cobaltstrike | fe26f0dd1b7715d7fe436dbef3d8d28ada61cf8e2a1f3805038e6ba1d1aaa34e

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ec5c693341cb4d20325161ed34bfab2c
SHA1

574fb0203fb38e7cbe8f819c2dafa7e6f34a4ab7
SHA256

fe26f0dd1b7715d7fe436dbef3d8d28ada61cf8e2a1f3805038e6ba1d1aaa34e
SHA512

0c275e19da01715515ec34ec5d86aa00c361c796a91b8742c0bf4b46aed95931919e19999be41fe8563f33d024a8df0364c628fda0a741de20ea534204119cc0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUs:T+q56utgpPF8u/7s

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b00000001225c-6.dat	cobalt_reflective_dll
behavioral1/files/0x001200000001626d-9.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001660b-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ace-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c1a-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c23-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c10-34.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fc9-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019480-72.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-144.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-200.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-194.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-190.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-184.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-81.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-67.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2128-0-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x000b00000001225c-6.dat	xmrig
behavioral1/files/0x001200000001626d-9.dat	xmrig
behavioral1/memory/2844-14-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2872-23-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x000900000001660b-12.dat	xmrig
behavioral1/files/0x0008000000016ace-27.dat	xmrig
behavioral1/files/0x0007000000016c1a-37.dat	xmrig
behavioral1/memory/2856-48-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/3048-40-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2128-45-0x00000000022D0000-0x0000000002624000-memory.dmp	xmrig
behavioral1/memory/2876-29-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2128-43-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2128-42-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c23-41.dat	xmrig
behavioral1/files/0x0007000000016c10-34.dat	xmrig
behavioral1/memory/2340-15-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2872-50-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/memory/2876-51-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0008000000016fc9-61.dat	xmrig
behavioral1/files/0x0006000000019480-72.dat	xmrig
behavioral1/memory/2700-73-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2020-86-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/1612-99-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a3-102.dat	xmrig
behavioral1/files/0x000500000001950f-124.dat	xmrig
behavioral1/files/0x0005000000019547-134.dat	xmrig
behavioral1/files/0x000500000001957c-139.dat	xmrig
behavioral1/files/0x00050000000195a7-144.dat	xmrig
behavioral1/files/0x00050000000195a9-150.dat	xmrig
behavioral1/files/0x00050000000195c1-200.dat	xmrig
behavioral1/files/0x00050000000195bd-194.dat	xmrig
behavioral1/files/0x00050000000195bb-190.dat	xmrig
behavioral1/memory/2596-203-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b7-184.dat	xmrig
behavioral1/files/0x00050000000195b5-180.dat	xmrig
behavioral1/memory/2956-228-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2844-624-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2876-626-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/3048-627-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2856-628-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2872-625-0x000000013F8D0000-0x000000013FC24000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b3-174.dat	xmrig
behavioral1/files/0x00050000000195b1-170.dat	xmrig
behavioral1/files/0x00050000000195af-164.dat	xmrig
behavioral1/files/0x00050000000195ad-160.dat	xmrig
behavioral1/files/0x00050000000195ab-154.dat	xmrig
behavioral1/files/0x0005000000019515-129.dat	xmrig
behavioral1/files/0x00050000000194ef-120.dat	xmrig
behavioral1/memory/2712-115-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2700-107-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2676-105-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2956-104-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194eb-113.dat	xmrig
behavioral1/memory/2596-91-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000500000001948c-89.dat	xmrig
behavioral1/files/0x0005000000019490-95.dat	xmrig
behavioral1/memory/2824-78-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2712-75-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019489-81.dat	xmrig
behavioral1/files/0x0002000000018334-67.dat	xmrig
behavioral1/memory/2128-66-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2676-57-0x000000013F300000-0x000000013F654000-memory.dmp	xmrig
behavioral1/memory/2340-630-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2844	Vxiagwq.exe
2340	VhoNvQL.exe
2872	kfwwzTC.exe
2876	dSmnfpN.exe
3048	rxzlZyI.exe
2856	rXeFzdb.exe
2676	itdUYKe.exe
2700	JoxPmxB.exe
2824	sYsQXAC.exe
2712	pTnkrWr.exe
2020	CmPDhLP.exe
2596	chZMmZE.exe
1612	uPGfDYY.exe
2956	xyQkAuj.exe
2164	wlEjBcV.exe
992	PpGRlMG.exe
2568	jjDAqXV.exe
2236	REtpnLd.exe
2720	RjBbOtD.exe
428	uGmDVMB.exe
912	crstFuE.exe
2420	gKmzeLS.exe
2160	WekiLyh.exe
2428	VKgYwHK.exe
2032	kCNEQvP.exe
2468	rVmMwZF.exe
2148	dNTHIDo.exe
2436	gHPImHZ.exe
2976	IctwZua.exe
1652	vMyJeiJ.exe
1904	nomkweB.exe
2604	NGwzOsK.exe
1096	DeHTPkl.exe
2096	jITskLb.exe
2484	jMuIGCs.exe
1796	HqaLIwH.exe
540	EwmcINY.exe
1164	AUYMysk.exe
1860	zEDZIJu.exe
2188	DzAwWkV.exe
744	GKwJWSL.exe
2304	alEnTiD.exe
2180	ZoRbSBt.exe
2256	imNFJCI.exe
544	MtIfcrI.exe
1708	xozZowA.exe
1632	RILwKgf.exe
1480	SLNDJei.exe
860	yOnLorQ.exe
2036	RCZxBag.exe
2736	QoMWUtf.exe
1596	pktQXVV.exe
2884	XjkdTMn.exe
3036	pMyaKnb.exe
1856	YSxAbRm.exe
2808	hKkioQo.exe
1760	NEMjwYe.exe
2136	prLvVFo.exe
2456	ykzNRQn.exe
2852	QtoLUda.exe
1808	PsnVFbZ.exe
392	tLwUJFs.exe
3032	ABRMHRT.exe
3064	EOVBtcX.exe

Loads dropped DLL 64 IoCs

pid	Process
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2128-0-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x000b00000001225c-6.dat	upx
behavioral1/files/0x001200000001626d-9.dat	upx
behavioral1/memory/2844-14-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2872-23-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x000900000001660b-12.dat	upx
behavioral1/files/0x0008000000016ace-27.dat	upx
behavioral1/files/0x0007000000016c1a-37.dat	upx
behavioral1/memory/2856-48-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/3048-40-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2876-29-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2128-42-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x0007000000016c23-41.dat	upx
behavioral1/files/0x0007000000016c10-34.dat	upx
behavioral1/memory/2340-15-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2872-50-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/memory/2876-51-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0008000000016fc9-61.dat	upx
behavioral1/files/0x0006000000019480-72.dat	upx
behavioral1/memory/2700-73-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2020-86-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/1612-99-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x00050000000194a3-102.dat	upx
behavioral1/files/0x000500000001950f-124.dat	upx
behavioral1/files/0x0005000000019547-134.dat	upx
behavioral1/files/0x000500000001957c-139.dat	upx
behavioral1/files/0x00050000000195a7-144.dat	upx
behavioral1/files/0x00050000000195a9-150.dat	upx
behavioral1/files/0x00050000000195c1-200.dat	upx
behavioral1/files/0x00050000000195bd-194.dat	upx
behavioral1/files/0x00050000000195bb-190.dat	upx
behavioral1/memory/2596-203-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x00050000000195b7-184.dat	upx
behavioral1/files/0x00050000000195b5-180.dat	upx
behavioral1/memory/2956-228-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2844-624-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2876-626-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/3048-627-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2856-628-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2872-625-0x000000013F8D0000-0x000000013FC24000-memory.dmp	upx
behavioral1/files/0x00050000000195b3-174.dat	upx
behavioral1/files/0x00050000000195b1-170.dat	upx
behavioral1/files/0x00050000000195af-164.dat	upx
behavioral1/files/0x00050000000195ad-160.dat	upx
behavioral1/files/0x00050000000195ab-154.dat	upx
behavioral1/files/0x0005000000019515-129.dat	upx
behavioral1/files/0x00050000000194ef-120.dat	upx
behavioral1/memory/2712-115-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2700-107-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2676-105-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2956-104-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x00050000000194eb-113.dat	upx
behavioral1/memory/2596-91-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000500000001948c-89.dat	upx
behavioral1/files/0x0005000000019490-95.dat	upx
behavioral1/memory/2824-78-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2712-75-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0005000000019489-81.dat	upx
behavioral1/files/0x0002000000018334-67.dat	upx
behavioral1/memory/2676-57-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2340-630-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2676-667-0x000000013F300000-0x000000013F654000-memory.dmp	upx
behavioral1/memory/2824-670-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2020-678-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\LwLZVKI.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UrzjQUK.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWarIuR.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvVdjNC.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\POSDMkR.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFetzrZ.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecZWIMr.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SldtLrO.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihEcVsH.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cTUFcsU.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UMpbrEC.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nymQZEd.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SmyFANR.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqAtxZs.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxFEZSR.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTVJsRb.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VoRVxmX.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YBHpxHg.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHRjMPT.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icaUOpj.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SvBJwdk.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhsJofa.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khDwGTl.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bldqrEA.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozvHANE.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiWVMcK.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWtEwhr.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbqyANT.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQOgLKo.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQQGUHU.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHKNEnA.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhoNvQL.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYCJcFL.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDuflbS.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaOVvvu.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOqmCYh.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qRAaTZd.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OiVSddf.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MBflltq.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAgCnHn.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UjQlYTM.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TGITQHl.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFFuOye.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YJPIxFx.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\grWqNyi.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TKiyaNl.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqlZvnx.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ozhpuiq.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbDTLbb.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QdRwqjp.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPsLOYQ.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLtXrea.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQENgMl.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdrdAYm.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlYicsD.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDxdfrR.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSIevlV.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkgioEb.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yEiFYOT.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWdJfMo.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXdcezV.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqURWqA.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOvTwfh.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irtmVKf.exe	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2844	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2128 wrote to memory of 2844	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2128 wrote to memory of 2844	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2128 wrote to memory of 2340	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2128 wrote to memory of 2340	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2128 wrote to memory of 2340	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2128 wrote to memory of 2872	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2128 wrote to memory of 2872	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2128 wrote to memory of 2872	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2128 wrote to memory of 2876	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2128 wrote to memory of 2876	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2128 wrote to memory of 2876	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2128 wrote to memory of 3048	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2128 wrote to memory of 3048	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2128 wrote to memory of 3048	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2128 wrote to memory of 2856	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2128 wrote to memory of 2856	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2128 wrote to memory of 2856	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2128 wrote to memory of 2676	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2128 wrote to memory of 2676	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2128 wrote to memory of 2676	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2128 wrote to memory of 2700	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2128 wrote to memory of 2700	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2128 wrote to memory of 2700	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2128 wrote to memory of 2824	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2128 wrote to memory of 2824	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2128 wrote to memory of 2824	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2128 wrote to memory of 2712	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2128 wrote to memory of 2712	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2128 wrote to memory of 2712	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2128 wrote to memory of 2020	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2128 wrote to memory of 2020	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2128 wrote to memory of 2020	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2128 wrote to memory of 2596	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2128 wrote to memory of 2596	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2128 wrote to memory of 2596	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2128 wrote to memory of 1612	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2128 wrote to memory of 1612	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2128 wrote to memory of 1612	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2128 wrote to memory of 2956	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2128 wrote to memory of 2956	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2128 wrote to memory of 2956	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2128 wrote to memory of 2164	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2128 wrote to memory of 2164	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2128 wrote to memory of 2164	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2128 wrote to memory of 992	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2128 wrote to memory of 992	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2128 wrote to memory of 992	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2128 wrote to memory of 2568	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2128 wrote to memory of 2568	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2128 wrote to memory of 2568	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2128 wrote to memory of 2236	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2128 wrote to memory of 2236	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2128 wrote to memory of 2236	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2128 wrote to memory of 2720	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2128 wrote to memory of 2720	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2128 wrote to memory of 2720	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2128 wrote to memory of 428	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2128 wrote to memory of 428	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2128 wrote to memory of 428	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2128 wrote to memory of 912	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2128 wrote to memory of 912	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2128 wrote to memory of 912	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2128 wrote to memory of 2420	2128	2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_ec5c693341cb4d20325161ed34bfab2c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\System\Vxiagwq.exe
  C:\Windows\System\Vxiagwq.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\VhoNvQL.exe
  C:\Windows\System\VhoNvQL.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\kfwwzTC.exe
  C:\Windows\System\kfwwzTC.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\dSmnfpN.exe
  C:\Windows\System\dSmnfpN.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\rxzlZyI.exe
  C:\Windows\System\rxzlZyI.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\rXeFzdb.exe
  C:\Windows\System\rXeFzdb.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\itdUYKe.exe
  C:\Windows\System\itdUYKe.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\JoxPmxB.exe
  C:\Windows\System\JoxPmxB.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\sYsQXAC.exe
  C:\Windows\System\sYsQXAC.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\pTnkrWr.exe
  C:\Windows\System\pTnkrWr.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\CmPDhLP.exe
  C:\Windows\System\CmPDhLP.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\chZMmZE.exe
  C:\Windows\System\chZMmZE.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\uPGfDYY.exe
  C:\Windows\System\uPGfDYY.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\xyQkAuj.exe
  C:\Windows\System\xyQkAuj.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\wlEjBcV.exe
  C:\Windows\System\wlEjBcV.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\PpGRlMG.exe
  C:\Windows\System\PpGRlMG.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\jjDAqXV.exe
  C:\Windows\System\jjDAqXV.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\REtpnLd.exe
  C:\Windows\System\REtpnLd.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\RjBbOtD.exe
  C:\Windows\System\RjBbOtD.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\uGmDVMB.exe
  C:\Windows\System\uGmDVMB.exe
  2⤵
  - Executes dropped EXE
  PID:428
- C:\Windows\System\crstFuE.exe
  C:\Windows\System\crstFuE.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\gKmzeLS.exe
  C:\Windows\System\gKmzeLS.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\WekiLyh.exe
  C:\Windows\System\WekiLyh.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\VKgYwHK.exe
  C:\Windows\System\VKgYwHK.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\kCNEQvP.exe
  C:\Windows\System\kCNEQvP.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\rVmMwZF.exe
  C:\Windows\System\rVmMwZF.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\dNTHIDo.exe
  C:\Windows\System\dNTHIDo.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\gHPImHZ.exe
  C:\Windows\System\gHPImHZ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\IctwZua.exe
  C:\Windows\System\IctwZua.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\vMyJeiJ.exe
  C:\Windows\System\vMyJeiJ.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\nomkweB.exe
  C:\Windows\System\nomkweB.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\NGwzOsK.exe
  C:\Windows\System\NGwzOsK.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\DeHTPkl.exe
  C:\Windows\System\DeHTPkl.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\jITskLb.exe
  C:\Windows\System\jITskLb.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\jMuIGCs.exe
  C:\Windows\System\jMuIGCs.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\HqaLIwH.exe
  C:\Windows\System\HqaLIwH.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\EwmcINY.exe
  C:\Windows\System\EwmcINY.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\AUYMysk.exe
  C:\Windows\System\AUYMysk.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\zEDZIJu.exe
  C:\Windows\System\zEDZIJu.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\GKwJWSL.exe
  C:\Windows\System\GKwJWSL.exe
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Windows\System\DzAwWkV.exe
  C:\Windows\System\DzAwWkV.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\imNFJCI.exe
  C:\Windows\System\imNFJCI.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\alEnTiD.exe
  C:\Windows\System\alEnTiD.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\MtIfcrI.exe
  C:\Windows\System\MtIfcrI.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\ZoRbSBt.exe
  C:\Windows\System\ZoRbSBt.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\xozZowA.exe
  C:\Windows\System\xozZowA.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\RILwKgf.exe
  C:\Windows\System\RILwKgf.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\SLNDJei.exe
  C:\Windows\System\SLNDJei.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\yOnLorQ.exe
  C:\Windows\System\yOnLorQ.exe
  2⤵
  - Executes dropped EXE
  PID:860
- C:\Windows\System\RCZxBag.exe
  C:\Windows\System\RCZxBag.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\QoMWUtf.exe
  C:\Windows\System\QoMWUtf.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\pMyaKnb.exe
  C:\Windows\System\pMyaKnb.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\pktQXVV.exe
  C:\Windows\System\pktQXVV.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\NEMjwYe.exe
  C:\Windows\System\NEMjwYe.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\XjkdTMn.exe
  C:\Windows\System\XjkdTMn.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\prLvVFo.exe
  C:\Windows\System\prLvVFo.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\YSxAbRm.exe
  C:\Windows\System\YSxAbRm.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\EOVBtcX.exe
  C:\Windows\System\EOVBtcX.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\hKkioQo.exe
  C:\Windows\System\hKkioQo.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\izhUlLK.exe
  C:\Windows\System\izhUlLK.exe
  2⤵
  PID:2864
- C:\Windows\System\ykzNRQn.exe
  C:\Windows\System\ykzNRQn.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\SMXwAPp.exe
  C:\Windows\System\SMXwAPp.exe
  2⤵
  PID:2792
- C:\Windows\System\QtoLUda.exe
  C:\Windows\System\QtoLUda.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\JqAtxZs.exe
  C:\Windows\System\JqAtxZs.exe
  2⤵
  PID:2784
- C:\Windows\System\PsnVFbZ.exe
  C:\Windows\System\PsnVFbZ.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\TBXexDj.exe
  C:\Windows\System\TBXexDj.exe
  2⤵
  PID:1032
- C:\Windows\System\tLwUJFs.exe
  C:\Windows\System\tLwUJFs.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\rlCnkSW.exe
  C:\Windows\System\rlCnkSW.exe
  2⤵
  PID:2364
- C:\Windows\System\ABRMHRT.exe
  C:\Windows\System\ABRMHRT.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\QBLfYdx.exe
  C:\Windows\System\QBLfYdx.exe
  2⤵
  PID:2460
- C:\Windows\System\vKEllxm.exe
  C:\Windows\System\vKEllxm.exe
  2⤵
  PID:1384
- C:\Windows\System\sRurkzg.exe
  C:\Windows\System\sRurkzg.exe
  2⤵
  PID:2144
- C:\Windows\System\dfxZVhl.exe
  C:\Windows\System\dfxZVhl.exe
  2⤵
  PID:2324
- C:\Windows\System\MlKzNEb.exe
  C:\Windows\System\MlKzNEb.exe
  2⤵
  PID:2416
- C:\Windows\System\siIkrYe.exe
  C:\Windows\System\siIkrYe.exe
  2⤵
  PID:2424
- C:\Windows\System\fwVGZCZ.exe
  C:\Windows\System\fwVGZCZ.exe
  2⤵
  PID:1608
- C:\Windows\System\QrgiYYb.exe
  C:\Windows\System\QrgiYYb.exe
  2⤵
  PID:2008
- C:\Windows\System\gbvzlqT.exe
  C:\Windows\System\gbvzlqT.exe
  2⤵
  PID:112
- C:\Windows\System\mVcwFWj.exe
  C:\Windows\System\mVcwFWj.exe
  2⤵
  PID:1584
- C:\Windows\System\ixyJxyI.exe
  C:\Windows\System\ixyJxyI.exe
  2⤵
  PID:2724
- C:\Windows\System\JfeYkvm.exe
  C:\Windows\System\JfeYkvm.exe
  2⤵
  PID:1412
- C:\Windows\System\jUCyqIu.exe
  C:\Windows\System\jUCyqIu.exe
  2⤵
  PID:716
- C:\Windows\System\ssFNnMt.exe
  C:\Windows\System\ssFNnMt.exe
  2⤵
  PID:372
- C:\Windows\System\mIsjgGU.exe
  C:\Windows\System\mIsjgGU.exe
  2⤵
  PID:2520
- C:\Windows\System\rNDvDCH.exe
  C:\Windows\System\rNDvDCH.exe
  2⤵
  PID:2264
- C:\Windows\System\gtERnyh.exe
  C:\Windows\System\gtERnyh.exe
  2⤵
  PID:2060
- C:\Windows\System\LZchwBX.exe
  C:\Windows\System\LZchwBX.exe
  2⤵
  PID:1672
- C:\Windows\System\sDTsevK.exe
  C:\Windows\System\sDTsevK.exe
  2⤵
  PID:2112
- C:\Windows\System\ZQcjwps.exe
  C:\Windows\System\ZQcjwps.exe
  2⤵
  PID:2532
- C:\Windows\System\vYbzgOc.exe
  C:\Windows\System\vYbzgOc.exe
  2⤵
  PID:2928
- C:\Windows\System\NqKBInu.exe
  C:\Windows\System\NqKBInu.exe
  2⤵
  PID:2916
- C:\Windows\System\MMRlXNV.exe
  C:\Windows\System\MMRlXNV.exe
  2⤵
  PID:928
- C:\Windows\System\uwgCPMD.exe
  C:\Windows\System\uwgCPMD.exe
  2⤵
  PID:2760
- C:\Windows\System\SHjOYPI.exe
  C:\Windows\System\SHjOYPI.exe
  2⤵
  PID:1072
- C:\Windows\System\MxTWwLY.exe
  C:\Windows\System\MxTWwLY.exe
  2⤵
  PID:1592
- C:\Windows\System\sNcgaPd.exe
  C:\Windows\System\sNcgaPd.exe
  2⤵
  PID:2152
- C:\Windows\System\qRAaTZd.exe
  C:\Windows\System\qRAaTZd.exe
  2⤵
  PID:1560
- C:\Windows\System\TWgGqMo.exe
  C:\Windows\System\TWgGqMo.exe
  2⤵
  PID:1488
- C:\Windows\System\uInWnyY.exe
  C:\Windows\System\uInWnyY.exe
  2⤵
  PID:2084
- C:\Windows\System\zhOAXSg.exe
  C:\Windows\System\zhOAXSg.exe
  2⤵
  PID:2400
- C:\Windows\System\tQnOEUK.exe
  C:\Windows\System\tQnOEUK.exe
  2⤵
  PID:1132
- C:\Windows\System\OiVSddf.exe
  C:\Windows\System\OiVSddf.exe
  2⤵
  PID:2836
- C:\Windows\System\QwsEpCV.exe
  C:\Windows\System\QwsEpCV.exe
  2⤵
  PID:1148
- C:\Windows\System\AdOynPj.exe
  C:\Windows\System\AdOynPj.exe
  2⤵
  PID:660
- C:\Windows\System\jITwhdL.exe
  C:\Windows\System\jITwhdL.exe
  2⤵
  PID:2100
- C:\Windows\System\VLDYIQL.exe
  C:\Windows\System\VLDYIQL.exe
  2⤵
  PID:868
- C:\Windows\System\lVLojHR.exe
  C:\Windows\System\lVLojHR.exe
  2⤵
  PID:1740
- C:\Windows\System\DqWIgLo.exe
  C:\Windows\System\DqWIgLo.exe
  2⤵
  PID:2124
- C:\Windows\System\ttTgyvG.exe
  C:\Windows\System\ttTgyvG.exe
  2⤵
  PID:2396
- C:\Windows\System\qfjOiDr.exe
  C:\Windows\System\qfjOiDr.exe
  2⤵
  PID:1884
- C:\Windows\System\bXzWcHp.exe
  C:\Windows\System\bXzWcHp.exe
  2⤵
  PID:1804
- C:\Windows\System\CTYKPRw.exe
  C:\Windows\System\CTYKPRw.exe
  2⤵
  PID:2940
- C:\Windows\System\cCaQEXe.exe
  C:\Windows\System\cCaQEXe.exe
  2⤵
  PID:1056
- C:\Windows\System\KzassGL.exe
  C:\Windows\System\KzassGL.exe
  2⤵
  PID:1568
- C:\Windows\System\ouwlzKO.exe
  C:\Windows\System\ouwlzKO.exe
  2⤵
  PID:2764
- C:\Windows\System\jqdujGM.exe
  C:\Windows\System\jqdujGM.exe
  2⤵
  PID:1328
- C:\Windows\System\BuCVqZE.exe
  C:\Windows\System\BuCVqZE.exe
  2⤵
  PID:1548
- C:\Windows\System\fHaWXlW.exe
  C:\Windows\System\fHaWXlW.exe
  2⤵
  PID:3012
- C:\Windows\System\IwurOmc.exe
  C:\Windows\System\IwurOmc.exe
  2⤵
  PID:460
- C:\Windows\System\PdHYzba.exe
  C:\Windows\System\PdHYzba.exe
  2⤵
  PID:1360
- C:\Windows\System\kBOavyG.exe
  C:\Windows\System\kBOavyG.exe
  2⤵
  PID:2960
- C:\Windows\System\JbhAVBh.exe
  C:\Windows\System\JbhAVBh.exe
  2⤵
  PID:2812
- C:\Windows\System\BKGIxYW.exe
  C:\Windows\System\BKGIxYW.exe
  2⤵
  PID:996
- C:\Windows\System\lSWLNAt.exe
  C:\Windows\System\lSWLNAt.exe
  2⤵
  PID:2300
- C:\Windows\System\mITxfwJ.exe
  C:\Windows\System\mITxfwJ.exe
  2⤵
  PID:1376
- C:\Windows\System\ABlfSLS.exe
  C:\Windows\System\ABlfSLS.exe
  2⤵
  PID:2948
- C:\Windows\System\vpRmCId.exe
  C:\Windows\System\vpRmCId.exe
  2⤵
  PID:3076
- C:\Windows\System\hkQuiVT.exe
  C:\Windows\System\hkQuiVT.exe
  2⤵
  PID:3096
- C:\Windows\System\fvVdjNC.exe
  C:\Windows\System\fvVdjNC.exe
  2⤵
  PID:3116
- C:\Windows\System\iUpWzmi.exe
  C:\Windows\System\iUpWzmi.exe
  2⤵
  PID:3136
- C:\Windows\System\SgKTlgh.exe
  C:\Windows\System\SgKTlgh.exe
  2⤵
  PID:3156
- C:\Windows\System\JlOpqEv.exe
  C:\Windows\System\JlOpqEv.exe
  2⤵
  PID:3196
- C:\Windows\System\wvESLjZ.exe
  C:\Windows\System\wvESLjZ.exe
  2⤵
  PID:3216
- C:\Windows\System\LzLNWrl.exe
  C:\Windows\System\LzLNWrl.exe
  2⤵
  PID:3240
- C:\Windows\System\KEWzvRn.exe
  C:\Windows\System\KEWzvRn.exe
  2⤵
  PID:3256
- C:\Windows\System\cppmcpG.exe
  C:\Windows\System\cppmcpG.exe
  2⤵
  PID:3280
- C:\Windows\System\kauQNMd.exe
  C:\Windows\System\kauQNMd.exe
  2⤵
  PID:3300
- C:\Windows\System\fNGkFWq.exe
  C:\Windows\System\fNGkFWq.exe
  2⤵
  PID:3320
- C:\Windows\System\wJiJJad.exe
  C:\Windows\System\wJiJJad.exe
  2⤵
  PID:3340
- C:\Windows\System\kTRBdys.exe
  C:\Windows\System\kTRBdys.exe
  2⤵
  PID:3360
- C:\Windows\System\Olvccom.exe
  C:\Windows\System\Olvccom.exe
  2⤵
  PID:3380
- C:\Windows\System\YIFzLMJ.exe
  C:\Windows\System\YIFzLMJ.exe
  2⤵
  PID:3400
- C:\Windows\System\GgMOReV.exe
  C:\Windows\System\GgMOReV.exe
  2⤵
  PID:3420
- C:\Windows\System\yobzMhq.exe
  C:\Windows\System\yobzMhq.exe
  2⤵
  PID:3440
- C:\Windows\System\pzUqeEo.exe
  C:\Windows\System\pzUqeEo.exe
  2⤵
  PID:3456
- C:\Windows\System\iGlSUmD.exe
  C:\Windows\System\iGlSUmD.exe
  2⤵
  PID:3480
- C:\Windows\System\HEmaaHL.exe
  C:\Windows\System\HEmaaHL.exe
  2⤵
  PID:3500
- C:\Windows\System\FLnLkrl.exe
  C:\Windows\System\FLnLkrl.exe
  2⤵
  PID:3520
- C:\Windows\System\XuDYvSC.exe
  C:\Windows\System\XuDYvSC.exe
  2⤵
  PID:3540
- C:\Windows\System\LbZZFsy.exe
  C:\Windows\System\LbZZFsy.exe
  2⤵
  PID:3560
- C:\Windows\System\UwQZTmy.exe
  C:\Windows\System\UwQZTmy.exe
  2⤵
  PID:3580
- C:\Windows\System\oOznfsv.exe
  C:\Windows\System\oOznfsv.exe
  2⤵
  PID:3600
- C:\Windows\System\xZeEYkP.exe
  C:\Windows\System\xZeEYkP.exe
  2⤵
  PID:3616
- C:\Windows\System\YZeGKUO.exe
  C:\Windows\System\YZeGKUO.exe
  2⤵
  PID:3640
- C:\Windows\System\hJPqjjw.exe
  C:\Windows\System\hJPqjjw.exe
  2⤵
  PID:3660
- C:\Windows\System\KlrysuO.exe
  C:\Windows\System\KlrysuO.exe
  2⤵
  PID:3684
- C:\Windows\System\QeFoAuf.exe
  C:\Windows\System\QeFoAuf.exe
  2⤵
  PID:3704
- C:\Windows\System\EyfgfWo.exe
  C:\Windows\System\EyfgfWo.exe
  2⤵
  PID:3724
- C:\Windows\System\AOHZEHI.exe
  C:\Windows\System\AOHZEHI.exe
  2⤵
  PID:3744
- C:\Windows\System\HSeFFfY.exe
  C:\Windows\System\HSeFFfY.exe
  2⤵
  PID:3764
- C:\Windows\System\kUJPTYz.exe
  C:\Windows\System\kUJPTYz.exe
  2⤵
  PID:3784
- C:\Windows\System\ZBiMXBp.exe
  C:\Windows\System\ZBiMXBp.exe
  2⤵
  PID:3804
- C:\Windows\System\BTSLHjI.exe
  C:\Windows\System\BTSLHjI.exe
  2⤵
  PID:3824
- C:\Windows\System\FIhyDhD.exe
  C:\Windows\System\FIhyDhD.exe
  2⤵
  PID:3844
- C:\Windows\System\ahtQWfg.exe
  C:\Windows\System\ahtQWfg.exe
  2⤵
  PID:3864
- C:\Windows\System\jIZNtEz.exe
  C:\Windows\System\jIZNtEz.exe
  2⤵
  PID:3884
- C:\Windows\System\ffoQaVl.exe
  C:\Windows\System\ffoQaVl.exe
  2⤵
  PID:3904
- C:\Windows\System\ipqzTvk.exe
  C:\Windows\System\ipqzTvk.exe
  2⤵
  PID:3924
- C:\Windows\System\FRqRIvC.exe
  C:\Windows\System\FRqRIvC.exe
  2⤵
  PID:3944
- C:\Windows\System\quXhKSO.exe
  C:\Windows\System\quXhKSO.exe
  2⤵
  PID:3964
- C:\Windows\System\oeBYNgs.exe
  C:\Windows\System\oeBYNgs.exe
  2⤵
  PID:3984
- C:\Windows\System\LXQNgKO.exe
  C:\Windows\System\LXQNgKO.exe
  2⤵
  PID:4008
- C:\Windows\System\KEsDWNq.exe
  C:\Windows\System\KEsDWNq.exe
  2⤵
  PID:2404
- C:\Windows\System\eKARgxI.exe
  C:\Windows\System\eKARgxI.exe
  2⤵
  PID:2244
- C:\Windows\System\ZfeprwA.exe
  C:\Windows\System\ZfeprwA.exe
  2⤵
  PID:1772
- C:\Windows\System\rYIjvLt.exe
  C:\Windows\System\rYIjvLt.exe
  2⤵
  PID:2092
- C:\Windows\System\yOEuFhV.exe
  C:\Windows\System\yOEuFhV.exe
  2⤵
  PID:2900
- C:\Windows\System\IKOJKRW.exe
  C:\Windows\System\IKOJKRW.exe
  2⤵
  PID:3092
- C:\Windows\System\imKIKrm.exe
  C:\Windows\System\imKIKrm.exe
  2⤵
  PID:3128
- C:\Windows\System\jtfbtrS.exe
  C:\Windows\System\jtfbtrS.exe
  2⤵
  PID:3172
- C:\Windows\System\JmFmgBX.exe
  C:\Windows\System\JmFmgBX.exe
  2⤵
  PID:3144
- C:\Windows\System\jyjugbQ.exe
  C:\Windows\System\jyjugbQ.exe
  2⤵
  PID:552
- C:\Windows\System\nuABcCO.exe
  C:\Windows\System\nuABcCO.exe
  2⤵
  PID:3184
- C:\Windows\System\BtMIblI.exe
  C:\Windows\System\BtMIblI.exe
  2⤵
  PID:3228
- C:\Windows\System\bYuOvtU.exe
  C:\Windows\System\bYuOvtU.exe
  2⤵
  PID:3212
- C:\Windows\System\iXvmZOy.exe
  C:\Windows\System\iXvmZOy.exe
  2⤵
  PID:3352
- C:\Windows\System\yYCUxQr.exe
  C:\Windows\System\yYCUxQr.exe
  2⤵
  PID:3292
- C:\Windows\System\eNFjjvd.exe
  C:\Windows\System\eNFjjvd.exe
  2⤵
  PID:3372
- C:\Windows\System\znJcPsb.exe
  C:\Windows\System\znJcPsb.exe
  2⤵
  PID:3412
- C:\Windows\System\dWogylV.exe
  C:\Windows\System\dWogylV.exe
  2⤵
  PID:3464
- C:\Windows\System\cqtiJQm.exe
  C:\Windows\System\cqtiJQm.exe
  2⤵
  PID:3508
- C:\Windows\System\wJlWKZN.exe
  C:\Windows\System\wJlWKZN.exe
  2⤵
  PID:3492
- C:\Windows\System\OamyGBt.exe
  C:\Windows\System\OamyGBt.exe
  2⤵
  PID:3588
- C:\Windows\System\ilzFbqh.exe
  C:\Windows\System\ilzFbqh.exe
  2⤵
  PID:3568
- C:\Windows\System\nYGWAUf.exe
  C:\Windows\System\nYGWAUf.exe
  2⤵
  PID:3636
- C:\Windows\System\tUxLotT.exe
  C:\Windows\System\tUxLotT.exe
  2⤵
  PID:3668
- C:\Windows\System\mMpzaCP.exe
  C:\Windows\System\mMpzaCP.exe
  2⤵
  PID:3696
- C:\Windows\System\BpDVEfW.exe
  C:\Windows\System\BpDVEfW.exe
  2⤵
  PID:3732
- C:\Windows\System\JhsJofa.exe
  C:\Windows\System\JhsJofa.exe
  2⤵
  PID:3756
- C:\Windows\System\xWdJfMo.exe
  C:\Windows\System\xWdJfMo.exe
  2⤵
  PID:3776
- C:\Windows\System\yWGnYSk.exe
  C:\Windows\System\yWGnYSk.exe
  2⤵
  PID:3812
- C:\Windows\System\cTUFcsU.exe
  C:\Windows\System\cTUFcsU.exe
  2⤵
  PID:3852
- C:\Windows\System\DuzcgnP.exe
  C:\Windows\System\DuzcgnP.exe
  2⤵
  PID:3880
- C:\Windows\System\guNNmwo.exe
  C:\Windows\System\guNNmwo.exe
  2⤵
  PID:3912
- C:\Windows\System\RKoVDwY.exe
  C:\Windows\System\RKoVDwY.exe
  2⤵
  PID:3940
- C:\Windows\System\YJPIxFx.exe
  C:\Windows\System\YJPIxFx.exe
  2⤵
  PID:3980
- C:\Windows\System\twbNOge.exe
  C:\Windows\System\twbNOge.exe
  2⤵
  PID:4016
- C:\Windows\System\HgzIaAj.exe
  C:\Windows\System\HgzIaAj.exe
  2⤵
  PID:2560
- C:\Windows\System\ksiwBDI.exe
  C:\Windows\System\ksiwBDI.exe
  2⤵
  PID:2980
- C:\Windows\System\CHRBdfI.exe
  C:\Windows\System\CHRBdfI.exe
  2⤵
  PID:1316
- C:\Windows\System\ylpncig.exe
  C:\Windows\System\ylpncig.exe
  2⤵
  PID:2388
- C:\Windows\System\zZtRQVU.exe
  C:\Windows\System\zZtRQVU.exe
  2⤵
  PID:2920
- C:\Windows\System\EtMreup.exe
  C:\Windows\System\EtMreup.exe
  2⤵
  PID:1664
- C:\Windows\System\keqGMbt.exe
  C:\Windows\System\keqGMbt.exe
  2⤵
  PID:2328
- C:\Windows\System\jIcuGVY.exe
  C:\Windows\System\jIcuGVY.exe
  2⤵
  PID:2064
- C:\Windows\System\ZLZxrEr.exe
  C:\Windows\System\ZLZxrEr.exe
  2⤵
  PID:3020
- C:\Windows\System\LyVeBCo.exe
  C:\Windows\System\LyVeBCo.exe
  2⤵
  PID:1036
- C:\Windows\System\GIXvDtL.exe
  C:\Windows\System\GIXvDtL.exe
  2⤵
  PID:2464
- C:\Windows\System\POSDMkR.exe
  C:\Windows\System\POSDMkR.exe
  2⤵
  PID:2172
- C:\Windows\System\uqtNCMp.exe
  C:\Windows\System\uqtNCMp.exe
  2⤵
  PID:2492
- C:\Windows\System\PazBTkP.exe
  C:\Windows\System\PazBTkP.exe
  2⤵
  PID:2308
- C:\Windows\System\gFzzyfu.exe
  C:\Windows\System\gFzzyfu.exe
  2⤵
  PID:4076
- C:\Windows\System\zvzOhEF.exe
  C:\Windows\System\zvzOhEF.exe
  2⤵
  PID:2292
- C:\Windows\System\sRWReDW.exe
  C:\Windows\System\sRWReDW.exe
  2⤵
  PID:2716
- C:\Windows\System\kYCJcFL.exe
  C:\Windows\System\kYCJcFL.exe
  2⤵
  PID:2480
- C:\Windows\System\KfFZKPa.exe
  C:\Windows\System\KfFZKPa.exe
  2⤵
  PID:2068
- C:\Windows\System\lMmXJBb.exe
  C:\Windows\System\lMmXJBb.exe
  2⤵
  PID:2504
- C:\Windows\System\DEoRQvX.exe
  C:\Windows\System\DEoRQvX.exe
  2⤵
  PID:2132
- C:\Windows\System\bsxFSeW.exe
  C:\Windows\System\bsxFSeW.exe
  2⤵
  PID:3188
- C:\Windows\System\yOBdSRd.exe
  C:\Windows\System\yOBdSRd.exe
  2⤵
  PID:3268
- C:\Windows\System\szQOtXj.exe
  C:\Windows\System\szQOtXj.exe
  2⤵
  PID:3232
- C:\Windows\System\pQTjRgg.exe
  C:\Windows\System\pQTjRgg.exe
  2⤵
  PID:3388
- C:\Windows\System\CHgTgEn.exe
  C:\Windows\System\CHgTgEn.exe
  2⤵
  PID:3476
- C:\Windows\System\aMkhPBl.exe
  C:\Windows\System\aMkhPBl.exe
  2⤵
  PID:3408
- C:\Windows\System\ROoDqea.exe
  C:\Windows\System\ROoDqea.exe
  2⤵
  PID:3432
- C:\Windows\System\zoRIVvR.exe
  C:\Windows\System\zoRIVvR.exe
  2⤵
  PID:3572
- C:\Windows\System\buWiMga.exe
  C:\Windows\System\buWiMga.exe
  2⤵
  PID:3624
- C:\Windows\System\llwJupP.exe
  C:\Windows\System\llwJupP.exe
  2⤵
  PID:3672
- C:\Windows\System\dXdcezV.exe
  C:\Windows\System\dXdcezV.exe
  2⤵
  PID:3740
- C:\Windows\System\koLgqOC.exe
  C:\Windows\System\koLgqOC.exe
  2⤵
  PID:3780
- C:\Windows\System\eHeNieG.exe
  C:\Windows\System\eHeNieG.exe
  2⤵
  PID:3932
- C:\Windows\System\qsndlFF.exe
  C:\Windows\System\qsndlFF.exe
  2⤵
  PID:4000
- C:\Windows\System\csOaXgN.exe
  C:\Windows\System\csOaXgN.exe
  2⤵
  PID:3896
- C:\Windows\System\awIJgTZ.exe
  C:\Windows\System\awIJgTZ.exe
  2⤵
  PID:3972
- C:\Windows\System\uUVNgJV.exe
  C:\Windows\System\uUVNgJV.exe
  2⤵
  PID:2628
- C:\Windows\System\GtnMFsz.exe
  C:\Windows\System\GtnMFsz.exe
  2⤵
  PID:2004
- C:\Windows\System\WnapQwS.exe
  C:\Windows\System\WnapQwS.exe
  2⤵
  PID:1176
- C:\Windows\System\knOMGcm.exe
  C:\Windows\System\knOMGcm.exe
  2⤵
  PID:3000
- C:\Windows\System\dQaSZeP.exe
  C:\Windows\System\dQaSZeP.exe
  2⤵
  PID:900
- C:\Windows\System\cZmHnkY.exe
  C:\Windows\System\cZmHnkY.exe
  2⤵
  PID:948
- C:\Windows\System\bYXUAtl.exe
  C:\Windows\System\bYXUAtl.exe
  2⤵
  PID:3308
- C:\Windows\System\iIxIxYn.exe
  C:\Windows\System\iIxIxYn.exe
  2⤵
  PID:3296
- C:\Windows\System\sUAfqoN.exe
  C:\Windows\System\sUAfqoN.exe
  2⤵
  PID:2336
- C:\Windows\System\grWqNyi.exe
  C:\Windows\System\grWqNyi.exe
  2⤵
  PID:3548
- C:\Windows\System\QrZTMrh.exe
  C:\Windows\System\QrZTMrh.exe
  2⤵
  PID:1968
- C:\Windows\System\ljviZFP.exe
  C:\Windows\System\ljviZFP.exe
  2⤵
  PID:3612
- C:\Windows\System\khDwGTl.exe
  C:\Windows\System\khDwGTl.exe
  2⤵
  PID:3792
- C:\Windows\System\OEoDdBA.exe
  C:\Windows\System\OEoDdBA.exe
  2⤵
  PID:612
- C:\Windows\System\FyXHKPv.exe
  C:\Windows\System\FyXHKPv.exe
  2⤵
  PID:3276
- C:\Windows\System\DcHGDYE.exe
  C:\Windows\System\DcHGDYE.exe
  2⤵
  PID:2104
- C:\Windows\System\AnYYsBA.exe
  C:\Windows\System\AnYYsBA.exe
  2⤵
  PID:952
- C:\Windows\System\GHLizKt.exe
  C:\Windows\System\GHLizKt.exe
  2⤵
  PID:3452
- C:\Windows\System\SnmRTcq.exe
  C:\Windows\System\SnmRTcq.exe
  2⤵
  PID:3632
- C:\Windows\System\OuPuNaG.exe
  C:\Windows\System\OuPuNaG.exe
  2⤵
  PID:3760
- C:\Windows\System\SJiQpdb.exe
  C:\Windows\System\SJiQpdb.exe
  2⤵
  PID:3428
- C:\Windows\System\FwIpeTn.exe
  C:\Windows\System\FwIpeTn.exe
  2⤵
  PID:3892
- C:\Windows\System\kAdbvsp.exe
  C:\Windows\System\kAdbvsp.exe
  2⤵
  PID:840
- C:\Windows\System\DlNPDLW.exe
  C:\Windows\System\DlNPDLW.exe
  2⤵
  PID:3312
- C:\Windows\System\cQrqJIl.exe
  C:\Windows\System\cQrqJIl.exe
  2⤵
  PID:2508
- C:\Windows\System\uGNWAEy.exe
  C:\Windows\System\uGNWAEy.exe
  2⤵
  PID:2384
- C:\Windows\System\iEpWzMn.exe
  C:\Windows\System\iEpWzMn.exe
  2⤵
  PID:3176
- C:\Windows\System\ZngYSfU.exe
  C:\Windows\System\ZngYSfU.exe
  2⤵
  PID:2944
- C:\Windows\System\JocIBlC.exe
  C:\Windows\System\JocIBlC.exe
  2⤵
  PID:3272
- C:\Windows\System\OlzPwhJ.exe
  C:\Windows\System\OlzPwhJ.exe
  2⤵
  PID:296
- C:\Windows\System\PgdGMdI.exe
  C:\Windows\System\PgdGMdI.exe
  2⤵
  PID:3960
- C:\Windows\System\PAKoZll.exe
  C:\Windows\System\PAKoZll.exe
  2⤵
  PID:808
- C:\Windows\System\NKzWbCb.exe
  C:\Windows\System\NKzWbCb.exe
  2⤵
  PID:3396
- C:\Windows\System\JZvsvhB.exe
  C:\Windows\System\JZvsvhB.exe
  2⤵
  PID:108
- C:\Windows\System\oEgtWmW.exe
  C:\Windows\System\oEgtWmW.exe
  2⤵
  PID:3124
- C:\Windows\System\SWkixRO.exe
  C:\Windows\System\SWkixRO.exe
  2⤵
  PID:1696
- C:\Windows\System\wESBuHq.exe
  C:\Windows\System\wESBuHq.exe
  2⤵
  PID:1888
- C:\Windows\System\oJNouGU.exe
  C:\Windows\System\oJNouGU.exe
  2⤵
  PID:2972
- C:\Windows\System\ASaywMS.exe
  C:\Windows\System\ASaywMS.exe
  2⤵
  PID:772
- C:\Windows\System\qLCsEgl.exe
  C:\Windows\System\qLCsEgl.exe
  2⤵
  PID:3208
- C:\Windows\System\SAPxNbW.exe
  C:\Windows\System\SAPxNbW.exe
  2⤵
  PID:3028
- C:\Windows\System\XgnQyeu.exe
  C:\Windows\System\XgnQyeu.exe
  2⤵
  PID:3356
- C:\Windows\System\UkzAPEl.exe
  C:\Windows\System\UkzAPEl.exe
  2⤵
  PID:1656
- C:\Windows\System\IqURWqA.exe
  C:\Windows\System\IqURWqA.exe
  2⤵
  PID:2368
- C:\Windows\System\fjLAWQc.exe
  C:\Windows\System\fjLAWQc.exe
  2⤵
  PID:3648
- C:\Windows\System\hDTlABW.exe
  C:\Windows\System\hDTlABW.exe
  2⤵
  PID:3840
- C:\Windows\System\FzYWaqx.exe
  C:\Windows\System\FzYWaqx.exe
  2⤵
  PID:2196
- C:\Windows\System\TYSRpPx.exe
  C:\Windows\System\TYSRpPx.exe
  2⤵
  PID:2200
- C:\Windows\System\KeHIdNL.exe
  C:\Windows\System\KeHIdNL.exe
  2⤵
  PID:1640
- C:\Windows\System\IgYCMYt.exe
  C:\Windows\System\IgYCMYt.exe
  2⤵
  PID:3368
- C:\Windows\System\JGfAsbG.exe
  C:\Windows\System\JGfAsbG.exe
  2⤵
  PID:2380
- C:\Windows\System\JROWiEH.exe
  C:\Windows\System\JROWiEH.exe
  2⤵
  PID:3900
- C:\Windows\System\qwZyNyl.exe
  C:\Windows\System\qwZyNyl.exe
  2⤵
  PID:3376
- C:\Windows\System\DQetmHD.exe
  C:\Windows\System\DQetmHD.exe
  2⤵
  PID:2600
- C:\Windows\System\GwVZCnc.exe
  C:\Windows\System\GwVZCnc.exe
  2⤵
  PID:2228
- C:\Windows\System\JCPEXOe.exe
  C:\Windows\System\JCPEXOe.exe
  2⤵
  PID:3872
- C:\Windows\System\wxFEZSR.exe
  C:\Windows\System\wxFEZSR.exe
  2⤵
  PID:2360
- C:\Windows\System\vUXxKav.exe
  C:\Windows\System\vUXxKav.exe
  2⤵
  PID:3108
- C:\Windows\System\wrQdqlU.exe
  C:\Windows\System\wrQdqlU.exe
  2⤵
  PID:4028
- C:\Windows\System\OKaAzhP.exe
  C:\Windows\System\OKaAzhP.exe
  2⤵
  PID:4108
- C:\Windows\System\xrHRwxk.exe
  C:\Windows\System\xrHRwxk.exe
  2⤵
  PID:4124
- C:\Windows\System\oTVJsRb.exe
  C:\Windows\System\oTVJsRb.exe
  2⤵
  PID:4140
- C:\Windows\System\LVzPjlv.exe
  C:\Windows\System\LVzPjlv.exe
  2⤵
  PID:4156
- C:\Windows\System\kmeREMr.exe
  C:\Windows\System\kmeREMr.exe
  2⤵
  PID:4172
- C:\Windows\System\PIrojVb.exe
  C:\Windows\System\PIrojVb.exe
  2⤵
  PID:4188
- C:\Windows\System\YMgnSXp.exe
  C:\Windows\System\YMgnSXp.exe
  2⤵
  PID:4204
- C:\Windows\System\bRTyMcs.exe
  C:\Windows\System\bRTyMcs.exe
  2⤵
  PID:4220
- C:\Windows\System\skjjgHb.exe
  C:\Windows\System\skjjgHb.exe
  2⤵
  PID:4236
- C:\Windows\System\dTCcSBk.exe
  C:\Windows\System\dTCcSBk.exe
  2⤵
  PID:4252
- C:\Windows\System\SBnToZZ.exe
  C:\Windows\System\SBnToZZ.exe
  2⤵
  PID:4268
- C:\Windows\System\tLyrRlx.exe
  C:\Windows\System\tLyrRlx.exe
  2⤵
  PID:4284
- C:\Windows\System\dYoekoG.exe
  C:\Windows\System\dYoekoG.exe
  2⤵
  PID:4300
- C:\Windows\System\GQNlDkz.exe
  C:\Windows\System\GQNlDkz.exe
  2⤵
  PID:4316
- C:\Windows\System\CsrRygZ.exe
  C:\Windows\System\CsrRygZ.exe
  2⤵
  PID:4332
- C:\Windows\System\KQENgMl.exe
  C:\Windows\System\KQENgMl.exe
  2⤵
  PID:4348
- C:\Windows\System\azUFqAV.exe
  C:\Windows\System\azUFqAV.exe
  2⤵
  PID:4364
- C:\Windows\System\VNXYKLn.exe
  C:\Windows\System\VNXYKLn.exe
  2⤵
  PID:4380
- C:\Windows\System\fNKlTxC.exe
  C:\Windows\System\fNKlTxC.exe
  2⤵
  PID:4396
- C:\Windows\System\kiFkbuQ.exe
  C:\Windows\System\kiFkbuQ.exe
  2⤵
  PID:4412
- C:\Windows\System\JLKnmEP.exe
  C:\Windows\System\JLKnmEP.exe
  2⤵
  PID:4428
- C:\Windows\System\OvdjZhJ.exe
  C:\Windows\System\OvdjZhJ.exe
  2⤵
  PID:4444
- C:\Windows\System\pdqTveh.exe
  C:\Windows\System\pdqTveh.exe
  2⤵
  PID:4460
- C:\Windows\System\tJPuyHd.exe
  C:\Windows\System\tJPuyHd.exe
  2⤵
  PID:4476
- C:\Windows\System\AALeNJH.exe
  C:\Windows\System\AALeNJH.exe
  2⤵
  PID:4492
- C:\Windows\System\RluahHN.exe
  C:\Windows\System\RluahHN.exe
  2⤵
  PID:4508
- C:\Windows\System\WLqwSFN.exe
  C:\Windows\System\WLqwSFN.exe
  2⤵
  PID:4524
- C:\Windows\System\RxwhsuH.exe
  C:\Windows\System\RxwhsuH.exe
  2⤵
  PID:4540
- C:\Windows\System\kZMNFtK.exe
  C:\Windows\System\kZMNFtK.exe
  2⤵
  PID:4556
- C:\Windows\System\MBflltq.exe
  C:\Windows\System\MBflltq.exe
  2⤵
  PID:4572
- C:\Windows\System\rTCCrtx.exe
  C:\Windows\System\rTCCrtx.exe
  2⤵
  PID:4588
- C:\Windows\System\zUYDtaf.exe
  C:\Windows\System\zUYDtaf.exe
  2⤵
  PID:4604
- C:\Windows\System\bEiYBuA.exe
  C:\Windows\System\bEiYBuA.exe
  2⤵
  PID:4620
- C:\Windows\System\BYpUtxx.exe
  C:\Windows\System\BYpUtxx.exe
  2⤵
  PID:4636
- C:\Windows\System\ziiQyPB.exe
  C:\Windows\System\ziiQyPB.exe
  2⤵
  PID:4652
- C:\Windows\System\cynQHUV.exe
  C:\Windows\System\cynQHUV.exe
  2⤵
  PID:4668
- C:\Windows\System\ijjIjTj.exe
  C:\Windows\System\ijjIjTj.exe
  2⤵
  PID:4684
- C:\Windows\System\WCQNPCJ.exe
  C:\Windows\System\WCQNPCJ.exe
  2⤵
  PID:4704
- C:\Windows\System\ncfHPRz.exe
  C:\Windows\System\ncfHPRz.exe
  2⤵
  PID:4720
- C:\Windows\System\YPXIuRH.exe
  C:\Windows\System\YPXIuRH.exe
  2⤵
  PID:4736
- C:\Windows\System\YsViWmt.exe
  C:\Windows\System\YsViWmt.exe
  2⤵
  PID:4752
- C:\Windows\System\AewdFtu.exe
  C:\Windows\System\AewdFtu.exe
  2⤵
  PID:4768
- C:\Windows\System\vQpgwAF.exe
  C:\Windows\System\vQpgwAF.exe
  2⤵
  PID:4784
- C:\Windows\System\vvIdzpz.exe
  C:\Windows\System\vvIdzpz.exe
  2⤵
  PID:4800
- C:\Windows\System\EdTpTXs.exe
  C:\Windows\System\EdTpTXs.exe
  2⤵
  PID:4816
- C:\Windows\System\GoZJKJG.exe
  C:\Windows\System\GoZJKJG.exe
  2⤵
  PID:4832
- C:\Windows\System\YAqxHjH.exe
  C:\Windows\System\YAqxHjH.exe
  2⤵
  PID:4848
- C:\Windows\System\kdeSFqq.exe
  C:\Windows\System\kdeSFqq.exe
  2⤵
  PID:4864
- C:\Windows\System\WOvTwfh.exe
  C:\Windows\System\WOvTwfh.exe
  2⤵
  PID:4880
- C:\Windows\System\BmjwBNq.exe
  C:\Windows\System\BmjwBNq.exe
  2⤵
  PID:4896
- C:\Windows\System\sidIJzS.exe
  C:\Windows\System\sidIJzS.exe
  2⤵
  PID:4912
- C:\Windows\System\SYXQerv.exe
  C:\Windows\System\SYXQerv.exe
  2⤵
  PID:4928
- C:\Windows\System\JjZuflZ.exe
  C:\Windows\System\JjZuflZ.exe
  2⤵
  PID:4944
- C:\Windows\System\pGuzzsg.exe
  C:\Windows\System\pGuzzsg.exe
  2⤵
  PID:4960
- C:\Windows\System\sCHFauO.exe
  C:\Windows\System\sCHFauO.exe
  2⤵
  PID:4976
- C:\Windows\System\EyqEjNf.exe
  C:\Windows\System\EyqEjNf.exe
  2⤵
  PID:4992
- C:\Windows\System\NwyUudW.exe
  C:\Windows\System\NwyUudW.exe
  2⤵
  PID:5008
- C:\Windows\System\sCTvOHN.exe
  C:\Windows\System\sCTvOHN.exe
  2⤵
  PID:5024
- C:\Windows\System\JhzvDSc.exe
  C:\Windows\System\JhzvDSc.exe
  2⤵
  PID:5044
- C:\Windows\System\XAvuodW.exe
  C:\Windows\System\XAvuodW.exe
  2⤵
  PID:5060
- C:\Windows\System\hvnFRPZ.exe
  C:\Windows\System\hvnFRPZ.exe
  2⤵
  PID:5076
- C:\Windows\System\GHaxQcg.exe
  C:\Windows\System\GHaxQcg.exe
  2⤵
  PID:5092
- C:\Windows\System\nsXHxGs.exe
  C:\Windows\System\nsXHxGs.exe
  2⤵
  PID:5108
- C:\Windows\System\aTCHmsY.exe
  C:\Windows\System\aTCHmsY.exe
  2⤵
  PID:3816
- C:\Windows\System\AyInrAD.exe
  C:\Windows\System\AyInrAD.exe
  2⤵
  PID:4148
- C:\Windows\System\CbEeTlV.exe
  C:\Windows\System\CbEeTlV.exe
  2⤵
  PID:3796
- C:\Windows\System\LdiUNsx.exe
  C:\Windows\System\LdiUNsx.exe
  2⤵
  PID:4244
- C:\Windows\System\ybWnBDB.exe
  C:\Windows\System\ybWnBDB.exe
  2⤵
  PID:4164
- C:\Windows\System\cdrdAYm.exe
  C:\Windows\System\cdrdAYm.exe
  2⤵
  PID:4280
- C:\Windows\System\anbZAVh.exe
  C:\Windows\System\anbZAVh.exe
  2⤵
  PID:4292
- C:\Windows\System\IbwSgAX.exe
  C:\Windows\System\IbwSgAX.exe
  2⤵
  PID:4344
- C:\Windows\System\mPEwNez.exe
  C:\Windows\System\mPEwNez.exe
  2⤵
  PID:4376
- C:\Windows\System\waNUUBY.exe
  C:\Windows\System\waNUUBY.exe
  2⤵
  PID:2704
- C:\Windows\System\YPxuVWX.exe
  C:\Windows\System\YPxuVWX.exe
  2⤵
  PID:2528
- C:\Windows\System\ZYizfzB.exe
  C:\Windows\System\ZYizfzB.exe
  2⤵
  PID:4392
- C:\Windows\System\YnXqBaG.exe
  C:\Windows\System\YnXqBaG.exe
  2⤵
  PID:4388
- C:\Windows\System\eHfRbRX.exe
  C:\Windows\System\eHfRbRX.exe
  2⤵
  PID:4420
- C:\Windows\System\ENQxDBY.exe
  C:\Windows\System\ENQxDBY.exe
  2⤵
  PID:4456
- C:\Windows\System\XikpTQF.exe
  C:\Windows\System\XikpTQF.exe
  2⤵
  PID:4504
- C:\Windows\System\sFPQhmn.exe
  C:\Windows\System\sFPQhmn.exe
  2⤵
  PID:4568
- C:\Windows\System\bWlXCRy.exe
  C:\Windows\System\bWlXCRy.exe
  2⤵
  PID:4580
- C:\Windows\System\cAjciqa.exe
  C:\Windows\System\cAjciqa.exe
  2⤵
  PID:4600
- C:\Windows\System\Uhxxmpc.exe
  C:\Windows\System\Uhxxmpc.exe
  2⤵
  PID:4664
- C:\Windows\System\kcdoaus.exe
  C:\Windows\System\kcdoaus.exe
  2⤵
  PID:4692
- C:\Windows\System\EXnlvTD.exe
  C:\Windows\System\EXnlvTD.exe
  2⤵
  PID:4728
- C:\Windows\System\FSjBAky.exe
  C:\Windows\System\FSjBAky.exe
  2⤵
  PID:4716
- C:\Windows\System\ybJrbcv.exe
  C:\Windows\System\ybJrbcv.exe
  2⤵
  PID:4780
- C:\Windows\System\HLYZOwE.exe
  C:\Windows\System\HLYZOwE.exe
  2⤵
  PID:4792
- C:\Windows\System\XwQmMYA.exe
  C:\Windows\System\XwQmMYA.exe
  2⤵
  PID:4808
- C:\Windows\System\btdRbTE.exe
  C:\Windows\System\btdRbTE.exe
  2⤵
  PID:4812
- C:\Windows\System\RjhmdcS.exe
  C:\Windows\System\RjhmdcS.exe
  2⤵
  PID:4924
- C:\Windows\System\bldqrEA.exe
  C:\Windows\System\bldqrEA.exe
  2⤵
  PID:4908
- C:\Windows\System\sduBjlH.exe
  C:\Windows\System\sduBjlH.exe
  2⤵
  PID:4984
- C:\Windows\System\EEZMXFT.exe
  C:\Windows\System\EEZMXFT.exe
  2⤵
  PID:4968
- C:\Windows\System\yFYqUwl.exe
  C:\Windows\System\yFYqUwl.exe
  2⤵
  PID:5032
- C:\Windows\System\ZcmicDc.exe
  C:\Windows\System\ZcmicDc.exe
  2⤵
  PID:5040
- C:\Windows\System\ajvHuFE.exe
  C:\Windows\System\ajvHuFE.exe
  2⤵
  PID:5116
- C:\Windows\System\gdKqaXi.exe
  C:\Windows\System\gdKqaXi.exe
  2⤵
  PID:5068
- C:\Windows\System\ZdXAORU.exe
  C:\Windows\System\ZdXAORU.exe
  2⤵
  PID:4116
- C:\Windows\System\RJjGpIp.exe
  C:\Windows\System\RJjGpIp.exe
  2⤵
  PID:4216
- C:\Windows\System\vSohhED.exe
  C:\Windows\System\vSohhED.exe
  2⤵
  PID:4196
- C:\Windows\System\hDiaiab.exe
  C:\Windows\System\hDiaiab.exe
  2⤵
  PID:4312
- C:\Windows\System\FAmEzPy.exe
  C:\Windows\System\FAmEzPy.exe
  2⤵
  PID:1464
- C:\Windows\System\rDxdfrR.exe
  C:\Windows\System\rDxdfrR.exe
  2⤵
  PID:4440
- C:\Windows\System\HbUJVqc.exe
  C:\Windows\System\HbUJVqc.exe
  2⤵
  PID:4296
- C:\Windows\System\qnVfbVf.exe
  C:\Windows\System\qnVfbVf.exe
  2⤵
  PID:4516
- C:\Windows\System\qtKfkat.exe
  C:\Windows\System\qtKfkat.exe
  2⤵
  PID:4696
- C:\Windows\System\irYiQWP.exe
  C:\Windows\System\irYiQWP.exe
  2⤵
  PID:4700
- C:\Windows\System\YbDTLbb.exe
  C:\Windows\System\YbDTLbb.exe
  2⤵
  PID:4612
- C:\Windows\System\fiQjpwM.exe
  C:\Windows\System\fiQjpwM.exe
  2⤵
  PID:4536
- C:\Windows\System\AnxgcXm.exe
  C:\Windows\System\AnxgcXm.exe
  2⤵
  PID:4860
- C:\Windows\System\qGlSoCg.exe
  C:\Windows\System\qGlSoCg.exe
  2⤵
  PID:4936
- C:\Windows\System\oHfIJLq.exe
  C:\Windows\System\oHfIJLq.exe
  2⤵
  PID:5004
- C:\Windows\System\JarxotX.exe
  C:\Windows\System\JarxotX.exe
  2⤵
  PID:5052
- C:\Windows\System\QmGWApi.exe
  C:\Windows\System\QmGWApi.exe
  2⤵
  PID:4904
- C:\Windows\System\IjMCdBh.exe
  C:\Windows\System\IjMCdBh.exe
  2⤵
  PID:4120
- C:\Windows\System\yTWwFBi.exe
  C:\Windows\System\yTWwFBi.exe
  2⤵
  PID:5100
- C:\Windows\System\YEXZDYs.exe
  C:\Windows\System\YEXZDYs.exe
  2⤵
  PID:4232
- C:\Windows\System\XoCMUhR.exe
  C:\Windows\System\XoCMUhR.exe
  2⤵
  PID:4500
- C:\Windows\System\hSwxLFh.exe
  C:\Windows\System\hSwxLFh.exe
  2⤵
  PID:2888
- C:\Windows\System\dBkZEyF.exe
  C:\Windows\System\dBkZEyF.exe
  2⤵
  PID:4844
- C:\Windows\System\FcsMUSj.exe
  C:\Windows\System\FcsMUSj.exe
  2⤵
  PID:4408
- C:\Windows\System\MpRxIEu.exe
  C:\Windows\System\MpRxIEu.exe
  2⤵
  PID:4360
- C:\Windows\System\hmDjNTL.exe
  C:\Windows\System\hmDjNTL.exe
  2⤵
  PID:4676
- C:\Windows\System\BRQQAmV.exe
  C:\Windows\System\BRQQAmV.exe
  2⤵
  PID:4732
- C:\Windows\System\hPVpWXP.exe
  C:\Windows\System\hPVpWXP.exe
  2⤵
  PID:5088
- C:\Windows\System\JTliCAA.exe
  C:\Windows\System\JTliCAA.exe
  2⤵
  PID:4452
- C:\Windows\System\ObsLLuC.exe
  C:\Windows\System\ObsLLuC.exe
  2⤵
  PID:5000
- C:\Windows\System\gkbeyUr.exe
  C:\Windows\System\gkbeyUr.exe
  2⤵
  PID:4776
- C:\Windows\System\KAJBKQa.exe
  C:\Windows\System\KAJBKQa.exe
  2⤵
  PID:5132
- C:\Windows\System\XZDWJMr.exe
  C:\Windows\System\XZDWJMr.exe
  2⤵
  PID:5148
- C:\Windows\System\eAWayUT.exe
  C:\Windows\System\eAWayUT.exe
  2⤵
  PID:5164
- C:\Windows\System\jkPLIxG.exe
  C:\Windows\System\jkPLIxG.exe
  2⤵
  PID:5180
- C:\Windows\System\UzwKcSu.exe
  C:\Windows\System\UzwKcSu.exe
  2⤵
  PID:5200
- C:\Windows\System\WKLPTvz.exe
  C:\Windows\System\WKLPTvz.exe
  2⤵
  PID:5216
- C:\Windows\System\IBIrCHk.exe
  C:\Windows\System\IBIrCHk.exe
  2⤵
  PID:5232
- C:\Windows\System\xbsxLoZ.exe
  C:\Windows\System\xbsxLoZ.exe
  2⤵
  PID:5248
- C:\Windows\System\qHMuQWH.exe
  C:\Windows\System\qHMuQWH.exe
  2⤵
  PID:5264
- C:\Windows\System\ZoeBhZB.exe
  C:\Windows\System\ZoeBhZB.exe
  2⤵
  PID:5288
- C:\Windows\System\vKaXAfa.exe
  C:\Windows\System\vKaXAfa.exe
  2⤵
  PID:5304
- C:\Windows\System\GHJSjhZ.exe
  C:\Windows\System\GHJSjhZ.exe
  2⤵
  PID:5956
- C:\Windows\System\nkIhSec.exe
  C:\Windows\System\nkIhSec.exe
  2⤵
  PID:5972
- C:\Windows\System\afdycjn.exe
  C:\Windows\System\afdycjn.exe
  2⤵
  PID:5988
- C:\Windows\System\vHmlSru.exe
  C:\Windows\System\vHmlSru.exe
  2⤵
  PID:6008
- C:\Windows\System\eWtEwhr.exe
  C:\Windows\System\eWtEwhr.exe
  2⤵
  PID:6024
- C:\Windows\System\dcnCAev.exe
  C:\Windows\System\dcnCAev.exe
  2⤵
  PID:6044
- C:\Windows\System\eKbphBZ.exe
  C:\Windows\System\eKbphBZ.exe
  2⤵
  PID:6064
- C:\Windows\System\gwfHbVE.exe
  C:\Windows\System\gwfHbVE.exe
  2⤵
  PID:6080
- C:\Windows\System\rPpMvdV.exe
  C:\Windows\System\rPpMvdV.exe
  2⤵
  PID:6100
- C:\Windows\System\hDuflbS.exe
  C:\Windows\System\hDuflbS.exe
  2⤵
  PID:6136
- C:\Windows\System\ztXrYJH.exe
  C:\Windows\System\ztXrYJH.exe
  2⤵
  PID:5128
- C:\Windows\System\QdIgfry.exe
  C:\Windows\System\QdIgfry.exe
  2⤵
  PID:5140
- C:\Windows\System\iqnsVHo.exe
  C:\Windows\System\iqnsVHo.exe
  2⤵
  PID:5176
- C:\Windows\System\zMcRRJo.exe
  C:\Windows\System\zMcRRJo.exe
  2⤵
  PID:5300
- C:\Windows\System\DWmAvnH.exe
  C:\Windows\System\DWmAvnH.exe
  2⤵
  PID:5276
- C:\Windows\System\ZWkSVOJ.exe
  C:\Windows\System\ZWkSVOJ.exe
  2⤵
  PID:5328
- C:\Windows\System\PEgeGYe.exe
  C:\Windows\System\PEgeGYe.exe
  2⤵
  PID:5344
- C:\Windows\System\JxpCsyQ.exe
  C:\Windows\System\JxpCsyQ.exe
  2⤵
  PID:5364
- C:\Windows\System\EzEYgds.exe
  C:\Windows\System\EzEYgds.exe
  2⤵
  PID:5388
- C:\Windows\System\bZbGTdv.exe
  C:\Windows\System\bZbGTdv.exe
  2⤵
  PID:5404
- C:\Windows\System\lIRAOsg.exe
  C:\Windows\System\lIRAOsg.exe
  2⤵
  PID:5420
- C:\Windows\System\RFetzrZ.exe
  C:\Windows\System\RFetzrZ.exe
  2⤵
  PID:5436
- C:\Windows\System\vOKACjM.exe
  C:\Windows\System\vOKACjM.exe
  2⤵
  PID:5456
- C:\Windows\System\sbcjVss.exe
  C:\Windows\System\sbcjVss.exe
  2⤵
  PID:5472
- C:\Windows\System\XphjgHw.exe
  C:\Windows\System\XphjgHw.exe
  2⤵
  PID:5488
- C:\Windows\System\UOimTbE.exe
  C:\Windows\System\UOimTbE.exe
  2⤵
  PID:5512
- C:\Windows\System\BvWJkPb.exe
  C:\Windows\System\BvWJkPb.exe
  2⤵
  PID:5524
- C:\Windows\System\RnUWtuF.exe
  C:\Windows\System\RnUWtuF.exe
  2⤵
  PID:5584
- C:\Windows\System\KVBMQHb.exe
  C:\Windows\System\KVBMQHb.exe
  2⤵
  PID:5600
- C:\Windows\System\DVKFPUC.exe
  C:\Windows\System\DVKFPUC.exe
  2⤵
  PID:5612
- C:\Windows\System\yxNVILR.exe
  C:\Windows\System\yxNVILR.exe
  2⤵
  PID:5640
- C:\Windows\System\RlJDsSX.exe
  C:\Windows\System\RlJDsSX.exe
  2⤵
  PID:5656
- C:\Windows\System\ccwGvOt.exe
  C:\Windows\System\ccwGvOt.exe
  2⤵
  PID:5672
- C:\Windows\System\YDlFjej.exe
  C:\Windows\System\YDlFjej.exe
  2⤵
  PID:5708
- C:\Windows\System\rPoYuov.exe
  C:\Windows\System\rPoYuov.exe
  2⤵
  PID:5724
- C:\Windows\System\DLrnvEU.exe
  C:\Windows\System\DLrnvEU.exe
  2⤵
  PID:5748
- C:\Windows\System\OnmJFbn.exe
  C:\Windows\System\OnmJFbn.exe
  2⤵
  PID:5764
- C:\Windows\System\ESWfPyt.exe
  C:\Windows\System\ESWfPyt.exe
  2⤵
  PID:5784
- C:\Windows\System\wZsDGbx.exe
  C:\Windows\System\wZsDGbx.exe
  2⤵
  PID:5808
- C:\Windows\System\bMPKBfP.exe
  C:\Windows\System\bMPKBfP.exe
  2⤵
  PID:5824
- C:\Windows\System\iDwEArR.exe
  C:\Windows\System\iDwEArR.exe
  2⤵
  PID:5840
- C:\Windows\System\QYlGSbY.exe
  C:\Windows\System\QYlGSbY.exe
  2⤵
  PID:5860
- C:\Windows\System\lWIZonx.exe
  C:\Windows\System\lWIZonx.exe
  2⤵
  PID:5888
- C:\Windows\System\xirXUPx.exe
  C:\Windows\System\xirXUPx.exe
  2⤵
  PID:5908
- C:\Windows\System\DkkdVbv.exe
  C:\Windows\System\DkkdVbv.exe
  2⤵
  PID:5500
- C:\Windows\System\EugPCHT.exe
  C:\Windows\System\EugPCHT.exe
  2⤵
  PID:5936
- C:\Windows\System\XLISqnb.exe
  C:\Windows\System\XLISqnb.exe
  2⤵
  PID:5968
- C:\Windows\System\sTtvsRT.exe
  C:\Windows\System\sTtvsRT.exe
  2⤵
  PID:6040
- C:\Windows\System\vzsXHXP.exe
  C:\Windows\System\vzsXHXP.exe
  2⤵
  PID:6056
- C:\Windows\System\NxBhnqd.exe
  C:\Windows\System\NxBhnqd.exe
  2⤵
  PID:5980
- C:\Windows\System\iTkWXFt.exe
  C:\Windows\System\iTkWXFt.exe
  2⤵
  PID:6052
- C:\Windows\System\sAhbJJa.exe
  C:\Windows\System\sAhbJJa.exe
  2⤵
  PID:5124
- C:\Windows\System\HQIDkPr.exe
  C:\Windows\System\HQIDkPr.exe
  2⤵
  PID:5196
- C:\Windows\System\JFRUadK.exe
  C:\Windows\System\JFRUadK.exe
  2⤵
  PID:5144
- C:\Windows\System\ozvHANE.exe
  C:\Windows\System\ozvHANE.exe
  2⤵
  PID:5372
- C:\Windows\System\CDgciOF.exe
  C:\Windows\System\CDgciOF.exe
  2⤵
  PID:5376
- C:\Windows\System\BDIWFlY.exe
  C:\Windows\System\BDIWFlY.exe
  2⤵
  PID:5312
- C:\Windows\System\AtzGzCE.exe
  C:\Windows\System\AtzGzCE.exe
  2⤵
  PID:5400
- C:\Windows\System\YiCNjYt.exe
  C:\Windows\System\YiCNjYt.exe
  2⤵
  PID:5396
- C:\Windows\System\RPoPEZv.exe
  C:\Windows\System\RPoPEZv.exe
  2⤵
  PID:5516
- C:\Windows\System\POxxUMF.exe
  C:\Windows\System\POxxUMF.exe
  2⤵
  PID:5468
- C:\Windows\System\mjaXTDF.exe
  C:\Windows\System\mjaXTDF.exe
  2⤵
  PID:5556
- C:\Windows\System\dzwjFeZ.exe
  C:\Windows\System\dzwjFeZ.exe
  2⤵
  PID:5568
- C:\Windows\System\vvKfJMZ.exe
  C:\Windows\System\vvKfJMZ.exe
  2⤵
  PID:5632
- C:\Windows\System\FXzMjLp.exe
  C:\Windows\System\FXzMjLp.exe
  2⤵
  PID:5580
- C:\Windows\System\LOOkrWg.exe
  C:\Windows\System\LOOkrWg.exe
  2⤵
  PID:5668
- C:\Windows\System\cZNNjEa.exe
  C:\Windows\System\cZNNjEa.exe
  2⤵
  PID:5696
- C:\Windows\System\mIkKwjX.exe
  C:\Windows\System\mIkKwjX.exe
  2⤵
  PID:5716
- C:\Windows\System\RJKcFVH.exe
  C:\Windows\System\RJKcFVH.exe
  2⤵
  PID:5740
- C:\Windows\System\VUChOpG.exe
  C:\Windows\System\VUChOpG.exe
  2⤵
  PID:5780
- C:\Windows\System\ZGWwehy.exe
  C:\Windows\System\ZGWwehy.exe
  2⤵
  PID:5832
- C:\Windows\System\hfLFbpf.exe
  C:\Windows\System\hfLFbpf.exe
  2⤵
  PID:5876
- C:\Windows\System\EfugFoB.exe
  C:\Windows\System\EfugFoB.exe
  2⤵
  PID:5884
- C:\Windows\System\KavgmTO.exe
  C:\Windows\System\KavgmTO.exe
  2⤵
  PID:1788
- C:\Windows\System\eIRsqIQ.exe
  C:\Windows\System\eIRsqIQ.exe
  2⤵
  PID:6004
- C:\Windows\System\QPYkIsd.exe
  C:\Windows\System\QPYkIsd.exe
  2⤵
  PID:5996
- C:\Windows\System\dLsWJeV.exe
  C:\Windows\System\dLsWJeV.exe
  2⤵
  PID:2644
- C:\Windows\System\WViKYlK.exe
  C:\Windows\System\WViKYlK.exe
  2⤵
  PID:6124
- C:\Windows\System\rroAvyo.exe
  C:\Windows\System\rroAvyo.exe
  2⤵
  PID:5260
- C:\Windows\System\QtRZigK.exe
  C:\Windows\System\QtRZigK.exe
  2⤵
  PID:5384
- C:\Windows\System\gISoCwv.exe
  C:\Windows\System\gISoCwv.exe
  2⤵
  PID:5444
- C:\Windows\System\PUqKYLI.exe
  C:\Windows\System\PUqKYLI.exe
  2⤵
  PID:5452
- C:\Windows\System\tUceSIz.exe
  C:\Windows\System\tUceSIz.exe
  2⤵
  PID:5548
- C:\Windows\System\zZpaber.exe
  C:\Windows\System\zZpaber.exe
  2⤵
  PID:5544
- C:\Windows\System\BQoxtgv.exe
  C:\Windows\System\BQoxtgv.exe
  2⤵
  PID:5684
- C:\Windows\System\BeKduZF.exe
  C:\Windows\System\BeKduZF.exe
  2⤵
  PID:5592
- C:\Windows\System\WRSOTBn.exe
  C:\Windows\System\WRSOTBn.exe
  2⤵
  PID:5744
- C:\Windows\System\bvjjEDw.exe
  C:\Windows\System\bvjjEDw.exe
  2⤵
  PID:5736
- C:\Windows\System\ecZWIMr.exe
  C:\Windows\System\ecZWIMr.exe
  2⤵
  PID:5856
- C:\Windows\System\fMUCzrt.exe
  C:\Windows\System\fMUCzrt.exe
  2⤵
  PID:5896
- C:\Windows\System\HXZQKpW.exe
  C:\Windows\System\HXZQKpW.exe
  2⤵
  PID:5316
- C:\Windows\System\RcSZXQK.exe
  C:\Windows\System\RcSZXQK.exe
  2⤵
  PID:6020
- C:\Windows\System\WNqtQFZ.exe
  C:\Windows\System\WNqtQFZ.exe
  2⤵
  PID:6108
- C:\Windows\System\uDKYfYf.exe
  C:\Windows\System\uDKYfYf.exe
  2⤵
  PID:2488
- C:\Windows\System\TKiyaNl.exe
  C:\Windows\System\TKiyaNl.exe
  2⤵
  PID:5280
- C:\Windows\System\BBQbSfm.exe
  C:\Windows\System\BBQbSfm.exe
  2⤵
  PID:5448
- C:\Windows\System\SmvCwDg.exe
  C:\Windows\System\SmvCwDg.exe
  2⤵
  PID:5596
- C:\Windows\System\SqMhwVV.exe
  C:\Windows\System\SqMhwVV.exe
  2⤵
  PID:5688
- C:\Windows\System\wvuphIl.exe
  C:\Windows\System\wvuphIl.exe
  2⤵
  PID:5932
- C:\Windows\System\LxFBnQS.exe
  C:\Windows\System\LxFBnQS.exe
  2⤵
  PID:5224
- C:\Windows\System\Vxyhsvb.exe
  C:\Windows\System\Vxyhsvb.exe
  2⤵
  PID:5536
- C:\Windows\System\VFZnkCE.exe
  C:\Windows\System\VFZnkCE.exe
  2⤵
  PID:6076
- C:\Windows\System\JRsnSJI.exe
  C:\Windows\System\JRsnSJI.exe
  2⤵
  PID:5916
- C:\Windows\System\OvzylMo.exe
  C:\Windows\System\OvzylMo.exe
  2⤵
  PID:5352
- C:\Windows\System\ZvRMgrt.exe
  C:\Windows\System\ZvRMgrt.exe
  2⤵
  PID:5628
- C:\Windows\System\xedbEzQ.exe
  C:\Windows\System\xedbEzQ.exe
  2⤵
  PID:5800
- C:\Windows\System\lJaXTDb.exe
  C:\Windows\System\lJaXTDb.exe
  2⤵
  PID:5432
- C:\Windows\System\ojQqmvX.exe
  C:\Windows\System\ojQqmvX.exe
  2⤵
  PID:5272
- C:\Windows\System\ZmhckIN.exe
  C:\Windows\System\ZmhckIN.exe
  2⤵
  PID:5464
- C:\Windows\System\KcxbWyw.exe
  C:\Windows\System\KcxbWyw.exe
  2⤵
  PID:5648
- C:\Windows\System\vTFuQmz.exe
  C:\Windows\System\vTFuQmz.exe
  2⤵
  PID:5928
- C:\Windows\System\DtYdzfc.exe
  C:\Windows\System\DtYdzfc.exe
  2⤵
  PID:5228
- C:\Windows\System\TRAPPme.exe
  C:\Windows\System\TRAPPme.exe
  2⤵
  PID:6156
- C:\Windows\System\NZvHmVz.exe
  C:\Windows\System\NZvHmVz.exe
  2⤵
  PID:6172
- C:\Windows\System\GfuIlLr.exe
  C:\Windows\System\GfuIlLr.exe
  2⤵
  PID:6188
- C:\Windows\System\GkKgzjv.exe
  C:\Windows\System\GkKgzjv.exe
  2⤵
  PID:6228
- C:\Windows\System\EXawUOe.exe
  C:\Windows\System\EXawUOe.exe
  2⤵
  PID:6248
- C:\Windows\System\CWVNGdj.exe
  C:\Windows\System\CWVNGdj.exe
  2⤵
  PID:6268
- C:\Windows\System\BvIbhJl.exe
  C:\Windows\System\BvIbhJl.exe
  2⤵
  PID:6296
- C:\Windows\System\kEcGMUi.exe
  C:\Windows\System\kEcGMUi.exe
  2⤵
  PID:6312
- C:\Windows\System\xysZTjI.exe
  C:\Windows\System\xysZTjI.exe
  2⤵
  PID:6336
- C:\Windows\System\zivNIvE.exe
  C:\Windows\System\zivNIvE.exe
  2⤵
  PID:6352
- C:\Windows\System\QppMbzx.exe
  C:\Windows\System\QppMbzx.exe
  2⤵
  PID:6372
- C:\Windows\System\QNYEnSb.exe
  C:\Windows\System\QNYEnSb.exe
  2⤵
  PID:6388
- C:\Windows\System\lmgEQXJ.exe
  C:\Windows\System\lmgEQXJ.exe
  2⤵
  PID:6408
- C:\Windows\System\VjtlMjs.exe
  C:\Windows\System\VjtlMjs.exe
  2⤵
  PID:6424
- C:\Windows\System\ircYoUt.exe
  C:\Windows\System\ircYoUt.exe
  2⤵
  PID:6440
- C:\Windows\System\ouPbBdV.exe
  C:\Windows\System\ouPbBdV.exe
  2⤵
  PID:6476
- C:\Windows\System\irtmVKf.exe
  C:\Windows\System\irtmVKf.exe
  2⤵
  PID:6492
- C:\Windows\System\veFHbHI.exe
  C:\Windows\System\veFHbHI.exe
  2⤵
  PID:6508
- C:\Windows\System\hXBQyeP.exe
  C:\Windows\System\hXBQyeP.exe
  2⤵
  PID:6524
- C:\Windows\System\zBqtyYW.exe
  C:\Windows\System\zBqtyYW.exe
  2⤵
  PID:6548
- C:\Windows\System\QqdndWj.exe
  C:\Windows\System\QqdndWj.exe
  2⤵
  PID:6564
- C:\Windows\System\IzZtcer.exe
  C:\Windows\System\IzZtcer.exe
  2⤵
  PID:6584
- C:\Windows\System\sryWalT.exe
  C:\Windows\System\sryWalT.exe
  2⤵
  PID:6600
- C:\Windows\System\GXQKmxq.exe
  C:\Windows\System\GXQKmxq.exe
  2⤵
  PID:6628
- C:\Windows\System\gAnhXxy.exe
  C:\Windows\System\gAnhXxy.exe
  2⤵
  PID:6644
- C:\Windows\System\rbWkxSq.exe
  C:\Windows\System\rbWkxSq.exe
  2⤵
  PID:6664
- C:\Windows\System\XGjKssf.exe
  C:\Windows\System\XGjKssf.exe
  2⤵
  PID:6688
- C:\Windows\System\ytkmOrx.exe
  C:\Windows\System\ytkmOrx.exe
  2⤵
  PID:6712
- C:\Windows\System\CxyTcVE.exe
  C:\Windows\System\CxyTcVE.exe
  2⤵
  PID:6728
- C:\Windows\System\bZcQnvK.exe
  C:\Windows\System\bZcQnvK.exe
  2⤵
  PID:6744
- C:\Windows\System\nfAIyBs.exe
  C:\Windows\System\nfAIyBs.exe
  2⤵
  PID:6764
- C:\Windows\System\wrjYyma.exe
  C:\Windows\System\wrjYyma.exe
  2⤵
  PID:6788
- C:\Windows\System\UoEHSKR.exe
  C:\Windows\System\UoEHSKR.exe
  2⤵
  PID:6804
- C:\Windows\System\ylRGboQ.exe
  C:\Windows\System\ylRGboQ.exe
  2⤵
  PID:6820
- C:\Windows\System\oqAqUhV.exe
  C:\Windows\System\oqAqUhV.exe
  2⤵
  PID:6840
- C:\Windows\System\RONkEda.exe
  C:\Windows\System\RONkEda.exe
  2⤵
  PID:6880
- C:\Windows\System\SldtLrO.exe
  C:\Windows\System\SldtLrO.exe
  2⤵
  PID:6896
- C:\Windows\System\HDiDAtX.exe
  C:\Windows\System\HDiDAtX.exe
  2⤵
  PID:6916
- C:\Windows\System\lugEYDd.exe
  C:\Windows\System\lugEYDd.exe
  2⤵
  PID:6936
- C:\Windows\System\aJACunC.exe
  C:\Windows\System\aJACunC.exe
  2⤵
  PID:6956
- C:\Windows\System\wDwvELQ.exe
  C:\Windows\System\wDwvELQ.exe
  2⤵
  PID:6976
- C:\Windows\System\IYLomEl.exe
  C:\Windows\System\IYLomEl.exe
  2⤵
  PID:6992
- C:\Windows\System\ByrfsSu.exe
  C:\Windows\System\ByrfsSu.exe
  2⤵
  PID:7008
- C:\Windows\System\kMXdKkV.exe
  C:\Windows\System\kMXdKkV.exe
  2⤵
  PID:7060
- C:\Windows\System\XryOQCe.exe
  C:\Windows\System\XryOQCe.exe
  2⤵
  PID:7080
- C:\Windows\System\oiWFXXF.exe
  C:\Windows\System\oiWFXXF.exe
  2⤵
  PID:7096
- C:\Windows\System\QSlfabs.exe
  C:\Windows\System\QSlfabs.exe
  2⤵
  PID:7116
- C:\Windows\System\qzgefBJ.exe
  C:\Windows\System\qzgefBJ.exe
  2⤵
  PID:7140
- C:\Windows\System\SUnkhqY.exe
  C:\Windows\System\SUnkhqY.exe
  2⤵
  PID:7156
- C:\Windows\System\dyAxnge.exe
  C:\Windows\System\dyAxnge.exe
  2⤵
  PID:5564
- C:\Windows\System\EXgjAOp.exe
  C:\Windows\System\EXgjAOp.exe
  2⤵
  PID:6168
- C:\Windows\System\NuHdwqe.exe
  C:\Windows\System\NuHdwqe.exe
  2⤵
  PID:5920
- C:\Windows\System\ZJPkxoz.exe
  C:\Windows\System\ZJPkxoz.exe
  2⤵
  PID:6184
- C:\Windows\System\qlkfgEZ.exe
  C:\Windows\System\qlkfgEZ.exe
  2⤵
  PID:6208
- C:\Windows\System\bwhztPf.exe
  C:\Windows\System\bwhztPf.exe
  2⤵
  PID:6224
- C:\Windows\System\hFZdvyx.exe
  C:\Windows\System\hFZdvyx.exe
  2⤵
  PID:6244
- C:\Windows\System\GIpWNSv.exe
  C:\Windows\System\GIpWNSv.exe
  2⤵
  PID:6304
- C:\Windows\System\bOzqkWj.exe
  C:\Windows\System\bOzqkWj.exe
  2⤵
  PID:6292
- C:\Windows\System\wcfmEZr.exe
  C:\Windows\System\wcfmEZr.exe
  2⤵
  PID:6308
- C:\Windows\System\JbqyANT.exe
  C:\Windows\System\JbqyANT.exe
  2⤵
  PID:6328
- C:\Windows\System\UVkzCir.exe
  C:\Windows\System\UVkzCir.exe
  2⤵
  PID:6420
- C:\Windows\System\fiNclDa.exe
  C:\Windows\System\fiNclDa.exe
  2⤵
  PID:6396
- C:\Windows\System\rCMBAtf.exe
  C:\Windows\System\rCMBAtf.exe
  2⤵
  PID:6472
- C:\Windows\System\fWdbTxs.exe
  C:\Windows\System\fWdbTxs.exe
  2⤵
  PID:6404
- C:\Windows\System\GnPZwIz.exe
  C:\Windows\System\GnPZwIz.exe
  2⤵
  PID:6484
- C:\Windows\System\KYDBEAV.exe
  C:\Windows\System\KYDBEAV.exe
  2⤵
  PID:6532
- C:\Windows\System\VTkyzTQ.exe
  C:\Windows\System\VTkyzTQ.exe
  2⤵
  PID:6556
- C:\Windows\System\aNfberC.exe
  C:\Windows\System\aNfberC.exe
  2⤵
  PID:6636
- C:\Windows\System\NbKPymp.exe
  C:\Windows\System\NbKPymp.exe
  2⤵
  PID:6500
- C:\Windows\System\KjhDDyl.exe
  C:\Windows\System\KjhDDyl.exe
  2⤵
  PID:6612
- C:\Windows\System\LVnSQNh.exe
  C:\Windows\System\LVnSQNh.exe
  2⤵
  PID:6616
- C:\Windows\System\Zvpqlue.exe
  C:\Windows\System\Zvpqlue.exe
  2⤵
  PID:6704
- C:\Windows\System\zKPGOTO.exe
  C:\Windows\System\zKPGOTO.exe
  2⤵
  PID:6736
- C:\Windows\System\stVzkoI.exe
  C:\Windows\System\stVzkoI.exe
  2⤵
  PID:6776
- C:\Windows\System\qpbljdK.exe
  C:\Windows\System\qpbljdK.exe
  2⤵
  PID:6848
- C:\Windows\System\KYvXaFt.exe
  C:\Windows\System\KYvXaFt.exe
  2⤵
  PID:6860
- C:\Windows\System\cSxjDiB.exe
  C:\Windows\System\cSxjDiB.exe
  2⤵
  PID:6876
- C:\Windows\System\WPiQpBZ.exe
  C:\Windows\System\WPiQpBZ.exe
  2⤵
  PID:6800
- C:\Windows\System\IepnefA.exe
  C:\Windows\System\IepnefA.exe
  2⤵
  PID:6760
- C:\Windows\System\ZPeSPuP.exe
  C:\Windows\System\ZPeSPuP.exe
  2⤵
  PID:6912
- C:\Windows\System\qzuiGsb.exe
  C:\Windows\System\qzuiGsb.exe
  2⤵
  PID:6892
- C:\Windows\System\knusFoY.exe
  C:\Windows\System\knusFoY.exe
  2⤵
  PID:6984
- C:\Windows\System\MJVJFjm.exe
  C:\Windows\System\MJVJFjm.exe
  2⤵
  PID:6932
- C:\Windows\System\arwFhjq.exe
  C:\Windows\System\arwFhjq.exe
  2⤵
  PID:6972
- C:\Windows\System\AJFOTqv.exe
  C:\Windows\System\AJFOTqv.exe
  2⤵
  PID:6856
- C:\Windows\System\afTGkAN.exe
  C:\Windows\System\afTGkAN.exe
  2⤵
  PID:2572
- C:\Windows\System\APcfISX.exe
  C:\Windows\System\APcfISX.exe
  2⤵
  PID:7052
- C:\Windows\System\gCOiEFA.exe
  C:\Windows\System\gCOiEFA.exe
  2⤵
  PID:7068
- C:\Windows\System\CIfftxV.exe
  C:\Windows\System\CIfftxV.exe
  2⤵
  PID:7092
- C:\Windows\System\RznDaeZ.exe
  C:\Windows\System\RznDaeZ.exe
  2⤵
  PID:7072
- C:\Windows\System\MpQqrvs.exe
  C:\Windows\System\MpQqrvs.exe
  2⤵
  PID:7164
- C:\Windows\System\CAnBkdU.exe
  C:\Windows\System\CAnBkdU.exe
  2⤵
  PID:7148
- C:\Windows\System\neCHiVA.exe
  C:\Windows\System\neCHiVA.exe
  2⤵
  PID:6148
- C:\Windows\System\nBawDPM.exe
  C:\Windows\System\nBawDPM.exe
  2⤵
  PID:6212
- C:\Windows\System\kkqSXoc.exe
  C:\Windows\System\kkqSXoc.exe
  2⤵
  PID:6380
- C:\Windows\System\MiWVMcK.exe
  C:\Windows\System\MiWVMcK.exe
  2⤵
  PID:6240
- C:\Windows\System\WsJTfHJ.exe
  C:\Windows\System\WsJTfHJ.exe
  2⤵
  PID:6384
- C:\Windows\System\VNeWQxT.exe
  C:\Windows\System\VNeWQxT.exe
  2⤵
  PID:6400
- C:\Windows\System\CwETSRQ.exe
  C:\Windows\System\CwETSRQ.exe
  2⤵
  PID:6504
- C:\Windows\System\TCmcJat.exe
  C:\Windows\System\TCmcJat.exe
  2⤵
  PID:6436
- C:\Windows\System\XlQhWzF.exe
  C:\Windows\System\XlQhWzF.exe
  2⤵
  PID:6592
- C:\Windows\System\JUFJkDq.exe
  C:\Windows\System\JUFJkDq.exe
  2⤵
  PID:6608
- C:\Windows\System\xVQJzOo.exe
  C:\Windows\System\xVQJzOo.exe
  2⤵
  PID:6660
- C:\Windows\System\aRKUePV.exe
  C:\Windows\System\aRKUePV.exe
  2⤵
  PID:6796
- C:\Windows\System\MeAwlYy.exe
  C:\Windows\System\MeAwlYy.exe
  2⤵
  PID:6816
- C:\Windows\System\lSIevlV.exe
  C:\Windows\System\lSIevlV.exe
  2⤵
  PID:6836
- C:\Windows\System\heuczAc.exe
  C:\Windows\System\heuczAc.exe
  2⤵
  PID:6948
- C:\Windows\System\ZMQWuuS.exe
  C:\Windows\System\ZMQWuuS.exe
  2⤵
  PID:7016
- C:\Windows\System\wffCyLI.exe
  C:\Windows\System\wffCyLI.exe
  2⤵
  PID:7048
- C:\Windows\System\ZUeTskd.exe
  C:\Windows\System\ZUeTskd.exe
  2⤵
  PID:7136
- C:\Windows\System\icFOxKH.exe
  C:\Windows\System\icFOxKH.exe
  2⤵
  PID:6260
- C:\Windows\System\YzihvKE.exe
  C:\Windows\System\YzihvKE.exe
  2⤵
  PID:7036
- C:\Windows\System\VfueQDq.exe
  C:\Windows\System\VfueQDq.exe
  2⤵
  PID:7112
- C:\Windows\System\gxuwRHA.exe
  C:\Windows\System\gxuwRHA.exe
  2⤵
  PID:6348
- C:\Windows\System\iPFSoKC.exe
  C:\Windows\System\iPFSoKC.exe
  2⤵
  PID:6364
- C:\Windows\System\iEoBRDz.exe
  C:\Windows\System\iEoBRDz.exe
  2⤵
  PID:6464
- C:\Windows\System\mzmWQhP.exe
  C:\Windows\System\mzmWQhP.exe
  2⤵
  PID:6520
- C:\Windows\System\klqtiEc.exe
  C:\Windows\System\klqtiEc.exe
  2⤵
  PID:796
- C:\Windows\System\NRIlTSR.exe
  C:\Windows\System\NRIlTSR.exe
  2⤵
  PID:6904
- C:\Windows\System\aRAnYMl.exe
  C:\Windows\System\aRAnYMl.exe
  2⤵
  PID:6752
- C:\Windows\System\VoRVxmX.exe
  C:\Windows\System\VoRVxmX.exe
  2⤵
  PID:6852
- C:\Windows\System\VVeZvKK.exe
  C:\Windows\System\VVeZvKK.exe
  2⤵
  PID:7044
- C:\Windows\System\GGRWBZh.exe
  C:\Windows\System\GGRWBZh.exe
  2⤵
  PID:6204
- C:\Windows\System\ZnzPeuo.exe
  C:\Windows\System\ZnzPeuo.exe
  2⤵
  PID:7108
- C:\Windows\System\rbRQnfY.exe
  C:\Windows\System\rbRQnfY.exe
  2⤵
  PID:6332
- C:\Windows\System\vtUSCfq.exe
  C:\Windows\System\vtUSCfq.exe
  2⤵
  PID:6452
- C:\Windows\System\AWkHPhf.exe
  C:\Windows\System\AWkHPhf.exe
  2⤵
  PID:6236
- C:\Windows\System\sYfkXfn.exe
  C:\Windows\System\sYfkXfn.exe
  2⤵
  PID:6888
- C:\Windows\System\IdOYRHW.exe
  C:\Windows\System\IdOYRHW.exe
  2⤵
  PID:5792
- C:\Windows\System\rwwRALO.exe
  C:\Windows\System\rwwRALO.exe
  2⤵
  PID:7124
- C:\Windows\System\eDJBKKR.exe
  C:\Windows\System\eDJBKKR.exe
  2⤵
  PID:7184
- C:\Windows\System\UKHLJJH.exe
  C:\Windows\System\UKHLJJH.exe
  2⤵
  PID:7200
- C:\Windows\System\umsWnuf.exe
  C:\Windows\System\umsWnuf.exe
  2⤵
  PID:7216
- C:\Windows\System\oQwSpNJ.exe
  C:\Windows\System\oQwSpNJ.exe
  2⤵
  PID:7232
- C:\Windows\System\Berxjud.exe
  C:\Windows\System\Berxjud.exe
  2⤵
  PID:7248
- C:\Windows\System\YkgioEb.exe
  C:\Windows\System\YkgioEb.exe
  2⤵
  PID:7264
- C:\Windows\System\ZVWJNVN.exe
  C:\Windows\System\ZVWJNVN.exe
  2⤵
  PID:7280
- C:\Windows\System\JuhBvsQ.exe
  C:\Windows\System\JuhBvsQ.exe
  2⤵
  PID:7296
- C:\Windows\System\oRSGJER.exe
  C:\Windows\System\oRSGJER.exe
  2⤵
  PID:7312
- C:\Windows\System\faaCWuc.exe
  C:\Windows\System\faaCWuc.exe
  2⤵
  PID:7328
- C:\Windows\System\zffooOM.exe
  C:\Windows\System\zffooOM.exe
  2⤵
  PID:7348
- C:\Windows\System\uYgFeNQ.exe
  C:\Windows\System\uYgFeNQ.exe
  2⤵
  PID:7364
- C:\Windows\System\aHMnHlD.exe
  C:\Windows\System\aHMnHlD.exe
  2⤵
  PID:7380
- C:\Windows\System\XCLMYAC.exe
  C:\Windows\System\XCLMYAC.exe
  2⤵
  PID:7396
- C:\Windows\System\sDjHZJc.exe
  C:\Windows\System\sDjHZJc.exe
  2⤵
  PID:7412
- C:\Windows\System\yHBMqNf.exe
  C:\Windows\System\yHBMqNf.exe
  2⤵
  PID:7428
- C:\Windows\System\OXQHlKe.exe
  C:\Windows\System\OXQHlKe.exe
  2⤵
  PID:7444
- C:\Windows\System\tZReVhg.exe
  C:\Windows\System\tZReVhg.exe
  2⤵
  PID:7460
- C:\Windows\System\dOHTADa.exe
  C:\Windows\System\dOHTADa.exe
  2⤵
  PID:7476
- C:\Windows\System\OUxojpc.exe
  C:\Windows\System\OUxojpc.exe
  2⤵
  PID:7492
- C:\Windows\System\FtAHpuX.exe
  C:\Windows\System\FtAHpuX.exe
  2⤵
  PID:7508
- C:\Windows\System\jKvqQxf.exe
  C:\Windows\System\jKvqQxf.exe
  2⤵
  PID:7524
- C:\Windows\System\fkvrZbB.exe
  C:\Windows\System\fkvrZbB.exe
  2⤵
  PID:7540
- C:\Windows\System\rAZtHms.exe
  C:\Windows\System\rAZtHms.exe
  2⤵
  PID:7556
- C:\Windows\System\XchTeZm.exe
  C:\Windows\System\XchTeZm.exe
  2⤵
  PID:7572
- C:\Windows\System\yCqRfYn.exe
  C:\Windows\System\yCqRfYn.exe
  2⤵
  PID:7588
- C:\Windows\System\YgnSOIP.exe
  C:\Windows\System\YgnSOIP.exe
  2⤵
  PID:7604
- C:\Windows\System\WtDVAaf.exe
  C:\Windows\System\WtDVAaf.exe
  2⤵
  PID:7620
- C:\Windows\System\ZnxwXjQ.exe
  C:\Windows\System\ZnxwXjQ.exe
  2⤵
  PID:7636
- C:\Windows\System\BUcKUGd.exe
  C:\Windows\System\BUcKUGd.exe
  2⤵
  PID:7652
- C:\Windows\System\fxmsZaG.exe
  C:\Windows\System\fxmsZaG.exe
  2⤵
  PID:7668
- C:\Windows\System\cGwYsaa.exe
  C:\Windows\System\cGwYsaa.exe
  2⤵
  PID:7684
- C:\Windows\System\GWvpimw.exe
  C:\Windows\System\GWvpimw.exe
  2⤵
  PID:7700
- C:\Windows\System\vPiQfxj.exe
  C:\Windows\System\vPiQfxj.exe
  2⤵
  PID:7716
- C:\Windows\System\BeVzlKX.exe
  C:\Windows\System\BeVzlKX.exe
  2⤵
  PID:7732
- C:\Windows\System\YhwpcUD.exe
  C:\Windows\System\YhwpcUD.exe
  2⤵
  PID:7748
- C:\Windows\System\izxdEEh.exe
  C:\Windows\System\izxdEEh.exe
  2⤵
  PID:7764
- C:\Windows\System\jrJFFTf.exe
  C:\Windows\System\jrJFFTf.exe
  2⤵
  PID:7780
- C:\Windows\System\mWDLqrq.exe
  C:\Windows\System\mWDLqrq.exe
  2⤵
  PID:7796
- C:\Windows\System\SGTjbul.exe
  C:\Windows\System\SGTjbul.exe
  2⤵
  PID:7812
- C:\Windows\System\jmbCbNY.exe
  C:\Windows\System\jmbCbNY.exe
  2⤵
  PID:7828
- C:\Windows\System\dlVcKGI.exe
  C:\Windows\System\dlVcKGI.exe
  2⤵
  PID:7844
- C:\Windows\System\OtqtSlx.exe
  C:\Windows\System\OtqtSlx.exe
  2⤵
  PID:7860
- C:\Windows\System\VmdKeLu.exe
  C:\Windows\System\VmdKeLu.exe
  2⤵
  PID:7876
- C:\Windows\System\EUypfoO.exe
  C:\Windows\System\EUypfoO.exe
  2⤵
  PID:7892
- C:\Windows\System\mtCyevG.exe
  C:\Windows\System\mtCyevG.exe
  2⤵
  PID:7912
- C:\Windows\System\fRwGuWy.exe
  C:\Windows\System\fRwGuWy.exe
  2⤵
  PID:7928
- C:\Windows\System\YyyCRCt.exe
  C:\Windows\System\YyyCRCt.exe
  2⤵
  PID:7944
- C:\Windows\System\HvaTkUx.exe
  C:\Windows\System\HvaTkUx.exe
  2⤵
  PID:7960
- C:\Windows\System\yuBWXta.exe
  C:\Windows\System\yuBWXta.exe
  2⤵
  PID:7976
- C:\Windows\System\nTTjGVm.exe
  C:\Windows\System\nTTjGVm.exe
  2⤵
  PID:7992
- C:\Windows\System\amAYUWl.exe
  C:\Windows\System\amAYUWl.exe
  2⤵
  PID:8008
- C:\Windows\System\UMpbrEC.exe
  C:\Windows\System\UMpbrEC.exe
  2⤵
  PID:8024
- C:\Windows\System\nmWcnqh.exe
  C:\Windows\System\nmWcnqh.exe
  2⤵
  PID:8040
- C:\Windows\System\klRRzRs.exe
  C:\Windows\System\klRRzRs.exe
  2⤵
  PID:8056
- C:\Windows\System\LpzKFmx.exe
  C:\Windows\System\LpzKFmx.exe
  2⤵
  PID:8072
- C:\Windows\System\OFBLvns.exe
  C:\Windows\System\OFBLvns.exe
  2⤵
  PID:8088
- C:\Windows\System\gAMxise.exe
  C:\Windows\System\gAMxise.exe
  2⤵
  PID:8052
- C:\Windows\System\fSfFqZh.exe
  C:\Windows\System\fSfFqZh.exe
  2⤵
  PID:8112
- C:\Windows\System\lbvNDgg.exe
  C:\Windows\System\lbvNDgg.exe
  2⤵
  PID:8124
- C:\Windows\System\ScfRMQP.exe
  C:\Windows\System\ScfRMQP.exe
  2⤵
  PID:8148
- C:\Windows\System\hFbdhqH.exe
  C:\Windows\System\hFbdhqH.exe
  2⤵
  PID:8172
- C:\Windows\System\YrEcnha.exe
  C:\Windows\System\YrEcnha.exe
  2⤵
  PID:6812
- C:\Windows\System\hzHpHaL.exe
  C:\Windows\System\hzHpHaL.exe
  2⤵
  PID:7196
- C:\Windows\System\KDmySHB.exe
  C:\Windows\System\KDmySHB.exe
  2⤵
  PID:7028
- C:\Windows\System\xvPHFFp.exe
  C:\Windows\System\xvPHFFp.exe
  2⤵
  PID:6580
- C:\Windows\System\hjrgHpp.exe
  C:\Windows\System\hjrgHpp.exe
  2⤵
  PID:7208
- C:\Windows\System\pVPyLPn.exe
  C:\Windows\System\pVPyLPn.exe
  2⤵
  PID:7320
- C:\Windows\System\IItOYmF.exe
  C:\Windows\System\IItOYmF.exe
  2⤵
  PID:7360
- C:\Windows\System\XLBRGKq.exe
  C:\Windows\System\XLBRGKq.exe
  2⤵
  PID:7404
- C:\Windows\System\lNVYFJi.exe
  C:\Windows\System\lNVYFJi.exe
  2⤵
  PID:7376
- C:\Windows\System\LxmFIdc.exe
  C:\Windows\System\LxmFIdc.exe
  2⤵
  PID:7484
- C:\Windows\System\zhPtPmJ.exe
  C:\Windows\System\zhPtPmJ.exe
  2⤵
  PID:7908
- C:\Windows\System\elpvatt.exe
  C:\Windows\System\elpvatt.exe
  2⤵
  PID:7504
- C:\Windows\System\HuOdIBn.exe
  C:\Windows\System\HuOdIBn.exe
  2⤵
  PID:7536
- C:\Windows\System\JABaIzA.exe
  C:\Windows\System\JABaIzA.exe
  2⤵
  PID:7632
- C:\Windows\System\pigNKLd.exe
  C:\Windows\System\pigNKLd.exe
  2⤵
  PID:7648
- C:\Windows\System\pwOMchU.exe
  C:\Windows\System\pwOMchU.exe
  2⤵
  PID:7664
- C:\Windows\System\BovpkDm.exe
  C:\Windows\System\BovpkDm.exe
  2⤵
  PID:7740
- C:\Windows\System\QdRwqjp.exe
  C:\Windows\System\QdRwqjp.exe
  2⤵
  PID:7776
- C:\Windows\System\WlHOiMQ.exe
  C:\Windows\System\WlHOiMQ.exe
  2⤵
  PID:7836
- C:\Windows\System\lrughdc.exe
  C:\Windows\System\lrughdc.exe
  2⤵
  PID:7852
- C:\Windows\System\bangfAt.exe
  C:\Windows\System\bangfAt.exe
  2⤵
  PID:7888
- C:\Windows\System\pUXvske.exe
  C:\Windows\System\pUXvske.exe
  2⤵
  PID:7968
- C:\Windows\System\GFdGtTr.exe
  C:\Windows\System\GFdGtTr.exe
  2⤵
  PID:8004
- C:\Windows\System\SNdQLRN.exe
  C:\Windows\System\SNdQLRN.exe
  2⤵
  PID:8048
- C:\Windows\System\jtznZaM.exe
  C:\Windows\System\jtznZaM.exe
  2⤵
  PID:8036
- C:\Windows\System\msdCVCa.exe
  C:\Windows\System\msdCVCa.exe
  2⤵
  PID:8120
- C:\Windows\System\cXKMvEG.exe
  C:\Windows\System\cXKMvEG.exe
  2⤵
  PID:8136
- C:\Windows\System\YZImeWB.exe
  C:\Windows\System\YZImeWB.exe
  2⤵
  PID:8160
- C:\Windows\System\bJWBIIW.exe
  C:\Windows\System\bJWBIIW.exe
  2⤵
  PID:6596
- C:\Windows\System\nWQaZDz.exe
  C:\Windows\System\nWQaZDz.exe
  2⤵
  PID:7292
- C:\Windows\System\zdqdSjr.exe
  C:\Windows\System\zdqdSjr.exe
  2⤵
  PID:7304
- C:\Windows\System\DsblMJk.exe
  C:\Windows\System\DsblMJk.exe
  2⤵
  PID:7456
- C:\Windows\System\bhmyzyd.exe
  C:\Windows\System\bhmyzyd.exe
  2⤵
  PID:7228
- C:\Windows\System\NSbdSnp.exe
  C:\Windows\System\NSbdSnp.exe
  2⤵
  PID:7372
- C:\Windows\System\FZKoWyL.exe
  C:\Windows\System\FZKoWyL.exe
  2⤵
  PID:7596
- C:\Windows\System\dAaxBad.exe
  C:\Windows\System\dAaxBad.exe
  2⤵
  PID:7676
- C:\Windows\System\giDYOaJ.exe
  C:\Windows\System\giDYOaJ.exe
  2⤵
  PID:7744
- C:\Windows\System\HbvdYWW.exe
  C:\Windows\System\HbvdYWW.exe
  2⤵
  PID:7756
- C:\Windows\System\TqkoBXP.exe
  C:\Windows\System\TqkoBXP.exe
  2⤵
  PID:7616
- C:\Windows\System\cYjdCAp.exe
  C:\Windows\System\cYjdCAp.exe
  2⤵
  PID:7824
- C:\Windows\System\IiBfYMU.exe
  C:\Windows\System\IiBfYMU.exe
  2⤵
  PID:8100
- C:\Windows\System\EAXbxLI.exe
  C:\Windows\System\EAXbxLI.exe
  2⤵
  PID:8016
- C:\Windows\System\sqlZvnx.exe
  C:\Windows\System\sqlZvnx.exe
  2⤵
  PID:7956
- C:\Windows\System\UqmPesY.exe
  C:\Windows\System\UqmPesY.exe
  2⤵
  PID:6784
- C:\Windows\System\EFbLqOJ.exe
  C:\Windows\System\EFbLqOJ.exe
  2⤵
  PID:8180
- C:\Windows\System\mpsiVkd.exe
  C:\Windows\System\mpsiVkd.exe
  2⤵
  PID:8184
- C:\Windows\System\XqeunCA.exe
  C:\Windows\System\XqeunCA.exe
  2⤵
  PID:7468
- C:\Windows\System\ExzfDlI.exe
  C:\Windows\System\ExzfDlI.exe
  2⤵
  PID:7564
- C:\Windows\System\jLHaezM.exe
  C:\Windows\System\jLHaezM.exe
  2⤵
  PID:7488
- C:\Windows\System\dprDsOd.exe
  C:\Windows\System\dprDsOd.exe
  2⤵
  PID:7724
- C:\Windows\System\DXzcydy.exe
  C:\Windows\System\DXzcydy.exe
  2⤵
  PID:7900
- C:\Windows\System\woCxuCW.exe
  C:\Windows\System\woCxuCW.exe
  2⤵
  PID:7936
- C:\Windows\System\smGLLKU.exe
  C:\Windows\System\smGLLKU.exe
  2⤵
  PID:8032
- C:\Windows\System\mWyoHeT.exe
  C:\Windows\System\mWyoHeT.exe
  2⤵
  PID:7972
- C:\Windows\System\DJrIqnk.exe
  C:\Windows\System\DJrIqnk.exe
  2⤵
  PID:8164
- C:\Windows\System\wiYYqxR.exe
  C:\Windows\System\wiYYqxR.exe
  2⤵
  PID:7420
- C:\Windows\System\tpNStCD.exe
  C:\Windows\System\tpNStCD.exe
  2⤵
  PID:7392
- C:\Windows\System\HsOfBKH.exe
  C:\Windows\System\HsOfBKH.exe
  2⤵
  PID:7552
- C:\Windows\System\RIyGBbw.exe
  C:\Windows\System\RIyGBbw.exe
  2⤵
  PID:7884
- C:\Windows\System\VtoFeZf.exe
  C:\Windows\System\VtoFeZf.exe
  2⤵
  PID:7988
- C:\Windows\System\bMfZQuF.exe
  C:\Windows\System\bMfZQuF.exe
  2⤵
  PID:8152
- C:\Windows\System\NWWNwIE.exe
  C:\Windows\System\NWWNwIE.exe
  2⤵
  PID:7276
- C:\Windows\System\IFetoPW.exe
  C:\Windows\System\IFetoPW.exe
  2⤵
  PID:8196
- C:\Windows\System\jUZoBcV.exe
  C:\Windows\System\jUZoBcV.exe
  2⤵
  PID:8212
- C:\Windows\System\rmCBNpE.exe
  C:\Windows\System\rmCBNpE.exe
  2⤵
  PID:8228
- C:\Windows\System\IboQRBX.exe
  C:\Windows\System\IboQRBX.exe
  2⤵
  PID:8244
- C:\Windows\System\kLOACtW.exe
  C:\Windows\System\kLOACtW.exe
  2⤵
  PID:8288
- C:\Windows\System\dAadenh.exe
  C:\Windows\System\dAadenh.exe
  2⤵
  PID:8308
- C:\Windows\System\PBspSlH.exe
  C:\Windows\System\PBspSlH.exe
  2⤵
  PID:8324
- C:\Windows\System\tOFXOLD.exe
  C:\Windows\System\tOFXOLD.exe
  2⤵
  PID:8340
- C:\Windows\System\ItdXXPY.exe
  C:\Windows\System\ItdXXPY.exe
  2⤵
  PID:8360
- C:\Windows\System\zVTXXQi.exe
  C:\Windows\System\zVTXXQi.exe
  2⤵
  PID:8388
- C:\Windows\System\fUfcBss.exe
  C:\Windows\System\fUfcBss.exe
  2⤵
  PID:8404
- C:\Windows\System\RGhNcGP.exe
  C:\Windows\System\RGhNcGP.exe
  2⤵
  PID:8420
- C:\Windows\System\qlIQtmP.exe
  C:\Windows\System\qlIQtmP.exe
  2⤵
  PID:8436
- C:\Windows\System\YobJrHQ.exe
  C:\Windows\System\YobJrHQ.exe
  2⤵
  PID:8456
- C:\Windows\System\IPfMHBx.exe
  C:\Windows\System\IPfMHBx.exe
  2⤵
  PID:8472
- C:\Windows\System\GVJNrnq.exe
  C:\Windows\System\GVJNrnq.exe
  2⤵
  PID:8492
- C:\Windows\System\QHiiDmj.exe
  C:\Windows\System\QHiiDmj.exe
  2⤵
  PID:8508
- C:\Windows\System\oXWJGbK.exe
  C:\Windows\System\oXWJGbK.exe
  2⤵
  PID:8544
- C:\Windows\System\NEHZsLD.exe
  C:\Windows\System\NEHZsLD.exe
  2⤵
  PID:8560
- C:\Windows\System\mKHXogg.exe
  C:\Windows\System\mKHXogg.exe
  2⤵
  PID:8576
- C:\Windows\System\pkZaTLb.exe
  C:\Windows\System\pkZaTLb.exe
  2⤵
  PID:8596
- C:\Windows\System\JFWbGaF.exe
  C:\Windows\System\JFWbGaF.exe
  2⤵
  PID:8616
- C:\Windows\System\ZrIIepQ.exe
  C:\Windows\System\ZrIIepQ.exe
  2⤵
  PID:8648
- C:\Windows\System\qYAwFWc.exe
  C:\Windows\System\qYAwFWc.exe
  2⤵
  PID:8668
- C:\Windows\System\MPoJrEq.exe
  C:\Windows\System\MPoJrEq.exe
  2⤵
  PID:8684
- C:\Windows\System\CSUWEdK.exe
  C:\Windows\System\CSUWEdK.exe
  2⤵
  PID:8700
- C:\Windows\System\VqeFBMH.exe
  C:\Windows\System\VqeFBMH.exe
  2⤵
  PID:8720
- C:\Windows\System\pRSezWg.exe
  C:\Windows\System\pRSezWg.exe
  2⤵
  PID:8736
- C:\Windows\System\oiSnnRT.exe
  C:\Windows\System\oiSnnRT.exe
  2⤵
  PID:8752
- C:\Windows\System\oQOgLKo.exe
  C:\Windows\System\oQOgLKo.exe
  2⤵
  PID:8768
- C:\Windows\System\VgTmKkY.exe
  C:\Windows\System\VgTmKkY.exe
  2⤵
  PID:8784
- C:\Windows\System\HLdRXVS.exe
  C:\Windows\System\HLdRXVS.exe
  2⤵
  PID:8800
- C:\Windows\System\mRcBfyW.exe
  C:\Windows\System\mRcBfyW.exe
  2⤵
  PID:8816
- C:\Windows\System\hqHgSrf.exe
  C:\Windows\System\hqHgSrf.exe
  2⤵
  PID:8832
- C:\Windows\System\xiCietq.exe
  C:\Windows\System\xiCietq.exe
  2⤵
  PID:8848
- C:\Windows\System\mvViHsP.exe
  C:\Windows\System\mvViHsP.exe
  2⤵
  PID:8864
- C:\Windows\System\rbMxKIL.exe
  C:\Windows\System\rbMxKIL.exe
  2⤵
  PID:8880
- C:\Windows\System\KFdkMRG.exe
  C:\Windows\System\KFdkMRG.exe
  2⤵
  PID:8896
- C:\Windows\System\joOduuf.exe
  C:\Windows\System\joOduuf.exe
  2⤵
  PID:8912
- C:\Windows\System\IYJvCLC.exe
  C:\Windows\System\IYJvCLC.exe
  2⤵
  PID:8928
- C:\Windows\System\hgYmouU.exe
  C:\Windows\System\hgYmouU.exe
  2⤵
  PID:8944
- C:\Windows\System\iOGFugO.exe
  C:\Windows\System\iOGFugO.exe
  2⤵
  PID:8960
- C:\Windows\System\gFvgDUf.exe
  C:\Windows\System\gFvgDUf.exe
  2⤵
  PID:8976
- C:\Windows\System\fwJKjUH.exe
  C:\Windows\System\fwJKjUH.exe
  2⤵
  PID:8992
- C:\Windows\System\cKKmwog.exe
  C:\Windows\System\cKKmwog.exe
  2⤵
  PID:9008
- C:\Windows\System\pueMQwO.exe
  C:\Windows\System\pueMQwO.exe
  2⤵
  PID:9024
- C:\Windows\System\DYVoAAd.exe
  C:\Windows\System\DYVoAAd.exe
  2⤵
  PID:9040
- C:\Windows\System\zsqrkrW.exe
  C:\Windows\System\zsqrkrW.exe
  2⤵
  PID:9056
- C:\Windows\System\HCuXKhC.exe
  C:\Windows\System\HCuXKhC.exe
  2⤵
  PID:9072
- C:\Windows\System\IkimSqd.exe
  C:\Windows\System\IkimSqd.exe
  2⤵
  PID:9088
- C:\Windows\System\KGcAGLr.exe
  C:\Windows\System\KGcAGLr.exe
  2⤵
  PID:9104
- C:\Windows\System\eTJzSVx.exe
  C:\Windows\System\eTJzSVx.exe
  2⤵
  PID:9120
- C:\Windows\System\VPTbfDc.exe
  C:\Windows\System\VPTbfDc.exe
  2⤵
  PID:9136
- C:\Windows\System\ZCSRpRc.exe
  C:\Windows\System\ZCSRpRc.exe
  2⤵
  PID:9152
- C:\Windows\System\fuSuTLT.exe
  C:\Windows\System\fuSuTLT.exe
  2⤵
  PID:7728
- C:\Windows\System\FqnlyIG.exe
  C:\Windows\System\FqnlyIG.exe
  2⤵
  PID:8256
- C:\Windows\System\PojgsWh.exe
  C:\Windows\System\PojgsWh.exe
  2⤵
  PID:8380
- C:\Windows\System\ykJPyzs.exe
  C:\Windows\System\ykJPyzs.exe
  2⤵
  PID:8320
- C:\Windows\System\AaMQgtE.exe
  C:\Windows\System\AaMQgtE.exe
  2⤵
  PID:8516
- C:\Windows\System\iVOnMmp.exe
  C:\Windows\System\iVOnMmp.exe
  2⤵
  PID:8316
- C:\Windows\System\yEiFYOT.exe
  C:\Windows\System\yEiFYOT.exe
  2⤵
  PID:8528
- C:\Windows\System\xecaaoV.exe
  C:\Windows\System\xecaaoV.exe
  2⤵
  PID:8540
- C:\Windows\System\BItklAN.exe
  C:\Windows\System\BItklAN.exe
  2⤵
  PID:8604
- C:\Windows\System\FgoCzqB.exe
  C:\Windows\System\FgoCzqB.exe
  2⤵
  PID:8612
- C:\Windows\System\TknRzbA.exe
  C:\Windows\System\TknRzbA.exe
  2⤵
  PID:8660
- C:\Windows\System\JRdWxzs.exe
  C:\Windows\System\JRdWxzs.exe
  2⤵
  PID:8624
- C:\Windows\System\ZAEvlbL.exe
  C:\Windows\System\ZAEvlbL.exe
  2⤵
  PID:8632
- C:\Windows\System\fiSWhFD.exe
  C:\Windows\System\fiSWhFD.exe
  2⤵
  PID:8676
- C:\Windows\System\hkXbzaR.exe
  C:\Windows\System\hkXbzaR.exe
  2⤵
  PID:8708
- C:\Windows\System\EJGcgAG.exe
  C:\Windows\System\EJGcgAG.exe
  2⤵
  PID:8744
- C:\Windows\System\XGCpbVA.exe
  C:\Windows\System\XGCpbVA.exe
  2⤵
  PID:8808
- C:\Windows\System\DAPRyUU.exe
  C:\Windows\System\DAPRyUU.exe
  2⤵
  PID:8844
- C:\Windows\System\UUinxsP.exe
  C:\Windows\System\UUinxsP.exe
  2⤵
  PID:8892
- C:\Windows\System\fgTQOzF.exe
  C:\Windows\System\fgTQOzF.exe
  2⤵
  PID:8904
- C:\Windows\System\VIpymoI.exe
  C:\Windows\System\VIpymoI.exe
  2⤵
  PID:8984
- C:\Windows\System\dJWfSYS.exe
  C:\Windows\System\dJWfSYS.exe
  2⤵
  PID:9016
- C:\Windows\System\vldREID.exe
  C:\Windows\System\vldREID.exe
  2⤵
  PID:9080
- C:\Windows\System\ReNwxOl.exe
  C:\Windows\System\ReNwxOl.exe
  2⤵
  PID:9112
- C:\Windows\System\lDKTYtj.exe
  C:\Windows\System\lDKTYtj.exe
  2⤵
  PID:9144
- C:\Windows\System\mZKICRB.exe
  C:\Windows\System\mZKICRB.exe
  2⤵
  PID:9176
- C:\Windows\System\suqOEAZ.exe
  C:\Windows\System\suqOEAZ.exe
  2⤵
  PID:9192
- C:\Windows\System\oZQkvQD.exe
  C:\Windows\System\oZQkvQD.exe
  2⤵
  PID:9208
- C:\Windows\System\TVjhwWR.exe
  C:\Windows\System\TVjhwWR.exe
  2⤵
  PID:7308
- C:\Windows\System\qsmFxtS.exe
  C:\Windows\System\qsmFxtS.exe
  2⤵
  PID:7408
- C:\Windows\System\nOYbFIN.exe
  C:\Windows\System\nOYbFIN.exe
  2⤵
  PID:2648
- C:\Windows\System\nbiTnSk.exe
  C:\Windows\System\nbiTnSk.exe
  2⤵
  PID:8304
- C:\Windows\System\nTvLSOG.exe
  C:\Windows\System\nTvLSOG.exe
  2⤵
  PID:2012
- C:\Windows\System\WVRWjNx.exe
  C:\Windows\System\WVRWjNx.exe
  2⤵
  PID:8272
- C:\Windows\System\OfdqYhN.exe
  C:\Windows\System\OfdqYhN.exe
  2⤵
  PID:7256
- C:\Windows\System\atincmP.exe
  C:\Windows\System\atincmP.exe
  2⤵
  PID:8376
- C:\Windows\System\yfxsyEx.exe
  C:\Windows\System\yfxsyEx.exe
  2⤵
  PID:8488
- C:\Windows\System\StlGLHW.exe
  C:\Windows\System\StlGLHW.exe
  2⤵
  PID:8432
- C:\Windows\System\PdCLZdm.exe
  C:\Windows\System\PdCLZdm.exe
  2⤵
  PID:8588
- C:\Windows\System\EnsrMcZ.exe
  C:\Windows\System\EnsrMcZ.exe
  2⤵
  PID:8640
- C:\Windows\System\NtRLVEi.exe
  C:\Windows\System\NtRLVEi.exe
  2⤵
  PID:8628
- C:\Windows\System\Ozhpuiq.exe
  C:\Windows\System\Ozhpuiq.exe
  2⤵
  PID:8760
- C:\Windows\System\NmkEXGR.exe
  C:\Windows\System\NmkEXGR.exe
  2⤵
  PID:8780
- C:\Windows\System\MuReSet.exe
  C:\Windows\System\MuReSet.exe
  2⤵
  PID:8972
- C:\Windows\System\OyWzZmk.exe
  C:\Windows\System\OyWzZmk.exe
  2⤵
  PID:8828
- C:\Windows\System\vTYBTyt.exe
  C:\Windows\System\vTYBTyt.exe
  2⤵
  PID:9004
- C:\Windows\System\LpeerQU.exe
  C:\Windows\System\LpeerQU.exe
  2⤵
  PID:9148
- C:\Windows\System\GSsngGs.exe
  C:\Windows\System\GSsngGs.exe
  2⤵
  PID:8716
- C:\Windows\System\LwLZVKI.exe
  C:\Windows\System\LwLZVKI.exe
  2⤵
  PID:9128
- C:\Windows\System\bKHSnaM.exe
  C:\Windows\System\bKHSnaM.exe
  2⤵
  PID:9188
- C:\Windows\System\kEGQVFB.exe
  C:\Windows\System\kEGQVFB.exe
  2⤵
  PID:8372
- C:\Windows\System\tzmrFIv.exe
  C:\Windows\System\tzmrFIv.exe
  2⤵
  PID:7680
- C:\Windows\System\OdNaGtP.exe
  C:\Windows\System\OdNaGtP.exe
  2⤵
  PID:8252
- C:\Windows\System\GiEcqly.exe
  C:\Windows\System\GiEcqly.exe
  2⤵
  PID:8348
- C:\Windows\System\HKfXWvx.exe
  C:\Windows\System\HKfXWvx.exe
  2⤵
  PID:8356
- C:\Windows\System\NPFJqDd.exe
  C:\Windows\System\NPFJqDd.exe
  2⤵
  PID:8732
- C:\Windows\System\foIcASx.exe
  C:\Windows\System\foIcASx.exe
  2⤵
  PID:8608
- C:\Windows\System\yisRHlU.exe
  C:\Windows\System\yisRHlU.exe
  2⤵
  PID:8592
- C:\Windows\System\swBbwor.exe
  C:\Windows\System\swBbwor.exe
  2⤵
  PID:9000
- C:\Windows\System\MJXRYcb.exe
  C:\Windows\System\MJXRYcb.exe
  2⤵
  PID:8920
- C:\Windows\System\AgiTGAU.exe
  C:\Windows\System\AgiTGAU.exe
  2⤵
  PID:9052
- C:\Windows\System\XWeXiNR.exe
  C:\Windows\System\XWeXiNR.exe
  2⤵
  PID:8268
- C:\Windows\System\WELmKbs.exe
  C:\Windows\System\WELmKbs.exe
  2⤵
  PID:8276
- C:\Windows\System\wMiihWQ.exe
  C:\Windows\System\wMiihWQ.exe
  2⤵
  PID:8556
- C:\Windows\System\exvtJoR.exe
  C:\Windows\System\exvtJoR.exe
  2⤵
  PID:8888
- C:\Windows\System\CPsLOYQ.exe
  C:\Windows\System\CPsLOYQ.exe
  2⤵
  PID:7452
- C:\Windows\System\wRgnQNh.exe
  C:\Windows\System\wRgnQNh.exe
  2⤵
  PID:8240
- C:\Windows\System\xNrJiyj.exe
  C:\Windows\System\xNrJiyj.exe
  2⤵
  PID:8400
- C:\Windows\System\ajbMsee.exe
  C:\Windows\System\ajbMsee.exe
  2⤵
  PID:8968
- C:\Windows\System\fbsGVDv.exe
  C:\Windows\System\fbsGVDv.exe
  2⤵
  PID:9116
- C:\Windows\System\iPtyMqW.exe
  C:\Windows\System\iPtyMqW.exe
  2⤵
  PID:8520
- C:\Windows\System\gbnvDpg.exe
  C:\Windows\System\gbnvDpg.exe
  2⤵
  PID:8236
- C:\Windows\System\SOcmQqR.exe
  C:\Windows\System\SOcmQqR.exe
  2⤵
  PID:9160
- C:\Windows\System\CXaRpOM.exe
  C:\Windows\System\CXaRpOM.exe
  2⤵
  PID:8452
- C:\Windows\System\HFaEQHj.exe
  C:\Windows\System\HFaEQHj.exe
  2⤵
  PID:7924
- C:\Windows\System\cgWIrum.exe
  C:\Windows\System\cgWIrum.exe
  2⤵
  PID:8824
- C:\Windows\System\ZbGSwrk.exe
  C:\Windows\System\ZbGSwrk.exe
  2⤵
  PID:7904
- C:\Windows\System\PrmfscL.exe
  C:\Windows\System\PrmfscL.exe
  2⤵
  PID:9036
- C:\Windows\System\JMHToJR.exe
  C:\Windows\System\JMHToJR.exe
  2⤵
  PID:9224
- C:\Windows\System\VqEwGKl.exe
  C:\Windows\System\VqEwGKl.exe
  2⤵
  PID:9240
- C:\Windows\System\bqmUjax.exe
  C:\Windows\System\bqmUjax.exe
  2⤵
  PID:9256
- C:\Windows\System\gVJtqAP.exe
  C:\Windows\System\gVJtqAP.exe
  2⤵
  PID:9276
- C:\Windows\System\xsFJORh.exe
  C:\Windows\System\xsFJORh.exe
  2⤵
  PID:9296
- C:\Windows\System\kewQkZI.exe
  C:\Windows\System\kewQkZI.exe
  2⤵
  PID:9316
- C:\Windows\System\YoXwMzd.exe
  C:\Windows\System\YoXwMzd.exe
  2⤵
  PID:9336
- C:\Windows\System\kLgtPZM.exe
  C:\Windows\System\kLgtPZM.exe
  2⤵
  PID:9352
- C:\Windows\System\PVOTQIk.exe
  C:\Windows\System\PVOTQIk.exe
  2⤵
  PID:9392
- C:\Windows\System\kZmwfXK.exe
  C:\Windows\System\kZmwfXK.exe
  2⤵
  PID:9408
- C:\Windows\System\nFHtkJF.exe
  C:\Windows\System\nFHtkJF.exe
  2⤵
  PID:9428
- C:\Windows\System\gWGNeqj.exe
  C:\Windows\System\gWGNeqj.exe
  2⤵
  PID:9448
- C:\Windows\System\lIXGjfq.exe
  C:\Windows\System\lIXGjfq.exe
  2⤵
  PID:9476
- C:\Windows\System\IsfSKKU.exe
  C:\Windows\System\IsfSKKU.exe
  2⤵
  PID:9492
- C:\Windows\System\MdqrNCE.exe
  C:\Windows\System\MdqrNCE.exe
  2⤵
  PID:9512
- C:\Windows\System\ywMyxvP.exe
  C:\Windows\System\ywMyxvP.exe
  2⤵
  PID:9532
- C:\Windows\System\DFZJIQv.exe
  C:\Windows\System\DFZJIQv.exe
  2⤵
  PID:9556
- C:\Windows\System\EpGVuos.exe
  C:\Windows\System\EpGVuos.exe
  2⤵
  PID:9576
- C:\Windows\System\mgHZOHw.exe
  C:\Windows\System\mgHZOHw.exe
  2⤵
  PID:9592
- C:\Windows\System\BliQxun.exe
  C:\Windows\System\BliQxun.exe
  2⤵
  PID:9608
- C:\Windows\System\xyfnnyL.exe
  C:\Windows\System\xyfnnyL.exe
  2⤵
  PID:9636
- C:\Windows\System\rCYHvXA.exe
  C:\Windows\System\rCYHvXA.exe
  2⤵
  PID:9656
- C:\Windows\System\FcoAMTc.exe
  C:\Windows\System\FcoAMTc.exe
  2⤵
  PID:9672
- C:\Windows\System\njigKDP.exe
  C:\Windows\System\njigKDP.exe
  2⤵
  PID:9688
- C:\Windows\System\sdRdnWv.exe
  C:\Windows\System\sdRdnWv.exe
  2⤵
  PID:9704
- C:\Windows\System\dWCblAv.exe
  C:\Windows\System\dWCblAv.exe
  2⤵
  PID:9724
- C:\Windows\System\JAdmgPj.exe
  C:\Windows\System\JAdmgPj.exe
  2⤵
  PID:9756
- C:\Windows\System\HoZKRpL.exe
  C:\Windows\System\HoZKRpL.exe
  2⤵
  PID:9772
- C:\Windows\System\hayPSyr.exe
  C:\Windows\System\hayPSyr.exe
  2⤵
  PID:9792
- C:\Windows\System\zQtrmtT.exe
  C:\Windows\System\zQtrmtT.exe
  2⤵
  PID:9812
- C:\Windows\System\uzRJimo.exe
  C:\Windows\System\uzRJimo.exe
  2⤵
  PID:9832
- C:\Windows\System\plYYVMS.exe
  C:\Windows\System\plYYVMS.exe
  2⤵
  PID:9848
- C:\Windows\System\GEwxVab.exe
  C:\Windows\System\GEwxVab.exe
  2⤵
  PID:9872
- C:\Windows\System\kojIgiI.exe
  C:\Windows\System\kojIgiI.exe
  2⤵
  PID:9908
- C:\Windows\System\fGaTaHY.exe
  C:\Windows\System\fGaTaHY.exe
  2⤵
  PID:9924
- C:\Windows\System\CrtOGrw.exe
  C:\Windows\System\CrtOGrw.exe
  2⤵
  PID:9940
- C:\Windows\System\nymQZEd.exe
  C:\Windows\System\nymQZEd.exe
  2⤵
  PID:9956
- C:\Windows\System\MWtlqts.exe
  C:\Windows\System\MWtlqts.exe
  2⤵
  PID:9972
- C:\Windows\System\DtHZOFS.exe
  C:\Windows\System\DtHZOFS.exe
  2⤵
  PID:9992
- C:\Windows\System\yPlaZvw.exe
  C:\Windows\System\yPlaZvw.exe
  2⤵
  PID:10008
- C:\Windows\System\kjTVAAD.exe
  C:\Windows\System\kjTVAAD.exe
  2⤵
  PID:10024
- C:\Windows\System\rQBYtTa.exe
  C:\Windows\System\rQBYtTa.exe
  2⤵
  PID:10040
- C:\Windows\System\fDWwPwh.exe
  C:\Windows\System\fDWwPwh.exe
  2⤵
  PID:10056
- C:\Windows\System\oVOxwIM.exe
  C:\Windows\System\oVOxwIM.exe
  2⤵
  PID:10072
- C:\Windows\System\hhZmEzo.exe
  C:\Windows\System\hhZmEzo.exe
  2⤵
  PID:10092
- C:\Windows\System\gfBDVCf.exe
  C:\Windows\System\gfBDVCf.exe
  2⤵
  PID:10108
- C:\Windows\System\UrzjQUK.exe
  C:\Windows\System\UrzjQUK.exe
  2⤵
  PID:10172
- C:\Windows\System\qnQxtwJ.exe
  C:\Windows\System\qnQxtwJ.exe
  2⤵
  PID:10192
- C:\Windows\System\yxbfhqC.exe
  C:\Windows\System\yxbfhqC.exe
  2⤵
  PID:10208
- C:\Windows\System\aqagxdt.exe
  C:\Windows\System\aqagxdt.exe
  2⤵
  PID:10232
- C:\Windows\System\FVHyKyG.exe
  C:\Windows\System\FVHyKyG.exe
  2⤵
  PID:9264
- C:\Windows\System\CAgCnHn.exe
  C:\Windows\System\CAgCnHn.exe
  2⤵
  PID:9272
- C:\Windows\System\RxXJXMy.exe
  C:\Windows\System\RxXJXMy.exe
  2⤵
  PID:9348
- C:\Windows\System\YbHrwQB.exe
  C:\Windows\System\YbHrwQB.exe
  2⤵
  PID:9368
- C:\Windows\System\TgBgIBK.exe
  C:\Windows\System\TgBgIBK.exe
  2⤵
  PID:9404
- C:\Windows\System\cYHYJPE.exe
  C:\Windows\System\cYHYJPE.exe
  2⤵
  PID:9252
- C:\Windows\System\xKtoMVY.exe
  C:\Windows\System\xKtoMVY.exe
  2⤵
  PID:9324
- C:\Windows\System\JALuVAd.exe
  C:\Windows\System\JALuVAd.exe
  2⤵
  PID:9384
- C:\Windows\System\BPxbCgI.exe
  C:\Windows\System\BPxbCgI.exe
  2⤵
  PID:9456
- C:\Windows\System\nqUxpIQ.exe
  C:\Windows\System\nqUxpIQ.exe
  2⤵
  PID:9472
- C:\Windows\System\vUXNcHx.exe
  C:\Windows\System\vUXNcHx.exe
  2⤵
  PID:9540
- C:\Windows\System\AuAoPtI.exe
  C:\Windows\System\AuAoPtI.exe
  2⤵
  PID:9548
- C:\Windows\System\AuHCdJL.exe
  C:\Windows\System\AuHCdJL.exe
  2⤵
  PID:9600
- C:\Windows\System\DiLwGku.exe
  C:\Windows\System\DiLwGku.exe
  2⤵
  PID:9584
- C:\Windows\System\jZqkqKD.exe
  C:\Windows\System\jZqkqKD.exe
  2⤵
  PID:9632
- C:\Windows\System\VjPmErm.exe
  C:\Windows\System\VjPmErm.exe
  2⤵
  PID:9712
- C:\Windows\System\sfkGluO.exe
  C:\Windows\System\sfkGluO.exe
  2⤵
  PID:9668
- C:\Windows\System\UXGVXyj.exe
  C:\Windows\System\UXGVXyj.exe
  2⤵
  PID:9748
- C:\Windows\System\CDZHuOr.exe
  C:\Windows\System\CDZHuOr.exe
  2⤵
  PID:9768
- C:\Windows\System\qOnbxsm.exe
  C:\Windows\System\qOnbxsm.exe
  2⤵
  PID:9784
- C:\Windows\System\zMokqMR.exe
  C:\Windows\System\zMokqMR.exe
  2⤵
  PID:9828
- C:\Windows\System\tiESXzS.exe
  C:\Windows\System\tiESXzS.exe
  2⤵
  PID:9892
- C:\Windows\System\JemmdWX.exe
  C:\Windows\System\JemmdWX.exe
  2⤵
  PID:9868
- C:\Windows\System\qJotSvq.exe
  C:\Windows\System\qJotSvq.exe
  2⤵
  PID:9884
- C:\Windows\System\uQxWuVS.exe
  C:\Windows\System\uQxWuVS.exe
  2⤵
  PID:10000
- C:\Windows\System\mfpnjgx.exe
  C:\Windows\System\mfpnjgx.exe
  2⤵
  PID:9920
- C:\Windows\System\CzmdkCn.exe
  C:\Windows\System\CzmdkCn.exe
  2⤵
  PID:9988
- C:\Windows\System\JagvVoZ.exe
  C:\Windows\System\JagvVoZ.exe
  2⤵
  PID:10052
- C:\Windows\System\QSxJzlx.exe
  C:\Windows\System\QSxJzlx.exe
  2⤵
  PID:10124
- C:\Windows\System\jPqCPJF.exe
  C:\Windows\System\jPqCPJF.exe
  2⤵
  PID:10144
- C:\Windows\System\qjTpfWU.exe
  C:\Windows\System\qjTpfWU.exe
  2⤵
  PID:10160
- C:\Windows\System\zgRPcki.exe
  C:\Windows\System\zgRPcki.exe
  2⤵
  PID:10188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CmPDhLP.exe

Filesize
6.0MB

MD5
971b213c8db61842673e80e942e9b690

SHA1
b180c50aecd0f156bfcec5cefe35089a2a9945de

SHA256
43020642c0061be2362268efaefa35c897bbf52119eec1aa76df271a1fe5a872

SHA512
3074a5d7440ccb925a642e354ba5a1e7a89f4e88b579e83ccbf42cece07d1b8e59e8c62911bf818bae4eb06b8c30f36cab0cdd62c0659e37bab481b6b3a73e40

Download Submit
C:\Windows\system\IctwZua.exe

Filesize
6.0MB

MD5
536879bfbe29e98fdfa7a4c5cf785f7b

SHA1
160331af1600dce278a0ef0c701ce60f313ff48d

SHA256
eafe5b6093dc71c448679cc49022f7c9cdbc1c77370d42b0613170dc08eca2ea

SHA512
76254ed0da57ff9c107b4dcfc97f66852b4de4c76ffc4d5ad77b663a55d9195731a89f6830088b4c4c7c0d345c4422355bae2b15ae9458d0f1149da7325653ca

Download Submit
C:\Windows\system\JoxPmxB.exe

Filesize
6.0MB

MD5
a6ef32db4f5a7f213624eb85c4b9f835

SHA1
5d6df2e4e46f2189254a592c451579b67874ba78

SHA256
5263fbc71141de559968c017e2452d1537dc5c8bc7d74947f06ca1e301883fd9

SHA512
e78ea06968d2cf13916e84e377ea9d847964f644ff8cd4c8d5c4307e3307f0e3314e36e5ccaecc406e537bec64ee1a044f7012d6b1d319a734cab9a37e4e42cf

Download Submit
C:\Windows\system\NGwzOsK.exe

Filesize
6.0MB

MD5
553cb6fcca62dfa0f9a1a490d0ff3764

SHA1
8aa82db5cc85a26bc743f1093eee8412e7a59eb9

SHA256
ba417c4fe9d9acf679073b7e6cd637de951884d30f4a54b563f72c80c545c2f3

SHA512
c2ce728c6e394d26cbf720a2436c37ccf34670dba5e171028a31694343c0b216e7fcfb97aba559e06288666f6e322aba006aa2f3b0f50b7d2386d6b5d6721072

Download Submit
C:\Windows\system\PpGRlMG.exe

Filesize
6.0MB

MD5
55072d67ea1f1dd6c0ebbfcc21e84dac

SHA1
4b21e2043a4cb97c9929a5b2d4dcd126a5acdddf

SHA256
5a1ff575676f2ccf9df68ef0df85779cc08e710b8b82165ffb7d2b3d274ca2de

SHA512
756bc0ff9bb98713f53a672e1f71570e536ee6a73997c46a3278e49b5e22427a348abc5028f14999bd4abb94714ac350391f3b0194e2c5059f322ef0ca7e3992

Download Submit
C:\Windows\system\REtpnLd.exe

Filesize
6.0MB

MD5
acebb61cb80955f1af9b5f3bd6369290

SHA1
3190feffe9afb40cd2e72d8a75eaed9c49a4f710

SHA256
86fb7429350f7651a5059dd22f16a90ce1d75b102d246a8573d6f4caef80b04c

SHA512
b3f15867caa1707dfab519b1ad6debd2e9791f1c6e068e9c19428c9ff593d0d11f4f8ff5401851cbcb1d442ad117e28e0b8b1875a5b27a9ea99f7035a4eb577f

Download Submit
C:\Windows\system\RjBbOtD.exe

Filesize
6.0MB

MD5
c03a53a68128d003b04d165992a31735

SHA1
35361e56e5eec7c7f4f641e1094e41d5b401e70a

SHA256
9c6174076b7cc348f963497038c85feb5da6e426bef3dc8e489a1c4e8b554dbd

SHA512
ac802fc6243f73f784c142ac9e60e0f226eab9add69546baa49705e1af5293f5f031bd14c9805d4a03b3530c6a720ed0dadc47e26bce59dba703d0af7ca92ad8

Download Submit
C:\Windows\system\VKgYwHK.exe

Filesize
6.0MB

MD5
08fffc111b49289f41d871165a02a4c0

SHA1
b2d5d4e8115dd7a99c778ced12e3c194c9158739

SHA256
e497fbcb58f78b92161cfc8f0a186351e2fa4135e27b2161917b22568a917c4d

SHA512
118e3e57de51f7e703ce3cdbd48f20b43f6550d0a835d1a9c3fd13db24e2a1566a29d98039d303230336c92c75ffc467b44cba3c83263f09053e27b571a280a1

Download Submit
C:\Windows\system\Vxiagwq.exe

Filesize
6.0MB

MD5
35866225321a3b6827f03f3e4f97fa62

SHA1
2237a507ab62fe996fa92cb7b5507416cf3598ce

SHA256
185855264bfbc76764754cb9d385ef0e3c29a4a1cce2f66cb7c78a0b3eb0ffca

SHA512
125d9d1a75ae7e1167040ed3b49255b616fdf554a5789e9cad9b8d810188a613646dfcefabb0a24db9346a2554391932de0390ab50ae891c6df24bc50e5fee27

Download Submit
C:\Windows\system\WekiLyh.exe

Filesize
6.0MB

MD5
dfd8b4e1eced91d52bbb83f4e125fa1c

SHA1
bdbb890878f53a28cda76ad828c81ad893d66f26

SHA256
18f2e994d9b7b19dfc73f1ef9ed68401196eaf7d571d98f4f71f2c215051c8fb

SHA512
b627425f73e0013a020f7e8cdc010126ba147a6962a958cfe1c54fd829ff9dffb544d0f6396ffa11c3be0abe6fdb0de57d46cf537073887b67053bbf0c753eea

Download Submit
C:\Windows\system\chZMmZE.exe

Filesize
6.0MB

MD5
a2dfa139586490124b69606a1e9b50a7

SHA1
103fdab31c7dc7ad8a6919b5ad2bd6a59ca5fc6f

SHA256
29ec35244266d4b41d570cece1930116199ee61223e27985f734c8f66e1e4269

SHA512
0cd829d62fcf3fdb66b86d39443788bc5f6b46c586bd58bfb99d6124470368633901f131e05e64635a0292e8dd8f38ae946e5f666323629e03e42b43a3347a12

Download Submit
C:\Windows\system\crstFuE.exe

Filesize
6.0MB

MD5
c33a08563c2d3e9c48ec157f9dc103ec

SHA1
fab416a008a0d6d4f52f8cc644daa4cb8fba51f2

SHA256
095c5dc11b25ed4e2205f57161dd559b466c00be479307e874c3820cccebb2c3

SHA512
a8454353727d288ebdb38c90684c47969629ebe8e15477761943df79f418a0223858d99419195047015a79922078c66a926f0195d00ba6cf72aba217d5108ea1

Download Submit
C:\Windows\system\dNTHIDo.exe

Filesize
6.0MB

MD5
4df6fd9244162a89c7fd5fbf9cefa0d6

SHA1
951c6bf664c2afd041f2ae148fd07d4d08f7c93a

SHA256
d86205b1afaef8ed0d7982d3caa8a068eae5ebdf09f6f725a3ca9eb98bbfedd4

SHA512
c03ef88d5c74d1246673cc643658d43b40dd77791d4c7d9738190d0bb8a8529bbbf5afdca8fd8a34e258ab73516c7a70be6e4e437790a829a50cfa363802c9a6

Download Submit
C:\Windows\system\dSmnfpN.exe

Filesize
6.0MB

MD5
e3d30cb59be4320b7db19212df8f37b2

SHA1
85bb119534dbb8a9a315f7d0abda6a3b4889c2c1

SHA256
c096c7e3f7f256cd5f6952a011d9ac377b2a8d02619f8ef908b336c96cd72897

SHA512
8bd88d4fb12b6d014383675c3b11883155eda61a0f6d4aa50ceffe90d2d9142bfcbbc706448bb550b2b76f2e91dd42c0b4bee34238d8d2fe3b0ffddbbbf6d497

Download Submit
C:\Windows\system\gHPImHZ.exe

Filesize
6.0MB

MD5
5d2ea14df5f7f85e9cdab0218c78bc8e

SHA1
21f49ac2ce0da90798f97e5a5f59ca01063ee2c2

SHA256
1dfe8752587db533e04d9818f5f4ee3068982afd5c6662137988273f4710cb42

SHA512
b613e672d44fd5e43c00fafd661ef350e35b92f2fcf77d8d8894af512089fc8c0efea976ec5f8ce93ad2d1e75a0dec6908da7fe375963879122d753a9f4db367

Download Submit
C:\Windows\system\gKmzeLS.exe

Filesize
6.0MB

MD5
d6c4ae37b051e8c4ce4b943196ae0248

SHA1
91f4d67333d7c1ab1a3b3c475928bab885713f1d

SHA256
892a406b4c83ed2cd28d97e5fd2b8596a4910dce17081d9a2088d019267d229a

SHA512
1aae9adaa4b12a5eef36608dc5c391a4c6984df9b2ba4d988e488fd4ab2e9724976ecddf654a2c8b113a6bb2dd0a8fb35711aa186591dc1887c83a5250fac81f

Download Submit
C:\Windows\system\jjDAqXV.exe

Filesize
6.0MB

MD5
06406b8b20d6a36c79bebd0b3a260514

SHA1
675c9ede36026339ab4f105a35ac823cc00d70d4

SHA256
bfc165f98d2b0157ea9fe2b62e3c503f0d08f99057528713892922eda3881d86

SHA512
fb04a34c3f2e7ea2993337b3cbfe4f4421b5b29e24861a0742643b8e058305df9e42f8309e50d8354db992bdfe11182daf50c2309b8d054a717cb4987e460f6e

Download Submit
C:\Windows\system\kCNEQvP.exe

Filesize
6.0MB

MD5
7d9f5d8a8936593ba40134098e1556b0

SHA1
63b6c3877fdcf6e22b8a77d42f41bc6419fb1275

SHA256
fbd8b81fe9aa3d0a53673c55d2c022ecb0f30f2f513d9097ce2ff39025a18b90

SHA512
d1c5191396632e35bb8f854d6e34939c3b1aaa2457a29cb190250dda4b604e4bc8d4cb93662c2c3fa03308a96578626ea2917dc9d96037bfdc630391c36ce08e

Download Submit
C:\Windows\system\kfwwzTC.exe

Filesize
6.0MB

MD5
ea0380e8aed10600a10ae322a8acbadd

SHA1
697b61f0e170b52bac9383b305f1cc29a9259e28

SHA256
47558696aef580e9e725615a144a663f1014b77d5fd0e24ed7cb19d54e06d63d

SHA512
9f472d26dc3d0bb77302cd358cb15cc34c2446705d3b1dff7ce6ce28f639859a9472203c12ba9114bb90033687f247ce4af259de0d7729ed3386ff3a5139feb7

Download Submit
C:\Windows\system\nomkweB.exe

Filesize
6.0MB

MD5
3cb6bbce606b145e97249bbb502faa82

SHA1
886544131a655681d1a26988445051d135c65cb9

SHA256
7dca2af62df91371c64de96b5f6c09991f955d8186d85b34f7a81f27f4c6065a

SHA512
52d52ec996d731020497801127d627e20fdb645a3c165ef0e4128b7899d5b2d162f1c0ad90872b2a039249d1b2f1550b867182db5721de1438ce4ec9ec84738c

Download Submit
C:\Windows\system\pTnkrWr.exe

Filesize
6.0MB

MD5
ba03a0ac63eceb1fbd9943380e2fc268

SHA1
bc0234555882409e97396f5f9001813c571d4c96

SHA256
d5a216c88519816ccaf49e9c7e2f54a610835ffcc5f3ed593d7a7ad04458b607

SHA512
6aa4cf8a762a25043753767139009d895b76030357279c7a709861e63e89383564c8147fcf81d8b1efc75ec4cf032b1f045d10d599bcba9befcd074972292810

Download Submit
C:\Windows\system\rVmMwZF.exe

Filesize
6.0MB

MD5
44441b13e5f841d443b6f29be9874767

SHA1
bd29cde8d6e2a79f5a9757abc235364d91675d64

SHA256
6c59b9adb185bee2dfd7b7f988e1254800165625bc9b50f3b246e37e017fb745

SHA512
e40cf8f6f66bb2108206a9b969e47213116bccd662562f3e99617d2cad9fcef2a4b8561418838b719be5c1685d70238ba8ac0584b543d62771623197be546fea

Download Submit
C:\Windows\system\rxzlZyI.exe

Filesize
6.0MB

MD5
d0c1cd7ee0c14a1056b8e88d9ac6ff37

SHA1
6df08d0f076c06cb6403d266e18ab5e80aa618aa

SHA256
a09c70072c280ef4bc2e8a9506ab27fa30fd06a25dc800b89fa1471530f537ea

SHA512
c7632f2cf73ddf82a539c9afebd03c3b5950db28970875dfb09efdb7a159183905ee82d80884d5ecc02ded2d4c77206113d1b0e3ae4933d08ba30aa71026861e

Download Submit
C:\Windows\system\sYsQXAC.exe

Filesize
6.0MB

MD5
24f750d8dbbf23a87c0a56ea26611b99

SHA1
09cae4e4862ebf7c6b7290f25867e66f1e6a63a1

SHA256
ac810b9bc0db977b7c6acd69fb011e3b4fbe2695cd6efba14da3d33734a8dda7

SHA512
2259c7bb6782a7f301fa21ed534139c73c87f870b18ec5ae4ec35c1b97bf1531b35fea678a02ae1381f6d95ea9e4396a0c77df249a9387d2c21ddd70dd73acb9

Download Submit
C:\Windows\system\uGmDVMB.exe

Filesize
6.0MB

MD5
2bb4343f7be4111f803cbbb0c3e0a1ba

SHA1
6bc0443333dfccb1aa233afea9b7468432c379a0

SHA256
9e72b272f61e769b46f4c5c39049a635c0a476cd1dc0c7618f1370010b9b7ffd

SHA512
a4d279a5f96b9962aabc85a6dc10438065232851a1bac267a91eb5ed9b146cc4ed21f78d06288bf63451aebdc575e39aa83e5341e9303b270c8c55b04182df68

Download Submit
C:\Windows\system\uPGfDYY.exe

Filesize
6.0MB

MD5
936695c6efa7bd0a0f259a86a12ee3ef

SHA1
20cfc80c295074edb769b7106ecc78feb5b5d283

SHA256
b7f827cc8fbc13163fb29e2243fca43125f667c35c49876ff64c5bc4246e29d5

SHA512
47cf072b26ea8215e21c90309dff5fdd2e5357457a70d8db97814e4c89b5fd1abab7985cdbefe0c02a0fce05cbb88882b140de2bf4dffc9c5a0b0e6433594caa

Download Submit
C:\Windows\system\vMyJeiJ.exe

Filesize
6.0MB

MD5
eb0cdc22d5172666544884745e27ab5c

SHA1
60cb78a5bd8a25d9c136cb186d3a6d9908b74c0f

SHA256
242198573f40781ba2645b8ec3c76ccb8bf0d82704955dfff566ca60b9e6f06f

SHA512
d4e71728ec43abd39cad2148e95a58cd372ce11776d9985eb7bde287c542435a4b9504a2646fcc95c62998c8fd953f6302514c399910a3a9f52ad835cdfe5438

Download Submit
C:\Windows\system\wlEjBcV.exe

Filesize
6.0MB

MD5
42a4d995efe0c0b443ea9557c770ae45

SHA1
1a0d4f27bc64a408a383fe2d7355869ecc034eb3

SHA256
5e72d331beff298e4cd898099cda471876a55e96112125b6cf92f238697c6808

SHA512
6abe6853cfad32103c45d13554e50d30db6c413796526f1e913ce65ab5b0e0de8dedf6436610d85e5a91f4054f18e6fd4f55af34d62c7946e38344156484ab75

Download Submit
C:\Windows\system\xyQkAuj.exe

Filesize
6.0MB

MD5
507d00381fe9afcb0bcd836a300efc59

SHA1
fbfa53b3326187581668ff2f063936f6d336268a

SHA256
270a5e3517a4150292b409000b81edac6e33d5ee06f9ab3e412664b54a0d7d22

SHA512
6c6815905d3b97ce824648f872174abfc1cb8e2dc47100a46ce27fe3449a5c25ee7179562bf4addb268ff00a5bede5c439502bf9e83d21efe435a0c39bf8cb10

Download Submit
\Windows\system\VhoNvQL.exe

Filesize
6.0MB

MD5
9a6803cd0c9ac77779671af5859f44a2

SHA1
864cb32a242371ab32dfad7728073f6d7b5bb62a

SHA256
7852d471947226b0b3707643e9581ae098452e77317a67f4d92ab3120e8a0279

SHA512
bbce4d9b96c1d83d42e75da7e3b052c3aad656997dab05659d50715e27c8fd26ec3a41d885708f37fa3fa4ada71eea4d34c26f29ed542c292551ddee1a320ef7

Download Submit
\Windows\system\itdUYKe.exe

Filesize
6.0MB

MD5
66f3d486dae2e7c5d4fa428ba7f73d3c

SHA1
476a439a2f77f5ef9077881df5760d7c772b27f8

SHA256
0d071d95a9fe89142f381253022f9a55966a7688bf89135979027952475100b9

SHA512
495c156e83a1ca4a5aae8bd4621d56047c32c0da481609938697745aa9b3dd636839ec069d878c5caafcd2f9daffd5ed7d2ba75445abb8bd06f4abb2db157cc7

Download Submit
\Windows\system\rXeFzdb.exe

Filesize
6.0MB

MD5
4affcd2c79a3d17b312bfb9967feabd5

SHA1
9dea7337c133658727758efef1874b68e5ec79bd

SHA256
39e711db17fb8c4a81b06ca95bbde0891a9eb158cbf957a11d3dcd1433cb282e

SHA512
8ef82cf05e4c638fe3cca8f490aeb7c17300b737e3675017aef5faeb92ff33301f6b06623ec1044359c9b45eb5a7b590efc9f7412df5e9c1cf4fc6f1f678f118

Download Submit
memory/1612-708-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1612-99-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2020-678-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2020-86-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2128-28-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2128-42-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-53-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2128-52-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2128-106-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2128-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2128-21-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2128-98-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2128-119-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-0-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2128-8-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2128-44-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2128-66-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2128-85-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2128-74-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2128-77-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2128-307-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-49-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2128-36-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2128-103-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-43-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2128-16-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2128-45-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2340-630-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2340-15-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-203-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2596-91-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2596-707-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2676-105-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2676-57-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2676-667-0x000000013F300000-0x000000013F654000-memory.dmp

Filesize
3.3MB

Download
memory/2700-677-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2700-107-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2700-73-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2712-115-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2712-680-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2712-75-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2824-78-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-670-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-624-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2844-14-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2856-48-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2856-628-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2872-23-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2872-625-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2872-50-0x000000013F8D0000-0x000000013FC24000-memory.dmp

Filesize
3.3MB

Download
memory/2876-626-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2876-29-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2876-51-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2956-104-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-228-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-779-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/3048-627-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/3048-40-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download