cobaltstrike | 7e8963dec0d2e62e2c8a2c781d16e67739e12ca893fe040e6c13cb8a76d2e9eb

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
24-11-2024 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

1eb12c4a88abbf287b9db0b4017ca9aa
SHA1

4efd0350566526ca1eb4ec26952606c5f206163a
SHA256

7e8963dec0d2e62e2c8a2c781d16e67739e12ca893fe040e6c13cb8a76d2e9eb
SHA512

4a64cca753972298ca86b928ae898ef48e92aacec21b281adbfb14576789ffc1428d6b04e6b0406c14abac2a46b1809c0991d2f4fa0c1a57d8a861feaa735920
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000122cf-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018780-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b68-9.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019223-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bf3-30.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019240-55.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-62.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-68.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-107.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-78.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932d-59.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000019230-47.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018710-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2888-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x000b0000000122cf-3.dat	xmrig
behavioral1/files/0x0007000000018780-10.dat	xmrig
behavioral1/memory/2544-13-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2424-14-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b68-9.dat	xmrig
behavioral1/files/0x0006000000019223-36.dat	xmrig
behavioral1/memory/2888-37-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2544-40-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2772-42-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0007000000018bf3-30.dat	xmrig
behavioral1/files/0x0008000000019240-55.dat	xmrig
behavioral1/files/0x000500000001960c-62.dat	xmrig
behavioral1/memory/2640-66-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x000500000001961c-68.dat	xmrig
behavioral1/memory/1648-79-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019667-81.dat	xmrig
behavioral1/files/0x0005000000019c57-114.dat	xmrig
behavioral1/memory/2888-256-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-167.dat	xmrig
behavioral1/files/0x000500000001a41b-162.dat	xmrig
behavioral1/files/0x000500000001a359-158.dat	xmrig
behavioral1/files/0x000500000001a307-154.dat	xmrig
behavioral1/files/0x000500000001a09e-150.dat	xmrig
behavioral1/files/0x000500000001a07e-146.dat	xmrig
behavioral1/files/0x000500000001a075-142.dat	xmrig
behavioral1/files/0x0005000000019f94-138.dat	xmrig
behavioral1/files/0x0005000000019f8a-134.dat	xmrig
behavioral1/files/0x0005000000019dbf-130.dat	xmrig
behavioral1/files/0x0005000000019d8e-126.dat	xmrig
behavioral1/files/0x0005000000019cca-122.dat	xmrig
behavioral1/files/0x0005000000019cba-118.dat	xmrig
behavioral1/files/0x0005000000019c3e-110.dat	xmrig
behavioral1/files/0x0005000000019c3c-107.dat	xmrig
behavioral1/files/0x0005000000019c34-102.dat	xmrig
behavioral1/files/0x0005000000019926-98.dat	xmrig
behavioral1/memory/1764-93-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a1-92.dat	xmrig
behavioral1/memory/664-86-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961e-78.dat	xmrig
behavioral1/memory/3000-74-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2888-70-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2748-69-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2728-60-0x000000013F8B0000-0x000000013FC04000-memory.dmp	xmrig
behavioral1/files/0x000600000001932d-59.dat	xmrig
behavioral1/memory/2028-51-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2704-48-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0009000000019230-47.dat	xmrig
behavioral1/memory/2888-19-0x0000000002420000-0x0000000002774000-memory.dmp	xmrig
behavioral1/memory/2748-38-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2808-29-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0008000000018710-25.dat	xmrig
behavioral1/memory/2028-24-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2424-3444-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2544-3463-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2808-3562-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2748-3557-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2028-3643-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2912-4074-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2640-4075-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/1764-4076-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/1648-4077-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2704-4078-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/664-4079-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2544	jFsmMHK.exe
2424	eZLkIZk.exe
2028	NrNvHuJ.exe
2808	kIJMTXA.exe
2748	CnonrBd.exe
2772	xPggrfj.exe
2704	sYzSGHF.exe
2912	ZdfbOPL.exe
2728	LHcBRvd.exe
2640	klUjjbS.exe
3000	aRcyjlS.exe
1648	AICjaTm.exe
664	ioSrAFs.exe
1764	rYgkiAl.exe
2040	yoDsJOx.exe
1120	HFwchhq.exe
2080	qaBztxa.exe
1876	zFdFkNn.exe
1164	uNBILky.exe
836	xZKuMVt.exe
2792	ckqZWsi.exe
1872	FsHMcNv.exe
1236	iGZAiYS.exe
2712	lFmwqlH.exe
2220	BOQVBOP.exe
2140	tcIeRjn.exe
2024	MvlgquC.exe
1808	dEfEJxF.exe
2212	AjsMQnF.exe
2592	mrBJSun.exe
2156	boTSChQ.exe
1772	fuoaAzm.exe
2312	xqWVCzN.exe
488	VnnPNwb.exe
444	eYTRMUE.exe
1144	GOFldBa.exe
1000	QPnXNwW.exe
2012	sMyRxOo.exe
2328	DDRHDGR.exe
1584	UiAXrDw.exe
608	bTEqDAo.exe
584	gSktnES.exe
1484	hsOgBbN.exe
1928	fogRvrZ.exe
1068	sBOEjFY.exe
1920	WEunmIp.exe
904	KoFJIrs.exe
1720	NhKZEUZ.exe
932	AUBhqkz.exe
980	mJfzWrt.exe
1084	UYKeips.exe
2540	iVIPzCT.exe
2296	ctZSvkx.exe
1752	MNLyOQj.exe
1320	pzzlgxn.exe
2968	jUxmYEb.exe
2356	TWCvHvp.exe
2236	oSGdGXN.exe
2064	HeafSjU.exe
828	yYfhFim.exe
2996	FBZANyr.exe
1968	lcggQpz.exe
876	ARPmsAN.exe
2984	uTmshks.exe

Loads dropped DLL 64 IoCs

pid	Process
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2888-0-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x000b0000000122cf-3.dat	upx
behavioral1/files/0x0007000000018780-10.dat	upx
behavioral1/memory/2544-13-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2424-14-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0007000000018b68-9.dat	upx
behavioral1/files/0x0006000000019223-36.dat	upx
behavioral1/memory/2888-37-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2544-40-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2772-42-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0007000000018bf3-30.dat	upx
behavioral1/files/0x0008000000019240-55.dat	upx
behavioral1/files/0x000500000001960c-62.dat	upx
behavioral1/memory/2640-66-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x000500000001961c-68.dat	upx
behavioral1/memory/1648-79-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0005000000019667-81.dat	upx
behavioral1/files/0x0005000000019c57-114.dat	upx
behavioral1/files/0x000500000001a41d-167.dat	upx
behavioral1/files/0x000500000001a41b-162.dat	upx
behavioral1/files/0x000500000001a359-158.dat	upx
behavioral1/files/0x000500000001a307-154.dat	upx
behavioral1/files/0x000500000001a09e-150.dat	upx
behavioral1/files/0x000500000001a07e-146.dat	upx
behavioral1/files/0x000500000001a075-142.dat	upx
behavioral1/files/0x0005000000019f94-138.dat	upx
behavioral1/files/0x0005000000019f8a-134.dat	upx
behavioral1/files/0x0005000000019dbf-130.dat	upx
behavioral1/files/0x0005000000019d8e-126.dat	upx
behavioral1/files/0x0005000000019cca-122.dat	upx
behavioral1/files/0x0005000000019cba-118.dat	upx
behavioral1/files/0x0005000000019c3e-110.dat	upx
behavioral1/files/0x0005000000019c3c-107.dat	upx
behavioral1/files/0x0005000000019c34-102.dat	upx
behavioral1/files/0x0005000000019926-98.dat	upx
behavioral1/memory/1764-93-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/files/0x00050000000196a1-92.dat	upx
behavioral1/memory/664-86-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/files/0x000500000001961e-78.dat	upx
behavioral1/memory/3000-74-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2748-69-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2728-60-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/files/0x000600000001932d-59.dat	upx
behavioral1/memory/2028-51-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2704-48-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0009000000019230-47.dat	upx
behavioral1/memory/2748-38-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2808-29-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0008000000018710-25.dat	upx
behavioral1/memory/2028-24-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2424-3444-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2544-3463-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2808-3562-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2748-3557-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2028-3643-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2912-4074-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2640-4075-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/1764-4076-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/1648-4077-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2704-4078-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/664-4079-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/3000-4080-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2728-4081-0x000000013F8B0000-0x000000013FC04000-memory.dmp	upx
behavioral1/memory/2772-4082-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ShIVyro.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CpSRvNl.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsUobKs.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gWhyYUD.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFafnCc.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EgDeERh.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aSDVDmi.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LurXwdC.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eGjVxVE.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSgdIVf.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UdYxNGz.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQvkimg.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DbdrWyy.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TtrbYsv.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xElMwNq.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnORHrF.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WcfENcb.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OIdcnkY.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYBgAwn.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzXnViw.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLpZkvK.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\anFLLBi.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhgaxhO.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTtypZd.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHUPVKP.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Zdbcykj.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YxMNOej.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYCAWHf.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fpiiMxR.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGmGzFg.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbXnhwg.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwblTjm.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKqUjNP.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pDiswSB.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thyYxQN.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WATuTnj.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fGmeyWW.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LzJVZKk.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWrJhWe.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpOkycV.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIildNi.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyEPhyc.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIOzwua.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogDYtGH.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRjCMMD.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQassMj.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIwqZDQ.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAMhAJs.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AbNhrvm.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyXNPLi.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZUoydi.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrGorzl.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzzlgxn.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CDcqDqe.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NrcJbLB.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXuXjFw.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtEsVFB.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVoPJhl.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VMobZty.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtQFSlW.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CEeBfFy.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EyGoSbb.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfJPTge.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZunLdT.exe	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2544	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2888 wrote to memory of 2544	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2888 wrote to memory of 2544	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2888 wrote to memory of 2424	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2888 wrote to memory of 2424	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2888 wrote to memory of 2424	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2888 wrote to memory of 2028	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2888 wrote to memory of 2028	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2888 wrote to memory of 2028	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2888 wrote to memory of 2808	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2888 wrote to memory of 2808	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2888 wrote to memory of 2808	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2888 wrote to memory of 2772	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2888 wrote to memory of 2772	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2888 wrote to memory of 2772	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2888 wrote to memory of 2748	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2888 wrote to memory of 2748	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2888 wrote to memory of 2748	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2888 wrote to memory of 2704	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2888 wrote to memory of 2704	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2888 wrote to memory of 2704	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2888 wrote to memory of 2912	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2888 wrote to memory of 2912	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2888 wrote to memory of 2912	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2888 wrote to memory of 2728	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2888 wrote to memory of 2728	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2888 wrote to memory of 2728	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2888 wrote to memory of 2640	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2888 wrote to memory of 2640	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2888 wrote to memory of 2640	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2888 wrote to memory of 3000	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2888 wrote to memory of 3000	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2888 wrote to memory of 3000	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2888 wrote to memory of 1648	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2888 wrote to memory of 1648	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2888 wrote to memory of 1648	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2888 wrote to memory of 664	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2888 wrote to memory of 664	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2888 wrote to memory of 664	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2888 wrote to memory of 1764	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2888 wrote to memory of 1764	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2888 wrote to memory of 1764	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2888 wrote to memory of 2040	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2888 wrote to memory of 2040	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2888 wrote to memory of 2040	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2888 wrote to memory of 1120	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2888 wrote to memory of 1120	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2888 wrote to memory of 1120	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2888 wrote to memory of 2080	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2888 wrote to memory of 2080	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2888 wrote to memory of 2080	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2888 wrote to memory of 1876	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2888 wrote to memory of 1876	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2888 wrote to memory of 1876	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2888 wrote to memory of 1164	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2888 wrote to memory of 1164	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2888 wrote to memory of 1164	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2888 wrote to memory of 836	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2888 wrote to memory of 836	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2888 wrote to memory of 836	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2888 wrote to memory of 2792	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2888 wrote to memory of 2792	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2888 wrote to memory of 2792	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2888 wrote to memory of 1872	2888	2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-24_1eb12c4a88abbf287b9db0b4017ca9aa_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\System\jFsmMHK.exe
  C:\Windows\System\jFsmMHK.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\eZLkIZk.exe
  C:\Windows\System\eZLkIZk.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\NrNvHuJ.exe
  C:\Windows\System\NrNvHuJ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\kIJMTXA.exe
  C:\Windows\System\kIJMTXA.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\xPggrfj.exe
  C:\Windows\System\xPggrfj.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\CnonrBd.exe
  C:\Windows\System\CnonrBd.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\sYzSGHF.exe
  C:\Windows\System\sYzSGHF.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\ZdfbOPL.exe
  C:\Windows\System\ZdfbOPL.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\LHcBRvd.exe
  C:\Windows\System\LHcBRvd.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\klUjjbS.exe
  C:\Windows\System\klUjjbS.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\aRcyjlS.exe
  C:\Windows\System\aRcyjlS.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\AICjaTm.exe
  C:\Windows\System\AICjaTm.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\ioSrAFs.exe
  C:\Windows\System\ioSrAFs.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\rYgkiAl.exe
  C:\Windows\System\rYgkiAl.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\yoDsJOx.exe
  C:\Windows\System\yoDsJOx.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\HFwchhq.exe
  C:\Windows\System\HFwchhq.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\qaBztxa.exe
  C:\Windows\System\qaBztxa.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\zFdFkNn.exe
  C:\Windows\System\zFdFkNn.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\uNBILky.exe
  C:\Windows\System\uNBILky.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\xZKuMVt.exe
  C:\Windows\System\xZKuMVt.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\ckqZWsi.exe
  C:\Windows\System\ckqZWsi.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\FsHMcNv.exe
  C:\Windows\System\FsHMcNv.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\iGZAiYS.exe
  C:\Windows\System\iGZAiYS.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\lFmwqlH.exe
  C:\Windows\System\lFmwqlH.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\BOQVBOP.exe
  C:\Windows\System\BOQVBOP.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\tcIeRjn.exe
  C:\Windows\System\tcIeRjn.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\MvlgquC.exe
  C:\Windows\System\MvlgquC.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\dEfEJxF.exe
  C:\Windows\System\dEfEJxF.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\AjsMQnF.exe
  C:\Windows\System\AjsMQnF.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\mrBJSun.exe
  C:\Windows\System\mrBJSun.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\boTSChQ.exe
  C:\Windows\System\boTSChQ.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\fuoaAzm.exe
  C:\Windows\System\fuoaAzm.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\xqWVCzN.exe
  C:\Windows\System\xqWVCzN.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\VnnPNwb.exe
  C:\Windows\System\VnnPNwb.exe
  2⤵
  - Executes dropped EXE
  PID:488
- C:\Windows\System\eYTRMUE.exe
  C:\Windows\System\eYTRMUE.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\GOFldBa.exe
  C:\Windows\System\GOFldBa.exe
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System\QPnXNwW.exe
  C:\Windows\System\QPnXNwW.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\sMyRxOo.exe
  C:\Windows\System\sMyRxOo.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\DDRHDGR.exe
  C:\Windows\System\DDRHDGR.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\UiAXrDw.exe
  C:\Windows\System\UiAXrDw.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\bTEqDAo.exe
  C:\Windows\System\bTEqDAo.exe
  2⤵
  - Executes dropped EXE
  PID:608
- C:\Windows\System\gSktnES.exe
  C:\Windows\System\gSktnES.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\hsOgBbN.exe
  C:\Windows\System\hsOgBbN.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\fogRvrZ.exe
  C:\Windows\System\fogRvrZ.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\sBOEjFY.exe
  C:\Windows\System\sBOEjFY.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\WEunmIp.exe
  C:\Windows\System\WEunmIp.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\KoFJIrs.exe
  C:\Windows\System\KoFJIrs.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\NhKZEUZ.exe
  C:\Windows\System\NhKZEUZ.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\AUBhqkz.exe
  C:\Windows\System\AUBhqkz.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\mJfzWrt.exe
  C:\Windows\System\mJfzWrt.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\UYKeips.exe
  C:\Windows\System\UYKeips.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\iVIPzCT.exe
  C:\Windows\System\iVIPzCT.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\ctZSvkx.exe
  C:\Windows\System\ctZSvkx.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\MNLyOQj.exe
  C:\Windows\System\MNLyOQj.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\pzzlgxn.exe
  C:\Windows\System\pzzlgxn.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\jUxmYEb.exe
  C:\Windows\System\jUxmYEb.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\TWCvHvp.exe
  C:\Windows\System\TWCvHvp.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\oSGdGXN.exe
  C:\Windows\System\oSGdGXN.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\HeafSjU.exe
  C:\Windows\System\HeafSjU.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\yYfhFim.exe
  C:\Windows\System\yYfhFim.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\FBZANyr.exe
  C:\Windows\System\FBZANyr.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\lcggQpz.exe
  C:\Windows\System\lcggQpz.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\ARPmsAN.exe
  C:\Windows\System\ARPmsAN.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\uTmshks.exe
  C:\Windows\System\uTmshks.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\muUbAVh.exe
  C:\Windows\System\muUbAVh.exe
  2⤵
  PID:2084
- C:\Windows\System\YGLAtrg.exe
  C:\Windows\System\YGLAtrg.exe
  2⤵
  PID:1524
- C:\Windows\System\bJTeJlA.exe
  C:\Windows\System\bJTeJlA.exe
  2⤵
  PID:2412
- C:\Windows\System\wrZkAnq.exe
  C:\Windows\System\wrZkAnq.exe
  2⤵
  PID:2396
- C:\Windows\System\nOubmTW.exe
  C:\Windows\System\nOubmTW.exe
  2⤵
  PID:2124
- C:\Windows\System\efxnDAH.exe
  C:\Windows\System\efxnDAH.exe
  2⤵
  PID:2708
- C:\Windows\System\IkODSom.exe
  C:\Windows\System\IkODSom.exe
  2⤵
  PID:1992
- C:\Windows\System\RhgaxhO.exe
  C:\Windows\System\RhgaxhO.exe
  2⤵
  PID:2844
- C:\Windows\System\kvtSqKu.exe
  C:\Windows\System\kvtSqKu.exe
  2⤵
  PID:2796
- C:\Windows\System\gGaeDKk.exe
  C:\Windows\System\gGaeDKk.exe
  2⤵
  PID:2932
- C:\Windows\System\fPtfCxM.exe
  C:\Windows\System\fPtfCxM.exe
  2⤵
  PID:1900
- C:\Windows\System\QmFyCfM.exe
  C:\Windows\System\QmFyCfM.exe
  2⤵
  PID:2628
- C:\Windows\System\hqWLPBF.exe
  C:\Windows\System\hqWLPBF.exe
  2⤵
  PID:2020
- C:\Windows\System\lTeziiP.exe
  C:\Windows\System\lTeziiP.exe
  2⤵
  PID:2908
- C:\Windows\System\jVBHcOF.exe
  C:\Windows\System\jVBHcOF.exe
  2⤵
  PID:1696
- C:\Windows\System\vDOkjDP.exe
  C:\Windows\System\vDOkjDP.exe
  2⤵
  PID:2596
- C:\Windows\System\sGHYFyj.exe
  C:\Windows\System\sGHYFyj.exe
  2⤵
  PID:2900
- C:\Windows\System\CHPzCTa.exe
  C:\Windows\System\CHPzCTa.exe
  2⤵
  PID:1496
- C:\Windows\System\LurXwdC.exe
  C:\Windows\System\LurXwdC.exe
  2⤵
  PID:884
- C:\Windows\System\HGFkEJs.exe
  C:\Windows\System\HGFkEJs.exe
  2⤵
  PID:2476
- C:\Windows\System\FERFpMu.exe
  C:\Windows\System\FERFpMu.exe
  2⤵
  PID:2428
- C:\Windows\System\lAiwxpu.exe
  C:\Windows\System\lAiwxpu.exe
  2⤵
  PID:2260
- C:\Windows\System\ovqejsu.exe
  C:\Windows\System\ovqejsu.exe
  2⤵
  PID:1704
- C:\Windows\System\BExtqPw.exe
  C:\Windows\System\BExtqPw.exe
  2⤵
  PID:2228
- C:\Windows\System\IvQfrEX.exe
  C:\Windows\System\IvQfrEX.exe
  2⤵
  PID:1276
- C:\Windows\System\SoREzUV.exe
  C:\Windows\System\SoREzUV.exe
  2⤵
  PID:1312
- C:\Windows\System\OIdcnkY.exe
  C:\Windows\System\OIdcnkY.exe
  2⤵
  PID:1816
- C:\Windows\System\HfgwvwS.exe
  C:\Windows\System\HfgwvwS.exe
  2⤵
  PID:684
- C:\Windows\System\MXGjcUk.exe
  C:\Windows\System\MXGjcUk.exe
  2⤵
  PID:1932
- C:\Windows\System\xiRVcjb.exe
  C:\Windows\System\xiRVcjb.exe
  2⤵
  PID:960
- C:\Windows\System\QVDklvu.exe
  C:\Windows\System\QVDklvu.exe
  2⤵
  PID:592
- C:\Windows\System\nlvXisL.exe
  C:\Windows\System\nlvXisL.exe
  2⤵
  PID:2680
- C:\Windows\System\WcfENcb.exe
  C:\Windows\System\WcfENcb.exe
  2⤵
  PID:3040
- C:\Windows\System\TGYiChL.exe
  C:\Windows\System\TGYiChL.exe
  2⤵
  PID:3024
- C:\Windows\System\ALjjCBy.exe
  C:\Windows\System\ALjjCBy.exe
  2⤵
  PID:1980
- C:\Windows\System\RGliKvW.exe
  C:\Windows\System\RGliKvW.exe
  2⤵
  PID:2972
- C:\Windows\System\cuJLaFa.exe
  C:\Windows\System\cuJLaFa.exe
  2⤵
  PID:1468
- C:\Windows\System\KRYvRnL.exe
  C:\Windows\System\KRYvRnL.exe
  2⤵
  PID:1472
- C:\Windows\System\LmCgECe.exe
  C:\Windows\System\LmCgECe.exe
  2⤵
  PID:2976
- C:\Windows\System\LszxOJG.exe
  C:\Windows\System\LszxOJG.exe
  2⤵
  PID:1548
- C:\Windows\System\FXgGxHF.exe
  C:\Windows\System\FXgGxHF.exe
  2⤵
  PID:2176
- C:\Windows\System\wYdVJdN.exe
  C:\Windows\System\wYdVJdN.exe
  2⤵
  PID:2828
- C:\Windows\System\fyvqWMc.exe
  C:\Windows\System\fyvqWMc.exe
  2⤵
  PID:2472
- C:\Windows\System\QVKwMHa.exe
  C:\Windows\System\QVKwMHa.exe
  2⤵
  PID:2604
- C:\Windows\System\GJIOGVg.exe
  C:\Windows\System\GJIOGVg.exe
  2⤵
  PID:1572
- C:\Windows\System\glTSnzu.exe
  C:\Windows\System\glTSnzu.exe
  2⤵
  PID:1464
- C:\Windows\System\mHLNSQm.exe
  C:\Windows\System\mHLNSQm.exe
  2⤵
  PID:2104
- C:\Windows\System\KzgCIum.exe
  C:\Windows\System\KzgCIum.exe
  2⤵
  PID:2204
- C:\Windows\System\pJHAGTm.exe
  C:\Windows\System\pJHAGTm.exe
  2⤵
  PID:3088
- C:\Windows\System\gtWoodD.exe
  C:\Windows\System\gtWoodD.exe
  2⤵
  PID:3104
- C:\Windows\System\YIeUcyO.exe
  C:\Windows\System\YIeUcyO.exe
  2⤵
  PID:3120
- C:\Windows\System\OzgaXPL.exe
  C:\Windows\System\OzgaXPL.exe
  2⤵
  PID:3140
- C:\Windows\System\DtzStMC.exe
  C:\Windows\System\DtzStMC.exe
  2⤵
  PID:3160
- C:\Windows\System\XWXvqGg.exe
  C:\Windows\System\XWXvqGg.exe
  2⤵
  PID:3176
- C:\Windows\System\GefeTJi.exe
  C:\Windows\System\GefeTJi.exe
  2⤵
  PID:3192
- C:\Windows\System\fMOCIef.exe
  C:\Windows\System\fMOCIef.exe
  2⤵
  PID:3208
- C:\Windows\System\SepsShh.exe
  C:\Windows\System\SepsShh.exe
  2⤵
  PID:3224
- C:\Windows\System\uGrEHVk.exe
  C:\Windows\System\uGrEHVk.exe
  2⤵
  PID:3240
- C:\Windows\System\CPyohSW.exe
  C:\Windows\System\CPyohSW.exe
  2⤵
  PID:3256
- C:\Windows\System\opHUoVL.exe
  C:\Windows\System\opHUoVL.exe
  2⤵
  PID:3272
- C:\Windows\System\ZQxdlSx.exe
  C:\Windows\System\ZQxdlSx.exe
  2⤵
  PID:3288
- C:\Windows\System\UWqoLyI.exe
  C:\Windows\System\UWqoLyI.exe
  2⤵
  PID:3304
- C:\Windows\System\DQDujXh.exe
  C:\Windows\System\DQDujXh.exe
  2⤵
  PID:3320
- C:\Windows\System\nTFGVLj.exe
  C:\Windows\System\nTFGVLj.exe
  2⤵
  PID:3336
- C:\Windows\System\hxeDaPR.exe
  C:\Windows\System\hxeDaPR.exe
  2⤵
  PID:3352
- C:\Windows\System\RXKpaHb.exe
  C:\Windows\System\RXKpaHb.exe
  2⤵
  PID:3368
- C:\Windows\System\cXQKLpV.exe
  C:\Windows\System\cXQKLpV.exe
  2⤵
  PID:3384
- C:\Windows\System\hMWnMPb.exe
  C:\Windows\System\hMWnMPb.exe
  2⤵
  PID:3400
- C:\Windows\System\jFATZdC.exe
  C:\Windows\System\jFATZdC.exe
  2⤵
  PID:3416
- C:\Windows\System\KxrLuvD.exe
  C:\Windows\System\KxrLuvD.exe
  2⤵
  PID:3432
- C:\Windows\System\tqazcBC.exe
  C:\Windows\System\tqazcBC.exe
  2⤵
  PID:3448
- C:\Windows\System\TWZzVWm.exe
  C:\Windows\System\TWZzVWm.exe
  2⤵
  PID:3464
- C:\Windows\System\GKUOROb.exe
  C:\Windows\System\GKUOROb.exe
  2⤵
  PID:3480
- C:\Windows\System\OcvqYcx.exe
  C:\Windows\System\OcvqYcx.exe
  2⤵
  PID:3496
- C:\Windows\System\aQiBCrI.exe
  C:\Windows\System\aQiBCrI.exe
  2⤵
  PID:3512
- C:\Windows\System\ZqGIdPI.exe
  C:\Windows\System\ZqGIdPI.exe
  2⤵
  PID:3528
- C:\Windows\System\PdCAyII.exe
  C:\Windows\System\PdCAyII.exe
  2⤵
  PID:3544
- C:\Windows\System\bgtFVts.exe
  C:\Windows\System\bgtFVts.exe
  2⤵
  PID:3560
- C:\Windows\System\hdIoeNR.exe
  C:\Windows\System\hdIoeNR.exe
  2⤵
  PID:3576
- C:\Windows\System\ShIVyro.exe
  C:\Windows\System\ShIVyro.exe
  2⤵
  PID:3592
- C:\Windows\System\UBlcgKo.exe
  C:\Windows\System\UBlcgKo.exe
  2⤵
  PID:3608
- C:\Windows\System\cuMTQQb.exe
  C:\Windows\System\cuMTQQb.exe
  2⤵
  PID:3624
- C:\Windows\System\rYsQOwD.exe
  C:\Windows\System\rYsQOwD.exe
  2⤵
  PID:3640
- C:\Windows\System\CpSRvNl.exe
  C:\Windows\System\CpSRvNl.exe
  2⤵
  PID:3656
- C:\Windows\System\FEnShdE.exe
  C:\Windows\System\FEnShdE.exe
  2⤵
  PID:3672
- C:\Windows\System\FNegdql.exe
  C:\Windows\System\FNegdql.exe
  2⤵
  PID:3688
- C:\Windows\System\maBWIQd.exe
  C:\Windows\System\maBWIQd.exe
  2⤵
  PID:3704
- C:\Windows\System\UuAczYX.exe
  C:\Windows\System\UuAczYX.exe
  2⤵
  PID:3720
- C:\Windows\System\zOxTwKG.exe
  C:\Windows\System\zOxTwKG.exe
  2⤵
  PID:3736
- C:\Windows\System\pURIWEM.exe
  C:\Windows\System\pURIWEM.exe
  2⤵
  PID:3752
- C:\Windows\System\XJUihcL.exe
  C:\Windows\System\XJUihcL.exe
  2⤵
  PID:3772
- C:\Windows\System\pEHkPgd.exe
  C:\Windows\System\pEHkPgd.exe
  2⤵
  PID:3788
- C:\Windows\System\jjTCNjK.exe
  C:\Windows\System\jjTCNjK.exe
  2⤵
  PID:3808
- C:\Windows\System\BEfIFRU.exe
  C:\Windows\System\BEfIFRU.exe
  2⤵
  PID:3824
- C:\Windows\System\qwEiIwM.exe
  C:\Windows\System\qwEiIwM.exe
  2⤵
  PID:3840
- C:\Windows\System\CpKBIor.exe
  C:\Windows\System\CpKBIor.exe
  2⤵
  PID:3856
- C:\Windows\System\nJRqSYT.exe
  C:\Windows\System\nJRqSYT.exe
  2⤵
  PID:3872
- C:\Windows\System\rlhyvEo.exe
  C:\Windows\System\rlhyvEo.exe
  2⤵
  PID:3888
- C:\Windows\System\kLiRZBB.exe
  C:\Windows\System\kLiRZBB.exe
  2⤵
  PID:3904
- C:\Windows\System\IlMPVtm.exe
  C:\Windows\System\IlMPVtm.exe
  2⤵
  PID:3920
- C:\Windows\System\ZBXToAH.exe
  C:\Windows\System\ZBXToAH.exe
  2⤵
  PID:3936
- C:\Windows\System\ZgTZHEt.exe
  C:\Windows\System\ZgTZHEt.exe
  2⤵
  PID:3952
- C:\Windows\System\cLBzgTq.exe
  C:\Windows\System\cLBzgTq.exe
  2⤵
  PID:3972
- C:\Windows\System\pOyImYZ.exe
  C:\Windows\System\pOyImYZ.exe
  2⤵
  PID:3988
- C:\Windows\System\HYShReC.exe
  C:\Windows\System\HYShReC.exe
  2⤵
  PID:4004
- C:\Windows\System\kNWWEUu.exe
  C:\Windows\System\kNWWEUu.exe
  2⤵
  PID:4020
- C:\Windows\System\IYkxwgV.exe
  C:\Windows\System\IYkxwgV.exe
  2⤵
  PID:4036
- C:\Windows\System\VJxGcXz.exe
  C:\Windows\System\VJxGcXz.exe
  2⤵
  PID:4052
- C:\Windows\System\wVRSqKq.exe
  C:\Windows\System\wVRSqKq.exe
  2⤵
  PID:4068
- C:\Windows\System\uBZMUlg.exe
  C:\Windows\System\uBZMUlg.exe
  2⤵
  PID:4084
- C:\Windows\System\GsUobKs.exe
  C:\Windows\System\GsUobKs.exe
  2⤵
  PID:764
- C:\Windows\System\bSGTlTx.exe
  C:\Windows\System\bSGTlTx.exe
  2⤵
  PID:2164
- C:\Windows\System\nRipcNh.exe
  C:\Windows\System\nRipcNh.exe
  2⤵
  PID:540
- C:\Windows\System\hGhqqUC.exe
  C:\Windows\System\hGhqqUC.exe
  2⤵
  PID:1884
- C:\Windows\System\rbRLuca.exe
  C:\Windows\System\rbRLuca.exe
  2⤵
  PID:2924
- C:\Windows\System\PfKlYRq.exe
  C:\Windows\System\PfKlYRq.exe
  2⤵
  PID:2548
- C:\Windows\System\QFiEyfA.exe
  C:\Windows\System\QFiEyfA.exe
  2⤵
  PID:1612
- C:\Windows\System\JtEsVFB.exe
  C:\Windows\System\JtEsVFB.exe
  2⤵
  PID:680
- C:\Windows\System\REszNVx.exe
  C:\Windows\System\REszNVx.exe
  2⤵
  PID:1960
- C:\Windows\System\xQvkimg.exe
  C:\Windows\System\xQvkimg.exe
  2⤵
  PID:2980
- C:\Windows\System\WsJYsTs.exe
  C:\Windows\System\WsJYsTs.exe
  2⤵
  PID:2380
- C:\Windows\System\zbCIYVp.exe
  C:\Windows\System\zbCIYVp.exe
  2⤵
  PID:2820
- C:\Windows\System\BQNyVqn.exe
  C:\Windows\System\BQNyVqn.exe
  2⤵
  PID:2368
- C:\Windows\System\upFnKsS.exe
  C:\Windows\System\upFnKsS.exe
  2⤵
  PID:376
- C:\Windows\System\HONCOpp.exe
  C:\Windows\System\HONCOpp.exe
  2⤵
  PID:1976
- C:\Windows\System\gvXORwM.exe
  C:\Windows\System\gvXORwM.exe
  2⤵
  PID:3112
- C:\Windows\System\MQZdsjs.exe
  C:\Windows\System\MQZdsjs.exe
  2⤵
  PID:3136
- C:\Windows\System\HuwJyDf.exe
  C:\Windows\System\HuwJyDf.exe
  2⤵
  PID:3172
- C:\Windows\System\pOpHySL.exe
  C:\Windows\System\pOpHySL.exe
  2⤵
  PID:3216
- C:\Windows\System\BPpUEwn.exe
  C:\Windows\System\BPpUEwn.exe
  2⤵
  PID:3236
- C:\Windows\System\sINvjIX.exe
  C:\Windows\System\sINvjIX.exe
  2⤵
  PID:3268
- C:\Windows\System\SIRKSfJ.exe
  C:\Windows\System\SIRKSfJ.exe
  2⤵
  PID:3300
- C:\Windows\System\mchzlBQ.exe
  C:\Windows\System\mchzlBQ.exe
  2⤵
  PID:3332
- C:\Windows\System\LSQNQyE.exe
  C:\Windows\System\LSQNQyE.exe
  2⤵
  PID:3376
- C:\Windows\System\iuIiSaC.exe
  C:\Windows\System\iuIiSaC.exe
  2⤵
  PID:3408
- C:\Windows\System\MGKEBck.exe
  C:\Windows\System\MGKEBck.exe
  2⤵
  PID:3440
- C:\Windows\System\QChRyBz.exe
  C:\Windows\System\QChRyBz.exe
  2⤵
  PID:3472
- C:\Windows\System\ytgMFcn.exe
  C:\Windows\System\ytgMFcn.exe
  2⤵
  PID:3504
- C:\Windows\System\wTiZGnm.exe
  C:\Windows\System\wTiZGnm.exe
  2⤵
  PID:3524
- C:\Windows\System\HtcuyPV.exe
  C:\Windows\System\HtcuyPV.exe
  2⤵
  PID:3568
- C:\Windows\System\gTqCOkV.exe
  C:\Windows\System\gTqCOkV.exe
  2⤵
  PID:3600
- C:\Windows\System\OPuCbUN.exe
  C:\Windows\System\OPuCbUN.exe
  2⤵
  PID:3620
- C:\Windows\System\fTuZWZB.exe
  C:\Windows\System\fTuZWZB.exe
  2⤵
  PID:3664
- C:\Windows\System\swyPRJI.exe
  C:\Windows\System\swyPRJI.exe
  2⤵
  PID:3696
- C:\Windows\System\MRmPpnV.exe
  C:\Windows\System\MRmPpnV.exe
  2⤵
  PID:3728
- C:\Windows\System\UNpwzuZ.exe
  C:\Windows\System\UNpwzuZ.exe
  2⤵
  PID:3748
- C:\Windows\System\NChhIth.exe
  C:\Windows\System\NChhIth.exe
  2⤵
  PID:3796
- C:\Windows\System\KSkRoZa.exe
  C:\Windows\System\KSkRoZa.exe
  2⤵
  PID:3832
- C:\Windows\System\kUakltf.exe
  C:\Windows\System\kUakltf.exe
  2⤵
  PID:3852
- C:\Windows\System\rJISHrb.exe
  C:\Windows\System\rJISHrb.exe
  2⤵
  PID:3896
- C:\Windows\System\oKNyuMA.exe
  C:\Windows\System\oKNyuMA.exe
  2⤵
  PID:3916
- C:\Windows\System\mUSEMzn.exe
  C:\Windows\System\mUSEMzn.exe
  2⤵
  PID:3960
- C:\Windows\System\ijcrLgS.exe
  C:\Windows\System\ijcrLgS.exe
  2⤵
  PID:3996
- C:\Windows\System\MtEdNFe.exe
  C:\Windows\System\MtEdNFe.exe
  2⤵
  PID:4028
- C:\Windows\System\zOkYzdI.exe
  C:\Windows\System\zOkYzdI.exe
  2⤵
  PID:4060
- C:\Windows\System\gjbuhjV.exe
  C:\Windows\System\gjbuhjV.exe
  2⤵
  PID:4092
- C:\Windows\System\AkJSWYg.exe
  C:\Windows\System\AkJSWYg.exe
  2⤵
  PID:2352
- C:\Windows\System\ZfeGUnM.exe
  C:\Windows\System\ZfeGUnM.exe
  2⤵
  PID:2960
- C:\Windows\System\sySqVGJ.exe
  C:\Windows\System\sySqVGJ.exe
  2⤵
  PID:2144
- C:\Windows\System\PUhgkNQ.exe
  C:\Windows\System\PUhgkNQ.exe
  2⤵
  PID:2964
- C:\Windows\System\qLlWaRQ.exe
  C:\Windows\System\qLlWaRQ.exe
  2⤵
  PID:1944
- C:\Windows\System\KXCjlxH.exe
  C:\Windows\System\KXCjlxH.exe
  2⤵
  PID:2904
- C:\Windows\System\PTxFMvu.exe
  C:\Windows\System\PTxFMvu.exe
  2⤵
  PID:2004
- C:\Windows\System\gBnPXPB.exe
  C:\Windows\System\gBnPXPB.exe
  2⤵
  PID:3128
- C:\Windows\System\eEwwWZe.exe
  C:\Windows\System\eEwwWZe.exe
  2⤵
  PID:3200
- C:\Windows\System\MSgdIVf.exe
  C:\Windows\System\MSgdIVf.exe
  2⤵
  PID:3264
- C:\Windows\System\CKuWKsi.exe
  C:\Windows\System\CKuWKsi.exe
  2⤵
  PID:3316
- C:\Windows\System\pJoofqK.exe
  C:\Windows\System\pJoofqK.exe
  2⤵
  PID:3380
- C:\Windows\System\mkVMYqy.exe
  C:\Windows\System\mkVMYqy.exe
  2⤵
  PID:3424
- C:\Windows\System\CzbgXxN.exe
  C:\Windows\System\CzbgXxN.exe
  2⤵
  PID:3492
- C:\Windows\System\HeoxmhT.exe
  C:\Windows\System\HeoxmhT.exe
  2⤵
  PID:3584
- C:\Windows\System\fGibWHf.exe
  C:\Windows\System\fGibWHf.exe
  2⤵
  PID:3648
- C:\Windows\System\sOnjuOh.exe
  C:\Windows\System\sOnjuOh.exe
  2⤵
  PID:3684
- C:\Windows\System\lrgdWst.exe
  C:\Windows\System\lrgdWst.exe
  2⤵
  PID:3760
- C:\Windows\System\KWSKfvV.exe
  C:\Windows\System\KWSKfvV.exe
  2⤵
  PID:3848
- C:\Windows\System\mcsOiKN.exe
  C:\Windows\System\mcsOiKN.exe
  2⤵
  PID:3884
- C:\Windows\System\RrUCUov.exe
  C:\Windows\System\RrUCUov.exe
  2⤵
  PID:4112
- C:\Windows\System\pnEdCpv.exe
  C:\Windows\System\pnEdCpv.exe
  2⤵
  PID:4128
- C:\Windows\System\wLofhET.exe
  C:\Windows\System\wLofhET.exe
  2⤵
  PID:4144
- C:\Windows\System\NZhKBQh.exe
  C:\Windows\System\NZhKBQh.exe
  2⤵
  PID:4160
- C:\Windows\System\ABwehMF.exe
  C:\Windows\System\ABwehMF.exe
  2⤵
  PID:4180
- C:\Windows\System\dOyoHFB.exe
  C:\Windows\System\dOyoHFB.exe
  2⤵
  PID:4200
- C:\Windows\System\MwfeRVA.exe
  C:\Windows\System\MwfeRVA.exe
  2⤵
  PID:4216
- C:\Windows\System\GRnibcw.exe
  C:\Windows\System\GRnibcw.exe
  2⤵
  PID:4232
- C:\Windows\System\SgHkVaP.exe
  C:\Windows\System\SgHkVaP.exe
  2⤵
  PID:4248
- C:\Windows\System\vHOGagP.exe
  C:\Windows\System\vHOGagP.exe
  2⤵
  PID:4264
- C:\Windows\System\WVwNyRI.exe
  C:\Windows\System\WVwNyRI.exe
  2⤵
  PID:4280
- C:\Windows\System\KMoVygK.exe
  C:\Windows\System\KMoVygK.exe
  2⤵
  PID:4296
- C:\Windows\System\rEounlj.exe
  C:\Windows\System\rEounlj.exe
  2⤵
  PID:4312
- C:\Windows\System\EdVsuew.exe
  C:\Windows\System\EdVsuew.exe
  2⤵
  PID:4328
- C:\Windows\System\AqoXZiY.exe
  C:\Windows\System\AqoXZiY.exe
  2⤵
  PID:4344
- C:\Windows\System\uCedMGF.exe
  C:\Windows\System\uCedMGF.exe
  2⤵
  PID:4360
- C:\Windows\System\lyVxSVW.exe
  C:\Windows\System\lyVxSVW.exe
  2⤵
  PID:4376
- C:\Windows\System\rksjvEp.exe
  C:\Windows\System\rksjvEp.exe
  2⤵
  PID:4392
- C:\Windows\System\yCyNCZP.exe
  C:\Windows\System\yCyNCZP.exe
  2⤵
  PID:4408
- C:\Windows\System\cpCXzre.exe
  C:\Windows\System\cpCXzre.exe
  2⤵
  PID:4424
- C:\Windows\System\sDeJmHY.exe
  C:\Windows\System\sDeJmHY.exe
  2⤵
  PID:4440
- C:\Windows\System\lERnUNA.exe
  C:\Windows\System\lERnUNA.exe
  2⤵
  PID:4456
- C:\Windows\System\AMHcqTF.exe
  C:\Windows\System\AMHcqTF.exe
  2⤵
  PID:4472
- C:\Windows\System\UqKvCpU.exe
  C:\Windows\System\UqKvCpU.exe
  2⤵
  PID:4488
- C:\Windows\System\QBLvPJL.exe
  C:\Windows\System\QBLvPJL.exe
  2⤵
  PID:4504
- C:\Windows\System\CDcqDqe.exe
  C:\Windows\System\CDcqDqe.exe
  2⤵
  PID:4520
- C:\Windows\System\VpudOqh.exe
  C:\Windows\System\VpudOqh.exe
  2⤵
  PID:4536
- C:\Windows\System\BWDOBUJ.exe
  C:\Windows\System\BWDOBUJ.exe
  2⤵
  PID:4552
- C:\Windows\System\HOppuTL.exe
  C:\Windows\System\HOppuTL.exe
  2⤵
  PID:4568
- C:\Windows\System\NkAHLbK.exe
  C:\Windows\System\NkAHLbK.exe
  2⤵
  PID:4584
- C:\Windows\System\yTlhJJE.exe
  C:\Windows\System\yTlhJJE.exe
  2⤵
  PID:4600
- C:\Windows\System\YrwnhRd.exe
  C:\Windows\System\YrwnhRd.exe
  2⤵
  PID:4616
- C:\Windows\System\kQYZlYt.exe
  C:\Windows\System\kQYZlYt.exe
  2⤵
  PID:4632
- C:\Windows\System\bgVCbuB.exe
  C:\Windows\System\bgVCbuB.exe
  2⤵
  PID:4648
- C:\Windows\System\uwyDLFt.exe
  C:\Windows\System\uwyDLFt.exe
  2⤵
  PID:4664
- C:\Windows\System\WVYEkxP.exe
  C:\Windows\System\WVYEkxP.exe
  2⤵
  PID:4680
- C:\Windows\System\dUnbmXY.exe
  C:\Windows\System\dUnbmXY.exe
  2⤵
  PID:4696
- C:\Windows\System\ArHsURR.exe
  C:\Windows\System\ArHsURR.exe
  2⤵
  PID:4712
- C:\Windows\System\bFrRUwi.exe
  C:\Windows\System\bFrRUwi.exe
  2⤵
  PID:4732
- C:\Windows\System\CHxlvgV.exe
  C:\Windows\System\CHxlvgV.exe
  2⤵
  PID:4748
- C:\Windows\System\DrpuhPB.exe
  C:\Windows\System\DrpuhPB.exe
  2⤵
  PID:4764
- C:\Windows\System\RqvHRBR.exe
  C:\Windows\System\RqvHRBR.exe
  2⤵
  PID:4780
- C:\Windows\System\ibLwCVf.exe
  C:\Windows\System\ibLwCVf.exe
  2⤵
  PID:4796
- C:\Windows\System\DQWTfqE.exe
  C:\Windows\System\DQWTfqE.exe
  2⤵
  PID:4812
- C:\Windows\System\oYKMnPB.exe
  C:\Windows\System\oYKMnPB.exe
  2⤵
  PID:4828
- C:\Windows\System\ZZLrSVs.exe
  C:\Windows\System\ZZLrSVs.exe
  2⤵
  PID:4844
- C:\Windows\System\LBDiIMf.exe
  C:\Windows\System\LBDiIMf.exe
  2⤵
  PID:4860
- C:\Windows\System\DwHdoZW.exe
  C:\Windows\System\DwHdoZW.exe
  2⤵
  PID:4876
- C:\Windows\System\EPqqRmY.exe
  C:\Windows\System\EPqqRmY.exe
  2⤵
  PID:4892
- C:\Windows\System\vuzFgMz.exe
  C:\Windows\System\vuzFgMz.exe
  2⤵
  PID:4908
- C:\Windows\System\xPgWVHF.exe
  C:\Windows\System\xPgWVHF.exe
  2⤵
  PID:4924
- C:\Windows\System\QslCHFo.exe
  C:\Windows\System\QslCHFo.exe
  2⤵
  PID:4944
- C:\Windows\System\dnIHVwC.exe
  C:\Windows\System\dnIHVwC.exe
  2⤵
  PID:4960
- C:\Windows\System\EhHMnOp.exe
  C:\Windows\System\EhHMnOp.exe
  2⤵
  PID:4976
- C:\Windows\System\ooMMntl.exe
  C:\Windows\System\ooMMntl.exe
  2⤵
  PID:4992
- C:\Windows\System\QnKygBl.exe
  C:\Windows\System\QnKygBl.exe
  2⤵
  PID:5008
- C:\Windows\System\yOSOClS.exe
  C:\Windows\System\yOSOClS.exe
  2⤵
  PID:5024
- C:\Windows\System\etXbXwG.exe
  C:\Windows\System\etXbXwG.exe
  2⤵
  PID:5040
- C:\Windows\System\pAcOFxP.exe
  C:\Windows\System\pAcOFxP.exe
  2⤵
  PID:5056
- C:\Windows\System\mGMXPcH.exe
  C:\Windows\System\mGMXPcH.exe
  2⤵
  PID:5072
- C:\Windows\System\KOgxTou.exe
  C:\Windows\System\KOgxTou.exe
  2⤵
  PID:5088
- C:\Windows\System\BvlhsTF.exe
  C:\Windows\System\BvlhsTF.exe
  2⤵
  PID:5104
- C:\Windows\System\DPOQhti.exe
  C:\Windows\System\DPOQhti.exe
  2⤵
  PID:3928
- C:\Windows\System\PXVuQQr.exe
  C:\Windows\System\PXVuQQr.exe
  2⤵
  PID:3984
- C:\Windows\System\kyXNPLi.exe
  C:\Windows\System\kyXNPLi.exe
  2⤵
  PID:4048
- C:\Windows\System\vUSuuNy.exe
  C:\Windows\System\vUSuuNy.exe
  2⤵
  PID:2208
- C:\Windows\System\NPaoUPa.exe
  C:\Windows\System\NPaoUPa.exe
  2⤵
  PID:2456
- C:\Windows\System\QqqXcus.exe
  C:\Windows\System\QqqXcus.exe
  2⤵
  PID:2528
- C:\Windows\System\LOVeQqW.exe
  C:\Windows\System\LOVeQqW.exe
  2⤵
  PID:2068
- C:\Windows\System\NFyPXQZ.exe
  C:\Windows\System\NFyPXQZ.exe
  2⤵
  PID:3184
- C:\Windows\System\fOAVQJS.exe
  C:\Windows\System\fOAVQJS.exe
  2⤵
  PID:3296
- C:\Windows\System\mpDOqkF.exe
  C:\Windows\System\mpDOqkF.exe
  2⤵
  PID:3456
- C:\Windows\System\iXGeMQu.exe
  C:\Windows\System\iXGeMQu.exe
  2⤵
  PID:3556
- C:\Windows\System\ZYBgAwn.exe
  C:\Windows\System\ZYBgAwn.exe
  2⤵
  PID:3712
- C:\Windows\System\KzXmPug.exe
  C:\Windows\System\KzXmPug.exe
  2⤵
  PID:1776
- C:\Windows\System\hoNakLM.exe
  C:\Windows\System\hoNakLM.exe
  2⤵
  PID:3912
- C:\Windows\System\XfbiWPq.exe
  C:\Windows\System\XfbiWPq.exe
  2⤵
  PID:4136
- C:\Windows\System\lGIRlwf.exe
  C:\Windows\System\lGIRlwf.exe
  2⤵
  PID:4168
- C:\Windows\System\WLhUjGP.exe
  C:\Windows\System\WLhUjGP.exe
  2⤵
  PID:4208
- C:\Windows\System\DWwKCCU.exe
  C:\Windows\System\DWwKCCU.exe
  2⤵
  PID:4240
- C:\Windows\System\ejgHfrA.exe
  C:\Windows\System\ejgHfrA.exe
  2⤵
  PID:4272
- C:\Windows\System\IOaoivA.exe
  C:\Windows\System\IOaoivA.exe
  2⤵
  PID:4304
- C:\Windows\System\zEzIfUc.exe
  C:\Windows\System\zEzIfUc.exe
  2⤵
  PID:4336
- C:\Windows\System\jhosDvK.exe
  C:\Windows\System\jhosDvK.exe
  2⤵
  PID:4356
- C:\Windows\System\pzWIEgB.exe
  C:\Windows\System\pzWIEgB.exe
  2⤵
  PID:4388
- C:\Windows\System\bhpoOoM.exe
  C:\Windows\System\bhpoOoM.exe
  2⤵
  PID:4420
- C:\Windows\System\PBgFEIx.exe
  C:\Windows\System\PBgFEIx.exe
  2⤵
  PID:4452
- C:\Windows\System\SvyPoDp.exe
  C:\Windows\System\SvyPoDp.exe
  2⤵
  PID:4496
- C:\Windows\System\kmfkyIb.exe
  C:\Windows\System\kmfkyIb.exe
  2⤵
  PID:4516
- C:\Windows\System\fhUaVOb.exe
  C:\Windows\System\fhUaVOb.exe
  2⤵
  PID:4560
- C:\Windows\System\YXxHsyi.exe
  C:\Windows\System\YXxHsyi.exe
  2⤵
  PID:4580
- C:\Windows\System\UYMqQkd.exe
  C:\Windows\System\UYMqQkd.exe
  2⤵
  PID:4612
- C:\Windows\System\ZYjikcn.exe
  C:\Windows\System\ZYjikcn.exe
  2⤵
  PID:4656
- C:\Windows\System\BLQqaSS.exe
  C:\Windows\System\BLQqaSS.exe
  2⤵
  PID:4688
- C:\Windows\System\CZBUbhv.exe
  C:\Windows\System\CZBUbhv.exe
  2⤵
  PID:4720
- C:\Windows\System\jxJDpbw.exe
  C:\Windows\System\jxJDpbw.exe
  2⤵
  PID:4760
- C:\Windows\System\VxoCTVl.exe
  C:\Windows\System\VxoCTVl.exe
  2⤵
  PID:4808
- C:\Windows\System\kTCBbFr.exe
  C:\Windows\System\kTCBbFr.exe
  2⤵
  PID:4840
- C:\Windows\System\NyCPTmn.exe
  C:\Windows\System\NyCPTmn.exe
  2⤵
  PID:4872
- C:\Windows\System\nSKHaRA.exe
  C:\Windows\System\nSKHaRA.exe
  2⤵
  PID:4916
- C:\Windows\System\KZlzMHj.exe
  C:\Windows\System\KZlzMHj.exe
  2⤵
  PID:4936
- C:\Windows\System\vkQYLWH.exe
  C:\Windows\System\vkQYLWH.exe
  2⤵
  PID:4984
- C:\Windows\System\nyWTAUQ.exe
  C:\Windows\System\nyWTAUQ.exe
  2⤵
  PID:4728
- C:\Windows\System\thyYxQN.exe
  C:\Windows\System\thyYxQN.exe
  2⤵
  PID:5032
- C:\Windows\System\wkngeuD.exe
  C:\Windows\System\wkngeuD.exe
  2⤵
  PID:5064
- C:\Windows\System\wPeWqip.exe
  C:\Windows\System\wPeWqip.exe
  2⤵
  PID:5096
- C:\Windows\System\jQpRdAn.exe
  C:\Windows\System\jQpRdAn.exe
  2⤵
  PID:3948
- C:\Windows\System\rzFALOr.exe
  C:\Windows\System\rzFALOr.exe
  2⤵
  PID:4080
- C:\Windows\System\XBWjKFT.exe
  C:\Windows\System\XBWjKFT.exe
  2⤵
  PID:732
- C:\Windows\System\PJFovzb.exe
  C:\Windows\System\PJFovzb.exe
  2⤵
  PID:3168
- C:\Windows\System\PjgVuWz.exe
  C:\Windows\System\PjgVuWz.exe
  2⤵
  PID:3360
- C:\Windows\System\yUhfIjW.exe
  C:\Windows\System\yUhfIjW.exe
  2⤵
  PID:3632
- C:\Windows\System\waZqeSM.exe
  C:\Windows\System\waZqeSM.exe
  2⤵
  PID:3880
- C:\Windows\System\DeDZYdO.exe
  C:\Windows\System\DeDZYdO.exe
  2⤵
  PID:4152
- C:\Windows\System\xTykJBh.exe
  C:\Windows\System\xTykJBh.exe
  2⤵
  PID:4224
- C:\Windows\System\BBIwijS.exe
  C:\Windows\System\BBIwijS.exe
  2⤵
  PID:4288
- C:\Windows\System\vORytuU.exe
  C:\Windows\System\vORytuU.exe
  2⤵
  PID:4352
- C:\Windows\System\VTjbNfH.exe
  C:\Windows\System\VTjbNfH.exe
  2⤵
  PID:4416
- C:\Windows\System\XjMJrqQ.exe
  C:\Windows\System\XjMJrqQ.exe
  2⤵
  PID:4480
- C:\Windows\System\SGAUqjx.exe
  C:\Windows\System\SGAUqjx.exe
  2⤵
  PID:4544
- C:\Windows\System\qONyuZS.exe
  C:\Windows\System\qONyuZS.exe
  2⤵
  PID:4608
- C:\Windows\System\JPznMRI.exe
  C:\Windows\System\JPznMRI.exe
  2⤵
  PID:4672
- C:\Windows\System\iezQFmV.exe
  C:\Windows\System\iezQFmV.exe
  2⤵
  PID:4740
- C:\Windows\System\VYUmjsT.exe
  C:\Windows\System\VYUmjsT.exe
  2⤵
  PID:5128
- C:\Windows\System\croUQIh.exe
  C:\Windows\System\croUQIh.exe
  2⤵
  PID:5144
- C:\Windows\System\heIUIKF.exe
  C:\Windows\System\heIUIKF.exe
  2⤵
  PID:5160
- C:\Windows\System\VuXYOPb.exe
  C:\Windows\System\VuXYOPb.exe
  2⤵
  PID:5176
- C:\Windows\System\TeCyLvn.exe
  C:\Windows\System\TeCyLvn.exe
  2⤵
  PID:5192
- C:\Windows\System\ogDYtGH.exe
  C:\Windows\System\ogDYtGH.exe
  2⤵
  PID:5208
- C:\Windows\System\khArqzr.exe
  C:\Windows\System\khArqzr.exe
  2⤵
  PID:5224
- C:\Windows\System\vHlCEXf.exe
  C:\Windows\System\vHlCEXf.exe
  2⤵
  PID:5240
- C:\Windows\System\nQwfWwr.exe
  C:\Windows\System\nQwfWwr.exe
  2⤵
  PID:5256
- C:\Windows\System\tqajAjK.exe
  C:\Windows\System\tqajAjK.exe
  2⤵
  PID:5272
- C:\Windows\System\mioaNjU.exe
  C:\Windows\System\mioaNjU.exe
  2⤵
  PID:5288
- C:\Windows\System\zaumNNc.exe
  C:\Windows\System\zaumNNc.exe
  2⤵
  PID:5304
- C:\Windows\System\MeDLBnD.exe
  C:\Windows\System\MeDLBnD.exe
  2⤵
  PID:5320
- C:\Windows\System\EDrwuLg.exe
  C:\Windows\System\EDrwuLg.exe
  2⤵
  PID:5336
- C:\Windows\System\yJgXLXg.exe
  C:\Windows\System\yJgXLXg.exe
  2⤵
  PID:5352
- C:\Windows\System\wUJvVRp.exe
  C:\Windows\System\wUJvVRp.exe
  2⤵
  PID:5368
- C:\Windows\System\mefOiPH.exe
  C:\Windows\System\mefOiPH.exe
  2⤵
  PID:5384
- C:\Windows\System\ZqhHkAH.exe
  C:\Windows\System\ZqhHkAH.exe
  2⤵
  PID:5400
- C:\Windows\System\ChRBfSG.exe
  C:\Windows\System\ChRBfSG.exe
  2⤵
  PID:5420
- C:\Windows\System\cVQklil.exe
  C:\Windows\System\cVQklil.exe
  2⤵
  PID:5436
- C:\Windows\System\HayYFNt.exe
  C:\Windows\System\HayYFNt.exe
  2⤵
  PID:5452
- C:\Windows\System\sbMXQax.exe
  C:\Windows\System\sbMXQax.exe
  2⤵
  PID:5468
- C:\Windows\System\znQSSzV.exe
  C:\Windows\System\znQSSzV.exe
  2⤵
  PID:5484
- C:\Windows\System\OvDxMZD.exe
  C:\Windows\System\OvDxMZD.exe
  2⤵
  PID:5500
- C:\Windows\System\qXQbFkj.exe
  C:\Windows\System\qXQbFkj.exe
  2⤵
  PID:5516
- C:\Windows\System\Mefcais.exe
  C:\Windows\System\Mefcais.exe
  2⤵
  PID:5536
- C:\Windows\System\mMCUgEH.exe
  C:\Windows\System\mMCUgEH.exe
  2⤵
  PID:5552
- C:\Windows\System\qPDWVhn.exe
  C:\Windows\System\qPDWVhn.exe
  2⤵
  PID:5568
- C:\Windows\System\LztsCso.exe
  C:\Windows\System\LztsCso.exe
  2⤵
  PID:5584
- C:\Windows\System\ElIwHce.exe
  C:\Windows\System\ElIwHce.exe
  2⤵
  PID:5600
- C:\Windows\System\sPXXMAC.exe
  C:\Windows\System\sPXXMAC.exe
  2⤵
  PID:5616
- C:\Windows\System\KRNeiVA.exe
  C:\Windows\System\KRNeiVA.exe
  2⤵
  PID:5632
- C:\Windows\System\wVjRZVF.exe
  C:\Windows\System\wVjRZVF.exe
  2⤵
  PID:5648
- C:\Windows\System\GbSLdXQ.exe
  C:\Windows\System\GbSLdXQ.exe
  2⤵
  PID:5664
- C:\Windows\System\CEeBfFy.exe
  C:\Windows\System\CEeBfFy.exe
  2⤵
  PID:5680
- C:\Windows\System\KtDCbNO.exe
  C:\Windows\System\KtDCbNO.exe
  2⤵
  PID:5696
- C:\Windows\System\QotYGjA.exe
  C:\Windows\System\QotYGjA.exe
  2⤵
  PID:5712
- C:\Windows\System\PQlXZyA.exe
  C:\Windows\System\PQlXZyA.exe
  2⤵
  PID:5728
- C:\Windows\System\kipBIWC.exe
  C:\Windows\System\kipBIWC.exe
  2⤵
  PID:5744
- C:\Windows\System\HoKUvqK.exe
  C:\Windows\System\HoKUvqK.exe
  2⤵
  PID:5760
- C:\Windows\System\oihUjGg.exe
  C:\Windows\System\oihUjGg.exe
  2⤵
  PID:5776
- C:\Windows\System\QtaRqhj.exe
  C:\Windows\System\QtaRqhj.exe
  2⤵
  PID:5792
- C:\Windows\System\qeOktTw.exe
  C:\Windows\System\qeOktTw.exe
  2⤵
  PID:5808
- C:\Windows\System\YxvBvcG.exe
  C:\Windows\System\YxvBvcG.exe
  2⤵
  PID:5824
- C:\Windows\System\zYITRZP.exe
  C:\Windows\System\zYITRZP.exe
  2⤵
  PID:5840
- C:\Windows\System\KsvZlIZ.exe
  C:\Windows\System\KsvZlIZ.exe
  2⤵
  PID:5856
- C:\Windows\System\Okhubqg.exe
  C:\Windows\System\Okhubqg.exe
  2⤵
  PID:5872
- C:\Windows\System\aaTcZUx.exe
  C:\Windows\System\aaTcZUx.exe
  2⤵
  PID:5888
- C:\Windows\System\YhqztuF.exe
  C:\Windows\System\YhqztuF.exe
  2⤵
  PID:5904
- C:\Windows\System\QBTHlUz.exe
  C:\Windows\System\QBTHlUz.exe
  2⤵
  PID:5920
- C:\Windows\System\ASdTitu.exe
  C:\Windows\System\ASdTitu.exe
  2⤵
  PID:5936
- C:\Windows\System\jSEnPEg.exe
  C:\Windows\System\jSEnPEg.exe
  2⤵
  PID:5952
- C:\Windows\System\XILltbA.exe
  C:\Windows\System\XILltbA.exe
  2⤵
  PID:5968
- C:\Windows\System\EyGoSbb.exe
  C:\Windows\System\EyGoSbb.exe
  2⤵
  PID:5984
- C:\Windows\System\OhGVwUZ.exe
  C:\Windows\System\OhGVwUZ.exe
  2⤵
  PID:6000
- C:\Windows\System\YXoHbpD.exe
  C:\Windows\System\YXoHbpD.exe
  2⤵
  PID:6016
- C:\Windows\System\aAVtoSk.exe
  C:\Windows\System\aAVtoSk.exe
  2⤵
  PID:6032
- C:\Windows\System\HmkvZlg.exe
  C:\Windows\System\HmkvZlg.exe
  2⤵
  PID:6048
- C:\Windows\System\ifdsCVk.exe
  C:\Windows\System\ifdsCVk.exe
  2⤵
  PID:6064
- C:\Windows\System\zpaZuIv.exe
  C:\Windows\System\zpaZuIv.exe
  2⤵
  PID:6080
- C:\Windows\System\uIVokfW.exe
  C:\Windows\System\uIVokfW.exe
  2⤵
  PID:6096
- C:\Windows\System\zcFeptB.exe
  C:\Windows\System\zcFeptB.exe
  2⤵
  PID:6112
- C:\Windows\System\rdORSor.exe
  C:\Windows\System\rdORSor.exe
  2⤵
  PID:6128
- C:\Windows\System\phCIZOc.exe
  C:\Windows\System\phCIZOc.exe
  2⤵
  PID:4824
- C:\Windows\System\dIildNi.exe
  C:\Windows\System\dIildNi.exe
  2⤵
  PID:4888
- C:\Windows\System\gQMcjWV.exe
  C:\Windows\System\gQMcjWV.exe
  2⤵
  PID:4968
- C:\Windows\System\badmrxB.exe
  C:\Windows\System\badmrxB.exe
  2⤵
  PID:5048
- C:\Windows\System\IUKEdJD.exe
  C:\Windows\System\IUKEdJD.exe
  2⤵
  PID:5084
- C:\Windows\System\iZOFewM.exe
  C:\Windows\System\iZOFewM.exe
  2⤵
  PID:1560
- C:\Windows\System\gxJCiRx.exe
  C:\Windows\System\gxJCiRx.exe
  2⤵
  PID:2372
- C:\Windows\System\rnqKsSR.exe
  C:\Windows\System\rnqKsSR.exe
  2⤵
  PID:2840
- C:\Windows\System\FYyNBCh.exe
  C:\Windows\System\FYyNBCh.exe
  2⤵
  PID:3780
- C:\Windows\System\SsgySjR.exe
  C:\Windows\System\SsgySjR.exe
  2⤵
  PID:2408
- C:\Windows\System\ZzXVVLX.exe
  C:\Windows\System\ZzXVVLX.exe
  2⤵
  PID:4260
- C:\Windows\System\rSnXnLX.exe
  C:\Windows\System\rSnXnLX.exe
  2⤵
  PID:4368
- C:\Windows\System\kMGbtdp.exe
  C:\Windows\System\kMGbtdp.exe
  2⤵
  PID:4528
- C:\Windows\System\tfupxTb.exe
  C:\Windows\System\tfupxTb.exe
  2⤵
  PID:4644
- C:\Windows\System\mSaQaKi.exe
  C:\Windows\System\mSaQaKi.exe
  2⤵
  PID:5136
- C:\Windows\System\JaOMesz.exe
  C:\Windows\System\JaOMesz.exe
  2⤵
  PID:5168
- C:\Windows\System\NaPaPXQ.exe
  C:\Windows\System\NaPaPXQ.exe
  2⤵
  PID:5200
- C:\Windows\System\jLrNavt.exe
  C:\Windows\System\jLrNavt.exe
  2⤵
  PID:5220
- C:\Windows\System\lcvZnqa.exe
  C:\Windows\System\lcvZnqa.exe
  2⤵
  PID:5264
- C:\Windows\System\deUsLEl.exe
  C:\Windows\System\deUsLEl.exe
  2⤵
  PID:5296
- C:\Windows\System\KmcINeH.exe
  C:\Windows\System\KmcINeH.exe
  2⤵
  PID:5316
- C:\Windows\System\yCXjRGU.exe
  C:\Windows\System\yCXjRGU.exe
  2⤵
  PID:5360
- C:\Windows\System\OsZTLKq.exe
  C:\Windows\System\OsZTLKq.exe
  2⤵
  PID:5392
- C:\Windows\System\tkOFSND.exe
  C:\Windows\System\tkOFSND.exe
  2⤵
  PID:5412
- C:\Windows\System\oVWGuBY.exe
  C:\Windows\System\oVWGuBY.exe
  2⤵
  PID:5448
- C:\Windows\System\CbaiaET.exe
  C:\Windows\System\CbaiaET.exe
  2⤵
  PID:5480
- C:\Windows\System\dCeWIjV.exe
  C:\Windows\System\dCeWIjV.exe
  2⤵
  PID:5512
- C:\Windows\System\uhxjEDy.exe
  C:\Windows\System\uhxjEDy.exe
  2⤵
  PID:5548
- C:\Windows\System\ikntZOy.exe
  C:\Windows\System\ikntZOy.exe
  2⤵
  PID:5580
- C:\Windows\System\XQIPFnw.exe
  C:\Windows\System\XQIPFnw.exe
  2⤵
  PID:5612
- C:\Windows\System\BOzcYgR.exe
  C:\Windows\System\BOzcYgR.exe
  2⤵
  PID:5644
- C:\Windows\System\fRXhABn.exe
  C:\Windows\System\fRXhABn.exe
  2⤵
  PID:5676
- C:\Windows\System\jEUqUeQ.exe
  C:\Windows\System\jEUqUeQ.exe
  2⤵
  PID:5708
- C:\Windows\System\gEMrsag.exe
  C:\Windows\System\gEMrsag.exe
  2⤵
  PID:5740
- C:\Windows\System\ViEekAj.exe
  C:\Windows\System\ViEekAj.exe
  2⤵
  PID:5784
- C:\Windows\System\LfJPTge.exe
  C:\Windows\System\LfJPTge.exe
  2⤵
  PID:5804
- C:\Windows\System\XTnbWNM.exe
  C:\Windows\System\XTnbWNM.exe
  2⤵
  PID:5832
- C:\Windows\System\hnqzQea.exe
  C:\Windows\System\hnqzQea.exe
  2⤵
  PID:5864
- C:\Windows\System\uFoOwvw.exe
  C:\Windows\System\uFoOwvw.exe
  2⤵
  PID:5896
- C:\Windows\System\HqhGVtv.exe
  C:\Windows\System\HqhGVtv.exe
  2⤵
  PID:5916
- C:\Windows\System\gWhyYUD.exe
  C:\Windows\System\gWhyYUD.exe
  2⤵
  PID:5948
- C:\Windows\System\WbOFHGk.exe
  C:\Windows\System\WbOFHGk.exe
  2⤵
  PID:2868
- C:\Windows\System\JiuTpxV.exe
  C:\Windows\System\JiuTpxV.exe
  2⤵
  PID:6012
- C:\Windows\System\SebryxF.exe
  C:\Windows\System\SebryxF.exe
  2⤵
  PID:6044
- C:\Windows\System\lPytYRT.exe
  C:\Windows\System\lPytYRT.exe
  2⤵
  PID:6076
- C:\Windows\System\rzpPZpN.exe
  C:\Windows\System\rzpPZpN.exe
  2⤵
  PID:6108
- C:\Windows\System\EFoVTjb.exe
  C:\Windows\System\EFoVTjb.exe
  2⤵
  PID:6140
- C:\Windows\System\ntHjJoY.exe
  C:\Windows\System\ntHjJoY.exe
  2⤵
  PID:4956
- C:\Windows\System\xDhXuOw.exe
  C:\Windows\System\xDhXuOw.exe
  2⤵
  PID:5080
- C:\Windows\System\FwhKGWX.exe
  C:\Windows\System\FwhKGWX.exe
  2⤵
  PID:1500
- C:\Windows\System\YiuzQGo.exe
  C:\Windows\System\YiuzQGo.exe
  2⤵
  PID:3680
- C:\Windows\System\XWvejbM.exe
  C:\Windows\System\XWvejbM.exe
  2⤵
  PID:4256
- C:\Windows\System\gElMjOA.exe
  C:\Windows\System\gElMjOA.exe
  2⤵
  PID:4548
- C:\Windows\System\nosBnFP.exe
  C:\Windows\System\nosBnFP.exe
  2⤵
  PID:5124
- C:\Windows\System\QxpVQZS.exe
  C:\Windows\System\QxpVQZS.exe
  2⤵
  PID:5184
- C:\Windows\System\AUyTsGz.exe
  C:\Windows\System\AUyTsGz.exe
  2⤵
  PID:5252
- C:\Windows\System\ZMBvZkC.exe
  C:\Windows\System\ZMBvZkC.exe
  2⤵
  PID:5328
- C:\Windows\System\oJzyEIO.exe
  C:\Windows\System\oJzyEIO.exe
  2⤵
  PID:5380
- C:\Windows\System\KSwxCTJ.exe
  C:\Windows\System\KSwxCTJ.exe
  2⤵
  PID:5444
- C:\Windows\System\oFVdNal.exe
  C:\Windows\System\oFVdNal.exe
  2⤵
  PID:5508
- C:\Windows\System\fJtkXBh.exe
  C:\Windows\System\fJtkXBh.exe
  2⤵
  PID:2732
- C:\Windows\System\tbOZEtm.exe
  C:\Windows\System\tbOZEtm.exe
  2⤵
  PID:5608
- C:\Windows\System\EsfJDdP.exe
  C:\Windows\System\EsfJDdP.exe
  2⤵
  PID:5692
- C:\Windows\System\crFfoKt.exe
  C:\Windows\System\crFfoKt.exe
  2⤵
  PID:5232
- C:\Windows\System\PDtUuMR.exe
  C:\Windows\System\PDtUuMR.exe
  2⤵
  PID:5788
- C:\Windows\System\FKhCOqN.exe
  C:\Windows\System\FKhCOqN.exe
  2⤵
  PID:5836
- C:\Windows\System\mxYRNmK.exe
  C:\Windows\System\mxYRNmK.exe
  2⤵
  PID:5912
- C:\Windows\System\AozbMZZ.exe
  C:\Windows\System\AozbMZZ.exe
  2⤵
  PID:5976
- C:\Windows\System\brSPkjn.exe
  C:\Windows\System\brSPkjn.exe
  2⤵
  PID:6040
- C:\Windows\System\wcjkeIz.exe
  C:\Windows\System\wcjkeIz.exe
  2⤵
  PID:6092
- C:\Windows\System\FPxbJEN.exe
  C:\Windows\System\FPxbJEN.exe
  2⤵
  PID:4868
- C:\Windows\System\lUryNwV.exe
  C:\Windows\System\lUryNwV.exe
  2⤵
  PID:6156
- C:\Windows\System\ZcAqazJ.exe
  C:\Windows\System\ZcAqazJ.exe
  2⤵
  PID:6172
- C:\Windows\System\LLCcZFa.exe
  C:\Windows\System\LLCcZFa.exe
  2⤵
  PID:6188
- C:\Windows\System\fvMMyUy.exe
  C:\Windows\System\fvMMyUy.exe
  2⤵
  PID:6204
- C:\Windows\System\dDgQbOa.exe
  C:\Windows\System\dDgQbOa.exe
  2⤵
  PID:6220
- C:\Windows\System\xhLjgWL.exe
  C:\Windows\System\xhLjgWL.exe
  2⤵
  PID:6236
- C:\Windows\System\lcdUlGB.exe
  C:\Windows\System\lcdUlGB.exe
  2⤵
  PID:6252
- C:\Windows\System\wfWcGJo.exe
  C:\Windows\System\wfWcGJo.exe
  2⤵
  PID:6268
- C:\Windows\System\TfAiDzQ.exe
  C:\Windows\System\TfAiDzQ.exe
  2⤵
  PID:6284
- C:\Windows\System\Fntyaik.exe
  C:\Windows\System\Fntyaik.exe
  2⤵
  PID:6300
- C:\Windows\System\UhhzETz.exe
  C:\Windows\System\UhhzETz.exe
  2⤵
  PID:6316
- C:\Windows\System\AbNhrvm.exe
  C:\Windows\System\AbNhrvm.exe
  2⤵
  PID:6332
- C:\Windows\System\fFhCSzf.exe
  C:\Windows\System\fFhCSzf.exe
  2⤵
  PID:6348
- C:\Windows\System\RBeiUPx.exe
  C:\Windows\System\RBeiUPx.exe
  2⤵
  PID:6364
- C:\Windows\System\nKIElBE.exe
  C:\Windows\System\nKIElBE.exe
  2⤵
  PID:6380
- C:\Windows\System\xIsKxlb.exe
  C:\Windows\System\xIsKxlb.exe
  2⤵
  PID:6396
- C:\Windows\System\KaXhbGz.exe
  C:\Windows\System\KaXhbGz.exe
  2⤵
  PID:6416
- C:\Windows\System\VbWFgSG.exe
  C:\Windows\System\VbWFgSG.exe
  2⤵
  PID:6432
- C:\Windows\System\SpdMmpa.exe
  C:\Windows\System\SpdMmpa.exe
  2⤵
  PID:6448
- C:\Windows\System\dROEveH.exe
  C:\Windows\System\dROEveH.exe
  2⤵
  PID:6464
- C:\Windows\System\eIdqWLg.exe
  C:\Windows\System\eIdqWLg.exe
  2⤵
  PID:6480
- C:\Windows\System\zDdILYY.exe
  C:\Windows\System\zDdILYY.exe
  2⤵
  PID:6496
- C:\Windows\System\dRjCMMD.exe
  C:\Windows\System\dRjCMMD.exe
  2⤵
  PID:6512
- C:\Windows\System\naMmqgU.exe
  C:\Windows\System\naMmqgU.exe
  2⤵
  PID:6528
- C:\Windows\System\tTRAgHp.exe
  C:\Windows\System\tTRAgHp.exe
  2⤵
  PID:6544
- C:\Windows\System\Ofejvda.exe
  C:\Windows\System\Ofejvda.exe
  2⤵
  PID:6560
- C:\Windows\System\pVWIuHm.exe
  C:\Windows\System\pVWIuHm.exe
  2⤵
  PID:6576
- C:\Windows\System\XpJunIn.exe
  C:\Windows\System\XpJunIn.exe
  2⤵
  PID:6592
- C:\Windows\System\BZWQmoV.exe
  C:\Windows\System\BZWQmoV.exe
  2⤵
  PID:6608
- C:\Windows\System\snAoHFV.exe
  C:\Windows\System\snAoHFV.exe
  2⤵
  PID:6624
- C:\Windows\System\DbdrWyy.exe
  C:\Windows\System\DbdrWyy.exe
  2⤵
  PID:6640
- C:\Windows\System\BNxBTYO.exe
  C:\Windows\System\BNxBTYO.exe
  2⤵
  PID:6656
- C:\Windows\System\IdExgyl.exe
  C:\Windows\System\IdExgyl.exe
  2⤵
  PID:6672
- C:\Windows\System\nBdtSMG.exe
  C:\Windows\System\nBdtSMG.exe
  2⤵
  PID:6688
- C:\Windows\System\xrpJFbz.exe
  C:\Windows\System\xrpJFbz.exe
  2⤵
  PID:6704
- C:\Windows\System\tvrDUXN.exe
  C:\Windows\System\tvrDUXN.exe
  2⤵
  PID:6720
- C:\Windows\System\aRQxlPZ.exe
  C:\Windows\System\aRQxlPZ.exe
  2⤵
  PID:6736
- C:\Windows\System\CuGhcdw.exe
  C:\Windows\System\CuGhcdw.exe
  2⤵
  PID:6752
- C:\Windows\System\iOttdSG.exe
  C:\Windows\System\iOttdSG.exe
  2⤵
  PID:6768
- C:\Windows\System\Pdndzux.exe
  C:\Windows\System\Pdndzux.exe
  2⤵
  PID:6784
- C:\Windows\System\CqJRYwN.exe
  C:\Windows\System\CqJRYwN.exe
  2⤵
  PID:6800
- C:\Windows\System\WZuTLrC.exe
  C:\Windows\System\WZuTLrC.exe
  2⤵
  PID:6816
- C:\Windows\System\LSucOWN.exe
  C:\Windows\System\LSucOWN.exe
  2⤵
  PID:6832
- C:\Windows\System\GzOepKz.exe
  C:\Windows\System\GzOepKz.exe
  2⤵
  PID:6848
- C:\Windows\System\eAenAym.exe
  C:\Windows\System\eAenAym.exe
  2⤵
  PID:6864
- C:\Windows\System\WMEYNIL.exe
  C:\Windows\System\WMEYNIL.exe
  2⤵
  PID:6880
- C:\Windows\System\pQluWxZ.exe
  C:\Windows\System\pQluWxZ.exe
  2⤵
  PID:6896
- C:\Windows\System\BOhyRSV.exe
  C:\Windows\System\BOhyRSV.exe
  2⤵
  PID:6912
- C:\Windows\System\cwpdSVF.exe
  C:\Windows\System\cwpdSVF.exe
  2⤵
  PID:6928
- C:\Windows\System\tQassMj.exe
  C:\Windows\System\tQassMj.exe
  2⤵
  PID:6944
- C:\Windows\System\TAHNzfn.exe
  C:\Windows\System\TAHNzfn.exe
  2⤵
  PID:6960
- C:\Windows\System\UBbksDI.exe
  C:\Windows\System\UBbksDI.exe
  2⤵
  PID:6980
- C:\Windows\System\nVatjkN.exe
  C:\Windows\System\nVatjkN.exe
  2⤵
  PID:6996
- C:\Windows\System\wfZqibb.exe
  C:\Windows\System\wfZqibb.exe
  2⤵
  PID:7012
- C:\Windows\System\nGXaTJz.exe
  C:\Windows\System\nGXaTJz.exe
  2⤵
  PID:7028
- C:\Windows\System\uCqzDZK.exe
  C:\Windows\System\uCqzDZK.exe
  2⤵
  PID:7044
- C:\Windows\System\rtQTuZT.exe
  C:\Windows\System\rtQTuZT.exe
  2⤵
  PID:7060
- C:\Windows\System\UqnmEog.exe
  C:\Windows\System\UqnmEog.exe
  2⤵
  PID:7080
- C:\Windows\System\uOafdDg.exe
  C:\Windows\System\uOafdDg.exe
  2⤵
  PID:7096
- C:\Windows\System\XqLHZpS.exe
  C:\Windows\System\XqLHZpS.exe
  2⤵
  PID:7112
- C:\Windows\System\utuYkQQ.exe
  C:\Windows\System\utuYkQQ.exe
  2⤵
  PID:7128
- C:\Windows\System\GIpVcej.exe
  C:\Windows\System\GIpVcej.exe
  2⤵
  PID:7144
- C:\Windows\System\QHiQLSj.exe
  C:\Windows\System\QHiQLSj.exe
  2⤵
  PID:7160
- C:\Windows\System\ujvIfvO.exe
  C:\Windows\System\ujvIfvO.exe
  2⤵
  PID:4756
- C:\Windows\System\uOUToAW.exe
  C:\Windows\System\uOUToAW.exe
  2⤵
  PID:4484
- C:\Windows\System\MdFHsiS.exe
  C:\Windows\System\MdFHsiS.exe
  2⤵
  PID:4744
- C:\Windows\System\sgOCzAv.exe
  C:\Windows\System\sgOCzAv.exe
  2⤵
  PID:5248
- C:\Windows\System\kYIcHPO.exe
  C:\Windows\System\kYIcHPO.exe
  2⤵
  PID:5428
- C:\Windows\System\YzXnViw.exe
  C:\Windows\System\YzXnViw.exe
  2⤵
  PID:5496
- C:\Windows\System\LTeuBar.exe
  C:\Windows\System\LTeuBar.exe
  2⤵
  PID:2776
- C:\Windows\System\LJjACus.exe
  C:\Windows\System\LJjACus.exe
  2⤵
  PID:5724
- C:\Windows\System\vSYffAV.exe
  C:\Windows\System\vSYffAV.exe
  2⤵
  PID:5532
- C:\Windows\System\gptxLQa.exe
  C:\Windows\System\gptxLQa.exe
  2⤵
  PID:5996
- C:\Windows\System\fxunmUW.exe
  C:\Windows\System\fxunmUW.exe
  2⤵
  PID:2760
- C:\Windows\System\vqoddnM.exe
  C:\Windows\System\vqoddnM.exe
  2⤵
  PID:4920
- C:\Windows\System\CySOcyY.exe
  C:\Windows\System\CySOcyY.exe
  2⤵
  PID:6180
- C:\Windows\System\bODzMBB.exe
  C:\Windows\System\bODzMBB.exe
  2⤵
  PID:6212
- C:\Windows\System\RCKoZzL.exe
  C:\Windows\System\RCKoZzL.exe
  2⤵
  PID:6244
- C:\Windows\System\GORpGLe.exe
  C:\Windows\System\GORpGLe.exe
  2⤵
  PID:6276
- C:\Windows\System\dyJUlcE.exe
  C:\Windows\System\dyJUlcE.exe
  2⤵
  PID:6308
- C:\Windows\System\RHrXFMp.exe
  C:\Windows\System\RHrXFMp.exe
  2⤵
  PID:6340
- C:\Windows\System\EGUJvaa.exe
  C:\Windows\System\EGUJvaa.exe
  2⤵
  PID:6152
- C:\Windows\System\fpWFEON.exe
  C:\Windows\System\fpWFEON.exe
  2⤵
  PID:6392
- C:\Windows\System\ERFQbXO.exe
  C:\Windows\System\ERFQbXO.exe
  2⤵
  PID:6428
- C:\Windows\System\aZXvwvb.exe
  C:\Windows\System\aZXvwvb.exe
  2⤵
  PID:6444
- C:\Windows\System\cwpWIOR.exe
  C:\Windows\System\cwpWIOR.exe
  2⤵
  PID:6488
- C:\Windows\System\qitagYa.exe
  C:\Windows\System\qitagYa.exe
  2⤵
  PID:6508
- C:\Windows\System\VrmYYUW.exe
  C:\Windows\System\VrmYYUW.exe
  2⤵
  PID:6540
- C:\Windows\System\JJkIVso.exe
  C:\Windows\System\JJkIVso.exe
  2⤵
  PID:6584
- C:\Windows\System\gFAtnml.exe
  C:\Windows\System\gFAtnml.exe
  2⤵
  PID:6600
- C:\Windows\System\KxuAbch.exe
  C:\Windows\System\KxuAbch.exe
  2⤵
  PID:6632
- C:\Windows\System\bICDrxO.exe
  C:\Windows\System\bICDrxO.exe
  2⤵
  PID:6664
- C:\Windows\System\ExEELXc.exe
  C:\Windows\System\ExEELXc.exe
  2⤵
  PID:6696
- C:\Windows\System\OinfvRP.exe
  C:\Windows\System\OinfvRP.exe
  2⤵
  PID:2876
- C:\Windows\System\huBkxhr.exe
  C:\Windows\System\huBkxhr.exe
  2⤵
  PID:6748
- C:\Windows\System\cGPjIFR.exe
  C:\Windows\System\cGPjIFR.exe
  2⤵
  PID:6776
- C:\Windows\System\MBKoWZW.exe
  C:\Windows\System\MBKoWZW.exe
  2⤵
  PID:6796
- C:\Windows\System\RbbRcKm.exe
  C:\Windows\System\RbbRcKm.exe
  2⤵
  PID:6828
- C:\Windows\System\IxNMGcy.exe
  C:\Windows\System\IxNMGcy.exe
  2⤵
  PID:6872
- C:\Windows\System\sUzEkcm.exe
  C:\Windows\System\sUzEkcm.exe
  2⤵
  PID:6892
- C:\Windows\System\vaIOPEZ.exe
  C:\Windows\System\vaIOPEZ.exe
  2⤵
  PID:6952
- C:\Windows\System\FvwbvaE.exe
  C:\Windows\System\FvwbvaE.exe
  2⤵
  PID:6988
- C:\Windows\System\jVigbaE.exe
  C:\Windows\System\jVigbaE.exe
  2⤵
  PID:7020
- C:\Windows\System\qvYbaBC.exe
  C:\Windows\System\qvYbaBC.exe
  2⤵
  PID:7052
- C:\Windows\System\wHSZnqE.exe
  C:\Windows\System\wHSZnqE.exe
  2⤵
  PID:7088
- C:\Windows\System\NrjZxZs.exe
  C:\Windows\System\NrjZxZs.exe
  2⤵
  PID:7124
- C:\Windows\System\mewNhSq.exe
  C:\Windows\System\mewNhSq.exe
  2⤵
  PID:7156
- C:\Windows\System\HsJFdUA.exe
  C:\Windows\System\HsJFdUA.exe
  2⤵
  PID:4448
- C:\Windows\System\upfgbUU.exe
  C:\Windows\System\upfgbUU.exe
  2⤵
  PID:5284
- C:\Windows\System\IeQnBfb.exe
  C:\Windows\System\IeQnBfb.exe
  2⤵
  PID:5544
- C:\Windows\System\CQFEZrP.exe
  C:\Windows\System\CQFEZrP.exe
  2⤵
  PID:6976
- C:\Windows\System\DlChtLn.exe
  C:\Windows\System\DlChtLn.exe
  2⤵
  PID:5884
- C:\Windows\System\KPLxwrK.exe
  C:\Windows\System\KPLxwrK.exe
  2⤵
  PID:6060
- C:\Windows\System\IhnDDni.exe
  C:\Windows\System\IhnDDni.exe
  2⤵
  PID:6184
- C:\Windows\System\fdBMJOw.exe
  C:\Windows\System\fdBMJOw.exe
  2⤵
  PID:6260
- C:\Windows\System\UleMmdh.exe
  C:\Windows\System\UleMmdh.exe
  2⤵
  PID:6324
- C:\Windows\System\qDJAYWF.exe
  C:\Windows\System\qDJAYWF.exe
  2⤵
  PID:6388
- C:\Windows\System\SLUAZcU.exe
  C:\Windows\System\SLUAZcU.exe
  2⤵
  PID:6456
- C:\Windows\System\TFTSsXR.exe
  C:\Windows\System\TFTSsXR.exe
  2⤵
  PID:6504
- C:\Windows\System\RXLZKtM.exe
  C:\Windows\System\RXLZKtM.exe
  2⤵
  PID:6568
- C:\Windows\System\kESDWbg.exe
  C:\Windows\System\kESDWbg.exe
  2⤵
  PID:6616
- C:\Windows\System\bVlNiSs.exe
  C:\Windows\System\bVlNiSs.exe
  2⤵
  PID:2736
- C:\Windows\System\gUZvcwe.exe
  C:\Windows\System\gUZvcwe.exe
  2⤵
  PID:6684
- C:\Windows\System\HjmXxlP.exe
  C:\Windows\System\HjmXxlP.exe
  2⤵
  PID:6744
- C:\Windows\System\dYMzHoi.exe
  C:\Windows\System\dYMzHoi.exe
  2⤵
  PID:6824
- C:\Windows\System\LMQKIYG.exe
  C:\Windows\System\LMQKIYG.exe
  2⤵
  PID:6888
- C:\Windows\System\aTmNUpx.exe
  C:\Windows\System\aTmNUpx.exe
  2⤵
  PID:6940
- C:\Windows\System\YSGHLvy.exe
  C:\Windows\System\YSGHLvy.exe
  2⤵
  PID:7008
- C:\Windows\System\NrcJbLB.exe
  C:\Windows\System\NrcJbLB.exe
  2⤵
  PID:7108
- C:\Windows\System\tlhOKXy.exe
  C:\Windows\System\tlhOKXy.exe
  2⤵
  PID:7152
- C:\Windows\System\xqLOfDQ.exe
  C:\Windows\System\xqLOfDQ.exe
  2⤵
  PID:5172
- C:\Windows\System\MRjKShM.exe
  C:\Windows\System\MRjKShM.exe
  2⤵
  PID:7176
- C:\Windows\System\bhXeKiG.exe
  C:\Windows\System\bhXeKiG.exe
  2⤵
  PID:7192
- C:\Windows\System\OEnANvg.exe
  C:\Windows\System\OEnANvg.exe
  2⤵
  PID:7208
- C:\Windows\System\omZtjFR.exe
  C:\Windows\System\omZtjFR.exe
  2⤵
  PID:7224
- C:\Windows\System\fnrNMfW.exe
  C:\Windows\System\fnrNMfW.exe
  2⤵
  PID:7240
- C:\Windows\System\IqedVXe.exe
  C:\Windows\System\IqedVXe.exe
  2⤵
  PID:7256
- C:\Windows\System\MrPNSHV.exe
  C:\Windows\System\MrPNSHV.exe
  2⤵
  PID:7272
- C:\Windows\System\CtlBBDy.exe
  C:\Windows\System\CtlBBDy.exe
  2⤵
  PID:7288
- C:\Windows\System\nenHBrH.exe
  C:\Windows\System\nenHBrH.exe
  2⤵
  PID:7304
- C:\Windows\System\TtrbYsv.exe
  C:\Windows\System\TtrbYsv.exe
  2⤵
  PID:7320
- C:\Windows\System\yVHRZzs.exe
  C:\Windows\System\yVHRZzs.exe
  2⤵
  PID:7340
- C:\Windows\System\xXpwXWx.exe
  C:\Windows\System\xXpwXWx.exe
  2⤵
  PID:7356
- C:\Windows\System\pOsFwMQ.exe
  C:\Windows\System\pOsFwMQ.exe
  2⤵
  PID:7372
- C:\Windows\System\TNUtXxQ.exe
  C:\Windows\System\TNUtXxQ.exe
  2⤵
  PID:7388
- C:\Windows\System\WATuTnj.exe
  C:\Windows\System\WATuTnj.exe
  2⤵
  PID:7404
- C:\Windows\System\VIwqZDQ.exe
  C:\Windows\System\VIwqZDQ.exe
  2⤵
  PID:7420
- C:\Windows\System\itrEgCM.exe
  C:\Windows\System\itrEgCM.exe
  2⤵
  PID:7436
- C:\Windows\System\sUjPsSE.exe
  C:\Windows\System\sUjPsSE.exe
  2⤵
  PID:7452
- C:\Windows\System\CvyHEHj.exe
  C:\Windows\System\CvyHEHj.exe
  2⤵
  PID:7468
- C:\Windows\System\pnDARVs.exe
  C:\Windows\System\pnDARVs.exe
  2⤵
  PID:7484
- C:\Windows\System\YueJUIc.exe
  C:\Windows\System\YueJUIc.exe
  2⤵
  PID:7500
- C:\Windows\System\EIKxzuW.exe
  C:\Windows\System\EIKxzuW.exe
  2⤵
  PID:7516
- C:\Windows\System\pYmJQZu.exe
  C:\Windows\System\pYmJQZu.exe
  2⤵
  PID:7532
- C:\Windows\System\EevDztr.exe
  C:\Windows\System\EevDztr.exe
  2⤵
  PID:7548
- C:\Windows\System\ajvFbJu.exe
  C:\Windows\System\ajvFbJu.exe
  2⤵
  PID:7568
- C:\Windows\System\bOgDXzv.exe
  C:\Windows\System\bOgDXzv.exe
  2⤵
  PID:7584
- C:\Windows\System\ZmomKag.exe
  C:\Windows\System\ZmomKag.exe
  2⤵
  PID:7600
- C:\Windows\System\dRkStuW.exe
  C:\Windows\System\dRkStuW.exe
  2⤵
  PID:7616
- C:\Windows\System\FSfckDL.exe
  C:\Windows\System\FSfckDL.exe
  2⤵
  PID:7632
- C:\Windows\System\blNtemr.exe
  C:\Windows\System\blNtemr.exe
  2⤵
  PID:7648
- C:\Windows\System\qyWGLqc.exe
  C:\Windows\System\qyWGLqc.exe
  2⤵
  PID:7664
- C:\Windows\System\EVzKBZt.exe
  C:\Windows\System\EVzKBZt.exe
  2⤵
  PID:7680
- C:\Windows\System\xtuClmB.exe
  C:\Windows\System\xtuClmB.exe
  2⤵
  PID:7696
- C:\Windows\System\EotToGZ.exe
  C:\Windows\System\EotToGZ.exe
  2⤵
  PID:7712
- C:\Windows\System\UDYJkCV.exe
  C:\Windows\System\UDYJkCV.exe
  2⤵
  PID:7728
- C:\Windows\System\LQBIMUI.exe
  C:\Windows\System\LQBIMUI.exe
  2⤵
  PID:7744
- C:\Windows\System\WvmZIFL.exe
  C:\Windows\System\WvmZIFL.exe
  2⤵
  PID:7760
- C:\Windows\System\hxDdeOd.exe
  C:\Windows\System\hxDdeOd.exe
  2⤵
  PID:7776
- C:\Windows\System\vBIrcmx.exe
  C:\Windows\System\vBIrcmx.exe
  2⤵
  PID:7792
- C:\Windows\System\lnsdWmH.exe
  C:\Windows\System\lnsdWmH.exe
  2⤵
  PID:7808
- C:\Windows\System\LSQtTYy.exe
  C:\Windows\System\LSQtTYy.exe
  2⤵
  PID:7824
- C:\Windows\System\CXxIwfS.exe
  C:\Windows\System\CXxIwfS.exe
  2⤵
  PID:7840
- C:\Windows\System\rGyKFJa.exe
  C:\Windows\System\rGyKFJa.exe
  2⤵
  PID:7856
- C:\Windows\System\CVpAYrz.exe
  C:\Windows\System\CVpAYrz.exe
  2⤵
  PID:7872
- C:\Windows\System\WGVcbxV.exe
  C:\Windows\System\WGVcbxV.exe
  2⤵
  PID:7888
- C:\Windows\System\HDZqyyQ.exe
  C:\Windows\System\HDZqyyQ.exe
  2⤵
  PID:7904
- C:\Windows\System\RFUynbm.exe
  C:\Windows\System\RFUynbm.exe
  2⤵
  PID:7920
- C:\Windows\System\TBYypRd.exe
  C:\Windows\System\TBYypRd.exe
  2⤵
  PID:7940
- C:\Windows\System\XtMJppH.exe
  C:\Windows\System\XtMJppH.exe
  2⤵
  PID:7956
- C:\Windows\System\ZcVqLcR.exe
  C:\Windows\System\ZcVqLcR.exe
  2⤵
  PID:7972
- C:\Windows\System\AVEIByN.exe
  C:\Windows\System\AVEIByN.exe
  2⤵
  PID:7988
- C:\Windows\System\pNrqlwu.exe
  C:\Windows\System\pNrqlwu.exe
  2⤵
  PID:8004
- C:\Windows\System\MeSVXRR.exe
  C:\Windows\System\MeSVXRR.exe
  2⤵
  PID:8020
- C:\Windows\System\NiwxWHe.exe
  C:\Windows\System\NiwxWHe.exe
  2⤵
  PID:8036
- C:\Windows\System\pcDdpCN.exe
  C:\Windows\System\pcDdpCN.exe
  2⤵
  PID:8052
- C:\Windows\System\ehhikxc.exe
  C:\Windows\System\ehhikxc.exe
  2⤵
  PID:8068
- C:\Windows\System\pgdgpwO.exe
  C:\Windows\System\pgdgpwO.exe
  2⤵
  PID:8084
- C:\Windows\System\BpyekAV.exe
  C:\Windows\System\BpyekAV.exe
  2⤵
  PID:8100
- C:\Windows\System\EmaeyLd.exe
  C:\Windows\System\EmaeyLd.exe
  2⤵
  PID:8116
- C:\Windows\System\gypguHN.exe
  C:\Windows\System\gypguHN.exe
  2⤵
  PID:8132
- C:\Windows\System\fGmeyWW.exe
  C:\Windows\System\fGmeyWW.exe
  2⤵
  PID:8148
- C:\Windows\System\LtQcvPF.exe
  C:\Windows\System\LtQcvPF.exe
  2⤵
  PID:8164
- C:\Windows\System\FOxWdiy.exe
  C:\Windows\System\FOxWdiy.exe
  2⤵
  PID:8180
- C:\Windows\System\rDBqmmR.exe
  C:\Windows\System\rDBqmmR.exe
  2⤵
  PID:5768
- C:\Windows\System\XKnURoA.exe
  C:\Windows\System\XKnURoA.exe
  2⤵
  PID:6072
- C:\Windows\System\rNlUGyP.exe
  C:\Windows\System\rNlUGyP.exe
  2⤵
  PID:6292
- C:\Windows\System\FCySkoI.exe
  C:\Windows\System\FCySkoI.exe
  2⤵
  PID:6360
- C:\Windows\System\XzDcGqc.exe
  C:\Windows\System\XzDcGqc.exe
  2⤵
  PID:6536
- C:\Windows\System\sCYSLSL.exe
  C:\Windows\System\sCYSLSL.exe
  2⤵
  PID:6636
- C:\Windows\System\tonSvYI.exe
  C:\Windows\System\tonSvYI.exe
  2⤵
  PID:6732
- C:\Windows\System\zFXMnFG.exe
  C:\Windows\System\zFXMnFG.exe
  2⤵
  PID:6792
- C:\Windows\System\FOAZDna.exe
  C:\Windows\System\FOAZDna.exe
  2⤵
  PID:6856
- C:\Windows\System\OdfirCI.exe
  C:\Windows\System\OdfirCI.exe
  2⤵
  PID:7004
- C:\Windows\System\QuozzDA.exe
  C:\Windows\System\QuozzDA.exe
  2⤵
  PID:7140
- C:\Windows\System\fqCZYko.exe
  C:\Windows\System\fqCZYko.exe
  2⤵
  PID:7172
- C:\Windows\System\ejVYBfO.exe
  C:\Windows\System\ejVYBfO.exe
  2⤵
  PID:7204
- C:\Windows\System\GYgRWvI.exe
  C:\Windows\System\GYgRWvI.exe
  2⤵
  PID:7236
- C:\Windows\System\UfYtict.exe
  C:\Windows\System\UfYtict.exe
  2⤵
  PID:7268
- C:\Windows\System\vjNoffq.exe
  C:\Windows\System\vjNoffq.exe
  2⤵
  PID:7296
- C:\Windows\System\bkwJJQC.exe
  C:\Windows\System\bkwJJQC.exe
  2⤵
  PID:7316
- C:\Windows\System\ChVKtPj.exe
  C:\Windows\System\ChVKtPj.exe
  2⤵
  PID:752
- C:\Windows\System\qKILeCO.exe
  C:\Windows\System\qKILeCO.exe
  2⤵
  PID:7368
- C:\Windows\System\MAxDKpo.exe
  C:\Windows\System\MAxDKpo.exe
  2⤵
  PID:7384
- C:\Windows\System\TFRXOML.exe
  C:\Windows\System\TFRXOML.exe
  2⤵
  PID:7412
- C:\Windows\System\UsMxPoR.exe
  C:\Windows\System\UsMxPoR.exe
  2⤵
  PID:7432
- C:\Windows\System\yGwYhbR.exe
  C:\Windows\System\yGwYhbR.exe
  2⤵
  PID:7464
- C:\Windows\System\ETntxyB.exe
  C:\Windows\System\ETntxyB.exe
  2⤵
  PID:7496
- C:\Windows\System\rlCexSM.exe
  C:\Windows\System\rlCexSM.exe
  2⤵
  PID:7528
- C:\Windows\System\IqYYUyv.exe
  C:\Windows\System\IqYYUyv.exe
  2⤵
  PID:7560
- C:\Windows\System\jiiRqLV.exe
  C:\Windows\System\jiiRqLV.exe
  2⤵
  PID:2668
- C:\Windows\System\AFafnCc.exe
  C:\Windows\System\AFafnCc.exe
  2⤵
  PID:7624
- C:\Windows\System\fVnJFBi.exe
  C:\Windows\System\fVnJFBi.exe
  2⤵
  PID:7656
- C:\Windows\System\eHsYGAw.exe
  C:\Windows\System\eHsYGAw.exe
  2⤵
  PID:7676
- C:\Windows\System\IRjzuFf.exe
  C:\Windows\System\IRjzuFf.exe
  2⤵
  PID:7720
- C:\Windows\System\hhAEKco.exe
  C:\Windows\System\hhAEKco.exe
  2⤵
  PID:7752
- C:\Windows\System\AzybQGv.exe
  C:\Windows\System\AzybQGv.exe
  2⤵
  PID:7772
- C:\Windows\System\FytROHN.exe
  C:\Windows\System\FytROHN.exe
  2⤵
  PID:7816
- C:\Windows\System\jZoSzcc.exe
  C:\Windows\System\jZoSzcc.exe
  2⤵
  PID:7564
- C:\Windows\System\LNNeELs.exe
  C:\Windows\System\LNNeELs.exe
  2⤵
  PID:7868
- C:\Windows\System\yvldfsK.exe
  C:\Windows\System\yvldfsK.exe
  2⤵
  PID:7912
- C:\Windows\System\XGidgYT.exe
  C:\Windows\System\XGidgYT.exe
  2⤵
  PID:7932
- C:\Windows\System\wPHHLZv.exe
  C:\Windows\System\wPHHLZv.exe
  2⤵
  PID:7980
- C:\Windows\System\MDcvPFD.exe
  C:\Windows\System\MDcvPFD.exe
  2⤵
  PID:8048
- C:\Windows\System\tPxMemf.exe
  C:\Windows\System\tPxMemf.exe
  2⤵
  PID:8108
- C:\Windows\System\OrObdCC.exe
  C:\Windows\System\OrObdCC.exe
  2⤵
  PID:8144
- C:\Windows\System\TXSzseP.exe
  C:\Windows\System\TXSzseP.exe
  2⤵
  PID:8176
- C:\Windows\System\KcWXXkU.exe
  C:\Windows\System\KcWXXkU.exe
  2⤵
  PID:5660
- C:\Windows\System\spJoRmF.exe
  C:\Windows\System\spJoRmF.exe
  2⤵
  PID:6588
- C:\Windows\System\lpemUWT.exe
  C:\Windows\System\lpemUWT.exe
  2⤵
  PID:6924
- C:\Windows\System\TLXsVYY.exe
  C:\Windows\System\TLXsVYY.exe
  2⤵
  PID:7188
- C:\Windows\System\hOnfLaY.exe
  C:\Windows\System\hOnfLaY.exe
  2⤵
  PID:7264
- C:\Windows\System\XOlfIMR.exe
  C:\Windows\System\XOlfIMR.exe
  2⤵
  PID:1204
- C:\Windows\System\sFqfITz.exe
  C:\Windows\System\sFqfITz.exe
  2⤵
  PID:2656
- C:\Windows\System\WyEPhyc.exe
  C:\Windows\System\WyEPhyc.exe
  2⤵
  PID:2160
- C:\Windows\System\qpVEFQq.exe
  C:\Windows\System\qpVEFQq.exe
  2⤵
  PID:1396
- C:\Windows\System\rkCbWSk.exe
  C:\Windows\System\rkCbWSk.exe
  2⤵
  PID:6232
- C:\Windows\System\Qeekzqj.exe
  C:\Windows\System\Qeekzqj.exe
  2⤵
  PID:6956
- C:\Windows\System\IZBEOoa.exe
  C:\Windows\System\IZBEOoa.exe
  2⤵
  PID:7480
- C:\Windows\System\ZbIiwpZ.exe
  C:\Windows\System\ZbIiwpZ.exe
  2⤵
  PID:1908
- C:\Windows\System\lzHEofp.exe
  C:\Windows\System\lzHEofp.exe
  2⤵
  PID:7692
- C:\Windows\System\OGjZnwi.exe
  C:\Windows\System\OGjZnwi.exe
  2⤵
  PID:7708
- C:\Windows\System\hgvgIbb.exe
  C:\Windows\System\hgvgIbb.exe
  2⤵
  PID:7964
- C:\Windows\System\pVBFiBP.exe
  C:\Windows\System\pVBFiBP.exe
  2⤵
  PID:7996
- C:\Windows\System\oSDcVby.exe
  C:\Windows\System\oSDcVby.exe
  2⤵
  PID:2612
- C:\Windows\System\KphTvyG.exe
  C:\Windows\System\KphTvyG.exe
  2⤵
  PID:2692
- C:\Windows\System\jHYlfZQ.exe
  C:\Windows\System\jHYlfZQ.exe
  2⤵
  PID:2504
- C:\Windows\System\HfxahoR.exe
  C:\Windows\System\HfxahoR.exe
  2⤵
  PID:3016
- C:\Windows\System\OSGIflR.exe
  C:\Windows\System\OSGIflR.exe
  2⤵
  PID:6228
- C:\Windows\System\EnCAkaJ.exe
  C:\Windows\System\EnCAkaJ.exe
  2⤵
  PID:1748
- C:\Windows\System\LzJVZKk.exe
  C:\Windows\System\LzJVZKk.exe
  2⤵
  PID:780
- C:\Windows\System\ZzGaRNT.exe
  C:\Windows\System\ZzGaRNT.exe
  2⤵
  PID:2516
- C:\Windows\System\lsULApk.exe
  C:\Windows\System\lsULApk.exe
  2⤵
  PID:2576
- C:\Windows\System\ZDvKVuL.exe
  C:\Windows\System\ZDvKVuL.exe
  2⤵
  PID:6476
- C:\Windows\System\mJMcCov.exe
  C:\Windows\System\mJMcCov.exe
  2⤵
  PID:2044
- C:\Windows\System\KXPAQNJ.exe
  C:\Windows\System\KXPAQNJ.exe
  2⤵
  PID:320
- C:\Windows\System\BBsscrH.exe
  C:\Windows\System\BBsscrH.exe
  2⤵
  PID:1444
- C:\Windows\System\HIcOlHv.exe
  C:\Windows\System\HIcOlHv.exe
  2⤵
  PID:2436
- C:\Windows\System\pmvyFRN.exe
  C:\Windows\System\pmvyFRN.exe
  2⤵
  PID:2240
- C:\Windows\System\VhKkBhx.exe
  C:\Windows\System\VhKkBhx.exe
  2⤵
  PID:568
- C:\Windows\System\psptkjN.exe
  C:\Windows\System\psptkjN.exe
  2⤵
  PID:7400
- C:\Windows\System\HUJxiHD.exe
  C:\Windows\System\HUJxiHD.exe
  2⤵
  PID:7448
- C:\Windows\System\fFrtpxA.exe
  C:\Windows\System\fFrtpxA.exe
  2⤵
  PID:7544
- C:\Windows\System\GmvPoFr.exe
  C:\Windows\System\GmvPoFr.exe
  2⤵
  PID:1508
- C:\Windows\System\CXuXjFw.exe
  C:\Windows\System\CXuXjFw.exe
  2⤵
  PID:7612
- C:\Windows\System\VuLRLiw.exe
  C:\Windows\System\VuLRLiw.exe
  2⤵
  PID:7768
- C:\Windows\System\VlrmHjr.exe
  C:\Windows\System\VlrmHjr.exe
  2⤵
  PID:7804
- C:\Windows\System\bwNezPk.exe
  C:\Windows\System\bwNezPk.exe
  2⤵
  PID:7884
- C:\Windows\System\gyuzQqg.exe
  C:\Windows\System\gyuzQqg.exe
  2⤵
  PID:7948
- C:\Windows\System\cITwodq.exe
  C:\Windows\System\cITwodq.exe
  2⤵
  PID:4176
- C:\Windows\System\SxlfMGt.exe
  C:\Windows\System\SxlfMGt.exe
  2⤵
  PID:8124
- C:\Windows\System\GXkTmhl.exe
  C:\Windows\System\GXkTmhl.exe
  2⤵
  PID:2148
- C:\Windows\System\OjvvVkS.exe
  C:\Windows\System\OjvvVkS.exe
  2⤵
  PID:2884
- C:\Windows\System\EaAAhOq.exe
  C:\Windows\System\EaAAhOq.exe
  2⤵
  PID:2500
- C:\Windows\System\bAJznui.exe
  C:\Windows\System\bAJznui.exe
  2⤵
  PID:2276
- C:\Windows\System\QSOcvjV.exe
  C:\Windows\System\QSOcvjV.exe
  2⤵
  PID:7628
- C:\Windows\System\pNhxVax.exe
  C:\Windows\System\pNhxVax.exe
  2⤵
  PID:2588
- C:\Windows\System\TjPfnSu.exe
  C:\Windows\System\TjPfnSu.exe
  2⤵
  PID:1860
- C:\Windows\System\sRkWnrc.exe
  C:\Windows\System\sRkWnrc.exe
  2⤵
  PID:372
- C:\Windows\System\fYqwall.exe
  C:\Windows\System\fYqwall.exe
  2⤵
  PID:7608
- C:\Windows\System\tTPbcfV.exe
  C:\Windows\System\tTPbcfV.exe
  2⤵
  PID:4676
- C:\Windows\System\vzUNAqb.exe
  C:\Windows\System\vzUNAqb.exe
  2⤵
  PID:1324
- C:\Windows\System\loUllDn.exe
  C:\Windows\System\loUllDn.exe
  2⤵
  PID:6552
- C:\Windows\System\rhwquUs.exe
  C:\Windows\System\rhwquUs.exe
  2⤵
  PID:1388
- C:\Windows\System\HrUXGuh.exe
  C:\Windows\System\HrUXGuh.exe
  2⤵
  PID:7460
- C:\Windows\System\dyQpvjr.exe
  C:\Windows\System\dyQpvjr.exe
  2⤵
  PID:7852
- C:\Windows\System\eskGcBH.exe
  C:\Windows\System\eskGcBH.exe
  2⤵
  PID:6908
- C:\Windows\System\UhskbqW.exe
  C:\Windows\System\UhskbqW.exe
  2⤵
  PID:6700
- C:\Windows\System\JCMDwXk.exe
  C:\Windows\System\JCMDwXk.exe
  2⤵
  PID:2624
- C:\Windows\System\fNkBYWI.exe
  C:\Windows\System\fNkBYWI.exe
  2⤵
  PID:7800
- C:\Windows\System\Vyfmzln.exe
  C:\Windows\System\Vyfmzln.exe
  2⤵
  PID:2184
- C:\Windows\System\yZTojji.exe
  C:\Windows\System\yZTojji.exe
  2⤵
  PID:1280
- C:\Windows\System\pOwyqXZ.exe
  C:\Windows\System\pOwyqXZ.exe
  2⤵
  PID:2008
- C:\Windows\System\dOlzsEU.exe
  C:\Windows\System\dOlzsEU.exe
  2⤵
  PID:8128
- C:\Windows\System\uLRzRUW.exe
  C:\Windows\System\uLRzRUW.exe
  2⤵
  PID:8160
- C:\Windows\System\XPvJxnI.exe
  C:\Windows\System\XPvJxnI.exe
  2⤵
  PID:2196
- C:\Windows\System\NKLfJrZ.exe
  C:\Windows\System\NKLfJrZ.exe
  2⤵
  PID:8200
- C:\Windows\System\gKojAwI.exe
  C:\Windows\System\gKojAwI.exe
  2⤵
  PID:8216
- C:\Windows\System\PfPERQL.exe
  C:\Windows\System\PfPERQL.exe
  2⤵
  PID:8232
- C:\Windows\System\ycpOTaW.exe
  C:\Windows\System\ycpOTaW.exe
  2⤵
  PID:8248
- C:\Windows\System\PfVtVrX.exe
  C:\Windows\System\PfVtVrX.exe
  2⤵
  PID:8264
- C:\Windows\System\AtUTOmw.exe
  C:\Windows\System\AtUTOmw.exe
  2⤵
  PID:8280
- C:\Windows\System\ZISwDEv.exe
  C:\Windows\System\ZISwDEv.exe
  2⤵
  PID:8300
- C:\Windows\System\VGIgEdO.exe
  C:\Windows\System\VGIgEdO.exe
  2⤵
  PID:8316
- C:\Windows\System\xEadCEi.exe
  C:\Windows\System\xEadCEi.exe
  2⤵
  PID:8332
- C:\Windows\System\yfVgUPQ.exe
  C:\Windows\System\yfVgUPQ.exe
  2⤵
  PID:8348
- C:\Windows\System\ehtJSzc.exe
  C:\Windows\System\ehtJSzc.exe
  2⤵
  PID:8364
- C:\Windows\System\DXGolkZ.exe
  C:\Windows\System\DXGolkZ.exe
  2⤵
  PID:8380
- C:\Windows\System\yqdoQWZ.exe
  C:\Windows\System\yqdoQWZ.exe
  2⤵
  PID:8396
- C:\Windows\System\iucYgCB.exe
  C:\Windows\System\iucYgCB.exe
  2⤵
  PID:8412
- C:\Windows\System\ORjuIaU.exe
  C:\Windows\System\ORjuIaU.exe
  2⤵
  PID:8428
- C:\Windows\System\cspVNLN.exe
  C:\Windows\System\cspVNLN.exe
  2⤵
  PID:8444
- C:\Windows\System\KobmLIV.exe
  C:\Windows\System\KobmLIV.exe
  2⤵
  PID:8460
- C:\Windows\System\QVwxsCs.exe
  C:\Windows\System\QVwxsCs.exe
  2⤵
  PID:8476
- C:\Windows\System\ZbmRqGV.exe
  C:\Windows\System\ZbmRqGV.exe
  2⤵
  PID:8492
- C:\Windows\System\GyXWFOm.exe
  C:\Windows\System\GyXWFOm.exe
  2⤵
  PID:8508
- C:\Windows\System\eiZIYya.exe
  C:\Windows\System\eiZIYya.exe
  2⤵
  PID:8524
- C:\Windows\System\yukaFVP.exe
  C:\Windows\System\yukaFVP.exe
  2⤵
  PID:8540
- C:\Windows\System\RnQEhJg.exe
  C:\Windows\System\RnQEhJg.exe
  2⤵
  PID:8576
- C:\Windows\System\iBLWrjm.exe
  C:\Windows\System\iBLWrjm.exe
  2⤵
  PID:8592
- C:\Windows\System\CWWeAwq.exe
  C:\Windows\System\CWWeAwq.exe
  2⤵
  PID:8608
- C:\Windows\System\YIXDsjL.exe
  C:\Windows\System\YIXDsjL.exe
  2⤵
  PID:8628
- C:\Windows\System\zIfbdoO.exe
  C:\Windows\System\zIfbdoO.exe
  2⤵
  PID:8644
- C:\Windows\System\fDNCFqp.exe
  C:\Windows\System\fDNCFqp.exe
  2⤵
  PID:8660
- C:\Windows\System\gZcrbNJ.exe
  C:\Windows\System\gZcrbNJ.exe
  2⤵
  PID:8676
- C:\Windows\System\FrFfNne.exe
  C:\Windows\System\FrFfNne.exe
  2⤵
  PID:8692
- C:\Windows\System\gPDXpUA.exe
  C:\Windows\System\gPDXpUA.exe
  2⤵
  PID:8708
- C:\Windows\System\EVoPJhl.exe
  C:\Windows\System\EVoPJhl.exe
  2⤵
  PID:8724
- C:\Windows\System\qvNJHmi.exe
  C:\Windows\System\qvNJHmi.exe
  2⤵
  PID:8740
- C:\Windows\System\OWVpdge.exe
  C:\Windows\System\OWVpdge.exe
  2⤵
  PID:8756
- C:\Windows\System\sDgkPXv.exe
  C:\Windows\System\sDgkPXv.exe
  2⤵
  PID:8772
- C:\Windows\System\bVPNSNg.exe
  C:\Windows\System\bVPNSNg.exe
  2⤵
  PID:8788
- C:\Windows\System\PMnTryO.exe
  C:\Windows\System\PMnTryO.exe
  2⤵
  PID:8804
- C:\Windows\System\BiTmYZL.exe
  C:\Windows\System\BiTmYZL.exe
  2⤵
  PID:8820
- C:\Windows\System\JEKEEjE.exe
  C:\Windows\System\JEKEEjE.exe
  2⤵
  PID:8836
- C:\Windows\System\aOVtxXb.exe
  C:\Windows\System\aOVtxXb.exe
  2⤵
  PID:8852
- C:\Windows\System\ujFYtpa.exe
  C:\Windows\System\ujFYtpa.exe
  2⤵
  PID:8872
- C:\Windows\System\PBjJEMr.exe
  C:\Windows\System\PBjJEMr.exe
  2⤵
  PID:8888
- C:\Windows\System\NNSjLrY.exe
  C:\Windows\System\NNSjLrY.exe
  2⤵
  PID:8904
- C:\Windows\System\wRkwWwI.exe
  C:\Windows\System\wRkwWwI.exe
  2⤵
  PID:8920
- C:\Windows\System\ZMPurRw.exe
  C:\Windows\System\ZMPurRw.exe
  2⤵
  PID:8936
- C:\Windows\System\tJkZSgT.exe
  C:\Windows\System\tJkZSgT.exe
  2⤵
  PID:8952
- C:\Windows\System\eRhecuH.exe
  C:\Windows\System\eRhecuH.exe
  2⤵
  PID:8968
- C:\Windows\System\bjPFjjI.exe
  C:\Windows\System\bjPFjjI.exe
  2⤵
  PID:8984
- C:\Windows\System\nJeiAdv.exe
  C:\Windows\System\nJeiAdv.exe
  2⤵
  PID:9000
- C:\Windows\System\UkaLijf.exe
  C:\Windows\System\UkaLijf.exe
  2⤵
  PID:9016
- C:\Windows\System\lKeCplS.exe
  C:\Windows\System\lKeCplS.exe
  2⤵
  PID:9032
- C:\Windows\System\UvsFPan.exe
  C:\Windows\System\UvsFPan.exe
  2⤵
  PID:9048
- C:\Windows\System\DajWOCV.exe
  C:\Windows\System\DajWOCV.exe
  2⤵
  PID:9064
- C:\Windows\System\rsTAZrG.exe
  C:\Windows\System\rsTAZrG.exe
  2⤵
  PID:9080
- C:\Windows\System\TisqhIR.exe
  C:\Windows\System\TisqhIR.exe
  2⤵
  PID:9096
- C:\Windows\System\SEAevlj.exe
  C:\Windows\System\SEAevlj.exe
  2⤵
  PID:9112
- C:\Windows\System\zCZoRrT.exe
  C:\Windows\System\zCZoRrT.exe
  2⤵
  PID:9128
- C:\Windows\System\mqqBDxD.exe
  C:\Windows\System\mqqBDxD.exe
  2⤵
  PID:9144
- C:\Windows\System\zbXnhwg.exe
  C:\Windows\System\zbXnhwg.exe
  2⤵
  PID:9160
- C:\Windows\System\nTunSZw.exe
  C:\Windows\System\nTunSZw.exe
  2⤵
  PID:9176
- C:\Windows\System\lXvMPNO.exe
  C:\Windows\System\lXvMPNO.exe
  2⤵
  PID:9192
- C:\Windows\System\ZudvuiF.exe
  C:\Windows\System\ZudvuiF.exe
  2⤵
  PID:9208
- C:\Windows\System\LbGcaGB.exe
  C:\Windows\System\LbGcaGB.exe
  2⤵
  PID:3044
- C:\Windows\System\AQSHmqJ.exe
  C:\Windows\System\AQSHmqJ.exe
  2⤵
  PID:8196
- C:\Windows\System\ecHWpWY.exe
  C:\Windows\System\ecHWpWY.exe
  2⤵
  PID:8288
- C:\Windows\System\zGRIVmg.exe
  C:\Windows\System\zGRIVmg.exe
  2⤵
  PID:7328
- C:\Windows\System\cRZDUXp.exe
  C:\Windows\System\cRZDUXp.exe
  2⤵
  PID:1744
- C:\Windows\System\KYlggUa.exe
  C:\Windows\System\KYlggUa.exe
  2⤵
  PID:8244
- C:\Windows\System\droBIis.exe
  C:\Windows\System\droBIis.exe
  2⤵
  PID:8312
- C:\Windows\System\iOYBjvA.exe
  C:\Windows\System\iOYBjvA.exe
  2⤵
  PID:8344
- C:\Windows\System\ZzfmlHe.exe
  C:\Windows\System\ZzfmlHe.exe
  2⤵
  PID:8420
- C:\Windows\System\ayRTNww.exe
  C:\Windows\System\ayRTNww.exe
  2⤵
  PID:8376
- C:\Windows\System\pvbBGuT.exe
  C:\Windows\System\pvbBGuT.exe
  2⤵
  PID:8488
- C:\Windows\System\ItTcLEL.exe
  C:\Windows\System\ItTcLEL.exe
  2⤵
  PID:8516
- C:\Windows\System\PMBFwct.exe
  C:\Windows\System\PMBFwct.exe
  2⤵
  PID:8440
- C:\Windows\System\qTIdbvH.exe
  C:\Windows\System\qTIdbvH.exe
  2⤵
  PID:8536
- C:\Windows\System\HNzKTai.exe
  C:\Windows\System\HNzKTai.exe
  2⤵
  PID:8564
- C:\Windows\System\yBOYDxL.exe
  C:\Windows\System\yBOYDxL.exe
  2⤵
  PID:8600
- C:\Windows\System\EzmFqQZ.exe
  C:\Windows\System\EzmFqQZ.exe
  2⤵
  PID:8672
- C:\Windows\System\cZUoydi.exe
  C:\Windows\System\cZUoydi.exe
  2⤵
  PID:8652
- C:\Windows\System\iPXnCQA.exe
  C:\Windows\System\iPXnCQA.exe
  2⤵
  PID:8768
- C:\Windows\System\qSmfBIM.exe
  C:\Windows\System\qSmfBIM.exe
  2⤵
  PID:8684
- C:\Windows\System\GNsIyzK.exe
  C:\Windows\System\GNsIyzK.exe
  2⤵
  PID:8616
- C:\Windows\System\fPvgrPd.exe
  C:\Windows\System\fPvgrPd.exe
  2⤵
  PID:8748
- C:\Windows\System\pIqGoyy.exe
  C:\Windows\System\pIqGoyy.exe
  2⤵
  PID:8812
- C:\Windows\System\xElMwNq.exe
  C:\Windows\System\xElMwNq.exe
  2⤵
  PID:8844
- C:\Windows\System\HpTgtBa.exe
  C:\Windows\System\HpTgtBa.exe
  2⤵
  PID:8896
- C:\Windows\System\GgSMZPc.exe
  C:\Windows\System\GgSMZPc.exe
  2⤵
  PID:8932
- C:\Windows\System\btdfmNe.exe
  C:\Windows\System\btdfmNe.exe
  2⤵
  PID:8880
- C:\Windows\System\jgfawcV.exe
  C:\Windows\System\jgfawcV.exe
  2⤵
  PID:8992
- C:\Windows\System\KPeEUAa.exe
  C:\Windows\System\KPeEUAa.exe
  2⤵
  PID:9024
- C:\Windows\System\CSQvsSo.exe
  C:\Windows\System\CSQvsSo.exe
  2⤵
  PID:9040
- C:\Windows\System\cVDyzpT.exe
  C:\Windows\System\cVDyzpT.exe
  2⤵
  PID:9072
- C:\Windows\System\EnORHrF.exe
  C:\Windows\System\EnORHrF.exe
  2⤵
  PID:9092
- C:\Windows\System\FRGqedy.exe
  C:\Windows\System\FRGqedy.exe
  2⤵
  PID:9124
- C:\Windows\System\MMlBrDF.exe
  C:\Windows\System\MMlBrDF.exe
  2⤵
  PID:9188
- C:\Windows\System\aGeWnAf.exe
  C:\Windows\System\aGeWnAf.exe
  2⤵
  PID:9140
- C:\Windows\System\WCqyQfW.exe
  C:\Windows\System\WCqyQfW.exe
  2⤵
  PID:9204
- C:\Windows\System\sTyFBrI.exe
  C:\Windows\System\sTyFBrI.exe
  2⤵
  PID:8256
- C:\Windows\System\HhfCYbA.exe
  C:\Windows\System\HhfCYbA.exe
  2⤵
  PID:8308
- C:\Windows\System\dtnauEq.exe
  C:\Windows\System\dtnauEq.exe
  2⤵
  PID:8388
- C:\Windows\System\yambvmP.exe
  C:\Windows\System\yambvmP.exe
  2⤵
  PID:8548
- C:\Windows\System\jXmWAbP.exe
  C:\Windows\System\jXmWAbP.exe
  2⤵
  PID:8356
- C:\Windows\System\NNRdQXu.exe
  C:\Windows\System\NNRdQXu.exe
  2⤵
  PID:8452
- C:\Windows\System\HBBALLH.exe
  C:\Windows\System\HBBALLH.exe
  2⤵
  PID:8640
- C:\Windows\System\llvUSAB.exe
  C:\Windows\System\llvUSAB.exe
  2⤵
  PID:8584
- C:\Windows\System\SDRPRrF.exe
  C:\Windows\System\SDRPRrF.exe
  2⤵
  PID:8864
- C:\Windows\System\BOvHPVA.exe
  C:\Windows\System\BOvHPVA.exe
  2⤵
  PID:8656
- C:\Windows\System\XUxJdba.exe
  C:\Windows\System\XUxJdba.exe
  2⤵
  PID:8832
- C:\Windows\System\MhSrAWT.exe
  C:\Windows\System\MhSrAWT.exe
  2⤵
  PID:8916
- C:\Windows\System\oFWTaYf.exe
  C:\Windows\System\oFWTaYf.exe
  2⤵
  PID:8948
- C:\Windows\System\vicCEUU.exe
  C:\Windows\System\vicCEUU.exe
  2⤵
  PID:8980
- C:\Windows\System\RRiNCao.exe
  C:\Windows\System\RRiNCao.exe
  2⤵
  PID:9120
- C:\Windows\System\YyYBhaQ.exe
  C:\Windows\System\YyYBhaQ.exe
  2⤵
  PID:9008
- C:\Windows\System\dZJfczo.exe
  C:\Windows\System\dZJfczo.exe
  2⤵
  PID:9172
- C:\Windows\System\qParrrG.exe
  C:\Windows\System\qParrrG.exe
  2⤵
  PID:8228
- C:\Windows\System\eeJqaBo.exe
  C:\Windows\System\eeJqaBo.exe
  2⤵
  PID:8472
- C:\Windows\System\dpUuFXa.exe
  C:\Windows\System\dpUuFXa.exe
  2⤵
  PID:8500
- C:\Windows\System\uQDvgwI.exe
  C:\Windows\System\uQDvgwI.exe
  2⤵
  PID:8780
- C:\Windows\System\iWrJhWe.exe
  C:\Windows\System\iWrJhWe.exe
  2⤵
  PID:8372
- C:\Windows\System\sQPlNkL.exe
  C:\Windows\System\sQPlNkL.exe
  2⤵
  PID:8720
- C:\Windows\System\wIrKftX.exe
  C:\Windows\System\wIrKftX.exe
  2⤵
  PID:8944
- C:\Windows\System\atEXBTE.exe
  C:\Windows\System\atEXBTE.exe
  2⤵
  PID:9108
- C:\Windows\System\EgDeERh.exe
  C:\Windows\System\EgDeERh.exe
  2⤵
  PID:8560
- C:\Windows\System\joWkRqV.exe
  C:\Windows\System\joWkRqV.exe
  2⤵
  PID:8912
- C:\Windows\System\urnWjUJ.exe
  C:\Windows\System\urnWjUJ.exe
  2⤵
  PID:8828
- C:\Windows\System\LcOZjTd.exe
  C:\Windows\System\LcOZjTd.exe
  2⤵
  PID:8928
- C:\Windows\System\Uxhjxsc.exe
  C:\Windows\System\Uxhjxsc.exe
  2⤵
  PID:8408
- C:\Windows\System\hkVEsWP.exe
  C:\Windows\System\hkVEsWP.exe
  2⤵
  PID:8140
- C:\Windows\System\cDmBqHU.exe
  C:\Windows\System\cDmBqHU.exe
  2⤵
  PID:8736
- C:\Windows\System\OKQSOVX.exe
  C:\Windows\System\OKQSOVX.exe
  2⤵
  PID:9228
- C:\Windows\System\KLYFLze.exe
  C:\Windows\System\KLYFLze.exe
  2⤵
  PID:9244
- C:\Windows\System\PjmSjnT.exe
  C:\Windows\System\PjmSjnT.exe
  2⤵
  PID:9260
- C:\Windows\System\ftRqPQM.exe
  C:\Windows\System\ftRqPQM.exe
  2⤵
  PID:9276
- C:\Windows\System\wCAAzfD.exe
  C:\Windows\System\wCAAzfD.exe
  2⤵
  PID:9292
- C:\Windows\System\XdhoOgF.exe
  C:\Windows\System\XdhoOgF.exe
  2⤵
  PID:9308
- C:\Windows\System\ygylywj.exe
  C:\Windows\System\ygylywj.exe
  2⤵
  PID:9324
- C:\Windows\System\tDgBejB.exe
  C:\Windows\System\tDgBejB.exe
  2⤵
  PID:9340
- C:\Windows\System\xBSkLsK.exe
  C:\Windows\System\xBSkLsK.exe
  2⤵
  PID:9356
- C:\Windows\System\mOMGMSM.exe
  C:\Windows\System\mOMGMSM.exe
  2⤵
  PID:9372
- C:\Windows\System\vBFVQwg.exe
  C:\Windows\System\vBFVQwg.exe
  2⤵
  PID:9388
- C:\Windows\System\XeZrcai.exe
  C:\Windows\System\XeZrcai.exe
  2⤵
  PID:9404
- C:\Windows\System\deBtodM.exe
  C:\Windows\System\deBtodM.exe
  2⤵
  PID:9424
- C:\Windows\System\vOHMQBh.exe
  C:\Windows\System\vOHMQBh.exe
  2⤵
  PID:9440
- C:\Windows\System\qkUXTHr.exe
  C:\Windows\System\qkUXTHr.exe
  2⤵
  PID:9456
- C:\Windows\System\bkwmboC.exe
  C:\Windows\System\bkwmboC.exe
  2⤵
  PID:9476
- C:\Windows\System\pRRDsHq.exe
  C:\Windows\System\pRRDsHq.exe
  2⤵
  PID:9508
- C:\Windows\System\JavqQZA.exe
  C:\Windows\System\JavqQZA.exe
  2⤵
  PID:9524
- C:\Windows\System\PhWRFLT.exe
  C:\Windows\System\PhWRFLT.exe
  2⤵
  PID:9540
- C:\Windows\System\oTtypZd.exe
  C:\Windows\System\oTtypZd.exe
  2⤵
  PID:9556
- C:\Windows\System\wvfuNfu.exe
  C:\Windows\System\wvfuNfu.exe
  2⤵
  PID:9572
- C:\Windows\System\UqFwFZz.exe
  C:\Windows\System\UqFwFZz.exe
  2⤵
  PID:9588
- C:\Windows\System\RjjDLFZ.exe
  C:\Windows\System\RjjDLFZ.exe
  2⤵
  PID:9608
- C:\Windows\System\QPqRsQF.exe
  C:\Windows\System\QPqRsQF.exe
  2⤵
  PID:9624
- C:\Windows\System\FlBQJrV.exe
  C:\Windows\System\FlBQJrV.exe
  2⤵
  PID:9640
- C:\Windows\System\xoWkRUb.exe
  C:\Windows\System\xoWkRUb.exe
  2⤵
  PID:9656
- C:\Windows\System\cKdivmn.exe
  C:\Windows\System\cKdivmn.exe
  2⤵
  PID:9676
- C:\Windows\System\DasSjDv.exe
  C:\Windows\System\DasSjDv.exe
  2⤵
  PID:9696
- C:\Windows\System\oLcOgQu.exe
  C:\Windows\System\oLcOgQu.exe
  2⤵
  PID:9716
- C:\Windows\System\YoKTmTb.exe
  C:\Windows\System\YoKTmTb.exe
  2⤵
  PID:9732
- C:\Windows\System\nHpNNdc.exe
  C:\Windows\System\nHpNNdc.exe
  2⤵
  PID:9748
- C:\Windows\System\ZPTRIpj.exe
  C:\Windows\System\ZPTRIpj.exe
  2⤵
  PID:9764
- C:\Windows\System\IxaVGsk.exe
  C:\Windows\System\IxaVGsk.exe
  2⤵
  PID:9780
- C:\Windows\System\sHUPVKP.exe
  C:\Windows\System\sHUPVKP.exe
  2⤵
  PID:9800
- C:\Windows\System\avUpSsL.exe
  C:\Windows\System\avUpSsL.exe
  2⤵
  PID:9816
- C:\Windows\System\dUWgYrv.exe
  C:\Windows\System\dUWgYrv.exe
  2⤵
  PID:9832
- C:\Windows\System\nOHVkMd.exe
  C:\Windows\System\nOHVkMd.exe
  2⤵
  PID:9848
- C:\Windows\System\rpBOnRL.exe
  C:\Windows\System\rpBOnRL.exe
  2⤵
  PID:9864
- C:\Windows\System\wZunLdT.exe
  C:\Windows\System\wZunLdT.exe
  2⤵
  PID:9880
- C:\Windows\System\FBWgumN.exe
  C:\Windows\System\FBWgumN.exe
  2⤵
  PID:9896
- C:\Windows\System\BHpOKrB.exe
  C:\Windows\System\BHpOKrB.exe
  2⤵
  PID:9912
- C:\Windows\System\rxnmryf.exe
  C:\Windows\System\rxnmryf.exe
  2⤵
  PID:9928
- C:\Windows\System\IpWAUuN.exe
  C:\Windows\System\IpWAUuN.exe
  2⤵
  PID:9944
- C:\Windows\System\wjiQFgX.exe
  C:\Windows\System\wjiQFgX.exe
  2⤵
  PID:9960
- C:\Windows\System\TRuOsIN.exe
  C:\Windows\System\TRuOsIN.exe
  2⤵
  PID:9976
- C:\Windows\System\cdsBezC.exe
  C:\Windows\System\cdsBezC.exe
  2⤵
  PID:9992
- C:\Windows\System\QgwySMR.exe
  C:\Windows\System\QgwySMR.exe
  2⤵
  PID:10008
- C:\Windows\System\KvqxJLb.exe
  C:\Windows\System\KvqxJLb.exe
  2⤵
  PID:10024
- C:\Windows\System\GiPvSeG.exe
  C:\Windows\System\GiPvSeG.exe
  2⤵
  PID:10040
- C:\Windows\System\wFqJSwI.exe
  C:\Windows\System\wFqJSwI.exe
  2⤵
  PID:10056
- C:\Windows\System\DKrMLRM.exe
  C:\Windows\System\DKrMLRM.exe
  2⤵
  PID:10072
- C:\Windows\System\wIOzszx.exe
  C:\Windows\System\wIOzszx.exe
  2⤵
  PID:10088
- C:\Windows\System\QWKhuTd.exe
  C:\Windows\System\QWKhuTd.exe
  2⤵
  PID:10104
- C:\Windows\System\ChphaVX.exe
  C:\Windows\System\ChphaVX.exe
  2⤵
  PID:10120
- C:\Windows\System\DRbhXBq.exe
  C:\Windows\System\DRbhXBq.exe
  2⤵
  PID:10136
- C:\Windows\System\hKoAkMC.exe
  C:\Windows\System\hKoAkMC.exe
  2⤵
  PID:10152
- C:\Windows\System\iSKzYfj.exe
  C:\Windows\System\iSKzYfj.exe
  2⤵
  PID:10168
- C:\Windows\System\GXNIVYG.exe
  C:\Windows\System\GXNIVYG.exe
  2⤵
  PID:10184
- C:\Windows\System\QtMRUVZ.exe
  C:\Windows\System\QtMRUVZ.exe
  2⤵
  PID:10200
- C:\Windows\System\wHGkiet.exe
  C:\Windows\System\wHGkiet.exe
  2⤵
  PID:10216
- C:\Windows\System\VQbgZVo.exe
  C:\Windows\System\VQbgZVo.exe
  2⤵
  PID:10232
- C:\Windows\System\jPIBUzQ.exe
  C:\Windows\System\jPIBUzQ.exe
  2⤵
  PID:8704
- C:\Windows\System\sGpmBGS.exe
  C:\Windows\System\sGpmBGS.exe
  2⤵
  PID:9240
- C:\Windows\System\IXroUVD.exe
  C:\Windows\System\IXroUVD.exe
  2⤵
  PID:9316
- C:\Windows\System\plQfCAh.exe
  C:\Windows\System\plQfCAh.exe
  2⤵
  PID:9336
- C:\Windows\System\YEMaZtl.exe
  C:\Windows\System\YEMaZtl.exe
  2⤵
  PID:9364
- C:\Windows\System\fjgrHWf.exe
  C:\Windows\System\fjgrHWf.exe
  2⤵
  PID:9484
- C:\Windows\System\OKQuplQ.exe
  C:\Windows\System\OKQuplQ.exe
  2⤵
  PID:9496
- C:\Windows\System\ClMvqJx.exe
  C:\Windows\System\ClMvqJx.exe
  2⤵
  PID:9536
- C:\Windows\System\uptRAPn.exe
  C:\Windows\System\uptRAPn.exe
  2⤵
  PID:9552
- C:\Windows\System\fDCTvCf.exe
  C:\Windows\System\fDCTvCf.exe
  2⤵
  PID:9728
- C:\Windows\System\JRkEetX.exe
  C:\Windows\System\JRkEetX.exe
  2⤵
  PID:9756
- C:\Windows\System\AJlfmcf.exe
  C:\Windows\System\AJlfmcf.exe
  2⤵
  PID:9908
- C:\Windows\System\WWNivRh.exe
  C:\Windows\System\WWNivRh.exe
  2⤵
  PID:9860
- C:\Windows\System\GmiGpVI.exe
  C:\Windows\System\GmiGpVI.exe
  2⤵
  PID:10004
- C:\Windows\System\NlOJcyQ.exe
  C:\Windows\System\NlOJcyQ.exe
  2⤵
  PID:10016
- C:\Windows\System\IUjOHkZ.exe
  C:\Windows\System\IUjOHkZ.exe
  2⤵
  PID:10084
- C:\Windows\System\AIxNqna.exe
  C:\Windows\System\AIxNqna.exe
  2⤵
  PID:10132
- C:\Windows\System\ccPefnO.exe
  C:\Windows\System\ccPefnO.exe
  2⤵
  PID:10212
- C:\Windows\System\uhOmBaO.exe
  C:\Windows\System\uhOmBaO.exe
  2⤵
  PID:7580
- C:\Windows\System\soXwhEB.exe
  C:\Windows\System\soXwhEB.exe
  2⤵
  PID:9396
- C:\Windows\System\PIOzwua.exe
  C:\Windows\System\PIOzwua.exe
  2⤵
  PID:9464
- C:\Windows\System\fPOFKDa.exe
  C:\Windows\System\fPOFKDa.exe
  2⤵
  PID:9620
- C:\Windows\System\jRiLGFk.exe
  C:\Windows\System\jRiLGFk.exe
  2⤵
  PID:9272
- C:\Windows\System\zCtRrHs.exe
  C:\Windows\System\zCtRrHs.exe
  2⤵
  PID:9668
- C:\Windows\System\sBYJNGl.exe
  C:\Windows\System\sBYJNGl.exe
  2⤵
  PID:9400
- C:\Windows\System\wCJebmk.exe
  C:\Windows\System\wCJebmk.exe
  2⤵
  PID:9492
- C:\Windows\System\groWxeS.exe
  C:\Windows\System\groWxeS.exe
  2⤵
  PID:9604
- C:\Windows\System\BRbThSJ.exe
  C:\Windows\System\BRbThSJ.exe
  2⤵
  PID:9520
- C:\Windows\System\uodsEZC.exe
  C:\Windows\System\uodsEZC.exe
  2⤵
  PID:9840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AICjaTm.exe

Filesize
6.0MB

MD5
1a6e8f34d39476934a3fed7b4d23da72

SHA1
b6537e31d8c80e8776c8ff56d4e7f5e5ff2986fb

SHA256
3dfdc317bbb2787e038c8a20bc0bece4449c51689a5f20f6cc881df1797227be

SHA512
78a7c7e8e6cf928b10e4f3802cb17de73e27d0f6d89b419c923f12dc4001ae89e7aad31d9635ac1913d35d7f058881c96d5c0998dd4f85e549dd14e6df60e3f0

Download Submit
C:\Windows\system\AjsMQnF.exe

Filesize
6.0MB

MD5
c3c45a88bd3ca78bb5038aaa1e0220a5

SHA1
16266211b68793ebdac801269cbec32387f4c4ae

SHA256
0ea7c0f7c777b9751efb8f69519304eb423bca8493cb797855a73ac784fc10eb

SHA512
506c2fc14c2cab787cebc42e4c2b55f2a4dad4df3f1a75f46afc292abf9ce259dceba63bbada57b3ef2b5222effa2a1f94b69a00d1d8df4b58972fd768575496

Download Submit
C:\Windows\system\BOQVBOP.exe

Filesize
6.0MB

MD5
5c959e77f13a9680749d0ead33949e6b

SHA1
0309602f7fa39472b46e29460301d4239489a747

SHA256
949ac0cec6c011820a17d9c149ca7ad6a6e73316ab8c0cbc85167edb2a408aca

SHA512
e1ecb7f63ba1e13330b5523f134f3a62cad8aab591beda5c2c2c2796b86606eb2284fb88844bb9604c7fd38b64920c511ebc2bfe933e78ffb5b55f37179750ae

Download Submit
C:\Windows\system\CnonrBd.exe

Filesize
6.0MB

MD5
07a1f26f66a1dac654e08b01bb31a698

SHA1
71710590843140d3bc1d7b1cd5e20fcb4822b521

SHA256
4ee8cba10bbb93a8567b9b3e56d0c5e9c030a0ed4ce2761cd48d7daeac64a39d

SHA512
dd42cfa07d5589c50cdf105765f0ebf9d239f3ce69cd5cae504ad0f88bb1651e1b1702e629e9690429e3fce52ad55a806e9806e5894b081976cd14d1e524bc12

Download Submit
C:\Windows\system\FsHMcNv.exe

Filesize
6.0MB

MD5
b70a9da9ccc8512ff68240c207e06476

SHA1
9be55cca27c522712d90b62d20ae4955f2e2cd00

SHA256
af54f8c65b4c61f0f6dc96386ab15d552205096d6d7bd7e59a5ff06bffa88a4d

SHA512
512af544fb4e22a6d29a991700f3ac144947a84c00feb0c7ad3050865ca42ee6325a539481cea8b91b258ca46722a6015242bceec73ea72f90bcba988726332a

Download Submit
C:\Windows\system\HFwchhq.exe

Filesize
6.0MB

MD5
6f3ea6d9d9491b4f1254e0833758203c

SHA1
4b0bb03b6c7826bd48185a31302582ca326cef46

SHA256
a692dd783e9cbee6eb50d461d5dfcaed58c2534c98c1412dba5528f6aa090b38

SHA512
7157bdd8e4e976cc89d37c6288549491389b41609a8a01bf43d4751cfb10316b7fcf5f6dbd35c32e0e597d2026cf43430bab97eba1d9b51e8c07d07935d2b7db

Download Submit
C:\Windows\system\LHcBRvd.exe

Filesize
6.0MB

MD5
2159f6e90bf09e4d0b100f3a061ca0eb

SHA1
78900967ad1107cb072f21af10b7fd205a879589

SHA256
ef6e699327d3b9d63585257e5c7c7bc7d728f8fb0f07cb6dcef0b910c8fbfb2d

SHA512
13849494ccd8a210a1887ac0321918b27341d03b12f3bb4101fcb246dcca1604ede51cb2907b93675f6afe6292a0724ca8b4fcc06aa64d8a214033ec50f5166f

Download Submit
C:\Windows\system\MvlgquC.exe

Filesize
6.0MB

MD5
e3058d48c5f3b62e6146c93f6d60eb3c

SHA1
99dbc3eb3083605ce567af67976ea346d3da7a83

SHA256
bd35f14aa0319b9c76631a4c2752d3c4b1e8ca486da2450c28d8c364e53325f1

SHA512
e0ce3b61f4b29f886488499dbe17e4bd7804afa8831526dc0970239d3bbca96ad15995ccf9553ef143d0e1f4f73698942656b21a273aaf183831868a29c8e2cb

Download Submit
C:\Windows\system\NrNvHuJ.exe

Filesize
6.0MB

MD5
f7f93e90e6c3794a17a5b9dcad0a892b

SHA1
f73d0235bec8b74abde364bbc88451bcd0343429

SHA256
67fd1db8ff2522131d4d1c30b2ced6f201de40a195b85bc435be37ee6bd29116

SHA512
6376df330b4218a93af9174bf5eac30970584b98a9f9c23b6f5338b07287e0d7acbe8d49166dece654061054561c3cc93e18157f54b3e0a8950d60dc4a4e36dd

Download Submit
C:\Windows\system\ZdfbOPL.exe

Filesize
6.0MB

MD5
18d43fe0fa9d58abb73006b2b36b0520

SHA1
cece21d3e884bcebe692f19841e6a3f585b5604b

SHA256
65067098f52c5a2b0dea5d196caf5bb95b444ad01a40a020ea19a86fe45943f0

SHA512
b146e512266b18c78d550f49f745dff42bf082741554cdb9c271bd0704c2ec8cb38aef4a2c5d49450099e9c54fa8e2efb1b8efa69cac959924bbf8ccb4e997e7

Download Submit
C:\Windows\system\boTSChQ.exe

Filesize
6.0MB

MD5
30ef82727a886d31111c1e23bec9bd89

SHA1
3ebcd3e4b923e55e0586527955ab574e85a7ac84

SHA256
83536173d65cf208e8542f8fecb2212b88b15b894328bc73cb30a081703631b0

SHA512
cfee778a25f2ba005cbee3f8806231a5133a16cccc0af9e2e1e85677c1602847450081c3725edea92f198859135efe7c23e73961713780d3a5a7549dcb92fef6

Download Submit
C:\Windows\system\ckqZWsi.exe

Filesize
6.0MB

MD5
26b78779632c80ca05f8ea2b00103e75

SHA1
fe14c5e5fd5903e41d2766e57afc6f2f4e363630

SHA256
f12398f9562e17d8c5e0dedb9d1fa98a0c2c7995570caee28928ffe7c76b94ed

SHA512
0f91677eeb4ba2c55bd08e9e269fc397003de899315944118870f5657b90f506070c7347c8e29a7de9a510872d8281fef1824be83df1cf34638face18761c5c9

Download Submit
C:\Windows\system\dEfEJxF.exe

Filesize
6.0MB

MD5
4cf2a7ad69c0e265c6857663a8e2e135

SHA1
a198631b0598d920fadfe7af01b897ea0ad0fb8b

SHA256
c5c0773cc085c5b168ac745a146108c9bd82285dccf14baab3e86d8deba56f14

SHA512
a8ab75ef42473d006249f30c92576fa683f9e18dfd4b2c67fec05e4811d89704d2da8e1cec05cc8083f0e70e0715b7c740324794121580e54aa0c3710ba32563

Download Submit
C:\Windows\system\eZLkIZk.exe

Filesize
6.0MB

MD5
d4108a22873fb0ba6a6c602d84f54710

SHA1
2b544c7c6385bd2050cce9541b121e293e07286c

SHA256
6d81f1a338644a8739048f6e580c871e0db146959baa74c172caa2ecb9771bb2

SHA512
85ae77ee19975bc2c2ab5e07dcef77ee7849800cd047803b9bb92d2e9bae37f19dbe0f9f93aaba39600620fc0d5650e9f460033ac46e71a74cc93eedfa4b064f

Download Submit
C:\Windows\system\fuoaAzm.exe

Filesize
6.0MB

MD5
03a9c5b197a28614427367cd89f08ec2

SHA1
896034299c3d97e1960ba1b4804aba87b812256a

SHA256
f73a1eae685bfd28713b1ea63c3d3e03253349183ad0861df28356f41e3e75c5

SHA512
87e17ac43584bc9762b1682c0b190c183034f53c5d33cc60336bee98e7378bd7a968effd94d24dfc8efe251e8f238fd0e1501e430519a22111b35989d184c6e1

Download Submit
C:\Windows\system\iGZAiYS.exe

Filesize
6.0MB

MD5
f373bd31d32ecf6efc3064f946522a7c

SHA1
b21c857300074751d055a1b4c1ca89d36f6b69dd

SHA256
c2d2eb85a662e2012587efbccea51702cfde5d90506cecec6729b874d143c1d1

SHA512
deadc26074f38a2f77c96de10abc3780b83fb6e5583305b93c07b86c21b8084c9284c13b16f11030a0a69d5528f2cb88bb9cf5e3513c81e760e5129ce4358682

Download Submit
C:\Windows\system\kIJMTXA.exe

Filesize
6.0MB

MD5
a63c3a69e2a316678d47d57975fdd736

SHA1
a44b4cb557150071e78a508ed7e8fdcb557a9118

SHA256
c872c76a0e5816a7bc4755b00c200be971eaa990ebc73422fbd0c3d1664f70e5

SHA512
bc7b55f10c3d1ee643c8480e0e88807463cc034f4ce86bb058b1376f60b1e19ac49d0a627f662d72c8d2de2f4d60c5e8a57dd612a6f8e2dda068a07f09de1faa

Download Submit
C:\Windows\system\lFmwqlH.exe

Filesize
6.0MB

MD5
441e4a80d97741a427f7b96b402aca79

SHA1
fc055439291516fa2695188aa18bae27f0bcf2f7

SHA256
4033410d096271fa298b322e17b5df5b7d23f2795f08ce77658388ad63b0c816

SHA512
3e3a589568f585be94923e11e3a347b2916f42093e13033b1d976c2c1e51584ab88e372775ac80b4a66fa00b7737f33dd6eac62c0e71d0a0c72f1284408efef7

Download Submit
C:\Windows\system\mrBJSun.exe

Filesize
6.0MB

MD5
a5187d64d67522734f65d1691d06cb59

SHA1
862e94d36955b054e909d5451da882f264886b32

SHA256
c9e17211a1ca3a422d551c1b5417e8b94d637dae3d39fbaf875e5ee50f37e6a2

SHA512
427f16ed2357e848ca3745e695f3ea8599f2979efec36d086a59beee20e9a4c54c24888015e571bf66d965212d1cb4c75e2a5c70327d26b1502b6342efbad998

Download Submit
C:\Windows\system\qaBztxa.exe

Filesize
6.0MB

MD5
dee91968654971062da70f0c0abaed59

SHA1
8ca03a3caaea573399a81e84886d295f16056d82

SHA256
075a48583290432cdfa2de04434aa923ff38a131dacdf5b1a78a03e7fb6025bb

SHA512
6fdfe418fab4b241afaa0fff46c6b764308ed018e842ff0bd4dad081d0f65994131f66eb2786cfc081fb941685ea7a671e8122cc3cbd5b7da8a9066f77269656

Download Submit
C:\Windows\system\rYgkiAl.exe

Filesize
6.0MB

MD5
9f7961755fa1f2a5423c31b6ea293bc7

SHA1
5287c26658b4a4824f46552e549a77b5b022b823

SHA256
5ec91a6b877f8a86cdac62858cae3015501b1148e5bbd6b923aae56e2c6ce729

SHA512
779d3c159f4fe1ae43bd4fc2f01b969368374e32f551febe9ddbc0cbdf5ad9261d9904518bdbb9b212540ea758b2c430f69f59514d7feadc8ce1730e1a4844f2

Download Submit
C:\Windows\system\sYzSGHF.exe

Filesize
6.0MB

MD5
f3128822e5d8a54ba7417ce88815d7f3

SHA1
83d6d23a62b2fe4419a017516fb68b79f0ae8ede

SHA256
676e279c6e21f7062d898258f18913ddca721e047f4b985e552a07f7763d2612

SHA512
1f0cf5c55cbb0aad96d5897616ac163a120da9597ce27bc82cdde40de9038e789db30d53386a3aaf5f0ed24af8e150125edd3f7ce9b492a9c2934c6171d76dec

Download Submit
C:\Windows\system\tcIeRjn.exe

Filesize
6.0MB

MD5
70f405b79bd56bfcf9285bc810440849

SHA1
90ff22961c4fd486a623daa1a9c075dcce2cf1d1

SHA256
57f3b9408cbba32a3092f87790ae0583f5ea08a0bb6fe095080bfd49cf7baec2

SHA512
b5f958147b295bc2edfc79ae942d38340f6212932c207fc2f3c66281b05acdd72975d29377b67171dfc41c8d7fce2abce43b6c337ed36c6365b6afe70535c441

Download Submit
C:\Windows\system\uNBILky.exe

Filesize
6.0MB

MD5
a11b1116d2a39f4b91c7990aa3904da0

SHA1
cbb4aafc69abfa482e8a196226cab29a33f1fb9d

SHA256
585bf793bc4b1cea33f1e12573f58cbee7be48c3d572acd1e9f62358f10d42e8

SHA512
9c31fe4398d99f15909a87587f4bceead6b6525a9cc8edcf4f5b70d074259f53094603b73449c0b2edf0224685f33f1ce1f7654cd13686a4ef63097ecc370b64

Download Submit
C:\Windows\system\xZKuMVt.exe

Filesize
6.0MB

MD5
a91d28b639c07f9f4ddc78698893a513

SHA1
f5f4a96cf05b57e4a4edcf1dec981fd3e147a98b

SHA256
ad253dd100c6bfb61e94d83ea00bfb9515dd99242312f92b19d62a0881969edf

SHA512
6a26eec58cef23bfcffe4610bc9257926555370cd659509802103d1b6919ef8fe1775df25fd019efe79bd5802b8fa1b2c9f247e089cbcb274cb0c0e3f5905c86

Download Submit
C:\Windows\system\yoDsJOx.exe

Filesize
6.0MB

MD5
35b843d493671205b1109e45fe5e4f41

SHA1
27a54c8a4470701f05217f7ef098fe9810ca1164

SHA256
a0360fb295cf9771ce919ccf3a5246e683b89da543700f16d65d18dbd9c131bf

SHA512
013b50e28c2c8fa8f32f7475330a5462812b3d10cfda258b859c9c0d1d30cf44612923ca6fe663e2f37de1c665fb70a4a7bec13e15dcfbcdee45ba18406825da

Download Submit
C:\Windows\system\zFdFkNn.exe

Filesize
6.0MB

MD5
cca07e4b9052a93191a24f02a4ce2fba

SHA1
e33593bb6b68ef16fe6fb82f6a8070fe085e661d

SHA256
6fb84801570863fde27a3204d01e313c3b0b3f7df9e3feb980c54d4c7247744e

SHA512
3c82610c5591407e709df3f71d7a37daa8f794fd006c713ed3c66012932fb67abb0c9420d6dd3e60605fcee9c44eabcff2dbf714d771275cc976f1b80dfd7359

Download Submit
\Windows\system\aRcyjlS.exe

Filesize
6.0MB

MD5
54d1aee024b4840678c90a959075f12f

SHA1
e211a144191611bfc9d8cd15a0d802750c90c860

SHA256
083637dad2fe0d1ab9f09964ba24924fb266a00024c64fe8f7fe61ecc399e16e

SHA512
ea2e2156543d743db76f7190e493ee6c73db7f6f5fcc02b47b8f71487ad8f98a067ae7f90c77d279f8b8cc37bbf43079119fa1eefcd9f72b8342d577da3ed33d

Download Submit
\Windows\system\ioSrAFs.exe

Filesize
6.0MB

MD5
7b524e95bed56821fa4f814f8d41730e

SHA1
57aada669be08e6c0b9b2b289368e1f153014c3a

SHA256
14a42bee671406c97948074fa22fcdd243a20f6cdc3a6e116469b8562a426918

SHA512
cbc9901720e0309424a3f6e0c6b07aa663c690d4f4a19028f2b785f0167b3f32d8cfca2b7c98226723b6883a3185638e510c3216d28ef0ef6301dd890f277663

Download Submit
\Windows\system\jFsmMHK.exe

Filesize
6.0MB

MD5
5ff975df1dbfa950be5ab6a1f9050ed8

SHA1
adc3287e8b3c381a8d0523674291d748927d034b

SHA256
9751eb1b24021184665e613d3e95240ecf265dc5bcb2afa6c82123ca7343e5fd

SHA512
b7d331358b6037ee9602beda81afd00e938322e87ec7a9bb498c653ba79910e1056fef53ea16b534d51da2723941c8b70be80b4bcd0fb8a60f339d106e4e786c

Download Submit
\Windows\system\klUjjbS.exe

Filesize
6.0MB

MD5
fb67e3d6f30d6aa17efd33ce1941895b

SHA1
874bf2b3707dfd23a000b824a26f21df1a99565f

SHA256
f13226414184ac097c7e600526d78f0d785ba40a698c074010f139e66a7a8561

SHA512
0e17893cdee158c37cdc3978a18577463a2a81531adaa66ea4f37e8b70693784b812f8fd5572bbe85dcb2db8e7efaaa352190609e310a732b40255a92a1717d8

Download Submit
\Windows\system\xPggrfj.exe

Filesize
6.0MB

MD5
78cac95f0cb64db440c2a67115e5d930

SHA1
c4e054178f1362440dc53ac25671d10637ffc293

SHA256
cf9ca80f95d2dce029f7241a7e43d300efd521ba7d71a48748c2fa5f4e7ba077

SHA512
738813b1141fd6b7d15f2a2111a043198daccd50a28ec865bec8ff3fa4a66238972f130a6d7447a702fbc355759a2e87abf4f26df4f3aa8c9ecced669e0fe931

Download Submit
memory/664-86-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/664-4079-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-79-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1648-4077-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1764-93-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1764-4076-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2028-51-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-3643-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2028-24-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2424-3444-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2424-14-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2544-3463-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2544-40-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2544-13-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4075-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2640-66-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2704-48-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2704-4078-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2728-4081-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-60-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2748-69-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2748-38-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3557-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2772-42-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2772-4082-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2808-29-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3562-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2888-28-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/2888-256-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-82-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2888-57-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2888-83-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2888-90-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/2888-91-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2888-19-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2888-96-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2888-64-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2888-70-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-37-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2888-15-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2888-76-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2888-44-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2888-50-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2888-413-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2888-52-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2888-0-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2888-963-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2888-779-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2888-594-0x0000000002420000-0x0000000002774000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4074-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-4080-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3000-74-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download