cobaltstrike | 200609c7e8786863aba10aee0defa9f2d0180e049f110bee6d08f515830addb6

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 07:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ff7d08a765cc7043f61942138f8dadf1
SHA1

cef4e47516c33c32ceb908071eba45edf27e8250
SHA256

200609c7e8786863aba10aee0defa9f2d0180e049f110bee6d08f515830addb6
SHA512

df74394638e674c3e9376c71aa43dec0fbae1e2233fa89c3989d0331237db5717c3f94345c2d92e8d6b7b2329187b4f98f2f6593255e0af705b29b9980d0060f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001227e-3.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001960d-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019611-35.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001960f-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019609-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000197f8-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000198f0-72.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc0-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a34c-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a45e-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a466-195.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a45c-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a407-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a458-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0da-160.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a9-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0a3-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03d-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a037-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019efb-135.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019deb-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dc2-125.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cb9-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c5b-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c59-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000199bf-86.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019461-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019838-62.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019615-48.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000195c5-11.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2480-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x000c00000001227e-3.dat	xmrig
behavioral1/memory/2480-6-0x0000000002240000-0x0000000002594000-memory.dmp	xmrig
behavioral1/memory/1848-14-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/files/0x000600000001960d-23.dat	xmrig
behavioral1/memory/2152-25-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0006000000019611-35.dat	xmrig
behavioral1/memory/2696-37-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/1688-34-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x000600000001960f-41.dat	xmrig
behavioral1/memory/2480-42-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/1680-43-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2192-44-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0007000000019609-31.dat	xmrig
behavioral1/files/0x00060000000197f8-54.dat	xmrig
behavioral1/memory/2844-55-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2552-50-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2696-73-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/memory/2660-74-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x00050000000198f0-72.dat	xmrig
behavioral1/memory/2552-87-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/files/0x0005000000019dc0-121.dat	xmrig
behavioral1/files/0x000500000001a34c-163.dat	xmrig
behavioral1/files/0x000500000001a45e-184.dat	xmrig
behavioral1/memory/756-885-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2616-745-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2284-569-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2576-415-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2660-234-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x000500000001a466-195.dat	xmrig
behavioral1/files/0x000500000001a463-190.dat	xmrig
behavioral1/files/0x000500000001a45c-181.dat	xmrig
behavioral1/files/0x000500000001a407-170.dat	xmrig
behavioral1/files/0x000500000001a458-175.dat	xmrig
behavioral1/files/0x000500000001a0da-160.dat	xmrig
behavioral1/files/0x000500000001a0a9-155.dat	xmrig
behavioral1/files/0x000500000001a0a3-150.dat	xmrig
behavioral1/files/0x000500000001a03d-145.dat	xmrig
behavioral1/files/0x000500000001a037-140.dat	xmrig
behavioral1/files/0x0005000000019efb-135.dat	xmrig
behavioral1/files/0x0005000000019deb-130.dat	xmrig
behavioral1/files/0x0005000000019dc2-125.dat	xmrig
behavioral1/files/0x0005000000019cb9-115.dat	xmrig
behavioral1/files/0x0005000000019c5b-110.dat	xmrig
behavioral1/memory/2844-95-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c57-94.dat	xmrig
behavioral1/memory/756-105-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2800-103-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c59-102.dat	xmrig
behavioral1/memory/2284-88-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/files/0x00050000000199bf-86.dat	xmrig
behavioral1/memory/2576-81-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/memory/2192-80-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x0008000000019461-79.dat	xmrig
behavioral1/memory/2800-64-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2152-63-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x0005000000019838-62.dat	xmrig
behavioral1/memory/1688-68-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x0008000000019615-48.dat	xmrig
behavioral1/memory/2480-38-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x00070000000195c5-11.dat	xmrig
behavioral1/memory/1848-3206-0x000000013F870000-0x000000013FBC4000-memory.dmp	xmrig
behavioral1/memory/2152-3203-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1688-3216-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1680	onUeAsj.exe
1848	YqiheAj.exe
2152	bskascj.exe
1688	gKWhLqd.exe
2696	WUStfSF.exe
2192	cfUKAwv.exe
2552	FPDcdPx.exe
2844	BuXzAfB.exe
2800	aypjNnp.exe
2660	kNEfDZb.exe
2576	iOjRRdX.exe
2284	mxOZOlU.exe
2616	dfYAImW.exe
756	VNbyrhS.exe
1820	KkCgUWv.exe
2744	VwaZqAd.exe
2796	WobYclQ.exe
2360	mhmtDed.exe
2040	SGHYRCh.exe
1300	FfuzyRE.exe
2136	hLCvqph.exe
760	takSNDv.exe
1156	HBNzqNg.exe
1280	yZCvXzW.exe
2288	iQQQIfM.exe
892	vvDsEJG.exe
2924	EtfEKTD.exe
2932	ecfZsqB.exe
696	KxOEADt.exe
1352	EmDbcjo.exe
1088	rkJbNKR.exe
1760	pTXgLOq.exe
644	WrfNxXr.exe
888	AczqVEW.exe
1380	yQLwoqT.exe
1544	POlpBtx.exe
900	wKVbjXw.exe
1968	OobQxPI.exe
2188	VodUYla.exe
2484	TzGnOTE.exe
2200	oFstgoJ.exe
572	yehkMFf.exe
1448	ImVWHWX.exe
1808	YhsJzQH.exe
1660	DYcBmxc.exe
1304	DpIjtyk.exe
396	GySufIq.exe
896	MdqIKyj.exe
1940	RLaySHL.exe
2352	oGHSlEb.exe
2452	jjJoWnu.exe
1584	awUldJj.exe
2012	SFWKSoF.exe
2640	GIRIgjq.exe
1568	jgQAAQy.exe
2848	KVVfdek.exe
2672	DCClTUm.exe
2592	hvmqTVv.exe
3064	LFPJhXM.exe
1080	MfQoNsG.exe
588	OxlwVZK.exe
2784	YPdQZxW.exe
2000	MsirZnk.exe
1772	WJTdikm.exe

Loads dropped DLL 64 IoCs

pid	Process
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2480-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x000c00000001227e-3.dat	upx
behavioral1/memory/2480-6-0x0000000002240000-0x0000000002594000-memory.dmp	upx
behavioral1/memory/1848-14-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/files/0x000600000001960d-23.dat	upx
behavioral1/memory/2152-25-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0006000000019611-35.dat	upx
behavioral1/memory/2696-37-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/1688-34-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x000600000001960f-41.dat	upx
behavioral1/memory/2480-42-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1680-43-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2192-44-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x0007000000019609-31.dat	upx
behavioral1/files/0x00060000000197f8-54.dat	upx
behavioral1/memory/2844-55-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2552-50-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2480-49-0x0000000002240000-0x0000000002594000-memory.dmp	upx
behavioral1/memory/2696-73-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	upx
behavioral1/memory/2660-74-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x00050000000198f0-72.dat	upx
behavioral1/memory/2552-87-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/files/0x0005000000019dc0-121.dat	upx
behavioral1/files/0x000500000001a34c-163.dat	upx
behavioral1/files/0x000500000001a45e-184.dat	upx
behavioral1/memory/756-885-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2616-745-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2284-569-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2576-415-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2660-234-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x000500000001a466-195.dat	upx
behavioral1/files/0x000500000001a463-190.dat	upx
behavioral1/files/0x000500000001a45c-181.dat	upx
behavioral1/files/0x000500000001a407-170.dat	upx
behavioral1/files/0x000500000001a458-175.dat	upx
behavioral1/files/0x000500000001a0da-160.dat	upx
behavioral1/files/0x000500000001a0a9-155.dat	upx
behavioral1/files/0x000500000001a0a3-150.dat	upx
behavioral1/files/0x000500000001a03d-145.dat	upx
behavioral1/files/0x000500000001a037-140.dat	upx
behavioral1/files/0x0005000000019efb-135.dat	upx
behavioral1/files/0x0005000000019deb-130.dat	upx
behavioral1/files/0x0005000000019dc2-125.dat	upx
behavioral1/files/0x0005000000019cb9-115.dat	upx
behavioral1/files/0x0005000000019c5b-110.dat	upx
behavioral1/memory/2844-95-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0005000000019c57-94.dat	upx
behavioral1/memory/756-105-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2800-103-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0005000000019c59-102.dat	upx
behavioral1/memory/2284-88-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/files/0x00050000000199bf-86.dat	upx
behavioral1/memory/2576-81-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2192-80-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x0008000000019461-79.dat	upx
behavioral1/memory/2800-64-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2152-63-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x0005000000019838-62.dat	upx
behavioral1/memory/1688-68-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x0008000000019615-48.dat	upx
behavioral1/files/0x00070000000195c5-11.dat	upx
behavioral1/memory/1848-3206-0x000000013F870000-0x000000013FBC4000-memory.dmp	upx
behavioral1/memory/2152-3203-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1688-3216-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PAeEXNk.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFyxhnV.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yzQTIbj.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HpfLNnX.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdllyJQ.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yehCqsx.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdzzKRy.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBUxdwR.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gEeSGbW.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fmUqRPV.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cIKfOyD.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CQgqSrK.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbkpGXE.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjZfAEw.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ekVnTtt.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfQyrLQ.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xvuBdtk.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tbieAWG.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gscIhTR.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CvNigpf.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BDVSCzs.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdOqeJe.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmKwHRD.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOdaxlw.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFIBXuq.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uDzrBVm.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgMytzC.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCUBWxK.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHLHtfI.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ynkfPAj.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\meXEzUK.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bwwXXEz.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BNHCZrR.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPfFlZE.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQjotcv.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMJecUl.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RldBPuF.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qzbAQKi.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQJuztA.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JifGlNb.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOpQIvY.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CCZogfc.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQQGZyA.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSmsNEo.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eJLmaWr.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTeRtcO.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSeHZgR.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MdjhBeK.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzuMKUS.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAZprEJ.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hvmqTVv.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zzfKcmx.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJpbjKX.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hSIUPNw.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMPxHRX.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BqJlCOw.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TpzXjrX.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGMKjYW.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kkjBcmB.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfEJwxW.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrRXChB.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBgYsEO.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQpnkhz.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERzIMQC.exe	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 1680	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 1680	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 1680	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 1848	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 1848	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 1848	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 1688	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 1688	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 1688	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 2152	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 2152	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 2152	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 2192	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2192	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2192	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2696	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2696	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2696	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2552	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2552	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2552	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2844	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2844	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2844	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2800	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2800	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2800	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2660	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2660	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2660	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2576	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 2576	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 2576	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 2284	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 2284	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 2284	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 2616	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 2616	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 2616	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 756	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 756	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 756	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 1820	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 1820	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 1820	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 2744	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 2744	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 2744	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 2796	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 2796	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 2796	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 2360	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 2360	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 2360	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 2040	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 2040	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 2040	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 1300	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 1300	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 1300	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 2136	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2480 wrote to memory of 2136	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2480 wrote to memory of 2136	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2480 wrote to memory of 760	2480	2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-19_ff7d08a765cc7043f61942138f8dadf1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\System\onUeAsj.exe
  C:\Windows\System\onUeAsj.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\YqiheAj.exe
  C:\Windows\System\YqiheAj.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\gKWhLqd.exe
  C:\Windows\System\gKWhLqd.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\bskascj.exe
  C:\Windows\System\bskascj.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\cfUKAwv.exe
  C:\Windows\System\cfUKAwv.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\WUStfSF.exe
  C:\Windows\System\WUStfSF.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\FPDcdPx.exe
  C:\Windows\System\FPDcdPx.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\BuXzAfB.exe
  C:\Windows\System\BuXzAfB.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\aypjNnp.exe
  C:\Windows\System\aypjNnp.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\kNEfDZb.exe
  C:\Windows\System\kNEfDZb.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\iOjRRdX.exe
  C:\Windows\System\iOjRRdX.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\mxOZOlU.exe
  C:\Windows\System\mxOZOlU.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\dfYAImW.exe
  C:\Windows\System\dfYAImW.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\VNbyrhS.exe
  C:\Windows\System\VNbyrhS.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\KkCgUWv.exe
  C:\Windows\System\KkCgUWv.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\VwaZqAd.exe
  C:\Windows\System\VwaZqAd.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\WobYclQ.exe
  C:\Windows\System\WobYclQ.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\mhmtDed.exe
  C:\Windows\System\mhmtDed.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\SGHYRCh.exe
  C:\Windows\System\SGHYRCh.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\FfuzyRE.exe
  C:\Windows\System\FfuzyRE.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\hLCvqph.exe
  C:\Windows\System\hLCvqph.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\takSNDv.exe
  C:\Windows\System\takSNDv.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\HBNzqNg.exe
  C:\Windows\System\HBNzqNg.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\yZCvXzW.exe
  C:\Windows\System\yZCvXzW.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\iQQQIfM.exe
  C:\Windows\System\iQQQIfM.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\vvDsEJG.exe
  C:\Windows\System\vvDsEJG.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\EtfEKTD.exe
  C:\Windows\System\EtfEKTD.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\ecfZsqB.exe
  C:\Windows\System\ecfZsqB.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\KxOEADt.exe
  C:\Windows\System\KxOEADt.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\EmDbcjo.exe
  C:\Windows\System\EmDbcjo.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\rkJbNKR.exe
  C:\Windows\System\rkJbNKR.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\pTXgLOq.exe
  C:\Windows\System\pTXgLOq.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\WrfNxXr.exe
  C:\Windows\System\WrfNxXr.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\AczqVEW.exe
  C:\Windows\System\AczqVEW.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\yQLwoqT.exe
  C:\Windows\System\yQLwoqT.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\POlpBtx.exe
  C:\Windows\System\POlpBtx.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\wKVbjXw.exe
  C:\Windows\System\wKVbjXw.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\OobQxPI.exe
  C:\Windows\System\OobQxPI.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\VodUYla.exe
  C:\Windows\System\VodUYla.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\TzGnOTE.exe
  C:\Windows\System\TzGnOTE.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\oFstgoJ.exe
  C:\Windows\System\oFstgoJ.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\yehkMFf.exe
  C:\Windows\System\yehkMFf.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\ImVWHWX.exe
  C:\Windows\System\ImVWHWX.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\YhsJzQH.exe
  C:\Windows\System\YhsJzQH.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\DYcBmxc.exe
  C:\Windows\System\DYcBmxc.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\DpIjtyk.exe
  C:\Windows\System\DpIjtyk.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\GySufIq.exe
  C:\Windows\System\GySufIq.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\MdqIKyj.exe
  C:\Windows\System\MdqIKyj.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\RLaySHL.exe
  C:\Windows\System\RLaySHL.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\oGHSlEb.exe
  C:\Windows\System\oGHSlEb.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\jjJoWnu.exe
  C:\Windows\System\jjJoWnu.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\awUldJj.exe
  C:\Windows\System\awUldJj.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\SFWKSoF.exe
  C:\Windows\System\SFWKSoF.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\GIRIgjq.exe
  C:\Windows\System\GIRIgjq.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\jgQAAQy.exe
  C:\Windows\System\jgQAAQy.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\KVVfdek.exe
  C:\Windows\System\KVVfdek.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\DCClTUm.exe
  C:\Windows\System\DCClTUm.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\hvmqTVv.exe
  C:\Windows\System\hvmqTVv.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\LFPJhXM.exe
  C:\Windows\System\LFPJhXM.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\MfQoNsG.exe
  C:\Windows\System\MfQoNsG.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\OxlwVZK.exe
  C:\Windows\System\OxlwVZK.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\YPdQZxW.exe
  C:\Windows\System\YPdQZxW.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\MsirZnk.exe
  C:\Windows\System\MsirZnk.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\WJTdikm.exe
  C:\Windows\System\WJTdikm.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\fVYZHks.exe
  C:\Windows\System\fVYZHks.exe
  2⤵
  PID:1160
- C:\Windows\System\McUDjyg.exe
  C:\Windows\System\McUDjyg.exe
  2⤵
  PID:2076
- C:\Windows\System\wktwAdQ.exe
  C:\Windows\System\wktwAdQ.exe
  2⤵
  PID:1912
- C:\Windows\System\tXglCcz.exe
  C:\Windows\System\tXglCcz.exe
  2⤵
  PID:1624
- C:\Windows\System\neZJXjr.exe
  C:\Windows\System\neZJXjr.exe
  2⤵
  PID:992
- C:\Windows\System\YKyhHfk.exe
  C:\Windows\System\YKyhHfk.exe
  2⤵
  PID:1916
- C:\Windows\System\JnUpDIg.exe
  C:\Windows\System\JnUpDIg.exe
  2⤵
  PID:924
- C:\Windows\System\HhESZYw.exe
  C:\Windows\System\HhESZYw.exe
  2⤵
  PID:2160
- C:\Windows\System\xveSYdL.exe
  C:\Windows\System\xveSYdL.exe
  2⤵
  PID:1528
- C:\Windows\System\JiEAxmv.exe
  C:\Windows\System\JiEAxmv.exe
  2⤵
  PID:1540
- C:\Windows\System\SPqvvdx.exe
  C:\Windows\System\SPqvvdx.exe
  2⤵
  PID:1720
- C:\Windows\System\HjmKMIR.exe
  C:\Windows\System\HjmKMIR.exe
  2⤵
  PID:2224
- C:\Windows\System\qYMijox.exe
  C:\Windows\System\qYMijox.exe
  2⤵
  PID:1644
- C:\Windows\System\BZUZpiR.exe
  C:\Windows\System\BZUZpiR.exe
  2⤵
  PID:2060
- C:\Windows\System\qsGvprY.exe
  C:\Windows\System\qsGvprY.exe
  2⤵
  PID:2324
- C:\Windows\System\pmBOCsd.exe
  C:\Windows\System\pmBOCsd.exe
  2⤵
  PID:996
- C:\Windows\System\paeGLha.exe
  C:\Windows\System\paeGLha.exe
  2⤵
  PID:904
- C:\Windows\System\cavawsO.exe
  C:\Windows\System\cavawsO.exe
  2⤵
  PID:2408
- C:\Windows\System\GByosQy.exe
  C:\Windows\System\GByosQy.exe
  2⤵
  PID:2332
- C:\Windows\System\kGvuLSV.exe
  C:\Windows\System\kGvuLSV.exe
  2⤵
  PID:1700
- C:\Windows\System\FswsbTp.exe
  C:\Windows\System\FswsbTp.exe
  2⤵
  PID:2132
- C:\Windows\System\bzrZOLw.exe
  C:\Windows\System\bzrZOLw.exe
  2⤵
  PID:2656
- C:\Windows\System\bVuXDCu.exe
  C:\Windows\System\bVuXDCu.exe
  2⤵
  PID:2544
- C:\Windows\System\ucBtZZR.exe
  C:\Windows\System\ucBtZZR.exe
  2⤵
  PID:2364
- C:\Windows\System\ZptOuCc.exe
  C:\Windows\System\ZptOuCc.exe
  2⤵
  PID:2604
- C:\Windows\System\OwFAAPj.exe
  C:\Windows\System\OwFAAPj.exe
  2⤵
  PID:2908
- C:\Windows\System\PEFqpPi.exe
  C:\Windows\System\PEFqpPi.exe
  2⤵
  PID:1500
- C:\Windows\System\kGcpsyc.exe
  C:\Windows\System\kGcpsyc.exe
  2⤵
  PID:2088
- C:\Windows\System\hSIUPNw.exe
  C:\Windows\System\hSIUPNw.exe
  2⤵
  PID:1800
- C:\Windows\System\txIVxNh.exe
  C:\Windows\System\txIVxNh.exe
  2⤵
  PID:2220
- C:\Windows\System\fTgkrqU.exe
  C:\Windows\System\fTgkrqU.exe
  2⤵
  PID:556
- C:\Windows\System\CXXLnVh.exe
  C:\Windows\System\CXXLnVh.exe
  2⤵
  PID:2500
- C:\Windows\System\SCDrVvF.exe
  C:\Windows\System\SCDrVvF.exe
  2⤵
  PID:1728
- C:\Windows\System\NjbDwcB.exe
  C:\Windows\System\NjbDwcB.exe
  2⤵
  PID:2140
- C:\Windows\System\fbvlvTc.exe
  C:\Windows\System\fbvlvTc.exe
  2⤵
  PID:2172
- C:\Windows\System\ClFeUVT.exe
  C:\Windows\System\ClFeUVT.exe
  2⤵
  PID:764
- C:\Windows\System\qbtgdhN.exe
  C:\Windows\System\qbtgdhN.exe
  2⤵
  PID:1580
- C:\Windows\System\deQDlwl.exe
  C:\Windows\System\deQDlwl.exe
  2⤵
  PID:1768
- C:\Windows\System\iuElpkp.exe
  C:\Windows\System\iuElpkp.exe
  2⤵
  PID:3028
- C:\Windows\System\mkFdFLt.exe
  C:\Windows\System\mkFdFLt.exe
  2⤵
  PID:2564
- C:\Windows\System\lMXFZqm.exe
  C:\Windows\System\lMXFZqm.exe
  2⤵
  PID:2892
- C:\Windows\System\hNAuXOM.exe
  C:\Windows\System\hNAuXOM.exe
  2⤵
  PID:1276
- C:\Windows\System\kqnhKhq.exe
  C:\Windows\System\kqnhKhq.exe
  2⤵
  PID:3052
- C:\Windows\System\HeaCoyv.exe
  C:\Windows\System\HeaCoyv.exe
  2⤵
  PID:1832
- C:\Windows\System\qnSCvRB.exe
  C:\Windows\System\qnSCvRB.exe
  2⤵
  PID:2912
- C:\Windows\System\iboqnaD.exe
  C:\Windows\System\iboqnaD.exe
  2⤵
  PID:376
- C:\Windows\System\vmqnZGS.exe
  C:\Windows\System\vmqnZGS.exe
  2⤵
  PID:1648
- C:\Windows\System\zJNPOqb.exe
  C:\Windows\System\zJNPOqb.exe
  2⤵
  PID:280
- C:\Windows\System\kQiGTzH.exe
  C:\Windows\System\kQiGTzH.exe
  2⤵
  PID:536
- C:\Windows\System\GTFGwIW.exe
  C:\Windows\System\GTFGwIW.exe
  2⤵
  PID:1860
- C:\Windows\System\LzRvTiy.exe
  C:\Windows\System\LzRvTiy.exe
  2⤵
  PID:3076
- C:\Windows\System\WoaPELZ.exe
  C:\Windows\System\WoaPELZ.exe
  2⤵
  PID:3096
- C:\Windows\System\RpgJMqm.exe
  C:\Windows\System\RpgJMqm.exe
  2⤵
  PID:3116
- C:\Windows\System\wxiUiLl.exe
  C:\Windows\System\wxiUiLl.exe
  2⤵
  PID:3136
- C:\Windows\System\ZdvAwPL.exe
  C:\Windows\System\ZdvAwPL.exe
  2⤵
  PID:3156
- C:\Windows\System\ORBcUil.exe
  C:\Windows\System\ORBcUil.exe
  2⤵
  PID:3176
- C:\Windows\System\MFGgHqS.exe
  C:\Windows\System\MFGgHqS.exe
  2⤵
  PID:3196
- C:\Windows\System\fiorDLi.exe
  C:\Windows\System\fiorDLi.exe
  2⤵
  PID:3216
- C:\Windows\System\oWgkVfk.exe
  C:\Windows\System\oWgkVfk.exe
  2⤵
  PID:3236
- C:\Windows\System\vHXgFPl.exe
  C:\Windows\System\vHXgFPl.exe
  2⤵
  PID:3256
- C:\Windows\System\njxkuhA.exe
  C:\Windows\System\njxkuhA.exe
  2⤵
  PID:3276
- C:\Windows\System\PplehCY.exe
  C:\Windows\System\PplehCY.exe
  2⤵
  PID:3296
- C:\Windows\System\YLqaJsZ.exe
  C:\Windows\System\YLqaJsZ.exe
  2⤵
  PID:3320
- C:\Windows\System\VTPZijO.exe
  C:\Windows\System\VTPZijO.exe
  2⤵
  PID:3340
- C:\Windows\System\HMZpntU.exe
  C:\Windows\System\HMZpntU.exe
  2⤵
  PID:3360
- C:\Windows\System\yDqsMgR.exe
  C:\Windows\System\yDqsMgR.exe
  2⤵
  PID:3380
- C:\Windows\System\uUqthMP.exe
  C:\Windows\System\uUqthMP.exe
  2⤵
  PID:3400
- C:\Windows\System\ghcBaxz.exe
  C:\Windows\System\ghcBaxz.exe
  2⤵
  PID:3420
- C:\Windows\System\sutHCBR.exe
  C:\Windows\System\sutHCBR.exe
  2⤵
  PID:3440
- C:\Windows\System\DkISAwj.exe
  C:\Windows\System\DkISAwj.exe
  2⤵
  PID:3460
- C:\Windows\System\MmRGTmO.exe
  C:\Windows\System\MmRGTmO.exe
  2⤵
  PID:3480
- C:\Windows\System\sDUwWeX.exe
  C:\Windows\System\sDUwWeX.exe
  2⤵
  PID:3500
- C:\Windows\System\NwgyIVf.exe
  C:\Windows\System\NwgyIVf.exe
  2⤵
  PID:3520
- C:\Windows\System\nLKKIaR.exe
  C:\Windows\System\nLKKIaR.exe
  2⤵
  PID:3540
- C:\Windows\System\pHswisg.exe
  C:\Windows\System\pHswisg.exe
  2⤵
  PID:3560
- C:\Windows\System\VhInEpd.exe
  C:\Windows\System\VhInEpd.exe
  2⤵
  PID:3580
- C:\Windows\System\ibYPuVJ.exe
  C:\Windows\System\ibYPuVJ.exe
  2⤵
  PID:3600
- C:\Windows\System\SoutauO.exe
  C:\Windows\System\SoutauO.exe
  2⤵
  PID:3620
- C:\Windows\System\zsXyDhF.exe
  C:\Windows\System\zsXyDhF.exe
  2⤵
  PID:3640
- C:\Windows\System\vpqqXHS.exe
  C:\Windows\System\vpqqXHS.exe
  2⤵
  PID:3660
- C:\Windows\System\QLGchOH.exe
  C:\Windows\System\QLGchOH.exe
  2⤵
  PID:3680
- C:\Windows\System\jtaNBWM.exe
  C:\Windows\System\jtaNBWM.exe
  2⤵
  PID:3700
- C:\Windows\System\XCbZbIw.exe
  C:\Windows\System\XCbZbIw.exe
  2⤵
  PID:3720
- C:\Windows\System\TZluDho.exe
  C:\Windows\System\TZluDho.exe
  2⤵
  PID:3740
- C:\Windows\System\KupMNwK.exe
  C:\Windows\System\KupMNwK.exe
  2⤵
  PID:3760
- C:\Windows\System\ccobhYI.exe
  C:\Windows\System\ccobhYI.exe
  2⤵
  PID:3780
- C:\Windows\System\qdwXKon.exe
  C:\Windows\System\qdwXKon.exe
  2⤵
  PID:3800
- C:\Windows\System\PEmNuyN.exe
  C:\Windows\System\PEmNuyN.exe
  2⤵
  PID:3820
- C:\Windows\System\sqjdRbH.exe
  C:\Windows\System\sqjdRbH.exe
  2⤵
  PID:3840
- C:\Windows\System\fyePEAW.exe
  C:\Windows\System\fyePEAW.exe
  2⤵
  PID:3860
- C:\Windows\System\grqOdfG.exe
  C:\Windows\System\grqOdfG.exe
  2⤵
  PID:3880
- C:\Windows\System\lwRprbH.exe
  C:\Windows\System\lwRprbH.exe
  2⤵
  PID:3900
- C:\Windows\System\DsFLKKB.exe
  C:\Windows\System\DsFLKKB.exe
  2⤵
  PID:3924
- C:\Windows\System\uxizFNu.exe
  C:\Windows\System\uxizFNu.exe
  2⤵
  PID:3944
- C:\Windows\System\vRJlLMb.exe
  C:\Windows\System\vRJlLMb.exe
  2⤵
  PID:3964
- C:\Windows\System\ANCwvbN.exe
  C:\Windows\System\ANCwvbN.exe
  2⤵
  PID:3984
- C:\Windows\System\uMttOGD.exe
  C:\Windows\System\uMttOGD.exe
  2⤵
  PID:4004
- C:\Windows\System\Qfizjrh.exe
  C:\Windows\System\Qfizjrh.exe
  2⤵
  PID:4024
- C:\Windows\System\iTbeqIW.exe
  C:\Windows\System\iTbeqIW.exe
  2⤵
  PID:4044
- C:\Windows\System\ITqklzs.exe
  C:\Windows\System\ITqklzs.exe
  2⤵
  PID:4064
- C:\Windows\System\OuBzQPH.exe
  C:\Windows\System\OuBzQPH.exe
  2⤵
  PID:4084
- C:\Windows\System\XIyWrvt.exe
  C:\Windows\System\XIyWrvt.exe
  2⤵
  PID:2768
- C:\Windows\System\QQcXFtf.exe
  C:\Windows\System\QQcXFtf.exe
  2⤵
  PID:1868
- C:\Windows\System\nWKrRGT.exe
  C:\Windows\System\nWKrRGT.exe
  2⤵
  PID:1984
- C:\Windows\System\HKEdtRe.exe
  C:\Windows\System\HKEdtRe.exe
  2⤵
  PID:2148
- C:\Windows\System\vZyOWfq.exe
  C:\Windows\System\vZyOWfq.exe
  2⤵
  PID:1756
- C:\Windows\System\ZBNfkkF.exe
  C:\Windows\System\ZBNfkkF.exe
  2⤵
  PID:2460
- C:\Windows\System\nJXYIqS.exe
  C:\Windows\System\nJXYIqS.exe
  2⤵
  PID:3104
- C:\Windows\System\fPeWkAo.exe
  C:\Windows\System\fPeWkAo.exe
  2⤵
  PID:3124
- C:\Windows\System\ZosSLYw.exe
  C:\Windows\System\ZosSLYw.exe
  2⤵
  PID:3184
- C:\Windows\System\wKEoBBM.exe
  C:\Windows\System\wKEoBBM.exe
  2⤵
  PID:3188
- C:\Windows\System\QPWwjBZ.exe
  C:\Windows\System\QPWwjBZ.exe
  2⤵
  PID:3208
- C:\Windows\System\DySCuJW.exe
  C:\Windows\System\DySCuJW.exe
  2⤵
  PID:3268
- C:\Windows\System\nzWETAT.exe
  C:\Windows\System\nzWETAT.exe
  2⤵
  PID:3304
- C:\Windows\System\yhoUEsX.exe
  C:\Windows\System\yhoUEsX.exe
  2⤵
  PID:3328
- C:\Windows\System\BzEhpfe.exe
  C:\Windows\System\BzEhpfe.exe
  2⤵
  PID:3388
- C:\Windows\System\tSMiGbH.exe
  C:\Windows\System\tSMiGbH.exe
  2⤵
  PID:3392
- C:\Windows\System\ZCPOeBP.exe
  C:\Windows\System\ZCPOeBP.exe
  2⤵
  PID:3468
- C:\Windows\System\jjUJhFE.exe
  C:\Windows\System\jjUJhFE.exe
  2⤵
  PID:3452
- C:\Windows\System\FOcgPdH.exe
  C:\Windows\System\FOcgPdH.exe
  2⤵
  PID:3516
- C:\Windows\System\FcrnGJY.exe
  C:\Windows\System\FcrnGJY.exe
  2⤵
  PID:3548
- C:\Windows\System\nHgfzgx.exe
  C:\Windows\System\nHgfzgx.exe
  2⤵
  PID:3532
- C:\Windows\System\YxFaEnt.exe
  C:\Windows\System\YxFaEnt.exe
  2⤵
  PID:3628
- C:\Windows\System\yPLYCDz.exe
  C:\Windows\System\yPLYCDz.exe
  2⤵
  PID:3668
- C:\Windows\System\xWvarMH.exe
  C:\Windows\System\xWvarMH.exe
  2⤵
  PID:3676
- C:\Windows\System\qFllYBs.exe
  C:\Windows\System\qFllYBs.exe
  2⤵
  PID:3692
- C:\Windows\System\wmGeqTe.exe
  C:\Windows\System\wmGeqTe.exe
  2⤵
  PID:3756
- C:\Windows\System\DIhUeVf.exe
  C:\Windows\System\DIhUeVf.exe
  2⤵
  PID:3768
- C:\Windows\System\XKHCxJT.exe
  C:\Windows\System\XKHCxJT.exe
  2⤵
  PID:3792
- C:\Windows\System\GInodGk.exe
  C:\Windows\System\GInodGk.exe
  2⤵
  PID:3816
- C:\Windows\System\zFfkefA.exe
  C:\Windows\System\zFfkefA.exe
  2⤵
  PID:3856
- C:\Windows\System\yPShFkW.exe
  C:\Windows\System\yPShFkW.exe
  2⤵
  PID:3916
- C:\Windows\System\TMJglDQ.exe
  C:\Windows\System\TMJglDQ.exe
  2⤵
  PID:3956
- C:\Windows\System\FamHDQU.exe
  C:\Windows\System\FamHDQU.exe
  2⤵
  PID:3992
- C:\Windows\System\oOAIBqY.exe
  C:\Windows\System\oOAIBqY.exe
  2⤵
  PID:4012
- C:\Windows\System\uhXtcfY.exe
  C:\Windows\System\uhXtcfY.exe
  2⤵
  PID:4036
- C:\Windows\System\kMDezPv.exe
  C:\Windows\System\kMDezPv.exe
  2⤵
  PID:4060
- C:\Windows\System\wPzwIPQ.exe
  C:\Windows\System\wPzwIPQ.exe
  2⤵
  PID:2028
- C:\Windows\System\ZAFHoSh.exe
  C:\Windows\System\ZAFHoSh.exe
  2⤵
  PID:1664
- C:\Windows\System\SDyUeoo.exe
  C:\Windows\System\SDyUeoo.exe
  2⤵
  PID:2964
- C:\Windows\System\kYSyBGG.exe
  C:\Windows\System\kYSyBGG.exe
  2⤵
  PID:3108
- C:\Windows\System\bfddNiU.exe
  C:\Windows\System\bfddNiU.exe
  2⤵
  PID:2240
- C:\Windows\System\YMdWMZp.exe
  C:\Windows\System\YMdWMZp.exe
  2⤵
  PID:3152
- C:\Windows\System\bygowLk.exe
  C:\Windows\System\bygowLk.exe
  2⤵
  PID:3264
- C:\Windows\System\rMznJoI.exe
  C:\Windows\System\rMznJoI.exe
  2⤵
  PID:3308
- C:\Windows\System\JNBzSnP.exe
  C:\Windows\System\JNBzSnP.exe
  2⤵
  PID:2248
- C:\Windows\System\nZkurFv.exe
  C:\Windows\System\nZkurFv.exe
  2⤵
  PID:3448
- C:\Windows\System\TQsvdVv.exe
  C:\Windows\System\TQsvdVv.exe
  2⤵
  PID:3416
- C:\Windows\System\tuhKPZc.exe
  C:\Windows\System\tuhKPZc.exe
  2⤵
  PID:3528
- C:\Windows\System\GQCnaro.exe
  C:\Windows\System\GQCnaro.exe
  2⤵
  PID:3572
- C:\Windows\System\CgXQroz.exe
  C:\Windows\System\CgXQroz.exe
  2⤵
  PID:3656
- C:\Windows\System\vfLxQTu.exe
  C:\Windows\System\vfLxQTu.exe
  2⤵
  PID:3716
- C:\Windows\System\DynVqhl.exe
  C:\Windows\System\DynVqhl.exe
  2⤵
  PID:3776
- C:\Windows\System\imyEwBm.exe
  C:\Windows\System\imyEwBm.exe
  2⤵
  PID:3808
- C:\Windows\System\fpeREzc.exe
  C:\Windows\System\fpeREzc.exe
  2⤵
  PID:3832
- C:\Windows\System\SNQmLnA.exe
  C:\Windows\System\SNQmLnA.exe
  2⤵
  PID:3892
- C:\Windows\System\OFFRVXW.exe
  C:\Windows\System\OFFRVXW.exe
  2⤵
  PID:3996
- C:\Windows\System\LzqXKmi.exe
  C:\Windows\System\LzqXKmi.exe
  2⤵
  PID:3940
- C:\Windows\System\XUmgtQp.exe
  C:\Windows\System\XUmgtQp.exe
  2⤵
  PID:4016
- C:\Windows\System\toYEKtS.exe
  C:\Windows\System\toYEKtS.exe
  2⤵
  PID:1928
- C:\Windows\System\nSbcRqT.exe
  C:\Windows\System\nSbcRqT.exe
  2⤵
  PID:3092
- C:\Windows\System\hQwijHv.exe
  C:\Windows\System\hQwijHv.exe
  2⤵
  PID:3128
- C:\Windows\System\oNlRREG.exe
  C:\Windows\System\oNlRREG.exe
  2⤵
  PID:3224
- C:\Windows\System\rJIjxTo.exe
  C:\Windows\System\rJIjxTo.exe
  2⤵
  PID:3292
- C:\Windows\System\sXIRnVz.exe
  C:\Windows\System\sXIRnVz.exe
  2⤵
  PID:3412
- C:\Windows\System\yipGALM.exe
  C:\Windows\System\yipGALM.exe
  2⤵
  PID:3472
- C:\Windows\System\aNxZqsg.exe
  C:\Windows\System\aNxZqsg.exe
  2⤵
  PID:3648
- C:\Windows\System\PyGXoMq.exe
  C:\Windows\System\PyGXoMq.exe
  2⤵
  PID:3748
- C:\Windows\System\ApGePpZ.exe
  C:\Windows\System\ApGePpZ.exe
  2⤵
  PID:3728
- C:\Windows\System\fEqlNLx.exe
  C:\Windows\System\fEqlNLx.exe
  2⤵
  PID:4112
- C:\Windows\System\RJNgTfS.exe
  C:\Windows\System\RJNgTfS.exe
  2⤵
  PID:4136
- C:\Windows\System\KFICJgB.exe
  C:\Windows\System\KFICJgB.exe
  2⤵
  PID:4156
- C:\Windows\System\WsisRnY.exe
  C:\Windows\System\WsisRnY.exe
  2⤵
  PID:4176
- C:\Windows\System\UouTZEp.exe
  C:\Windows\System\UouTZEp.exe
  2⤵
  PID:4196
- C:\Windows\System\dlPHOme.exe
  C:\Windows\System\dlPHOme.exe
  2⤵
  PID:4216
- C:\Windows\System\zLDvwAD.exe
  C:\Windows\System\zLDvwAD.exe
  2⤵
  PID:4236
- C:\Windows\System\nvIDjko.exe
  C:\Windows\System\nvIDjko.exe
  2⤵
  PID:4256
- C:\Windows\System\yQiuHHg.exe
  C:\Windows\System\yQiuHHg.exe
  2⤵
  PID:4280
- C:\Windows\System\fRevGqk.exe
  C:\Windows\System\fRevGqk.exe
  2⤵
  PID:4300
- C:\Windows\System\lOkkHke.exe
  C:\Windows\System\lOkkHke.exe
  2⤵
  PID:4316
- C:\Windows\System\wBAZwHq.exe
  C:\Windows\System\wBAZwHq.exe
  2⤵
  PID:4336
- C:\Windows\System\XWOjUtv.exe
  C:\Windows\System\XWOjUtv.exe
  2⤵
  PID:4356
- C:\Windows\System\wAROdrY.exe
  C:\Windows\System\wAROdrY.exe
  2⤵
  PID:4376
- C:\Windows\System\OxnXvTT.exe
  C:\Windows\System\OxnXvTT.exe
  2⤵
  PID:4400
- C:\Windows\System\riFXKKW.exe
  C:\Windows\System\riFXKKW.exe
  2⤵
  PID:4420
- C:\Windows\System\pqUZndB.exe
  C:\Windows\System\pqUZndB.exe
  2⤵
  PID:4436
- C:\Windows\System\CBUGYrn.exe
  C:\Windows\System\CBUGYrn.exe
  2⤵
  PID:4456
- C:\Windows\System\hTAputk.exe
  C:\Windows\System\hTAputk.exe
  2⤵
  PID:4476
- C:\Windows\System\aTFLwjX.exe
  C:\Windows\System\aTFLwjX.exe
  2⤵
  PID:4500
- C:\Windows\System\NKnJghf.exe
  C:\Windows\System\NKnJghf.exe
  2⤵
  PID:4520
- C:\Windows\System\EIseVDN.exe
  C:\Windows\System\EIseVDN.exe
  2⤵
  PID:4540
- C:\Windows\System\jSupVbQ.exe
  C:\Windows\System\jSupVbQ.exe
  2⤵
  PID:4560
- C:\Windows\System\kIiTWCM.exe
  C:\Windows\System\kIiTWCM.exe
  2⤵
  PID:4580
- C:\Windows\System\YLWyvbw.exe
  C:\Windows\System\YLWyvbw.exe
  2⤵
  PID:4600
- C:\Windows\System\NYvTgty.exe
  C:\Windows\System\NYvTgty.exe
  2⤵
  PID:4620
- C:\Windows\System\doReNcw.exe
  C:\Windows\System\doReNcw.exe
  2⤵
  PID:4640
- C:\Windows\System\UnDzMJo.exe
  C:\Windows\System\UnDzMJo.exe
  2⤵
  PID:4664
- C:\Windows\System\ELKxdhc.exe
  C:\Windows\System\ELKxdhc.exe
  2⤵
  PID:4684
- C:\Windows\System\ooofOPs.exe
  C:\Windows\System\ooofOPs.exe
  2⤵
  PID:4704
- C:\Windows\System\uOlcyPe.exe
  C:\Windows\System\uOlcyPe.exe
  2⤵
  PID:4724
- C:\Windows\System\LQEfgWF.exe
  C:\Windows\System\LQEfgWF.exe
  2⤵
  PID:4744
- C:\Windows\System\vgwArHH.exe
  C:\Windows\System\vgwArHH.exe
  2⤵
  PID:4764
- C:\Windows\System\YnVNbJG.exe
  C:\Windows\System\YnVNbJG.exe
  2⤵
  PID:4784
- C:\Windows\System\HkCjzha.exe
  C:\Windows\System\HkCjzha.exe
  2⤵
  PID:4804
- C:\Windows\System\sOYAtzt.exe
  C:\Windows\System\sOYAtzt.exe
  2⤵
  PID:4824
- C:\Windows\System\gxZOmxU.exe
  C:\Windows\System\gxZOmxU.exe
  2⤵
  PID:4844
- C:\Windows\System\eThqDzl.exe
  C:\Windows\System\eThqDzl.exe
  2⤵
  PID:4864
- C:\Windows\System\Fcolgpv.exe
  C:\Windows\System\Fcolgpv.exe
  2⤵
  PID:4884
- C:\Windows\System\OxBjrBY.exe
  C:\Windows\System\OxBjrBY.exe
  2⤵
  PID:4904
- C:\Windows\System\Rnigokb.exe
  C:\Windows\System\Rnigokb.exe
  2⤵
  PID:4924
- C:\Windows\System\mFUdqBL.exe
  C:\Windows\System\mFUdqBL.exe
  2⤵
  PID:4944
- C:\Windows\System\jvkgNXZ.exe
  C:\Windows\System\jvkgNXZ.exe
  2⤵
  PID:4964
- C:\Windows\System\ncEzJRf.exe
  C:\Windows\System\ncEzJRf.exe
  2⤵
  PID:4984
- C:\Windows\System\IQZPNra.exe
  C:\Windows\System\IQZPNra.exe
  2⤵
  PID:5004
- C:\Windows\System\WmrWZaG.exe
  C:\Windows\System\WmrWZaG.exe
  2⤵
  PID:5024
- C:\Windows\System\NHLHtfI.exe
  C:\Windows\System\NHLHtfI.exe
  2⤵
  PID:5044
- C:\Windows\System\rGURuVX.exe
  C:\Windows\System\rGURuVX.exe
  2⤵
  PID:5064
- C:\Windows\System\cHafkij.exe
  C:\Windows\System\cHafkij.exe
  2⤵
  PID:5084
- C:\Windows\System\cgtiYCn.exe
  C:\Windows\System\cgtiYCn.exe
  2⤵
  PID:5104
- C:\Windows\System\UXYPGgp.exe
  C:\Windows\System\UXYPGgp.exe
  2⤵
  PID:3752
- C:\Windows\System\AWQBZUN.exe
  C:\Windows\System\AWQBZUN.exe
  2⤵
  PID:3772
- C:\Windows\System\YOOHetp.exe
  C:\Windows\System\YOOHetp.exe
  2⤵
  PID:3912
- C:\Windows\System\XOZyuVe.exe
  C:\Windows\System\XOZyuVe.exe
  2⤵
  PID:4052
- C:\Windows\System\YVluKPt.exe
  C:\Windows\System\YVluKPt.exe
  2⤵
  PID:4092
- C:\Windows\System\bczsrIv.exe
  C:\Windows\System\bczsrIv.exe
  2⤵
  PID:3172
- C:\Windows\System\IEOfuOZ.exe
  C:\Windows\System\IEOfuOZ.exe
  2⤵
  PID:3396
- C:\Windows\System\XZLWJAu.exe
  C:\Windows\System\XZLWJAu.exe
  2⤵
  PID:3408
- C:\Windows\System\JqAbKkc.exe
  C:\Windows\System\JqAbKkc.exe
  2⤵
  PID:3536
- C:\Windows\System\YRSxuWL.exe
  C:\Windows\System\YRSxuWL.exe
  2⤵
  PID:3596
- C:\Windows\System\JrOOiVm.exe
  C:\Windows\System\JrOOiVm.exe
  2⤵
  PID:4132
- C:\Windows\System\wxMAZcI.exe
  C:\Windows\System\wxMAZcI.exe
  2⤵
  PID:4148
- C:\Windows\System\kbadQTL.exe
  C:\Windows\System\kbadQTL.exe
  2⤵
  PID:4204
- C:\Windows\System\iOZXXvX.exe
  C:\Windows\System\iOZXXvX.exe
  2⤵
  PID:4224
- C:\Windows\System\tbieAWG.exe
  C:\Windows\System\tbieAWG.exe
  2⤵
  PID:4248
- C:\Windows\System\WedjmFo.exe
  C:\Windows\System\WedjmFo.exe
  2⤵
  PID:4296
- C:\Windows\System\agWMkjO.exe
  C:\Windows\System\agWMkjO.exe
  2⤵
  PID:4308
- C:\Windows\System\jjmFvqV.exe
  C:\Windows\System\jjmFvqV.exe
  2⤵
  PID:4352
- C:\Windows\System\HphsdNM.exe
  C:\Windows\System\HphsdNM.exe
  2⤵
  PID:4396
- C:\Windows\System\CUntKZe.exe
  C:\Windows\System\CUntKZe.exe
  2⤵
  PID:4416
- C:\Windows\System\RUPBVXv.exe
  C:\Windows\System\RUPBVXv.exe
  2⤵
  PID:4448
- C:\Windows\System\GPDNONu.exe
  C:\Windows\System\GPDNONu.exe
  2⤵
  PID:4432
- C:\Windows\System\LbJaeWv.exe
  C:\Windows\System\LbJaeWv.exe
  2⤵
  PID:4508
- C:\Windows\System\iSkyfUP.exe
  C:\Windows\System\iSkyfUP.exe
  2⤵
  PID:4532
- C:\Windows\System\wMsHMiq.exe
  C:\Windows\System\wMsHMiq.exe
  2⤵
  PID:4572
- C:\Windows\System\EqCfGTq.exe
  C:\Windows\System\EqCfGTq.exe
  2⤵
  PID:4608
- C:\Windows\System\pydCsif.exe
  C:\Windows\System\pydCsif.exe
  2⤵
  PID:4648
- C:\Windows\System\SocQPkL.exe
  C:\Windows\System\SocQPkL.exe
  2⤵
  PID:4632
- C:\Windows\System\NasATKs.exe
  C:\Windows\System\NasATKs.exe
  2⤵
  PID:4680
- C:\Windows\System\IzQQVZf.exe
  C:\Windows\System\IzQQVZf.exe
  2⤵
  PID:4720
- C:\Windows\System\CeLezCL.exe
  C:\Windows\System\CeLezCL.exe
  2⤵
  PID:4776
- C:\Windows\System\vjTNoGK.exe
  C:\Windows\System\vjTNoGK.exe
  2⤵
  PID:4800
- C:\Windows\System\FenLIpw.exe
  C:\Windows\System\FenLIpw.exe
  2⤵
  PID:4852
- C:\Windows\System\siOfepU.exe
  C:\Windows\System\siOfepU.exe
  2⤵
  PID:4840
- C:\Windows\System\gOehbSC.exe
  C:\Windows\System\gOehbSC.exe
  2⤵
  PID:4932
- C:\Windows\System\gOIjvNr.exe
  C:\Windows\System\gOIjvNr.exe
  2⤵
  PID:4876
- C:\Windows\System\FxnFxEk.exe
  C:\Windows\System\FxnFxEk.exe
  2⤵
  PID:4920
- C:\Windows\System\wBGFFQy.exe
  C:\Windows\System\wBGFFQy.exe
  2⤵
  PID:5012
- C:\Windows\System\NrReYcZ.exe
  C:\Windows\System\NrReYcZ.exe
  2⤵
  PID:4992
- C:\Windows\System\WQrwNTV.exe
  C:\Windows\System\WQrwNTV.exe
  2⤵
  PID:5040
- C:\Windows\System\ImRATDp.exe
  C:\Windows\System\ImRATDp.exe
  2⤵
  PID:5072
- C:\Windows\System\HoRVbuh.exe
  C:\Windows\System\HoRVbuh.exe
  2⤵
  PID:3796
- C:\Windows\System\zQHgoTA.exe
  C:\Windows\System\zQHgoTA.exe
  2⤵
  PID:3972
- C:\Windows\System\YHZukao.exe
  C:\Windows\System\YHZukao.exe
  2⤵
  PID:2788
- C:\Windows\System\hUymLPJ.exe
  C:\Windows\System\hUymLPJ.exe
  2⤵
  PID:2068
- C:\Windows\System\HYpBcPj.exe
  C:\Windows\System\HYpBcPj.exe
  2⤵
  PID:2276
- C:\Windows\System\oSPreuk.exe
  C:\Windows\System\oSPreuk.exe
  2⤵
  PID:2816
- C:\Windows\System\IXRWKfl.exe
  C:\Windows\System\IXRWKfl.exe
  2⤵
  PID:4108
- C:\Windows\System\RVbOlPz.exe
  C:\Windows\System\RVbOlPz.exe
  2⤵
  PID:2572
- C:\Windows\System\WOkEQbE.exe
  C:\Windows\System\WOkEQbE.exe
  2⤵
  PID:4272
- C:\Windows\System\NrzzlxD.exe
  C:\Windows\System\NrzzlxD.exe
  2⤵
  PID:4288
- C:\Windows\System\jRNoQfn.exe
  C:\Windows\System\jRNoQfn.exe
  2⤵
  PID:4368
- C:\Windows\System\GQjotcv.exe
  C:\Windows\System\GQjotcv.exe
  2⤵
  PID:4408
- C:\Windows\System\SxxLjKb.exe
  C:\Windows\System\SxxLjKb.exe
  2⤵
  PID:4496
- C:\Windows\System\DDjbttE.exe
  C:\Windows\System\DDjbttE.exe
  2⤵
  PID:4444
- C:\Windows\System\SDnumFs.exe
  C:\Windows\System\SDnumFs.exe
  2⤵
  PID:4512
- C:\Windows\System\uppevCl.exe
  C:\Windows\System\uppevCl.exe
  2⤵
  PID:4596
- C:\Windows\System\frHSndw.exe
  C:\Windows\System\frHSndw.exe
  2⤵
  PID:4576
- C:\Windows\System\mceUaBv.exe
  C:\Windows\System\mceUaBv.exe
  2⤵
  PID:4740
- C:\Windows\System\mFMFupJ.exe
  C:\Windows\System\mFMFupJ.exe
  2⤵
  PID:4760
- C:\Windows\System\JMefDLn.exe
  C:\Windows\System\JMefDLn.exe
  2⤵
  PID:4812
- C:\Windows\System\zqmKUSr.exe
  C:\Windows\System\zqmKUSr.exe
  2⤵
  PID:1864
- C:\Windows\System\fmUqRPV.exe
  C:\Windows\System\fmUqRPV.exe
  2⤵
  PID:4892
- C:\Windows\System\fNzrEZG.exe
  C:\Windows\System\fNzrEZG.exe
  2⤵
  PID:4980
- C:\Windows\System\JbpZjOV.exe
  C:\Windows\System\JbpZjOV.exe
  2⤵
  PID:4976
- C:\Windows\System\fOfsgAw.exe
  C:\Windows\System\fOfsgAw.exe
  2⤵
  PID:5000
- C:\Windows\System\hoonLdv.exe
  C:\Windows\System\hoonLdv.exe
  2⤵
  PID:5092
- C:\Windows\System\DfFqQEm.exe
  C:\Windows\System\DfFqQEm.exe
  2⤵
  PID:3876
- C:\Windows\System\pvBYywQ.exe
  C:\Windows\System\pvBYywQ.exe
  2⤵
  PID:3980
- C:\Windows\System\fhYUvbJ.exe
  C:\Windows\System\fhYUvbJ.exe
  2⤵
  PID:3244
- C:\Windows\System\OdynGEh.exe
  C:\Windows\System\OdynGEh.exe
  2⤵
  PID:3356
- C:\Windows\System\VyPPEkg.exe
  C:\Windows\System\VyPPEkg.exe
  2⤵
  PID:4188
- C:\Windows\System\MrQbFjr.exe
  C:\Windows\System\MrQbFjr.exe
  2⤵
  PID:4144
- C:\Windows\System\aJXQNfF.exe
  C:\Windows\System\aJXQNfF.exe
  2⤵
  PID:4324
- C:\Windows\System\sHPXzAf.exe
  C:\Windows\System\sHPXzAf.exe
  2⤵
  PID:4348
- C:\Windows\System\SSQEjOb.exe
  C:\Windows\System\SSQEjOb.exe
  2⤵
  PID:4472
- C:\Windows\System\AaBfYVQ.exe
  C:\Windows\System\AaBfYVQ.exe
  2⤵
  PID:4344
- C:\Windows\System\nUNdeLw.exe
  C:\Windows\System\nUNdeLw.exe
  2⤵
  PID:4660
- C:\Windows\System\JJmWEqj.exe
  C:\Windows\System\JJmWEqj.exe
  2⤵
  PID:4672
- C:\Windows\System\SiApoLX.exe
  C:\Windows\System\SiApoLX.exe
  2⤵
  PID:4792
- C:\Windows\System\NfRIqUb.exe
  C:\Windows\System\NfRIqUb.exe
  2⤵
  PID:4872
- C:\Windows\System\uQQxssz.exe
  C:\Windows\System\uQQxssz.exe
  2⤵
  PID:2736
- C:\Windows\System\KcAdPEj.exe
  C:\Windows\System\KcAdPEj.exe
  2⤵
  PID:4912
- C:\Windows\System\cfEJwxW.exe
  C:\Windows\System\cfEJwxW.exe
  2⤵
  PID:2336
- C:\Windows\System\ovZWSpM.exe
  C:\Windows\System\ovZWSpM.exe
  2⤵
  PID:2080
- C:\Windows\System\RTXkzQO.exe
  C:\Windows\System\RTXkzQO.exe
  2⤵
  PID:2868
- C:\Windows\System\WznEWpX.exe
  C:\Windows\System\WznEWpX.exe
  2⤵
  PID:4120
- C:\Windows\System\gwEvJCj.exe
  C:\Windows\System\gwEvJCj.exe
  2⤵
  PID:4192
- C:\Windows\System\wSyADbc.exe
  C:\Windows\System\wSyADbc.exe
  2⤵
  PID:4128
- C:\Windows\System\zAYggDO.exe
  C:\Windows\System\zAYggDO.exe
  2⤵
  PID:2700
- C:\Windows\System\naixmdi.exe
  C:\Windows\System\naixmdi.exe
  2⤵
  PID:4452
- C:\Windows\System\NownriJ.exe
  C:\Windows\System\NownriJ.exe
  2⤵
  PID:5136
- C:\Windows\System\akBUrkZ.exe
  C:\Windows\System\akBUrkZ.exe
  2⤵
  PID:5156
- C:\Windows\System\qpUduBz.exe
  C:\Windows\System\qpUduBz.exe
  2⤵
  PID:5176
- C:\Windows\System\Ewxqwaa.exe
  C:\Windows\System\Ewxqwaa.exe
  2⤵
  PID:5196
- C:\Windows\System\lGoXAVX.exe
  C:\Windows\System\lGoXAVX.exe
  2⤵
  PID:5216
- C:\Windows\System\EQbOYGY.exe
  C:\Windows\System\EQbOYGY.exe
  2⤵
  PID:5236
- C:\Windows\System\hCWhrna.exe
  C:\Windows\System\hCWhrna.exe
  2⤵
  PID:5256
- C:\Windows\System\nOneXiv.exe
  C:\Windows\System\nOneXiv.exe
  2⤵
  PID:5276
- C:\Windows\System\pjIFCdd.exe
  C:\Windows\System\pjIFCdd.exe
  2⤵
  PID:5296
- C:\Windows\System\JnjvKCs.exe
  C:\Windows\System\JnjvKCs.exe
  2⤵
  PID:5316
- C:\Windows\System\JznAZEy.exe
  C:\Windows\System\JznAZEy.exe
  2⤵
  PID:5336
- C:\Windows\System\zNYqGoT.exe
  C:\Windows\System\zNYqGoT.exe
  2⤵
  PID:5352
- C:\Windows\System\JOhzvQa.exe
  C:\Windows\System\JOhzvQa.exe
  2⤵
  PID:5376
- C:\Windows\System\nOKaoeZ.exe
  C:\Windows\System\nOKaoeZ.exe
  2⤵
  PID:5396
- C:\Windows\System\sbBlCSn.exe
  C:\Windows\System\sbBlCSn.exe
  2⤵
  PID:5416
- C:\Windows\System\uxpvWIT.exe
  C:\Windows\System\uxpvWIT.exe
  2⤵
  PID:5436
- C:\Windows\System\YRXWtDy.exe
  C:\Windows\System\YRXWtDy.exe
  2⤵
  PID:5456
- C:\Windows\System\NYSXBzl.exe
  C:\Windows\System\NYSXBzl.exe
  2⤵
  PID:5476
- C:\Windows\System\LfEAxuo.exe
  C:\Windows\System\LfEAxuo.exe
  2⤵
  PID:5496
- C:\Windows\System\bXiENpK.exe
  C:\Windows\System\bXiENpK.exe
  2⤵
  PID:5516
- C:\Windows\System\ThXphII.exe
  C:\Windows\System\ThXphII.exe
  2⤵
  PID:5536
- C:\Windows\System\CdViKDX.exe
  C:\Windows\System\CdViKDX.exe
  2⤵
  PID:5556
- C:\Windows\System\vMgPPPl.exe
  C:\Windows\System\vMgPPPl.exe
  2⤵
  PID:5576
- C:\Windows\System\mVtOiXp.exe
  C:\Windows\System\mVtOiXp.exe
  2⤵
  PID:5596
- C:\Windows\System\IETZzok.exe
  C:\Windows\System\IETZzok.exe
  2⤵
  PID:5616
- C:\Windows\System\kaWGHOd.exe
  C:\Windows\System\kaWGHOd.exe
  2⤵
  PID:5636
- C:\Windows\System\hdFnWix.exe
  C:\Windows\System\hdFnWix.exe
  2⤵
  PID:5656
- C:\Windows\System\XYDhfRz.exe
  C:\Windows\System\XYDhfRz.exe
  2⤵
  PID:5676
- C:\Windows\System\EqhTVML.exe
  C:\Windows\System\EqhTVML.exe
  2⤵
  PID:5696
- C:\Windows\System\unTEvwB.exe
  C:\Windows\System\unTEvwB.exe
  2⤵
  PID:5716
- C:\Windows\System\lMMYdNx.exe
  C:\Windows\System\lMMYdNx.exe
  2⤵
  PID:5736
- C:\Windows\System\kknldFE.exe
  C:\Windows\System\kknldFE.exe
  2⤵
  PID:5756
- C:\Windows\System\qTrUiiG.exe
  C:\Windows\System\qTrUiiG.exe
  2⤵
  PID:5776
- C:\Windows\System\vfECdnP.exe
  C:\Windows\System\vfECdnP.exe
  2⤵
  PID:5792
- C:\Windows\System\uZZYjFn.exe
  C:\Windows\System\uZZYjFn.exe
  2⤵
  PID:5816
- C:\Windows\System\lPxXRvZ.exe
  C:\Windows\System\lPxXRvZ.exe
  2⤵
  PID:5832
- C:\Windows\System\snYBEYf.exe
  C:\Windows\System\snYBEYf.exe
  2⤵
  PID:5856
- C:\Windows\System\TQPQqaY.exe
  C:\Windows\System\TQPQqaY.exe
  2⤵
  PID:5872
- C:\Windows\System\ZPMWDgx.exe
  C:\Windows\System\ZPMWDgx.exe
  2⤵
  PID:5892
- C:\Windows\System\GJvlTrM.exe
  C:\Windows\System\GJvlTrM.exe
  2⤵
  PID:5912
- C:\Windows\System\QtRdZcN.exe
  C:\Windows\System\QtRdZcN.exe
  2⤵
  PID:5936
- C:\Windows\System\kwMDvFZ.exe
  C:\Windows\System\kwMDvFZ.exe
  2⤵
  PID:5956
- C:\Windows\System\QeJNZkf.exe
  C:\Windows\System\QeJNZkf.exe
  2⤵
  PID:5976
- C:\Windows\System\pjmSGzN.exe
  C:\Windows\System\pjmSGzN.exe
  2⤵
  PID:5996
- C:\Windows\System\RlXukrT.exe
  C:\Windows\System\RlXukrT.exe
  2⤵
  PID:6016
- C:\Windows\System\HAiXbws.exe
  C:\Windows\System\HAiXbws.exe
  2⤵
  PID:6036
- C:\Windows\System\mCbidso.exe
  C:\Windows\System\mCbidso.exe
  2⤵
  PID:6056
- C:\Windows\System\bYGgilT.exe
  C:\Windows\System\bYGgilT.exe
  2⤵
  PID:6076
- C:\Windows\System\MJUcbhR.exe
  C:\Windows\System\MJUcbhR.exe
  2⤵
  PID:6096
- C:\Windows\System\FurOwuH.exe
  C:\Windows\System\FurOwuH.exe
  2⤵
  PID:6116
- C:\Windows\System\RJKQKIx.exe
  C:\Windows\System\RJKQKIx.exe
  2⤵
  PID:6136
- C:\Windows\System\XMAxXpe.exe
  C:\Windows\System\XMAxXpe.exe
  2⤵
  PID:4592
- C:\Windows\System\oiyyIMb.exe
  C:\Windows\System\oiyyIMb.exe
  2⤵
  PID:4896
- C:\Windows\System\ZpyQtjr.exe
  C:\Windows\System\ZpyQtjr.exe
  2⤵
  PID:4960
- C:\Windows\System\YmFvGmK.exe
  C:\Windows\System\YmFvGmK.exe
  2⤵
  PID:2896
- C:\Windows\System\GAdEfJZ.exe
  C:\Windows\System\GAdEfJZ.exe
  2⤵
  PID:3736
- C:\Windows\System\dxSZRDN.exe
  C:\Windows\System\dxSZRDN.exe
  2⤵
  PID:2612
- C:\Windows\System\asjpzbi.exe
  C:\Windows\System\asjpzbi.exe
  2⤵
  PID:2560
- C:\Windows\System\ZDADLQa.exe
  C:\Windows\System\ZDADLQa.exe
  2⤵
  PID:4856
- C:\Windows\System\zlVqaTk.exe
  C:\Windows\System\zlVqaTk.exe
  2⤵
  PID:4228
- C:\Windows\System\DdImnrs.exe
  C:\Windows\System\DdImnrs.exe
  2⤵
  PID:5144
- C:\Windows\System\kHFcdhV.exe
  C:\Windows\System\kHFcdhV.exe
  2⤵
  PID:5172
- C:\Windows\System\wMVDCjA.exe
  C:\Windows\System\wMVDCjA.exe
  2⤵
  PID:5204
- C:\Windows\System\NtYpnRs.exe
  C:\Windows\System\NtYpnRs.exe
  2⤵
  PID:5224
- C:\Windows\System\HwBHeey.exe
  C:\Windows\System\HwBHeey.exe
  2⤵
  PID:5252
- C:\Windows\System\hYYaHtY.exe
  C:\Windows\System\hYYaHtY.exe
  2⤵
  PID:5272
- C:\Windows\System\MKGnhSy.exe
  C:\Windows\System\MKGnhSy.exe
  2⤵
  PID:5332
- C:\Windows\System\JgawoqO.exe
  C:\Windows\System\JgawoqO.exe
  2⤵
  PID:5348
- C:\Windows\System\ZMpnAjw.exe
  C:\Windows\System\ZMpnAjw.exe
  2⤵
  PID:2888
- C:\Windows\System\ouEJClf.exe
  C:\Windows\System\ouEJClf.exe
  2⤵
  PID:5412
- C:\Windows\System\IoZSFBO.exe
  C:\Windows\System\IoZSFBO.exe
  2⤵
  PID:5452
- C:\Windows\System\fxQberg.exe
  C:\Windows\System\fxQberg.exe
  2⤵
  PID:5484
- C:\Windows\System\tshrsqi.exe
  C:\Windows\System\tshrsqi.exe
  2⤵
  PID:5504
- C:\Windows\System\fSBwOSd.exe
  C:\Windows\System\fSBwOSd.exe
  2⤵
  PID:5532
- C:\Windows\System\BjSXEyd.exe
  C:\Windows\System\BjSXEyd.exe
  2⤵
  PID:5552
- C:\Windows\System\koRfIwq.exe
  C:\Windows\System\koRfIwq.exe
  2⤵
  PID:5588
- C:\Windows\System\iWCSdBL.exe
  C:\Windows\System\iWCSdBL.exe
  2⤵
  PID:5644
- C:\Windows\System\WrYBbwQ.exe
  C:\Windows\System\WrYBbwQ.exe
  2⤵
  PID:5652
- C:\Windows\System\IvhAdDm.exe
  C:\Windows\System\IvhAdDm.exe
  2⤵
  PID:5688
- C:\Windows\System\dVcbCNV.exe
  C:\Windows\System\dVcbCNV.exe
  2⤵
  PID:5732
- C:\Windows\System\ELHbIVE.exe
  C:\Windows\System\ELHbIVE.exe
  2⤵
  PID:5748
- C:\Windows\System\UtqSfvO.exe
  C:\Windows\System\UtqSfvO.exe
  2⤵
  PID:5804
- C:\Windows\System\zqgHIWU.exe
  C:\Windows\System\zqgHIWU.exe
  2⤵
  PID:5840
- C:\Windows\System\AVwklUN.exe
  C:\Windows\System\AVwklUN.exe
  2⤵
  PID:5852
- C:\Windows\System\INpvoWR.exe
  C:\Windows\System\INpvoWR.exe
  2⤵
  PID:5888
- C:\Windows\System\UxcOVYz.exe
  C:\Windows\System\UxcOVYz.exe
  2⤵
  PID:5868
- C:\Windows\System\VbrFPXP.exe
  C:\Windows\System\VbrFPXP.exe
  2⤵
  PID:5908
- C:\Windows\System\QKNwWKX.exe
  C:\Windows\System\QKNwWKX.exe
  2⤵
  PID:5952
- C:\Windows\System\CiBgBaF.exe
  C:\Windows\System\CiBgBaF.exe
  2⤵
  PID:6012
- C:\Windows\System\RZLzMbf.exe
  C:\Windows\System\RZLzMbf.exe
  2⤵
  PID:6024
- C:\Windows\System\lJDByTC.exe
  C:\Windows\System\lJDByTC.exe
  2⤵
  PID:6064
- C:\Windows\System\tjquBlO.exe
  C:\Windows\System\tjquBlO.exe
  2⤵
  PID:6068
- C:\Windows\System\lLOltHn.exe
  C:\Windows\System\lLOltHn.exe
  2⤵
  PID:6128
- C:\Windows\System\GMjnlig.exe
  C:\Windows\System\GMjnlig.exe
  2⤵
  PID:4832
- C:\Windows\System\trFtQoE.exe
  C:\Windows\System\trFtQoE.exe
  2⤵
  PID:2688
- C:\Windows\System\eXFTzOP.exe
  C:\Windows\System\eXFTzOP.exe
  2⤵
  PID:860
- C:\Windows\System\KVLQnpf.exe
  C:\Windows\System\KVLQnpf.exe
  2⤵
  PID:1312
- C:\Windows\System\jUNsbqJ.exe
  C:\Windows\System\jUNsbqJ.exe
  2⤵
  PID:4468
- C:\Windows\System\WQZmZFV.exe
  C:\Windows\System\WQZmZFV.exe
  2⤵
  PID:2712
- C:\Windows\System\BBunOmp.exe
  C:\Windows\System\BBunOmp.exe
  2⤵
  PID:2900
- C:\Windows\System\UvEbYSR.exe
  C:\Windows\System\UvEbYSR.exe
  2⤵
  PID:5184
- C:\Windows\System\BorsUwn.exe
  C:\Windows\System\BorsUwn.exe
  2⤵
  PID:5208
- C:\Windows\System\tFRaDHf.exe
  C:\Windows\System\tFRaDHf.exe
  2⤵
  PID:5312
- C:\Windows\System\saXTZzk.exe
  C:\Windows\System\saXTZzk.exe
  2⤵
  PID:5328
- C:\Windows\System\cZzioKf.exe
  C:\Windows\System\cZzioKf.exe
  2⤵
  PID:5360
- C:\Windows\System\uJGWvmf.exe
  C:\Windows\System\uJGWvmf.exe
  2⤵
  PID:5428
- C:\Windows\System\sioqdys.exe
  C:\Windows\System\sioqdys.exe
  2⤵
  PID:5472
- C:\Windows\System\vIYzVpL.exe
  C:\Windows\System\vIYzVpL.exe
  2⤵
  PID:5564
- C:\Windows\System\jquvMuf.exe
  C:\Windows\System\jquvMuf.exe
  2⤵
  PID:5592
- C:\Windows\System\GYBcvml.exe
  C:\Windows\System\GYBcvml.exe
  2⤵
  PID:5664
- C:\Windows\System\FhHvAAY.exe
  C:\Windows\System\FhHvAAY.exe
  2⤵
  PID:5672
- C:\Windows\System\mMVvXgD.exe
  C:\Windows\System\mMVvXgD.exe
  2⤵
  PID:5724
- C:\Windows\System\WNatIiz.exe
  C:\Windows\System\WNatIiz.exe
  2⤵
  PID:5800
- C:\Windows\System\VkQpwcO.exe
  C:\Windows\System\VkQpwcO.exe
  2⤵
  PID:5848
- C:\Windows\System\vGFLEnQ.exe
  C:\Windows\System\vGFLEnQ.exe
  2⤵
  PID:2808
- C:\Windows\System\DtBuXXF.exe
  C:\Windows\System\DtBuXXF.exe
  2⤵
  PID:5904
- C:\Windows\System\QdTlftN.exe
  C:\Windows\System\QdTlftN.exe
  2⤵
  PID:5968
- C:\Windows\System\RzfUjHy.exe
  C:\Windows\System\RzfUjHy.exe
  2⤵
  PID:6028
- C:\Windows\System\XOSMPnO.exe
  C:\Windows\System\XOSMPnO.exe
  2⤵
  PID:6072
- C:\Windows\System\FnAzOXq.exe
  C:\Windows\System\FnAzOXq.exe
  2⤵
  PID:2664
- C:\Windows\System\TjFizKb.exe
  C:\Windows\System\TjFizKb.exe
  2⤵
  PID:2952
- C:\Windows\System\iCxENcx.exe
  C:\Windows\System\iCxENcx.exe
  2⤵
  PID:4152
- C:\Windows\System\VjyCEqw.exe
  C:\Windows\System\VjyCEqw.exe
  2⤵
  PID:4488
- C:\Windows\System\eRRKVZa.exe
  C:\Windows\System\eRRKVZa.exe
  2⤵
  PID:5148
- C:\Windows\System\xHrAVMC.exe
  C:\Windows\System\xHrAVMC.exe
  2⤵
  PID:2824
- C:\Windows\System\YUZecYO.exe
  C:\Windows\System\YUZecYO.exe
  2⤵
  PID:5264
- C:\Windows\System\TdqRdys.exe
  C:\Windows\System\TdqRdys.exe
  2⤵
  PID:5384
- C:\Windows\System\fgLlFHN.exe
  C:\Windows\System\fgLlFHN.exe
  2⤵
  PID:5468
- C:\Windows\System\VArvGHK.exe
  C:\Windows\System\VArvGHK.exe
  2⤵
  PID:5512
- C:\Windows\System\iKLEXuk.exe
  C:\Windows\System\iKLEXuk.exe
  2⤵
  PID:1668
- C:\Windows\System\qCFdiWw.exe
  C:\Windows\System\qCFdiWw.exe
  2⤵
  PID:5728
- C:\Windows\System\MhaBdNz.exe
  C:\Windows\System\MhaBdNz.exe
  2⤵
  PID:5788
- C:\Windows\System\cvFeMdb.exe
  C:\Windows\System\cvFeMdb.exe
  2⤵
  PID:5880
- C:\Windows\System\wIBpbiE.exe
  C:\Windows\System\wIBpbiE.exe
  2⤵
  PID:5924
- C:\Windows\System\dDASHiC.exe
  C:\Windows\System\dDASHiC.exe
  2⤵
  PID:6088
- C:\Windows\System\uEeartM.exe
  C:\Windows\System\uEeartM.exe
  2⤵
  PID:5100
- C:\Windows\System\uxcqMZq.exe
  C:\Windows\System\uxcqMZq.exe
  2⤵
  PID:6152
- C:\Windows\System\vGzsKDz.exe
  C:\Windows\System\vGzsKDz.exe
  2⤵
  PID:6172
- C:\Windows\System\KMxjNpL.exe
  C:\Windows\System\KMxjNpL.exe
  2⤵
  PID:6192
- C:\Windows\System\bZVkuYn.exe
  C:\Windows\System\bZVkuYn.exe
  2⤵
  PID:6212
- C:\Windows\System\ZTXWbGp.exe
  C:\Windows\System\ZTXWbGp.exe
  2⤵
  PID:6232
- C:\Windows\System\lPrxofH.exe
  C:\Windows\System\lPrxofH.exe
  2⤵
  PID:6248
- C:\Windows\System\FhMCVvr.exe
  C:\Windows\System\FhMCVvr.exe
  2⤵
  PID:6272
- C:\Windows\System\skNnwBK.exe
  C:\Windows\System\skNnwBK.exe
  2⤵
  PID:6292
- C:\Windows\System\dYXMJdp.exe
  C:\Windows\System\dYXMJdp.exe
  2⤵
  PID:6312
- C:\Windows\System\BkkMhuA.exe
  C:\Windows\System\BkkMhuA.exe
  2⤵
  PID:6332
- C:\Windows\System\TEVKOsT.exe
  C:\Windows\System\TEVKOsT.exe
  2⤵
  PID:6352
- C:\Windows\System\rkNLVXC.exe
  C:\Windows\System\rkNLVXC.exe
  2⤵
  PID:6372
- C:\Windows\System\vitXjmP.exe
  C:\Windows\System\vitXjmP.exe
  2⤵
  PID:6392
- C:\Windows\System\SdQLNfZ.exe
  C:\Windows\System\SdQLNfZ.exe
  2⤵
  PID:6416
- C:\Windows\System\WUtRneN.exe
  C:\Windows\System\WUtRneN.exe
  2⤵
  PID:6436
- C:\Windows\System\lDmEvrI.exe
  C:\Windows\System\lDmEvrI.exe
  2⤵
  PID:6456
- C:\Windows\System\HrxnIyo.exe
  C:\Windows\System\HrxnIyo.exe
  2⤵
  PID:6476
- C:\Windows\System\sGkHJRf.exe
  C:\Windows\System\sGkHJRf.exe
  2⤵
  PID:6496
- C:\Windows\System\BsCHdeG.exe
  C:\Windows\System\BsCHdeG.exe
  2⤵
  PID:6516
- C:\Windows\System\azsJrxf.exe
  C:\Windows\System\azsJrxf.exe
  2⤵
  PID:6536
- C:\Windows\System\XmGXVdf.exe
  C:\Windows\System\XmGXVdf.exe
  2⤵
  PID:6556
- C:\Windows\System\HpfLNnX.exe
  C:\Windows\System\HpfLNnX.exe
  2⤵
  PID:6576
- C:\Windows\System\DbsQCHg.exe
  C:\Windows\System\DbsQCHg.exe
  2⤵
  PID:6596
- C:\Windows\System\QRRuixe.exe
  C:\Windows\System\QRRuixe.exe
  2⤵
  PID:6616
- C:\Windows\System\bufgmBj.exe
  C:\Windows\System\bufgmBj.exe
  2⤵
  PID:6636
- C:\Windows\System\mCexhdr.exe
  C:\Windows\System\mCexhdr.exe
  2⤵
  PID:6656
- C:\Windows\System\SiWxugT.exe
  C:\Windows\System\SiWxugT.exe
  2⤵
  PID:6676
- C:\Windows\System\ONWtOSj.exe
  C:\Windows\System\ONWtOSj.exe
  2⤵
  PID:6696
- C:\Windows\System\thYbAYs.exe
  C:\Windows\System\thYbAYs.exe
  2⤵
  PID:6716
- C:\Windows\System\fgnIzbU.exe
  C:\Windows\System\fgnIzbU.exe
  2⤵
  PID:6736
- C:\Windows\System\zBBZTaK.exe
  C:\Windows\System\zBBZTaK.exe
  2⤵
  PID:6756
- C:\Windows\System\hHIhVIQ.exe
  C:\Windows\System\hHIhVIQ.exe
  2⤵
  PID:6776
- C:\Windows\System\FqPjVil.exe
  C:\Windows\System\FqPjVil.exe
  2⤵
  PID:6796
- C:\Windows\System\ddMPvCO.exe
  C:\Windows\System\ddMPvCO.exe
  2⤵
  PID:6816
- C:\Windows\System\dnBhDuk.exe
  C:\Windows\System\dnBhDuk.exe
  2⤵
  PID:6836
- C:\Windows\System\vWqndWm.exe
  C:\Windows\System\vWqndWm.exe
  2⤵
  PID:6856
- C:\Windows\System\bgcfMMQ.exe
  C:\Windows\System\bgcfMMQ.exe
  2⤵
  PID:6876
- C:\Windows\System\hYZSpyR.exe
  C:\Windows\System\hYZSpyR.exe
  2⤵
  PID:6896
- C:\Windows\System\ZSBSQwB.exe
  C:\Windows\System\ZSBSQwB.exe
  2⤵
  PID:6916
- C:\Windows\System\NPSNiEN.exe
  C:\Windows\System\NPSNiEN.exe
  2⤵
  PID:6936
- C:\Windows\System\JQpnkhz.exe
  C:\Windows\System\JQpnkhz.exe
  2⤵
  PID:6956
- C:\Windows\System\zsoqARP.exe
  C:\Windows\System\zsoqARP.exe
  2⤵
  PID:6976
- C:\Windows\System\JuknhcD.exe
  C:\Windows\System\JuknhcD.exe
  2⤵
  PID:6996
- C:\Windows\System\dHuqbGG.exe
  C:\Windows\System\dHuqbGG.exe
  2⤵
  PID:7016
- C:\Windows\System\eJLmaWr.exe
  C:\Windows\System\eJLmaWr.exe
  2⤵
  PID:7036
- C:\Windows\System\RtKlfRI.exe
  C:\Windows\System\RtKlfRI.exe
  2⤵
  PID:7056
- C:\Windows\System\FslUdcM.exe
  C:\Windows\System\FslUdcM.exe
  2⤵
  PID:7096
- C:\Windows\System\pmnaiSj.exe
  C:\Windows\System\pmnaiSj.exe
  2⤵
  PID:7132
- C:\Windows\System\UMuHcPI.exe
  C:\Windows\System\UMuHcPI.exe
  2⤵
  PID:7152
- C:\Windows\System\MaNkKFV.exe
  C:\Windows\System\MaNkKFV.exe
  2⤵
  PID:2840
- C:\Windows\System\seeHcea.exe
  C:\Windows\System\seeHcea.exe
  2⤵
  PID:3272
- C:\Windows\System\UiRMyGx.exe
  C:\Windows\System\UiRMyGx.exe
  2⤵
  PID:4168
- C:\Windows\System\gaFxzQC.exe
  C:\Windows\System\gaFxzQC.exe
  2⤵
  PID:5288
- C:\Windows\System\FlCQhCG.exe
  C:\Windows\System\FlCQhCG.exe
  2⤵
  PID:5432
- C:\Windows\System\gMZuoBc.exe
  C:\Windows\System\gMZuoBc.exe
  2⤵
  PID:5568
- C:\Windows\System\uGfGWHO.exe
  C:\Windows\System\uGfGWHO.exe
  2⤵
  PID:5604
- C:\Windows\System\MfaXoKF.exe
  C:\Windows\System\MfaXoKF.exe
  2⤵
  PID:1052
- C:\Windows\System\mVJvPrm.exe
  C:\Windows\System\mVJvPrm.exe
  2⤵
  PID:2432
- C:\Windows\System\sfwYZbW.exe
  C:\Windows\System\sfwYZbW.exe
  2⤵
  PID:6032
- C:\Windows\System\VfZNWEp.exe
  C:\Windows\System\VfZNWEp.exe
  2⤵
  PID:6160
- C:\Windows\System\pbgrYee.exe
  C:\Windows\System\pbgrYee.exe
  2⤵
  PID:6220
- C:\Windows\System\wCAlhkN.exe
  C:\Windows\System\wCAlhkN.exe
  2⤵
  PID:6228
- C:\Windows\System\sgVMIvk.exe
  C:\Windows\System\sgVMIvk.exe
  2⤵
  PID:6264
- C:\Windows\System\CHekOxD.exe
  C:\Windows\System\CHekOxD.exe
  2⤵
  PID:6260
- C:\Windows\System\KNMmOWB.exe
  C:\Windows\System\KNMmOWB.exe
  2⤵
  PID:2580
- C:\Windows\System\qgoGrPn.exe
  C:\Windows\System\qgoGrPn.exe
  2⤵
  PID:6324
- C:\Windows\System\HLurJyx.exe
  C:\Windows\System\HLurJyx.exe
  2⤵
  PID:6380
- C:\Windows\System\EUAvMfA.exe
  C:\Windows\System\EUAvMfA.exe
  2⤵
  PID:6364
- C:\Windows\System\mKPmdWd.exe
  C:\Windows\System\mKPmdWd.exe
  2⤵
  PID:6400
- C:\Windows\System\UbkpGXE.exe
  C:\Windows\System\UbkpGXE.exe
  2⤵
  PID:6448
- C:\Windows\System\Jkqakyo.exe
  C:\Windows\System\Jkqakyo.exe
  2⤵
  PID:6504
- C:\Windows\System\IkCBEmW.exe
  C:\Windows\System\IkCBEmW.exe
  2⤵
  PID:6532
- C:\Windows\System\hhpmoip.exe
  C:\Windows\System\hhpmoip.exe
  2⤵
  PID:6548
- C:\Windows\System\QxyUMUA.exe
  C:\Windows\System\QxyUMUA.exe
  2⤵
  PID:6584
- C:\Windows\System\nzjuOzd.exe
  C:\Windows\System\nzjuOzd.exe
  2⤵
  PID:6612
- C:\Windows\System\xJZUNhn.exe
  C:\Windows\System\xJZUNhn.exe
  2⤵
  PID:6628
- C:\Windows\System\gJZyfjq.exe
  C:\Windows\System\gJZyfjq.exe
  2⤵
  PID:6648
- C:\Windows\System\kFeswwn.exe
  C:\Windows\System\kFeswwn.exe
  2⤵
  PID:6708
- C:\Windows\System\oyeEPht.exe
  C:\Windows\System\oyeEPht.exe
  2⤵
  PID:6752
- C:\Windows\System\HTzUvpD.exe
  C:\Windows\System\HTzUvpD.exe
  2⤵
  PID:6808
- C:\Windows\System\dMGKeIn.exe
  C:\Windows\System\dMGKeIn.exe
  2⤵
  PID:6852
- C:\Windows\System\NdEdrWA.exe
  C:\Windows\System\NdEdrWA.exe
  2⤵
  PID:6888
- C:\Windows\System\YnOlxmR.exe
  C:\Windows\System\YnOlxmR.exe
  2⤵
  PID:6932
- C:\Windows\System\YShHBIh.exe
  C:\Windows\System\YShHBIh.exe
  2⤵
  PID:6948
- C:\Windows\System\keCrFwB.exe
  C:\Windows\System\keCrFwB.exe
  2⤵
  PID:6992
- C:\Windows\System\LZFIABc.exe
  C:\Windows\System\LZFIABc.exe
  2⤵
  PID:7008
- C:\Windows\System\PtvORqZ.exe
  C:\Windows\System\PtvORqZ.exe
  2⤵
  PID:7044
- C:\Windows\System\vfGlwKk.exe
  C:\Windows\System\vfGlwKk.exe
  2⤵
  PID:7076
- C:\Windows\System\LLVJMve.exe
  C:\Windows\System\LLVJMve.exe
  2⤵
  PID:2692
- C:\Windows\System\GaNQwET.exe
  C:\Windows\System\GaNQwET.exe
  2⤵
  PID:2780
- C:\Windows\System\igkwUks.exe
  C:\Windows\System\igkwUks.exe
  2⤵
  PID:336
- C:\Windows\System\GDBebpx.exe
  C:\Windows\System\GDBebpx.exe
  2⤵
  PID:2760
- C:\Windows\System\RMyGgVN.exe
  C:\Windows\System\RMyGgVN.exe
  2⤵
  PID:1092
- C:\Windows\System\tXhYRMk.exe
  C:\Windows\System\tXhYRMk.exe
  2⤵
  PID:2648
- C:\Windows\System\gPUXvFX.exe
  C:\Windows\System\gPUXvFX.exe
  2⤵
  PID:1964
- C:\Windows\System\LwuErTK.exe
  C:\Windows\System\LwuErTK.exe
  2⤵
  PID:920
- C:\Windows\System\yyfVcHp.exe
  C:\Windows\System\yyfVcHp.exe
  2⤵
  PID:7068
- C:\Windows\System\WeROsmO.exe
  C:\Windows\System\WeROsmO.exe
  2⤵
  PID:7124
- C:\Windows\System\Cmizjcb.exe
  C:\Windows\System\Cmizjcb.exe
  2⤵
  PID:1056
- C:\Windows\System\ltPxlnm.exe
  C:\Windows\System\ltPxlnm.exe
  2⤵
  PID:1248
- C:\Windows\System\hwmSUDe.exe
  C:\Windows\System\hwmSUDe.exe
  2⤵
  PID:2584
- C:\Windows\System\ZLmlRjo.exe
  C:\Windows\System\ZLmlRjo.exe
  2⤵
  PID:404
- C:\Windows\System\MgXbTLL.exe
  C:\Windows\System\MgXbTLL.exe
  2⤵
  PID:5248
- C:\Windows\System\piwRrKX.exe
  C:\Windows\System\piwRrKX.exe
  2⤵
  PID:5372
- C:\Windows\System\fjdhCdL.exe
  C:\Windows\System\fjdhCdL.exe
  2⤵
  PID:3896
- C:\Windows\System\DGrGEBZ.exe
  C:\Windows\System\DGrGEBZ.exe
  2⤵
  PID:5812
- C:\Windows\System\bmZEgGt.exe
  C:\Windows\System\bmZEgGt.exe
  2⤵
  PID:6184
- C:\Windows\System\GvuZfjU.exe
  C:\Windows\System\GvuZfjU.exe
  2⤵
  PID:6304
- C:\Windows\System\inDXFOf.exe
  C:\Windows\System\inDXFOf.exe
  2⤵
  PID:6092
- C:\Windows\System\hSKvpQB.exe
  C:\Windows\System\hSKvpQB.exe
  2⤵
  PID:6240
- C:\Windows\System\QTIKTJa.exe
  C:\Windows\System\QTIKTJa.exe
  2⤵
  PID:6408
- C:\Windows\System\cEHHRMq.exe
  C:\Windows\System\cEHHRMq.exe
  2⤵
  PID:6552
- C:\Windows\System\KNHZSOt.exe
  C:\Windows\System\KNHZSOt.exe
  2⤵
  PID:6732
- C:\Windows\System\EbEbYKr.exe
  C:\Windows\System\EbEbYKr.exe
  2⤵
  PID:6384
- C:\Windows\System\kAuDWDX.exe
  C:\Windows\System\kAuDWDX.exe
  2⤵
  PID:6784
- C:\Windows\System\rRcZKXx.exe
  C:\Windows\System\rRcZKXx.exe
  2⤵
  PID:6428
- C:\Windows\System\ifiNREy.exe
  C:\Windows\System\ifiNREy.exe
  2⤵
  PID:6568
- C:\Windows\System\JiUyVsx.exe
  C:\Windows\System\JiUyVsx.exe
  2⤵
  PID:6704
- C:\Windows\System\TNLlaLR.exe
  C:\Windows\System\TNLlaLR.exe
  2⤵
  PID:6824
- C:\Windows\System\YoZkkYt.exe
  C:\Windows\System\YoZkkYt.exe
  2⤵
  PID:6864
- C:\Windows\System\mBjxxzM.exe
  C:\Windows\System\mBjxxzM.exe
  2⤵
  PID:6924
- C:\Windows\System\rOmaTgY.exe
  C:\Windows\System\rOmaTgY.exe
  2⤵
  PID:6928
- C:\Windows\System\eHNwyCS.exe
  C:\Windows\System\eHNwyCS.exe
  2⤵
  PID:560
- C:\Windows\System\kMsTznw.exe
  C:\Windows\System\kMsTznw.exe
  2⤵
  PID:7072
- C:\Windows\System\PBifFUf.exe
  C:\Windows\System\PBifFUf.exe
  2⤵
  PID:4636
- C:\Windows\System\MHhOekF.exe
  C:\Windows\System\MHhOekF.exe
  2⤵
  PID:2024
- C:\Windows\System\BDWlqQX.exe
  C:\Windows\System\BDWlqQX.exe
  2⤵
  PID:1976
- C:\Windows\System\VdLIgDN.exe
  C:\Windows\System\VdLIgDN.exe
  2⤵
  PID:2532
- C:\Windows\System\PpcKqYn.exe
  C:\Windows\System\PpcKqYn.exe
  2⤵
  PID:960
- C:\Windows\System\KAFDrGc.exe
  C:\Windows\System\KAFDrGc.exe
  2⤵
  PID:4900
- C:\Windows\System\ULEMKxu.exe
  C:\Windows\System\ULEMKxu.exe
  2⤵
  PID:3976
- C:\Windows\System\nEbhWSz.exe
  C:\Windows\System\nEbhWSz.exe
  2⤵
  PID:2216
- C:\Windows\System\ZnNkvmi.exe
  C:\Windows\System\ZnNkvmi.exe
  2⤵
  PID:7148
- C:\Windows\System\jaNuYqt.exe
  C:\Windows\System\jaNuYqt.exe
  2⤵
  PID:5744
- C:\Windows\System\zdXpgqb.exe
  C:\Windows\System\zdXpgqb.exe
  2⤵
  PID:6360
- C:\Windows\System\LTdemNF.exe
  C:\Windows\System\LTdemNF.exe
  2⤵
  PID:6412
- C:\Windows\System\qGzgZdF.exe
  C:\Windows\System\qGzgZdF.exe
  2⤵
  PID:6652
- C:\Windows\System\xnrTWLE.exe
  C:\Windows\System\xnrTWLE.exe
  2⤵
  PID:6524
- C:\Windows\System\fEGfDUa.exe
  C:\Windows\System\fEGfDUa.exe
  2⤵
  PID:6300
- C:\Windows\System\MkUYZGC.exe
  C:\Windows\System\MkUYZGC.exe
  2⤵
  PID:6772
- C:\Windows\System\YKwAKzm.exe
  C:\Windows\System\YKwAKzm.exe
  2⤵
  PID:6464
- C:\Windows\System\GIcCtyc.exe
  C:\Windows\System\GIcCtyc.exe
  2⤵
  PID:6868
- C:\Windows\System\RebFvje.exe
  C:\Windows\System\RebFvje.exe
  2⤵
  PID:7028
- C:\Windows\System\FkeoFee.exe
  C:\Windows\System\FkeoFee.exe
  2⤵
  PID:6844
- C:\Windows\System\vZsvZwh.exe
  C:\Windows\System\vZsvZwh.exe
  2⤵
  PID:6972
- C:\Windows\System\MdjhBeK.exe
  C:\Windows\System\MdjhBeK.exe
  2⤵
  PID:3576
- C:\Windows\System\cdjdUIc.exe
  C:\Windows\System\cdjdUIc.exe
  2⤵
  PID:4276
- C:\Windows\System\NBBLvHD.exe
  C:\Windows\System\NBBLvHD.exe
  2⤵
  PID:2884
- C:\Windows\System\XEMSCqE.exe
  C:\Windows\System\XEMSCqE.exe
  2⤵
  PID:7140
- C:\Windows\System\XiwwsNk.exe
  C:\Windows\System\XiwwsNk.exe
  2⤵
  PID:1804
- C:\Windows\System\BJNHwUj.exe
  C:\Windows\System\BJNHwUj.exe
  2⤵
  PID:1944
- C:\Windows\System\BhYdXwd.exe
  C:\Windows\System\BhYdXwd.exe
  2⤵
  PID:7144
- C:\Windows\System\cDQXcjA.exe
  C:\Windows\System\cDQXcjA.exe
  2⤵
  PID:6164
- C:\Windows\System\hIQZemw.exe
  C:\Windows\System\hIQZemw.exe
  2⤵
  PID:6208
- C:\Windows\System\jKsEgho.exe
  C:\Windows\System\jKsEgho.exe
  2⤵
  PID:6492
- C:\Windows\System\NmbRwfd.exe
  C:\Windows\System\NmbRwfd.exe
  2⤵
  PID:2540
- C:\Windows\System\vhkDlSi.exe
  C:\Windows\System\vhkDlSi.exe
  2⤵
  PID:2020
- C:\Windows\System\zeIqAzA.exe
  C:\Windows\System\zeIqAzA.exe
  2⤵
  PID:6328
- C:\Windows\System\yHOrXEw.exe
  C:\Windows\System\yHOrXEw.exe
  2⤵
  PID:600
- C:\Windows\System\ZwRALYc.exe
  C:\Windows\System\ZwRALYc.exe
  2⤵
  PID:6688
- C:\Windows\System\bqMPBWl.exe
  C:\Windows\System\bqMPBWl.exe
  2⤵
  PID:5628
- C:\Windows\System\ecgFJpD.exe
  C:\Windows\System\ecgFJpD.exe
  2⤵
  PID:5972
- C:\Windows\System\PWQLlEN.exe
  C:\Windows\System\PWQLlEN.exe
  2⤵
  PID:6452
- C:\Windows\System\dqQSKMT.exe
  C:\Windows\System\dqQSKMT.exe
  2⤵
  PID:7184
- C:\Windows\System\eNqkRcB.exe
  C:\Windows\System\eNqkRcB.exe
  2⤵
  PID:7228
- C:\Windows\System\guswvCj.exe
  C:\Windows\System\guswvCj.exe
  2⤵
  PID:7244
- C:\Windows\System\xwsTXau.exe
  C:\Windows\System\xwsTXau.exe
  2⤵
  PID:7268
- C:\Windows\System\ItUpCus.exe
  C:\Windows\System\ItUpCus.exe
  2⤵
  PID:7288
- C:\Windows\System\CpnwDXy.exe
  C:\Windows\System\CpnwDXy.exe
  2⤵
  PID:7304
- C:\Windows\System\NtqQNVU.exe
  C:\Windows\System\NtqQNVU.exe
  2⤵
  PID:7320
- C:\Windows\System\SGfVxqG.exe
  C:\Windows\System\SGfVxqG.exe
  2⤵
  PID:7336
- C:\Windows\System\IwcqTtb.exe
  C:\Windows\System\IwcqTtb.exe
  2⤵
  PID:7364
- C:\Windows\System\pahKdGv.exe
  C:\Windows\System\pahKdGv.exe
  2⤵
  PID:7408
- C:\Windows\System\hTvmZdK.exe
  C:\Windows\System\hTvmZdK.exe
  2⤵
  PID:7424
- C:\Windows\System\uUuLBRG.exe
  C:\Windows\System\uUuLBRG.exe
  2⤵
  PID:7440
- C:\Windows\System\EWVwejY.exe
  C:\Windows\System\EWVwejY.exe
  2⤵
  PID:7484
- C:\Windows\System\QaaArmA.exe
  C:\Windows\System\QaaArmA.exe
  2⤵
  PID:7500
- C:\Windows\System\CuXRhaJ.exe
  C:\Windows\System\CuXRhaJ.exe
  2⤵
  PID:7516
- C:\Windows\System\cOsxhqj.exe
  C:\Windows\System\cOsxhqj.exe
  2⤵
  PID:7548
- C:\Windows\System\lCaRisD.exe
  C:\Windows\System\lCaRisD.exe
  2⤵
  PID:7564
- C:\Windows\System\aGOjnIU.exe
  C:\Windows\System\aGOjnIU.exe
  2⤵
  PID:7580
- C:\Windows\System\WWgmXdP.exe
  C:\Windows\System\WWgmXdP.exe
  2⤵
  PID:7596
- C:\Windows\System\xXVLFds.exe
  C:\Windows\System\xXVLFds.exe
  2⤵
  PID:7616
- C:\Windows\System\LqPaZzM.exe
  C:\Windows\System\LqPaZzM.exe
  2⤵
  PID:7640
- C:\Windows\System\BgMPktN.exe
  C:\Windows\System\BgMPktN.exe
  2⤵
  PID:7656
- C:\Windows\System\rMyHMoP.exe
  C:\Windows\System\rMyHMoP.exe
  2⤵
  PID:7676
- C:\Windows\System\IqTISCy.exe
  C:\Windows\System\IqTISCy.exe
  2⤵
  PID:7692
- C:\Windows\System\lyBcQBQ.exe
  C:\Windows\System\lyBcQBQ.exe
  2⤵
  PID:7708
- C:\Windows\System\YZwaRAl.exe
  C:\Windows\System\YZwaRAl.exe
  2⤵
  PID:7728
- C:\Windows\System\cYukUBF.exe
  C:\Windows\System\cYukUBF.exe
  2⤵
  PID:7744
- C:\Windows\System\pbJskAH.exe
  C:\Windows\System\pbJskAH.exe
  2⤵
  PID:7760
- C:\Windows\System\hjVgTmO.exe
  C:\Windows\System\hjVgTmO.exe
  2⤵
  PID:7776
- C:\Windows\System\IkiuMPw.exe
  C:\Windows\System\IkiuMPw.exe
  2⤵
  PID:7808
- C:\Windows\System\heIvwhp.exe
  C:\Windows\System\heIvwhp.exe
  2⤵
  PID:7824
- C:\Windows\System\FerSBtu.exe
  C:\Windows\System\FerSBtu.exe
  2⤵
  PID:7840
- C:\Windows\System\gmtdQNn.exe
  C:\Windows\System\gmtdQNn.exe
  2⤵
  PID:7864
- C:\Windows\System\XFvRxlY.exe
  C:\Windows\System\XFvRxlY.exe
  2⤵
  PID:7892
- C:\Windows\System\LtwbbyR.exe
  C:\Windows\System\LtwbbyR.exe
  2⤵
  PID:7908
- C:\Windows\System\zskaIdT.exe
  C:\Windows\System\zskaIdT.exe
  2⤵
  PID:7924
- C:\Windows\System\LNtdzVU.exe
  C:\Windows\System\LNtdzVU.exe
  2⤵
  PID:7952
- C:\Windows\System\XOvDwWH.exe
  C:\Windows\System\XOvDwWH.exe
  2⤵
  PID:7968
- C:\Windows\System\EnnNJVC.exe
  C:\Windows\System\EnnNJVC.exe
  2⤵
  PID:7996
- C:\Windows\System\zCrhLrv.exe
  C:\Windows\System\zCrhLrv.exe
  2⤵
  PID:8016
- C:\Windows\System\mweCZXJ.exe
  C:\Windows\System\mweCZXJ.exe
  2⤵
  PID:8036
- C:\Windows\System\JsmgyDf.exe
  C:\Windows\System\JsmgyDf.exe
  2⤵
  PID:8052
- C:\Windows\System\VKghpGQ.exe
  C:\Windows\System\VKghpGQ.exe
  2⤵
  PID:8072
- C:\Windows\System\wkaNndR.exe
  C:\Windows\System\wkaNndR.exe
  2⤵
  PID:8092
- C:\Windows\System\TLrplXY.exe
  C:\Windows\System\TLrplXY.exe
  2⤵
  PID:8120
- C:\Windows\System\BuDUrhK.exe
  C:\Windows\System\BuDUrhK.exe
  2⤵
  PID:8136
- C:\Windows\System\ZCdIGCR.exe
  C:\Windows\System\ZCdIGCR.exe
  2⤵
  PID:8164
- C:\Windows\System\BTRsJwt.exe
  C:\Windows\System\BTRsJwt.exe
  2⤵
  PID:8184
- C:\Windows\System\LzFuWuL.exe
  C:\Windows\System\LzFuWuL.exe
  2⤵
  PID:6244
- C:\Windows\System\AYSzeXg.exe
  C:\Windows\System\AYSzeXg.exe
  2⤵
  PID:6952
- C:\Windows\System\INkubCc.exe
  C:\Windows\System\INkubCc.exe
  2⤵
  PID:6748
- C:\Windows\System\iWyGLyG.exe
  C:\Windows\System\iWyGLyG.exe
  2⤵
  PID:6684
- C:\Windows\System\gjHeJwl.exe
  C:\Windows\System\gjHeJwl.exe
  2⤵
  PID:6320
- C:\Windows\System\dbgFJsF.exe
  C:\Windows\System\dbgFJsF.exe
  2⤵
  PID:5492
- C:\Windows\System\KbFOJEO.exe
  C:\Windows\System\KbFOJEO.exe
  2⤵
  PID:2732
- C:\Windows\System\vvElrIU.exe
  C:\Windows\System\vvElrIU.exe
  2⤵
  PID:7296
- C:\Windows\System\BDAPdOy.exe
  C:\Windows\System\BDAPdOy.exe
  2⤵
  PID:7236
- C:\Windows\System\bcFzyLx.exe
  C:\Windows\System\bcFzyLx.exe
  2⤵
  PID:7372
- C:\Windows\System\lcMYGfP.exe
  C:\Windows\System\lcMYGfP.exe
  2⤵
  PID:7316
- C:\Windows\System\SUXifWm.exe
  C:\Windows\System\SUXifWm.exe
  2⤵
  PID:7356
- C:\Windows\System\XbpouGN.exe
  C:\Windows\System\XbpouGN.exe
  2⤵
  PID:7420
- C:\Windows\System\cRLHwzI.exe
  C:\Windows\System\cRLHwzI.exe
  2⤵
  PID:7464
- C:\Windows\System\MEXyiUW.exe
  C:\Windows\System\MEXyiUW.exe
  2⤵
  PID:7448
- C:\Windows\System\ERALuZr.exe
  C:\Windows\System\ERALuZr.exe
  2⤵
  PID:7480
- C:\Windows\System\HRPOKcC.exe
  C:\Windows\System\HRPOKcC.exe
  2⤵
  PID:7544
- C:\Windows\System\YwtUhuq.exe
  C:\Windows\System\YwtUhuq.exe
  2⤵
  PID:7648
- C:\Windows\System\AtDYbDo.exe
  C:\Windows\System\AtDYbDo.exe
  2⤵
  PID:7716
- C:\Windows\System\ERXKPBS.exe
  C:\Windows\System\ERXKPBS.exe
  2⤵
  PID:7588
- C:\Windows\System\sfgWons.exe
  C:\Windows\System\sfgWons.exe
  2⤵
  PID:7788
- C:\Windows\System\VztfFqs.exe
  C:\Windows\System\VztfFqs.exe
  2⤵
  PID:7624
- C:\Windows\System\ZxHpdtB.exe
  C:\Windows\System\ZxHpdtB.exe
  2⤵
  PID:7836
- C:\Windows\System\kBSzwzi.exe
  C:\Windows\System\kBSzwzi.exe
  2⤵
  PID:7884
- C:\Windows\System\JwOdbWT.exe
  C:\Windows\System\JwOdbWT.exe
  2⤵
  PID:7772
- C:\Windows\System\xTXTRSB.exe
  C:\Windows\System\xTXTRSB.exe
  2⤵
  PID:7820
- C:\Windows\System\RfZdAwF.exe
  C:\Windows\System\RfZdAwF.exe
  2⤵
  PID:7740
- C:\Windows\System\efbmcdT.exe
  C:\Windows\System\efbmcdT.exe
  2⤵
  PID:8008
- C:\Windows\System\koYtdju.exe
  C:\Windows\System\koYtdju.exe
  2⤵
  PID:7980
- C:\Windows\System\uydvOgn.exe
  C:\Windows\System\uydvOgn.exe
  2⤵
  PID:7988
- C:\Windows\System\ayYCLip.exe
  C:\Windows\System\ayYCLip.exe
  2⤵
  PID:8080
- C:\Windows\System\ZwbHoCG.exe
  C:\Windows\System\ZwbHoCG.exe
  2⤵
  PID:8028
- C:\Windows\System\NwHHagx.exe
  C:\Windows\System\NwHHagx.exe
  2⤵
  PID:7848
- C:\Windows\System\QidnSbu.exe
  C:\Windows\System\QidnSbu.exe
  2⤵
  PID:8108
- C:\Windows\System\WRAeiPA.exe
  C:\Windows\System\WRAeiPA.exe
  2⤵
  PID:8116
- C:\Windows\System\InaAULY.exe
  C:\Windows\System\InaAULY.exe
  2⤵
  PID:8148
- C:\Windows\System\xHrVMcy.exe
  C:\Windows\System\xHrVMcy.exe
  2⤵
  PID:6884
- C:\Windows\System\cqfZtNi.exe
  C:\Windows\System\cqfZtNi.exe
  2⤵
  PID:1508
- C:\Windows\System\VMFSEPc.exe
  C:\Windows\System\VMFSEPc.exe
  2⤵
  PID:6632
- C:\Windows\System\LlPNXsB.exe
  C:\Windows\System\LlPNXsB.exe
  2⤵
  PID:6604
- C:\Windows\System\EBuDhDG.exe
  C:\Windows\System\EBuDhDG.exe
  2⤵
  PID:7276
- C:\Windows\System\PSgXSxI.exe
  C:\Windows\System\PSgXSxI.exe
  2⤵
  PID:7344
- C:\Windows\System\tEUShAv.exe
  C:\Windows\System\tEUShAv.exe
  2⤵
  PID:7452
- C:\Windows\System\yNoHPQc.exe
  C:\Windows\System\yNoHPQc.exe
  2⤵
  PID:7492
- C:\Windows\System\dpbFQAL.exe
  C:\Windows\System\dpbFQAL.exe
  2⤵
  PID:7612
- C:\Windows\System\ZcBIZhY.exe
  C:\Windows\System\ZcBIZhY.exe
  2⤵
  PID:7332
- C:\Windows\System\CFSdhMo.exe
  C:\Windows\System\CFSdhMo.exe
  2⤵
  PID:7532
- C:\Windows\System\axXUnHp.exe
  C:\Windows\System\axXUnHp.exe
  2⤵
  PID:7752
- C:\Windows\System\jaKonjQ.exe
  C:\Windows\System\jaKonjQ.exe
  2⤵
  PID:7816
- C:\Windows\System\uxkoUlP.exe
  C:\Windows\System\uxkoUlP.exe
  2⤵
  PID:7932
- C:\Windows\System\vLYhsPA.exe
  C:\Windows\System\vLYhsPA.exe
  2⤵
  PID:7900
- C:\Windows\System\ZoXrQbM.exe
  C:\Windows\System\ZoXrQbM.exe
  2⤵
  PID:7688
- C:\Windows\System\TDJoZDB.exe
  C:\Windows\System\TDJoZDB.exe
  2⤵
  PID:8068
- C:\Windows\System\YKILFgB.exe
  C:\Windows\System\YKILFgB.exe
  2⤵
  PID:6912
- C:\Windows\System\NkqZTKV.exe
  C:\Windows\System\NkqZTKV.exe
  2⤵
  PID:7556
- C:\Windows\System\MDAPZfy.exe
  C:\Windows\System\MDAPZfy.exe
  2⤵
  PID:7192
- C:\Windows\System\GegvNgm.exe
  C:\Windows\System\GegvNgm.exe
  2⤵
  PID:7920
- C:\Windows\System\dEjLJiu.exe
  C:\Windows\System\dEjLJiu.exe
  2⤵
  PID:8048
- C:\Windows\System\vhAUGjr.exe
  C:\Windows\System\vhAUGjr.exe
  2⤵
  PID:7948
- C:\Windows\System\NbZEzzM.exe
  C:\Windows\System\NbZEzzM.exe
  2⤵
  PID:2124
- C:\Windows\System\dLInbXV.exe
  C:\Windows\System\dLInbXV.exe
  2⤵
  PID:7260
- C:\Windows\System\zmkNfQy.exe
  C:\Windows\System\zmkNfQy.exe
  2⤵
  PID:7180
- C:\Windows\System\tWWekah.exe
  C:\Windows\System\tWWekah.exe
  2⤵
  PID:7352
- C:\Windows\System\tZtZExm.exe
  C:\Windows\System\tZtZExm.exe
  2⤵
  PID:7572
- C:\Windows\System\YuggQsN.exe
  C:\Windows\System\YuggQsN.exe
  2⤵
  PID:7472
- C:\Windows\System\zlLnCsa.exe
  C:\Windows\System\zlLnCsa.exe
  2⤵
  PID:7608
- C:\Windows\System\ENJIoNj.exe
  C:\Windows\System\ENJIoNj.exe
  2⤵
  PID:7880
- C:\Windows\System\QcDcina.exe
  C:\Windows\System\QcDcina.exe
  2⤵
  PID:7856
- C:\Windows\System\HYDHlFt.exe
  C:\Windows\System\HYDHlFt.exe
  2⤵
  PID:8132
- C:\Windows\System\ejpQNaJ.exe
  C:\Windows\System\ejpQNaJ.exe
  2⤵
  PID:8044
- C:\Windows\System\UgSxvVd.exe
  C:\Windows\System\UgSxvVd.exe
  2⤵
  PID:7264
- C:\Windows\System\AsaWfJW.exe
  C:\Windows\System\AsaWfJW.exe
  2⤵
  PID:7380
- C:\Windows\System\ftUgPHI.exe
  C:\Windows\System\ftUgPHI.exe
  2⤵
  PID:4700
- C:\Windows\System\FABqaLI.exe
  C:\Windows\System\FABqaLI.exe
  2⤵
  PID:7964
- C:\Windows\System\gWFmyZN.exe
  C:\Windows\System\gWFmyZN.exe
  2⤵
  PID:8204
- C:\Windows\System\tKQjjnS.exe
  C:\Windows\System\tKQjjnS.exe
  2⤵
  PID:8220
- C:\Windows\System\xrvluCd.exe
  C:\Windows\System\xrvluCd.exe
  2⤵
  PID:8276
- C:\Windows\System\tUeumde.exe
  C:\Windows\System\tUeumde.exe
  2⤵
  PID:8296
- C:\Windows\System\QGtReXB.exe
  C:\Windows\System\QGtReXB.exe
  2⤵
  PID:8336
- C:\Windows\System\yzQTIbj.exe
  C:\Windows\System\yzQTIbj.exe
  2⤵
  PID:8352
- C:\Windows\System\YVFAbsh.exe
  C:\Windows\System\YVFAbsh.exe
  2⤵
  PID:8372
- C:\Windows\System\ZBMiFbP.exe
  C:\Windows\System\ZBMiFbP.exe
  2⤵
  PID:8388
- C:\Windows\System\zcHcOqc.exe
  C:\Windows\System\zcHcOqc.exe
  2⤵
  PID:8408
- C:\Windows\System\hpWszPQ.exe
  C:\Windows\System\hpWszPQ.exe
  2⤵
  PID:8424
- C:\Windows\System\AVRPjuf.exe
  C:\Windows\System\AVRPjuf.exe
  2⤵
  PID:8444
- C:\Windows\System\QNIDFbF.exe
  C:\Windows\System\QNIDFbF.exe
  2⤵
  PID:8468
- C:\Windows\System\MUkxiwW.exe
  C:\Windows\System\MUkxiwW.exe
  2⤵
  PID:8484
- C:\Windows\System\rkCRZfV.exe
  C:\Windows\System\rkCRZfV.exe
  2⤵
  PID:8504
- C:\Windows\System\kQTUvLB.exe
  C:\Windows\System\kQTUvLB.exe
  2⤵
  PID:8524
- C:\Windows\System\QmAoApM.exe
  C:\Windows\System\QmAoApM.exe
  2⤵
  PID:8544
- C:\Windows\System\SPFEwgM.exe
  C:\Windows\System\SPFEwgM.exe
  2⤵
  PID:8568
- C:\Windows\System\AXXwmIp.exe
  C:\Windows\System\AXXwmIp.exe
  2⤵
  PID:8596
- C:\Windows\System\cNXvSWv.exe
  C:\Windows\System\cNXvSWv.exe
  2⤵
  PID:8616
- C:\Windows\System\MyCDbEk.exe
  C:\Windows\System\MyCDbEk.exe
  2⤵
  PID:8636
- C:\Windows\System\BJlJxea.exe
  C:\Windows\System\BJlJxea.exe
  2⤵
  PID:8656
- C:\Windows\System\FKTSUEV.exe
  C:\Windows\System\FKTSUEV.exe
  2⤵
  PID:8676
- C:\Windows\System\yMnQnAN.exe
  C:\Windows\System\yMnQnAN.exe
  2⤵
  PID:8692
- C:\Windows\System\AgvHAaq.exe
  C:\Windows\System\AgvHAaq.exe
  2⤵
  PID:8708
- C:\Windows\System\fVKOcXQ.exe
  C:\Windows\System\fVKOcXQ.exe
  2⤵
  PID:8732
- C:\Windows\System\WptLDwA.exe
  C:\Windows\System\WptLDwA.exe
  2⤵
  PID:8752
- C:\Windows\System\oAHkFqr.exe
  C:\Windows\System\oAHkFqr.exe
  2⤵
  PID:8776
- C:\Windows\System\ffXQYLC.exe
  C:\Windows\System\ffXQYLC.exe
  2⤵
  PID:8796
- C:\Windows\System\FSYFZLl.exe
  C:\Windows\System\FSYFZLl.exe
  2⤵
  PID:8820
- C:\Windows\System\dYPDDXX.exe
  C:\Windows\System\dYPDDXX.exe
  2⤵
  PID:8836
- C:\Windows\System\Kvyxiht.exe
  C:\Windows\System\Kvyxiht.exe
  2⤵
  PID:8852
- C:\Windows\System\MtLvXFt.exe
  C:\Windows\System\MtLvXFt.exe
  2⤵
  PID:8872
- C:\Windows\System\VwsxEFU.exe
  C:\Windows\System\VwsxEFU.exe
  2⤵
  PID:8904
- C:\Windows\System\yYSTJHS.exe
  C:\Windows\System\yYSTJHS.exe
  2⤵
  PID:8920
- C:\Windows\System\duYugCe.exe
  C:\Windows\System\duYugCe.exe
  2⤵
  PID:8948
- C:\Windows\System\nOlKjsM.exe
  C:\Windows\System\nOlKjsM.exe
  2⤵
  PID:8968
- C:\Windows\System\RhYSKDE.exe
  C:\Windows\System\RhYSKDE.exe
  2⤵
  PID:8984
- C:\Windows\System\fzMnvaP.exe
  C:\Windows\System\fzMnvaP.exe
  2⤵
  PID:9000
- C:\Windows\System\xDCiJtS.exe
  C:\Windows\System\xDCiJtS.exe
  2⤵
  PID:9024
- C:\Windows\System\QKpmivf.exe
  C:\Windows\System\QKpmivf.exe
  2⤵
  PID:9040
- C:\Windows\System\KyFQgeO.exe
  C:\Windows\System\KyFQgeO.exe
  2⤵
  PID:9060
- C:\Windows\System\hmGxwJy.exe
  C:\Windows\System\hmGxwJy.exe
  2⤵
  PID:9080
- C:\Windows\System\vBTPqDG.exe
  C:\Windows\System\vBTPqDG.exe
  2⤵
  PID:9100
- C:\Windows\System\JxavlAp.exe
  C:\Windows\System\JxavlAp.exe
  2⤵
  PID:9116
- C:\Windows\System\JHIoinh.exe
  C:\Windows\System\JHIoinh.exe
  2⤵
  PID:9136
- C:\Windows\System\NTnaONx.exe
  C:\Windows\System\NTnaONx.exe
  2⤵
  PID:9156
- C:\Windows\System\smsbNlQ.exe
  C:\Windows\System\smsbNlQ.exe
  2⤵
  PID:9172
- C:\Windows\System\OtMdplt.exe
  C:\Windows\System\OtMdplt.exe
  2⤵
  PID:9208
- C:\Windows\System\qiiwVqx.exe
  C:\Windows\System\qiiwVqx.exe
  2⤵
  PID:7392
- C:\Windows\System\kQHuQdw.exe
  C:\Windows\System\kQHuQdw.exe
  2⤵
  PID:7800
- C:\Windows\System\DWSCTcm.exe
  C:\Windows\System\DWSCTcm.exe
  2⤵
  PID:8032
- C:\Windows\System\eJVLZIZ.exe
  C:\Windows\System\eJVLZIZ.exe
  2⤵
  PID:8236
- C:\Windows\System\OLSHGxz.exe
  C:\Windows\System\OLSHGxz.exe
  2⤵
  PID:8064
- C:\Windows\System\tftOWMG.exe
  C:\Windows\System\tftOWMG.exe
  2⤵
  PID:7700
- C:\Windows\System\zSNMXlb.exe
  C:\Windows\System\zSNMXlb.exe
  2⤵
  PID:8084
- C:\Windows\System\YgbiXNI.exe
  C:\Windows\System\YgbiXNI.exe
  2⤵
  PID:8180
- C:\Windows\System\FUbjPFV.exe
  C:\Windows\System\FUbjPFV.exe
  2⤵
  PID:7328
- C:\Windows\System\dZGEJgP.exe
  C:\Windows\System\dZGEJgP.exe
  2⤵
  PID:8248
- C:\Windows\System\yNYFoEH.exe
  C:\Windows\System\yNYFoEH.exe
  2⤵
  PID:8260
- C:\Windows\System\zmoXvnQ.exe
  C:\Windows\System\zmoXvnQ.exe
  2⤵
  PID:8332
- C:\Windows\System\lDyCKvN.exe
  C:\Windows\System\lDyCKvN.exe
  2⤵
  PID:8368
- C:\Windows\System\kRJQKHk.exe
  C:\Windows\System\kRJQKHk.exe
  2⤵
  PID:8456
- C:\Windows\System\YpbXgdT.exe
  C:\Windows\System\YpbXgdT.exe
  2⤵
  PID:8500
- C:\Windows\System\JOcrrHh.exe
  C:\Windows\System\JOcrrHh.exe
  2⤵
  PID:8432
- C:\Windows\System\WUzBgVC.exe
  C:\Windows\System\WUzBgVC.exe
  2⤵
  PID:8512
- C:\Windows\System\ivXrIIb.exe
  C:\Windows\System\ivXrIIb.exe
  2⤵
  PID:8560
- C:\Windows\System\nuVfZYI.exe
  C:\Windows\System\nuVfZYI.exe
  2⤵
  PID:8592
- C:\Windows\System\KTHDVZv.exe
  C:\Windows\System\KTHDVZv.exe
  2⤵
  PID:8624
- C:\Windows\System\uuKDQtq.exe
  C:\Windows\System\uuKDQtq.exe
  2⤵
  PID:8664
- C:\Windows\System\LCGNFAn.exe
  C:\Windows\System\LCGNFAn.exe
  2⤵
  PID:8700
- C:\Windows\System\qPzdzca.exe
  C:\Windows\System\qPzdzca.exe
  2⤵
  PID:8688
- C:\Windows\System\EreQefy.exe
  C:\Windows\System\EreQefy.exe
  2⤵
  PID:8760
- C:\Windows\System\TuJdilY.exe
  C:\Windows\System\TuJdilY.exe
  2⤵
  PID:8784
- C:\Windows\System\EVdczBu.exe
  C:\Windows\System\EVdczBu.exe
  2⤵
  PID:8812
- C:\Windows\System\YbMBBmF.exe
  C:\Windows\System\YbMBBmF.exe
  2⤵
  PID:8832
- C:\Windows\System\DexAEGx.exe
  C:\Windows\System\DexAEGx.exe
  2⤵
  PID:8848
- C:\Windows\System\MwnvHfZ.exe
  C:\Windows\System\MwnvHfZ.exe
  2⤵
  PID:8900
- C:\Windows\System\RCbYonn.exe
  C:\Windows\System\RCbYonn.exe
  2⤵
  PID:8932
- C:\Windows\System\FbjlPTv.exe
  C:\Windows\System\FbjlPTv.exe
  2⤵
  PID:8980
- C:\Windows\System\RuMfkwc.exe
  C:\Windows\System\RuMfkwc.exe
  2⤵
  PID:9036
- C:\Windows\System\qTdZOGu.exe
  C:\Windows\System\qTdZOGu.exe
  2⤵
  PID:9108
- C:\Windows\System\pcrRYoc.exe
  C:\Windows\System\pcrRYoc.exe
  2⤵
  PID:9148
- C:\Windows\System\suEulma.exe
  C:\Windows\System\suEulma.exe
  2⤵
  PID:9192
- C:\Windows\System\PpQbqlZ.exe
  C:\Windows\System\PpQbqlZ.exe
  2⤵
  PID:9052
- C:\Windows\System\FZZHbZY.exe
  C:\Windows\System\FZZHbZY.exe
  2⤵
  PID:9096
- C:\Windows\System\ZbIBuwy.exe
  C:\Windows\System\ZbIBuwy.exe
  2⤵
  PID:8228
- C:\Windows\System\DNmwYky.exe
  C:\Windows\System\DNmwYky.exe
  2⤵
  PID:7284
- C:\Windows\System\yIVlHwr.exe
  C:\Windows\System\yIVlHwr.exe
  2⤵
  PID:8268
- C:\Windows\System\EjZfAEw.exe
  C:\Windows\System\EjZfAEw.exe
  2⤵
  PID:8256
- C:\Windows\System\eokFqZm.exe
  C:\Windows\System\eokFqZm.exe
  2⤵
  PID:7724
- C:\Windows\System\rBpMgKa.exe
  C:\Windows\System\rBpMgKa.exe
  2⤵
  PID:8240
- C:\Windows\System\GtEYVqZ.exe
  C:\Windows\System\GtEYVqZ.exe
  2⤵
  PID:8380
- C:\Windows\System\XWVZKFk.exe
  C:\Windows\System\XWVZKFk.exe
  2⤵
  PID:8400
- C:\Windows\System\IKMtlgs.exe
  C:\Windows\System\IKMtlgs.exe
  2⤵
  PID:8492
- C:\Windows\System\tZlSkWQ.exe
  C:\Windows\System\tZlSkWQ.exe
  2⤵
  PID:8476
- C:\Windows\System\oCeREZq.exe
  C:\Windows\System\oCeREZq.exe
  2⤵
  PID:8940
- C:\Windows\System\CkNoFbd.exe
  C:\Windows\System\CkNoFbd.exe
  2⤵
  PID:8612
- C:\Windows\System\Yurzcmt.exe
  C:\Windows\System\Yurzcmt.exe
  2⤵
  PID:8668
- C:\Windows\System\OrRcqWF.exe
  C:\Windows\System\OrRcqWF.exe
  2⤵
  PID:8644
- C:\Windows\System\ERzIMQC.exe
  C:\Windows\System\ERzIMQC.exe
  2⤵
  PID:8716
- C:\Windows\System\WnshzVa.exe
  C:\Windows\System\WnshzVa.exe
  2⤵
  PID:8884
- C:\Windows\System\RGCHMzo.exe
  C:\Windows\System\RGCHMzo.exe
  2⤵
  PID:8628
- C:\Windows\System\ImhOUSp.exe
  C:\Windows\System\ImhOUSp.exe
  2⤵
  PID:8888
- C:\Windows\System\IycTNig.exe
  C:\Windows\System\IycTNig.exe
  2⤵
  PID:9128
- C:\Windows\System\uPfLJPj.exe
  C:\Windows\System\uPfLJPj.exe
  2⤵
  PID:9188
- C:\Windows\System\XezrUvZ.exe
  C:\Windows\System\XezrUvZ.exe
  2⤵
  PID:8960
- C:\Windows\System\rbWktgt.exe
  C:\Windows\System\rbWktgt.exe
  2⤵
  PID:9076
- C:\Windows\System\OgBYTqB.exe
  C:\Windows\System\OgBYTqB.exe
  2⤵
  PID:7436
- C:\Windows\System\CYlKpwG.exe
  C:\Windows\System\CYlKpwG.exe
  2⤵
  PID:8156
- C:\Windows\System\tQGZAlL.exe
  C:\Windows\System\tQGZAlL.exe
  2⤵
  PID:7632
- C:\Windows\System\cLoRGlT.exe
  C:\Windows\System\cLoRGlT.exe
  2⤵
  PID:7636
- C:\Windows\System\msDtBcy.exe
  C:\Windows\System\msDtBcy.exe
  2⤵
  PID:8348
- C:\Windows\System\gYRpjfO.exe
  C:\Windows\System\gYRpjfO.exe
  2⤵
  PID:8496
- C:\Windows\System\qvLGkBW.exe
  C:\Windows\System\qvLGkBW.exe
  2⤵
  PID:8440
- C:\Windows\System\FFyxhnV.exe
  C:\Windows\System\FFyxhnV.exe
  2⤵
  PID:8684
- C:\Windows\System\gdEWFWo.exe
  C:\Windows\System\gdEWFWo.exe
  2⤵
  PID:8768
- C:\Windows\System\WmuuYkN.exe
  C:\Windows\System\WmuuYkN.exe
  2⤵
  PID:8864
- C:\Windows\System\WMPkxYV.exe
  C:\Windows\System\WMPkxYV.exe
  2⤵
  PID:9152
- C:\Windows\System\oMeDZjq.exe
  C:\Windows\System\oMeDZjq.exe
  2⤵
  PID:8944
- C:\Windows\System\zBmbkRU.exe
  C:\Windows\System\zBmbkRU.exe
  2⤵
  PID:7936
- C:\Windows\System\yTDbUvK.exe
  C:\Windows\System\yTDbUvK.exe
  2⤵
  PID:8532
- C:\Windows\System\onkrUBK.exe
  C:\Windows\System\onkrUBK.exe
  2⤵
  PID:9008
- C:\Windows\System\ZZCTUJJ.exe
  C:\Windows\System\ZZCTUJJ.exe
  2⤵
  PID:8420
- C:\Windows\System\IZnTAZf.exe
  C:\Windows\System\IZnTAZf.exe
  2⤵
  PID:8552
- C:\Windows\System\hPZaFXD.exe
  C:\Windows\System\hPZaFXD.exe
  2⤵
  PID:9164
- C:\Windows\System\htBPPng.exe
  C:\Windows\System\htBPPng.exe
  2⤵
  PID:8648
- C:\Windows\System\aTiZBew.exe
  C:\Windows\System\aTiZBew.exe
  2⤵
  PID:8720
- C:\Windows\System\gFOTAaL.exe
  C:\Windows\System\gFOTAaL.exe
  2⤵
  PID:9184
- C:\Windows\System\VGSNESK.exe
  C:\Windows\System\VGSNESK.exe
  2⤵
  PID:2508
- C:\Windows\System\RdWqItd.exe
  C:\Windows\System\RdWqItd.exe
  2⤵
  PID:8216
- C:\Windows\System\Zgtdqvm.exe
  C:\Windows\System\Zgtdqvm.exe
  2⤵
  PID:8584
- C:\Windows\System\YxdXDCD.exe
  C:\Windows\System\YxdXDCD.exe
  2⤵
  PID:8928
- C:\Windows\System\eLLcFLQ.exe
  C:\Windows\System\eLLcFLQ.exe
  2⤵
  PID:8792
- C:\Windows\System\VPlacWS.exe
  C:\Windows\System\VPlacWS.exe
  2⤵
  PID:8956
- C:\Windows\System\rTrxYfP.exe
  C:\Windows\System\rTrxYfP.exe
  2⤵
  PID:9072
- C:\Windows\System\RHzvXXG.exe
  C:\Windows\System\RHzvXXG.exe
  2⤵
  PID:7916
- C:\Windows\System\bDnDhrr.exe
  C:\Windows\System\bDnDhrr.exe
  2⤵
  PID:8308
- C:\Windows\System\ywqXEjS.exe
  C:\Windows\System\ywqXEjS.exe
  2⤵
  PID:8576
- C:\Windows\System\AYfbFgz.exe
  C:\Windows\System\AYfbFgz.exe
  2⤵
  PID:8556
- C:\Windows\System\mzjJlrU.exe
  C:\Windows\System\mzjJlrU.exe
  2⤵
  PID:9240
- C:\Windows\System\bBCkgSM.exe
  C:\Windows\System\bBCkgSM.exe
  2⤵
  PID:9256
- C:\Windows\System\gohAVSw.exe
  C:\Windows\System\gohAVSw.exe
  2⤵
  PID:9276
- C:\Windows\System\MjPBYfL.exe
  C:\Windows\System\MjPBYfL.exe
  2⤵
  PID:9296
- C:\Windows\System\DwngoWB.exe
  C:\Windows\System\DwngoWB.exe
  2⤵
  PID:9312
- C:\Windows\System\DiCCbdD.exe
  C:\Windows\System\DiCCbdD.exe
  2⤵
  PID:9328
- C:\Windows\System\vclcXGI.exe
  C:\Windows\System\vclcXGI.exe
  2⤵
  PID:9344
- C:\Windows\System\NaGNrXh.exe
  C:\Windows\System\NaGNrXh.exe
  2⤵
  PID:9364
- C:\Windows\System\xIbInsZ.exe
  C:\Windows\System\xIbInsZ.exe
  2⤵
  PID:9380
- C:\Windows\System\sCkbegD.exe
  C:\Windows\System\sCkbegD.exe
  2⤵
  PID:9396
- C:\Windows\System\igShWZW.exe
  C:\Windows\System\igShWZW.exe
  2⤵
  PID:9420
- C:\Windows\System\ZoJmMfo.exe
  C:\Windows\System\ZoJmMfo.exe
  2⤵
  PID:9440
- C:\Windows\System\fhiNurl.exe
  C:\Windows\System\fhiNurl.exe
  2⤵
  PID:9468
- C:\Windows\System\xyBNCbm.exe
  C:\Windows\System\xyBNCbm.exe
  2⤵
  PID:9484
- C:\Windows\System\rdClSVh.exe
  C:\Windows\System\rdClSVh.exe
  2⤵
  PID:9504
- C:\Windows\System\GFgJmUW.exe
  C:\Windows\System\GFgJmUW.exe
  2⤵
  PID:9520
- C:\Windows\System\JdqVAjD.exe
  C:\Windows\System\JdqVAjD.exe
  2⤵
  PID:9540
- C:\Windows\System\jyyVfMc.exe
  C:\Windows\System\jyyVfMc.exe
  2⤵
  PID:9588
- C:\Windows\System\LIzAszs.exe
  C:\Windows\System\LIzAszs.exe
  2⤵
  PID:9604
- C:\Windows\System\ryHptDp.exe
  C:\Windows\System\ryHptDp.exe
  2⤵
  PID:9624
- C:\Windows\System\powvhAk.exe
  C:\Windows\System\powvhAk.exe
  2⤵
  PID:9648
- C:\Windows\System\jvmQQDo.exe
  C:\Windows\System\jvmQQDo.exe
  2⤵
  PID:9668
- C:\Windows\System\cYvdaRi.exe
  C:\Windows\System\cYvdaRi.exe
  2⤵
  PID:9684
- C:\Windows\System\iffiicn.exe
  C:\Windows\System\iffiicn.exe
  2⤵
  PID:9700
- C:\Windows\System\KDRQTPM.exe
  C:\Windows\System\KDRQTPM.exe
  2⤵
  PID:9720
- C:\Windows\System\FXAjwnI.exe
  C:\Windows\System\FXAjwnI.exe
  2⤵
  PID:9736
- C:\Windows\System\SDurIWg.exe
  C:\Windows\System\SDurIWg.exe
  2⤵
  PID:9752
- C:\Windows\System\OmzVffp.exe
  C:\Windows\System\OmzVffp.exe
  2⤵
  PID:9788
- C:\Windows\System\yyeCMsG.exe
  C:\Windows\System\yyeCMsG.exe
  2⤵
  PID:9804
- C:\Windows\System\qdWTlxP.exe
  C:\Windows\System\qdWTlxP.exe
  2⤵
  PID:9820
- C:\Windows\System\ofYXNwK.exe
  C:\Windows\System\ofYXNwK.exe
  2⤵
  PID:9840
- C:\Windows\System\jojcpHY.exe
  C:\Windows\System\jojcpHY.exe
  2⤵
  PID:9856
- C:\Windows\System\zreGSds.exe
  C:\Windows\System\zreGSds.exe
  2⤵
  PID:9876
- C:\Windows\System\OySSEpI.exe
  C:\Windows\System\OySSEpI.exe
  2⤵
  PID:9892
- C:\Windows\System\CcnxoWk.exe
  C:\Windows\System\CcnxoWk.exe
  2⤵
  PID:9928
- C:\Windows\System\WiDqmNX.exe
  C:\Windows\System\WiDqmNX.exe
  2⤵
  PID:9948
- C:\Windows\System\MtOglSv.exe
  C:\Windows\System\MtOglSv.exe
  2⤵
  PID:9968
- C:\Windows\System\DtFaHhj.exe
  C:\Windows\System\DtFaHhj.exe
  2⤵
  PID:9988
- C:\Windows\System\xfHIVaJ.exe
  C:\Windows\System\xfHIVaJ.exe
  2⤵
  PID:10008
- C:\Windows\System\szScGfM.exe
  C:\Windows\System\szScGfM.exe
  2⤵
  PID:10028
- C:\Windows\System\iUrNvaN.exe
  C:\Windows\System\iUrNvaN.exe
  2⤵
  PID:10048
- C:\Windows\System\TWoIzjB.exe
  C:\Windows\System\TWoIzjB.exe
  2⤵
  PID:10072
- C:\Windows\System\GcFaKPr.exe
  C:\Windows\System\GcFaKPr.exe
  2⤵
  PID:10088
- C:\Windows\System\YsKxoMX.exe
  C:\Windows\System\YsKxoMX.exe
  2⤵
  PID:10112
- C:\Windows\System\FTInlJU.exe
  C:\Windows\System\FTInlJU.exe
  2⤵
  PID:10128
- C:\Windows\System\LdvbfrS.exe
  C:\Windows\System\LdvbfrS.exe
  2⤵
  PID:10144
- C:\Windows\System\RLWdnNR.exe
  C:\Windows\System\RLWdnNR.exe
  2⤵
  PID:10164
- C:\Windows\System\AFyyKrt.exe
  C:\Windows\System\AFyyKrt.exe
  2⤵
  PID:10184
- C:\Windows\System\VkgQOgV.exe
  C:\Windows\System\VkgQOgV.exe
  2⤵
  PID:10204
- C:\Windows\System\WlkpUIV.exe
  C:\Windows\System\WlkpUIV.exe
  2⤵
  PID:10228
- C:\Windows\System\OlqSGdA.exe
  C:\Windows\System\OlqSGdA.exe
  2⤵
  PID:9232
- C:\Windows\System\jCkmHTF.exe
  C:\Windows\System\jCkmHTF.exe
  2⤵
  PID:8284
- C:\Windows\System\cuDtxSO.exe
  C:\Windows\System\cuDtxSO.exe
  2⤵
  PID:9340
- C:\Windows\System\ArOWGsF.exe
  C:\Windows\System\ArOWGsF.exe
  2⤵
  PID:9408
- C:\Windows\System\uUMzBmw.exe
  C:\Windows\System\uUMzBmw.exe
  2⤵
  PID:9416
- C:\Windows\System\sbGMNfv.exe
  C:\Windows\System\sbGMNfv.exe
  2⤵
  PID:9360
- C:\Windows\System\ZbkVPde.exe
  C:\Windows\System\ZbkVPde.exe
  2⤵
  PID:9500
- C:\Windows\System\AxeTqYi.exe
  C:\Windows\System\AxeTqYi.exe
  2⤵
  PID:9532
- C:\Windows\System\iJhxVJn.exe
  C:\Windows\System\iJhxVJn.exe
  2⤵
  PID:9248
- C:\Windows\System\ucbPVOq.exe
  C:\Windows\System\ucbPVOq.exe
  2⤵
  PID:9428
- C:\Windows\System\owDOAvP.exe
  C:\Windows\System\owDOAvP.exe
  2⤵
  PID:9556
- C:\Windows\System\nsjZlSh.exe
  C:\Windows\System\nsjZlSh.exe
  2⤵
  PID:9552
- C:\Windows\System\VwyccAj.exe
  C:\Windows\System\VwyccAj.exe
  2⤵
  PID:9600
- C:\Windows\System\wBUrDAX.exe
  C:\Windows\System\wBUrDAX.exe
  2⤵
  PID:9636
- C:\Windows\System\FAqXwBX.exe
  C:\Windows\System\FAqXwBX.exe
  2⤵
  PID:9676
- C:\Windows\System\kMcTdEF.exe
  C:\Windows\System\kMcTdEF.exe
  2⤵
  PID:9696
- C:\Windows\System\jWEUFOd.exe
  C:\Windows\System\jWEUFOd.exe
  2⤵
  PID:9764
- C:\Windows\System\WJxPovI.exe
  C:\Windows\System\WJxPovI.exe
  2⤵
  PID:9780
- C:\Windows\System\pHFgEEA.exe
  C:\Windows\System\pHFgEEA.exe
  2⤵
  PID:9828
- C:\Windows\System\wlFbaDv.exe
  C:\Windows\System\wlFbaDv.exe
  2⤵
  PID:9812
- C:\Windows\System\sFymKpJ.exe
  C:\Windows\System\sFymKpJ.exe
  2⤵
  PID:9816
- C:\Windows\System\BqJlCOw.exe
  C:\Windows\System\BqJlCOw.exe
  2⤵
  PID:9912
- C:\Windows\System\MLIeKYU.exe
  C:\Windows\System\MLIeKYU.exe
  2⤵
  PID:9936
- C:\Windows\System\ZhiSwOf.exe
  C:\Windows\System\ZhiSwOf.exe
  2⤵
  PID:9960
- C:\Windows\System\bsFGVUy.exe
  C:\Windows\System\bsFGVUy.exe
  2⤵
  PID:10004
- C:\Windows\System\JxirpeP.exe
  C:\Windows\System\JxirpeP.exe
  2⤵
  PID:10036
- C:\Windows\System\BMRUVcx.exe
  C:\Windows\System\BMRUVcx.exe
  2⤵
  PID:10064
- C:\Windows\System\SEGfPII.exe
  C:\Windows\System\SEGfPII.exe
  2⤵
  PID:10120
- C:\Windows\System\vznEtVK.exe
  C:\Windows\System\vznEtVK.exe
  2⤵
  PID:10152
- C:\Windows\System\ddwudXk.exe
  C:\Windows\System\ddwudXk.exe
  2⤵
  PID:10176
- C:\Windows\System\oOdaxlw.exe
  C:\Windows\System\oOdaxlw.exe
  2⤵
  PID:10216
- C:\Windows\System\RpKnIqV.exe
  C:\Windows\System\RpKnIqV.exe
  2⤵
  PID:10236
- C:\Windows\System\KOLMDUn.exe
  C:\Windows\System\KOLMDUn.exe
  2⤵
  PID:9228
- C:\Windows\System\bwwXXEz.exe
  C:\Windows\System\bwwXXEz.exe
  2⤵
  PID:9272
- C:\Windows\System\BotCSLI.exe
  C:\Windows\System\BotCSLI.exe
  2⤵
  PID:9320
- C:\Windows\System\IadRyBX.exe
  C:\Windows\System\IadRyBX.exe
  2⤵
  PID:9252
- C:\Windows\System\WlTxNDr.exe
  C:\Windows\System\WlTxNDr.exe
  2⤵
  PID:9480
- C:\Windows\System\PnSKoQH.exe
  C:\Windows\System\PnSKoQH.exe
  2⤵
  PID:9564
- C:\Windows\System\zsxQDrd.exe
  C:\Windows\System\zsxQDrd.exe
  2⤵
  PID:9436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BuXzAfB.exe

Filesize
6.0MB

MD5
2861ca9797d8a99158538379a7fd5c30

SHA1
7814de57d6c06e853d61595f94e491abf0bbafe6

SHA256
be8b713897a1cc9ad76186cec9b0b2b9be8771a1515f3c5612da3f4eeb95d76d

SHA512
3d445c7ad6a22e67f619fbc4d4461dbd4907cb5b7f9cbe7089a3e0519db99acea222eaca63e2ef9d00ffc151da6d7bd0830cb457a98d74001e0f42a613eab719

Download Submit
C:\Windows\system\EmDbcjo.exe

Filesize
6.0MB

MD5
392ebf8a92ef810322f5853865fb9b8f

SHA1
d92ff1e6a0965089b5196a1233c8da767ec840b7

SHA256
74cc16c385e2eeed788c611f396970892b59666546ba66dd61a05bd173284902

SHA512
24f54fbcc0b4398daaa0c597e1d7d544c2693650c8f799968e22b24fef01ed7d73d23307e52494511f0424dc2b5054232ee183363f35f6f51912561d8d3fb3af

Download Submit
C:\Windows\system\EtfEKTD.exe

Filesize
6.0MB

MD5
7b618f69e357beb0ab41db972de5efe7

SHA1
d22e417aab80868391a1dccb41c044dd869af75e

SHA256
3f4db3aadeeb4578faf9d6c10048a16f851b60772452d271e99ff7375c228aa0

SHA512
5395dcd02067dd10bd0cafe7b8b04c01405ca96c8142cf75a5f087573c4913059f84f8127d7923b25e318860e4143127865bfe82281ceae47b6bd2aac9b8622e

Download Submit
C:\Windows\system\FPDcdPx.exe

Filesize
6.0MB

MD5
a57913b2fefde9f33c0875e319ea0e17

SHA1
0fab9fbd2f0dace503c0492ceab9d8d6ab5ce37e

SHA256
6eb4e678eb571af1c8040a543e1f0483bed15a4abe6fe330f2f086a9e3612bcf

SHA512
97c21b118e234e11df652181eecb4dcb4cfc4c93a964641e81d3c9d44130a7073d1e8362bf84f616f633468533237ec72a11cd3e18250c4a782e0a1f0f74d834

Download Submit
C:\Windows\system\FfuzyRE.exe

Filesize
6.0MB

MD5
cfa20c9ceadd9637e4e85bbcfd2ed109

SHA1
90e3e53599713ed7e84f3773e91b02776c3f3495

SHA256
8a20972b7759c16de7ea1e82241103f976a459421aa7f5d1578bc1edbc4f5e1a

SHA512
f9a53ec041a34e7d5095fc3ce1c01a922313d935db848eadd3569d75d60daff783259cb8f4ce2b1495ef631f53978d37d37578db6c5db557ab36a3e1a59de96e

Download Submit
C:\Windows\system\HBNzqNg.exe

Filesize
6.0MB

MD5
5e51a12c0e25c7d0ddf2cb17f26d9f0d

SHA1
e4aefe5df4ba81cec8770158f176b9a290f807d8

SHA256
bb06a9dd4bb2c63298c6641cb56e3d1ecfd2bb31a1b0c76ef0f108ac26830c37

SHA512
66f25aefc2a0a3c215178e23df47a58605c83b823387deaf1c625e0b07aff4d3b63b5b46aed0895401d5103ebfd5aafa5a7635cc2287c05a5e6473fd9a3907de

Download Submit
C:\Windows\system\KkCgUWv.exe

Filesize
6.0MB

MD5
71867a7e7d57eb455be8b7b702322808

SHA1
28077907194ad374d71c8baa8ce5b16bf2a6e91a

SHA256
9094296f82060f08b0fea64fcaeb003c6e7f8b25c640688c90b0c357e20a07fc

SHA512
a55bbf1a60ce25195ac88328a07cb2c536a7137473cbd519d7571d7eea4a70c841b4237ab5d26421b517b5e579b2061f08d621ac5d8d741fcec1fd46a0d06800

Download Submit
C:\Windows\system\KxOEADt.exe

Filesize
6.0MB

MD5
7aa8aad5ede56dbfe020d381eaeea582

SHA1
1d05f637cbd6af0006c77d63c42e43f47455c942

SHA256
049f711ae62b7ca10c99ed91ce8446dc34203eb6a7227a3f92ec9e3b72135509

SHA512
99400ce845bd2633ecaf7eff7538b717bf12690ba9e3fe57b77327c895b2e61b1b5f536033d92fa25e5fcb82d2af328159e20a18f886a7a5750b29c59298ea51

Download Submit
C:\Windows\system\SGHYRCh.exe

Filesize
6.0MB

MD5
7ce6aa4e980b5ef7af2c151d38454b0c

SHA1
eb5d323ad668e00369054ac35561065a065d1092

SHA256
dd18e779b593fedfc5c71ba1be9561978e9030451552fd4415b32829d927d6c2

SHA512
dee05148a44c245487f7fec5a6b01eebb4533799b967ca2144064d510439f758c106be5eb71c23e1079cdd4a3bd29aa93bddf16f5f6bb392129cfae3df7ca1cf

Download Submit
C:\Windows\system\TVRMaLc.exe

Filesize
8B

MD5
e43210ed139c756a3013f159162eeb92

SHA1
c5860e5a10f9f6b367d346b4f9f29fd0ebb41758

SHA256
a14a04ca0fb548b59c6acc8b2b243205f0ea3e218ce754671454c8efbe5ec119

SHA512
9f4a62fee511a50835f1168f8a7db5362df06f045fb657600c9818030c54d62dfec5ddb65f55c67ec2865142dd0a9e6bd842228c8820dcb64412580475aab4e1

Download Submit
C:\Windows\system\VNbyrhS.exe

Filesize
6.0MB

MD5
05938cb4c11027402f404d46b931528c

SHA1
fd4afcfe6daa1d76141ac8aef392ad2556801a3d

SHA256
209b84fa7e2e730e2a50597ab14bcf4bc5655e0be4cc49961544837151cd5080

SHA512
66fe3a9aa0a64ab43f703d42f557708a9273bbc7733b2c931dedc7a02f9ea74ea3f09d7e485f77616a91d75269fa25f50c77b3fef692114009c40143130c9d4a

Download Submit
C:\Windows\system\VwaZqAd.exe

Filesize
6.0MB

MD5
08ceb9a5f34373c6f0132048ce7d3f28

SHA1
ee5e10cc932b1812cc43cb049e3145396b0490db

SHA256
5f09a47bc2e77a002aeccf7b91029d103fb7cc705c65ba324bdb25d4412c47ad

SHA512
1b664ffff69a236c3acc8caa015654fe3f6b572c5baa9c95dbbd8544c70d124423516a4286e228e3cb460a81d344c8eabdd7068b3d7947ac2a91e9d8cffbee7a

Download Submit
C:\Windows\system\WUStfSF.exe

Filesize
6.0MB

MD5
e1799c1eb542058fade1629181d78f0c

SHA1
e80f983287a235271be76501805e760dab35fbc9

SHA256
2e74b4b6814fb5b2a136e942916d750d40533d8866ad9d4215d6ca229e70241d

SHA512
52f90c1a015c211c5a1e2aa9e31f2bf7a0d3cd7eb1016e3f6c1ad514cf599af4a2a123321d6e70078d770c1c245e92ea49a3499121f9f185cf08c55c689dbb13

Download Submit
C:\Windows\system\WobYclQ.exe

Filesize
6.0MB

MD5
30ca850fba5228b438129fcfc867e19b

SHA1
dead19cf49decfba7afa29bd3013718e0cec07a6

SHA256
8a8d477fde46d99abc776440e662b86476bca9a8e6b05580a0795587e0e88f66

SHA512
b35dad800c040600617a5c027f997552d51aa6481064ba7d90149664f4a345bf0955af0e4b0c2bd940fb5737004265df22811a1b5aa10ee2ecf15feaae8f7447

Download Submit
C:\Windows\system\YqiheAj.exe

Filesize
6.0MB

MD5
7cd3b1ae7f23161e8e9158d1e309bb0d

SHA1
a7e1a212f9f59ae93e45e838575e53eaae0a8d58

SHA256
c8332a96222245d3bfc3558a8d61581f431d5f477f57ae08062628c908ef8da7

SHA512
d114dc445f4043f6c6aa038688697788ce47af7a60941f87c95795b452d88a95d7a69181159f4752a0d2e4a888050966b7d5ac18ef84da58da0926502ccfcadf

Download Submit
C:\Windows\system\aypjNnp.exe

Filesize
6.0MB

MD5
523b3ad71a2ff748d3cf3a08807ebe72

SHA1
a5123b60fef30b30f4449d7728468de85437b144

SHA256
574282e6fd6b1ccbad7916223350c11623d87f80d08f92405e583a3796b23f33

SHA512
b42dc42ec7edb2fcd60d2f206c575120c8d2fb99d968d05b74a20bed4d1215210434beedcd721b8982505619321e1c27f72e31de82577234c1e487c7d87891c3

Download Submit
C:\Windows\system\bskascj.exe

Filesize
6.0MB

MD5
eed17641e8cec7dd052c04f37ee66f10

SHA1
04f94f38e058518e1dec5f8cc708f7721c4b6a3f

SHA256
0928488a61e581173584a66e7a46f3f4185e2cbc19a8262fc31c4950cd791a52

SHA512
cf66841dde16944c787c8c9f971d83f28cd86eed3304883813ee6a7448374da76b3d08509539a8629052ebb2005fc0423d95122465004b5c340f7e4c1edf2788

Download Submit
C:\Windows\system\cfUKAwv.exe

Filesize
6.0MB

MD5
db9a6783709d3f0f7548d90c8644d893

SHA1
23dc34338fd4910e2c2bf39baa4fa13f1bdaced6

SHA256
45cfd88cc60d52def0636b5e67f953fb6c42a06ca8567c7e1f0f49f23f289270

SHA512
1f869d9073f91eba09ea914d3f42c38f5cf150804de3b15923a3a7f040b3510f66c280edafd5ab4bee31b63d237cf84fb409e5d4ed57e527109a68a10ca1561e

Download Submit
C:\Windows\system\dfYAImW.exe

Filesize
6.0MB

MD5
a6704506517cb8f84ebf5d7686215072

SHA1
711f59ec4f6d4cb23c58a8efc9d2c1c3c4e70218

SHA256
bdd434e81baea4cd2a97f0ce7adb7efe92b7b2fb4ee7d1a92faa0f267e246157

SHA512
dbfae9dfa7e6b4a8c8a03926de961f21e07f1a21649bd3f30c31578c3ddd23acb1b7149785a40c5ace3b59344c84b9794d45c6403f86cc3a9a91347019cb5703

Download Submit
C:\Windows\system\ecfZsqB.exe

Filesize
6.0MB

MD5
ed584dff25395911c5ccc301823172b4

SHA1
7ff1717bb769f9ce81dbb26872725ea75fd87f62

SHA256
b550eb3e8ec95280c1598106cb8fc55163ecff966b9bbaf899924082c5ca2a69

SHA512
706e85f5762921cc00e67a611b26a88a30310f7134a9df10e54838c768fb5767bdcdcd6abc6edeb4960919ae0d4fe6434a571a59910d7e85614fec60dfe22a69

Download Submit
C:\Windows\system\gKWhLqd.exe

Filesize
6.0MB

MD5
6a4169b9c369de634132c78ec9400445

SHA1
edd2e51986721dd006cdbcc457d078a11189b1ee

SHA256
b2da9702a1bc43505f6138956890462ae08c09d83058d400aede70958313b785

SHA512
5db3f17602a4504ae312fe5c96945576e18fee7ab3833bd8e6eb3cefb5a29390d59c98c37d3f318ad963803452adffd4e8c86354e57a06392cbb87b6948fba66

Download Submit
C:\Windows\system\hLCvqph.exe

Filesize
6.0MB

MD5
21d9ac5ae8ba640db5d032815aee7b88

SHA1
c9e42ba96607f1ba08ca25c9d340affcbba526e4

SHA256
d36f44934308101466aa58ca34cadf514b2addd8f7eea0ff01387e48e8224bdd

SHA512
1f352aa67711bd88296c94019645013e2c0f80eb56d598846b34a3e79b69bc4d888112f3b794310b82ccd86e532e918bb3b8b321a0237a7375e9c0d813afb275

Download Submit
C:\Windows\system\iOjRRdX.exe

Filesize
6.0MB

MD5
9281f343ae19c15175272983a58d5447

SHA1
945e1b0ed956912efdcf6cd5546b818f5b22abbb

SHA256
101511b8c10e6601632174c8da4182ebcc41056ebbcfda8df652d3ed8dfd9ea1

SHA512
1b5bb5bf37e393ea3fae79969bb607863c0cabb54ad9e92575ff958ceaa515659470478181bd8e89dea56961e44f74c40accc0ae8fc735a78f18224618c6c4f1

Download Submit
C:\Windows\system\iQQQIfM.exe

Filesize
6.0MB

MD5
4d1a54d3b873624fbd0c2fed50842ea3

SHA1
8d91bebe5fcd00f705b5baa579cd4642003ec250

SHA256
9e30c2791122d95f1b9611d746236bea9b37f2ad4c99356d40e7355e7810e858

SHA512
99464e5639eda80abe53a2714c4b6a2fbf784d88bbd52c1b24560a22f038e2069a061a04edde29dae5f3ebe626002b6f5833376bb7c0962eb54674b10b8b7fd3

Download Submit
C:\Windows\system\kNEfDZb.exe

Filesize
6.0MB

MD5
11d92d7fdda8bb0ff5aed905608ffabe

SHA1
da170213b2d96d05f482bf1b71f70cec7dcae11d

SHA256
feba9f471d643fd6105a8588f996ddde1d18de6c5a5f4d28b71e5ed7e7852edb

SHA512
855beb6ac1ff7dd6f5911b650c508c89459c59d4f220e2ede3d3e20c3fdaf78e4b6770dff01f7d9fb932bd949c32d42e461f9939b804fe136b0955cefad52773

Download Submit
C:\Windows\system\mhmtDed.exe

Filesize
6.0MB

MD5
3fdfa06c28181bde166fbc44bf6c8f76

SHA1
27c08e321502d9b5e36eac6f92881323dc6ad63c

SHA256
48bee1a0bd011723ace7655f00fd162e2320ca90cc9a8676ca4d9225257a470a

SHA512
7a01e8cf253a37e43faeebf42c107cc20de3d51ea3d0a8cd968993feccb1b46bb32512bc86c404e4429b35e877b7bfe88542cab074903e50044f84977f1a30ec

Download Submit
C:\Windows\system\mxOZOlU.exe

Filesize
6.0MB

MD5
bc64762b2992f27422ad337adfc5cf93

SHA1
6e3fb02303ac95d4972c8ee73c9eee56defaddf1

SHA256
09f2afacfd5a734aec0ade8dd402558a5498ffee0360de8789ee555b2c2bd301

SHA512
a56e253000025db5fd49234af4ac3491e8a5683f564840c294aecdfbcd48048949858289a0d9f440e94e414ef59fe8c6b7c1a3778eea54c8ce08dcd9469f008c

Download Submit
C:\Windows\system\pTXgLOq.exe

Filesize
6.0MB

MD5
8f1679075f805e044525d5232897d1af

SHA1
462da8a5781f7d5ad7a0879a0b5fa045b435033c

SHA256
9fd8afd37f87e317d9feeeace9cfbe5dd3e2a47f7a32012c7c3c9aa00d179387

SHA512
95d1d748a4d18501e827bb0d86bacb4a5aed0e6510d79bec3718a3e99b4219d733facf657f6be2dbc8ca8c49641dfec54d52b8b3edfafa899ce5450916c22845

Download Submit
C:\Windows\system\rkJbNKR.exe

Filesize
6.0MB

MD5
43c2d46368b6a6c86cb13634db556b58

SHA1
421366cbbb2f53498b3effea024694efad0615ff

SHA256
d26d9ef729714bfcedd7731ead0cc4adfc387a770581c534dfe3f6e360472f25

SHA512
6dec07576dcfe57451282683eeced2c3c4b97121f38c6f6998c15c87d1372661f6f04dad63f42c0371349ae1d48c94500774f08fb61c1bd795e5fdef60177fbe

Download Submit
C:\Windows\system\takSNDv.exe

Filesize
6.0MB

MD5
fba6f5944ba45a1dbd44cd3db54960d1

SHA1
87c9bb737a46c1a2f55ce8d48567e796241df2eb

SHA256
bfdade1a6bdd8067bfb6cdeb908af0c2690df25090881487a0f32809fc8a3dc9

SHA512
841005ac15e3824ea4feabdbabab617fc1f8a5e6f7f7c181aeebc3d02cf2d18ef601883e9a7fc43ea04ba2cf4f2d4945e2489d7e8f245c254c437dfb32d60f28

Download Submit
C:\Windows\system\yZCvXzW.exe

Filesize
6.0MB

MD5
2a1654aea63dadb502112742137896b4

SHA1
52a6aed3cd5ebbfa71f9df1f46c1bce4111d5aaf

SHA256
424750f61aed38e75346e9e5fedd1f6c3f0f3a39b166a3e056c68f4e8a872c18

SHA512
5c07149fac784693e868a0eef864121f481345250342ea77f85edcb3d5512bccc953f9b406017a1ba83fb65a93b93ad53d10bbbd3bbbe01f09704c45abe15d12

Download Submit
\Windows\system\onUeAsj.exe

Filesize
6.0MB

MD5
36648f508e5009defc007779a92d53a6

SHA1
2b5d7d5d63def13cd3035e5f5c7250ac688900a3

SHA256
149007e2f33ba8814cd3f3390cf643567c81f1130e1c8e9b6b1451f8ea052af0

SHA512
e40c5b74af96a62e6ea624f51b70cd17903050eccd61f0d2949edb6ea840bc9a2162bae3a973bd211894f24924d623276289a2c740ef24c2b34799aa366aca00

Download Submit
\Windows\system\vvDsEJG.exe

Filesize
6.0MB

MD5
ba20be113b1923a51aa47ac3f6e6d78f

SHA1
14716cda078e28b3ab882a0ce59f87d02ac52c6d

SHA256
0062dea804d56ecbf778251449fbf1b9e27067793a3f61c1f729f4738e099aa3

SHA512
4fd2d665bcd20d5937ef3798bb9dd94c71190c4e33402f29fbb73fc6c209580856daaf9b52f07351d41b6fbd5ad9571133653576f83b09d5f0e8d5f37586af77

Download Submit
memory/756-105-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/756-885-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/756-3271-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1680-3222-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1680-43-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/1688-34-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1688-68-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1688-3216-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/1848-3206-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/1848-14-0x000000013F870000-0x000000013FBC4000-memory.dmp

Filesize
3.3MB

Download
memory/2152-25-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2152-63-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2152-3203-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2192-80-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2192-44-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2192-5002-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2284-3260-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2284-88-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2284-569-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2480-92-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2480-71-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/2480-108-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-104-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2480-18-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-24-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-42-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-99-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-831-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-19-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-969-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-49-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-30-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-77-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-662-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2480-481-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-0-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-60-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-38-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-322-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-6-0x0000000002240000-0x0000000002594000-memory.dmp

Filesize
3.3MB

Download
memory/2480-52-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-3242-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2552-50-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2552-87-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2576-81-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2576-3253-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2576-415-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2616-745-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3273-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2660-74-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3252-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2660-234-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2696-37-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3229-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-73-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-3251-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-103-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-64-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-95-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-55-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3249-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download