA512
40b14cfab6360a40cc79881b0d66d4112adcb8a66d01f3afb0b757c663ea040d5f805390b01d66015a27eb68fbebf3775b516b2a8509666039ccbef6004758ed

Download Submit
\Windows\system\fdovPtI.exe

Filesize
6.0MB

MD5
9740e3c4b53a833ce039575041bb9976

SHA1
9e95e61b106ec4d14fc0ee8c82df1efd30349041

SHA256
91487af3c434baf806e76a09868eef4e56d9af58650acb028c846f34fe5f4ca6

SHA512
eec9ad246c2d67e6550470edb9df2ec75444122957f2ac6b1f052fd17f5c87c0080eb9ec1a0817d627b0c11322321d60dcce055f12aa3a69664332ef3148acd1

Download Submit
\Windows\system\wDbRWFh.exe

Filesize
6.0MB

MD5
a92620bdf82e071aa627a8948e4bd7e7

SHA1
ea6fa009d1fa693ab060fb1f521def662477e30d

SHA256
909492d8324dd01734c6834104c3248df22c79126d6e0171da0039f0302044cd

SHA512
3aeae7a1b4b75ec9b6f1fea9d785c12f005e6be695fd5348cd213ec5fdc59e7392605a9e74495a55f24679ee6ddbdfa796abd197cf6d848dfc486ddb11917e10

Download Submit
memory/540-58-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/540-3174-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1652-3797-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1652-97-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1652-1225-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-3766-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-83-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2096-66-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2096-3157-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3762-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2100-94-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2132-33-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2132-1156-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-27-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-329-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2132-51-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2132-22-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2132-82-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-0-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2132-78-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-72-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2132-41-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2132-95-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-65-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2132-1-0x0000000000710000-0x0000000000720000-memory.dmp

Filesize
64KB

Download
memory/2132-16-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2132-50-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2132-221-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2144-3211-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2144-76-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2356-3823-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-86-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2432-3153-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2432-49-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2528-42-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2528-3179-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2528-85-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2540-3165-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2540-20-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2684-57-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3185-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-18-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3164-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2700-36-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-64-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3182-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-28-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-21-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3159-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download