cobaltstrike | f17cb6a3105c68919d02089bd9ef19924661276d1d0a7b4c2f9538828d38ef30

Analysis

max time kernel
124s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05-12-2024 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

91e12c22f1687c49b89ccaf86309481b
SHA1

207a915fa4d6a5443feb090893e7725977cd8a7a
SHA256

f17cb6a3105c68919d02089bd9ef19924661276d1d0a7b4c2f9538828d38ef30
SHA512

107987d2d387152fd32bd70acdc5fd3a566da6f49878864997dace1aecfffe3219a3551ae6112aeaff31364355eab451107e91f11a026208c78c4f1f42b65cd1
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUP:T+q56utgpPF8u/7P

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a00000001225f-3.dat	cobalt_reflective_dll
behavioral1/files/0x00140000000163b8-11.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164b1-15.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001653a-21.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000169f5-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016be6-35.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016bf7-41.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c03-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019329-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019369-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948d-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-113.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019371-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001937b-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019345-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019232-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001921d-65.dat	cobalt_reflective_dll
behavioral1/files/0x002e0000000160e7-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019214-56.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c4b-51.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001678f-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/1508-0-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/files/0x000a00000001225f-3.dat	xmrig
behavioral1/files/0x00140000000163b8-11.dat	xmrig
behavioral1/files/0x00080000000164b1-15.dat	xmrig
behavioral1/files/0x000800000001653a-21.dat	xmrig
behavioral1/files/0x00070000000169f5-30.dat	xmrig
behavioral1/files/0x0007000000016be6-35.dat	xmrig
behavioral1/files/0x0007000000016bf7-41.dat	xmrig
behavioral1/files/0x0009000000016c03-46.dat	xmrig
behavioral1/files/0x0005000000019329-75.dat	xmrig
behavioral1/files/0x0005000000019369-85.dat	xmrig
behavioral1/files/0x0005000000019382-98.dat	xmrig
behavioral1/files/0x000500000001948d-126.dat	xmrig
behavioral1/memory/1508-704-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2792-455-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/1336-453-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/548-451-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/2336-449-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/3012-447-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/3008-445-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2628-443-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2580-441-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2748-422-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2868-420-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2904-419-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2736-417-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2700-415-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2836-413-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-157.dat	xmrig
behavioral1/files/0x00050000000195c4-156.dat	xmrig
behavioral1/files/0x000500000001958b-155.dat	xmrig
behavioral1/files/0x00050000000195c6-150.dat	xmrig
behavioral1/files/0x00050000000193f0-120.dat	xmrig
behavioral1/files/0x00050000000193a8-105.dat	xmrig
behavioral1/files/0x00050000000195c2-141.dat	xmrig
behavioral1/files/0x00050000000194e2-131.dat	xmrig
behavioral1/files/0x000500000001945c-125.dat	xmrig
behavioral1/files/0x00050000000193e6-113.dat	xmrig
behavioral1/files/0x000500000001938e-103.dat	xmrig
behavioral1/files/0x0005000000019371-90.dat	xmrig
behavioral1/files/0x000500000001937b-95.dat	xmrig
behavioral1/files/0x0005000000019345-80.dat	xmrig
behavioral1/files/0x0005000000019232-70.dat	xmrig
behavioral1/files/0x000500000001921d-65.dat	xmrig
behavioral1/files/0x002e0000000160e7-61.dat	xmrig
behavioral1/files/0x0006000000019214-56.dat	xmrig
behavioral1/files/0x0009000000016c4b-51.dat	xmrig
behavioral1/files/0x000700000001678f-26.dat	xmrig
behavioral1/memory/1336-3233-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/memory/2700-3237-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2792-3238-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2904-3240-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2736-3243-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2836-3244-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/548-3262-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/3008-3267-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2868-3271-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/3012-3310-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2336-3270-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2580-3331-0x000000013F740000-0x000000013FA94000-memory.dmp	xmrig
behavioral1/memory/2748-3261-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2628-3258-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2792	mthJnWE.exe
2836	YHSUEzO.exe
2700	dDPDySr.exe
2736	VgodvjC.exe
2904	UVXrsPG.exe
2868	OjuJFPy.exe
2748	PATgBQO.exe
2580	KcgndKV.exe
2628	eseDkZN.exe
3008	tYxBMlk.exe
3012	kwHzruO.exe
2336	IZPWzuR.exe
548	QRYTGuw.exe
1336	lhZVzgh.exe
3004	fuVZgjN.exe
2672	fmwgLhM.exe
2268	SAJXVuw.exe
2176	wTmThVz.exe
1928	buggwte.exe
2880	peZnBFA.exe
1368	ImsDmXT.exe
2908	rjsFzOb.exe
1856	XtjPngX.exe
2140	IcoJvci.exe
1936	MucEiZB.exe
2220	NSoeJrE.exe
2308	yyoyNPh.exe
768	CtZfuDY.exe
1972	hAYOTqL.exe
2424	KKAoZtK.exe
804	sDIpIWO.exe
2316	ktDsoOu.exe
1624	QNCnTGr.exe
2456	DwRsjjA.exe
604	sLwiIWq.exe
1732	UkKZvwr.exe
2232	AVsVzzn.exe
448	eTIyfFi.exe
872	BkMMYCh.exe
976	hregaAV.exe
1364	CJFwEFS.exe
1376	wNcHwtQ.exe
1532	WwsGdVs.exe
1384	NvBjAcx.exe
828	IFMsWwJ.exe
2444	paXsXdQ.exe
892	VqiGZjz.exe
2364	LeyRdMl.exe
2020	IElhDVV.exe
2656	kEJUqQh.exe
2256	AHUBxcx.exe
1488	xrarxBi.exe
2980	YWdejju.exe
2488	YpMYvhU.exe
1864	BcLZSwa.exe
2504	FGGrgqL.exe
876	JWuLpNl.exe
1672	hQgDNfX.exe
1600	NhGQVov.exe
2732	LlVregJ.exe
2612	FqZQwuX.exe
2468	VntLEtX.exe
2692	riTYkwE.exe
2596	Vqrxraa.exe

Loads dropped DLL 64 IoCs

pid	Process
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1508-0-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/files/0x000a00000001225f-3.dat	upx
behavioral1/files/0x00140000000163b8-11.dat	upx
behavioral1/files/0x00080000000164b1-15.dat	upx
behavioral1/files/0x000800000001653a-21.dat	upx
behavioral1/files/0x00070000000169f5-30.dat	upx
behavioral1/files/0x0007000000016be6-35.dat	upx
behavioral1/files/0x0007000000016bf7-41.dat	upx
behavioral1/files/0x0009000000016c03-46.dat	upx
behavioral1/files/0x0005000000019329-75.dat	upx
behavioral1/files/0x0005000000019369-85.dat	upx
behavioral1/files/0x0005000000019382-98.dat	upx
behavioral1/files/0x000500000001948d-126.dat	upx
behavioral1/memory/1508-704-0x000000013FD00000-0x0000000140054000-memory.dmp	upx
behavioral1/memory/2792-455-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/1336-453-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/548-451-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2336-449-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/3012-447-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/3008-445-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2628-443-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2580-441-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2748-422-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2868-420-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2904-419-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2736-417-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2700-415-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2836-413-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-157.dat	upx
behavioral1/files/0x00050000000195c4-156.dat	upx
behavioral1/files/0x000500000001958b-155.dat	upx
behavioral1/files/0x00050000000195c6-150.dat	upx
behavioral1/files/0x00050000000193f0-120.dat	upx
behavioral1/files/0x00050000000193a8-105.dat	upx
behavioral1/files/0x00050000000195c2-141.dat	upx
behavioral1/files/0x00050000000194e2-131.dat	upx
behavioral1/files/0x000500000001945c-125.dat	upx
behavioral1/files/0x00050000000193e6-113.dat	upx
behavioral1/files/0x000500000001938e-103.dat	upx
behavioral1/files/0x0005000000019371-90.dat	upx
behavioral1/files/0x000500000001937b-95.dat	upx
behavioral1/files/0x0005000000019345-80.dat	upx
behavioral1/files/0x0005000000019232-70.dat	upx
behavioral1/files/0x000500000001921d-65.dat	upx
behavioral1/files/0x002e0000000160e7-61.dat	upx
behavioral1/files/0x0006000000019214-56.dat	upx
behavioral1/files/0x0009000000016c4b-51.dat	upx
behavioral1/files/0x000700000001678f-26.dat	upx
behavioral1/memory/1336-3233-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/memory/2700-3237-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2792-3238-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2904-3240-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2736-3243-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2836-3244-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/548-3262-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/3008-3267-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2868-3271-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/3012-3310-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2336-3270-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2580-3331-0x000000013F740000-0x000000013FA94000-memory.dmp	upx
behavioral1/memory/2748-3261-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2628-3258-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xdmmyGv.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nHZujbV.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgIhgiK.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbqtjpm.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pyshzLB.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ggmzkpf.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPdPpDT.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qVyBick.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYNpzJl.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UoNliNH.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycTpnvg.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MsTHfRt.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgodvjC.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAoJsIQ.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJNyyiL.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\btNFwqA.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVjfJUG.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mzckKHk.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bARHafr.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMSqiiz.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\igiHypT.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LqOmVVM.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBruSUX.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPAgSQh.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fuVZgjN.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYzofsD.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MhFxSTt.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHhplqT.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QppGWHP.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YpvUtss.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knptbUo.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuPWLFx.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImsDmXT.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qbuStYM.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sfGujSq.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HaoQAte.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RnQPzoY.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpYbiSp.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBlCjcI.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZquvjw.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCyIrqS.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fyRovcc.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIDOasu.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlVjMnq.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYwsAxO.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tNovenN.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eBjPxBy.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGwpbZr.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZCWDrEz.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IchSsWz.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFnNnwt.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OzEOfdy.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aonLTKy.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgAJXKX.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdvHHwS.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHXYmOD.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvSUtBz.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQgDNfX.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YeRDodf.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VKjLVzw.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hIWBZxs.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSAKXzr.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kOAvoqU.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuNBNDS.exe	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 2792	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1508 wrote to memory of 2792	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1508 wrote to memory of 2792	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1508 wrote to memory of 2836	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1508 wrote to memory of 2836	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1508 wrote to memory of 2836	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1508 wrote to memory of 2700	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1508 wrote to memory of 2700	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1508 wrote to memory of 2700	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1508 wrote to memory of 2736	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1508 wrote to memory of 2736	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1508 wrote to memory of 2736	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1508 wrote to memory of 2904	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1508 wrote to memory of 2904	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1508 wrote to memory of 2904	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1508 wrote to memory of 2868	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1508 wrote to memory of 2868	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1508 wrote to memory of 2868	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1508 wrote to memory of 2748	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1508 wrote to memory of 2748	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1508 wrote to memory of 2748	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1508 wrote to memory of 2580	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1508 wrote to memory of 2580	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1508 wrote to memory of 2580	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1508 wrote to memory of 2628	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1508 wrote to memory of 2628	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1508 wrote to memory of 2628	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1508 wrote to memory of 3008	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1508 wrote to memory of 3008	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1508 wrote to memory of 3008	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1508 wrote to memory of 3012	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1508 wrote to memory of 3012	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1508 wrote to memory of 3012	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1508 wrote to memory of 2336	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1508 wrote to memory of 2336	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1508 wrote to memory of 2336	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1508 wrote to memory of 548	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1508 wrote to memory of 548	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1508 wrote to memory of 548	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1508 wrote to memory of 1336	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1508 wrote to memory of 1336	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1508 wrote to memory of 1336	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1508 wrote to memory of 3004	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1508 wrote to memory of 3004	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1508 wrote to memory of 3004	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1508 wrote to memory of 2672	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1508 wrote to memory of 2672	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1508 wrote to memory of 2672	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1508 wrote to memory of 2268	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1508 wrote to memory of 2268	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1508 wrote to memory of 2268	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1508 wrote to memory of 2176	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1508 wrote to memory of 2176	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1508 wrote to memory of 2176	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1508 wrote to memory of 1928	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1508 wrote to memory of 1928	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1508 wrote to memory of 1928	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1508 wrote to memory of 1368	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1508 wrote to memory of 1368	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1508 wrote to memory of 1368	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1508 wrote to memory of 2880	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1508 wrote to memory of 2880	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1508 wrote to memory of 2880	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1508 wrote to memory of 1856	1508	2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-05_91e12c22f1687c49b89ccaf86309481b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Windows\System\mthJnWE.exe
  C:\Windows\System\mthJnWE.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\YHSUEzO.exe
  C:\Windows\System\YHSUEzO.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\dDPDySr.exe
  C:\Windows\System\dDPDySr.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\VgodvjC.exe
  C:\Windows\System\VgodvjC.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\UVXrsPG.exe
  C:\Windows\System\UVXrsPG.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\OjuJFPy.exe
  C:\Windows\System\OjuJFPy.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\PATgBQO.exe
  C:\Windows\System\PATgBQO.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\KcgndKV.exe
  C:\Windows\System\KcgndKV.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\eseDkZN.exe
  C:\Windows\System\eseDkZN.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\tYxBMlk.exe
  C:\Windows\System\tYxBMlk.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\kwHzruO.exe
  C:\Windows\System\kwHzruO.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\IZPWzuR.exe
  C:\Windows\System\IZPWzuR.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\QRYTGuw.exe
  C:\Windows\System\QRYTGuw.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\lhZVzgh.exe
  C:\Windows\System\lhZVzgh.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\fuVZgjN.exe
  C:\Windows\System\fuVZgjN.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\fmwgLhM.exe
  C:\Windows\System\fmwgLhM.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\SAJXVuw.exe
  C:\Windows\System\SAJXVuw.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\wTmThVz.exe
  C:\Windows\System\wTmThVz.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\buggwte.exe
  C:\Windows\System\buggwte.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\ImsDmXT.exe
  C:\Windows\System\ImsDmXT.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\peZnBFA.exe
  C:\Windows\System\peZnBFA.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\XtjPngX.exe
  C:\Windows\System\XtjPngX.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\rjsFzOb.exe
  C:\Windows\System\rjsFzOb.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\IcoJvci.exe
  C:\Windows\System\IcoJvci.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\MucEiZB.exe
  C:\Windows\System\MucEiZB.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\hAYOTqL.exe
  C:\Windows\System\hAYOTqL.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\NSoeJrE.exe
  C:\Windows\System\NSoeJrE.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\KKAoZtK.exe
  C:\Windows\System\KKAoZtK.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\yyoyNPh.exe
  C:\Windows\System\yyoyNPh.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\sDIpIWO.exe
  C:\Windows\System\sDIpIWO.exe
  2⤵
  - Executes dropped EXE
  PID:804
- C:\Windows\System\CtZfuDY.exe
  C:\Windows\System\CtZfuDY.exe
  2⤵
  - Executes dropped EXE
  PID:768
- C:\Windows\System\ktDsoOu.exe
  C:\Windows\System\ktDsoOu.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\QNCnTGr.exe
  C:\Windows\System\QNCnTGr.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\DwRsjjA.exe
  C:\Windows\System\DwRsjjA.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\sLwiIWq.exe
  C:\Windows\System\sLwiIWq.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\UkKZvwr.exe
  C:\Windows\System\UkKZvwr.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\AVsVzzn.exe
  C:\Windows\System\AVsVzzn.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\eTIyfFi.exe
  C:\Windows\System\eTIyfFi.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\BkMMYCh.exe
  C:\Windows\System\BkMMYCh.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\hregaAV.exe
  C:\Windows\System\hregaAV.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\CJFwEFS.exe
  C:\Windows\System\CJFwEFS.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\wNcHwtQ.exe
  C:\Windows\System\wNcHwtQ.exe
  2⤵
  - Executes dropped EXE
  PID:1376
- C:\Windows\System\WwsGdVs.exe
  C:\Windows\System\WwsGdVs.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\NvBjAcx.exe
  C:\Windows\System\NvBjAcx.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\IFMsWwJ.exe
  C:\Windows\System\IFMsWwJ.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\paXsXdQ.exe
  C:\Windows\System\paXsXdQ.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\VqiGZjz.exe
  C:\Windows\System\VqiGZjz.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\LeyRdMl.exe
  C:\Windows\System\LeyRdMl.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\IElhDVV.exe
  C:\Windows\System\IElhDVV.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\kEJUqQh.exe
  C:\Windows\System\kEJUqQh.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\AHUBxcx.exe
  C:\Windows\System\AHUBxcx.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\xrarxBi.exe
  C:\Windows\System\xrarxBi.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\YWdejju.exe
  C:\Windows\System\YWdejju.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\YpMYvhU.exe
  C:\Windows\System\YpMYvhU.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\BcLZSwa.exe
  C:\Windows\System\BcLZSwa.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\JWuLpNl.exe
  C:\Windows\System\JWuLpNl.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\FGGrgqL.exe
  C:\Windows\System\FGGrgqL.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\hQgDNfX.exe
  C:\Windows\System\hQgDNfX.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\NhGQVov.exe
  C:\Windows\System\NhGQVov.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\VntLEtX.exe
  C:\Windows\System\VntLEtX.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\LlVregJ.exe
  C:\Windows\System\LlVregJ.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\riTYkwE.exe
  C:\Windows\System\riTYkwE.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\FqZQwuX.exe
  C:\Windows\System\FqZQwuX.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\jUbCdTL.exe
  C:\Windows\System\jUbCdTL.exe
  2⤵
  PID:2812
- C:\Windows\System\Vqrxraa.exe
  C:\Windows\System\Vqrxraa.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\lSarPKh.exe
  C:\Windows\System\lSarPKh.exe
  2⤵
  PID:2696
- C:\Windows\System\KTVEfUE.exe
  C:\Windows\System\KTVEfUE.exe
  2⤵
  PID:844
- C:\Windows\System\ixPcoGD.exe
  C:\Windows\System\ixPcoGD.exe
  2⤵
  PID:1164
- C:\Windows\System\fVMZVIS.exe
  C:\Windows\System\fVMZVIS.exe
  2⤵
  PID:588
- C:\Windows\System\KhNruEF.exe
  C:\Windows\System\KhNruEF.exe
  2⤵
  PID:1128
- C:\Windows\System\BQXXJDH.exe
  C:\Windows\System\BQXXJDH.exe
  2⤵
  PID:2644
- C:\Windows\System\ufJFxWX.exe
  C:\Windows\System\ufJFxWX.exe
  2⤵
  PID:2916
- C:\Windows\System\ilwJJay.exe
  C:\Windows\System\ilwJJay.exe
  2⤵
  PID:1984
- C:\Windows\System\UgbkBAM.exe
  C:\Windows\System\UgbkBAM.exe
  2⤵
  PID:2240
- C:\Windows\System\zjqfXqd.exe
  C:\Windows\System\zjqfXqd.exe
  2⤵
  PID:2476
- C:\Windows\System\kWUjTpy.exe
  C:\Windows\System\kWUjTpy.exe
  2⤵
  PID:2676
- C:\Windows\System\MdoXWpF.exe
  C:\Windows\System\MdoXWpF.exe
  2⤵
  PID:2304
- C:\Windows\System\GjEckcO.exe
  C:\Windows\System\GjEckcO.exe
  2⤵
  PID:2452
- C:\Windows\System\pyYRPRL.exe
  C:\Windows\System\pyYRPRL.exe
  2⤵
  PID:2276
- C:\Windows\System\IrLyYqn.exe
  C:\Windows\System\IrLyYqn.exe
  2⤵
  PID:1112
- C:\Windows\System\NLaMWbH.exe
  C:\Windows\System\NLaMWbH.exe
  2⤵
  PID:1088
- C:\Windows\System\qbuStYM.exe
  C:\Windows\System\qbuStYM.exe
  2⤵
  PID:3068
- C:\Windows\System\OqROxIq.exe
  C:\Windows\System\OqROxIq.exe
  2⤵
  PID:2208
- C:\Windows\System\HHVVuCm.exe
  C:\Windows\System\HHVVuCm.exe
  2⤵
  PID:1784
- C:\Windows\System\XDpcGJU.exe
  C:\Windows\System\XDpcGJU.exe
  2⤵
  PID:780
- C:\Windows\System\LKamliq.exe
  C:\Windows\System\LKamliq.exe
  2⤵
  PID:2012
- C:\Windows\System\rbRSmMl.exe
  C:\Windows\System\rbRSmMl.exe
  2⤵
  PID:940
- C:\Windows\System\BgEzgMc.exe
  C:\Windows\System\BgEzgMc.exe
  2⤵
  PID:2996
- C:\Windows\System\VPOYBvz.exe
  C:\Windows\System\VPOYBvz.exe
  2⤵
  PID:2040
- C:\Windows\System\VyTSaSd.exe
  C:\Windows\System\VyTSaSd.exe
  2⤵
  PID:1324
- C:\Windows\System\yoNyjtS.exe
  C:\Windows\System\yoNyjtS.exe
  2⤵
  PID:2972
- C:\Windows\System\XMWaPuM.exe
  C:\Windows\System\XMWaPuM.exe
  2⤵
  PID:1804
- C:\Windows\System\XKolxmT.exe
  C:\Windows\System\XKolxmT.exe
  2⤵
  PID:2660
- C:\Windows\System\KljmnZk.exe
  C:\Windows\System\KljmnZk.exe
  2⤵
  PID:3056
- C:\Windows\System\kosMidO.exe
  C:\Windows\System\kosMidO.exe
  2⤵
  PID:1688
- C:\Windows\System\VuxNNWg.exe
  C:\Windows\System\VuxNNWg.exe
  2⤵
  PID:2828
- C:\Windows\System\aQVrrbc.exe
  C:\Windows\System\aQVrrbc.exe
  2⤵
  PID:1816
- C:\Windows\System\oozpjsq.exe
  C:\Windows\System\oozpjsq.exe
  2⤵
  PID:3036
- C:\Windows\System\PjZUudW.exe
  C:\Windows\System\PjZUudW.exe
  2⤵
  PID:572
- C:\Windows\System\oEGvxgB.exe
  C:\Windows\System\oEGvxgB.exe
  2⤵
  PID:1596
- C:\Windows\System\ZsCeHLs.exe
  C:\Windows\System\ZsCeHLs.exe
  2⤵
  PID:2896
- C:\Windows\System\tFxIwKj.exe
  C:\Windows\System\tFxIwKj.exe
  2⤵
  PID:764
- C:\Windows\System\QuQiiIC.exe
  C:\Windows\System\QuQiiIC.exe
  2⤵
  PID:2116
- C:\Windows\System\FCxznFq.exe
  C:\Windows\System\FCxznFq.exe
  2⤵
  PID:2620
- C:\Windows\System\aYzofsD.exe
  C:\Windows\System\aYzofsD.exe
  2⤵
  PID:2056
- C:\Windows\System\wQjxPnB.exe
  C:\Windows\System\wQjxPnB.exe
  2⤵
  PID:2420
- C:\Windows\System\vKrxQmN.exe
  C:\Windows\System\vKrxQmN.exe
  2⤵
  PID:1060
- C:\Windows\System\ZilxqtN.exe
  C:\Windows\System\ZilxqtN.exe
  2⤵
  PID:1680
- C:\Windows\System\IxXhKhR.exe
  C:\Windows\System\IxXhKhR.exe
  2⤵
  PID:1360
- C:\Windows\System\TGVRmYx.exe
  C:\Windows\System\TGVRmYx.exe
  2⤵
  PID:696
- C:\Windows\System\NFeucBM.exe
  C:\Windows\System\NFeucBM.exe
  2⤵
  PID:2024
- C:\Windows\System\SSRTEwx.exe
  C:\Windows\System\SSRTEwx.exe
  2⤵
  PID:1712
- C:\Windows\System\miwhIrW.exe
  C:\Windows\System\miwhIrW.exe
  2⤵
  PID:2512
- C:\Windows\System\aRgEfVs.exe
  C:\Windows\System\aRgEfVs.exe
  2⤵
  PID:1800
- C:\Windows\System\XPTIblg.exe
  C:\Windows\System\XPTIblg.exe
  2⤵
  PID:2872
- C:\Windows\System\DoEMhUL.exe
  C:\Windows\System\DoEMhUL.exe
  2⤵
  PID:2360
- C:\Windows\System\YdFNLqa.exe
  C:\Windows\System\YdFNLqa.exe
  2⤵
  PID:2864
- C:\Windows\System\gysCVQN.exe
  C:\Windows\System\gysCVQN.exe
  2⤵
  PID:2004
- C:\Windows\System\FevMCkR.exe
  C:\Windows\System\FevMCkR.exe
  2⤵
  PID:1200
- C:\Windows\System\lHhVoOf.exe
  C:\Windows\System\lHhVoOf.exe
  2⤵
  PID:1528
- C:\Windows\System\XpwsdYF.exe
  C:\Windows\System\XpwsdYF.exe
  2⤵
  PID:1876
- C:\Windows\System\IYFqWuO.exe
  C:\Windows\System\IYFqWuO.exe
  2⤵
  PID:2780
- C:\Windows\System\EVXXGdJ.exe
  C:\Windows\System\EVXXGdJ.exe
  2⤵
  PID:776
- C:\Windows\System\CCmDYNJ.exe
  C:\Windows\System\CCmDYNJ.exe
  2⤵
  PID:2964
- C:\Windows\System\IuwcDtC.exe
  C:\Windows\System\IuwcDtC.exe
  2⤵
  PID:1860
- C:\Windows\System\qFmrgVG.exe
  C:\Windows\System\qFmrgVG.exe
  2⤵
  PID:848
- C:\Windows\System\ywtwIFI.exe
  C:\Windows\System\ywtwIFI.exe
  2⤵
  PID:2808
- C:\Windows\System\qMCyxfT.exe
  C:\Windows\System\qMCyxfT.exe
  2⤵
  PID:1808
- C:\Windows\System\WpTAbER.exe
  C:\Windows\System\WpTAbER.exe
  2⤵
  PID:2816
- C:\Windows\System\HqvxLxD.exe
  C:\Windows\System\HqvxLxD.exe
  2⤵
  PID:3216
- C:\Windows\System\FAdStVM.exe
  C:\Windows\System\FAdStVM.exe
  2⤵
  PID:3256
- C:\Windows\System\NVcXNez.exe
  C:\Windows\System\NVcXNez.exe
  2⤵
  PID:3272
- C:\Windows\System\hfFwAkE.exe
  C:\Windows\System\hfFwAkE.exe
  2⤵
  PID:3288
- C:\Windows\System\QXDEGCF.exe
  C:\Windows\System\QXDEGCF.exe
  2⤵
  PID:3304
- C:\Windows\System\GgCHysM.exe
  C:\Windows\System\GgCHysM.exe
  2⤵
  PID:3324
- C:\Windows\System\CkmpPJD.exe
  C:\Windows\System\CkmpPJD.exe
  2⤵
  PID:3340
- C:\Windows\System\jipLWfk.exe
  C:\Windows\System\jipLWfk.exe
  2⤵
  PID:3360
- C:\Windows\System\WFzVKaH.exe
  C:\Windows\System\WFzVKaH.exe
  2⤵
  PID:3376
- C:\Windows\System\OkCoQOE.exe
  C:\Windows\System\OkCoQOE.exe
  2⤵
  PID:3392
- C:\Windows\System\RLgHflH.exe
  C:\Windows\System\RLgHflH.exe
  2⤵
  PID:3408
- C:\Windows\System\MhFxSTt.exe
  C:\Windows\System\MhFxSTt.exe
  2⤵
  PID:3424
- C:\Windows\System\EAabpGU.exe
  C:\Windows\System\EAabpGU.exe
  2⤵
  PID:3440
- C:\Windows\System\stBljQl.exe
  C:\Windows\System\stBljQl.exe
  2⤵
  PID:3472
- C:\Windows\System\ZBzveec.exe
  C:\Windows\System\ZBzveec.exe
  2⤵
  PID:3488
- C:\Windows\System\SBedvBO.exe
  C:\Windows\System\SBedvBO.exe
  2⤵
  PID:3508
- C:\Windows\System\oJTfzzK.exe
  C:\Windows\System\oJTfzzK.exe
  2⤵
  PID:3524
- C:\Windows\System\lWjarrc.exe
  C:\Windows\System\lWjarrc.exe
  2⤵
  PID:3540
- C:\Windows\System\QwEKKtR.exe
  C:\Windows\System\QwEKKtR.exe
  2⤵
  PID:3556
- C:\Windows\System\OJCOZXG.exe
  C:\Windows\System\OJCOZXG.exe
  2⤵
  PID:3572
- C:\Windows\System\SKbJiZW.exe
  C:\Windows\System\SKbJiZW.exe
  2⤵
  PID:3592
- C:\Windows\System\szZrgyA.exe
  C:\Windows\System\szZrgyA.exe
  2⤵
  PID:3608
- C:\Windows\System\aeKWbfW.exe
  C:\Windows\System\aeKWbfW.exe
  2⤵
  PID:3652
- C:\Windows\System\YrsMkPu.exe
  C:\Windows\System\YrsMkPu.exe
  2⤵
  PID:3720
- C:\Windows\System\xZsDaxi.exe
  C:\Windows\System\xZsDaxi.exe
  2⤵
  PID:3736
- C:\Windows\System\qXNETVG.exe
  C:\Windows\System\qXNETVG.exe
  2⤵
  PID:3752
- C:\Windows\System\SASVZZK.exe
  C:\Windows\System\SASVZZK.exe
  2⤵
  PID:3768
- C:\Windows\System\gcFHYQr.exe
  C:\Windows\System\gcFHYQr.exe
  2⤵
  PID:3792
- C:\Windows\System\FeOTlcy.exe
  C:\Windows\System\FeOTlcy.exe
  2⤵
  PID:3808
- C:\Windows\System\zCNNSpV.exe
  C:\Windows\System\zCNNSpV.exe
  2⤵
  PID:3824
- C:\Windows\System\toQFIBd.exe
  C:\Windows\System\toQFIBd.exe
  2⤵
  PID:3840
- C:\Windows\System\VDPqLxp.exe
  C:\Windows\System\VDPqLxp.exe
  2⤵
  PID:3856
- C:\Windows\System\FlWzoks.exe
  C:\Windows\System\FlWzoks.exe
  2⤵
  PID:3872
- C:\Windows\System\rVLLRcJ.exe
  C:\Windows\System\rVLLRcJ.exe
  2⤵
  PID:3892
- C:\Windows\System\RodWuhR.exe
  C:\Windows\System\RodWuhR.exe
  2⤵
  PID:3908
- C:\Windows\System\FtLZEbP.exe
  C:\Windows\System\FtLZEbP.exe
  2⤵
  PID:3924
- C:\Windows\System\WicdMZh.exe
  C:\Windows\System\WicdMZh.exe
  2⤵
  PID:3948
- C:\Windows\System\RPmjwbM.exe
  C:\Windows\System\RPmjwbM.exe
  2⤵
  PID:3972
- C:\Windows\System\xnYQBxO.exe
  C:\Windows\System\xnYQBxO.exe
  2⤵
  PID:4016
- C:\Windows\System\AGHXeUZ.exe
  C:\Windows\System\AGHXeUZ.exe
  2⤵
  PID:4040
- C:\Windows\System\cbfpXJy.exe
  C:\Windows\System\cbfpXJy.exe
  2⤵
  PID:4056
- C:\Windows\System\LenmABZ.exe
  C:\Windows\System\LenmABZ.exe
  2⤵
  PID:4080
- C:\Windows\System\TFoIXkb.exe
  C:\Windows\System\TFoIXkb.exe
  2⤵
  PID:1392
- C:\Windows\System\YeyIvJJ.exe
  C:\Windows\System\YeyIvJJ.exe
  2⤵
  PID:2044
- C:\Windows\System\GxiuFAe.exe
  C:\Windows\System\GxiuFAe.exe
  2⤵
  PID:1076
- C:\Windows\System\zURKHEE.exe
  C:\Windows\System\zURKHEE.exe
  2⤵
  PID:1724
- C:\Windows\System\smRrKMM.exe
  C:\Windows\System\smRrKMM.exe
  2⤵
  PID:856
- C:\Windows\System\qIByoOj.exe
  C:\Windows\System\qIByoOj.exe
  2⤵
  PID:2448
- C:\Windows\System\AHPztBi.exe
  C:\Windows\System\AHPztBi.exe
  2⤵
  PID:3152
- C:\Windows\System\xYzhlSS.exe
  C:\Windows\System\xYzhlSS.exe
  2⤵
  PID:3180
- C:\Windows\System\aQEixwM.exe
  C:\Windows\System\aQEixwM.exe
  2⤵
  PID:3204
- C:\Windows\System\gGKrtFu.exe
  C:\Windows\System\gGKrtFu.exe
  2⤵
  PID:3300
- C:\Windows\System\hxTBqMT.exe
  C:\Windows\System\hxTBqMT.exe
  2⤵
  PID:3400
- C:\Windows\System\cHCQCCs.exe
  C:\Windows\System\cHCQCCs.exe
  2⤵
  PID:3516
- C:\Windows\System\KRByTOI.exe
  C:\Windows\System\KRByTOI.exe
  2⤵
  PID:3584
- C:\Windows\System\vbByyeJ.exe
  C:\Windows\System\vbByyeJ.exe
  2⤵
  PID:3236
- C:\Windows\System\yKmXNdB.exe
  C:\Windows\System\yKmXNdB.exe
  2⤵
  PID:3244
- C:\Windows\System\SfMxxZn.exe
  C:\Windows\System\SfMxxZn.exe
  2⤵
  PID:3764
- C:\Windows\System\hsBMjaf.exe
  C:\Windows\System\hsBMjaf.exe
  2⤵
  PID:3316
- C:\Windows\System\dMnGmIG.exe
  C:\Windows\System\dMnGmIG.exe
  2⤵
  PID:3496
- C:\Windows\System\uMTGJPx.exe
  C:\Windows\System\uMTGJPx.exe
  2⤵
  PID:3564
- C:\Windows\System\URwlUWJ.exe
  C:\Windows\System\URwlUWJ.exe
  2⤵
  PID:3248
- C:\Windows\System\cshRbNJ.exe
  C:\Windows\System\cshRbNJ.exe
  2⤵
  PID:3384
- C:\Windows\System\YIGIuOd.exe
  C:\Windows\System\YIGIuOd.exe
  2⤵
  PID:3668
- C:\Windows\System\jcsBlSI.exe
  C:\Windows\System\jcsBlSI.exe
  2⤵
  PID:3904
- C:\Windows\System\NGMrtFS.exe
  C:\Windows\System\NGMrtFS.exe
  2⤵
  PID:3692
- C:\Windows\System\ZkgyGgN.exe
  C:\Windows\System\ZkgyGgN.exe
  2⤵
  PID:3936
- C:\Windows\System\DuAusLp.exe
  C:\Windows\System\DuAusLp.exe
  2⤵
  PID:3980
- C:\Windows\System\QfYKyFl.exe
  C:\Windows\System\QfYKyFl.exe
  2⤵
  PID:4000
- C:\Windows\System\EroDldj.exe
  C:\Windows\System\EroDldj.exe
  2⤵
  PID:4012
- C:\Windows\System\dRYbSLO.exe
  C:\Windows\System\dRYbSLO.exe
  2⤵
  PID:1564
- C:\Windows\System\GCZFbaX.exe
  C:\Windows\System\GCZFbaX.exe
  2⤵
  PID:3960
- C:\Windows\System\carlyIB.exe
  C:\Windows\System\carlyIB.exe
  2⤵
  PID:3920
- C:\Windows\System\cbeoruB.exe
  C:\Windows\System\cbeoruB.exe
  2⤵
  PID:3820
- C:\Windows\System\jbOomGt.exe
  C:\Windows\System\jbOomGt.exe
  2⤵
  PID:3748
- C:\Windows\System\wXyBxBs.exe
  C:\Windows\System\wXyBxBs.exe
  2⤵
  PID:4032
- C:\Windows\System\kZqWKsy.exe
  C:\Windows\System\kZqWKsy.exe
  2⤵
  PID:3336
- C:\Windows\System\lTKlmLh.exe
  C:\Windows\System\lTKlmLh.exe
  2⤵
  PID:3268
- C:\Windows\System\RYHLCmk.exe
  C:\Windows\System\RYHLCmk.exe
  2⤵
  PID:3616
- C:\Windows\System\EbZxLty.exe
  C:\Windows\System\EbZxLty.exe
  2⤵
  PID:3504
- C:\Windows\System\KbkquAQ.exe
  C:\Windows\System\KbkquAQ.exe
  2⤵
  PID:3228
- C:\Windows\System\LfpBaxl.exe
  C:\Windows\System\LfpBaxl.exe
  2⤵
  PID:3728
- C:\Windows\System\SIWAiSE.exe
  C:\Windows\System\SIWAiSE.exe
  2⤵
  PID:3868
- C:\Windows\System\nkvnKlG.exe
  C:\Windows\System\nkvnKlG.exe
  2⤵
  PID:3932
- C:\Windows\System\KFQfPtO.exe
  C:\Windows\System\KFQfPtO.exe
  2⤵
  PID:3320
- C:\Windows\System\UuTRZuA.exe
  C:\Windows\System\UuTRZuA.exe
  2⤵
  PID:3676
- C:\Windows\System\KQbIghN.exe
  C:\Windows\System\KQbIghN.exe
  2⤵
  PID:4048
- C:\Windows\System\cTIgXou.exe
  C:\Windows\System\cTIgXou.exe
  2⤵
  PID:3712
- C:\Windows\System\VlVjMnq.exe
  C:\Windows\System\VlVjMnq.exe
  2⤵
  PID:3788
- C:\Windows\System\GYDkIBt.exe
  C:\Windows\System\GYDkIBt.exe
  2⤵
  PID:3956
- C:\Windows\System\iHdsSUF.exe
  C:\Windows\System\iHdsSUF.exe
  2⤵
  PID:3852
- C:\Windows\System\EnXyHJa.exe
  C:\Windows\System\EnXyHJa.exe
  2⤵
  PID:2668
- C:\Windows\System\eyyIzJF.exe
  C:\Windows\System\eyyIzJF.exe
  2⤵
  PID:2824
- C:\Windows\System\ImhaCmE.exe
  C:\Windows\System\ImhaCmE.exe
  2⤵
  PID:2928
- C:\Windows\System\mkXKRDE.exe
  C:\Windows\System\mkXKRDE.exe
  2⤵
  PID:2288
- C:\Windows\System\mVfWabv.exe
  C:\Windows\System\mVfWabv.exe
  2⤵
  PID:2856
- C:\Windows\System\ZLqoTTY.exe
  C:\Windows\System\ZLqoTTY.exe
  2⤵
  PID:2688
- C:\Windows\System\qzxVqtD.exe
  C:\Windows\System\qzxVqtD.exe
  2⤵
  PID:3104
- C:\Windows\System\wDyRGTE.exe
  C:\Windows\System\wDyRGTE.exe
  2⤵
  PID:3112
- C:\Windows\System\xiaaEyy.exe
  C:\Windows\System\xiaaEyy.exe
  2⤵
  PID:3124
- C:\Windows\System\tSevktk.exe
  C:\Windows\System\tSevktk.exe
  2⤵
  PID:3156
- C:\Windows\System\YkrNtPf.exe
  C:\Windows\System\YkrNtPf.exe
  2⤵
  PID:2988
- C:\Windows\System\MdsDRFc.exe
  C:\Windows\System\MdsDRFc.exe
  2⤵
  PID:2632
- C:\Windows\System\YMuXxZA.exe
  C:\Windows\System\YMuXxZA.exe
  2⤵
  PID:3024
- C:\Windows\System\sjvIKyt.exe
  C:\Windows\System\sjvIKyt.exe
  2⤵
  PID:2944
- C:\Windows\System\fWHYCQf.exe
  C:\Windows\System\fWHYCQf.exe
  2⤵
  PID:3176
- C:\Windows\System\Wuifskh.exe
  C:\Windows\System\Wuifskh.exe
  2⤵
  PID:1608
- C:\Windows\System\HMCZzEv.exe
  C:\Windows\System\HMCZzEv.exe
  2⤵
  PID:1764
- C:\Windows\System\OjxzTZl.exe
  C:\Windows\System\OjxzTZl.exe
  2⤵
  PID:1640
- C:\Windows\System\nqXGGZG.exe
  C:\Windows\System\nqXGGZG.exe
  2⤵
  PID:2724
- C:\Windows\System\ecxJRXJ.exe
  C:\Windows\System\ecxJRXJ.exe
  2⤵
  PID:3588
- C:\Windows\System\LlJPgKh.exe
  C:\Windows\System\LlJPgKh.exe
  2⤵
  PID:3832
- C:\Windows\System\RuPvFoj.exe
  C:\Windows\System\RuPvFoj.exe
  2⤵
  PID:3212
- C:\Windows\System\bOLYmBO.exe
  C:\Windows\System\bOLYmBO.exe
  2⤵
  PID:3232
- C:\Windows\System\MEgMAOG.exe
  C:\Windows\System\MEgMAOG.exe
  2⤵
  PID:3604
- C:\Windows\System\kPQSBOg.exe
  C:\Windows\System\kPQSBOg.exe
  2⤵
  PID:3992
- C:\Windows\System\sUFArBO.exe
  C:\Windows\System\sUFArBO.exe
  2⤵
  PID:3436
- C:\Windows\System\QLEHxUg.exe
  C:\Windows\System\QLEHxUg.exe
  2⤵
  PID:3716
- C:\Windows\System\CABNdmX.exe
  C:\Windows\System\CABNdmX.exe
  2⤵
  PID:2892
- C:\Windows\System\cshgqpx.exe
  C:\Windows\System\cshgqpx.exe
  2⤵
  PID:3172
- C:\Windows\System\vgreaSp.exe
  C:\Windows\System\vgreaSp.exe
  2⤵
  PID:2584
- C:\Windows\System\oqaEpBL.exe
  C:\Windows\System\oqaEpBL.exe
  2⤵
  PID:1988
- C:\Windows\System\WZkheAz.exe
  C:\Windows\System\WZkheAz.exe
  2⤵
  PID:3092
- C:\Windows\System\BEHPLrZ.exe
  C:\Windows\System\BEHPLrZ.exe
  2⤵
  PID:3388
- C:\Windows\System\waDhBTs.exe
  C:\Windows\System\waDhBTs.exe
  2⤵
  PID:3452
- C:\Windows\System\MCBqkXe.exe
  C:\Windows\System\MCBqkXe.exe
  2⤵
  PID:3780
- C:\Windows\System\CmoFmDe.exe
  C:\Windows\System\CmoFmDe.exe
  2⤵
  PID:2320
- C:\Windows\System\vtvUlxB.exe
  C:\Windows\System\vtvUlxB.exe
  2⤵
  PID:1716
- C:\Windows\System\YumTVPT.exe
  C:\Windows\System\YumTVPT.exe
  2⤵
  PID:896
- C:\Windows\System\INBCzUU.exe
  C:\Windows\System\INBCzUU.exe
  2⤵
  PID:3140
- C:\Windows\System\vvblqmL.exe
  C:\Windows\System\vvblqmL.exe
  2⤵
  PID:2260
- C:\Windows\System\tOufiCB.exe
  C:\Windows\System\tOufiCB.exe
  2⤵
  PID:2172
- C:\Windows\System\daboWhi.exe
  C:\Windows\System\daboWhi.exe
  2⤵
  PID:1768
- C:\Windows\System\fhYqJfN.exe
  C:\Windows\System\fhYqJfN.exe
  2⤵
  PID:1968
- C:\Windows\System\kjmrSAE.exe
  C:\Windows\System\kjmrSAE.exe
  2⤵
  PID:484
- C:\Windows\System\aonLTKy.exe
  C:\Windows\System\aonLTKy.exe
  2⤵
  PID:576
- C:\Windows\System\hZgGbUp.exe
  C:\Windows\System\hZgGbUp.exe
  2⤵
  PID:1940
- C:\Windows\System\CSjikEZ.exe
  C:\Windows\System\CSjikEZ.exe
  2⤵
  PID:3664
- C:\Windows\System\nKPdFhf.exe
  C:\Windows\System\nKPdFhf.exe
  2⤵
  PID:3708
- C:\Windows\System\jGATFVt.exe
  C:\Windows\System\jGATFVt.exe
  2⤵
  PID:3076
- C:\Windows\System\ZwdlZQU.exe
  C:\Windows\System\ZwdlZQU.exe
  2⤵
  PID:2152
- C:\Windows\System\HAoJsIQ.exe
  C:\Windows\System\HAoJsIQ.exe
  2⤵
  PID:3532
- C:\Windows\System\YlQIQMi.exe
  C:\Windows\System\YlQIQMi.exe
  2⤵
  PID:3688
- C:\Windows\System\sfGujSq.exe
  C:\Windows\System\sfGujSq.exe
  2⤵
  PID:3096
- C:\Windows\System\znGAfdE.exe
  C:\Windows\System\znGAfdE.exe
  2⤵
  PID:3136
- C:\Windows\System\pmbxziF.exe
  C:\Windows\System\pmbxziF.exe
  2⤵
  PID:2940
- C:\Windows\System\DbWGJEN.exe
  C:\Windows\System\DbWGJEN.exe
  2⤵
  PID:4068
- C:\Windows\System\NQZBZOO.exe
  C:\Windows\System\NQZBZOO.exe
  2⤵
  PID:1160
- C:\Windows\System\IfKeIfz.exe
  C:\Windows\System\IfKeIfz.exe
  2⤵
  PID:3944
- C:\Windows\System\FMAHuDk.exe
  C:\Windows\System\FMAHuDk.exe
  2⤵
  PID:3372
- C:\Windows\System\uwqoaGo.exe
  C:\Windows\System\uwqoaGo.exe
  2⤵
  PID:3704
- C:\Windows\System\CGXQNKe.exe
  C:\Windows\System\CGXQNKe.exe
  2⤵
  PID:3684
- C:\Windows\System\VTXlnkI.exe
  C:\Windows\System\VTXlnkI.exe
  2⤵
  PID:3880
- C:\Windows\System\GNVjXEC.exe
  C:\Windows\System\GNVjXEC.exe
  2⤵
  PID:1920
- C:\Windows\System\TiOjDFc.exe
  C:\Windows\System\TiOjDFc.exe
  2⤵
  PID:2368
- C:\Windows\System\gblABpE.exe
  C:\Windows\System\gblABpE.exe
  2⤵
  PID:2588
- C:\Windows\System\RKypJDt.exe
  C:\Windows\System\RKypJDt.exe
  2⤵
  PID:2204
- C:\Windows\System\rOUnGBY.exe
  C:\Windows\System\rOUnGBY.exe
  2⤵
  PID:2604
- C:\Windows\System\JMXeLYO.exe
  C:\Windows\System\JMXeLYO.exe
  2⤵
  PID:3460
- C:\Windows\System\MPWiNHK.exe
  C:\Windows\System\MPWiNHK.exe
  2⤵
  PID:4112
- C:\Windows\System\SminnNC.exe
  C:\Windows\System\SminnNC.exe
  2⤵
  PID:4128
- C:\Windows\System\xDwhdCE.exe
  C:\Windows\System\xDwhdCE.exe
  2⤵
  PID:4144
- C:\Windows\System\hcecmSJ.exe
  C:\Windows\System\hcecmSJ.exe
  2⤵
  PID:4160
- C:\Windows\System\EsNtEzL.exe
  C:\Windows\System\EsNtEzL.exe
  2⤵
  PID:4176
- C:\Windows\System\ZFndgRn.exe
  C:\Windows\System\ZFndgRn.exe
  2⤵
  PID:4200
- C:\Windows\System\MEzHzwe.exe
  C:\Windows\System\MEzHzwe.exe
  2⤵
  PID:4220
- C:\Windows\System\TQZsWYW.exe
  C:\Windows\System\TQZsWYW.exe
  2⤵
  PID:4236
- C:\Windows\System\RkPszvY.exe
  C:\Windows\System\RkPszvY.exe
  2⤵
  PID:4252
- C:\Windows\System\jREoRub.exe
  C:\Windows\System\jREoRub.exe
  2⤵
  PID:4268
- C:\Windows\System\rcJpdKk.exe
  C:\Windows\System\rcJpdKk.exe
  2⤵
  PID:4284
- C:\Windows\System\PCGiBFY.exe
  C:\Windows\System\PCGiBFY.exe
  2⤵
  PID:4300
- C:\Windows\System\eXywLiP.exe
  C:\Windows\System\eXywLiP.exe
  2⤵
  PID:4320
- C:\Windows\System\EoTEFzA.exe
  C:\Windows\System\EoTEFzA.exe
  2⤵
  PID:4336
- C:\Windows\System\UqbmAew.exe
  C:\Windows\System\UqbmAew.exe
  2⤵
  PID:4352
- C:\Windows\System\UPWCVxE.exe
  C:\Windows\System\UPWCVxE.exe
  2⤵
  PID:4368
- C:\Windows\System\StbswLc.exe
  C:\Windows\System\StbswLc.exe
  2⤵
  PID:4384
- C:\Windows\System\ebHujSS.exe
  C:\Windows\System\ebHujSS.exe
  2⤵
  PID:4400
- C:\Windows\System\plMqEwF.exe
  C:\Windows\System\plMqEwF.exe
  2⤵
  PID:4416
- C:\Windows\System\rCVWkYF.exe
  C:\Windows\System\rCVWkYF.exe
  2⤵
  PID:4432
- C:\Windows\System\TGGYKnM.exe
  C:\Windows\System\TGGYKnM.exe
  2⤵
  PID:4448
- C:\Windows\System\lCdXrvF.exe
  C:\Windows\System\lCdXrvF.exe
  2⤵
  PID:4464
- C:\Windows\System\WjMXMLg.exe
  C:\Windows\System\WjMXMLg.exe
  2⤵
  PID:4484
- C:\Windows\System\aEKxAsp.exe
  C:\Windows\System\aEKxAsp.exe
  2⤵
  PID:4500
- C:\Windows\System\bQzTOuN.exe
  C:\Windows\System\bQzTOuN.exe
  2⤵
  PID:4516
- C:\Windows\System\tktzMzF.exe
  C:\Windows\System\tktzMzF.exe
  2⤵
  PID:4532
- C:\Windows\System\FSoRrAl.exe
  C:\Windows\System\FSoRrAl.exe
  2⤵
  PID:4548
- C:\Windows\System\BGNatPq.exe
  C:\Windows\System\BGNatPq.exe
  2⤵
  PID:4564
- C:\Windows\System\ZBsmdEe.exe
  C:\Windows\System\ZBsmdEe.exe
  2⤵
  PID:4580
- C:\Windows\System\grCYBLw.exe
  C:\Windows\System\grCYBLw.exe
  2⤵
  PID:4640
- C:\Windows\System\KhRvPiE.exe
  C:\Windows\System\KhRvPiE.exe
  2⤵
  PID:4656
- C:\Windows\System\XNYsnXR.exe
  C:\Windows\System\XNYsnXR.exe
  2⤵
  PID:4740
- C:\Windows\System\cqcIIGS.exe
  C:\Windows\System\cqcIIGS.exe
  2⤵
  PID:4768
- C:\Windows\System\HalvyHB.exe
  C:\Windows\System\HalvyHB.exe
  2⤵
  PID:4784
- C:\Windows\System\HKObymD.exe
  C:\Windows\System\HKObymD.exe
  2⤵
  PID:4804
- C:\Windows\System\WkNEeKS.exe
  C:\Windows\System\WkNEeKS.exe
  2⤵
  PID:4820
- C:\Windows\System\SbiVeHr.exe
  C:\Windows\System\SbiVeHr.exe
  2⤵
  PID:4844
- C:\Windows\System\QJNyyiL.exe
  C:\Windows\System\QJNyyiL.exe
  2⤵
  PID:4860
- C:\Windows\System\wvfmkrN.exe
  C:\Windows\System\wvfmkrN.exe
  2⤵
  PID:4880
- C:\Windows\System\HbZGRZd.exe
  C:\Windows\System\HbZGRZd.exe
  2⤵
  PID:4896
- C:\Windows\System\pyshzLB.exe
  C:\Windows\System\pyshzLB.exe
  2⤵
  PID:4920
- C:\Windows\System\yFdSCwE.exe
  C:\Windows\System\yFdSCwE.exe
  2⤵
  PID:4936
- C:\Windows\System\XawWaVD.exe
  C:\Windows\System\XawWaVD.exe
  2⤵
  PID:4956
- C:\Windows\System\NwfGskG.exe
  C:\Windows\System\NwfGskG.exe
  2⤵
  PID:4976
- C:\Windows\System\CtTkmpJ.exe
  C:\Windows\System\CtTkmpJ.exe
  2⤵
  PID:4992
- C:\Windows\System\UzqEZYL.exe
  C:\Windows\System\UzqEZYL.exe
  2⤵
  PID:5008
- C:\Windows\System\DQmpeaR.exe
  C:\Windows\System\DQmpeaR.exe
  2⤵
  PID:5024
- C:\Windows\System\YeRDodf.exe
  C:\Windows\System\YeRDodf.exe
  2⤵
  PID:5040
- C:\Windows\System\uLKfXvD.exe
  C:\Windows\System\uLKfXvD.exe
  2⤵
  PID:5056
- C:\Windows\System\UMBgmYu.exe
  C:\Windows\System\UMBgmYu.exe
  2⤵
  PID:5072
- C:\Windows\System\jevguqf.exe
  C:\Windows\System\jevguqf.exe
  2⤵
  PID:5088
- C:\Windows\System\sFNhEGS.exe
  C:\Windows\System\sFNhEGS.exe
  2⤵
  PID:5104
- C:\Windows\System\CZEuJvo.exe
  C:\Windows\System\CZEuJvo.exe
  2⤵
  PID:1652
- C:\Windows\System\fkYtwSV.exe
  C:\Windows\System\fkYtwSV.exe
  2⤵
  PID:4140
- C:\Windows\System\HRIhDZc.exe
  C:\Windows\System\HRIhDZc.exe
  2⤵
  PID:4124
- C:\Windows\System\itVeqeB.exe
  C:\Windows\System\itVeqeB.exe
  2⤵
  PID:4024
- C:\Windows\System\uvkcrxT.exe
  C:\Windows\System\uvkcrxT.exe
  2⤵
  PID:4184
- C:\Windows\System\wtaZwcA.exe
  C:\Windows\System\wtaZwcA.exe
  2⤵
  PID:4232
- C:\Windows\System\xcvTsLO.exe
  C:\Windows\System\xcvTsLO.exe
  2⤵
  PID:4208
- C:\Windows\System\ekSycDR.exe
  C:\Windows\System\ekSycDR.exe
  2⤵
  PID:4276
- C:\Windows\System\QIkAwth.exe
  C:\Windows\System\QIkAwth.exe
  2⤵
  PID:4316
- C:\Windows\System\tgQaDKq.exe
  C:\Windows\System\tgQaDKq.exe
  2⤵
  PID:4376
- C:\Windows\System\wiNQJso.exe
  C:\Windows\System\wiNQJso.exe
  2⤵
  PID:4072
- C:\Windows\System\YOEEeUX.exe
  C:\Windows\System\YOEEeUX.exe
  2⤵
  PID:4328
- C:\Windows\System\kPgeDYN.exe
  C:\Windows\System\kPgeDYN.exe
  2⤵
  PID:4444
- C:\Windows\System\hSrttXA.exe
  C:\Windows\System\hSrttXA.exe
  2⤵
  PID:4396
- C:\Windows\System\IsbvVSv.exe
  C:\Windows\System\IsbvVSv.exe
  2⤵
  PID:4460
- C:\Windows\System\LFZwmqC.exe
  C:\Windows\System\LFZwmqC.exe
  2⤵
  PID:4476
- C:\Windows\System\DkRGPcy.exe
  C:\Windows\System\DkRGPcy.exe
  2⤵
  PID:4544
- C:\Windows\System\fHaPrnz.exe
  C:\Windows\System\fHaPrnz.exe
  2⤵
  PID:4572
- C:\Windows\System\COBtbSe.exe
  C:\Windows\System\COBtbSe.exe
  2⤵
  PID:4556
- C:\Windows\System\RQqIqGV.exe
  C:\Windows\System\RQqIqGV.exe
  2⤵
  PID:4592
- C:\Windows\System\AXgokHs.exe
  C:\Windows\System\AXgokHs.exe
  2⤵
  PID:4604
- C:\Windows\System\OzWfLdT.exe
  C:\Windows\System\OzWfLdT.exe
  2⤵
  PID:4620
- C:\Windows\System\qDahzHc.exe
  C:\Windows\System\qDahzHc.exe
  2⤵
  PID:744
- C:\Windows\System\OGtRqfj.exe
  C:\Windows\System\OGtRqfj.exe
  2⤵
  PID:4636
- C:\Windows\System\hQXdyXK.exe
  C:\Windows\System\hQXdyXK.exe
  2⤵
  PID:4652
- C:\Windows\System\olEVOff.exe
  C:\Windows\System\olEVOff.exe
  2⤵
  PID:4688
- C:\Windows\System\fKaKKpf.exe
  C:\Windows\System\fKaKKpf.exe
  2⤵
  PID:4704
- C:\Windows\System\BfMMjmb.exe
  C:\Windows\System\BfMMjmb.exe
  2⤵
  PID:4720
- C:\Windows\System\HgAJXKX.exe
  C:\Windows\System\HgAJXKX.exe
  2⤵
  PID:4732
- C:\Windows\System\fYwavPk.exe
  C:\Windows\System\fYwavPk.exe
  2⤵
  PID:4760
- C:\Windows\System\HJeOnVj.exe
  C:\Windows\System\HJeOnVj.exe
  2⤵
  PID:4780
- C:\Windows\System\HkKFCzQ.exe
  C:\Windows\System\HkKFCzQ.exe
  2⤵
  PID:4828
- C:\Windows\System\uidwNik.exe
  C:\Windows\System\uidwNik.exe
  2⤵
  PID:4836
- C:\Windows\System\TXoWbmx.exe
  C:\Windows\System\TXoWbmx.exe
  2⤵
  PID:4876
- C:\Windows\System\dNzfTgx.exe
  C:\Windows\System\dNzfTgx.exe
  2⤵
  PID:4908
- C:\Windows\System\xxYQcil.exe
  C:\Windows\System\xxYQcil.exe
  2⤵
  PID:4892
- C:\Windows\System\DPUZOYW.exe
  C:\Windows\System\DPUZOYW.exe
  2⤵
  PID:4932
- C:\Windows\System\JJQCgrv.exe
  C:\Windows\System\JJQCgrv.exe
  2⤵
  PID:5000
- C:\Windows\System\mXvxHpv.exe
  C:\Windows\System\mXvxHpv.exe
  2⤵
  PID:5096
- C:\Windows\System\VtkPXgX.exe
  C:\Windows\System\VtkPXgX.exe
  2⤵
  PID:4108
- C:\Windows\System\ZaBHBxe.exe
  C:\Windows\System\ZaBHBxe.exe
  2⤵
  PID:5048
- C:\Windows\System\RPvkkdh.exe
  C:\Windows\System\RPvkkdh.exe
  2⤵
  PID:5112
- C:\Windows\System\FUvEyer.exe
  C:\Windows\System\FUvEyer.exe
  2⤵
  PID:4188
- C:\Windows\System\UWVdprX.exe
  C:\Windows\System\UWVdprX.exe
  2⤵
  PID:4216
- C:\Windows\System\TaeIeHo.exe
  C:\Windows\System\TaeIeHo.exe
  2⤵
  PID:4156
- C:\Windows\System\TjQllSO.exe
  C:\Windows\System\TjQllSO.exe
  2⤵
  PID:4360
- C:\Windows\System\NLMuDAK.exe
  C:\Windows\System\NLMuDAK.exe
  2⤵
  PID:4264
- C:\Windows\System\LAlbaKp.exe
  C:\Windows\System\LAlbaKp.exe
  2⤵
  PID:3624
- C:\Windows\System\XJuVLAk.exe
  C:\Windows\System\XJuVLAk.exe
  2⤵
  PID:4512
- C:\Windows\System\xCVANRx.exe
  C:\Windows\System\xCVANRx.exe
  2⤵
  PID:4312
- C:\Windows\System\PXtaaEB.exe
  C:\Windows\System\PXtaaEB.exe
  2⤵
  PID:3192
- C:\Windows\System\tHBexIQ.exe
  C:\Windows\System\tHBexIQ.exe
  2⤵
  PID:4696
- C:\Windows\System\dTHguNK.exe
  C:\Windows\System\dTHguNK.exe
  2⤵
  PID:4668
- C:\Windows\System\rfvzWyi.exe
  C:\Windows\System\rfvzWyi.exe
  2⤵
  PID:684
- C:\Windows\System\cArEGOA.exe
  C:\Windows\System\cArEGOA.exe
  2⤵
  PID:4616
- C:\Windows\System\pNlzCha.exe
  C:\Windows\System\pNlzCha.exe
  2⤵
  PID:4684
- C:\Windows\System\ALeKWjj.exe
  C:\Windows\System\ALeKWjj.exe
  2⤵
  PID:4776
- C:\Windows\System\oNGogij.exe
  C:\Windows\System\oNGogij.exe
  2⤵
  PID:4812
- C:\Windows\System\FYeJYxW.exe
  C:\Windows\System\FYeJYxW.exe
  2⤵
  PID:4800
- C:\Windows\System\rtfFoOn.exe
  C:\Windows\System\rtfFoOn.exe
  2⤵
  PID:4852
- C:\Windows\System\ZpccWmV.exe
  C:\Windows\System\ZpccWmV.exe
  2⤵
  PID:4972
- C:\Windows\System\sKINOLj.exe
  C:\Windows\System\sKINOLj.exe
  2⤵
  PID:5068
- C:\Windows\System\szXovZk.exe
  C:\Windows\System\szXovZk.exe
  2⤵
  PID:1604
- C:\Windows\System\AGjjKqj.exe
  C:\Windows\System\AGjjKqj.exe
  2⤵
  PID:4988
- C:\Windows\System\DgTpPOc.exe
  C:\Windows\System\DgTpPOc.exe
  2⤵
  PID:4076
- C:\Windows\System\oBAhAxH.exe
  C:\Windows\System\oBAhAxH.exe
  2⤵
  PID:4440
- C:\Windows\System\DFanUQy.exe
  C:\Windows\System\DFanUQy.exe
  2⤵
  PID:4524
- C:\Windows\System\ZLpCfpR.exe
  C:\Windows\System\ZLpCfpR.exe
  2⤵
  PID:4428
- C:\Windows\System\TsolgmQ.exe
  C:\Windows\System\TsolgmQ.exe
  2⤵
  PID:4680
- C:\Windows\System\OAZQTPU.exe
  C:\Windows\System\OAZQTPU.exe
  2⤵
  PID:4716
- C:\Windows\System\UcLWfwk.exe
  C:\Windows\System\UcLWfwk.exe
  2⤵
  PID:4412
- C:\Windows\System\LNpVUOZ.exe
  C:\Windows\System\LNpVUOZ.exe
  2⤵
  PID:4764
- C:\Windows\System\cLwOZro.exe
  C:\Windows\System\cLwOZro.exe
  2⤵
  PID:4152
- C:\Windows\System\DStgEKb.exe
  C:\Windows\System\DStgEKb.exe
  2⤵
  PID:2412
- C:\Windows\System\mshBXQl.exe
  C:\Windows\System\mshBXQl.exe
  2⤵
  PID:4676
- C:\Windows\System\XdhMUgy.exe
  C:\Windows\System\XdhMUgy.exe
  2⤵
  PID:4308
- C:\Windows\System\iSIKFDR.exe
  C:\Windows\System\iSIKFDR.exe
  2⤵
  PID:4172
- C:\Windows\System\pIsYdDT.exe
  C:\Windows\System\pIsYdDT.exe
  2⤵
  PID:5132
- C:\Windows\System\GPAbHBM.exe
  C:\Windows\System\GPAbHBM.exe
  2⤵
  PID:5148
- C:\Windows\System\bBjbxrH.exe
  C:\Windows\System\bBjbxrH.exe
  2⤵
  PID:5164
- C:\Windows\System\tRdCnoE.exe
  C:\Windows\System\tRdCnoE.exe
  2⤵
  PID:5180
- C:\Windows\System\SsExSmz.exe
  C:\Windows\System\SsExSmz.exe
  2⤵
  PID:5196
- C:\Windows\System\Ggmzkpf.exe
  C:\Windows\System\Ggmzkpf.exe
  2⤵
  PID:5216
- C:\Windows\System\HpkxGTE.exe
  C:\Windows\System\HpkxGTE.exe
  2⤵
  PID:5236
- C:\Windows\System\BOaAKwo.exe
  C:\Windows\System\BOaAKwo.exe
  2⤵
  PID:5252
- C:\Windows\System\JHwYSzS.exe
  C:\Windows\System\JHwYSzS.exe
  2⤵
  PID:5268
- C:\Windows\System\JTVSNHm.exe
  C:\Windows\System\JTVSNHm.exe
  2⤵
  PID:5284
- C:\Windows\System\mIHsqGn.exe
  C:\Windows\System\mIHsqGn.exe
  2⤵
  PID:5300
- C:\Windows\System\PBtViXA.exe
  C:\Windows\System\PBtViXA.exe
  2⤵
  PID:5316
- C:\Windows\System\VUHvzzD.exe
  C:\Windows\System\VUHvzzD.exe
  2⤵
  PID:5332
- C:\Windows\System\wZruUEW.exe
  C:\Windows\System\wZruUEW.exe
  2⤵
  PID:5348
- C:\Windows\System\OkSNzuk.exe
  C:\Windows\System\OkSNzuk.exe
  2⤵
  PID:5364
- C:\Windows\System\VacKCdL.exe
  C:\Windows\System\VacKCdL.exe
  2⤵
  PID:5380
- C:\Windows\System\HHltcws.exe
  C:\Windows\System\HHltcws.exe
  2⤵
  PID:5396
- C:\Windows\System\AWEntOT.exe
  C:\Windows\System\AWEntOT.exe
  2⤵
  PID:5412
- C:\Windows\System\uBhbdof.exe
  C:\Windows\System\uBhbdof.exe
  2⤵
  PID:5428
- C:\Windows\System\cnVSSVd.exe
  C:\Windows\System\cnVSSVd.exe
  2⤵
  PID:5444
- C:\Windows\System\zHhJzLy.exe
  C:\Windows\System\zHhJzLy.exe
  2⤵
  PID:5460
- C:\Windows\System\WDUDZpX.exe
  C:\Windows\System\WDUDZpX.exe
  2⤵
  PID:5476
- C:\Windows\System\MUGeqLY.exe
  C:\Windows\System\MUGeqLY.exe
  2⤵
  PID:5492
- C:\Windows\System\VKjLVzw.exe
  C:\Windows\System\VKjLVzw.exe
  2⤵
  PID:5508
- C:\Windows\System\mvzHJaD.exe
  C:\Windows\System\mvzHJaD.exe
  2⤵
  PID:5524
- C:\Windows\System\HKWHUmn.exe
  C:\Windows\System\HKWHUmn.exe
  2⤵
  PID:5540
- C:\Windows\System\yXCUZJs.exe
  C:\Windows\System\yXCUZJs.exe
  2⤵
  PID:5556
- C:\Windows\System\UBTmHJM.exe
  C:\Windows\System\UBTmHJM.exe
  2⤵
  PID:5572
- C:\Windows\System\wevXXnm.exe
  C:\Windows\System\wevXXnm.exe
  2⤵
  PID:5588
- C:\Windows\System\aSYqhXj.exe
  C:\Windows\System\aSYqhXj.exe
  2⤵
  PID:5604
- C:\Windows\System\pPLgySA.exe
  C:\Windows\System\pPLgySA.exe
  2⤵
  PID:5620
- C:\Windows\System\wpQcouK.exe
  C:\Windows\System\wpQcouK.exe
  2⤵
  PID:5636
- C:\Windows\System\axnRREN.exe
  C:\Windows\System\axnRREN.exe
  2⤵
  PID:5652
- C:\Windows\System\rCGPmMK.exe
  C:\Windows\System\rCGPmMK.exe
  2⤵
  PID:5668
- C:\Windows\System\GwTPBkh.exe
  C:\Windows\System\GwTPBkh.exe
  2⤵
  PID:5684
- C:\Windows\System\TACsSzQ.exe
  C:\Windows\System\TACsSzQ.exe
  2⤵
  PID:5700
- C:\Windows\System\bvAbzUA.exe
  C:\Windows\System\bvAbzUA.exe
  2⤵
  PID:5720
- C:\Windows\System\DuduAqS.exe
  C:\Windows\System\DuduAqS.exe
  2⤵
  PID:5736
- C:\Windows\System\LBthyHB.exe
  C:\Windows\System\LBthyHB.exe
  2⤵
  PID:5752
- C:\Windows\System\afZWucz.exe
  C:\Windows\System\afZWucz.exe
  2⤵
  PID:5768
- C:\Windows\System\oFtrUIi.exe
  C:\Windows\System\oFtrUIi.exe
  2⤵
  PID:5788
- C:\Windows\System\BmxFIpf.exe
  C:\Windows\System\BmxFIpf.exe
  2⤵
  PID:5804
- C:\Windows\System\iVaoQWO.exe
  C:\Windows\System\iVaoQWO.exe
  2⤵
  PID:5820
- C:\Windows\System\mtemjtU.exe
  C:\Windows\System\mtemjtU.exe
  2⤵
  PID:5836
- C:\Windows\System\XypTbpY.exe
  C:\Windows\System\XypTbpY.exe
  2⤵
  PID:5852
- C:\Windows\System\kCNptaX.exe
  C:\Windows\System\kCNptaX.exe
  2⤵
  PID:5868
- C:\Windows\System\dcmMDGl.exe
  C:\Windows\System\dcmMDGl.exe
  2⤵
  PID:5888
- C:\Windows\System\iHhplqT.exe
  C:\Windows\System\iHhplqT.exe
  2⤵
  PID:5904
- C:\Windows\System\gqoRcdb.exe
  C:\Windows\System\gqoRcdb.exe
  2⤵
  PID:5920
- C:\Windows\System\FpzjZHI.exe
  C:\Windows\System\FpzjZHI.exe
  2⤵
  PID:5936
- C:\Windows\System\tTfRpwd.exe
  C:\Windows\System\tTfRpwd.exe
  2⤵
  PID:5952
- C:\Windows\System\jznaOIn.exe
  C:\Windows\System\jznaOIn.exe
  2⤵
  PID:5968
- C:\Windows\System\fQLcYWW.exe
  C:\Windows\System\fQLcYWW.exe
  2⤵
  PID:5984
- C:\Windows\System\dYipwAU.exe
  C:\Windows\System\dYipwAU.exe
  2⤵
  PID:6000
- C:\Windows\System\EyyAezT.exe
  C:\Windows\System\EyyAezT.exe
  2⤵
  PID:6036
- C:\Windows\System\uAPVNvW.exe
  C:\Windows\System\uAPVNvW.exe
  2⤵
  PID:6064
- C:\Windows\System\JJYEfKN.exe
  C:\Windows\System\JJYEfKN.exe
  2⤵
  PID:6080
- C:\Windows\System\PdvHHwS.exe
  C:\Windows\System\PdvHHwS.exe
  2⤵
  PID:6096
- C:\Windows\System\GJDwoKn.exe
  C:\Windows\System\GJDwoKn.exe
  2⤵
  PID:6112
- C:\Windows\System\fyoWfNa.exe
  C:\Windows\System\fyoWfNa.exe
  2⤵
  PID:6128
- C:\Windows\System\HTEFlsk.exe
  C:\Windows\System\HTEFlsk.exe
  2⤵
  PID:4912
- C:\Windows\System\BZjrWOb.exe
  C:\Windows\System\BZjrWOb.exe
  2⤵
  PID:3040
- C:\Windows\System\WRbWHiM.exe
  C:\Windows\System\WRbWHiM.exe
  2⤵
  PID:2396
- C:\Windows\System\RxLWney.exe
  C:\Windows\System\RxLWney.exe
  2⤵
  PID:5176
- C:\Windows\System\QGyNmrG.exe
  C:\Windows\System\QGyNmrG.exe
  2⤵
  PID:4612
- C:\Windows\System\QqUWeHY.exe
  C:\Windows\System\QqUWeHY.exe
  2⤵
  PID:5244
- C:\Windows\System\wRHvRZm.exe
  C:\Windows\System\wRHvRZm.exe
  2⤵
  PID:5280
- C:\Windows\System\sbCrFQN.exe
  C:\Windows\System\sbCrFQN.exe
  2⤵
  PID:4952
- C:\Windows\System\fUgMknY.exe
  C:\Windows\System\fUgMknY.exe
  2⤵
  PID:5128
- C:\Windows\System\btNFwqA.exe
  C:\Windows\System\btNFwqA.exe
  2⤵
  PID:5192
- C:\Windows\System\dTTlpfd.exe
  C:\Windows\System\dTTlpfd.exe
  2⤵
  PID:5260
- C:\Windows\System\TwIlCVK.exe
  C:\Windows\System\TwIlCVK.exe
  2⤵
  PID:5324
- C:\Windows\System\PonKvEX.exe
  C:\Windows\System\PonKvEX.exe
  2⤵
  PID:5404
- C:\Windows\System\bUkhSyD.exe
  C:\Windows\System\bUkhSyD.exe
  2⤵
  PID:5472
- C:\Windows\System\guLviCQ.exe
  C:\Windows\System\guLviCQ.exe
  2⤵
  PID:5356
- C:\Windows\System\BUjDMug.exe
  C:\Windows\System\BUjDMug.exe
  2⤵
  PID:5440
- C:\Windows\System\gSdkotU.exe
  C:\Windows\System\gSdkotU.exe
  2⤵
  PID:5424
- C:\Windows\System\mTPvZxa.exe
  C:\Windows\System\mTPvZxa.exe
  2⤵
  PID:5488
- C:\Windows\System\auJvQNn.exe
  C:\Windows\System\auJvQNn.exe
  2⤵
  PID:5612
- C:\Windows\System\sErPFCs.exe
  C:\Windows\System\sErPFCs.exe
  2⤵
  PID:5584
- C:\Windows\System\vnIKCbA.exe
  C:\Windows\System\vnIKCbA.exe
  2⤵
  PID:5536
- C:\Windows\System\ohPjbiu.exe
  C:\Windows\System\ohPjbiu.exe
  2⤵
  PID:5744
- C:\Windows\System\RtDOCGw.exe
  C:\Windows\System\RtDOCGw.exe
  2⤵
  PID:5776
- C:\Windows\System\iBRKMzm.exe
  C:\Windows\System\iBRKMzm.exe
  2⤵
  PID:5728
- C:\Windows\System\cGRteEv.exe
  C:\Windows\System\cGRteEv.exe
  2⤵
  PID:5784
- C:\Windows\System\cIQzfYt.exe
  C:\Windows\System\cIQzfYt.exe
  2⤵
  PID:5816
- C:\Windows\System\bwkpOTS.exe
  C:\Windows\System\bwkpOTS.exe
  2⤵
  PID:5664
- C:\Windows\System\tnpOcvz.exe
  C:\Windows\System\tnpOcvz.exe
  2⤵
  PID:5828
- C:\Windows\System\eWvXZIm.exe
  C:\Windows\System\eWvXZIm.exe
  2⤵
  PID:5864
- C:\Windows\System\jVfvLyd.exe
  C:\Windows\System\jVfvLyd.exe
  2⤵
  PID:5760
- C:\Windows\System\StDpjwO.exe
  C:\Windows\System\StDpjwO.exe
  2⤵
  PID:5928
- C:\Windows\System\jVhvKph.exe
  C:\Windows\System\jVhvKph.exe
  2⤵
  PID:5976
- C:\Windows\System\YcCHZzE.exe
  C:\Windows\System\YcCHZzE.exe
  2⤵
  PID:6008
- C:\Windows\System\gbgnvNf.exe
  C:\Windows\System\gbgnvNf.exe
  2⤵
  PID:6016
- C:\Windows\System\KCJmvMD.exe
  C:\Windows\System\KCJmvMD.exe
  2⤵
  PID:6032
- C:\Windows\System\GDMkCmZ.exe
  C:\Windows\System\GDMkCmZ.exe
  2⤵
  PID:6052
- C:\Windows\System\BwoojVr.exe
  C:\Windows\System\BwoojVr.exe
  2⤵
  PID:6088
- C:\Windows\System\wWBHuwm.exe
  C:\Windows\System\wWBHuwm.exe
  2⤵
  PID:5064
- C:\Windows\System\CLpacny.exe
  C:\Windows\System\CLpacny.exe
  2⤵
  PID:3168
- C:\Windows\System\TUAYLOu.exe
  C:\Windows\System\TUAYLOu.exe
  2⤵
  PID:5312
- C:\Windows\System\rripBZP.exe
  C:\Windows\System\rripBZP.exe
  2⤵
  PID:6076
- C:\Windows\System\BZnKGxv.exe
  C:\Windows\System\BZnKGxv.exe
  2⤵
  PID:5296
- C:\Windows\System\FIyJCgG.exe
  C:\Windows\System\FIyJCgG.exe
  2⤵
  PID:6104
- C:\Windows\System\lXKhUYc.exe
  C:\Windows\System\lXKhUYc.exe
  2⤵
  PID:4628
- C:\Windows\System\gYNpzJl.exe
  C:\Windows\System\gYNpzJl.exe
  2⤵
  PID:5212
- C:\Windows\System\JSpTjAZ.exe
  C:\Windows\System\JSpTjAZ.exe
  2⤵
  PID:1692
- C:\Windows\System\UoNliNH.exe
  C:\Windows\System\UoNliNH.exe
  2⤵
  PID:2296
- C:\Windows\System\AATNpuk.exe
  C:\Windows\System\AATNpuk.exe
  2⤵
  PID:5224
- C:\Windows\System\OqSfSpt.exe
  C:\Windows\System\OqSfSpt.exe
  2⤵
  PID:5616
- C:\Windows\System\RkyCvvm.exe
  C:\Windows\System\RkyCvvm.exe
  2⤵
  PID:5600
- C:\Windows\System\QFlaDJa.exe
  C:\Windows\System\QFlaDJa.exe
  2⤵
  PID:5504
- C:\Windows\System\YcpLzAW.exe
  C:\Windows\System\YcpLzAW.exe
  2⤵
  PID:5884
- C:\Windows\System\kugLLua.exe
  C:\Windows\System\kugLLua.exe
  2⤵
  PID:5548
- C:\Windows\System\FYwsAxO.exe
  C:\Windows\System\FYwsAxO.exe
  2⤵
  PID:5948
- C:\Windows\System\nCWIOmo.exe
  C:\Windows\System\nCWIOmo.exe
  2⤵
  PID:5628
- C:\Windows\System\XkjRDyx.exe
  C:\Windows\System\XkjRDyx.exe
  2⤵
  PID:2164
- C:\Windows\System\zrUbjUl.exe
  C:\Windows\System\zrUbjUl.exe
  2⤵
  PID:5960
- C:\Windows\System\AyCXohK.exe
  C:\Windows\System\AyCXohK.exe
  2⤵
  PID:6056
- C:\Windows\System\uCzwfZM.exe
  C:\Windows\System\uCzwfZM.exe
  2⤵
  PID:6120
- C:\Windows\System\ifISymt.exe
  C:\Windows\System\ifISymt.exe
  2⤵
  PID:5468
- C:\Windows\System\ePdvxIK.exe
  C:\Windows\System\ePdvxIK.exe
  2⤵
  PID:5644
- C:\Windows\System\dnHeUcR.exe
  C:\Windows\System\dnHeUcR.exe
  2⤵
  PID:4872
- C:\Windows\System\iIvnnbN.exe
  C:\Windows\System\iIvnnbN.exe
  2⤵
  PID:5564
- C:\Windows\System\ZbkQbxK.exe
  C:\Windows\System\ZbkQbxK.exe
  2⤵
  PID:5812
- C:\Windows\System\QiiDxSK.exe
  C:\Windows\System\QiiDxSK.exe
  2⤵
  PID:5084
- C:\Windows\System\HaoQAte.exe
  C:\Windows\System\HaoQAte.exe
  2⤵
  PID:5392
- C:\Windows\System\kShTbAM.exe
  C:\Windows\System\kShTbAM.exe
  2⤵
  PID:5376
- C:\Windows\System\KTkzEOj.exe
  C:\Windows\System\KTkzEOj.exe
  2⤵
  PID:5880
- C:\Windows\System\WGldpqH.exe
  C:\Windows\System\WGldpqH.exe
  2⤵
  PID:5344
- C:\Windows\System\VyaaTkz.exe
  C:\Windows\System\VyaaTkz.exe
  2⤵
  PID:5532
- C:\Windows\System\LjRSPVt.exe
  C:\Windows\System\LjRSPVt.exe
  2⤵
  PID:5160
- C:\Windows\System\mWwPIyF.exe
  C:\Windows\System\mWwPIyF.exe
  2⤵
  PID:6136
- C:\Windows\System\awLeeAt.exe
  C:\Windows\System\awLeeAt.exe
  2⤵
  PID:5420
- C:\Windows\System\KFDvvjZ.exe
  C:\Windows\System\KFDvvjZ.exe
  2⤵
  PID:5800
- C:\Windows\System\armHhaA.exe
  C:\Windows\System\armHhaA.exe
  2⤵
  PID:6048
- C:\Windows\System\LtzJHwX.exe
  C:\Windows\System\LtzJHwX.exe
  2⤵
  PID:6156
- C:\Windows\System\tOuAxhA.exe
  C:\Windows\System\tOuAxhA.exe
  2⤵
  PID:6172
- C:\Windows\System\BPYbMcy.exe
  C:\Windows\System\BPYbMcy.exe
  2⤵
  PID:6188
- C:\Windows\System\LTVWlAd.exe
  C:\Windows\System\LTVWlAd.exe
  2⤵
  PID:6204
- C:\Windows\System\vgmiThL.exe
  C:\Windows\System\vgmiThL.exe
  2⤵
  PID:6220
- C:\Windows\System\RIGasja.exe
  C:\Windows\System\RIGasja.exe
  2⤵
  PID:6236
- C:\Windows\System\VdCbmri.exe
  C:\Windows\System\VdCbmri.exe
  2⤵
  PID:6252
- C:\Windows\System\OFREsoe.exe
  C:\Windows\System\OFREsoe.exe
  2⤵
  PID:6268
- C:\Windows\System\WkkwLgp.exe
  C:\Windows\System\WkkwLgp.exe
  2⤵
  PID:6288
- C:\Windows\System\TnORDSp.exe
  C:\Windows\System\TnORDSp.exe
  2⤵
  PID:6304
- C:\Windows\System\ZJflUFY.exe
  C:\Windows\System\ZJflUFY.exe
  2⤵
  PID:6320
- C:\Windows\System\jEDgoIB.exe
  C:\Windows\System\jEDgoIB.exe
  2⤵
  PID:6336
- C:\Windows\System\IAWgrQN.exe
  C:\Windows\System\IAWgrQN.exe
  2⤵
  PID:6352
- C:\Windows\System\nsgANjh.exe
  C:\Windows\System\nsgANjh.exe
  2⤵
  PID:6368
- C:\Windows\System\ZUzYlwE.exe
  C:\Windows\System\ZUzYlwE.exe
  2⤵
  PID:6384
- C:\Windows\System\VsQuAmK.exe
  C:\Windows\System\VsQuAmK.exe
  2⤵
  PID:6400
- C:\Windows\System\qUituMq.exe
  C:\Windows\System\qUituMq.exe
  2⤵
  PID:6416
- C:\Windows\System\OLEUVJQ.exe
  C:\Windows\System\OLEUVJQ.exe
  2⤵
  PID:6432
- C:\Windows\System\LxoNHtC.exe
  C:\Windows\System\LxoNHtC.exe
  2⤵
  PID:6448
- C:\Windows\System\jiqWEDg.exe
  C:\Windows\System\jiqWEDg.exe
  2⤵
  PID:6464
- C:\Windows\System\hOBCiTZ.exe
  C:\Windows\System\hOBCiTZ.exe
  2⤵
  PID:6480
- C:\Windows\System\ShbyUcX.exe
  C:\Windows\System\ShbyUcX.exe
  2⤵
  PID:6496
- C:\Windows\System\tDSBdQk.exe
  C:\Windows\System\tDSBdQk.exe
  2⤵
  PID:6512
- C:\Windows\System\xFjxjRZ.exe
  C:\Windows\System\xFjxjRZ.exe
  2⤵
  PID:6528
- C:\Windows\System\ycTpnvg.exe
  C:\Windows\System\ycTpnvg.exe
  2⤵
  PID:6544
- C:\Windows\System\HENQzNr.exe
  C:\Windows\System\HENQzNr.exe
  2⤵
  PID:6560
- C:\Windows\System\OzdQkDo.exe
  C:\Windows\System\OzdQkDo.exe
  2⤵
  PID:6576
- C:\Windows\System\QppGWHP.exe
  C:\Windows\System\QppGWHP.exe
  2⤵
  PID:6592
- C:\Windows\System\fiiDZMu.exe
  C:\Windows\System\fiiDZMu.exe
  2⤵
  PID:6608
- C:\Windows\System\wSfMvHz.exe
  C:\Windows\System\wSfMvHz.exe
  2⤵
  PID:6624
- C:\Windows\System\VHhPglt.exe
  C:\Windows\System\VHhPglt.exe
  2⤵
  PID:6640
- C:\Windows\System\esfILVJ.exe
  C:\Windows\System\esfILVJ.exe
  2⤵
  PID:6656
- C:\Windows\System\iJBLjNT.exe
  C:\Windows\System\iJBLjNT.exe
  2⤵
  PID:6672
- C:\Windows\System\XZEVQVj.exe
  C:\Windows\System\XZEVQVj.exe
  2⤵
  PID:6688
- C:\Windows\System\VjZIQyG.exe
  C:\Windows\System\VjZIQyG.exe
  2⤵
  PID:6704
- C:\Windows\System\FXPzXxl.exe
  C:\Windows\System\FXPzXxl.exe
  2⤵
  PID:6720
- C:\Windows\System\tMwGVua.exe
  C:\Windows\System\tMwGVua.exe
  2⤵
  PID:6736
- C:\Windows\System\wZGrMTX.exe
  C:\Windows\System\wZGrMTX.exe
  2⤵
  PID:6752
- C:\Windows\System\HxKHXyg.exe
  C:\Windows\System\HxKHXyg.exe
  2⤵
  PID:6768
- C:\Windows\System\qLpmNfi.exe
  C:\Windows\System\qLpmNfi.exe
  2⤵
  PID:6784
- C:\Windows\System\cYTkpGK.exe
  C:\Windows\System\cYTkpGK.exe
  2⤵
  PID:6800
- C:\Windows\System\HTSnQeT.exe
  C:\Windows\System\HTSnQeT.exe
  2⤵
  PID:6816
- C:\Windows\System\igiHypT.exe
  C:\Windows\System\igiHypT.exe
  2⤵
  PID:6832
- C:\Windows\System\MhsDcVT.exe
  C:\Windows\System\MhsDcVT.exe
  2⤵
  PID:6848
- C:\Windows\System\KCAXmzm.exe
  C:\Windows\System\KCAXmzm.exe
  2⤵
  PID:6864
- C:\Windows\System\tNovenN.exe
  C:\Windows\System\tNovenN.exe
  2⤵
  PID:6880
- C:\Windows\System\xgwprQG.exe
  C:\Windows\System\xgwprQG.exe
  2⤵
  PID:6896
- C:\Windows\System\kHwTpac.exe
  C:\Windows\System\kHwTpac.exe
  2⤵
  PID:6912
- C:\Windows\System\AdQqqVN.exe
  C:\Windows\System\AdQqqVN.exe
  2⤵
  PID:6928
- C:\Windows\System\EyaPpQJ.exe
  C:\Windows\System\EyaPpQJ.exe
  2⤵
  PID:6944
- C:\Windows\System\fKUHUDc.exe
  C:\Windows\System\fKUHUDc.exe
  2⤵
  PID:6960
- C:\Windows\System\wmdbOVA.exe
  C:\Windows\System\wmdbOVA.exe
  2⤵
  PID:6976
- C:\Windows\System\rsmcoRR.exe
  C:\Windows\System\rsmcoRR.exe
  2⤵
  PID:6992
- C:\Windows\System\rlKVNWd.exe
  C:\Windows\System\rlKVNWd.exe
  2⤵
  PID:7008
- C:\Windows\System\KFwKZVh.exe
  C:\Windows\System\KFwKZVh.exe
  2⤵
  PID:7024
- C:\Windows\System\ScIxuJI.exe
  C:\Windows\System\ScIxuJI.exe
  2⤵
  PID:7040
- C:\Windows\System\NEsPNUE.exe
  C:\Windows\System\NEsPNUE.exe
  2⤵
  PID:7056
- C:\Windows\System\VmIqiQT.exe
  C:\Windows\System\VmIqiQT.exe
  2⤵
  PID:7072
- C:\Windows\System\eAchmUt.exe
  C:\Windows\System\eAchmUt.exe
  2⤵
  PID:7088
- C:\Windows\System\UwLeVic.exe
  C:\Windows\System\UwLeVic.exe
  2⤵
  PID:7104
- C:\Windows\System\XiCJRTv.exe
  C:\Windows\System\XiCJRTv.exe
  2⤵
  PID:7120
- C:\Windows\System\mDBZcSw.exe
  C:\Windows\System\mDBZcSw.exe
  2⤵
  PID:7136
- C:\Windows\System\CBcFbes.exe
  C:\Windows\System\CBcFbes.exe
  2⤵
  PID:7156
- C:\Windows\System\LPiKXBr.exe
  C:\Windows\System\LPiKXBr.exe
  2⤵
  PID:5188
- C:\Windows\System\hViOrYy.exe
  C:\Windows\System\hViOrYy.exe
  2⤵
  PID:5660
- C:\Windows\System\iNmnhYG.exe
  C:\Windows\System\iNmnhYG.exe
  2⤵
  PID:3116
- C:\Windows\System\XmwWcWp.exe
  C:\Windows\System\XmwWcWp.exe
  2⤵
  PID:6180
- C:\Windows\System\NjbGEKn.exe
  C:\Windows\System\NjbGEKn.exe
  2⤵
  PID:6168
- C:\Windows\System\ABeMYeJ.exe
  C:\Windows\System\ABeMYeJ.exe
  2⤵
  PID:6244
- C:\Windows\System\PFZEILc.exe
  C:\Windows\System\PFZEILc.exe
  2⤵
  PID:6228
- C:\Windows\System\LpjYKyk.exe
  C:\Windows\System\LpjYKyk.exe
  2⤵
  PID:6280
- C:\Windows\System\WSxfghC.exe
  C:\Windows\System\WSxfghC.exe
  2⤵
  PID:6344
- C:\Windows\System\NoHalyr.exe
  C:\Windows\System\NoHalyr.exe
  2⤵
  PID:6364
- C:\Windows\System\uueGVzy.exe
  C:\Windows\System\uueGVzy.exe
  2⤵
  PID:6332
- C:\Windows\System\QNLBOjI.exe
  C:\Windows\System\QNLBOjI.exe
  2⤵
  PID:6396
- C:\Windows\System\OaWjJUX.exe
  C:\Windows\System\OaWjJUX.exe
  2⤵
  PID:6472
- C:\Windows\System\FZfFlFn.exe
  C:\Windows\System\FZfFlFn.exe
  2⤵
  PID:6444
- C:\Windows\System\gGBkMan.exe
  C:\Windows\System\gGBkMan.exe
  2⤵
  PID:6540
- C:\Windows\System\fvoUihT.exe
  C:\Windows\System\fvoUihT.exe
  2⤵
  PID:6604
- C:\Windows\System\jGUyjIx.exe
  C:\Windows\System\jGUyjIx.exe
  2⤵
  PID:6668
- C:\Windows\System\hjpjFGG.exe
  C:\Windows\System\hjpjFGG.exe
  2⤵
  PID:6732
- C:\Windows\System\lcJgARZ.exe
  C:\Windows\System\lcJgARZ.exe
  2⤵
  PID:6792
- C:\Windows\System\znJhhMC.exe
  C:\Windows\System\znJhhMC.exe
  2⤵
  PID:6520
- C:\Windows\System\ZScQtUP.exe
  C:\Windows\System\ZScQtUP.exe
  2⤵
  PID:6584
- C:\Windows\System\DJQvJQH.exe
  C:\Windows\System\DJQvJQH.exe
  2⤵
  PID:6856
- C:\Windows\System\iSLylSa.exe
  C:\Windows\System\iSLylSa.exe
  2⤵
  PID:6920
- C:\Windows\System\WGzDuNN.exe
  C:\Windows\System\WGzDuNN.exe
  2⤵
  PID:6652
- C:\Windows\System\Vizikep.exe
  C:\Windows\System\Vizikep.exe
  2⤵
  PID:6988
- C:\Windows\System\HhItAhE.exe
  C:\Windows\System\HhItAhE.exe
  2⤵
  PID:7020
- C:\Windows\System\CFWXMpy.exe
  C:\Windows\System\CFWXMpy.exe
  2⤵
  PID:7080
- C:\Windows\System\mVpsMth.exe
  C:\Windows\System\mVpsMth.exe
  2⤵
  PID:6712
- C:\Windows\System\vODqsgh.exe
  C:\Windows\System\vODqsgh.exe
  2⤵
  PID:6776
- C:\Windows\System\KBQcBlS.exe
  C:\Windows\System\KBQcBlS.exe
  2⤵
  PID:6840
- C:\Windows\System\XIVmBKA.exe
  C:\Windows\System\XIVmBKA.exe
  2⤵
  PID:7004
- C:\Windows\System\irNLdqY.exe
  C:\Windows\System\irNLdqY.exe
  2⤵
  PID:6872
- C:\Windows\System\LZqhRdK.exe
  C:\Windows\System\LZqhRdK.exe
  2⤵
  PID:5712
- C:\Windows\System\QPfGxAa.exe
  C:\Windows\System\QPfGxAa.exe
  2⤵
  PID:6908
- C:\Windows\System\HvtcPYr.exe
  C:\Windows\System\HvtcPYr.exe
  2⤵
  PID:7000
- C:\Windows\System\IFRGyXq.exe
  C:\Windows\System\IFRGyXq.exe
  2⤵
  PID:6376
- C:\Windows\System\vQsoYaH.exe
  C:\Windows\System\vQsoYaH.exe
  2⤵
  PID:6284
- C:\Windows\System\uOuVPNH.exe
  C:\Windows\System\uOuVPNH.exe
  2⤵
  PID:6460
- C:\Windows\System\rXAqJZp.exe
  C:\Windows\System\rXAqJZp.exe
  2⤵
  PID:6488
- C:\Windows\System\YBsTXtg.exe
  C:\Windows\System\YBsTXtg.exe
  2⤵
  PID:6620
- C:\Windows\System\HKBglYE.exe
  C:\Windows\System\HKBglYE.exe
  2⤵
  PID:7016
- C:\Windows\System\mDoGvtm.exe
  C:\Windows\System\mDoGvtm.exe
  2⤵
  PID:7032
- C:\Windows\System\iCbWDpe.exe
  C:\Windows\System\iCbWDpe.exe
  2⤵
  PID:988
- C:\Windows\System\xZVsFRO.exe
  C:\Windows\System\xZVsFRO.exe
  2⤵
  PID:7100
- C:\Windows\System\inIWxWL.exe
  C:\Windows\System\inIWxWL.exe
  2⤵
  PID:6972
- C:\Windows\System\WhGyyfd.exe
  C:\Windows\System\WhGyyfd.exe
  2⤵
  PID:6152
- C:\Windows\System\tWbTwEu.exe
  C:\Windows\System\tWbTwEu.exe
  2⤵
  PID:6440
- C:\Windows\System\gkdIurZ.exe
  C:\Windows\System\gkdIurZ.exe
  2⤵
  PID:6748
- C:\Windows\System\eBjPxBy.exe
  C:\Windows\System\eBjPxBy.exe
  2⤵
  PID:6952
- C:\Windows\System\YjXvGmZ.exe
  C:\Windows\System\YjXvGmZ.exe
  2⤵
  PID:6892
- C:\Windows\System\ZuDOWwP.exe
  C:\Windows\System\ZuDOWwP.exe
  2⤵
  PID:6636
- C:\Windows\System\siaSAsh.exe
  C:\Windows\System\siaSAsh.exe
  2⤵
  PID:6328
- C:\Windows\System\ngfWJUv.exe
  C:\Windows\System\ngfWJUv.exe
  2⤵
  PID:6200
- C:\Windows\System\tvMjcUD.exe
  C:\Windows\System\tvMjcUD.exe
  2⤵
  PID:5708
- C:\Windows\System\nfyrRCp.exe
  C:\Windows\System\nfyrRCp.exe
  2⤵
  PID:7116
- C:\Windows\System\KQCrSpE.exe
  C:\Windows\System\KQCrSpE.exe
  2⤵
  PID:6300
- C:\Windows\System\fDolqZt.exe
  C:\Windows\System\fDolqZt.exe
  2⤵
  PID:6956
- C:\Windows\System\lEDoqPj.exe
  C:\Windows\System\lEDoqPj.exe
  2⤵
  PID:6556
- C:\Windows\System\GYMiURN.exe
  C:\Windows\System\GYMiURN.exe
  2⤵
  PID:5860
- C:\Windows\System\vKqSOQZ.exe
  C:\Windows\System\vKqSOQZ.exe
  2⤵
  PID:5680
- C:\Windows\System\yZquvjw.exe
  C:\Windows\System\yZquvjw.exe
  2⤵
  PID:6616
- C:\Windows\System\snhxEwb.exe
  C:\Windows\System\snhxEwb.exe
  2⤵
  PID:7036
- C:\Windows\System\sAZYxSX.exe
  C:\Windows\System\sAZYxSX.exe
  2⤵
  PID:7184
- C:\Windows\System\kHXYmOD.exe
  C:\Windows\System\kHXYmOD.exe
  2⤵
  PID:7200
- C:\Windows\System\cdapaGo.exe
  C:\Windows\System\cdapaGo.exe
  2⤵
  PID:7216
- C:\Windows\System\MsTHfRt.exe
  C:\Windows\System\MsTHfRt.exe
  2⤵
  PID:7232
- C:\Windows\System\oJXEnzA.exe
  C:\Windows\System\oJXEnzA.exe
  2⤵
  PID:7248
- C:\Windows\System\YjJIpyZ.exe
  C:\Windows\System\YjJIpyZ.exe
  2⤵
  PID:7264
- C:\Windows\System\XufOTGl.exe
  C:\Windows\System\XufOTGl.exe
  2⤵
  PID:7280
- C:\Windows\System\BjawjXV.exe
  C:\Windows\System\BjawjXV.exe
  2⤵
  PID:7296
- C:\Windows\System\jZPCwcG.exe
  C:\Windows\System\jZPCwcG.exe
  2⤵
  PID:7312
- C:\Windows\System\CdvhSnV.exe
  C:\Windows\System\CdvhSnV.exe
  2⤵
  PID:7328
- C:\Windows\System\ljesmqy.exe
  C:\Windows\System\ljesmqy.exe
  2⤵
  PID:7344
- C:\Windows\System\BCyIrqS.exe
  C:\Windows\System\BCyIrqS.exe
  2⤵
  PID:7360
- C:\Windows\System\pJaScwR.exe
  C:\Windows\System\pJaScwR.exe
  2⤵
  PID:7376
- C:\Windows\System\AvcEikL.exe
  C:\Windows\System\AvcEikL.exe
  2⤵
  PID:7392
- C:\Windows\System\LTbWWpt.exe
  C:\Windows\System\LTbWWpt.exe
  2⤵
  PID:7408
- C:\Windows\System\CadfcML.exe
  C:\Windows\System\CadfcML.exe
  2⤵
  PID:7424
- C:\Windows\System\iyBUGri.exe
  C:\Windows\System\iyBUGri.exe
  2⤵
  PID:7456
- C:\Windows\System\qBgpHTY.exe
  C:\Windows\System\qBgpHTY.exe
  2⤵
  PID:7472
- C:\Windows\System\lJZXsxb.exe
  C:\Windows\System\lJZXsxb.exe
  2⤵
  PID:7488
- C:\Windows\System\aWvaGeK.exe
  C:\Windows\System\aWvaGeK.exe
  2⤵
  PID:7504
- C:\Windows\System\IivSkxo.exe
  C:\Windows\System\IivSkxo.exe
  2⤵
  PID:7520
- C:\Windows\System\yGvHFtM.exe
  C:\Windows\System\yGvHFtM.exe
  2⤵
  PID:7536
- C:\Windows\System\lYFCCSf.exe
  C:\Windows\System\lYFCCSf.exe
  2⤵
  PID:7552
- C:\Windows\System\JEZfxVc.exe
  C:\Windows\System\JEZfxVc.exe
  2⤵
  PID:7568
- C:\Windows\System\PumGnZm.exe
  C:\Windows\System\PumGnZm.exe
  2⤵
  PID:7584
- C:\Windows\System\OwnALGD.exe
  C:\Windows\System\OwnALGD.exe
  2⤵
  PID:7600
- C:\Windows\System\AsvqfZo.exe
  C:\Windows\System\AsvqfZo.exe
  2⤵
  PID:7616
- C:\Windows\System\mUEqwBp.exe
  C:\Windows\System\mUEqwBp.exe
  2⤵
  PID:7632
- C:\Windows\System\foUcTMw.exe
  C:\Windows\System\foUcTMw.exe
  2⤵
  PID:7652
- C:\Windows\System\vgKetyZ.exe
  C:\Windows\System\vgKetyZ.exe
  2⤵
  PID:7672
- C:\Windows\System\xGMiqbX.exe
  C:\Windows\System\xGMiqbX.exe
  2⤵
  PID:7688
- C:\Windows\System\pQHLOhY.exe
  C:\Windows\System\pQHLOhY.exe
  2⤵
  PID:7704
- C:\Windows\System\suTZmat.exe
  C:\Windows\System\suTZmat.exe
  2⤵
  PID:7720
- C:\Windows\System\VXXIdpH.exe
  C:\Windows\System\VXXIdpH.exe
  2⤵
  PID:7736
- C:\Windows\System\zbYwFUe.exe
  C:\Windows\System\zbYwFUe.exe
  2⤵
  PID:7752
- C:\Windows\System\wvnJaYl.exe
  C:\Windows\System\wvnJaYl.exe
  2⤵
  PID:7768
- C:\Windows\System\NNSYsSC.exe
  C:\Windows\System\NNSYsSC.exe
  2⤵
  PID:7784
- C:\Windows\System\TUCHjHc.exe
  C:\Windows\System\TUCHjHc.exe
  2⤵
  PID:7800
- C:\Windows\System\aZPykRy.exe
  C:\Windows\System\aZPykRy.exe
  2⤵
  PID:7816
- C:\Windows\System\fllmrQr.exe
  C:\Windows\System\fllmrQr.exe
  2⤵
  PID:7832
- C:\Windows\System\oJBXLJk.exe
  C:\Windows\System\oJBXLJk.exe
  2⤵
  PID:7848
- C:\Windows\System\FEWQzKY.exe
  C:\Windows\System\FEWQzKY.exe
  2⤵
  PID:7864
- C:\Windows\System\IWWciop.exe
  C:\Windows\System\IWWciop.exe
  2⤵
  PID:7884
- C:\Windows\System\WJcwQqP.exe
  C:\Windows\System\WJcwQqP.exe
  2⤵
  PID:7900
- C:\Windows\System\BeqioUF.exe
  C:\Windows\System\BeqioUF.exe
  2⤵
  PID:7916
- C:\Windows\System\hIMolkY.exe
  C:\Windows\System\hIMolkY.exe
  2⤵
  PID:7932
- C:\Windows\System\RArsFfA.exe
  C:\Windows\System\RArsFfA.exe
  2⤵
  PID:7952
- C:\Windows\System\sRgEgpG.exe
  C:\Windows\System\sRgEgpG.exe
  2⤵
  PID:7972
- C:\Windows\System\eicyqlr.exe
  C:\Windows\System\eicyqlr.exe
  2⤵
  PID:7988
- C:\Windows\System\wsELlMC.exe
  C:\Windows\System\wsELlMC.exe
  2⤵
  PID:8004
- C:\Windows\System\DNmOHIn.exe
  C:\Windows\System\DNmOHIn.exe
  2⤵
  PID:8020
- C:\Windows\System\Vbkwlwh.exe
  C:\Windows\System\Vbkwlwh.exe
  2⤵
  PID:8036
- C:\Windows\System\uPdPpDT.exe
  C:\Windows\System\uPdPpDT.exe
  2⤵
  PID:8052
- C:\Windows\System\lzgcHlQ.exe
  C:\Windows\System\lzgcHlQ.exe
  2⤵
  PID:8068
- C:\Windows\System\AAziHRL.exe
  C:\Windows\System\AAziHRL.exe
  2⤵
  PID:8084
- C:\Windows\System\rTyrEuv.exe
  C:\Windows\System\rTyrEuv.exe
  2⤵
  PID:8104
- C:\Windows\System\BdDBQch.exe
  C:\Windows\System\BdDBQch.exe
  2⤵
  PID:8120
- C:\Windows\System\ZqzdvQV.exe
  C:\Windows\System\ZqzdvQV.exe
  2⤵
  PID:8136
- C:\Windows\System\AAUQLIu.exe
  C:\Windows\System\AAUQLIu.exe
  2⤵
  PID:8152
- C:\Windows\System\LbQBqnS.exe
  C:\Windows\System\LbQBqnS.exe
  2⤵
  PID:8172
- C:\Windows\System\szAYXpW.exe
  C:\Windows\System\szAYXpW.exe
  2⤵
  PID:8188
- C:\Windows\System\jWFwMWo.exe
  C:\Windows\System\jWFwMWo.exe
  2⤵
  PID:6968
- C:\Windows\System\mAtKVyZ.exe
  C:\Windows\System\mAtKVyZ.exe
  2⤵
  PID:7224
- C:\Windows\System\RRALsEf.exe
  C:\Windows\System\RRALsEf.exe
  2⤵
  PID:7228
- C:\Windows\System\UJgGuPy.exe
  C:\Windows\System\UJgGuPy.exe
  2⤵
  PID:7288
- C:\Windows\System\gFtrwHe.exe
  C:\Windows\System\gFtrwHe.exe
  2⤵
  PID:6552
- C:\Windows\System\YYMVLPb.exe
  C:\Windows\System\YYMVLPb.exe
  2⤵
  PID:7128
- C:\Windows\System\tSzYmvp.exe
  C:\Windows\System\tSzYmvp.exe
  2⤵
  PID:7240
- C:\Windows\System\QHFrGxQ.exe
  C:\Windows\System\QHFrGxQ.exe
  2⤵
  PID:7176
- C:\Windows\System\lcGwYyd.exe
  C:\Windows\System\lcGwYyd.exe
  2⤵
  PID:7352
- C:\Windows\System\gZZVNbg.exe
  C:\Windows\System\gZZVNbg.exe
  2⤵
  PID:7304
- C:\Windows\System\xWzWfbM.exe
  C:\Windows\System\xWzWfbM.exe
  2⤵
  PID:7420
- C:\Windows\System\NMowvCq.exe
  C:\Windows\System\NMowvCq.exe
  2⤵
  PID:7372
- C:\Windows\System\GLRaWAQ.exe
  C:\Windows\System\GLRaWAQ.exe
  2⤵
  PID:7512
- C:\Windows\System\gizcmSI.exe
  C:\Windows\System\gizcmSI.exe
  2⤵
  PID:7548
- C:\Windows\System\bwDpYUl.exe
  C:\Windows\System\bwDpYUl.exe
  2⤵
  PID:7464
- C:\Windows\System\XVjfJUG.exe
  C:\Windows\System\XVjfJUG.exe
  2⤵
  PID:7608
- C:\Windows\System\fyRovcc.exe
  C:\Windows\System\fyRovcc.exe
  2⤵
  PID:7564
- C:\Windows\System\ZULhuUQ.exe
  C:\Windows\System\ZULhuUQ.exe
  2⤵
  PID:7624
- C:\Windows\System\zNsAZHu.exe
  C:\Windows\System\zNsAZHu.exe
  2⤵
  PID:7628
- C:\Windows\System\WyHvkZq.exe
  C:\Windows\System\WyHvkZq.exe
  2⤵
  PID:7776
- C:\Windows\System\LinRrSQ.exe
  C:\Windows\System\LinRrSQ.exe
  2⤵
  PID:7744
- C:\Windows\System\Spyzyaf.exe
  C:\Windows\System\Spyzyaf.exe
  2⤵
  PID:7700
- C:\Windows\System\MMHdkOT.exe
  C:\Windows\System\MMHdkOT.exe
  2⤵
  PID:7728
- C:\Windows\System\Laiytce.exe
  C:\Windows\System\Laiytce.exe
  2⤵
  PID:7908
- C:\Windows\System\heesahZ.exe
  C:\Windows\System\heesahZ.exe
  2⤵
  PID:7940
- C:\Windows\System\THgXqtT.exe
  C:\Windows\System\THgXqtT.exe
  2⤵
  PID:7860
- C:\Windows\System\qVyBick.exe
  C:\Windows\System\qVyBick.exe
  2⤵
  PID:7928
- C:\Windows\System\CpvLUia.exe
  C:\Windows\System\CpvLUia.exe
  2⤵
  PID:7964
- C:\Windows\System\XmFykZp.exe
  C:\Windows\System\XmFykZp.exe
  2⤵
  PID:8016
- C:\Windows\System\jTfYXsm.exe
  C:\Windows\System\jTfYXsm.exe
  2⤵
  PID:8116
- C:\Windows\System\DfSTUFa.exe
  C:\Windows\System\DfSTUFa.exe
  2⤵
  PID:8000
- C:\Windows\System\tjvzwhE.exe
  C:\Windows\System\tjvzwhE.exe
  2⤵
  PID:8064
- C:\Windows\System\LUUykaH.exe
  C:\Windows\System\LUUykaH.exe
  2⤵
  PID:8092
- C:\Windows\System\rxEucWK.exe
  C:\Windows\System\rxEucWK.exe
  2⤵
  PID:8184
- C:\Windows\System\YpvUtss.exe
  C:\Windows\System\YpvUtss.exe
  2⤵
  PID:7052
- C:\Windows\System\nifIHjK.exe
  C:\Windows\System\nifIHjK.exe
  2⤵
  PID:5748
- C:\Windows\System\dXtFGUb.exe
  C:\Windows\System\dXtFGUb.exe
  2⤵
  PID:7368
- C:\Windows\System\vLwqrGx.exe
  C:\Windows\System\vLwqrGx.exe
  2⤵
  PID:7496
- C:\Windows\System\ODuYLdB.exe
  C:\Windows\System\ODuYLdB.exe
  2⤵
  PID:6196
- C:\Windows\System\kxziWgz.exe
  C:\Windows\System\kxziWgz.exe
  2⤵
  PID:7416
- C:\Windows\System\CUgiQfg.exe
  C:\Windows\System\CUgiQfg.exe
  2⤵
  PID:7596
- C:\Windows\System\IlJYkEF.exe
  C:\Windows\System\IlJYkEF.exe
  2⤵
  PID:7436
- C:\Windows\System\fwMBcxx.exe
  C:\Windows\System\fwMBcxx.exe
  2⤵
  PID:7480
- C:\Windows\System\mBNDABg.exe
  C:\Windows\System\mBNDABg.exe
  2⤵
  PID:7680
- C:\Windows\System\xeqJTER.exe
  C:\Windows\System\xeqJTER.exe
  2⤵
  PID:7764
- C:\Windows\System\dDcCwXQ.exe
  C:\Windows\System\dDcCwXQ.exe
  2⤵
  PID:7732
- C:\Windows\System\LHGptHk.exe
  C:\Windows\System\LHGptHk.exe
  2⤵
  PID:7828
- C:\Windows\System\vCJUKlu.exe
  C:\Windows\System\vCJUKlu.exe
  2⤵
  PID:7856
- C:\Windows\System\gvDhXOZ.exe
  C:\Windows\System\gvDhXOZ.exe
  2⤵
  PID:8012
- C:\Windows\System\OsogKqB.exe
  C:\Windows\System\OsogKqB.exe
  2⤵
  PID:8076
- C:\Windows\System\fmbfHkT.exe
  C:\Windows\System\fmbfHkT.exe
  2⤵
  PID:8032
- C:\Windows\System\QlkScsp.exe
  C:\Windows\System\QlkScsp.exe
  2⤵
  PID:7152
- C:\Windows\System\GzWZXyT.exe
  C:\Windows\System\GzWZXyT.exe
  2⤵
  PID:6264
- C:\Windows\System\Aytreei.exe
  C:\Windows\System\Aytreei.exe
  2⤵
  PID:7340
- C:\Windows\System\InMhVfn.exe
  C:\Windows\System\InMhVfn.exe
  2⤵
  PID:7716
- C:\Windows\System\yZgqltS.exe
  C:\Windows\System\yZgqltS.exe
  2⤵
  PID:7640
- C:\Windows\System\SeXHDhz.exe
  C:\Windows\System\SeXHDhz.exe
  2⤵
  PID:7760
- C:\Windows\System\XQBWxfI.exe
  C:\Windows\System\XQBWxfI.exe
  2⤵
  PID:1660
- C:\Windows\System\ksqmDba.exe
  C:\Windows\System\ksqmDba.exe
  2⤵
  PID:7896
- C:\Windows\System\NFoXvby.exe
  C:\Windows\System\NFoXvby.exe
  2⤵
  PID:7528
- C:\Windows\System\ULSbQfZ.exe
  C:\Windows\System\ULSbQfZ.exe
  2⤵
  PID:8132
- C:\Windows\System\tRZxSuR.exe
  C:\Windows\System\tRZxSuR.exe
  2⤵
  PID:6260
- C:\Windows\System\mNoFmkZ.exe
  C:\Windows\System\mNoFmkZ.exe
  2⤵
  PID:7668
- C:\Windows\System\BTNEpYK.exe
  C:\Windows\System\BTNEpYK.exe
  2⤵
  PID:8196
- C:\Windows\System\jvBJYwZ.exe
  C:\Windows\System\jvBJYwZ.exe
  2⤵
  PID:8212
- C:\Windows\System\Avaqeqy.exe
  C:\Windows\System\Avaqeqy.exe
  2⤵
  PID:8228
- C:\Windows\System\RpQXWvd.exe
  C:\Windows\System\RpQXWvd.exe
  2⤵
  PID:8244
- C:\Windows\System\tNtFnEa.exe
  C:\Windows\System\tNtFnEa.exe
  2⤵
  PID:8260
- C:\Windows\System\dBytiVj.exe
  C:\Windows\System\dBytiVj.exe
  2⤵
  PID:8276
- C:\Windows\System\YYpXGDx.exe
  C:\Windows\System\YYpXGDx.exe
  2⤵
  PID:8292
- C:\Windows\System\vvCNZTJ.exe
  C:\Windows\System\vvCNZTJ.exe
  2⤵
  PID:8308
- C:\Windows\System\VJTdTSn.exe
  C:\Windows\System\VJTdTSn.exe
  2⤵
  PID:8324
- C:\Windows\System\WvkGwNr.exe
  C:\Windows\System\WvkGwNr.exe
  2⤵
  PID:8340
- C:\Windows\System\GamtztM.exe
  C:\Windows\System\GamtztM.exe
  2⤵
  PID:8356
- C:\Windows\System\FTMWBiS.exe
  C:\Windows\System\FTMWBiS.exe
  2⤵
  PID:8372
- C:\Windows\System\AeTqlVS.exe
  C:\Windows\System\AeTqlVS.exe
  2⤵
  PID:8388
- C:\Windows\System\FRKvlun.exe
  C:\Windows\System\FRKvlun.exe
  2⤵
  PID:8404
- C:\Windows\System\TuRBgld.exe
  C:\Windows\System\TuRBgld.exe
  2⤵
  PID:8420
- C:\Windows\System\TByfoKw.exe
  C:\Windows\System\TByfoKw.exe
  2⤵
  PID:8436
- C:\Windows\System\dOEHgXv.exe
  C:\Windows\System\dOEHgXv.exe
  2⤵
  PID:8452
- C:\Windows\System\SLrKSgE.exe
  C:\Windows\System\SLrKSgE.exe
  2⤵
  PID:8468
- C:\Windows\System\hfSQDzT.exe
  C:\Windows\System\hfSQDzT.exe
  2⤵
  PID:8488
- C:\Windows\System\LEDOHMU.exe
  C:\Windows\System\LEDOHMU.exe
  2⤵
  PID:8504
- C:\Windows\System\AElDdwW.exe
  C:\Windows\System\AElDdwW.exe
  2⤵
  PID:8520
- C:\Windows\System\CvwaHHS.exe
  C:\Windows\System\CvwaHHS.exe
  2⤵
  PID:8536
- C:\Windows\System\WqAJaFV.exe
  C:\Windows\System\WqAJaFV.exe
  2⤵
  PID:8552
- C:\Windows\System\EmyhFMk.exe
  C:\Windows\System\EmyhFMk.exe
  2⤵
  PID:8568
- C:\Windows\System\xTxYBly.exe
  C:\Windows\System\xTxYBly.exe
  2⤵
  PID:8584
- C:\Windows\System\sTNeNBt.exe
  C:\Windows\System\sTNeNBt.exe
  2⤵
  PID:8600
- C:\Windows\System\PselSxc.exe
  C:\Windows\System\PselSxc.exe
  2⤵
  PID:8616
- C:\Windows\System\jWXgCDy.exe
  C:\Windows\System\jWXgCDy.exe
  2⤵
  PID:8632
- C:\Windows\System\qmKjwbz.exe
  C:\Windows\System\qmKjwbz.exe
  2⤵
  PID:8648
- C:\Windows\System\duGcgtN.exe
  C:\Windows\System\duGcgtN.exe
  2⤵
  PID:8664
- C:\Windows\System\aTtUxKK.exe
  C:\Windows\System\aTtUxKK.exe
  2⤵
  PID:8680
- C:\Windows\System\hZUMQaM.exe
  C:\Windows\System\hZUMQaM.exe
  2⤵
  PID:8696
- C:\Windows\System\dUnQaKr.exe
  C:\Windows\System\dUnQaKr.exe
  2⤵
  PID:8712
- C:\Windows\System\DWiEwtP.exe
  C:\Windows\System\DWiEwtP.exe
  2⤵
  PID:8728
- C:\Windows\System\gnjGQjG.exe
  C:\Windows\System\gnjGQjG.exe
  2⤵
  PID:8744
- C:\Windows\System\mzckKHk.exe
  C:\Windows\System\mzckKHk.exe
  2⤵
  PID:8760
- C:\Windows\System\PuCbPal.exe
  C:\Windows\System\PuCbPal.exe
  2⤵
  PID:8776
- C:\Windows\System\HdJNqFo.exe
  C:\Windows\System\HdJNqFo.exe
  2⤵
  PID:8792
- C:\Windows\System\vLQlWYn.exe
  C:\Windows\System\vLQlWYn.exe
  2⤵
  PID:8808
- C:\Windows\System\BuILACG.exe
  C:\Windows\System\BuILACG.exe
  2⤵
  PID:8824
- C:\Windows\System\mOGLFsj.exe
  C:\Windows\System\mOGLFsj.exe
  2⤵
  PID:8840
- C:\Windows\System\FhDXoNn.exe
  C:\Windows\System\FhDXoNn.exe
  2⤵
  PID:8856
- C:\Windows\System\OQhyUQd.exe
  C:\Windows\System\OQhyUQd.exe
  2⤵
  PID:8872
- C:\Windows\System\DNbCmua.exe
  C:\Windows\System\DNbCmua.exe
  2⤵
  PID:8888
- C:\Windows\System\uFMfMPQ.exe
  C:\Windows\System\uFMfMPQ.exe
  2⤵
  PID:8904
- C:\Windows\System\qAceSrG.exe
  C:\Windows\System\qAceSrG.exe
  2⤵
  PID:8920
- C:\Windows\System\hCObdCm.exe
  C:\Windows\System\hCObdCm.exe
  2⤵
  PID:8936
- C:\Windows\System\NXrvSWG.exe
  C:\Windows\System\NXrvSWG.exe
  2⤵
  PID:8952
- C:\Windows\System\pMwRJOd.exe
  C:\Windows\System\pMwRJOd.exe
  2⤵
  PID:8968
- C:\Windows\System\KgsRPrQ.exe
  C:\Windows\System\KgsRPrQ.exe
  2⤵
  PID:8984
- C:\Windows\System\dPNzVmD.exe
  C:\Windows\System\dPNzVmD.exe
  2⤵
  PID:9000
- C:\Windows\System\JcTNQFd.exe
  C:\Windows\System\JcTNQFd.exe
  2⤵
  PID:9016
- C:\Windows\System\Vkmvtvc.exe
  C:\Windows\System\Vkmvtvc.exe
  2⤵
  PID:9032
- C:\Windows\System\yhOAtpR.exe
  C:\Windows\System\yhOAtpR.exe
  2⤵
  PID:9048
- C:\Windows\System\djVZGvU.exe
  C:\Windows\System\djVZGvU.exe
  2⤵
  PID:9064
- C:\Windows\System\dhqDvTo.exe
  C:\Windows\System\dhqDvTo.exe
  2⤵
  PID:9080
- C:\Windows\System\igkDzDg.exe
  C:\Windows\System\igkDzDg.exe
  2⤵
  PID:9096
- C:\Windows\System\yRrpZZI.exe
  C:\Windows\System\yRrpZZI.exe
  2⤵
  PID:9112
- C:\Windows\System\TPSWndd.exe
  C:\Windows\System\TPSWndd.exe
  2⤵
  PID:9128
- C:\Windows\System\ZCWDrEz.exe
  C:\Windows\System\ZCWDrEz.exe
  2⤵
  PID:9144
- C:\Windows\System\SNnVZLb.exe
  C:\Windows\System\SNnVZLb.exe
  2⤵
  PID:9160
- C:\Windows\System\GXkGUTr.exe
  C:\Windows\System\GXkGUTr.exe
  2⤵
  PID:9176
- C:\Windows\System\ZcuEvvP.exe
  C:\Windows\System\ZcuEvvP.exe
  2⤵
  PID:9192
- C:\Windows\System\zyCCFuq.exe
  C:\Windows\System\zyCCFuq.exe
  2⤵
  PID:9208
- C:\Windows\System\mFXCkDs.exe
  C:\Windows\System\mFXCkDs.exe
  2⤵
  PID:7592
- C:\Windows\System\eFeAJdV.exe
  C:\Windows\System\eFeAJdV.exe
  2⤵
  PID:8128
- C:\Windows\System\XFuarkw.exe
  C:\Windows\System\XFuarkw.exe
  2⤵
  PID:7336
- C:\Windows\System\RNZhadN.exe
  C:\Windows\System\RNZhadN.exe
  2⤵
  PID:8220
- C:\Windows\System\ckhxPbj.exe
  C:\Windows\System\ckhxPbj.exe
  2⤵
  PID:8284
- C:\Windows\System\kRpcYEv.exe
  C:\Windows\System\kRpcYEv.exe
  2⤵
  PID:8384
- C:\Windows\System\QNEXuCi.exe
  C:\Windows\System\QNEXuCi.exe
  2⤵
  PID:8348
- C:\Windows\System\zczfgLO.exe
  C:\Windows\System\zczfgLO.exe
  2⤵
  PID:8416
- C:\Windows\System\BhZVBeI.exe
  C:\Windows\System\BhZVBeI.exe
  2⤵
  PID:8364
- C:\Windows\System\uzTuTLz.exe
  C:\Windows\System\uzTuTLz.exe
  2⤵
  PID:8396
- C:\Windows\System\ZXqlsYQ.exe
  C:\Windows\System\ZXqlsYQ.exe
  2⤵
  PID:8368
- C:\Windows\System\VIuhIAi.exe
  C:\Windows\System\VIuhIAi.exe
  2⤵
  PID:8496
- C:\Windows\System\ELIRIGy.exe
  C:\Windows\System\ELIRIGy.exe
  2⤵
  PID:8516
- C:\Windows\System\dmqwkCD.exe
  C:\Windows\System\dmqwkCD.exe
  2⤵
  PID:8548
- C:\Windows\System\RvIUbzM.exe
  C:\Windows\System\RvIUbzM.exe
  2⤵
  PID:8612
- C:\Windows\System\NNEJZZZ.exe
  C:\Windows\System\NNEJZZZ.exe
  2⤵
  PID:8592
- C:\Windows\System\LJKgxFm.exe
  C:\Windows\System\LJKgxFm.exe
  2⤵
  PID:8676
- C:\Windows\System\IUaLTLP.exe
  C:\Windows\System\IUaLTLP.exe
  2⤵
  PID:8656
- C:\Windows\System\fekvKHs.exe
  C:\Windows\System\fekvKHs.exe
  2⤵
  PID:8692
- C:\Windows\System\TlLrHxA.exe
  C:\Windows\System\TlLrHxA.exe
  2⤵
  PID:8772
- C:\Windows\System\DiwoKgj.exe
  C:\Windows\System\DiwoKgj.exe
  2⤵
  PID:8804
- C:\Windows\System\uWEnXsc.exe
  C:\Windows\System\uWEnXsc.exe
  2⤵
  PID:8752
- C:\Windows\System\XBuRbAv.exe
  C:\Windows\System\XBuRbAv.exe
  2⤵
  PID:8816
- C:\Windows\System\hCQopqP.exe
  C:\Windows\System\hCQopqP.exe
  2⤵
  PID:8880
- C:\Windows\System\bhtASOB.exe
  C:\Windows\System\bhtASOB.exe
  2⤵
  PID:8900
- C:\Windows\System\CpVLugn.exe
  C:\Windows\System\CpVLugn.exe
  2⤵
  PID:8912
- C:\Windows\System\UMmbxTK.exe
  C:\Windows\System\UMmbxTK.exe
  2⤵
  PID:8964
- C:\Windows\System\MhBCqBX.exe
  C:\Windows\System\MhBCqBX.exe
  2⤵
  PID:9056
- C:\Windows\System\xvBjReN.exe
  C:\Windows\System\xvBjReN.exe
  2⤵
  PID:9092
- C:\Windows\System\WepvkWo.exe
  C:\Windows\System\WepvkWo.exe
  2⤵
  PID:9156
- C:\Windows\System\QEGSwiF.exe
  C:\Windows\System\QEGSwiF.exe
  2⤵
  PID:9120
- C:\Windows\System\lSztPBa.exe
  C:\Windows\System\lSztPBa.exe
  2⤵
  PID:9188
- C:\Windows\System\GObriWN.exe
  C:\Windows\System\GObriWN.exe
  2⤵
  PID:7684
- C:\Windows\System\mwJsKjr.exe
  C:\Windows\System\mwJsKjr.exe
  2⤵
  PID:9104
- C:\Windows\System\atsuZVe.exe
  C:\Windows\System\atsuZVe.exe
  2⤵
  PID:8316
- C:\Windows\System\HrtFgkS.exe
  C:\Windows\System\HrtFgkS.exe
  2⤵
  PID:9172
- C:\Windows\System\wobKHJc.exe
  C:\Windows\System\wobKHJc.exe
  2⤵
  PID:9008
- C:\Windows\System\fCrOpHZ.exe
  C:\Windows\System\fCrOpHZ.exe
  2⤵
  PID:8332
- C:\Windows\System\uxlzjQL.exe
  C:\Windows\System\uxlzjQL.exe
  2⤵
  PID:8412
- C:\Windows\System\uERLZNX.exe
  C:\Windows\System\uERLZNX.exe
  2⤵
  PID:8544
- C:\Windows\System\wVlSfMa.exe
  C:\Windows\System\wVlSfMa.exe
  2⤵
  PID:8608
- C:\Windows\System\LweehXh.exe
  C:\Windows\System\LweehXh.exe
  2⤵
  PID:7320
- C:\Windows\System\fKRwvyS.exe
  C:\Windows\System\fKRwvyS.exe
  2⤵
  PID:8660
- C:\Windows\System\LnEGWBZ.exe
  C:\Windows\System\LnEGWBZ.exe
  2⤵
  PID:8688
- C:\Windows\System\jUlLYSh.exe
  C:\Windows\System\jUlLYSh.exe
  2⤵
  PID:8832
- C:\Windows\System\VcdLNLc.exe
  C:\Windows\System\VcdLNLc.exe
  2⤵
  PID:8916
- C:\Windows\System\RRxtHHL.exe
  C:\Windows\System\RRxtHHL.exe
  2⤵
  PID:8996
- C:\Windows\System\yzuaumJ.exe
  C:\Windows\System\yzuaumJ.exe
  2⤵
  PID:7084
- C:\Windows\System\uIVISuH.exe
  C:\Windows\System\uIVISuH.exe
  2⤵
  PID:8204
- C:\Windows\System\QKZKlLS.exe
  C:\Windows\System\QKZKlLS.exe
  2⤵
  PID:8852
- C:\Windows\System\GhnudTJ.exe
  C:\Windows\System\GhnudTJ.exe
  2⤵
  PID:9200
- C:\Windows\System\XEndvpf.exe
  C:\Windows\System\XEndvpf.exe
  2⤵
  PID:7324
- C:\Windows\System\HxLPGkX.exe
  C:\Windows\System\HxLPGkX.exe
  2⤵
  PID:8932
- C:\Windows\System\LSdLGxL.exe
  C:\Windows\System\LSdLGxL.exe
  2⤵
  PID:8848
- C:\Windows\System\ZWmaFsh.exe
  C:\Windows\System\ZWmaFsh.exe
  2⤵
  PID:8580
- C:\Windows\System\rrjgylD.exe
  C:\Windows\System\rrjgylD.exe
  2⤵
  PID:8484
- C:\Windows\System\ShgWfTE.exe
  C:\Windows\System\ShgWfTE.exe
  2⤵
  PID:8720
- C:\Windows\System\WWPskrv.exe
  C:\Windows\System\WWPskrv.exe
  2⤵
  PID:8836
- C:\Windows\System\ZIumEZv.exe
  C:\Windows\System\ZIumEZv.exe
  2⤵
  PID:9232
- C:\Windows\System\pOeCpnL.exe
  C:\Windows\System\pOeCpnL.exe
  2⤵
  PID:9248
- C:\Windows\System\hXEQvAt.exe
  C:\Windows\System\hXEQvAt.exe
  2⤵
  PID:9268
- C:\Windows\System\BeZoHNB.exe
  C:\Windows\System\BeZoHNB.exe
  2⤵
  PID:9284
- C:\Windows\System\ZfVhJvb.exe
  C:\Windows\System\ZfVhJvb.exe
  2⤵
  PID:9300
- C:\Windows\System\WbLwQFW.exe
  C:\Windows\System\WbLwQFW.exe
  2⤵
  PID:9316
- C:\Windows\System\GraHxwd.exe
  C:\Windows\System\GraHxwd.exe
  2⤵
  PID:9332
- C:\Windows\System\ZADyEpA.exe
  C:\Windows\System\ZADyEpA.exe
  2⤵
  PID:9348
- C:\Windows\System\kqwynen.exe
  C:\Windows\System\kqwynen.exe
  2⤵
  PID:9364
- C:\Windows\System\VzWyXyp.exe
  C:\Windows\System\VzWyXyp.exe
  2⤵
  PID:9380
- C:\Windows\System\YqUkXHg.exe
  C:\Windows\System\YqUkXHg.exe
  2⤵
  PID:9396
- C:\Windows\System\JMTzVYV.exe
  C:\Windows\System\JMTzVYV.exe
  2⤵
  PID:9412
- C:\Windows\System\bzbisIx.exe
  C:\Windows\System\bzbisIx.exe
  2⤵
  PID:9428
- C:\Windows\System\VveQeto.exe
  C:\Windows\System\VveQeto.exe
  2⤵
  PID:9444
- C:\Windows\System\oCcGdlw.exe
  C:\Windows\System\oCcGdlw.exe
  2⤵
  PID:9460
- C:\Windows\System\aEvcqgu.exe
  C:\Windows\System\aEvcqgu.exe
  2⤵
  PID:9476
- C:\Windows\System\veRFJYN.exe
  C:\Windows\System\veRFJYN.exe
  2⤵
  PID:9492
- C:\Windows\System\wPdddph.exe
  C:\Windows\System\wPdddph.exe
  2⤵
  PID:9508
- C:\Windows\System\bARHafr.exe
  C:\Windows\System\bARHafr.exe
  2⤵
  PID:9524
- C:\Windows\System\OeVJrLX.exe
  C:\Windows\System\OeVJrLX.exe
  2⤵
  PID:9540
- C:\Windows\System\jtjuEAu.exe
  C:\Windows\System\jtjuEAu.exe
  2⤵
  PID:9556
- C:\Windows\System\MNtMhSq.exe
  C:\Windows\System\MNtMhSq.exe
  2⤵
  PID:9616
- C:\Windows\System\EkkwfTr.exe
  C:\Windows\System\EkkwfTr.exe
  2⤵
  PID:9708
- C:\Windows\System\OuNapIw.exe
  C:\Windows\System\OuNapIw.exe
  2⤵
  PID:9724
- C:\Windows\System\qEkzmlE.exe
  C:\Windows\System\qEkzmlE.exe
  2⤵
  PID:9744
- C:\Windows\System\bLHiAVz.exe
  C:\Windows\System\bLHiAVz.exe
  2⤵
  PID:9760
- C:\Windows\System\MHjkvig.exe
  C:\Windows\System\MHjkvig.exe
  2⤵
  PID:9776
- C:\Windows\System\UNToyzq.exe
  C:\Windows\System\UNToyzq.exe
  2⤵
  PID:9792
- C:\Windows\System\PolfPmn.exe
  C:\Windows\System\PolfPmn.exe
  2⤵
  PID:9808
- C:\Windows\System\ohcHJWh.exe
  C:\Windows\System\ohcHJWh.exe
  2⤵
  PID:9824
- C:\Windows\System\IchSsWz.exe
  C:\Windows\System\IchSsWz.exe
  2⤵
  PID:9840
- C:\Windows\System\fsqRQic.exe
  C:\Windows\System\fsqRQic.exe
  2⤵
  PID:9856
- C:\Windows\System\ycaCcxc.exe
  C:\Windows\System\ycaCcxc.exe
  2⤵
  PID:9872
- C:\Windows\System\MRYuRWO.exe
  C:\Windows\System\MRYuRWO.exe
  2⤵
  PID:9888
- C:\Windows\System\IEiAteX.exe
  C:\Windows\System\IEiAteX.exe
  2⤵
  PID:9904
- C:\Windows\System\gFnNnwt.exe
  C:\Windows\System\gFnNnwt.exe
  2⤵
  PID:9920
- C:\Windows\System\piVqmav.exe
  C:\Windows\System\piVqmav.exe
  2⤵
  PID:9936
- C:\Windows\System\mGSiCFy.exe
  C:\Windows\System\mGSiCFy.exe
  2⤵
  PID:9952
- C:\Windows\System\GhcJjVV.exe
  C:\Windows\System\GhcJjVV.exe
  2⤵
  PID:9968
- C:\Windows\System\RkUymFF.exe
  C:\Windows\System\RkUymFF.exe
  2⤵
  PID:9984
- C:\Windows\System\NNHLxnX.exe
  C:\Windows\System\NNHLxnX.exe
  2⤵
  PID:10000
- C:\Windows\System\tjOgsJW.exe
  C:\Windows\System\tjOgsJW.exe
  2⤵
  PID:10016
- C:\Windows\System\jKstXWw.exe
  C:\Windows\System\jKstXWw.exe
  2⤵
  PID:10032
- C:\Windows\System\wWErMtT.exe
  C:\Windows\System\wWErMtT.exe
  2⤵
  PID:10048
- C:\Windows\System\NvumOUV.exe
  C:\Windows\System\NvumOUV.exe
  2⤵
  PID:10064
- C:\Windows\System\QRAqRqp.exe
  C:\Windows\System\QRAqRqp.exe
  2⤵
  PID:10080
- C:\Windows\System\FUMvyOj.exe
  C:\Windows\System\FUMvyOj.exe
  2⤵
  PID:10096
- C:\Windows\System\ALugXTO.exe
  C:\Windows\System\ALugXTO.exe
  2⤵
  PID:10112
- C:\Windows\System\RbqCydD.exe
  C:\Windows\System\RbqCydD.exe
  2⤵
  PID:10128
- C:\Windows\System\OflrsEk.exe
  C:\Windows\System\OflrsEk.exe
  2⤵
  PID:10144
- C:\Windows\System\jCEQMuS.exe
  C:\Windows\System\jCEQMuS.exe
  2⤵
  PID:10160
- C:\Windows\System\FoVZTZL.exe
  C:\Windows\System\FoVZTZL.exe
  2⤵
  PID:10176
- C:\Windows\System\dmFSOIe.exe
  C:\Windows\System\dmFSOIe.exe
  2⤵
  PID:10192
- C:\Windows\System\LOMsSzY.exe
  C:\Windows\System\LOMsSzY.exe
  2⤵
  PID:10208
- C:\Windows\System\bINtVEo.exe
  C:\Windows\System\bINtVEo.exe
  2⤵
  PID:10228
- C:\Windows\System\iNOmMGX.exe
  C:\Windows\System\iNOmMGX.exe
  2⤵
  PID:7208
- C:\Windows\System\gmZawxh.exe
  C:\Windows\System\gmZawxh.exe
  2⤵
  PID:9072
- C:\Windows\System\kksLfYb.exe
  C:\Windows\System\kksLfYb.exe
  2⤵
  PID:9244
- C:\Windows\System\bifrWWz.exe
  C:\Windows\System\bifrWWz.exe
  2⤵
  PID:8300
- C:\Windows\System\SWbuLqW.exe
  C:\Windows\System\SWbuLqW.exe
  2⤵
  PID:8640
- C:\Windows\System\lOoqpjA.exe
  C:\Windows\System\lOoqpjA.exe
  2⤵
  PID:8896
- C:\Windows\System\nIDSgLa.exe
  C:\Windows\System\nIDSgLa.exe
  2⤵
  PID:9168
- C:\Windows\System\Zecokfr.exe
  C:\Windows\System\Zecokfr.exe
  2⤵
  PID:9256
- C:\Windows\System\aEUuFIh.exe
  C:\Windows\System\aEUuFIh.exe
  2⤵
  PID:9312
- C:\Windows\System\klZutmZ.exe
  C:\Windows\System\klZutmZ.exe
  2⤵
  PID:9372
- C:\Windows\System\dmXTwKq.exe
  C:\Windows\System\dmXTwKq.exe
  2⤵
  PID:9436
- C:\Windows\System\mZZvNCY.exe
  C:\Windows\System\mZZvNCY.exe
  2⤵
  PID:9420
- C:\Windows\System\iBEqPrM.exe
  C:\Windows\System\iBEqPrM.exe
  2⤵
  PID:9484
- C:\Windows\System\NknERbC.exe
  C:\Windows\System\NknERbC.exe
  2⤵
  PID:9536
- C:\Windows\System\KWjdjhA.exe
  C:\Windows\System\KWjdjhA.exe
  2⤵
  PID:9564
- C:\Windows\System\yydpTlI.exe
  C:\Windows\System\yydpTlI.exe
  2⤵
  PID:9552
- C:\Windows\System\gshdwoB.exe
  C:\Windows\System\gshdwoB.exe
  2⤵
  PID:9580
- C:\Windows\System\aydHTZe.exe
  C:\Windows\System\aydHTZe.exe
  2⤵
  PID:9600
- C:\Windows\System\oyIVNyW.exe
  C:\Windows\System\oyIVNyW.exe
  2⤵
  PID:9612
- C:\Windows\System\ecKjqpq.exe
  C:\Windows\System\ecKjqpq.exe
  2⤵
  PID:9632
- C:\Windows\System\PWPveKH.exe
  C:\Windows\System\PWPveKH.exe
  2⤵
  PID:9656
- C:\Windows\System\RCuPflL.exe
  C:\Windows\System\RCuPflL.exe
  2⤵
  PID:9676
- C:\Windows\System\UmxSgka.exe
  C:\Windows\System\UmxSgka.exe
  2⤵
  PID:9692
- C:\Windows\System\jQoSDnO.exe
  C:\Windows\System\jQoSDnO.exe
  2⤵
  PID:9756
- C:\Windows\System\NSndIgM.exe
  C:\Windows\System\NSndIgM.exe
  2⤵
  PID:9688
- C:\Windows\System\aVSquBn.exe
  C:\Windows\System\aVSquBn.exe
  2⤵
  PID:9740
- C:\Windows\System\DPQYMCG.exe
  C:\Windows\System\DPQYMCG.exe
  2⤵
  PID:9848
- C:\Windows\System\PTgiEyZ.exe
  C:\Windows\System\PTgiEyZ.exe
  2⤵
  PID:9880
- C:\Windows\System\dpyjNxE.exe
  C:\Windows\System\dpyjNxE.exe
  2⤵
  PID:9864
- C:\Windows\System\UIDOasu.exe
  C:\Windows\System\UIDOasu.exe
  2⤵
  PID:9944
- C:\Windows\System\xXgSUbP.exe
  C:\Windows\System\xXgSUbP.exe
  2⤵
  PID:10008
- C:\Windows\System\xtgaSrH.exe
  C:\Windows\System\xtgaSrH.exe
  2⤵
  PID:9832
- C:\Windows\System\AGdbllY.exe
  C:\Windows\System\AGdbllY.exe
  2⤵
  PID:9960
- C:\Windows\System\rBuqcwa.exe
  C:\Windows\System\rBuqcwa.exe
  2⤵
  PID:10028
- C:\Windows\System\KGQrQcM.exe
  C:\Windows\System\KGQrQcM.exe
  2⤵
  PID:10044
- C:\Windows\System\ugsErMG.exe
  C:\Windows\System\ugsErMG.exe
  2⤵
  PID:10076
- C:\Windows\System\IbAShzm.exe
  C:\Windows\System\IbAShzm.exe
  2⤵
  PID:10152
- C:\Windows\System\CtFHYji.exe
  C:\Windows\System\CtFHYji.exe
  2⤵
  PID:10172
- C:\Windows\System\lcTrJXF.exe
  C:\Windows\System\lcTrJXF.exe
  2⤵
  PID:9124
- C:\Windows\System\dMKXgdP.exe
  C:\Windows\System\dMKXgdP.exe
  2⤵
  PID:10188
- C:\Windows\System\tpfeMTA.exe
  C:\Windows\System\tpfeMTA.exe
  2⤵
  PID:9024
- C:\Windows\System\vSTIvJW.exe
  C:\Windows\System\vSTIvJW.exe
  2⤵
  PID:8432
- C:\Windows\System\oqYIhuA.exe
  C:\Windows\System\oqYIhuA.exe
  2⤵
  PID:9228
- C:\Windows\System\qzBUkOS.exe
  C:\Windows\System\qzBUkOS.exe
  2⤵
  PID:8740
- C:\Windows\System\PTIbiHu.exe
  C:\Windows\System\PTIbiHu.exe
  2⤵
  PID:9276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CtZfuDY.exe

Filesize
6.0MB

MD5
bce6534ebb514f1b973481ae80f65e6d

SHA1
04fe08c1a0371565963d75f5e1819efbfbdc193f

SHA256
4a91ffcc7a871be38f2522467975735b22a9f89d68ef4f3df334d55ee3c55094

SHA512
5c3fa7cd7a70f490e26e74ef619ec5d1449a12c07ad756361b947c0c76ab93cdeba81268eb45d8d84eca1417724752c293c1dda8049202c76ee12de44015277d

Download Submit
C:\Windows\system\IZPWzuR.exe

Filesize
6.0MB

MD5
5f649fae1bcec0929c29aaad384094ff

SHA1
ecbc688139d4a74685cb650e286400613b4fde36

SHA256
a544cd3bd11938d24c2153b80458e757663806286356fcd11bbc463194db7969

SHA512
71fd77c7df79814c038aa324d55374e987bc29f748af2c8cfa984390def2d9a333cc452bf039defaf86d1ab5b5eb81d0b3218cb90443d6cfdcc50d9fa857be89

Download Submit
C:\Windows\system\IcoJvci.exe

Filesize
6.0MB

MD5
146a0e29eb1a2e7aa4355497281fd414

SHA1
2377eda0d624dea320710fc9ae329383a9be224c

SHA256
4e2944cfb6f59dd46da0504395cc268b9588e6c32022f7fd12289c151d30a4af

SHA512
f6c1978422e6b82c2351573c2939f7f5e1a1857c7698a65e4cdacb31e58f0e845bf99843ffc484293a101e67a8278cc4bb6da89c74b98006f09ed8461ae08a09

Download Submit
C:\Windows\system\KKAoZtK.exe

Filesize
6.0MB

MD5
7a8afe92118c8b7a4703149ea8c5e94c

SHA1
385b33308b78f7f38859053f9a10ea051c3fec18

SHA256
b9fa101e299060cbb257c1d2ab8b85c108173ba30f9285fdd972ce4e45c4c76f

SHA512
e117684a29a8b17266e9e6e1a68376d278ec12dce1223db6d8087b41ae7209434a78331d0f60c7ae489bc7826531d7afd6efbfcc1f6d6cedfa531d37ef20658c

Download Submit
C:\Windows\system\KcgndKV.exe

Filesize
6.0MB

MD5
3d76264f834c2724efeea5ff54edeb13

SHA1
63cf9484c26d3b35da14d7e89a6c07e029c41add

SHA256
45e995e0db71fb77fce998be0c2b41b99239de707e4ec1176fc31f5bbdb6c84c

SHA512
3e66d8e522ee84a3479fb6c74b03b11535e5b0d96d139634ec1bc5c507d21733da062644972d53ec41ccf431f207180df2ac2ce163dcde5e9d1f027e5bd09384

Download Submit
C:\Windows\system\MucEiZB.exe

Filesize
6.0MB

MD5
b1f7bee18e470981f9a65ee1ad0e24be

SHA1
387e19d4e8098f2328cc493d0b04376f18161274

SHA256
992da10e4ce755ebe41e82b4d1b9448dcf210041fee720565279578486f33d4f

SHA512
125eae0b5011a9f83f3231a2a8feefbe9a1e51d6ce8c4ff7418abc91fb2171fbbeaa906da58045e5f996d62799b41a08a71c99b4950779a86b363407eadc00cb

Download Submit
C:\Windows\system\NSoeJrE.exe

Filesize
6.0MB

MD5
e768d34fcb6bdeb7242a54163891debf

SHA1
76f86195ad9344ccaf631389f31b21113e7422c3

SHA256
08009287a40dc2274323b535501db70976fb3ace3b0b3ab651b6770f58d04fc6

SHA512
7f8e67476567a44ebac71e479bb67f97bce9ba287e2b047fa3f0fb96ec3c9f052335a83c188f045a44686be0cf5446a26ef948f6c1f57b63495f57ca34508fdb

Download Submit
C:\Windows\system\OjuJFPy.exe

Filesize
6.0MB

MD5
f3c839ae52d35a1806082e154509ba31

SHA1
660e36ea43f12c5fae9f20a86f1fd31ab8bfb3af

SHA256
70d04c15209523f4742cede87552e0272e9b04cd67cfae6ee899121c83ffb8a2

SHA512
835af802b2f556e137ef486f49c018e2fb732a7d1827c8232ca2686f18a00e971d2d0bbc1825059cff6c5c29bf3a65286c5e8cff35131dfdf07b0271f12597e1

Download Submit
C:\Windows\system\PATgBQO.exe

Filesize
6.0MB

MD5
cb44107b4ba48077ac14f25163aa796c

SHA1
62fde773ec68782ed497036e52315a082367a000

SHA256
9a2c8173c85c637f7144705eb299cb8c49cafa09390eb4ed3e4b2b54f09a4b2f

SHA512
3af3f390727ebdca5bdda35ecbd37a936eabfa1e2fb2cf91b26a451286acf174bb1a971bba22e7023f2ddc4678962891cb0f7646ac41d35ff0d0c2a5c1a7cb9f

Download Submit
C:\Windows\system\QRYTGuw.exe

Filesize
6.0MB

MD5
4fb6b8b68593e7621d6f306615e15a3a

SHA1
3c5312e58cba953ff0a560f3e4e4120b9743e886

SHA256
0ef88ad5ae00f628b896c194d7403966f5214d21ccec8b2ac144d64eca918d9f

SHA512
d96914238752e0ddd931e5dcd18b7938ba7203e43c4e30f6d1402584df256d58e42cd778fe457d8d3d661ad58e7720b2a290b48ca1204dcff76ec84c474f5df4

Download Submit
C:\Windows\system\SAJXVuw.exe

Filesize
6.0MB

MD5
fa410b8fcbb28690456d34d9dfd51859

SHA1
27699bd3980989a030ccd548da0d02cbb9ea1525

SHA256
1958984fbae0aaa59035f8dfa5b4953359a01318d6c8b186bfe8c60c18d97e34

SHA512
803674c288d9f32cc97154ebb6999f20bcd7cacccd3242cef728b8ecf29b44fc22be2c3705affc220b5af8ce799f7f05e061fa5f582d8ea806b3835ebd2bbf84

Download Submit
C:\Windows\system\UVXrsPG.exe

Filesize
6.0MB

MD5
d331957950a4ca99574076ca86503f9a

SHA1
86ad9cc92426ae1ccd80022c8bafc2ad9b588e86

SHA256
afca770c19ea68524211772c2fd210dd3d6b4b852caacbbf83fcfbacf2d11803

SHA512
00a37430970b654933c462baa86b4f49853fc2e983667916fe6e100ce40a824885b7d0d51215c68fac3932b679e96f9f0a52e7d9af28247f6b53887c8cb4a828

Download Submit
C:\Windows\system\VgodvjC.exe

Filesize
6.0MB

MD5
3b83968872b195e6720ce6cf08a01ef4

SHA1
2cc3dd321505e5095aed1c3a8e5b06afe56dc452

SHA256
58a075ce4c96db123cc82abc7224b429d495c61415db6ebd6e7ca37c318f9b1b

SHA512
2ecd1a98b04ee5e4d5c8c895b4a381fdd050e7c78a7b87fb3d04ed05fd31c97f90802eb9e8958060980b4eb5e616d3d1505ee4eb8740d5c83739c4b29998b999

Download Submit
C:\Windows\system\YHSUEzO.exe

Filesize
6.0MB

MD5
c547ac68b5db93b3ab79245742768884

SHA1
82b1099e23d25e958c4ebbbcb0226954bedd96a3

SHA256
c462260083bca8d2afc75c14412b7919a7a19dfe8108f484bef657e8fb5a7245

SHA512
8af48803a9558aa68bf1168e89d6ed9d17baac2cbd744443dda7905eddb3cc3221c26ba5ed974cd4e5983959ff0ba8d715d30ed4344734a2cfdfa9948262030c

Download Submit
C:\Windows\system\buggwte.exe

Filesize
6.0MB

MD5
df1bc853e023ebef4bb44816805123a3

SHA1
3161c6fe42461b580edf877ca5d9e174e0b25bd0

SHA256
423104427e0ecf790b28cd4a17748418234be26d4f581e2c346ffc464795af23

SHA512
a9a2466235b9fc99a38878ab4e9166213d039b729da1c9a3ed456a98c98ebeeee572a8d111b63deb9663e25c37887d72f775710ef4f75ac533c3bafb36b540d8

Download Submit
C:\Windows\system\dDPDySr.exe

Filesize
6.0MB

MD5
473ad5580243a4e3b402e594d6bd9233

SHA1
ae909c636b417cd9965283cb116cb4ad062da095

SHA256
fe0af70a3fd5b4c7ef89c6d80f492d2eded8e3fa16b964cd5867941a4c97ff04

SHA512
3d6a2f1354dc7a14e43563d3cbc584fb8a2ce0216af26b52acb99a5a505b55b7f58350e359f3a82a8d21734813db0596432caa3acf128782ce186a4cb0d848ae

Download Submit
C:\Windows\system\eseDkZN.exe

Filesize
6.0MB

MD5
a914197fc714b34980ee82a8cf576f9d

SHA1
28ad8645c6bb8ab4d771d67801e5ec6a1417d777

SHA256
96ef09c3253c0dfc3361c1ca8addc5c14095567b027d489727a69a652dcc7ec1

SHA512
130d067bbfcd720239d0f5f94a6fe9ce8d6e34be4110b6a74a2a1a404f59236f5ac55ed1e0fcb42eb7d658039b58645a80c3e9769816b768bfe5ec99fbad371a

Download Submit
C:\Windows\system\fmwgLhM.exe

Filesize
6.0MB

MD5
7c3de32ce6f38afb169fd262244bf90f

SHA1
629e04b4f40701612b333e049ab7ecde89a7fb7a

SHA256
44d851c4c5c6ed61465e7910322a15a09ae46a12177ad7f7524c2220f97a51e8

SHA512
52a7f0bd4548e21f59e421ce4d106c3b87987e3d13121b1cfc8c6d627c4f1435125225ca8866701ddb5de66a02ebbb07ab6ac04b6fe73d50a3b6b2059e23de2c

Download Submit
C:\Windows\system\fuVZgjN.exe

Filesize
6.0MB

MD5
564075f51afd80e44e124c726f9a0436

SHA1
a03d4eef772452d60c339ed4e1ecc2d4a788ce10

SHA256
b2c1fcedb3144efddaf4a5263b998f94c06d5b48a25142d8fc65c08988337b50

SHA512
9544c592889bb85b1a8e4e1ade073e4a68777a13da81d3a2133978df36d2503894df9da157194f5510e365c0d8ffdb615ce3a3d80dbcf2edc6fd4512fd96a400

Download Submit
C:\Windows\system\ktDsoOu.exe

Filesize
6.0MB

MD5
5af848e3e3dd3c694d4bd8a4ced2088c

SHA1
b3d08a8340050ba106340343679fd067a8c228dc

SHA256
4a4b4ee3d71ad16b4cfd1a39379571cdb1ccdba65963f5d950d99f5a3aef5dc2

SHA512
d5837afa283bd8dc73d8d0996df4113a0a45c8d0b33427e110932cdb49ad3728b72b5a6fc300e34d803442358b14ab52172186f33c0413566147b7594f7e770a

Download Submit
C:\Windows\system\kwHzruO.exe

Filesize
6.0MB

MD5
d110e46489d3d87e4e4f4338cd977c73

SHA1
541530fe2b815e2654185be90c6cc3d31cabb15a

SHA256
5ca7f30942df2dcce6386aa14affdb0a8b1211da842f9f3ce05a6df703939858

SHA512
72ca75597746bf1bb0ef5d3c8e028b08359be66dabbef004cded2ec40b40ed147d404a7cde9e7141465308b19fbd362941cb8e7cef8007778138077363d7ac3b

Download Submit
C:\Windows\system\lhZVzgh.exe

Filesize
6.0MB

MD5
edda48ff51e13eee784bff4eedbe623c

SHA1
6b4190fea88dedfe64fbf85683e85eed2fc58707

SHA256
f41e01e1edcbf44ead416ef93030ec71a6b96db0b815989c9bbe8dee0852a02c

SHA512
688395423d40294a4dc71b74819b65cdd9d46ce88184237adcf15a3bcac41a586b15bea9e0955675f64718be7c055e51e350cf663a462d462022b913d676260c

Download Submit
C:\Windows\system\peZnBFA.exe

Filesize
6.0MB

MD5
40da9d56757cf87cc519f929fb2a52af

SHA1
28c23716ae17f7ea1acea9b826e3ab7366c06044

SHA256
15d29731bf45a1a9a7921fec8dae027e68017fab9260d1986a607202a4778f90

SHA512
cd1e301474d96046e4911422d1137c39cd2d89b7597656c43ea11f226fc6acc95c59fafbcbc6077a69772a7a68b3e94d807dd171768908f70c5308945f51e98b

Download Submit
C:\Windows\system\rjsFzOb.exe

Filesize
6.0MB

MD5
bbe1bd4126fb399faf10b9856b673d41

SHA1
6f1d849968e2f8815f5ee969126259a930cc57f6

SHA256
c9a37fc679d166a56328450420fb729b30d1e7556386c2e43044006dae54197a

SHA512
9de0b0c73736fdfd50e20058a315b6559721745b24d3754d60a49d69ffe78d50e9d0e6e6c6d98444f38371c889cf7b80693d2eaabd220403486c0d337cbb5f24

Download Submit
C:\Windows\system\sDIpIWO.exe

Filesize
6.0MB

MD5
e2a9c77c909cf23b0e6ef72e1f9a1138

SHA1
a84e21fe89529d245bdf371bea4f2d94369d119f

SHA256
375f6b57df936be5caee41917665dfb305922e9c3d8e122b55ded494a02b3def

SHA512
0ffdf6fc2aed31d71b7bfe0e8cf82a81ec7a42d3b1f686d21507e04348a8d2167c891d81ccd3837feaa0cfd27ba2de44cc54287fc424ce59057bd274af7d22cc

Download Submit
C:\Windows\system\tYxBMlk.exe

Filesize
6.0MB

MD5
f58ab438b271b66e05984d99d4450b9d

SHA1
5f0017d5019b1bf0ea29d175eafd0166e0c07784

SHA256
b8dd9bd1f1c0e6911c5d2186925153eca02f14b4412c3bc386fa9fd97f46102a

SHA512
68696e2c6288786a342e8629f1257e548aeaed4cfb85bcf7548bc4b6d50f2393d345ed8f13e3c5ce2ddb503da81cd6c0acabd9d4dad6a0319b656a4744aa8b19

Download Submit
C:\Windows\system\wTmThVz.exe

Filesize
6.0MB

MD5
10344fe9eb44da387183bfb2e3746ce4

SHA1
a1c86d345abd626113f49e6771085321bc8621fa

SHA256
89a6034e4bb7cb5c1b6e0c454fdca24082923b5ac60dba5987a4f8086c90ebb3

SHA512
8563ebeb83f1850114512080bfa25f695fdc7132776f41018b3fc0fbb0aed8931fc923d9758b255164de107561a3030a660dede0569375b43b46e02cc1087a84

Download Submit
C:\Windows\system\yyoyNPh.exe

Filesize
6.0MB

MD5
09987937120f7fb3fe070a43432cd741

SHA1
e302aedd17a2ecacf5aee6d55c5f5694dd2760d5

SHA256
96d158ea9668a471f7748979d657a3c56799fbc047f9d22a425c01c0bd5bdee0

SHA512
674269a0b9040fb044c03fb95525e9af15687942270f87ee83c033a73e1fe61bf831ed8f1f16179f94b7398e09e04bd25c9025e30fb4abd50463f33930d4ce96

Download Submit
\Windows\system\ImsDmXT.exe

Filesize
6.0MB

MD5
195a3e098bd6bb809ee29aca28a9e77e

SHA1
58b40bc79bc765928b471d2ca1e959c349cd3270

SHA256
48419bc3852fbb150db6e951d1278a0c629cf1a61c105f61329d4f1510388450

SHA512
250bdb6c10c22b44aef1932d743abddcbe09e91bf70f9214b464a5fcd3c3ea659bf5681ffadea1c6cafbee29a9068343f45b5d6d9101c8fc62c390cef5567263

Download Submit
\Windows\system\XtjPngX.exe

Filesize
6.0MB

MD5
1bedb9f095fffd3db968101e8ab1e758

SHA1
7686896fc67eb8a6290010379625b8f90f4202c6

SHA256
cc95317ffbff6454c89a2749d1903063784f1dba0f076b94b8fdbc26126f8dd3

SHA512
067e278c256cb8665cbae21125d93d4291cd9df5c0c09e14899f46084b2706b8160dc071129d653ec66bcd67aa031027588abbf3d523eed09699d37bd021e0af

Download Submit
\Windows\system\hAYOTqL.exe

Filesize
6.0MB

MD5
71921373c31a336b9081a8278d6e74e6

SHA1
0d4f80128236a50da8c71a130fabe134247a1044

SHA256
a528ff78b4836dffa4a6889324ddb4760b8dda157ee3301bcef253b609bab0f5

SHA512
0a1016a6bbd797e23bca8da4b1509cb46051be1d2a9739637f699645c6ff5c4356b15d230b17707e7477d935ddb754cd5e25e39d070058612df24d855e5757d7

Download Submit
\Windows\system\mthJnWE.exe

Filesize
6.0MB

MD5
83f40595e0836ae5832d8164b0f09437

SHA1
c48a275471e03afc295ebeca310889beed605f77

SHA256
067fd230e73072fd19a985e1a09919ee52f476d2c20a6d588e13c2590745507a

SHA512
239ee0804f875465c1622376a12795fd4b985cca042d8216046dce5edac4be771f736f0535d2935929df588c33f1dfd8a150c6a790a7960a3dd5a5c38a675313

Download Submit
memory/548-3262-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/548-451-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/1336-3233-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1336-453-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1508-711-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1508-705-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-448-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1508-446-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/1508-452-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-444-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-456-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1508-442-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1508-706-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-440-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/1508-704-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1508-421-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-708-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-709-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-418-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-707-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1508-416-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-710-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-414-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/1508-0-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/1508-412-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-450-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-454-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1508-713-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-722-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1508-715-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1508-716-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-717-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/1508-718-0x000000013F210000-0x000000013F564000-memory.dmp

Filesize
3.3MB

Download
memory/1508-712-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1508-714-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2336-449-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-3270-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3331-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-441-0x000000013F740000-0x000000013FA94000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3258-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2628-443-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2700-415-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3237-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3243-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2736-417-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3261-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-422-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3238-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2792-455-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3244-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2836-413-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3271-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2868-420-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3240-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-419-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-3267-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-445-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/3012-447-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3310-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download