cobaltstrike | 575e76a72488065fa935e22d546adecc73e7b062e1c470085a42e9aed3a4ac61

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

22def95fc516f4fdf18cd308b9cb334f
SHA1

bff48f40ee76eb99d266215c51d0f4d505942bbc
SHA256

575e76a72488065fa935e22d546adecc73e7b062e1c470085a42e9aed3a4ac61
SHA512

1ed3b9631201440d30611753a30032fdc16a4ebe6973e0b8253748e1d90c23d3ff0bae8d27b89393b592a15367941a9185c9e6dfa8d969a76c9409028d7b38f1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 39 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\ICeVadR.exe	cobalt_reflective_dll
C:\Windows\system\NGbdJoz.exe	cobalt_reflective_dll
\Windows\system\MwZKbeN.exe	cobalt_reflective_dll
\Windows\system\QcujftT.exe	cobalt_reflective_dll
C:\Windows\system\FqIvUgM.exe	cobalt_reflective_dll
C:\Windows\system\RFzPwXz.exe	cobalt_reflective_dll
C:\Windows\system\rjaBotp.exe	cobalt_reflective_dll
C:\Windows\system\mgIJGWd.exe	cobalt_reflective_dll
C:\Windows\system\deSfFCz.exe	cobalt_reflective_dll
C:\Windows\system\sAiKPps.exe	cobalt_reflective_dll
\Windows\system\gKkYfqW.exe	cobalt_reflective_dll
\Windows\system\dmNtIUI.exe	cobalt_reflective_dll
C:\Windows\system\rywtUVj.exe	cobalt_reflective_dll
\Windows\system\ghmGloo.exe	cobalt_reflective_dll
\Windows\system\inwsqdg.exe	cobalt_reflective_dll
\Windows\system\lZLgIHw.exe	cobalt_reflective_dll
C:\Windows\system\YGaANbk.exe	cobalt_reflective_dll
C:\Windows\system\URiRjkQ.exe	cobalt_reflective_dll
\Windows\system\jGGxRcM.exe	cobalt_reflective_dll
\Windows\system\GlTbJze.exe	cobalt_reflective_dll
\Windows\system\XKpBntQ.exe	cobalt_reflective_dll
\Windows\system\RnlpLfi.exe	cobalt_reflective_dll
C:\Windows\system\kfidMlX.exe	cobalt_reflective_dll
C:\Windows\system\NiRIrDi.exe	cobalt_reflective_dll
C:\Windows\system\qVBMgop.exe	cobalt_reflective_dll
\Windows\system\uqCxghw.exe	cobalt_reflective_dll
\Windows\system\yKwoPRd.exe	cobalt_reflective_dll
\Windows\system\soPrXOD.exe	cobalt_reflective_dll
C:\Windows\system\XYPFhqu.exe	cobalt_reflective_dll
\Windows\system\pBeViCY.exe	cobalt_reflective_dll
\Windows\system\TXfyIwW.exe	cobalt_reflective_dll
C:\Windows\system\wFpnQxi.exe	cobalt_reflective_dll
C:\Windows\system\MdExLYZ.exe	cobalt_reflective_dll
C:\Windows\system\CALIRfS.exe	cobalt_reflective_dll
C:\Windows\system\Elisbrl.exe	cobalt_reflective_dll
C:\Windows\system\KhOsOzy.exe	cobalt_reflective_dll
C:\Windows\system\QGtRXaG.exe	cobalt_reflective_dll
C:\Windows\system\kGzwaec.exe	cobalt_reflective_dll
C:\Windows\system\XNPTUzj.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2136-0-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
\Windows\system\ICeVadR.exe	xmrig
C:\Windows\system\NGbdJoz.exe	xmrig
\Windows\system\MwZKbeN.exe	xmrig
\Windows\system\QcujftT.exe	xmrig
C:\Windows\system\FqIvUgM.exe	xmrig
C:\Windows\system\RFzPwXz.exe	xmrig
C:\Windows\system\rjaBotp.exe	xmrig
C:\Windows\system\mgIJGWd.exe	xmrig
C:\Windows\system\deSfFCz.exe	xmrig
behavioral1/memory/2320-191-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/memory/1644-979-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2136-900-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
C:\Windows\system\sAiKPps.exe	xmrig
\Windows\system\gKkYfqW.exe	xmrig
\Windows\system\dmNtIUI.exe	xmrig
C:\Windows\system\rywtUVj.exe	xmrig
\Windows\system\ghmGloo.exe	xmrig
\Windows\system\inwsqdg.exe	xmrig
behavioral1/memory/2136-150-0x0000000002240000-0x0000000002594000-memory.dmp	xmrig
\Windows\system\lZLgIHw.exe	xmrig
behavioral1/memory/2136-142-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
C:\Windows\system\YGaANbk.exe	xmrig
C:\Windows\system\URiRjkQ.exe	xmrig
\Windows\system\jGGxRcM.exe	xmrig
\Windows\system\GlTbJze.exe	xmrig
\Windows\system\XKpBntQ.exe	xmrig
\Windows\system\RnlpLfi.exe	xmrig
C:\Windows\system\kfidMlX.exe	xmrig
C:\Windows\system\NiRIrDi.exe	xmrig
C:\Windows\system\qVBMgop.exe	xmrig
\Windows\system\uqCxghw.exe	xmrig
\Windows\system\yKwoPRd.exe	xmrig
\Windows\system\soPrXOD.exe	xmrig
C:\Windows\system\XYPFhqu.exe	xmrig
behavioral1/memory/948-78-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
\Windows\system\pBeViCY.exe	xmrig
behavioral1/memory/2136-71-0x0000000002240000-0x0000000002594000-memory.dmp	xmrig
behavioral1/memory/2472-70-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2136-69-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/1376-68-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
\Windows\system\TXfyIwW.exe	xmrig
behavioral1/memory/1644-63-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
C:\Windows\system\wFpnQxi.exe	xmrig
behavioral1/memory/320-171-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2804-162-0x000000013FE60000-0x00000001401B4000-memory.dmp	xmrig
C:\Windows\system\MdExLYZ.exe	xmrig
C:\Windows\system\CALIRfS.exe	xmrig
behavioral1/memory/2880-146-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/memory/2784-134-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
C:\Windows\system\Elisbrl.exe	xmrig
behavioral1/memory/2856-112-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
C:\Windows\system\KhOsOzy.exe	xmrig
behavioral1/memory/2844-97-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2460-66-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2136-65-0x0000000002240000-0x0000000002594000-memory.dmp	xmrig
behavioral1/memory/1632-64-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
C:\Windows\system\QGtRXaG.exe	xmrig
C:\Windows\system\kGzwaec.exe	xmrig
C:\Windows\system\XNPTUzj.exe	xmrig
behavioral1/memory/1644-4076-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2472-4083-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2460-4081-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/2320-4107-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

ICeVadR.exeNGbdJoz.exeMwZKbeN.exeQcujftT.exeXNPTUzj.exekGzwaec.exeFqIvUgM.exeRFzPwXz.exerjaBotp.exemgIJGWd.exeQGtRXaG.exedeSfFCz.exeXYPFhqu.exeqVBMgop.exeNiRIrDi.exekfidMlX.exeKhOsOzy.exeElisbrl.exeURiRjkQ.exeYGaANbk.exeCALIRfS.exeMdExLYZ.exerywtUVj.exewFpnQxi.exesAiKPps.exeTXfyIwW.exejmZrThK.exezTQxjeh.exeOAgTOeR.exeCeXTvKU.exeDNBUVNp.exelHvxEop.exenExaTpn.exeuvPewox.exepBeViCY.exesoPrXOD.exehHlExXX.exeGOkqJaK.exeyKYobZM.exeUBXczZM.exeakOCUqL.exeBMYliqM.exepwSAedR.exeMEuYcFa.exerYZfFLh.exeIBVZzHJ.exeTSiufgo.exeBHrFNAD.exeDfCqYDc.exeyKwoPRd.exeuqCxghw.exeRnlpLfi.exeXKpBntQ.exeGlTbJze.exejGGxRcM.exelZLgIHw.exeinwsqdg.exeghmGloo.exedmNtIUI.exegKkYfqW.exeTTMXYfk.exevyVbiDP.exeuOFMWGb.exeVuIIEQw.exe

pid	process
1644	ICeVadR.exe
1632	NGbdJoz.exe
2460	MwZKbeN.exe
1376	QcujftT.exe
2472	XNPTUzj.exe
948	kGzwaec.exe
2844	FqIvUgM.exe
2856	RFzPwXz.exe
2784	rjaBotp.exe
2880	mgIJGWd.exe
2804	QGtRXaG.exe
320	deSfFCz.exe
2320	XYPFhqu.exe
1172	qVBMgop.exe
804	NiRIrDi.exe
1520	kfidMlX.exe
3004	KhOsOzy.exe
3020	Elisbrl.exe
1756	URiRjkQ.exe
1180	YGaANbk.exe
1436	CALIRfS.exe
2536	MdExLYZ.exe
1448	rywtUVj.exe
2208	wFpnQxi.exe
1236	sAiKPps.exe
2316	TXfyIwW.exe
984	jmZrThK.exe
2264	zTQxjeh.exe
2412	OAgTOeR.exe
2280	CeXTvKU.exe
1720	DNBUVNp.exe
1488	lHvxEop.exe
1408	nExaTpn.exe
1136	uvPewox.exe
1900	pBeViCY.exe
1972	soPrXOD.exe
764	hHlExXX.exe
1064	GOkqJaK.exe
1724	yKYobZM.exe
1616	UBXczZM.exe
2084	akOCUqL.exe
2824	BMYliqM.exe
1272	pwSAedR.exe
1868	MEuYcFa.exe
1828	rYZfFLh.exe
2012	IBVZzHJ.exe
2020	TSiufgo.exe
1300	BHrFNAD.exe
1964	DfCqYDc.exe
3016	yKwoPRd.exe
2912	uqCxghw.exe
2032	RnlpLfi.exe
2544	XKpBntQ.exe
3024	GlTbJze.exe
3048	jGGxRcM.exe
2332	lZLgIHw.exe
1116	inwsqdg.exe
2268	ghmGloo.exe
1924	dmNtIUI.exe
1652	gKkYfqW.exe
552	TTMXYfk.exe
1568	vyVbiDP.exe
2580	uOFMWGb.exe
1716	VuIIEQw.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2136-0-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
\Windows\system\ICeVadR.exe	upx
C:\Windows\system\NGbdJoz.exe	upx
\Windows\system\MwZKbeN.exe	upx
\Windows\system\QcujftT.exe	upx
C:\Windows\system\FqIvUgM.exe	upx
C:\Windows\system\RFzPwXz.exe	upx
C:\Windows\system\rjaBotp.exe	upx
C:\Windows\system\mgIJGWd.exe	upx
C:\Windows\system\deSfFCz.exe	upx
behavioral1/memory/2320-191-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/1644-979-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2136-900-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
C:\Windows\system\sAiKPps.exe	upx
\Windows\system\gKkYfqW.exe	upx
\Windows\system\dmNtIUI.exe	upx
C:\Windows\system\rywtUVj.exe	upx
\Windows\system\ghmGloo.exe	upx
\Windows\system\inwsqdg.exe	upx
\Windows\system\lZLgIHw.exe	upx
C:\Windows\system\YGaANbk.exe	upx
C:\Windows\system\URiRjkQ.exe	upx
\Windows\system\jGGxRcM.exe	upx
\Windows\system\GlTbJze.exe	upx
\Windows\system\XKpBntQ.exe	upx
\Windows\system\RnlpLfi.exe	upx
C:\Windows\system\kfidMlX.exe	upx
C:\Windows\system\NiRIrDi.exe	upx
C:\Windows\system\qVBMgop.exe	upx
\Windows\system\uqCxghw.exe	upx
\Windows\system\yKwoPRd.exe	upx
\Windows\system\soPrXOD.exe	upx
C:\Windows\system\XYPFhqu.exe	upx
behavioral1/memory/948-78-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
\Windows\system\pBeViCY.exe	upx
behavioral1/memory/2472-70-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/1376-68-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
\Windows\system\TXfyIwW.exe	upx
behavioral1/memory/1644-63-0x000000013F230000-0x000000013F584000-memory.dmp	upx
C:\Windows\system\wFpnQxi.exe	upx
behavioral1/memory/320-171-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2804-162-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
C:\Windows\system\MdExLYZ.exe	upx
C:\Windows\system\CALIRfS.exe	upx
behavioral1/memory/2880-146-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/memory/2784-134-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
C:\Windows\system\Elisbrl.exe	upx
behavioral1/memory/2856-112-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
C:\Windows\system\KhOsOzy.exe	upx
behavioral1/memory/2844-97-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2460-66-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/1632-64-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
C:\Windows\system\QGtRXaG.exe	upx
C:\Windows\system\kGzwaec.exe	upx
C:\Windows\system\XNPTUzj.exe	upx
behavioral1/memory/1644-4076-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2472-4083-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2460-4081-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/2320-4107-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/memory/2804-4106-0x000000013FE60000-0x00000001401B4000-memory.dmp	upx
behavioral1/memory/2844-4105-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2784-4104-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/1632-4108-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/320-4111-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\CakmfDL.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxpZjgd.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJMUMGE.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbVzQfd.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYmclgi.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBJmNMr.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\riiSTaz.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbjdjlO.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVenNnf.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ECVvRiF.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\saQnYwJ.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vUnuiYb.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAqMeUk.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwtmUPv.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDXsgbK.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAPpMdP.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXvdExu.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxyFQcS.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGEyBmf.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHpkhvl.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjlDMic.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyRWRTq.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htgxgih.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiDPRFu.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGpwAPj.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ItmhJXN.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zIbZsde.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yaVKIcd.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCYxpTB.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QMXfAVM.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gXWWfsf.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tivHykb.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMDBHoC.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLjELoL.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukbrrgp.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhbpHZx.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TdzpsvN.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geEgfdn.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJwAjhO.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYfqNNA.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKeTHes.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HfnHOIM.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKDOfVb.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCliHYX.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFWZvqh.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dEKWxGS.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfKbUbb.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdNhpFb.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhcvpMt.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhaQoen.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPCGDIV.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNZBaAO.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrWxAUX.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TIWxFbG.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stfIOmA.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QHhupkd.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FxrTudO.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABcHqmt.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YPJlcnD.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tppTBnr.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FsJHMes.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKJtdxa.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BjdaxKT.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eknfdCw.exe	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2136 wrote to memory of 1644	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	ICeVadR.exe
PID 2136 wrote to memory of 1644	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	ICeVadR.exe
PID 2136 wrote to memory of 1644	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	ICeVadR.exe
PID 2136 wrote to memory of 1632	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	NGbdJoz.exe
PID 2136 wrote to memory of 1632	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	NGbdJoz.exe
PID 2136 wrote to memory of 1632	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	NGbdJoz.exe
PID 2136 wrote to memory of 2460	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	MwZKbeN.exe
PID 2136 wrote to memory of 2460	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	MwZKbeN.exe
PID 2136 wrote to memory of 2460	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	MwZKbeN.exe
PID 2136 wrote to memory of 1376	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	QcujftT.exe
PID 2136 wrote to memory of 1376	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	QcujftT.exe
PID 2136 wrote to memory of 1376	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	QcujftT.exe
PID 2136 wrote to memory of 2472	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	XNPTUzj.exe
PID 2136 wrote to memory of 2472	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	XNPTUzj.exe
PID 2136 wrote to memory of 2472	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	XNPTUzj.exe
PID 2136 wrote to memory of 948	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	kGzwaec.exe
PID 2136 wrote to memory of 948	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	kGzwaec.exe
PID 2136 wrote to memory of 948	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	kGzwaec.exe
PID 2136 wrote to memory of 2844	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	FqIvUgM.exe
PID 2136 wrote to memory of 2844	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	FqIvUgM.exe
PID 2136 wrote to memory of 2844	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	FqIvUgM.exe
PID 2136 wrote to memory of 2856	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	RFzPwXz.exe
PID 2136 wrote to memory of 2856	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	RFzPwXz.exe
PID 2136 wrote to memory of 2856	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	RFzPwXz.exe
PID 2136 wrote to memory of 2784	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	rjaBotp.exe
PID 2136 wrote to memory of 2784	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	rjaBotp.exe
PID 2136 wrote to memory of 2784	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	rjaBotp.exe
PID 2136 wrote to memory of 2880	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	mgIJGWd.exe
PID 2136 wrote to memory of 2880	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	mgIJGWd.exe
PID 2136 wrote to memory of 2880	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	mgIJGWd.exe
PID 2136 wrote to memory of 2804	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	QGtRXaG.exe
PID 2136 wrote to memory of 2804	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	QGtRXaG.exe
PID 2136 wrote to memory of 2804	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	QGtRXaG.exe
PID 2136 wrote to memory of 320	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	deSfFCz.exe
PID 2136 wrote to memory of 320	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	deSfFCz.exe
PID 2136 wrote to memory of 320	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	deSfFCz.exe
PID 2136 wrote to memory of 2320	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	XYPFhqu.exe
PID 2136 wrote to memory of 2320	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	XYPFhqu.exe
PID 2136 wrote to memory of 2320	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	XYPFhqu.exe
PID 2136 wrote to memory of 1900	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	pBeViCY.exe
PID 2136 wrote to memory of 1900	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	pBeViCY.exe
PID 2136 wrote to memory of 1900	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	pBeViCY.exe
PID 2136 wrote to memory of 1172	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	qVBMgop.exe
PID 2136 wrote to memory of 1172	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	qVBMgop.exe
PID 2136 wrote to memory of 1172	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	qVBMgop.exe
PID 2136 wrote to memory of 1972	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	soPrXOD.exe
PID 2136 wrote to memory of 1972	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	soPrXOD.exe
PID 2136 wrote to memory of 1972	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	soPrXOD.exe
PID 2136 wrote to memory of 804	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	NiRIrDi.exe
PID 2136 wrote to memory of 804	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	NiRIrDi.exe
PID 2136 wrote to memory of 804	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	NiRIrDi.exe
PID 2136 wrote to memory of 3016	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	yKwoPRd.exe
PID 2136 wrote to memory of 3016	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	yKwoPRd.exe
PID 2136 wrote to memory of 3016	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	yKwoPRd.exe
PID 2136 wrote to memory of 1520	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	kfidMlX.exe
PID 2136 wrote to memory of 1520	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	kfidMlX.exe
PID 2136 wrote to memory of 1520	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	kfidMlX.exe
PID 2136 wrote to memory of 2912	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	uqCxghw.exe
PID 2136 wrote to memory of 2912	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	uqCxghw.exe
PID 2136 wrote to memory of 2912	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	uqCxghw.exe
PID 2136 wrote to memory of 3004	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	KhOsOzy.exe
PID 2136 wrote to memory of 3004	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	KhOsOzy.exe
PID 2136 wrote to memory of 3004	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	KhOsOzy.exe
PID 2136 wrote to memory of 2032	2136	2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe	RnlpLfi.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-21_22def95fc516f4fdf18cd308b9cb334f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\System\ICeVadR.exe
  C:\Windows\System\ICeVadR.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\NGbdJoz.exe
  C:\Windows\System\NGbdJoz.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\MwZKbeN.exe
  C:\Windows\System\MwZKbeN.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\QcujftT.exe
  C:\Windows\System\QcujftT.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\XNPTUzj.exe
  C:\Windows\System\XNPTUzj.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\kGzwaec.exe
  C:\Windows\System\kGzwaec.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\FqIvUgM.exe
  C:\Windows\System\FqIvUgM.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\RFzPwXz.exe
  C:\Windows\System\RFzPwXz.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\rjaBotp.exe
  C:\Windows\System\rjaBotp.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\mgIJGWd.exe
  C:\Windows\System\mgIJGWd.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\QGtRXaG.exe
  C:\Windows\System\QGtRXaG.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\deSfFCz.exe
  C:\Windows\System\deSfFCz.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\XYPFhqu.exe
  C:\Windows\System\XYPFhqu.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\pBeViCY.exe
  C:\Windows\System\pBeViCY.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\qVBMgop.exe
  C:\Windows\System\qVBMgop.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\soPrXOD.exe
  C:\Windows\System\soPrXOD.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\NiRIrDi.exe
  C:\Windows\System\NiRIrDi.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\yKwoPRd.exe
  C:\Windows\System\yKwoPRd.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\kfidMlX.exe
  C:\Windows\System\kfidMlX.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\uqCxghw.exe
  C:\Windows\System\uqCxghw.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\KhOsOzy.exe
  C:\Windows\System\KhOsOzy.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\RnlpLfi.exe
  C:\Windows\System\RnlpLfi.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\Elisbrl.exe
  C:\Windows\System\Elisbrl.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\XKpBntQ.exe
  C:\Windows\System\XKpBntQ.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\URiRjkQ.exe
  C:\Windows\System\URiRjkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\GlTbJze.exe
  C:\Windows\System\GlTbJze.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\YGaANbk.exe
  C:\Windows\System\YGaANbk.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\jGGxRcM.exe
  C:\Windows\System\jGGxRcM.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\CALIRfS.exe
  C:\Windows\System\CALIRfS.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\lZLgIHw.exe
  C:\Windows\System\lZLgIHw.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\MdExLYZ.exe
  C:\Windows\System\MdExLYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\inwsqdg.exe
  C:\Windows\System\inwsqdg.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\rywtUVj.exe
  C:\Windows\System\rywtUVj.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\ghmGloo.exe
  C:\Windows\System\ghmGloo.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\wFpnQxi.exe
  C:\Windows\System\wFpnQxi.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\dmNtIUI.exe
  C:\Windows\System\dmNtIUI.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\sAiKPps.exe
  C:\Windows\System\sAiKPps.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\gKkYfqW.exe
  C:\Windows\System\gKkYfqW.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\TXfyIwW.exe
  C:\Windows\System\TXfyIwW.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\TTMXYfk.exe
  C:\Windows\System\TTMXYfk.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\jmZrThK.exe
  C:\Windows\System\jmZrThK.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\vyVbiDP.exe
  C:\Windows\System\vyVbiDP.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\zTQxjeh.exe
  C:\Windows\System\zTQxjeh.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\uOFMWGb.exe
  C:\Windows\System\uOFMWGb.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\OAgTOeR.exe
  C:\Windows\System\OAgTOeR.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\VuIIEQw.exe
  C:\Windows\System\VuIIEQw.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\CeXTvKU.exe
  C:\Windows\System\CeXTvKU.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\vUnuiYb.exe
  C:\Windows\System\vUnuiYb.exe
  2⤵
  PID:3036
- C:\Windows\System\DNBUVNp.exe
  C:\Windows\System\DNBUVNp.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\aacbtoN.exe
  C:\Windows\System\aacbtoN.exe
  2⤵
  PID:2424
- C:\Windows\System\lHvxEop.exe
  C:\Windows\System\lHvxEop.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\ovvDnQi.exe
  C:\Windows\System\ovvDnQi.exe
  2⤵
  PID:988
- C:\Windows\System\nExaTpn.exe
  C:\Windows\System\nExaTpn.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\NFAxlJs.exe
  C:\Windows\System\NFAxlJs.exe
  2⤵
  PID:1284
- C:\Windows\System\uvPewox.exe
  C:\Windows\System\uvPewox.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\VvunQns.exe
  C:\Windows\System\VvunQns.exe
  2⤵
  PID:1996
- C:\Windows\System\hHlExXX.exe
  C:\Windows\System\hHlExXX.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\pfjURjL.exe
  C:\Windows\System\pfjURjL.exe
  2⤵
  PID:2104
- C:\Windows\System\GOkqJaK.exe
  C:\Windows\System\GOkqJaK.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\OVenNnf.exe
  C:\Windows\System\OVenNnf.exe
  2⤵
  PID:2172
- C:\Windows\System\yKYobZM.exe
  C:\Windows\System\yKYobZM.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\pOmlUmx.exe
  C:\Windows\System\pOmlUmx.exe
  2⤵
  PID:1620
- C:\Windows\System\UBXczZM.exe
  C:\Windows\System\UBXczZM.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\krJEjKT.exe
  C:\Windows\System\krJEjKT.exe
  2⤵
  PID:1904
- C:\Windows\System\akOCUqL.exe
  C:\Windows\System\akOCUqL.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\GVnxuXt.exe
  C:\Windows\System\GVnxuXt.exe
  2⤵
  PID:1480
- C:\Windows\System\BMYliqM.exe
  C:\Windows\System\BMYliqM.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\SxbnXWP.exe
  C:\Windows\System\SxbnXWP.exe
  2⤵
  PID:2768
- C:\Windows\System\pwSAedR.exe
  C:\Windows\System\pwSAedR.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\nEpwzMW.exe
  C:\Windows\System\nEpwzMW.exe
  2⤵
  PID:2864
- C:\Windows\System\MEuYcFa.exe
  C:\Windows\System\MEuYcFa.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\smwxyXv.exe
  C:\Windows\System\smwxyXv.exe
  2⤵
  PID:2788
- C:\Windows\System\rYZfFLh.exe
  C:\Windows\System\rYZfFLh.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\iAKYXjM.exe
  C:\Windows\System\iAKYXjM.exe
  2⤵
  PID:3008
- C:\Windows\System\IBVZzHJ.exe
  C:\Windows\System\IBVZzHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\SPcuoXs.exe
  C:\Windows\System\SPcuoXs.exe
  2⤵
  PID:2040
- C:\Windows\System\TSiufgo.exe
  C:\Windows\System\TSiufgo.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\ZceZZlL.exe
  C:\Windows\System\ZceZZlL.exe
  2⤵
  PID:1876
- C:\Windows\System\BHrFNAD.exe
  C:\Windows\System\BHrFNAD.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\YnrMvEZ.exe
  C:\Windows\System\YnrMvEZ.exe
  2⤵
  PID:2792
- C:\Windows\System\DfCqYDc.exe
  C:\Windows\System\DfCqYDc.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\nzUFhPp.exe
  C:\Windows\System\nzUFhPp.exe
  2⤵
  PID:2528
- C:\Windows\System\irRMTHK.exe
  C:\Windows\System\irRMTHK.exe
  2⤵
  PID:3252
- C:\Windows\System\AHpkhvl.exe
  C:\Windows\System\AHpkhvl.exe
  2⤵
  PID:3272
- C:\Windows\System\yCYxpTB.exe
  C:\Windows\System\yCYxpTB.exe
  2⤵
  PID:3288
- C:\Windows\System\ubgmjjX.exe
  C:\Windows\System\ubgmjjX.exe
  2⤵
  PID:3304
- C:\Windows\System\xLBMvrY.exe
  C:\Windows\System\xLBMvrY.exe
  2⤵
  PID:3324
- C:\Windows\System\talZGYJ.exe
  C:\Windows\System\talZGYJ.exe
  2⤵
  PID:3352
- C:\Windows\System\odeyUHA.exe
  C:\Windows\System\odeyUHA.exe
  2⤵
  PID:3368
- C:\Windows\System\qJxCFJn.exe
  C:\Windows\System\qJxCFJn.exe
  2⤵
  PID:3384
- C:\Windows\System\zBNLHIy.exe
  C:\Windows\System\zBNLHIy.exe
  2⤵
  PID:3400
- C:\Windows\System\xCeewgN.exe
  C:\Windows\System\xCeewgN.exe
  2⤵
  PID:3416
- C:\Windows\System\NhhnQDV.exe
  C:\Windows\System\NhhnQDV.exe
  2⤵
  PID:3432
- C:\Windows\System\oEguUGj.exe
  C:\Windows\System\oEguUGj.exe
  2⤵
  PID:3460
- C:\Windows\System\jeXAsoa.exe
  C:\Windows\System\jeXAsoa.exe
  2⤵
  PID:3484
- C:\Windows\System\HALDjVG.exe
  C:\Windows\System\HALDjVG.exe
  2⤵
  PID:3504
- C:\Windows\System\scwrmpm.exe
  C:\Windows\System\scwrmpm.exe
  2⤵
  PID:3524
- C:\Windows\System\RDXIbkU.exe
  C:\Windows\System\RDXIbkU.exe
  2⤵
  PID:3556
- C:\Windows\System\FIEodiS.exe
  C:\Windows\System\FIEodiS.exe
  2⤵
  PID:3576
- C:\Windows\System\PuhqMJV.exe
  C:\Windows\System\PuhqMJV.exe
  2⤵
  PID:3592
- C:\Windows\System\kponBie.exe
  C:\Windows\System\kponBie.exe
  2⤵
  PID:3608
- C:\Windows\System\nDFJIch.exe
  C:\Windows\System\nDFJIch.exe
  2⤵
  PID:3636
- C:\Windows\System\jmvGaPX.exe
  C:\Windows\System\jmvGaPX.exe
  2⤵
  PID:3656
- C:\Windows\System\mUVrqQV.exe
  C:\Windows\System\mUVrqQV.exe
  2⤵
  PID:3672
- C:\Windows\System\LQFtDBc.exe
  C:\Windows\System\LQFtDBc.exe
  2⤵
  PID:3696
- C:\Windows\System\RJSDybS.exe
  C:\Windows\System\RJSDybS.exe
  2⤵
  PID:3716
- C:\Windows\System\pgSiGpY.exe
  C:\Windows\System\pgSiGpY.exe
  2⤵
  PID:3732
- C:\Windows\System\kbtCfNC.exe
  C:\Windows\System\kbtCfNC.exe
  2⤵
  PID:3756
- C:\Windows\System\imLCtMw.exe
  C:\Windows\System\imLCtMw.exe
  2⤵
  PID:3780
- C:\Windows\System\bZcvqNR.exe
  C:\Windows\System\bZcvqNR.exe
  2⤵
  PID:3800
- C:\Windows\System\AXURMvP.exe
  C:\Windows\System\AXURMvP.exe
  2⤵
  PID:3820
- C:\Windows\System\wBqkJop.exe
  C:\Windows\System\wBqkJop.exe
  2⤵
  PID:3836
- C:\Windows\System\QlhXqUP.exe
  C:\Windows\System\QlhXqUP.exe
  2⤵
  PID:3856
- C:\Windows\System\PnNjcfL.exe
  C:\Windows\System\PnNjcfL.exe
  2⤵
  PID:3876
- C:\Windows\System\zDIyMiN.exe
  C:\Windows\System\zDIyMiN.exe
  2⤵
  PID:3896
- C:\Windows\System\NzWMYqk.exe
  C:\Windows\System\NzWMYqk.exe
  2⤵
  PID:3916
- C:\Windows\System\djtQhxd.exe
  C:\Windows\System\djtQhxd.exe
  2⤵
  PID:3932
- C:\Windows\System\Moeflym.exe
  C:\Windows\System\Moeflym.exe
  2⤵
  PID:3948
- C:\Windows\System\EtMtyem.exe
  C:\Windows\System\EtMtyem.exe
  2⤵
  PID:3980
- C:\Windows\System\nbvdhzb.exe
  C:\Windows\System\nbvdhzb.exe
  2⤵
  PID:4000
- C:\Windows\System\vrnEhUq.exe
  C:\Windows\System\vrnEhUq.exe
  2⤵
  PID:4020
- C:\Windows\System\YNcngso.exe
  C:\Windows\System\YNcngso.exe
  2⤵
  PID:4036
- C:\Windows\System\czCSiZv.exe
  C:\Windows\System\czCSiZv.exe
  2⤵
  PID:4060
- C:\Windows\System\lpYMmNH.exe
  C:\Windows\System\lpYMmNH.exe
  2⤵
  PID:4076
- C:\Windows\System\xnLVXWh.exe
  C:\Windows\System\xnLVXWh.exe
  2⤵
  PID:1688
- C:\Windows\System\tppTBnr.exe
  C:\Windows\System\tppTBnr.exe
  2⤵
  PID:2936
- C:\Windows\System\SIiEkle.exe
  C:\Windows\System\SIiEkle.exe
  2⤵
  PID:1528
- C:\Windows\System\gdqemmF.exe
  C:\Windows\System\gdqemmF.exe
  2⤵
  PID:3068
- C:\Windows\System\FhmFWKT.exe
  C:\Windows\System\FhmFWKT.exe
  2⤵
  PID:2188
- C:\Windows\System\vjNVRET.exe
  C:\Windows\System\vjNVRET.exe
  2⤵
  PID:3028
- C:\Windows\System\GLvAsZe.exe
  C:\Windows\System\GLvAsZe.exe
  2⤵
  PID:1484
- C:\Windows\System\ngzlUTQ.exe
  C:\Windows\System\ngzlUTQ.exe
  2⤵
  PID:1752
- C:\Windows\System\UjbBvQO.exe
  C:\Windows\System\UjbBvQO.exe
  2⤵
  PID:1200
- C:\Windows\System\NveWMNi.exe
  C:\Windows\System\NveWMNi.exe
  2⤵
  PID:1764
- C:\Windows\System\doDcFZy.exe
  C:\Windows\System\doDcFZy.exe
  2⤵
  PID:1440
- C:\Windows\System\bKPomtu.exe
  C:\Windows\System\bKPomtu.exe
  2⤵
  PID:1696
- C:\Windows\System\giHknez.exe
  C:\Windows\System\giHknez.exe
  2⤵
  PID:1980
- C:\Windows\System\XgdILau.exe
  C:\Windows\System\XgdILau.exe
  2⤵
  PID:1452
- C:\Windows\System\vMBmYdr.exe
  C:\Windows\System\vMBmYdr.exe
  2⤵
  PID:236
- C:\Windows\System\URRfjfC.exe
  C:\Windows\System\URRfjfC.exe
  2⤵
  PID:1820
- C:\Windows\System\XwfovOA.exe
  C:\Windows\System\XwfovOA.exe
  2⤵
  PID:2276
- C:\Windows\System\kdsLJEj.exe
  C:\Windows\System\kdsLJEj.exe
  2⤵
  PID:3092
- C:\Windows\System\RDEYQxC.exe
  C:\Windows\System\RDEYQxC.exe
  2⤵
  PID:3112
- C:\Windows\System\oZACFAm.exe
  C:\Windows\System\oZACFAm.exe
  2⤵
  PID:3136
- C:\Windows\System\HybDhmv.exe
  C:\Windows\System\HybDhmv.exe
  2⤵
  PID:3152
- C:\Windows\System\PoRYePM.exe
  C:\Windows\System\PoRYePM.exe
  2⤵
  PID:3172
- C:\Windows\System\prOAsak.exe
  C:\Windows\System\prOAsak.exe
  2⤵
  PID:3192
- C:\Windows\System\TGcHjVk.exe
  C:\Windows\System\TGcHjVk.exe
  2⤵
  PID:3212
- C:\Windows\System\fCaUjGX.exe
  C:\Windows\System\fCaUjGX.exe
  2⤵
  PID:1624
- C:\Windows\System\UdaecYK.exe
  C:\Windows\System\UdaecYK.exe
  2⤵
  PID:1500
- C:\Windows\System\HCcbUAk.exe
  C:\Windows\System\HCcbUAk.exe
  2⤵
  PID:3248
- C:\Windows\System\zpvuERu.exe
  C:\Windows\System\zpvuERu.exe
  2⤵
  PID:3320
- C:\Windows\System\PiSuqRG.exe
  C:\Windows\System\PiSuqRG.exe
  2⤵
  PID:3396
- C:\Windows\System\LVwNHEQ.exe
  C:\Windows\System\LVwNHEQ.exe
  2⤵
  PID:3300
- C:\Windows\System\nQyrbmq.exe
  C:\Windows\System\nQyrbmq.exe
  2⤵
  PID:3476
- C:\Windows\System\pjlqHBo.exe
  C:\Windows\System\pjlqHBo.exe
  2⤵
  PID:3344
- C:\Windows\System\tppKVBw.exe
  C:\Windows\System\tppKVBw.exe
  2⤵
  PID:3444
- C:\Windows\System\AXwoEJM.exe
  C:\Windows\System\AXwoEJM.exe
  2⤵
  PID:3492
- C:\Windows\System\EccplPd.exe
  C:\Windows\System\EccplPd.exe
  2⤵
  PID:3452
- C:\Windows\System\ZsiypbU.exe
  C:\Windows\System\ZsiypbU.exe
  2⤵
  PID:3544
- C:\Windows\System\iXQIAFz.exe
  C:\Windows\System\iXQIAFz.exe
  2⤵
  PID:3552
- C:\Windows\System\vEZbHZL.exe
  C:\Windows\System\vEZbHZL.exe
  2⤵
  PID:3588
- C:\Windows\System\CTUSvpq.exe
  C:\Windows\System\CTUSvpq.exe
  2⤵
  PID:3652
- C:\Windows\System\bfcFtib.exe
  C:\Windows\System\bfcFtib.exe
  2⤵
  PID:3688
- C:\Windows\System\FWjAZUv.exe
  C:\Windows\System\FWjAZUv.exe
  2⤵
  PID:3728
- C:\Windows\System\sBaQaNd.exe
  C:\Windows\System\sBaQaNd.exe
  2⤵
  PID:3712
- C:\Windows\System\ZLFpthu.exe
  C:\Windows\System\ZLFpthu.exe
  2⤵
  PID:3776
- C:\Windows\System\BkcUjGB.exe
  C:\Windows\System\BkcUjGB.exe
  2⤵
  PID:3788
- C:\Windows\System\FrNBSpA.exe
  C:\Windows\System\FrNBSpA.exe
  2⤵
  PID:3844
- C:\Windows\System\cTbHtlk.exe
  C:\Windows\System\cTbHtlk.exe
  2⤵
  PID:3888
- C:\Windows\System\bVpLaaB.exe
  C:\Windows\System\bVpLaaB.exe
  2⤵
  PID:3912
- C:\Windows\System\XGgPUbr.exe
  C:\Windows\System\XGgPUbr.exe
  2⤵
  PID:3972
- C:\Windows\System\rvACKbi.exe
  C:\Windows\System\rvACKbi.exe
  2⤵
  PID:4008
- C:\Windows\System\bmkJTto.exe
  C:\Windows\System\bmkJTto.exe
  2⤵
  PID:4056
- C:\Windows\System\cmliLXG.exe
  C:\Windows\System\cmliLXG.exe
  2⤵
  PID:3988
- C:\Windows\System\ewquaLt.exe
  C:\Windows\System\ewquaLt.exe
  2⤵
  PID:4028
- C:\Windows\System\TuVGfDL.exe
  C:\Windows\System\TuVGfDL.exe
  2⤵
  PID:2968
- C:\Windows\System\PAqMeUk.exe
  C:\Windows\System\PAqMeUk.exe
  2⤵
  PID:2176
- C:\Windows\System\WLZIiHB.exe
  C:\Windows\System\WLZIiHB.exe
  2⤵
  PID:376
- C:\Windows\System\rNEkpXg.exe
  C:\Windows\System\rNEkpXg.exe
  2⤵
  PID:740
- C:\Windows\System\IxjSqOP.exe
  C:\Windows\System\IxjSqOP.exe
  2⤵
  PID:952
- C:\Windows\System\uJsoqSC.exe
  C:\Windows\System\uJsoqSC.exe
  2⤵
  PID:1948
- C:\Windows\System\zhcvpMt.exe
  C:\Windows\System\zhcvpMt.exe
  2⤵
  PID:2240
- C:\Windows\System\pKpUrZt.exe
  C:\Windows\System\pKpUrZt.exe
  2⤵
  PID:2348
- C:\Windows\System\vSYvIkr.exe
  C:\Windows\System\vSYvIkr.exe
  2⤵
  PID:2832
- C:\Windows\System\SHqnpKw.exe
  C:\Windows\System\SHqnpKw.exe
  2⤵
  PID:1608
- C:\Windows\System\yAWrxnH.exe
  C:\Windows\System\yAWrxnH.exe
  2⤵
  PID:1120
- C:\Windows\System\SHonQbE.exe
  C:\Windows\System\SHonQbE.exe
  2⤵
  PID:3188
- C:\Windows\System\IvbvuxF.exe
  C:\Windows\System\IvbvuxF.exe
  2⤵
  PID:3124
- C:\Windows\System\CqGAbfO.exe
  C:\Windows\System\CqGAbfO.exe
  2⤵
  PID:3204
- C:\Windows\System\CtnmdYd.exe
  C:\Windows\System\CtnmdYd.exe
  2⤵
  PID:2916
- C:\Windows\System\EvEuUaj.exe
  C:\Windows\System\EvEuUaj.exe
  2⤵
  PID:448
- C:\Windows\System\vftzcOk.exe
  C:\Windows\System\vftzcOk.exe
  2⤵
  PID:3472
- C:\Windows\System\scgKCGb.exe
  C:\Windows\System\scgKCGb.exe
  2⤵
  PID:3380
- C:\Windows\System\kBUVXAD.exe
  C:\Windows\System\kBUVXAD.exe
  2⤵
  PID:3264
- C:\Windows\System\SwtmUPv.exe
  C:\Windows\System\SwtmUPv.exe
  2⤵
  PID:3340
- C:\Windows\System\HRQHeaj.exe
  C:\Windows\System\HRQHeaj.exe
  2⤵
  PID:3572
- C:\Windows\System\CJKTCym.exe
  C:\Windows\System\CJKTCym.exe
  2⤵
  PID:3632
- C:\Windows\System\kSbmOdz.exe
  C:\Windows\System\kSbmOdz.exe
  2⤵
  PID:3724
- C:\Windows\System\yaunokw.exe
  C:\Windows\System\yaunokw.exe
  2⤵
  PID:3584
- C:\Windows\System\sycMMkh.exe
  C:\Windows\System\sycMMkh.exe
  2⤵
  PID:3816
- C:\Windows\System\fkBNMXf.exe
  C:\Windows\System\fkBNMXf.exe
  2⤵
  PID:3680
- C:\Windows\System\cqnUERQ.exe
  C:\Windows\System\cqnUERQ.exe
  2⤵
  PID:3956
- C:\Windows\System\FUCDOLa.exe
  C:\Windows\System\FUCDOLa.exe
  2⤵
  PID:3848
- C:\Windows\System\wtAqtDM.exe
  C:\Windows\System\wtAqtDM.exe
  2⤵
  PID:3892
- C:\Windows\System\mTZkpaY.exe
  C:\Windows\System\mTZkpaY.exe
  2⤵
  PID:4084
- C:\Windows\System\cFESOlD.exe
  C:\Windows\System\cFESOlD.exe
  2⤵
  PID:3968
- C:\Windows\System\QvicFpW.exe
  C:\Windows\System\QvicFpW.exe
  2⤵
  PID:1512
- C:\Windows\System\RSODCQP.exe
  C:\Windows\System\RSODCQP.exe
  2⤵
  PID:2036
- C:\Windows\System\zsnfote.exe
  C:\Windows\System\zsnfote.exe
  2⤵
  PID:2516
- C:\Windows\System\zjsITww.exe
  C:\Windows\System\zjsITww.exe
  2⤵
  PID:1736
- C:\Windows\System\RjlDMic.exe
  C:\Windows\System\RjlDMic.exe
  2⤵
  PID:3128
- C:\Windows\System\AbqfKFp.exe
  C:\Windows\System\AbqfKFp.exe
  2⤵
  PID:2800
- C:\Windows\System\xEvcsYG.exe
  C:\Windows\System\xEvcsYG.exe
  2⤵
  PID:276
- C:\Windows\System\kPZEVLp.exe
  C:\Windows\System\kPZEVLp.exe
  2⤵
  PID:3148
- C:\Windows\System\hoVjfcK.exe
  C:\Windows\System\hoVjfcK.exe
  2⤵
  PID:1424
- C:\Windows\System\ZChQDXJ.exe
  C:\Windows\System\ZChQDXJ.exe
  2⤵
  PID:3428
- C:\Windows\System\fpJZXGo.exe
  C:\Windows\System\fpJZXGo.exe
  2⤵
  PID:408
- C:\Windows\System\fKMIliO.exe
  C:\Windows\System\fKMIliO.exe
  2⤵
  PID:3408
- C:\Windows\System\bOAxrhc.exe
  C:\Windows\System\bOAxrhc.exe
  2⤵
  PID:3468
- C:\Windows\System\gdqLBxV.exe
  C:\Windows\System\gdqLBxV.exe
  2⤵
  PID:3628
- C:\Windows\System\nVHYjHB.exe
  C:\Windows\System\nVHYjHB.exe
  2⤵
  PID:4100
- C:\Windows\System\wUlhGOY.exe
  C:\Windows\System\wUlhGOY.exe
  2⤵
  PID:4116
- C:\Windows\System\TDjpqnV.exe
  C:\Windows\System\TDjpqnV.exe
  2⤵
  PID:4132
- C:\Windows\System\XcCHeZQ.exe
  C:\Windows\System\XcCHeZQ.exe
  2⤵
  PID:4148
- C:\Windows\System\YilOttJ.exe
  C:\Windows\System\YilOttJ.exe
  2⤵
  PID:4164
- C:\Windows\System\bReRgCh.exe
  C:\Windows\System\bReRgCh.exe
  2⤵
  PID:4180
- C:\Windows\System\hObsBmG.exe
  C:\Windows\System\hObsBmG.exe
  2⤵
  PID:4196
- C:\Windows\System\eKDOfVb.exe
  C:\Windows\System\eKDOfVb.exe
  2⤵
  PID:4212
- C:\Windows\System\PNyWPym.exe
  C:\Windows\System\PNyWPym.exe
  2⤵
  PID:4228
- C:\Windows\System\lZDPAqh.exe
  C:\Windows\System\lZDPAqh.exe
  2⤵
  PID:4244
- C:\Windows\System\AYAxDOt.exe
  C:\Windows\System\AYAxDOt.exe
  2⤵
  PID:4292
- C:\Windows\System\uoHkaVR.exe
  C:\Windows\System\uoHkaVR.exe
  2⤵
  PID:4308
- C:\Windows\System\uIWkdxA.exe
  C:\Windows\System\uIWkdxA.exe
  2⤵
  PID:4324
- C:\Windows\System\NtBRxtm.exe
  C:\Windows\System\NtBRxtm.exe
  2⤵
  PID:4340
- C:\Windows\System\JbuHJZV.exe
  C:\Windows\System\JbuHJZV.exe
  2⤵
  PID:4364
- C:\Windows\System\PUGGZof.exe
  C:\Windows\System\PUGGZof.exe
  2⤵
  PID:4384
- C:\Windows\System\xxjqBxT.exe
  C:\Windows\System\xxjqBxT.exe
  2⤵
  PID:4404
- C:\Windows\System\WexFhbD.exe
  C:\Windows\System\WexFhbD.exe
  2⤵
  PID:4452
- C:\Windows\System\oQCVtLh.exe
  C:\Windows\System\oQCVtLh.exe
  2⤵
  PID:4468
- C:\Windows\System\gNVXReY.exe
  C:\Windows\System\gNVXReY.exe
  2⤵
  PID:4484
- C:\Windows\System\jsdFhvM.exe
  C:\Windows\System\jsdFhvM.exe
  2⤵
  PID:4508
- C:\Windows\System\gywPKZD.exe
  C:\Windows\System\gywPKZD.exe
  2⤵
  PID:4524
- C:\Windows\System\MgFivck.exe
  C:\Windows\System\MgFivck.exe
  2⤵
  PID:4540
- C:\Windows\System\vjBCYsc.exe
  C:\Windows\System\vjBCYsc.exe
  2⤵
  PID:4564
- C:\Windows\System\ifccWly.exe
  C:\Windows\System\ifccWly.exe
  2⤵
  PID:4580
- C:\Windows\System\VXkzkWV.exe
  C:\Windows\System\VXkzkWV.exe
  2⤵
  PID:4616
- C:\Windows\System\bRIMIMi.exe
  C:\Windows\System\bRIMIMi.exe
  2⤵
  PID:4632
- C:\Windows\System\hyUFEEw.exe
  C:\Windows\System\hyUFEEw.exe
  2⤵
  PID:4652
- C:\Windows\System\FsJHMes.exe
  C:\Windows\System\FsJHMes.exe
  2⤵
  PID:4672
- C:\Windows\System\cYOYXqT.exe
  C:\Windows\System\cYOYXqT.exe
  2⤵
  PID:4692
- C:\Windows\System\pnsVxZW.exe
  C:\Windows\System\pnsVxZW.exe
  2⤵
  PID:4712
- C:\Windows\System\UvoaHNI.exe
  C:\Windows\System\UvoaHNI.exe
  2⤵
  PID:4732
- C:\Windows\System\eUnvJnV.exe
  C:\Windows\System\eUnvJnV.exe
  2⤵
  PID:4756
- C:\Windows\System\hQEIaqt.exe
  C:\Windows\System\hQEIaqt.exe
  2⤵
  PID:4776
- C:\Windows\System\cAPpMdP.exe
  C:\Windows\System\cAPpMdP.exe
  2⤵
  PID:4796
- C:\Windows\System\GyXwWFz.exe
  C:\Windows\System\GyXwWFz.exe
  2⤵
  PID:4816
- C:\Windows\System\iFYTZiH.exe
  C:\Windows\System\iFYTZiH.exe
  2⤵
  PID:4836
- C:\Windows\System\lvCClyr.exe
  C:\Windows\System\lvCClyr.exe
  2⤵
  PID:4856
- C:\Windows\System\UWzOwvr.exe
  C:\Windows\System\UWzOwvr.exe
  2⤵
  PID:4876
- C:\Windows\System\iXvdExu.exe
  C:\Windows\System\iXvdExu.exe
  2⤵
  PID:4896
- C:\Windows\System\ATZuDDk.exe
  C:\Windows\System\ATZuDDk.exe
  2⤵
  PID:4916
- C:\Windows\System\RlGELEd.exe
  C:\Windows\System\RlGELEd.exe
  2⤵
  PID:4936
- C:\Windows\System\qObeQVp.exe
  C:\Windows\System\qObeQVp.exe
  2⤵
  PID:4956
- C:\Windows\System\RHYyaVJ.exe
  C:\Windows\System\RHYyaVJ.exe
  2⤵
  PID:4976
- C:\Windows\System\ILXOINb.exe
  C:\Windows\System\ILXOINb.exe
  2⤵
  PID:4996
- C:\Windows\System\kIpCWCE.exe
  C:\Windows\System\kIpCWCE.exe
  2⤵
  PID:5016
- C:\Windows\System\EyRWRTq.exe
  C:\Windows\System\EyRWRTq.exe
  2⤵
  PID:5036
- C:\Windows\System\JRfoZIz.exe
  C:\Windows\System\JRfoZIz.exe
  2⤵
  PID:5056
- C:\Windows\System\lOmQVIa.exe
  C:\Windows\System\lOmQVIa.exe
  2⤵
  PID:5072
- C:\Windows\System\WYvrwBU.exe
  C:\Windows\System\WYvrwBU.exe
  2⤵
  PID:5100
- C:\Windows\System\wwefHEp.exe
  C:\Windows\System\wwefHEp.exe
  2⤵
  PID:3808
- C:\Windows\System\VoRdrnp.exe
  C:\Windows\System\VoRdrnp.exe
  2⤵
  PID:3872
- C:\Windows\System\MAfWNIo.exe
  C:\Windows\System\MAfWNIo.exe
  2⤵
  PID:2688
- C:\Windows\System\pKThMeg.exe
  C:\Windows\System\pKThMeg.exe
  2⤵
  PID:1412
- C:\Windows\System\EdqPqHd.exe
  C:\Windows\System\EdqPqHd.exe
  2⤵
  PID:544
- C:\Windows\System\xOLekXJ.exe
  C:\Windows\System\xOLekXJ.exe
  2⤵
  PID:3516
- C:\Windows\System\caPBtTX.exe
  C:\Windows\System\caPBtTX.exe
  2⤵
  PID:3708
- C:\Windows\System\OJagiPM.exe
  C:\Windows\System\OJagiPM.exe
  2⤵
  PID:3748
- C:\Windows\System\IfNJJwQ.exe
  C:\Windows\System\IfNJJwQ.exe
  2⤵
  PID:3852
- C:\Windows\System\gfixxtI.exe
  C:\Windows\System\gfixxtI.exe
  2⤵
  PID:4144
- C:\Windows\System\gYLFpUb.exe
  C:\Windows\System\gYLFpUb.exe
  2⤵
  PID:4208
- C:\Windows\System\cMzqJMd.exe
  C:\Windows\System\cMzqJMd.exe
  2⤵
  PID:1068
- C:\Windows\System\UPlDiMA.exe
  C:\Windows\System\UPlDiMA.exe
  2⤵
  PID:3100
- C:\Windows\System\YgfkLWd.exe
  C:\Windows\System\YgfkLWd.exe
  2⤵
  PID:3108
- C:\Windows\System\sUyqbUP.exe
  C:\Windows\System\sUyqbUP.exe
  2⤵
  PID:4372
- C:\Windows\System\mBJHYxd.exe
  C:\Windows\System\mBJHYxd.exe
  2⤵
  PID:1544
- C:\Windows\System\RvtKRcZ.exe
  C:\Windows\System\RvtKRcZ.exe
  2⤵
  PID:3440
- C:\Windows\System\xSzNYob.exe
  C:\Windows\System\xSzNYob.exe
  2⤵
  PID:4416
- C:\Windows\System\xXlZJNm.exe
  C:\Windows\System\xXlZJNm.exe
  2⤵
  PID:4260
- C:\Windows\System\FvIIjIa.exe
  C:\Windows\System\FvIIjIa.exe
  2⤵
  PID:4284
- C:\Windows\System\OrwdGCi.exe
  C:\Windows\System\OrwdGCi.exe
  2⤵
  PID:4360
- C:\Windows\System\yhsNzSC.exe
  C:\Windows\System\yhsNzSC.exe
  2⤵
  PID:3548
- C:\Windows\System\UTVqtqI.exe
  C:\Windows\System\UTVqtqI.exe
  2⤵
  PID:4268
- C:\Windows\System\rJvAvUy.exe
  C:\Windows\System\rJvAvUy.exe
  2⤵
  PID:4192
- C:\Windows\System\zYFDMYH.exe
  C:\Windows\System\zYFDMYH.exe
  2⤵
  PID:4548
- C:\Windows\System\dilqpdP.exe
  C:\Windows\System\dilqpdP.exe
  2⤵
  PID:4504
- C:\Windows\System\tpeaoyM.exe
  C:\Windows\System\tpeaoyM.exe
  2⤵
  PID:4496
- C:\Windows\System\rErUGhG.exe
  C:\Windows\System\rErUGhG.exe
  2⤵
  PID:4588
- C:\Windows\System\ZhrReuQ.exe
  C:\Windows\System\ZhrReuQ.exe
  2⤵
  PID:4612
- C:\Windows\System\AYFgifP.exe
  C:\Windows\System\AYFgifP.exe
  2⤵
  PID:4628
- C:\Windows\System\FORRLFI.exe
  C:\Windows\System\FORRLFI.exe
  2⤵
  PID:4664
- C:\Windows\System\iAUDDyB.exe
  C:\Windows\System\iAUDDyB.exe
  2⤵
  PID:4728
- C:\Windows\System\qHpsCsH.exe
  C:\Windows\System\qHpsCsH.exe
  2⤵
  PID:4772
- C:\Windows\System\DaLXKYm.exe
  C:\Windows\System\DaLXKYm.exe
  2⤵
  PID:4752
- C:\Windows\System\kcRnDHX.exe
  C:\Windows\System\kcRnDHX.exe
  2⤵
  PID:4808
- C:\Windows\System\npjzIQQ.exe
  C:\Windows\System\npjzIQQ.exe
  2⤵
  PID:4828
- C:\Windows\System\DFJycJy.exe
  C:\Windows\System\DFJycJy.exe
  2⤵
  PID:4872
- C:\Windows\System\iNdppMQ.exe
  C:\Windows\System\iNdppMQ.exe
  2⤵
  PID:4868
- C:\Windows\System\ULwKzhU.exe
  C:\Windows\System\ULwKzhU.exe
  2⤵
  PID:4912
- C:\Windows\System\gSGGvzW.exe
  C:\Windows\System\gSGGvzW.exe
  2⤵
  PID:4948
- C:\Windows\System\ybVojKv.exe
  C:\Windows\System\ybVojKv.exe
  2⤵
  PID:5004
- C:\Windows\System\tMoZbvu.exe
  C:\Windows\System\tMoZbvu.exe
  2⤵
  PID:5048
- C:\Windows\System\Qxlrpoj.exe
  C:\Windows\System\Qxlrpoj.exe
  2⤵
  PID:5032
- C:\Windows\System\OfEqqOe.exe
  C:\Windows\System\OfEqqOe.exe
  2⤵
  PID:5064
- C:\Windows\System\vVHGGGe.exe
  C:\Windows\System\vVHGGGe.exe
  2⤵
  PID:3996
- C:\Windows\System\cuXpJLW.exe
  C:\Windows\System\cuXpJLW.exe
  2⤵
  PID:3456
- C:\Windows\System\oArhrrW.exe
  C:\Windows\System\oArhrrW.exe
  2⤵
  PID:4068
- C:\Windows\System\KQfTrBH.exe
  C:\Windows\System\KQfTrBH.exe
  2⤵
  PID:2588
- C:\Windows\System\oJDOlhG.exe
  C:\Windows\System\oJDOlhG.exe
  2⤵
  PID:3604
- C:\Windows\System\EzUnVJG.exe
  C:\Windows\System\EzUnVJG.exe
  2⤵
  PID:2940
- C:\Windows\System\zaJRWjS.exe
  C:\Windows\System\zaJRWjS.exe
  2⤵
  PID:4380
- C:\Windows\System\HtRnpBO.exe
  C:\Windows\System\HtRnpBO.exe
  2⤵
  PID:3168
- C:\Windows\System\jVZEtWT.exe
  C:\Windows\System\jVZEtWT.exe
  2⤵
  PID:4176
- C:\Windows\System\dhbpHZx.exe
  C:\Windows\System\dhbpHZx.exe
  2⤵
  PID:760
- C:\Windows\System\AYooBjb.exe
  C:\Windows\System\AYooBjb.exe
  2⤵
  PID:3704
- C:\Windows\System\kRgPocI.exe
  C:\Windows\System\kRgPocI.exe
  2⤵
  PID:4320
- C:\Windows\System\RFALWol.exe
  C:\Windows\System\RFALWol.exe
  2⤵
  PID:4128
- C:\Windows\System\lzznoXN.exe
  C:\Windows\System\lzznoXN.exe
  2⤵
  PID:4476
- C:\Windows\System\VyREuRT.exe
  C:\Windows\System\VyREuRT.exe
  2⤵
  PID:4464
- C:\Windows\System\EuhBNNs.exe
  C:\Windows\System\EuhBNNs.exe
  2⤵
  PID:4640
- C:\Windows\System\cREXlqY.exe
  C:\Windows\System\cREXlqY.exe
  2⤵
  PID:4532
- C:\Windows\System\daycvoM.exe
  C:\Windows\System\daycvoM.exe
  2⤵
  PID:4660
- C:\Windows\System\uPWrtFR.exe
  C:\Windows\System\uPWrtFR.exe
  2⤵
  PID:4804
- C:\Windows\System\JwyCGUX.exe
  C:\Windows\System\JwyCGUX.exe
  2⤵
  PID:4700
- C:\Windows\System\AFWzHMX.exe
  C:\Windows\System\AFWzHMX.exe
  2⤵
  PID:4932
- C:\Windows\System\nwTKNZf.exe
  C:\Windows\System\nwTKNZf.exe
  2⤵
  PID:2904
- C:\Windows\System\QMXfAVM.exe
  C:\Windows\System\QMXfAVM.exe
  2⤵
  PID:4792
- C:\Windows\System\wJcnvzb.exe
  C:\Windows\System\wJcnvzb.exe
  2⤵
  PID:5044
- C:\Windows\System\aZOdnzn.exe
  C:\Windows\System\aZOdnzn.exe
  2⤵
  PID:3868
- C:\Windows\System\mqpfYyI.exe
  C:\Windows\System\mqpfYyI.exe
  2⤵
  PID:4112
- C:\Windows\System\BIzxWWJ.exe
  C:\Windows\System\BIzxWWJ.exe
  2⤵
  PID:3964
- C:\Windows\System\riiSTaz.exe
  C:\Windows\System\riiSTaz.exe
  2⤵
  PID:3244
- C:\Windows\System\KVKYhCe.exe
  C:\Windows\System\KVKYhCe.exe
  2⤵
  PID:3540
- C:\Windows\System\FZzxzSZ.exe
  C:\Windows\System\FZzxzSZ.exe
  2⤵
  PID:4352
- C:\Windows\System\JbiGpBu.exe
  C:\Windows\System\JbiGpBu.exe
  2⤵
  PID:4444
- C:\Windows\System\ARvEscY.exe
  C:\Windows\System\ARvEscY.exe
  2⤵
  PID:4624
- C:\Windows\System\adKTRLy.exe
  C:\Windows\System\adKTRLy.exe
  2⤵
  PID:4600
- C:\Windows\System\sQKxvVh.exe
  C:\Windows\System\sQKxvVh.exe
  2⤵
  PID:4832
- C:\Windows\System\bRzfHiX.exe
  C:\Windows\System\bRzfHiX.exe
  2⤵
  PID:4108
- C:\Windows\System\dchApjX.exe
  C:\Windows\System\dchApjX.exe
  2⤵
  PID:5136
- C:\Windows\System\ElXjqrY.exe
  C:\Windows\System\ElXjqrY.exe
  2⤵
  PID:5156
- C:\Windows\System\CakmfDL.exe
  C:\Windows\System\CakmfDL.exe
  2⤵
  PID:5180
- C:\Windows\System\XDHekMn.exe
  C:\Windows\System\XDHekMn.exe
  2⤵
  PID:5196
- C:\Windows\System\mFgkMsj.exe
  C:\Windows\System\mFgkMsj.exe
  2⤵
  PID:5216
- C:\Windows\System\YVRUONf.exe
  C:\Windows\System\YVRUONf.exe
  2⤵
  PID:5240
- C:\Windows\System\stfIOmA.exe
  C:\Windows\System\stfIOmA.exe
  2⤵
  PID:5264
- C:\Windows\System\IKjCbaQ.exe
  C:\Windows\System\IKjCbaQ.exe
  2⤵
  PID:5308
- C:\Windows\System\juPvOAM.exe
  C:\Windows\System\juPvOAM.exe
  2⤵
  PID:5328
- C:\Windows\System\XfoCDjt.exe
  C:\Windows\System\XfoCDjt.exe
  2⤵
  PID:5348
- C:\Windows\System\CueStYD.exe
  C:\Windows\System\CueStYD.exe
  2⤵
  PID:5372
- C:\Windows\System\wmLIZxj.exe
  C:\Windows\System\wmLIZxj.exe
  2⤵
  PID:5388
- C:\Windows\System\OoZnJrZ.exe
  C:\Windows\System\OoZnJrZ.exe
  2⤵
  PID:5408
- C:\Windows\System\TdzpsvN.exe
  C:\Windows\System\TdzpsvN.exe
  2⤵
  PID:5428
- C:\Windows\System\RxiRxLi.exe
  C:\Windows\System\RxiRxLi.exe
  2⤵
  PID:5452
- C:\Windows\System\Isbfpgm.exe
  C:\Windows\System\Isbfpgm.exe
  2⤵
  PID:5468
- C:\Windows\System\hchsWRM.exe
  C:\Windows\System\hchsWRM.exe
  2⤵
  PID:5488
- C:\Windows\System\YSIgGkx.exe
  C:\Windows\System\YSIgGkx.exe
  2⤵
  PID:5508
- C:\Windows\System\htgxgih.exe
  C:\Windows\System\htgxgih.exe
  2⤵
  PID:5532
- C:\Windows\System\NjSxHVh.exe
  C:\Windows\System\NjSxHVh.exe
  2⤵
  PID:5560
- C:\Windows\System\BgEbZqd.exe
  C:\Windows\System\BgEbZqd.exe
  2⤵
  PID:5576
- C:\Windows\System\kcUpeNE.exe
  C:\Windows\System\kcUpeNE.exe
  2⤵
  PID:5592
- C:\Windows\System\pKRqgGL.exe
  C:\Windows\System\pKRqgGL.exe
  2⤵
  PID:5608
- C:\Windows\System\gRrrUYO.exe
  C:\Windows\System\gRrrUYO.exe
  2⤵
  PID:5628
- C:\Windows\System\SPUIaQg.exe
  C:\Windows\System\SPUIaQg.exe
  2⤵
  PID:5652
- C:\Windows\System\oxyFQcS.exe
  C:\Windows\System\oxyFQcS.exe
  2⤵
  PID:5668
- C:\Windows\System\QDGUfaC.exe
  C:\Windows\System\QDGUfaC.exe
  2⤵
  PID:5700
- C:\Windows\System\LSvRZPI.exe
  C:\Windows\System\LSvRZPI.exe
  2⤵
  PID:5720
- C:\Windows\System\xuKMTAP.exe
  C:\Windows\System\xuKMTAP.exe
  2⤵
  PID:5744
- C:\Windows\System\qIZVUPK.exe
  C:\Windows\System\qIZVUPK.exe
  2⤵
  PID:5760
- C:\Windows\System\DBmhCHX.exe
  C:\Windows\System\DBmhCHX.exe
  2⤵
  PID:5780
- C:\Windows\System\gyiRtOE.exe
  C:\Windows\System\gyiRtOE.exe
  2⤵
  PID:5800
- C:\Windows\System\pmqmFHF.exe
  C:\Windows\System\pmqmFHF.exe
  2⤵
  PID:5820
- C:\Windows\System\ECVvRiF.exe
  C:\Windows\System\ECVvRiF.exe
  2⤵
  PID:5836
- C:\Windows\System\IGApzXO.exe
  C:\Windows\System\IGApzXO.exe
  2⤵
  PID:5860
- C:\Windows\System\JjrAyzc.exe
  C:\Windows\System\JjrAyzc.exe
  2⤵
  PID:5880
- C:\Windows\System\sjRdzeh.exe
  C:\Windows\System\sjRdzeh.exe
  2⤵
  PID:5900
- C:\Windows\System\cuhNiaB.exe
  C:\Windows\System\cuhNiaB.exe
  2⤵
  PID:5920
- C:\Windows\System\QSIYUYX.exe
  C:\Windows\System\QSIYUYX.exe
  2⤵
  PID:5944
- C:\Windows\System\LpyATjz.exe
  C:\Windows\System\LpyATjz.exe
  2⤵
  PID:5964
- C:\Windows\System\FcRyRKV.exe
  C:\Windows\System\FcRyRKV.exe
  2⤵
  PID:5980
- C:\Windows\System\AEjEvIg.exe
  C:\Windows\System\AEjEvIg.exe
  2⤵
  PID:6000
- C:\Windows\System\DrlGacP.exe
  C:\Windows\System\DrlGacP.exe
  2⤵
  PID:6016
- C:\Windows\System\OhZSizB.exe
  C:\Windows\System\OhZSizB.exe
  2⤵
  PID:6036
- C:\Windows\System\sLOpzyy.exe
  C:\Windows\System\sLOpzyy.exe
  2⤵
  PID:6052
- C:\Windows\System\rdqLIFD.exe
  C:\Windows\System\rdqLIFD.exe
  2⤵
  PID:6068
- C:\Windows\System\udrgsBN.exe
  C:\Windows\System\udrgsBN.exe
  2⤵
  PID:6096
- C:\Windows\System\uWswBCh.exe
  C:\Windows\System\uWswBCh.exe
  2⤵
  PID:6116
- C:\Windows\System\KPnglTW.exe
  C:\Windows\System\KPnglTW.exe
  2⤵
  PID:6132
- C:\Windows\System\wGsPmqZ.exe
  C:\Windows\System\wGsPmqZ.exe
  2⤵
  PID:4972
- C:\Windows\System\kNwaeKr.exe
  C:\Windows\System\kNwaeKr.exe
  2⤵
  PID:5096
- C:\Windows\System\lHBLpoA.exe
  C:\Windows\System\lHBLpoA.exe
  2⤵
  PID:5108
- C:\Windows\System\bHtxRRq.exe
  C:\Windows\System\bHtxRRq.exe
  2⤵
  PID:4440
- C:\Windows\System\qqVNNXa.exe
  C:\Windows\System\qqVNNXa.exe
  2⤵
  PID:4256
- C:\Windows\System\rtNLSan.exe
  C:\Windows\System\rtNLSan.exe
  2⤵
  PID:4204
- C:\Windows\System\QBtbSBQ.exe
  C:\Windows\System\QBtbSBQ.exe
  2⤵
  PID:4396
- C:\Windows\System\yfKzJQI.exe
  C:\Windows\System\yfKzJQI.exe
  2⤵
  PID:4608
- C:\Windows\System\ZHUPzZT.exe
  C:\Windows\System\ZHUPzZT.exe
  2⤵
  PID:5128
- C:\Windows\System\EVkfFLc.exe
  C:\Windows\System\EVkfFLc.exe
  2⤵
  PID:5172
- C:\Windows\System\iGpwAPj.exe
  C:\Windows\System\iGpwAPj.exe
  2⤵
  PID:5208
- C:\Windows\System\oCVGEVh.exe
  C:\Windows\System\oCVGEVh.exe
  2⤵
  PID:5256
- C:\Windows\System\bpdlFOm.exe
  C:\Windows\System\bpdlFOm.exe
  2⤵
  PID:3864
- C:\Windows\System\beLjBGQ.exe
  C:\Windows\System\beLjBGQ.exe
  2⤵
  PID:5008
- C:\Windows\System\ELsrQHX.exe
  C:\Windows\System\ELsrQHX.exe
  2⤵
  PID:5228
- C:\Windows\System\DlXsXNC.exe
  C:\Windows\System\DlXsXNC.exe
  2⤵
  PID:5148
- C:\Windows\System\qcvoNji.exe
  C:\Windows\System\qcvoNji.exe
  2⤵
  PID:4400
- C:\Windows\System\JQkpqpA.exe
  C:\Windows\System\JQkpqpA.exe
  2⤵
  PID:5316
- C:\Windows\System\ZgaPEwG.exe
  C:\Windows\System\ZgaPEwG.exe
  2⤵
  PID:5284
- C:\Windows\System\geEgfdn.exe
  C:\Windows\System\geEgfdn.exe
  2⤵
  PID:5324
- C:\Windows\System\UtojHwG.exe
  C:\Windows\System\UtojHwG.exe
  2⤵
  PID:5356
- C:\Windows\System\VAmgure.exe
  C:\Windows\System\VAmgure.exe
  2⤵
  PID:1164
- C:\Windows\System\FnQEZCw.exe
  C:\Windows\System\FnQEZCw.exe
  2⤵
  PID:5400
- C:\Windows\System\ayGNupX.exe
  C:\Windows\System\ayGNupX.exe
  2⤵
  PID:5476
- C:\Windows\System\aNzRdMq.exe
  C:\Windows\System\aNzRdMq.exe
  2⤵
  PID:5340
- C:\Windows\System\JnaJteT.exe
  C:\Windows\System\JnaJteT.exe
  2⤵
  PID:5416
- C:\Windows\System\HDqHQRB.exe
  C:\Windows\System\HDqHQRB.exe
  2⤵
  PID:5520
- C:\Windows\System\szVbeKr.exe
  C:\Windows\System\szVbeKr.exe
  2⤵
  PID:5636
- C:\Windows\System\XODhGwW.exe
  C:\Windows\System\XODhGwW.exe
  2⤵
  PID:5500
- C:\Windows\System\KUHMzBF.exe
  C:\Windows\System\KUHMzBF.exe
  2⤵
  PID:5680
- C:\Windows\System\YLbjAzB.exe
  C:\Windows\System\YLbjAzB.exe
  2⤵
  PID:1912
- C:\Windows\System\FJbrcIF.exe
  C:\Windows\System\FJbrcIF.exe
  2⤵
  PID:5728
- C:\Windows\System\ncMxjNq.exe
  C:\Windows\System\ncMxjNq.exe
  2⤵
  PID:5768
- C:\Windows\System\IhxmRfd.exe
  C:\Windows\System\IhxmRfd.exe
  2⤵
  PID:5660
- C:\Windows\System\JDMtpUC.exe
  C:\Windows\System\JDMtpUC.exe
  2⤵
  PID:5556
- C:\Windows\System\keyLDVh.exe
  C:\Windows\System\keyLDVh.exe
  2⤵
  PID:5972
- C:\Windows\System\ncHXYpw.exe
  C:\Windows\System\ncHXYpw.exe
  2⤵
  PID:5708
- C:\Windows\System\sTrXFix.exe
  C:\Windows\System\sTrXFix.exe
  2⤵
  PID:6048
- C:\Windows\System\ioFOxWq.exe
  C:\Windows\System\ioFOxWq.exe
  2⤵
  PID:6092
- C:\Windows\System\qCAoigr.exe
  C:\Windows\System\qCAoigr.exe
  2⤵
  PID:5792
- C:\Windows\System\rrxizVd.exe
  C:\Windows\System\rrxizVd.exe
  2⤵
  PID:5092
- C:\Windows\System\cgMWftz.exe
  C:\Windows\System\cgMWftz.exe
  2⤵
  PID:4220
- C:\Windows\System\SydLuoN.exe
  C:\Windows\System\SydLuoN.exe
  2⤵
  PID:5916
- C:\Windows\System\XxmzfIs.exe
  C:\Windows\System\XxmzfIs.exe
  2⤵
  PID:5988
- C:\Windows\System\EdSzJYU.exe
  C:\Windows\System\EdSzJYU.exe
  2⤵
  PID:6024
- C:\Windows\System\fgHlVhT.exe
  C:\Windows\System\fgHlVhT.exe
  2⤵
  PID:4500
- C:\Windows\System\SlgMfUQ.exe
  C:\Windows\System\SlgMfUQ.exe
  2⤵
  PID:4704
- C:\Windows\System\GWEzLFt.exe
  C:\Windows\System\GWEzLFt.exe
  2⤵
  PID:1660
- C:\Windows\System\pivlvCC.exe
  C:\Windows\System\pivlvCC.exe
  2⤵
  PID:5192
- C:\Windows\System\CKDiSCU.exe
  C:\Windows\System\CKDiSCU.exe
  2⤵
  PID:5292
- C:\Windows\System\PfvzPLh.exe
  C:\Windows\System\PfvzPLh.exe
  2⤵
  PID:6108
- C:\Windows\System\OAqYDYu.exe
  C:\Windows\System\OAqYDYu.exe
  2⤵
  PID:5380
- C:\Windows\System\AxoRTEo.exe
  C:\Windows\System\AxoRTEo.exe
  2⤵
  PID:5124
- C:\Windows\System\TbulQfc.exe
  C:\Windows\System\TbulQfc.exe
  2⤵
  PID:6140
- C:\Windows\System\LBGvVms.exe
  C:\Windows\System\LBGvVms.exe
  2⤵
  PID:4332
- C:\Windows\System\lgqbTlS.exe
  C:\Windows\System\lgqbTlS.exe
  2⤵
  PID:5600
- C:\Windows\System\kuDlhpW.exe
  C:\Windows\System\kuDlhpW.exe
  2⤵
  PID:4852
- C:\Windows\System\zOHlwAa.exe
  C:\Windows\System\zOHlwAa.exe
  2⤵
  PID:5224
- C:\Windows\System\rzKasOz.exe
  C:\Windows\System\rzKasOz.exe
  2⤵
  PID:576
- C:\Windows\System\hYoJzUw.exe
  C:\Windows\System\hYoJzUw.exe
  2⤵
  PID:5276
- C:\Windows\System\lvLOMgv.exe
  C:\Windows\System\lvLOMgv.exe
  2⤵
  PID:5524
- C:\Windows\System\LRhpWcB.exe
  C:\Windows\System\LRhpWcB.exe
  2⤵
  PID:5740
- C:\Windows\System\ATaghLf.exe
  C:\Windows\System\ATaghLf.exe
  2⤵
  PID:5588
- C:\Windows\System\qPoNQZD.exe
  C:\Windows\System\qPoNQZD.exe
  2⤵
  PID:5336
- C:\Windows\System\xWLEiit.exe
  C:\Windows\System\xWLEiit.exe
  2⤵
  PID:5304
- C:\Windows\System\mMUAokU.exe
  C:\Windows\System\mMUAokU.exe
  2⤵
  PID:5848
- C:\Windows\System\uWjpkIH.exe
  C:\Windows\System\uWjpkIH.exe
  2⤵
  PID:5936
- C:\Windows\System\BdccsxH.exe
  C:\Windows\System\BdccsxH.exe
  2⤵
  PID:5664
- C:\Windows\System\cBLoLfq.exe
  C:\Windows\System\cBLoLfq.exe
  2⤵
  PID:6124
- C:\Windows\System\kUJhKVt.exe
  C:\Windows\System\kUJhKVt.exe
  2⤵
  PID:4044
- C:\Windows\System\drvMfLg.exe
  C:\Windows\System\drvMfLg.exe
  2⤵
  PID:5876
- C:\Windows\System\DjEXmLx.exe
  C:\Windows\System\DjEXmLx.exe
  2⤵
  PID:5872
- C:\Windows\System\rkAjveT.exe
  C:\Windows\System\rkAjveT.exe
  2⤵
  PID:4556
- C:\Windows\System\SPrIbzb.exe
  C:\Windows\System\SPrIbzb.exe
  2⤵
  PID:4884
- C:\Windows\System\fkDCEHQ.exe
  C:\Windows\System\fkDCEHQ.exe
  2⤵
  PID:1656
- C:\Windows\System\FrvOnvy.exe
  C:\Windows\System\FrvOnvy.exe
  2⤵
  PID:5368
- C:\Windows\System\NHcHZdW.exe
  C:\Windows\System\NHcHZdW.exe
  2⤵
  PID:5448
- C:\Windows\System\jlYyZka.exe
  C:\Windows\System\jlYyZka.exe
  2⤵
  PID:4812
- C:\Windows\System\jjnhYLZ.exe
  C:\Windows\System\jjnhYLZ.exe
  2⤵
  PID:3232
- C:\Windows\System\fsEuEme.exe
  C:\Windows\System\fsEuEme.exe
  2⤵
  PID:5572
- C:\Windows\System\wiJyypP.exe
  C:\Windows\System\wiJyypP.exe
  2⤵
  PID:5152
- C:\Windows\System\CHTPAsC.exe
  C:\Windows\System\CHTPAsC.exe
  2⤵
  PID:1000
- C:\Windows\System\DruMfdp.exe
  C:\Windows\System\DruMfdp.exe
  2⤵
  PID:6164
- C:\Windows\System\STGpkdm.exe
  C:\Windows\System\STGpkdm.exe
  2⤵
  PID:6184
- C:\Windows\System\HrTzkTR.exe
  C:\Windows\System\HrTzkTR.exe
  2⤵
  PID:6204
- C:\Windows\System\CurRRly.exe
  C:\Windows\System\CurRRly.exe
  2⤵
  PID:6224
- C:\Windows\System\lJwAjhO.exe
  C:\Windows\System\lJwAjhO.exe
  2⤵
  PID:6244
- C:\Windows\System\uawlJFv.exe
  C:\Windows\System\uawlJFv.exe
  2⤵
  PID:6264
- C:\Windows\System\SAsBdvp.exe
  C:\Windows\System\SAsBdvp.exe
  2⤵
  PID:6284
- C:\Windows\System\myxmNFF.exe
  C:\Windows\System\myxmNFF.exe
  2⤵
  PID:6304
- C:\Windows\System\evJClzb.exe
  C:\Windows\System\evJClzb.exe
  2⤵
  PID:6324
- C:\Windows\System\bNxvFzM.exe
  C:\Windows\System\bNxvFzM.exe
  2⤵
  PID:6344
- C:\Windows\System\FZNbXQF.exe
  C:\Windows\System\FZNbXQF.exe
  2⤵
  PID:6364
- C:\Windows\System\bkNvjtL.exe
  C:\Windows\System\bkNvjtL.exe
  2⤵
  PID:6384
- C:\Windows\System\rVOOOaV.exe
  C:\Windows\System\rVOOOaV.exe
  2⤵
  PID:6404
- C:\Windows\System\MQTJXrm.exe
  C:\Windows\System\MQTJXrm.exe
  2⤵
  PID:6424
- C:\Windows\System\FedWbzG.exe
  C:\Windows\System\FedWbzG.exe
  2⤵
  PID:6444
- C:\Windows\System\WqoNfAH.exe
  C:\Windows\System\WqoNfAH.exe
  2⤵
  PID:6464
- C:\Windows\System\aFbwFNn.exe
  C:\Windows\System\aFbwFNn.exe
  2⤵
  PID:6484
- C:\Windows\System\fYtNgpo.exe
  C:\Windows\System\fYtNgpo.exe
  2⤵
  PID:6504
- C:\Windows\System\ImRkuJt.exe
  C:\Windows\System\ImRkuJt.exe
  2⤵
  PID:6524
- C:\Windows\System\nvqJEPi.exe
  C:\Windows\System\nvqJEPi.exe
  2⤵
  PID:6544
- C:\Windows\System\yVKQCYn.exe
  C:\Windows\System\yVKQCYn.exe
  2⤵
  PID:6564
- C:\Windows\System\QaAztIb.exe
  C:\Windows\System\QaAztIb.exe
  2⤵
  PID:6584
- C:\Windows\System\aUZAQvy.exe
  C:\Windows\System\aUZAQvy.exe
  2⤵
  PID:6604
- C:\Windows\System\HmRqXDc.exe
  C:\Windows\System\HmRqXDc.exe
  2⤵
  PID:6624
- C:\Windows\System\lOxhyXp.exe
  C:\Windows\System\lOxhyXp.exe
  2⤵
  PID:6644
- C:\Windows\System\KwzjMGk.exe
  C:\Windows\System\KwzjMGk.exe
  2⤵
  PID:6664
- C:\Windows\System\rPWYfMT.exe
  C:\Windows\System\rPWYfMT.exe
  2⤵
  PID:6684
- C:\Windows\System\QCliHYX.exe
  C:\Windows\System\QCliHYX.exe
  2⤵
  PID:6704
- C:\Windows\System\OdhSCbg.exe
  C:\Windows\System\OdhSCbg.exe
  2⤵
  PID:6724
- C:\Windows\System\BfhOoyx.exe
  C:\Windows\System\BfhOoyx.exe
  2⤵
  PID:6744
- C:\Windows\System\JmHDwfn.exe
  C:\Windows\System\JmHDwfn.exe
  2⤵
  PID:6764
- C:\Windows\System\yYeFlLX.exe
  C:\Windows\System\yYeFlLX.exe
  2⤵
  PID:6784
- C:\Windows\System\FCDTPCx.exe
  C:\Windows\System\FCDTPCx.exe
  2⤵
  PID:6804
- C:\Windows\System\MpEkxYn.exe
  C:\Windows\System\MpEkxYn.exe
  2⤵
  PID:6824
- C:\Windows\System\KiuXgPh.exe
  C:\Windows\System\KiuXgPh.exe
  2⤵
  PID:6844
- C:\Windows\System\ejVVCJk.exe
  C:\Windows\System\ejVVCJk.exe
  2⤵
  PID:6864
- C:\Windows\System\iKiJbOi.exe
  C:\Windows\System\iKiJbOi.exe
  2⤵
  PID:6884
- C:\Windows\System\mldbsDd.exe
  C:\Windows\System\mldbsDd.exe
  2⤵
  PID:6904
- C:\Windows\System\sNYcOtY.exe
  C:\Windows\System\sNYcOtY.exe
  2⤵
  PID:6924
- C:\Windows\System\VWrpScG.exe
  C:\Windows\System\VWrpScG.exe
  2⤵
  PID:6944
- C:\Windows\System\YNztgbM.exe
  C:\Windows\System\YNztgbM.exe
  2⤵
  PID:6964
- C:\Windows\System\ikEaekl.exe
  C:\Windows\System\ikEaekl.exe
  2⤵
  PID:6984
- C:\Windows\System\YTTPUqs.exe
  C:\Windows\System\YTTPUqs.exe
  2⤵
  PID:7004
- C:\Windows\System\QgYCDcZ.exe
  C:\Windows\System\QgYCDcZ.exe
  2⤵
  PID:7024
- C:\Windows\System\PxHWuji.exe
  C:\Windows\System\PxHWuji.exe
  2⤵
  PID:7044
- C:\Windows\System\zMIkKIZ.exe
  C:\Windows\System\zMIkKIZ.exe
  2⤵
  PID:7064
- C:\Windows\System\VKjmdTd.exe
  C:\Windows\System\VKjmdTd.exe
  2⤵
  PID:7088
- C:\Windows\System\vUPtaUu.exe
  C:\Windows\System\vUPtaUu.exe
  2⤵
  PID:7108
- C:\Windows\System\TdvXFWN.exe
  C:\Windows\System\TdvXFWN.exe
  2⤵
  PID:7128
- C:\Windows\System\UrzUCWf.exe
  C:\Windows\System\UrzUCWf.exe
  2⤵
  PID:7148
- C:\Windows\System\ZOkWxOE.exe
  C:\Windows\System\ZOkWxOE.exe
  2⤵
  PID:5816
- C:\Windows\System\RCGLsMa.exe
  C:\Windows\System\RCGLsMa.exe
  2⤵
  PID:5732
- C:\Windows\System\oiDPRFu.exe
  C:\Windows\System\oiDPRFu.exe
  2⤵
  PID:5516
- C:\Windows\System\igRxgAg.exe
  C:\Windows\System\igRxgAg.exe
  2⤵
  PID:5396
- C:\Windows\System\ipsHFlq.exe
  C:\Windows\System\ipsHFlq.exe
  2⤵
  PID:5928
- C:\Windows\System\ueRTlnj.exe
  C:\Windows\System\ueRTlnj.exe
  2⤵
  PID:6080
- C:\Windows\System\YORlDEL.exe
  C:\Windows\System\YORlDEL.exe
  2⤵
  PID:5868
- C:\Windows\System\aDWSkoB.exe
  C:\Windows\System\aDWSkoB.exe
  2⤵
  PID:5992
- C:\Windows\System\aCOuNTL.exe
  C:\Windows\System\aCOuNTL.exe
  2⤵
  PID:4536
- C:\Windows\System\gXWWfsf.exe
  C:\Windows\System\gXWWfsf.exe
  2⤵
  PID:1740
- C:\Windows\System\UkOusHI.exe
  C:\Windows\System\UkOusHI.exe
  2⤵
  PID:5444
- C:\Windows\System\mjBfqnD.exe
  C:\Windows\System\mjBfqnD.exe
  2⤵
  PID:3908
- C:\Windows\System\TsTNxBj.exe
  C:\Windows\System\TsTNxBj.exe
  2⤵
  PID:5676
- C:\Windows\System\pENMXdp.exe
  C:\Windows\System\pENMXdp.exe
  2⤵
  PID:2772
- C:\Windows\System\RjnTUJO.exe
  C:\Windows\System\RjnTUJO.exe
  2⤵
  PID:6176
- C:\Windows\System\kkJvvFB.exe
  C:\Windows\System\kkJvvFB.exe
  2⤵
  PID:6212
- C:\Windows\System\UmBfdtO.exe
  C:\Windows\System\UmBfdtO.exe
  2⤵
  PID:6260
- C:\Windows\System\rZtamia.exe
  C:\Windows\System\rZtamia.exe
  2⤵
  PID:6272
- C:\Windows\System\HJIzFIl.exe
  C:\Windows\System\HJIzFIl.exe
  2⤵
  PID:6296
- C:\Windows\System\tdNUVJE.exe
  C:\Windows\System\tdNUVJE.exe
  2⤵
  PID:6316
- C:\Windows\System\qytCWnY.exe
  C:\Windows\System\qytCWnY.exe
  2⤵
  PID:6380
- C:\Windows\System\VnTydvj.exe
  C:\Windows\System\VnTydvj.exe
  2⤵
  PID:6396
- C:\Windows\System\NKluELP.exe
  C:\Windows\System\NKluELP.exe
  2⤵
  PID:6440
- C:\Windows\System\KUHkqGZ.exe
  C:\Windows\System\KUHkqGZ.exe
  2⤵
  PID:6472
- C:\Windows\System\hqHfdwI.exe
  C:\Windows\System\hqHfdwI.exe
  2⤵
  PID:6496
- C:\Windows\System\wKhuYKL.exe
  C:\Windows\System\wKhuYKL.exe
  2⤵
  PID:6520
- C:\Windows\System\MEdAoAe.exe
  C:\Windows\System\MEdAoAe.exe
  2⤵
  PID:6572
- C:\Windows\System\VYmyeVR.exe
  C:\Windows\System\VYmyeVR.exe
  2⤵
  PID:6592
- C:\Windows\System\csEgpLZ.exe
  C:\Windows\System\csEgpLZ.exe
  2⤵
  PID:6632
- C:\Windows\System\ypHMtxN.exe
  C:\Windows\System\ypHMtxN.exe
  2⤵
  PID:6656
- C:\Windows\System\TQvJncu.exe
  C:\Windows\System\TQvJncu.exe
  2⤵
  PID:6700
- C:\Windows\System\eNNnjPu.exe
  C:\Windows\System\eNNnjPu.exe
  2⤵
  PID:6732
- C:\Windows\System\DitvQQf.exe
  C:\Windows\System\DitvQQf.exe
  2⤵
  PID:6752
- C:\Windows\System\voeXFxv.exe
  C:\Windows\System\voeXFxv.exe
  2⤵
  PID:6776
- C:\Windows\System\gLChviR.exe
  C:\Windows\System\gLChviR.exe
  2⤵
  PID:6796
- C:\Windows\System\ksTlNAZ.exe
  C:\Windows\System\ksTlNAZ.exe
  2⤵
  PID:6860
- C:\Windows\System\ZJabDCH.exe
  C:\Windows\System\ZJabDCH.exe
  2⤵
  PID:6880
- C:\Windows\System\LLIhcBL.exe
  C:\Windows\System\LLIhcBL.exe
  2⤵
  PID:6912
- C:\Windows\System\QaiFofB.exe
  C:\Windows\System\QaiFofB.exe
  2⤵
  PID:6916
- C:\Windows\System\tehjsJM.exe
  C:\Windows\System\tehjsJM.exe
  2⤵
  PID:6956
- C:\Windows\System\JrWHpAL.exe
  C:\Windows\System\JrWHpAL.exe
  2⤵
  PID:7012
- C:\Windows\System\YUIgmAh.exe
  C:\Windows\System\YUIgmAh.exe
  2⤵
  PID:7052
- C:\Windows\System\lkmWcZd.exe
  C:\Windows\System\lkmWcZd.exe
  2⤵
  PID:7084
- C:\Windows\System\OqBEiDT.exe
  C:\Windows\System\OqBEiDT.exe
  2⤵
  PID:7116
- C:\Windows\System\GqkeKRn.exe
  C:\Windows\System\GqkeKRn.exe
  2⤵
  PID:7156
- C:\Windows\System\gUHbMRe.exe
  C:\Windows\System\gUHbMRe.exe
  2⤵
  PID:7164
- C:\Windows\System\HeVgNys.exe
  C:\Windows\System\HeVgNys.exe
  2⤵
  PID:5300
- C:\Windows\System\mNcEJFH.exe
  C:\Windows\System\mNcEJFH.exe
  2⤵
  PID:6008
- C:\Windows\System\ijkoJBm.exe
  C:\Windows\System\ijkoJBm.exe
  2⤵
  PID:6044
- C:\Windows\System\WjZPtkX.exe
  C:\Windows\System\WjZPtkX.exe
  2⤵
  PID:5788
- C:\Windows\System\LFdGhoG.exe
  C:\Windows\System\LFdGhoG.exe
  2⤵
  PID:5252
- C:\Windows\System\iBQxCMk.exe
  C:\Windows\System\iBQxCMk.exe
  2⤵
  PID:5440
- C:\Windows\System\AeHjViw.exe
  C:\Windows\System\AeHjViw.exe
  2⤵
  PID:2700
- C:\Windows\System\ZPPhkoM.exe
  C:\Windows\System\ZPPhkoM.exe
  2⤵
  PID:4888
- C:\Windows\System\KDamOic.exe
  C:\Windows\System\KDamOic.exe
  2⤵
  PID:6236
- C:\Windows\System\rEAPmil.exe
  C:\Windows\System\rEAPmil.exe
  2⤵
  PID:6252
- C:\Windows\System\dYynAzK.exe
  C:\Windows\System\dYynAzK.exe
  2⤵
  PID:6340
- C:\Windows\System\yPgoOWX.exe
  C:\Windows\System\yPgoOWX.exe
  2⤵
  PID:6376
- C:\Windows\System\tlPTejl.exe
  C:\Windows\System\tlPTejl.exe
  2⤵
  PID:6420
- C:\Windows\System\rfqaFNI.exe
  C:\Windows\System\rfqaFNI.exe
  2⤵
  PID:6456
- C:\Windows\System\GpQcmeT.exe
  C:\Windows\System\GpQcmeT.exe
  2⤵
  PID:6476
- C:\Windows\System\GadVsRN.exe
  C:\Windows\System\GadVsRN.exe
  2⤵
  PID:6560
- C:\Windows\System\knsakCK.exe
  C:\Windows\System\knsakCK.exe
  2⤵
  PID:6652
- C:\Windows\System\sEIouxb.exe
  C:\Windows\System\sEIouxb.exe
  2⤵
  PID:6696
- C:\Windows\System\zptbvJr.exe
  C:\Windows\System\zptbvJr.exe
  2⤵
  PID:6716
- C:\Windows\System\vcdeAOO.exe
  C:\Windows\System\vcdeAOO.exe
  2⤵
  PID:6800
- C:\Windows\System\CzDlKXZ.exe
  C:\Windows\System\CzDlKXZ.exe
  2⤵
  PID:6812
- C:\Windows\System\vveGNuQ.exe
  C:\Windows\System\vveGNuQ.exe
  2⤵
  PID:6900
- C:\Windows\System\JGNQOxV.exe
  C:\Windows\System\JGNQOxV.exe
  2⤵
  PID:6920
- C:\Windows\System\grzFnbx.exe
  C:\Windows\System\grzFnbx.exe
  2⤵
  PID:6992
- C:\Windows\System\WPEQUve.exe
  C:\Windows\System\WPEQUve.exe
  2⤵
  PID:7060
- C:\Windows\System\rnjCaWA.exe
  C:\Windows\System\rnjCaWA.exe
  2⤵
  PID:7076
- C:\Windows\System\hnPxwoG.exe
  C:\Windows\System\hnPxwoG.exe
  2⤵
  PID:5688
- C:\Windows\System\gYSeHZT.exe
  C:\Windows\System\gYSeHZT.exe
  2⤵
  PID:5892
- C:\Windows\System\AYEmtbc.exe
  C:\Windows\System\AYEmtbc.exe
  2⤵
  PID:3104
- C:\Windows\System\uNQKEwJ.exe
  C:\Windows\System\uNQKEwJ.exe
  2⤵
  PID:6032
- C:\Windows\System\CtOICin.exe
  C:\Windows\System\CtOICin.exe
  2⤵
  PID:4984
- C:\Windows\System\jWOTufO.exe
  C:\Windows\System\jWOTufO.exe
  2⤵
  PID:5212
- C:\Windows\System\vOxyvhH.exe
  C:\Windows\System\vOxyvhH.exe
  2⤵
  PID:2684
- C:\Windows\System\SMtCwQK.exe
  C:\Windows\System\SMtCwQK.exe
  2⤵
  PID:6200
- C:\Windows\System\LXrtPjo.exe
  C:\Windows\System\LXrtPjo.exe
  2⤵
  PID:6332
- C:\Windows\System\tjDEFIo.exe
  C:\Windows\System\tjDEFIo.exe
  2⤵
  PID:6352
- C:\Windows\System\nHDZgqN.exe
  C:\Windows\System\nHDZgqN.exe
  2⤵
  PID:3040
- C:\Windows\System\iNOhwoC.exe
  C:\Windows\System\iNOhwoC.exe
  2⤵
  PID:6580
- C:\Windows\System\ufsbmRb.exe
  C:\Windows\System\ufsbmRb.exe
  2⤵
  PID:1960
- C:\Windows\System\auwxeEz.exe
  C:\Windows\System\auwxeEz.exe
  2⤵
  PID:6620
- C:\Windows\System\tivHykb.exe
  C:\Windows\System\tivHykb.exe
  2⤵
  PID:6712
- C:\Windows\System\lVyqViU.exe
  C:\Windows\System\lVyqViU.exe
  2⤵
  PID:284
- C:\Windows\System\gsoCTgB.exe
  C:\Windows\System\gsoCTgB.exe
  2⤵
  PID:6856
- C:\Windows\System\JVyWkRX.exe
  C:\Windows\System\JVyWkRX.exe
  2⤵
  PID:6952
- C:\Windows\System\LYLknqk.exe
  C:\Windows\System\LYLknqk.exe
  2⤵
  PID:7000
- C:\Windows\System\juptdyg.exe
  C:\Windows\System\juptdyg.exe
  2⤵
  PID:5844
- C:\Windows\System\DhYuFtr.exe
  C:\Windows\System\DhYuFtr.exe
  2⤵
  PID:5940
- C:\Windows\System\EuRsLtN.exe
  C:\Windows\System\EuRsLtN.exe
  2⤵
  PID:5464
- C:\Windows\System\cqtegMR.exe
  C:\Windows\System\cqtegMR.exe
  2⤵
  PID:2584
- C:\Windows\System\FePdsPr.exe
  C:\Windows\System\FePdsPr.exe
  2⤵
  PID:6180
- C:\Windows\System\kTlhibK.exe
  C:\Windows\System\kTlhibK.exe
  2⤵
  PID:6172
- C:\Windows\System\KrnSBCy.exe
  C:\Windows\System\KrnSBCy.exe
  2⤵
  PID:6360
- C:\Windows\System\lfesBoE.exe
  C:\Windows\System\lfesBoE.exe
  2⤵
  PID:7176
- C:\Windows\System\LrJxxLn.exe
  C:\Windows\System\LrJxxLn.exe
  2⤵
  PID:7192
- C:\Windows\System\sZsadfD.exe
  C:\Windows\System\sZsadfD.exe
  2⤵
  PID:7212
- C:\Windows\System\CoTuwWj.exe
  C:\Windows\System\CoTuwWj.exe
  2⤵
  PID:7236
- C:\Windows\System\MZUkAYb.exe
  C:\Windows\System\MZUkAYb.exe
  2⤵
  PID:7256
- C:\Windows\System\oYgYyGS.exe
  C:\Windows\System\oYgYyGS.exe
  2⤵
  PID:7276
- C:\Windows\System\xZINzzA.exe
  C:\Windows\System\xZINzzA.exe
  2⤵
  PID:7296
- C:\Windows\System\EZUOXzv.exe
  C:\Windows\System\EZUOXzv.exe
  2⤵
  PID:7316
- C:\Windows\System\tolZvXo.exe
  C:\Windows\System\tolZvXo.exe
  2⤵
  PID:7336
- C:\Windows\System\BOkNgHO.exe
  C:\Windows\System\BOkNgHO.exe
  2⤵
  PID:7356
- C:\Windows\System\eZiOWta.exe
  C:\Windows\System\eZiOWta.exe
  2⤵
  PID:7376
- C:\Windows\System\pFgnbWH.exe
  C:\Windows\System\pFgnbWH.exe
  2⤵
  PID:7396
- C:\Windows\System\NgcJZHX.exe
  C:\Windows\System\NgcJZHX.exe
  2⤵
  PID:7416
- C:\Windows\System\ktxkYBq.exe
  C:\Windows\System\ktxkYBq.exe
  2⤵
  PID:7436
- C:\Windows\System\UXJnSPw.exe
  C:\Windows\System\UXJnSPw.exe
  2⤵
  PID:7456
- C:\Windows\System\dbjdjlO.exe
  C:\Windows\System\dbjdjlO.exe
  2⤵
  PID:7476
- C:\Windows\System\yCzFwbC.exe
  C:\Windows\System\yCzFwbC.exe
  2⤵
  PID:7496
- C:\Windows\System\oKiCkNF.exe
  C:\Windows\System\oKiCkNF.exe
  2⤵
  PID:7516
- C:\Windows\System\AkuGiok.exe
  C:\Windows\System\AkuGiok.exe
  2⤵
  PID:7532
- C:\Windows\System\QOSXiXm.exe
  C:\Windows\System\QOSXiXm.exe
  2⤵
  PID:7556
- C:\Windows\System\PgbzfKj.exe
  C:\Windows\System\PgbzfKj.exe
  2⤵
  PID:7576
- C:\Windows\System\HMFdcxU.exe
  C:\Windows\System\HMFdcxU.exe
  2⤵
  PID:7596
- C:\Windows\System\tYoxMNx.exe
  C:\Windows\System\tYoxMNx.exe
  2⤵
  PID:7616
- C:\Windows\System\fhCCfuU.exe
  C:\Windows\System\fhCCfuU.exe
  2⤵
  PID:7636
- C:\Windows\System\lCjbrrK.exe
  C:\Windows\System\lCjbrrK.exe
  2⤵
  PID:7656
- C:\Windows\System\xkAjovA.exe
  C:\Windows\System\xkAjovA.exe
  2⤵
  PID:7680
- C:\Windows\System\zIejZbF.exe
  C:\Windows\System\zIejZbF.exe
  2⤵
  PID:7696
- C:\Windows\System\TuPbCVx.exe
  C:\Windows\System\TuPbCVx.exe
  2⤵
  PID:7720
- C:\Windows\System\dJmhqra.exe
  C:\Windows\System\dJmhqra.exe
  2⤵
  PID:7740
- C:\Windows\System\DVyNAOe.exe
  C:\Windows\System\DVyNAOe.exe
  2⤵
  PID:7760
- C:\Windows\System\kZMiyMG.exe
  C:\Windows\System\kZMiyMG.exe
  2⤵
  PID:7780
- C:\Windows\System\NKlBDBt.exe
  C:\Windows\System\NKlBDBt.exe
  2⤵
  PID:7800
- C:\Windows\System\hWSmfQE.exe
  C:\Windows\System\hWSmfQE.exe
  2⤵
  PID:7820
- C:\Windows\System\rrVKjrJ.exe
  C:\Windows\System\rrVKjrJ.exe
  2⤵
  PID:7840
- C:\Windows\System\wGYqYPm.exe
  C:\Windows\System\wGYqYPm.exe
  2⤵
  PID:7860
- C:\Windows\System\wWTKyWL.exe
  C:\Windows\System\wWTKyWL.exe
  2⤵
  PID:7880
- C:\Windows\System\bQlhrPY.exe
  C:\Windows\System\bQlhrPY.exe
  2⤵
  PID:7900
- C:\Windows\System\cHxTzVW.exe
  C:\Windows\System\cHxTzVW.exe
  2⤵
  PID:7920
- C:\Windows\System\GBXiJeF.exe
  C:\Windows\System\GBXiJeF.exe
  2⤵
  PID:7936
- C:\Windows\System\kqiyOEu.exe
  C:\Windows\System\kqiyOEu.exe
  2⤵
  PID:7960
- C:\Windows\System\ZohUinl.exe
  C:\Windows\System\ZohUinl.exe
  2⤵
  PID:7980
- C:\Windows\System\wILlmst.exe
  C:\Windows\System\wILlmst.exe
  2⤵
  PID:8000
- C:\Windows\System\AWnQGhR.exe
  C:\Windows\System\AWnQGhR.exe
  2⤵
  PID:8020
- C:\Windows\System\yeaZWof.exe
  C:\Windows\System\yeaZWof.exe
  2⤵
  PID:8036
- C:\Windows\System\tVlhgsr.exe
  C:\Windows\System\tVlhgsr.exe
  2⤵
  PID:8060
- C:\Windows\System\AEWtYAO.exe
  C:\Windows\System\AEWtYAO.exe
  2⤵
  PID:8080
- C:\Windows\System\AtLqIUb.exe
  C:\Windows\System\AtLqIUb.exe
  2⤵
  PID:8096
- C:\Windows\System\vcXnljG.exe
  C:\Windows\System\vcXnljG.exe
  2⤵
  PID:8116
- C:\Windows\System\huAZqlK.exe
  C:\Windows\System\huAZqlK.exe
  2⤵
  PID:8136
- C:\Windows\System\JPdOwrJ.exe
  C:\Windows\System\JPdOwrJ.exe
  2⤵
  PID:8156
- C:\Windows\System\GsAJAYw.exe
  C:\Windows\System\GsAJAYw.exe
  2⤵
  PID:8176
- C:\Windows\System\WKoKKRk.exe
  C:\Windows\System\WKoKKRk.exe
  2⤵
  PID:6636
- C:\Windows\System\ItmhJXN.exe
  C:\Windows\System\ItmhJXN.exe
  2⤵
  PID:2612
- C:\Windows\System\grKsvoj.exe
  C:\Windows\System\grKsvoj.exe
  2⤵
  PID:6720
- C:\Windows\System\ksMEVXP.exe
  C:\Windows\System\ksMEVXP.exe
  2⤵
  PID:6980
- C:\Windows\System\fXsHGSq.exe
  C:\Windows\System\fXsHGSq.exe
  2⤵
  PID:7100
- C:\Windows\System\kPwTqXD.exe
  C:\Windows\System\kPwTqXD.exe
  2⤵
  PID:7032
- C:\Windows\System\Uyqzwnl.exe
  C:\Windows\System\Uyqzwnl.exe
  2⤵
  PID:5424
- C:\Windows\System\SWsunQZ.exe
  C:\Windows\System\SWsunQZ.exe
  2⤵
  PID:6196
- C:\Windows\System\YVKQpZu.exe
  C:\Windows\System\YVKQpZu.exe
  2⤵
  PID:6400
- C:\Windows\System\WvcHGWr.exe
  C:\Windows\System\WvcHGWr.exe
  2⤵
  PID:2860
- C:\Windows\System\MrJcPFz.exe
  C:\Windows\System\MrJcPFz.exe
  2⤵
  PID:7228
- C:\Windows\System\gKYtNRL.exe
  C:\Windows\System\gKYtNRL.exe
  2⤵
  PID:7204
- C:\Windows\System\ObJyuwh.exe
  C:\Windows\System\ObJyuwh.exe
  2⤵
  PID:7268
- C:\Windows\System\DxYKCdt.exe
  C:\Windows\System\DxYKCdt.exe
  2⤵
  PID:7292
- C:\Windows\System\PhaQoen.exe
  C:\Windows\System\PhaQoen.exe
  2⤵
  PID:7352
- C:\Windows\System\rZHqMay.exe
  C:\Windows\System\rZHqMay.exe
  2⤵
  PID:7348
- C:\Windows\System\nIumAzo.exe
  C:\Windows\System\nIumAzo.exe
  2⤵
  PID:7424
- C:\Windows\System\DQrJioY.exe
  C:\Windows\System\DQrJioY.exe
  2⤵
  PID:7404
- C:\Windows\System\LBdxWED.exe
  C:\Windows\System\LBdxWED.exe
  2⤵
  PID:1596
- C:\Windows\System\LoKtlTS.exe
  C:\Windows\System\LoKtlTS.exe
  2⤵
  PID:7484
- C:\Windows\System\RSFNrSE.exe
  C:\Windows\System\RSFNrSE.exe
  2⤵
  PID:7492
- C:\Windows\System\UpMzpMU.exe
  C:\Windows\System\UpMzpMU.exe
  2⤵
  PID:7552
- C:\Windows\System\rMyFWrW.exe
  C:\Windows\System\rMyFWrW.exe
  2⤵
  PID:7584
- C:\Windows\System\XERaZHU.exe
  C:\Windows\System\XERaZHU.exe
  2⤵
  PID:7604
- C:\Windows\System\rsIrePx.exe
  C:\Windows\System\rsIrePx.exe
  2⤵
  PID:7632
- C:\Windows\System\nnITLzJ.exe
  C:\Windows\System\nnITLzJ.exe
  2⤵
  PID:7704
- C:\Windows\System\eseOMlI.exe
  C:\Windows\System\eseOMlI.exe
  2⤵
  PID:7692
- C:\Windows\System\gAtxoYg.exe
  C:\Windows\System\gAtxoYg.exe
  2⤵
  PID:7728
- C:\Windows\System\BqVIfrT.exe
  C:\Windows\System\BqVIfrT.exe
  2⤵
  PID:7796
- C:\Windows\System\bgdGulM.exe
  C:\Windows\System\bgdGulM.exe
  2⤵
  PID:7808
- C:\Windows\System\YMvpqqT.exe
  C:\Windows\System\YMvpqqT.exe
  2⤵
  PID:7816
- C:\Windows\System\kJqGBRj.exe
  C:\Windows\System\kJqGBRj.exe
  2⤵
  PID:7856
- C:\Windows\System\MzQwRyd.exe
  C:\Windows\System\MzQwRyd.exe
  2⤵
  PID:7916
- C:\Windows\System\NoUshMR.exe
  C:\Windows\System\NoUshMR.exe
  2⤵
  PID:7952
- C:\Windows\System\hzAkpRC.exe
  C:\Windows\System\hzAkpRC.exe
  2⤵
  PID:7928
- C:\Windows\System\yIuHIai.exe
  C:\Windows\System\yIuHIai.exe
  2⤵
  PID:8032
- C:\Windows\System\kXsBODB.exe
  C:\Windows\System\kXsBODB.exe
  2⤵
  PID:2324
- C:\Windows\System\jRxdoKY.exe
  C:\Windows\System\jRxdoKY.exe
  2⤵
  PID:8068
- C:\Windows\System\JjWmrIO.exe
  C:\Windows\System\JjWmrIO.exe
  2⤵
  PID:8104
- C:\Windows\System\wPyKGNO.exe
  C:\Windows\System\wPyKGNO.exe
  2⤵
  PID:8012
- C:\Windows\System\WbjItVP.exe
  C:\Windows\System\WbjItVP.exe
  2⤵
  PID:8056
- C:\Windows\System\WKJtdxa.exe
  C:\Windows\System\WKJtdxa.exe
  2⤵
  PID:8124
- C:\Windows\System\uxVrAwA.exe
  C:\Windows\System\uxVrAwA.exe
  2⤵
  PID:6500
- C:\Windows\System\qKjDkmL.exe
  C:\Windows\System\qKjDkmL.exe
  2⤵
  PID:1212
- C:\Windows\System\KnlNbCn.exe
  C:\Windows\System\KnlNbCn.exe
  2⤵
  PID:2728
- C:\Windows\System\fXctlBt.exe
  C:\Windows\System\fXctlBt.exe
  2⤵
  PID:7016
- C:\Windows\System\olcgVcH.exe
  C:\Windows\System\olcgVcH.exe
  2⤵
  PID:7140
- C:\Windows\System\rGgkVnb.exe
  C:\Windows\System\rGgkVnb.exe
  2⤵
  PID:6276
- C:\Windows\System\OaPGMFP.exe
  C:\Windows\System\OaPGMFP.exe
  2⤵
  PID:7188
- C:\Windows\System\tZOlodx.exe
  C:\Windows\System\tZOlodx.exe
  2⤵
  PID:7272
- C:\Windows\System\NKklbKL.exe
  C:\Windows\System\NKklbKL.exe
  2⤵
  PID:7308
- C:\Windows\System\RJqOBuu.exe
  C:\Windows\System\RJqOBuu.exe
  2⤵
  PID:7304
- C:\Windows\System\lnQwORg.exe
  C:\Windows\System\lnQwORg.exe
  2⤵
  PID:7284
- C:\Windows\System\NTdtCGj.exe
  C:\Windows\System\NTdtCGj.exe
  2⤵
  PID:7332
- C:\Windows\System\FVNJAsd.exe
  C:\Windows\System\FVNJAsd.exe
  2⤵
  PID:932
- C:\Windows\System\vDMlsmL.exe
  C:\Windows\System\vDMlsmL.exe
  2⤵
  PID:7564
- C:\Windows\System\gothRgi.exe
  C:\Windows\System\gothRgi.exe
  2⤵
  PID:3064
- C:\Windows\System\gLZlvMi.exe
  C:\Windows\System\gLZlvMi.exe
  2⤵
  PID:4596
- C:\Windows\System\bfxYFNy.exe
  C:\Windows\System\bfxYFNy.exe
  2⤵
  PID:7716
- C:\Windows\System\ThqdlRT.exe
  C:\Windows\System\ThqdlRT.exe
  2⤵
  PID:7788
- C:\Windows\System\kFxCJMr.exe
  C:\Windows\System\kFxCJMr.exe
  2⤵
  PID:7772
- C:\Windows\System\hrtgJKI.exe
  C:\Windows\System\hrtgJKI.exe
  2⤵
  PID:7872
- C:\Windows\System\OSwZMOS.exe
  C:\Windows\System\OSwZMOS.exe
  2⤵
  PID:7948
- C:\Windows\System\SpxfQZU.exe
  C:\Windows\System\SpxfQZU.exe
  2⤵
  PID:7912
- C:\Windows\System\XvEmvSq.exe
  C:\Windows\System\XvEmvSq.exe
  2⤵
  PID:2608
- C:\Windows\System\wbeKDkH.exe
  C:\Windows\System\wbeKDkH.exe
  2⤵
  PID:7992
- C:\Windows\System\bsnXPcp.exe
  C:\Windows\System\bsnXPcp.exe
  2⤵
  PID:8028
- C:\Windows\System\PJfZXme.exe
  C:\Windows\System\PJfZXme.exe
  2⤵
  PID:8184
- C:\Windows\System\oVbBeYY.exe
  C:\Windows\System\oVbBeYY.exe
  2⤵
  PID:8008
- C:\Windows\System\rWslUwY.exe
  C:\Windows\System\rWslUwY.exe
  2⤵
  PID:8112
- C:\Windows\System\vfnjncr.exe
  C:\Windows\System\vfnjncr.exe
  2⤵
  PID:8144
- C:\Windows\System\NHyVfNZ.exe
  C:\Windows\System\NHyVfNZ.exe
  2⤵
  PID:2764
- C:\Windows\System\yduuUQQ.exe
  C:\Windows\System\yduuUQQ.exe
  2⤵
  PID:8164
- C:\Windows\System\LZHevpj.exe
  C:\Windows\System\LZHevpj.exe
  2⤵
  PID:684
- C:\Windows\System\wftUUYX.exe
  C:\Windows\System\wftUUYX.exe
  2⤵
  PID:6940
- C:\Windows\System\mGfoHbU.exe
  C:\Windows\System\mGfoHbU.exe
  2⤵
  PID:5716
- C:\Windows\System\KqReWvv.exe
  C:\Windows\System\KqReWvv.exe
  2⤵
  PID:7372
- C:\Windows\System\cweHwhq.exe
  C:\Windows\System\cweHwhq.exe
  2⤵
  PID:7368
- C:\Windows\System\yTXistf.exe
  C:\Windows\System\yTXistf.exe
  2⤵
  PID:7172
- C:\Windows\System\iFLzOzs.exe
  C:\Windows\System\iFLzOzs.exe
  2⤵
  PID:1516
- C:\Windows\System\GVzhFQT.exe
  C:\Windows\System\GVzhFQT.exe
  2⤵
  PID:7468
- C:\Windows\System\bafqSdN.exe
  C:\Windows\System\bafqSdN.exe
  2⤵
  PID:7608
- C:\Windows\System\GyOXssM.exe
  C:\Windows\System\GyOXssM.exe
  2⤵
  PID:2888
- C:\Windows\System\jZnIvNJ.exe
  C:\Windows\System\jZnIvNJ.exe
  2⤵
  PID:2820
- C:\Windows\System\lfDBwoo.exe
  C:\Windows\System\lfDBwoo.exe
  2⤵
  PID:7732
- C:\Windows\System\NhCfEVY.exe
  C:\Windows\System\NhCfEVY.exe
  2⤵
  PID:7836
- C:\Windows\System\uwgHxHv.exe
  C:\Windows\System\uwgHxHv.exe
  2⤵
  PID:7876
- C:\Windows\System\UixTuSm.exe
  C:\Windows\System\UixTuSm.exe
  2⤵
  PID:2852
- C:\Windows\System\MVPACDl.exe
  C:\Windows\System\MVPACDl.exe
  2⤵
  PID:3992
- C:\Windows\System\GxpZjgd.exe
  C:\Windows\System\GxpZjgd.exe
  2⤵
  PID:7264
- C:\Windows\System\FcJcrMd.exe
  C:\Windows\System\FcJcrMd.exe
  2⤵
  PID:6216
- C:\Windows\System\SLYOFRh.exe
  C:\Windows\System\SLYOFRh.exe
  2⤵
  PID:2064
- C:\Windows\System\RRxDRTw.exe
  C:\Windows\System\RRxDRTw.exe
  2⤵
  PID:6600
- C:\Windows\System\mPZHpWW.exe
  C:\Windows\System\mPZHpWW.exe
  2⤵
  PID:6660
- C:\Windows\System\KkXrovO.exe
  C:\Windows\System\KkXrovO.exe
  2⤵
  PID:4516
- C:\Windows\System\YloXqiV.exe
  C:\Windows\System\YloXqiV.exe
  2⤵
  PID:7652
- C:\Windows\System\TOJTDtK.exe
  C:\Windows\System\TOJTDtK.exe
  2⤵
  PID:7508
- C:\Windows\System\GpKzqHD.exe
  C:\Windows\System\GpKzqHD.exe
  2⤵
  PID:7248
- C:\Windows\System\myIbQUv.exe
  C:\Windows\System\myIbQUv.exe
  2⤵
  PID:7664
- C:\Windows\System\GnKSofz.exe
  C:\Windows\System\GnKSofz.exe
  2⤵
  PID:1984
- C:\Windows\System\epkNTWh.exe
  C:\Windows\System\epkNTWh.exe
  2⤵
  PID:2960
- C:\Windows\System\UivOMVj.exe
  C:\Windows\System\UivOMVj.exe
  2⤵
  PID:2356
- C:\Windows\System\vbubrho.exe
  C:\Windows\System\vbubrho.exe
  2⤵
  PID:2060
- C:\Windows\System\VJWuhFK.exe
  C:\Windows\System\VJWuhFK.exe
  2⤵
  PID:1792
- C:\Windows\System\zCLHbsl.exe
  C:\Windows\System\zCLHbsl.exe
  2⤵
  PID:7848
- C:\Windows\System\wbSmTyg.exe
  C:\Windows\System\wbSmTyg.exe
  2⤵
  PID:8092
- C:\Windows\System\yZBBGUE.exe
  C:\Windows\System\yZBBGUE.exe
  2⤵
  PID:7672
- C:\Windows\System\bqcQaMJ.exe
  C:\Windows\System\bqcQaMJ.exe
  2⤵
  PID:7540
- C:\Windows\System\YAjuaoY.exe
  C:\Windows\System\YAjuaoY.exe
  2⤵
  PID:2952
- C:\Windows\System\zJlvTSz.exe
  C:\Windows\System\zJlvTSz.exe
  2⤵
  PID:7568
- C:\Windows\System\MkSJLkz.exe
  C:\Windows\System\MkSJLkz.exe
  2⤵
  PID:5084
- C:\Windows\System\zapTrwD.exe
  C:\Windows\System\zapTrwD.exe
  2⤵
  PID:5552
- C:\Windows\System\SMuXXQw.exe
  C:\Windows\System\SMuXXQw.exe
  2⤵
  PID:2028
- C:\Windows\System\GJVTXFB.exe
  C:\Windows\System\GJVTXFB.exe
  2⤵
  PID:3060
- C:\Windows\System\CdYoYBj.exe
  C:\Windows\System\CdYoYBj.exe
  2⤵
  PID:1096
- C:\Windows\System\OfNopHI.exe
  C:\Windows\System\OfNopHI.exe
  2⤵
  PID:7996
- C:\Windows\System\RnXeZXa.exe
  C:\Windows\System\RnXeZXa.exe
  2⤵
  PID:8148
- C:\Windows\System\LvpVHcX.exe
  C:\Windows\System\LvpVHcX.exe
  2⤵
  PID:8200
- C:\Windows\System\PsmBTUj.exe
  C:\Windows\System\PsmBTUj.exe
  2⤵
  PID:8216
- C:\Windows\System\aLXCfgM.exe
  C:\Windows\System\aLXCfgM.exe
  2⤵
  PID:8232
- C:\Windows\System\YXIsspy.exe
  C:\Windows\System\YXIsspy.exe
  2⤵
  PID:8248
- C:\Windows\System\yBPKIal.exe
  C:\Windows\System\yBPKIal.exe
  2⤵
  PID:8264
- C:\Windows\System\Zmcwhpt.exe
  C:\Windows\System\Zmcwhpt.exe
  2⤵
  PID:8280
- C:\Windows\System\kfNnrCc.exe
  C:\Windows\System\kfNnrCc.exe
  2⤵
  PID:8304
- C:\Windows\System\KKLdOno.exe
  C:\Windows\System\KKLdOno.exe
  2⤵
  PID:8324
- C:\Windows\System\fBhyTMD.exe
  C:\Windows\System\fBhyTMD.exe
  2⤵
  PID:8340
- C:\Windows\System\hHlmocj.exe
  C:\Windows\System\hHlmocj.exe
  2⤵
  PID:8356
- C:\Windows\System\qOvODsw.exe
  C:\Windows\System\qOvODsw.exe
  2⤵
  PID:8372
- C:\Windows\System\jritXnt.exe
  C:\Windows\System\jritXnt.exe
  2⤵
  PID:8388
- C:\Windows\System\EFKlTeA.exe
  C:\Windows\System\EFKlTeA.exe
  2⤵
  PID:8404
- C:\Windows\System\uZCvgFC.exe
  C:\Windows\System\uZCvgFC.exe
  2⤵
  PID:8420
- C:\Windows\System\EAZwmQi.exe
  C:\Windows\System\EAZwmQi.exe
  2⤵
  PID:8436
- C:\Windows\System\mjPPNjC.exe
  C:\Windows\System\mjPPNjC.exe
  2⤵
  PID:8452
- C:\Windows\System\ZYnlfgW.exe
  C:\Windows\System\ZYnlfgW.exe
  2⤵
  PID:8468
- C:\Windows\System\RmjeapG.exe
  C:\Windows\System\RmjeapG.exe
  2⤵
  PID:8484
- C:\Windows\System\QHhupkd.exe
  C:\Windows\System\QHhupkd.exe
  2⤵
  PID:8500
- C:\Windows\System\qzybykr.exe
  C:\Windows\System\qzybykr.exe
  2⤵
  PID:8516
- C:\Windows\System\xigdCOw.exe
  C:\Windows\System\xigdCOw.exe
  2⤵
  PID:8532
- C:\Windows\System\jzSYLcB.exe
  C:\Windows\System\jzSYLcB.exe
  2⤵
  PID:8548
- C:\Windows\System\eUkGKty.exe
  C:\Windows\System\eUkGKty.exe
  2⤵
  PID:8568
- C:\Windows\System\WktfcRk.exe
  C:\Windows\System\WktfcRk.exe
  2⤵
  PID:8584
- C:\Windows\System\vZDeVSl.exe
  C:\Windows\System\vZDeVSl.exe
  2⤵
  PID:8604
- C:\Windows\System\XMOOhbJ.exe
  C:\Windows\System\XMOOhbJ.exe
  2⤵
  PID:8620
- C:\Windows\System\FkNYila.exe
  C:\Windows\System\FkNYila.exe
  2⤵
  PID:8636
- C:\Windows\System\IIzamcq.exe
  C:\Windows\System\IIzamcq.exe
  2⤵
  PID:8652
- C:\Windows\System\PskAUTh.exe
  C:\Windows\System\PskAUTh.exe
  2⤵
  PID:8668
- C:\Windows\System\lHBWByn.exe
  C:\Windows\System\lHBWByn.exe
  2⤵
  PID:8688
- C:\Windows\System\ioTyOQy.exe
  C:\Windows\System\ioTyOQy.exe
  2⤵
  PID:8704
- C:\Windows\System\OrbFszj.exe
  C:\Windows\System\OrbFszj.exe
  2⤵
  PID:8720
- C:\Windows\System\QhTiTZO.exe
  C:\Windows\System\QhTiTZO.exe
  2⤵
  PID:8736
- C:\Windows\System\UxITTTy.exe
  C:\Windows\System\UxITTTy.exe
  2⤵
  PID:8752
- C:\Windows\System\ygClJDW.exe
  C:\Windows\System\ygClJDW.exe
  2⤵
  PID:8768
- C:\Windows\System\TnJNVAV.exe
  C:\Windows\System\TnJNVAV.exe
  2⤵
  PID:8784
- C:\Windows\System\MfvcVqt.exe
  C:\Windows\System\MfvcVqt.exe
  2⤵
  PID:8800
- C:\Windows\System\fipeQwR.exe
  C:\Windows\System\fipeQwR.exe
  2⤵
  PID:8816
- C:\Windows\System\KoCtHRL.exe
  C:\Windows\System\KoCtHRL.exe
  2⤵
  PID:8832
- C:\Windows\System\JYWkWdz.exe
  C:\Windows\System\JYWkWdz.exe
  2⤵
  PID:8848
- C:\Windows\System\AFtOofm.exe
  C:\Windows\System\AFtOofm.exe
  2⤵
  PID:8864
- C:\Windows\System\WyaIanS.exe
  C:\Windows\System\WyaIanS.exe
  2⤵
  PID:8880
- C:\Windows\System\lKToSia.exe
  C:\Windows\System\lKToSia.exe
  2⤵
  PID:8896
- C:\Windows\System\wipNaHM.exe
  C:\Windows\System\wipNaHM.exe
  2⤵
  PID:8912
- C:\Windows\System\QROGxUP.exe
  C:\Windows\System\QROGxUP.exe
  2⤵
  PID:8928
- C:\Windows\System\TkpHoUE.exe
  C:\Windows\System\TkpHoUE.exe
  2⤵
  PID:8944
- C:\Windows\System\wGihATi.exe
  C:\Windows\System\wGihATi.exe
  2⤵
  PID:8960
- C:\Windows\System\cuMyyLY.exe
  C:\Windows\System\cuMyyLY.exe
  2⤵
  PID:8976
- C:\Windows\System\OEHZhnP.exe
  C:\Windows\System\OEHZhnP.exe
  2⤵
  PID:8992
- C:\Windows\System\DxlIyNE.exe
  C:\Windows\System\DxlIyNE.exe
  2⤵
  PID:9008
- C:\Windows\System\CPgfvCN.exe
  C:\Windows\System\CPgfvCN.exe
  2⤵
  PID:9024
- C:\Windows\System\aLyJRXF.exe
  C:\Windows\System\aLyJRXF.exe
  2⤵
  PID:9040
- C:\Windows\System\FMvvHAG.exe
  C:\Windows\System\FMvvHAG.exe
  2⤵
  PID:9056
- C:\Windows\System\BdeLvJt.exe
  C:\Windows\System\BdeLvJt.exe
  2⤵
  PID:9072
- C:\Windows\System\uCFTlpo.exe
  C:\Windows\System\uCFTlpo.exe
  2⤵
  PID:9088
- C:\Windows\System\eYXLTkB.exe
  C:\Windows\System\eYXLTkB.exe
  2⤵
  PID:9104
- C:\Windows\System\dFekwWa.exe
  C:\Windows\System\dFekwWa.exe
  2⤵
  PID:9120
- C:\Windows\System\KhrANkT.exe
  C:\Windows\System\KhrANkT.exe
  2⤵
  PID:9136
- C:\Windows\System\ORrqAfd.exe
  C:\Windows\System\ORrqAfd.exe
  2⤵
  PID:9152
- C:\Windows\System\QkgQCme.exe
  C:\Windows\System\QkgQCme.exe
  2⤵
  PID:9168
- C:\Windows\System\IVhRJnM.exe
  C:\Windows\System\IVhRJnM.exe
  2⤵
  PID:9184
- C:\Windows\System\HLtfrua.exe
  C:\Windows\System\HLtfrua.exe
  2⤵
  PID:9200
- C:\Windows\System\CSahVDP.exe
  C:\Windows\System\CSahVDP.exe
  2⤵
  PID:2520
- C:\Windows\System\WvzImfi.exe
  C:\Windows\System\WvzImfi.exe
  2⤵
  PID:7972
- C:\Windows\System\LFrbUbf.exe
  C:\Windows\System\LFrbUbf.exe
  2⤵
  PID:8228
- C:\Windows\System\UYyPpPm.exe
  C:\Windows\System\UYyPpPm.exe
  2⤵
  PID:7232
- C:\Windows\System\GLjMpAs.exe
  C:\Windows\System\GLjMpAs.exe
  2⤵
  PID:1628
- C:\Windows\System\NIFqscT.exe
  C:\Windows\System\NIFqscT.exe
  2⤵
  PID:7220
- C:\Windows\System\FjRLLxC.exe
  C:\Windows\System\FjRLLxC.exe
  2⤵
  PID:2304
- C:\Windows\System\sdNRHCX.exe
  C:\Windows\System\sdNRHCX.exe
  2⤵
  PID:8244
- C:\Windows\System\QqiYtOf.exe
  C:\Windows\System\QqiYtOf.exe
  2⤵
  PID:8316
- C:\Windows\System\ceCidgL.exe
  C:\Windows\System\ceCidgL.exe
  2⤵
  PID:8336
- C:\Windows\System\YdMGSVX.exe
  C:\Windows\System\YdMGSVX.exe
  2⤵
  PID:8444
- C:\Windows\System\CBSGYOi.exe
  C:\Windows\System\CBSGYOi.exe
  2⤵
  PID:8448
- C:\Windows\System\vymuroW.exe
  C:\Windows\System\vymuroW.exe
  2⤵
  PID:8492
- C:\Windows\System\FEUSIjN.exe
  C:\Windows\System\FEUSIjN.exe
  2⤵
  PID:8496
- C:\Windows\System\YjhAtmM.exe
  C:\Windows\System\YjhAtmM.exe
  2⤵
  PID:8592
- C:\Windows\System\hZdrkEy.exe
  C:\Windows\System\hZdrkEy.exe
  2⤵
  PID:8660
- C:\Windows\System\jJiNcez.exe
  C:\Windows\System\jJiNcez.exe
  2⤵
  PID:8728
- C:\Windows\System\ogEdNBS.exe
  C:\Windows\System\ogEdNBS.exe
  2⤵
  PID:8576
- C:\Windows\System\UzVPTFI.exe
  C:\Windows\System\UzVPTFI.exe
  2⤵
  PID:8888
- C:\Windows\System\MOyMuVe.exe
  C:\Windows\System\MOyMuVe.exe
  2⤵
  PID:8644
- C:\Windows\System\vjVDSEY.exe
  C:\Windows\System\vjVDSEY.exe
  2⤵
  PID:8956
- C:\Windows\System\AGEyBmf.exe
  C:\Windows\System\AGEyBmf.exe
  2⤵
  PID:9048
- C:\Windows\System\myGgDNf.exe
  C:\Windows\System\myGgDNf.exe
  2⤵
  PID:8812
- C:\Windows\System\rPPZhOf.exe
  C:\Windows\System\rPPZhOf.exe
  2⤵
  PID:8648
- C:\Windows\System\fQwyJem.exe
  C:\Windows\System\fQwyJem.exe
  2⤵
  PID:8748
- C:\Windows\System\WrrFYnc.exe
  C:\Windows\System\WrrFYnc.exe
  2⤵
  PID:8940
- C:\Windows\System\YsrsTOQ.exe
  C:\Windows\System\YsrsTOQ.exe
  2⤵
  PID:8936
- C:\Windows\System\ZCtlFBU.exe
  C:\Windows\System\ZCtlFBU.exe
  2⤵
  PID:9064
- C:\Windows\System\FbnGbAu.exe
  C:\Windows\System\FbnGbAu.exe
  2⤵
  PID:9112
- C:\Windows\System\XMLemMr.exe
  C:\Windows\System\XMLemMr.exe
  2⤵
  PID:9160
- C:\Windows\System\buaeRIv.exe
  C:\Windows\System\buaeRIv.exe
  2⤵
  PID:9148
- C:\Windows\System\lDEJzBy.exe
  C:\Windows\System\lDEJzBy.exe
  2⤵
  PID:9196
- C:\Windows\System\yIymweH.exe
  C:\Windows\System\yIymweH.exe
  2⤵
  PID:2848
- C:\Windows\System\bfneaEx.exe
  C:\Windows\System\bfneaEx.exe
  2⤵
  PID:8212
- C:\Windows\System\BcnLqBZ.exe
  C:\Windows\System\BcnLqBZ.exe
  2⤵
  PID:8288
- C:\Windows\System\IEALZiV.exe
  C:\Windows\System\IEALZiV.exe
  2⤵
  PID:8276
- C:\Windows\System\TitTVWa.exe
  C:\Windows\System\TitTVWa.exe
  2⤵
  PID:8348
- C:\Windows\System\UXCotzO.exe
  C:\Windows\System\UXCotzO.exe
  2⤵
  PID:8332
- C:\Windows\System\bcSseec.exe
  C:\Windows\System\bcSseec.exe
  2⤵
  PID:8400
- C:\Windows\System\OFWZvqh.exe
  C:\Windows\System\OFWZvqh.exe
  2⤵
  PID:8480
- C:\Windows\System\teHfNmd.exe
  C:\Windows\System\teHfNmd.exe
  2⤵
  PID:8696
- C:\Windows\System\xmwocYW.exe
  C:\Windows\System\xmwocYW.exe
  2⤵
  PID:8464
- C:\Windows\System\nIbHbAz.exe
  C:\Windows\System\nIbHbAz.exe
  2⤵
  PID:8628
- C:\Windows\System\ldxUIDH.exe
  C:\Windows\System\ldxUIDH.exe
  2⤵
  PID:8792
- C:\Windows\System\pWGaHfa.exe
  C:\Windows\System\pWGaHfa.exe
  2⤵
  PID:8856
- C:\Windows\System\bwcRtxG.exe
  C:\Windows\System\bwcRtxG.exe
  2⤵
  PID:8924
- C:\Windows\System\iQntaLD.exe
  C:\Windows\System\iQntaLD.exe
  2⤵
  PID:8780
- C:\Windows\System\hTzvbeb.exe
  C:\Windows\System\hTzvbeb.exe
  2⤵
  PID:8840
- C:\Windows\System\IolyVPC.exe
  C:\Windows\System\IolyVPC.exe
  2⤵
  PID:8844
- C:\Windows\System\WvGHsRi.exe
  C:\Windows\System\WvGHsRi.exe
  2⤵
  PID:8908
- C:\Windows\System\DkDTPtx.exe
  C:\Windows\System\DkDTPtx.exe
  2⤵
  PID:8808
- C:\Windows\System\awsXmRE.exe
  C:\Windows\System\awsXmRE.exe
  2⤵
  PID:8260
- C:\Windows\System\PNuBelo.exe
  C:\Windows\System\PNuBelo.exe
  2⤵
  PID:7572
- C:\Windows\System\UlElUal.exe
  C:\Windows\System\UlElUal.exe
  2⤵
  PID:8296
- C:\Windows\System\Tsaplzm.exe
  C:\Windows\System\Tsaplzm.exe
  2⤵
  PID:1664
- C:\Windows\System\txVzRYk.exe
  C:\Windows\System\txVzRYk.exe
  2⤵
  PID:8412
- C:\Windows\System\nFtUcvw.exe
  C:\Windows\System\nFtUcvw.exe
  2⤵
  PID:8528
- C:\Windows\System\okvNuug.exe
  C:\Windows\System\okvNuug.exe
  2⤵
  PID:8860
- C:\Windows\System\RChTmla.exe
  C:\Windows\System\RChTmla.exe
  2⤵
  PID:9016
- C:\Windows\System\KcXnDEt.exe
  C:\Windows\System\KcXnDEt.exe
  2⤵
  PID:8632
- C:\Windows\System\SYavrQT.exe
  C:\Windows\System\SYavrQT.exe
  2⤵
  PID:8616
- C:\Windows\System\FZhLAgd.exe
  C:\Windows\System\FZhLAgd.exe
  2⤵
  PID:8876
- C:\Windows\System\WEKEwCK.exe
  C:\Windows\System\WEKEwCK.exe
  2⤵
  PID:8300
- C:\Windows\System\laTexso.exe
  C:\Windows\System\laTexso.exe
  2⤵
  PID:8600
- C:\Windows\System\ffzZuHr.exe
  C:\Windows\System\ffzZuHr.exe
  2⤵
  PID:9180
- C:\Windows\System\bngXlVm.exe
  C:\Windows\System\bngXlVm.exe
  2⤵
  PID:8524
- C:\Windows\System\FINAiRp.exe
  C:\Windows\System\FINAiRp.exe
  2⤵
  PID:9084
- C:\Windows\System\vqmbseu.exe
  C:\Windows\System\vqmbseu.exe
  2⤵
  PID:9004
- C:\Windows\System\ByIOpBX.exe
  C:\Windows\System\ByIOpBX.exe
  2⤵
  PID:8072
- C:\Windows\System\VPCGDIV.exe
  C:\Windows\System\VPCGDIV.exe
  2⤵
  PID:9116
- C:\Windows\System\PQVpNyj.exe
  C:\Windows\System\PQVpNyj.exe
  2⤵
  PID:9224
- C:\Windows\System\jjqHHcE.exe
  C:\Windows\System\jjqHHcE.exe
  2⤵
  PID:9240
- C:\Windows\System\NDTvaSe.exe
  C:\Windows\System\NDTvaSe.exe
  2⤵
  PID:9260
- C:\Windows\System\TmjjfCd.exe
  C:\Windows\System\TmjjfCd.exe
  2⤵
  PID:9276
- C:\Windows\System\SrORdqJ.exe
  C:\Windows\System\SrORdqJ.exe
  2⤵
  PID:9292
- C:\Windows\System\aeqhlgC.exe
  C:\Windows\System\aeqhlgC.exe
  2⤵
  PID:9308
- C:\Windows\System\AJjSuao.exe
  C:\Windows\System\AJjSuao.exe
  2⤵
  PID:9328
- C:\Windows\System\ZChGprb.exe
  C:\Windows\System\ZChGprb.exe
  2⤵
  PID:9344
- C:\Windows\System\EccQFHn.exe
  C:\Windows\System\EccQFHn.exe
  2⤵
  PID:9360
- C:\Windows\System\ZBqEuQJ.exe
  C:\Windows\System\ZBqEuQJ.exe
  2⤵
  PID:9376
- C:\Windows\System\Evvqzku.exe
  C:\Windows\System\Evvqzku.exe
  2⤵
  PID:9392
- C:\Windows\System\mMDBHoC.exe
  C:\Windows\System\mMDBHoC.exe
  2⤵
  PID:9408
- C:\Windows\System\CEahylk.exe
  C:\Windows\System\CEahylk.exe
  2⤵
  PID:9428
- C:\Windows\System\RtogNlr.exe
  C:\Windows\System\RtogNlr.exe
  2⤵
  PID:9448
- C:\Windows\System\WKrwgKC.exe
  C:\Windows\System\WKrwgKC.exe
  2⤵
  PID:9464
- C:\Windows\System\ZDhwLlY.exe
  C:\Windows\System\ZDhwLlY.exe
  2⤵
  PID:9480
- C:\Windows\System\MOJAqaJ.exe
  C:\Windows\System\MOJAqaJ.exe
  2⤵
  PID:9496
- C:\Windows\System\TWaboCw.exe
  C:\Windows\System\TWaboCw.exe
  2⤵
  PID:9512
- C:\Windows\System\MJgBnLP.exe
  C:\Windows\System\MJgBnLP.exe
  2⤵
  PID:9528
- C:\Windows\System\iFmbGgL.exe
  C:\Windows\System\iFmbGgL.exe
  2⤵
  PID:9544
- C:\Windows\System\vMilBNR.exe
  C:\Windows\System\vMilBNR.exe
  2⤵
  PID:9560
- C:\Windows\System\OhyGJqB.exe
  C:\Windows\System\OhyGJqB.exe
  2⤵
  PID:9576
- C:\Windows\System\MmngoKK.exe
  C:\Windows\System\MmngoKK.exe
  2⤵
  PID:9592
- C:\Windows\System\duqcTIg.exe
  C:\Windows\System\duqcTIg.exe
  2⤵
  PID:9612
- C:\Windows\System\rvGxbxh.exe
  C:\Windows\System\rvGxbxh.exe
  2⤵
  PID:9628
- C:\Windows\System\EXhtQec.exe
  C:\Windows\System\EXhtQec.exe
  2⤵
  PID:9644
- C:\Windows\System\hBolnXC.exe
  C:\Windows\System\hBolnXC.exe
  2⤵
  PID:9660
- C:\Windows\System\APJoqmG.exe
  C:\Windows\System\APJoqmG.exe
  2⤵
  PID:9676
- C:\Windows\System\scCoGNO.exe
  C:\Windows\System\scCoGNO.exe
  2⤵
  PID:9692
- C:\Windows\System\WNPhIsV.exe
  C:\Windows\System\WNPhIsV.exe
  2⤵
  PID:9708
- C:\Windows\System\InoyBes.exe
  C:\Windows\System\InoyBes.exe
  2⤵
  PID:9724
- C:\Windows\System\LUeNwTt.exe
  C:\Windows\System\LUeNwTt.exe
  2⤵
  PID:9740
- C:\Windows\System\qdqoYkO.exe
  C:\Windows\System\qdqoYkO.exe
  2⤵
  PID:9760
- C:\Windows\System\dnMtYpb.exe
  C:\Windows\System\dnMtYpb.exe
  2⤵
  PID:9776
- C:\Windows\System\FxrTudO.exe
  C:\Windows\System\FxrTudO.exe
  2⤵
  PID:9864
- C:\Windows\System\BYfqNNA.exe
  C:\Windows\System\BYfqNNA.exe
  2⤵
  PID:9888
- C:\Windows\System\BYhPWVt.exe
  C:\Windows\System\BYhPWVt.exe
  2⤵
  PID:9904
- C:\Windows\System\puumOuq.exe
  C:\Windows\System\puumOuq.exe
  2⤵
  PID:9920
- C:\Windows\System\qRbdLqt.exe
  C:\Windows\System\qRbdLqt.exe
  2⤵
  PID:9940
- C:\Windows\System\MDXsgbK.exe
  C:\Windows\System\MDXsgbK.exe
  2⤵
  PID:9956
- C:\Windows\System\QIctpDt.exe
  C:\Windows\System\QIctpDt.exe
  2⤵
  PID:10104
- C:\Windows\System\CYCEINy.exe
  C:\Windows\System\CYCEINy.exe
  2⤵
  PID:10132
- C:\Windows\System\OTrheyT.exe
  C:\Windows\System\OTrheyT.exe
  2⤵
  PID:10164
- C:\Windows\System\UkloDpH.exe
  C:\Windows\System\UkloDpH.exe
  2⤵
  PID:10180
- C:\Windows\System\pOugADr.exe
  C:\Windows\System\pOugADr.exe
  2⤵
  PID:10196
- C:\Windows\System\eBJIxQG.exe
  C:\Windows\System\eBJIxQG.exe
  2⤵
  PID:10212
- C:\Windows\System\IeCfkKp.exe
  C:\Windows\System\IeCfkKp.exe
  2⤵
  PID:10228
- C:\Windows\System\vpRVjIf.exe
  C:\Windows\System\vpRVjIf.exe
  2⤵
  PID:8700
- C:\Windows\System\dAVnxEq.exe
  C:\Windows\System\dAVnxEq.exe
  2⤵
  PID:8872
- C:\Windows\System\ZIATeJu.exe
  C:\Windows\System\ZIATeJu.exe
  2⤵
  PID:2708
- C:\Windows\System\uhosHLO.exe
  C:\Windows\System\uhosHLO.exe
  2⤵
  PID:8292
- C:\Windows\System\fAYfzVP.exe
  C:\Windows\System\fAYfzVP.exe
  2⤵
  PID:9284
- C:\Windows\System\bJUhEVc.exe
  C:\Windows\System\bJUhEVc.exe
  2⤵
  PID:9288
- C:\Windows\System\sFyLeLo.exe
  C:\Windows\System\sFyLeLo.exe
  2⤵
  PID:9508
- C:\Windows\System\xuarwWc.exe
  C:\Windows\System\xuarwWc.exe
  2⤵
  PID:9756
- C:\Windows\System\rgFJjVJ.exe
  C:\Windows\System\rgFJjVJ.exe
  2⤵
  PID:9788
- C:\Windows\System\kvcLiac.exe
  C:\Windows\System\kvcLiac.exe
  2⤵
  PID:9808
- C:\Windows\System\eDjrcnq.exe
  C:\Windows\System\eDjrcnq.exe
  2⤵
  PID:9832
- C:\Windows\System\fKeTHes.exe
  C:\Windows\System\fKeTHes.exe
  2⤵
  PID:9876
- C:\Windows\System\sHGXeIl.exe
  C:\Windows\System\sHGXeIl.exe
  2⤵
  PID:9916
- C:\Windows\System\ZhSbXGU.exe
  C:\Windows\System\ZhSbXGU.exe
  2⤵
  PID:9900
- C:\Windows\System\YdUvqUP.exe
  C:\Windows\System\YdUvqUP.exe
  2⤵
  PID:9928
- C:\Windows\System\ktCujZR.exe
  C:\Windows\System\ktCujZR.exe
  2⤵
  PID:9972
- C:\Windows\System\sPmNLjQ.exe
  C:\Windows\System\sPmNLjQ.exe
  2⤵
  PID:9988
- C:\Windows\System\iZigAdO.exe
  C:\Windows\System\iZigAdO.exe
  2⤵
  PID:10008
- C:\Windows\System\pJldhgk.exe
  C:\Windows\System\pJldhgk.exe
  2⤵
  PID:10024
- C:\Windows\System\VJbpkyn.exe
  C:\Windows\System\VJbpkyn.exe
  2⤵
  PID:10036
- C:\Windows\System\hCkkuJz.exe
  C:\Windows\System\hCkkuJz.exe
  2⤵
  PID:10052
- C:\Windows\System\HXQWsCM.exe
  C:\Windows\System\HXQWsCM.exe
  2⤵
  PID:10072
- C:\Windows\System\zjdKJtT.exe
  C:\Windows\System\zjdKJtT.exe
  2⤵
  PID:10092
- C:\Windows\System\ABcHqmt.exe
  C:\Windows\System\ABcHqmt.exe
  2⤵
  PID:10088
- C:\Windows\System\biNlmGl.exe
  C:\Windows\System\biNlmGl.exe
  2⤵
  PID:10124
- C:\Windows\System\wqkJDWV.exe
  C:\Windows\System\wqkJDWV.exe
  2⤵
  PID:10176
- C:\Windows\System\wVvxKXP.exe
  C:\Windows\System\wVvxKXP.exe
  2⤵
  PID:8764
- C:\Windows\System\PjSJKxh.exe
  C:\Windows\System\PjSJKxh.exe
  2⤵
  PID:10152
- C:\Windows\System\oJGBwsQ.exe
  C:\Windows\System\oJGBwsQ.exe
  2⤵
  PID:9252
- C:\Windows\System\FaXZFkZ.exe
  C:\Windows\System\FaXZFkZ.exe
  2⤵
  PID:10220
- C:\Windows\System\dENHxIq.exe
  C:\Windows\System\dENHxIq.exe
  2⤵
  PID:9316
- C:\Windows\System\GtFLZFf.exe
  C:\Windows\System\GtFLZFf.exe
  2⤵
  PID:9320
- C:\Windows\System\gCSMCTP.exe
  C:\Windows\System\gCSMCTP.exe
  2⤵
  PID:9356
- C:\Windows\System\aqexXMa.exe
  C:\Windows\System\aqexXMa.exe
  2⤵
  PID:9400
- C:\Windows\System\DVWpGgP.exe
  C:\Windows\System\DVWpGgP.exe
  2⤵
  PID:9568
- C:\Windows\System\ewniOvN.exe
  C:\Windows\System\ewniOvN.exe
  2⤵
  PID:9556
- C:\Windows\System\GmeOOOx.exe
  C:\Windows\System\GmeOOOx.exe
  2⤵
  PID:9552
- C:\Windows\System\QGEAzoH.exe
  C:\Windows\System\QGEAzoH.exe
  2⤵
  PID:9488
- C:\Windows\System\CuTeqDe.exe
  C:\Windows\System\CuTeqDe.exe
  2⤵
  PID:9080
- C:\Windows\System\IYYguJU.exe
  C:\Windows\System\IYYguJU.exe
  2⤵
  PID:9824
- C:\Windows\System\wCndgnX.exe
  C:\Windows\System\wCndgnX.exe
  2⤵
  PID:10028
- C:\Windows\System\zIbZsde.exe
  C:\Windows\System\zIbZsde.exe
  2⤵
  PID:10084
- C:\Windows\System\ASviqod.exe
  C:\Windows\System\ASviqod.exe
  2⤵
  PID:10144
- C:\Windows\System\BVljegq.exe
  C:\Windows\System\BVljegq.exe
  2⤵
  PID:9352
- C:\Windows\System\puoiMyL.exe
  C:\Windows\System\puoiMyL.exe
  2⤵
  PID:9304
- C:\Windows\System\RukKJcv.exe
  C:\Windows\System\RukKJcv.exe
  2⤵
  PID:9584
- C:\Windows\System\SvZNvzf.exe
  C:\Windows\System\SvZNvzf.exe
  2⤵
  PID:9652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CALIRfS.exe

Filesize
6.0MB

MD5
68d7b8b5b837ee40b40fba4ee7b9a34d

SHA1
1adbce4a0901db8106cda343bbc0bde997e56dba

SHA256
67403512b48450878d4b7ec9c6df0a182eaa2e46422bd99b8005510dab6c9be8

SHA512
6ef4389e99d6d3b775c7e4404f8731f39ab50afa1aaa77bbb69e6a445ecc504069f6c8885a3060745814a0d3569aec9b7261ae72296ed16f220e63267336b21c

Download Submit
C:\Windows\system\Elisbrl.exe

Filesize
6.0MB

MD5
ee04390d90584957b14b080c09e075bf

SHA1
3afcd0ad6d751fbb0d327510e7cd29b615e28209

SHA256
8fc574fae101ad8b1f59bbc1a5d132f4b96ba32a282c16cbe877f36e7fb32376

SHA512
cc1501dfadacf9b498317d030c03c7fa15383bc77ef81ba048b8283393e44751592d6646dfff748dd0c3cb310cd5c3a2a6f57aa0a662bc8c41ed9bdda2a82ddc

Download Submit
C:\Windows\system\FqIvUgM.exe

Filesize
6.0MB

MD5
eacb2ad0618ef6e76a8e9a2375bab270

SHA1
01030eec627ff37f8b3e6a2220051805f8e14f05

SHA256
cbbd38777448d352a4ba49259680eee3f7de18f2dbd8e634dcf68e3bdecd331f

SHA512
80c591b9f476de2ffb1ab558a47e65c25301c40a295e0dfb197972164ac3e525fa75d5444a6063bf20f464be393707b8086230f55a7cf8b456bb5f810f3999b6

Download Submit
C:\Windows\system\KhOsOzy.exe

Filesize
6.0MB

MD5
ed3d3ca4568d1158acb07c0a445f8f89

SHA1
56aa29ca47cbe2613f21091d63d8b60496155229

SHA256
7a61c3292faaf443ab6a5ed8e40c90b358af1b262b73c85d839949ec0c34c49a

SHA512
a87d9532943e5f26efd6fee49032838f3822d956a6f27e8b0ed813f9d59f483e7213df5ebd09ee33b3b00117e5385d2fa824f3b105e24e3920bb2e42fe645116

Download Submit
C:\Windows\system\MdExLYZ.exe

Filesize
6.0MB

MD5
07aff7907d99743bffd317859f529cf8

SHA1
d9b93931a7a92815514f9d1c57fadd014127b0e0

SHA256
61e62bcef008c6f2e62efda268413d11226ae8625088fd6bbcb11c7b0373ea4c

SHA512
efa1f95c8f4c08f70f7a2222fb2b02032ce2de5538b4958fc15a6339f46d1cee20415ddc62732b2ed696e4bea6385cd8bf314c200b399008adfa770726c41961

Download Submit
C:\Windows\system\NGbdJoz.exe

Filesize
6.0MB

MD5
517370d85f08c390588300ed60c90f84

SHA1
5c89fcddace80ba554557542e223e05b52285784

SHA256
a195c93b53a1ca20a6183daab1361af211d470a40b9109386f87c8eaba41735f

SHA512
54c71adccd691b2138f17290b553424c71d8e91a1182e9685c73deb9b7a1fc5c1d2d1b3a7e155ef38c348e421ea40cc4b737d131581d4e5b7e0f7d80f53bf0f8

Download Submit
C:\Windows\system\NiRIrDi.exe

Filesize
6.0MB

MD5
3367c60312c47fbfa02eb6b8719e068a

SHA1
e24c49c5b765d1d6a9b805c394c833228174c5fa

SHA256
d006725445b94d6722687daeaaeb69abb119bc9a209b3d0080e7eac345d204b7

SHA512
455495fe2a70050edefee508344bc0347bfa0bd00c5c4403dac563e54d1263c73880745fc759f6e25cbc02818fd6b1177f3441f8d2379950077cca71f29e5ea9

Download Submit
C:\Windows\system\QGtRXaG.exe

Filesize
6.0MB

MD5
34b253767b5cc1be12c9cc7aa9858200

SHA1
8883f8c1ef5427dab1d6750c093b534749260366

SHA256
748b40afd6c35c350711a545e5d738499d257f98228d7280e5d848e6e2d1988b

SHA512
5c823bbbcf65e0110195a28aaa535df7ec606f60fc582bc775fdebc0cf85de0803e75d5f31280274e7f39616efde6e81032b51362d38b0773f177dbdd1db7820

Download Submit
C:\Windows\system\RFzPwXz.exe

Filesize
6.0MB

MD5
07869b9386bc30ad6d7f9604a8c08bf4

SHA1
2c274ff6b8abbb1ec163dd04f2c969b55468724e

SHA256
17f487ab803a194b975cdb41cea38778cae9db6cfc9bf75790606bdb2daf8863

SHA512
2dde3ceda6ba15a813288799af36dc6ddecf941ef7718a556e305202b50d5c341dd2315edfca3fc71e5854642d40ccd6b39035e09a6f81a6a11813701b60c09b

Download Submit
C:\Windows\system\URiRjkQ.exe

Filesize
6.0MB

MD5
5e04984831faa59d074e8f3590794be2

SHA1
01e9f097eaa5081d0b9459e47083113a9068daa9

SHA256
60dc8ef44fa70e31a15bfa59b606cb5286cd00500fa5b5e36137d06f9968de19

SHA512
af3548b0fb15131066919bffc030e3e0463089a46207611d35b9a4d19458eea543d0005bbebe1be31188f818695b0ba20e6414181a94744915ad9ecf13381be6

Download Submit
C:\Windows\system\XNPTUzj.exe

Filesize
6.0MB

MD5
4869c2bd54dc2a6620377c3bfb0b493e

SHA1
fe3695f96c85dc7cad4807352075343560efedbf

SHA256
bb67ff3ca667fb1a29c53a1f9882cefaf234c5da842f8435b44c653d44a9821a

SHA512
054635c126b4c0e311ff0ecb8e544011410f4e0e109619238f15fb918eb56603eaa015f61fcf37bc1d32fa7d79d93abf8684c6540f710a60268bedca83d609be

Download Submit
C:\Windows\system\XYPFhqu.exe

Filesize
6.0MB

MD5
c26f4ca4e36710fde9025de2080b5528

SHA1
1c42b681f50804c0fd275808440d440368955841

SHA256
3e99a4f955811b1f0c47f243e1e9662b44df315ca5ce4d5d9c615498c85ae2b0

SHA512
3483565a5073ce48e9c22f8dbf8b1334ec9c47648908f8d16d5319f4c1e4d257baa81e73d461038f14d4ec61298841d92b380fe88946c17e7e8bf6d0817821de

Download Submit
C:\Windows\system\YGaANbk.exe

Filesize
6.0MB

MD5
9ac2076f84d816fd91edcb2dc703271d

SHA1
f80ba71842b45889dda7cff55c95ff495e650a76

SHA256
190149a64676f4e49d85f467fce81a55bace687134e97d161cebe0dc8bcf3a74

SHA512
5c89df2218f52eeca892e670ed0a36f8e2e455024e6a3322a08a24d7a9c0929a234502184c7ab21d727ccdad2143737882ac23295b51c33e7e3ac7dbda9d733a

Download Submit
C:\Windows\system\deSfFCz.exe

Filesize
6.0MB

MD5
d0ffa6dfa42fc1b377eb76739d22adb7

SHA1
5abc64dc2ad67bb1814dfb7f32601855e6dbead8

SHA256
15fdcf12ef1aa3c09186f89c7f9222c8130af548784be5f09b12e671272a109a

SHA512
4e2b2415c785bf2ad693ff18c6e1e83f4cffa884a11873580a11574410f0288cebb709050159418cadb1560d8f8f227616e021f7eb55cd75952b3f512785ac9f

Download Submit
C:\Windows\system\kGzwaec.exe

Filesize
6.0MB

MD5
84d29c772ee5c96560c7646c52152bc8

SHA1
334fc38cbbc7f9ab4a0e39f3e7ff800d7a38e8d4

SHA256
9254b9d6bf1e25964a08e93450ca2f324c8418beab3bf5b4ab4b43aca0a8a034

SHA512
3f5b1fe5bc3bfff31c4b687f66fac00045c3255ada0b72e94efa944e5bb4152e28c2cf5bdc8b2dc3e979e0716b22e75f7506374b4980ce83f6cea1949179262a

Download Submit
C:\Windows\system\kfidMlX.exe

Filesize
6.0MB

MD5
7ee448dc1831a14f52697aa9236c0c8f

SHA1
3a356c7d411f8b253050a188f499929cde474773

SHA256
dccb6ae11a2045919ac04384a8a306a84046ee09de875c21e5e64f883f766164

SHA512
0787374cdc2fbaacbd6e754525cc83548588b356536a11a1bb8ec57510d644e12d85b987556632d05d8df53b9a329f403ed242830021c161068a4d45265ee2d1

Download Submit
C:\Windows\system\mgIJGWd.exe

Filesize
6.0MB

MD5
70a4a84f028191b4c2bba4f7ea5e004a

SHA1
fc69d9f63b0522242ca62e7a9e73972146054958

SHA256
fc0f8a9a12b58691612984feb91c54c8f12303b1f756ac6bfd5249c6a5c0397a

SHA512
79a580d58e55e392f483549b1e1a10f172631603c34997a178afe1e40884079d0b9a8c86bc8cc920c71c2dc544c966126939d87dd169dcb61fe4884f489c28bf

Download Submit
C:\Windows\system\qVBMgop.exe

Filesize
6.0MB

MD5
b8536b5dd4656de3024e07554fe3dccc

SHA1
9326c337927fd26bf09b601fa935ddaeebd0a081

SHA256
d266d1b72892c36d2c2e942c4faa692d7773d948743d168989aed97e9c764ef1

SHA512
61573379762523a0ab43c83526aa6b8bf1887f79a5f22d9d63eeb89b6224ac2ad4dcfd6c2e45fafb1634e25772a9700c10d816d0e413d0696db4193940b3491d

Download Submit
C:\Windows\system\rjaBotp.exe

Filesize
6.0MB

MD5
2d3428acf15d779a4e862f3ca86f592b

SHA1
938d061527680fdaa7af4d77824c05ffe845b9c7

SHA256
69423e53bfd55bdeec91e83391c259e5c01dc1fa5c57acd49b1edecee522be82

SHA512
cd8cce4ff5ccbb9dbfb7e37840afac6f94a7adcdb197bc2da32fd742dadb685da56a87a2d06c3717212ef31dca9e42517a74f62148a583fa976909d5fa806709

Download Submit
C:\Windows\system\rywtUVj.exe

Filesize
6.0MB

MD5
254134f79710cda4e511c71cd6c5667c

SHA1
3b7716cc506c419e6870c83ed488f4cfcf78e974

SHA256
c23c37e76214465d4f1e508393cb004e2fa0735d903eaeffb90290787fd38014

SHA512
bec799baf8dd13f00e8ece230eea66b7c4c3be18a16a493b4cc9927872144c856a1583986773b64631217b4bd6b966f2626623537b7b58fae4e22de8eab664e7

Download Submit
C:\Windows\system\sAiKPps.exe

Filesize
6.0MB

MD5
cbafaba3c60cf6921c58c843f3c4fb76

SHA1
6798e6adb4aed42b703ead7d8558177f20df51c7

SHA256
ab6195bf816d4686f1070561fc59a79cf72e057b75ea74bcb3b24a8e8d2b7289

SHA512
f278221ddfa1e2224e79e85514b85b9a970818529c991e65840c32206118ba803eec18107aeaf088b7560cbb15eb2f6e363adddbd7d0348ba0bdf77ecd1e1046

Download Submit
C:\Windows\system\wFpnQxi.exe

Filesize
6.0MB

MD5
30f902ba1df41cffdc8fe5aa7d4c0145

SHA1
4da19498c22dac89ea73b43173cc974a54052d35

SHA256
4596a288e0216bb63b307f9284a7ae175e9909b2cff5bc895de46fc3ea0537ba

SHA512
b1f5c50a23b2f735560438a0559a039a306e317367afdbc49fcdace4301567d971f757f914d45e996328f6b15ca616a80701305352f7e69ef33aad7ef90732ed

Download Submit
\Windows\system\GlTbJze.exe

Filesize
6.0MB

MD5
491dcbd624976b8d7e4b55b7963214af

SHA1
74f28843a6634d01da72f6f96607d0d1e5fcb76d

SHA256
3c2f099b5b5f66f0ee78863ec2b72349061075913e7f6e65142804ba2a91722f

SHA512
8b8a6e2ea797c09b569e25c710ddd056c015b31a3bf4be685aeb328d0d99a447c18bf3ac84548d4836d468dbdf88cf37987a6798f9f4d8d691f0b5a15ee72984

Download Submit
\Windows\system\ICeVadR.exe

Filesize
6.0MB

MD5
846d11a186675cd434d3e210e9c9fa62

SHA1
12f17876025faf918414e0e576d308fde5859d70

SHA256
e4b8b63ccdb8096d228c3d4afb38e7e628247c18bd5dade6791f7c3e1893cc45

SHA512
18fadb426f841219080b12f7741743eb667e5d1622db7a24e9c4ccdc66fbd36cfd6ac65f5b71776f210220330498d045bd5b3db6b7f3754765c615c2ee064a89

Download Submit
\Windows\system\MwZKbeN.exe

Filesize
6.0MB

MD5
47420ff174b87a649e1920ab42ee4a46

SHA1
aeffa446b2d8de6974d651137749bbca4057659a

SHA256
9552d3370293f01a99a3932b109c9994b097ae236261530c569402062f741845

SHA512
13a284a70c0c51adeb7867445ceb4ca8d8caa04dbb1f9b7a59d5b1e0180ba2a65a5d7fbb2156fc4fb1c41a711b918cd2c1f778f04443330d38e191c992c4972f

Download Submit
\Windows\system\QcujftT.exe

Filesize
6.0MB

MD5
4ec8c2661dac1af6305ac73dc175c194

SHA1
6e00fb494b70b670b204f7ba7a6a35371cdf700b

SHA256
ca55e7bb5cd0f451a5c1437101639a5c6a21c97c9bbe8c9f20b79fc43b299d40

SHA512
c13deee10caf5c1560f91c62ce6d4e493d96dda5add3acef03f46480ff3f8b165d5b9edeb722c3a80769374e8a851f4184b1909268c5ee72a9a2363ac8197a72

Download Submit
\Windows\system\RnlpLfi.exe

Filesize
6.0MB

MD5
81b50cb6d7c4d70a527bdeedde073ec6

SHA1
3b541a9219199633a0ff20485bde697601febc78

SHA256
70269220c0f48265ba8719ec3acdaf87474a6317ce55e0b50ae8532973576be5

SHA512
09ec0354ae2fd2efd68879eff0495898c26bc5ef404e2b7f846d11176d6bbb0ad2c6ab2c77ade1b41195ed11b1a571b4d9c5b01533d8fe48fce46af709a55797

Download Submit
\Windows\system\TXfyIwW.exe

Filesize
6.0MB

MD5
609eaabc2e8e485aee91a4a3c19a0385

SHA1
2864851b9de5b79f1253f1160d880242b731c43a

SHA256
b584f55d5ee7b7ec7857bdd43cc2b627356aa34c331fb0de10b64b46e26f1939

SHA512
27619ae8bd0310d5ff0bb6d81b4ca4471288d80d963ecf1187d3f3cd519682c9c6df23b314bf6f6a76fed8a5bb215cde39725fda8f2b70c08153b0928b035261

Download Submit
\Windows\system\XKpBntQ.exe

Filesize
6.0MB

MD5
7b552e8e73267bad2559aee209a7e8ba

SHA1
20dd291067c2daaa8aac7a1ab8e98503200b06a6

SHA256
496598ecac39eac8a3025ab921f3422e33a6fd66674ef2eb70c3d6bd1762acdf

SHA512
8e1e82fd9a11288281aff2adbe24dc7f7dbc8c0d050f8ca45452fb481d3a0093283209409046febd779da47553d95f746a389f938f79b5a07c1156faff1cf245

Download Submit
\Windows\system\dmNtIUI.exe

Filesize
6.0MB

MD5
56909add6b99309951576a7a9569f907

SHA1
003e99a5d48edb6cdbe33b055a3bccd94f35584e

SHA256
95f440952da431455a6de74053a85e1041f22c3eed4a54ff3af772f4139a4150

SHA512
3b968b2dfff668623bcbfd483f8122046c924fa9471c00b96c29b0dca1f99475f513b401986ef7948d0868f9dfef3b5acf9ded9c0c9f507c802c39fa417deade

Download Submit
\Windows\system\gKkYfqW.exe

Filesize
6.0MB

MD5
f325133bb268312e42509c2929489150

SHA1
9a3a6782341aa209a369a38462d165eb556c210a

SHA256
5450096b009fdbc266ef5df3965bc3a16972c59caebd058a501e6ce68293be75

SHA512
5757b57b7f28ae727f1be844848731c8a9d132ab21dd8802d11c3b417205bec5d60fb8632f220b87a1537d48965e16497f602d817e5ce226b2307d3bfdca3819

Download Submit
\Windows\system\ghmGloo.exe

Filesize
6.0MB

MD5
64d0f127f026e9235616c61afd76b31c

SHA1
c9ed55887579ec989d425eab64efac1340f601eb

SHA256
468009de64c033e8b95f096af773b0881a3dd03fbc520d42ee7bc7c5a458a428

SHA512
256f272b9055a7d8466a2a891fde72aac4093fbf428bc5fc9d27700dd1fedbadac319266e472651255fa91330abf0b1fa0694d177df1e319838750a6424e9da4

Download Submit
\Windows\system\inwsqdg.exe

Filesize
6.0MB

MD5
dc1a1c94d706b88bd1dcd1b25bcab186

SHA1
a7e2f324ec2d1491954a9f2ca2f43a32656ba4dd

SHA256
b5c7be14651ebe6993aa269471c97288115716ba98ce01b544eab0f431e73316

SHA512
fc03d6d2bdb0f18e117b46e08d61e94fec3bf0d9195ecd0a02d1acd7bbc6524a74813ca185f4fa257dc64184bab3225d4484cc68dff5200a5ea3b3dc3447d7c5

Download Submit
\Windows\system\jGGxRcM.exe

Filesize
6.0MB

MD5
9b57e820bf8672e620e559a0e919d8b2

SHA1
c4fbad83ab39eda98425e1fd9c4a1564b6a7198f

SHA256
cc3bce00b1388c79608f5c749fc8bd86b2fe91c8a340304bf1e3fae2c2a1ea57

SHA512
b7792c118626e629e618b02255985665877594ee6133457fc2ce8f421ce205a703aea523afbd4c0630e1f56279b9182a1b8b3378c886e2fc778e331a14b88674

Download Submit
\Windows\system\lZLgIHw.exe

Filesize
6.0MB

MD5
148fe7cb59ca9df98247a872e981d689

SHA1
fd27cbe9c451c3d44d39a5ac7628df75256a8c3b

SHA256
809fb1734f925598f4a3688e50886e0e3a7f46127a0aaeda4865c13c221b48a3

SHA512
b88b50be330c7ef6319582b385cbb18a890d0b46427ed2620459d976b2be8071df2a1974f61568c47eb802889c142dceb48a76235374daf84635c0e9dc9872e7

Download Submit
\Windows\system\pBeViCY.exe

Filesize
6.0MB

MD5
645179e5f747e122b607ff1f689ee445

SHA1
afc24f25951587b53120fd96d473a51552c8271a

SHA256
e6fd7472c37ac0a7d892705f3c43021e07fa653c15c93d020b1b208028ffe009

SHA512
2e284059531ed1d7bd986bf8145453df6c6bceefce6c15ffb2107344316a93d88a0084874c7c14a1329de14de3b1e097deeed10a55638dee0e909ae528e3e2f9

Download Submit
\Windows\system\soPrXOD.exe

Filesize
6.0MB

MD5
070beca3156b72100b0658c98e3577a8

SHA1
e6e01efc2eaa9b7978df32660c16a75a78358882

SHA256
9c9969f9180da65141049d6522b3678b6422fb2aab4ca9d944ec23ca3a3e57e5

SHA512
53d16db55b5715ce1bb3212afd608a2060cf38073e5bcaf08e7c31730f641f39d8d77b5c298d44f2906725067e8ff9518fdce08daa2092ab94a6436a34ca4f46

Download Submit
\Windows\system\uqCxghw.exe

Filesize
6.0MB

MD5
0de8fd1ad62e77b6626c8b2609b4684d

SHA1
f92ab0f3572e788a15ee424ce8b7e7e36ab219b0

SHA256
bfc76ef7bcaab6c65ee772ebc88c7d612ed2e5f186721807d549bca4ba53a382

SHA512
0f75a241a14bf16094efcc76a73ba3030fa147fd17dcba924cb6b483dd8b6a86692e54a5574efc858b66f6d8e781dc686404c62f7bd3791c03ec13d9d36b7237

Download Submit
\Windows\system\yKwoPRd.exe

Filesize
6.0MB

MD5
7d9e1c2fdd77fda630fcf8ce72e6ee43

SHA1
3616b98223790e9eae9d15f62b9b420fab1fd7db

SHA256
d6698190806a531099513ba667c5041258b55de66336c1100b61898af14eda63

SHA512
9655d706b8912c02f53a2db8ba53312f21ea6a67a1fcda17abc72f1576c76b4d5ad10afd325f30c34c595dc788647c30f33d50ca6763f3bab63716369326b6a1

Download Submit
memory/320-4111-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/320-171-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/948-4110-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/948-78-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/1376-4109-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1376-68-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1632-4108-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1632-64-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/1644-63-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-979-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1644-4076-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2136-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2136-900-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2136-980-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2136-67-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2136-173-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2136-1202-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2136-69-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-170-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2136-150-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2136-1204-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-1203-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2136-180-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2136-80-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2136-1091-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2136-120-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2136-0-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2136-185-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2136-110-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-194-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-71-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2136-65-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2136-142-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-4107-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-191-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-66-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2460-4081-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2472-70-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2472-4083-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-4104-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2784-134-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2804-4106-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-162-0x000000013FE60000-0x00000001401B4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4105-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2844-97-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2856-112-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-4112-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4113-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-146-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download