cobaltstrike | e197d9d192e77128fbff8a28468105a25a586456bcf122cedaeff5ace5f5c913

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 04:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c9f3760fe3664e34fef59b43b55adcf2
SHA1

ace7df388ead3527c7ad12cd3149df7fce9f36ab
SHA256

e197d9d192e77128fbff8a28468105a25a586456bcf122cedaeff5ace5f5c913
SHA512

2c39e9ac8940baed63b90f1c5c4e07c3858a2c643c38cb194314766413ef0ec301d0dd1dbd81fcf0a493d5e005c2ddf6dbd4f1f9a3cb40d10e799192a291e791
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
\Windows\system\UNLMWET.exe	cobalt_reflective_dll
\Windows\system\fsepivb.exe	cobalt_reflective_dll
C:\Windows\system\GAtfBeL.exe	cobalt_reflective_dll
\Windows\system\kGVQmCA.exe	cobalt_reflective_dll
\Windows\system\nPfITxJ.exe	cobalt_reflective_dll
C:\Windows\system\YNreilG.exe	cobalt_reflective_dll
C:\Windows\system\ijRSSao.exe	cobalt_reflective_dll
C:\Windows\system\IwRXoTo.exe	cobalt_reflective_dll
\Windows\system\clIGgpT.exe	cobalt_reflective_dll
\Windows\system\xtbnQiz.exe	cobalt_reflective_dll
\Windows\system\DRgcXXj.exe	cobalt_reflective_dll
\Windows\system\ZBOcaOo.exe	cobalt_reflective_dll
C:\Windows\system\cPLtULn.exe	cobalt_reflective_dll
C:\Windows\system\GIiJLie.exe	cobalt_reflective_dll
C:\Windows\system\UqlvKAQ.exe	cobalt_reflective_dll
C:\Windows\system\qnGImCn.exe	cobalt_reflective_dll
C:\Windows\system\chGPOOZ.exe	cobalt_reflective_dll
C:\Windows\system\uoykApH.exe	cobalt_reflective_dll
C:\Windows\system\AuwCJZZ.exe	cobalt_reflective_dll
C:\Windows\system\ftUVxSp.exe	cobalt_reflective_dll
C:\Windows\system\lobSwrD.exe	cobalt_reflective_dll
C:\Windows\system\QsqVSBB.exe	cobalt_reflective_dll
C:\Windows\system\stzgwdf.exe	cobalt_reflective_dll
C:\Windows\system\pXwWuGI.exe	cobalt_reflective_dll
C:\Windows\system\aYgHteU.exe	cobalt_reflective_dll
C:\Windows\system\GsIuhwn.exe	cobalt_reflective_dll
C:\Windows\system\QDEsOGd.exe	cobalt_reflective_dll
C:\Windows\system\nGqbvde.exe	cobalt_reflective_dll
C:\Windows\system\ZLqvNWO.exe	cobalt_reflective_dll
C:\Windows\system\QldFtVI.exe	cobalt_reflective_dll
C:\Windows\system\gzCEdQN.exe	cobalt_reflective_dll
C:\Windows\system\MnYCVLQ.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
\Windows\system\UNLMWET.exe	xmrig
behavioral1/memory/2904-6-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
\Windows\system\fsepivb.exe	xmrig
behavioral1/memory/2880-15-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2780-13-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
C:\Windows\system\GAtfBeL.exe	xmrig
\Windows\system\kGVQmCA.exe	xmrig
behavioral1/memory/2904-24-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2800-22-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2904-26-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2780-31-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2944-32-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
\Windows\system\nPfITxJ.exe	xmrig
behavioral1/memory/2812-40-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2800-41-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
C:\Windows\system\YNreilG.exe	xmrig
C:\Windows\system\ijRSSao.exe	xmrig
behavioral1/memory/2132-58-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
C:\Windows\system\IwRXoTo.exe	xmrig
behavioral1/memory/2676-50-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2748-60-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
\Windows\system\clIGgpT.exe	xmrig
behavioral1/memory/1240-66-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2812-65-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2904-69-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2132-71-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
\Windows\system\xtbnQiz.exe	xmrig
behavioral1/memory/2748-78-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2904-76-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
\Windows\system\DRgcXXj.exe	xmrig
behavioral1/memory/3068-90-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2356-91-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
\Windows\system\ZBOcaOo.exe	xmrig
behavioral1/memory/1240-85-0x000000013F8F0000-0x000000013FC44000-memory.dmp	xmrig
behavioral1/memory/2984-99-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
C:\Windows\system\cPLtULn.exe	xmrig
behavioral1/memory/3028-104-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
C:\Windows\system\GIiJLie.exe	xmrig
C:\Windows\system\UqlvKAQ.exe	xmrig
behavioral1/memory/2904-101-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
C:\Windows\system\qnGImCn.exe	xmrig
C:\Windows\system\chGPOOZ.exe	xmrig
C:\Windows\system\uoykApH.exe	xmrig
C:\Windows\system\AuwCJZZ.exe	xmrig
C:\Windows\system\ftUVxSp.exe	xmrig
C:\Windows\system\lobSwrD.exe	xmrig
C:\Windows\system\QsqVSBB.exe	xmrig
C:\Windows\system\stzgwdf.exe	xmrig
behavioral1/memory/2356-180-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
C:\Windows\system\pXwWuGI.exe	xmrig
behavioral1/memory/3068-164-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
C:\Windows\system\aYgHteU.exe	xmrig
C:\Windows\system\GsIuhwn.exe	xmrig
behavioral1/memory/2880-543-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2800-544-0x000000013FC50000-0x000000013FFA4000-memory.dmp	xmrig
behavioral1/memory/2780-634-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2944-743-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
C:\Windows\system\QDEsOGd.exe	xmrig
C:\Windows\system\nGqbvde.exe	xmrig
C:\Windows\system\ZLqvNWO.exe	xmrig
C:\Windows\system\QldFtVI.exe	xmrig
C:\Windows\system\gzCEdQN.exe	xmrig
C:\Windows\system\MnYCVLQ.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

UNLMWET.exefsepivb.exeGAtfBeL.exekGVQmCA.exenPfITxJ.exeYNreilG.exeijRSSao.exeIwRXoTo.execlIGgpT.exextbnQiz.exeZBOcaOo.exeDRgcXXj.exeMnYCVLQ.execPLtULn.exeUqlvKAQ.exeGIiJLie.exeqnGImCn.exechGPOOZ.exegzCEdQN.exeQldFtVI.exeZLqvNWO.exeuoykApH.exenGqbvde.exeQDEsOGd.exeAuwCJZZ.exeGsIuhwn.exeftUVxSp.exeaYgHteU.exelobSwrD.exepXwWuGI.exeQsqVSBB.exestzgwdf.exeBnXgLdj.exeNMYKiRF.exeeOkbDUn.exeQlCiLwZ.exeItBZmnP.exeApWpGNZ.exeemSJSUw.exeXuOAcmT.exeQksDfuY.exeotOHdBr.exeOQLyWUK.exeaikSNFq.exercZjzEN.exeEwFEwOv.exeScdrRDL.exeMISizkC.exeLdjsPjX.exeWtMhusJ.exeVKNiNTr.exeRthsfrl.exerQtNzbL.exeNJTXtxO.exeLxfxNLh.exeVtJjQKu.exeUhqicll.exeafHOPUt.exetndzBai.exehhCzPnD.exeTZnsZHy.exefSNtwef.exembTCtkX.exesxgtTqK.exe

pid	process
2780	UNLMWET.exe
2880	fsepivb.exe
2800	GAtfBeL.exe
2944	kGVQmCA.exe
2812	nPfITxJ.exe
2676	YNreilG.exe
2132	ijRSSao.exe
2748	IwRXoTo.exe
1240	clIGgpT.exe
2624	xtbnQiz.exe
3068	ZBOcaOo.exe
2356	DRgcXXj.exe
2984	MnYCVLQ.exe
3028	cPLtULn.exe
2212	UqlvKAQ.exe
2436	GIiJLie.exe
1756	qnGImCn.exe
2176	chGPOOZ.exe
1968	gzCEdQN.exe
780	QldFtVI.exe
596	ZLqvNWO.exe
764	uoykApH.exe
2324	nGqbvde.exe
2404	QDEsOGd.exe
1944	AuwCJZZ.exe
1956	GsIuhwn.exe
1428	ftUVxSp.exe
1328	aYgHteU.exe
1236	lobSwrD.exe
2520	pXwWuGI.exe
920	QsqVSBB.exe
1656	stzgwdf.exe
936	BnXgLdj.exe
1736	NMYKiRF.exe
1964	eOkbDUn.exe
2240	QlCiLwZ.exe
1952	ItBZmnP.exe
2092	ApWpGNZ.exe
1308	emSJSUw.exe
1304	XuOAcmT.exe
1708	QksDfuY.exe
236	otOHdBr.exe
2772	OQLyWUK.exe
2284	aikSNFq.exe
2156	rcZjzEN.exe
2316	EwFEwOv.exe
2140	ScdrRDL.exe
2528	MISizkC.exe
1408	LdjsPjX.exe
2548	WtMhusJ.exe
1580	VKNiNTr.exe
1436	Rthsfrl.exe
1988	rQtNzbL.exe
2532	NJTXtxO.exe
1508	LxfxNLh.exe
1528	VtJjQKu.exe
2784	Uhqicll.exe
3052	afHOPUt.exe
2080	tndzBai.exe
2828	hhCzPnD.exe
2964	TZnsZHy.exe
1676	fSNtwef.exe
2912	mbTCtkX.exe
2872	sxgtTqK.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2904-0-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
\Windows\system\UNLMWET.exe	upx
\Windows\system\fsepivb.exe	upx
behavioral1/memory/2880-15-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2780-13-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
C:\Windows\system\GAtfBeL.exe	upx
\Windows\system\kGVQmCA.exe	upx
behavioral1/memory/2904-24-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2800-22-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2904-26-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2780-31-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2944-32-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
\Windows\system\nPfITxJ.exe	upx
behavioral1/memory/2812-40-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2800-41-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
C:\Windows\system\YNreilG.exe	upx
C:\Windows\system\ijRSSao.exe	upx
behavioral1/memory/2132-58-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
C:\Windows\system\IwRXoTo.exe	upx
behavioral1/memory/2676-50-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2748-60-0x000000013F640000-0x000000013F994000-memory.dmp	upx
\Windows\system\clIGgpT.exe	upx
behavioral1/memory/1240-66-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2812-65-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2132-71-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
\Windows\system\xtbnQiz.exe	upx
behavioral1/memory/2748-78-0x000000013F640000-0x000000013F994000-memory.dmp	upx
\Windows\system\DRgcXXj.exe	upx
behavioral1/memory/3068-90-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2356-91-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
\Windows\system\ZBOcaOo.exe	upx
behavioral1/memory/1240-85-0x000000013F8F0000-0x000000013FC44000-memory.dmp	upx
behavioral1/memory/2984-99-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
C:\Windows\system\cPLtULn.exe	upx
behavioral1/memory/3028-104-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
C:\Windows\system\GIiJLie.exe	upx
C:\Windows\system\UqlvKAQ.exe	upx
C:\Windows\system\qnGImCn.exe	upx
C:\Windows\system\chGPOOZ.exe	upx
C:\Windows\system\uoykApH.exe	upx
C:\Windows\system\AuwCJZZ.exe	upx
C:\Windows\system\ftUVxSp.exe	upx
C:\Windows\system\lobSwrD.exe	upx
C:\Windows\system\QsqVSBB.exe	upx
C:\Windows\system\stzgwdf.exe	upx
behavioral1/memory/2356-180-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
C:\Windows\system\pXwWuGI.exe	upx
behavioral1/memory/3068-164-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
C:\Windows\system\aYgHteU.exe	upx
C:\Windows\system\GsIuhwn.exe	upx
behavioral1/memory/2880-543-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2800-544-0x000000013FC50000-0x000000013FFA4000-memory.dmp	upx
behavioral1/memory/2780-634-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2944-743-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
C:\Windows\system\QDEsOGd.exe	upx
C:\Windows\system\nGqbvde.exe	upx
C:\Windows\system\ZLqvNWO.exe	upx
C:\Windows\system\QldFtVI.exe	upx
C:\Windows\system\gzCEdQN.exe	upx
C:\Windows\system\MnYCVLQ.exe	upx
behavioral1/memory/2624-79-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2812-814-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2676-958-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2132-978-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\nbJbHXN.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aZpkwCG.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xuwsExE.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXHHPKK.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qWxkQEN.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rwdbrbn.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyeIPWa.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhbKqKn.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WosjHKc.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IZnZTUA.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKNiKIe.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXEWjYW.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMBMGJh.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nYLUTgm.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBjGvkA.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpKRxWU.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HwNcDii.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSscAwb.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QULpJMO.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LsPCjqV.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABrDAJl.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyiEHug.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnpFxDG.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuxlKZE.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTXkCjN.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yjHpOrj.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHCypAl.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkdTIgx.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZJTguB.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sWZkrmO.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxaZVsY.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tgvcPaF.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gbXeEHu.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXsRvph.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HFmAszu.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TldgUFm.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdufVQO.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLuSLHt.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ylIlBFp.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QVrkuWU.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqxUKyL.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnXDFOW.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhqGqcZ.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WOZQJOU.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMJZWUx.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stzgwdf.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtuOyoc.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wmJZjcX.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HupmTfi.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dTkJHcB.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKyPGFo.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\muQUXhB.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLEoOTw.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NpYtuIs.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYjzdiL.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryjzbIt.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNQqQoS.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDNIEIq.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVmbJhU.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbwBvys.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oatqzUC.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahCPtHx.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tndzBai.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJXGSbG.exe	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2904 wrote to memory of 2780	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	UNLMWET.exe
PID 2904 wrote to memory of 2780	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	UNLMWET.exe
PID 2904 wrote to memory of 2780	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	UNLMWET.exe
PID 2904 wrote to memory of 2880	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	fsepivb.exe
PID 2904 wrote to memory of 2880	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	fsepivb.exe
PID 2904 wrote to memory of 2880	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	fsepivb.exe
PID 2904 wrote to memory of 2800	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	GAtfBeL.exe
PID 2904 wrote to memory of 2800	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	GAtfBeL.exe
PID 2904 wrote to memory of 2800	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	GAtfBeL.exe
PID 2904 wrote to memory of 2944	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	kGVQmCA.exe
PID 2904 wrote to memory of 2944	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	kGVQmCA.exe
PID 2904 wrote to memory of 2944	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	kGVQmCA.exe
PID 2904 wrote to memory of 2812	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	nPfITxJ.exe
PID 2904 wrote to memory of 2812	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	nPfITxJ.exe
PID 2904 wrote to memory of 2812	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	nPfITxJ.exe
PID 2904 wrote to memory of 2676	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	YNreilG.exe
PID 2904 wrote to memory of 2676	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	YNreilG.exe
PID 2904 wrote to memory of 2676	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	YNreilG.exe
PID 2904 wrote to memory of 2748	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	IwRXoTo.exe
PID 2904 wrote to memory of 2748	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	IwRXoTo.exe
PID 2904 wrote to memory of 2748	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	IwRXoTo.exe
PID 2904 wrote to memory of 2132	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	ijRSSao.exe
PID 2904 wrote to memory of 2132	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	ijRSSao.exe
PID 2904 wrote to memory of 2132	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	ijRSSao.exe
PID 2904 wrote to memory of 1240	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	clIGgpT.exe
PID 2904 wrote to memory of 1240	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	clIGgpT.exe
PID 2904 wrote to memory of 1240	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	clIGgpT.exe
PID 2904 wrote to memory of 2624	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	xtbnQiz.exe
PID 2904 wrote to memory of 2624	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	xtbnQiz.exe
PID 2904 wrote to memory of 2624	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	xtbnQiz.exe
PID 2904 wrote to memory of 3068	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	ZBOcaOo.exe
PID 2904 wrote to memory of 3068	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	ZBOcaOo.exe
PID 2904 wrote to memory of 3068	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	ZBOcaOo.exe
PID 2904 wrote to memory of 2356	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	DRgcXXj.exe
PID 2904 wrote to memory of 2356	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	DRgcXXj.exe
PID 2904 wrote to memory of 2356	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	DRgcXXj.exe
PID 2904 wrote to memory of 2984	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	MnYCVLQ.exe
PID 2904 wrote to memory of 2984	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	MnYCVLQ.exe
PID 2904 wrote to memory of 2984	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	MnYCVLQ.exe
PID 2904 wrote to memory of 3028	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	cPLtULn.exe
PID 2904 wrote to memory of 3028	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	cPLtULn.exe
PID 2904 wrote to memory of 3028	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	cPLtULn.exe
PID 2904 wrote to memory of 2212	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	UqlvKAQ.exe
PID 2904 wrote to memory of 2212	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	UqlvKAQ.exe
PID 2904 wrote to memory of 2212	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	UqlvKAQ.exe
PID 2904 wrote to memory of 2436	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	GIiJLie.exe
PID 2904 wrote to memory of 2436	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	GIiJLie.exe
PID 2904 wrote to memory of 2436	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	GIiJLie.exe
PID 2904 wrote to memory of 1756	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	qnGImCn.exe
PID 2904 wrote to memory of 1756	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	qnGImCn.exe
PID 2904 wrote to memory of 1756	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	qnGImCn.exe
PID 2904 wrote to memory of 2176	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	chGPOOZ.exe
PID 2904 wrote to memory of 2176	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	chGPOOZ.exe
PID 2904 wrote to memory of 2176	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	chGPOOZ.exe
PID 2904 wrote to memory of 1968	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	gzCEdQN.exe
PID 2904 wrote to memory of 1968	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	gzCEdQN.exe
PID 2904 wrote to memory of 1968	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	gzCEdQN.exe
PID 2904 wrote to memory of 780	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	QldFtVI.exe
PID 2904 wrote to memory of 780	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	QldFtVI.exe
PID 2904 wrote to memory of 780	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	QldFtVI.exe
PID 2904 wrote to memory of 596	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	ZLqvNWO.exe
PID 2904 wrote to memory of 596	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	ZLqvNWO.exe
PID 2904 wrote to memory of 596	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	ZLqvNWO.exe
PID 2904 wrote to memory of 764	2904	2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe	uoykApH.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_c9f3760fe3664e34fef59b43b55adcf2_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\System\UNLMWET.exe
  C:\Windows\System\UNLMWET.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\fsepivb.exe
  C:\Windows\System\fsepivb.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\GAtfBeL.exe
  C:\Windows\System\GAtfBeL.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\kGVQmCA.exe
  C:\Windows\System\kGVQmCA.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\nPfITxJ.exe
  C:\Windows\System\nPfITxJ.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\YNreilG.exe
  C:\Windows\System\YNreilG.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\IwRXoTo.exe
  C:\Windows\System\IwRXoTo.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\ijRSSao.exe
  C:\Windows\System\ijRSSao.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\clIGgpT.exe
  C:\Windows\System\clIGgpT.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\xtbnQiz.exe
  C:\Windows\System\xtbnQiz.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\ZBOcaOo.exe
  C:\Windows\System\ZBOcaOo.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\DRgcXXj.exe
  C:\Windows\System\DRgcXXj.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\MnYCVLQ.exe
  C:\Windows\System\MnYCVLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\cPLtULn.exe
  C:\Windows\System\cPLtULn.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\UqlvKAQ.exe
  C:\Windows\System\UqlvKAQ.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\GIiJLie.exe
  C:\Windows\System\GIiJLie.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\qnGImCn.exe
  C:\Windows\System\qnGImCn.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\chGPOOZ.exe
  C:\Windows\System\chGPOOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\gzCEdQN.exe
  C:\Windows\System\gzCEdQN.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\QldFtVI.exe
  C:\Windows\System\QldFtVI.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\ZLqvNWO.exe
  C:\Windows\System\ZLqvNWO.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\uoykApH.exe
  C:\Windows\System\uoykApH.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\nGqbvde.exe
  C:\Windows\System\nGqbvde.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\QDEsOGd.exe
  C:\Windows\System\QDEsOGd.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\AuwCJZZ.exe
  C:\Windows\System\AuwCJZZ.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\GsIuhwn.exe
  C:\Windows\System\GsIuhwn.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\ftUVxSp.exe
  C:\Windows\System\ftUVxSp.exe
  2⤵
  - Executes dropped EXE
  PID:1428
- C:\Windows\System\aYgHteU.exe
  C:\Windows\System\aYgHteU.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\lobSwrD.exe
  C:\Windows\System\lobSwrD.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\pXwWuGI.exe
  C:\Windows\System\pXwWuGI.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\QsqVSBB.exe
  C:\Windows\System\QsqVSBB.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\stzgwdf.exe
  C:\Windows\System\stzgwdf.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\BnXgLdj.exe
  C:\Windows\System\BnXgLdj.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\NMYKiRF.exe
  C:\Windows\System\NMYKiRF.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\eOkbDUn.exe
  C:\Windows\System\eOkbDUn.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\QlCiLwZ.exe
  C:\Windows\System\QlCiLwZ.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\ItBZmnP.exe
  C:\Windows\System\ItBZmnP.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\ApWpGNZ.exe
  C:\Windows\System\ApWpGNZ.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\emSJSUw.exe
  C:\Windows\System\emSJSUw.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\XuOAcmT.exe
  C:\Windows\System\XuOAcmT.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\QksDfuY.exe
  C:\Windows\System\QksDfuY.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\otOHdBr.exe
  C:\Windows\System\otOHdBr.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\OQLyWUK.exe
  C:\Windows\System\OQLyWUK.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\aikSNFq.exe
  C:\Windows\System\aikSNFq.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\rcZjzEN.exe
  C:\Windows\System\rcZjzEN.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\EwFEwOv.exe
  C:\Windows\System\EwFEwOv.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\ScdrRDL.exe
  C:\Windows\System\ScdrRDL.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\MISizkC.exe
  C:\Windows\System\MISizkC.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\LdjsPjX.exe
  C:\Windows\System\LdjsPjX.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\WtMhusJ.exe
  C:\Windows\System\WtMhusJ.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\VKNiNTr.exe
  C:\Windows\System\VKNiNTr.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\Rthsfrl.exe
  C:\Windows\System\Rthsfrl.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\rQtNzbL.exe
  C:\Windows\System\rQtNzbL.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\NJTXtxO.exe
  C:\Windows\System\NJTXtxO.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\LxfxNLh.exe
  C:\Windows\System\LxfxNLh.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\VtJjQKu.exe
  C:\Windows\System\VtJjQKu.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\Uhqicll.exe
  C:\Windows\System\Uhqicll.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\afHOPUt.exe
  C:\Windows\System\afHOPUt.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\tndzBai.exe
  C:\Windows\System\tndzBai.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\hhCzPnD.exe
  C:\Windows\System\hhCzPnD.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\TZnsZHy.exe
  C:\Windows\System\TZnsZHy.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\fSNtwef.exe
  C:\Windows\System\fSNtwef.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\mbTCtkX.exe
  C:\Windows\System\mbTCtkX.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\sxgtTqK.exe
  C:\Windows\System\sxgtTqK.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\SfSJFXr.exe
  C:\Windows\System\SfSJFXr.exe
  2⤵
  PID:2884
- C:\Windows\System\QBjGvkA.exe
  C:\Windows\System\QBjGvkA.exe
  2⤵
  PID:2724
- C:\Windows\System\jODzMej.exe
  C:\Windows\System\jODzMej.exe
  2⤵
  PID:2696
- C:\Windows\System\VGfhBua.exe
  C:\Windows\System\VGfhBua.exe
  2⤵
  PID:2796
- C:\Windows\System\UHCkiAg.exe
  C:\Windows\System\UHCkiAg.exe
  2⤵
  PID:2672
- C:\Windows\System\LzJgEys.exe
  C:\Windows\System\LzJgEys.exe
  2⤵
  PID:3012
- C:\Windows\System\HdVCNOE.exe
  C:\Windows\System\HdVCNOE.exe
  2⤵
  PID:2332
- C:\Windows\System\GHKHqRl.exe
  C:\Windows\System\GHKHqRl.exe
  2⤵
  PID:1456
- C:\Windows\System\ystejtl.exe
  C:\Windows\System\ystejtl.exe
  2⤵
  PID:2660
- C:\Windows\System\WziTssc.exe
  C:\Windows\System\WziTssc.exe
  2⤵
  PID:2200
- C:\Windows\System\YnbPTZA.exe
  C:\Windows\System\YnbPTZA.exe
  2⤵
  PID:1500
- C:\Windows\System\pmbTurI.exe
  C:\Windows\System\pmbTurI.exe
  2⤵
  PID:2588
- C:\Windows\System\WqRYRgH.exe
  C:\Windows\System\WqRYRgH.exe
  2⤵
  PID:1468
- C:\Windows\System\hmPBtgV.exe
  C:\Windows\System\hmPBtgV.exe
  2⤵
  PID:2664
- C:\Windows\System\YbLCGST.exe
  C:\Windows\System\YbLCGST.exe
  2⤵
  PID:3008
- C:\Windows\System\ZrgTSHf.exe
  C:\Windows\System\ZrgTSHf.exe
  2⤵
  PID:2988
- C:\Windows\System\CsNLfbF.exe
  C:\Windows\System\CsNLfbF.exe
  2⤵
  PID:432
- C:\Windows\System\PJIQZog.exe
  C:\Windows\System\PJIQZog.exe
  2⤵
  PID:2312
- C:\Windows\System\JhDqYnI.exe
  C:\Windows\System\JhDqYnI.exe
  2⤵
  PID:2488
- C:\Windows\System\VmWyXxp.exe
  C:\Windows\System\VmWyXxp.exe
  2⤵
  PID:2368
- C:\Windows\System\QMpSWou.exe
  C:\Windows\System\QMpSWou.exe
  2⤵
  PID:1144
- C:\Windows\System\DDNIEIq.exe
  C:\Windows\System\DDNIEIq.exe
  2⤵
  PID:1476
- C:\Windows\System\AYYxMPx.exe
  C:\Windows\System\AYYxMPx.exe
  2⤵
  PID:1800
- C:\Windows\System\mRGtcZc.exe
  C:\Windows\System\mRGtcZc.exe
  2⤵
  PID:980
- C:\Windows\System\oSLteFx.exe
  C:\Windows\System\oSLteFx.exe
  2⤵
  PID:1040
- C:\Windows\System\iuxwxTL.exe
  C:\Windows\System\iuxwxTL.exe
  2⤵
  PID:1748
- C:\Windows\System\ISnycvw.exe
  C:\Windows\System\ISnycvw.exe
  2⤵
  PID:932
- C:\Windows\System\idoREWf.exe
  C:\Windows\System\idoREWf.exe
  2⤵
  PID:1252
- C:\Windows\System\YFNFaVA.exe
  C:\Windows\System\YFNFaVA.exe
  2⤵
  PID:1464
- C:\Windows\System\RXxxxGx.exe
  C:\Windows\System\RXxxxGx.exe
  2⤵
  PID:304
- C:\Windows\System\dQQzcJS.exe
  C:\Windows\System\dQQzcJS.exe
  2⤵
  PID:904
- C:\Windows\System\fZlBdhY.exe
  C:\Windows\System\fZlBdhY.exe
  2⤵
  PID:2564
- C:\Windows\System\QWYPszf.exe
  C:\Windows\System\QWYPszf.exe
  2⤵
  PID:2288
- C:\Windows\System\QYCdluA.exe
  C:\Windows\System\QYCdluA.exe
  2⤵
  PID:2260
- C:\Windows\System\VCKqpAH.exe
  C:\Windows\System\VCKqpAH.exe
  2⤵
  PID:1664
- C:\Windows\System\uevZkOv.exe
  C:\Windows\System\uevZkOv.exe
  2⤵
  PID:2756
- C:\Windows\System\dFuWfbN.exe
  C:\Windows\System\dFuWfbN.exe
  2⤵
  PID:1568
- C:\Windows\System\fBjtSRk.exe
  C:\Windows\System\fBjtSRk.exe
  2⤵
  PID:2304
- C:\Windows\System\ryokAgX.exe
  C:\Windows\System\ryokAgX.exe
  2⤵
  PID:3056
- C:\Windows\System\kIbfndC.exe
  C:\Windows\System\kIbfndC.exe
  2⤵
  PID:1524
- C:\Windows\System\JnXLZvI.exe
  C:\Windows\System\JnXLZvI.exe
  2⤵
  PID:1532
- C:\Windows\System\ZUzgGsH.exe
  C:\Windows\System\ZUzgGsH.exe
  2⤵
  PID:2864
- C:\Windows\System\UvOnwdu.exe
  C:\Windows\System\UvOnwdu.exe
  2⤵
  PID:2808
- C:\Windows\System\LbopkOK.exe
  C:\Windows\System\LbopkOK.exe
  2⤵
  PID:2916
- C:\Windows\System\aNyEBdN.exe
  C:\Windows\System\aNyEBdN.exe
  2⤵
  PID:2836
- C:\Windows\System\wHCgJsk.exe
  C:\Windows\System\wHCgJsk.exe
  2⤵
  PID:2852
- C:\Windows\System\LmSJSwz.exe
  C:\Windows\System\LmSJSwz.exe
  2⤵
  PID:2656
- C:\Windows\System\jbPdEyJ.exe
  C:\Windows\System\jbPdEyJ.exe
  2⤵
  PID:2788
- C:\Windows\System\sItqOXJ.exe
  C:\Windows\System\sItqOXJ.exe
  2⤵
  PID:2020
- C:\Windows\System\OAuFcGh.exe
  C:\Windows\System\OAuFcGh.exe
  2⤵
  PID:2428
- C:\Windows\System\kfCoTJL.exe
  C:\Windows\System\kfCoTJL.exe
  2⤵
  PID:1548
- C:\Windows\System\rANsvqf.exe
  C:\Windows\System\rANsvqf.exe
  2⤵
  PID:1128
- C:\Windows\System\OmOBoHm.exe
  C:\Windows\System\OmOBoHm.exe
  2⤵
  PID:2968
- C:\Windows\System\iVABSjF.exe
  C:\Windows\System\iVABSjF.exe
  2⤵
  PID:368
- C:\Windows\System\DSSDdem.exe
  C:\Windows\System\DSSDdem.exe
  2⤵
  PID:1028
- C:\Windows\System\ASYbSJK.exe
  C:\Windows\System\ASYbSJK.exe
  2⤵
  PID:2348
- C:\Windows\System\Donthlw.exe
  C:\Windows\System\Donthlw.exe
  2⤵
  PID:2412
- C:\Windows\System\Ftmlgxs.exe
  C:\Windows\System\Ftmlgxs.exe
  2⤵
  PID:1020
- C:\Windows\System\aRylCBQ.exe
  C:\Windows\System\aRylCBQ.exe
  2⤵
  PID:824
- C:\Windows\System\JiwRejZ.exe
  C:\Windows\System\JiwRejZ.exe
  2⤵
  PID:1288
- C:\Windows\System\pxVOyxs.exe
  C:\Windows\System\pxVOyxs.exe
  2⤵
  PID:2232
- C:\Windows\System\iyQFjPW.exe
  C:\Windows\System\iyQFjPW.exe
  2⤵
  PID:2992
- C:\Windows\System\JBBZIDx.exe
  C:\Windows\System\JBBZIDx.exe
  2⤵
  PID:3020
- C:\Windows\System\rVxMFHy.exe
  C:\Windows\System\rVxMFHy.exe
  2⤵
  PID:2280
- C:\Windows\System\mHLunME.exe
  C:\Windows\System\mHLunME.exe
  2⤵
  PID:836
- C:\Windows\System\UgJgRZY.exe
  C:\Windows\System\UgJgRZY.exe
  2⤵
  PID:2736
- C:\Windows\System\LkhhstJ.exe
  C:\Windows\System\LkhhstJ.exe
  2⤵
  PID:2372
- C:\Windows\System\Ipkyfjd.exe
  C:\Windows\System\Ipkyfjd.exe
  2⤵
  PID:1632
- C:\Windows\System\KQOifVK.exe
  C:\Windows\System\KQOifVK.exe
  2⤵
  PID:2936
- C:\Windows\System\kRFbJpf.exe
  C:\Windows\System\kRFbJpf.exe
  2⤵
  PID:2848
- C:\Windows\System\DJYtDCl.exe
  C:\Windows\System\DJYtDCl.exe
  2⤵
  PID:2924
- C:\Windows\System\NpHlQjl.exe
  C:\Windows\System\NpHlQjl.exe
  2⤵
  PID:1652
- C:\Windows\System\VqJWdDT.exe
  C:\Windows\System\VqJWdDT.exe
  2⤵
  PID:1560
- C:\Windows\System\yrFSHUg.exe
  C:\Windows\System\yrFSHUg.exe
  2⤵
  PID:2408
- C:\Windows\System\RjgBtwj.exe
  C:\Windows\System\RjgBtwj.exe
  2⤵
  PID:2116
- C:\Windows\System\VCgLaBm.exe
  C:\Windows\System\VCgLaBm.exe
  2⤵
  PID:1432
- C:\Windows\System\YySsTlx.exe
  C:\Windows\System\YySsTlx.exe
  2⤵
  PID:1872
- C:\Windows\System\swNBiuE.exe
  C:\Windows\System\swNBiuE.exe
  2⤵
  PID:2028
- C:\Windows\System\henyxtc.exe
  C:\Windows\System\henyxtc.exe
  2⤵
  PID:1776
- C:\Windows\System\DyyDIet.exe
  C:\Windows\System\DyyDIet.exe
  2⤵
  PID:2576
- C:\Windows\System\PUrPzKP.exe
  C:\Windows\System\PUrPzKP.exe
  2⤵
  PID:2832
- C:\Windows\System\hGzDGqK.exe
  C:\Windows\System\hGzDGqK.exe
  2⤵
  PID:3084
- C:\Windows\System\tIIHBQB.exe
  C:\Windows\System\tIIHBQB.exe
  2⤵
  PID:3100
- C:\Windows\System\TLtwGGj.exe
  C:\Windows\System\TLtwGGj.exe
  2⤵
  PID:3120
- C:\Windows\System\WOZQJOU.exe
  C:\Windows\System\WOZQJOU.exe
  2⤵
  PID:3136
- C:\Windows\System\dgudshm.exe
  C:\Windows\System\dgudshm.exe
  2⤵
  PID:3152
- C:\Windows\System\zgtPEPM.exe
  C:\Windows\System\zgtPEPM.exe
  2⤵
  PID:3168
- C:\Windows\System\jJxwxQJ.exe
  C:\Windows\System\jJxwxQJ.exe
  2⤵
  PID:3184
- C:\Windows\System\aNZggRJ.exe
  C:\Windows\System\aNZggRJ.exe
  2⤵
  PID:3200
- C:\Windows\System\stCsneZ.exe
  C:\Windows\System\stCsneZ.exe
  2⤵
  PID:3216
- C:\Windows\System\xlSZyky.exe
  C:\Windows\System\xlSZyky.exe
  2⤵
  PID:3232
- C:\Windows\System\wijMeKr.exe
  C:\Windows\System\wijMeKr.exe
  2⤵
  PID:3252
- C:\Windows\System\AYvhaWL.exe
  C:\Windows\System\AYvhaWL.exe
  2⤵
  PID:3268
- C:\Windows\System\eWJUZQm.exe
  C:\Windows\System\eWJUZQm.exe
  2⤵
  PID:3284
- C:\Windows\System\xUxlFTU.exe
  C:\Windows\System\xUxlFTU.exe
  2⤵
  PID:3300
- C:\Windows\System\PifxUUX.exe
  C:\Windows\System\PifxUUX.exe
  2⤵
  PID:3316
- C:\Windows\System\tAxjoOJ.exe
  C:\Windows\System\tAxjoOJ.exe
  2⤵
  PID:3332
- C:\Windows\System\qpsLiyl.exe
  C:\Windows\System\qpsLiyl.exe
  2⤵
  PID:3348
- C:\Windows\System\HQkrgem.exe
  C:\Windows\System\HQkrgem.exe
  2⤵
  PID:3364
- C:\Windows\System\iqbcAtf.exe
  C:\Windows\System\iqbcAtf.exe
  2⤵
  PID:3380
- C:\Windows\System\mvMFMyS.exe
  C:\Windows\System\mvMFMyS.exe
  2⤵
  PID:3396
- C:\Windows\System\FYvemOL.exe
  C:\Windows\System\FYvemOL.exe
  2⤵
  PID:3412
- C:\Windows\System\GJUXtZK.exe
  C:\Windows\System\GJUXtZK.exe
  2⤵
  PID:3428
- C:\Windows\System\VsFtUaf.exe
  C:\Windows\System\VsFtUaf.exe
  2⤵
  PID:3444
- C:\Windows\System\LlsrTZQ.exe
  C:\Windows\System\LlsrTZQ.exe
  2⤵
  PID:3460
- C:\Windows\System\YEUUNSa.exe
  C:\Windows\System\YEUUNSa.exe
  2⤵
  PID:3476
- C:\Windows\System\GTdhKJE.exe
  C:\Windows\System\GTdhKJE.exe
  2⤵
  PID:3492
- C:\Windows\System\CirkHsK.exe
  C:\Windows\System\CirkHsK.exe
  2⤵
  PID:3508
- C:\Windows\System\aMXAxgc.exe
  C:\Windows\System\aMXAxgc.exe
  2⤵
  PID:3524
- C:\Windows\System\OdJYlCp.exe
  C:\Windows\System\OdJYlCp.exe
  2⤵
  PID:3540
- C:\Windows\System\mfGPXSH.exe
  C:\Windows\System\mfGPXSH.exe
  2⤵
  PID:3556
- C:\Windows\System\GUfeGnb.exe
  C:\Windows\System\GUfeGnb.exe
  2⤵
  PID:3572
- C:\Windows\System\iOSLEIA.exe
  C:\Windows\System\iOSLEIA.exe
  2⤵
  PID:3588
- C:\Windows\System\iryDofM.exe
  C:\Windows\System\iryDofM.exe
  2⤵
  PID:3604
- C:\Windows\System\SYEDTOm.exe
  C:\Windows\System\SYEDTOm.exe
  2⤵
  PID:3624
- C:\Windows\System\KTcnbVJ.exe
  C:\Windows\System\KTcnbVJ.exe
  2⤵
  PID:3640
- C:\Windows\System\TJYPLmU.exe
  C:\Windows\System\TJYPLmU.exe
  2⤵
  PID:3656
- C:\Windows\System\dUMwYSx.exe
  C:\Windows\System\dUMwYSx.exe
  2⤵
  PID:3672
- C:\Windows\System\syNyFuX.exe
  C:\Windows\System\syNyFuX.exe
  2⤵
  PID:3692
- C:\Windows\System\LZrdZPV.exe
  C:\Windows\System\LZrdZPV.exe
  2⤵
  PID:3708
- C:\Windows\System\knGECuG.exe
  C:\Windows\System\knGECuG.exe
  2⤵
  PID:3724
- C:\Windows\System\wNxSmVC.exe
  C:\Windows\System\wNxSmVC.exe
  2⤵
  PID:3740
- C:\Windows\System\KQLhgTN.exe
  C:\Windows\System\KQLhgTN.exe
  2⤵
  PID:3756
- C:\Windows\System\mSscAwb.exe
  C:\Windows\System\mSscAwb.exe
  2⤵
  PID:3772
- C:\Windows\System\KGwSFlN.exe
  C:\Windows\System\KGwSFlN.exe
  2⤵
  PID:3788
- C:\Windows\System\WMBMGJh.exe
  C:\Windows\System\WMBMGJh.exe
  2⤵
  PID:3804
- C:\Windows\System\xNlNHAD.exe
  C:\Windows\System\xNlNHAD.exe
  2⤵
  PID:3820
- C:\Windows\System\fqqkMMl.exe
  C:\Windows\System\fqqkMMl.exe
  2⤵
  PID:3836
- C:\Windows\System\wfGMOaG.exe
  C:\Windows\System\wfGMOaG.exe
  2⤵
  PID:3852
- C:\Windows\System\QULpJMO.exe
  C:\Windows\System\QULpJMO.exe
  2⤵
  PID:3868
- C:\Windows\System\gsAZyPd.exe
  C:\Windows\System\gsAZyPd.exe
  2⤵
  PID:3884
- C:\Windows\System\UHznxBU.exe
  C:\Windows\System\UHznxBU.exe
  2⤵
  PID:3900
- C:\Windows\System\CaymuWC.exe
  C:\Windows\System\CaymuWC.exe
  2⤵
  PID:4056
- C:\Windows\System\qOcSfoi.exe
  C:\Windows\System\qOcSfoi.exe
  2⤵
  PID:3548
- C:\Windows\System\poaBEgf.exe
  C:\Windows\System\poaBEgf.exe
  2⤵
  PID:3612
- C:\Windows\System\YnGSHov.exe
  C:\Windows\System\YnGSHov.exe
  2⤵
  PID:3664
- C:\Windows\System\GfkDbZm.exe
  C:\Windows\System\GfkDbZm.exe
  2⤵
  PID:3768
- C:\Windows\System\FXEWjYW.exe
  C:\Windows\System\FXEWjYW.exe
  2⤵
  PID:4076
- C:\Windows\System\LLtAMRR.exe
  C:\Windows\System\LLtAMRR.exe
  2⤵
  PID:2264
- C:\Windows\System\iFsWFrw.exe
  C:\Windows\System\iFsWFrw.exe
  2⤵
  PID:1564
- C:\Windows\System\BQVfiYV.exe
  C:\Windows\System\BQVfiYV.exe
  2⤵
  PID:3024
- C:\Windows\System\RmiSKRz.exe
  C:\Windows\System\RmiSKRz.exe
  2⤵
  PID:944
- C:\Windows\System\tteaYmR.exe
  C:\Windows\System\tteaYmR.exe
  2⤵
  PID:1292
- C:\Windows\System\uTFhjhD.exe
  C:\Windows\System\uTFhjhD.exe
  2⤵
  PID:1048
- C:\Windows\System\iwnKkqu.exe
  C:\Windows\System\iwnKkqu.exe
  2⤵
  PID:1792
- C:\Windows\System\jMCQkuC.exe
  C:\Windows\System\jMCQkuC.exe
  2⤵
  PID:3108
- C:\Windows\System\ekuRIJF.exe
  C:\Windows\System\ekuRIJF.exe
  2⤵
  PID:3148
- C:\Windows\System\zLPJXsi.exe
  C:\Windows\System\zLPJXsi.exe
  2⤵
  PID:3196
- C:\Windows\System\jZNfheJ.exe
  C:\Windows\System\jZNfheJ.exe
  2⤵
  PID:3228
- C:\Windows\System\UdVyLOT.exe
  C:\Windows\System\UdVyLOT.exe
  2⤵
  PID:3292
- C:\Windows\System\LQVOQUI.exe
  C:\Windows\System\LQVOQUI.exe
  2⤵
  PID:3312
- C:\Windows\System\kSJxvqt.exe
  C:\Windows\System\kSJxvqt.exe
  2⤵
  PID:3248
- C:\Windows\System\RXtEhXz.exe
  C:\Windows\System\RXtEhXz.exe
  2⤵
  PID:3392
- C:\Windows\System\jJYqCzW.exe
  C:\Windows\System\jJYqCzW.exe
  2⤵
  PID:3424
- C:\Windows\System\NceSJHS.exe
  C:\Windows\System\NceSJHS.exe
  2⤵
  PID:3472
- C:\Windows\System\sqFykEk.exe
  C:\Windows\System\sqFykEk.exe
  2⤵
  PID:3536
- C:\Windows\System\XMOEnCJ.exe
  C:\Windows\System\XMOEnCJ.exe
  2⤵
  PID:3516
- C:\Windows\System\VgEcISs.exe
  C:\Windows\System\VgEcISs.exe
  2⤵
  PID:3700
- C:\Windows\System\pqdXpai.exe
  C:\Windows\System\pqdXpai.exe
  2⤵
  PID:3648
- C:\Windows\System\GEnqNXO.exe
  C:\Windows\System\GEnqNXO.exe
  2⤵
  PID:3620
- C:\Windows\System\nFkCQST.exe
  C:\Windows\System\nFkCQST.exe
  2⤵
  PID:1900
- C:\Windows\System\sfCmxet.exe
  C:\Windows\System\sfCmxet.exe
  2⤵
  PID:572
- C:\Windows\System\VmvbZco.exe
  C:\Windows\System\VmvbZco.exe
  2⤵
  PID:3044
- C:\Windows\System\LKWfDau.exe
  C:\Windows\System\LKWfDau.exe
  2⤵
  PID:2376
- C:\Windows\System\rNDCklV.exe
  C:\Windows\System\rNDCklV.exe
  2⤵
  PID:3844
- C:\Windows\System\QDJnVku.exe
  C:\Windows\System\QDJnVku.exe
  2⤵
  PID:3800
- C:\Windows\System\zkzSiHe.exe
  C:\Windows\System\zkzSiHe.exe
  2⤵
  PID:3908
- C:\Windows\System\ipQwqnH.exe
  C:\Windows\System\ipQwqnH.exe
  2⤵
  PID:3892
- C:\Windows\System\PtQcRcO.exe
  C:\Windows\System\PtQcRcO.exe
  2⤵
  PID:3940
- C:\Windows\System\AlStSnP.exe
  C:\Windows\System\AlStSnP.exe
  2⤵
  PID:2632
- C:\Windows\System\DAhSbgp.exe
  C:\Windows\System\DAhSbgp.exe
  2⤵
  PID:3964
- C:\Windows\System\apMcmXW.exe
  C:\Windows\System\apMcmXW.exe
  2⤵
  PID:3988
- C:\Windows\System\QMKVrfW.exe
  C:\Windows\System\QMKVrfW.exe
  2⤵
  PID:4004
- C:\Windows\System\VuYhFWL.exe
  C:\Windows\System\VuYhFWL.exe
  2⤵
  PID:4032
- C:\Windows\System\CXsRvph.exe
  C:\Windows\System\CXsRvph.exe
  2⤵
  PID:3912
- C:\Windows\System\wVhNqnU.exe
  C:\Windows\System\wVhNqnU.exe
  2⤵
  PID:2104
- C:\Windows\System\GSqwqHX.exe
  C:\Windows\System\GSqwqHX.exe
  2⤵
  PID:4080
- C:\Windows\System\GQtnpbO.exe
  C:\Windows\System\GQtnpbO.exe
  2⤵
  PID:2728
- C:\Windows\System\IDmJEak.exe
  C:\Windows\System\IDmJEak.exe
  2⤵
  PID:2416
- C:\Windows\System\DoFmKuY.exe
  C:\Windows\System\DoFmKuY.exe
  2⤵
  PID:1840
- C:\Windows\System\VFPogcE.exe
  C:\Windows\System\VFPogcE.exe
  2⤵
  PID:2236
- C:\Windows\System\uWDjNiy.exe
  C:\Windows\System\uWDjNiy.exe
  2⤵
  PID:2004
- C:\Windows\System\zhVshUG.exe
  C:\Windows\System\zhVshUG.exe
  2⤵
  PID:1536
- C:\Windows\System\SMPNGwm.exe
  C:\Windows\System\SMPNGwm.exe
  2⤵
  PID:2340
- C:\Windows\System\uMcXHEK.exe
  C:\Windows\System\uMcXHEK.exe
  2⤵
  PID:2776
- C:\Windows\System\WplNyUW.exe
  C:\Windows\System\WplNyUW.exe
  2⤵
  PID:3224
- C:\Windows\System\qAhcMgZ.exe
  C:\Windows\System\qAhcMgZ.exe
  2⤵
  PID:3596
- C:\Windows\System\waffmuu.exe
  C:\Windows\System\waffmuu.exe
  2⤵
  PID:3264
- C:\Windows\System\eUvUFZM.exe
  C:\Windows\System\eUvUFZM.exe
  2⤵
  PID:3340
- C:\Windows\System\YWFwlkt.exe
  C:\Windows\System\YWFwlkt.exe
  2⤵
  PID:3388
- C:\Windows\System\OpwxBNl.exe
  C:\Windows\System\OpwxBNl.exe
  2⤵
  PID:3468
- C:\Windows\System\mBTXxwG.exe
  C:\Windows\System\mBTXxwG.exe
  2⤵
  PID:3500
- C:\Windows\System\jhJVksw.exe
  C:\Windows\System\jhJVksw.exe
  2⤵
  PID:3632
- C:\Windows\System\YRSDWjI.exe
  C:\Windows\System\YRSDWjI.exe
  2⤵
  PID:972
- C:\Windows\System\MZjfCMI.exe
  C:\Windows\System\MZjfCMI.exe
  2⤵
  PID:2076
- C:\Windows\System\WcVVmkA.exe
  C:\Windows\System\WcVVmkA.exe
  2⤵
  PID:2344
- C:\Windows\System\LtnAKCV.exe
  C:\Windows\System\LtnAKCV.exe
  2⤵
  PID:2276
- C:\Windows\System\KqJcYlW.exe
  C:\Windows\System\KqJcYlW.exe
  2⤵
  PID:3880
- C:\Windows\System\IOjwUjl.exe
  C:\Windows\System\IOjwUjl.exe
  2⤵
  PID:3896
- C:\Windows\System\HXUNwYs.exe
  C:\Windows\System\HXUNwYs.exe
  2⤵
  PID:2424
- C:\Windows\System\tzyLRBG.exe
  C:\Windows\System\tzyLRBG.exe
  2⤵
  PID:3944
- C:\Windows\System\QBNBQnL.exe
  C:\Windows\System\QBNBQnL.exe
  2⤵
  PID:4036
- C:\Windows\System\UEoeauh.exe
  C:\Windows\System\UEoeauh.exe
  2⤵
  PID:2396
- C:\Windows\System\dXXKcTn.exe
  C:\Windows\System\dXXKcTn.exe
  2⤵
  PID:2616
- C:\Windows\System\xODnaro.exe
  C:\Windows\System\xODnaro.exe
  2⤵
  PID:1504
- C:\Windows\System\vyKyxOY.exe
  C:\Windows\System\vyKyxOY.exe
  2⤵
  PID:612
- C:\Windows\System\muzuGLv.exe
  C:\Windows\System\muzuGLv.exe
  2⤵
  PID:2184
- C:\Windows\System\zdxifjz.exe
  C:\Windows\System\zdxifjz.exe
  2⤵
  PID:2072
- C:\Windows\System\zyGWUvN.exe
  C:\Windows\System\zyGWUvN.exe
  2⤵
  PID:3144
- C:\Windows\System\cLiXUqN.exe
  C:\Windows\System\cLiXUqN.exe
  2⤵
  PID:1224
- C:\Windows\System\JhsaEBQ.exe
  C:\Windows\System\JhsaEBQ.exe
  2⤵
  PID:3984
- C:\Windows\System\AKAutUJ.exe
  C:\Windows\System\AKAutUJ.exe
  2⤵
  PID:3376
- C:\Windows\System\NymxWCs.exe
  C:\Windows\System\NymxWCs.exe
  2⤵
  PID:3488
- C:\Windows\System\xhXjOhE.exe
  C:\Windows\System\xhXjOhE.exe
  2⤵
  PID:3532
- C:\Windows\System\prPYoSQ.exe
  C:\Windows\System\prPYoSQ.exe
  2⤵
  PID:3812
- C:\Windows\System\FDBQCjo.exe
  C:\Windows\System\FDBQCjo.exe
  2⤵
  PID:3720
- C:\Windows\System\igZvlSc.exe
  C:\Windows\System\igZvlSc.exe
  2⤵
  PID:3832
- C:\Windows\System\pOCyXAl.exe
  C:\Windows\System\pOCyXAl.exe
  2⤵
  PID:3996
- C:\Windows\System\ZRyVpOF.exe
  C:\Windows\System\ZRyVpOF.exe
  2⤵
  PID:4048
- C:\Windows\System\aFhNdjd.exe
  C:\Windows\System\aFhNdjd.exe
  2⤵
  PID:2208
- C:\Windows\System\NBiqvmK.exe
  C:\Windows\System\NBiqvmK.exe
  2⤵
  PID:3132
- C:\Windows\System\SWtjaau.exe
  C:\Windows\System\SWtjaau.exe
  2⤵
  PID:3324
- C:\Windows\System\ITTNlaZ.exe
  C:\Windows\System\ITTNlaZ.exe
  2⤵
  PID:3276
- C:\Windows\System\FDDKPYO.exe
  C:\Windows\System\FDDKPYO.exe
  2⤵
  PID:2500
- C:\Windows\System\QJJGYkZ.exe
  C:\Windows\System\QJJGYkZ.exe
  2⤵
  PID:3244
- C:\Windows\System\xjSodon.exe
  C:\Windows\System\xjSodon.exe
  2⤵
  PID:4092
- C:\Windows\System\fKTMowB.exe
  C:\Windows\System\fKTMowB.exe
  2⤵
  PID:3784
- C:\Windows\System\WZwjboz.exe
  C:\Windows\System\WZwjboz.exe
  2⤵
  PID:960
- C:\Windows\System\zpKRxWU.exe
  C:\Windows\System\zpKRxWU.exe
  2⤵
  PID:3976
- C:\Windows\System\oQGvsra.exe
  C:\Windows\System\oQGvsra.exe
  2⤵
  PID:3116
- C:\Windows\System\VVtWaDn.exe
  C:\Windows\System\VVtWaDn.exe
  2⤵
  PID:4028
- C:\Windows\System\XXPyufh.exe
  C:\Windows\System\XXPyufh.exe
  2⤵
  PID:3580
- C:\Windows\System\YdvYjAk.exe
  C:\Windows\System\YdvYjAk.exe
  2⤵
  PID:3928
- C:\Windows\System\DXlNBwg.exe
  C:\Windows\System\DXlNBwg.exe
  2⤵
  PID:3420
- C:\Windows\System\wStdRqV.exe
  C:\Windows\System\wStdRqV.exe
  2⤵
  PID:1300
- C:\Windows\System\MXEQdDz.exe
  C:\Windows\System\MXEQdDz.exe
  2⤵
  PID:3000
- C:\Windows\System\HWFpTte.exe
  C:\Windows\System\HWFpTte.exe
  2⤵
  PID:3936
- C:\Windows\System\SOxikbm.exe
  C:\Windows\System\SOxikbm.exe
  2⤵
  PID:3796
- C:\Windows\System\UaJXDBP.exe
  C:\Windows\System\UaJXDBP.exe
  2⤵
  PID:3748
- C:\Windows\System\NYfGjvA.exe
  C:\Windows\System\NYfGjvA.exe
  2⤵
  PID:2452
- C:\Windows\System\DLkaMSK.exe
  C:\Windows\System\DLkaMSK.exe
  2⤵
  PID:2420
- C:\Windows\System\NRqNQiS.exe
  C:\Windows\System\NRqNQiS.exe
  2⤵
  PID:4020
- C:\Windows\System\ujhRfWE.exe
  C:\Windows\System\ujhRfWE.exe
  2⤵
  PID:3356
- C:\Windows\System\loJxOQE.exe
  C:\Windows\System\loJxOQE.exe
  2⤵
  PID:4144
- C:\Windows\System\CSGPfNX.exe
  C:\Windows\System\CSGPfNX.exe
  2⤵
  PID:4164
- C:\Windows\System\wsVaSsv.exe
  C:\Windows\System\wsVaSsv.exe
  2⤵
  PID:4184
- C:\Windows\System\kkFCMmY.exe
  C:\Windows\System\kkFCMmY.exe
  2⤵
  PID:4204
- C:\Windows\System\cMDPMFm.exe
  C:\Windows\System\cMDPMFm.exe
  2⤵
  PID:4220
- C:\Windows\System\qNELjIW.exe
  C:\Windows\System\qNELjIW.exe
  2⤵
  PID:4240
- C:\Windows\System\kryGsDU.exe
  C:\Windows\System\kryGsDU.exe
  2⤵
  PID:4264
- C:\Windows\System\yVcYxkr.exe
  C:\Windows\System\yVcYxkr.exe
  2⤵
  PID:4280
- C:\Windows\System\RQFNHqB.exe
  C:\Windows\System\RQFNHqB.exe
  2⤵
  PID:4296
- C:\Windows\System\nYLUTgm.exe
  C:\Windows\System\nYLUTgm.exe
  2⤵
  PID:4312
- C:\Windows\System\ITQjowi.exe
  C:\Windows\System\ITQjowi.exe
  2⤵
  PID:4332
- C:\Windows\System\REByfLw.exe
  C:\Windows\System\REByfLw.exe
  2⤵
  PID:4356
- C:\Windows\System\QxlQcXG.exe
  C:\Windows\System\QxlQcXG.exe
  2⤵
  PID:4380
- C:\Windows\System\IruzZgr.exe
  C:\Windows\System\IruzZgr.exe
  2⤵
  PID:4396
- C:\Windows\System\zqNcKdz.exe
  C:\Windows\System\zqNcKdz.exe
  2⤵
  PID:4420
- C:\Windows\System\ngTszYi.exe
  C:\Windows\System\ngTszYi.exe
  2⤵
  PID:4448
- C:\Windows\System\isSKLYN.exe
  C:\Windows\System\isSKLYN.exe
  2⤵
  PID:4464
- C:\Windows\System\DiwAIhu.exe
  C:\Windows\System\DiwAIhu.exe
  2⤵
  PID:4484
- C:\Windows\System\XNqPMGD.exe
  C:\Windows\System\XNqPMGD.exe
  2⤵
  PID:4504
- C:\Windows\System\tzaHonc.exe
  C:\Windows\System\tzaHonc.exe
  2⤵
  PID:4524
- C:\Windows\System\NrkJnzg.exe
  C:\Windows\System\NrkJnzg.exe
  2⤵
  PID:4544
- C:\Windows\System\ZrSzqqi.exe
  C:\Windows\System\ZrSzqqi.exe
  2⤵
  PID:4568
- C:\Windows\System\HUaiHJK.exe
  C:\Windows\System\HUaiHJK.exe
  2⤵
  PID:4588
- C:\Windows\System\ojnGNyI.exe
  C:\Windows\System\ojnGNyI.exe
  2⤵
  PID:4608
- C:\Windows\System\yhwdmHT.exe
  C:\Windows\System\yhwdmHT.exe
  2⤵
  PID:4632
- C:\Windows\System\VOiWdgi.exe
  C:\Windows\System\VOiWdgi.exe
  2⤵
  PID:4648
- C:\Windows\System\nqEzVvd.exe
  C:\Windows\System\nqEzVvd.exe
  2⤵
  PID:4668
- C:\Windows\System\kPUfUeZ.exe
  C:\Windows\System\kPUfUeZ.exe
  2⤵
  PID:4684
- C:\Windows\System\RYaYpku.exe
  C:\Windows\System\RYaYpku.exe
  2⤵
  PID:4704
- C:\Windows\System\pUYpnxu.exe
  C:\Windows\System\pUYpnxu.exe
  2⤵
  PID:4732
- C:\Windows\System\BPrlesS.exe
  C:\Windows\System\BPrlesS.exe
  2⤵
  PID:4748
- C:\Windows\System\VUIlGwW.exe
  C:\Windows\System\VUIlGwW.exe
  2⤵
  PID:4764
- C:\Windows\System\AwzQWEt.exe
  C:\Windows\System\AwzQWEt.exe
  2⤵
  PID:4784
- C:\Windows\System\CkERJtX.exe
  C:\Windows\System\CkERJtX.exe
  2⤵
  PID:4800
- C:\Windows\System\wbUcYlZ.exe
  C:\Windows\System\wbUcYlZ.exe
  2⤵
  PID:4832
- C:\Windows\System\FRfuHxO.exe
  C:\Windows\System\FRfuHxO.exe
  2⤵
  PID:4848
- C:\Windows\System\ZqlqXrl.exe
  C:\Windows\System\ZqlqXrl.exe
  2⤵
  PID:4868
- C:\Windows\System\VgCuRqX.exe
  C:\Windows\System\VgCuRqX.exe
  2⤵
  PID:4884
- C:\Windows\System\zYhMxMD.exe
  C:\Windows\System\zYhMxMD.exe
  2⤵
  PID:4912
- C:\Windows\System\pXnjMXC.exe
  C:\Windows\System\pXnjMXC.exe
  2⤵
  PID:4928
- C:\Windows\System\JXcEPza.exe
  C:\Windows\System\JXcEPza.exe
  2⤵
  PID:4952
- C:\Windows\System\LTftjAR.exe
  C:\Windows\System\LTftjAR.exe
  2⤵
  PID:4972
- C:\Windows\System\QGdThDB.exe
  C:\Windows\System\QGdThDB.exe
  2⤵
  PID:4988
- C:\Windows\System\UgLHpDc.exe
  C:\Windows\System\UgLHpDc.exe
  2⤵
  PID:5008
- C:\Windows\System\TzbEqpy.exe
  C:\Windows\System\TzbEqpy.exe
  2⤵
  PID:5028
- C:\Windows\System\RsutHmJ.exe
  C:\Windows\System\RsutHmJ.exe
  2⤵
  PID:5048
- C:\Windows\System\uHFkrJk.exe
  C:\Windows\System\uHFkrJk.exe
  2⤵
  PID:5072
- C:\Windows\System\APPzEMU.exe
  C:\Windows\System\APPzEMU.exe
  2⤵
  PID:5088
- C:\Windows\System\DzQSJPA.exe
  C:\Windows\System\DzQSJPA.exe
  2⤵
  PID:5112
- C:\Windows\System\PKOSXnt.exe
  C:\Windows\System\PKOSXnt.exe
  2⤵
  PID:2024
- C:\Windows\System\DZhMCDn.exe
  C:\Windows\System\DZhMCDn.exe
  2⤵
  PID:4120
- C:\Windows\System\FyhBqXE.exe
  C:\Windows\System\FyhBqXE.exe
  2⤵
  PID:4112
- C:\Windows\System\nbXqodq.exe
  C:\Windows\System\nbXqodq.exe
  2⤵
  PID:4180
- C:\Windows\System\cohUEhq.exe
  C:\Windows\System\cohUEhq.exe
  2⤵
  PID:4212
- C:\Windows\System\WbQfxji.exe
  C:\Windows\System\WbQfxji.exe
  2⤵
  PID:4248
- C:\Windows\System\tJbeJoP.exe
  C:\Windows\System\tJbeJoP.exe
  2⤵
  PID:4272
- C:\Windows\System\bAbzLId.exe
  C:\Windows\System\bAbzLId.exe
  2⤵
  PID:4288
- C:\Windows\System\NwsrUvd.exe
  C:\Windows\System\NwsrUvd.exe
  2⤵
  PID:4324
- C:\Windows\System\hKMWvpt.exe
  C:\Windows\System\hKMWvpt.exe
  2⤵
  PID:4404
- C:\Windows\System\XZgdbyd.exe
  C:\Windows\System\XZgdbyd.exe
  2⤵
  PID:4416
- C:\Windows\System\Pfdeute.exe
  C:\Windows\System\Pfdeute.exe
  2⤵
  PID:4440
- C:\Windows\System\WGhYJrn.exe
  C:\Windows\System\WGhYJrn.exe
  2⤵
  PID:4456
- C:\Windows\System\QgDeEsR.exe
  C:\Windows\System\QgDeEsR.exe
  2⤵
  PID:4512
- C:\Windows\System\rssnQoP.exe
  C:\Windows\System\rssnQoP.exe
  2⤵
  PID:4540
- C:\Windows\System\lEIxUfw.exe
  C:\Windows\System\lEIxUfw.exe
  2⤵
  PID:4604
- C:\Windows\System\rwCbLhs.exe
  C:\Windows\System\rwCbLhs.exe
  2⤵
  PID:4576
- C:\Windows\System\XEFtaSp.exe
  C:\Windows\System\XEFtaSp.exe
  2⤵
  PID:4640
- C:\Windows\System\KlXNLGc.exe
  C:\Windows\System\KlXNLGc.exe
  2⤵
  PID:4728
- C:\Windows\System\eiEkIQl.exe
  C:\Windows\System\eiEkIQl.exe
  2⤵
  PID:4700
- C:\Windows\System\AJHSbwf.exe
  C:\Windows\System\AJHSbwf.exe
  2⤵
  PID:4660
- C:\Windows\System\uJIpbEq.exe
  C:\Windows\System\uJIpbEq.exe
  2⤵
  PID:4772
- C:\Windows\System\ZnLahXY.exe
  C:\Windows\System\ZnLahXY.exe
  2⤵
  PID:4820
- C:\Windows\System\yelMYmd.exe
  C:\Windows\System\yelMYmd.exe
  2⤵
  PID:4840
- C:\Windows\System\nVUTLyf.exe
  C:\Windows\System\nVUTLyf.exe
  2⤵
  PID:4908
- C:\Windows\System\lDJDeqH.exe
  C:\Windows\System\lDJDeqH.exe
  2⤵
  PID:4936
- C:\Windows\System\meZiZng.exe
  C:\Windows\System\meZiZng.exe
  2⤵
  PID:4960
- C:\Windows\System\mWwzpql.exe
  C:\Windows\System\mWwzpql.exe
  2⤵
  PID:5000
- C:\Windows\System\DUxBaNv.exe
  C:\Windows\System\DUxBaNv.exe
  2⤵
  PID:5024
- C:\Windows\System\yqiXWKK.exe
  C:\Windows\System\yqiXWKK.exe
  2⤵
  PID:5060
- C:\Windows\System\OvQurAn.exe
  C:\Windows\System\OvQurAn.exe
  2⤵
  PID:5080
- C:\Windows\System\sgJMkiu.exe
  C:\Windows\System\sgJMkiu.exe
  2⤵
  PID:3716
- C:\Windows\System\nPSbLDq.exe
  C:\Windows\System\nPSbLDq.exe
  2⤵
  PID:4172
- C:\Windows\System\vbEjpVY.exe
  C:\Windows\System\vbEjpVY.exe
  2⤵
  PID:4260
- C:\Windows\System\gfXDkAw.exe
  C:\Windows\System\gfXDkAw.exe
  2⤵
  PID:4304
- C:\Windows\System\PBEMkRS.exe
  C:\Windows\System\PBEMkRS.exe
  2⤵
  PID:4352
- C:\Windows\System\LGkcjUP.exe
  C:\Windows\System\LGkcjUP.exe
  2⤵
  PID:4376
- C:\Windows\System\mofgQuI.exe
  C:\Windows\System\mofgQuI.exe
  2⤵
  PID:4140
- C:\Windows\System\xXyARZG.exe
  C:\Windows\System\xXyARZG.exe
  2⤵
  PID:4368
- C:\Windows\System\YlYVkpj.exe
  C:\Windows\System\YlYVkpj.exe
  2⤵
  PID:4620
- C:\Windows\System\BPKjsZe.exe
  C:\Windows\System\BPKjsZe.exe
  2⤵
  PID:4496
- C:\Windows\System\MZtssSW.exe
  C:\Windows\System\MZtssSW.exe
  2⤵
  PID:4760
- C:\Windows\System\cTWfNuE.exe
  C:\Windows\System\cTWfNuE.exe
  2⤵
  PID:4792
- C:\Windows\System\eQnZVET.exe
  C:\Windows\System\eQnZVET.exe
  2⤵
  PID:4816
- C:\Windows\System\JNYhGgm.exe
  C:\Windows\System\JNYhGgm.exe
  2⤵
  PID:4864
- C:\Windows\System\yUlUVmG.exe
  C:\Windows\System\yUlUVmG.exe
  2⤵
  PID:4924
- C:\Windows\System\kDrahSC.exe
  C:\Windows\System\kDrahSC.exe
  2⤵
  PID:5020
- C:\Windows\System\QlRxOmx.exe
  C:\Windows\System\QlRxOmx.exe
  2⤵
  PID:4136
- C:\Windows\System\qWqzWTX.exe
  C:\Windows\System\qWqzWTX.exe
  2⤵
  PID:5104
- C:\Windows\System\lNUhWSk.exe
  C:\Windows\System\lNUhWSk.exe
  2⤵
  PID:4232
- C:\Windows\System\KufFFVz.exe
  C:\Windows\System\KufFFVz.exe
  2⤵
  PID:4340
- C:\Windows\System\hinZiqp.exe
  C:\Windows\System\hinZiqp.exe
  2⤵
  PID:4584
- C:\Windows\System\dbfGBfS.exe
  C:\Windows\System\dbfGBfS.exe
  2⤵
  PID:4676
- C:\Windows\System\gHpdKrA.exe
  C:\Windows\System\gHpdKrA.exe
  2⤵
  PID:4520
- C:\Windows\System\MqBeMQD.exe
  C:\Windows\System\MqBeMQD.exe
  2⤵
  PID:4560
- C:\Windows\System\ehijXAV.exe
  C:\Windows\System\ehijXAV.exe
  2⤵
  PID:4796
- C:\Windows\System\lmICSSb.exe
  C:\Windows\System\lmICSSb.exe
  2⤵
  PID:4828
- C:\Windows\System\AmUTuRB.exe
  C:\Windows\System\AmUTuRB.exe
  2⤵
  PID:4948
- C:\Windows\System\BUnOhJI.exe
  C:\Windows\System\BUnOhJI.exe
  2⤵
  PID:4744
- C:\Windows\System\dJcQDxQ.exe
  C:\Windows\System\dJcQDxQ.exe
  2⤵
  PID:3212
- C:\Windows\System\VfdlGyh.exe
  C:\Windows\System\VfdlGyh.exe
  2⤵
  PID:4108
- C:\Windows\System\DdKuzqc.exe
  C:\Windows\System\DdKuzqc.exe
  2⤵
  PID:4476
- C:\Windows\System\JQMxyHa.exe
  C:\Windows\System\JQMxyHa.exe
  2⤵
  PID:4320
- C:\Windows\System\BQSKQal.exe
  C:\Windows\System\BQSKQal.exe
  2⤵
  PID:4856
- C:\Windows\System\qUmCImU.exe
  C:\Windows\System\qUmCImU.exe
  2⤵
  PID:5100
- C:\Windows\System\TtnKQMp.exe
  C:\Windows\System\TtnKQMp.exe
  2⤵
  PID:4128
- C:\Windows\System\XKIFGdO.exe
  C:\Windows\System\XKIFGdO.exe
  2⤵
  PID:4724
- C:\Windows\System\SXTYLHu.exe
  C:\Windows\System\SXTYLHu.exe
  2⤵
  PID:4492
- C:\Windows\System\QbhlgMx.exe
  C:\Windows\System\QbhlgMx.exe
  2⤵
  PID:4624
- C:\Windows\System\wzkzGGE.exe
  C:\Windows\System\wzkzGGE.exe
  2⤵
  PID:4116
- C:\Windows\System\NpYtuIs.exe
  C:\Windows\System\NpYtuIs.exe
  2⤵
  PID:4292
- C:\Windows\System\wkcPlmA.exe
  C:\Windows\System\wkcPlmA.exe
  2⤵
  PID:4900
- C:\Windows\System\fnsjLnr.exe
  C:\Windows\System\fnsjLnr.exe
  2⤵
  PID:4984
- C:\Windows\System\FsePiVE.exe
  C:\Windows\System\FsePiVE.exe
  2⤵
  PID:4920
- C:\Windows\System\guqYORI.exe
  C:\Windows\System\guqYORI.exe
  2⤵
  PID:4968
- C:\Windows\System\vAtcDPW.exe
  C:\Windows\System\vAtcDPW.exe
  2⤵
  PID:5140
- C:\Windows\System\zUlKSNk.exe
  C:\Windows\System\zUlKSNk.exe
  2⤵
  PID:5164
- C:\Windows\System\fkQsaSa.exe
  C:\Windows\System\fkQsaSa.exe
  2⤵
  PID:5184
- C:\Windows\System\vqJPOeQ.exe
  C:\Windows\System\vqJPOeQ.exe
  2⤵
  PID:5208
- C:\Windows\System\qnBJrAV.exe
  C:\Windows\System\qnBJrAV.exe
  2⤵
  PID:5224
- C:\Windows\System\TbDuINs.exe
  C:\Windows\System\TbDuINs.exe
  2⤵
  PID:5244
- C:\Windows\System\ZcEgKSE.exe
  C:\Windows\System\ZcEgKSE.exe
  2⤵
  PID:5260
- C:\Windows\System\OqbrKrE.exe
  C:\Windows\System\OqbrKrE.exe
  2⤵
  PID:5280
- C:\Windows\System\cwKXaPa.exe
  C:\Windows\System\cwKXaPa.exe
  2⤵
  PID:5304
- C:\Windows\System\TUNaLGg.exe
  C:\Windows\System\TUNaLGg.exe
  2⤵
  PID:5328
- C:\Windows\System\vFufoFm.exe
  C:\Windows\System\vFufoFm.exe
  2⤵
  PID:5344
- C:\Windows\System\UbjbJVv.exe
  C:\Windows\System\UbjbJVv.exe
  2⤵
  PID:5364
- C:\Windows\System\CLYHBoO.exe
  C:\Windows\System\CLYHBoO.exe
  2⤵
  PID:5380
- C:\Windows\System\yCtPwXK.exe
  C:\Windows\System\yCtPwXK.exe
  2⤵
  PID:5400
- C:\Windows\System\UGJbPAd.exe
  C:\Windows\System\UGJbPAd.exe
  2⤵
  PID:5420
- C:\Windows\System\FEUSekY.exe
  C:\Windows\System\FEUSekY.exe
  2⤵
  PID:5444
- C:\Windows\System\sokQfXu.exe
  C:\Windows\System\sokQfXu.exe
  2⤵
  PID:5464
- C:\Windows\System\HsUnHLT.exe
  C:\Windows\System\HsUnHLT.exe
  2⤵
  PID:5480
- C:\Windows\System\MWvgpWb.exe
  C:\Windows\System\MWvgpWb.exe
  2⤵
  PID:5504
- C:\Windows\System\JXdbfSG.exe
  C:\Windows\System\JXdbfSG.exe
  2⤵
  PID:5528
- C:\Windows\System\PuvpJkk.exe
  C:\Windows\System\PuvpJkk.exe
  2⤵
  PID:5548
- C:\Windows\System\eWhnYMl.exe
  C:\Windows\System\eWhnYMl.exe
  2⤵
  PID:5568
- C:\Windows\System\jtKeUdq.exe
  C:\Windows\System\jtKeUdq.exe
  2⤵
  PID:5588
- C:\Windows\System\gbYHouA.exe
  C:\Windows\System\gbYHouA.exe
  2⤵
  PID:5604
- C:\Windows\System\lstCmzv.exe
  C:\Windows\System\lstCmzv.exe
  2⤵
  PID:5628
- C:\Windows\System\rrZETPF.exe
  C:\Windows\System\rrZETPF.exe
  2⤵
  PID:5652
- C:\Windows\System\YZBGPvJ.exe
  C:\Windows\System\YZBGPvJ.exe
  2⤵
  PID:5672
- C:\Windows\System\pjWwLnm.exe
  C:\Windows\System\pjWwLnm.exe
  2⤵
  PID:5688
- C:\Windows\System\UxaZVsY.exe
  C:\Windows\System\UxaZVsY.exe
  2⤵
  PID:5712
- C:\Windows\System\BNPOyxN.exe
  C:\Windows\System\BNPOyxN.exe
  2⤵
  PID:5728
- C:\Windows\System\UfYtyeA.exe
  C:\Windows\System\UfYtyeA.exe
  2⤵
  PID:5748
- C:\Windows\System\GSUPuHn.exe
  C:\Windows\System\GSUPuHn.exe
  2⤵
  PID:5768
- C:\Windows\System\XeIXTbf.exe
  C:\Windows\System\XeIXTbf.exe
  2⤵
  PID:5788
- C:\Windows\System\PofJxZE.exe
  C:\Windows\System\PofJxZE.exe
  2⤵
  PID:5804
- C:\Windows\System\yTHiyLp.exe
  C:\Windows\System\yTHiyLp.exe
  2⤵
  PID:5820
- C:\Windows\System\OkEJbHx.exe
  C:\Windows\System\OkEJbHx.exe
  2⤵
  PID:5840
- C:\Windows\System\XtinONq.exe
  C:\Windows\System\XtinONq.exe
  2⤵
  PID:5856
- C:\Windows\System\Oudfloj.exe
  C:\Windows\System\Oudfloj.exe
  2⤵
  PID:5876
- C:\Windows\System\Tryeogq.exe
  C:\Windows\System\Tryeogq.exe
  2⤵
  PID:5892
- C:\Windows\System\setsEPm.exe
  C:\Windows\System\setsEPm.exe
  2⤵
  PID:5912
- C:\Windows\System\wwhrawo.exe
  C:\Windows\System\wwhrawo.exe
  2⤵
  PID:5936
- C:\Windows\System\rChCRRm.exe
  C:\Windows\System\rChCRRm.exe
  2⤵
  PID:5972
- C:\Windows\System\JEBnThf.exe
  C:\Windows\System\JEBnThf.exe
  2⤵
  PID:5988
- C:\Windows\System\buzUlIh.exe
  C:\Windows\System\buzUlIh.exe
  2⤵
  PID:6008
- C:\Windows\System\oVyCMCc.exe
  C:\Windows\System\oVyCMCc.exe
  2⤵
  PID:6028
- C:\Windows\System\OCxOeGn.exe
  C:\Windows\System\OCxOeGn.exe
  2⤵
  PID:6052
- C:\Windows\System\KJJHMMN.exe
  C:\Windows\System\KJJHMMN.exe
  2⤵
  PID:6068
- C:\Windows\System\IahkkAF.exe
  C:\Windows\System\IahkkAF.exe
  2⤵
  PID:6092
- C:\Windows\System\nbCOGwk.exe
  C:\Windows\System\nbCOGwk.exe
  2⤵
  PID:6108
- C:\Windows\System\qVmRNKN.exe
  C:\Windows\System\qVmRNKN.exe
  2⤵
  PID:6128
- C:\Windows\System\vkbSYCW.exe
  C:\Windows\System\vkbSYCW.exe
  2⤵
  PID:5084
- C:\Windows\System\xzycmtq.exe
  C:\Windows\System\xzycmtq.exe
  2⤵
  PID:5128
- C:\Windows\System\JgPqKoM.exe
  C:\Windows\System\JgPqKoM.exe
  2⤵
  PID:5176
- C:\Windows\System\xPXPGJS.exe
  C:\Windows\System\xPXPGJS.exe
  2⤵
  PID:5200
- C:\Windows\System\EgUjSTP.exe
  C:\Windows\System\EgUjSTP.exe
  2⤵
  PID:5216
- C:\Windows\System\yZCoFvV.exe
  C:\Windows\System\yZCoFvV.exe
  2⤵
  PID:5276
- C:\Windows\System\uYMZkMA.exe
  C:\Windows\System\uYMZkMA.exe
  2⤵
  PID:5324
- C:\Windows\System\bYLKxLF.exe
  C:\Windows\System\bYLKxLF.exe
  2⤵
  PID:5352
- C:\Windows\System\CtUFFcD.exe
  C:\Windows\System\CtUFFcD.exe
  2⤵
  PID:5392
- C:\Windows\System\EuHqdwH.exe
  C:\Windows\System\EuHqdwH.exe
  2⤵
  PID:5428
- C:\Windows\System\bfwTeaX.exe
  C:\Windows\System\bfwTeaX.exe
  2⤵
  PID:5452
- C:\Windows\System\MEBBXWL.exe
  C:\Windows\System\MEBBXWL.exe
  2⤵
  PID:5460
- C:\Windows\System\XKzwIVh.exe
  C:\Windows\System\XKzwIVh.exe
  2⤵
  PID:5500
- C:\Windows\System\HDHOJEE.exe
  C:\Windows\System\HDHOJEE.exe
  2⤵
  PID:5560
- C:\Windows\System\wGBLpcy.exe
  C:\Windows\System\wGBLpcy.exe
  2⤵
  PID:5596
- C:\Windows\System\lSPwaQy.exe
  C:\Windows\System\lSPwaQy.exe
  2⤵
  PID:5636
- C:\Windows\System\JJXdKum.exe
  C:\Windows\System\JJXdKum.exe
  2⤵
  PID:5644
- C:\Windows\System\ItBNmLc.exe
  C:\Windows\System\ItBNmLc.exe
  2⤵
  PID:5668
- C:\Windows\System\KJFtdxC.exe
  C:\Windows\System\KJFtdxC.exe
  2⤵
  PID:5704
- C:\Windows\System\zscnArn.exe
  C:\Windows\System\zscnArn.exe
  2⤵
  PID:5756
- C:\Windows\System\IWtztnf.exe
  C:\Windows\System\IWtztnf.exe
  2⤵
  PID:5796
- C:\Windows\System\ASuOghY.exe
  C:\Windows\System\ASuOghY.exe
  2⤵
  PID:5836
- C:\Windows\System\xYwvJNS.exe
  C:\Windows\System\xYwvJNS.exe
  2⤵
  PID:5900
- C:\Windows\System\DOdiiFK.exe
  C:\Windows\System\DOdiiFK.exe
  2⤵
  PID:5928
- C:\Windows\System\YugOvcc.exe
  C:\Windows\System\YugOvcc.exe
  2⤵
  PID:5852
- C:\Windows\System\bzwaYLB.exe
  C:\Windows\System\bzwaYLB.exe
  2⤵
  PID:5924
- C:\Windows\System\jbZaJrb.exe
  C:\Windows\System\jbZaJrb.exe
  2⤵
  PID:5964
- C:\Windows\System\GtzmHng.exe
  C:\Windows\System\GtzmHng.exe
  2⤵
  PID:6020
- C:\Windows\System\MRcLwcE.exe
  C:\Windows\System\MRcLwcE.exe
  2⤵
  PID:6044
- C:\Windows\System\NMdnLqF.exe
  C:\Windows\System\NMdnLqF.exe
  2⤵
  PID:6080
- C:\Windows\System\qrAbSTW.exe
  C:\Windows\System\qrAbSTW.exe
  2⤵
  PID:6120
- C:\Windows\System\dQwxsKg.exe
  C:\Windows\System\dQwxsKg.exe
  2⤵
  PID:6136
- C:\Windows\System\mTELFBK.exe
  C:\Windows\System\mTELFBK.exe
  2⤵
  PID:5156
- C:\Windows\System\TVTKmQH.exe
  C:\Windows\System\TVTKmQH.exe
  2⤵
  PID:5256
- C:\Windows\System\jwIjkwD.exe
  C:\Windows\System\jwIjkwD.exe
  2⤵
  PID:5268
- C:\Windows\System\JJcaXtL.exe
  C:\Windows\System\JJcaXtL.exe
  2⤵
  PID:5292
- C:\Windows\System\OhatoSk.exe
  C:\Windows\System\OhatoSk.exe
  2⤵
  PID:5396
- C:\Windows\System\eliCHZR.exe
  C:\Windows\System\eliCHZR.exe
  2⤵
  PID:5416
- C:\Windows\System\uwuRBwT.exe
  C:\Windows\System\uwuRBwT.exe
  2⤵
  PID:5492
- C:\Windows\System\gsRZULf.exe
  C:\Windows\System\gsRZULf.exe
  2⤵
  PID:5576
- C:\Windows\System\KbwBvys.exe
  C:\Windows\System\KbwBvys.exe
  2⤵
  PID:5580
- C:\Windows\System\cRHKXQN.exe
  C:\Windows\System\cRHKXQN.exe
  2⤵
  PID:5648
- C:\Windows\System\WkkZigN.exe
  C:\Windows\System\WkkZigN.exe
  2⤵
  PID:5708
- C:\Windows\System\gAkztoy.exe
  C:\Windows\System\gAkztoy.exe
  2⤵
  PID:5684
- C:\Windows\System\UsPyNXz.exe
  C:\Windows\System\UsPyNXz.exe
  2⤵
  PID:5832
- C:\Windows\System\CooIXBL.exe
  C:\Windows\System\CooIXBL.exe
  2⤵
  PID:5864
- C:\Windows\System\TYaoWNq.exe
  C:\Windows\System\TYaoWNq.exe
  2⤵
  PID:5888
- C:\Windows\System\iTRlfKy.exe
  C:\Windows\System\iTRlfKy.exe
  2⤵
  PID:5968
- C:\Windows\System\mnpFxDG.exe
  C:\Windows\System\mnpFxDG.exe
  2⤵
  PID:6040
- C:\Windows\System\oKxmpUe.exe
  C:\Windows\System\oKxmpUe.exe
  2⤵
  PID:6116
- C:\Windows\System\TdpViMY.exe
  C:\Windows\System\TdpViMY.exe
  2⤵
  PID:5172
- C:\Windows\System\GrwVBgV.exe
  C:\Windows\System\GrwVBgV.exe
  2⤵
  PID:5192
- C:\Windows\System\zPiDiIy.exe
  C:\Windows\System\zPiDiIy.exe
  2⤵
  PID:5236
- C:\Windows\System\BFRfWlp.exe
  C:\Windows\System\BFRfWlp.exe
  2⤵
  PID:5388
- C:\Windows\System\LKffIuR.exe
  C:\Windows\System\LKffIuR.exe
  2⤵
  PID:5476
- C:\Windows\System\zUblMRC.exe
  C:\Windows\System\zUblMRC.exe
  2⤵
  PID:5620
- C:\Windows\System\udmUHON.exe
  C:\Windows\System\udmUHON.exe
  2⤵
  PID:5680
- C:\Windows\System\dTWAATj.exe
  C:\Windows\System\dTWAATj.exe
  2⤵
  PID:5720
- C:\Windows\System\UFhFIZL.exe
  C:\Windows\System\UFhFIZL.exe
  2⤵
  PID:5956
- C:\Windows\System\vfUHvSX.exe
  C:\Windows\System\vfUHvSX.exe
  2⤵
  PID:5760
- C:\Windows\System\FTdTlsS.exe
  C:\Windows\System\FTdTlsS.exe
  2⤵
  PID:6000
- C:\Windows\System\JoRvfIq.exe
  C:\Windows\System\JoRvfIq.exe
  2⤵
  PID:6076
- C:\Windows\System\QDsbbGo.exe
  C:\Windows\System\QDsbbGo.exe
  2⤵
  PID:6104
- C:\Windows\System\cVyxvwe.exe
  C:\Windows\System\cVyxvwe.exe
  2⤵
  PID:5136
- C:\Windows\System\jspMDZL.exe
  C:\Windows\System\jspMDZL.exe
  2⤵
  PID:5336
- C:\Windows\System\WTsuPup.exe
  C:\Windows\System\WTsuPup.exe
  2⤵
  PID:2248
- C:\Windows\System\mLjeAKu.exe
  C:\Windows\System\mLjeAKu.exe
  2⤵
  PID:5524
- C:\Windows\System\ckRvJrL.exe
  C:\Windows\System\ckRvJrL.exe
  2⤵
  PID:5868
- C:\Windows\System\HiToHaO.exe
  C:\Windows\System\HiToHaO.exe
  2⤵
  PID:6016
- C:\Windows\System\vPiYAjI.exe
  C:\Windows\System\vPiYAjI.exe
  2⤵
  PID:5316
- C:\Windows\System\lneTCJB.exe
  C:\Windows\System\lneTCJB.exe
  2⤵
  PID:2128
- C:\Windows\System\nYQDlMK.exe
  C:\Windows\System\nYQDlMK.exe
  2⤵
  PID:5232
- C:\Windows\System\Pchpepy.exe
  C:\Windows\System\Pchpepy.exe
  2⤵
  PID:5376
- C:\Windows\System\YlGRJTO.exe
  C:\Windows\System\YlGRJTO.exe
  2⤵
  PID:5544
- C:\Windows\System\fyeIPWa.exe
  C:\Windows\System\fyeIPWa.exe
  2⤵
  PID:5564
- C:\Windows\System\BWTdJtG.exe
  C:\Windows\System\BWTdJtG.exe
  2⤵
  PID:6088
- C:\Windows\System\vKbGKDq.exe
  C:\Windows\System\vKbGKDq.exe
  2⤵
  PID:5960
- C:\Windows\System\LmeFcNB.exe
  C:\Windows\System\LmeFcNB.exe
  2⤵
  PID:5696
- C:\Windows\System\AxFdRvk.exe
  C:\Windows\System\AxFdRvk.exe
  2⤵
  PID:5848
- C:\Windows\System\lGEebcE.exe
  C:\Windows\System\lGEebcE.exe
  2⤵
  PID:1620
- C:\Windows\System\uTOfTad.exe
  C:\Windows\System\uTOfTad.exe
  2⤵
  PID:5784
- C:\Windows\System\AKDxAvT.exe
  C:\Windows\System\AKDxAvT.exe
  2⤵
  PID:6100
- C:\Windows\System\ieztnTA.exe
  C:\Windows\System\ieztnTA.exe
  2⤵
  PID:2300
- C:\Windows\System\nVmbJhU.exe
  C:\Windows\System\nVmbJhU.exe
  2⤵
  PID:5520
- C:\Windows\System\ogpXtgj.exe
  C:\Windows\System\ogpXtgj.exe
  2⤵
  PID:6152
- C:\Windows\System\zAYNqwa.exe
  C:\Windows\System\zAYNqwa.exe
  2⤵
  PID:6176
- C:\Windows\System\iBDqeut.exe
  C:\Windows\System\iBDqeut.exe
  2⤵
  PID:6192
- C:\Windows\System\ivcNBVt.exe
  C:\Windows\System\ivcNBVt.exe
  2⤵
  PID:6212
- C:\Windows\System\YkroTrZ.exe
  C:\Windows\System\YkroTrZ.exe
  2⤵
  PID:6232
- C:\Windows\System\lVxuwQK.exe
  C:\Windows\System\lVxuwQK.exe
  2⤵
  PID:6256
- C:\Windows\System\yGNRZjJ.exe
  C:\Windows\System\yGNRZjJ.exe
  2⤵
  PID:6272
- C:\Windows\System\YdybDTs.exe
  C:\Windows\System\YdybDTs.exe
  2⤵
  PID:6288
- C:\Windows\System\CKlbJlX.exe
  C:\Windows\System\CKlbJlX.exe
  2⤵
  PID:6312
- C:\Windows\System\aYVTjdn.exe
  C:\Windows\System\aYVTjdn.exe
  2⤵
  PID:6328
- C:\Windows\System\vnQREDp.exe
  C:\Windows\System\vnQREDp.exe
  2⤵
  PID:6344
- C:\Windows\System\IqUjojx.exe
  C:\Windows\System\IqUjojx.exe
  2⤵
  PID:6360
- C:\Windows\System\AWmcrgl.exe
  C:\Windows\System\AWmcrgl.exe
  2⤵
  PID:6392
- C:\Windows\System\xPiOxIU.exe
  C:\Windows\System\xPiOxIU.exe
  2⤵
  PID:6416
- C:\Windows\System\pFTdMRS.exe
  C:\Windows\System\pFTdMRS.exe
  2⤵
  PID:6432
- C:\Windows\System\nCoasUf.exe
  C:\Windows\System\nCoasUf.exe
  2⤵
  PID:6448
- C:\Windows\System\StZxfEr.exe
  C:\Windows\System\StZxfEr.exe
  2⤵
  PID:6464
- C:\Windows\System\WbAKWBC.exe
  C:\Windows\System\WbAKWBC.exe
  2⤵
  PID:6480
- C:\Windows\System\LxUeuPB.exe
  C:\Windows\System\LxUeuPB.exe
  2⤵
  PID:6500
- C:\Windows\System\jcQiDcq.exe
  C:\Windows\System\jcQiDcq.exe
  2⤵
  PID:6520
- C:\Windows\System\rHveYty.exe
  C:\Windows\System\rHveYty.exe
  2⤵
  PID:6544
- C:\Windows\System\HQoPQUW.exe
  C:\Windows\System\HQoPQUW.exe
  2⤵
  PID:6560
- C:\Windows\System\hdLmDRD.exe
  C:\Windows\System\hdLmDRD.exe
  2⤵
  PID:6576
- C:\Windows\System\jYGWWuC.exe
  C:\Windows\System\jYGWWuC.exe
  2⤵
  PID:6596
- C:\Windows\System\zMfLKdy.exe
  C:\Windows\System\zMfLKdy.exe
  2⤵
  PID:6612
- C:\Windows\System\PJSRoQM.exe
  C:\Windows\System\PJSRoQM.exe
  2⤵
  PID:6660
- C:\Windows\System\rsRDOyf.exe
  C:\Windows\System\rsRDOyf.exe
  2⤵
  PID:6676
- C:\Windows\System\LylJlZw.exe
  C:\Windows\System\LylJlZw.exe
  2⤵
  PID:6700
- C:\Windows\System\WHUHFiu.exe
  C:\Windows\System\WHUHFiu.exe
  2⤵
  PID:6716
- C:\Windows\System\OJXGSbG.exe
  C:\Windows\System\OJXGSbG.exe
  2⤵
  PID:6740
- C:\Windows\System\QDXLeSK.exe
  C:\Windows\System\QDXLeSK.exe
  2⤵
  PID:6760
- C:\Windows\System\aZIhrzC.exe
  C:\Windows\System\aZIhrzC.exe
  2⤵
  PID:6780
- C:\Windows\System\oOuhTgG.exe
  C:\Windows\System\oOuhTgG.exe
  2⤵
  PID:6800
- C:\Windows\System\PQYeLBo.exe
  C:\Windows\System\PQYeLBo.exe
  2⤵
  PID:6820
- C:\Windows\System\KpONEiB.exe
  C:\Windows\System\KpONEiB.exe
  2⤵
  PID:6840
- C:\Windows\System\YYHJCBT.exe
  C:\Windows\System\YYHJCBT.exe
  2⤵
  PID:6864
- C:\Windows\System\mIADkLC.exe
  C:\Windows\System\mIADkLC.exe
  2⤵
  PID:6884
- C:\Windows\System\vKxORtb.exe
  C:\Windows\System\vKxORtb.exe
  2⤵
  PID:6900
- C:\Windows\System\FXWUcab.exe
  C:\Windows\System\FXWUcab.exe
  2⤵
  PID:6920
- C:\Windows\System\wKyPGFo.exe
  C:\Windows\System\wKyPGFo.exe
  2⤵
  PID:6944
- C:\Windows\System\asTAGlj.exe
  C:\Windows\System\asTAGlj.exe
  2⤵
  PID:6960
- C:\Windows\System\AqNdhuw.exe
  C:\Windows\System\AqNdhuw.exe
  2⤵
  PID:6976
- C:\Windows\System\pczVVLi.exe
  C:\Windows\System\pczVVLi.exe
  2⤵
  PID:6996
- C:\Windows\System\AhdOlrw.exe
  C:\Windows\System\AhdOlrw.exe
  2⤵
  PID:7012
- C:\Windows\System\adnYwPX.exe
  C:\Windows\System\adnYwPX.exe
  2⤵
  PID:7036
- C:\Windows\System\dhbKqKn.exe
  C:\Windows\System\dhbKqKn.exe
  2⤵
  PID:7064
- C:\Windows\System\JpSaxpe.exe
  C:\Windows\System\JpSaxpe.exe
  2⤵
  PID:7080
- C:\Windows\System\CZjpSsq.exe
  C:\Windows\System\CZjpSsq.exe
  2⤵
  PID:7104
- C:\Windows\System\YDRSMHp.exe
  C:\Windows\System\YDRSMHp.exe
  2⤵
  PID:7120
- C:\Windows\System\RMRUnYQ.exe
  C:\Windows\System\RMRUnYQ.exe
  2⤵
  PID:7144
- C:\Windows\System\bbJjakA.exe
  C:\Windows\System\bbJjakA.exe
  2⤵
  PID:7160
- C:\Windows\System\IMIgQOP.exe
  C:\Windows\System\IMIgQOP.exe
  2⤵
  PID:6164
- C:\Windows\System\JUjbpxb.exe
  C:\Windows\System\JUjbpxb.exe
  2⤵
  PID:6188
- C:\Windows\System\DMKXcRG.exe
  C:\Windows\System\DMKXcRG.exe
  2⤵
  PID:6220
- C:\Windows\System\tTngzEH.exe
  C:\Windows\System\tTngzEH.exe
  2⤵
  PID:6252
- C:\Windows\System\ZgVrofP.exe
  C:\Windows\System\ZgVrofP.exe
  2⤵
  PID:6296
- C:\Windows\System\seBfktk.exe
  C:\Windows\System\seBfktk.exe
  2⤵
  PID:6324
- C:\Windows\System\plUjmXi.exe
  C:\Windows\System\plUjmXi.exe
  2⤵
  PID:6340
- C:\Windows\System\sheJaig.exe
  C:\Windows\System\sheJaig.exe
  2⤵
  PID:6388
- C:\Windows\System\vWbkCRf.exe
  C:\Windows\System\vWbkCRf.exe
  2⤵
  PID:6412
- C:\Windows\System\kTJEKlG.exe
  C:\Windows\System\kTJEKlG.exe
  2⤵
  PID:6428
- C:\Windows\System\IjdYfiA.exe
  C:\Windows\System\IjdYfiA.exe
  2⤵
  PID:6512
- C:\Windows\System\BmgNQff.exe
  C:\Windows\System\BmgNQff.exe
  2⤵
  PID:6624
- C:\Windows\System\CogMHqA.exe
  C:\Windows\System\CogMHqA.exe
  2⤵
  PID:6568
- C:\Windows\System\KdMqHjc.exe
  C:\Windows\System\KdMqHjc.exe
  2⤵
  PID:6496
- C:\Windows\System\AyhQvEM.exe
  C:\Windows\System\AyhQvEM.exe
  2⤵
  PID:6572
- C:\Windows\System\rTubkqu.exe
  C:\Windows\System\rTubkqu.exe
  2⤵
  PID:6652
- C:\Windows\System\CbFlzOw.exe
  C:\Windows\System\CbFlzOw.exe
  2⤵
  PID:6696
- C:\Windows\System\YfboBBh.exe
  C:\Windows\System\YfboBBh.exe
  2⤵
  PID:6708
- C:\Windows\System\DcHpNvh.exe
  C:\Windows\System\DcHpNvh.exe
  2⤵
  PID:6768
- C:\Windows\System\SQsJEoL.exe
  C:\Windows\System\SQsJEoL.exe
  2⤵
  PID:6788
- C:\Windows\System\bOtBNFX.exe
  C:\Windows\System\bOtBNFX.exe
  2⤵
  PID:6848
- C:\Windows\System\mzgwCWb.exe
  C:\Windows\System\mzgwCWb.exe
  2⤵
  PID:6856
- C:\Windows\System\muQUXhB.exe
  C:\Windows\System\muQUXhB.exe
  2⤵
  PID:6892
- C:\Windows\System\TxGoumq.exe
  C:\Windows\System\TxGoumq.exe
  2⤵
  PID:6912
- C:\Windows\System\tHqNPIT.exe
  C:\Windows\System\tHqNPIT.exe
  2⤵
  PID:6972
- C:\Windows\System\pBhkati.exe
  C:\Windows\System\pBhkati.exe
  2⤵
  PID:6984
- C:\Windows\System\bbJBrYD.exe
  C:\Windows\System\bbJBrYD.exe
  2⤵
  PID:6956
- C:\Windows\System\xBpDfvu.exe
  C:\Windows\System\xBpDfvu.exe
  2⤵
  PID:7060
- C:\Windows\System\lANVxTV.exe
  C:\Windows\System\lANVxTV.exe
  2⤵
  PID:7072
- C:\Windows\System\vsukePj.exe
  C:\Windows\System\vsukePj.exe
  2⤵
  PID:7112
- C:\Windows\System\TsQKQDE.exe
  C:\Windows\System\TsQKQDE.exe
  2⤵
  PID:7132
- C:\Windows\System\TUrGVqm.exe
  C:\Windows\System\TUrGVqm.exe
  2⤵
  PID:2504
- C:\Windows\System\vnpHbKt.exe
  C:\Windows\System\vnpHbKt.exe
  2⤵
  PID:6268
- C:\Windows\System\UnABbGy.exe
  C:\Windows\System\UnABbGy.exe
  2⤵
  PID:6264
- C:\Windows\System\SwKNLIS.exe
  C:\Windows\System\SwKNLIS.exe
  2⤵
  PID:6336
- C:\Windows\System\SbquQPu.exe
  C:\Windows\System\SbquQPu.exe
  2⤵
  PID:6476
- C:\Windows\System\JCgEknl.exe
  C:\Windows\System\JCgEknl.exe
  2⤵
  PID:6440
- C:\Windows\System\DoHhkca.exe
  C:\Windows\System\DoHhkca.exe
  2⤵
  PID:6592
- C:\Windows\System\lmbJMhK.exe
  C:\Windows\System\lmbJMhK.exe
  2⤵
  PID:6636
- C:\Windows\System\vElEZzP.exe
  C:\Windows\System\vElEZzP.exe
  2⤵
  PID:6668
- C:\Windows\System\dPzenVr.exe
  C:\Windows\System\dPzenVr.exe
  2⤵
  PID:6648
- C:\Windows\System\dtQzGVl.exe
  C:\Windows\System\dtQzGVl.exe
  2⤵
  PID:6756
- C:\Windows\System\gZJTguB.exe
  C:\Windows\System\gZJTguB.exe
  2⤵
  PID:6812
- C:\Windows\System\ExotJAR.exe
  C:\Windows\System\ExotJAR.exe
  2⤵
  PID:6880
- C:\Windows\System\tZRTudh.exe
  C:\Windows\System\tZRTudh.exe
  2⤵
  PID:6940
- C:\Windows\System\bZAeDen.exe
  C:\Windows\System\bZAeDen.exe
  2⤵
  PID:6836
- C:\Windows\System\OZKBlik.exe
  C:\Windows\System\OZKBlik.exe
  2⤵
  PID:7044
- C:\Windows\System\guSFhSI.exe
  C:\Windows\System\guSFhSI.exe
  2⤵
  PID:7088
- C:\Windows\System\rcOhBfE.exe
  C:\Windows\System\rcOhBfE.exe
  2⤵
  PID:6204
- C:\Windows\System\GvSEvGt.exe
  C:\Windows\System\GvSEvGt.exe
  2⤵
  PID:7100
- C:\Windows\System\JxhKUiO.exe
  C:\Windows\System\JxhKUiO.exe
  2⤵
  PID:6160
- C:\Windows\System\RRmrzHk.exe
  C:\Windows\System\RRmrzHk.exe
  2⤵
  PID:6228
- C:\Windows\System\wiuJjbh.exe
  C:\Windows\System\wiuJjbh.exe
  2⤵
  PID:6408
- C:\Windows\System\sYEgCse.exe
  C:\Windows\System\sYEgCse.exe
  2⤵
  PID:6552
- C:\Windows\System\cyjUzNO.exe
  C:\Windows\System\cyjUzNO.exe
  2⤵
  PID:6688
- C:\Windows\System\SiDCFPm.exe
  C:\Windows\System\SiDCFPm.exe
  2⤵
  PID:6792
- C:\Windows\System\qEqmjnC.exe
  C:\Windows\System\qEqmjnC.exe
  2⤵
  PID:6732
- C:\Windows\System\RDaHyAh.exe
  C:\Windows\System\RDaHyAh.exe
  2⤵
  PID:6772
- C:\Windows\System\BXvQKCz.exe
  C:\Windows\System\BXvQKCz.exe
  2⤵
  PID:6908
- C:\Windows\System\qbfyiem.exe
  C:\Windows\System\qbfyiem.exe
  2⤵
  PID:7048
- C:\Windows\System\EkiFpIU.exe
  C:\Windows\System\EkiFpIU.exe
  2⤵
  PID:7156
- C:\Windows\System\HLaDQxJ.exe
  C:\Windows\System\HLaDQxJ.exe
  2⤵
  PID:6308
- C:\Windows\System\JxeslCM.exe
  C:\Windows\System\JxeslCM.exe
  2⤵
  PID:6240
- C:\Windows\System\aYIicye.exe
  C:\Windows\System\aYIicye.exe
  2⤵
  PID:6584
- C:\Windows\System\QzXFTpw.exe
  C:\Windows\System\QzXFTpw.exe
  2⤵
  PID:6456
- C:\Windows\System\tNdEdYL.exe
  C:\Windows\System\tNdEdYL.exe
  2⤵
  PID:6808
- C:\Windows\System\ppGGHea.exe
  C:\Windows\System\ppGGHea.exe
  2⤵
  PID:7028
- C:\Windows\System\NoPkUHA.exe
  C:\Windows\System\NoPkUHA.exe
  2⤵
  PID:7092
- C:\Windows\System\WwnEybv.exe
  C:\Windows\System\WwnEybv.exe
  2⤵
  PID:7116
- C:\Windows\System\jFFENJO.exe
  C:\Windows\System\jFFENJO.exe
  2⤵
  PID:6444
- C:\Windows\System\oTVSouT.exe
  C:\Windows\System\oTVSouT.exe
  2⤵
  PID:6796
- C:\Windows\System\nuIzJof.exe
  C:\Windows\System\nuIzJof.exe
  2⤵
  PID:6692
- C:\Windows\System\GFpWKwq.exe
  C:\Windows\System\GFpWKwq.exe
  2⤵
  PID:6632
- C:\Windows\System\NTtzmXa.exe
  C:\Windows\System\NTtzmXa.exe
  2⤵
  PID:6372
- C:\Windows\System\DyjIUAk.exe
  C:\Windows\System\DyjIUAk.exe
  2⤵
  PID:6992
- C:\Windows\System\tdcttwm.exe
  C:\Windows\System\tdcttwm.exe
  2⤵
  PID:6536
- C:\Windows\System\dkDrrmT.exe
  C:\Windows\System\dkDrrmT.exe
  2⤵
  PID:4996
- C:\Windows\System\GlZimwh.exe
  C:\Windows\System\GlZimwh.exe
  2⤵
  PID:7180
- C:\Windows\System\SsADwxG.exe
  C:\Windows\System\SsADwxG.exe
  2⤵
  PID:7196
- C:\Windows\System\TGqOclG.exe
  C:\Windows\System\TGqOclG.exe
  2⤵
  PID:7212
- C:\Windows\System\svZiKws.exe
  C:\Windows\System\svZiKws.exe
  2⤵
  PID:7228
- C:\Windows\System\oUkqQeo.exe
  C:\Windows\System\oUkqQeo.exe
  2⤵
  PID:7248
- C:\Windows\System\lcZHgGn.exe
  C:\Windows\System\lcZHgGn.exe
  2⤵
  PID:7264
- C:\Windows\System\sWZkrmO.exe
  C:\Windows\System\sWZkrmO.exe
  2⤵
  PID:7280
- C:\Windows\System\JclalzR.exe
  C:\Windows\System\JclalzR.exe
  2⤵
  PID:7304
- C:\Windows\System\vHPsCiD.exe
  C:\Windows\System\vHPsCiD.exe
  2⤵
  PID:7320
- C:\Windows\System\CIJNjOA.exe
  C:\Windows\System\CIJNjOA.exe
  2⤵
  PID:7340
- C:\Windows\System\YTwGXkm.exe
  C:\Windows\System\YTwGXkm.exe
  2⤵
  PID:7404
- C:\Windows\System\IELwvjy.exe
  C:\Windows\System\IELwvjy.exe
  2⤵
  PID:7440
- C:\Windows\System\Smklzup.exe
  C:\Windows\System\Smklzup.exe
  2⤵
  PID:7456
- C:\Windows\System\AMtfaHE.exe
  C:\Windows\System\AMtfaHE.exe
  2⤵
  PID:7480
- C:\Windows\System\HoxBCiq.exe
  C:\Windows\System\HoxBCiq.exe
  2⤵
  PID:7504
- C:\Windows\System\nLeiNFn.exe
  C:\Windows\System\nLeiNFn.exe
  2⤵
  PID:7524
- C:\Windows\System\qRuQMUn.exe
  C:\Windows\System\qRuQMUn.exe
  2⤵
  PID:7540
- C:\Windows\System\SfLDGdf.exe
  C:\Windows\System\SfLDGdf.exe
  2⤵
  PID:7560
- C:\Windows\System\jnCEigl.exe
  C:\Windows\System\jnCEigl.exe
  2⤵
  PID:7576
- C:\Windows\System\hmhkmed.exe
  C:\Windows\System\hmhkmed.exe
  2⤵
  PID:7592
- C:\Windows\System\RdQjMHB.exe
  C:\Windows\System\RdQjMHB.exe
  2⤵
  PID:7608
- C:\Windows\System\oOxKsXZ.exe
  C:\Windows\System\oOxKsXZ.exe
  2⤵
  PID:7628
- C:\Windows\System\MPHOozR.exe
  C:\Windows\System\MPHOozR.exe
  2⤵
  PID:7652
- C:\Windows\System\nQrLQQm.exe
  C:\Windows\System\nQrLQQm.exe
  2⤵
  PID:7680
- C:\Windows\System\tCleNov.exe
  C:\Windows\System\tCleNov.exe
  2⤵
  PID:7700
- C:\Windows\System\CJvirKk.exe
  C:\Windows\System\CJvirKk.exe
  2⤵
  PID:7720
- C:\Windows\System\ymxXRHV.exe
  C:\Windows\System\ymxXRHV.exe
  2⤵
  PID:7736
- C:\Windows\System\VHtiMSH.exe
  C:\Windows\System\VHtiMSH.exe
  2⤵
  PID:7760
- C:\Windows\System\IQFZamC.exe
  C:\Windows\System\IQFZamC.exe
  2⤵
  PID:7776
- C:\Windows\System\laIvXUy.exe
  C:\Windows\System\laIvXUy.exe
  2⤵
  PID:7800
- C:\Windows\System\hSTTcbx.exe
  C:\Windows\System\hSTTcbx.exe
  2⤵
  PID:7820
- C:\Windows\System\XlCcPrb.exe
  C:\Windows\System\XlCcPrb.exe
  2⤵
  PID:7836
- C:\Windows\System\sewMYRc.exe
  C:\Windows\System\sewMYRc.exe
  2⤵
  PID:7856
- C:\Windows\System\QWLMxHB.exe
  C:\Windows\System\QWLMxHB.exe
  2⤵
  PID:7880
- C:\Windows\System\GYLPoFJ.exe
  C:\Windows\System\GYLPoFJ.exe
  2⤵
  PID:7900
- C:\Windows\System\ILPaWKu.exe
  C:\Windows\System\ILPaWKu.exe
  2⤵
  PID:7920
- C:\Windows\System\eANbzxi.exe
  C:\Windows\System\eANbzxi.exe
  2⤵
  PID:7936
- C:\Windows\System\mSiMEfX.exe
  C:\Windows\System\mSiMEfX.exe
  2⤵
  PID:7956
- C:\Windows\System\iSpjmOW.exe
  C:\Windows\System\iSpjmOW.exe
  2⤵
  PID:7972
- C:\Windows\System\QmOFaEs.exe
  C:\Windows\System\QmOFaEs.exe
  2⤵
  PID:7992
- C:\Windows\System\NLEoOTw.exe
  C:\Windows\System\NLEoOTw.exe
  2⤵
  PID:8008
- C:\Windows\System\exjjgUi.exe
  C:\Windows\System\exjjgUi.exe
  2⤵
  PID:8032
- C:\Windows\System\WBbZSvF.exe
  C:\Windows\System\WBbZSvF.exe
  2⤵
  PID:8052
- C:\Windows\System\OHaCYUd.exe
  C:\Windows\System\OHaCYUd.exe
  2⤵
  PID:8068
- C:\Windows\System\AayPmUa.exe
  C:\Windows\System\AayPmUa.exe
  2⤵
  PID:8088
- C:\Windows\System\YKfEQsS.exe
  C:\Windows\System\YKfEQsS.exe
  2⤵
  PID:8128
- C:\Windows\System\ALLiXTb.exe
  C:\Windows\System\ALLiXTb.exe
  2⤵
  PID:8144
- C:\Windows\System\ebJXNYt.exe
  C:\Windows\System\ebJXNYt.exe
  2⤵
  PID:8164
- C:\Windows\System\fzhlhYt.exe
  C:\Windows\System\fzhlhYt.exe
  2⤵
  PID:8184
- C:\Windows\System\jwGNjZN.exe
  C:\Windows\System\jwGNjZN.exe
  2⤵
  PID:7192
- C:\Windows\System\fSTjHQX.exe
  C:\Windows\System\fSTjHQX.exe
  2⤵
  PID:7208
- C:\Windows\System\xEIKehj.exe
  C:\Windows\System\xEIKehj.exe
  2⤵
  PID:7256
- C:\Windows\System\OzMaSbJ.exe
  C:\Windows\System\OzMaSbJ.exe
  2⤵
  PID:7272
- C:\Windows\System\LHLAZuA.exe
  C:\Windows\System\LHLAZuA.exe
  2⤵
  PID:7332
- C:\Windows\System\SnJNEzh.exe
  C:\Windows\System\SnJNEzh.exe
  2⤵
  PID:7292
- C:\Windows\System\FRDqJDK.exe
  C:\Windows\System\FRDqJDK.exe
  2⤵
  PID:7380
- C:\Windows\System\HThaayJ.exe
  C:\Windows\System\HThaayJ.exe
  2⤵
  PID:7412
- C:\Windows\System\pUkRCiu.exe
  C:\Windows\System\pUkRCiu.exe
  2⤵
  PID:7432
- C:\Windows\System\KADQiKJ.exe
  C:\Windows\System\KADQiKJ.exe
  2⤵
  PID:7452
- C:\Windows\System\DzOBxjK.exe
  C:\Windows\System\DzOBxjK.exe
  2⤵
  PID:7472
- C:\Windows\System\RVWABcU.exe
  C:\Windows\System\RVWABcU.exe
  2⤵
  PID:7520
- C:\Windows\System\OJnXeJS.exe
  C:\Windows\System\OJnXeJS.exe
  2⤵
  PID:7556
- C:\Windows\System\nzPRVyi.exe
  C:\Windows\System\nzPRVyi.exe
  2⤵
  PID:7620
- C:\Windows\System\gJzVhFY.exe
  C:\Windows\System\gJzVhFY.exe
  2⤵
  PID:7664
- C:\Windows\System\UApmoRm.exe
  C:\Windows\System\UApmoRm.exe
  2⤵
  PID:7676
- C:\Windows\System\bUqbdIF.exe
  C:\Windows\System\bUqbdIF.exe
  2⤵
  PID:7640
- C:\Windows\System\CuDQmos.exe
  C:\Windows\System\CuDQmos.exe
  2⤵
  PID:7692
- C:\Windows\System\fpEyLIk.exe
  C:\Windows\System\fpEyLIk.exe
  2⤵
  PID:7744
- C:\Windows\System\vBZSqKh.exe
  C:\Windows\System\vBZSqKh.exe
  2⤵
  PID:7784
- C:\Windows\System\WpEeNMo.exe
  C:\Windows\System\WpEeNMo.exe
  2⤵
  PID:7768
- C:\Windows\System\sWtIyBy.exe
  C:\Windows\System\sWtIyBy.exe
  2⤵
  PID:7828
- C:\Windows\System\jMJZWUx.exe
  C:\Windows\System\jMJZWUx.exe
  2⤵
  PID:7816
- C:\Windows\System\KhQdmCY.exe
  C:\Windows\System\KhQdmCY.exe
  2⤵
  PID:7944
- C:\Windows\System\tlduLYr.exe
  C:\Windows\System\tlduLYr.exe
  2⤵
  PID:7852
- C:\Windows\System\kPiOhRk.exe
  C:\Windows\System\kPiOhRk.exe
  2⤵
  PID:7984
- C:\Windows\System\scWSCnZ.exe
  C:\Windows\System\scWSCnZ.exe
  2⤵
  PID:8028
- C:\Windows\System\HgsZyWX.exe
  C:\Windows\System\HgsZyWX.exe
  2⤵
  PID:7964
- C:\Windows\System\lWByTZd.exe
  C:\Windows\System\lWByTZd.exe
  2⤵
  PID:8108
- C:\Windows\System\OycghOE.exe
  C:\Windows\System\OycghOE.exe
  2⤵
  PID:7932
- C:\Windows\System\RMgdaxC.exe
  C:\Windows\System\RMgdaxC.exe
  2⤵
  PID:8000
- C:\Windows\System\nWEIqJU.exe
  C:\Windows\System\nWEIqJU.exe
  2⤵
  PID:8100
- C:\Windows\System\PbEHjBS.exe
  C:\Windows\System\PbEHjBS.exe
  2⤵
  PID:8160
- C:\Windows\System\nDevQpn.exe
  C:\Windows\System\nDevQpn.exe
  2⤵
  PID:8176
- C:\Windows\System\djHekey.exe
  C:\Windows\System\djHekey.exe
  2⤵
  PID:7224
- C:\Windows\System\Rwdbrbn.exe
  C:\Windows\System\Rwdbrbn.exe
  2⤵
  PID:7364
- C:\Windows\System\KUMxeQe.exe
  C:\Windows\System\KUMxeQe.exe
  2⤵
  PID:7276
- C:\Windows\System\kSajnrZ.exe
  C:\Windows\System\kSajnrZ.exe
  2⤵
  PID:7244
- C:\Windows\System\JknBijO.exe
  C:\Windows\System\JknBijO.exe
  2⤵
  PID:7296
- C:\Windows\System\YQdsWqk.exe
  C:\Windows\System\YQdsWqk.exe
  2⤵
  PID:7428
- C:\Windows\System\MQmnzdy.exe
  C:\Windows\System\MQmnzdy.exe
  2⤵
  PID:7496
- C:\Windows\System\tdKhWln.exe
  C:\Windows\System\tdKhWln.exe
  2⤵
  PID:7660
- C:\Windows\System\jHpPxUg.exe
  C:\Windows\System\jHpPxUg.exe
  2⤵
  PID:7672
- C:\Windows\System\GkGxfTC.exe
  C:\Windows\System\GkGxfTC.exe
  2⤵
  PID:7716
- C:\Windows\System\esUlIwO.exe
  C:\Windows\System\esUlIwO.exe
  2⤵
  PID:7728
- C:\Windows\System\biIyOLd.exe
  C:\Windows\System\biIyOLd.exe
  2⤵
  PID:7832
- C:\Windows\System\KbkueQT.exe
  C:\Windows\System\KbkueQT.exe
  2⤵
  PID:7876
- C:\Windows\System\afMqjAG.exe
  C:\Windows\System\afMqjAG.exe
  2⤵
  PID:7844
- C:\Windows\System\zKevWmX.exe
  C:\Windows\System\zKevWmX.exe
  2⤵
  PID:7896
- C:\Windows\System\EqYIRjI.exe
  C:\Windows\System\EqYIRjI.exe
  2⤵
  PID:8024
- C:\Windows\System\uNLioip.exe
  C:\Windows\System\uNLioip.exe
  2⤵
  PID:8104
- C:\Windows\System\BGEohOD.exe
  C:\Windows\System\BGEohOD.exe
  2⤵
  PID:8076
- C:\Windows\System\nfgAxer.exe
  C:\Windows\System\nfgAxer.exe
  2⤵
  PID:8080
- C:\Windows\System\EKmTkGk.exe
  C:\Windows\System\EKmTkGk.exe
  2⤵
  PID:8180
- C:\Windows\System\QITLWhZ.exe
  C:\Windows\System\QITLWhZ.exe
  2⤵
  PID:7176
- C:\Windows\System\itiBywo.exe
  C:\Windows\System\itiBywo.exe
  2⤵
  PID:7172
- C:\Windows\System\toOemJV.exe
  C:\Windows\System\toOemJV.exe
  2⤵
  PID:7420
- C:\Windows\System\FBEpVpn.exe
  C:\Windows\System\FBEpVpn.exe
  2⤵
  PID:7336
- C:\Windows\System\notbcWt.exe
  C:\Windows\System\notbcWt.exe
  2⤵
  PID:7548
- C:\Windows\System\WvmGznN.exe
  C:\Windows\System\WvmGznN.exe
  2⤵
  PID:7636
- C:\Windows\System\STEznyA.exe
  C:\Windows\System\STEznyA.exe
  2⤵
  PID:8124
- C:\Windows\System\UPNrbuQ.exe
  C:\Windows\System\UPNrbuQ.exe
  2⤵
  PID:7588
- C:\Windows\System\DctPzaE.exe
  C:\Windows\System\DctPzaE.exe
  2⤵
  PID:7872
- C:\Windows\System\YpjXcsn.exe
  C:\Windows\System\YpjXcsn.exe
  2⤵
  PID:7952
- C:\Windows\System\WvRpUZn.exe
  C:\Windows\System\WvRpUZn.exe
  2⤵
  PID:8020
- C:\Windows\System\FBXaUdG.exe
  C:\Windows\System\FBXaUdG.exe
  2⤵
  PID:6752
- C:\Windows\System\TxnHhqG.exe
  C:\Windows\System\TxnHhqG.exe
  2⤵
  PID:7392
- C:\Windows\System\eqoLCAm.exe
  C:\Windows\System\eqoLCAm.exe
  2⤵
  PID:7532
- C:\Windows\System\xuwsExE.exe
  C:\Windows\System\xuwsExE.exe
  2⤵
  PID:7552
- C:\Windows\System\tqCdbkM.exe
  C:\Windows\System\tqCdbkM.exe
  2⤵
  PID:7748
- C:\Windows\System\pYjzdiL.exe
  C:\Windows\System\pYjzdiL.exe
  2⤵
  PID:7864
- C:\Windows\System\SYDXnQU.exe
  C:\Windows\System\SYDXnQU.exe
  2⤵
  PID:8040
- C:\Windows\System\gFikDnp.exe
  C:\Windows\System\gFikDnp.exe
  2⤵
  PID:7376
- C:\Windows\System\Nwemlua.exe
  C:\Windows\System\Nwemlua.exe
  2⤵
  PID:7396
- C:\Windows\System\JgtnHUb.exe
  C:\Windows\System\JgtnHUb.exe
  2⤵
  PID:7536
- C:\Windows\System\KHMoosB.exe
  C:\Windows\System\KHMoosB.exe
  2⤵
  PID:7424
- C:\Windows\System\oWXYuSw.exe
  C:\Windows\System\oWXYuSw.exe
  2⤵
  PID:7328
- C:\Windows\System\CZQKCle.exe
  C:\Windows\System\CZQKCle.exe
  2⤵
  PID:8152
- C:\Windows\System\aTrlMrc.exe
  C:\Windows\System\aTrlMrc.exe
  2⤵
  PID:7848
- C:\Windows\System\Lrsuqzt.exe
  C:\Windows\System\Lrsuqzt.exe
  2⤵
  PID:8196
- C:\Windows\System\grSuxzR.exe
  C:\Windows\System\grSuxzR.exe
  2⤵
  PID:8212
- C:\Windows\System\OsgbBhd.exe
  C:\Windows\System\OsgbBhd.exe
  2⤵
  PID:8228
- C:\Windows\System\cHCypAl.exe
  C:\Windows\System\cHCypAl.exe
  2⤵
  PID:8248
- C:\Windows\System\uofkgpB.exe
  C:\Windows\System\uofkgpB.exe
  2⤵
  PID:8264
- C:\Windows\System\ucgHQxf.exe
  C:\Windows\System\ucgHQxf.exe
  2⤵
  PID:8280
- C:\Windows\System\pSALNpi.exe
  C:\Windows\System\pSALNpi.exe
  2⤵
  PID:8296
- C:\Windows\System\scLvBXk.exe
  C:\Windows\System\scLvBXk.exe
  2⤵
  PID:8312
- C:\Windows\System\uXrFRHS.exe
  C:\Windows\System\uXrFRHS.exe
  2⤵
  PID:8328
- C:\Windows\System\txnDusY.exe
  C:\Windows\System\txnDusY.exe
  2⤵
  PID:8344
- C:\Windows\System\LTpIdZC.exe
  C:\Windows\System\LTpIdZC.exe
  2⤵
  PID:8360
- C:\Windows\System\CrgZEwh.exe
  C:\Windows\System\CrgZEwh.exe
  2⤵
  PID:8376
- C:\Windows\System\TPljGJo.exe
  C:\Windows\System\TPljGJo.exe
  2⤵
  PID:8392
- C:\Windows\System\VJGvVTT.exe
  C:\Windows\System\VJGvVTT.exe
  2⤵
  PID:8408
- C:\Windows\System\rLuSLHt.exe
  C:\Windows\System\rLuSLHt.exe
  2⤵
  PID:8424
- C:\Windows\System\uJmXNpt.exe
  C:\Windows\System\uJmXNpt.exe
  2⤵
  PID:8440
- C:\Windows\System\GTSYkAZ.exe
  C:\Windows\System\GTSYkAZ.exe
  2⤵
  PID:8460
- C:\Windows\System\hNcLdKu.exe
  C:\Windows\System\hNcLdKu.exe
  2⤵
  PID:8484
- C:\Windows\System\idvRMaU.exe
  C:\Windows\System\idvRMaU.exe
  2⤵
  PID:8508
- C:\Windows\System\PjgLTIH.exe
  C:\Windows\System\PjgLTIH.exe
  2⤵
  PID:8524
- C:\Windows\System\lXnIPOz.exe
  C:\Windows\System\lXnIPOz.exe
  2⤵
  PID:8544
- C:\Windows\System\YgoayVG.exe
  C:\Windows\System\YgoayVG.exe
  2⤵
  PID:8560
- C:\Windows\System\CQlcPJV.exe
  C:\Windows\System\CQlcPJV.exe
  2⤵
  PID:8576
- C:\Windows\System\iRfhlat.exe
  C:\Windows\System\iRfhlat.exe
  2⤵
  PID:8596
- C:\Windows\System\phdtWYm.exe
  C:\Windows\System\phdtWYm.exe
  2⤵
  PID:8616
- C:\Windows\System\jSrJmlR.exe
  C:\Windows\System\jSrJmlR.exe
  2⤵
  PID:8632
- C:\Windows\System\fVbEVzW.exe
  C:\Windows\System\fVbEVzW.exe
  2⤵
  PID:8648
- C:\Windows\System\GBnnZXJ.exe
  C:\Windows\System\GBnnZXJ.exe
  2⤵
  PID:8676
- C:\Windows\System\guQAlqQ.exe
  C:\Windows\System\guQAlqQ.exe
  2⤵
  PID:8696
- C:\Windows\System\qcAwzcg.exe
  C:\Windows\System\qcAwzcg.exe
  2⤵
  PID:8728
- C:\Windows\System\TldgUFm.exe
  C:\Windows\System\TldgUFm.exe
  2⤵
  PID:8744
- C:\Windows\System\EpTLmHP.exe
  C:\Windows\System\EpTLmHP.exe
  2⤵
  PID:8764
- C:\Windows\System\qPBMHtt.exe
  C:\Windows\System\qPBMHtt.exe
  2⤵
  PID:8784
- C:\Windows\System\zJjHKXV.exe
  C:\Windows\System\zJjHKXV.exe
  2⤵
  PID:8800
- C:\Windows\System\tSFSPwD.exe
  C:\Windows\System\tSFSPwD.exe
  2⤵
  PID:8816
- C:\Windows\System\tfKaxzd.exe
  C:\Windows\System\tfKaxzd.exe
  2⤵
  PID:8840
- C:\Windows\System\IaIrojq.exe
  C:\Windows\System\IaIrojq.exe
  2⤵
  PID:8860
- C:\Windows\System\YKinpxZ.exe
  C:\Windows\System\YKinpxZ.exe
  2⤵
  PID:8876
- C:\Windows\System\sBeGTny.exe
  C:\Windows\System\sBeGTny.exe
  2⤵
  PID:8896
- C:\Windows\System\nLgbzge.exe
  C:\Windows\System\nLgbzge.exe
  2⤵
  PID:8916
- C:\Windows\System\mbniluI.exe
  C:\Windows\System\mbniluI.exe
  2⤵
  PID:8936
- C:\Windows\System\mlMSqTC.exe
  C:\Windows\System\mlMSqTC.exe
  2⤵
  PID:8956
- C:\Windows\System\RyiohLM.exe
  C:\Windows\System\RyiohLM.exe
  2⤵
  PID:8972
- C:\Windows\System\tEecVOh.exe
  C:\Windows\System\tEecVOh.exe
  2⤵
  PID:8992
- C:\Windows\System\AIXfyiA.exe
  C:\Windows\System\AIXfyiA.exe
  2⤵
  PID:9008
- C:\Windows\System\FhpDxfY.exe
  C:\Windows\System\FhpDxfY.exe
  2⤵
  PID:9024
- C:\Windows\System\OeyrraC.exe
  C:\Windows\System\OeyrraC.exe
  2⤵
  PID:9040
- C:\Windows\System\EimZbsW.exe
  C:\Windows\System\EimZbsW.exe
  2⤵
  PID:9064
- C:\Windows\System\THExQdc.exe
  C:\Windows\System\THExQdc.exe
  2⤵
  PID:9088
- C:\Windows\System\vkmGhvt.exe
  C:\Windows\System\vkmGhvt.exe
  2⤵
  PID:9104
- C:\Windows\System\uFILbBw.exe
  C:\Windows\System\uFILbBw.exe
  2⤵
  PID:9120
- C:\Windows\System\PRmZHId.exe
  C:\Windows\System\PRmZHId.exe
  2⤵
  PID:9136
- C:\Windows\System\ivgCvtu.exe
  C:\Windows\System\ivgCvtu.exe
  2⤵
  PID:9172
- C:\Windows\System\DCfCNsT.exe
  C:\Windows\System\DCfCNsT.exe
  2⤵
  PID:9200
- C:\Windows\System\KUiKOqK.exe
  C:\Windows\System\KUiKOqK.exe
  2⤵
  PID:7796
- C:\Windows\System\sHrqLVz.exe
  C:\Windows\System\sHrqLVz.exe
  2⤵
  PID:8236
- C:\Windows\System\BNfFHHU.exe
  C:\Windows\System\BNfFHHU.exe
  2⤵
  PID:8272
- C:\Windows\System\toKgvRw.exe
  C:\Windows\System\toKgvRw.exe
  2⤵
  PID:8304
- C:\Windows\System\HpBeVSl.exe
  C:\Windows\System\HpBeVSl.exe
  2⤵
  PID:8288
- C:\Windows\System\xUPemNR.exe
  C:\Windows\System\xUPemNR.exe
  2⤵
  PID:8404
- C:\Windows\System\GjKtmHh.exe
  C:\Windows\System\GjKtmHh.exe
  2⤵
  PID:8436
- C:\Windows\System\jgvjERP.exe
  C:\Windows\System\jgvjERP.exe
  2⤵
  PID:8384
- C:\Windows\System\vivChBs.exe
  C:\Windows\System\vivChBs.exe
  2⤵
  PID:8468
- C:\Windows\System\AqYKiob.exe
  C:\Windows\System\AqYKiob.exe
  2⤵
  PID:8496
- C:\Windows\System\XslibjE.exe
  C:\Windows\System\XslibjE.exe
  2⤵
  PID:8500
- C:\Windows\System\ACVNZkW.exe
  C:\Windows\System\ACVNZkW.exe
  2⤵
  PID:8572
- C:\Windows\System\lmSBiKZ.exe
  C:\Windows\System\lmSBiKZ.exe
  2⤵
  PID:8628
- C:\Windows\System\yMifqWf.exe
  C:\Windows\System\yMifqWf.exe
  2⤵
  PID:8644
- C:\Windows\System\xclFJIT.exe
  C:\Windows\System\xclFJIT.exe
  2⤵
  PID:8724
- C:\Windows\System\nfIPsJB.exe
  C:\Windows\System\nfIPsJB.exe
  2⤵
  PID:8756
- C:\Windows\System\sJRbTLn.exe
  C:\Windows\System\sJRbTLn.exe
  2⤵
  PID:8792
- C:\Windows\System\dSEqlGy.exe
  C:\Windows\System\dSEqlGy.exe
  2⤵
  PID:8812
- C:\Windows\System\IoCiUVw.exe
  C:\Windows\System\IoCiUVw.exe
  2⤵
  PID:8836
- C:\Windows\System\ncIxksc.exe
  C:\Windows\System\ncIxksc.exe
  2⤵
  PID:8888
- C:\Windows\System\aNJkSEp.exe
  C:\Windows\System\aNJkSEp.exe
  2⤵
  PID:8912
- C:\Windows\System\JVAIqWV.exe
  C:\Windows\System\JVAIqWV.exe
  2⤵
  PID:8980
- C:\Windows\System\vXunUjE.exe
  C:\Windows\System\vXunUjE.exe
  2⤵
  PID:9036
- C:\Windows\System\xygbljJ.exe
  C:\Windows\System\xygbljJ.exe
  2⤵
  PID:9048
- C:\Windows\System\hzmFYFY.exe
  C:\Windows\System\hzmFYFY.exe
  2⤵
  PID:9084
- C:\Windows\System\SXVOKsO.exe
  C:\Windows\System\SXVOKsO.exe
  2⤵
  PID:9100
- C:\Windows\System\OONMpYU.exe
  C:\Windows\System\OONMpYU.exe
  2⤵
  PID:9080
- C:\Windows\System\RyrQdQz.exe
  C:\Windows\System\RyrQdQz.exe
  2⤵
  PID:9152
- C:\Windows\System\RMARBRP.exe
  C:\Windows\System\RMARBRP.exe
  2⤵
  PID:9188
- C:\Windows\System\VHItAvN.exe
  C:\Windows\System\VHItAvN.exe
  2⤵
  PID:8224
- C:\Windows\System\sQOAdYm.exe
  C:\Windows\System\sQOAdYm.exe
  2⤵
  PID:9160
- C:\Windows\System\pQZRodd.exe
  C:\Windows\System\pQZRodd.exe
  2⤵
  PID:8276
- C:\Windows\System\NSqZesr.exe
  C:\Windows\System\NSqZesr.exe
  2⤵
  PID:8372
- C:\Windows\System\DOICKfW.exe
  C:\Windows\System\DOICKfW.exe
  2⤵
  PID:8324
- C:\Windows\System\XtWDiMM.exe
  C:\Windows\System\XtWDiMM.exe
  2⤵
  PID:8584
- C:\Windows\System\wzfioxd.exe
  C:\Windows\System\wzfioxd.exe
  2⤵
  PID:8556
- C:\Windows\System\hOVGywJ.exe
  C:\Windows\System\hOVGywJ.exe
  2⤵
  PID:8608
- C:\Windows\System\XrBgdPK.exe
  C:\Windows\System\XrBgdPK.exe
  2⤵
  PID:8720
- C:\Windows\System\OseUyVl.exe
  C:\Windows\System\OseUyVl.exe
  2⤵
  PID:8740
- C:\Windows\System\qEdCMgt.exe
  C:\Windows\System\qEdCMgt.exe
  2⤵
  PID:8856
- C:\Windows\System\hfUPGIn.exe
  C:\Windows\System\hfUPGIn.exe
  2⤵
  PID:8984
- C:\Windows\System\xVqOwmc.exe
  C:\Windows\System\xVqOwmc.exe
  2⤵
  PID:9004
- C:\Windows\System\TWCSiHE.exe
  C:\Windows\System\TWCSiHE.exe
  2⤵
  PID:9052
- C:\Windows\System\xLISeMA.exe
  C:\Windows\System\xLISeMA.exe
  2⤵
  PID:9072
- C:\Windows\System\SLcvXQI.exe
  C:\Windows\System\SLcvXQI.exe
  2⤵
  PID:8204
- C:\Windows\System\DTTbKlx.exe
  C:\Windows\System\DTTbKlx.exe
  2⤵
  PID:9180
- C:\Windows\System\OeVVqjE.exe
  C:\Windows\System\OeVVqjE.exe
  2⤵
  PID:8368
- C:\Windows\System\AWErpTL.exe
  C:\Windows\System\AWErpTL.exe
  2⤵
  PID:8532
- C:\Windows\System\mcxGENu.exe
  C:\Windows\System\mcxGENu.exe
  2⤵
  PID:8604
- C:\Windows\System\yHSCTfN.exe
  C:\Windows\System\yHSCTfN.exe
  2⤵
  PID:8716
- C:\Windows\System\nMrrcRg.exe
  C:\Windows\System\nMrrcRg.exe
  2⤵
  PID:8704
- C:\Windows\System\weUBvmn.exe
  C:\Windows\System\weUBvmn.exe
  2⤵
  PID:8780
- C:\Windows\System\wNkBwgn.exe
  C:\Windows\System\wNkBwgn.exe
  2⤵
  PID:8924
- C:\Windows\System\OoaMVGC.exe
  C:\Windows\System\OoaMVGC.exe
  2⤵
  PID:9016
- C:\Windows\System\SnlSPzw.exe
  C:\Windows\System\SnlSPzw.exe
  2⤵
  PID:9132
- C:\Windows\System\zUvOYbf.exe
  C:\Windows\System\zUvOYbf.exe
  2⤵
  PID:9116
- C:\Windows\System\JIKQTvl.exe
  C:\Windows\System\JIKQTvl.exe
  2⤵
  PID:8340
- C:\Windows\System\FFzRcoq.exe
  C:\Windows\System\FFzRcoq.exe
  2⤵
  PID:8476
- C:\Windows\System\YEfPzUb.exe
  C:\Windows\System\YEfPzUb.exe
  2⤵
  PID:8432
- C:\Windows\System\txGmuJc.exe
  C:\Windows\System\txGmuJc.exe
  2⤵
  PID:8656
- C:\Windows\System\TqumvMJ.exe
  C:\Windows\System\TqumvMJ.exe
  2⤵
  PID:8672
- C:\Windows\System\hZXyMMx.exe
  C:\Windows\System\hZXyMMx.exe
  2⤵
  PID:8908
- C:\Windows\System\FEdPJwg.exe
  C:\Windows\System\FEdPJwg.exe
  2⤵
  PID:9020
- C:\Windows\System\ArRyvRB.exe
  C:\Windows\System\ArRyvRB.exe
  2⤵
  PID:9164
- C:\Windows\System\ohEfFya.exe
  C:\Windows\System\ohEfFya.exe
  2⤵
  PID:7688
- C:\Windows\System\PjcDbmK.exe
  C:\Windows\System\PjcDbmK.exe
  2⤵
  PID:8552
- C:\Windows\System\HMebHHl.exe
  C:\Windows\System\HMebHHl.exe
  2⤵
  PID:8808
- C:\Windows\System\jKVfslg.exe
  C:\Windows\System\jKVfslg.exe
  2⤵
  PID:8796
- C:\Windows\System\daStOUC.exe
  C:\Windows\System\daStOUC.exe
  2⤵
  PID:9196
- C:\Windows\System\vjsRIoH.exe
  C:\Windows\System\vjsRIoH.exe
  2⤵
  PID:8708
- C:\Windows\System\hIclZBI.exe
  C:\Windows\System\hIclZBI.exe
  2⤵
  PID:8416
- C:\Windows\System\EnssrUy.exe
  C:\Windows\System\EnssrUy.exe
  2⤵
  PID:8904
- C:\Windows\System\ahCHxCV.exe
  C:\Windows\System\ahCHxCV.exe
  2⤵
  PID:9148
- C:\Windows\System\hyxSYlU.exe
  C:\Windows\System\hyxSYlU.exe
  2⤵
  PID:8948
- C:\Windows\System\KFxqYvn.exe
  C:\Windows\System\KFxqYvn.exe
  2⤵
  PID:9236
- C:\Windows\System\hzPhliT.exe
  C:\Windows\System\hzPhliT.exe
  2⤵
  PID:9256
- C:\Windows\System\jyZUZaj.exe
  C:\Windows\System\jyZUZaj.exe
  2⤵
  PID:9272
- C:\Windows\System\vckbmkZ.exe
  C:\Windows\System\vckbmkZ.exe
  2⤵
  PID:9292
- C:\Windows\System\nYUXHFA.exe
  C:\Windows\System\nYUXHFA.exe
  2⤵
  PID:9308
- C:\Windows\System\LrhQmNy.exe
  C:\Windows\System\LrhQmNy.exe
  2⤵
  PID:9332
- C:\Windows\System\VfxnsVd.exe
  C:\Windows\System\VfxnsVd.exe
  2⤵
  PID:9352
- C:\Windows\System\OUjHvEu.exe
  C:\Windows\System\OUjHvEu.exe
  2⤵
  PID:9376
- C:\Windows\System\YBenrRT.exe
  C:\Windows\System\YBenrRT.exe
  2⤵
  PID:9392
- C:\Windows\System\eKECCmK.exe
  C:\Windows\System\eKECCmK.exe
  2⤵
  PID:9408
- C:\Windows\System\JwmKlzo.exe
  C:\Windows\System\JwmKlzo.exe
  2⤵
  PID:9428
- C:\Windows\System\GmUichj.exe
  C:\Windows\System\GmUichj.exe
  2⤵
  PID:9444
- C:\Windows\System\qQchfMK.exe
  C:\Windows\System\qQchfMK.exe
  2⤵
  PID:9464
- C:\Windows\System\FvqIHCl.exe
  C:\Windows\System\FvqIHCl.exe
  2⤵
  PID:9492
- C:\Windows\System\xXtEKVy.exe
  C:\Windows\System\xXtEKVy.exe
  2⤵
  PID:9512
- C:\Windows\System\HfpLIrm.exe
  C:\Windows\System\HfpLIrm.exe
  2⤵
  PID:9528
- C:\Windows\System\nsEQSpy.exe
  C:\Windows\System\nsEQSpy.exe
  2⤵
  PID:9544
- C:\Windows\System\aeExGnA.exe
  C:\Windows\System\aeExGnA.exe
  2⤵
  PID:9560
- C:\Windows\System\vkeoQYx.exe
  C:\Windows\System\vkeoQYx.exe
  2⤵
  PID:9596
- C:\Windows\System\aaGSafP.exe
  C:\Windows\System\aaGSafP.exe
  2⤵
  PID:9616
- C:\Windows\System\vDxGQCA.exe
  C:\Windows\System\vDxGQCA.exe
  2⤵
  PID:9632
- C:\Windows\System\WmWKjAm.exe
  C:\Windows\System\WmWKjAm.exe
  2⤵
  PID:9648
- C:\Windows\System\WfBSUIA.exe
  C:\Windows\System\WfBSUIA.exe
  2⤵
  PID:9664
- C:\Windows\System\LlVyBYO.exe
  C:\Windows\System\LlVyBYO.exe
  2⤵
  PID:9684
- C:\Windows\System\DIvZJlD.exe
  C:\Windows\System\DIvZJlD.exe
  2⤵
  PID:9700
- C:\Windows\System\LTtjuvq.exe
  C:\Windows\System\LTtjuvq.exe
  2⤵
  PID:9720
- C:\Windows\System\DBzdRhC.exe
  C:\Windows\System\DBzdRhC.exe
  2⤵
  PID:9736
- C:\Windows\System\CAgJFst.exe
  C:\Windows\System\CAgJFst.exe
  2⤵
  PID:9768
- C:\Windows\System\nbJbHXN.exe
  C:\Windows\System\nbJbHXN.exe
  2⤵
  PID:9796
- C:\Windows\System\CyuPyuN.exe
  C:\Windows\System\CyuPyuN.exe
  2⤵
  PID:9820
- C:\Windows\System\kARiLLy.exe
  C:\Windows\System\kARiLLy.exe
  2⤵
  PID:9836
- C:\Windows\System\OymLvwB.exe
  C:\Windows\System\OymLvwB.exe
  2⤵
  PID:9860
- C:\Windows\System\KUxAhLk.exe
  C:\Windows\System\KUxAhLk.exe
  2⤵
  PID:9876
- C:\Windows\System\NgSeRCb.exe
  C:\Windows\System\NgSeRCb.exe
  2⤵
  PID:9900
- C:\Windows\System\ySbZMTj.exe
  C:\Windows\System\ySbZMTj.exe
  2⤵
  PID:9916
- C:\Windows\System\KDHwKUJ.exe
  C:\Windows\System\KDHwKUJ.exe
  2⤵
  PID:9940
- C:\Windows\System\wDGUQWY.exe
  C:\Windows\System\wDGUQWY.exe
  2⤵
  PID:9956
- C:\Windows\System\ALoWQDf.exe
  C:\Windows\System\ALoWQDf.exe
  2⤵
  PID:9976
- C:\Windows\System\BVCWGkq.exe
  C:\Windows\System\BVCWGkq.exe
  2⤵
  PID:9992
- C:\Windows\System\cNpeQkO.exe
  C:\Windows\System\cNpeQkO.exe
  2⤵
  PID:10020
- C:\Windows\System\djRgeNy.exe
  C:\Windows\System\djRgeNy.exe
  2⤵
  PID:10036
- C:\Windows\System\ZWTYLjl.exe
  C:\Windows\System\ZWTYLjl.exe
  2⤵
  PID:10060
- C:\Windows\System\ncLRkUQ.exe
  C:\Windows\System\ncLRkUQ.exe
  2⤵
  PID:10076
- C:\Windows\System\IuFVgML.exe
  C:\Windows\System\IuFVgML.exe
  2⤵
  PID:10092
- C:\Windows\System\zjrPtMs.exe
  C:\Windows\System\zjrPtMs.exe
  2⤵
  PID:10116
- C:\Windows\System\EElWcCo.exe
  C:\Windows\System\EElWcCo.exe
  2⤵
  PID:10136
- C:\Windows\System\udMxyBQ.exe
  C:\Windows\System\udMxyBQ.exe
  2⤵
  PID:10156
- C:\Windows\System\VhVcTkN.exe
  C:\Windows\System\VhVcTkN.exe
  2⤵
  PID:10176
- C:\Windows\System\DzEiSjG.exe
  C:\Windows\System\DzEiSjG.exe
  2⤵
  PID:10192
- C:\Windows\System\qNRvmxf.exe
  C:\Windows\System\qNRvmxf.exe
  2⤵
  PID:10220
- C:\Windows\System\jZAbdKM.exe
  C:\Windows\System\jZAbdKM.exe
  2⤵
  PID:10236
- C:\Windows\System\AHOISky.exe
  C:\Windows\System\AHOISky.exe
  2⤵
  PID:9232
- C:\Windows\System\gnCeKnh.exe
  C:\Windows\System\gnCeKnh.exe
  2⤵
  PID:9220
- C:\Windows\System\lCBoLGK.exe
  C:\Windows\System\lCBoLGK.exe
  2⤵
  PID:9288
- C:\Windows\System\guJsnSS.exe
  C:\Windows\System\guJsnSS.exe
  2⤵
  PID:9268
- C:\Windows\System\FpqaIWn.exe
  C:\Windows\System\FpqaIWn.exe
  2⤵
  PID:9344
- C:\Windows\System\qDwReIb.exe
  C:\Windows\System\qDwReIb.exe
  2⤵
  PID:9404
- C:\Windows\System\SoDvEpN.exe
  C:\Windows\System\SoDvEpN.exe
  2⤵
  PID:9424
- C:\Windows\System\bpHmBKP.exe
  C:\Windows\System\bpHmBKP.exe
  2⤵
  PID:9460
- C:\Windows\System\zmjoNkp.exe
  C:\Windows\System\zmjoNkp.exe
  2⤵
  PID:9476
- C:\Windows\System\YOoaWvZ.exe
  C:\Windows\System\YOoaWvZ.exe
  2⤵
  PID:9508
- C:\Windows\System\iUqLoiT.exe
  C:\Windows\System\iUqLoiT.exe
  2⤵
  PID:9536
- C:\Windows\System\CouogQM.exe
  C:\Windows\System\CouogQM.exe
  2⤵
  PID:9604
- C:\Windows\System\qgooZsk.exe
  C:\Windows\System\qgooZsk.exe
  2⤵
  PID:9608
- C:\Windows\System\aQHiBdc.exe
  C:\Windows\System\aQHiBdc.exe
  2⤵
  PID:9680
- C:\Windows\System\DsndIlg.exe
  C:\Windows\System\DsndIlg.exe
  2⤵
  PID:9716
- C:\Windows\System\aPIWZdI.exe
  C:\Windows\System\aPIWZdI.exe
  2⤵
  PID:9628
- C:\Windows\System\cTFseYk.exe
  C:\Windows\System\cTFseYk.exe
  2⤵
  PID:9728
- C:\Windows\System\dGIwmeT.exe
  C:\Windows\System\dGIwmeT.exe
  2⤵
  PID:9788
- C:\Windows\System\uJPodPt.exe
  C:\Windows\System\uJPodPt.exe
  2⤵
  PID:9816
- C:\Windows\System\TAfLJFL.exe
  C:\Windows\System\TAfLJFL.exe
  2⤵
  PID:9844
- C:\Windows\System\mMubHWZ.exe
  C:\Windows\System\mMubHWZ.exe
  2⤵
  PID:9896
- C:\Windows\System\hIqglxf.exe
  C:\Windows\System\hIqglxf.exe
  2⤵
  PID:9932
- C:\Windows\System\nUOIgtg.exe
  C:\Windows\System\nUOIgtg.exe
  2⤵
  PID:9936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AuwCJZZ.exe

Filesize
6.0MB

MD5
4efbfaa04a4b1701f0654cb286a0e288

SHA1
5709d121ec4438ebf7e50ef9df5f080d739416f7

SHA256
7883c250425879a775ace82c2290a1fa2fadebd0ec11e30220deb30e626b875f

SHA512
f8f1a53784ce27535c3e2e8b1ed58c965a76619970edf8b31a104e3d776a86d4df5f07650101cc25db7bda8e057a3068cfa5abb80ef287f5f6dd5630f5472e56

Download Submit
C:\Windows\system\GAtfBeL.exe

Filesize
6.0MB

MD5
330cafdee189b3b45a848bd21a961a19

SHA1
ede1ad404b41f0b58b0e8e8484d071721d4e2d7d

SHA256
90f7de71dc1adb60524dfd52e32d1dbe7996c303093b1a4cf54865330718d2f3

SHA512
891530d0ff5ff59c6f0c1a143213b6e109d60181c72af6ae34fa918663a0b5b2c8db23db917b531d55548cf2daa319f028637ac04821df49babfda09f3bacf86

Download Submit
C:\Windows\system\GIiJLie.exe

Filesize
6.0MB

MD5
359d1ae3f3196e0f1251a75ffe49e088

SHA1
dedd4790604fca80225b8ce4320d241d47843111

SHA256
fa5029ef510ebc704d8ad72f0f4e0e1c4a0d9f114514515654f8382359dec1b1

SHA512
52f6f2dc079b3ca3e9a8737848c9c76f888aae1dc87d0164cc8550ac642283a5f6216c791b9c388c7a42c34680ce261d24d503a6c06480d67922167b5dbe3f96

Download Submit
C:\Windows\system\GsIuhwn.exe

Filesize
6.0MB

MD5
e65e9bc8bba06f652dca000c25ea8185

SHA1
1219bf550915dbe4ba02292e4c3a5be44140541b

SHA256
510e078e08d5b2e22acb59b7a9910f5bae86b0c22807f7546cc9a54bb503fe03

SHA512
09a0c245bb88601ef2bbd37a2eefb8811727e975f310f2dd09ff0bc7b14045610fddf7d2478995309313c5ba107122a8d498ea9db688b3cf225592089521afac

Download Submit
C:\Windows\system\IwRXoTo.exe

Filesize
6.0MB

MD5
487a9d309abead85b0998001af5b95c0

SHA1
74b75e9289ea2e009dc659326384eee87588f623

SHA256
a4eb825315a3d5b3959ab92d1be258e75778dac41f74f0473d57966cd3775f2b

SHA512
44446a5b013c3aa1073640f11e2ba6a1a48f200948525ef384d6a9c67c3e3e56cab94d6464662294cbe68a626b83bd9d6c77485e49a19a03c070f57536bb3183

Download Submit
C:\Windows\system\MnYCVLQ.exe

Filesize
6.0MB

MD5
10eaeffed331819353d92a527a447f04

SHA1
950408330c9f0c0d004cdb6e69590c448ab34c47

SHA256
035fe8319aaac1043d67b10567c0d80d0d311b40ea90c73c1c2145b2091355b8

SHA512
380afa566bbf419b6389dd351d2bbdfc3dfbe3ace9000467b96e1b377d80e5d58a588f7ab540cabfaafffe0bb3d4054e664b8c167bd86eab599e0d43261d34c3

Download Submit
C:\Windows\system\QDEsOGd.exe

Filesize
6.0MB

MD5
ed7bf0a5c32e35d6ff9fc54569f7cfa5

SHA1
ea3c0785cb4a4524ee61dc76a06f50070772065b

SHA256
634d2d9891b808f4b0bdc7fffb1ac1da84c67be7020fcdcee8f37bdd3d6d06dc

SHA512
ce2b9007cc31abeecee8522dfeb190039e3189060c8f44af686e9c765fe6bbb0a1ffa19fa9e991a6019d935d0daeb1b91e1fd0a7b5093cd055c1d17509961b9e

Download Submit
C:\Windows\system\QldFtVI.exe

Filesize
6.0MB

MD5
f844e8b3ea67dbabdbd07786fbc1b6b9

SHA1
efad05b041b379082e41e9059126de50f2281324

SHA256
eeb1f8d619d549ed4f437e41ad92876a7a66b58ebae28f718e427cd65019c076

SHA512
22c99bd61be8229d54d57f33de2a51d65c7cc8f6dc7fb341236b3fcc73ce605632ae86f6b012fea0e26ed5f569829ea6aa9c4740a90d5d97fac848d810b20e6b

Download Submit
C:\Windows\system\QsqVSBB.exe

Filesize
6.0MB

MD5
017af7398fbc5a81360e2c372e3c7990

SHA1
332baa4977a624aeb90e855622ca0454e12357ed

SHA256
92c7dc13360db5248c9bc48348b59a41a56312edadd3b9b0251be85f4d5e5954

SHA512
0b08b1983e150a64cb56fe71a5a33a51a95c21b9842e78e8d946033c600d547f2c92e1e9fbc58ac9aabc4ab317888ed518169786c01c80d059f78fc5d5cbc988

Download Submit
C:\Windows\system\UqlvKAQ.exe

Filesize
6.0MB

MD5
c81b60bfe114a51eff524b6b1e71c474

SHA1
139121d3ab84bdf54afbf7fa44380be713b5ebcd

SHA256
a71a788ff7f48115ff6c3271f1e4281b5d952c708d21573145d6a08121221b45

SHA512
c18775f9a12c4d7940b9edf1538ca398dd0a563eaf01a6220bd1d517cee014c50b2ab3444833f224c821f2a533207278e4bacbd1bcd8f5876574cb25ca4202f0

Download Submit
C:\Windows\system\YNreilG.exe

Filesize
6.0MB

MD5
25e19c6764b452431c126db335ead994

SHA1
d80d0bc267e3d30d0cb0a4d39dcde1d877ed5b30

SHA256
76ecdb6433683d79a09519257e90bb6fb6c6e42d5a500c437e9fb0eb9d9c7cc5

SHA512
b80ba78990ca3b46a3efa4d47718a585f67f27096770ce01de4c92531553ff15291b45cdba87bb316a16295259e00b8af1c533a72b9bb7fba093bc057cdce128

Download Submit
C:\Windows\system\ZLqvNWO.exe

Filesize
6.0MB

MD5
696b217a2e2de2e0e3730baffd080d98

SHA1
5edf69f8a09222db1b16dd3aaced1e01b8f700ef

SHA256
ea3a64246eb7b2feb634d383e7cb3e8edb9e5b0f64ba2941547087dce874c6f8

SHA512
71d61213dc52dfb1bf99281b0b28759cb68632e950a4a103f16601da90c0c176e2f74ff1fc1d6dcc549232d1d9ef4ebfc52379977946b184423a1c33f840fe48

Download Submit
C:\Windows\system\aYgHteU.exe

Filesize
6.0MB

MD5
fefdb89f93d8ed074ea46f13db1b06db

SHA1
e55e70293047ef088fa626555a92807f9c2ae065

SHA256
ddc5dd08e3276adc09e576d884cce0b9ffcc8803f3aec0cd0bf875d7fd9fd360

SHA512
641de26e9fccfca07ae7a391a26c2daeab2e29212ec061358cbc8d9bd10489b8024c7984251a282d92b2c4b105fd0f87b87a84a2612c8a7682a4ed83e379c0ff

Download Submit
C:\Windows\system\cPLtULn.exe

Filesize
6.0MB

MD5
b11ba3a04aa7fdfbdae5e97ea8cad334

SHA1
4d2d77f15b1b40f7e79da24945f1c9e64d92bcaa

SHA256
6603efe67059c5e6c6e27ffab8ef1efb6cdda9bb0ab2e17f5d40ac5af71201a4

SHA512
1f1281d7bfe609e2b960e3a4f1d483f62f06513e0889211eaafdc29c39e6af396fba302991e5353c850b1725cfab0eaaa54d66245e30f6dbf86a76e3223566ff

Download Submit
C:\Windows\system\chGPOOZ.exe

Filesize
6.0MB

MD5
263923dbecf47a788905ce87dae199e8

SHA1
e9b3def2122521c5a8b801d6c552d3eedc6d0459

SHA256
bc54f01044da0abef8efb8fd544297e5b9e5070cdaf3a98c77b2b87470dc07d6

SHA512
59500cb57ced081c2d3f28c666f44246d607e2f23bd7c2ab74a03ac00b7684147d2b39319145737dd2734bb70508ed630539c53c86cbb0d54afbdfa66d5da7f2

Download Submit
C:\Windows\system\ftUVxSp.exe

Filesize
6.0MB

MD5
202b4d72cc7a7c1885fc399cff5eeff2

SHA1
1f1cb89ad903351a392535e6f0d284590dbbf2ca

SHA256
438fdffcb3ccc433ba4c1ee3917d0ea95b0d00a49153f285cb10b4f89ec69f31

SHA512
bd0f36976833208e72cbbff52aa199f8020928de5f6c68e086d9ae04ea71e92452635dfbd2a9f9e52f7af4453305141173519ab60d625c5116adcc7f372ebf54

Download Submit
C:\Windows\system\gzCEdQN.exe

Filesize
6.0MB

MD5
6f1f305e18c8f6f197493922f1a617fc

SHA1
56b69501a4c0ef5cd0d866c801432dd54637183e

SHA256
136d429c5bec0af44007249be1c98661b5c813f7117649a532058e3b9f27f0c7

SHA512
e3161c392c7f266fc3bdc920d7c4cbdfbe92e96e565da5c5a84feadb357e0f3e6717cb30a3726b6910c9b37fc0de69569d50ab7a350ade9ff0718a8cf1057de9

Download Submit
C:\Windows\system\ijRSSao.exe

Filesize
6.0MB

MD5
95d2ede54fa6a5421cc024b99411eb4c

SHA1
9cba3e5953dd315c61affb5914ecfb730013e1ab

SHA256
4b90794d352911ea4ef47ea669e0430fa403d8f2a24c81a3d2023c1103cafd35

SHA512
721f9d4fc6162a31b823880534aaa6fb5ed1d1ff3e40ab3e5014dec3b14feff0d13bcbdc3296ccf935359f5519479cf6a67d9a975b2b668706047318e0d3a8bb

Download Submit
C:\Windows\system\lobSwrD.exe

Filesize
6.0MB

MD5
97d85f13d3153684a1ea2510be05eae6

SHA1
5834a693f9e8c0652b08a0f13d78377974cdfddd

SHA256
ae832a1566f21cd3288c25a32cdb1ba150346d8e9a0701d2bf49ba0ec891150e

SHA512
cb5bbf2dd8b0f98db76934978b01933f2b322985fd5b1d7467cbdcc796881d5b80d749e79a6adbe56f731df27b6c8ed6577f6a93a64e605b4142e0367a189e0a

Download Submit
C:\Windows\system\nGqbvde.exe

Filesize
6.0MB

MD5
90985fb7fd23c64d59e67264b38579ea

SHA1
f3e84bf251868336ce9efceeb9615e96b2fe04d2

SHA256
9b248a7421b18066922d6989195c1e19af73e90bd0f7fc389e123fdd096ef7fa

SHA512
b91b9d6daf54f44b927b864dd4113c6aad58a6226005e23032449e000720c66d27292dedde59756a356da18c4a15a7ee1dec21a4251e482bfc7163a9d645f9b2

Download Submit
C:\Windows\system\pXwWuGI.exe

Filesize
6.0MB

MD5
fc7490845775aaae692a97762de2cd4f

SHA1
0d2e96343dbfae166f7998e958afc73be050e6f3

SHA256
7fd0924bb9233add1b9a54ebcc3244531a51bd224d7cb8bed6dec7165496126d

SHA512
2a0a01ec19a46fd3166673f2dcb70754b1671fdab5e274d46e2876188a19b12dff22b9796f1012331ebc6b7e71a7af8bd7361dc66a48f79ed7952561e0bb632c

Download Submit
C:\Windows\system\qnGImCn.exe

Filesize
6.0MB

MD5
44496fc240efa893bbbca2243aea537d

SHA1
9acd030e7e0b728ced089c8dddc8ee5861116861

SHA256
ed02bba5acab52e11219c05e3cdf72f283cd22ecdfc40b33740d94720ab684b5

SHA512
7ca55528e03838c3bb316e54c9819113d3fb575522f4c056119ee29c57bc8db46198af33f20d037e298b66f1d32e68d5ef9442092b3eb3408be5064c7f90f719

Download Submit
C:\Windows\system\stzgwdf.exe

Filesize
6.0MB

MD5
1efbf3bfcf3e9c2fb888d6262c923692

SHA1
aada6930b4b01793b36ae182071aaef97677574c

SHA256
cb627083091c49807cc4f71cb2f83b12d3a62163b4cd9c5f6473ec349846dcca

SHA512
402b0b6d0403c1ad8bb2fcd333ba7480e84886c32d98fbe7f4cd3beee4a7d6da1c8f697546a9b6cf0878e3ffdc0aecda1f488c1716df9ddcb9d33b6d6dfb9eb0

Download Submit
C:\Windows\system\uoykApH.exe

Filesize
6.0MB

MD5
58fbd62999a1c792b607bd2e07ad9a2c

SHA1
c162ca5e29b32e306f353bd6fcf404d636b58d92

SHA256
d583e4699ae92155b7d6561eeb5af4564df30c3669d7b5b0955f954a253b20d9

SHA512
b2b50af95316d01f15ab6df2d954a26a9cfab50544fdeee9fc6cf826bab5fb568a9fa9b9770f4f03ff1045a4e4750aa997fdcd9e53236708b5312e71a352a1c8

Download Submit
\Windows\system\DRgcXXj.exe

Filesize
6.0MB

MD5
1e1f647c02776f6f041b8804934be76d

SHA1
448b03fc14154196fef4686d91deabc1d561e9df

SHA256
85f78bec904cd7f239ea2ec74d092f73901e888bb3eaf0a9810e8ffde7e42b1b

SHA512
abf4bb3d6ca57be7c85d725e290c87ab237f59c68ef2811e9b9ae4bbf381d0da8a95c8ae655afb9e368872884f2ff4b63d5847bc246c528109598c56df960240

Download Submit
\Windows\system\UNLMWET.exe

Filesize
6.0MB

MD5
83190e58e25ded87e9edcd4adee12e2e

SHA1
19e7c1aff51b85b1d4d19af308a9e1244e60e3a2

SHA256
ce0976dc08e9cd4601b4fac0c7a1d7f8d6c7ed3bc8dd14388c90498e9c5e0e07

SHA512
842833c9191b3e6c3106d76efbadd31f1024ec9444c1e3bbe05a72e7faa0b29fb6d846210bea9ec8162f113d92a22f0473dcc1862a07321ac445790411702b47

Download Submit
\Windows\system\ZBOcaOo.exe

Filesize
6.0MB

MD5
8e37f86a3e570e4c90c72a0b9876137e

SHA1
db01e233d7b7d337a5271ae5b955d5ad011da5a4

SHA256
bd0577e33faf45be8ab4e7f2dccd40b81e9cdea9f12973d48f6f7e629c4ad50f

SHA512
212d3d7dc4cb214f0309ce3a59d79e86b9131d48d57f8155f487ff0522bf535b046474ae047ddb509ad3668d969ee9a784b363a55a39045c3925116f71a6dc9a

Download Submit
\Windows\system\clIGgpT.exe

Filesize
6.0MB

MD5
1cf5650dc4181e676a09787b0dbd1770

SHA1
2c73a5953c68177cd20d1edd971358b8aa8f8d0d

SHA256
e8ea1569e867911b6956b141b98ae401d6e5386496b5431246a2be967bbaa7b2

SHA512
193faafd5655ecdd564b8ac2f65eb55f1a7d23c845088beab50b87d8742c1169af5a8e10b9d5e15a4f7e46a19f8cbfe25c728d221d24f44485b7765e0b549855

Download Submit
\Windows\system\fsepivb.exe

Filesize
6.0MB

MD5
81907db553d4c0f8d98f43bce19c9424

SHA1
adec8b27d288c185759c962991d9caf64115ae06

SHA256
24469993d583d5eeac50c6f9781a66389f89b5d5cf83b4b3ca0b6abd368475c7

SHA512
549305db9d469fbf4078bc501b3f3c51cf503ba76f4d697bc7e84e163cd2fa36f5611f709421652d33fbc16ba6b16ea97e7d3cbc9eaac62bf0d1f0e3d84c2053

Download Submit
\Windows\system\kGVQmCA.exe

Filesize
6.0MB

MD5
c90ecfb59a0e50f11cdc347081a3ec25

SHA1
90f1b6f2385868196b964ec6ce6ecfaccd7a220e

SHA256
b7010c65ac2e41395fd35f62fc995e7186da9e93e1a28bf0c53556e2d7f7afec

SHA512
3cb21d9b0c9ca36044ff13a55d27092ddab29316ef6abe7e15d25541bf19d6047d8e45cd8118214178d06b713fa9df2bf5b0e6d51902108621e1843135ed9d82

Download Submit
\Windows\system\nPfITxJ.exe

Filesize
6.0MB

MD5
f1d1e33b475a038368aceda110eabe16

SHA1
c4ee09f241b00e627ab24e42f5e2818c57a353d2

SHA256
f42f978e40a9107917229085c0134a70eea6874ffddce0a4a03f7db4edbb3d1d

SHA512
57a4e8030bccffaf71f437d336c8dac3d14dc24a26f64b8f04804f9c1fbb37d17366c0360f25cb8841244b64d03e9c35813829321b60246d402f06e8acc35054

Download Submit
\Windows\system\xtbnQiz.exe

Filesize
6.0MB

MD5
c00901c8dbb08e5eb392f61a53c4fe22

SHA1
6c2f0eb3669dfc26776df9ff3a938ad13262387c

SHA256
293115b14462d3bbdfce7846df5da9b2f9676daa49b88f5ad9587669e0157381

SHA512
6fbf279dabf3bd5e2daa21097b1a0589d801c417757e8e5726bf3709ffbf64f8fa2d3b984fec3ad62c21ca931ed042e235c2ff7fcb620bff1a372968695d4228

Download Submit
memory/1240-1036-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1240-66-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/1240-85-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2132-71-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-58-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-978-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-180-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1306-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-91-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-79-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1293-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-958-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2676-50-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2748-1035-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2748-78-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2748-60-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2780-31-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-634-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-13-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-544-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-22-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-41-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2812-65-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2812-814-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2812-40-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2880-15-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2880-543-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2904-36-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-26-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1-0x0000000000710000-0x0000000000720000-memory.dmp

Filesize
64KB

Download
memory/2904-163-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2904-69-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2904-56-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-76-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-0-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-46-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2904-6-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-107-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-101-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2904-37-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2904-83-0x000000013F8F0000-0x000000013FC44000-memory.dmp

Filesize
3.3MB

Download
memory/2904-16-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-62-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2904-96-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2904-18-0x000000013FC50000-0x000000013FFA4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-93-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-24-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2944-32-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2944-743-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2984-99-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2984-2211-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/3028-104-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/3028-2199-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/3068-90-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/3068-164-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/3068-2205-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download