cobaltstrike | 033081a54cdf8ea1a1374cc34edddd227e2dea0cd361ed35515888dd7a2c6783

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 13:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

aef9e6de04c0ec04216001a680b3a705
SHA1

09b92a5a35f213e42b489f65677a31f4b022ff94
SHA256

033081a54cdf8ea1a1374cc34edddd227e2dea0cd361ed35515888dd7a2c6783
SHA512

778c6ffd88f1dff511bb70f5b6cdab58bdd08983543b773d02daf8dd1076b9f70b5128622470b09ee23e54416785a573ae6bd9a229c08e82343e8813bfa89ab5
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUH:T+q56utgpPF8u/7H

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\vZwnKzf.exe	cobalt_reflective_dll
C:\Windows\system\vUcgpPg.exe	cobalt_reflective_dll
\Windows\system\dKkjSfG.exe	cobalt_reflective_dll
\Windows\system\EvkmMsU.exe	cobalt_reflective_dll
\Windows\system\NUVZSPw.exe	cobalt_reflective_dll
C:\Windows\system\DNgbeUa.exe	cobalt_reflective_dll
C:\Windows\system\NdvuMkD.exe	cobalt_reflective_dll
C:\Windows\system\iGwxwoE.exe	cobalt_reflective_dll
C:\Windows\system\srWmysN.exe	cobalt_reflective_dll
C:\Windows\system\OTupIcR.exe	cobalt_reflective_dll
C:\Windows\system\olDbSpq.exe	cobalt_reflective_dll
C:\Windows\system\zXcGKDK.exe	cobalt_reflective_dll
C:\Windows\system\nfTLhqt.exe	cobalt_reflective_dll
C:\Windows\system\nKKQnmz.exe	cobalt_reflective_dll
C:\Windows\system\iZbIWOX.exe	cobalt_reflective_dll
C:\Windows\system\EUQsdPp.exe	cobalt_reflective_dll
C:\Windows\system\TduMQJM.exe	cobalt_reflective_dll
C:\Windows\system\dVQoKPY.exe	cobalt_reflective_dll
C:\Windows\system\OxZjeyU.exe	cobalt_reflective_dll
C:\Windows\system\vcjkrkC.exe	cobalt_reflective_dll
C:\Windows\system\ELySeHq.exe	cobalt_reflective_dll
C:\Windows\system\aoPrfVi.exe	cobalt_reflective_dll
C:\Windows\system\jWXdjYI.exe	cobalt_reflective_dll
C:\Windows\system\SyVdjeM.exe	cobalt_reflective_dll
C:\Windows\system\jBPIZjO.exe	cobalt_reflective_dll
C:\Windows\system\qMJFYtf.exe	cobalt_reflective_dll
C:\Windows\system\AAoBVHZ.exe	cobalt_reflective_dll
C:\Windows\system\CKxQZpZ.exe	cobalt_reflective_dll
C:\Windows\system\MPkVcAH.exe	cobalt_reflective_dll
C:\Windows\system\PhQMYgm.exe	cobalt_reflective_dll
\Windows\system\lkjQZOq.exe	cobalt_reflective_dll
C:\Windows\system\VYanSDZ.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2844-0-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
\Windows\system\vZwnKzf.exe	xmrig
C:\Windows\system\vUcgpPg.exe	xmrig
behavioral1/memory/2828-25-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
\Windows\system\dKkjSfG.exe	xmrig
behavioral1/memory/2712-35-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2012-42-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
\Windows\system\EvkmMsU.exe	xmrig
behavioral1/memory/764-58-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2712-72-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2012-80-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2068-89-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
\Windows\system\NUVZSPw.exe	xmrig
behavioral1/memory/2156-106-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
C:\Windows\system\DNgbeUa.exe	xmrig
C:\Windows\system\NdvuMkD.exe	xmrig
C:\Windows\system\iGwxwoE.exe	xmrig
C:\Windows\system\srWmysN.exe	xmrig
behavioral1/memory/2156-789-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/3064-649-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2068-498-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2600-370-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/memory/376-207-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
C:\Windows\system\OTupIcR.exe	xmrig
C:\Windows\system\olDbSpq.exe	xmrig
C:\Windows\system\zXcGKDK.exe	xmrig
C:\Windows\system\nfTLhqt.exe	xmrig
C:\Windows\system\nKKQnmz.exe	xmrig
C:\Windows\system\iZbIWOX.exe	xmrig
C:\Windows\system\EUQsdPp.exe	xmrig
C:\Windows\system\TduMQJM.exe	xmrig
C:\Windows\system\dVQoKPY.exe	xmrig
C:\Windows\system\OxZjeyU.exe	xmrig
C:\Windows\system\vcjkrkC.exe	xmrig
C:\Windows\system\ELySeHq.exe	xmrig
C:\Windows\system\aoPrfVi.exe	xmrig
C:\Windows\system\jWXdjYI.exe	xmrig
behavioral1/memory/1476-105-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/3064-98-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/764-97-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
C:\Windows\system\SyVdjeM.exe	xmrig
behavioral1/memory/2176-88-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
C:\Windows\system\jBPIZjO.exe	xmrig
behavioral1/memory/2600-81-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
C:\Windows\system\qMJFYtf.exe	xmrig
behavioral1/memory/376-73-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
C:\Windows\system\AAoBVHZ.exe	xmrig
behavioral1/memory/1476-65-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
C:\Windows\system\CKxQZpZ.exe	xmrig
behavioral1/memory/2828-57-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2416-56-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2176-50-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
C:\Windows\system\MPkVcAH.exe	xmrig
behavioral1/memory/2116-41-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
C:\Windows\system\PhQMYgm.exe	xmrig
behavioral1/memory/2844-38-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
\Windows\system\lkjQZOq.exe	xmrig
behavioral1/memory/3068-27-0x000000013F5F0000-0x000000013F944000-memory.dmp	xmrig
behavioral1/memory/2416-24-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
C:\Windows\system\VYanSDZ.exe	xmrig
behavioral1/memory/2116-11-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2116-3310-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/764-3344-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2416-3281-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

vZwnKzf.exeVYanSDZ.exevUcgpPg.exelkjQZOq.exePhQMYgm.exedKkjSfG.exeMPkVcAH.exeEvkmMsU.exeCKxQZpZ.exeAAoBVHZ.exeqMJFYtf.exejBPIZjO.exeSyVdjeM.exeNUVZSPw.exejWXdjYI.exeDNgbeUa.exeaoPrfVi.exeNdvuMkD.exeELySeHq.exevcjkrkC.exeOxZjeyU.exedVQoKPY.exeTduMQJM.exeiGwxwoE.exeiZbIWOX.exeEUQsdPp.exenKKQnmz.exenfTLhqt.exezXcGKDK.exeolDbSpq.exesrWmysN.exeOTupIcR.exeoJUaNWj.exeyrgUnEN.exejPTMsHe.exetpEKNWO.exekXRkYzg.exeCxjTmEo.exeteAiCPc.exeNmsbcMq.exelCAsdCH.exeCFbvXwR.exesaLojPF.exeVGHOqUh.exeqLfgQIB.exeSAjdHMi.exeEARqsPk.exeaUffCKh.exeFSihTug.exeEVDMQMI.exellmdejF.exenYqWOuv.exeNzkyMdf.exebNKwwmw.exeNsCqcRv.exeBYqHAar.exelQgIHGx.exeTLsQUOq.exeZuhFLLF.exeUOUwuKC.exeuSwbHnh.exeGufsRCD.exeejzGZJn.exeelOZvml.exe

pid	process
2116	vZwnKzf.exe
2416	VYanSDZ.exe
2828	vUcgpPg.exe
3068	lkjQZOq.exe
2712	PhQMYgm.exe
2012	dKkjSfG.exe
2176	MPkVcAH.exe
764	EvkmMsU.exe
1476	CKxQZpZ.exe
376	AAoBVHZ.exe
2600	qMJFYtf.exe
2068	jBPIZjO.exe
3064	SyVdjeM.exe
2156	NUVZSPw.exe
2332	jWXdjYI.exe
668	DNgbeUa.exe
3044	aoPrfVi.exe
2008	NdvuMkD.exe
1268	ELySeHq.exe
2216	vcjkrkC.exe
2192	OxZjeyU.exe
2440	dVQoKPY.exe
2112	TduMQJM.exe
2072	iGwxwoE.exe
1472	iZbIWOX.exe
1944	EUQsdPp.exe
324	nKKQnmz.exe
1968	nfTLhqt.exe
1972	zXcGKDK.exe
2652	olDbSpq.exe
1332	srWmysN.exe
1936	OTupIcR.exe
1796	oJUaNWj.exe
1524	yrgUnEN.exe
1664	jPTMsHe.exe
2208	tpEKNWO.exe
908	kXRkYzg.exe
2444	CxjTmEo.exe
1412	teAiCPc.exe
1692	NmsbcMq.exe
2644	lCAsdCH.exe
1248	CFbvXwR.exe
2584	saLojPF.exe
1720	VGHOqUh.exe
1928	qLfgQIB.exe
2380	SAjdHMi.exe
1752	EARqsPk.exe
2976	aUffCKh.exe
2816	FSihTug.exe
1152	EVDMQMI.exe
2984	llmdejF.exe
2824	nYqWOuv.exe
2864	NzkyMdf.exe
1916	bNKwwmw.exe
2768	NsCqcRv.exe
796	BYqHAar.exe
2152	lQgIHGx.exe
2400	TLsQUOq.exe
2388	ZuhFLLF.exe
2280	UOUwuKC.exe
2364	uSwbHnh.exe
2924	GufsRCD.exe
1964	ejzGZJn.exe
2256	elOZvml.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2844-0-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
\Windows\system\vZwnKzf.exe	upx
C:\Windows\system\vUcgpPg.exe	upx
behavioral1/memory/2828-25-0x000000013F100000-0x000000013F454000-memory.dmp	upx
\Windows\system\dKkjSfG.exe	upx
behavioral1/memory/2712-35-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2012-42-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
\Windows\system\EvkmMsU.exe	upx
behavioral1/memory/764-58-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2712-72-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2012-80-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2068-89-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
\Windows\system\NUVZSPw.exe	upx
behavioral1/memory/2156-106-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
C:\Windows\system\DNgbeUa.exe	upx
C:\Windows\system\NdvuMkD.exe	upx
C:\Windows\system\iGwxwoE.exe	upx
C:\Windows\system\srWmysN.exe	upx
behavioral1/memory/2156-789-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/3064-649-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2068-498-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2600-370-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/memory/376-207-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
C:\Windows\system\OTupIcR.exe	upx
C:\Windows\system\olDbSpq.exe	upx
C:\Windows\system\zXcGKDK.exe	upx
C:\Windows\system\nfTLhqt.exe	upx
C:\Windows\system\nKKQnmz.exe	upx
C:\Windows\system\iZbIWOX.exe	upx
C:\Windows\system\EUQsdPp.exe	upx
C:\Windows\system\TduMQJM.exe	upx
C:\Windows\system\dVQoKPY.exe	upx
C:\Windows\system\OxZjeyU.exe	upx
C:\Windows\system\vcjkrkC.exe	upx
C:\Windows\system\ELySeHq.exe	upx
C:\Windows\system\aoPrfVi.exe	upx
C:\Windows\system\jWXdjYI.exe	upx
behavioral1/memory/1476-105-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/3064-98-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/764-97-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
C:\Windows\system\SyVdjeM.exe	upx
behavioral1/memory/2176-88-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
C:\Windows\system\jBPIZjO.exe	upx
behavioral1/memory/2600-81-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
C:\Windows\system\qMJFYtf.exe	upx
behavioral1/memory/376-73-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
C:\Windows\system\AAoBVHZ.exe	upx
behavioral1/memory/1476-65-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
C:\Windows\system\CKxQZpZ.exe	upx
behavioral1/memory/2828-57-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2416-56-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2176-50-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
C:\Windows\system\MPkVcAH.exe	upx
behavioral1/memory/2116-41-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
C:\Windows\system\PhQMYgm.exe	upx
behavioral1/memory/2844-38-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
\Windows\system\lkjQZOq.exe	upx
behavioral1/memory/3068-27-0x000000013F5F0000-0x000000013F944000-memory.dmp	upx
behavioral1/memory/2416-24-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
C:\Windows\system\VYanSDZ.exe	upx
behavioral1/memory/2116-11-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2116-3310-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/764-3344-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2416-3281-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\PNsnsRe.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHwSwBW.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiaMJfJ.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNPHMTc.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgxszcD.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nZrMpvL.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HtDgwmG.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHIQyTM.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MFgNuTH.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\saKcsRT.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOkhPam.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MAFNJuJ.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSqMBXI.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdCRIOC.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMPUNUd.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dLUQmey.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwUPCBB.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\liJruOt.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fFbkzFQ.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vnwpYcg.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJDemTx.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rKvEjSV.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txDTRct.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\syGljCg.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIUdDrA.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZdkWiV.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqKhtgQ.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldWPyUU.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzXTppy.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxzHmuF.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztTYaGX.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbTVBKv.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKzxwkZ.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WntbXOf.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FURSFVg.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VrXwyjg.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rmlbFyh.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMuqbvh.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VeXkdjU.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmMKmRg.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CaBxXnb.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHtpdZd.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvlzZYR.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZuYTcYJ.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SOzWZPT.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhEXeZN.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WlyNLfZ.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVmLOSM.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhqnliA.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRXiRKz.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DTiIdMs.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KuvJfyF.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMMqSUo.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NySQrZK.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxpLPie.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbKnZBE.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hcRxKPi.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYfzvWu.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhJCQLT.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyDGHDv.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhFuQXS.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkewmSA.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSCgeZb.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miHpWVZ.exe	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2844 wrote to memory of 2116	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	vZwnKzf.exe
PID 2844 wrote to memory of 2116	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	vZwnKzf.exe
PID 2844 wrote to memory of 2116	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	vZwnKzf.exe
PID 2844 wrote to memory of 2416	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	VYanSDZ.exe
PID 2844 wrote to memory of 2416	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	VYanSDZ.exe
PID 2844 wrote to memory of 2416	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	VYanSDZ.exe
PID 2844 wrote to memory of 3068	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	lkjQZOq.exe
PID 2844 wrote to memory of 3068	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	lkjQZOq.exe
PID 2844 wrote to memory of 3068	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	lkjQZOq.exe
PID 2844 wrote to memory of 2828	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	vUcgpPg.exe
PID 2844 wrote to memory of 2828	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	vUcgpPg.exe
PID 2844 wrote to memory of 2828	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	vUcgpPg.exe
PID 2844 wrote to memory of 2712	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	PhQMYgm.exe
PID 2844 wrote to memory of 2712	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	PhQMYgm.exe
PID 2844 wrote to memory of 2712	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	PhQMYgm.exe
PID 2844 wrote to memory of 2012	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	dKkjSfG.exe
PID 2844 wrote to memory of 2012	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	dKkjSfG.exe
PID 2844 wrote to memory of 2012	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	dKkjSfG.exe
PID 2844 wrote to memory of 2176	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	MPkVcAH.exe
PID 2844 wrote to memory of 2176	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	MPkVcAH.exe
PID 2844 wrote to memory of 2176	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	MPkVcAH.exe
PID 2844 wrote to memory of 764	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	EvkmMsU.exe
PID 2844 wrote to memory of 764	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	EvkmMsU.exe
PID 2844 wrote to memory of 764	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	EvkmMsU.exe
PID 2844 wrote to memory of 1476	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	CKxQZpZ.exe
PID 2844 wrote to memory of 1476	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	CKxQZpZ.exe
PID 2844 wrote to memory of 1476	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	CKxQZpZ.exe
PID 2844 wrote to memory of 376	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	AAoBVHZ.exe
PID 2844 wrote to memory of 376	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	AAoBVHZ.exe
PID 2844 wrote to memory of 376	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	AAoBVHZ.exe
PID 2844 wrote to memory of 2600	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	qMJFYtf.exe
PID 2844 wrote to memory of 2600	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	qMJFYtf.exe
PID 2844 wrote to memory of 2600	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	qMJFYtf.exe
PID 2844 wrote to memory of 2068	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	jBPIZjO.exe
PID 2844 wrote to memory of 2068	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	jBPIZjO.exe
PID 2844 wrote to memory of 2068	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	jBPIZjO.exe
PID 2844 wrote to memory of 3064	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	SyVdjeM.exe
PID 2844 wrote to memory of 3064	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	SyVdjeM.exe
PID 2844 wrote to memory of 3064	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	SyVdjeM.exe
PID 2844 wrote to memory of 2156	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	NUVZSPw.exe
PID 2844 wrote to memory of 2156	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	NUVZSPw.exe
PID 2844 wrote to memory of 2156	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	NUVZSPw.exe
PID 2844 wrote to memory of 2332	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	jWXdjYI.exe
PID 2844 wrote to memory of 2332	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	jWXdjYI.exe
PID 2844 wrote to memory of 2332	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	jWXdjYI.exe
PID 2844 wrote to memory of 668	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	DNgbeUa.exe
PID 2844 wrote to memory of 668	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	DNgbeUa.exe
PID 2844 wrote to memory of 668	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	DNgbeUa.exe
PID 2844 wrote to memory of 3044	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	aoPrfVi.exe
PID 2844 wrote to memory of 3044	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	aoPrfVi.exe
PID 2844 wrote to memory of 3044	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	aoPrfVi.exe
PID 2844 wrote to memory of 2008	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	NdvuMkD.exe
PID 2844 wrote to memory of 2008	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	NdvuMkD.exe
PID 2844 wrote to memory of 2008	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	NdvuMkD.exe
PID 2844 wrote to memory of 1268	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	ELySeHq.exe
PID 2844 wrote to memory of 1268	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	ELySeHq.exe
PID 2844 wrote to memory of 1268	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	ELySeHq.exe
PID 2844 wrote to memory of 2216	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	vcjkrkC.exe
PID 2844 wrote to memory of 2216	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	vcjkrkC.exe
PID 2844 wrote to memory of 2216	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	vcjkrkC.exe
PID 2844 wrote to memory of 2192	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	OxZjeyU.exe
PID 2844 wrote to memory of 2192	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	OxZjeyU.exe
PID 2844 wrote to memory of 2192	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	OxZjeyU.exe
PID 2844 wrote to memory of 2440	2844	2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe	dVQoKPY.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_aef9e6de04c0ec04216001a680b3a705_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\System\vZwnKzf.exe
  C:\Windows\System\vZwnKzf.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\VYanSDZ.exe
  C:\Windows\System\VYanSDZ.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\lkjQZOq.exe
  C:\Windows\System\lkjQZOq.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\vUcgpPg.exe
  C:\Windows\System\vUcgpPg.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\PhQMYgm.exe
  C:\Windows\System\PhQMYgm.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\dKkjSfG.exe
  C:\Windows\System\dKkjSfG.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\MPkVcAH.exe
  C:\Windows\System\MPkVcAH.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\EvkmMsU.exe
  C:\Windows\System\EvkmMsU.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\CKxQZpZ.exe
  C:\Windows\System\CKxQZpZ.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\AAoBVHZ.exe
  C:\Windows\System\AAoBVHZ.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\qMJFYtf.exe
  C:\Windows\System\qMJFYtf.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\jBPIZjO.exe
  C:\Windows\System\jBPIZjO.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\SyVdjeM.exe
  C:\Windows\System\SyVdjeM.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\NUVZSPw.exe
  C:\Windows\System\NUVZSPw.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\jWXdjYI.exe
  C:\Windows\System\jWXdjYI.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\DNgbeUa.exe
  C:\Windows\System\DNgbeUa.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\aoPrfVi.exe
  C:\Windows\System\aoPrfVi.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\NdvuMkD.exe
  C:\Windows\System\NdvuMkD.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\ELySeHq.exe
  C:\Windows\System\ELySeHq.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\vcjkrkC.exe
  C:\Windows\System\vcjkrkC.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\OxZjeyU.exe
  C:\Windows\System\OxZjeyU.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\dVQoKPY.exe
  C:\Windows\System\dVQoKPY.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\TduMQJM.exe
  C:\Windows\System\TduMQJM.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\iGwxwoE.exe
  C:\Windows\System\iGwxwoE.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\iZbIWOX.exe
  C:\Windows\System\iZbIWOX.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\EUQsdPp.exe
  C:\Windows\System\EUQsdPp.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\nKKQnmz.exe
  C:\Windows\System\nKKQnmz.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\nfTLhqt.exe
  C:\Windows\System\nfTLhqt.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\zXcGKDK.exe
  C:\Windows\System\zXcGKDK.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\olDbSpq.exe
  C:\Windows\System\olDbSpq.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\srWmysN.exe
  C:\Windows\System\srWmysN.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\OTupIcR.exe
  C:\Windows\System\OTupIcR.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\oJUaNWj.exe
  C:\Windows\System\oJUaNWj.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\yrgUnEN.exe
  C:\Windows\System\yrgUnEN.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\jPTMsHe.exe
  C:\Windows\System\jPTMsHe.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\tpEKNWO.exe
  C:\Windows\System\tpEKNWO.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\kXRkYzg.exe
  C:\Windows\System\kXRkYzg.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\CxjTmEo.exe
  C:\Windows\System\CxjTmEo.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\teAiCPc.exe
  C:\Windows\System\teAiCPc.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\NmsbcMq.exe
  C:\Windows\System\NmsbcMq.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\lCAsdCH.exe
  C:\Windows\System\lCAsdCH.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\CFbvXwR.exe
  C:\Windows\System\CFbvXwR.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\saLojPF.exe
  C:\Windows\System\saLojPF.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\VGHOqUh.exe
  C:\Windows\System\VGHOqUh.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\qLfgQIB.exe
  C:\Windows\System\qLfgQIB.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\SAjdHMi.exe
  C:\Windows\System\SAjdHMi.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\EARqsPk.exe
  C:\Windows\System\EARqsPk.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\aUffCKh.exe
  C:\Windows\System\aUffCKh.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\FSihTug.exe
  C:\Windows\System\FSihTug.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\EVDMQMI.exe
  C:\Windows\System\EVDMQMI.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\llmdejF.exe
  C:\Windows\System\llmdejF.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\nYqWOuv.exe
  C:\Windows\System\nYqWOuv.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\NzkyMdf.exe
  C:\Windows\System\NzkyMdf.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\bNKwwmw.exe
  C:\Windows\System\bNKwwmw.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\NsCqcRv.exe
  C:\Windows\System\NsCqcRv.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\BYqHAar.exe
  C:\Windows\System\BYqHAar.exe
  2⤵
  - Executes dropped EXE
  PID:796
- C:\Windows\System\lQgIHGx.exe
  C:\Windows\System\lQgIHGx.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\TLsQUOq.exe
  C:\Windows\System\TLsQUOq.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\ZuhFLLF.exe
  C:\Windows\System\ZuhFLLF.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\UOUwuKC.exe
  C:\Windows\System\UOUwuKC.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\uSwbHnh.exe
  C:\Windows\System\uSwbHnh.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\GufsRCD.exe
  C:\Windows\System\GufsRCD.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\ejzGZJn.exe
  C:\Windows\System\ejzGZJn.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\elOZvml.exe
  C:\Windows\System\elOZvml.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\ZSPYUFd.exe
  C:\Windows\System\ZSPYUFd.exe
  2⤵
  PID:2320
- C:\Windows\System\MKrBAgx.exe
  C:\Windows\System\MKrBAgx.exe
  2⤵
  PID:2244
- C:\Windows\System\VPZAkdT.exe
  C:\Windows\System\VPZAkdT.exe
  2⤵
  PID:832
- C:\Windows\System\pbGnimF.exe
  C:\Windows\System\pbGnimF.exe
  2⤵
  PID:1740
- C:\Windows\System\NRvrpno.exe
  C:\Windows\System\NRvrpno.exe
  2⤵
  PID:1620
- C:\Windows\System\FvELPqb.exe
  C:\Windows\System\FvELPqb.exe
  2⤵
  PID:1340
- C:\Windows\System\ktKtHSk.exe
  C:\Windows\System\ktKtHSk.exe
  2⤵
  PID:952
- C:\Windows\System\RBYaFjl.exe
  C:\Windows\System\RBYaFjl.exe
  2⤵
  PID:1520
- C:\Windows\System\McEuXRL.exe
  C:\Windows\System\McEuXRL.exe
  2⤵
  PID:568
- C:\Windows\System\jIwzhWn.exe
  C:\Windows\System\jIwzhWn.exe
  2⤵
  PID:860
- C:\Windows\System\CXKfYfy.exe
  C:\Windows\System\CXKfYfy.exe
  2⤵
  PID:1036
- C:\Windows\System\UbZnGVp.exe
  C:\Windows\System\UbZnGVp.exe
  2⤵
  PID:1604
- C:\Windows\System\zgxrlgj.exe
  C:\Windows\System\zgxrlgj.exe
  2⤵
  PID:2616
- C:\Windows\System\DinxijP.exe
  C:\Windows\System\DinxijP.exe
  2⤵
  PID:2036
- C:\Windows\System\hcfRhav.exe
  C:\Windows\System\hcfRhav.exe
  2⤵
  PID:1848
- C:\Windows\System\yRIprzG.exe
  C:\Windows\System\yRIprzG.exe
  2⤵
  PID:2960
- C:\Windows\System\AyWRzVC.exe
  C:\Windows\System\AyWRzVC.exe
  2⤵
  PID:2064
- C:\Windows\System\iFPxKrE.exe
  C:\Windows\System\iFPxKrE.exe
  2⤵
  PID:1584
- C:\Windows\System\IrIWoGu.exe
  C:\Windows\System\IrIWoGu.exe
  2⤵
  PID:3000
- C:\Windows\System\DnWagDD.exe
  C:\Windows\System\DnWagDD.exe
  2⤵
  PID:2704
- C:\Windows\System\pzVGXaq.exe
  C:\Windows\System\pzVGXaq.exe
  2⤵
  PID:2324
- C:\Windows\System\lwnlVMn.exe
  C:\Windows\System\lwnlVMn.exe
  2⤵
  PID:2084
- C:\Windows\System\DBZmlep.exe
  C:\Windows\System\DBZmlep.exe
  2⤵
  PID:2568
- C:\Windows\System\tDiBelW.exe
  C:\Windows\System\tDiBelW.exe
  2⤵
  PID:2308
- C:\Windows\System\gdrTvtX.exe
  C:\Windows\System\gdrTvtX.exe
  2⤵
  PID:1960
- C:\Windows\System\KfTbSKR.exe
  C:\Windows\System\KfTbSKR.exe
  2⤵
  PID:1768
- C:\Windows\System\iXyTtLc.exe
  C:\Windows\System\iXyTtLc.exe
  2⤵
  PID:2276
- C:\Windows\System\JDpDhcs.exe
  C:\Windows\System\JDpDhcs.exe
  2⤵
  PID:1732
- C:\Windows\System\zzyKgHR.exe
  C:\Windows\System\zzyKgHR.exe
  2⤵
  PID:984
- C:\Windows\System\LetchAo.exe
  C:\Windows\System\LetchAo.exe
  2⤵
  PID:2284
- C:\Windows\System\KSaqlgm.exe
  C:\Windows\System\KSaqlgm.exe
  2⤵
  PID:1696
- C:\Windows\System\PUHjYFF.exe
  C:\Windows\System\PUHjYFF.exe
  2⤵
  PID:1048
- C:\Windows\System\PfpWQes.exe
  C:\Windows\System\PfpWQes.exe
  2⤵
  PID:2648
- C:\Windows\System\XHTSIQt.exe
  C:\Windows\System\XHTSIQt.exe
  2⤵
  PID:1700
- C:\Windows\System\FpsFiMj.exe
  C:\Windows\System\FpsFiMj.exe
  2⤵
  PID:988
- C:\Windows\System\IBfBkTm.exe
  C:\Windows\System\IBfBkTm.exe
  2⤵
  PID:1316
- C:\Windows\System\mrxxebE.exe
  C:\Windows\System\mrxxebE.exe
  2⤵
  PID:1236
- C:\Windows\System\TzLyJhL.exe
  C:\Windows\System\TzLyJhL.exe
  2⤵
  PID:2708
- C:\Windows\System\BbqwMNu.exe
  C:\Windows\System\BbqwMNu.exe
  2⤵
  PID:776
- C:\Windows\System\IzeXEZe.exe
  C:\Windows\System\IzeXEZe.exe
  2⤵
  PID:2172
- C:\Windows\System\yrbYrho.exe
  C:\Windows\System\yrbYrho.exe
  2⤵
  PID:2204
- C:\Windows\System\yJLTjbl.exe
  C:\Windows\System\yJLTjbl.exe
  2⤵
  PID:2220
- C:\Windows\System\kMAckKR.exe
  C:\Windows\System\kMAckKR.exe
  2⤵
  PID:1736
- C:\Windows\System\xjUODzZ.exe
  C:\Windows\System\xjUODzZ.exe
  2⤵
  PID:1028
- C:\Windows\System\enRytVA.exe
  C:\Windows\System\enRytVA.exe
  2⤵
  PID:564
- C:\Windows\System\oxwuQIV.exe
  C:\Windows\System\oxwuQIV.exe
  2⤵
  PID:3088
- C:\Windows\System\mimNUrZ.exe
  C:\Windows\System\mimNUrZ.exe
  2⤵
  PID:3108
- C:\Windows\System\loLYkXM.exe
  C:\Windows\System\loLYkXM.exe
  2⤵
  PID:3128
- C:\Windows\System\YpKipET.exe
  C:\Windows\System\YpKipET.exe
  2⤵
  PID:3148
- C:\Windows\System\HzRUFuZ.exe
  C:\Windows\System\HzRUFuZ.exe
  2⤵
  PID:3168
- C:\Windows\System\WXuRnlZ.exe
  C:\Windows\System\WXuRnlZ.exe
  2⤵
  PID:3192
- C:\Windows\System\IozodDb.exe
  C:\Windows\System\IozodDb.exe
  2⤵
  PID:3212
- C:\Windows\System\kIUDGKP.exe
  C:\Windows\System\kIUDGKP.exe
  2⤵
  PID:3232
- C:\Windows\System\nluTRxG.exe
  C:\Windows\System\nluTRxG.exe
  2⤵
  PID:3252
- C:\Windows\System\xUASxmZ.exe
  C:\Windows\System\xUASxmZ.exe
  2⤵
  PID:3272
- C:\Windows\System\WCfQIZk.exe
  C:\Windows\System\WCfQIZk.exe
  2⤵
  PID:3292
- C:\Windows\System\CDApoEi.exe
  C:\Windows\System\CDApoEi.exe
  2⤵
  PID:3312
- C:\Windows\System\BekOaOX.exe
  C:\Windows\System\BekOaOX.exe
  2⤵
  PID:3332
- C:\Windows\System\kTBfCdf.exe
  C:\Windows\System\kTBfCdf.exe
  2⤵
  PID:3352
- C:\Windows\System\VydxubB.exe
  C:\Windows\System\VydxubB.exe
  2⤵
  PID:3372
- C:\Windows\System\XwRmEKg.exe
  C:\Windows\System\XwRmEKg.exe
  2⤵
  PID:3392
- C:\Windows\System\VVePlJB.exe
  C:\Windows\System\VVePlJB.exe
  2⤵
  PID:3412
- C:\Windows\System\MDwuLjG.exe
  C:\Windows\System\MDwuLjG.exe
  2⤵
  PID:3432
- C:\Windows\System\rOYlcgv.exe
  C:\Windows\System\rOYlcgv.exe
  2⤵
  PID:3452
- C:\Windows\System\NEOESPo.exe
  C:\Windows\System\NEOESPo.exe
  2⤵
  PID:3472
- C:\Windows\System\qsdoHKI.exe
  C:\Windows\System\qsdoHKI.exe
  2⤵
  PID:3492
- C:\Windows\System\BDMRolf.exe
  C:\Windows\System\BDMRolf.exe
  2⤵
  PID:3516
- C:\Windows\System\VYberRT.exe
  C:\Windows\System\VYberRT.exe
  2⤵
  PID:3536
- C:\Windows\System\YtzChAW.exe
  C:\Windows\System\YtzChAW.exe
  2⤵
  PID:3556
- C:\Windows\System\rGitgNx.exe
  C:\Windows\System\rGitgNx.exe
  2⤵
  PID:3576
- C:\Windows\System\GdbkmcX.exe
  C:\Windows\System\GdbkmcX.exe
  2⤵
  PID:3596
- C:\Windows\System\GQQmsiR.exe
  C:\Windows\System\GQQmsiR.exe
  2⤵
  PID:3616
- C:\Windows\System\AzSOWgJ.exe
  C:\Windows\System\AzSOWgJ.exe
  2⤵
  PID:3636
- C:\Windows\System\eMtNGPY.exe
  C:\Windows\System\eMtNGPY.exe
  2⤵
  PID:3656
- C:\Windows\System\exbpKew.exe
  C:\Windows\System\exbpKew.exe
  2⤵
  PID:3676
- C:\Windows\System\APZHXoi.exe
  C:\Windows\System\APZHXoi.exe
  2⤵
  PID:3696
- C:\Windows\System\VzzOgDF.exe
  C:\Windows\System\VzzOgDF.exe
  2⤵
  PID:3716
- C:\Windows\System\IdYnXDS.exe
  C:\Windows\System\IdYnXDS.exe
  2⤵
  PID:3736
- C:\Windows\System\YrZfmbH.exe
  C:\Windows\System\YrZfmbH.exe
  2⤵
  PID:3756
- C:\Windows\System\mRVMmxO.exe
  C:\Windows\System\mRVMmxO.exe
  2⤵
  PID:3772
- C:\Windows\System\MSEhWhM.exe
  C:\Windows\System\MSEhWhM.exe
  2⤵
  PID:3800
- C:\Windows\System\iErdaow.exe
  C:\Windows\System\iErdaow.exe
  2⤵
  PID:3820
- C:\Windows\System\QSsLLLd.exe
  C:\Windows\System\QSsLLLd.exe
  2⤵
  PID:3840
- C:\Windows\System\VXJrhqm.exe
  C:\Windows\System\VXJrhqm.exe
  2⤵
  PID:3860
- C:\Windows\System\koyBVNY.exe
  C:\Windows\System\koyBVNY.exe
  2⤵
  PID:3880
- C:\Windows\System\mwWXMdA.exe
  C:\Windows\System\mwWXMdA.exe
  2⤵
  PID:3900
- C:\Windows\System\aDvbHTr.exe
  C:\Windows\System\aDvbHTr.exe
  2⤵
  PID:3920
- C:\Windows\System\ILJHiLT.exe
  C:\Windows\System\ILJHiLT.exe
  2⤵
  PID:3940
- C:\Windows\System\BfWWtrV.exe
  C:\Windows\System\BfWWtrV.exe
  2⤵
  PID:3960
- C:\Windows\System\lRYvxSM.exe
  C:\Windows\System\lRYvxSM.exe
  2⤵
  PID:3980
- C:\Windows\System\ZhmPAun.exe
  C:\Windows\System\ZhmPAun.exe
  2⤵
  PID:4000
- C:\Windows\System\lxuhxJk.exe
  C:\Windows\System\lxuhxJk.exe
  2⤵
  PID:4024
- C:\Windows\System\qwqKRRY.exe
  C:\Windows\System\qwqKRRY.exe
  2⤵
  PID:4044
- C:\Windows\System\AnrMlCr.exe
  C:\Windows\System\AnrMlCr.exe
  2⤵
  PID:4064
- C:\Windows\System\FjMdRLY.exe
  C:\Windows\System\FjMdRLY.exe
  2⤵
  PID:4084
- C:\Windows\System\LwBuukl.exe
  C:\Windows\System\LwBuukl.exe
  2⤵
  PID:2520
- C:\Windows\System\JlpBYFC.exe
  C:\Windows\System\JlpBYFC.exe
  2⤵
  PID:2632
- C:\Windows\System\DekdaWE.exe
  C:\Windows\System\DekdaWE.exe
  2⤵
  PID:1192
- C:\Windows\System\KZheWLT.exe
  C:\Windows\System\KZheWLT.exe
  2⤵
  PID:2764
- C:\Windows\System\ZjKmXsG.exe
  C:\Windows\System\ZjKmXsG.exe
  2⤵
  PID:2920
- C:\Windows\System\RDNGGtf.exe
  C:\Windows\System\RDNGGtf.exe
  2⤵
  PID:2180
- C:\Windows\System\SLfbIGs.exe
  C:\Windows\System\SLfbIGs.exe
  2⤵
  PID:1744
- C:\Windows\System\OaacXbF.exe
  C:\Windows\System\OaacXbF.exe
  2⤵
  PID:2040
- C:\Windows\System\TrBTaji.exe
  C:\Windows\System\TrBTaji.exe
  2⤵
  PID:3100
- C:\Windows\System\pRoOiFD.exe
  C:\Windows\System\pRoOiFD.exe
  2⤵
  PID:3124
- C:\Windows\System\pYdTuRk.exe
  C:\Windows\System\pYdTuRk.exe
  2⤵
  PID:3176
- C:\Windows\System\gSmkPPR.exe
  C:\Windows\System\gSmkPPR.exe
  2⤵
  PID:3208
- C:\Windows\System\AqgAsVm.exe
  C:\Windows\System\AqgAsVm.exe
  2⤵
  PID:3260
- C:\Windows\System\NfpCjzh.exe
  C:\Windows\System\NfpCjzh.exe
  2⤵
  PID:3268
- C:\Windows\System\LjRywUe.exe
  C:\Windows\System\LjRywUe.exe
  2⤵
  PID:3308
- C:\Windows\System\DyCrIyf.exe
  C:\Windows\System\DyCrIyf.exe
  2⤵
  PID:3344
- C:\Windows\System\EfJBIFB.exe
  C:\Windows\System\EfJBIFB.exe
  2⤵
  PID:3388
- C:\Windows\System\oFqGHJr.exe
  C:\Windows\System\oFqGHJr.exe
  2⤵
  PID:3424
- C:\Windows\System\RFMoUqo.exe
  C:\Windows\System\RFMoUqo.exe
  2⤵
  PID:3460
- C:\Windows\System\IYIKdoH.exe
  C:\Windows\System\IYIKdoH.exe
  2⤵
  PID:3444
- C:\Windows\System\ClYgsso.exe
  C:\Windows\System\ClYgsso.exe
  2⤵
  PID:3484
- C:\Windows\System\fZettat.exe
  C:\Windows\System\fZettat.exe
  2⤵
  PID:3532
- C:\Windows\System\OKOBiAx.exe
  C:\Windows\System\OKOBiAx.exe
  2⤵
  PID:3564
- C:\Windows\System\bNGAbuX.exe
  C:\Windows\System\bNGAbuX.exe
  2⤵
  PID:3612
- C:\Windows\System\jwQeTep.exe
  C:\Windows\System\jwQeTep.exe
  2⤵
  PID:3644
- C:\Windows\System\RUWtxKw.exe
  C:\Windows\System\RUWtxKw.exe
  2⤵
  PID:3684
- C:\Windows\System\IENwmnk.exe
  C:\Windows\System\IENwmnk.exe
  2⤵
  PID:3688
- C:\Windows\System\IcOdzFA.exe
  C:\Windows\System\IcOdzFA.exe
  2⤵
  PID:3732
- C:\Windows\System\sTWJLkB.exe
  C:\Windows\System\sTWJLkB.exe
  2⤵
  PID:3768
- C:\Windows\System\AGLTrPe.exe
  C:\Windows\System\AGLTrPe.exe
  2⤵
  PID:3832
- C:\Windows\System\FWHEscl.exe
  C:\Windows\System\FWHEscl.exe
  2⤵
  PID:3868
- C:\Windows\System\QUswsEH.exe
  C:\Windows\System\QUswsEH.exe
  2⤵
  PID:3888
- C:\Windows\System\TqiTHMs.exe
  C:\Windows\System\TqiTHMs.exe
  2⤵
  PID:3896
- C:\Windows\System\fvfujMh.exe
  C:\Windows\System\fvfujMh.exe
  2⤵
  PID:3788
- C:\Windows\System\NtMbtDv.exe
  C:\Windows\System\NtMbtDv.exe
  2⤵
  PID:3972
- C:\Windows\System\lFMHDXW.exe
  C:\Windows\System\lFMHDXW.exe
  2⤵
  PID:4032
- C:\Windows\System\sOjqQUe.exe
  C:\Windows\System\sOjqQUe.exe
  2⤵
  PID:4052
- C:\Windows\System\ChMZurC.exe
  C:\Windows\System\ChMZurC.exe
  2⤵
  PID:4080
- C:\Windows\System\cjAidIk.exe
  C:\Windows\System\cjAidIk.exe
  2⤵
  PID:1952
- C:\Windows\System\LmHGNtn.exe
  C:\Windows\System\LmHGNtn.exe
  2⤵
  PID:892
- C:\Windows\System\AaKeuEh.exe
  C:\Windows\System\AaKeuEh.exe
  2⤵
  PID:2120
- C:\Windows\System\pRHWcfI.exe
  C:\Windows\System\pRHWcfI.exe
  2⤵
  PID:1144
- C:\Windows\System\unPnWFl.exe
  C:\Windows\System\unPnWFl.exe
  2⤵
  PID:3116
- C:\Windows\System\yfCfLDp.exe
  C:\Windows\System\yfCfLDp.exe
  2⤵
  PID:3140
- C:\Windows\System\NUMPxCf.exe
  C:\Windows\System\NUMPxCf.exe
  2⤵
  PID:3156
- C:\Windows\System\qRlSacS.exe
  C:\Windows\System\qRlSacS.exe
  2⤵
  PID:3244
- C:\Windows\System\jvZocbz.exe
  C:\Windows\System\jvZocbz.exe
  2⤵
  PID:3340
- C:\Windows\System\qgPIAMX.exe
  C:\Windows\System\qgPIAMX.exe
  2⤵
  PID:3360
- C:\Windows\System\VofnOrt.exe
  C:\Windows\System\VofnOrt.exe
  2⤵
  PID:3400
- C:\Windows\System\JTlUeUq.exe
  C:\Windows\System\JTlUeUq.exe
  2⤵
  PID:3508
- C:\Windows\System\foxBUvD.exe
  C:\Windows\System\foxBUvD.exe
  2⤵
  PID:3572
- C:\Windows\System\EocEQJT.exe
  C:\Windows\System\EocEQJT.exe
  2⤵
  PID:3592
- C:\Windows\System\Fdnbidp.exe
  C:\Windows\System\Fdnbidp.exe
  2⤵
  PID:3672
- C:\Windows\System\ENIVSNc.exe
  C:\Windows\System\ENIVSNc.exe
  2⤵
  PID:3748
- C:\Windows\System\KuvJfyF.exe
  C:\Windows\System\KuvJfyF.exe
  2⤵
  PID:3836
- C:\Windows\System\PHAeVfq.exe
  C:\Windows\System\PHAeVfq.exe
  2⤵
  PID:3852
- C:\Windows\System\HrUxsjH.exe
  C:\Windows\System\HrUxsjH.exe
  2⤵
  PID:3932
- C:\Windows\System\HHgPidA.exe
  C:\Windows\System\HHgPidA.exe
  2⤵
  PID:3892
- C:\Windows\System\nTusqgW.exe
  C:\Windows\System\nTusqgW.exe
  2⤵
  PID:3968
- C:\Windows\System\YJUoqTC.exe
  C:\Windows\System\YJUoqTC.exe
  2⤵
  PID:4072
- C:\Windows\System\HNyCWSN.exe
  C:\Windows\System\HNyCWSN.exe
  2⤵
  PID:2500
- C:\Windows\System\isWyDkG.exe
  C:\Windows\System\isWyDkG.exe
  2⤵
  PID:2136
- C:\Windows\System\jPAbAVv.exe
  C:\Windows\System\jPAbAVv.exe
  2⤵
  PID:2932
- C:\Windows\System\yBWjZyL.exe
  C:\Windows\System\yBWjZyL.exe
  2⤵
  PID:3076
- C:\Windows\System\bgMCnMD.exe
  C:\Windows\System\bgMCnMD.exe
  2⤵
  PID:3204
- C:\Windows\System\wCEHoAh.exe
  C:\Windows\System\wCEHoAh.exe
  2⤵
  PID:3420
- C:\Windows\System\IimVLlh.exe
  C:\Windows\System\IimVLlh.exe
  2⤵
  PID:3448
- C:\Windows\System\ECIUgsm.exe
  C:\Windows\System\ECIUgsm.exe
  2⤵
  PID:3624
- C:\Windows\System\JaAuaNQ.exe
  C:\Windows\System\JaAuaNQ.exe
  2⤵
  PID:3608
- C:\Windows\System\bnHAIZh.exe
  C:\Windows\System\bnHAIZh.exe
  2⤵
  PID:3712
- C:\Windows\System\YMHMvfG.exe
  C:\Windows\System\YMHMvfG.exe
  2⤵
  PID:3324
- C:\Windows\System\FWubeQy.exe
  C:\Windows\System\FWubeQy.exe
  2⤵
  PID:3856
- C:\Windows\System\nnRIPgJ.exe
  C:\Windows\System\nnRIPgJ.exe
  2⤵
  PID:3996
- C:\Windows\System\GNBCUIz.exe
  C:\Windows\System\GNBCUIz.exe
  2⤵
  PID:1588
- C:\Windows\System\lDwgrki.exe
  C:\Windows\System\lDwgrki.exe
  2⤵
  PID:1140
- C:\Windows\System\JoiFVVb.exe
  C:\Windows\System\JoiFVVb.exe
  2⤵
  PID:3188
- C:\Windows\System\EKXlBjE.exe
  C:\Windows\System\EKXlBjE.exe
  2⤵
  PID:3284
- C:\Windows\System\xTmSgvW.exe
  C:\Windows\System\xTmSgvW.exe
  2⤵
  PID:3500
- C:\Windows\System\xrkQtTD.exe
  C:\Windows\System\xrkQtTD.exe
  2⤵
  PID:4112
- C:\Windows\System\asZnoFb.exe
  C:\Windows\System\asZnoFb.exe
  2⤵
  PID:4132
- C:\Windows\System\oirHGxB.exe
  C:\Windows\System\oirHGxB.exe
  2⤵
  PID:4152
- C:\Windows\System\PXtcImp.exe
  C:\Windows\System\PXtcImp.exe
  2⤵
  PID:4172
- C:\Windows\System\EGpduYL.exe
  C:\Windows\System\EGpduYL.exe
  2⤵
  PID:4192
- C:\Windows\System\ycrDdJh.exe
  C:\Windows\System\ycrDdJh.exe
  2⤵
  PID:4212
- C:\Windows\System\zEHLDZy.exe
  C:\Windows\System\zEHLDZy.exe
  2⤵
  PID:4232
- C:\Windows\System\OitXTiP.exe
  C:\Windows\System\OitXTiP.exe
  2⤵
  PID:4252
- C:\Windows\System\rFJyPfh.exe
  C:\Windows\System\rFJyPfh.exe
  2⤵
  PID:4272
- C:\Windows\System\LvaRZrT.exe
  C:\Windows\System\LvaRZrT.exe
  2⤵
  PID:4292
- C:\Windows\System\ESOswVg.exe
  C:\Windows\System\ESOswVg.exe
  2⤵
  PID:4312
- C:\Windows\System\CmTbDUj.exe
  C:\Windows\System\CmTbDUj.exe
  2⤵
  PID:4332
- C:\Windows\System\mmTLMBE.exe
  C:\Windows\System\mmTLMBE.exe
  2⤵
  PID:4352
- C:\Windows\System\nlVgufg.exe
  C:\Windows\System\nlVgufg.exe
  2⤵
  PID:4372
- C:\Windows\System\xNWkDJi.exe
  C:\Windows\System\xNWkDJi.exe
  2⤵
  PID:4392
- C:\Windows\System\GsCgcRk.exe
  C:\Windows\System\GsCgcRk.exe
  2⤵
  PID:4412
- C:\Windows\System\vwTkoiW.exe
  C:\Windows\System\vwTkoiW.exe
  2⤵
  PID:4432
- C:\Windows\System\PHfNCBs.exe
  C:\Windows\System\PHfNCBs.exe
  2⤵
  PID:4452
- C:\Windows\System\gKuhlFR.exe
  C:\Windows\System\gKuhlFR.exe
  2⤵
  PID:4472
- C:\Windows\System\HJYrNla.exe
  C:\Windows\System\HJYrNla.exe
  2⤵
  PID:4492
- C:\Windows\System\UKhrdBY.exe
  C:\Windows\System\UKhrdBY.exe
  2⤵
  PID:4512
- C:\Windows\System\RApWACZ.exe
  C:\Windows\System\RApWACZ.exe
  2⤵
  PID:4532
- C:\Windows\System\wOjWdCn.exe
  C:\Windows\System\wOjWdCn.exe
  2⤵
  PID:4552
- C:\Windows\System\spamxra.exe
  C:\Windows\System\spamxra.exe
  2⤵
  PID:4572
- C:\Windows\System\SpolWnM.exe
  C:\Windows\System\SpolWnM.exe
  2⤵
  PID:4592
- C:\Windows\System\tZjrQbA.exe
  C:\Windows\System\tZjrQbA.exe
  2⤵
  PID:4612
- C:\Windows\System\xLQgdDT.exe
  C:\Windows\System\xLQgdDT.exe
  2⤵
  PID:4636
- C:\Windows\System\trLwTCo.exe
  C:\Windows\System\trLwTCo.exe
  2⤵
  PID:4656
- C:\Windows\System\ZtHzAVo.exe
  C:\Windows\System\ZtHzAVo.exe
  2⤵
  PID:4676
- C:\Windows\System\vVyrRSh.exe
  C:\Windows\System\vVyrRSh.exe
  2⤵
  PID:4696
- C:\Windows\System\APblqDG.exe
  C:\Windows\System\APblqDG.exe
  2⤵
  PID:4716
- C:\Windows\System\YPQmOPK.exe
  C:\Windows\System\YPQmOPK.exe
  2⤵
  PID:4736
- C:\Windows\System\Yloowmi.exe
  C:\Windows\System\Yloowmi.exe
  2⤵
  PID:4760
- C:\Windows\System\aeAUGZZ.exe
  C:\Windows\System\aeAUGZZ.exe
  2⤵
  PID:4780
- C:\Windows\System\lzeLJQX.exe
  C:\Windows\System\lzeLJQX.exe
  2⤵
  PID:4800
- C:\Windows\System\ZuhKqbC.exe
  C:\Windows\System\ZuhKqbC.exe
  2⤵
  PID:4820
- C:\Windows\System\UrMSJUt.exe
  C:\Windows\System\UrMSJUt.exe
  2⤵
  PID:4840
- C:\Windows\System\MbKNccU.exe
  C:\Windows\System\MbKNccU.exe
  2⤵
  PID:4860
- C:\Windows\System\LAYdnPe.exe
  C:\Windows\System\LAYdnPe.exe
  2⤵
  PID:4884
- C:\Windows\System\rRwqhWL.exe
  C:\Windows\System\rRwqhWL.exe
  2⤵
  PID:4904
- C:\Windows\System\MOzVaPI.exe
  C:\Windows\System\MOzVaPI.exe
  2⤵
  PID:4924
- C:\Windows\System\GtEIQbS.exe
  C:\Windows\System\GtEIQbS.exe
  2⤵
  PID:4944
- C:\Windows\System\yGBDMNu.exe
  C:\Windows\System\yGBDMNu.exe
  2⤵
  PID:4964
- C:\Windows\System\ncBegrD.exe
  C:\Windows\System\ncBegrD.exe
  2⤵
  PID:4984
- C:\Windows\System\KFkBJXE.exe
  C:\Windows\System\KFkBJXE.exe
  2⤵
  PID:5000
- C:\Windows\System\AyXaaFE.exe
  C:\Windows\System\AyXaaFE.exe
  2⤵
  PID:5024
- C:\Windows\System\zLJKaSv.exe
  C:\Windows\System\zLJKaSv.exe
  2⤵
  PID:5044
- C:\Windows\System\tPQYvKn.exe
  C:\Windows\System\tPQYvKn.exe
  2⤵
  PID:5064
- C:\Windows\System\VggckLd.exe
  C:\Windows\System\VggckLd.exe
  2⤵
  PID:5084
- C:\Windows\System\yJfPdJb.exe
  C:\Windows\System\yJfPdJb.exe
  2⤵
  PID:5104
- C:\Windows\System\ckcqRqB.exe
  C:\Windows\System\ckcqRqB.exe
  2⤵
  PID:3524
- C:\Windows\System\xIuXUrt.exe
  C:\Windows\System\xIuXUrt.exe
  2⤵
  PID:3912
- C:\Windows\System\ZAtlimW.exe
  C:\Windows\System\ZAtlimW.exe
  2⤵
  PID:3876
- C:\Windows\System\yWQbsWw.exe
  C:\Windows\System\yWQbsWw.exe
  2⤵
  PID:1804
- C:\Windows\System\eTkFxRX.exe
  C:\Windows\System\eTkFxRX.exe
  2⤵
  PID:560
- C:\Windows\System\NGtDFOW.exe
  C:\Windows\System\NGtDFOW.exe
  2⤵
  PID:3200
- C:\Windows\System\jDtyqPg.exe
  C:\Windows\System\jDtyqPg.exe
  2⤵
  PID:4108
- C:\Windows\System\DcdVGdD.exe
  C:\Windows\System\DcdVGdD.exe
  2⤵
  PID:4124
- C:\Windows\System\qyPSdaD.exe
  C:\Windows\System\qyPSdaD.exe
  2⤵
  PID:4148
- C:\Windows\System\hjBCzyM.exe
  C:\Windows\System\hjBCzyM.exe
  2⤵
  PID:4188
- C:\Windows\System\oSMqmFb.exe
  C:\Windows\System\oSMqmFb.exe
  2⤵
  PID:4240
- C:\Windows\System\ZBiPxQF.exe
  C:\Windows\System\ZBiPxQF.exe
  2⤵
  PID:4280
- C:\Windows\System\jEpMbgE.exe
  C:\Windows\System\jEpMbgE.exe
  2⤵
  PID:4284
- C:\Windows\System\sjcmjhO.exe
  C:\Windows\System\sjcmjhO.exe
  2⤵
  PID:4328
- C:\Windows\System\NJnFaGe.exe
  C:\Windows\System\NJnFaGe.exe
  2⤵
  PID:4348
- C:\Windows\System\fLQCLEP.exe
  C:\Windows\System\fLQCLEP.exe
  2⤵
  PID:4400
- C:\Windows\System\bJbFGCZ.exe
  C:\Windows\System\bJbFGCZ.exe
  2⤵
  PID:4420
- C:\Windows\System\IbeFCnH.exe
  C:\Windows\System\IbeFCnH.exe
  2⤵
  PID:4480
- C:\Windows\System\TKSedbJ.exe
  C:\Windows\System\TKSedbJ.exe
  2⤵
  PID:4484
- C:\Windows\System\cEQhUzW.exe
  C:\Windows\System\cEQhUzW.exe
  2⤵
  PID:4528
- C:\Windows\System\eYyoCNl.exe
  C:\Windows\System\eYyoCNl.exe
  2⤵
  PID:4544
- C:\Windows\System\eqRiHpw.exe
  C:\Windows\System\eqRiHpw.exe
  2⤵
  PID:4588
- C:\Windows\System\mpfmIFm.exe
  C:\Windows\System\mpfmIFm.exe
  2⤵
  PID:4644
- C:\Windows\System\RHqYYiM.exe
  C:\Windows\System\RHqYYiM.exe
  2⤵
  PID:4684
- C:\Windows\System\qjenHBr.exe
  C:\Windows\System\qjenHBr.exe
  2⤵
  PID:4688
- C:\Windows\System\myIUhWM.exe
  C:\Windows\System\myIUhWM.exe
  2⤵
  PID:4712
- C:\Windows\System\FfGnJJj.exe
  C:\Windows\System\FfGnJJj.exe
  2⤵
  PID:4776
- C:\Windows\System\ahYcvWQ.exe
  C:\Windows\System\ahYcvWQ.exe
  2⤵
  PID:4796
- C:\Windows\System\cJslfpd.exe
  C:\Windows\System\cJslfpd.exe
  2⤵
  PID:4836
- C:\Windows\System\YyyewZt.exe
  C:\Windows\System\YyyewZt.exe
  2⤵
  PID:4868
- C:\Windows\System\UMzjQgg.exe
  C:\Windows\System\UMzjQgg.exe
  2⤵
  PID:4912
- C:\Windows\System\PkpZwKz.exe
  C:\Windows\System\PkpZwKz.exe
  2⤵
  PID:4916
- C:\Windows\System\ECbHUPM.exe
  C:\Windows\System\ECbHUPM.exe
  2⤵
  PID:4960
- C:\Windows\System\OAPzbCh.exe
  C:\Windows\System\OAPzbCh.exe
  2⤵
  PID:4992
- C:\Windows\System\DrDLDld.exe
  C:\Windows\System\DrDLDld.exe
  2⤵
  PID:5040
- C:\Windows\System\pmIdjnu.exe
  C:\Windows\System\pmIdjnu.exe
  2⤵
  PID:5100
- C:\Windows\System\XIVEGkc.exe
  C:\Windows\System\XIVEGkc.exe
  2⤵
  PID:5112
- C:\Windows\System\vgtjfFl.exe
  C:\Windows\System\vgtjfFl.exe
  2⤵
  PID:5116
- C:\Windows\System\ztQvfxy.exe
  C:\Windows\System\ztQvfxy.exe
  2⤵
  PID:3956
- C:\Windows\System\emJeLXa.exe
  C:\Windows\System\emJeLXa.exe
  2⤵
  PID:2148
- C:\Windows\System\asQmHoY.exe
  C:\Windows\System\asQmHoY.exe
  2⤵
  PID:3780
- C:\Windows\System\TUaQlYq.exe
  C:\Windows\System\TUaQlYq.exe
  2⤵
  PID:4200
- C:\Windows\System\tsHasPb.exe
  C:\Windows\System\tsHasPb.exe
  2⤵
  PID:4168
- C:\Windows\System\zeWnubU.exe
  C:\Windows\System\zeWnubU.exe
  2⤵
  PID:4204
- C:\Windows\System\ScMWbFi.exe
  C:\Windows\System\ScMWbFi.exe
  2⤵
  PID:4288
- C:\Windows\System\OolTssu.exe
  C:\Windows\System\OolTssu.exe
  2⤵
  PID:4388
- C:\Windows\System\fSSWNYp.exe
  C:\Windows\System\fSSWNYp.exe
  2⤵
  PID:4444
- C:\Windows\System\EnEmkqY.exe
  C:\Windows\System\EnEmkqY.exe
  2⤵
  PID:4468
- C:\Windows\System\cxGIHeY.exe
  C:\Windows\System\cxGIHeY.exe
  2⤵
  PID:4508
- C:\Windows\System\rGRmeqb.exe
  C:\Windows\System\rGRmeqb.exe
  2⤵
  PID:4548
- C:\Windows\System\xtcMrym.exe
  C:\Windows\System\xtcMrym.exe
  2⤵
  PID:4608
- C:\Windows\System\EFFHSGp.exe
  C:\Windows\System\EFFHSGp.exe
  2⤵
  PID:4728
- C:\Windows\System\nyBucxc.exe
  C:\Windows\System\nyBucxc.exe
  2⤵
  PID:4692
- C:\Windows\System\mVwzqqm.exe
  C:\Windows\System\mVwzqqm.exe
  2⤵
  PID:4744
- C:\Windows\System\ATvIher.exe
  C:\Windows\System\ATvIher.exe
  2⤵
  PID:4892
- C:\Windows\System\LsDFWDs.exe
  C:\Windows\System\LsDFWDs.exe
  2⤵
  PID:4932
- C:\Windows\System\axkyCMk.exe
  C:\Windows\System\axkyCMk.exe
  2⤵
  PID:4952
- C:\Windows\System\mHFFOoI.exe
  C:\Windows\System\mHFFOoI.exe
  2⤵
  PID:5060
- C:\Windows\System\hGIjfck.exe
  C:\Windows\System\hGIjfck.exe
  2⤵
  PID:5052
- C:\Windows\System\DyssRFR.exe
  C:\Windows\System\DyssRFR.exe
  2⤵
  PID:3348
- C:\Windows\System\lWAgnfS.exe
  C:\Windows\System\lWAgnfS.exe
  2⤵
  PID:3916
- C:\Windows\System\tbjyigY.exe
  C:\Windows\System\tbjyigY.exe
  2⤵
  PID:3180
- C:\Windows\System\YncMApX.exe
  C:\Windows\System\YncMApX.exe
  2⤵
  PID:4140
- C:\Windows\System\oDHSJsM.exe
  C:\Windows\System\oDHSJsM.exe
  2⤵
  PID:5124
- C:\Windows\System\NbanidK.exe
  C:\Windows\System\NbanidK.exe
  2⤵
  PID:5148
- C:\Windows\System\ZQXWcpy.exe
  C:\Windows\System\ZQXWcpy.exe
  2⤵
  PID:5164
- C:\Windows\System\OzBmrYr.exe
  C:\Windows\System\OzBmrYr.exe
  2⤵
  PID:5188
- C:\Windows\System\tGxbSWh.exe
  C:\Windows\System\tGxbSWh.exe
  2⤵
  PID:5208
- C:\Windows\System\uqIrExT.exe
  C:\Windows\System\uqIrExT.exe
  2⤵
  PID:5228
- C:\Windows\System\YdBqbYe.exe
  C:\Windows\System\YdBqbYe.exe
  2⤵
  PID:5244
- C:\Windows\System\NQSgBzw.exe
  C:\Windows\System\NQSgBzw.exe
  2⤵
  PID:5268
- C:\Windows\System\LYDBdSq.exe
  C:\Windows\System\LYDBdSq.exe
  2⤵
  PID:5288
- C:\Windows\System\OllMaVs.exe
  C:\Windows\System\OllMaVs.exe
  2⤵
  PID:5308
- C:\Windows\System\yukYiES.exe
  C:\Windows\System\yukYiES.exe
  2⤵
  PID:5328
- C:\Windows\System\oEhIHfE.exe
  C:\Windows\System\oEhIHfE.exe
  2⤵
  PID:5348
- C:\Windows\System\BvvpWNO.exe
  C:\Windows\System\BvvpWNO.exe
  2⤵
  PID:5368
- C:\Windows\System\jfGWAlM.exe
  C:\Windows\System\jfGWAlM.exe
  2⤵
  PID:5388
- C:\Windows\System\werbcYR.exe
  C:\Windows\System\werbcYR.exe
  2⤵
  PID:5408
- C:\Windows\System\zApUXxy.exe
  C:\Windows\System\zApUXxy.exe
  2⤵
  PID:5432
- C:\Windows\System\eAKYMOJ.exe
  C:\Windows\System\eAKYMOJ.exe
  2⤵
  PID:5452
- C:\Windows\System\DjoUAhM.exe
  C:\Windows\System\DjoUAhM.exe
  2⤵
  PID:5472
- C:\Windows\System\XUTFETj.exe
  C:\Windows\System\XUTFETj.exe
  2⤵
  PID:5492
- C:\Windows\System\SPlkLYG.exe
  C:\Windows\System\SPlkLYG.exe
  2⤵
  PID:5512
- C:\Windows\System\vMpkZMi.exe
  C:\Windows\System\vMpkZMi.exe
  2⤵
  PID:5532
- C:\Windows\System\EWkIVJJ.exe
  C:\Windows\System\EWkIVJJ.exe
  2⤵
  PID:5552
- C:\Windows\System\JmOJVBU.exe
  C:\Windows\System\JmOJVBU.exe
  2⤵
  PID:5572
- C:\Windows\System\bUswdDw.exe
  C:\Windows\System\bUswdDw.exe
  2⤵
  PID:5592
- C:\Windows\System\tFxGOOK.exe
  C:\Windows\System\tFxGOOK.exe
  2⤵
  PID:5612
- C:\Windows\System\zULOQHp.exe
  C:\Windows\System\zULOQHp.exe
  2⤵
  PID:5632
- C:\Windows\System\bXLserZ.exe
  C:\Windows\System\bXLserZ.exe
  2⤵
  PID:5652
- C:\Windows\System\sMyrPvR.exe
  C:\Windows\System\sMyrPvR.exe
  2⤵
  PID:5672
- C:\Windows\System\GRxhjee.exe
  C:\Windows\System\GRxhjee.exe
  2⤵
  PID:5692
- C:\Windows\System\drmoYhB.exe
  C:\Windows\System\drmoYhB.exe
  2⤵
  PID:5708
- C:\Windows\System\VrXwyjg.exe
  C:\Windows\System\VrXwyjg.exe
  2⤵
  PID:5732
- C:\Windows\System\GRqQMRb.exe
  C:\Windows\System\GRqQMRb.exe
  2⤵
  PID:5752
- C:\Windows\System\uCvPeCT.exe
  C:\Windows\System\uCvPeCT.exe
  2⤵
  PID:5772
- C:\Windows\System\dhNvSIu.exe
  C:\Windows\System\dhNvSIu.exe
  2⤵
  PID:5792
- C:\Windows\System\PgGtBuN.exe
  C:\Windows\System\PgGtBuN.exe
  2⤵
  PID:5812
- C:\Windows\System\mbtpLGM.exe
  C:\Windows\System\mbtpLGM.exe
  2⤵
  PID:5832
- C:\Windows\System\tbTVBKv.exe
  C:\Windows\System\tbTVBKv.exe
  2⤵
  PID:5852
- C:\Windows\System\EHTZXGz.exe
  C:\Windows\System\EHTZXGz.exe
  2⤵
  PID:5872
- C:\Windows\System\BfJonsL.exe
  C:\Windows\System\BfJonsL.exe
  2⤵
  PID:5892
- C:\Windows\System\RHvMYaw.exe
  C:\Windows\System\RHvMYaw.exe
  2⤵
  PID:5912
- C:\Windows\System\BUToLce.exe
  C:\Windows\System\BUToLce.exe
  2⤵
  PID:5932
- C:\Windows\System\ExFErqV.exe
  C:\Windows\System\ExFErqV.exe
  2⤵
  PID:5952
- C:\Windows\System\ECxIcGd.exe
  C:\Windows\System\ECxIcGd.exe
  2⤵
  PID:5972
- C:\Windows\System\liJruOt.exe
  C:\Windows\System\liJruOt.exe
  2⤵
  PID:5992
- C:\Windows\System\cPYrhNK.exe
  C:\Windows\System\cPYrhNK.exe
  2⤵
  PID:6012
- C:\Windows\System\aKllJlr.exe
  C:\Windows\System\aKllJlr.exe
  2⤵
  PID:6032
- C:\Windows\System\zZvssmQ.exe
  C:\Windows\System\zZvssmQ.exe
  2⤵
  PID:6052
- C:\Windows\System\ccsLyrh.exe
  C:\Windows\System\ccsLyrh.exe
  2⤵
  PID:6076
- C:\Windows\System\RoYPumF.exe
  C:\Windows\System\RoYPumF.exe
  2⤵
  PID:6096
- C:\Windows\System\AnMaaKY.exe
  C:\Windows\System\AnMaaKY.exe
  2⤵
  PID:6116
- C:\Windows\System\kknFqAl.exe
  C:\Windows\System\kknFqAl.exe
  2⤵
  PID:6136
- C:\Windows\System\qXdiYpj.exe
  C:\Windows\System\qXdiYpj.exe
  2⤵
  PID:4364
- C:\Windows\System\AewaSFM.exe
  C:\Windows\System\AewaSFM.exe
  2⤵
  PID:4404
- C:\Windows\System\hgoFpPq.exe
  C:\Windows\System\hgoFpPq.exe
  2⤵
  PID:2804
- C:\Windows\System\mZiVNTo.exe
  C:\Windows\System\mZiVNTo.exe
  2⤵
  PID:4648
- C:\Windows\System\mKiZoeQ.exe
  C:\Windows\System\mKiZoeQ.exe
  2⤵
  PID:4604
- C:\Windows\System\LEuIQya.exe
  C:\Windows\System\LEuIQya.exe
  2⤵
  PID:4756
- C:\Windows\System\tgvKiUO.exe
  C:\Windows\System\tgvKiUO.exe
  2⤵
  PID:4856
- C:\Windows\System\jLASXpq.exe
  C:\Windows\System\jLASXpq.exe
  2⤵
  PID:4940
- C:\Windows\System\HbNaDvM.exe
  C:\Windows\System\HbNaDvM.exe
  2⤵
  PID:5012
- C:\Windows\System\rmlbFyh.exe
  C:\Windows\System\rmlbFyh.exe
  2⤵
  PID:5076
- C:\Windows\System\lmNRfyi.exe
  C:\Windows\System\lmNRfyi.exe
  2⤵
  PID:2688
- C:\Windows\System\JpTYvlj.exe
  C:\Windows\System\JpTYvlj.exe
  2⤵
  PID:4224
- C:\Windows\System\ybeWcin.exe
  C:\Windows\System\ybeWcin.exe
  2⤵
  PID:5132
- C:\Windows\System\XGKzRqT.exe
  C:\Windows\System\XGKzRqT.exe
  2⤵
  PID:5196
- C:\Windows\System\yylZdTW.exe
  C:\Windows\System\yylZdTW.exe
  2⤵
  PID:5180
- C:\Windows\System\vlsrowJ.exe
  C:\Windows\System\vlsrowJ.exe
  2⤵
  PID:5220
- C:\Windows\System\LhTbCJe.exe
  C:\Windows\System\LhTbCJe.exe
  2⤵
  PID:5256
- C:\Windows\System\nqvnLjp.exe
  C:\Windows\System\nqvnLjp.exe
  2⤵
  PID:5316
- C:\Windows\System\IeEPTwY.exe
  C:\Windows\System\IeEPTwY.exe
  2⤵
  PID:5320
- C:\Windows\System\eMuSMpu.exe
  C:\Windows\System\eMuSMpu.exe
  2⤵
  PID:5340
- C:\Windows\System\oyHMUXV.exe
  C:\Windows\System\oyHMUXV.exe
  2⤵
  PID:5380
- C:\Windows\System\sNEgsWe.exe
  C:\Windows\System\sNEgsWe.exe
  2⤵
  PID:5440
- C:\Windows\System\hsVzVaI.exe
  C:\Windows\System\hsVzVaI.exe
  2⤵
  PID:5480
- C:\Windows\System\RfigBGl.exe
  C:\Windows\System\RfigBGl.exe
  2⤵
  PID:5500
- C:\Windows\System\cpjLuLj.exe
  C:\Windows\System\cpjLuLj.exe
  2⤵
  PID:5524
- C:\Windows\System\mvyAuAO.exe
  C:\Windows\System\mvyAuAO.exe
  2⤵
  PID:5568
- C:\Windows\System\OxKLyWi.exe
  C:\Windows\System\OxKLyWi.exe
  2⤵
  PID:5600
- C:\Windows\System\oFjJEpb.exe
  C:\Windows\System\oFjJEpb.exe
  2⤵
  PID:5620
- C:\Windows\System\UFeSkTb.exe
  C:\Windows\System\UFeSkTb.exe
  2⤵
  PID:5680
- C:\Windows\System\obOkUUI.exe
  C:\Windows\System\obOkUUI.exe
  2⤵
  PID:5716
- C:\Windows\System\bJecAVJ.exe
  C:\Windows\System\bJecAVJ.exe
  2⤵
  PID:5700
- C:\Windows\System\sDIPPTb.exe
  C:\Windows\System\sDIPPTb.exe
  2⤵
  PID:5760
- C:\Windows\System\xjsnmaS.exe
  C:\Windows\System\xjsnmaS.exe
  2⤵
  PID:5780
- C:\Windows\System\tbXXwqV.exe
  C:\Windows\System\tbXXwqV.exe
  2⤵
  PID:5828
- C:\Windows\System\DJxbBgb.exe
  C:\Windows\System\DJxbBgb.exe
  2⤵
  PID:5888
- C:\Windows\System\pRgxWbE.exe
  C:\Windows\System\pRgxWbE.exe
  2⤵
  PID:5920
- C:\Windows\System\GDAEncT.exe
  C:\Windows\System\GDAEncT.exe
  2⤵
  PID:5928
- C:\Windows\System\vxHHgZJ.exe
  C:\Windows\System\vxHHgZJ.exe
  2⤵
  PID:5944
- C:\Windows\System\RZMiIny.exe
  C:\Windows\System\RZMiIny.exe
  2⤵
  PID:5980
- C:\Windows\System\bbmGQzf.exe
  C:\Windows\System\bbmGQzf.exe
  2⤵
  PID:6040
- C:\Windows\System\DlwokHC.exe
  C:\Windows\System\DlwokHC.exe
  2⤵
  PID:6060
- C:\Windows\System\RVjSMRE.exe
  C:\Windows\System\RVjSMRE.exe
  2⤵
  PID:6088
- C:\Windows\System\sbDLoRS.exe
  C:\Windows\System\sbDLoRS.exe
  2⤵
  PID:2892
- C:\Windows\System\DfuTtyn.exe
  C:\Windows\System\DfuTtyn.exe
  2⤵
  PID:4264
- C:\Windows\System\zNAsImL.exe
  C:\Windows\System\zNAsImL.exe
  2⤵
  PID:4880
- C:\Windows\System\jmfzoGg.exe
  C:\Windows\System\jmfzoGg.exe
  2⤵
  PID:2548
- C:\Windows\System\OLIOWyc.exe
  C:\Windows\System\OLIOWyc.exe
  2⤵
  PID:4668
- C:\Windows\System\FiEJDCO.exe
  C:\Windows\System\FiEJDCO.exe
  2⤵
  PID:4808
- C:\Windows\System\JHBupVz.exe
  C:\Windows\System\JHBupVz.exe
  2⤵
  PID:5008
- C:\Windows\System\yVYJsGP.exe
  C:\Windows\System\yVYJsGP.exe
  2⤵
  PID:4184
- C:\Windows\System\GcPExXe.exe
  C:\Windows\System\GcPExXe.exe
  2⤵
  PID:2692
- C:\Windows\System\oFLnINg.exe
  C:\Windows\System\oFLnINg.exe
  2⤵
  PID:5200
- C:\Windows\System\mKpvKUA.exe
  C:\Windows\System\mKpvKUA.exe
  2⤵
  PID:5260
- C:\Windows\System\GEvsuYq.exe
  C:\Windows\System\GEvsuYq.exe
  2⤵
  PID:5176
- C:\Windows\System\BSHjcGx.exe
  C:\Windows\System\BSHjcGx.exe
  2⤵
  PID:5344
- C:\Windows\System\yxylrYh.exe
  C:\Windows\System\yxylrYh.exe
  2⤵
  PID:5428
- C:\Windows\System\dLQESjO.exe
  C:\Windows\System\dLQESjO.exe
  2⤵
  PID:5484
- C:\Windows\System\wXXcioY.exe
  C:\Windows\System\wXXcioY.exe
  2⤵
  PID:5548
- C:\Windows\System\EKdLnih.exe
  C:\Windows\System\EKdLnih.exe
  2⤵
  PID:5648
- C:\Windows\System\VxZmvVW.exe
  C:\Windows\System\VxZmvVW.exe
  2⤵
  PID:5580
- C:\Windows\System\HXBqwlf.exe
  C:\Windows\System\HXBqwlf.exe
  2⤵
  PID:5660
- C:\Windows\System\LMaaUaC.exe
  C:\Windows\System\LMaaUaC.exe
  2⤵
  PID:5748
- C:\Windows\System\IRKUjzf.exe
  C:\Windows\System\IRKUjzf.exe
  2⤵
  PID:5840
- C:\Windows\System\OgxmiqV.exe
  C:\Windows\System\OgxmiqV.exe
  2⤵
  PID:5808
- C:\Windows\System\zBvRqTj.exe
  C:\Windows\System\zBvRqTj.exe
  2⤵
  PID:5844
- C:\Windows\System\FThWvqr.exe
  C:\Windows\System\FThWvqr.exe
  2⤵
  PID:5908
- C:\Windows\System\dxnnrIW.exe
  C:\Windows\System\dxnnrIW.exe
  2⤵
  PID:6020
- C:\Windows\System\GkoPDNV.exe
  C:\Windows\System\GkoPDNV.exe
  2⤵
  PID:6008
- C:\Windows\System\LnwNMJm.exe
  C:\Windows\System\LnwNMJm.exe
  2⤵
  PID:6092
- C:\Windows\System\EDDuDBK.exe
  C:\Windows\System\EDDuDBK.exe
  2⤵
  PID:572
- C:\Windows\System\perqlbS.exe
  C:\Windows\System\perqlbS.exe
  2⤵
  PID:6128
- C:\Windows\System\VlutdxN.exe
  C:\Windows\System\VlutdxN.exe
  2⤵
  PID:4424
- C:\Windows\System\yXbVcLz.exe
  C:\Windows\System\yXbVcLz.exe
  2⤵
  PID:4600
- C:\Windows\System\uNXerVU.exe
  C:\Windows\System\uNXerVU.exe
  2⤵
  PID:4872
- C:\Windows\System\PlyRIqL.exe
  C:\Windows\System\PlyRIqL.exe
  2⤵
  PID:5020
- C:\Windows\System\BQgvOnR.exe
  C:\Windows\System\BQgvOnR.exe
  2⤵
  PID:5160
- C:\Windows\System\qFLnYzE.exe
  C:\Windows\System\qFLnYzE.exe
  2⤵
  PID:5280
- C:\Windows\System\hHwHVLa.exe
  C:\Windows\System\hHwHVLa.exe
  2⤵
  PID:264
- C:\Windows\System\bRErCxB.exe
  C:\Windows\System\bRErCxB.exe
  2⤵
  PID:5416
- C:\Windows\System\zkzfIBE.exe
  C:\Windows\System\zkzfIBE.exe
  2⤵
  PID:816
- C:\Windows\System\IOtRvqs.exe
  C:\Windows\System\IOtRvqs.exe
  2⤵
  PID:2080
- C:\Windows\System\VhqnliA.exe
  C:\Windows\System\VhqnliA.exe
  2⤵
  PID:1296
- C:\Windows\System\Urqtjne.exe
  C:\Windows\System\Urqtjne.exe
  2⤵
  PID:5744
- C:\Windows\System\dOkPPvg.exe
  C:\Windows\System\dOkPPvg.exe
  2⤵
  PID:5720
- C:\Windows\System\OmaDsWw.exe
  C:\Windows\System\OmaDsWw.exe
  2⤵
  PID:5960
- C:\Windows\System\ALYuoeT.exe
  C:\Windows\System\ALYuoeT.exe
  2⤵
  PID:592
- C:\Windows\System\tSlqyhb.exe
  C:\Windows\System\tSlqyhb.exe
  2⤵
  PID:6044
- C:\Windows\System\CJjTIbm.exe
  C:\Windows\System\CJjTIbm.exe
  2⤵
  PID:4320
- C:\Windows\System\ozPCfJl.exe
  C:\Windows\System\ozPCfJl.exe
  2⤵
  PID:2348
- C:\Windows\System\jTdIQZx.exe
  C:\Windows\System\jTdIQZx.exe
  2⤵
  PID:3036
- C:\Windows\System\bHJuLOc.exe
  C:\Windows\System\bHJuLOc.exe
  2⤵
  PID:4164
- C:\Windows\System\Qndvhrc.exe
  C:\Windows\System\Qndvhrc.exe
  2⤵
  PID:5080
- C:\Windows\System\unDnpVl.exe
  C:\Windows\System\unDnpVl.exe
  2⤵
  PID:5324
- C:\Windows\System\HbCSAaD.exe
  C:\Windows\System\HbCSAaD.exe
  2⤵
  PID:1984
- C:\Windows\System\vzBQTkC.exe
  C:\Windows\System\vzBQTkC.exe
  2⤵
  PID:5364
- C:\Windows\System\YTzvxbZ.exe
  C:\Windows\System\YTzvxbZ.exe
  2⤵
  PID:5444
- C:\Windows\System\FyRyMqF.exe
  C:\Windows\System\FyRyMqF.exe
  2⤵
  PID:5504
- C:\Windows\System\byzjFVf.exe
  C:\Windows\System\byzjFVf.exe
  2⤵
  PID:5624
- C:\Windows\System\QSJIADl.exe
  C:\Windows\System\QSJIADl.exe
  2⤵
  PID:5764
- C:\Windows\System\FsLGcmG.exe
  C:\Windows\System\FsLGcmG.exe
  2⤵
  PID:2552
- C:\Windows\System\IpQcwpk.exe
  C:\Windows\System\IpQcwpk.exe
  2⤵
  PID:4732
- C:\Windows\System\UGwuPsx.exe
  C:\Windows\System\UGwuPsx.exe
  2⤵
  PID:4980
- C:\Windows\System\alLjxsO.exe
  C:\Windows\System\alLjxsO.exe
  2⤵
  PID:5016
- C:\Windows\System\lQsDXUv.exe
  C:\Windows\System\lQsDXUv.exe
  2⤵
  PID:2720
- C:\Windows\System\WNDuncW.exe
  C:\Windows\System\WNDuncW.exe
  2⤵
  PID:5384
- C:\Windows\System\pcKrkgh.exe
  C:\Windows\System\pcKrkgh.exe
  2⤵
  PID:5460
- C:\Windows\System\CcsQBAj.exe
  C:\Windows\System\CcsQBAj.exe
  2⤵
  PID:5668
- C:\Windows\System\pMuqbvh.exe
  C:\Windows\System\pMuqbvh.exe
  2⤵
  PID:5904
- C:\Windows\System\ahJWgfd.exe
  C:\Windows\System\ahJWgfd.exe
  2⤵
  PID:6160
- C:\Windows\System\yQzrjNK.exe
  C:\Windows\System\yQzrjNK.exe
  2⤵
  PID:6180
- C:\Windows\System\rKxvYJl.exe
  C:\Windows\System\rKxvYJl.exe
  2⤵
  PID:6204
- C:\Windows\System\uGBVuFg.exe
  C:\Windows\System\uGBVuFg.exe
  2⤵
  PID:6224
- C:\Windows\System\ZrGZVNR.exe
  C:\Windows\System\ZrGZVNR.exe
  2⤵
  PID:6244
- C:\Windows\System\upyeCkC.exe
  C:\Windows\System\upyeCkC.exe
  2⤵
  PID:6264
- C:\Windows\System\PLbSeEn.exe
  C:\Windows\System\PLbSeEn.exe
  2⤵
  PID:6284
- C:\Windows\System\jbZiYIg.exe
  C:\Windows\System\jbZiYIg.exe
  2⤵
  PID:6304
- C:\Windows\System\tXCNnBZ.exe
  C:\Windows\System\tXCNnBZ.exe
  2⤵
  PID:6324
- C:\Windows\System\gWHLeDY.exe
  C:\Windows\System\gWHLeDY.exe
  2⤵
  PID:6344
- C:\Windows\System\faDPMDw.exe
  C:\Windows\System\faDPMDw.exe
  2⤵
  PID:6360
- C:\Windows\System\iPTKKZB.exe
  C:\Windows\System\iPTKKZB.exe
  2⤵
  PID:6380
- C:\Windows\System\dMIepJm.exe
  C:\Windows\System\dMIepJm.exe
  2⤵
  PID:6400
- C:\Windows\System\NnkKJaM.exe
  C:\Windows\System\NnkKJaM.exe
  2⤵
  PID:6420
- C:\Windows\System\YEErQWM.exe
  C:\Windows\System\YEErQWM.exe
  2⤵
  PID:6444
- C:\Windows\System\YKBVfaj.exe
  C:\Windows\System\YKBVfaj.exe
  2⤵
  PID:6464
- C:\Windows\System\oUwMBeh.exe
  C:\Windows\System\oUwMBeh.exe
  2⤵
  PID:6484
- C:\Windows\System\YhvQzZw.exe
  C:\Windows\System\YhvQzZw.exe
  2⤵
  PID:6500
- C:\Windows\System\wKmKvWy.exe
  C:\Windows\System\wKmKvWy.exe
  2⤵
  PID:6524
- C:\Windows\System\uNuiLfd.exe
  C:\Windows\System\uNuiLfd.exe
  2⤵
  PID:6544
- C:\Windows\System\hquZfZp.exe
  C:\Windows\System\hquZfZp.exe
  2⤵
  PID:6564
- C:\Windows\System\hMkqgoA.exe
  C:\Windows\System\hMkqgoA.exe
  2⤵
  PID:6584
- C:\Windows\System\ADAcUFU.exe
  C:\Windows\System\ADAcUFU.exe
  2⤵
  PID:6604
- C:\Windows\System\qbYuONI.exe
  C:\Windows\System\qbYuONI.exe
  2⤵
  PID:6624
- C:\Windows\System\VtIUbot.exe
  C:\Windows\System\VtIUbot.exe
  2⤵
  PID:6644
- C:\Windows\System\vfQvNkL.exe
  C:\Windows\System\vfQvNkL.exe
  2⤵
  PID:6664
- C:\Windows\System\xotHNXi.exe
  C:\Windows\System\xotHNXi.exe
  2⤵
  PID:6680
- C:\Windows\System\OVojQOl.exe
  C:\Windows\System\OVojQOl.exe
  2⤵
  PID:6704
- C:\Windows\System\iHCpsJh.exe
  C:\Windows\System\iHCpsJh.exe
  2⤵
  PID:6724
- C:\Windows\System\SgPOQeS.exe
  C:\Windows\System\SgPOQeS.exe
  2⤵
  PID:6744
- C:\Windows\System\MwxTlhy.exe
  C:\Windows\System\MwxTlhy.exe
  2⤵
  PID:6764
- C:\Windows\System\JqynSiP.exe
  C:\Windows\System\JqynSiP.exe
  2⤵
  PID:6784
- C:\Windows\System\ABcXBPS.exe
  C:\Windows\System\ABcXBPS.exe
  2⤵
  PID:6804
- C:\Windows\System\JNNaJYf.exe
  C:\Windows\System\JNNaJYf.exe
  2⤵
  PID:6824
- C:\Windows\System\oDNihyT.exe
  C:\Windows\System\oDNihyT.exe
  2⤵
  PID:6844
- C:\Windows\System\FpyGEKp.exe
  C:\Windows\System\FpyGEKp.exe
  2⤵
  PID:6864
- C:\Windows\System\esJEbCC.exe
  C:\Windows\System\esJEbCC.exe
  2⤵
  PID:6884
- C:\Windows\System\Yzzxmfz.exe
  C:\Windows\System\Yzzxmfz.exe
  2⤵
  PID:6904
- C:\Windows\System\KHDPmey.exe
  C:\Windows\System\KHDPmey.exe
  2⤵
  PID:6924
- C:\Windows\System\cQXQkee.exe
  C:\Windows\System\cQXQkee.exe
  2⤵
  PID:6944
- C:\Windows\System\GgxszcD.exe
  C:\Windows\System\GgxszcD.exe
  2⤵
  PID:6960
- C:\Windows\System\eQsWsFh.exe
  C:\Windows\System\eQsWsFh.exe
  2⤵
  PID:6984
- C:\Windows\System\RAHaBdO.exe
  C:\Windows\System\RAHaBdO.exe
  2⤵
  PID:7004
- C:\Windows\System\apLZLsX.exe
  C:\Windows\System\apLZLsX.exe
  2⤵
  PID:7024
- C:\Windows\System\ocnuvAj.exe
  C:\Windows\System\ocnuvAj.exe
  2⤵
  PID:7048
- C:\Windows\System\cTSQgzz.exe
  C:\Windows\System\cTSQgzz.exe
  2⤵
  PID:7068
- C:\Windows\System\ysUIhKI.exe
  C:\Windows\System\ysUIhKI.exe
  2⤵
  PID:7088
- C:\Windows\System\ABLqgXB.exe
  C:\Windows\System\ABLqgXB.exe
  2⤵
  PID:7108
- C:\Windows\System\azmOSmg.exe
  C:\Windows\System\azmOSmg.exe
  2⤵
  PID:7128
- C:\Windows\System\pJNAwrk.exe
  C:\Windows\System\pJNAwrk.exe
  2⤵
  PID:7148
- C:\Windows\System\vkxtXfG.exe
  C:\Windows\System\vkxtXfG.exe
  2⤵
  PID:4304
- C:\Windows\System\hNhjXik.exe
  C:\Windows\System\hNhjXik.exe
  2⤵
  PID:3060
- C:\Windows\System\ABvKUgX.exe
  C:\Windows\System\ABvKUgX.exe
  2⤵
  PID:4244
- C:\Windows\System\aRfzAqU.exe
  C:\Windows\System\aRfzAqU.exe
  2⤵
  PID:5296
- C:\Windows\System\IhkIoqh.exe
  C:\Windows\System\IhkIoqh.exe
  2⤵
  PID:5376
- C:\Windows\System\RPzbdnw.exe
  C:\Windows\System\RPzbdnw.exe
  2⤵
  PID:5800
- C:\Windows\System\zIGaWCp.exe
  C:\Windows\System\zIGaWCp.exe
  2⤵
  PID:6148
- C:\Windows\System\HRQMOmL.exe
  C:\Windows\System\HRQMOmL.exe
  2⤵
  PID:6212
- C:\Windows\System\UZvYNLt.exe
  C:\Windows\System\UZvYNLt.exe
  2⤵
  PID:6192
- C:\Windows\System\JKFGJzc.exe
  C:\Windows\System\JKFGJzc.exe
  2⤵
  PID:6240
- C:\Windows\System\hhOAQmO.exe
  C:\Windows\System\hhOAQmO.exe
  2⤵
  PID:6280
- C:\Windows\System\tviGBWx.exe
  C:\Windows\System\tviGBWx.exe
  2⤵
  PID:6312
- C:\Windows\System\hOfrunv.exe
  C:\Windows\System\hOfrunv.exe
  2⤵
  PID:6376
- C:\Windows\System\kHiGPRe.exe
  C:\Windows\System\kHiGPRe.exe
  2⤵
  PID:6416
- C:\Windows\System\XMVrtbr.exe
  C:\Windows\System\XMVrtbr.exe
  2⤵
  PID:6392
- C:\Windows\System\PHSFhQR.exe
  C:\Windows\System\PHSFhQR.exe
  2⤵
  PID:6436
- C:\Windows\System\IMSEADR.exe
  C:\Windows\System\IMSEADR.exe
  2⤵
  PID:6476
- C:\Windows\System\dcpHYgD.exe
  C:\Windows\System\dcpHYgD.exe
  2⤵
  PID:6512
- C:\Windows\System\QWdYgji.exe
  C:\Windows\System\QWdYgji.exe
  2⤵
  PID:6580
- C:\Windows\System\ruxUJjc.exe
  C:\Windows\System\ruxUJjc.exe
  2⤵
  PID:6612
- C:\Windows\System\fbiLgxt.exe
  C:\Windows\System\fbiLgxt.exe
  2⤵
  PID:6616
- C:\Windows\System\ylpNyRT.exe
  C:\Windows\System\ylpNyRT.exe
  2⤵
  PID:6640
- C:\Windows\System\qRTCNti.exe
  C:\Windows\System\qRTCNti.exe
  2⤵
  PID:6672
- C:\Windows\System\OtaspfK.exe
  C:\Windows\System\OtaspfK.exe
  2⤵
  PID:6712
- C:\Windows\System\tKHUabO.exe
  C:\Windows\System\tKHUabO.exe
  2⤵
  PID:6780
- C:\Windows\System\BGPZCeD.exe
  C:\Windows\System\BGPZCeD.exe
  2⤵
  PID:6792
- C:\Windows\System\BhlQtqZ.exe
  C:\Windows\System\BhlQtqZ.exe
  2⤵
  PID:6820
- C:\Windows\System\SrZZKRk.exe
  C:\Windows\System\SrZZKRk.exe
  2⤵
  PID:6840
- C:\Windows\System\yLWHWag.exe
  C:\Windows\System\yLWHWag.exe
  2⤵
  PID:6880
- C:\Windows\System\OxGQFxz.exe
  C:\Windows\System\OxGQFxz.exe
  2⤵
  PID:6200
- C:\Windows\System\EbXluUh.exe
  C:\Windows\System\EbXluUh.exe
  2⤵
  PID:6968
- C:\Windows\System\yDcdxoM.exe
  C:\Windows\System\yDcdxoM.exe
  2⤵
  PID:6952
- C:\Windows\System\oTGSUzb.exe
  C:\Windows\System\oTGSUzb.exe
  2⤵
  PID:7000
- C:\Windows\System\ZUGhHka.exe
  C:\Windows\System\ZUGhHka.exe
  2⤵
  PID:7036
- C:\Windows\System\Kzvhaib.exe
  C:\Windows\System\Kzvhaib.exe
  2⤵
  PID:7076
- C:\Windows\System\ScnHWcZ.exe
  C:\Windows\System\ScnHWcZ.exe
  2⤵
  PID:7080
- C:\Windows\System\paFXKdi.exe
  C:\Windows\System\paFXKdi.exe
  2⤵
  PID:6132
- C:\Windows\System\qtFiAvc.exe
  C:\Windows\System\qtFiAvc.exe
  2⤵
  PID:7160
- C:\Windows\System\eVRdnzx.exe
  C:\Windows\System\eVRdnzx.exe
  2⤵
  PID:2916
- C:\Windows\System\ZkwWgeR.exe
  C:\Windows\System\ZkwWgeR.exe
  2⤵
  PID:2412
- C:\Windows\System\BezBEsg.exe
  C:\Windows\System\BezBEsg.exe
  2⤵
  PID:5880
- C:\Windows\System\RWQMelP.exe
  C:\Windows\System\RWQMelP.exe
  2⤵
  PID:6232
- C:\Windows\System\JHHeuAG.exe
  C:\Windows\System\JHHeuAG.exe
  2⤵
  PID:6188
- C:\Windows\System\WrTaPAk.exe
  C:\Windows\System\WrTaPAk.exe
  2⤵
  PID:6332
- C:\Windows\System\rmgcKjx.exe
  C:\Windows\System\rmgcKjx.exe
  2⤵
  PID:6408
- C:\Windows\System\BUSQKUY.exe
  C:\Windows\System\BUSQKUY.exe
  2⤵
  PID:6388
- C:\Windows\System\EqYNNPp.exe
  C:\Windows\System\EqYNNPp.exe
  2⤵
  PID:6508
- C:\Windows\System\PFNjqFt.exe
  C:\Windows\System\PFNjqFt.exe
  2⤵
  PID:6516
- C:\Windows\System\NNzVKoh.exe
  C:\Windows\System\NNzVKoh.exe
  2⤵
  PID:6536
- C:\Windows\System\VLLbZnm.exe
  C:\Windows\System\VLLbZnm.exe
  2⤵
  PID:6656
- C:\Windows\System\DJmsMrv.exe
  C:\Windows\System\DJmsMrv.exe
  2⤵
  PID:6692
- C:\Windows\System\PCwLtFg.exe
  C:\Windows\System\PCwLtFg.exe
  2⤵
  PID:6760
- C:\Windows\System\eMoqqMy.exe
  C:\Windows\System\eMoqqMy.exe
  2⤵
  PID:6812
- C:\Windows\System\zVLaTPn.exe
  C:\Windows\System\zVLaTPn.exe
  2⤵
  PID:6856
- C:\Windows\System\EXLsjHX.exe
  C:\Windows\System\EXLsjHX.exe
  2⤵
  PID:6896
- C:\Windows\System\KayNXgs.exe
  C:\Windows\System\KayNXgs.exe
  2⤵
  PID:7016
- C:\Windows\System\xeCLWLf.exe
  C:\Windows\System\xeCLWLf.exe
  2⤵
  PID:6992
- C:\Windows\System\bnWtOJy.exe
  C:\Windows\System\bnWtOJy.exe
  2⤵
  PID:7144
- C:\Windows\System\IohjsZU.exe
  C:\Windows\System\IohjsZU.exe
  2⤵
  PID:2184
- C:\Windows\System\RLkdfXY.exe
  C:\Windows\System\RLkdfXY.exe
  2⤵
  PID:2788
- C:\Windows\System\btGMvpF.exe
  C:\Windows\System\btGMvpF.exe
  2⤵
  PID:2004
- C:\Windows\System\QjjCWpY.exe
  C:\Windows\System\QjjCWpY.exe
  2⤵
  PID:900
- C:\Windows\System\hpQccvo.exe
  C:\Windows\System\hpQccvo.exe
  2⤵
  PID:6292
- C:\Windows\System\QwIopYr.exe
  C:\Windows\System\QwIopYr.exe
  2⤵
  PID:6300
- C:\Windows\System\DcGLKNF.exe
  C:\Windows\System\DcGLKNF.exe
  2⤵
  PID:6396
- C:\Windows\System\BZnFGBY.exe
  C:\Windows\System\BZnFGBY.exe
  2⤵
  PID:6540
- C:\Windows\System\sQuaSnN.exe
  C:\Windows\System\sQuaSnN.exe
  2⤵
  PID:6576
- C:\Windows\System\ZnpIhNQ.exe
  C:\Windows\System\ZnpIhNQ.exe
  2⤵
  PID:6732
- C:\Windows\System\aOqvfwO.exe
  C:\Windows\System\aOqvfwO.exe
  2⤵
  PID:6700
- C:\Windows\System\thhFbyI.exe
  C:\Windows\System\thhFbyI.exe
  2⤵
  PID:6772
- C:\Windows\System\BwYGnuw.exe
  C:\Windows\System\BwYGnuw.exe
  2⤵
  PID:6892
- C:\Windows\System\bdvxFAZ.exe
  C:\Windows\System\bdvxFAZ.exe
  2⤵
  PID:7012
- C:\Windows\System\SAtWmvr.exe
  C:\Windows\System\SAtWmvr.exe
  2⤵
  PID:2696
- C:\Windows\System\XypgzLa.exe
  C:\Windows\System\XypgzLa.exe
  2⤵
  PID:7124
- C:\Windows\System\AxXPbzw.exe
  C:\Windows\System\AxXPbzw.exe
  2⤵
  PID:5788
- C:\Windows\System\pJbQNNY.exe
  C:\Windows\System\pJbQNNY.exe
  2⤵
  PID:6152
- C:\Windows\System\HbBJjRH.exe
  C:\Windows\System\HbBJjRH.exe
  2⤵
  PID:6452
- C:\Windows\System\SDMHFVz.exe
  C:\Windows\System\SDMHFVz.exe
  2⤵
  PID:2140
- C:\Windows\System\GUMDRHL.exe
  C:\Windows\System\GUMDRHL.exe
  2⤵
  PID:6432
- C:\Windows\System\eIklgTe.exe
  C:\Windows\System\eIklgTe.exe
  2⤵
  PID:812
- C:\Windows\System\uipKeFL.exe
  C:\Windows\System\uipKeFL.exe
  2⤵
  PID:6688
- C:\Windows\System\ibwYvrL.exe
  C:\Windows\System\ibwYvrL.exe
  2⤵
  PID:2556
- C:\Windows\System\UFcfoDf.exe
  C:\Windows\System\UFcfoDf.exe
  2⤵
  PID:7056
- C:\Windows\System\wqVyvot.exe
  C:\Windows\System\wqVyvot.exe
  2⤵
  PID:6296
- C:\Windows\System\UxkKmRQ.exe
  C:\Windows\System\UxkKmRQ.exe
  2⤵
  PID:6216
- C:\Windows\System\JqKFOjG.exe
  C:\Windows\System\JqKFOjG.exe
  2⤵
  PID:6272
- C:\Windows\System\BhCFOVh.exe
  C:\Windows\System\BhCFOVh.exe
  2⤵
  PID:1372
- C:\Windows\System\FuMtJWm.exe
  C:\Windows\System\FuMtJWm.exe
  2⤵
  PID:6852
- C:\Windows\System\vJkpHXj.exe
  C:\Windows\System\vJkpHXj.exe
  2⤵
  PID:6940
- C:\Windows\System\JCCjFSf.exe
  C:\Windows\System\JCCjFSf.exe
  2⤵
  PID:2016
- C:\Windows\System\uqbHMvs.exe
  C:\Windows\System\uqbHMvs.exe
  2⤵
  PID:5884
- C:\Windows\System\bSwklRT.exe
  C:\Windows\System\bSwklRT.exe
  2⤵
  PID:7176
- C:\Windows\System\iMfwsBi.exe
  C:\Windows\System\iMfwsBi.exe
  2⤵
  PID:7200
- C:\Windows\System\QBBYeGS.exe
  C:\Windows\System\QBBYeGS.exe
  2⤵
  PID:7224
- C:\Windows\System\mAVcMVa.exe
  C:\Windows\System\mAVcMVa.exe
  2⤵
  PID:7244
- C:\Windows\System\nwAAIHJ.exe
  C:\Windows\System\nwAAIHJ.exe
  2⤵
  PID:7264
- C:\Windows\System\ZAYqwlM.exe
  C:\Windows\System\ZAYqwlM.exe
  2⤵
  PID:7284
- C:\Windows\System\KIZCwNd.exe
  C:\Windows\System\KIZCwNd.exe
  2⤵
  PID:7308
- C:\Windows\System\wgAKjMk.exe
  C:\Windows\System\wgAKjMk.exe
  2⤵
  PID:7328
- C:\Windows\System\PYDAiZh.exe
  C:\Windows\System\PYDAiZh.exe
  2⤵
  PID:7348
- C:\Windows\System\nLFxAtp.exe
  C:\Windows\System\nLFxAtp.exe
  2⤵
  PID:7368
- C:\Windows\System\ezbyzPC.exe
  C:\Windows\System\ezbyzPC.exe
  2⤵
  PID:7388
- C:\Windows\System\ouQFTta.exe
  C:\Windows\System\ouQFTta.exe
  2⤵
  PID:7408
- C:\Windows\System\FLTwbIQ.exe
  C:\Windows\System\FLTwbIQ.exe
  2⤵
  PID:7428
- C:\Windows\System\VbHbYvi.exe
  C:\Windows\System\VbHbYvi.exe
  2⤵
  PID:7452
- C:\Windows\System\LBcHoFB.exe
  C:\Windows\System\LBcHoFB.exe
  2⤵
  PID:7472
- C:\Windows\System\IaYbKdC.exe
  C:\Windows\System\IaYbKdC.exe
  2⤵
  PID:7492
- C:\Windows\System\yRdUAsw.exe
  C:\Windows\System\yRdUAsw.exe
  2⤵
  PID:7512
- C:\Windows\System\rJqDXOy.exe
  C:\Windows\System\rJqDXOy.exe
  2⤵
  PID:7532
- C:\Windows\System\CdGRDWU.exe
  C:\Windows\System\CdGRDWU.exe
  2⤵
  PID:7552
- C:\Windows\System\qJjWSLN.exe
  C:\Windows\System\qJjWSLN.exe
  2⤵
  PID:7572
- C:\Windows\System\YbhLzqI.exe
  C:\Windows\System\YbhLzqI.exe
  2⤵
  PID:7592
- C:\Windows\System\aOOOxDt.exe
  C:\Windows\System\aOOOxDt.exe
  2⤵
  PID:7612
- C:\Windows\System\PXcjOct.exe
  C:\Windows\System\PXcjOct.exe
  2⤵
  PID:7632
- C:\Windows\System\lJbvwhu.exe
  C:\Windows\System\lJbvwhu.exe
  2⤵
  PID:7652
- C:\Windows\System\mcnhJNl.exe
  C:\Windows\System\mcnhJNl.exe
  2⤵
  PID:7672
- C:\Windows\System\sePxaas.exe
  C:\Windows\System\sePxaas.exe
  2⤵
  PID:7692
- C:\Windows\System\uqcgIGX.exe
  C:\Windows\System\uqcgIGX.exe
  2⤵
  PID:7712
- C:\Windows\System\JgcSHZJ.exe
  C:\Windows\System\JgcSHZJ.exe
  2⤵
  PID:7732
- C:\Windows\System\tVoTDXU.exe
  C:\Windows\System\tVoTDXU.exe
  2⤵
  PID:7840
- C:\Windows\System\pXWZlzU.exe
  C:\Windows\System\pXWZlzU.exe
  2⤵
  PID:7860
- C:\Windows\System\DyhEKhK.exe
  C:\Windows\System\DyhEKhK.exe
  2⤵
  PID:7884
- C:\Windows\System\BhHIAQM.exe
  C:\Windows\System\BhHIAQM.exe
  2⤵
  PID:7900
- C:\Windows\System\Kyjqnsc.exe
  C:\Windows\System\Kyjqnsc.exe
  2⤵
  PID:7920
- C:\Windows\System\fpCXlZP.exe
  C:\Windows\System\fpCXlZP.exe
  2⤵
  PID:7940
- C:\Windows\System\VosGGQL.exe
  C:\Windows\System\VosGGQL.exe
  2⤵
  PID:7960
- C:\Windows\System\mYGNCIu.exe
  C:\Windows\System\mYGNCIu.exe
  2⤵
  PID:7976
- C:\Windows\System\mxVCKIa.exe
  C:\Windows\System\mxVCKIa.exe
  2⤵
  PID:8000
- C:\Windows\System\EpVFjsQ.exe
  C:\Windows\System\EpVFjsQ.exe
  2⤵
  PID:8028
- C:\Windows\System\zWvxBTZ.exe
  C:\Windows\System\zWvxBTZ.exe
  2⤵
  PID:8044
- C:\Windows\System\fbqHOAR.exe
  C:\Windows\System\fbqHOAR.exe
  2⤵
  PID:8060
- C:\Windows\System\IlMihRA.exe
  C:\Windows\System\IlMihRA.exe
  2⤵
  PID:8076
- C:\Windows\System\CAkoXaI.exe
  C:\Windows\System\CAkoXaI.exe
  2⤵
  PID:8096
- C:\Windows\System\xTYQwuo.exe
  C:\Windows\System\xTYQwuo.exe
  2⤵
  PID:8124
- C:\Windows\System\kmxSRGw.exe
  C:\Windows\System\kmxSRGw.exe
  2⤵
  PID:8148
- C:\Windows\System\SjakkeN.exe
  C:\Windows\System\SjakkeN.exe
  2⤵
  PID:8164
- C:\Windows\System\hHTZGRl.exe
  C:\Windows\System\hHTZGRl.exe
  2⤵
  PID:8188
- C:\Windows\System\HgIZpap.exe
  C:\Windows\System\HgIZpap.exe
  2⤵
  PID:6652
- C:\Windows\System\IQxWAli.exe
  C:\Windows\System\IQxWAli.exe
  2⤵
  PID:4816
- C:\Windows\System\lTtQjCi.exe
  C:\Windows\System\lTtQjCi.exe
  2⤵
  PID:7140
- C:\Windows\System\fVbeovw.exe
  C:\Windows\System\fVbeovw.exe
  2⤵
  PID:3604
- C:\Windows\System\kKjpSvq.exe
  C:\Windows\System\kKjpSvq.exe
  2⤵
  PID:7252
- C:\Windows\System\nqLtCfn.exe
  C:\Windows\System\nqLtCfn.exe
  2⤵
  PID:7236
- C:\Windows\System\AuFtnNX.exe
  C:\Windows\System\AuFtnNX.exe
  2⤵
  PID:7300
- C:\Windows\System\XvcIeCm.exe
  C:\Windows\System\XvcIeCm.exe
  2⤵
  PID:7296
- C:\Windows\System\yMPfBSd.exe
  C:\Windows\System\yMPfBSd.exe
  2⤵
  PID:872
- C:\Windows\System\HDckvUi.exe
  C:\Windows\System\HDckvUi.exe
  2⤵
  PID:7356
- C:\Windows\System\NOaNXfB.exe
  C:\Windows\System\NOaNXfB.exe
  2⤵
  PID:7396
- C:\Windows\System\TQhsrpJ.exe
  C:\Windows\System\TQhsrpJ.exe
  2⤵
  PID:7420
- C:\Windows\System\UPzmdOz.exe
  C:\Windows\System\UPzmdOz.exe
  2⤵
  PID:7440
- C:\Windows\System\SrMDcxp.exe
  C:\Windows\System\SrMDcxp.exe
  2⤵
  PID:7480
- C:\Windows\System\uYdTJwT.exe
  C:\Windows\System\uYdTJwT.exe
  2⤵
  PID:7484
- C:\Windows\System\RQfndaf.exe
  C:\Windows\System\RQfndaf.exe
  2⤵
  PID:7548
- C:\Windows\System\kEwXYqX.exe
  C:\Windows\System\kEwXYqX.exe
  2⤵
  PID:7544
- C:\Windows\System\KKKnQTx.exe
  C:\Windows\System\KKKnQTx.exe
  2⤵
  PID:7560
- C:\Windows\System\EpvTbzZ.exe
  C:\Windows\System\EpvTbzZ.exe
  2⤵
  PID:7624
- C:\Windows\System\cOnNHcB.exe
  C:\Windows\System\cOnNHcB.exe
  2⤵
  PID:7640
- C:\Windows\System\vgAxRcc.exe
  C:\Windows\System\vgAxRcc.exe
  2⤵
  PID:7664
- C:\Windows\System\daPSNFI.exe
  C:\Windows\System\daPSNFI.exe
  2⤵
  PID:7680
- C:\Windows\System\qNvKbhy.exe
  C:\Windows\System\qNvKbhy.exe
  2⤵
  PID:7740
- C:\Windows\System\ZkvWeRo.exe
  C:\Windows\System\ZkvWeRo.exe
  2⤵
  PID:1564
- C:\Windows\System\oGTGdhd.exe
  C:\Windows\System\oGTGdhd.exe
  2⤵
  PID:7304
- C:\Windows\System\CcLDvMk.exe
  C:\Windows\System\CcLDvMk.exe
  2⤵
  PID:7852
- C:\Windows\System\wEFuNQw.exe
  C:\Windows\System\wEFuNQw.exe
  2⤵
  PID:1456
- C:\Windows\System\giExSVS.exe
  C:\Windows\System\giExSVS.exe
  2⤵
  PID:2908
- C:\Windows\System\ylyDBcH.exe
  C:\Windows\System\ylyDBcH.exe
  2⤵
  PID:7916
- C:\Windows\System\BtycDCN.exe
  C:\Windows\System\BtycDCN.exe
  2⤵
  PID:7984
- C:\Windows\System\rslRONc.exe
  C:\Windows\System\rslRONc.exe
  2⤵
  PID:7892
- C:\Windows\System\RwAGLUv.exe
  C:\Windows\System\RwAGLUv.exe
  2⤵
  PID:7972
- C:\Windows\System\iOzprsd.exe
  C:\Windows\System\iOzprsd.exe
  2⤵
  PID:8072
- C:\Windows\System\MhHcZYF.exe
  C:\Windows\System\MhHcZYF.exe
  2⤵
  PID:8104
- C:\Windows\System\GHgaHCk.exe
  C:\Windows\System\GHgaHCk.exe
  2⤵
  PID:8116
- C:\Windows\System\qanpMDo.exe
  C:\Windows\System\qanpMDo.exe
  2⤵
  PID:8132
- C:\Windows\System\OCEnGTj.exe
  C:\Windows\System\OCEnGTj.exe
  2⤵
  PID:6316
- C:\Windows\System\SSJyifW.exe
  C:\Windows\System\SSJyifW.exe
  2⤵
  PID:8136
- C:\Windows\System\yqwWPqI.exe
  C:\Windows\System\yqwWPqI.exe
  2⤵
  PID:8184
- C:\Windows\System\ErDCOtN.exe
  C:\Windows\System\ErDCOtN.exe
  2⤵
  PID:7104
- C:\Windows\System\fQUaCoR.exe
  C:\Windows\System\fQUaCoR.exe
  2⤵
  PID:7208
- C:\Windows\System\vNSUuBV.exe
  C:\Windows\System\vNSUuBV.exe
  2⤵
  PID:7232
- C:\Windows\System\hhvAwvN.exe
  C:\Windows\System\hhvAwvN.exe
  2⤵
  PID:7364
- C:\Windows\System\lvmeusj.exe
  C:\Windows\System\lvmeusj.exe
  2⤵
  PID:7460
- C:\Windows\System\mbTjcna.exe
  C:\Windows\System\mbTjcna.exe
  2⤵
  PID:7524
- C:\Windows\System\LigYrun.exe
  C:\Windows\System\LigYrun.exe
  2⤵
  PID:7376
- C:\Windows\System\hDNXjli.exe
  C:\Windows\System\hDNXjli.exe
  2⤵
  PID:7620
- C:\Windows\System\ZAbvHMs.exe
  C:\Windows\System\ZAbvHMs.exe
  2⤵
  PID:7520
- C:\Windows\System\pLqqtFD.exe
  C:\Windows\System\pLqqtFD.exe
  2⤵
  PID:7644
- C:\Windows\System\dFnOBwj.exe
  C:\Windows\System\dFnOBwj.exe
  2⤵
  PID:2092
- C:\Windows\System\DJvkhzw.exe
  C:\Windows\System\DJvkhzw.exe
  2⤵
  PID:1800
- C:\Windows\System\oCSpIfa.exe
  C:\Windows\System\oCSpIfa.exe
  2⤵
  PID:7912
- C:\Windows\System\ldNHoxh.exe
  C:\Windows\System\ldNHoxh.exe
  2⤵
  PID:8040
- C:\Windows\System\xdXUfsw.exe
  C:\Windows\System\xdXUfsw.exe
  2⤵
  PID:8052
- C:\Windows\System\OEBrrAe.exe
  C:\Windows\System\OEBrrAe.exe
  2⤵
  PID:7936
- C:\Windows\System\QdEsSxh.exe
  C:\Windows\System\QdEsSxh.exe
  2⤵
  PID:8092
- C:\Windows\System\rhfdzlD.exe
  C:\Windows\System\rhfdzlD.exe
  2⤵
  PID:7956
- C:\Windows\System\nhfJNDh.exe
  C:\Windows\System\nhfJNDh.exe
  2⤵
  PID:7968
- C:\Windows\System\buIomPC.exe
  C:\Windows\System\buIomPC.exe
  2⤵
  PID:2728
- C:\Windows\System\UrQwXbj.exe
  C:\Windows\System\UrQwXbj.exe
  2⤵
  PID:7256
- C:\Windows\System\hNHrrkn.exe
  C:\Windows\System\hNHrrkn.exe
  2⤵
  PID:7320
- C:\Windows\System\muszHip.exe
  C:\Windows\System\muszHip.exe
  2⤵
  PID:7564
- C:\Windows\System\fDrGbbq.exe
  C:\Windows\System\fDrGbbq.exe
  2⤵
  PID:7628
- C:\Windows\System\nSqYYJN.exe
  C:\Windows\System\nSqYYJN.exe
  2⤵
  PID:7216
- C:\Windows\System\ybDUYRF.exe
  C:\Windows\System\ybDUYRF.exe
  2⤵
  PID:7684
- C:\Windows\System\sHkGsAD.exe
  C:\Windows\System\sHkGsAD.exe
  2⤵
  PID:7768
- C:\Windows\System\ydhgTsv.exe
  C:\Windows\System\ydhgTsv.exe
  2⤵
  PID:7908
- C:\Windows\System\ZYYRSBy.exe
  C:\Windows\System\ZYYRSBy.exe
  2⤵
  PID:7876
- C:\Windows\System\bBzTwuJ.exe
  C:\Windows\System\bBzTwuJ.exe
  2⤵
  PID:8156
- C:\Windows\System\XlgiDSd.exe
  C:\Windows\System\XlgiDSd.exe
  2⤵
  PID:7188
- C:\Windows\System\TyJHlve.exe
  C:\Windows\System\TyJHlve.exe
  2⤵
  PID:8176
- C:\Windows\System\IEtHNAT.exe
  C:\Windows\System\IEtHNAT.exe
  2⤵
  PID:7192
- C:\Windows\System\rSwVYsT.exe
  C:\Windows\System\rSwVYsT.exe
  2⤵
  PID:7416
- C:\Windows\System\DJORYfc.exe
  C:\Windows\System\DJORYfc.exe
  2⤵
  PID:8172
- C:\Windows\System\CVtAJbk.exe
  C:\Windows\System\CVtAJbk.exe
  2⤵
  PID:2756
- C:\Windows\System\pRqYhcS.exe
  C:\Windows\System\pRqYhcS.exe
  2⤵
  PID:7540
- C:\Windows\System\bTXfpIw.exe
  C:\Windows\System\bTXfpIw.exe
  2⤵
  PID:8200
- C:\Windows\System\CSCgeZb.exe
  C:\Windows\System\CSCgeZb.exe
  2⤵
  PID:8216
- C:\Windows\System\ioKtRSl.exe
  C:\Windows\System\ioKtRSl.exe
  2⤵
  PID:8244
- C:\Windows\System\MOHdOWO.exe
  C:\Windows\System\MOHdOWO.exe
  2⤵
  PID:8260
- C:\Windows\System\lQpqYSg.exe
  C:\Windows\System\lQpqYSg.exe
  2⤵
  PID:8284
- C:\Windows\System\jBvzLEC.exe
  C:\Windows\System\jBvzLEC.exe
  2⤵
  PID:8304
- C:\Windows\System\GUYUSjK.exe
  C:\Windows\System\GUYUSjK.exe
  2⤵
  PID:8344
- C:\Windows\System\VeXkdjU.exe
  C:\Windows\System\VeXkdjU.exe
  2⤵
  PID:8364
- C:\Windows\System\BPIqScV.exe
  C:\Windows\System\BPIqScV.exe
  2⤵
  PID:8396
- C:\Windows\System\vurznZj.exe
  C:\Windows\System\vurznZj.exe
  2⤵
  PID:8412
- C:\Windows\System\nBRDSDh.exe
  C:\Windows\System\nBRDSDh.exe
  2⤵
  PID:8436
- C:\Windows\System\ycbHqLv.exe
  C:\Windows\System\ycbHqLv.exe
  2⤵
  PID:8452
- C:\Windows\System\xuIlBZJ.exe
  C:\Windows\System\xuIlBZJ.exe
  2⤵
  PID:8476
- C:\Windows\System\TcbREJA.exe
  C:\Windows\System\TcbREJA.exe
  2⤵
  PID:8492
- C:\Windows\System\xjzFFhK.exe
  C:\Windows\System\xjzFFhK.exe
  2⤵
  PID:8516
- C:\Windows\System\LTGcUEz.exe
  C:\Windows\System\LTGcUEz.exe
  2⤵
  PID:8532
- C:\Windows\System\GvHcdqo.exe
  C:\Windows\System\GvHcdqo.exe
  2⤵
  PID:8552
- C:\Windows\System\AesRvIg.exe
  C:\Windows\System\AesRvIg.exe
  2⤵
  PID:8568
- C:\Windows\System\nHSoJKu.exe
  C:\Windows\System\nHSoJKu.exe
  2⤵
  PID:8604
- C:\Windows\System\JxiqYvX.exe
  C:\Windows\System\JxiqYvX.exe
  2⤵
  PID:8624
- C:\Windows\System\jABepip.exe
  C:\Windows\System\jABepip.exe
  2⤵
  PID:8640
- C:\Windows\System\nQeHlVb.exe
  C:\Windows\System\nQeHlVb.exe
  2⤵
  PID:8656
- C:\Windows\System\TcQosVX.exe
  C:\Windows\System\TcQosVX.exe
  2⤵
  PID:8700
- C:\Windows\System\TsAuFJj.exe
  C:\Windows\System\TsAuFJj.exe
  2⤵
  PID:8716
- C:\Windows\System\DPGlMpl.exe
  C:\Windows\System\DPGlMpl.exe
  2⤵
  PID:8732
- C:\Windows\System\dUOoHSE.exe
  C:\Windows\System\dUOoHSE.exe
  2⤵
  PID:8748
- C:\Windows\System\nrdTESh.exe
  C:\Windows\System\nrdTESh.exe
  2⤵
  PID:8764
- C:\Windows\System\REscOYU.exe
  C:\Windows\System\REscOYU.exe
  2⤵
  PID:8800
- C:\Windows\System\WEvfnEW.exe
  C:\Windows\System\WEvfnEW.exe
  2⤵
  PID:8816
- C:\Windows\System\hByVVHb.exe
  C:\Windows\System\hByVVHb.exe
  2⤵
  PID:8832
- C:\Windows\System\YGwUpGI.exe
  C:\Windows\System\YGwUpGI.exe
  2⤵
  PID:8848
- C:\Windows\System\PwkyyhK.exe
  C:\Windows\System\PwkyyhK.exe
  2⤵
  PID:8884
- C:\Windows\System\JbKnZBE.exe
  C:\Windows\System\JbKnZBE.exe
  2⤵
  PID:8900
- C:\Windows\System\zyXPDUv.exe
  C:\Windows\System\zyXPDUv.exe
  2⤵
  PID:8916
- C:\Windows\System\QWxicfJ.exe
  C:\Windows\System\QWxicfJ.exe
  2⤵
  PID:8936
- C:\Windows\System\hcRxKPi.exe
  C:\Windows\System\hcRxKPi.exe
  2⤵
  PID:8956
- C:\Windows\System\hSHClhB.exe
  C:\Windows\System\hSHClhB.exe
  2⤵
  PID:8972
- C:\Windows\System\igIRVWt.exe
  C:\Windows\System\igIRVWt.exe
  2⤵
  PID:8992
- C:\Windows\System\snxzeUi.exe
  C:\Windows\System\snxzeUi.exe
  2⤵
  PID:9016
- C:\Windows\System\IptRKaL.exe
  C:\Windows\System\IptRKaL.exe
  2⤵
  PID:9032
- C:\Windows\System\GBcdIMu.exe
  C:\Windows\System\GBcdIMu.exe
  2⤵
  PID:9056
- C:\Windows\System\yobidUk.exe
  C:\Windows\System\yobidUk.exe
  2⤵
  PID:9080
- C:\Windows\System\kQJDoQE.exe
  C:\Windows\System\kQJDoQE.exe
  2⤵
  PID:9100
- C:\Windows\System\tklgHbe.exe
  C:\Windows\System\tklgHbe.exe
  2⤵
  PID:9128
- C:\Windows\System\hdGyGPn.exe
  C:\Windows\System\hdGyGPn.exe
  2⤵
  PID:9144
- C:\Windows\System\bDmjBbQ.exe
  C:\Windows\System\bDmjBbQ.exe
  2⤵
  PID:9160
- C:\Windows\System\KvRrSzk.exe
  C:\Windows\System\KvRrSzk.exe
  2⤵
  PID:9180
- C:\Windows\System\MAciLkT.exe
  C:\Windows\System\MAciLkT.exe
  2⤵
  PID:9208
- C:\Windows\System\eqkvUzV.exe
  C:\Windows\System\eqkvUzV.exe
  2⤵
  PID:7856
- C:\Windows\System\SsfkZpz.exe
  C:\Windows\System\SsfkZpz.exe
  2⤵
  PID:8252
- C:\Windows\System\yMoeyME.exe
  C:\Windows\System\yMoeyME.exe
  2⤵
  PID:7488
- C:\Windows\System\hELUYeJ.exe
  C:\Windows\System\hELUYeJ.exe
  2⤵
  PID:2336
- C:\Windows\System\KosuLnG.exe
  C:\Windows\System\KosuLnG.exe
  2⤵
  PID:2372
- C:\Windows\System\fNlDFtz.exe
  C:\Windows\System\fNlDFtz.exe
  2⤵
  PID:7324
- C:\Windows\System\GuxxNYP.exe
  C:\Windows\System\GuxxNYP.exe
  2⤵
  PID:8228
- C:\Windows\System\dqMfXGi.exe
  C:\Windows\System\dqMfXGi.exe
  2⤵
  PID:8352
- C:\Windows\System\Ojpdpfu.exe
  C:\Windows\System\Ojpdpfu.exe
  2⤵
  PID:8272
- C:\Windows\System\QKptAVQ.exe
  C:\Windows\System\QKptAVQ.exe
  2⤵
  PID:8320
- C:\Windows\System\pYoLIlO.exe
  C:\Windows\System\pYoLIlO.exe
  2⤵
  PID:8340
- C:\Windows\System\SMDzqgP.exe
  C:\Windows\System\SMDzqgP.exe
  2⤵
  PID:8408
- C:\Windows\System\niNtvdH.exe
  C:\Windows\System\niNtvdH.exe
  2⤵
  PID:8428
- C:\Windows\System\TiwiDUm.exe
  C:\Windows\System\TiwiDUm.exe
  2⤵
  PID:8488
- C:\Windows\System\zgEsxJz.exe
  C:\Windows\System\zgEsxJz.exe
  2⤵
  PID:8504
- C:\Windows\System\IYlTofo.exe
  C:\Windows\System\IYlTofo.exe
  2⤵
  PID:8548
- C:\Windows\System\bPTtIzo.exe
  C:\Windows\System\bPTtIzo.exe
  2⤵
  PID:8616
- C:\Windows\System\bTTLBAp.exe
  C:\Windows\System\bTTLBAp.exe
  2⤵
  PID:8632
- C:\Windows\System\nqNJuQs.exe
  C:\Windows\System\nqNJuQs.exe
  2⤵
  PID:8680
- C:\Windows\System\uNAUMYJ.exe
  C:\Windows\System\uNAUMYJ.exe
  2⤵
  PID:8708
- C:\Windows\System\YhhwAlT.exe
  C:\Windows\System\YhhwAlT.exe
  2⤵
  PID:8744
- C:\Windows\System\HZAUQmt.exe
  C:\Windows\System\HZAUQmt.exe
  2⤵
  PID:8772
- C:\Windows\System\rOGFoNS.exe
  C:\Windows\System\rOGFoNS.exe
  2⤵
  PID:8792
- C:\Windows\System\MwiKbdJ.exe
  C:\Windows\System\MwiKbdJ.exe
  2⤵
  PID:8812
- C:\Windows\System\sRaoJde.exe
  C:\Windows\System\sRaoJde.exe
  2⤵
  PID:8864
- C:\Windows\System\LjqSVtv.exe
  C:\Windows\System\LjqSVtv.exe
  2⤵
  PID:768
- C:\Windows\System\SyGahsJ.exe
  C:\Windows\System\SyGahsJ.exe
  2⤵
  PID:2432
- C:\Windows\System\KvBlcqB.exe
  C:\Windows\System\KvBlcqB.exe
  2⤵
  PID:8880
- C:\Windows\System\IDNOCoX.exe
  C:\Windows\System\IDNOCoX.exe
  2⤵
  PID:8908
- C:\Windows\System\xQswPom.exe
  C:\Windows\System\xQswPom.exe
  2⤵
  PID:8932
- C:\Windows\System\mCjogAs.exe
  C:\Windows\System\mCjogAs.exe
  2⤵
  PID:2480
- C:\Windows\System\gdjWaDy.exe
  C:\Windows\System\gdjWaDy.exe
  2⤵
  PID:8868
- C:\Windows\System\vQgGDvD.exe
  C:\Windows\System\vQgGDvD.exe
  2⤵
  PID:2328
- C:\Windows\System\RUcVbhx.exe
  C:\Windows\System\RUcVbhx.exe
  2⤵
  PID:808
- C:\Windows\System\BfyJQzQ.exe
  C:\Windows\System\BfyJQzQ.exe
  2⤵
  PID:9000
- C:\Windows\System\mRRqcHX.exe
  C:\Windows\System\mRRqcHX.exe
  2⤵
  PID:9048
- C:\Windows\System\DECZQoL.exe
  C:\Windows\System\DECZQoL.exe
  2⤵
  PID:9076
- C:\Windows\System\zmjubrp.exe
  C:\Windows\System\zmjubrp.exe
  2⤵
  PID:9096
- C:\Windows\System\XGRTPCl.exe
  C:\Windows\System\XGRTPCl.exe
  2⤵
  PID:9124
- C:\Windows\System\KoPhjSX.exe
  C:\Windows\System\KoPhjSX.exe
  2⤵
  PID:9168
- C:\Windows\System\AnuQLBy.exe
  C:\Windows\System\AnuQLBy.exe
  2⤵
  PID:9200
- C:\Windows\System\BjeBUss.exe
  C:\Windows\System\BjeBUss.exe
  2⤵
  PID:7172
- C:\Windows\System\BOKbJRE.exe
  C:\Windows\System\BOKbJRE.exe
  2⤵
  PID:7508
- C:\Windows\System\LQXBQgF.exe
  C:\Windows\System\LQXBQgF.exe
  2⤵
  PID:1668
- C:\Windows\System\WQebkHh.exe
  C:\Windows\System\WQebkHh.exe
  2⤵
  PID:8300
- C:\Windows\System\DtMXoTc.exe
  C:\Windows\System\DtMXoTc.exe
  2⤵
  PID:8224
- C:\Windows\System\HTKNxfS.exe
  C:\Windows\System\HTKNxfS.exe
  2⤵
  PID:8376
- C:\Windows\System\sYNwyOT.exe
  C:\Windows\System\sYNwyOT.exe
  2⤵
  PID:8392
- C:\Windows\System\FXTftxe.exe
  C:\Windows\System\FXTftxe.exe
  2⤵
  PID:8472
- C:\Windows\System\agaivgw.exe
  C:\Windows\System\agaivgw.exe
  2⤵
  PID:8540
- C:\Windows\System\ASQvUpc.exe
  C:\Windows\System\ASQvUpc.exe
  2⤵
  PID:8424
- C:\Windows\System\CUZBAfh.exe
  C:\Windows\System\CUZBAfh.exe
  2⤵
  PID:8668
- C:\Windows\System\zCPVJks.exe
  C:\Windows\System\zCPVJks.exe
  2⤵
  PID:8688
- C:\Windows\System\XDewXNK.exe
  C:\Windows\System\XDewXNK.exe
  2⤵
  PID:2144
- C:\Windows\System\GVzyBiU.exe
  C:\Windows\System\GVzyBiU.exe
  2⤵
  PID:8780
- C:\Windows\System\BessZIk.exe
  C:\Windows\System\BessZIk.exe
  2⤵
  PID:8844
- C:\Windows\System\fJxnKUu.exe
  C:\Windows\System\fJxnKUu.exe
  2⤵
  PID:1784
- C:\Windows\System\NoWnfUp.exe
  C:\Windows\System\NoWnfUp.exe
  2⤵
  PID:440
- C:\Windows\System\AaomZrO.exe
  C:\Windows\System\AaomZrO.exe
  2⤵
  PID:9044
- C:\Windows\System\GAfIivl.exe
  C:\Windows\System\GAfIivl.exe
  2⤵
  PID:9040
- C:\Windows\System\dwovFBL.exe
  C:\Windows\System\dwovFBL.exe
  2⤵
  PID:8928
- C:\Windows\System\rEBOfpK.exe
  C:\Windows\System\rEBOfpK.exe
  2⤵
  PID:9136
- C:\Windows\System\FsYrHoJ.exe
  C:\Windows\System\FsYrHoJ.exe
  2⤵
  PID:7360
- C:\Windows\System\uPvwYhY.exe
  C:\Windows\System\uPvwYhY.exe
  2⤵
  PID:9024
- C:\Windows\System\yPSzLUO.exe
  C:\Windows\System\yPSzLUO.exe
  2⤵
  PID:9012
- C:\Windows\System\YfePIzO.exe
  C:\Windows\System\YfePIzO.exe
  2⤵
  PID:8088
- C:\Windows\System\DnIVVQf.exe
  C:\Windows\System\DnIVVQf.exe
  2⤵
  PID:8296
- C:\Windows\System\UWhsuJo.exe
  C:\Windows\System\UWhsuJo.exe
  2⤵
  PID:8268
- C:\Windows\System\FbprWtV.exe
  C:\Windows\System\FbprWtV.exe
  2⤵
  PID:8332
- C:\Windows\System\HPaYZUa.exe
  C:\Windows\System\HPaYZUa.exe
  2⤵
  PID:8464
- C:\Windows\System\PrLqJqr.exe
  C:\Windows\System\PrLqJqr.exe
  2⤵
  PID:8576
- C:\Windows\System\rUmAErj.exe
  C:\Windows\System\rUmAErj.exe
  2⤵
  PID:8740
- C:\Windows\System\MxvZjmf.exe
  C:\Windows\System\MxvZjmf.exe
  2⤵
  PID:8588
- C:\Windows\System\MIpEBoI.exe
  C:\Windows\System\MIpEBoI.exe
  2⤵
  PID:8924
- C:\Windows\System\czXukWf.exe
  C:\Windows\System\czXukWf.exe
  2⤵
  PID:8968
- C:\Windows\System\AECPQpn.exe
  C:\Windows\System\AECPQpn.exe
  2⤵
  PID:8988
- C:\Windows\System\wPZoiOA.exe
  C:\Windows\System\wPZoiOA.exe
  2⤵
  PID:8896
- C:\Windows\System\PMIIwSL.exe
  C:\Windows\System\PMIIwSL.exe
  2⤵
  PID:9188
- C:\Windows\System\onBdMZt.exe
  C:\Windows\System\onBdMZt.exe
  2⤵
  PID:9196
- C:\Windows\System\GsMhOyM.exe
  C:\Windows\System\GsMhOyM.exe
  2⤵
  PID:9116
- C:\Windows\System\yfsoQbP.exe
  C:\Windows\System\yfsoQbP.exe
  2⤵
  PID:1000
- C:\Windows\System\rKvEjSV.exe
  C:\Windows\System\rKvEjSV.exe
  2⤵
  PID:7344
- C:\Windows\System\jdUoqtJ.exe
  C:\Windows\System\jdUoqtJ.exe
  2⤵
  PID:8420
- C:\Windows\System\pzCPpPS.exe
  C:\Windows\System\pzCPpPS.exe
  2⤵
  PID:8512
- C:\Windows\System\pERcEMb.exe
  C:\Windows\System\pERcEMb.exe
  2⤵
  PID:8676
- C:\Windows\System\EofBXOg.exe
  C:\Windows\System\EofBXOg.exe
  2⤵
  PID:1504
- C:\Windows\System\pUhKIoJ.exe
  C:\Windows\System\pUhKIoJ.exe
  2⤵
  PID:2264
- C:\Windows\System\QXnyCvn.exe
  C:\Windows\System\QXnyCvn.exe
  2⤵
  PID:1756
- C:\Windows\System\LnxaqUN.exe
  C:\Windows\System\LnxaqUN.exe
  2⤵
  PID:2168
- C:\Windows\System\uWFsnEB.exe
  C:\Windows\System\uWFsnEB.exe
  2⤵
  PID:8236
- C:\Windows\System\HtyIgZS.exe
  C:\Windows\System\HtyIgZS.exe
  2⤵
  PID:8468
- C:\Windows\System\TiPjEWW.exe
  C:\Windows\System\TiPjEWW.exe
  2⤵
  PID:8580
- C:\Windows\System\GucGYMu.exe
  C:\Windows\System\GucGYMu.exe
  2⤵
  PID:9064
- C:\Windows\System\UPafdFP.exe
  C:\Windows\System\UPafdFP.exe
  2⤵
  PID:8984
- C:\Windows\System\nBwwxsY.exe
  C:\Windows\System\nBwwxsY.exe
  2⤵
  PID:7196
- C:\Windows\System\kUjXACS.exe
  C:\Windows\System\kUjXACS.exe
  2⤵
  PID:2504
- C:\Windows\System\HUPJrlG.exe
  C:\Windows\System\HUPJrlG.exe
  2⤵
  PID:8808
- C:\Windows\System\gUcnnpe.exe
  C:\Windows\System\gUcnnpe.exe
  2⤵
  PID:8664
- C:\Windows\System\BRVOgXQ.exe
  C:\Windows\System\BRVOgXQ.exe
  2⤵
  PID:8484
- C:\Windows\System\DhpmVhh.exe
  C:\Windows\System\DhpmVhh.exe
  2⤵
  PID:9192
- C:\Windows\System\hNObHiO.exe
  C:\Windows\System\hNObHiO.exe
  2⤵
  PID:9232
- C:\Windows\System\DEhFsGC.exe
  C:\Windows\System\DEhFsGC.exe
  2⤵
  PID:9248
- C:\Windows\System\oqvDUZO.exe
  C:\Windows\System\oqvDUZO.exe
  2⤵
  PID:9264
- C:\Windows\System\QSCHQHM.exe
  C:\Windows\System\QSCHQHM.exe
  2⤵
  PID:9284
- C:\Windows\System\MbzYpyS.exe
  C:\Windows\System\MbzYpyS.exe
  2⤵
  PID:9304
- C:\Windows\System\UBRZpvp.exe
  C:\Windows\System\UBRZpvp.exe
  2⤵
  PID:9320
- C:\Windows\System\aqmhTsr.exe
  C:\Windows\System\aqmhTsr.exe
  2⤵
  PID:9348
- C:\Windows\System\pYCEHeC.exe
  C:\Windows\System\pYCEHeC.exe
  2⤵
  PID:9364
- C:\Windows\System\VvTpRio.exe
  C:\Windows\System\VvTpRio.exe
  2⤵
  PID:9400
- C:\Windows\System\pEKqskJ.exe
  C:\Windows\System\pEKqskJ.exe
  2⤵
  PID:9416
- C:\Windows\System\eAtCqFr.exe
  C:\Windows\System\eAtCqFr.exe
  2⤵
  PID:9440
- C:\Windows\System\TtlZfCy.exe
  C:\Windows\System\TtlZfCy.exe
  2⤵
  PID:9456
- C:\Windows\System\IDNUaWG.exe
  C:\Windows\System\IDNUaWG.exe
  2⤵
  PID:9472
- C:\Windows\System\nrTLIpO.exe
  C:\Windows\System\nrTLIpO.exe
  2⤵
  PID:9492
- C:\Windows\System\zsybMOF.exe
  C:\Windows\System\zsybMOF.exe
  2⤵
  PID:9520
- C:\Windows\System\zQZQoqO.exe
  C:\Windows\System\zQZQoqO.exe
  2⤵
  PID:9552
- C:\Windows\System\PwyrxOk.exe
  C:\Windows\System\PwyrxOk.exe
  2⤵
  PID:9576
- C:\Windows\System\UuaUUSX.exe
  C:\Windows\System\UuaUUSX.exe
  2⤵
  PID:9596
- C:\Windows\System\bXrOmCh.exe
  C:\Windows\System\bXrOmCh.exe
  2⤵
  PID:9616
- C:\Windows\System\ZAFCTpW.exe
  C:\Windows\System\ZAFCTpW.exe
  2⤵
  PID:9632
- C:\Windows\System\AxCOatZ.exe
  C:\Windows\System\AxCOatZ.exe
  2⤵
  PID:9656
- C:\Windows\System\GysupDf.exe
  C:\Windows\System\GysupDf.exe
  2⤵
  PID:9676
- C:\Windows\System\vClPquy.exe
  C:\Windows\System\vClPquy.exe
  2⤵
  PID:9696
- C:\Windows\System\rKqMDAE.exe
  C:\Windows\System\rKqMDAE.exe
  2⤵
  PID:9716
- C:\Windows\System\LTVudJB.exe
  C:\Windows\System\LTVudJB.exe
  2⤵
  PID:9736
- C:\Windows\System\jROuUJT.exe
  C:\Windows\System\jROuUJT.exe
  2⤵
  PID:9756
- C:\Windows\System\ZJLnHTx.exe
  C:\Windows\System\ZJLnHTx.exe
  2⤵
  PID:9772
- C:\Windows\System\eAVfwxL.exe
  C:\Windows\System\eAVfwxL.exe
  2⤵
  PID:9796
- C:\Windows\System\HzNMQHy.exe
  C:\Windows\System\HzNMQHy.exe
  2⤵
  PID:9812
- C:\Windows\System\hQfFCWm.exe
  C:\Windows\System\hQfFCWm.exe
  2⤵
  PID:9840
- C:\Windows\System\bsPztkn.exe
  C:\Windows\System\bsPztkn.exe
  2⤵
  PID:9856
- C:\Windows\System\uoDZHtO.exe
  C:\Windows\System\uoDZHtO.exe
  2⤵
  PID:9876
- C:\Windows\System\qXFGlrI.exe
  C:\Windows\System\qXFGlrI.exe
  2⤵
  PID:9892
- C:\Windows\System\XFBmONM.exe
  C:\Windows\System\XFBmONM.exe
  2⤵
  PID:9912
- C:\Windows\System\rbagIJa.exe
  C:\Windows\System\rbagIJa.exe
  2⤵
  PID:9928
- C:\Windows\System\EFFfucF.exe
  C:\Windows\System\EFFfucF.exe
  2⤵
  PID:9948
- C:\Windows\System\nDbdEez.exe
  C:\Windows\System\nDbdEez.exe
  2⤵
  PID:9972
- C:\Windows\System\OlsMSWF.exe
  C:\Windows\System\OlsMSWF.exe
  2⤵
  PID:9988
- C:\Windows\System\SIZMzHx.exe
  C:\Windows\System\SIZMzHx.exe
  2⤵
  PID:10004
- C:\Windows\System\GoisVEt.exe
  C:\Windows\System\GoisVEt.exe
  2⤵
  PID:10020
- C:\Windows\System\UPcuGri.exe
  C:\Windows\System\UPcuGri.exe
  2⤵
  PID:10036
- C:\Windows\System\jZxzfCi.exe
  C:\Windows\System\jZxzfCi.exe
  2⤵
  PID:10056
- C:\Windows\System\CBuWgmR.exe
  C:\Windows\System\CBuWgmR.exe
  2⤵
  PID:10080
- C:\Windows\System\KCmRosR.exe
  C:\Windows\System\KCmRosR.exe
  2⤵
  PID:10104
- C:\Windows\System\qeWDHVB.exe
  C:\Windows\System\qeWDHVB.exe
  2⤵
  PID:10120
- C:\Windows\System\RqaVVVp.exe
  C:\Windows\System\RqaVVVp.exe
  2⤵
  PID:10140
- C:\Windows\System\lWKJHya.exe
  C:\Windows\System\lWKJHya.exe
  2⤵
  PID:10164
- C:\Windows\System\TEhMEwr.exe
  C:\Windows\System\TEhMEwr.exe
  2⤵
  PID:10184
- C:\Windows\System\ZJLnoXH.exe
  C:\Windows\System\ZJLnoXH.exe
  2⤵
  PID:10200
- C:\Windows\System\Fejfooi.exe
  C:\Windows\System\Fejfooi.exe
  2⤵
  PID:10220
- C:\Windows\System\OuRwiwI.exe
  C:\Windows\System\OuRwiwI.exe
  2⤵
  PID:10236
- C:\Windows\System\TsIlRgS.exe
  C:\Windows\System\TsIlRgS.exe
  2⤵
  PID:1552
- C:\Windows\System\ygIhpMw.exe
  C:\Windows\System\ygIhpMw.exe
  2⤵
  PID:9276
- C:\Windows\System\ijbwdHP.exe
  C:\Windows\System\ijbwdHP.exe
  2⤵
  PID:8380
- C:\Windows\System\TJJwfWF.exe
  C:\Windows\System\TJJwfWF.exe
  2⤵
  PID:9412
- C:\Windows\System\QhmfvRj.exe
  C:\Windows\System\QhmfvRj.exe
  2⤵
  PID:9384
- C:\Windows\System\xnPYRev.exe
  C:\Windows\System\xnPYRev.exe
  2⤵
  PID:9292
- C:\Windows\System\OCRzBjQ.exe
  C:\Windows\System\OCRzBjQ.exe
  2⤵
  PID:9336
- C:\Windows\System\BLmVEdU.exe
  C:\Windows\System\BLmVEdU.exe
  2⤵
  PID:9224
- C:\Windows\System\BCfCboT.exe
  C:\Windows\System\BCfCboT.exe
  2⤵
  PID:9424
- C:\Windows\System\McWBKgY.exe
  C:\Windows\System\McWBKgY.exe
  2⤵
  PID:9432
- C:\Windows\System\WivYAxh.exe
  C:\Windows\System\WivYAxh.exe
  2⤵
  PID:9512
- C:\Windows\System\AcYZDHw.exe
  C:\Windows\System\AcYZDHw.exe
  2⤵
  PID:9544
- C:\Windows\System\DEzgMcu.exe
  C:\Windows\System\DEzgMcu.exe
  2⤵
  PID:9572
- C:\Windows\System\skFnmIO.exe
  C:\Windows\System\skFnmIO.exe
  2⤵
  PID:9624
- C:\Windows\System\HlEGvXJ.exe
  C:\Windows\System\HlEGvXJ.exe
  2⤵
  PID:9640
- C:\Windows\System\lLbrURu.exe
  C:\Windows\System\lLbrURu.exe
  2⤵
  PID:9668
- C:\Windows\System\LtzgCLL.exe
  C:\Windows\System\LtzgCLL.exe
  2⤵
  PID:9712
- C:\Windows\System\NqtQZBC.exe
  C:\Windows\System\NqtQZBC.exe
  2⤵
  PID:9728
- C:\Windows\System\JIobWVm.exe
  C:\Windows\System\JIobWVm.exe
  2⤵
  PID:9748
- C:\Windows\System\tAdmMjQ.exe
  C:\Windows\System\tAdmMjQ.exe
  2⤵
  PID:9788
- C:\Windows\System\PwHDdmn.exe
  C:\Windows\System\PwHDdmn.exe
  2⤵
  PID:9808
- C:\Windows\System\uLPmrFk.exe
  C:\Windows\System\uLPmrFk.exe
  2⤵
  PID:9848
- C:\Windows\System\fmiZiKg.exe
  C:\Windows\System\fmiZiKg.exe
  2⤵
  PID:9900
- C:\Windows\System\aUFTCBr.exe
  C:\Windows\System\aUFTCBr.exe
  2⤵
  PID:9944
- C:\Windows\System\wkBxfiV.exe
  C:\Windows\System\wkBxfiV.exe
  2⤵
  PID:10016
- C:\Windows\System\EmAhGVq.exe
  C:\Windows\System\EmAhGVq.exe
  2⤵
  PID:10092
- C:\Windows\System\acImEVJ.exe
  C:\Windows\System\acImEVJ.exe
  2⤵
  PID:9964
- C:\Windows\System\IQzGZfn.exe
  C:\Windows\System\IQzGZfn.exe
  2⤵
  PID:10208
- C:\Windows\System\fTPBFFC.exe
  C:\Windows\System\fTPBFFC.exe
  2⤵
  PID:9312
- C:\Windows\System\iIkTBZJ.exe
  C:\Windows\System\iIkTBZJ.exe
  2⤵
  PID:10076
- C:\Windows\System\VQuAWtm.exe
  C:\Windows\System\VQuAWtm.exe
  2⤵
  PID:10028
- C:\Windows\System\lMzuxzx.exe
  C:\Windows\System\lMzuxzx.exe
  2⤵
  PID:9380
- C:\Windows\System\bjteivW.exe
  C:\Windows\System\bjteivW.exe
  2⤵
  PID:9504
- C:\Windows\System\BxoVktn.exe
  C:\Windows\System\BxoVktn.exe
  2⤵
  PID:9548
- C:\Windows\System\FlpwXKq.exe
  C:\Windows\System\FlpwXKq.exe
  2⤵
  PID:9644
- C:\Windows\System\rfefHxL.exe
  C:\Windows\System\rfefHxL.exe
  2⤵
  PID:9688
- C:\Windows\System\MBSezgW.exe
  C:\Windows\System\MBSezgW.exe
  2⤵
  PID:9804
- C:\Windows\System\nVBEsCk.exe
  C:\Windows\System\nVBEsCk.exe
  2⤵
  PID:9888
- C:\Windows\System\wpLyzuH.exe
  C:\Windows\System\wpLyzuH.exe
  2⤵
  PID:9984
- C:\Windows\System\spwgpbU.exe
  C:\Windows\System\spwgpbU.exe
  2⤵
  PID:9836
- C:\Windows\System\paOeBBi.exe
  C:\Windows\System\paOeBBi.exe
  2⤵
  PID:10136
- C:\Windows\System\kLSmIwe.exe
  C:\Windows\System\kLSmIwe.exe
  2⤵
  PID:9960
- C:\Windows\System\byzZsUE.exe
  C:\Windows\System\byzZsUE.exe
  2⤵
  PID:9468
- C:\Windows\System\kWhPQAk.exe
  C:\Windows\System\kWhPQAk.exe
  2⤵
  PID:9564
- C:\Windows\System\ppzjpwz.exe
  C:\Windows\System\ppzjpwz.exe
  2⤵
  PID:10148
- C:\Windows\System\NRkMoAp.exe
  C:\Windows\System\NRkMoAp.exe
  2⤵
  PID:10228
- C:\Windows\System\POUNiDR.exe
  C:\Windows\System\POUNiDR.exe
  2⤵
  PID:9360
- C:\Windows\System\gIqPIaD.exe
  C:\Windows\System\gIqPIaD.exe
  2⤵
  PID:9532
- C:\Windows\System\qHKFkQz.exe
  C:\Windows\System\qHKFkQz.exe
  2⤵
  PID:9588
- C:\Windows\System\ykPpfga.exe
  C:\Windows\System\ykPpfga.exe
  2⤵
  PID:9480
- C:\Windows\System\WeagnDE.exe
  C:\Windows\System\WeagnDE.exe
  2⤵
  PID:9780
- C:\Windows\System\efRsGfs.exe
  C:\Windows\System\efRsGfs.exe
  2⤵
  PID:9428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AAoBVHZ.exe

Filesize
6.0MB

MD5
a43ae84c631d85741c9ab6b057ad5e1b

SHA1
0d3666b290d2bca3ec307ba2076c75183c289aff

SHA256
d9c794120347c97a726535cbebc280b1ab0785b2c1c19913bd41bce7f945281d

SHA512
5a144af984f9bbb82167cd9a3eb39a6fcd9c66d43dd962ae8e4222a5f1b8a7a2797799bf0e26c6bcce4c8dfc0dc0da7441aa299efd87ff42f5b8d3c0768c2149

Download Submit
C:\Windows\system\CKxQZpZ.exe

Filesize
6.0MB

MD5
e4a62d35884f2c907b6bde91b2ef61b9

SHA1
66cd8eb414ea21caa0c151bb653f4f4ec72b821e

SHA256
64b70407b77790a37b2c61052e34e24ed20c1864a17110e4ba4436a8598db951

SHA512
5991f44a33cf47c68f2082584b0e6ab18e160744fe1a9a46528ebe242cc8c024fab4a3dd1af2ee8b50f3d08a72c023b9f6016d0d1a330cb2509290f7283b9c96

Download Submit
C:\Windows\system\DNgbeUa.exe

Filesize
6.0MB

MD5
d292507b7424d9ffc59d2aeb60ea268e

SHA1
28c8058d168f3ae203cdd14009b7ac8b6e23a69c

SHA256
51bdad85d4eac1635c415acece111a40df0d87395f1474be0cbc8f27c6756e3e

SHA512
b077bb7b7dcda3a879904ac90b878d6d6f257823817a35c27856ddf01cfe32f464e14e5177bddcea885a2ba8ab205d66bf803bd732fa89a864fc1a4db877c56a

Download Submit
C:\Windows\system\ELySeHq.exe

Filesize
6.0MB

MD5
253884efcbcfbbf1ce68cb1dcce83647

SHA1
9bf93f2dfea2910396536acf0be42880189d3cf9

SHA256
9ce54dfca3365294a28d87e4f19d6e35283938a3a92d8f3ef3f7824efdddf261

SHA512
8f9676bd16ad18c09b996641ca9faf698b3631a691c2157766b2c68d3f74e996532fdaa7354d1a4aee47744a6ed419a42b41683799e956fbcc8e8cb04e45eadb

Download Submit
C:\Windows\system\EUQsdPp.exe

Filesize
6.0MB

MD5
dba12e057521d827cb27e157dcd9f0d9

SHA1
bd08ef47442bd11453bbe033ef181222dee15c3d

SHA256
1f47003b39aab1ded18c82d5fd22c7c35a93f5a728da3bfef1d945f26f09b3fc

SHA512
1e82cd65386986cee776a500a3edc4023a9a0394872bf38083a820c8ace40a4805d0f0f3c136fe79165e9b005863878237ec7b7dbd4405186322806fdcc0d29c

Download Submit
C:\Windows\system\MPkVcAH.exe

Filesize
6.0MB

MD5
691e74552611e2e7cf9f2be20ad96bf8

SHA1
400e67c0a706d2497b6bdf33fdf46afed900b636

SHA256
e98a3c739e316c6fd3eb65b3e7422a65c97d45b88e7b7920bd987178c986c365

SHA512
f0581956ce47388ffe6debef15a07c26e8191fa3eba51829cfbaf1094b684627945a761911c2955cfef046fdba58391b2f158a184e657f352bfd2ba727207b92

Download Submit
C:\Windows\system\NdvuMkD.exe

Filesize
6.0MB

MD5
23dd2c1fda89b0b056e3a709ef8f524d

SHA1
6e139241175cf2f7b833125ef1cd3ba685f9910e

SHA256
39ba797e6fa1d58ddc422e97c0f0ed2c88461f103fe3ffc239bd3eea84d162a3

SHA512
22d43d256989fa76f8742a64157e0f24898941256d0164e83e0f3e5b4e68d24993cdb02681d213c6d7e3997471b493a683c402850340ac048d3c19a22b1fe077

Download Submit
C:\Windows\system\OTupIcR.exe

Filesize
6.0MB

MD5
fb87ecfbfd87ff487b6cef973c83aaf7

SHA1
df4d024ba876e153de94ca7e6108ff1df728ed32

SHA256
ed2a72ba8788db0f48bf0f3af253735aecafca3e7eac18ce40206733ee6dba29

SHA512
06b20189d31e6e41e4705dc8429812f542ee362d77e088239a83d34dd5af207287e92087c21d7b2a65fad842517a9ce9e2382f71cd48843e9f2c2a6281e74d89

Download Submit
C:\Windows\system\OxZjeyU.exe

Filesize
6.0MB

MD5
249b585369a02b64f9a779ff7d0252d0

SHA1
23a92e50743e8b5c91e3087851d133449315f771

SHA256
987173f52b405055366b9b4cecaab22e07554b26b14ab2e2b9cdb336115dc573

SHA512
eea8a114788bc43033531d9c65c2d52fe420f65725c4f44477a66fbccb05069edc74c49661a434ba4f853a54a0dbe335a38848812d48de4feef741b234918cb6

Download Submit
C:\Windows\system\PhQMYgm.exe

Filesize
6.0MB

MD5
af287da97260079723725d08fb6f982c

SHA1
d5e5dfe3c45652ca8e3f5b870f44fa3f42d50980

SHA256
e775bbdc45952f6e54fe4c26f008feabd1aed15bfcb059f4257f690bc87354b0

SHA512
104c87ff641d383d136a58639b36df7fdd08a5e8c061ee89bba1a70fbebf43d6d5a6a149d842d5565e17680db565334eb30a564d8f2156e39349b2a6363ee5aa

Download Submit
C:\Windows\system\SyVdjeM.exe

Filesize
6.0MB

MD5
4c899ae04be0158e5e1afc1403958cf8

SHA1
58f91f0af217fa5ffbd7267121d1b248a15bccb8

SHA256
85e00bc817d6edfa31370de71231af50d4aca6640ea2b67af164026ff4df154d

SHA512
5c87b3043b0607b3892af115b33cf86f36a4573dc461d6b4bdb60cc7f82b38a78a853a9160beff305bfcdf6128377e3cc00875ed78e7b26234230384140225c6

Download Submit
C:\Windows\system\TduMQJM.exe

Filesize
6.0MB

MD5
6c81d66ac14fedcc48c6c4fae8d1c4ff

SHA1
ad2a1a1fb6c180ec3809241ced265de8b56b17e8

SHA256
40970ffb2481b74931a2a1773dbd4aebd84a794c881e128b098ab872a01b1adf

SHA512
57a9c5f2d3200f035e588925c0208517709be8f8b91482ca389f901df5514a4f42f5d9d8718873c4965ccc3982d663dd5d9114ce446cc09ee2f161046dd9614b

Download Submit
C:\Windows\system\VYanSDZ.exe

Filesize
6.0MB

MD5
030b7ad25f85a87171317a373abc86cd

SHA1
45950af039570b125db7d3e156323042414dac9a

SHA256
ce063095bcd3278e201b4964bd5a969337ff440a168afd2c179218e173b96ea2

SHA512
4029e20c0f1cd730909061f45d0451c8c3270b921605cba94fe560c9d3924e99d27a0f2e4e9c9ac394473c5d4808869ef7d8007c4997f4a02db564548a1dcaf5

Download Submit
C:\Windows\system\aoPrfVi.exe

Filesize
6.0MB

MD5
104119cebb008b2dc0fa17df2d82583e

SHA1
dac337a08e042a5352eee6acfd45443c3514f559

SHA256
74de1a25235bbc0b2e0d09153339c75d85bb0bcf001cc8c27b03369475e04fcf

SHA512
3fcb925355084b4020a9f9c34def5c5dbef9304ec10885f42e0d44b6c80a413899e0a3144dded35bcff6ca7615a77f98e06a89a56f245ed15597e9c8cd29f753

Download Submit
C:\Windows\system\dVQoKPY.exe

Filesize
6.0MB

MD5
a1df93388c62203d83396f8037672548

SHA1
90c7fdb22aff33a91791df5e7997366373841f0d

SHA256
8f7e1f632b8700584be687bcc6ba3d450f09f4f91ff9a7df384f4d2361c76453

SHA512
7852850a0346fb884cd079605de78afaa26333050762da45a7e8644652fb036ef9070b2ad1f0cc082abb494271966c3736e5e6def82c9cea95904f38a037c8d8

Download Submit
C:\Windows\system\iGwxwoE.exe

Filesize
6.0MB

MD5
b23d31432a9132ae713a536215141e99

SHA1
97d6cc195bd0ba02c96cfa41fd92f5e1dde89fb4

SHA256
e5d1a681bdd88300c201a964fe60070340cd8fd5701873ecd69eda03d394edab

SHA512
518c0cbb776b99b606ae9875513a67a761fa54d82ad7a289cd42883183c65eec2f9b99ab4082f7d228acf5c766ddd4f5090240c4d73c530b4527663acfcf87f8

Download Submit
C:\Windows\system\iZbIWOX.exe

Filesize
6.0MB

MD5
d1fd6f0132ed1ce9398c12bd34bd4483

SHA1
e93e26998e618122b723b6114b608d9337473844

SHA256
f7434ba3c15e1d871ac16d05e91c614323ea24738264143d5d0626918d08335f

SHA512
0e6897471b7b5823285e0cf7a9056be9274332c6ce79771241856572d014293a61e34aabea38459a854ffd2a7d837b4cdb27a91230fc777d0840d1ae7f613e89

Download Submit
C:\Windows\system\jBPIZjO.exe

Filesize
6.0MB

MD5
42704f8468c99582ae687a8e5a7f35fa

SHA1
2ad93fca40dcac2c2ee7f14a15758a2e58e4a769

SHA256
e547e88d61d66d462a307272539440f4d6fb5f1bc090b93b49014e966ab88bc4

SHA512
a2297df108d9b56f223a598189173f092b88747299e68c2974cb03b01c52f61cfec7f2225f6c017e928396b4a33312b99205d8187b4352f135042635c8b0d17c

Download Submit
C:\Windows\system\jWXdjYI.exe

Filesize
6.0MB

MD5
555911f0b9f0740ce3845498127e4c8e

SHA1
48dec3615a3abd594cd8835d11a9b32b4db43a1c

SHA256
d1f6aaed63193c43f2932f68dc155ec72592fc08ce816016f6dd56f5664f404f

SHA512
a433708954aac42fdcebc7be137417539df5fb60dd35feef33437fbb5c806dfe314c44a406d494b339e02d295529fbbfb44ac3422888b22696de02e6c13c7349

Download Submit
C:\Windows\system\jaxeUrP.exe

Filesize
8B

MD5
df291bcdb8ebdc7240b14dd827f6398f

SHA1
5affc65a790ce656995e39f445b2dfa1d6848c65

SHA256
144f1bfac73422bcb8b83c7b1273e93e2b5f3245068bd656105f2fca31b15f7d

SHA512
e56b89dd2f235ef75da5439f19ca2d42261b414efc1d93983268accfee6e54dd7508bb12579c397372b6b2bfa70f21e2b1f411642303fd76c261a57c09a175d9

Download Submit
C:\Windows\system\nKKQnmz.exe

Filesize
6.0MB

MD5
9f8115808ed16f39a8d504d957615470

SHA1
cc832d376f11cd82bc9ccb711a148cdb0ffcbe93

SHA256
7817c7a3aa984caf684e0769a0987ac4d637df4e2390313e47db7396dd78d349

SHA512
99e360532bf779924cf8e5983bd1559d90ced3957431044e4161d1bb6918f6bc95fa0ffec61b268835aac2e4971a97b023cbcb8b317f90fd1f14877646b470c6

Download Submit
C:\Windows\system\nfTLhqt.exe

Filesize
6.0MB

MD5
61a613aa518a749b86a8c5ca692e60a6

SHA1
223c195798e6797d1236c198b855c40597f24656

SHA256
5bc2627b6b8b02e38886830221fcdb9075d05b6c0626441b5563c3e643cab7e4

SHA512
9d21e30c4fe40ab5179a9fcd2ee552f9b0cd399ffe80b982bdf4669f96cd5b531335b1f0acf59c68a53584e55270986272402491d3720dcd7e24389146b44f13

Download Submit
C:\Windows\system\olDbSpq.exe

Filesize
6.0MB

MD5
280feb8a4d20743f5cc04bd1d274a0ca

SHA1
83d107e369edd51b19d75c789dcec06817043f32

SHA256
a59a07855a370d60916772fa305862dc14bc15a70aeea8f95d388155bad54fdf

SHA512
b67c86b2a19cad8d0bcb3cf7fe04acf148d319e9402cf0bcb1fe5259e1a67b33dcb9f532d254be98ea5c48276ea992340c1f8a697e1b8ec39139a8b03bdd5640

Download Submit
C:\Windows\system\qMJFYtf.exe

Filesize
6.0MB

MD5
ca99751a0c88c73de5504b86e98a8d4a

SHA1
cc544deadc878364ec934ece239c0efc3c7d6fd0

SHA256
8be75090f941a99eea6d6da2951b45146cb871b90426bea210403cefbbd07d5d

SHA512
44a7bb399e42e772f1dfade6c3d7f7661be898dea4d4f3cfb7c5d7fdbd3e3dc0258a4fc741ffb8464dadd19b23d48e141bb55769dedc97b03889202ea480ac7a

Download Submit
C:\Windows\system\srWmysN.exe

Filesize
6.0MB

MD5
ef65e34d2f66bd6dbb0e41a4ee8b2c11

SHA1
34df27b93e758b614524c66bc99af76053e81539

SHA256
f134f01a2f474eb6768fd9ef51d28bcc709c80cb408c7413c5d864caa7d6e5f4

SHA512
233d56e89765eb0e0d7cc12c80121c190a2f7a9149196e1cada637181688c1ce920c13b61c0920cf82874ec1ac2d54ff2f7b438eae40d1af34ce563cfbf38cfe

Download Submit
C:\Windows\system\vUcgpPg.exe

Filesize
6.0MB

MD5
02dc6719e6004dba5b588cac146da4df

SHA1
3264492a2cc7757cd42ca26a78820b1cd303cd95

SHA256
0b400196758b04c7d4f83ddb6921fea1c2a0c2bf0b8673aa65b375d758378325

SHA512
dea569399b92c4fea16cc29fe7caec63e16481daea0614c2a38e6f0e22940dca8163b017504b4073aa034a498b092c4c89fac3aee26e8940cb9f051de38b2594

Download Submit
C:\Windows\system\vcjkrkC.exe

Filesize
6.0MB

MD5
4fe90579d7bcf1f1c76766c68d557b53

SHA1
fd8961d8b1bf52f62d7bddd4e3b927aba2990b16

SHA256
d8d7004d62372bc82d040db26296ad48cfd05b6136fcaa45db507630bd42ebde

SHA512
1b78e98ac87058d2d530fd30908f43b3d3ffea0f0236c445efccd36b9d682c22011b76c0ffadd0ae79917f64a612173d18d9a568a5dfb642103cef0452454f07

Download Submit
C:\Windows\system\zXcGKDK.exe

Filesize
6.0MB

MD5
ac4fc710dca3463f09d00ec61a68b309

SHA1
ca6992333c3a4f3ca01da76e4d7c56b8474bf915

SHA256
ba9043008d08b9c7580296ba3258f215c233cf4e9bd0da9c9425d0406085868e

SHA512
5c5202fca76d33f81d9f79a4a9892433f2bdab16a6b12bde1faed65be4064ece4cdbb7b2d3228a8560a91786c8d84818661b48c226bc69b5c30175a313353d95

Download Submit
\Windows\system\EvkmMsU.exe

Filesize
6.0MB

MD5
e4b88e7355b86b0c616d0cee35885c90

SHA1
fc367c33a9c8959f728f5e1a33d51be645ef02b2

SHA256
f2fa6fb565dddddaab8337c05fde7ac71b93f0924e18ecfb3d50f36d39303c74

SHA512
288c0f5863ae2adb8912ccff4b5acd173699308d9c62cbc4b917847911213993d969aeade572af8e002fbdb79201ad34551c300ebacc447780235e0006612f27

Download Submit
\Windows\system\NUVZSPw.exe

Filesize
6.0MB

MD5
87526c8db2ea897ded07a321bfb734b7

SHA1
e1212c96dcd245ff0fe10d4334ddb7766bd73afb

SHA256
2b8e5eb99ca006f9af2cd8edeabfabde7b74d9b06faf5adab94d2e10f8461909

SHA512
7a90de1418997e25ae1e8181f38b075c1db45bfa6312b791bf8d756214da52386c746a432094466db27b3edcc03d7edf38a6b6b86dd8fa6598f4fd76d9c3ff18

Download Submit
\Windows\system\dKkjSfG.exe

Filesize
6.0MB

MD5
fc522eae5c0216d703e2425a00ba6726

SHA1
e8c3d6c89fb01894913d15a071260aedd192a276

SHA256
eabec612d988dd5fd46a3ad9a0785246d7ddc01b294c39265392a4ff661d5df4

SHA512
84d9d18fa8c4703038504ce11de537a8f39ef156b08cb55feed77c9d34b88b116ab1bf9014e7f2847d18eb41ea20f2802f822190995fddbe4903bb87427eec31

Download Submit
\Windows\system\lkjQZOq.exe

Filesize
6.0MB

MD5
d635711ee8185652c72c22f99858f8c1

SHA1
a4db011d20f3c3eb2a6dce7df8f8ecf27f0b53c0

SHA256
fcdbcd37d07d0cec587998d00d78b80c7b4fbcbc71032ae0c743c7938821dd0f

SHA512
2b2f192f1ad9b79ca14f963c4b0a1f3d3e85b89e95603cc4b240f712f0d2cc69a4902ebab637e9a73ae02d864d68a823e1edafb4baa58ce8d440bb88d30a82d7

Download Submit
\Windows\system\vZwnKzf.exe

Filesize
6.0MB

MD5
7f75707919bcb88d39896f0b651aa90e

SHA1
747cfa62ef4a4dcf917b7b54da22a0ed88e46266

SHA256
c29ad7678218811e7b9aa35ba4f2d94e788b635b7de1c8e6604fc60abebb9c64

SHA512
a0904c96d1fe6f0b779b804260ec4688ec3a635c46f7981e8e20d4d2cbd137018a489a5b03be12427c4a2c71e5ef4455c5646f1a7c278ffbefd4f709c315d3d7

Download Submit
memory/376-73-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/376-207-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/376-3371-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/764-97-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/764-3344-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/764-58-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1476-105-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1476-3415-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1476-65-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2012-3339-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2012-80-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2012-42-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2068-3388-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-498-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-89-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-41-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2116-3310-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2116-11-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2156-789-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-106-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-3389-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-88-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-50-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-3383-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-56-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-24-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2416-3281-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-81-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3405-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2600-370-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3376-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-72-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-35-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-25-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3278-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2828-57-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2844-573-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-94-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-53-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2844-62-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-31-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-38-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-15-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-69-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2844-84-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-85-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-20-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-93-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2844-46-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-6-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2844-102-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-110-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-111-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-427-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-0-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-21-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2844-728-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2844-900-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/3064-649-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3413-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-98-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-4847-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download
memory/3068-27-0x000000013F5F0000-0x000000013F944000-memory.dmp

Filesize
3.3MB

Download