cobaltstrike | b71e259bdefc76eaff4eabd4dc7f2f3f7ba7567cda04e90e4efc51d54a724736

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

023a798c0c826d044ea719cc910904f9
SHA1

af575a6cee5180e50905aa6e677d6c9e8e1769b1
SHA256

b71e259bdefc76eaff4eabd4dc7f2f3f7ba7567cda04e90e4efc51d54a724736
SHA512

141db104c57a3cfe12c13a6d594dc7cf2426cb8690c2369a7176b31114e6fe28a2aa26b26b3a5271b9b2a268f07dd8506753fd783c5ffb1ef897d2f00e47c9a8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral2/files/0x0009000000023c65-3.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c72-10.dat	cobalt_reflective_dll
behavioral2/files/0x0008000000023c69-12.dat	cobalt_reflective_dll
behavioral2/files/0x0009000000023c66-23.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c73-27.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c75-35.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c76-41.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c78-52.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c79-58.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7b-73.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7c-83.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7d-92.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7f-99.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c80-106.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c81-113.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c82-119.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c84-140.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c88-161.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c90-211.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8e-209.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8f-206.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8d-204.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8c-199.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8b-194.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c8a-187.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c89-180.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c87-166.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c86-159.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c85-150.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c83-131.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7e-102.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c7a-71.dat	cobalt_reflective_dll
behavioral2/files/0x0007000000023c77-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral2/memory/5112-0-0x00007FF7749B0000-0x00007FF774D04000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c65-3.dat	xmrig
behavioral2/memory/3676-8-0x00007FF6A6E30000-0x00007FF6A7184000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c72-10.dat	xmrig
behavioral2/files/0x0008000000023c69-12.dat	xmrig
behavioral2/memory/3504-14-0x00007FF69F4F0000-0x00007FF69F844000-memory.dmp	xmrig
behavioral2/memory/2088-18-0x00007FF6B6350000-0x00007FF6B66A4000-memory.dmp	xmrig
behavioral2/files/0x0009000000023c66-23.dat	xmrig
behavioral2/files/0x0007000000023c73-27.dat	xmrig
behavioral2/memory/4576-28-0x00007FF6DE1A0000-0x00007FF6DE4F4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c75-35.dat	xmrig
behavioral2/files/0x0007000000023c76-41.dat	xmrig
behavioral2/memory/3536-42-0x00007FF6A8B00000-0x00007FF6A8E54000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c78-52.dat	xmrig
behavioral2/files/0x0007000000023c79-58.dat	xmrig
behavioral2/memory/3188-64-0x00007FF667510000-0x00007FF667864000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c7b-73.dat	xmrig
behavioral2/files/0x0007000000023c7c-83.dat	xmrig
behavioral2/files/0x0007000000023c7d-92.dat	xmrig
behavioral2/files/0x0007000000023c7f-99.dat	xmrig
behavioral2/files/0x0007000000023c80-106.dat	xmrig
behavioral2/files/0x0007000000023c81-113.dat	xmrig
behavioral2/files/0x0007000000023c82-119.dat	xmrig
behavioral2/files/0x0007000000023c84-140.dat	xmrig
behavioral2/memory/4108-152-0x00007FF6DB100000-0x00007FF6DB454000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c88-161.dat	xmrig
behavioral2/memory/5076-192-0x00007FF709D00000-0x00007FF70A054000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c90-211.dat	xmrig
behavioral2/files/0x0007000000023c8e-209.dat	xmrig
behavioral2/files/0x0007000000023c8f-206.dat	xmrig
behavioral2/files/0x0007000000023c8d-204.dat	xmrig
behavioral2/files/0x0007000000023c8c-199.dat	xmrig
behavioral2/files/0x0007000000023c8b-194.dat	xmrig
behavioral2/memory/2716-193-0x00007FF6F6750000-0x00007FF6F6AA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c8a-187.dat	xmrig
behavioral2/memory/2932-186-0x00007FF62AFE0000-0x00007FF62B334000-memory.dmp	xmrig
behavioral2/memory/4788-185-0x00007FF7EBAC0000-0x00007FF7EBE14000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c89-180.dat	xmrig
behavioral2/memory/2440-179-0x00007FF63A670000-0x00007FF63A9C4000-memory.dmp	xmrig
behavioral2/memory/3708-178-0x00007FF793850000-0x00007FF793BA4000-memory.dmp	xmrig
behavioral2/memory/3092-177-0x00007FF660030000-0x00007FF660384000-memory.dmp	xmrig
behavioral2/memory/764-173-0x00007FF70A220000-0x00007FF70A574000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c87-166.dat	xmrig
behavioral2/memory/4132-165-0x00007FF650460000-0x00007FF6507B4000-memory.dmp	xmrig
behavioral2/memory/4916-164-0x00007FF661500000-0x00007FF661854000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c86-159.dat	xmrig
behavioral2/memory/1900-158-0x00007FF615B20000-0x00007FF615E74000-memory.dmp	xmrig
behavioral2/memory/2184-157-0x00007FF79BF40000-0x00007FF79C294000-memory.dmp	xmrig
behavioral2/memory/1408-153-0x00007FF7A5750000-0x00007FF7A5AA4000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c85-150.dat	xmrig
behavioral2/memory/1048-146-0x00007FF6C2680000-0x00007FF6C29D4000-memory.dmp	xmrig
behavioral2/memory/3748-145-0x00007FF69BF00000-0x00007FF69C254000-memory.dmp	xmrig
behavioral2/memory/2132-137-0x00007FF7482B0000-0x00007FF748604000-memory.dmp	xmrig
behavioral2/memory/4744-136-0x00007FF6296D0000-0x00007FF629A24000-memory.dmp	xmrig
behavioral2/files/0x0007000000023c83-131.dat	xmrig
behavioral2/memory/2784-128-0x00007FF68ED50000-0x00007FF68F0A4000-memory.dmp	xmrig
behavioral2/memory/2932-127-0x00007FF62AFE0000-0x00007FF62B334000-memory.dmp	xmrig
behavioral2/memory/2964-122-0x00007FF7F63D0000-0x00007FF7F6724000-memory.dmp	xmrig
behavioral2/memory/2440-121-0x00007FF63A670000-0x00007FF63A9C4000-memory.dmp	xmrig
behavioral2/memory/1016-118-0x00007FF743620000-0x00007FF743974000-memory.dmp	xmrig
behavioral2/memory/3708-112-0x00007FF793850000-0x00007FF793BA4000-memory.dmp	xmrig
behavioral2/memory/3536-111-0x00007FF6A8B00000-0x00007FF6A8E54000-memory.dmp	xmrig
behavioral2/memory/764-105-0x00007FF70A220000-0x00007FF70A574000-memory.dmp	xmrig
behavioral2/memory/4360-104-0x00007FF70DBD0000-0x00007FF70DF24000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3676	elMqajJ.exe
3504	xozuAbl.exe
2088	HqXKKdl.exe
3132	RQSImXv.exe
4576	myhkcAu.exe
4360	nVYESKM.exe
3536	PcKOrTt.exe
1016	UodBtbJ.exe
2964	MndieCd.exe
3188	wTqcrOj.exe
4744	IaBApAX.exe
3748	oKXraMM.exe
4108	ZyfCzxI.exe
2184	FqjSUNE.exe
4916	DNBQBNV.exe
764	nMwrGgR.exe
3708	rkPpUBX.exe
2440	ZHyzZvk.exe
2932	cicABXR.exe
2784	HanhlDu.exe
2132	LqxipHP.exe
1048	czVEEpQ.exe
1408	velLhKZ.exe
1900	dGNsoGs.exe
4132	dFtDMip.exe
3092	ADTTfdL.exe
4788	AtoUECF.exe
5076	UJixHvc.exe
2716	kOaegzU.exe
1224	TjVCPSm.exe
880	XuYKjkC.exe
1292	qsxRNnC.exe
3440	HbYEPzs.exe
4420	BRctvzF.exe
5012	RurZlHt.exe
2996	FTFUzcq.exe
4412	UEWFXHl.exe
4060	kckCSkq.exe
4696	ZQcmiri.exe
3044	MvMHDcR.exe
1524	BUXrZYd.exe
5052	LSsDfNB.exe
4164	dOJemWj.exe
3320	Jtbyiqy.exe
4712	wEvjbqG.exe
4756	SKtFVuw.exe
3364	jZxtUhZ.exe
1480	rJolDXL.exe
1112	oILcthD.exe
4404	GXEfyFH.exe
1924	vmDMYrY.exe
4464	tbCqDRi.exe
4284	YJzWnpg.exe
2548	OzNCFus.exe
2788	ClUyFks.exe
5084	aBBmxgP.exe
4976	RUylqgN.exe
4608	VytnQSe.exe
3580	PhMbufi.exe
4964	saxwOAm.exe
3576	EzzXTVU.exe
2432	aCrXROo.exe
1952	gcgjqAz.exe
760	mqGppFW.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5112-0-0x00007FF7749B0000-0x00007FF774D04000-memory.dmp	upx
behavioral2/files/0x0009000000023c65-3.dat	upx
behavioral2/memory/3676-8-0x00007FF6A6E30000-0x00007FF6A7184000-memory.dmp	upx
behavioral2/files/0x0007000000023c72-10.dat	upx
behavioral2/files/0x0008000000023c69-12.dat	upx
behavioral2/memory/3504-14-0x00007FF69F4F0000-0x00007FF69F844000-memory.dmp	upx
behavioral2/memory/2088-18-0x00007FF6B6350000-0x00007FF6B66A4000-memory.dmp	upx
behavioral2/files/0x0009000000023c66-23.dat	upx
behavioral2/files/0x0007000000023c73-27.dat	upx
behavioral2/memory/4576-28-0x00007FF6DE1A0000-0x00007FF6DE4F4000-memory.dmp	upx
behavioral2/files/0x0007000000023c75-35.dat	upx
behavioral2/files/0x0007000000023c76-41.dat	upx
behavioral2/memory/3536-42-0x00007FF6A8B00000-0x00007FF6A8E54000-memory.dmp	upx
behavioral2/files/0x0007000000023c78-52.dat	upx
behavioral2/files/0x0007000000023c79-58.dat	upx
behavioral2/memory/3188-64-0x00007FF667510000-0x00007FF667864000-memory.dmp	upx
behavioral2/files/0x0007000000023c7b-73.dat	upx
behavioral2/files/0x0007000000023c7c-83.dat	upx
behavioral2/files/0x0007000000023c7d-92.dat	upx
behavioral2/files/0x0007000000023c7f-99.dat	upx
behavioral2/files/0x0007000000023c80-106.dat	upx
behavioral2/files/0x0007000000023c81-113.dat	upx
behavioral2/files/0x0007000000023c82-119.dat	upx
behavioral2/files/0x0007000000023c84-140.dat	upx
behavioral2/memory/4108-152-0x00007FF6DB100000-0x00007FF6DB454000-memory.dmp	upx
behavioral2/files/0x0007000000023c88-161.dat	upx
behavioral2/memory/5076-192-0x00007FF709D00000-0x00007FF70A054000-memory.dmp	upx
behavioral2/files/0x0007000000023c90-211.dat	upx
behavioral2/files/0x0007000000023c8e-209.dat	upx
behavioral2/files/0x0007000000023c8f-206.dat	upx
behavioral2/files/0x0007000000023c8d-204.dat	upx
behavioral2/files/0x0007000000023c8c-199.dat	upx
behavioral2/files/0x0007000000023c8b-194.dat	upx
behavioral2/memory/2716-193-0x00007FF6F6750000-0x00007FF6F6AA4000-memory.dmp	upx
behavioral2/files/0x0007000000023c8a-187.dat	upx
behavioral2/memory/2932-186-0x00007FF62AFE0000-0x00007FF62B334000-memory.dmp	upx
behavioral2/memory/4788-185-0x00007FF7EBAC0000-0x00007FF7EBE14000-memory.dmp	upx
behavioral2/files/0x0007000000023c89-180.dat	upx
behavioral2/memory/2440-179-0x00007FF63A670000-0x00007FF63A9C4000-memory.dmp	upx
behavioral2/memory/3708-178-0x00007FF793850000-0x00007FF793BA4000-memory.dmp	upx
behavioral2/memory/3092-177-0x00007FF660030000-0x00007FF660384000-memory.dmp	upx
behavioral2/memory/764-173-0x00007FF70A220000-0x00007FF70A574000-memory.dmp	upx
behavioral2/files/0x0007000000023c87-166.dat	upx
behavioral2/memory/4132-165-0x00007FF650460000-0x00007FF6507B4000-memory.dmp	upx
behavioral2/memory/4916-164-0x00007FF661500000-0x00007FF661854000-memory.dmp	upx
behavioral2/files/0x0007000000023c86-159.dat	upx
behavioral2/memory/1900-158-0x00007FF615B20000-0x00007FF615E74000-memory.dmp	upx
behavioral2/memory/2184-157-0x00007FF79BF40000-0x00007FF79C294000-memory.dmp	upx
behavioral2/memory/1408-153-0x00007FF7A5750000-0x00007FF7A5AA4000-memory.dmp	upx
behavioral2/files/0x0007000000023c85-150.dat	upx
behavioral2/memory/1048-146-0x00007FF6C2680000-0x00007FF6C29D4000-memory.dmp	upx
behavioral2/memory/3748-145-0x00007FF69BF00000-0x00007FF69C254000-memory.dmp	upx
behavioral2/memory/2132-137-0x00007FF7482B0000-0x00007FF748604000-memory.dmp	upx
behavioral2/memory/4744-136-0x00007FF6296D0000-0x00007FF629A24000-memory.dmp	upx
behavioral2/files/0x0007000000023c83-131.dat	upx
behavioral2/memory/2784-128-0x00007FF68ED50000-0x00007FF68F0A4000-memory.dmp	upx
behavioral2/memory/2932-127-0x00007FF62AFE0000-0x00007FF62B334000-memory.dmp	upx
behavioral2/memory/2964-122-0x00007FF7F63D0000-0x00007FF7F6724000-memory.dmp	upx
behavioral2/memory/2440-121-0x00007FF63A670000-0x00007FF63A9C4000-memory.dmp	upx
behavioral2/memory/1016-118-0x00007FF743620000-0x00007FF743974000-memory.dmp	upx
behavioral2/memory/3708-112-0x00007FF793850000-0x00007FF793BA4000-memory.dmp	upx
behavioral2/memory/3536-111-0x00007FF6A8B00000-0x00007FF6A8E54000-memory.dmp	upx
behavioral2/memory/764-105-0x00007FF70A220000-0x00007FF70A574000-memory.dmp	upx
behavioral2/memory/4360-104-0x00007FF70DBD0000-0x00007FF70DF24000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\dGNsoGs.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqGppFW.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCoVzli.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIFLkez.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XRTCVHi.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UuTPPVC.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niGwgOd.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wISVhhL.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVwpJCG.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sgafmCH.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VaMigSe.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTSfuvC.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjyTIlC.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBpbcfp.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPGYWRF.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdnwaxX.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOJemWj.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exERxyz.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GicRcgs.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBuEXHs.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLzDAvS.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkPJIGc.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIeoxkK.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFwCCIk.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YiccXcL.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ACDeqNi.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myhkcAu.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIQapjq.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQtHHKa.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRLroQB.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTEfIUD.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWjAvNQ.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKgpGdK.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XseJxdF.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXQgMSt.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxRuBFm.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XSLAhgL.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKZNRNo.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyxlnIK.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBfoIit.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWkYmXt.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCtRTrG.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTxwWgR.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdzEWmC.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bshPqdg.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Tpbhvrr.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKwSXzP.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIfzyxq.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShljCbH.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fkFDxta.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bYjWyos.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifQxkUa.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hdptZjd.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzdNHNA.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oYmcdcl.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NqJUnLk.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XNyttnH.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWfkjVA.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csLSgwu.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzUeAmf.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMHPGhV.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTFUzcq.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiNKbNS.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHgdKci.exe	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeCreateGlobalPrivilege	16156	dwm.exe
Token: SeChangeNotifyPrivilege	16156	dwm.exe
Token: 33	16156	dwm.exe
Token: SeIncBasePriorityPrivilege	16156	dwm.exe
Token: SeShutdownPrivilege	16156	dwm.exe
Token: SeCreatePagefilePrivilege	16156	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 3676	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 5112 wrote to memory of 3676	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	83
PID 5112 wrote to memory of 3504	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 5112 wrote to memory of 3504	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	84
PID 5112 wrote to memory of 2088	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 5112 wrote to memory of 2088	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	85
PID 5112 wrote to memory of 3132	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 5112 wrote to memory of 3132	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	86
PID 5112 wrote to memory of 4576	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 5112 wrote to memory of 4576	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	87
PID 5112 wrote to memory of 4360	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 5112 wrote to memory of 4360	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	88
PID 5112 wrote to memory of 3536	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 5112 wrote to memory of 3536	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	89
PID 5112 wrote to memory of 1016	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 5112 wrote to memory of 1016	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	90
PID 5112 wrote to memory of 2964	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 5112 wrote to memory of 2964	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	91
PID 5112 wrote to memory of 3188	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 5112 wrote to memory of 3188	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	92
PID 5112 wrote to memory of 4744	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 5112 wrote to memory of 4744	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	93
PID 5112 wrote to memory of 3748	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 5112 wrote to memory of 3748	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	94
PID 5112 wrote to memory of 4108	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 5112 wrote to memory of 4108	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	95
PID 5112 wrote to memory of 2184	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 5112 wrote to memory of 2184	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	96
PID 5112 wrote to memory of 4916	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 5112 wrote to memory of 4916	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	97
PID 5112 wrote to memory of 764	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 5112 wrote to memory of 764	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	98
PID 5112 wrote to memory of 3708	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 5112 wrote to memory of 3708	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	99
PID 5112 wrote to memory of 2440	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 5112 wrote to memory of 2440	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	100
PID 5112 wrote to memory of 2932	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 5112 wrote to memory of 2932	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	101
PID 5112 wrote to memory of 2784	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 5112 wrote to memory of 2784	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	102
PID 5112 wrote to memory of 2132	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 5112 wrote to memory of 2132	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	103
PID 5112 wrote to memory of 1048	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 5112 wrote to memory of 1048	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	104
PID 5112 wrote to memory of 1408	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 5112 wrote to memory of 1408	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	105
PID 5112 wrote to memory of 1900	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 5112 wrote to memory of 1900	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	106
PID 5112 wrote to memory of 4132	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 5112 wrote to memory of 4132	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	107
PID 5112 wrote to memory of 3092	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 5112 wrote to memory of 3092	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	108
PID 5112 wrote to memory of 4788	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 5112 wrote to memory of 4788	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	109
PID 5112 wrote to memory of 5076	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 5112 wrote to memory of 5076	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	110
PID 5112 wrote to memory of 2716	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 5112 wrote to memory of 2716	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	111
PID 5112 wrote to memory of 1224	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 5112 wrote to memory of 1224	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	112
PID 5112 wrote to memory of 880	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 5112 wrote to memory of 880	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	113
PID 5112 wrote to memory of 1292	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	114
PID 5112 wrote to memory of 1292	5112	2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe	114

C:\Users\Admin\AppData\Local\Temp\2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_023a798c0c826d044ea719cc910904f9_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Windows\System\elMqajJ.exe
  C:\Windows\System\elMqajJ.exe
  2⤵
  - Executes dropped EXE
  PID:3676
- C:\Windows\System\xozuAbl.exe
  C:\Windows\System\xozuAbl.exe
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Windows\System\HqXKKdl.exe
  C:\Windows\System\HqXKKdl.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\RQSImXv.exe
  C:\Windows\System\RQSImXv.exe
  2⤵
  - Executes dropped EXE
  PID:3132
- C:\Windows\System\myhkcAu.exe
  C:\Windows\System\myhkcAu.exe
  2⤵
  - Executes dropped EXE
  PID:4576
- C:\Windows\System\nVYESKM.exe
  C:\Windows\System\nVYESKM.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\PcKOrTt.exe
  C:\Windows\System\PcKOrTt.exe
  2⤵
  - Executes dropped EXE
  PID:3536
- C:\Windows\System\UodBtbJ.exe
  C:\Windows\System\UodBtbJ.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\MndieCd.exe
  C:\Windows\System\MndieCd.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\wTqcrOj.exe
  C:\Windows\System\wTqcrOj.exe
  2⤵
  - Executes dropped EXE
  PID:3188
- C:\Windows\System\IaBApAX.exe
  C:\Windows\System\IaBApAX.exe
  2⤵
  - Executes dropped EXE
  PID:4744
- C:\Windows\System\oKXraMM.exe
  C:\Windows\System\oKXraMM.exe
  2⤵
  - Executes dropped EXE
  PID:3748
- C:\Windows\System\ZyfCzxI.exe
  C:\Windows\System\ZyfCzxI.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\FqjSUNE.exe
  C:\Windows\System\FqjSUNE.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\DNBQBNV.exe
  C:\Windows\System\DNBQBNV.exe
  2⤵
  - Executes dropped EXE
  PID:4916
- C:\Windows\System\nMwrGgR.exe
  C:\Windows\System\nMwrGgR.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\rkPpUBX.exe
  C:\Windows\System\rkPpUBX.exe
  2⤵
  - Executes dropped EXE
  PID:3708
- C:\Windows\System\ZHyzZvk.exe
  C:\Windows\System\ZHyzZvk.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\cicABXR.exe
  C:\Windows\System\cicABXR.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\HanhlDu.exe
  C:\Windows\System\HanhlDu.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\LqxipHP.exe
  C:\Windows\System\LqxipHP.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\czVEEpQ.exe
  C:\Windows\System\czVEEpQ.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\velLhKZ.exe
  C:\Windows\System\velLhKZ.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\dGNsoGs.exe
  C:\Windows\System\dGNsoGs.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\dFtDMip.exe
  C:\Windows\System\dFtDMip.exe
  2⤵
  - Executes dropped EXE
  PID:4132
- C:\Windows\System\ADTTfdL.exe
  C:\Windows\System\ADTTfdL.exe
  2⤵
  - Executes dropped EXE
  PID:3092
- C:\Windows\System\AtoUECF.exe
  C:\Windows\System\AtoUECF.exe
  2⤵
  - Executes dropped EXE
  PID:4788
- C:\Windows\System\UJixHvc.exe
  C:\Windows\System\UJixHvc.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\kOaegzU.exe
  C:\Windows\System\kOaegzU.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\TjVCPSm.exe
  C:\Windows\System\TjVCPSm.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\XuYKjkC.exe
  C:\Windows\System\XuYKjkC.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\qsxRNnC.exe
  C:\Windows\System\qsxRNnC.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\HbYEPzs.exe
  C:\Windows\System\HbYEPzs.exe
  2⤵
  - Executes dropped EXE
  PID:3440
- C:\Windows\System\BRctvzF.exe
  C:\Windows\System\BRctvzF.exe
  2⤵
  - Executes dropped EXE
  PID:4420
- C:\Windows\System\RurZlHt.exe
  C:\Windows\System\RurZlHt.exe
  2⤵
  - Executes dropped EXE
  PID:5012
- C:\Windows\System\FTFUzcq.exe
  C:\Windows\System\FTFUzcq.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\UEWFXHl.exe
  C:\Windows\System\UEWFXHl.exe
  2⤵
  - Executes dropped EXE
  PID:4412
- C:\Windows\System\kckCSkq.exe
  C:\Windows\System\kckCSkq.exe
  2⤵
  - Executes dropped EXE
  PID:4060
- C:\Windows\System\ZQcmiri.exe
  C:\Windows\System\ZQcmiri.exe
  2⤵
  - Executes dropped EXE
  PID:4696
- C:\Windows\System\MvMHDcR.exe
  C:\Windows\System\MvMHDcR.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\BUXrZYd.exe
  C:\Windows\System\BUXrZYd.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\LSsDfNB.exe
  C:\Windows\System\LSsDfNB.exe
  2⤵
  - Executes dropped EXE
  PID:5052
- C:\Windows\System\dOJemWj.exe
  C:\Windows\System\dOJemWj.exe
  2⤵
  - Executes dropped EXE
  PID:4164
- C:\Windows\System\Jtbyiqy.exe
  C:\Windows\System\Jtbyiqy.exe
  2⤵
  - Executes dropped EXE
  PID:3320
- C:\Windows\System\wEvjbqG.exe
  C:\Windows\System\wEvjbqG.exe
  2⤵
  - Executes dropped EXE
  PID:4712
- C:\Windows\System\SKtFVuw.exe
  C:\Windows\System\SKtFVuw.exe
  2⤵
  - Executes dropped EXE
  PID:4756
- C:\Windows\System\jZxtUhZ.exe
  C:\Windows\System\jZxtUhZ.exe
  2⤵
  - Executes dropped EXE
  PID:3364
- C:\Windows\System\rJolDXL.exe
  C:\Windows\System\rJolDXL.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\oILcthD.exe
  C:\Windows\System\oILcthD.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\GXEfyFH.exe
  C:\Windows\System\GXEfyFH.exe
  2⤵
  - Executes dropped EXE
  PID:4404
- C:\Windows\System\vmDMYrY.exe
  C:\Windows\System\vmDMYrY.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\tbCqDRi.exe
  C:\Windows\System\tbCqDRi.exe
  2⤵
  - Executes dropped EXE
  PID:4464
- C:\Windows\System\YJzWnpg.exe
  C:\Windows\System\YJzWnpg.exe
  2⤵
  - Executes dropped EXE
  PID:4284
- C:\Windows\System\OzNCFus.exe
  C:\Windows\System\OzNCFus.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\ClUyFks.exe
  C:\Windows\System\ClUyFks.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\aBBmxgP.exe
  C:\Windows\System\aBBmxgP.exe
  2⤵
  - Executes dropped EXE
  PID:5084
- C:\Windows\System\RUylqgN.exe
  C:\Windows\System\RUylqgN.exe
  2⤵
  - Executes dropped EXE
  PID:4976
- C:\Windows\System\VytnQSe.exe
  C:\Windows\System\VytnQSe.exe
  2⤵
  - Executes dropped EXE
  PID:4608
- C:\Windows\System\PhMbufi.exe
  C:\Windows\System\PhMbufi.exe
  2⤵
  - Executes dropped EXE
  PID:3580
- C:\Windows\System\saxwOAm.exe
  C:\Windows\System\saxwOAm.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\EzzXTVU.exe
  C:\Windows\System\EzzXTVU.exe
  2⤵
  - Executes dropped EXE
  PID:3576
- C:\Windows\System\aCrXROo.exe
  C:\Windows\System\aCrXROo.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\gcgjqAz.exe
  C:\Windows\System\gcgjqAz.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\mqGppFW.exe
  C:\Windows\System\mqGppFW.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\ulRLBfS.exe
  C:\Windows\System\ulRLBfS.exe
  2⤵
  PID:1268
- C:\Windows\System\fHjnNjy.exe
  C:\Windows\System\fHjnNjy.exe
  2⤵
  PID:808
- C:\Windows\System\YyDFPtC.exe
  C:\Windows\System\YyDFPtC.exe
  2⤵
  PID:364
- C:\Windows\System\jtAIBhb.exe
  C:\Windows\System\jtAIBhb.exe
  2⤵
  PID:5104
- C:\Windows\System\GJBUNFg.exe
  C:\Windows\System\GJBUNFg.exe
  2⤵
  PID:1708
- C:\Windows\System\hGkdoSx.exe
  C:\Windows\System\hGkdoSx.exe
  2⤵
  PID:3252
- C:\Windows\System\xqLOWGl.exe
  C:\Windows\System\xqLOWGl.exe
  2⤵
  PID:392
- C:\Windows\System\YdJdebK.exe
  C:\Windows\System\YdJdebK.exe
  2⤵
  PID:1284
- C:\Windows\System\NqETGUy.exe
  C:\Windows\System\NqETGUy.exe
  2⤵
  PID:2476
- C:\Windows\System\vOWFXaW.exe
  C:\Windows\System\vOWFXaW.exe
  2⤵
  PID:244
- C:\Windows\System\ihcMptE.exe
  C:\Windows\System\ihcMptE.exe
  2⤵
  PID:3984
- C:\Windows\System\PznNeGz.exe
  C:\Windows\System\PznNeGz.exe
  2⤵
  PID:3460
- C:\Windows\System\hOnqmKm.exe
  C:\Windows\System\hOnqmKm.exe
  2⤵
  PID:3608
- C:\Windows\System\rahlRBh.exe
  C:\Windows\System\rahlRBh.exe
  2⤵
  PID:4004
- C:\Windows\System\onrJmzK.exe
  C:\Windows\System\onrJmzK.exe
  2⤵
  PID:4796
- C:\Windows\System\tyJiEbw.exe
  C:\Windows\System\tyJiEbw.exe
  2⤵
  PID:4016
- C:\Windows\System\SlGxyeM.exe
  C:\Windows\System\SlGxyeM.exe
  2⤵
  PID:1192
- C:\Windows\System\OGzbWNV.exe
  C:\Windows\System\OGzbWNV.exe
  2⤵
  PID:3236
- C:\Windows\System\NhXDNqr.exe
  C:\Windows\System\NhXDNqr.exe
  2⤵
  PID:4864
- C:\Windows\System\jxZlptc.exe
  C:\Windows\System\jxZlptc.exe
  2⤵
  PID:5100
- C:\Windows\System\IVlsZUA.exe
  C:\Windows\System\IVlsZUA.exe
  2⤵
  PID:5148
- C:\Windows\System\tlEftuu.exe
  C:\Windows\System\tlEftuu.exe
  2⤵
  PID:5176
- C:\Windows\System\NJRGbPK.exe
  C:\Windows\System\NJRGbPK.exe
  2⤵
  PID:5204
- C:\Windows\System\QodaKns.exe
  C:\Windows\System\QodaKns.exe
  2⤵
  PID:5232
- C:\Windows\System\GmXPjJL.exe
  C:\Windows\System\GmXPjJL.exe
  2⤵
  PID:5260
- C:\Windows\System\uJlfNAa.exe
  C:\Windows\System\uJlfNAa.exe
  2⤵
  PID:5288
- C:\Windows\System\USxEWti.exe
  C:\Windows\System\USxEWti.exe
  2⤵
  PID:5316
- C:\Windows\System\DbxxSrF.exe
  C:\Windows\System\DbxxSrF.exe
  2⤵
  PID:5344
- C:\Windows\System\yztgomN.exe
  C:\Windows\System\yztgomN.exe
  2⤵
  PID:5372
- C:\Windows\System\qwGMMIo.exe
  C:\Windows\System\qwGMMIo.exe
  2⤵
  PID:5400
- C:\Windows\System\ANktqMs.exe
  C:\Windows\System\ANktqMs.exe
  2⤵
  PID:5428
- C:\Windows\System\WqVNDTX.exe
  C:\Windows\System\WqVNDTX.exe
  2⤵
  PID:5456
- C:\Windows\System\YqWbJkf.exe
  C:\Windows\System\YqWbJkf.exe
  2⤵
  PID:5484
- C:\Windows\System\aEfVitq.exe
  C:\Windows\System\aEfVitq.exe
  2⤵
  PID:5512
- C:\Windows\System\UuKmhgZ.exe
  C:\Windows\System\UuKmhgZ.exe
  2⤵
  PID:5540
- C:\Windows\System\YKpSNDU.exe
  C:\Windows\System\YKpSNDU.exe
  2⤵
  PID:5568
- C:\Windows\System\hlYeyfB.exe
  C:\Windows\System\hlYeyfB.exe
  2⤵
  PID:5596
- C:\Windows\System\TkaYbvz.exe
  C:\Windows\System\TkaYbvz.exe
  2⤵
  PID:5624
- C:\Windows\System\vCVZxIC.exe
  C:\Windows\System\vCVZxIC.exe
  2⤵
  PID:5652
- C:\Windows\System\rpjibNK.exe
  C:\Windows\System\rpjibNK.exe
  2⤵
  PID:5680
- C:\Windows\System\FFvEGEb.exe
  C:\Windows\System\FFvEGEb.exe
  2⤵
  PID:5708
- C:\Windows\System\icldZty.exe
  C:\Windows\System\icldZty.exe
  2⤵
  PID:5736
- C:\Windows\System\PsyTkTL.exe
  C:\Windows\System\PsyTkTL.exe
  2⤵
  PID:5764
- C:\Windows\System\bIfzyxq.exe
  C:\Windows\System\bIfzyxq.exe
  2⤵
  PID:5792
- C:\Windows\System\KEOyysU.exe
  C:\Windows\System\KEOyysU.exe
  2⤵
  PID:5820
- C:\Windows\System\DWbsgZW.exe
  C:\Windows\System\DWbsgZW.exe
  2⤵
  PID:5848
- C:\Windows\System\uvBYAcN.exe
  C:\Windows\System\uvBYAcN.exe
  2⤵
  PID:5876
- C:\Windows\System\apuJbZR.exe
  C:\Windows\System\apuJbZR.exe
  2⤵
  PID:5904
- C:\Windows\System\torxSqL.exe
  C:\Windows\System\torxSqL.exe
  2⤵
  PID:5932
- C:\Windows\System\dfjlroT.exe
  C:\Windows\System\dfjlroT.exe
  2⤵
  PID:5960
- C:\Windows\System\niEVrQF.exe
  C:\Windows\System\niEVrQF.exe
  2⤵
  PID:5988
- C:\Windows\System\KlOLavo.exe
  C:\Windows\System\KlOLavo.exe
  2⤵
  PID:6016
- C:\Windows\System\SSwYxRT.exe
  C:\Windows\System\SSwYxRT.exe
  2⤵
  PID:6044
- C:\Windows\System\xMRyQzB.exe
  C:\Windows\System\xMRyQzB.exe
  2⤵
  PID:6072
- C:\Windows\System\IdYEHsq.exe
  C:\Windows\System\IdYEHsq.exe
  2⤵
  PID:6100
- C:\Windows\System\jgsHazr.exe
  C:\Windows\System\jgsHazr.exe
  2⤵
  PID:6128
- C:\Windows\System\aSgxiGI.exe
  C:\Windows\System\aSgxiGI.exe
  2⤵
  PID:2772
- C:\Windows\System\YLbQwZf.exe
  C:\Windows\System\YLbQwZf.exe
  2⤵
  PID:2164
- C:\Windows\System\QgOzeSp.exe
  C:\Windows\System\QgOzeSp.exe
  2⤵
  PID:4428
- C:\Windows\System\DqwIBaw.exe
  C:\Windows\System\DqwIBaw.exe
  2⤵
  PID:3956
- C:\Windows\System\ktWRKxi.exe
  C:\Windows\System\ktWRKxi.exe
  2⤵
  PID:1928
- C:\Windows\System\kAkZnur.exe
  C:\Windows\System\kAkZnur.exe
  2⤵
  PID:5160
- C:\Windows\System\HamEcow.exe
  C:\Windows\System\HamEcow.exe
  2⤵
  PID:5220
- C:\Windows\System\OqLiUwu.exe
  C:\Windows\System\OqLiUwu.exe
  2⤵
  PID:5280
- C:\Windows\System\pAxtecs.exe
  C:\Windows\System\pAxtecs.exe
  2⤵
  PID:5356
- C:\Windows\System\vSGBAvM.exe
  C:\Windows\System\vSGBAvM.exe
  2⤵
  PID:5412
- C:\Windows\System\OXdlHUL.exe
  C:\Windows\System\OXdlHUL.exe
  2⤵
  PID:5476
- C:\Windows\System\QwioSct.exe
  C:\Windows\System\QwioSct.exe
  2⤵
  PID:5552
- C:\Windows\System\zAoVdIr.exe
  C:\Windows\System\zAoVdIr.exe
  2⤵
  PID:5612
- C:\Windows\System\ViRpjeY.exe
  C:\Windows\System\ViRpjeY.exe
  2⤵
  PID:5672
- C:\Windows\System\mVwpJCG.exe
  C:\Windows\System\mVwpJCG.exe
  2⤵
  PID:5748
- C:\Windows\System\hvKuSxH.exe
  C:\Windows\System\hvKuSxH.exe
  2⤵
  PID:5808
- C:\Windows\System\JMzgkyw.exe
  C:\Windows\System\JMzgkyw.exe
  2⤵
  PID:5868
- C:\Windows\System\kfIUfRh.exe
  C:\Windows\System\kfIUfRh.exe
  2⤵
  PID:5944
- C:\Windows\System\QRiiVsC.exe
  C:\Windows\System\QRiiVsC.exe
  2⤵
  PID:6004
- C:\Windows\System\BLTtngQ.exe
  C:\Windows\System\BLTtngQ.exe
  2⤵
  PID:6064
- C:\Windows\System\FHcYteM.exe
  C:\Windows\System\FHcYteM.exe
  2⤵
  PID:6140
- C:\Windows\System\ELHYhND.exe
  C:\Windows\System\ELHYhND.exe
  2⤵
  PID:3264
- C:\Windows\System\hshFJCu.exe
  C:\Windows\System\hshFJCu.exe
  2⤵
  PID:4392
- C:\Windows\System\FFEvCkk.exe
  C:\Windows\System\FFEvCkk.exe
  2⤵
  PID:5248
- C:\Windows\System\YckIFor.exe
  C:\Windows\System\YckIFor.exe
  2⤵
  PID:5388
- C:\Windows\System\XeyYSiC.exe
  C:\Windows\System\XeyYSiC.exe
  2⤵
  PID:5524
- C:\Windows\System\wdcDAFc.exe
  C:\Windows\System\wdcDAFc.exe
  2⤵
  PID:5664
- C:\Windows\System\JLXsakh.exe
  C:\Windows\System\JLXsakh.exe
  2⤵
  PID:5836
- C:\Windows\System\XAzzJQF.exe
  C:\Windows\System\XAzzJQF.exe
  2⤵
  PID:5976
- C:\Windows\System\yxmlGvG.exe
  C:\Windows\System\yxmlGvG.exe
  2⤵
  PID:6148
- C:\Windows\System\bCBAWJx.exe
  C:\Windows\System\bCBAWJx.exe
  2⤵
  PID:6176
- C:\Windows\System\XHnOSvY.exe
  C:\Windows\System\XHnOSvY.exe
  2⤵
  PID:6204
- C:\Windows\System\LNJvkKb.exe
  C:\Windows\System\LNJvkKb.exe
  2⤵
  PID:6220
- C:\Windows\System\iHgdGpR.exe
  C:\Windows\System\iHgdGpR.exe
  2⤵
  PID:6248
- C:\Windows\System\iQwtbAo.exe
  C:\Windows\System\iQwtbAo.exe
  2⤵
  PID:6276
- C:\Windows\System\CdIFjPc.exe
  C:\Windows\System\CdIFjPc.exe
  2⤵
  PID:6304
- C:\Windows\System\BuLpfvG.exe
  C:\Windows\System\BuLpfvG.exe
  2⤵
  PID:6332
- C:\Windows\System\UbnKafM.exe
  C:\Windows\System\UbnKafM.exe
  2⤵
  PID:6360
- C:\Windows\System\pTwMLgM.exe
  C:\Windows\System\pTwMLgM.exe
  2⤵
  PID:6388
- C:\Windows\System\DtoPEBJ.exe
  C:\Windows\System\DtoPEBJ.exe
  2⤵
  PID:6416
- C:\Windows\System\wQdHEBN.exe
  C:\Windows\System\wQdHEBN.exe
  2⤵
  PID:6444
- C:\Windows\System\AIQHZds.exe
  C:\Windows\System\AIQHZds.exe
  2⤵
  PID:6472
- C:\Windows\System\MbvpRsG.exe
  C:\Windows\System\MbvpRsG.exe
  2⤵
  PID:6500
- C:\Windows\System\yhtjJCt.exe
  C:\Windows\System\yhtjJCt.exe
  2⤵
  PID:6528
- C:\Windows\System\CCoVzli.exe
  C:\Windows\System\CCoVzli.exe
  2⤵
  PID:6560
- C:\Windows\System\SDViEEt.exe
  C:\Windows\System\SDViEEt.exe
  2⤵
  PID:6584
- C:\Windows\System\zLCAFml.exe
  C:\Windows\System\zLCAFml.exe
  2⤵
  PID:6612
- C:\Windows\System\PnPiKsf.exe
  C:\Windows\System\PnPiKsf.exe
  2⤵
  PID:6640
- C:\Windows\System\BASpokq.exe
  C:\Windows\System\BASpokq.exe
  2⤵
  PID:6668
- C:\Windows\System\DPYFKbD.exe
  C:\Windows\System\DPYFKbD.exe
  2⤵
  PID:6696
- C:\Windows\System\RexlxmG.exe
  C:\Windows\System\RexlxmG.exe
  2⤵
  PID:6724
- C:\Windows\System\xBfoIit.exe
  C:\Windows\System\xBfoIit.exe
  2⤵
  PID:6764
- C:\Windows\System\tSWfXQz.exe
  C:\Windows\System\tSWfXQz.exe
  2⤵
  PID:6792
- C:\Windows\System\Mliyjrx.exe
  C:\Windows\System\Mliyjrx.exe
  2⤵
  PID:6820
- C:\Windows\System\oPBONTA.exe
  C:\Windows\System\oPBONTA.exe
  2⤵
  PID:6836
- C:\Windows\System\yyyjetW.exe
  C:\Windows\System\yyyjetW.exe
  2⤵
  PID:6864
- C:\Windows\System\ZacarQV.exe
  C:\Windows\System\ZacarQV.exe
  2⤵
  PID:6892
- C:\Windows\System\VgBRLzA.exe
  C:\Windows\System\VgBRLzA.exe
  2⤵
  PID:6920
- C:\Windows\System\wmMlSEP.exe
  C:\Windows\System\wmMlSEP.exe
  2⤵
  PID:6960
- C:\Windows\System\eDDBRKH.exe
  C:\Windows\System\eDDBRKH.exe
  2⤵
  PID:6988
- C:\Windows\System\RfIUeQi.exe
  C:\Windows\System\RfIUeQi.exe
  2⤵
  PID:7016
- C:\Windows\System\vEWOghY.exe
  C:\Windows\System\vEWOghY.exe
  2⤵
  PID:7044
- C:\Windows\System\pMcBGwm.exe
  C:\Windows\System\pMcBGwm.exe
  2⤵
  PID:7084
- C:\Windows\System\NTNpOwj.exe
  C:\Windows\System\NTNpOwj.exe
  2⤵
  PID:7100
- C:\Windows\System\XfCJHgZ.exe
  C:\Windows\System\XfCJHgZ.exe
  2⤵
  PID:7128
- C:\Windows\System\MLgrPxY.exe
  C:\Windows\System\MLgrPxY.exe
  2⤵
  PID:7144
- C:\Windows\System\CwzVpjp.exe
  C:\Windows\System\CwzVpjp.exe
  2⤵
  PID:4520
- C:\Windows\System\VJXomVk.exe
  C:\Windows\System\VJXomVk.exe
  2⤵
  PID:5188
- C:\Windows\System\lcPEtrL.exe
  C:\Windows\System\lcPEtrL.exe
  2⤵
  PID:5640
- C:\Windows\System\CRyCGTk.exe
  C:\Windows\System\CRyCGTk.exe
  2⤵
  PID:6036
- C:\Windows\System\xPcgPYr.exe
  C:\Windows\System\xPcgPYr.exe
  2⤵
  PID:2224
- C:\Windows\System\PgDJbFq.exe
  C:\Windows\System\PgDJbFq.exe
  2⤵
  PID:6240
- C:\Windows\System\adyGHtB.exe
  C:\Windows\System\adyGHtB.exe
  2⤵
  PID:6316
- C:\Windows\System\PRGqzUG.exe
  C:\Windows\System\PRGqzUG.exe
  2⤵
  PID:5092
- C:\Windows\System\dUBvSdU.exe
  C:\Windows\System\dUBvSdU.exe
  2⤵
  PID:6432
- C:\Windows\System\UeEnEAN.exe
  C:\Windows\System\UeEnEAN.exe
  2⤵
  PID:6492
- C:\Windows\System\OMqcUeK.exe
  C:\Windows\System\OMqcUeK.exe
  2⤵
  PID:6568
- C:\Windows\System\RgFhTWW.exe
  C:\Windows\System\RgFhTWW.exe
  2⤵
  PID:6628
- C:\Windows\System\WUdjKay.exe
  C:\Windows\System\WUdjKay.exe
  2⤵
  PID:6688
- C:\Windows\System\zaCpkeA.exe
  C:\Windows\System\zaCpkeA.exe
  2⤵
  PID:6752
- C:\Windows\System\tAaJqAx.exe
  C:\Windows\System\tAaJqAx.exe
  2⤵
  PID:6812
- C:\Windows\System\doJQOTk.exe
  C:\Windows\System\doJQOTk.exe
  2⤵
  PID:6876
- C:\Windows\System\DROxsHc.exe
  C:\Windows\System\DROxsHc.exe
  2⤵
  PID:6932
- C:\Windows\System\ONPatuE.exe
  C:\Windows\System\ONPatuE.exe
  2⤵
  PID:7000
- C:\Windows\System\zpocCgz.exe
  C:\Windows\System\zpocCgz.exe
  2⤵
  PID:7060
- C:\Windows\System\owCmxuo.exe
  C:\Windows\System\owCmxuo.exe
  2⤵
  PID:7120
- C:\Windows\System\wLDKwGX.exe
  C:\Windows\System\wLDKwGX.exe
  2⤵
  PID:3004
- C:\Windows\System\pRxxCEs.exe
  C:\Windows\System\pRxxCEs.exe
  2⤵
  PID:5780
- C:\Windows\System\OKXvZLo.exe
  C:\Windows\System\OKXvZLo.exe
  2⤵
  PID:6216
- C:\Windows\System\aLbWRSy.exe
  C:\Windows\System\aLbWRSy.exe
  2⤵
  PID:6348
- C:\Windows\System\fOmFZpW.exe
  C:\Windows\System\fOmFZpW.exe
  2⤵
  PID:6484
- C:\Windows\System\LgJssrf.exe
  C:\Windows\System\LgJssrf.exe
  2⤵
  PID:6604
- C:\Windows\System\uAQnvSN.exe
  C:\Windows\System\uAQnvSN.exe
  2⤵
  PID:6780
- C:\Windows\System\VwtCZtc.exe
  C:\Windows\System\VwtCZtc.exe
  2⤵
  PID:6904
- C:\Windows\System\kmiBqIy.exe
  C:\Windows\System\kmiBqIy.exe
  2⤵
  PID:7036
- C:\Windows\System\wjjDixM.exe
  C:\Windows\System\wjjDixM.exe
  2⤵
  PID:7184
- C:\Windows\System\EbDPmiF.exe
  C:\Windows\System\EbDPmiF.exe
  2⤵
  PID:7212
- C:\Windows\System\vbapvRc.exe
  C:\Windows\System\vbapvRc.exe
  2⤵
  PID:7240
- C:\Windows\System\RumwYJl.exe
  C:\Windows\System\RumwYJl.exe
  2⤵
  PID:7268
- C:\Windows\System\ARUYsUh.exe
  C:\Windows\System\ARUYsUh.exe
  2⤵
  PID:7296
- C:\Windows\System\xEAPpqc.exe
  C:\Windows\System\xEAPpqc.exe
  2⤵
  PID:7324
- C:\Windows\System\eKgjeKK.exe
  C:\Windows\System\eKgjeKK.exe
  2⤵
  PID:7352
- C:\Windows\System\crgSVBe.exe
  C:\Windows\System\crgSVBe.exe
  2⤵
  PID:7380
- C:\Windows\System\ttRnltz.exe
  C:\Windows\System\ttRnltz.exe
  2⤵
  PID:7408
- C:\Windows\System\TxztISI.exe
  C:\Windows\System\TxztISI.exe
  2⤵
  PID:7436
- C:\Windows\System\fwcCfEi.exe
  C:\Windows\System\fwcCfEi.exe
  2⤵
  PID:7460
- C:\Windows\System\ahbCvTH.exe
  C:\Windows\System\ahbCvTH.exe
  2⤵
  PID:7484
- C:\Windows\System\sqdoNqM.exe
  C:\Windows\System\sqdoNqM.exe
  2⤵
  PID:7508
- C:\Windows\System\ZEWpHmv.exe
  C:\Windows\System\ZEWpHmv.exe
  2⤵
  PID:7536
- C:\Windows\System\DVnYblS.exe
  C:\Windows\System\DVnYblS.exe
  2⤵
  PID:7564
- C:\Windows\System\TbkevVF.exe
  C:\Windows\System\TbkevVF.exe
  2⤵
  PID:7592
- C:\Windows\System\fmuHFWM.exe
  C:\Windows\System\fmuHFWM.exe
  2⤵
  PID:7620
- C:\Windows\System\YedOLpM.exe
  C:\Windows\System\YedOLpM.exe
  2⤵
  PID:7648
- C:\Windows\System\lyquKss.exe
  C:\Windows\System\lyquKss.exe
  2⤵
  PID:7676
- C:\Windows\System\RgFRBHq.exe
  C:\Windows\System\RgFRBHq.exe
  2⤵
  PID:7704
- C:\Windows\System\NBgYzzd.exe
  C:\Windows\System\NBgYzzd.exe
  2⤵
  PID:7728
- C:\Windows\System\dgNKJwt.exe
  C:\Windows\System\dgNKJwt.exe
  2⤵
  PID:7760
- C:\Windows\System\MTwMcSL.exe
  C:\Windows\System\MTwMcSL.exe
  2⤵
  PID:7788
- C:\Windows\System\NqJUnLk.exe
  C:\Windows\System\NqJUnLk.exe
  2⤵
  PID:7816
- C:\Windows\System\nQAKsEU.exe
  C:\Windows\System\nQAKsEU.exe
  2⤵
  PID:7856
- C:\Windows\System\ogcruLt.exe
  C:\Windows\System\ogcruLt.exe
  2⤵
  PID:7884
- C:\Windows\System\fJdfCbJ.exe
  C:\Windows\System\fJdfCbJ.exe
  2⤵
  PID:7912
- C:\Windows\System\qzeeXmR.exe
  C:\Windows\System\qzeeXmR.exe
  2⤵
  PID:7940
- C:\Windows\System\RmTdyhp.exe
  C:\Windows\System\RmTdyhp.exe
  2⤵
  PID:7968
- C:\Windows\System\daBleKo.exe
  C:\Windows\System\daBleKo.exe
  2⤵
  PID:7996
- C:\Windows\System\kKvOxTu.exe
  C:\Windows\System\kKvOxTu.exe
  2⤵
  PID:8024
- C:\Windows\System\yRJLnVo.exe
  C:\Windows\System\yRJLnVo.exe
  2⤵
  PID:8052
- C:\Windows\System\AfseWYT.exe
  C:\Windows\System\AfseWYT.exe
  2⤵
  PID:8080
- C:\Windows\System\KOwQqzw.exe
  C:\Windows\System\KOwQqzw.exe
  2⤵
  PID:8108
- C:\Windows\System\SZvIlRZ.exe
  C:\Windows\System\SZvIlRZ.exe
  2⤵
  PID:8136
- C:\Windows\System\VZFlLcR.exe
  C:\Windows\System\VZFlLcR.exe
  2⤵
  PID:8164
- C:\Windows\System\WqrLxsO.exe
  C:\Windows\System\WqrLxsO.exe
  2⤵
  PID:7156
- C:\Windows\System\wHehLsp.exe
  C:\Windows\System\wHehLsp.exe
  2⤵
  PID:3916
- C:\Windows\System\fNDzGUL.exe
  C:\Windows\System\fNDzGUL.exe
  2⤵
  PID:6408
- C:\Windows\System\azqIYpg.exe
  C:\Windows\System\azqIYpg.exe
  2⤵
  PID:6712
- C:\Windows\System\GqppphC.exe
  C:\Windows\System\GqppphC.exe
  2⤵
  PID:6976
- C:\Windows\System\HBSWCzL.exe
  C:\Windows\System\HBSWCzL.exe
  2⤵
  PID:7200
- C:\Windows\System\BqtYMhI.exe
  C:\Windows\System\BqtYMhI.exe
  2⤵
  PID:7252
- C:\Windows\System\lqYWotB.exe
  C:\Windows\System\lqYWotB.exe
  2⤵
  PID:7288
- C:\Windows\System\DuWeXJD.exe
  C:\Windows\System\DuWeXJD.exe
  2⤵
  PID:7336
- C:\Windows\System\xYtZOPF.exe
  C:\Windows\System\xYtZOPF.exe
  2⤵
  PID:7396
- C:\Windows\System\EVCEBzK.exe
  C:\Windows\System\EVCEBzK.exe
  2⤵
  PID:7492
- C:\Windows\System\xxLtojH.exe
  C:\Windows\System\xxLtojH.exe
  2⤵
  PID:7548
- C:\Windows\System\DpThPdh.exe
  C:\Windows\System\DpThPdh.exe
  2⤵
  PID:7576
- C:\Windows\System\rEaBSvb.exe
  C:\Windows\System\rEaBSvb.exe
  2⤵
  PID:7640
- C:\Windows\System\cebOTTP.exe
  C:\Windows\System\cebOTTP.exe
  2⤵
  PID:7696
- C:\Windows\System\cuYetsF.exe
  C:\Windows\System\cuYetsF.exe
  2⤵
  PID:7776
- C:\Windows\System\uysOxeu.exe
  C:\Windows\System\uysOxeu.exe
  2⤵
  PID:5004
- C:\Windows\System\xbRlnwG.exe
  C:\Windows\System\xbRlnwG.exe
  2⤵
  PID:7896
- C:\Windows\System\gzkcOga.exe
  C:\Windows\System\gzkcOga.exe
  2⤵
  PID:7952
- C:\Windows\System\rxZiNGf.exe
  C:\Windows\System\rxZiNGf.exe
  2⤵
  PID:7992
- C:\Windows\System\PBoFGGA.exe
  C:\Windows\System\PBoFGGA.exe
  2⤵
  PID:8016
- C:\Windows\System\GXZOqGU.exe
  C:\Windows\System\GXZOqGU.exe
  2⤵
  PID:8092
- C:\Windows\System\aBGfcwP.exe
  C:\Windows\System\aBGfcwP.exe
  2⤵
  PID:4192
- C:\Windows\System\PzXBmRY.exe
  C:\Windows\System\PzXBmRY.exe
  2⤵
  PID:8184
- C:\Windows\System\sPfyjKs.exe
  C:\Windows\System\sPfyjKs.exe
  2⤵
  PID:3100
- C:\Windows\System\zNvJdsm.exe
  C:\Windows\System\zNvJdsm.exe
  2⤵
  PID:6852
- C:\Windows\System\cqYgAjM.exe
  C:\Windows\System\cqYgAjM.exe
  2⤵
  PID:7232
- C:\Windows\System\cVOqfHK.exe
  C:\Windows\System\cVOqfHK.exe
  2⤵
  PID:1560
- C:\Windows\System\BktydrU.exe
  C:\Windows\System\BktydrU.exe
  2⤵
  PID:7452
- C:\Windows\System\vsSedUq.exe
  C:\Windows\System\vsSedUq.exe
  2⤵
  PID:7528
- C:\Windows\System\xaKeKcf.exe
  C:\Windows\System\xaKeKcf.exe
  2⤵
  PID:7608
- C:\Windows\System\sxZgjAb.exe
  C:\Windows\System\sxZgjAb.exe
  2⤵
  PID:7724
- C:\Windows\System\REPTrhw.exe
  C:\Windows\System\REPTrhw.exe
  2⤵
  PID:7828
- C:\Windows\System\uoOPLsS.exe
  C:\Windows\System\uoOPLsS.exe
  2⤵
  PID:7932
- C:\Windows\System\eiWoqWP.exe
  C:\Windows\System\eiWoqWP.exe
  2⤵
  PID:8044
- C:\Windows\System\HCRMoCy.exe
  C:\Windows\System\HCRMoCy.exe
  2⤵
  PID:8156
- C:\Windows\System\Ytjwwwx.exe
  C:\Windows\System\Ytjwwwx.exe
  2⤵
  PID:6848
- C:\Windows\System\OkiAedW.exe
  C:\Windows\System\OkiAedW.exe
  2⤵
  PID:2144
- C:\Windows\System\ggdLpGk.exe
  C:\Windows\System\ggdLpGk.exe
  2⤵
  PID:7664
- C:\Windows\System\JLAghUU.exe
  C:\Windows\System\JLAghUU.exe
  2⤵
  PID:7928
- C:\Windows\System\IaRlfbG.exe
  C:\Windows\System\IaRlfbG.exe
  2⤵
  PID:8120
- C:\Windows\System\xfCGbOM.exe
  C:\Windows\System\xfCGbOM.exe
  2⤵
  PID:8212
- C:\Windows\System\HNSlXqx.exe
  C:\Windows\System\HNSlXqx.exe
  2⤵
  PID:8240
- C:\Windows\System\OdFkdww.exe
  C:\Windows\System\OdFkdww.exe
  2⤵
  PID:8272
- C:\Windows\System\RSKXevq.exe
  C:\Windows\System\RSKXevq.exe
  2⤵
  PID:8296
- C:\Windows\System\OCpinzo.exe
  C:\Windows\System\OCpinzo.exe
  2⤵
  PID:8324
- C:\Windows\System\BydEKfJ.exe
  C:\Windows\System\BydEKfJ.exe
  2⤵
  PID:8352
- C:\Windows\System\PjEXhPG.exe
  C:\Windows\System\PjEXhPG.exe
  2⤵
  PID:8380
- C:\Windows\System\hHoEboI.exe
  C:\Windows\System\hHoEboI.exe
  2⤵
  PID:8408
- C:\Windows\System\TCWytJw.exe
  C:\Windows\System\TCWytJw.exe
  2⤵
  PID:8436
- C:\Windows\System\fPXeWSD.exe
  C:\Windows\System\fPXeWSD.exe
  2⤵
  PID:8464
- C:\Windows\System\CrxmuUP.exe
  C:\Windows\System\CrxmuUP.exe
  2⤵
  PID:8488
- C:\Windows\System\prsndWC.exe
  C:\Windows\System\prsndWC.exe
  2⤵
  PID:8520
- C:\Windows\System\mwxTJmH.exe
  C:\Windows\System\mwxTJmH.exe
  2⤵
  PID:8548
- C:\Windows\System\xHTuAHa.exe
  C:\Windows\System\xHTuAHa.exe
  2⤵
  PID:8572
- C:\Windows\System\RhqcYnz.exe
  C:\Windows\System\RhqcYnz.exe
  2⤵
  PID:8600
- C:\Windows\System\XZXqUhY.exe
  C:\Windows\System\XZXqUhY.exe
  2⤵
  PID:8636
- C:\Windows\System\PpFwBzL.exe
  C:\Windows\System\PpFwBzL.exe
  2⤵
  PID:8660
- C:\Windows\System\snMNbqd.exe
  C:\Windows\System\snMNbqd.exe
  2⤵
  PID:8688
- C:\Windows\System\ldFsRig.exe
  C:\Windows\System\ldFsRig.exe
  2⤵
  PID:8716
- C:\Windows\System\IIFLkez.exe
  C:\Windows\System\IIFLkez.exe
  2⤵
  PID:8744
- C:\Windows\System\Jkvjtfy.exe
  C:\Windows\System\Jkvjtfy.exe
  2⤵
  PID:8776
- C:\Windows\System\YPYCujq.exe
  C:\Windows\System\YPYCujq.exe
  2⤵
  PID:8800
- C:\Windows\System\CKZWMLR.exe
  C:\Windows\System\CKZWMLR.exe
  2⤵
  PID:8828
- C:\Windows\System\reehggS.exe
  C:\Windows\System\reehggS.exe
  2⤵
  PID:8856
- C:\Windows\System\jLjwsQn.exe
  C:\Windows\System\jLjwsQn.exe
  2⤵
  PID:8872
- C:\Windows\System\fCFQLKh.exe
  C:\Windows\System\fCFQLKh.exe
  2⤵
  PID:8900
- C:\Windows\System\WdkomDM.exe
  C:\Windows\System\WdkomDM.exe
  2⤵
  PID:8928
- C:\Windows\System\OEAQune.exe
  C:\Windows\System\OEAQune.exe
  2⤵
  PID:8956
- C:\Windows\System\vPryOCY.exe
  C:\Windows\System\vPryOCY.exe
  2⤵
  PID:8984
- C:\Windows\System\IrpfxkC.exe
  C:\Windows\System\IrpfxkC.exe
  2⤵
  PID:9012
- C:\Windows\System\CtszanK.exe
  C:\Windows\System\CtszanK.exe
  2⤵
  PID:9040
- C:\Windows\System\ZtRgbqI.exe
  C:\Windows\System\ZtRgbqI.exe
  2⤵
  PID:9068
- C:\Windows\System\qNCEHOE.exe
  C:\Windows\System\qNCEHOE.exe
  2⤵
  PID:9100
- C:\Windows\System\aBjrbpr.exe
  C:\Windows\System\aBjrbpr.exe
  2⤵
  PID:9128
- C:\Windows\System\kEAvDEH.exe
  C:\Windows\System\kEAvDEH.exe
  2⤵
  PID:9168
- C:\Windows\System\fNnjoPW.exe
  C:\Windows\System\fNnjoPW.exe
  2⤵
  PID:9192
- C:\Windows\System\FRltTrA.exe
  C:\Windows\System\FRltTrA.exe
  2⤵
  PID:6292
- C:\Windows\System\sAItMGn.exe
  C:\Windows\System\sAItMGn.exe
  2⤵
  PID:4876
- C:\Windows\System\GowhSrD.exe
  C:\Windows\System\GowhSrD.exe
  2⤵
  PID:8196
- C:\Windows\System\KSlOpOV.exe
  C:\Windows\System\KSlOpOV.exe
  2⤵
  PID:8252
- C:\Windows\System\xKtYLbg.exe
  C:\Windows\System\xKtYLbg.exe
  2⤵
  PID:8308
- C:\Windows\System\WAveUKH.exe
  C:\Windows\System\WAveUKH.exe
  2⤵
  PID:8364
- C:\Windows\System\NeANbfN.exe
  C:\Windows\System\NeANbfN.exe
  2⤵
  PID:8428
- C:\Windows\System\SxVbtUw.exe
  C:\Windows\System\SxVbtUw.exe
  2⤵
  PID:3508
- C:\Windows\System\yCoQgBt.exe
  C:\Windows\System\yCoQgBt.exe
  2⤵
  PID:8536
- C:\Windows\System\TTzdxRA.exe
  C:\Windows\System\TTzdxRA.exe
  2⤵
  PID:8596
- C:\Windows\System\VdSnPDa.exe
  C:\Windows\System\VdSnPDa.exe
  2⤵
  PID:8672
- C:\Windows\System\QQyZMKj.exe
  C:\Windows\System\QQyZMKj.exe
  2⤵
  PID:8728
- C:\Windows\System\VWIdCXE.exe
  C:\Windows\System\VWIdCXE.exe
  2⤵
  PID:4568
- C:\Windows\System\mSelpaT.exe
  C:\Windows\System\mSelpaT.exe
  2⤵
  PID:8840
- C:\Windows\System\jObbJPv.exe
  C:\Windows\System\jObbJPv.exe
  2⤵
  PID:8892
- C:\Windows\System\MlliPyA.exe
  C:\Windows\System\MlliPyA.exe
  2⤵
  PID:8944
- C:\Windows\System\xzAFJOs.exe
  C:\Windows\System\xzAFJOs.exe
  2⤵
  PID:8996
- C:\Windows\System\YbBJZqz.exe
  C:\Windows\System\YbBJZqz.exe
  2⤵
  PID:9120
- C:\Windows\System\dJzqCqx.exe
  C:\Windows\System\dJzqCqx.exe
  2⤵
  PID:9184
- C:\Windows\System\lpjaTvN.exe
  C:\Windows\System\lpjaTvN.exe
  2⤵
  PID:4572
- C:\Windows\System\wkSwDxg.exe
  C:\Windows\System\wkSwDxg.exe
  2⤵
  PID:4152
- C:\Windows\System\ppMUoaR.exe
  C:\Windows\System\ppMUoaR.exe
  2⤵
  PID:8476
- C:\Windows\System\UfhhYAc.exe
  C:\Windows\System\UfhhYAc.exe
  2⤵
  PID:3596
- C:\Windows\System\AaADjGj.exe
  C:\Windows\System\AaADjGj.exe
  2⤵
  PID:4996
- C:\Windows\System\XeNWQvG.exe
  C:\Windows\System\XeNWQvG.exe
  2⤵
  PID:1072
- C:\Windows\System\VZJxBje.exe
  C:\Windows\System\VZJxBje.exe
  2⤵
  PID:2860
- C:\Windows\System\hWkYmXt.exe
  C:\Windows\System\hWkYmXt.exe
  2⤵
  PID:3724
- C:\Windows\System\IgVxFFt.exe
  C:\Windows\System\IgVxFFt.exe
  2⤵
  PID:8920
- C:\Windows\System\iTVVyBp.exe
  C:\Windows\System\iTVVyBp.exe
  2⤵
  PID:4500
- C:\Windows\System\jkRGopG.exe
  C:\Windows\System\jkRGopG.exe
  2⤵
  PID:1152
- C:\Windows\System\DezSJsN.exe
  C:\Windows\System\DezSJsN.exe
  2⤵
  PID:928
- C:\Windows\System\ROVzTWH.exe
  C:\Windows\System\ROVzTWH.exe
  2⤵
  PID:9084
- C:\Windows\System\zRQBlRC.exe
  C:\Windows\System\zRQBlRC.exe
  2⤵
  PID:8068
- C:\Windows\System\BjLRUNb.exe
  C:\Windows\System\BjLRUNb.exe
  2⤵
  PID:9108
- C:\Windows\System\dfJeDSa.exe
  C:\Windows\System\dfJeDSa.exe
  2⤵
  PID:2156
- C:\Windows\System\wkJjMCZ.exe
  C:\Windows\System\wkJjMCZ.exe
  2⤵
  PID:720
- C:\Windows\System\lJZAUmP.exe
  C:\Windows\System\lJZAUmP.exe
  2⤵
  PID:2736
- C:\Windows\System\ZSZwBnp.exe
  C:\Windows\System\ZSZwBnp.exe
  2⤵
  PID:9156
- C:\Windows\System\NTlvTFs.exe
  C:\Windows\System\NTlvTFs.exe
  2⤵
  PID:2140
- C:\Windows\System\RCTFtHN.exe
  C:\Windows\System\RCTFtHN.exe
  2⤵
  PID:396
- C:\Windows\System\TeyLyuI.exe
  C:\Windows\System\TeyLyuI.exe
  2⤵
  PID:8756
- C:\Windows\System\JBUjxhv.exe
  C:\Windows\System\JBUjxhv.exe
  2⤵
  PID:8232
- C:\Windows\System\hDopHGi.exe
  C:\Windows\System\hDopHGi.exe
  2⤵
  PID:9248
- C:\Windows\System\FOzezWu.exe
  C:\Windows\System\FOzezWu.exe
  2⤵
  PID:9276
- C:\Windows\System\JoHhMuP.exe
  C:\Windows\System\JoHhMuP.exe
  2⤵
  PID:9304
- C:\Windows\System\AXMTvBy.exe
  C:\Windows\System\AXMTvBy.exe
  2⤵
  PID:9336
- C:\Windows\System\AkqQQQu.exe
  C:\Windows\System\AkqQQQu.exe
  2⤵
  PID:9364
- C:\Windows\System\KNhLhvg.exe
  C:\Windows\System\KNhLhvg.exe
  2⤵
  PID:9396
- C:\Windows\System\HpSquwN.exe
  C:\Windows\System\HpSquwN.exe
  2⤵
  PID:9424
- C:\Windows\System\IqcBeos.exe
  C:\Windows\System\IqcBeos.exe
  2⤵
  PID:9452
- C:\Windows\System\XkkIRIN.exe
  C:\Windows\System\XkkIRIN.exe
  2⤵
  PID:9480
- C:\Windows\System\qBugQgl.exe
  C:\Windows\System\qBugQgl.exe
  2⤵
  PID:9508
- C:\Windows\System\YbPYImZ.exe
  C:\Windows\System\YbPYImZ.exe
  2⤵
  PID:9536
- C:\Windows\System\mrqdJZU.exe
  C:\Windows\System\mrqdJZU.exe
  2⤵
  PID:9568
- C:\Windows\System\hpnrkhh.exe
  C:\Windows\System\hpnrkhh.exe
  2⤵
  PID:9596
- C:\Windows\System\CjunGNG.exe
  C:\Windows\System\CjunGNG.exe
  2⤵
  PID:9628
- C:\Windows\System\ehcyjZj.exe
  C:\Windows\System\ehcyjZj.exe
  2⤵
  PID:9656
- C:\Windows\System\AQkgNKo.exe
  C:\Windows\System\AQkgNKo.exe
  2⤵
  PID:9688
- C:\Windows\System\AUrmOUr.exe
  C:\Windows\System\AUrmOUr.exe
  2⤵
  PID:9704
- C:\Windows\System\qbXydzW.exe
  C:\Windows\System\qbXydzW.exe
  2⤵
  PID:9748
- C:\Windows\System\TzaILTD.exe
  C:\Windows\System\TzaILTD.exe
  2⤵
  PID:9780
- C:\Windows\System\vjgeHYr.exe
  C:\Windows\System\vjgeHYr.exe
  2⤵
  PID:9812
- C:\Windows\System\ZPitbXh.exe
  C:\Windows\System\ZPitbXh.exe
  2⤵
  PID:9836
- C:\Windows\System\BOlnQkM.exe
  C:\Windows\System\BOlnQkM.exe
  2⤵
  PID:9868
- C:\Windows\System\CRBoFwP.exe
  C:\Windows\System\CRBoFwP.exe
  2⤵
  PID:9892
- C:\Windows\System\wLfiADa.exe
  C:\Windows\System\wLfiADa.exe
  2⤵
  PID:9924
- C:\Windows\System\AWaljxt.exe
  C:\Windows\System\AWaljxt.exe
  2⤵
  PID:9952
- C:\Windows\System\kARljSr.exe
  C:\Windows\System\kARljSr.exe
  2⤵
  PID:9984
- C:\Windows\System\aBbFlpD.exe
  C:\Windows\System\aBbFlpD.exe
  2⤵
  PID:10012
- C:\Windows\System\UFiboJS.exe
  C:\Windows\System\UFiboJS.exe
  2⤵
  PID:10040
- C:\Windows\System\WeKoeJl.exe
  C:\Windows\System\WeKoeJl.exe
  2⤵
  PID:10084
- C:\Windows\System\OHdGrDU.exe
  C:\Windows\System\OHdGrDU.exe
  2⤵
  PID:10132
- C:\Windows\System\lkPJIGc.exe
  C:\Windows\System\lkPJIGc.exe
  2⤵
  PID:10164
- C:\Windows\System\WqasiAN.exe
  C:\Windows\System\WqasiAN.exe
  2⤵
  PID:10200
- C:\Windows\System\IvnyKEt.exe
  C:\Windows\System\IvnyKEt.exe
  2⤵
  PID:10236
- C:\Windows\System\TpsHRTI.exe
  C:\Windows\System\TpsHRTI.exe
  2⤵
  PID:9240
- C:\Windows\System\PYzrCyJ.exe
  C:\Windows\System\PYzrCyJ.exe
  2⤵
  PID:9296
- C:\Windows\System\LdJhzyv.exe
  C:\Windows\System\LdJhzyv.exe
  2⤵
  PID:9360
- C:\Windows\System\pKTHUDi.exe
  C:\Windows\System\pKTHUDi.exe
  2⤵
  PID:9436
- C:\Windows\System\cioAAxB.exe
  C:\Windows\System\cioAAxB.exe
  2⤵
  PID:9504
- C:\Windows\System\zlznvkF.exe
  C:\Windows\System\zlznvkF.exe
  2⤵
  PID:9580
- C:\Windows\System\MYlmXuC.exe
  C:\Windows\System\MYlmXuC.exe
  2⤵
  PID:9648
- C:\Windows\System\rVOdgDD.exe
  C:\Windows\System\rVOdgDD.exe
  2⤵
  PID:9728
- C:\Windows\System\UZLMwaJ.exe
  C:\Windows\System\UZLMwaJ.exe
  2⤵
  PID:9796
- C:\Windows\System\fgtzLFm.exe
  C:\Windows\System\fgtzLFm.exe
  2⤵
  PID:9864
- C:\Windows\System\EvRBPvm.exe
  C:\Windows\System\EvRBPvm.exe
  2⤵
  PID:9908
- C:\Windows\System\RXBOyjJ.exe
  C:\Windows\System\RXBOyjJ.exe
  2⤵
  PID:9964
- C:\Windows\System\xonkwvx.exe
  C:\Windows\System\xonkwvx.exe
  2⤵
  PID:10052
- C:\Windows\System\gDczEns.exe
  C:\Windows\System\gDczEns.exe
  2⤵
  PID:10160
- C:\Windows\System\EHXlsys.exe
  C:\Windows\System\EHXlsys.exe
  2⤵
  PID:9228
- C:\Windows\System\iqRWSaD.exe
  C:\Windows\System\iqRWSaD.exe
  2⤵
  PID:9348
- C:\Windows\System\XNyttnH.exe
  C:\Windows\System\XNyttnH.exe
  2⤵
  PID:9556
- C:\Windows\System\wuxObau.exe
  C:\Windows\System\wuxObau.exe
  2⤵
  PID:9876
- C:\Windows\System\KqEKeHB.exe
  C:\Windows\System\KqEKeHB.exe
  2⤵
  PID:10192
- C:\Windows\System\EutbBoc.exe
  C:\Windows\System\EutbBoc.exe
  2⤵
  PID:9492
- C:\Windows\System\ZnyCTUR.exe
  C:\Windows\System\ZnyCTUR.exe
  2⤵
  PID:10260
- C:\Windows\System\IHMJTUm.exe
  C:\Windows\System\IHMJTUm.exe
  2⤵
  PID:10304
- C:\Windows\System\CsTnOWg.exe
  C:\Windows\System\CsTnOWg.exe
  2⤵
  PID:10380
- C:\Windows\System\EwxTpse.exe
  C:\Windows\System\EwxTpse.exe
  2⤵
  PID:10404
- C:\Windows\System\qXaeexQ.exe
  C:\Windows\System\qXaeexQ.exe
  2⤵
  PID:10440
- C:\Windows\System\VhqPLda.exe
  C:\Windows\System\VhqPLda.exe
  2⤵
  PID:10468
- C:\Windows\System\TQEtJcl.exe
  C:\Windows\System\TQEtJcl.exe
  2⤵
  PID:10496
- C:\Windows\System\wSusILD.exe
  C:\Windows\System\wSusILD.exe
  2⤵
  PID:10532
- C:\Windows\System\xVLBBOb.exe
  C:\Windows\System\xVLBBOb.exe
  2⤵
  PID:10592
- C:\Windows\System\cDDfojW.exe
  C:\Windows\System\cDDfojW.exe
  2⤵
  PID:10628
- C:\Windows\System\CMedRWw.exe
  C:\Windows\System\CMedRWw.exe
  2⤵
  PID:10664
- C:\Windows\System\WaoTWQk.exe
  C:\Windows\System\WaoTWQk.exe
  2⤵
  PID:10700
- C:\Windows\System\yVEezjq.exe
  C:\Windows\System\yVEezjq.exe
  2⤵
  PID:10728
- C:\Windows\System\AQLXNUy.exe
  C:\Windows\System\AQLXNUy.exe
  2⤵
  PID:10760
- C:\Windows\System\WVaiDRK.exe
  C:\Windows\System\WVaiDRK.exe
  2⤵
  PID:10788
- C:\Windows\System\axzUfXL.exe
  C:\Windows\System\axzUfXL.exe
  2⤵
  PID:10816
- C:\Windows\System\ITewCDI.exe
  C:\Windows\System\ITewCDI.exe
  2⤵
  PID:10848
- C:\Windows\System\QwkgoNr.exe
  C:\Windows\System\QwkgoNr.exe
  2⤵
  PID:10876
- C:\Windows\System\sJNvOrZ.exe
  C:\Windows\System\sJNvOrZ.exe
  2⤵
  PID:10904
- C:\Windows\System\CnJBYch.exe
  C:\Windows\System\CnJBYch.exe
  2⤵
  PID:10932
- C:\Windows\System\hmauelt.exe
  C:\Windows\System\hmauelt.exe
  2⤵
  PID:10964
- C:\Windows\System\aUYFfvL.exe
  C:\Windows\System\aUYFfvL.exe
  2⤵
  PID:11000
- C:\Windows\System\sWcdFAi.exe
  C:\Windows\System\sWcdFAi.exe
  2⤵
  PID:11028
- C:\Windows\System\kdBWcsw.exe
  C:\Windows\System\kdBWcsw.exe
  2⤵
  PID:11064
- C:\Windows\System\UbmBlcC.exe
  C:\Windows\System\UbmBlcC.exe
  2⤵
  PID:11096
- C:\Windows\System\EkdRypc.exe
  C:\Windows\System\EkdRypc.exe
  2⤵
  PID:11136
- C:\Windows\System\VTprEeq.exe
  C:\Windows\System\VTprEeq.exe
  2⤵
  PID:11172
- C:\Windows\System\kwPSqEw.exe
  C:\Windows\System\kwPSqEw.exe
  2⤵
  PID:11192
- C:\Windows\System\fPOEHyD.exe
  C:\Windows\System\fPOEHyD.exe
  2⤵
  PID:11220
- C:\Windows\System\GxHhycW.exe
  C:\Windows\System\GxHhycW.exe
  2⤵
  PID:11248
- C:\Windows\System\vMBkMLt.exe
  C:\Windows\System\vMBkMLt.exe
  2⤵
  PID:10364
- C:\Windows\System\ScEqUxB.exe
  C:\Windows\System\ScEqUxB.exe
  2⤵
  PID:10416
- C:\Windows\System\onRQXnF.exe
  C:\Windows\System\onRQXnF.exe
  2⤵
  PID:10492
- C:\Windows\System\totnohk.exe
  C:\Windows\System\totnohk.exe
  2⤵
  PID:1136
- C:\Windows\System\ySAhobS.exe
  C:\Windows\System\ySAhobS.exe
  2⤵
  PID:10604
- C:\Windows\System\sgafmCH.exe
  C:\Windows\System\sgafmCH.exe
  2⤵
  PID:10692
- C:\Windows\System\GtqYWLr.exe
  C:\Windows\System\GtqYWLr.exe
  2⤵
  PID:10756
- C:\Windows\System\EZvrLaG.exe
  C:\Windows\System\EZvrLaG.exe
  2⤵
  PID:10828
- C:\Windows\System\FchMpsf.exe
  C:\Windows\System\FchMpsf.exe
  2⤵
  PID:2760
- C:\Windows\System\mQpbWTj.exe
  C:\Windows\System\mQpbWTj.exe
  2⤵
  PID:10928
- C:\Windows\System\jNmHoqt.exe
  C:\Windows\System\jNmHoqt.exe
  2⤵
  PID:10996
- C:\Windows\System\zoyXgbS.exe
  C:\Windows\System\zoyXgbS.exe
  2⤵
  PID:11076
- C:\Windows\System\tBUOGeb.exe
  C:\Windows\System\tBUOGeb.exe
  2⤵
  PID:11048
- C:\Windows\System\berHYfX.exe
  C:\Windows\System\berHYfX.exe
  2⤵
  PID:11212
- C:\Windows\System\pMTcwlX.exe
  C:\Windows\System\pMTcwlX.exe
  2⤵
  PID:2896
- C:\Windows\System\vyYCBrG.exe
  C:\Windows\System\vyYCBrG.exe
  2⤵
  PID:11180
- C:\Windows\System\jmxFWmq.exe
  C:\Windows\System\jmxFWmq.exe
  2⤵
  PID:10460
- C:\Windows\System\WFMrVQk.exe
  C:\Windows\System\WFMrVQk.exe
  2⤵
  PID:3524
- C:\Windows\System\NlwYYqa.exe
  C:\Windows\System\NlwYYqa.exe
  2⤵
  PID:10724
- C:\Windows\System\LeOZBcH.exe
  C:\Windows\System\LeOZBcH.exe
  2⤵
  PID:9224
- C:\Windows\System\dWDAIsK.exe
  C:\Windows\System\dWDAIsK.exe
  2⤵
  PID:10980
- C:\Windows\System\fuoeJvN.exe
  C:\Windows\System\fuoeJvN.exe
  2⤵
  PID:11132
- C:\Windows\System\OnTuyBa.exe
  C:\Windows\System\OnTuyBa.exe
  2⤵
  PID:11240
- C:\Windows\System\kWxjWHw.exe
  C:\Windows\System\kWxjWHw.exe
  2⤵
  PID:4540
- C:\Windows\System\Vcndjdw.exe
  C:\Windows\System\Vcndjdw.exe
  2⤵
  PID:10640
- C:\Windows\System\lmCvsWg.exe
  C:\Windows\System\lmCvsWg.exe
  2⤵
  PID:5044
- C:\Windows\System\AmwKRGM.exe
  C:\Windows\System\AmwKRGM.exe
  2⤵
  PID:5028
- C:\Windows\System\ouvNdzs.exe
  C:\Windows\System\ouvNdzs.exe
  2⤵
  PID:4180
- C:\Windows\System\DyfTDsK.exe
  C:\Windows\System\DyfTDsK.exe
  2⤵
  PID:11280
- C:\Windows\System\MKBVJvs.exe
  C:\Windows\System\MKBVJvs.exe
  2⤵
  PID:11308
- C:\Windows\System\xNvkiJq.exe
  C:\Windows\System\xNvkiJq.exe
  2⤵
  PID:11348
- C:\Windows\System\UXQREKU.exe
  C:\Windows\System\UXQREKU.exe
  2⤵
  PID:11372
- C:\Windows\System\jCbaCHK.exe
  C:\Windows\System\jCbaCHK.exe
  2⤵
  PID:11452
- C:\Windows\System\JUKUzGp.exe
  C:\Windows\System\JUKUzGp.exe
  2⤵
  PID:11500
- C:\Windows\System\qdJyOlK.exe
  C:\Windows\System\qdJyOlK.exe
  2⤵
  PID:11532
- C:\Windows\System\zfcofzQ.exe
  C:\Windows\System\zfcofzQ.exe
  2⤵
  PID:11580
- C:\Windows\System\heNqiFW.exe
  C:\Windows\System\heNqiFW.exe
  2⤵
  PID:11600
- C:\Windows\System\BRmiCgO.exe
  C:\Windows\System\BRmiCgO.exe
  2⤵
  PID:11628
- C:\Windows\System\zabxKdZ.exe
  C:\Windows\System\zabxKdZ.exe
  2⤵
  PID:11656
- C:\Windows\System\VuZAITN.exe
  C:\Windows\System\VuZAITN.exe
  2⤵
  PID:11684
- C:\Windows\System\zkPuiiT.exe
  C:\Windows\System\zkPuiiT.exe
  2⤵
  PID:11712
- C:\Windows\System\GnvBXpQ.exe
  C:\Windows\System\GnvBXpQ.exe
  2⤵
  PID:11740
- C:\Windows\System\vWyLjjF.exe
  C:\Windows\System\vWyLjjF.exe
  2⤵
  PID:11772
- C:\Windows\System\vfQqbcX.exe
  C:\Windows\System\vfQqbcX.exe
  2⤵
  PID:11800
- C:\Windows\System\kQjtYBF.exe
  C:\Windows\System\kQjtYBF.exe
  2⤵
  PID:11828
- C:\Windows\System\gJXOAJO.exe
  C:\Windows\System\gJXOAJO.exe
  2⤵
  PID:11856
- C:\Windows\System\BAVlwlY.exe
  C:\Windows\System\BAVlwlY.exe
  2⤵
  PID:11884
- C:\Windows\System\hRVDOoN.exe
  C:\Windows\System\hRVDOoN.exe
  2⤵
  PID:11912
- C:\Windows\System\MefEJqI.exe
  C:\Windows\System\MefEJqI.exe
  2⤵
  PID:11940
- C:\Windows\System\CpUIZKG.exe
  C:\Windows\System\CpUIZKG.exe
  2⤵
  PID:11968
- C:\Windows\System\waOeGlV.exe
  C:\Windows\System\waOeGlV.exe
  2⤵
  PID:11996
- C:\Windows\System\YSDOnqC.exe
  C:\Windows\System\YSDOnqC.exe
  2⤵
  PID:12024
- C:\Windows\System\eVYCoZn.exe
  C:\Windows\System\eVYCoZn.exe
  2⤵
  PID:12052
- C:\Windows\System\GaMfnbB.exe
  C:\Windows\System\GaMfnbB.exe
  2⤵
  PID:12080
- C:\Windows\System\TSmfoPY.exe
  C:\Windows\System\TSmfoPY.exe
  2⤵
  PID:12108
- C:\Windows\System\xKoROOt.exe
  C:\Windows\System\xKoROOt.exe
  2⤵
  PID:12136
- C:\Windows\System\doisZIh.exe
  C:\Windows\System\doisZIh.exe
  2⤵
  PID:12164
- C:\Windows\System\VHsZhgC.exe
  C:\Windows\System\VHsZhgC.exe
  2⤵
  PID:12192
- C:\Windows\System\XIVoAvn.exe
  C:\Windows\System\XIVoAvn.exe
  2⤵
  PID:12220
- C:\Windows\System\uTmxpJs.exe
  C:\Windows\System\uTmxpJs.exe
  2⤵
  PID:12248
- C:\Windows\System\PloYCRx.exe
  C:\Windows\System\PloYCRx.exe
  2⤵
  PID:12276
- C:\Windows\System\JJKsoaa.exe
  C:\Windows\System\JJKsoaa.exe
  2⤵
  PID:11304
- C:\Windows\System\iGZZCdR.exe
  C:\Windows\System\iGZZCdR.exe
  2⤵
  PID:11392
- C:\Windows\System\WIzJhDq.exe
  C:\Windows\System\WIzJhDq.exe
  2⤵
  PID:11356
- C:\Windows\System\eXeehbK.exe
  C:\Windows\System\eXeehbK.exe
  2⤵
  PID:11548
- C:\Windows\System\lHlTuZX.exe
  C:\Windows\System\lHlTuZX.exe
  2⤵
  PID:10748
- C:\Windows\System\wBjzCBn.exe
  C:\Windows\System\wBjzCBn.exe
  2⤵
  PID:11560
- C:\Windows\System\IyhaQTA.exe
  C:\Windows\System\IyhaQTA.exe
  2⤵
  PID:11436
- C:\Windows\System\KOTCqyh.exe
  C:\Windows\System\KOTCqyh.exe
  2⤵
  PID:11588
- C:\Windows\System\ZscWchO.exe
  C:\Windows\System\ZscWchO.exe
  2⤵
  PID:11680
- C:\Windows\System\GRXKOtN.exe
  C:\Windows\System\GRXKOtN.exe
  2⤵
  PID:11752
- C:\Windows\System\wmKvlph.exe
  C:\Windows\System\wmKvlph.exe
  2⤵
  PID:11812
- C:\Windows\System\ZNPFyYb.exe
  C:\Windows\System\ZNPFyYb.exe
  2⤵
  PID:11876
- C:\Windows\System\KMrWjST.exe
  C:\Windows\System\KMrWjST.exe
  2⤵
  PID:11936
- C:\Windows\System\dnaxoPp.exe
  C:\Windows\System\dnaxoPp.exe
  2⤵
  PID:12016
- C:\Windows\System\cgRIOsG.exe
  C:\Windows\System\cgRIOsG.exe
  2⤵
  PID:12076
- C:\Windows\System\ypLsRLA.exe
  C:\Windows\System\ypLsRLA.exe
  2⤵
  PID:12152
- C:\Windows\System\MKgpGdK.exe
  C:\Windows\System\MKgpGdK.exe
  2⤵
  PID:12232
- C:\Windows\System\apqpkbY.exe
  C:\Windows\System\apqpkbY.exe
  2⤵
  PID:12268
- C:\Windows\System\VRTncfr.exe
  C:\Windows\System\VRTncfr.exe
  2⤵
  PID:11364
- C:\Windows\System\WfcFmPj.exe
  C:\Windows\System\WfcFmPj.exe
  2⤵
  PID:11084
- C:\Windows\System\fylHbaA.exe
  C:\Windows\System\fylHbaA.exe
  2⤵
  PID:11624
- C:\Windows\System\DcfqrBC.exe
  C:\Windows\System\DcfqrBC.exe
  2⤵
  PID:11676
- C:\Windows\System\zVRzNwk.exe
  C:\Windows\System\zVRzNwk.exe
  2⤵
  PID:11840
- C:\Windows\System\QYgIEJF.exe
  C:\Windows\System\QYgIEJF.exe
  2⤵
  PID:3248
- C:\Windows\System\jXAZlRc.exe
  C:\Windows\System\jXAZlRc.exe
  2⤵
  PID:12072
- C:\Windows\System\oMTXxdS.exe
  C:\Windows\System\oMTXxdS.exe
  2⤵
  PID:11576
- C:\Windows\System\BYwObIO.exe
  C:\Windows\System\BYwObIO.exe
  2⤵
  PID:11472
- C:\Windows\System\mrVAkfF.exe
  C:\Windows\System\mrVAkfF.exe
  2⤵
  PID:11648
- C:\Windows\System\gjnfbug.exe
  C:\Windows\System\gjnfbug.exe
  2⤵
  PID:12064
- C:\Windows\System\XRTCVHi.exe
  C:\Windows\System\XRTCVHi.exe
  2⤵
  PID:12304
- C:\Windows\System\PQqFXIy.exe
  C:\Windows\System\PQqFXIy.exe
  2⤵
  PID:12400
- C:\Windows\System\ENhixMZ.exe
  C:\Windows\System\ENhixMZ.exe
  2⤵
  PID:12428
- C:\Windows\System\vzHxzGa.exe
  C:\Windows\System\vzHxzGa.exe
  2⤵
  PID:12464
- C:\Windows\System\OXDvMMU.exe
  C:\Windows\System\OXDvMMU.exe
  2⤵
  PID:12500
- C:\Windows\System\AohZEMN.exe
  C:\Windows\System\AohZEMN.exe
  2⤵
  PID:12540
- C:\Windows\System\QwqGyPV.exe
  C:\Windows\System\QwqGyPV.exe
  2⤵
  PID:12580
- C:\Windows\System\MNQpqzw.exe
  C:\Windows\System\MNQpqzw.exe
  2⤵
  PID:12600
- C:\Windows\System\hbvokcc.exe
  C:\Windows\System\hbvokcc.exe
  2⤵
  PID:12632
- C:\Windows\System\muASUPA.exe
  C:\Windows\System\muASUPA.exe
  2⤵
  PID:12660
- C:\Windows\System\BoFTqnQ.exe
  C:\Windows\System\BoFTqnQ.exe
  2⤵
  PID:12688
- C:\Windows\System\mKNWdDy.exe
  C:\Windows\System\mKNWdDy.exe
  2⤵
  PID:12716
- C:\Windows\System\zSwjKho.exe
  C:\Windows\System\zSwjKho.exe
  2⤵
  PID:12744
- C:\Windows\System\bXCnNnE.exe
  C:\Windows\System\bXCnNnE.exe
  2⤵
  PID:12772
- C:\Windows\System\XzWepgb.exe
  C:\Windows\System\XzWepgb.exe
  2⤵
  PID:12800
- C:\Windows\System\eLftPMj.exe
  C:\Windows\System\eLftPMj.exe
  2⤵
  PID:12828
- C:\Windows\System\SWzCxMc.exe
  C:\Windows\System\SWzCxMc.exe
  2⤵
  PID:12856
- C:\Windows\System\CGJUYeW.exe
  C:\Windows\System\CGJUYeW.exe
  2⤵
  PID:12884
- C:\Windows\System\rIVLDjf.exe
  C:\Windows\System\rIVLDjf.exe
  2⤵
  PID:12912
- C:\Windows\System\UBrXdkd.exe
  C:\Windows\System\UBrXdkd.exe
  2⤵
  PID:12940
- C:\Windows\System\kpWQnHZ.exe
  C:\Windows\System\kpWQnHZ.exe
  2⤵
  PID:12968
- C:\Windows\System\bGaBCHB.exe
  C:\Windows\System\bGaBCHB.exe
  2⤵
  PID:12996
- C:\Windows\System\pFcRHXz.exe
  C:\Windows\System\pFcRHXz.exe
  2⤵
  PID:13024
- C:\Windows\System\yPpUnai.exe
  C:\Windows\System\yPpUnai.exe
  2⤵
  PID:13052
- C:\Windows\System\ctUSJiG.exe
  C:\Windows\System\ctUSJiG.exe
  2⤵
  PID:13080
- C:\Windows\System\ESmnXsw.exe
  C:\Windows\System\ESmnXsw.exe
  2⤵
  PID:13108
- C:\Windows\System\tCyeKaR.exe
  C:\Windows\System\tCyeKaR.exe
  2⤵
  PID:13140
- C:\Windows\System\beFqEEN.exe
  C:\Windows\System\beFqEEN.exe
  2⤵
  PID:13168
- C:\Windows\System\wwChQxd.exe
  C:\Windows\System\wwChQxd.exe
  2⤵
  PID:13196
- C:\Windows\System\lIGefcj.exe
  C:\Windows\System\lIGefcj.exe
  2⤵
  PID:13224
- C:\Windows\System\RdwcDdH.exe
  C:\Windows\System\RdwcDdH.exe
  2⤵
  PID:13252
- C:\Windows\System\GDvDDwG.exe
  C:\Windows\System\GDvDDwG.exe
  2⤵
  PID:13280
- C:\Windows\System\zVtZtMn.exe
  C:\Windows\System\zVtZtMn.exe
  2⤵
  PID:13308
- C:\Windows\System\mMzflCF.exe
  C:\Windows\System\mMzflCF.exe
  2⤵
  PID:12412
- C:\Windows\System\ythSzfj.exe
  C:\Windows\System\ythSzfj.exe
  2⤵
  PID:12492
- C:\Windows\System\eajYajr.exe
  C:\Windows\System\eajYajr.exe
  2⤵
  PID:12576
- C:\Windows\System\dMDmDwy.exe
  C:\Windows\System\dMDmDwy.exe
  2⤵
  PID:12648
- C:\Windows\System\nkZOLpN.exe
  C:\Windows\System\nkZOLpN.exe
  2⤵
  PID:12588
- C:\Windows\System\ZBLXsXE.exe
  C:\Windows\System\ZBLXsXE.exe
  2⤵
  PID:12680
- C:\Windows\System\chQXuZM.exe
  C:\Windows\System\chQXuZM.exe
  2⤵
  PID:12740
- C:\Windows\System\hnzcQmx.exe
  C:\Windows\System\hnzcQmx.exe
  2⤵
  PID:12820
- C:\Windows\System\qShUiJB.exe
  C:\Windows\System\qShUiJB.exe
  2⤵
  PID:12880
- C:\Windows\System\argAfDx.exe
  C:\Windows\System\argAfDx.exe
  2⤵
  PID:11796
- C:\Windows\System\rMtrqHw.exe
  C:\Windows\System\rMtrqHw.exe
  2⤵
  PID:13008
- C:\Windows\System\GnQsPfS.exe
  C:\Windows\System\GnQsPfS.exe
  2⤵
  PID:13072
- C:\Windows\System\YjSIFDB.exe
  C:\Windows\System\YjSIFDB.exe
  2⤵
  PID:13136
- C:\Windows\System\EVPRJJQ.exe
  C:\Windows\System\EVPRJJQ.exe
  2⤵
  PID:13208
- C:\Windows\System\wPGYWRF.exe
  C:\Windows\System\wPGYWRF.exe
  2⤵
  PID:13272
- C:\Windows\System\NPUlPmS.exe
  C:\Windows\System\NPUlPmS.exe
  2⤵
  PID:12396
- C:\Windows\System\kZtYtag.exe
  C:\Windows\System\kZtYtag.exe
  2⤵
  PID:12596
- C:\Windows\System\jqJFTSi.exe
  C:\Windows\System\jqJFTSi.exe
  2⤵
  PID:12656
- C:\Windows\System\SGMNCuw.exe
  C:\Windows\System\SGMNCuw.exe
  2⤵
  PID:12796
- C:\Windows\System\rawONWv.exe
  C:\Windows\System\rawONWv.exe
  2⤵
  PID:12936
- C:\Windows\System\bpRhlhN.exe
  C:\Windows\System\bpRhlhN.exe
  2⤵
  PID:13100
- C:\Windows\System\wlfIktK.exe
  C:\Windows\System\wlfIktK.exe
  2⤵
  PID:13264
- C:\Windows\System\uGyChAm.exe
  C:\Windows\System\uGyChAm.exe
  2⤵
  PID:12560
- C:\Windows\System\HDkxmXP.exe
  C:\Windows\System\HDkxmXP.exe
  2⤵
  PID:12868
- C:\Windows\System\STcwVIT.exe
  C:\Windows\System\STcwVIT.exe
  2⤵
  PID:13236
- C:\Windows\System\bDDpvhN.exe
  C:\Windows\System\bDDpvhN.exe
  2⤵
  PID:12764
- C:\Windows\System\EuWGYRm.exe
  C:\Windows\System\EuWGYRm.exe
  2⤵
  PID:13164
- C:\Windows\System\YQjItiM.exe
  C:\Windows\System\YQjItiM.exe
  2⤵
  PID:13332
- C:\Windows\System\oCpdsPU.exe
  C:\Windows\System\oCpdsPU.exe
  2⤵
  PID:13360
- C:\Windows\System\itLzOqg.exe
  C:\Windows\System\itLzOqg.exe
  2⤵
  PID:13388
- C:\Windows\System\OzYzMfv.exe
  C:\Windows\System\OzYzMfv.exe
  2⤵
  PID:13416
- C:\Windows\System\sUxboQl.exe
  C:\Windows\System\sUxboQl.exe
  2⤵
  PID:13444
- C:\Windows\System\dsiWyhf.exe
  C:\Windows\System\dsiWyhf.exe
  2⤵
  PID:13472
- C:\Windows\System\ShljCbH.exe
  C:\Windows\System\ShljCbH.exe
  2⤵
  PID:13512
- C:\Windows\System\fdbsdVb.exe
  C:\Windows\System\fdbsdVb.exe
  2⤵
  PID:13532
- C:\Windows\System\ugESvMg.exe
  C:\Windows\System\ugESvMg.exe
  2⤵
  PID:13568
- C:\Windows\System\WeDfEBL.exe
  C:\Windows\System\WeDfEBL.exe
  2⤵
  PID:13596
- C:\Windows\System\kSaNsMq.exe
  C:\Windows\System\kSaNsMq.exe
  2⤵
  PID:13624
- C:\Windows\System\SMXFOim.exe
  C:\Windows\System\SMXFOim.exe
  2⤵
  PID:13668
- C:\Windows\System\oBGPBum.exe
  C:\Windows\System\oBGPBum.exe
  2⤵
  PID:13688
- C:\Windows\System\PvgkmwO.exe
  C:\Windows\System\PvgkmwO.exe
  2⤵
  PID:13740
- C:\Windows\System\ZLDeZMN.exe
  C:\Windows\System\ZLDeZMN.exe
  2⤵
  PID:13776
- C:\Windows\System\JZrMtkb.exe
  C:\Windows\System\JZrMtkb.exe
  2⤵
  PID:13800
- C:\Windows\System\LmtdwBW.exe
  C:\Windows\System\LmtdwBW.exe
  2⤵
  PID:13832
- C:\Windows\System\eUGHBCT.exe
  C:\Windows\System\eUGHBCT.exe
  2⤵
  PID:13860
- C:\Windows\System\NspyELR.exe
  C:\Windows\System\NspyELR.exe
  2⤵
  PID:13880
- C:\Windows\System\CNEdggB.exe
  C:\Windows\System\CNEdggB.exe
  2⤵
  PID:13908
- C:\Windows\System\achrKjD.exe
  C:\Windows\System\achrKjD.exe
  2⤵
  PID:13948
- C:\Windows\System\QXPPRtr.exe
  C:\Windows\System\QXPPRtr.exe
  2⤵
  PID:13976
- C:\Windows\System\bBOOAgA.exe
  C:\Windows\System\bBOOAgA.exe
  2⤵
  PID:14012
- C:\Windows\System\kqaeleQ.exe
  C:\Windows\System\kqaeleQ.exe
  2⤵
  PID:14040
- C:\Windows\System\aYaDquv.exe
  C:\Windows\System\aYaDquv.exe
  2⤵
  PID:14068
- C:\Windows\System\tkwYNVw.exe
  C:\Windows\System\tkwYNVw.exe
  2⤵
  PID:14096
- C:\Windows\System\ontyntN.exe
  C:\Windows\System\ontyntN.exe
  2⤵
  PID:14124
- C:\Windows\System\mpmbWLR.exe
  C:\Windows\System\mpmbWLR.exe
  2⤵
  PID:14152
- C:\Windows\System\mVLcXpn.exe
  C:\Windows\System\mVLcXpn.exe
  2⤵
  PID:14180
- C:\Windows\System\mGhIovc.exe
  C:\Windows\System\mGhIovc.exe
  2⤵
  PID:14208
- C:\Windows\System\ZDipzJq.exe
  C:\Windows\System\ZDipzJq.exe
  2⤵
  PID:14236
- C:\Windows\System\pGsbREy.exe
  C:\Windows\System\pGsbREy.exe
  2⤵
  PID:14264
- C:\Windows\System\MlWeFAf.exe
  C:\Windows\System\MlWeFAf.exe
  2⤵
  PID:14292
- C:\Windows\System\yPmoEpN.exe
  C:\Windows\System\yPmoEpN.exe
  2⤵
  PID:14320
- C:\Windows\System\dUqGOOP.exe
  C:\Windows\System\dUqGOOP.exe
  2⤵
  PID:13344
- C:\Windows\System\GqGwalc.exe
  C:\Windows\System\GqGwalc.exe
  2⤵
  PID:13408
- C:\Windows\System\BernKzI.exe
  C:\Windows\System\BernKzI.exe
  2⤵
  PID:13468
- C:\Windows\System\qoBxHcg.exe
  C:\Windows\System\qoBxHcg.exe
  2⤵
  PID:13520
- C:\Windows\System\fdseQbO.exe
  C:\Windows\System\fdseQbO.exe
  2⤵
  PID:10032
- C:\Windows\System\RQOJXPt.exe
  C:\Windows\System\RQOJXPt.exe
  2⤵
  PID:10128
- C:\Windows\System\yQOrZcd.exe
  C:\Windows\System\yQOrZcd.exe
  2⤵
  PID:2496
- C:\Windows\System\BYhYfhV.exe
  C:\Windows\System\BYhYfhV.exe
  2⤵
  PID:13644
- C:\Windows\System\XmNURIc.exe
  C:\Windows\System\XmNURIc.exe
  2⤵
  PID:13728
- C:\Windows\System\CSCjbiO.exe
  C:\Windows\System\CSCjbiO.exe
  2⤵
  PID:13796
- C:\Windows\System\zuuaMBD.exe
  C:\Windows\System\zuuaMBD.exe
  2⤵
  PID:13872
- C:\Windows\System\EBNWcEU.exe
  C:\Windows\System\EBNWcEU.exe
  2⤵
  PID:13936
- C:\Windows\System\vVbHEPN.exe
  C:\Windows\System\vVbHEPN.exe
  2⤵
  PID:13996
- C:\Windows\System\rFsiGwq.exe
  C:\Windows\System\rFsiGwq.exe
  2⤵
  PID:14052
- C:\Windows\System\ZYFmtLE.exe
  C:\Windows\System\ZYFmtLE.exe
  2⤵
  PID:14116
- C:\Windows\System\qNVXEbQ.exe
  C:\Windows\System\qNVXEbQ.exe
  2⤵
  PID:14176
- C:\Windows\System\egyRBLD.exe
  C:\Windows\System\egyRBLD.exe
  2⤵
  PID:14252
- C:\Windows\System\uhRxtZm.exe
  C:\Windows\System\uhRxtZm.exe
  2⤵
  PID:14312
- C:\Windows\System\NDQXNxq.exe
  C:\Windows\System\NDQXNxq.exe
  2⤵
  PID:13400
- C:\Windows\System\MiMUQdk.exe
  C:\Windows\System\MiMUQdk.exe
  2⤵
  PID:13560
- C:\Windows\System\ubZDsAP.exe
  C:\Windows\System\ubZDsAP.exe
  2⤵
  PID:10092
- C:\Windows\System\KrRemBL.exe
  C:\Windows\System\KrRemBL.exe
  2⤵
  PID:13684
- C:\Windows\System\SUvHzpd.exe
  C:\Windows\System\SUvHzpd.exe
  2⤵
  PID:13852
- C:\Windows\System\exERxyz.exe
  C:\Windows\System\exERxyz.exe
  2⤵
  PID:14008
- C:\Windows\System\FLHHivf.exe
  C:\Windows\System\FLHHivf.exe
  2⤵
  PID:14204
- C:\Windows\System\FMcxBXh.exe
  C:\Windows\System\FMcxBXh.exe
  2⤵
  PID:14308
- C:\Windows\System\rnrVjAk.exe
  C:\Windows\System\rnrVjAk.exe
  2⤵
  PID:13856
- C:\Windows\System\QvjxTRc.exe
  C:\Windows\System\QvjxTRc.exe
  2⤵
  PID:2108
- C:\Windows\System\kyjQlcF.exe
  C:\Windows\System\kyjQlcF.exe
  2⤵
  PID:14232
- C:\Windows\System\XsSgLhp.exe
  C:\Windows\System\XsSgLhp.exe
  2⤵
  PID:13784
- C:\Windows\System\YjThvrw.exe
  C:\Windows\System\YjThvrw.exe
  2⤵
  PID:14084
- C:\Windows\System\PZcvxNT.exe
  C:\Windows\System\PZcvxNT.exe
  2⤵
  PID:5644
- C:\Windows\System\txmiyBV.exe
  C:\Windows\System\txmiyBV.exe
  2⤵
  PID:13384
- C:\Windows\System\cdJHOkU.exe
  C:\Windows\System\cdJHOkU.exe
  2⤵
  PID:5444
- C:\Windows\System\KgYfimU.exe
  C:\Windows\System\KgYfimU.exe
  2⤵
  PID:14356
- C:\Windows\System\OjVCinV.exe
  C:\Windows\System\OjVCinV.exe
  2⤵
  PID:14384
- C:\Windows\System\RtPJWpq.exe
  C:\Windows\System\RtPJWpq.exe
  2⤵
  PID:14412
- C:\Windows\System\ZHRIVKx.exe
  C:\Windows\System\ZHRIVKx.exe
  2⤵
  PID:14440
- C:\Windows\System\WLpFYFi.exe
  C:\Windows\System\WLpFYFi.exe
  2⤵
  PID:14468
- C:\Windows\System\IVgKaQw.exe
  C:\Windows\System\IVgKaQw.exe
  2⤵
  PID:14496
- C:\Windows\System\wSpAfZG.exe
  C:\Windows\System\wSpAfZG.exe
  2⤵
  PID:14524
- C:\Windows\System\wKZBvFB.exe
  C:\Windows\System\wKZBvFB.exe
  2⤵
  PID:14552
- C:\Windows\System\dljRlTc.exe
  C:\Windows\System\dljRlTc.exe
  2⤵
  PID:14580
- C:\Windows\System\EnAiBxv.exe
  C:\Windows\System\EnAiBxv.exe
  2⤵
  PID:14608
- C:\Windows\System\ySonbqX.exe
  C:\Windows\System\ySonbqX.exe
  2⤵
  PID:14808
- C:\Windows\System\JJJrjpZ.exe
  C:\Windows\System\JJJrjpZ.exe
  2⤵
  PID:14864
- C:\Windows\System\sIgfQOW.exe
  C:\Windows\System\sIgfQOW.exe
  2⤵
  PID:14920
- C:\Windows\System\irIbbbP.exe
  C:\Windows\System\irIbbbP.exe
  2⤵
  PID:14980
- C:\Windows\System\qgckobj.exe
  C:\Windows\System\qgckobj.exe
  2⤵
  PID:15000
- C:\Windows\System\LJHXiek.exe
  C:\Windows\System\LJHXiek.exe
  2⤵
  PID:15172
- C:\Windows\System\ELkpxLl.exe
  C:\Windows\System\ELkpxLl.exe
  2⤵
  PID:15256
- C:\Windows\System\ZoQcOEv.exe
  C:\Windows\System\ZoQcOEv.exe
  2⤵
  PID:15304
- C:\Windows\System\YDevZxZ.exe
  C:\Windows\System\YDevZxZ.exe
  2⤵
  PID:15348
- C:\Windows\System\FukniaM.exe
  C:\Windows\System\FukniaM.exe
  2⤵
  PID:14352
- C:\Windows\System\zsfdoZi.exe
  C:\Windows\System\zsfdoZi.exe
  2⤵
  PID:14432
- C:\Windows\System\RFgCRkj.exe
  C:\Windows\System\RFgCRkj.exe
  2⤵
  PID:14492
- C:\Windows\System\BKzWAgl.exe
  C:\Windows\System\BKzWAgl.exe
  2⤵
  PID:14548
- C:\Windows\System\bygKCeC.exe
  C:\Windows\System\bygKCeC.exe
  2⤵
  PID:14628
- C:\Windows\System\oNYlpvJ.exe
  C:\Windows\System\oNYlpvJ.exe
  2⤵
  PID:14652
- C:\Windows\System\EiODuZP.exe
  C:\Windows\System\EiODuZP.exe
  2⤵
  PID:14708
- C:\Windows\System\yjcOtMd.exe
  C:\Windows\System\yjcOtMd.exe
  2⤵
  PID:14144
- C:\Windows\System\LLPKHKX.exe
  C:\Windows\System\LLPKHKX.exe
  2⤵
  PID:14752
- C:\Windows\System\msJNpBJ.exe
  C:\Windows\System\msJNpBJ.exe
  2⤵
  PID:14820
- C:\Windows\System\lVVtMyf.exe
  C:\Windows\System\lVVtMyf.exe
  2⤵
  PID:14844
- C:\Windows\System\peBfZtt.exe
  C:\Windows\System\peBfZtt.exe
  2⤵
  PID:4328
- C:\Windows\System\ryWeRlk.exe
  C:\Windows\System\ryWeRlk.exe
  2⤵
  PID:14960
- C:\Windows\System\PTLIpgS.exe
  C:\Windows\System\PTLIpgS.exe
  2⤵
  PID:15020
- C:\Windows\System\CYauvFQ.exe
  C:\Windows\System\CYauvFQ.exe
  2⤵
  PID:15072
- C:\Windows\System\XZAnWcm.exe
  C:\Windows\System\XZAnWcm.exe
  2⤵
  PID:15104
- C:\Windows\System\QxMBZRm.exe
  C:\Windows\System\QxMBZRm.exe
  2⤵
  PID:2948
- C:\Windows\System\jRgahWJ.exe
  C:\Windows\System\jRgahWJ.exe
  2⤵
  PID:6944
- C:\Windows\System\bwpvCPF.exe
  C:\Windows\System\bwpvCPF.exe
  2⤵
  PID:3332
- C:\Windows\System\TyLiITX.exe
  C:\Windows\System\TyLiITX.exe
  2⤵
  PID:15188
- C:\Windows\System\HFEiReH.exe
  C:\Windows\System\HFEiReH.exe
  2⤵
  PID:15244
- C:\Windows\System\RccpoIP.exe
  C:\Windows\System\RccpoIP.exe
  2⤵
  PID:15264
- C:\Windows\System\IWpCsfZ.exe
  C:\Windows\System\IWpCsfZ.exe
  2⤵
  PID:15332
- C:\Windows\System\aIcOlUr.exe
  C:\Windows\System\aIcOlUr.exe
  2⤵
  PID:15340
- C:\Windows\System\GWpBnMW.exe
  C:\Windows\System\GWpBnMW.exe
  2⤵
  PID:14380
- C:\Windows\System\OzNUSUq.exe
  C:\Windows\System\OzNUSUq.exe
  2⤵
  PID:14424
- C:\Windows\System\ZlkLgBY.exe
  C:\Windows\System\ZlkLgBY.exe
  2⤵
  PID:3020
- C:\Windows\System\imfQYKg.exe
  C:\Windows\System\imfQYKg.exe
  2⤵
  PID:14664
- C:\Windows\System\gapHJbK.exe
  C:\Windows\System\gapHJbK.exe
  2⤵
  PID:3124
- C:\Windows\System\rzadNLI.exe
  C:\Windows\System\rzadNLI.exe
  2⤵
  PID:2464
- C:\Windows\System\dIHAiXn.exe
  C:\Windows\System\dIHAiXn.exe
  2⤵
  PID:14788
- C:\Windows\System\jDomdVP.exe
  C:\Windows\System\jDomdVP.exe
  2⤵
  PID:14796
- C:\Windows\System\KpXrZzn.exe
  C:\Windows\System\KpXrZzn.exe
  2⤵
  PID:6748
- C:\Windows\System\QYNiPWg.exe
  C:\Windows\System\QYNiPWg.exe
  2⤵
  PID:4924
- C:\Windows\System\jEEjpLL.exe
  C:\Windows\System\jEEjpLL.exe
  2⤵
  PID:14976
- C:\Windows\System\CFhDdKa.exe
  C:\Windows\System\CFhDdKa.exe
  2⤵
  PID:1944
- C:\Windows\System\ewTCjxx.exe
  C:\Windows\System\ewTCjxx.exe
  2⤵
  PID:15080
- C:\Windows\System\YQfjcgQ.exe
  C:\Windows\System\YQfjcgQ.exe
  2⤵
  PID:15084
- C:\Windows\System\dQsEWwn.exe
  C:\Windows\System\dQsEWwn.exe
  2⤵
  PID:15132
- C:\Windows\System\dPdXsNR.exe
  C:\Windows\System\dPdXsNR.exe
  2⤵
  PID:15152
- C:\Windows\System\yrmiyIV.exe
  C:\Windows\System\yrmiyIV.exe
  2⤵
  PID:15208
- C:\Windows\System\OOtbDeh.exe
  C:\Windows\System\OOtbDeh.exe
  2⤵
  PID:1772
- C:\Windows\System\tCOohaN.exe
  C:\Windows\System\tCOohaN.exe
  2⤵
  PID:15240
- C:\Windows\System\hgDjIMn.exe
  C:\Windows\System\hgDjIMn.exe
  2⤵
  PID:3036
- C:\Windows\System\KXyDKIT.exe
  C:\Windows\System\KXyDKIT.exe
  2⤵
  PID:1628
- C:\Windows\System\hIVmECn.exe
  C:\Windows\System\hIVmECn.exe
  2⤵
  PID:10268
- C:\Windows\System\FSUWEjk.exe
  C:\Windows\System\FSUWEjk.exe
  2⤵
  PID:14620
- C:\Windows\System\OXDcrDx.exe
  C:\Windows\System\OXDcrDx.exe
  2⤵
  PID:14644
- C:\Windows\System\NHxvIFv.exe
  C:\Windows\System\NHxvIFv.exe
  2⤵
  PID:4044
- C:\Windows\System\NvdsWXU.exe
  C:\Windows\System\NvdsWXU.exe
  2⤵
  PID:1980
- C:\Windows\System\PgDgZpY.exe
  C:\Windows\System\PgDgZpY.exe
  2⤵
  PID:2272
- C:\Windows\System\aGWSGVN.exe
  C:\Windows\System\aGWSGVN.exe
  2⤵
  PID:3648
- C:\Windows\System\TFqLreC.exe
  C:\Windows\System\TFqLreC.exe
  2⤵
  PID:3720
- C:\Windows\System\fqdpYLw.exe
  C:\Windows\System\fqdpYLw.exe
  2⤵
  PID:4984
- C:\Windows\System\xXnIepT.exe
  C:\Windows\System\xXnIepT.exe
  2⤵
  PID:1904
- C:\Windows\System\wuyhhqX.exe
  C:\Windows\System\wuyhhqX.exe
  2⤵
  PID:2584
- C:\Windows\System\iWgCLok.exe
  C:\Windows\System\iWgCLok.exe
  2⤵
  PID:736
- C:\Windows\System\NbTfXBH.exe
  C:\Windows\System\NbTfXBH.exe
  2⤵
  PID:728
- C:\Windows\System\ULxbbKa.exe
  C:\Windows\System\ULxbbKa.exe
  2⤵
  PID:14516
- C:\Windows\System\BUgOtib.exe
  C:\Windows\System\BUgOtib.exe
  2⤵
  PID:14480
- C:\Windows\System\rqLrjMR.exe
  C:\Windows\System\rqLrjMR.exe
  2⤵
  PID:14668
- C:\Windows\System\EerZNVk.exe
  C:\Windows\System\EerZNVk.exe
  2⤵
  PID:4352
- C:\Windows\System\nxWmViU.exe
  C:\Windows\System\nxWmViU.exe
  2⤵
  PID:14792
- C:\Windows\System\nsqYiCA.exe
  C:\Windows\System\nsqYiCA.exe
  2⤵
  PID:3108
- C:\Windows\System\RCzqeqg.exe
  C:\Windows\System\RCzqeqg.exe
  2⤵
  PID:15300
- C:\Windows\System\BgQZFyJ.exe
  C:\Windows\System\BgQZFyJ.exe
  2⤵
  PID:1380
- C:\Windows\System\MjNiDWC.exe
  C:\Windows\System\MjNiDWC.exe
  2⤵
  PID:7836
- C:\Windows\System\Xsebktx.exe
  C:\Windows\System\Xsebktx.exe
  2⤵
  PID:2392
- C:\Windows\System\qlqaraS.exe
  C:\Windows\System\qlqaraS.exe
  2⤵
  PID:5060
- C:\Windows\System\EiJtsld.exe
  C:\Windows\System\EiJtsld.exe
  2⤵
  PID:1520
- C:\Windows\System\yAbApmZ.exe
  C:\Windows\System\yAbApmZ.exe
  2⤵
  PID:2396
- C:\Windows\System\qkdrEpj.exe
  C:\Windows\System\qkdrEpj.exe
  2⤵
  PID:14576
- C:\Windows\System\XyaEuLA.exe
  C:\Windows\System\XyaEuLA.exe
  2⤵
  PID:2268
- C:\Windows\System\AcuFWXH.exe
  C:\Windows\System\AcuFWXH.exe
  2⤵
  PID:3344
- C:\Windows\System\ayQICqM.exe
  C:\Windows\System\ayQICqM.exe
  2⤵
  PID:14956
- C:\Windows\System\FXGZSkc.exe
  C:\Windows\System\FXGZSkc.exe
  2⤵
  PID:5268
- C:\Windows\System\ZcJdRqF.exe
  C:\Windows\System\ZcJdRqF.exe
  2⤵
  PID:2436
- C:\Windows\System\leqTyrb.exe
  C:\Windows\System\leqTyrb.exe
  2⤵
  PID:4752
- C:\Windows\System\EUcwNCF.exe
  C:\Windows\System\EUcwNCF.exe
  2⤵
  PID:4548
- C:\Windows\System\KyEqeML.exe
  C:\Windows\System\KyEqeML.exe
  2⤵
  PID:4880
- C:\Windows\System\yioUAFr.exe
  C:\Windows\System\yioUAFr.exe
  2⤵
  PID:14764
- C:\Windows\System\XOTbwKq.exe
  C:\Windows\System\XOTbwKq.exe
  2⤵
  PID:14852
- C:\Windows\System\ICtUYLG.exe
  C:\Windows\System\ICtUYLG.exe
  2⤵
  PID:5212
- C:\Windows\System\WbdiTpm.exe
  C:\Windows\System\WbdiTpm.exe
  2⤵
  PID:4400
- C:\Windows\System\LTlHjmI.exe
  C:\Windows\System\LTlHjmI.exe
  2⤵
  PID:5604
- C:\Windows\System\AXRKyJu.exe
  C:\Windows\System\AXRKyJu.exe
  2⤵
  PID:4040
- C:\Windows\System\mqmrmkZ.exe
  C:\Windows\System\mqmrmkZ.exe
  2⤵
  PID:4024
- C:\Windows\System\xNFXLrl.exe
  C:\Windows\System\xNFXLrl.exe
  2⤵
  PID:2920
- C:\Windows\System\BrAFpNr.exe
  C:\Windows\System\BrAFpNr.exe
  2⤵
  PID:7872
- C:\Windows\System\gkiamMl.exe
  C:\Windows\System\gkiamMl.exe
  2⤵
  PID:5716
- C:\Windows\System\cQNQOUI.exe
  C:\Windows\System\cQNQOUI.exe
  2⤵
  PID:5128
- C:\Windows\System\vIkiSxF.exe
  C:\Windows\System\vIkiSxF.exe
  2⤵
  PID:5480
- C:\Windows\System\IebiZiD.exe
  C:\Windows\System\IebiZiD.exe
  2⤵
  PID:14348
- C:\Windows\System\azxPIuP.exe
  C:\Windows\System\azxPIuP.exe
  2⤵
  PID:444
- C:\Windows\System\AtHONaR.exe
  C:\Windows\System\AtHONaR.exe
  2⤵
  PID:15032
- C:\Windows\System\MJBatBC.exe
  C:\Windows\System\MJBatBC.exe
  2⤵
  PID:5380
- C:\Windows\System\JVeANgE.exe
  C:\Windows\System\JVeANgE.exe
  2⤵
  PID:5676
- C:\Windows\System\aHuWNYV.exe
  C:\Windows\System\aHuWNYV.exe
  2⤵
  PID:6068
- C:\Windows\System\ryNvppw.exe
  C:\Windows\System\ryNvppw.exe
  2⤵
  PID:6080
- C:\Windows\System\mFNhhsz.exe
  C:\Windows\System\mFNhhsz.exe
  2⤵
  PID:14800
- C:\Windows\System\mTfMfqj.exe
  C:\Windows\System\mTfMfqj.exe
  2⤵
  PID:2796
- C:\Windows\System\uUOBfiK.exe
  C:\Windows\System\uUOBfiK.exe
  2⤵
  PID:6136
- C:\Windows\System\BdnwaxX.exe
  C:\Windows\System\BdnwaxX.exe
  2⤵
  PID:4416
- C:\Windows\System\KmZEPDU.exe
  C:\Windows\System\KmZEPDU.exe
  2⤵
  PID:5968
- C:\Windows\System\zyyhhKo.exe
  C:\Windows\System\zyyhhKo.exe
  2⤵
  PID:5156
- C:\Windows\System\CMpZJvL.exe
  C:\Windows\System\CMpZJvL.exe
  2⤵
  PID:5856
- C:\Windows\System\yGbHWKn.exe
  C:\Windows\System\yGbHWKn.exe
  2⤵
  PID:5336
- C:\Windows\System\dEmfZTy.exe
  C:\Windows\System\dEmfZTy.exe
  2⤵
  PID:744
- C:\Windows\System\OHQEBGo.exe
  C:\Windows\System\OHQEBGo.exe
  2⤵
  PID:5168
- C:\Windows\System\mbLhmZC.exe
  C:\Windows\System\mbLhmZC.exe
  2⤵
  PID:3244
- C:\Windows\System\CXGMkmw.exe
  C:\Windows\System\CXGMkmw.exe
  2⤵
  PID:5184
- C:\Windows\System\tTEuykF.exe
  C:\Windows\System\tTEuykF.exe
  2⤵
  PID:4344
- C:\Windows\System\dTZxZTf.exe
  C:\Windows\System\dTZxZTf.exe
  2⤵
  PID:5608
- C:\Windows\System\ETmyKJZ.exe
  C:\Windows\System\ETmyKJZ.exe
  2⤵
  PID:5864
- C:\Windows\System\fiEIowP.exe
  C:\Windows\System\fiEIowP.exe
  2⤵
  PID:5244
- C:\Windows\System\niGwgOd.exe
  C:\Windows\System\niGwgOd.exe
  2⤵
  PID:5996
- C:\Windows\System\YMYVhav.exe
  C:\Windows\System\YMYVhav.exe
  2⤵
  PID:7304
- C:\Windows\System\mNCgDKV.exe
  C:\Windows\System\mNCgDKV.exe
  2⤵
  PID:208
- C:\Windows\System\BaTvlAM.exe
  C:\Windows\System\BaTvlAM.exe
  2⤵
  PID:5196
- C:\Windows\System\WIWsPhX.exe
  C:\Windows\System\WIWsPhX.exe
  2⤵
  PID:5756
- C:\Windows\System\SFqgsnF.exe
  C:\Windows\System\SFqgsnF.exe
  2⤵
  PID:5696
- C:\Windows\System\RcANsyT.exe
  C:\Windows\System\RcANsyT.exe
  2⤵
  PID:9096
- C:\Windows\System\YkYQBpy.exe
  C:\Windows\System\YkYQBpy.exe
  2⤵
  PID:5972
- C:\Windows\System\cufAzxL.exe
  C:\Windows\System\cufAzxL.exe
  2⤵
  PID:6164
- C:\Windows\System\FzUAKmb.exe
  C:\Windows\System\FzUAKmb.exe
  2⤵
  PID:6184
- C:\Windows\System\IXuiEbg.exe
  C:\Windows\System\IXuiEbg.exe
  2⤵
  PID:15380
- C:\Windows\System\orTvyIf.exe
  C:\Windows\System\orTvyIf.exe
  2⤵
  PID:15436
- C:\Windows\System\VGEfqQY.exe
  C:\Windows\System\VGEfqQY.exe
  2⤵
  PID:15460
- C:\Windows\System\cGKyzZJ.exe
  C:\Windows\System\cGKyzZJ.exe
  2⤵
  PID:15504
- C:\Windows\System\ymmSVeA.exe
  C:\Windows\System\ymmSVeA.exe
  2⤵
  PID:15524
- C:\Windows\System\nQvbqkD.exe
  C:\Windows\System\nQvbqkD.exe
  2⤵
  PID:15556
- C:\Windows\System\wXNVbQi.exe
  C:\Windows\System\wXNVbQi.exe
  2⤵
  PID:15636
- C:\Windows\System\ejlAyQW.exe
  C:\Windows\System\ejlAyQW.exe
  2⤵
  PID:15652
- C:\Windows\System\KCHpjUm.exe
  C:\Windows\System\KCHpjUm.exe
  2⤵
  PID:15712
- C:\Windows\System\EGVVsbd.exe
  C:\Windows\System\EGVVsbd.exe
  2⤵
  PID:15728
- C:\Windows\System\syHXleI.exe
  C:\Windows\System\syHXleI.exe
  2⤵
  PID:15760
- C:\Windows\System\auTZJna.exe
  C:\Windows\System\auTZJna.exe
  2⤵
  PID:15792
- C:\Windows\System\TPxAjeQ.exe
  C:\Windows\System\TPxAjeQ.exe
  2⤵
  PID:15828
- C:\Windows\System\ZckTMcq.exe
  C:\Windows\System\ZckTMcq.exe
  2⤵
  PID:15860
- C:\Windows\System\vLlDwjw.exe
  C:\Windows\System\vLlDwjw.exe
  2⤵
  PID:15912
- C:\Windows\System\fXfQzof.exe
  C:\Windows\System\fXfQzof.exe
  2⤵
  PID:15944
- C:\Windows\System\hdptZjd.exe
  C:\Windows\System\hdptZjd.exe
  2⤵
  PID:15988
- C:\Windows\System\pxCuMkB.exe
  C:\Windows\System\pxCuMkB.exe
  2⤵
  PID:16100
- C:\Windows\System\wicAwYL.exe
  C:\Windows\System\wicAwYL.exe
  2⤵
  PID:16164
- C:\Windows\System\avzyAzP.exe
  C:\Windows\System\avzyAzP.exe
  2⤵
  PID:16188
- C:\Windows\System\ZYgukgE.exe
  C:\Windows\System\ZYgukgE.exe
  2⤵
  PID:16240
- C:\Windows\System\NmwfGXw.exe
  C:\Windows\System\NmwfGXw.exe
  2⤵
  PID:16324
- C:\Windows\System\gMrTeHQ.exe
  C:\Windows\System\gMrTeHQ.exe
  2⤵
  PID:16340
- C:\Windows\System\ScrVdvN.exe
  C:\Windows\System\ScrVdvN.exe
  2⤵
  PID:15364
- C:\Windows\System\xUJaocH.exe
  C:\Windows\System\xUJaocH.exe
  2⤵
  PID:15416
- C:\Windows\System\YqmLVeA.exe
  C:\Windows\System\YqmLVeA.exe
  2⤵
  PID:15516
- C:\Windows\System\CNdDxQO.exe
  C:\Windows\System\CNdDxQO.exe
  2⤵
  PID:15616
- C:\Windows\System\tXObvTi.exe
  C:\Windows\System\tXObvTi.exe
  2⤵
  PID:6436
- C:\Windows\System\pQelYcl.exe
  C:\Windows\System\pQelYcl.exe
  2⤵
  PID:15664
- C:\Windows\System\eCHGyab.exe
  C:\Windows\System\eCHGyab.exe
  2⤵
  PID:6452
- C:\Windows\System\RqQklzr.exe
  C:\Windows\System\RqQklzr.exe
  2⤵
  PID:15720
- C:\Windows\System\eXfRgOy.exe
  C:\Windows\System\eXfRgOy.exe
  2⤵
  PID:6536
- C:\Windows\System\xCbIXsg.exe
  C:\Windows\System\xCbIXsg.exe
  2⤵
  PID:15820
- C:\Windows\System\ZgMhpdg.exe
  C:\Windows\System\ZgMhpdg.exe
  2⤵
  PID:6592
- C:\Windows\System\RnJwLsw.exe
  C:\Windows\System\RnJwLsw.exe
  2⤵
  PID:6200
- C:\Windows\System\rQtHHKa.exe
  C:\Windows\System\rQtHHKa.exe
  2⤵
  PID:15892
- C:\Windows\System\sUUzZPh.exe
  C:\Windows\System\sUUzZPh.exe
  2⤵
  PID:6620
- C:\Windows\System\uhtexfK.exe
  C:\Windows\System\uhtexfK.exe
  2⤵
  PID:6648
- C:\Windows\System\DNHWAZf.exe
  C:\Windows\System\DNHWAZf.exe
  2⤵
  PID:6692
- C:\Windows\System\CQMubjs.exe
  C:\Windows\System\CQMubjs.exe
  2⤵
  PID:15972
- C:\Windows\System\BVGSAGO.exe
  C:\Windows\System\BVGSAGO.exe
  2⤵
  PID:15984
- C:\Windows\System\fXaRSeA.exe
  C:\Windows\System\fXaRSeA.exe
  2⤵
  PID:964
- C:\Windows\System\dRGdspE.exe
  C:\Windows\System\dRGdspE.exe
  2⤵
  PID:16140
- C:\Windows\System\wNsvZaU.exe
  C:\Windows\System\wNsvZaU.exe
  2⤵
  PID:1208
- C:\Windows\System\PHctZjR.exe
  C:\Windows\System\PHctZjR.exe
  2⤵
  PID:1156
- C:\Windows\System\toZqdAk.exe
  C:\Windows\System\toZqdAk.exe
  2⤵
  PID:1396
- C:\Windows\System\yNQBnqU.exe
  C:\Windows\System\yNQBnqU.exe
  2⤵
  PID:6844
- C:\Windows\System\BaEeKVy.exe
  C:\Windows\System\BaEeKVy.exe
  2⤵
  PID:16204
- C:\Windows\System\CHskluX.exe
  C:\Windows\System\CHskluX.exe
  2⤵
  PID:6916
- C:\Windows\System\BcdawCd.exe
  C:\Windows\System\BcdawCd.exe
  2⤵
  PID:16332
- C:\Windows\System\nRsAjhf.exe
  C:\Windows\System\nRsAjhf.exe
  2⤵
  PID:16372
- C:\Windows\System\FiSFSci.exe
  C:\Windows\System\FiSFSci.exe
  2⤵
  PID:6968
- C:\Windows\System\DKwSXzP.exe
  C:\Windows\System\DKwSXzP.exe
  2⤵
  PID:16304
- C:\Windows\System\mpkfIek.exe
  C:\Windows\System\mpkfIek.exe
  2⤵
  PID:15548
- C:\Windows\System\lzUxhMO.exe
  C:\Windows\System\lzUxhMO.exe
  2⤵
  PID:7152
- C:\Windows\System\MioSXZG.exe
  C:\Windows\System\MioSXZG.exe
  2⤵
  PID:8420
- C:\Windows\System\eeqncYv.exe
  C:\Windows\System\eeqncYv.exe
  2⤵
  PID:6188
- C:\Windows\System\UwQQhqW.exe
  C:\Windows\System\UwQQhqW.exe
  2⤵
  PID:6236
- C:\Windows\System\NdiZbVW.exe
  C:\Windows\System\NdiZbVW.exe
  2⤵
  PID:15700
- C:\Windows\System\pQWfzpi.exe
  C:\Windows\System\pQWfzpi.exe
  2⤵
  PID:6516
- C:\Windows\System\kWqaqpA.exe
  C:\Windows\System\kWqaqpA.exe
  2⤵
  PID:15708
- C:\Windows\System\yaaJeTn.exe
  C:\Windows\System\yaaJeTn.exe
  2⤵
  PID:6548
- C:\Windows\System\aMOOkTX.exe
  C:\Windows\System\aMOOkTX.exe
  2⤵
  PID:6776
- C:\Windows\System\voPlzUI.exe
  C:\Windows\System\voPlzUI.exe
  2⤵
  PID:6552
- C:\Windows\System\wTSfuvC.exe
  C:\Windows\System\wTSfuvC.exe
  2⤵
  PID:540
- C:\Windows\System\sVZuOek.exe
  C:\Windows\System\sVZuOek.exe
  2⤵
  PID:15884
- C:\Windows\System\WeZDdta.exe
  C:\Windows\System\WeZDdta.exe
  2⤵
  PID:7116
- C:\Windows\System\EgnMYvN.exe
  C:\Windows\System\EgnMYvN.exe
  2⤵
  PID:2984
- C:\Windows\System\QrwrTqG.exe
  C:\Windows\System\QrwrTqG.exe
  2⤵
  PID:15968
- C:\Windows\System\YlqNgcA.exe
  C:\Windows\System\YlqNgcA.exe
  2⤵
  PID:15940
- C:\Windows\System\iiimaMi.exe
  C:\Windows\System\iiimaMi.exe
  2⤵
  PID:5328
- C:\Windows\System\zuCGhNI.exe
  C:\Windows\System\zuCGhNI.exe
  2⤵
  PID:6464
- C:\Windows\System\lzZeIcW.exe
  C:\Windows\System\lzZeIcW.exe
  2⤵
  PID:16064
- C:\Windows\System\yTpUOjl.exe
  C:\Windows\System\yTpUOjl.exe
  2⤵
  PID:9408
- C:\Windows\System\PnSbouW.exe
  C:\Windows\System\PnSbouW.exe
  2⤵
  PID:9432
- C:\Windows\System\BYFSLJk.exe
  C:\Windows\System\BYFSLJk.exe
  2⤵
  PID:6952
- C:\Windows\System\LrSfIhp.exe
  C:\Windows\System\LrSfIhp.exe
  2⤵
  PID:556
- C:\Windows\System\IfTNArR.exe
  C:\Windows\System\IfTNArR.exe
  2⤵
  PID:6884
- C:\Windows\System\OtYmurK.exe
  C:\Windows\System\OtYmurK.exe
  2⤵
  PID:7248
- C:\Windows\System\QfKFTvS.exe
  C:\Windows\System\QfKFTvS.exe
  2⤵
  PID:6928
- C:\Windows\System\xaSakSa.exe
  C:\Windows\System\xaSakSa.exe
  2⤵
  PID:9560
- C:\Windows\System\QavXCzR.exe
  C:\Windows\System\QavXCzR.exe
  2⤵
  PID:9612
- C:\Windows\System\hHLFmYP.exe
  C:\Windows\System\hHLFmYP.exe
  2⤵
  PID:9636
- C:\Windows\System\sxZGZHF.exe
  C:\Windows\System\sxZGZHF.exe
  2⤵
  PID:7468
- C:\Windows\System\PTojwYX.exe
  C:\Windows\System\PTojwYX.exe
  2⤵
  PID:6984
- C:\Windows\System\VBCvxrG.exe
  C:\Windows\System\VBCvxrG.exe
  2⤵
  PID:7532
- C:\Windows\System\hRrAjGk.exe
  C:\Windows\System\hRrAjGk.exe
  2⤵
  PID:7052
- C:\Windows\System\soqBoRt.exe
  C:\Windows\System\soqBoRt.exe
  2⤵
  PID:15576
- C:\Windows\System\tIoFHmk.exe
  C:\Windows\System\tIoFHmk.exe
  2⤵
  PID:15552
- C:\Windows\System\DPFGNOb.exe
  C:\Windows\System\DPFGNOb.exe
  2⤵
  PID:7616
- C:\Windows\System\YbZyNOV.exe
  C:\Windows\System\YbZyNOV.exe
  2⤵
  PID:8288
- C:\Windows\System\XkvguUA.exe
  C:\Windows\System\XkvguUA.exe
  2⤵
  PID:9888
- C:\Windows\System\ShAKkSR.exe
  C:\Windows\System\ShAKkSR.exe
  2⤵
  PID:15644
- C:\Windows\System\wKrNCya.exe
  C:\Windows\System\wKrNCya.exe
  2⤵
  PID:8796
- C:\Windows\System\ZJteacm.exe
  C:\Windows\System\ZJteacm.exe
  2⤵
  PID:10024
- C:\Windows\System\igDfhIk.exe
  C:\Windows\System\igDfhIk.exe
  2⤵
  PID:10048
- C:\Windows\System\gZjBNJz.exe
  C:\Windows\System\gZjBNJz.exe
  2⤵
  PID:10152
- C:\Windows\System\cUOkFAY.exe
  C:\Windows\System\cUOkFAY.exe
  2⤵
  PID:7824
- C:\Windows\System\CFnJVBH.exe
  C:\Windows\System\CFnJVBH.exe
  2⤵
  PID:15840
- C:\Windows\System\TiCtjQq.exe
  C:\Windows\System\TiCtjQq.exe
  2⤵
  PID:5016
- C:\Windows\System\MziLIqi.exe
  C:\Windows\System\MziLIqi.exe
  2⤵
  PID:9292
- C:\Windows\System\ejhTjka.exe
  C:\Windows\System\ejhTjka.exe
  2⤵
  PID:9324
- C:\Windows\System\qoAydqx.exe
  C:\Windows\System\qoAydqx.exe
  2⤵
  PID:7964
- C:\Windows\System\yDvrcnd.exe
  C:\Windows\System\yDvrcnd.exe
  2⤵
  PID:9552
- C:\Windows\System\KFBLESL.exe
  C:\Windows\System\KFBLESL.exe
  2⤵
  PID:8132
- C:\Windows\System\PWpxbwb.exe
  C:\Windows\System\PWpxbwb.exe
  2⤵
  PID:9880
- C:\Windows\System\WEUnOGJ.exe
  C:\Windows\System\WEUnOGJ.exe
  2⤵
  PID:7164
- C:\Windows\System\QnCtyIs.exe
  C:\Windows\System\QnCtyIs.exe
  2⤵
  PID:9316
- C:\Windows\System\DapKgVt.exe
  C:\Windows\System\DapKgVt.exe
  2⤵
  PID:9980
- C:\Windows\System\jgFoJuX.exe
  C:\Windows\System\jgFoJuX.exe
  2⤵
  PID:6540
- C:\Windows\System\HupSOfs.exe
  C:\Windows\System\HupSOfs.exe
  2⤵
  PID:10224
- C:\Windows\System\hdLgYlN.exe
  C:\Windows\System\hdLgYlN.exe
  2⤵
  PID:7112
- C:\Windows\System\WgcxBaf.exe
  C:\Windows\System\WgcxBaf.exe
  2⤵
  PID:7032
- C:\Windows\System\RYznaTb.exe
  C:\Windows\System\RYznaTb.exe
  2⤵
  PID:16148
- C:\Windows\System\RYzjbVX.exe
  C:\Windows\System\RYzjbVX.exe
  2⤵
  PID:9684
- C:\Windows\System\zFfuUVz.exe
  C:\Windows\System\zFfuUVz.exe
  2⤵
  PID:9524
- C:\Windows\System\AjdGvvV.exe
  C:\Windows\System\AjdGvvV.exe
  2⤵
  PID:7420
- C:\Windows\System\ysYLgwV.exe
  C:\Windows\System\ysYLgwV.exe
  2⤵
  PID:6872
- C:\Windows\System\MXhwdnQ.exe
  C:\Windows\System\MXhwdnQ.exe
  2⤵
  PID:10368
- C:\Windows\System\fjyTIlC.exe
  C:\Windows\System\fjyTIlC.exe
  2⤵
  PID:7692
- C:\Windows\System\IIlEiNR.exe
  C:\Windows\System\IIlEiNR.exe
  2⤵
  PID:7404
- C:\Windows\System\mQozaHw.exe
  C:\Windows\System\mQozaHw.exe
  2⤵
  PID:3152
- C:\Windows\System\yqfwinL.exe
  C:\Windows\System\yqfwinL.exe
  2⤵
  PID:10608
- C:\Windows\System\tTLnoRN.exe
  C:\Windows\System\tTLnoRN.exe
  2⤵
  PID:7956
- C:\Windows\System\ulopwOU.exe
  C:\Windows\System\ulopwOU.exe
  2⤵
  PID:10824
- C:\Windows\System\NQTndif.exe
  C:\Windows\System\NQTndif.exe
  2⤵
  PID:9852
- C:\Windows\System\ycClOVq.exe
  C:\Windows\System\ycClOVq.exe
  2⤵
  PID:10920
- C:\Windows\System\WwjXIPq.exe
  C:\Windows\System\WwjXIPq.exe
  2⤵
  PID:10940
- C:\Windows\System\rzghVSR.exe
  C:\Windows\System\rzghVSR.exe
  2⤵
  PID:6404
- C:\Windows\System\IieTkAA.exe
  C:\Windows\System\IieTkAA.exe
  2⤵
  PID:6972
- C:\Windows\System\ouPeNAm.exe
  C:\Windows\System\ouPeNAm.exe
  2⤵
  PID:8512
- C:\Windows\System\gyaaBit.exe
  C:\Windows\System\gyaaBit.exe
  2⤵
  PID:11036
- C:\Windows\System\oRLTSGy.exe
  C:\Windows\System\oRLTSGy.exe
  2⤵
  PID:7796
- C:\Windows\System\ncnvHvI.exe
  C:\Windows\System\ncnvHvI.exe
  2⤵
  PID:15648
- C:\Windows\System\njnuZzJ.exe
  C:\Windows\System\njnuZzJ.exe
  2⤵
  PID:3116
- C:\Windows\System\AHpKwvS.exe
  C:\Windows\System\AHpKwvS.exe
  2⤵
  PID:7688
- C:\Windows\System\rFwCCIk.exe
  C:\Windows\System\rFwCCIk.exe
  2⤵
  PID:7924
- C:\Windows\System\NmBIbyn.exe
  C:\Windows\System\NmBIbyn.exe
  2⤵
  PID:7868
- C:\Windows\System\uluuyLl.exe
  C:\Windows\System\uluuyLl.exe
  2⤵
  PID:11200
- C:\Windows\System\QlbzeXV.exe
  C:\Windows\System\QlbzeXV.exe
  2⤵
  PID:6596
- C:\Windows\System\EEnqGCw.exe
  C:\Windows\System\EEnqGCw.exe
  2⤵
  PID:7920
- C:\Windows\System\ThiibBx.exe
  C:\Windows\System\ThiibBx.exe
  2⤵
  PID:15856
- C:\Windows\System\rWIASlV.exe
  C:\Windows\System\rWIASlV.exe
  2⤵
  PID:1552
- C:\Windows\System\GirMgDr.exe
  C:\Windows\System\GirMgDr.exe
  2⤵
  PID:10624
- C:\Windows\System\lIUMMYi.exe
  C:\Windows\System\lIUMMYi.exe
  2⤵
  PID:8220
- C:\Windows\System\tnFKWLn.exe
  C:\Windows\System\tnFKWLn.exe
  2⤵
  PID:10844
- C:\Windows\System\YjeaVOH.exe
  C:\Windows\System\YjeaVOH.exe
  2⤵
  PID:9608
- C:\Windows\System\xVYtMux.exe
  C:\Windows\System\xVYtMux.exe
  2⤵
  PID:10956
- C:\Windows\System\TkvIoFf.exe
  C:\Windows\System\TkvIoFf.exe
  2⤵
  PID:9668
- C:\Windows\System\ZNbNZGP.exe
  C:\Windows\System\ZNbNZGP.exe
  2⤵
  PID:11020
- C:\Windows\System\uvwaTNf.exe
  C:\Windows\System\uvwaTNf.exe
  2⤵
  PID:11156
- C:\Windows\System\NLXEHcy.exe
  C:\Windows\System\NLXEHcy.exe
  2⤵
  PID:8360
- C:\Windows\System\RwMVIro.exe
  C:\Windows\System\RwMVIro.exe
  2⤵
  PID:6660
- C:\Windows\System\RTKJOoL.exe
  C:\Windows\System\RTKJOoL.exe
  2⤵
  PID:1196
- C:\Windows\System\bQkGMYo.exe
  C:\Windows\System\bQkGMYo.exe
  2⤵
  PID:1028
- C:\Windows\System\NpNrxst.exe
  C:\Windows\System\NpNrxst.exe
  2⤵
  PID:8500
- C:\Windows\System\hBxHrtK.exe
  C:\Windows\System\hBxHrtK.exe
  2⤵
  PID:8544
- C:\Windows\System\VGIuook.exe
  C:\Windows\System\VGIuook.exe
  2⤵
  PID:11184
- C:\Windows\System\xlTpIYI.exe
  C:\Windows\System\xlTpIYI.exe
  2⤵
  PID:9700
- C:\Windows\System\vUdpFMo.exe
  C:\Windows\System\vUdpFMo.exe
  2⤵
  PID:8556
- C:\Windows\System\KeswRdi.exe
  C:\Windows\System\KeswRdi.exe
  2⤵
  PID:10812
- C:\Windows\System\MLKnJJR.exe
  C:\Windows\System\MLKnJJR.exe
  2⤵
  PID:10960
- C:\Windows\System\ArkbHTy.exe
  C:\Windows\System\ArkbHTy.exe
  2⤵
  PID:7428
- C:\Windows\System\YtjFBRB.exe
  C:\Windows\System\YtjFBRB.exe
  2⤵
  PID:8632
- C:\Windows\System\KxWXDGB.exe
  C:\Windows\System\KxWXDGB.exe
  2⤵
  PID:8668
- C:\Windows\System\UuJOHlB.exe
  C:\Windows\System\UuJOHlB.exe
  2⤵
  PID:11396
- C:\Windows\System\xwixKxm.exe
  C:\Windows\System\xwixKxm.exe
  2⤵
  PID:7876
- C:\Windows\System\PeVtRNH.exe
  C:\Windows\System\PeVtRNH.exe
  2⤵
  PID:8816
- C:\Windows\System\VyIaaaC.exe
  C:\Windows\System\VyIaaaC.exe
  2⤵
  PID:11720
- C:\Windows\System\odWthjP.exe
  C:\Windows\System\odWthjP.exe
  2⤵
  PID:1012
- C:\Windows\System\EacecDq.exe
  C:\Windows\System\EacecDq.exe
  2⤵
  PID:10832
- C:\Windows\System\EXZAItD.exe
  C:\Windows\System\EXZAItD.exe
  2⤵
  PID:8924
- C:\Windows\System\pkQLrpx.exe
  C:\Windows\System\pkQLrpx.exe
  2⤵
  PID:11808
- C:\Windows\System\wIcHbwY.exe
  C:\Windows\System\wIcHbwY.exe
  2⤵
  PID:8392
- C:\Windows\System\ILmRmLW.exe
  C:\Windows\System\ILmRmLW.exe
  2⤵
  PID:11892
- C:\Windows\System\bktrxiE.exe
  C:\Windows\System\bktrxiE.exe
  2⤵
  PID:8152
- C:\Windows\System\ayxUaue.exe
  C:\Windows\System\ayxUaue.exe
  2⤵
  PID:9028
- C:\Windows\System\zjYNoCx.exe
  C:\Windows\System\zjYNoCx.exe
  2⤵
  PID:12036
- C:\Windows\System\saQrfJs.exe
  C:\Windows\System\saQrfJs.exe
  2⤵
  PID:12068
- C:\Windows\System\kRNWMiO.exe
  C:\Windows\System\kRNWMiO.exe
  2⤵
  PID:11124
- C:\Windows\System\zoxfDIj.exe
  C:\Windows\System\zoxfDIj.exe
  2⤵
  PID:12144
- C:\Windows\System\OgkOMsZ.exe
  C:\Windows\System\OgkOMsZ.exe
  2⤵
  PID:12208
- C:\Windows\System\jbWKnZA.exe
  C:\Windows\System\jbWKnZA.exe
  2⤵
  PID:2488
- C:\Windows\System\YPKhZPD.exe
  C:\Windows\System\YPKhZPD.exe
  2⤵
  PID:12260
- C:\Windows\System\WgKMquW.exe
  C:\Windows\System\WgKMquW.exe
  2⤵
  PID:10548
- C:\Windows\System\GwnaKOS.exe
  C:\Windows\System\GwnaKOS.exe
  2⤵
  PID:7556
- C:\Windows\System\ETYktiN.exe
  C:\Windows\System\ETYktiN.exe
  2⤵
  PID:10216
- C:\Windows\System\BTlxqFQ.exe
  C:\Windows\System\BTlxqFQ.exe
  2⤵
  PID:8128
- C:\Windows\System\CzMYVHB.exe
  C:\Windows\System\CzMYVHB.exe
  2⤵
  PID:11204
- C:\Windows\System\ovMXuRe.exe
  C:\Windows\System\ovMXuRe.exe
  2⤵
  PID:11596
- C:\Windows\System\OZlGtrg.exe
  C:\Windows\System\OZlGtrg.exe
  2⤵
  PID:11236
- C:\Windows\System\ynblcHv.exe
  C:\Windows\System\ynblcHv.exe
  2⤵
  PID:11708
- C:\Windows\System\hluqGzG.exe
  C:\Windows\System\hluqGzG.exe
  2⤵
  PID:10528
- C:\Windows\System\gnhkqPW.exe
  C:\Windows\System\gnhkqPW.exe
  2⤵
  PID:8560
- C:\Windows\System\rhrOVxi.exe
  C:\Windows\System\rhrOVxi.exe
  2⤵
  PID:12100
- C:\Windows\System\oSeTQgD.exe
  C:\Windows\System\oSeTQgD.exe
  2⤵
  PID:8304
- C:\Windows\System\BTkzoqi.exe
  C:\Windows\System\BTkzoqi.exe
  2⤵
  PID:3756
- C:\Windows\System\OUawLqe.exe
  C:\Windows\System\OUawLqe.exe
  2⤵
  PID:8888
- C:\Windows\System\USlsFKj.exe
  C:\Windows\System\USlsFKj.exe
  2⤵
  PID:6344
- C:\Windows\System\znylLrg.exe
  C:\Windows\System\znylLrg.exe
  2⤵
  PID:8976
- C:\Windows\System\tpMsnLh.exe
  C:\Windows\System\tpMsnLh.exe
  2⤵
  PID:11784
- C:\Windows\System\pQAwUOd.exe
  C:\Windows\System\pQAwUOd.exe
  2⤵
  PID:11868
- C:\Windows\System\bXQgMSt.exe
  C:\Windows\System\bXQgMSt.exe
  2⤵
  PID:12008
- C:\Windows\System\hLeCbXd.exe
  C:\Windows\System\hLeCbXd.exe
  2⤵
  PID:868
- C:\Windows\System\nPuZegF.exe
  C:\Windows\System\nPuZegF.exe
  2⤵
  PID:10556
- C:\Windows\System\SUfdYSv.exe
  C:\Windows\System\SUfdYSv.exe
  2⤵
  PID:8460
- C:\Windows\System\MoohPvv.exe
  C:\Windows\System\MoohPvv.exe
  2⤵
  PID:10900

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:16156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\ADTTfdL.exe

Filesize
6.0MB

MD5
5825abac6fb26680e14ef83dbc059c23

SHA1
5f37240b7f7020dd7ff538d04258c23eafbb6308

SHA256
829ba6779c4ac95ff22108dd55345be69376a6d4ce1406ac49c598c4fe56d706

SHA512
1004415b5369c0a6d4a790f00db357acb8c7cea4f266d7d26c76cc1329f8624364847d077fcdbc46d677cb0a95479b27b24dba790076d98b61c2b627f1df3527

Download Submit
C:\Windows\System\AtoUECF.exe

Filesize
6.0MB

MD5
eba7a04bcba6b25338866adf6f91e6a0

SHA1
7d7b139addb266c4bf1acdb75bf8a2486f049ef0

SHA256
bdf1db789b14c3a7d26ec17b90d3908e42b7717dd619f2559dbb7b16459acfcf

SHA512
a8f7c32c32a51156464e8941a1b2d7dcd5a60f0073d7311ddb18e8ecaa770b2f8d9e409962d32c1270d9e4036da0e98dd8ac10f4a5a8b1115f414a159d1c2141

Download Submit
C:\Windows\System\DNBQBNV.exe

Filesize
6.0MB

MD5
601515aec167087951706a1f69ca15aa

SHA1
e40e1c4267500491e9e636a6030eb7512f718e28

SHA256
8834d75a610fb2ed5c6657d9421113c97bcaf470d20d91e60bea8275e76d7b75

SHA512
4baf1672a8c3ec97a7b80faa06305ccf0a911b9367fff52468754e72c96b9924b383a74d494f427f1fceadbd70d2110eb78067c797ce90b328f0d7d95f682704

Download Submit
C:\Windows\System\FqjSUNE.exe

Filesize
6.0MB

MD5
fca08a5b3709f2b5781ddc282a0448de

SHA1
73b650355e9e07cd8ccac3ea47ff0d1897b61f60

SHA256
2e904ace82d311eef20cbe79aa61e41e695d9b72ae146edf1f4a20a1070278a2

SHA512
8e52c6991aa5b3199fc5597629a1d45b1a2860dbd53da1a5e44342414a80bfc06c8d1f5501e05f3c4ad31ebde08d78eb15618548d68c6f60458c986021f69074

Download Submit
C:\Windows\System\HanhlDu.exe

Filesize
6.0MB

MD5
47a5c3e04e54fdb00db8ddee7cc7f6a1

SHA1
705593124b0f1db5e31c988eae7f28d9572d5e22

SHA256
e8876dca2ddad28f9370800ad37d026be119bd38923c8e7fe981f3bc088f6e60

SHA512
8530faf69e9a57aea6e386ac15a0225458a9a9b0edb7be235bd9d6c06acbabcc6055dfc2003dd8d3e0a2a3f133ebf1e043e4b6e2105f075d149da33a797a5fe9

Download Submit
C:\Windows\System\HbYEPzs.exe

Filesize
6.0MB

MD5
6976ed5cac668ad0fac03cd0c8e811c4

SHA1
91e148ba48935f716210513404d73ea7b376bb88

SHA256
2998bf9c96fec2160c94a4aa1d83493c9674a79265d35eb52e712e9afded86c7

SHA512
84628772fc0a4368e78aaf846146882ae5eca13ee83eaba2d31295eed0bf9a54d6eb792751af8dccf2e034b80113c6ddee94cb5373059bc8a8623537c242288e

Download Submit
C:\Windows\System\HqXKKdl.exe

Filesize
6.0MB

MD5
b911ee3835738b32b26ca40138649c24

SHA1
df146870ef7209c375b1cfa250c29794e4bb9d2a

SHA256
a120a43cd01e1fa0ad84e9794bcbcb2e75d896dd214ec10667ecf252e2faf61b

SHA512
0a9008b163af1dfb9afd6cef315e7d9a66c1f7f793b2ded650671a709e14015057d58fcdbe2a51149e6e6985b63f979367f1f5d5fe6c42e4cd12809e3c9ca0ae

Download Submit
C:\Windows\System\IaBApAX.exe

Filesize
6.0MB

MD5
1d625d97a815c3f401360385e98020f8

SHA1
381a33b8a9ee9eb76f6e53c25a971a1dba7e0e3d

SHA256
ad14ee9e59a31f05060763a15855505017c66207ef22301ac53ec6084f33770f

SHA512
3168edb2ad25749e94d1a3e354599cab92fb6306180ed65190bc70a4076b2e07a2e467e5e3d753ecf1bf6f5cbacda8df63f9c573d178e5a0e25f5796ed3c39d6

Download Submit
C:\Windows\System\LqxipHP.exe

Filesize
6.0MB

MD5
6d4dfad7757bc10dd627d61e71c83fef

SHA1
71949898da19a812f2dafc3a7d99365b76eb3aa2

SHA256
ae2a2b4ee4ea794160cc5635938074ca6f01843bf471eb9fd66d21e64ec8c4f2

SHA512
1ce3f30e1d7fa556620703e414729b1dd70fdec1cb221c50224d4cf1f02b7c6a202cb19e3f8bc33c5d1efc297ffc06b7b2a03b33aeab7bc71c0fff83ccccff6c

Download Submit
C:\Windows\System\MndieCd.exe

Filesize
6.0MB

MD5
e0c74a2236a1a3f1682511cc51522dfd

SHA1
548dbcccbc9307c127ccd7a98377f8cbb673b992

SHA256
17eb643bbde786d89d63b80160d3108ad9b378436060ec58e97486ade54e2fbc

SHA512
5ba16d867b69ad84663133d3bc6f7966d4e3ddcc12e3a18480a16fa8ceb34a0565df58acab94191c2eb078ce69e3be43813154fbedef5079137dee39f060b653

Download Submit
C:\Windows\System\PcKOrTt.exe

Filesize
6.0MB

MD5
2153989bb01c16fd8c6caea35a100217

SHA1
baa9b82d01b82dbebf9268d79e7e4462e1d91752

SHA256
4e173ada7e9be3c74793ab9b4206c462527a07e6a270cffae09edc047ecd10f4

SHA512
4b0aa2ee9521f3b327c2448780250e27b310f3ca7ad1400a3ca8d464e6c18af88b416228a0ee684ec330450abd01712e190602dd7d7336949840a8dfdd59e3bb

Download Submit
C:\Windows\System\RQSImXv.exe

Filesize
6.0MB

MD5
a91e7f642d9073157471b43c75a9dba9

SHA1
26ac10b27f94bca506ac9023d26ac2ff1ec710a6

SHA256
1e0d6408c6c4769945381daab012829c3bea8bb384668b7d2857cf6b6fd816d1

SHA512
1837e60d9a8160bc7920955d624ce8d19136d116a876ba1a44862190ddaf2461e1f413bd5f3227933d2130f875233729e5f00af2608129f96e3970b0743dd3aa

Download Submit
C:\Windows\System\TjVCPSm.exe

Filesize
6.0MB

MD5
e7d5829491ca6671f8edd590fc246c2f

SHA1
48ab16f6fbc6318b1ddea3004f11b2c056c465a4

SHA256
509f413e900384bca138f53eb1b7e1b727b701225a55e17a92e9e4b9d06e23a2

SHA512
5340fc62876df2869ce1a2310149580c9a71a13fdd04e77790beef31f44163a278caa05edafb901be4bc5c8ec398c0b80c301061137460a2f4a692bd58701dab

Download Submit
C:\Windows\System\UJixHvc.exe

Filesize
6.0MB

MD5
f3ef24f8a9127013ee0f80c447a05134

SHA1
f42f244fc92a378d1d104b9cf31701ad4fa11410

SHA256
e8d75e6c9e1cc1f6dbd28d056212622c862b4288ec8342a554daeb195b1480c1

SHA512
e4bac5e9d9f0b915a0cb71abd9b237315472594a53efafc78c2552e356904e08a1e2b797a8cfd2e843f2ceeded5aa494b1a1474cd11bff8ebcb631b31283c728

Download Submit
C:\Windows\System\UodBtbJ.exe

Filesize
6.0MB

MD5
f3630abe60a1a18e3d6ad8b68c027414

SHA1
c5922ced63822f7c8b5263f072e9a5794bb616c0

SHA256
cbe03f338b12a5e3769338f6708b3bf12d84e9ac0178e9b15029886fbc66e570

SHA512
70f01cf420ae4edfbbd055822217d677ffd3ef858945be7c530d80523fbcd8819a470fc2dc69b51cfa8b9b7e1c0c7bcefa99170334271c0fb8955922b362fa24

Download Submit
C:\Windows\System\XuYKjkC.exe

Filesize
6.0MB

MD5
8348898bf4c007625c2c327ff5c3e1c6

SHA1
aa4fc32bee6684d5e707e36054e5c2f768cde7b3

SHA256
044cb559e29537a3e19aba60513eaf8772a77994453fc7c3c38ddeb1321d6550

SHA512
1fec9787397d7303068c72f22d5c73768e8cc2096c271243e029d74680da20b7e860797d3be65f5d98cf1f06959e649f4263f30fd88728e0d51985d1de8cb30e

Download Submit
C:\Windows\System\ZHyzZvk.exe

Filesize
6.0MB

MD5
1864f3d163aca400deee520d031d7f72

SHA1
6247f4b0c07699f5cd7a62bdaaef5ae26f6f38a3

SHA256
98dbeed3cfbc863e77104fa96c292037b0b120e8bfe538ac27e7069d11e73d50

SHA512
932ec0ceafe0674ff9b222d0928dbfe86c8c956c5c0fc337ea8fd1e701ba4ddbd5080a9a22d0d38d3d2dbb5c6a4f3c493a4cfbf1b0bb04533d7903dcfa05fcb1

Download Submit
C:\Windows\System\ZyfCzxI.exe

Filesize
6.0MB

MD5
f6e73ea93c31181dd5c8a3a4100e1112

SHA1
64914c0c0afe2106a6f091b27b5d31600554b259

SHA256
455586b0fd425ea2d9be3277411814d9746d14ef89b360f59b086b820e8f22b2

SHA512
27f1746c833807d2708e84d8a8862dcdfaae29169ace2d6a4933b8c7e074c4acf0ee255b26cb908e3001be37892d40326f84bcb92454b908ae0579183f4797b6

Download Submit
C:\Windows\System\cicABXR.exe

Filesize
6.0MB

MD5
61583b71e3a950779fd72a8b8693147d

SHA1
0f1619b79483a0ce0d959cb3e840266dc1fd2fb5

SHA256
a28146c5c710c138c7ca10867ac510020aa052bbee2000074e9aabaafbcab402

SHA512
55a3d44d244a432ef3e74b2734ad5d02576cbabced011dea51ee08e17ca2fe8989247bedbc4d8c2109e11d98e004791c5d24c5bfab1386e51b2a192367cdf329

Download Submit
C:\Windows\System\czVEEpQ.exe

Filesize
6.0MB

MD5
d476f87c333355810eaa45ba77a82678

SHA1
1c8f4aacffe4ec8490c4ea13092d602af36aa88d

SHA256
0fd2f0e6130b0e5c8d0a272cded4975dc37f47246d8a918e825beb875dda821e

SHA512
f375c2b8653ecfc684ecaba0b19f974de05c83e7df524c10596321a9e509143bbf3dc63f5481b4800071c06e065db06e5d84890673ef95596996b285be068b08

Download Submit
C:\Windows\System\dFtDMip.exe

Filesize
6.0MB

MD5
a3521ef3ea99e2d1c1b473227b45d260

SHA1
6a6ad76baeeb4526c6345bbd0555ab8ba968d3ae

SHA256
4fe282de42e1dac00a63f1b073823dce656843b64483cb054a50d95c75f41e1a

SHA512
0c3861ca8d89e99e184a96abdd69b488509fd839ad648c8012cd13468524172efac3f2f1e281756fa7a09f38812b5829c381a61d932669fec0366f474172ff47

Download Submit
C:\Windows\System\dGNsoGs.exe

Filesize
6.0MB

MD5
9b3f30e7eea28bc601a890cb0323330d

SHA1
f16081a13d39ec97c71af230ce35bd9fa4641eb9

SHA256
0410ca090ac0ce8519b6257d542ccf03d8d0fb8a385490cba71fc6e674953aa9

SHA512
6d7f882f7798eb0027e2de0f14ef37362ed4c291debd9ee420bf04ba243e35b3b8dbe7c9344eeb05bf6df5f92e452e63891d2f4c3ac49d7e2d3d22d3aca72f62

Download Submit
C:\Windows\System\elMqajJ.exe

Filesize
6.0MB

MD5
db46f4673a3dfb5da8b4d66b32acd127

SHA1
73a466f7bbd677d0bce3b26a5d68d9c008a18a1f

SHA256
4764a2eeac24e2b5f15702769188fb917b773f85b0d31477981d58b0832f3b71

SHA512
cffeb607bfe9d331c8c9502ad17a21a87c86991e9db2d78d4cbce3ec6123b85aaf6f9e1edbf8081988e7797cc1ab4e12401cb3d024857f3204e7d14c0aa0c9d9

Download Submit
C:\Windows\System\kOaegzU.exe

Filesize
6.0MB

MD5
bcdcb052458450aa790da16e83fb6d83

SHA1
2a8d80742b33d98dddd9d4584716c8e4536437a0

SHA256
fe5adc86b0d281a33f12f15867e2ac5b74907b5ce35486d050ed44f5525b520e

SHA512
b3ed42e5523ed7d3b996843c42d53b8ff9167748f708d3786843e1de6ea203bfef84d1fdf15f47b078c48076378814d96c073dce15876825bf9b36380a104850

Download Submit
C:\Windows\System\myhkcAu.exe

Filesize
6.0MB

MD5
ceebfa7d9de57dcba34026175d8dea51

SHA1
399310275c4363baf20d4c3b76fa5132fac70c72

SHA256
a6d0f461cf17e81d1cdab585660f08ca4279cc5aea17b54d41f9531ae6e87a47

SHA512
6dab071ea3916c5824bb293233403aa375e0685210e2dfb1f67cb779d4b56c21b7a4b099ba9a4992a4e5709136ffcb3eeee7ea04d8791f7d1c81ae26e33f7b02

Download Submit
C:\Windows\System\nMwrGgR.exe

Filesize
6.0MB

MD5
01658f3f8c50b868b001d6521fbd17fa

SHA1
202e3539a85a41bed792986e102ac69dc5b105d8

SHA256
bee76a01f891af1128091e0b6e82851fa1aa1c3f293dda903cd2d79b059cd49e

SHA512
3918e045757bbb7c64667a5c5ed3e43b477758213d5f4717b0fb812629c8b4622404928221fcdfc1c40c64b237c4501488bf122cbcecc8cc50e283f8690fea2f

Download Submit
C:\Windows\System\nVYESKM.exe

Filesize
6.0MB

MD5
1d705094b2795961b8278473a52f8d95

SHA1
a36cf33fb061106f0ae6dc464f00fee586e060e0

SHA256
520380d87c124b25285bbaee5b9e012f366f65edf2c8159a007949cc241b8b3a

SHA512
dfb401275b5f8c0cde5bb510200df54ee95b1001ad81b4225ea3b087954a894e5cd8fd2a0533522889f6f4f5eb7c96bda525a9a60e4bfcb7b445d24f02dc80d7

Download Submit
C:\Windows\System\oKXraMM.exe

Filesize
6.0MB

MD5
6ad8ee4678c376ef0dca0c87bd040b16

SHA1
1c8e3710a163369afaa787717d92dc125bd757e1

SHA256
d4c29045015c984f10f8a5d5443723772051b8d1416fc23c3379b2bf8ee65464

SHA512
df67030ec3f9fef26188d85740a7f50c6774d8c5bdfca48e63b2d52b55a7cd1e2a1c200c29faa8148da72ba8c2f18b31d019b93a753bedc04635efa9927e0f3a

Download Submit
C:\Windows\System\qsxRNnC.exe

Filesize
6.0MB

MD5
def8409078131a75a258cc8f40a32046

SHA1
86a301dc4f0c5e162adfc645b6b926401ec6e4c1

SHA256
6477d2f83203197e726bee333a0f2e9962c1aec5c9945ed7089c7684d136d435

SHA512
86862771d1c22d471ba564b5b6c025f892938411e17002532f40af4d5e138060e489b60ba1d5e7720457c98225115364e467a8801a2e42838a900f1a0ff3bcf2

Download Submit
C:\Windows\System\rkPpUBX.exe

Filesize
6.0MB

MD5
92529b0cd60a8c03994b6b2f194dec17

SHA1
ec9f9f0aac9693cc21a098a6c70a9e5380e3313d

SHA256
117ed8a7dc061226e07c28fc8591ccae53aaa4d9b2eba1060fbd2314fbb59afb

SHA512
24dff8ec4025923b8dfa2d6b04c1abff09cb2b9c37bae46158f3cce1d99f0586cb33390211f1487575024045d023a9cb2b74e5b0aaae1e678dd033d6f4628068

Download Submit
C:\Windows\System\velLhKZ.exe

Filesize
6.0MB

MD5
505f42f9d1bb7c79c1b4a2b4161658a9

SHA1
1c2f37b6a08f56bbb34d4cfba8b0ed57f446fe72

SHA256
55c7db202e97cb181c41a015fa5e51314f045f6e748065c3e52c3d54608e9cf7

SHA512
627973a13ab88cf84d506247a0813f64ae8b6d48823fd064c5c920d933870757e9c3f54fc5cccb478435e600b8b625e99020560339d11e1e2b7639d66332c544

Download Submit
C:\Windows\System\wTqcrOj.exe

Filesize
6.0MB

MD5
71419d122c468326888d1419364b49a5

SHA1
03e0e72221539f901ab9eaaba884ad072bc8ff04

SHA256
c22cd8ab08ce1bd249e514f5b703f7a8a95c5964b0c6297d29f0c19f8c625ed7

SHA512
d388527ca0dbbd8c7aa4052bb628077bc89f9e17b0c8d64f8d2ab31d99f92762b1ae1fec7bfbf08624785f90bbc12c7389371ffcfe12ccdee73f1d99e8562a43

Download Submit
C:\Windows\System\xozuAbl.exe

Filesize
6.0MB

MD5
6104a218ce639ad7940459db5f914120

SHA1
adeb3675edf10a106f0977b27f67f910ec1b7d8e

SHA256
02aa31aea6673c4c84266d9506af22fe83f0bbf71cc66bbf4df41b6c48c845a1

SHA512
f3074ffd51efb9f0c47b39e53a096ecfb840447fb8ce2bb40e1e41fc0eb07e2e83f507265e51b4bca22d90f5aa9883cd26f62c5595bf9c921d24bf4f8d45f746

Download Submit
memory/764-105-0x00007FF70A220000-0x00007FF70A574000-memory.dmp

Filesize
3.3MB

Download
memory/764-173-0x00007FF70A220000-0x00007FF70A574000-memory.dmp

Filesize
3.3MB

Download
memory/1016-118-0x00007FF743620000-0x00007FF743974000-memory.dmp

Filesize
3.3MB

Download
memory/1016-48-0x00007FF743620000-0x00007FF743974000-memory.dmp

Filesize
3.3MB

Download
memory/1048-146-0x00007FF6C2680000-0x00007FF6C29D4000-memory.dmp

Filesize
3.3MB

Download
memory/1048-1273-0x00007FF6C2680000-0x00007FF6C29D4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-153-0x00007FF7A5750000-0x00007FF7A5AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1408-1274-0x00007FF7A5750000-0x00007FF7A5AA4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-1337-0x00007FF615B20000-0x00007FF615E74000-memory.dmp

Filesize
3.3MB

Download
memory/1900-158-0x00007FF615B20000-0x00007FF615E74000-memory.dmp

Filesize
3.3MB

Download
memory/2088-81-0x00007FF6B6350000-0x00007FF6B66A4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-18-0x00007FF6B6350000-0x00007FF6B66A4000-memory.dmp

Filesize
3.3MB

Download
memory/2132-2337-0x00007FF7482B0000-0x00007FF748604000-memory.dmp

Filesize
3.3MB

Download
memory/2132-137-0x00007FF7482B0000-0x00007FF748604000-memory.dmp

Filesize
3.3MB

Download
memory/2132-1215-0x00007FF7482B0000-0x00007FF748604000-memory.dmp

Filesize
3.3MB

Download
memory/2184-2306-0x00007FF79BF40000-0x00007FF79C294000-memory.dmp

Filesize
3.3MB

Download
memory/2184-157-0x00007FF79BF40000-0x00007FF79C294000-memory.dmp

Filesize
3.3MB

Download
memory/2184-89-0x00007FF79BF40000-0x00007FF79C294000-memory.dmp

Filesize
3.3MB

Download
memory/2440-121-0x00007FF63A670000-0x00007FF63A9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-2326-0x00007FF63A670000-0x00007FF63A9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2440-179-0x00007FF63A670000-0x00007FF63A9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-1701-0x00007FF6F6750000-0x00007FF6F6AA4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-193-0x00007FF6F6750000-0x00007FF6F6AA4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-128-0x00007FF68ED50000-0x00007FF68F0A4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-1148-0x00007FF68ED50000-0x00007FF68F0A4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-127-0x00007FF62AFE0000-0x00007FF62B334000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2332-0x00007FF62AFE0000-0x00007FF62B334000-memory.dmp

Filesize
3.3MB

Download
memory/2932-186-0x00007FF62AFE0000-0x00007FF62B334000-memory.dmp

Filesize
3.3MB

Download
memory/2964-122-0x00007FF7F63D0000-0x00007FF7F6724000-memory.dmp

Filesize
3.3MB

Download
memory/2964-56-0x00007FF7F63D0000-0x00007FF7F6724000-memory.dmp

Filesize
3.3MB

Download
memory/3092-1456-0x00007FF660030000-0x00007FF660384000-memory.dmp

Filesize
3.3MB

Download
memory/3092-177-0x00007FF660030000-0x00007FF660384000-memory.dmp

Filesize
3.3MB

Download
memory/3132-88-0x00007FF7198C0000-0x00007FF719C14000-memory.dmp

Filesize
3.3MB

Download
memory/3132-24-0x00007FF7198C0000-0x00007FF719C14000-memory.dmp

Filesize
3.3MB

Download
memory/3188-64-0x00007FF667510000-0x00007FF667864000-memory.dmp

Filesize
3.3MB

Download
memory/3504-14-0x00007FF69F4F0000-0x00007FF69F844000-memory.dmp

Filesize
3.3MB

Download
memory/3504-2124-0x00007FF69F4F0000-0x00007FF69F844000-memory.dmp

Filesize
3.3MB

Download
memory/3504-68-0x00007FF69F4F0000-0x00007FF69F844000-memory.dmp

Filesize
3.3MB

Download
memory/3536-42-0x00007FF6A8B00000-0x00007FF6A8E54000-memory.dmp

Filesize
3.3MB

Download
memory/3536-111-0x00007FF6A8B00000-0x00007FF6A8E54000-memory.dmp

Filesize
3.3MB

Download
memory/3676-2117-0x00007FF6A6E30000-0x00007FF6A7184000-memory.dmp

Filesize
3.3MB

Download
memory/3676-61-0x00007FF6A6E30000-0x00007FF6A7184000-memory.dmp

Filesize
3.3MB

Download
memory/3676-8-0x00007FF6A6E30000-0x00007FF6A7184000-memory.dmp

Filesize
3.3MB

Download
memory/3708-178-0x00007FF793850000-0x00007FF793BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-2322-0x00007FF793850000-0x00007FF793BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3708-112-0x00007FF793850000-0x00007FF793BA4000-memory.dmp

Filesize
3.3MB

Download
memory/3748-145-0x00007FF69BF00000-0x00007FF69C254000-memory.dmp

Filesize
3.3MB

Download
memory/3748-75-0x00007FF69BF00000-0x00007FF69C254000-memory.dmp

Filesize
3.3MB

Download
memory/4108-82-0x00007FF6DB100000-0x00007FF6DB454000-memory.dmp

Filesize
3.3MB

Download
memory/4108-2298-0x00007FF6DB100000-0x00007FF6DB454000-memory.dmp

Filesize
3.3MB

Download
memory/4108-152-0x00007FF6DB100000-0x00007FF6DB454000-memory.dmp

Filesize
3.3MB

Download
memory/4132-1455-0x00007FF650460000-0x00007FF6507B4000-memory.dmp

Filesize
3.3MB

Download
memory/4132-165-0x00007FF650460000-0x00007FF6507B4000-memory.dmp

Filesize
3.3MB

Download
memory/4360-36-0x00007FF70DBD0000-0x00007FF70DF24000-memory.dmp

Filesize
3.3MB

Download
memory/4360-104-0x00007FF70DBD0000-0x00007FF70DF24000-memory.dmp

Filesize
3.3MB

Download
memory/4576-28-0x00007FF6DE1A0000-0x00007FF6DE4F4000-memory.dmp

Filesize
3.3MB

Download
memory/4576-97-0x00007FF6DE1A0000-0x00007FF6DE4F4000-memory.dmp

Filesize
3.3MB

Download
memory/4744-70-0x00007FF6296D0000-0x00007FF629A24000-memory.dmp

Filesize
3.3MB

Download
memory/4744-136-0x00007FF6296D0000-0x00007FF629A24000-memory.dmp

Filesize
3.3MB

Download
memory/4788-1507-0x00007FF7EBAC0000-0x00007FF7EBE14000-memory.dmp

Filesize
3.3MB

Download
memory/4788-185-0x00007FF7EBAC0000-0x00007FF7EBE14000-memory.dmp

Filesize
3.3MB

Download
memory/4916-2312-0x00007FF661500000-0x00007FF661854000-memory.dmp

Filesize
3.3MB

Download
memory/4916-98-0x00007FF661500000-0x00007FF661854000-memory.dmp

Filesize
3.3MB

Download
memory/4916-164-0x00007FF661500000-0x00007FF661854000-memory.dmp

Filesize
3.3MB

Download
memory/5076-192-0x00007FF709D00000-0x00007FF70A054000-memory.dmp

Filesize
3.3MB

Download
memory/5076-1571-0x00007FF709D00000-0x00007FF70A054000-memory.dmp

Filesize
3.3MB

Download
memory/5112-0-0x00007FF7749B0000-0x00007FF774D04000-memory.dmp

Filesize
3.3MB

Download
memory/5112-1-0x00000165A82F0000-0x00000165A8300000-memory.dmp

Filesize
64KB

Download
memory/5112-54-0x00007FF7749B0000-0x00007FF774D04000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads