cobaltstrike | 819f8eae91a211edaaab6c43c928c948dadd33d736c26d80a2b74e07aac1a294

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 04:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ee3c6a05060f69d7955aafdb11ff37e9
SHA1

19677c3409c30425ba7ce4b61ad64d8dc71ed6f1
SHA256

819f8eae91a211edaaab6c43c928c948dadd33d736c26d80a2b74e07aac1a294
SHA512

8f7552dd366b4ebcc61c098b0ff049fd52fb4e0e216970da06763fbc502ab7dc8d74a94e55eb225758c2257b95116d8136703e1bd437e63c879ff7ce863cb048
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lU8:eOl56utgpPF8u/78

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x00080000000120ff-6.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000192f0-12.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001933e-19.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019384-39.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-55.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194f6-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c50-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a08a-188.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2e7-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a061-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f4a-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f4e-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cbf-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8b-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c68-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aec-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c1-127.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a325-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a04e-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c66-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aee-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-111.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019aea-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-115.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019228-98.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-66.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-65.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193af-51.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019346-35.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/1232-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-6.dat	xmrig
behavioral1/files/0x000600000001932a-11.dat	xmrig
behavioral1/files/0x00070000000192f0-12.dat	xmrig
behavioral1/files/0x000600000001933e-19.dat	xmrig
behavioral1/memory/2412-24-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2536-25-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2332-27-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/files/0x0006000000019384-39.dat	xmrig
behavioral1/files/0x0005000000019503-55.dat	xmrig
behavioral1/files/0x00060000000194f6-64.dat	xmrig
behavioral1/memory/2196-78-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/files/0x000500000001953a-79.dat	xmrig
behavioral1/memory/2712-77-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2604-75-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2652-73-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/2956-72-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2036-85-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/564-93-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2748-99-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/files/0x0005000000019624-118.dat	xmrig
behavioral1/files/0x0005000000019c50-148.dat	xmrig
behavioral1/memory/1232-925-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/1232-1190-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/1252-1057-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x000500000001a08a-188.dat	xmrig
behavioral1/files/0x000500000001a2e7-187.dat	xmrig
behavioral1/files/0x000500000001a061-179.dat	xmrig
behavioral1/files/0x0005000000019f4a-174.dat	xmrig
behavioral1/files/0x0005000000019f4e-171.dat	xmrig
behavioral1/files/0x0005000000019cbf-164.dat	xmrig
behavioral1/files/0x0005000000019d8b-163.dat	xmrig
behavioral1/files/0x0005000000019c68-156.dat	xmrig
behavioral1/files/0x0005000000019aec-136.dat	xmrig
behavioral1/files/0x00050000000197c1-127.dat	xmrig
behavioral1/files/0x000500000001a325-193.dat	xmrig
behavioral1/files/0x000500000001a04e-178.dat	xmrig
behavioral1/files/0x0005000000019c66-153.dat	xmrig
behavioral1/files/0x0005000000019aee-141.dat	xmrig
behavioral1/files/0x000500000001961b-111.dat	xmrig
behavioral1/files/0x0005000000019aea-133.dat	xmrig
behavioral1/files/0x0005000000019625-124.dat	xmrig
behavioral1/files/0x000500000001961f-115.dat	xmrig
behavioral1/memory/2836-107-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/1252-100-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0008000000019228-98.dat	xmrig
behavioral1/files/0x0005000000019589-103.dat	xmrig
behavioral1/memory/1232-92-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/1232-91-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000500000001957c-89.dat	xmrig
behavioral1/files/0x0005000000019515-66.dat	xmrig
behavioral1/files/0x0005000000019501-65.dat	xmrig
behavioral1/files/0x00080000000193af-51.dat	xmrig
behavioral1/memory/2748-49-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2836-36-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019346-35.dat	xmrig
behavioral1/memory/1232-29-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/1952-28-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/1232-26-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/memory/2332-3691-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2412-3689-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2536-3713-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/1952-3737-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2748-3755-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

zbffhpA.exeEoznRax.exeEzfMCxH.exeUZWdddP.exeVqQgsAo.exeKAsZSoy.exekbVfswl.exefDxvHom.exerfIRYKd.exelSUaiLp.exeJDEsuoM.exeHayVqUc.exeYpNApNk.exefSjvBZt.exebQGQYnT.exeRMuiNMb.exeANBftcS.exejVfstlS.exeaOtdvgv.exezTstWwo.exeJUPiCfo.exezWMKPFL.exeqKQWntt.exeAllXrvq.exerxohXJE.exeAsnRAvu.exeVFHuLGV.exeQoVdVNc.exeHczkzbB.exeUUZjFAd.exeCsnfIbk.exeppabLga.exeiykXNiv.exeLeNVcCu.exeUZcuFOw.exekQVEfid.exetFTWeWF.exeDaEDOBc.exeyvocefN.exeAspKSLo.exeQeduXQN.exedeoZhKE.exeNFTczKJ.exeAuuqrGe.exeubMQTrS.exekXHMffs.exedghDRPQ.exejfCCLZB.exeTwHUCJq.exeTijCxod.exefNtpQwS.exeVRYkZBO.exeoWanLjV.exeZvRXvoT.exerZwQNye.exebIBWJCF.exeOFwieYf.exeokanNWm.exeYmvWyze.exeHLLwwVt.exewbJAKkB.exeQqIaeSu.exedRLrmno.exeKyPKcoU.exe

pid	Process
2412	zbffhpA.exe
2536	EoznRax.exe
2332	EzfMCxH.exe
1952	UZWdddP.exe
2836	VqQgsAo.exe
2748	KAsZSoy.exe
2604	kbVfswl.exe
2712	fDxvHom.exe
2956	rfIRYKd.exe
2652	lSUaiLp.exe
2196	JDEsuoM.exe
2036	HayVqUc.exe
564	YpNApNk.exe
1252	fSjvBZt.exe
472	bQGQYnT.exe
1808	RMuiNMb.exe
2100	ANBftcS.exe
1616	jVfstlS.exe
2584	aOtdvgv.exe
1932	zTstWwo.exe
2924	JUPiCfo.exe
1544	zWMKPFL.exe
1760	qKQWntt.exe
2276	AllXrvq.exe
2784	rxohXJE.exe
1080	AsnRAvu.exe
968	VFHuLGV.exe
1868	QoVdVNc.exe
2328	HczkzbB.exe
592	UUZjFAd.exe
2316	CsnfIbk.exe
1648	ppabLga.exe
2268	iykXNiv.exe
1988	LeNVcCu.exe
2256	UZcuFOw.exe
1804	kQVEfid.exe
1608	tFTWeWF.exe
820	DaEDOBc.exe
1044	yvocefN.exe
2308	AspKSLo.exe
616	QeduXQN.exe
2160	deoZhKE.exe
1268	NFTczKJ.exe
1992	AuuqrGe.exe
324	ubMQTrS.exe
1572	kXHMffs.exe
1092	dghDRPQ.exe
536	jfCCLZB.exe
3064	TwHUCJq.exe
1296	TijCxod.exe
1632	fNtpQwS.exe
540	VRYkZBO.exe
352	oWanLjV.exe
2120	ZvRXvoT.exe
1712	rZwQNye.exe
2768	bIBWJCF.exe
2644	OFwieYf.exe
1480	okanNWm.exe
1032	YmvWyze.exe
1644	HLLwwVt.exe
376	wbJAKkB.exe
1148	QqIaeSu.exe
2948	dRLrmno.exe
1676	KyPKcoU.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1232-0-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-6.dat	upx
behavioral1/files/0x000600000001932a-11.dat	upx
behavioral1/files/0x00070000000192f0-12.dat	upx
behavioral1/files/0x000600000001933e-19.dat	upx
behavioral1/memory/2412-24-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2536-25-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2332-27-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/files/0x0006000000019384-39.dat	upx
behavioral1/files/0x0005000000019503-55.dat	upx
behavioral1/files/0x00060000000194f6-64.dat	upx
behavioral1/memory/2196-78-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/files/0x000500000001953a-79.dat	upx
behavioral1/memory/2712-77-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2604-75-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2652-73-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2956-72-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2036-85-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/564-93-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2748-99-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/files/0x0005000000019624-118.dat	upx
behavioral1/files/0x0005000000019c50-148.dat	upx
behavioral1/memory/1252-1057-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x000500000001a08a-188.dat	upx
behavioral1/files/0x000500000001a2e7-187.dat	upx
behavioral1/files/0x000500000001a061-179.dat	upx
behavioral1/files/0x0005000000019f4a-174.dat	upx
behavioral1/files/0x0005000000019f4e-171.dat	upx
behavioral1/files/0x0005000000019cbf-164.dat	upx
behavioral1/files/0x0005000000019d8b-163.dat	upx
behavioral1/files/0x0005000000019c68-156.dat	upx
behavioral1/files/0x0005000000019aec-136.dat	upx
behavioral1/files/0x00050000000197c1-127.dat	upx
behavioral1/files/0x000500000001a325-193.dat	upx
behavioral1/files/0x000500000001a04e-178.dat	upx
behavioral1/files/0x0005000000019c66-153.dat	upx
behavioral1/files/0x0005000000019aee-141.dat	upx
behavioral1/files/0x000500000001961b-111.dat	upx
behavioral1/files/0x0005000000019aea-133.dat	upx
behavioral1/files/0x0005000000019625-124.dat	upx
behavioral1/files/0x000500000001961f-115.dat	upx
behavioral1/memory/2836-107-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/1252-100-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0008000000019228-98.dat	upx
behavioral1/files/0x0005000000019589-103.dat	upx
behavioral1/memory/1232-91-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000500000001957c-89.dat	upx
behavioral1/files/0x0005000000019515-66.dat	upx
behavioral1/files/0x0005000000019501-65.dat	upx
behavioral1/files/0x00080000000193af-51.dat	upx
behavioral1/memory/2748-49-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2836-36-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0006000000019346-35.dat	upx
behavioral1/memory/1952-28-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2332-3691-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2412-3689-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2536-3713-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/1952-3737-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2748-3755-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2836-3752-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/2712-3751-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2652-3750-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/2196-3769-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2956-3768-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\HayVqUc.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTYcbIu.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trfMJFt.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCxGrpg.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bzItZHS.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxEfgvl.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEqrsNi.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsnRAvu.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFTWeWF.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJNwIeX.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWXyyex.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRxaSFy.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZwHryT.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uwNdvOr.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXSbphm.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SboDCVw.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QAwkUkr.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMTslCv.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCtZByw.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVslnbA.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ptxodrn.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fosQKvg.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFFCOyp.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXfWqHK.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xyaXPnr.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RrmFSCf.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Gdbhqyr.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTTcPxH.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PZNsGod.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zTAYhHV.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dWQCIDC.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnqmmFt.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IIKSVPH.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QmoShgU.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyIETet.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FgUosol.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBMfveU.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igQcpKe.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVzMfuF.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HROcQrd.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhUQBWm.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFVLzNL.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\InXLLWW.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLRCRMW.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKceWCF.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeRVvev.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AZjdQNI.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKQWntt.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNtpQwS.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azLoVEg.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxxPVkz.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\seHuYOw.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBpjwGs.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sXCzUOM.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtceAfz.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMbMGAx.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YAsWqNq.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgmGEDq.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHYHLvr.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdXZEvY.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtuLygI.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CkdBXUv.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NmVZWnx.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LLRtYsN.exe	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 1232 wrote to memory of 2412	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1232 wrote to memory of 2412	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1232 wrote to memory of 2412	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1232 wrote to memory of 2536	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1232 wrote to memory of 2536	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1232 wrote to memory of 2536	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1232 wrote to memory of 2332	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1232 wrote to memory of 2332	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1232 wrote to memory of 2332	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1232 wrote to memory of 1952	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1232 wrote to memory of 1952	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1232 wrote to memory of 1952	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1232 wrote to memory of 2836	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1232 wrote to memory of 2836	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1232 wrote to memory of 2836	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1232 wrote to memory of 2748	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1232 wrote to memory of 2748	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1232 wrote to memory of 2748	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1232 wrote to memory of 2604	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1232 wrote to memory of 2604	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1232 wrote to memory of 2604	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1232 wrote to memory of 2712	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1232 wrote to memory of 2712	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1232 wrote to memory of 2712	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1232 wrote to memory of 2956	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1232 wrote to memory of 2956	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1232 wrote to memory of 2956	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1232 wrote to memory of 2196	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1232 wrote to memory of 2196	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1232 wrote to memory of 2196	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1232 wrote to memory of 2652	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1232 wrote to memory of 2652	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1232 wrote to memory of 2652	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1232 wrote to memory of 2036	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1232 wrote to memory of 2036	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1232 wrote to memory of 2036	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1232 wrote to memory of 564	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1232 wrote to memory of 564	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1232 wrote to memory of 564	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1232 wrote to memory of 1252	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1232 wrote to memory of 1252	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1232 wrote to memory of 1252	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1232 wrote to memory of 472	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1232 wrote to memory of 472	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1232 wrote to memory of 472	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1232 wrote to memory of 1808	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1232 wrote to memory of 1808	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1232 wrote to memory of 1808	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1232 wrote to memory of 2100	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1232 wrote to memory of 2100	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1232 wrote to memory of 2100	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1232 wrote to memory of 2584	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1232 wrote to memory of 2584	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1232 wrote to memory of 2584	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1232 wrote to memory of 1616	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1232 wrote to memory of 1616	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1232 wrote to memory of 1616	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1232 wrote to memory of 1544	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1232 wrote to memory of 1544	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1232 wrote to memory of 1544	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1232 wrote to memory of 1932	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1232 wrote to memory of 1932	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1232 wrote to memory of 1932	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1232 wrote to memory of 1760	1232	2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_ee3c6a05060f69d7955aafdb11ff37e9_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Windows\System\zbffhpA.exe
  C:\Windows\System\zbffhpA.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\EoznRax.exe
  C:\Windows\System\EoznRax.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\EzfMCxH.exe
  C:\Windows\System\EzfMCxH.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\UZWdddP.exe
  C:\Windows\System\UZWdddP.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\VqQgsAo.exe
  C:\Windows\System\VqQgsAo.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\KAsZSoy.exe
  C:\Windows\System\KAsZSoy.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\kbVfswl.exe
  C:\Windows\System\kbVfswl.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\fDxvHom.exe
  C:\Windows\System\fDxvHom.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\rfIRYKd.exe
  C:\Windows\System\rfIRYKd.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\JDEsuoM.exe
  C:\Windows\System\JDEsuoM.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\lSUaiLp.exe
  C:\Windows\System\lSUaiLp.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\HayVqUc.exe
  C:\Windows\System\HayVqUc.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\YpNApNk.exe
  C:\Windows\System\YpNApNk.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\fSjvBZt.exe
  C:\Windows\System\fSjvBZt.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\bQGQYnT.exe
  C:\Windows\System\bQGQYnT.exe
  2⤵
  - Executes dropped EXE
  PID:472
- C:\Windows\System\RMuiNMb.exe
  C:\Windows\System\RMuiNMb.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\ANBftcS.exe
  C:\Windows\System\ANBftcS.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\aOtdvgv.exe
  C:\Windows\System\aOtdvgv.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\jVfstlS.exe
  C:\Windows\System\jVfstlS.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\zWMKPFL.exe
  C:\Windows\System\zWMKPFL.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\zTstWwo.exe
  C:\Windows\System\zTstWwo.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\qKQWntt.exe
  C:\Windows\System\qKQWntt.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\JUPiCfo.exe
  C:\Windows\System\JUPiCfo.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\HczkzbB.exe
  C:\Windows\System\HczkzbB.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\AllXrvq.exe
  C:\Windows\System\AllXrvq.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\LeNVcCu.exe
  C:\Windows\System\LeNVcCu.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\rxohXJE.exe
  C:\Windows\System\rxohXJE.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\kQVEfid.exe
  C:\Windows\System\kQVEfid.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\AsnRAvu.exe
  C:\Windows\System\AsnRAvu.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\yvocefN.exe
  C:\Windows\System\yvocefN.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\VFHuLGV.exe
  C:\Windows\System\VFHuLGV.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\QeduXQN.exe
  C:\Windows\System\QeduXQN.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\QoVdVNc.exe
  C:\Windows\System\QoVdVNc.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\NFTczKJ.exe
  C:\Windows\System\NFTczKJ.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\UUZjFAd.exe
  C:\Windows\System\UUZjFAd.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\AuuqrGe.exe
  C:\Windows\System\AuuqrGe.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\CsnfIbk.exe
  C:\Windows\System\CsnfIbk.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\ubMQTrS.exe
  C:\Windows\System\ubMQTrS.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\ppabLga.exe
  C:\Windows\System\ppabLga.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\dghDRPQ.exe
  C:\Windows\System\dghDRPQ.exe
  2⤵
  - Executes dropped EXE
  PID:1092
- C:\Windows\System\iykXNiv.exe
  C:\Windows\System\iykXNiv.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\jfCCLZB.exe
  C:\Windows\System\jfCCLZB.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\UZcuFOw.exe
  C:\Windows\System\UZcuFOw.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\TwHUCJq.exe
  C:\Windows\System\TwHUCJq.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\tFTWeWF.exe
  C:\Windows\System\tFTWeWF.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\TijCxod.exe
  C:\Windows\System\TijCxod.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\DaEDOBc.exe
  C:\Windows\System\DaEDOBc.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\fNtpQwS.exe
  C:\Windows\System\fNtpQwS.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\AspKSLo.exe
  C:\Windows\System\AspKSLo.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\VRYkZBO.exe
  C:\Windows\System\VRYkZBO.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\deoZhKE.exe
  C:\Windows\System\deoZhKE.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\oWanLjV.exe
  C:\Windows\System\oWanLjV.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\kXHMffs.exe
  C:\Windows\System\kXHMffs.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\ZvRXvoT.exe
  C:\Windows\System\ZvRXvoT.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\rZwQNye.exe
  C:\Windows\System\rZwQNye.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\bIBWJCF.exe
  C:\Windows\System\bIBWJCF.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\OFwieYf.exe
  C:\Windows\System\OFwieYf.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\okanNWm.exe
  C:\Windows\System\okanNWm.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\YmvWyze.exe
  C:\Windows\System\YmvWyze.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\wbJAKkB.exe
  C:\Windows\System\wbJAKkB.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\HLLwwVt.exe
  C:\Windows\System\HLLwwVt.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\QqIaeSu.exe
  C:\Windows\System\QqIaeSu.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\dRLrmno.exe
  C:\Windows\System\dRLrmno.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\KyPKcoU.exe
  C:\Windows\System\KyPKcoU.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\ouQTVwF.exe
  C:\Windows\System\ouQTVwF.exe
  2⤵
  PID:1136
- C:\Windows\System\CkdBXUv.exe
  C:\Windows\System\CkdBXUv.exe
  2⤵
  PID:1532
- C:\Windows\System\kDxeNRC.exe
  C:\Windows\System\kDxeNRC.exe
  2⤵
  PID:892
- C:\Windows\System\MdmkZTq.exe
  C:\Windows\System\MdmkZTq.exe
  2⤵
  PID:2216
- C:\Windows\System\jgPMbzV.exe
  C:\Windows\System\jgPMbzV.exe
  2⤵
  PID:2320
- C:\Windows\System\yMcMFNM.exe
  C:\Windows\System\yMcMFNM.exe
  2⤵
  PID:2936
- C:\Windows\System\EznKtqD.exe
  C:\Windows\System\EznKtqD.exe
  2⤵
  PID:2168
- C:\Windows\System\jKceWCF.exe
  C:\Windows\System\jKceWCF.exe
  2⤵
  PID:732
- C:\Windows\System\peDoLmD.exe
  C:\Windows\System\peDoLmD.exe
  2⤵
  PID:2008
- C:\Windows\System\vgfslNh.exe
  C:\Windows\System\vgfslNh.exe
  2⤵
  PID:2068
- C:\Windows\System\mHpmoOw.exe
  C:\Windows\System\mHpmoOw.exe
  2⤵
  PID:1772
- C:\Windows\System\ydFLOYf.exe
  C:\Windows\System\ydFLOYf.exe
  2⤵
  PID:1692
- C:\Windows\System\agWRnCv.exe
  C:\Windows\System\agWRnCv.exe
  2⤵
  PID:1524
- C:\Windows\System\rdwUScA.exe
  C:\Windows\System\rdwUScA.exe
  2⤵
  PID:2240
- C:\Windows\System\KzUoqxx.exe
  C:\Windows\System\KzUoqxx.exe
  2⤵
  PID:2444
- C:\Windows\System\DTSppnk.exe
  C:\Windows\System\DTSppnk.exe
  2⤵
  PID:2188
- C:\Windows\System\NmVZWnx.exe
  C:\Windows\System\NmVZWnx.exe
  2⤵
  PID:1748
- C:\Windows\System\OaaBCdA.exe
  C:\Windows\System\OaaBCdA.exe
  2⤵
  PID:2132
- C:\Windows\System\GUZJcOq.exe
  C:\Windows\System\GUZJcOq.exe
  2⤵
  PID:2856
- C:\Windows\System\aFgWFSq.exe
  C:\Windows\System\aFgWFSq.exe
  2⤵
  PID:2964
- C:\Windows\System\JpINBBf.exe
  C:\Windows\System\JpINBBf.exe
  2⤵
  PID:2596
- C:\Windows\System\yTyLgnV.exe
  C:\Windows\System\yTyLgnV.exe
  2⤵
  PID:2616
- C:\Windows\System\igQcpKe.exe
  C:\Windows\System\igQcpKe.exe
  2⤵
  PID:2912
- C:\Windows\System\QAwkUkr.exe
  C:\Windows\System\QAwkUkr.exe
  2⤵
  PID:2372
- C:\Windows\System\jYPRssA.exe
  C:\Windows\System\jYPRssA.exe
  2⤵
  PID:2336
- C:\Windows\System\LtkLOYD.exe
  C:\Windows\System\LtkLOYD.exe
  2⤵
  PID:2092
- C:\Windows\System\KARngPb.exe
  C:\Windows\System\KARngPb.exe
  2⤵
  PID:680
- C:\Windows\System\pzThRPj.exe
  C:\Windows\System\pzThRPj.exe
  2⤵
  PID:1776
- C:\Windows\System\XTvWLXk.exe
  C:\Windows\System\XTvWLXk.exe
  2⤵
  PID:2428
- C:\Windows\System\MxIcuPf.exe
  C:\Windows\System\MxIcuPf.exe
  2⤵
  PID:2996
- C:\Windows\System\dSjhKEt.exe
  C:\Windows\System\dSjhKEt.exe
  2⤵
  PID:1060
- C:\Windows\System\vFCxslQ.exe
  C:\Windows\System\vFCxslQ.exe
  2⤵
  PID:972
- C:\Windows\System\fpBfpKb.exe
  C:\Windows\System\fpBfpKb.exe
  2⤵
  PID:3024
- C:\Windows\System\IEkuGEz.exe
  C:\Windows\System\IEkuGEz.exe
  2⤵
  PID:2808
- C:\Windows\System\AzKxKEI.exe
  C:\Windows\System\AzKxKEI.exe
  2⤵
  PID:1564
- C:\Windows\System\fosQKvg.exe
  C:\Windows\System\fosQKvg.exe
  2⤵
  PID:2072
- C:\Windows\System\rbfcmMS.exe
  C:\Windows\System\rbfcmMS.exe
  2⤵
  PID:3008
- C:\Windows\System\elSeDbP.exe
  C:\Windows\System\elSeDbP.exe
  2⤵
  PID:1184
- C:\Windows\System\atHODGx.exe
  C:\Windows\System\atHODGx.exe
  2⤵
  PID:3084
- C:\Windows\System\eiWmZta.exe
  C:\Windows\System\eiWmZta.exe
  2⤵
  PID:3100
- C:\Windows\System\oVreuri.exe
  C:\Windows\System\oVreuri.exe
  2⤵
  PID:3116
- C:\Windows\System\zCncZlj.exe
  C:\Windows\System\zCncZlj.exe
  2⤵
  PID:3132
- C:\Windows\System\vwroezJ.exe
  C:\Windows\System\vwroezJ.exe
  2⤵
  PID:3200
- C:\Windows\System\njeqVNB.exe
  C:\Windows\System\njeqVNB.exe
  2⤵
  PID:3220
- C:\Windows\System\jTHqUEA.exe
  C:\Windows\System\jTHqUEA.exe
  2⤵
  PID:3236
- C:\Windows\System\QdnsJXN.exe
  C:\Windows\System\QdnsJXN.exe
  2⤵
  PID:3256
- C:\Windows\System\abXRhqV.exe
  C:\Windows\System\abXRhqV.exe
  2⤵
  PID:3276
- C:\Windows\System\kRaFUxY.exe
  C:\Windows\System\kRaFUxY.exe
  2⤵
  PID:3300
- C:\Windows\System\cbLePhd.exe
  C:\Windows\System\cbLePhd.exe
  2⤵
  PID:3320
- C:\Windows\System\pxrnqmb.exe
  C:\Windows\System\pxrnqmb.exe
  2⤵
  PID:3344
- C:\Windows\System\NExOxnI.exe
  C:\Windows\System\NExOxnI.exe
  2⤵
  PID:3360
- C:\Windows\System\enktWGb.exe
  C:\Windows\System\enktWGb.exe
  2⤵
  PID:3380
- C:\Windows\System\YOMyGvU.exe
  C:\Windows\System\YOMyGvU.exe
  2⤵
  PID:3400
- C:\Windows\System\VmlnrIv.exe
  C:\Windows\System\VmlnrIv.exe
  2⤵
  PID:3416
- C:\Windows\System\isVHuCM.exe
  C:\Windows\System\isVHuCM.exe
  2⤵
  PID:3436
- C:\Windows\System\gDdargP.exe
  C:\Windows\System\gDdargP.exe
  2⤵
  PID:3452
- C:\Windows\System\jDSUSDx.exe
  C:\Windows\System\jDSUSDx.exe
  2⤵
  PID:3472
- C:\Windows\System\yxCzOmp.exe
  C:\Windows\System\yxCzOmp.exe
  2⤵
  PID:3488
- C:\Windows\System\ButdyHb.exe
  C:\Windows\System\ButdyHb.exe
  2⤵
  PID:3512
- C:\Windows\System\SJDpyqH.exe
  C:\Windows\System\SJDpyqH.exe
  2⤵
  PID:3528
- C:\Windows\System\aJSdIFz.exe
  C:\Windows\System\aJSdIFz.exe
  2⤵
  PID:3548
- C:\Windows\System\TEznBXR.exe
  C:\Windows\System\TEznBXR.exe
  2⤵
  PID:3572
- C:\Windows\System\UskomAn.exe
  C:\Windows\System\UskomAn.exe
  2⤵
  PID:3592
- C:\Windows\System\jKWXgfo.exe
  C:\Windows\System\jKWXgfo.exe
  2⤵
  PID:3624
- C:\Windows\System\rtykZsX.exe
  C:\Windows\System\rtykZsX.exe
  2⤵
  PID:3648
- C:\Windows\System\VTobnnd.exe
  C:\Windows\System\VTobnnd.exe
  2⤵
  PID:3664
- C:\Windows\System\tWhwTdA.exe
  C:\Windows\System\tWhwTdA.exe
  2⤵
  PID:3684
- C:\Windows\System\GwCxonz.exe
  C:\Windows\System\GwCxonz.exe
  2⤵
  PID:3700
- C:\Windows\System\WtontrJ.exe
  C:\Windows\System\WtontrJ.exe
  2⤵
  PID:3720
- C:\Windows\System\JDUNdRk.exe
  C:\Windows\System\JDUNdRk.exe
  2⤵
  PID:3736
- C:\Windows\System\PzkHvSn.exe
  C:\Windows\System\PzkHvSn.exe
  2⤵
  PID:3760
- C:\Windows\System\fwURANI.exe
  C:\Windows\System\fwURANI.exe
  2⤵
  PID:3776
- C:\Windows\System\RuqvagL.exe
  C:\Windows\System\RuqvagL.exe
  2⤵
  PID:3792
- C:\Windows\System\VBkMzzZ.exe
  C:\Windows\System\VBkMzzZ.exe
  2⤵
  PID:3808
- C:\Windows\System\XfcJtVX.exe
  C:\Windows\System\XfcJtVX.exe
  2⤵
  PID:3824
- C:\Windows\System\XtQSXFL.exe
  C:\Windows\System\XtQSXFL.exe
  2⤵
  PID:3840
- C:\Windows\System\kZdIKvv.exe
  C:\Windows\System\kZdIKvv.exe
  2⤵
  PID:3856
- C:\Windows\System\uUMCdcw.exe
  C:\Windows\System\uUMCdcw.exe
  2⤵
  PID:3876
- C:\Windows\System\EWxiRwg.exe
  C:\Windows\System\EWxiRwg.exe
  2⤵
  PID:3904
- C:\Windows\System\DooPkyQ.exe
  C:\Windows\System\DooPkyQ.exe
  2⤵
  PID:3948
- C:\Windows\System\JvYwjAx.exe
  C:\Windows\System\JvYwjAx.exe
  2⤵
  PID:3964
- C:\Windows\System\GZzbUDp.exe
  C:\Windows\System\GZzbUDp.exe
  2⤵
  PID:3980
- C:\Windows\System\eFZFlHW.exe
  C:\Windows\System\eFZFlHW.exe
  2⤵
  PID:4000
- C:\Windows\System\ftvHQIY.exe
  C:\Windows\System\ftvHQIY.exe
  2⤵
  PID:4020
- C:\Windows\System\IlSXUXR.exe
  C:\Windows\System\IlSXUXR.exe
  2⤵
  PID:4044
- C:\Windows\System\ulTidvf.exe
  C:\Windows\System\ulTidvf.exe
  2⤵
  PID:4064
- C:\Windows\System\zTAYhHV.exe
  C:\Windows\System\zTAYhHV.exe
  2⤵
  PID:4084
- C:\Windows\System\VOvwHJV.exe
  C:\Windows\System\VOvwHJV.exe
  2⤵
  PID:2932
- C:\Windows\System\FXpEukf.exe
  C:\Windows\System\FXpEukf.exe
  2⤵
  PID:3012
- C:\Windows\System\krsZqhb.exe
  C:\Windows\System\krsZqhb.exe
  2⤵
  PID:2636
- C:\Windows\System\aVzMfuF.exe
  C:\Windows\System\aVzMfuF.exe
  2⤵
  PID:1600
- C:\Windows\System\QJNwIeX.exe
  C:\Windows\System\QJNwIeX.exe
  2⤵
  PID:1096
- C:\Windows\System\HpIiwXC.exe
  C:\Windows\System\HpIiwXC.exe
  2⤵
  PID:2496
- C:\Windows\System\NbDemxP.exe
  C:\Windows\System\NbDemxP.exe
  2⤵
  PID:3092
- C:\Windows\System\vfugiUj.exe
  C:\Windows\System\vfugiUj.exe
  2⤵
  PID:2908
- C:\Windows\System\XmtvHqW.exe
  C:\Windows\System\XmtvHqW.exe
  2⤵
  PID:3128
- C:\Windows\System\KiguBps.exe
  C:\Windows\System\KiguBps.exe
  2⤵
  PID:2448
- C:\Windows\System\HROcQrd.exe
  C:\Windows\System\HROcQrd.exe
  2⤵
  PID:3076
- C:\Windows\System\ykJaZsr.exe
  C:\Windows\System\ykJaZsr.exe
  2⤵
  PID:3112
- C:\Windows\System\NtNHiyX.exe
  C:\Windows\System\NtNHiyX.exe
  2⤵
  PID:2272
- C:\Windows\System\AhUhbGF.exe
  C:\Windows\System\AhUhbGF.exe
  2⤵
  PID:3144
- C:\Windows\System\YGTJQaq.exe
  C:\Windows\System\YGTJQaq.exe
  2⤵
  PID:3164
- C:\Windows\System\athzTrJ.exe
  C:\Windows\System\athzTrJ.exe
  2⤵
  PID:3176
- C:\Windows\System\LLRtYsN.exe
  C:\Windows\System\LLRtYsN.exe
  2⤵
  PID:3244
- C:\Windows\System\aRGLsiL.exe
  C:\Windows\System\aRGLsiL.exe
  2⤵
  PID:3296
- C:\Windows\System\EfNJqdC.exe
  C:\Windows\System\EfNJqdC.exe
  2⤵
  PID:3332
- C:\Windows\System\XxnRiXN.exe
  C:\Windows\System\XxnRiXN.exe
  2⤵
  PID:3480
- C:\Windows\System\qfdmMsS.exe
  C:\Windows\System\qfdmMsS.exe
  2⤵
  PID:3524
- C:\Windows\System\yrsKJtv.exe
  C:\Windows\System\yrsKJtv.exe
  2⤵
  PID:3388
- C:\Windows\System\kIXfKxi.exe
  C:\Windows\System\kIXfKxi.exe
  2⤵
  PID:3564
- C:\Windows\System\rIahMcH.exe
  C:\Windows\System\rIahMcH.exe
  2⤵
  PID:3620
- C:\Windows\System\qgVNSOO.exe
  C:\Windows\System\qgVNSOO.exe
  2⤵
  PID:3692
- C:\Windows\System\QaEctMl.exe
  C:\Windows\System\QaEctMl.exe
  2⤵
  PID:3424
- C:\Windows\System\ubXxtwE.exe
  C:\Windows\System\ubXxtwE.exe
  2⤵
  PID:3500
- C:\Windows\System\NnEWvQE.exe
  C:\Windows\System\NnEWvQE.exe
  2⤵
  PID:3544
- C:\Windows\System\ulpMpUv.exe
  C:\Windows\System\ulpMpUv.exe
  2⤵
  PID:3460
- C:\Windows\System\JYfWHuN.exe
  C:\Windows\System\JYfWHuN.exe
  2⤵
  PID:3588
- C:\Windows\System\cyVYJrA.exe
  C:\Windows\System\cyVYJrA.exe
  2⤵
  PID:3640
- C:\Windows\System\wcdzsMM.exe
  C:\Windows\System\wcdzsMM.exe
  2⤵
  PID:3672
- C:\Windows\System\aImRQlc.exe
  C:\Windows\System\aImRQlc.exe
  2⤵
  PID:3716
- C:\Windows\System\SeksFfN.exe
  C:\Windows\System\SeksFfN.exe
  2⤵
  PID:3756
- C:\Windows\System\tTPyeqv.exe
  C:\Windows\System\tTPyeqv.exe
  2⤵
  PID:3820
- C:\Windows\System\TlAUxEf.exe
  C:\Windows\System\TlAUxEf.exe
  2⤵
  PID:3892
- C:\Windows\System\eQtELXs.exe
  C:\Windows\System\eQtELXs.exe
  2⤵
  PID:3920
- C:\Windows\System\yqKNHmh.exe
  C:\Windows\System\yqKNHmh.exe
  2⤵
  PID:3900
- C:\Windows\System\xqqlrme.exe
  C:\Windows\System\xqqlrme.exe
  2⤵
  PID:3940
- C:\Windows\System\qTBefDc.exe
  C:\Windows\System\qTBefDc.exe
  2⤵
  PID:4016
- C:\Windows\System\NIimLbp.exe
  C:\Windows\System\NIimLbp.exe
  2⤵
  PID:3996
- C:\Windows\System\ZUTGNOO.exe
  C:\Windows\System\ZUTGNOO.exe
  2⤵
  PID:4056
- C:\Windows\System\ljlIilP.exe
  C:\Windows\System\ljlIilP.exe
  2⤵
  PID:2820
- C:\Windows\System\WCSZTdf.exe
  C:\Windows\System\WCSZTdf.exe
  2⤵
  PID:3048
- C:\Windows\System\sXpWBxt.exe
  C:\Windows\System\sXpWBxt.exe
  2⤵
  PID:1740
- C:\Windows\System\FYuNxCd.exe
  C:\Windows\System\FYuNxCd.exe
  2⤵
  PID:2720
- C:\Windows\System\iWXyyex.exe
  C:\Windows\System\iWXyyex.exe
  2⤵
  PID:3152
- C:\Windows\System\wwVgVng.exe
  C:\Windows\System\wwVgVng.exe
  2⤵
  PID:4032
- C:\Windows\System\cgmGEDq.exe
  C:\Windows\System\cgmGEDq.exe
  2⤵
  PID:3196
- C:\Windows\System\wqYcWlx.exe
  C:\Windows\System\wqYcWlx.exe
  2⤵
  PID:676
- C:\Windows\System\IvXnwtx.exe
  C:\Windows\System\IvXnwtx.exe
  2⤵
  PID:2684
- C:\Windows\System\JNJUEvB.exe
  C:\Windows\System\JNJUEvB.exe
  2⤵
  PID:2920
- C:\Windows\System\rJSeIpt.exe
  C:\Windows\System\rJSeIpt.exe
  2⤵
  PID:3232
- C:\Windows\System\TQFLRIN.exe
  C:\Windows\System\TQFLRIN.exe
  2⤵
  PID:3412
- C:\Windows\System\nzAuoCL.exe
  C:\Windows\System\nzAuoCL.exe
  2⤵
  PID:2804
- C:\Windows\System\EZiUheW.exe
  C:\Windows\System\EZiUheW.exe
  2⤵
  PID:3484
- C:\Windows\System\TIwwhhM.exe
  C:\Windows\System\TIwwhhM.exe
  2⤵
  PID:3660
- C:\Windows\System\MMTslCv.exe
  C:\Windows\System\MMTslCv.exe
  2⤵
  PID:3584
- C:\Windows\System\LumFZUq.exe
  C:\Windows\System\LumFZUq.exe
  2⤵
  PID:3732
- C:\Windows\System\eULJhYJ.exe
  C:\Windows\System\eULJhYJ.exe
  2⤵
  PID:3836
- C:\Windows\System\jsWFcpP.exe
  C:\Windows\System\jsWFcpP.exe
  2⤵
  PID:3508
- C:\Windows\System\nraBZYf.exe
  C:\Windows\System\nraBZYf.exe
  2⤵
  PID:3540
- C:\Windows\System\cyNqjJv.exe
  C:\Windows\System\cyNqjJv.exe
  2⤵
  PID:3712
- C:\Windows\System\WDQAZal.exe
  C:\Windows\System\WDQAZal.exe
  2⤵
  PID:3444
- C:\Windows\System\IefWVnK.exe
  C:\Windows\System\IefWVnK.exe
  2⤵
  PID:3912
- C:\Windows\System\WCnkcCE.exe
  C:\Windows\System\WCnkcCE.exe
  2⤵
  PID:2980
- C:\Windows\System\RuHOtjX.exe
  C:\Windows\System\RuHOtjX.exe
  2⤵
  PID:3612
- C:\Windows\System\eNvgtdr.exe
  C:\Windows\System\eNvgtdr.exe
  2⤵
  PID:4076
- C:\Windows\System\JwyPjvA.exe
  C:\Windows\System\JwyPjvA.exe
  2⤵
  PID:3140
- C:\Windows\System\DBfOMwc.exe
  C:\Windows\System\DBfOMwc.exe
  2⤵
  PID:3872
- C:\Windows\System\ENytMxJ.exe
  C:\Windows\System\ENytMxJ.exe
  2⤵
  PID:3888
- C:\Windows\System\sUMNTeP.exe
  C:\Windows\System\sUMNTeP.exe
  2⤵
  PID:3960
- C:\Windows\System\bpisVUQ.exe
  C:\Windows\System\bpisVUQ.exe
  2⤵
  PID:2732
- C:\Windows\System\XvazyWe.exe
  C:\Windows\System\XvazyWe.exe
  2⤵
  PID:4028
- C:\Windows\System\vwmokaf.exe
  C:\Windows\System\vwmokaf.exe
  2⤵
  PID:3804
- C:\Windows\System\TAZzKIV.exe
  C:\Windows\System\TAZzKIV.exe
  2⤵
  PID:3228
- C:\Windows\System\qSiHvEd.exe
  C:\Windows\System\qSiHvEd.exe
  2⤵
  PID:1828
- C:\Windows\System\hVnYHLf.exe
  C:\Windows\System\hVnYHLf.exe
  2⤵
  PID:3172
- C:\Windows\System\tnMtdCW.exe
  C:\Windows\System\tnMtdCW.exe
  2⤵
  PID:2344
- C:\Windows\System\FeRVvev.exe
  C:\Windows\System\FeRVvev.exe
  2⤵
  PID:3568
- C:\Windows\System\QeyWOeD.exe
  C:\Windows\System\QeyWOeD.exe
  2⤵
  PID:3376
- C:\Windows\System\utJAePF.exe
  C:\Windows\System\utJAePF.exe
  2⤵
  PID:2668
- C:\Windows\System\aTMiWpf.exe
  C:\Windows\System\aTMiWpf.exe
  2⤵
  PID:3916
- C:\Windows\System\zQAZJsV.exe
  C:\Windows\System\zQAZJsV.exe
  2⤵
  PID:1584
- C:\Windows\System\DiLrXRt.exe
  C:\Windows\System\DiLrXRt.exe
  2⤵
  PID:4060
- C:\Windows\System\lhUQBWm.exe
  C:\Windows\System\lhUQBWm.exe
  2⤵
  PID:3788
- C:\Windows\System\vYvTfst.exe
  C:\Windows\System\vYvTfst.exe
  2⤵
  PID:1744
- C:\Windows\System\XBEewpr.exe
  C:\Windows\System\XBEewpr.exe
  2⤵
  PID:4100
- C:\Windows\System\RoJUXfc.exe
  C:\Windows\System\RoJUXfc.exe
  2⤵
  PID:4116
- C:\Windows\System\ptgrXue.exe
  C:\Windows\System\ptgrXue.exe
  2⤵
  PID:4132
- C:\Windows\System\jCxGrpg.exe
  C:\Windows\System\jCxGrpg.exe
  2⤵
  PID:4148
- C:\Windows\System\qZhZINX.exe
  C:\Windows\System\qZhZINX.exe
  2⤵
  PID:4164
- C:\Windows\System\iCCZhEV.exe
  C:\Windows\System\iCCZhEV.exe
  2⤵
  PID:4180
- C:\Windows\System\nrfNESU.exe
  C:\Windows\System\nrfNESU.exe
  2⤵
  PID:4196
- C:\Windows\System\ZNoHjQK.exe
  C:\Windows\System\ZNoHjQK.exe
  2⤵
  PID:4212
- C:\Windows\System\Yntcjdd.exe
  C:\Windows\System\Yntcjdd.exe
  2⤵
  PID:4228
- C:\Windows\System\VoCPjnR.exe
  C:\Windows\System\VoCPjnR.exe
  2⤵
  PID:4244
- C:\Windows\System\ollpeKf.exe
  C:\Windows\System\ollpeKf.exe
  2⤵
  PID:4260
- C:\Windows\System\wsmUduo.exe
  C:\Windows\System\wsmUduo.exe
  2⤵
  PID:4276
- C:\Windows\System\ytpCKlb.exe
  C:\Windows\System\ytpCKlb.exe
  2⤵
  PID:4292
- C:\Windows\System\VPKoFlm.exe
  C:\Windows\System\VPKoFlm.exe
  2⤵
  PID:4308
- C:\Windows\System\WFEIIOr.exe
  C:\Windows\System\WFEIIOr.exe
  2⤵
  PID:4324
- C:\Windows\System\RQBsfrQ.exe
  C:\Windows\System\RQBsfrQ.exe
  2⤵
  PID:4340
- C:\Windows\System\yahhotL.exe
  C:\Windows\System\yahhotL.exe
  2⤵
  PID:4356
- C:\Windows\System\AALdEmQ.exe
  C:\Windows\System\AALdEmQ.exe
  2⤵
  PID:4372
- C:\Windows\System\ZHHtfic.exe
  C:\Windows\System\ZHHtfic.exe
  2⤵
  PID:4388
- C:\Windows\System\ZJMEDwN.exe
  C:\Windows\System\ZJMEDwN.exe
  2⤵
  PID:4404
- C:\Windows\System\Uddsudh.exe
  C:\Windows\System\Uddsudh.exe
  2⤵
  PID:4420
- C:\Windows\System\QvARKyZ.exe
  C:\Windows\System\QvARKyZ.exe
  2⤵
  PID:4436
- C:\Windows\System\FgdCoSZ.exe
  C:\Windows\System\FgdCoSZ.exe
  2⤵
  PID:4452
- C:\Windows\System\uiGBHmI.exe
  C:\Windows\System\uiGBHmI.exe
  2⤵
  PID:4468
- C:\Windows\System\AMCTIHT.exe
  C:\Windows\System\AMCTIHT.exe
  2⤵
  PID:4484
- C:\Windows\System\Kiezntg.exe
  C:\Windows\System\Kiezntg.exe
  2⤵
  PID:4500
- C:\Windows\System\hejezXw.exe
  C:\Windows\System\hejezXw.exe
  2⤵
  PID:4516
- C:\Windows\System\wHUBfjx.exe
  C:\Windows\System\wHUBfjx.exe
  2⤵
  PID:4532
- C:\Windows\System\AxrBGGW.exe
  C:\Windows\System\AxrBGGW.exe
  2⤵
  PID:4548
- C:\Windows\System\hkgjuDF.exe
  C:\Windows\System\hkgjuDF.exe
  2⤵
  PID:4564
- C:\Windows\System\TSYFOOE.exe
  C:\Windows\System\TSYFOOE.exe
  2⤵
  PID:4580
- C:\Windows\System\DCQLEzv.exe
  C:\Windows\System\DCQLEzv.exe
  2⤵
  PID:4596
- C:\Windows\System\XASnNOg.exe
  C:\Windows\System\XASnNOg.exe
  2⤵
  PID:4612
- C:\Windows\System\jRVNtVX.exe
  C:\Windows\System\jRVNtVX.exe
  2⤵
  PID:4628
- C:\Windows\System\ZNxJwfv.exe
  C:\Windows\System\ZNxJwfv.exe
  2⤵
  PID:4644
- C:\Windows\System\dtfVMCm.exe
  C:\Windows\System\dtfVMCm.exe
  2⤵
  PID:4660
- C:\Windows\System\cNiQTls.exe
  C:\Windows\System\cNiQTls.exe
  2⤵
  PID:4676
- C:\Windows\System\CoRgEMr.exe
  C:\Windows\System\CoRgEMr.exe
  2⤵
  PID:4692
- C:\Windows\System\bsrqASR.exe
  C:\Windows\System\bsrqASR.exe
  2⤵
  PID:4708
- C:\Windows\System\ZYVvdpg.exe
  C:\Windows\System\ZYVvdpg.exe
  2⤵
  PID:4724
- C:\Windows\System\nuQqCvU.exe
  C:\Windows\System\nuQqCvU.exe
  2⤵
  PID:4740
- C:\Windows\System\HRlUCYH.exe
  C:\Windows\System\HRlUCYH.exe
  2⤵
  PID:4756
- C:\Windows\System\VlwtXOX.exe
  C:\Windows\System\VlwtXOX.exe
  2⤵
  PID:4772
- C:\Windows\System\rYWmzFD.exe
  C:\Windows\System\rYWmzFD.exe
  2⤵
  PID:4788
- C:\Windows\System\HyBQlch.exe
  C:\Windows\System\HyBQlch.exe
  2⤵
  PID:4804
- C:\Windows\System\SbbgPPn.exe
  C:\Windows\System\SbbgPPn.exe
  2⤵
  PID:4820
- C:\Windows\System\IrIkvkh.exe
  C:\Windows\System\IrIkvkh.exe
  2⤵
  PID:4836
- C:\Windows\System\tAAoBDw.exe
  C:\Windows\System\tAAoBDw.exe
  2⤵
  PID:4852
- C:\Windows\System\cFnmAPc.exe
  C:\Windows\System\cFnmAPc.exe
  2⤵
  PID:4868
- C:\Windows\System\AOxhGBF.exe
  C:\Windows\System\AOxhGBF.exe
  2⤵
  PID:4884
- C:\Windows\System\LcVwgiS.exe
  C:\Windows\System\LcVwgiS.exe
  2⤵
  PID:4900
- C:\Windows\System\AWPwfEA.exe
  C:\Windows\System\AWPwfEA.exe
  2⤵
  PID:4916
- C:\Windows\System\xhyqeoT.exe
  C:\Windows\System\xhyqeoT.exe
  2⤵
  PID:4932
- C:\Windows\System\lYTZUXo.exe
  C:\Windows\System\lYTZUXo.exe
  2⤵
  PID:4948
- C:\Windows\System\LfgXFJA.exe
  C:\Windows\System\LfgXFJA.exe
  2⤵
  PID:4964
- C:\Windows\System\kNJGKtc.exe
  C:\Windows\System\kNJGKtc.exe
  2⤵
  PID:4980
- C:\Windows\System\aXKQELj.exe
  C:\Windows\System\aXKQELj.exe
  2⤵
  PID:4996
- C:\Windows\System\yLMSehJ.exe
  C:\Windows\System\yLMSehJ.exe
  2⤵
  PID:5012
- C:\Windows\System\BJHjJrx.exe
  C:\Windows\System\BJHjJrx.exe
  2⤵
  PID:5028
- C:\Windows\System\wUtmxhl.exe
  C:\Windows\System\wUtmxhl.exe
  2⤵
  PID:5044
- C:\Windows\System\wNDEyxg.exe
  C:\Windows\System\wNDEyxg.exe
  2⤵
  PID:5060
- C:\Windows\System\LyxoPMB.exe
  C:\Windows\System\LyxoPMB.exe
  2⤵
  PID:5076
- C:\Windows\System\RqJxjvk.exe
  C:\Windows\System\RqJxjvk.exe
  2⤵
  PID:5096
- C:\Windows\System\ErPkpmy.exe
  C:\Windows\System\ErPkpmy.exe
  2⤵
  PID:5112
- C:\Windows\System\JXnMxgd.exe
  C:\Windows\System\JXnMxgd.exe
  2⤵
  PID:3680
- C:\Windows\System\Qjvmmha.exe
  C:\Windows\System\Qjvmmha.exe
  2⤵
  PID:2724
- C:\Windows\System\KRRTeGo.exe
  C:\Windows\System\KRRTeGo.exe
  2⤵
  PID:1816
- C:\Windows\System\RclisTQ.exe
  C:\Windows\System\RclisTQ.exe
  2⤵
  PID:3184
- C:\Windows\System\XWjgcGh.exe
  C:\Windows\System\XWjgcGh.exe
  2⤵
  PID:3744
- C:\Windows\System\EoDCtuE.exe
  C:\Windows\System\EoDCtuE.exe
  2⤵
  PID:3316
- C:\Windows\System\JhZIXts.exe
  C:\Windows\System\JhZIXts.exe
  2⤵
  PID:3464
- C:\Windows\System\NFiqubm.exe
  C:\Windows\System\NFiqubm.exe
  2⤵
  PID:1028
- C:\Windows\System\XXIaaTU.exe
  C:\Windows\System\XXIaaTU.exe
  2⤵
  PID:3772
- C:\Windows\System\wRqIFQK.exe
  C:\Windows\System\wRqIFQK.exe
  2⤵
  PID:4156
- C:\Windows\System\cBKyfjv.exe
  C:\Windows\System\cBKyfjv.exe
  2⤵
  PID:3108
- C:\Windows\System\xjHCmyC.exe
  C:\Windows\System\xjHCmyC.exe
  2⤵
  PID:1248
- C:\Windows\System\VcXqKGO.exe
  C:\Windows\System\VcXqKGO.exe
  2⤵
  PID:4140
- C:\Windows\System\bOnJLqW.exe
  C:\Windows\System\bOnJLqW.exe
  2⤵
  PID:4252
- C:\Windows\System\seHuYOw.exe
  C:\Windows\System\seHuYOw.exe
  2⤵
  PID:4576
- C:\Windows\System\MzchPqF.exe
  C:\Windows\System\MzchPqF.exe
  2⤵
  PID:4828
- C:\Windows\System\ROVRZcj.exe
  C:\Windows\System\ROVRZcj.exe
  2⤵
  PID:4924
- C:\Windows\System\ruaHUFo.exe
  C:\Windows\System\ruaHUFo.exe
  2⤵
  PID:4684
- C:\Windows\System\EffRpFv.exe
  C:\Windows\System\EffRpFv.exe
  2⤵
  PID:4864
- C:\Windows\System\OeEzEHa.exe
  C:\Windows\System\OeEzEHa.exe
  2⤵
  PID:5052
- C:\Windows\System\PlZnnWK.exe
  C:\Windows\System\PlZnnWK.exe
  2⤵
  PID:4720
- C:\Windows\System\CqLJvUT.exe
  C:\Windows\System\CqLJvUT.exe
  2⤵
  PID:4784
- C:\Windows\System\hXffmdI.exe
  C:\Windows\System\hXffmdI.exe
  2⤵
  PID:4812
- C:\Windows\System\VVRRJHh.exe
  C:\Windows\System\VVRRJHh.exe
  2⤵
  PID:4880
- C:\Windows\System\HFeSQZU.exe
  C:\Windows\System\HFeSQZU.exe
  2⤵
  PID:4944
- C:\Windows\System\RGDXJMV.exe
  C:\Windows\System\RGDXJMV.exe
  2⤵
  PID:2832
- C:\Windows\System\lTwhQbl.exe
  C:\Windows\System\lTwhQbl.exe
  2⤵
  PID:5040
- C:\Windows\System\IKmXZpQ.exe
  C:\Windows\System\IKmXZpQ.exe
  2⤵
  PID:2828
- C:\Windows\System\UzfuiFE.exe
  C:\Windows\System\UzfuiFE.exe
  2⤵
  PID:1668
- C:\Windows\System\noiyoLO.exe
  C:\Windows\System\noiyoLO.exe
  2⤵
  PID:3976
- C:\Windows\System\XJIiOTm.exe
  C:\Windows\System\XJIiOTm.exe
  2⤵
  PID:3328
- C:\Windows\System\iaboIpw.exe
  C:\Windows\System\iaboIpw.exe
  2⤵
  PID:2788
- C:\Windows\System\pYWsqwp.exe
  C:\Windows\System\pYWsqwp.exe
  2⤵
  PID:3868
- C:\Windows\System\ttXsskX.exe
  C:\Windows\System\ttXsskX.exe
  2⤵
  PID:3520
- C:\Windows\System\sPHUPGc.exe
  C:\Windows\System\sPHUPGc.exe
  2⤵
  PID:2824
- C:\Windows\System\zWqleUS.exe
  C:\Windows\System\zWqleUS.exe
  2⤵
  PID:4112
- C:\Windows\System\ZQzxITP.exe
  C:\Windows\System\ZQzxITP.exe
  2⤵
  PID:2868
- C:\Windows\System\XfcABlt.exe
  C:\Windows\System\XfcABlt.exe
  2⤵
  PID:2592
- C:\Windows\System\MOCCXoC.exe
  C:\Windows\System\MOCCXoC.exe
  2⤵
  PID:4364
- C:\Windows\System\slGZJbv.exe
  C:\Windows\System\slGZJbv.exe
  2⤵
  PID:4396
- C:\Windows\System\ICvpMTc.exe
  C:\Windows\System\ICvpMTc.exe
  2⤵
  PID:4460
- C:\Windows\System\ymlsxOn.exe
  C:\Windows\System\ymlsxOn.exe
  2⤵
  PID:4352
- C:\Windows\System\ikQIyUf.exe
  C:\Windows\System\ikQIyUf.exe
  2⤵
  PID:2744
- C:\Windows\System\dEIVMvi.exe
  C:\Windows\System\dEIVMvi.exe
  2⤵
  PID:4588
- C:\Windows\System\dWQCIDC.exe
  C:\Windows\System\dWQCIDC.exe
  2⤵
  PID:4624
- C:\Windows\System\QiYFkxn.exe
  C:\Windows\System\QiYFkxn.exe
  2⤵
  PID:4320
- C:\Windows\System\lPaaMRe.exe
  C:\Windows\System\lPaaMRe.exe
  2⤵
  PID:4412
- C:\Windows\System\GGLtgXx.exe
  C:\Windows\System\GGLtgXx.exe
  2⤵
  PID:4636
- C:\Windows\System\CblxaRX.exe
  C:\Windows\System\CblxaRX.exe
  2⤵
  PID:4668
- C:\Windows\System\NZlAGKX.exe
  C:\Windows\System\NZlAGKX.exe
  2⤵
  PID:4704
- C:\Windows\System\FaLPOLk.exe
  C:\Windows\System\FaLPOLk.exe
  2⤵
  PID:4768
- C:\Windows\System\hxGKtfB.exe
  C:\Windows\System\hxGKtfB.exe
  2⤵
  PID:2816
- C:\Windows\System\MdeddJM.exe
  C:\Windows\System\MdeddJM.exe
  2⤵
  PID:4416
- C:\Windows\System\fujjeNQ.exe
  C:\Windows\System\fujjeNQ.exe
  2⤵
  PID:2796
- C:\Windows\System\GXKtyHp.exe
  C:\Windows\System\GXKtyHp.exe
  2⤵
  PID:5004
- C:\Windows\System\qTyZklL.exe
  C:\Windows\System\qTyZklL.exe
  2⤵
  PID:4896
- C:\Windows\System\urOhaSA.exe
  C:\Windows\System\urOhaSA.exe
  2⤵
  PID:5084
- C:\Windows\System\xOsCJUe.exe
  C:\Windows\System\xOsCJUe.exe
  2⤵
  PID:4912
- C:\Windows\System\OGUuBNn.exe
  C:\Windows\System\OGUuBNn.exe
  2⤵
  PID:5008
- C:\Windows\System\uUUIOpm.exe
  C:\Windows\System\uUUIOpm.exe
  2⤵
  PID:4052
- C:\Windows\System\ysgieqA.exe
  C:\Windows\System\ysgieqA.exe
  2⤵
  PID:4128
- C:\Windows\System\FCbjwZT.exe
  C:\Windows\System\FCbjwZT.exe
  2⤵
  PID:2760
- C:\Windows\System\WssOARS.exe
  C:\Windows\System\WssOARS.exe
  2⤵
  PID:4224
- C:\Windows\System\YemXMSB.exe
  C:\Windows\System\YemXMSB.exe
  2⤵
  PID:4332
- C:\Windows\System\qoQzyJE.exe
  C:\Windows\System\qoQzyJE.exe
  2⤵
  PID:4160
- C:\Windows\System\fbyzMmz.exe
  C:\Windows\System\fbyzMmz.exe
  2⤵
  PID:4492
- C:\Windows\System\pokwVYY.exe
  C:\Windows\System\pokwVYY.exe
  2⤵
  PID:4528
- C:\Windows\System\TgaSfpk.exe
  C:\Windows\System\TgaSfpk.exe
  2⤵
  PID:4560
- C:\Windows\System\FYDNDfk.exe
  C:\Windows\System\FYDNDfk.exe
  2⤵
  PID:4316
- C:\Windows\System\QabNeOV.exe
  C:\Windows\System\QabNeOV.exe
  2⤵
  PID:4480
- C:\Windows\System\IcFdUxT.exe
  C:\Windows\System\IcFdUxT.exe
  2⤵
  PID:4700
- C:\Windows\System\IxIbdoc.exe
  C:\Windows\System\IxIbdoc.exe
  2⤵
  PID:4844
- C:\Windows\System\VPPSWQd.exe
  C:\Windows\System\VPPSWQd.exe
  2⤵
  PID:4976
- C:\Windows\System\ElZQVSS.exe
  C:\Windows\System\ElZQVSS.exe
  2⤵
  PID:4960
- C:\Windows\System\vcjdpjk.exe
  C:\Windows\System\vcjdpjk.exe
  2⤵
  PID:4780
- C:\Windows\System\JgRCRCL.exe
  C:\Windows\System\JgRCRCL.exe
  2⤵
  PID:2140
- C:\Windows\System\RZYiwzF.exe
  C:\Windows\System\RZYiwzF.exe
  2⤵
  PID:2040
- C:\Windows\System\PtfvKcH.exe
  C:\Windows\System\PtfvKcH.exe
  2⤵
  PID:4336
- C:\Windows\System\RVIYrXl.exe
  C:\Windows\System\RVIYrXl.exe
  2⤵
  PID:3864
- C:\Windows\System\qBdGAne.exe
  C:\Windows\System\qBdGAne.exe
  2⤵
  PID:4604
- C:\Windows\System\XBpjwGs.exe
  C:\Windows\System\XBpjwGs.exe
  2⤵
  PID:4736
- C:\Windows\System\fGjwjtq.exe
  C:\Windows\System\fGjwjtq.exe
  2⤵
  PID:4848
- C:\Windows\System\aOPWXCL.exe
  C:\Windows\System\aOPWXCL.exe
  2⤵
  PID:4956
- C:\Windows\System\QAyxfuK.exe
  C:\Windows\System\QAyxfuK.exe
  2⤵
  PID:4220
- C:\Windows\System\iwXuzGP.exe
  C:\Windows\System\iwXuzGP.exe
  2⤵
  PID:4176
- C:\Windows\System\watyiNX.exe
  C:\Windows\System\watyiNX.exe
  2⤵
  PID:4524
- C:\Windows\System\CdimepX.exe
  C:\Windows\System\CdimepX.exe
  2⤵
  PID:2148
- C:\Windows\System\apjOoXb.exe
  C:\Windows\System\apjOoXb.exe
  2⤵
  PID:2972
- C:\Windows\System\kuCvgJC.exe
  C:\Windows\System\kuCvgJC.exe
  2⤵
  PID:2740
- C:\Windows\System\UUxSlTD.exe
  C:\Windows\System\UUxSlTD.exe
  2⤵
  PID:5136
- C:\Windows\System\sniBuOM.exe
  C:\Windows\System\sniBuOM.exe
  2⤵
  PID:5152
- C:\Windows\System\RqtTpLr.exe
  C:\Windows\System\RqtTpLr.exe
  2⤵
  PID:5168
- C:\Windows\System\gARqVpM.exe
  C:\Windows\System\gARqVpM.exe
  2⤵
  PID:5184
- C:\Windows\System\WoftLSV.exe
  C:\Windows\System\WoftLSV.exe
  2⤵
  PID:5200
- C:\Windows\System\MnlKwZL.exe
  C:\Windows\System\MnlKwZL.exe
  2⤵
  PID:5216
- C:\Windows\System\zZWjxub.exe
  C:\Windows\System\zZWjxub.exe
  2⤵
  PID:5232
- C:\Windows\System\ZIWSUMD.exe
  C:\Windows\System\ZIWSUMD.exe
  2⤵
  PID:5248
- C:\Windows\System\bPgzVzy.exe
  C:\Windows\System\bPgzVzy.exe
  2⤵
  PID:5264
- C:\Windows\System\LUlTyAT.exe
  C:\Windows\System\LUlTyAT.exe
  2⤵
  PID:5280
- C:\Windows\System\SRCIeaa.exe
  C:\Windows\System\SRCIeaa.exe
  2⤵
  PID:5296
- C:\Windows\System\URuaoox.exe
  C:\Windows\System\URuaoox.exe
  2⤵
  PID:5312
- C:\Windows\System\jnqmmFt.exe
  C:\Windows\System\jnqmmFt.exe
  2⤵
  PID:5328
- C:\Windows\System\RLylLOP.exe
  C:\Windows\System\RLylLOP.exe
  2⤵
  PID:5344
- C:\Windows\System\eTecYDo.exe
  C:\Windows\System\eTecYDo.exe
  2⤵
  PID:5360
- C:\Windows\System\DSKpOVt.exe
  C:\Windows\System\DSKpOVt.exe
  2⤵
  PID:5376
- C:\Windows\System\vAScfwn.exe
  C:\Windows\System\vAScfwn.exe
  2⤵
  PID:5392
- C:\Windows\System\fQZDroZ.exe
  C:\Windows\System\fQZDroZ.exe
  2⤵
  PID:5408
- C:\Windows\System\FWfLHes.exe
  C:\Windows\System\FWfLHes.exe
  2⤵
  PID:5424
- C:\Windows\System\TQFcSGj.exe
  C:\Windows\System\TQFcSGj.exe
  2⤵
  PID:5440
- C:\Windows\System\GhkIBcS.exe
  C:\Windows\System\GhkIBcS.exe
  2⤵
  PID:5456
- C:\Windows\System\oBibgJX.exe
  C:\Windows\System\oBibgJX.exe
  2⤵
  PID:5472
- C:\Windows\System\FVcojho.exe
  C:\Windows\System\FVcojho.exe
  2⤵
  PID:5488
- C:\Windows\System\bZyBNOT.exe
  C:\Windows\System\bZyBNOT.exe
  2⤵
  PID:5504
- C:\Windows\System\DOiagMD.exe
  C:\Windows\System\DOiagMD.exe
  2⤵
  PID:5520
- C:\Windows\System\ewErtzr.exe
  C:\Windows\System\ewErtzr.exe
  2⤵
  PID:5536
- C:\Windows\System\DbXMJqN.exe
  C:\Windows\System\DbXMJqN.exe
  2⤵
  PID:5736
- C:\Windows\System\wHzWKtR.exe
  C:\Windows\System\wHzWKtR.exe
  2⤵
  PID:5256
- C:\Windows\System\UsHnVti.exe
  C:\Windows\System\UsHnVti.exe
  2⤵
  PID:5304
- C:\Windows\System\eVuqttm.exe
  C:\Windows\System\eVuqttm.exe
  2⤵
  PID:5324
- C:\Windows\System\yZaYPMU.exe
  C:\Windows\System\yZaYPMU.exe
  2⤵
  PID:5356
- C:\Windows\System\IIKSVPH.exe
  C:\Windows\System\IIKSVPH.exe
  2⤵
  PID:5388
- C:\Windows\System\FnaUTCv.exe
  C:\Windows\System\FnaUTCv.exe
  2⤵
  PID:5436
- C:\Windows\System\iylvhYC.exe
  C:\Windows\System\iylvhYC.exe
  2⤵
  PID:5480
- C:\Windows\System\iRxaSFy.exe
  C:\Windows\System\iRxaSFy.exe
  2⤵
  PID:5528
- C:\Windows\System\QWyIckC.exe
  C:\Windows\System\QWyIckC.exe
  2⤵
  PID:5512
- C:\Windows\System\aaMLCgH.exe
  C:\Windows\System\aaMLCgH.exe
  2⤵
  PID:5756
- C:\Windows\System\PpQBMrr.exe
  C:\Windows\System\PpQBMrr.exe
  2⤵
  PID:5776
- C:\Windows\System\vCECHXw.exe
  C:\Windows\System\vCECHXw.exe
  2⤵
  PID:5796
- C:\Windows\System\CyCbvYB.exe
  C:\Windows\System\CyCbvYB.exe
  2⤵
  PID:5824
- C:\Windows\System\nCvMZIj.exe
  C:\Windows\System\nCvMZIj.exe
  2⤵
  PID:5568
- C:\Windows\System\aoAqOJC.exe
  C:\Windows\System\aoAqOJC.exe
  2⤵
  PID:5564
- C:\Windows\System\rLVQFrg.exe
  C:\Windows\System\rLVQFrg.exe
  2⤵
  PID:5584
- C:\Windows\System\sksRsZi.exe
  C:\Windows\System\sksRsZi.exe
  2⤵
  PID:5600
- C:\Windows\System\LnrNYZc.exe
  C:\Windows\System\LnrNYZc.exe
  2⤵
  PID:5616
- C:\Windows\System\gimuEBl.exe
  C:\Windows\System\gimuEBl.exe
  2⤵
  PID:5636
- C:\Windows\System\tYqVxor.exe
  C:\Windows\System\tYqVxor.exe
  2⤵
  PID:5652
- C:\Windows\System\ZzGjXSw.exe
  C:\Windows\System\ZzGjXSw.exe
  2⤵
  PID:5668
- C:\Windows\System\xTBEdYy.exe
  C:\Windows\System\xTBEdYy.exe
  2⤵
  PID:5688
- C:\Windows\System\NbbRvkT.exe
  C:\Windows\System\NbbRvkT.exe
  2⤵
  PID:5700
- C:\Windows\System\znVWYen.exe
  C:\Windows\System\znVWYen.exe
  2⤵
  PID:5840
- C:\Windows\System\KYlSdYI.exe
  C:\Windows\System\KYlSdYI.exe
  2⤵
  PID:1720
- C:\Windows\System\uMbzWFO.exe
  C:\Windows\System\uMbzWFO.exe
  2⤵
  PID:5848
- C:\Windows\System\QqLIkQt.exe
  C:\Windows\System\QqLIkQt.exe
  2⤵
  PID:5856
- C:\Windows\System\WoDddqu.exe
  C:\Windows\System\WoDddqu.exe
  2⤵
  PID:5880
- C:\Windows\System\nNINraU.exe
  C:\Windows\System\nNINraU.exe
  2⤵
  PID:5896
- C:\Windows\System\bNCckUp.exe
  C:\Windows\System\bNCckUp.exe
  2⤵
  PID:5916
- C:\Windows\System\CiWVbUN.exe
  C:\Windows\System\CiWVbUN.exe
  2⤵
  PID:5964
- C:\Windows\System\qpZOctH.exe
  C:\Windows\System\qpZOctH.exe
  2⤵
  PID:2872
- C:\Windows\System\ClbrWzU.exe
  C:\Windows\System\ClbrWzU.exe
  2⤵
  PID:5992
- C:\Windows\System\MKPNgsr.exe
  C:\Windows\System\MKPNgsr.exe
  2⤵
  PID:6012
- C:\Windows\System\AAXFplC.exe
  C:\Windows\System\AAXFplC.exe
  2⤵
  PID:6048
- C:\Windows\System\WFNsjhb.exe
  C:\Windows\System\WFNsjhb.exe
  2⤵
  PID:2144
- C:\Windows\System\YDxxpQl.exe
  C:\Windows\System\YDxxpQl.exe
  2⤵
  PID:2656
- C:\Windows\System\nUKEgaP.exe
  C:\Windows\System\nUKEgaP.exe
  2⤵
  PID:6088
- C:\Windows\System\JvHLZDQ.exe
  C:\Windows\System\JvHLZDQ.exe
  2⤵
  PID:6104
- C:\Windows\System\nNPGsqJ.exe
  C:\Windows\System\nNPGsqJ.exe
  2⤵
  PID:6120
- C:\Windows\System\IKwhvAR.exe
  C:\Windows\System\IKwhvAR.exe
  2⤵
  PID:6136
- C:\Windows\System\ZUoWHWh.exe
  C:\Windows\System\ZUoWHWh.exe
  2⤵
  PID:4400
- C:\Windows\System\ejgFVXd.exe
  C:\Windows\System\ejgFVXd.exe
  2⤵
  PID:2440
- C:\Windows\System\fBxHyZQ.exe
  C:\Windows\System\fBxHyZQ.exe
  2⤵
  PID:2700
- C:\Windows\System\UftMOCj.exe
  C:\Windows\System\UftMOCj.exe
  2⤵
  PID:5148
- C:\Windows\System\pytxxfM.exe
  C:\Windows\System\pytxxfM.exe
  2⤵
  PID:5180
- C:\Windows\System\UeKgXbw.exe
  C:\Windows\System\UeKgXbw.exe
  2⤵
  PID:5212
- C:\Windows\System\RyMemUp.exe
  C:\Windows\System\RyMemUp.exe
  2⤵
  PID:5288
- C:\Windows\System\PliKOSS.exe
  C:\Windows\System\PliKOSS.exe
  2⤵
  PID:5416
- C:\Windows\System\GDHgwGK.exe
  C:\Windows\System\GDHgwGK.exe
  2⤵
  PID:5308
- C:\Windows\System\TCEgnEL.exe
  C:\Windows\System\TCEgnEL.exe
  2⤵
  PID:1536
- C:\Windows\System\iBSdVqS.exe
  C:\Windows\System\iBSdVqS.exe
  2⤵
  PID:5400
- C:\Windows\System\QmoShgU.exe
  C:\Windows\System\QmoShgU.exe
  2⤵
  PID:5468
- C:\Windows\System\PFlLrCP.exe
  C:\Windows\System\PFlLrCP.exe
  2⤵
  PID:5768
- C:\Windows\System\uXRArWw.exe
  C:\Windows\System\uXRArWw.exe
  2⤵
  PID:5552
- C:\Windows\System\grAYhkr.exe
  C:\Windows\System\grAYhkr.exe
  2⤵
  PID:5632
- C:\Windows\System\qgEIWuD.exe
  C:\Windows\System\qgEIWuD.exe
  2⤵
  PID:5784
- C:\Windows\System\uccAPCJ.exe
  C:\Windows\System\uccAPCJ.exe
  2⤵
  PID:5556
- C:\Windows\System\CZwHryT.exe
  C:\Windows\System\CZwHryT.exe
  2⤵
  PID:5832
- C:\Windows\System\GjufTeg.exe
  C:\Windows\System\GjufTeg.exe
  2⤵
  PID:5676
- C:\Windows\System\vSTWkBK.exe
  C:\Windows\System\vSTWkBK.exe
  2⤵
  PID:5708
- C:\Windows\System\OZegEWc.exe
  C:\Windows\System\OZegEWc.exe
  2⤵
  PID:5888
- C:\Windows\System\mNlgZNU.exe
  C:\Windows\System\mNlgZNU.exe
  2⤵
  PID:5872
- C:\Windows\System\SCFJcRG.exe
  C:\Windows\System\SCFJcRG.exe
  2⤵
  PID:5924
- C:\Windows\System\MTZfWWu.exe
  C:\Windows\System\MTZfWWu.exe
  2⤵
  PID:2012
- C:\Windows\System\fuTwMHy.exe
  C:\Windows\System\fuTwMHy.exe
  2⤵
  PID:5960
- C:\Windows\System\CdzOAbC.exe
  C:\Windows\System\CdzOAbC.exe
  2⤵
  PID:5980
- C:\Windows\System\mjVpHpH.exe
  C:\Windows\System\mjVpHpH.exe
  2⤵
  PID:6028
- C:\Windows\System\SllIoeY.exe
  C:\Windows\System\SllIoeY.exe
  2⤵
  PID:2736
- C:\Windows\System\pjZijdg.exe
  C:\Windows\System\pjZijdg.exe
  2⤵
  PID:6024
- C:\Windows\System\RrmFSCf.exe
  C:\Windows\System\RrmFSCf.exe
  2⤵
  PID:6084
- C:\Windows\System\eVXrQBL.exe
  C:\Windows\System\eVXrQBL.exe
  2⤵
  PID:3396
- C:\Windows\System\TxakVVl.exe
  C:\Windows\System\TxakVVl.exe
  2⤵
  PID:6072
- C:\Windows\System\KvpQUOw.exe
  C:\Windows\System\KvpQUOw.exe
  2⤵
  PID:4448
- C:\Windows\System\JsyMONY.exe
  C:\Windows\System\JsyMONY.exe
  2⤵
  PID:4992
- C:\Windows\System\YeDrTXa.exe
  C:\Windows\System\YeDrTXa.exe
  2⤵
  PID:5496
- C:\Windows\System\gIzJKeA.exe
  C:\Windows\System\gIzJKeA.exe
  2⤵
  PID:5368
- C:\Windows\System\sXCzUOM.exe
  C:\Windows\System\sXCzUOM.exe
  2⤵
  PID:5452
- C:\Windows\System\fwjZmfl.exe
  C:\Windows\System\fwjZmfl.exe
  2⤵
  PID:1640
- C:\Windows\System\uTeqtVP.exe
  C:\Windows\System\uTeqtVP.exe
  2⤵
  PID:5696
- C:\Windows\System\YLfFfDT.exe
  C:\Windows\System\YLfFfDT.exe
  2⤵
  PID:5712
- C:\Windows\System\NBfuSxc.exe
  C:\Windows\System\NBfuSxc.exe
  2⤵
  PID:5276
- C:\Windows\System\cKtWfFQ.exe
  C:\Windows\System\cKtWfFQ.exe
  2⤵
  PID:5932
- C:\Windows\System\lQcwiVM.exe
  C:\Windows\System\lQcwiVM.exe
  2⤵
  PID:5484
- C:\Windows\System\oHQUYDI.exe
  C:\Windows\System\oHQUYDI.exe
  2⤵
  PID:5660
- C:\Windows\System\ermaPWJ.exe
  C:\Windows\System\ermaPWJ.exe
  2⤵
  PID:5864
- C:\Windows\System\NvKOKTj.exe
  C:\Windows\System\NvKOKTj.exe
  2⤵
  PID:6020
- C:\Windows\System\hRvpJrv.exe
  C:\Windows\System\hRvpJrv.exe
  2⤵
  PID:5208
- C:\Windows\System\rtVAhmK.exe
  C:\Windows\System\rtVAhmK.exe
  2⤵
  PID:5804
- C:\Windows\System\nrbbWkr.exe
  C:\Windows\System\nrbbWkr.exe
  2⤵
  PID:2840
- C:\Windows\System\bizjQMd.exe
  C:\Windows\System\bizjQMd.exe
  2⤵
  PID:1140
- C:\Windows\System\xvYxDcL.exe
  C:\Windows\System\xvYxDcL.exe
  2⤵
  PID:5812
- C:\Windows\System\iNjVKPl.exe
  C:\Windows\System\iNjVKPl.exe
  2⤵
  PID:5720
- C:\Windows\System\kNKHwwr.exe
  C:\Windows\System\kNKHwwr.exe
  2⤵
  PID:2696
- C:\Windows\System\dqJATJB.exe
  C:\Windows\System\dqJATJB.exe
  2⤵
  PID:6008
- C:\Windows\System\lsuzUMG.exe
  C:\Windows\System\lsuzUMG.exe
  2⤵
  PID:5352
- C:\Windows\System\yEkfDvZ.exe
  C:\Windows\System\yEkfDvZ.exe
  2⤵
  PID:1592
- C:\Windows\System\eSIkUle.exe
  C:\Windows\System\eSIkUle.exe
  2⤵
  PID:6004
- C:\Windows\System\mFFKuVk.exe
  C:\Windows\System\mFFKuVk.exe
  2⤵
  PID:6116
- C:\Windows\System\JRaDPFo.exe
  C:\Windows\System\JRaDPFo.exe
  2⤵
  PID:5968
- C:\Windows\System\SEBUOQj.exe
  C:\Windows\System\SEBUOQj.exe
  2⤵
  PID:6036
- C:\Windows\System\sDAStdw.exe
  C:\Windows\System\sDAStdw.exe
  2⤵
  PID:3308
- C:\Windows\System\BYcZgCh.exe
  C:\Windows\System\BYcZgCh.exe
  2⤵
  PID:5748
- C:\Windows\System\dCSdOIj.exe
  C:\Windows\System\dCSdOIj.exe
  2⤵
  PID:1756
- C:\Windows\System\KzFzLfR.exe
  C:\Windows\System\KzFzLfR.exe
  2⤵
  PID:5624
- C:\Windows\System\ilVDTcL.exe
  C:\Windows\System\ilVDTcL.exe
  2⤵
  PID:6080
- C:\Windows\System\kFRboUa.exe
  C:\Windows\System\kFRboUa.exe
  2⤵
  PID:2944
- C:\Windows\System\iBjQsCC.exe
  C:\Windows\System\iBjQsCC.exe
  2⤵
  PID:6152
- C:\Windows\System\dnkkUrQ.exe
  C:\Windows\System\dnkkUrQ.exe
  2⤵
  PID:6168
- C:\Windows\System\cANqojy.exe
  C:\Windows\System\cANqojy.exe
  2⤵
  PID:6184
- C:\Windows\System\rEzGgoS.exe
  C:\Windows\System\rEzGgoS.exe
  2⤵
  PID:6200
- C:\Windows\System\RVvEnKo.exe
  C:\Windows\System\RVvEnKo.exe
  2⤵
  PID:6216
- C:\Windows\System\GiTaPvs.exe
  C:\Windows\System\GiTaPvs.exe
  2⤵
  PID:6236
- C:\Windows\System\XXpsnax.exe
  C:\Windows\System\XXpsnax.exe
  2⤵
  PID:6260
- C:\Windows\System\GrQNNOX.exe
  C:\Windows\System\GrQNNOX.exe
  2⤵
  PID:6316
- C:\Windows\System\tDJGqqK.exe
  C:\Windows\System\tDJGqqK.exe
  2⤵
  PID:6332
- C:\Windows\System\UyGxsKh.exe
  C:\Windows\System\UyGxsKh.exe
  2⤵
  PID:6356
- C:\Windows\System\RgJlmEq.exe
  C:\Windows\System\RgJlmEq.exe
  2⤵
  PID:6388
- C:\Windows\System\bzItZHS.exe
  C:\Windows\System\bzItZHS.exe
  2⤵
  PID:6416
- C:\Windows\System\FBakhat.exe
  C:\Windows\System\FBakhat.exe
  2⤵
  PID:6436
- C:\Windows\System\Fqksxhc.exe
  C:\Windows\System\Fqksxhc.exe
  2⤵
  PID:6472
- C:\Windows\System\NsklmGL.exe
  C:\Windows\System\NsklmGL.exe
  2⤵
  PID:6492
- C:\Windows\System\aIvuQvL.exe
  C:\Windows\System\aIvuQvL.exe
  2⤵
  PID:6508
- C:\Windows\System\ninXDce.exe
  C:\Windows\System\ninXDce.exe
  2⤵
  PID:6524
- C:\Windows\System\lEgFEmV.exe
  C:\Windows\System\lEgFEmV.exe
  2⤵
  PID:6540
- C:\Windows\System\VrTlboU.exe
  C:\Windows\System\VrTlboU.exe
  2⤵
  PID:6556
- C:\Windows\System\ETSepVL.exe
  C:\Windows\System\ETSepVL.exe
  2⤵
  PID:6572
- C:\Windows\System\lYJdJld.exe
  C:\Windows\System\lYJdJld.exe
  2⤵
  PID:6588
- C:\Windows\System\dNpDdju.exe
  C:\Windows\System\dNpDdju.exe
  2⤵
  PID:6604
- C:\Windows\System\xYatozY.exe
  C:\Windows\System\xYatozY.exe
  2⤵
  PID:6620
- C:\Windows\System\SEbRcFO.exe
  C:\Windows\System\SEbRcFO.exe
  2⤵
  PID:6644
- C:\Windows\System\rlQLHgv.exe
  C:\Windows\System\rlQLHgv.exe
  2⤵
  PID:6672
- C:\Windows\System\tTYcbIu.exe
  C:\Windows\System\tTYcbIu.exe
  2⤵
  PID:6692
- C:\Windows\System\xsyPKAo.exe
  C:\Windows\System\xsyPKAo.exe
  2⤵
  PID:6712
- C:\Windows\System\uzjcXum.exe
  C:\Windows\System\uzjcXum.exe
  2⤵
  PID:6732
- C:\Windows\System\ebfvxCf.exe
  C:\Windows\System\ebfvxCf.exe
  2⤵
  PID:6752
- C:\Windows\System\LDUsNHb.exe
  C:\Windows\System\LDUsNHb.exe
  2⤵
  PID:6768
- C:\Windows\System\MTNDmhf.exe
  C:\Windows\System\MTNDmhf.exe
  2⤵
  PID:6788
- C:\Windows\System\IdhSHOJ.exe
  C:\Windows\System\IdhSHOJ.exe
  2⤵
  PID:6808
- C:\Windows\System\kyZAzlJ.exe
  C:\Windows\System\kyZAzlJ.exe
  2⤵
  PID:6824
- C:\Windows\System\xCjDdFY.exe
  C:\Windows\System\xCjDdFY.exe
  2⤵
  PID:6852
- C:\Windows\System\KqiuWzM.exe
  C:\Windows\System\KqiuWzM.exe
  2⤵
  PID:6868
- C:\Windows\System\VQuWUbS.exe
  C:\Windows\System\VQuWUbS.exe
  2⤵
  PID:6888
- C:\Windows\System\XxEfgvl.exe
  C:\Windows\System\XxEfgvl.exe
  2⤵
  PID:6904
- C:\Windows\System\rzDMlcg.exe
  C:\Windows\System\rzDMlcg.exe
  2⤵
  PID:6924
- C:\Windows\System\ikyIVgS.exe
  C:\Windows\System\ikyIVgS.exe
  2⤵
  PID:6940
- C:\Windows\System\xEdNlZi.exe
  C:\Windows\System\xEdNlZi.exe
  2⤵
  PID:6960
- C:\Windows\System\vxdAfRj.exe
  C:\Windows\System\vxdAfRj.exe
  2⤵
  PID:7012
- C:\Windows\System\FvOLCCp.exe
  C:\Windows\System\FvOLCCp.exe
  2⤵
  PID:7028
- C:\Windows\System\sxOoPUp.exe
  C:\Windows\System\sxOoPUp.exe
  2⤵
  PID:7044
- C:\Windows\System\UfmlKpZ.exe
  C:\Windows\System\UfmlKpZ.exe
  2⤵
  PID:7060
- C:\Windows\System\AYWfVjr.exe
  C:\Windows\System\AYWfVjr.exe
  2⤵
  PID:7080
- C:\Windows\System\lcGBPjE.exe
  C:\Windows\System\lcGBPjE.exe
  2⤵
  PID:7096
- C:\Windows\System\bKilLZh.exe
  C:\Windows\System\bKilLZh.exe
  2⤵
  PID:7112
- C:\Windows\System\PHJSeJF.exe
  C:\Windows\System\PHJSeJF.exe
  2⤵
  PID:7132
- C:\Windows\System\fadyusx.exe
  C:\Windows\System\fadyusx.exe
  2⤵
  PID:7152
- C:\Windows\System\IVmiqTP.exe
  C:\Windows\System\IVmiqTP.exe
  2⤵
  PID:5952
- C:\Windows\System\qcEZmcB.exe
  C:\Windows\System\qcEZmcB.exe
  2⤵
  PID:5516
- C:\Windows\System\yucJjAS.exe
  C:\Windows\System\yucJjAS.exe
  2⤵
  PID:1420
- C:\Windows\System\xlZzfHi.exe
  C:\Windows\System\xlZzfHi.exe
  2⤵
  PID:6060
- C:\Windows\System\MZnnPAt.exe
  C:\Windows\System\MZnnPAt.exe
  2⤵
  PID:5132
- C:\Windows\System\nmxMwIO.exe
  C:\Windows\System\nmxMwIO.exe
  2⤵
  PID:576
- C:\Windows\System\dZFTqpu.exe
  C:\Windows\System\dZFTqpu.exe
  2⤵
  PID:6100
- C:\Windows\System\iVvULfj.exe
  C:\Windows\System\iVvULfj.exe
  2⤵
  PID:5948
- C:\Windows\System\jRfwgWq.exe
  C:\Windows\System\jRfwgWq.exe
  2⤵
  PID:6196
- C:\Windows\System\pzUuZYQ.exe
  C:\Windows\System\pzUuZYQ.exe
  2⤵
  PID:6268
- C:\Windows\System\QpEtkHB.exe
  C:\Windows\System\QpEtkHB.exe
  2⤵
  PID:6212
- C:\Windows\System\oJavSLt.exe
  C:\Windows\System\oJavSLt.exe
  2⤵
  PID:6256
- C:\Windows\System\kJXQmnJ.exe
  C:\Windows\System\kJXQmnJ.exe
  2⤵
  PID:6296
- C:\Windows\System\qVxawVf.exe
  C:\Windows\System\qVxawVf.exe
  2⤵
  PID:6312
- C:\Windows\System\vhvVGmq.exe
  C:\Windows\System\vhvVGmq.exe
  2⤵
  PID:6352
- C:\Windows\System\TFVLzNL.exe
  C:\Windows\System\TFVLzNL.exe
  2⤵
  PID:6404
- C:\Windows\System\KvGhwJT.exe
  C:\Windows\System\KvGhwJT.exe
  2⤵
  PID:6364
- C:\Windows\System\cpimJLA.exe
  C:\Windows\System\cpimJLA.exe
  2⤵
  PID:6432
- C:\Windows\System\JObZBwy.exe
  C:\Windows\System\JObZBwy.exe
  2⤵
  PID:6408
- C:\Windows\System\urkEQde.exe
  C:\Windows\System\urkEQde.exe
  2⤵
  PID:6456
- C:\Windows\System\LaLMXxh.exe
  C:\Windows\System\LaLMXxh.exe
  2⤵
  PID:2940
- C:\Windows\System\inawije.exe
  C:\Windows\System\inawije.exe
  2⤵
  PID:6548
- C:\Windows\System\JSlWmEn.exe
  C:\Windows\System\JSlWmEn.exe
  2⤵
  PID:6500
- C:\Windows\System\nVIZHpA.exe
  C:\Windows\System\nVIZHpA.exe
  2⤵
  PID:6568
- C:\Windows\System\besIpis.exe
  C:\Windows\System\besIpis.exe
  2⤵
  PID:6520
- C:\Windows\System\rhfLoaF.exe
  C:\Windows\System\rhfLoaF.exe
  2⤵
  PID:6656
- C:\Windows\System\AibEblQ.exe
  C:\Windows\System\AibEblQ.exe
  2⤵
  PID:6708
- C:\Windows\System\mqCQENz.exe
  C:\Windows\System\mqCQENz.exe
  2⤵
  PID:6748
- C:\Windows\System\JGSfnhH.exe
  C:\Windows\System\JGSfnhH.exe
  2⤵
  PID:1784
- C:\Windows\System\OPvLNEu.exe
  C:\Windows\System\OPvLNEu.exe
  2⤵
  PID:6896
- C:\Windows\System\iYjsYEm.exe
  C:\Windows\System\iYjsYEm.exe
  2⤵
  PID:6972
- C:\Windows\System\dxzlwNt.exe
  C:\Windows\System\dxzlwNt.exe
  2⤵
  PID:6992
- C:\Windows\System\eiEMdhP.exe
  C:\Windows\System\eiEMdhP.exe
  2⤵
  PID:6728
- C:\Windows\System\VzNxZWX.exe
  C:\Windows\System\VzNxZWX.exe
  2⤵
  PID:6720
- C:\Windows\System\ZtGJZfb.exe
  C:\Windows\System\ZtGJZfb.exe
  2⤵
  PID:6760
- C:\Windows\System\pICIpQt.exe
  C:\Windows\System\pICIpQt.exe
  2⤵
  PID:6840
- C:\Windows\System\ydvuSDG.exe
  C:\Windows\System\ydvuSDG.exe
  2⤵
  PID:6916
- C:\Windows\System\lOVsIFv.exe
  C:\Windows\System\lOVsIFv.exe
  2⤵
  PID:6976
- C:\Windows\System\gkbcIve.exe
  C:\Windows\System\gkbcIve.exe
  2⤵
  PID:7104
- C:\Windows\System\cXjCABp.exe
  C:\Windows\System\cXjCABp.exe
  2⤵
  PID:7148
- C:\Windows\System\YQnFsXa.exe
  C:\Windows\System\YQnFsXa.exe
  2⤵
  PID:7024
- C:\Windows\System\WsRTLQE.exe
  C:\Windows\System\WsRTLQE.exe
  2⤵
  PID:5692
- C:\Windows\System\WUfgtEq.exe
  C:\Windows\System\WUfgtEq.exe
  2⤵
  PID:7124
- C:\Windows\System\fvIXVLu.exe
  C:\Windows\System\fvIXVLu.exe
  2⤵
  PID:6252
- C:\Windows\System\fyTbXQo.exe
  C:\Windows\System\fyTbXQo.exe
  2⤵
  PID:6424
- C:\Windows\System\RHhSZDU.exe
  C:\Windows\System\RHhSZDU.exe
  2⤵
  PID:6516
- C:\Windows\System\TIivLYl.exe
  C:\Windows\System\TIivLYl.exe
  2⤵
  PID:6632
- C:\Windows\System\LSuzsem.exe
  C:\Windows\System\LSuzsem.exe
  2⤵
  PID:6740
- C:\Windows\System\IcEPFnm.exe
  C:\Windows\System\IcEPFnm.exe
  2⤵
  PID:760
- C:\Windows\System\ITsXGVD.exe
  C:\Windows\System\ITsXGVD.exe
  2⤵
  PID:6688
- C:\Windows\System\zUkXOKp.exe
  C:\Windows\System\zUkXOKp.exe
  2⤵
  PID:6836
- C:\Windows\System\cyEHeCb.exe
  C:\Windows\System\cyEHeCb.exe
  2⤵
  PID:7140
- C:\Windows\System\QKqWCSN.exe
  C:\Windows\System\QKqWCSN.exe
  2⤵
  PID:816
- C:\Windows\System\RuQwdYx.exe
  C:\Windows\System\RuQwdYx.exe
  2⤵
  PID:6248
- C:\Windows\System\mMLLNCv.exe
  C:\Windows\System\mMLLNCv.exe
  2⤵
  PID:6636
- C:\Windows\System\gBiJxDf.exe
  C:\Windows\System\gBiJxDf.exe
  2⤵
  PID:6680
- C:\Windows\System\VzbjwnU.exe
  C:\Windows\System\VzbjwnU.exe
  2⤵
  PID:6628
- C:\Windows\System\Gdbhqyr.exe
  C:\Windows\System\Gdbhqyr.exe
  2⤵
  PID:5716
- C:\Windows\System\GCZouUY.exe
  C:\Windows\System\GCZouUY.exe
  2⤵
  PID:6816
- C:\Windows\System\TKTcvAX.exe
  C:\Windows\System\TKTcvAX.exe
  2⤵
  PID:6996
- C:\Windows\System\bZsCwNN.exe
  C:\Windows\System\bZsCwNN.exe
  2⤵
  PID:6328
- C:\Windows\System\mqtbEUx.exe
  C:\Windows\System\mqtbEUx.exe
  2⤵
  PID:4268
- C:\Windows\System\zbNMIbE.exe
  C:\Windows\System\zbNMIbE.exe
  2⤵
  PID:7092
- C:\Windows\System\DJyUhJm.exe
  C:\Windows\System\DJyUhJm.exe
  2⤵
  PID:6396
- C:\Windows\System\gZsEDxX.exe
  C:\Windows\System\gZsEDxX.exe
  2⤵
  PID:6532
- C:\Windows\System\kwTHcAe.exe
  C:\Windows\System\kwTHcAe.exe
  2⤵
  PID:6380
- C:\Windows\System\KiOLglB.exe
  C:\Windows\System\KiOLglB.exe
  2⤵
  PID:6348
- C:\Windows\System\NgZBgrV.exe
  C:\Windows\System\NgZBgrV.exe
  2⤵
  PID:6324
- C:\Windows\System\JlUCZhp.exe
  C:\Windows\System\JlUCZhp.exe
  2⤵
  PID:6848
- C:\Windows\System\XTGeVdk.exe
  C:\Windows\System\XTGeVdk.exe
  2⤵
  PID:6288
- C:\Windows\System\hfajByz.exe
  C:\Windows\System\hfajByz.exe
  2⤵
  PID:6580
- C:\Windows\System\mGwtkPE.exe
  C:\Windows\System\mGwtkPE.exe
  2⤵
  PID:1324
- C:\Windows\System\bnWdPDu.exe
  C:\Windows\System\bnWdPDu.exe
  2⤵
  PID:6968
- C:\Windows\System\WqJOUzH.exe
  C:\Windows\System\WqJOUzH.exe
  2⤵
  PID:6384
- C:\Windows\System\FaMRASu.exe
  C:\Windows\System\FaMRASu.exe
  2⤵
  PID:6652
- C:\Windows\System\UitoVRm.exe
  C:\Windows\System\UitoVRm.exe
  2⤵
  PID:7000
- C:\Windows\System\iqbIcbs.exe
  C:\Windows\System\iqbIcbs.exe
  2⤵
  PID:7056
- C:\Windows\System\IOdeWog.exe
  C:\Windows\System\IOdeWog.exe
  2⤵
  PID:5164
- C:\Windows\System\KXfBXBm.exe
  C:\Windows\System\KXfBXBm.exe
  2⤵
  PID:5956
- C:\Windows\System\vxWWjbU.exe
  C:\Windows\System\vxWWjbU.exe
  2⤵
  PID:6988
- C:\Windows\System\sfMsYKE.exe
  C:\Windows\System\sfMsYKE.exe
  2⤵
  PID:6448
- C:\Windows\System\FDBhNDZ.exe
  C:\Windows\System\FDBhNDZ.exe
  2⤵
  PID:6784
- C:\Windows\System\iMzlMmr.exe
  C:\Windows\System\iMzlMmr.exe
  2⤵
  PID:7176
- C:\Windows\System\DKroTLY.exe
  C:\Windows\System\DKroTLY.exe
  2⤵
  PID:7196
- C:\Windows\System\YcERBvB.exe
  C:\Windows\System\YcERBvB.exe
  2⤵
  PID:7220
- C:\Windows\System\VYOueLo.exe
  C:\Windows\System\VYOueLo.exe
  2⤵
  PID:7236
- C:\Windows\System\xbkaBGa.exe
  C:\Windows\System\xbkaBGa.exe
  2⤵
  PID:7260
- C:\Windows\System\EsLIyWX.exe
  C:\Windows\System\EsLIyWX.exe
  2⤵
  PID:7284
- C:\Windows\System\IzNpppk.exe
  C:\Windows\System\IzNpppk.exe
  2⤵
  PID:7300
- C:\Windows\System\uZPLFYb.exe
  C:\Windows\System\uZPLFYb.exe
  2⤵
  PID:7320
- C:\Windows\System\DSacBqJ.exe
  C:\Windows\System\DSacBqJ.exe
  2⤵
  PID:7336
- C:\Windows\System\PkgPdwY.exe
  C:\Windows\System\PkgPdwY.exe
  2⤵
  PID:7356
- C:\Windows\System\yZBxLED.exe
  C:\Windows\System\yZBxLED.exe
  2⤵
  PID:7372
- C:\Windows\System\KnqOUZD.exe
  C:\Windows\System\KnqOUZD.exe
  2⤵
  PID:7388
- C:\Windows\System\CXqladl.exe
  C:\Windows\System\CXqladl.exe
  2⤵
  PID:7408
- C:\Windows\System\bssvlYW.exe
  C:\Windows\System\bssvlYW.exe
  2⤵
  PID:7428
- C:\Windows\System\JhgkCGC.exe
  C:\Windows\System\JhgkCGC.exe
  2⤵
  PID:7444
- C:\Windows\System\OIhUWMb.exe
  C:\Windows\System\OIhUWMb.exe
  2⤵
  PID:7468
- C:\Windows\System\MrLKDLx.exe
  C:\Windows\System\MrLKDLx.exe
  2⤵
  PID:7484
- C:\Windows\System\ZzZOgYs.exe
  C:\Windows\System\ZzZOgYs.exe
  2⤵
  PID:7504
- C:\Windows\System\UMCVOUl.exe
  C:\Windows\System\UMCVOUl.exe
  2⤵
  PID:7520
- C:\Windows\System\UgjxlNX.exe
  C:\Windows\System\UgjxlNX.exe
  2⤵
  PID:7544
- C:\Windows\System\WXGpyax.exe
  C:\Windows\System\WXGpyax.exe
  2⤵
  PID:7564
- C:\Windows\System\zpiihBw.exe
  C:\Windows\System\zpiihBw.exe
  2⤵
  PID:7580
- C:\Windows\System\lttvRJD.exe
  C:\Windows\System\lttvRJD.exe
  2⤵
  PID:7608
- C:\Windows\System\wahCnDL.exe
  C:\Windows\System\wahCnDL.exe
  2⤵
  PID:7624
- C:\Windows\System\JBzpsMw.exe
  C:\Windows\System\JBzpsMw.exe
  2⤵
  PID:7644
- C:\Windows\System\lhrprDZ.exe
  C:\Windows\System\lhrprDZ.exe
  2⤵
  PID:7668
- C:\Windows\System\oogAwCl.exe
  C:\Windows\System\oogAwCl.exe
  2⤵
  PID:7692
- C:\Windows\System\ZcFHJfu.exe
  C:\Windows\System\ZcFHJfu.exe
  2⤵
  PID:7712
- C:\Windows\System\StZTVbp.exe
  C:\Windows\System\StZTVbp.exe
  2⤵
  PID:7732
- C:\Windows\System\kGbfuAR.exe
  C:\Windows\System\kGbfuAR.exe
  2⤵
  PID:7752
- C:\Windows\System\qGwEVvx.exe
  C:\Windows\System\qGwEVvx.exe
  2⤵
  PID:7772
- C:\Windows\System\zvkklQy.exe
  C:\Windows\System\zvkklQy.exe
  2⤵
  PID:7788
- C:\Windows\System\XMmucTx.exe
  C:\Windows\System\XMmucTx.exe
  2⤵
  PID:7808
- C:\Windows\System\VcJqOwV.exe
  C:\Windows\System\VcJqOwV.exe
  2⤵
  PID:7828
- C:\Windows\System\hXxXqYm.exe
  C:\Windows\System\hXxXqYm.exe
  2⤵
  PID:7852
- C:\Windows\System\HkPktXm.exe
  C:\Windows\System\HkPktXm.exe
  2⤵
  PID:7876
- C:\Windows\System\MeTdnmc.exe
  C:\Windows\System\MeTdnmc.exe
  2⤵
  PID:7900
- C:\Windows\System\gpezgzh.exe
  C:\Windows\System\gpezgzh.exe
  2⤵
  PID:7920
- C:\Windows\System\cAJEcmB.exe
  C:\Windows\System\cAJEcmB.exe
  2⤵
  PID:7940
- C:\Windows\System\REBFYJu.exe
  C:\Windows\System\REBFYJu.exe
  2⤵
  PID:7956
- C:\Windows\System\SSEBPGO.exe
  C:\Windows\System\SSEBPGO.exe
  2⤵
  PID:7976
- C:\Windows\System\HFtsYxe.exe
  C:\Windows\System\HFtsYxe.exe
  2⤵
  PID:7992
- C:\Windows\System\OBFZEHX.exe
  C:\Windows\System\OBFZEHX.exe
  2⤵
  PID:8012
- C:\Windows\System\nKQTqGD.exe
  C:\Windows\System\nKQTqGD.exe
  2⤵
  PID:8048
- C:\Windows\System\AtihTAn.exe
  C:\Windows\System\AtihTAn.exe
  2⤵
  PID:8064
- C:\Windows\System\ywyHtNn.exe
  C:\Windows\System\ywyHtNn.exe
  2⤵
  PID:8080
- C:\Windows\System\fxercaR.exe
  C:\Windows\System\fxercaR.exe
  2⤵
  PID:8096
- C:\Windows\System\HjwjXEE.exe
  C:\Windows\System\HjwjXEE.exe
  2⤵
  PID:8116
- C:\Windows\System\hOIuipa.exe
  C:\Windows\System\hOIuipa.exe
  2⤵
  PID:8136
- C:\Windows\System\elDroCc.exe
  C:\Windows\System\elDroCc.exe
  2⤵
  PID:8152
- C:\Windows\System\oqSnTGs.exe
  C:\Windows\System\oqSnTGs.exe
  2⤵
  PID:8172
- C:\Windows\System\JzSZehU.exe
  C:\Windows\System\JzSZehU.exe
  2⤵
  PID:7184
- C:\Windows\System\BWlWuqM.exe
  C:\Windows\System\BWlWuqM.exe
  2⤵
  PID:6948
- C:\Windows\System\IGkgmea.exe
  C:\Windows\System\IGkgmea.exe
  2⤵
  PID:1800
- C:\Windows\System\lYUQKSt.exe
  C:\Windows\System\lYUQKSt.exe
  2⤵
  PID:7164
- C:\Windows\System\BHIMtnP.exe
  C:\Windows\System\BHIMtnP.exe
  2⤵
  PID:6704
- C:\Windows\System\FzXvlXo.exe
  C:\Windows\System\FzXvlXo.exe
  2⤵
  PID:7004
- C:\Windows\System\wVMAeoj.exe
  C:\Windows\System\wVMAeoj.exe
  2⤵
  PID:7072
- C:\Windows\System\xZRYkqz.exe
  C:\Windows\System\xZRYkqz.exe
  2⤵
  PID:7172
- C:\Windows\System\RigPYRr.exe
  C:\Windows\System\RigPYRr.exe
  2⤵
  PID:6376
- C:\Windows\System\zbNtPvO.exe
  C:\Windows\System\zbNtPvO.exe
  2⤵
  PID:7232
- C:\Windows\System\JhTCzGn.exe
  C:\Windows\System\JhTCzGn.exe
  2⤵
  PID:7244
- C:\Windows\System\GEqrsNi.exe
  C:\Windows\System\GEqrsNi.exe
  2⤵
  PID:7252
- C:\Windows\System\CntEDva.exe
  C:\Windows\System\CntEDva.exe
  2⤵
  PID:7316
- C:\Windows\System\pKXiTCm.exe
  C:\Windows\System\pKXiTCm.exe
  2⤵
  PID:7384
- C:\Windows\System\FIXCcme.exe
  C:\Windows\System\FIXCcme.exe
  2⤵
  PID:7460
- C:\Windows\System\JUrmali.exe
  C:\Windows\System\JUrmali.exe
  2⤵
  PID:2180
- C:\Windows\System\eEiNmVg.exe
  C:\Windows\System\eEiNmVg.exe
  2⤵
  PID:7480
- C:\Windows\System\xGNgLZF.exe
  C:\Windows\System\xGNgLZF.exe
  2⤵
  PID:7664
- C:\Windows\System\DmFtkZD.exe
  C:\Windows\System\DmFtkZD.exe
  2⤵
  PID:7700
- C:\Windows\System\UfSSXtV.exe
  C:\Windows\System\UfSSXtV.exe
  2⤵
  PID:7748
- C:\Windows\System\xmsDwHi.exe
  C:\Windows\System\xmsDwHi.exe
  2⤵
  PID:7640
- C:\Windows\System\oadtcpP.exe
  C:\Windows\System\oadtcpP.exe
  2⤵
  PID:7784
- C:\Windows\System\edjourV.exe
  C:\Windows\System\edjourV.exe
  2⤵
  PID:7824
- C:\Windows\System\TtzaCcS.exe
  C:\Windows\System\TtzaCcS.exe
  2⤵
  PID:7860
- C:\Windows\System\BGMjJfx.exe
  C:\Windows\System\BGMjJfx.exe
  2⤵
  PID:7800
- C:\Windows\System\PMyqXGc.exe
  C:\Windows\System\PMyqXGc.exe
  2⤵
  PID:7848
- C:\Windows\System\LnkDgxl.exe
  C:\Windows\System\LnkDgxl.exe
  2⤵
  PID:7556
- C:\Windows\System\jvIabBm.exe
  C:\Windows\System\jvIabBm.exe
  2⤵
  PID:7596
- C:\Windows\System\bwzKZmJ.exe
  C:\Windows\System\bwzKZmJ.exe
  2⤵
  PID:7764
- C:\Windows\System\iuivFyh.exe
  C:\Windows\System\iuivFyh.exe
  2⤵
  PID:7912
- C:\Windows\System\GLuQtHO.exe
  C:\Windows\System\GLuQtHO.exe
  2⤵
  PID:7892
- C:\Windows\System\DYUuYmI.exe
  C:\Windows\System\DYUuYmI.exe
  2⤵
  PID:8024
- C:\Windows\System\CnpSLAR.exe
  C:\Windows\System\CnpSLAR.exe
  2⤵
  PID:8040
- C:\Windows\System\ogaaLsY.exe
  C:\Windows\System\ogaaLsY.exe
  2⤵
  PID:7928
- C:\Windows\System\VcUXfqx.exe
  C:\Windows\System\VcUXfqx.exe
  2⤵
  PID:7968
- C:\Windows\System\sTHaaVS.exe
  C:\Windows\System\sTHaaVS.exe
  2⤵
  PID:8028
- C:\Windows\System\DCmVmuS.exe
  C:\Windows\System\DCmVmuS.exe
  2⤵
  PID:8112
- C:\Windows\System\yaSQvfT.exe
  C:\Windows\System\yaSQvfT.exe
  2⤵
  PID:8088
- C:\Windows\System\btEXUYQ.exe
  C:\Windows\System\btEXUYQ.exe
  2⤵
  PID:8144
- C:\Windows\System\SYnBgUq.exe
  C:\Windows\System\SYnBgUq.exe
  2⤵
  PID:8168
- C:\Windows\System\zRUsiNN.exe
  C:\Windows\System\zRUsiNN.exe
  2⤵
  PID:7188
- C:\Windows\System\TpuqtpV.exe
  C:\Windows\System\TpuqtpV.exe
  2⤵
  PID:6480
- C:\Windows\System\PSokQNV.exe
  C:\Windows\System\PSokQNV.exe
  2⤵
  PID:6180
- C:\Windows\System\nYHFOIO.exe
  C:\Windows\System\nYHFOIO.exe
  2⤵
  PID:7312
- C:\Windows\System\GIlIbOp.exe
  C:\Windows\System\GIlIbOp.exe
  2⤵
  PID:7500
- C:\Windows\System\msHeTqP.exe
  C:\Windows\System\msHeTqP.exe
  2⤵
  PID:7020
- C:\Windows\System\HpFkhDr.exe
  C:\Windows\System\HpFkhDr.exe
  2⤵
  PID:6176
- C:\Windows\System\zaDfMuO.exe
  C:\Windows\System\zaDfMuO.exe
  2⤵
  PID:7276
- C:\Windows\System\vHJKWMh.exe
  C:\Windows\System\vHJKWMh.exe
  2⤵
  PID:6464
- C:\Windows\System\XXJhtHR.exe
  C:\Windows\System\XXJhtHR.exe
  2⤵
  PID:7368
- C:\Windows\System\veyXfkN.exe
  C:\Windows\System\veyXfkN.exe
  2⤵
  PID:7616
- C:\Windows\System\hdlDPgE.exe
  C:\Windows\System\hdlDPgE.exe
  2⤵
  PID:7632
- C:\Windows\System\hsZoMzY.exe
  C:\Windows\System\hsZoMzY.exe
  2⤵
  PID:7952
- C:\Windows\System\haiWZqI.exe
  C:\Windows\System\haiWZqI.exe
  2⤵
  PID:8072
- C:\Windows\System\HHJzTiQ.exe
  C:\Windows\System\HHJzTiQ.exe
  2⤵
  PID:8092
- C:\Windows\System\iSToGBv.exe
  C:\Windows\System\iSToGBv.exe
  2⤵
  PID:6044
- C:\Windows\System\XJCMZdy.exe
  C:\Windows\System\XJCMZdy.exe
  2⤵
  PID:7420
- C:\Windows\System\JNRZadR.exe
  C:\Windows\System\JNRZadR.exe
  2⤵
  PID:7456
- C:\Windows\System\HjlPlHb.exe
  C:\Windows\System\HjlPlHb.exe
  2⤵
  PID:7844
- C:\Windows\System\ICHviIx.exe
  C:\Windows\System\ICHviIx.exe
  2⤵
  PID:7396
- C:\Windows\System\OAnjSkY.exe
  C:\Windows\System\OAnjSkY.exe
  2⤵
  PID:7400
- C:\Windows\System\HKtakmg.exe
  C:\Windows\System\HKtakmg.exe
  2⤵
  PID:2056
- C:\Windows\System\LQqoLqW.exe
  C:\Windows\System\LQqoLqW.exe
  2⤵
  PID:7720
- C:\Windows\System\vSCQqXr.exe
  C:\Windows\System\vSCQqXr.exe
  2⤵
  PID:8020
- C:\Windows\System\GQmIMed.exe
  C:\Windows\System\GQmIMed.exe
  2⤵
  PID:7708
- C:\Windows\System\SIOUyrp.exe
  C:\Windows\System\SIOUyrp.exe
  2⤵
  PID:7780
- C:\Windows\System\RyMfUiu.exe
  C:\Windows\System\RyMfUiu.exe
  2⤵
  PID:7988
- C:\Windows\System\KKlniPR.exe
  C:\Windows\System\KKlniPR.exe
  2⤵
  PID:8004
- C:\Windows\System\HWECFaS.exe
  C:\Windows\System\HWECFaS.exe
  2⤵
  PID:6340
- C:\Windows\System\HMjGnPZ.exe
  C:\Windows\System\HMjGnPZ.exe
  2⤵
  PID:7128
- C:\Windows\System\MSmzvzU.exe
  C:\Windows\System\MSmzvzU.exe
  2⤵
  PID:7532
- C:\Windows\System\NOUqruO.exe
  C:\Windows\System\NOUqruO.exe
  2⤵
  PID:7948
- C:\Windows\System\gDDCPMs.exe
  C:\Windows\System\gDDCPMs.exe
  2⤵
  PID:6820
- C:\Windows\System\rCAodZN.exe
  C:\Windows\System\rCAodZN.exe
  2⤵
  PID:7936
- C:\Windows\System\mFEIvMg.exe
  C:\Windows\System\mFEIvMg.exe
  2⤵
  PID:8188
- C:\Windows\System\moffVaC.exe
  C:\Windows\System\moffVaC.exe
  2⤵
  PID:7592
- C:\Windows\System\XivhYXj.exe
  C:\Windows\System\XivhYXj.exe
  2⤵
  PID:7452
- C:\Windows\System\IxzImXj.exe
  C:\Windows\System\IxzImXj.exe
  2⤵
  PID:7872
- C:\Windows\System\EoxklYz.exe
  C:\Windows\System\EoxklYz.exe
  2⤵
  PID:7572
- C:\Windows\System\bODyBDa.exe
  C:\Windows\System\bODyBDa.exe
  2⤵
  PID:6804
- C:\Windows\System\yFeVcJe.exe
  C:\Windows\System\yFeVcJe.exe
  2⤵
  PID:7656
- C:\Windows\System\SojKgnc.exe
  C:\Windows\System\SojKgnc.exe
  2⤵
  PID:8036
- C:\Windows\System\IYHvgWq.exe
  C:\Windows\System\IYHvgWq.exe
  2⤵
  PID:6564
- C:\Windows\System\Lgfdpfx.exe
  C:\Windows\System\Lgfdpfx.exe
  2⤵
  PID:7440
- C:\Windows\System\JdDhlZX.exe
  C:\Windows\System\JdDhlZX.exe
  2⤵
  PID:6936
- C:\Windows\System\kbLAwGe.exe
  C:\Windows\System\kbLAwGe.exe
  2⤵
  PID:7652
- C:\Windows\System\IUEtRWV.exe
  C:\Windows\System\IUEtRWV.exe
  2⤵
  PID:2928
- C:\Windows\System\tAtvYIk.exe
  C:\Windows\System\tAtvYIk.exe
  2⤵
  PID:8204
- C:\Windows\System\eyGAucB.exe
  C:\Windows\System\eyGAucB.exe
  2⤵
  PID:8228
- C:\Windows\System\NjXiXkm.exe
  C:\Windows\System\NjXiXkm.exe
  2⤵
  PID:8248
- C:\Windows\System\OnnoCEp.exe
  C:\Windows\System\OnnoCEp.exe
  2⤵
  PID:8272
- C:\Windows\System\YpDpybY.exe
  C:\Windows\System\YpDpybY.exe
  2⤵
  PID:8296
- C:\Windows\System\NSOzKgc.exe
  C:\Windows\System\NSOzKgc.exe
  2⤵
  PID:8316
- C:\Windows\System\rwxqcuy.exe
  C:\Windows\System\rwxqcuy.exe
  2⤵
  PID:8336
- C:\Windows\System\YJkghfA.exe
  C:\Windows\System\YJkghfA.exe
  2⤵
  PID:8356
- C:\Windows\System\WzqONfz.exe
  C:\Windows\System\WzqONfz.exe
  2⤵
  PID:8376
- C:\Windows\System\mpXsKYh.exe
  C:\Windows\System\mpXsKYh.exe
  2⤵
  PID:8396
- C:\Windows\System\vTryqbv.exe
  C:\Windows\System\vTryqbv.exe
  2⤵
  PID:8416
- C:\Windows\System\pqKFauA.exe
  C:\Windows\System\pqKFauA.exe
  2⤵
  PID:8436
- C:\Windows\System\LtceAfz.exe
  C:\Windows\System\LtceAfz.exe
  2⤵
  PID:8468
- C:\Windows\System\GkaynOF.exe
  C:\Windows\System\GkaynOF.exe
  2⤵
  PID:8488
- C:\Windows\System\ybFfDHA.exe
  C:\Windows\System\ybFfDHA.exe
  2⤵
  PID:8504
- C:\Windows\System\aoyjDlf.exe
  C:\Windows\System\aoyjDlf.exe
  2⤵
  PID:8520
- C:\Windows\System\wuXqOKr.exe
  C:\Windows\System\wuXqOKr.exe
  2⤵
  PID:8536
- C:\Windows\System\gaPHbxn.exe
  C:\Windows\System\gaPHbxn.exe
  2⤵
  PID:8552
- C:\Windows\System\caMlRTk.exe
  C:\Windows\System\caMlRTk.exe
  2⤵
  PID:8568
- C:\Windows\System\WStCnnq.exe
  C:\Windows\System\WStCnnq.exe
  2⤵
  PID:8584
- C:\Windows\System\CbSUrcd.exe
  C:\Windows\System\CbSUrcd.exe
  2⤵
  PID:8600
- C:\Windows\System\GEwjLEH.exe
  C:\Windows\System\GEwjLEH.exe
  2⤵
  PID:8616
- C:\Windows\System\fBRSTrb.exe
  C:\Windows\System\fBRSTrb.exe
  2⤵
  PID:8632
- C:\Windows\System\ioNxvKQ.exe
  C:\Windows\System\ioNxvKQ.exe
  2⤵
  PID:8648
- C:\Windows\System\inGedNZ.exe
  C:\Windows\System\inGedNZ.exe
  2⤵
  PID:8668
- C:\Windows\System\OxagTfi.exe
  C:\Windows\System\OxagTfi.exe
  2⤵
  PID:8684
- C:\Windows\System\OdEUtDa.exe
  C:\Windows\System\OdEUtDa.exe
  2⤵
  PID:8704
- C:\Windows\System\MKWHTpW.exe
  C:\Windows\System\MKWHTpW.exe
  2⤵
  PID:8720
- C:\Windows\System\dJqSYHg.exe
  C:\Windows\System\dJqSYHg.exe
  2⤵
  PID:8736
- C:\Windows\System\lPDCTet.exe
  C:\Windows\System\lPDCTet.exe
  2⤵
  PID:8752
- C:\Windows\System\aPgdTUd.exe
  C:\Windows\System\aPgdTUd.exe
  2⤵
  PID:8772
- C:\Windows\System\FbfyNDD.exe
  C:\Windows\System\FbfyNDD.exe
  2⤵
  PID:8788
- C:\Windows\System\KOyiPLE.exe
  C:\Windows\System\KOyiPLE.exe
  2⤵
  PID:8804
- C:\Windows\System\VBQSgPv.exe
  C:\Windows\System\VBQSgPv.exe
  2⤵
  PID:8820
- C:\Windows\System\bfxorzz.exe
  C:\Windows\System\bfxorzz.exe
  2⤵
  PID:8836
- C:\Windows\System\vKdVXPg.exe
  C:\Windows\System\vKdVXPg.exe
  2⤵
  PID:8852
- C:\Windows\System\AqYwVJO.exe
  C:\Windows\System\AqYwVJO.exe
  2⤵
  PID:8868
- C:\Windows\System\yHXGXJx.exe
  C:\Windows\System\yHXGXJx.exe
  2⤵
  PID:8884
- C:\Windows\System\jHrTruI.exe
  C:\Windows\System\jHrTruI.exe
  2⤵
  PID:8900
- C:\Windows\System\ZKngoqM.exe
  C:\Windows\System\ZKngoqM.exe
  2⤵
  PID:8916
- C:\Windows\System\uHowFUt.exe
  C:\Windows\System\uHowFUt.exe
  2⤵
  PID:8932
- C:\Windows\System\uwNdvOr.exe
  C:\Windows\System\uwNdvOr.exe
  2⤵
  PID:8948
- C:\Windows\System\gwJeVop.exe
  C:\Windows\System\gwJeVop.exe
  2⤵
  PID:8964
- C:\Windows\System\tHsUrVo.exe
  C:\Windows\System\tHsUrVo.exe
  2⤵
  PID:8980
- C:\Windows\System\SrTQWyu.exe
  C:\Windows\System\SrTQWyu.exe
  2⤵
  PID:9036
- C:\Windows\System\bjDzIWw.exe
  C:\Windows\System\bjDzIWw.exe
  2⤵
  PID:9108
- C:\Windows\System\cRFqJAm.exe
  C:\Windows\System\cRFqJAm.exe
  2⤵
  PID:9132
- C:\Windows\System\mCtZByw.exe
  C:\Windows\System\mCtZByw.exe
  2⤵
  PID:9148
- C:\Windows\System\yVlosCQ.exe
  C:\Windows\System\yVlosCQ.exe
  2⤵
  PID:9164
- C:\Windows\System\HkCJetq.exe
  C:\Windows\System\HkCJetq.exe
  2⤵
  PID:9180
- C:\Windows\System\xiJadAI.exe
  C:\Windows\System\xiJadAI.exe
  2⤵
  PID:8160
- C:\Windows\System\iKAfdDz.exe
  C:\Windows\System\iKAfdDz.exe
  2⤵
  PID:8220
- C:\Windows\System\oMMJrpz.exe
  C:\Windows\System\oMMJrpz.exe
  2⤵
  PID:8256
- C:\Windows\System\iSPCIUr.exe
  C:\Windows\System\iSPCIUr.exe
  2⤵
  PID:8196
- C:\Windows\System\QTOMWcB.exe
  C:\Windows\System\QTOMWcB.exe
  2⤵
  PID:7296
- C:\Windows\System\nOJlrnU.exe
  C:\Windows\System\nOJlrnU.exe
  2⤵
  PID:7192
- C:\Windows\System\qeZkfaR.exe
  C:\Windows\System\qeZkfaR.exe
  2⤵
  PID:7604
- C:\Windows\System\ctSnNrp.exe
  C:\Windows\System\ctSnNrp.exe
  2⤵
  PID:8304
- C:\Windows\System\InXLLWW.exe
  C:\Windows\System\InXLLWW.exe
  2⤵
  PID:7676
- C:\Windows\System\QbwCsZK.exe
  C:\Windows\System\QbwCsZK.exe
  2⤵
  PID:7528
- C:\Windows\System\cNjdTwR.exe
  C:\Windows\System\cNjdTwR.exe
  2⤵
  PID:8284
- C:\Windows\System\afYzqcV.exe
  C:\Windows\System\afYzqcV.exe
  2⤵
  PID:8392
- C:\Windows\System\jjtTRJE.exe
  C:\Windows\System\jjtTRJE.exe
  2⤵
  PID:8368
- C:\Windows\System\chOBShN.exe
  C:\Windows\System\chOBShN.exe
  2⤵
  PID:8408
- C:\Windows\System\MYiScUu.exe
  C:\Windows\System\MYiScUu.exe
  2⤵
  PID:8444
- C:\Windows\System\aewfzOH.exe
  C:\Windows\System\aewfzOH.exe
  2⤵
  PID:1812
- C:\Windows\System\YoncVtg.exe
  C:\Windows\System\YoncVtg.exe
  2⤵
  PID:8484
- C:\Windows\System\jGGiuVr.exe
  C:\Windows\System\jGGiuVr.exe
  2⤵
  PID:8576
- C:\Windows\System\jAWhlKA.exe
  C:\Windows\System\jAWhlKA.exe
  2⤵
  PID:8532
- C:\Windows\System\fbXobfO.exe
  C:\Windows\System\fbXobfO.exe
  2⤵
  PID:8624
- C:\Windows\System\GzwtDlk.exe
  C:\Windows\System\GzwtDlk.exe
  2⤵
  PID:8644
- C:\Windows\System\qGIMsfS.exe
  C:\Windows\System\qGIMsfS.exe
  2⤵
  PID:8628
- C:\Windows\System\GvvSZkq.exe
  C:\Windows\System\GvvSZkq.exe
  2⤵
  PID:8692
- C:\Windows\System\RckUsLj.exe
  C:\Windows\System\RckUsLj.exe
  2⤵
  PID:8744
- C:\Windows\System\fUGcwKx.exe
  C:\Windows\System\fUGcwKx.exe
  2⤵
  PID:8784
- C:\Windows\System\ElnFVDN.exe
  C:\Windows\System\ElnFVDN.exe
  2⤵
  PID:8848
- C:\Windows\System\syFXTfN.exe
  C:\Windows\System\syFXTfN.exe
  2⤵
  PID:8832
- C:\Windows\System\qsTibiT.exe
  C:\Windows\System\qsTibiT.exe
  2⤵
  PID:8796
- C:\Windows\System\olUIYqf.exe
  C:\Windows\System\olUIYqf.exe
  2⤵
  PID:8976
- C:\Windows\System\OoyndGh.exe
  C:\Windows\System\OoyndGh.exe
  2⤵
  PID:8864
- C:\Windows\System\HjQhbQn.exe
  C:\Windows\System\HjQhbQn.exe
  2⤵
  PID:8996
- C:\Windows\System\QjZXVTG.exe
  C:\Windows\System\QjZXVTG.exe
  2⤵
  PID:9012
- C:\Windows\System\dGLibSP.exe
  C:\Windows\System\dGLibSP.exe
  2⤵
  PID:9016
- C:\Windows\System\DjlWfkm.exe
  C:\Windows\System\DjlWfkm.exe
  2⤵
  PID:9052
- C:\Windows\System\UBJFtWp.exe
  C:\Windows\System\UBJFtWp.exe
  2⤵
  PID:9060
- C:\Windows\System\LxwJKLR.exe
  C:\Windows\System\LxwJKLR.exe
  2⤵
  PID:9088
- C:\Windows\System\ndBggSk.exe
  C:\Windows\System\ndBggSk.exe
  2⤵
  PID:9048
- C:\Windows\System\uBUOrtB.exe
  C:\Windows\System\uBUOrtB.exe
  2⤵
  PID:9140
- C:\Windows\System\puLQsXJ.exe
  C:\Windows\System\puLQsXJ.exe
  2⤵
  PID:9124
- C:\Windows\System\rkEUmgX.exe
  C:\Windows\System\rkEUmgX.exe
  2⤵
  PID:9188
- C:\Windows\System\aOsLHoW.exe
  C:\Windows\System\aOsLHoW.exe
  2⤵
  PID:9200
- C:\Windows\System\zvVlXvZ.exe
  C:\Windows\System\zvVlXvZ.exe
  2⤵
  PID:7984
- C:\Windows\System\YiaTBlV.exe
  C:\Windows\System\YiaTBlV.exe
  2⤵
  PID:7660
- C:\Windows\System\SXSbphm.exe
  C:\Windows\System\SXSbphm.exe
  2⤵
  PID:7492
- C:\Windows\System\GTtFScT.exe
  C:\Windows\System\GTtFScT.exe
  2⤵
  PID:7796
- C:\Windows\System\SFejGUN.exe
  C:\Windows\System\SFejGUN.exe
  2⤵
  PID:528
- C:\Windows\System\XgHniRw.exe
  C:\Windows\System\XgHniRw.exe
  2⤵
  PID:8244
- C:\Windows\System\zdFNoeZ.exe
  C:\Windows\System\zdFNoeZ.exe
  2⤵
  PID:8424
- C:\Windows\System\GbDyKst.exe
  C:\Windows\System\GbDyKst.exe
  2⤵
  PID:8280
- C:\Windows\System\aaQgIej.exe
  C:\Windows\System\aaQgIej.exe
  2⤵
  PID:8240
- C:\Windows\System\fnxGAXA.exe
  C:\Windows\System\fnxGAXA.exe
  2⤵
  PID:8432
- C:\Windows\System\rAFUCFc.exe
  C:\Windows\System\rAFUCFc.exe
  2⤵
  PID:8612
- C:\Windows\System\lTfZnHm.exe
  C:\Windows\System\lTfZnHm.exe
  2⤵
  PID:8640
- C:\Windows\System\AdSLYiu.exe
  C:\Windows\System\AdSLYiu.exe
  2⤵
  PID:8844
- C:\Windows\System\qbvvOuw.exe
  C:\Windows\System\qbvvOuw.exe
  2⤵
  PID:8680
- C:\Windows\System\EFEHWPE.exe
  C:\Windows\System\EFEHWPE.exe
  2⤵
  PID:8908
- C:\Windows\System\SWtWSFB.exe
  C:\Windows\System\SWtWSFB.exe
  2⤵
  PID:8892
- C:\Windows\System\HoLujqL.exe
  C:\Windows\System\HoLujqL.exe
  2⤵
  PID:9008
- C:\Windows\System\EtUCTzt.exe
  C:\Windows\System\EtUCTzt.exe
  2⤵
  PID:8988
- C:\Windows\System\bKuHRyG.exe
  C:\Windows\System\bKuHRyG.exe
  2⤵
  PID:8828
- C:\Windows\System\wWoLkQO.exe
  C:\Windows\System\wWoLkQO.exe
  2⤵
  PID:9172
- C:\Windows\System\EzeaziA.exe
  C:\Windows\System\EzeaziA.exe
  2⤵
  PID:8732
- C:\Windows\System\nXMlNHK.exe
  C:\Windows\System\nXMlNHK.exe
  2⤵
  PID:8944
- C:\Windows\System\vtwVKcG.exe
  C:\Windows\System\vtwVKcG.exe
  2⤵
  PID:8800
- C:\Windows\System\iFjHtiv.exe
  C:\Windows\System\iFjHtiv.exe
  2⤵
  PID:8992
- C:\Windows\System\IOsbONr.exe
  C:\Windows\System\IOsbONr.exe
  2⤵
  PID:9096
- C:\Windows\System\utJIWue.exe
  C:\Windows\System\utJIWue.exe
  2⤵
  PID:7636
- C:\Windows\System\hJgdmoj.exe
  C:\Windows\System\hJgdmoj.exe
  2⤵
  PID:8328
- C:\Windows\System\fyIETet.exe
  C:\Windows\System\fyIETet.exe
  2⤵
  PID:8268
- C:\Windows\System\vSCZFmV.exe
  C:\Windows\System\vSCZFmV.exe
  2⤵
  PID:8332
- C:\Windows\System\BQMOUIs.exe
  C:\Windows\System\BQMOUIs.exe
  2⤵
  PID:8700
- C:\Windows\System\JOJREPK.exe
  C:\Windows\System\JOJREPK.exe
  2⤵
  PID:8880
- C:\Windows\System\WdwYFxM.exe
  C:\Windows\System\WdwYFxM.exe
  2⤵
  PID:8960
- C:\Windows\System\jmpLRCH.exe
  C:\Windows\System\jmpLRCH.exe
  2⤵
  PID:9084
- C:\Windows\System\EGXqrOc.exe
  C:\Windows\System\EGXqrOc.exe
  2⤵
  PID:8712
- C:\Windows\System\rbeIUrG.exe
  C:\Windows\System\rbeIUrG.exe
  2⤵
  PID:8236
- C:\Windows\System\ILyfayf.exe
  C:\Windows\System\ILyfayf.exe
  2⤵
  PID:9120
- C:\Windows\System\AMbMGAx.exe
  C:\Windows\System\AMbMGAx.exe
  2⤵
  PID:8428
- C:\Windows\System\fvIFTBQ.exe
  C:\Windows\System\fvIFTBQ.exe
  2⤵
  PID:8212
- C:\Windows\System\sipumvq.exe
  C:\Windows\System\sipumvq.exe
  2⤵
  PID:8816
- C:\Windows\System\jDwmqHK.exe
  C:\Windows\System\jDwmqHK.exe
  2⤵
  PID:7036
- C:\Windows\System\TedxeNf.exe
  C:\Windows\System\TedxeNf.exe
  2⤵
  PID:9092
- C:\Windows\System\FOJFUkG.exe
  C:\Windows\System\FOJFUkG.exe
  2⤵
  PID:984
- C:\Windows\System\WherOtM.exe
  C:\Windows\System\WherOtM.exe
  2⤵
  PID:8388
- C:\Windows\System\EFPOLtB.exe
  C:\Windows\System\EFPOLtB.exe
  2⤵
  PID:8596
- C:\Windows\System\RwOzVrA.exe
  C:\Windows\System\RwOzVrA.exe
  2⤵
  PID:7308
- C:\Windows\System\vmcNXKk.exe
  C:\Windows\System\vmcNXKk.exe
  2⤵
  PID:8972
- C:\Windows\System\jzBUUDi.exe
  C:\Windows\System\jzBUUDi.exe
  2⤵
  PID:9208
- C:\Windows\System\sbPeEwO.exe
  C:\Windows\System\sbPeEwO.exe
  2⤵
  PID:7840
- C:\Windows\System\xIwthvj.exe
  C:\Windows\System\xIwthvj.exe
  2⤵
  PID:9228
- C:\Windows\System\nIalfhp.exe
  C:\Windows\System\nIalfhp.exe
  2⤵
  PID:9252
- C:\Windows\System\KeNCeCl.exe
  C:\Windows\System\KeNCeCl.exe
  2⤵
  PID:9268
- C:\Windows\System\tGSdJfv.exe
  C:\Windows\System\tGSdJfv.exe
  2⤵
  PID:9288
- C:\Windows\System\GHAWegi.exe
  C:\Windows\System\GHAWegi.exe
  2⤵
  PID:9308
- C:\Windows\System\GtgTyKT.exe
  C:\Windows\System\GtgTyKT.exe
  2⤵
  PID:9332
- C:\Windows\System\mMMwbHi.exe
  C:\Windows\System\mMMwbHi.exe
  2⤵
  PID:9352
- C:\Windows\System\sMlzvxF.exe
  C:\Windows\System\sMlzvxF.exe
  2⤵
  PID:9368
- C:\Windows\System\PLMKrfH.exe
  C:\Windows\System\PLMKrfH.exe
  2⤵
  PID:9384
- C:\Windows\System\lkEOMnb.exe
  C:\Windows\System\lkEOMnb.exe
  2⤵
  PID:9408
- C:\Windows\System\ANKiwhX.exe
  C:\Windows\System\ANKiwhX.exe
  2⤵
  PID:9424
- C:\Windows\System\mGWMZDW.exe
  C:\Windows\System\mGWMZDW.exe
  2⤵
  PID:9440
- C:\Windows\System\WMotKYJ.exe
  C:\Windows\System\WMotKYJ.exe
  2⤵
  PID:9456
- C:\Windows\System\UoBOuug.exe
  C:\Windows\System\UoBOuug.exe
  2⤵
  PID:9472
- C:\Windows\System\kPQVwEz.exe
  C:\Windows\System\kPQVwEz.exe
  2⤵
  PID:9488
- C:\Windows\System\rsuNgxN.exe
  C:\Windows\System\rsuNgxN.exe
  2⤵
  PID:9504
- C:\Windows\System\xIEUYbN.exe
  C:\Windows\System\xIEUYbN.exe
  2⤵
  PID:9528
- C:\Windows\System\dvdouVV.exe
  C:\Windows\System\dvdouVV.exe
  2⤵
  PID:9560
- C:\Windows\System\AWHYhrr.exe
  C:\Windows\System\AWHYhrr.exe
  2⤵
  PID:9576
- C:\Windows\System\pTWONuD.exe
  C:\Windows\System\pTWONuD.exe
  2⤵
  PID:9596
- C:\Windows\System\BtPwWBW.exe
  C:\Windows\System\BtPwWBW.exe
  2⤵
  PID:9612
- C:\Windows\System\oLKXZfb.exe
  C:\Windows\System\oLKXZfb.exe
  2⤵
  PID:9628
- C:\Windows\System\StGSdAd.exe
  C:\Windows\System\StGSdAd.exe
  2⤵
  PID:9644
- C:\Windows\System\OprotaO.exe
  C:\Windows\System\OprotaO.exe
  2⤵
  PID:9660
- C:\Windows\System\TGyLrKr.exe
  C:\Windows\System\TGyLrKr.exe
  2⤵
  PID:9680
- C:\Windows\System\QTBWYAt.exe
  C:\Windows\System\QTBWYAt.exe
  2⤵
  PID:9700
- C:\Windows\System\hcwRRiM.exe
  C:\Windows\System\hcwRRiM.exe
  2⤵
  PID:9732
- C:\Windows\System\bYMBfzR.exe
  C:\Windows\System\bYMBfzR.exe
  2⤵
  PID:9748
- C:\Windows\System\nrPyGiT.exe
  C:\Windows\System\nrPyGiT.exe
  2⤵
  PID:9776
- C:\Windows\System\rFQqxXi.exe
  C:\Windows\System\rFQqxXi.exe
  2⤵
  PID:9820
- C:\Windows\System\xOHjqDa.exe
  C:\Windows\System\xOHjqDa.exe
  2⤵
  PID:9836
- C:\Windows\System\RbOyexV.exe
  C:\Windows\System\RbOyexV.exe
  2⤵
  PID:9856
- C:\Windows\System\INCVXgA.exe
  C:\Windows\System\INCVXgA.exe
  2⤵
  PID:9876
- C:\Windows\System\hzUpVCe.exe
  C:\Windows\System\hzUpVCe.exe
  2⤵
  PID:9892
- C:\Windows\System\wAYjxGg.exe
  C:\Windows\System\wAYjxGg.exe
  2⤵
  PID:9908
- C:\Windows\System\bICCAaz.exe
  C:\Windows\System\bICCAaz.exe
  2⤵
  PID:9924
- C:\Windows\System\KjMfHNM.exe
  C:\Windows\System\KjMfHNM.exe
  2⤵
  PID:9940
- C:\Windows\System\sigpfnM.exe
  C:\Windows\System\sigpfnM.exe
  2⤵
  PID:9956
- C:\Windows\System\jayjXJb.exe
  C:\Windows\System\jayjXJb.exe
  2⤵
  PID:9972
- C:\Windows\System\pCnPbFd.exe
  C:\Windows\System\pCnPbFd.exe
  2⤵
  PID:9988
- C:\Windows\System\trfMJFt.exe
  C:\Windows\System\trfMJFt.exe
  2⤵
  PID:10020
- C:\Windows\System\GOdXFdH.exe
  C:\Windows\System\GOdXFdH.exe
  2⤵
  PID:10044
- C:\Windows\System\YmrYjRS.exe
  C:\Windows\System\YmrYjRS.exe
  2⤵
  PID:10076
- C:\Windows\System\FhHWUGL.exe
  C:\Windows\System\FhHWUGL.exe
  2⤵
  PID:10092
- C:\Windows\System\PANolZB.exe
  C:\Windows\System\PANolZB.exe
  2⤵
  PID:10112
- C:\Windows\System\JRBzDjL.exe
  C:\Windows\System\JRBzDjL.exe
  2⤵
  PID:10132
- C:\Windows\System\IbXcvGk.exe
  C:\Windows\System\IbXcvGk.exe
  2⤵
  PID:10148
- C:\Windows\System\xJLDtgR.exe
  C:\Windows\System\xJLDtgR.exe
  2⤵
  PID:10168
- C:\Windows\System\RRugCGX.exe
  C:\Windows\System\RRugCGX.exe
  2⤵
  PID:10184
- C:\Windows\System\WjmEbLI.exe
  C:\Windows\System\WjmEbLI.exe
  2⤵
  PID:10204
- C:\Windows\System\BZekOCr.exe
  C:\Windows\System\BZekOCr.exe
  2⤵
  PID:10224
- C:\Windows\System\oATtUVD.exe
  C:\Windows\System\oATtUVD.exe
  2⤵
  PID:9220
- C:\Windows\System\BdEnhLV.exe
  C:\Windows\System\BdEnhLV.exe
  2⤵
  PID:9244
- C:\Windows\System\XcbOANm.exe
  C:\Windows\System\XcbOANm.exe
  2⤵
  PID:9264
- C:\Windows\System\dCqDZyb.exe
  C:\Windows\System\dCqDZyb.exe
  2⤵
  PID:9304
- C:\Windows\System\DEKDaxj.exe
  C:\Windows\System\DEKDaxj.exe
  2⤵
  PID:9324
- C:\Windows\System\mBIKTeE.exe
  C:\Windows\System\mBIKTeE.exe
  2⤵
  PID:9360
- C:\Windows\System\uNLgdsV.exe
  C:\Windows\System\uNLgdsV.exe
  2⤵
  PID:9404
- C:\Windows\System\qJKmXcl.exe
  C:\Windows\System\qJKmXcl.exe
  2⤵
  PID:9480
- C:\Windows\System\BAJAXEX.exe
  C:\Windows\System\BAJAXEX.exe
  2⤵
  PID:9464
- C:\Windows\System\JhxxpPF.exe
  C:\Windows\System\JhxxpPF.exe
  2⤵
  PID:9524
- C:\Windows\System\EDIKczF.exe
  C:\Windows\System\EDIKczF.exe
  2⤵
  PID:9548
- C:\Windows\System\TuOqEOr.exe
  C:\Windows\System\TuOqEOr.exe
  2⤵
  PID:9568
- C:\Windows\System\BhysDQM.exe
  C:\Windows\System\BhysDQM.exe
  2⤵
  PID:9636
- C:\Windows\System\CHdTWBW.exe
  C:\Windows\System\CHdTWBW.exe
  2⤵
  PID:9672
- C:\Windows\System\dSWRvRX.exe
  C:\Windows\System\dSWRvRX.exe
  2⤵
  PID:9724
- C:\Windows\System\PjWlLmj.exe
  C:\Windows\System\PjWlLmj.exe
  2⤵
  PID:9764
- C:\Windows\System\xUMIzGZ.exe
  C:\Windows\System\xUMIzGZ.exe
  2⤵
  PID:9740
- C:\Windows\System\LwDshtk.exe
  C:\Windows\System\LwDshtk.exe
  2⤵
  PID:9784
- C:\Windows\System\KWhNEha.exe
  C:\Windows\System\KWhNEha.exe
  2⤵
  PID:9808
- C:\Windows\System\nFFCOyp.exe
  C:\Windows\System\nFFCOyp.exe
  2⤵
  PID:9032
- C:\Windows\System\bHYHLvr.exe
  C:\Windows\System\bHYHLvr.exe
  2⤵
  PID:9864
- C:\Windows\System\FgUosol.exe
  C:\Windows\System\FgUosol.exe
  2⤵
  PID:9932
- C:\Windows\System\UvCsbZW.exe
  C:\Windows\System\UvCsbZW.exe
  2⤵
  PID:9996
- C:\Windows\System\SPqnMAA.exe
  C:\Windows\System\SPqnMAA.exe
  2⤵
  PID:9948
- C:\Windows\System\zLCcqCX.exe
  C:\Windows\System\zLCcqCX.exe
  2⤵
  PID:10032
- C:\Windows\System\DuRMvrp.exe
  C:\Windows\System\DuRMvrp.exe
  2⤵
  PID:10104
- C:\Windows\System\RHRzXUe.exe
  C:\Windows\System\RHRzXUe.exe
  2⤵
  PID:10108
- C:\Windows\System\iypDMtc.exe
  C:\Windows\System\iypDMtc.exe
  2⤵
  PID:10216
- C:\Windows\System\oRmCYaJ.exe
  C:\Windows\System\oRmCYaJ.exe
  2⤵
  PID:9280
- C:\Windows\System\Sxfsqqf.exe
  C:\Windows\System\Sxfsqqf.exe
  2⤵
  PID:9348
- C:\Windows\System\tIpfEqK.exe
  C:\Windows\System\tIpfEqK.exe
  2⤵
  PID:9432
- C:\Windows\System\KHqHAuk.exe
  C:\Windows\System\KHqHAuk.exe
  2⤵
  PID:9500
- C:\Windows\System\eAHYNrI.exe
  C:\Windows\System\eAHYNrI.exe
  2⤵
  PID:9652
- C:\Windows\System\gQSkIzo.exe
  C:\Windows\System\gQSkIzo.exe
  2⤵
  PID:9708
- C:\Windows\System\XdnqZyn.exe
  C:\Windows\System\XdnqZyn.exe
  2⤵
  PID:9788
- C:\Windows\System\FKHTWkb.exe
  C:\Windows\System\FKHTWkb.exe
  2⤵
  PID:9248
- C:\Windows\System\ylkoOUf.exe
  C:\Windows\System\ylkoOUf.exe
  2⤵
  PID:9872
- C:\Windows\System\PZNsGod.exe
  C:\Windows\System\PZNsGod.exe
  2⤵
  PID:9320
- C:\Windows\System\YopzdLT.exe
  C:\Windows\System\YopzdLT.exe
  2⤵
  PID:10124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ANBftcS.exe

Filesize
6.0MB

MD5
f1d3e25dc85fc12d9ba7535053345b6f

SHA1
f01265de89d2e26b88b13a0f736aacebfec617bf

SHA256
3772eddd93d4d227ebf6f5541f4fb3fa6f98e024b80144a551950208cef704b3

SHA512
b8b61e5166bcebd5eec449e4dbd5a46e5c555506fd46a9a8918f41d5dc79040503f2d33c00ab79f889268183893fdee8bb6447142f3eac893fd501b6ae9ec569

Download Submit
C:\Windows\system\AllXrvq.exe

Filesize
6.0MB

MD5
e9baf48dab6f3bee7e42784ecefca9d3

SHA1
dc3f68230edd823032842f027b737493fd400bc4

SHA256
b5e9ed7a857ec9629001ea6c31d055013ec394d4f6682058af0287954d008b2a

SHA512
0f137a4f23437490681a219a75b244fbce368ae50afc4063bde915f970fe8c3ddc68afd907db7df46c29eaa47153de34ee5c7bf23063d6ccfa84247602b9688e

Download Submit
C:\Windows\system\AsnRAvu.exe

Filesize
6.0MB

MD5
044218faa3281e955c72b806c615294a

SHA1
939441c3f7db631e7789da46c8104d21e051dd2e

SHA256
3e0390669f17e9f769b54ef56873c67d47c21d7dad543bc5e2521c119be71beb

SHA512
dcd01df07e19c96dcf1613b392fe80f1ec8b0c718e1cd7ff3c324ed3ed616369cedd1075b6126bbf5784b62c424c1f5f1384b2f58aacf2203ecc5eea5cb0e7f6

Download Submit
C:\Windows\system\EoznRax.exe

Filesize
6.0MB

MD5
136a65581cf098624bbc7cf1ba654293

SHA1
56d3e1a7582b335a65b66b8905e7958920aadad7

SHA256
57a145bba35288b441fb7050aa9ecb3ea512bf19c3fb8ab8ddd98d632408f31b

SHA512
b194958e712daec652f884ae7227388e2d9b13f6ca1d7ffc35595bab23467d803f3765a8a8e4e5e7a86a04e3c2fd49f38f38984b3b4dbbb64e555aa6ccaf058e

Download Submit
C:\Windows\system\EzfMCxH.exe

Filesize
6.0MB

MD5
2eae8d050da4ed5b1eade2e3a23765d9

SHA1
3daa28be0c1441d82aca0a363731ea24b3504132

SHA256
dc0a6e467d8de4549bdb9f515d2786d0cd755ad6b29f6cd59a7fc0c3df5610f8

SHA512
1aae28f9258fff2d501e39700af66ddc88f00e8b2e105ce6130fa6c3ebabb38d399e5d46c28e641cbb03477c0a7f75a1c2c1a430d5e5a954f6105537413e6858

Download Submit
C:\Windows\system\JUPiCfo.exe

Filesize
6.0MB

MD5
21890b011b92759c5ea00df55ea1edd3

SHA1
fc255a53214b5bd2dc1a41c2d6aab9060ba9e39f

SHA256
95cd34f71d01c80a94e7d8124f98aa334d89d4646adf9acadbe658ca3b996edf

SHA512
b5906a7d3889b2006d08b4d9ad3de6a3427b81ec784042fd5ce19e5a820854da83884a5fe9c3b143dad383554d9f2ce34c88b6a64a640aed70595d37809314d5

Download Submit
C:\Windows\system\KAsZSoy.exe

Filesize
6.0MB

MD5
475fe1d092744d71d0e8a3643b054c7a

SHA1
480f10efd526e80af636bb6bdfdd4a21e5d6230f

SHA256
79ebeb0be22a0d4fffbe696007a718614478ca769d7f171437ccfd48b0c80a38

SHA512
2434af091e9280479a333ce5fe2ee6b3c13ab28c2dbd064ed51c960b413bbabba27d438819e4d4727adecd865ab38eecb543d007d511862a0ecaeca996cf8a7b

Download Submit
C:\Windows\system\QoVdVNc.exe

Filesize
6.0MB

MD5
1e5c48d5ea45a3558fd3630c0296f85d

SHA1
d68dd98680ccc301486e0476589ffa90cabf6874

SHA256
65cb6748210a1dcf42c91e0c2e4d87d25780755a55be1e86e778306c7116f418

SHA512
e345d1afd3eb92eb5aa09f5a5c25b8bbf9db75f1e062c08e2544922cfe03716b92c3ee79cabb99f3d20cd9eb8154f1e3f04c8bf27f49d1a87c63bbac9d7a09cf

Download Submit
C:\Windows\system\RMuiNMb.exe

Filesize
6.0MB

MD5
d19b7b21f2e79c949f260e381e748f4c

SHA1
3e518f43590bbe203dc25061b52aeffcd48e43db

SHA256
cabd9b17751fcf303b5c2ba85ba06d79faa87c519b3e95d0dfd0a73fd868a5ca

SHA512
be04f75be372b9efcba7a99aa0d0b426e1f7bf0463905fcc350d3fd6d357e61d0730551c4a3c9e59900af5eca6d0b891c285b51adce305e481ccc86d1568f15e

Download Submit
C:\Windows\system\VFHuLGV.exe

Filesize
6.0MB

MD5
4a4465d092dbf6eb0eaa3360ac67f253

SHA1
05ced3ef8db8f5da27af25659a6d333986257512

SHA256
c1fc2502812738e9f67222abd3055b5b364b91d5177b198e199c7042bb5e7a4a

SHA512
90dd1b0035b5d3192ff1371e5de5f12d376d864f29a77f4f564cbc79d944afafb02e6de58fe891680968da851028c6f2aa6c9b47a54e0b748322e27e7cef696e

Download Submit
C:\Windows\system\VqQgsAo.exe

Filesize
6.0MB

MD5
01ad1c6e0a812ea94dda82dfb184343e

SHA1
b959c627bab14e955d59d8dc02107ca575157eb0

SHA256
82988a802926c15992665dab48abaffdf9174f4d5c90ae6708807ec7fbd7bc60

SHA512
8232e036447406dec51f5bc034cd71def71d00745a772d8b6911ad323cfcae45a83ab5337a30832d7a42fb2450c61f3c39fda6c16225322cb361e4abc9be9280

Download Submit
C:\Windows\system\YpNApNk.exe

Filesize
6.0MB

MD5
0a4e78d35ecc04bf870f166736217fed

SHA1
87a9a3edfd105ab6ddbf4f7bdb49bab5a9251e32

SHA256
c047290b2556f9d76e018d2cb7cc12cee6709a3ec9cb2dec712085eed0b9ac37

SHA512
e9d1eb064ec736f95e87e441523a889705ac894a965938b74e8feb6e00512f6c7673c273432bfb6c93fa0fa853966effe64fa8134f2f8d16cb639ef174ea1958

Download Submit
C:\Windows\system\bQGQYnT.exe

Filesize
6.0MB

MD5
46abe72a4c4249139b0a2b72a619f4bb

SHA1
dbc5b6f2dc132cedca89b0b66c06da9936fe85c5

SHA256
64fc3656270c87746e7f44a377b0d6ccae201870c607b7b5d19725b862003634

SHA512
1014878689d768f47eb249c9e6e16f3dd7d76f527854febce1a6db5920aade9cd8eb9e95e2844173919f3535ad81d72d05c5e40d26178344528574a134773880

Download Submit
C:\Windows\system\fDxvHom.exe

Filesize
6.0MB

MD5
d6ceb140edde93c79dc29bdc5351020c

SHA1
fedb7678ba1d6cf2ca2ae6e556f017bdaebcf029

SHA256
0bf930b8fd2d61fc237749fb16d0a087157fae0cdd153c6e396b9a4e11b264ad

SHA512
7c00bd4311d83e34ad006c5b82d6117e404106823362b0dac3ffccdfdabb7ba5926a22db94125c93577bc38f2bbd31b97339a68a899c7068fdcfced0a0150e79

Download Submit
C:\Windows\system\fSjvBZt.exe

Filesize
6.0MB

MD5
e6e635fd973410237ceb337895314650

SHA1
63a07f91ad9b709ab362f46ac8908e3d9037a7ba

SHA256
c31c27fcada78bfcf3155a18daf5786e87ad64f95d648299436ff936b573b2f1

SHA512
256160905f69f73a4245857395945c88638e4d677e00c015be4ac9e2753eb6f5901b1c58941733b813a2d2dc07d464830e05c1a29637b123de0e1b0242769f8c

Download Submit
C:\Windows\system\jVfstlS.exe

Filesize
6.0MB

MD5
f6e736e83d16c3b0ad14859c508b0e8a

SHA1
71b0e8df6b5bf8185a9ac140b9cabaec4a934dfe

SHA256
fb955195d28df078168b535ea467eca919686ea65d6a6ba54f91d0ba5aa24672

SHA512
860cbe800b5cf52056d3bedb59825605612dc29f96a284eeeb9012e8c1644b71ce7bdb1f0f617bdb4a2c86739f0a435a42fb1d164dffdd8886d445c759dd3a90

Download Submit
C:\Windows\system\kbVfswl.exe

Filesize
6.0MB

MD5
339abb671171d7284755a5450eb8be90

SHA1
418a0b1a86b3e6f5673e40611fd5e96b9252c4ee

SHA256
d0279e0d3aab8401daa2f44066674a9ba702f24f94a5b2c63ea32b664ecb4f3d

SHA512
15ed4c05b24fff03212653322530525f8f00e120266c44e8f629767bc780e85d4b694be734f0f33e233fba78c34dde3adf46d626dfabb5cf2d12032195928366

Download Submit
C:\Windows\system\lSUaiLp.exe

Filesize
6.0MB

MD5
02b8bdd667f4d71fe69b4558ee62a31a

SHA1
65004d1fe5e5fe4e47db63d3dd2c498efcedd035

SHA256
b60fd80609c288cd45396d68d2b0f9ce490d9248e34ef97e730c0d282b3acb48

SHA512
570dfe0be763d567be0f93b01761fbde3bc9594faaf8f26c240ad45ac6121b37744379d2a51d340255c2631c5b33418974393ac5ddd6e2b529fe8823926f8d9d

Download Submit
C:\Windows\system\rfIRYKd.exe

Filesize
6.0MB

MD5
e48a95035f1b030cdfb048f5a31beed9

SHA1
9db7ad141009cb17571a337cec5ef861316dabc6

SHA256
05ba7140960215352e72ff35f40eab0c6e8e7d4a373f52542380ef3868cc1727

SHA512
877e05b0d2008c3f8c4cec933df6e085b690b72b36d26893be01cf1a65ca5277cb7dcfa2fdee7236e5aeb21244fab40944d0dcc717fdb36419bf3a68549bc6fd

Download Submit
C:\Windows\system\rxohXJE.exe

Filesize
6.0MB

MD5
bdda0843c7cea98089b43edb8da1c72b

SHA1
8e0f6540bc73818a392828fff8008cf6048c3849

SHA256
0db6e60d31c0ec631908c698877e688636fdc241dabc02033fcc85dff46e9a7d

SHA512
b86dd7a541c03235d5d345ed857e353016f5974d95c8d8137168cf482dc8c51adcef4ba33ec4117605d2930c0d9da927e6cb228cb7a3845f0a1688e117f5c8ae

Download Submit
C:\Windows\system\zTstWwo.exe

Filesize
6.0MB

MD5
5963033927d5e93634f3000f0626bd13

SHA1
dbd0ce51a2776dfea9167f804b2e27c1fc259879

SHA256
93d3fcbb34b80d7d105c2e98369b1abf3d740af8d474ed0bad6fb1542a94ff28

SHA512
6dca3f1e8ad31bb9857b8e34dc8aa0389f6384e53fb7f4be99296b6e3bf0623fa5656077abcac8c26740868964beeb3c2964983909ae4e2a3b4cde6c8d241d1d

Download Submit
C:\Windows\system\zbffhpA.exe

Filesize
6.0MB

MD5
e972b8ec4a77c8d3e97fe664690809f2

SHA1
a68e8c22acf4ba7d688bf611989cc610e578f699

SHA256
344df5ebc876cd0748451cc9a8ed966b04dcf64f07f4965c07d99fb26b436979

SHA512
1583c3d7b44b8aea8c54cf30b160952a4f70e77b5eb9511b3f309ae09c1a270968078e69f76d7475842f17eb3627bbf36d2bbfc47629b3cc19c732dee84244f6

Download Submit
\Windows\system\HayVqUc.exe

Filesize
6.0MB

MD5
3049e08545eb3441d7db346eea7a1433

SHA1
dff5580e539ccaee3d16fc0e562c16e3d642b5b4

SHA256
a22d20d45f6264de61fc799a0b1f34ec66e65681ef97591578db44f3d698a996

SHA512
3d9b125ea8363846b0020941d1c44904e352fb92390e59124e05c5b16922013f2167ba941f60a09ec57060e1424d263e3f990755da97598512d8f8f4767cc3ac

Download Submit
\Windows\system\HczkzbB.exe

Filesize
6.0MB

MD5
de50a7e2917e226fc1265a0d8c7449cd

SHA1
939b85ad89ca531882d8f70e5a141e7a9df71212

SHA256
d391f20511c706c08e931d84ac37ee96fdd97dc36b355be3cabe924eb20c0461

SHA512
69f3f5c83b4994172111b2ae7fec11fc6b3cb693613af611bed886adb5185c62bf3fdeb171493ecc4c234ea6354a0dd84139b407d064a1fbfa59ec8004b29af1

Download Submit
\Windows\system\JDEsuoM.exe

Filesize
6.0MB

MD5
4909c8881a187d4ed064eb9098f76788

SHA1
3cc1503d8cfbbd4a25099963f6a21c7787a15459

SHA256
61a4aae4f75171e9f3b794bf2ac3776b314d89adc2e120cd91bb6ae276400a00

SHA512
66860b4af23ce84f71a8f0217474d7cf434894a3ce9dd7a3245504719c5d3d5e2a98f66deaac1de5faeead03f76f69b9144978060f442fa446cbee2ee2bbfac6

Download Submit
\Windows\system\LeNVcCu.exe

Filesize
6.0MB

MD5
2452306f6d2f3d4d5b54c71d7681bb13

SHA1
51168c695af1d4fd2a6fb7bc50e33a26b5a8bdd3

SHA256
159a825088dbb3d216ab714b9855094cd8b89b62704f34a15d14730ce0ec1e23

SHA512
5ef250bb046a1ddd09d6f74dcfb74f03ac9d33fa7ebc7185474200757c0f9417c9436c150ef99617da699966189a5a9e3b7f0e857cbb66819974b67945cbf75a

Download Submit
\Windows\system\NFTczKJ.exe

Filesize
6.0MB

MD5
d82b50475d6e4282915070a382df059a

SHA1
3b3b8b03b8caea1079d2f1b67055d2e09607b69a

SHA256
6a5bb39f05ff40651a6420ff9cdf2214ae953343d460f512cb396733ee26fb59

SHA512
32c834b47d1da96150820915d59482890ad97094013b3e51e2cb7ad4c37b874377c0ad4b652052c7c4cec1412ae1bea4f0591cadd9c10cc59cd1881c7b32f8ce

Download Submit
\Windows\system\QeduXQN.exe

Filesize
6.0MB

MD5
7858f415b8920912029fef5fe2839bf6

SHA1
924e76656c95f12a1af97f79909899c59e89b4e2

SHA256
5c84e2e42aae81b7d4c7a4f5de3dade4af7d48c4a1a881436ec9bce36708c645

SHA512
b8c99d2bd30aa73c6c7aff95dd2b1c3088fae7d18a71239d181b304e640989a9a0c9408b996aae041bc78b67b49d95e7556469ba31170810837661efa5194979

Download Submit
\Windows\system\UUZjFAd.exe

Filesize
6.0MB

MD5
b50c65dc76ea65484d2dcce0072d95e1

SHA1
6828fcea492d48162d7858abee0343f2722261df

SHA256
5c437ff6530716bb73e57f4287fb41935bd76ce3265e4742924e70bdb165d69e

SHA512
c3fc8f66474f15914ac191a4ac61983b8c42986f7c8551f65e4c06f9721299f14a5b98bbb12dbb4b2e00fbb232d1b3d25bd4f74fdc90f06688512207221508b1

Download Submit
\Windows\system\UZWdddP.exe

Filesize
6.0MB

MD5
444bf00fdba6dcad123469a9384eb552

SHA1
156965adc8cbf652f5e3b1778e7f85e1424990e8

SHA256
470b3db812a50d115d5c3fb88c9ec94742d4c2861b533d4fa22be30eaabbbf52

SHA512
42b7d04bfa5092c2713c80fcda5da04e6a119ca67842847dd88f45927244eb7f81f4542be6089a1add82e568019d63770bee16286f70e7710b3eda9f1a838f04

Download Submit
\Windows\system\aOtdvgv.exe

Filesize
6.0MB

MD5
244599d18619e59b889902216fe3ea68

SHA1
2df83490c4f95b19f58af434dab497f69c1e65ba

SHA256
8d51983137ebfeb464270eaf7e39e4aa9daaefff4c9d661f64850d33d81ed4eb

SHA512
a7c9761ece1ba44a8761df8d8c8a91b89f3ad98af58d848dda8541fe0f3d0022ab108d560043053ac3a3229218bed5e62de9b8d9d496312998ffe951508fe196

Download Submit
\Windows\system\kQVEfid.exe

Filesize
6.0MB

MD5
4870f60cfb4f63e8d3099e0363cdf279

SHA1
67ff2e8c07a3c102f51607d3528bc50e765afe65

SHA256
29a1c181c160e959c4bc5c3dfa47421894bd6be191eea9eb0306a35e8d83cae4

SHA512
4be1dfec178296720b5d01d805bd9b6d9fc4a8664fb9efdcd4cca34cd9d483b68784734105f2318875efedc3ca23a03ad0e721fb6042a1cb1ed55602864da6fc

Download Submit
\Windows\system\qKQWntt.exe

Filesize
6.0MB

MD5
0884f34b3435a3c592830f627e6c75d8

SHA1
f60af610a1dcbb4ae734c20c0a1d04c7786c35cb

SHA256
3d7d51040f5f66aa342b546c65922ae99d850707820899c996989c1216b84150

SHA512
9c4057383d687c623126c5d288fe287934e597733870f1d4025c005b5684fa9d427c9e685aedc32ae20fc39e7d0a4daa367eca60267b340a336bef3f6aebd27d

Download Submit
\Windows\system\yvocefN.exe

Filesize
6.0MB

MD5
a3a45c3d868fbee5705b3db881a3040f

SHA1
0d6b31600e181df1065cf56072ff6c019513f4e9

SHA256
fcf0911a90698ea1968d76143d229afa423681b894b2719b666886ebfcf762c6

SHA512
499466440c704d0559a766e81f27eef81ab8c6eeaadf1c931d56ae44b19fa3f30833bf6e9a2b0148b00551ef902c8cc0a8c0d6f24abd02e37ddd13d4d8d2ae89

Download Submit
\Windows\system\zWMKPFL.exe

Filesize
6.0MB

MD5
54322de7d8088166dde0671a996b8481

SHA1
6306692024ecdc08dae25153166bb2ceeffb5a64

SHA256
c51df04d092d5688e5297bdbb72e066ce7d7deeba316ee12a20b0765cbdb878e

SHA512
12320bfaf5a6bab1927707ade6ce45501af0102a60def720c6786dcf57a07d4e2bd78825e01de0afb3ba02d5c8a0ed66a09ed15aef16d4615dc271a6744114db

Download Submit
memory/564-93-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/564-3849-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1232-57-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-0-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1232-1190-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-925-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1232-431-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/1232-26-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-60-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/1232-29-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1232-34-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-8-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1232-44-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-80-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-108-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-70-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-30-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1232-91-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1232-76-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1232-97-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1232-92-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1252-100-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1252-3887-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1252-1057-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1952-28-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1952-3737-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2036-85-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-3821-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-3769-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2196-78-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-27-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2332-3691-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2412-24-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2412-3689-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3713-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2536-25-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2604-3749-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-75-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3750-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2652-73-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3751-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2712-77-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3755-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2748-49-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2748-99-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3752-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-36-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-107-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-72-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-3768-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download