cobaltstrike | 6481560bde051ea9002b29218f653274a983b4f3f02d34409f08707810eaaaf9

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-12-2024 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ffda7612d7397fbe104dcb3030747690
SHA1

67a6f4cd68e01aa3d1048d941125029ab6628e22
SHA256

6481560bde051ea9002b29218f653274a983b4f3f02d34409f08707810eaaaf9
SHA512

8fb7942d00abd3051248c54c0a190cb32bdbd6eb8d78ca0a7933349dd3a055b6c2c14df73f30c400ac9d319cd1b8b92242fb7c3bc676657a8f515aa4472e2671
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUP:T+q56utgpPF8u/7P

Score

10^/10

cobaltstrike xmrig 0 backdoor discovery miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001225c-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000167dc-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c3d-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c58-22.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd3-36.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ca2-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d0b-47.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016409-55.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739c-68.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-90.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174ac-126.dat	cobalt_reflective_dll
behavioral1/files/0x001500000001866d-136.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190d6-159.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f7-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-196.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019229-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019218-176.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f3-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001879b-151.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190cd-156.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000018678-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018690-145.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001752f-131.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001748f-121.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747b-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017409-112.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fb-108.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173aa-104.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001739a-67.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173e4-79.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1172-0-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x000c00000001225c-3.dat	xmrig
behavioral1/memory/2468-8-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x00080000000167dc-9.dat	xmrig
behavioral1/memory/2444-14-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c3d-11.dat	xmrig
behavioral1/memory/2016-21-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c58-22.dat	xmrig
behavioral1/memory/2656-27-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cd3-36.dat	xmrig
behavioral1/memory/2780-35-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/1172-34-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x0007000000016ca2-33.dat	xmrig
behavioral1/memory/2468-40-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2444-42-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d0b-47.dat	xmrig
behavioral1/memory/2740-54-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/1172-51-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/2016-50-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016409-55.dat	xmrig
behavioral1/memory/1172-59-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/1760-61-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2656-58-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x000600000001739c-68.dat	xmrig
behavioral1/memory/3008-72-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0006000000017403-90.dat	xmrig
behavioral1/memory/1944-83-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/files/0x00060000000174ac-126.dat	xmrig
behavioral1/files/0x001500000001866d-136.dat	xmrig
behavioral1/files/0x00060000000190d6-159.dat	xmrig
behavioral1/files/0x00050000000191f7-171.dat	xmrig
behavioral1/memory/1696-582-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2392-1085-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/1464-1185-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/976-976-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/1292-262-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/1760-261-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/files/0x000500000001924c-192.dat	xmrig
behavioral1/files/0x000500000001926b-196.dat	xmrig
behavioral1/files/0x0005000000019229-181.dat	xmrig
behavioral1/files/0x0005000000019234-185.dat	xmrig
behavioral1/files/0x0005000000019218-176.dat	xmrig
behavioral1/files/0x00050000000191f3-166.dat	xmrig
behavioral1/files/0x000500000001879b-151.dat	xmrig
behavioral1/files/0x00060000000190cd-156.dat	xmrig
behavioral1/files/0x0009000000018678-141.dat	xmrig
behavioral1/files/0x0005000000018690-145.dat	xmrig
behavioral1/files/0x000600000001752f-131.dat	xmrig
behavioral1/files/0x000600000001748f-121.dat	xmrig
behavioral1/files/0x000600000001747b-116.dat	xmrig
behavioral1/files/0x0006000000017409-112.dat	xmrig
behavioral1/memory/1464-110-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/1172-109-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/files/0x00060000000173fb-108.dat	xmrig
behavioral1/memory/2392-106-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2740-105-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173aa-104.dat	xmrig
behavioral1/memory/976-101-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/1696-89-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x000700000001739a-67.dat	xmrig
behavioral1/memory/2780-63-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x00060000000173e4-79.dat	xmrig
behavioral1/memory/1292-69-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2444-3766-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2468	bbzHhwY.exe
2444	zhTRtyL.exe
2016	LJnaVgT.exe
2656	uyvjCOs.exe
2780	eCteKZw.exe
3008	FAbqGAh.exe
2740	nBKPqkW.exe
1760	jMEzNcl.exe
1292	uFrxxym.exe
1944	YoWJuQQ.exe
1696	pnfkqOF.exe
976	vZhGDkN.exe
2392	ujwVvwE.exe
1464	kQtGfOL.exe
1612	xhxMaqX.exe
1764	MXtPqxq.exe
2840	wmfGYhn.exe
548	VhfUneI.exe
1736	xjPigUF.exe
2928	uzlaeqJ.exe
2900	byuEZfO.exe
2968	KjElhcV.exe
1988	nwkEXib.exe
2368	bOyzaVC.exe
928	pOucsDT.exe
3024	SPPzaGs.exe
448	fESAtRO.exe
1280	BsOKlhk.exe
1028	oqALZyB.exe
2004	pCArXIK.exe
1308	EEJVbtA.exe
1588	XEUdyfi.exe
1716	KjZskVB.exe
1684	LTxiEYC.exe
840	MPNrOLO.exe
2076	HShQQoX.exe
2140	qyUltMK.exe
1348	QyhHnPy.exe
2520	sSmwxgI.exe
1284	OvPTnZt.exe
1208	eOlKgVU.exe
3048	YvcSRQh.exe
3044	YYqNIno.exe
2216	QLnZMTY.exe
1152	qjHycFg.exe
1472	AuJgfCv.exe
3036	yiVUKFb.exe
1044	JGdESDP.exe
1728	iVaozcR.exe
1892	MwxTJLJ.exe
2344	XzvFVUP.exe
1568	AnwNtCO.exe
1124	uUevrCt.exe
2464	GLFjltP.exe
2276	tjQpGxx.exe
2676	KvaFbTM.exe
2120	Riqixfw.exe
2864	gExCuRB.exe
748	PvwTDQC.exe
2640	zDIJOkW.exe
2700	KmjoCwU.exe
2844	eMnJzSF.exe
2604	eccywVl.exe
2148	jWpKEWu.exe

Loads dropped DLL 64 IoCs

pid	Process
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1172-0-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x000c00000001225c-3.dat	upx
behavioral1/memory/2468-8-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x00080000000167dc-9.dat	upx
behavioral1/memory/2444-14-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0008000000016c3d-11.dat	upx
behavioral1/memory/2016-21-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x0007000000016c58-22.dat	upx
behavioral1/memory/2656-27-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0007000000016cd3-36.dat	upx
behavioral1/memory/2780-35-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/1172-34-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/files/0x0007000000016ca2-33.dat	upx
behavioral1/memory/2468-40-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2444-42-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/files/0x0009000000016d0b-47.dat	upx
behavioral1/memory/2740-54-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/2016-50-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/files/0x0009000000016409-55.dat	upx
behavioral1/memory/1760-61-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2656-58-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x000600000001739c-68.dat	upx
behavioral1/memory/3008-72-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0006000000017403-90.dat	upx
behavioral1/memory/1944-83-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/files/0x00060000000174ac-126.dat	upx
behavioral1/files/0x001500000001866d-136.dat	upx
behavioral1/files/0x00060000000190d6-159.dat	upx
behavioral1/files/0x00050000000191f7-171.dat	upx
behavioral1/memory/1696-582-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2392-1085-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/1464-1185-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/976-976-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/1292-262-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/1760-261-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/files/0x000500000001924c-192.dat	upx
behavioral1/files/0x000500000001926b-196.dat	upx
behavioral1/files/0x0005000000019229-181.dat	upx
behavioral1/files/0x0005000000019234-185.dat	upx
behavioral1/files/0x0005000000019218-176.dat	upx
behavioral1/files/0x00050000000191f3-166.dat	upx
behavioral1/files/0x000500000001879b-151.dat	upx
behavioral1/files/0x00060000000190cd-156.dat	upx
behavioral1/files/0x0009000000018678-141.dat	upx
behavioral1/files/0x0005000000018690-145.dat	upx
behavioral1/files/0x000600000001752f-131.dat	upx
behavioral1/files/0x000600000001748f-121.dat	upx
behavioral1/files/0x000600000001747b-116.dat	upx
behavioral1/files/0x0006000000017409-112.dat	upx
behavioral1/memory/1464-110-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x00060000000173fb-108.dat	upx
behavioral1/memory/2392-106-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2740-105-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x00060000000173aa-104.dat	upx
behavioral1/memory/976-101-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/1696-89-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x000700000001739a-67.dat	upx
behavioral1/memory/2780-63-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x00060000000173e4-79.dat	upx
behavioral1/memory/1292-69-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2444-3766-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2656-3772-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2468-3777-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2780-4028-0x000000013F410000-0x000000013F764000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BUcYqHT.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BsOKlhk.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgNBmGq.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GZiXLZy.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OoZtSIn.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HEmNlLf.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PfgoqWl.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVlRQka.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hOmNtmV.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hogEUur.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkOgSeg.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EOmvUtN.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbeCYYs.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KNangFx.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwdgZEw.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vJQrAIa.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pXqsoJf.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAeqRlc.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTnBFnW.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKIaZBY.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILZweKA.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMzNCMH.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HapBPzr.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jqnMmLV.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MfbcQVA.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zhJnjfD.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmmTzDs.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\thLkTbV.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fYusDUP.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkPuxwX.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqVaJRa.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\beezEca.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMrZYBu.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vmPGCrM.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQRzQHB.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWTPrmg.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EKZRHDG.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdSxJoj.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKPifnr.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CPWXfMy.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEbvBTD.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMuYHjl.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPmfVmG.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOgsUZm.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PhNPeBI.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AixBFQI.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMZJrkw.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxQMMFw.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmjoCwU.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKCAgGE.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BVtJPEw.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pbFlhZN.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGdESDP.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTHApBU.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOvDFFN.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxBTOSX.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SYAMAdZ.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGZLhDV.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FIwtFbE.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OKMkFOz.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AzSoemz.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fuFsanS.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dfIxSKH.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twHjeqZ.exe	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5356	PiNgxvg.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 2468	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1172 wrote to memory of 2468	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1172 wrote to memory of 2468	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1172 wrote to memory of 2444	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1172 wrote to memory of 2444	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1172 wrote to memory of 2444	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1172 wrote to memory of 2016	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1172 wrote to memory of 2016	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1172 wrote to memory of 2016	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1172 wrote to memory of 2656	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1172 wrote to memory of 2656	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1172 wrote to memory of 2656	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1172 wrote to memory of 2780	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1172 wrote to memory of 2780	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1172 wrote to memory of 2780	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1172 wrote to memory of 3008	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1172 wrote to memory of 3008	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1172 wrote to memory of 3008	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1172 wrote to memory of 2740	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1172 wrote to memory of 2740	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1172 wrote to memory of 2740	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1172 wrote to memory of 1760	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1172 wrote to memory of 1760	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1172 wrote to memory of 1760	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1172 wrote to memory of 1292	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1172 wrote to memory of 1292	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1172 wrote to memory of 1292	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1172 wrote to memory of 1944	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1172 wrote to memory of 1944	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1172 wrote to memory of 1944	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1172 wrote to memory of 2392	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1172 wrote to memory of 2392	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1172 wrote to memory of 2392	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1172 wrote to memory of 1696	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1172 wrote to memory of 1696	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1172 wrote to memory of 1696	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1172 wrote to memory of 1464	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1172 wrote to memory of 1464	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1172 wrote to memory of 1464	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1172 wrote to memory of 976	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1172 wrote to memory of 976	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1172 wrote to memory of 976	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1172 wrote to memory of 1612	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1172 wrote to memory of 1612	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1172 wrote to memory of 1612	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1172 wrote to memory of 1764	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1172 wrote to memory of 1764	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1172 wrote to memory of 1764	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1172 wrote to memory of 2840	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1172 wrote to memory of 2840	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1172 wrote to memory of 2840	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1172 wrote to memory of 548	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1172 wrote to memory of 548	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1172 wrote to memory of 548	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1172 wrote to memory of 1736	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1172 wrote to memory of 1736	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1172 wrote to memory of 1736	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1172 wrote to memory of 2928	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1172 wrote to memory of 2928	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1172 wrote to memory of 2928	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1172 wrote to memory of 2900	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1172 wrote to memory of 2900	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1172 wrote to memory of 2900	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1172 wrote to memory of 2968	1172	2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-22_ffda7612d7397fbe104dcb3030747690_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Windows\System\bbzHhwY.exe
  C:\Windows\System\bbzHhwY.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\zhTRtyL.exe
  C:\Windows\System\zhTRtyL.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\LJnaVgT.exe
  C:\Windows\System\LJnaVgT.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\uyvjCOs.exe
  C:\Windows\System\uyvjCOs.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\eCteKZw.exe
  C:\Windows\System\eCteKZw.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\FAbqGAh.exe
  C:\Windows\System\FAbqGAh.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\nBKPqkW.exe
  C:\Windows\System\nBKPqkW.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\jMEzNcl.exe
  C:\Windows\System\jMEzNcl.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\uFrxxym.exe
  C:\Windows\System\uFrxxym.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\YoWJuQQ.exe
  C:\Windows\System\YoWJuQQ.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\ujwVvwE.exe
  C:\Windows\System\ujwVvwE.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\pnfkqOF.exe
  C:\Windows\System\pnfkqOF.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\kQtGfOL.exe
  C:\Windows\System\kQtGfOL.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\vZhGDkN.exe
  C:\Windows\System\vZhGDkN.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\xhxMaqX.exe
  C:\Windows\System\xhxMaqX.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\MXtPqxq.exe
  C:\Windows\System\MXtPqxq.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\wmfGYhn.exe
  C:\Windows\System\wmfGYhn.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\VhfUneI.exe
  C:\Windows\System\VhfUneI.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\xjPigUF.exe
  C:\Windows\System\xjPigUF.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\uzlaeqJ.exe
  C:\Windows\System\uzlaeqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\byuEZfO.exe
  C:\Windows\System\byuEZfO.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\KjElhcV.exe
  C:\Windows\System\KjElhcV.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\nwkEXib.exe
  C:\Windows\System\nwkEXib.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\bOyzaVC.exe
  C:\Windows\System\bOyzaVC.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\pOucsDT.exe
  C:\Windows\System\pOucsDT.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\SPPzaGs.exe
  C:\Windows\System\SPPzaGs.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\fESAtRO.exe
  C:\Windows\System\fESAtRO.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\BsOKlhk.exe
  C:\Windows\System\BsOKlhk.exe
  2⤵
  - Executes dropped EXE
  PID:1280
- C:\Windows\System\oqALZyB.exe
  C:\Windows\System\oqALZyB.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\pCArXIK.exe
  C:\Windows\System\pCArXIK.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\EEJVbtA.exe
  C:\Windows\System\EEJVbtA.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\XEUdyfi.exe
  C:\Windows\System\XEUdyfi.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\KjZskVB.exe
  C:\Windows\System\KjZskVB.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\LTxiEYC.exe
  C:\Windows\System\LTxiEYC.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\MPNrOLO.exe
  C:\Windows\System\MPNrOLO.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\HShQQoX.exe
  C:\Windows\System\HShQQoX.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\qyUltMK.exe
  C:\Windows\System\qyUltMK.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\QyhHnPy.exe
  C:\Windows\System\QyhHnPy.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\sSmwxgI.exe
  C:\Windows\System\sSmwxgI.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\OvPTnZt.exe
  C:\Windows\System\OvPTnZt.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\eOlKgVU.exe
  C:\Windows\System\eOlKgVU.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\YvcSRQh.exe
  C:\Windows\System\YvcSRQh.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\YYqNIno.exe
  C:\Windows\System\YYqNIno.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\QLnZMTY.exe
  C:\Windows\System\QLnZMTY.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\qjHycFg.exe
  C:\Windows\System\qjHycFg.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\AuJgfCv.exe
  C:\Windows\System\AuJgfCv.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\yiVUKFb.exe
  C:\Windows\System\yiVUKFb.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\JGdESDP.exe
  C:\Windows\System\JGdESDP.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\iVaozcR.exe
  C:\Windows\System\iVaozcR.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\MwxTJLJ.exe
  C:\Windows\System\MwxTJLJ.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\XzvFVUP.exe
  C:\Windows\System\XzvFVUP.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\AnwNtCO.exe
  C:\Windows\System\AnwNtCO.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\uUevrCt.exe
  C:\Windows\System\uUevrCt.exe
  2⤵
  - Executes dropped EXE
  PID:1124
- C:\Windows\System\GLFjltP.exe
  C:\Windows\System\GLFjltP.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\tjQpGxx.exe
  C:\Windows\System\tjQpGxx.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\KvaFbTM.exe
  C:\Windows\System\KvaFbTM.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\Riqixfw.exe
  C:\Windows\System\Riqixfw.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\gExCuRB.exe
  C:\Windows\System\gExCuRB.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\PvwTDQC.exe
  C:\Windows\System\PvwTDQC.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\zDIJOkW.exe
  C:\Windows\System\zDIJOkW.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\KmjoCwU.exe
  C:\Windows\System\KmjoCwU.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\eMnJzSF.exe
  C:\Windows\System\eMnJzSF.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\eccywVl.exe
  C:\Windows\System\eccywVl.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\jWpKEWu.exe
  C:\Windows\System\jWpKEWu.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\udoEcfY.exe
  C:\Windows\System\udoEcfY.exe
  2⤵
  PID:2816
- C:\Windows\System\EJILKpO.exe
  C:\Windows\System\EJILKpO.exe
  2⤵
  PID:2668
- C:\Windows\System\msawVhT.exe
  C:\Windows\System\msawVhT.exe
  2⤵
  PID:1840
- C:\Windows\System\tMHgeGF.exe
  C:\Windows\System\tMHgeGF.exe
  2⤵
  PID:2300
- C:\Windows\System\hspPZyY.exe
  C:\Windows\System\hspPZyY.exe
  2⤵
  PID:1664
- C:\Windows\System\lrevNGN.exe
  C:\Windows\System\lrevNGN.exe
  2⤵
  PID:348
- C:\Windows\System\eOgsUZm.exe
  C:\Windows\System\eOgsUZm.exe
  2⤵
  PID:1888
- C:\Windows\System\IYXqepk.exe
  C:\Windows\System\IYXqepk.exe
  2⤵
  PID:2136
- C:\Windows\System\yMXPIYh.exe
  C:\Windows\System\yMXPIYh.exe
  2⤵
  PID:3068
- C:\Windows\System\Fjmxzko.exe
  C:\Windows\System\Fjmxzko.exe
  2⤵
  PID:408
- C:\Windows\System\lOmlTZQ.exe
  C:\Windows\System\lOmlTZQ.exe
  2⤵
  PID:1084
- C:\Windows\System\kYJcSaN.exe
  C:\Windows\System\kYJcSaN.exe
  2⤵
  PID:1672
- C:\Windows\System\ptPGcwi.exe
  C:\Windows\System\ptPGcwi.exe
  2⤵
  PID:600
- C:\Windows\System\PEBjdcs.exe
  C:\Windows\System\PEBjdcs.exe
  2⤵
  PID:672
- C:\Windows\System\TUjtGlY.exe
  C:\Windows\System\TUjtGlY.exe
  2⤵
  PID:2588
- C:\Windows\System\rVtfBPr.exe
  C:\Windows\System\rVtfBPr.exe
  2⤵
  PID:2280
- C:\Windows\System\VcWXMQS.exe
  C:\Windows\System\VcWXMQS.exe
  2⤵
  PID:304
- C:\Windows\System\SYAMAdZ.exe
  C:\Windows\System\SYAMAdZ.exe
  2⤵
  PID:1516
- C:\Windows\System\XwszOdg.exe
  C:\Windows\System\XwszOdg.exe
  2⤵
  PID:1660
- C:\Windows\System\pfFGeon.exe
  C:\Windows\System\pfFGeon.exe
  2⤵
  PID:3056
- C:\Windows\System\eihjYrO.exe
  C:\Windows\System\eihjYrO.exe
  2⤵
  PID:996
- C:\Windows\System\dFIHkrt.exe
  C:\Windows\System\dFIHkrt.exe
  2⤵
  PID:1632
- C:\Windows\System\GyErnkP.exe
  C:\Windows\System\GyErnkP.exe
  2⤵
  PID:1628
- C:\Windows\System\VqAHrEz.exe
  C:\Windows\System\VqAHrEz.exe
  2⤵
  PID:2336
- C:\Windows\System\dBZUtmz.exe
  C:\Windows\System\dBZUtmz.exe
  2⤵
  PID:2432
- C:\Windows\System\ZfFRgPm.exe
  C:\Windows\System\ZfFRgPm.exe
  2⤵
  PID:1572
- C:\Windows\System\QJtLtfg.exe
  C:\Windows\System\QJtLtfg.exe
  2⤵
  PID:2684
- C:\Windows\System\zKCAgGE.exe
  C:\Windows\System\zKCAgGE.exe
  2⤵
  PID:2164
- C:\Windows\System\jvmwfAm.exe
  C:\Windows\System\jvmwfAm.exe
  2⤵
  PID:2292
- C:\Windows\System\ZFOKzJF.exe
  C:\Windows\System\ZFOKzJF.exe
  2⤵
  PID:2696
- C:\Windows\System\SHkzhMZ.exe
  C:\Windows\System\SHkzhMZ.exe
  2⤵
  PID:2036
- C:\Windows\System\OmLOTYd.exe
  C:\Windows\System\OmLOTYd.exe
  2⤵
  PID:2852
- C:\Windows\System\sKbErnB.exe
  C:\Windows\System\sKbErnB.exe
  2⤵
  PID:2552
- C:\Windows\System\lxnBzWD.exe
  C:\Windows\System\lxnBzWD.exe
  2⤵
  PID:2824
- C:\Windows\System\LZhdbsc.exe
  C:\Windows\System\LZhdbsc.exe
  2⤵
  PID:1600
- C:\Windows\System\dupANml.exe
  C:\Windows\System\dupANml.exe
  2⤵
  PID:2724
- C:\Windows\System\MMQZQqK.exe
  C:\Windows\System\MMQZQqK.exe
  2⤵
  PID:2916
- C:\Windows\System\HqgXWQb.exe
  C:\Windows\System\HqgXWQb.exe
  2⤵
  PID:3052
- C:\Windows\System\FzNfRdC.exe
  C:\Windows\System\FzNfRdC.exe
  2⤵
  PID:2224
- C:\Windows\System\DiQwyyW.exe
  C:\Windows\System\DiQwyyW.exe
  2⤵
  PID:576
- C:\Windows\System\wlnuJnK.exe
  C:\Windows\System\wlnuJnK.exe
  2⤵
  PID:2936
- C:\Windows\System\gSQpptV.exe
  C:\Windows\System\gSQpptV.exe
  2⤵
  PID:1712
- C:\Windows\System\JLvwTFj.exe
  C:\Windows\System\JLvwTFj.exe
  2⤵
  PID:1624
- C:\Windows\System\ZyHuXzf.exe
  C:\Windows\System\ZyHuXzf.exe
  2⤵
  PID:1780
- C:\Windows\System\tKKifqZ.exe
  C:\Windows\System\tKKifqZ.exe
  2⤵
  PID:2144
- C:\Windows\System\pYnvkuw.exe
  C:\Windows\System\pYnvkuw.exe
  2⤵
  PID:3060
- C:\Windows\System\orHbnCq.exe
  C:\Windows\System\orHbnCq.exe
  2⤵
  PID:1040
- C:\Windows\System\CAVvcXV.exe
  C:\Windows\System\CAVvcXV.exe
  2⤵
  PID:1580
- C:\Windows\System\IMNFvVR.exe
  C:\Windows\System\IMNFvVR.exe
  2⤵
  PID:1560
- C:\Windows\System\HWTPrmg.exe
  C:\Windows\System\HWTPrmg.exe
  2⤵
  PID:2472
- C:\Windows\System\lnFbQTd.exe
  C:\Windows\System\lnFbQTd.exe
  2⤵
  PID:2860
- C:\Windows\System\uULJSfd.exe
  C:\Windows\System\uULJSfd.exe
  2⤵
  PID:2688
- C:\Windows\System\UJcIYci.exe
  C:\Windows\System\UJcIYci.exe
  2⤵
  PID:2616
- C:\Windows\System\PzlEhOX.exe
  C:\Windows\System\PzlEhOX.exe
  2⤵
  PID:2092
- C:\Windows\System\ekCqBYp.exe
  C:\Windows\System\ekCqBYp.exe
  2⤵
  PID:2288
- C:\Windows\System\QxuuaEv.exe
  C:\Windows\System\QxuuaEv.exe
  2⤵
  PID:2232
- C:\Windows\System\yFiUkvP.exe
  C:\Windows\System\yFiUkvP.exe
  2⤵
  PID:1688
- C:\Windows\System\SfRTzko.exe
  C:\Windows\System\SfRTzko.exe
  2⤵
  PID:604
- C:\Windows\System\GsRAXnB.exe
  C:\Windows\System\GsRAXnB.exe
  2⤵
  PID:1524
- C:\Windows\System\vYmAQlh.exe
  C:\Windows\System\vYmAQlh.exe
  2⤵
  PID:1076
- C:\Windows\System\CJyGFyr.exe
  C:\Windows\System\CJyGFyr.exe
  2⤵
  PID:648
- C:\Windows\System\QrAxWXj.exe
  C:\Windows\System\QrAxWXj.exe
  2⤵
  PID:2356
- C:\Windows\System\bUgTyin.exe
  C:\Windows\System\bUgTyin.exe
  2⤵
  PID:3000
- C:\Windows\System\MwfOIFQ.exe
  C:\Windows\System\MwfOIFQ.exe
  2⤵
  PID:2832
- C:\Windows\System\kGXAHOO.exe
  C:\Windows\System\kGXAHOO.exe
  2⤵
  PID:2008
- C:\Windows\System\adMnqfd.exe
  C:\Windows\System\adMnqfd.exe
  2⤵
  PID:1808
- C:\Windows\System\pIrvYiC.exe
  C:\Windows\System\pIrvYiC.exe
  2⤵
  PID:2972
- C:\Windows\System\KNjtUKr.exe
  C:\Windows\System\KNjtUKr.exe
  2⤵
  PID:2372
- C:\Windows\System\NeALkFM.exe
  C:\Windows\System\NeALkFM.exe
  2⤵
  PID:868
- C:\Windows\System\YAeLchY.exe
  C:\Windows\System\YAeLchY.exe
  2⤵
  PID:3088
- C:\Windows\System\xVWhSMY.exe
  C:\Windows\System\xVWhSMY.exe
  2⤵
  PID:3108
- C:\Windows\System\dlBvvpz.exe
  C:\Windows\System\dlBvvpz.exe
  2⤵
  PID:3128
- C:\Windows\System\RhLlEDf.exe
  C:\Windows\System\RhLlEDf.exe
  2⤵
  PID:3152
- C:\Windows\System\sqNqDrv.exe
  C:\Windows\System\sqNqDrv.exe
  2⤵
  PID:3172
- C:\Windows\System\IPCvdTj.exe
  C:\Windows\System\IPCvdTj.exe
  2⤵
  PID:3192
- C:\Windows\System\qrrzAGW.exe
  C:\Windows\System\qrrzAGW.exe
  2⤵
  PID:3212
- C:\Windows\System\EzbXRsB.exe
  C:\Windows\System\EzbXRsB.exe
  2⤵
  PID:3232
- C:\Windows\System\KNangFx.exe
  C:\Windows\System\KNangFx.exe
  2⤵
  PID:3252
- C:\Windows\System\MSuMrIU.exe
  C:\Windows\System\MSuMrIU.exe
  2⤵
  PID:3272
- C:\Windows\System\KIkdTjR.exe
  C:\Windows\System\KIkdTjR.exe
  2⤵
  PID:3292
- C:\Windows\System\WwdgZEw.exe
  C:\Windows\System\WwdgZEw.exe
  2⤵
  PID:3312
- C:\Windows\System\uoaVQwS.exe
  C:\Windows\System\uoaVQwS.exe
  2⤵
  PID:3332
- C:\Windows\System\KmndjgM.exe
  C:\Windows\System\KmndjgM.exe
  2⤵
  PID:3352
- C:\Windows\System\nGEBjKz.exe
  C:\Windows\System\nGEBjKz.exe
  2⤵
  PID:3372
- C:\Windows\System\LbSaVxn.exe
  C:\Windows\System\LbSaVxn.exe
  2⤵
  PID:3392
- C:\Windows\System\OKMkFOz.exe
  C:\Windows\System\OKMkFOz.exe
  2⤵
  PID:3412
- C:\Windows\System\UisOAIm.exe
  C:\Windows\System\UisOAIm.exe
  2⤵
  PID:3432
- C:\Windows\System\cfCevYA.exe
  C:\Windows\System\cfCevYA.exe
  2⤵
  PID:3452
- C:\Windows\System\MLLTfFp.exe
  C:\Windows\System\MLLTfFp.exe
  2⤵
  PID:3472
- C:\Windows\System\iLEhwQh.exe
  C:\Windows\System\iLEhwQh.exe
  2⤵
  PID:3492
- C:\Windows\System\WWBTFAn.exe
  C:\Windows\System\WWBTFAn.exe
  2⤵
  PID:3512
- C:\Windows\System\ltGVEse.exe
  C:\Windows\System\ltGVEse.exe
  2⤵
  PID:3532
- C:\Windows\System\LMuzjJz.exe
  C:\Windows\System\LMuzjJz.exe
  2⤵
  PID:3552
- C:\Windows\System\risgsjP.exe
  C:\Windows\System\risgsjP.exe
  2⤵
  PID:3568
- C:\Windows\System\KVHzbTg.exe
  C:\Windows\System\KVHzbTg.exe
  2⤵
  PID:3592
- C:\Windows\System\OospMhw.exe
  C:\Windows\System\OospMhw.exe
  2⤵
  PID:3612
- C:\Windows\System\KZOAIRE.exe
  C:\Windows\System\KZOAIRE.exe
  2⤵
  PID:3636
- C:\Windows\System\PALZkXI.exe
  C:\Windows\System\PALZkXI.exe
  2⤵
  PID:3656
- C:\Windows\System\fTbBofZ.exe
  C:\Windows\System\fTbBofZ.exe
  2⤵
  PID:3676
- C:\Windows\System\eAZNrJQ.exe
  C:\Windows\System\eAZNrJQ.exe
  2⤵
  PID:3696
- C:\Windows\System\aGZHGyS.exe
  C:\Windows\System\aGZHGyS.exe
  2⤵
  PID:3716
- C:\Windows\System\CpLPStn.exe
  C:\Windows\System\CpLPStn.exe
  2⤵
  PID:3736
- C:\Windows\System\BVtJPEw.exe
  C:\Windows\System\BVtJPEw.exe
  2⤵
  PID:3756
- C:\Windows\System\uhKBYmv.exe
  C:\Windows\System\uhKBYmv.exe
  2⤵
  PID:3776
- C:\Windows\System\gFFVUyr.exe
  C:\Windows\System\gFFVUyr.exe
  2⤵
  PID:3796
- C:\Windows\System\xtKxgFs.exe
  C:\Windows\System\xtKxgFs.exe
  2⤵
  PID:3812
- C:\Windows\System\XUjZBZD.exe
  C:\Windows\System\XUjZBZD.exe
  2⤵
  PID:3836
- C:\Windows\System\wdDzgQD.exe
  C:\Windows\System\wdDzgQD.exe
  2⤵
  PID:3852
- C:\Windows\System\waXMeGC.exe
  C:\Windows\System\waXMeGC.exe
  2⤵
  PID:3876
- C:\Windows\System\qZepNvI.exe
  C:\Windows\System\qZepNvI.exe
  2⤵
  PID:3896
- C:\Windows\System\VWWTdjW.exe
  C:\Windows\System\VWWTdjW.exe
  2⤵
  PID:3916
- C:\Windows\System\YEyAFVG.exe
  C:\Windows\System\YEyAFVG.exe
  2⤵
  PID:3936
- C:\Windows\System\cmIykXr.exe
  C:\Windows\System\cmIykXr.exe
  2⤵
  PID:3956
- C:\Windows\System\HEmNlLf.exe
  C:\Windows\System\HEmNlLf.exe
  2⤵
  PID:3980
- C:\Windows\System\pHZuPCq.exe
  C:\Windows\System\pHZuPCq.exe
  2⤵
  PID:4000
- C:\Windows\System\YQXoXfS.exe
  C:\Windows\System\YQXoXfS.exe
  2⤵
  PID:4020
- C:\Windows\System\zqYWFbn.exe
  C:\Windows\System\zqYWFbn.exe
  2⤵
  PID:4040
- C:\Windows\System\EKZRHDG.exe
  C:\Windows\System\EKZRHDG.exe
  2⤵
  PID:4060
- C:\Windows\System\dDQmcMH.exe
  C:\Windows\System\dDQmcMH.exe
  2⤵
  PID:4080
- C:\Windows\System\wIsKYYi.exe
  C:\Windows\System\wIsKYYi.exe
  2⤵
  PID:316
- C:\Windows\System\CKPJRCk.exe
  C:\Windows\System\CKPJRCk.exe
  2⤵
  PID:1056
- C:\Windows\System\JAUazGu.exe
  C:\Windows\System\JAUazGu.exe
  2⤵
  PID:2828
- C:\Windows\System\PhNPeBI.exe
  C:\Windows\System\PhNPeBI.exe
  2⤵
  PID:2800
- C:\Windows\System\XLAryji.exe
  C:\Windows\System\XLAryji.exe
  2⤵
  PID:2768
- C:\Windows\System\rpzVraO.exe
  C:\Windows\System\rpzVraO.exe
  2⤵
  PID:1952
- C:\Windows\System\UwAFaKo.exe
  C:\Windows\System\UwAFaKo.exe
  2⤵
  PID:3080
- C:\Windows\System\vHHTVnT.exe
  C:\Windows\System\vHHTVnT.exe
  2⤵
  PID:3116
- C:\Windows\System\ySPrEXP.exe
  C:\Windows\System\ySPrEXP.exe
  2⤵
  PID:3180
- C:\Windows\System\NClYgii.exe
  C:\Windows\System\NClYgii.exe
  2⤵
  PID:3200
- C:\Windows\System\NxVoJzc.exe
  C:\Windows\System\NxVoJzc.exe
  2⤵
  PID:3224
- C:\Windows\System\WZqbHUK.exe
  C:\Windows\System\WZqbHUK.exe
  2⤵
  PID:3264
- C:\Windows\System\XdTRrLM.exe
  C:\Windows\System\XdTRrLM.exe
  2⤵
  PID:3284
- C:\Windows\System\TAQjGaY.exe
  C:\Windows\System\TAQjGaY.exe
  2⤵
  PID:3348
- C:\Windows\System\lABeFRE.exe
  C:\Windows\System\lABeFRE.exe
  2⤵
  PID:3388
- C:\Windows\System\mDAZiGw.exe
  C:\Windows\System\mDAZiGw.exe
  2⤵
  PID:3400
- C:\Windows\System\sGQKWsb.exe
  C:\Windows\System\sGQKWsb.exe
  2⤵
  PID:3424
- C:\Windows\System\vxwOBKy.exe
  C:\Windows\System\vxwOBKy.exe
  2⤵
  PID:3448
- C:\Windows\System\fdSxJoj.exe
  C:\Windows\System\fdSxJoj.exe
  2⤵
  PID:3500
- C:\Windows\System\pXYfPlH.exe
  C:\Windows\System\pXYfPlH.exe
  2⤵
  PID:3548
- C:\Windows\System\HBZOrIa.exe
  C:\Windows\System\HBZOrIa.exe
  2⤵
  PID:3564
- C:\Windows\System\FJmmBzY.exe
  C:\Windows\System\FJmmBzY.exe
  2⤵
  PID:3600
- C:\Windows\System\AUGXgaE.exe
  C:\Windows\System\AUGXgaE.exe
  2⤵
  PID:3632
- C:\Windows\System\hXgMNHt.exe
  C:\Windows\System\hXgMNHt.exe
  2⤵
  PID:3644
- C:\Windows\System\HgxhvDm.exe
  C:\Windows\System\HgxhvDm.exe
  2⤵
  PID:3688
- C:\Windows\System\mjtdjUL.exe
  C:\Windows\System\mjtdjUL.exe
  2⤵
  PID:3732
- C:\Windows\System\exzsWkP.exe
  C:\Windows\System\exzsWkP.exe
  2⤵
  PID:3784
- C:\Windows\System\SVzhEZQ.exe
  C:\Windows\System\SVzhEZQ.exe
  2⤵
  PID:3820
- C:\Windows\System\BvvFpeN.exe
  C:\Windows\System\BvvFpeN.exe
  2⤵
  PID:3804
- C:\Windows\System\AVFUNCA.exe
  C:\Windows\System\AVFUNCA.exe
  2⤵
  PID:3848
- C:\Windows\System\fyQwnCn.exe
  C:\Windows\System\fyQwnCn.exe
  2⤵
  PID:3904
- C:\Windows\System\FxwwGob.exe
  C:\Windows\System\FxwwGob.exe
  2⤵
  PID:3928
- C:\Windows\System\UNhOfwK.exe
  C:\Windows\System\UNhOfwK.exe
  2⤵
  PID:3972
- C:\Windows\System\CYJWfSB.exe
  C:\Windows\System\CYJWfSB.exe
  2⤵
  PID:3988
- C:\Windows\System\rjZCoeY.exe
  C:\Windows\System\rjZCoeY.exe
  2⤵
  PID:4008
- C:\Windows\System\lYEVLHq.exe
  C:\Windows\System\lYEVLHq.exe
  2⤵
  PID:4056
- C:\Windows\System\qkuClru.exe
  C:\Windows\System\qkuClru.exe
  2⤵
  PID:4088
- C:\Windows\System\RqMnPpU.exe
  C:\Windows\System\RqMnPpU.exe
  2⤵
  PID:1724
- C:\Windows\System\BrTSmym.exe
  C:\Windows\System\BrTSmym.exe
  2⤵
  PID:2748
- C:\Windows\System\thLkTbV.exe
  C:\Windows\System\thLkTbV.exe
  2⤵
  PID:2920
- C:\Windows\System\fTgpzoO.exe
  C:\Windows\System\fTgpzoO.exe
  2⤵
  PID:3084
- C:\Windows\System\eNwYpXB.exe
  C:\Windows\System\eNwYpXB.exe
  2⤵
  PID:3164
- C:\Windows\System\vTZfFCt.exe
  C:\Windows\System\vTZfFCt.exe
  2⤵
  PID:3188
- C:\Windows\System\JqAaUZX.exe
  C:\Windows\System\JqAaUZX.exe
  2⤵
  PID:3268
- C:\Windows\System\SZudXoa.exe
  C:\Windows\System\SZudXoa.exe
  2⤵
  PID:1916
- C:\Windows\System\KRZDbda.exe
  C:\Windows\System\KRZDbda.exe
  2⤵
  PID:3324
- C:\Windows\System\XSXGnzs.exe
  C:\Windows\System\XSXGnzs.exe
  2⤵
  PID:3364
- C:\Windows\System\cHyPFbr.exe
  C:\Windows\System\cHyPFbr.exe
  2⤵
  PID:3440
- C:\Windows\System\hcPlxAp.exe
  C:\Windows\System\hcPlxAp.exe
  2⤵
  PID:3488
- C:\Windows\System\oFwkHlx.exe
  C:\Windows\System\oFwkHlx.exe
  2⤵
  PID:3560
- C:\Windows\System\DxiXSEM.exe
  C:\Windows\System\DxiXSEM.exe
  2⤵
  PID:3672
- C:\Windows\System\iFwgaAr.exe
  C:\Windows\System\iFwgaAr.exe
  2⤵
  PID:3648
- C:\Windows\System\TWzkNWK.exe
  C:\Windows\System\TWzkNWK.exe
  2⤵
  PID:3684
- C:\Windows\System\FyjErMP.exe
  C:\Windows\System\FyjErMP.exe
  2⤵
  PID:3748
- C:\Windows\System\tLUqwte.exe
  C:\Windows\System\tLUqwte.exe
  2⤵
  PID:3808
- C:\Windows\System\lQYecdp.exe
  C:\Windows\System\lQYecdp.exe
  2⤵
  PID:3888
- C:\Windows\System\LAeqRlc.exe
  C:\Windows\System\LAeqRlc.exe
  2⤵
  PID:2560
- C:\Windows\System\TmDLjWQ.exe
  C:\Windows\System\TmDLjWQ.exe
  2⤵
  PID:1732
- C:\Windows\System\nQwdFXW.exe
  C:\Windows\System\nQwdFXW.exe
  2⤵
  PID:836
- C:\Windows\System\xQDjpLM.exe
  C:\Windows\System\xQDjpLM.exe
  2⤵
  PID:4068
- C:\Windows\System\lPmTGZN.exe
  C:\Windows\System\lPmTGZN.exe
  2⤵
  PID:4092
- C:\Windows\System\LoWqRSU.exe
  C:\Windows\System\LoWqRSU.exe
  2⤵
  PID:876
- C:\Windows\System\FXaNNhs.exe
  C:\Windows\System\FXaNNhs.exe
  2⤵
  PID:3096
- C:\Windows\System\IGeutQq.exe
  C:\Windows\System\IGeutQq.exe
  2⤵
  PID:3140
- C:\Windows\System\IUEKlfu.exe
  C:\Windows\System\IUEKlfu.exe
  2⤵
  PID:3288
- C:\Windows\System\WKPifnr.exe
  C:\Windows\System\WKPifnr.exe
  2⤵
  PID:3404
- C:\Windows\System\plMCCCR.exe
  C:\Windows\System\plMCCCR.exe
  2⤵
  PID:3428
- C:\Windows\System\kHzYMtD.exe
  C:\Windows\System\kHzYMtD.exe
  2⤵
  PID:3484
- C:\Windows\System\lNeyyyp.exe
  C:\Windows\System\lNeyyyp.exe
  2⤵
  PID:3608
- C:\Windows\System\dFOzMxJ.exe
  C:\Windows\System\dFOzMxJ.exe
  2⤵
  PID:3772
- C:\Windows\System\HXphOsO.exe
  C:\Windows\System\HXphOsO.exe
  2⤵
  PID:3872
- C:\Windows\System\uJeMdpO.exe
  C:\Windows\System\uJeMdpO.exe
  2⤵
  PID:3964
- C:\Windows\System\SBCKbrG.exe
  C:\Windows\System\SBCKbrG.exe
  2⤵
  PID:4048
- C:\Windows\System\NQXEiDI.exe
  C:\Windows\System\NQXEiDI.exe
  2⤵
  PID:4032
- C:\Windows\System\tDIDHOr.exe
  C:\Windows\System\tDIDHOr.exe
  2⤵
  PID:2584
- C:\Windows\System\QSkaZGK.exe
  C:\Windows\System\QSkaZGK.exe
  2⤵
  PID:2760
- C:\Windows\System\PjktfdL.exe
  C:\Windows\System\PjktfdL.exe
  2⤵
  PID:3160
- C:\Windows\System\xQzOKWw.exe
  C:\Windows\System\xQzOKWw.exe
  2⤵
  PID:3520
- C:\Windows\System\KncSWtL.exe
  C:\Windows\System\KncSWtL.exe
  2⤵
  PID:3588
- C:\Windows\System\jMWprCX.exe
  C:\Windows\System\jMWprCX.exe
  2⤵
  PID:3664
- C:\Windows\System\gMCKtFu.exe
  C:\Windows\System\gMCKtFu.exe
  2⤵
  PID:3708
- C:\Windows\System\woNDbJE.exe
  C:\Windows\System\woNDbJE.exe
  2⤵
  PID:3924
- C:\Windows\System\jZlubIv.exe
  C:\Windows\System\jZlubIv.exe
  2⤵
  PID:4104
- C:\Windows\System\yBdEstH.exe
  C:\Windows\System\yBdEstH.exe
  2⤵
  PID:4128
- C:\Windows\System\UxslzCU.exe
  C:\Windows\System\UxslzCU.exe
  2⤵
  PID:4148
- C:\Windows\System\yLXXgBQ.exe
  C:\Windows\System\yLXXgBQ.exe
  2⤵
  PID:4168
- C:\Windows\System\BuTaNAt.exe
  C:\Windows\System\BuTaNAt.exe
  2⤵
  PID:4188
- C:\Windows\System\xiubIot.exe
  C:\Windows\System\xiubIot.exe
  2⤵
  PID:4208
- C:\Windows\System\VcnObIM.exe
  C:\Windows\System\VcnObIM.exe
  2⤵
  PID:4228
- C:\Windows\System\VBgmOJF.exe
  C:\Windows\System\VBgmOJF.exe
  2⤵
  PID:4248
- C:\Windows\System\fLGdsgk.exe
  C:\Windows\System\fLGdsgk.exe
  2⤵
  PID:4268
- C:\Windows\System\zwOnfFv.exe
  C:\Windows\System\zwOnfFv.exe
  2⤵
  PID:4288
- C:\Windows\System\NzDLBVW.exe
  C:\Windows\System\NzDLBVW.exe
  2⤵
  PID:4308
- C:\Windows\System\rEibBqt.exe
  C:\Windows\System\rEibBqt.exe
  2⤵
  PID:4328
- C:\Windows\System\SIpkWmB.exe
  C:\Windows\System\SIpkWmB.exe
  2⤵
  PID:4348
- C:\Windows\System\OyYaZEN.exe
  C:\Windows\System\OyYaZEN.exe
  2⤵
  PID:4368
- C:\Windows\System\ZXebpyn.exe
  C:\Windows\System\ZXebpyn.exe
  2⤵
  PID:4388
- C:\Windows\System\zPUVzKb.exe
  C:\Windows\System\zPUVzKb.exe
  2⤵
  PID:4408
- C:\Windows\System\mdBZCIX.exe
  C:\Windows\System\mdBZCIX.exe
  2⤵
  PID:4428
- C:\Windows\System\pbFlhZN.exe
  C:\Windows\System\pbFlhZN.exe
  2⤵
  PID:4448
- C:\Windows\System\PBTezag.exe
  C:\Windows\System\PBTezag.exe
  2⤵
  PID:4468
- C:\Windows\System\jVkxKrl.exe
  C:\Windows\System\jVkxKrl.exe
  2⤵
  PID:4488
- C:\Windows\System\quarKZQ.exe
  C:\Windows\System\quarKZQ.exe
  2⤵
  PID:4508
- C:\Windows\System\gkqHoHF.exe
  C:\Windows\System\gkqHoHF.exe
  2⤵
  PID:4528
- C:\Windows\System\JeBuWhl.exe
  C:\Windows\System\JeBuWhl.exe
  2⤵
  PID:4548
- C:\Windows\System\iparXGp.exe
  C:\Windows\System\iparXGp.exe
  2⤵
  PID:4568
- C:\Windows\System\TmSLlZC.exe
  C:\Windows\System\TmSLlZC.exe
  2⤵
  PID:4588
- C:\Windows\System\LBuFsal.exe
  C:\Windows\System\LBuFsal.exe
  2⤵
  PID:4608
- C:\Windows\System\hFKkPMu.exe
  C:\Windows\System\hFKkPMu.exe
  2⤵
  PID:4632
- C:\Windows\System\XZSUjyq.exe
  C:\Windows\System\XZSUjyq.exe
  2⤵
  PID:4652
- C:\Windows\System\zCSpKuo.exe
  C:\Windows\System\zCSpKuo.exe
  2⤵
  PID:4672
- C:\Windows\System\aDyVFTk.exe
  C:\Windows\System\aDyVFTk.exe
  2⤵
  PID:4692
- C:\Windows\System\toKeCEy.exe
  C:\Windows\System\toKeCEy.exe
  2⤵
  PID:4712
- C:\Windows\System\PnOCwdK.exe
  C:\Windows\System\PnOCwdK.exe
  2⤵
  PID:4732
- C:\Windows\System\iSYqEVU.exe
  C:\Windows\System\iSYqEVU.exe
  2⤵
  PID:4752
- C:\Windows\System\WLXoLlv.exe
  C:\Windows\System\WLXoLlv.exe
  2⤵
  PID:4776
- C:\Windows\System\ZaHAvsb.exe
  C:\Windows\System\ZaHAvsb.exe
  2⤵
  PID:4796
- C:\Windows\System\DnZJrpd.exe
  C:\Windows\System\DnZJrpd.exe
  2⤵
  PID:4816
- C:\Windows\System\IxLrPIf.exe
  C:\Windows\System\IxLrPIf.exe
  2⤵
  PID:4836
- C:\Windows\System\YZDBoIS.exe
  C:\Windows\System\YZDBoIS.exe
  2⤵
  PID:4856
- C:\Windows\System\rAkOhkC.exe
  C:\Windows\System\rAkOhkC.exe
  2⤵
  PID:4876
- C:\Windows\System\ytLLPVb.exe
  C:\Windows\System\ytLLPVb.exe
  2⤵
  PID:4896
- C:\Windows\System\xXEeBeR.exe
  C:\Windows\System\xXEeBeR.exe
  2⤵
  PID:4916
- C:\Windows\System\bGzGymG.exe
  C:\Windows\System\bGzGymG.exe
  2⤵
  PID:4936
- C:\Windows\System\NUmiOfq.exe
  C:\Windows\System\NUmiOfq.exe
  2⤵
  PID:4956
- C:\Windows\System\EnKAkjR.exe
  C:\Windows\System\EnKAkjR.exe
  2⤵
  PID:4976
- C:\Windows\System\MyeVNQz.exe
  C:\Windows\System\MyeVNQz.exe
  2⤵
  PID:4996
- C:\Windows\System\Kacmftc.exe
  C:\Windows\System\Kacmftc.exe
  2⤵
  PID:5016
- C:\Windows\System\qgyRpgZ.exe
  C:\Windows\System\qgyRpgZ.exe
  2⤵
  PID:5036
- C:\Windows\System\ZZwSHsB.exe
  C:\Windows\System\ZZwSHsB.exe
  2⤵
  PID:5056
- C:\Windows\System\mLHcYRo.exe
  C:\Windows\System\mLHcYRo.exe
  2⤵
  PID:5076
- C:\Windows\System\DCrjFgC.exe
  C:\Windows\System\DCrjFgC.exe
  2⤵
  PID:5096
- C:\Windows\System\LNBgSFr.exe
  C:\Windows\System\LNBgSFr.exe
  2⤵
  PID:5116
- C:\Windows\System\QmrlsfJ.exe
  C:\Windows\System\QmrlsfJ.exe
  2⤵
  PID:4076
- C:\Windows\System\ZymEMcj.exe
  C:\Windows\System\ZymEMcj.exe
  2⤵
  PID:3280
- C:\Windows\System\EZarKQi.exe
  C:\Windows\System\EZarKQi.exe
  2⤵
  PID:3420
- C:\Windows\System\fNaqqex.exe
  C:\Windows\System\fNaqqex.exe
  2⤵
  PID:3832
- C:\Windows\System\sUOrNwE.exe
  C:\Windows\System\sUOrNwE.exe
  2⤵
  PID:2612
- C:\Windows\System\ydeQFDS.exe
  C:\Windows\System\ydeQFDS.exe
  2⤵
  PID:1836
- C:\Windows\System\DXPFped.exe
  C:\Windows\System\DXPFped.exe
  2⤵
  PID:1608
- C:\Windows\System\hwJYojX.exe
  C:\Windows\System\hwJYojX.exe
  2⤵
  PID:4136
- C:\Windows\System\hILWqNk.exe
  C:\Windows\System\hILWqNk.exe
  2⤵
  PID:1784
- C:\Windows\System\ecshNmY.exe
  C:\Windows\System\ecshNmY.exe
  2⤵
  PID:2660
- C:\Windows\System\WMdENuD.exe
  C:\Windows\System\WMdENuD.exe
  2⤵
  PID:4244
- C:\Windows\System\hqeQXRm.exe
  C:\Windows\System\hqeQXRm.exe
  2⤵
  PID:4276
- C:\Windows\System\YJxnHNA.exe
  C:\Windows\System\YJxnHNA.exe
  2⤵
  PID:4316
- C:\Windows\System\ZGCQMuP.exe
  C:\Windows\System\ZGCQMuP.exe
  2⤵
  PID:4320
- C:\Windows\System\tPzrwYM.exe
  C:\Windows\System\tPzrwYM.exe
  2⤵
  PID:4364
- C:\Windows\System\LciPDUn.exe
  C:\Windows\System\LciPDUn.exe
  2⤵
  PID:4380
- C:\Windows\System\UyRhCZb.exe
  C:\Windows\System\UyRhCZb.exe
  2⤵
  PID:4424
- C:\Windows\System\drwdbXY.exe
  C:\Windows\System\drwdbXY.exe
  2⤵
  PID:4456
- C:\Windows\System\kwNZNtr.exe
  C:\Windows\System\kwNZNtr.exe
  2⤵
  PID:4460
- C:\Windows\System\HZolqlO.exe
  C:\Windows\System\HZolqlO.exe
  2⤵
  PID:4520
- C:\Windows\System\TRLOeKB.exe
  C:\Windows\System\TRLOeKB.exe
  2⤵
  PID:4544
- C:\Windows\System\qxbXqut.exe
  C:\Windows\System\qxbXqut.exe
  2⤵
  PID:4604
- C:\Windows\System\tADyGUn.exe
  C:\Windows\System\tADyGUn.exe
  2⤵
  PID:4620
- C:\Windows\System\VifCFes.exe
  C:\Windows\System\VifCFes.exe
  2⤵
  PID:4680
- C:\Windows\System\HPxngxT.exe
  C:\Windows\System\HPxngxT.exe
  2⤵
  PID:4684
- C:\Windows\System\dplUqLd.exe
  C:\Windows\System\dplUqLd.exe
  2⤵
  PID:4704
- C:\Windows\System\JSBDyBW.exe
  C:\Windows\System\JSBDyBW.exe
  2⤵
  PID:4772
- C:\Windows\System\zdBPvix.exe
  C:\Windows\System\zdBPvix.exe
  2⤵
  PID:4784
- C:\Windows\System\PNfzJwE.exe
  C:\Windows\System\PNfzJwE.exe
  2⤵
  PID:4832
- C:\Windows\System\GDiicgq.exe
  C:\Windows\System\GDiicgq.exe
  2⤵
  PID:4892
- C:\Windows\System\KuUmZZA.exe
  C:\Windows\System\KuUmZZA.exe
  2⤵
  PID:4904
- C:\Windows\System\OlXXLpR.exe
  C:\Windows\System\OlXXLpR.exe
  2⤵
  PID:4908
- C:\Windows\System\fYusDUP.exe
  C:\Windows\System\fYusDUP.exe
  2⤵
  PID:4968
- C:\Windows\System\GfJsSFg.exe
  C:\Windows\System\GfJsSFg.exe
  2⤵
  PID:5012
- C:\Windows\System\NuGXpIe.exe
  C:\Windows\System\NuGXpIe.exe
  2⤵
  PID:5032
- C:\Windows\System\cSEVbdg.exe
  C:\Windows\System\cSEVbdg.exe
  2⤵
  PID:5048
- C:\Windows\System\RvdCHGS.exe
  C:\Windows\System\RvdCHGS.exe
  2⤵
  PID:5072
- C:\Windows\System\NGdlgNz.exe
  C:\Windows\System\NGdlgNz.exe
  2⤵
  PID:5112
- C:\Windows\System\HVLqWKv.exe
  C:\Windows\System\HVLqWKv.exe
  2⤵
  PID:3580
- C:\Windows\System\QTHApBU.exe
  C:\Windows\System\QTHApBU.exe
  2⤵
  PID:3524
- C:\Windows\System\xBiHjyy.exe
  C:\Windows\System\xBiHjyy.exe
  2⤵
  PID:3764
- C:\Windows\System\LhmYpNy.exe
  C:\Windows\System\LhmYpNy.exe
  2⤵
  PID:1616
- C:\Windows\System\nSeqRHb.exe
  C:\Windows\System\nSeqRHb.exe
  2⤵
  PID:2608
- C:\Windows\System\vhbVxrw.exe
  C:\Windows\System\vhbVxrw.exe
  2⤵
  PID:4180
- C:\Windows\System\NHRYiqF.exe
  C:\Windows\System\NHRYiqF.exe
  2⤵
  PID:4256
- C:\Windows\System\GDkrctY.exe
  C:\Windows\System\GDkrctY.exe
  2⤵
  PID:4296
- C:\Windows\System\ENJtONk.exe
  C:\Windows\System\ENJtONk.exe
  2⤵
  PID:4340
- C:\Windows\System\yAsornC.exe
  C:\Windows\System\yAsornC.exe
  2⤵
  PID:4416
- C:\Windows\System\ethkzxS.exe
  C:\Windows\System\ethkzxS.exe
  2⤵
  PID:4464
- C:\Windows\System\WFeUoDx.exe
  C:\Windows\System\WFeUoDx.exe
  2⤵
  PID:4504
- C:\Windows\System\fYZwhrV.exe
  C:\Windows\System\fYZwhrV.exe
  2⤵
  PID:4560
- C:\Windows\System\xdQwHuk.exe
  C:\Windows\System\xdQwHuk.exe
  2⤵
  PID:4580
- C:\Windows\System\jnGXkRo.exe
  C:\Windows\System\jnGXkRo.exe
  2⤵
  PID:4688
- C:\Windows\System\AQjpbEM.exe
  C:\Windows\System\AQjpbEM.exe
  2⤵
  PID:4708
- C:\Windows\System\mctiSQk.exe
  C:\Windows\System\mctiSQk.exe
  2⤵
  PID:4808
- C:\Windows\System\EIykbqi.exe
  C:\Windows\System\EIykbqi.exe
  2⤵
  PID:4884
- C:\Windows\System\TiMkLnS.exe
  C:\Windows\System\TiMkLnS.exe
  2⤵
  PID:4972
- C:\Windows\System\uxXRhAI.exe
  C:\Windows\System\uxXRhAI.exe
  2⤵
  PID:4944
- C:\Windows\System\XOXtiGE.exe
  C:\Windows\System\XOXtiGE.exe
  2⤵
  PID:5004
- C:\Windows\System\dRnlcMd.exe
  C:\Windows\System\dRnlcMd.exe
  2⤵
  PID:1976
- C:\Windows\System\eCpabig.exe
  C:\Windows\System\eCpabig.exe
  2⤵
  PID:4072
- C:\Windows\System\ZpIzKWf.exe
  C:\Windows\System\ZpIzKWf.exe
  2⤵
  PID:3300
- C:\Windows\System\uCJrVeZ.exe
  C:\Windows\System\uCJrVeZ.exe
  2⤵
  PID:3828
- C:\Windows\System\goXCsNu.exe
  C:\Windows\System\goXCsNu.exe
  2⤵
  PID:1380
- C:\Windows\System\wICKbXc.exe
  C:\Windows\System\wICKbXc.exe
  2⤵
  PID:2812
- C:\Windows\System\beezEca.exe
  C:\Windows\System\beezEca.exe
  2⤵
  PID:4196
- C:\Windows\System\dIGHdvs.exe
  C:\Windows\System\dIGHdvs.exe
  2⤵
  PID:4344
- C:\Windows\System\AVUYPrw.exe
  C:\Windows\System\AVUYPrw.exe
  2⤵
  PID:4404
- C:\Windows\System\XEcGxSi.exe
  C:\Windows\System\XEcGxSi.exe
  2⤵
  PID:4440
- C:\Windows\System\cPWiRTZ.exe
  C:\Windows\System\cPWiRTZ.exe
  2⤵
  PID:2564
- C:\Windows\System\zmFvFNJ.exe
  C:\Windows\System\zmFvFNJ.exe
  2⤵
  PID:4640
- C:\Windows\System\vwGfeee.exe
  C:\Windows\System\vwGfeee.exe
  2⤵
  PID:4748
- C:\Windows\System\VQWYVGd.exe
  C:\Windows\System\VQWYVGd.exe
  2⤵
  PID:4852
- C:\Windows\System\isfPBHj.exe
  C:\Windows\System\isfPBHj.exe
  2⤵
  PID:2440
- C:\Windows\System\JuLXNjd.exe
  C:\Windows\System\JuLXNjd.exe
  2⤵
  PID:4928
- C:\Windows\System\vJQrAIa.exe
  C:\Windows\System\vJQrAIa.exe
  2⤵
  PID:5092
- C:\Windows\System\ItWTjam.exe
  C:\Windows\System\ItWTjam.exe
  2⤵
  PID:5088
- C:\Windows\System\wTpYwXX.exe
  C:\Windows\System\wTpYwXX.exe
  2⤵
  PID:3204
- C:\Windows\System\RRwbfNw.exe
  C:\Windows\System\RRwbfNw.exe
  2⤵
  PID:1488
- C:\Windows\System\CahFWXV.exe
  C:\Windows\System\CahFWXV.exe
  2⤵
  PID:4720
- C:\Windows\System\UOytHsr.exe
  C:\Windows\System\UOytHsr.exe
  2⤵
  PID:2752
- C:\Windows\System\VfBMneW.exe
  C:\Windows\System\VfBMneW.exe
  2⤵
  PID:4280
- C:\Windows\System\KFQsDSX.exe
  C:\Windows\System\KFQsDSX.exe
  2⤵
  PID:2644
- C:\Windows\System\XyzZYEk.exe
  C:\Windows\System\XyzZYEk.exe
  2⤵
  PID:4536
- C:\Windows\System\MgrVoRj.exe
  C:\Windows\System\MgrVoRj.exe
  2⤵
  PID:4644
- C:\Windows\System\xMzuafW.exe
  C:\Windows\System\xMzuafW.exe
  2⤵
  PID:4728
- C:\Windows\System\RQXjjiz.exe
  C:\Windows\System\RQXjjiz.exe
  2⤵
  PID:4952
- C:\Windows\System\kbaMbnE.exe
  C:\Windows\System\kbaMbnE.exe
  2⤵
  PID:2716
- C:\Windows\System\QWPNmmA.exe
  C:\Windows\System\QWPNmmA.exe
  2⤵
  PID:1720
- C:\Windows\System\jJybfxk.exe
  C:\Windows\System\jJybfxk.exe
  2⤵
  PID:1848
- C:\Windows\System\gxRQjrN.exe
  C:\Windows\System\gxRQjrN.exe
  2⤵
  PID:2952
- C:\Windows\System\zpPgsRT.exe
  C:\Windows\System\zpPgsRT.exe
  2⤵
  PID:2924
- C:\Windows\System\KhahkeS.exe
  C:\Windows\System\KhahkeS.exe
  2⤵
  PID:1416
- C:\Windows\System\PVCYFjt.exe
  C:\Windows\System\PVCYFjt.exe
  2⤵
  PID:4200
- C:\Windows\System\AixBFQI.exe
  C:\Windows\System\AixBFQI.exe
  2⤵
  PID:4284
- C:\Windows\System\ofAKryP.exe
  C:\Windows\System\ofAKryP.exe
  2⤵
  PID:2072
- C:\Windows\System\gIPxcwV.exe
  C:\Windows\System\gIPxcwV.exe
  2⤵
  PID:4812
- C:\Windows\System\RrHtsWW.exe
  C:\Windows\System\RrHtsWW.exe
  2⤵
  PID:4648
- C:\Windows\System\OmGScWt.exe
  C:\Windows\System\OmGScWt.exe
  2⤵
  PID:372
- C:\Windows\System\YrauEMD.exe
  C:\Windows\System\YrauEMD.exe
  2⤵
  PID:2488
- C:\Windows\System\LXfxMqJ.exe
  C:\Windows\System\LXfxMqJ.exe
  2⤵
  PID:4804
- C:\Windows\System\QnpoGRA.exe
  C:\Windows\System\QnpoGRA.exe
  2⤵
  PID:2308
- C:\Windows\System\rKOcTMV.exe
  C:\Windows\System\rKOcTMV.exe
  2⤵
  PID:4824
- C:\Windows\System\hAozAmQ.exe
  C:\Windows\System\hAozAmQ.exe
  2⤵
  PID:4616
- C:\Windows\System\VSQMadr.exe
  C:\Windows\System\VSQMadr.exe
  2⤵
  PID:2984
- C:\Windows\System\SKlqCBy.exe
  C:\Windows\System\SKlqCBy.exe
  2⤵
  PID:1636
- C:\Windows\System\oDLzDkd.exe
  C:\Windows\System\oDLzDkd.exe
  2⤵
  PID:688
- C:\Windows\System\NPGVAZy.exe
  C:\Windows\System\NPGVAZy.exe
  2⤵
  PID:5044
- C:\Windows\System\GOAuhvG.exe
  C:\Windows\System\GOAuhvG.exe
  2⤵
  PID:1648
- C:\Windows\System\vUumInw.exe
  C:\Windows\System\vUumInw.exe
  2⤵
  PID:4176
- C:\Windows\System\ywJFVUA.exe
  C:\Windows\System\ywJFVUA.exe
  2⤵
  PID:4668
- C:\Windows\System\KZsoUGr.exe
  C:\Windows\System\KZsoUGr.exe
  2⤵
  PID:1132
- C:\Windows\System\SLfFWDs.exe
  C:\Windows\System\SLfFWDs.exe
  2⤵
  PID:2912
- C:\Windows\System\WgNBmGq.exe
  C:\Windows\System\WgNBmGq.exe
  2⤵
  PID:560
- C:\Windows\System\QWIqXfS.exe
  C:\Windows\System\QWIqXfS.exe
  2⤵
  PID:4204
- C:\Windows\System\frmHhTm.exe
  C:\Windows\System\frmHhTm.exe
  2⤵
  PID:5128
- C:\Windows\System\UXemuKr.exe
  C:\Windows\System\UXemuKr.exe
  2⤵
  PID:5144
- C:\Windows\System\gVvGdgI.exe
  C:\Windows\System\gVvGdgI.exe
  2⤵
  PID:5168
- C:\Windows\System\SGhDdhu.exe
  C:\Windows\System\SGhDdhu.exe
  2⤵
  PID:5208
- C:\Windows\System\THJyhVr.exe
  C:\Windows\System\THJyhVr.exe
  2⤵
  PID:5224
- C:\Windows\System\KOZRUtU.exe
  C:\Windows\System\KOZRUtU.exe
  2⤵
  PID:5240
- C:\Windows\System\YWsMfsU.exe
  C:\Windows\System\YWsMfsU.exe
  2⤵
  PID:5256
- C:\Windows\System\jYBIWwm.exe
  C:\Windows\System\jYBIWwm.exe
  2⤵
  PID:5276
- C:\Windows\System\JzxbCjB.exe
  C:\Windows\System\JzxbCjB.exe
  2⤵
  PID:5292
- C:\Windows\System\rKqmUYi.exe
  C:\Windows\System\rKqmUYi.exe
  2⤵
  PID:5312
- C:\Windows\System\sYqgOKy.exe
  C:\Windows\System\sYqgOKy.exe
  2⤵
  PID:5336
- C:\Windows\System\PiNgxvg.exe
  C:\Windows\System\PiNgxvg.exe
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5356
- C:\Windows\System\wVWLbeg.exe
  C:\Windows\System\wVWLbeg.exe
  2⤵
  PID:5380
- C:\Windows\System\aeYwKeo.exe
  C:\Windows\System\aeYwKeo.exe
  2⤵
  PID:5396
- C:\Windows\System\omstApj.exe
  C:\Windows\System\omstApj.exe
  2⤵
  PID:5416
- C:\Windows\System\lCVKIzl.exe
  C:\Windows\System\lCVKIzl.exe
  2⤵
  PID:5432
- C:\Windows\System\jONcIzD.exe
  C:\Windows\System\jONcIzD.exe
  2⤵
  PID:5448
- C:\Windows\System\smvsWVv.exe
  C:\Windows\System\smvsWVv.exe
  2⤵
  PID:5480
- C:\Windows\System\YbcqJKx.exe
  C:\Windows\System\YbcqJKx.exe
  2⤵
  PID:5508
- C:\Windows\System\wVVKQni.exe
  C:\Windows\System\wVVKQni.exe
  2⤵
  PID:5524
- C:\Windows\System\AWuuFRH.exe
  C:\Windows\System\AWuuFRH.exe
  2⤵
  PID:5540
- C:\Windows\System\fVbIcCx.exe
  C:\Windows\System\fVbIcCx.exe
  2⤵
  PID:5556
- C:\Windows\System\krPRCWU.exe
  C:\Windows\System\krPRCWU.exe
  2⤵
  PID:5576
- C:\Windows\System\TKSWNkG.exe
  C:\Windows\System\TKSWNkG.exe
  2⤵
  PID:5596
- C:\Windows\System\KBQFQdi.exe
  C:\Windows\System\KBQFQdi.exe
  2⤵
  PID:5612
- C:\Windows\System\vbHLdoK.exe
  C:\Windows\System\vbHLdoK.exe
  2⤵
  PID:5628
- C:\Windows\System\PSntkHr.exe
  C:\Windows\System\PSntkHr.exe
  2⤵
  PID:5644
- C:\Windows\System\WRrpRJU.exe
  C:\Windows\System\WRrpRJU.exe
  2⤵
  PID:5660
- C:\Windows\System\MaDCBfm.exe
  C:\Windows\System\MaDCBfm.exe
  2⤵
  PID:5684
- C:\Windows\System\tntibWC.exe
  C:\Windows\System\tntibWC.exe
  2⤵
  PID:5708
- C:\Windows\System\nxGyrOZ.exe
  C:\Windows\System\nxGyrOZ.exe
  2⤵
  PID:5728
- C:\Windows\System\nQbqdYF.exe
  C:\Windows\System\nQbqdYF.exe
  2⤵
  PID:5744
- C:\Windows\System\tgUXhCi.exe
  C:\Windows\System\tgUXhCi.exe
  2⤵
  PID:5788
- C:\Windows\System\YKjhqLD.exe
  C:\Windows\System\YKjhqLD.exe
  2⤵
  PID:5812
- C:\Windows\System\azcsxyA.exe
  C:\Windows\System\azcsxyA.exe
  2⤵
  PID:5828
- C:\Windows\System\VmIaoiw.exe
  C:\Windows\System\VmIaoiw.exe
  2⤵
  PID:5852
- C:\Windows\System\KjCttcv.exe
  C:\Windows\System\KjCttcv.exe
  2⤵
  PID:5868
- C:\Windows\System\iDeRGph.exe
  C:\Windows\System\iDeRGph.exe
  2⤵
  PID:5892
- C:\Windows\System\grTKyPw.exe
  C:\Windows\System\grTKyPw.exe
  2⤵
  PID:5908
- C:\Windows\System\pKuJOGy.exe
  C:\Windows\System\pKuJOGy.exe
  2⤵
  PID:5924
- C:\Windows\System\fVjCjjN.exe
  C:\Windows\System\fVjCjjN.exe
  2⤵
  PID:5940
- C:\Windows\System\FxtywIH.exe
  C:\Windows\System\FxtywIH.exe
  2⤵
  PID:5960
- C:\Windows\System\xcwINQg.exe
  C:\Windows\System\xcwINQg.exe
  2⤵
  PID:5980
- C:\Windows\System\zqNdcGb.exe
  C:\Windows\System\zqNdcGb.exe
  2⤵
  PID:6012
- C:\Windows\System\qQheAbg.exe
  C:\Windows\System\qQheAbg.exe
  2⤵
  PID:6028
- C:\Windows\System\mNRAkea.exe
  C:\Windows\System\mNRAkea.exe
  2⤵
  PID:6044
- C:\Windows\System\XKHJPrG.exe
  C:\Windows\System\XKHJPrG.exe
  2⤵
  PID:6068
- C:\Windows\System\qddpAAT.exe
  C:\Windows\System\qddpAAT.exe
  2⤵
  PID:6088
- C:\Windows\System\ZUaVwmi.exe
  C:\Windows\System\ZUaVwmi.exe
  2⤵
  PID:6104
- C:\Windows\System\onmLNXz.exe
  C:\Windows\System\onmLNXz.exe
  2⤵
  PID:6120
- C:\Windows\System\sJgRnvS.exe
  C:\Windows\System\sJgRnvS.exe
  2⤵
  PID:6140
- C:\Windows\System\pXqsoJf.exe
  C:\Windows\System\pXqsoJf.exe
  2⤵
  PID:2388
- C:\Windows\System\aHZlrQW.exe
  C:\Windows\System\aHZlrQW.exe
  2⤵
  PID:1968
- C:\Windows\System\BjMmvOv.exe
  C:\Windows\System\BjMmvOv.exe
  2⤵
  PID:4576
- C:\Windows\System\cudsbts.exe
  C:\Windows\System\cudsbts.exe
  2⤵
  PID:5140
- C:\Windows\System\PfgoqWl.exe
  C:\Windows\System\PfgoqWl.exe
  2⤵
  PID:5196
- C:\Windows\System\NpXPVic.exe
  C:\Windows\System\NpXPVic.exe
  2⤵
  PID:5152
- C:\Windows\System\ysPMSpZ.exe
  C:\Windows\System\ysPMSpZ.exe
  2⤵
  PID:5204
- C:\Windows\System\BLLqXkl.exe
  C:\Windows\System\BLLqXkl.exe
  2⤵
  PID:5232
- C:\Windows\System\ufXSzlR.exe
  C:\Windows\System\ufXSzlR.exe
  2⤵
  PID:5304
- C:\Windows\System\eNRPZmu.exe
  C:\Windows\System\eNRPZmu.exe
  2⤵
  PID:5288
- C:\Windows\System\rebfMoe.exe
  C:\Windows\System\rebfMoe.exe
  2⤵
  PID:5324
- C:\Windows\System\mKcFRTs.exe
  C:\Windows\System\mKcFRTs.exe
  2⤵
  PID:5392
- C:\Windows\System\JPznSbx.exe
  C:\Windows\System\JPznSbx.exe
  2⤵
  PID:5376
- C:\Windows\System\PKywGeo.exe
  C:\Windows\System\PKywGeo.exe
  2⤵
  PID:5516
- C:\Windows\System\gSGpBzk.exe
  C:\Windows\System\gSGpBzk.exe
  2⤵
  PID:5584
- C:\Windows\System\uLtcyiD.exe
  C:\Windows\System\uLtcyiD.exe
  2⤵
  PID:5624
- C:\Windows\System\bWbTwMc.exe
  C:\Windows\System\bWbTwMc.exe
  2⤵
  PID:5496
- C:\Windows\System\wohPotb.exe
  C:\Windows\System\wohPotb.exe
  2⤵
  PID:5492
- C:\Windows\System\DPDTFul.exe
  C:\Windows\System\DPDTFul.exe
  2⤵
  PID:5536
- C:\Windows\System\MNELOot.exe
  C:\Windows\System\MNELOot.exe
  2⤵
  PID:5572
- C:\Windows\System\WUICnDK.exe
  C:\Windows\System\WUICnDK.exe
  2⤵
  PID:5716
- C:\Windows\System\mNSqQwh.exe
  C:\Windows\System\mNSqQwh.exe
  2⤵
  PID:5636
- C:\Windows\System\fdzlnjJ.exe
  C:\Windows\System\fdzlnjJ.exe
  2⤵
  PID:5676
- C:\Windows\System\NLXXWZa.exe
  C:\Windows\System\NLXXWZa.exe
  2⤵
  PID:5764
- C:\Windows\System\FOokTuQ.exe
  C:\Windows\System\FOokTuQ.exe
  2⤵
  PID:5836
- C:\Windows\System\HapBPzr.exe
  C:\Windows\System\HapBPzr.exe
  2⤵
  PID:5848
- C:\Windows\System\cxQvkgA.exe
  C:\Windows\System\cxQvkgA.exe
  2⤵
  PID:5880
- C:\Windows\System\LklHZHq.exe
  C:\Windows\System\LklHZHq.exe
  2⤵
  PID:5904
- C:\Windows\System\VudYlkY.exe
  C:\Windows\System\VudYlkY.exe
  2⤵
  PID:5972
- C:\Windows\System\PIolnaK.exe
  C:\Windows\System\PIolnaK.exe
  2⤵
  PID:6008
- C:\Windows\System\hmWKNoC.exe
  C:\Windows\System\hmWKNoC.exe
  2⤵
  PID:6052
- C:\Windows\System\QmookjI.exe
  C:\Windows\System\QmookjI.exe
  2⤵
  PID:6076
- C:\Windows\System\ikHDKbW.exe
  C:\Windows\System\ikHDKbW.exe
  2⤵
  PID:6112
- C:\Windows\System\tzbAOJX.exe
  C:\Windows\System\tzbAOJX.exe
  2⤵
  PID:2132
- C:\Windows\System\urXtJFi.exe
  C:\Windows\System\urXtJFi.exe
  2⤵
  PID:5188
- C:\Windows\System\NwLzdgL.exe
  C:\Windows\System\NwLzdgL.exe
  2⤵
  PID:5268
- C:\Windows\System\EdEoDiF.exe
  C:\Windows\System\EdEoDiF.exe
  2⤵
  PID:6136
- C:\Windows\System\LGqrfpS.exe
  C:\Windows\System\LGqrfpS.exe
  2⤵
  PID:5344
- C:\Windows\System\IZQCsKw.exe
  C:\Windows\System\IZQCsKw.exe
  2⤵
  PID:5104
- C:\Windows\System\QMygCec.exe
  C:\Windows\System\QMygCec.exe
  2⤵
  PID:5468
- C:\Windows\System\xkgtycx.exe
  C:\Windows\System\xkgtycx.exe
  2⤵
  PID:5552
- C:\Windows\System\QtarJrA.exe
  C:\Windows\System\QtarJrA.exe
  2⤵
  PID:5640
- C:\Windows\System\qkHRneu.exe
  C:\Windows\System\qkHRneu.exe
  2⤵
  PID:5668
- C:\Windows\System\JyDwlHz.exe
  C:\Windows\System\JyDwlHz.exe
  2⤵
  PID:5756
- C:\Windows\System\PWWXlHx.exe
  C:\Windows\System\PWWXlHx.exe
  2⤵
  PID:5404
- C:\Windows\System\PXAnuet.exe
  C:\Windows\System\PXAnuet.exe
  2⤵
  PID:5200
- C:\Windows\System\jqnMmLV.exe
  C:\Windows\System\jqnMmLV.exe
  2⤵
  PID:6128
- C:\Windows\System\ArnTIox.exe
  C:\Windows\System\ArnTIox.exe
  2⤵
  PID:5620
- C:\Windows\System\TXDqUlY.exe
  C:\Windows\System\TXDqUlY.exe
  2⤵
  PID:5936
- C:\Windows\System\jRnfpnA.exe
  C:\Windows\System\jRnfpnA.exe
  2⤵
  PID:5840
- C:\Windows\System\NYADLUb.exe
  C:\Windows\System\NYADLUb.exe
  2⤵
  PID:6080
- C:\Windows\System\YUkhZmj.exe
  C:\Windows\System\YUkhZmj.exe
  2⤵
  PID:5300
- C:\Windows\System\OiDlipe.exe
  C:\Windows\System\OiDlipe.exe
  2⤵
  PID:5996
- C:\Windows\System\hpIWCov.exe
  C:\Windows\System\hpIWCov.exe
  2⤵
  PID:5352
- C:\Windows\System\mmwLNAh.exe
  C:\Windows\System\mmwLNAh.exe
  2⤵
  PID:5364
- C:\Windows\System\AkUZgMr.exe
  C:\Windows\System\AkUZgMr.exe
  2⤵
  PID:5456
- C:\Windows\System\AzSoemz.exe
  C:\Windows\System\AzSoemz.exe
  2⤵
  PID:5740
- C:\Windows\System\uXtFfYX.exe
  C:\Windows\System\uXtFfYX.exe
  2⤵
  PID:5388
- C:\Windows\System\ZiCVsPY.exe
  C:\Windows\System\ZiCVsPY.exe
  2⤵
  PID:5180
- C:\Windows\System\QcaNDho.exe
  C:\Windows\System\QcaNDho.exe
  2⤵
  PID:2460
- C:\Windows\System\FeNTKXz.exe
  C:\Windows\System\FeNTKXz.exe
  2⤵
  PID:5568
- C:\Windows\System\oynpUKi.exe
  C:\Windows\System\oynpUKi.exe
  2⤵
  PID:5784
- C:\Windows\System\gkZpotL.exe
  C:\Windows\System\gkZpotL.exe
  2⤵
  PID:5952
- C:\Windows\System\VnBnffM.exe
  C:\Windows\System\VnBnffM.exe
  2⤵
  PID:5992
- C:\Windows\System\kFxaoMi.exe
  C:\Windows\System\kFxaoMi.exe
  2⤵
  PID:1544
- C:\Windows\System\mFujUGe.exe
  C:\Windows\System\mFujUGe.exe
  2⤵
  PID:5320
- C:\Windows\System\iRauoCY.exe
  C:\Windows\System\iRauoCY.exe
  2⤵
  PID:5692
- C:\Windows\System\FxByaOo.exe
  C:\Windows\System\FxByaOo.exe
  2⤵
  PID:5488
- C:\Windows\System\OCYIeAG.exe
  C:\Windows\System\OCYIeAG.exe
  2⤵
  PID:5876
- C:\Windows\System\iwaCKJa.exe
  C:\Windows\System\iwaCKJa.exe
  2⤵
  PID:5752
- C:\Windows\System\yZiBvbS.exe
  C:\Windows\System\yZiBvbS.exe
  2⤵
  PID:5804
- C:\Windows\System\BiZItsJ.exe
  C:\Windows\System\BiZItsJ.exe
  2⤵
  PID:5184
- C:\Windows\System\HkrgPtx.exe
  C:\Windows\System\HkrgPtx.exe
  2⤵
  PID:5164
- C:\Windows\System\QfuCMrH.exe
  C:\Windows\System\QfuCMrH.exe
  2⤵
  PID:5464
- C:\Windows\System\WxlXdME.exe
  C:\Windows\System\WxlXdME.exe
  2⤵
  PID:6160
- C:\Windows\System\uCrllsB.exe
  C:\Windows\System\uCrllsB.exe
  2⤵
  PID:6176
- C:\Windows\System\RCWBzoS.exe
  C:\Windows\System\RCWBzoS.exe
  2⤵
  PID:6196
- C:\Windows\System\wFtDaEv.exe
  C:\Windows\System\wFtDaEv.exe
  2⤵
  PID:6212
- C:\Windows\System\fXKwpIj.exe
  C:\Windows\System\fXKwpIj.exe
  2⤵
  PID:6228
- C:\Windows\System\wheAynP.exe
  C:\Windows\System\wheAynP.exe
  2⤵
  PID:6268
- C:\Windows\System\xqcgpCj.exe
  C:\Windows\System\xqcgpCj.exe
  2⤵
  PID:6284
- C:\Windows\System\pkaEcVp.exe
  C:\Windows\System\pkaEcVp.exe
  2⤵
  PID:6304
- C:\Windows\System\hogEUur.exe
  C:\Windows\System\hogEUur.exe
  2⤵
  PID:6320
- C:\Windows\System\UTBheRd.exe
  C:\Windows\System\UTBheRd.exe
  2⤵
  PID:6336
- C:\Windows\System\VjDMiDV.exe
  C:\Windows\System\VjDMiDV.exe
  2⤵
  PID:6356
- C:\Windows\System\swBLoHt.exe
  C:\Windows\System\swBLoHt.exe
  2⤵
  PID:6372
- C:\Windows\System\qCUsCbD.exe
  C:\Windows\System\qCUsCbD.exe
  2⤵
  PID:6392
- C:\Windows\System\XDCLQqx.exe
  C:\Windows\System\XDCLQqx.exe
  2⤵
  PID:6408
- C:\Windows\System\IQIlNLs.exe
  C:\Windows\System\IQIlNLs.exe
  2⤵
  PID:6424
- C:\Windows\System\pNnRUlt.exe
  C:\Windows\System\pNnRUlt.exe
  2⤵
  PID:6448
- C:\Windows\System\kdppgkE.exe
  C:\Windows\System\kdppgkE.exe
  2⤵
  PID:6464
- C:\Windows\System\SNOlsRg.exe
  C:\Windows\System\SNOlsRg.exe
  2⤵
  PID:6508
- C:\Windows\System\XNSfrNd.exe
  C:\Windows\System\XNSfrNd.exe
  2⤵
  PID:6532
- C:\Windows\System\EOtsikJ.exe
  C:\Windows\System\EOtsikJ.exe
  2⤵
  PID:6548
- C:\Windows\System\tFVkYgm.exe
  C:\Windows\System\tFVkYgm.exe
  2⤵
  PID:6564
- C:\Windows\System\WDWnhjY.exe
  C:\Windows\System\WDWnhjY.exe
  2⤵
  PID:6580
- C:\Windows\System\iMrZYBu.exe
  C:\Windows\System\iMrZYBu.exe
  2⤵
  PID:6604
- C:\Windows\System\MyxCziA.exe
  C:\Windows\System\MyxCziA.exe
  2⤵
  PID:6620
- C:\Windows\System\OxEHluy.exe
  C:\Windows\System\OxEHluy.exe
  2⤵
  PID:6636
- C:\Windows\System\ekfMooI.exe
  C:\Windows\System\ekfMooI.exe
  2⤵
  PID:6652
- C:\Windows\System\UzPetsW.exe
  C:\Windows\System\UzPetsW.exe
  2⤵
  PID:6668
- C:\Windows\System\cDXYiPe.exe
  C:\Windows\System\cDXYiPe.exe
  2⤵
  PID:6688
- C:\Windows\System\VQxxwNc.exe
  C:\Windows\System\VQxxwNc.exe
  2⤵
  PID:6708
- C:\Windows\System\LrAxLfE.exe
  C:\Windows\System\LrAxLfE.exe
  2⤵
  PID:6728
- C:\Windows\System\cxTLepK.exe
  C:\Windows\System\cxTLepK.exe
  2⤵
  PID:6756
- C:\Windows\System\ECxAfRg.exe
  C:\Windows\System\ECxAfRg.exe
  2⤵
  PID:6780
- C:\Windows\System\JqGaxFm.exe
  C:\Windows\System\JqGaxFm.exe
  2⤵
  PID:6796
- C:\Windows\System\ZFUODUf.exe
  C:\Windows\System\ZFUODUf.exe
  2⤵
  PID:6812
- C:\Windows\System\umFkyWI.exe
  C:\Windows\System\umFkyWI.exe
  2⤵
  PID:6848
- C:\Windows\System\yqhsZNH.exe
  C:\Windows\System\yqhsZNH.exe
  2⤵
  PID:6864
- C:\Windows\System\CVzOLDJ.exe
  C:\Windows\System\CVzOLDJ.exe
  2⤵
  PID:6884
- C:\Windows\System\rkZDJpz.exe
  C:\Windows\System\rkZDJpz.exe
  2⤵
  PID:6900
- C:\Windows\System\JCBwnyA.exe
  C:\Windows\System\JCBwnyA.exe
  2⤵
  PID:6916
- C:\Windows\System\vTTLGdr.exe
  C:\Windows\System\vTTLGdr.exe
  2⤵
  PID:6936
- C:\Windows\System\NhsKWVJ.exe
  C:\Windows\System\NhsKWVJ.exe
  2⤵
  PID:6956
- C:\Windows\System\wfdvGaE.exe
  C:\Windows\System\wfdvGaE.exe
  2⤵
  PID:6976
- C:\Windows\System\uhMlvBD.exe
  C:\Windows\System\uhMlvBD.exe
  2⤵
  PID:6992
- C:\Windows\System\wOgMtDN.exe
  C:\Windows\System\wOgMtDN.exe
  2⤵
  PID:7032
- C:\Windows\System\TXPgvcK.exe
  C:\Windows\System\TXPgvcK.exe
  2⤵
  PID:7048
- C:\Windows\System\FROUSPX.exe
  C:\Windows\System\FROUSPX.exe
  2⤵
  PID:7064
- C:\Windows\System\GZiXLZy.exe
  C:\Windows\System\GZiXLZy.exe
  2⤵
  PID:7092
- C:\Windows\System\eWKbXGj.exe
  C:\Windows\System\eWKbXGj.exe
  2⤵
  PID:7108
- C:\Windows\System\lMljKHO.exe
  C:\Windows\System\lMljKHO.exe
  2⤵
  PID:7124
- C:\Windows\System\VIlEkvI.exe
  C:\Windows\System\VIlEkvI.exe
  2⤵
  PID:7140
- C:\Windows\System\TqmVcTJ.exe
  C:\Windows\System\TqmVcTJ.exe
  2⤵
  PID:7156
- C:\Windows\System\AtbbygR.exe
  C:\Windows\System\AtbbygR.exe
  2⤵
  PID:5864
- C:\Windows\System\vVgitbw.exe
  C:\Windows\System\vVgitbw.exe
  2⤵
  PID:6056
- C:\Windows\System\vWprHTR.exe
  C:\Windows\System\vWprHTR.exe
  2⤵
  PID:6152
- C:\Windows\System\YvStvqc.exe
  C:\Windows\System\YvStvqc.exe
  2⤵
  PID:3788
- C:\Windows\System\IybdHtd.exe
  C:\Windows\System\IybdHtd.exe
  2⤵
  PID:5780
- C:\Windows\System\xAvckBJ.exe
  C:\Windows\System\xAvckBJ.exe
  2⤵
  PID:6204
- C:\Windows\System\ZKdragu.exe
  C:\Windows\System\ZKdragu.exe
  2⤵
  PID:6256
- C:\Windows\System\UnRPATK.exe
  C:\Windows\System\UnRPATK.exe
  2⤵
  PID:6280
- C:\Windows\System\wjsAGXQ.exe
  C:\Windows\System\wjsAGXQ.exe
  2⤵
  PID:6348
- C:\Windows\System\kEhpZGx.exe
  C:\Windows\System\kEhpZGx.exe
  2⤵
  PID:6388
- C:\Windows\System\ZNqvWKd.exe
  C:\Windows\System\ZNqvWKd.exe
  2⤵
  PID:6296
- C:\Windows\System\NMpcLAG.exe
  C:\Windows\System\NMpcLAG.exe
  2⤵
  PID:6332
- C:\Windows\System\KITFUoz.exe
  C:\Windows\System\KITFUoz.exe
  2⤵
  PID:6400
- C:\Windows\System\NVRRBGu.exe
  C:\Windows\System\NVRRBGu.exe
  2⤵
  PID:6436
- C:\Windows\System\IUTMjVg.exe
  C:\Windows\System\IUTMjVg.exe
  2⤵
  PID:6516
- C:\Windows\System\MYJScyW.exe
  C:\Windows\System\MYJScyW.exe
  2⤵
  PID:6556
- C:\Windows\System\isxzJEV.exe
  C:\Windows\System\isxzJEV.exe
  2⤵
  PID:6684
- C:\Windows\System\lDCWCbY.exe
  C:\Windows\System\lDCWCbY.exe
  2⤵
  PID:6724
- C:\Windows\System\oQlRhnn.exe
  C:\Windows\System\oQlRhnn.exe
  2⤵
  PID:6596
- C:\Windows\System\MijCWnd.exe
  C:\Windows\System\MijCWnd.exe
  2⤵
  PID:6664
- C:\Windows\System\RiGhyHh.exe
  C:\Windows\System\RiGhyHh.exe
  2⤵
  PID:6736
- C:\Windows\System\bizhzgB.exe
  C:\Windows\System\bizhzgB.exe
  2⤵
  PID:6788
- C:\Windows\System\rIPPgXX.exe
  C:\Windows\System\rIPPgXX.exe
  2⤵
  PID:6832
- C:\Windows\System\WRqedjh.exe
  C:\Windows\System\WRqedjh.exe
  2⤵
  PID:6840
- C:\Windows\System\ngueIWa.exe
  C:\Windows\System\ngueIWa.exe
  2⤵
  PID:6880
- C:\Windows\System\NJtnXjv.exe
  C:\Windows\System\NJtnXjv.exe
  2⤵
  PID:6948
- C:\Windows\System\ekkheCd.exe
  C:\Windows\System\ekkheCd.exe
  2⤵
  PID:6988
- C:\Windows\System\UqfzKnj.exe
  C:\Windows\System\UqfzKnj.exe
  2⤵
  PID:6808
- C:\Windows\System\WCKaPQN.exe
  C:\Windows\System\WCKaPQN.exe
  2⤵
  PID:6856
- C:\Windows\System\QFtHcDA.exe
  C:\Windows\System\QFtHcDA.exe
  2⤵
  PID:6924
- C:\Windows\System\gUzyjvP.exe
  C:\Windows\System\gUzyjvP.exe
  2⤵
  PID:7060
- C:\Windows\System\ZmiIprs.exe
  C:\Windows\System\ZmiIprs.exe
  2⤵
  PID:7040
- C:\Windows\System\OtEVEwd.exe
  C:\Windows\System\OtEVEwd.exe
  2⤵
  PID:6148
- C:\Windows\System\wPoNZVx.exe
  C:\Windows\System\wPoNZVx.exe
  2⤵
  PID:5264
- C:\Windows\System\hkOgSeg.exe
  C:\Windows\System\hkOgSeg.exe
  2⤵
  PID:5808
- C:\Windows\System\exBdYHP.exe
  C:\Windows\System\exBdYHP.exe
  2⤵
  PID:7132
- C:\Windows\System\nkyQunc.exe
  C:\Windows\System\nkyQunc.exe
  2⤵
  PID:6240
- C:\Windows\System\HovABGD.exe
  C:\Windows\System\HovABGD.exe
  2⤵
  PID:6248
- C:\Windows\System\iOjRNon.exe
  C:\Windows\System\iOjRNon.exe
  2⤵
  PID:6380
- C:\Windows\System\QkugFjV.exe
  C:\Windows\System\QkugFjV.exe
  2⤵
  PID:6328
- C:\Windows\System\fMVKrMa.exe
  C:\Windows\System\fMVKrMa.exe
  2⤵
  PID:6500
- C:\Windows\System\xHPPtkm.exe
  C:\Windows\System\xHPPtkm.exe
  2⤵
  PID:6528
- C:\Windows\System\GncfIaR.exe
  C:\Windows\System\GncfIaR.exe
  2⤵
  PID:6444
- C:\Windows\System\ouwuyFi.exe
  C:\Windows\System\ouwuyFi.exe
  2⤵
  PID:6560
- C:\Windows\System\oGYIFqn.exe
  C:\Windows\System\oGYIFqn.exe
  2⤵
  PID:6364
- C:\Windows\System\ZIfwjOG.exe
  C:\Windows\System\ZIfwjOG.exe
  2⤵
  PID:6648
- C:\Windows\System\BPWPfiN.exe
  C:\Windows\System\BPWPfiN.exe
  2⤵
  PID:6700
- C:\Windows\System\VSshtiw.exe
  C:\Windows\System\VSshtiw.exe
  2⤵
  PID:6744
- C:\Windows\System\baAHMbu.exe
  C:\Windows\System\baAHMbu.exe
  2⤵
  PID:6776
- C:\Windows\System\sTvsxcs.exe
  C:\Windows\System\sTvsxcs.exe
  2⤵
  PID:6944
- C:\Windows\System\PJBuKwp.exe
  C:\Windows\System\PJBuKwp.exe
  2⤵
  PID:6892
- C:\Windows\System\VkJvRup.exe
  C:\Windows\System\VkJvRup.exe
  2⤵
  PID:6984
- C:\Windows\System\aufAYVg.exe
  C:\Windows\System\aufAYVg.exe
  2⤵
  PID:6768
- C:\Windows\System\XrOnsAr.exe
  C:\Windows\System\XrOnsAr.exe
  2⤵
  PID:7076
- C:\Windows\System\qxSxEer.exe
  C:\Windows\System\qxSxEer.exe
  2⤵
  PID:6220
- C:\Windows\System\xKlEBBT.exe
  C:\Windows\System\xKlEBBT.exe
  2⤵
  PID:7116
- C:\Windows\System\EQmoOdX.exe
  C:\Windows\System\EQmoOdX.exe
  2⤵
  PID:7028
- C:\Windows\System\fmCRicJ.exe
  C:\Windows\System\fmCRicJ.exe
  2⤵
  PID:7136
- C:\Windows\System\maGRAsG.exe
  C:\Windows\System\maGRAsG.exe
  2⤵
  PID:6592
- C:\Windows\System\EzrdsfG.exe
  C:\Windows\System\EzrdsfG.exe
  2⤵
  PID:6384
- C:\Windows\System\deAlcNS.exe
  C:\Windows\System\deAlcNS.exe
  2⤵
  PID:6420
- C:\Windows\System\KTSqnFw.exe
  C:\Windows\System\KTSqnFw.exe
  2⤵
  PID:6680
- C:\Windows\System\xOxjSqr.exe
  C:\Windows\System\xOxjSqr.exe
  2⤵
  PID:6896
- C:\Windows\System\QJSbrPR.exe
  C:\Windows\System\QJSbrPR.exe
  2⤵
  PID:6168
- C:\Windows\System\sglurGR.exe
  C:\Windows\System\sglurGR.exe
  2⤵
  PID:7100
- C:\Windows\System\qUbjuuY.exe
  C:\Windows\System\qUbjuuY.exe
  2⤵
  PID:6520
- C:\Windows\System\adixBor.exe
  C:\Windows\System\adixBor.exe
  2⤵
  PID:7012
- C:\Windows\System\dqmOMrD.exe
  C:\Windows\System\dqmOMrD.exe
  2⤵
  PID:6484
- C:\Windows\System\KpdPyBt.exe
  C:\Windows\System\KpdPyBt.exe
  2⤵
  PID:7008
- C:\Windows\System\dvlzDey.exe
  C:\Windows\System\dvlzDey.exe
  2⤵
  PID:7152
- C:\Windows\System\wWWkTLz.exe
  C:\Windows\System\wWWkTLz.exe
  2⤵
  PID:6676
- C:\Windows\System\RDynaSI.exe
  C:\Windows\System\RDynaSI.exe
  2⤵
  PID:6588
- C:\Windows\System\bXfuBLb.exe
  C:\Windows\System\bXfuBLb.exe
  2⤵
  PID:6912
- C:\Windows\System\altCFWz.exe
  C:\Windows\System\altCFWz.exe
  2⤵
  PID:6292
- C:\Windows\System\fuFsanS.exe
  C:\Windows\System\fuFsanS.exe
  2⤵
  PID:7016
- C:\Windows\System\QSNqOVv.exe
  C:\Windows\System\QSNqOVv.exe
  2⤵
  PID:6772
- C:\Windows\System\WPwfuOI.exe
  C:\Windows\System\WPwfuOI.exe
  2⤵
  PID:6876
- C:\Windows\System\WeMUQTM.exe
  C:\Windows\System\WeMUQTM.exe
  2⤵
  PID:6696
- C:\Windows\System\BKWPNrJ.exe
  C:\Windows\System\BKWPNrJ.exe
  2⤵
  PID:6544
- C:\Windows\System\awBqPon.exe
  C:\Windows\System\awBqPon.exe
  2⤵
  PID:7084
- C:\Windows\System\FlExnLE.exe
  C:\Windows\System\FlExnLE.exe
  2⤵
  PID:6244
- C:\Windows\System\uiysZWU.exe
  C:\Windows\System\uiysZWU.exe
  2⤵
  PID:6460
- C:\Windows\System\grBIsKb.exe
  C:\Windows\System\grBIsKb.exe
  2⤵
  PID:7184
- C:\Windows\System\tMTfpyA.exe
  C:\Windows\System\tMTfpyA.exe
  2⤵
  PID:7200
- C:\Windows\System\TLSFIsr.exe
  C:\Windows\System\TLSFIsr.exe
  2⤵
  PID:7216
- C:\Windows\System\rhgphFf.exe
  C:\Windows\System\rhgphFf.exe
  2⤵
  PID:7240
- C:\Windows\System\pTgFmav.exe
  C:\Windows\System\pTgFmav.exe
  2⤵
  PID:7260
- C:\Windows\System\PqFveHo.exe
  C:\Windows\System\PqFveHo.exe
  2⤵
  PID:7280
- C:\Windows\System\YAdWDLi.exe
  C:\Windows\System\YAdWDLi.exe
  2⤵
  PID:7296
- C:\Windows\System\iknVhQl.exe
  C:\Windows\System\iknVhQl.exe
  2⤵
  PID:7312
- C:\Windows\System\uiPYbds.exe
  C:\Windows\System\uiPYbds.exe
  2⤵
  PID:7328
- C:\Windows\System\ysIvaKn.exe
  C:\Windows\System\ysIvaKn.exe
  2⤵
  PID:7356
- C:\Windows\System\PWeSCfH.exe
  C:\Windows\System\PWeSCfH.exe
  2⤵
  PID:7384
- C:\Windows\System\minUDYY.exe
  C:\Windows\System\minUDYY.exe
  2⤵
  PID:7400
- C:\Windows\System\OuVjUbI.exe
  C:\Windows\System\OuVjUbI.exe
  2⤵
  PID:7416
- C:\Windows\System\emCKBCl.exe
  C:\Windows\System\emCKBCl.exe
  2⤵
  PID:7432
- C:\Windows\System\qNZPdGl.exe
  C:\Windows\System\qNZPdGl.exe
  2⤵
  PID:7448
- C:\Windows\System\uwTKTmC.exe
  C:\Windows\System\uwTKTmC.exe
  2⤵
  PID:7464
- C:\Windows\System\deEODTI.exe
  C:\Windows\System\deEODTI.exe
  2⤵
  PID:7480
- C:\Windows\System\cWtzsHY.exe
  C:\Windows\System\cWtzsHY.exe
  2⤵
  PID:7504
- C:\Windows\System\ARbZWhV.exe
  C:\Windows\System\ARbZWhV.exe
  2⤵
  PID:7520
- C:\Windows\System\agduHJE.exe
  C:\Windows\System\agduHJE.exe
  2⤵
  PID:7536
- C:\Windows\System\gTYaWIp.exe
  C:\Windows\System\gTYaWIp.exe
  2⤵
  PID:7556
- C:\Windows\System\iLRhCHW.exe
  C:\Windows\System\iLRhCHW.exe
  2⤵
  PID:7572
- C:\Windows\System\aDCJAsq.exe
  C:\Windows\System\aDCJAsq.exe
  2⤵
  PID:7596
- C:\Windows\System\FIAVXgb.exe
  C:\Windows\System\FIAVXgb.exe
  2⤵
  PID:7612
- C:\Windows\System\ugBjkJW.exe
  C:\Windows\System\ugBjkJW.exe
  2⤵
  PID:7628
- C:\Windows\System\GkPuxwX.exe
  C:\Windows\System\GkPuxwX.exe
  2⤵
  PID:7644
- C:\Windows\System\GZTYVMH.exe
  C:\Windows\System\GZTYVMH.exe
  2⤵
  PID:7660
- C:\Windows\System\TnjAwqH.exe
  C:\Windows\System\TnjAwqH.exe
  2⤵
  PID:7676
- C:\Windows\System\ckXcotV.exe
  C:\Windows\System\ckXcotV.exe
  2⤵
  PID:7692
- C:\Windows\System\aTLJovv.exe
  C:\Windows\System\aTLJovv.exe
  2⤵
  PID:7708
- C:\Windows\System\IjacGzo.exe
  C:\Windows\System\IjacGzo.exe
  2⤵
  PID:7808
- C:\Windows\System\FbPyYRk.exe
  C:\Windows\System\FbPyYRk.exe
  2⤵
  PID:7828
- C:\Windows\System\MfHFSSH.exe
  C:\Windows\System\MfHFSSH.exe
  2⤵
  PID:7856
- C:\Windows\System\GcOgGJq.exe
  C:\Windows\System\GcOgGJq.exe
  2⤵
  PID:7872
- C:\Windows\System\EVosbVr.exe
  C:\Windows\System\EVosbVr.exe
  2⤵
  PID:7888
- C:\Windows\System\hiGdpCV.exe
  C:\Windows\System\hiGdpCV.exe
  2⤵
  PID:7908
- C:\Windows\System\oKQTKvY.exe
  C:\Windows\System\oKQTKvY.exe
  2⤵
  PID:7924
- C:\Windows\System\wiCXsSw.exe
  C:\Windows\System\wiCXsSw.exe
  2⤵
  PID:7952
- C:\Windows\System\hHSVKZq.exe
  C:\Windows\System\hHSVKZq.exe
  2⤵
  PID:7968
- C:\Windows\System\KPSBfde.exe
  C:\Windows\System\KPSBfde.exe
  2⤵
  PID:7984
- C:\Windows\System\JTdDYYW.exe
  C:\Windows\System\JTdDYYW.exe
  2⤵
  PID:8000
- C:\Windows\System\wyvoTDi.exe
  C:\Windows\System\wyvoTDi.exe
  2⤵
  PID:8040
- C:\Windows\System\LGVLOpE.exe
  C:\Windows\System\LGVLOpE.exe
  2⤵
  PID:8056
- C:\Windows\System\pipQINH.exe
  C:\Windows\System\pipQINH.exe
  2⤵
  PID:8072
- C:\Windows\System\zUUCJGQ.exe
  C:\Windows\System\zUUCJGQ.exe
  2⤵
  PID:8088
- C:\Windows\System\xamAYcT.exe
  C:\Windows\System\xamAYcT.exe
  2⤵
  PID:8104
- C:\Windows\System\eHdHMNN.exe
  C:\Windows\System\eHdHMNN.exe
  2⤵
  PID:8120
- C:\Windows\System\PiSoYlD.exe
  C:\Windows\System\PiSoYlD.exe
  2⤵
  PID:8136
- C:\Windows\System\LplMTRB.exe
  C:\Windows\System\LplMTRB.exe
  2⤵
  PID:8160
- C:\Windows\System\rOTEqaV.exe
  C:\Windows\System\rOTEqaV.exe
  2⤵
  PID:8176
- C:\Windows\System\cPSoKlA.exe
  C:\Windows\System\cPSoKlA.exe
  2⤵
  PID:6504
- C:\Windows\System\GbecJGD.exe
  C:\Windows\System\GbecJGD.exe
  2⤵
  PID:7228
- C:\Windows\System\qYiodOi.exe
  C:\Windows\System\qYiodOi.exe
  2⤵
  PID:7232
- C:\Windows\System\VRbCZOt.exe
  C:\Windows\System\VRbCZOt.exe
  2⤵
  PID:7308
- C:\Windows\System\YIJzjSF.exe
  C:\Windows\System\YIJzjSF.exe
  2⤵
  PID:7392
- C:\Windows\System\KqkCmuT.exe
  C:\Windows\System\KqkCmuT.exe
  2⤵
  PID:7456
- C:\Windows\System\muerljj.exe
  C:\Windows\System\muerljj.exe
  2⤵
  PID:7500
- C:\Windows\System\gEHepNI.exe
  C:\Windows\System\gEHepNI.exe
  2⤵
  PID:7608
- C:\Windows\System\ydNsIhE.exe
  C:\Windows\System\ydNsIhE.exe
  2⤵
  PID:7176
- C:\Windows\System\wvUECyS.exe
  C:\Windows\System\wvUECyS.exe
  2⤵
  PID:7320
- C:\Windows\System\Oieytiw.exe
  C:\Windows\System\Oieytiw.exe
  2⤵
  PID:7364
- C:\Windows\System\TTkLLrz.exe
  C:\Windows\System\TTkLLrz.exe
  2⤵
  PID:7252
- C:\Windows\System\NmgggID.exe
  C:\Windows\System\NmgggID.exe
  2⤵
  PID:7444
- C:\Windows\System\TQuqJFp.exe
  C:\Windows\System\TQuqJFp.exe
  2⤵
  PID:7704
- C:\Windows\System\qcQlNfH.exe
  C:\Windows\System\qcQlNfH.exe
  2⤵
  PID:7592
- C:\Windows\System\aOWhoEL.exe
  C:\Windows\System\aOWhoEL.exe
  2⤵
  PID:7688
- C:\Windows\System\JnztQnD.exe
  C:\Windows\System\JnztQnD.exe
  2⤵
  PID:7728
- C:\Windows\System\tMLymMV.exe
  C:\Windows\System\tMLymMV.exe
  2⤵
  PID:7752
- C:\Windows\System\addaFpt.exe
  C:\Windows\System\addaFpt.exe
  2⤵
  PID:7784
- C:\Windows\System\fhgogwA.exe
  C:\Windows\System\fhgogwA.exe
  2⤵
  PID:7800
- C:\Windows\System\lJiMlbj.exe
  C:\Windows\System\lJiMlbj.exe
  2⤵
  PID:7840
- C:\Windows\System\qlsLgth.exe
  C:\Windows\System\qlsLgth.exe
  2⤵
  PID:7868
- C:\Windows\System\PYcFjms.exe
  C:\Windows\System\PYcFjms.exe
  2⤵
  PID:7880
- C:\Windows\System\cTLpVMP.exe
  C:\Windows\System\cTLpVMP.exe
  2⤵
  PID:7976
- C:\Windows\System\Cttxzno.exe
  C:\Windows\System\Cttxzno.exe
  2⤵
  PID:8028
- C:\Windows\System\RbDCNEQ.exe
  C:\Windows\System\RbDCNEQ.exe
  2⤵
  PID:7960
- C:\Windows\System\qXXoSbM.exe
  C:\Windows\System\qXXoSbM.exe
  2⤵
  PID:8128
- C:\Windows\System\qVDHftw.exe
  C:\Windows\System\qVDHftw.exe
  2⤵
  PID:8096
- C:\Windows\System\uxsPlPA.exe
  C:\Windows\System\uxsPlPA.exe
  2⤵
  PID:8172
- C:\Windows\System\rvGKusZ.exe
  C:\Windows\System\rvGKusZ.exe
  2⤵
  PID:7428
- C:\Windows\System\qgdOiHg.exe
  C:\Windows\System\qgdOiHg.exe
  2⤵
  PID:7604
- C:\Windows\System\HIrSWts.exe
  C:\Windows\System\HIrSWts.exe
  2⤵
  PID:6764
- C:\Windows\System\ZwJGDMZ.exe
  C:\Windows\System\ZwJGDMZ.exe
  2⤵
  PID:7476
- C:\Windows\System\NMYNpqJ.exe
  C:\Windows\System\NMYNpqJ.exe
  2⤵
  PID:8080
- C:\Windows\System\OrYGZeV.exe
  C:\Windows\System\OrYGZeV.exe
  2⤵
  PID:8112
- C:\Windows\System\whZykQl.exe
  C:\Windows\System\whZykQl.exe
  2⤵
  PID:8156
- C:\Windows\System\jqEncKT.exe
  C:\Windows\System\jqEncKT.exe
  2⤵
  PID:7352
- C:\Windows\System\rLCreBe.exe
  C:\Windows\System\rLCreBe.exe
  2⤵
  PID:7440
- C:\Windows\System\vtpRTNq.exe
  C:\Windows\System\vtpRTNq.exe
  2⤵
  PID:7492
- C:\Windows\System\dKhIuFs.exe
  C:\Windows\System\dKhIuFs.exe
  2⤵
  PID:7056
- C:\Windows\System\vrHYCry.exe
  C:\Windows\System\vrHYCry.exe
  2⤵
  PID:7652
- C:\Windows\System\BfENoRr.exe
  C:\Windows\System\BfENoRr.exe
  2⤵
  PID:7724
- C:\Windows\System\GDlBKQf.exe
  C:\Windows\System\GDlBKQf.exe
  2⤵
  PID:7544
- C:\Windows\System\ronhsQE.exe
  C:\Windows\System\ronhsQE.exe
  2⤵
  PID:7816
- C:\Windows\System\DsqCLCv.exe
  C:\Windows\System\DsqCLCv.exe
  2⤵
  PID:7940
- C:\Windows\System\oJjQIrD.exe
  C:\Windows\System\oJjQIrD.exe
  2⤵
  PID:7980
- C:\Windows\System\CNfbdqR.exe
  C:\Windows\System\CNfbdqR.exe
  2⤵
  PID:8016
- C:\Windows\System\ogOHryi.exe
  C:\Windows\System\ogOHryi.exe
  2⤵
  PID:8068
- C:\Windows\System\qyMYPmU.exe
  C:\Windows\System\qyMYPmU.exe
  2⤵
  PID:7272
- C:\Windows\System\hOcxCXH.exe
  C:\Windows\System\hOcxCXH.exe
  2⤵
  PID:7340
- C:\Windows\System\NRlwbIP.exe
  C:\Windows\System\NRlwbIP.exe
  2⤵
  PID:8148
- C:\Windows\System\JofWsDg.exe
  C:\Windows\System\JofWsDg.exe
  2⤵
  PID:7568
- C:\Windows\System\DatTaQo.exe
  C:\Windows\System\DatTaQo.exe
  2⤵
  PID:7376
- C:\Windows\System\YoGoQPJ.exe
  C:\Windows\System\YoGoQPJ.exe
  2⤵
  PID:8084
- C:\Windows\System\AmRvoLa.exe
  C:\Windows\System\AmRvoLa.exe
  2⤵
  PID:6004
- C:\Windows\System\txZcqOy.exe
  C:\Windows\System\txZcqOy.exe
  2⤵
  PID:5768
- C:\Windows\System\YISxRdb.exe
  C:\Windows\System\YISxRdb.exe
  2⤵
  PID:7624
- C:\Windows\System\EOmvUtN.exe
  C:\Windows\System\EOmvUtN.exe
  2⤵
  PID:7548
- C:\Windows\System\FTAkyqm.exe
  C:\Windows\System\FTAkyqm.exe
  2⤵
  PID:7932
- C:\Windows\System\sWnlqRv.exe
  C:\Windows\System\sWnlqRv.exe
  2⤵
  PID:8052
- C:\Windows\System\twAKHoM.exe
  C:\Windows\System\twAKHoM.exe
  2⤵
  PID:7996
- C:\Windows\System\cKiMstL.exe
  C:\Windows\System\cKiMstL.exe
  2⤵
  PID:7412
- C:\Windows\System\xCrFwYz.exe
  C:\Windows\System\xCrFwYz.exe
  2⤵
  PID:8188
- C:\Windows\System\TmCRmYk.exe
  C:\Windows\System\TmCRmYk.exe
  2⤵
  PID:7744
- C:\Windows\System\MYgUICR.exe
  C:\Windows\System\MYgUICR.exe
  2⤵
  PID:8132
- C:\Windows\System\ssoWPoU.exe
  C:\Windows\System\ssoWPoU.exe
  2⤵
  PID:8144
- C:\Windows\System\IpeQdpu.exe
  C:\Windows\System\IpeQdpu.exe
  2⤵
  PID:7904
- C:\Windows\System\MmdsarX.exe
  C:\Windows\System\MmdsarX.exe
  2⤵
  PID:8024
- C:\Windows\System\JpFZZcg.exe
  C:\Windows\System\JpFZZcg.exe
  2⤵
  PID:7684
- C:\Windows\System\GhAtoPg.exe
  C:\Windows\System\GhAtoPg.exe
  2⤵
  PID:7884
- C:\Windows\System\ykNXERI.exe
  C:\Windows\System\ykNXERI.exe
  2⤵
  PID:7864
- C:\Windows\System\tCQTubt.exe
  C:\Windows\System\tCQTubt.exe
  2⤵
  PID:7564
- C:\Windows\System\FijarQC.exe
  C:\Windows\System\FijarQC.exe
  2⤵
  PID:7292
- C:\Windows\System\iZbLooR.exe
  C:\Windows\System\iZbLooR.exe
  2⤵
  PID:7732
- C:\Windows\System\FEBsZhR.exe
  C:\Windows\System\FEBsZhR.exe
  2⤵
  PID:7792
- C:\Windows\System\bBoqYjh.exe
  C:\Windows\System\bBoqYjh.exe
  2⤵
  PID:8212
- C:\Windows\System\WDztxJy.exe
  C:\Windows\System\WDztxJy.exe
  2⤵
  PID:8228
- C:\Windows\System\CMynxut.exe
  C:\Windows\System\CMynxut.exe
  2⤵
  PID:8244
- C:\Windows\System\RcpfiTf.exe
  C:\Windows\System\RcpfiTf.exe
  2⤵
  PID:8260
- C:\Windows\System\NADQOlV.exe
  C:\Windows\System\NADQOlV.exe
  2⤵
  PID:8276
- C:\Windows\System\GlHdFWi.exe
  C:\Windows\System\GlHdFWi.exe
  2⤵
  PID:8308
- C:\Windows\System\rwgZCGP.exe
  C:\Windows\System\rwgZCGP.exe
  2⤵
  PID:8328
- C:\Windows\System\PeTXmdh.exe
  C:\Windows\System\PeTXmdh.exe
  2⤵
  PID:8348
- C:\Windows\System\eHHdaGj.exe
  C:\Windows\System\eHHdaGj.exe
  2⤵
  PID:8376
- C:\Windows\System\kmqXedj.exe
  C:\Windows\System\kmqXedj.exe
  2⤵
  PID:8396
- C:\Windows\System\usawEPL.exe
  C:\Windows\System\usawEPL.exe
  2⤵
  PID:8424
- C:\Windows\System\FaIsriA.exe
  C:\Windows\System\FaIsriA.exe
  2⤵
  PID:8440
- C:\Windows\System\UzIVrMH.exe
  C:\Windows\System\UzIVrMH.exe
  2⤵
  PID:8456
- C:\Windows\System\ZaUFkjG.exe
  C:\Windows\System\ZaUFkjG.exe
  2⤵
  PID:8472
- C:\Windows\System\GVWyPPx.exe
  C:\Windows\System\GVWyPPx.exe
  2⤵
  PID:8492
- C:\Windows\System\xakkdvC.exe
  C:\Windows\System\xakkdvC.exe
  2⤵
  PID:8540
- C:\Windows\System\lqHAZoR.exe
  C:\Windows\System\lqHAZoR.exe
  2⤵
  PID:8560
- C:\Windows\System\ABFMwPs.exe
  C:\Windows\System\ABFMwPs.exe
  2⤵
  PID:8576
- C:\Windows\System\TwmTyWz.exe
  C:\Windows\System\TwmTyWz.exe
  2⤵
  PID:8592
- C:\Windows\System\MfbcQVA.exe
  C:\Windows\System\MfbcQVA.exe
  2⤵
  PID:8616
- C:\Windows\System\DfkTECx.exe
  C:\Windows\System\DfkTECx.exe
  2⤵
  PID:8632
- C:\Windows\System\JWLiNXL.exe
  C:\Windows\System\JWLiNXL.exe
  2⤵
  PID:8648
- C:\Windows\System\VdyimCC.exe
  C:\Windows\System\VdyimCC.exe
  2⤵
  PID:8664
- C:\Windows\System\TdxyRkW.exe
  C:\Windows\System\TdxyRkW.exe
  2⤵
  PID:8684
- C:\Windows\System\tJkKHBW.exe
  C:\Windows\System\tJkKHBW.exe
  2⤵
  PID:8700
- C:\Windows\System\FZBiWHc.exe
  C:\Windows\System\FZBiWHc.exe
  2⤵
  PID:8720
- C:\Windows\System\AavouWe.exe
  C:\Windows\System\AavouWe.exe
  2⤵
  PID:8752
- C:\Windows\System\arEwhpf.exe
  C:\Windows\System\arEwhpf.exe
  2⤵
  PID:8772
- C:\Windows\System\hFsUXZt.exe
  C:\Windows\System\hFsUXZt.exe
  2⤵
  PID:8788
- C:\Windows\System\wHevUfj.exe
  C:\Windows\System\wHevUfj.exe
  2⤵
  PID:8808
- C:\Windows\System\EvYsLWX.exe
  C:\Windows\System\EvYsLWX.exe
  2⤵
  PID:8828
- C:\Windows\System\zFHNqvL.exe
  C:\Windows\System\zFHNqvL.exe
  2⤵
  PID:8852
- C:\Windows\System\zTXxeiq.exe
  C:\Windows\System\zTXxeiq.exe
  2⤵
  PID:8868
- C:\Windows\System\PysqvYi.exe
  C:\Windows\System\PysqvYi.exe
  2⤵
  PID:8888
- C:\Windows\System\njMZNao.exe
  C:\Windows\System\njMZNao.exe
  2⤵
  PID:8908
- C:\Windows\System\CYFyXZv.exe
  C:\Windows\System\CYFyXZv.exe
  2⤵
  PID:8928
- C:\Windows\System\odsHmqj.exe
  C:\Windows\System\odsHmqj.exe
  2⤵
  PID:8948
- C:\Windows\System\zZRbhzQ.exe
  C:\Windows\System\zZRbhzQ.exe
  2⤵
  PID:8968
- C:\Windows\System\iCMamah.exe
  C:\Windows\System\iCMamah.exe
  2⤵
  PID:9004
- C:\Windows\System\YzfFQOI.exe
  C:\Windows\System\YzfFQOI.exe
  2⤵
  PID:9020
- C:\Windows\System\hNAQyWa.exe
  C:\Windows\System\hNAQyWa.exe
  2⤵
  PID:9036
- C:\Windows\System\WtpUoCL.exe
  C:\Windows\System\WtpUoCL.exe
  2⤵
  PID:9052
- C:\Windows\System\RfJLfdz.exe
  C:\Windows\System\RfJLfdz.exe
  2⤵
  PID:9068
- C:\Windows\System\xdMRfQG.exe
  C:\Windows\System\xdMRfQG.exe
  2⤵
  PID:9084
- C:\Windows\System\zhJnjfD.exe
  C:\Windows\System\zhJnjfD.exe
  2⤵
  PID:9100
- C:\Windows\System\lQACxFs.exe
  C:\Windows\System\lQACxFs.exe
  2⤵
  PID:9116
- C:\Windows\System\heBbvnz.exe
  C:\Windows\System\heBbvnz.exe
  2⤵
  PID:9132
- C:\Windows\System\WGoSvbX.exe
  C:\Windows\System\WGoSvbX.exe
  2⤵
  PID:9156
- C:\Windows\System\jhnyAjS.exe
  C:\Windows\System\jhnyAjS.exe
  2⤵
  PID:9172
- C:\Windows\System\ipYCiBY.exe
  C:\Windows\System\ipYCiBY.exe
  2⤵
  PID:8208
- C:\Windows\System\wpNEgeJ.exe
  C:\Windows\System\wpNEgeJ.exe
  2⤵
  PID:8268
- C:\Windows\System\zviMbSi.exe
  C:\Windows\System\zviMbSi.exe
  2⤵
  PID:8324
- C:\Windows\System\vbcmpgD.exe
  C:\Windows\System\vbcmpgD.exe
  2⤵
  PID:8368
- C:\Windows\System\jfWtPUr.exe
  C:\Windows\System\jfWtPUr.exe
  2⤵
  PID:8284
- C:\Windows\System\LppubFd.exe
  C:\Windows\System\LppubFd.exe
  2⤵
  PID:8296
- C:\Windows\System\ppnMVlx.exe
  C:\Windows\System\ppnMVlx.exe
  2⤵
  PID:8408
- C:\Windows\System\mSiXMIb.exe
  C:\Windows\System\mSiXMIb.exe
  2⤵
  PID:8320
- C:\Windows\System\MDvdlUn.exe
  C:\Windows\System\MDvdlUn.exe
  2⤵
  PID:8468
- C:\Windows\System\FKQoLlU.exe
  C:\Windows\System\FKQoLlU.exe
  2⤵
  PID:8500
- C:\Windows\System\PiGFNeR.exe
  C:\Windows\System\PiGFNeR.exe
  2⤵
  PID:8536
- C:\Windows\System\PKeZGoi.exe
  C:\Windows\System\PKeZGoi.exe
  2⤵
  PID:8568
- C:\Windows\System\nBEfEUO.exe
  C:\Windows\System\nBEfEUO.exe
  2⤵
  PID:8604
- C:\Windows\System\aEAHgtv.exe
  C:\Windows\System\aEAHgtv.exe
  2⤵
  PID:8656
- C:\Windows\System\ElFmHCw.exe
  C:\Windows\System\ElFmHCw.exe
  2⤵
  PID:8732
- C:\Windows\System\iBXWaPx.exe
  C:\Windows\System\iBXWaPx.exe
  2⤵
  PID:8672
- C:\Windows\System\RNUswrh.exe
  C:\Windows\System\RNUswrh.exe
  2⤵
  PID:8644
- C:\Windows\System\dOjEfvb.exe
  C:\Windows\System\dOjEfvb.exe
  2⤵
  PID:8716
- C:\Windows\System\dKtDRlL.exe
  C:\Windows\System\dKtDRlL.exe
  2⤵
  PID:8760
- C:\Windows\System\FLGtDYw.exe
  C:\Windows\System\FLGtDYw.exe
  2⤵
  PID:8844
- C:\Windows\System\XOAQDaO.exe
  C:\Windows\System\XOAQDaO.exe
  2⤵
  PID:8836
- C:\Windows\System\WIkNZfV.exe
  C:\Windows\System\WIkNZfV.exe
  2⤵
  PID:8884
- C:\Windows\System\GxQMMFw.exe
  C:\Windows\System\GxQMMFw.exe
  2⤵
  PID:8976
- C:\Windows\System\wjzpOlo.exe
  C:\Windows\System\wjzpOlo.exe
  2⤵
  PID:8988
- C:\Windows\System\sUHIWGk.exe
  C:\Windows\System\sUHIWGk.exe
  2⤵
  PID:8516
- C:\Windows\System\ZDEldqg.exe
  C:\Windows\System\ZDEldqg.exe
  2⤵
  PID:9124
- C:\Windows\System\tBWFddw.exe
  C:\Windows\System\tBWFddw.exe
  2⤵
  PID:9044
- C:\Windows\System\wYPmMXQ.exe
  C:\Windows\System\wYPmMXQ.exe
  2⤵
  PID:9140
- C:\Windows\System\rWcQTIG.exe
  C:\Windows\System\rWcQTIG.exe
  2⤵
  PID:9188
- C:\Windows\System\zcWfTAl.exe
  C:\Windows\System\zcWfTAl.exe
  2⤵
  PID:9200
- C:\Windows\System\sgCUJEu.exe
  C:\Windows\System\sgCUJEu.exe
  2⤵
  PID:9204
- C:\Windows\System\XyYgshZ.exe
  C:\Windows\System\XyYgshZ.exe
  2⤵
  PID:8200
- C:\Windows\System\LztriuQ.exe
  C:\Windows\System\LztriuQ.exe
  2⤵
  PID:8364
- C:\Windows\System\WlROTRa.exe
  C:\Windows\System\WlROTRa.exe
  2⤵
  PID:8292
- C:\Windows\System\nrsIuOo.exe
  C:\Windows\System\nrsIuOo.exe
  2⤵
  PID:8336
- C:\Windows\System\sCjKFii.exe
  C:\Windows\System\sCjKFii.exe
  2⤵
  PID:8420
- C:\Windows\System\UjArArf.exe
  C:\Windows\System\UjArArf.exe
  2⤵
  PID:8480
- C:\Windows\System\PPKRKMk.exe
  C:\Windows\System\PPKRKMk.exe
  2⤵
  PID:8572
- C:\Windows\System\XmtOSia.exe
  C:\Windows\System\XmtOSia.exe
  2⤵
  PID:8744
- C:\Windows\System\kgHizCO.exe
  C:\Windows\System\kgHizCO.exe
  2⤵
  PID:8640
- C:\Windows\System\kRIiILB.exe
  C:\Windows\System\kRIiILB.exe
  2⤵
  PID:8612
- C:\Windows\System\pOFlsYh.exe
  C:\Windows\System\pOFlsYh.exe
  2⤵
  PID:8768
- C:\Windows\System\qxEJGzA.exe
  C:\Windows\System\qxEJGzA.exe
  2⤵
  PID:8864
- C:\Windows\System\FFuKfvP.exe
  C:\Windows\System\FFuKfvP.exe
  2⤵
  PID:8876
- C:\Windows\System\XtSGrby.exe
  C:\Windows\System\XtSGrby.exe
  2⤵
  PID:8960
- C:\Windows\System\ZsWFlig.exe
  C:\Windows\System\ZsWFlig.exe
  2⤵
  PID:9032
- C:\Windows\System\Aetwycd.exe
  C:\Windows\System\Aetwycd.exe
  2⤵
  PID:9096
- C:\Windows\System\uoeMdpv.exe
  C:\Windows\System\uoeMdpv.exe
  2⤵
  PID:9112
- C:\Windows\System\kRIzykx.exe
  C:\Windows\System\kRIzykx.exe
  2⤵
  PID:8196
- C:\Windows\System\evQxIpH.exe
  C:\Windows\System\evQxIpH.exe
  2⤵
  PID:9080
- C:\Windows\System\SUJDAbG.exe
  C:\Windows\System\SUJDAbG.exe
  2⤵
  PID:8220
- C:\Windows\System\YOdFRUM.exe
  C:\Windows\System\YOdFRUM.exe
  2⤵
  PID:8392
- C:\Windows\System\uzqaDVZ.exe
  C:\Windows\System\uzqaDVZ.exe
  2⤵
  PID:8504
- C:\Windows\System\YmnaZMr.exe
  C:\Windows\System\YmnaZMr.exe
  2⤵
  PID:8556
- C:\Windows\System\rsIRapg.exe
  C:\Windows\System\rsIRapg.exe
  2⤵
  PID:8712
- C:\Windows\System\ZJyOEIS.exe
  C:\Windows\System\ZJyOEIS.exe
  2⤵
  PID:8860
- C:\Windows\System\CiUleCG.exe
  C:\Windows\System\CiUleCG.exe
  2⤵
  PID:8404
- C:\Windows\System\hIZCvAe.exe
  C:\Windows\System\hIZCvAe.exe
  2⤵
  PID:8916
- C:\Windows\System\TQpAJsu.exe
  C:\Windows\System\TQpAJsu.exe
  2⤵
  PID:8924
- C:\Windows\System\HucTEPD.exe
  C:\Windows\System\HucTEPD.exe
  2⤵
  PID:9108
- C:\Windows\System\ksxCbno.exe
  C:\Windows\System\ksxCbno.exe
  2⤵
  PID:9192
- C:\Windows\System\vTnBFnW.exe
  C:\Windows\System\vTnBFnW.exe
  2⤵
  PID:8436
- C:\Windows\System\WjMkWwi.exe
  C:\Windows\System\WjMkWwi.exe
  2⤵
  PID:8452
- C:\Windows\System\hWUOUiK.exe
  C:\Windows\System\hWUOUiK.exe
  2⤵
  PID:8764
- C:\Windows\System\fjDkQpE.exe
  C:\Windows\System\fjDkQpE.exe
  2⤵
  PID:8956
- C:\Windows\System\fbNEWPS.exe
  C:\Windows\System\fbNEWPS.exe
  2⤵
  PID:8240
- C:\Windows\System\TBAsXOs.exe
  C:\Windows\System\TBAsXOs.exe
  2⤵
  PID:9048
- C:\Windows\System\JpcaggS.exe
  C:\Windows\System\JpcaggS.exe
  2⤵
  PID:8388
- C:\Windows\System\yZnYWGo.exe
  C:\Windows\System\yZnYWGo.exe
  2⤵
  PID:8628
- C:\Windows\System\zXYYrZj.exe
  C:\Windows\System\zXYYrZj.exe
  2⤵
  PID:8920
- C:\Windows\System\YvUPbuW.exe
  C:\Windows\System\YvUPbuW.exe
  2⤵
  PID:9168
- C:\Windows\System\XIQBzie.exe
  C:\Windows\System\XIQBzie.exe
  2⤵
  PID:8996
- C:\Windows\System\vljKpLl.exe
  C:\Windows\System\vljKpLl.exe
  2⤵
  PID:8748
- C:\Windows\System\rOIfPjC.exe
  C:\Windows\System\rOIfPjC.exe
  2⤵
  PID:8588
- C:\Windows\System\dBpVuxO.exe
  C:\Windows\System\dBpVuxO.exe
  2⤵
  PID:9212
- C:\Windows\System\LqHmyAH.exe
  C:\Windows\System\LqHmyAH.exe
  2⤵
  PID:8796
- C:\Windows\System\MPqjJEg.exe
  C:\Windows\System\MPqjJEg.exe
  2⤵
  PID:8520
- C:\Windows\System\nHbMAUK.exe
  C:\Windows\System\nHbMAUK.exe
  2⤵
  PID:9236
- C:\Windows\System\SlpweGO.exe
  C:\Windows\System\SlpweGO.exe
  2⤵
  PID:9252
- C:\Windows\System\FgTJVEL.exe
  C:\Windows\System\FgTJVEL.exe
  2⤵
  PID:9272
- C:\Windows\System\EUDQfRE.exe
  C:\Windows\System\EUDQfRE.exe
  2⤵
  PID:9288
- C:\Windows\System\SYsBawn.exe
  C:\Windows\System\SYsBawn.exe
  2⤵
  PID:9308
- C:\Windows\System\GYiFAeo.exe
  C:\Windows\System\GYiFAeo.exe
  2⤵
  PID:9336
- C:\Windows\System\STQgcGg.exe
  C:\Windows\System\STQgcGg.exe
  2⤵
  PID:9356
- C:\Windows\System\CSVjCKN.exe
  C:\Windows\System\CSVjCKN.exe
  2⤵
  PID:9376
- C:\Windows\System\vJpbcSI.exe
  C:\Windows\System\vJpbcSI.exe
  2⤵
  PID:9396
- C:\Windows\System\pjmQiSQ.exe
  C:\Windows\System\pjmQiSQ.exe
  2⤵
  PID:9416
- C:\Windows\System\ZWiVEgT.exe
  C:\Windows\System\ZWiVEgT.exe
  2⤵
  PID:9440
- C:\Windows\System\tjzfVBd.exe
  C:\Windows\System\tjzfVBd.exe
  2⤵
  PID:9456
- C:\Windows\System\vTeGgFC.exe
  C:\Windows\System\vTeGgFC.exe
  2⤵
  PID:9476
- C:\Windows\System\ZNxrOSk.exe
  C:\Windows\System\ZNxrOSk.exe
  2⤵
  PID:9492
- C:\Windows\System\udwlsEE.exe
  C:\Windows\System\udwlsEE.exe
  2⤵
  PID:9516
- C:\Windows\System\IlYGPmh.exe
  C:\Windows\System\IlYGPmh.exe
  2⤵
  PID:9536
- C:\Windows\System\hbkeLkC.exe
  C:\Windows\System\hbkeLkC.exe
  2⤵
  PID:9556
- C:\Windows\System\FoczGmw.exe
  C:\Windows\System\FoczGmw.exe
  2⤵
  PID:9572
- C:\Windows\System\QxNAJWO.exe
  C:\Windows\System\QxNAJWO.exe
  2⤵
  PID:9596
- C:\Windows\System\ahuUIbR.exe
  C:\Windows\System\ahuUIbR.exe
  2⤵
  PID:9620
- C:\Windows\System\hUpSVlI.exe
  C:\Windows\System\hUpSVlI.exe
  2⤵
  PID:9640
- C:\Windows\System\zDXsGyd.exe
  C:\Windows\System\zDXsGyd.exe
  2⤵
  PID:9656
- C:\Windows\System\qaHKxpT.exe
  C:\Windows\System\qaHKxpT.exe
  2⤵
  PID:9684
- C:\Windows\System\OKCOZLx.exe
  C:\Windows\System\OKCOZLx.exe
  2⤵
  PID:9700
- C:\Windows\System\mpIGxJZ.exe
  C:\Windows\System\mpIGxJZ.exe
  2⤵
  PID:9716
- C:\Windows\System\TqWhotE.exe
  C:\Windows\System\TqWhotE.exe
  2⤵
  PID:9732
- C:\Windows\System\zCHiFFX.exe
  C:\Windows\System\zCHiFFX.exe
  2⤵
  PID:9748
- C:\Windows\System\JqZQtZB.exe
  C:\Windows\System\JqZQtZB.exe
  2⤵
  PID:9764
- C:\Windows\System\kqzaDee.exe
  C:\Windows\System\kqzaDee.exe
  2⤵
  PID:9780
- C:\Windows\System\vwaruUu.exe
  C:\Windows\System\vwaruUu.exe
  2⤵
  PID:9796
- C:\Windows\System\IlWNDEI.exe
  C:\Windows\System\IlWNDEI.exe
  2⤵
  PID:9812
- C:\Windows\System\GzpgXEX.exe
  C:\Windows\System\GzpgXEX.exe
  2⤵
  PID:9828
- C:\Windows\System\KdGwGNN.exe
  C:\Windows\System\KdGwGNN.exe
  2⤵
  PID:9864
- C:\Windows\System\XtHYcha.exe
  C:\Windows\System\XtHYcha.exe
  2⤵
  PID:9880
- C:\Windows\System\MsGrsIb.exe
  C:\Windows\System\MsGrsIb.exe
  2⤵
  PID:9896
- C:\Windows\System\CYaqgXs.exe
  C:\Windows\System\CYaqgXs.exe
  2⤵
  PID:9916
- C:\Windows\System\vVxWnZk.exe
  C:\Windows\System\vVxWnZk.exe
  2⤵
  PID:9936
- C:\Windows\System\Ulzhhvo.exe
  C:\Windows\System\Ulzhhvo.exe
  2⤵
  PID:9956
- C:\Windows\System\BVjtrVm.exe
  C:\Windows\System\BVjtrVm.exe
  2⤵
  PID:9972
- C:\Windows\System\NQzBHMZ.exe
  C:\Windows\System\NQzBHMZ.exe
  2⤵
  PID:9992
- C:\Windows\System\HknPqVS.exe
  C:\Windows\System\HknPqVS.exe
  2⤵
  PID:10008
- C:\Windows\System\JTmpRAF.exe
  C:\Windows\System\JTmpRAF.exe
  2⤵
  PID:10028
- C:\Windows\System\knsgEcs.exe
  C:\Windows\System\knsgEcs.exe
  2⤵
  PID:10044
- C:\Windows\System\snktLFJ.exe
  C:\Windows\System\snktLFJ.exe
  2⤵
  PID:10060
- C:\Windows\System\lkNZsUk.exe
  C:\Windows\System\lkNZsUk.exe
  2⤵
  PID:10080
- C:\Windows\System\CAslimL.exe
  C:\Windows\System\CAslimL.exe
  2⤵
  PID:10096
- C:\Windows\System\rwooIWf.exe
  C:\Windows\System\rwooIWf.exe
  2⤵
  PID:10120
- C:\Windows\System\aOvDFFN.exe
  C:\Windows\System\aOvDFFN.exe
  2⤵
  PID:10140
- C:\Windows\System\GFmxebF.exe
  C:\Windows\System\GFmxebF.exe
  2⤵
  PID:10176
- C:\Windows\System\dfIxSKH.exe
  C:\Windows\System\dfIxSKH.exe
  2⤵
  PID:10200
- C:\Windows\System\WCpqdFh.exe
  C:\Windows\System\WCpqdFh.exe
  2⤵
  PID:10220
- C:\Windows\System\BJvftvx.exe
  C:\Windows\System\BJvftvx.exe
  2⤵
  PID:9232
- C:\Windows\System\hfRzlRQ.exe
  C:\Windows\System\hfRzlRQ.exe
  2⤵
  PID:9268
- C:\Windows\System\IkQaVFP.exe
  C:\Windows\System\IkQaVFP.exe
  2⤵
  PID:9332
- C:\Windows\System\kjeLBlK.exe
  C:\Windows\System\kjeLBlK.exe
  2⤵
  PID:9348
- C:\Windows\System\AKxUvUA.exe
  C:\Windows\System\AKxUvUA.exe
  2⤵
  PID:9392
- C:\Windows\System\YRxPCTA.exe
  C:\Windows\System\YRxPCTA.exe
  2⤵
  PID:9408
- C:\Windows\System\HMhWloR.exe
  C:\Windows\System\HMhWloR.exe
  2⤵
  PID:9452
- C:\Windows\System\EpJyaBf.exe
  C:\Windows\System\EpJyaBf.exe
  2⤵
  PID:9472
- C:\Windows\System\gMZJrkw.exe
  C:\Windows\System\gMZJrkw.exe
  2⤵
  PID:8824
- C:\Windows\System\sFYuUKu.exe
  C:\Windows\System\sFYuUKu.exe
  2⤵
  PID:9548
- C:\Windows\System\dcLWWbH.exe
  C:\Windows\System\dcLWWbH.exe
  2⤵
  PID:9580
- C:\Windows\System\YauUlut.exe
  C:\Windows\System\YauUlut.exe
  2⤵
  PID:9592
- C:\Windows\System\tUYIQGQ.exe
  C:\Windows\System\tUYIQGQ.exe
  2⤵
  PID:9652
- C:\Windows\System\GDYjvSh.exe
  C:\Windows\System\GDYjvSh.exe
  2⤵
  PID:9680
- C:\Windows\System\TkRleIi.exe
  C:\Windows\System\TkRleIi.exe
  2⤵
  PID:9760
- C:\Windows\System\fxTcOJP.exe
  C:\Windows\System\fxTcOJP.exe
  2⤵
  PID:9824
- C:\Windows\System\NgoSltX.exe
  C:\Windows\System\NgoSltX.exe
  2⤵
  PID:9740
- C:\Windows\System\TUEdmuR.exe
  C:\Windows\System\TUEdmuR.exe
  2⤵
  PID:9804
- C:\Windows\System\ILZweKA.exe
  C:\Windows\System\ILZweKA.exe
  2⤵
  PID:9848
- C:\Windows\System\oLLIDGT.exe
  C:\Windows\System\oLLIDGT.exe
  2⤵
  PID:9888
- C:\Windows\System\AQiNWTZ.exe
  C:\Windows\System\AQiNWTZ.exe
  2⤵
  PID:9964
- C:\Windows\System\YvhzFsK.exe
  C:\Windows\System\YvhzFsK.exe
  2⤵
  PID:10036
- C:\Windows\System\KcckeIf.exe
  C:\Windows\System\KcckeIf.exe
  2⤵
  PID:10148
- C:\Windows\System\lQGoqkU.exe
  C:\Windows\System\lQGoqkU.exe
  2⤵
  PID:10160
- C:\Windows\System\LCQXYrG.exe
  C:\Windows\System\LCQXYrG.exe
  2⤵
  PID:10208
- C:\Windows\System\ArEuXJb.exe
  C:\Windows\System\ArEuXJb.exe
  2⤵
  PID:9260
- C:\Windows\System\PGzyDpt.exe
  C:\Windows\System\PGzyDpt.exe
  2⤵
  PID:10136
- C:\Windows\System\ZOjtEMd.exe
  C:\Windows\System\ZOjtEMd.exe
  2⤵
  PID:10192
- C:\Windows\System\wKTAYMG.exe
  C:\Windows\System\wKTAYMG.exe
  2⤵
  PID:9984
- C:\Windows\System\BDNrtfz.exe
  C:\Windows\System\BDNrtfz.exe
  2⤵
  PID:10020
- C:\Windows\System\qTqqQFc.exe
  C:\Windows\System\qTqqQFc.exe
  2⤵
  PID:9244
- C:\Windows\System\FGWsSjm.exe
  C:\Windows\System\FGWsSjm.exe
  2⤵
  PID:9304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BsOKlhk.exe

Filesize
6.0MB

MD5
eb71b1e98401f8d281ed27d9b13811d1

SHA1
f142b6ee1e84e98a38b0e6aa980e6ee028a96b56

SHA256
3f6c2c6ab36b0f6b84e843ecd12fd0619a0bab1d67459f6a131c86b331d83421

SHA512
7fe91f5591959a85515520200edddefc6c37fe4b8f37b3abd876c3703aa3d4cd6bcd7ed6328cf56cb0864445a930ce5b93af8575118e8659ea12dfbe2cd32c57

Download Submit
C:\Windows\system\EEJVbtA.exe

Filesize
6.0MB

MD5
f9aac12fcdeed78ffd33e542495d088b

SHA1
4a8fe69125c1ed581b4590371587aa92e42c0b5a

SHA256
94bf66b103b36757afa5fce568ec4ba0ed78d49a97cc7d18e5b54efb56203240

SHA512
969550525c1a77f8337059a8598ac4ebba17dc22b2b865d99b245a2e2dbb0bdc5ad55ce54431402c916e54a55f3112936191c4831e74e2108731e313d0e96d15

Download Submit
C:\Windows\system\KjElhcV.exe

Filesize
6.0MB

MD5
8898d4411540e8927bdcc780590364ab

SHA1
e6df45cef8645543c12600fc15ed3b50d3b28929

SHA256
36b6c828c453ae6b133227da25f278ca92e14b93699963b993e680a94906b6cd

SHA512
3a05501a412106cf254e4d8272dd8cba68e063024fd218f197734d4eee5ea615da0cffbcdc306292aa036c74ec429c864d2fe6ed50dc6d371ce1900c24b9c51e

Download Submit
C:\Windows\system\LJnaVgT.exe

Filesize
6.0MB

MD5
b71da2600e392776086a1fbffae839f1

SHA1
3aa750482616af9d09a9aacdc73e512b02f5e874

SHA256
fbaafb63d26411d2e4ef7cbeb34f5d26c945b55f947bbe4772b38c991ff6ed07

SHA512
06f38d2e3b14da00655ced16caee7fc8565604e8d83469bf531c83fc7f4a9b22a75cd25c390b34545effbd7a0a3beaccbba70b766bcb006fd200e07e63f88428

Download Submit
C:\Windows\system\MXtPqxq.exe

Filesize
6.0MB

MD5
9bde8df6fbef30a9f4e233faff78a91c

SHA1
a4a4f48674fc482657da0190a1d4622ad32d062c

SHA256
47e608da67c7cd77e15b432d5ffe4ecc9f2e54e859febb7dff3b7c458acb9346

SHA512
e8d8cce6300451d6e8a6d1b04794dda3f6624be9aefac30a38c4519c1a3c28d6232510e9e42e08d3bc315e47891f82f5e3fc8c7286e7ef95e7455af0ecabfb4c

Download Submit
C:\Windows\system\SPPzaGs.exe

Filesize
6.0MB

MD5
4c3153f1f4d137ad26d0cc9a13b5e870

SHA1
24a88238d68ec9ce9a83b1cf500fcdbd31277217

SHA256
5bc28032b775fe1e5a06963ec7255d435acc1db3d6afcbae89803647b4d8556f

SHA512
b5771abf326c83a3bcf8de00c783a65c4473214db71b0c9d7e1b33b230a4de81550e350c41eb44942a57f38d1c73a423da76e7abe2fe66c68afa2337e61e608c

Download Submit
C:\Windows\system\VhfUneI.exe

Filesize
6.0MB

MD5
ee597a2052e16056e2486e36ded19a8f

SHA1
1fc3180ecd4658e96d1379f85a582bd95c3bc10f

SHA256
c32acf7a9960aa5922e2bf828f4acfec15d26b0b86b938ae0a1a652131b1a759

SHA512
7cad635a80e9923e9f4c8d7e73a7372f8de5241335e27542ff7c4353ba18f05850c97eb989d71e79c768fa4ed87313a9317fdea70e2309023cebe9bdf57a2f65

Download Submit
C:\Windows\system\XEUdyfi.exe

Filesize
6.0MB

MD5
b1b66d5df9161362882967b23f5abf0d

SHA1
f6a5635058be239daaca87b132090a04a4c8929f

SHA256
f20789a9c7082e13368255b55d4baf0c5f7f5c66ac63d535dc8f85f03df8392d

SHA512
f1619a38fab040e66aeaf4004fa306a81cd6d117062771262d6ffb509b4e4b3400db3ddfcef503fbf7f342490e7de0e48e61c48aa53f80d0efa3f986a0b2e26d

Download Submit
C:\Windows\system\bOyzaVC.exe

Filesize
6.0MB

MD5
c3a8a767c9d30d73c44b9dd30646f370

SHA1
5e1678dede2a794c34c6677ca258938f062bcfe7

SHA256
1822d345261a2e55fd1028a104fa9f376c41f926ba7be85a0fd54eb87e5ffac0

SHA512
7dde1b0608b7635a636e851932597df98d9939dacdfe1ada48c48f24ffdc3ad1c3e5a03033f135d641160b46a9c141ad2b6217b2f1bb4d282ce29d64a404277d

Download Submit
C:\Windows\system\byuEZfO.exe

Filesize
6.0MB

MD5
cb2e2bf5948d0623c3edfa7033a53dd7

SHA1
b3ac5f2ab831e8f541afeb77f20d222f7c9109f1

SHA256
b972a86d1ed197c47f7c09167c0ffc8d18cf373b9a51d68bca510920dbb63330

SHA512
654a60ec3b2ffdc6cc333c4b183bfe1d529d8005d247eb2aaf4785815b75db6c56d3dc670442e733175a9f22f51598e9ea88783291e1cadd63dbf9d7fe504afd

Download Submit
C:\Windows\system\eCteKZw.exe

Filesize
6.0MB

MD5
7b69780fe5c519d8bf244f038bc3526e

SHA1
7a07ed3a3370e5a1bbbe13bc54c98aa04965941f

SHA256
5feadb6ffc781da5329690f3da7ccbf5aeeaadcb8a21cf7029f7dcbc3ed3823d

SHA512
f2e0ca1694d5f95d9f8308efb520057ee9b13fe1c6f0befd0162daa1bad260656fa245471a259fa339d39afbdaf416f9b1bebe16741de9afdb7c53a76496ef7c

Download Submit
C:\Windows\system\fESAtRO.exe

Filesize
6.0MB

MD5
ab60e69d78b241a5e9f71e13e76953cf

SHA1
82bfc245e58859a44db5d60a7f4d228266ec847c

SHA256
f2fe629cd05337ac0896b9d33814858c397386b35743e58e22320b7fb0c5c35f

SHA512
3a8889b46ecc37c092d04ef99d68aa0df22303dd848a56b3ab1bb096bb74afc1cdf808740f022c64fb750257d8c92ed7164e75a9f9877b70c151d9579d7dea71

Download Submit
C:\Windows\system\kQtGfOL.exe

Filesize
6.0MB

MD5
f23835e9beec3dac3cd87c4e1dfe6d45

SHA1
862de29c0e659d646d1f9b0336820251c0c5179f

SHA256
c78a17dff58503a20ed2b7317a30da51fcdb56503501ef31268006d3d728e880

SHA512
a85330b1776a6cb202a73f5a7fa65b1a4d863f80b1410aa000c856304169e0d98c92e5667fbc3269976020e5d2ee0ddfc3f82891e93740ba58f6f23ac4c86442

Download Submit
C:\Windows\system\nwkEXib.exe

Filesize
6.0MB

MD5
ace393c551c5d010b51f0c43cb4b938f

SHA1
5ff2656ab75e58db97d881ec32d0e1c2618cbdd8

SHA256
6463df19aa386e4808497578e85afeb9acdae78718579470dad15d916b2b30f4

SHA512
25ce15d17f6d12682659a23ee699253c6357067f3ea60a44651ae312c0c3f83a35cff77504ff159b0bd23a418c0947b7d49ac0bc92d3dea0da66c9fd8b9ec5c2

Download Submit
C:\Windows\system\oqALZyB.exe

Filesize
6.0MB

MD5
95b995787267db9ae0c12644d75a4d3c

SHA1
096d7fcc6068451fd6018fc778b213bc361a5bcb

SHA256
9586e2985141de0ab1c26228ec32b0f7cb49695c8c7baaed7d5b54372f75ce71

SHA512
644307b410d2371e63547c5a1b4f89b73ec74e56e5ac4d3c2dba72bab3cf1121216b76962ab1ba4540bf90f270afb9b7e5868a3d8a0f8fd2d32caa2ef0ec1f9e

Download Submit
C:\Windows\system\pCArXIK.exe

Filesize
6.0MB

MD5
a85e07a166ed8c71dc1f73dea9f2c182

SHA1
d5e8616d54624807685270c766876bacaa323450

SHA256
9a232f3f953daa2661fdd4d5158f8335ead0872eec423108367b6a2bc508044d

SHA512
fcbb8dbcfec5ba624ef37d81ac91eb4b7d62247358a6b678eed03b2fd3d6f19a1c17fac2f16752eafacf54f5c19492601f33ba5091f3d9efda819c6984a7b1a2

Download Submit
C:\Windows\system\pnfkqOF.exe

Filesize
6.0MB

MD5
2153e3187c10cbd4d7708ab858733785

SHA1
a3cac6836bb952e531a4fa3da402a00923b60a1c

SHA256
ddc04f577cb3cdc817a5bd313e2f24e1e2cbf5cb14baccab760620367e96b838

SHA512
aa66a8b6f726abad340f4021a5703a2a4f2fe130b3dfefc75056462d212607e668f67507b7531d3adef5a2c36e15a6584590d2265631f9552ce7a4a6f373785c

Download Submit
C:\Windows\system\uFrxxym.exe

Filesize
6.0MB

MD5
223d2666f210457a2747e0d6cc63211a

SHA1
07c3b938569ba99de03a47b39337ffdbd9d06564

SHA256
3a3109b4f7f4f733285d30931dd122ed2ea2292e2292b8ae36bdb3e7662f4bb5

SHA512
25d205bf355a20396d8ea1cb156056889736d0d5fb1db961a5648722ef4f526623a9da28c21034f2f83841dc3ee29644a9a167ec5ab0efbcf7651be0d397d9df

Download Submit
C:\Windows\system\ujwVvwE.exe

Filesize
6.0MB

MD5
3a4263ac0960db7a7826893d7e5bae45

SHA1
0893714a0a1cd0c09991ac41b724efb9403d0f91

SHA256
386be804820e9bc04f2045a39f4495a92531f9336d06ce6c6747dcfc6dcafd06

SHA512
430719f42ad03c4408189dc6fc1fd4d5af9f10bec405b953066b166680737a80e79dd83d2240a614b1df0af075f4d134528f47fe10aeee0938da301d414a87d8

Download Submit
C:\Windows\system\uzlaeqJ.exe

Filesize
6.0MB

MD5
a080e7a0ade438f9bae848da4d89200a

SHA1
8a6c9337734809265eef8a51cd3dbbc891f30eea

SHA256
92a6846231735aeaf46e4c639935bb83c2b8e1d9158c5a8a41f431c4f06d4362

SHA512
d8d8586a032992f2c8d27e4148982443f12aadbf4046ad7083d7eb979bab075b8a473b0140928284a4739526d67a2cd36007151e682a53489dcc497b567bb5fd

Download Submit
C:\Windows\system\wmfGYhn.exe

Filesize
6.0MB

MD5
b82df5c13cda4a1c3223ed058be56b46

SHA1
3d385979490efeb93db2ba1ad972c9f918034607

SHA256
56f0bd02d324b68f199ecddef14639dd9b12ae28b607df113dc346b690a3aca3

SHA512
b547d048ae845eb97bf8b8e524147b040adcfbd7a39afebd617ea128a636ac4e8d8b6f81a40f9deac5795c3f4f87b07feb10980713eb5211b5ad1d1ed0a7bef3

Download Submit
C:\Windows\system\xhxMaqX.exe

Filesize
6.0MB

MD5
c10d6c2413a866d1b41bb3bbd23175db

SHA1
220668ad04e9847fc1caf1b275c6c58ec1b69a37

SHA256
c2cff9e92cc72b02cdaad359d89c9b806b84273b4be56da84acb1b92ac29614e

SHA512
1e4c35d691ddb08e238be833ab06766f4ed15258f9254badb42105c3f6c487bfacaac2045f1d7c65ac331ad6c2694b55f87f8313acb6577a0c8c110fd1746ea0

Download Submit
C:\Windows\system\xjPigUF.exe

Filesize
6.0MB

MD5
52a035bdf2c74b2d97c3fca59d7d7a4c

SHA1
e10d356b4d93d4a6135353c94ec7b6cb34699de2

SHA256
df8e80ddf25a1375bb4269d53ed2b3e5e8071e4c70cecf065bf4125d74ace4d2

SHA512
b53633bede7db2c1156941bc6b2452c78f174244c092caed43f7424c1e52aaf94e6193666e98e4113f9a3021ca6177f9efc07c7f97992cb6fd74de1624bca12d

Download Submit
\Windows\system\FAbqGAh.exe

Filesize
6.0MB

MD5
71277ff5aec3ad3808f0a1c6e6240c3f

SHA1
65b34b860596efa4d4d8c1ba9e89971f3c453baf

SHA256
6ea3977fd8e8a3af43bed17f901cc88473a1c3a5f82d7f79d02dad536660b2d9

SHA512
c49210b18f596d512aadba9cf8f919d7157d7f150edb8519e9bf9c179f0513e6c2fe03d3884ae982d24f361fe7b62f1370d28c1fd728087831edbf49cdc493c7

Download Submit
\Windows\system\YoWJuQQ.exe

Filesize
6.0MB

MD5
7908a3570561441828e98f5dbcb2698b

SHA1
9295742906048c3696eac245071c90d691130c40

SHA256
eb33a7bf646be6b7bace96394a428ec72f62d6bd98ec488ad1af3bfb215f279e

SHA512
0cefc33fe46f8edbf9f8803a434a06e4398a6aa6b62d1ee24a933a3ca5e6602d6d2b398a46da331178ff4e6bf3aa576b772001d8d165e3655856c83444f8bc3a

Download Submit
\Windows\system\bbzHhwY.exe

Filesize
6.0MB

MD5
a963ca0688f0ccc06e578e6fe029cc02

SHA1
e1182827a38c0bc522ddbc57eb4ae865c70b5bc5

SHA256
46b4607cf74183ddc671afc4245e575ef4ceb66ffa4c29e1ad4217ec3bc6aa7c

SHA512
08dd37b1f4d1acbafc19eca23afdb9eec25579a8f94aaa0275c7c7b374bce0213551b30ab623f1a6182ff12962615ebfb9e5444ca53ff5563a5382c5289d5c76

Download Submit
\Windows\system\jMEzNcl.exe

Filesize
6.0MB

MD5
3065ad03459d8337cc476b202f3485f4

SHA1
b714d6555646fb34f4811da304cdf8510f4a60aa

SHA256
4595df58c96ff46f1f4fba1e3ba16fb16759cde469e1df6f4a28ca8c65047a7b

SHA512
b47458ba6f0360f9e980df00cf769bc90e5d5c8f2ce6f4fffbd5b3bbc4009149cf6d265d32ee652389364eb91549d295960777fa2ef81cd10bf69b1c770337cd

Download Submit
\Windows\system\nBKPqkW.exe

Filesize
6.0MB

MD5
001dd72e033d4f0f5fb5004f1dab108e

SHA1
2105c4e8a603527d44b9b56012df85ded4e06afe

SHA256
bbbb1dc9596f8270c1d1150c1e936d263db478e1fc06d513a483b4d8c48bab4f

SHA512
5976e7da6a6383d0b982c053497aad1623a9a412006dbe4cc1166b74780c407a7616d181f81ae731deb0c744507f22d34532372672f630103468b8125580733a

Download Submit
\Windows\system\pOucsDT.exe

Filesize
6.0MB

MD5
611d85b4242d9e8e527ceb0db291f990

SHA1
9ec13f7d26b2b1b70f8f0b92a11a5558077f5134

SHA256
b906b507a5c921cc8b7a636716d1ffe46aff2038a01de5d9affbc5744da36984

SHA512
c93f6338652350c0a71dc03d400e1144809c04c24ba1a2bd1b2f287a35ca52bc82b312820ff7ee8b1fd116cac71c76f7d668a41f50f8de02739a93dcf1b67b9d

Download Submit
\Windows\system\uyvjCOs.exe

Filesize
6.0MB

MD5
abcac9a4ba890ca1d3b5c2437be88129

SHA1
39335c41f467449c4851d061245d575d51db3956

SHA256
5763f88b6502eb8524df2f6d3aff2ec7edb04ea3f373ec8ae3690d471e8d3cb0

SHA512
7d115034cdc332f227b7fb9f877caceb24f2f4f4128998ebb13b36dac2020bf5296aacba6afdf7001f89cd661274cb65388289a0b94945d0f0e379f2c1943574

Download Submit
\Windows\system\vZhGDkN.exe

Filesize
6.0MB

MD5
970cf0a29bfd7ded83dd4faaa5a8397e

SHA1
098e33e129adb4f41689df168f04b155ec9198fc

SHA256
e099b584b4e8e182ca17fc8a84a59013fa398cf8461f9c3290ed101dddd9655d

SHA512
c1ce1cd640096160ac814cb1bf52fd9e54377d78e9df1f0d948ec15dde28c87762556ee3d65c3ed6085b3c552514a85f2462674b5a716da041f935d0048e73e9

Download Submit
\Windows\system\zhTRtyL.exe

Filesize
6.0MB

MD5
8bda065e7ca653b3ca3ccf951637d862

SHA1
96b95ccc47836ab42491cfadc78150b55ce7c5a9

SHA256
ae9ae5302b374239f0f7e3c12ee3727c3daea6c052ba43aabd2fd0ef0c96b20e

SHA512
dc1f8de13ca4252a23936a8a66e73289524521271b51d9200d83b422a007133d678d2a747bbb24e66be5f3b353ce7dfa1b259e75bfd9f12ed27d5c3358d59de4

Download Submit
memory/976-976-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/976-101-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/976-4034-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1172-30-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/1172-41-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-85-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-93-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1172-81-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1172-100-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1172-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1172-97-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1172-0-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1172-59-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1172-868-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1172-12-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/1172-109-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1172-23-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1172-51-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1172-37-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/1172-34-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1172-98-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1172-18-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1292-4032-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1292-262-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1292-69-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1464-110-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1464-1185-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1464-4035-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1696-4033-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1696-89-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1696-582-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/1760-4030-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1760-261-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1760-61-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1944-4031-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/1944-83-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2016-50-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-21-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-106-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-1085-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2392-4036-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3766-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-14-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-42-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-40-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2468-3777-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2468-8-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3772-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2656-58-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2656-27-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2740-54-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4029-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-105-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4028-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2780-35-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2780-63-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/3008-72-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download