cobaltstrike | bf12adb46d8853f4194a68d082e546d86d768da6ce54232ee3c4dd92fd452666

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/12/2024, 07:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

cff129fddc20a5d636f6e349be3e1b56
SHA1

c156fdba79c4523ed0a273eb08ec2a373912b900
SHA256

bf12adb46d8853f4194a68d082e546d86d768da6ce54232ee3c4dd92fd452666
SHA512

444ec846a748c2abf0a047abecce0cf7b65cc49b425b30104a208299d0b70449c4f752c46e82546ee488ad8127ddb009df39b115952ea233f26ee6e725757c63
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUb:T+q56utgpPF8u/7b

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019259-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019268-12.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001926c-27.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019275-32.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019278-39.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001929a-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950e-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a06a-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0ab-189.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a074-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f58-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f6e-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8c-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cbe-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c87-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c85-136.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0f-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a72-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964b-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c6c-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b0d-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964a-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019642-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c2-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019640-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953e-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019513-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d7-62.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194df-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019319-50.dat	cobalt_reflective_dll
behavioral1/files/0x00340000000191f6-70.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2176-0-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-3.dat	xmrig
behavioral1/files/0x0007000000019259-8.dat	xmrig
behavioral1/files/0x0007000000019268-12.dat	xmrig
behavioral1/files/0x000700000001926c-27.dat	xmrig
behavioral1/files/0x0006000000019275-32.dat	xmrig
behavioral1/memory/2600-36-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0006000000019278-39.dat	xmrig
behavioral1/files/0x000600000001929a-45.dat	xmrig
behavioral1/memory/2744-71-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/memory/2736-75-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001950e-80.dat	xmrig
behavioral1/memory/2880-89-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2868-95-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a06a-179.dat	xmrig
behavioral1/memory/2868-854-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2880-706-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/1492-493-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/1580-391-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/1584-328-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2176-234-0x000000013F600000-0x000000013F954000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0ab-189.dat	xmrig
behavioral1/files/0x000500000001a074-183.dat	xmrig
behavioral1/files/0x0005000000019f58-169.dat	xmrig
behavioral1/files/0x0005000000019f6e-175.dat	xmrig
behavioral1/files/0x0005000000019d8c-164.dat	xmrig
behavioral1/files/0x0005000000019cbe-159.dat	xmrig
behavioral1/files/0x0005000000019c87-154.dat	xmrig
behavioral1/files/0x0005000000019c85-136.dat	xmrig
behavioral1/files/0x0005000000019b0f-127.dat	xmrig
behavioral1/files/0x0005000000019a72-119.dat	xmrig
behavioral1/files/0x000500000001964b-118.dat	xmrig
behavioral1/files/0x0005000000019c6c-131.dat	xmrig
behavioral1/files/0x0005000000019b0d-124.dat	xmrig
behavioral1/files/0x000500000001964a-109.dat	xmrig
behavioral1/files/0x0005000000019642-101.dat	xmrig
behavioral1/files/0x00050000000197c2-113.dat	xmrig
behavioral1/files/0x0005000000019640-100.dat	xmrig
behavioral1/memory/3028-96-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x000500000001953e-93.dat	xmrig
behavioral1/memory/1492-82-0x000000013FF10000-0x0000000140264000-memory.dmp	xmrig
behavioral1/memory/1296-87-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/files/0x0005000000019513-85.dat	xmrig
behavioral1/memory/1580-76-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d7-62.dat	xmrig
behavioral1/files/0x00050000000194df-60.dat	xmrig
behavioral1/memory/2176-53-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/1584-73-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2176-72-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019319-50.dat	xmrig
behavioral1/files/0x00340000000191f6-70.dat	xmrig
behavioral1/memory/3028-59-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2596-49-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/1296-41-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2736-28-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2176-26-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2776-25-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2960-24-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2824-22-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2600-3284-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2776-3286-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2736-3381-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2824-3377-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/1296-3396-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2776	fvXipVu.exe
2824	kqeissI.exe
2960	Fctzknn.exe
2736	XWzIyAl.exe
2600	hxpqvpR.exe
1296	XtrgXCG.exe
2596	JOetAjC.exe
3028	VfVGfGp.exe
2744	URajuLj.exe
1584	DuasifF.exe
1580	nHrkVFR.exe
1492	osweaFR.exe
2880	ycrzWOp.exe
2868	OTdDPuY.exe
2916	hngoGra.exe
668	JMKAgFi.exe
2156	cIBpkiu.exe
2548	UdtCrBj.exe
2816	qQJMqbq.exe
1960	CrPzfsT.exe
560	eKkAVfX.exe
1012	eRiIeQm.exe
2252	MUETDuD.exe
2268	TOlyLkf.exe
2000	SuGbcur.exe
1280	LmhIpNx.exe
2996	bzFAxpP.exe
2060	OYfuUZS.exe
2480	ZFtPjeb.exe
280	GlObWQm.exe
1616	xkfUlnd.exe
2236	kYRJiNd.exe
2432	CNgKKlU.exe
2476	aDZgAbk.exe
3008	sFNqDYf.exe
376	CvGwKrZ.exe
1656	GfWPIfD.exe
1736	uYwuOeh.exe
2056	NHUucTX.exe
1828	ieMbbpV.exe
1104	edsrsty.exe
2300	hctiZEq.exe
548	nEFqmuF.exe
1460	iCvuGcQ.exe
2072	Ardkxzp.exe
3068	EwHXiee.exe
1320	SJlEhvJ.exe
1548	LZwMWSp.exe
1064	OcPFCNP.exe
2516	FaqUmIG.exe
2440	EHYxovj.exe
1596	DPMxZdf.exe
1824	sWfgtiM.exe
2732	zbUHmRn.exe
2956	GGHYhhH.exe
2624	hgjhYRo.exe
2580	pfogtqi.exe
1676	JUEjkrQ.exe
1260	zulYorR.exe
2748	ZBfIQhm.exe
1848	IYyxzuD.exe
1968	nqJOzQH.exe
2084	UERchBK.exe
2200	buGFJDW.exe

Loads dropped DLL 64 IoCs

pid	Process
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2176-0-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-3.dat	upx
behavioral1/files/0x0007000000019259-8.dat	upx
behavioral1/files/0x0007000000019268-12.dat	upx
behavioral1/files/0x000700000001926c-27.dat	upx
behavioral1/files/0x0006000000019275-32.dat	upx
behavioral1/memory/2600-36-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0006000000019278-39.dat	upx
behavioral1/files/0x000600000001929a-45.dat	upx
behavioral1/memory/2744-71-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2736-75-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x000500000001950e-80.dat	upx
behavioral1/memory/2880-89-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2868-95-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x000500000001a06a-179.dat	upx
behavioral1/memory/2868-854-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2880-706-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/1492-493-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/1580-391-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/1584-328-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x000500000001a0ab-189.dat	upx
behavioral1/files/0x000500000001a074-183.dat	upx
behavioral1/files/0x0005000000019f58-169.dat	upx
behavioral1/files/0x0005000000019f6e-175.dat	upx
behavioral1/files/0x0005000000019d8c-164.dat	upx
behavioral1/files/0x0005000000019cbe-159.dat	upx
behavioral1/files/0x0005000000019c87-154.dat	upx
behavioral1/files/0x0005000000019c85-136.dat	upx
behavioral1/files/0x0005000000019b0f-127.dat	upx
behavioral1/files/0x0005000000019a72-119.dat	upx
behavioral1/files/0x000500000001964b-118.dat	upx
behavioral1/files/0x0005000000019c6c-131.dat	upx
behavioral1/files/0x0005000000019b0d-124.dat	upx
behavioral1/files/0x000500000001964a-109.dat	upx
behavioral1/files/0x0005000000019642-101.dat	upx
behavioral1/files/0x00050000000197c2-113.dat	upx
behavioral1/files/0x0005000000019640-100.dat	upx
behavioral1/memory/3028-96-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x000500000001953e-93.dat	upx
behavioral1/memory/1492-82-0x000000013FF10000-0x0000000140264000-memory.dmp	upx
behavioral1/memory/1296-87-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/files/0x0005000000019513-85.dat	upx
behavioral1/memory/1580-76-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x00050000000194d7-62.dat	upx
behavioral1/files/0x00050000000194df-60.dat	upx
behavioral1/memory/2176-53-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/1584-73-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0006000000019319-50.dat	upx
behavioral1/files/0x00340000000191f6-70.dat	upx
behavioral1/memory/3028-59-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2596-49-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/1296-41-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2736-28-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2776-25-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2960-24-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2824-22-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2600-3284-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2776-3286-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2736-3381-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2824-3377-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/1296-3396-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2960-3468-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2744-3472-0x000000013F600000-0x000000013F954000-memory.dmp	upx
behavioral1/memory/2596-3466-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\rYCXmdZ.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGpUqlF.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTqipwQ.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlenWgs.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vlGUqgL.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UeEmNGS.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wdKamVo.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFtAAyR.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUlGryS.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFHJsGP.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QwCZwSW.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNYTmXR.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dErhXTO.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWFoSFW.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JFSDydg.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VaRQLrE.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhKvcTn.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Cmkmdqk.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxaqKTO.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjMYroo.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zfuAUhh.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLnbFON.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VzVBISu.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RUAyVUY.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GlObWQm.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glwuxSF.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OPiHwUD.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NelEmTM.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUhfTom.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nQcpBUR.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HOHaWMJ.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNvlAAa.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JNHPteB.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwbPOFe.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ENKNKYX.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itTCZjX.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODIKoKd.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AQsjwvw.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jTYPWJm.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmksoMx.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFoPWks.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CIPCvaM.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHVqTXc.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ClFlLvu.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFIrBOr.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTxZRlS.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QxASgOe.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDaPtDr.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQGrghP.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcDvQDY.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPMxZdf.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xBPmPop.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gzePzdl.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QPWQBey.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrdytuZ.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EZdFRaY.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDupCHY.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opOkHtB.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyfqbXV.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EFfZLmn.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nRNCojY.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJWxhJt.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VzsyGGE.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjpPtvS.exe	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2776	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2176 wrote to memory of 2776	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2176 wrote to memory of 2776	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2176 wrote to memory of 2824	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2176 wrote to memory of 2824	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2176 wrote to memory of 2824	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2176 wrote to memory of 2960	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2176 wrote to memory of 2960	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2176 wrote to memory of 2960	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2176 wrote to memory of 2736	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2176 wrote to memory of 2736	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2176 wrote to memory of 2736	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2176 wrote to memory of 2600	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2176 wrote to memory of 2600	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2176 wrote to memory of 2600	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2176 wrote to memory of 1296	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2176 wrote to memory of 1296	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2176 wrote to memory of 1296	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2176 wrote to memory of 2596	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2176 wrote to memory of 2596	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2176 wrote to memory of 2596	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2176 wrote to memory of 3028	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2176 wrote to memory of 3028	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2176 wrote to memory of 3028	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2176 wrote to memory of 2744	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2176 wrote to memory of 2744	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2176 wrote to memory of 2744	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2176 wrote to memory of 1580	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2176 wrote to memory of 1580	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2176 wrote to memory of 1580	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2176 wrote to memory of 1584	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2176 wrote to memory of 1584	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2176 wrote to memory of 1584	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2176 wrote to memory of 1492	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2176 wrote to memory of 1492	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2176 wrote to memory of 1492	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2176 wrote to memory of 2880	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2176 wrote to memory of 2880	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2176 wrote to memory of 2880	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2176 wrote to memory of 2868	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2176 wrote to memory of 2868	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2176 wrote to memory of 2868	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2176 wrote to memory of 2916	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2176 wrote to memory of 2916	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2176 wrote to memory of 2916	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2176 wrote to memory of 2548	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2176 wrote to memory of 2548	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2176 wrote to memory of 2548	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2176 wrote to memory of 668	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2176 wrote to memory of 668	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2176 wrote to memory of 668	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2176 wrote to memory of 2816	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2176 wrote to memory of 2816	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2176 wrote to memory of 2816	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2176 wrote to memory of 2156	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2176 wrote to memory of 2156	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2176 wrote to memory of 2156	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2176 wrote to memory of 1960	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2176 wrote to memory of 1960	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2176 wrote to memory of 1960	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2176 wrote to memory of 560	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2176 wrote to memory of 560	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2176 wrote to memory of 560	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2176 wrote to memory of 1012	2176	2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_cff129fddc20a5d636f6e349be3e1b56_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\System\fvXipVu.exe
  C:\Windows\System\fvXipVu.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\kqeissI.exe
  C:\Windows\System\kqeissI.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\Fctzknn.exe
  C:\Windows\System\Fctzknn.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\XWzIyAl.exe
  C:\Windows\System\XWzIyAl.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\hxpqvpR.exe
  C:\Windows\System\hxpqvpR.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\XtrgXCG.exe
  C:\Windows\System\XtrgXCG.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\JOetAjC.exe
  C:\Windows\System\JOetAjC.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\VfVGfGp.exe
  C:\Windows\System\VfVGfGp.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\URajuLj.exe
  C:\Windows\System\URajuLj.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\nHrkVFR.exe
  C:\Windows\System\nHrkVFR.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\DuasifF.exe
  C:\Windows\System\DuasifF.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\osweaFR.exe
  C:\Windows\System\osweaFR.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\ycrzWOp.exe
  C:\Windows\System\ycrzWOp.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\OTdDPuY.exe
  C:\Windows\System\OTdDPuY.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\hngoGra.exe
  C:\Windows\System\hngoGra.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\UdtCrBj.exe
  C:\Windows\System\UdtCrBj.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\JMKAgFi.exe
  C:\Windows\System\JMKAgFi.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\qQJMqbq.exe
  C:\Windows\System\qQJMqbq.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\cIBpkiu.exe
  C:\Windows\System\cIBpkiu.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\CrPzfsT.exe
  C:\Windows\System\CrPzfsT.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\eKkAVfX.exe
  C:\Windows\System\eKkAVfX.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\eRiIeQm.exe
  C:\Windows\System\eRiIeQm.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\MUETDuD.exe
  C:\Windows\System\MUETDuD.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\TOlyLkf.exe
  C:\Windows\System\TOlyLkf.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\SuGbcur.exe
  C:\Windows\System\SuGbcur.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\LmhIpNx.exe
  C:\Windows\System\LmhIpNx.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\bzFAxpP.exe
  C:\Windows\System\bzFAxpP.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\OYfuUZS.exe
  C:\Windows\System\OYfuUZS.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\ZFtPjeb.exe
  C:\Windows\System\ZFtPjeb.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\GlObWQm.exe
  C:\Windows\System\GlObWQm.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\xkfUlnd.exe
  C:\Windows\System\xkfUlnd.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\kYRJiNd.exe
  C:\Windows\System\kYRJiNd.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\CNgKKlU.exe
  C:\Windows\System\CNgKKlU.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\aDZgAbk.exe
  C:\Windows\System\aDZgAbk.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\sFNqDYf.exe
  C:\Windows\System\sFNqDYf.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\CvGwKrZ.exe
  C:\Windows\System\CvGwKrZ.exe
  2⤵
  - Executes dropped EXE
  PID:376
- C:\Windows\System\GfWPIfD.exe
  C:\Windows\System\GfWPIfD.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\uYwuOeh.exe
  C:\Windows\System\uYwuOeh.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\NHUucTX.exe
  C:\Windows\System\NHUucTX.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\edsrsty.exe
  C:\Windows\System\edsrsty.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\ieMbbpV.exe
  C:\Windows\System\ieMbbpV.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\hctiZEq.exe
  C:\Windows\System\hctiZEq.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\nEFqmuF.exe
  C:\Windows\System\nEFqmuF.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\iCvuGcQ.exe
  C:\Windows\System\iCvuGcQ.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\Ardkxzp.exe
  C:\Windows\System\Ardkxzp.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\EwHXiee.exe
  C:\Windows\System\EwHXiee.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\SJlEhvJ.exe
  C:\Windows\System\SJlEhvJ.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\LZwMWSp.exe
  C:\Windows\System\LZwMWSp.exe
  2⤵
  - Executes dropped EXE
  PID:1548
- C:\Windows\System\OcPFCNP.exe
  C:\Windows\System\OcPFCNP.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\FaqUmIG.exe
  C:\Windows\System\FaqUmIG.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\EHYxovj.exe
  C:\Windows\System\EHYxovj.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\DPMxZdf.exe
  C:\Windows\System\DPMxZdf.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\sWfgtiM.exe
  C:\Windows\System\sWfgtiM.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\zbUHmRn.exe
  C:\Windows\System\zbUHmRn.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\GGHYhhH.exe
  C:\Windows\System\GGHYhhH.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\hgjhYRo.exe
  C:\Windows\System\hgjhYRo.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\pfogtqi.exe
  C:\Windows\System\pfogtqi.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\JUEjkrQ.exe
  C:\Windows\System\JUEjkrQ.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\zulYorR.exe
  C:\Windows\System\zulYorR.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\ZBfIQhm.exe
  C:\Windows\System\ZBfIQhm.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\IYyxzuD.exe
  C:\Windows\System\IYyxzuD.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\nqJOzQH.exe
  C:\Windows\System\nqJOzQH.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\UERchBK.exe
  C:\Windows\System\UERchBK.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\buGFJDW.exe
  C:\Windows\System\buGFJDW.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\qZTIuXM.exe
  C:\Windows\System\qZTIuXM.exe
  2⤵
  PID:592
- C:\Windows\System\PnFNmkZ.exe
  C:\Windows\System\PnFNmkZ.exe
  2⤵
  PID:928
- C:\Windows\System\ecPsPwU.exe
  C:\Windows\System\ecPsPwU.exe
  2⤵
  PID:2368
- C:\Windows\System\ltdDkFT.exe
  C:\Windows\System\ltdDkFT.exe
  2⤵
  PID:1776
- C:\Windows\System\vBMHBUE.exe
  C:\Windows\System\vBMHBUE.exe
  2⤵
  PID:2364
- C:\Windows\System\bqoXVAp.exe
  C:\Windows\System\bqoXVAp.exe
  2⤵
  PID:964
- C:\Windows\System\NYgGLcA.exe
  C:\Windows\System\NYgGLcA.exe
  2⤵
  PID:2316
- C:\Windows\System\kjTaQgm.exe
  C:\Windows\System\kjTaQgm.exe
  2⤵
  PID:716
- C:\Windows\System\eSaaRHu.exe
  C:\Windows\System\eSaaRHu.exe
  2⤵
  PID:2012
- C:\Windows\System\HQakgCU.exe
  C:\Windows\System\HQakgCU.exe
  2⤵
  PID:1792
- C:\Windows\System\lPIbSSQ.exe
  C:\Windows\System\lPIbSSQ.exe
  2⤵
  PID:2456
- C:\Windows\System\IdxQJFH.exe
  C:\Windows\System\IdxQJFH.exe
  2⤵
  PID:1100
- C:\Windows\System\soltTGx.exe
  C:\Windows\System\soltTGx.exe
  2⤵
  PID:2660
- C:\Windows\System\UnNOuGr.exe
  C:\Windows\System\UnNOuGr.exe
  2⤵
  PID:1820
- C:\Windows\System\ebnZqgH.exe
  C:\Windows\System\ebnZqgH.exe
  2⤵
  PID:856
- C:\Windows\System\GfaiLnM.exe
  C:\Windows\System\GfaiLnM.exe
  2⤵
  PID:2288
- C:\Windows\System\GIGumys.exe
  C:\Windows\System\GIGumys.exe
  2⤵
  PID:720
- C:\Windows\System\JhqcraA.exe
  C:\Windows\System\JhqcraA.exe
  2⤵
  PID:896
- C:\Windows\System\vajboxe.exe
  C:\Windows\System\vajboxe.exe
  2⤵
  PID:2320
- C:\Windows\System\LDzQrCB.exe
  C:\Windows\System\LDzQrCB.exe
  2⤵
  PID:2028
- C:\Windows\System\DdkJAJS.exe
  C:\Windows\System\DdkJAJS.exe
  2⤵
  PID:2692
- C:\Windows\System\IBnfUCH.exe
  C:\Windows\System\IBnfUCH.exe
  2⤵
  PID:1576
- C:\Windows\System\rizxAjZ.exe
  C:\Windows\System\rizxAjZ.exe
  2⤵
  PID:2796
- C:\Windows\System\qdiyLZl.exe
  C:\Windows\System\qdiyLZl.exe
  2⤵
  PID:2832
- C:\Windows\System\vYnTgzq.exe
  C:\Windows\System\vYnTgzq.exe
  2⤵
  PID:1284
- C:\Windows\System\RyflgKW.exe
  C:\Windows\System\RyflgKW.exe
  2⤵
  PID:588
- C:\Windows\System\yEblhtw.exe
  C:\Windows\System\yEblhtw.exe
  2⤵
  PID:2388
- C:\Windows\System\ZISVYBU.exe
  C:\Windows\System\ZISVYBU.exe
  2⤵
  PID:2900
- C:\Windows\System\gbCGXSQ.exe
  C:\Windows\System\gbCGXSQ.exe
  2⤵
  PID:1964
- C:\Windows\System\rYCXmdZ.exe
  C:\Windows\System\rYCXmdZ.exe
  2⤵
  PID:2088
- C:\Windows\System\fzKMYEB.exe
  C:\Windows\System\fzKMYEB.exe
  2⤵
  PID:2420
- C:\Windows\System\FBzkkOR.exe
  C:\Windows\System\FBzkkOR.exe
  2⤵
  PID:1408
- C:\Windows\System\CimuKQi.exe
  C:\Windows\System\CimuKQi.exe
  2⤵
  PID:1944
- C:\Windows\System\jiaqefJ.exe
  C:\Windows\System\jiaqefJ.exe
  2⤵
  PID:1764
- C:\Windows\System\rSahKfk.exe
  C:\Windows\System\rSahKfk.exe
  2⤵
  PID:2336
- C:\Windows\System\hFaBaoG.exe
  C:\Windows\System\hFaBaoG.exe
  2⤵
  PID:1720
- C:\Windows\System\lpKpOCw.exe
  C:\Windows\System\lpKpOCw.exe
  2⤵
  PID:2080
- C:\Windows\System\sFPrPVn.exe
  C:\Windows\System\sFPrPVn.exe
  2⤵
  PID:2696
- C:\Windows\System\dOKUIqe.exe
  C:\Windows\System\dOKUIqe.exe
  2⤵
  PID:2780
- C:\Windows\System\vylaRgn.exe
  C:\Windows\System\vylaRgn.exe
  2⤵
  PID:572
- C:\Windows\System\kRUtbAG.exe
  C:\Windows\System\kRUtbAG.exe
  2⤵
  PID:1760
- C:\Windows\System\SOxHGLn.exe
  C:\Windows\System\SOxHGLn.exe
  2⤵
  PID:2240
- C:\Windows\System\SHYSrIq.exe
  C:\Windows\System\SHYSrIq.exe
  2⤵
  PID:2344
- C:\Windows\System\KINfijD.exe
  C:\Windows\System\KINfijD.exe
  2⤵
  PID:2152
- C:\Windows\System\QzLKaVV.exe
  C:\Windows\System\QzLKaVV.exe
  2⤵
  PID:3076
- C:\Windows\System\upTtmRf.exe
  C:\Windows\System\upTtmRf.exe
  2⤵
  PID:3092
- C:\Windows\System\xBPmPop.exe
  C:\Windows\System\xBPmPop.exe
  2⤵
  PID:3112
- C:\Windows\System\CRWgHkM.exe
  C:\Windows\System\CRWgHkM.exe
  2⤵
  PID:3132
- C:\Windows\System\YsRRfnP.exe
  C:\Windows\System\YsRRfnP.exe
  2⤵
  PID:3148
- C:\Windows\System\WYxiPFM.exe
  C:\Windows\System\WYxiPFM.exe
  2⤵
  PID:3176
- C:\Windows\System\yhKvcTn.exe
  C:\Windows\System\yhKvcTn.exe
  2⤵
  PID:3192
- C:\Windows\System\rqncbPY.exe
  C:\Windows\System\rqncbPY.exe
  2⤵
  PID:3212
- C:\Windows\System\GTAyGnx.exe
  C:\Windows\System\GTAyGnx.exe
  2⤵
  PID:3232
- C:\Windows\System\LqWMDnI.exe
  C:\Windows\System\LqWMDnI.exe
  2⤵
  PID:3248
- C:\Windows\System\hlCKmQu.exe
  C:\Windows\System\hlCKmQu.exe
  2⤵
  PID:3272
- C:\Windows\System\PESrPgm.exe
  C:\Windows\System\PESrPgm.exe
  2⤵
  PID:3292
- C:\Windows\System\NBpEytm.exe
  C:\Windows\System\NBpEytm.exe
  2⤵
  PID:3316
- C:\Windows\System\jOwyhbD.exe
  C:\Windows\System\jOwyhbD.exe
  2⤵
  PID:3336
- C:\Windows\System\DRMNpSg.exe
  C:\Windows\System\DRMNpSg.exe
  2⤵
  PID:3360
- C:\Windows\System\QWRadYM.exe
  C:\Windows\System\QWRadYM.exe
  2⤵
  PID:3380
- C:\Windows\System\Vzmbqrk.exe
  C:\Windows\System\Vzmbqrk.exe
  2⤵
  PID:3400
- C:\Windows\System\nnaWISj.exe
  C:\Windows\System\nnaWISj.exe
  2⤵
  PID:3420
- C:\Windows\System\gzePzdl.exe
  C:\Windows\System\gzePzdl.exe
  2⤵
  PID:3440
- C:\Windows\System\CNlygHE.exe
  C:\Windows\System\CNlygHE.exe
  2⤵
  PID:3456
- C:\Windows\System\glwuxSF.exe
  C:\Windows\System\glwuxSF.exe
  2⤵
  PID:3476
- C:\Windows\System\HOdGfWi.exe
  C:\Windows\System\HOdGfWi.exe
  2⤵
  PID:3492
- C:\Windows\System\HOHaWMJ.exe
  C:\Windows\System\HOHaWMJ.exe
  2⤵
  PID:3512
- C:\Windows\System\OXTqryC.exe
  C:\Windows\System\OXTqryC.exe
  2⤵
  PID:3536
- C:\Windows\System\OyNyxNf.exe
  C:\Windows\System\OyNyxNf.exe
  2⤵
  PID:3568
- C:\Windows\System\qhByYMD.exe
  C:\Windows\System\qhByYMD.exe
  2⤵
  PID:3588
- C:\Windows\System\opOkHtB.exe
  C:\Windows\System\opOkHtB.exe
  2⤵
  PID:3604
- C:\Windows\System\kYjHxxr.exe
  C:\Windows\System\kYjHxxr.exe
  2⤵
  PID:3620
- C:\Windows\System\XTWxhIs.exe
  C:\Windows\System\XTWxhIs.exe
  2⤵
  PID:3640
- C:\Windows\System\hQnGiIH.exe
  C:\Windows\System\hQnGiIH.exe
  2⤵
  PID:3656
- C:\Windows\System\Ucdghgn.exe
  C:\Windows\System\Ucdghgn.exe
  2⤵
  PID:3676
- C:\Windows\System\TEyZxqH.exe
  C:\Windows\System\TEyZxqH.exe
  2⤵
  PID:3704
- C:\Windows\System\kcOaKtu.exe
  C:\Windows\System\kcOaKtu.exe
  2⤵
  PID:3720
- C:\Windows\System\NuNwGep.exe
  C:\Windows\System\NuNwGep.exe
  2⤵
  PID:3748
- C:\Windows\System\mijZmRX.exe
  C:\Windows\System\mijZmRX.exe
  2⤵
  PID:3768
- C:\Windows\System\SWBrukl.exe
  C:\Windows\System\SWBrukl.exe
  2⤵
  PID:3788
- C:\Windows\System\ufyEdAP.exe
  C:\Windows\System\ufyEdAP.exe
  2⤵
  PID:3804
- C:\Windows\System\RHVNngO.exe
  C:\Windows\System\RHVNngO.exe
  2⤵
  PID:3828
- C:\Windows\System\nlQwraC.exe
  C:\Windows\System\nlQwraC.exe
  2⤵
  PID:3844
- C:\Windows\System\BNvlAAa.exe
  C:\Windows\System\BNvlAAa.exe
  2⤵
  PID:3868
- C:\Windows\System\aQLzSpN.exe
  C:\Windows\System\aQLzSpN.exe
  2⤵
  PID:3884
- C:\Windows\System\xrbNcEP.exe
  C:\Windows\System\xrbNcEP.exe
  2⤵
  PID:3908
- C:\Windows\System\dnRvJol.exe
  C:\Windows\System\dnRvJol.exe
  2⤵
  PID:3928
- C:\Windows\System\HGEcmCr.exe
  C:\Windows\System\HGEcmCr.exe
  2⤵
  PID:3948
- C:\Windows\System\usYvawv.exe
  C:\Windows\System\usYvawv.exe
  2⤵
  PID:3968
- C:\Windows\System\vrwFyND.exe
  C:\Windows\System\vrwFyND.exe
  2⤵
  PID:3984
- C:\Windows\System\flbXAjt.exe
  C:\Windows\System\flbXAjt.exe
  2⤵
  PID:4004
- C:\Windows\System\szoHBfn.exe
  C:\Windows\System\szoHBfn.exe
  2⤵
  PID:4020
- C:\Windows\System\walyBMt.exe
  C:\Windows\System\walyBMt.exe
  2⤵
  PID:4044
- C:\Windows\System\fXHSwBC.exe
  C:\Windows\System\fXHSwBC.exe
  2⤵
  PID:4064
- C:\Windows\System\JQCMdtv.exe
  C:\Windows\System\JQCMdtv.exe
  2⤵
  PID:4088
- C:\Windows\System\sOnRYGa.exe
  C:\Windows\System\sOnRYGa.exe
  2⤵
  PID:1932
- C:\Windows\System\ChgmLey.exe
  C:\Windows\System\ChgmLey.exe
  2⤵
  PID:1368
- C:\Windows\System\VwBaabq.exe
  C:\Windows\System\VwBaabq.exe
  2⤵
  PID:1712
- C:\Windows\System\XEJWrUm.exe
  C:\Windows\System\XEJWrUm.exe
  2⤵
  PID:1020
- C:\Windows\System\kazKDKh.exe
  C:\Windows\System\kazKDKh.exe
  2⤵
  PID:2944
- C:\Windows\System\NJVFofO.exe
  C:\Windows\System\NJVFofO.exe
  2⤵
  PID:1604
- C:\Windows\System\pfuvxZk.exe
  C:\Windows\System\pfuvxZk.exe
  2⤵
  PID:3048
- C:\Windows\System\cVPJVac.exe
  C:\Windows\System\cVPJVac.exe
  2⤵
  PID:1052
- C:\Windows\System\ODIKoKd.exe
  C:\Windows\System\ODIKoKd.exe
  2⤵
  PID:3084
- C:\Windows\System\snIIIjJ.exe
  C:\Windows\System\snIIIjJ.exe
  2⤵
  PID:540
- C:\Windows\System\ghThFdk.exe
  C:\Windows\System\ghThFdk.exe
  2⤵
  PID:3140
- C:\Windows\System\VOOIoxz.exe
  C:\Windows\System\VOOIoxz.exe
  2⤵
  PID:3172
- C:\Windows\System\phCAqfk.exe
  C:\Windows\System\phCAqfk.exe
  2⤵
  PID:3240
- C:\Windows\System\njPBFNm.exe
  C:\Windows\System\njPBFNm.exe
  2⤵
  PID:3288
- C:\Windows\System\elffPIl.exe
  C:\Windows\System\elffPIl.exe
  2⤵
  PID:3228
- C:\Windows\System\CnUgOOM.exe
  C:\Windows\System\CnUgOOM.exe
  2⤵
  PID:3324
- C:\Windows\System\OPiHwUD.exe
  C:\Windows\System\OPiHwUD.exe
  2⤵
  PID:3304
- C:\Windows\System\SKnlsVa.exe
  C:\Windows\System\SKnlsVa.exe
  2⤵
  PID:3376
- C:\Windows\System\dWDGCkD.exe
  C:\Windows\System\dWDGCkD.exe
  2⤵
  PID:3412
- C:\Windows\System\kMOGiWf.exe
  C:\Windows\System\kMOGiWf.exe
  2⤵
  PID:3396
- C:\Windows\System\RMRfHJX.exe
  C:\Windows\System\RMRfHJX.exe
  2⤵
  PID:3436
- C:\Windows\System\BZsFNvn.exe
  C:\Windows\System\BZsFNvn.exe
  2⤵
  PID:3528
- C:\Windows\System\iHScSKP.exe
  C:\Windows\System\iHScSKP.exe
  2⤵
  PID:3508
- C:\Windows\System\qDdItwz.exe
  C:\Windows\System\qDdItwz.exe
  2⤵
  PID:3552
- C:\Windows\System\upQgyad.exe
  C:\Windows\System\upQgyad.exe
  2⤵
  PID:3612
- C:\Windows\System\cGazQId.exe
  C:\Windows\System\cGazQId.exe
  2⤵
  PID:3652
- C:\Windows\System\KdtaMGX.exe
  C:\Windows\System\KdtaMGX.exe
  2⤵
  PID:3700
- C:\Windows\System\bVJgtEr.exe
  C:\Windows\System\bVJgtEr.exe
  2⤵
  PID:3728
- C:\Windows\System\VjXMzMF.exe
  C:\Windows\System\VjXMzMF.exe
  2⤵
  PID:3716
- C:\Windows\System\nSQPkHB.exe
  C:\Windows\System\nSQPkHB.exe
  2⤵
  PID:3784
- C:\Windows\System\WXeFmKR.exe
  C:\Windows\System\WXeFmKR.exe
  2⤵
  PID:3816
- C:\Windows\System\HEMoaie.exe
  C:\Windows\System\HEMoaie.exe
  2⤵
  PID:3856
- C:\Windows\System\hMmriKI.exe
  C:\Windows\System\hMmriKI.exe
  2⤵
  PID:3840
- C:\Windows\System\FMcgVpc.exe
  C:\Windows\System\FMcgVpc.exe
  2⤵
  PID:3880
- C:\Windows\System\LRvNHWb.exe
  C:\Windows\System\LRvNHWb.exe
  2⤵
  PID:3940
- C:\Windows\System\GUlGryS.exe
  C:\Windows\System\GUlGryS.exe
  2⤵
  PID:3976
- C:\Windows\System\vvdFDIQ.exe
  C:\Windows\System\vvdFDIQ.exe
  2⤵
  PID:4016
- C:\Windows\System\KsxGkyn.exe
  C:\Windows\System\KsxGkyn.exe
  2⤵
  PID:3996
- C:\Windows\System\pjaEtMq.exe
  C:\Windows\System\pjaEtMq.exe
  2⤵
  PID:1552
- C:\Windows\System\vhbFtXv.exe
  C:\Windows\System\vhbFtXv.exe
  2⤵
  PID:4028
- C:\Windows\System\leRGAEk.exe
  C:\Windows\System\leRGAEk.exe
  2⤵
  PID:1724
- C:\Windows\System\vBKTXts.exe
  C:\Windows\System\vBKTXts.exe
  2⤵
  PID:468
- C:\Windows\System\XCCJPij.exe
  C:\Windows\System\XCCJPij.exe
  2⤵
  PID:2068
- C:\Windows\System\xagazIy.exe
  C:\Windows\System\xagazIy.exe
  2⤵
  PID:3108
- C:\Windows\System\yOkOKIR.exe
  C:\Windows\System\yOkOKIR.exe
  2⤵
  PID:3220
- C:\Windows\System\lsZTOjy.exe
  C:\Windows\System\lsZTOjy.exe
  2⤵
  PID:3124
- C:\Windows\System\dPpCAsg.exe
  C:\Windows\System\dPpCAsg.exe
  2⤵
  PID:3416
- C:\Windows\System\lQaMPIc.exe
  C:\Windows\System\lQaMPIc.exe
  2⤵
  PID:3156
- C:\Windows\System\vuFbUDW.exe
  C:\Windows\System\vuFbUDW.exe
  2⤵
  PID:3280
- C:\Windows\System\dIuOZWQ.exe
  C:\Windows\System\dIuOZWQ.exe
  2⤵
  PID:3564
- C:\Windows\System\ONBsSdh.exe
  C:\Windows\System\ONBsSdh.exe
  2⤵
  PID:3664
- C:\Windows\System\AQfqhGv.exe
  C:\Windows\System\AQfqhGv.exe
  2⤵
  PID:3812
- C:\Windows\System\FqcOOfI.exe
  C:\Windows\System\FqcOOfI.exe
  2⤵
  PID:3372
- C:\Windows\System\VUMvfMB.exe
  C:\Windows\System\VUMvfMB.exe
  2⤵
  PID:3860
- C:\Windows\System\hsxMJXK.exe
  C:\Windows\System\hsxMJXK.exe
  2⤵
  PID:3584
- C:\Windows\System\WyQdonD.exe
  C:\Windows\System\WyQdonD.exe
  2⤵
  PID:3944
- C:\Windows\System\UmJPkNq.exe
  C:\Windows\System\UmJPkNq.exe
  2⤵
  PID:4032
- C:\Windows\System\ZyVKtFT.exe
  C:\Windows\System\ZyVKtFT.exe
  2⤵
  PID:3632
- C:\Windows\System\zNzFPTB.exe
  C:\Windows\System\zNzFPTB.exe
  2⤵
  PID:3820
- C:\Windows\System\sLVCRgy.exe
  C:\Windows\System\sLVCRgy.exe
  2⤵
  PID:3896
- C:\Windows\System\pRzAccV.exe
  C:\Windows\System\pRzAccV.exe
  2⤵
  PID:652
- C:\Windows\System\xGnUHJH.exe
  C:\Windows\System\xGnUHJH.exe
  2⤵
  PID:820
- C:\Windows\System\ibMBuLB.exe
  C:\Windows\System\ibMBuLB.exe
  2⤵
  PID:4060
- C:\Windows\System\SJpYrGP.exe
  C:\Windows\System\SJpYrGP.exe
  2⤵
  PID:2656
- C:\Windows\System\UTZIAMk.exe
  C:\Windows\System\UTZIAMk.exe
  2⤵
  PID:3104
- C:\Windows\System\BDLplWM.exe
  C:\Windows\System\BDLplWM.exe
  2⤵
  PID:3300
- C:\Windows\System\ZYbLKdM.exe
  C:\Windows\System\ZYbLKdM.exe
  2⤵
  PID:3164
- C:\Windows\System\QOvJQwH.exe
  C:\Windows\System\QOvJQwH.exe
  2⤵
  PID:4108
- C:\Windows\System\eqPeVop.exe
  C:\Windows\System\eqPeVop.exe
  2⤵
  PID:4128
- C:\Windows\System\KVlSRKz.exe
  C:\Windows\System\KVlSRKz.exe
  2⤵
  PID:4144
- C:\Windows\System\tpNvoBX.exe
  C:\Windows\System\tpNvoBX.exe
  2⤵
  PID:4160
- C:\Windows\System\ZFVuPaM.exe
  C:\Windows\System\ZFVuPaM.exe
  2⤵
  PID:4184
- C:\Windows\System\iJdDDvq.exe
  C:\Windows\System\iJdDDvq.exe
  2⤵
  PID:4204
- C:\Windows\System\vjkyijK.exe
  C:\Windows\System\vjkyijK.exe
  2⤵
  PID:4232
- C:\Windows\System\zVkdsea.exe
  C:\Windows\System\zVkdsea.exe
  2⤵
  PID:4260
- C:\Windows\System\iGiDPtY.exe
  C:\Windows\System\iGiDPtY.exe
  2⤵
  PID:4280
- C:\Windows\System\rYcxgHr.exe
  C:\Windows\System\rYcxgHr.exe
  2⤵
  PID:4300
- C:\Windows\System\KgBiwHq.exe
  C:\Windows\System\KgBiwHq.exe
  2⤵
  PID:4324
- C:\Windows\System\uwvVdvS.exe
  C:\Windows\System\uwvVdvS.exe
  2⤵
  PID:4340
- C:\Windows\System\rsqeGpI.exe
  C:\Windows\System\rsqeGpI.exe
  2⤵
  PID:4360
- C:\Windows\System\LEPjzLi.exe
  C:\Windows\System\LEPjzLi.exe
  2⤵
  PID:4380
- C:\Windows\System\mXKEbfe.exe
  C:\Windows\System\mXKEbfe.exe
  2⤵
  PID:4400
- C:\Windows\System\wcTohWh.exe
  C:\Windows\System\wcTohWh.exe
  2⤵
  PID:4416
- C:\Windows\System\AQsjwvw.exe
  C:\Windows\System\AQsjwvw.exe
  2⤵
  PID:4436
- C:\Windows\System\vIvFHdg.exe
  C:\Windows\System\vIvFHdg.exe
  2⤵
  PID:4452
- C:\Windows\System\xHypQdk.exe
  C:\Windows\System\xHypQdk.exe
  2⤵
  PID:4468
- C:\Windows\System\TDxQtBs.exe
  C:\Windows\System\TDxQtBs.exe
  2⤵
  PID:4484
- C:\Windows\System\brsCUQC.exe
  C:\Windows\System\brsCUQC.exe
  2⤵
  PID:4516
- C:\Windows\System\mWoGAKL.exe
  C:\Windows\System\mWoGAKL.exe
  2⤵
  PID:4552
- C:\Windows\System\GenWcgR.exe
  C:\Windows\System\GenWcgR.exe
  2⤵
  PID:4568
- C:\Windows\System\HFdXPTe.exe
  C:\Windows\System\HFdXPTe.exe
  2⤵
  PID:4592
- C:\Windows\System\lRoJEce.exe
  C:\Windows\System\lRoJEce.exe
  2⤵
  PID:4616
- C:\Windows\System\uVWhSsM.exe
  C:\Windows\System\uVWhSsM.exe
  2⤵
  PID:4636
- C:\Windows\System\PKhkqhG.exe
  C:\Windows\System\PKhkqhG.exe
  2⤵
  PID:4656
- C:\Windows\System\BBjPRlB.exe
  C:\Windows\System\BBjPRlB.exe
  2⤵
  PID:4672
- C:\Windows\System\BXWaSIl.exe
  C:\Windows\System\BXWaSIl.exe
  2⤵
  PID:4692
- C:\Windows\System\VgZXLbX.exe
  C:\Windows\System\VgZXLbX.exe
  2⤵
  PID:4716
- C:\Windows\System\ShoZFhl.exe
  C:\Windows\System\ShoZFhl.exe
  2⤵
  PID:4740
- C:\Windows\System\xholHyU.exe
  C:\Windows\System\xholHyU.exe
  2⤵
  PID:4756
- C:\Windows\System\ufqTbHY.exe
  C:\Windows\System\ufqTbHY.exe
  2⤵
  PID:4784
- C:\Windows\System\eCMbgTQ.exe
  C:\Windows\System\eCMbgTQ.exe
  2⤵
  PID:4804
- C:\Windows\System\vyqobxb.exe
  C:\Windows\System\vyqobxb.exe
  2⤵
  PID:4824
- C:\Windows\System\aIreewo.exe
  C:\Windows\System\aIreewo.exe
  2⤵
  PID:4840
- C:\Windows\System\czxBwak.exe
  C:\Windows\System\czxBwak.exe
  2⤵
  PID:4860
- C:\Windows\System\PJxibGq.exe
  C:\Windows\System\PJxibGq.exe
  2⤵
  PID:4880
- C:\Windows\System\WLiFKvO.exe
  C:\Windows\System\WLiFKvO.exe
  2⤵
  PID:4900
- C:\Windows\System\bIkuMqi.exe
  C:\Windows\System\bIkuMqi.exe
  2⤵
  PID:4920
- C:\Windows\System\CUluMvh.exe
  C:\Windows\System\CUluMvh.exe
  2⤵
  PID:4940
- C:\Windows\System\znmakua.exe
  C:\Windows\System\znmakua.exe
  2⤵
  PID:4956
- C:\Windows\System\SpiDADu.exe
  C:\Windows\System\SpiDADu.exe
  2⤵
  PID:4972
- C:\Windows\System\sXpYGqq.exe
  C:\Windows\System\sXpYGqq.exe
  2⤵
  PID:4996
- C:\Windows\System\XUSwCqk.exe
  C:\Windows\System\XUSwCqk.exe
  2⤵
  PID:5016
- C:\Windows\System\kqYvJJH.exe
  C:\Windows\System\kqYvJJH.exe
  2⤵
  PID:5044
- C:\Windows\System\LhrDChQ.exe
  C:\Windows\System\LhrDChQ.exe
  2⤵
  PID:5060
- C:\Windows\System\EAMVwUL.exe
  C:\Windows\System\EAMVwUL.exe
  2⤵
  PID:5084
- C:\Windows\System\GMQqaJv.exe
  C:\Windows\System\GMQqaJv.exe
  2⤵
  PID:5104
- C:\Windows\System\cuAuKfg.exe
  C:\Windows\System\cuAuKfg.exe
  2⤵
  PID:3184
- C:\Windows\System\ahPsIiZ.exe
  C:\Windows\System\ahPsIiZ.exe
  2⤵
  PID:3260
- C:\Windows\System\MDGtnvC.exe
  C:\Windows\System\MDGtnvC.exe
  2⤵
  PID:3488
- C:\Windows\System\OkLjUNn.exe
  C:\Windows\System\OkLjUNn.exe
  2⤵
  PID:3756
- C:\Windows\System\rsMwNzY.exe
  C:\Windows\System\rsMwNzY.exe
  2⤵
  PID:3744
- C:\Windows\System\jjrhpkI.exe
  C:\Windows\System\jjrhpkI.exe
  2⤵
  PID:2120
- C:\Windows\System\RzYcAsH.exe
  C:\Windows\System\RzYcAsH.exe
  2⤵
  PID:3760
- C:\Windows\System\fSaHKgk.exe
  C:\Windows\System\fSaHKgk.exe
  2⤵
  PID:3936
- C:\Windows\System\VJqCsTl.exe
  C:\Windows\System\VJqCsTl.exe
  2⤵
  PID:3852
- C:\Windows\System\zGOMMhA.exe
  C:\Windows\System\zGOMMhA.exe
  2⤵
  PID:3904
- C:\Windows\System\UPVUaRe.exe
  C:\Windows\System\UPVUaRe.exe
  2⤵
  PID:4124
- C:\Windows\System\GTVDmEh.exe
  C:\Windows\System\GTVDmEh.exe
  2⤵
  PID:4196
- C:\Windows\System\VeSIDRZ.exe
  C:\Windows\System\VeSIDRZ.exe
  2⤵
  PID:3992
- C:\Windows\System\HoRsNqs.exe
  C:\Windows\System\HoRsNqs.exe
  2⤵
  PID:4168
- C:\Windows\System\twaOxKN.exe
  C:\Windows\System\twaOxKN.exe
  2⤵
  PID:4248
- C:\Windows\System\nRCZIGt.exe
  C:\Windows\System\nRCZIGt.exe
  2⤵
  PID:4368
- C:\Windows\System\TQzepbg.exe
  C:\Windows\System\TQzepbg.exe
  2⤵
  PID:4172
- C:\Windows\System\TNEtdZt.exe
  C:\Windows\System\TNEtdZt.exe
  2⤵
  PID:3120
- C:\Windows\System\oJgnECr.exe
  C:\Windows\System\oJgnECr.exe
  2⤵
  PID:4216
- C:\Windows\System\KNfymbx.exe
  C:\Windows\System\KNfymbx.exe
  2⤵
  PID:4268
- C:\Windows\System\jkJWpmA.exe
  C:\Windows\System\jkJWpmA.exe
  2⤵
  PID:4320
- C:\Windows\System\aeUoOHJ.exe
  C:\Windows\System\aeUoOHJ.exe
  2⤵
  PID:4448
- C:\Windows\System\gBmbGNc.exe
  C:\Windows\System\gBmbGNc.exe
  2⤵
  PID:4388
- C:\Windows\System\YzEbCjx.exe
  C:\Windows\System\YzEbCjx.exe
  2⤵
  PID:4464
- C:\Windows\System\UWtxvfl.exe
  C:\Windows\System\UWtxvfl.exe
  2⤵
  PID:4524
- C:\Windows\System\SlJsRdT.exe
  C:\Windows\System\SlJsRdT.exe
  2⤵
  PID:4540
- C:\Windows\System\xNnDwHx.exe
  C:\Windows\System\xNnDwHx.exe
  2⤵
  PID:4564
- C:\Windows\System\GkcDjoL.exe
  C:\Windows\System\GkcDjoL.exe
  2⤵
  PID:4632
- C:\Windows\System\GnvYKQd.exe
  C:\Windows\System\GnvYKQd.exe
  2⤵
  PID:4604
- C:\Windows\System\yWAHyLR.exe
  C:\Windows\System\yWAHyLR.exe
  2⤵
  PID:4648
- C:\Windows\System\VrlLLOj.exe
  C:\Windows\System\VrlLLOj.exe
  2⤵
  PID:4684
- C:\Windows\System\hoceJrk.exe
  C:\Windows\System\hoceJrk.exe
  2⤵
  PID:4728
- C:\Windows\System\sPGXVBA.exe
  C:\Windows\System\sPGXVBA.exe
  2⤵
  PID:4768
- C:\Windows\System\bOCzmOO.exe
  C:\Windows\System\bOCzmOO.exe
  2⤵
  PID:4776
- C:\Windows\System\ICsoxdv.exe
  C:\Windows\System\ICsoxdv.exe
  2⤵
  PID:4868
- C:\Windows\System\DzfEIpT.exe
  C:\Windows\System\DzfEIpT.exe
  2⤵
  PID:4852
- C:\Windows\System\fwGpthl.exe
  C:\Windows\System\fwGpthl.exe
  2⤵
  PID:4948
- C:\Windows\System\sxsBwJA.exe
  C:\Windows\System\sxsBwJA.exe
  2⤵
  PID:4888
- C:\Windows\System\NWDDVDi.exe
  C:\Windows\System\NWDDVDi.exe
  2⤵
  PID:4936
- C:\Windows\System\JymHnjK.exe
  C:\Windows\System\JymHnjK.exe
  2⤵
  PID:4928
- C:\Windows\System\CrpOmlZ.exe
  C:\Windows\System\CrpOmlZ.exe
  2⤵
  PID:2032
- C:\Windows\System\cHoiKOo.exe
  C:\Windows\System\cHoiKOo.exe
  2⤵
  PID:5072
- C:\Windows\System\Cmkmdqk.exe
  C:\Windows\System\Cmkmdqk.exe
  2⤵
  PID:5056
- C:\Windows\System\jNXDAaf.exe
  C:\Windows\System\jNXDAaf.exe
  2⤵
  PID:3960
- C:\Windows\System\LFzgobK.exe
  C:\Windows\System\LFzgobK.exe
  2⤵
  PID:3712
- C:\Windows\System\VhpevRc.exe
  C:\Windows\System\VhpevRc.exe
  2⤵
  PID:3312
- C:\Windows\System\MdqaBMe.exe
  C:\Windows\System\MdqaBMe.exe
  2⤵
  PID:3532
- C:\Windows\System\vewGfnq.exe
  C:\Windows\System\vewGfnq.exe
  2⤵
  PID:3128
- C:\Windows\System\hUKdmCW.exe
  C:\Windows\System\hUKdmCW.exe
  2⤵
  PID:2820
- C:\Windows\System\elisMaX.exe
  C:\Windows\System\elisMaX.exe
  2⤵
  PID:4136
- C:\Windows\System\Lvkvhug.exe
  C:\Windows\System\Lvkvhug.exe
  2⤵
  PID:3596
- C:\Windows\System\ZEXePZH.exe
  C:\Windows\System\ZEXePZH.exe
  2⤵
  PID:4276
- C:\Windows\System\fIcQkjP.exe
  C:\Windows\System\fIcQkjP.exe
  2⤵
  PID:4156
- C:\Windows\System\obXGuyG.exe
  C:\Windows\System\obXGuyG.exe
  2⤵
  PID:4480
- C:\Windows\System\ASwJAgG.exe
  C:\Windows\System\ASwJAgG.exe
  2⤵
  PID:4292
- C:\Windows\System\YDUzJRV.exe
  C:\Windows\System\YDUzJRV.exe
  2⤵
  PID:3056
- C:\Windows\System\cGDOcVQ.exe
  C:\Windows\System\cGDOcVQ.exe
  2⤵
  PID:4312
- C:\Windows\System\VPZsVFn.exe
  C:\Windows\System\VPZsVFn.exe
  2⤵
  PID:4228
- C:\Windows\System\XmFtGsW.exe
  C:\Windows\System\XmFtGsW.exe
  2⤵
  PID:4732
- C:\Windows\System\YnyLNKK.exe
  C:\Windows\System\YnyLNKK.exe
  2⤵
  PID:4836
- C:\Windows\System\XjZWquA.exe
  C:\Windows\System\XjZWquA.exe
  2⤵
  PID:4460
- C:\Windows\System\gjvoYpV.exe
  C:\Windows\System\gjvoYpV.exe
  2⤵
  PID:4624
- C:\Windows\System\sbKLtJy.exe
  C:\Windows\System\sbKLtJy.exe
  2⤵
  PID:4912
- C:\Windows\System\pkLHHWI.exe
  C:\Windows\System\pkLHHWI.exe
  2⤵
  PID:4724
- C:\Windows\System\ewpVufX.exe
  C:\Windows\System\ewpVufX.exe
  2⤵
  PID:4908
- C:\Windows\System\kmwDPOJ.exe
  C:\Windows\System\kmwDPOJ.exe
  2⤵
  PID:4984
- C:\Windows\System\DNnPugg.exe
  C:\Windows\System\DNnPugg.exe
  2⤵
  PID:5040
- C:\Windows\System\BcqMNlu.exe
  C:\Windows\System\BcqMNlu.exe
  2⤵
  PID:3964
- C:\Windows\System\DCNqCvj.exe
  C:\Windows\System\DCNqCvj.exe
  2⤵
  PID:5004
- C:\Windows\System\YHMLqzE.exe
  C:\Windows\System\YHMLqzE.exe
  2⤵
  PID:5092
- C:\Windows\System\bibwnPQ.exe
  C:\Windows\System\bibwnPQ.exe
  2⤵
  PID:3924
- C:\Windows\System\DVceiCp.exe
  C:\Windows\System\DVceiCp.exe
  2⤵
  PID:3388
- C:\Windows\System\JIYXoaH.exe
  C:\Windows\System\JIYXoaH.exe
  2⤵
  PID:3776
- C:\Windows\System\ebYasPW.exe
  C:\Windows\System\ebYasPW.exe
  2⤵
  PID:4256
- C:\Windows\System\hJyKXki.exe
  C:\Windows\System\hJyKXki.exe
  2⤵
  PID:4296
- C:\Windows\System\NNhqlny.exe
  C:\Windows\System\NNhqlny.exe
  2⤵
  PID:5140
- C:\Windows\System\ThYaJoK.exe
  C:\Windows\System\ThYaJoK.exe
  2⤵
  PID:5160
- C:\Windows\System\wTovxTG.exe
  C:\Windows\System\wTovxTG.exe
  2⤵
  PID:5176
- C:\Windows\System\PsMCDFP.exe
  C:\Windows\System\PsMCDFP.exe
  2⤵
  PID:5196
- C:\Windows\System\zxsTgvz.exe
  C:\Windows\System\zxsTgvz.exe
  2⤵
  PID:5216
- C:\Windows\System\XhMOOvl.exe
  C:\Windows\System\XhMOOvl.exe
  2⤵
  PID:5240
- C:\Windows\System\XTctsxT.exe
  C:\Windows\System\XTctsxT.exe
  2⤵
  PID:5256
- C:\Windows\System\OUXntfy.exe
  C:\Windows\System\OUXntfy.exe
  2⤵
  PID:5272
- C:\Windows\System\vHhnjYd.exe
  C:\Windows\System\vHhnjYd.exe
  2⤵
  PID:5292
- C:\Windows\System\JjvDroN.exe
  C:\Windows\System\JjvDroN.exe
  2⤵
  PID:5312
- C:\Windows\System\wnNFSUe.exe
  C:\Windows\System\wnNFSUe.exe
  2⤵
  PID:5332
- C:\Windows\System\RWrnoPN.exe
  C:\Windows\System\RWrnoPN.exe
  2⤵
  PID:5356
- C:\Windows\System\PRYxkAD.exe
  C:\Windows\System\PRYxkAD.exe
  2⤵
  PID:5376
- C:\Windows\System\cOXhbhQ.exe
  C:\Windows\System\cOXhbhQ.exe
  2⤵
  PID:5392
- C:\Windows\System\sPzAaBf.exe
  C:\Windows\System\sPzAaBf.exe
  2⤵
  PID:5412
- C:\Windows\System\LJrQcUG.exe
  C:\Windows\System\LJrQcUG.exe
  2⤵
  PID:5432
- C:\Windows\System\BOpgNYA.exe
  C:\Windows\System\BOpgNYA.exe
  2⤵
  PID:5448
- C:\Windows\System\NGucYMR.exe
  C:\Windows\System\NGucYMR.exe
  2⤵
  PID:5488
- C:\Windows\System\dErhXTO.exe
  C:\Windows\System\dErhXTO.exe
  2⤵
  PID:5504
- C:\Windows\System\THVAjVC.exe
  C:\Windows\System\THVAjVC.exe
  2⤵
  PID:5532
- C:\Windows\System\DleepSx.exe
  C:\Windows\System\DleepSx.exe
  2⤵
  PID:5552
- C:\Windows\System\ItkdYpZ.exe
  C:\Windows\System\ItkdYpZ.exe
  2⤵
  PID:5572
- C:\Windows\System\xlZTbVE.exe
  C:\Windows\System\xlZTbVE.exe
  2⤵
  PID:5588
- C:\Windows\System\AIjHjCp.exe
  C:\Windows\System\AIjHjCp.exe
  2⤵
  PID:5612
- C:\Windows\System\SQmgavj.exe
  C:\Windows\System\SQmgavj.exe
  2⤵
  PID:5628
- C:\Windows\System\ieGmxrY.exe
  C:\Windows\System\ieGmxrY.exe
  2⤵
  PID:5644
- C:\Windows\System\ciKfaiZ.exe
  C:\Windows\System\ciKfaiZ.exe
  2⤵
  PID:5668
- C:\Windows\System\jTYPWJm.exe
  C:\Windows\System\jTYPWJm.exe
  2⤵
  PID:5684
- C:\Windows\System\ZUCSVlt.exe
  C:\Windows\System\ZUCSVlt.exe
  2⤵
  PID:5700
- C:\Windows\System\ZjkTnaw.exe
  C:\Windows\System\ZjkTnaw.exe
  2⤵
  PID:5716
- C:\Windows\System\dkYnWZm.exe
  C:\Windows\System\dkYnWZm.exe
  2⤵
  PID:5732
- C:\Windows\System\jVhEjDI.exe
  C:\Windows\System\jVhEjDI.exe
  2⤵
  PID:5760
- C:\Windows\System\fWFoSFW.exe
  C:\Windows\System\fWFoSFW.exe
  2⤵
  PID:5792
- C:\Windows\System\yKuyLOh.exe
  C:\Windows\System\yKuyLOh.exe
  2⤵
  PID:5808
- C:\Windows\System\oXiqbit.exe
  C:\Windows\System\oXiqbit.exe
  2⤵
  PID:5828
- C:\Windows\System\NafObJQ.exe
  C:\Windows\System\NafObJQ.exe
  2⤵
  PID:5844
- C:\Windows\System\puhnGpb.exe
  C:\Windows\System\puhnGpb.exe
  2⤵
  PID:5864
- C:\Windows\System\LgVuhha.exe
  C:\Windows\System\LgVuhha.exe
  2⤵
  PID:5888
- C:\Windows\System\GRkNpCC.exe
  C:\Windows\System\GRkNpCC.exe
  2⤵
  PID:5912
- C:\Windows\System\fBKthLy.exe
  C:\Windows\System\fBKthLy.exe
  2⤵
  PID:5932
- C:\Windows\System\wvCNAhk.exe
  C:\Windows\System\wvCNAhk.exe
  2⤵
  PID:5948
- C:\Windows\System\kfxDlmh.exe
  C:\Windows\System\kfxDlmh.exe
  2⤵
  PID:5968
- C:\Windows\System\FmDkrWg.exe
  C:\Windows\System\FmDkrWg.exe
  2⤵
  PID:5984
- C:\Windows\System\GSNlKpa.exe
  C:\Windows\System\GSNlKpa.exe
  2⤵
  PID:6012
- C:\Windows\System\UXxiklU.exe
  C:\Windows\System\UXxiklU.exe
  2⤵
  PID:6028
- C:\Windows\System\kgBmItN.exe
  C:\Windows\System\kgBmItN.exe
  2⤵
  PID:6052
- C:\Windows\System\JSyLxro.exe
  C:\Windows\System\JSyLxro.exe
  2⤵
  PID:6068
- C:\Windows\System\EHVqTXc.exe
  C:\Windows\System\EHVqTXc.exe
  2⤵
  PID:6092
- C:\Windows\System\ZtSNOCS.exe
  C:\Windows\System\ZtSNOCS.exe
  2⤵
  PID:6112
- C:\Windows\System\voUKVeS.exe
  C:\Windows\System\voUKVeS.exe
  2⤵
  PID:6132
- C:\Windows\System\dswEIJd.exe
  C:\Windows\System\dswEIJd.exe
  2⤵
  PID:272
- C:\Windows\System\EbtSWCg.exe
  C:\Windows\System\EbtSWCg.exe
  2⤵
  PID:4100
- C:\Windows\System\qhUOmqB.exe
  C:\Windows\System\qhUOmqB.exe
  2⤵
  PID:4444
- C:\Windows\System\QtVdgIn.exe
  C:\Windows\System\QtVdgIn.exe
  2⤵
  PID:4700
- C:\Windows\System\jXcMyJh.exe
  C:\Windows\System\jXcMyJh.exe
  2⤵
  PID:4800
- C:\Windows\System\IGpUqlF.exe
  C:\Windows\System\IGpUqlF.exe
  2⤵
  PID:4872
- C:\Windows\System\YPCtPFm.exe
  C:\Windows\System\YPCtPFm.exe
  2⤵
  PID:3484
- C:\Windows\System\QJMOBaF.exe
  C:\Windows\System\QJMOBaF.exe
  2⤵
  PID:4200
- C:\Windows\System\AZlZkuy.exe
  C:\Windows\System\AZlZkuy.exe
  2⤵
  PID:4428
- C:\Windows\System\WthtmJS.exe
  C:\Windows\System\WthtmJS.exe
  2⤵
  PID:5156
- C:\Windows\System\ktprBbb.exe
  C:\Windows\System\ktprBbb.exe
  2⤵
  PID:4580
- C:\Windows\System\MlLHumn.exe
  C:\Windows\System\MlLHumn.exe
  2⤵
  PID:4980
- C:\Windows\System\mtsxPUs.exe
  C:\Windows\System\mtsxPUs.exe
  2⤵
  PID:5112
- C:\Windows\System\VmvwJbz.exe
  C:\Windows\System\VmvwJbz.exe
  2⤵
  PID:5080
- C:\Windows\System\TRJsvKY.exe
  C:\Windows\System\TRJsvKY.exe
  2⤵
  PID:4704
- C:\Windows\System\jUdhiKI.exe
  C:\Windows\System\jUdhiKI.exe
  2⤵
  PID:4036
- C:\Windows\System\UpmhTsW.exe
  C:\Windows\System\UpmhTsW.exe
  2⤵
  PID:4424
- C:\Windows\System\ahsAofo.exe
  C:\Windows\System\ahsAofo.exe
  2⤵
  PID:5136
- C:\Windows\System\DRHGqSQ.exe
  C:\Windows\System\DRHGqSQ.exe
  2⤵
  PID:5384
- C:\Windows\System\vdVxDrY.exe
  C:\Windows\System\vdVxDrY.exe
  2⤵
  PID:5168
- C:\Windows\System\nNDPTBN.exe
  C:\Windows\System\nNDPTBN.exe
  2⤵
  PID:5248
- C:\Windows\System\QhfSwWP.exe
  C:\Windows\System\QhfSwWP.exe
  2⤵
  PID:5460
- C:\Windows\System\yIMKguz.exe
  C:\Windows\System\yIMKguz.exe
  2⤵
  PID:5372
- C:\Windows\System\ofqJPxn.exe
  C:\Windows\System\ofqJPxn.exe
  2⤵
  PID:5476
- C:\Windows\System\ZXZCAKp.exe
  C:\Windows\System\ZXZCAKp.exe
  2⤵
  PID:5528
- C:\Windows\System\UEWcQrP.exe
  C:\Windows\System\UEWcQrP.exe
  2⤵
  PID:5284
- C:\Windows\System\zXuhhAc.exe
  C:\Windows\System\zXuhhAc.exe
  2⤵
  PID:5444
- C:\Windows\System\EexIIHm.exe
  C:\Windows\System\EexIIHm.exe
  2⤵
  PID:5596
- C:\Windows\System\uSDxaPY.exe
  C:\Windows\System\uSDxaPY.exe
  2⤵
  PID:5636
- C:\Windows\System\QbTptux.exe
  C:\Windows\System\QbTptux.exe
  2⤵
  PID:5680
- C:\Windows\System\zzbMhBv.exe
  C:\Windows\System\zzbMhBv.exe
  2⤵
  PID:1112
- C:\Windows\System\WqWkZDs.exe
  C:\Windows\System\WqWkZDs.exe
  2⤵
  PID:5752
- C:\Windows\System\TBeERTs.exe
  C:\Windows\System\TBeERTs.exe
  2⤵
  PID:5724
- C:\Windows\System\efgWHrl.exe
  C:\Windows\System\efgWHrl.exe
  2⤵
  PID:1276
- C:\Windows\System\yCKkkHm.exe
  C:\Windows\System\yCKkkHm.exe
  2⤵
  PID:2452
- C:\Windows\System\rBjOsHp.exe
  C:\Windows\System\rBjOsHp.exe
  2⤵
  PID:5804
- C:\Windows\System\URhZzQu.exe
  C:\Windows\System\URhZzQu.exe
  2⤵
  PID:5788
- C:\Windows\System\ncruOXQ.exe
  C:\Windows\System\ncruOXQ.exe
  2⤵
  PID:5880
- C:\Windows\System\YRNxlNc.exe
  C:\Windows\System\YRNxlNc.exe
  2⤵
  PID:5824
- C:\Windows\System\ZysJUHH.exe
  C:\Windows\System\ZysJUHH.exe
  2⤵
  PID:5904
- C:\Windows\System\URvlNwL.exe
  C:\Windows\System\URvlNwL.exe
  2⤵
  PID:5956
- C:\Windows\System\HJmGeTu.exe
  C:\Windows\System\HJmGeTu.exe
  2⤵
  PID:5976
- C:\Windows\System\OyrLFVt.exe
  C:\Windows\System\OyrLFVt.exe
  2⤵
  PID:6000
- C:\Windows\System\kmTTCVN.exe
  C:\Windows\System\kmTTCVN.exe
  2⤵
  PID:6040
- C:\Windows\System\wyjYVIf.exe
  C:\Windows\System\wyjYVIf.exe
  2⤵
  PID:6076
- C:\Windows\System\LzDtuAr.exe
  C:\Windows\System\LzDtuAr.exe
  2⤵
  PID:6080
- C:\Windows\System\zqHwaVY.exe
  C:\Windows\System\zqHwaVY.exe
  2⤵
  PID:6128
- C:\Windows\System\SkMrWDJ.exe
  C:\Windows\System\SkMrWDJ.exe
  2⤵
  PID:4212
- C:\Windows\System\RNSSnkJ.exe
  C:\Windows\System\RNSSnkJ.exe
  2⤵
  PID:1988
- C:\Windows\System\azWrTsp.exe
  C:\Windows\System\azWrTsp.exe
  2⤵
  PID:4544
- C:\Windows\System\xevNwyl.exe
  C:\Windows\System\xevNwyl.exe
  2⤵
  PID:4796
- C:\Windows\System\QnMHVWg.exe
  C:\Windows\System\QnMHVWg.exe
  2⤵
  PID:2828
- C:\Windows\System\axjcthv.exe
  C:\Windows\System\axjcthv.exe
  2⤵
  PID:4680
- C:\Windows\System\iaveSay.exe
  C:\Windows\System\iaveSay.exe
  2⤵
  PID:5184
- C:\Windows\System\DxkBqpT.exe
  C:\Windows\System\DxkBqpT.exe
  2⤵
  PID:2984
- C:\Windows\System\dDPNJcb.exe
  C:\Windows\System\dDPNJcb.exe
  2⤵
  PID:4116
- C:\Windows\System\uvAkBOZ.exe
  C:\Windows\System\uvAkBOZ.exe
  2⤵
  PID:5232
- C:\Windows\System\xRFHARe.exe
  C:\Windows\System\xRFHARe.exe
  2⤵
  PID:5132
- C:\Windows\System\ZEcTakk.exe
  C:\Windows\System\ZEcTakk.exe
  2⤵
  PID:5420
- C:\Windows\System\DoztaNs.exe
  C:\Windows\System\DoztaNs.exe
  2⤵
  PID:5348
- C:\Windows\System\WRyvBCA.exe
  C:\Windows\System\WRyvBCA.exe
  2⤵
  PID:5208
- C:\Windows\System\luZzMrI.exe
  C:\Windows\System\luZzMrI.exe
  2⤵
  PID:5404
- C:\Windows\System\oNunsnM.exe
  C:\Windows\System\oNunsnM.exe
  2⤵
  PID:5484
- C:\Windows\System\QymLDrg.exe
  C:\Windows\System\QymLDrg.exe
  2⤵
  PID:5500
- C:\Windows\System\oIVoIWn.exe
  C:\Windows\System\oIVoIWn.exe
  2⤵
  PID:5548
- C:\Windows\System\iASUBcn.exe
  C:\Windows\System\iASUBcn.exe
  2⤵
  PID:5608
- C:\Windows\System\frjPhFi.exe
  C:\Windows\System\frjPhFi.exe
  2⤵
  PID:2592
- C:\Windows\System\ppKMuiq.exe
  C:\Windows\System\ppKMuiq.exe
  2⤵
  PID:5696
- C:\Windows\System\vypSPSV.exe
  C:\Windows\System\vypSPSV.exe
  2⤵
  PID:5660
- C:\Windows\System\RxixvCr.exe
  C:\Windows\System\RxixvCr.exe
  2⤵
  PID:5652
- C:\Windows\System\pxlNitl.exe
  C:\Windows\System\pxlNitl.exe
  2⤵
  PID:5780
- C:\Windows\System\moCgsvI.exe
  C:\Windows\System\moCgsvI.exe
  2⤵
  PID:5820
- C:\Windows\System\jqzjkSW.exe
  C:\Windows\System\jqzjkSW.exe
  2⤵
  PID:5924
- C:\Windows\System\HxcpvaY.exe
  C:\Windows\System\HxcpvaY.exe
  2⤵
  PID:6036
- C:\Windows\System\hegNsHU.exe
  C:\Windows\System\hegNsHU.exe
  2⤵
  PID:6020
- C:\Windows\System\JNHPteB.exe
  C:\Windows\System\JNHPteB.exe
  2⤵
  PID:6024
- C:\Windows\System\kfGZiMt.exe
  C:\Windows\System\kfGZiMt.exe
  2⤵
  PID:6120
- C:\Windows\System\gxQtIjn.exe
  C:\Windows\System\gxQtIjn.exe
  2⤵
  PID:4816
- C:\Windows\System\sodapyx.exe
  C:\Windows\System\sodapyx.exe
  2⤵
  PID:4560
- C:\Windows\System\PVQSDXJ.exe
  C:\Windows\System\PVQSDXJ.exe
  2⤵
  PID:4588
- C:\Windows\System\vGtbCyh.exe
  C:\Windows\System\vGtbCyh.exe
  2⤵
  PID:4968
- C:\Windows\System\yTiwlLu.exe
  C:\Windows\System\yTiwlLu.exe
  2⤵
  PID:5228
- C:\Windows\System\JCNHnom.exe
  C:\Windows\System\JCNHnom.exe
  2⤵
  PID:2104
- C:\Windows\System\RXaQGbK.exe
  C:\Windows\System\RXaQGbK.exe
  2⤵
  PID:5428
- C:\Windows\System\gzUzQHr.exe
  C:\Windows\System\gzUzQHr.exe
  2⤵
  PID:5328
- C:\Windows\System\wVOsXUa.exe
  C:\Windows\System\wVOsXUa.exe
  2⤵
  PID:5364
- C:\Windows\System\cXuiXVr.exe
  C:\Windows\System\cXuiXVr.exe
  2⤵
  PID:5676
- C:\Windows\System\cAkZewR.exe
  C:\Windows\System\cAkZewR.exe
  2⤵
  PID:5620
- C:\Windows\System\gtqnqwP.exe
  C:\Windows\System\gtqnqwP.exe
  2⤵
  PID:5748
- C:\Windows\System\TyfqbXV.exe
  C:\Windows\System\TyfqbXV.exe
  2⤵
  PID:2856
- C:\Windows\System\waKjRGa.exe
  C:\Windows\System\waKjRGa.exe
  2⤵
  PID:5872
- C:\Windows\System\mzQDThq.exe
  C:\Windows\System\mzQDThq.exe
  2⤵
  PID:5944
- C:\Windows\System\yhCUBsB.exe
  C:\Windows\System\yhCUBsB.exe
  2⤵
  PID:6156
- C:\Windows\System\YorhkAa.exe
  C:\Windows\System\YorhkAa.exe
  2⤵
  PID:6176
- C:\Windows\System\kaegdSI.exe
  C:\Windows\System\kaegdSI.exe
  2⤵
  PID:6196
- C:\Windows\System\vOwnlEM.exe
  C:\Windows\System\vOwnlEM.exe
  2⤵
  PID:6216
- C:\Windows\System\wglxcQZ.exe
  C:\Windows\System\wglxcQZ.exe
  2⤵
  PID:6236
- C:\Windows\System\SgkCWLf.exe
  C:\Windows\System\SgkCWLf.exe
  2⤵
  PID:6256
- C:\Windows\System\WUUbmfz.exe
  C:\Windows\System\WUUbmfz.exe
  2⤵
  PID:6276
- C:\Windows\System\tMyWFtT.exe
  C:\Windows\System\tMyWFtT.exe
  2⤵
  PID:6296
- C:\Windows\System\punwSwk.exe
  C:\Windows\System\punwSwk.exe
  2⤵
  PID:6316
- C:\Windows\System\mGjFetu.exe
  C:\Windows\System\mGjFetu.exe
  2⤵
  PID:6336
- C:\Windows\System\xUBxtog.exe
  C:\Windows\System\xUBxtog.exe
  2⤵
  PID:6356
- C:\Windows\System\iNwaGaG.exe
  C:\Windows\System\iNwaGaG.exe
  2⤵
  PID:6376
- C:\Windows\System\mgVzROA.exe
  C:\Windows\System\mgVzROA.exe
  2⤵
  PID:6392
- C:\Windows\System\MLmKhea.exe
  C:\Windows\System\MLmKhea.exe
  2⤵
  PID:6412
- C:\Windows\System\xpvGRUB.exe
  C:\Windows\System\xpvGRUB.exe
  2⤵
  PID:6432
- C:\Windows\System\hLGHRjo.exe
  C:\Windows\System\hLGHRjo.exe
  2⤵
  PID:6448
- C:\Windows\System\McsQrRl.exe
  C:\Windows\System\McsQrRl.exe
  2⤵
  PID:6472
- C:\Windows\System\WIsbRPP.exe
  C:\Windows\System\WIsbRPP.exe
  2⤵
  PID:6492
- C:\Windows\System\OsekPhI.exe
  C:\Windows\System\OsekPhI.exe
  2⤵
  PID:6516
- C:\Windows\System\HncdQPl.exe
  C:\Windows\System\HncdQPl.exe
  2⤵
  PID:6540
- C:\Windows\System\ehbeAqW.exe
  C:\Windows\System\ehbeAqW.exe
  2⤵
  PID:6560
- C:\Windows\System\EFfZLmn.exe
  C:\Windows\System\EFfZLmn.exe
  2⤵
  PID:6580
- C:\Windows\System\NEENdqP.exe
  C:\Windows\System\NEENdqP.exe
  2⤵
  PID:6600
- C:\Windows\System\odfEjfh.exe
  C:\Windows\System\odfEjfh.exe
  2⤵
  PID:6620
- C:\Windows\System\UeVMwHT.exe
  C:\Windows\System\UeVMwHT.exe
  2⤵
  PID:6640
- C:\Windows\System\shBKIlA.exe
  C:\Windows\System\shBKIlA.exe
  2⤵
  PID:6660
- C:\Windows\System\dCKopKE.exe
  C:\Windows\System\dCKopKE.exe
  2⤵
  PID:6680
- C:\Windows\System\QUIoMtx.exe
  C:\Windows\System\QUIoMtx.exe
  2⤵
  PID:6700
- C:\Windows\System\FnotIGn.exe
  C:\Windows\System\FnotIGn.exe
  2⤵
  PID:6720
- C:\Windows\System\ieDGpgW.exe
  C:\Windows\System\ieDGpgW.exe
  2⤵
  PID:6744
- C:\Windows\System\ilNxsWs.exe
  C:\Windows\System\ilNxsWs.exe
  2⤵
  PID:6764
- C:\Windows\System\dfWwlCV.exe
  C:\Windows\System\dfWwlCV.exe
  2⤵
  PID:6784
- C:\Windows\System\tArBwlV.exe
  C:\Windows\System\tArBwlV.exe
  2⤵
  PID:6804
- C:\Windows\System\llaXvIy.exe
  C:\Windows\System\llaXvIy.exe
  2⤵
  PID:6824
- C:\Windows\System\jUiFLwY.exe
  C:\Windows\System\jUiFLwY.exe
  2⤵
  PID:6844
- C:\Windows\System\HtNXxcR.exe
  C:\Windows\System\HtNXxcR.exe
  2⤵
  PID:6864
- C:\Windows\System\nTyQWfn.exe
  C:\Windows\System\nTyQWfn.exe
  2⤵
  PID:6884
- C:\Windows\System\ARWLMqS.exe
  C:\Windows\System\ARWLMqS.exe
  2⤵
  PID:6904
- C:\Windows\System\CmxRbeD.exe
  C:\Windows\System\CmxRbeD.exe
  2⤵
  PID:6924
- C:\Windows\System\gLjOGEf.exe
  C:\Windows\System\gLjOGEf.exe
  2⤵
  PID:6940
- C:\Windows\System\Mpgmoal.exe
  C:\Windows\System\Mpgmoal.exe
  2⤵
  PID:6960
- C:\Windows\System\VXMlBoo.exe
  C:\Windows\System\VXMlBoo.exe
  2⤵
  PID:6984
- C:\Windows\System\ClFlLvu.exe
  C:\Windows\System\ClFlLvu.exe
  2⤵
  PID:7004
- C:\Windows\System\loZvmAL.exe
  C:\Windows\System\loZvmAL.exe
  2⤵
  PID:7024
- C:\Windows\System\RuRMUvA.exe
  C:\Windows\System\RuRMUvA.exe
  2⤵
  PID:7044
- C:\Windows\System\UCqisVq.exe
  C:\Windows\System\UCqisVq.exe
  2⤵
  PID:7064
- C:\Windows\System\BrBQhhW.exe
  C:\Windows\System\BrBQhhW.exe
  2⤵
  PID:7084
- C:\Windows\System\CIeHFXm.exe
  C:\Windows\System\CIeHFXm.exe
  2⤵
  PID:7104
- C:\Windows\System\OKyUvir.exe
  C:\Windows\System\OKyUvir.exe
  2⤵
  PID:7120
- C:\Windows\System\vTqipwQ.exe
  C:\Windows\System\vTqipwQ.exe
  2⤵
  PID:7144
- C:\Windows\System\MpFgwzU.exe
  C:\Windows\System\MpFgwzU.exe
  2⤵
  PID:7164
- C:\Windows\System\RWNJimf.exe
  C:\Windows\System\RWNJimf.exe
  2⤵
  PID:6060
- C:\Windows\System\KlUAaxx.exe
  C:\Windows\System\KlUAaxx.exe
  2⤵
  PID:4408
- C:\Windows\System\vOGFIjA.exe
  C:\Windows\System\vOGFIjA.exe
  2⤵
  PID:4356
- C:\Windows\System\srZmcFk.exe
  C:\Windows\System\srZmcFk.exe
  2⤵
  PID:4832
- C:\Windows\System\rAfXKVV.exe
  C:\Windows\System\rAfXKVV.exe
  2⤵
  PID:4992
- C:\Windows\System\PCXglQN.exe
  C:\Windows\System\PCXglQN.exe
  2⤵
  PID:3636
- C:\Windows\System\knGfswz.exe
  C:\Windows\System\knGfswz.exe
  2⤵
  PID:5304
- C:\Windows\System\yNNwONq.exe
  C:\Windows\System\yNNwONq.exe
  2⤵
  PID:5516
- C:\Windows\System\OFIrBOr.exe
  C:\Windows\System\OFIrBOr.exe
  2⤵
  PID:2792
- C:\Windows\System\MvHDuPO.exe
  C:\Windows\System\MvHDuPO.exe
  2⤵
  PID:2612
- C:\Windows\System\AlenWgs.exe
  C:\Windows\System\AlenWgs.exe
  2⤵
  PID:5708
- C:\Windows\System\nRNCojY.exe
  C:\Windows\System\nRNCojY.exe
  2⤵
  PID:6164
- C:\Windows\System\QUKGasQ.exe
  C:\Windows\System\QUKGasQ.exe
  2⤵
  PID:6168
- C:\Windows\System\HxSxscK.exe
  C:\Windows\System\HxSxscK.exe
  2⤵
  PID:6204
- C:\Windows\System\TQERDTF.exe
  C:\Windows\System\TQERDTF.exe
  2⤵
  PID:6188
- C:\Windows\System\swgIXXw.exe
  C:\Windows\System\swgIXXw.exe
  2⤵
  PID:6284
- C:\Windows\System\KDJHkkk.exe
  C:\Windows\System\KDJHkkk.exe
  2⤵
  PID:6268
- C:\Windows\System\gmsTtWZ.exe
  C:\Windows\System\gmsTtWZ.exe
  2⤵
  PID:6312
- C:\Windows\System\oCfsFOa.exe
  C:\Windows\System\oCfsFOa.exe
  2⤵
  PID:6348
- C:\Windows\System\vbBQXdE.exe
  C:\Windows\System\vbBQXdE.exe
  2⤵
  PID:6408
- C:\Windows\System\yNFjYPv.exe
  C:\Windows\System\yNFjYPv.exe
  2⤵
  PID:6428
- C:\Windows\System\HjMsNcH.exe
  C:\Windows\System\HjMsNcH.exe
  2⤵
  PID:6468
- C:\Windows\System\bnaTXIh.exe
  C:\Windows\System\bnaTXIh.exe
  2⤵
  PID:6456
- C:\Windows\System\hpEVKgW.exe
  C:\Windows\System\hpEVKgW.exe
  2⤵
  PID:6528
- C:\Windows\System\vyPIHMp.exe
  C:\Windows\System\vyPIHMp.exe
  2⤵
  PID:6556
- C:\Windows\System\QITMGJI.exe
  C:\Windows\System\QITMGJI.exe
  2⤵
  PID:6596
- C:\Windows\System\XepYQBe.exe
  C:\Windows\System\XepYQBe.exe
  2⤵
  PID:6628
- C:\Windows\System\doZPoWJ.exe
  C:\Windows\System\doZPoWJ.exe
  2⤵
  PID:6668
- C:\Windows\System\hIdviXS.exe
  C:\Windows\System\hIdviXS.exe
  2⤵
  PID:6708
- C:\Windows\System\lHXVIgb.exe
  C:\Windows\System\lHXVIgb.exe
  2⤵
  PID:6736
- C:\Windows\System\cbKMCym.exe
  C:\Windows\System\cbKMCym.exe
  2⤵
  PID:6712
- C:\Windows\System\EVgDNqt.exe
  C:\Windows\System\EVgDNqt.exe
  2⤵
  PID:6812
- C:\Windows\System\tmSUVKI.exe
  C:\Windows\System\tmSUVKI.exe
  2⤵
  PID:6820
- C:\Windows\System\yDAVjBi.exe
  C:\Windows\System\yDAVjBi.exe
  2⤵
  PID:6840
- C:\Windows\System\IoupmeR.exe
  C:\Windows\System\IoupmeR.exe
  2⤵
  PID:6900
- C:\Windows\System\vVDWxsq.exe
  C:\Windows\System\vVDWxsq.exe
  2⤵
  PID:6912
- C:\Windows\System\HheURtP.exe
  C:\Windows\System\HheURtP.exe
  2⤵
  PID:6980
- C:\Windows\System\XQariTb.exe
  C:\Windows\System\XQariTb.exe
  2⤵
  PID:6976
- C:\Windows\System\FPXCnxQ.exe
  C:\Windows\System\FPXCnxQ.exe
  2⤵
  PID:6536
- C:\Windows\System\CpBnSUY.exe
  C:\Windows\System\CpBnSUY.exe
  2⤵
  PID:7060
- C:\Windows\System\QKLkKkn.exe
  C:\Windows\System\QKLkKkn.exe
  2⤵
  PID:2228
- C:\Windows\System\oFNtFgs.exe
  C:\Windows\System\oFNtFgs.exe
  2⤵
  PID:7076
- C:\Windows\System\vXXrRRW.exe
  C:\Windows\System\vXXrRRW.exe
  2⤵
  PID:7116
- C:\Windows\System\VeBlRuT.exe
  C:\Windows\System\VeBlRuT.exe
  2⤵
  PID:5996
- C:\Windows\System\iNMKNQA.exe
  C:\Windows\System\iNMKNQA.exe
  2⤵
  PID:3504
- C:\Windows\System\EdHdtOn.exe
  C:\Windows\System\EdHdtOn.exe
  2⤵
  PID:2884
- C:\Windows\System\niGncRu.exe
  C:\Windows\System\niGncRu.exe
  2⤵
  PID:2980
- C:\Windows\System\Mhbzvqb.exe
  C:\Windows\System\Mhbzvqb.exe
  2⤵
  PID:5124
- C:\Windows\System\WwToqLr.exe
  C:\Windows\System\WwToqLr.exe
  2⤵
  PID:5324
- C:\Windows\System\xEzbtFF.exe
  C:\Windows\System\xEzbtFF.exe
  2⤵
  PID:5756
- C:\Windows\System\YLnbFON.exe
  C:\Windows\System\YLnbFON.exe
  2⤵
  PID:6148
- C:\Windows\System\SNYRgCA.exe
  C:\Windows\System\SNYRgCA.exe
  2⤵
  PID:6172
- C:\Windows\System\fQckbnK.exe
  C:\Windows\System\fQckbnK.exe
  2⤵
  PID:6184
- C:\Windows\System\iIyPUdp.exe
  C:\Windows\System\iIyPUdp.exe
  2⤵
  PID:6264
- C:\Windows\System\EoeRhPL.exe
  C:\Windows\System\EoeRhPL.exe
  2⤵
  PID:6232
- C:\Windows\System\CAExcgt.exe
  C:\Windows\System\CAExcgt.exe
  2⤵
  PID:6444
- C:\Windows\System\ptyEPai.exe
  C:\Windows\System\ptyEPai.exe
  2⤵
  PID:6440
- C:\Windows\System\TcPdeVA.exe
  C:\Windows\System\TcPdeVA.exe
  2⤵
  PID:6464
- C:\Windows\System\LPxkAvF.exe
  C:\Windows\System\LPxkAvF.exe
  2⤵
  PID:6548
- C:\Windows\System\lZQyWKw.exe
  C:\Windows\System\lZQyWKw.exe
  2⤵
  PID:6588
- C:\Windows\System\qOluzZs.exe
  C:\Windows\System\qOluzZs.exe
  2⤵
  PID:6648
- C:\Windows\System\WtoQIDK.exe
  C:\Windows\System\WtoQIDK.exe
  2⤵
  PID:6772
- C:\Windows\System\okMHGNQ.exe
  C:\Windows\System\okMHGNQ.exe
  2⤵
  PID:2892
- C:\Windows\System\kNGZoYJ.exe
  C:\Windows\System\kNGZoYJ.exe
  2⤵
  PID:1744
- C:\Windows\System\vnERMAF.exe
  C:\Windows\System\vnERMAF.exe
  2⤵
  PID:6880
- C:\Windows\System\XvXhzEM.exe
  C:\Windows\System\XvXhzEM.exe
  2⤵
  PID:6856
- C:\Windows\System\lNYATou.exe
  C:\Windows\System\lNYATou.exe
  2⤵
  PID:7000
- C:\Windows\System\QGDGoZj.exe
  C:\Windows\System\QGDGoZj.exe
  2⤵
  PID:7036
- C:\Windows\System\rDUpoXz.exe
  C:\Windows\System\rDUpoXz.exe
  2⤵
  PID:6088
- C:\Windows\System\eGUrYfk.exe
  C:\Windows\System\eGUrYfk.exe
  2⤵
  PID:5032
- C:\Windows\System\vlGUqgL.exe
  C:\Windows\System\vlGUqgL.exe
  2⤵
  PID:7032
- C:\Windows\System\ieHnftO.exe
  C:\Windows\System\ieHnftO.exe
  2⤵
  PID:5320
- C:\Windows\System\kTqSjmF.exe
  C:\Windows\System\kTqSjmF.exe
  2⤵
  PID:7100
- C:\Windows\System\WbADrzw.exe
  C:\Windows\System\WbADrzw.exe
  2⤵
  PID:6352
- C:\Windows\System\qITxcxe.exe
  C:\Windows\System\qITxcxe.exe
  2⤵
  PID:7156
- C:\Windows\System\WxaqKTO.exe
  C:\Windows\System\WxaqKTO.exe
  2⤵
  PID:6572
- C:\Windows\System\NjMYroo.exe
  C:\Windows\System\NjMYroo.exe
  2⤵
  PID:2008
- C:\Windows\System\VyhTpHn.exe
  C:\Windows\System\VyhTpHn.exe
  2⤵
  PID:2404
- C:\Windows\System\lOYBUiG.exe
  C:\Windows\System\lOYBUiG.exe
  2⤵
  PID:6932
- C:\Windows\System\XpWTNyJ.exe
  C:\Windows\System\XpWTNyJ.exe
  2⤵
  PID:5640
- C:\Windows\System\yNTVeOs.exe
  C:\Windows\System\yNTVeOs.exe
  2⤵
  PID:2652
- C:\Windows\System\sKHoKNm.exe
  C:\Windows\System\sKHoKNm.exe
  2⤵
  PID:6696
- C:\Windows\System\uEAEubp.exe
  C:\Windows\System\uEAEubp.exe
  2⤵
  PID:7172
- C:\Windows\System\OmzjwWt.exe
  C:\Windows\System\OmzjwWt.exe
  2⤵
  PID:7192
- C:\Windows\System\jSsfzud.exe
  C:\Windows\System\jSsfzud.exe
  2⤵
  PID:7208
- C:\Windows\System\SVrbWmt.exe
  C:\Windows\System\SVrbWmt.exe
  2⤵
  PID:7228
- C:\Windows\System\ULKIZnv.exe
  C:\Windows\System\ULKIZnv.exe
  2⤵
  PID:7248
- C:\Windows\System\lyoVcAC.exe
  C:\Windows\System\lyoVcAC.exe
  2⤵
  PID:7268
- C:\Windows\System\avMHMsU.exe
  C:\Windows\System\avMHMsU.exe
  2⤵
  PID:7284
- C:\Windows\System\RkkQgJN.exe
  C:\Windows\System\RkkQgJN.exe
  2⤵
  PID:7308
- C:\Windows\System\OZGHNSW.exe
  C:\Windows\System\OZGHNSW.exe
  2⤵
  PID:7324
- C:\Windows\System\VkpxiGN.exe
  C:\Windows\System\VkpxiGN.exe
  2⤵
  PID:7344
- C:\Windows\System\dKdygnx.exe
  C:\Windows\System\dKdygnx.exe
  2⤵
  PID:7364
- C:\Windows\System\kzEAgCK.exe
  C:\Windows\System\kzEAgCK.exe
  2⤵
  PID:7384
- C:\Windows\System\xRvwoRj.exe
  C:\Windows\System\xRvwoRj.exe
  2⤵
  PID:7404
- C:\Windows\System\xoCuIAJ.exe
  C:\Windows\System\xoCuIAJ.exe
  2⤵
  PID:7424
- C:\Windows\System\kVCRRLQ.exe
  C:\Windows\System\kVCRRLQ.exe
  2⤵
  PID:7444
- C:\Windows\System\hoeIGZL.exe
  C:\Windows\System\hoeIGZL.exe
  2⤵
  PID:7468
- C:\Windows\System\dErDIBz.exe
  C:\Windows\System\dErDIBz.exe
  2⤵
  PID:7484
- C:\Windows\System\tcolEQU.exe
  C:\Windows\System\tcolEQU.exe
  2⤵
  PID:7504
- C:\Windows\System\NMhAtjA.exe
  C:\Windows\System\NMhAtjA.exe
  2⤵
  PID:7528
- C:\Windows\System\HWMeMNg.exe
  C:\Windows\System\HWMeMNg.exe
  2⤵
  PID:7544
- C:\Windows\System\hwFGIJn.exe
  C:\Windows\System\hwFGIJn.exe
  2⤵
  PID:7564
- C:\Windows\System\efANPOZ.exe
  C:\Windows\System\efANPOZ.exe
  2⤵
  PID:7584
- C:\Windows\System\ZgsWfmh.exe
  C:\Windows\System\ZgsWfmh.exe
  2⤵
  PID:7600
- C:\Windows\System\CXqRaxT.exe
  C:\Windows\System\CXqRaxT.exe
  2⤵
  PID:7624
- C:\Windows\System\ilKiFkf.exe
  C:\Windows\System\ilKiFkf.exe
  2⤵
  PID:7640
- C:\Windows\System\NRbuFFQ.exe
  C:\Windows\System\NRbuFFQ.exe
  2⤵
  PID:7664
- C:\Windows\System\jReAWWp.exe
  C:\Windows\System\jReAWWp.exe
  2⤵
  PID:7680
- C:\Windows\System\ZhNCKWw.exe
  C:\Windows\System\ZhNCKWw.exe
  2⤵
  PID:7700
- C:\Windows\System\tFPitaF.exe
  C:\Windows\System\tFPitaF.exe
  2⤵
  PID:7724
- C:\Windows\System\lBHgxdX.exe
  C:\Windows\System\lBHgxdX.exe
  2⤵
  PID:7740
- C:\Windows\System\jAamShh.exe
  C:\Windows\System\jAamShh.exe
  2⤵
  PID:7764
- C:\Windows\System\RcwKxEW.exe
  C:\Windows\System\RcwKxEW.exe
  2⤵
  PID:7784
- C:\Windows\System\lCDpeVM.exe
  C:\Windows\System\lCDpeVM.exe
  2⤵
  PID:7804
- C:\Windows\System\rkKGkgd.exe
  C:\Windows\System\rkKGkgd.exe
  2⤵
  PID:7828
- C:\Windows\System\JLJGJeH.exe
  C:\Windows\System\JLJGJeH.exe
  2⤵
  PID:7852
- C:\Windows\System\WNKHXie.exe
  C:\Windows\System\WNKHXie.exe
  2⤵
  PID:7900
- C:\Windows\System\qHQNCnk.exe
  C:\Windows\System\qHQNCnk.exe
  2⤵
  PID:7920
- C:\Windows\System\NmkYfnC.exe
  C:\Windows\System\NmkYfnC.exe
  2⤵
  PID:7944
- C:\Windows\System\LCKyfoW.exe
  C:\Windows\System\LCKyfoW.exe
  2⤵
  PID:7964
- C:\Windows\System\HhJKtPq.exe
  C:\Windows\System\HhJKtPq.exe
  2⤵
  PID:7980
- C:\Windows\System\jlrEbrv.exe
  C:\Windows\System\jlrEbrv.exe
  2⤵
  PID:8004
- C:\Windows\System\eTxZRlS.exe
  C:\Windows\System\eTxZRlS.exe
  2⤵
  PID:8024
- C:\Windows\System\ZuFldHB.exe
  C:\Windows\System\ZuFldHB.exe
  2⤵
  PID:8044
- C:\Windows\System\jloVDCE.exe
  C:\Windows\System\jloVDCE.exe
  2⤵
  PID:8068
- C:\Windows\System\xzxnJHC.exe
  C:\Windows\System\xzxnJHC.exe
  2⤵
  PID:8092
- C:\Windows\System\SwiaiuE.exe
  C:\Windows\System\SwiaiuE.exe
  2⤵
  PID:8108
- C:\Windows\System\jptPyUT.exe
  C:\Windows\System\jptPyUT.exe
  2⤵
  PID:8132
- C:\Windows\System\wrzClkF.exe
  C:\Windows\System\wrzClkF.exe
  2⤵
  PID:8148
- C:\Windows\System\cNMhUxc.exe
  C:\Windows\System\cNMhUxc.exe
  2⤵
  PID:8164
- C:\Windows\System\mgLQGLB.exe
  C:\Windows\System\mgLQGLB.exe
  2⤵
  PID:8188
- C:\Windows\System\zWpLmFG.exe
  C:\Windows\System\zWpLmFG.exe
  2⤵
  PID:5712
- C:\Windows\System\nesUfxO.exe
  C:\Windows\System\nesUfxO.exe
  2⤵
  PID:2620
- C:\Windows\System\lBaOxtI.exe
  C:\Windows\System\lBaOxtI.exe
  2⤵
  PID:6288
- C:\Windows\System\uJWxhJt.exe
  C:\Windows\System\uJWxhJt.exe
  2⤵
  PID:7244
- C:\Windows\System\AhOzTij.exe
  C:\Windows\System\AhOzTij.exe
  2⤵
  PID:6328
- C:\Windows\System\nRtSNXA.exe
  C:\Windows\System\nRtSNXA.exe
  2⤵
  PID:7356
- C:\Windows\System\WQiMwYg.exe
  C:\Windows\System\WQiMwYg.exe
  2⤵
  PID:7396
- C:\Windows\System\bJcdURM.exe
  C:\Windows\System\bJcdURM.exe
  2⤵
  PID:6532
- C:\Windows\System\tIrykBq.exe
  C:\Windows\System\tIrykBq.exe
  2⤵
  PID:7480
- C:\Windows\System\sDKvRUQ.exe
  C:\Windows\System\sDKvRUQ.exe
  2⤵
  PID:7516
- C:\Windows\System\znhkqCq.exe
  C:\Windows\System\znhkqCq.exe
  2⤵
  PID:7556
- C:\Windows\System\ykRitVt.exe
  C:\Windows\System\ykRitVt.exe
  2⤵
  PID:2556
- C:\Windows\System\rHIEoIY.exe
  C:\Windows\System\rHIEoIY.exe
  2⤵
  PID:6780
- C:\Windows\System\qZKlIwN.exe
  C:\Windows\System\qZKlIwN.exe
  2⤵
  PID:7708
- C:\Windows\System\CHudzTR.exe
  C:\Windows\System\CHudzTR.exe
  2⤵
  PID:2220
- C:\Windows\System\lawrPGb.exe
  C:\Windows\System\lawrPGb.exe
  2⤵
  PID:6832
- C:\Windows\System\ikgfgWl.exe
  C:\Windows\System\ikgfgWl.exe
  2⤵
  PID:7040
- C:\Windows\System\iHYHDaM.exe
  C:\Windows\System\iHYHDaM.exe
  2⤵
  PID:4224
- C:\Windows\System\rKyyYTf.exe
  C:\Windows\System\rKyyYTf.exe
  2⤵
  PID:6576
- C:\Windows\System\DtwUfZw.exe
  C:\Windows\System\DtwUfZw.exe
  2⤵
  PID:6892
- C:\Windows\System\mAKVDOz.exe
  C:\Windows\System\mAKVDOz.exe
  2⤵
  PID:6364
- C:\Windows\System\RCHtMJA.exe
  C:\Windows\System\RCHtMJA.exe
  2⤵
  PID:7188
- C:\Windows\System\quhAyWj.exe
  C:\Windows\System\quhAyWj.exe
  2⤵
  PID:7260
- C:\Windows\System\bZslfhl.exe
  C:\Windows\System\bZslfhl.exe
  2⤵
  PID:1652
- C:\Windows\System\MIshDPH.exe
  C:\Windows\System\MIshDPH.exe
  2⤵
  PID:7304
- C:\Windows\System\LsoATrs.exe
  C:\Windows\System\LsoATrs.exe
  2⤵
  PID:7372
- C:\Windows\System\ZKhAPRu.exe
  C:\Windows\System\ZKhAPRu.exe
  2⤵
  PID:7460
- C:\Windows\System\FKBBYuD.exe
  C:\Windows\System\FKBBYuD.exe
  2⤵
  PID:7580
- C:\Windows\System\IWsUYvw.exe
  C:\Windows\System\IWsUYvw.exe
  2⤵
  PID:2720
- C:\Windows\System\oQXTPpX.exe
  C:\Windows\System\oQXTPpX.exe
  2⤵
  PID:7696
- C:\Windows\System\CgzayLR.exe
  C:\Windows\System\CgzayLR.exe
  2⤵
  PID:7836
- C:\Windows\System\xTwSigC.exe
  C:\Windows\System\xTwSigC.exe
  2⤵
  PID:7776
- C:\Windows\System\KBAcCKL.exe
  C:\Windows\System\KBAcCKL.exe
  2⤵
  PID:7648
- C:\Windows\System\tEMoAHU.exe
  C:\Windows\System\tEMoAHU.exe
  2⤵
  PID:7540
- C:\Windows\System\lfrNpKP.exe
  C:\Windows\System\lfrNpKP.exe
  2⤵
  PID:7456
- C:\Windows\System\GgvLaNN.exe
  C:\Windows\System\GgvLaNN.exe
  2⤵
  PID:7848
- C:\Windows\System\EToqEWz.exe
  C:\Windows\System\EToqEWz.exe
  2⤵
  PID:7820
- C:\Windows\System\WSHchcs.exe
  C:\Windows\System\WSHchcs.exe
  2⤵
  PID:7860
- C:\Windows\System\SXauXzL.exe
  C:\Windows\System\SXauXzL.exe
  2⤵
  PID:7880
- C:\Windows\System\XbmGcuU.exe
  C:\Windows\System\XbmGcuU.exe
  2⤵
  PID:3548
- C:\Windows\System\KwNOMpk.exe
  C:\Windows\System\KwNOMpk.exe
  2⤵
  PID:7940
- C:\Windows\System\aDNFaUN.exe
  C:\Windows\System\aDNFaUN.exe
  2⤵
  PID:8040
- C:\Windows\System\iAINHJV.exe
  C:\Windows\System\iAINHJV.exe
  2⤵
  PID:8076
- C:\Windows\System\hoYVfMS.exe
  C:\Windows\System\hoYVfMS.exe
  2⤵
  PID:8116
- C:\Windows\System\YBouRiP.exe
  C:\Windows\System\YBouRiP.exe
  2⤵
  PID:8012
- C:\Windows\System\NelEmTM.exe
  C:\Windows\System\NelEmTM.exe
  2⤵
  PID:8060
- C:\Windows\System\TBZVCiD.exe
  C:\Windows\System\TBZVCiD.exe
  2⤵
  PID:8052
- C:\Windows\System\hECRXhr.exe
  C:\Windows\System\hECRXhr.exe
  2⤵
  PID:8104
- C:\Windows\System\ytPIAiL.exe
  C:\Windows\System\ytPIAiL.exe
  2⤵
  PID:8140
- C:\Windows\System\qtonhiG.exe
  C:\Windows\System\qtonhiG.exe
  2⤵
  PID:8180
- C:\Windows\System\DdygXDP.exe
  C:\Windows\System\DdygXDP.exe
  2⤵
  PID:2524
- C:\Windows\System\fOQHPGp.exe
  C:\Windows\System\fOQHPGp.exe
  2⤵
  PID:2460
- C:\Windows\System\RoUOyQl.exe
  C:\Windows\System\RoUOyQl.exe
  2⤵
  PID:2020
- C:\Windows\System\vQLWttX.exe
  C:\Windows\System\vQLWttX.exe
  2⤵
  PID:7720
- C:\Windows\System\kQDWpuK.exe
  C:\Windows\System\kQDWpuK.exe
  2⤵
  PID:7748
- C:\Windows\System\RuIpgDw.exe
  C:\Windows\System\RuIpgDw.exe
  2⤵
  PID:6916
- C:\Windows\System\wgcQNKM.exe
  C:\Windows\System\wgcQNKM.exe
  2⤵
  PID:7592
- C:\Windows\System\pCTBWYS.exe
  C:\Windows\System\pCTBWYS.exe
  2⤵
  PID:7760
- C:\Windows\System\VxnLwNC.exe
  C:\Windows\System\VxnLwNC.exe
  2⤵
  PID:7800
- C:\Windows\System\QxzrZgV.exe
  C:\Windows\System\QxzrZgV.exe
  2⤵
  PID:7792
- C:\Windows\System\YgsDnHN.exe
  C:\Windows\System\YgsDnHN.exe
  2⤵
  PID:1528
- C:\Windows\System\cOyzolM.exe
  C:\Windows\System\cOyzolM.exe
  2⤵
  PID:2848
- C:\Windows\System\UtzXNMr.exe
  C:\Windows\System\UtzXNMr.exe
  2⤵
  PID:6728
- C:\Windows\System\wAiLAfH.exe
  C:\Windows\System\wAiLAfH.exe
  2⤵
  PID:1780
- C:\Windows\System\eaTgVJk.exe
  C:\Windows\System\eaTgVJk.exe
  2⤵
  PID:1976
- C:\Windows\System\ZDFKVCl.exe
  C:\Windows\System\ZDFKVCl.exe
  2⤵
  PID:2184
- C:\Windows\System\CbKLViM.exe
  C:\Windows\System\CbKLViM.exe
  2⤵
  PID:2952
- C:\Windows\System\BndDgLV.exe
  C:\Windows\System\BndDgLV.exe
  2⤵
  PID:2416
- C:\Windows\System\NIdiLDy.exe
  C:\Windows\System\NIdiLDy.exe
  2⤵
  PID:2208
- C:\Windows\System\MOGhZYi.exe
  C:\Windows\System\MOGhZYi.exe
  2⤵
  PID:1036
- C:\Windows\System\iBMFodH.exe
  C:\Windows\System\iBMFodH.exe
  2⤵
  PID:792
- C:\Windows\System\pXhBQOG.exe
  C:\Windows\System\pXhBQOG.exe
  2⤵
  PID:7052
- C:\Windows\System\YdVcvaq.exe
  C:\Windows\System\YdVcvaq.exe
  2⤵
  PID:7184
- C:\Windows\System\IltxlrS.exe
  C:\Windows\System\IltxlrS.exe
  2⤵
  PID:7500
- C:\Windows\System\oveTZnP.exe
  C:\Windows\System\oveTZnP.exe
  2⤵
  PID:7660
- C:\Windows\System\HKAwuce.exe
  C:\Windows\System\HKAwuce.exe
  2⤵
  PID:7572
- C:\Windows\System\ReHJEHA.exe
  C:\Windows\System\ReHJEHA.exe
  2⤵
  PID:7608
- C:\Windows\System\YTmlUnz.exe
  C:\Windows\System\YTmlUnz.exe
  2⤵
  PID:7892
- C:\Windows\System\eXvDCKM.exe
  C:\Windows\System\eXvDCKM.exe
  2⤵
  PID:8088
- C:\Windows\System\uHLpyJo.exe
  C:\Windows\System\uHLpyJo.exe
  2⤵
  PID:7224
- C:\Windows\System\BSjmdWT.exe
  C:\Windows\System\BSjmdWT.exe
  2⤵
  PID:1812
- C:\Windows\System\zLvUDOu.exe
  C:\Windows\System\zLvUDOu.exe
  2⤵
  PID:7412
- C:\Windows\System\ezWvYfh.exe
  C:\Windows\System\ezWvYfh.exe
  2⤵
  PID:7928
- C:\Windows\System\hOgqHyw.exe
  C:\Windows\System\hOgqHyw.exe
  2⤵
  PID:7652
- C:\Windows\System\rKbQOAT.exe
  C:\Windows\System\rKbQOAT.exe
  2⤵
  PID:7868
- C:\Windows\System\VzVBISu.exe
  C:\Windows\System\VzVBISu.exe
  2⤵
  PID:8128
- C:\Windows\System\cTuzdEb.exe
  C:\Windows\System\cTuzdEb.exe
  2⤵
  PID:2708
- C:\Windows\System\iewGYOF.exe
  C:\Windows\System\iewGYOF.exe
  2⤵
  PID:7280
- C:\Windows\System\SgAzPwf.exe
  C:\Windows\System\SgAzPwf.exe
  2⤵
  PID:7692
- C:\Windows\System\XNhOpea.exe
  C:\Windows\System\XNhOpea.exe
  2⤵
  PID:1644
- C:\Windows\System\hJHEQGb.exe
  C:\Windows\System\hJHEQGb.exe
  2⤵
  PID:3204
- C:\Windows\System\kyoAVNs.exe
  C:\Windows\System\kyoAVNs.exe
  2⤵
  PID:7240
- C:\Windows\System\GzJYHhZ.exe
  C:\Windows\System\GzJYHhZ.exe
  2⤵
  PID:6460
- C:\Windows\System\hawxNuV.exe
  C:\Windows\System\hawxNuV.exe
  2⤵
  PID:6608
- C:\Windows\System\VIIrGnw.exe
  C:\Windows\System\VIIrGnw.exe
  2⤵
  PID:2728
- C:\Windows\System\uTRgoql.exe
  C:\Windows\System\uTRgoql.exe
  2⤵
  PID:6252
- C:\Windows\System\rBcrshX.exe
  C:\Windows\System\rBcrshX.exe
  2⤵
  PID:2576
- C:\Windows\System\vUjXzjp.exe
  C:\Windows\System\vUjXzjp.exe
  2⤵
  PID:6104
- C:\Windows\System\fpJAQcm.exe
  C:\Windows\System\fpJAQcm.exe
  2⤵
  PID:2908
- C:\Windows\System\QDhxlxi.exe
  C:\Windows\System\QDhxlxi.exe
  2⤵
  PID:2644
- C:\Windows\System\jCtPrFS.exe
  C:\Windows\System\jCtPrFS.exe
  2⤵
  PID:1748
- C:\Windows\System\ipIDJbP.exe
  C:\Windows\System\ipIDJbP.exe
  2⤵
  PID:2264
- C:\Windows\System\aWMIRco.exe
  C:\Windows\System\aWMIRco.exe
  2⤵
  PID:7876
- C:\Windows\System\VzsyGGE.exe
  C:\Windows\System\VzsyGGE.exe
  2⤵
  PID:8172
- C:\Windows\System\NeMossd.exe
  C:\Windows\System\NeMossd.exe
  2⤵
  PID:8000
- C:\Windows\System\VNbRphL.exe
  C:\Windows\System\VNbRphL.exe
  2⤵
  PID:2092
- C:\Windows\System\vUlgfIw.exe
  C:\Windows\System\vUlgfIw.exe
  2⤵
  PID:2904
- C:\Windows\System\QVoNjkK.exe
  C:\Windows\System\QVoNjkK.exe
  2⤵
  PID:8156
- C:\Windows\System\rWYcHFh.exe
  C:\Windows\System\rWYcHFh.exe
  2⤵
  PID:2196
- C:\Windows\System\dvjuMfV.exe
  C:\Windows\System\dvjuMfV.exe
  2⤵
  PID:7840
- C:\Windows\System\uNpbCCP.exe
  C:\Windows\System\uNpbCCP.exe
  2⤵
  PID:7932
- C:\Windows\System\sBUaNFw.exe
  C:\Windows\System\sBUaNFw.exe
  2⤵
  PID:2036
- C:\Windows\System\HCoZoTw.exe
  C:\Windows\System\HCoZoTw.exe
  2⤵
  PID:7632
- C:\Windows\System\oHgCHhD.exe
  C:\Windows\System\oHgCHhD.exe
  2⤵
  PID:6616
- C:\Windows\System\ExMvOEI.exe
  C:\Windows\System\ExMvOEI.exe
  2⤵
  PID:1624
- C:\Windows\System\QxASgOe.exe
  C:\Windows\System\QxASgOe.exe
  2⤵
  PID:7400
- C:\Windows\System\xjggISI.exe
  C:\Windows\System\xjggISI.exe
  2⤵
  PID:900
- C:\Windows\System\mKNGeVx.exe
  C:\Windows\System\mKNGeVx.exe
  2⤵
  PID:2628
- C:\Windows\System\OnFVegA.exe
  C:\Windows\System\OnFVegA.exe
  2⤵
  PID:7336
- C:\Windows\System\cuSXesL.exe
  C:\Windows\System\cuSXesL.exe
  2⤵
  PID:2872
- C:\Windows\System\hVQWhmp.exe
  C:\Windows\System\hVQWhmp.exe
  2⤵
  PID:1984
- C:\Windows\System\ITXCgtB.exe
  C:\Windows\System\ITXCgtB.exe
  2⤵
  PID:8176
- C:\Windows\System\gSZTJgF.exe
  C:\Windows\System\gSZTJgF.exe
  2⤵
  PID:7752
- C:\Windows\System\RZnjgrk.exe
  C:\Windows\System\RZnjgrk.exe
  2⤵
  PID:7732
- C:\Windows\System\mbGcPBz.exe
  C:\Windows\System\mbGcPBz.exe
  2⤵
  PID:6152
- C:\Windows\System\jICjNCF.exe
  C:\Windows\System\jICjNCF.exe
  2⤵
  PID:1008
- C:\Windows\System\CurzpCJ.exe
  C:\Windows\System\CurzpCJ.exe
  2⤵
  PID:5212
- C:\Windows\System\zAScBjm.exe
  C:\Windows\System\zAScBjm.exe
  2⤵
  PID:2812
- C:\Windows\System\EmUxyUQ.exe
  C:\Windows\System\EmUxyUQ.exe
  2⤵
  PID:6248
- C:\Windows\System\UFZqWlA.exe
  C:\Windows\System\UFZqWlA.exe
  2⤵
  PID:7136
- C:\Windows\System\qsSgWUC.exe
  C:\Windows\System\qsSgWUC.exe
  2⤵
  PID:8200
- C:\Windows\System\nvAQEJI.exe
  C:\Windows\System\nvAQEJI.exe
  2⤵
  PID:8216
- C:\Windows\System\HcFmeMY.exe
  C:\Windows\System\HcFmeMY.exe
  2⤵
  PID:8232
- C:\Windows\System\TWLIpGK.exe
  C:\Windows\System\TWLIpGK.exe
  2⤵
  PID:8248
- C:\Windows\System\TGrMfSS.exe
  C:\Windows\System\TGrMfSS.exe
  2⤵
  PID:8264
- C:\Windows\System\MUQectt.exe
  C:\Windows\System\MUQectt.exe
  2⤵
  PID:8280
- C:\Windows\System\KMERTXp.exe
  C:\Windows\System\KMERTXp.exe
  2⤵
  PID:8296
- C:\Windows\System\xDyYUCH.exe
  C:\Windows\System\xDyYUCH.exe
  2⤵
  PID:8312
- C:\Windows\System\HZjltof.exe
  C:\Windows\System\HZjltof.exe
  2⤵
  PID:8328
- C:\Windows\System\cfKOMZS.exe
  C:\Windows\System\cfKOMZS.exe
  2⤵
  PID:8344
- C:\Windows\System\ZpwsoSE.exe
  C:\Windows\System\ZpwsoSE.exe
  2⤵
  PID:8360
- C:\Windows\System\sLBxJcW.exe
  C:\Windows\System\sLBxJcW.exe
  2⤵
  PID:8376
- C:\Windows\System\oDaPtDr.exe
  C:\Windows\System\oDaPtDr.exe
  2⤵
  PID:8392
- C:\Windows\System\gYchQSW.exe
  C:\Windows\System\gYchQSW.exe
  2⤵
  PID:8408
- C:\Windows\System\HmHhQfg.exe
  C:\Windows\System\HmHhQfg.exe
  2⤵
  PID:8424
- C:\Windows\System\dWwXxod.exe
  C:\Windows\System\dWwXxod.exe
  2⤵
  PID:8440
- C:\Windows\System\oHPIKcC.exe
  C:\Windows\System\oHPIKcC.exe
  2⤵
  PID:8456
- C:\Windows\System\iSYJxAO.exe
  C:\Windows\System\iSYJxAO.exe
  2⤵
  PID:8472
- C:\Windows\System\iRSwEcW.exe
  C:\Windows\System\iRSwEcW.exe
  2⤵
  PID:8488
- C:\Windows\System\fGnQGsl.exe
  C:\Windows\System\fGnQGsl.exe
  2⤵
  PID:8504
- C:\Windows\System\yktbolE.exe
  C:\Windows\System\yktbolE.exe
  2⤵
  PID:8520
- C:\Windows\System\mYSJfSp.exe
  C:\Windows\System\mYSJfSp.exe
  2⤵
  PID:8536
- C:\Windows\System\nyYxsyl.exe
  C:\Windows\System\nyYxsyl.exe
  2⤵
  PID:8552
- C:\Windows\System\RutinYt.exe
  C:\Windows\System\RutinYt.exe
  2⤵
  PID:8568
- C:\Windows\System\zXpvJPO.exe
  C:\Windows\System\zXpvJPO.exe
  2⤵
  PID:8584
- C:\Windows\System\vCKSboe.exe
  C:\Windows\System\vCKSboe.exe
  2⤵
  PID:8600
- C:\Windows\System\gRfCUmV.exe
  C:\Windows\System\gRfCUmV.exe
  2⤵
  PID:8616
- C:\Windows\System\qrWbwQq.exe
  C:\Windows\System\qrWbwQq.exe
  2⤵
  PID:8632
- C:\Windows\System\ZSsOuay.exe
  C:\Windows\System\ZSsOuay.exe
  2⤵
  PID:8648
- C:\Windows\System\EPJwdyP.exe
  C:\Windows\System\EPJwdyP.exe
  2⤵
  PID:8664
- C:\Windows\System\ucPOvye.exe
  C:\Windows\System\ucPOvye.exe
  2⤵
  PID:8680
- C:\Windows\System\SwbPOFe.exe
  C:\Windows\System\SwbPOFe.exe
  2⤵
  PID:8696
- C:\Windows\System\RVDLwqj.exe
  C:\Windows\System\RVDLwqj.exe
  2⤵
  PID:8712
- C:\Windows\System\SFpuulW.exe
  C:\Windows\System\SFpuulW.exe
  2⤵
  PID:8728
- C:\Windows\System\LOdSufw.exe
  C:\Windows\System\LOdSufw.exe
  2⤵
  PID:8744
- C:\Windows\System\OOehKvM.exe
  C:\Windows\System\OOehKvM.exe
  2⤵
  PID:8760
- C:\Windows\System\UOVoJzY.exe
  C:\Windows\System\UOVoJzY.exe
  2⤵
  PID:8776
- C:\Windows\System\AHghPJw.exe
  C:\Windows\System\AHghPJw.exe
  2⤵
  PID:8792
- C:\Windows\System\ryzhwot.exe
  C:\Windows\System\ryzhwot.exe
  2⤵
  PID:8808
- C:\Windows\System\RojzkBM.exe
  C:\Windows\System\RojzkBM.exe
  2⤵
  PID:8828
- C:\Windows\System\yoCCDvx.exe
  C:\Windows\System\yoCCDvx.exe
  2⤵
  PID:8844
- C:\Windows\System\uBpNvBl.exe
  C:\Windows\System\uBpNvBl.exe
  2⤵
  PID:8860
- C:\Windows\System\TMSQMew.exe
  C:\Windows\System\TMSQMew.exe
  2⤵
  PID:8876
- C:\Windows\System\THkkDAX.exe
  C:\Windows\System\THkkDAX.exe
  2⤵
  PID:8892
- C:\Windows\System\rpvSItO.exe
  C:\Windows\System\rpvSItO.exe
  2⤵
  PID:8908
- C:\Windows\System\MLUNvzu.exe
  C:\Windows\System\MLUNvzu.exe
  2⤵
  PID:8924
- C:\Windows\System\qVKBWcn.exe
  C:\Windows\System\qVKBWcn.exe
  2⤵
  PID:8940
- C:\Windows\System\rRCOzCQ.exe
  C:\Windows\System\rRCOzCQ.exe
  2⤵
  PID:8956
- C:\Windows\System\DAWxKdH.exe
  C:\Windows\System\DAWxKdH.exe
  2⤵
  PID:8972
- C:\Windows\System\xGoQOCN.exe
  C:\Windows\System\xGoQOCN.exe
  2⤵
  PID:8988
- C:\Windows\System\WyOXBEk.exe
  C:\Windows\System\WyOXBEk.exe
  2⤵
  PID:9004
- C:\Windows\System\kjLhYFK.exe
  C:\Windows\System\kjLhYFK.exe
  2⤵
  PID:9020
- C:\Windows\System\pWRyDcL.exe
  C:\Windows\System\pWRyDcL.exe
  2⤵
  PID:9036
- C:\Windows\System\deJTbwl.exe
  C:\Windows\System\deJTbwl.exe
  2⤵
  PID:9052
- C:\Windows\System\KhEsjWE.exe
  C:\Windows\System\KhEsjWE.exe
  2⤵
  PID:9068
- C:\Windows\System\EpykNsv.exe
  C:\Windows\System\EpykNsv.exe
  2⤵
  PID:9084
- C:\Windows\System\adjubgZ.exe
  C:\Windows\System\adjubgZ.exe
  2⤵
  PID:9100
- C:\Windows\System\FUknhXl.exe
  C:\Windows\System\FUknhXl.exe
  2⤵
  PID:9116
- C:\Windows\System\tDlzChy.exe
  C:\Windows\System\tDlzChy.exe
  2⤵
  PID:9132
- C:\Windows\System\pIJiebE.exe
  C:\Windows\System\pIJiebE.exe
  2⤵
  PID:9148
- C:\Windows\System\MgmdoeU.exe
  C:\Windows\System\MgmdoeU.exe
  2⤵
  PID:9164
- C:\Windows\System\cMpDKNN.exe
  C:\Windows\System\cMpDKNN.exe
  2⤵
  PID:9180
- C:\Windows\System\RgWtkZi.exe
  C:\Windows\System\RgWtkZi.exe
  2⤵
  PID:9196
- C:\Windows\System\AbiLXPj.exe
  C:\Windows\System\AbiLXPj.exe
  2⤵
  PID:9212
- C:\Windows\System\dcLIUud.exe
  C:\Windows\System\dcLIUud.exe
  2⤵
  PID:8212
- C:\Windows\System\MLHOSXJ.exe
  C:\Windows\System\MLHOSXJ.exe
  2⤵
  PID:7440
- C:\Windows\System\WgwMNPH.exe
  C:\Windows\System\WgwMNPH.exe
  2⤵
  PID:8336
- C:\Windows\System\eYwiawg.exe
  C:\Windows\System\eYwiawg.exe
  2⤵
  PID:8368
- C:\Windows\System\uAlhilI.exe
  C:\Windows\System\uAlhilI.exe
  2⤵
  PID:8432
- C:\Windows\System\cXNmrbz.exe
  C:\Windows\System\cXNmrbz.exe
  2⤵
  PID:8496
- C:\Windows\System\DBzSIWF.exe
  C:\Windows\System\DBzSIWF.exe
  2⤵
  PID:8528
- C:\Windows\System\wTJpOPJ.exe
  C:\Windows\System\wTJpOPJ.exe
  2⤵
  PID:8288
- C:\Windows\System\aSsPSSh.exe
  C:\Windows\System\aSsPSSh.exe
  2⤵
  PID:1876
- C:\Windows\System\UGVwHhM.exe
  C:\Windows\System\UGVwHhM.exe
  2⤵
  PID:8228
- C:\Windows\System\hGHITTA.exe
  C:\Windows\System\hGHITTA.exe
  2⤵
  PID:8324
- C:\Windows\System\oOhUrZM.exe
  C:\Windows\System\oOhUrZM.exe
  2⤵
  PID:8516
- C:\Windows\System\fEEtvDD.exe
  C:\Windows\System\fEEtvDD.exe
  2⤵
  PID:8484
- C:\Windows\System\WqvSZdA.exe
  C:\Windows\System\WqvSZdA.exe
  2⤵
  PID:8388
- C:\Windows\System\MQGrghP.exe
  C:\Windows\System\MQGrghP.exe
  2⤵
  PID:8656
- C:\Windows\System\kvrojIE.exe
  C:\Windows\System\kvrojIE.exe
  2⤵
  PID:8672
- C:\Windows\System\JhLsYSI.exe
  C:\Windows\System\JhLsYSI.exe
  2⤵
  PID:8644
- C:\Windows\System\FVQvvDP.exe
  C:\Windows\System\FVQvvDP.exe
  2⤵
  PID:8724
- C:\Windows\System\FhjeFOq.exe
  C:\Windows\System\FhjeFOq.exe
  2⤵
  PID:8788
- C:\Windows\System\skhAlGT.exe
  C:\Windows\System\skhAlGT.exe
  2⤵
  PID:8736
- C:\Windows\System\iaudScZ.exe
  C:\Windows\System\iaudScZ.exe
  2⤵
  PID:8804
- C:\Windows\System\QXLyady.exe
  C:\Windows\System\QXLyady.exe
  2⤵
  PID:8856
- C:\Windows\System\jXgTmRB.exe
  C:\Windows\System\jXgTmRB.exe
  2⤵
  PID:8920
- C:\Windows\System\UcHfzto.exe
  C:\Windows\System\UcHfzto.exe
  2⤵
  PID:8984
- C:\Windows\System\RvzOLdE.exe
  C:\Windows\System\RvzOLdE.exe
  2⤵
  PID:9048
- C:\Windows\System\YUhfTom.exe
  C:\Windows\System\YUhfTom.exe
  2⤵
  PID:9092
- C:\Windows\System\kfUqNKB.exe
  C:\Windows\System\kfUqNKB.exe
  2⤵
  PID:3208
- C:\Windows\System\VfogEek.exe
  C:\Windows\System\VfogEek.exe
  2⤵
  PID:9032
- C:\Windows\System\LgpaAgp.exe
  C:\Windows\System\LgpaAgp.exe
  2⤵
  PID:8304
- C:\Windows\System\vYKWsmC.exe
  C:\Windows\System\vYKWsmC.exe
  2⤵
  PID:8404
- C:\Windows\System\hZzYDyA.exe
  C:\Windows\System\hZzYDyA.exe
  2⤵
  PID:8560
- C:\Windows\System\LsqSUuL.exe
  C:\Windows\System\LsqSUuL.exe
  2⤵
  PID:8448
- C:\Windows\System\qYSVIVi.exe
  C:\Windows\System\qYSVIVi.exe
  2⤵
  PID:8480
- C:\Windows\System\SZsTEWM.exe
  C:\Windows\System\SZsTEWM.exe
  2⤵
  PID:8580
- C:\Windows\System\JfevHbz.exe
  C:\Windows\System\JfevHbz.exe
  2⤵
  PID:8688
- C:\Windows\System\gizfofb.exe
  C:\Windows\System\gizfofb.exe
  2⤵
  PID:9016
- C:\Windows\System\fWIJleV.exe
  C:\Windows\System\fWIJleV.exe
  2⤵
  PID:9140
- C:\Windows\System\ZAHBgmR.exe
  C:\Windows\System\ZAHBgmR.exe
  2⤵
  PID:9204
- C:\Windows\System\ENKNKYX.exe
  C:\Windows\System\ENKNKYX.exe
  2⤵
  PID:7672
- C:\Windows\System\KjpPtvS.exe
  C:\Windows\System\KjpPtvS.exe
  2⤵
  PID:8260
- C:\Windows\System\MSXgtrY.exe
  C:\Windows\System\MSXgtrY.exe
  2⤵
  PID:8852
- C:\Windows\System\QPWQBey.exe
  C:\Windows\System\QPWQBey.exe
  2⤵
  PID:8888
- C:\Windows\System\oaexsXK.exe
  C:\Windows\System\oaexsXK.exe
  2⤵
  PID:8840
- C:\Windows\System\MtSVUhU.exe
  C:\Windows\System\MtSVUhU.exe
  2⤵
  PID:9160
- C:\Windows\System\UeEmNGS.exe
  C:\Windows\System\UeEmNGS.exe
  2⤵
  PID:8196
- C:\Windows\System\ipCoLIA.exe
  C:\Windows\System\ipCoLIA.exe
  2⤵
  PID:9172
- C:\Windows\System\JjsWUaF.exe
  C:\Windows\System\JjsWUaF.exe
  2⤵
  PID:8256
- C:\Windows\System\CYqDbeJ.exe
  C:\Windows\System\CYqDbeJ.exe
  2⤵
  PID:8772
- C:\Windows\System\uatvMTR.exe
  C:\Windows\System\uatvMTR.exe
  2⤵
  PID:8816
- C:\Windows\System\YyQWtTD.exe
  C:\Windows\System\YyQWtTD.exe
  2⤵
  PID:8952
- C:\Windows\System\ECGIagw.exe
  C:\Windows\System\ECGIagw.exe
  2⤵
  PID:8932
- C:\Windows\System\liGgbpx.exe
  C:\Windows\System\liGgbpx.exe
  2⤵
  PID:9128
- C:\Windows\System\KLPJuDa.exe
  C:\Windows\System\KLPJuDa.exe
  2⤵
  PID:4612
- C:\Windows\System\nLrxjGw.exe
  C:\Windows\System\nLrxjGw.exe
  2⤵
  PID:8384
- C:\Windows\System\FQgGGzV.exe
  C:\Windows\System\FQgGGzV.exe
  2⤵
  PID:8624
- C:\Windows\System\porcVee.exe
  C:\Windows\System\porcVee.exe
  2⤵
  PID:8756
- C:\Windows\System\HuNZicD.exe
  C:\Windows\System\HuNZicD.exe
  2⤵
  PID:8704
- C:\Windows\System\gplHrXp.exe
  C:\Windows\System\gplHrXp.exe
  2⤵
  PID:8612
- C:\Windows\System\KYfncMc.exe
  C:\Windows\System\KYfncMc.exe
  2⤵
  PID:8900
- C:\Windows\System\qrdytuZ.exe
  C:\Windows\System\qrdytuZ.exe
  2⤵
  PID:8768
- C:\Windows\System\saPUiZi.exe
  C:\Windows\System\saPUiZi.exe
  2⤵
  PID:8784
- C:\Windows\System\OutQBJI.exe
  C:\Windows\System\OutQBJI.exe
  2⤵
  PID:9232
- C:\Windows\System\iAnyeOS.exe
  C:\Windows\System\iAnyeOS.exe
  2⤵
  PID:9248
- C:\Windows\System\xiqWSTG.exe
  C:\Windows\System\xiqWSTG.exe
  2⤵
  PID:9272
- C:\Windows\System\HujUkGb.exe
  C:\Windows\System\HujUkGb.exe
  2⤵
  PID:9288
- C:\Windows\System\MwuykqQ.exe
  C:\Windows\System\MwuykqQ.exe
  2⤵
  PID:9304
- C:\Windows\System\SxszewZ.exe
  C:\Windows\System\SxszewZ.exe
  2⤵
  PID:9320
- C:\Windows\System\MdeAZWM.exe
  C:\Windows\System\MdeAZWM.exe
  2⤵
  PID:9340
- C:\Windows\System\pTVjLOH.exe
  C:\Windows\System\pTVjLOH.exe
  2⤵
  PID:9356
- C:\Windows\System\hiwyZwC.exe
  C:\Windows\System\hiwyZwC.exe
  2⤵
  PID:9372
- C:\Windows\System\wdKamVo.exe
  C:\Windows\System\wdKamVo.exe
  2⤵
  PID:9424
- C:\Windows\System\TSaUbeP.exe
  C:\Windows\System\TSaUbeP.exe
  2⤵
  PID:9444
- C:\Windows\System\cxNxsAB.exe
  C:\Windows\System\cxNxsAB.exe
  2⤵
  PID:9464
- C:\Windows\System\rwQKIzA.exe
  C:\Windows\System\rwQKIzA.exe
  2⤵
  PID:9480
- C:\Windows\System\jioupKx.exe
  C:\Windows\System\jioupKx.exe
  2⤵
  PID:9504
- C:\Windows\System\rctXiyE.exe
  C:\Windows\System\rctXiyE.exe
  2⤵
  PID:9524
- C:\Windows\System\DFHJsGP.exe
  C:\Windows\System\DFHJsGP.exe
  2⤵
  PID:9540
- C:\Windows\System\qsoVJnu.exe
  C:\Windows\System\qsoVJnu.exe
  2⤵
  PID:9568
- C:\Windows\System\EKmdFXr.exe
  C:\Windows\System\EKmdFXr.exe
  2⤵
  PID:9584
- C:\Windows\System\hMMPgzj.exe
  C:\Windows\System\hMMPgzj.exe
  2⤵
  PID:9600
- C:\Windows\System\lmksoMx.exe
  C:\Windows\System\lmksoMx.exe
  2⤵
  PID:9616
- C:\Windows\System\tOcsvSN.exe
  C:\Windows\System\tOcsvSN.exe
  2⤵
  PID:9636
- C:\Windows\System\BtaONcO.exe
  C:\Windows\System\BtaONcO.exe
  2⤵
  PID:9668
- C:\Windows\System\xdYDRxL.exe
  C:\Windows\System\xdYDRxL.exe
  2⤵
  PID:9684
- C:\Windows\System\nNtEXPe.exe
  C:\Windows\System\nNtEXPe.exe
  2⤵
  PID:9708
- C:\Windows\System\uyCgQCv.exe
  C:\Windows\System\uyCgQCv.exe
  2⤵
  PID:9728
- C:\Windows\System\iTYwiwX.exe
  C:\Windows\System\iTYwiwX.exe
  2⤵
  PID:9744
- C:\Windows\System\cvPCbcu.exe
  C:\Windows\System\cvPCbcu.exe
  2⤵
  PID:9760
- C:\Windows\System\SWKhvcT.exe
  C:\Windows\System\SWKhvcT.exe
  2⤵
  PID:9780
- C:\Windows\System\Zwglbhh.exe
  C:\Windows\System\Zwglbhh.exe
  2⤵
  PID:9796
- C:\Windows\System\xqzPoUi.exe
  C:\Windows\System\xqzPoUi.exe
  2⤵
  PID:9812
- C:\Windows\System\sBJSJsg.exe
  C:\Windows\System\sBJSJsg.exe
  2⤵
  PID:9828
- C:\Windows\System\JyxISoc.exe
  C:\Windows\System\JyxISoc.exe
  2⤵
  PID:9844
- C:\Windows\System\AaSlfAF.exe
  C:\Windows\System\AaSlfAF.exe
  2⤵
  PID:9864
- C:\Windows\System\HhTGZkj.exe
  C:\Windows\System\HhTGZkj.exe
  2⤵
  PID:9880
- C:\Windows\System\VdbRVuI.exe
  C:\Windows\System\VdbRVuI.exe
  2⤵
  PID:9896
- C:\Windows\System\ymsjvon.exe
  C:\Windows\System\ymsjvon.exe
  2⤵
  PID:9912
- C:\Windows\System\OEPTzgs.exe
  C:\Windows\System\OEPTzgs.exe
  2⤵
  PID:9932
- C:\Windows\System\QwCZwSW.exe
  C:\Windows\System\QwCZwSW.exe
  2⤵
  PID:9948
- C:\Windows\System\xMxpzUw.exe
  C:\Windows\System\xMxpzUw.exe
  2⤵
  PID:9964
- C:\Windows\System\sTdEAmm.exe
  C:\Windows\System\sTdEAmm.exe
  2⤵
  PID:9980
- C:\Windows\System\XBnijCO.exe
  C:\Windows\System\XBnijCO.exe
  2⤵
  PID:9996
- C:\Windows\System\sCBVRCW.exe
  C:\Windows\System\sCBVRCW.exe
  2⤵
  PID:10012
- C:\Windows\System\sfZUqos.exe
  C:\Windows\System\sfZUqos.exe
  2⤵
  PID:10028
- C:\Windows\System\uHoSgMV.exe
  C:\Windows\System\uHoSgMV.exe
  2⤵
  PID:10044
- C:\Windows\System\gUPwsAF.exe
  C:\Windows\System\gUPwsAF.exe
  2⤵
  PID:10060
- C:\Windows\System\auYzISB.exe
  C:\Windows\System\auYzISB.exe
  2⤵
  PID:10076
- C:\Windows\System\tKcuRLr.exe
  C:\Windows\System\tKcuRLr.exe
  2⤵
  PID:10092
- C:\Windows\System\vMGpCaq.exe
  C:\Windows\System\vMGpCaq.exe
  2⤵
  PID:10108
- C:\Windows\System\ogGGnHS.exe
  C:\Windows\System\ogGGnHS.exe
  2⤵
  PID:10124
- C:\Windows\System\CIdaAtp.exe
  C:\Windows\System\CIdaAtp.exe
  2⤵
  PID:10140
- C:\Windows\System\snFbhYG.exe
  C:\Windows\System\snFbhYG.exe
  2⤵
  PID:10156
- C:\Windows\System\kyfhyqQ.exe
  C:\Windows\System\kyfhyqQ.exe
  2⤵
  PID:10172
- C:\Windows\System\DNkftNe.exe
  C:\Windows\System\DNkftNe.exe
  2⤵
  PID:10188
- C:\Windows\System\PKEzGuQ.exe
  C:\Windows\System\PKEzGuQ.exe
  2⤵
  PID:10204
- C:\Windows\System\VQUDoim.exe
  C:\Windows\System\VQUDoim.exe
  2⤵
  PID:10220
- C:\Windows\System\nQcpBUR.exe
  C:\Windows\System\nQcpBUR.exe
  2⤵
  PID:10236
- C:\Windows\System\SJngrWG.exe
  C:\Windows\System\SJngrWG.exe
  2⤵
  PID:9228
- C:\Windows\System\gFoPWks.exe
  C:\Windows\System\gFoPWks.exe
  2⤵
  PID:9264
- C:\Windows\System\YraWVXd.exe
  C:\Windows\System\YraWVXd.exe
  2⤵
  PID:9064
- C:\Windows\System\EvMTyJg.exe
  C:\Windows\System\EvMTyJg.exe
  2⤵
  PID:9312
- C:\Windows\System\uxGKLgv.exe
  C:\Windows\System\uxGKLgv.exe
  2⤵
  PID:9328
- C:\Windows\System\DBDlNur.exe
  C:\Windows\System\DBDlNur.exe
  2⤵
  PID:9352
- C:\Windows\System\TZdkVdV.exe
  C:\Windows\System\TZdkVdV.exe
  2⤵
  PID:9368
- C:\Windows\System\FltYIqV.exe
  C:\Windows\System\FltYIqV.exe
  2⤵
  PID:9396
- C:\Windows\System\VUkePIb.exe
  C:\Windows\System\VUkePIb.exe
  2⤵
  PID:9416
- C:\Windows\System\lLRaiop.exe
  C:\Windows\System\lLRaiop.exe
  2⤵
  PID:9436
- C:\Windows\System\XioTYLt.exe
  C:\Windows\System\XioTYLt.exe
  2⤵
  PID:9460
- C:\Windows\System\BHEUodU.exe
  C:\Windows\System\BHEUodU.exe
  2⤵
  PID:9476
- C:\Windows\System\cRmaEqx.exe
  C:\Windows\System\cRmaEqx.exe
  2⤵
  PID:9512
- C:\Windows\System\rPfwuEA.exe
  C:\Windows\System\rPfwuEA.exe
  2⤵
  PID:9536
- C:\Windows\System\VtvetGP.exe
  C:\Windows\System\VtvetGP.exe
  2⤵
  PID:9564
- C:\Windows\System\aODSzyW.exe
  C:\Windows\System\aODSzyW.exe
  2⤵
  PID:9592
- C:\Windows\System\jOiBuHI.exe
  C:\Windows\System\jOiBuHI.exe
  2⤵
  PID:9624
- C:\Windows\System\XYVWesV.exe
  C:\Windows\System\XYVWesV.exe
  2⤵
  PID:9644
- C:\Windows\System\kLagDYh.exe
  C:\Windows\System\kLagDYh.exe
  2⤵
  PID:9660
- C:\Windows\System\erHucjf.exe
  C:\Windows\System\erHucjf.exe
  2⤵
  PID:9704
- C:\Windows\System\JgHHVhi.exe
  C:\Windows\System\JgHHVhi.exe
  2⤵
  PID:9716
- C:\Windows\System\hcHdWFu.exe
  C:\Windows\System\hcHdWFu.exe
  2⤵
  PID:9740
- C:\Windows\System\hYguasy.exe
  C:\Windows\System\hYguasy.exe
  2⤵
  PID:944
- C:\Windows\System\MvUaozC.exe
  C:\Windows\System\MvUaozC.exe
  2⤵
  PID:9776
- C:\Windows\System\wXwhgUM.exe
  C:\Windows\System\wXwhgUM.exe
  2⤵
  PID:9820
- C:\Windows\System\nliXwSO.exe
  C:\Windows\System\nliXwSO.exe
  2⤵
  PID:9836
- C:\Windows\System\SWIvxBm.exe
  C:\Windows\System\SWIvxBm.exe
  2⤵
  PID:9888
- C:\Windows\System\hWkrdLT.exe
  C:\Windows\System\hWkrdLT.exe
  2⤵
  PID:9560
- C:\Windows\System\jWpSgaO.exe
  C:\Windows\System\jWpSgaO.exe
  2⤵
  PID:9940
- C:\Windows\System\DBcvcIy.exe
  C:\Windows\System\DBcvcIy.exe
  2⤵
  PID:9944
- C:\Windows\System\ZMvRuBV.exe
  C:\Windows\System\ZMvRuBV.exe
  2⤵
  PID:10072
- C:\Windows\System\NMXlojH.exe
  C:\Windows\System\NMXlojH.exe
  2⤵
  PID:10100
- C:\Windows\System\quLEVab.exe
  C:\Windows\System\quLEVab.exe
  2⤵
  PID:9956
- C:\Windows\System\omENrPU.exe
  C:\Windows\System\omENrPU.exe
  2⤵
  PID:10116
- C:\Windows\System\BrBniiZ.exe
  C:\Windows\System\BrBniiZ.exe
  2⤵
  PID:10148
- C:\Windows\System\egMPIfl.exe
  C:\Windows\System\egMPIfl.exe
  2⤵
  PID:10216
- C:\Windows\System\ZDEKRiK.exe
  C:\Windows\System\ZDEKRiK.exe
  2⤵
  PID:10180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CrPzfsT.exe

Filesize
6.0MB

MD5
19cb970c60222efbcabc142ed9fdd738

SHA1
3b29b329bb6741b83a1b2f1e8012af4de4bf78f6

SHA256
34f5f2c63f57d11299320962bde68e6d1d2ae89bfc1cf5db068ac3fc14850d7c

SHA512
1d7833fba923002d7e85e51c32930b29734c40c399117feed7a46252110387c738bb55480a13fb5df23c2a71c9282568ff26544356db95f630f6bb1877c5ad22

Download Submit
C:\Windows\system\DuasifF.exe

Filesize
6.0MB

MD5
e02a1900271b7e1c4490ff6f4fb47472

SHA1
cd0ca0e8e05196a0aefee4b8a61808b6a339657c

SHA256
ef7876a495ae00cdb84906e6d12ab20eaf2cabe7bb22bf0641e0d4d8ba61549d

SHA512
2f41625f6b531b81d6455c41dc1590127c23972be4ea013190f1ff9b7845b3a406ff2a01fe712add63b3e991712062591e80dc58255df5a5798b53b587d21b30

Download Submit
C:\Windows\system\GlObWQm.exe

Filesize
6.0MB

MD5
eccbea80b4fa8ccf1253db1cecf7b655

SHA1
86e1f363b8acc58ff5f965bae84d6c6c16d7f91a

SHA256
016ca727770dd2d3afe8619dd13da8ffb2eef1142a2c398e329e7c8e532583ad

SHA512
e3ba8138349c1178b90e3b32742d55b3c69af893ba15b07f3a3ef4c1767fce797a8020afa51ee0070a19c6239feccdcc724808574a472bbcc66b01cc9f6a37de

Download Submit
C:\Windows\system\JMKAgFi.exe

Filesize
6.0MB

MD5
430475218df2994a2a46565136f28321

SHA1
5281dc20961f4368ef25a50ec4fd3ceca8228842

SHA256
7550d53a9acf1322747f6a2d9f41e1c564f94b9047f0bec3a79c1bbdca71d575

SHA512
980d1ffbd2d149833cd78efa1e9c1f5e089c4e8cd8da05b10d33f686520f59c30e4c1eb4df1a015faae1d716229e09546a7dc5ed8bb1b53031293edfc150a328

Download Submit
C:\Windows\system\JOetAjC.exe

Filesize
6.0MB

MD5
b136b7f15361d223db36392fcdc71759

SHA1
71309113d99ee03f8ef3d698fcacd876b05cf34f

SHA256
5d617bbece43978aa84c32a5fe0d9e5702ab8a357e98af2c9770f5c0c405e4f0

SHA512
612cf7c35485fb8fd1d23fb065c731fb2b955291a6fe2f7a43289a1b8f42d0e6f8757dc09eb85f3eef0d1603e9adb6c6420f1fced9276d159f0532c1ea24dfa3

Download Submit
C:\Windows\system\LmhIpNx.exe

Filesize
6.0MB

MD5
7ecc0cd4cd745696893794b6631debc4

SHA1
67024955ec8fa3c16d7ccf035b8832f794e96711

SHA256
ba104db62fe09f62aee2a97ce32772777a45412608becef87187b61682b903e2

SHA512
69e3bcc25be5b1d4cd67b769a05214fc24186dc81634f3f868aba2932de06af398e8f0cd3a7b2398862f5923928f8534a98dda61bd322af0acee38c9ac26e06d

Download Submit
C:\Windows\system\MUETDuD.exe

Filesize
6.0MB

MD5
45b76d18771c6cd5df788cd99418730b

SHA1
0a37e17dd64e3992da3fc64e2a4c6f966f6ff23e

SHA256
b23b891a41c641ce3d89cd2f43edd924732c85e937ff80efda29ca324d179416

SHA512
08464fbd5c8fd5f8710f559136f07cdaa88db5934462ee01f2ff28294514f6773e40e182fc4adb43cdf4cd8d79e6bb0ac252f5118cd84af8b6b24a1d9c842c81

Download Submit
C:\Windows\system\OTdDPuY.exe

Filesize
6.0MB

MD5
e63d22bdef5924ef3d53cac4d77b68f2

SHA1
918598421846835c9be0f33320bd7e409177f660

SHA256
284b83223d7cb7d1122950c01c4013b09b0c7a43b881139d4eebaecd6c9def08

SHA512
27248d3309425759181df162922d2f965b80adde1555301af8f1511ace258e25dcb967b4b6e69bef4d9f7b421abeab25df31e9e086ba67a5e5e404b90b062dc1

Download Submit
C:\Windows\system\OYfuUZS.exe

Filesize
6.0MB

MD5
3c42974494dc6619d061c743c723ba7d

SHA1
0787e4ddb4dfce93a22f17d9ea0678419b9a9075

SHA256
327ffd4b0f5172cf084e0ebb7452edbe55afc6ada64e3c81544b43d205625a32

SHA512
b1613f30231c8430995ccd4a6ba24d0ad3b8bdc6d845fbba4d8fb26a5782a66530709ea444eb02a2390288bb5dfefb9843801acb6874bfa563ff162e1265edcc

Download Submit
C:\Windows\system\SuGbcur.exe

Filesize
6.0MB

MD5
2080a0369db9c37cb82241299c91e040

SHA1
9f2ad88cbc92c19b91a3283d93aab727d53c2261

SHA256
16831c1a383d730aa4f593cc1341a44cf5cdf5187ea11e8d33ecbe33c13fd0b4

SHA512
1dd44afefc197f582b451c6aff47b6446aa331b61c1e8353135419d7b5f028294ffaaa419838862ab6d72ee0a8d6a70f7cbd43346966ed22cf06795279957a79

Download Submit
C:\Windows\system\TOlyLkf.exe

Filesize
6.0MB

MD5
6c8cfe71010189cbc92bf811f322e79b

SHA1
bd87a00e27d93422653d1a3e37352d0c97355ed2

SHA256
0dc7e2a7fee66ca2a0f6cecafe666f1f1db5d15562efb011635c61e9e07605bf

SHA512
6960dee8e201f30c0aebf72c1556064fb98f6baf54fd971028309530680df983dd87fe4d5add87358741de1745549cc60cab48535dd8c9314f43d7ee30eb7998

Download Submit
C:\Windows\system\URajuLj.exe

Filesize
6.0MB

MD5
103eaf7870251167ee50d0bffec43de5

SHA1
f0b37e5be490e885c325abec23591cef5b183b91

SHA256
e992a3268582130295c77aa8dbd30d3bc065693598817c1d44b6d1ca00d0ffc2

SHA512
778572385c760e99a807a74178add42487c78533325231ca9c6670212c205229355acc9810093fb36c0146c60979e367c81b697f9d2a82d436b7b184b88746f1

Download Submit
C:\Windows\system\XWzIyAl.exe

Filesize
6.0MB

MD5
640b8693c56335700651db0a78a6e149

SHA1
8e6ef59220c9bf77c85db95a23dc39df2f9aded3

SHA256
28051d25b19b5e8f598e301bbaf47fc95a47d03f29f2cd63b3d53264427bf9df

SHA512
6da095a059c931b6b1eef540db3bd3cddae3aa374f29782d8fcacdc0b6d0ab94655ab4209696824cc7ca2b50689ddd464464ea689a29d82846dba48c49a9987a

Download Submit
C:\Windows\system\XtrgXCG.exe

Filesize
6.0MB

MD5
60763b30ab7bac9bd25ccdc412f43680

SHA1
ec4b639ca2b1ce6354d808687957dc82ef676055

SHA256
cd6c606c9aa68b98e0386dfe33bd7de406ec9a341866be5a0f463b0736436993

SHA512
e696a3211f301f4d64f03bbaf544aa4b93e20f2c5474839c32ff0632ac0f8b074ee1fce43360830f39e17efe39b4dc93d60220693379352132f5b6b3ab318e37

Download Submit
C:\Windows\system\ZFtPjeb.exe

Filesize
6.0MB

MD5
b7101d9bcd9ceeb54deda6a048c0a191

SHA1
c21e2c2ac145a6680b1d94659226d7751fa1cee6

SHA256
b4131c7bf750f5a4a1d330a87cc448ebaa1d1a50d0596a958783c1af53f30344

SHA512
e799a868ce38d0117f27448e6c8af98f108b9057a741fd122a003012fc3925591ee5d97e8b9e04f24e1476071caad13dc4bdb788b2dbeb63a389eb58e470adcb

Download Submit
C:\Windows\system\bzFAxpP.exe

Filesize
6.0MB

MD5
70554374f2b88f8e69d65a3d200cf21d

SHA1
20f23a25cfd128ecfc36040b3212b15d4beae931

SHA256
17b934a51855f6e7a829c028a1899ec045b8095c89ab70e5178dfbdc36e28df4

SHA512
6f4af18b530a9bb7eb4cf638c493c838dd3d1ede761f9f05a2f509b52611d97c8f65b843fef384da5345679eff53540ec05384c6286d0378e737642065d05297

Download Submit
C:\Windows\system\cIBpkiu.exe

Filesize
6.0MB

MD5
42a1e7bfc0265b38b8c54f3a10a623f1

SHA1
0b72a6f73f62a0c3af277ceb86288ec304e83dfd

SHA256
0e6c5e3ad03d71fa1ba61c349731822f489bcd175656118827ad44dd6aefdabc

SHA512
3fe0f722c568cd430cdaa5dc57f483be88bbbc952d16b1c8a636ebd0643eacea83130fce41807a9aacd2122930946cddd0c53a2c0a023019ef07dcbbcaa783f4

Download Submit
C:\Windows\system\eKkAVfX.exe

Filesize
6.0MB

MD5
fe59fdd7ad9f555acd9da39038350418

SHA1
4d2f4a4b695545e90f65d8a154c144ff8c692b8e

SHA256
54e01309b0a10383000939fe4c476ead897c57ff0b4cd6af9c7aa004176081f0

SHA512
83ebe570a94a3747deaa3fa461ff6a6d0fe01b91c971ed0c6f9463d6a461b067ceeb9a76274350158eaa1eff142f1751d5d5d8721801f40d7f2501ac85f5896b

Download Submit
C:\Windows\system\eRiIeQm.exe

Filesize
6.0MB

MD5
b4ad1a83c96ee7290f7ce717c2a9e16c

SHA1
721eecae676786f2afd10bebd90020dac0fb9e0c

SHA256
ce06493f7324304127568c553e20979b7c590f185fe86ecac0ccd4fe06c2e2cd

SHA512
5b35455c81a5917a3b18958cee50f8a61c99350b6097ea2448e8a81275d51de5df5f7c08e4ee0ea866c92033712eefdcc5d7e46fc15bd0983d5ef925cd8b3266

Download Submit
C:\Windows\system\hngoGra.exe

Filesize
6.0MB

MD5
060ec3883a63e1d7d52e57f07920fab7

SHA1
f92f3ead81b831f5f9eab27d8cde6b8abb468b4f

SHA256
8e67924cf2b55bd858598d6856c349d0403298fb77ec2f01971c9cc36f843cdf

SHA512
82be1369b9a06b66be55627c32cfcc56662fcac7e845840a873fa4149578b6f5cf7bd01909b07605615fec2646bbf5b520659d01346d0df67357e6d0937c7156

Download Submit
C:\Windows\system\hxpqvpR.exe

Filesize
6.0MB

MD5
bfe57c797aba96f771b1445104f1ad77

SHA1
2052bf3edb8e7c13529a8d90be596b489f06fb05

SHA256
029f7af675398addaa00e6cc5eeb727dd49450c968094d20bb75e1b1971c8fe8

SHA512
7d54727b0a3b7e3907ebf9655eac0315a3a7801aca199a7ed2a4c293f779e42343e3cfa38fcee2dd61951651a07bc4f9996af2f3589a8eb916af9f4884f0a2f9

Download Submit
C:\Windows\system\kYRJiNd.exe

Filesize
6.0MB

MD5
137bddc6185d2b43052c27d60843e3d5

SHA1
2d070bb4c1ab8a3a5dd52157c33859efcd753e81

SHA256
a28e5226212e2c884b9881aea2dafbe10eb5be1cc4ff4f3e8762b88a3ba70e48

SHA512
02c9f2af13a71311e34b27795298bd5637b4b76c3566a590bd03914f61fa745517fee3aa2324890a79d6a611e430cfc87b4dbd27cc7c4ddf1e518016355e16de

Download Submit
C:\Windows\system\osweaFR.exe

Filesize
6.0MB

MD5
e1e29948b4dbc93542d8a1f63a454868

SHA1
f55d55e8f793376539e5b1eee48dd18885190a90

SHA256
8115a79a2afa43e1da10156326522ae789c9d462ed73c11e7eb1026a14513d06

SHA512
5948567ce3d2b6e708bea97149238543e42f2c9a96c295516810aa0f341f2df74de03b8bbeecf527edf799523867a0a9a4056fb283a2174ff2c6e4321669c7f0

Download Submit
C:\Windows\system\qQJMqbq.exe

Filesize
6.0MB

MD5
f126238d10176ec9c0cfd67af19a1e21

SHA1
4e22f018f398da76c42725e2ad0c04f325098ee3

SHA256
eadc52f5e6e351fc82dfd9484b53e756bb98665330d7264675f75b9588606354

SHA512
887d43eeddee17c8708c92f67305543f5aa10d0488068696ddab9fe02cb1e8150490e8312a42f8dece0806d103f6bca5b2e6e4823d9212e34916d5308d190271

Download Submit
C:\Windows\system\xkfUlnd.exe

Filesize
6.0MB

MD5
a6d4525da6c91a34e4e19859d3b173c6

SHA1
28ff80d6c741cbf033a9a81b08ff5f03b7700f8d

SHA256
d7ef89db87e34110c706d116d5043f990f0c108fdc8713e668bfc428ab6ce9f8

SHA512
c6499efc1adac93e20af89d1f0530f89c206ea8e079f0d90d2f3e3db9d6c7c519eddd740e433c1ab6f581d0ac5e5c737c54683a0f41142a6a296a9b084df8ba5

Download Submit
C:\Windows\system\ycrzWOp.exe

Filesize
6.0MB

MD5
2108c3594c4965c2d6b37e271048f322

SHA1
00ded93636fd05d3d1a1d2d5a44984070cf227a2

SHA256
1aff82d2eca80bc3f60c53baa13e20a0a7adce15d6985a0cb2fe130bd1297ed8

SHA512
f723023a693aab6ff364430670301db253bcce32f212360f17ed547c268151da292cf73ed091513207a1ac52861c58770ed4472a258bef6e372956e077aa659b

Download Submit
\Windows\system\Fctzknn.exe

Filesize
6.0MB

MD5
3d22cbb680bbe6af2e69dab16e34d46b

SHA1
cbce5b078f2a8e04b4a4887d5607357a9fc52d5d

SHA256
b843dddc704090ad10091bc9ba71f4211efb4a4fdfaf32e7f9eb9599625ff6c8

SHA512
15f917fc5b1fca5a4ceace57426336aa92f0bfffbcfe59c3fc3e38a79a00009754ec75bfae25519c64764f71188f8bd6211c2a832f8b1921426e03e71f233b1a

Download Submit
\Windows\system\UdtCrBj.exe

Filesize
6.0MB

MD5
dbdab03431f9347396ed8f11decf5d53

SHA1
eade2db9eeecae519b462e5c79a6089f8ccb5c95

SHA256
bac34ca313944470172380701ffe2595662d13322b25383508be3c67e6c87224

SHA512
ab264bb9eb2fdc6f4d51124665c28212a858021494c0f027bdf69c73d8a93a2f2f1c6afde1f3a4a3ca1fb82cb1016ad3da0b69537cb492a10653a8ab659f6f24

Download Submit
\Windows\system\VfVGfGp.exe

Filesize
6.0MB

MD5
0de28b5a89b53601bc38f90bf9a06c4f

SHA1
c386f278f36c1ef5228490a0d55e0c0873541355

SHA256
700e0e04a1802c079cf6070e1337081560ea3d5bf5b739144c26b14203b822fb

SHA512
96fe8e4009c488d004261abece68fa579224a4faf85cd68774a4cdf438ba14f588b28bffb6aa79fc84b1acbf9c360cdde4201ae1987c940b44cdbb753ad1f526

Download Submit
\Windows\system\fvXipVu.exe

Filesize
6.0MB

MD5
dde1bcc2b556abe9db6c4496dcb582bc

SHA1
ce6d25edd82032577481fca96161fae0aea815dc

SHA256
07943edcfbec28bcb01905742d7c7a3fda9a8729573b0e71a566e53295c4d289

SHA512
3ece9936a70ff5df6eb656813317d1250f7e4b3c5d36170b7a83e97ac93a510876cd14c6070268c0850a9211dc0b2b5b0a7ccfbc371136d97ecaccbb12d622b7

Download Submit
\Windows\system\kqeissI.exe

Filesize
6.0MB

MD5
5e392052d6c59cfd4d0800c470805e31

SHA1
68819dffe5da67b1da08bb012b18b790471bdc51

SHA256
f6f7e5ae87dbeb1751afc5dd65478377e578e2daf3e770f61e98e3a09566ed8e

SHA512
4e4409e2341eae0a9cdc536b8a3d9faaccda680959f9d16a283151d6295a88c7893549fe53c0a93c1066b1eda78dbff1e24b4c033f0119fbe678de5e9f5fac89

Download Submit
\Windows\system\nHrkVFR.exe

Filesize
6.0MB

MD5
2e32839e2902756cdcf0bb9666f22aaa

SHA1
a621e9cd4a3121d38d1260f8dc932fe3fb4f99b4

SHA256
b2ad0fe3e044ba585e572cf26369f2c0b703b638ed0ae83e1f877fd1c4e24b5d

SHA512
3476dc14e1794c9ebaa1534eadbbbcf68249ce6e3f3cb41a61071d820d9e5c6e4f1c5bf956e2289f77ea86cb9b0d116259932dbdaf77066d82819ca026b49972

Download Submit
memory/1296-41-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1296-87-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1296-3396-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1492-493-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1492-3867-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1492-82-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/1580-3868-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-76-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1580-391-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-73-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-328-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/1584-3871-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-705-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2176-853-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2176-88-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2176-234-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2176-81-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2176-327-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-492-0x000000013FF10000-0x0000000140264000-memory.dmp

Filesize
3.3MB

Download
memory/2176-0-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-18-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2176-61-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2176-26-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-54-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2176-53-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-35-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2176-72-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-94-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2176-48-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2176-23-0x0000000002400000-0x0000000002754000-memory.dmp

Filesize
3.3MB

Download
memory/2596-49-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3466-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3284-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2600-36-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2736-75-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-28-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3381-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3472-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2744-71-0x000000013F600000-0x000000013F954000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3286-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2776-25-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3377-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2824-22-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2868-95-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3864-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-854-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-89-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-706-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-3872-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3468-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2960-24-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3028-59-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/3028-3560-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/3028-96-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download