cobaltstrike | 66efd97d889186aaab3287cce7307452d7cb164159d64b8a31abaf12e14aacdf

Analysis

max time kernel
148s
max time network
129s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25/11/2024, 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

35736f1eae9ea43d13f106bfc44a8438
SHA1

7f5dbbd15d8942329e24b2f2fc1512904ded1147
SHA256

66efd97d889186aaab3287cce7307452d7cb164159d64b8a31abaf12e14aacdf
SHA512

8bbc1e23e4fdc131793b5ec388d389874f3e3acab647abcc88bdff61378053a2632147e55f63ca785137c0007205101b75e4e6c3deff437667aac1d261665f35
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d0000000133b8-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fe5-24.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d70-7.dat	cobalt_reflective_dll
behavioral1/files/0x000a0000000170f8-28.dat	cobalt_reflective_dll
behavioral1/files/0x0012000000016d52-38.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-106.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-76.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-47.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195af-43.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-56.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fc9-18.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2868-0-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x000d0000000133b8-10.dat	xmrig
behavioral1/files/0x0007000000016fe5-24.dat	xmrig
behavioral1/memory/2492-23-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d70-7.dat	xmrig
behavioral1/memory/3020-22-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x000a0000000170f8-28.dat	xmrig
behavioral1/memory/2632-34-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/files/0x0012000000016d52-38.dat	xmrig
behavioral1/files/0x00050000000195b3-65.dat	xmrig
behavioral1/memory/2596-69-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bb-82.dat	xmrig
behavioral1/files/0x00050000000195b7-80.dat	xmrig
behavioral1/files/0x00050000000195c3-100.dat	xmrig
behavioral1/files/0x00050000000195c7-113.dat	xmrig
behavioral1/files/0x000500000001960c-118.dat	xmrig
behavioral1/files/0x0005000000019643-125.dat	xmrig
behavioral1/files/0x000500000001975a-130.dat	xmrig
behavioral1/files/0x00050000000195c6-111.dat	xmrig
behavioral1/files/0x00050000000195c5-106.dat	xmrig
behavioral1/files/0x0005000000019761-135.dat	xmrig
behavioral1/files/0x00050000000197fd-138.dat	xmrig
behavioral1/files/0x0005000000019c3c-167.dat	xmrig
behavioral1/memory/2964-378-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/700-375-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2356-373-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2808-468-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2632-467-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2756-549-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/memory/2680-595-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2228-594-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2596-596-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2996-371-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d62-177.dat	xmrig
behavioral1/files/0x0005000000019d6d-181.dat	xmrig
behavioral1/files/0x0005000000019d61-176.dat	xmrig
behavioral1/files/0x0005000000019bf9-165.dat	xmrig
behavioral1/files/0x0005000000019bf6-160.dat	xmrig
behavioral1/files/0x0005000000019bf5-156.dat	xmrig
behavioral1/files/0x000500000001998d-150.dat	xmrig
behavioral1/files/0x0005000000019820-145.dat	xmrig
behavioral1/files/0x00050000000195c1-96.dat	xmrig
behavioral1/files/0x00050000000195bd-91.dat	xmrig
behavioral1/files/0x00050000000195b5-76.dat	xmrig
behavioral1/memory/2868-52-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/2116-51-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2756-48-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-47.dat	xmrig
behavioral1/files/0x00070000000195af-43.dat	xmrig
behavioral1/memory/2868-61-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2680-60-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2228-59-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b1-56.dat	xmrig
behavioral1/memory/2808-35-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2760-20-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/files/0x0007000000016fc9-18.dat	xmrig
behavioral1/memory/2492-1109-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/memory/2632-1111-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/3020-1114-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2116-1113-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2760-1112-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2228-1119-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2680-1127-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/memory/2996-1134-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3020	ikHWlEC.exe
2760	dBYyQCk.exe
2492	mvdZiUZ.exe
2632	GKPaxXO.exe
2808	cVYbfvj.exe
2756	uCHcCTq.exe
2116	iGkODkP.exe
2228	bfolqdm.exe
2680	NsgMqtQ.exe
2596	UvBTnkY.exe
2996	acqwWqX.exe
2356	EbMUEMy.exe
700	LGvsavV.exe
2964	fiaXggM.exe
1116	mKOgATo.exe
1440	NydgbPa.exe
2972	NaafHew.exe
1976	HlmzJLa.exe
2992	gCKhqgl.exe
1204	gLgpRzy.exe
576	mHdsrcy.exe
1556	pcNCjdU.exe
2464	pyjbtKY.exe
2064	qOxTXNF.exe
1620	BjuiHao.exe
2192	jjOTRmd.exe
2148	GUKeWey.exe
2108	cOGBCiQ.exe
1504	xFHBHVc.exe
1188	NXujtPa.exe
980	YMFuunH.exe
936	PwrCwDu.exe
900	WlgOXYE.exe
916	qVmQwaQ.exe
1256	jOQfPkm.exe
1612	FPycSBy.exe
1568	kqwiSpI.exe
948	evVZLTC.exe
1108	uSgSKlh.exe
2052	jxfMvrM.exe
2528	xiBBjbx.exe
1248	cgtKDVy.exe
2408	mTgBtcQ.exe
108	qZOnQsA.exe
1684	qHTegfg.exe
1760	GfuaesE.exe
1720	fLyGRUE.exe
2428	qeunqVS.exe
2360	MxUVctA.exe
884	NWmumyx.exe
1284	yyKDQZu.exe
2420	iOYPjNp.exe
2560	LbSxfnK.exe
1932	dCgkHIw.exe
2312	UZYCJCt.exe
2788	cmBTqvP.exe
2852	RHjsaEQ.exe
1604	LCTNTDb.exe
2456	QNHekAP.exe
1448	bognwUV.exe
1208	QAGuEPg.exe
2008	SgKaWyQ.exe
2980	rnzTMxr.exe
1740	cPBrObC.exe

Loads dropped DLL 64 IoCs

pid	Process
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2868-0-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x000d0000000133b8-10.dat	upx
behavioral1/files/0x0007000000016fe5-24.dat	upx
behavioral1/memory/2492-23-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/files/0x0008000000016d70-7.dat	upx
behavioral1/memory/3020-22-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x000a0000000170f8-28.dat	upx
behavioral1/memory/2632-34-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/files/0x0012000000016d52-38.dat	upx
behavioral1/files/0x00050000000195b3-65.dat	upx
behavioral1/memory/2596-69-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x00050000000195bb-82.dat	upx
behavioral1/files/0x00050000000195b7-80.dat	upx
behavioral1/files/0x00050000000195c3-100.dat	upx
behavioral1/files/0x00050000000195c7-113.dat	upx
behavioral1/files/0x000500000001960c-118.dat	upx
behavioral1/files/0x0005000000019643-125.dat	upx
behavioral1/files/0x000500000001975a-130.dat	upx
behavioral1/files/0x00050000000195c6-111.dat	upx
behavioral1/files/0x00050000000195c5-106.dat	upx
behavioral1/files/0x0005000000019761-135.dat	upx
behavioral1/files/0x00050000000197fd-138.dat	upx
behavioral1/files/0x0005000000019c3c-167.dat	upx
behavioral1/memory/2964-378-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/700-375-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2356-373-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2808-468-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2632-467-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2756-549-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/memory/2680-595-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2228-594-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2596-596-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2996-371-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x0005000000019d62-177.dat	upx
behavioral1/files/0x0005000000019d6d-181.dat	upx
behavioral1/files/0x0005000000019d61-176.dat	upx
behavioral1/files/0x0005000000019bf9-165.dat	upx
behavioral1/files/0x0005000000019bf6-160.dat	upx
behavioral1/files/0x0005000000019bf5-156.dat	upx
behavioral1/files/0x000500000001998d-150.dat	upx
behavioral1/files/0x0005000000019820-145.dat	upx
behavioral1/files/0x00050000000195c1-96.dat	upx
behavioral1/files/0x00050000000195bd-91.dat	upx
behavioral1/files/0x00050000000195b5-76.dat	upx
behavioral1/memory/2116-51-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2756-48-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0002000000018334-47.dat	upx
behavioral1/files/0x00070000000195af-43.dat	upx
behavioral1/memory/2868-61-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2680-60-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2228-59-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/files/0x00050000000195b1-56.dat	upx
behavioral1/memory/2808-35-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2760-20-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/files/0x0007000000016fc9-18.dat	upx
behavioral1/memory/2492-1109-0x000000013FC00000-0x000000013FF54000-memory.dmp	upx
behavioral1/memory/2632-1111-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/3020-1114-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2116-1113-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2760-1112-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2228-1119-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2680-1127-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2996-1134-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2756-1146-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\omYnXXs.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBrPPQP.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsNbtoC.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cFivozY.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZnizyg.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVYbfvj.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rUAipZt.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQGdUZy.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AuCMUIR.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JxIUxcg.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLFLKKG.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NgOHwcs.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Pbtisrc.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwgDdZp.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFELOWN.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NijDuso.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rjnictc.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnwmjqU.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUzKGhZ.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oVobOtU.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QpZEmWc.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DINjCrI.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDOQQnC.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMMwgIK.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kGIDSus.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zzMsXAE.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdHcYZN.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irQjiPV.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGwSSUs.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgcdQUX.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbdMAsE.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubrDAVw.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGOokfI.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\piDebkD.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMQWter.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nyorfsk.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFogeiS.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jEWxHRs.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjRaWLl.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdPDcQs.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOuaVyg.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDaooOu.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzxFNsJ.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aaWnzfX.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SQNGAxV.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJSOPfF.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IrUsYVq.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqcnjDx.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\acBLkac.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wDCFyBY.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNBxCiE.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNlZPQn.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pEheHKQ.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qJxloMo.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uoLvagO.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQjQGbz.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rsNfyrV.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPrLlVY.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BaMgAil.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRTxkSJ.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZFrzMom.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIIsTzi.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDVwIRh.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZZVyxL.exe	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2760	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2868 wrote to memory of 2760	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2868 wrote to memory of 2760	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2868 wrote to memory of 3020	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2868 wrote to memory of 3020	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2868 wrote to memory of 3020	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2868 wrote to memory of 2492	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2868 wrote to memory of 2492	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2868 wrote to memory of 2492	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2868 wrote to memory of 2808	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2868 wrote to memory of 2808	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2868 wrote to memory of 2808	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2868 wrote to memory of 2632	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2868 wrote to memory of 2632	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2868 wrote to memory of 2632	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2868 wrote to memory of 2756	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2868 wrote to memory of 2756	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2868 wrote to memory of 2756	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2868 wrote to memory of 2116	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2868 wrote to memory of 2116	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2868 wrote to memory of 2116	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2868 wrote to memory of 2680	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2868 wrote to memory of 2680	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2868 wrote to memory of 2680	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2868 wrote to memory of 2228	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2868 wrote to memory of 2228	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2868 wrote to memory of 2228	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2868 wrote to memory of 2596	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2868 wrote to memory of 2596	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2868 wrote to memory of 2596	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2868 wrote to memory of 2996	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2868 wrote to memory of 2996	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2868 wrote to memory of 2996	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2868 wrote to memory of 2356	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2868 wrote to memory of 2356	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2868 wrote to memory of 2356	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2868 wrote to memory of 700	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2868 wrote to memory of 700	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2868 wrote to memory of 700	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2868 wrote to memory of 2964	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2868 wrote to memory of 2964	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2868 wrote to memory of 2964	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2868 wrote to memory of 1116	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2868 wrote to memory of 1116	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2868 wrote to memory of 1116	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2868 wrote to memory of 1440	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2868 wrote to memory of 1440	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2868 wrote to memory of 1440	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2868 wrote to memory of 2972	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2868 wrote to memory of 2972	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2868 wrote to memory of 2972	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2868 wrote to memory of 1976	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2868 wrote to memory of 1976	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2868 wrote to memory of 1976	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2868 wrote to memory of 2992	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2868 wrote to memory of 2992	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2868 wrote to memory of 2992	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2868 wrote to memory of 1204	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2868 wrote to memory of 1204	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2868 wrote to memory of 1204	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2868 wrote to memory of 576	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2868 wrote to memory of 576	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2868 wrote to memory of 576	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2868 wrote to memory of 1556	2868	2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_35736f1eae9ea43d13f106bfc44a8438_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\System\dBYyQCk.exe
  C:\Windows\System\dBYyQCk.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\ikHWlEC.exe
  C:\Windows\System\ikHWlEC.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\mvdZiUZ.exe
  C:\Windows\System\mvdZiUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\cVYbfvj.exe
  C:\Windows\System\cVYbfvj.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\GKPaxXO.exe
  C:\Windows\System\GKPaxXO.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\uCHcCTq.exe
  C:\Windows\System\uCHcCTq.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\iGkODkP.exe
  C:\Windows\System\iGkODkP.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\NsgMqtQ.exe
  C:\Windows\System\NsgMqtQ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\bfolqdm.exe
  C:\Windows\System\bfolqdm.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\UvBTnkY.exe
  C:\Windows\System\UvBTnkY.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\acqwWqX.exe
  C:\Windows\System\acqwWqX.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\EbMUEMy.exe
  C:\Windows\System\EbMUEMy.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\LGvsavV.exe
  C:\Windows\System\LGvsavV.exe
  2⤵
  - Executes dropped EXE
  PID:700
- C:\Windows\System\fiaXggM.exe
  C:\Windows\System\fiaXggM.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\mKOgATo.exe
  C:\Windows\System\mKOgATo.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\NydgbPa.exe
  C:\Windows\System\NydgbPa.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\NaafHew.exe
  C:\Windows\System\NaafHew.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\HlmzJLa.exe
  C:\Windows\System\HlmzJLa.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\gCKhqgl.exe
  C:\Windows\System\gCKhqgl.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\gLgpRzy.exe
  C:\Windows\System\gLgpRzy.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\mHdsrcy.exe
  C:\Windows\System\mHdsrcy.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\pcNCjdU.exe
  C:\Windows\System\pcNCjdU.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\pyjbtKY.exe
  C:\Windows\System\pyjbtKY.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\qOxTXNF.exe
  C:\Windows\System\qOxTXNF.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\BjuiHao.exe
  C:\Windows\System\BjuiHao.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\jjOTRmd.exe
  C:\Windows\System\jjOTRmd.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\GUKeWey.exe
  C:\Windows\System\GUKeWey.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\cOGBCiQ.exe
  C:\Windows\System\cOGBCiQ.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\xFHBHVc.exe
  C:\Windows\System\xFHBHVc.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\NXujtPa.exe
  C:\Windows\System\NXujtPa.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\YMFuunH.exe
  C:\Windows\System\YMFuunH.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\WlgOXYE.exe
  C:\Windows\System\WlgOXYE.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\PwrCwDu.exe
  C:\Windows\System\PwrCwDu.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\qVmQwaQ.exe
  C:\Windows\System\qVmQwaQ.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\jOQfPkm.exe
  C:\Windows\System\jOQfPkm.exe
  2⤵
  - Executes dropped EXE
  PID:1256
- C:\Windows\System\FPycSBy.exe
  C:\Windows\System\FPycSBy.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\kqwiSpI.exe
  C:\Windows\System\kqwiSpI.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\evVZLTC.exe
  C:\Windows\System\evVZLTC.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\uSgSKlh.exe
  C:\Windows\System\uSgSKlh.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\GfuaesE.exe
  C:\Windows\System\GfuaesE.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\jxfMvrM.exe
  C:\Windows\System\jxfMvrM.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\MxUVctA.exe
  C:\Windows\System\MxUVctA.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\xiBBjbx.exe
  C:\Windows\System\xiBBjbx.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\NWmumyx.exe
  C:\Windows\System\NWmumyx.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\cgtKDVy.exe
  C:\Windows\System\cgtKDVy.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\yyKDQZu.exe
  C:\Windows\System\yyKDQZu.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\mTgBtcQ.exe
  C:\Windows\System\mTgBtcQ.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\iOYPjNp.exe
  C:\Windows\System\iOYPjNp.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\qZOnQsA.exe
  C:\Windows\System\qZOnQsA.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\LbSxfnK.exe
  C:\Windows\System\LbSxfnK.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\qHTegfg.exe
  C:\Windows\System\qHTegfg.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\dCgkHIw.exe
  C:\Windows\System\dCgkHIw.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\fLyGRUE.exe
  C:\Windows\System\fLyGRUE.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\UZYCJCt.exe
  C:\Windows\System\UZYCJCt.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\qeunqVS.exe
  C:\Windows\System\qeunqVS.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\cmBTqvP.exe
  C:\Windows\System\cmBTqvP.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\RHjsaEQ.exe
  C:\Windows\System\RHjsaEQ.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\SgKaWyQ.exe
  C:\Windows\System\SgKaWyQ.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\LCTNTDb.exe
  C:\Windows\System\LCTNTDb.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\tXCRWoy.exe
  C:\Windows\System\tXCRWoy.exe
  2⤵
  PID:2624
- C:\Windows\System\QNHekAP.exe
  C:\Windows\System\QNHekAP.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\JqBWMls.exe
  C:\Windows\System\JqBWMls.exe
  2⤵
  PID:2908
- C:\Windows\System\bognwUV.exe
  C:\Windows\System\bognwUV.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\VRCHtnC.exe
  C:\Windows\System\VRCHtnC.exe
  2⤵
  PID:2696
- C:\Windows\System\QAGuEPg.exe
  C:\Windows\System\QAGuEPg.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\JMgeKCK.exe
  C:\Windows\System\JMgeKCK.exe
  2⤵
  PID:1640
- C:\Windows\System\rnzTMxr.exe
  C:\Windows\System\rnzTMxr.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\pcoqtWa.exe
  C:\Windows\System\pcoqtWa.exe
  2⤵
  PID:1148
- C:\Windows\System\cPBrObC.exe
  C:\Windows\System\cPBrObC.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\UsuqHua.exe
  C:\Windows\System\UsuqHua.exe
  2⤵
  PID:2188
- C:\Windows\System\QFadSUT.exe
  C:\Windows\System\QFadSUT.exe
  2⤵
  PID:2828
- C:\Windows\System\kLHRDXf.exe
  C:\Windows\System\kLHRDXf.exe
  2⤵
  PID:3012
- C:\Windows\System\nVjxUdX.exe
  C:\Windows\System\nVjxUdX.exe
  2⤵
  PID:1608
- C:\Windows\System\ZnwyCLG.exe
  C:\Windows\System\ZnwyCLG.exe
  2⤵
  PID:2952
- C:\Windows\System\SvLoPTX.exe
  C:\Windows\System\SvLoPTX.exe
  2⤵
  PID:112
- C:\Windows\System\somnjKM.exe
  C:\Windows\System\somnjKM.exe
  2⤵
  PID:2612
- C:\Windows\System\RpkLRPo.exe
  C:\Windows\System\RpkLRPo.exe
  2⤵
  PID:2580
- C:\Windows\System\ZWegrWc.exe
  C:\Windows\System\ZWegrWc.exe
  2⤵
  PID:1756
- C:\Windows\System\elPRrlj.exe
  C:\Windows\System\elPRrlj.exe
  2⤵
  PID:1628
- C:\Windows\System\mZoKUES.exe
  C:\Windows\System\mZoKUES.exe
  2⤵
  PID:456
- C:\Windows\System\smMQHeW.exe
  C:\Windows\System\smMQHeW.exe
  2⤵
  PID:1800
- C:\Windows\System\RBsHnPY.exe
  C:\Windows\System\RBsHnPY.exe
  2⤵
  PID:1516
- C:\Windows\System\iEcQXhm.exe
  C:\Windows\System\iEcQXhm.exe
  2⤵
  PID:852
- C:\Windows\System\HWXkWMd.exe
  C:\Windows\System\HWXkWMd.exe
  2⤵
  PID:888
- C:\Windows\System\AXYLMCf.exe
  C:\Windows\System\AXYLMCf.exe
  2⤵
  PID:1552
- C:\Windows\System\vzxFNsJ.exe
  C:\Windows\System\vzxFNsJ.exe
  2⤵
  PID:2844
- C:\Windows\System\znPsocC.exe
  C:\Windows\System\znPsocC.exe
  2⤵
  PID:2616
- C:\Windows\System\VoNzQFm.exe
  C:\Windows\System\VoNzQFm.exe
  2⤵
  PID:3044
- C:\Windows\System\qGuAHjc.exe
  C:\Windows\System\qGuAHjc.exe
  2⤵
  PID:2736
- C:\Windows\System\OfDPKre.exe
  C:\Windows\System\OfDPKre.exe
  2⤵
  PID:2004
- C:\Windows\System\MQSrZyS.exe
  C:\Windows\System\MQSrZyS.exe
  2⤵
  PID:1712
- C:\Windows\System\FpfXatd.exe
  C:\Windows\System\FpfXatd.exe
  2⤵
  PID:1532
- C:\Windows\System\DINjCrI.exe
  C:\Windows\System\DINjCrI.exe
  2⤵
  PID:2720
- C:\Windows\System\rUAipZt.exe
  C:\Windows\System\rUAipZt.exe
  2⤵
  PID:2584
- C:\Windows\System\AcLQtRr.exe
  C:\Windows\System\AcLQtRr.exe
  2⤵
  PID:2708
- C:\Windows\System\ujwqcVx.exe
  C:\Windows\System\ujwqcVx.exe
  2⤵
  PID:2172
- C:\Windows\System\IfxmfRj.exe
  C:\Windows\System\IfxmfRj.exe
  2⤵
  PID:2436
- C:\Windows\System\vycKtiW.exe
  C:\Windows\System\vycKtiW.exe
  2⤵
  PID:1028
- C:\Windows\System\VjHhlqV.exe
  C:\Windows\System\VjHhlqV.exe
  2⤵
  PID:1656
- C:\Windows\System\AuWtviO.exe
  C:\Windows\System\AuWtviO.exe
  2⤵
  PID:940
- C:\Windows\System\XOuaVyg.exe
  C:\Windows\System\XOuaVyg.exe
  2⤵
  PID:1672
- C:\Windows\System\pRQnigG.exe
  C:\Windows\System\pRQnigG.exe
  2⤵
  PID:2388
- C:\Windows\System\gSEPVBQ.exe
  C:\Windows\System\gSEPVBQ.exe
  2⤵
  PID:1900
- C:\Windows\System\vDuopsl.exe
  C:\Windows\System\vDuopsl.exe
  2⤵
  PID:2864
- C:\Windows\System\TdsHWig.exe
  C:\Windows\System\TdsHWig.exe
  2⤵
  PID:2372
- C:\Windows\System\qAhAArC.exe
  C:\Windows\System\qAhAArC.exe
  2⤵
  PID:2968
- C:\Windows\System\WYtpCPR.exe
  C:\Windows\System\WYtpCPR.exe
  2⤵
  PID:1884
- C:\Windows\System\oFCoJLv.exe
  C:\Windows\System\oFCoJLv.exe
  2⤵
  PID:2232
- C:\Windows\System\EBXWJrm.exe
  C:\Windows\System\EBXWJrm.exe
  2⤵
  PID:1020
- C:\Windows\System\zPHGXaV.exe
  C:\Windows\System\zPHGXaV.exe
  2⤵
  PID:908
- C:\Windows\System\oOpbWnR.exe
  C:\Windows\System\oOpbWnR.exe
  2⤵
  PID:2684
- C:\Windows\System\zcugNFd.exe
  C:\Windows\System\zcugNFd.exe
  2⤵
  PID:892
- C:\Windows\System\GpdkWpq.exe
  C:\Windows\System\GpdkWpq.exe
  2⤵
  PID:2084
- C:\Windows\System\ATFCFli.exe
  C:\Windows\System\ATFCFli.exe
  2⤵
  PID:2712
- C:\Windows\System\HJSLoNH.exe
  C:\Windows\System\HJSLoNH.exe
  2⤵
  PID:1920
- C:\Windows\System\FAfPOiw.exe
  C:\Windows\System\FAfPOiw.exe
  2⤵
  PID:2912
- C:\Windows\System\BaMgAil.exe
  C:\Windows\System\BaMgAil.exe
  2⤵
  PID:1472
- C:\Windows\System\mMoytiL.exe
  C:\Windows\System\mMoytiL.exe
  2⤵
  PID:2892
- C:\Windows\System\IFozOmP.exe
  C:\Windows\System\IFozOmP.exe
  2⤵
  PID:2292
- C:\Windows\System\xhtVyxK.exe
  C:\Windows\System\xhtVyxK.exe
  2⤵
  PID:1948
- C:\Windows\System\QgxpfQP.exe
  C:\Windows\System\QgxpfQP.exe
  2⤵
  PID:2576
- C:\Windows\System\oXKmsgV.exe
  C:\Windows\System\oXKmsgV.exe
  2⤵
  PID:1492
- C:\Windows\System\NpiiYDi.exe
  C:\Windows\System\NpiiYDi.exe
  2⤵
  PID:3008
- C:\Windows\System\oIlSaeC.exe
  C:\Windows\System\oIlSaeC.exe
  2⤵
  PID:2068
- C:\Windows\System\YYiaTJF.exe
  C:\Windows\System\YYiaTJF.exe
  2⤵
  PID:3084
- C:\Windows\System\yhxABft.exe
  C:\Windows\System\yhxABft.exe
  2⤵
  PID:3100
- C:\Windows\System\EIyuyXq.exe
  C:\Windows\System\EIyuyXq.exe
  2⤵
  PID:3136
- C:\Windows\System\WiBnKsL.exe
  C:\Windows\System\WiBnKsL.exe
  2⤵
  PID:3156
- C:\Windows\System\erziVWC.exe
  C:\Windows\System\erziVWC.exe
  2⤵
  PID:3176
- C:\Windows\System\UqjxLEK.exe
  C:\Windows\System\UqjxLEK.exe
  2⤵
  PID:3192
- C:\Windows\System\DyTvCtw.exe
  C:\Windows\System\DyTvCtw.exe
  2⤵
  PID:3208
- C:\Windows\System\ZPobFkf.exe
  C:\Windows\System\ZPobFkf.exe
  2⤵
  PID:3224
- C:\Windows\System\LKaeWIm.exe
  C:\Windows\System\LKaeWIm.exe
  2⤵
  PID:3240
- C:\Windows\System\MupMZoD.exe
  C:\Windows\System\MupMZoD.exe
  2⤵
  PID:3264
- C:\Windows\System\RLUttng.exe
  C:\Windows\System\RLUttng.exe
  2⤵
  PID:3280
- C:\Windows\System\oXLESxO.exe
  C:\Windows\System\oXLESxO.exe
  2⤵
  PID:3300
- C:\Windows\System\quVmQDL.exe
  C:\Windows\System\quVmQDL.exe
  2⤵
  PID:3320
- C:\Windows\System\vVUtzhE.exe
  C:\Windows\System\vVUtzhE.exe
  2⤵
  PID:3336
- C:\Windows\System\nsuojcP.exe
  C:\Windows\System\nsuojcP.exe
  2⤵
  PID:3356
- C:\Windows\System\edlsifs.exe
  C:\Windows\System\edlsifs.exe
  2⤵
  PID:3372
- C:\Windows\System\rSCAyPG.exe
  C:\Windows\System\rSCAyPG.exe
  2⤵
  PID:3396
- C:\Windows\System\RFFurKi.exe
  C:\Windows\System\RFFurKi.exe
  2⤵
  PID:3412
- C:\Windows\System\VMcDjGg.exe
  C:\Windows\System\VMcDjGg.exe
  2⤵
  PID:3428
- C:\Windows\System\wPFaDMG.exe
  C:\Windows\System\wPFaDMG.exe
  2⤵
  PID:3448
- C:\Windows\System\pirmzdl.exe
  C:\Windows\System\pirmzdl.exe
  2⤵
  PID:3500
- C:\Windows\System\gXQStbO.exe
  C:\Windows\System\gXQStbO.exe
  2⤵
  PID:3556
- C:\Windows\System\BPPmPpP.exe
  C:\Windows\System\BPPmPpP.exe
  2⤵
  PID:3572
- C:\Windows\System\hIBoQPp.exe
  C:\Windows\System\hIBoQPp.exe
  2⤵
  PID:3588
- C:\Windows\System\qJxloMo.exe
  C:\Windows\System\qJxloMo.exe
  2⤵
  PID:3604
- C:\Windows\System\XSxlvgw.exe
  C:\Windows\System\XSxlvgw.exe
  2⤵
  PID:3620
- C:\Windows\System\NoKiBPm.exe
  C:\Windows\System\NoKiBPm.exe
  2⤵
  PID:3636
- C:\Windows\System\xIeyQmf.exe
  C:\Windows\System\xIeyQmf.exe
  2⤵
  PID:3656
- C:\Windows\System\JaDcsei.exe
  C:\Windows\System\JaDcsei.exe
  2⤵
  PID:3688
- C:\Windows\System\RFZylVz.exe
  C:\Windows\System\RFZylVz.exe
  2⤵
  PID:3728
- C:\Windows\System\ORLoXSd.exe
  C:\Windows\System\ORLoXSd.exe
  2⤵
  PID:3744
- C:\Windows\System\TYnOPiI.exe
  C:\Windows\System\TYnOPiI.exe
  2⤵
  PID:3760
- C:\Windows\System\Khttcdl.exe
  C:\Windows\System\Khttcdl.exe
  2⤵
  PID:3776
- C:\Windows\System\TVBeaSp.exe
  C:\Windows\System\TVBeaSp.exe
  2⤵
  PID:3792
- C:\Windows\System\XEIkRZy.exe
  C:\Windows\System\XEIkRZy.exe
  2⤵
  PID:3820
- C:\Windows\System\vHdRvzy.exe
  C:\Windows\System\vHdRvzy.exe
  2⤵
  PID:3836
- C:\Windows\System\fGyvSly.exe
  C:\Windows\System\fGyvSly.exe
  2⤵
  PID:3852
- C:\Windows\System\AFjaNmw.exe
  C:\Windows\System\AFjaNmw.exe
  2⤵
  PID:3868
- C:\Windows\System\lawXaZf.exe
  C:\Windows\System\lawXaZf.exe
  2⤵
  PID:3884
- C:\Windows\System\RZZyxkA.exe
  C:\Windows\System\RZZyxkA.exe
  2⤵
  PID:3900
- C:\Windows\System\qUNxuXY.exe
  C:\Windows\System\qUNxuXY.exe
  2⤵
  PID:3916
- C:\Windows\System\qjHWTWp.exe
  C:\Windows\System\qjHWTWp.exe
  2⤵
  PID:3932
- C:\Windows\System\nUHVIrQ.exe
  C:\Windows\System\nUHVIrQ.exe
  2⤵
  PID:3948
- C:\Windows\System\lEOJodd.exe
  C:\Windows\System\lEOJodd.exe
  2⤵
  PID:4044
- C:\Windows\System\cAkSCgW.exe
  C:\Windows\System\cAkSCgW.exe
  2⤵
  PID:4068
- C:\Windows\System\spEGDeY.exe
  C:\Windows\System\spEGDeY.exe
  2⤵
  PID:4084
- C:\Windows\System\fRXMXAt.exe
  C:\Windows\System\fRXMXAt.exe
  2⤵
  PID:2140
- C:\Windows\System\eMKLZDt.exe
  C:\Windows\System\eMKLZDt.exe
  2⤵
  PID:2532
- C:\Windows\System\NbqZORm.exe
  C:\Windows\System\NbqZORm.exe
  2⤵
  PID:1548
- C:\Windows\System\qkITHJR.exe
  C:\Windows\System\qkITHJR.exe
  2⤵
  PID:1908
- C:\Windows\System\QpFaZRK.exe
  C:\Windows\System\QpFaZRK.exe
  2⤵
  PID:3144
- C:\Windows\System\elKgSiJ.exe
  C:\Windows\System\elKgSiJ.exe
  2⤵
  PID:3188
- C:\Windows\System\JZjeRNm.exe
  C:\Windows\System\JZjeRNm.exe
  2⤵
  PID:3252
- C:\Windows\System\eCmCSzR.exe
  C:\Windows\System\eCmCSzR.exe
  2⤵
  PID:3288
- C:\Windows\System\seWWwsG.exe
  C:\Windows\System\seWWwsG.exe
  2⤵
  PID:2652
- C:\Windows\System\tOdYqqF.exe
  C:\Windows\System\tOdYqqF.exe
  2⤵
  PID:1724
- C:\Windows\System\kLzmNgV.exe
  C:\Windows\System\kLzmNgV.exe
  2⤵
  PID:3364
- C:\Windows\System\YjMaegT.exe
  C:\Windows\System\YjMaegT.exe
  2⤵
  PID:1060
- C:\Windows\System\VABTvAq.exe
  C:\Windows\System\VABTvAq.exe
  2⤵
  PID:2060
- C:\Windows\System\EKHSJng.exe
  C:\Windows\System\EKHSJng.exe
  2⤵
  PID:2588
- C:\Windows\System\fqPCrGs.exe
  C:\Windows\System\fqPCrGs.exe
  2⤵
  PID:3440
- C:\Windows\System\MIsFJyp.exe
  C:\Windows\System\MIsFJyp.exe
  2⤵
  PID:3108
- C:\Windows\System\EJSOPfF.exe
  C:\Windows\System\EJSOPfF.exe
  2⤵
  PID:3236
- C:\Windows\System\WVzjniz.exe
  C:\Windows\System\WVzjniz.exe
  2⤵
  PID:3524
- C:\Windows\System\lOypAxb.exe
  C:\Windows\System\lOypAxb.exe
  2⤵
  PID:3164
- C:\Windows\System\mtEzWiE.exe
  C:\Windows\System\mtEzWiE.exe
  2⤵
  PID:3492
- C:\Windows\System\cYHOsAa.exe
  C:\Windows\System\cYHOsAa.exe
  2⤵
  PID:2196
- C:\Windows\System\LVBWLik.exe
  C:\Windows\System\LVBWLik.exe
  2⤵
  PID:3652
- C:\Windows\System\LmoQODx.exe
  C:\Windows\System\LmoQODx.exe
  2⤵
  PID:3696
- C:\Windows\System\InYrKaW.exe
  C:\Windows\System\InYrKaW.exe
  2⤵
  PID:3708
- C:\Windows\System\BuRzGGQ.exe
  C:\Windows\System\BuRzGGQ.exe
  2⤵
  PID:3720
- C:\Windows\System\YTLBpTy.exe
  C:\Windows\System\YTLBpTy.exe
  2⤵
  PID:3788
- C:\Windows\System\fowhcNx.exe
  C:\Windows\System\fowhcNx.exe
  2⤵
  PID:1456
- C:\Windows\System\vcQEkHi.exe
  C:\Windows\System\vcQEkHi.exe
  2⤵
  PID:3664
- C:\Windows\System\QDBFddL.exe
  C:\Windows\System\QDBFddL.exe
  2⤵
  PID:3596
- C:\Windows\System\omYnXXs.exe
  C:\Windows\System\omYnXXs.exe
  2⤵
  PID:3924
- C:\Windows\System\HzTosgI.exe
  C:\Windows\System\HzTosgI.exe
  2⤵
  PID:3964
- C:\Windows\System\KEmHswx.exe
  C:\Windows\System\KEmHswx.exe
  2⤵
  PID:3880
- C:\Windows\System\ZnnbahP.exe
  C:\Windows\System\ZnnbahP.exe
  2⤵
  PID:3940
- C:\Windows\System\fOTmLVa.exe
  C:\Windows\System\fOTmLVa.exe
  2⤵
  PID:1348
- C:\Windows\System\GqOpCLk.exe
  C:\Windows\System\GqOpCLk.exe
  2⤵
  PID:2256
- C:\Windows\System\ThAxwYV.exe
  C:\Windows\System\ThAxwYV.exe
  2⤵
  PID:2960
- C:\Windows\System\PUdespr.exe
  C:\Windows\System\PUdespr.exe
  2⤵
  PID:2496
- C:\Windows\System\LyAKalO.exe
  C:\Windows\System\LyAKalO.exe
  2⤵
  PID:2340
- C:\Windows\System\CqgBBNa.exe
  C:\Windows\System\CqgBBNa.exe
  2⤵
  PID:2472
- C:\Windows\System\ciCMBfo.exe
  C:\Windows\System\ciCMBfo.exe
  2⤵
  PID:2504
- C:\Windows\System\AtcrWuY.exe
  C:\Windows\System\AtcrWuY.exe
  2⤵
  PID:3068
- C:\Windows\System\JGDFCMs.exe
  C:\Windows\System\JGDFCMs.exe
  2⤵
  PID:4032
- C:\Windows\System\dVDfuet.exe
  C:\Windows\System\dVDfuet.exe
  2⤵
  PID:2988
- C:\Windows\System\lGwSSUs.exe
  C:\Windows\System\lGwSSUs.exe
  2⤵
  PID:572
- C:\Windows\System\gpNtitD.exe
  C:\Windows\System\gpNtitD.exe
  2⤵
  PID:1912
- C:\Windows\System\BKVguKb.exe
  C:\Windows\System\BKVguKb.exe
  2⤵
  PID:1156
- C:\Windows\System\ClrMlXd.exe
  C:\Windows\System\ClrMlXd.exe
  2⤵
  PID:2396
- C:\Windows\System\ddeVLuX.exe
  C:\Windows\System\ddeVLuX.exe
  2⤵
  PID:2940
- C:\Windows\System\hlODDuH.exe
  C:\Windows\System\hlODDuH.exe
  2⤵
  PID:4080
- C:\Windows\System\Rjnictc.exe
  C:\Windows\System\Rjnictc.exe
  2⤵
  PID:680
- C:\Windows\System\BYKdxTs.exe
  C:\Windows\System\BYKdxTs.exe
  2⤵
  PID:3184
- C:\Windows\System\rHtHAAa.exe
  C:\Windows\System\rHtHAAa.exe
  2⤵
  PID:3220
- C:\Windows\System\AVKAaLi.exe
  C:\Windows\System\AVKAaLi.exe
  2⤵
  PID:3980
- C:\Windows\System\hxUsxti.exe
  C:\Windows\System\hxUsxti.exe
  2⤵
  PID:580
- C:\Windows\System\dumOBvm.exe
  C:\Windows\System\dumOBvm.exe
  2⤵
  PID:2740
- C:\Windows\System\GGUOfOZ.exe
  C:\Windows\System\GGUOfOZ.exe
  2⤵
  PID:3408
- C:\Windows\System\EAqUxsC.exe
  C:\Windows\System\EAqUxsC.exe
  2⤵
  PID:3132
- C:\Windows\System\txsEbNs.exe
  C:\Windows\System\txsEbNs.exe
  2⤵
  PID:3392
- C:\Windows\System\ileLqMb.exe
  C:\Windows\System\ileLqMb.exe
  2⤵
  PID:3512
- C:\Windows\System\XiJmQLs.exe
  C:\Windows\System\XiJmQLs.exe
  2⤵
  PID:3172
- C:\Windows\System\SRWBATq.exe
  C:\Windows\System\SRWBATq.exe
  2⤵
  PID:3460
- C:\Windows\System\EYVVdVB.exe
  C:\Windows\System\EYVVdVB.exe
  2⤵
  PID:3544
- C:\Windows\System\lgEbObW.exe
  C:\Windows\System\lgEbObW.exe
  2⤵
  PID:3548
- C:\Windows\System\bgRnxpp.exe
  C:\Windows\System\bgRnxpp.exe
  2⤵
  PID:3612
- C:\Windows\System\ZLyDjFN.exe
  C:\Windows\System\ZLyDjFN.exe
  2⤵
  PID:2200
- C:\Windows\System\yAanuVS.exe
  C:\Windows\System\yAanuVS.exe
  2⤵
  PID:3828
- C:\Windows\System\GwjoeTS.exe
  C:\Windows\System\GwjoeTS.exe
  2⤵
  PID:3648
- C:\Windows\System\oqVMkaL.exe
  C:\Windows\System\oqVMkaL.exe
  2⤵
  PID:3668
- C:\Windows\System\vQGdUZy.exe
  C:\Windows\System\vQGdUZy.exe
  2⤵
  PID:3704
- C:\Windows\System\NbjwmPY.exe
  C:\Windows\System\NbjwmPY.exe
  2⤵
  PID:3756
- C:\Windows\System\rdguxaI.exe
  C:\Windows\System\rdguxaI.exe
  2⤵
  PID:3804
- C:\Windows\System\QbtehtV.exe
  C:\Windows\System\QbtehtV.exe
  2⤵
  PID:2732
- C:\Windows\System\GtwJKDM.exe
  C:\Windows\System\GtwJKDM.exe
  2⤵
  PID:3844
- C:\Windows\System\mljVrwo.exe
  C:\Windows\System\mljVrwo.exe
  2⤵
  PID:3468
- C:\Windows\System\nWYfESq.exe
  C:\Windows\System\nWYfESq.exe
  2⤵
  PID:2112
- C:\Windows\System\IWbvjgo.exe
  C:\Windows\System\IWbvjgo.exe
  2⤵
  PID:4016
- C:\Windows\System\kXeFMNO.exe
  C:\Windows\System\kXeFMNO.exe
  2⤵
  PID:2836
- C:\Windows\System\KpDajeu.exe
  C:\Windows\System\KpDajeu.exe
  2⤵
  PID:2668
- C:\Windows\System\wrtlpCK.exe
  C:\Windows\System\wrtlpCK.exe
  2⤵
  PID:568
- C:\Windows\System\IUPDAnd.exe
  C:\Windows\System\IUPDAnd.exe
  2⤵
  PID:2928
- C:\Windows\System\rAclYzo.exe
  C:\Windows\System\rAclYzo.exe
  2⤵
  PID:2216
- C:\Windows\System\nbYmVQS.exe
  C:\Windows\System\nbYmVQS.exe
  2⤵
  PID:4076
- C:\Windows\System\Obcvsxl.exe
  C:\Windows\System\Obcvsxl.exe
  2⤵
  PID:1388
- C:\Windows\System\NgOHwcs.exe
  C:\Windows\System\NgOHwcs.exe
  2⤵
  PID:4060
- C:\Windows\System\PtUbLwK.exe
  C:\Windows\System\PtUbLwK.exe
  2⤵
  PID:2128
- C:\Windows\System\leTAyYM.exe
  C:\Windows\System\leTAyYM.exe
  2⤵
  PID:3292
- C:\Windows\System\CFprsmD.exe
  C:\Windows\System\CFprsmD.exe
  2⤵
  PID:3096
- C:\Windows\System\YRWUYol.exe
  C:\Windows\System\YRWUYol.exe
  2⤵
  PID:2872
- C:\Windows\System\TgkhcvQ.exe
  C:\Windows\System\TgkhcvQ.exe
  2⤵
  PID:3344
- C:\Windows\System\NSGsZlG.exe
  C:\Windows\System\NSGsZlG.exe
  2⤵
  PID:3388
- C:\Windows\System\PEPDKKh.exe
  C:\Windows\System\PEPDKKh.exe
  2⤵
  PID:3532
- C:\Windows\System\JXesXxD.exe
  C:\Windows\System\JXesXxD.exe
  2⤵
  PID:3312
- C:\Windows\System\GKyjdoI.exe
  C:\Windows\System\GKyjdoI.exe
  2⤵
  PID:1052
- C:\Windows\System\FHQYomC.exe
  C:\Windows\System\FHQYomC.exe
  2⤵
  PID:2056
- C:\Windows\System\SdBDYSS.exe
  C:\Windows\System\SdBDYSS.exe
  2⤵
  PID:3864
- C:\Windows\System\tSKEDvq.exe
  C:\Windows\System\tSKEDvq.exe
  2⤵
  PID:2132
- C:\Windows\System\fkpYzmi.exe
  C:\Windows\System\fkpYzmi.exe
  2⤵
  PID:3912
- C:\Windows\System\qQsdnel.exe
  C:\Windows\System\qQsdnel.exe
  2⤵
  PID:2104
- C:\Windows\System\qkzVVMR.exe
  C:\Windows\System\qkzVVMR.exe
  2⤵
  PID:836
- C:\Windows\System\ZYCBJsi.exe
  C:\Windows\System\ZYCBJsi.exe
  2⤵
  PID:1616
- C:\Windows\System\UHRrVNv.exe
  C:\Windows\System\UHRrVNv.exe
  2⤵
  PID:3812
- C:\Windows\System\usMVniB.exe
  C:\Windows\System\usMVniB.exe
  2⤵
  PID:2144
- C:\Windows\System\ojGxzcU.exe
  C:\Windows\System\ojGxzcU.exe
  2⤵
  PID:2204
- C:\Windows\System\RkKFfvd.exe
  C:\Windows\System\RkKFfvd.exe
  2⤵
  PID:4092
- C:\Windows\System\JZzEnPM.exe
  C:\Windows\System\JZzEnPM.exe
  2⤵
  PID:4020
- C:\Windows\System\EhZgtUb.exe
  C:\Windows\System\EhZgtUb.exe
  2⤵
  PID:3444
- C:\Windows\System\ZvLjvgJ.exe
  C:\Windows\System\ZvLjvgJ.exe
  2⤵
  PID:2700
- C:\Windows\System\ThoUZZa.exe
  C:\Windows\System\ThoUZZa.exe
  2⤵
  PID:1924
- C:\Windows\System\HyAKTtv.exe
  C:\Windows\System\HyAKTtv.exe
  2⤵
  PID:3736
- C:\Windows\System\KamWXDz.exe
  C:\Windows\System\KamWXDz.exe
  2⤵
  PID:2644
- C:\Windows\System\zxaiTym.exe
  C:\Windows\System\zxaiTym.exe
  2⤵
  PID:544
- C:\Windows\System\JcMjPsP.exe
  C:\Windows\System\JcMjPsP.exe
  2⤵
  PID:3520
- C:\Windows\System\xjLiqCm.exe
  C:\Windows\System\xjLiqCm.exe
  2⤵
  PID:3876
- C:\Windows\System\JHfTeyR.exe
  C:\Windows\System\JHfTeyR.exe
  2⤵
  PID:3832
- C:\Windows\System\hNFdNew.exe
  C:\Windows\System\hNFdNew.exe
  2⤵
  PID:3676
- C:\Windows\System\ZFatCBO.exe
  C:\Windows\System\ZFatCBO.exe
  2⤵
  PID:4028
- C:\Windows\System\EVLKsvg.exe
  C:\Windows\System\EVLKsvg.exe
  2⤵
  PID:3420
- C:\Windows\System\HFdduHa.exe
  C:\Windows\System\HFdduHa.exe
  2⤵
  PID:1600
- C:\Windows\System\FtrxFAE.exe
  C:\Windows\System\FtrxFAE.exe
  2⤵
  PID:4056
- C:\Windows\System\FizZQyW.exe
  C:\Windows\System\FizZQyW.exe
  2⤵
  PID:964
- C:\Windows\System\xruFnLY.exe
  C:\Windows\System\xruFnLY.exe
  2⤵
  PID:4040
- C:\Windows\System\kYXgqwl.exe
  C:\Windows\System\kYXgqwl.exe
  2⤵
  PID:3568
- C:\Windows\System\fgkgUZy.exe
  C:\Windows\System\fgkgUZy.exe
  2⤵
  PID:3536
- C:\Windows\System\KoPDduW.exe
  C:\Windows\System\KoPDduW.exe
  2⤵
  PID:3712
- C:\Windows\System\nydVdOi.exe
  C:\Windows\System\nydVdOi.exe
  2⤵
  PID:4024
- C:\Windows\System\TilEgKN.exe
  C:\Windows\System\TilEgKN.exe
  2⤵
  PID:2444
- C:\Windows\System\EfXdrBP.exe
  C:\Windows\System\EfXdrBP.exe
  2⤵
  PID:3644
- C:\Windows\System\nFMsxsy.exe
  C:\Windows\System\nFMsxsy.exe
  2⤵
  PID:3816
- C:\Windows\System\ovvYGqU.exe
  C:\Windows\System\ovvYGqU.exe
  2⤵
  PID:3972
- C:\Windows\System\sndpfJo.exe
  C:\Windows\System\sndpfJo.exe
  2⤵
  PID:436
- C:\Windows\System\AGtdsGN.exe
  C:\Windows\System\AGtdsGN.exe
  2⤵
  PID:1468
- C:\Windows\System\VYNTxtv.exe
  C:\Windows\System\VYNTxtv.exe
  2⤵
  PID:3352
- C:\Windows\System\BgiGnrf.exe
  C:\Windows\System\BgiGnrf.exe
  2⤵
  PID:3960
- C:\Windows\System\MQeWsLf.exe
  C:\Windows\System\MQeWsLf.exe
  2⤵
  PID:3740
- C:\Windows\System\LqRntib.exe
  C:\Windows\System\LqRntib.exe
  2⤵
  PID:4104
- C:\Windows\System\fytYHXM.exe
  C:\Windows\System\fytYHXM.exe
  2⤵
  PID:4120
- C:\Windows\System\giMfGqq.exe
  C:\Windows\System\giMfGqq.exe
  2⤵
  PID:4140
- C:\Windows\System\aLxwkst.exe
  C:\Windows\System\aLxwkst.exe
  2⤵
  PID:4172
- C:\Windows\System\uoLvagO.exe
  C:\Windows\System\uoLvagO.exe
  2⤵
  PID:4192
- C:\Windows\System\CaaOYCm.exe
  C:\Windows\System\CaaOYCm.exe
  2⤵
  PID:4208
- C:\Windows\System\eWfwGsM.exe
  C:\Windows\System\eWfwGsM.exe
  2⤵
  PID:4232
- C:\Windows\System\myZNPhg.exe
  C:\Windows\System\myZNPhg.exe
  2⤵
  PID:4252
- C:\Windows\System\HdjGPkN.exe
  C:\Windows\System\HdjGPkN.exe
  2⤵
  PID:4272
- C:\Windows\System\IBMYKll.exe
  C:\Windows\System\IBMYKll.exe
  2⤵
  PID:4288
- C:\Windows\System\LVDjgzq.exe
  C:\Windows\System\LVDjgzq.exe
  2⤵
  PID:4304
- C:\Windows\System\WQOCAYC.exe
  C:\Windows\System\WQOCAYC.exe
  2⤵
  PID:4324
- C:\Windows\System\otYwbqG.exe
  C:\Windows\System\otYwbqG.exe
  2⤵
  PID:4340
- C:\Windows\System\CQEUnrP.exe
  C:\Windows\System\CQEUnrP.exe
  2⤵
  PID:4360
- C:\Windows\System\IthVnNB.exe
  C:\Windows\System\IthVnNB.exe
  2⤵
  PID:4376
- C:\Windows\System\oCahMeM.exe
  C:\Windows\System\oCahMeM.exe
  2⤵
  PID:4412
- C:\Windows\System\btRvWvF.exe
  C:\Windows\System\btRvWvF.exe
  2⤵
  PID:4432
- C:\Windows\System\lSVcgGA.exe
  C:\Windows\System\lSVcgGA.exe
  2⤵
  PID:4448
- C:\Windows\System\SRhLGoA.exe
  C:\Windows\System\SRhLGoA.exe
  2⤵
  PID:4464
- C:\Windows\System\BiIMaVk.exe
  C:\Windows\System\BiIMaVk.exe
  2⤵
  PID:4496
- C:\Windows\System\chZElXI.exe
  C:\Windows\System\chZElXI.exe
  2⤵
  PID:4512
- C:\Windows\System\RdYODpV.exe
  C:\Windows\System\RdYODpV.exe
  2⤵
  PID:4528
- C:\Windows\System\SFeXqZe.exe
  C:\Windows\System\SFeXqZe.exe
  2⤵
  PID:4544
- C:\Windows\System\iadJrFH.exe
  C:\Windows\System\iadJrFH.exe
  2⤵
  PID:4564
- C:\Windows\System\dLiQOTe.exe
  C:\Windows\System\dLiQOTe.exe
  2⤵
  PID:4592
- C:\Windows\System\JLvcUWz.exe
  C:\Windows\System\JLvcUWz.exe
  2⤵
  PID:4608
- C:\Windows\System\uUpRnDd.exe
  C:\Windows\System\uUpRnDd.exe
  2⤵
  PID:4628
- C:\Windows\System\IdRxFpO.exe
  C:\Windows\System\IdRxFpO.exe
  2⤵
  PID:4668
- C:\Windows\System\CrPgmQu.exe
  C:\Windows\System\CrPgmQu.exe
  2⤵
  PID:4684
- C:\Windows\System\NQAWeix.exe
  C:\Windows\System\NQAWeix.exe
  2⤵
  PID:4700
- C:\Windows\System\WLEIDcF.exe
  C:\Windows\System\WLEIDcF.exe
  2⤵
  PID:4740
- C:\Windows\System\yMmfKDf.exe
  C:\Windows\System\yMmfKDf.exe
  2⤵
  PID:4756
- C:\Windows\System\WnPjFts.exe
  C:\Windows\System\WnPjFts.exe
  2⤵
  PID:4776
- C:\Windows\System\KtTZAvZ.exe
  C:\Windows\System\KtTZAvZ.exe
  2⤵
  PID:4792
- C:\Windows\System\pfbHDkb.exe
  C:\Windows\System\pfbHDkb.exe
  2⤵
  PID:4808
- C:\Windows\System\aouDYRh.exe
  C:\Windows\System\aouDYRh.exe
  2⤵
  PID:4824
- C:\Windows\System\BYpDuaA.exe
  C:\Windows\System\BYpDuaA.exe
  2⤵
  PID:4844
- C:\Windows\System\LdyLBkF.exe
  C:\Windows\System\LdyLBkF.exe
  2⤵
  PID:4864
- C:\Windows\System\UsjzhnP.exe
  C:\Windows\System\UsjzhnP.exe
  2⤵
  PID:4884
- C:\Windows\System\AVgTDwu.exe
  C:\Windows\System\AVgTDwu.exe
  2⤵
  PID:4900
- C:\Windows\System\ipSZtDk.exe
  C:\Windows\System\ipSZtDk.exe
  2⤵
  PID:4916
- C:\Windows\System\mRHTzaC.exe
  C:\Windows\System\mRHTzaC.exe
  2⤵
  PID:4932
- C:\Windows\System\FLZXzmk.exe
  C:\Windows\System\FLZXzmk.exe
  2⤵
  PID:4948
- C:\Windows\System\oualhSp.exe
  C:\Windows\System\oualhSp.exe
  2⤵
  PID:4964
- C:\Windows\System\ZplULob.exe
  C:\Windows\System\ZplULob.exe
  2⤵
  PID:4988
- C:\Windows\System\VbSxZgP.exe
  C:\Windows\System\VbSxZgP.exe
  2⤵
  PID:5024
- C:\Windows\System\PePtGKj.exe
  C:\Windows\System\PePtGKj.exe
  2⤵
  PID:5040
- C:\Windows\System\aQzSltp.exe
  C:\Windows\System\aQzSltp.exe
  2⤵
  PID:5064
- C:\Windows\System\EZzaSqf.exe
  C:\Windows\System\EZzaSqf.exe
  2⤵
  PID:5080
- C:\Windows\System\ggEfgzX.exe
  C:\Windows\System\ggEfgzX.exe
  2⤵
  PID:5096
- C:\Windows\System\iBAkwSl.exe
  C:\Windows\System\iBAkwSl.exe
  2⤵
  PID:5112
- C:\Windows\System\BEdwyxM.exe
  C:\Windows\System\BEdwyxM.exe
  2⤵
  PID:3584
- C:\Windows\System\ERwVVuN.exe
  C:\Windows\System\ERwVVuN.exe
  2⤵
  PID:4132
- C:\Windows\System\jTpmAml.exe
  C:\Windows\System\jTpmAml.exe
  2⤵
  PID:4148
- C:\Windows\System\zHrbCaj.exe
  C:\Windows\System\zHrbCaj.exe
  2⤵
  PID:4156
- C:\Windows\System\DOHXrbk.exe
  C:\Windows\System\DOHXrbk.exe
  2⤵
  PID:4168
- C:\Windows\System\dzbEApm.exe
  C:\Windows\System\dzbEApm.exe
  2⤵
  PID:4228
- C:\Windows\System\TgLjADi.exe
  C:\Windows\System\TgLjADi.exe
  2⤵
  PID:4240
- C:\Windows\System\PCaYTTq.exe
  C:\Windows\System\PCaYTTq.exe
  2⤵
  PID:4264
- C:\Windows\System\qrgrxiM.exe
  C:\Windows\System\qrgrxiM.exe
  2⤵
  PID:4368
- C:\Windows\System\nXVWwMo.exe
  C:\Windows\System\nXVWwMo.exe
  2⤵
  PID:4284
- C:\Windows\System\cadPwDw.exe
  C:\Windows\System\cadPwDw.exe
  2⤵
  PID:4280
- C:\Windows\System\dsxcjii.exe
  C:\Windows\System\dsxcjii.exe
  2⤵
  PID:4388
- C:\Windows\System\ADrYFcR.exe
  C:\Windows\System\ADrYFcR.exe
  2⤵
  PID:4404
- C:\Windows\System\VKmhqsk.exe
  C:\Windows\System\VKmhqsk.exe
  2⤵
  PID:4460
- C:\Windows\System\izvqXGi.exe
  C:\Windows\System\izvqXGi.exe
  2⤵
  PID:4444
- C:\Windows\System\cNhodlD.exe
  C:\Windows\System\cNhodlD.exe
  2⤵
  PID:4504
- C:\Windows\System\lKGgVnf.exe
  C:\Windows\System\lKGgVnf.exe
  2⤵
  PID:4540
- C:\Windows\System\TzMzfSR.exe
  C:\Windows\System\TzMzfSR.exe
  2⤵
  PID:4576
- C:\Windows\System\IeVGLaX.exe
  C:\Windows\System\IeVGLaX.exe
  2⤵
  PID:4556
- C:\Windows\System\SKboxtM.exe
  C:\Windows\System\SKboxtM.exe
  2⤵
  PID:4524
- C:\Windows\System\eOwfKzl.exe
  C:\Windows\System\eOwfKzl.exe
  2⤵
  PID:4604
- C:\Windows\System\yzgHaAb.exe
  C:\Windows\System\yzgHaAb.exe
  2⤵
  PID:1120
- C:\Windows\System\ORqsCTs.exe
  C:\Windows\System\ORqsCTs.exe
  2⤵
  PID:4664
- C:\Windows\System\noJUvTz.exe
  C:\Windows\System\noJUvTz.exe
  2⤵
  PID:4692
- C:\Windows\System\IyeqjzU.exe
  C:\Windows\System\IyeqjzU.exe
  2⤵
  PID:4716
- C:\Windows\System\jtFtcqa.exe
  C:\Windows\System\jtFtcqa.exe
  2⤵
  PID:4816
- C:\Windows\System\ekSquxO.exe
  C:\Windows\System\ekSquxO.exe
  2⤵
  PID:4800
- C:\Windows\System\UmFJvZd.exe
  C:\Windows\System\UmFJvZd.exe
  2⤵
  PID:4856
- C:\Windows\System\DPLBtIL.exe
  C:\Windows\System\DPLBtIL.exe
  2⤵
  PID:4924
- C:\Windows\System\oUpMFjW.exe
  C:\Windows\System\oUpMFjW.exe
  2⤵
  PID:4872
- C:\Windows\System\vAfEroO.exe
  C:\Windows\System\vAfEroO.exe
  2⤵
  PID:4996
- C:\Windows\System\RrzcNlb.exe
  C:\Windows\System\RrzcNlb.exe
  2⤵
  PID:4984
- C:\Windows\System\cuOVQvs.exe
  C:\Windows\System\cuOVQvs.exe
  2⤵
  PID:5048
- C:\Windows\System\WVLgIxK.exe
  C:\Windows\System\WVLgIxK.exe
  2⤵
  PID:5092
- C:\Windows\System\IIOZvjl.exe
  C:\Windows\System\IIOZvjl.exe
  2⤵
  PID:4164
- C:\Windows\System\VBOLspL.exe
  C:\Windows\System\VBOLspL.exe
  2⤵
  PID:4184
- C:\Windows\System\pDDdoIo.exe
  C:\Windows\System\pDDdoIo.exe
  2⤵
  PID:4128
- C:\Windows\System\VRrtXiA.exe
  C:\Windows\System\VRrtXiA.exe
  2⤵
  PID:4224
- C:\Windows\System\ZFqfYpb.exe
  C:\Windows\System\ZFqfYpb.exe
  2⤵
  PID:4332
- C:\Windows\System\qGORlQM.exe
  C:\Windows\System\qGORlQM.exe
  2⤵
  PID:4300
- C:\Windows\System\RnCKPiR.exe
  C:\Windows\System\RnCKPiR.exe
  2⤵
  PID:4676
- C:\Windows\System\ThbWaJr.exe
  C:\Windows\System\ThbWaJr.exe
  2⤵
  PID:4940
- C:\Windows\System\bUSQxHh.exe
  C:\Windows\System\bUSQxHh.exe
  2⤵
  PID:4820
- C:\Windows\System\AbUXlZl.exe
  C:\Windows\System\AbUXlZl.exe
  2⤵
  PID:4912
- C:\Windows\System\jOJYkUm.exe
  C:\Windows\System\jOJYkUm.exe
  2⤵
  PID:4728
- C:\Windows\System\GEERwoW.exe
  C:\Windows\System\GEERwoW.exe
  2⤵
  PID:4116
- C:\Windows\System\MDOQQnC.exe
  C:\Windows\System\MDOQQnC.exe
  2⤵
  PID:4220
- C:\Windows\System\XHdGxNL.exe
  C:\Windows\System\XHdGxNL.exe
  2⤵
  PID:5036
- C:\Windows\System\ubrDAVw.exe
  C:\Windows\System\ubrDAVw.exe
  2⤵
  PID:2544
- C:\Windows\System\lyMWgwA.exe
  C:\Windows\System\lyMWgwA.exe
  2⤵
  PID:4152
- C:\Windows\System\tQhbWhf.exe
  C:\Windows\System\tQhbWhf.exe
  2⤵
  PID:4244
- C:\Windows\System\MRpuAnq.exe
  C:\Windows\System\MRpuAnq.exe
  2⤵
  PID:4860
- C:\Windows\System\nBImBAR.exe
  C:\Windows\System\nBImBAR.exe
  2⤵
  PID:4484
- C:\Windows\System\DMNUofN.exe
  C:\Windows\System\DMNUofN.exe
  2⤵
  PID:4560
- C:\Windows\System\HLMjMsu.exe
  C:\Windows\System\HLMjMsu.exe
  2⤵
  PID:4348
- C:\Windows\System\WZZIDKR.exe
  C:\Windows\System\WZZIDKR.exe
  2⤵
  PID:5016
- C:\Windows\System\FywJYXO.exe
  C:\Windows\System\FywJYXO.exe
  2⤵
  PID:4616
- C:\Windows\System\WacavXd.exe
  C:\Windows\System\WacavXd.exe
  2⤵
  PID:4784
- C:\Windows\System\ItBqZxZ.exe
  C:\Windows\System\ItBqZxZ.exe
  2⤵
  PID:4656
- C:\Windows\System\IebdQSc.exe
  C:\Windows\System\IebdQSc.exe
  2⤵
  PID:4660
- C:\Windows\System\eUnGHXZ.exe
  C:\Windows\System\eUnGHXZ.exe
  2⤵
  PID:4852
- C:\Windows\System\aUKnjqQ.exe
  C:\Windows\System\aUKnjqQ.exe
  2⤵
  PID:5052
- C:\Windows\System\EbyEmDT.exe
  C:\Windows\System\EbyEmDT.exe
  2⤵
  PID:5012
- C:\Windows\System\XtLmjZG.exe
  C:\Windows\System\XtLmjZG.exe
  2⤵
  PID:972
- C:\Windows\System\dUfGmIE.exe
  C:\Windows\System\dUfGmIE.exe
  2⤵
  PID:2328
- C:\Windows\System\iwuMBzP.exe
  C:\Windows\System\iwuMBzP.exe
  2⤵
  PID:4336
- C:\Windows\System\AtSJiRp.exe
  C:\Windows\System\AtSJiRp.exe
  2⤵
  PID:4720
- C:\Windows\System\pxdmoZC.exe
  C:\Windows\System\pxdmoZC.exe
  2⤵
  PID:4384
- C:\Windows\System\HImwTjz.exe
  C:\Windows\System\HImwTjz.exe
  2⤵
  PID:4624
- C:\Windows\System\BjZcHHT.exe
  C:\Windows\System\BjZcHHT.exe
  2⤵
  PID:4588
- C:\Windows\System\jllOduK.exe
  C:\Windows\System\jllOduK.exe
  2⤵
  PID:4440
- C:\Windows\System\fHmwCxB.exe
  C:\Windows\System\fHmwCxB.exe
  2⤵
  PID:5060
- C:\Windows\System\KynzDzx.exe
  C:\Windows\System\KynzDzx.exe
  2⤵
  PID:4956
- C:\Windows\System\eaCacna.exe
  C:\Windows\System\eaCacna.exe
  2⤵
  PID:4424
- C:\Windows\System\ekkMOSk.exe
  C:\Windows\System\ekkMOSk.exe
  2⤵
  PID:4204
- C:\Windows\System\IrUsYVq.exe
  C:\Windows\System\IrUsYVq.exe
  2⤵
  PID:4836
- C:\Windows\System\dMVwUSQ.exe
  C:\Windows\System\dMVwUSQ.exe
  2⤵
  PID:4492
- C:\Windows\System\LbbUIkD.exe
  C:\Windows\System\LbbUIkD.exe
  2⤵
  PID:928
- C:\Windows\System\GTLbOMo.exe
  C:\Windows\System\GTLbOMo.exe
  2⤵
  PID:4652
- C:\Windows\System\DmwpLIh.exe
  C:\Windows\System\DmwpLIh.exe
  2⤵
  PID:5128
- C:\Windows\System\TNrNAHj.exe
  C:\Windows\System\TNrNAHj.exe
  2⤵
  PID:5144
- C:\Windows\System\YsataBA.exe
  C:\Windows\System\YsataBA.exe
  2⤵
  PID:5164
- C:\Windows\System\sdffeBt.exe
  C:\Windows\System\sdffeBt.exe
  2⤵
  PID:5184
- C:\Windows\System\FJbtUgR.exe
  C:\Windows\System\FJbtUgR.exe
  2⤵
  PID:5200
- C:\Windows\System\unBYzOe.exe
  C:\Windows\System\unBYzOe.exe
  2⤵
  PID:5216
- C:\Windows\System\iRQxJXK.exe
  C:\Windows\System\iRQxJXK.exe
  2⤵
  PID:5236
- C:\Windows\System\nrykVuz.exe
  C:\Windows\System\nrykVuz.exe
  2⤵
  PID:5252
- C:\Windows\System\IabgYrB.exe
  C:\Windows\System\IabgYrB.exe
  2⤵
  PID:5272
- C:\Windows\System\NrXYunM.exe
  C:\Windows\System\NrXYunM.exe
  2⤵
  PID:5292
- C:\Windows\System\KEIoQPr.exe
  C:\Windows\System\KEIoQPr.exe
  2⤵
  PID:5308
- C:\Windows\System\EMYFeFE.exe
  C:\Windows\System\EMYFeFE.exe
  2⤵
  PID:5324
- C:\Windows\System\jnVJUOf.exe
  C:\Windows\System\jnVJUOf.exe
  2⤵
  PID:5588
- C:\Windows\System\DDCJMKa.exe
  C:\Windows\System\DDCJMKa.exe
  2⤵
  PID:5604
- C:\Windows\System\jAwbNQb.exe
  C:\Windows\System\jAwbNQb.exe
  2⤵
  PID:5620
- C:\Windows\System\NliqxnJ.exe
  C:\Windows\System\NliqxnJ.exe
  2⤵
  PID:5636
- C:\Windows\System\VEokoCq.exe
  C:\Windows\System\VEokoCq.exe
  2⤵
  PID:5668
- C:\Windows\System\dywYbnx.exe
  C:\Windows\System\dywYbnx.exe
  2⤵
  PID:5684
- C:\Windows\System\EnIvhWo.exe
  C:\Windows\System\EnIvhWo.exe
  2⤵
  PID:5700
- C:\Windows\System\SHTVRzy.exe
  C:\Windows\System\SHTVRzy.exe
  2⤵
  PID:5716
- C:\Windows\System\nIOYWas.exe
  C:\Windows\System\nIOYWas.exe
  2⤵
  PID:5736
- C:\Windows\System\rmXcgKt.exe
  C:\Windows\System\rmXcgKt.exe
  2⤵
  PID:5752
- C:\Windows\System\pbIQuHH.exe
  C:\Windows\System\pbIQuHH.exe
  2⤵
  PID:5768
- C:\Windows\System\mZmtngH.exe
  C:\Windows\System\mZmtngH.exe
  2⤵
  PID:5784
- C:\Windows\System\GRmYiaa.exe
  C:\Windows\System\GRmYiaa.exe
  2⤵
  PID:5800
- C:\Windows\System\sJWQmlN.exe
  C:\Windows\System\sJWQmlN.exe
  2⤵
  PID:5816
- C:\Windows\System\kpWIlqn.exe
  C:\Windows\System\kpWIlqn.exe
  2⤵
  PID:5832
- C:\Windows\System\YQcgwRX.exe
  C:\Windows\System\YQcgwRX.exe
  2⤵
  PID:5848
- C:\Windows\System\ACejoQa.exe
  C:\Windows\System\ACejoQa.exe
  2⤵
  PID:5864
- C:\Windows\System\oGGYVRk.exe
  C:\Windows\System\oGGYVRk.exe
  2⤵
  PID:5880
- C:\Windows\System\skcxIdJ.exe
  C:\Windows\System\skcxIdJ.exe
  2⤵
  PID:5896
- C:\Windows\System\KTiDeUe.exe
  C:\Windows\System\KTiDeUe.exe
  2⤵
  PID:5912
- C:\Windows\System\hKtYuOC.exe
  C:\Windows\System\hKtYuOC.exe
  2⤵
  PID:5928
- C:\Windows\System\ZGkFpuM.exe
  C:\Windows\System\ZGkFpuM.exe
  2⤵
  PID:5944
- C:\Windows\System\zftMdXj.exe
  C:\Windows\System\zftMdXj.exe
  2⤵
  PID:5960
- C:\Windows\System\nQPYTlB.exe
  C:\Windows\System\nQPYTlB.exe
  2⤵
  PID:5976
- C:\Windows\System\GnGBwFa.exe
  C:\Windows\System\GnGBwFa.exe
  2⤵
  PID:5992
- C:\Windows\System\VsuxCFs.exe
  C:\Windows\System\VsuxCFs.exe
  2⤵
  PID:6008
- C:\Windows\System\jobhosi.exe
  C:\Windows\System\jobhosi.exe
  2⤵
  PID:6024
- C:\Windows\System\qAnyxTA.exe
  C:\Windows\System\qAnyxTA.exe
  2⤵
  PID:6040
- C:\Windows\System\bGbICre.exe
  C:\Windows\System\bGbICre.exe
  2⤵
  PID:6056
- C:\Windows\System\Zqvdwbo.exe
  C:\Windows\System\Zqvdwbo.exe
  2⤵
  PID:6072
- C:\Windows\System\kmXPumf.exe
  C:\Windows\System\kmXPumf.exe
  2⤵
  PID:6088
- C:\Windows\System\azBTtki.exe
  C:\Windows\System\azBTtki.exe
  2⤵
  PID:6104
- C:\Windows\System\ATTGcpm.exe
  C:\Windows\System\ATTGcpm.exe
  2⤵
  PID:6120
- C:\Windows\System\ufNNLhn.exe
  C:\Windows\System\ufNNLhn.exe
  2⤵
  PID:6136
- C:\Windows\System\icBGptX.exe
  C:\Windows\System\icBGptX.exe
  2⤵
  PID:3348
- C:\Windows\System\txWonIn.exe
  C:\Windows\System\txWonIn.exe
  2⤵
  PID:5124
- C:\Windows\System\VOEAlAD.exe
  C:\Windows\System\VOEAlAD.exe
  2⤵
  PID:5176
- C:\Windows\System\YEpxvZS.exe
  C:\Windows\System\YEpxvZS.exe
  2⤵
  PID:5212
- C:\Windows\System\URpLnhZ.exe
  C:\Windows\System\URpLnhZ.exe
  2⤵
  PID:5228
- C:\Windows\System\Xcruyuf.exe
  C:\Windows\System\Xcruyuf.exe
  2⤵
  PID:5300
- C:\Windows\System\CHmmbFG.exe
  C:\Windows\System\CHmmbFG.exe
  2⤵
  PID:5304
- C:\Windows\System\koLZnIS.exe
  C:\Windows\System\koLZnIS.exe
  2⤵
  PID:5280
- C:\Windows\System\YjIFFPR.exe
  C:\Windows\System\YjIFFPR.exe
  2⤵
  PID:5344
- C:\Windows\System\tFssxVy.exe
  C:\Windows\System\tFssxVy.exe
  2⤵
  PID:5360
- C:\Windows\System\EukLFaL.exe
  C:\Windows\System\EukLFaL.exe
  2⤵
  PID:5380
- C:\Windows\System\IKFYfFo.exe
  C:\Windows\System\IKFYfFo.exe
  2⤵
  PID:5396
- C:\Windows\System\GfmtGKN.exe
  C:\Windows\System\GfmtGKN.exe
  2⤵
  PID:5412
- C:\Windows\System\KCEatQc.exe
  C:\Windows\System\KCEatQc.exe
  2⤵
  PID:5428
- C:\Windows\System\dDLYKpg.exe
  C:\Windows\System\dDLYKpg.exe
  2⤵
  PID:5444
- C:\Windows\System\ObRsSjJ.exe
  C:\Windows\System\ObRsSjJ.exe
  2⤵
  PID:5460
- C:\Windows\System\WALIKST.exe
  C:\Windows\System\WALIKST.exe
  2⤵
  PID:5476
- C:\Windows\System\LogXwHe.exe
  C:\Windows\System\LogXwHe.exe
  2⤵
  PID:5492
- C:\Windows\System\EaMoPrN.exe
  C:\Windows\System\EaMoPrN.exe
  2⤵
  PID:5508
- C:\Windows\System\XwDHTCw.exe
  C:\Windows\System\XwDHTCw.exe
  2⤵
  PID:5524
- C:\Windows\System\JkpnUTn.exe
  C:\Windows\System\JkpnUTn.exe
  2⤵
  PID:5540
- C:\Windows\System\qhRBpqs.exe
  C:\Windows\System\qhRBpqs.exe
  2⤵
  PID:5556
- C:\Windows\System\yduLMRo.exe
  C:\Windows\System\yduLMRo.exe
  2⤵
  PID:5572
- C:\Windows\System\cbbBQdC.exe
  C:\Windows\System\cbbBQdC.exe
  2⤵
  PID:5336
- C:\Windows\System\CnpJNfa.exe
  C:\Windows\System\CnpJNfa.exe
  2⤵
  PID:5628
- C:\Windows\System\absGHkV.exe
  C:\Windows\System\absGHkV.exe
  2⤵
  PID:5584
- C:\Windows\System\qFgMYMa.exe
  C:\Windows\System\qFgMYMa.exe
  2⤵
  PID:5660
- C:\Windows\System\YpjnWSR.exe
  C:\Windows\System\YpjnWSR.exe
  2⤵
  PID:5676
- C:\Windows\System\ekZLfcD.exe
  C:\Windows\System\ekZLfcD.exe
  2⤵
  PID:5728
- C:\Windows\System\dAZVafH.exe
  C:\Windows\System\dAZVafH.exe
  2⤵
  PID:5792
- C:\Windows\System\woRPCmO.exe
  C:\Windows\System\woRPCmO.exe
  2⤵
  PID:5824
- C:\Windows\System\MtSHyUN.exe
  C:\Windows\System\MtSHyUN.exe
  2⤵
  PID:5876
- C:\Windows\System\EMvyVgr.exe
  C:\Windows\System\EMvyVgr.exe
  2⤵
  PID:5780
- C:\Windows\System\QgWIFtK.exe
  C:\Windows\System\QgWIFtK.exe
  2⤵
  PID:5844
- C:\Windows\System\hrJPFjl.exe
  C:\Windows\System\hrJPFjl.exe
  2⤵
  PID:5956
- C:\Windows\System\RKZPaVo.exe
  C:\Windows\System\RKZPaVo.exe
  2⤵
  PID:5904
- C:\Windows\System\bPiFwUi.exe
  C:\Windows\System\bPiFwUi.exe
  2⤵
  PID:5936
- C:\Windows\System\iSojSZR.exe
  C:\Windows\System\iSojSZR.exe
  2⤵
  PID:5972
- C:\Windows\System\XkZPNKw.exe
  C:\Windows\System\XkZPNKw.exe
  2⤵
  PID:6080
- C:\Windows\System\vvRanlh.exe
  C:\Windows\System\vvRanlh.exe
  2⤵
  PID:6032
- C:\Windows\System\rlEAlSg.exe
  C:\Windows\System\rlEAlSg.exe
  2⤵
  PID:4752
- C:\Windows\System\AoIKcIm.exe
  C:\Windows\System\AoIKcIm.exe
  2⤵
  PID:6132
- C:\Windows\System\zrqDCvI.exe
  C:\Windows\System\zrqDCvI.exe
  2⤵
  PID:5196
- C:\Windows\System\KKbfVOG.exe
  C:\Windows\System\KKbfVOG.exe
  2⤵
  PID:5264
- C:\Windows\System\CMWoCmD.exe
  C:\Windows\System\CMWoCmD.exe
  2⤵
  PID:5180
- C:\Windows\System\owkdPWX.exe
  C:\Windows\System\owkdPWX.exe
  2⤵
  PID:5372
- C:\Windows\System\bahYsaE.exe
  C:\Windows\System\bahYsaE.exe
  2⤵
  PID:5288
- C:\Windows\System\FgJkomx.exe
  C:\Windows\System\FgJkomx.exe
  2⤵
  PID:5384
- C:\Windows\System\dxUhNQO.exe
  C:\Windows\System\dxUhNQO.exe
  2⤵
  PID:5456
- C:\Windows\System\RSoMvQW.exe
  C:\Windows\System\RSoMvQW.exe
  2⤵
  PID:5472
- C:\Windows\System\EWiJKjM.exe
  C:\Windows\System\EWiJKjM.exe
  2⤵
  PID:5484
- C:\Windows\System\aFogeiS.exe
  C:\Windows\System\aFogeiS.exe
  2⤵
  PID:5532
- C:\Windows\System\NpfBoVW.exe
  C:\Windows\System\NpfBoVW.exe
  2⤵
  PID:5568
- C:\Windows\System\OYJjBHa.exe
  C:\Windows\System\OYJjBHa.exe
  2⤵
  PID:5644
- C:\Windows\System\nhDiYxg.exe
  C:\Windows\System\nhDiYxg.exe
  2⤵
  PID:5616
- C:\Windows\System\VdZXRye.exe
  C:\Windows\System\VdZXRye.exe
  2⤵
  PID:5680
- C:\Windows\System\OxlfAUq.exe
  C:\Windows\System\OxlfAUq.exe
  2⤵
  PID:5796
- C:\Windows\System\YDYkEZX.exe
  C:\Windows\System\YDYkEZX.exe
  2⤵
  PID:5776
- C:\Windows\System\lIaDvvn.exe
  C:\Windows\System\lIaDvvn.exe
  2⤵
  PID:6020
- C:\Windows\System\rFxvBlQ.exe
  C:\Windows\System\rFxvBlQ.exe
  2⤵
  PID:6068
- C:\Windows\System\mvdvchB.exe
  C:\Windows\System\mvdvchB.exe
  2⤵
  PID:5968
- C:\Windows\System\PFQuqFc.exe
  C:\Windows\System\PFQuqFc.exe
  2⤵
  PID:6128
- C:\Windows\System\mUnUYVq.exe
  C:\Windows\System\mUnUYVq.exe
  2⤵
  PID:5208
- C:\Windows\System\bYITWDC.exe
  C:\Windows\System\bYITWDC.exe
  2⤵
  PID:5500
- C:\Windows\System\RgUyUGD.exe
  C:\Windows\System\RgUyUGD.exe
  2⤵
  PID:5320
- C:\Windows\System\iBrPPQP.exe
  C:\Windows\System\iBrPPQP.exe
  2⤵
  PID:5352
- C:\Windows\System\QSThVDs.exe
  C:\Windows\System\QSThVDs.exe
  2⤵
  PID:5516
- C:\Windows\System\RoOhIEi.exe
  C:\Windows\System\RoOhIEi.exe
  2⤵
  PID:5552
- C:\Windows\System\fYCtULL.exe
  C:\Windows\System\fYCtULL.exe
  2⤵
  PID:5664
- C:\Windows\System\MHoMaWL.exe
  C:\Windows\System\MHoMaWL.exe
  2⤵
  PID:6064
- C:\Windows\System\akTTWUQ.exe
  C:\Windows\System\akTTWUQ.exe
  2⤵
  PID:6100
- C:\Windows\System\ayeNxqQ.exe
  C:\Windows\System\ayeNxqQ.exe
  2⤵
  PID:5248
- C:\Windows\System\afCURdJ.exe
  C:\Windows\System\afCURdJ.exe
  2⤵
  PID:5224
- C:\Windows\System\nKBBYcN.exe
  C:\Windows\System\nKBBYcN.exe
  2⤵
  PID:5436
- C:\Windows\System\FPEhist.exe
  C:\Windows\System\FPEhist.exe
  2⤵
  PID:5600
- C:\Windows\System\KObKmhU.exe
  C:\Windows\System\KObKmhU.exe
  2⤵
  PID:5828
- C:\Windows\System\CuiTyEa.exe
  C:\Windows\System\CuiTyEa.exe
  2⤵
  PID:5140
- C:\Windows\System\RUuFxje.exe
  C:\Windows\System\RUuFxje.exe
  2⤵
  PID:5420
- C:\Windows\System\iHhusHf.exe
  C:\Windows\System\iHhusHf.exe
  2⤵
  PID:5696
- C:\Windows\System\xxmrjAT.exe
  C:\Windows\System\xxmrjAT.exe
  2⤵
  PID:6048
- C:\Windows\System\hNfpNGh.exe
  C:\Windows\System\hNfpNGh.exe
  2⤵
  PID:6148
- C:\Windows\System\kgLyMxc.exe
  C:\Windows\System\kgLyMxc.exe
  2⤵
  PID:6164
- C:\Windows\System\xLKOTWy.exe
  C:\Windows\System\xLKOTWy.exe
  2⤵
  PID:6180
- C:\Windows\System\mLvfObH.exe
  C:\Windows\System\mLvfObH.exe
  2⤵
  PID:6196
- C:\Windows\System\oqTbJmK.exe
  C:\Windows\System\oqTbJmK.exe
  2⤵
  PID:6212
- C:\Windows\System\rRiIWge.exe
  C:\Windows\System\rRiIWge.exe
  2⤵
  PID:6228
- C:\Windows\System\fdRjQdR.exe
  C:\Windows\System\fdRjQdR.exe
  2⤵
  PID:6252
- C:\Windows\System\OZTcyQO.exe
  C:\Windows\System\OZTcyQO.exe
  2⤵
  PID:6268
- C:\Windows\System\ItFxxqx.exe
  C:\Windows\System\ItFxxqx.exe
  2⤵
  PID:6284
- C:\Windows\System\ZBLkLmk.exe
  C:\Windows\System\ZBLkLmk.exe
  2⤵
  PID:6300
- C:\Windows\System\wvOmvVi.exe
  C:\Windows\System\wvOmvVi.exe
  2⤵
  PID:6316
- C:\Windows\System\eDLETTQ.exe
  C:\Windows\System\eDLETTQ.exe
  2⤵
  PID:6340
- C:\Windows\System\jzjEEVn.exe
  C:\Windows\System\jzjEEVn.exe
  2⤵
  PID:6356
- C:\Windows\System\NVpLXIU.exe
  C:\Windows\System\NVpLXIU.exe
  2⤵
  PID:6372
- C:\Windows\System\klYyUoL.exe
  C:\Windows\System\klYyUoL.exe
  2⤵
  PID:6388
- C:\Windows\System\FwIFKfT.exe
  C:\Windows\System\FwIFKfT.exe
  2⤵
  PID:6404
- C:\Windows\System\cEWPmWQ.exe
  C:\Windows\System\cEWPmWQ.exe
  2⤵
  PID:6420
- C:\Windows\System\HtRtAwk.exe
  C:\Windows\System\HtRtAwk.exe
  2⤵
  PID:6436
- C:\Windows\System\yQNJNcr.exe
  C:\Windows\System\yQNJNcr.exe
  2⤵
  PID:6452
- C:\Windows\System\bSKkiGo.exe
  C:\Windows\System\bSKkiGo.exe
  2⤵
  PID:6468
- C:\Windows\System\iyOezFP.exe
  C:\Windows\System\iyOezFP.exe
  2⤵
  PID:6484
- C:\Windows\System\ZhspBBa.exe
  C:\Windows\System\ZhspBBa.exe
  2⤵
  PID:6500
- C:\Windows\System\qQseRow.exe
  C:\Windows\System\qQseRow.exe
  2⤵
  PID:6516
- C:\Windows\System\PSEEhVF.exe
  C:\Windows\System\PSEEhVF.exe
  2⤵
  PID:6532
- C:\Windows\System\QTIBFEf.exe
  C:\Windows\System\QTIBFEf.exe
  2⤵
  PID:6548
- C:\Windows\System\CIErAnJ.exe
  C:\Windows\System\CIErAnJ.exe
  2⤵
  PID:7088
- C:\Windows\System\lzdAIZl.exe
  C:\Windows\System\lzdAIZl.exe
  2⤵
  PID:7104
- C:\Windows\System\jAqoZdG.exe
  C:\Windows\System\jAqoZdG.exe
  2⤵
  PID:7124
- C:\Windows\System\NQjQGbz.exe
  C:\Windows\System\NQjQGbz.exe
  2⤵
  PID:7140
- C:\Windows\System\WZBSIFs.exe
  C:\Windows\System\WZBSIFs.exe
  2⤵
  PID:5732
- C:\Windows\System\JrveRBZ.exe
  C:\Windows\System\JrveRBZ.exe
  2⤵
  PID:5764
- C:\Windows\System\MhheCYW.exe
  C:\Windows\System\MhheCYW.exe
  2⤵
  PID:6188
- C:\Windows\System\JWPrqJl.exe
  C:\Windows\System\JWPrqJl.exe
  2⤵
  PID:6208
- C:\Windows\System\xqwxnph.exe
  C:\Windows\System\xqwxnph.exe
  2⤵
  PID:6240
- C:\Windows\System\zVFRZdW.exe
  C:\Windows\System\zVFRZdW.exe
  2⤵
  PID:6336
- C:\Windows\System\yMMwgIK.exe
  C:\Windows\System\yMMwgIK.exe
  2⤵
  PID:6332
- C:\Windows\System\TCTVacE.exe
  C:\Windows\System\TCTVacE.exe
  2⤵
  PID:6396
- C:\Windows\System\dUuLYLY.exe
  C:\Windows\System\dUuLYLY.exe
  2⤵
  PID:6464
- C:\Windows\System\GCMswIn.exe
  C:\Windows\System\GCMswIn.exe
  2⤵
  PID:6512
- C:\Windows\System\RQdQTwc.exe
  C:\Windows\System\RQdQTwc.exe
  2⤵
  PID:6448
- C:\Windows\System\UBfTFaX.exe
  C:\Windows\System\UBfTFaX.exe
  2⤵
  PID:6528
- C:\Windows\System\woOSBQx.exe
  C:\Windows\System\woOSBQx.exe
  2⤵
  PID:6576
- C:\Windows\System\Qlntbof.exe
  C:\Windows\System\Qlntbof.exe
  2⤵
  PID:6592
- C:\Windows\System\VJSSChy.exe
  C:\Windows\System\VJSSChy.exe
  2⤵
  PID:6616
- C:\Windows\System\lnsfhIP.exe
  C:\Windows\System\lnsfhIP.exe
  2⤵
  PID:6632
- C:\Windows\System\izKCTYv.exe
  C:\Windows\System\izKCTYv.exe
  2⤵
  PID:6672
- C:\Windows\System\kiyrUUA.exe
  C:\Windows\System\kiyrUUA.exe
  2⤵
  PID:6664
- C:\Windows\System\ZLoBYiY.exe
  C:\Windows\System\ZLoBYiY.exe
  2⤵
  PID:6684
- C:\Windows\System\mMXjfEl.exe
  C:\Windows\System\mMXjfEl.exe
  2⤵
  PID:6712
- C:\Windows\System\EUqeVdC.exe
  C:\Windows\System\EUqeVdC.exe
  2⤵
  PID:6732
- C:\Windows\System\UgPRArc.exe
  C:\Windows\System\UgPRArc.exe
  2⤵
  PID:5564
- C:\Windows\System\osDiCNr.exe
  C:\Windows\System\osDiCNr.exe
  2⤵
  PID:6760
- C:\Windows\System\zFQqEwo.exe
  C:\Windows\System\zFQqEwo.exe
  2⤵
  PID:6792
- C:\Windows\System\EqcnjDx.exe
  C:\Windows\System\EqcnjDx.exe
  2⤵
  PID:6808
- C:\Windows\System\kCYFWBQ.exe
  C:\Windows\System\kCYFWBQ.exe
  2⤵
  PID:6824
- C:\Windows\System\lfOIKvu.exe
  C:\Windows\System\lfOIKvu.exe
  2⤵
  PID:6840
- C:\Windows\System\mrjLZui.exe
  C:\Windows\System\mrjLZui.exe
  2⤵
  PID:6856
- C:\Windows\System\BiwZFIA.exe
  C:\Windows\System\BiwZFIA.exe
  2⤵
  PID:6880
- C:\Windows\System\vqhCJmC.exe
  C:\Windows\System\vqhCJmC.exe
  2⤵
  PID:6900
- C:\Windows\System\BuExnfv.exe
  C:\Windows\System\BuExnfv.exe
  2⤵
  PID:6912
- C:\Windows\System\vktwhHs.exe
  C:\Windows\System\vktwhHs.exe
  2⤵
  PID:6960
- C:\Windows\System\jaNxKFC.exe
  C:\Windows\System\jaNxKFC.exe
  2⤵
  PID:6980
- C:\Windows\System\QofQCrl.exe
  C:\Windows\System\QofQCrl.exe
  2⤵
  PID:6996
- C:\Windows\System\TQldWGI.exe
  C:\Windows\System\TQldWGI.exe
  2⤵
  PID:2044
- C:\Windows\System\OiSrElM.exe
  C:\Windows\System\OiSrElM.exe
  2⤵
  PID:7016
- C:\Windows\System\uBjsnwR.exe
  C:\Windows\System\uBjsnwR.exe
  2⤵
  PID:956
- C:\Windows\System\uDqMYmi.exe
  C:\Windows\System\uDqMYmi.exe
  2⤵
  PID:7040
- C:\Windows\System\zSrDGeY.exe
  C:\Windows\System\zSrDGeY.exe
  2⤵
  PID:7056
- C:\Windows\System\jSODgdU.exe
  C:\Windows\System\jSODgdU.exe
  2⤵
  PID:7068
- C:\Windows\System\ntTwDhN.exe
  C:\Windows\System\ntTwDhN.exe
  2⤵
  PID:7132
- C:\Windows\System\ypsrFGL.exe
  C:\Windows\System\ypsrFGL.exe
  2⤵
  PID:7116
- C:\Windows\System\klwDwAe.exe
  C:\Windows\System\klwDwAe.exe
  2⤵
  PID:6220
- C:\Windows\System\NrsHXbs.exe
  C:\Windows\System\NrsHXbs.exe
  2⤵
  PID:5708
- C:\Windows\System\NpwtuFN.exe
  C:\Windows\System\NpwtuFN.exe
  2⤵
  PID:5368
- C:\Windows\System\nSpgYNO.exe
  C:\Windows\System\nSpgYNO.exe
  2⤵
  PID:6364
- C:\Windows\System\HZatNKt.exe
  C:\Windows\System\HZatNKt.exe
  2⤵
  PID:6296
- C:\Windows\System\YsbpYmK.exe
  C:\Windows\System\YsbpYmK.exe
  2⤵
  PID:6352
- C:\Windows\System\AdaNxGG.exe
  C:\Windows\System\AdaNxGG.exe
  2⤵
  PID:6584
- C:\Windows\System\OKHpHwW.exe
  C:\Windows\System\OKHpHwW.exe
  2⤵
  PID:6480
- C:\Windows\System\XaEiZZF.exe
  C:\Windows\System\XaEiZZF.exe
  2⤵
  PID:6564
- C:\Windows\System\rgUMbqz.exe
  C:\Windows\System\rgUMbqz.exe
  2⤵
  PID:6656
- C:\Windows\System\zMIFijJ.exe
  C:\Windows\System\zMIFijJ.exe
  2⤵
  PID:6692
- C:\Windows\System\ATCfjCt.exe
  C:\Windows\System\ATCfjCt.exe
  2⤵
  PID:6696
- C:\Windows\System\QebNGIS.exe
  C:\Windows\System\QebNGIS.exe
  2⤵
  PID:6720
- C:\Windows\System\ySzLfvE.exe
  C:\Windows\System\ySzLfvE.exe
  2⤵
  PID:6780
- C:\Windows\System\OYAZEIA.exe
  C:\Windows\System\OYAZEIA.exe
  2⤵
  PID:6820
- C:\Windows\System\fMPLJUX.exe
  C:\Windows\System\fMPLJUX.exe
  2⤵
  PID:6924
- C:\Windows\System\rsFYVcx.exe
  C:\Windows\System\rsFYVcx.exe
  2⤵
  PID:6872
- C:\Windows\System\zNQXNjD.exe
  C:\Windows\System\zNQXNjD.exe
  2⤵
  PID:6756
- C:\Windows\System\hjZTHHo.exe
  C:\Windows\System\hjZTHHo.exe
  2⤵
  PID:6864
- C:\Windows\System\PSJFRPy.exe
  C:\Windows\System\PSJFRPy.exe
  2⤵
  PID:2244
- C:\Windows\System\iqxhmvv.exe
  C:\Windows\System\iqxhmvv.exe
  2⤵
  PID:1676
- C:\Windows\System\MyXyMVa.exe
  C:\Windows\System\MyXyMVa.exe
  2⤵
  PID:6988
- C:\Windows\System\jdpJMNW.exe
  C:\Windows\System\jdpJMNW.exe
  2⤵
  PID:2728
- C:\Windows\System\BfBVayz.exe
  C:\Windows\System\BfBVayz.exe
  2⤵
  PID:6972
- C:\Windows\System\nrfEztT.exe
  C:\Windows\System\nrfEztT.exe
  2⤵
  PID:7048
- C:\Windows\System\EzvafUV.exe
  C:\Windows\System\EzvafUV.exe
  2⤵
  PID:6280
- C:\Windows\System\pNZoByU.exe
  C:\Windows\System\pNZoByU.exe
  2⤵
  PID:6308
- C:\Windows\System\Xtdsdes.exe
  C:\Windows\System\Xtdsdes.exe
  2⤵
  PID:7084
- C:\Windows\System\lLIBWgo.exe
  C:\Windows\System\lLIBWgo.exe
  2⤵
  PID:7164
- C:\Windows\System\mJBRvnG.exe
  C:\Windows\System\mJBRvnG.exe
  2⤵
  PID:6496
- C:\Windows\System\uYrHzok.exe
  C:\Windows\System\uYrHzok.exe
  2⤵
  PID:6428
- C:\Windows\System\oYlXGgA.exe
  C:\Windows\System\oYlXGgA.exe
  2⤵
  PID:6580
- C:\Windows\System\apglslh.exe
  C:\Windows\System\apglslh.exe
  2⤵
  PID:2572
- C:\Windows\System\MNgzzWS.exe
  C:\Windows\System\MNgzzWS.exe
  2⤵
  PID:6724
- C:\Windows\System\oIhGaSa.exe
  C:\Windows\System\oIhGaSa.exe
  2⤵
  PID:6744
- C:\Windows\System\XflHmBr.exe
  C:\Windows\System\XflHmBr.exe
  2⤵
  PID:6444
- C:\Windows\System\kWfegfB.exe
  C:\Windows\System\kWfegfB.exe
  2⤵
  PID:6772
- C:\Windows\System\sltJIHc.exe
  C:\Windows\System\sltJIHc.exe
  2⤵
  PID:6784
- C:\Windows\System\HakctiE.exe
  C:\Windows\System\HakctiE.exe
  2⤵
  PID:6948
- C:\Windows\System\nLYcBVM.exe
  C:\Windows\System\nLYcBVM.exe
  2⤵
  PID:2088
- C:\Windows\System\fEnRUsa.exe
  C:\Windows\System\fEnRUsa.exe
  2⤵
  PID:6568
- C:\Windows\System\OotBTpV.exe
  C:\Windows\System\OotBTpV.exe
  2⤵
  PID:1104
- C:\Windows\System\iovzWCc.exe
  C:\Windows\System\iovzWCc.exe
  2⤵
  PID:848
- C:\Windows\System\wpZAeuI.exe
  C:\Windows\System\wpZAeuI.exe
  2⤵
  PID:6264
- C:\Windows\System\ThLpttO.exe
  C:\Windows\System\ThLpttO.exe
  2⤵
  PID:6244
- C:\Windows\System\nlxmaCZ.exe
  C:\Windows\System\nlxmaCZ.exe
  2⤵
  PID:6476
- C:\Windows\System\nNkPons.exe
  C:\Windows\System\nNkPons.exe
  2⤵
  PID:6460
- C:\Windows\System\xollCgR.exe
  C:\Windows\System\xollCgR.exe
  2⤵
  PID:6708
- C:\Windows\System\jZwuVIL.exe
  C:\Windows\System\jZwuVIL.exe
  2⤵
  PID:2772
- C:\Windows\System\cIlgdMO.exe
  C:\Windows\System\cIlgdMO.exe
  2⤵
  PID:6768
- C:\Windows\System\VcgwBMa.exe
  C:\Windows\System\VcgwBMa.exe
  2⤵
  PID:6668
- C:\Windows\System\NLEqrcf.exe
  C:\Windows\System\NLEqrcf.exe
  2⤵
  PID:912
- C:\Windows\System\gixhoIe.exe
  C:\Windows\System\gixhoIe.exe
  2⤵
  PID:6936
- C:\Windows\System\RrJMvXd.exe
  C:\Windows\System\RrJMvXd.exe
  2⤵
  PID:6836
- C:\Windows\System\btDzbxs.exe
  C:\Windows\System\btDzbxs.exe
  2⤵
  PID:7036
- C:\Windows\System\OsBAiyP.exe
  C:\Windows\System\OsBAiyP.exe
  2⤵
  PID:7156
- C:\Windows\System\XCKiEfk.exe
  C:\Windows\System\XCKiEfk.exe
  2⤵
  PID:6156
- C:\Windows\System\iLZHMVF.exe
  C:\Windows\System\iLZHMVF.exe
  2⤵
  PID:6508
- C:\Windows\System\lhZGIrd.exe
  C:\Windows\System\lhZGIrd.exe
  2⤵
  PID:6800
- C:\Windows\System\BRTxkSJ.exe
  C:\Windows\System\BRTxkSJ.exe
  2⤵
  PID:7000
- C:\Windows\System\naGNnze.exe
  C:\Windows\System\naGNnze.exe
  2⤵
  PID:7112
- C:\Windows\System\uYSqWjB.exe
  C:\Windows\System\uYSqWjB.exe
  2⤵
  PID:748
- C:\Windows\System\uekJUUt.exe
  C:\Windows\System\uekJUUt.exe
  2⤵
  PID:6544
- C:\Windows\System\bdyZzKv.exe
  C:\Windows\System\bdyZzKv.exe
  2⤵
  PID:6752
- C:\Windows\System\bjMtwDt.exe
  C:\Windows\System\bjMtwDt.exe
  2⤵
  PID:7172
- C:\Windows\System\IGTCVWi.exe
  C:\Windows\System\IGTCVWi.exe
  2⤵
  PID:7192
- C:\Windows\System\hEWFkQL.exe
  C:\Windows\System\hEWFkQL.exe
  2⤵
  PID:7212
- C:\Windows\System\TcWBseG.exe
  C:\Windows\System\TcWBseG.exe
  2⤵
  PID:7228
- C:\Windows\System\qrNvDzL.exe
  C:\Windows\System\qrNvDzL.exe
  2⤵
  PID:7248
- C:\Windows\System\uTNpSbR.exe
  C:\Windows\System\uTNpSbR.exe
  2⤵
  PID:7264
- C:\Windows\System\dBahfry.exe
  C:\Windows\System\dBahfry.exe
  2⤵
  PID:7284
- C:\Windows\System\TMqubmS.exe
  C:\Windows\System\TMqubmS.exe
  2⤵
  PID:7300
- C:\Windows\System\ljdqXQq.exe
  C:\Windows\System\ljdqXQq.exe
  2⤵
  PID:7316
- C:\Windows\System\UkqLmAw.exe
  C:\Windows\System\UkqLmAw.exe
  2⤵
  PID:7340
- C:\Windows\System\giuMOap.exe
  C:\Windows\System\giuMOap.exe
  2⤵
  PID:7356
- C:\Windows\System\bJEPUQH.exe
  C:\Windows\System\bJEPUQH.exe
  2⤵
  PID:7372
- C:\Windows\System\IbPoLJW.exe
  C:\Windows\System\IbPoLJW.exe
  2⤵
  PID:7396
- C:\Windows\System\HFODvpd.exe
  C:\Windows\System\HFODvpd.exe
  2⤵
  PID:7440
- C:\Windows\System\OPolToU.exe
  C:\Windows\System\OPolToU.exe
  2⤵
  PID:7460
- C:\Windows\System\roVtyeb.exe
  C:\Windows\System\roVtyeb.exe
  2⤵
  PID:7476
- C:\Windows\System\hPUAPjE.exe
  C:\Windows\System\hPUAPjE.exe
  2⤵
  PID:7496
- C:\Windows\System\VUzKGhZ.exe
  C:\Windows\System\VUzKGhZ.exe
  2⤵
  PID:7520
- C:\Windows\System\UgExEfC.exe
  C:\Windows\System\UgExEfC.exe
  2⤵
  PID:7548
- C:\Windows\System\CuiAttP.exe
  C:\Windows\System\CuiAttP.exe
  2⤵
  PID:7568
- C:\Windows\System\MZwoDvd.exe
  C:\Windows\System\MZwoDvd.exe
  2⤵
  PID:7584
- C:\Windows\System\YHoMxex.exe
  C:\Windows\System\YHoMxex.exe
  2⤵
  PID:7608
- C:\Windows\System\bSlBaVP.exe
  C:\Windows\System\bSlBaVP.exe
  2⤵
  PID:7632
- C:\Windows\System\LLuRXGm.exe
  C:\Windows\System\LLuRXGm.exe
  2⤵
  PID:7648
- C:\Windows\System\ygPJCjH.exe
  C:\Windows\System\ygPJCjH.exe
  2⤵
  PID:7672
- C:\Windows\System\FERCaSH.exe
  C:\Windows\System\FERCaSH.exe
  2⤵
  PID:7696
- C:\Windows\System\SyQPKPe.exe
  C:\Windows\System\SyQPKPe.exe
  2⤵
  PID:7712
- C:\Windows\System\rIvWZop.exe
  C:\Windows\System\rIvWZop.exe
  2⤵
  PID:7728
- C:\Windows\System\aTHLBaz.exe
  C:\Windows\System\aTHLBaz.exe
  2⤵
  PID:7744
- C:\Windows\System\GacLSOz.exe
  C:\Windows\System\GacLSOz.exe
  2⤵
  PID:7780
- C:\Windows\System\CxXRTxh.exe
  C:\Windows\System\CxXRTxh.exe
  2⤵
  PID:7796
- C:\Windows\System\dnxPArz.exe
  C:\Windows\System\dnxPArz.exe
  2⤵
  PID:7812
- C:\Windows\System\AkcUHSq.exe
  C:\Windows\System\AkcUHSq.exe
  2⤵
  PID:7828
- C:\Windows\System\yiZMBQu.exe
  C:\Windows\System\yiZMBQu.exe
  2⤵
  PID:7844
- C:\Windows\System\phbytJf.exe
  C:\Windows\System\phbytJf.exe
  2⤵
  PID:7864
- C:\Windows\System\rsVfvCD.exe
  C:\Windows\System\rsVfvCD.exe
  2⤵
  PID:7880
- C:\Windows\System\fywzqvb.exe
  C:\Windows\System\fywzqvb.exe
  2⤵
  PID:7896
- C:\Windows\System\xRTnaOt.exe
  C:\Windows\System\xRTnaOt.exe
  2⤵
  PID:7912
- C:\Windows\System\wAiywBT.exe
  C:\Windows\System\wAiywBT.exe
  2⤵
  PID:7960
- C:\Windows\System\isXdjVt.exe
  C:\Windows\System\isXdjVt.exe
  2⤵
  PID:7976
- C:\Windows\System\izzcrHf.exe
  C:\Windows\System\izzcrHf.exe
  2⤵
  PID:7996
- C:\Windows\System\xkndXZe.exe
  C:\Windows\System\xkndXZe.exe
  2⤵
  PID:8016
- C:\Windows\System\BWVoGvf.exe
  C:\Windows\System\BWVoGvf.exe
  2⤵
  PID:8032
- C:\Windows\System\lPAyCaf.exe
  C:\Windows\System\lPAyCaf.exe
  2⤵
  PID:8056
- C:\Windows\System\QJDYETe.exe
  C:\Windows\System\QJDYETe.exe
  2⤵
  PID:8072
- C:\Windows\System\UCShfgF.exe
  C:\Windows\System\UCShfgF.exe
  2⤵
  PID:8088
- C:\Windows\System\MFXICEw.exe
  C:\Windows\System\MFXICEw.exe
  2⤵
  PID:8104
- C:\Windows\System\gKhNvxQ.exe
  C:\Windows\System\gKhNvxQ.exe
  2⤵
  PID:8120
- C:\Windows\System\LKnLXew.exe
  C:\Windows\System\LKnLXew.exe
  2⤵
  PID:8140
- C:\Windows\System\SgGevNa.exe
  C:\Windows\System\SgGevNa.exe
  2⤵
  PID:8156
- C:\Windows\System\MUpqwvU.exe
  C:\Windows\System\MUpqwvU.exe
  2⤵
  PID:8180
- C:\Windows\System\UmcdwGX.exe
  C:\Windows\System\UmcdwGX.exe
  2⤵
  PID:2692
- C:\Windows\System\piOehzA.exe
  C:\Windows\System\piOehzA.exe
  2⤵
  PID:7220
- C:\Windows\System\PBLvLKh.exe
  C:\Windows\System\PBLvLKh.exe
  2⤵
  PID:7292
- C:\Windows\System\mIMlZXn.exe
  C:\Windows\System\mIMlZXn.exe
  2⤵
  PID:6624
- C:\Windows\System\qkSFGrY.exe
  C:\Windows\System\qkSFGrY.exe
  2⤵
  PID:7368
- C:\Windows\System\ehBLZhN.exe
  C:\Windows\System\ehBLZhN.exe
  2⤵
  PID:7244
- C:\Windows\System\IIYEpgM.exe
  C:\Windows\System\IIYEpgM.exe
  2⤵
  PID:6524
- C:\Windows\System\QDRetaS.exe
  C:\Windows\System\QDRetaS.exe
  2⤵
  PID:7208
- C:\Windows\System\jEWxHRs.exe
  C:\Windows\System\jEWxHRs.exe
  2⤵
  PID:7468
- C:\Windows\System\eVtXJOW.exe
  C:\Windows\System\eVtXJOW.exe
  2⤵
  PID:7388
- C:\Windows\System\yIwgGfr.exe
  C:\Windows\System\yIwgGfr.exe
  2⤵
  PID:7352
- C:\Windows\System\nOEgeZb.exe
  C:\Windows\System\nOEgeZb.exe
  2⤵
  PID:7516
- C:\Windows\System\zNczNrA.exe
  C:\Windows\System\zNczNrA.exe
  2⤵
  PID:7556
- C:\Windows\System\rHdKzjc.exe
  C:\Windows\System\rHdKzjc.exe
  2⤵
  PID:7488
- C:\Windows\System\CMmKfHh.exe
  C:\Windows\System\CMmKfHh.exe
  2⤵
  PID:7576
- C:\Windows\System\KUXwIic.exe
  C:\Windows\System\KUXwIic.exe
  2⤵
  PID:7596
- C:\Windows\System\TUZhmfa.exe
  C:\Windows\System\TUZhmfa.exe
  2⤵
  PID:7644
- C:\Windows\System\vhczyGr.exe
  C:\Windows\System\vhczyGr.exe
  2⤵
  PID:7668
- C:\Windows\System\UYUZnQv.exe
  C:\Windows\System\UYUZnQv.exe
  2⤵
  PID:7664
- C:\Windows\System\YCdCqNE.exe
  C:\Windows\System\YCdCqNE.exe
  2⤵
  PID:7704
- C:\Windows\System\HBYZvik.exe
  C:\Windows\System\HBYZvik.exe
  2⤵
  PID:7760
- C:\Windows\System\YRAtjnc.exe
  C:\Windows\System\YRAtjnc.exe
  2⤵
  PID:7740
- C:\Windows\System\ZFrzMom.exe
  C:\Windows\System\ZFrzMom.exe
  2⤵
  PID:7772
- C:\Windows\System\NpBKVxR.exe
  C:\Windows\System\NpBKVxR.exe
  2⤵
  PID:7840
- C:\Windows\System\ysJPLRs.exe
  C:\Windows\System\ysJPLRs.exe
  2⤵
  PID:7908
- C:\Windows\System\ibfccXf.exe
  C:\Windows\System\ibfccXf.exe
  2⤵
  PID:7856
- C:\Windows\System\UhmphDl.exe
  C:\Windows\System\UhmphDl.exe
  2⤵
  PID:7788
- C:\Windows\System\ZjDzUDJ.exe
  C:\Windows\System\ZjDzUDJ.exe
  2⤵
  PID:7932
- C:\Windows\System\OgrAfWF.exe
  C:\Windows\System\OgrAfWF.exe
  2⤵
  PID:7944
- C:\Windows\System\HBUfFzz.exe
  C:\Windows\System\HBUfFzz.exe
  2⤵
  PID:7972
- C:\Windows\System\OamuUAZ.exe
  C:\Windows\System\OamuUAZ.exe
  2⤵
  PID:8008
- C:\Windows\System\pPszUmI.exe
  C:\Windows\System\pPszUmI.exe
  2⤵
  PID:8052
- C:\Windows\System\hwqPnDz.exe
  C:\Windows\System\hwqPnDz.exe
  2⤵
  PID:8080
- C:\Windows\System\EvXABsO.exe
  C:\Windows\System\EvXABsO.exe
  2⤵
  PID:8188
- C:\Windows\System\RlatRXv.exe
  C:\Windows\System\RlatRXv.exe
  2⤵
  PID:7260
- C:\Windows\System\lCZqMKJ.exe
  C:\Windows\System\lCZqMKJ.exe
  2⤵
  PID:7988
- C:\Windows\System\tMPjBYg.exe
  C:\Windows\System\tMPjBYg.exe
  2⤵
  PID:8128
- C:\Windows\System\XjkhYxL.exe
  C:\Windows\System\XjkhYxL.exe
  2⤵
  PID:2568
- C:\Windows\System\cWIzlyX.exe
  C:\Windows\System\cWIzlyX.exe
  2⤵
  PID:8064
- C:\Windows\System\vJYtlUw.exe
  C:\Windows\System\vJYtlUw.exe
  2⤵
  PID:8100
- C:\Windows\System\FZDYTOC.exe
  C:\Windows\System\FZDYTOC.exe
  2⤵
  PID:7308
- C:\Windows\System\GCaKlev.exe
  C:\Windows\System\GCaKlev.exe
  2⤵
  PID:7420
- C:\Windows\System\LlFlMBw.exe
  C:\Windows\System\LlFlMBw.exe
  2⤵
  PID:7236
- C:\Windows\System\sNTofXg.exe
  C:\Windows\System\sNTofXg.exe
  2⤵
  PID:7280
- C:\Windows\System\VpVBKfP.exe
  C:\Windows\System\VpVBKfP.exe
  2⤵
  PID:7200
- C:\Windows\System\uduTlQX.exe
  C:\Windows\System\uduTlQX.exe
  2⤵
  PID:7312
- C:\Windows\System\oOWDnwg.exe
  C:\Windows\System\oOWDnwg.exe
  2⤵
  PID:7600
- C:\Windows\System\OduISMo.exe
  C:\Windows\System\OduISMo.exe
  2⤵
  PID:7564
- C:\Windows\System\fLPPvvy.exe
  C:\Windows\System\fLPPvvy.exe
  2⤵
  PID:7720
- C:\Windows\System\cuNVRVh.exe
  C:\Windows\System\cuNVRVh.exe
  2⤵
  PID:6612
- C:\Windows\System\pfrjeNR.exe
  C:\Windows\System\pfrjeNR.exe
  2⤵
  PID:7904
- C:\Windows\System\uPnpTLv.exe
  C:\Windows\System\uPnpTLv.exe
  2⤵
  PID:6956
- C:\Windows\System\HGJYVij.exe
  C:\Windows\System\HGJYVij.exe
  2⤵
  PID:8012
- C:\Windows\System\FAkjpiI.exe
  C:\Windows\System\FAkjpiI.exe
  2⤵
  PID:7928
- C:\Windows\System\vFUdMql.exe
  C:\Windows\System\vFUdMql.exe
  2⤵
  PID:8084
- C:\Windows\System\FDNcwEd.exe
  C:\Windows\System\FDNcwEd.exe
  2⤵
  PID:7956
- C:\Windows\System\KnuvZue.exe
  C:\Windows\System\KnuvZue.exe
  2⤵
  PID:8028
- C:\Windows\System\vifBgro.exe
  C:\Windows\System\vifBgro.exe
  2⤵
  PID:8116
- C:\Windows\System\uGSwied.exe
  C:\Windows\System\uGSwied.exe
  2⤵
  PID:7412
- C:\Windows\System\AEuyZwr.exe
  C:\Windows\System\AEuyZwr.exe
  2⤵
  PID:7012
- C:\Windows\System\ulwXVNh.exe
  C:\Windows\System\ulwXVNh.exe
  2⤵
  PID:7080
- C:\Windows\System\PNITAjF.exe
  C:\Windows\System\PNITAjF.exe
  2⤵
  PID:7332
- C:\Windows\System\ydWgNnR.exe
  C:\Windows\System\ydWgNnR.exe
  2⤵
  PID:7432
- C:\Windows\System\NeNQpPS.exe
  C:\Windows\System\NeNQpPS.exe
  2⤵
  PID:7240
- C:\Windows\System\EomPIYP.exe
  C:\Windows\System\EomPIYP.exe
  2⤵
  PID:7752
- C:\Windows\System\NbzdzUL.exe
  C:\Windows\System\NbzdzUL.exe
  2⤵
  PID:7892
- C:\Windows\System\SNmKyZS.exe
  C:\Windows\System\SNmKyZS.exe
  2⤵
  PID:7256
- C:\Windows\System\QWWtrEU.exe
  C:\Windows\System\QWWtrEU.exe
  2⤵
  PID:7860
- C:\Windows\System\YRbXyOq.exe
  C:\Windows\System\YRbXyOq.exe
  2⤵
  PID:7380
- C:\Windows\System\Pbtisrc.exe
  C:\Windows\System\Pbtisrc.exe
  2⤵
  PID:7328
- C:\Windows\System\tKetKYQ.exe
  C:\Windows\System\tKetKYQ.exe
  2⤵
  PID:8024
- C:\Windows\System\AjambhG.exe
  C:\Windows\System\AjambhG.exe
  2⤵
  PID:7920
- C:\Windows\System\beOgdNT.exe
  C:\Windows\System\beOgdNT.exe
  2⤵
  PID:1520
- C:\Windows\System\XpsTrDf.exe
  C:\Windows\System\XpsTrDf.exe
  2⤵
  PID:7808
- C:\Windows\System\TGYhZqE.exe
  C:\Windows\System\TGYhZqE.exe
  2⤵
  PID:1692
- C:\Windows\System\auITBdf.exe
  C:\Windows\System\auITBdf.exe
  2⤵
  PID:8204
- C:\Windows\System\apqvATH.exe
  C:\Windows\System\apqvATH.exe
  2⤵
  PID:8220
- C:\Windows\System\DWLaAGz.exe
  C:\Windows\System\DWLaAGz.exe
  2⤵
  PID:8236
- C:\Windows\System\TjtXquq.exe
  C:\Windows\System\TjtXquq.exe
  2⤵
  PID:8252
- C:\Windows\System\AnEOLJZ.exe
  C:\Windows\System\AnEOLJZ.exe
  2⤵
  PID:8268
- C:\Windows\System\AuCMUIR.exe
  C:\Windows\System\AuCMUIR.exe
  2⤵
  PID:8284
- C:\Windows\System\gUGMlPt.exe
  C:\Windows\System\gUGMlPt.exe
  2⤵
  PID:8300
- C:\Windows\System\bXorLiZ.exe
  C:\Windows\System\bXorLiZ.exe
  2⤵
  PID:8316
- C:\Windows\System\SDYImif.exe
  C:\Windows\System\SDYImif.exe
  2⤵
  PID:8332
- C:\Windows\System\ZLVcTAP.exe
  C:\Windows\System\ZLVcTAP.exe
  2⤵
  PID:8348
- C:\Windows\System\oVobOtU.exe
  C:\Windows\System\oVobOtU.exe
  2⤵
  PID:8364
- C:\Windows\System\PRMYwKN.exe
  C:\Windows\System\PRMYwKN.exe
  2⤵
  PID:8380
- C:\Windows\System\LLSIWAF.exe
  C:\Windows\System\LLSIWAF.exe
  2⤵
  PID:8396
- C:\Windows\System\pazqCnZ.exe
  C:\Windows\System\pazqCnZ.exe
  2⤵
  PID:8412
- C:\Windows\System\LUulLYW.exe
  C:\Windows\System\LUulLYW.exe
  2⤵
  PID:8428
- C:\Windows\System\aIZvqWt.exe
  C:\Windows\System\aIZvqWt.exe
  2⤵
  PID:8444
- C:\Windows\System\GiyKhUZ.exe
  C:\Windows\System\GiyKhUZ.exe
  2⤵
  PID:8460
- C:\Windows\System\QIsUxFU.exe
  C:\Windows\System\QIsUxFU.exe
  2⤵
  PID:8476
- C:\Windows\System\BZWNFbB.exe
  C:\Windows\System\BZWNFbB.exe
  2⤵
  PID:8496
- C:\Windows\System\lJwguye.exe
  C:\Windows\System\lJwguye.exe
  2⤵
  PID:8512
- C:\Windows\System\xwDEvSa.exe
  C:\Windows\System\xwDEvSa.exe
  2⤵
  PID:8528
- C:\Windows\System\pNmVjRH.exe
  C:\Windows\System\pNmVjRH.exe
  2⤵
  PID:8544
- C:\Windows\System\bhFdAMA.exe
  C:\Windows\System\bhFdAMA.exe
  2⤵
  PID:8564
- C:\Windows\System\SKatjhR.exe
  C:\Windows\System\SKatjhR.exe
  2⤵
  PID:8580
- C:\Windows\System\GnERDlc.exe
  C:\Windows\System\GnERDlc.exe
  2⤵
  PID:8596
- C:\Windows\System\ZgcdQUX.exe
  C:\Windows\System\ZgcdQUX.exe
  2⤵
  PID:8612
- C:\Windows\System\EDrIRDf.exe
  C:\Windows\System\EDrIRDf.exe
  2⤵
  PID:8628
- C:\Windows\System\nPOWsws.exe
  C:\Windows\System\nPOWsws.exe
  2⤵
  PID:8644
- C:\Windows\System\hOiHvZC.exe
  C:\Windows\System\hOiHvZC.exe
  2⤵
  PID:8660
- C:\Windows\System\yEksgsf.exe
  C:\Windows\System\yEksgsf.exe
  2⤵
  PID:8676
- C:\Windows\System\peYqxJW.exe
  C:\Windows\System\peYqxJW.exe
  2⤵
  PID:8692
- C:\Windows\System\kqYxkwR.exe
  C:\Windows\System\kqYxkwR.exe
  2⤵
  PID:8708
- C:\Windows\System\NGTwIHw.exe
  C:\Windows\System\NGTwIHw.exe
  2⤵
  PID:8724
- C:\Windows\System\PTcTVCN.exe
  C:\Windows\System\PTcTVCN.exe
  2⤵
  PID:8748
- C:\Windows\System\QpZEmWc.exe
  C:\Windows\System\QpZEmWc.exe
  2⤵
  PID:8764
- C:\Windows\System\jHevbGr.exe
  C:\Windows\System\jHevbGr.exe
  2⤵
  PID:8780
- C:\Windows\System\cWSOKrZ.exe
  C:\Windows\System\cWSOKrZ.exe
  2⤵
  PID:8796
- C:\Windows\System\QIutxoB.exe
  C:\Windows\System\QIutxoB.exe
  2⤵
  PID:8812
- C:\Windows\System\zDlwtVB.exe
  C:\Windows\System\zDlwtVB.exe
  2⤵
  PID:8828
- C:\Windows\System\PwgDdZp.exe
  C:\Windows\System\PwgDdZp.exe
  2⤵
  PID:8844
- C:\Windows\System\MiseHvJ.exe
  C:\Windows\System\MiseHvJ.exe
  2⤵
  PID:8860
- C:\Windows\System\mriUcBY.exe
  C:\Windows\System\mriUcBY.exe
  2⤵
  PID:8880
- C:\Windows\System\hgohRtV.exe
  C:\Windows\System\hgohRtV.exe
  2⤵
  PID:8900
- C:\Windows\System\vNZPWtK.exe
  C:\Windows\System\vNZPWtK.exe
  2⤵
  PID:8916
- C:\Windows\System\ZhfPtpD.exe
  C:\Windows\System\ZhfPtpD.exe
  2⤵
  PID:8932
- C:\Windows\System\kGIDSus.exe
  C:\Windows\System\kGIDSus.exe
  2⤵
  PID:8948
- C:\Windows\System\ayKmdcM.exe
  C:\Windows\System\ayKmdcM.exe
  2⤵
  PID:8964
- C:\Windows\System\QUflctl.exe
  C:\Windows\System\QUflctl.exe
  2⤵
  PID:8980
- C:\Windows\System\PYxqsab.exe
  C:\Windows\System\PYxqsab.exe
  2⤵
  PID:8996
- C:\Windows\System\jLkxAen.exe
  C:\Windows\System\jLkxAen.exe
  2⤵
  PID:9012
- C:\Windows\System\gKHzjBF.exe
  C:\Windows\System\gKHzjBF.exe
  2⤵
  PID:9028
- C:\Windows\System\AuOgzMR.exe
  C:\Windows\System\AuOgzMR.exe
  2⤵
  PID:9044
- C:\Windows\System\ieSwBXI.exe
  C:\Windows\System\ieSwBXI.exe
  2⤵
  PID:9060
- C:\Windows\System\EXiNiuv.exe
  C:\Windows\System\EXiNiuv.exe
  2⤵
  PID:9076
- C:\Windows\System\PHbkuWA.exe
  C:\Windows\System\PHbkuWA.exe
  2⤵
  PID:9092
- C:\Windows\System\OuHjcNd.exe
  C:\Windows\System\OuHjcNd.exe
  2⤵
  PID:9108
- C:\Windows\System\YJTuiaa.exe
  C:\Windows\System\YJTuiaa.exe
  2⤵
  PID:9124
- C:\Windows\System\eyjqTKW.exe
  C:\Windows\System\eyjqTKW.exe
  2⤵
  PID:9140
- C:\Windows\System\wDCFyBY.exe
  C:\Windows\System\wDCFyBY.exe
  2⤵
  PID:9156
- C:\Windows\System\ZTUEQvO.exe
  C:\Windows\System\ZTUEQvO.exe
  2⤵
  PID:9172
- C:\Windows\System\EBNIxdp.exe
  C:\Windows\System\EBNIxdp.exe
  2⤵
  PID:9188
- C:\Windows\System\XLIydxC.exe
  C:\Windows\System\XLIydxC.exe
  2⤵
  PID:9204
- C:\Windows\System\zNKshnj.exe
  C:\Windows\System\zNKshnj.exe
  2⤵
  PID:8004
- C:\Windows\System\UKlVTRU.exe
  C:\Windows\System\UKlVTRU.exe
  2⤵
  PID:8200
- C:\Windows\System\dDUUsqY.exe
  C:\Windows\System\dDUUsqY.exe
  2⤵
  PID:8264
- C:\Windows\System\fKPMbpo.exe
  C:\Windows\System\fKPMbpo.exe
  2⤵
  PID:7384
- C:\Windows\System\MyXtEGR.exe
  C:\Windows\System\MyXtEGR.exe
  2⤵
  PID:8328
- C:\Windows\System\KinZOAU.exe
  C:\Windows\System\KinZOAU.exe
  2⤵
  PID:8388
- C:\Windows\System\eHgQMod.exe
  C:\Windows\System\eHgQMod.exe
  2⤵
  PID:8452
- C:\Windows\System\VCoqPOX.exe
  C:\Windows\System\VCoqPOX.exe
  2⤵
  PID:8276
- C:\Windows\System\zekOVnU.exe
  C:\Windows\System\zekOVnU.exe
  2⤵
  PID:8340
- C:\Windows\System\bNDEhvn.exe
  C:\Windows\System\bNDEhvn.exe
  2⤵
  PID:8436
- C:\Windows\System\fgrXWpc.exe
  C:\Windows\System\fgrXWpc.exe
  2⤵
  PID:8404
- C:\Windows\System\egbEJtA.exe
  C:\Windows\System\egbEJtA.exe
  2⤵
  PID:8556
- C:\Windows\System\McuwfoR.exe
  C:\Windows\System\McuwfoR.exe
  2⤵
  PID:8592
- C:\Windows\System\tKZOYvn.exe
  C:\Windows\System\tKZOYvn.exe
  2⤵
  PID:8652
- C:\Windows\System\WLMoeHt.exe
  C:\Windows\System\WLMoeHt.exe
  2⤵
  PID:8604
- C:\Windows\System\KJinShx.exe
  C:\Windows\System\KJinShx.exe
  2⤵
  PID:8608
- C:\Windows\System\LRZnmDz.exe
  C:\Windows\System\LRZnmDz.exe
  2⤵
  PID:8656
- C:\Windows\System\JxIUxcg.exe
  C:\Windows\System\JxIUxcg.exe
  2⤵
  PID:8704
- C:\Windows\System\CekmWGZ.exe
  C:\Windows\System\CekmWGZ.exe
  2⤵
  PID:8720
- C:\Windows\System\kByyodB.exe
  C:\Windows\System\kByyodB.exe
  2⤵
  PID:2540
- C:\Windows\System\sPutjGf.exe
  C:\Windows\System\sPutjGf.exe
  2⤵
  PID:8756
- C:\Windows\System\LAuiNeB.exe
  C:\Windows\System\LAuiNeB.exe
  2⤵
  PID:8804
- C:\Windows\System\TnScAyv.exe
  C:\Windows\System\TnScAyv.exe
  2⤵
  PID:8820
- C:\Windows\System\JEhqjzn.exe
  C:\Windows\System\JEhqjzn.exe
  2⤵
  PID:8824
- C:\Windows\System\tYTrXmr.exe
  C:\Windows\System\tYTrXmr.exe
  2⤵
  PID:8876
- C:\Windows\System\sJMAkSf.exe
  C:\Windows\System\sJMAkSf.exe
  2⤵
  PID:8912
- C:\Windows\System\KQmMGeK.exe
  C:\Windows\System\KQmMGeK.exe
  2⤵
  PID:8940
- C:\Windows\System\zdMpAiD.exe
  C:\Windows\System\zdMpAiD.exe
  2⤵
  PID:8956
- C:\Windows\System\tCzSwFS.exe
  C:\Windows\System\tCzSwFS.exe
  2⤵
  PID:9036
- C:\Windows\System\oxsdMbi.exe
  C:\Windows\System\oxsdMbi.exe
  2⤵
  PID:8972
- C:\Windows\System\cFivozY.exe
  C:\Windows\System\cFivozY.exe
  2⤵
  PID:9056
- C:\Windows\System\NxfgMeT.exe
  C:\Windows\System\NxfgMeT.exe
  2⤵
  PID:9104
- C:\Windows\System\KuqgytC.exe
  C:\Windows\System\KuqgytC.exe
  2⤵
  PID:9152
- C:\Windows\System\RCklfgB.exe
  C:\Windows\System\RCklfgB.exe
  2⤵
  PID:9168
- C:\Windows\System\hufemFn.exe
  C:\Windows\System\hufemFn.exe
  2⤵
  PID:7940
- C:\Windows\System\jSrfFvI.exe
  C:\Windows\System\jSrfFvI.exe
  2⤵
  PID:9200
- C:\Windows\System\seSNdkE.exe
  C:\Windows\System\seSNdkE.exe
  2⤵
  PID:8356
- C:\Windows\System\acybXjd.exe
  C:\Windows\System\acybXjd.exe
  2⤵
  PID:8244
- C:\Windows\System\vSpTRCx.exe
  C:\Windows\System\vSpTRCx.exe
  2⤵
  PID:8248
- C:\Windows\System\aDjHOxI.exe
  C:\Windows\System\aDjHOxI.exe
  2⤵
  PID:8376
- C:\Windows\System\STsEdYj.exe
  C:\Windows\System\STsEdYj.exe
  2⤵
  PID:8520
- C:\Windows\System\tyIyrZo.exe
  C:\Windows\System\tyIyrZo.exe
  2⤵
  PID:8508
- C:\Windows\System\kRJTfhl.exe
  C:\Windows\System\kRJTfhl.exe
  2⤵
  PID:8732
- C:\Windows\System\xRfZsfq.exe
  C:\Windows\System\xRfZsfq.exe
  2⤵
  PID:8836
- C:\Windows\System\idJGMYZ.exe
  C:\Windows\System\idJGMYZ.exe
  2⤵
  PID:8672
- C:\Windows\System\lqGKQCM.exe
  C:\Windows\System\lqGKQCM.exe
  2⤵
  PID:8892
- C:\Windows\System\qSSNEnA.exe
  C:\Windows\System\qSSNEnA.exe
  2⤵
  PID:2288
- C:\Windows\System\SntnWij.exe
  C:\Windows\System\SntnWij.exe
  2⤵
  PID:8908
- C:\Windows\System\jrJpuol.exe
  C:\Windows\System\jrJpuol.exe
  2⤵
  PID:9004
- C:\Windows\System\PsZyRLU.exe
  C:\Windows\System\PsZyRLU.exe
  2⤵
  PID:9084
- C:\Windows\System\cYjuIWQ.exe
  C:\Windows\System\cYjuIWQ.exe
  2⤵
  PID:9072
- C:\Windows\System\yCOFnev.exe
  C:\Windows\System\yCOFnev.exe
  2⤵
  PID:8196
- C:\Windows\System\OxjVhzh.exe
  C:\Windows\System\OxjVhzh.exe
  2⤵
  PID:8360
- C:\Windows\System\xfyFSDC.exe
  C:\Windows\System\xfyFSDC.exe
  2⤵
  PID:9184
- C:\Windows\System\UAUQPoJ.exe
  C:\Windows\System\UAUQPoJ.exe
  2⤵
  PID:8372
- C:\Windows\System\lFTRrYj.exe
  C:\Windows\System\lFTRrYj.exe
  2⤵
  PID:8536
- C:\Windows\System\skKZmQu.exe
  C:\Windows\System\skKZmQu.exe
  2⤵
  PID:8716
- C:\Windows\System\CaqYwVJ.exe
  C:\Windows\System\CaqYwVJ.exe
  2⤵
  PID:8896
- C:\Windows\System\LMTMOyW.exe
  C:\Windows\System\LMTMOyW.exe
  2⤵
  PID:8852
- C:\Windows\System\KufGdGf.exe
  C:\Windows\System\KufGdGf.exe
  2⤵
  PID:8988
- C:\Windows\System\mBKiqLz.exe
  C:\Windows\System\mBKiqLz.exe
  2⤵
  PID:9120
- C:\Windows\System\PNFQKod.exe
  C:\Windows\System\PNFQKod.exe
  2⤵
  PID:9024
- C:\Windows\System\NyeWhIV.exe
  C:\Windows\System\NyeWhIV.exe
  2⤵
  PID:9008
- C:\Windows\System\EFEPolE.exe
  C:\Windows\System\EFEPolE.exe
  2⤵
  PID:8872
- C:\Windows\System\GZQOBoj.exe
  C:\Windows\System\GZQOBoj.exe
  2⤵
  PID:9148
- C:\Windows\System\OxEFQkl.exe
  C:\Windows\System\OxEFQkl.exe
  2⤵
  PID:8560
- C:\Windows\System\toDOAZv.exe
  C:\Windows\System\toDOAZv.exe
  2⤵
  PID:7776
- C:\Windows\System\HPEOXJu.exe
  C:\Windows\System\HPEOXJu.exe
  2⤵
  PID:9228
- C:\Windows\System\eFZIuyD.exe
  C:\Windows\System\eFZIuyD.exe
  2⤵
  PID:9244
- C:\Windows\System\gZEdijA.exe
  C:\Windows\System\gZEdijA.exe
  2⤵
  PID:9260
- C:\Windows\System\tSJkBcd.exe
  C:\Windows\System\tSJkBcd.exe
  2⤵
  PID:9276
- C:\Windows\System\bAfMeLa.exe
  C:\Windows\System\bAfMeLa.exe
  2⤵
  PID:9292
- C:\Windows\System\MNawOBI.exe
  C:\Windows\System\MNawOBI.exe
  2⤵
  PID:9308
- C:\Windows\System\HIbxSZB.exe
  C:\Windows\System\HIbxSZB.exe
  2⤵
  PID:9324
- C:\Windows\System\bNqbDaC.exe
  C:\Windows\System\bNqbDaC.exe
  2⤵
  PID:9340
- C:\Windows\System\SygmnXb.exe
  C:\Windows\System\SygmnXb.exe
  2⤵
  PID:9360
- C:\Windows\System\VIaZrUF.exe
  C:\Windows\System\VIaZrUF.exe
  2⤵
  PID:9376
- C:\Windows\System\QuWBQhy.exe
  C:\Windows\System\QuWBQhy.exe
  2⤵
  PID:9392
- C:\Windows\System\JMAspHA.exe
  C:\Windows\System\JMAspHA.exe
  2⤵
  PID:9408
- C:\Windows\System\WXfRCMN.exe
  C:\Windows\System\WXfRCMN.exe
  2⤵
  PID:9424
- C:\Windows\System\haYbpct.exe
  C:\Windows\System\haYbpct.exe
  2⤵
  PID:9440
- C:\Windows\System\wAiFjOU.exe
  C:\Windows\System\wAiFjOU.exe
  2⤵
  PID:9456
- C:\Windows\System\tGmrAHI.exe
  C:\Windows\System\tGmrAHI.exe
  2⤵
  PID:9472
- C:\Windows\System\auOMnoo.exe
  C:\Windows\System\auOMnoo.exe
  2⤵
  PID:9488
- C:\Windows\System\wPHKwCB.exe
  C:\Windows\System\wPHKwCB.exe
  2⤵
  PID:9504
- C:\Windows\System\bLXSwcF.exe
  C:\Windows\System\bLXSwcF.exe
  2⤵
  PID:9520
- C:\Windows\System\BhsoTHY.exe
  C:\Windows\System\BhsoTHY.exe
  2⤵
  PID:9536
- C:\Windows\System\boReVVC.exe
  C:\Windows\System\boReVVC.exe
  2⤵
  PID:9552
- C:\Windows\System\tnwmjqU.exe
  C:\Windows\System\tnwmjqU.exe
  2⤵
  PID:9568
- C:\Windows\System\jygrQMk.exe
  C:\Windows\System\jygrQMk.exe
  2⤵
  PID:9584
- C:\Windows\System\oNBxCiE.exe
  C:\Windows\System\oNBxCiE.exe
  2⤵
  PID:9600
- C:\Windows\System\EWcmkWl.exe
  C:\Windows\System\EWcmkWl.exe
  2⤵
  PID:9616
- C:\Windows\System\rsNfyrV.exe
  C:\Windows\System\rsNfyrV.exe
  2⤵
  PID:9632
- C:\Windows\System\jTtihJL.exe
  C:\Windows\System\jTtihJL.exe
  2⤵
  PID:9648
- C:\Windows\System\obzWfkp.exe
  C:\Windows\System\obzWfkp.exe
  2⤵
  PID:9664
- C:\Windows\System\kNAPesv.exe
  C:\Windows\System\kNAPesv.exe
  2⤵
  PID:9680
- C:\Windows\System\SqkPIkb.exe
  C:\Windows\System\SqkPIkb.exe
  2⤵
  PID:9696
- C:\Windows\System\ILSUBzJ.exe
  C:\Windows\System\ILSUBzJ.exe
  2⤵
  PID:9712
- C:\Windows\System\fDaooOu.exe
  C:\Windows\System\fDaooOu.exe
  2⤵
  PID:9740
- C:\Windows\System\XEFvaCR.exe
  C:\Windows\System\XEFvaCR.exe
  2⤵
  PID:9756
- C:\Windows\System\UKERjxr.exe
  C:\Windows\System\UKERjxr.exe
  2⤵
  PID:9776
- C:\Windows\System\nZiFXFH.exe
  C:\Windows\System\nZiFXFH.exe
  2⤵
  PID:9792
- C:\Windows\System\SYgnrxJ.exe
  C:\Windows\System\SYgnrxJ.exe
  2⤵
  PID:10188
- C:\Windows\System\tZtkyni.exe
  C:\Windows\System\tZtkyni.exe
  2⤵
  PID:10204
- C:\Windows\System\rcoqKdr.exe
  C:\Windows\System\rcoqKdr.exe
  2⤵
  PID:10224
- C:\Windows\System\zzMsXAE.exe
  C:\Windows\System\zzMsXAE.exe
  2⤵
  PID:8772
- C:\Windows\System\zMNSMBi.exe
  C:\Windows\System\zMNSMBi.exe
  2⤵
  PID:9332
- C:\Windows\System\pvAbQqR.exe
  C:\Windows\System\pvAbQqR.exe
  2⤵
  PID:9348
- C:\Windows\System\PZTCZfN.exe
  C:\Windows\System\PZTCZfN.exe
  2⤵
  PID:9252
- C:\Windows\System\CvudDGs.exe
  C:\Windows\System\CvudDGs.exe
  2⤵
  PID:9516
- C:\Windows\System\TNLuuwt.exe
  C:\Windows\System\TNLuuwt.exe
  2⤵
  PID:9764
- C:\Windows\System\SaXpBqo.exe
  C:\Windows\System\SaXpBqo.exe
  2⤵
  PID:9800
- C:\Windows\System\iszBPLc.exe
  C:\Windows\System\iszBPLc.exe
  2⤵
  PID:9832
- C:\Windows\System\ziKZYyf.exe
  C:\Windows\System\ziKZYyf.exe
  2⤵
  PID:9900
- C:\Windows\System\IbdMAsE.exe
  C:\Windows\System\IbdMAsE.exe
  2⤵
  PID:9924
- C:\Windows\System\kkxqqvV.exe
  C:\Windows\System\kkxqqvV.exe
  2⤵
  PID:9984
- C:\Windows\System\MClbmxI.exe
  C:\Windows\System\MClbmxI.exe
  2⤵
  PID:10028
- C:\Windows\System\toCIacl.exe
  C:\Windows\System\toCIacl.exe
  2⤵
  PID:10096
- C:\Windows\System\igxvsEt.exe
  C:\Windows\System\igxvsEt.exe
  2⤵
  PID:9816
- C:\Windows\System\XJulaPC.exe
  C:\Windows\System\XJulaPC.exe
  2⤵
  PID:10176
- C:\Windows\System\bExnunG.exe
  C:\Windows\System\bExnunG.exe
  2⤵
  PID:9808
- C:\Windows\System\TQmkHUs.exe
  C:\Windows\System\TQmkHUs.exe
  2⤵
  PID:9856
- C:\Windows\System\grvjCFY.exe
  C:\Windows\System\grvjCFY.exe
  2⤵
  PID:9880
- C:\Windows\System\YPHXkrG.exe
  C:\Windows\System\YPHXkrG.exe
  2⤵
  PID:9896
- C:\Windows\System\spbzadO.exe
  C:\Windows\System\spbzadO.exe
  2⤵
  PID:9940
- C:\Windows\System\oPmxpzX.exe
  C:\Windows\System\oPmxpzX.exe
  2⤵
  PID:9964
- C:\Windows\System\bwkPTTr.exe
  C:\Windows\System\bwkPTTr.exe
  2⤵
  PID:9988
- C:\Windows\System\tdyTpSa.exe
  C:\Windows\System\tdyTpSa.exe
  2⤵
  PID:10016
- C:\Windows\System\npFJREW.exe
  C:\Windows\System\npFJREW.exe
  2⤵
  PID:10044
- C:\Windows\System\NlNnDgc.exe
  C:\Windows\System\NlNnDgc.exe
  2⤵
  PID:10076
- C:\Windows\System\FFSdZnA.exe
  C:\Windows\System\FFSdZnA.exe
  2⤵
  PID:10092
- C:\Windows\System\SrMqoXi.exe
  C:\Windows\System\SrMqoXi.exe
  2⤵
  PID:10112
- C:\Windows\System\khsVHCg.exe
  C:\Windows\System\khsVHCg.exe
  2⤵
  PID:10132
- C:\Windows\System\YwiBrxS.exe
  C:\Windows\System\YwiBrxS.exe
  2⤵
  PID:10144
- C:\Windows\System\FXzkXzA.exe
  C:\Windows\System\FXzkXzA.exe
  2⤵
  PID:10172
- C:\Windows\System\ilNUHxA.exe
  C:\Windows\System\ilNUHxA.exe
  2⤵
  PID:10220
- C:\Windows\System\FgPlHAL.exe
  C:\Windows\System\FgPlHAL.exe
  2⤵
  PID:9336
- C:\Windows\System\wacYtPm.exe
  C:\Windows\System\wacYtPm.exe
  2⤵
  PID:8760
- C:\Windows\System\JWAhMRi.exe
  C:\Windows\System\JWAhMRi.exe
  2⤵
  PID:9496
- C:\Windows\System\QsUMRgD.exe
  C:\Windows\System\QsUMRgD.exe
  2⤵
  PID:9528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BjuiHao.exe

Filesize
6.0MB

MD5
d991b74b69df12e670ad06178cfe2525

SHA1
b78b889b33e893a32dbd814163990c8b895d1248

SHA256
04b0346b678b54c31adc7a029fb8ce0d37e7d1cc74abd2cddd2335bf3c77f33b

SHA512
d7a79183128ed68376c1213fa63795cd37b57eb815945fb7f9c47388c7206dc03effaa52fb5f346e2ca6929a7db7238d9dbd552dc5013a46ae431aa52edbe29f

Download Submit
C:\Windows\system\EbMUEMy.exe

Filesize
6.0MB

MD5
e8fd6af9bdce53786bf6f4255b151179

SHA1
22c4304b5b8ba950127268d07970d10412c5c8de

SHA256
1b613a3dea46151b651cc5f0579b4af8807baa68857b34d928709dad7fd2abb0

SHA512
7bad408ef743f3947180afbc6fd882668724469a46a8de449ee7339b4978a5d699d996a57159f1f4930781005c5577c38f1ebd7ad3a3d4640ab73acb5cf95be6

Download Submit
C:\Windows\system\GUKeWey.exe

Filesize
6.0MB

MD5
2b0539d37a8787047a5364e6c4eb0bdf

SHA1
394441b132090cf403496a83f73bb26914291d0b

SHA256
e14f3b64571fad7508b0b297bad4beeb3e1dc9413975e61b1097c5953720c3ff

SHA512
1a82ebf670fc675724bdd539134aa78c88eff658259a78648f51fc85b24e91b0cabef62f31691a31eab78ad41e6bfe2d7d0d0e615ad431c5f155b794bb27b30e

Download Submit
C:\Windows\system\HlmzJLa.exe

Filesize
6.0MB

MD5
10893c2209106ffa347cd04b5f7a0b47

SHA1
0c5116804a368966706db68bee97dd73ed4d665e

SHA256
b59db3afa9ed343681d4aef806e04a24991aa40be2fb18ff4b2b199c14f6c2b5

SHA512
a579cc2710850cac06e60fbaef73e75cb760fb371bab33e3b293312fbab9e3d4a1f4fc470b0b762266c25bfe50e8bdc32fbf4fc86817f2a5e0582e92d20482af

Download Submit
C:\Windows\system\NaafHew.exe

Filesize
6.0MB

MD5
36adabcc919d1b0190fe5892a93a05fa

SHA1
2f0255cf224a26cde57e62699862dfe1c6643dd0

SHA256
429b2f1fb65ad3bef357304648aff66544ad6a6a7568959ab2531a184df9ca7b

SHA512
9090b2dddc6fa0e218d0e6bfac281ecff4c2b507e2e0a9a5d7e9ee4c14457f2bd7e66962f2c0378bdebb04abd5ff16fd305bf0d8bfa5cbcae0b005cba225cd85

Download Submit
C:\Windows\system\NydgbPa.exe

Filesize
6.0MB

MD5
1f62bed421e290d99251aa4db6cedb9f

SHA1
b9f57b1d5334c1d95f1e130d003f6966e0d26f1b

SHA256
43d3c07fe5b3cd165789d41e0731b3fd9a0b5ce9bee1e7b2a4183540a2c7c522

SHA512
0d5d1f8fea0ed4ff111d89b176904f5b11d83575329ec60fe53cd44037c22280c0999d462177ad40a7fef7f6934a8a02892608d3fea5e19db5ec001aa6cd5e5d

Download Submit
C:\Windows\system\UvBTnkY.exe

Filesize
6.0MB

MD5
856a9db32ac38ab7cc3ed99f8f7bda95

SHA1
96580a823e50f4b7da40842c50385577cf0570b5

SHA256
1d45e032839afa244e12a873e8d8f67bb6aed24ee8092f5f760f760bdcefb11d

SHA512
ebac8703de1884749327a7a91afcef11e950aee6a8746176c7d2296f7c1de7831c54a6d7ae57f44a0f49a35abe8c0a1b6aa257d466a7f64a723fa695f943d226

Download Submit
C:\Windows\system\YMFuunH.exe

Filesize
6.0MB

MD5
b50e5276c7f198b46ef6de04ae33af96

SHA1
00a3fca1a9a5ffbd2caf28f99d6c8d84dd3a7782

SHA256
3d3e906046bbf2bdf7bc4ec5de1ef5bee20ebfa3d01d1bcd9ddf4924bb03152e

SHA512
edfd99218b9316115c0d878579ee2acacdd5eeb82e1df81bd4aca0a6b5567972ea1377a6677f41c88e28fb92bb24c4a677553b98f2bc7673c1c13573b056d2c5

Download Submit
C:\Windows\system\acqwWqX.exe

Filesize
6.0MB

MD5
80bfc11d933754d63e0ed1cb7c465870

SHA1
ecec61b520e5d299616f4d52b0ae1e695cd57e56

SHA256
38bb1de46781e290065e37a985af6f133c6b600cca6a32a534d350a7094541af

SHA512
6bfab7426f73d6a3da638571e8c512df025ab8f6483182a40138c4d47158d6391ca5a536f9589c01095c4a26cbc46ce9f2a4ffa30574700360ef6d19a8279afe

Download Submit
C:\Windows\system\bfolqdm.exe

Filesize
6.0MB

MD5
94de8ed0ab098f908a92bead8c4b867f

SHA1
15b0e7f104118e043125c300a7d2edd02547d083

SHA256
e0f954cec329191a38b40f6e98ef266aefcdde50680149e32d795b97e2953f19

SHA512
a8e4d38f795e5c9e1ff9789538dc31bf9a7a30e139c26708b439820b77abd6fa63bb5a1e23116f74b0dc936de6e16f2106fcc3f1934c7204f0a0cc5fd1158308

Download Submit
C:\Windows\system\cOGBCiQ.exe

Filesize
6.0MB

MD5
56b39bea893f8bba3a6af57d882c531e

SHA1
acc23b8f2003ee40772d285890e5f1c809755c50

SHA256
f25e82c72ffd4ad494f681bf4a0af1479371113d83fc7b3af7e4258afaacca8b

SHA512
4a18234a118e73ffa7bc8e4d302c2835544c4e19a3a0ea7f50e68a4232369e9b6cee295add17af7fd370b21666e1a96673a0e3c63bcdb49cf60aa45a04d6f6f7

Download Submit
C:\Windows\system\dBYyQCk.exe

Filesize
6.0MB

MD5
3302b86e023d6c4668f8287b4ad23198

SHA1
2ad1232fc536fcb231afeddb2d1ccfd125f7aca1

SHA256
e0f0492bb6f49953bef9a44c9c46dabab9b54dfaa63c11be3a7cf977210e7caf

SHA512
46af8d6a1b52952733b8bdefa75e8a832514919dba019a86669b34dcd886650b0c484a3a3e952270c067566ccbce25652be14c855ba37bb2f18450da6b92b697

Download Submit
C:\Windows\system\fiaXggM.exe

Filesize
6.0MB

MD5
6383adcb49c76433640b70ae0cb07919

SHA1
ec997d9d0a9b5e3cd06326be275ba32ce011635c

SHA256
4071fd575cce90ac759c78b09c9bef831cb5a22b676f7a4237f07df830fa0b2f

SHA512
aaf3c9cad5a941998ed7583291080d7c4d6cd6423991770b39bea6a4eb96841102933f383016af3a7080927aed86558c10b277ba1dc3adb13c49a23c015ecb0b

Download Submit
C:\Windows\system\iGkODkP.exe

Filesize
6.0MB

MD5
3c0962ff009971a4927d35edf406b333

SHA1
37339fed9e1322d595c99adae96224fe166049a8

SHA256
3af2a992a71c49da5fe3fea4f92a8bb87071b3fd6df4f1ef6ff8bf1f649d5d6f

SHA512
2bc157092af4f7a88a162e4f8687bae74584523da362e96bb7096d8921f45ce3dc443749dbd341f6947ebcb4bf2bc8e8c46ec8b44be783a2e58311f5eda85471

Download Submit
C:\Windows\system\ikHWlEC.exe

Filesize
6.0MB

MD5
9841ad3e056ea9088b792d0a5d2c9df3

SHA1
663dd3f5237d565b2c269fe101693a446858e610

SHA256
ea21be9d9284bfcea3ae6e81feb7ee84ae0f2a7d732ccefd9646860cf16e2567

SHA512
95970eb4065a33e0aaed7f650c11c4fb7e38a8979cda0f7790c0d7b4a69e0937a67c9aaea393bc1c865a5f4d44e91d2400b57c8fa5c33ce6cf7fa5d07289142e

Download Submit
C:\Windows\system\jjOTRmd.exe

Filesize
6.0MB

MD5
290596c3831b471e47c63c405fc757fd

SHA1
6b70c74c2f6dba110cbd77fe7a6b7d31e49751be

SHA256
9588b9c99dd97f978d2c2f05968115bce6edfb85d5ca09aa49cdd08a218173e0

SHA512
d2657a19fdcdb85b7c0bed4d4dd30161311827b622cf30083289bc1f918776cc6c902a31ddb513328064d467127b5433164136a13fc4251e1e520057e943833d

Download Submit
C:\Windows\system\mHdsrcy.exe

Filesize
6.0MB

MD5
476f17d7f146c0c3c250ab55cc668aee

SHA1
84edb375c2125a489729afdb4a611e8dda2bbafa

SHA256
dc865f90fde8858e4eb1732605fd66095bf524ddb338b1a359b00cfc8fda8add

SHA512
404d064698dcfba30f35a650959fa0f675a7d6baeb54f945dffc1b0d84e5e8a85f8dfbe05805aa66f33d462a2a7fafe7af4c0159f26c09ef949b0500c81bbfd2

Download Submit
C:\Windows\system\mKOgATo.exe

Filesize
6.0MB

MD5
a84a60881dd56697e63273a2e0e8ae3c

SHA1
fc3576e3f4ddb3636e969efc8fb3cef7015fc72e

SHA256
6ed4ca1cd77353e057fe11e944cee5fcb59a9cc03af412ed1b0ee70ad439e254

SHA512
f09d0fc1b87bd8cbf8921c5e5bff225d187b138c22504e765f39edfe5a8fffb6071a737ce195b933e67e6ee905d2948df2fc3d19c07779be2c829a8be9be96de

Download Submit
C:\Windows\system\mvdZiUZ.exe

Filesize
6.0MB

MD5
04682bca7a7272e1f5a3ebe3b67d48b8

SHA1
692b93b3ea080dbfca33c65514378e10927171a5

SHA256
4c5bff0a79e667b102a3259a6942cbc26eb65fd5fdd2c13f6c5e4df58e98a397

SHA512
5cb382b58d669532e8e27505f1fe5e54b8f40a0ecbdcb5967ae106f04bcb53146b47e69f67d27b0802f91fe98538f643019c509eeef04731c48e3be8c1df52f6

Download Submit
C:\Windows\system\pcNCjdU.exe

Filesize
6.0MB

MD5
c3522191f801c079e900d01a0cb1dd95

SHA1
e95f7f11f0acc8fbae7a060d594b1a8dd160e7ee

SHA256
3ec10aaffb7e2b60c41c64054b3b0164384c0ce099404636b60165bed086e0ef

SHA512
a5d59aa8e94fc7f9f8855b9ff879b8dd486f975fb0dbd81c89438e7ddaa0c920b7ac22c1c3c38e891a3e8a06f6a1c60256200addd8b74093fc43df2aaed2437b

Download Submit
C:\Windows\system\pyjbtKY.exe

Filesize
6.0MB

MD5
07dad69e934e492e7c99df01a37c7ff9

SHA1
b3b8d3fc5018d0f4fb3bd8ef217c725eaaa95e05

SHA256
38e0dda9273b44d935564334afa4519b36814b384f1646156bb338d190e5d497

SHA512
eb4f5a8fcef8ab7bdfe02ecf763f5dc02a6ad28d70a88eaea4e7a3a6d9cd01f379e03f196d53029ccf30145ac5c0a9c42b62c146a52d137dc61e4611d2e69fe1

Download Submit
C:\Windows\system\uCHcCTq.exe

Filesize
6.0MB

MD5
ce8ff2f9f2e7db545c3123917f30ca2f

SHA1
2aa307f0160b1bdcf947f7e4fe86c48d16af9a60

SHA256
3739f5f6130c173e0932c273f839969fa84cfebd451b1ffa5ab29a8d4da9067c

SHA512
bef4a32c32876dbb9218d191f60cc714514823c998f4a10ebde1f157fea4297084c463a9b40d02453c363b6b86fbfc2a6cabca4cf73571c7b5e89e9ba0c962d2

Download Submit
C:\Windows\system\xFHBHVc.exe

Filesize
6.0MB

MD5
b6a66a3d86109acd9616d347f9c6970a

SHA1
45c936bc74c71b7eb79e9a8fa6dbea35987b80e4

SHA256
ebb8710f1d7434e3fb490d017b9fd4ee1ab6fc304468cf2edc0ba8f542289ad1

SHA512
d35980763c7014c5a7d902dc2eec86c322f093996b98e03e4829f510606474796a394048b8b723a2ebc67265afc6ccc1bc7977633399f6c520c166f6a53ad3ba

Download Submit
\Windows\system\GKPaxXO.exe

Filesize
6.0MB

MD5
14a6278c05208037ef53c96eab8cb62e

SHA1
43b8bbaa57b384bcab76ca990c638f643ba658af

SHA256
cebf2d4eb9eb534654e2e59455a3ff7f07ef4b49bf045db1e58a6357d0fdb93f

SHA512
9c8d645f1e9205803615535e1d8756cdcef8c22ca27d6eab591ffac40886b2b0401fadea2dc99a939f7a881f2dc3fea9270769bb494b36ea2d833371f61f1c81

Download Submit
\Windows\system\LGvsavV.exe

Filesize
6.0MB

MD5
01b8c1d41f6bbc26f40050b5cff44adf

SHA1
20cb5bd56a702b1a461e5a89dd9a4ebf5bc48ef0

SHA256
1a4d0e673e8b4ec40d578f42b9f9637aa1948359cf2b11002c365ea16d6ef17f

SHA512
12fc56a28ba12af9fe781b5062b82aee3cca9a1185c12ce0ff1d8244600df852b8c5a6c56fd928f29d81fff908f229118bcccdac06e5dbfd8b8d22773e9f3f31

Download Submit
\Windows\system\NXujtPa.exe

Filesize
6.0MB

MD5
cde9086bebd8c43ac25820e9b4ac8a36

SHA1
46887357739c1d36ed231791cfc0ea176ea6d7fe

SHA256
52b67b41cbc6bca64d6965bd205e0029a8044b7c04e37eda3f576ddfaca857c0

SHA512
9639c51f3a049d2a60d38b9768f45c2eed59407e95bfbd865a36674e83296d2b0682832c1c48cd524c764ea7bded492fe18e1d237f9330a1b1d48dc4dd1870a6

Download Submit
\Windows\system\NsgMqtQ.exe

Filesize
6.0MB

MD5
06274c1e8d3ce33016a189003db2cd6a

SHA1
9585a125b73c0afcb6b903313f47c7b45a40ad8f

SHA256
9b47ad70abe1ba5e51b2cf142424fd5f0ad92fdbc5d23b63c34d5f3d34bb93eb

SHA512
7429fb6ddfe7ab0a5a542bf9f8e5051755df7e98d512b02e0000060c24da4f1f77da482841f92e5aa8713db54367f6bb9e9637dc5f022030dba854f464ce2f97

Download Submit
\Windows\system\PwrCwDu.exe

Filesize
6.0MB

MD5
f7f90ac2772a4cf303e049f33bc1defc

SHA1
c10be15f60b4761bbe867e9074d49556705ede1f

SHA256
3ba9e1e753c9b13df9855715df8e49b42ad5c861b905fbcdeb79de7d80af632d

SHA512
1278e8e5775d98765d8c15ef708bcf0a17894a957b8f44e92f9c4b53eedac37a8d6890051bd62ed55146454c4f447b6718af11cef5596fa6284b93c94ca8d239

Download Submit
\Windows\system\WlgOXYE.exe

Filesize
6.0MB

MD5
e98adfc642df31af14ee2979658b25f5

SHA1
19029fe98a7172eca8dd4c5ab230e43a6f0dcbb7

SHA256
35f910adf1feabce3ff58faceb50cc7e3ac198aca8c89b5ad43e23f19b3e5661

SHA512
5892d8a83496f55d0ffa4b83c95b52b0f154004cd1c4cf8b5e32fcc22abdafdff9c297cd44949c8ec1c0861c1da6c7f4ebb0eb3c5d33c25efbec773240778199

Download Submit
\Windows\system\cVYbfvj.exe

Filesize
6.0MB

MD5
d8ec9f5a0464ee45dfe9a32a17e3e94a

SHA1
017ded93d5f9d61f65aed631d09734f5b7fc41c5

SHA256
6223cf60c14d9bc50c86dfdcbd66a3d232a6ac68b9c08902f5c3c8c902d6a56c

SHA512
703c577422b17d5b78bb47c22db87ca66aa5e96574e873ea4306a9bfa2aea487da1f1cab50a33d565261ada4832b810f41c2af5c27e161ed3c149b8d9a480300

Download Submit
\Windows\system\gCKhqgl.exe

Filesize
6.0MB

MD5
7714cf2dd2baf2f23ac29fa4bd1f6455

SHA1
15cabf35989cae498741b02b5e4b4dad3bc1864f

SHA256
59859a2e9875604d928afe1ecdadccbbbdf9e2197ad6f76bdab05aae7de8b840

SHA512
e61f3773d0e8e44dfbd0448d9d4c65f63aa34e6a17dab914dc608fa6a8fe62355b78bfcd5ca13f8cd5f2d2343381c9011b8de5fb1ed77f819a97c410d6a476df

Download Submit
\Windows\system\gLgpRzy.exe

Filesize
6.0MB

MD5
98ef7d40786b83ff290bb3b4a01b2793

SHA1
a9915a546dd53221ec484e2a138331dae3c19502

SHA256
ed6a178cf76c44bedaf9e3393bc4e8a4fd6d3a275e7bd867c3f54093d716a7f5

SHA512
e931395874918c8d046f77357a7d4631b35db1c50268d2f86e984348e3167d400ac22264c4271f0ef8956e67d4983df891aaa9146cd0344c94d87294d10dfe42

Download Submit
\Windows\system\qOxTXNF.exe

Filesize
6.0MB

MD5
68b9a2c051454a170e6eb175ab1d8c22

SHA1
91bbf132a5d617e672ba80e2422400fb6433b04a

SHA256
06a2f42a6bf8e03bd42ae52e94d606ec5f648a6ae54ab83ec582d573a6aa098b

SHA512
59e5a7940dd5f4456b227d0b902b4811be1ac6fe9ebbc9c5d1c7d741b516504e37e4deaae3d8e86aae9a82926dfabc26ece93318065aa46729e0f6927782d662

Download Submit
memory/700-1154-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/700-375-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2116-51-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2116-1113-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2228-1119-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-59-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2228-594-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-373-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-1160-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2492-23-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2492-1109-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2596-596-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-69-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1862-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-34-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2632-467-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2632-1111-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2680-60-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1127-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-595-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-48-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1146-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-549-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2760-1112-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2760-20-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2808-1131-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2808-35-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2808-468-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2868-58-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2868-599-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-592-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2868-50-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-67-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2868-593-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2868-600-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-61-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2868-0-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2868-374-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1-0x0000000000580000-0x0000000000590000-memory.dmp

Filesize
64KB

Download
memory/2868-376-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-601-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2868-33-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/2868-21-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2868-52-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2868-372-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-17-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-380-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2868-379-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2868-8-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2868-62-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2868-598-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-25-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2868-597-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2868-602-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2964-1153-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-378-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1134-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2996-371-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/3020-22-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/3020-1114-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download