cobaltstrike | 377067e79325b2e6888714bbe5b10f01a800017103cb15bf3d43fc71b9999d0e

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 04:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

40b28e9ca08b4921696491df64e48793
SHA1

856cd4a9f9e6f23cfa1a9cd0f8113e94eddc4708
SHA256

377067e79325b2e6888714bbe5b10f01a800017103cb15bf3d43fc71b9999d0e
SHA512

63915f24e12231e6c334e5304c55c2c6cf2380e83738caa6344e5e2fa367ab66be57702eef66933ad7ef51628851ea6d5811935d3921cb22d1e3bd766f3b2b6d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c23-7.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-35.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce9-46.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-187.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-177.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-162.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-84.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-73.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-60.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce0-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-28.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1116-0-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x000a000000012262-3.dat	xmrig
behavioral1/files/0x0008000000016c23-7.dat	xmrig
behavioral1/files/0x0007000000016cab-15.dat	xmrig
behavioral1/files/0x0007000000016ccc-35.dat	xmrig
behavioral1/memory/2888-36-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ce9-46.dat	xmrig
behavioral1/memory/3024-50-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bb-151.dat	xmrig
behavioral1/files/0x00050000000195c7-183.dat	xmrig
behavioral1/memory/1936-391-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/1904-1909-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2964-2463-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/1916-1980-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/1936-1973-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2296-1958-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/320-1939-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2464-1931-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/memory/2636-1917-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/3024-1893-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2956-1890-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2940-1870-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2448-1862-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/1700-1861-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/1116-287-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-194.dat	xmrig
behavioral1/memory/1116-192-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-187.dat	xmrig
behavioral1/files/0x00050000000195c5-172.dat	xmrig
behavioral1/files/0x00050000000195c6-177.dat	xmrig
behavioral1/files/0x00050000000195c1-162.dat	xmrig
behavioral1/files/0x00050000000195c3-165.dat	xmrig
behavioral1/files/0x00050000000195bd-155.dat	xmrig
behavioral1/files/0x00050000000195b5-142.dat	xmrig
behavioral1/files/0x00050000000195b7-146.dat	xmrig
behavioral1/files/0x00050000000195b3-136.dat	xmrig
behavioral1/files/0x00050000000195b1-132.dat	xmrig
behavioral1/files/0x00050000000195af-126.dat	xmrig
behavioral1/files/0x00050000000195ad-122.dat	xmrig
behavioral1/files/0x00050000000195ab-116.dat	xmrig
behavioral1/files/0x00050000000195a9-112.dat	xmrig
behavioral1/files/0x00050000000195a7-105.dat	xmrig
behavioral1/memory/1904-102-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/1916-101-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001957c-97.dat	xmrig
behavioral1/memory/1936-93-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2296-87-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2956-86-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019515-84.dat	xmrig
behavioral1/memory/320-82-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/memory/2464-81-0x000000013FCF0000-0x0000000140044000-memory.dmp	xmrig
behavioral1/files/0x0005000000019547-90.dat	xmrig
behavioral1/files/0x00050000000194ef-64.dat	xmrig
behavioral1/memory/1904-55-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a3-53.dat	xmrig
behavioral1/files/0x000500000001950f-73.dat	xmrig
behavioral1/memory/1116-71-0x0000000002290000-0x00000000025E4000-memory.dmp	xmrig
behavioral1/memory/2636-70-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/1116-69-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/1116-63-0x000000013FD30000-0x0000000140084000-memory.dmp	xmrig
behavioral1/files/0x00050000000194eb-60.dat	xmrig
behavioral1/memory/2956-41-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016ce0-39.dat	xmrig
behavioral1/memory/2964-23-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1700	TKESTeE.exe
2964	quaYPDi.exe
2448	PTWUicC.exe
2940	RhUSueL.exe
2888	BZPMnmY.exe
2956	DXDjQql.exe
3024	DmxcWkD.exe
1904	meYRBAT.exe
2636	kpuxiQK.exe
2464	uYgdqAm.exe
320	DMyKBVY.exe
2296	FrkKiKU.exe
1936	gsLdope.exe
1916	TlXOUah.exe
384	VNIqOZo.exe
740	jDzHwNT.exe
1948	odVyTtm.exe
1920	NVUbHPC.exe
1288	MpkGqID.exe
1896	BqCMSlC.exe
2396	kCPlNsU.exe
3004	zTKzfvr.exe
940	evPVBbk.exe
2344	CflUxtX.exe
2544	asKPtek.exe
1100	dvIAjbi.exe
1812	ehxXbOK.exe
1064	FVjmyEd.exe
1964	fbSxlIp.exe
1800	vSHQSBt.exe
1368	vUiLTby.exe
968	wUbJCql.exe
1772	swUgifd.exe
2856	irndaRG.exe
2592	IGHniYK.exe
1060	PmVSRax.exe
1788	ruRApus.exe
1524	KSekDbu.exe
572	xGiyPcm.exe
2040	yAmVwno.exe
2948	faEtgFv.exe
2700	Mrezazv.exe
2212	ZmXMVza.exe
1996	ZtIuhKx.exe
836	EnBvaKl.exe
2452	XccimNl.exe
1476	AYNkwPd.exe
2348	iaqPZil.exe
872	rJmXKIS.exe
1940	MwkSMDx.exe
1340	Jnanneo.exe
1604	qOSVdbj.exe
1600	UdwSYfz.exe
1620	AYeTjSU.exe
2492	POkNuWr.exe
2904	CnqxNeu.exe
2052	duTfZSL.exe
2696	ZnSEDkS.exe
1312	DCJCCMk.exe
1580	wGfGrFM.exe
1648	QJXUXab.exe
2840	yltqLoN.exe
2820	AUHAEji.exe
1464	pixAvyN.exe

Loads dropped DLL 64 IoCs

pid	Process
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1116-0-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x000a000000012262-3.dat	upx
behavioral1/files/0x0008000000016c23-7.dat	upx
behavioral1/files/0x0007000000016cab-15.dat	upx
behavioral1/files/0x0007000000016ccc-35.dat	upx
behavioral1/memory/2888-36-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0008000000016ce9-46.dat	upx
behavioral1/memory/3024-50-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x00050000000195bb-151.dat	upx
behavioral1/files/0x00050000000195c7-183.dat	upx
behavioral1/memory/1936-391-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/1904-1909-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2964-2463-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/1916-1980-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1936-1973-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2296-1958-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/320-1939-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2464-1931-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/memory/2636-1917-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/3024-1893-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2956-1890-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2940-1870-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2448-1862-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/1700-1861-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x0005000000019643-194.dat	upx
behavioral1/files/0x000500000001960c-187.dat	upx
behavioral1/files/0x00050000000195c5-172.dat	upx
behavioral1/files/0x00050000000195c6-177.dat	upx
behavioral1/files/0x00050000000195c1-162.dat	upx
behavioral1/files/0x00050000000195c3-165.dat	upx
behavioral1/files/0x00050000000195bd-155.dat	upx
behavioral1/files/0x00050000000195b5-142.dat	upx
behavioral1/files/0x00050000000195b7-146.dat	upx
behavioral1/files/0x00050000000195b3-136.dat	upx
behavioral1/files/0x00050000000195b1-132.dat	upx
behavioral1/files/0x00050000000195af-126.dat	upx
behavioral1/files/0x00050000000195ad-122.dat	upx
behavioral1/files/0x00050000000195ab-116.dat	upx
behavioral1/files/0x00050000000195a9-112.dat	upx
behavioral1/files/0x00050000000195a7-105.dat	upx
behavioral1/memory/1904-102-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/1916-101-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/files/0x000500000001957c-97.dat	upx
behavioral1/memory/1936-93-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2296-87-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2956-86-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0005000000019515-84.dat	upx
behavioral1/memory/320-82-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2464-81-0x000000013FCF0000-0x0000000140044000-memory.dmp	upx
behavioral1/files/0x0005000000019547-90.dat	upx
behavioral1/files/0x00050000000194ef-64.dat	upx
behavioral1/memory/1904-55-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x00050000000194a3-53.dat	upx
behavioral1/files/0x000500000001950f-73.dat	upx
behavioral1/memory/2636-70-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/1116-63-0x000000013FD30000-0x0000000140084000-memory.dmp	upx
behavioral1/files/0x00050000000194eb-60.dat	upx
behavioral1/memory/2956-41-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x0008000000016ce0-39.dat	upx
behavioral1/memory/2964-23-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2940-34-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/1700-31-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2448-29-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0007000000016cd8-28.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UtnpnGP.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dvayczp.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QtDlrcb.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qhGdByh.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FQmoegk.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwjasYq.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SSKNekR.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GonzHQO.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAfAxAq.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yoJGYcx.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmGNGYc.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vCRXaFa.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gnqnGWw.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWlBjsW.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtXFpTR.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPRWecf.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KcNfFhL.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBUDYcy.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Yotenky.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XccimNl.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYiAepc.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucEuVCf.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OkrZAhW.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lQEEctC.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QvddWTh.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPgNMug.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JfMzxBP.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nIpaMxu.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdTQipH.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\onHfkMx.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFDLWOb.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZOldGM.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZaCTAX.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkQhsAJ.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpYpYnr.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fthWRMP.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DRbnbpF.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BotXxru.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJXUXab.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiwQjbg.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfMzdVa.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAIPzNX.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tcSyzId.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBRcAjy.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vKqNdbq.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cEnAaFk.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGYegUi.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rcxSuAm.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DeKnaRU.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNTNQWx.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zMYOaWY.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAvJmXq.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdTTxxK.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNIqOZo.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MSZihWt.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvucvYn.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AeUMHyH.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\moKDbSb.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vOtdeYd.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKseiLq.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pBrSqSC.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNosyMW.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yEWRLKR.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kUwLbTY.exe	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 1700	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1116 wrote to memory of 1700	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1116 wrote to memory of 1700	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1116 wrote to memory of 2964	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1116 wrote to memory of 2964	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1116 wrote to memory of 2964	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1116 wrote to memory of 2448	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1116 wrote to memory of 2448	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1116 wrote to memory of 2448	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1116 wrote to memory of 2888	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1116 wrote to memory of 2888	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1116 wrote to memory of 2888	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1116 wrote to memory of 2940	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1116 wrote to memory of 2940	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1116 wrote to memory of 2940	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1116 wrote to memory of 2956	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1116 wrote to memory of 2956	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1116 wrote to memory of 2956	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1116 wrote to memory of 3024	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1116 wrote to memory of 3024	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1116 wrote to memory of 3024	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1116 wrote to memory of 1904	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1116 wrote to memory of 1904	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1116 wrote to memory of 1904	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1116 wrote to memory of 2636	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1116 wrote to memory of 2636	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1116 wrote to memory of 2636	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1116 wrote to memory of 320	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1116 wrote to memory of 320	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1116 wrote to memory of 320	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1116 wrote to memory of 2464	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1116 wrote to memory of 2464	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1116 wrote to memory of 2464	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1116 wrote to memory of 2296	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1116 wrote to memory of 2296	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1116 wrote to memory of 2296	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1116 wrote to memory of 1936	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1116 wrote to memory of 1936	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1116 wrote to memory of 1936	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1116 wrote to memory of 1916	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1116 wrote to memory of 1916	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1116 wrote to memory of 1916	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1116 wrote to memory of 384	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1116 wrote to memory of 384	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1116 wrote to memory of 384	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1116 wrote to memory of 740	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1116 wrote to memory of 740	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1116 wrote to memory of 740	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1116 wrote to memory of 1948	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1116 wrote to memory of 1948	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1116 wrote to memory of 1948	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1116 wrote to memory of 1920	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1116 wrote to memory of 1920	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1116 wrote to memory of 1920	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1116 wrote to memory of 1288	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1116 wrote to memory of 1288	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1116 wrote to memory of 1288	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1116 wrote to memory of 1896	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1116 wrote to memory of 1896	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1116 wrote to memory of 1896	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1116 wrote to memory of 2396	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1116 wrote to memory of 2396	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1116 wrote to memory of 2396	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1116 wrote to memory of 3004	1116	2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_40b28e9ca08b4921696491df64e48793_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\System\TKESTeE.exe
  C:\Windows\System\TKESTeE.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\quaYPDi.exe
  C:\Windows\System\quaYPDi.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\PTWUicC.exe
  C:\Windows\System\PTWUicC.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\BZPMnmY.exe
  C:\Windows\System\BZPMnmY.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\RhUSueL.exe
  C:\Windows\System\RhUSueL.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\DXDjQql.exe
  C:\Windows\System\DXDjQql.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\DmxcWkD.exe
  C:\Windows\System\DmxcWkD.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\meYRBAT.exe
  C:\Windows\System\meYRBAT.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\kpuxiQK.exe
  C:\Windows\System\kpuxiQK.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\DMyKBVY.exe
  C:\Windows\System\DMyKBVY.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\uYgdqAm.exe
  C:\Windows\System\uYgdqAm.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\FrkKiKU.exe
  C:\Windows\System\FrkKiKU.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\gsLdope.exe
  C:\Windows\System\gsLdope.exe
  2⤵
  - Executes dropped EXE
  PID:1936
- C:\Windows\System\TlXOUah.exe
  C:\Windows\System\TlXOUah.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\VNIqOZo.exe
  C:\Windows\System\VNIqOZo.exe
  2⤵
  - Executes dropped EXE
  PID:384
- C:\Windows\System\jDzHwNT.exe
  C:\Windows\System\jDzHwNT.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\odVyTtm.exe
  C:\Windows\System\odVyTtm.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\NVUbHPC.exe
  C:\Windows\System\NVUbHPC.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\MpkGqID.exe
  C:\Windows\System\MpkGqID.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\BqCMSlC.exe
  C:\Windows\System\BqCMSlC.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\kCPlNsU.exe
  C:\Windows\System\kCPlNsU.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\zTKzfvr.exe
  C:\Windows\System\zTKzfvr.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\evPVBbk.exe
  C:\Windows\System\evPVBbk.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\CflUxtX.exe
  C:\Windows\System\CflUxtX.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\asKPtek.exe
  C:\Windows\System\asKPtek.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\dvIAjbi.exe
  C:\Windows\System\dvIAjbi.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\ehxXbOK.exe
  C:\Windows\System\ehxXbOK.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\FVjmyEd.exe
  C:\Windows\System\FVjmyEd.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\fbSxlIp.exe
  C:\Windows\System\fbSxlIp.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\vSHQSBt.exe
  C:\Windows\System\vSHQSBt.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\vUiLTby.exe
  C:\Windows\System\vUiLTby.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\wUbJCql.exe
  C:\Windows\System\wUbJCql.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\swUgifd.exe
  C:\Windows\System\swUgifd.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\irndaRG.exe
  C:\Windows\System\irndaRG.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\IGHniYK.exe
  C:\Windows\System\IGHniYK.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\PmVSRax.exe
  C:\Windows\System\PmVSRax.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\ruRApus.exe
  C:\Windows\System\ruRApus.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\KSekDbu.exe
  C:\Windows\System\KSekDbu.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\xGiyPcm.exe
  C:\Windows\System\xGiyPcm.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\yAmVwno.exe
  C:\Windows\System\yAmVwno.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\faEtgFv.exe
  C:\Windows\System\faEtgFv.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\ZmXMVza.exe
  C:\Windows\System\ZmXMVza.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\Mrezazv.exe
  C:\Windows\System\Mrezazv.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\EnBvaKl.exe
  C:\Windows\System\EnBvaKl.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\ZtIuhKx.exe
  C:\Windows\System\ZtIuhKx.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\XccimNl.exe
  C:\Windows\System\XccimNl.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\AYNkwPd.exe
  C:\Windows\System\AYNkwPd.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\iaqPZil.exe
  C:\Windows\System\iaqPZil.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\rJmXKIS.exe
  C:\Windows\System\rJmXKIS.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\MwkSMDx.exe
  C:\Windows\System\MwkSMDx.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\Jnanneo.exe
  C:\Windows\System\Jnanneo.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\qOSVdbj.exe
  C:\Windows\System\qOSVdbj.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\UdwSYfz.exe
  C:\Windows\System\UdwSYfz.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\AYeTjSU.exe
  C:\Windows\System\AYeTjSU.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\POkNuWr.exe
  C:\Windows\System\POkNuWr.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\CnqxNeu.exe
  C:\Windows\System\CnqxNeu.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\duTfZSL.exe
  C:\Windows\System\duTfZSL.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\ZnSEDkS.exe
  C:\Windows\System\ZnSEDkS.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\DCJCCMk.exe
  C:\Windows\System\DCJCCMk.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\wGfGrFM.exe
  C:\Windows\System\wGfGrFM.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\QJXUXab.exe
  C:\Windows\System\QJXUXab.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\yltqLoN.exe
  C:\Windows\System\yltqLoN.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\AUHAEji.exe
  C:\Windows\System\AUHAEji.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\pixAvyN.exe
  C:\Windows\System\pixAvyN.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\bOWxIgy.exe
  C:\Windows\System\bOWxIgy.exe
  2⤵
  PID:1888
- C:\Windows\System\SJzCgQg.exe
  C:\Windows\System\SJzCgQg.exe
  2⤵
  PID:2024
- C:\Windows\System\CFENJzi.exe
  C:\Windows\System\CFENJzi.exe
  2⤵
  PID:840
- C:\Windows\System\yMGFcOe.exe
  C:\Windows\System\yMGFcOe.exe
  2⤵
  PID:1332
- C:\Windows\System\HZqJCea.exe
  C:\Windows\System\HZqJCea.exe
  2⤵
  PID:1076
- C:\Windows\System\KVHgXMU.exe
  C:\Windows\System\KVHgXMU.exe
  2⤵
  PID:1632
- C:\Windows\System\VDsqbSN.exe
  C:\Windows\System\VDsqbSN.exe
  2⤵
  PID:1704
- C:\Windows\System\EoFzNNd.exe
  C:\Windows\System\EoFzNNd.exe
  2⤵
  PID:620
- C:\Windows\System\QvddWTh.exe
  C:\Windows\System\QvddWTh.exe
  2⤵
  PID:1716
- C:\Windows\System\pdcXiXh.exe
  C:\Windows\System\pdcXiXh.exe
  2⤵
  PID:2032
- C:\Windows\System\qliCLuJ.exe
  C:\Windows\System\qliCLuJ.exe
  2⤵
  PID:828
- C:\Windows\System\zBQRlwB.exe
  C:\Windows\System\zBQRlwB.exe
  2⤵
  PID:1540
- C:\Windows\System\PTxLGCH.exe
  C:\Windows\System\PTxLGCH.exe
  2⤵
  PID:1660
- C:\Windows\System\yXQShlv.exe
  C:\Windows\System\yXQShlv.exe
  2⤵
  PID:2416
- C:\Windows\System\mciTIff.exe
  C:\Windows\System\mciTIff.exe
  2⤵
  PID:536
- C:\Windows\System\xGCcxQu.exe
  C:\Windows\System\xGCcxQu.exe
  2⤵
  PID:2352
- C:\Windows\System\SSKNekR.exe
  C:\Windows\System\SSKNekR.exe
  2⤵
  PID:2216
- C:\Windows\System\CZiNQxc.exe
  C:\Windows\System\CZiNQxc.exe
  2⤵
  PID:268
- C:\Windows\System\hWeBWyV.exe
  C:\Windows\System\hWeBWyV.exe
  2⤵
  PID:1344
- C:\Windows\System\WclzSzn.exe
  C:\Windows\System\WclzSzn.exe
  2⤵
  PID:1564
- C:\Windows\System\qiWLDnN.exe
  C:\Windows\System\qiWLDnN.exe
  2⤵
  PID:2000
- C:\Windows\System\ZyFowbn.exe
  C:\Windows\System\ZyFowbn.exe
  2⤵
  PID:868
- C:\Windows\System\HtdUYLo.exe
  C:\Windows\System\HtdUYLo.exe
  2⤵
  PID:2648
- C:\Windows\System\anQukoB.exe
  C:\Windows\System\anQukoB.exe
  2⤵
  PID:2996
- C:\Windows\System\dXNgrAx.exe
  C:\Windows\System\dXNgrAx.exe
  2⤵
  PID:852
- C:\Windows\System\oyUKlEg.exe
  C:\Windows\System\oyUKlEg.exe
  2⤵
  PID:2604
- C:\Windows\System\JIVNpOS.exe
  C:\Windows\System\JIVNpOS.exe
  2⤵
  PID:2028
- C:\Windows\System\yYOmiww.exe
  C:\Windows\System\yYOmiww.exe
  2⤵
  PID:2968
- C:\Windows\System\veNQuDm.exe
  C:\Windows\System\veNQuDm.exe
  2⤵
  PID:1520
- C:\Windows\System\mSjdciB.exe
  C:\Windows\System\mSjdciB.exe
  2⤵
  PID:1068
- C:\Windows\System\DkLkZin.exe
  C:\Windows\System\DkLkZin.exe
  2⤵
  PID:2420
- C:\Windows\System\iqyFllT.exe
  C:\Windows\System\iqyFllT.exe
  2⤵
  PID:824
- C:\Windows\System\SQuBvNX.exe
  C:\Windows\System\SQuBvNX.exe
  2⤵
  PID:2044
- C:\Windows\System\xHUKZbN.exe
  C:\Windows\System\xHUKZbN.exe
  2⤵
  PID:2392
- C:\Windows\System\jUaWmPQ.exe
  C:\Windows\System\jUaWmPQ.exe
  2⤵
  PID:1488
- C:\Windows\System\bcIEmlr.exe
  C:\Windows\System\bcIEmlr.exe
  2⤵
  PID:1012
- C:\Windows\System\vsKEwMS.exe
  C:\Windows\System\vsKEwMS.exe
  2⤵
  PID:1040
- C:\Windows\System\YYWbvuV.exe
  C:\Windows\System\YYWbvuV.exe
  2⤵
  PID:1360
- C:\Windows\System\MTuIeEW.exe
  C:\Windows\System\MTuIeEW.exe
  2⤵
  PID:1672
- C:\Windows\System\wOHaxGz.exe
  C:\Windows\System\wOHaxGz.exe
  2⤵
  PID:2080
- C:\Windows\System\YRdJhyA.exe
  C:\Windows\System\YRdJhyA.exe
  2⤵
  PID:1972
- C:\Windows\System\dZzhmQD.exe
  C:\Windows\System\dZzhmQD.exe
  2⤵
  PID:1872
- C:\Windows\System\bWGgeoV.exe
  C:\Windows\System\bWGgeoV.exe
  2⤵
  PID:936
- C:\Windows\System\qlmtTKh.exe
  C:\Windows\System\qlmtTKh.exe
  2⤵
  PID:2404
- C:\Windows\System\YsCrkEb.exe
  C:\Windows\System\YsCrkEb.exe
  2⤵
  PID:1052
- C:\Windows\System\MnSGByC.exe
  C:\Windows\System\MnSGByC.exe
  2⤵
  PID:2372
- C:\Windows\System\cyvaGEl.exe
  C:\Windows\System\cyvaGEl.exe
  2⤵
  PID:2180
- C:\Windows\System\SLfUdsT.exe
  C:\Windows\System\SLfUdsT.exe
  2⤵
  PID:1528
- C:\Windows\System\ARqIsbK.exe
  C:\Windows\System\ARqIsbK.exe
  2⤵
  PID:2308
- C:\Windows\System\RUjiKin.exe
  C:\Windows\System\RUjiKin.exe
  2⤵
  PID:3080
- C:\Windows\System\HcMEoRP.exe
  C:\Windows\System\HcMEoRP.exe
  2⤵
  PID:3100
- C:\Windows\System\iyRtkxw.exe
  C:\Windows\System\iyRtkxw.exe
  2⤵
  PID:3116
- C:\Windows\System\cYiAepc.exe
  C:\Windows\System\cYiAepc.exe
  2⤵
  PID:3136
- C:\Windows\System\yOoZLGd.exe
  C:\Windows\System\yOoZLGd.exe
  2⤵
  PID:3156
- C:\Windows\System\ahkXjJx.exe
  C:\Windows\System\ahkXjJx.exe
  2⤵
  PID:3176
- C:\Windows\System\aGlPOKC.exe
  C:\Windows\System\aGlPOKC.exe
  2⤵
  PID:3192
- C:\Windows\System\KuIDlZy.exe
  C:\Windows\System\KuIDlZy.exe
  2⤵
  PID:3216
- C:\Windows\System\LkpjMvv.exe
  C:\Windows\System\LkpjMvv.exe
  2⤵
  PID:3232
- C:\Windows\System\EfDoXHT.exe
  C:\Windows\System\EfDoXHT.exe
  2⤵
  PID:3256
- C:\Windows\System\qKklSfK.exe
  C:\Windows\System\qKklSfK.exe
  2⤵
  PID:3272
- C:\Windows\System\oIudiWe.exe
  C:\Windows\System\oIudiWe.exe
  2⤵
  PID:3292
- C:\Windows\System\veaGgvs.exe
  C:\Windows\System\veaGgvs.exe
  2⤵
  PID:3316
- C:\Windows\System\DboqTpr.exe
  C:\Windows\System\DboqTpr.exe
  2⤵
  PID:3332
- C:\Windows\System\KSLcdUj.exe
  C:\Windows\System\KSLcdUj.exe
  2⤵
  PID:3348
- C:\Windows\System\gxbQeud.exe
  C:\Windows\System\gxbQeud.exe
  2⤵
  PID:3364
- C:\Windows\System\tkqpoeU.exe
  C:\Windows\System\tkqpoeU.exe
  2⤵
  PID:3380
- C:\Windows\System\JbPuZsl.exe
  C:\Windows\System\JbPuZsl.exe
  2⤵
  PID:3396
- C:\Windows\System\ZAwhkRo.exe
  C:\Windows\System\ZAwhkRo.exe
  2⤵
  PID:3412
- C:\Windows\System\pKWgwqI.exe
  C:\Windows\System\pKWgwqI.exe
  2⤵
  PID:3444
- C:\Windows\System\MFuwbDI.exe
  C:\Windows\System\MFuwbDI.exe
  2⤵
  PID:3484
- C:\Windows\System\JJRflQf.exe
  C:\Windows\System\JJRflQf.exe
  2⤵
  PID:3508
- C:\Windows\System\PKzebxe.exe
  C:\Windows\System\PKzebxe.exe
  2⤵
  PID:3524
- C:\Windows\System\beEsSuA.exe
  C:\Windows\System\beEsSuA.exe
  2⤵
  PID:3544
- C:\Windows\System\mNfENPV.exe
  C:\Windows\System\mNfENPV.exe
  2⤵
  PID:3560
- C:\Windows\System\LxFoHlj.exe
  C:\Windows\System\LxFoHlj.exe
  2⤵
  PID:3576
- C:\Windows\System\moKDbSb.exe
  C:\Windows\System\moKDbSb.exe
  2⤵
  PID:3592
- C:\Windows\System\xtnitNz.exe
  C:\Windows\System\xtnitNz.exe
  2⤵
  PID:3608
- C:\Windows\System\MDDWOIG.exe
  C:\Windows\System\MDDWOIG.exe
  2⤵
  PID:3636
- C:\Windows\System\NybaKQA.exe
  C:\Windows\System\NybaKQA.exe
  2⤵
  PID:3656
- C:\Windows\System\PESpggc.exe
  C:\Windows\System\PESpggc.exe
  2⤵
  PID:3672
- C:\Windows\System\ytOjhvl.exe
  C:\Windows\System\ytOjhvl.exe
  2⤵
  PID:3688
- C:\Windows\System\SViwgxM.exe
  C:\Windows\System\SViwgxM.exe
  2⤵
  PID:3704
- C:\Windows\System\fjEJgGd.exe
  C:\Windows\System\fjEJgGd.exe
  2⤵
  PID:3720
- C:\Windows\System\ezQMNZw.exe
  C:\Windows\System\ezQMNZw.exe
  2⤵
  PID:3736
- C:\Windows\System\IOKRYYe.exe
  C:\Windows\System\IOKRYYe.exe
  2⤵
  PID:3752
- C:\Windows\System\mPDrdud.exe
  C:\Windows\System\mPDrdud.exe
  2⤵
  PID:3768
- C:\Windows\System\HRLCcLw.exe
  C:\Windows\System\HRLCcLw.exe
  2⤵
  PID:3784
- C:\Windows\System\ddHyyZl.exe
  C:\Windows\System\ddHyyZl.exe
  2⤵
  PID:3800
- C:\Windows\System\HcMwdkf.exe
  C:\Windows\System\HcMwdkf.exe
  2⤵
  PID:3836
- C:\Windows\System\EERhJuR.exe
  C:\Windows\System\EERhJuR.exe
  2⤵
  PID:3852
- C:\Windows\System\grPgVAV.exe
  C:\Windows\System\grPgVAV.exe
  2⤵
  PID:3868
- C:\Windows\System\ZwNUDIJ.exe
  C:\Windows\System\ZwNUDIJ.exe
  2⤵
  PID:3884
- C:\Windows\System\PVJfmTe.exe
  C:\Windows\System\PVJfmTe.exe
  2⤵
  PID:3904
- C:\Windows\System\zUCBzrb.exe
  C:\Windows\System\zUCBzrb.exe
  2⤵
  PID:3920
- C:\Windows\System\sCiPYoQ.exe
  C:\Windows\System\sCiPYoQ.exe
  2⤵
  PID:3984
- C:\Windows\System\UBOafWs.exe
  C:\Windows\System\UBOafWs.exe
  2⤵
  PID:4000
- C:\Windows\System\XhXJdvX.exe
  C:\Windows\System\XhXJdvX.exe
  2⤵
  PID:4016
- C:\Windows\System\BFDLWOb.exe
  C:\Windows\System\BFDLWOb.exe
  2⤵
  PID:4032
- C:\Windows\System\eiJCfZk.exe
  C:\Windows\System\eiJCfZk.exe
  2⤵
  PID:4060
- C:\Windows\System\dDtdjgF.exe
  C:\Windows\System\dDtdjgF.exe
  2⤵
  PID:4084
- C:\Windows\System\TOhjlgY.exe
  C:\Windows\System\TOhjlgY.exe
  2⤵
  PID:1988
- C:\Windows\System\VbhUPQC.exe
  C:\Windows\System\VbhUPQC.exe
  2⤵
  PID:1740
- C:\Windows\System\uahAmkT.exe
  C:\Windows\System\uahAmkT.exe
  2⤵
  PID:3008
- C:\Windows\System\nsGUoye.exe
  C:\Windows\System\nsGUoye.exe
  2⤵
  PID:648
- C:\Windows\System\IptvvHC.exe
  C:\Windows\System\IptvvHC.exe
  2⤵
  PID:2580
- C:\Windows\System\NjArszj.exe
  C:\Windows\System\NjArszj.exe
  2⤵
  PID:952
- C:\Windows\System\ucEuVCf.exe
  C:\Windows\System\ucEuVCf.exe
  2⤵
  PID:3108
- C:\Windows\System\TFnabJJ.exe
  C:\Windows\System\TFnabJJ.exe
  2⤵
  PID:3152
- C:\Windows\System\DRxsRbd.exe
  C:\Windows\System\DRxsRbd.exe
  2⤵
  PID:3228
- C:\Windows\System\TQzRoeI.exe
  C:\Windows\System\TQzRoeI.exe
  2⤵
  PID:3308
- C:\Windows\System\WuDbsZi.exe
  C:\Windows\System\WuDbsZi.exe
  2⤵
  PID:3124
- C:\Windows\System\uHKyHrR.exe
  C:\Windows\System\uHKyHrR.exe
  2⤵
  PID:3132
- C:\Windows\System\vbSHrRH.exe
  C:\Windows\System\vbSHrRH.exe
  2⤵
  PID:3376
- C:\Windows\System\ZYPrKDl.exe
  C:\Windows\System\ZYPrKDl.exe
  2⤵
  PID:3464
- C:\Windows\System\tYvyIul.exe
  C:\Windows\System\tYvyIul.exe
  2⤵
  PID:3552
- C:\Windows\System\xUfAQnG.exe
  C:\Windows\System\xUfAQnG.exe
  2⤵
  PID:3616
- C:\Windows\System\dawnZho.exe
  C:\Windows\System\dawnZho.exe
  2⤵
  PID:3200
- C:\Windows\System\ZJamgdv.exe
  C:\Windows\System\ZJamgdv.exe
  2⤵
  PID:3240
- C:\Windows\System\qpkMBKo.exe
  C:\Windows\System\qpkMBKo.exe
  2⤵
  PID:3288
- C:\Windows\System\BQJAggo.exe
  C:\Windows\System\BQJAggo.exe
  2⤵
  PID:3356
- C:\Windows\System\doYGdnK.exe
  C:\Windows\System\doYGdnK.exe
  2⤵
  PID:3764
- C:\Windows\System\NEwFDYc.exe
  C:\Windows\System\NEwFDYc.exe
  2⤵
  PID:3428
- C:\Windows\System\Vfbjybm.exe
  C:\Windows\System\Vfbjybm.exe
  2⤵
  PID:3796
- C:\Windows\System\Hbwvdpt.exe
  C:\Windows\System\Hbwvdpt.exe
  2⤵
  PID:3492
- C:\Windows\System\wjWqWHP.exe
  C:\Windows\System\wjWqWHP.exe
  2⤵
  PID:3504
- C:\Windows\System\xAPuRaJ.exe
  C:\Windows\System\xAPuRaJ.exe
  2⤵
  PID:3916
- C:\Windows\System\QnLiGrC.exe
  C:\Windows\System\QnLiGrC.exe
  2⤵
  PID:3828
- C:\Windows\System\myVlWbL.exe
  C:\Windows\System\myVlWbL.exe
  2⤵
  PID:3900
- C:\Windows\System\PRcpcEt.exe
  C:\Windows\System\PRcpcEt.exe
  2⤵
  PID:3600
- C:\Windows\System\xXpkeCY.exe
  C:\Windows\System\xXpkeCY.exe
  2⤵
  PID:3780
- C:\Windows\System\UwvkAmD.exe
  C:\Windows\System\UwvkAmD.exe
  2⤵
  PID:3716
- C:\Windows\System\Wyxbhrn.exe
  C:\Windows\System\Wyxbhrn.exe
  2⤵
  PID:3932
- C:\Windows\System\zOHxEtK.exe
  C:\Windows\System\zOHxEtK.exe
  2⤵
  PID:3952
- C:\Windows\System\QLVCvVN.exe
  C:\Windows\System\QLVCvVN.exe
  2⤵
  PID:3992
- C:\Windows\System\zparaOC.exe
  C:\Windows\System\zparaOC.exe
  2⤵
  PID:4076
- C:\Windows\System\Nvbyjqq.exe
  C:\Windows\System\Nvbyjqq.exe
  2⤵
  PID:3980
- C:\Windows\System\HHZOKVR.exe
  C:\Windows\System\HHZOKVR.exe
  2⤵
  PID:4048
- C:\Windows\System\cBvyCMI.exe
  C:\Windows\System\cBvyCMI.exe
  2⤵
  PID:3076
- C:\Windows\System\MSZihWt.exe
  C:\Windows\System\MSZihWt.exe
  2⤵
  PID:2408
- C:\Windows\System\kkUbusr.exe
  C:\Windows\System\kkUbusr.exe
  2⤵
  PID:3144
- C:\Windows\System\sGLNvmS.exe
  C:\Windows\System\sGLNvmS.exe
  2⤵
  PID:2596
- C:\Windows\System\gpdcDuT.exe
  C:\Windows\System\gpdcDuT.exe
  2⤵
  PID:676
- C:\Windows\System\OkrZAhW.exe
  C:\Windows\System\OkrZAhW.exe
  2⤵
  PID:3092
- C:\Windows\System\yODXNrF.exe
  C:\Windows\System\yODXNrF.exe
  2⤵
  PID:3188
- C:\Windows\System\oWdADBj.exe
  C:\Windows\System\oWdADBj.exe
  2⤵
  PID:3304
- C:\Windows\System\nBWDtKv.exe
  C:\Windows\System\nBWDtKv.exe
  2⤵
  PID:3172
- C:\Windows\System\RvTtwkh.exe
  C:\Windows\System\RvTtwkh.exe
  2⤵
  PID:3208
- C:\Windows\System\frCURDj.exe
  C:\Windows\System\frCURDj.exe
  2⤵
  PID:3212
- C:\Windows\System\qmbpiDu.exe
  C:\Windows\System\qmbpiDu.exe
  2⤵
  PID:3420
- C:\Windows\System\ElYKZBr.exe
  C:\Windows\System\ElYKZBr.exe
  2⤵
  PID:3732
- C:\Windows\System\RmnmHLO.exe
  C:\Windows\System\RmnmHLO.exe
  2⤵
  PID:3284
- C:\Windows\System\lckCRsl.exe
  C:\Windows\System\lckCRsl.exe
  2⤵
  PID:2628
- C:\Windows\System\jGhOHZR.exe
  C:\Windows\System\jGhOHZR.exe
  2⤵
  PID:3876
- C:\Windows\System\AqHsXyh.exe
  C:\Windows\System\AqHsXyh.exe
  2⤵
  PID:3540
- C:\Windows\System\iphPfET.exe
  C:\Windows\System\iphPfET.exe
  2⤵
  PID:3896
- C:\Windows\System\uOChDDe.exe
  C:\Windows\System\uOChDDe.exe
  2⤵
  PID:3816
- C:\Windows\System\TXKjrRB.exe
  C:\Windows\System\TXKjrRB.exe
  2⤵
  PID:3808
- C:\Windows\System\LXMEqHW.exe
  C:\Windows\System\LXMEqHW.exe
  2⤵
  PID:3604
- C:\Windows\System\AhNxrqk.exe
  C:\Windows\System\AhNxrqk.exe
  2⤵
  PID:3968
- C:\Windows\System\LngDiwY.exe
  C:\Windows\System\LngDiwY.exe
  2⤵
  PID:4028
- C:\Windows\System\xwHzyck.exe
  C:\Windows\System\xwHzyck.exe
  2⤵
  PID:4052
- C:\Windows\System\YEjwoHM.exe
  C:\Windows\System\YEjwoHM.exe
  2⤵
  PID:656
- C:\Windows\System\pPGGjIw.exe
  C:\Windows\System\pPGGjIw.exe
  2⤵
  PID:1364
- C:\Windows\System\ZAuUIDR.exe
  C:\Windows\System\ZAuUIDR.exe
  2⤵
  PID:4112
- C:\Windows\System\jgAMMdV.exe
  C:\Windows\System\jgAMMdV.exe
  2⤵
  PID:4132
- C:\Windows\System\sjawDqA.exe
  C:\Windows\System\sjawDqA.exe
  2⤵
  PID:4152
- C:\Windows\System\dbIryrt.exe
  C:\Windows\System\dbIryrt.exe
  2⤵
  PID:4168
- C:\Windows\System\axOuuYL.exe
  C:\Windows\System\axOuuYL.exe
  2⤵
  PID:4192
- C:\Windows\System\FaUUlrh.exe
  C:\Windows\System\FaUUlrh.exe
  2⤵
  PID:4212
- C:\Windows\System\RcqyMnJ.exe
  C:\Windows\System\RcqyMnJ.exe
  2⤵
  PID:4232
- C:\Windows\System\RCaYGuI.exe
  C:\Windows\System\RCaYGuI.exe
  2⤵
  PID:4252
- C:\Windows\System\hymGIpD.exe
  C:\Windows\System\hymGIpD.exe
  2⤵
  PID:4272
- C:\Windows\System\SzpCYge.exe
  C:\Windows\System\SzpCYge.exe
  2⤵
  PID:4292
- C:\Windows\System\guHffOT.exe
  C:\Windows\System\guHffOT.exe
  2⤵
  PID:4312
- C:\Windows\System\yMvHyKA.exe
  C:\Windows\System\yMvHyKA.exe
  2⤵
  PID:4332
- C:\Windows\System\fPRtTcu.exe
  C:\Windows\System\fPRtTcu.exe
  2⤵
  PID:4352
- C:\Windows\System\wWZVWXx.exe
  C:\Windows\System\wWZVWXx.exe
  2⤵
  PID:4372
- C:\Windows\System\SXENptW.exe
  C:\Windows\System\SXENptW.exe
  2⤵
  PID:4396
- C:\Windows\System\jMXFlsq.exe
  C:\Windows\System\jMXFlsq.exe
  2⤵
  PID:4412
- C:\Windows\System\KXZtMca.exe
  C:\Windows\System\KXZtMca.exe
  2⤵
  PID:4436
- C:\Windows\System\tfATzTg.exe
  C:\Windows\System\tfATzTg.exe
  2⤵
  PID:4456
- C:\Windows\System\rqSeRcK.exe
  C:\Windows\System\rqSeRcK.exe
  2⤵
  PID:4476
- C:\Windows\System\hfiMTAZ.exe
  C:\Windows\System\hfiMTAZ.exe
  2⤵
  PID:4496
- C:\Windows\System\hzKyVTV.exe
  C:\Windows\System\hzKyVTV.exe
  2⤵
  PID:4516
- C:\Windows\System\eHzrJqk.exe
  C:\Windows\System\eHzrJqk.exe
  2⤵
  PID:4536
- C:\Windows\System\PHxlIjj.exe
  C:\Windows\System\PHxlIjj.exe
  2⤵
  PID:4556
- C:\Windows\System\hnIfwaT.exe
  C:\Windows\System\hnIfwaT.exe
  2⤵
  PID:4576
- C:\Windows\System\laffLqx.exe
  C:\Windows\System\laffLqx.exe
  2⤵
  PID:4596
- C:\Windows\System\UJUMhFA.exe
  C:\Windows\System\UJUMhFA.exe
  2⤵
  PID:4616
- C:\Windows\System\lkrkTUa.exe
  C:\Windows\System\lkrkTUa.exe
  2⤵
  PID:4636
- C:\Windows\System\GpZqhtC.exe
  C:\Windows\System\GpZqhtC.exe
  2⤵
  PID:4656
- C:\Windows\System\nKtPZtP.exe
  C:\Windows\System\nKtPZtP.exe
  2⤵
  PID:4676
- C:\Windows\System\NSYslpv.exe
  C:\Windows\System\NSYslpv.exe
  2⤵
  PID:4696
- C:\Windows\System\wRiQaIr.exe
  C:\Windows\System\wRiQaIr.exe
  2⤵
  PID:4720
- C:\Windows\System\rBpLxKo.exe
  C:\Windows\System\rBpLxKo.exe
  2⤵
  PID:4740
- C:\Windows\System\lSdQOyo.exe
  C:\Windows\System\lSdQOyo.exe
  2⤵
  PID:4764
- C:\Windows\System\qdFxmVS.exe
  C:\Windows\System\qdFxmVS.exe
  2⤵
  PID:4780
- C:\Windows\System\yzSEDXv.exe
  C:\Windows\System\yzSEDXv.exe
  2⤵
  PID:4796
- C:\Windows\System\zHmJcvr.exe
  C:\Windows\System\zHmJcvr.exe
  2⤵
  PID:4820
- C:\Windows\System\EQjrNNN.exe
  C:\Windows\System\EQjrNNN.exe
  2⤵
  PID:4844
- C:\Windows\System\GGueybf.exe
  C:\Windows\System\GGueybf.exe
  2⤵
  PID:4864
- C:\Windows\System\ehYZuTv.exe
  C:\Windows\System\ehYZuTv.exe
  2⤵
  PID:4884
- C:\Windows\System\BhupxtJ.exe
  C:\Windows\System\BhupxtJ.exe
  2⤵
  PID:4900
- C:\Windows\System\EydShdL.exe
  C:\Windows\System\EydShdL.exe
  2⤵
  PID:4924
- C:\Windows\System\vbgqEMN.exe
  C:\Windows\System\vbgqEMN.exe
  2⤵
  PID:4944
- C:\Windows\System\aIrdgch.exe
  C:\Windows\System\aIrdgch.exe
  2⤵
  PID:4964
- C:\Windows\System\idiFmxx.exe
  C:\Windows\System\idiFmxx.exe
  2⤵
  PID:4984
- C:\Windows\System\twdiYSe.exe
  C:\Windows\System\twdiYSe.exe
  2⤵
  PID:5000
- C:\Windows\System\MUIXSLa.exe
  C:\Windows\System\MUIXSLa.exe
  2⤵
  PID:5020
- C:\Windows\System\EoILplm.exe
  C:\Windows\System\EoILplm.exe
  2⤵
  PID:5040
- C:\Windows\System\DHkxTLE.exe
  C:\Windows\System\DHkxTLE.exe
  2⤵
  PID:5060
- C:\Windows\System\flXXJYv.exe
  C:\Windows\System\flXXJYv.exe
  2⤵
  PID:5084
- C:\Windows\System\ICxhXgl.exe
  C:\Windows\System\ICxhXgl.exe
  2⤵
  PID:5100
- C:\Windows\System\hpIWOYq.exe
  C:\Windows\System\hpIWOYq.exe
  2⤵
  PID:4040
- C:\Windows\System\kxTZHWB.exe
  C:\Windows\System\kxTZHWB.exe
  2⤵
  PID:2676
- C:\Windows\System\NWJiPYg.exe
  C:\Windows\System\NWJiPYg.exe
  2⤵
  PID:3268
- C:\Windows\System\BeCvdZC.exe
  C:\Windows\System\BeCvdZC.exe
  2⤵
  PID:3588
- C:\Windows\System\MLKMvTw.exe
  C:\Windows\System\MLKMvTw.exe
  2⤵
  PID:3628
- C:\Windows\System\NWpToJQ.exe
  C:\Windows\System\NWpToJQ.exe
  2⤵
  PID:3392
- C:\Windows\System\CSrcAix.exe
  C:\Windows\System\CSrcAix.exe
  2⤵
  PID:2752
- C:\Windows\System\HZkXzoz.exe
  C:\Windows\System\HZkXzoz.exe
  2⤵
  PID:3912
- C:\Windows\System\NLKemTl.exe
  C:\Windows\System\NLKemTl.exe
  2⤵
  PID:3848
- C:\Windows\System\mWLRazo.exe
  C:\Windows\System\mWLRazo.exe
  2⤵
  PID:2736
- C:\Windows\System\ComRokH.exe
  C:\Windows\System\ComRokH.exe
  2⤵
  PID:3972
- C:\Windows\System\GwCcQVC.exe
  C:\Windows\System\GwCcQVC.exe
  2⤵
  PID:3960
- C:\Windows\System\MWEuKNo.exe
  C:\Windows\System\MWEuKNo.exe
  2⤵
  PID:2944
- C:\Windows\System\tIQThUn.exe
  C:\Windows\System\tIQThUn.exe
  2⤵
  PID:4104
- C:\Windows\System\ffSaVhm.exe
  C:\Windows\System\ffSaVhm.exe
  2⤵
  PID:4120
- C:\Windows\System\HNxxJwZ.exe
  C:\Windows\System\HNxxJwZ.exe
  2⤵
  PID:4144
- C:\Windows\System\tdHiXkH.exe
  C:\Windows\System\tdHiXkH.exe
  2⤵
  PID:4164
- C:\Windows\System\KZOldGM.exe
  C:\Windows\System\KZOldGM.exe
  2⤵
  PID:4200
- C:\Windows\System\pqXVtEU.exe
  C:\Windows\System\pqXVtEU.exe
  2⤵
  PID:4260
- C:\Windows\System\dGnsPLd.exe
  C:\Windows\System\dGnsPLd.exe
  2⤵
  PID:4300
- C:\Windows\System\RGWpjJb.exe
  C:\Windows\System\RGWpjJb.exe
  2⤵
  PID:4320
- C:\Windows\System\YESTRvA.exe
  C:\Windows\System\YESTRvA.exe
  2⤵
  PID:4392
- C:\Windows\System\aFcoxPa.exe
  C:\Windows\System\aFcoxPa.exe
  2⤵
  PID:4368
- C:\Windows\System\FYXstTu.exe
  C:\Windows\System\FYXstTu.exe
  2⤵
  PID:4432
- C:\Windows\System\HmGHiWf.exe
  C:\Windows\System\HmGHiWf.exe
  2⤵
  PID:4444
- C:\Windows\System\NzupwuI.exe
  C:\Windows\System\NzupwuI.exe
  2⤵
  PID:4448
- C:\Windows\System\HaWQteF.exe
  C:\Windows\System\HaWQteF.exe
  2⤵
  PID:4524
- C:\Windows\System\Envydxg.exe
  C:\Windows\System\Envydxg.exe
  2⤵
  PID:4528
- C:\Windows\System\zGrzVRe.exe
  C:\Windows\System\zGrzVRe.exe
  2⤵
  PID:4564
- C:\Windows\System\mgcoZgn.exe
  C:\Windows\System\mgcoZgn.exe
  2⤵
  PID:4604
- C:\Windows\System\AEVVUli.exe
  C:\Windows\System\AEVVUli.exe
  2⤵
  PID:4644
- C:\Windows\System\pBkLziO.exe
  C:\Windows\System\pBkLziO.exe
  2⤵
  PID:4704
- C:\Windows\System\WZGEieq.exe
  C:\Windows\System\WZGEieq.exe
  2⤵
  PID:4692
- C:\Windows\System\eLnakRy.exe
  C:\Windows\System\eLnakRy.exe
  2⤵
  PID:4756
- C:\Windows\System\xIktgkS.exe
  C:\Windows\System\xIktgkS.exe
  2⤵
  PID:4772
- C:\Windows\System\VIVfNIK.exe
  C:\Windows\System\VIVfNIK.exe
  2⤵
  PID:4804
- C:\Windows\System\BafFXvS.exe
  C:\Windows\System\BafFXvS.exe
  2⤵
  PID:4812
- C:\Windows\System\CjGbDKA.exe
  C:\Windows\System\CjGbDKA.exe
  2⤵
  PID:4920
- C:\Windows\System\BmlauDy.exe
  C:\Windows\System\BmlauDy.exe
  2⤵
  PID:4892
- C:\Windows\System\gnqnGWw.exe
  C:\Windows\System\gnqnGWw.exe
  2⤵
  PID:4936
- C:\Windows\System\UhCVUVE.exe
  C:\Windows\System\UhCVUVE.exe
  2⤵
  PID:4996
- C:\Windows\System\HZTTYGe.exe
  C:\Windows\System\HZTTYGe.exe
  2⤵
  PID:5012
- C:\Windows\System\vKqNdbq.exe
  C:\Windows\System\vKqNdbq.exe
  2⤵
  PID:5076
- C:\Windows\System\pOOivtJ.exe
  C:\Windows\System\pOOivtJ.exe
  2⤵
  PID:5048
- C:\Windows\System\IvrgQfk.exe
  C:\Windows\System\IvrgQfk.exe
  2⤵
  PID:5096
- C:\Windows\System\yGbGIzA.exe
  C:\Windows\System\yGbGIzA.exe
  2⤵
  PID:3664
- C:\Windows\System\vTQPsUJ.exe
  C:\Windows\System\vTQPsUJ.exe
  2⤵
  PID:3452
- C:\Windows\System\gkETWfR.exe
  C:\Windows\System\gkETWfR.exe
  2⤵
  PID:3432
- C:\Windows\System\GonzHQO.exe
  C:\Windows\System\GonzHQO.exe
  2⤵
  PID:3328
- C:\Windows\System\uumWygo.exe
  C:\Windows\System\uumWygo.exe
  2⤵
  PID:3280
- C:\Windows\System\Txcohxs.exe
  C:\Windows\System\Txcohxs.exe
  2⤵
  PID:3500
- C:\Windows\System\reKtONJ.exe
  C:\Windows\System\reKtONJ.exe
  2⤵
  PID:3536
- C:\Windows\System\EgGsfAo.exe
  C:\Windows\System\EgGsfAo.exe
  2⤵
  PID:4184
- C:\Windows\System\StxgvxY.exe
  C:\Windows\System\StxgvxY.exe
  2⤵
  PID:4148
- C:\Windows\System\CqNnUZQ.exe
  C:\Windows\System\CqNnUZQ.exe
  2⤵
  PID:4204
- C:\Windows\System\vQSWCje.exe
  C:\Windows\System\vQSWCje.exe
  2⤵
  PID:4264
- C:\Windows\System\qVAEhtX.exe
  C:\Windows\System\qVAEhtX.exe
  2⤵
  PID:4304
- C:\Windows\System\XPtRoFx.exe
  C:\Windows\System\XPtRoFx.exe
  2⤵
  PID:4348
- C:\Windows\System\vOtdeYd.exe
  C:\Windows\System\vOtdeYd.exe
  2⤵
  PID:4408
- C:\Windows\System\CPhNtZR.exe
  C:\Windows\System\CPhNtZR.exe
  2⤵
  PID:4508
- C:\Windows\System\YLLQyGT.exe
  C:\Windows\System\YLLQyGT.exe
  2⤵
  PID:4592
- C:\Windows\System\KnqPTwe.exe
  C:\Windows\System\KnqPTwe.exe
  2⤵
  PID:4588
- C:\Windows\System\VFfcmZc.exe
  C:\Windows\System\VFfcmZc.exe
  2⤵
  PID:4568
- C:\Windows\System\XhFJmGX.exe
  C:\Windows\System\XhFJmGX.exe
  2⤵
  PID:4668
- C:\Windows\System\juIermv.exe
  C:\Windows\System\juIermv.exe
  2⤵
  PID:4736
- C:\Windows\System\apSnLdB.exe
  C:\Windows\System\apSnLdB.exe
  2⤵
  PID:4860
- C:\Windows\System\hfETfqO.exe
  C:\Windows\System\hfETfqO.exe
  2⤵
  PID:4972
- C:\Windows\System\KsxafxL.exe
  C:\Windows\System\KsxafxL.exe
  2⤵
  PID:4836
- C:\Windows\System\wAXQBqi.exe
  C:\Windows\System\wAXQBqi.exe
  2⤵
  PID:4960
- C:\Windows\System\gwdQuwk.exe
  C:\Windows\System\gwdQuwk.exe
  2⤵
  PID:5032
- C:\Windows\System\zbnzpId.exe
  C:\Windows\System\zbnzpId.exe
  2⤵
  PID:5092
- C:\Windows\System\TfPUptB.exe
  C:\Windows\System\TfPUptB.exe
  2⤵
  PID:3624
- C:\Windows\System\kOiWFPe.exe
  C:\Windows\System\kOiWFPe.exe
  2⤵
  PID:3820
- C:\Windows\System\SscEFUJ.exe
  C:\Windows\System\SscEFUJ.exe
  2⤵
  PID:2616
- C:\Windows\System\oqaEwSu.exe
  C:\Windows\System\oqaEwSu.exe
  2⤵
  PID:3252
- C:\Windows\System\hOokyVJ.exe
  C:\Windows\System\hOokyVJ.exe
  2⤵
  PID:3940
- C:\Windows\System\kQzplVE.exe
  C:\Windows\System\kQzplVE.exe
  2⤵
  PID:3976
- C:\Windows\System\IIPsZKQ.exe
  C:\Windows\System\IIPsZKQ.exe
  2⤵
  PID:4420
- C:\Windows\System\QPtPOjs.exe
  C:\Windows\System\QPtPOjs.exe
  2⤵
  PID:4468
- C:\Windows\System\ouajoJo.exe
  C:\Windows\System\ouajoJo.exe
  2⤵
  PID:4360
- C:\Windows\System\xRgLLxW.exe
  C:\Windows\System\xRgLLxW.exe
  2⤵
  PID:5140
- C:\Windows\System\qFipllc.exe
  C:\Windows\System\qFipllc.exe
  2⤵
  PID:5156
- C:\Windows\System\UWxEKdg.exe
  C:\Windows\System\UWxEKdg.exe
  2⤵
  PID:5180
- C:\Windows\System\jPAaqHf.exe
  C:\Windows\System\jPAaqHf.exe
  2⤵
  PID:5196
- C:\Windows\System\pHvQUAQ.exe
  C:\Windows\System\pHvQUAQ.exe
  2⤵
  PID:5220
- C:\Windows\System\DBfHqTf.exe
  C:\Windows\System\DBfHqTf.exe
  2⤵
  PID:5240
- C:\Windows\System\NqudeOu.exe
  C:\Windows\System\NqudeOu.exe
  2⤵
  PID:5260
- C:\Windows\System\MZZzBEt.exe
  C:\Windows\System\MZZzBEt.exe
  2⤵
  PID:5276
- C:\Windows\System\oocNRmF.exe
  C:\Windows\System\oocNRmF.exe
  2⤵
  PID:5296
- C:\Windows\System\JsEmCyg.exe
  C:\Windows\System\JsEmCyg.exe
  2⤵
  PID:5320
- C:\Windows\System\ceMnqSR.exe
  C:\Windows\System\ceMnqSR.exe
  2⤵
  PID:5336
- C:\Windows\System\dxYBweZ.exe
  C:\Windows\System\dxYBweZ.exe
  2⤵
  PID:5356
- C:\Windows\System\YhqWkCd.exe
  C:\Windows\System\YhqWkCd.exe
  2⤵
  PID:5376
- C:\Windows\System\MImbKSm.exe
  C:\Windows\System\MImbKSm.exe
  2⤵
  PID:5400
- C:\Windows\System\prVrJiT.exe
  C:\Windows\System\prVrJiT.exe
  2⤵
  PID:5424
- C:\Windows\System\aOOcNLE.exe
  C:\Windows\System\aOOcNLE.exe
  2⤵
  PID:5444
- C:\Windows\System\QZBlHEX.exe
  C:\Windows\System\QZBlHEX.exe
  2⤵
  PID:5464
- C:\Windows\System\pYYjGSt.exe
  C:\Windows\System\pYYjGSt.exe
  2⤵
  PID:5484
- C:\Windows\System\FOEhJne.exe
  C:\Windows\System\FOEhJne.exe
  2⤵
  PID:5508
- C:\Windows\System\baqWxJK.exe
  C:\Windows\System\baqWxJK.exe
  2⤵
  PID:5524
- C:\Windows\System\DFqWIRo.exe
  C:\Windows\System\DFqWIRo.exe
  2⤵
  PID:5548
- C:\Windows\System\ACpsJbA.exe
  C:\Windows\System\ACpsJbA.exe
  2⤵
  PID:5564
- C:\Windows\System\IMfPlfA.exe
  C:\Windows\System\IMfPlfA.exe
  2⤵
  PID:5584
- C:\Windows\System\YheaNHu.exe
  C:\Windows\System\YheaNHu.exe
  2⤵
  PID:5604
- C:\Windows\System\RNAAtHs.exe
  C:\Windows\System\RNAAtHs.exe
  2⤵
  PID:5628
- C:\Windows\System\aiwQjbg.exe
  C:\Windows\System\aiwQjbg.exe
  2⤵
  PID:5648
- C:\Windows\System\EltAMYj.exe
  C:\Windows\System\EltAMYj.exe
  2⤵
  PID:5668
- C:\Windows\System\PmUPhul.exe
  C:\Windows\System\PmUPhul.exe
  2⤵
  PID:5684
- C:\Windows\System\wFiRUsV.exe
  C:\Windows\System\wFiRUsV.exe
  2⤵
  PID:5708
- C:\Windows\System\uWXSxSn.exe
  C:\Windows\System\uWXSxSn.exe
  2⤵
  PID:5728
- C:\Windows\System\mSHxxtU.exe
  C:\Windows\System\mSHxxtU.exe
  2⤵
  PID:5744
- C:\Windows\System\TPgNMug.exe
  C:\Windows\System\TPgNMug.exe
  2⤵
  PID:5768
- C:\Windows\System\wqumTBL.exe
  C:\Windows\System\wqumTBL.exe
  2⤵
  PID:5788
- C:\Windows\System\WOwpghv.exe
  C:\Windows\System\WOwpghv.exe
  2⤵
  PID:5808
- C:\Windows\System\uxHFEvd.exe
  C:\Windows\System\uxHFEvd.exe
  2⤵
  PID:5832
- C:\Windows\System\KsRaSWx.exe
  C:\Windows\System\KsRaSWx.exe
  2⤵
  PID:5848
- C:\Windows\System\LGZYTCd.exe
  C:\Windows\System\LGZYTCd.exe
  2⤵
  PID:5872
- C:\Windows\System\XwIwbTj.exe
  C:\Windows\System\XwIwbTj.exe
  2⤵
  PID:5892
- C:\Windows\System\qYIIzmP.exe
  C:\Windows\System\qYIIzmP.exe
  2⤵
  PID:5912
- C:\Windows\System\ehlkKZD.exe
  C:\Windows\System\ehlkKZD.exe
  2⤵
  PID:5932
- C:\Windows\System\BQHqTLf.exe
  C:\Windows\System\BQHqTLf.exe
  2⤵
  PID:5952
- C:\Windows\System\zjerCJy.exe
  C:\Windows\System\zjerCJy.exe
  2⤵
  PID:5972
- C:\Windows\System\mzlVdbg.exe
  C:\Windows\System\mzlVdbg.exe
  2⤵
  PID:5996
- C:\Windows\System\rJytoSi.exe
  C:\Windows\System\rJytoSi.exe
  2⤵
  PID:6016
- C:\Windows\System\VhrdKUg.exe
  C:\Windows\System\VhrdKUg.exe
  2⤵
  PID:6036
- C:\Windows\System\selduCD.exe
  C:\Windows\System\selduCD.exe
  2⤵
  PID:6056
- C:\Windows\System\xauPGhu.exe
  C:\Windows\System\xauPGhu.exe
  2⤵
  PID:6072
- C:\Windows\System\mXJOzeZ.exe
  C:\Windows\System\mXJOzeZ.exe
  2⤵
  PID:6096
- C:\Windows\System\YFmMJEh.exe
  C:\Windows\System\YFmMJEh.exe
  2⤵
  PID:6116
- C:\Windows\System\bzYjXje.exe
  C:\Windows\System\bzYjXje.exe
  2⤵
  PID:6136
- C:\Windows\System\lYgZFVI.exe
  C:\Windows\System\lYgZFVI.exe
  2⤵
  PID:4728
- C:\Windows\System\cDYUGod.exe
  C:\Windows\System\cDYUGod.exe
  2⤵
  PID:4492
- C:\Windows\System\dhQKxvr.exe
  C:\Windows\System\dhQKxvr.exe
  2⤵
  PID:4856
- C:\Windows\System\QtDlrcb.exe
  C:\Windows\System\QtDlrcb.exe
  2⤵
  PID:4916
- C:\Windows\System\PWpDyvm.exe
  C:\Windows\System\PWpDyvm.exe
  2⤵
  PID:4876
- C:\Windows\System\wRTZtEV.exe
  C:\Windows\System\wRTZtEV.exe
  2⤵
  PID:5036
- C:\Windows\System\mWKoMSJ.exe
  C:\Windows\System\mWKoMSJ.exe
  2⤵
  PID:5072
- C:\Windows\System\kkVWBpY.exe
  C:\Windows\System\kkVWBpY.exe
  2⤵
  PID:1188
- C:\Windows\System\LTjPaxP.exe
  C:\Windows\System\LTjPaxP.exe
  2⤵
  PID:3792
- C:\Windows\System\OaGOYeh.exe
  C:\Windows\System\OaGOYeh.exe
  2⤵
  PID:4188
- C:\Windows\System\UxyJWne.exe
  C:\Windows\System\UxyJWne.exe
  2⤵
  PID:3644
- C:\Windows\System\HkPykal.exe
  C:\Windows\System\HkPykal.exe
  2⤵
  PID:3044
- C:\Windows\System\OVHWcsY.exe
  C:\Windows\System\OVHWcsY.exe
  2⤵
  PID:5164
- C:\Windows\System\lLtVyvO.exe
  C:\Windows\System\lLtVyvO.exe
  2⤵
  PID:5168
- C:\Windows\System\KPPrLOE.exe
  C:\Windows\System\KPPrLOE.exe
  2⤵
  PID:5212
- C:\Windows\System\DOqsRMu.exe
  C:\Windows\System\DOqsRMu.exe
  2⤵
  PID:2976
- C:\Windows\System\DyIMuQD.exe
  C:\Windows\System\DyIMuQD.exe
  2⤵
  PID:5284
- C:\Windows\System\LxFCAqB.exe
  C:\Windows\System\LxFCAqB.exe
  2⤵
  PID:5268
- C:\Windows\System\lfIsmSN.exe
  C:\Windows\System\lfIsmSN.exe
  2⤵
  PID:5304
- C:\Windows\System\aCpYFDp.exe
  C:\Windows\System\aCpYFDp.exe
  2⤵
  PID:5368
- C:\Windows\System\egrYXYf.exe
  C:\Windows\System\egrYXYf.exe
  2⤵
  PID:5420
- C:\Windows\System\MBxjSSr.exe
  C:\Windows\System\MBxjSSr.exe
  2⤵
  PID:5396
- C:\Windows\System\IDaDVlT.exe
  C:\Windows\System\IDaDVlT.exe
  2⤵
  PID:5460
- C:\Windows\System\wDlFsqO.exe
  C:\Windows\System\wDlFsqO.exe
  2⤵
  PID:5472
- C:\Windows\System\ZMrMIUf.exe
  C:\Windows\System\ZMrMIUf.exe
  2⤵
  PID:5540
- C:\Windows\System\MRkTHTq.exe
  C:\Windows\System\MRkTHTq.exe
  2⤵
  PID:5520
- C:\Windows\System\pfniVpA.exe
  C:\Windows\System\pfniVpA.exe
  2⤵
  PID:5560
- C:\Windows\System\yHxDqxt.exe
  C:\Windows\System\yHxDqxt.exe
  2⤵
  PID:5596
- C:\Windows\System\kToYRaO.exe
  C:\Windows\System\kToYRaO.exe
  2⤵
  PID:5664
- C:\Windows\System\qqVxMSF.exe
  C:\Windows\System\qqVxMSF.exe
  2⤵
  PID:5644
- C:\Windows\System\kzvUkWp.exe
  C:\Windows\System\kzvUkWp.exe
  2⤵
  PID:5716
- C:\Windows\System\avAbUSs.exe
  C:\Windows\System\avAbUSs.exe
  2⤵
  PID:5756
- C:\Windows\System\FPMdYrI.exe
  C:\Windows\System\FPMdYrI.exe
  2⤵
  PID:5760
- C:\Windows\System\CyfgiKP.exe
  C:\Windows\System\CyfgiKP.exe
  2⤵
  PID:5800
- C:\Windows\System\lEWjsQt.exe
  C:\Windows\System\lEWjsQt.exe
  2⤵
  PID:5856
- C:\Windows\System\ZAGOxKr.exe
  C:\Windows\System\ZAGOxKr.exe
  2⤵
  PID:5880
- C:\Windows\System\cUDXMXY.exe
  C:\Windows\System\cUDXMXY.exe
  2⤵
  PID:5904
- C:\Windows\System\VanCePA.exe
  C:\Windows\System\VanCePA.exe
  2⤵
  PID:2620
- C:\Windows\System\gtNuPop.exe
  C:\Windows\System\gtNuPop.exe
  2⤵
  PID:5964
- C:\Windows\System\odTXmzr.exe
  C:\Windows\System\odTXmzr.exe
  2⤵
  PID:2624
- C:\Windows\System\FrgYJKc.exe
  C:\Windows\System\FrgYJKc.exe
  2⤵
  PID:6064
- C:\Windows\System\nRprElC.exe
  C:\Windows\System\nRprElC.exe
  2⤵
  PID:6084
- C:\Windows\System\IOijGGO.exe
  C:\Windows\System\IOijGGO.exe
  2⤵
  PID:6108
- C:\Windows\System\hODOwny.exe
  C:\Windows\System\hODOwny.exe
  2⤵
  PID:4612
- C:\Windows\System\YjMKinI.exe
  C:\Windows\System\YjMKinI.exe
  2⤵
  PID:4548
- C:\Windows\System\FlRnNDd.exe
  C:\Windows\System\FlRnNDd.exe
  2⤵
  PID:4748
- C:\Windows\System\NSVHbOg.exe
  C:\Windows\System\NSVHbOg.exe
  2⤵
  PID:236
- C:\Windows\System\xVhnOJr.exe
  C:\Windows\System\xVhnOJr.exe
  2⤵
  PID:4832
- C:\Windows\System\FZTcxfm.exe
  C:\Windows\System\FZTcxfm.exe
  2⤵
  PID:3648
- C:\Windows\System\PnDarjH.exe
  C:\Windows\System\PnDarjH.exe
  2⤵
  PID:4240
- C:\Windows\System\xVJNNKI.exe
  C:\Windows\System\xVJNNKI.exe
  2⤵
  PID:5132
- C:\Windows\System\cCpRdXM.exe
  C:\Windows\System\cCpRdXM.exe
  2⤵
  PID:5216
- C:\Windows\System\EnaamJP.exe
  C:\Windows\System\EnaamJP.exe
  2⤵
  PID:5192
- C:\Windows\System\NpZKFfX.exe
  C:\Windows\System\NpZKFfX.exe
  2⤵
  PID:640
- C:\Windows\System\hESTEPk.exe
  C:\Windows\System\hESTEPk.exe
  2⤵
  PID:5272
- C:\Windows\System\FAHEslY.exe
  C:\Windows\System\FAHEslY.exe
  2⤵
  PID:5352
- C:\Windows\System\NDzifbJ.exe
  C:\Windows\System\NDzifbJ.exe
  2⤵
  PID:5440
- C:\Windows\System\xHWIXHI.exe
  C:\Windows\System\xHWIXHI.exe
  2⤵
  PID:5392
- C:\Windows\System\zXJDcsw.exe
  C:\Windows\System\zXJDcsw.exe
  2⤵
  PID:5436
- C:\Windows\System\bVxfrSQ.exe
  C:\Windows\System\bVxfrSQ.exe
  2⤵
  PID:5556
- C:\Windows\System\ftFqWKl.exe
  C:\Windows\System\ftFqWKl.exe
  2⤵
  PID:5544
- C:\Windows\System\wmrAiPV.exe
  C:\Windows\System\wmrAiPV.exe
  2⤵
  PID:5620
- C:\Windows\System\LaAhGCg.exe
  C:\Windows\System\LaAhGCg.exe
  2⤵
  PID:5624
- C:\Windows\System\JLyWrJA.exe
  C:\Windows\System\JLyWrJA.exe
  2⤵
  PID:5680
- C:\Windows\System\pJZINSo.exe
  C:\Windows\System\pJZINSo.exe
  2⤵
  PID:5752
- C:\Windows\System\VEGtkPR.exe
  C:\Windows\System\VEGtkPR.exe
  2⤵
  PID:5816
- C:\Windows\System\tpTnfRs.exe
  C:\Windows\System\tpTnfRs.exe
  2⤵
  PID:5840
- C:\Windows\System\nVuLaKK.exe
  C:\Windows\System\nVuLaKK.exe
  2⤵
  PID:5968
- C:\Windows\System\kKrPYJY.exe
  C:\Windows\System\kKrPYJY.exe
  2⤵
  PID:6032
- C:\Windows\System\oqFzbQt.exe
  C:\Windows\System\oqFzbQt.exe
  2⤵
  PID:6052
- C:\Windows\System\CvZGAsc.exe
  C:\Windows\System\CvZGAsc.exe
  2⤵
  PID:4684
- C:\Windows\System\sWMqQxP.exe
  C:\Windows\System\sWMqQxP.exe
  2⤵
  PID:2720
- C:\Windows\System\qvRjCuU.exe
  C:\Windows\System\qvRjCuU.exe
  2⤵
  PID:4912
- C:\Windows\System\lzamDVP.exe
  C:\Windows\System\lzamDVP.exe
  2⤵
  PID:2836
- C:\Windows\System\QuKdRus.exe
  C:\Windows\System\QuKdRus.exe
  2⤵
  PID:3168
- C:\Windows\System\zkQhsAJ.exe
  C:\Windows\System\zkQhsAJ.exe
  2⤵
  PID:4220
- C:\Windows\System\fAQwtNo.exe
  C:\Windows\System\fAQwtNo.exe
  2⤵
  PID:4140
- C:\Windows\System\pjxwiKf.exe
  C:\Windows\System\pjxwiKf.exe
  2⤵
  PID:5332
- C:\Windows\System\tOZiPaG.exe
  C:\Windows\System\tOZiPaG.exe
  2⤵
  PID:2804
- C:\Windows\System\DWhlRSE.exe
  C:\Windows\System\DWhlRSE.exe
  2⤵
  PID:5316
- C:\Windows\System\OuUxMsx.exe
  C:\Windows\System\OuUxMsx.exe
  2⤵
  PID:2008
- C:\Windows\System\JeQSntR.exe
  C:\Windows\System\JeQSntR.exe
  2⤵
  PID:5208
- C:\Windows\System\mHvVvgc.exe
  C:\Windows\System\mHvVvgc.exe
  2⤵
  PID:5592
- C:\Windows\System\ZSkleGa.exe
  C:\Windows\System\ZSkleGa.exe
  2⤵
  PID:5740
- C:\Windows\System\yICCMSe.exe
  C:\Windows\System\yICCMSe.exe
  2⤵
  PID:5908
- C:\Windows\System\blpTKyl.exe
  C:\Windows\System\blpTKyl.exe
  2⤵
  PID:5944
- C:\Windows\System\BkKbJfP.exe
  C:\Windows\System\BkKbJfP.exe
  2⤵
  PID:5948
- C:\Windows\System\BXRzPZV.exe
  C:\Windows\System\BXRzPZV.exe
  2⤵
  PID:5992
- C:\Windows\System\SnjNFAg.exe
  C:\Windows\System\SnjNFAg.exe
  2⤵
  PID:4672
- C:\Windows\System\KPPbmcR.exe
  C:\Windows\System\KPPbmcR.exe
  2⤵
  PID:3668
- C:\Windows\System\GltOEet.exe
  C:\Windows\System\GltOEet.exe
  2⤵
  PID:4124
- C:\Windows\System\pFKEkWz.exe
  C:\Windows\System\pFKEkWz.exe
  2⤵
  PID:6148
- C:\Windows\System\iJKAyWq.exe
  C:\Windows\System\iJKAyWq.exe
  2⤵
  PID:6168
- C:\Windows\System\nitHfih.exe
  C:\Windows\System\nitHfih.exe
  2⤵
  PID:6188
- C:\Windows\System\KqgqSzh.exe
  C:\Windows\System\KqgqSzh.exe
  2⤵
  PID:6208
- C:\Windows\System\yEWRLKR.exe
  C:\Windows\System\yEWRLKR.exe
  2⤵
  PID:6224
- C:\Windows\System\pDeCddy.exe
  C:\Windows\System\pDeCddy.exe
  2⤵
  PID:6248
- C:\Windows\System\IsynCLp.exe
  C:\Windows\System\IsynCLp.exe
  2⤵
  PID:6268
- C:\Windows\System\MCrJheR.exe
  C:\Windows\System\MCrJheR.exe
  2⤵
  PID:6288
- C:\Windows\System\azDIvzZ.exe
  C:\Windows\System\azDIvzZ.exe
  2⤵
  PID:6308
- C:\Windows\System\PprWQfU.exe
  C:\Windows\System\PprWQfU.exe
  2⤵
  PID:6328
- C:\Windows\System\FjtGRky.exe
  C:\Windows\System\FjtGRky.exe
  2⤵
  PID:6348
- C:\Windows\System\NMxLIsn.exe
  C:\Windows\System\NMxLIsn.exe
  2⤵
  PID:6368
- C:\Windows\System\juelSzD.exe
  C:\Windows\System\juelSzD.exe
  2⤵
  PID:6388
- C:\Windows\System\SiNgxGA.exe
  C:\Windows\System\SiNgxGA.exe
  2⤵
  PID:6408
- C:\Windows\System\dFdpmdU.exe
  C:\Windows\System\dFdpmdU.exe
  2⤵
  PID:6428
- C:\Windows\System\FnfJbuR.exe
  C:\Windows\System\FnfJbuR.exe
  2⤵
  PID:6444
- C:\Windows\System\NWhruNU.exe
  C:\Windows\System\NWhruNU.exe
  2⤵
  PID:6472
- C:\Windows\System\bdVdArd.exe
  C:\Windows\System\bdVdArd.exe
  2⤵
  PID:6492
- C:\Windows\System\oMgfUZi.exe
  C:\Windows\System\oMgfUZi.exe
  2⤵
  PID:6512
- C:\Windows\System\rIrbfmH.exe
  C:\Windows\System\rIrbfmH.exe
  2⤵
  PID:6532
- C:\Windows\System\GRycMRA.exe
  C:\Windows\System\GRycMRA.exe
  2⤵
  PID:6552
- C:\Windows\System\RZgzHoR.exe
  C:\Windows\System\RZgzHoR.exe
  2⤵
  PID:6572
- C:\Windows\System\eUABvIx.exe
  C:\Windows\System\eUABvIx.exe
  2⤵
  PID:6592
- C:\Windows\System\DnfOBMH.exe
  C:\Windows\System\DnfOBMH.exe
  2⤵
  PID:6612
- C:\Windows\System\ZBPyhct.exe
  C:\Windows\System\ZBPyhct.exe
  2⤵
  PID:6632
- C:\Windows\System\wbcABlQ.exe
  C:\Windows\System\wbcABlQ.exe
  2⤵
  PID:6652
- C:\Windows\System\ldicywG.exe
  C:\Windows\System\ldicywG.exe
  2⤵
  PID:6668
- C:\Windows\System\wSIyGQq.exe
  C:\Windows\System\wSIyGQq.exe
  2⤵
  PID:6692
- C:\Windows\System\Ivfnnow.exe
  C:\Windows\System\Ivfnnow.exe
  2⤵
  PID:6712
- C:\Windows\System\oHNfjZa.exe
  C:\Windows\System\oHNfjZa.exe
  2⤵
  PID:6728
- C:\Windows\System\mIhufzA.exe
  C:\Windows\System\mIhufzA.exe
  2⤵
  PID:6752
- C:\Windows\System\MRLOcCz.exe
  C:\Windows\System\MRLOcCz.exe
  2⤵
  PID:6772
- C:\Windows\System\pDOiuEH.exe
  C:\Windows\System\pDOiuEH.exe
  2⤵
  PID:6792
- C:\Windows\System\QqGXTdR.exe
  C:\Windows\System\QqGXTdR.exe
  2⤵
  PID:6812
- C:\Windows\System\jIpHTKx.exe
  C:\Windows\System\jIpHTKx.exe
  2⤵
  PID:6828
- C:\Windows\System\MAIMPjI.exe
  C:\Windows\System\MAIMPjI.exe
  2⤵
  PID:6848
- C:\Windows\System\dBKjLzb.exe
  C:\Windows\System\dBKjLzb.exe
  2⤵
  PID:6872
- C:\Windows\System\WKvfwxI.exe
  C:\Windows\System\WKvfwxI.exe
  2⤵
  PID:6892
- C:\Windows\System\bibkful.exe
  C:\Windows\System\bibkful.exe
  2⤵
  PID:6916
- C:\Windows\System\FZaGMNY.exe
  C:\Windows\System\FZaGMNY.exe
  2⤵
  PID:6936
- C:\Windows\System\yJuFjOH.exe
  C:\Windows\System\yJuFjOH.exe
  2⤵
  PID:6956
- C:\Windows\System\wMdFhCv.exe
  C:\Windows\System\wMdFhCv.exe
  2⤵
  PID:6976
- C:\Windows\System\FCsKviL.exe
  C:\Windows\System\FCsKviL.exe
  2⤵
  PID:6996
- C:\Windows\System\EzqGwHw.exe
  C:\Windows\System\EzqGwHw.exe
  2⤵
  PID:7016
- C:\Windows\System\XRzZnhs.exe
  C:\Windows\System\XRzZnhs.exe
  2⤵
  PID:7032
- C:\Windows\System\JfMzxBP.exe
  C:\Windows\System\JfMzxBP.exe
  2⤵
  PID:7056
- C:\Windows\System\WKWuFlB.exe
  C:\Windows\System\WKWuFlB.exe
  2⤵
  PID:7076
- C:\Windows\System\xTcJfjp.exe
  C:\Windows\System\xTcJfjp.exe
  2⤵
  PID:7096
- C:\Windows\System\vTDwCHt.exe
  C:\Windows\System\vTDwCHt.exe
  2⤵
  PID:7116
- C:\Windows\System\yBUdvCm.exe
  C:\Windows\System\yBUdvCm.exe
  2⤵
  PID:7136
- C:\Windows\System\uvucvYn.exe
  C:\Windows\System\uvucvYn.exe
  2⤵
  PID:7156
- C:\Windows\System\nODvoSZ.exe
  C:\Windows\System\nODvoSZ.exe
  2⤵
  PID:5152
- C:\Windows\System\xGvJeTA.exe
  C:\Windows\System\xGvJeTA.exe
  2⤵
  PID:5348
- C:\Windows\System\JVdyTSG.exe
  C:\Windows\System\JVdyTSG.exe
  2⤵
  PID:1460
- C:\Windows\System\RAfAxAq.exe
  C:\Windows\System\RAfAxAq.exe
  2⤵
  PID:5580
- C:\Windows\System\ePbzCFq.exe
  C:\Windows\System\ePbzCFq.exe
  2⤵
  PID:5720
- C:\Windows\System\BigOmKS.exe
  C:\Windows\System\BigOmKS.exe
  2⤵
  PID:6008
- C:\Windows\System\XBhLmXB.exe
  C:\Windows\System\XBhLmXB.exe
  2⤵
  PID:5820
- C:\Windows\System\nYnMAXh.exe
  C:\Windows\System\nYnMAXh.exe
  2⤵
  PID:2828
- C:\Windows\System\xHSFQyP.exe
  C:\Windows\System\xHSFQyP.exe
  2⤵
  PID:1560
- C:\Windows\System\UEwMhUx.exe
  C:\Windows\System\UEwMhUx.exe
  2⤵
  PID:4328
- C:\Windows\System\rhlOQZI.exe
  C:\Windows\System\rhlOQZI.exe
  2⤵
  PID:6180
- C:\Windows\System\qmaSakJ.exe
  C:\Windows\System\qmaSakJ.exe
  2⤵
  PID:6244
- C:\Windows\System\ofHLNYe.exe
  C:\Windows\System\ofHLNYe.exe
  2⤵
  PID:6276
- C:\Windows\System\kwAqkcw.exe
  C:\Windows\System\kwAqkcw.exe
  2⤵
  PID:6316
- C:\Windows\System\xNjaaaW.exe
  C:\Windows\System\xNjaaaW.exe
  2⤵
  PID:6300
- C:\Windows\System\smLSXMg.exe
  C:\Windows\System\smLSXMg.exe
  2⤵
  PID:6344
- C:\Windows\System\yroLvcV.exe
  C:\Windows\System\yroLvcV.exe
  2⤵
  PID:6404
- C:\Windows\System\raotFJn.exe
  C:\Windows\System\raotFJn.exe
  2⤵
  PID:6424
- C:\Windows\System\CcMPcJf.exe
  C:\Windows\System\CcMPcJf.exe
  2⤵
  PID:6420
- C:\Windows\System\czlyTYs.exe
  C:\Windows\System\czlyTYs.exe
  2⤵
  PID:6460
- C:\Windows\System\qAhYlAs.exe
  C:\Windows\System\qAhYlAs.exe
  2⤵
  PID:6500
- C:\Windows\System\AFavTWS.exe
  C:\Windows\System\AFavTWS.exe
  2⤵
  PID:6560
- C:\Windows\System\ModXHie.exe
  C:\Windows\System\ModXHie.exe
  2⤵
  PID:6564
- C:\Windows\System\eXULmra.exe
  C:\Windows\System\eXULmra.exe
  2⤵
  PID:6580
- C:\Windows\System\oMFKOgR.exe
  C:\Windows\System\oMFKOgR.exe
  2⤵
  PID:6648
- C:\Windows\System\kkcZlHh.exe
  C:\Windows\System\kkcZlHh.exe
  2⤵
  PID:6628
- C:\Windows\System\LASQmLc.exe
  C:\Windows\System\LASQmLc.exe
  2⤵
  PID:6720
- C:\Windows\System\NDVJgwP.exe
  C:\Windows\System\NDVJgwP.exe
  2⤵
  PID:6768
- C:\Windows\System\Nnhwtwb.exe
  C:\Windows\System\Nnhwtwb.exe
  2⤵
  PID:6748
- C:\Windows\System\VtQxJls.exe
  C:\Windows\System\VtQxJls.exe
  2⤵
  PID:6464
- C:\Windows\System\BRNXKET.exe
  C:\Windows\System\BRNXKET.exe
  2⤵
  PID:6840
- C:\Windows\System\rpvrMmq.exe
  C:\Windows\System\rpvrMmq.exe
  2⤵
  PID:6884
- C:\Windows\System\IAMlQyX.exe
  C:\Windows\System\IAMlQyX.exe
  2⤵
  PID:6900
- C:\Windows\System\ByyQKAy.exe
  C:\Windows\System\ByyQKAy.exe
  2⤵
  PID:6928
- C:\Windows\System\IAimgjk.exe
  C:\Windows\System\IAimgjk.exe
  2⤵
  PID:6952
- C:\Windows\System\HLRqgko.exe
  C:\Windows\System\HLRqgko.exe
  2⤵
  PID:6992
- C:\Windows\System\iFFQTjt.exe
  C:\Windows\System\iFFQTjt.exe
  2⤵
  PID:7024
- C:\Windows\System\nLpQAHF.exe
  C:\Windows\System\nLpQAHF.exe
  2⤵
  PID:7072
- C:\Windows\System\uegEBca.exe
  C:\Windows\System\uegEBca.exe
  2⤵
  PID:7132
- C:\Windows\System\xsJzsKc.exe
  C:\Windows\System\xsJzsKc.exe
  2⤵
  PID:5308
- C:\Windows\System\ABewUUa.exe
  C:\Windows\System\ABewUUa.exe
  2⤵
  PID:4512
- C:\Windows\System\abtBpWw.exe
  C:\Windows\System\abtBpWw.exe
  2⤵
  PID:2992
- C:\Windows\System\nrNZZRC.exe
  C:\Windows\System\nrNZZRC.exe
  2⤵
  PID:5656
- C:\Windows\System\NqvPOPs.exe
  C:\Windows\System\NqvPOPs.exe
  2⤵
  PID:6048
- C:\Windows\System\JimNKVl.exe
  C:\Windows\System\JimNKVl.exe
  2⤵
  PID:5984
- C:\Windows\System\wKAOvTi.exe
  C:\Windows\System\wKAOvTi.exe
  2⤵
  PID:6196
- C:\Windows\System\GsfCcpC.exe
  C:\Windows\System\GsfCcpC.exe
  2⤵
  PID:1736
- C:\Windows\System\udVSGbT.exe
  C:\Windows\System\udVSGbT.exe
  2⤵
  PID:6416
- C:\Windows\System\TUgORoJ.exe
  C:\Windows\System\TUgORoJ.exe
  2⤵
  PID:6520
- C:\Windows\System\ggJncsM.exe
  C:\Windows\System\ggJncsM.exe
  2⤵
  PID:6504
- C:\Windows\System\eGWXEJi.exe
  C:\Windows\System\eGWXEJi.exe
  2⤵
  PID:6568
- C:\Windows\System\oODGWgH.exe
  C:\Windows\System\oODGWgH.exe
  2⤵
  PID:6744
- C:\Windows\System\yFLJTTi.exe
  C:\Windows\System\yFLJTTi.exe
  2⤵
  PID:6688
- C:\Windows\System\ClHdmXU.exe
  C:\Windows\System\ClHdmXU.exe
  2⤵
  PID:6760
- C:\Windows\System\GIZKGXv.exe
  C:\Windows\System\GIZKGXv.exe
  2⤵
  PID:6972
- C:\Windows\System\drXORyB.exe
  C:\Windows\System\drXORyB.exe
  2⤵
  PID:6800
- C:\Windows\System\grTEIJC.exe
  C:\Windows\System\grTEIJC.exe
  2⤵
  PID:6824
- C:\Windows\System\PeAPvRW.exe
  C:\Windows\System\PeAPvRW.exe
  2⤵
  PID:6984
- C:\Windows\System\hrYUlZm.exe
  C:\Windows\System\hrYUlZm.exe
  2⤵
  PID:7124
- C:\Windows\System\hHBwMwd.exe
  C:\Windows\System\hHBwMwd.exe
  2⤵
  PID:7064
- C:\Windows\System\tnfPTVA.exe
  C:\Windows\System\tnfPTVA.exe
  2⤵
  PID:1616
- C:\Windows\System\qCuoHgH.exe
  C:\Windows\System\qCuoHgH.exe
  2⤵
  PID:2876
- C:\Windows\System\zQoEsCw.exe
  C:\Windows\System\zQoEsCw.exe
  2⤵
  PID:6068
- C:\Windows\System\TOIUbbL.exe
  C:\Windows\System\TOIUbbL.exe
  2⤵
  PID:5804
- C:\Windows\System\rBDOECt.exe
  C:\Windows\System\rBDOECt.exe
  2⤵
  PID:6380
- C:\Windows\System\dZZoOJM.exe
  C:\Windows\System\dZZoOJM.exe
  2⤵
  PID:6544
- C:\Windows\System\xoAQtyj.exe
  C:\Windows\System\xoAQtyj.exe
  2⤵
  PID:6184
- C:\Windows\System\LfxwsmY.exe
  C:\Windows\System\LfxwsmY.exe
  2⤵
  PID:6680
- C:\Windows\System\TbEFoXE.exe
  C:\Windows\System\TbEFoXE.exe
  2⤵
  PID:6804
- C:\Windows\System\UuOFcUK.exe
  C:\Windows\System\UuOFcUK.exe
  2⤵
  PID:6868
- C:\Windows\System\KhjOfAe.exe
  C:\Windows\System\KhjOfAe.exe
  2⤵
  PID:6880
- C:\Windows\System\vUyafSN.exe
  C:\Windows\System\vUyafSN.exe
  2⤵
  PID:7176
- C:\Windows\System\HPMrgTB.exe
  C:\Windows\System\HPMrgTB.exe
  2⤵
  PID:7208
- C:\Windows\System\JUGfgWi.exe
  C:\Windows\System\JUGfgWi.exe
  2⤵
  PID:7224
- C:\Windows\System\ILvYpXw.exe
  C:\Windows\System\ILvYpXw.exe
  2⤵
  PID:7252
- C:\Windows\System\AzkQRIm.exe
  C:\Windows\System\AzkQRIm.exe
  2⤵
  PID:7272
- C:\Windows\System\hYnEEIt.exe
  C:\Windows\System\hYnEEIt.exe
  2⤵
  PID:7292
- C:\Windows\System\jpOoiIY.exe
  C:\Windows\System\jpOoiIY.exe
  2⤵
  PID:7312
- C:\Windows\System\KOvXDZI.exe
  C:\Windows\System\KOvXDZI.exe
  2⤵
  PID:7332
- C:\Windows\System\xVBJFXe.exe
  C:\Windows\System\xVBJFXe.exe
  2⤵
  PID:7348
- C:\Windows\System\UusqZRL.exe
  C:\Windows\System\UusqZRL.exe
  2⤵
  PID:7372
- C:\Windows\System\HWlBjsW.exe
  C:\Windows\System\HWlBjsW.exe
  2⤵
  PID:7388
- C:\Windows\System\iYghKCw.exe
  C:\Windows\System\iYghKCw.exe
  2⤵
  PID:7412
- C:\Windows\System\RInXIch.exe
  C:\Windows\System\RInXIch.exe
  2⤵
  PID:7432
- C:\Windows\System\hdBTGRC.exe
  C:\Windows\System\hdBTGRC.exe
  2⤵
  PID:7452
- C:\Windows\System\lWJWpqK.exe
  C:\Windows\System\lWJWpqK.exe
  2⤵
  PID:7468
- C:\Windows\System\PdrfXVx.exe
  C:\Windows\System\PdrfXVx.exe
  2⤵
  PID:7492
- C:\Windows\System\bnAttfB.exe
  C:\Windows\System\bnAttfB.exe
  2⤵
  PID:7508
- C:\Windows\System\NxnUEsC.exe
  C:\Windows\System\NxnUEsC.exe
  2⤵
  PID:7532
- C:\Windows\System\EUuURDH.exe
  C:\Windows\System\EUuURDH.exe
  2⤵
  PID:7552
- C:\Windows\System\FtxKyHe.exe
  C:\Windows\System\FtxKyHe.exe
  2⤵
  PID:7572
- C:\Windows\System\vmLRrfr.exe
  C:\Windows\System\vmLRrfr.exe
  2⤵
  PID:7592
- C:\Windows\System\hXhIibt.exe
  C:\Windows\System\hXhIibt.exe
  2⤵
  PID:7612
- C:\Windows\System\kUwLbTY.exe
  C:\Windows\System\kUwLbTY.exe
  2⤵
  PID:7636
- C:\Windows\System\NrkAnwK.exe
  C:\Windows\System\NrkAnwK.exe
  2⤵
  PID:7656
- C:\Windows\System\uuQDnnB.exe
  C:\Windows\System\uuQDnnB.exe
  2⤵
  PID:7676
- C:\Windows\System\DxouVSM.exe
  C:\Windows\System\DxouVSM.exe
  2⤵
  PID:7696
- C:\Windows\System\yyhyVAO.exe
  C:\Windows\System\yyhyVAO.exe
  2⤵
  PID:7716
- C:\Windows\System\YntiPrK.exe
  C:\Windows\System\YntiPrK.exe
  2⤵
  PID:7736
- C:\Windows\System\GTgqJEd.exe
  C:\Windows\System\GTgqJEd.exe
  2⤵
  PID:7756
- C:\Windows\System\xGlGzAG.exe
  C:\Windows\System\xGlGzAG.exe
  2⤵
  PID:7776
- C:\Windows\System\pgdTRQM.exe
  C:\Windows\System\pgdTRQM.exe
  2⤵
  PID:7796
- C:\Windows\System\fKcqpfV.exe
  C:\Windows\System\fKcqpfV.exe
  2⤵
  PID:7816
- C:\Windows\System\VDcntKx.exe
  C:\Windows\System\VDcntKx.exe
  2⤵
  PID:7832
- C:\Windows\System\DWmJaUu.exe
  C:\Windows\System\DWmJaUu.exe
  2⤵
  PID:7856
- C:\Windows\System\PurNIhu.exe
  C:\Windows\System\PurNIhu.exe
  2⤵
  PID:7876
- C:\Windows\System\bbGMdjd.exe
  C:\Windows\System\bbGMdjd.exe
  2⤵
  PID:7892
- C:\Windows\System\iGUdCzV.exe
  C:\Windows\System\iGUdCzV.exe
  2⤵
  PID:7912
- C:\Windows\System\bHTRium.exe
  C:\Windows\System\bHTRium.exe
  2⤵
  PID:7936
- C:\Windows\System\PzjbKgX.exe
  C:\Windows\System\PzjbKgX.exe
  2⤵
  PID:7956
- C:\Windows\System\bMXhpEB.exe
  C:\Windows\System\bMXhpEB.exe
  2⤵
  PID:7976
- C:\Windows\System\teWBUxx.exe
  C:\Windows\System\teWBUxx.exe
  2⤵
  PID:7996
- C:\Windows\System\dNbvncD.exe
  C:\Windows\System\dNbvncD.exe
  2⤵
  PID:8016
- C:\Windows\System\wUEmMdp.exe
  C:\Windows\System\wUEmMdp.exe
  2⤵
  PID:8036
- C:\Windows\System\rBrzWrY.exe
  C:\Windows\System\rBrzWrY.exe
  2⤵
  PID:8052
- C:\Windows\System\LYLyFqa.exe
  C:\Windows\System\LYLyFqa.exe
  2⤵
  PID:8080
- C:\Windows\System\PgJMraI.exe
  C:\Windows\System\PgJMraI.exe
  2⤵
  PID:8100
- C:\Windows\System\CYdkTqg.exe
  C:\Windows\System\CYdkTqg.exe
  2⤵
  PID:8120
- C:\Windows\System\iNQhIMI.exe
  C:\Windows\System\iNQhIMI.exe
  2⤵
  PID:8136
- C:\Windows\System\eKseiLq.exe
  C:\Windows\System\eKseiLq.exe
  2⤵
  PID:8160
- C:\Windows\System\DmUdIOd.exe
  C:\Windows\System\DmUdIOd.exe
  2⤵
  PID:8180
- C:\Windows\System\qZJPHQx.exe
  C:\Windows\System\qZJPHQx.exe
  2⤵
  PID:6912
- C:\Windows\System\YbReIDk.exe
  C:\Windows\System\YbReIDk.exe
  2⤵
  PID:7028
- C:\Windows\System\rlnEGeh.exe
  C:\Windows\System\rlnEGeh.exe
  2⤵
  PID:5412
- C:\Windows\System\arzoshE.exe
  C:\Windows\System\arzoshE.exe
  2⤵
  PID:4452
- C:\Windows\System\WxrhieE.exe
  C:\Windows\System\WxrhieE.exe
  2⤵
  PID:2756
- C:\Windows\System\KcGeKas.exe
  C:\Windows\System\KcGeKas.exe
  2⤵
  PID:6468
- C:\Windows\System\wtXFpTR.exe
  C:\Windows\System\wtXFpTR.exe
  2⤵
  PID:6484
- C:\Windows\System\hQXspNz.exe
  C:\Windows\System\hQXspNz.exe
  2⤵
  PID:6708
- C:\Windows\System\HFtpbNO.exe
  C:\Windows\System\HFtpbNO.exe
  2⤵
  PID:7204
- C:\Windows\System\BbQSdXO.exe
  C:\Windows\System\BbQSdXO.exe
  2⤵
  PID:7236
- C:\Windows\System\IkyDLkX.exe
  C:\Windows\System\IkyDLkX.exe
  2⤵
  PID:7216
- C:\Windows\System\wuPYPud.exe
  C:\Windows\System\wuPYPud.exe
  2⤵
  PID:7288
- C:\Windows\System\UdUcLnU.exe
  C:\Windows\System\UdUcLnU.exe
  2⤵
  PID:7308
- C:\Windows\System\QBFoZRz.exe
  C:\Windows\System\QBFoZRz.exe
  2⤵
  PID:7368
- C:\Windows\System\POaoBGM.exe
  C:\Windows\System\POaoBGM.exe
  2⤵
  PID:7404
- C:\Windows\System\uZCycNc.exe
  C:\Windows\System\uZCycNc.exe
  2⤵
  PID:7420
- C:\Windows\System\ENkxHNE.exe
  C:\Windows\System\ENkxHNE.exe
  2⤵
  PID:7424
- C:\Windows\System\egDTwQb.exe
  C:\Windows\System\egDTwQb.exe
  2⤵
  PID:7516
- C:\Windows\System\reokVQs.exe
  C:\Windows\System\reokVQs.exe
  2⤵
  PID:7528
- C:\Windows\System\zppStNo.exe
  C:\Windows\System\zppStNo.exe
  2⤵
  PID:7540
- C:\Windows\System\ifKvSuv.exe
  C:\Windows\System\ifKvSuv.exe
  2⤵
  PID:7564
- C:\Windows\System\WsGboEH.exe
  C:\Windows\System\WsGboEH.exe
  2⤵
  PID:7580
- C:\Windows\System\WwdheIY.exe
  C:\Windows\System\WwdheIY.exe
  2⤵
  PID:7620
- C:\Windows\System\NiSUTFu.exe
  C:\Windows\System\NiSUTFu.exe
  2⤵
  PID:7672
- C:\Windows\System\YDBLGLO.exe
  C:\Windows\System\YDBLGLO.exe
  2⤵
  PID:7724
- C:\Windows\System\LDdoGAD.exe
  C:\Windows\System\LDdoGAD.exe
  2⤵
  PID:7768
- C:\Windows\System\pzALJXy.exe
  C:\Windows\System\pzALJXy.exe
  2⤵
  PID:2388
- C:\Windows\System\cORniPM.exe
  C:\Windows\System\cORniPM.exe
  2⤵
  PID:7804
- C:\Windows\System\DkWqFkJ.exe
  C:\Windows\System\DkWqFkJ.exe
  2⤵
  PID:7840
- C:\Windows\System\ILImyTN.exe
  C:\Windows\System\ILImyTN.exe
  2⤵
  PID:7888
- C:\Windows\System\gruHjFI.exe
  C:\Windows\System\gruHjFI.exe
  2⤵
  PID:7828
- C:\Windows\System\JhlsOoT.exe
  C:\Windows\System\JhlsOoT.exe
  2⤵
  PID:7908
- C:\Windows\System\KlapBuq.exe
  C:\Windows\System\KlapBuq.exe
  2⤵
  PID:7948
- C:\Windows\System\CDZkTPH.exe
  C:\Windows\System\CDZkTPH.exe
  2⤵
  PID:8004
- C:\Windows\System\ETVrKBE.exe
  C:\Windows\System\ETVrKBE.exe
  2⤵
  PID:7988
- C:\Windows\System\evZwNIt.exe
  C:\Windows\System\evZwNIt.exe
  2⤵
  PID:8032
- C:\Windows\System\oadWDmH.exe
  C:\Windows\System\oadWDmH.exe
  2⤵
  PID:8088
- C:\Windows\System\rGKbpMq.exe
  C:\Windows\System\rGKbpMq.exe
  2⤵
  PID:8092
- C:\Windows\System\erxsUDb.exe
  C:\Windows\System\erxsUDb.exe
  2⤵
  PID:8112
- C:\Windows\System\oIgWJVS.exe
  C:\Windows\System\oIgWJVS.exe
  2⤵
  PID:8144
- C:\Windows\System\pKjSACm.exe
  C:\Windows\System\pKjSACm.exe
  2⤵
  PID:8188
- C:\Windows\System\TVVroOr.exe
  C:\Windows\System\TVVroOr.exe
  2⤵
  PID:5344
- C:\Windows\System\QpDUOgL.exe
  C:\Windows\System\QpDUOgL.exe
  2⤵
  PID:6024
- C:\Windows\System\oneRSev.exe
  C:\Windows\System\oneRSev.exe
  2⤵
  PID:6336
- C:\Windows\System\SZCGnCO.exe
  C:\Windows\System\SZCGnCO.exe
  2⤵
  PID:6784
- C:\Windows\System\NLSgQtl.exe
  C:\Windows\System\NLSgQtl.exe
  2⤵
  PID:6864
- C:\Windows\System\xKVQwPZ.exe
  C:\Windows\System\xKVQwPZ.exe
  2⤵
  PID:7044
- C:\Windows\System\AJVAwXr.exe
  C:\Windows\System\AJVAwXr.exe
  2⤵
  PID:8068
- C:\Windows\System\tFYRrGZ.exe
  C:\Windows\System\tFYRrGZ.exe
  2⤵
  PID:7364
- C:\Windows\System\CmUjnKE.exe
  C:\Windows\System\CmUjnKE.exe
  2⤵
  PID:7300
- C:\Windows\System\dXMfiCM.exe
  C:\Windows\System\dXMfiCM.exe
  2⤵
  PID:2364
- C:\Windows\System\AUxFdgv.exe
  C:\Windows\System\AUxFdgv.exe
  2⤵
  PID:7340
- C:\Windows\System\CFMgbjs.exe
  C:\Windows\System\CFMgbjs.exe
  2⤵
  PID:7428
- C:\Windows\System\lWypNCM.exe
  C:\Windows\System\lWypNCM.exe
  2⤵
  PID:7464
- C:\Windows\System\MbkqrJq.exe
  C:\Windows\System\MbkqrJq.exe
  2⤵
  PID:7604
- C:\Windows\System\UVBCggb.exe
  C:\Windows\System\UVBCggb.exe
  2⤵
  PID:7624
- C:\Windows\System\nWivJCU.exe
  C:\Windows\System\nWivJCU.exe
  2⤵
  PID:7584
- C:\Windows\System\jZgQryR.exe
  C:\Windows\System\jZgQryR.exe
  2⤵
  PID:276
- C:\Windows\System\MflyEIe.exe
  C:\Windows\System\MflyEIe.exe
  2⤵
  PID:7772
- C:\Windows\System\cHoMOvl.exe
  C:\Windows\System\cHoMOvl.exe
  2⤵
  PID:7668
- C:\Windows\System\astVuvX.exe
  C:\Windows\System\astVuvX.exe
  2⤵
  PID:7808
- C:\Windows\System\kMHnCwT.exe
  C:\Windows\System\kMHnCwT.exe
  2⤵
  PID:7788
- C:\Windows\System\zWmmsmq.exe
  C:\Windows\System\zWmmsmq.exe
  2⤵
  PID:2708
- C:\Windows\System\XGDlAAE.exe
  C:\Windows\System\XGDlAAE.exe
  2⤵
  PID:7824
- C:\Windows\System\ntRSnvh.exe
  C:\Windows\System\ntRSnvh.exe
  2⤵
  PID:8060
- C:\Windows\System\jaYYYbd.exe
  C:\Windows\System\jaYYYbd.exe
  2⤵
  PID:7992
- C:\Windows\System\uBQcxgb.exe
  C:\Windows\System\uBQcxgb.exe
  2⤵
  PID:8176
- C:\Windows\System\KyMfIbS.exe
  C:\Windows\System\KyMfIbS.exe
  2⤵
  PID:1612
- C:\Windows\System\nDBGvOB.exe
  C:\Windows\System\nDBGvOB.exe
  2⤵
  PID:6932
- C:\Windows\System\DSAnAlN.exe
  C:\Windows\System\DSAnAlN.exe
  2⤵
  PID:6176
- C:\Windows\System\ysTeZyf.exe
  C:\Windows\System\ysTeZyf.exe
  2⤵
  PID:5924
- C:\Windows\System\xWeBiEW.exe
  C:\Windows\System\xWeBiEW.exe
  2⤵
  PID:6620
- C:\Windows\System\smdZPaZ.exe
  C:\Windows\System\smdZPaZ.exe
  2⤵
  PID:7264
- C:\Windows\System\ExItQCd.exe
  C:\Windows\System\ExItQCd.exe
  2⤵
  PID:7188
- C:\Windows\System\rXiFytP.exe
  C:\Windows\System\rXiFytP.exe
  2⤵
  PID:7328
- C:\Windows\System\xtqvkzI.exe
  C:\Windows\System\xtqvkzI.exe
  2⤵
  PID:7484
- C:\Windows\System\MYgTdMW.exe
  C:\Windows\System\MYgTdMW.exe
  2⤵
  PID:7384
- C:\Windows\System\gkhFnNC.exe
  C:\Windows\System\gkhFnNC.exe
  2⤵
  PID:2168
- C:\Windows\System\vBUDOpR.exe
  C:\Windows\System\vBUDOpR.exe
  2⤵
  PID:7600
- C:\Windows\System\UBzNoSU.exe
  C:\Windows\System\UBzNoSU.exe
  2⤵
  PID:560
- C:\Windows\System\BfdVqmE.exe
  C:\Windows\System\BfdVqmE.exe
  2⤵
  PID:7784
- C:\Windows\System\HpHfNdB.exe
  C:\Windows\System\HpHfNdB.exe
  2⤵
  PID:2300
- C:\Windows\System\GWAfFvv.exe
  C:\Windows\System\GWAfFvv.exe
  2⤵
  PID:7712
- C:\Windows\System\QhjZtJy.exe
  C:\Windows\System\QhjZtJy.exe
  2⤵
  PID:7872
- C:\Windows\System\twfWNpG.exe
  C:\Windows\System\twfWNpG.exe
  2⤵
  PID:7932
- C:\Windows\System\oRJNNiU.exe
  C:\Windows\System\oRJNNiU.exe
  2⤵
  PID:7984
- C:\Windows\System\cfxGsTo.exe
  C:\Windows\System\cfxGsTo.exe
  2⤵
  PID:8024
- C:\Windows\System\jccQERy.exe
  C:\Windows\System\jccQERy.exe
  2⤵
  PID:1180
- C:\Windows\System\QaRHxib.exe
  C:\Windows\System\QaRHxib.exe
  2⤵
  PID:2892
- C:\Windows\System\ECPvDNl.exe
  C:\Windows\System\ECPvDNl.exe
  2⤵
  PID:7152
- C:\Windows\System\LPoOGnk.exe
  C:\Windows\System\LPoOGnk.exe
  2⤵
  PID:8156
- C:\Windows\System\HPbsIWw.exe
  C:\Windows\System\HPbsIWw.exe
  2⤵
  PID:7084
- C:\Windows\System\BwEHbDk.exe
  C:\Windows\System\BwEHbDk.exe
  2⤵
  PID:2860
- C:\Windows\System\PvozWqG.exe
  C:\Windows\System\PvozWqG.exe
  2⤵
  PID:6808
- C:\Windows\System\FLUauBF.exe
  C:\Windows\System\FLUauBF.exe
  2⤵
  PID:2796
- C:\Windows\System\CCiHoHd.exe
  C:\Windows\System\CCiHoHd.exe
  2⤵
  PID:7524
- C:\Windows\System\JwZuBEn.exe
  C:\Windows\System\JwZuBEn.exe
  2⤵
  PID:2384
- C:\Windows\System\QHKaDGk.exe
  C:\Windows\System\QHKaDGk.exe
  2⤵
  PID:1480
- C:\Windows\System\TGlvgDz.exe
  C:\Windows\System\TGlvgDz.exe
  2⤵
  PID:7792
- C:\Windows\System\ryjtuzR.exe
  C:\Windows\System\ryjtuzR.exe
  2⤵
  PID:7744
- C:\Windows\System\BkkJFfl.exe
  C:\Windows\System\BkkJFfl.exe
  2⤵
  PID:7968
- C:\Windows\System\wqDFjLU.exe
  C:\Windows\System\wqDFjLU.exe
  2⤵
  PID:2252
- C:\Windows\System\JsomXMl.exe
  C:\Windows\System\JsomXMl.exe
  2⤵
  PID:8044
- C:\Windows\System\XMKQCvN.exe
  C:\Windows\System\XMKQCvN.exe
  2⤵
  PID:6160
- C:\Windows\System\mBsNyZr.exe
  C:\Windows\System\mBsNyZr.exe
  2⤵
  PID:7260
- C:\Windows\System\vXidsNr.exe
  C:\Windows\System\vXidsNr.exe
  2⤵
  PID:7380
- C:\Windows\System\cVhGrPh.exe
  C:\Windows\System\cVhGrPh.exe
  2⤵
  PID:7728
- C:\Windows\System\PboVmeW.exe
  C:\Windows\System\PboVmeW.exe
  2⤵
  PID:2056
- C:\Windows\System\IqVeQNg.exe
  C:\Windows\System\IqVeQNg.exe
  2⤵
  PID:7644
- C:\Windows\System\amcIcvO.exe
  C:\Windows\System\amcIcvO.exe
  2⤵
  PID:1752
- C:\Windows\System\dUHBxKN.exe
  C:\Windows\System\dUHBxKN.exe
  2⤵
  PID:1728
- C:\Windows\System\XdcCeOO.exe
  C:\Windows\System\XdcCeOO.exe
  2⤵
  PID:1164
- C:\Windows\System\lDpXmcl.exe
  C:\Windows\System\lDpXmcl.exe
  2⤵
  PID:6944
- C:\Windows\System\aREjPOZ.exe
  C:\Windows\System\aREjPOZ.exe
  2⤵
  PID:1868
- C:\Windows\System\yWIbhBc.exe
  C:\Windows\System\yWIbhBc.exe
  2⤵
  PID:3060
- C:\Windows\System\OEruxcG.exe
  C:\Windows\System\OEruxcG.exe
  2⤵
  PID:7396
- C:\Windows\System\JmxZrXo.exe
  C:\Windows\System\JmxZrXo.exe
  2⤵
  PID:6384
- C:\Windows\System\eNYZbtl.exe
  C:\Windows\System\eNYZbtl.exe
  2⤵
  PID:6764
- C:\Windows\System\Iwjrhqu.exe
  C:\Windows\System\Iwjrhqu.exe
  2⤵
  PID:7240
- C:\Windows\System\mFDcWgb.exe
  C:\Windows\System\mFDcWgb.exe
  2⤵
  PID:1608
- C:\Windows\System\QirvOeQ.exe
  C:\Windows\System\QirvOeQ.exe
  2⤵
  PID:2368
- C:\Windows\System\cQzhisx.exe
  C:\Windows\System\cQzhisx.exe
  2⤵
  PID:2124
- C:\Windows\System\PALbHdP.exe
  C:\Windows\System\PALbHdP.exe
  2⤵
  PID:2600
- C:\Windows\System\ZZRZzVZ.exe
  C:\Windows\System\ZZRZzVZ.exe
  2⤵
  PID:5696
- C:\Windows\System\dqlqYZB.exe
  C:\Windows\System\dqlqYZB.exe
  2⤵
  PID:8072
- C:\Windows\System\RtQjcQD.exe
  C:\Windows\System\RtQjcQD.exe
  2⤵
  PID:1712
- C:\Windows\System\IhtnZOd.exe
  C:\Windows\System\IhtnZOd.exe
  2⤵
  PID:1636
- C:\Windows\System\OMxYgRV.exe
  C:\Windows\System\OMxYgRV.exe
  2⤵
  PID:2148
- C:\Windows\System\ynwEDFK.exe
  C:\Windows\System\ynwEDFK.exe
  2⤵
  PID:2276
- C:\Windows\System\XoHjfMR.exe
  C:\Windows\System\XoHjfMR.exe
  2⤵
  PID:1912
- C:\Windows\System\AusVESy.exe
  C:\Windows\System\AusVESy.exe
  2⤵
  PID:7148
- C:\Windows\System\zSWaqXX.exe
  C:\Windows\System\zSWaqXX.exe
  2⤵
  PID:1644
- C:\Windows\System\DZTshsp.exe
  C:\Windows\System\DZTshsp.exe
  2⤵
  PID:7400
- C:\Windows\System\iKpeOlX.exe
  C:\Windows\System\iKpeOlX.exe
  2⤵
  PID:8200
- C:\Windows\System\rDJcvmM.exe
  C:\Windows\System\rDJcvmM.exe
  2⤵
  PID:8224
- C:\Windows\System\vtQlHfh.exe
  C:\Windows\System\vtQlHfh.exe
  2⤵
  PID:8244
- C:\Windows\System\iezIAOV.exe
  C:\Windows\System\iezIAOV.exe
  2⤵
  PID:8264
- C:\Windows\System\IbaBQHD.exe
  C:\Windows\System\IbaBQHD.exe
  2⤵
  PID:8280
- C:\Windows\System\DDuClaJ.exe
  C:\Windows\System\DDuClaJ.exe
  2⤵
  PID:8308
- C:\Windows\System\mTWbISf.exe
  C:\Windows\System\mTWbISf.exe
  2⤵
  PID:8324
- C:\Windows\System\YrRbVuX.exe
  C:\Windows\System\YrRbVuX.exe
  2⤵
  PID:8340
- C:\Windows\System\lQEEctC.exe
  C:\Windows\System\lQEEctC.exe
  2⤵
  PID:8356
- C:\Windows\System\PDSuscq.exe
  C:\Windows\System\PDSuscq.exe
  2⤵
  PID:8372
- C:\Windows\System\daHqVHV.exe
  C:\Windows\System\daHqVHV.exe
  2⤵
  PID:8388
- C:\Windows\System\hUckRco.exe
  C:\Windows\System\hUckRco.exe
  2⤵
  PID:8404
- C:\Windows\System\phZnIFB.exe
  C:\Windows\System\phZnIFB.exe
  2⤵
  PID:8420
- C:\Windows\System\eIHUMNP.exe
  C:\Windows\System\eIHUMNP.exe
  2⤵
  PID:8436
- C:\Windows\System\yJOgqRT.exe
  C:\Windows\System\yJOgqRT.exe
  2⤵
  PID:8452
- C:\Windows\System\UpWOBar.exe
  C:\Windows\System\UpWOBar.exe
  2⤵
  PID:8468
- C:\Windows\System\ELGqaId.exe
  C:\Windows\System\ELGqaId.exe
  2⤵
  PID:8484
- C:\Windows\System\ZVPLhrs.exe
  C:\Windows\System\ZVPLhrs.exe
  2⤵
  PID:8500
- C:\Windows\System\UoNoKwn.exe
  C:\Windows\System\UoNoKwn.exe
  2⤵
  PID:8516
- C:\Windows\System\SbzGwkl.exe
  C:\Windows\System\SbzGwkl.exe
  2⤵
  PID:8532
- C:\Windows\System\ZlbjTbv.exe
  C:\Windows\System\ZlbjTbv.exe
  2⤵
  PID:8548
- C:\Windows\System\MBrLHuk.exe
  C:\Windows\System\MBrLHuk.exe
  2⤵
  PID:8564
- C:\Windows\System\KHmBIoE.exe
  C:\Windows\System\KHmBIoE.exe
  2⤵
  PID:8580
- C:\Windows\System\PVDIoAa.exe
  C:\Windows\System\PVDIoAa.exe
  2⤵
  PID:8596
- C:\Windows\System\UQfzOHk.exe
  C:\Windows\System\UQfzOHk.exe
  2⤵
  PID:8612
- C:\Windows\System\StUaIKC.exe
  C:\Windows\System\StUaIKC.exe
  2⤵
  PID:8628
- C:\Windows\System\yoGlLdp.exe
  C:\Windows\System\yoGlLdp.exe
  2⤵
  PID:8644
- C:\Windows\System\nZksFSF.exe
  C:\Windows\System\nZksFSF.exe
  2⤵
  PID:8660
- C:\Windows\System\hUkdxxg.exe
  C:\Windows\System\hUkdxxg.exe
  2⤵
  PID:8676
- C:\Windows\System\HiFybZW.exe
  C:\Windows\System\HiFybZW.exe
  2⤵
  PID:8692
- C:\Windows\System\QNluVHc.exe
  C:\Windows\System\QNluVHc.exe
  2⤵
  PID:8708
- C:\Windows\System\xaHqdZn.exe
  C:\Windows\System\xaHqdZn.exe
  2⤵
  PID:8724
- C:\Windows\System\yxohtSS.exe
  C:\Windows\System\yxohtSS.exe
  2⤵
  PID:8740
- C:\Windows\System\kYYtVTZ.exe
  C:\Windows\System\kYYtVTZ.exe
  2⤵
  PID:8756
- C:\Windows\System\UiopDWK.exe
  C:\Windows\System\UiopDWK.exe
  2⤵
  PID:8772
- C:\Windows\System\GlgLVDK.exe
  C:\Windows\System\GlgLVDK.exe
  2⤵
  PID:8788
- C:\Windows\System\fRZrZPL.exe
  C:\Windows\System\fRZrZPL.exe
  2⤵
  PID:8804
- C:\Windows\System\dCSVMKZ.exe
  C:\Windows\System\dCSVMKZ.exe
  2⤵
  PID:8820
- C:\Windows\System\yvnhVEg.exe
  C:\Windows\System\yvnhVEg.exe
  2⤵
  PID:8840
- C:\Windows\System\eaIPDjs.exe
  C:\Windows\System\eaIPDjs.exe
  2⤵
  PID:8856
- C:\Windows\System\NDJeIZB.exe
  C:\Windows\System\NDJeIZB.exe
  2⤵
  PID:8872
- C:\Windows\System\FGCPVnD.exe
  C:\Windows\System\FGCPVnD.exe
  2⤵
  PID:8888
- C:\Windows\System\UniGclG.exe
  C:\Windows\System\UniGclG.exe
  2⤵
  PID:8904
- C:\Windows\System\IesPRZu.exe
  C:\Windows\System\IesPRZu.exe
  2⤵
  PID:8920
- C:\Windows\System\lfMzdVa.exe
  C:\Windows\System\lfMzdVa.exe
  2⤵
  PID:8936
- C:\Windows\System\ZvOyJsA.exe
  C:\Windows\System\ZvOyJsA.exe
  2⤵
  PID:8952
- C:\Windows\System\UkTsMZJ.exe
  C:\Windows\System\UkTsMZJ.exe
  2⤵
  PID:8968
- C:\Windows\System\RmkEgpP.exe
  C:\Windows\System\RmkEgpP.exe
  2⤵
  PID:8984
- C:\Windows\System\JyVnkmz.exe
  C:\Windows\System\JyVnkmz.exe
  2⤵
  PID:9000
- C:\Windows\System\vIMQRZB.exe
  C:\Windows\System\vIMQRZB.exe
  2⤵
  PID:9016
- C:\Windows\System\icbIIHd.exe
  C:\Windows\System\icbIIHd.exe
  2⤵
  PID:9032
- C:\Windows\System\nAzuWiZ.exe
  C:\Windows\System\nAzuWiZ.exe
  2⤵
  PID:9048
- C:\Windows\System\ZyXAXWM.exe
  C:\Windows\System\ZyXAXWM.exe
  2⤵
  PID:9064
- C:\Windows\System\xjHQOqN.exe
  C:\Windows\System\xjHQOqN.exe
  2⤵
  PID:9080
- C:\Windows\System\CHqPKpR.exe
  C:\Windows\System\CHqPKpR.exe
  2⤵
  PID:9096
- C:\Windows\System\OonPzwu.exe
  C:\Windows\System\OonPzwu.exe
  2⤵
  PID:9112
- C:\Windows\System\LXxCqsf.exe
  C:\Windows\System\LXxCqsf.exe
  2⤵
  PID:9128
- C:\Windows\System\KkpRUwk.exe
  C:\Windows\System\KkpRUwk.exe
  2⤵
  PID:9144
- C:\Windows\System\TbDxApX.exe
  C:\Windows\System\TbDxApX.exe
  2⤵
  PID:9160
- C:\Windows\System\ziuAPLY.exe
  C:\Windows\System\ziuAPLY.exe
  2⤵
  PID:9176
- C:\Windows\System\XjsmIvw.exe
  C:\Windows\System\XjsmIvw.exe
  2⤵
  PID:9192
- C:\Windows\System\wlEaTou.exe
  C:\Windows\System\wlEaTou.exe
  2⤵
  PID:9208
- C:\Windows\System\sQtWyMD.exe
  C:\Windows\System\sQtWyMD.exe
  2⤵
  PID:2864
- C:\Windows\System\HDbGzTY.exe
  C:\Windows\System\HDbGzTY.exe
  2⤵
  PID:8220
- C:\Windows\System\QfVcFjm.exe
  C:\Windows\System\QfVcFjm.exe
  2⤵
  PID:8260
- C:\Windows\System\ZUHLMTU.exe
  C:\Windows\System\ZUHLMTU.exe
  2⤵
  PID:8196
- C:\Windows\System\LCpHole.exe
  C:\Windows\System\LCpHole.exe
  2⤵
  PID:8232
- C:\Windows\System\qLNtlye.exe
  C:\Windows\System\qLNtlye.exe
  2⤵
  PID:8272
- C:\Windows\System\otVZGlM.exe
  C:\Windows\System\otVZGlM.exe
  2⤵
  PID:8364
- C:\Windows\System\WRoBUrP.exe
  C:\Windows\System\WRoBUrP.exe
  2⤵
  PID:8316
- C:\Windows\System\DNgkZjl.exe
  C:\Windows\System\DNgkZjl.exe
  2⤵
  PID:8384
- C:\Windows\System\wxvgfvj.exe
  C:\Windows\System\wxvgfvj.exe
  2⤵
  PID:8412
- C:\Windows\System\RFvKOoP.exe
  C:\Windows\System\RFvKOoP.exe
  2⤵
  PID:8448
- C:\Windows\System\fANuYSP.exe
  C:\Windows\System\fANuYSP.exe
  2⤵
  PID:8524
- C:\Windows\System\PhDutbo.exe
  C:\Windows\System\PhDutbo.exe
  2⤵
  PID:8528
- C:\Windows\System\WJLywFq.exe
  C:\Windows\System\WJLywFq.exe
  2⤵
  PID:8544
- C:\Windows\System\PugDmCS.exe
  C:\Windows\System\PugDmCS.exe
  2⤵
  PID:8588
- C:\Windows\System\kPpxQwM.exe
  C:\Windows\System\kPpxQwM.exe
  2⤵
  PID:8624
- C:\Windows\System\wBzEeAA.exe
  C:\Windows\System\wBzEeAA.exe
  2⤵
  PID:8640
- C:\Windows\System\LZFDwNs.exe
  C:\Windows\System\LZFDwNs.exe
  2⤵
  PID:8684
- C:\Windows\System\iOLhzej.exe
  C:\Windows\System\iOLhzej.exe
  2⤵
  PID:8720
- C:\Windows\System\jzmFwJD.exe
  C:\Windows\System\jzmFwJD.exe
  2⤵
  PID:8736
- C:\Windows\System\HtFFBMB.exe
  C:\Windows\System\HtFFBMB.exe
  2⤵
  PID:8768
- C:\Windows\System\aJVUSdt.exe
  C:\Windows\System\aJVUSdt.exe
  2⤵
  PID:8816
- C:\Windows\System\iLznZms.exe
  C:\Windows\System\iLznZms.exe
  2⤵
  PID:8836
- C:\Windows\System\qwRzgQZ.exe
  C:\Windows\System\qwRzgQZ.exe
  2⤵
  PID:8916
- C:\Windows\System\VrajOrr.exe
  C:\Windows\System\VrajOrr.exe
  2⤵
  PID:8868
- C:\Windows\System\pBrSqSC.exe
  C:\Windows\System\pBrSqSC.exe
  2⤵
  PID:8944
- C:\Windows\System\oLCauVg.exe
  C:\Windows\System\oLCauVg.exe
  2⤵
  PID:8296
- C:\Windows\System\nIpaMxu.exe
  C:\Windows\System\nIpaMxu.exe
  2⤵
  PID:8996
- C:\Windows\System\cYdyFkJ.exe
  C:\Windows\System\cYdyFkJ.exe
  2⤵
  PID:9040
- C:\Windows\System\HPyeNsk.exe
  C:\Windows\System\HPyeNsk.exe
  2⤵
  PID:9104
- C:\Windows\System\zYvZhjb.exe
  C:\Windows\System\zYvZhjb.exe
  2⤵
  PID:9120
- C:\Windows\System\uEIAimD.exe
  C:\Windows\System\uEIAimD.exe
  2⤵
  PID:9124
- C:\Windows\System\lgtZyZK.exe
  C:\Windows\System\lgtZyZK.exe
  2⤵
  PID:9188
- C:\Windows\System\NDQWjlj.exe
  C:\Windows\System\NDQWjlj.exe
  2⤵
  PID:8208
- C:\Windows\System\jdHswhC.exe
  C:\Windows\System\jdHswhC.exe
  2⤵
  PID:6844
- C:\Windows\System\QEqcMHV.exe
  C:\Windows\System\QEqcMHV.exe
  2⤵
  PID:8240
- C:\Windows\System\bVkUtUv.exe
  C:\Windows\System\bVkUtUv.exe
  2⤵
  PID:2072
- C:\Windows\System\wvbsEwu.exe
  C:\Windows\System\wvbsEwu.exe
  2⤵
  PID:8380
- C:\Windows\System\POwtYel.exe
  C:\Windows\System\POwtYel.exe
  2⤵
  PID:8492
- C:\Windows\System\pFKgOhK.exe
  C:\Windows\System\pFKgOhK.exe
  2⤵
  PID:8444
- C:\Windows\System\dPjSWDa.exe
  C:\Windows\System\dPjSWDa.exe
  2⤵
  PID:8480
- C:\Windows\System\xOwEFCI.exe
  C:\Windows\System\xOwEFCI.exe
  2⤵
  PID:8800
- C:\Windows\System\iKNLYCg.exe
  C:\Windows\System\iKNLYCg.exe
  2⤵
  PID:9060
- C:\Windows\System\NXSdmdd.exe
  C:\Windows\System\NXSdmdd.exe
  2⤵
  PID:8332
- C:\Windows\System\Enftrzn.exe
  C:\Windows\System\Enftrzn.exe
  2⤵
  PID:8256
- C:\Windows\System\UKmagWo.exe
  C:\Windows\System\UKmagWo.exe
  2⤵
  PID:8396
- C:\Windows\System\dRuwqtd.exe
  C:\Windows\System\dRuwqtd.exe
  2⤵
  PID:7184
- C:\Windows\System\jlIkiqW.exe
  C:\Windows\System\jlIkiqW.exe
  2⤵
  PID:8604
- C:\Windows\System\KXkGEND.exe
  C:\Windows\System\KXkGEND.exe
  2⤵
  PID:1080
- C:\Windows\System\kKUHYAV.exe
  C:\Windows\System\kKUHYAV.exe
  2⤵
  PID:948
- C:\Windows\System\KQhgloC.exe
  C:\Windows\System\KQhgloC.exe
  2⤵
  PID:8848
- C:\Windows\System\TvhKfGI.exe
  C:\Windows\System\TvhKfGI.exe
  2⤵
  PID:8912
- C:\Windows\System\vIGPnic.exe
  C:\Windows\System\vIGPnic.exe
  2⤵
  PID:8828
- C:\Windows\System\ETyPLWz.exe
  C:\Windows\System\ETyPLWz.exe
  2⤵
  PID:8796
- C:\Windows\System\uozuOne.exe
  C:\Windows\System\uozuOne.exe
  2⤵
  PID:8960
- C:\Windows\System\Yjjbxeo.exe
  C:\Windows\System\Yjjbxeo.exe
  2⤵
  PID:2292
- C:\Windows\System\vpYpYnr.exe
  C:\Windows\System\vpYpYnr.exe
  2⤵
  PID:8964
- C:\Windows\System\SeFetmG.exe
  C:\Windows\System\SeFetmG.exe
  2⤵
  PID:6164
- C:\Windows\System\PjFEYvF.exe
  C:\Windows\System\PjFEYvF.exe
  2⤵
  PID:8540
- C:\Windows\System\XKjExMd.exe
  C:\Windows\System\XKjExMd.exe
  2⤵
  PID:2236
- C:\Windows\System\hgjodxe.exe
  C:\Windows\System\hgjodxe.exe
  2⤵
  PID:960
- C:\Windows\System\eHPfvxo.exe
  C:\Windows\System\eHPfvxo.exe
  2⤵
  PID:8932
- C:\Windows\System\TEVmvbD.exe
  C:\Windows\System\TEVmvbD.exe
  2⤵
  PID:8992
- C:\Windows\System\aOadupo.exe
  C:\Windows\System\aOadupo.exe
  2⤵
  PID:2484
- C:\Windows\System\lvlixqX.exe
  C:\Windows\System\lvlixqX.exe
  2⤵
  PID:9224
- C:\Windows\System\EMhFycR.exe
  C:\Windows\System\EMhFycR.exe
  2⤵
  PID:9240
- C:\Windows\System\DaUMHWy.exe
  C:\Windows\System\DaUMHWy.exe
  2⤵
  PID:9256
- C:\Windows\System\yqbSWWr.exe
  C:\Windows\System\yqbSWWr.exe
  2⤵
  PID:9272
- C:\Windows\System\hshghjo.exe
  C:\Windows\System\hshghjo.exe
  2⤵
  PID:9288
- C:\Windows\System\xhmRWpp.exe
  C:\Windows\System\xhmRWpp.exe
  2⤵
  PID:9304
- C:\Windows\System\gaiCzxI.exe
  C:\Windows\System\gaiCzxI.exe
  2⤵
  PID:9320
- C:\Windows\System\XNCykbb.exe
  C:\Windows\System\XNCykbb.exe
  2⤵
  PID:9336
- C:\Windows\System\IWnZZNH.exe
  C:\Windows\System\IWnZZNH.exe
  2⤵
  PID:9356
- C:\Windows\System\wDqOXgC.exe
  C:\Windows\System\wDqOXgC.exe
  2⤵
  PID:9372
- C:\Windows\System\DdluhrN.exe
  C:\Windows\System\DdluhrN.exe
  2⤵
  PID:9388
- C:\Windows\System\TOebbJi.exe
  C:\Windows\System\TOebbJi.exe
  2⤵
  PID:9404
- C:\Windows\System\XllYJrv.exe
  C:\Windows\System\XllYJrv.exe
  2⤵
  PID:9428
- C:\Windows\System\qhJXDdE.exe
  C:\Windows\System\qhJXDdE.exe
  2⤵
  PID:9448
- C:\Windows\System\VJAhSRN.exe
  C:\Windows\System\VJAhSRN.exe
  2⤵
  PID:9464
- C:\Windows\System\NxvDZqj.exe
  C:\Windows\System\NxvDZqj.exe
  2⤵
  PID:9492
- C:\Windows\System\GIclAQb.exe
  C:\Windows\System\GIclAQb.exe
  2⤵
  PID:9536
- C:\Windows\System\jdRcMtj.exe
  C:\Windows\System\jdRcMtj.exe
  2⤵
  PID:9652
- C:\Windows\System\eIbbVXH.exe
  C:\Windows\System\eIbbVXH.exe
  2⤵
  PID:9684
- C:\Windows\System\slCIxol.exe
  C:\Windows\System\slCIxol.exe
  2⤵
  PID:9720
- C:\Windows\System\MocKTic.exe
  C:\Windows\System\MocKTic.exe
  2⤵
  PID:9784
- C:\Windows\System\cxlFijO.exe
  C:\Windows\System\cxlFijO.exe
  2⤵
  PID:9800
- C:\Windows\System\jRMVdAb.exe
  C:\Windows\System\jRMVdAb.exe
  2⤵
  PID:9816
- C:\Windows\System\ftmpmWX.exe
  C:\Windows\System\ftmpmWX.exe
  2⤵
  PID:9832
- C:\Windows\System\AWvtrfJ.exe
  C:\Windows\System\AWvtrfJ.exe
  2⤵
  PID:9848
- C:\Windows\System\HBNZHDm.exe
  C:\Windows\System\HBNZHDm.exe
  2⤵
  PID:9864
- C:\Windows\System\SMrnWiA.exe
  C:\Windows\System\SMrnWiA.exe
  2⤵
  PID:9880
- C:\Windows\System\NqnrWBp.exe
  C:\Windows\System\NqnrWBp.exe
  2⤵
  PID:9896
- C:\Windows\System\YefJzyb.exe
  C:\Windows\System\YefJzyb.exe
  2⤵
  PID:9912
- C:\Windows\System\qrnGtWQ.exe
  C:\Windows\System\qrnGtWQ.exe
  2⤵
  PID:9928
- C:\Windows\System\pUzGneR.exe
  C:\Windows\System\pUzGneR.exe
  2⤵
  PID:9944
- C:\Windows\System\bzqtOrZ.exe
  C:\Windows\System\bzqtOrZ.exe
  2⤵
  PID:9960
- C:\Windows\System\eSuDKIv.exe
  C:\Windows\System\eSuDKIv.exe
  2⤵
  PID:9976
- C:\Windows\System\WgqUrjH.exe
  C:\Windows\System\WgqUrjH.exe
  2⤵
  PID:9992
- C:\Windows\System\ZWaeqPP.exe
  C:\Windows\System\ZWaeqPP.exe
  2⤵
  PID:10008
- C:\Windows\System\IHQrONf.exe
  C:\Windows\System\IHQrONf.exe
  2⤵
  PID:10024
- C:\Windows\System\hrcSqtO.exe
  C:\Windows\System\hrcSqtO.exe
  2⤵
  PID:10040
- C:\Windows\System\bWqLjNP.exe
  C:\Windows\System\bWqLjNP.exe
  2⤵
  PID:10076
- C:\Windows\System\bbtRqiD.exe
  C:\Windows\System\bbtRqiD.exe
  2⤵
  PID:10092
- C:\Windows\System\jRdhzXV.exe
  C:\Windows\System\jRdhzXV.exe
  2⤵
  PID:10108
- C:\Windows\System\YrgUoQn.exe
  C:\Windows\System\YrgUoQn.exe
  2⤵
  PID:10124
- C:\Windows\System\bmCSoeu.exe
  C:\Windows\System\bmCSoeu.exe
  2⤵
  PID:10140
- C:\Windows\System\pKdzQrJ.exe
  C:\Windows\System\pKdzQrJ.exe
  2⤵
  PID:10160
- C:\Windows\System\mgDkeVe.exe
  C:\Windows\System\mgDkeVe.exe
  2⤵
  PID:10176
- C:\Windows\System\NcSjxht.exe
  C:\Windows\System\NcSjxht.exe
  2⤵
  PID:10192
- C:\Windows\System\bZkwsaX.exe
  C:\Windows\System\bZkwsaX.exe
  2⤵
  PID:10208
- C:\Windows\System\dfYBpWE.exe
  C:\Windows\System\dfYBpWE.exe
  2⤵
  PID:10232
- C:\Windows\System\qRRMKgB.exe
  C:\Windows\System\qRRMKgB.exe
  2⤵
  PID:9008
- C:\Windows\System\UrLVrKA.exe
  C:\Windows\System\UrLVrKA.exe
  2⤵
  PID:9280
- C:\Windows\System\cyhGqxb.exe
  C:\Windows\System\cyhGqxb.exe
  2⤵
  PID:8752
- C:\Windows\System\VQQfnpG.exe
  C:\Windows\System\VQQfnpG.exe
  2⤵
  PID:9268
- C:\Windows\System\jbAhHMh.exe
  C:\Windows\System\jbAhHMh.exe
  2⤵
  PID:9024
- C:\Windows\System\bpVtxJT.exe
  C:\Windows\System\bpVtxJT.exe
  2⤵
  PID:9328
- C:\Windows\System\TEwjBRS.exe
  C:\Windows\System\TEwjBRS.exe
  2⤵
  PID:9444
- C:\Windows\System\kytOTNY.exe
  C:\Windows\System\kytOTNY.exe
  2⤵
  PID:9476
- C:\Windows\System\qhGdByh.exe
  C:\Windows\System\qhGdByh.exe
  2⤵
  PID:9484
- C:\Windows\System\hCwHXmp.exe
  C:\Windows\System\hCwHXmp.exe
  2⤵
  PID:9412
- C:\Windows\System\uAJJZFu.exe
  C:\Windows\System\uAJJZFu.exe
  2⤵
  PID:9576
- C:\Windows\System\WhcJSOw.exe
  C:\Windows\System\WhcJSOw.exe
  2⤵
  PID:9612
- C:\Windows\System\lEBPkJq.exe
  C:\Windows\System\lEBPkJq.exe
  2⤵
  PID:9632
- C:\Windows\System\mjnzZBH.exe
  C:\Windows\System\mjnzZBH.exe
  2⤵
  PID:9352
- C:\Windows\System\vCsMUyA.exe
  C:\Windows\System\vCsMUyA.exe
  2⤵
  PID:9380
- C:\Windows\System\DOIPQdY.exe
  C:\Windows\System\DOIPQdY.exe
  2⤵
  PID:9456
- C:\Windows\System\CkAHZCC.exe
  C:\Windows\System\CkAHZCC.exe
  2⤵
  PID:9696
- C:\Windows\System\iBvjRDa.exe
  C:\Windows\System\iBvjRDa.exe
  2⤵
  PID:9520
- C:\Windows\System\UtnpnGP.exe
  C:\Windows\System\UtnpnGP.exe
  2⤵
  PID:9600
- C:\Windows\System\ZKSnBgQ.exe
  C:\Windows\System\ZKSnBgQ.exe
  2⤵
  PID:9660
- C:\Windows\System\ETIqjvV.exe
  C:\Windows\System\ETIqjvV.exe
  2⤵
  PID:9636
- C:\Windows\System\qcpTDoE.exe
  C:\Windows\System\qcpTDoE.exe
  2⤵
  PID:9792
- C:\Windows\System\CBGfzsQ.exe
  C:\Windows\System\CBGfzsQ.exe
  2⤵
  PID:9672
- C:\Windows\System\NiHAyWP.exe
  C:\Windows\System\NiHAyWP.exe
  2⤵
  PID:9728
- C:\Windows\System\KKTjrfw.exe
  C:\Windows\System\KKTjrfw.exe
  2⤵
  PID:9752
- C:\Windows\System\GYvHvRH.exe
  C:\Windows\System\GYvHvRH.exe
  2⤵
  PID:9764
- C:\Windows\System\FQmoegk.exe
  C:\Windows\System\FQmoegk.exe
  2⤵
  PID:9828
- C:\Windows\System\IipNjeo.exe
  C:\Windows\System\IipNjeo.exe
  2⤵
  PID:9860
- C:\Windows\System\sDAIbeE.exe
  C:\Windows\System\sDAIbeE.exe
  2⤵
  PID:9844
- C:\Windows\System\WffZObw.exe
  C:\Windows\System\WffZObw.exe
  2⤵
  PID:9876
- C:\Windows\System\wSvGndA.exe
  C:\Windows\System\wSvGndA.exe
  2⤵
  PID:9936
- C:\Windows\System\vBlvvtT.exe
  C:\Windows\System\vBlvvtT.exe
  2⤵
  PID:9984
- C:\Windows\System\DrndtTq.exe
  C:\Windows\System\DrndtTq.exe
  2⤵
  PID:10000
- C:\Windows\System\gDracSJ.exe
  C:\Windows\System\gDracSJ.exe
  2⤵
  PID:10048
- C:\Windows\System\LJTazXm.exe
  C:\Windows\System\LJTazXm.exe
  2⤵
  PID:10084
- C:\Windows\System\IKqkCUY.exe
  C:\Windows\System\IKqkCUY.exe
  2⤵
  PID:2760
- C:\Windows\System\qqvXcKe.exe
  C:\Windows\System\qqvXcKe.exe
  2⤵
  PID:10116
- C:\Windows\System\TUiFhNB.exe
  C:\Windows\System\TUiFhNB.exe
  2⤵
  PID:10132
- C:\Windows\System\tXFIBwr.exe
  C:\Windows\System\tXFIBwr.exe
  2⤵
  PID:10168
- C:\Windows\System\gXnSvOm.exe
  C:\Windows\System\gXnSvOm.exe
  2⤵
  PID:10184
- C:\Windows\System\NMvSbAy.exe
  C:\Windows\System\NMvSbAy.exe
  2⤵
  PID:10224
- C:\Windows\System\QpNcBBu.exe
  C:\Windows\System\QpNcBBu.exe
  2⤵
  PID:9184
- C:\Windows\System\ecjkSoh.exe
  C:\Windows\System\ecjkSoh.exe
  2⤵
  PID:9232
- C:\Windows\System\duoOHim.exe
  C:\Windows\System\duoOHim.exe
  2⤵
  PID:9236
- C:\Windows\System\uwmYCbb.exe
  C:\Windows\System\uwmYCbb.exe
  2⤵
  PID:9400
- C:\Windows\System\GdseKbu.exe
  C:\Windows\System\GdseKbu.exe
  2⤵
  PID:9572
- C:\Windows\System\WUiBend.exe
  C:\Windows\System\WUiBend.exe
  2⤵
  PID:9588

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BZPMnmY.exe

Filesize
6.0MB

MD5
c5057ca378b89332d3f13767ab776fec

SHA1
5cb0257ad67c8f098f807a39a323100d4f88d7ff

SHA256
e8a228bcdca5cabe981c0c1ab4b7f3e342da21344db21c72f600880a0b0dcd13

SHA512
c74594cff484503fc2abc3b2040e5fac2d11a2c45bf79e8ec3b5b1b1a2814006b109ed8b63e16207d876a9f0bc8f9fc96eff646b766f6c8197f3e451537ec1c6

Download Submit
C:\Windows\system\BqCMSlC.exe

Filesize
6.0MB

MD5
a8ebfa2f9b8128326ad46afbce1fcc2e

SHA1
bb3d9a861bb7a1be59be89f9ffa7e4bbf69a3760

SHA256
bfe3660cf4e69695c76656a863ab35bf4edfa94a8d8a318c31f561eda9db50ec

SHA512
fb5a0e56a85efba1b311e0eeb2903d3cbf04a6fa9df99d98b0915ddd939a74e8650036dfca4d5e8c5490838375403e59c5063397613c6433e51629991c5a9b26

Download Submit
C:\Windows\system\CflUxtX.exe

Filesize
6.0MB

MD5
0cbaacf293464860557d93327fecc818

SHA1
a0ff861a48a9a69dc6c46aa4b6e8758c59cee82c

SHA256
775e086c3db6572c8736d013d79a76bd38ea47922effe39a25f532841ae95e25

SHA512
74a6781ffe9a1ba0262677754a937a03587df1be5dca9127696077972332614bdf94ac288b7e588392e11e1420f4ca32b37aff149e12c09964b358bd67686440

Download Submit
C:\Windows\system\DXDjQql.exe

Filesize
6.0MB

MD5
684ab283696f000d98c52ca32d3fbf1f

SHA1
971201b02b5f6552af6d1075487f1ebb6e116c43

SHA256
ee7385ac6357881914fc64112c9efab1765d0844b2dd869caf00a1b6491d2e1d

SHA512
b918df6b4b502a656a9e997ddb659ea18f5524ae47e57fa15178b99b4721dbe77ed1fd6100f082b7b75fc4040ace242628d5634f5d844abc81590cf250d0f261

Download Submit
C:\Windows\system\DmxcWkD.exe

Filesize
6.0MB

MD5
3a068d0ce2601faff049bba664a6c6ce

SHA1
cff822f557a2363e10600d01b92ac12197749e05

SHA256
351c27e2f7891512ff897150816ef169c3ffc71a8bf327da3645f70f7660b37d

SHA512
cc5f78ab3367d96cee2a536791411de4b95c92c6034b2ecfb66bbe910c47f0f1d67eb6995299680feb65adff73762bb3c6ef67cef06372211bc1ad3895749270

Download Submit
C:\Windows\system\FVjmyEd.exe

Filesize
6.0MB

MD5
6622336b5406874f705fc826003683d2

SHA1
a2e30137b01298ace05824cf22d1ffd9221f035b

SHA256
fbf02e35dfa2b724cb20e2bf562e5dfbe096794ae21fb488f192b7c8c04f0382

SHA512
753851a9f28c0a8b6ea127c4a0d364522dbccde34cb1fe9c865b8bfeb180b869ee9c3fd8c7eb10bfec02157532b1005b0b8f382ae4c322cab2f341f33ec6158c

Download Submit
C:\Windows\system\FrkKiKU.exe

Filesize
6.0MB

MD5
2894fd374251f3c686ed13117e9368a9

SHA1
2b365d398e7e49c3adb278d2f9e0d178112e7831

SHA256
d5ba6566eccd52b317e52b747b0895c86e1b51d9933d9e0da5b32a31287b3416

SHA512
46fdb839cc378f9139129afcd2e16114b7d0da9a4aa1d80eaf450ab8560fc8cc52b572c631052557828447da576a930a91ab64a5d60182e540bd9da1efec42bf

Download Submit
C:\Windows\system\MpkGqID.exe

Filesize
6.0MB

MD5
89ad7d9b9e79eba1cf9adbb6f0018cfb

SHA1
5890eeaf4efbf2c4f7711685625cda5117423220

SHA256
890a537bb7f141f69f77a063c3e62dced533725dcbdd42cf64c643dc52248327

SHA512
6e5d55f3dffd752ac9277042cd0cb2264b8c727fd50054f2d8fcada1cbf9417911c63f9f211b238934d78cace65b9a420978c54c242fe43a2217d970bbf35462

Download Submit
C:\Windows\system\NVUbHPC.exe

Filesize
6.0MB

MD5
e8989a9638a95cd90a2c9d66d32aac07

SHA1
3a524c59286cd484924a6092578652df3ac07d94

SHA256
caef97bc94d51b2a5ddeb752488c0f4be9d504d53b2ca7763b0c2a69820d3dbe

SHA512
c8ea2bf56e42b6688e48c20165ff08b27407488ab08e724bfc3758ee5a683bce18a957b0481d935a853df87d73be4014d77d26121e89673c4e3bf0f8a7d23ffb

Download Submit
C:\Windows\system\PTWUicC.exe

Filesize
6.0MB

MD5
8c764dfeed002ddb985deeb58dbfc7bb

SHA1
0dc36876a412e409fc0028e3c867449efe6d8e15

SHA256
42fa25f5ba661ac0440a157ffcc47480c74ba8a0937009fb20b5b18b660fcb86

SHA512
51df83cbe8f4517347512bd74350b2f0117a47b08bea2683e7a9c557c8bc37e3a80372fd91b14d8a2e0d3e61b6feeae00064c640e17da0e19f46d5a9b253dec9

Download Submit
C:\Windows\system\RhUSueL.exe

Filesize
6.0MB

MD5
7da77769adfac2c378cb0b566fa71116

SHA1
e90dd2d5267673877a14cc020ef0a4f614bf9b99

SHA256
071a0f36d56484b7cc3671d9b20844e8e9dc30a4111faabbc68ce84873ec6a0c

SHA512
34a649efdb236d9cdbbce779bf39799fb7120e2b96f6322801f4fd3c95527890755ef49fe7439733c8f1e17fb34dd78926bf972539b6e7fde1717fcc8ca5a1c2

Download Submit
C:\Windows\system\TlXOUah.exe

Filesize
6.0MB

MD5
2a480194b5a6f2de769e10ddc6c5abf5

SHA1
ad5a5d04ac3ecc69b220dcf1ced912e408eb793e

SHA256
2caaac381815fbd42a9ce278cf0fde27f19d003f51f9e15c91d24048ff25345f

SHA512
b1ddfcb2837dc2ab3b992242e2c80ff4b445a2415a327e2b894c53a37d4c7892c1e38fe664f6336e11be5756a4302258dcf4a31848f778ad3592a5acdd314e18

Download Submit
C:\Windows\system\VNIqOZo.exe

Filesize
6.0MB

MD5
37ea93cd38c2735773939245c26fbc96

SHA1
b0c666979215e46e2936f604d75dbccf065b1034

SHA256
7552da60f7a3494e710cc61a1cbd4b22f34af7f591704350bbb581e8277532f3

SHA512
61e772db7993ba06569ed86f2ea108cbe92a48f6cd2a919b0cb4c11a024f70449dc948883b8304227118daecd2cd145471db4d44e9b926a44a694836f67aa248

Download Submit
C:\Windows\system\asKPtek.exe

Filesize
6.0MB

MD5
7a636837dbfa26bd908328dedda68e78

SHA1
a6542dbe0e5d7878fcf2972448b2875d07b5b1fb

SHA256
b6c3bbe5a50803430e619103f6445ec8ecbcbadfdcd65954f9eeb8d3cc0dbf67

SHA512
1a5456db249d1d72a95b96d07446c509b6d157964ddd0771abebe4440de64c9f354ba9c3ff2676fcc3ccea7051289e85d0555f63d35d3c4bf0fce9921f636d6a

Download Submit
C:\Windows\system\dvIAjbi.exe

Filesize
6.0MB

MD5
e72d7605379ccac67c3cffd45971bdc7

SHA1
e67a30a11a5ca412a53e7c829c6557d44b3675eb

SHA256
6aedb204ae74d0b05eaec73e10ea36511572488035dd73fc25120a0c0506ccf5

SHA512
4b2fa6a33f35ce2fd829cde8d7fe4b5e9273acf30a968dc6f9a9a9f517f56d02e09595234c0f5b8ae0d84a8cbc7a40ec1b1f8d11b757c63fbb16a543519d759e

Download Submit
C:\Windows\system\ehxXbOK.exe

Filesize
6.0MB

MD5
4f9eb10fe838e4541df10148380d178c

SHA1
996df76d8b1f31f0e6824826849cd47796b64501

SHA256
f07a6704ab15885c21faf9b01664bf8c113810a28390233cbc08ef9b3e48ab0f

SHA512
ef8cd46db09431db6315603aacebca0a66f80c7280a2b76d10b1824df87ce48fd63e3136674a56672bbe41ff53e4ec11e1423ac69c376714acee01832b2da8fc

Download Submit
C:\Windows\system\evPVBbk.exe

Filesize
6.0MB

MD5
3a6c09a7e9a65d33a7003d6130519ebf

SHA1
c1f58610baf16b34313810df27332a0f9d88d533

SHA256
ba8a5a4207166e1dac5a92402780be72b025f2b25d31bcd03a4b4a22a62e5563

SHA512
7975bfd0e8b5787e735be6a3cfe7578d1a88e1c92f816101f69c73fa33ada34607980530447543a8ff15b19213a7a930d6af643f8902fbe3a1d3c26c2c74fe6c

Download Submit
C:\Windows\system\fbSxlIp.exe

Filesize
6.0MB

MD5
094be1103f1aac94def8227f7a4d2c5d

SHA1
b1321f27c8e20ef38aee9931a7b592c7966d27a0

SHA256
5614dba74506618063bb90d7e8b169cfa1230ba3c3779661a4e02c00a8aa2261

SHA512
f66053659acc7c95cbd90f5ecbc7a2fac6d1841367f2fe9bef041067a81c03abeb9de040b08c7ce6a58c1da1f79fc58bf9415b9b08b53310baf76c6c20c1adcc

Download Submit
C:\Windows\system\gsLdope.exe

Filesize
6.0MB

MD5
3239f7e5c151b10e64866273d8f46c88

SHA1
527f2741faec0f43f3b1f76e106d83de634700a4

SHA256
c57d6dc9d7adae8635d0c50a61692294fa5e0b780301e74a81218424b00081d9

SHA512
7d8542f79b1c41d53c66482421fc2d67a25b4226ff9981d888a7f8f63f9c4ca8585fe1d839fb4d2f6f271bc09e2f95e10fad06fc7470869752301ac4bc6ce791

Download Submit
C:\Windows\system\jDzHwNT.exe

Filesize
6.0MB

MD5
5e1f92e9a3ca4bb1f13915c2a5b7e26f

SHA1
5960c720330cdcd7c178b470cc75fe5ee558c744

SHA256
b555638155978ed2edaddb49c99ea40d939b868fd0e6c370a5ba17082fe5a4fa

SHA512
b78f6f57a96c7301f7010779dd25f632b35b73fedd2ff3c4a6dfac66481d6c89b6f4c43fb2ab534757a813ded0142bec4f3c5a906cba3b6293dfd6b945ac5f70

Download Submit
C:\Windows\system\kCPlNsU.exe

Filesize
6.0MB

MD5
1c7b4c345dc8d2e31de03c957848f879

SHA1
05f5d9cbd6fc3fc8a75b4b462fcb4f2237233be6

SHA256
2002853715cade0b1c819862614fa4630edf92ae1806b3061c973b3f73703bc6

SHA512
e6f918af5ae37acbeff2f69b2504d2e6393a523ba070ea0e56725935899849cb303096d73d53180aae17bd72cb7cb1f96b77372a781505b98602f5bbd3a8ff7f

Download Submit
C:\Windows\system\kpuxiQK.exe

Filesize
6.0MB

MD5
3293f36ecb1af12752b822ee605fce3d

SHA1
be65e0a6a7ea5cc13916e0e32c5470724de07896

SHA256
23dafb7f785b58b7cbc6c413a8e1e05a61a4ebda83fc0dcb97959368b5cba7db

SHA512
689cc77c8a5b4e5c4a12b3bb792c3c44d6f31b3b61f9a30792444d1ef10a5885195373be1d89af6c3768279458d740157516e24ef55b2c3a0cd5576dc977c07c

Download Submit
C:\Windows\system\meYRBAT.exe

Filesize
6.0MB

MD5
3a21b157fb9207b57c04403bed6f47f5

SHA1
841965bce3fcb5fe80f9fdccb45f334372173cb0

SHA256
34589e743cf1fd4984cfb58898771bff7d98e6e13a82dc149cb498e28275847c

SHA512
48f5f95ace4af5d8e0c44057f23f3f5087117f7ebdb6dfb82e3ed18529a94a401d8453742f57bed47021688086011af29fc6c9cc5151910d531e95e3b3347313

Download Submit
C:\Windows\system\odVyTtm.exe

Filesize
6.0MB

MD5
586372f39f8f0cd74a9886e1a183fa91

SHA1
42a1c852610c9e148038f9b02db212c8cfff3a2d

SHA256
816cce3d35649be6af92e5f2b02402e24da6db02997c25521ba31f04c827baa7

SHA512
7193cf7b10250352a118e8a969b004c307715e6fe0c82a042fe3a532ea28f8cce25031c7165a7e080c308c4d7a450f5a33fed416ddd78ed4a73c4a7b7f357f67

Download Submit
C:\Windows\system\uYgdqAm.exe

Filesize
6.0MB

MD5
30d08c034f319ceb6572e0471359c398

SHA1
2be0f146c81cded26bc43a85020049672ccc7b8a

SHA256
9fc5cf3155205a071c528928e0dbb6dd9c3d9eb9e4838bc9d24323bd3d824ff4

SHA512
a1c6d8ea7b582c860169e8b7e4503a4578fee8e5e1a2da2a1afc62fcade6778e76928d8fed872e45861c8e7a2055303c68c3360404f69fcccaa720f1253661ae

Download Submit
C:\Windows\system\vSHQSBt.exe

Filesize
6.0MB

MD5
db38ee2f581bf5e2604ef6689570f6ec

SHA1
d79963c0850ee26c2e18458647d293ca710d4662

SHA256
92ae8756b1ff341f44f6de6062a26758704d7f6ad05ce7a2f629189ef7999b13

SHA512
5f81fc890be5d82f4492fc5de15fbcae08637917454da8222c59a68b262b4cfe7087ad881667585c34d8beadb4ec9d636aba0a0babc96fced58fff7380ee044d

Download Submit
C:\Windows\system\vUiLTby.exe

Filesize
6.0MB

MD5
52a692d58b867f1f6aa4d0aeae642315

SHA1
d77809e52734a56ef4cebed9ec22cccc6973b6e8

SHA256
baf9a31f9556ce1392283329a80b11e858bcdc2ee978e1aaf8edcdf246fd947a

SHA512
d7b9db16d04c60597c50c30845fd54c292588e5d5734de1f4edc2119721fafeed6e93406f8d8650e1f30b25de322196d27ba2da4612145fa92c5948cf91216f7

Download Submit
C:\Windows\system\wUbJCql.exe

Filesize
6.0MB

MD5
e3db37c8272fb35862bd6e29276e69c0

SHA1
317202dd0d85b79e74331ec68311651963747892

SHA256
8dbf12ade612164dfd1d603f934bbdf4146167ac5157eec2c0dcbb3142d75547

SHA512
090262fecc41e004419edf9b650bb093cbe0d13a7eb91262be3feddad5b4d0bec67d85bd34d8b22bb255b5fea40c8656f51aae8cb01e6a89160d82050f3c0309

Download Submit
C:\Windows\system\zTKzfvr.exe

Filesize
6.0MB

MD5
e0f7fee087361ff5ebe37082598bcc37

SHA1
a7508fae91907d258411b7da7caed73a37c16a95

SHA256
7b8258c9e955d0e5d51453de1e03f8fb028efa12bb042466645b2002031a2ccc

SHA512
957e49593a6db9d4c4d8251bee3b80637e2396c83e4f4798d5839a4c44f932ec42debc876d5b76c21df21775c0e097558266c9a8c89f7ec7a6a6ee7f4fabad28

Download Submit
\Windows\system\DMyKBVY.exe

Filesize
6.0MB

MD5
73165e9e06ffd6f9e7bf84af3bae104a

SHA1
8766bb1c90cc1072888c682362ec1501ce789b2f

SHA256
6a72f160088c91e0516d3b55fba444f6095629166ef4e2acbbd7f349f513cdf8

SHA512
7ae5b55dac5185c4517e946b93ec64e1eabcd3179638ab5ca6fdaf8299976edf9f1eed5f6a5a3c91b88ad7569acddfb9a17383494b0b0d095463bba271055f29

Download Submit
\Windows\system\TKESTeE.exe

Filesize
6.0MB

MD5
c030526fd15ff4c53f7511c862124e0c

SHA1
40b58ba56dd4c88f36fe5a942b9b83f4eed9058b

SHA256
1c6ad03ee88bd2d29f2c1ae3400508fb8d4aae270d545e9b2a075971fe6509e8

SHA512
c3d76765c29fd1e1afd14ae6cd643b7fd5d77964120f5b71d04cb0cc64fb27989f20ab03a6187625b5797c3316dd3803d5f1cb4326f8ecd136f94e9dd6452b66

Download Submit
\Windows\system\quaYPDi.exe

Filesize
6.0MB

MD5
82c1e9ca10a79ffdd77b0d8b3decf0b6

SHA1
e662dc8d15dba36585552b4eff66c4263e7839d2

SHA256
b09d39d4b816465ac9bc7f29a3b4057c1df49451360aca49e74eccf27f3bfe1a

SHA512
28ff5fc0b219f8b02db774e63a35b1478343f815b0381296c6b68e8b17ae15ba259af09278ff988823a56de6e96edad4cc010c449647acf3b5be859131a941c4

Download Submit
memory/320-1939-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/320-82-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/1116-67-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-192-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-287-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-425-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-178-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/1116-17-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-19-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-27-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1116-1-0x0000000000300000-0x0000000000310000-memory.dmp

Filesize
64KB

Download
memory/1116-92-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-32-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-33-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/1116-49-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1116-0-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1116-108-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1116-40-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-83-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-63-0x000000013FD30000-0x0000000140084000-memory.dmp

Filesize
3.3MB

Download
memory/1116-100-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-390-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-69-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/1116-71-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1116-54-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/1700-31-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1700-1861-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1904-1909-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1904-102-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1904-55-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1916-1980-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-101-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-391-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-93-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1936-1973-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-1958-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2296-87-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1862-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2448-29-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2464-81-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2464-1931-0x000000013FCF0000-0x0000000140044000-memory.dmp

Filesize
3.3MB

Download
memory/2636-70-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1917-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2888-36-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2888-3593-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2940-34-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2940-1870-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2956-41-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1890-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2956-86-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-23-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2964-2463-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3024-50-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/3024-1893-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download