cobaltstrike | 0853c0899be10c613fad8a30575a591d4269085097bbc49b14b23eda457595cf

Analysis

max time kernel
150s
max time network
22s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 12:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

554cfcef4294bf5fd6b2d0578f9caecc
SHA1

2c5a761c343049e8340ba1c8f23b838d0c24689f
SHA256

0853c0899be10c613fad8a30575a591d4269085097bbc49b14b23eda457595cf
SHA512

745110d588c424be77278e6b4c5b31087b888229dec641c4b6f0efbfe19d0a6d1135e199cb65b31f2263a7e9797e62fe52fc90c4e9168e88a1674328582e2d31
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0012000000016d3f-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fc9-26.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756e-45.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756b-38.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-86.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-196.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-139.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-78.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-71.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-63.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-57.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000170f8-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d69-17.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1684-0-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-3.dat	xmrig
behavioral1/memory/2272-9-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0012000000016d3f-11.dat	xmrig
behavioral1/memory/2888-22-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0008000000016fc9-26.dat	xmrig
behavioral1/files/0x000700000001756e-45.dat	xmrig
behavioral1/files/0x000700000001756b-38.dat	xmrig
behavioral1/memory/1684-66-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2888-68-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2556-73-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c3-90.dat	xmrig
behavioral1/files/0x00050000000195c1-86.dat	xmrig
behavioral1/files/0x00050000000195c7-113.dat	xmrig
behavioral1/files/0x000500000001960c-118.dat	xmrig
behavioral1/files/0x0005000000019820-144.dat	xmrig
behavioral1/files/0x0005000000019bf5-155.dat	xmrig
behavioral1/files/0x0005000000019bf9-162.dat	xmrig
behavioral1/memory/1648-1317-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2912-1325-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2888-1326-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2852-1328-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2328-1329-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2156-1327-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/2556-1330-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/1576-1332-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/1624-1334-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/1640-1335-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2184-1333-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2860-1331-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2976-1278-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/2272-1215-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fd4-196.dat	xmrig
behavioral1/files/0x0005000000019e92-191.dat	xmrig
behavioral1/files/0x0005000000019d6d-186.dat	xmrig
behavioral1/files/0x0005000000019d62-181.dat	xmrig
behavioral1/memory/2556-178-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d61-175.dat	xmrig
behavioral1/files/0x0005000000019c3c-169.dat	xmrig
behavioral1/files/0x0005000000019bf6-159.dat	xmrig
behavioral1/files/0x000500000001998d-149.dat	xmrig
behavioral1/files/0x00050000000197fd-139.dat	xmrig
behavioral1/files/0x0005000000019761-134.dat	xmrig
behavioral1/memory/1684-126-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-129.dat	xmrig
behavioral1/files/0x0005000000019643-123.dat	xmrig
behavioral1/memory/1640-109-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-101.dat	xmrig
behavioral1/memory/1684-100-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2184-99-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/1624-97-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2156-96-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-105.dat	xmrig
behavioral1/memory/1576-82-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bd-78.dat	xmrig
behavioral1/files/0x000600000001932a-71.dat	xmrig
behavioral1/memory/2860-67-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2852-59-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2976-65-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x00080000000186b7-63.dat	xmrig
behavioral1/files/0x0002000000018334-57.dat	xmrig
behavioral1/memory/2912-51-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2272-44-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/2156-42-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2272	hWJDfDW.exe
2976	BKCzEUt.exe
2888	lKIUOhk.exe
2328	gYVWeoc.exe
1648	nrgpotX.exe
2156	AwGMKGT.exe
2912	hcDacCG.exe
2852	lnqQEFn.exe
2860	IdflBuC.exe
2556	AkaktuU.exe
1576	BKjiSZN.exe
1624	LZkjQJV.exe
2184	NPgeMjA.exe
1640	kyEOrlA.exe
3012	phGYcDM.exe
3048	BZZAoNk.exe
2176	pumCxFV.exe
2028	KEmjJkQ.exe
3032	WaNCvPK.exe
2236	TIFvFNG.exe
304	vbBHGsk.exe
1112	QWtlDLq.exe
676	eoiBVsH.exe
2472	nhaskxa.exe
2476	LMoJKTd.exe
1956	ndDXMYl.exe
1060	jBMOUaA.exe
584	kLodAyt.exe
956	AzJWgky.exe
1952	lQzzhRf.exe
1532	tVrwXwE.exe
1804	bboGAfl.exe
2104	ghLqPPf.exe
1596	aPquQCr.exe
1436	OCWAmCz.exe
1616	HTeIcHH.exe
236	PvAAUJl.exe
1620	cHTRbnP.exe
756	kjefUCk.exe
1716	YypDQXo.exe
2136	ZpXwYHd.exe
1004	DuSDfNN.exe
1564	xmiKXmm.exe
1020	AOJsFwG.exe
1536	AMvcRaJ.exe
1724	EVErEqI.exe
2572	lntIgFr.exe
1696	WPaocGq.exe
2848	uURkMvk.exe
1016	TIAqTax.exe
3064	DbyImzl.exe
3000	hDDCRFR.exe
2844	xzSNXVU.exe
2736	CWWWBBc.exe
2404	PVNyEHA.exe
1868	xxYCNDx.exe
1068	NAwUkIZ.exe
2872	GgHhPFS.exe
2804	cyiEsrB.exe
1096	LNEfZTO.exe
1784	uTkVpSd.exe
2840	oZDHfEK.exe
1968	iDnAwUJ.exe
1752	NKOGWFl.exe

Loads dropped DLL 64 IoCs

pid	Process
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1684-0-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x000c000000012262-3.dat	upx
behavioral1/memory/2272-9-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0012000000016d3f-11.dat	upx
behavioral1/memory/2888-22-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0008000000016fc9-26.dat	upx
behavioral1/files/0x000700000001756e-45.dat	upx
behavioral1/files/0x000700000001756b-38.dat	upx
behavioral1/memory/2888-68-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2556-73-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x00050000000195c3-90.dat	upx
behavioral1/files/0x00050000000195c1-86.dat	upx
behavioral1/files/0x00050000000195c7-113.dat	upx
behavioral1/files/0x000500000001960c-118.dat	upx
behavioral1/files/0x0005000000019820-144.dat	upx
behavioral1/files/0x0005000000019bf5-155.dat	upx
behavioral1/files/0x0005000000019bf9-162.dat	upx
behavioral1/memory/1648-1317-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2912-1325-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2888-1326-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2852-1328-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2328-1329-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2156-1327-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/2556-1330-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/1576-1332-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/1624-1334-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/1640-1335-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2184-1333-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2860-1331-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2976-1278-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2272-1215-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x0005000000019fd4-196.dat	upx
behavioral1/files/0x0005000000019e92-191.dat	upx
behavioral1/files/0x0005000000019d6d-186.dat	upx
behavioral1/files/0x0005000000019d62-181.dat	upx
behavioral1/memory/2556-178-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/files/0x0005000000019d61-175.dat	upx
behavioral1/files/0x0005000000019c3c-169.dat	upx
behavioral1/files/0x0005000000019bf6-159.dat	upx
behavioral1/files/0x000500000001998d-149.dat	upx
behavioral1/files/0x00050000000197fd-139.dat	upx
behavioral1/files/0x0005000000019761-134.dat	upx
behavioral1/files/0x000500000001975a-129.dat	upx
behavioral1/files/0x0005000000019643-123.dat	upx
behavioral1/memory/1640-109-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-101.dat	upx
behavioral1/memory/2184-99-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/1624-97-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2156-96-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x00050000000195c6-105.dat	upx
behavioral1/memory/1576-82-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x00050000000195bd-78.dat	upx
behavioral1/files/0x000600000001932a-71.dat	upx
behavioral1/memory/2860-67-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2852-59-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2976-65-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x00080000000186b7-63.dat	upx
behavioral1/files/0x0002000000018334-57.dat	upx
behavioral1/memory/2912-51-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2272-44-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2156-42-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/1648-37-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2328-29-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/1684-35-0x000000013F200000-0x000000013F554000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\JsJFnFT.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UQLTbKJ.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGpqhKW.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PrjiRGm.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQcYTnK.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZDHfEK.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBpAmXR.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlLCxLu.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwLPGDL.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WEYuVCz.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBtWktW.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJCsdjs.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyNuhsx.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KxiKyiU.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxnlKMf.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgzUKkM.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgwNbpR.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ebRDMQS.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AOJsFwG.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtYycHo.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBBIPho.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uKHjhur.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbhmFts.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fChOHgJ.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAptrsR.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZstWBxX.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NVnGAIS.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SJAzizv.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IRyMtkT.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzWhVMw.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwRUfrO.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KrMgdID.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AAMgiCU.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\poYUWtS.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swYaZCV.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xqustpu.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLLWPGm.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNIGgAr.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qnSAaEO.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZdflzx.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhHqUNi.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvfsBPN.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMgZfSK.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DntshOl.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNvQfve.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkgIBSv.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Emztusu.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EUjfsXS.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VPjCcHm.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWwQQQJ.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVxwfXR.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wryHgtU.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BEAYDHL.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjHeTkw.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XnJWmyd.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pTijgLz.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyPVhDl.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqCYluI.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UHpyipT.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sbmEPuK.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JXJuMIl.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTQnvdx.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KFhnnBe.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGLLyPn.exe	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2272	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1684 wrote to memory of 2272	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1684 wrote to memory of 2272	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1684 wrote to memory of 2888	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1684 wrote to memory of 2888	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1684 wrote to memory of 2888	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1684 wrote to memory of 2976	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1684 wrote to memory of 2976	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1684 wrote to memory of 2976	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1684 wrote to memory of 2328	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1684 wrote to memory of 2328	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1684 wrote to memory of 2328	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1684 wrote to memory of 1648	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1684 wrote to memory of 1648	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1684 wrote to memory of 1648	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1684 wrote to memory of 2156	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1684 wrote to memory of 2156	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1684 wrote to memory of 2156	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1684 wrote to memory of 2912	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1684 wrote to memory of 2912	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1684 wrote to memory of 2912	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1684 wrote to memory of 2852	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1684 wrote to memory of 2852	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1684 wrote to memory of 2852	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1684 wrote to memory of 2860	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1684 wrote to memory of 2860	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1684 wrote to memory of 2860	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1684 wrote to memory of 2556	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1684 wrote to memory of 2556	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1684 wrote to memory of 2556	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1684 wrote to memory of 1576	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1684 wrote to memory of 1576	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1684 wrote to memory of 1576	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1684 wrote to memory of 1624	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1684 wrote to memory of 1624	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1684 wrote to memory of 1624	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1684 wrote to memory of 2184	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1684 wrote to memory of 2184	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1684 wrote to memory of 2184	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1684 wrote to memory of 1640	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1684 wrote to memory of 1640	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1684 wrote to memory of 1640	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1684 wrote to memory of 3012	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1684 wrote to memory of 3012	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1684 wrote to memory of 3012	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1684 wrote to memory of 3048	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1684 wrote to memory of 3048	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1684 wrote to memory of 3048	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1684 wrote to memory of 2176	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1684 wrote to memory of 2176	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1684 wrote to memory of 2176	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1684 wrote to memory of 2028	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1684 wrote to memory of 2028	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1684 wrote to memory of 2028	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1684 wrote to memory of 3032	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1684 wrote to memory of 3032	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1684 wrote to memory of 3032	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1684 wrote to memory of 2236	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1684 wrote to memory of 2236	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1684 wrote to memory of 2236	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1684 wrote to memory of 304	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1684 wrote to memory of 304	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1684 wrote to memory of 304	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1684 wrote to memory of 1112	1684	2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_554cfcef4294bf5fd6b2d0578f9caecc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\System\hWJDfDW.exe
  C:\Windows\System\hWJDfDW.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\lKIUOhk.exe
  C:\Windows\System\lKIUOhk.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\BKCzEUt.exe
  C:\Windows\System\BKCzEUt.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\gYVWeoc.exe
  C:\Windows\System\gYVWeoc.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\nrgpotX.exe
  C:\Windows\System\nrgpotX.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\AwGMKGT.exe
  C:\Windows\System\AwGMKGT.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\hcDacCG.exe
  C:\Windows\System\hcDacCG.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\lnqQEFn.exe
  C:\Windows\System\lnqQEFn.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\IdflBuC.exe
  C:\Windows\System\IdflBuC.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\AkaktuU.exe
  C:\Windows\System\AkaktuU.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\BKjiSZN.exe
  C:\Windows\System\BKjiSZN.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\LZkjQJV.exe
  C:\Windows\System\LZkjQJV.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\NPgeMjA.exe
  C:\Windows\System\NPgeMjA.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\kyEOrlA.exe
  C:\Windows\System\kyEOrlA.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\phGYcDM.exe
  C:\Windows\System\phGYcDM.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\BZZAoNk.exe
  C:\Windows\System\BZZAoNk.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\pumCxFV.exe
  C:\Windows\System\pumCxFV.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\KEmjJkQ.exe
  C:\Windows\System\KEmjJkQ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\WaNCvPK.exe
  C:\Windows\System\WaNCvPK.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\TIFvFNG.exe
  C:\Windows\System\TIFvFNG.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\vbBHGsk.exe
  C:\Windows\System\vbBHGsk.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\QWtlDLq.exe
  C:\Windows\System\QWtlDLq.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\eoiBVsH.exe
  C:\Windows\System\eoiBVsH.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\nhaskxa.exe
  C:\Windows\System\nhaskxa.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\LMoJKTd.exe
  C:\Windows\System\LMoJKTd.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\ndDXMYl.exe
  C:\Windows\System\ndDXMYl.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\jBMOUaA.exe
  C:\Windows\System\jBMOUaA.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\kLodAyt.exe
  C:\Windows\System\kLodAyt.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\AzJWgky.exe
  C:\Windows\System\AzJWgky.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\lQzzhRf.exe
  C:\Windows\System\lQzzhRf.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\tVrwXwE.exe
  C:\Windows\System\tVrwXwE.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\bboGAfl.exe
  C:\Windows\System\bboGAfl.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\ghLqPPf.exe
  C:\Windows\System\ghLqPPf.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\aPquQCr.exe
  C:\Windows\System\aPquQCr.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\OCWAmCz.exe
  C:\Windows\System\OCWAmCz.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\PvAAUJl.exe
  C:\Windows\System\PvAAUJl.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\HTeIcHH.exe
  C:\Windows\System\HTeIcHH.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\cHTRbnP.exe
  C:\Windows\System\cHTRbnP.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\kjefUCk.exe
  C:\Windows\System\kjefUCk.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\YypDQXo.exe
  C:\Windows\System\YypDQXo.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ZpXwYHd.exe
  C:\Windows\System\ZpXwYHd.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\DuSDfNN.exe
  C:\Windows\System\DuSDfNN.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\xmiKXmm.exe
  C:\Windows\System\xmiKXmm.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\AOJsFwG.exe
  C:\Windows\System\AOJsFwG.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\AMvcRaJ.exe
  C:\Windows\System\AMvcRaJ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\EVErEqI.exe
  C:\Windows\System\EVErEqI.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\lntIgFr.exe
  C:\Windows\System\lntIgFr.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\DbyImzl.exe
  C:\Windows\System\DbyImzl.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\WPaocGq.exe
  C:\Windows\System\WPaocGq.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\hDDCRFR.exe
  C:\Windows\System\hDDCRFR.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\uURkMvk.exe
  C:\Windows\System\uURkMvk.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\xzSNXVU.exe
  C:\Windows\System\xzSNXVU.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\TIAqTax.exe
  C:\Windows\System\TIAqTax.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\GgHhPFS.exe
  C:\Windows\System\GgHhPFS.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\CWWWBBc.exe
  C:\Windows\System\CWWWBBc.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\cyiEsrB.exe
  C:\Windows\System\cyiEsrB.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\PVNyEHA.exe
  C:\Windows\System\PVNyEHA.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\uTkVpSd.exe
  C:\Windows\System\uTkVpSd.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\xxYCNDx.exe
  C:\Windows\System\xxYCNDx.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\oZDHfEK.exe
  C:\Windows\System\oZDHfEK.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\NAwUkIZ.exe
  C:\Windows\System\NAwUkIZ.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\iDnAwUJ.exe
  C:\Windows\System\iDnAwUJ.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\LNEfZTO.exe
  C:\Windows\System\LNEfZTO.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\NKOGWFl.exe
  C:\Windows\System\NKOGWFl.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\khChBCM.exe
  C:\Windows\System\khChBCM.exe
  2⤵
  PID:2308
- C:\Windows\System\BhMPflE.exe
  C:\Windows\System\BhMPflE.exe
  2⤵
  PID:2116
- C:\Windows\System\UMmjdqP.exe
  C:\Windows\System\UMmjdqP.exe
  2⤵
  PID:1040
- C:\Windows\System\LQeZbSn.exe
  C:\Windows\System\LQeZbSn.exe
  2⤵
  PID:1656
- C:\Windows\System\EbcUSrM.exe
  C:\Windows\System\EbcUSrM.exe
  2⤵
  PID:2188
- C:\Windows\System\ebwyWsj.exe
  C:\Windows\System\ebwyWsj.exe
  2⤵
  PID:936
- C:\Windows\System\EKJfoke.exe
  C:\Windows\System\EKJfoke.exe
  2⤵
  PID:2668
- C:\Windows\System\OTzWFgk.exe
  C:\Windows\System\OTzWFgk.exe
  2⤵
  PID:2676
- C:\Windows\System\IETIlrV.exe
  C:\Windows\System\IETIlrV.exe
  2⤵
  PID:1288
- C:\Windows\System\eBweEsA.exe
  C:\Windows\System\eBweEsA.exe
  2⤵
  PID:1780
- C:\Windows\System\gBasCAE.exe
  C:\Windows\System\gBasCAE.exe
  2⤵
  PID:812
- C:\Windows\System\hnSPVln.exe
  C:\Windows\System\hnSPVln.exe
  2⤵
  PID:2564
- C:\Windows\System\gfeLRAf.exe
  C:\Windows\System\gfeLRAf.exe
  2⤵
  PID:2992
- C:\Windows\System\bHthgYB.exe
  C:\Windows\System\bHthgYB.exe
  2⤵
  PID:2792
- C:\Windows\System\sIShfBg.exe
  C:\Windows\System\sIShfBg.exe
  2⤵
  PID:2692
- C:\Windows\System\UdALLLE.exe
  C:\Windows\System\UdALLLE.exe
  2⤵
  PID:2624
- C:\Windows\System\qgwoiod.exe
  C:\Windows\System\qgwoiod.exe
  2⤵
  PID:2932
- C:\Windows\System\MgMRNDC.exe
  C:\Windows\System\MgMRNDC.exe
  2⤵
  PID:2516
- C:\Windows\System\uvlHdbp.exe
  C:\Windows\System\uvlHdbp.exe
  2⤵
  PID:2828
- C:\Windows\System\CxiAfWs.exe
  C:\Windows\System\CxiAfWs.exe
  2⤵
  PID:2268
- C:\Windows\System\pyakWAb.exe
  C:\Windows\System\pyakWAb.exe
  2⤵
  PID:2096
- C:\Windows\System\YEwbaSw.exe
  C:\Windows\System\YEwbaSw.exe
  2⤵
  PID:2600
- C:\Windows\System\cSLwQsD.exe
  C:\Windows\System\cSLwQsD.exe
  2⤵
  PID:364
- C:\Windows\System\KOCSpLl.exe
  C:\Windows\System\KOCSpLl.exe
  2⤵
  PID:1820
- C:\Windows\System\nyayqhn.exe
  C:\Windows\System\nyayqhn.exe
  2⤵
  PID:960
- C:\Windows\System\ZkoxXGY.exe
  C:\Windows\System\ZkoxXGY.exe
  2⤵
  PID:1464
- C:\Windows\System\xyqQoqj.exe
  C:\Windows\System\xyqQoqj.exe
  2⤵
  PID:1084
- C:\Windows\System\xMsmljR.exe
  C:\Windows\System\xMsmljR.exe
  2⤵
  PID:1740
- C:\Windows\System\hfGyUpf.exe
  C:\Windows\System\hfGyUpf.exe
  2⤵
  PID:108
- C:\Windows\System\HhKgiqL.exe
  C:\Windows\System\HhKgiqL.exe
  2⤵
  PID:2660
- C:\Windows\System\CTwllfp.exe
  C:\Windows\System\CTwllfp.exe
  2⤵
  PID:2160
- C:\Windows\System\jbHkNce.exe
  C:\Windows\System\jbHkNce.exe
  2⤵
  PID:1636
- C:\Windows\System\VHkTkFy.exe
  C:\Windows\System\VHkTkFy.exe
  2⤵
  PID:3080
- C:\Windows\System\hmPRdPi.exe
  C:\Windows\System\hmPRdPi.exe
  2⤵
  PID:3096
- C:\Windows\System\cTzrONU.exe
  C:\Windows\System\cTzrONU.exe
  2⤵
  PID:3112
- C:\Windows\System\zlyqUzl.exe
  C:\Windows\System\zlyqUzl.exe
  2⤵
  PID:3128
- C:\Windows\System\EgmNMoR.exe
  C:\Windows\System\EgmNMoR.exe
  2⤵
  PID:3144
- C:\Windows\System\FpZynBk.exe
  C:\Windows\System\FpZynBk.exe
  2⤵
  PID:3164
- C:\Windows\System\fGnZwlI.exe
  C:\Windows\System\fGnZwlI.exe
  2⤵
  PID:3180
- C:\Windows\System\wKIuCGj.exe
  C:\Windows\System\wKIuCGj.exe
  2⤵
  PID:3196
- C:\Windows\System\CsJxZZo.exe
  C:\Windows\System\CsJxZZo.exe
  2⤵
  PID:3216
- C:\Windows\System\uJjzQKR.exe
  C:\Windows\System\uJjzQKR.exe
  2⤵
  PID:3236
- C:\Windows\System\sbladsa.exe
  C:\Windows\System\sbladsa.exe
  2⤵
  PID:3252
- C:\Windows\System\GBCdrpr.exe
  C:\Windows\System\GBCdrpr.exe
  2⤵
  PID:3280
- C:\Windows\System\prfAiYJ.exe
  C:\Windows\System\prfAiYJ.exe
  2⤵
  PID:3304
- C:\Windows\System\vgjfjec.exe
  C:\Windows\System\vgjfjec.exe
  2⤵
  PID:3320
- C:\Windows\System\WBpAmXR.exe
  C:\Windows\System\WBpAmXR.exe
  2⤵
  PID:3336
- C:\Windows\System\rUgJjTe.exe
  C:\Windows\System\rUgJjTe.exe
  2⤵
  PID:3352
- C:\Windows\System\drQRvFv.exe
  C:\Windows\System\drQRvFv.exe
  2⤵
  PID:3380
- C:\Windows\System\nHaQBWG.exe
  C:\Windows\System\nHaQBWG.exe
  2⤵
  PID:3396
- C:\Windows\System\FILppQp.exe
  C:\Windows\System\FILppQp.exe
  2⤵
  PID:3416
- C:\Windows\System\pqTBoxj.exe
  C:\Windows\System\pqTBoxj.exe
  2⤵
  PID:3436
- C:\Windows\System\OVBBZVg.exe
  C:\Windows\System\OVBBZVg.exe
  2⤵
  PID:3460
- C:\Windows\System\BczuhUd.exe
  C:\Windows\System\BczuhUd.exe
  2⤵
  PID:3484
- C:\Windows\System\YopeBXz.exe
  C:\Windows\System\YopeBXz.exe
  2⤵
  PID:3500
- C:\Windows\System\GKWyAiK.exe
  C:\Windows\System\GKWyAiK.exe
  2⤵
  PID:3516
- C:\Windows\System\DzuQILS.exe
  C:\Windows\System\DzuQILS.exe
  2⤵
  PID:3532
- C:\Windows\System\AkcFazw.exe
  C:\Windows\System\AkcFazw.exe
  2⤵
  PID:3548
- C:\Windows\System\sURWTpE.exe
  C:\Windows\System\sURWTpE.exe
  2⤵
  PID:3564
- C:\Windows\System\EPymVDy.exe
  C:\Windows\System\EPymVDy.exe
  2⤵
  PID:3580
- C:\Windows\System\tgCYodn.exe
  C:\Windows\System\tgCYodn.exe
  2⤵
  PID:3596
- C:\Windows\System\scQJVvg.exe
  C:\Windows\System\scQJVvg.exe
  2⤵
  PID:3612
- C:\Windows\System\uFdjump.exe
  C:\Windows\System\uFdjump.exe
  2⤵
  PID:3628
- C:\Windows\System\yfYSxoX.exe
  C:\Windows\System\yfYSxoX.exe
  2⤵
  PID:3644
- C:\Windows\System\OCbERkl.exe
  C:\Windows\System\OCbERkl.exe
  2⤵
  PID:3804
- C:\Windows\System\fXDSUPt.exe
  C:\Windows\System\fXDSUPt.exe
  2⤵
  PID:3824
- C:\Windows\System\lWlKtGi.exe
  C:\Windows\System\lWlKtGi.exe
  2⤵
  PID:3844
- C:\Windows\System\NBZSnko.exe
  C:\Windows\System\NBZSnko.exe
  2⤵
  PID:3864
- C:\Windows\System\CJTzcmD.exe
  C:\Windows\System\CJTzcmD.exe
  2⤵
  PID:3880
- C:\Windows\System\sEiWURq.exe
  C:\Windows\System\sEiWURq.exe
  2⤵
  PID:3904
- C:\Windows\System\PeYKhpa.exe
  C:\Windows\System\PeYKhpa.exe
  2⤵
  PID:3920
- C:\Windows\System\JyXhCQl.exe
  C:\Windows\System\JyXhCQl.exe
  2⤵
  PID:3936
- C:\Windows\System\pHIOrsI.exe
  C:\Windows\System\pHIOrsI.exe
  2⤵
  PID:3952
- C:\Windows\System\ZxYorrN.exe
  C:\Windows\System\ZxYorrN.exe
  2⤵
  PID:3972
- C:\Windows\System\tcUmWpJ.exe
  C:\Windows\System\tcUmWpJ.exe
  2⤵
  PID:3992
- C:\Windows\System\eetJUkv.exe
  C:\Windows\System\eetJUkv.exe
  2⤵
  PID:4008
- C:\Windows\System\giEbuXt.exe
  C:\Windows\System\giEbuXt.exe
  2⤵
  PID:4028
- C:\Windows\System\KayWzqg.exe
  C:\Windows\System\KayWzqg.exe
  2⤵
  PID:4044
- C:\Windows\System\GJbIsGz.exe
  C:\Windows\System\GJbIsGz.exe
  2⤵
  PID:4060
- C:\Windows\System\kgZPOuZ.exe
  C:\Windows\System\kgZPOuZ.exe
  2⤵
  PID:4076
- C:\Windows\System\XynEsrz.exe
  C:\Windows\System\XynEsrz.exe
  2⤵
  PID:4092
- C:\Windows\System\NjwrdIB.exe
  C:\Windows\System\NjwrdIB.exe
  2⤵
  PID:788
- C:\Windows\System\fXfvacA.exe
  C:\Windows\System\fXfvacA.exe
  2⤵
  PID:1872
- C:\Windows\System\YaXHPqF.exe
  C:\Windows\System\YaXHPqF.exe
  2⤵
  PID:548
- C:\Windows\System\hgWpepz.exe
  C:\Windows\System\hgWpepz.exe
  2⤵
  PID:1144
- C:\Windows\System\ccoDvrM.exe
  C:\Windows\System\ccoDvrM.exe
  2⤵
  PID:2948
- C:\Windows\System\mtUMMnM.exe
  C:\Windows\System\mtUMMnM.exe
  2⤵
  PID:3092
- C:\Windows\System\POHkFvM.exe
  C:\Windows\System\POHkFvM.exe
  2⤵
  PID:3156
- C:\Windows\System\OARVLzc.exe
  C:\Windows\System\OARVLzc.exe
  2⤵
  PID:3224
- C:\Windows\System\IWffaNw.exe
  C:\Windows\System\IWffaNw.exe
  2⤵
  PID:3268
- C:\Windows\System\BfrzQDW.exe
  C:\Windows\System\BfrzQDW.exe
  2⤵
  PID:952
- C:\Windows\System\xnNGnwU.exe
  C:\Windows\System\xnNGnwU.exe
  2⤵
  PID:3312
- C:\Windows\System\kvZSIKr.exe
  C:\Windows\System\kvZSIKr.exe
  2⤵
  PID:3388
- C:\Windows\System\ZQBGVet.exe
  C:\Windows\System\ZQBGVet.exe
  2⤵
  PID:3468
- C:\Windows\System\TSyFExS.exe
  C:\Windows\System\TSyFExS.exe
  2⤵
  PID:3540
- C:\Windows\System\VdVhyhU.exe
  C:\Windows\System\VdVhyhU.exe
  2⤵
  PID:3572
- C:\Windows\System\teOBzvA.exe
  C:\Windows\System\teOBzvA.exe
  2⤵
  PID:2324
- C:\Windows\System\eUQMNph.exe
  C:\Windows\System\eUQMNph.exe
  2⤵
  PID:3636
- C:\Windows\System\gEMruRF.exe
  C:\Windows\System\gEMruRF.exe
  2⤵
  PID:1560
- C:\Windows\System\jVUJnsQ.exe
  C:\Windows\System\jVUJnsQ.exe
  2⤵
  PID:2224
- C:\Windows\System\bIUKUVE.exe
  C:\Windows\System\bIUKUVE.exe
  2⤵
  PID:560
- C:\Windows\System\BdYFYVV.exe
  C:\Windows\System\BdYFYVV.exe
  2⤵
  PID:1064
- C:\Windows\System\uPYSqYj.exe
  C:\Windows\System\uPYSqYj.exe
  2⤵
  PID:1224
- C:\Windows\System\pkOInHW.exe
  C:\Windows\System\pkOInHW.exe
  2⤵
  PID:2448
- C:\Windows\System\OAgrPPZ.exe
  C:\Windows\System\OAgrPPZ.exe
  2⤵
  PID:3136
- C:\Windows\System\bDrUlPe.exe
  C:\Windows\System\bDrUlPe.exe
  2⤵
  PID:3204
- C:\Windows\System\iITHvbL.exe
  C:\Windows\System\iITHvbL.exe
  2⤵
  PID:3248
- C:\Windows\System\HdYkuqj.exe
  C:\Windows\System\HdYkuqj.exe
  2⤵
  PID:3300
- C:\Windows\System\AuZhnjq.exe
  C:\Windows\System\AuZhnjq.exe
  2⤵
  PID:3368
- C:\Windows\System\CjmtaGe.exe
  C:\Windows\System\CjmtaGe.exe
  2⤵
  PID:3404
- C:\Windows\System\yIiWuPd.exe
  C:\Windows\System\yIiWuPd.exe
  2⤵
  PID:3448
- C:\Windows\System\gYkfEVL.exe
  C:\Windows\System\gYkfEVL.exe
  2⤵
  PID:3496
- C:\Windows\System\QFgdYbj.exe
  C:\Windows\System\QFgdYbj.exe
  2⤵
  PID:3556
- C:\Windows\System\OBgGIDw.exe
  C:\Windows\System\OBgGIDw.exe
  2⤵
  PID:3624
- C:\Windows\System\RMnBWpK.exe
  C:\Windows\System\RMnBWpK.exe
  2⤵
  PID:1128
- C:\Windows\System\ZOZPeJC.exe
  C:\Windows\System\ZOZPeJC.exe
  2⤵
  PID:2952
- C:\Windows\System\WkIwuQU.exe
  C:\Windows\System\WkIwuQU.exe
  2⤵
  PID:3736
- C:\Windows\System\zGzGoxr.exe
  C:\Windows\System\zGzGoxr.exe
  2⤵
  PID:3752
- C:\Windows\System\asNPyXk.exe
  C:\Windows\System\asNPyXk.exe
  2⤵
  PID:3768
- C:\Windows\System\uGZQgyL.exe
  C:\Windows\System\uGZQgyL.exe
  2⤵
  PID:3784
- C:\Windows\System\mikpima.exe
  C:\Windows\System\mikpima.exe
  2⤵
  PID:3796
- C:\Windows\System\YruKepJ.exe
  C:\Windows\System\YruKepJ.exe
  2⤵
  PID:1120
- C:\Windows\System\kuuakJX.exe
  C:\Windows\System\kuuakJX.exe
  2⤵
  PID:3860
- C:\Windows\System\EeyXcqk.exe
  C:\Windows\System\EeyXcqk.exe
  2⤵
  PID:3900
- C:\Windows\System\OECoXUn.exe
  C:\Windows\System\OECoXUn.exe
  2⤵
  PID:3960
- C:\Windows\System\aHNlBQt.exe
  C:\Windows\System\aHNlBQt.exe
  2⤵
  PID:4004
- C:\Windows\System\oLPWokr.exe
  C:\Windows\System\oLPWokr.exe
  2⤵
  PID:4068
- C:\Windows\System\EPWpczR.exe
  C:\Windows\System\EPWpczR.exe
  2⤵
  PID:776
- C:\Windows\System\xzBOuJk.exe
  C:\Windows\System\xzBOuJk.exe
  2⤵
  PID:2332
- C:\Windows\System\SUllsCL.exe
  C:\Windows\System\SUllsCL.exe
  2⤵
  PID:3260
- C:\Windows\System\kGHCVXh.exe
  C:\Windows\System\kGHCVXh.exe
  2⤵
  PID:3424
- C:\Windows\System\LXgNIok.exe
  C:\Windows\System\LXgNIok.exe
  2⤵
  PID:3840
- C:\Windows\System\NuBexBa.exe
  C:\Windows\System\NuBexBa.exe
  2⤵
  PID:3988
- C:\Windows\System\uvlEkBo.exe
  C:\Windows\System\uvlEkBo.exe
  2⤵
  PID:1180
- C:\Windows\System\dnEjAib.exe
  C:\Windows\System\dnEjAib.exe
  2⤵
  PID:3188
- C:\Windows\System\hEWgrVL.exe
  C:\Windows\System\hEWgrVL.exe
  2⤵
  PID:3348
- C:\Windows\System\FjKuWvw.exe
  C:\Windows\System\FjKuWvw.exe
  2⤵
  PID:3508
- C:\Windows\System\rlLCxLu.exe
  C:\Windows\System\rlLCxLu.exe
  2⤵
  PID:2596
- C:\Windows\System\XChQZPR.exe
  C:\Windows\System\XChQZPR.exe
  2⤵
  PID:4024
- C:\Windows\System\TDxFlDa.exe
  C:\Windows\System\TDxFlDa.exe
  2⤵
  PID:3948
- C:\Windows\System\uBAIaGZ.exe
  C:\Windows\System\uBAIaGZ.exe
  2⤵
  PID:3512
- C:\Windows\System\EmjAYna.exe
  C:\Windows\System\EmjAYna.exe
  2⤵
  PID:3608
- C:\Windows\System\hHMKXnV.exe
  C:\Windows\System\hHMKXnV.exe
  2⤵
  PID:2820
- C:\Windows\System\WGpqhKW.exe
  C:\Windows\System\WGpqhKW.exe
  2⤵
  PID:2824
- C:\Windows\System\ruGvDBw.exe
  C:\Windows\System\ruGvDBw.exe
  2⤵
  PID:2416
- C:\Windows\System\WdLJAWx.exe
  C:\Windows\System\WdLJAWx.exe
  2⤵
  PID:1308
- C:\Windows\System\KyBUnTU.exe
  C:\Windows\System\KyBUnTU.exe
  2⤵
  PID:3292
- C:\Windows\System\VAxtRqN.exe
  C:\Windows\System\VAxtRqN.exe
  2⤵
  PID:3364
- C:\Windows\System\KBoWKLP.exe
  C:\Windows\System\KBoWKLP.exe
  2⤵
  PID:2180
- C:\Windows\System\EsoadQg.exe
  C:\Windows\System\EsoadQg.exe
  2⤵
  PID:3444
- C:\Windows\System\UpGbLFl.exe
  C:\Windows\System\UpGbLFl.exe
  2⤵
  PID:3528
- C:\Windows\System\WtYycHo.exe
  C:\Windows\System\WtYycHo.exe
  2⤵
  PID:3656
- C:\Windows\System\hElPtsc.exe
  C:\Windows\System\hElPtsc.exe
  2⤵
  PID:3728
- C:\Windows\System\ZbxhcGJ.exe
  C:\Windows\System\ZbxhcGJ.exe
  2⤵
  PID:3776
- C:\Windows\System\SemlIFi.exe
  C:\Windows\System\SemlIFi.exe
  2⤵
  PID:3792
- C:\Windows\System\RPLoXMu.exe
  C:\Windows\System\RPLoXMu.exe
  2⤵
  PID:3820
- C:\Windows\System\oOSVDtB.exe
  C:\Windows\System\oOSVDtB.exe
  2⤵
  PID:3964
- C:\Windows\System\ubVudNt.exe
  C:\Windows\System\ubVudNt.exe
  2⤵
  PID:2900
- C:\Windows\System\PWUPuah.exe
  C:\Windows\System\PWUPuah.exe
  2⤵
  PID:1452
- C:\Windows\System\gfqXqry.exe
  C:\Windows\System\gfqXqry.exe
  2⤵
  PID:1672
- C:\Windows\System\JKpeafN.exe
  C:\Windows\System\JKpeafN.exe
  2⤵
  PID:3192
- C:\Windows\System\wJGzNAp.exe
  C:\Windows\System\wJGzNAp.exe
  2⤵
  PID:2868
- C:\Windows\System\mwLPGDL.exe
  C:\Windows\System\mwLPGDL.exe
  2⤵
  PID:2708
- C:\Windows\System\fqznCEh.exe
  C:\Windows\System\fqznCEh.exe
  2⤵
  PID:2884
- C:\Windows\System\wPufsrw.exe
  C:\Windows\System\wPufsrw.exe
  2⤵
  PID:3264
- C:\Windows\System\MmnCmpz.exe
  C:\Windows\System\MmnCmpz.exe
  2⤵
  PID:3916
- C:\Windows\System\YIbQWuY.exe
  C:\Windows\System\YIbQWuY.exe
  2⤵
  PID:3688
- C:\Windows\System\NSGfTor.exe
  C:\Windows\System\NSGfTor.exe
  2⤵
  PID:3244
- C:\Windows\System\yNUEHrB.exe
  C:\Windows\System\yNUEHrB.exe
  2⤵
  PID:1472
- C:\Windows\System\RElYROA.exe
  C:\Windows\System\RElYROA.exe
  2⤵
  PID:3108
- C:\Windows\System\BLnTBMY.exe
  C:\Windows\System\BLnTBMY.exe
  2⤵
  PID:3376
- C:\Windows\System\nmKZbet.exe
  C:\Windows\System\nmKZbet.exe
  2⤵
  PID:3760
- C:\Windows\System\hjHeTkw.exe
  C:\Windows\System\hjHeTkw.exe
  2⤵
  PID:4112
- C:\Windows\System\gcepIVU.exe
  C:\Windows\System\gcepIVU.exe
  2⤵
  PID:4128
- C:\Windows\System\CNYzHfn.exe
  C:\Windows\System\CNYzHfn.exe
  2⤵
  PID:4144
- C:\Windows\System\SEnFAHY.exe
  C:\Windows\System\SEnFAHY.exe
  2⤵
  PID:4160
- C:\Windows\System\mjnmuVV.exe
  C:\Windows\System\mjnmuVV.exe
  2⤵
  PID:4176
- C:\Windows\System\andIfVm.exe
  C:\Windows\System\andIfVm.exe
  2⤵
  PID:4192
- C:\Windows\System\vaNyvQo.exe
  C:\Windows\System\vaNyvQo.exe
  2⤵
  PID:4212
- C:\Windows\System\NbrcWke.exe
  C:\Windows\System\NbrcWke.exe
  2⤵
  PID:4228
- C:\Windows\System\wryHgtU.exe
  C:\Windows\System\wryHgtU.exe
  2⤵
  PID:4244
- C:\Windows\System\kVwrFpP.exe
  C:\Windows\System\kVwrFpP.exe
  2⤵
  PID:4260
- C:\Windows\System\HZBXRnc.exe
  C:\Windows\System\HZBXRnc.exe
  2⤵
  PID:4276
- C:\Windows\System\QcfKnXK.exe
  C:\Windows\System\QcfKnXK.exe
  2⤵
  PID:4296
- C:\Windows\System\dCCHhBF.exe
  C:\Windows\System\dCCHhBF.exe
  2⤵
  PID:4312
- C:\Windows\System\GSzmDcV.exe
  C:\Windows\System\GSzmDcV.exe
  2⤵
  PID:4328
- C:\Windows\System\zncTqdM.exe
  C:\Windows\System\zncTqdM.exe
  2⤵
  PID:4344
- C:\Windows\System\UyKywjF.exe
  C:\Windows\System\UyKywjF.exe
  2⤵
  PID:4360
- C:\Windows\System\aSpPCDD.exe
  C:\Windows\System\aSpPCDD.exe
  2⤵
  PID:4376
- C:\Windows\System\bHHeWkh.exe
  C:\Windows\System\bHHeWkh.exe
  2⤵
  PID:4392
- C:\Windows\System\aOmDEID.exe
  C:\Windows\System\aOmDEID.exe
  2⤵
  PID:4408
- C:\Windows\System\sOmRGkQ.exe
  C:\Windows\System\sOmRGkQ.exe
  2⤵
  PID:4424
- C:\Windows\System\XuUSJBi.exe
  C:\Windows\System\XuUSJBi.exe
  2⤵
  PID:4440
- C:\Windows\System\PFVIIRd.exe
  C:\Windows\System\PFVIIRd.exe
  2⤵
  PID:4456
- C:\Windows\System\ghPtIRK.exe
  C:\Windows\System\ghPtIRK.exe
  2⤵
  PID:4472
- C:\Windows\System\Emztusu.exe
  C:\Windows\System\Emztusu.exe
  2⤵
  PID:4488
- C:\Windows\System\LbitLym.exe
  C:\Windows\System\LbitLym.exe
  2⤵
  PID:4504
- C:\Windows\System\vWpwasw.exe
  C:\Windows\System\vWpwasw.exe
  2⤵
  PID:4520
- C:\Windows\System\wVErcRw.exe
  C:\Windows\System\wVErcRw.exe
  2⤵
  PID:4536
- C:\Windows\System\rCsDzYZ.exe
  C:\Windows\System\rCsDzYZ.exe
  2⤵
  PID:4552
- C:\Windows\System\dQYgCBo.exe
  C:\Windows\System\dQYgCBo.exe
  2⤵
  PID:4568
- C:\Windows\System\WfNJsUs.exe
  C:\Windows\System\WfNJsUs.exe
  2⤵
  PID:4584
- C:\Windows\System\LvoTlyz.exe
  C:\Windows\System\LvoTlyz.exe
  2⤵
  PID:4600
- C:\Windows\System\kZBYvkM.exe
  C:\Windows\System\kZBYvkM.exe
  2⤵
  PID:4616
- C:\Windows\System\SmCNOjh.exe
  C:\Windows\System\SmCNOjh.exe
  2⤵
  PID:4636
- C:\Windows\System\OXpROnf.exe
  C:\Windows\System\OXpROnf.exe
  2⤵
  PID:4652
- C:\Windows\System\uqKpLCR.exe
  C:\Windows\System\uqKpLCR.exe
  2⤵
  PID:4668
- C:\Windows\System\ZvAOHsc.exe
  C:\Windows\System\ZvAOHsc.exe
  2⤵
  PID:4684
- C:\Windows\System\rPevUOo.exe
  C:\Windows\System\rPevUOo.exe
  2⤵
  PID:4700
- C:\Windows\System\GGJXfJh.exe
  C:\Windows\System\GGJXfJh.exe
  2⤵
  PID:4716
- C:\Windows\System\bEZsTqg.exe
  C:\Windows\System\bEZsTqg.exe
  2⤵
  PID:4732
- C:\Windows\System\XUoAEMr.exe
  C:\Windows\System\XUoAEMr.exe
  2⤵
  PID:4748
- C:\Windows\System\kKFrRak.exe
  C:\Windows\System\kKFrRak.exe
  2⤵
  PID:4764
- C:\Windows\System\fyNuhsx.exe
  C:\Windows\System\fyNuhsx.exe
  2⤵
  PID:4780
- C:\Windows\System\VnNMaWs.exe
  C:\Windows\System\VnNMaWs.exe
  2⤵
  PID:4796
- C:\Windows\System\vDbMwtF.exe
  C:\Windows\System\vDbMwtF.exe
  2⤵
  PID:4812
- C:\Windows\System\QIVqhsK.exe
  C:\Windows\System\QIVqhsK.exe
  2⤵
  PID:4828
- C:\Windows\System\DQZYqHG.exe
  C:\Windows\System\DQZYqHG.exe
  2⤵
  PID:4844
- C:\Windows\System\mZsfnhv.exe
  C:\Windows\System\mZsfnhv.exe
  2⤵
  PID:4860
- C:\Windows\System\VUiAQzi.exe
  C:\Windows\System\VUiAQzi.exe
  2⤵
  PID:4876
- C:\Windows\System\PQatuqX.exe
  C:\Windows\System\PQatuqX.exe
  2⤵
  PID:4892
- C:\Windows\System\jjBlrnJ.exe
  C:\Windows\System\jjBlrnJ.exe
  2⤵
  PID:4908
- C:\Windows\System\zzLLoWa.exe
  C:\Windows\System\zzLLoWa.exe
  2⤵
  PID:4924
- C:\Windows\System\dQxtObt.exe
  C:\Windows\System\dQxtObt.exe
  2⤵
  PID:4940
- C:\Windows\System\lTUtYzE.exe
  C:\Windows\System\lTUtYzE.exe
  2⤵
  PID:4956
- C:\Windows\System\EpoXJpW.exe
  C:\Windows\System\EpoXJpW.exe
  2⤵
  PID:4972
- C:\Windows\System\lbQiVmx.exe
  C:\Windows\System\lbQiVmx.exe
  2⤵
  PID:4988
- C:\Windows\System\aEvfsfZ.exe
  C:\Windows\System\aEvfsfZ.exe
  2⤵
  PID:5008
- C:\Windows\System\CeBUfDY.exe
  C:\Windows\System\CeBUfDY.exe
  2⤵
  PID:5024
- C:\Windows\System\ALnRyPl.exe
  C:\Windows\System\ALnRyPl.exe
  2⤵
  PID:5040
- C:\Windows\System\ezNwXbz.exe
  C:\Windows\System\ezNwXbz.exe
  2⤵
  PID:5056
- C:\Windows\System\qvVfofP.exe
  C:\Windows\System\qvVfofP.exe
  2⤵
  PID:5072
- C:\Windows\System\NPlXwrU.exe
  C:\Windows\System\NPlXwrU.exe
  2⤵
  PID:5088
- C:\Windows\System\hQWAZdW.exe
  C:\Windows\System\hQWAZdW.exe
  2⤵
  PID:5104
- C:\Windows\System\tmVcexm.exe
  C:\Windows\System\tmVcexm.exe
  2⤵
  PID:3744
- C:\Windows\System\soopCBq.exe
  C:\Windows\System\soopCBq.exe
  2⤵
  PID:968
- C:\Windows\System\AQiHvZm.exe
  C:\Windows\System\AQiHvZm.exe
  2⤵
  PID:3836
- C:\Windows\System\ytmDjKL.exe
  C:\Windows\System\ytmDjKL.exe
  2⤵
  PID:3852
- C:\Windows\System\KCOlXOl.exe
  C:\Windows\System\KCOlXOl.exe
  2⤵
  PID:1816
- C:\Windows\System\rOVLcDm.exe
  C:\Windows\System\rOVLcDm.exe
  2⤵
  PID:3944
- C:\Windows\System\ziIqiVm.exe
  C:\Windows\System\ziIqiVm.exe
  2⤵
  PID:2020
- C:\Windows\System\ZcYHSNw.exe
  C:\Windows\System\ZcYHSNw.exe
  2⤵
  PID:884
- C:\Windows\System\DwvzPsn.exe
  C:\Windows\System\DwvzPsn.exe
  2⤵
  PID:4088
- C:\Windows\System\cJSekyO.exe
  C:\Windows\System\cJSekyO.exe
  2⤵
  PID:4104
- C:\Windows\System\HZiepfZ.exe
  C:\Windows\System\HZiepfZ.exe
  2⤵
  PID:4108
- C:\Windows\System\lFRrsNa.exe
  C:\Windows\System\lFRrsNa.exe
  2⤵
  PID:4140
- C:\Windows\System\cTOVyty.exe
  C:\Windows\System\cTOVyty.exe
  2⤵
  PID:4184
- C:\Windows\System\vyUUall.exe
  C:\Windows\System\vyUUall.exe
  2⤵
  PID:2336
- C:\Windows\System\rvMMmbu.exe
  C:\Windows\System\rvMMmbu.exe
  2⤵
  PID:4256
- C:\Windows\System\JAbnSUT.exe
  C:\Windows\System\JAbnSUT.exe
  2⤵
  PID:2892
- C:\Windows\System\LAaDjbB.exe
  C:\Windows\System\LAaDjbB.exe
  2⤵
  PID:4352
- C:\Windows\System\TwHnnMZ.exe
  C:\Windows\System\TwHnnMZ.exe
  2⤵
  PID:4236
- C:\Windows\System\PMqfhQD.exe
  C:\Windows\System\PMqfhQD.exe
  2⤵
  PID:4304
- C:\Windows\System\QIGaQAE.exe
  C:\Windows\System\QIGaQAE.exe
  2⤵
  PID:4340
- C:\Windows\System\wZxuuUi.exe
  C:\Windows\System\wZxuuUi.exe
  2⤵
  PID:4420
- C:\Windows\System\qEkZECT.exe
  C:\Windows\System\qEkZECT.exe
  2⤵
  PID:4448
- C:\Windows\System\MxosRNb.exe
  C:\Windows\System\MxosRNb.exe
  2⤵
  PID:4436
- C:\Windows\System\SwDPkqo.exe
  C:\Windows\System\SwDPkqo.exe
  2⤵
  PID:4516
- C:\Windows\System\CISNLAK.exe
  C:\Windows\System\CISNLAK.exe
  2⤵
  PID:4496
- C:\Windows\System\NfDRbXT.exe
  C:\Windows\System\NfDRbXT.exe
  2⤵
  PID:4580
- C:\Windows\System\xHZUrsy.exe
  C:\Windows\System\xHZUrsy.exe
  2⤵
  PID:4560
- C:\Windows\System\tCGCNSq.exe
  C:\Windows\System\tCGCNSq.exe
  2⤵
  PID:4644
- C:\Windows\System\ZkZwiTD.exe
  C:\Windows\System\ZkZwiTD.exe
  2⤵
  PID:4680
- C:\Windows\System\nSsKMLl.exe
  C:\Windows\System\nSsKMLl.exe
  2⤵
  PID:4664
- C:\Windows\System\sjrAdCW.exe
  C:\Windows\System\sjrAdCW.exe
  2⤵
  PID:4724
- C:\Windows\System\CJZrtin.exe
  C:\Windows\System\CJZrtin.exe
  2⤵
  PID:4772
- C:\Windows\System\cnaZnSh.exe
  C:\Windows\System\cnaZnSh.exe
  2⤵
  PID:4804
- C:\Windows\System\wYWdSUg.exe
  C:\Windows\System\wYWdSUg.exe
  2⤵
  PID:4836
- C:\Windows\System\jCfOlpl.exe
  C:\Windows\System\jCfOlpl.exe
  2⤵
  PID:4852
- C:\Windows\System\AGYBTmO.exe
  C:\Windows\System\AGYBTmO.exe
  2⤵
  PID:4872
- C:\Windows\System\gOcvRJb.exe
  C:\Windows\System\gOcvRJb.exe
  2⤵
  PID:4932
- C:\Windows\System\yHledWr.exe
  C:\Windows\System\yHledWr.exe
  2⤵
  PID:4916
- C:\Windows\System\jprWXKi.exe
  C:\Windows\System\jprWXKi.exe
  2⤵
  PID:4952
- C:\Windows\System\DHdWNxi.exe
  C:\Windows\System\DHdWNxi.exe
  2⤵
  PID:5032
- C:\Windows\System\uWfFnSN.exe
  C:\Windows\System\uWfFnSN.exe
  2⤵
  PID:5068
- C:\Windows\System\wpjqgKb.exe
  C:\Windows\System\wpjqgKb.exe
  2⤵
  PID:5020
- C:\Windows\System\BJBALSR.exe
  C:\Windows\System\BJBALSR.exe
  2⤵
  PID:2752
- C:\Windows\System\qkHtOzi.exe
  C:\Windows\System\qkHtOzi.exe
  2⤵
  PID:5080
- C:\Windows\System\lxMTImK.exe
  C:\Windows\System\lxMTImK.exe
  2⤵
  PID:5084
- C:\Windows\System\lwNOfDi.exe
  C:\Windows\System\lwNOfDi.exe
  2⤵
  PID:3928
- C:\Windows\System\WiqQnIn.exe
  C:\Windows\System\WiqQnIn.exe
  2⤵
  PID:2776
- C:\Windows\System\XHYTQuM.exe
  C:\Windows\System\XHYTQuM.exe
  2⤵
  PID:1172
- C:\Windows\System\zfRKFVc.exe
  C:\Windows\System\zfRKFVc.exe
  2⤵
  PID:2132
- C:\Windows\System\kmVmPOt.exe
  C:\Windows\System\kmVmPOt.exe
  2⤵
  PID:4136
- C:\Windows\System\eGNdkDK.exe
  C:\Windows\System\eGNdkDK.exe
  2⤵
  PID:4120
- C:\Windows\System\AhieuYf.exe
  C:\Windows\System\AhieuYf.exe
  2⤵
  PID:4220
- C:\Windows\System\WlLdxKn.exe
  C:\Windows\System\WlLdxKn.exe
  2⤵
  PID:4320
- C:\Windows\System\LYTLazJ.exe
  C:\Windows\System\LYTLazJ.exe
  2⤵
  PID:4416
- C:\Windows\System\lZMqjia.exe
  C:\Windows\System\lZMqjia.exe
  2⤵
  PID:4372
- C:\Windows\System\BoEecij.exe
  C:\Windows\System\BoEecij.exe
  2⤵
  PID:4480
- C:\Windows\System\SFgmYBM.exe
  C:\Windows\System\SFgmYBM.exe
  2⤵
  PID:4252
- C:\Windows\System\dDEJjWv.exe
  C:\Windows\System\dDEJjWv.exe
  2⤵
  PID:4612
- C:\Windows\System\FHEtNbA.exe
  C:\Windows\System\FHEtNbA.exe
  2⤵
  PID:4628
- C:\Windows\System\COwuUVJ.exe
  C:\Windows\System\COwuUVJ.exe
  2⤵
  PID:4696
- C:\Windows\System\saJzWnS.exe
  C:\Windows\System\saJzWnS.exe
  2⤵
  PID:4760
- C:\Windows\System\cDmSffV.exe
  C:\Windows\System\cDmSffV.exe
  2⤵
  PID:4820
- C:\Windows\System\kaiMTyS.exe
  C:\Windows\System\kaiMTyS.exe
  2⤵
  PID:2724
- C:\Windows\System\qLetcSV.exe
  C:\Windows\System\qLetcSV.exe
  2⤵
  PID:2228
- C:\Windows\System\QLDAqwI.exe
  C:\Windows\System\QLDAqwI.exe
  2⤵
  PID:1940
- C:\Windows\System\IbwLPDZ.exe
  C:\Windows\System\IbwLPDZ.exe
  2⤵
  PID:5000
- C:\Windows\System\AoVgCQJ.exe
  C:\Windows\System\AoVgCQJ.exe
  2⤵
  PID:4948
- C:\Windows\System\EUjfsXS.exe
  C:\Windows\System\EUjfsXS.exe
  2⤵
  PID:4996
- C:\Windows\System\FxwybBo.exe
  C:\Windows\System\FxwybBo.exe
  2⤵
  PID:2768
- C:\Windows\System\VwGRcMh.exe
  C:\Windows\System\VwGRcMh.exe
  2⤵
  PID:5116
- C:\Windows\System\xjFvMNB.exe
  C:\Windows\System\xjFvMNB.exe
  2⤵
  PID:3276
- C:\Windows\System\QABJEmM.exe
  C:\Windows\System\QABJEmM.exe
  2⤵
  PID:1704
- C:\Windows\System\wRjEnNy.exe
  C:\Windows\System\wRjEnNy.exe
  2⤵
  PID:4172
- C:\Windows\System\acOvkPA.exe
  C:\Windows\System\acOvkPA.exe
  2⤵
  PID:4388
- C:\Windows\System\EOteliX.exe
  C:\Windows\System\EOteliX.exe
  2⤵
  PID:4404
- C:\Windows\System\emzcwvI.exe
  C:\Windows\System\emzcwvI.exe
  2⤵
  PID:4512
- C:\Windows\System\dyLxkHL.exe
  C:\Windows\System\dyLxkHL.exe
  2⤵
  PID:4676
- C:\Windows\System\EvbiVsw.exe
  C:\Windows\System\EvbiVsw.exe
  2⤵
  PID:5184
- C:\Windows\System\dmYipTO.exe
  C:\Windows\System\dmYipTO.exe
  2⤵
  PID:5200
- C:\Windows\System\iFdTKld.exe
  C:\Windows\System\iFdTKld.exe
  2⤵
  PID:5216
- C:\Windows\System\VrlQjaG.exe
  C:\Windows\System\VrlQjaG.exe
  2⤵
  PID:5232
- C:\Windows\System\mDciiUH.exe
  C:\Windows\System\mDciiUH.exe
  2⤵
  PID:5248
- C:\Windows\System\FVvLPGs.exe
  C:\Windows\System\FVvLPGs.exe
  2⤵
  PID:5276
- C:\Windows\System\oGFMFvl.exe
  C:\Windows\System\oGFMFvl.exe
  2⤵
  PID:5412
- C:\Windows\System\RCFfxDc.exe
  C:\Windows\System\RCFfxDc.exe
  2⤵
  PID:5428
- C:\Windows\System\xulZNqD.exe
  C:\Windows\System\xulZNqD.exe
  2⤵
  PID:5444
- C:\Windows\System\mWEwDTa.exe
  C:\Windows\System\mWEwDTa.exe
  2⤵
  PID:5460
- C:\Windows\System\CrprPYH.exe
  C:\Windows\System\CrprPYH.exe
  2⤵
  PID:5476
- C:\Windows\System\GCPJWZg.exe
  C:\Windows\System\GCPJWZg.exe
  2⤵
  PID:5492
- C:\Windows\System\iAgGwpP.exe
  C:\Windows\System\iAgGwpP.exe
  2⤵
  PID:5508
- C:\Windows\System\COekUgP.exe
  C:\Windows\System\COekUgP.exe
  2⤵
  PID:5524
- C:\Windows\System\hsLSxEM.exe
  C:\Windows\System\hsLSxEM.exe
  2⤵
  PID:5540
- C:\Windows\System\HxDMChs.exe
  C:\Windows\System\HxDMChs.exe
  2⤵
  PID:5556
- C:\Windows\System\IuzNrMM.exe
  C:\Windows\System\IuzNrMM.exe
  2⤵
  PID:5576
- C:\Windows\System\LTCaNjj.exe
  C:\Windows\System\LTCaNjj.exe
  2⤵
  PID:5600
- C:\Windows\System\UacmHua.exe
  C:\Windows\System\UacmHua.exe
  2⤵
  PID:5616
- C:\Windows\System\HvrwiLM.exe
  C:\Windows\System\HvrwiLM.exe
  2⤵
  PID:5632
- C:\Windows\System\UYEXUwq.exe
  C:\Windows\System\UYEXUwq.exe
  2⤵
  PID:5648
- C:\Windows\System\eeHvcEv.exe
  C:\Windows\System\eeHvcEv.exe
  2⤵
  PID:5664
- C:\Windows\System\KpQOopQ.exe
  C:\Windows\System\KpQOopQ.exe
  2⤵
  PID:5936
- C:\Windows\System\JLzSZKk.exe
  C:\Windows\System\JLzSZKk.exe
  2⤵
  PID:5156
- C:\Windows\System\NiZmSpi.exe
  C:\Windows\System\NiZmSpi.exe
  2⤵
  PID:5172
- C:\Windows\System\aAIyEVv.exe
  C:\Windows\System\aAIyEVv.exe
  2⤵
  PID:5208
- C:\Windows\System\VugYbTM.exe
  C:\Windows\System\VugYbTM.exe
  2⤵
  PID:5284
- C:\Windows\System\ySoSrYT.exe
  C:\Windows\System\ySoSrYT.exe
  2⤵
  PID:5300
- C:\Windows\System\QTDGzCr.exe
  C:\Windows\System\QTDGzCr.exe
  2⤵
  PID:5320
- C:\Windows\System\rIHKmkv.exe
  C:\Windows\System\rIHKmkv.exe
  2⤵
  PID:5336
- C:\Windows\System\xElWpdR.exe
  C:\Windows\System\xElWpdR.exe
  2⤵
  PID:5352
- C:\Windows\System\epoQzRq.exe
  C:\Windows\System\epoQzRq.exe
  2⤵
  PID:5368
- C:\Windows\System\pRFAVbA.exe
  C:\Windows\System\pRFAVbA.exe
  2⤵
  PID:5384
- C:\Windows\System\cFYrqCm.exe
  C:\Windows\System\cFYrqCm.exe
  2⤵
  PID:5400
- C:\Windows\System\xGGZFdO.exe
  C:\Windows\System\xGGZFdO.exe
  2⤵
  PID:5436
- C:\Windows\System\lMQRcnq.exe
  C:\Windows\System\lMQRcnq.exe
  2⤵
  PID:1600
- C:\Windows\System\yNZykPW.exe
  C:\Windows\System\yNZykPW.exe
  2⤵
  PID:5532
- C:\Windows\System\sGzuuJB.exe
  C:\Windows\System\sGzuuJB.exe
  2⤵
  PID:2604
- C:\Windows\System\cTjQzUf.exe
  C:\Windows\System\cTjQzUf.exe
  2⤵
  PID:2648
- C:\Windows\System\pxfJvcm.exe
  C:\Windows\System\pxfJvcm.exe
  2⤵
  PID:5572
- C:\Windows\System\gnXFlht.exe
  C:\Windows\System\gnXFlht.exe
  2⤵
  PID:3016
- C:\Windows\System\QRMyMMH.exe
  C:\Windows\System\QRMyMMH.exe
  2⤵
  PID:5688
- C:\Windows\System\ImuKrNV.exe
  C:\Windows\System\ImuKrNV.exe
  2⤵
  PID:5704
- C:\Windows\System\ICnuOKA.exe
  C:\Windows\System\ICnuOKA.exe
  2⤵
  PID:5720
- C:\Windows\System\zHxezrA.exe
  C:\Windows\System\zHxezrA.exe
  2⤵
  PID:5736
- C:\Windows\System\rMZbXpx.exe
  C:\Windows\System\rMZbXpx.exe
  2⤵
  PID:5760
- C:\Windows\System\ZeaCEKX.exe
  C:\Windows\System\ZeaCEKX.exe
  2⤵
  PID:5776
- C:\Windows\System\Rngoemb.exe
  C:\Windows\System\Rngoemb.exe
  2⤵
  PID:5792
- C:\Windows\System\YWmVbdL.exe
  C:\Windows\System\YWmVbdL.exe
  2⤵
  PID:5808
- C:\Windows\System\DWEEQMq.exe
  C:\Windows\System\DWEEQMq.exe
  2⤵
  PID:5836
- C:\Windows\System\lZwukQZ.exe
  C:\Windows\System\lZwukQZ.exe
  2⤵
  PID:5856
- C:\Windows\System\DYTJOgv.exe
  C:\Windows\System\DYTJOgv.exe
  2⤵
  PID:3044
- C:\Windows\System\kwwWJsD.exe
  C:\Windows\System\kwwWJsD.exe
  2⤵
  PID:4272
- C:\Windows\System\OzelZHN.exe
  C:\Windows\System\OzelZHN.exe
  2⤵
  PID:5884
- C:\Windows\System\pchtnTP.exe
  C:\Windows\System\pchtnTP.exe
  2⤵
  PID:5896
- C:\Windows\System\ApUUSiH.exe
  C:\Windows\System\ApUUSiH.exe
  2⤵
  PID:5904
- C:\Windows\System\oxNrraQ.exe
  C:\Windows\System\oxNrraQ.exe
  2⤵
  PID:5916
- C:\Windows\System\yAmjrQc.exe
  C:\Windows\System\yAmjrQc.exe
  2⤵
  PID:5196
- C:\Windows\System\WXODacr.exe
  C:\Windows\System\WXODacr.exe
  2⤵
  PID:5932
- C:\Windows\System\zxddSHK.exe
  C:\Windows\System\zxddSHK.exe
  2⤵
  PID:5268
- C:\Windows\System\NoymdjI.exe
  C:\Windows\System\NoymdjI.exe
  2⤵
  PID:1744
- C:\Windows\System\nPPVhWe.exe
  C:\Windows\System\nPPVhWe.exe
  2⤵
  PID:5588
- C:\Windows\System\SZNcWlY.exe
  C:\Windows\System\SZNcWlY.exe
  2⤵
  PID:5624
- C:\Windows\System\tmlwcIv.exe
  C:\Windows\System\tmlwcIv.exe
  2⤵
  PID:2304
- C:\Windows\System\jbwFPJF.exe
  C:\Windows\System\jbwFPJF.exe
  2⤵
  PID:5944
- C:\Windows\System\jpozJvx.exe
  C:\Windows\System\jpozJvx.exe
  2⤵
  PID:5548
- C:\Windows\System\IJSElPk.exe
  C:\Windows\System\IJSElPk.exe
  2⤵
  PID:5484
- C:\Windows\System\oCcxrSd.exe
  C:\Windows\System\oCcxrSd.exe
  2⤵
  PID:5968
- C:\Windows\System\pTijgLz.exe
  C:\Windows\System\pTijgLz.exe
  2⤵
  PID:5984
- C:\Windows\System\BhBsdBC.exe
  C:\Windows\System\BhBsdBC.exe
  2⤵
  PID:6008
- C:\Windows\System\sVxoGVd.exe
  C:\Windows\System\sVxoGVd.exe
  2⤵
  PID:1100
- C:\Windows\System\OMFWuJA.exe
  C:\Windows\System\OMFWuJA.exe
  2⤵
  PID:6028
- C:\Windows\System\eeltiaX.exe
  C:\Windows\System\eeltiaX.exe
  2⤵
  PID:1348
- C:\Windows\System\GMxbzpI.exe
  C:\Windows\System\GMxbzpI.exe
  2⤵
  PID:5132
- C:\Windows\System\kdBOCjT.exe
  C:\Windows\System\kdBOCjT.exe
  2⤵
  PID:5168
- C:\Windows\System\nmsFcuS.exe
  C:\Windows\System\nmsFcuS.exe
  2⤵
  PID:5348
- C:\Windows\System\ObdlYGx.exe
  C:\Windows\System\ObdlYGx.exe
  2⤵
  PID:784
- C:\Windows\System\IcHHAEs.exe
  C:\Windows\System\IcHHAEs.exe
  2⤵
  PID:5468
- C:\Windows\System\uiBdYYz.exe
  C:\Windows\System\uiBdYYz.exe
  2⤵
  PID:5700
- C:\Windows\System\cmZyfGd.exe
  C:\Windows\System\cmZyfGd.exe
  2⤵
  PID:3664
- C:\Windows\System\rkQhyxl.exe
  C:\Windows\System\rkQhyxl.exe
  2⤵
  PID:5680
- C:\Windows\System\NkuamXm.exe
  C:\Windows\System\NkuamXm.exe
  2⤵
  PID:5712
- C:\Windows\System\wKClIyG.exe
  C:\Windows\System\wKClIyG.exe
  2⤵
  PID:5848
- C:\Windows\System\ElqLEuH.exe
  C:\Windows\System\ElqLEuH.exe
  2⤵
  PID:708
- C:\Windows\System\LZaYjfQ.exe
  C:\Windows\System\LZaYjfQ.exe
  2⤵
  PID:5264
- C:\Windows\System\TlpQDwt.exe
  C:\Windows\System\TlpQDwt.exe
  2⤵
  PID:2372
- C:\Windows\System\fJAhHXo.exe
  C:\Windows\System\fJAhHXo.exe
  2⤵
  PID:6080
- C:\Windows\System\GhaAKvo.exe
  C:\Windows\System\GhaAKvo.exe
  2⤵
  PID:5596
- C:\Windows\System\aQzKDyp.exe
  C:\Windows\System\aQzKDyp.exe
  2⤵
  PID:2352
- C:\Windows\System\YUClKcr.exe
  C:\Windows\System\YUClKcr.exe
  2⤵
  PID:4884
- C:\Windows\System\adifRtC.exe
  C:\Windows\System\adifRtC.exe
  2⤵
  PID:4984
- C:\Windows\System\vOgHibZ.exe
  C:\Windows\System\vOgHibZ.exe
  2⤵
  PID:3492
- C:\Windows\System\oOwjquR.exe
  C:\Windows\System\oOwjquR.exe
  2⤵
  PID:2144
- C:\Windows\System\uecXAKS.exe
  C:\Windows\System\uecXAKS.exe
  2⤵
  PID:4856
- C:\Windows\System\DNgxunS.exe
  C:\Windows\System\DNgxunS.exe
  2⤵
  PID:4288
- C:\Windows\System\OFQzbIV.exe
  C:\Windows\System\OFQzbIV.exe
  2⤵
  PID:5144
- C:\Windows\System\KswvboS.exe
  C:\Windows\System\KswvboS.exe
  2⤵
  PID:4792
- C:\Windows\System\ltadrTs.exe
  C:\Windows\System\ltadrTs.exe
  2⤵
  PID:5148
- C:\Windows\System\gUioCyV.exe
  C:\Windows\System\gUioCyV.exe
  2⤵
  PID:5364
- C:\Windows\System\hRiAuJh.exe
  C:\Windows\System\hRiAuJh.exe
  2⤵
  PID:1184
- C:\Windows\System\VaRRCzO.exe
  C:\Windows\System\VaRRCzO.exe
  2⤵
  PID:5828
- C:\Windows\System\LFXSAxx.exe
  C:\Windows\System\LFXSAxx.exe
  2⤵
  PID:5804
- C:\Windows\System\QbWdiUK.exe
  C:\Windows\System\QbWdiUK.exe
  2⤵
  PID:5892
- C:\Windows\System\gxzTKmD.exe
  C:\Windows\System\gxzTKmD.exe
  2⤵
  PID:5424
- C:\Windows\System\RhibIYq.exe
  C:\Windows\System\RhibIYq.exe
  2⤵
  PID:5228
- C:\Windows\System\KFhnnBe.exe
  C:\Windows\System\KFhnnBe.exe
  2⤵
  PID:5452
- C:\Windows\System\JrMtWcP.exe
  C:\Windows\System\JrMtWcP.exe
  2⤵
  PID:5584
- C:\Windows\System\wapaUUl.exe
  C:\Windows\System\wapaUUl.exe
  2⤵
  PID:5660
- C:\Windows\System\lIKoqAn.exe
  C:\Windows\System\lIKoqAn.exe
  2⤵
  PID:5864
- C:\Windows\System\KrMgdID.exe
  C:\Windows\System\KrMgdID.exe
  2⤵
  PID:2744
- C:\Windows\System\nrYXpuc.exe
  C:\Windows\System\nrYXpuc.exe
  2⤵
  PID:2292
- C:\Windows\System\iVZiIoe.exe
  C:\Windows\System\iVZiIoe.exe
  2⤵
  PID:2432
- C:\Windows\System\mchdGfK.exe
  C:\Windows\System\mchdGfK.exe
  2⤵
  PID:5472
- C:\Windows\System\ZPypTmZ.exe
  C:\Windows\System\ZPypTmZ.exe
  2⤵
  PID:2148
- C:\Windows\System\WTFTyDJ.exe
  C:\Windows\System\WTFTyDJ.exe
  2⤵
  PID:6020
- C:\Windows\System\NodemBP.exe
  C:\Windows\System\NodemBP.exe
  2⤵
  PID:5844
- C:\Windows\System\XSwwZIQ.exe
  C:\Windows\System\XSwwZIQ.exe
  2⤵
  PID:6104
- C:\Windows\System\ZiyezoJ.exe
  C:\Windows\System\ZiyezoJ.exe
  2⤵
  PID:2064
- C:\Windows\System\ypXWHzH.exe
  C:\Windows\System\ypXWHzH.exe
  2⤵
  PID:5140
- C:\Windows\System\XezVCaA.exe
  C:\Windows\System\XezVCaA.exe
  2⤵
  PID:2856
- C:\Windows\System\FtnFCpI.exe
  C:\Windows\System\FtnFCpI.exe
  2⤵
  PID:3028
- C:\Windows\System\SPsFUFE.exe
  C:\Windows\System\SPsFUFE.exe
  2⤵
  PID:4788
- C:\Windows\System\xFlmAPQ.exe
  C:\Windows\System\xFlmAPQ.exe
  2⤵
  PID:5408
- C:\Windows\System\TsGKxrH.exe
  C:\Windows\System\TsGKxrH.exe
  2⤵
  PID:5672
- C:\Windows\System\TmfLbXo.exe
  C:\Windows\System\TmfLbXo.exe
  2⤵
  PID:5772
- C:\Windows\System\wyPVhDl.exe
  C:\Windows\System\wyPVhDl.exe
  2⤵
  PID:5244
- C:\Windows\System\WEYuVCz.exe
  C:\Windows\System\WEYuVCz.exe
  2⤵
  PID:5744
- C:\Windows\System\RvksJsp.exe
  C:\Windows\System\RvksJsp.exe
  2⤵
  PID:5296
- C:\Windows\System\zKNrpmx.exe
  C:\Windows\System\zKNrpmx.exe
  2⤵
  PID:5328
- C:\Windows\System\weMyTyv.exe
  C:\Windows\System\weMyTyv.exe
  2⤵
  PID:6044
- C:\Windows\System\cZphYWr.exe
  C:\Windows\System\cZphYWr.exe
  2⤵
  PID:2636
- C:\Windows\System\RgheDfX.exe
  C:\Windows\System\RgheDfX.exe
  2⤵
  PID:5816
- C:\Windows\System\bzJDDpX.exe
  C:\Windows\System\bzJDDpX.exe
  2⤵
  PID:6068
- C:\Windows\System\nQLcetA.exe
  C:\Windows\System\nQLcetA.exe
  2⤵
  PID:6072
- C:\Windows\System\Iulyiqb.exe
  C:\Windows\System\Iulyiqb.exe
  2⤵
  PID:5900
- C:\Windows\System\msycQCr.exe
  C:\Windows\System\msycQCr.exe
  2⤵
  PID:4712
- C:\Windows\System\RKHmnvt.exe
  C:\Windows\System\RKHmnvt.exe
  2⤵
  PID:4980
- C:\Windows\System\fPufUtR.exe
  C:\Windows\System\fPufUtR.exe
  2⤵
  PID:2916
- C:\Windows\System\IirqQMI.exe
  C:\Windows\System\IirqQMI.exe
  2⤵
  PID:5976
- C:\Windows\System\GeqhGJB.exe
  C:\Windows\System\GeqhGJB.exe
  2⤵
  PID:2092
- C:\Windows\System\ajnzhKW.exe
  C:\Windows\System\ajnzhKW.exe
  2⤵
  PID:2728
- C:\Windows\System\YZijsZD.exe
  C:\Windows\System\YZijsZD.exe
  2⤵
  PID:5924
- C:\Windows\System\ZqnJokW.exe
  C:\Windows\System\ZqnJokW.exe
  2⤵
  PID:1196
- C:\Windows\System\MhUOmeg.exe
  C:\Windows\System\MhUOmeg.exe
  2⤵
  PID:2196
- C:\Windows\System\YqAMBgO.exe
  C:\Windows\System\YqAMBgO.exe
  2⤵
  PID:1324
- C:\Windows\System\spftGCI.exe
  C:\Windows\System\spftGCI.exe
  2⤵
  PID:5380
- C:\Windows\System\CFekUsS.exe
  C:\Windows\System\CFekUsS.exe
  2⤵
  PID:5316
- C:\Windows\System\uysamJH.exe
  C:\Windows\System\uysamJH.exe
  2⤵
  PID:2396
- C:\Windows\System\ijNLfts.exe
  C:\Windows\System\ijNLfts.exe
  2⤵
  PID:1168
- C:\Windows\System\hWzKuir.exe
  C:\Windows\System\hWzKuir.exe
  2⤵
  PID:5360
- C:\Windows\System\HrIHUbH.exe
  C:\Windows\System\HrIHUbH.exe
  2⤵
  PID:5784
- C:\Windows\System\ilDIBrP.exe
  C:\Windows\System\ilDIBrP.exe
  2⤵
  PID:6064
- C:\Windows\System\ASUHvYe.exe
  C:\Windows\System\ASUHvYe.exe
  2⤵
  PID:5420
- C:\Windows\System\bVdCVdx.exe
  C:\Windows\System\bVdCVdx.exe
  2⤵
  PID:5488
- C:\Windows\System\YveymsB.exe
  C:\Windows\System\YveymsB.exe
  2⤵
  PID:1912
- C:\Windows\System\zQnIBfk.exe
  C:\Windows\System\zQnIBfk.exe
  2⤵
  PID:5872
- C:\Windows\System\caFTMpp.exe
  C:\Windows\System\caFTMpp.exe
  2⤵
  PID:5312
- C:\Windows\System\jXYRZSN.exe
  C:\Windows\System\jXYRZSN.exe
  2⤵
  PID:5112
- C:\Windows\System\VPjCcHm.exe
  C:\Windows\System\VPjCcHm.exe
  2⤵
  PID:6076
- C:\Windows\System\dLxVqOW.exe
  C:\Windows\System\dLxVqOW.exe
  2⤵
  PID:752
- C:\Windows\System\RLyWNWK.exe
  C:\Windows\System\RLyWNWK.exe
  2⤵
  PID:1312
- C:\Windows\System\zvFFCQN.exe
  C:\Windows\System\zvFFCQN.exe
  2⤵
  PID:4168
- C:\Windows\System\xolzmgN.exe
  C:\Windows\System\xolzmgN.exe
  2⤵
  PID:6004
- C:\Windows\System\vwKrzxM.exe
  C:\Windows\System\vwKrzxM.exe
  2⤵
  PID:5192
- C:\Windows\System\zTmheHx.exe
  C:\Windows\System\zTmheHx.exe
  2⤵
  PID:5128
- C:\Windows\System\XMxChti.exe
  C:\Windows\System\XMxChti.exe
  2⤵
  PID:5868
- C:\Windows\System\AAMgiCU.exe
  C:\Windows\System\AAMgiCU.exe
  2⤵
  PID:1556
- C:\Windows\System\uzhncPr.exe
  C:\Windows\System\uzhncPr.exe
  2⤵
  PID:5732
- C:\Windows\System\JSIpTUn.exe
  C:\Windows\System\JSIpTUn.exe
  2⤵
  PID:6152
- C:\Windows\System\ZXreLZw.exe
  C:\Windows\System\ZXreLZw.exe
  2⤵
  PID:6168
- C:\Windows\System\HYQBYxC.exe
  C:\Windows\System\HYQBYxC.exe
  2⤵
  PID:6184
- C:\Windows\System\CSReagG.exe
  C:\Windows\System\CSReagG.exe
  2⤵
  PID:6200
- C:\Windows\System\DTddaoK.exe
  C:\Windows\System\DTddaoK.exe
  2⤵
  PID:6216
- C:\Windows\System\SufKHAy.exe
  C:\Windows\System\SufKHAy.exe
  2⤵
  PID:6232
- C:\Windows\System\RiuLQKU.exe
  C:\Windows\System\RiuLQKU.exe
  2⤵
  PID:6248
- C:\Windows\System\XwyvUaN.exe
  C:\Windows\System\XwyvUaN.exe
  2⤵
  PID:6264
- C:\Windows\System\peqsZKB.exe
  C:\Windows\System\peqsZKB.exe
  2⤵
  PID:6280
- C:\Windows\System\jSpBjOC.exe
  C:\Windows\System\jSpBjOC.exe
  2⤵
  PID:6296
- C:\Windows\System\gIUENEm.exe
  C:\Windows\System\gIUENEm.exe
  2⤵
  PID:6312
- C:\Windows\System\IbKbmbI.exe
  C:\Windows\System\IbKbmbI.exe
  2⤵
  PID:6328
- C:\Windows\System\CkJECIP.exe
  C:\Windows\System\CkJECIP.exe
  2⤵
  PID:6344
- C:\Windows\System\SbUoCCC.exe
  C:\Windows\System\SbUoCCC.exe
  2⤵
  PID:6360
- C:\Windows\System\GLSggFd.exe
  C:\Windows\System\GLSggFd.exe
  2⤵
  PID:6380
- C:\Windows\System\ZwMQbKc.exe
  C:\Windows\System\ZwMQbKc.exe
  2⤵
  PID:6396
- C:\Windows\System\AQDvYqN.exe
  C:\Windows\System\AQDvYqN.exe
  2⤵
  PID:6412
- C:\Windows\System\GrrZKuI.exe
  C:\Windows\System\GrrZKuI.exe
  2⤵
  PID:6428
- C:\Windows\System\yCudVfV.exe
  C:\Windows\System\yCudVfV.exe
  2⤵
  PID:6444
- C:\Windows\System\VuSvYHc.exe
  C:\Windows\System\VuSvYHc.exe
  2⤵
  PID:6460
- C:\Windows\System\IVJmMVx.exe
  C:\Windows\System\IVJmMVx.exe
  2⤵
  PID:6476
- C:\Windows\System\aNacdRw.exe
  C:\Windows\System\aNacdRw.exe
  2⤵
  PID:6492
- C:\Windows\System\eZsCTuQ.exe
  C:\Windows\System\eZsCTuQ.exe
  2⤵
  PID:6508
- C:\Windows\System\QuziIYK.exe
  C:\Windows\System\QuziIYK.exe
  2⤵
  PID:6524
- C:\Windows\System\goQiLdr.exe
  C:\Windows\System\goQiLdr.exe
  2⤵
  PID:6540
- C:\Windows\System\REVbiUX.exe
  C:\Windows\System\REVbiUX.exe
  2⤵
  PID:6560
- C:\Windows\System\GzImOjb.exe
  C:\Windows\System\GzImOjb.exe
  2⤵
  PID:6576
- C:\Windows\System\zxtjumj.exe
  C:\Windows\System\zxtjumj.exe
  2⤵
  PID:6592
- C:\Windows\System\JGwEcmB.exe
  C:\Windows\System\JGwEcmB.exe
  2⤵
  PID:6612
- C:\Windows\System\zmvscmP.exe
  C:\Windows\System\zmvscmP.exe
  2⤵
  PID:6628
- C:\Windows\System\Pbqmvmg.exe
  C:\Windows\System\Pbqmvmg.exe
  2⤵
  PID:6644
- C:\Windows\System\OoILcXc.exe
  C:\Windows\System\OoILcXc.exe
  2⤵
  PID:6660
- C:\Windows\System\NRUGPOq.exe
  C:\Windows\System\NRUGPOq.exe
  2⤵
  PID:6676
- C:\Windows\System\zTgxrlY.exe
  C:\Windows\System\zTgxrlY.exe
  2⤵
  PID:6692
- C:\Windows\System\NSVuCFJ.exe
  C:\Windows\System\NSVuCFJ.exe
  2⤵
  PID:6708
- C:\Windows\System\HxoKwpE.exe
  C:\Windows\System\HxoKwpE.exe
  2⤵
  PID:6724
- C:\Windows\System\VkuucNG.exe
  C:\Windows\System\VkuucNG.exe
  2⤵
  PID:6740
- C:\Windows\System\lNLarEx.exe
  C:\Windows\System\lNLarEx.exe
  2⤵
  PID:6756
- C:\Windows\System\hfCAVrD.exe
  C:\Windows\System\hfCAVrD.exe
  2⤵
  PID:6772
- C:\Windows\System\pkIkbhN.exe
  C:\Windows\System\pkIkbhN.exe
  2⤵
  PID:6788
- C:\Windows\System\ezvswcX.exe
  C:\Windows\System\ezvswcX.exe
  2⤵
  PID:6804
- C:\Windows\System\RtIxWbF.exe
  C:\Windows\System\RtIxWbF.exe
  2⤵
  PID:6820
- C:\Windows\System\BPhHMDL.exe
  C:\Windows\System\BPhHMDL.exe
  2⤵
  PID:6836
- C:\Windows\System\KHQxruY.exe
  C:\Windows\System\KHQxruY.exe
  2⤵
  PID:6852
- C:\Windows\System\ZCZcpuq.exe
  C:\Windows\System\ZCZcpuq.exe
  2⤵
  PID:6868
- C:\Windows\System\ZzWToQG.exe
  C:\Windows\System\ZzWToQG.exe
  2⤵
  PID:6884
- C:\Windows\System\PKtnzbZ.exe
  C:\Windows\System\PKtnzbZ.exe
  2⤵
  PID:6904
- C:\Windows\System\eRnWRqk.exe
  C:\Windows\System\eRnWRqk.exe
  2⤵
  PID:6920
- C:\Windows\System\DuAbMXL.exe
  C:\Windows\System\DuAbMXL.exe
  2⤵
  PID:6936
- C:\Windows\System\dMEpvyS.exe
  C:\Windows\System\dMEpvyS.exe
  2⤵
  PID:6952
- C:\Windows\System\PUlAbdU.exe
  C:\Windows\System\PUlAbdU.exe
  2⤵
  PID:6968
- C:\Windows\System\HawmrAn.exe
  C:\Windows\System\HawmrAn.exe
  2⤵
  PID:6984
- C:\Windows\System\LvDajbw.exe
  C:\Windows\System\LvDajbw.exe
  2⤵
  PID:7000
- C:\Windows\System\WLKnHbJ.exe
  C:\Windows\System\WLKnHbJ.exe
  2⤵
  PID:7016
- C:\Windows\System\uybBQjt.exe
  C:\Windows\System\uybBQjt.exe
  2⤵
  PID:7032
- C:\Windows\System\wmHwCKX.exe
  C:\Windows\System\wmHwCKX.exe
  2⤵
  PID:7048
- C:\Windows\System\BBaIbuJ.exe
  C:\Windows\System\BBaIbuJ.exe
  2⤵
  PID:7064
- C:\Windows\System\zdBXScs.exe
  C:\Windows\System\zdBXScs.exe
  2⤵
  PID:7080
- C:\Windows\System\bUaqnvp.exe
  C:\Windows\System\bUaqnvp.exe
  2⤵
  PID:7096
- C:\Windows\System\uuhucSU.exe
  C:\Windows\System\uuhucSU.exe
  2⤵
  PID:7112
- C:\Windows\System\QyoUgqG.exe
  C:\Windows\System\QyoUgqG.exe
  2⤵
  PID:7128
- C:\Windows\System\iGLLyPn.exe
  C:\Windows\System\iGLLyPn.exe
  2⤵
  PID:7144
- C:\Windows\System\PCISUQs.exe
  C:\Windows\System\PCISUQs.exe
  2⤵
  PID:7160
- C:\Windows\System\sGbmGDa.exe
  C:\Windows\System\sGbmGDa.exe
  2⤵
  PID:2380
- C:\Windows\System\aSIgZdJ.exe
  C:\Windows\System\aSIgZdJ.exe
  2⤵
  PID:6208
- C:\Windows\System\eFxgkZk.exe
  C:\Windows\System\eFxgkZk.exe
  2⤵
  PID:6160
- C:\Windows\System\fciRubS.exe
  C:\Windows\System\fciRubS.exe
  2⤵
  PID:6244
- C:\Windows\System\Zgznswb.exe
  C:\Windows\System\Zgznswb.exe
  2⤵
  PID:6272
- C:\Windows\System\UGsDjzn.exe
  C:\Windows\System\UGsDjzn.exe
  2⤵
  PID:6288
- C:\Windows\System\VEIUIRt.exe
  C:\Windows\System\VEIUIRt.exe
  2⤵
  PID:2880
- C:\Windows\System\qZhoMMz.exe
  C:\Windows\System\qZhoMMz.exe
  2⤵
  PID:6352
- C:\Windows\System\zxwiBGF.exe
  C:\Windows\System\zxwiBGF.exe
  2⤵
  PID:6440
- C:\Windows\System\muWUHLx.exe
  C:\Windows\System\muWUHLx.exe
  2⤵
  PID:6420
- C:\Windows\System\lhhGwqi.exe
  C:\Windows\System\lhhGwqi.exe
  2⤵
  PID:6504
- C:\Windows\System\MzPFPtL.exe
  C:\Windows\System\MzPFPtL.exe
  2⤵
  PID:6484
- C:\Windows\System\dqCYluI.exe
  C:\Windows\System\dqCYluI.exe
  2⤵
  PID:6452
- C:\Windows\System\EwnLxGN.exe
  C:\Windows\System\EwnLxGN.exe
  2⤵
  PID:6552
- C:\Windows\System\BAdFrdj.exe
  C:\Windows\System\BAdFrdj.exe
  2⤵
  PID:6568
- C:\Windows\System\GLCpkTC.exe
  C:\Windows\System\GLCpkTC.exe
  2⤵
  PID:6620
- C:\Windows\System\CfhFrpS.exe
  C:\Windows\System\CfhFrpS.exe
  2⤵
  PID:6640
- C:\Windows\System\FyeaqHe.exe
  C:\Windows\System\FyeaqHe.exe
  2⤵
  PID:6704
- C:\Windows\System\agvTqfC.exe
  C:\Windows\System\agvTqfC.exe
  2⤵
  PID:6768
- C:\Windows\System\QHTUZsT.exe
  C:\Windows\System\QHTUZsT.exe
  2⤵
  PID:6832
- C:\Windows\System\poYUWtS.exe
  C:\Windows\System\poYUWtS.exe
  2⤵
  PID:6912
- C:\Windows\System\mYfHqPS.exe
  C:\Windows\System\mYfHqPS.exe
  2⤵
  PID:6948
- C:\Windows\System\lWwAUEl.exe
  C:\Windows\System\lWwAUEl.exe
  2⤵
  PID:7044
- C:\Windows\System\tvVtBVQ.exe
  C:\Windows\System\tvVtBVQ.exe
  2⤵
  PID:6960
- C:\Windows\System\TRvblyl.exe
  C:\Windows\System\TRvblyl.exe
  2⤵
  PID:7024
- C:\Windows\System\kJJdwVF.exe
  C:\Windows\System\kJJdwVF.exe
  2⤵
  PID:7076
- C:\Windows\System\FXPGHCR.exe
  C:\Windows\System\FXPGHCR.exe
  2⤵
  PID:7140
- C:\Windows\System\VtkfUxs.exe
  C:\Windows\System\VtkfUxs.exe
  2⤵
  PID:7124
- C:\Windows\System\PxogFtD.exe
  C:\Windows\System\PxogFtD.exe
  2⤵
  PID:6176
- C:\Windows\System\idMcOid.exe
  C:\Windows\System\idMcOid.exe
  2⤵
  PID:5768
- C:\Windows\System\IPldQQL.exe
  C:\Windows\System\IPldQQL.exe
  2⤵
  PID:6256
- C:\Windows\System\CqAUiVo.exe
  C:\Windows\System\CqAUiVo.exe
  2⤵
  PID:6336
- C:\Windows\System\WlSVCew.exe
  C:\Windows\System\WlSVCew.exe
  2⤵
  PID:6324
- C:\Windows\System\DzcqrCV.exe
  C:\Windows\System\DzcqrCV.exe
  2⤵
  PID:6520
- C:\Windows\System\bFPOTkJ.exe
  C:\Windows\System\bFPOTkJ.exe
  2⤵
  PID:6392
- C:\Windows\System\UNIGgAr.exe
  C:\Windows\System\UNIGgAr.exe
  2⤵
  PID:6604
- C:\Windows\System\JnUOBls.exe
  C:\Windows\System\JnUOBls.exe
  2⤵
  PID:6636
- C:\Windows\System\IqNkgEc.exe
  C:\Windows\System\IqNkgEc.exe
  2⤵
  PID:6896
- C:\Windows\System\cVAmKgt.exe
  C:\Windows\System\cVAmKgt.exe
  2⤵
  PID:6716
- C:\Windows\System\oFFIEFD.exe
  C:\Windows\System\oFFIEFD.exe
  2⤵
  PID:6752
- C:\Windows\System\lFMYdzZ.exe
  C:\Windows\System\lFMYdzZ.exe
  2⤵
  PID:6848
- C:\Windows\System\SnwUSZC.exe
  C:\Windows\System\SnwUSZC.exe
  2⤵
  PID:6700
- C:\Windows\System\LtGYJJk.exe
  C:\Windows\System\LtGYJJk.exe
  2⤵
  PID:6892
- C:\Windows\System\yVKmsPt.exe
  C:\Windows\System\yVKmsPt.exe
  2⤵
  PID:6928
- C:\Windows\System\UvPYMfd.exe
  C:\Windows\System\UvPYMfd.exe
  2⤵
  PID:6992
- C:\Windows\System\TfZTFyg.exe
  C:\Windows\System\TfZTFyg.exe
  2⤵
  PID:7136
- C:\Windows\System\yLRVFEu.exe
  C:\Windows\System\yLRVFEu.exe
  2⤵
  PID:7092
- C:\Windows\System\bensTCi.exe
  C:\Windows\System\bensTCi.exe
  2⤵
  PID:6192
- C:\Windows\System\OPNSbJM.exe
  C:\Windows\System\OPNSbJM.exe
  2⤵
  PID:6228
- C:\Windows\System\MmKEAro.exe
  C:\Windows\System\MmKEAro.exe
  2⤵
  PID:6536
- C:\Windows\System\PsImmdt.exe
  C:\Windows\System\PsImmdt.exe
  2⤵
  PID:6532
- C:\Windows\System\kQbjYzx.exe
  C:\Windows\System\kQbjYzx.exe
  2⤵
  PID:6584
- C:\Windows\System\ivffNWn.exe
  C:\Windows\System\ivffNWn.exe
  2⤵
  PID:6816
- C:\Windows\System\HBtWktW.exe
  C:\Windows\System\HBtWktW.exe
  2⤵
  PID:6864
- C:\Windows\System\rGXZzBa.exe
  C:\Windows\System\rGXZzBa.exe
  2⤵
  PID:6944
- C:\Windows\System\PGkOutX.exe
  C:\Windows\System\PGkOutX.exe
  2⤵
  PID:7060
- C:\Windows\System\jehifyl.exe
  C:\Windows\System\jehifyl.exe
  2⤵
  PID:6148
- C:\Windows\System\gSlHkOe.exe
  C:\Windows\System\gSlHkOe.exe
  2⤵
  PID:6572
- C:\Windows\System\AohLonO.exe
  C:\Windows\System\AohLonO.exe
  2⤵
  PID:1632
- C:\Windows\System\TUaGifK.exe
  C:\Windows\System\TUaGifK.exe
  2⤵
  PID:6844
- C:\Windows\System\DEbNNwk.exe
  C:\Windows\System\DEbNNwk.exe
  2⤵
  PID:7012
- C:\Windows\System\KuypzIG.exe
  C:\Windows\System\KuypzIG.exe
  2⤵
  PID:6304
- C:\Windows\System\JfHDDWl.exe
  C:\Windows\System\JfHDDWl.exe
  2⤵
  PID:5820
- C:\Windows\System\OZMhgVn.exe
  C:\Windows\System\OZMhgVn.exe
  2⤵
  PID:6608
- C:\Windows\System\JCtDLaz.exe
  C:\Windows\System\JCtDLaz.exe
  2⤵
  PID:6196
- C:\Windows\System\lWXOzXw.exe
  C:\Windows\System\lWXOzXw.exe
  2⤵
  PID:6468
- C:\Windows\System\UdIEAXv.exe
  C:\Windows\System\UdIEAXv.exe
  2⤵
  PID:7184
- C:\Windows\System\JSjhrOe.exe
  C:\Windows\System\JSjhrOe.exe
  2⤵
  PID:7200
- C:\Windows\System\iGFXFxV.exe
  C:\Windows\System\iGFXFxV.exe
  2⤵
  PID:7216
- C:\Windows\System\pjjYSZS.exe
  C:\Windows\System\pjjYSZS.exe
  2⤵
  PID:7232
- C:\Windows\System\MRDCxLB.exe
  C:\Windows\System\MRDCxLB.exe
  2⤵
  PID:7248
- C:\Windows\System\bmRAKRw.exe
  C:\Windows\System\bmRAKRw.exe
  2⤵
  PID:7264
- C:\Windows\System\miGnACt.exe
  C:\Windows\System\miGnACt.exe
  2⤵
  PID:7280
- C:\Windows\System\paQYpwd.exe
  C:\Windows\System\paQYpwd.exe
  2⤵
  PID:7296
- C:\Windows\System\uGVeEkp.exe
  C:\Windows\System\uGVeEkp.exe
  2⤵
  PID:7312
- C:\Windows\System\qGvqxTl.exe
  C:\Windows\System\qGvqxTl.exe
  2⤵
  PID:7328
- C:\Windows\System\XvYRwOK.exe
  C:\Windows\System\XvYRwOK.exe
  2⤵
  PID:7344
- C:\Windows\System\GpJTGEK.exe
  C:\Windows\System\GpJTGEK.exe
  2⤵
  PID:7360
- C:\Windows\System\FjNrxly.exe
  C:\Windows\System\FjNrxly.exe
  2⤵
  PID:7376
- C:\Windows\System\CfGwpby.exe
  C:\Windows\System\CfGwpby.exe
  2⤵
  PID:7392
- C:\Windows\System\MzbAMrX.exe
  C:\Windows\System\MzbAMrX.exe
  2⤵
  PID:7408
- C:\Windows\System\fjkYIJk.exe
  C:\Windows\System\fjkYIJk.exe
  2⤵
  PID:7424
- C:\Windows\System\OyLLQWz.exe
  C:\Windows\System\OyLLQWz.exe
  2⤵
  PID:7440
- C:\Windows\System\EKRDqOF.exe
  C:\Windows\System\EKRDqOF.exe
  2⤵
  PID:7460
- C:\Windows\System\yEtKQfQ.exe
  C:\Windows\System\yEtKQfQ.exe
  2⤵
  PID:7476
- C:\Windows\System\GxpKpwl.exe
  C:\Windows\System\GxpKpwl.exe
  2⤵
  PID:7492
- C:\Windows\System\WHogWNu.exe
  C:\Windows\System\WHogWNu.exe
  2⤵
  PID:7508
- C:\Windows\System\wtCVunH.exe
  C:\Windows\System\wtCVunH.exe
  2⤵
  PID:7524
- C:\Windows\System\dmQyUDL.exe
  C:\Windows\System\dmQyUDL.exe
  2⤵
  PID:7540
- C:\Windows\System\dWhrJyc.exe
  C:\Windows\System\dWhrJyc.exe
  2⤵
  PID:7556
- C:\Windows\System\CTJbCWq.exe
  C:\Windows\System\CTJbCWq.exe
  2⤵
  PID:7572
- C:\Windows\System\utcdajd.exe
  C:\Windows\System\utcdajd.exe
  2⤵
  PID:7588
- C:\Windows\System\BYlhUeI.exe
  C:\Windows\System\BYlhUeI.exe
  2⤵
  PID:7604
- C:\Windows\System\ztJOmSk.exe
  C:\Windows\System\ztJOmSk.exe
  2⤵
  PID:7620
- C:\Windows\System\uADmtUf.exe
  C:\Windows\System\uADmtUf.exe
  2⤵
  PID:7636
- C:\Windows\System\dZjYqES.exe
  C:\Windows\System\dZjYqES.exe
  2⤵
  PID:7652
- C:\Windows\System\dUJsplj.exe
  C:\Windows\System\dUJsplj.exe
  2⤵
  PID:7668
- C:\Windows\System\GQCnfWM.exe
  C:\Windows\System\GQCnfWM.exe
  2⤵
  PID:7684
- C:\Windows\System\avSJRmm.exe
  C:\Windows\System\avSJRmm.exe
  2⤵
  PID:7700
- C:\Windows\System\cMXCRja.exe
  C:\Windows\System\cMXCRja.exe
  2⤵
  PID:7716
- C:\Windows\System\JJmnmDg.exe
  C:\Windows\System\JJmnmDg.exe
  2⤵
  PID:7732
- C:\Windows\System\XNZcmxt.exe
  C:\Windows\System\XNZcmxt.exe
  2⤵
  PID:7748
- C:\Windows\System\ZnyyIgh.exe
  C:\Windows\System\ZnyyIgh.exe
  2⤵
  PID:8016
- C:\Windows\System\LcGDJuZ.exe
  C:\Windows\System\LcGDJuZ.exe
  2⤵
  PID:8036
- C:\Windows\System\wHkuwsc.exe
  C:\Windows\System\wHkuwsc.exe
  2⤵
  PID:8100
- C:\Windows\System\LekgYgQ.exe
  C:\Windows\System\LekgYgQ.exe
  2⤵
  PID:8116
- C:\Windows\System\oqVRdJC.exe
  C:\Windows\System\oqVRdJC.exe
  2⤵
  PID:8132
- C:\Windows\System\sNWlQAI.exe
  C:\Windows\System\sNWlQAI.exe
  2⤵
  PID:8148
- C:\Windows\System\DCdrkKD.exe
  C:\Windows\System\DCdrkKD.exe
  2⤵
  PID:8164
- C:\Windows\System\JsJFnFT.exe
  C:\Windows\System\JsJFnFT.exe
  2⤵
  PID:8180
- C:\Windows\System\yLJbmsK.exe
  C:\Windows\System\yLJbmsK.exe
  2⤵
  PID:6548
- C:\Windows\System\PLugtBk.exe
  C:\Windows\System\PLugtBk.exe
  2⤵
  PID:7336
- C:\Windows\System\RGTkbSS.exe
  C:\Windows\System\RGTkbSS.exe
  2⤵
  PID:7484
- C:\Windows\System\XlfwHYe.exe
  C:\Windows\System\XlfwHYe.exe
  2⤵
  PID:7504
- C:\Windows\System\EUouqcr.exe
  C:\Windows\System\EUouqcr.exe
  2⤵
  PID:7548
- C:\Windows\System\zXPSAOl.exe
  C:\Windows\System\zXPSAOl.exe
  2⤵
  PID:7552
- C:\Windows\System\uHylTFQ.exe
  C:\Windows\System\uHylTFQ.exe
  2⤵
  PID:7632
- C:\Windows\System\hlgoaVX.exe
  C:\Windows\System\hlgoaVX.exe
  2⤵
  PID:7584
- C:\Windows\System\dpHfowj.exe
  C:\Windows\System\dpHfowj.exe
  2⤵
  PID:5752
- C:\Windows\System\UYZeRHb.exe
  C:\Windows\System\UYZeRHb.exe
  2⤵
  PID:7708
- C:\Windows\System\yHgmudb.exe
  C:\Windows\System\yHgmudb.exe
  2⤵
  PID:7728
- C:\Windows\System\bqriIsz.exe
  C:\Windows\System\bqriIsz.exe
  2⤵
  PID:7696
- C:\Windows\System\IRJqsZv.exe
  C:\Windows\System\IRJqsZv.exe
  2⤵
  PID:7780
- C:\Windows\System\VmZBedY.exe
  C:\Windows\System\VmZBedY.exe
  2⤵
  PID:7800
- C:\Windows\System\CxMoKLp.exe
  C:\Windows\System\CxMoKLp.exe
  2⤵
  PID:7820
- C:\Windows\System\HDRPoxU.exe
  C:\Windows\System\HDRPoxU.exe
  2⤵
  PID:7832
- C:\Windows\System\vzJMHeo.exe
  C:\Windows\System\vzJMHeo.exe
  2⤵
  PID:7852
- C:\Windows\System\YKRqFBB.exe
  C:\Windows\System\YKRqFBB.exe
  2⤵
  PID:7456
- C:\Windows\System\OndRtMI.exe
  C:\Windows\System\OndRtMI.exe
  2⤵
  PID:7884
- C:\Windows\System\FkBBYvE.exe
  C:\Windows\System\FkBBYvE.exe
  2⤵
  PID:7900
- C:\Windows\System\peEyNxl.exe
  C:\Windows\System\peEyNxl.exe
  2⤵
  PID:7912
- C:\Windows\System\cYfdFnr.exe
  C:\Windows\System\cYfdFnr.exe
  2⤵
  PID:7944
- C:\Windows\System\cbxwtcw.exe
  C:\Windows\System\cbxwtcw.exe
  2⤵
  PID:7960
- C:\Windows\System\WErfTqE.exe
  C:\Windows\System\WErfTqE.exe
  2⤵
  PID:7924
- C:\Windows\System\WtdsFbl.exe
  C:\Windows\System\WtdsFbl.exe
  2⤵
  PID:7996
- C:\Windows\System\gfiGiOg.exe
  C:\Windows\System\gfiGiOg.exe
  2⤵
  PID:8044
- C:\Windows\System\mQGHFNj.exe
  C:\Windows\System\mQGHFNj.exe
  2⤵
  PID:8076
- C:\Windows\System\hRmAmvn.exe
  C:\Windows\System\hRmAmvn.exe
  2⤵
  PID:8092
- C:\Windows\System\vkqYVmi.exe
  C:\Windows\System\vkqYVmi.exe
  2⤵
  PID:7980
- C:\Windows\System\hIHwaDA.exe
  C:\Windows\System\hIHwaDA.exe
  2⤵
  PID:8052
- C:\Windows\System\ncNbawo.exe
  C:\Windows\System\ncNbawo.exe
  2⤵
  PID:8072
- C:\Windows\System\cEgdUBF.exe
  C:\Windows\System\cEgdUBF.exe
  2⤵
  PID:7176
- C:\Windows\System\TanZKqg.exe
  C:\Windows\System\TanZKqg.exe
  2⤵
  PID:8108
- C:\Windows\System\VVXNvzg.exe
  C:\Windows\System\VVXNvzg.exe
  2⤵
  PID:8144
- C:\Windows\System\hYpiurX.exe
  C:\Windows\System\hYpiurX.exe
  2⤵
  PID:7180
- C:\Windows\System\SIkfZVr.exe
  C:\Windows\System\SIkfZVr.exe
  2⤵
  PID:7272
- C:\Windows\System\NVnGAIS.exe
  C:\Windows\System\NVnGAIS.exe
  2⤵
  PID:7288
- C:\Windows\System\iBDSqKM.exe
  C:\Windows\System\iBDSqKM.exe
  2⤵
  PID:7436
- C:\Windows\System\BQFgqDT.exe
  C:\Windows\System\BQFgqDT.exe
  2⤵
  PID:7388
- C:\Windows\System\LvRgqsf.exe
  C:\Windows\System\LvRgqsf.exe
  2⤵
  PID:7536
- C:\Windows\System\ZLHEhTj.exe
  C:\Windows\System\ZLHEhTj.exe
  2⤵
  PID:7616
- C:\Windows\System\blfQURB.exe
  C:\Windows\System\blfQURB.exe
  2⤵
  PID:7724
- C:\Windows\System\QLRmMcY.exe
  C:\Windows\System\QLRmMcY.exe
  2⤵
  PID:7744
- C:\Windows\System\Exkiqsf.exe
  C:\Windows\System\Exkiqsf.exe
  2⤵
  PID:7520
- C:\Windows\System\FskDKGW.exe
  C:\Windows\System\FskDKGW.exe
  2⤵
  PID:7784
- C:\Windows\System\Zhymbfn.exe
  C:\Windows\System\Zhymbfn.exe
  2⤵
  PID:7788
- C:\Windows\System\laUuugh.exe
  C:\Windows\System\laUuugh.exe
  2⤵
  PID:7844
- C:\Windows\System\cCSKwEK.exe
  C:\Windows\System\cCSKwEK.exe
  2⤵
  PID:7876
- C:\Windows\System\znPXlYs.exe
  C:\Windows\System\znPXlYs.exe
  2⤵
  PID:7952
- C:\Windows\System\zGGbAtz.exe
  C:\Windows\System\zGGbAtz.exe
  2⤵
  PID:7984
- C:\Windows\System\wvkWqzp.exe
  C:\Windows\System\wvkWqzp.exe
  2⤵
  PID:8032
- C:\Windows\System\EAnkuQz.exe
  C:\Windows\System\EAnkuQz.exe
  2⤵
  PID:7860
- C:\Windows\System\pPmCNfR.exe
  C:\Windows\System\pPmCNfR.exe
  2⤵
  PID:2140
- C:\Windows\System\iRUCegd.exe
  C:\Windows\System\iRUCegd.exe
  2⤵
  PID:6372
- C:\Windows\System\adUvPfm.exe
  C:\Windows\System\adUvPfm.exe
  2⤵
  PID:7892
- C:\Windows\System\KxiKyiU.exe
  C:\Windows\System\KxiKyiU.exe
  2⤵
  PID:7972
- C:\Windows\System\LNEyDGC.exe
  C:\Windows\System\LNEyDGC.exe
  2⤵
  PID:1044
- C:\Windows\System\FgGoMia.exe
  C:\Windows\System\FgGoMia.exe
  2⤵
  PID:7760
- C:\Windows\System\rOmiyky.exe
  C:\Windows\System\rOmiyky.exe
  2⤵
  PID:8156
- C:\Windows\System\OJCsdjs.exe
  C:\Windows\System\OJCsdjs.exe
  2⤵
  PID:8176
- C:\Windows\System\NMQDzQv.exe
  C:\Windows\System\NMQDzQv.exe
  2⤵
  PID:7368
- C:\Windows\System\gdhNnKD.exe
  C:\Windows\System\gdhNnKD.exe
  2⤵
  PID:7304
- C:\Windows\System\IIJvgem.exe
  C:\Windows\System\IIJvgem.exe
  2⤵
  PID:7400
- C:\Windows\System\bbrIiHW.exe
  C:\Windows\System\bbrIiHW.exe
  2⤵
  PID:7564
- C:\Windows\System\eRpNbab.exe
  C:\Windows\System\eRpNbab.exe
  2⤵
  PID:7432
- C:\Windows\System\eJFSgyK.exe
  C:\Windows\System\eJFSgyK.exe
  2⤵
  PID:7792
- C:\Windows\System\kiWpVXr.exe
  C:\Windows\System\kiWpVXr.exe
  2⤵
  PID:7108
- C:\Windows\System\sPLReWJ.exe
  C:\Windows\System\sPLReWJ.exe
  2⤵
  PID:7836
- C:\Windows\System\tmlrsec.exe
  C:\Windows\System\tmlrsec.exe
  2⤵
  PID:7196
- C:\Windows\System\wltmoCL.exe
  C:\Windows\System\wltmoCL.exe
  2⤵
  PID:7240
- C:\Windows\System\wCXWtRB.exe
  C:\Windows\System\wCXWtRB.exe
  2⤵
  PID:7828
- C:\Windows\System\jJARegO.exe
  C:\Windows\System\jJARegO.exe
  2⤵
  PID:2612
- C:\Windows\System\EOlVQUd.exe
  C:\Windows\System\EOlVQUd.exe
  2⤵
  PID:8004
- C:\Windows\System\oOPLSoh.exe
  C:\Windows\System\oOPLSoh.exe
  2⤵
  PID:7260
- C:\Windows\System\wGjkrnr.exe
  C:\Windows\System\wGjkrnr.exe
  2⤵
  PID:8172
- C:\Windows\System\tJXdFmV.exe
  C:\Windows\System\tJXdFmV.exe
  2⤵
  PID:7416
- C:\Windows\System\PrjiRGm.exe
  C:\Windows\System\PrjiRGm.exe
  2⤵
  PID:7768
- C:\Windows\System\tjmIxPG.exe
  C:\Windows\System\tjmIxPG.exe
  2⤵
  PID:7628
- C:\Windows\System\yoPYSTP.exe
  C:\Windows\System\yoPYSTP.exe
  2⤵
  PID:7680
- C:\Windows\System\LpIAmRu.exe
  C:\Windows\System\LpIAmRu.exe
  2⤵
  PID:7488
- C:\Windows\System\GyvhDbH.exe
  C:\Windows\System\GyvhDbH.exe
  2⤵
  PID:7404
- C:\Windows\System\GnCmgIh.exe
  C:\Windows\System\GnCmgIh.exe
  2⤵
  PID:7352
- C:\Windows\System\DlQyJRu.exe
  C:\Windows\System\DlQyJRu.exe
  2⤵
  PID:7940
- C:\Windows\System\zGVsJTw.exe
  C:\Windows\System\zGVsJTw.exe
  2⤵
  PID:7308
- C:\Windows\System\mIoKbxt.exe
  C:\Windows\System\mIoKbxt.exe
  2⤵
  PID:7864
- C:\Windows\System\lpStJAg.exe
  C:\Windows\System\lpStJAg.exe
  2⤵
  PID:7224
- C:\Windows\System\FLjluLM.exe
  C:\Windows\System\FLjluLM.exe
  2⤵
  PID:8204
- C:\Windows\System\yHcoKSp.exe
  C:\Windows\System\yHcoKSp.exe
  2⤵
  PID:8220
- C:\Windows\System\pIealzi.exe
  C:\Windows\System\pIealzi.exe
  2⤵
  PID:8236
- C:\Windows\System\wGDmnWq.exe
  C:\Windows\System\wGDmnWq.exe
  2⤵
  PID:8252
- C:\Windows\System\FwZUnDE.exe
  C:\Windows\System\FwZUnDE.exe
  2⤵
  PID:8268
- C:\Windows\System\PLxYYPc.exe
  C:\Windows\System\PLxYYPc.exe
  2⤵
  PID:8284
- C:\Windows\System\sjrwfzS.exe
  C:\Windows\System\sjrwfzS.exe
  2⤵
  PID:8300
- C:\Windows\System\FyNtjYH.exe
  C:\Windows\System\FyNtjYH.exe
  2⤵
  PID:8316
- C:\Windows\System\tnJUkCP.exe
  C:\Windows\System\tnJUkCP.exe
  2⤵
  PID:8332
- C:\Windows\System\aTceIpf.exe
  C:\Windows\System\aTceIpf.exe
  2⤵
  PID:8348
- C:\Windows\System\LoYPnNI.exe
  C:\Windows\System\LoYPnNI.exe
  2⤵
  PID:8364
- C:\Windows\System\ILIUcGV.exe
  C:\Windows\System\ILIUcGV.exe
  2⤵
  PID:8384
- C:\Windows\System\KTYBiIt.exe
  C:\Windows\System\KTYBiIt.exe
  2⤵
  PID:8456
- C:\Windows\System\MDPiGCy.exe
  C:\Windows\System\MDPiGCy.exe
  2⤵
  PID:8472
- C:\Windows\System\zGZKlek.exe
  C:\Windows\System\zGZKlek.exe
  2⤵
  PID:8488
- C:\Windows\System\pvXBJWc.exe
  C:\Windows\System\pvXBJWc.exe
  2⤵
  PID:8504
- C:\Windows\System\yzDNvQr.exe
  C:\Windows\System\yzDNvQr.exe
  2⤵
  PID:8520
- C:\Windows\System\rDtHRPb.exe
  C:\Windows\System\rDtHRPb.exe
  2⤵
  PID:8536
- C:\Windows\System\iWsoCll.exe
  C:\Windows\System\iWsoCll.exe
  2⤵
  PID:8572
- C:\Windows\System\FuuUbBV.exe
  C:\Windows\System\FuuUbBV.exe
  2⤵
  PID:8604
- C:\Windows\System\SCDZRIr.exe
  C:\Windows\System\SCDZRIr.exe
  2⤵
  PID:8628
- C:\Windows\System\MYeCyfr.exe
  C:\Windows\System\MYeCyfr.exe
  2⤵
  PID:8656
- C:\Windows\System\tWwQQQJ.exe
  C:\Windows\System\tWwQQQJ.exe
  2⤵
  PID:8676
- C:\Windows\System\RAWMIgJ.exe
  C:\Windows\System\RAWMIgJ.exe
  2⤵
  PID:8692
- C:\Windows\System\acncAGv.exe
  C:\Windows\System\acncAGv.exe
  2⤵
  PID:8708
- C:\Windows\System\MRgcvKz.exe
  C:\Windows\System\MRgcvKz.exe
  2⤵
  PID:8724
- C:\Windows\System\xedAkKd.exe
  C:\Windows\System\xedAkKd.exe
  2⤵
  PID:8740
- C:\Windows\System\pEVbAiL.exe
  C:\Windows\System\pEVbAiL.exe
  2⤵
  PID:8756
- C:\Windows\System\nMNiNbo.exe
  C:\Windows\System\nMNiNbo.exe
  2⤵
  PID:8772
- C:\Windows\System\KLnFlno.exe
  C:\Windows\System\KLnFlno.exe
  2⤵
  PID:8788
- C:\Windows\System\wTaJbwy.exe
  C:\Windows\System\wTaJbwy.exe
  2⤵
  PID:8804
- C:\Windows\System\eiAyTCx.exe
  C:\Windows\System\eiAyTCx.exe
  2⤵
  PID:8820
- C:\Windows\System\ZRMUjPz.exe
  C:\Windows\System\ZRMUjPz.exe
  2⤵
  PID:8836
- C:\Windows\System\krHqniu.exe
  C:\Windows\System\krHqniu.exe
  2⤵
  PID:8852
- C:\Windows\System\fCwbkhj.exe
  C:\Windows\System\fCwbkhj.exe
  2⤵
  PID:8868
- C:\Windows\System\PRAXINu.exe
  C:\Windows\System\PRAXINu.exe
  2⤵
  PID:8884
- C:\Windows\System\SeEJdki.exe
  C:\Windows\System\SeEJdki.exe
  2⤵
  PID:8900
- C:\Windows\System\XSvkeTk.exe
  C:\Windows\System\XSvkeTk.exe
  2⤵
  PID:8916
- C:\Windows\System\dsMReby.exe
  C:\Windows\System\dsMReby.exe
  2⤵
  PID:8936
- C:\Windows\System\FfKwqVG.exe
  C:\Windows\System\FfKwqVG.exe
  2⤵
  PID:8952
- C:\Windows\System\qpoCobl.exe
  C:\Windows\System\qpoCobl.exe
  2⤵
  PID:8968
- C:\Windows\System\UHpyipT.exe
  C:\Windows\System\UHpyipT.exe
  2⤵
  PID:8984
- C:\Windows\System\RKfjwZJ.exe
  C:\Windows\System\RKfjwZJ.exe
  2⤵
  PID:9000
- C:\Windows\System\tQZypmu.exe
  C:\Windows\System\tQZypmu.exe
  2⤵
  PID:9016
- C:\Windows\System\iLNfDqr.exe
  C:\Windows\System\iLNfDqr.exe
  2⤵
  PID:9032
- C:\Windows\System\WAtGtxh.exe
  C:\Windows\System\WAtGtxh.exe
  2⤵
  PID:9048
- C:\Windows\System\ZVfzkTL.exe
  C:\Windows\System\ZVfzkTL.exe
  2⤵
  PID:9064
- C:\Windows\System\qGfhvLJ.exe
  C:\Windows\System\qGfhvLJ.exe
  2⤵
  PID:9080
- C:\Windows\System\HBuYizb.exe
  C:\Windows\System\HBuYizb.exe
  2⤵
  PID:9096
- C:\Windows\System\NzAbwzH.exe
  C:\Windows\System\NzAbwzH.exe
  2⤵
  PID:9112
- C:\Windows\System\mfJrUSc.exe
  C:\Windows\System\mfJrUSc.exe
  2⤵
  PID:9128
- C:\Windows\System\wCOnAMf.exe
  C:\Windows\System\wCOnAMf.exe
  2⤵
  PID:9144
- C:\Windows\System\dpboahm.exe
  C:\Windows\System\dpboahm.exe
  2⤵
  PID:9160
- C:\Windows\System\sfdsxeD.exe
  C:\Windows\System\sfdsxeD.exe
  2⤵
  PID:9176
- C:\Windows\System\aCNBcCg.exe
  C:\Windows\System\aCNBcCg.exe
  2⤵
  PID:9192
- C:\Windows\System\akeYjfB.exe
  C:\Windows\System\akeYjfB.exe
  2⤵
  PID:9208
- C:\Windows\System\oXgnKVR.exe
  C:\Windows\System\oXgnKVR.exe
  2⤵
  PID:8228
- C:\Windows\System\LkwEeox.exe
  C:\Windows\System\LkwEeox.exe
  2⤵
  PID:8232
- C:\Windows\System\HcauaVz.exe
  C:\Windows\System\HcauaVz.exe
  2⤵
  PID:8296
- C:\Windows\System\QpMgYGk.exe
  C:\Windows\System\QpMgYGk.exe
  2⤵
  PID:8360
- C:\Windows\System\wctBuJn.exe
  C:\Windows\System\wctBuJn.exe
  2⤵
  PID:8400
- C:\Windows\System\yLUHqFY.exe
  C:\Windows\System\yLUHqFY.exe
  2⤵
  PID:8420
- C:\Windows\System\uYhIvBQ.exe
  C:\Windows\System\uYhIvBQ.exe
  2⤵
  PID:8432
- C:\Windows\System\DizimSe.exe
  C:\Windows\System\DizimSe.exe
  2⤵
  PID:8448
- C:\Windows\System\GiYSeQI.exe
  C:\Windows\System\GiYSeQI.exe
  2⤵
  PID:8516
- C:\Windows\System\inaLOZQ.exe
  C:\Windows\System\inaLOZQ.exe
  2⤵
  PID:8064
- C:\Windows\System\ieNcZJE.exe
  C:\Windows\System\ieNcZJE.exe
  2⤵
  PID:8280
- C:\Windows\System\gOxkiJf.exe
  C:\Windows\System\gOxkiJf.exe
  2⤵
  PID:2120
- C:\Windows\System\jZiUfoL.exe
  C:\Windows\System\jZiUfoL.exe
  2⤵
  PID:8248
- C:\Windows\System\KwAsIID.exe
  C:\Windows\System\KwAsIID.exe
  2⤵
  PID:8340
- C:\Windows\System\IzpCnLc.exe
  C:\Windows\System\IzpCnLc.exe
  2⤵
  PID:8612
- C:\Windows\System\UCpzXyX.exe
  C:\Windows\System\UCpzXyX.exe
  2⤵
  PID:8664
- C:\Windows\System\cCrWSaH.exe
  C:\Windows\System\cCrWSaH.exe
  2⤵
  PID:8528
- C:\Windows\System\HrUMJwf.exe
  C:\Windows\System\HrUMJwf.exe
  2⤵
  PID:8588
- C:\Windows\System\QdXZbAw.exe
  C:\Windows\System\QdXZbAw.exe
  2⤵
  PID:8636
- C:\Windows\System\bzqJZMJ.exe
  C:\Windows\System\bzqJZMJ.exe
  2⤵
  PID:8652
- C:\Windows\System\CyYjMLu.exe
  C:\Windows\System\CyYjMLu.exe
  2⤵
  PID:8732
- C:\Windows\System\bakprMG.exe
  C:\Windows\System\bakprMG.exe
  2⤵
  PID:8768
- C:\Windows\System\GXzVbWI.exe
  C:\Windows\System\GXzVbWI.exe
  2⤵
  PID:8832
- C:\Windows\System\ukWJFEY.exe
  C:\Windows\System\ukWJFEY.exe
  2⤵
  PID:8716
- C:\Windows\System\IIkDsqH.exe
  C:\Windows\System\IIkDsqH.exe
  2⤵
  PID:8812
- C:\Windows\System\nXdRepq.exe
  C:\Windows\System\nXdRepq.exe
  2⤵
  PID:8844
- C:\Windows\System\csgdUlA.exe
  C:\Windows\System\csgdUlA.exe
  2⤵
  PID:8880
- C:\Windows\System\HtVvhlD.exe
  C:\Windows\System\HtVvhlD.exe
  2⤵
  PID:8928
- C:\Windows\System\nOxngyp.exe
  C:\Windows\System\nOxngyp.exe
  2⤵
  PID:8996
- C:\Windows\System\qOKZNTQ.exe
  C:\Windows\System\qOKZNTQ.exe
  2⤵
  PID:8908
- C:\Windows\System\EhMAQeC.exe
  C:\Windows\System\EhMAQeC.exe
  2⤵
  PID:8976
- C:\Windows\System\LKOFsSQ.exe
  C:\Windows\System\LKOFsSQ.exe
  2⤵
  PID:9056
- C:\Windows\System\oIICmqK.exe
  C:\Windows\System\oIICmqK.exe
  2⤵
  PID:9092
- C:\Windows\System\MNaEQje.exe
  C:\Windows\System\MNaEQje.exe
  2⤵
  PID:9120
- C:\Windows\System\gEuRAho.exe
  C:\Windows\System\gEuRAho.exe
  2⤵
  PID:9108
- C:\Windows\System\rTdaNJJ.exe
  C:\Windows\System\rTdaNJJ.exe
  2⤵
  PID:9168
- C:\Windows\System\xyBIpzj.exe
  C:\Windows\System\xyBIpzj.exe
  2⤵
  PID:9184
- C:\Windows\System\fChOHgJ.exe
  C:\Windows\System\fChOHgJ.exe
  2⤵
  PID:8196
- C:\Windows\System\KRLiOXi.exe
  C:\Windows\System\KRLiOXi.exe
  2⤵
  PID:8392
- C:\Windows\System\ntGfnRd.exe
  C:\Windows\System\ntGfnRd.exe
  2⤵
  PID:596
- C:\Windows\System\RXKNiMO.exe
  C:\Windows\System\RXKNiMO.exe
  2⤵
  PID:8412
- C:\Windows\System\xhpsGFn.exe
  C:\Windows\System\xhpsGFn.exe
  2⤵
  PID:8416
- C:\Windows\System\FWDnCuN.exe
  C:\Windows\System\FWDnCuN.exe
  2⤵
  PID:288
- C:\Windows\System\pAihJwQ.exe
  C:\Windows\System\pAihJwQ.exe
  2⤵
  PID:1404
- C:\Windows\System\UYmlteI.exe
  C:\Windows\System\UYmlteI.exe
  2⤵
  PID:2512
- C:\Windows\System\djDIXJB.exe
  C:\Windows\System\djDIXJB.exe
  2⤵
  PID:1972
- C:\Windows\System\lJkYLkM.exe
  C:\Windows\System\lJkYLkM.exe
  2⤵
  PID:2696
- C:\Windows\System\plOEYdK.exe
  C:\Windows\System\plOEYdK.exe
  2⤵
  PID:8276
- C:\Windows\System\yRGuMuQ.exe
  C:\Windows\System\yRGuMuQ.exe
  2⤵
  PID:8216
- C:\Windows\System\pwLaZdP.exe
  C:\Windows\System\pwLaZdP.exe
  2⤵
  PID:8376
- C:\Windows\System\FbIBsZT.exe
  C:\Windows\System\FbIBsZT.exe
  2⤵
  PID:8624
- C:\Windows\System\rgldMSJ.exe
  C:\Windows\System\rgldMSJ.exe
  2⤵
  PID:2496
- C:\Windows\System\ANtwYJN.exe
  C:\Windows\System\ANtwYJN.exe
  2⤵
  PID:8800
- C:\Windows\System\qYCbryV.exe
  C:\Windows\System\qYCbryV.exe
  2⤵
  PID:8864
- C:\Windows\System\hFhwqXx.exe
  C:\Windows\System\hFhwqXx.exe
  2⤵
  PID:8688
- C:\Windows\System\VvztCRD.exe
  C:\Windows\System\VvztCRD.exe
  2⤵
  PID:1400
- C:\Windows\System\siQGGOG.exe
  C:\Windows\System\siQGGOG.exe
  2⤵
  PID:2084
- C:\Windows\System\LKxsfhI.exe
  C:\Windows\System\LKxsfhI.exe
  2⤵
  PID:9012
- C:\Windows\System\tihBPYL.exe
  C:\Windows\System\tihBPYL.exe
  2⤵
  PID:9104
- C:\Windows\System\IzJNVXn.exe
  C:\Windows\System\IzJNVXn.exe
  2⤵
  PID:7228
- C:\Windows\System\faoGqdn.exe
  C:\Windows\System\faoGqdn.exe
  2⤵
  PID:8356
- C:\Windows\System\RsnMQTe.exe
  C:\Windows\System\RsnMQTe.exe
  2⤵
  PID:2712
- C:\Windows\System\VObCAZA.exe
  C:\Windows\System\VObCAZA.exe
  2⤵
  PID:2200
- C:\Windows\System\cfZYiXs.exe
  C:\Windows\System\cfZYiXs.exe
  2⤵
  PID:8468
- C:\Windows\System\rlYXVbM.exe
  C:\Windows\System\rlYXVbM.exe
  2⤵
  PID:8620
- C:\Windows\System\rMtNkOY.exe
  C:\Windows\System\rMtNkOY.exe
  2⤵
  PID:8700
- C:\Windows\System\JFhfNtH.exe
  C:\Windows\System\JFhfNtH.exe
  2⤵
  PID:8644
- C:\Windows\System\xlKvWje.exe
  C:\Windows\System\xlKvWje.exe
  2⤵
  PID:8932
- C:\Windows\System\YpaHhpb.exe
  C:\Windows\System\YpaHhpb.exe
  2⤵
  PID:8964
- C:\Windows\System\PfOGCUF.exe
  C:\Windows\System\PfOGCUF.exe
  2⤵
  PID:8944
- C:\Windows\System\ioiwVsW.exe
  C:\Windows\System\ioiwVsW.exe
  2⤵
  PID:9152
- C:\Windows\System\gtOOGSx.exe
  C:\Windows\System\gtOOGSx.exe
  2⤵
  PID:9040
- C:\Windows\System\GIQXJOl.exe
  C:\Windows\System\GIQXJOl.exe
  2⤵
  PID:1088
- C:\Windows\System\xlcwzYG.exe
  C:\Windows\System\xlcwzYG.exe
  2⤵
  PID:9140
- C:\Windows\System\YQHTwke.exe
  C:\Windows\System\YQHTwke.exe
  2⤵
  PID:8552
- C:\Windows\System\bzXVSaO.exe
  C:\Windows\System\bzXVSaO.exe
  2⤵
  PID:8496
- C:\Windows\System\ZvmRogB.exe
  C:\Windows\System\ZvmRogB.exe
  2⤵
  PID:8648
- C:\Windows\System\IAxoxay.exe
  C:\Windows\System\IAxoxay.exe
  2⤵
  PID:8828
- C:\Windows\System\swYaZCV.exe
  C:\Windows\System\swYaZCV.exe
  2⤵
  PID:9188
- C:\Windows\System\kRYRMtk.exe
  C:\Windows\System\kRYRMtk.exe
  2⤵
  PID:9204
- C:\Windows\System\BEAYDHL.exe
  C:\Windows\System\BEAYDHL.exe
  2⤵
  PID:9228
- C:\Windows\System\bxdJgOK.exe
  C:\Windows\System\bxdJgOK.exe
  2⤵
  PID:9244
- C:\Windows\System\jlBrPBQ.exe
  C:\Windows\System\jlBrPBQ.exe
  2⤵
  PID:9260
- C:\Windows\System\NodJhRr.exe
  C:\Windows\System\NodJhRr.exe
  2⤵
  PID:9276
- C:\Windows\System\yvgKfxK.exe
  C:\Windows\System\yvgKfxK.exe
  2⤵
  PID:9292
- C:\Windows\System\zQcYTnK.exe
  C:\Windows\System\zQcYTnK.exe
  2⤵
  PID:9308
- C:\Windows\System\EGFdvCM.exe
  C:\Windows\System\EGFdvCM.exe
  2⤵
  PID:9324
- C:\Windows\System\MYvggvZ.exe
  C:\Windows\System\MYvggvZ.exe
  2⤵
  PID:9340
- C:\Windows\System\IBDVolg.exe
  C:\Windows\System\IBDVolg.exe
  2⤵
  PID:9360
- C:\Windows\System\GQDJgWg.exe
  C:\Windows\System\GQDJgWg.exe
  2⤵
  PID:9376
- C:\Windows\System\cNDZhqn.exe
  C:\Windows\System\cNDZhqn.exe
  2⤵
  PID:9392
- C:\Windows\System\oIgocUB.exe
  C:\Windows\System\oIgocUB.exe
  2⤵
  PID:9408
- C:\Windows\System\IngWtke.exe
  C:\Windows\System\IngWtke.exe
  2⤵
  PID:9424
- C:\Windows\System\VnVAhdR.exe
  C:\Windows\System\VnVAhdR.exe
  2⤵
  PID:9440
- C:\Windows\System\umhmRjy.exe
  C:\Windows\System\umhmRjy.exe
  2⤵
  PID:9456
- C:\Windows\System\OzYvsao.exe
  C:\Windows\System\OzYvsao.exe
  2⤵
  PID:9472
- C:\Windows\System\lwbXPXd.exe
  C:\Windows\System\lwbXPXd.exe
  2⤵
  PID:9488
- C:\Windows\System\ECZCHrz.exe
  C:\Windows\System\ECZCHrz.exe
  2⤵
  PID:9504
- C:\Windows\System\CxSuaNy.exe
  C:\Windows\System\CxSuaNy.exe
  2⤵
  PID:9520
- C:\Windows\System\wPqrEcq.exe
  C:\Windows\System\wPqrEcq.exe
  2⤵
  PID:9536
- C:\Windows\System\XhnxrOU.exe
  C:\Windows\System\XhnxrOU.exe
  2⤵
  PID:9552
- C:\Windows\System\hnGjFZS.exe
  C:\Windows\System\hnGjFZS.exe
  2⤵
  PID:9568
- C:\Windows\System\wIJhiZR.exe
  C:\Windows\System\wIJhiZR.exe
  2⤵
  PID:9584
- C:\Windows\System\ucfDehi.exe
  C:\Windows\System\ucfDehi.exe
  2⤵
  PID:9600
- C:\Windows\System\MpLuObd.exe
  C:\Windows\System\MpLuObd.exe
  2⤵
  PID:9624
- C:\Windows\System\uBXsOHS.exe
  C:\Windows\System\uBXsOHS.exe
  2⤵
  PID:9640
- C:\Windows\System\oNAHzDH.exe
  C:\Windows\System\oNAHzDH.exe
  2⤵
  PID:9656
- C:\Windows\System\GbhkVVd.exe
  C:\Windows\System\GbhkVVd.exe
  2⤵
  PID:9672
- C:\Windows\System\emSYUwy.exe
  C:\Windows\System\emSYUwy.exe
  2⤵
  PID:9688
- C:\Windows\System\ZyZlrgi.exe
  C:\Windows\System\ZyZlrgi.exe
  2⤵
  PID:9704
- C:\Windows\System\UWdpGBc.exe
  C:\Windows\System\UWdpGBc.exe
  2⤵
  PID:9720
- C:\Windows\System\RWVMKbb.exe
  C:\Windows\System\RWVMKbb.exe
  2⤵
  PID:9736
- C:\Windows\System\YFSuXld.exe
  C:\Windows\System\YFSuXld.exe
  2⤵
  PID:9752
- C:\Windows\System\JGOztRt.exe
  C:\Windows\System\JGOztRt.exe
  2⤵
  PID:9768
- C:\Windows\System\qXTvczm.exe
  C:\Windows\System\qXTvczm.exe
  2⤵
  PID:9784
- C:\Windows\System\RmeFwdb.exe
  C:\Windows\System\RmeFwdb.exe
  2⤵
  PID:9800
- C:\Windows\System\ucabuTa.exe
  C:\Windows\System\ucabuTa.exe
  2⤵
  PID:9816
- C:\Windows\System\vYRwZrK.exe
  C:\Windows\System\vYRwZrK.exe
  2⤵
  PID:9832
- C:\Windows\System\xSUohTV.exe
  C:\Windows\System\xSUohTV.exe
  2⤵
  PID:9848
- C:\Windows\System\Xqustpu.exe
  C:\Windows\System\Xqustpu.exe
  2⤵
  PID:9864
- C:\Windows\System\fzdkupx.exe
  C:\Windows\System\fzdkupx.exe
  2⤵
  PID:9880
- C:\Windows\System\QueXUur.exe
  C:\Windows\System\QueXUur.exe
  2⤵
  PID:9896
- C:\Windows\System\tZjQWUe.exe
  C:\Windows\System\tZjQWUe.exe
  2⤵
  PID:9912
- C:\Windows\System\fIJAGSd.exe
  C:\Windows\System\fIJAGSd.exe
  2⤵
  PID:9928
- C:\Windows\System\szqebNr.exe
  C:\Windows\System\szqebNr.exe
  2⤵
  PID:9948
- C:\Windows\System\HpfTPdF.exe
  C:\Windows\System\HpfTPdF.exe
  2⤵
  PID:9964
- C:\Windows\System\szngqUr.exe
  C:\Windows\System\szngqUr.exe
  2⤵
  PID:9980
- C:\Windows\System\QqWkEds.exe
  C:\Windows\System\QqWkEds.exe
  2⤵
  PID:10000
- C:\Windows\System\wvnnYbI.exe
  C:\Windows\System\wvnnYbI.exe
  2⤵
  PID:10016
- C:\Windows\System\WNSMrkF.exe
  C:\Windows\System\WNSMrkF.exe
  2⤵
  PID:10032
- C:\Windows\System\RiqEodk.exe
  C:\Windows\System\RiqEodk.exe
  2⤵
  PID:10048
- C:\Windows\System\imShaEu.exe
  C:\Windows\System\imShaEu.exe
  2⤵
  PID:10064
- C:\Windows\System\njwySAe.exe
  C:\Windows\System\njwySAe.exe
  2⤵
  PID:10080
- C:\Windows\System\aqWJSXP.exe
  C:\Windows\System\aqWJSXP.exe
  2⤵
  PID:10096
- C:\Windows\System\ixsmliu.exe
  C:\Windows\System\ixsmliu.exe
  2⤵
  PID:10112
- C:\Windows\System\dbBnxLY.exe
  C:\Windows\System\dbBnxLY.exe
  2⤵
  PID:10128
- C:\Windows\System\nqnYsJO.exe
  C:\Windows\System\nqnYsJO.exe
  2⤵
  PID:10144
- C:\Windows\System\cPyIfSr.exe
  C:\Windows\System\cPyIfSr.exe
  2⤵
  PID:10160
- C:\Windows\System\QNIJbnt.exe
  C:\Windows\System\QNIJbnt.exe
  2⤵
  PID:10176
- C:\Windows\System\KtiXlop.exe
  C:\Windows\System\KtiXlop.exe
  2⤵
  PID:10192
- C:\Windows\System\DqAtfra.exe
  C:\Windows\System\DqAtfra.exe
  2⤵
  PID:10208
- C:\Windows\System\avlNhNy.exe
  C:\Windows\System\avlNhNy.exe
  2⤵
  PID:10224
- C:\Windows\System\zjwMRwV.exe
  C:\Windows\System\zjwMRwV.exe
  2⤵
  PID:8428
- C:\Windows\System\mkyOzJR.exe
  C:\Windows\System\mkyOzJR.exe
  2⤵
  PID:8328
- C:\Windows\System\XNklstD.exe
  C:\Windows\System\XNklstD.exe
  2⤵
  PID:8580
- C:\Windows\System\QjXwJvU.exe
  C:\Windows\System\QjXwJvU.exe
  2⤵
  PID:8876
- C:\Windows\System\fsuNXXh.exe
  C:\Windows\System\fsuNXXh.exe
  2⤵
  PID:8924
- C:\Windows\System\PWZGyRM.exe
  C:\Windows\System\PWZGyRM.exe
  2⤵
  PID:9288
- C:\Windows\System\NNdoImg.exe
  C:\Windows\System\NNdoImg.exe
  2⤵
  PID:9272
- C:\Windows\System\lFrzGfr.exe
  C:\Windows\System\lFrzGfr.exe
  2⤵
  PID:9348
- C:\Windows\System\FaMQltp.exe
  C:\Windows\System\FaMQltp.exe
  2⤵
  PID:9384
- C:\Windows\System\wbbUuXn.exe
  C:\Windows\System\wbbUuXn.exe
  2⤵
  PID:9420
- C:\Windows\System\BeyrYOd.exe
  C:\Windows\System\BeyrYOd.exe
  2⤵
  PID:9484
- C:\Windows\System\pvMLwXA.exe
  C:\Windows\System\pvMLwXA.exe
  2⤵
  PID:9544
- C:\Windows\System\BuoGqov.exe
  C:\Windows\System\BuoGqov.exe
  2⤵
  PID:9612
- C:\Windows\System\JQorMRA.exe
  C:\Windows\System\JQorMRA.exe
  2⤵
  PID:9404
- C:\Windows\System\ZaMPAJJ.exe
  C:\Windows\System\ZaMPAJJ.exe
  2⤵
  PID:9648
- C:\Windows\System\WDmsYzf.exe
  C:\Windows\System\WDmsYzf.exe
  2⤵
  PID:9500
- C:\Windows\System\tMHCMrs.exe
  C:\Windows\System\tMHCMrs.exe
  2⤵
  PID:9716
- C:\Windows\System\rMIZYWA.exe
  C:\Windows\System\rMIZYWA.exe
  2⤵
  PID:9528
- C:\Windows\System\DuhJUSF.exe
  C:\Windows\System\DuhJUSF.exe
  2⤵
  PID:9596
- C:\Windows\System\rnJnnSU.exe
  C:\Windows\System\rnJnnSU.exe
  2⤵
  PID:9812
- C:\Windows\System\ohcjtqq.exe
  C:\Windows\System\ohcjtqq.exe
  2⤵
  PID:9904
- C:\Windows\System\wpkygid.exe
  C:\Windows\System\wpkygid.exe
  2⤵
  PID:9908
- C:\Windows\System\AxhrSxw.exe
  C:\Windows\System\AxhrSxw.exe
  2⤵
  PID:9700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AkaktuU.exe

Filesize
6.0MB

MD5
81e4b2188062bb76382c90658dda974b

SHA1
591326a2265678ba62588432addfaa12e35e7f3b

SHA256
61d3b75e17157d680a61c8e59ce7190d965f091ec2d69806eacf8d4719874f7b

SHA512
e18d9b7dc949198a8898be02b8fa9a57ac54ca0aa65a8f340ee6386d6f491b0c3c08b1d38c9082705f24a809fa1e7ff4d7ba7c84c6a18502d8d6f7d3d5e5f9ad

Download Submit
C:\Windows\system\AzJWgky.exe

Filesize
6.0MB

MD5
be5b7b8dfd39c9355863d63ab93b4256

SHA1
4c645f82fa859e3353d502225e41acbaf39a0828

SHA256
bae9189234ceaf3cb03dd970442c81a219c3cfad8909e604b62ef79e7ea6a045

SHA512
74e1b7a7dd98ed069662ea0dff6de1361b49e3536e1beb3d54aafb68a006e2a4d9748bea5975f76fc535e908485a5920655228e9333bc9bf857ed7f4b04a00ba

Download Submit
C:\Windows\system\BKCzEUt.exe

Filesize
6.0MB

MD5
49ade663ebb7f3f263222556e8cbe1b5

SHA1
6080101a8bcc6def38e99da1745ce0f9ca45b0cb

SHA256
73d5d99bacb1f895af594efecb8a55e344a384436425d2a28b70bc23722fc07c

SHA512
12a23b97c4b573fc75ba5f8bdc094723993c320777f6a2bccaf9d29d230f04f1dedc7d48654c85a31240e0a590abcedb6eb7e40681ffae64e3e4c6d78a1892d5

Download Submit
C:\Windows\system\BKjiSZN.exe

Filesize
6.0MB

MD5
29ad112f3c82d9360f298e086f4752ce

SHA1
e83296c83b886f5f439ec446886dd57b024aa430

SHA256
25e630c4285f28c82d118e0c42a5a05d6d8c9214cfa3df4e3a3631018815e4a9

SHA512
67d1085d1e8992f39f7ac43c22e21a9ad7c931865c23b9de7a34dd1564f4d54b12ce1a1d12da8f9fc311e4a5f16f9bd65181310e2f13e64062dd551a7128fe5c

Download Submit
C:\Windows\system\BZZAoNk.exe

Filesize
6.0MB

MD5
1e6b6ef354900da4ab7296531047de94

SHA1
990c28d30e6866c8acddd04080900f33dba2cc5d

SHA256
52ed149f3710238482a21f9ef71a8e01d330d742d0efefda85c28fef577bd4cf

SHA512
85b963d107f07f2b5e61a9964b63a9c7fef0bdfd16f32706b00148b1dc2848d7425dd32c23139afa4a866358c07ee1c6b49f8952da64afe54f96aa37f918afa1

Download Submit
C:\Windows\system\IdflBuC.exe

Filesize
6.0MB

MD5
c9a67e2858937a8ae48dc8d8ba7a609d

SHA1
3af6adac549c974a660965fbcab1a5de4fdadb8d

SHA256
3d346ec9953a13690cfda59a6e50d54ccf62e7084fa9d9716b0fdd48d5c36300

SHA512
3d24b350aaba22259d88db60571555265ff8013836ab1fe2fdc9f0443c31b529fb51c4479b2bafdb187075cbf98c49abf5335ea67de0671e64b110eb7716e68d

Download Submit
C:\Windows\system\KEmjJkQ.exe

Filesize
6.0MB

MD5
887d138b64dacdc8fa3d47c73e4df57f

SHA1
9e7336a668a34498837b4cf00334d003346d055f

SHA256
bdcc17bdf4e18deaeac4bb26c7f7527918985de59612be4a4936f9b186f56260

SHA512
8a05d319262a3d7be99628cb477dbb5598e8e51ffa8cf50d70eb38a291d38e1d6214f6902bf2c5ace99e1bfa4192c7bfcf824132b087e831ea209ea76f03e71e

Download Submit
C:\Windows\system\LMoJKTd.exe

Filesize
6.0MB

MD5
c8680e6e1ae6cddcdd0eabef5d89f1e5

SHA1
483e51e317c585fd1c83b45b9f365848d3187d9f

SHA256
86448736fe5c8ffca64463edde1105303f0699fe929122888c3ff6800583e7f4

SHA512
668ebc125508ad19a6bea08c25a9770c58a975eb66688ca9883dc07946a106815db5b106e6e03c0613d86d3a769148d40d79470daf6cb798cb60931dd521823f

Download Submit
C:\Windows\system\LZkjQJV.exe

Filesize
6.0MB

MD5
8d308e0b7ec795fe81984abf6059ab7f

SHA1
e7ce2bdbd62854b10c73956de27ea6f580e524a7

SHA256
e77788e2ccd7a47ca33ad483caf6717589b67c4fecadd15366b20219f00a6dcd

SHA512
0a7b766374503e8a11c1a72114e6e261267a6b6274039d8432fb628a379d03a6e54543d430e249744741c82f22bc32d198586ce9d082c2d2699078313d9952f2

Download Submit
C:\Windows\system\NPgeMjA.exe

Filesize
6.0MB

MD5
e97e276df01874ccd5af0efcc888bb36

SHA1
a3e4ac62161e7b63eebaf4910921b4021c9e133c

SHA256
11daa37eba15a33af884f00665bbd6af39b66f01bbdd92f19601fb80f9bcb8fa

SHA512
fc66788b76c05c17d7fcd54eb4ca566415c2f4d662af694a3d015d3c5f6873d5483735f967bf7683288ddf55ee9bf5daead0f632a7eee7c3cb1cf48153f6f872

Download Submit
C:\Windows\system\QWtlDLq.exe

Filesize
6.0MB

MD5
704b9ba5de2fb9ff7072d53a66493004

SHA1
9c88573baac555984989e7e07a70045508f10fa9

SHA256
15960501b11a98a2810764a51393c0b27ee8c24eb31069cc6e901c1e64cee8e4

SHA512
949eb3a1dd351d76f3c63da87e24afe8d8538fb664415508dc01e64ef21b0ea6939a7cb54dc2c79c048b200eb81c9b0454403dd6e2f3389264c9d48ebf0be67b

Download Submit
C:\Windows\system\TIFvFNG.exe

Filesize
6.0MB

MD5
209d6c1bddf2e02baa88a80468eb2c95

SHA1
14e841553e78d0e40bc6feb6357ae094a8421bc3

SHA256
2cb9449e9bc98b0ab10c3b758d1cd0b8c9b39ffcc4cf7ba0abe4f74c0804cebe

SHA512
b38df83f85c5173ed33a49352ae6cd24ba8d2e4768318a8adf6b5441f56eee130e7dd04bf55c0fdfd70296e5b7a9d65a9f2d6965f7f5cde45cbc18e726012986

Download Submit
C:\Windows\system\WaNCvPK.exe

Filesize
6.0MB

MD5
98be2abd6acdff440d6100dee19bb11a

SHA1
e60bf628b64dbfddf44698e8bf7b3b00d170be31

SHA256
53d17307176abbf17cc94dca71e4676953c49da47964b6004c605d4b12ae7462

SHA512
6972d3b1cccc32128e28104c861eb4e992d5f0d03ea5aca3c76451ccfb6b83c6ee4f1135807b07317344cac8cd7a3fe43a5d39ddf38cd4b587dc70e8919efb42

Download Submit
C:\Windows\system\bboGAfl.exe

Filesize
6.0MB

MD5
2bf06dcb832bb8951b755b6c7d8d011b

SHA1
3c57177f3ecad546118c1bd9ce2f2a3731d42d40

SHA256
515f8a2fb68ce32d65c9f92e9c6209e8ebb05e86594444fb6c9b9e0d4f1b373e

SHA512
19a45af6fceae22cdae7cd818af9ce8ae4b1bb53d214d9c3b712d10acd39c6eb139c03355a42d830f29dc5616ea657368cf77f282d60bbc05aa184cdc5e44942

Download Submit
C:\Windows\system\eoiBVsH.exe

Filesize
6.0MB

MD5
a6c40da2087b85ec737c25332b2eaf9e

SHA1
571004d808361212bf4b96cc7e8f9865dcadece0

SHA256
722c31775667e0487102219060ca41406b73b43bf8e23ebdc4138c5d49c14f80

SHA512
113792f95b43271a091ea09afa9e3e6e980879ca9f2db014fe83dcf448629f74df6f7454e9b7adc9b1c0dcf4a04519ff2f8a523da9f44d408605d6a3ab73135b

Download Submit
C:\Windows\system\gYVWeoc.exe

Filesize
6.0MB

MD5
7b80d320cd4762f46004dd0a2001853a

SHA1
479c6180534c201190166cf485ebeac8865d2728

SHA256
e150d866147c5626529555975729a0a9b46350d4ec2a7e605567744b5403f32d

SHA512
add1347a729971a16c07d5bb7e54574440abab986c560ccbed44bba898476ef3e810a3f1c59cfb59cb5e77a5456a0751db288088c29303268252c6dd1c2f17a0

Download Submit
C:\Windows\system\jBMOUaA.exe

Filesize
6.0MB

MD5
2dddb10d2ac45705a8f1f531129b5d5f

SHA1
ff4ab07fc69226b6c14c72d042f1e85cf43b3eb9

SHA256
00463c43df399c02f1fbd8b7ebc8f3c958a193a9105fb101d7453bf6e45725aa

SHA512
7648b88245f3cacf9f6a2bdc72bc2e5ab1ce1ff951af5bd283f296ba5b464d2edf7975d97e839089bd1d4cbc01a08150245e99dd2bbc4d74af99a314af85904d

Download Submit
C:\Windows\system\kLodAyt.exe

Filesize
6.0MB

MD5
02c9baaa9316aa1816a3c41c109d822f

SHA1
82dd69d19733bfba1346a8c2656955b8813307fb

SHA256
c3203eaf831855e4060e6c154bdba21760ee7922779d03417f9f58e7d223227e

SHA512
3b59a729baa4300a31a95ac076357f87ee34bd62d65537c4f55c2de2b28e20975448d808948fde2dc88823aa63e7e95ac9cab367b50097b0b046d44ea40bfaac

Download Submit
C:\Windows\system\kyEOrlA.exe

Filesize
6.0MB

MD5
cc38c913fb9a7802aef8f56334fd00e4

SHA1
7a86a6073318c3b8e63cba27171e8b66e44838a4

SHA256
26427733baffeb5088d73cd27469a78416bf1f37c7de5e45000d4d18f58563b5

SHA512
6b8653845d9ac892c72ed5c7f395b9cc3ff3d65260dd2ea637df0dfd601ff9a92603d1d946539f60501552e33f6a4195b0a560c55ad878caa0d507a968095776

Download Submit
C:\Windows\system\lKIUOhk.exe

Filesize
6.0MB

MD5
0d5cf69bebb7f6cc066f7b6e1f3abae9

SHA1
4d301c3fab2d2fa4502bf77d507cf3238bec8351

SHA256
84dcc2a4de55230850c71bca93aa9d1acad7050f3ef9a10560ffb8762bca91a6

SHA512
a143da778bbffa979891f5598721e782ae7493f8d0a14af93d9b78416d8ecd400960ab5339f5196d970ed6fcd66aed1af4c6bb163e7411727d5e3cd86b2ef937

Download Submit
C:\Windows\system\lQzzhRf.exe

Filesize
6.0MB

MD5
50cedebc0bb3088ec46ace51f3dae781

SHA1
188a0552243bf903bd44be863fd327291aac6ef9

SHA256
0d2f11ae6c6a01a228d8afa9c0480d985ee8abe547ce14a1e5fc0b5bba7c5437

SHA512
5febd07295be227c0cb358e4156bda012dc8830fda1720f9330da3b0d5e4192b93223de0c2d4d96f759f8b83d8e0e946560c1bb2714359f2760b75f145326357

Download Submit
C:\Windows\system\lnqQEFn.exe

Filesize
6.0MB

MD5
4f84237836d808d91f3cb2c4c0a4d24d

SHA1
1f409b8d2015acf35551ff351e552d58d3c515cd

SHA256
20d60573ff4b4029e06a1ad0c8a20ec412286636d2f6504aadc0e827fecbbc94

SHA512
1eaf76464eddd6235a0cc44d8801c5c496f7d9db7399d08d3cbd881e36a5109e50ddbb8d5e6286b8f083ce94856a2b1bbb3c8b41593781f50a1e4f44a834b7c4

Download Submit
C:\Windows\system\nhaskxa.exe

Filesize
6.0MB

MD5
4416bbe2bc3f21542142f8d66e33fe00

SHA1
c165874073c83364d2b570cc89105788c2162e17

SHA256
e4c297f25a68bb74ac5ca134ec0c394fd7b18f98f27f7c58ef4193b958863b8e

SHA512
3d8f8d5e61f8793ec62a3a448de23285b20d28ebe94696628900df31455ee9e286ad683b14fe3d4b47ed3a3de294d892dbe0d3d8e8a3c9a2d2f6b8f0ce91e20a

Download Submit
C:\Windows\system\nrgpotX.exe

Filesize
6.0MB

MD5
7b069cb1812869505927812395084928

SHA1
53e4f907b2fb9a2d9e39fdaf3ebab8b9a00fdda8

SHA256
a1c03597ad0982a0fadf5359c3360ced6a91bd50c2c93e67dccd08b8b7927b7e

SHA512
7e87c403ed154e1c83fd42083205ed5b4e41b5b16fe43cc0f06ae6daeaa1c2dd79c7ce5f3b31da3a9e8b56150c659fa3d61f7f0d8c6094f30fe7278a74722e64

Download Submit
C:\Windows\system\phGYcDM.exe

Filesize
6.0MB

MD5
6676c282e78592cd14f4941f8e873b64

SHA1
0e21405fac12e19d93191fcaa6a78f4b603e9028

SHA256
59acbc8f2a3b58af458beda4467c840d80bf267722831d529ed7e3d6f0e80a45

SHA512
913436043422372dc2e4f56891c8e7c30493d1ebc7089bacc72ada6423e4734636cab06e1c41dc782b709a3eac166133637a8dc4df780ddd2888d6c04bc39cb6

Download Submit
C:\Windows\system\pumCxFV.exe

Filesize
6.0MB

MD5
bb91815cc68fb4ad76ff9c8f1bfef83b

SHA1
fa1a4d587ace889e3042feed21432818c81afed6

SHA256
df5dd96167c92e42ebba78d0da613a0be500124d4f3400e1253946c40329530e

SHA512
9421e67dbe8ccbdae272cc33912defefdea1e8853952a6aa3187ed6aa4cbbef094d44ef7cce4cd4d84aec71b871ff0d3da90e7a9590d004b998180b15cf33be9

Download Submit
C:\Windows\system\tVrwXwE.exe

Filesize
6.0MB

MD5
d46e5d6fdf56ce87645862baba4962c3

SHA1
abac8446a688d589bca47479377c06b61eaa1a64

SHA256
4de83b5d1a54537d0e2ec732e78d4e295de5dad8963ca8fd3c5dfb525e39e825

SHA512
0de456967594f7ee6c2aa4ca662223b56b66eb7af53d546bb7b478f4c0413e43ba654890b925e39418132df06b0c3772398f20e9a57fad2722276d4d88c54b91

Download Submit
C:\Windows\system\vbBHGsk.exe

Filesize
6.0MB

MD5
118099ab6da89069b271842d236c0173

SHA1
d31e232012073ef81d2862c67ea6f86b4b920531

SHA256
7b59dce6c89b621400ee8f2c121cf29a18630ba9edf414b050a39af7a92f3010

SHA512
6671c440fbc93a4b63399d134b6c5dc8183d4ba60282692ea7a948037027a98cedde6f0da2ce72c8b72f23b9acd7b62dbaa4df5cbf1fa360f1df9c27ce1dba93

Download Submit
\Windows\system\AwGMKGT.exe

Filesize
6.0MB

MD5
03e4036722b3baad5258e69a3abc916d

SHA1
b924e3a4a56fe95da5091e22c8755b78c949b73b

SHA256
06fd942c72bdc6d320874cbe4f37ef75fea6b2889d9cf0651f71f016fc401c33

SHA512
cc5466862e452ac4d6e5968212014d5e923cc76eec0fd90b0248e49b1f7663608a0ed2cd0bd92f0f51185d1a790a2aedf4dff3b2a3aa76715bc0ddb2493bacfe

Download Submit
\Windows\system\hWJDfDW.exe

Filesize
6.0MB

MD5
43a93502ca489117894e9ec2e4049d3a

SHA1
5f72be4e255a2791af513c7ca6a8ce50d6f8d1bd

SHA256
240c8569bcc39b3e75b20236a246e8807c9c3e88dd3ea3c04729ec23f7c9c2df

SHA512
f328bdf5bf5278b9746ead3872044fd984a907ecdc3ab7e191a1a3349642986b3f9c6bbccc8ea08210e2263f41ffb40342cafbed57c990b41a915679ce5a2742

Download Submit
\Windows\system\hcDacCG.exe

Filesize
6.0MB

MD5
080e16d1a32f52f28351f548f0779952

SHA1
ba5c7254fa8cba87ea17937c03ccbe2d3f42567a

SHA256
1b21f883374005b0c6af46714d58f068abefea48ef6b96ec7741c96ce8c35117

SHA512
aa9b7a7d155abe3bce596dbd56fd63d23c89e75779b9a19a34b2fbbe30b609fd92887ca8f6c3ec6a6daa5996a6216373eab2af83973482b8ce57538a82de8773

Download Submit
\Windows\system\ndDXMYl.exe

Filesize
6.0MB

MD5
163d9409afdeabff68e8bc3b84c92d4f

SHA1
f22ad9e3668df932460f2613f17c5dd7dcda8d42

SHA256
3cf613c201e2930ba290e52cc9141f3c710531f66aa684ab6d43f3675e46c2b1

SHA512
cfcf17c869b8a5146a7324372f92ba2cbd4d2762ba7491f852ba7a2dcfeec524e460c117aa10a4978f47e459450984814325d6edf08a26c458af38a2bdcc0d99

Download Submit
memory/1576-1332-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1576-82-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/1624-1334-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1624-97-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-1335-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1640-109-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-1317-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1648-37-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1684-4-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1684-52-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/1684-16-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/1684-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/1684-35-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1684-36-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1684-41-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1684-466-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-323-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-282-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1684-177-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1684-126-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1684-0-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/1684-110-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-53-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-108-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-18-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-100-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/1684-72-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/1684-98-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1684-66-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1684-81-0x0000000002430000-0x0000000002784000-memory.dmp

Filesize
3.3MB

Download
memory/2156-96-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1327-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-42-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-1333-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2184-99-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2272-1215-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-9-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-44-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-29-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2328-1329-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2556-178-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2556-1330-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2556-73-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2852-1328-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-59-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-67-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2860-1331-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2888-22-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1326-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2888-68-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2912-51-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1325-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2976-20-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-1278-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2976-65-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download