cobaltstrike | d8fbc3e8b24543a78e6ac0f537e8b2c48410ac68a91c4331df81db2de6756e11

Analysis

max time kernel
150s
max time network
26s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e97d8a158a9f7e545eb1d3378d14aa82
SHA1

eb33b3942329ed556d1e0ac01eba16b01e0382f1
SHA256

d8fbc3e8b24543a78e6ac0f537e8b2c48410ac68a91c4331df81db2de6756e11
SHA512

044381c242585b927aae7c555bb97abad519bc517336db622abae0804937d5de57234463ad35d3cb85f15d53e4e6e00796b13eb701dc1b478c09e0d25340e11b
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUK:eOl56utgpPF8u/7K

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x0009000000012238-3.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018bbf-5.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-23.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193b8-21.dat	cobalt_reflective_dll
behavioral1/files/0x0030000000019326-42.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019480-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-54.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194eb-73.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-132.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-81.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194a3-66.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948c-51.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-153.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-180.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-200.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-206.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-211.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2580-0-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x0009000000012238-3.dat	xmrig
behavioral1/files/0x0031000000018bbf-5.dat	xmrig
behavioral1/memory/2136-11-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2068-22-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0007000000019470-23.dat	xmrig
behavioral1/files/0x00080000000193b8-21.dat	xmrig
behavioral1/memory/2876-29-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2580-20-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2964-19-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/files/0x0030000000019326-42.dat	xmrig
behavioral1/memory/2580-35-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2924-44-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0006000000019480-34.dat	xmrig
behavioral1/files/0x0006000000019490-54.dat	xmrig
behavioral1/memory/2900-60-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2068-59-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x00080000000194eb-73.dat	xmrig
behavioral1/memory/2732-68-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3ab-86.dat	xmrig
behavioral1/memory/2212-92-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f8-104.dat	xmrig
behavioral1/memory/2732-109-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/files/0x000500000001a438-132.dat	xmrig
behavioral1/files/0x000500000001a404-127.dat	xmrig
behavioral1/memory/2184-133-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a400-122.dat	xmrig
behavioral1/files/0x000500000001a3fd-117.dat	xmrig
behavioral1/memory/2064-134-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2748-110-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2044-101-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2900-100-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2580-135-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3f6-99.dat	xmrig
behavioral1/memory/2212-136-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2064-83-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2924-82-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2044-138-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x000500000001a309-81.dat	xmrig
behavioral1/memory/2780-91-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2580-88-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2580-87-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2184-75-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2748-140-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2876-67-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/files/0x00080000000194a3-66.dat	xmrig
behavioral1/memory/2800-74-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2780-52-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000600000001948c-51.dat	xmrig
behavioral1/memory/2136-40-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a44d-147.dat	xmrig
behavioral1/files/0x000500000001a44f-149.dat	xmrig
behavioral1/files/0x000500000001a457-153.dat	xmrig
behavioral1/files/0x000500000001a459-161.dat	xmrig
behavioral1/files/0x000500000001a463-166.dat	xmrig
behavioral1/files/0x000500000001a469-169.dat	xmrig
behavioral1/files/0x000500000001a46b-173.dat	xmrig
behavioral1/files/0x000500000001a46d-180.dat	xmrig
behavioral1/files/0x000500000001a46f-184.dat	xmrig
behavioral1/files/0x000500000001a471-192.dat	xmrig
behavioral1/files/0x000500000001a473-195.dat	xmrig
behavioral1/files/0x000500000001a475-200.dat	xmrig
behavioral1/files/0x000500000001a477-206.dat	xmrig
behavioral1/files/0x000500000001a479-211.dat	xmrig

Executes dropped EXE 64 IoCs

Processes:

uqZclxe.exexqqbYFy.exeDYAtSpi.exeoxDWLUc.exeLKGWeeT.exefpRNbHP.exesSkAUtv.exeTBcRcVm.exewvDwFfY.exeRVjavwR.exelozCSUp.exejiCgVDV.exeaRqHNwU.exeVHjCogo.exeAhGEtIY.exeekmBmKg.exeDdaimSV.exePDnZoEp.exeoTvHLfz.exeVQsqJfh.exeaNnVoss.exeFPziYqF.exeoRrzExH.exejKhhEdG.exeErjjEWv.exeypOkbsj.exexmLXEWt.exeGcRxqCg.exeYVpGFoT.exeSzytQMZ.exeuBxzaRF.exeJoJvLvS.exebwzYLVZ.exeRfOrsRJ.exehnXwSVo.exeZmUMKIr.exewBdMssm.exeKTMPlnt.exeOYOfdRg.exelRmHggt.exeyKXlqHA.exedjZsfKP.exeJHGlbTT.exelPcZdzr.exeARuRNIp.exedwsjpmj.exeAsvQacA.exeNpMzHvo.exeUKBYJQH.exewbPaIzq.execpGHPDp.exesRuDjDl.exekkFQRTJ.exeZoHOPNr.exeDcuUHec.exebcrrnLg.exeeIbHepy.exeqGxANST.exetZDLpQk.exeDIMFcFA.exeIoJEgwc.exejRcTvvJ.exegPkYqfe.exeIBawpSt.exe

pid	Process
2136	uqZclxe.exe
2964	xqqbYFy.exe
2068	DYAtSpi.exe
2876	oxDWLUc.exe
2800	LKGWeeT.exe
2924	fpRNbHP.exe
2780	sSkAUtv.exe
2900	TBcRcVm.exe
2732	wvDwFfY.exe
2184	RVjavwR.exe
2064	lozCSUp.exe
2212	jiCgVDV.exe
2044	aRqHNwU.exe
2748	VHjCogo.exe
1728	AhGEtIY.exe
912	ekmBmKg.exe
1888	DdaimSV.exe
760	PDnZoEp.exe
2512	oTvHLfz.exe
1900	VQsqJfh.exe
1992	aNnVoss.exe
2384	FPziYqF.exe
2260	oRrzExH.exe
2088	jKhhEdG.exe
1508	ErjjEWv.exe
2620	ypOkbsj.exe
2276	xmLXEWt.exe
1704	GcRxqCg.exe
1536	YVpGFoT.exe
688	SzytQMZ.exe
1252	uBxzaRF.exe
1656	JoJvLvS.exe
1456	bwzYLVZ.exe
2012	RfOrsRJ.exe
1984	hnXwSVo.exe
1944	ZmUMKIr.exe
1624	wBdMssm.exe
932	KTMPlnt.exe
2308	OYOfdRg.exe
1308	lRmHggt.exe
2508	yKXlqHA.exe
876	djZsfKP.exe
1040	JHGlbTT.exe
1048	lPcZdzr.exe
1492	ARuRNIp.exe
2652	dwsjpmj.exe
2496	AsvQacA.exe
668	NpMzHvo.exe
3020	UKBYJQH.exe
2932	wbPaIzq.exe
2848	cpGHPDp.exe
2072	sRuDjDl.exe
2028	kkFQRTJ.exe
672	ZoHOPNr.exe
1732	DcuUHec.exe
2032	bcrrnLg.exe
316	eIbHepy.exe
2392	qGxANST.exe
1044	tZDLpQk.exe
2908	DIMFcFA.exe
2832	IoJEgwc.exe
976	jRcTvvJ.exe
2616	gPkYqfe.exe
2904	IBawpSt.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2580-0-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x0009000000012238-3.dat	upx
behavioral1/files/0x0031000000018bbf-5.dat	upx
behavioral1/memory/2136-11-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2068-22-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0007000000019470-23.dat	upx
behavioral1/files/0x00080000000193b8-21.dat	upx
behavioral1/memory/2876-29-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2964-19-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/files/0x0030000000019326-42.dat	upx
behavioral1/memory/2580-35-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2924-44-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0006000000019480-34.dat	upx
behavioral1/files/0x0006000000019490-54.dat	upx
behavioral1/memory/2900-60-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2068-59-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x00080000000194eb-73.dat	upx
behavioral1/memory/2732-68-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x000500000001a3ab-86.dat	upx
behavioral1/memory/2212-92-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/files/0x000500000001a3f8-104.dat	upx
behavioral1/memory/2732-109-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/files/0x000500000001a438-132.dat	upx
behavioral1/files/0x000500000001a404-127.dat	upx
behavioral1/memory/2184-133-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x000500000001a400-122.dat	upx
behavioral1/files/0x000500000001a3fd-117.dat	upx
behavioral1/memory/2064-134-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2748-110-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2044-101-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2900-100-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/files/0x000500000001a3f6-99.dat	upx
behavioral1/memory/2212-136-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2064-83-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2924-82-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2044-138-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/files/0x000500000001a309-81.dat	upx
behavioral1/memory/2780-91-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2184-75-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2748-140-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2876-67-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/files/0x00080000000194a3-66.dat	upx
behavioral1/memory/2800-74-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2780-52-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000600000001948c-51.dat	upx
behavioral1/memory/2136-40-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000500000001a44d-147.dat	upx
behavioral1/files/0x000500000001a44f-149.dat	upx
behavioral1/files/0x000500000001a457-153.dat	upx
behavioral1/files/0x000500000001a459-161.dat	upx
behavioral1/files/0x000500000001a463-166.dat	upx
behavioral1/files/0x000500000001a469-169.dat	upx
behavioral1/files/0x000500000001a46b-173.dat	upx
behavioral1/files/0x000500000001a46d-180.dat	upx
behavioral1/files/0x000500000001a46f-184.dat	upx
behavioral1/files/0x000500000001a471-192.dat	upx
behavioral1/files/0x000500000001a473-195.dat	upx
behavioral1/files/0x000500000001a475-200.dat	upx
behavioral1/files/0x000500000001a477-206.dat	upx
behavioral1/files/0x000500000001a479-211.dat	upx
behavioral1/memory/2136-906-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2964-910-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/2068-919-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2876-925-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\VuxvDrE.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\piAOOsh.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQMjgOV.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dUWVwHa.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vowbYso.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ajyXYQW.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XSIamIW.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjIZICp.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btibLKi.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TILJwza.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKDRktm.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZqoMtBF.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\evzoFMk.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eykTaYv.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUVCfjl.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhgVAOs.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oqWygTh.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bwzYLVZ.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CSuoczQ.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFPdAFM.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGQdtBl.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bzBZgVG.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLOVEcW.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hcbFBEM.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUFLnMa.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkdYsqV.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sSkAUtv.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfKRyYw.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAwhODj.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\crVPcoN.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CmQgnHS.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRBnUWv.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EekskeF.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPdJjIo.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EfWHlfP.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXbJjaG.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVyKcOY.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CifHDoJ.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCjjDkV.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hbYYHrt.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKjVlmc.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\liRTfZe.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVIBftK.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZOGOiHX.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mMqFLEh.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EozpWFu.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhyzWgc.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnvGbxy.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMZmzlg.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHGlbTT.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OmhyjKF.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYcNcbH.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRTLTXg.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AmDjZXI.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXvxRQD.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZeDMxVX.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWrLSpw.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yjRHagB.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RgViura.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EAXiYLP.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CWmkPsj.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BJRmObi.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lRmHggt.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjNxXVR.exe	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

Processes:

pid	Process
13848

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2580 wrote to memory of 2136	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2580 wrote to memory of 2136	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2580 wrote to memory of 2136	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2580 wrote to memory of 2964	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 2964	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 2964	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 2068	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 2068	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 2068	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 2876	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 2876	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 2876	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 2800	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2800	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2800	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2924	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2924	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2924	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2780	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2780	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2780	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2900	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2900	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2900	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2732	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 2732	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 2732	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 2184	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 2184	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 2184	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 2064	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 2064	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 2064	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 2212	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 2212	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 2212	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 2044	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2044	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2044	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2748	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 2748	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 2748	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 1728	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 1728	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 1728	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 912	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 912	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 912	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 1888	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 1888	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 1888	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 760	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 760	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 760	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 2512	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 2512	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 2512	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 1900	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 1900	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 1900	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 1992	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 1992	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 1992	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 2384	2580	2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_e97d8a158a9f7e545eb1d3378d14aa82_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\System\uqZclxe.exe
  C:\Windows\System\uqZclxe.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\xqqbYFy.exe
  C:\Windows\System\xqqbYFy.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\DYAtSpi.exe
  C:\Windows\System\DYAtSpi.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\oxDWLUc.exe
  C:\Windows\System\oxDWLUc.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\LKGWeeT.exe
  C:\Windows\System\LKGWeeT.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\fpRNbHP.exe
  C:\Windows\System\fpRNbHP.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\sSkAUtv.exe
  C:\Windows\System\sSkAUtv.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\TBcRcVm.exe
  C:\Windows\System\TBcRcVm.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\wvDwFfY.exe
  C:\Windows\System\wvDwFfY.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\RVjavwR.exe
  C:\Windows\System\RVjavwR.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\lozCSUp.exe
  C:\Windows\System\lozCSUp.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\jiCgVDV.exe
  C:\Windows\System\jiCgVDV.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\aRqHNwU.exe
  C:\Windows\System\aRqHNwU.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\VHjCogo.exe
  C:\Windows\System\VHjCogo.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\AhGEtIY.exe
  C:\Windows\System\AhGEtIY.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\ekmBmKg.exe
  C:\Windows\System\ekmBmKg.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\DdaimSV.exe
  C:\Windows\System\DdaimSV.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\PDnZoEp.exe
  C:\Windows\System\PDnZoEp.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\oTvHLfz.exe
  C:\Windows\System\oTvHLfz.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\VQsqJfh.exe
  C:\Windows\System\VQsqJfh.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\aNnVoss.exe
  C:\Windows\System\aNnVoss.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\FPziYqF.exe
  C:\Windows\System\FPziYqF.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\oRrzExH.exe
  C:\Windows\System\oRrzExH.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\jKhhEdG.exe
  C:\Windows\System\jKhhEdG.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\ErjjEWv.exe
  C:\Windows\System\ErjjEWv.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\ypOkbsj.exe
  C:\Windows\System\ypOkbsj.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\xmLXEWt.exe
  C:\Windows\System\xmLXEWt.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\GcRxqCg.exe
  C:\Windows\System\GcRxqCg.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\YVpGFoT.exe
  C:\Windows\System\YVpGFoT.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\SzytQMZ.exe
  C:\Windows\System\SzytQMZ.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\uBxzaRF.exe
  C:\Windows\System\uBxzaRF.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\JoJvLvS.exe
  C:\Windows\System\JoJvLvS.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\bwzYLVZ.exe
  C:\Windows\System\bwzYLVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\RfOrsRJ.exe
  C:\Windows\System\RfOrsRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\hnXwSVo.exe
  C:\Windows\System\hnXwSVo.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\ZmUMKIr.exe
  C:\Windows\System\ZmUMKIr.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\wBdMssm.exe
  C:\Windows\System\wBdMssm.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\KTMPlnt.exe
  C:\Windows\System\KTMPlnt.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\OYOfdRg.exe
  C:\Windows\System\OYOfdRg.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\lRmHggt.exe
  C:\Windows\System\lRmHggt.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\yKXlqHA.exe
  C:\Windows\System\yKXlqHA.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\djZsfKP.exe
  C:\Windows\System\djZsfKP.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\lPcZdzr.exe
  C:\Windows\System\lPcZdzr.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\JHGlbTT.exe
  C:\Windows\System\JHGlbTT.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\ARuRNIp.exe
  C:\Windows\System\ARuRNIp.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\dwsjpmj.exe
  C:\Windows\System\dwsjpmj.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\NpMzHvo.exe
  C:\Windows\System\NpMzHvo.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\AsvQacA.exe
  C:\Windows\System\AsvQacA.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\UKBYJQH.exe
  C:\Windows\System\UKBYJQH.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\wbPaIzq.exe
  C:\Windows\System\wbPaIzq.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\cpGHPDp.exe
  C:\Windows\System\cpGHPDp.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\sRuDjDl.exe
  C:\Windows\System\sRuDjDl.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\kkFQRTJ.exe
  C:\Windows\System\kkFQRTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\ZoHOPNr.exe
  C:\Windows\System\ZoHOPNr.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\DcuUHec.exe
  C:\Windows\System\DcuUHec.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\bcrrnLg.exe
  C:\Windows\System\bcrrnLg.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\eIbHepy.exe
  C:\Windows\System\eIbHepy.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\qGxANST.exe
  C:\Windows\System\qGxANST.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\tZDLpQk.exe
  C:\Windows\System\tZDLpQk.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\DIMFcFA.exe
  C:\Windows\System\DIMFcFA.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\IoJEgwc.exe
  C:\Windows\System\IoJEgwc.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\jRcTvvJ.exe
  C:\Windows\System\jRcTvvJ.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\gPkYqfe.exe
  C:\Windows\System\gPkYqfe.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\IBawpSt.exe
  C:\Windows\System\IBawpSt.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\OIYZOWc.exe
  C:\Windows\System\OIYZOWc.exe
  2⤵
  PID:2084
- C:\Windows\System\uCyEnga.exe
  C:\Windows\System\uCyEnga.exe
  2⤵
  PID:1444
- C:\Windows\System\foFMNEF.exe
  C:\Windows\System\foFMNEF.exe
  2⤵
  PID:2312
- C:\Windows\System\NpPTHGD.exe
  C:\Windows\System\NpPTHGD.exe
  2⤵
  PID:2952
- C:\Windows\System\wWtihIb.exe
  C:\Windows\System\wWtihIb.exe
  2⤵
  PID:2684
- C:\Windows\System\wkpyDhD.exe
  C:\Windows\System\wkpyDhD.exe
  2⤵
  PID:2428
- C:\Windows\System\FShzOTF.exe
  C:\Windows\System\FShzOTF.exe
  2⤵
  PID:2292
- C:\Windows\System\WUXVpkZ.exe
  C:\Windows\System\WUXVpkZ.exe
  2⤵
  PID:1708
- C:\Windows\System\fjDpGOy.exe
  C:\Windows\System\fjDpGOy.exe
  2⤵
  PID:2756
- C:\Windows\System\KMgpIJd.exe
  C:\Windows\System\KMgpIJd.exe
  2⤵
  PID:2708
- C:\Windows\System\sAwhODj.exe
  C:\Windows\System\sAwhODj.exe
  2⤵
  PID:1560
- C:\Windows\System\sRfGBlQ.exe
  C:\Windows\System\sRfGBlQ.exe
  2⤵
  PID:1684
- C:\Windows\System\SnvIwUW.exe
  C:\Windows\System\SnvIwUW.exe
  2⤵
  PID:548
- C:\Windows\System\UrEiXbU.exe
  C:\Windows\System\UrEiXbU.exe
  2⤵
  PID:436
- C:\Windows\System\uhKhhGQ.exe
  C:\Windows\System\uhKhhGQ.exe
  2⤵
  PID:2500
- C:\Windows\System\rUDOunU.exe
  C:\Windows\System\rUDOunU.exe
  2⤵
  PID:2656
- C:\Windows\System\uGgCwGk.exe
  C:\Windows\System\uGgCwGk.exe
  2⤵
  PID:2416
- C:\Windows\System\VPBRwGp.exe
  C:\Windows\System\VPBRwGp.exe
  2⤵
  PID:2268
- C:\Windows\System\vowbYso.exe
  C:\Windows\System\vowbYso.exe
  2⤵
  PID:1744
- C:\Windows\System\YhlfIzc.exe
  C:\Windows\System\YhlfIzc.exe
  2⤵
  PID:776
- C:\Windows\System\zHexGNL.exe
  C:\Windows\System\zHexGNL.exe
  2⤵
  PID:1408
- C:\Windows\System\lgXGpUo.exe
  C:\Windows\System\lgXGpUo.exe
  2⤵
  PID:920
- C:\Windows\System\RBkGLUD.exe
  C:\Windows\System\RBkGLUD.exe
  2⤵
  PID:1972
- C:\Windows\System\oYKHFUF.exe
  C:\Windows\System\oYKHFUF.exe
  2⤵
  PID:1968
- C:\Windows\System\ErskEyV.exe
  C:\Windows\System\ErskEyV.exe
  2⤵
  PID:2960
- C:\Windows\System\mAtTpGx.exe
  C:\Windows\System\mAtTpGx.exe
  2⤵
  PID:1928
- C:\Windows\System\HGrxhao.exe
  C:\Windows\System\HGrxhao.exe
  2⤵
  PID:844
- C:\Windows\System\bDqzgtK.exe
  C:\Windows\System\bDqzgtK.exe
  2⤵
  PID:2112
- C:\Windows\System\yXoigBe.exe
  C:\Windows\System\yXoigBe.exe
  2⤵
  PID:2760
- C:\Windows\System\evzoFMk.exe
  C:\Windows\System\evzoFMk.exe
  2⤵
  PID:2916
- C:\Windows\System\EUhSzkv.exe
  C:\Windows\System\EUhSzkv.exe
  2⤵
  PID:1600
- C:\Windows\System\HrLtSCi.exe
  C:\Windows\System\HrLtSCi.exe
  2⤵
  PID:2868
- C:\Windows\System\zmTcBSg.exe
  C:\Windows\System\zmTcBSg.exe
  2⤵
  PID:2792
- C:\Windows\System\LfsHSFX.exe
  C:\Windows\System\LfsHSFX.exe
  2⤵
  PID:2208
- C:\Windows\System\BndGfut.exe
  C:\Windows\System\BndGfut.exe
  2⤵
  PID:2432
- C:\Windows\System\fyMMfDH.exe
  C:\Windows\System\fyMMfDH.exe
  2⤵
  PID:1512
- C:\Windows\System\YbbgEeP.exe
  C:\Windows\System\YbbgEeP.exe
  2⤵
  PID:2096
- C:\Windows\System\PixqdyX.exe
  C:\Windows\System\PixqdyX.exe
  2⤵
  PID:2016
- C:\Windows\System\ttRruDp.exe
  C:\Windows\System\ttRruDp.exe
  2⤵
  PID:1588
- C:\Windows\System\iUPKLoS.exe
  C:\Windows\System\iUPKLoS.exe
  2⤵
  PID:2704
- C:\Windows\System\gcCfapG.exe
  C:\Windows\System\gcCfapG.exe
  2⤵
  PID:2864
- C:\Windows\System\lgRNBvL.exe
  C:\Windows\System\lgRNBvL.exe
  2⤵
  PID:1892
- C:\Windows\System\ESsltWu.exe
  C:\Windows\System\ESsltWu.exe
  2⤵
  PID:2448
- C:\Windows\System\YkaIONS.exe
  C:\Windows\System\YkaIONS.exe
  2⤵
  PID:2528
- C:\Windows\System\RgViura.exe
  C:\Windows\System\RgViura.exe
  2⤵
  PID:1324
- C:\Windows\System\CdzPXIL.exe
  C:\Windows\System\CdzPXIL.exe
  2⤵
  PID:3068
- C:\Windows\System\HhFPciW.exe
  C:\Windows\System\HhFPciW.exe
  2⤵
  PID:864
- C:\Windows\System\oAgGWlB.exe
  C:\Windows\System\oAgGWlB.exe
  2⤵
  PID:2192
- C:\Windows\System\PSMexxY.exe
  C:\Windows\System\PSMexxY.exe
  2⤵
  PID:2140
- C:\Windows\System\cPuxhXx.exe
  C:\Windows\System\cPuxhXx.exe
  2⤵
  PID:608
- C:\Windows\System\ofVDpOF.exe
  C:\Windows\System\ofVDpOF.exe
  2⤵
  PID:2280
- C:\Windows\System\HVEProp.exe
  C:\Windows\System\HVEProp.exe
  2⤵
  PID:2092
- C:\Windows\System\QBQuLPl.exe
  C:\Windows\System\QBQuLPl.exe
  2⤵
  PID:2468
- C:\Windows\System\txngGgr.exe
  C:\Windows\System\txngGgr.exe
  2⤵
  PID:2628
- C:\Windows\System\yhyzWgc.exe
  C:\Windows\System\yhyzWgc.exe
  2⤵
  PID:1712
- C:\Windows\System\ZzihWsq.exe
  C:\Windows\System\ZzihWsq.exe
  2⤵
  PID:3028
- C:\Windows\System\DeWgVYf.exe
  C:\Windows\System\DeWgVYf.exe
  2⤵
  PID:3012
- C:\Windows\System\BPJAzYl.exe
  C:\Windows\System\BPJAzYl.exe
  2⤵
  PID:2460
- C:\Windows\System\uMmSlkY.exe
  C:\Windows\System\uMmSlkY.exe
  2⤵
  PID:1880
- C:\Windows\System\ulMTtbi.exe
  C:\Windows\System\ulMTtbi.exe
  2⤵
  PID:2604
- C:\Windows\System\vSWExjx.exe
  C:\Windows\System\vSWExjx.exe
  2⤵
  PID:2716
- C:\Windows\System\duzWUGj.exe
  C:\Windows\System\duzWUGj.exe
  2⤵
  PID:1292
- C:\Windows\System\hGcmlOq.exe
  C:\Windows\System\hGcmlOq.exe
  2⤵
  PID:2888
- C:\Windows\System\VjsshVF.exe
  C:\Windows\System\VjsshVF.exe
  2⤵
  PID:1780
- C:\Windows\System\vlIDIBx.exe
  C:\Windows\System\vlIDIBx.exe
  2⤵
  PID:2488
- C:\Windows\System\MLqsfWo.exe
  C:\Windows\System\MLqsfWo.exe
  2⤵
  PID:2080
- C:\Windows\System\IJquHjp.exe
  C:\Windows\System\IJquHjp.exe
  2⤵
  PID:1052
- C:\Windows\System\nFUlEPV.exe
  C:\Windows\System\nFUlEPV.exe
  2⤵
  PID:2812
- C:\Windows\System\rbqfUNs.exe
  C:\Windows\System\rbqfUNs.exe
  2⤵
  PID:564
- C:\Windows\System\ZeDMxVX.exe
  C:\Windows\System\ZeDMxVX.exe
  2⤵
  PID:2768
- C:\Windows\System\WZvkxPR.exe
  C:\Windows\System\WZvkxPR.exe
  2⤵
  PID:1188
- C:\Windows\System\UQhbOeV.exe
  C:\Windows\System\UQhbOeV.exe
  2⤵
  PID:1072
- C:\Windows\System\rPdPNjM.exe
  C:\Windows\System\rPdPNjM.exe
  2⤵
  PID:2420
- C:\Windows\System\yEQnCSe.exe
  C:\Windows\System\yEQnCSe.exe
  2⤵
  PID:940
- C:\Windows\System\mlcmuGj.exe
  C:\Windows\System\mlcmuGj.exe
  2⤵
  PID:2296
- C:\Windows\System\wApOiWf.exe
  C:\Windows\System\wApOiWf.exe
  2⤵
  PID:2548
- C:\Windows\System\JvMdPhe.exe
  C:\Windows\System\JvMdPhe.exe
  2⤵
  PID:1980
- C:\Windows\System\MGNWFxM.exe
  C:\Windows\System\MGNWFxM.exe
  2⤵
  PID:2640
- C:\Windows\System\sFUjHPb.exe
  C:\Windows\System\sFUjHPb.exe
  2⤵
  PID:2328
- C:\Windows\System\rLUNCPS.exe
  C:\Windows\System\rLUNCPS.exe
  2⤵
  PID:2776
- C:\Windows\System\tukiIkT.exe
  C:\Windows\System\tukiIkT.exe
  2⤵
  PID:2744
- C:\Windows\System\NjeMQwj.exe
  C:\Windows\System\NjeMQwj.exe
  2⤵
  PID:2608
- C:\Windows\System\kLMmcEi.exe
  C:\Windows\System\kLMmcEi.exe
  2⤵
  PID:2304
- C:\Windows\System\nibttJy.exe
  C:\Windows\System\nibttJy.exe
  2⤵
  PID:2724
- C:\Windows\System\TugVUZn.exe
  C:\Windows\System\TugVUZn.exe
  2⤵
  PID:2576
- C:\Windows\System\xpvqdjJ.exe
  C:\Windows\System\xpvqdjJ.exe
  2⤵
  PID:2532
- C:\Windows\System\mVXqFoX.exe
  C:\Windows\System\mVXqFoX.exe
  2⤵
  PID:2856
- C:\Windows\System\bouIGKW.exe
  C:\Windows\System\bouIGKW.exe
  2⤵
  PID:2492
- C:\Windows\System\sSOJGPV.exe
  C:\Windows\System\sSOJGPV.exe
  2⤵
  PID:2504
- C:\Windows\System\oAARcYf.exe
  C:\Windows\System\oAARcYf.exe
  2⤵
  PID:1568
- C:\Windows\System\vcXqKyt.exe
  C:\Windows\System\vcXqKyt.exe
  2⤵
  PID:1616
- C:\Windows\System\ESVJslP.exe
  C:\Windows\System\ESVJslP.exe
  2⤵
  PID:2752
- C:\Windows\System\yqydDlm.exe
  C:\Windows\System\yqydDlm.exe
  2⤵
  PID:1628
- C:\Windows\System\RaRQBim.exe
  C:\Windows\System\RaRQBim.exe
  2⤵
  PID:1496
- C:\Windows\System\VuxvDrE.exe
  C:\Windows\System\VuxvDrE.exe
  2⤵
  PID:2936
- C:\Windows\System\fAVnNqP.exe
  C:\Windows\System\fAVnNqP.exe
  2⤵
  PID:2004
- C:\Windows\System\sDLwYOv.exe
  C:\Windows\System\sDLwYOv.exe
  2⤵
  PID:1036
- C:\Windows\System\mmUrcJv.exe
  C:\Windows\System\mmUrcJv.exe
  2⤵
  PID:972
- C:\Windows\System\QKXkbbQ.exe
  C:\Windows\System\QKXkbbQ.exe
  2⤵
  PID:1056
- C:\Windows\System\aFKcKtz.exe
  C:\Windows\System\aFKcKtz.exe
  2⤵
  PID:2644
- C:\Windows\System\mHdPzuQ.exe
  C:\Windows\System\mHdPzuQ.exe
  2⤵
  PID:1788
- C:\Windows\System\YEDHEDY.exe
  C:\Windows\System\YEDHEDY.exe
  2⤵
  PID:2796
- C:\Windows\System\gzmkINd.exe
  C:\Windows\System\gzmkINd.exe
  2⤵
  PID:2828
- C:\Windows\System\VRfXiRp.exe
  C:\Windows\System\VRfXiRp.exe
  2⤵
  PID:2660
- C:\Windows\System\xhWdtxj.exe
  C:\Windows\System\xhWdtxj.exe
  2⤵
  PID:288
- C:\Windows\System\fPhIuQx.exe
  C:\Windows\System\fPhIuQx.exe
  2⤵
  PID:3084
- C:\Windows\System\gCIQNZW.exe
  C:\Windows\System\gCIQNZW.exe
  2⤵
  PID:3108
- C:\Windows\System\SFuobks.exe
  C:\Windows\System\SFuobks.exe
  2⤵
  PID:3128
- C:\Windows\System\kFXxYBQ.exe
  C:\Windows\System\kFXxYBQ.exe
  2⤵
  PID:3156
- C:\Windows\System\MSnkMNa.exe
  C:\Windows\System\MSnkMNa.exe
  2⤵
  PID:3176
- C:\Windows\System\hdfbroX.exe
  C:\Windows\System\hdfbroX.exe
  2⤵
  PID:3200
- C:\Windows\System\rdpbvNb.exe
  C:\Windows\System\rdpbvNb.exe
  2⤵
  PID:3220
- C:\Windows\System\nOcEuQB.exe
  C:\Windows\System\nOcEuQB.exe
  2⤵
  PID:3240
- C:\Windows\System\BkpbfXq.exe
  C:\Windows\System\BkpbfXq.exe
  2⤵
  PID:3264
- C:\Windows\System\LLOVEcW.exe
  C:\Windows\System\LLOVEcW.exe
  2⤵
  PID:3280
- C:\Windows\System\nmrLybN.exe
  C:\Windows\System\nmrLybN.exe
  2⤵
  PID:3300
- C:\Windows\System\DnajKze.exe
  C:\Windows\System\DnajKze.exe
  2⤵
  PID:3316
- C:\Windows\System\FeUPKUC.exe
  C:\Windows\System\FeUPKUC.exe
  2⤵
  PID:3340
- C:\Windows\System\BfTTLLb.exe
  C:\Windows\System\BfTTLLb.exe
  2⤵
  PID:3360
- C:\Windows\System\CYwdpMl.exe
  C:\Windows\System\CYwdpMl.exe
  2⤵
  PID:3380
- C:\Windows\System\JjLZGYT.exe
  C:\Windows\System\JjLZGYT.exe
  2⤵
  PID:3396
- C:\Windows\System\GWrLSpw.exe
  C:\Windows\System\GWrLSpw.exe
  2⤵
  PID:3412
- C:\Windows\System\VYhFKom.exe
  C:\Windows\System\VYhFKom.exe
  2⤵
  PID:3432
- C:\Windows\System\VGByNnL.exe
  C:\Windows\System\VGByNnL.exe
  2⤵
  PID:3452
- C:\Windows\System\DnuaLpg.exe
  C:\Windows\System\DnuaLpg.exe
  2⤵
  PID:3472
- C:\Windows\System\mHbKLPB.exe
  C:\Windows\System\mHbKLPB.exe
  2⤵
  PID:3488
- C:\Windows\System\TsxoJzI.exe
  C:\Windows\System\TsxoJzI.exe
  2⤵
  PID:3520
- C:\Windows\System\xCByUxj.exe
  C:\Windows\System\xCByUxj.exe
  2⤵
  PID:3536
- C:\Windows\System\XOtehNR.exe
  C:\Windows\System\XOtehNR.exe
  2⤵
  PID:3552
- C:\Windows\System\VGofvzC.exe
  C:\Windows\System\VGofvzC.exe
  2⤵
  PID:3568
- C:\Windows\System\UExXKmW.exe
  C:\Windows\System\UExXKmW.exe
  2⤵
  PID:3588
- C:\Windows\System\KcmUQRu.exe
  C:\Windows\System\KcmUQRu.exe
  2⤵
  PID:3604
- C:\Windows\System\ZxTYTmK.exe
  C:\Windows\System\ZxTYTmK.exe
  2⤵
  PID:3624
- C:\Windows\System\qbNihHe.exe
  C:\Windows\System\qbNihHe.exe
  2⤵
  PID:3664
- C:\Windows\System\rhONjpd.exe
  C:\Windows\System\rhONjpd.exe
  2⤵
  PID:3680
- C:\Windows\System\cKDMbQn.exe
  C:\Windows\System\cKDMbQn.exe
  2⤵
  PID:3696
- C:\Windows\System\TeXFueR.exe
  C:\Windows\System\TeXFueR.exe
  2⤵
  PID:3716
- C:\Windows\System\jdnkXuw.exe
  C:\Windows\System\jdnkXuw.exe
  2⤵
  PID:3740
- C:\Windows\System\mcAvqlg.exe
  C:\Windows\System\mcAvqlg.exe
  2⤵
  PID:3760
- C:\Windows\System\BXgaacQ.exe
  C:\Windows\System\BXgaacQ.exe
  2⤵
  PID:3780
- C:\Windows\System\RNgAndm.exe
  C:\Windows\System\RNgAndm.exe
  2⤵
  PID:3800
- C:\Windows\System\jhoQgkm.exe
  C:\Windows\System\jhoQgkm.exe
  2⤵
  PID:3820
- C:\Windows\System\bMmqnZi.exe
  C:\Windows\System\bMmqnZi.exe
  2⤵
  PID:3836
- C:\Windows\System\tjTkDbU.exe
  C:\Windows\System\tjTkDbU.exe
  2⤵
  PID:3860
- C:\Windows\System\piAOOsh.exe
  C:\Windows\System\piAOOsh.exe
  2⤵
  PID:3876
- C:\Windows\System\HuKJEWe.exe
  C:\Windows\System\HuKJEWe.exe
  2⤵
  PID:3896
- C:\Windows\System\MLDbRtO.exe
  C:\Windows\System\MLDbRtO.exe
  2⤵
  PID:3920
- C:\Windows\System\mpLwpUH.exe
  C:\Windows\System\mpLwpUH.exe
  2⤵
  PID:3948
- C:\Windows\System\BLKTDkp.exe
  C:\Windows\System\BLKTDkp.exe
  2⤵
  PID:3968
- C:\Windows\System\xmVeKQG.exe
  C:\Windows\System\xmVeKQG.exe
  2⤵
  PID:3984
- C:\Windows\System\TYquuOd.exe
  C:\Windows\System\TYquuOd.exe
  2⤵
  PID:4000
- C:\Windows\System\JxWDXQP.exe
  C:\Windows\System\JxWDXQP.exe
  2⤵
  PID:4020
- C:\Windows\System\XRdSGiV.exe
  C:\Windows\System\XRdSGiV.exe
  2⤵
  PID:4040
- C:\Windows\System\fGtVDtb.exe
  C:\Windows\System\fGtVDtb.exe
  2⤵
  PID:4056
- C:\Windows\System\ZIpeDuX.exe
  C:\Windows\System\ZIpeDuX.exe
  2⤵
  PID:4088
- C:\Windows\System\RVoQTMc.exe
  C:\Windows\System\RVoQTMc.exe
  2⤵
  PID:1876
- C:\Windows\System\oDcTXtX.exe
  C:\Windows\System\oDcTXtX.exe
  2⤵
  PID:2940
- C:\Windows\System\RlsFflw.exe
  C:\Windows\System\RlsFflw.exe
  2⤵
  PID:964
- C:\Windows\System\GIrPNBx.exe
  C:\Windows\System\GIrPNBx.exe
  2⤵
  PID:3080
- C:\Windows\System\WipnZVh.exe
  C:\Windows\System\WipnZVh.exe
  2⤵
  PID:1432
- C:\Windows\System\cAVxSSZ.exe
  C:\Windows\System\cAVxSSZ.exe
  2⤵
  PID:3136
- C:\Windows\System\AVwcmpg.exe
  C:\Windows\System\AVwcmpg.exe
  2⤵
  PID:3164
- C:\Windows\System\hxgIUvk.exe
  C:\Windows\System\hxgIUvk.exe
  2⤵
  PID:3188
- C:\Windows\System\kohVnTm.exe
  C:\Windows\System\kohVnTm.exe
  2⤵
  PID:3232
- C:\Windows\System\DJVVKfr.exe
  C:\Windows\System\DJVVKfr.exe
  2⤵
  PID:3252
- C:\Windows\System\mdCDxRt.exe
  C:\Windows\System\mdCDxRt.exe
  2⤵
  PID:3312
- C:\Windows\System\LjYxxWt.exe
  C:\Windows\System\LjYxxWt.exe
  2⤵
  PID:3324
- C:\Windows\System\JgeDhox.exe
  C:\Windows\System\JgeDhox.exe
  2⤵
  PID:3388
- C:\Windows\System\zCQTVaY.exe
  C:\Windows\System\zCQTVaY.exe
  2⤵
  PID:3428
- C:\Windows\System\MfHWgkc.exe
  C:\Windows\System\MfHWgkc.exe
  2⤵
  PID:3440
- C:\Windows\System\bgTyZjH.exe
  C:\Windows\System\bgTyZjH.exe
  2⤵
  PID:3516
- C:\Windows\System\ZqoMtBF.exe
  C:\Windows\System\ZqoMtBF.exe
  2⤵
  PID:3444
- C:\Windows\System\yHtMhPT.exe
  C:\Windows\System\yHtMhPT.exe
  2⤵
  PID:3548
- C:\Windows\System\VzMmaGw.exe
  C:\Windows\System\VzMmaGw.exe
  2⤵
  PID:3612
- C:\Windows\System\AQGcFXP.exe
  C:\Windows\System\AQGcFXP.exe
  2⤵
  PID:3636
- C:\Windows\System\YEYfHVe.exe
  C:\Windows\System\YEYfHVe.exe
  2⤵
  PID:3648
- C:\Windows\System\iaVMNAE.exe
  C:\Windows\System\iaVMNAE.exe
  2⤵
  PID:3652
- C:\Windows\System\swPPdqX.exe
  C:\Windows\System\swPPdqX.exe
  2⤵
  PID:3688
- C:\Windows\System\fATtjSY.exe
  C:\Windows\System\fATtjSY.exe
  2⤵
  PID:3732
- C:\Windows\System\uJLgCvM.exe
  C:\Windows\System\uJLgCvM.exe
  2⤵
  PID:3736
- C:\Windows\System\IfbqYyM.exe
  C:\Windows\System\IfbqYyM.exe
  2⤵
  PID:3828
- C:\Windows\System\dOKathh.exe
  C:\Windows\System\dOKathh.exe
  2⤵
  PID:3868
- C:\Windows\System\QHNHWEV.exe
  C:\Windows\System\QHNHWEV.exe
  2⤵
  PID:3916
- C:\Windows\System\QShYcUF.exe
  C:\Windows\System\QShYcUF.exe
  2⤵
  PID:3888
- C:\Windows\System\LEcTFiu.exe
  C:\Windows\System\LEcTFiu.exe
  2⤵
  PID:3944
- C:\Windows\System\NPgIFmc.exe
  C:\Windows\System\NPgIFmc.exe
  2⤵
  PID:3992
- C:\Windows\System\fGPqrrQ.exe
  C:\Windows\System\fGPqrrQ.exe
  2⤵
  PID:3996
- C:\Windows\System\MDDlOkz.exe
  C:\Windows\System\MDDlOkz.exe
  2⤵
  PID:4036
- C:\Windows\System\uMBbUOz.exe
  C:\Windows\System\uMBbUOz.exe
  2⤵
  PID:4080
- C:\Windows\System\wExLkpq.exe
  C:\Windows\System\wExLkpq.exe
  2⤵
  PID:4048
- C:\Windows\System\YqAMQJi.exe
  C:\Windows\System\YqAMQJi.exe
  2⤵
  PID:3076
- C:\Windows\System\eTRcwwd.exe
  C:\Windows\System\eTRcwwd.exe
  2⤵
  PID:3096
- C:\Windows\System\kjIZICp.exe
  C:\Windows\System\kjIZICp.exe
  2⤵
  PID:3092
- C:\Windows\System\QDdMblC.exe
  C:\Windows\System\QDdMblC.exe
  2⤵
  PID:3116
- C:\Windows\System\WhnalIN.exe
  C:\Windows\System\WhnalIN.exe
  2⤵
  PID:3228
- C:\Windows\System\UuKvqMb.exe
  C:\Windows\System\UuKvqMb.exe
  2⤵
  PID:3308
- C:\Windows\System\ABjnzGu.exe
  C:\Windows\System\ABjnzGu.exe
  2⤵
  PID:3336
- C:\Windows\System\HhYxbmQ.exe
  C:\Windows\System\HhYxbmQ.exe
  2⤵
  PID:3352
- C:\Windows\System\kPbmLII.exe
  C:\Windows\System\kPbmLII.exe
  2⤵
  PID:3408
- C:\Windows\System\uGEPgSp.exe
  C:\Windows\System\uGEPgSp.exe
  2⤵
  PID:3544
- C:\Windows\System\vhTMuKR.exe
  C:\Windows\System\vhTMuKR.exe
  2⤵
  PID:3852
- C:\Windows\System\uMJnxik.exe
  C:\Windows\System\uMJnxik.exe
  2⤵
  PID:1952
- C:\Windows\System\EBqFWvV.exe
  C:\Windows\System\EBqFWvV.exe
  2⤵
  PID:3752
- C:\Windows\System\OphuYHl.exe
  C:\Windows\System\OphuYHl.exe
  2⤵
  PID:3756
- C:\Windows\System\nEDxGkQ.exe
  C:\Windows\System\nEDxGkQ.exe
  2⤵
  PID:3812
- C:\Windows\System\PIgOuIQ.exe
  C:\Windows\System\PIgOuIQ.exe
  2⤵
  PID:3848
- C:\Windows\System\djOFxBL.exe
  C:\Windows\System\djOFxBL.exe
  2⤵
  PID:3928
- C:\Windows\System\pgatvfw.exe
  C:\Windows\System\pgatvfw.exe
  2⤵
  PID:4084
- C:\Windows\System\kOCAvlu.exe
  C:\Windows\System\kOCAvlu.exe
  2⤵
  PID:4032
- C:\Windows\System\IOmlsDJ.exe
  C:\Windows\System\IOmlsDJ.exe
  2⤵
  PID:324
- C:\Windows\System\NNlLWxf.exe
  C:\Windows\System\NNlLWxf.exe
  2⤵
  PID:2544
- C:\Windows\System\xZAzyiH.exe
  C:\Windows\System\xZAzyiH.exe
  2⤵
  PID:3256
- C:\Windows\System\JWicVIb.exe
  C:\Windows\System\JWicVIb.exe
  2⤵
  PID:3464
- C:\Windows\System\euTwufi.exe
  C:\Windows\System\euTwufi.exe
  2⤵
  PID:3512
- C:\Windows\System\QevOwNj.exe
  C:\Windows\System\QevOwNj.exe
  2⤵
  PID:3704
- C:\Windows\System\woMhgCS.exe
  C:\Windows\System\woMhgCS.exe
  2⤵
  PID:3532
- C:\Windows\System\vcZcwjk.exe
  C:\Windows\System\vcZcwjk.exe
  2⤵
  PID:3772
- C:\Windows\System\ZtSIVOD.exe
  C:\Windows\System\ZtSIVOD.exe
  2⤵
  PID:3808
- C:\Windows\System\ORKJkdC.exe
  C:\Windows\System\ORKJkdC.exe
  2⤵
  PID:3816
- C:\Windows\System\WvZgvEL.exe
  C:\Windows\System\WvZgvEL.exe
  2⤵
  PID:4072
- C:\Windows\System\kWdjnhV.exe
  C:\Windows\System\kWdjnhV.exe
  2⤵
  PID:3060
- C:\Windows\System\YIkqwis.exe
  C:\Windows\System\YIkqwis.exe
  2⤵
  PID:3152
- C:\Windows\System\sSiloQc.exe
  C:\Windows\System\sSiloQc.exe
  2⤵
  PID:3908
- C:\Windows\System\yCxNgos.exe
  C:\Windows\System\yCxNgos.exe
  2⤵
  PID:3584
- C:\Windows\System\tYgSaNZ.exe
  C:\Windows\System\tYgSaNZ.exe
  2⤵
  PID:3932
- C:\Windows\System\ULzZsYu.exe
  C:\Windows\System\ULzZsYu.exe
  2⤵
  PID:3692
- C:\Windows\System\wXcCtPt.exe
  C:\Windows\System\wXcCtPt.exe
  2⤵
  PID:2176
- C:\Windows\System\KDVKqoY.exe
  C:\Windows\System\KDVKqoY.exe
  2⤵
  PID:2564
- C:\Windows\System\pcgBlfn.exe
  C:\Windows\System\pcgBlfn.exe
  2⤵
  PID:2972
- C:\Windows\System\vSydlxB.exe
  C:\Windows\System\vSydlxB.exe
  2⤵
  PID:3348
- C:\Windows\System\mYTzocb.exe
  C:\Windows\System\mYTzocb.exe
  2⤵
  PID:4028
- C:\Windows\System\wckWNYS.exe
  C:\Windows\System\wckWNYS.exe
  2⤵
  PID:2556
- C:\Windows\System\pjKXExT.exe
  C:\Windows\System\pjKXExT.exe
  2⤵
  PID:3528
- C:\Windows\System\attaeQo.exe
  C:\Windows\System\attaeQo.exe
  2⤵
  PID:1532
- C:\Windows\System\cnhSpRi.exe
  C:\Windows\System\cnhSpRi.exe
  2⤵
  PID:3184
- C:\Windows\System\Vqvlnnd.exe
  C:\Windows\System\Vqvlnnd.exe
  2⤵
  PID:3276
- C:\Windows\System\dPdJjIo.exe
  C:\Windows\System\dPdJjIo.exe
  2⤵
  PID:3676
- C:\Windows\System\zHbkTCW.exe
  C:\Windows\System\zHbkTCW.exe
  2⤵
  PID:3600
- C:\Windows\System\iriqYfC.exe
  C:\Windows\System\iriqYfC.exe
  2⤵
  PID:704
- C:\Windows\System\bsapoNT.exe
  C:\Windows\System\bsapoNT.exe
  2⤵
  PID:3376
- C:\Windows\System\mZrTnmH.exe
  C:\Windows\System\mZrTnmH.exe
  2⤵
  PID:3712
- C:\Windows\System\WNDuEJB.exe
  C:\Windows\System\WNDuEJB.exe
  2⤵
  PID:4116
- C:\Windows\System\ajytOYj.exe
  C:\Windows\System\ajytOYj.exe
  2⤵
  PID:4144
- C:\Windows\System\FFBOlpm.exe
  C:\Windows\System\FFBOlpm.exe
  2⤵
  PID:4160
- C:\Windows\System\rAPAOVj.exe
  C:\Windows\System\rAPAOVj.exe
  2⤵
  PID:4176
- C:\Windows\System\eKpFZxC.exe
  C:\Windows\System\eKpFZxC.exe
  2⤵
  PID:4192
- C:\Windows\System\gEgULuO.exe
  C:\Windows\System\gEgULuO.exe
  2⤵
  PID:4212
- C:\Windows\System\ZaltrLi.exe
  C:\Windows\System\ZaltrLi.exe
  2⤵
  PID:4244
- C:\Windows\System\NFziiFR.exe
  C:\Windows\System\NFziiFR.exe
  2⤵
  PID:4260
- C:\Windows\System\KdslYnp.exe
  C:\Windows\System\KdslYnp.exe
  2⤵
  PID:4276
- C:\Windows\System\KefONug.exe
  C:\Windows\System\KefONug.exe
  2⤵
  PID:4304
- C:\Windows\System\vnGxCzW.exe
  C:\Windows\System\vnGxCzW.exe
  2⤵
  PID:4320
- C:\Windows\System\XwjTSQI.exe
  C:\Windows\System\XwjTSQI.exe
  2⤵
  PID:4336
- C:\Windows\System\eMYJTcy.exe
  C:\Windows\System\eMYJTcy.exe
  2⤵
  PID:4352
- C:\Windows\System\aQDEBdz.exe
  C:\Windows\System\aQDEBdz.exe
  2⤵
  PID:4368
- C:\Windows\System\eakQDqN.exe
  C:\Windows\System\eakQDqN.exe
  2⤵
  PID:4388
- C:\Windows\System\AXztxmj.exe
  C:\Windows\System\AXztxmj.exe
  2⤵
  PID:4404
- C:\Windows\System\xFWczuq.exe
  C:\Windows\System\xFWczuq.exe
  2⤵
  PID:4424
- C:\Windows\System\aLtUQhA.exe
  C:\Windows\System\aLtUQhA.exe
  2⤵
  PID:4440
- C:\Windows\System\qJqraWH.exe
  C:\Windows\System\qJqraWH.exe
  2⤵
  PID:4456
- C:\Windows\System\qzicWuW.exe
  C:\Windows\System\qzicWuW.exe
  2⤵
  PID:4472
- C:\Windows\System\pyxNbeW.exe
  C:\Windows\System\pyxNbeW.exe
  2⤵
  PID:4492
- C:\Windows\System\pCAIMly.exe
  C:\Windows\System\pCAIMly.exe
  2⤵
  PID:4512
- C:\Windows\System\mDfBGjR.exe
  C:\Windows\System\mDfBGjR.exe
  2⤵
  PID:4528
- C:\Windows\System\vwwkXEk.exe
  C:\Windows\System\vwwkXEk.exe
  2⤵
  PID:4548
- C:\Windows\System\IVKFTOI.exe
  C:\Windows\System\IVKFTOI.exe
  2⤵
  PID:4564
- C:\Windows\System\gXgfiNA.exe
  C:\Windows\System\gXgfiNA.exe
  2⤵
  PID:4584
- C:\Windows\System\YXSzUlV.exe
  C:\Windows\System\YXSzUlV.exe
  2⤵
  PID:4604
- C:\Windows\System\cRFuiDn.exe
  C:\Windows\System\cRFuiDn.exe
  2⤵
  PID:4620
- C:\Windows\System\HGVMeDZ.exe
  C:\Windows\System\HGVMeDZ.exe
  2⤵
  PID:4640
- C:\Windows\System\wKjVlmc.exe
  C:\Windows\System\wKjVlmc.exe
  2⤵
  PID:4664
- C:\Windows\System\nTAEQzV.exe
  C:\Windows\System\nTAEQzV.exe
  2⤵
  PID:4684
- C:\Windows\System\MxxadzS.exe
  C:\Windows\System\MxxadzS.exe
  2⤵
  PID:4700
- C:\Windows\System\aAsrcoO.exe
  C:\Windows\System\aAsrcoO.exe
  2⤵
  PID:4716
- C:\Windows\System\hBTWfAI.exe
  C:\Windows\System\hBTWfAI.exe
  2⤵
  PID:4732
- C:\Windows\System\loqzeoD.exe
  C:\Windows\System\loqzeoD.exe
  2⤵
  PID:4764
- C:\Windows\System\vGSHovr.exe
  C:\Windows\System\vGSHovr.exe
  2⤵
  PID:4784
- C:\Windows\System\KefakTp.exe
  C:\Windows\System\KefakTp.exe
  2⤵
  PID:4804
- C:\Windows\System\WZwkAPA.exe
  C:\Windows\System\WZwkAPA.exe
  2⤵
  PID:4820
- C:\Windows\System\mBmuSXa.exe
  C:\Windows\System\mBmuSXa.exe
  2⤵
  PID:4836
- C:\Windows\System\baaLIBd.exe
  C:\Windows\System\baaLIBd.exe
  2⤵
  PID:4852
- C:\Windows\System\VHyyQSt.exe
  C:\Windows\System\VHyyQSt.exe
  2⤵
  PID:4868
- C:\Windows\System\NDbiRom.exe
  C:\Windows\System\NDbiRom.exe
  2⤵
  PID:4888
- C:\Windows\System\PRDQKaq.exe
  C:\Windows\System\PRDQKaq.exe
  2⤵
  PID:4908
- C:\Windows\System\WKBSiIU.exe
  C:\Windows\System\WKBSiIU.exe
  2⤵
  PID:4924
- C:\Windows\System\cOJMWMo.exe
  C:\Windows\System\cOJMWMo.exe
  2⤵
  PID:4940
- C:\Windows\System\WYqTqZy.exe
  C:\Windows\System\WYqTqZy.exe
  2⤵
  PID:4968
- C:\Windows\System\ZAXXYWQ.exe
  C:\Windows\System\ZAXXYWQ.exe
  2⤵
  PID:4984
- C:\Windows\System\GYcMkxO.exe
  C:\Windows\System\GYcMkxO.exe
  2⤵
  PID:5000
- C:\Windows\System\uWRAiOd.exe
  C:\Windows\System\uWRAiOd.exe
  2⤵
  PID:5016
- C:\Windows\System\VmrviPL.exe
  C:\Windows\System\VmrviPL.exe
  2⤵
  PID:5032
- C:\Windows\System\FBmwTqy.exe
  C:\Windows\System\FBmwTqy.exe
  2⤵
  PID:5052
- C:\Windows\System\qIjoJPE.exe
  C:\Windows\System\qIjoJPE.exe
  2⤵
  PID:5068
- C:\Windows\System\FDTPqCf.exe
  C:\Windows\System\FDTPqCf.exe
  2⤵
  PID:5084
- C:\Windows\System\qwDWNfF.exe
  C:\Windows\System\qwDWNfF.exe
  2⤵
  PID:5100
- C:\Windows\System\CSuoczQ.exe
  C:\Windows\System\CSuoczQ.exe
  2⤵
  PID:5116
- C:\Windows\System\TTizoyK.exe
  C:\Windows\System\TTizoyK.exe
  2⤵
  PID:3508
- C:\Windows\System\TtBWEAh.exe
  C:\Windows\System\TtBWEAh.exe
  2⤵
  PID:3960
- C:\Windows\System\ncTklrV.exe
  C:\Windows\System\ncTklrV.exe
  2⤵
  PID:4124
- C:\Windows\System\ECvyOPQ.exe
  C:\Windows\System\ECvyOPQ.exe
  2⤵
  PID:4156
- C:\Windows\System\LlFkFpB.exe
  C:\Windows\System\LlFkFpB.exe
  2⤵
  PID:4188
- C:\Windows\System\lTGjqbi.exe
  C:\Windows\System\lTGjqbi.exe
  2⤵
  PID:4184
- C:\Windows\System\JdUkpJw.exe
  C:\Windows\System\JdUkpJw.exe
  2⤵
  PID:4272
- C:\Windows\System\ACkikgo.exe
  C:\Windows\System\ACkikgo.exe
  2⤵
  PID:4296
- C:\Windows\System\eMPveJt.exe
  C:\Windows\System\eMPveJt.exe
  2⤵
  PID:4360
- C:\Windows\System\FjTEewx.exe
  C:\Windows\System\FjTEewx.exe
  2⤵
  PID:4396
- C:\Windows\System\eIhWdJT.exe
  C:\Windows\System\eIhWdJT.exe
  2⤵
  PID:4416
- C:\Windows\System\ZIHARkn.exe
  C:\Windows\System\ZIHARkn.exe
  2⤵
  PID:4468
- C:\Windows\System\QvaBBoL.exe
  C:\Windows\System\QvaBBoL.exe
  2⤵
  PID:4484
- C:\Windows\System\HqGZQKD.exe
  C:\Windows\System\HqGZQKD.exe
  2⤵
  PID:4508
- C:\Windows\System\PcEWHuj.exe
  C:\Windows\System\PcEWHuj.exe
  2⤵
  PID:4520
- C:\Windows\System\TvkdvqR.exe
  C:\Windows\System\TvkdvqR.exe
  2⤵
  PID:4572
- C:\Windows\System\nFDBley.exe
  C:\Windows\System\nFDBley.exe
  2⤵
  PID:4612
- C:\Windows\System\BtILzoH.exe
  C:\Windows\System\BtILzoH.exe
  2⤵
  PID:4616
- C:\Windows\System\YgMkiFx.exe
  C:\Windows\System\YgMkiFx.exe
  2⤵
  PID:4652
- C:\Windows\System\KraWbXs.exe
  C:\Windows\System\KraWbXs.exe
  2⤵
  PID:4680
- C:\Windows\System\qlBhwpF.exe
  C:\Windows\System\qlBhwpF.exe
  2⤵
  PID:4712
- C:\Windows\System\IAvXQam.exe
  C:\Windows\System\IAvXQam.exe
  2⤵
  PID:4756
- C:\Windows\System\vZAwIzf.exe
  C:\Windows\System\vZAwIzf.exe
  2⤵
  PID:4816
- C:\Windows\System\PGOGjNe.exe
  C:\Windows\System\PGOGjNe.exe
  2⤵
  PID:4844
- C:\Windows\System\tTgpIzF.exe
  C:\Windows\System\tTgpIzF.exe
  2⤵
  PID:4864
- C:\Windows\System\Ipaqwms.exe
  C:\Windows\System\Ipaqwms.exe
  2⤵
  PID:4896
- C:\Windows\System\sjqcDzV.exe
  C:\Windows\System\sjqcDzV.exe
  2⤵
  PID:5024
- C:\Windows\System\tLIPEht.exe
  C:\Windows\System\tLIPEht.exe
  2⤵
  PID:4980
- C:\Windows\System\dLQtySA.exe
  C:\Windows\System\dLQtySA.exe
  2⤵
  PID:5112
- C:\Windows\System\OGvyxhq.exe
  C:\Windows\System\OGvyxhq.exe
  2⤵
  PID:3120
- C:\Windows\System\XcXfYzr.exe
  C:\Windows\System\XcXfYzr.exe
  2⤵
  PID:3956
- C:\Windows\System\wKCGvER.exe
  C:\Windows\System\wKCGvER.exe
  2⤵
  PID:4140
- C:\Windows\System\fOWkXLS.exe
  C:\Windows\System\fOWkXLS.exe
  2⤵
  PID:4168
- C:\Windows\System\EnrdlxC.exe
  C:\Windows\System\EnrdlxC.exe
  2⤵
  PID:4228
- C:\Windows\System\yLlDjjM.exe
  C:\Windows\System\yLlDjjM.exe
  2⤵
  PID:4256
- C:\Windows\System\VRJRLvI.exe
  C:\Windows\System\VRJRLvI.exe
  2⤵
  PID:4384
- C:\Windows\System\nLmIWqz.exe
  C:\Windows\System\nLmIWqz.exe
  2⤵
  PID:4412
- C:\Windows\System\yAfoYmp.exe
  C:\Windows\System\yAfoYmp.exe
  2⤵
  PID:4436
- C:\Windows\System\KMdigZL.exe
  C:\Windows\System\KMdigZL.exe
  2⤵
  PID:4488
- C:\Windows\System\PUJfNeT.exe
  C:\Windows\System\PUJfNeT.exe
  2⤵
  PID:4504
- C:\Windows\System\QIdYOoq.exe
  C:\Windows\System\QIdYOoq.exe
  2⤵
  PID:4596
- C:\Windows\System\nzJokUI.exe
  C:\Windows\System\nzJokUI.exe
  2⤵
  PID:4648
- C:\Windows\System\CTDPwTX.exe
  C:\Windows\System\CTDPwTX.exe
  2⤵
  PID:4672
- C:\Windows\System\UPVEjtR.exe
  C:\Windows\System\UPVEjtR.exe
  2⤵
  PID:4760
- C:\Windows\System\XMZxOpE.exe
  C:\Windows\System\XMZxOpE.exe
  2⤵
  PID:4832
- C:\Windows\System\XFQoUpT.exe
  C:\Windows\System\XFQoUpT.exe
  2⤵
  PID:4744
- C:\Windows\System\bavmXCM.exe
  C:\Windows\System\bavmXCM.exe
  2⤵
  PID:4952
- C:\Windows\System\ZvnZXoL.exe
  C:\Windows\System\ZvnZXoL.exe
  2⤵
  PID:4956
- C:\Windows\System\PZFzaVK.exe
  C:\Windows\System\PZFzaVK.exe
  2⤵
  PID:4932
- C:\Windows\System\sNZiPnM.exe
  C:\Windows\System\sNZiPnM.exe
  2⤵
  PID:5012
- C:\Windows\System\BYapTij.exe
  C:\Windows\System\BYapTij.exe
  2⤵
  PID:4104
- C:\Windows\System\oHBVTFI.exe
  C:\Windows\System\oHBVTFI.exe
  2⤵
  PID:4208
- C:\Windows\System\GcsDCbo.exe
  C:\Windows\System\GcsDCbo.exe
  2⤵
  PID:4152
- C:\Windows\System\MLTWiVv.exe
  C:\Windows\System\MLTWiVv.exe
  2⤵
  PID:4316
- C:\Windows\System\ThQWKfw.exe
  C:\Windows\System\ThQWKfw.exe
  2⤵
  PID:4348
- C:\Windows\System\ZrdHoku.exe
  C:\Windows\System\ZrdHoku.exe
  2⤵
  PID:3368
- C:\Windows\System\vkezZbh.exe
  C:\Windows\System\vkezZbh.exe
  2⤵
  PID:4632
- C:\Windows\System\jfHiAZm.exe
  C:\Windows\System\jfHiAZm.exe
  2⤵
  PID:5048
- C:\Windows\System\QvtjDiK.exe
  C:\Windows\System\QvtjDiK.exe
  2⤵
  PID:4748
- C:\Windows\System\Tzkvqqy.exe
  C:\Windows\System\Tzkvqqy.exe
  2⤵
  PID:4904
- C:\Windows\System\YvwaNbW.exe
  C:\Windows\System\YvwaNbW.exe
  2⤵
  PID:4936
- C:\Windows\System\egpCVap.exe
  C:\Windows\System\egpCVap.exe
  2⤵
  PID:4112
- C:\Windows\System\NUghUZJ.exe
  C:\Windows\System\NUghUZJ.exe
  2⤵
  PID:4252
- C:\Windows\System\FGqMgyM.exe
  C:\Windows\System\FGqMgyM.exe
  2⤵
  PID:4332
- C:\Windows\System\hruHPgc.exe
  C:\Windows\System\hruHPgc.exe
  2⤵
  PID:4776
- C:\Windows\System\KOVjObj.exe
  C:\Windows\System\KOVjObj.exe
  2⤵
  PID:4724
- C:\Windows\System\VbfeWIO.exe
  C:\Windows\System\VbfeWIO.exe
  2⤵
  PID:4128
- C:\Windows\System\vNogrpz.exe
  C:\Windows\System\vNogrpz.exe
  2⤵
  PID:4780
- C:\Windows\System\vsUqziE.exe
  C:\Windows\System\vsUqziE.exe
  2⤵
  PID:4948
- C:\Windows\System\nnvGbxy.exe
  C:\Windows\System\nnvGbxy.exe
  2⤵
  PID:4500
- C:\Windows\System\EHmbRpq.exe
  C:\Windows\System\EHmbRpq.exe
  2⤵
  PID:5156
- C:\Windows\System\YWkWlbb.exe
  C:\Windows\System\YWkWlbb.exe
  2⤵
  PID:5176
- C:\Windows\System\CzXIYjW.exe
  C:\Windows\System\CzXIYjW.exe
  2⤵
  PID:5192
- C:\Windows\System\nbiAcaV.exe
  C:\Windows\System\nbiAcaV.exe
  2⤵
  PID:5208
- C:\Windows\System\lGHPIOp.exe
  C:\Windows\System\lGHPIOp.exe
  2⤵
  PID:5224
- C:\Windows\System\cmSbcVz.exe
  C:\Windows\System\cmSbcVz.exe
  2⤵
  PID:5252
- C:\Windows\System\UUhQYyN.exe
  C:\Windows\System\UUhQYyN.exe
  2⤵
  PID:5272
- C:\Windows\System\fdjShIv.exe
  C:\Windows\System\fdjShIv.exe
  2⤵
  PID:5288
- C:\Windows\System\DIuIooe.exe
  C:\Windows\System\DIuIooe.exe
  2⤵
  PID:5308
- C:\Windows\System\ACasWdY.exe
  C:\Windows\System\ACasWdY.exe
  2⤵
  PID:5332
- C:\Windows\System\hJAZeFr.exe
  C:\Windows\System\hJAZeFr.exe
  2⤵
  PID:5348
- C:\Windows\System\WvvxiMz.exe
  C:\Windows\System\WvvxiMz.exe
  2⤵
  PID:5364
- C:\Windows\System\Efblnze.exe
  C:\Windows\System\Efblnze.exe
  2⤵
  PID:5380
- C:\Windows\System\JGcDjaF.exe
  C:\Windows\System\JGcDjaF.exe
  2⤵
  PID:5396
- C:\Windows\System\YHViqhg.exe
  C:\Windows\System\YHViqhg.exe
  2⤵
  PID:5412
- C:\Windows\System\CoQdsVg.exe
  C:\Windows\System\CoQdsVg.exe
  2⤵
  PID:5428
- C:\Windows\System\lCyJNWe.exe
  C:\Windows\System\lCyJNWe.exe
  2⤵
  PID:5444
- C:\Windows\System\zsskHeA.exe
  C:\Windows\System\zsskHeA.exe
  2⤵
  PID:5460
- C:\Windows\System\inmGldh.exe
  C:\Windows\System\inmGldh.exe
  2⤵
  PID:5476
- C:\Windows\System\WLxroWz.exe
  C:\Windows\System\WLxroWz.exe
  2⤵
  PID:5492
- C:\Windows\System\BxNzikj.exe
  C:\Windows\System\BxNzikj.exe
  2⤵
  PID:5508
- C:\Windows\System\HgXgJtH.exe
  C:\Windows\System\HgXgJtH.exe
  2⤵
  PID:5524
- C:\Windows\System\jEVkSlj.exe
  C:\Windows\System\jEVkSlj.exe
  2⤵
  PID:5540
- C:\Windows\System\svqDqpm.exe
  C:\Windows\System\svqDqpm.exe
  2⤵
  PID:5556
- C:\Windows\System\JtynLPb.exe
  C:\Windows\System\JtynLPb.exe
  2⤵
  PID:5572
- C:\Windows\System\QHkhxhX.exe
  C:\Windows\System\QHkhxhX.exe
  2⤵
  PID:5588
- C:\Windows\System\fwKtRon.exe
  C:\Windows\System\fwKtRon.exe
  2⤵
  PID:5604
- C:\Windows\System\FPeAnIc.exe
  C:\Windows\System\FPeAnIc.exe
  2⤵
  PID:5620
- C:\Windows\System\PRpVXUZ.exe
  C:\Windows\System\PRpVXUZ.exe
  2⤵
  PID:5636
- C:\Windows\System\WeYDPAe.exe
  C:\Windows\System\WeYDPAe.exe
  2⤵
  PID:5652
- C:\Windows\System\znCuqlQ.exe
  C:\Windows\System\znCuqlQ.exe
  2⤵
  PID:5668
- C:\Windows\System\iFWfsYk.exe
  C:\Windows\System\iFWfsYk.exe
  2⤵
  PID:5692
- C:\Windows\System\VOUjVxC.exe
  C:\Windows\System\VOUjVxC.exe
  2⤵
  PID:5728
- C:\Windows\System\OnpQGhq.exe
  C:\Windows\System\OnpQGhq.exe
  2⤵
  PID:5752
- C:\Windows\System\oSuMdSI.exe
  C:\Windows\System\oSuMdSI.exe
  2⤵
  PID:5768
- C:\Windows\System\uMKMttb.exe
  C:\Windows\System\uMKMttb.exe
  2⤵
  PID:5784
- C:\Windows\System\ypPyNOv.exe
  C:\Windows\System\ypPyNOv.exe
  2⤵
  PID:5800
- C:\Windows\System\keNxHSD.exe
  C:\Windows\System\keNxHSD.exe
  2⤵
  PID:5816
- C:\Windows\System\VHvyprq.exe
  C:\Windows\System\VHvyprq.exe
  2⤵
  PID:5832
- C:\Windows\System\Ahuzyst.exe
  C:\Windows\System\Ahuzyst.exe
  2⤵
  PID:5848
- C:\Windows\System\Nwzwoeb.exe
  C:\Windows\System\Nwzwoeb.exe
  2⤵
  PID:5864
- C:\Windows\System\zPivJtF.exe
  C:\Windows\System\zPivJtF.exe
  2⤵
  PID:5880
- C:\Windows\System\cKcLOGX.exe
  C:\Windows\System\cKcLOGX.exe
  2⤵
  PID:5896
- C:\Windows\System\UqUBjyU.exe
  C:\Windows\System\UqUBjyU.exe
  2⤵
  PID:5912
- C:\Windows\System\wShcIse.exe
  C:\Windows\System\wShcIse.exe
  2⤵
  PID:5928
- C:\Windows\System\ysZLFuc.exe
  C:\Windows\System\ysZLFuc.exe
  2⤵
  PID:5944
- C:\Windows\System\YbmgOpl.exe
  C:\Windows\System\YbmgOpl.exe
  2⤵
  PID:5960
- C:\Windows\System\whTBlvN.exe
  C:\Windows\System\whTBlvN.exe
  2⤵
  PID:5984
- C:\Windows\System\RmepBzd.exe
  C:\Windows\System\RmepBzd.exe
  2⤵
  PID:6000
- C:\Windows\System\EsmdQmg.exe
  C:\Windows\System\EsmdQmg.exe
  2⤵
  PID:6016
- C:\Windows\System\woMnHCX.exe
  C:\Windows\System\woMnHCX.exe
  2⤵
  PID:6032
- C:\Windows\System\RlnqPrr.exe
  C:\Windows\System\RlnqPrr.exe
  2⤵
  PID:6056
- C:\Windows\System\hVedAky.exe
  C:\Windows\System\hVedAky.exe
  2⤵
  PID:6084
- C:\Windows\System\iQknIvG.exe
  C:\Windows\System\iQknIvG.exe
  2⤵
  PID:6100
- C:\Windows\System\JWdmEWJ.exe
  C:\Windows\System\JWdmEWJ.exe
  2⤵
  PID:6116
- C:\Windows\System\EgkZvOD.exe
  C:\Windows\System\EgkZvOD.exe
  2⤵
  PID:6140
- C:\Windows\System\JHyZlIV.exe
  C:\Windows\System\JHyZlIV.exe
  2⤵
  PID:4560
- C:\Windows\System\uzeaboM.exe
  C:\Windows\System\uzeaboM.exe
  2⤵
  PID:5136
- C:\Windows\System\QHYEUct.exe
  C:\Windows\System\QHYEUct.exe
  2⤵
  PID:5144
- C:\Windows\System\rtAYFta.exe
  C:\Windows\System\rtAYFta.exe
  2⤵
  PID:5152
- C:\Windows\System\YPSKKVr.exe
  C:\Windows\System\YPSKKVr.exe
  2⤵
  PID:5220
- C:\Windows\System\nQyTOUB.exe
  C:\Windows\System\nQyTOUB.exe
  2⤵
  PID:5172
- C:\Windows\System\JpabNaP.exe
  C:\Windows\System\JpabNaP.exe
  2⤵
  PID:5248
- C:\Windows\System\xqZyOWY.exe
  C:\Windows\System\xqZyOWY.exe
  2⤵
  PID:5268
- C:\Windows\System\btibLKi.exe
  C:\Windows\System\btibLKi.exe
  2⤵
  PID:5320
- C:\Windows\System\dTAUyWT.exe
  C:\Windows\System\dTAUyWT.exe
  2⤵
  PID:5316
- C:\Windows\System\GZJWARa.exe
  C:\Windows\System\GZJWARa.exe
  2⤵
  PID:5372
- C:\Windows\System\TJoXvAn.exe
  C:\Windows\System\TJoXvAn.exe
  2⤵
  PID:5360
- C:\Windows\System\qCxCrPj.exe
  C:\Windows\System\qCxCrPj.exe
  2⤵
  PID:5420
- C:\Windows\System\otPGdwy.exe
  C:\Windows\System\otPGdwy.exe
  2⤵
  PID:5456
- C:\Windows\System\pqSeqED.exe
  C:\Windows\System\pqSeqED.exe
  2⤵
  PID:5520
- C:\Windows\System\YIKQIoW.exe
  C:\Windows\System\YIKQIoW.exe
  2⤵
  PID:5568
- C:\Windows\System\CvEXofB.exe
  C:\Windows\System\CvEXofB.exe
  2⤵
  PID:5596
- C:\Windows\System\vjUxqfN.exe
  C:\Windows\System\vjUxqfN.exe
  2⤵
  PID:5616
- C:\Windows\System\vQCJCtm.exe
  C:\Windows\System\vQCJCtm.exe
  2⤵
  PID:5644
- C:\Windows\System\GiBFFns.exe
  C:\Windows\System\GiBFFns.exe
  2⤵
  PID:5708
- C:\Windows\System\eklFNlp.exe
  C:\Windows\System\eklFNlp.exe
  2⤵
  PID:5724
- C:\Windows\System\JlaNRlS.exe
  C:\Windows\System\JlaNRlS.exe
  2⤵
  PID:5740
- C:\Windows\System\XUBxUNc.exe
  C:\Windows\System\XUBxUNc.exe
  2⤵
  PID:5792
- C:\Windows\System\QfGZpuh.exe
  C:\Windows\System\QfGZpuh.exe
  2⤵
  PID:5808
- C:\Windows\System\XrdXEXA.exe
  C:\Windows\System\XrdXEXA.exe
  2⤵
  PID:5856
- C:\Windows\System\tYEnPMv.exe
  C:\Windows\System\tYEnPMv.exe
  2⤵
  PID:5872
- C:\Windows\System\TydshGV.exe
  C:\Windows\System\TydshGV.exe
  2⤵
  PID:5952
- C:\Windows\System\ZeyvZeP.exe
  C:\Windows\System\ZeyvZeP.exe
  2⤵
  PID:5968
- C:\Windows\System\PsktpUm.exe
  C:\Windows\System\PsktpUm.exe
  2⤵
  PID:6008
- C:\Windows\System\mBfuPbg.exe
  C:\Windows\System\mBfuPbg.exe
  2⤵
  PID:6028
- C:\Windows\System\bLhppEW.exe
  C:\Windows\System\bLhppEW.exe
  2⤵
  PID:6048
- C:\Windows\System\GuhYkqs.exe
  C:\Windows\System\GuhYkqs.exe
  2⤵
  PID:6044
- C:\Windows\System\uOvDvBj.exe
  C:\Windows\System\uOvDvBj.exe
  2⤵
  PID:6124
- C:\Windows\System\XhinHBS.exe
  C:\Windows\System\XhinHBS.exe
  2⤵
  PID:4328
- C:\Windows\System\jZSCxrM.exe
  C:\Windows\System\jZSCxrM.exe
  2⤵
  PID:4464
- C:\Windows\System\JxNGWzI.exe
  C:\Windows\System\JxNGWzI.exe
  2⤵
  PID:5008
- C:\Windows\System\xsYDYJU.exe
  C:\Windows\System\xsYDYJU.exe
  2⤵
  PID:5216
- C:\Windows\System\EvZiNez.exe
  C:\Windows\System\EvZiNez.exe
  2⤵
  PID:5232
- C:\Windows\System\CZCambq.exe
  C:\Windows\System\CZCambq.exe
  2⤵
  PID:5264
- C:\Windows\System\PefIOPq.exe
  C:\Windows\System\PefIOPq.exe
  2⤵
  PID:5404
- C:\Windows\System\gXcxLjU.exe
  C:\Windows\System\gXcxLjU.exe
  2⤵
  PID:5340
- C:\Windows\System\KrJbPrz.exe
  C:\Windows\System\KrJbPrz.exe
  2⤵
  PID:5468
- C:\Windows\System\kgobWVK.exe
  C:\Windows\System\kgobWVK.exe
  2⤵
  PID:5564
- C:\Windows\System\bjGOScQ.exe
  C:\Windows\System\bjGOScQ.exe
  2⤵
  PID:5500
- C:\Windows\System\ACRZOtp.exe
  C:\Windows\System\ACRZOtp.exe
  2⤵
  PID:5680
- C:\Windows\System\sAyDVGU.exe
  C:\Windows\System\sAyDVGU.exe
  2⤵
  PID:5760
- C:\Windows\System\uUUdQZp.exe
  C:\Windows\System\uUUdQZp.exe
  2⤵
  PID:5688
- C:\Windows\System\VHafyxt.exe
  C:\Windows\System\VHafyxt.exe
  2⤵
  PID:5972
- C:\Windows\System\vpgYCIJ.exe
  C:\Windows\System\vpgYCIJ.exe
  2⤵
  PID:5940
- C:\Windows\System\zBRondA.exe
  C:\Windows\System\zBRondA.exe
  2⤵
  PID:6072
- C:\Windows\System\gctPtRO.exe
  C:\Windows\System\gctPtRO.exe
  2⤵
  PID:6112
- C:\Windows\System\HABeuaN.exe
  C:\Windows\System\HABeuaN.exe
  2⤵
  PID:5168
- C:\Windows\System\ZRvZKuZ.exe
  C:\Windows\System\ZRvZKuZ.exe
  2⤵
  PID:5132
- C:\Windows\System\TVjBWUs.exe
  C:\Windows\System\TVjBWUs.exe
  2⤵
  PID:5300
- C:\Windows\System\twPyKrg.exe
  C:\Windows\System\twPyKrg.exe
  2⤵
  PID:5548
- C:\Windows\System\EarEJSy.exe
  C:\Windows\System\EarEJSy.exe
  2⤵
  PID:5664
- C:\Windows\System\HeNalVs.exe
  C:\Windows\System\HeNalVs.exe
  2⤵
  PID:5676
- C:\Windows\System\BWCCEHU.exe
  C:\Windows\System\BWCCEHU.exe
  2⤵
  PID:5748
- C:\Windows\System\pHoTLbc.exe
  C:\Windows\System\pHoTLbc.exe
  2⤵
  PID:5892
- C:\Windows\System\ytPtGlm.exe
  C:\Windows\System\ytPtGlm.exe
  2⤵
  PID:5876
- C:\Windows\System\lhXiGDg.exe
  C:\Windows\System\lhXiGDg.exe
  2⤵
  PID:5844
- C:\Windows\System\pNYTXuI.exe
  C:\Windows\System\pNYTXuI.exe
  2⤵
  PID:6040
- C:\Windows\System\IMhFUYy.exe
  C:\Windows\System\IMhFUYy.exe
  2⤵
  PID:6128
- C:\Windows\System\GTVhvFP.exe
  C:\Windows\System\GTVhvFP.exe
  2⤵
  PID:5536
- C:\Windows\System\ZSxRsIk.exe
  C:\Windows\System\ZSxRsIk.exe
  2⤵
  PID:5632
- C:\Windows\System\CqcjvGV.exe
  C:\Windows\System\CqcjvGV.exe
  2⤵
  PID:5424
- C:\Windows\System\iOHeTeR.exe
  C:\Windows\System\iOHeTeR.exe
  2⤵
  PID:5824
- C:\Windows\System\WBTHfcX.exe
  C:\Windows\System\WBTHfcX.exe
  2⤵
  PID:5920
- C:\Windows\System\GVZYbOu.exe
  C:\Windows\System\GVZYbOu.exe
  2⤵
  PID:5436
- C:\Windows\System\iXiesBd.exe
  C:\Windows\System\iXiesBd.exe
  2⤵
  PID:5304
- C:\Windows\System\lXDfHeI.exe
  C:\Windows\System\lXDfHeI.exe
  2⤵
  PID:5408
- C:\Windows\System\DZQDTIG.exe
  C:\Windows\System\DZQDTIG.exe
  2⤵
  PID:5936
- C:\Windows\System\qujrPty.exe
  C:\Windows\System\qujrPty.exe
  2⤵
  PID:5580
- C:\Windows\System\tOrlLEj.exe
  C:\Windows\System\tOrlLEj.exe
  2⤵
  PID:5996
- C:\Windows\System\avQgeuF.exe
  C:\Windows\System\avQgeuF.exe
  2⤵
  PID:5488
- C:\Windows\System\twGVtWa.exe
  C:\Windows\System\twGVtWa.exe
  2⤵
  PID:5188
- C:\Windows\System\RXlwjzj.exe
  C:\Windows\System\RXlwjzj.exe
  2⤵
  PID:6164
- C:\Windows\System\crVPcoN.exe
  C:\Windows\System\crVPcoN.exe
  2⤵
  PID:6180
- C:\Windows\System\YSbudGv.exe
  C:\Windows\System\YSbudGv.exe
  2⤵
  PID:6204
- C:\Windows\System\lniSyiI.exe
  C:\Windows\System\lniSyiI.exe
  2⤵
  PID:6220
- C:\Windows\System\eykTaYv.exe
  C:\Windows\System\eykTaYv.exe
  2⤵
  PID:6240
- C:\Windows\System\oJgFOxT.exe
  C:\Windows\System\oJgFOxT.exe
  2⤵
  PID:6256
- C:\Windows\System\CUVCfjl.exe
  C:\Windows\System\CUVCfjl.exe
  2⤵
  PID:6272
- C:\Windows\System\TjpwhSJ.exe
  C:\Windows\System\TjpwhSJ.exe
  2⤵
  PID:6292
- C:\Windows\System\eOWXfKS.exe
  C:\Windows\System\eOWXfKS.exe
  2⤵
  PID:6316
- C:\Windows\System\UcWrxPV.exe
  C:\Windows\System\UcWrxPV.exe
  2⤵
  PID:6332
- C:\Windows\System\FmEHCRh.exe
  C:\Windows\System\FmEHCRh.exe
  2⤵
  PID:6348
- C:\Windows\System\OlytVcW.exe
  C:\Windows\System\OlytVcW.exe
  2⤵
  PID:6364
- C:\Windows\System\ljVpqNV.exe
  C:\Windows\System\ljVpqNV.exe
  2⤵
  PID:6392
- C:\Windows\System\lBgiLBX.exe
  C:\Windows\System\lBgiLBX.exe
  2⤵
  PID:6408
- C:\Windows\System\FFJWaXs.exe
  C:\Windows\System\FFJWaXs.exe
  2⤵
  PID:6424
- C:\Windows\System\fjwtlSU.exe
  C:\Windows\System\fjwtlSU.exe
  2⤵
  PID:6444
- C:\Windows\System\IBGJpIe.exe
  C:\Windows\System\IBGJpIe.exe
  2⤵
  PID:6460
- C:\Windows\System\hqcAwjB.exe
  C:\Windows\System\hqcAwjB.exe
  2⤵
  PID:6476
- C:\Windows\System\BfRppPT.exe
  C:\Windows\System\BfRppPT.exe
  2⤵
  PID:6492
- C:\Windows\System\gWLKdaK.exe
  C:\Windows\System\gWLKdaK.exe
  2⤵
  PID:6508
- C:\Windows\System\wrRLpsh.exe
  C:\Windows\System\wrRLpsh.exe
  2⤵
  PID:6524
- C:\Windows\System\zECXFpa.exe
  C:\Windows\System\zECXFpa.exe
  2⤵
  PID:6540
- C:\Windows\System\AyLonzD.exe
  C:\Windows\System\AyLonzD.exe
  2⤵
  PID:6560
- C:\Windows\System\jAqewdl.exe
  C:\Windows\System\jAqewdl.exe
  2⤵
  PID:6588
- C:\Windows\System\CoaDoFL.exe
  C:\Windows\System\CoaDoFL.exe
  2⤵
  PID:6604
- C:\Windows\System\qMzKSKj.exe
  C:\Windows\System\qMzKSKj.exe
  2⤵
  PID:6620
- C:\Windows\System\TIIdzxJ.exe
  C:\Windows\System\TIIdzxJ.exe
  2⤵
  PID:6636
- C:\Windows\System\nXodqQE.exe
  C:\Windows\System\nXodqQE.exe
  2⤵
  PID:6836
- C:\Windows\System\YEVIQLq.exe
  C:\Windows\System\YEVIQLq.exe
  2⤵
  PID:6852
- C:\Windows\System\ZQvhQJs.exe
  C:\Windows\System\ZQvhQJs.exe
  2⤵
  PID:6868
- C:\Windows\System\omvQpLj.exe
  C:\Windows\System\omvQpLj.exe
  2⤵
  PID:6892
- C:\Windows\System\GrBPeUF.exe
  C:\Windows\System\GrBPeUF.exe
  2⤵
  PID:6908
- C:\Windows\System\EAXiYLP.exe
  C:\Windows\System\EAXiYLP.exe
  2⤵
  PID:6924
- C:\Windows\System\ctIRZDE.exe
  C:\Windows\System\ctIRZDE.exe
  2⤵
  PID:6940
- C:\Windows\System\IXwTTbl.exe
  C:\Windows\System\IXwTTbl.exe
  2⤵
  PID:6956
- C:\Windows\System\GaWMAEp.exe
  C:\Windows\System\GaWMAEp.exe
  2⤵
  PID:6976
- C:\Windows\System\RSvsPsO.exe
  C:\Windows\System\RSvsPsO.exe
  2⤵
  PID:6992
- C:\Windows\System\xUUXcYt.exe
  C:\Windows\System\xUUXcYt.exe
  2⤵
  PID:7008
- C:\Windows\System\lkCVdeU.exe
  C:\Windows\System\lkCVdeU.exe
  2⤵
  PID:7024
- C:\Windows\System\XEiOudA.exe
  C:\Windows\System\XEiOudA.exe
  2⤵
  PID:7040
- C:\Windows\System\oOMEwbC.exe
  C:\Windows\System\oOMEwbC.exe
  2⤵
  PID:7056
- C:\Windows\System\hFhEWEw.exe
  C:\Windows\System\hFhEWEw.exe
  2⤵
  PID:7072
- C:\Windows\System\zXvAvZX.exe
  C:\Windows\System\zXvAvZX.exe
  2⤵
  PID:7088
- C:\Windows\System\tihZwLi.exe
  C:\Windows\System\tihZwLi.exe
  2⤵
  PID:7104
- C:\Windows\System\ieeqHQv.exe
  C:\Windows\System\ieeqHQv.exe
  2⤵
  PID:7120
- C:\Windows\System\daamkQx.exe
  C:\Windows\System\daamkQx.exe
  2⤵
  PID:7136
- C:\Windows\System\CRMneKR.exe
  C:\Windows\System\CRMneKR.exe
  2⤵
  PID:7152
- C:\Windows\System\ovBnwOq.exe
  C:\Windows\System\ovBnwOq.exe
  2⤵
  PID:6152
- C:\Windows\System\HXzmLdK.exe
  C:\Windows\System\HXzmLdK.exe
  2⤵
  PID:6160
- C:\Windows\System\EGGHVaO.exe
  C:\Windows\System\EGGHVaO.exe
  2⤵
  PID:6176
- C:\Windows\System\RvQuAnH.exe
  C:\Windows\System\RvQuAnH.exe
  2⤵
  PID:6216
- C:\Windows\System\sTzJcRm.exe
  C:\Windows\System\sTzJcRm.exe
  2⤵
  PID:6268
- C:\Windows\System\BlmKyue.exe
  C:\Windows\System\BlmKyue.exe
  2⤵
  PID:6108
- C:\Windows\System\IDaTbIg.exe
  C:\Windows\System\IDaTbIg.exe
  2⤵
  PID:6284
- C:\Windows\System\VFPdAFM.exe
  C:\Windows\System\VFPdAFM.exe
  2⤵
  PID:6328
- C:\Windows\System\XLMNJuA.exe
  C:\Windows\System\XLMNJuA.exe
  2⤵
  PID:6344
- C:\Windows\System\xJnaoiG.exe
  C:\Windows\System\xJnaoiG.exe
  2⤵
  PID:6384
- C:\Windows\System\SNiWEQN.exe
  C:\Windows\System\SNiWEQN.exe
  2⤵
  PID:6452
- C:\Windows\System\LbzhNOC.exe
  C:\Windows\System\LbzhNOC.exe
  2⤵
  PID:6472
- C:\Windows\System\ekgBiDH.exe
  C:\Windows\System\ekgBiDH.exe
  2⤵
  PID:6520
- C:\Windows\System\tTIMEWg.exe
  C:\Windows\System\tTIMEWg.exe
  2⤵
  PID:6580
- C:\Windows\System\eGhgZux.exe
  C:\Windows\System\eGhgZux.exe
  2⤵
  PID:6612
- C:\Windows\System\LhUzqoX.exe
  C:\Windows\System\LhUzqoX.exe
  2⤵
  PID:6632
- C:\Windows\System\tBGtIHC.exe
  C:\Windows\System\tBGtIHC.exe
  2⤵
  PID:6660
- C:\Windows\System\iickCfA.exe
  C:\Windows\System\iickCfA.exe
  2⤵
  PID:6736
- C:\Windows\System\IcsLVuC.exe
  C:\Windows\System\IcsLVuC.exe
  2⤵
  PID:6760
- C:\Windows\System\uIrdgfg.exe
  C:\Windows\System\uIrdgfg.exe
  2⤵
  PID:6780
- C:\Windows\System\uRrgZWt.exe
  C:\Windows\System\uRrgZWt.exe
  2⤵
  PID:6796
- C:\Windows\System\uZdXuXH.exe
  C:\Windows\System\uZdXuXH.exe
  2⤵
  PID:6812
- C:\Windows\System\HFoPuTi.exe
  C:\Windows\System\HFoPuTi.exe
  2⤵
  PID:6860
- C:\Windows\System\JGtzLqH.exe
  C:\Windows\System\JGtzLqH.exe
  2⤵
  PID:6880
- C:\Windows\System\zxyRghk.exe
  C:\Windows\System\zxyRghk.exe
  2⤵
  PID:6916
- C:\Windows\System\USTEcXb.exe
  C:\Windows\System\USTEcXb.exe
  2⤵
  PID:6964
- C:\Windows\System\kWPyDVA.exe
  C:\Windows\System\kWPyDVA.exe
  2⤵
  PID:6968
- C:\Windows\System\shOkQJP.exe
  C:\Windows\System\shOkQJP.exe
  2⤵
  PID:7020
- C:\Windows\System\YoKBPse.exe
  C:\Windows\System\YoKBPse.exe
  2⤵
  PID:7068
- C:\Windows\System\sHKcFVi.exe
  C:\Windows\System\sHKcFVi.exe
  2⤵
  PID:7100
- C:\Windows\System\PwznPes.exe
  C:\Windows\System\PwznPes.exe
  2⤵
  PID:7132
- C:\Windows\System\iXqhCjm.exe
  C:\Windows\System\iXqhCjm.exe
  2⤵
  PID:7160
- C:\Windows\System\WdwKCRO.exe
  C:\Windows\System\WdwKCRO.exe
  2⤵
  PID:6228
- C:\Windows\System\KzEYFIf.exe
  C:\Windows\System\KzEYFIf.exe
  2⤵
  PID:6192
- C:\Windows\System\ETKrOYM.exe
  C:\Windows\System\ETKrOYM.exe
  2⤵
  PID:6312
- C:\Windows\System\dZHMGZt.exe
  C:\Windows\System\dZHMGZt.exe
  2⤵
  PID:6388
- C:\Windows\System\upltoHT.exe
  C:\Windows\System\upltoHT.exe
  2⤵
  PID:6488
- C:\Windows\System\yYIdyJH.exe
  C:\Windows\System\yYIdyJH.exe
  2⤵
  PID:6556
- C:\Windows\System\aKxjfMH.exe
  C:\Windows\System\aKxjfMH.exe
  2⤵
  PID:6552
- C:\Windows\System\ZnSbzFW.exe
  C:\Windows\System\ZnSbzFW.exe
  2⤵
  PID:6616
- C:\Windows\System\QxrhzjQ.exe
  C:\Windows\System\QxrhzjQ.exe
  2⤵
  PID:6652
- C:\Windows\System\UvHRZZU.exe
  C:\Windows\System\UvHRZZU.exe
  2⤵
  PID:6668
- C:\Windows\System\rAKmBTH.exe
  C:\Windows\System\rAKmBTH.exe
  2⤵
  PID:6684
- C:\Windows\System\XdOGPaK.exe
  C:\Windows\System\XdOGPaK.exe
  2⤵
  PID:6704
- C:\Windows\System\vbPTwWs.exe
  C:\Windows\System\vbPTwWs.exe
  2⤵
  PID:6724
- C:\Windows\System\nJsXvpO.exe
  C:\Windows\System\nJsXvpO.exe
  2⤵
  PID:6772
- C:\Windows\System\RMleNrL.exe
  C:\Windows\System\RMleNrL.exe
  2⤵
  PID:6792
- C:\Windows\System\hzkxaCC.exe
  C:\Windows\System\hzkxaCC.exe
  2⤵
  PID:6376
- C:\Windows\System\LRTLTXg.exe
  C:\Windows\System\LRTLTXg.exe
  2⤵
  PID:6848
- C:\Windows\System\ucMSWJe.exe
  C:\Windows\System\ucMSWJe.exe
  2⤵
  PID:6816
- C:\Windows\System\kLsscGP.exe
  C:\Windows\System\kLsscGP.exe
  2⤵
  PID:6948
- C:\Windows\System\BQHbqAv.exe
  C:\Windows\System\BQHbqAv.exe
  2⤵
  PID:7016
- C:\Windows\System\fkIRMYH.exe
  C:\Windows\System\fkIRMYH.exe
  2⤵
  PID:7116
- C:\Windows\System\XSuwKdm.exe
  C:\Windows\System\XSuwKdm.exe
  2⤵
  PID:6156
- C:\Windows\System\SZpBbUK.exe
  C:\Windows\System\SZpBbUK.exe
  2⤵
  PID:6200
- C:\Windows\System\BhNjQga.exe
  C:\Windows\System\BhNjQga.exe
  2⤵
  PID:6324
- C:\Windows\System\KxVttQX.exe
  C:\Windows\System\KxVttQX.exe
  2⤵
  PID:6572
- C:\Windows\System\pZMjxAo.exe
  C:\Windows\System\pZMjxAo.exe
  2⤵
  PID:6532
- C:\Windows\System\HpIfLOO.exe
  C:\Windows\System\HpIfLOO.exe
  2⤵
  PID:6576
- C:\Windows\System\MvDQfCQ.exe
  C:\Windows\System\MvDQfCQ.exe
  2⤵
  PID:6700
- C:\Windows\System\ZOMWBqN.exe
  C:\Windows\System\ZOMWBqN.exe
  2⤵
  PID:6720
- C:\Windows\System\Ydwoktp.exe
  C:\Windows\System\Ydwoktp.exe
  2⤵
  PID:6804
- C:\Windows\System\OwAsIZa.exe
  C:\Windows\System\OwAsIZa.exe
  2⤵
  PID:6876
- C:\Windows\System\sXekfGY.exe
  C:\Windows\System\sXekfGY.exe
  2⤵
  PID:6984
- C:\Windows\System\hebjbna.exe
  C:\Windows\System\hebjbna.exe
  2⤵
  PID:6236
- C:\Windows\System\qudUtqe.exe
  C:\Windows\System\qudUtqe.exe
  2⤵
  PID:7052
- C:\Windows\System\LmMEwhn.exe
  C:\Windows\System\LmMEwhn.exe
  2⤵
  PID:6432
- C:\Windows\System\xcKLZJm.exe
  C:\Windows\System\xcKLZJm.exe
  2⤵
  PID:6420
- C:\Windows\System\WBZHcjF.exe
  C:\Windows\System\WBZHcjF.exe
  2⤵
  PID:6680
- C:\Windows\System\BbQklCn.exe
  C:\Windows\System\BbQklCn.exe
  2⤵
  PID:6768
- C:\Windows\System\bpbGrBo.exe
  C:\Windows\System\bpbGrBo.exe
  2⤵
  PID:6824
- C:\Windows\System\jjUUHdm.exe
  C:\Windows\System\jjUUHdm.exe
  2⤵
  PID:7036
- C:\Windows\System\yjwRAbP.exe
  C:\Windows\System\yjwRAbP.exe
  2⤵
  PID:6380
- C:\Windows\System\niwKJyf.exe
  C:\Windows\System\niwKJyf.exe
  2⤵
  PID:6732
- C:\Windows\System\WDATlUE.exe
  C:\Windows\System\WDATlUE.exe
  2⤵
  PID:6672
- C:\Windows\System\fJeJUtx.exe
  C:\Windows\System\fJeJUtx.exe
  2⤵
  PID:6748
- C:\Windows\System\ISprMon.exe
  C:\Windows\System\ISprMon.exe
  2⤵
  PID:6516
- C:\Windows\System\oPXVpku.exe
  C:\Windows\System\oPXVpku.exe
  2⤵
  PID:7496
- C:\Windows\System\GESeCDd.exe
  C:\Windows\System\GESeCDd.exe
  2⤵
  PID:7512
- C:\Windows\System\PexCxYF.exe
  C:\Windows\System\PexCxYF.exe
  2⤵
  PID:7556
- C:\Windows\System\wIqIvbb.exe
  C:\Windows\System\wIqIvbb.exe
  2⤵
  PID:7572
- C:\Windows\System\ZvnHGvm.exe
  C:\Windows\System\ZvnHGvm.exe
  2⤵
  PID:7592
- C:\Windows\System\khwBRWv.exe
  C:\Windows\System\khwBRWv.exe
  2⤵
  PID:7612
- C:\Windows\System\ajyXYQW.exe
  C:\Windows\System\ajyXYQW.exe
  2⤵
  PID:7636
- C:\Windows\System\fPRkmbt.exe
  C:\Windows\System\fPRkmbt.exe
  2⤵
  PID:7652
- C:\Windows\System\mzWzcXH.exe
  C:\Windows\System\mzWzcXH.exe
  2⤵
  PID:7672
- C:\Windows\System\VPjcmgK.exe
  C:\Windows\System\VPjcmgK.exe
  2⤵
  PID:7688
- C:\Windows\System\XRTuVUs.exe
  C:\Windows\System\XRTuVUs.exe
  2⤵
  PID:7708
- C:\Windows\System\lWdNQQo.exe
  C:\Windows\System\lWdNQQo.exe
  2⤵
  PID:7728
- C:\Windows\System\UsvQucd.exe
  C:\Windows\System\UsvQucd.exe
  2⤵
  PID:7744
- C:\Windows\System\AoxGQKq.exe
  C:\Windows\System\AoxGQKq.exe
  2⤵
  PID:7768
- C:\Windows\System\CSTHHUz.exe
  C:\Windows\System\CSTHHUz.exe
  2⤵
  PID:7788
- C:\Windows\System\zyLSzFJ.exe
  C:\Windows\System\zyLSzFJ.exe
  2⤵
  PID:7804
- C:\Windows\System\CmQgnHS.exe
  C:\Windows\System\CmQgnHS.exe
  2⤵
  PID:7836
- C:\Windows\System\cJZHYKH.exe
  C:\Windows\System\cJZHYKH.exe
  2⤵
  PID:7860
- C:\Windows\System\rdUdkEL.exe
  C:\Windows\System\rdUdkEL.exe
  2⤵
  PID:7880
- C:\Windows\System\clTlfwK.exe
  C:\Windows\System\clTlfwK.exe
  2⤵
  PID:7896
- C:\Windows\System\jLIeond.exe
  C:\Windows\System\jLIeond.exe
  2⤵
  PID:7920
- C:\Windows\System\nzJDTXq.exe
  C:\Windows\System\nzJDTXq.exe
  2⤵
  PID:7936
- C:\Windows\System\nwVaSyB.exe
  C:\Windows\System\nwVaSyB.exe
  2⤵
  PID:7960
- C:\Windows\System\VQUBtJH.exe
  C:\Windows\System\VQUBtJH.exe
  2⤵
  PID:7976
- C:\Windows\System\EEEPUcA.exe
  C:\Windows\System\EEEPUcA.exe
  2⤵
  PID:8000
- C:\Windows\System\LxEAFzu.exe
  C:\Windows\System\LxEAFzu.exe
  2⤵
  PID:8016
- C:\Windows\System\pXufpdQ.exe
  C:\Windows\System\pXufpdQ.exe
  2⤵
  PID:8036
- C:\Windows\System\CgTblQr.exe
  C:\Windows\System\CgTblQr.exe
  2⤵
  PID:8052
- C:\Windows\System\JfoSWNh.exe
  C:\Windows\System\JfoSWNh.exe
  2⤵
  PID:8068
- C:\Windows\System\BonzSmJ.exe
  C:\Windows\System\BonzSmJ.exe
  2⤵
  PID:8092
- C:\Windows\System\UnriXTb.exe
  C:\Windows\System\UnriXTb.exe
  2⤵
  PID:8112
- C:\Windows\System\QjmVJOs.exe
  C:\Windows\System\QjmVJOs.exe
  2⤵
  PID:8128
- C:\Windows\System\KdHLIoV.exe
  C:\Windows\System\KdHLIoV.exe
  2⤵
  PID:8148
- C:\Windows\System\ARJhLsv.exe
  C:\Windows\System\ARJhLsv.exe
  2⤵
  PID:8184
- C:\Windows\System\hwaHJCh.exe
  C:\Windows\System\hwaHJCh.exe
  2⤵
  PID:6932
- C:\Windows\System\DkkxwJD.exe
  C:\Windows\System\DkkxwJD.exe
  2⤵
  PID:7184
- C:\Windows\System\zGIMLiL.exe
  C:\Windows\System\zGIMLiL.exe
  2⤵
  PID:7200
- C:\Windows\System\cUIQEyR.exe
  C:\Windows\System\cUIQEyR.exe
  2⤵
  PID:7220
- C:\Windows\System\oCOmtgt.exe
  C:\Windows\System\oCOmtgt.exe
  2⤵
  PID:7248
- C:\Windows\System\wFCSbah.exe
  C:\Windows\System\wFCSbah.exe
  2⤵
  PID:7264
- C:\Windows\System\leWpIEO.exe
  C:\Windows\System\leWpIEO.exe
  2⤵
  PID:7280
- C:\Windows\System\YLlplTR.exe
  C:\Windows\System\YLlplTR.exe
  2⤵
  PID:7300
- C:\Windows\System\WJBtxYy.exe
  C:\Windows\System\WJBtxYy.exe
  2⤵
  PID:7328
- C:\Windows\System\jkIOlqM.exe
  C:\Windows\System\jkIOlqM.exe
  2⤵
  PID:7344
- C:\Windows\System\lKDbroL.exe
  C:\Windows\System\lKDbroL.exe
  2⤵
  PID:7368
- C:\Windows\System\BVBXWRf.exe
  C:\Windows\System\BVBXWRf.exe
  2⤵
  PID:7384
- C:\Windows\System\rZpScHm.exe
  C:\Windows\System\rZpScHm.exe
  2⤵
  PID:7408
- C:\Windows\System\muUfEOI.exe
  C:\Windows\System\muUfEOI.exe
  2⤵
  PID:7424
- C:\Windows\System\mpzhjLD.exe
  C:\Windows\System\mpzhjLD.exe
  2⤵
  PID:1448
- C:\Windows\System\prWBhht.exe
  C:\Windows\System\prWBhht.exe
  2⤵
  PID:2172
- C:\Windows\System\dptmyYL.exe
  C:\Windows\System\dptmyYL.exe
  2⤵
  PID:7476
- C:\Windows\System\cnseWrI.exe
  C:\Windows\System\cnseWrI.exe
  2⤵
  PID:7452
- C:\Windows\System\QzbdTUX.exe
  C:\Windows\System\QzbdTUX.exe
  2⤵
  PID:7492
- C:\Windows\System\SCYCOZv.exe
  C:\Windows\System\SCYCOZv.exe
  2⤵
  PID:7536
- C:\Windows\System\uizNReq.exe
  C:\Windows\System\uizNReq.exe
  2⤵
  PID:7548
- C:\Windows\System\FEpcaSK.exe
  C:\Windows\System\FEpcaSK.exe
  2⤵
  PID:7564
- C:\Windows\System\dJmaDjc.exe
  C:\Windows\System\dJmaDjc.exe
  2⤵
  PID:7608
- C:\Windows\System\ZFLPPiV.exe
  C:\Windows\System\ZFLPPiV.exe
  2⤵
  PID:7644
- C:\Windows\System\uSSwVAk.exe
  C:\Windows\System\uSSwVAk.exe
  2⤵
  PID:7664
- C:\Windows\System\DcAQDVP.exe
  C:\Windows\System\DcAQDVP.exe
  2⤵
  PID:7720
- C:\Windows\System\vBUQmxx.exe
  C:\Windows\System\vBUQmxx.exe
  2⤵
  PID:7764
- C:\Windows\System\WFLIRSC.exe
  C:\Windows\System\WFLIRSC.exe
  2⤵
  PID:7820
- C:\Windows\System\VcpZyUx.exe
  C:\Windows\System\VcpZyUx.exe
  2⤵
  PID:7800
- C:\Windows\System\nLjhTDP.exe
  C:\Windows\System\nLjhTDP.exe
  2⤵
  PID:7848
- C:\Windows\System\MbsXjIX.exe
  C:\Windows\System\MbsXjIX.exe
  2⤵
  PID:7892
- C:\Windows\System\cwGfvxZ.exe
  C:\Windows\System\cwGfvxZ.exe
  2⤵
  PID:7916
- C:\Windows\System\gvTqFRN.exe
  C:\Windows\System\gvTqFRN.exe
  2⤵
  PID:7952
- C:\Windows\System\kUkqecF.exe
  C:\Windows\System\kUkqecF.exe
  2⤵
  PID:7948
- C:\Windows\System\jJQcuqR.exe
  C:\Windows\System\jJQcuqR.exe
  2⤵
  PID:7988
- C:\Windows\System\QGxjmDn.exe
  C:\Windows\System\QGxjmDn.exe
  2⤵
  PID:8028
- C:\Windows\System\gIAwTlt.exe
  C:\Windows\System\gIAwTlt.exe
  2⤵
  PID:8060
- C:\Windows\System\JQcsqOk.exe
  C:\Windows\System\JQcsqOk.exe
  2⤵
  PID:8012
- C:\Windows\System\GRytIFe.exe
  C:\Windows\System\GRytIFe.exe
  2⤵
  PID:8164
- C:\Windows\System\gKVgmVz.exe
  C:\Windows\System\gKVgmVz.exe
  2⤵
  PID:8124
- C:\Windows\System\WbZVJeM.exe
  C:\Windows\System\WbZVJeM.exe
  2⤵
  PID:6304
- C:\Windows\System\MvvHsqJ.exe
  C:\Windows\System\MvvHsqJ.exe
  2⤵
  PID:7192
- C:\Windows\System\rXReQtd.exe
  C:\Windows\System\rXReQtd.exe
  2⤵
  PID:7236
- C:\Windows\System\IZwKmgK.exe
  C:\Windows\System\IZwKmgK.exe
  2⤵
  PID:7216
- C:\Windows\System\GVLdeen.exe
  C:\Windows\System\GVLdeen.exe
  2⤵
  PID:7308
- C:\Windows\System\VnCIBJv.exe
  C:\Windows\System\VnCIBJv.exe
  2⤵
  PID:7288
- C:\Windows\System\ddosDao.exe
  C:\Windows\System\ddosDao.exe
  2⤵
  PID:7352
- C:\Windows\System\uDSNwGC.exe
  C:\Windows\System\uDSNwGC.exe
  2⤵
  PID:7380
- C:\Windows\System\Zjstkzo.exe
  C:\Windows\System\Zjstkzo.exe
  2⤵
  PID:7420
- C:\Windows\System\kDCQAmu.exe
  C:\Windows\System\kDCQAmu.exe
  2⤵
  PID:7084
- C:\Windows\System\WxbKMio.exe
  C:\Windows\System\WxbKMio.exe
  2⤵
  PID:952
- C:\Windows\System\XSyHWkk.exe
  C:\Windows\System\XSyHWkk.exe
  2⤵
  PID:7488
- C:\Windows\System\ciuKqct.exe
  C:\Windows\System\ciuKqct.exe
  2⤵
  PID:7604
- C:\Windows\System\HqVNIxe.exe
  C:\Windows\System\HqVNIxe.exe
  2⤵
  PID:7532
- C:\Windows\System\nAGlhAc.exe
  C:\Windows\System\nAGlhAc.exe
  2⤵
  PID:7680
- C:\Windows\System\KxKZnGZ.exe
  C:\Windows\System\KxKZnGZ.exe
  2⤵
  PID:7736
- C:\Windows\System\eTSLeOd.exe
  C:\Windows\System\eTSLeOd.exe
  2⤵
  PID:7756
- C:\Windows\System\ioWnYpH.exe
  C:\Windows\System\ioWnYpH.exe
  2⤵
  PID:7828
- C:\Windows\System\AhjKXUQ.exe
  C:\Windows\System\AhjKXUQ.exe
  2⤵
  PID:7876
- C:\Windows\System\fvMxQPj.exe
  C:\Windows\System\fvMxQPj.exe
  2⤵
  PID:2880
- C:\Windows\System\TILJwza.exe
  C:\Windows\System\TILJwza.exe
  2⤵
  PID:8032
- C:\Windows\System\kfLoofD.exe
  C:\Windows\System\kfLoofD.exe
  2⤵
  PID:2824
- C:\Windows\System\WNEXows.exe
  C:\Windows\System\WNEXows.exe
  2⤵
  PID:7904
- C:\Windows\System\lDljERL.exe
  C:\Windows\System\lDljERL.exe
  2⤵
  PID:8108
- C:\Windows\System\ORsJjQg.exe
  C:\Windows\System\ORsJjQg.exe
  2⤵
  PID:8160
- C:\Windows\System\gxEOxjo.exe
  C:\Windows\System\gxEOxjo.exe
  2⤵
  PID:7272
- C:\Windows\System\ZVPlVLM.exe
  C:\Windows\System\ZVPlVLM.exe
  2⤵
  PID:7276
- C:\Windows\System\kAWUOAD.exe
  C:\Windows\System\kAWUOAD.exe
  2⤵
  PID:7336
- C:\Windows\System\dtwoFNh.exe
  C:\Windows\System\dtwoFNh.exe
  2⤵
  PID:7360
- C:\Windows\System\KXKAQde.exe
  C:\Windows\System\KXKAQde.exe
  2⤵
  PID:7404
- C:\Windows\System\ricPXRt.exe
  C:\Windows\System\ricPXRt.exe
  2⤵
  PID:7176
- C:\Windows\System\RHBYvxg.exe
  C:\Windows\System\RHBYvxg.exe
  2⤵
  PID:7484
- C:\Windows\System\rtCwcqK.exe
  C:\Windows\System\rtCwcqK.exe
  2⤵
  PID:7580
- C:\Windows\System\SwyGNop.exe
  C:\Windows\System\SwyGNop.exe
  2⤵
  PID:7632
- C:\Windows\System\OAhjxhj.exe
  C:\Windows\System\OAhjxhj.exe
  2⤵
  PID:7812
- C:\Windows\System\rUqYwKI.exe
  C:\Windows\System\rUqYwKI.exe
  2⤵
  PID:7844
- C:\Windows\System\sFfsgHp.exe
  C:\Windows\System\sFfsgHp.exe
  2⤵
  PID:7908
- C:\Windows\System\uSJhFwt.exe
  C:\Windows\System\uSJhFwt.exe
  2⤵
  PID:8088
- C:\Windows\System\JPLsTbT.exe
  C:\Windows\System\JPLsTbT.exe
  2⤵
  PID:7932
- C:\Windows\System\ncSFxxG.exe
  C:\Windows\System\ncSFxxG.exe
  2⤵
  PID:8156
- C:\Windows\System\Tvldfop.exe
  C:\Windows\System\Tvldfop.exe
  2⤵
  PID:7260
- C:\Windows\System\NdYvRnr.exe
  C:\Windows\System\NdYvRnr.exe
  2⤵
  PID:7356
- C:\Windows\System\QJcdAcd.exe
  C:\Windows\System\QJcdAcd.exe
  2⤵
  PID:7212
- C:\Windows\System\lhNpCqe.exe
  C:\Windows\System\lhNpCqe.exe
  2⤵
  PID:7600
- C:\Windows\System\hqgDhHS.exe
  C:\Windows\System\hqgDhHS.exe
  2⤵
  PID:1364
- C:\Windows\System\fqmHDXb.exe
  C:\Windows\System\fqmHDXb.exe
  2⤵
  PID:7784
- C:\Windows\System\ZbOVzuT.exe
  C:\Windows\System\ZbOVzuT.exe
  2⤵
  PID:2948
- C:\Windows\System\BiTaEOH.exe
  C:\Windows\System\BiTaEOH.exe
  2⤵
  PID:7232
- C:\Windows\System\BDyIQwE.exe
  C:\Windows\System\BDyIQwE.exe
  2⤵
  PID:7584
- C:\Windows\System\fvSdyxs.exe
  C:\Windows\System\fvSdyxs.exe
  2⤵
  PID:8080
- C:\Windows\System\FJbJfkJ.exe
  C:\Windows\System\FJbJfkJ.exe
  2⤵
  PID:7996
- C:\Windows\System\iGyCTxA.exe
  C:\Windows\System\iGyCTxA.exe
  2⤵
  PID:7816
- C:\Windows\System\eNOHZmC.exe
  C:\Windows\System\eNOHZmC.exe
  2⤵
  PID:7432
- C:\Windows\System\FxXJpjt.exe
  C:\Windows\System\FxXJpjt.exe
  2⤵
  PID:7704
- C:\Windows\System\onFezhz.exe
  C:\Windows\System\onFezhz.exe
  2⤵
  PID:7856
- C:\Windows\System\omuCxZy.exe
  C:\Windows\System\omuCxZy.exe
  2⤵
  PID:8024
- C:\Windows\System\EPmXDYZ.exe
  C:\Windows\System\EPmXDYZ.exe
  2⤵
  PID:7180
- C:\Windows\System\TWeipss.exe
  C:\Windows\System\TWeipss.exe
  2⤵
  PID:7568
- C:\Windows\System\aVJlGZJ.exe
  C:\Windows\System\aVJlGZJ.exe
  2⤵
  PID:8204
- C:\Windows\System\hafJhuh.exe
  C:\Windows\System\hafJhuh.exe
  2⤵
  PID:8224
- C:\Windows\System\cypPztd.exe
  C:\Windows\System\cypPztd.exe
  2⤵
  PID:8272
- C:\Windows\System\qxAAYiX.exe
  C:\Windows\System\qxAAYiX.exe
  2⤵
  PID:8288
- C:\Windows\System\XCSvrAh.exe
  C:\Windows\System\XCSvrAh.exe
  2⤵
  PID:8308
- C:\Windows\System\uXqybNh.exe
  C:\Windows\System\uXqybNh.exe
  2⤵
  PID:8324
- C:\Windows\System\NoBkLfU.exe
  C:\Windows\System\NoBkLfU.exe
  2⤵
  PID:8340
- C:\Windows\System\zTApMMn.exe
  C:\Windows\System\zTApMMn.exe
  2⤵
  PID:8356
- C:\Windows\System\TozfbIp.exe
  C:\Windows\System\TozfbIp.exe
  2⤵
  PID:8376
- C:\Windows\System\oewfjMf.exe
  C:\Windows\System\oewfjMf.exe
  2⤵
  PID:8392
- C:\Windows\System\oZOGcZF.exe
  C:\Windows\System\oZOGcZF.exe
  2⤵
  PID:8408
- C:\Windows\System\QpqiJZY.exe
  C:\Windows\System\QpqiJZY.exe
  2⤵
  PID:8428
- C:\Windows\System\bAIJlXK.exe
  C:\Windows\System\bAIJlXK.exe
  2⤵
  PID:8448
- C:\Windows\System\jDeiRmX.exe
  C:\Windows\System\jDeiRmX.exe
  2⤵
  PID:8468
- C:\Windows\System\nEYOaPb.exe
  C:\Windows\System\nEYOaPb.exe
  2⤵
  PID:8508
- C:\Windows\System\SevYBAc.exe
  C:\Windows\System\SevYBAc.exe
  2⤵
  PID:8524
- C:\Windows\System\zQmVQph.exe
  C:\Windows\System\zQmVQph.exe
  2⤵
  PID:8544
- C:\Windows\System\iuHsHSx.exe
  C:\Windows\System\iuHsHSx.exe
  2⤵
  PID:8564
- C:\Windows\System\ihCsjlC.exe
  C:\Windows\System\ihCsjlC.exe
  2⤵
  PID:8588
- C:\Windows\System\ZQmqxfM.exe
  C:\Windows\System\ZQmqxfM.exe
  2⤵
  PID:8612
- C:\Windows\System\hPchwib.exe
  C:\Windows\System\hPchwib.exe
  2⤵
  PID:8632
- C:\Windows\System\bsrIBky.exe
  C:\Windows\System\bsrIBky.exe
  2⤵
  PID:8648
- C:\Windows\System\TmQnAxJ.exe
  C:\Windows\System\TmQnAxJ.exe
  2⤵
  PID:8668
- C:\Windows\System\pasGHGZ.exe
  C:\Windows\System\pasGHGZ.exe
  2⤵
  PID:8684
- C:\Windows\System\ZMuJArE.exe
  C:\Windows\System\ZMuJArE.exe
  2⤵
  PID:8712
- C:\Windows\System\VmWDeVo.exe
  C:\Windows\System\VmWDeVo.exe
  2⤵
  PID:8728
- C:\Windows\System\ltumtYi.exe
  C:\Windows\System\ltumtYi.exe
  2⤵
  PID:8748
- C:\Windows\System\FqNPQnN.exe
  C:\Windows\System\FqNPQnN.exe
  2⤵
  PID:8768
- C:\Windows\System\VpWMhTx.exe
  C:\Windows\System\VpWMhTx.exe
  2⤵
  PID:8792
- C:\Windows\System\Ezogqht.exe
  C:\Windows\System\Ezogqht.exe
  2⤵
  PID:8812
- C:\Windows\System\nZsUHYN.exe
  C:\Windows\System\nZsUHYN.exe
  2⤵
  PID:8832
- C:\Windows\System\EozpWFu.exe
  C:\Windows\System\EozpWFu.exe
  2⤵
  PID:8852
- C:\Windows\System\KlmQjXH.exe
  C:\Windows\System\KlmQjXH.exe
  2⤵
  PID:8876
- C:\Windows\System\dxJdLsX.exe
  C:\Windows\System\dxJdLsX.exe
  2⤵
  PID:8892
- C:\Windows\System\kSQwcRV.exe
  C:\Windows\System\kSQwcRV.exe
  2⤵
  PID:8912
- C:\Windows\System\TDfDSnm.exe
  C:\Windows\System\TDfDSnm.exe
  2⤵
  PID:8928
- C:\Windows\System\CRbBoXy.exe
  C:\Windows\System\CRbBoXy.exe
  2⤵
  PID:8956
- C:\Windows\System\vVbOlHN.exe
  C:\Windows\System\vVbOlHN.exe
  2⤵
  PID:8972
- C:\Windows\System\wgtUhVV.exe
  C:\Windows\System\wgtUhVV.exe
  2⤵
  PID:8996
- C:\Windows\System\zePAxFA.exe
  C:\Windows\System\zePAxFA.exe
  2⤵
  PID:9012
- C:\Windows\System\OjnVgAQ.exe
  C:\Windows\System\OjnVgAQ.exe
  2⤵
  PID:9036
- C:\Windows\System\NfJVHBP.exe
  C:\Windows\System\NfJVHBP.exe
  2⤵
  PID:9052
- C:\Windows\System\TaEkZPl.exe
  C:\Windows\System\TaEkZPl.exe
  2⤵
  PID:9072
- C:\Windows\System\TtHERYe.exe
  C:\Windows\System\TtHERYe.exe
  2⤵
  PID:9088
- C:\Windows\System\kaMbChC.exe
  C:\Windows\System\kaMbChC.exe
  2⤵
  PID:9108
- C:\Windows\System\WzanyAj.exe
  C:\Windows\System\WzanyAj.exe
  2⤵
  PID:9128
- C:\Windows\System\BQmACFW.exe
  C:\Windows\System\BQmACFW.exe
  2⤵
  PID:9156
- C:\Windows\System\MuLfNLQ.exe
  C:\Windows\System\MuLfNLQ.exe
  2⤵
  PID:9172
- C:\Windows\System\ySAjClM.exe
  C:\Windows\System\ySAjClM.exe
  2⤵
  PID:9192
- C:\Windows\System\JUDEhZo.exe
  C:\Windows\System\JUDEhZo.exe
  2⤵
  PID:9208
- C:\Windows\System\rQHPqAJ.exe
  C:\Windows\System\rQHPqAJ.exe
  2⤵
  PID:8200
- C:\Windows\System\qwoyVRr.exe
  C:\Windows\System\qwoyVRr.exe
  2⤵
  PID:7228
- C:\Windows\System\awHgZvK.exe
  C:\Windows\System\awHgZvK.exe
  2⤵
  PID:8244
- C:\Windows\System\PZVhYHS.exe
  C:\Windows\System\PZVhYHS.exe
  2⤵
  PID:7460
- C:\Windows\System\shStSFY.exe
  C:\Windows\System\shStSFY.exe
  2⤵
  PID:8300
- C:\Windows\System\VgQBxqC.exe
  C:\Windows\System\VgQBxqC.exe
  2⤵
  PID:8372
- C:\Windows\System\ZIhdUjR.exe
  C:\Windows\System\ZIhdUjR.exe
  2⤵
  PID:8440
- C:\Windows\System\iXjkLao.exe
  C:\Windows\System\iXjkLao.exe
  2⤵
  PID:8484
- C:\Windows\System\JszzMkB.exe
  C:\Windows\System\JszzMkB.exe
  2⤵
  PID:8456
- C:\Windows\System\oqjctxG.exe
  C:\Windows\System\oqjctxG.exe
  2⤵
  PID:8320
- C:\Windows\System\PjXNKAy.exe
  C:\Windows\System\PjXNKAy.exe
  2⤵
  PID:8424
- C:\Windows\System\mtIkrql.exe
  C:\Windows\System\mtIkrql.exe
  2⤵
  PID:8576
- C:\Windows\System\VbOsIAU.exe
  C:\Windows\System\VbOsIAU.exe
  2⤵
  PID:8596
- C:\Windows\System\LCPVpoN.exe
  C:\Windows\System\LCPVpoN.exe
  2⤵
  PID:8560
- C:\Windows\System\wWFnmri.exe
  C:\Windows\System\wWFnmri.exe
  2⤵
  PID:8660
- C:\Windows\System\pOnBbLT.exe
  C:\Windows\System\pOnBbLT.exe
  2⤵
  PID:8676
- C:\Windows\System\GyxkGgK.exe
  C:\Windows\System\GyxkGgK.exe
  2⤵
  PID:8704
- C:\Windows\System\oemaUsE.exe
  C:\Windows\System\oemaUsE.exe
  2⤵
  PID:8744
- C:\Windows\System\nrXizpC.exe
  C:\Windows\System\nrXizpC.exe
  2⤵
  PID:8764
- C:\Windows\System\NNiXjJt.exe
  C:\Windows\System\NNiXjJt.exe
  2⤵
  PID:8800
- C:\Windows\System\YlOcTpi.exe
  C:\Windows\System\YlOcTpi.exe
  2⤵
  PID:8844
- C:\Windows\System\TIxgEBv.exe
  C:\Windows\System\TIxgEBv.exe
  2⤵
  PID:8848
- C:\Windows\System\SiEapsr.exe
  C:\Windows\System\SiEapsr.exe
  2⤵
  PID:8908
- C:\Windows\System\MXZBtyC.exe
  C:\Windows\System\MXZBtyC.exe
  2⤵
  PID:8888
- C:\Windows\System\AnxprPf.exe
  C:\Windows\System\AnxprPf.exe
  2⤵
  PID:8980
- C:\Windows\System\LaXeIgI.exe
  C:\Windows\System\LaXeIgI.exe
  2⤵
  PID:9004
- C:\Windows\System\ayGHptH.exe
  C:\Windows\System\ayGHptH.exe
  2⤵
  PID:9028
- C:\Windows\System\ZUNWllx.exe
  C:\Windows\System\ZUNWllx.exe
  2⤵
  PID:9068
- C:\Windows\System\RhSTKxS.exe
  C:\Windows\System\RhSTKxS.exe
  2⤵
  PID:9084
- C:\Windows\System\WLUwLtT.exe
  C:\Windows\System\WLUwLtT.exe
  2⤵
  PID:9124
- C:\Windows\System\yVrnsjK.exe
  C:\Windows\System\yVrnsjK.exe
  2⤵
  PID:9180
- C:\Windows\System\tBCNWOI.exe
  C:\Windows\System\tBCNWOI.exe
  2⤵
  PID:7400
- C:\Windows\System\fJZCLth.exe
  C:\Windows\System\fJZCLth.exe
  2⤵
  PID:8240
- C:\Windows\System\MqBHJGO.exe
  C:\Windows\System\MqBHJGO.exe
  2⤵
  PID:7320
- C:\Windows\System\AyAAdWR.exe
  C:\Windows\System\AyAAdWR.exe
  2⤵
  PID:8336
- C:\Windows\System\OrehomT.exe
  C:\Windows\System\OrehomT.exe
  2⤵
  PID:8332
- C:\Windows\System\YiHhJNc.exe
  C:\Windows\System\YiHhJNc.exe
  2⤵
  PID:8420
- C:\Windows\System\idmcyWn.exe
  C:\Windows\System\idmcyWn.exe
  2⤵
  PID:8584
- C:\Windows\System\AtQeuxl.exe
  C:\Windows\System\AtQeuxl.exe
  2⤵
  PID:8516
- C:\Windows\System\wFaqFts.exe
  C:\Windows\System\wFaqFts.exe
  2⤵
  PID:8608
- C:\Windows\System\FNgqmkH.exe
  C:\Windows\System\FNgqmkH.exe
  2⤵
  PID:8656
- C:\Windows\System\CtMgTPC.exe
  C:\Windows\System\CtMgTPC.exe
  2⤵
  PID:8696
- C:\Windows\System\lcdWFzy.exe
  C:\Windows\System\lcdWFzy.exe
  2⤵
  PID:8724
- C:\Windows\System\CZWnIiQ.exe
  C:\Windows\System\CZWnIiQ.exe
  2⤵
  PID:8784
- C:\Windows\System\MNVsEhd.exe
  C:\Windows\System\MNVsEhd.exe
  2⤵
  PID:8840
- C:\Windows\System\JkWPkDh.exe
  C:\Windows\System\JkWPkDh.exe
  2⤵
  PID:8904
- C:\Windows\System\tYnORgf.exe
  C:\Windows\System\tYnORgf.exe
  2⤵
  PID:8944
- C:\Windows\System\NsdXupb.exe
  C:\Windows\System\NsdXupb.exe
  2⤵
  PID:9048
- C:\Windows\System\BZQngQL.exe
  C:\Windows\System\BZQngQL.exe
  2⤵
  PID:9060
- C:\Windows\System\JEdnDpJ.exe
  C:\Windows\System\JEdnDpJ.exe
  2⤵
  PID:9104
- C:\Windows\System\ogOscLv.exe
  C:\Windows\System\ogOscLv.exe
  2⤵
  PID:9140
- C:\Windows\System\UspigVX.exe
  C:\Windows\System\UspigVX.exe
  2⤵
  PID:9120
- C:\Windows\System\JXsEsmr.exe
  C:\Windows\System\JXsEsmr.exe
  2⤵
  PID:8400
- C:\Windows\System\OyzFdTg.exe
  C:\Windows\System\OyzFdTg.exe
  2⤵
  PID:8504
- C:\Windows\System\EdjOqUK.exe
  C:\Windows\System\EdjOqUK.exe
  2⤵
  PID:8580
- C:\Windows\System\bWVvpZO.exe
  C:\Windows\System\bWVvpZO.exe
  2⤵
  PID:8532
- C:\Windows\System\IFMaKfO.exe
  C:\Windows\System\IFMaKfO.exe
  2⤵
  PID:8604
- C:\Windows\System\wzzbqBm.exe
  C:\Windows\System\wzzbqBm.exe
  2⤵
  PID:8804
- C:\Windows\System\mQqnXUt.exe
  C:\Windows\System\mQqnXUt.exe
  2⤵
  PID:8644
- C:\Windows\System\ITBgTnR.exe
  C:\Windows\System\ITBgTnR.exe
  2⤵
  PID:8884
- C:\Windows\System\TJcADou.exe
  C:\Windows\System\TJcADou.exe
  2⤵
  PID:8964
- C:\Windows\System\BbBygjt.exe
  C:\Windows\System\BbBygjt.exe
  2⤵
  PID:8236
- C:\Windows\System\nfcUVtA.exe
  C:\Windows\System\nfcUVtA.exe
  2⤵
  PID:9204
- C:\Windows\System\wbLIJCJ.exe
  C:\Windows\System\wbLIJCJ.exe
  2⤵
  PID:8488
- C:\Windows\System\LfKBvFw.exe
  C:\Windows\System\LfKBvFw.exe
  2⤵
  PID:8520
- C:\Windows\System\MVsexiS.exe
  C:\Windows\System\MVsexiS.exe
  2⤵
  PID:8628
- C:\Windows\System\SpRhRZT.exe
  C:\Windows\System\SpRhRZT.exe
  2⤵
  PID:8952
- C:\Windows\System\IuruZSa.exe
  C:\Windows\System\IuruZSa.exe
  2⤵
  PID:8780
- C:\Windows\System\TFIylda.exe
  C:\Windows\System\TFIylda.exe
  2⤵
  PID:7684
- C:\Windows\System\EOlgMyJ.exe
  C:\Windows\System\EOlgMyJ.exe
  2⤵
  PID:9168
- C:\Windows\System\LTmfBxT.exe
  C:\Windows\System\LTmfBxT.exe
  2⤵
  PID:8476
- C:\Windows\System\WXuruFD.exe
  C:\Windows\System\WXuruFD.exe
  2⤵
  PID:8556
- C:\Windows\System\xMGGbGc.exe
  C:\Windows\System\xMGGbGc.exe
  2⤵
  PID:9184
- C:\Windows\System\HORtLBz.exe
  C:\Windows\System\HORtLBz.exe
  2⤵
  PID:9144
- C:\Windows\System\rintmNJ.exe
  C:\Windows\System\rintmNJ.exe
  2⤵
  PID:8924
- C:\Windows\System\KBmlVao.exe
  C:\Windows\System\KBmlVao.exe
  2⤵
  PID:8640
- C:\Windows\System\CDoyrjJ.exe
  C:\Windows\System\CDoyrjJ.exe
  2⤵
  PID:9136
- C:\Windows\System\CXjWEbe.exe
  C:\Windows\System\CXjWEbe.exe
  2⤵
  PID:8720
- C:\Windows\System\suwBOlN.exe
  C:\Windows\System\suwBOlN.exe
  2⤵
  PID:9228
- C:\Windows\System\yeLxftl.exe
  C:\Windows\System\yeLxftl.exe
  2⤵
  PID:9244
- C:\Windows\System\aABVqUF.exe
  C:\Windows\System\aABVqUF.exe
  2⤵
  PID:9268
- C:\Windows\System\CGIvOzp.exe
  C:\Windows\System\CGIvOzp.exe
  2⤵
  PID:9284
- C:\Windows\System\MgFpaoO.exe
  C:\Windows\System\MgFpaoO.exe
  2⤵
  PID:9308
- C:\Windows\System\bBhPsxF.exe
  C:\Windows\System\bBhPsxF.exe
  2⤵
  PID:9324
- C:\Windows\System\fKktlUI.exe
  C:\Windows\System\fKktlUI.exe
  2⤵
  PID:9348
- C:\Windows\System\duJzYGb.exe
  C:\Windows\System\duJzYGb.exe
  2⤵
  PID:9368
- C:\Windows\System\LOMIXTe.exe
  C:\Windows\System\LOMIXTe.exe
  2⤵
  PID:9384
- C:\Windows\System\tPkPiFw.exe
  C:\Windows\System\tPkPiFw.exe
  2⤵
  PID:9404
- C:\Windows\System\rraTKQX.exe
  C:\Windows\System\rraTKQX.exe
  2⤵
  PID:9424
- C:\Windows\System\OKsxgkn.exe
  C:\Windows\System\OKsxgkn.exe
  2⤵
  PID:9440
- C:\Windows\System\dctRndP.exe
  C:\Windows\System\dctRndP.exe
  2⤵
  PID:9468
- C:\Windows\System\SPEIOUE.exe
  C:\Windows\System\SPEIOUE.exe
  2⤵
  PID:9484
- C:\Windows\System\bmZZgpT.exe
  C:\Windows\System\bmZZgpT.exe
  2⤵
  PID:9504
- C:\Windows\System\ZicKwXO.exe
  C:\Windows\System\ZicKwXO.exe
  2⤵
  PID:9520
- C:\Windows\System\AMAXQFh.exe
  C:\Windows\System\AMAXQFh.exe
  2⤵
  PID:9548
- C:\Windows\System\hfinkcX.exe
  C:\Windows\System\hfinkcX.exe
  2⤵
  PID:9564
- C:\Windows\System\ivDZQuF.exe
  C:\Windows\System\ivDZQuF.exe
  2⤵
  PID:9588
- C:\Windows\System\TrRBmTi.exe
  C:\Windows\System\TrRBmTi.exe
  2⤵
  PID:9604
- C:\Windows\System\ehkhELC.exe
  C:\Windows\System\ehkhELC.exe
  2⤵
  PID:9620
- C:\Windows\System\MheOHEG.exe
  C:\Windows\System\MheOHEG.exe
  2⤵
  PID:9640
- C:\Windows\System\WMMOgzL.exe
  C:\Windows\System\WMMOgzL.exe
  2⤵
  PID:9656
- C:\Windows\System\xmKERyz.exe
  C:\Windows\System\xmKERyz.exe
  2⤵
  PID:9680
- C:\Windows\System\GXlBPbj.exe
  C:\Windows\System\GXlBPbj.exe
  2⤵
  PID:9704
- C:\Windows\System\qTvlaqn.exe
  C:\Windows\System\qTvlaqn.exe
  2⤵
  PID:9720
- C:\Windows\System\KemcjjJ.exe
  C:\Windows\System\KemcjjJ.exe
  2⤵
  PID:9740
- C:\Windows\System\njgMgWq.exe
  C:\Windows\System\njgMgWq.exe
  2⤵
  PID:9756
- C:\Windows\System\FLZwGUu.exe
  C:\Windows\System\FLZwGUu.exe
  2⤵
  PID:9792
- C:\Windows\System\RlcNWpZ.exe
  C:\Windows\System\RlcNWpZ.exe
  2⤵
  PID:9808
- C:\Windows\System\hVXocwV.exe
  C:\Windows\System\hVXocwV.exe
  2⤵
  PID:9828
- C:\Windows\System\ByHERkZ.exe
  C:\Windows\System\ByHERkZ.exe
  2⤵
  PID:9844
- C:\Windows\System\lYwjzPs.exe
  C:\Windows\System\lYwjzPs.exe
  2⤵
  PID:9860
- C:\Windows\System\mMqFLEh.exe
  C:\Windows\System\mMqFLEh.exe
  2⤵
  PID:9880
- C:\Windows\System\lePJEPq.exe
  C:\Windows\System\lePJEPq.exe
  2⤵
  PID:9900
- C:\Windows\System\jsUjayI.exe
  C:\Windows\System\jsUjayI.exe
  2⤵
  PID:9920
- C:\Windows\System\DHDEBoL.exe
  C:\Windows\System\DHDEBoL.exe
  2⤵
  PID:9952
- C:\Windows\System\XVqRTLC.exe
  C:\Windows\System\XVqRTLC.exe
  2⤵
  PID:9968
- C:\Windows\System\WKUKeYM.exe
  C:\Windows\System\WKUKeYM.exe
  2⤵
  PID:9988
- C:\Windows\System\fkWBRAV.exe
  C:\Windows\System\fkWBRAV.exe
  2⤵
  PID:10008
- C:\Windows\System\TDbNZvG.exe
  C:\Windows\System\TDbNZvG.exe
  2⤵
  PID:10028
- C:\Windows\System\KIqKtbA.exe
  C:\Windows\System\KIqKtbA.exe
  2⤵
  PID:10044
- C:\Windows\System\HlrzDKV.exe
  C:\Windows\System\HlrzDKV.exe
  2⤵
  PID:10072
- C:\Windows\System\tGzDOIN.exe
  C:\Windows\System\tGzDOIN.exe
  2⤵
  PID:10092
- C:\Windows\System\liRTfZe.exe
  C:\Windows\System\liRTfZe.exe
  2⤵
  PID:10108
- C:\Windows\System\EFHskmN.exe
  C:\Windows\System\EFHskmN.exe
  2⤵
  PID:10124
- C:\Windows\System\JhYACYF.exe
  C:\Windows\System\JhYACYF.exe
  2⤵
  PID:10140
- C:\Windows\System\JDjfTiD.exe
  C:\Windows\System\JDjfTiD.exe
  2⤵
  PID:10160
- C:\Windows\System\djybDxp.exe
  C:\Windows\System\djybDxp.exe
  2⤵
  PID:10188
- C:\Windows\System\cpbknUa.exe
  C:\Windows\System\cpbknUa.exe
  2⤵
  PID:10212
- C:\Windows\System\pwsOrZM.exe
  C:\Windows\System\pwsOrZM.exe
  2⤵
  PID:10228
- C:\Windows\System\jasesfQ.exe
  C:\Windows\System\jasesfQ.exe
  2⤵
  PID:9224
- C:\Windows\System\LRAhzVY.exe
  C:\Windows\System\LRAhzVY.exe
  2⤵
  PID:9260
- C:\Windows\System\GgfJxOb.exe
  C:\Windows\System\GgfJxOb.exe
  2⤵
  PID:9300
- C:\Windows\System\TubVfqg.exe
  C:\Windows\System\TubVfqg.exe
  2⤵
  PID:9316
- C:\Windows\System\OmhyjKF.exe
  C:\Windows\System\OmhyjKF.exe
  2⤵
  PID:9360
- C:\Windows\System\clLYvTF.exe
  C:\Windows\System\clLYvTF.exe
  2⤵
  PID:9412
- C:\Windows\System\vTpvexG.exe
  C:\Windows\System\vTpvexG.exe
  2⤵
  PID:9396
- C:\Windows\System\cmZYSbN.exe
  C:\Windows\System\cmZYSbN.exe
  2⤵
  PID:9400
- C:\Windows\System\qjgOjSH.exe
  C:\Windows\System\qjgOjSH.exe
  2⤵
  PID:9496
- C:\Windows\System\DEbelnq.exe
  C:\Windows\System\DEbelnq.exe
  2⤵
  PID:9540
- C:\Windows\System\hbHYvVV.exe
  C:\Windows\System\hbHYvVV.exe
  2⤵
  PID:9556
- C:\Windows\System\TmPJoiq.exe
  C:\Windows\System\TmPJoiq.exe
  2⤵
  PID:9580
- C:\Windows\System\TOaOrmx.exe
  C:\Windows\System\TOaOrmx.exe
  2⤵
  PID:9648
- C:\Windows\System\yWuZWvh.exe
  C:\Windows\System\yWuZWvh.exe
  2⤵
  PID:9700
- C:\Windows\System\GFdZRoV.exe
  C:\Windows\System\GFdZRoV.exe
  2⤵
  PID:9668
- C:\Windows\System\VrXHSnY.exe
  C:\Windows\System\VrXHSnY.exe
  2⤵
  PID:9716
- C:\Windows\System\PywGmZJ.exe
  C:\Windows\System\PywGmZJ.exe
  2⤵
  PID:9788
- C:\Windows\System\VEhdnMC.exe
  C:\Windows\System\VEhdnMC.exe
  2⤵
  PID:9768
- C:\Windows\System\XXvxRQD.exe
  C:\Windows\System\XXvxRQD.exe
  2⤵
  PID:9892
- C:\Windows\System\DXPCFmg.exe
  C:\Windows\System\DXPCFmg.exe
  2⤵
  PID:9928
- C:\Windows\System\pqkAobh.exe
  C:\Windows\System\pqkAobh.exe
  2⤵
  PID:9804
- C:\Windows\System\mAgFmia.exe
  C:\Windows\System\mAgFmia.exe
  2⤵
  PID:9912
- C:\Windows\System\BPvuRRB.exe
  C:\Windows\System\BPvuRRB.exe
  2⤵
  PID:9948
- C:\Windows\System\noLnxtU.exe
  C:\Windows\System\noLnxtU.exe
  2⤵
  PID:9996
- C:\Windows\System\pCYZLFK.exe
  C:\Windows\System\pCYZLFK.exe
  2⤵
  PID:10024
- C:\Windows\System\IhwHPHq.exe
  C:\Windows\System\IhwHPHq.exe
  2⤵
  PID:10040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AhGEtIY.exe

Filesize
6.0MB

MD5
be5502382f96830fadeb8992ddd5cec2

SHA1
98d9cf6e91143fc7285ffd63f0484d16cbbf8ac3

SHA256
d04d88233c9c12a908d41ab80bc88be1e42f4f41fdc109119ae886e618716eb0

SHA512
f5f858d74b252f56e0bebf09b30b8474d00496fc8ac41c98e4ece1155bc9c51b4920188d543a695b401d159ddac46f27b034b862507c0b3842f0ee804415f324

Download Submit
C:\Windows\system\DYAtSpi.exe

Filesize
6.0MB

MD5
e4d288363b9423441deb861144f13db9

SHA1
1c3fbdbfe1bb72c0b0ec061967bdfb077ee173df

SHA256
fd74a9f40c2bbf0528bdb89e55f55e62fe3c06119be7d665055894f54387d9da

SHA512
8e2d96cff0aba7040cae15f3df23b04a5de352e6d585fc2eaf85bc095e207e7ef682a87927022681304852c9df371083bc68c1ef61fc54db402976547e087fa0

Download Submit
C:\Windows\system\DdaimSV.exe

Filesize
6.0MB

MD5
c049caf7c69e202ff105db222a94fcc6

SHA1
0bb99bcc62a87b4ac0f08fe6da50d8d43f93e644

SHA256
26104047441019d8c63ba7bcce6827fbab66a3ae8dcd730b3e58cc40c78060de

SHA512
69fe1e6cd4463504580f561e585771a78c06df1229ed9a32ef97b1ec07f7b7152b3c046e9b98ee68519c3019ae76173585bca06c724107145866340463f3f5c0

Download Submit
C:\Windows\system\FPziYqF.exe

Filesize
6.0MB

MD5
4ebebf509d09a95ebb34c96230e15f31

SHA1
014963a5f71511965e6c836810e376624daf36a5

SHA256
17eed8cf5340310360ac0a77355759d8cb14b6e72500f618cccc6a21c455eb1b

SHA512
92ec6330af90d495af33204af5b49efe23a674a6349f4e91739bd9eb8a9272353a7e833bad104660c02b8ea2a779fc325dcc94ef8d2660eb8adf7a0f063d0438

Download Submit
C:\Windows\system\GcRxqCg.exe

Filesize
6.0MB

MD5
b932056250440a91110c963996616e47

SHA1
fe4a5ed455c8475a3214d8c504570ddcf79b8e63

SHA256
01aa0fb8e0d8638369ad48f08d0caf37b44b4a399706e2e1ae2046aa2b33b7ba

SHA512
d1a4c30c021dba4b02904390a4bbcf11a746f9324e6bfccc1b33d86cc0ded0a2543eaf791d572e57178c3b75f60b32ab07b3fd5b648a871ec00ef36e9d6bf049

Download Submit
C:\Windows\system\JoJvLvS.exe

Filesize
6.0MB

MD5
5090f353fb30e0f760cdf9c6a950f608

SHA1
508379b2fae6b9a442623f3abf25934c06ff758d

SHA256
5bb43fa919ece020390113718c7275af764835cdef74742534dda402e17a30b3

SHA512
a1943f494e6c14edc0ef9125a3513671f0af9972d7537963875d86e610fc66dfc185f59ab3456e2dd760668a5c493be4a75ba68bde7b830c88056ef385c45146

Download Submit
C:\Windows\system\LKGWeeT.exe

Filesize
6.0MB

MD5
50bc64407904f2199d5703fc537cd277

SHA1
3c28e370f5be41723d55f1b53fb7d9f974a0c68c

SHA256
5dd5a5251afb29dceba90b602842870a3f67a4b650d470969244727b9eabe2b7

SHA512
0eb6f3013324335091ab95200ca9dc34827a0a7794433a1fe6e91d27766cc5bc4d52dcadd355a0af4c5e2a5a7b268d438a4578a7ece3c4de2567408167c25705

Download Submit
C:\Windows\system\PDnZoEp.exe

Filesize
6.0MB

MD5
6737b4dc5c64a6066e3580b931f60ea7

SHA1
93119309976b10d1ec090076850789b2f99c733f

SHA256
c5a24c858f547979ee0b1f97ecf8f9aec1769d04f27e23c35bdd30edcfd58a91

SHA512
8bcfed763727e6726eb499f15347d59f098c13381c857787961506ca057fe8de615143918369696810f53fff531d0472e20a9f2d4c212ef95000624a9b8284a2

Download Submit
C:\Windows\system\RVjavwR.exe

Filesize
6.0MB

MD5
bee81b8d5d8af55a489eac1a65ea88bc

SHA1
9033dca0cc025774a2edd7f33ed8ae11595ab6b2

SHA256
bd5455f2dca4ce1b52ebc7a5d4d103ef60ba37e0ab4f4c92adb2db69925ad250

SHA512
1068dcf6b7a0f8d505e924fa82f0832707fbc7d87a30c5e31dc2682794a081e995263ed8b97a0ce4d385e0846d2eef58eab12ea888addde1d8c0e4a6879c35e0

Download Submit
C:\Windows\system\SzytQMZ.exe

Filesize
6.0MB

MD5
cf0b44b268c21c5c55b8afaa33ca825b

SHA1
9c2a2dd2bbb5490e6a2c6754e885511cc873023f

SHA256
749c278ab99e0f6dcae994b3b8a479241538566cc965f2d158b2e39ff060849b

SHA512
c54f913d3971e0e9966975dc13686e6222c4fc0975c94c1886c8c4c897a750eb1d9abd8e4d587e17ca874548e43cc7248241610d5ad67ca5ecbdee1193a71578

Download Submit
C:\Windows\system\YVpGFoT.exe

Filesize
6.0MB

MD5
5337450ea5fbcd483e65758c4ae47606

SHA1
52418446886d38277e2b410d4a1b267438a5230c

SHA256
b45f23b6a61d5588ff5ff0d837257555155c69d9c4eaa543a7f265b0a5f43533

SHA512
926897760554a4a171fb4b73632068d13628cefa47b11fb370d11b10d62195a9875a55dc2342f84205fb7f5f005d76bc00172023e06d0b3a66a9d9263e77b968

Download Submit
C:\Windows\system\aRqHNwU.exe

Filesize
6.0MB

MD5
da18a4bac8933f3415b95ff7fe54d06d

SHA1
4db9eb0de762c525a3107adff6d036e0dfd48933

SHA256
3e14b6ece1a3ea1977c117bfaefbe732194b7a74b0696807279aea6cdf31f1e4

SHA512
cb4168aa55aacbcce027a0f821c7dcd9fe10df043048d3b1ce189d73e6d39b31e46111448efdf570c5d832b01f71082795e68fa597aa2b789c708485901ff54d

Download Submit
C:\Windows\system\ekmBmKg.exe

Filesize
6.0MB

MD5
b6a4827b51cc616be003e7393ad665cd

SHA1
e49e98ddeb38735b0c061e13e393932522eac9d1

SHA256
d43dbd52a67618527c1875e1846e1eae155b2238a49a5405bdb382b6d7644c69

SHA512
daae43809776838431ec7ee3c2f6b59cd7b7cb7d64c2f75ec10e932b5735a4c71b5cd2f4db2ca74ebb535faba83eddd1234528cd51394bf02894f8ab881512d4

Download Submit
C:\Windows\system\fpRNbHP.exe

Filesize
6.0MB

MD5
28b347c45000ada1c71f4b8e9c06cdf6

SHA1
f330686882f88c523f08c499d94c0330ab042e4a

SHA256
639fc2b799d23cd50408806262b04e03089416baaa8b92fd643193d50232f1b1

SHA512
4f2042872b7d767ca52fd3bc7eefe086edbc747b8c71e24a43dc45ffc50c33da1a46ee0bf7ce5c300e58c40114e63cbf09fc99a4c954d6ae23099042dd4b9daf

Download Submit
C:\Windows\system\lozCSUp.exe

Filesize
6.0MB

MD5
22ed58f4314fc0335e20e84038fccb07

SHA1
fd1c2d785fa68285499355b819dd7aee7eb0d8ab

SHA256
85b5bd916fdce381ba060589af7835b00412597a258782aaf80c1571e0e70925

SHA512
9cfcf585ad28dc9ad307078f693cddc223e062b8335512a26338074601046d3713e344ddb4c82d3ea6e823c6f65b29bb2c2829a1bf420c8b56b547e9a810269a

Download Submit
C:\Windows\system\oRrzExH.exe

Filesize
6.0MB

MD5
edea62df6484ef3d13f916123f11bb74

SHA1
53260bccbc7cc3013ed5dba65aff38d09197bb2a

SHA256
61a62b6e633f8eacefaf1f31249e64dac85e271bd91de30aeda435c82b4c63b8

SHA512
ee0ceef6a3906176c7ae25145bc466fd6a47cc5e0604769d16524bfb45e64b340849395d471aeebe31a4ca8502772b908507c4f9b0a3794bdbe375d8fe3e262d

Download Submit
C:\Windows\system\oTvHLfz.exe

Filesize
6.0MB

MD5
0e7788d08820e3569de806c9db5fcdfc

SHA1
965f4e01bff45a3e6db6be95ffc8fe36afc7430d

SHA256
17241e074f17e3ac0e993c0c628d4f24806c1f6be1fbd3f83cfbb3e6dfd36b44

SHA512
fe60cd8df4b58dcb1545ded60500c61e905c90601648b6973c0acd7fe6873d2edbe6838cff673d24da13c6750c1019943daf7f207d148248dc07a1038fe7e173

Download Submit
C:\Windows\system\sSkAUtv.exe

Filesize
6.0MB

MD5
425bdebf023d1415489dd45e756442d0

SHA1
debe0ecb996cd4ec7f7dff7c1b6052270b18862c

SHA256
60b7c81559763ebc543494742bb3929f0ab3ee26aaea5fed249e1785c41248bf

SHA512
d22f8cac94bbc57522ec101cf259e16d1231a4b818b85606907d3a09a43c49572ffacedfcb2e8f675bae696205fa9f05eb2200ff566a0e8628fe0dcd39cf3ce6

Download Submit
C:\Windows\system\uBxzaRF.exe

Filesize
6.0MB

MD5
4228efcee689196f5572b45418384983

SHA1
051347cdf19f6108a17c6091ae0c740315796209

SHA256
f03c21306a12cc820a02a79cbb5783aab829962875c5a1dddaeb65a6696be17b

SHA512
b8e4510f3148d947675d162cf43c76be7c9bcb82ed02a72355eba4c77eb9252b932ed398a0f57abc9a610b1528fe964c0221637bfe20705c682f5f118a75b3bb

Download Submit
C:\Windows\system\wvDwFfY.exe

Filesize
6.0MB

MD5
16805cec872a337effcf68df48bd6464

SHA1
f8eb8c4e0d3166fd6b46526c4f316055f90a00d9

SHA256
40ebc0b0d837a2409ffde2d1a2bcf42dafc6c1bf359b7d634ad7ca8406a057ed

SHA512
3992fd1b11b6fc2e3b7b77a21e07cc02b75c953338a1ac780bc683b7e403e87abbf1190674eda30cf049ed5308c315e43c103fd63a88d15a339d8cc479f654eb

Download Submit
C:\Windows\system\xqqbYFy.exe

Filesize
6.0MB

MD5
3a46b4548045db1947f2283f8b3c1832

SHA1
773aa94e7dcbba39fe6dfe789a6c2b6c8fcef3b4

SHA256
df3971d41e7ff8311388b1e191ff2dc9dbff99446ce83f2582fa5e89f6ab1c4d

SHA512
36e473eba128a38f94458c41db760b5da2824d7fda86888df36ab24c5989794741404959c2ccc07eec278542bb92632fe1e3760a1902eefa4e0e74736c8b348f

Download Submit
C:\Windows\system\ypOkbsj.exe

Filesize
6.0MB

MD5
5761d3be194aa30e64ee48b8413a095d

SHA1
c76530b09ad14bd7a39fea8dfc185bb2e139d9b3

SHA256
4ed12cc10531ad2477df9ae8153eb4065396625616b19ee1b3767beda709ce5c

SHA512
d57c52a3a50d35ad4df5170c8b6a8b94849333e25b502ac1b87ff4ea475878a6920994d206634332f2fcfe50d4ac4346d2bcd25306ed0102d728c18540ca784c

Download Submit
\Windows\system\ErjjEWv.exe

Filesize
6.0MB

MD5
43fc5038b719784ed576925fb5fb9b53

SHA1
22a165454155d663a39c94fae46af65709fcc707

SHA256
d63f7c4fbbacaf49ec1d6696e7f3b5bb0ee85969ee75a248576836d0b3650608

SHA512
130ec9b19d3f46d22129d04254bf0c96e05404005129f982a22a29f8ed37b6c07e9f0434a97be5fc4452d4a9e06487c097aafcb6f9731de967496668c8d8335e

Download Submit
\Windows\system\TBcRcVm.exe

Filesize
6.0MB

MD5
cfee8fcab3d44665362d3790ebd08ad7

SHA1
8063372541ad67c17de0992233f87649bc168575

SHA256
41d2ff9e81e8a6617cb2bd278690464c554e0e395497de1d0c5ac915dcb90273

SHA512
8882642487e3c36e97fb98ab4c3f2c7e6d39b8721d1f4b984f1b0452adc041f4c69b87a47f8eac853aac250aee99a4fff3f84e8a328313f4bcda5e6024b4d929

Download Submit
\Windows\system\VHjCogo.exe

Filesize
6.0MB

MD5
ca1c72134a3fddcf32daea94a1a26dbe

SHA1
b88a9eb58ae946d0266cb736f30d67b772a24996

SHA256
1abbe20ec36d251ca5c81ab465338c0bd15f6a49475bbfa9755842fcfd60cac7

SHA512
f6fa0c89a937935976ad2f1aa94ae02749146d76f198b3a2d9be7e75b9843d9081d6aa306bf43701e6ec5a2b885af96cb9baf3f1ee25f77565d4cd5d3b173006

Download Submit
\Windows\system\VQsqJfh.exe

Filesize
6.0MB

MD5
5624b417b002eea82a14193ed5c95bb9

SHA1
62a013a0f12d5eff2f45a7d9438242f92b6064c8

SHA256
9bd6c7a7c8334e28cb05706fac3f6023d648b12c11fc48c1a2a0b4d2a9c72832

SHA512
124bceff416710f06c277861eff56c83b41b3dbc2eb3a65c45fe7e36480d8135939d0befbd3f5decb9b56dfc3a95a29a11889422914a95c7a0a7d6653b2fcb45

Download Submit
\Windows\system\aNnVoss.exe

Filesize
6.0MB

MD5
95dd21c08e6dce718e34f918aaa41580

SHA1
5434662d3b214ff023ec6cf410e7a6ba521a82e4

SHA256
af789dc22fe20c8d5a987e9a57903b7a7b6f18f2b8b0659f14514a0639e66275

SHA512
53b8b465eb6e7728f86b26ff2ee48ced5635e126b63a027dff8492277734a61badb29b13b46f162cef643be81688f03768decf0648caa8be9497396f5adf688b

Download Submit
\Windows\system\jKhhEdG.exe

Filesize
6.0MB

MD5
f73fc5194d9e7e674023a30a0666034b

SHA1
1e264256c78329b7594b3f1c90e938a5c0ceae21

SHA256
561574e0d81542737c81f3860c2a095f52a7aa05040d353aeeeb0e3ab74ab839

SHA512
deef92bc15d40c4cbfc9f06d72d95fb0544261a3f019c2fd431a582f775bb822f48520120c0922ebfdd096a28d9ed5a8dd768f342c2b270d2e4d7048235abc5c

Download Submit
\Windows\system\jiCgVDV.exe

Filesize
6.0MB

MD5
e6faba9c7ce2d91a271385d7d9f56c38

SHA1
085e56b67e5ba0287ce5f52ee0f5b3535c430e58

SHA256
4e7581c4e378e02dc9d06c4cde9f8eaeef2d6b03c85989bc9e635e35cb50d080

SHA512
89b90077de914d75df9c0f097d5c93cb5fefb492e42ccb435735b91c7622e06f0d4997be2fa10f58a14b09c88f96eab72785841669b4a71fc82aa7b56aba220c

Download Submit
\Windows\system\oxDWLUc.exe

Filesize
6.0MB

MD5
36c3d3bdc43ea01fce82e629b5ed1237

SHA1
eb9de78850e173fd38b6089de40022117f7cf900

SHA256
2a99e14f302999d4f49484b2138e2dcffedbceaa127cd5ebce0b7b5e284ab15e

SHA512
13a1e09598d6fb939fcd23c2394f4edee8abe217c6d37449ebee8a20fc34d84035cf0313e87334b36668e1179b14cd1442ca943c2ccc6a1cdfb10ec7a5ddd83d

Download Submit
\Windows\system\uqZclxe.exe

Filesize
6.0MB

MD5
0c8f0e350eb13449e7773738971bceb6

SHA1
0105c7a5853faf3dd8be462f5ff1c9a0c514257b

SHA256
7d81e871e567ad1d22a8ca5b9523612dbaf50458f36e4b922ca3ea5415e35855

SHA512
42f3016c6c29f083f9616a76c6131ec8ec696866160f16675f3a2609d223e9c2ca603981df2db7fc2011cd989740fde134638841749e20d7a509b4c77cbc5543

Download Submit
\Windows\system\xmLXEWt.exe

Filesize
6.0MB

MD5
027047b1c36b6fdbc20c9d99c9fb5e6c

SHA1
a4863e8173ccdcf77127d99a10a134e14712f3dd

SHA256
a5f88107be1300eef2d66bd1690a1188b2af3a2d84bdf65b94274adc32167fb9

SHA512
27975cf8d6c5674cd07835799cd869121495752234e890c57e087f3681a915fd2bba147a0fe8218d573f6106f7bdfa592942202a4fa16e2a74beff4ea9851a7e

Download Submit
memory/2044-101-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2044-138-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2044-983-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2064-83-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2064-972-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2064-134-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2068-22-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2068-919-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2068-59-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2136-906-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-11-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2136-40-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-956-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-133-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-75-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-980-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2212-136-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2212-92-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2580-47-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-97-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2580-88-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2580-139-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2580-87-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-79-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/2580-115-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2580-135-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2580-114-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-63-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-96-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-71-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-141-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-15-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-106-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2580-137-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2580-55-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-43-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-0-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2580-6-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-24-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2580-105-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-20-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2580-33-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-39-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-35-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2732-949-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2732-109-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2732-68-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2748-984-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2748-140-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2748-110-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2780-91-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2780-52-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2780-945-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2800-74-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-935-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-29-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2876-925-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2876-67-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2900-60-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-100-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-948-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2924-940-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2924-82-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2924-44-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2964-910-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-19-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download