cobaltstrike | 1ef19ab63e3b60b89e5a9856fd63b88ace6d21fd577340d86c0a8113b84b43ed

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

b7f968967476c0efc2a8a6d9f268424e
SHA1

4b79738cf17276e8d3acd36a148d9bf95dc8c68b
SHA256

1ef19ab63e3b60b89e5a9856fd63b88ace6d21fd577340d86c0a8113b84b43ed
SHA512

8bd19d110c958b200ad33afe5f795bb07021f4c31d7c94ce27274a4fd4146807a7db6eab4b9d462eaf65e0b4ab1dd91800d5252d3c44d13ff7bc75d7bd0bbf56
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\System\RbXbuoo.exe	cobalt_reflective_dll
C:\Windows\System\HMZDSto.exe	cobalt_reflective_dll
C:\Windows\System\fhewsLi.exe	cobalt_reflective_dll
C:\Windows\System\vafAfpa.exe	cobalt_reflective_dll
C:\Windows\System\VxXfZDD.exe	cobalt_reflective_dll
C:\Windows\System\uHOnrSK.exe	cobalt_reflective_dll
C:\Windows\System\YevxOga.exe	cobalt_reflective_dll
C:\Windows\System\yZtRTGl.exe	cobalt_reflective_dll
C:\Windows\System\SiGAaQY.exe	cobalt_reflective_dll
C:\Windows\System\vyGHXnM.exe	cobalt_reflective_dll
C:\Windows\System\vvdAFHK.exe	cobalt_reflective_dll
C:\Windows\System\cGEqFDj.exe	cobalt_reflective_dll
C:\Windows\System\BxpuKJR.exe	cobalt_reflective_dll
C:\Windows\System\gGhHKnL.exe	cobalt_reflective_dll
C:\Windows\System\ZtovEKX.exe	cobalt_reflective_dll
C:\Windows\System\aunzZaU.exe	cobalt_reflective_dll
C:\Windows\System\ntHPcpj.exe	cobalt_reflective_dll
C:\Windows\System\CADJZQX.exe	cobalt_reflective_dll
C:\Windows\System\joarRUq.exe	cobalt_reflective_dll
C:\Windows\System\cyTtIHf.exe	cobalt_reflective_dll
C:\Windows\System\YOkOWOj.exe	cobalt_reflective_dll
C:\Windows\System\BMQbiqJ.exe	cobalt_reflective_dll
C:\Windows\System\YvfFMjL.exe	cobalt_reflective_dll
C:\Windows\System\JMNaipE.exe	cobalt_reflective_dll
C:\Windows\System\XcmAtOH.exe	cobalt_reflective_dll
C:\Windows\System\RYUFGlS.exe	cobalt_reflective_dll
C:\Windows\System\stPopYO.exe	cobalt_reflective_dll
C:\Windows\System\gvlzaUv.exe	cobalt_reflective_dll
C:\Windows\System\DKzkDmX.exe	cobalt_reflective_dll
C:\Windows\System\Bydbcee.exe	cobalt_reflective_dll
C:\Windows\System\ZadKHnl.exe	cobalt_reflective_dll
C:\Windows\System\VmpBJIn.exe	cobalt_reflective_dll
C:\Windows\System\SRibWJW.exe	cobalt_reflective_dll
C:\Windows\System\neIqLDg.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral2/memory/2348-0-0x00007FF71F410000-0x00007FF71F764000-memory.dmp	xmrig
C:\Windows\System\RbXbuoo.exe	xmrig
C:\Windows\System\HMZDSto.exe	xmrig
C:\Windows\System\fhewsLi.exe	xmrig
behavioral2/memory/3904-18-0x00007FF6014F0000-0x00007FF601844000-memory.dmp	xmrig
behavioral2/memory/1388-14-0x00007FF76FF80000-0x00007FF7702D4000-memory.dmp	xmrig
behavioral2/memory/2520-8-0x00007FF792E90000-0x00007FF7931E4000-memory.dmp	xmrig
C:\Windows\System\vafAfpa.exe	xmrig
C:\Windows\System\VxXfZDD.exe	xmrig
behavioral2/memory/3512-36-0x00007FF6C1090000-0x00007FF6C13E4000-memory.dmp	xmrig
C:\Windows\System\uHOnrSK.exe	xmrig
behavioral2/memory/4192-32-0x00007FF604130000-0x00007FF604484000-memory.dmp	xmrig
behavioral2/memory/1344-26-0x00007FF708050000-0x00007FF7083A4000-memory.dmp	xmrig
C:\Windows\System\YevxOga.exe	xmrig
behavioral2/memory/3672-42-0x00007FF647660000-0x00007FF6479B4000-memory.dmp	xmrig
C:\Windows\System\yZtRTGl.exe	xmrig
behavioral2/memory/1876-48-0x00007FF7C7300000-0x00007FF7C7654000-memory.dmp	xmrig
behavioral2/memory/2092-55-0x00007FF607890000-0x00007FF607BE4000-memory.dmp	xmrig
behavioral2/memory/2348-54-0x00007FF71F410000-0x00007FF71F764000-memory.dmp	xmrig
C:\Windows\System\SiGAaQY.exe	xmrig
C:\Windows\System\vyGHXnM.exe	xmrig
behavioral2/memory/5100-75-0x00007FF7F1BF0000-0x00007FF7F1F44000-memory.dmp	xmrig
behavioral2/memory/4192-88-0x00007FF604130000-0x00007FF604484000-memory.dmp	xmrig
C:\Windows\System\vvdAFHK.exe	xmrig
C:\Windows\System\cGEqFDj.exe	xmrig
C:\Windows\System\BxpuKJR.exe	xmrig
C:\Windows\System\gGhHKnL.exe	xmrig
behavioral2/memory/3832-388-0x00007FF7A83E0000-0x00007FF7A8734000-memory.dmp	xmrig
behavioral2/memory/4848-391-0x00007FF7F5270000-0x00007FF7F55C4000-memory.dmp	xmrig
behavioral2/memory/4980-392-0x00007FF6FC6A0000-0x00007FF6FC9F4000-memory.dmp	xmrig
behavioral2/memory/2240-393-0x00007FF68EA80000-0x00007FF68EDD4000-memory.dmp	xmrig
behavioral2/memory/1676-394-0x00007FF637E80000-0x00007FF6381D4000-memory.dmp	xmrig
behavioral2/memory/988-390-0x00007FF74F830000-0x00007FF74FB84000-memory.dmp	xmrig
behavioral2/memory/1728-389-0x00007FF617DE0000-0x00007FF618134000-memory.dmp	xmrig
behavioral2/memory/2244-387-0x00007FF681C90000-0x00007FF681FE4000-memory.dmp	xmrig
behavioral2/memory/3456-397-0x00007FF6C07D0000-0x00007FF6C0B24000-memory.dmp	xmrig
behavioral2/memory/876-416-0x00007FF7D5BF0000-0x00007FF7D5F44000-memory.dmp	xmrig
behavioral2/memory/4964-422-0x00007FF6194B0000-0x00007FF619804000-memory.dmp	xmrig
behavioral2/memory/3512-421-0x00007FF6C1090000-0x00007FF6C13E4000-memory.dmp	xmrig
behavioral2/memory/2820-420-0x00007FF64AF70000-0x00007FF64B2C4000-memory.dmp	xmrig
behavioral2/memory/956-419-0x00007FF642E10000-0x00007FF643164000-memory.dmp	xmrig
behavioral2/memory/2728-413-0x00007FF625FA0000-0x00007FF6262F4000-memory.dmp	xmrig
behavioral2/memory/116-412-0x00007FF6A43E0000-0x00007FF6A4734000-memory.dmp	xmrig
behavioral2/memory/324-411-0x00007FF74EF30000-0x00007FF74F284000-memory.dmp	xmrig
C:\Windows\System\ZtovEKX.exe	xmrig
C:\Windows\System\aunzZaU.exe	xmrig
C:\Windows\System\ntHPcpj.exe	xmrig
C:\Windows\System\CADJZQX.exe	xmrig
C:\Windows\System\joarRUq.exe	xmrig
C:\Windows\System\cyTtIHf.exe	xmrig
C:\Windows\System\YOkOWOj.exe	xmrig
C:\Windows\System\BMQbiqJ.exe	xmrig
C:\Windows\System\YvfFMjL.exe	xmrig
C:\Windows\System\JMNaipE.exe	xmrig
C:\Windows\System\XcmAtOH.exe	xmrig
C:\Windows\System\RYUFGlS.exe	xmrig
C:\Windows\System\stPopYO.exe	xmrig
C:\Windows\System\gvlzaUv.exe	xmrig
C:\Windows\System\DKzkDmX.exe	xmrig
C:\Windows\System\Bydbcee.exe	xmrig
C:\Windows\System\ZadKHnl.exe	xmrig
C:\Windows\System\VmpBJIn.exe	xmrig
behavioral2/memory/3672-486-0x00007FF647660000-0x00007FF6479B4000-memory.dmp	xmrig
behavioral2/memory/4824-85-0x00007FF77F650000-0x00007FF77F9A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

RbXbuoo.exefhewsLi.exeHMZDSto.exevafAfpa.exeuHOnrSK.exeVxXfZDD.exeYevxOga.exeyZtRTGl.exeSiGAaQY.exevyGHXnM.exeneIqLDg.exeSRibWJW.exeVmpBJIn.exeZadKHnl.exeBydbcee.exeDKzkDmX.exevvdAFHK.exegvlzaUv.exestPopYO.exeRYUFGlS.exeXcmAtOH.execGEqFDj.exeJMNaipE.exeYvfFMjL.exeBxpuKJR.exegGhHKnL.exeBMQbiqJ.exeYOkOWOj.execyTtIHf.exeaunzZaU.exejoarRUq.exeCADJZQX.exentHPcpj.exeZtovEKX.exezFwJXnn.exeJjpfsYw.exeJiQDbwP.exelkJlcKh.exekrdQlqv.exeIcverpO.exepXOdJgA.exehBFZgEs.exeQEqWWKJ.exeWLPGwxL.exeLvRInbc.exeAVnWDnP.exeLIAfdvJ.exeWbpcrDS.exepCXOHzg.exePJOzOfg.exeZdvQzMe.exeCvODQDl.exembbfECs.exetiFdBtY.exeqMBdFcB.exeKwVcJwo.exeSuCEPND.exeqYOqOWC.exelBYIXuF.exejdObepW.exeeBKtRrM.exeLIbKCwe.exezyoxOHN.exeGdUXMnH.exe

pid	process
2520	RbXbuoo.exe
1388	fhewsLi.exe
3904	HMZDSto.exe
1344	vafAfpa.exe
4192	uHOnrSK.exe
3512	VxXfZDD.exe
3672	YevxOga.exe
1876	yZtRTGl.exe
2092	SiGAaQY.exe
2608	vyGHXnM.exe
3076	neIqLDg.exe
5100	SRibWJW.exe
4824	VmpBJIn.exe
2244	ZadKHnl.exe
4964	Bydbcee.exe
3832	DKzkDmX.exe
1728	vvdAFHK.exe
988	gvlzaUv.exe
4848	stPopYO.exe
4980	RYUFGlS.exe
2240	XcmAtOH.exe
1676	cGEqFDj.exe
3456	JMNaipE.exe
324	YvfFMjL.exe
116	BxpuKJR.exe
2728	gGhHKnL.exe
876	BMQbiqJ.exe
956	YOkOWOj.exe
2820	cyTtIHf.exe
468	aunzZaU.exe
4136	joarRUq.exe
3732	CADJZQX.exe
2028	ntHPcpj.exe
692	ZtovEKX.exe
1332	zFwJXnn.exe
4108	JjpfsYw.exe
3144	JiQDbwP.exe
4544	lkJlcKh.exe
3176	krdQlqv.exe
1736	IcverpO.exe
2772	pXOdJgA.exe
1620	hBFZgEs.exe
456	QEqWWKJ.exe
2732	WLPGwxL.exe
2924	LvRInbc.exe
3960	AVnWDnP.exe
1840	LIAfdvJ.exe
3652	WbpcrDS.exe
4360	pCXOHzg.exe
1556	PJOzOfg.exe
4708	ZdvQzMe.exe
2148	CvODQDl.exe
4224	mbbfECs.exe
4040	tiFdBtY.exe
4772	qMBdFcB.exe
2156	KwVcJwo.exe
5076	SuCEPND.exe
3252	qYOqOWC.exe
3880	lBYIXuF.exe
3692	jdObepW.exe
4752	eBKtRrM.exe
3644	LIbKCwe.exe
4168	zyoxOHN.exe
4564	GdUXMnH.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2348-0-0x00007FF71F410000-0x00007FF71F764000-memory.dmp	upx
C:\Windows\System\RbXbuoo.exe	upx
C:\Windows\System\HMZDSto.exe	upx
C:\Windows\System\fhewsLi.exe	upx
behavioral2/memory/3904-18-0x00007FF6014F0000-0x00007FF601844000-memory.dmp	upx
behavioral2/memory/1388-14-0x00007FF76FF80000-0x00007FF7702D4000-memory.dmp	upx
behavioral2/memory/2520-8-0x00007FF792E90000-0x00007FF7931E4000-memory.dmp	upx
C:\Windows\System\vafAfpa.exe	upx
C:\Windows\System\VxXfZDD.exe	upx
behavioral2/memory/3512-36-0x00007FF6C1090000-0x00007FF6C13E4000-memory.dmp	upx
C:\Windows\System\uHOnrSK.exe	upx
behavioral2/memory/4192-32-0x00007FF604130000-0x00007FF604484000-memory.dmp	upx
behavioral2/memory/1344-26-0x00007FF708050000-0x00007FF7083A4000-memory.dmp	upx
C:\Windows\System\YevxOga.exe	upx
behavioral2/memory/3672-42-0x00007FF647660000-0x00007FF6479B4000-memory.dmp	upx
C:\Windows\System\yZtRTGl.exe	upx
behavioral2/memory/1876-48-0x00007FF7C7300000-0x00007FF7C7654000-memory.dmp	upx
behavioral2/memory/2092-55-0x00007FF607890000-0x00007FF607BE4000-memory.dmp	upx
behavioral2/memory/2348-54-0x00007FF71F410000-0x00007FF71F764000-memory.dmp	upx
C:\Windows\System\SiGAaQY.exe	upx
C:\Windows\System\vyGHXnM.exe	upx
behavioral2/memory/5100-75-0x00007FF7F1BF0000-0x00007FF7F1F44000-memory.dmp	upx
behavioral2/memory/4192-88-0x00007FF604130000-0x00007FF604484000-memory.dmp	upx
C:\Windows\System\vvdAFHK.exe	upx
C:\Windows\System\cGEqFDj.exe	upx
C:\Windows\System\BxpuKJR.exe	upx
C:\Windows\System\gGhHKnL.exe	upx
behavioral2/memory/3832-388-0x00007FF7A83E0000-0x00007FF7A8734000-memory.dmp	upx
behavioral2/memory/4848-391-0x00007FF7F5270000-0x00007FF7F55C4000-memory.dmp	upx
behavioral2/memory/4980-392-0x00007FF6FC6A0000-0x00007FF6FC9F4000-memory.dmp	upx
behavioral2/memory/2240-393-0x00007FF68EA80000-0x00007FF68EDD4000-memory.dmp	upx
behavioral2/memory/1676-394-0x00007FF637E80000-0x00007FF6381D4000-memory.dmp	upx
behavioral2/memory/988-390-0x00007FF74F830000-0x00007FF74FB84000-memory.dmp	upx
behavioral2/memory/1728-389-0x00007FF617DE0000-0x00007FF618134000-memory.dmp	upx
behavioral2/memory/2244-387-0x00007FF681C90000-0x00007FF681FE4000-memory.dmp	upx
behavioral2/memory/3456-397-0x00007FF6C07D0000-0x00007FF6C0B24000-memory.dmp	upx
behavioral2/memory/876-416-0x00007FF7D5BF0000-0x00007FF7D5F44000-memory.dmp	upx
behavioral2/memory/4964-422-0x00007FF6194B0000-0x00007FF619804000-memory.dmp	upx
behavioral2/memory/3512-421-0x00007FF6C1090000-0x00007FF6C13E4000-memory.dmp	upx
behavioral2/memory/2820-420-0x00007FF64AF70000-0x00007FF64B2C4000-memory.dmp	upx
behavioral2/memory/956-419-0x00007FF642E10000-0x00007FF643164000-memory.dmp	upx
behavioral2/memory/2728-413-0x00007FF625FA0000-0x00007FF6262F4000-memory.dmp	upx
behavioral2/memory/116-412-0x00007FF6A43E0000-0x00007FF6A4734000-memory.dmp	upx
behavioral2/memory/324-411-0x00007FF74EF30000-0x00007FF74F284000-memory.dmp	upx
C:\Windows\System\ZtovEKX.exe	upx
C:\Windows\System\aunzZaU.exe	upx
C:\Windows\System\ntHPcpj.exe	upx
C:\Windows\System\CADJZQX.exe	upx
C:\Windows\System\joarRUq.exe	upx
C:\Windows\System\cyTtIHf.exe	upx
C:\Windows\System\YOkOWOj.exe	upx
C:\Windows\System\BMQbiqJ.exe	upx
C:\Windows\System\YvfFMjL.exe	upx
C:\Windows\System\JMNaipE.exe	upx
C:\Windows\System\XcmAtOH.exe	upx
C:\Windows\System\RYUFGlS.exe	upx
C:\Windows\System\stPopYO.exe	upx
C:\Windows\System\gvlzaUv.exe	upx
C:\Windows\System\DKzkDmX.exe	upx
C:\Windows\System\Bydbcee.exe	upx
C:\Windows\System\ZadKHnl.exe	upx
C:\Windows\System\VmpBJIn.exe	upx
behavioral2/memory/3672-486-0x00007FF647660000-0x00007FF6479B4000-memory.dmp	upx
behavioral2/memory/4824-85-0x00007FF77F650000-0x00007FF77F9A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\lBfdLsA.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWlLPSX.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tkEZxUN.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwFrLBg.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BWPvZZm.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBbirHq.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KLaavxo.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLHMYJh.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgvgnwZ.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKzkDmX.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNRHcnO.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaqCRqC.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLTzOYg.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qsgbXLe.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HNKvpGd.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qZjGcXx.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BhunVmQ.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UVQDKkY.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QiPXRhP.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTzzlvW.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqRyISP.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYOBzwx.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BaHnscT.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVvGhth.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OqywVAs.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kjTQcWR.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdvQzMe.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTTZiVA.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GRjQkmo.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnEdiSU.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IhFPayR.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEshbqF.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeJBZUN.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOWrMFu.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cDTpBoQ.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnQeHlA.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATfnJQh.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WXOwisg.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ScTeCaG.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfHrFkQ.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNkJBKY.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjbQojg.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjBFnmy.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gIKTpKp.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BRGomUg.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffnNAos.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lBYIXuF.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jyWnBil.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBQkzGN.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPqTbEU.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbsvZRw.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxpEZam.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEXXTtR.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPobsAq.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JqeRYHn.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCtXXXu.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyqnvLE.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYaaImC.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwIShCa.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbWMrmt.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tSxkUya.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iePzVrG.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mOITAgn.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZuSMqZZ.exe	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 2348 wrote to memory of 2520	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	RbXbuoo.exe
PID 2348 wrote to memory of 2520	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	RbXbuoo.exe
PID 2348 wrote to memory of 1388	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	fhewsLi.exe
PID 2348 wrote to memory of 1388	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	fhewsLi.exe
PID 2348 wrote to memory of 3904	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	HMZDSto.exe
PID 2348 wrote to memory of 3904	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	HMZDSto.exe
PID 2348 wrote to memory of 1344	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	vafAfpa.exe
PID 2348 wrote to memory of 1344	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	vafAfpa.exe
PID 2348 wrote to memory of 4192	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	uHOnrSK.exe
PID 2348 wrote to memory of 4192	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	uHOnrSK.exe
PID 2348 wrote to memory of 3512	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	VxXfZDD.exe
PID 2348 wrote to memory of 3512	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	VxXfZDD.exe
PID 2348 wrote to memory of 3672	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	YevxOga.exe
PID 2348 wrote to memory of 3672	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	YevxOga.exe
PID 2348 wrote to memory of 1876	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	yZtRTGl.exe
PID 2348 wrote to memory of 1876	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	yZtRTGl.exe
PID 2348 wrote to memory of 2092	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	SiGAaQY.exe
PID 2348 wrote to memory of 2092	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	SiGAaQY.exe
PID 2348 wrote to memory of 2608	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	vyGHXnM.exe
PID 2348 wrote to memory of 2608	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	vyGHXnM.exe
PID 2348 wrote to memory of 3076	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	neIqLDg.exe
PID 2348 wrote to memory of 3076	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	neIqLDg.exe
PID 2348 wrote to memory of 5100	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	SRibWJW.exe
PID 2348 wrote to memory of 5100	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	SRibWJW.exe
PID 2348 wrote to memory of 4824	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	VmpBJIn.exe
PID 2348 wrote to memory of 4824	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	VmpBJIn.exe
PID 2348 wrote to memory of 2244	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	ZadKHnl.exe
PID 2348 wrote to memory of 2244	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	ZadKHnl.exe
PID 2348 wrote to memory of 4964	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	Bydbcee.exe
PID 2348 wrote to memory of 4964	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	Bydbcee.exe
PID 2348 wrote to memory of 3832	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	DKzkDmX.exe
PID 2348 wrote to memory of 3832	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	DKzkDmX.exe
PID 2348 wrote to memory of 1728	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	vvdAFHK.exe
PID 2348 wrote to memory of 1728	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	vvdAFHK.exe
PID 2348 wrote to memory of 988	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	gvlzaUv.exe
PID 2348 wrote to memory of 988	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	gvlzaUv.exe
PID 2348 wrote to memory of 4848	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	stPopYO.exe
PID 2348 wrote to memory of 4848	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	stPopYO.exe
PID 2348 wrote to memory of 4980	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	RYUFGlS.exe
PID 2348 wrote to memory of 4980	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	RYUFGlS.exe
PID 2348 wrote to memory of 2240	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	XcmAtOH.exe
PID 2348 wrote to memory of 2240	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	XcmAtOH.exe
PID 2348 wrote to memory of 1676	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	cGEqFDj.exe
PID 2348 wrote to memory of 1676	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	cGEqFDj.exe
PID 2348 wrote to memory of 3456	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	JMNaipE.exe
PID 2348 wrote to memory of 3456	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	JMNaipE.exe
PID 2348 wrote to memory of 324	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	YvfFMjL.exe
PID 2348 wrote to memory of 324	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	YvfFMjL.exe
PID 2348 wrote to memory of 116	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	BxpuKJR.exe
PID 2348 wrote to memory of 116	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	BxpuKJR.exe
PID 2348 wrote to memory of 2728	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	gGhHKnL.exe
PID 2348 wrote to memory of 2728	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	gGhHKnL.exe
PID 2348 wrote to memory of 876	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	BMQbiqJ.exe
PID 2348 wrote to memory of 876	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	BMQbiqJ.exe
PID 2348 wrote to memory of 956	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	YOkOWOj.exe
PID 2348 wrote to memory of 956	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	YOkOWOj.exe
PID 2348 wrote to memory of 2820	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	cyTtIHf.exe
PID 2348 wrote to memory of 2820	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	cyTtIHf.exe
PID 2348 wrote to memory of 468	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	aunzZaU.exe
PID 2348 wrote to memory of 468	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	aunzZaU.exe
PID 2348 wrote to memory of 4136	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	joarRUq.exe
PID 2348 wrote to memory of 4136	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	joarRUq.exe
PID 2348 wrote to memory of 3732	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	CADJZQX.exe
PID 2348 wrote to memory of 3732	2348	2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe	CADJZQX.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-26_b7f968967476c0efc2a8a6d9f268424e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\System\RbXbuoo.exe
  C:\Windows\System\RbXbuoo.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\fhewsLi.exe
  C:\Windows\System\fhewsLi.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\HMZDSto.exe
  C:\Windows\System\HMZDSto.exe
  2⤵
  - Executes dropped EXE
  PID:3904
- C:\Windows\System\vafAfpa.exe
  C:\Windows\System\vafAfpa.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\uHOnrSK.exe
  C:\Windows\System\uHOnrSK.exe
  2⤵
  - Executes dropped EXE
  PID:4192
- C:\Windows\System\VxXfZDD.exe
  C:\Windows\System\VxXfZDD.exe
  2⤵
  - Executes dropped EXE
  PID:3512
- C:\Windows\System\YevxOga.exe
  C:\Windows\System\YevxOga.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\yZtRTGl.exe
  C:\Windows\System\yZtRTGl.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\SiGAaQY.exe
  C:\Windows\System\SiGAaQY.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\vyGHXnM.exe
  C:\Windows\System\vyGHXnM.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\neIqLDg.exe
  C:\Windows\System\neIqLDg.exe
  2⤵
  - Executes dropped EXE
  PID:3076
- C:\Windows\System\SRibWJW.exe
  C:\Windows\System\SRibWJW.exe
  2⤵
  - Executes dropped EXE
  PID:5100
- C:\Windows\System\VmpBJIn.exe
  C:\Windows\System\VmpBJIn.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\ZadKHnl.exe
  C:\Windows\System\ZadKHnl.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\Bydbcee.exe
  C:\Windows\System\Bydbcee.exe
  2⤵
  - Executes dropped EXE
  PID:4964
- C:\Windows\System\DKzkDmX.exe
  C:\Windows\System\DKzkDmX.exe
  2⤵
  - Executes dropped EXE
  PID:3832
- C:\Windows\System\vvdAFHK.exe
  C:\Windows\System\vvdAFHK.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\gvlzaUv.exe
  C:\Windows\System\gvlzaUv.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\stPopYO.exe
  C:\Windows\System\stPopYO.exe
  2⤵
  - Executes dropped EXE
  PID:4848
- C:\Windows\System\RYUFGlS.exe
  C:\Windows\System\RYUFGlS.exe
  2⤵
  - Executes dropped EXE
  PID:4980
- C:\Windows\System\XcmAtOH.exe
  C:\Windows\System\XcmAtOH.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\cGEqFDj.exe
  C:\Windows\System\cGEqFDj.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\JMNaipE.exe
  C:\Windows\System\JMNaipE.exe
  2⤵
  - Executes dropped EXE
  PID:3456
- C:\Windows\System\YvfFMjL.exe
  C:\Windows\System\YvfFMjL.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\BxpuKJR.exe
  C:\Windows\System\BxpuKJR.exe
  2⤵
  - Executes dropped EXE
  PID:116
- C:\Windows\System\gGhHKnL.exe
  C:\Windows\System\gGhHKnL.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\BMQbiqJ.exe
  C:\Windows\System\BMQbiqJ.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\YOkOWOj.exe
  C:\Windows\System\YOkOWOj.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\cyTtIHf.exe
  C:\Windows\System\cyTtIHf.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\aunzZaU.exe
  C:\Windows\System\aunzZaU.exe
  2⤵
  - Executes dropped EXE
  PID:468
- C:\Windows\System\joarRUq.exe
  C:\Windows\System\joarRUq.exe
  2⤵
  - Executes dropped EXE
  PID:4136
- C:\Windows\System\CADJZQX.exe
  C:\Windows\System\CADJZQX.exe
  2⤵
  - Executes dropped EXE
  PID:3732
- C:\Windows\System\ntHPcpj.exe
  C:\Windows\System\ntHPcpj.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\ZtovEKX.exe
  C:\Windows\System\ZtovEKX.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\zFwJXnn.exe
  C:\Windows\System\zFwJXnn.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\JjpfsYw.exe
  C:\Windows\System\JjpfsYw.exe
  2⤵
  - Executes dropped EXE
  PID:4108
- C:\Windows\System\JiQDbwP.exe
  C:\Windows\System\JiQDbwP.exe
  2⤵
  - Executes dropped EXE
  PID:3144
- C:\Windows\System\lkJlcKh.exe
  C:\Windows\System\lkJlcKh.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\krdQlqv.exe
  C:\Windows\System\krdQlqv.exe
  2⤵
  - Executes dropped EXE
  PID:3176
- C:\Windows\System\IcverpO.exe
  C:\Windows\System\IcverpO.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\pXOdJgA.exe
  C:\Windows\System\pXOdJgA.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\hBFZgEs.exe
  C:\Windows\System\hBFZgEs.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\QEqWWKJ.exe
  C:\Windows\System\QEqWWKJ.exe
  2⤵
  - Executes dropped EXE
  PID:456
- C:\Windows\System\WLPGwxL.exe
  C:\Windows\System\WLPGwxL.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\LvRInbc.exe
  C:\Windows\System\LvRInbc.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\AVnWDnP.exe
  C:\Windows\System\AVnWDnP.exe
  2⤵
  - Executes dropped EXE
  PID:3960
- C:\Windows\System\LIAfdvJ.exe
  C:\Windows\System\LIAfdvJ.exe
  2⤵
  - Executes dropped EXE
  PID:1840
- C:\Windows\System\WbpcrDS.exe
  C:\Windows\System\WbpcrDS.exe
  2⤵
  - Executes dropped EXE
  PID:3652
- C:\Windows\System\pCXOHzg.exe
  C:\Windows\System\pCXOHzg.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\PJOzOfg.exe
  C:\Windows\System\PJOzOfg.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\ZdvQzMe.exe
  C:\Windows\System\ZdvQzMe.exe
  2⤵
  - Executes dropped EXE
  PID:4708
- C:\Windows\System\CvODQDl.exe
  C:\Windows\System\CvODQDl.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\mbbfECs.exe
  C:\Windows\System\mbbfECs.exe
  2⤵
  - Executes dropped EXE
  PID:4224
- C:\Windows\System\tiFdBtY.exe
  C:\Windows\System\tiFdBtY.exe
  2⤵
  - Executes dropped EXE
  PID:4040
- C:\Windows\System\qMBdFcB.exe
  C:\Windows\System\qMBdFcB.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\KwVcJwo.exe
  C:\Windows\System\KwVcJwo.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\SuCEPND.exe
  C:\Windows\System\SuCEPND.exe
  2⤵
  - Executes dropped EXE
  PID:5076
- C:\Windows\System\qYOqOWC.exe
  C:\Windows\System\qYOqOWC.exe
  2⤵
  - Executes dropped EXE
  PID:3252
- C:\Windows\System\lBYIXuF.exe
  C:\Windows\System\lBYIXuF.exe
  2⤵
  - Executes dropped EXE
  PID:3880
- C:\Windows\System\jdObepW.exe
  C:\Windows\System\jdObepW.exe
  2⤵
  - Executes dropped EXE
  PID:3692
- C:\Windows\System\eBKtRrM.exe
  C:\Windows\System\eBKtRrM.exe
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\System\LIbKCwe.exe
  C:\Windows\System\LIbKCwe.exe
  2⤵
  - Executes dropped EXE
  PID:3644
- C:\Windows\System\zyoxOHN.exe
  C:\Windows\System\zyoxOHN.exe
  2⤵
  - Executes dropped EXE
  PID:4168
- C:\Windows\System\GdUXMnH.exe
  C:\Windows\System\GdUXMnH.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\stBvcFO.exe
  C:\Windows\System\stBvcFO.exe
  2⤵
  PID:3596
- C:\Windows\System\SnVaRvy.exe
  C:\Windows\System\SnVaRvy.exe
  2⤵
  PID:1148
- C:\Windows\System\hAffZEM.exe
  C:\Windows\System\hAffZEM.exe
  2⤵
  PID:3920
- C:\Windows\System\TiByGpK.exe
  C:\Windows\System\TiByGpK.exe
  2⤵
  PID:4992
- C:\Windows\System\kvFSLAx.exe
  C:\Windows\System\kvFSLAx.exe
  2⤵
  PID:4468
- C:\Windows\System\IJxuGwj.exe
  C:\Windows\System\IJxuGwj.exe
  2⤵
  PID:2836
- C:\Windows\System\WVLpUOP.exe
  C:\Windows\System\WVLpUOP.exe
  2⤵
  PID:3908
- C:\Windows\System\FvHxyiq.exe
  C:\Windows\System\FvHxyiq.exe
  2⤵
  PID:2176
- C:\Windows\System\XzduFtg.exe
  C:\Windows\System\XzduFtg.exe
  2⤵
  PID:4652
- C:\Windows\System\rjgzYxj.exe
  C:\Windows\System\rjgzYxj.exe
  2⤵
  PID:3804
- C:\Windows\System\OkUsFSX.exe
  C:\Windows\System\OkUsFSX.exe
  2⤵
  PID:2388
- C:\Windows\System\cFJkaDk.exe
  C:\Windows\System\cFJkaDk.exe
  2⤵
  PID:2840
- C:\Windows\System\fCYukSf.exe
  C:\Windows\System\fCYukSf.exe
  2⤵
  PID:4120
- C:\Windows\System\hMXWZou.exe
  C:\Windows\System\hMXWZou.exe
  2⤵
  PID:224
- C:\Windows\System\rpjxhfn.exe
  C:\Windows\System\rpjxhfn.exe
  2⤵
  PID:5024
- C:\Windows\System\tkEZxUN.exe
  C:\Windows\System\tkEZxUN.exe
  2⤵
  PID:3480
- C:\Windows\System\OFtWyjt.exe
  C:\Windows\System\OFtWyjt.exe
  2⤵
  PID:5124
- C:\Windows\System\GcKewIC.exe
  C:\Windows\System\GcKewIC.exe
  2⤵
  PID:5140
- C:\Windows\System\vmICHhX.exe
  C:\Windows\System\vmICHhX.exe
  2⤵
  PID:5172
- C:\Windows\System\cyDWmmp.exe
  C:\Windows\System\cyDWmmp.exe
  2⤵
  PID:5188
- C:\Windows\System\HuZntTE.exe
  C:\Windows\System\HuZntTE.exe
  2⤵
  PID:5240
- C:\Windows\System\TmNJxAE.exe
  C:\Windows\System\TmNJxAE.exe
  2⤵
  PID:5276
- C:\Windows\System\ojADjEb.exe
  C:\Windows\System\ojADjEb.exe
  2⤵
  PID:5296
- C:\Windows\System\fwySBDT.exe
  C:\Windows\System\fwySBDT.exe
  2⤵
  PID:5312
- C:\Windows\System\zFAlhXM.exe
  C:\Windows\System\zFAlhXM.exe
  2⤵
  PID:5348
- C:\Windows\System\MAhcRvX.exe
  C:\Windows\System\MAhcRvX.exe
  2⤵
  PID:5368
- C:\Windows\System\YyqnvLE.exe
  C:\Windows\System\YyqnvLE.exe
  2⤵
  PID:5384
- C:\Windows\System\zWSESkv.exe
  C:\Windows\System\zWSESkv.exe
  2⤵
  PID:5428
- C:\Windows\System\BaHnscT.exe
  C:\Windows\System\BaHnscT.exe
  2⤵
  PID:5444
- C:\Windows\System\DYlwrPT.exe
  C:\Windows\System\DYlwrPT.exe
  2⤵
  PID:5480
- C:\Windows\System\OiwWUIw.exe
  C:\Windows\System\OiwWUIw.exe
  2⤵
  PID:5516
- C:\Windows\System\SRcFLJk.exe
  C:\Windows\System\SRcFLJk.exe
  2⤵
  PID:5564
- C:\Windows\System\IngrFUR.exe
  C:\Windows\System\IngrFUR.exe
  2⤵
  PID:5580
- C:\Windows\System\cDTpBoQ.exe
  C:\Windows\System\cDTpBoQ.exe
  2⤵
  PID:5612
- C:\Windows\System\ZWqkSAc.exe
  C:\Windows\System\ZWqkSAc.exe
  2⤵
  PID:5632
- C:\Windows\System\EXDxHJo.exe
  C:\Windows\System\EXDxHJo.exe
  2⤵
  PID:5648
- C:\Windows\System\JZtHOOA.exe
  C:\Windows\System\JZtHOOA.exe
  2⤵
  PID:5664
- C:\Windows\System\itmntFB.exe
  C:\Windows\System\itmntFB.exe
  2⤵
  PID:5680
- C:\Windows\System\bQyEwIq.exe
  C:\Windows\System\bQyEwIq.exe
  2⤵
  PID:5696
- C:\Windows\System\XbRmTDU.exe
  C:\Windows\System\XbRmTDU.exe
  2⤵
  PID:5712
- C:\Windows\System\KiSvtBa.exe
  C:\Windows\System\KiSvtBa.exe
  2⤵
  PID:5728
- C:\Windows\System\LWxqQzO.exe
  C:\Windows\System\LWxqQzO.exe
  2⤵
  PID:5800
- C:\Windows\System\pxdOTFL.exe
  C:\Windows\System\pxdOTFL.exe
  2⤵
  PID:5836
- C:\Windows\System\URHgBjT.exe
  C:\Windows\System\URHgBjT.exe
  2⤵
  PID:5884
- C:\Windows\System\dYAgCvV.exe
  C:\Windows\System\dYAgCvV.exe
  2⤵
  PID:6096
- C:\Windows\System\FNOqmLb.exe
  C:\Windows\System\FNOqmLb.exe
  2⤵
  PID:6116
- C:\Windows\System\EbWhdRz.exe
  C:\Windows\System\EbWhdRz.exe
  2⤵
  PID:6132
- C:\Windows\System\iwFrLBg.exe
  C:\Windows\System\iwFrLBg.exe
  2⤵
  PID:4440
- C:\Windows\System\fgPakMo.exe
  C:\Windows\System\fgPakMo.exe
  2⤵
  PID:4904
- C:\Windows\System\MbjidBt.exe
  C:\Windows\System\MbjidBt.exe
  2⤵
  PID:1072
- C:\Windows\System\UAMmqTx.exe
  C:\Windows\System\UAMmqTx.exe
  2⤵
  PID:5160
- C:\Windows\System\XpgPMWg.exe
  C:\Windows\System\XpgPMWg.exe
  2⤵
  PID:5308
- C:\Windows\System\DwnQHIA.exe
  C:\Windows\System\DwnQHIA.exe
  2⤵
  PID:5404
- C:\Windows\System\jaYDprF.exe
  C:\Windows\System\jaYDprF.exe
  2⤵
  PID:5540
- C:\Windows\System\HNRHcnO.exe
  C:\Windows\System\HNRHcnO.exe
  2⤵
  PID:5640
- C:\Windows\System\hvwZaSO.exe
  C:\Windows\System\hvwZaSO.exe
  2⤵
  PID:5720
- C:\Windows\System\JZyEvSr.exe
  C:\Windows\System\JZyEvSr.exe
  2⤵
  PID:5832
- C:\Windows\System\HOYqcyS.exe
  C:\Windows\System\HOYqcyS.exe
  2⤵
  PID:5992
- C:\Windows\System\ZfIyXLw.exe
  C:\Windows\System\ZfIyXLw.exe
  2⤵
  PID:3360
- C:\Windows\System\vjhWwHk.exe
  C:\Windows\System\vjhWwHk.exe
  2⤵
  PID:4884
- C:\Windows\System\XjCaGLp.exe
  C:\Windows\System\XjCaGLp.exe
  2⤵
  PID:1872
- C:\Windows\System\BVWUhwv.exe
  C:\Windows\System\BVWUhwv.exe
  2⤵
  PID:5776
- C:\Windows\System\cNYnwtv.exe
  C:\Windows\System\cNYnwtv.exe
  2⤵
  PID:2944
- C:\Windows\System\MxPiIIq.exe
  C:\Windows\System\MxPiIIq.exe
  2⤵
  PID:6024
- C:\Windows\System\DgBuFlY.exe
  C:\Windows\System\DgBuFlY.exe
  2⤵
  PID:1156
- C:\Windows\System\LPFoKbY.exe
  C:\Windows\System\LPFoKbY.exe
  2⤵
  PID:432
- C:\Windows\System\rGCBAoO.exe
  C:\Windows\System\rGCBAoO.exe
  2⤵
  PID:3640
- C:\Windows\System\IPunlLy.exe
  C:\Windows\System\IPunlLy.exe
  2⤵
  PID:1632
- C:\Windows\System\iBnoYrJ.exe
  C:\Windows\System\iBnoYrJ.exe
  2⤵
  PID:3548
- C:\Windows\System\IexbPwz.exe
  C:\Windows\System\IexbPwz.exe
  2⤵
  PID:4492
- C:\Windows\System\uxdOkYA.exe
  C:\Windows\System\uxdOkYA.exe
  2⤵
  PID:4112
- C:\Windows\System\McRNLiu.exe
  C:\Windows\System\McRNLiu.exe
  2⤵
  PID:1028
- C:\Windows\System\VYixUNV.exe
  C:\Windows\System\VYixUNV.exe
  2⤵
  PID:4968
- C:\Windows\System\qUiGuhJ.exe
  C:\Windows\System\qUiGuhJ.exe
  2⤵
  PID:3136
- C:\Windows\System\sEwKxqd.exe
  C:\Windows\System\sEwKxqd.exe
  2⤵
  PID:5416
- C:\Windows\System\nqBPZUW.exe
  C:\Windows\System\nqBPZUW.exe
  2⤵
  PID:5704
- C:\Windows\System\hNUKYci.exe
  C:\Windows\System\hNUKYci.exe
  2⤵
  PID:5908
- C:\Windows\System\CKnbWHI.exe
  C:\Windows\System\CKnbWHI.exe
  2⤵
  PID:4452
- C:\Windows\System\btkBwLo.exe
  C:\Windows\System\btkBwLo.exe
  2⤵
  PID:4960
- C:\Windows\System\fcKifqW.exe
  C:\Windows\System\fcKifqW.exe
  2⤵
  PID:5952
- C:\Windows\System\ejQIZuo.exe
  C:\Windows\System\ejQIZuo.exe
  2⤵
  PID:1396
- C:\Windows\System\OjbNjgY.exe
  C:\Windows\System\OjbNjgY.exe
  2⤵
  PID:6128
- C:\Windows\System\RySMCLL.exe
  C:\Windows\System\RySMCLL.exe
  2⤵
  PID:4232
- C:\Windows\System\sEkZpuU.exe
  C:\Windows\System\sEkZpuU.exe
  2⤵
  PID:5136
- C:\Windows\System\eGPFPdT.exe
  C:\Windows\System\eGPFPdT.exe
  2⤵
  PID:5360
- C:\Windows\System\sifbpwV.exe
  C:\Windows\System\sifbpwV.exe
  2⤵
  PID:2948
- C:\Windows\System\BuJuruq.exe
  C:\Windows\System\BuJuruq.exe
  2⤵
  PID:4052
- C:\Windows\System\QBNDXDK.exe
  C:\Windows\System\QBNDXDK.exe
  2⤵
  PID:4128
- C:\Windows\System\KfQKPge.exe
  C:\Windows\System\KfQKPge.exe
  2⤵
  PID:5656
- C:\Windows\System\LhVZWQd.exe
  C:\Windows\System\LhVZWQd.exe
  2⤵
  PID:5104
- C:\Windows\System\GjEWoQu.exe
  C:\Windows\System\GjEWoQu.exe
  2⤵
  PID:5748
- C:\Windows\System\PzDAwuP.exe
  C:\Windows\System\PzDAwuP.exe
  2⤵
  PID:6152
- C:\Windows\System\hgsUlWR.exe
  C:\Windows\System\hgsUlWR.exe
  2⤵
  PID:6180
- C:\Windows\System\pvQOLHC.exe
  C:\Windows\System\pvQOLHC.exe
  2⤵
  PID:6208
- C:\Windows\System\FdjPmsn.exe
  C:\Windows\System\FdjPmsn.exe
  2⤵
  PID:6240
- C:\Windows\System\KkyOlmz.exe
  C:\Windows\System\KkyOlmz.exe
  2⤵
  PID:6264
- C:\Windows\System\uWDIqEM.exe
  C:\Windows\System\uWDIqEM.exe
  2⤵
  PID:6284
- C:\Windows\System\hAjTAaf.exe
  C:\Windows\System\hAjTAaf.exe
  2⤵
  PID:6316
- C:\Windows\System\OFVvHKP.exe
  C:\Windows\System\OFVvHKP.exe
  2⤵
  PID:6344
- C:\Windows\System\glCEccN.exe
  C:\Windows\System\glCEccN.exe
  2⤵
  PID:6368
- C:\Windows\System\cmhYyJk.exe
  C:\Windows\System\cmhYyJk.exe
  2⤵
  PID:6408
- C:\Windows\System\NuGzGON.exe
  C:\Windows\System\NuGzGON.exe
  2⤵
  PID:6432
- C:\Windows\System\DmoqeVl.exe
  C:\Windows\System\DmoqeVl.exe
  2⤵
  PID:6492
- C:\Windows\System\GlHmIKk.exe
  C:\Windows\System\GlHmIKk.exe
  2⤵
  PID:6552
- C:\Windows\System\IxEMJVI.exe
  C:\Windows\System\IxEMJVI.exe
  2⤵
  PID:6572
- C:\Windows\System\naZTRWL.exe
  C:\Windows\System\naZTRWL.exe
  2⤵
  PID:6628
- C:\Windows\System\tkXNZBs.exe
  C:\Windows\System\tkXNZBs.exe
  2⤵
  PID:6656
- C:\Windows\System\MMhUOCv.exe
  C:\Windows\System\MMhUOCv.exe
  2⤵
  PID:6684
- C:\Windows\System\OlEkTLp.exe
  C:\Windows\System\OlEkTLp.exe
  2⤵
  PID:6716
- C:\Windows\System\jmXoYWe.exe
  C:\Windows\System\jmXoYWe.exe
  2⤵
  PID:6748
- C:\Windows\System\aQSsMSY.exe
  C:\Windows\System\aQSsMSY.exe
  2⤵
  PID:6784
- C:\Windows\System\KYoZMgL.exe
  C:\Windows\System\KYoZMgL.exe
  2⤵
  PID:6816
- C:\Windows\System\SGcMzJT.exe
  C:\Windows\System\SGcMzJT.exe
  2⤵
  PID:6836
- C:\Windows\System\AIEtcgv.exe
  C:\Windows\System\AIEtcgv.exe
  2⤵
  PID:6860
- C:\Windows\System\iBSEdLu.exe
  C:\Windows\System\iBSEdLu.exe
  2⤵
  PID:6900
- C:\Windows\System\JHAdSjn.exe
  C:\Windows\System\JHAdSjn.exe
  2⤵
  PID:6920
- C:\Windows\System\AoUUDCO.exe
  C:\Windows\System\AoUUDCO.exe
  2⤵
  PID:6960
- C:\Windows\System\qnecUUe.exe
  C:\Windows\System\qnecUUe.exe
  2⤵
  PID:6980
- C:\Windows\System\IzwCJQX.exe
  C:\Windows\System\IzwCJQX.exe
  2⤵
  PID:7004
- C:\Windows\System\eVzVEYV.exe
  C:\Windows\System\eVzVEYV.exe
  2⤵
  PID:7036
- C:\Windows\System\NhjyHSc.exe
  C:\Windows\System\NhjyHSc.exe
  2⤵
  PID:7072
- C:\Windows\System\THWAjDj.exe
  C:\Windows\System\THWAjDj.exe
  2⤵
  PID:7096
- C:\Windows\System\hLtkXIg.exe
  C:\Windows\System\hLtkXIg.exe
  2⤵
  PID:7120
- C:\Windows\System\wnTvogq.exe
  C:\Windows\System\wnTvogq.exe
  2⤵
  PID:7160
- C:\Windows\System\SjfPAbZ.exe
  C:\Windows\System\SjfPAbZ.exe
  2⤵
  PID:6192
- C:\Windows\System\EmTfnsJ.exe
  C:\Windows\System\EmTfnsJ.exe
  2⤵
  PID:6248
- C:\Windows\System\aULrqhS.exe
  C:\Windows\System\aULrqhS.exe
  2⤵
  PID:2940
- C:\Windows\System\AQDQFqk.exe
  C:\Windows\System\AQDQFqk.exe
  2⤵
  PID:6352
- C:\Windows\System\UbDqNrb.exe
  C:\Windows\System\UbDqNrb.exe
  2⤵
  PID:6452
- C:\Windows\System\ANlyBRt.exe
  C:\Windows\System\ANlyBRt.exe
  2⤵
  PID:2880
- C:\Windows\System\kGoYtwX.exe
  C:\Windows\System\kGoYtwX.exe
  2⤵
  PID:6504
- C:\Windows\System\nlIFCEH.exe
  C:\Windows\System\nlIFCEH.exe
  2⤵
  PID:6568
- C:\Windows\System\ipKGDik.exe
  C:\Windows\System\ipKGDik.exe
  2⤵
  PID:6644
- C:\Windows\System\BErmWfn.exe
  C:\Windows\System\BErmWfn.exe
  2⤵
  PID:6708
- C:\Windows\System\GBJNwjh.exe
  C:\Windows\System\GBJNwjh.exe
  2⤵
  PID:6664
- C:\Windows\System\bzPYweL.exe
  C:\Windows\System\bzPYweL.exe
  2⤵
  PID:6760
- C:\Windows\System\QZpuNsx.exe
  C:\Windows\System\QZpuNsx.exe
  2⤵
  PID:6828
- C:\Windows\System\UPdFBtZ.exe
  C:\Windows\System\UPdFBtZ.exe
  2⤵
  PID:6916
- C:\Windows\System\mvdzBOI.exe
  C:\Windows\System\mvdzBOI.exe
  2⤵
  PID:6976
- C:\Windows\System\PIYTzvQ.exe
  C:\Windows\System\PIYTzvQ.exe
  2⤵
  PID:7052
- C:\Windows\System\VPQWuSW.exe
  C:\Windows\System\VPQWuSW.exe
  2⤵
  PID:7112
- C:\Windows\System\oBKdtZF.exe
  C:\Windows\System\oBKdtZF.exe
  2⤵
  PID:6160
- C:\Windows\System\TWLPzNu.exe
  C:\Windows\System\TWLPzNu.exe
  2⤵
  PID:6336
- C:\Windows\System\jnQeHlA.exe
  C:\Windows\System\jnQeHlA.exe
  2⤵
  PID:4548
- C:\Windows\System\fFVVIEk.exe
  C:\Windows\System\fFVVIEk.exe
  2⤵
  PID:6704
- C:\Windows\System\GaoLDuD.exe
  C:\Windows\System\GaoLDuD.exe
  2⤵
  PID:6792
- C:\Windows\System\HIMRqZt.exe
  C:\Windows\System\HIMRqZt.exe
  2⤵
  PID:6308
- C:\Windows\System\QvDWXZY.exe
  C:\Windows\System\QvDWXZY.exe
  2⤵
  PID:6216
- C:\Windows\System\ByqHFDY.exe
  C:\Windows\System\ByqHFDY.exe
  2⤵
  PID:7192
- C:\Windows\System\tjwWLaC.exe
  C:\Windows\System\tjwWLaC.exe
  2⤵
  PID:7220
- C:\Windows\System\jLtXGut.exe
  C:\Windows\System\jLtXGut.exe
  2⤵
  PID:7252
- C:\Windows\System\xzcHmov.exe
  C:\Windows\System\xzcHmov.exe
  2⤵
  PID:7288
- C:\Windows\System\OZfQMzB.exe
  C:\Windows\System\OZfQMzB.exe
  2⤵
  PID:7316
- C:\Windows\System\xVCqPlK.exe
  C:\Windows\System\xVCqPlK.exe
  2⤵
  PID:7348
- C:\Windows\System\TavKzZq.exe
  C:\Windows\System\TavKzZq.exe
  2⤵
  PID:7372
- C:\Windows\System\glZOOJb.exe
  C:\Windows\System\glZOOJb.exe
  2⤵
  PID:7412
- C:\Windows\System\QaogMtp.exe
  C:\Windows\System\QaogMtp.exe
  2⤵
  PID:7476
- C:\Windows\System\tmGmjiO.exe
  C:\Windows\System\tmGmjiO.exe
  2⤵
  PID:7496
- C:\Windows\System\ylEqgqd.exe
  C:\Windows\System\ylEqgqd.exe
  2⤵
  PID:7524
- C:\Windows\System\oyQlhYw.exe
  C:\Windows\System\oyQlhYw.exe
  2⤵
  PID:7560
- C:\Windows\System\SaBjyMG.exe
  C:\Windows\System\SaBjyMG.exe
  2⤵
  PID:7588
- C:\Windows\System\OwbgHiQ.exe
  C:\Windows\System\OwbgHiQ.exe
  2⤵
  PID:7616
- C:\Windows\System\XPwhkgl.exe
  C:\Windows\System\XPwhkgl.exe
  2⤵
  PID:7644
- C:\Windows\System\FLYRJjF.exe
  C:\Windows\System\FLYRJjF.exe
  2⤵
  PID:7672
- C:\Windows\System\meSHbVO.exe
  C:\Windows\System\meSHbVO.exe
  2⤵
  PID:7700
- C:\Windows\System\pEjcNul.exe
  C:\Windows\System\pEjcNul.exe
  2⤵
  PID:7728
- C:\Windows\System\sFJybQQ.exe
  C:\Windows\System\sFJybQQ.exe
  2⤵
  PID:7756
- C:\Windows\System\LalxOZH.exe
  C:\Windows\System\LalxOZH.exe
  2⤵
  PID:7784
- C:\Windows\System\IFZysmH.exe
  C:\Windows\System\IFZysmH.exe
  2⤵
  PID:7812
- C:\Windows\System\nIBvKHq.exe
  C:\Windows\System\nIBvKHq.exe
  2⤵
  PID:7860
- C:\Windows\System\bKGMhGq.exe
  C:\Windows\System\bKGMhGq.exe
  2⤵
  PID:7908
- C:\Windows\System\IUZFFRn.exe
  C:\Windows\System\IUZFFRn.exe
  2⤵
  PID:7936
- C:\Windows\System\WQXzRwa.exe
  C:\Windows\System\WQXzRwa.exe
  2⤵
  PID:7964
- C:\Windows\System\JofvZTx.exe
  C:\Windows\System\JofvZTx.exe
  2⤵
  PID:8000
- C:\Windows\System\hEwkaqi.exe
  C:\Windows\System\hEwkaqi.exe
  2⤵
  PID:8028
- C:\Windows\System\AiQrWrN.exe
  C:\Windows\System\AiQrWrN.exe
  2⤵
  PID:8060
- C:\Windows\System\aJIreIy.exe
  C:\Windows\System\aJIreIy.exe
  2⤵
  PID:8100
- C:\Windows\System\AYhPZYs.exe
  C:\Windows\System\AYhPZYs.exe
  2⤵
  PID:8152
- C:\Windows\System\rckZawJ.exe
  C:\Windows\System\rckZawJ.exe
  2⤵
  PID:8184
- C:\Windows\System\laeUgLe.exe
  C:\Windows\System\laeUgLe.exe
  2⤵
  PID:7212
- C:\Windows\System\YHlHREy.exe
  C:\Windows\System\YHlHREy.exe
  2⤵
  PID:7248
- C:\Windows\System\isCFGkU.exe
  C:\Windows\System\isCFGkU.exe
  2⤵
  PID:7328
- C:\Windows\System\LaYvKYg.exe
  C:\Windows\System\LaYvKYg.exe
  2⤵
  PID:7440
- C:\Windows\System\idaNkLE.exe
  C:\Windows\System\idaNkLE.exe
  2⤵
  PID:7540
- C:\Windows\System\FBzJZBJ.exe
  C:\Windows\System\FBzJZBJ.exe
  2⤵
  PID:7600
- C:\Windows\System\beMLLVm.exe
  C:\Windows\System\beMLLVm.exe
  2⤵
  PID:7608
- C:\Windows\System\rBxglKj.exe
  C:\Windows\System\rBxglKj.exe
  2⤵
  PID:7636
- C:\Windows\System\dfOiLXd.exe
  C:\Windows\System\dfOiLXd.exe
  2⤵
  PID:7712
- C:\Windows\System\VxcLrAi.exe
  C:\Windows\System\VxcLrAi.exe
  2⤵
  PID:7768
- C:\Windows\System\EzGoMGm.exe
  C:\Windows\System\EzGoMGm.exe
  2⤵
  PID:7848
- C:\Windows\System\OkzQbBB.exe
  C:\Windows\System\OkzQbBB.exe
  2⤵
  PID:7892
- C:\Windows\System\xlHmApc.exe
  C:\Windows\System\xlHmApc.exe
  2⤵
  PID:7948
- C:\Windows\System\vbogUzh.exe
  C:\Windows\System\vbogUzh.exe
  2⤵
  PID:8052
- C:\Windows\System\dGJjlGz.exe
  C:\Windows\System\dGJjlGz.exe
  2⤵
  PID:8096
- C:\Windows\System\rqnmnkl.exe
  C:\Windows\System\rqnmnkl.exe
  2⤵
  PID:4508
- C:\Windows\System\frVAPcf.exe
  C:\Windows\System\frVAPcf.exe
  2⤵
  PID:8180
- C:\Windows\System\KoZwaal.exe
  C:\Windows\System\KoZwaal.exe
  2⤵
  PID:7300
- C:\Windows\System\USsOxcz.exe
  C:\Windows\System\USsOxcz.exe
  2⤵
  PID:7572
- C:\Windows\System\gqrCnGn.exe
  C:\Windows\System\gqrCnGn.exe
  2⤵
  PID:7456
- C:\Windows\System\YNFfvgH.exe
  C:\Windows\System\YNFfvgH.exe
  2⤵
  PID:7692
- C:\Windows\System\sEPxBVi.exe
  C:\Windows\System\sEPxBVi.exe
  2⤵
  PID:7832
- C:\Windows\System\ZZvndtj.exe
  C:\Windows\System\ZZvndtj.exe
  2⤵
  PID:8128
- C:\Windows\System\qktMnzW.exe
  C:\Windows\System\qktMnzW.exe
  2⤵
  PID:8124
- C:\Windows\System\IOCVABS.exe
  C:\Windows\System\IOCVABS.exe
  2⤵
  PID:8092
- C:\Windows\System\onLRYNJ.exe
  C:\Windows\System\onLRYNJ.exe
  2⤵
  PID:4740
- C:\Windows\System\TdiZkCX.exe
  C:\Windows\System\TdiZkCX.exe
  2⤵
  PID:7452
- C:\Windows\System\BHczpCj.exe
  C:\Windows\System\BHczpCj.exe
  2⤵
  PID:7796
- C:\Windows\System\rBihDBp.exe
  C:\Windows\System\rBihDBp.exe
  2⤵
  PID:7896
- C:\Windows\System\pkPDesn.exe
  C:\Windows\System\pkPDesn.exe
  2⤵
  PID:2716
- C:\Windows\System\tOJZpjd.exe
  C:\Windows\System\tOJZpjd.exe
  2⤵
  PID:7032
- C:\Windows\System\TJZyYMt.exe
  C:\Windows\System\TJZyYMt.exe
  2⤵
  PID:2016
- C:\Windows\System\eqkgVaf.exe
  C:\Windows\System\eqkgVaf.exe
  2⤵
  PID:6048
- C:\Windows\System\CQpddak.exe
  C:\Windows\System\CQpddak.exe
  2⤵
  PID:2872
- C:\Windows\System\kpjOZuD.exe
  C:\Windows\System\kpjOZuD.exe
  2⤵
  PID:8012
- C:\Windows\System\nsiJRNp.exe
  C:\Windows\System\nsiJRNp.exe
  2⤵
  PID:6064
- C:\Windows\System\FxfzmiO.exe
  C:\Windows\System\FxfzmiO.exe
  2⤵
  PID:8136
- C:\Windows\System\bLwskZw.exe
  C:\Windows\System\bLwskZw.exe
  2⤵
  PID:1852
- C:\Windows\System\CImauTk.exe
  C:\Windows\System\CImauTk.exe
  2⤵
  PID:7584
- C:\Windows\System\johkPHI.exe
  C:\Windows\System\johkPHI.exe
  2⤵
  PID:8220
- C:\Windows\System\vjyCrQD.exe
  C:\Windows\System\vjyCrQD.exe
  2⤵
  PID:8248
- C:\Windows\System\WZhoggD.exe
  C:\Windows\System\WZhoggD.exe
  2⤵
  PID:8276
- C:\Windows\System\BWKUCTd.exe
  C:\Windows\System\BWKUCTd.exe
  2⤵
  PID:8304
- C:\Windows\System\MNkJBKY.exe
  C:\Windows\System\MNkJBKY.exe
  2⤵
  PID:8332
- C:\Windows\System\aeqBKTz.exe
  C:\Windows\System\aeqBKTz.exe
  2⤵
  PID:8360
- C:\Windows\System\PbwkJmd.exe
  C:\Windows\System\PbwkJmd.exe
  2⤵
  PID:8388
- C:\Windows\System\xDURAuQ.exe
  C:\Windows\System\xDURAuQ.exe
  2⤵
  PID:8416
- C:\Windows\System\CHKDHHo.exe
  C:\Windows\System\CHKDHHo.exe
  2⤵
  PID:8444
- C:\Windows\System\AJvbiEl.exe
  C:\Windows\System\AJvbiEl.exe
  2⤵
  PID:8472
- C:\Windows\System\XVzrxVZ.exe
  C:\Windows\System\XVzrxVZ.exe
  2⤵
  PID:8500
- C:\Windows\System\aLuHnsK.exe
  C:\Windows\System\aLuHnsK.exe
  2⤵
  PID:8528
- C:\Windows\System\fQUEndk.exe
  C:\Windows\System\fQUEndk.exe
  2⤵
  PID:8556
- C:\Windows\System\IFXcKQY.exe
  C:\Windows\System\IFXcKQY.exe
  2⤵
  PID:8584
- C:\Windows\System\gCHpSju.exe
  C:\Windows\System\gCHpSju.exe
  2⤵
  PID:8612
- C:\Windows\System\mpakpMT.exe
  C:\Windows\System\mpakpMT.exe
  2⤵
  PID:8640
- C:\Windows\System\JroPBrD.exe
  C:\Windows\System\JroPBrD.exe
  2⤵
  PID:8668
- C:\Windows\System\GRjQkmo.exe
  C:\Windows\System\GRjQkmo.exe
  2⤵
  PID:8696
- C:\Windows\System\RpzWICK.exe
  C:\Windows\System\RpzWICK.exe
  2⤵
  PID:8724
- C:\Windows\System\FaUQirB.exe
  C:\Windows\System\FaUQirB.exe
  2⤵
  PID:8752
- C:\Windows\System\mOITAgn.exe
  C:\Windows\System\mOITAgn.exe
  2⤵
  PID:8780
- C:\Windows\System\JEIQZjY.exe
  C:\Windows\System\JEIQZjY.exe
  2⤵
  PID:8808
- C:\Windows\System\jUqUjuC.exe
  C:\Windows\System\jUqUjuC.exe
  2⤵
  PID:8840
- C:\Windows\System\WaydbIb.exe
  C:\Windows\System\WaydbIb.exe
  2⤵
  PID:8868
- C:\Windows\System\HqBCMNG.exe
  C:\Windows\System\HqBCMNG.exe
  2⤵
  PID:8884
- C:\Windows\System\FOGtpOK.exe
  C:\Windows\System\FOGtpOK.exe
  2⤵
  PID:8920
- C:\Windows\System\zoyTnAd.exe
  C:\Windows\System\zoyTnAd.exe
  2⤵
  PID:8936
- C:\Windows\System\nukZPSB.exe
  C:\Windows\System\nukZPSB.exe
  2⤵
  PID:8972
- C:\Windows\System\TJbKauy.exe
  C:\Windows\System\TJbKauy.exe
  2⤵
  PID:9004
- C:\Windows\System\OENtUPM.exe
  C:\Windows\System\OENtUPM.exe
  2⤵
  PID:9024
- C:\Windows\System\zyNWfWp.exe
  C:\Windows\System\zyNWfWp.exe
  2⤵
  PID:9056
- C:\Windows\System\xPXFoHQ.exe
  C:\Windows\System\xPXFoHQ.exe
  2⤵
  PID:9088
- C:\Windows\System\hbqtrhZ.exe
  C:\Windows\System\hbqtrhZ.exe
  2⤵
  PID:9120
- C:\Windows\System\sjYuuoL.exe
  C:\Windows\System\sjYuuoL.exe
  2⤵
  PID:9160
- C:\Windows\System\fSsvvqd.exe
  C:\Windows\System\fSsvvqd.exe
  2⤵
  PID:9204
- C:\Windows\System\lxnWcSc.exe
  C:\Windows\System\lxnWcSc.exe
  2⤵
  PID:4392
- C:\Windows\System\CJurInL.exe
  C:\Windows\System\CJurInL.exe
  2⤵
  PID:8268
- C:\Windows\System\ExrjjAb.exe
  C:\Windows\System\ExrjjAb.exe
  2⤵
  PID:1732
- C:\Windows\System\KAWXvTQ.exe
  C:\Windows\System\KAWXvTQ.exe
  2⤵
  PID:8412
- C:\Windows\System\MCKsOlH.exe
  C:\Windows\System\MCKsOlH.exe
  2⤵
  PID:8456
- C:\Windows\System\uUmoKGW.exe
  C:\Windows\System\uUmoKGW.exe
  2⤵
  PID:8548
- C:\Windows\System\sCvCGak.exe
  C:\Windows\System\sCvCGak.exe
  2⤵
  PID:4844
- C:\Windows\System\BSEJzXk.exe
  C:\Windows\System\BSEJzXk.exe
  2⤵
  PID:8636
- C:\Windows\System\PlGMLXE.exe
  C:\Windows\System\PlGMLXE.exe
  2⤵
  PID:8708
- C:\Windows\System\PjbQojg.exe
  C:\Windows\System\PjbQojg.exe
  2⤵
  PID:8792
- C:\Windows\System\wRPabGJ.exe
  C:\Windows\System\wRPabGJ.exe
  2⤵
  PID:8836
- C:\Windows\System\FbSlRFj.exe
  C:\Windows\System\FbSlRFj.exe
  2⤵
  PID:8960
- C:\Windows\System\VtiJXGP.exe
  C:\Windows\System\VtiJXGP.exe
  2⤵
  PID:9016
- C:\Windows\System\GAWpCBZ.exe
  C:\Windows\System\GAWpCBZ.exe
  2⤵
  PID:9064
- C:\Windows\System\ChZltFM.exe
  C:\Windows\System\ChZltFM.exe
  2⤵
  PID:9168
- C:\Windows\System\TavkIhy.exe
  C:\Windows\System\TavkIhy.exe
  2⤵
  PID:9192
- C:\Windows\System\bFpfeFk.exe
  C:\Windows\System\bFpfeFk.exe
  2⤵
  PID:8328
- C:\Windows\System\cxTYSyJ.exe
  C:\Windows\System\cxTYSyJ.exe
  2⤵
  PID:8436
- C:\Windows\System\KOocBRr.exe
  C:\Windows\System\KOocBRr.exe
  2⤵
  PID:8524
- C:\Windows\System\ZcEnEXv.exe
  C:\Windows\System\ZcEnEXv.exe
  2⤵
  PID:7852
- C:\Windows\System\HKWHvih.exe
  C:\Windows\System\HKWHvih.exe
  2⤵
  PID:4984
- C:\Windows\System\zAPzufP.exe
  C:\Windows\System\zAPzufP.exe
  2⤵
  PID:8772
- C:\Windows\System\WqDrRCb.exe
  C:\Windows\System\WqDrRCb.exe
  2⤵
  PID:8876
- C:\Windows\System\fgISieR.exe
  C:\Windows\System\fgISieR.exe
  2⤵
  PID:1324
- C:\Windows\System\QncdVax.exe
  C:\Windows\System\QncdVax.exe
  2⤵
  PID:9116
- C:\Windows\System\vxOULjM.exe
  C:\Windows\System\vxOULjM.exe
  2⤵
  PID:8260
- C:\Windows\System\EJTODEU.exe
  C:\Windows\System\EJTODEU.exe
  2⤵
  PID:7988
- C:\Windows\System\GiPOfJm.exe
  C:\Windows\System\GiPOfJm.exe
  2⤵
  PID:8736
- C:\Windows\System\yVvGhth.exe
  C:\Windows\System\yVvGhth.exe
  2⤵
  PID:808
- C:\Windows\System\SZYvtaw.exe
  C:\Windows\System\SZYvtaw.exe
  2⤵
  PID:9072
- C:\Windows\System\uWBXLlg.exe
  C:\Windows\System\uWBXLlg.exe
  2⤵
  PID:8608
- C:\Windows\System\fEOYlUY.exe
  C:\Windows\System\fEOYlUY.exe
  2⤵
  PID:1404
- C:\Windows\System\vucXDvV.exe
  C:\Windows\System\vucXDvV.exe
  2⤵
  PID:9012
- C:\Windows\System\QyNzUyj.exe
  C:\Windows\System\QyNzUyj.exe
  2⤵
  PID:9224
- C:\Windows\System\PBAIsTI.exe
  C:\Windows\System\PBAIsTI.exe
  2⤵
  PID:9252
- C:\Windows\System\YkJCfqH.exe
  C:\Windows\System\YkJCfqH.exe
  2⤵
  PID:9280
- C:\Windows\System\YYACZzJ.exe
  C:\Windows\System\YYACZzJ.exe
  2⤵
  PID:9308
- C:\Windows\System\gSldGfy.exe
  C:\Windows\System\gSldGfy.exe
  2⤵
  PID:9340
- C:\Windows\System\XtVnBXe.exe
  C:\Windows\System\XtVnBXe.exe
  2⤵
  PID:9368
- C:\Windows\System\AyEuACP.exe
  C:\Windows\System\AyEuACP.exe
  2⤵
  PID:9396
- C:\Windows\System\YewoFRG.exe
  C:\Windows\System\YewoFRG.exe
  2⤵
  PID:9424
- C:\Windows\System\GMJPmqz.exe
  C:\Windows\System\GMJPmqz.exe
  2⤵
  PID:9452
- C:\Windows\System\kadqaEC.exe
  C:\Windows\System\kadqaEC.exe
  2⤵
  PID:9480
- C:\Windows\System\mPnGryN.exe
  C:\Windows\System\mPnGryN.exe
  2⤵
  PID:9508
- C:\Windows\System\oBGXdNS.exe
  C:\Windows\System\oBGXdNS.exe
  2⤵
  PID:9536
- C:\Windows\System\mWjFHRN.exe
  C:\Windows\System\mWjFHRN.exe
  2⤵
  PID:9612
- C:\Windows\System\lWXhCOc.exe
  C:\Windows\System\lWXhCOc.exe
  2⤵
  PID:9640
- C:\Windows\System\TZXxAwk.exe
  C:\Windows\System\TZXxAwk.exe
  2⤵
  PID:9668
- C:\Windows\System\SsEPGat.exe
  C:\Windows\System\SsEPGat.exe
  2⤵
  PID:9696
- C:\Windows\System\rAWHcZd.exe
  C:\Windows\System\rAWHcZd.exe
  2⤵
  PID:9724
- C:\Windows\System\WrhBqwi.exe
  C:\Windows\System\WrhBqwi.exe
  2⤵
  PID:9752
- C:\Windows\System\lAGDkqq.exe
  C:\Windows\System\lAGDkqq.exe
  2⤵
  PID:9780
- C:\Windows\System\QbsvZRw.exe
  C:\Windows\System\QbsvZRw.exe
  2⤵
  PID:9808
- C:\Windows\System\uXDCPbx.exe
  C:\Windows\System\uXDCPbx.exe
  2⤵
  PID:9836
- C:\Windows\System\rmgfpHu.exe
  C:\Windows\System\rmgfpHu.exe
  2⤵
  PID:9864
- C:\Windows\System\aAHWjwB.exe
  C:\Windows\System\aAHWjwB.exe
  2⤵
  PID:9892
- C:\Windows\System\yQMijCf.exe
  C:\Windows\System\yQMijCf.exe
  2⤵
  PID:9920
- C:\Windows\System\bZLLCTP.exe
  C:\Windows\System\bZLLCTP.exe
  2⤵
  PID:9948
- C:\Windows\System\tJtwaLm.exe
  C:\Windows\System\tJtwaLm.exe
  2⤵
  PID:9976
- C:\Windows\System\ywhhcqy.exe
  C:\Windows\System\ywhhcqy.exe
  2⤵
  PID:10004
- C:\Windows\System\ncdXSxr.exe
  C:\Windows\System\ncdXSxr.exe
  2⤵
  PID:10032
- C:\Windows\System\iSnVjYU.exe
  C:\Windows\System\iSnVjYU.exe
  2⤵
  PID:10060
- C:\Windows\System\ZoowEFN.exe
  C:\Windows\System\ZoowEFN.exe
  2⤵
  PID:10088
- C:\Windows\System\kWVHwQz.exe
  C:\Windows\System\kWVHwQz.exe
  2⤵
  PID:10116
- C:\Windows\System\zYaaImC.exe
  C:\Windows\System\zYaaImC.exe
  2⤵
  PID:10148
- C:\Windows\System\sGbTDTa.exe
  C:\Windows\System\sGbTDTa.exe
  2⤵
  PID:10176
- C:\Windows\System\WrXEoAv.exe
  C:\Windows\System\WrXEoAv.exe
  2⤵
  PID:10220
- C:\Windows\System\KhiAAFH.exe
  C:\Windows\System\KhiAAFH.exe
  2⤵
  PID:9560
- C:\Windows\System\asuwcQG.exe
  C:\Windows\System\asuwcQG.exe
  2⤵
  PID:9576
- C:\Windows\System\UYVdyjJ.exe
  C:\Windows\System\UYVdyjJ.exe
  2⤵
  PID:9608
- C:\Windows\System\itgoNvA.exe
  C:\Windows\System\itgoNvA.exe
  2⤵
  PID:9664
- C:\Windows\System\rroKlod.exe
  C:\Windows\System\rroKlod.exe
  2⤵
  PID:9720
- C:\Windows\System\gtjDEiE.exe
  C:\Windows\System\gtjDEiE.exe
  2⤵
  PID:9792
- C:\Windows\System\MxpEZam.exe
  C:\Windows\System\MxpEZam.exe
  2⤵
  PID:9856
- C:\Windows\System\QsywUcZ.exe
  C:\Windows\System\QsywUcZ.exe
  2⤵
  PID:9916
- C:\Windows\System\HPzvgPw.exe
  C:\Windows\System\HPzvgPw.exe
  2⤵
  PID:9972
- C:\Windows\System\tUILNkJ.exe
  C:\Windows\System\tUILNkJ.exe
  2⤵
  PID:10044
- C:\Windows\System\IaPRSnz.exe
  C:\Windows\System\IaPRSnz.exe
  2⤵
  PID:10108
- C:\Windows\System\psSLcQj.exe
  C:\Windows\System\psSLcQj.exe
  2⤵
  PID:3468
- C:\Windows\System\svLLomt.exe
  C:\Windows\System\svLLomt.exe
  2⤵
  PID:10200
- C:\Windows\System\dKVrAnS.exe
  C:\Windows\System\dKVrAnS.exe
  2⤵
  PID:8860
- C:\Windows\System\YbYrWQf.exe
  C:\Windows\System\YbYrWQf.exe
  2⤵
  PID:9276
- C:\Windows\System\QZufUCg.exe
  C:\Windows\System\QZufUCg.exe
  2⤵
  PID:9352
- C:\Windows\System\yBvYgFq.exe
  C:\Windows\System\yBvYgFq.exe
  2⤵
  PID:9416
- C:\Windows\System\wETAudv.exe
  C:\Windows\System\wETAudv.exe
  2⤵
  PID:9500
- C:\Windows\System\ybFctvU.exe
  C:\Windows\System\ybFctvU.exe
  2⤵
  PID:1720
- C:\Windows\System\WDNNFBq.exe
  C:\Windows\System\WDNNFBq.exe
  2⤵
  PID:9660
- C:\Windows\System\zvTrQqd.exe
  C:\Windows\System\zvTrQqd.exe
  2⤵
  PID:9848
- C:\Windows\System\dGfAlIC.exe
  C:\Windows\System\dGfAlIC.exe
  2⤵
  PID:9944
- C:\Windows\System\oIwVzHw.exe
  C:\Windows\System\oIwVzHw.exe
  2⤵
  PID:10072
- C:\Windows\System\LcOSVWH.exe
  C:\Windows\System\LcOSVWH.exe
  2⤵
  PID:1420
- C:\Windows\System\BKQNewd.exe
  C:\Windows\System\BKQNewd.exe
  2⤵
  PID:9264
- C:\Windows\System\xMrSGAz.exe
  C:\Windows\System\xMrSGAz.exe
  2⤵
  PID:9408
- C:\Windows\System\RoLtbhL.exe
  C:\Windows\System\RoLtbhL.exe
  2⤵
  PID:9588
- C:\Windows\System\TqGeLsI.exe
  C:\Windows\System\TqGeLsI.exe
  2⤵
  PID:9904
- C:\Windows\System\EdLoXti.exe
  C:\Windows\System\EdLoXti.exe
  2⤵
  PID:10172
- C:\Windows\System\CnIAUah.exe
  C:\Windows\System\CnIAUah.exe
  2⤵
  PID:9472
- C:\Windows\System\YINGTLC.exe
  C:\Windows\System\YINGTLC.exe
  2⤵
  PID:10140
- C:\Windows\System\TrGHjbw.exe
  C:\Windows\System\TrGHjbw.exe
  2⤵
  PID:10024
- C:\Windows\System\jBxOUle.exe
  C:\Windows\System\jBxOUle.exe
  2⤵
  PID:10256
- C:\Windows\System\OEQaEIl.exe
  C:\Windows\System\OEQaEIl.exe
  2⤵
  PID:10284
- C:\Windows\System\CwoOLba.exe
  C:\Windows\System\CwoOLba.exe
  2⤵
  PID:10312
- C:\Windows\System\QEFZXOD.exe
  C:\Windows\System\QEFZXOD.exe
  2⤵
  PID:10340
- C:\Windows\System\ndCdMUH.exe
  C:\Windows\System\ndCdMUH.exe
  2⤵
  PID:10368
- C:\Windows\System\bqYqRNf.exe
  C:\Windows\System\bqYqRNf.exe
  2⤵
  PID:10396
- C:\Windows\System\LYdPdVL.exe
  C:\Windows\System\LYdPdVL.exe
  2⤵
  PID:10424
- C:\Windows\System\TXQUUFL.exe
  C:\Windows\System\TXQUUFL.exe
  2⤵
  PID:10460
- C:\Windows\System\RlyNDcM.exe
  C:\Windows\System\RlyNDcM.exe
  2⤵
  PID:10480
- C:\Windows\System\RvPPiDz.exe
  C:\Windows\System\RvPPiDz.exe
  2⤵
  PID:10508
- C:\Windows\System\TUaXFoG.exe
  C:\Windows\System\TUaXFoG.exe
  2⤵
  PID:10536
- C:\Windows\System\lrqvHwh.exe
  C:\Windows\System\lrqvHwh.exe
  2⤵
  PID:10564
- C:\Windows\System\MUbcFDA.exe
  C:\Windows\System\MUbcFDA.exe
  2⤵
  PID:10592
- C:\Windows\System\YrGXQrp.exe
  C:\Windows\System\YrGXQrp.exe
  2⤵
  PID:10620
- C:\Windows\System\ibSAcID.exe
  C:\Windows\System\ibSAcID.exe
  2⤵
  PID:10652
- C:\Windows\System\aOtKDRW.exe
  C:\Windows\System\aOtKDRW.exe
  2⤵
  PID:10680
- C:\Windows\System\MVYTkNl.exe
  C:\Windows\System\MVYTkNl.exe
  2⤵
  PID:10708
- C:\Windows\System\gGZoqej.exe
  C:\Windows\System\gGZoqej.exe
  2⤵
  PID:10736
- C:\Windows\System\hbRPTlL.exe
  C:\Windows\System\hbRPTlL.exe
  2⤵
  PID:10764
- C:\Windows\System\aDtPwHd.exe
  C:\Windows\System\aDtPwHd.exe
  2⤵
  PID:10792
- C:\Windows\System\DKhsPIk.exe
  C:\Windows\System\DKhsPIk.exe
  2⤵
  PID:10820
- C:\Windows\System\lLWtTWU.exe
  C:\Windows\System\lLWtTWU.exe
  2⤵
  PID:10856
- C:\Windows\System\VymFInd.exe
  C:\Windows\System\VymFInd.exe
  2⤵
  PID:10896
- C:\Windows\System\SREnFoX.exe
  C:\Windows\System\SREnFoX.exe
  2⤵
  PID:10916
- C:\Windows\System\OqbVEBP.exe
  C:\Windows\System\OqbVEBP.exe
  2⤵
  PID:10944
- C:\Windows\System\EiwgaVd.exe
  C:\Windows\System\EiwgaVd.exe
  2⤵
  PID:10972
- C:\Windows\System\mdoRgrV.exe
  C:\Windows\System\mdoRgrV.exe
  2⤵
  PID:11000
- C:\Windows\System\OqywVAs.exe
  C:\Windows\System\OqywVAs.exe
  2⤵
  PID:11028
- C:\Windows\System\kFeHLvG.exe
  C:\Windows\System\kFeHLvG.exe
  2⤵
  PID:11056
- C:\Windows\System\bArEOAn.exe
  C:\Windows\System\bArEOAn.exe
  2⤵
  PID:11084
- C:\Windows\System\joBxVKp.exe
  C:\Windows\System\joBxVKp.exe
  2⤵
  PID:11112
- C:\Windows\System\wYQhyIm.exe
  C:\Windows\System\wYQhyIm.exe
  2⤵
  PID:11140
- C:\Windows\System\cfBLhxV.exe
  C:\Windows\System\cfBLhxV.exe
  2⤵
  PID:11168
- C:\Windows\System\clOsYzz.exe
  C:\Windows\System\clOsYzz.exe
  2⤵
  PID:11196
- C:\Windows\System\VHYXEGS.exe
  C:\Windows\System\VHYXEGS.exe
  2⤵
  PID:11224
- C:\Windows\System\tSbdDzV.exe
  C:\Windows\System\tSbdDzV.exe
  2⤵
  PID:11252
- C:\Windows\System\kKrOjZo.exe
  C:\Windows\System\kKrOjZo.exe
  2⤵
  PID:10276
- C:\Windows\System\uxWcsLR.exe
  C:\Windows\System\uxWcsLR.exe
  2⤵
  PID:10360
- C:\Windows\System\VcFtpdH.exe
  C:\Windows\System\VcFtpdH.exe
  2⤵
  PID:10408
- C:\Windows\System\GGIqeLX.exe
  C:\Windows\System\GGIqeLX.exe
  2⤵
  PID:10448
- C:\Windows\System\DfHvtEV.exe
  C:\Windows\System\DfHvtEV.exe
  2⤵
  PID:10520
- C:\Windows\System\DyPgtuh.exe
  C:\Windows\System\DyPgtuh.exe
  2⤵
  PID:10584
- C:\Windows\System\uQwcEyr.exe
  C:\Windows\System\uQwcEyr.exe
  2⤵
  PID:10664
- C:\Windows\System\GQGpnql.exe
  C:\Windows\System\GQGpnql.exe
  2⤵
  PID:10728
- C:\Windows\System\lYXdiry.exe
  C:\Windows\System\lYXdiry.exe
  2⤵
  PID:10784
- C:\Windows\System\EAgYUzk.exe
  C:\Windows\System\EAgYUzk.exe
  2⤵
  PID:10816
- C:\Windows\System\ZaQHpBt.exe
  C:\Windows\System\ZaQHpBt.exe
  2⤵
  PID:10884
- C:\Windows\System\CbEOQkn.exe
  C:\Windows\System\CbEOQkn.exe
  2⤵
  PID:10956
- C:\Windows\System\LikXbhy.exe
  C:\Windows\System\LikXbhy.exe
  2⤵
  PID:11020
- C:\Windows\System\gxptfdk.exe
  C:\Windows\System\gxptfdk.exe
  2⤵
  PID:11080
- C:\Windows\System\kTszOIi.exe
  C:\Windows\System\kTszOIi.exe
  2⤵
  PID:11152
- C:\Windows\System\DIcMwOC.exe
  C:\Windows\System\DIcMwOC.exe
  2⤵
  PID:11244
- C:\Windows\System\qFfnTbS.exe
  C:\Windows\System\qFfnTbS.exe
  2⤵
  PID:10268
- C:\Windows\System\DZZOsEg.exe
  C:\Windows\System\DZZOsEg.exe
  2⤵
  PID:10392
- C:\Windows\System\zfTUTmP.exe
  C:\Windows\System\zfTUTmP.exe
  2⤵
  PID:10548
- C:\Windows\System\YFyYVCt.exe
  C:\Windows\System\YFyYVCt.exe
  2⤵
  PID:10704
- C:\Windows\System\WHjuTWl.exe
  C:\Windows\System\WHjuTWl.exe
  2⤵
  PID:10852
- C:\Windows\System\MCkNsTo.exe
  C:\Windows\System\MCkNsTo.exe
  2⤵
  PID:10996
- C:\Windows\System\iKiKLZv.exe
  C:\Windows\System\iKiKLZv.exe
  2⤵
  PID:11180
- C:\Windows\System\xGBmpjF.exe
  C:\Windows\System\xGBmpjF.exe
  2⤵
  PID:10324
- C:\Windows\System\zZIDiSj.exe
  C:\Windows\System\zZIDiSj.exe
  2⤵
  PID:10616
- C:\Windows\System\qZjGcXx.exe
  C:\Windows\System\qZjGcXx.exe
  2⤵
  PID:10984
- C:\Windows\System\BOTbtgV.exe
  C:\Windows\System\BOTbtgV.exe
  2⤵
  PID:4972
- C:\Windows\System\CvEtbTF.exe
  C:\Windows\System\CvEtbTF.exe
  2⤵
  PID:5088
- C:\Windows\System\bAXrcXB.exe
  C:\Windows\System\bAXrcXB.exe
  2⤵
  PID:10812
- C:\Windows\System\LqRyISP.exe
  C:\Windows\System\LqRyISP.exe
  2⤵
  PID:11268
- C:\Windows\System\nVgXRgQ.exe
  C:\Windows\System\nVgXRgQ.exe
  2⤵
  PID:11296
- C:\Windows\System\lJbUlHI.exe
  C:\Windows\System\lJbUlHI.exe
  2⤵
  PID:11324
- C:\Windows\System\mgbrGua.exe
  C:\Windows\System\mgbrGua.exe
  2⤵
  PID:11352
- C:\Windows\System\rvyyBrz.exe
  C:\Windows\System\rvyyBrz.exe
  2⤵
  PID:11380
- C:\Windows\System\ZNKaPaX.exe
  C:\Windows\System\ZNKaPaX.exe
  2⤵
  PID:11408
- C:\Windows\System\ZqXaOLm.exe
  C:\Windows\System\ZqXaOLm.exe
  2⤵
  PID:11440
- C:\Windows\System\dYrZmNb.exe
  C:\Windows\System\dYrZmNb.exe
  2⤵
  PID:11484
- C:\Windows\System\FwIShCa.exe
  C:\Windows\System\FwIShCa.exe
  2⤵
  PID:11508
- C:\Windows\System\epdtRrh.exe
  C:\Windows\System\epdtRrh.exe
  2⤵
  PID:11536
- C:\Windows\System\mCibrRZ.exe
  C:\Windows\System\mCibrRZ.exe
  2⤵
  PID:11564
- C:\Windows\System\ACbCYeH.exe
  C:\Windows\System\ACbCYeH.exe
  2⤵
  PID:11592
- C:\Windows\System\PDRNCbZ.exe
  C:\Windows\System\PDRNCbZ.exe
  2⤵
  PID:11620
- C:\Windows\System\KapIXKp.exe
  C:\Windows\System\KapIXKp.exe
  2⤵
  PID:11648
- C:\Windows\System\FPByufM.exe
  C:\Windows\System\FPByufM.exe
  2⤵
  PID:11676
- C:\Windows\System\EfIVfeV.exe
  C:\Windows\System\EfIVfeV.exe
  2⤵
  PID:11704
- C:\Windows\System\IUfFfUd.exe
  C:\Windows\System\IUfFfUd.exe
  2⤵
  PID:11732
- C:\Windows\System\eZkWwAu.exe
  C:\Windows\System\eZkWwAu.exe
  2⤵
  PID:11760
- C:\Windows\System\WRLJjmF.exe
  C:\Windows\System\WRLJjmF.exe
  2⤵
  PID:11788
- C:\Windows\System\XXiTFyU.exe
  C:\Windows\System\XXiTFyU.exe
  2⤵
  PID:11816
- C:\Windows\System\iPPxtkO.exe
  C:\Windows\System\iPPxtkO.exe
  2⤵
  PID:11844
- C:\Windows\System\sfXABRb.exe
  C:\Windows\System\sfXABRb.exe
  2⤵
  PID:11892
- C:\Windows\System\DLEFJGl.exe
  C:\Windows\System\DLEFJGl.exe
  2⤵
  PID:11908
- C:\Windows\System\cJnOjKh.exe
  C:\Windows\System\cJnOjKh.exe
  2⤵
  PID:11936
- C:\Windows\System\YoHFysJ.exe
  C:\Windows\System\YoHFysJ.exe
  2⤵
  PID:11956
- C:\Windows\System\VqxBOgt.exe
  C:\Windows\System\VqxBOgt.exe
  2⤵
  PID:11988
- C:\Windows\System\QRehIlW.exe
  C:\Windows\System\QRehIlW.exe
  2⤵
  PID:12024
- C:\Windows\System\vKwdrno.exe
  C:\Windows\System\vKwdrno.exe
  2⤵
  PID:12056
- C:\Windows\System\DwHvYcp.exe
  C:\Windows\System\DwHvYcp.exe
  2⤵
  PID:12088
- C:\Windows\System\PeilTYM.exe
  C:\Windows\System\PeilTYM.exe
  2⤵
  PID:12128
- C:\Windows\System\cgUJcVy.exe
  C:\Windows\System\cgUJcVy.exe
  2⤵
  PID:12156
- C:\Windows\System\qSWbJAg.exe
  C:\Windows\System\qSWbJAg.exe
  2⤵
  PID:12180
- C:\Windows\System\kJPQYjy.exe
  C:\Windows\System\kJPQYjy.exe
  2⤵
  PID:12240
- C:\Windows\System\elDDuFB.exe
  C:\Windows\System\elDDuFB.exe
  2⤵
  PID:12268
- C:\Windows\System\hCMnEtS.exe
  C:\Windows\System\hCMnEtS.exe
  2⤵
  PID:10388
- C:\Windows\System\Aberzcp.exe
  C:\Windows\System\Aberzcp.exe
  2⤵
  PID:11320
- C:\Windows\System\cKzzIWC.exe
  C:\Windows\System\cKzzIWC.exe
  2⤵
  PID:2696
- C:\Windows\System\TfwMVRx.exe
  C:\Windows\System\TfwMVRx.exe
  2⤵
  PID:11428
- C:\Windows\System\QGjLdjv.exe
  C:\Windows\System\QGjLdjv.exe
  2⤵
  PID:11612
- C:\Windows\System\nsZQOYm.exe
  C:\Windows\System\nsZQOYm.exe
  2⤵
  PID:11660
- C:\Windows\System\RCCxKKH.exe
  C:\Windows\System\RCCxKKH.exe
  2⤵
  PID:11700
- C:\Windows\System\XnZsemd.exe
  C:\Windows\System\XnZsemd.exe
  2⤵
  PID:11756
- C:\Windows\System\MdzaYaM.exe
  C:\Windows\System\MdzaYaM.exe
  2⤵
  PID:11808
- C:\Windows\System\BWPvZZm.exe
  C:\Windows\System\BWPvZZm.exe
  2⤵
  PID:11904
- C:\Windows\System\rmtqzmq.exe
  C:\Windows\System\rmtqzmq.exe
  2⤵
  PID:11972
- C:\Windows\System\nOdJAFz.exe
  C:\Windows\System\nOdJAFz.exe
  2⤵
  PID:12048
- C:\Windows\System\WPXoBed.exe
  C:\Windows\System\WPXoBed.exe
  2⤵
  PID:12080
- C:\Windows\System\OoAQaEK.exe
  C:\Windows\System\OoAQaEK.exe
  2⤵
  PID:12140
- C:\Windows\System\AYPGVNC.exe
  C:\Windows\System\AYPGVNC.exe
  2⤵
  PID:12052
- C:\Windows\System\pPurghP.exe
  C:\Windows\System\pPurghP.exe
  2⤵
  PID:556
- C:\Windows\System\iCusRSS.exe
  C:\Windows\System\iCusRSS.exe
  2⤵
  PID:12108
- C:\Windows\System\MxWTYJe.exe
  C:\Windows\System\MxWTYJe.exe
  2⤵
  PID:12252
- C:\Windows\System\mNspeIO.exe
  C:\Windows\System\mNspeIO.exe
  2⤵
  PID:2284
- C:\Windows\System\WehRSXr.exe
  C:\Windows\System\WehRSXr.exe
  2⤵
  PID:11348
- C:\Windows\System\BhunVmQ.exe
  C:\Windows\System\BhunVmQ.exe
  2⤵
  PID:11520
- C:\Windows\System\AwAhgPE.exe
  C:\Windows\System\AwAhgPE.exe
  2⤵
  PID:12228
- C:\Windows\System\pDFszQD.exe
  C:\Windows\System\pDFszQD.exe
  2⤵
  PID:3496
- C:\Windows\System\LWdsLyO.exe
  C:\Windows\System\LWdsLyO.exe
  2⤵
  PID:11372
- C:\Windows\System\oHCEPUV.exe
  C:\Windows\System\oHCEPUV.exe
  2⤵
  PID:2352
- C:\Windows\System\OfZKyQK.exe
  C:\Windows\System\OfZKyQK.exe
  2⤵
  PID:3724
- C:\Windows\System\bTrOwrp.exe
  C:\Windows\System\bTrOwrp.exe
  2⤵
  PID:4840
- C:\Windows\System\oBbGezk.exe
  C:\Windows\System\oBbGezk.exe
  2⤵
  PID:4272
- C:\Windows\System\sezXRhd.exe
  C:\Windows\System\sezXRhd.exe
  2⤵
  PID:4724
- C:\Windows\System\ZCiuDQc.exe
  C:\Windows\System\ZCiuDQc.exe
  2⤵
  PID:3772
- C:\Windows\System\LHVuFQf.exe
  C:\Windows\System\LHVuFQf.exe
  2⤵
  PID:3624
- C:\Windows\System\uYPvgVE.exe
  C:\Windows\System\uYPvgVE.exe
  2⤵
  PID:4076
- C:\Windows\System\UezlGqF.exe
  C:\Windows\System\UezlGqF.exe
  2⤵
  PID:940
- C:\Windows\System\IJZtAcq.exe
  C:\Windows\System\IJZtAcq.exe
  2⤵
  PID:3592
- C:\Windows\System\tImgAII.exe
  C:\Windows\System\tImgAII.exe
  2⤵
  PID:11728
- C:\Windows\System\QTmdXSH.exe
  C:\Windows\System\QTmdXSH.exe
  2⤵
  PID:11780
- C:\Windows\System\zLtTCZM.exe
  C:\Windows\System\zLtTCZM.exe
  2⤵
  PID:4384
- C:\Windows\System\GPivBwG.exe
  C:\Windows\System\GPivBwG.exe
  2⤵
  PID:4416
- C:\Windows\System\IrttUlw.exe
  C:\Windows\System\IrttUlw.exe
  2⤵
  PID:11900
- C:\Windows\System\QsYiOje.exe
  C:\Windows\System\QsYiOje.exe
  2⤵
  PID:11500
- C:\Windows\System\EhdUrMK.exe
  C:\Windows\System\EhdUrMK.exe
  2⤵
  PID:12068
- C:\Windows\System\MuInrCf.exe
  C:\Windows\System\MuInrCf.exe
  2⤵
  PID:12176
- C:\Windows\System\kMzAbet.exe
  C:\Windows\System\kMzAbet.exe
  2⤵
  PID:5224
- C:\Windows\System\mKNFdvT.exe
  C:\Windows\System\mKNFdvT.exe
  2⤵
  PID:12204
- C:\Windows\System\LzyCpxU.exe
  C:\Windows\System\LzyCpxU.exe
  2⤵
  PID:3632
- C:\Windows\System\GtfYZuJ.exe
  C:\Windows\System\GtfYZuJ.exe
  2⤵
  PID:11316
- C:\Windows\System\boAJJno.exe
  C:\Windows\System\boAJJno.exe
  2⤵
  PID:12276
- C:\Windows\System\TpuOyMs.exe
  C:\Windows\System\TpuOyMs.exe
  2⤵
  PID:11376
- C:\Windows\System\DXYkQHN.exe
  C:\Windows\System\DXYkQHN.exe
  2⤵
  PID:5456
- C:\Windows\System\nngdIwz.exe
  C:\Windows\System\nngdIwz.exe
  2⤵
  PID:4472
- C:\Windows\System\jfRHLQI.exe
  C:\Windows\System\jfRHLQI.exe
  2⤵
  PID:4764
- C:\Windows\System\Jhqiaal.exe
  C:\Windows\System\Jhqiaal.exe
  2⤵
  PID:5524
- C:\Windows\System\nVYMaoO.exe
  C:\Windows\System\nVYMaoO.exe
  2⤵
  PID:4336
- C:\Windows\System\aUeipxO.exe
  C:\Windows\System\aUeipxO.exe
  2⤵
  PID:4012
- C:\Windows\System\HwyGwBL.exe
  C:\Windows\System\HwyGwBL.exe
  2⤵
  PID:5596
- C:\Windows\System\XqScppK.exe
  C:\Windows\System\XqScppK.exe
  2⤵
  PID:4408
- C:\Windows\System\YQwIUid.exe
  C:\Windows\System\YQwIUid.exe
  2⤵
  PID:3488
- C:\Windows\System\BepIvjc.exe
  C:\Windows\System\BepIvjc.exe
  2⤵
  PID:11968
- C:\Windows\System\lcoodPo.exe
  C:\Windows\System\lcoodPo.exe
  2⤵
  PID:5200
- C:\Windows\System\oRJKcRb.exe
  C:\Windows\System\oRJKcRb.exe
  2⤵
  PID:12280
- C:\Windows\System\gWdtweZ.exe
  C:\Windows\System\gWdtweZ.exe
  2⤵
  PID:4932
- C:\Windows\System\KhxRDiX.exe
  C:\Windows\System\KhxRDiX.exe
  2⤵
  PID:11560
- C:\Windows\System\wvALGsD.exe
  C:\Windows\System\wvALGsD.exe
  2⤵
  PID:4688
- C:\Windows\System\dproitK.exe
  C:\Windows\System\dproitK.exe
  2⤵
  PID:4428
- C:\Windows\System\SYoPdWb.exe
  C:\Windows\System\SYoPdWb.exe
  2⤵
  PID:772
- C:\Windows\System\EYSKRjo.exe
  C:\Windows\System\EYSKRjo.exe
  2⤵
  PID:12164
- C:\Windows\System\MgKrCMX.exe
  C:\Windows\System\MgKrCMX.exe
  2⤵
  PID:11468
- C:\Windows\System\DnYdzhP.exe
  C:\Windows\System\DnYdzhP.exe
  2⤵
  PID:5924
- C:\Windows\System\dhWsxcN.exe
  C:\Windows\System\dhWsxcN.exe
  2⤵
  PID:5936
- C:\Windows\System\tlpHqXn.exe
  C:\Windows\System\tlpHqXn.exe
  2⤵
  PID:5812
- C:\Windows\System\iFJpAJg.exe
  C:\Windows\System\iFJpAJg.exe
  2⤵
  PID:5876
- C:\Windows\System\jyWnBil.exe
  C:\Windows\System\jyWnBil.exe
  2⤵
  PID:5320
- C:\Windows\System\iWPsNRz.exe
  C:\Windows\System\iWPsNRz.exe
  2⤵
  PID:5920
- C:\Windows\System\UwoANDD.exe
  C:\Windows\System\UwoANDD.exe
  2⤵
  PID:5988
- C:\Windows\System\UVQDKkY.exe
  C:\Windows\System\UVQDKkY.exe
  2⤵
  PID:4836
- C:\Windows\System\DGJldXR.exe
  C:\Windows\System\DGJldXR.exe
  2⤵
  PID:5620
- C:\Windows\System\iymCjkg.exe
  C:\Windows\System\iymCjkg.exe
  2⤵
  PID:3088
- C:\Windows\System\GalScRa.exe
  C:\Windows\System\GalScRa.exe
  2⤵
  PID:6012
- C:\Windows\System\KKEanqb.exe
  C:\Windows\System\KKEanqb.exe
  2⤵
  PID:5332
- C:\Windows\System\tZoqbvl.exe
  C:\Windows\System\tZoqbvl.exe
  2⤵
  PID:5532
- C:\Windows\System\ZFWGecG.exe
  C:\Windows\System\ZFWGecG.exe
  2⤵
  PID:2844
- C:\Windows\System\lQuvFzE.exe
  C:\Windows\System\lQuvFzE.exe
  2⤵
  PID:12152
- C:\Windows\System\qmGmrxc.exe
  C:\Windows\System\qmGmrxc.exe
  2⤵
  PID:5904
- C:\Windows\System\zyyvMwv.exe
  C:\Windows\System\zyyvMwv.exe
  2⤵
  PID:2188
- C:\Windows\System\cjBFnmy.exe
  C:\Windows\System\cjBFnmy.exe
  2⤵
  PID:5828
- C:\Windows\System\XZUZgyT.exe
  C:\Windows\System\XZUZgyT.exe
  2⤵
  PID:12308
- C:\Windows\System\ivWmcEo.exe
  C:\Windows\System\ivWmcEo.exe
  2⤵
  PID:12336
- C:\Windows\System\jJYFVrf.exe
  C:\Windows\System\jJYFVrf.exe
  2⤵
  PID:12364
- C:\Windows\System\goxAzrC.exe
  C:\Windows\System\goxAzrC.exe
  2⤵
  PID:12392
- C:\Windows\System\wMXQvrD.exe
  C:\Windows\System\wMXQvrD.exe
  2⤵
  PID:12420
- C:\Windows\System\ZuSMqZZ.exe
  C:\Windows\System\ZuSMqZZ.exe
  2⤵
  PID:12448
- C:\Windows\System\oAJaDpD.exe
  C:\Windows\System\oAJaDpD.exe
  2⤵
  PID:12480
- C:\Windows\System\ZcmFDmP.exe
  C:\Windows\System\ZcmFDmP.exe
  2⤵
  PID:12508
- C:\Windows\System\jOUjqvf.exe
  C:\Windows\System\jOUjqvf.exe
  2⤵
  PID:12536
- C:\Windows\System\nyKZLjR.exe
  C:\Windows\System\nyKZLjR.exe
  2⤵
  PID:12564
- C:\Windows\System\RRqYYIy.exe
  C:\Windows\System\RRqYYIy.exe
  2⤵
  PID:12592
- C:\Windows\System\AcWUpkm.exe
  C:\Windows\System\AcWUpkm.exe
  2⤵
  PID:12620
- C:\Windows\System\lMOHMYM.exe
  C:\Windows\System\lMOHMYM.exe
  2⤵
  PID:12648
- C:\Windows\System\TGgzOQF.exe
  C:\Windows\System\TGgzOQF.exe
  2⤵
  PID:12676
- C:\Windows\System\EtXnLFH.exe
  C:\Windows\System\EtXnLFH.exe
  2⤵
  PID:12704
- C:\Windows\System\PLMAHUr.exe
  C:\Windows\System\PLMAHUr.exe
  2⤵
  PID:12744
- C:\Windows\System\kzbHuBO.exe
  C:\Windows\System\kzbHuBO.exe
  2⤵
  PID:12760
- C:\Windows\System\HxKbxJL.exe
  C:\Windows\System\HxKbxJL.exe
  2⤵
  PID:12788
- C:\Windows\System\CirLUju.exe
  C:\Windows\System\CirLUju.exe
  2⤵
  PID:12816
- C:\Windows\System\LkOjhLD.exe
  C:\Windows\System\LkOjhLD.exe
  2⤵
  PID:12844
- C:\Windows\System\yEEhEDF.exe
  C:\Windows\System\yEEhEDF.exe
  2⤵
  PID:12872
- C:\Windows\System\VZklfTl.exe
  C:\Windows\System\VZklfTl.exe
  2⤵
  PID:12900
- C:\Windows\System\MHcrybG.exe
  C:\Windows\System\MHcrybG.exe
  2⤵
  PID:12928
- C:\Windows\System\kJiSesT.exe
  C:\Windows\System\kJiSesT.exe
  2⤵
  PID:12956
- C:\Windows\System\QjnWyth.exe
  C:\Windows\System\QjnWyth.exe
  2⤵
  PID:12984
- C:\Windows\System\dwKpYGm.exe
  C:\Windows\System\dwKpYGm.exe
  2⤵
  PID:13012
- C:\Windows\System\qxlRtMz.exe
  C:\Windows\System\qxlRtMz.exe
  2⤵
  PID:13048
- C:\Windows\System\VOrtJnt.exe
  C:\Windows\System\VOrtJnt.exe
  2⤵
  PID:13068
- C:\Windows\System\ypVuISA.exe
  C:\Windows\System\ypVuISA.exe
  2⤵
  PID:13100
- C:\Windows\System\SkiikTy.exe
  C:\Windows\System\SkiikTy.exe
  2⤵
  PID:13128
- C:\Windows\System\GDHBRlb.exe
  C:\Windows\System\GDHBRlb.exe
  2⤵
  PID:13156
- C:\Windows\System\PJLJgbR.exe
  C:\Windows\System\PJLJgbR.exe
  2⤵
  PID:13184
- C:\Windows\System\FoazDEP.exe
  C:\Windows\System\FoazDEP.exe
  2⤵
  PID:13212
- C:\Windows\System\FDpqLqH.exe
  C:\Windows\System\FDpqLqH.exe
  2⤵
  PID:13240
- C:\Windows\System\JETymma.exe
  C:\Windows\System\JETymma.exe
  2⤵
  PID:13268
- C:\Windows\System\gwdQKpU.exe
  C:\Windows\System\gwdQKpU.exe
  2⤵
  PID:13296
- C:\Windows\System\SIOaVwu.exe
  C:\Windows\System\SIOaVwu.exe
  2⤵
  PID:12300
- C:\Windows\System\XFEPURS.exe
  C:\Windows\System\XFEPURS.exe
  2⤵
  PID:12332
- C:\Windows\System\KJfFrkn.exe
  C:\Windows\System\KJfFrkn.exe
  2⤵
  PID:5976
- C:\Windows\System\zHpQOFq.exe
  C:\Windows\System\zHpQOFq.exe
  2⤵
  PID:5060
- C:\Windows\System\HBCIGnb.exe
  C:\Windows\System\HBCIGnb.exe
  2⤵
  PID:2652
- C:\Windows\System\LYpGoOO.exe
  C:\Windows\System\LYpGoOO.exe
  2⤵
  PID:6088
- C:\Windows\System\nkanThB.exe
  C:\Windows\System\nkanThB.exe
  2⤵
  PID:12556
- C:\Windows\System\BqlgkVE.exe
  C:\Windows\System\BqlgkVE.exe
  2⤵
  PID:5052
- C:\Windows\System\ezGyfvC.exe
  C:\Windows\System\ezGyfvC.exe
  2⤵
  PID:12616
- C:\Windows\System\KGXNohA.exe
  C:\Windows\System\KGXNohA.exe
  2⤵
  PID:3280
- C:\Windows\System\nszDsrd.exe
  C:\Windows\System\nszDsrd.exe
  2⤵
  PID:12700
- C:\Windows\System\RGBtDNd.exe
  C:\Windows\System\RGBtDNd.exe
  2⤵
  PID:12740
- C:\Windows\System\ATfnJQh.exe
  C:\Windows\System\ATfnJQh.exe
  2⤵
  PID:12756
- C:\Windows\System\GeQOHte.exe
  C:\Windows\System\GeQOHte.exe
  2⤵
  PID:12784
- C:\Windows\System\arPJOag.exe
  C:\Windows\System\arPJOag.exe
  2⤵
  PID:12836
- C:\Windows\System\aUFghqa.exe
  C:\Windows\System\aUFghqa.exe
  2⤵
  PID:12884
- C:\Windows\System\WAchKuO.exe
  C:\Windows\System\WAchKuO.exe
  2⤵
  PID:12920
- C:\Windows\System\OEBRkZH.exe
  C:\Windows\System\OEBRkZH.exe
  2⤵
  PID:12976
- C:\Windows\System\HHvaqnA.exe
  C:\Windows\System\HHvaqnA.exe
  2⤵
  PID:13004
- C:\Windows\System\AjADLQh.exe
  C:\Windows\System\AjADLQh.exe
  2⤵
  PID:13056
- C:\Windows\System\QxNqQCP.exe
  C:\Windows\System\QxNqQCP.exe
  2⤵
  PID:5264
- C:\Windows\System\gimyjEx.exe
  C:\Windows\System\gimyjEx.exe
  2⤵
  PID:13124
- C:\Windows\System\IZbNzqe.exe
  C:\Windows\System\IZbNzqe.exe
  2⤵
  PID:13176
- C:\Windows\System\eIwuvqS.exe
  C:\Windows\System\eIwuvqS.exe
  2⤵
  PID:13224
- C:\Windows\System\peGagec.exe
  C:\Windows\System\peGagec.exe
  2⤵
  PID:13264
- C:\Windows\System\AruUQCq.exe
  C:\Windows\System\AruUQCq.exe
  2⤵
  PID:4656
- C:\Windows\System\JvMHxGX.exe
  C:\Windows\System\JvMHxGX.exe
  2⤵
  PID:12348
- C:\Windows\System\vwdSRby.exe
  C:\Windows\System\vwdSRby.exe
  2⤵
  PID:6292
- C:\Windows\System\fEVbrbb.exe
  C:\Windows\System\fEVbrbb.exe
  2⤵
  PID:5068
- C:\Windows\System\ehvQtCP.exe
  C:\Windows\System\ehvQtCP.exe
  2⤵
  PID:12548
- C:\Windows\System\izntsdl.exe
  C:\Windows\System\izntsdl.exe
  2⤵
  PID:4540
- C:\Windows\System\Refxntj.exe
  C:\Windows\System\Refxntj.exe
  2⤵
  PID:464
- C:\Windows\System\twEuqGa.exe
  C:\Windows\System\twEuqGa.exe
  2⤵
  PID:5740
- C:\Windows\System\YmHgUSW.exe
  C:\Windows\System\YmHgUSW.exe
  2⤵
  PID:12780
- C:\Windows\System\soBfmdS.exe
  C:\Windows\System\soBfmdS.exe
  2⤵
  PID:12864
- C:\Windows\System\JswqDJi.exe
  C:\Windows\System\JswqDJi.exe
  2⤵
  PID:6580
- C:\Windows\System\WKYFPRq.exe
  C:\Windows\System\WKYFPRq.exe
  2⤵
  PID:6640
- C:\Windows\System\xZHfSDx.exe
  C:\Windows\System\xZHfSDx.exe
  2⤵
  PID:6700
- C:\Windows\System\beSnFKO.exe
  C:\Windows\System\beSnFKO.exe
  2⤵
  PID:13120
- C:\Windows\System\NyGwopr.exe
  C:\Windows\System\NyGwopr.exe
  2⤵
  PID:13204
- C:\Windows\System\RjscBUF.exe
  C:\Windows\System\RjscBUF.exe
  2⤵
  PID:6196
- C:\Windows\System\fMMQXmu.exe
  C:\Windows\System\fMMQXmu.exe
  2⤵
  PID:12328
- C:\Windows\System\poDGujj.exe
  C:\Windows\System\poDGujj.exe
  2⤵
  PID:860
- C:\Windows\System\LKPkpvA.exe
  C:\Windows\System\LKPkpvA.exe
  2⤵
  PID:6872
- C:\Windows\System\rDegLuh.exe
  C:\Windows\System\rDegLuh.exe
  2⤵
  PID:12688
- C:\Windows\System\seLVGqB.exe
  C:\Windows\System\seLVGqB.exe
  2⤵
  PID:6020
- C:\Windows\System\PGCjncn.exe
  C:\Windows\System\PGCjncn.exe
  2⤵
  PID:636
- C:\Windows\System\AoRoigA.exe
  C:\Windows\System\AoRoigA.exe
  2⤵
  PID:7064
- C:\Windows\System\QKImhwC.exe
  C:\Windows\System\QKImhwC.exe
  2⤵
  PID:3648
- C:\Windows\System\UbWMrmt.exe
  C:\Windows\System\UbWMrmt.exe
  2⤵
  PID:7092
- C:\Windows\System\fEpfuRc.exe
  C:\Windows\System\fEpfuRc.exe
  2⤵
  PID:7136
- C:\Windows\System\UOrRQYz.exe
  C:\Windows\System\UOrRQYz.exe
  2⤵
  PID:7156
- C:\Windows\System\EPeQira.exe
  C:\Windows\System\EPeQira.exe
  2⤵
  PID:6164
- C:\Windows\System\aOwhVKl.exe
  C:\Windows\System\aOwhVKl.exe
  2⤵
  PID:6280
- C:\Windows\System\BLLvelN.exe
  C:\Windows\System\BLLvelN.exe
  2⤵
  PID:5268
- C:\Windows\System\ZSYEMVG.exe
  C:\Windows\System\ZSYEMVG.exe
  2⤵
  PID:6848
- C:\Windows\System\QiPXRhP.exe
  C:\Windows\System\QiPXRhP.exe
  2⤵
  PID:12912
- C:\Windows\System\aCVootE.exe
  C:\Windows\System\aCVootE.exe
  2⤵
  PID:7068
- C:\Windows\System\ZijpYvd.exe
  C:\Windows\System\ZijpYvd.exe
  2⤵
  PID:6296
- C:\Windows\System\NjbzXjG.exe
  C:\Windows\System\NjbzXjG.exe
  2⤵
  PID:6440
- C:\Windows\System\qhZOXxB.exe
  C:\Windows\System\qhZOXxB.exe
  2⤵
  PID:3976
- C:\Windows\System\TwQOfgd.exe
  C:\Windows\System\TwQOfgd.exe
  2⤵
  PID:13328
- C:\Windows\System\xtsFjIQ.exe
  C:\Windows\System\xtsFjIQ.exe
  2⤵
  PID:13356
- C:\Windows\System\CYfKXOX.exe
  C:\Windows\System\CYfKXOX.exe
  2⤵
  PID:13384
- C:\Windows\System\zxgUIxW.exe
  C:\Windows\System\zxgUIxW.exe
  2⤵
  PID:13412
- C:\Windows\System\rfuvDFg.exe
  C:\Windows\System\rfuvDFg.exe
  2⤵
  PID:13440
- C:\Windows\System\WCexidK.exe
  C:\Windows\System\WCexidK.exe
  2⤵
  PID:13472
- C:\Windows\System\pjaXYrp.exe
  C:\Windows\System\pjaXYrp.exe
  2⤵
  PID:13500
- C:\Windows\System\ZlpCLWK.exe
  C:\Windows\System\ZlpCLWK.exe
  2⤵
  PID:13528
- C:\Windows\System\FUShwcT.exe
  C:\Windows\System\FUShwcT.exe
  2⤵
  PID:13556
- C:\Windows\System\ZmaLciO.exe
  C:\Windows\System\ZmaLciO.exe
  2⤵
  PID:13584
- C:\Windows\System\shJHOnO.exe
  C:\Windows\System\shJHOnO.exe
  2⤵
  PID:13612
- C:\Windows\System\cYtNCPe.exe
  C:\Windows\System\cYtNCPe.exe
  2⤵
  PID:13640
- C:\Windows\System\YUSVANN.exe
  C:\Windows\System\YUSVANN.exe
  2⤵
  PID:13668
- C:\Windows\System\tRgzRMs.exe
  C:\Windows\System\tRgzRMs.exe
  2⤵
  PID:13696
- C:\Windows\System\AnEdiSU.exe
  C:\Windows\System\AnEdiSU.exe
  2⤵
  PID:13724
- C:\Windows\System\nWLyUPC.exe
  C:\Windows\System\nWLyUPC.exe
  2⤵
  PID:13752
- C:\Windows\System\JirxrWf.exe
  C:\Windows\System\JirxrWf.exe
  2⤵
  PID:13780
- C:\Windows\System\MPRkUgc.exe
  C:\Windows\System\MPRkUgc.exe
  2⤵
  PID:13808
- C:\Windows\System\HuNyAyN.exe
  C:\Windows\System\HuNyAyN.exe
  2⤵
  PID:13836
- C:\Windows\System\YaJSZyA.exe
  C:\Windows\System\YaJSZyA.exe
  2⤵
  PID:13864
- C:\Windows\System\hIxgggJ.exe
  C:\Windows\System\hIxgggJ.exe
  2⤵
  PID:13892
- C:\Windows\System\VZOBBjG.exe
  C:\Windows\System\VZOBBjG.exe
  2⤵
  PID:13920
- C:\Windows\System\aMfsHIF.exe
  C:\Windows\System\aMfsHIF.exe
  2⤵
  PID:13948
- C:\Windows\System\SJCYUcb.exe
  C:\Windows\System\SJCYUcb.exe
  2⤵
  PID:13976
- C:\Windows\System\RNEGVSK.exe
  C:\Windows\System\RNEGVSK.exe
  2⤵
  PID:14004
- C:\Windows\System\mVWoctF.exe
  C:\Windows\System\mVWoctF.exe
  2⤵
  PID:14044
- C:\Windows\System\wMovutz.exe
  C:\Windows\System\wMovutz.exe
  2⤵
  PID:14060
- C:\Windows\System\FaFJTVK.exe
  C:\Windows\System\FaFJTVK.exe
  2⤵
  PID:14088
- C:\Windows\System\ylzojBc.exe
  C:\Windows\System\ylzojBc.exe
  2⤵
  PID:14120
- C:\Windows\System\YwYcecg.exe
  C:\Windows\System\YwYcecg.exe
  2⤵
  PID:14148
- C:\Windows\System\hsqbRFY.exe
  C:\Windows\System\hsqbRFY.exe
  2⤵
  PID:14176
- C:\Windows\System\cLBbVsu.exe
  C:\Windows\System\cLBbVsu.exe
  2⤵
  PID:14204
- C:\Windows\System\JCcSfIg.exe
  C:\Windows\System\JCcSfIg.exe
  2⤵
  PID:14232
- C:\Windows\System\gvntIoO.exe
  C:\Windows\System\gvntIoO.exe
  2⤵
  PID:14260
- C:\Windows\System\DNewOOM.exe
  C:\Windows\System\DNewOOM.exe
  2⤵
  PID:14288
- C:\Windows\System\hmastCv.exe
  C:\Windows\System\hmastCv.exe
  2⤵
  PID:14316
- C:\Windows\System\tSxkUya.exe
  C:\Windows\System\tSxkUya.exe
  2⤵
  PID:13320
- C:\Windows\System\eRgfFQi.exe
  C:\Windows\System\eRgfFQi.exe
  2⤵
  PID:13368
- C:\Windows\System\pHTfsIN.exe
  C:\Windows\System\pHTfsIN.exe
  2⤵
  PID:13404
- C:\Windows\System\vbTREpK.exe
  C:\Windows\System\vbTREpK.exe
  2⤵
  PID:13452
- C:\Windows\System\fFQSmwT.exe
  C:\Windows\System\fFQSmwT.exe
  2⤵
  PID:13496
- C:\Windows\System\FFCXcSh.exe
  C:\Windows\System\FFCXcSh.exe
  2⤵
  PID:6968
- C:\Windows\System\TttCCwE.exe
  C:\Windows\System\TttCCwE.exe
  2⤵
  PID:13576
- C:\Windows\System\ccypDIE.exe
  C:\Windows\System\ccypDIE.exe
  2⤵
  PID:13624
- C:\Windows\System\EnCafik.exe
  C:\Windows\System\EnCafik.exe
  2⤵
  PID:13680
- C:\Windows\System\vPRDEfb.exe
  C:\Windows\System\vPRDEfb.exe
  2⤵
  PID:13736
- C:\Windows\System\VQaoQXw.exe
  C:\Windows\System\VQaoQXw.exe
  2⤵
  PID:13792
- C:\Windows\System\wEXXTtR.exe
  C:\Windows\System\wEXXTtR.exe
  2⤵
  PID:13848
- C:\Windows\System\luQvtbF.exe
  C:\Windows\System\luQvtbF.exe
  2⤵
  PID:13912
- C:\Windows\System\HByzfqu.exe
  C:\Windows\System\HByzfqu.exe
  2⤵
  PID:7216
- C:\Windows\System\ltuePfJ.exe
  C:\Windows\System\ltuePfJ.exe
  2⤵
  PID:13996
- C:\Windows\System\tqxWEKp.exe
  C:\Windows\System\tqxWEKp.exe
  2⤵
  PID:14024
- C:\Windows\System\bRmsxpO.exe
  C:\Windows\System\bRmsxpO.exe
  2⤵
  PID:14028
- C:\Windows\System\UWUFtNX.exe
  C:\Windows\System\UWUFtNX.exe
  2⤵
  PID:7460
- C:\Windows\System\TJAkXIe.exe
  C:\Windows\System\TJAkXIe.exe
  2⤵
  PID:7504
- C:\Windows\System\FvuhKLS.exe
  C:\Windows\System\FvuhKLS.exe
  2⤵
  PID:14172
- C:\Windows\System\rGWYyHn.exe
  C:\Windows\System\rGWYyHn.exe
  2⤵
  PID:7604
- C:\Windows\System\fnyewKt.exe
  C:\Windows\System\fnyewKt.exe
  2⤵
  PID:7624
- C:\Windows\System\NOXwTWi.exe
  C:\Windows\System\NOXwTWi.exe
  2⤵
  PID:14284
- C:\Windows\System\hitgDdN.exe
  C:\Windows\System\hitgDdN.exe
  2⤵
  PID:7716
- C:\Windows\System\XYWKjtK.exe
  C:\Windows\System\XYWKjtK.exe
  2⤵
  PID:7736
- C:\Windows\System\EOQTGEj.exe
  C:\Windows\System\EOQTGEj.exe
  2⤵
  PID:6668
- C:\Windows\System\LIMoMnl.exe
  C:\Windows\System\LIMoMnl.exe
  2⤵
  PID:13512
- C:\Windows\System\ouBePEb.exe
  C:\Windows\System\ouBePEb.exe
  2⤵
  PID:7924
- C:\Windows\System\zJURUSV.exe
  C:\Windows\System\zJURUSV.exe
  2⤵
  PID:7980
- C:\Windows\System\ldyzyPQ.exe
  C:\Windows\System\ldyzyPQ.exe
  2⤵
  PID:8036
- C:\Windows\System\xRICIue.exe
  C:\Windows\System\xRICIue.exe
  2⤵
  PID:8108
- C:\Windows\System\LFmmwfY.exe
  C:\Windows\System\LFmmwfY.exe
  2⤵
  PID:14116
- C:\Windows\System\gyWxCkT.exe
  C:\Windows\System\gyWxCkT.exe
  2⤵
  PID:7268
- C:\Windows\System\WXvXsee.exe
  C:\Windows\System\WXvXsee.exe
  2⤵
  PID:14052
- C:\Windows\System\WBbirHq.exe
  C:\Windows\System\WBbirHq.exe
  2⤵
  PID:14100
- C:\Windows\System\cvSETXh.exe
  C:\Windows\System\cvSETXh.exe
  2⤵
  PID:7556
- C:\Windows\System\iePzVrG.exe
  C:\Windows\System\iePzVrG.exe
  2⤵
  PID:14168
- C:\Windows\System\uuSKXAe.exe
  C:\Windows\System\uuSKXAe.exe
  2⤵
  PID:14244
- C:\Windows\System\VwmEckT.exe
  C:\Windows\System\VwmEckT.exe
  2⤵
  PID:7680
- C:\Windows\System\BcZrPoL.exe
  C:\Windows\System\BcZrPoL.exe
  2⤵
  PID:7960
- C:\Windows\System\vUoGEnO.exe
  C:\Windows\System\vUoGEnO.exe
  2⤵
  PID:6732
- C:\Windows\System\wfDVRLW.exe
  C:\Windows\System\wfDVRLW.exe
  2⤵
  PID:2276
- C:\Windows\System\uNnlFpY.exe
  C:\Windows\System\uNnlFpY.exe
  2⤵
  PID:13608
- C:\Windows\System\QqJthaI.exe
  C:\Windows\System\QqJthaI.exe
  2⤵
  PID:2992
- C:\Windows\System\IZPpAky.exe
  C:\Windows\System\IZPpAky.exe
  2⤵
  PID:6812
- C:\Windows\System\eFKuGWf.exe
  C:\Windows\System\eFKuGWf.exe
  2⤵
  PID:7752
- C:\Windows\System\JRblXpY.exe
  C:\Windows\System\JRblXpY.exe
  2⤵
  PID:3704
- C:\Windows\System\EItaASU.exe
  C:\Windows\System\EItaASU.exe
  2⤵
  PID:8084
- C:\Windows\System\ydChoNU.exe
  C:\Windows\System\ydChoNU.exe
  2⤵
  PID:7996
- C:\Windows\System\cDceIVN.exe
  C:\Windows\System\cDceIVN.exe
  2⤵
  PID:7548
- C:\Windows\System\XKOlNwq.exe
  C:\Windows\System\XKOlNwq.exe
  2⤵
  PID:8008
- C:\Windows\System\xtKnHeX.exe
  C:\Windows\System\xtKnHeX.exe
  2⤵
  PID:14280
- C:\Windows\System\ZDetrJB.exe
  C:\Windows\System\ZDetrJB.exe
  2⤵
  PID:8176
- C:\Windows\System\oPMCGpy.exe
  C:\Windows\System\oPMCGpy.exe
  2⤵
  PID:8020
- C:\Windows\System\TwmqwQj.exe
  C:\Windows\System\TwmqwQj.exe
  2⤵
  PID:7668
- C:\Windows\System\jxNkcln.exe
  C:\Windows\System\jxNkcln.exe
  2⤵
  PID:13720
- C:\Windows\System\aPrmGHu.exe
  C:\Windows\System\aPrmGHu.exe
  2⤵
  PID:7612
- C:\Windows\System\YCTjhkM.exe
  C:\Windows\System\YCTjhkM.exe
  2⤵
  PID:7492
- C:\Windows\System\WXOwisg.exe
  C:\Windows\System\WXOwisg.exe
  2⤵
  PID:8172
- C:\Windows\System\quLIKPO.exe
  C:\Windows\System\quLIKPO.exe
  2⤵
  PID:8228
- C:\Windows\System\HdavnXo.exe
  C:\Windows\System\HdavnXo.exe
  2⤵
  PID:14272
- C:\Windows\System\FSmBBfZ.exe
  C:\Windows\System\FSmBBfZ.exe
  2⤵
  PID:6604
- C:\Windows\System\roQgcaN.exe
  C:\Windows\System\roQgcaN.exe
  2⤵
  PID:8340
- C:\Windows\System\kzndWWq.exe
  C:\Windows\System\kzndWWq.exe
  2⤵
  PID:6992
- C:\Windows\System\uHizEMv.exe
  C:\Windows\System\uHizEMv.exe
  2⤵
  PID:8424
- C:\Windows\System\VuEwueO.exe
  C:\Windows\System\VuEwueO.exe
  2⤵
  PID:13960
- C:\Windows\System\oNSwCgd.exe
  C:\Windows\System\oNSwCgd.exe
  2⤵
  PID:8508
- C:\Windows\System\pUfvkQZ.exe
  C:\Windows\System\pUfvkQZ.exe
  2⤵
  PID:7080
- C:\Windows\System\dGyufiV.exe
  C:\Windows\System\dGyufiV.exe
  2⤵
  PID:7748
- C:\Windows\System\mVRJfey.exe
  C:\Windows\System\mVRJfey.exe
  2⤵
  PID:8656
- C:\Windows\System\GPcFeZJ.exe
  C:\Windows\System\GPcFeZJ.exe
  2⤵
  PID:8676
- C:\Windows\System\ybnazOR.exe
  C:\Windows\System\ybnazOR.exe
  2⤵
  PID:13876
- C:\Windows\System\DPtRKpk.exe
  C:\Windows\System\DPtRKpk.exe
  2⤵
  PID:8512
- C:\Windows\System\rkKYpfO.exe
  C:\Windows\System\rkKYpfO.exe
  2⤵
  PID:8292
- C:\Windows\System\RKycuSt.exe
  C:\Windows\System\RKycuSt.exe
  2⤵
  PID:6852
- C:\Windows\System\JISghNz.exe
  C:\Windows\System\JISghNz.exe
  2⤵
  PID:8684
- C:\Windows\System\KzVXxcQ.exe
  C:\Windows\System\KzVXxcQ.exe
  2⤵
  PID:8760
- C:\Windows\System\MHZenhC.exe
  C:\Windows\System\MHZenhC.exe
  2⤵
  PID:8984
- C:\Windows\System\tUamshe.exe
  C:\Windows\System\tUamshe.exe
  2⤵
  PID:7836
- C:\Windows\System\sAFyfSi.exe
  C:\Windows\System\sAFyfSi.exe
  2⤵
  PID:8120
- C:\Windows\System\dYNcDRN.exe
  C:\Windows\System\dYNcDRN.exe
  2⤵
  PID:5572
- C:\Windows\System\qDVivVa.exe
  C:\Windows\System\qDVivVa.exe
  2⤵
  PID:9032
- C:\Windows\System\sfFIuEj.exe
  C:\Windows\System\sfFIuEj.exe
  2⤵
  PID:8288
- C:\Windows\System\XjweVWj.exe
  C:\Windows\System\XjweVWj.exe
  2⤵
  PID:8232
- C:\Windows\System\dgvUHVw.exe
  C:\Windows\System\dgvUHVw.exe
  2⤵
  PID:8520
- C:\Windows\System\arhDhFp.exe
  C:\Windows\System\arhDhFp.exe
  2⤵
  PID:8468
- C:\Windows\System\RaMXPPW.exe
  C:\Windows\System\RaMXPPW.exe
  2⤵
  PID:7804
- C:\Windows\System\ncQIVAC.exe
  C:\Windows\System\ncQIVAC.exe
  2⤵
  PID:8660
- C:\Windows\System\XYYsWrg.exe
  C:\Windows\System\XYYsWrg.exe
  2⤵
  PID:14340
- C:\Windows\System\XLfoWpM.exe
  C:\Windows\System\XLfoWpM.exe
  2⤵
  PID:14368
- C:\Windows\System\oDfwFji.exe
  C:\Windows\System\oDfwFji.exe
  2⤵
  PID:14396
- C:\Windows\System\pmKbjVC.exe
  C:\Windows\System\pmKbjVC.exe
  2⤵
  PID:14424
- C:\Windows\System\xLbvOGJ.exe
  C:\Windows\System\xLbvOGJ.exe
  2⤵
  PID:14452
- C:\Windows\System\OBQkzGN.exe
  C:\Windows\System\OBQkzGN.exe
  2⤵
  PID:14480
- C:\Windows\System\AAvbeNN.exe
  C:\Windows\System\AAvbeNN.exe
  2⤵
  PID:14508
- C:\Windows\System\CmEosLF.exe
  C:\Windows\System\CmEosLF.exe
  2⤵
  PID:14536
- C:\Windows\System\JApdSgN.exe
  C:\Windows\System\JApdSgN.exe
  2⤵
  PID:14564
- C:\Windows\System\CXoZXOw.exe
  C:\Windows\System\CXoZXOw.exe
  2⤵
  PID:14592
- C:\Windows\System\SRSdLWQ.exe
  C:\Windows\System\SRSdLWQ.exe
  2⤵
  PID:14620
- C:\Windows\System\ueUrSMr.exe
  C:\Windows\System\ueUrSMr.exe
  2⤵
  PID:14688
- C:\Windows\System\tpfZYvf.exe
  C:\Windows\System\tpfZYvf.exe
  2⤵
  PID:14716
- C:\Windows\System\IrSOZrm.exe
  C:\Windows\System\IrSOZrm.exe
  2⤵
  PID:14744
- C:\Windows\System\zqmEwyK.exe
  C:\Windows\System\zqmEwyK.exe
  2⤵
  PID:14772
- C:\Windows\System\cmZYOdY.exe
  C:\Windows\System\cmZYOdY.exe
  2⤵
  PID:14800
- C:\Windows\System\LgJlLaa.exe
  C:\Windows\System\LgJlLaa.exe
  2⤵
  PID:14828
- C:\Windows\System\SuIwyOw.exe
  C:\Windows\System\SuIwyOw.exe
  2⤵
  PID:14856
- C:\Windows\System\gYtLyMK.exe
  C:\Windows\System\gYtLyMK.exe
  2⤵
  PID:14884
- C:\Windows\System\FLTrlpB.exe
  C:\Windows\System\FLTrlpB.exe
  2⤵
  PID:14912
- C:\Windows\System\ftKHShU.exe
  C:\Windows\System\ftKHShU.exe
  2⤵
  PID:14940
- C:\Windows\System\BWmyKmV.exe
  C:\Windows\System\BWmyKmV.exe
  2⤵
  PID:14968
- C:\Windows\System\DOJNUjx.exe
  C:\Windows\System\DOJNUjx.exe
  2⤵
  PID:15000
- C:\Windows\System\yRbgAfV.exe
  C:\Windows\System\yRbgAfV.exe
  2⤵
  PID:15028
- C:\Windows\System\KMyRJTO.exe
  C:\Windows\System\KMyRJTO.exe
  2⤵
  PID:15056
- C:\Windows\System\ievGSQm.exe
  C:\Windows\System\ievGSQm.exe
  2⤵
  PID:15084
- C:\Windows\System\kjTQcWR.exe
  C:\Windows\System\kjTQcWR.exe
  2⤵
  PID:15112
- C:\Windows\System\IhFPayR.exe
  C:\Windows\System\IhFPayR.exe
  2⤵
  PID:15156
- C:\Windows\System\AqhruPI.exe
  C:\Windows\System\AqhruPI.exe
  2⤵
  PID:15172
- C:\Windows\System\BPErpvA.exe
  C:\Windows\System\BPErpvA.exe
  2⤵
  PID:15200
- C:\Windows\System\TcGcgZQ.exe
  C:\Windows\System\TcGcgZQ.exe
  2⤵
  PID:15272
- C:\Windows\System\ivNrKQt.exe
  C:\Windows\System\ivNrKQt.exe
  2⤵
  PID:15332
- C:\Windows\System\KFWwHgw.exe
  C:\Windows\System\KFWwHgw.exe
  2⤵
  PID:9144
- C:\Windows\System\xzqLTto.exe
  C:\Windows\System\xzqLTto.exe
  2⤵
  PID:14492
- C:\Windows\System\mgpSpKN.exe
  C:\Windows\System\mgpSpKN.exe
  2⤵
  PID:14532
- C:\Windows\System\KrGJjDG.exe
  C:\Windows\System\KrGJjDG.exe
  2⤵
  PID:14636
- C:\Windows\System\zTaoHQf.exe
  C:\Windows\System\zTaoHQf.exe
  2⤵
  PID:14656
- C:\Windows\System\DfnJUgM.exe
  C:\Windows\System\DfnJUgM.exe
  2⤵
  PID:14664
- C:\Windows\System\yoHYDUt.exe
  C:\Windows\System\yoHYDUt.exe
  2⤵
  PID:14728
- C:\Windows\System\NtjJndt.exe
  C:\Windows\System\NtjJndt.exe
  2⤵
  PID:8356
- C:\Windows\System\yOLzEdL.exe
  C:\Windows\System\yOLzEdL.exe
  2⤵
  PID:14792
- C:\Windows\System\xJubeLr.exe
  C:\Windows\System\xJubeLr.exe
  2⤵
  PID:14824
- C:\Windows\System\GWnHrid.exe
  C:\Windows\System\GWnHrid.exe
  2⤵
  PID:14868
- C:\Windows\System\TPqTbEU.exe
  C:\Windows\System\TPqTbEU.exe
  2⤵
  PID:8496
- C:\Windows\System\dTrMVwH.exe
  C:\Windows\System\dTrMVwH.exe
  2⤵
  PID:9240
- C:\Windows\System\ScTeCaG.exe
  C:\Windows\System\ScTeCaG.exe
  2⤵
  PID:9288
- C:\Windows\System\VRCZQIB.exe
  C:\Windows\System\VRCZQIB.exe
  2⤵
  PID:9316
- C:\Windows\System\xfHrFkQ.exe
  C:\Windows\System\xfHrFkQ.exe
  2⤵
  PID:15052
- C:\Windows\System\sPgVDeo.exe
  C:\Windows\System\sPgVDeo.exe
  2⤵
  PID:9404
- C:\Windows\System\QtFoWLn.exe
  C:\Windows\System\QtFoWLn.exe
  2⤵
  PID:9468
- C:\Windows\System\LGTPWEx.exe
  C:\Windows\System\LGTPWEx.exe
  2⤵
  PID:15136
- C:\Windows\System\dAOUWcV.exe
  C:\Windows\System\dAOUWcV.exe
  2⤵
  PID:15228
- C:\Windows\System\vGXhdyU.exe
  C:\Windows\System\vGXhdyU.exe
  2⤵
  PID:15292
- C:\Windows\System\ClqzLca.exe
  C:\Windows\System\ClqzLca.exe
  2⤵
  PID:14352
- C:\Windows\System\VIWUnwr.exe
  C:\Windows\System\VIWUnwr.exe
  2⤵
  PID:8980
- C:\Windows\System\umoLTZi.exe
  C:\Windows\System\umoLTZi.exe
  2⤵
  PID:14416
- C:\Windows\System\KqDQWeS.exe
  C:\Windows\System\KqDQWeS.exe
  2⤵
  PID:9048
- C:\Windows\System\uAPLVyC.exe
  C:\Windows\System\uAPLVyC.exe
  2⤵
  PID:14448
- C:\Windows\System\qGbzqkI.exe
  C:\Windows\System\qGbzqkI.exe
  2⤵
  PID:14560
- C:\Windows\System\qdNdseO.exe
  C:\Windows\System\qdNdseO.exe
  2⤵
  PID:8604
- C:\Windows\System\zHdQfEs.exe
  C:\Windows\System\zHdQfEs.exe
  2⤵
  PID:7888
- C:\Windows\System\NloXiNI.exe
  C:\Windows\System\NloXiNI.exe
  2⤵
  PID:8664
- C:\Windows\System\fjPjuSu.exe
  C:\Windows\System\fjPjuSu.exe
  2⤵
  PID:14680
- C:\Windows\System\Botsbat.exe
  C:\Windows\System\Botsbat.exe
  2⤵
  PID:9584
- C:\Windows\System\ZVuvCAd.exe
  C:\Windows\System\ZVuvCAd.exe
  2⤵
  PID:6948
- C:\Windows\System\BnfSPDY.exe
  C:\Windows\System\BnfSPDY.exe
  2⤵
  PID:8964
- C:\Windows\System\fAjKzqK.exe
  C:\Windows\System\fAjKzqK.exe
  2⤵
  PID:14924
- C:\Windows\System\hZhBpJg.exe
  C:\Windows\System\hZhBpJg.exe
  2⤵
  PID:14960
- C:\Windows\System\GNBIwlA.exe
  C:\Windows\System\GNBIwlA.exe
  2⤵
  PID:9260
- C:\Windows\System\QEshbqF.exe
  C:\Windows\System\QEshbqF.exe
  2⤵
  PID:10168
- C:\Windows\System\cNLMwcW.exe
  C:\Windows\System\cNLMwcW.exe
  2⤵
  PID:15124
- C:\Windows\System\upcsfHr.exe
  C:\Windows\System\upcsfHr.exe
  2⤵
  PID:2904
- C:\Windows\System\mvfRsAf.exe
  C:\Windows\System\mvfRsAf.exe
  2⤵
  PID:10104
- C:\Windows\System\KFAMxcR.exe
  C:\Windows\System\KFAMxcR.exe
  2⤵
  PID:8776
- C:\Windows\System\cFONxdQ.exe
  C:\Windows\System\cFONxdQ.exe
  2⤵
  PID:4480
- C:\Windows\System\vmLKDlO.exe
  C:\Windows\System\vmLKDlO.exe
  2⤵
  PID:14984
- C:\Windows\System\ixOCHyw.exe
  C:\Windows\System\ixOCHyw.exe
  2⤵
  PID:2936
- C:\Windows\System\TTTZiVA.exe
  C:\Windows\System\TTTZiVA.exe
  2⤵
  PID:9748
- C:\Windows\System\BFwlkAb.exe
  C:\Windows\System\BFwlkAb.exe
  2⤵
  PID:6544
- C:\Windows\System\LkzVaKN.exe
  C:\Windows\System\LkzVaKN.exe
  2⤵
  PID:14476
- C:\Windows\System\NIDzYew.exe
  C:\Windows\System\NIDzYew.exe
  2⤵
  PID:8324
- C:\Windows\System\IxTvPxv.exe
  C:\Windows\System\IxTvPxv.exe
  2⤵
  PID:10376
- C:\Windows\System\HDWjsTx.exe
  C:\Windows\System\HDWjsTx.exe
  2⤵
  PID:10192
- C:\Windows\System\RFahxdJ.exe
  C:\Windows\System\RFahxdJ.exe
  2⤵
  PID:14616
- C:\Windows\System\TQVsTTx.exe
  C:\Windows\System\TQVsTTx.exe
  2⤵
  PID:4516
- C:\Windows\System\lmvKJPY.exe
  C:\Windows\System\lmvKJPY.exe
  2⤵
  PID:10580
- C:\Windows\System\sXzeLXb.exe
  C:\Windows\System\sXzeLXb.exe
  2⤵
  PID:6896
- C:\Windows\System\gsWumzV.exe
  C:\Windows\System\gsWumzV.exe
  2⤵
  PID:9744
- C:\Windows\System\nWsjWkf.exe
  C:\Windows\System\nWsjWkf.exe
  2⤵
  PID:14848
- C:\Windows\System\DDZeEgK.exe
  C:\Windows\System\DDZeEgK.exe
  2⤵
  PID:14908
- C:\Windows\System\CaQfhbY.exe
  C:\Windows\System\CaQfhbY.exe
  2⤵
  PID:9996
- C:\Windows\System\HDpfyHf.exe
  C:\Windows\System\HDpfyHf.exe
  2⤵
  PID:14980
- C:\Windows\System\sAkJNMn.exe
  C:\Windows\System\sAkJNMn.exe
  2⤵
  PID:5096
- C:\Windows\System\igCFhoF.exe
  C:\Windows\System\igCFhoF.exe
  2⤵
  PID:15040
- C:\Windows\System\PclQIeF.exe
  C:\Windows\System\PclQIeF.exe
  2⤵
  PID:10876
- C:\Windows\System\WtZukDa.exe
  C:\Windows\System\WtZukDa.exe
  2⤵
  PID:10888
- C:\Windows\System\IKKFDVJ.exe
  C:\Windows\System\IKKFDVJ.exe
  2⤵
  PID:10932
- C:\Windows\System\gerccvG.exe
  C:\Windows\System\gerccvG.exe
  2⤵
  PID:15168
- C:\Windows\System\hqDcDwy.exe
  C:\Windows\System\hqDcDwy.exe
  2⤵
  PID:15184
- C:\Windows\System\kGAIYSJ.exe
  C:\Windows\System\kGAIYSJ.exe
  2⤵
  PID:10988
- C:\Windows\System\XYBPqHm.exe
  C:\Windows\System\XYBPqHm.exe
  2⤵
  PID:9572
- C:\Windows\System\ePwAtzC.exe
  C:\Windows\System\ePwAtzC.exe
  2⤵
  PID:15248
- C:\Windows\System\RaScYZf.exe
  C:\Windows\System\RaScYZf.exe
  2⤵
  PID:15260
- C:\Windows\System\Bcozuvc.exe
  C:\Windows\System\Bcozuvc.exe
  2⤵
  PID:9688
- C:\Windows\System\gJSpOXF.exe
  C:\Windows\System\gJSpOXF.exe
  2⤵
  PID:15300
- C:\Windows\System\xBWOior.exe
  C:\Windows\System\xBWOior.exe
  2⤵
  PID:9776
- C:\Windows\System\DWWwhNQ.exe
  C:\Windows\System\DWWwhNQ.exe
  2⤵
  PID:15320
- C:\Windows\System\bNrzoSk.exe
  C:\Windows\System\bNrzoSk.exe
  2⤵
  PID:10228
- C:\Windows\System\prOaEiA.exe
  C:\Windows\System\prOaEiA.exe
  2⤵
  PID:10336
- C:\Windows\System\APgqlWQ.exe
  C:\Windows\System\APgqlWQ.exe
  2⤵
  PID:9528
- C:\Windows\System\EBEjwkf.exe
  C:\Windows\System\EBEjwkf.exe
  2⤵
  PID:10556
- C:\Windows\System\jDRFoRH.exe
  C:\Windows\System\jDRFoRH.exe
  2⤵
  PID:10632
- C:\Windows\System\ISHKakn.exe
  C:\Windows\System\ISHKakn.exe
  2⤵
  PID:10676
- C:\Windows\System\pIJmKaH.exe
  C:\Windows\System\pIJmKaH.exe
  2⤵
  PID:10760
- C:\Windows\System\HgHLnri.exe
  C:\Windows\System\HgHLnri.exe
  2⤵
  PID:14528
- C:\Windows\System\cQGTyIW.exe
  C:\Windows\System\cQGTyIW.exe
  2⤵
  PID:10928
- C:\Windows\System\jazDeFw.exe
  C:\Windows\System\jazDeFw.exe
  2⤵
  PID:10496
- C:\Windows\System\FhKZpcm.exe
  C:\Windows\System\FhKZpcm.exe
  2⤵
  PID:11100
- C:\Windows\System\bLHMYJh.exe
  C:\Windows\System\bLHMYJh.exe
  2⤵
  PID:14784
- C:\Windows\System\zDpFanO.exe
  C:\Windows\System\zDpFanO.exe
  2⤵
  PID:10660
- C:\Windows\System\EGXDJoA.exe
  C:\Windows\System\EGXDJoA.exe
  2⤵
  PID:1856
- C:\Windows\System\XnOcqgZ.exe
  C:\Windows\System\XnOcqgZ.exe
  2⤵
  PID:10476
- C:\Windows\System\MgjeNYV.exe
  C:\Windows\System\MgjeNYV.exe
  2⤵
  PID:10808
- C:\Windows\System\sPuSxtL.exe
  C:\Windows\System\sPuSxtL.exe
  2⤵
  PID:10212
- C:\Windows\System\ULgwfzM.exe
  C:\Windows\System\ULgwfzM.exe
  2⤵
  PID:9496
- C:\Windows\System\PtTnIjQ.exe
  C:\Windows\System\PtTnIjQ.exe
  2⤵
  PID:10000
- C:\Windows\System\hHvmkdZ.exe
  C:\Windows\System\hHvmkdZ.exe
  2⤵
  PID:9492
- C:\Windows\System\wEiHOnu.exe
  C:\Windows\System\wEiHOnu.exe
  2⤵
  PID:11064
- C:\Windows\System\ifNecfa.exe
  C:\Windows\System\ifNecfa.exe
  2⤵
  PID:652
- C:\Windows\System\FWDIAaz.exe
  C:\Windows\System\FWDIAaz.exe
  2⤵
  PID:11176
- C:\Windows\System\SEVBlqe.exe
  C:\Windows\System\SEVBlqe.exe
  2⤵
  PID:10560
- C:\Windows\System\ZGwFYOi.exe
  C:\Windows\System\ZGwFYOi.exe
  2⤵
  PID:9816
- C:\Windows\System\avEJMno.exe
  C:\Windows\System\avEJMno.exe
  2⤵
  PID:9852
- C:\Windows\System\rzEYsls.exe
  C:\Windows\System\rzEYsls.exe
  2⤵
  PID:10420
- C:\Windows\System\sfxUWYm.exe
  C:\Windows\System\sfxUWYm.exe
  2⤵
  PID:10136
- C:\Windows\System\feeYWSk.exe
  C:\Windows\System\feeYWSk.exe
  2⤵
  PID:10012
- C:\Windows\System\MScecAY.exe
  C:\Windows\System\MScecAY.exe
  2⤵
  PID:11452
- C:\Windows\System\InwMBDz.exe
  C:\Windows\System\InwMBDz.exe
  2⤵
  PID:10452
- C:\Windows\System\FqoMWow.exe
  C:\Windows\System\FqoMWow.exe
  2⤵
  PID:11164
- C:\Windows\System\IjrxoeK.exe
  C:\Windows\System\IjrxoeK.exe
  2⤵
  PID:6564
- C:\Windows\System\FTgrjaL.exe
  C:\Windows\System\FTgrjaL.exe
  2⤵
  PID:7228
- C:\Windows\System\HQoYVyB.exe
  C:\Windows\System\HQoYVyB.exe
  2⤵
  PID:9412
- C:\Windows\System\iKAtPbI.exe
  C:\Windows\System\iKAtPbI.exe
  2⤵
  PID:11580
- C:\Windows\System\MDazvil.exe
  C:\Windows\System\MDazvil.exe
  2⤵
  PID:15244
- C:\Windows\System\IpUkXtt.exe
  C:\Windows\System\IpUkXtt.exe
  2⤵
  PID:11664
- C:\Windows\System\tQKgGBn.exe
  C:\Windows\System\tQKgGBn.exe
  2⤵
  PID:11720
- C:\Windows\System\ewnscuE.exe
  C:\Windows\System\ewnscuE.exe
  2⤵
  PID:11740
- C:\Windows\System\lGwUnXH.exe
  C:\Windows\System\lGwUnXH.exe
  2⤵
  PID:11332
- C:\Windows\System\nVdHTRV.exe
  C:\Windows\System\nVdHTRV.exe
  2⤵
  PID:9604
- C:\Windows\System\apygSCD.exe
  C:\Windows\System\apygSCD.exe
  2⤵
  PID:9992
- C:\Windows\System\fadTcHl.exe
  C:\Windows\System\fadTcHl.exe
  2⤵
  PID:9548
- C:\Windows\System\JqTdkTa.exe
  C:\Windows\System\JqTdkTa.exe
  2⤵
  PID:10644
- C:\Windows\System\NhebJlP.exe
  C:\Windows\System\NhebJlP.exe
  2⤵
  PID:9600
- C:\Windows\System\YCoWAIh.exe
  C:\Windows\System\YCoWAIh.exe
  2⤵
  PID:12020
- C:\Windows\System\jKSVUxG.exe
  C:\Windows\System\jKSVUxG.exe
  2⤵
  PID:12032
- C:\Windows\System\iQWVcUY.exe
  C:\Windows\System\iQWVcUY.exe
  2⤵
  PID:11748
- C:\Windows\System\mDKbzuU.exe
  C:\Windows\System\mDKbzuU.exe
  2⤵
  PID:10492
- C:\Windows\System\oOlsPyZ.exe
  C:\Windows\System\oOlsPyZ.exe
  2⤵
  PID:11852
- C:\Windows\System\dknyBzp.exe
  C:\Windows\System\dknyBzp.exe
  2⤵
  PID:1208
- C:\Windows\System\OnDvmzA.exe
  C:\Windows\System\OnDvmzA.exe
  2⤵
  PID:11628
- C:\Windows\System\ffnNAos.exe
  C:\Windows\System\ffnNAos.exe
  2⤵
  PID:12196
- C:\Windows\System\qsgbXLe.exe
  C:\Windows\System\qsgbXLe.exe
  2⤵
  PID:7324
- C:\Windows\System\gHJlqYf.exe
  C:\Windows\System\gHJlqYf.exe
  2⤵
  PID:11216
- C:\Windows\System\ywcPmwx.exe
  C:\Windows\System\ywcPmwx.exe
  2⤵
  PID:12168
- C:\Windows\System\DpMWruj.exe
  C:\Windows\System\DpMWruj.exe
  2⤵
  PID:8384
- C:\Windows\System\zuIaxSM.exe
  C:\Windows\System\zuIaxSM.exe
  2⤵
  PID:12040
- C:\Windows\System\JcyHdEh.exe
  C:\Windows\System\JcyHdEh.exe
  2⤵
  PID:15400
- C:\Windows\System\GiyBWeA.exe
  C:\Windows\System\GiyBWeA.exe
  2⤵
  PID:15420
- C:\Windows\System\JcjcjbU.exe
  C:\Windows\System\JcjcjbU.exe
  2⤵
  PID:15448
- C:\Windows\System\XeCbiHN.exe
  C:\Windows\System\XeCbiHN.exe
  2⤵
  PID:15476
- C:\Windows\System\tXUeAtG.exe
  C:\Windows\System\tXUeAtG.exe
  2⤵
  PID:15504
- C:\Windows\System\mvENclH.exe
  C:\Windows\System\mvENclH.exe
  2⤵
  PID:15532
- C:\Windows\System\NWCKaVF.exe
  C:\Windows\System\NWCKaVF.exe
  2⤵
  PID:15560
- C:\Windows\System\UDxnpUn.exe
  C:\Windows\System\UDxnpUn.exe
  2⤵
  PID:15588
- C:\Windows\System\ptYNfno.exe
  C:\Windows\System\ptYNfno.exe
  2⤵
  PID:15616
- C:\Windows\System\sWImCBc.exe
  C:\Windows\System\sWImCBc.exe
  2⤵
  PID:15644
- C:\Windows\System\VtarQKm.exe
  C:\Windows\System\VtarQKm.exe
  2⤵
  PID:15672
- C:\Windows\System\LYOBzwx.exe
  C:\Windows\System\LYOBzwx.exe
  2⤵
  PID:15700
- C:\Windows\System\EDbYKlA.exe
  C:\Windows\System\EDbYKlA.exe
  2⤵
  PID:15728
- C:\Windows\System\jUXcfVJ.exe
  C:\Windows\System\jUXcfVJ.exe
  2⤵
  PID:15756
- C:\Windows\System\ThXvSYZ.exe
  C:\Windows\System\ThXvSYZ.exe
  2⤵
  PID:15784
- C:\Windows\System\MpknxKF.exe
  C:\Windows\System\MpknxKF.exe
  2⤵
  PID:15812
- C:\Windows\System\nmPsXrR.exe
  C:\Windows\System\nmPsXrR.exe
  2⤵
  PID:15840
- C:\Windows\System\arwEDhI.exe
  C:\Windows\System\arwEDhI.exe
  2⤵
  PID:15868
- C:\Windows\System\ShtKVuO.exe
  C:\Windows\System\ShtKVuO.exe
  2⤵
  PID:15896
- C:\Windows\System\zoAhmMV.exe
  C:\Windows\System\zoAhmMV.exe
  2⤵
  PID:15924
- C:\Windows\System\xsheZDZ.exe
  C:\Windows\System\xsheZDZ.exe
  2⤵
  PID:15952
- C:\Windows\System\opUYEsm.exe
  C:\Windows\System\opUYEsm.exe
  2⤵
  PID:15980
- C:\Windows\System\LgLCEfU.exe
  C:\Windows\System\LgLCEfU.exe
  2⤵
  PID:16008
- C:\Windows\System\svykYqS.exe
  C:\Windows\System\svykYqS.exe
  2⤵
  PID:16036
- C:\Windows\System\jhotCai.exe
  C:\Windows\System\jhotCai.exe
  2⤵
  PID:16064
- C:\Windows\System\wZMONjp.exe
  C:\Windows\System\wZMONjp.exe
  2⤵
  PID:16092
- C:\Windows\System\YKgacFc.exe
  C:\Windows\System\YKgacFc.exe
  2⤵
  PID:16120
- C:\Windows\System\sFdqufF.exe
  C:\Windows\System\sFdqufF.exe
  2⤵
  PID:16152
- C:\Windows\System\THqSqgU.exe
  C:\Windows\System\THqSqgU.exe
  2⤵
  PID:16180
- C:\Windows\System\HXxpyRW.exe
  C:\Windows\System\HXxpyRW.exe
  2⤵
  PID:16208
- C:\Windows\System\EOWZZem.exe
  C:\Windows\System\EOWZZem.exe
  2⤵
  PID:16236
- C:\Windows\System\WwnCDHq.exe
  C:\Windows\System\WwnCDHq.exe
  2⤵
  PID:16264
- C:\Windows\System\ZJynJSy.exe
  C:\Windows\System\ZJynJSy.exe
  2⤵
  PID:16292
- C:\Windows\System\vmiveUQ.exe
  C:\Windows\System\vmiveUQ.exe
  2⤵
  PID:16320
- C:\Windows\System\hwuzGlU.exe
  C:\Windows\System\hwuzGlU.exe
  2⤵
  PID:16348
- C:\Windows\System\lnoPwmy.exe
  C:\Windows\System\lnoPwmy.exe
  2⤵
  PID:16376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System\BMQbiqJ.exe

Filesize
6.0MB

MD5
6f88751ab77a06bad819aa31868cadfa

SHA1
3e30fb5b21e5a6595a39b38b938cc1116f8e9cf5

SHA256
c454e68aeea94d02c02728de7c71667e0e3dfa734431e0aff46fb3cab574abec

SHA512
9b755e07fc7d0426553b7f157909e66a7ebafe8b31813da25422378fc9d8e1c0d631b5be4aa73a7d00c9ce5ab48c1c4b7ae4542e7d8f6d5633dc4f3bade35133

Download Submit
C:\Windows\System\BxpuKJR.exe

Filesize
6.0MB

MD5
2bfa803e9a9c3cc9c85ec7195621a5e7

SHA1
8de2696ce8b2dab80ad329d8c6748801618eaf1e

SHA256
d5ca860abaaf15578ed8bde53d2ed96916a0b26a4a7c7bbdc117f05c641495f2

SHA512
eec92bdc73cce625c23372eeff8587e200af324c99b0ae0136c106dfdd9943db00243c97be73540f4ef9263b541eaa300e7a2f7986bf2dc63596d179ac3a537d

Download Submit
C:\Windows\System\Bydbcee.exe

Filesize
6.0MB

MD5
e8c49de9735d7bf6d6237c31f8e5af12

SHA1
5f1dbc9efde41c428c168a871e8c1c1597de474b

SHA256
aab6bc55f4b6a5f45e6e4dc42bac06775e00b4b284a1b764f9aa03844dd56b9c

SHA512
5d4a9316297a4804854c211f1378bb49b8db3a51cb27da8fabdab04fff2c4df651ef2ddc1a7c7d51fcd065fd2f41a831157891135963e37706a23c972d9d5886

Download Submit
C:\Windows\System\CADJZQX.exe

Filesize
6.0MB

MD5
a60b3002e1dfb752a0c05ace1f87cde1

SHA1
137d6f75adb6a31f5a3be51a904b940b2313f676

SHA256
f7b18b526944ff00ae82d4c07cfc0c870c52e121a851c54adc45117b9c646804

SHA512
c0a7abe4791c9b48c6bf0d914415b4feb21b91686075a77523479d2142e63713bb62529b2afea821de09c556f6a8e9ddb20bb32d099a05547b0d9897c16038bc

Download Submit
C:\Windows\System\DKzkDmX.exe

Filesize
6.0MB

MD5
1d304b65470a5cc93c82a607075899a3

SHA1
9b7176f7a7efb4f759d82ed49db88f00228fc357

SHA256
47cc4caefc64e3bbace4999324127bb0e517667be155274cc5becd4c89720931

SHA512
e1da9a333dabf00a079385aba78aa8ec4ca57c7dec90cfc17295d96f7acdec19e0e1ffa5f6d0a9954dce9e038c4099fc73f1596c1d0590e192d6d0c2f360cfba

Download Submit
C:\Windows\System\HMZDSto.exe

Filesize
6.0MB

MD5
2ec022edcda93c604fb2124c5c01515d

SHA1
2f42904ff672d5ef69eaef09b9ea9d810ff4f3c4

SHA256
17064a3124c3e97f21096725ca909233531f50d7d7788bdeaf858ac005d9244e

SHA512
43ffc82a5333881ef6d8ec9747c794c75ec4b92e5828225fa5f97200c5e3fecd0da794ab4893124593ff4f2cd748bceb70f25cc02b52d6eb4643c293a541425a

Download Submit
C:\Windows\System\JMNaipE.exe

Filesize
6.0MB

MD5
6bb511b8ef366c183956a436bd512baf

SHA1
66b0e25d3eefeb2e082e5167bd844c207058777f

SHA256
f0dce454f7d5e487559599243bac7e6183ec860d479e9763b3c6d2b52c85d56c

SHA512
ee21b31488b8e083e9ee2ba8f24d81863293c7fcb89b91a27235fa1864f677d1701c150fc976d31a686f3217a20de7ffdd2f92bc276dc2faecd18aaa9856aaa2

Download Submit
C:\Windows\System\RYUFGlS.exe

Filesize
6.0MB

MD5
d4f643cfe52f38383ea74863d1530eca

SHA1
19cbd04cd33285eb2eb69cff7fde689cedd1629e

SHA256
d595c632bd614812a5af9ac17e54b126c1db0c0ddd5d64d4d964c03e04105885

SHA512
af8c7522bc04db5974ebbfa3cdd127ce095da7c541efcc938717cffa04d38cf478494420e59dbae7152900a303271507734d475b72b8df25fde7798e7bc995b5

Download Submit
C:\Windows\System\RbXbuoo.exe

Filesize
6.0MB

MD5
f286ddb1d182557c513185da0085abf1

SHA1
1b4f54f4b541d5eb12fed4cd292edab412f85cc5

SHA256
5465d57dfea69a95399b882413e3360357f546165e9ae6207e56a9772aa1fca8

SHA512
7a2ba7a010ed663cf3562424e9ef5f3363273e92e638052968ab517fa03683316c7a9073c64f21572d6efc30acce6a6a50c87ac9ff3d492d24f934597cefbd28

Download Submit
C:\Windows\System\SRibWJW.exe

Filesize
6.0MB

MD5
ce89f13335fcdd1bfdef1d17e585a72e

SHA1
d8656e749298a73769470de099b45fc54bf14404

SHA256
ee6b98fdba2b84732e9fa570ee7e81dd121a870665f1a2154ae080a393f31110

SHA512
ab3233c6067f99364028d578959d19ef3569158a72a70e171fd1cfd23828f6b71ddc9241b2de456c320943daa9d7c2bb929fef6c951998afa4b5f3dbcf9f94ba

Download Submit
C:\Windows\System\SiGAaQY.exe

Filesize
6.0MB

MD5
e325dbbfed0b118c3a8c87d17d34e6f1

SHA1
e51acf9f2233d8bed24188ad2f71362fdec144bd

SHA256
13b226eefb1e242be111331a7ebcc80d384a517e475cb9eb3a0f3aad0cd5236a

SHA512
d191a8cac45cef3fcdee48e2fb7a97a533d23ddfb9b5217f8d750d279606010412cd0316e50516e3c7ddd3d4122631e97d011f7a47b458df89972836be0b6823

Download Submit
C:\Windows\System\VmpBJIn.exe

Filesize
6.0MB

MD5
17884c91ca32182ee0cfbc6a117c43f8

SHA1
9782bd44693d465006cbe9fdbaaa6e86ee9ffffb

SHA256
0623649be2b587854e99f8600d8404f860e5b240daeb4d4e0fcf27b5ec3f7e2c

SHA512
77c92566f13e169b1bada43b026461987b908945eaea70b7c3ee17e8784f9f64e4b08b287b08315b97431c25bccb18dfc2b2b164a22fa11359c054cf608ef7b6

Download Submit
C:\Windows\System\VxXfZDD.exe

Filesize
6.0MB

MD5
fe661296ffc5da5266b99d4884281392

SHA1
ed9e992373f25ee29f539abdbe338de7667e27f4

SHA256
537c6eca1b3a20d20cbd4cf580d80c59910d9c97f02b0a84c5e3f93467ab3831

SHA512
de6531fef548f7bfb055a7d031db9ff1b57b18d7f98f3c88075ed55cd079c028ed1840a618dcabb532b3c9fe5e59f604de1dabc0d88594ebe3451ef036facff1

Download Submit
C:\Windows\System\XcmAtOH.exe

Filesize
6.0MB

MD5
7a7fb0516b13847953d88ec464b865bb

SHA1
bac463927c644b4185296dfd43d015a17574154a

SHA256
c14cec68a18c9cfc0a0e05def47cbe389735cc89bf0b85285cd9789b39a0fa2a

SHA512
e61a44647efb4cd355b0a2e2743c872d8011ad3f3dca0fcedba930d7ca30dfe51b121f0b864979f36b038e12ae1a5db3ce954cbd55dbaeb7085d16af05e4786c

Download Submit
C:\Windows\System\YOkOWOj.exe

Filesize
6.0MB

MD5
7dda6584c28f6d2179dca32a651ec84f

SHA1
d8a543c03976f2a4664fb8af1ec3b9f138ff7b94

SHA256
17a3e1f9ba06560c6258225cb53e1ac22190fe0417d1a808ad938ad1d0d4e1c6

SHA512
56c579107deed9c1932e158896fa99b07dc4eedfd619c885bfe3d7fe2d0e701579d38d43735023d1999ba21f3714539620e714e220c8238f4ee0951f5facbe1c

Download Submit
C:\Windows\System\YevxOga.exe

Filesize
6.0MB

MD5
5491944f13d3d4dc33c391d6c52863fc

SHA1
95ead51803216f181d2e10d5cd42172fa11c13e5

SHA256
08e14434341ffd0653edf3567c0a3eb7fba490a32c838a210182871465cdeda9

SHA512
8590b89ad8bc1d7f683971f5523269f38aa88903961f07b951c039c56ec48e6af0e577491e9ef0f3d1d013e66a69dc29f60bfa9de90532b6656c4db981353424

Download Submit
C:\Windows\System\YvfFMjL.exe

Filesize
6.0MB

MD5
4bcfbec6a7f07d0aa617d02fe1e0f24d

SHA1
b43a58f6b7896aa2289dc8361a3e0820183133a8

SHA256
f04f9fc2b581ee8d2d258c280213428e3f44126728b3f820e41c4af3411fda0a

SHA512
edcc1a3443965fc77b44753000e31e3e6420b4ca70653c69ac30642835446bef69d426e8f676fb2a2c90ad3e7081bdba454db34aca8428a4995ec0be843b0025

Download Submit
C:\Windows\System\ZadKHnl.exe

Filesize
6.0MB

MD5
a9870402cc47609e9996c474e533b613

SHA1
cbaaafd62510e7818e2b004dab081db0d1b1aedb

SHA256
c1870c9375c7fcb13a70ea6bfaba74ead5e4a1a02c4cdd9b73495a8638198fb8

SHA512
caccaac4ac32326a51301809f8719aee239f21aa3b1e7419a5dc09b3f70ae3f406a46a5523bf9d5c1a6669b2b0e433ce832f5918925ebe3fb6ede5db6fa9280b

Download Submit
C:\Windows\System\ZtovEKX.exe

Filesize
6.0MB

MD5
f095c97267e2a5f15ef9a9fb2752141f

SHA1
02499e796ce66efe1e0775e5e2bc9584510d032e

SHA256
f3776db44745061d50accbbc3546cc4fab28744905c5cd8a13a90fd4a8315a16

SHA512
2d2fb4c947589b0766cac6f757f4ad8cabdbd8fa440d37e76bc27687bd7f8afd9462be3940b95053adbc397da2cbe8043f2e5f06e9672189a6aa3186ffcac2c6

Download Submit
C:\Windows\System\aunzZaU.exe

Filesize
6.0MB

MD5
3cb2837c6537aa6fd3e115658adc4755

SHA1
f8c02a7bc530c3c09bcb7de6796973e001a1a649

SHA256
9ca1016cbc8755ac64607c1d2b2111ed89d6faa37d58d5df37c957a02b78ed0c

SHA512
fe3903dbbf2d16ff23776444289c0a2414029225c55324ab01e695d604d88a00aed70ded2f3e60a2993a212f6e08b60dc8c9e76635450ee76d1021ed62598941

Download Submit
C:\Windows\System\cGEqFDj.exe

Filesize
6.0MB

MD5
bc5ab7eef30cf569084c660d320b4f71

SHA1
af4deb164e597ed49acbec01a2eb5725bd15cffc

SHA256
fa83300bb701098aff8c6b240c4f637988af499f841ea3eac3c30566634bbdae

SHA512
977017ac7b3cdb92e80e75ae90f98df85c514c9c510b52255a6e93eb6d9424a179666aeb44cd3d3b7ee18e9740b1cd4bf4fe714ed04361cf7d17d2a1ad3e60d1

Download Submit
C:\Windows\System\cyTtIHf.exe

Filesize
6.0MB

MD5
37301f4edfe82c7ea806bdb161fcfdb4

SHA1
fe5bdaf095f5e27c5d9854f8411ff9fffda5fcc9

SHA256
36a3baaf7914a9656a519d7305f0b3ee9d2a18e403a0e71988626a880a37eefd

SHA512
d458100d4f6f5abbbf8332579e2af2785fb8d56928bee82123cf066b8e9d6314450749a529e95d15a52e3c1543275e4c2fb40f7e6853b5131d696772531d80a7

Download Submit
C:\Windows\System\fhewsLi.exe

Filesize
6.0MB

MD5
9aa9ac0d3cf660eb69127bcc6e68089b

SHA1
00cd13bb19d339e244ecc14980d7ff31f1eed260

SHA256
3d9a0d45599f227e32c67f311a4d111ca5cd8710efca64a35ea795f4969ad87c

SHA512
fc0dd6b0da425a7c925e1a2c99a86240616d7655c0563ec65e82eabe0648bac6c550a98f2dcd2876ddf3ddba39bc74f87669bd476bdd44574c09f0681de93303

Download Submit
C:\Windows\System\gGhHKnL.exe

Filesize
6.0MB

MD5
8c7b6e52ca52fe78031506dccd9504e1

SHA1
f3aaf0398155cfe10f51cb88ac12c8f72acb40c0

SHA256
dd9e8601a989e6ae74b0cfd2a57819d290cd4209417c91d16bc6546387f26995

SHA512
480b8fed7df1fe85e91288c91e5d398b879fabec47a774f4736dae0c4bdbb7372e965b4bc24a6ccb4d0887a4417661bc70bcda4da36e57a353d3d612021e99f2

Download Submit
C:\Windows\System\gvlzaUv.exe

Filesize
6.0MB

MD5
55f75123f9cca19c93e69287a88ff5c2

SHA1
2bab08a4435b2b095163054f6a8997682491251c

SHA256
af4544c75ecf7a8d6bda660fbfa526101e842fec99348dc672693bc0fd1d5213

SHA512
b6886d945429d38febcdbff65287a3439426080ac00f5396d1e3cbf73ccc0f1b68bee38adf1b664325e5d489d83d924fb53415efa4fd0a6f73e7f2735dd065ee

Download Submit
C:\Windows\System\joarRUq.exe

Filesize
6.0MB

MD5
397cae28ce1ebb9f02f0ea3282053e9f

SHA1
c22781988ab545e33e9151d9276886d437131531

SHA256
4a45019fea8bc3df0a7c11a362c8f3a2c18147e05b462e728bdc9b3c4a4b3b47

SHA512
74d0d94dc5c4ee6874f25ffaa35873cc9fb783e7b69577f99e132b8bdd06df5b477fa75b27490568f211465898b62eec6bd5408319c46ed1157bcc8bf9d8c60d

Download Submit
C:\Windows\System\neIqLDg.exe

Filesize
6.0MB

MD5
e6c63b7ca975e0d29ce0d84f1b2b4aae

SHA1
ee57fda18d9bf5b81b7c8248b9325e36c27e9b88

SHA256
b93718a72787cf5e72a23bda13ff43fd2c729c68c79acb29e5df15a294bffcbd

SHA512
65b72426989ee42a6aede82c76d4e460a5790da0ae52418bd0f8955f49bb934691f643797036608d370755b5c48b83da931dfa094173eb90c053089fa36a6d7b

Download Submit
C:\Windows\System\ntHPcpj.exe

Filesize
6.0MB

MD5
44749d3e28257b3ff33059b0a28320a2

SHA1
8f5180ac9d3fca8f023f7efc92fd3d42a2d7a692

SHA256
c6847198479df49879acc46ba90a2e850d9dff885f8bfea29a22656aee6070eb

SHA512
41f582c9bcdad89fb616d9c8b753f40ada006b774cb0e520baddf4e254743078e0fd512dab7406df51826da4d63e02e6a2c3628899b2ce73d9157d0f6047a24c

Download Submit
C:\Windows\System\stPopYO.exe

Filesize
6.0MB

MD5
d31f22d522d3445bf8e37f62c715fc6d

SHA1
fe776348f125d3cb1e031cf4b4394970a09b6c61

SHA256
baef0c759a0c3e35cab5e88fa0fbd644dd83c79d77bbc13fac3bdcf5f4cc6c66

SHA512
6714742f278a7aa63bfb15d73036d8fccd4f6f71726702eb057ba287cf52e539d55200d910ba4369565f975c2de8346371f9c566d9160c0682f6ec9fd0350ded

Download Submit
C:\Windows\System\uHOnrSK.exe

Filesize
6.0MB

MD5
5ef71791df487a08ca4cbaa5ee526fa2

SHA1
a15805a98b2a2679c1eb867f12bf50aa6e80283a

SHA256
4e89609e30f071e179cd41d8480580547f39418e3a721331d2addab020e1327e

SHA512
61bd1e7b1075bb96fa4577dc3ac159efde8b6510ccfa62a9d3c00a2f3d06206be977a0a49d88facc87af80b810484576ba64556b43681adcb9191fdfde51247b

Download Submit
C:\Windows\System\vafAfpa.exe

Filesize
6.0MB

MD5
81e5d15bc945e013779578e5e1c5610b

SHA1
b1fb966a22a558011278e775dd9331db9e76daae

SHA256
27daab42dc79d674ac17bad23d5df6e32192329672abe49f07a0aeb3656ce643

SHA512
a3342384331f16ded199aced52b9b1cc231adca451af60336691bee20e024997d07b6d4347a5958a2960207f8981a0633053db0d7274e4833261335c7e93d4ab

Download Submit
C:\Windows\System\vvdAFHK.exe

Filesize
6.0MB

MD5
6e4cdc1cf0721175f69c7aee752b8515

SHA1
f5a6e84ba6751cbae780ee2a9e464a492040ebe2

SHA256
e20c646b58d09ee19f82dbd32b7dfdb0b0dbade71cb9794a1906818c84ae5791

SHA512
36ecc5298b95fe077b6b1001d41c8cd8eb54c317747f68b4fc805cfd4c6f918eca5ea6f1074f039e732b829df1498839902aa0449196afd15ef197955047e31c

Download Submit
C:\Windows\System\vyGHXnM.exe

Filesize
6.0MB

MD5
06f1f04c8352402c03196d08fdf65364

SHA1
5b807aa37a171c3310cced1139d6e9d4c1266e02

SHA256
c6193bd4ef6ae255fb5b547c4e50db03f1d8974f5742eab72a55b839242478ec

SHA512
ccd80b6672875cbc31ca01f26bb1cff482bf8d4092e3c383a0abbbedd8a2ac8fdfed9a65b34b411ba2f1c8b82a9590a862d570f5a205633f399e15106b7052b9

Download Submit
C:\Windows\System\yZtRTGl.exe

Filesize
6.0MB

MD5
872af4660ade60e0a837498939e5a4bd

SHA1
1cef84c4670bc7d7d68fd92f7d445e50aa3e4a18

SHA256
17ed8997146283cf78414d5d21695af2b55aa7e1ecfa3976eb464d6973425cef

SHA512
e5a502ca31a0349b5a1cc505b7a93a468d32555806020597fb44a894db58c40d0a9da3746187b0ef5a74983f8923793c264cb2ef953fa70a5881d651bf6c28d3

Download Submit
memory/116-1682-0x00007FF6A43E0000-0x00007FF6A4734000-memory.dmp

Filesize
3.3MB

Download
memory/116-412-0x00007FF6A43E0000-0x00007FF6A4734000-memory.dmp

Filesize
3.3MB

Download
memory/324-1678-0x00007FF74EF30000-0x00007FF74F284000-memory.dmp

Filesize
3.3MB

Download
memory/324-411-0x00007FF74EF30000-0x00007FF74F284000-memory.dmp

Filesize
3.3MB

Download
memory/876-1693-0x00007FF7D5BF0000-0x00007FF7D5F44000-memory.dmp

Filesize
3.3MB

Download
memory/876-416-0x00007FF7D5BF0000-0x00007FF7D5F44000-memory.dmp

Filesize
3.3MB

Download
memory/956-1690-0x00007FF642E10000-0x00007FF643164000-memory.dmp

Filesize
3.3MB

Download
memory/956-419-0x00007FF642E10000-0x00007FF643164000-memory.dmp

Filesize
3.3MB

Download
memory/988-1662-0x00007FF74F830000-0x00007FF74FB84000-memory.dmp

Filesize
3.3MB

Download
memory/988-390-0x00007FF74F830000-0x00007FF74FB84000-memory.dmp

Filesize
3.3MB

Download
memory/1344-82-0x00007FF708050000-0x00007FF7083A4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-26-0x00007FF708050000-0x00007FF7083A4000-memory.dmp

Filesize
3.3MB

Download
memory/1344-1570-0x00007FF708050000-0x00007FF7083A4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-1531-0x00007FF76FF80000-0x00007FF7702D4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-67-0x00007FF76FF80000-0x00007FF7702D4000-memory.dmp

Filesize
3.3MB

Download
memory/1388-14-0x00007FF76FF80000-0x00007FF7702D4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-394-0x00007FF637E80000-0x00007FF6381D4000-memory.dmp

Filesize
3.3MB

Download
memory/1676-1677-0x00007FF637E80000-0x00007FF6381D4000-memory.dmp

Filesize
3.3MB

Download
memory/1728-1657-0x00007FF617DE0000-0x00007FF618134000-memory.dmp

Filesize
3.3MB

Download
memory/1728-389-0x00007FF617DE0000-0x00007FF618134000-memory.dmp

Filesize
3.3MB

Download
memory/1876-48-0x00007FF7C7300000-0x00007FF7C7654000-memory.dmp

Filesize
3.3MB

Download
memory/1876-1624-0x00007FF7C7300000-0x00007FF7C7654000-memory.dmp

Filesize
3.3MB

Download
memory/1876-546-0x00007FF7C7300000-0x00007FF7C7654000-memory.dmp

Filesize
3.3MB

Download
memory/2092-1640-0x00007FF607890000-0x00007FF607BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-595-0x00007FF607890000-0x00007FF607BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-55-0x00007FF607890000-0x00007FF607BE4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-393-0x00007FF68EA80000-0x00007FF68EDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2240-1673-0x00007FF68EA80000-0x00007FF68EDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-387-0x00007FF681C90000-0x00007FF681FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2244-1660-0x00007FF681C90000-0x00007FF681FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-0-0x00007FF71F410000-0x00007FF71F764000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1-0x000001ED0DBE0000-0x000001ED0DBF0000-memory.dmp

Filesize
64KB

Download
memory/2348-54-0x00007FF71F410000-0x00007FF71F764000-memory.dmp

Filesize
3.3MB

Download
memory/2520-8-0x00007FF792E90000-0x00007FF7931E4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-1522-0x00007FF792E90000-0x00007FF7931E4000-memory.dmp

Filesize
3.3MB

Download
memory/2608-1642-0x00007FF746AB0000-0x00007FF746E04000-memory.dmp

Filesize
3.3MB

Download
memory/2608-66-0x00007FF746AB0000-0x00007FF746E04000-memory.dmp

Filesize
3.3MB

Download
memory/2608-596-0x00007FF746AB0000-0x00007FF746E04000-memory.dmp

Filesize
3.3MB

Download
memory/2728-413-0x00007FF625FA0000-0x00007FF6262F4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-1687-0x00007FF625FA0000-0x00007FF6262F4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-1689-0x00007FF64AF70000-0x00007FF64B2C4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-420-0x00007FF64AF70000-0x00007FF64B2C4000-memory.dmp

Filesize
3.3MB

Download
memory/3076-71-0x00007FF6EFF60000-0x00007FF6F02B4000-memory.dmp

Filesize
3.3MB

Download
memory/3076-636-0x00007FF6EFF60000-0x00007FF6F02B4000-memory.dmp

Filesize
3.3MB

Download
memory/3076-1646-0x00007FF6EFF60000-0x00007FF6F02B4000-memory.dmp

Filesize
3.3MB

Download
memory/3456-1679-0x00007FF6C07D0000-0x00007FF6C0B24000-memory.dmp

Filesize
3.3MB

Download
memory/3456-397-0x00007FF6C07D0000-0x00007FF6C0B24000-memory.dmp

Filesize
3.3MB

Download
memory/3512-1575-0x00007FF6C1090000-0x00007FF6C13E4000-memory.dmp

Filesize
3.3MB

Download
memory/3512-36-0x00007FF6C1090000-0x00007FF6C13E4000-memory.dmp

Filesize
3.3MB

Download
memory/3512-421-0x00007FF6C1090000-0x00007FF6C13E4000-memory.dmp

Filesize
3.3MB

Download
memory/3672-1619-0x00007FF647660000-0x00007FF6479B4000-memory.dmp

Filesize
3.3MB

Download
memory/3672-42-0x00007FF647660000-0x00007FF6479B4000-memory.dmp

Filesize
3.3MB

Download
memory/3672-486-0x00007FF647660000-0x00007FF6479B4000-memory.dmp

Filesize
3.3MB

Download
memory/3832-388-0x00007FF7A83E0000-0x00007FF7A8734000-memory.dmp

Filesize
3.3MB

Download
memory/3832-1658-0x00007FF7A83E0000-0x00007FF7A8734000-memory.dmp

Filesize
3.3MB

Download
memory/3904-1534-0x00007FF6014F0000-0x00007FF601844000-memory.dmp

Filesize
3.3MB

Download
memory/3904-72-0x00007FF6014F0000-0x00007FF601844000-memory.dmp

Filesize
3.3MB

Download
memory/3904-18-0x00007FF6014F0000-0x00007FF601844000-memory.dmp

Filesize
3.3MB

Download
memory/4192-88-0x00007FF604130000-0x00007FF604484000-memory.dmp

Filesize
3.3MB

Download
memory/4192-32-0x00007FF604130000-0x00007FF604484000-memory.dmp

Filesize
3.3MB

Download
memory/4192-1573-0x00007FF604130000-0x00007FF604484000-memory.dmp

Filesize
3.3MB

Download
memory/4824-1661-0x00007FF77F650000-0x00007FF77F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/4824-85-0x00007FF77F650000-0x00007FF77F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/4824-716-0x00007FF77F650000-0x00007FF77F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-1668-0x00007FF7F5270000-0x00007FF7F55C4000-memory.dmp

Filesize
3.3MB

Download
memory/4848-391-0x00007FF7F5270000-0x00007FF7F55C4000-memory.dmp

Filesize
3.3MB

Download
memory/4964-422-0x00007FF6194B0000-0x00007FF619804000-memory.dmp

Filesize
3.3MB

Download
memory/4964-1659-0x00007FF6194B0000-0x00007FF619804000-memory.dmp

Filesize
3.3MB

Download
memory/4980-392-0x00007FF6FC6A0000-0x00007FF6FC9F4000-memory.dmp

Filesize
3.3MB

Download
memory/4980-1671-0x00007FF6FC6A0000-0x00007FF6FC9F4000-memory.dmp

Filesize
3.3MB

Download
memory/5100-1648-0x00007FF7F1BF0000-0x00007FF7F1F44000-memory.dmp

Filesize
3.3MB

Download
memory/5100-714-0x00007FF7F1BF0000-0x00007FF7F1F44000-memory.dmp

Filesize
3.3MB

Download
memory/5100-75-0x00007FF7F1BF0000-0x00007FF7F1F44000-memory.dmp

Filesize
3.3MB

Download