cobaltstrike | f899091f6faab508bd167d42d94789378611b6bd6962af43d528068f8d21738b

Analysis

max time kernel
140s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 07:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c2e7826f70316f993e2a2ffe54694055
SHA1

deaa234104d25f9de6fdf5b20c728eb5bc38ff7d
SHA256

f899091f6faab508bd167d42d94789378611b6bd6962af43d528068f8d21738b
SHA512

e4d28761181857c6c28536187303fac926319d7c83773ff5a07f2c3abeaf467fd54af2356cbafcbc610f65f679313bd794abdfc7ffa324464bacdf382166cbd4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUC:T+q56utgpPF8u/7C

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c000000012262-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d69-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016fc9-16.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000170f8-18.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756b-26.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001756e-30.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000186b7-54.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001932a-67.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-89.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-104.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-186.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-191.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-74.dat	cobalt_reflective_dll
behavioral1/files/0x0012000000016d3f-61.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-37.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1820-0-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x000c000000012262-6.dat	xmrig
behavioral1/files/0x0009000000016d69-11.dat	xmrig
behavioral1/files/0x0008000000016fc9-16.dat	xmrig
behavioral1/files/0x00070000000170f8-18.dat	xmrig
behavioral1/files/0x000700000001756b-26.dat	xmrig
behavioral1/files/0x000700000001756e-30.dat	xmrig
behavioral1/memory/1172-39-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x00080000000186b7-54.dat	xmrig
behavioral1/files/0x000600000001932a-67.dat	xmrig
behavioral1/memory/1820-87-0x0000000002330000-0x0000000002684000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c3-89.dat	xmrig
behavioral1/files/0x00050000000195c5-92.dat	xmrig
behavioral1/memory/2336-100-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-109.dat	xmrig
behavioral1/files/0x000500000001975a-124.dat	xmrig
behavioral1/files/0x0005000000019761-129.dat	xmrig
behavioral1/files/0x0005000000019643-119.dat	xmrig
behavioral1/files/0x000500000001960c-114.dat	xmrig
behavioral1/files/0x00050000000195c6-104.dat	xmrig
behavioral1/files/0x0005000000019bf5-151.dat	xmrig
behavioral1/files/0x0005000000019c3c-165.dat	xmrig
behavioral1/files/0x0005000000019e92-186.dat	xmrig
behavioral1/memory/2480-1369-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2344-1393-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2984-1385-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2868-1368-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/1172-1374-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fd4-191.dat	xmrig
behavioral1/files/0x0005000000019d6d-181.dat	xmrig
behavioral1/files/0x0005000000019d62-176.dat	xmrig
behavioral1/files/0x0005000000019d61-171.dat	xmrig
behavioral1/files/0x0005000000019bf9-160.dat	xmrig
behavioral1/files/0x0005000000019bf6-155.dat	xmrig
behavioral1/memory/1820-142-0x0000000002330000-0x0000000002684000-memory.dmp	xmrig
behavioral1/files/0x000500000001998d-145.dat	xmrig
behavioral1/files/0x0005000000019820-140.dat	xmrig
behavioral1/files/0x00050000000197fd-134.dat	xmrig
behavioral1/memory/2788-97-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2404-95-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c1-82.dat	xmrig
behavioral1/memory/2428-86-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/752-71-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/784-78-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/1820-77-0x000000013FFC0000-0x0000000140314000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bd-74.dat	xmrig
behavioral1/memory/2784-64-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/files/0x0012000000016d3f-61.dat	xmrig
behavioral1/memory/2788-56-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/1820-52-0x0000000002330000-0x0000000002684000-memory.dmp	xmrig
behavioral1/memory/2480-51-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/864-50-0x000000013FF30000-0x0000000140284000-memory.dmp	xmrig
behavioral1/memory/2872-49-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2344-47-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/1820-46-0x0000000002330000-0x0000000002684000-memory.dmp	xmrig
behavioral1/memory/2984-45-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/1820-44-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2868-43-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-37.dat	xmrig
behavioral1/memory/2788-1397-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2336-1402-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2404-1401-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2428-1400-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/784-1399-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2480	VOvrKRU.exe
1172	gDSNLxz.exe
2868	ONxSBRJ.exe
2984	NuplMED.exe
2344	CdBdIWP.exe
2872	hvksiig.exe
864	HHrFhRh.exe
2788	soNvKTw.exe
2784	YTGyVCu.exe
752	KNgVirW.exe
784	MWiiHZH.exe
2428	wPjjfvu.exe
2404	ghhUYEZ.exe
2336	WwDdFja.exe
3044	IpCJSdL.exe
1476	CcoKVbR.exe
1808	jHFlGYS.exe
2728	AyqMQJU.exe
2364	qOHLeSU.exe
1332	lbxXQhf.exe
2432	sniSSaV.exe
1496	WGyuncc.exe
2308	eGVCykV.exe
2836	fHmUlkk.exe
2216	FphoCUW.exe
2512	aXmJcdA.exe
2488	MwXKKxn.exe
2456	sISquhQ.exe
2064	DElRPvb.exe
548	bDVXmjv.exe
2368	sohaZqR.exe
1100	YcjnOtb.exe
620	hxbKKWF.exe
1196	fXeahVs.exe
1804	hJORvBZ.exe
2668	UeRsjAP.exe
1084	MJCqPIi.exe
1740	aTAxSnk.exe
2188	VCSNeWs.exe
1896	umYZvRW.exe
936	JRtlorA.exe
760	YNdPlQh.exe
800	RdUjhuT.exe
2676	jwiiDFr.exe
1536	zSztXmd.exe
2068	DXEYtnV.exe
2684	ydraskF.exe
1712	RvwDMTT.exe
2716	WGNjruu.exe
688	wKphtqI.exe
2548	NIwMCvd.exe
2964	hxyhenp.exe
2664	xzdsMke.exe
2936	uGsQWZN.exe
3064	YTmqhrP.exe
2260	pKqpfeU.exe
2708	pLYXUvI.exe
2844	bbFcBgq.exe
2516	XyvUJLj.exe
2768	ernEPAH.exe
2100	lgNanzC.exe
1784	WQVuzfY.exe
3060	lOkCZVH.exe
1872	OXhFBrA.exe

Loads dropped DLL 64 IoCs

pid	Process
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1820-0-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x000c000000012262-6.dat	upx
behavioral1/files/0x0009000000016d69-11.dat	upx
behavioral1/files/0x0008000000016fc9-16.dat	upx
behavioral1/files/0x00070000000170f8-18.dat	upx
behavioral1/files/0x000700000001756b-26.dat	upx
behavioral1/files/0x000700000001756e-30.dat	upx
behavioral1/memory/1172-39-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x00080000000186b7-54.dat	upx
behavioral1/files/0x000600000001932a-67.dat	upx
behavioral1/files/0x00050000000195c3-89.dat	upx
behavioral1/files/0x00050000000195c5-92.dat	upx
behavioral1/memory/2336-100-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-109.dat	upx
behavioral1/files/0x000500000001975a-124.dat	upx
behavioral1/files/0x0005000000019761-129.dat	upx
behavioral1/files/0x0005000000019643-119.dat	upx
behavioral1/files/0x000500000001960c-114.dat	upx
behavioral1/files/0x00050000000195c6-104.dat	upx
behavioral1/files/0x0005000000019bf5-151.dat	upx
behavioral1/files/0x0005000000019c3c-165.dat	upx
behavioral1/files/0x0005000000019e92-186.dat	upx
behavioral1/memory/2480-1369-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2344-1393-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2984-1385-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2868-1368-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/1172-1374-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0005000000019fd4-191.dat	upx
behavioral1/files/0x0005000000019d6d-181.dat	upx
behavioral1/files/0x0005000000019d62-176.dat	upx
behavioral1/files/0x0005000000019d61-171.dat	upx
behavioral1/files/0x0005000000019bf9-160.dat	upx
behavioral1/files/0x0005000000019bf6-155.dat	upx
behavioral1/files/0x000500000001998d-145.dat	upx
behavioral1/files/0x0005000000019820-140.dat	upx
behavioral1/files/0x00050000000197fd-134.dat	upx
behavioral1/memory/2788-97-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2404-95-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/files/0x00050000000195c1-82.dat	upx
behavioral1/memory/2428-86-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/752-71-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/784-78-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/1820-77-0x000000013FFC0000-0x0000000140314000-memory.dmp	upx
behavioral1/files/0x00050000000195bd-74.dat	upx
behavioral1/memory/2784-64-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/files/0x0012000000016d3f-61.dat	upx
behavioral1/memory/2788-56-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2480-51-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/864-50-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2872-49-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2344-47-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2984-45-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2868-43-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/files/0x0002000000018334-37.dat	upx
behavioral1/memory/2788-1397-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2336-1402-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2404-1401-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2428-1400-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/784-1399-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/752-1398-0x000000013FF30000-0x0000000140284000-memory.dmp	upx
behavioral1/memory/2784-1396-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2872-1395-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/864-1394-0x000000013FF30000-0x0000000140284000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pAeALLu.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwkFvMP.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNbawqO.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZHrpSNh.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycHmKSG.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXLfLpi.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYsJBUi.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEmiHwM.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnvZYjJ.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VtdhLdm.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrrAqNJ.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFXpuBL.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNwPPfw.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGGrgxU.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOeyfME.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XDyUdiJ.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LnUlUek.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oNeEDnQ.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NLqsyvr.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBbJFCV.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuQrjFU.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFNUYyX.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tzfDRSi.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHSNCUB.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\atPmSSd.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwagyQV.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mSaQASD.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PomPosY.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtJDrYz.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ERarmgw.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KyJOgsf.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJdqcgp.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DKrOTyV.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnFZAqH.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKhRlxu.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\upIHpeP.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIeMrBk.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FcEdgvg.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTxibhh.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phgNwWp.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DlLGcvh.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pgEGpGo.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKssvTi.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sAGIkXV.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IXacpWh.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSTlILJ.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfFwuui.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuIUnsm.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YLdudTf.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfoDdap.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wPjjfvu.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WGhNsjk.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QeHVZcg.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rwviAYb.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XESJnkt.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftdphTI.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jMbIHMM.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhufzeU.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRzVsYc.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUbplbV.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BCbkhjT.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LumYbTm.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRpkvzP.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\asgVjYE.exe	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 2480	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1820 wrote to memory of 2480	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1820 wrote to memory of 2480	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1820 wrote to memory of 1172	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1820 wrote to memory of 1172	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1820 wrote to memory of 1172	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1820 wrote to memory of 2868	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1820 wrote to memory of 2868	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1820 wrote to memory of 2868	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1820 wrote to memory of 2984	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1820 wrote to memory of 2984	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1820 wrote to memory of 2984	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1820 wrote to memory of 2344	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1820 wrote to memory of 2344	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1820 wrote to memory of 2344	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1820 wrote to memory of 2872	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1820 wrote to memory of 2872	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1820 wrote to memory of 2872	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1820 wrote to memory of 864	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1820 wrote to memory of 864	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1820 wrote to memory of 864	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1820 wrote to memory of 2788	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1820 wrote to memory of 2788	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1820 wrote to memory of 2788	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1820 wrote to memory of 2784	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1820 wrote to memory of 2784	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1820 wrote to memory of 2784	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1820 wrote to memory of 752	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1820 wrote to memory of 752	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1820 wrote to memory of 752	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1820 wrote to memory of 784	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1820 wrote to memory of 784	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1820 wrote to memory of 784	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1820 wrote to memory of 2428	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1820 wrote to memory of 2428	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1820 wrote to memory of 2428	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1820 wrote to memory of 2404	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1820 wrote to memory of 2404	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1820 wrote to memory of 2404	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1820 wrote to memory of 2336	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1820 wrote to memory of 2336	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1820 wrote to memory of 2336	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1820 wrote to memory of 3044	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1820 wrote to memory of 3044	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1820 wrote to memory of 3044	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1820 wrote to memory of 1476	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1820 wrote to memory of 1476	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1820 wrote to memory of 1476	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1820 wrote to memory of 1808	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1820 wrote to memory of 1808	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1820 wrote to memory of 1808	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1820 wrote to memory of 2728	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1820 wrote to memory of 2728	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1820 wrote to memory of 2728	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1820 wrote to memory of 2364	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1820 wrote to memory of 2364	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1820 wrote to memory of 2364	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1820 wrote to memory of 1332	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1820 wrote to memory of 1332	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1820 wrote to memory of 1332	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1820 wrote to memory of 2432	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1820 wrote to memory of 2432	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1820 wrote to memory of 2432	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1820 wrote to memory of 1496	1820	2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_c2e7826f70316f993e2a2ffe54694055_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\System\VOvrKRU.exe
  C:\Windows\System\VOvrKRU.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\gDSNLxz.exe
  C:\Windows\System\gDSNLxz.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\ONxSBRJ.exe
  C:\Windows\System\ONxSBRJ.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\NuplMED.exe
  C:\Windows\System\NuplMED.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\CdBdIWP.exe
  C:\Windows\System\CdBdIWP.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\hvksiig.exe
  C:\Windows\System\hvksiig.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\HHrFhRh.exe
  C:\Windows\System\HHrFhRh.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\soNvKTw.exe
  C:\Windows\System\soNvKTw.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\YTGyVCu.exe
  C:\Windows\System\YTGyVCu.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\KNgVirW.exe
  C:\Windows\System\KNgVirW.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\MWiiHZH.exe
  C:\Windows\System\MWiiHZH.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\wPjjfvu.exe
  C:\Windows\System\wPjjfvu.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\ghhUYEZ.exe
  C:\Windows\System\ghhUYEZ.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\WwDdFja.exe
  C:\Windows\System\WwDdFja.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\IpCJSdL.exe
  C:\Windows\System\IpCJSdL.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\CcoKVbR.exe
  C:\Windows\System\CcoKVbR.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\jHFlGYS.exe
  C:\Windows\System\jHFlGYS.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\AyqMQJU.exe
  C:\Windows\System\AyqMQJU.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\qOHLeSU.exe
  C:\Windows\System\qOHLeSU.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\lbxXQhf.exe
  C:\Windows\System\lbxXQhf.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\sniSSaV.exe
  C:\Windows\System\sniSSaV.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\WGyuncc.exe
  C:\Windows\System\WGyuncc.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\eGVCykV.exe
  C:\Windows\System\eGVCykV.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\fHmUlkk.exe
  C:\Windows\System\fHmUlkk.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\FphoCUW.exe
  C:\Windows\System\FphoCUW.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\aXmJcdA.exe
  C:\Windows\System\aXmJcdA.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\MwXKKxn.exe
  C:\Windows\System\MwXKKxn.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\sISquhQ.exe
  C:\Windows\System\sISquhQ.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\DElRPvb.exe
  C:\Windows\System\DElRPvb.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\bDVXmjv.exe
  C:\Windows\System\bDVXmjv.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\sohaZqR.exe
  C:\Windows\System\sohaZqR.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\YcjnOtb.exe
  C:\Windows\System\YcjnOtb.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\hxbKKWF.exe
  C:\Windows\System\hxbKKWF.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\fXeahVs.exe
  C:\Windows\System\fXeahVs.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\hJORvBZ.exe
  C:\Windows\System\hJORvBZ.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\UeRsjAP.exe
  C:\Windows\System\UeRsjAP.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\MJCqPIi.exe
  C:\Windows\System\MJCqPIi.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\aTAxSnk.exe
  C:\Windows\System\aTAxSnk.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\VCSNeWs.exe
  C:\Windows\System\VCSNeWs.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\umYZvRW.exe
  C:\Windows\System\umYZvRW.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\JRtlorA.exe
  C:\Windows\System\JRtlorA.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\YNdPlQh.exe
  C:\Windows\System\YNdPlQh.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\RdUjhuT.exe
  C:\Windows\System\RdUjhuT.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\jwiiDFr.exe
  C:\Windows\System\jwiiDFr.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\zSztXmd.exe
  C:\Windows\System\zSztXmd.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\DXEYtnV.exe
  C:\Windows\System\DXEYtnV.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\ydraskF.exe
  C:\Windows\System\ydraskF.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\WGNjruu.exe
  C:\Windows\System\WGNjruu.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\RvwDMTT.exe
  C:\Windows\System\RvwDMTT.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\xzdsMke.exe
  C:\Windows\System\xzdsMke.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\wKphtqI.exe
  C:\Windows\System\wKphtqI.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\YTmqhrP.exe
  C:\Windows\System\YTmqhrP.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\NIwMCvd.exe
  C:\Windows\System\NIwMCvd.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\pKqpfeU.exe
  C:\Windows\System\pKqpfeU.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\hxyhenp.exe
  C:\Windows\System\hxyhenp.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\bbFcBgq.exe
  C:\Windows\System\bbFcBgq.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\uGsQWZN.exe
  C:\Windows\System\uGsQWZN.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\ernEPAH.exe
  C:\Windows\System\ernEPAH.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\pLYXUvI.exe
  C:\Windows\System\pLYXUvI.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\WQVuzfY.exe
  C:\Windows\System\WQVuzfY.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\XyvUJLj.exe
  C:\Windows\System\XyvUJLj.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\lOkCZVH.exe
  C:\Windows\System\lOkCZVH.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\lgNanzC.exe
  C:\Windows\System\lgNanzC.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\OXhFBrA.exe
  C:\Windows\System\OXhFBrA.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\LtnslIe.exe
  C:\Windows\System\LtnslIe.exe
  2⤵
  PID:2172
- C:\Windows\System\qreghvv.exe
  C:\Windows\System\qreghvv.exe
  2⤵
  PID:2092
- C:\Windows\System\smyRdYI.exe
  C:\Windows\System\smyRdYI.exe
  2⤵
  PID:676
- C:\Windows\System\iHVFVLC.exe
  C:\Windows\System\iHVFVLC.exe
  2⤵
  PID:2292
- C:\Windows\System\PomPosY.exe
  C:\Windows\System\PomPosY.exe
  2⤵
  PID:2524
- C:\Windows\System\dVwAwHM.exe
  C:\Windows\System\dVwAwHM.exe
  2⤵
  PID:2500
- C:\Windows\System\gFgyZHB.exe
  C:\Windows\System\gFgyZHB.exe
  2⤵
  PID:1956
- C:\Windows\System\xbtSODP.exe
  C:\Windows\System\xbtSODP.exe
  2⤵
  PID:960
- C:\Windows\System\ehxWThD.exe
  C:\Windows\System\ehxWThD.exe
  2⤵
  PID:1480
- C:\Windows\System\nWTLIyN.exe
  C:\Windows\System\nWTLIyN.exe
  2⤵
  PID:2052
- C:\Windows\System\XfpbOFj.exe
  C:\Windows\System\XfpbOFj.exe
  2⤵
  PID:2396
- C:\Windows\System\zGnVYeq.exe
  C:\Windows\System\zGnVYeq.exe
  2⤵
  PID:2636
- C:\Windows\System\QfJbtmt.exe
  C:\Windows\System\QfJbtmt.exe
  2⤵
  PID:1568
- C:\Windows\System\GMFKQLk.exe
  C:\Windows\System\GMFKQLk.exe
  2⤵
  PID:1680
- C:\Windows\System\cYIPyuk.exe
  C:\Windows\System\cYIPyuk.exe
  2⤵
  PID:1716
- C:\Windows\System\FFXpuBL.exe
  C:\Windows\System\FFXpuBL.exe
  2⤵
  PID:1720
- C:\Windows\System\kNZhBIS.exe
  C:\Windows\System\kNZhBIS.exe
  2⤵
  PID:1436
- C:\Windows\System\CffNGCy.exe
  C:\Windows\System\CffNGCy.exe
  2⤵
  PID:2572
- C:\Windows\System\ODMRlSb.exe
  C:\Windows\System\ODMRlSb.exe
  2⤵
  PID:812
- C:\Windows\System\vgIknAF.exe
  C:\Windows\System\vgIknAF.exe
  2⤵
  PID:1748
- C:\Windows\System\huaAdbK.exe
  C:\Windows\System\huaAdbK.exe
  2⤵
  PID:2128
- C:\Windows\System\VqvYRZJ.exe
  C:\Windows\System\VqvYRZJ.exe
  2⤵
  PID:2928
- C:\Windows\System\vHvPqYL.exe
  C:\Windows\System\vHvPqYL.exe
  2⤵
  PID:2588
- C:\Windows\System\xbnkxbw.exe
  C:\Windows\System\xbnkxbw.exe
  2⤵
  PID:2256
- C:\Windows\System\jzqMYVa.exe
  C:\Windows\System\jzqMYVa.exe
  2⤵
  PID:2184
- C:\Windows\System\sWTysVa.exe
  C:\Windows\System\sWTysVa.exe
  2⤵
  PID:2948
- C:\Windows\System\LwraXEG.exe
  C:\Windows\System\LwraXEG.exe
  2⤵
  PID:1348
- C:\Windows\System\Ticccyy.exe
  C:\Windows\System\Ticccyy.exe
  2⤵
  PID:2720
- C:\Windows\System\DvDREIR.exe
  C:\Windows\System\DvDREIR.exe
  2⤵
  PID:2284
- C:\Windows\System\bKoxmtS.exe
  C:\Windows\System\bKoxmtS.exe
  2⤵
  PID:1752
- C:\Windows\System\bhwfVfn.exe
  C:\Windows\System\bhwfVfn.exe
  2⤵
  PID:296
- C:\Windows\System\idSWOLV.exe
  C:\Windows\System\idSWOLV.exe
  2⤵
  PID:2020
- C:\Windows\System\TLebfJD.exe
  C:\Windows\System\TLebfJD.exe
  2⤵
  PID:2712
- C:\Windows\System\LkGPZXV.exe
  C:\Windows\System\LkGPZXV.exe
  2⤵
  PID:1952
- C:\Windows\System\ZHrpSNh.exe
  C:\Windows\System\ZHrpSNh.exe
  2⤵
  PID:1596
- C:\Windows\System\ySQvWLq.exe
  C:\Windows\System\ySQvWLq.exe
  2⤵
  PID:1620
- C:\Windows\System\BDljPpB.exe
  C:\Windows\System\BDljPpB.exe
  2⤵
  PID:1180
- C:\Windows\System\DovwRLP.exe
  C:\Windows\System\DovwRLP.exe
  2⤵
  PID:2628
- C:\Windows\System\UZMghvm.exe
  C:\Windows\System\UZMghvm.exe
  2⤵
  PID:1932
- C:\Windows\System\NFsRaKe.exe
  C:\Windows\System\NFsRaKe.exe
  2⤵
  PID:2136
- C:\Windows\System\Fghitkr.exe
  C:\Windows\System\Fghitkr.exe
  2⤵
  PID:1676
- C:\Windows\System\lMKsgHX.exe
  C:\Windows\System\lMKsgHX.exe
  2⤵
  PID:1692
- C:\Windows\System\qEUHMFG.exe
  C:\Windows\System\qEUHMFG.exe
  2⤵
  PID:2908
- C:\Windows\System\QIbCjCB.exe
  C:\Windows\System\QIbCjCB.exe
  2⤵
  PID:2328
- C:\Windows\System\lIDpOZO.exe
  C:\Windows\System\lIDpOZO.exe
  2⤵
  PID:2264
- C:\Windows\System\dUKIYtY.exe
  C:\Windows\System\dUKIYtY.exe
  2⤵
  PID:832
- C:\Windows\System\OjTYJZu.exe
  C:\Windows\System\OjTYJZu.exe
  2⤵
  PID:900
- C:\Windows\System\sxOZwAq.exe
  C:\Windows\System\sxOZwAq.exe
  2⤵
  PID:1456
- C:\Windows\System\CofKQby.exe
  C:\Windows\System\CofKQby.exe
  2⤵
  PID:3084
- C:\Windows\System\cZyFVCM.exe
  C:\Windows\System\cZyFVCM.exe
  2⤵
  PID:3100
- C:\Windows\System\pOVcSPs.exe
  C:\Windows\System\pOVcSPs.exe
  2⤵
  PID:3120
- C:\Windows\System\DQzaOmJ.exe
  C:\Windows\System\DQzaOmJ.exe
  2⤵
  PID:3140
- C:\Windows\System\otihpWJ.exe
  C:\Windows\System\otihpWJ.exe
  2⤵
  PID:3160
- C:\Windows\System\hepLfDM.exe
  C:\Windows\System\hepLfDM.exe
  2⤵
  PID:3180
- C:\Windows\System\sEBrCVp.exe
  C:\Windows\System\sEBrCVp.exe
  2⤵
  PID:3208
- C:\Windows\System\hnipQUb.exe
  C:\Windows\System\hnipQUb.exe
  2⤵
  PID:3244
- C:\Windows\System\OZFhwAu.exe
  C:\Windows\System\OZFhwAu.exe
  2⤵
  PID:3264
- C:\Windows\System\jMSvzrY.exe
  C:\Windows\System\jMSvzrY.exe
  2⤵
  PID:3284
- C:\Windows\System\QZSBxOW.exe
  C:\Windows\System\QZSBxOW.exe
  2⤵
  PID:3300
- C:\Windows\System\bjzuIqo.exe
  C:\Windows\System\bjzuIqo.exe
  2⤵
  PID:3320
- C:\Windows\System\phgNwWp.exe
  C:\Windows\System\phgNwWp.exe
  2⤵
  PID:3340
- C:\Windows\System\PDIZhxA.exe
  C:\Windows\System\PDIZhxA.exe
  2⤵
  PID:3356
- C:\Windows\System\vQOKEMg.exe
  C:\Windows\System\vQOKEMg.exe
  2⤵
  PID:3376
- C:\Windows\System\oaynBbZ.exe
  C:\Windows\System\oaynBbZ.exe
  2⤵
  PID:3400
- C:\Windows\System\pXUIPXA.exe
  C:\Windows\System\pXUIPXA.exe
  2⤵
  PID:3416
- C:\Windows\System\XESFkPI.exe
  C:\Windows\System\XESFkPI.exe
  2⤵
  PID:3436
- C:\Windows\System\hUAFrEK.exe
  C:\Windows\System\hUAFrEK.exe
  2⤵
  PID:3452
- C:\Windows\System\zWeYJvd.exe
  C:\Windows\System\zWeYJvd.exe
  2⤵
  PID:3480
- C:\Windows\System\wwWmYkO.exe
  C:\Windows\System\wwWmYkO.exe
  2⤵
  PID:3496
- C:\Windows\System\iZWHVUv.exe
  C:\Windows\System\iZWHVUv.exe
  2⤵
  PID:3512
- C:\Windows\System\KxnerpZ.exe
  C:\Windows\System\KxnerpZ.exe
  2⤵
  PID:3540
- C:\Windows\System\pKsGHdP.exe
  C:\Windows\System\pKsGHdP.exe
  2⤵
  PID:3556
- C:\Windows\System\wGVdvcg.exe
  C:\Windows\System\wGVdvcg.exe
  2⤵
  PID:3572
- C:\Windows\System\OvheYPe.exe
  C:\Windows\System\OvheYPe.exe
  2⤵
  PID:3588
- C:\Windows\System\wBbJFCV.exe
  C:\Windows\System\wBbJFCV.exe
  2⤵
  PID:3612
- C:\Windows\System\yvtzcly.exe
  C:\Windows\System\yvtzcly.exe
  2⤵
  PID:3636
- C:\Windows\System\kZtLuab.exe
  C:\Windows\System\kZtLuab.exe
  2⤵
  PID:3656
- C:\Windows\System\TqcfLrx.exe
  C:\Windows\System\TqcfLrx.exe
  2⤵
  PID:3680
- C:\Windows\System\UdQMlSN.exe
  C:\Windows\System\UdQMlSN.exe
  2⤵
  PID:3700
- C:\Windows\System\fClRjiv.exe
  C:\Windows\System\fClRjiv.exe
  2⤵
  PID:3724
- C:\Windows\System\VaHAbco.exe
  C:\Windows\System\VaHAbco.exe
  2⤵
  PID:3740
- C:\Windows\System\mVnYlKR.exe
  C:\Windows\System\mVnYlKR.exe
  2⤵
  PID:3764
- C:\Windows\System\BMwtRIT.exe
  C:\Windows\System\BMwtRIT.exe
  2⤵
  PID:3784
- C:\Windows\System\SnTsVSb.exe
  C:\Windows\System\SnTsVSb.exe
  2⤵
  PID:3804
- C:\Windows\System\ctzUUBE.exe
  C:\Windows\System\ctzUUBE.exe
  2⤵
  PID:3828
- C:\Windows\System\ixFylbx.exe
  C:\Windows\System\ixFylbx.exe
  2⤵
  PID:3848
- C:\Windows\System\UjDPVIs.exe
  C:\Windows\System\UjDPVIs.exe
  2⤵
  PID:3872
- C:\Windows\System\YDoyasW.exe
  C:\Windows\System\YDoyasW.exe
  2⤵
  PID:3888
- C:\Windows\System\iwLnZnt.exe
  C:\Windows\System\iwLnZnt.exe
  2⤵
  PID:3912
- C:\Windows\System\cVjnEbp.exe
  C:\Windows\System\cVjnEbp.exe
  2⤵
  PID:3932
- C:\Windows\System\kzvaLqW.exe
  C:\Windows\System\kzvaLqW.exe
  2⤵
  PID:3952
- C:\Windows\System\mXvmdzf.exe
  C:\Windows\System\mXvmdzf.exe
  2⤵
  PID:3972
- C:\Windows\System\fGAnuwY.exe
  C:\Windows\System\fGAnuwY.exe
  2⤵
  PID:3988
- C:\Windows\System\cYlmuXR.exe
  C:\Windows\System\cYlmuXR.exe
  2⤵
  PID:4004
- C:\Windows\System\ucIjPZF.exe
  C:\Windows\System\ucIjPZF.exe
  2⤵
  PID:4024
- C:\Windows\System\vuYHCOV.exe
  C:\Windows\System\vuYHCOV.exe
  2⤵
  PID:4044
- C:\Windows\System\RIyvykN.exe
  C:\Windows\System\RIyvykN.exe
  2⤵
  PID:4076
- C:\Windows\System\pcJYeok.exe
  C:\Windows\System\pcJYeok.exe
  2⤵
  PID:2688
- C:\Windows\System\HlQSCWD.exe
  C:\Windows\System\HlQSCWD.exe
  2⤵
  PID:884
- C:\Windows\System\cjkSvvZ.exe
  C:\Windows\System\cjkSvvZ.exe
  2⤵
  PID:2704
- C:\Windows\System\wAbhfku.exe
  C:\Windows\System\wAbhfku.exe
  2⤵
  PID:2056
- C:\Windows\System\sXTfUkC.exe
  C:\Windows\System\sXTfUkC.exe
  2⤵
  PID:2232
- C:\Windows\System\gCcKGHj.exe
  C:\Windows\System\gCcKGHj.exe
  2⤵
  PID:756
- C:\Windows\System\CVLupYz.exe
  C:\Windows\System\CVLupYz.exe
  2⤵
  PID:1184
- C:\Windows\System\aqurJNq.exe
  C:\Windows\System\aqurJNq.exe
  2⤵
  PID:2276
- C:\Windows\System\nLCSUPD.exe
  C:\Windows\System\nLCSUPD.exe
  2⤵
  PID:1912
- C:\Windows\System\DIgzolj.exe
  C:\Windows\System\DIgzolj.exe
  2⤵
  PID:2508
- C:\Windows\System\WXSlvji.exe
  C:\Windows\System\WXSlvji.exe
  2⤵
  PID:3168
- C:\Windows\System\qSzqOKt.exe
  C:\Windows\System\qSzqOKt.exe
  2⤵
  PID:928
- C:\Windows\System\YrzWmzX.exe
  C:\Windows\System\YrzWmzX.exe
  2⤵
  PID:3080
- C:\Windows\System\inuVhSC.exe
  C:\Windows\System\inuVhSC.exe
  2⤵
  PID:3152
- C:\Windows\System\GIyfJAk.exe
  C:\Windows\System\GIyfJAk.exe
  2⤵
  PID:3220
- C:\Windows\System\MzcVfbp.exe
  C:\Windows\System\MzcVfbp.exe
  2⤵
  PID:3272
- C:\Windows\System\qvawuyY.exe
  C:\Windows\System\qvawuyY.exe
  2⤵
  PID:3200
- C:\Windows\System\hXZkkqt.exe
  C:\Windows\System\hXZkkqt.exe
  2⤵
  PID:3348
- C:\Windows\System\qeNSpoX.exe
  C:\Windows\System\qeNSpoX.exe
  2⤵
  PID:3424
- C:\Windows\System\jPUUMgW.exe
  C:\Windows\System\jPUUMgW.exe
  2⤵
  PID:3260
- C:\Windows\System\iHGskhb.exe
  C:\Windows\System\iHGskhb.exe
  2⤵
  PID:3292
- C:\Windows\System\kUOpgMo.exe
  C:\Windows\System\kUOpgMo.exe
  2⤵
  PID:3508
- C:\Windows\System\aYujTTS.exe
  C:\Windows\System\aYujTTS.exe
  2⤵
  PID:3408
- C:\Windows\System\HGwCIAW.exe
  C:\Windows\System\HGwCIAW.exe
  2⤵
  PID:3328
- C:\Windows\System\fBEPwYW.exe
  C:\Windows\System\fBEPwYW.exe
  2⤵
  PID:3624
- C:\Windows\System\ViQMqrR.exe
  C:\Windows\System\ViQMqrR.exe
  2⤵
  PID:3520
- C:\Windows\System\txrtZdY.exe
  C:\Windows\System\txrtZdY.exe
  2⤵
  PID:3672
- C:\Windows\System\BRBjEDN.exe
  C:\Windows\System\BRBjEDN.exe
  2⤵
  PID:3688
- C:\Windows\System\uZtvcpx.exe
  C:\Windows\System\uZtvcpx.exe
  2⤵
  PID:3568
- C:\Windows\System\zqZqAWq.exe
  C:\Windows\System\zqZqAWq.exe
  2⤵
  PID:3716
- C:\Windows\System\kVKahKg.exe
  C:\Windows\System\kVKahKg.exe
  2⤵
  PID:3792
- C:\Windows\System\ETTrPmW.exe
  C:\Windows\System\ETTrPmW.exe
  2⤵
  PID:3780
- C:\Windows\System\GhBYTJg.exe
  C:\Windows\System\GhBYTJg.exe
  2⤵
  PID:3840
- C:\Windows\System\cyFvpTI.exe
  C:\Windows\System\cyFvpTI.exe
  2⤵
  PID:3880
- C:\Windows\System\uqxOMLA.exe
  C:\Windows\System\uqxOMLA.exe
  2⤵
  PID:3860
- C:\Windows\System\XDujEid.exe
  C:\Windows\System\XDujEid.exe
  2⤵
  PID:3924
- C:\Windows\System\wPZJJRt.exe
  C:\Windows\System\wPZJJRt.exe
  2⤵
  PID:3908
- C:\Windows\System\sXHaAIg.exe
  C:\Windows\System\sXHaAIg.exe
  2⤵
  PID:3944
- C:\Windows\System\wtcYIlp.exe
  C:\Windows\System\wtcYIlp.exe
  2⤵
  PID:4012
- C:\Windows\System\LdTUSHx.exe
  C:\Windows\System\LdTUSHx.exe
  2⤵
  PID:4040
- C:\Windows\System\YMkLwrV.exe
  C:\Windows\System\YMkLwrV.exe
  2⤵
  PID:1624
- C:\Windows\System\bCBdmqV.exe
  C:\Windows\System\bCBdmqV.exe
  2⤵
  PID:4088
- C:\Windows\System\eqFQvgl.exe
  C:\Windows\System\eqFQvgl.exe
  2⤵
  PID:1700
- C:\Windows\System\aUNddhb.exe
  C:\Windows\System\aUNddhb.exe
  2⤵
  PID:2324
- C:\Windows\System\IauQYQi.exe
  C:\Windows\System\IauQYQi.exe
  2⤵
  PID:1756
- C:\Windows\System\MApNCLi.exe
  C:\Windows\System\MApNCLi.exe
  2⤵
  PID:4072
- C:\Windows\System\ovXPwBw.exe
  C:\Windows\System\ovXPwBw.exe
  2⤵
  PID:4068
- C:\Windows\System\XoKaDEn.exe
  C:\Windows\System\XoKaDEn.exe
  2⤵
  PID:236
- C:\Windows\System\mbzbIDW.exe
  C:\Windows\System\mbzbIDW.exe
  2⤵
  PID:2904
- C:\Windows\System\uxEuBcB.exe
  C:\Windows\System\uxEuBcB.exe
  2⤵
  PID:944
- C:\Windows\System\xIJzNRt.exe
  C:\Windows\System\xIJzNRt.exe
  2⤵
  PID:1004
- C:\Windows\System\hxiFYyo.exe
  C:\Windows\System\hxiFYyo.exe
  2⤵
  PID:836
- C:\Windows\System\ftAXcJA.exe
  C:\Windows\System\ftAXcJA.exe
  2⤵
  PID:3112
- C:\Windows\System\HgFCCse.exe
  C:\Windows\System\HgFCCse.exe
  2⤵
  PID:1640
- C:\Windows\System\bUYVLwW.exe
  C:\Windows\System\bUYVLwW.exe
  2⤵
  PID:2744
- C:\Windows\System\Zynhdcz.exe
  C:\Windows\System\Zynhdcz.exe
  2⤵
  PID:3204
- C:\Windows\System\PUUihvn.exe
  C:\Windows\System\PUUihvn.exe
  2⤵
  PID:3472
- C:\Windows\System\dzHcRfh.exe
  C:\Windows\System\dzHcRfh.exe
  2⤵
  PID:2756
- C:\Windows\System\POwLAIl.exe
  C:\Windows\System\POwLAIl.exe
  2⤵
  PID:3488
- C:\Windows\System\sBwKIiF.exe
  C:\Windows\System\sBwKIiF.exe
  2⤵
  PID:3428
- C:\Windows\System\ZbsyHWs.exe
  C:\Windows\System\ZbsyHWs.exe
  2⤵
  PID:3756
- C:\Windows\System\qqSOYPi.exe
  C:\Windows\System\qqSOYPi.exe
  2⤵
  PID:3648
- C:\Windows\System\iLuQyTn.exe
  C:\Windows\System\iLuQyTn.exe
  2⤵
  PID:3652
- C:\Windows\System\RroKwri.exe
  C:\Windows\System\RroKwri.exe
  2⤵
  PID:3836
- C:\Windows\System\CNwPPfw.exe
  C:\Windows\System\CNwPPfw.exe
  2⤵
  PID:3968
- C:\Windows\System\obxQySC.exe
  C:\Windows\System\obxQySC.exe
  2⤵
  PID:3984
- C:\Windows\System\uTaIvOr.exe
  C:\Windows\System\uTaIvOr.exe
  2⤵
  PID:4060
- C:\Windows\System\bSBoUGc.exe
  C:\Windows\System\bSBoUGc.exe
  2⤵
  PID:1644
- C:\Windows\System\ewpEItQ.exe
  C:\Windows\System\ewpEItQ.exe
  2⤵
  PID:3816
- C:\Windows\System\JdtCWbU.exe
  C:\Windows\System\JdtCWbU.exe
  2⤵
  PID:3132
- C:\Windows\System\eAuEkFC.exe
  C:\Windows\System\eAuEkFC.exe
  2⤵
  PID:3388
- C:\Windows\System\IyNDHWk.exe
  C:\Windows\System\IyNDHWk.exe
  2⤵
  PID:2700
- C:\Windows\System\JuCJICx.exe
  C:\Windows\System\JuCJICx.exe
  2⤵
  PID:2504
- C:\Windows\System\mrEBdAW.exe
  C:\Windows\System\mrEBdAW.exe
  2⤵
  PID:3364
- C:\Windows\System\onqghlr.exe
  C:\Windows\System\onqghlr.exe
  2⤵
  PID:3240
- C:\Windows\System\RtfsWix.exe
  C:\Windows\System\RtfsWix.exe
  2⤵
  PID:3396
- C:\Windows\System\LMdcCdF.exe
  C:\Windows\System\LMdcCdF.exe
  2⤵
  PID:2208
- C:\Windows\System\DFmxQyr.exe
  C:\Windows\System\DFmxQyr.exe
  2⤵
  PID:3148
- C:\Windows\System\STWXjqc.exe
  C:\Windows\System\STWXjqc.exe
  2⤵
  PID:3532
- C:\Windows\System\bUeXEHj.exe
  C:\Windows\System\bUeXEHj.exe
  2⤵
  PID:3552
- C:\Windows\System\OhCQnpO.exe
  C:\Windows\System\OhCQnpO.exe
  2⤵
  PID:2356
- C:\Windows\System\MwBxDXA.exe
  C:\Windows\System\MwBxDXA.exe
  2⤵
  PID:2272
- C:\Windows\System\hGyAOLV.exe
  C:\Windows\System\hGyAOLV.exe
  2⤵
  PID:3824
- C:\Windows\System\MUybYoA.exe
  C:\Windows\System\MUybYoA.exe
  2⤵
  PID:4056
- C:\Windows\System\jrABtDX.exe
  C:\Windows\System\jrABtDX.exe
  2⤵
  PID:3720
- C:\Windows\System\dnFZAqH.exe
  C:\Windows\System\dnFZAqH.exe
  2⤵
  PID:3776
- C:\Windows\System\CUqinre.exe
  C:\Windows\System\CUqinre.exe
  2⤵
  PID:3812
- C:\Windows\System\RCoGDrD.exe
  C:\Windows\System\RCoGDrD.exe
  2⤵
  PID:1324
- C:\Windows\System\JaCsdYK.exe
  C:\Windows\System\JaCsdYK.exe
  2⤵
  PID:2952
- C:\Windows\System\ooapsqe.exe
  C:\Windows\System\ooapsqe.exe
  2⤵
  PID:2924
- C:\Windows\System\QJRTXtr.exe
  C:\Windows\System\QJRTXtr.exe
  2⤵
  PID:3336
- C:\Windows\System\QIZShyz.exe
  C:\Windows\System\QIZShyz.exe
  2⤵
  PID:2564
- C:\Windows\System\WKhRlxu.exe
  C:\Windows\System\WKhRlxu.exe
  2⤵
  PID:4116
- C:\Windows\System\PjGxyzL.exe
  C:\Windows\System\PjGxyzL.exe
  2⤵
  PID:4136
- C:\Windows\System\vYWyCyw.exe
  C:\Windows\System\vYWyCyw.exe
  2⤵
  PID:4156
- C:\Windows\System\HxESnpP.exe
  C:\Windows\System\HxESnpP.exe
  2⤵
  PID:4172
- C:\Windows\System\ZGUjDhV.exe
  C:\Windows\System\ZGUjDhV.exe
  2⤵
  PID:4192
- C:\Windows\System\bIpZPEN.exe
  C:\Windows\System\bIpZPEN.exe
  2⤵
  PID:4212
- C:\Windows\System\hRuYlqa.exe
  C:\Windows\System\hRuYlqa.exe
  2⤵
  PID:4232
- C:\Windows\System\wPmpOjG.exe
  C:\Windows\System\wPmpOjG.exe
  2⤵
  PID:4252
- C:\Windows\System\PDNaLOL.exe
  C:\Windows\System\PDNaLOL.exe
  2⤵
  PID:4268
- C:\Windows\System\rTVMvGT.exe
  C:\Windows\System\rTVMvGT.exe
  2⤵
  PID:4288
- C:\Windows\System\NpLGOSd.exe
  C:\Windows\System\NpLGOSd.exe
  2⤵
  PID:4304
- C:\Windows\System\nSTlILJ.exe
  C:\Windows\System\nSTlILJ.exe
  2⤵
  PID:4332
- C:\Windows\System\dxyBota.exe
  C:\Windows\System\dxyBota.exe
  2⤵
  PID:4356
- C:\Windows\System\iMiNLsq.exe
  C:\Windows\System\iMiNLsq.exe
  2⤵
  PID:4376
- C:\Windows\System\bAeQIEk.exe
  C:\Windows\System\bAeQIEk.exe
  2⤵
  PID:4396
- C:\Windows\System\HuQrjFU.exe
  C:\Windows\System\HuQrjFU.exe
  2⤵
  PID:4412
- C:\Windows\System\dkwjAgi.exe
  C:\Windows\System\dkwjAgi.exe
  2⤵
  PID:4436
- C:\Windows\System\BZokCgG.exe
  C:\Windows\System\BZokCgG.exe
  2⤵
  PID:4456
- C:\Windows\System\gEpBiuW.exe
  C:\Windows\System\gEpBiuW.exe
  2⤵
  PID:4480
- C:\Windows\System\eQvzWAV.exe
  C:\Windows\System\eQvzWAV.exe
  2⤵
  PID:4504
- C:\Windows\System\YdPUcXE.exe
  C:\Windows\System\YdPUcXE.exe
  2⤵
  PID:4524
- C:\Windows\System\uiAzynp.exe
  C:\Windows\System\uiAzynp.exe
  2⤵
  PID:4544
- C:\Windows\System\pQEdYYS.exe
  C:\Windows\System\pQEdYYS.exe
  2⤵
  PID:4564
- C:\Windows\System\GBSLRxe.exe
  C:\Windows\System\GBSLRxe.exe
  2⤵
  PID:4584
- C:\Windows\System\QMifSrH.exe
  C:\Windows\System\QMifSrH.exe
  2⤵
  PID:4604
- C:\Windows\System\qQNUyJy.exe
  C:\Windows\System\qQNUyJy.exe
  2⤵
  PID:4624
- C:\Windows\System\EUAUJRX.exe
  C:\Windows\System\EUAUJRX.exe
  2⤵
  PID:4644
- C:\Windows\System\lWoLnNV.exe
  C:\Windows\System\lWoLnNV.exe
  2⤵
  PID:4664
- C:\Windows\System\UsEinBy.exe
  C:\Windows\System\UsEinBy.exe
  2⤵
  PID:4684
- C:\Windows\System\nKCPPJk.exe
  C:\Windows\System\nKCPPJk.exe
  2⤵
  PID:4700
- C:\Windows\System\UDnKOue.exe
  C:\Windows\System\UDnKOue.exe
  2⤵
  PID:4716
- C:\Windows\System\hhEKfGr.exe
  C:\Windows\System\hhEKfGr.exe
  2⤵
  PID:4740
- C:\Windows\System\vhgxYQG.exe
  C:\Windows\System\vhgxYQG.exe
  2⤵
  PID:4764
- C:\Windows\System\SSxprUv.exe
  C:\Windows\System\SSxprUv.exe
  2⤵
  PID:4784
- C:\Windows\System\QRoDUbG.exe
  C:\Windows\System\QRoDUbG.exe
  2⤵
  PID:4804
- C:\Windows\System\IoDwciT.exe
  C:\Windows\System\IoDwciT.exe
  2⤵
  PID:4824
- C:\Windows\System\KafjhRy.exe
  C:\Windows\System\KafjhRy.exe
  2⤵
  PID:4848
- C:\Windows\System\EtJDrYz.exe
  C:\Windows\System\EtJDrYz.exe
  2⤵
  PID:4868
- C:\Windows\System\hpNdpyN.exe
  C:\Windows\System\hpNdpyN.exe
  2⤵
  PID:4888
- C:\Windows\System\MvKMSNo.exe
  C:\Windows\System\MvKMSNo.exe
  2⤵
  PID:4908
- C:\Windows\System\NQNBkqe.exe
  C:\Windows\System\NQNBkqe.exe
  2⤵
  PID:4932
- C:\Windows\System\eyIaBsB.exe
  C:\Windows\System\eyIaBsB.exe
  2⤵
  PID:4952
- C:\Windows\System\Nshfksf.exe
  C:\Windows\System\Nshfksf.exe
  2⤵
  PID:4972
- C:\Windows\System\WMlKMMj.exe
  C:\Windows\System\WMlKMMj.exe
  2⤵
  PID:4988
- C:\Windows\System\tOKpFvY.exe
  C:\Windows\System\tOKpFvY.exe
  2⤵
  PID:5004
- C:\Windows\System\DPDxWpG.exe
  C:\Windows\System\DPDxWpG.exe
  2⤵
  PID:5028
- C:\Windows\System\HBkpGeI.exe
  C:\Windows\System\HBkpGeI.exe
  2⤵
  PID:5052
- C:\Windows\System\nHCXrHr.exe
  C:\Windows\System\nHCXrHr.exe
  2⤵
  PID:5072
- C:\Windows\System\LvwhVQE.exe
  C:\Windows\System\LvwhVQE.exe
  2⤵
  PID:5092
- C:\Windows\System\oVkklXr.exe
  C:\Windows\System\oVkklXr.exe
  2⤵
  PID:5112
- C:\Windows\System\tXBUCua.exe
  C:\Windows\System\tXBUCua.exe
  2⤵
  PID:3620
- C:\Windows\System\yEyvoEN.exe
  C:\Windows\System\yEyvoEN.exe
  2⤵
  PID:3596
- C:\Windows\System\ZbKFGet.exe
  C:\Windows\System\ZbKFGet.exe
  2⤵
  PID:3608
- C:\Windows\System\hlwkeup.exe
  C:\Windows\System\hlwkeup.exe
  2⤵
  PID:4000
- C:\Windows\System\GZkKyCS.exe
  C:\Windows\System\GZkKyCS.exe
  2⤵
  PID:2832
- C:\Windows\System\nKToFqN.exe
  C:\Windows\System\nKToFqN.exe
  2⤵
  PID:3856
- C:\Windows\System\txUQMue.exe
  C:\Windows\System\txUQMue.exe
  2⤵
  PID:2976
- C:\Windows\System\ewlNsRu.exe
  C:\Windows\System\ewlNsRu.exe
  2⤵
  PID:2972
- C:\Windows\System\sJmbDCI.exe
  C:\Windows\System\sJmbDCI.exe
  2⤵
  PID:3216
- C:\Windows\System\PjiBBjX.exe
  C:\Windows\System\PjiBBjX.exe
  2⤵
  PID:3964
- C:\Windows\System\FYcfDJA.exe
  C:\Windows\System\FYcfDJA.exe
  2⤵
  PID:4148
- C:\Windows\System\eOjSaTI.exe
  C:\Windows\System\eOjSaTI.exe
  2⤵
  PID:3372
- C:\Windows\System\zvMgoQl.exe
  C:\Windows\System\zvMgoQl.exe
  2⤵
  PID:4128
- C:\Windows\System\mYlLOLG.exe
  C:\Windows\System\mYlLOLG.exe
  2⤵
  PID:4200
- C:\Windows\System\CJmZQaG.exe
  C:\Windows\System\CJmZQaG.exe
  2⤵
  PID:4296
- C:\Windows\System\PyEDLxs.exe
  C:\Windows\System\PyEDLxs.exe
  2⤵
  PID:4248
- C:\Windows\System\YsZzYty.exe
  C:\Windows\System\YsZzYty.exe
  2⤵
  PID:4344
- C:\Windows\System\kNiXgkf.exe
  C:\Windows\System\kNiXgkf.exe
  2⤵
  PID:4324
- C:\Windows\System\hXyXXLE.exe
  C:\Windows\System\hXyXXLE.exe
  2⤵
  PID:4384
- C:\Windows\System\HquJuOv.exe
  C:\Windows\System\HquJuOv.exe
  2⤵
  PID:4428
- C:\Windows\System\QKwYFaE.exe
  C:\Windows\System\QKwYFaE.exe
  2⤵
  PID:4468
- C:\Windows\System\djtjYpd.exe
  C:\Windows\System\djtjYpd.exe
  2⤵
  PID:4444
- C:\Windows\System\WOwqzvV.exe
  C:\Windows\System\WOwqzvV.exe
  2⤵
  PID:4500
- C:\Windows\System\OORxNJS.exe
  C:\Windows\System\OORxNJS.exe
  2⤵
  PID:4560
- C:\Windows\System\NBxKYDa.exe
  C:\Windows\System\NBxKYDa.exe
  2⤵
  PID:4632
- C:\Windows\System\AxAWEqZ.exe
  C:\Windows\System\AxAWEqZ.exe
  2⤵
  PID:4576
- C:\Windows\System\grjPFIs.exe
  C:\Windows\System\grjPFIs.exe
  2⤵
  PID:4652
- C:\Windows\System\qmPboMl.exe
  C:\Windows\System\qmPboMl.exe
  2⤵
  PID:4656
- C:\Windows\System\wPJDsUT.exe
  C:\Windows\System\wPJDsUT.exe
  2⤵
  PID:4756
- C:\Windows\System\GQTHnAy.exe
  C:\Windows\System\GQTHnAy.exe
  2⤵
  PID:4732
- C:\Windows\System\IBtRCZK.exe
  C:\Windows\System\IBtRCZK.exe
  2⤵
  PID:4772
- C:\Windows\System\HdVvJdF.exe
  C:\Windows\System\HdVvJdF.exe
  2⤵
  PID:4496
- C:\Windows\System\iSSlpBf.exe
  C:\Windows\System\iSSlpBf.exe
  2⤵
  PID:4836
- C:\Windows\System\BnKrrZW.exe
  C:\Windows\System\BnKrrZW.exe
  2⤵
  PID:4864
- C:\Windows\System\MXChxNg.exe
  C:\Windows\System\MXChxNg.exe
  2⤵
  PID:4904
- C:\Windows\System\VPDSzff.exe
  C:\Windows\System\VPDSzff.exe
  2⤵
  PID:4940
- C:\Windows\System\eVNDSSf.exe
  C:\Windows\System\eVNDSSf.exe
  2⤵
  PID:5036
- C:\Windows\System\osVSSWh.exe
  C:\Windows\System\osVSSWh.exe
  2⤵
  PID:4984
- C:\Windows\System\qtQGnGa.exe
  C:\Windows\System\qtQGnGa.exe
  2⤵
  PID:5012
- C:\Windows\System\ZOmVRir.exe
  C:\Windows\System\ZOmVRir.exe
  2⤵
  PID:5064
- C:\Windows\System\vNsVklh.exe
  C:\Windows\System\vNsVklh.exe
  2⤵
  PID:5100
- C:\Windows\System\Cdnfwfj.exe
  C:\Windows\System\Cdnfwfj.exe
  2⤵
  PID:3600
- C:\Windows\System\ErHnSiy.exe
  C:\Windows\System\ErHnSiy.exe
  2⤵
  PID:2380
- C:\Windows\System\JyFrmZG.exe
  C:\Windows\System\JyFrmZG.exe
  2⤵
  PID:2168
- C:\Windows\System\pGDNbQe.exe
  C:\Windows\System\pGDNbQe.exe
  2⤵
  PID:1532
- C:\Windows\System\oMgneQY.exe
  C:\Windows\System\oMgneQY.exe
  2⤵
  PID:4152
- C:\Windows\System\ONafTvc.exe
  C:\Windows\System\ONafTvc.exe
  2⤵
  PID:3664
- C:\Windows\System\LvaSxGQ.exe
  C:\Windows\System\LvaSxGQ.exe
  2⤵
  PID:4184
- C:\Windows\System\pmtLeAS.exe
  C:\Windows\System\pmtLeAS.exe
  2⤵
  PID:4208
- C:\Windows\System\NnshDCs.exe
  C:\Windows\System\NnshDCs.exe
  2⤵
  PID:4340
- C:\Windows\System\oHtocgd.exe
  C:\Windows\System\oHtocgd.exe
  2⤵
  PID:4364
- C:\Windows\System\erqLBQK.exe
  C:\Windows\System\erqLBQK.exe
  2⤵
  PID:4372
- C:\Windows\System\BduNzuD.exe
  C:\Windows\System\BduNzuD.exe
  2⤵
  PID:4420
- C:\Windows\System\DlLGcvh.exe
  C:\Windows\System\DlLGcvh.exe
  2⤵
  PID:4408
- C:\Windows\System\UlqJaso.exe
  C:\Windows\System\UlqJaso.exe
  2⤵
  PID:4600
- C:\Windows\System\HlkVOVx.exe
  C:\Windows\System\HlkVOVx.exe
  2⤵
  PID:4580
- C:\Windows\System\GrcbhRh.exe
  C:\Windows\System\GrcbhRh.exe
  2⤵
  PID:4680
- C:\Windows\System\JUjxclM.exe
  C:\Windows\System\JUjxclM.exe
  2⤵
  PID:4728
- C:\Windows\System\cppLSeF.exe
  C:\Windows\System\cppLSeF.exe
  2⤵
  PID:4816
- C:\Windows\System\PbWNcUA.exe
  C:\Windows\System\PbWNcUA.exe
  2⤵
  PID:4776
- C:\Windows\System\vWYKlkB.exe
  C:\Windows\System\vWYKlkB.exe
  2⤵
  PID:5000
- C:\Windows\System\wqpDFzm.exe
  C:\Windows\System\wqpDFzm.exe
  2⤵
  PID:4880
- C:\Windows\System\oNxJfmR.exe
  C:\Windows\System\oNxJfmR.exe
  2⤵
  PID:5088
- C:\Windows\System\egzCREq.exe
  C:\Windows\System\egzCREq.exe
  2⤵
  PID:5040
- C:\Windows\System\magbFkB.exe
  C:\Windows\System\magbFkB.exe
  2⤵
  PID:5060
- C:\Windows\System\FmsXPwO.exe
  C:\Windows\System\FmsXPwO.exe
  2⤵
  PID:3760
- C:\Windows\System\jVpLBdW.exe
  C:\Windows\System\jVpLBdW.exe
  2⤵
  PID:3868
- C:\Windows\System\JqvbdAj.exe
  C:\Windows\System\JqvbdAj.exe
  2⤵
  PID:3444
- C:\Windows\System\DVDXdBK.exe
  C:\Windows\System\DVDXdBK.exe
  2⤵
  PID:2816
- C:\Windows\System\ZkElrCn.exe
  C:\Windows\System\ZkElrCn.exe
  2⤵
  PID:4132
- C:\Windows\System\ERarmgw.exe
  C:\Windows\System\ERarmgw.exe
  2⤵
  PID:4244
- C:\Windows\System\YKDAZQc.exe
  C:\Windows\System\YKDAZQc.exe
  2⤵
  PID:4464
- C:\Windows\System\pFNUYyX.exe
  C:\Windows\System\pFNUYyX.exe
  2⤵
  PID:2848
- C:\Windows\System\yDxnVWT.exe
  C:\Windows\System\yDxnVWT.exe
  2⤵
  PID:4448
- C:\Windows\System\VxJvOob.exe
  C:\Windows\System\VxJvOob.exe
  2⤵
  PID:4696
- C:\Windows\System\bwbNRjg.exe
  C:\Windows\System\bwbNRjg.exe
  2⤵
  PID:4752
- C:\Windows\System\CnBBogM.exe
  C:\Windows\System\CnBBogM.exe
  2⤵
  PID:4896
- C:\Windows\System\KDtwgST.exe
  C:\Windows\System\KDtwgST.exe
  2⤵
  PID:4996
- C:\Windows\System\jKgJXCy.exe
  C:\Windows\System\jKgJXCy.exe
  2⤵
  PID:1888
- C:\Windows\System\ErgsTTA.exe
  C:\Windows\System\ErgsTTA.exe
  2⤵
  PID:5132
- C:\Windows\System\QbwCaBK.exe
  C:\Windows\System\QbwCaBK.exe
  2⤵
  PID:5156
- C:\Windows\System\kXOYdvQ.exe
  C:\Windows\System\kXOYdvQ.exe
  2⤵
  PID:5176
- C:\Windows\System\FcEdgvg.exe
  C:\Windows\System\FcEdgvg.exe
  2⤵
  PID:5196
- C:\Windows\System\LolKOTy.exe
  C:\Windows\System\LolKOTy.exe
  2⤵
  PID:5212
- C:\Windows\System\YyUYHyq.exe
  C:\Windows\System\YyUYHyq.exe
  2⤵
  PID:5236
- C:\Windows\System\PjIfayV.exe
  C:\Windows\System\PjIfayV.exe
  2⤵
  PID:5256
- C:\Windows\System\NCYWbgT.exe
  C:\Windows\System\NCYWbgT.exe
  2⤵
  PID:5276
- C:\Windows\System\OSaGFII.exe
  C:\Windows\System\OSaGFII.exe
  2⤵
  PID:5296
- C:\Windows\System\YYArHhB.exe
  C:\Windows\System\YYArHhB.exe
  2⤵
  PID:5316
- C:\Windows\System\tmXubew.exe
  C:\Windows\System\tmXubew.exe
  2⤵
  PID:5336
- C:\Windows\System\CAtfrqM.exe
  C:\Windows\System\CAtfrqM.exe
  2⤵
  PID:5356
- C:\Windows\System\ycHmKSG.exe
  C:\Windows\System\ycHmKSG.exe
  2⤵
  PID:5372
- C:\Windows\System\WdxSbHp.exe
  C:\Windows\System\WdxSbHp.exe
  2⤵
  PID:5388
- C:\Windows\System\gXKQSkH.exe
  C:\Windows\System\gXKQSkH.exe
  2⤵
  PID:5412
- C:\Windows\System\jXLfLpi.exe
  C:\Windows\System\jXLfLpi.exe
  2⤵
  PID:5436
- C:\Windows\System\BqLBCqd.exe
  C:\Windows\System\BqLBCqd.exe
  2⤵
  PID:5456
- C:\Windows\System\GDDtNWQ.exe
  C:\Windows\System\GDDtNWQ.exe
  2⤵
  PID:5480
- C:\Windows\System\RQCnPNo.exe
  C:\Windows\System\RQCnPNo.exe
  2⤵
  PID:5500
- C:\Windows\System\LNNkGJe.exe
  C:\Windows\System\LNNkGJe.exe
  2⤵
  PID:5520
- C:\Windows\System\WEevVFG.exe
  C:\Windows\System\WEevVFG.exe
  2⤵
  PID:5540
- C:\Windows\System\PRjvyNn.exe
  C:\Windows\System\PRjvyNn.exe
  2⤵
  PID:5560
- C:\Windows\System\ecMesuC.exe
  C:\Windows\System\ecMesuC.exe
  2⤵
  PID:5584
- C:\Windows\System\BQtIysE.exe
  C:\Windows\System\BQtIysE.exe
  2⤵
  PID:5604
- C:\Windows\System\dWYBubX.exe
  C:\Windows\System\dWYBubX.exe
  2⤵
  PID:5624
- C:\Windows\System\yenHfiS.exe
  C:\Windows\System\yenHfiS.exe
  2⤵
  PID:5644
- C:\Windows\System\HSjHYJF.exe
  C:\Windows\System\HSjHYJF.exe
  2⤵
  PID:5660
- C:\Windows\System\TOClZAM.exe
  C:\Windows\System\TOClZAM.exe
  2⤵
  PID:5676
- C:\Windows\System\haLYdMl.exe
  C:\Windows\System\haLYdMl.exe
  2⤵
  PID:5700
- C:\Windows\System\bTpXuRS.exe
  C:\Windows\System\bTpXuRS.exe
  2⤵
  PID:5716
- C:\Windows\System\hckFmsJ.exe
  C:\Windows\System\hckFmsJ.exe
  2⤵
  PID:5736
- C:\Windows\System\FThAYha.exe
  C:\Windows\System\FThAYha.exe
  2⤵
  PID:5760
- C:\Windows\System\IrJPuok.exe
  C:\Windows\System\IrJPuok.exe
  2⤵
  PID:5784
- C:\Windows\System\cEWsocp.exe
  C:\Windows\System\cEWsocp.exe
  2⤵
  PID:5800
- C:\Windows\System\uIjtZlo.exe
  C:\Windows\System\uIjtZlo.exe
  2⤵
  PID:5820
- C:\Windows\System\txrGkZP.exe
  C:\Windows\System\txrGkZP.exe
  2⤵
  PID:5840
- C:\Windows\System\zppFDWf.exe
  C:\Windows\System\zppFDWf.exe
  2⤵
  PID:5864
- C:\Windows\System\doVgmKM.exe
  C:\Windows\System\doVgmKM.exe
  2⤵
  PID:5884
- C:\Windows\System\dfAMPHd.exe
  C:\Windows\System\dfAMPHd.exe
  2⤵
  PID:5904
- C:\Windows\System\AtVEfxR.exe
  C:\Windows\System\AtVEfxR.exe
  2⤵
  PID:5928
- C:\Windows\System\ezOcKWd.exe
  C:\Windows\System\ezOcKWd.exe
  2⤵
  PID:5944
- C:\Windows\System\qDqEnJg.exe
  C:\Windows\System\qDqEnJg.exe
  2⤵
  PID:5960
- C:\Windows\System\MyLieHS.exe
  C:\Windows\System\MyLieHS.exe
  2⤵
  PID:5988
- C:\Windows\System\pMcxhjo.exe
  C:\Windows\System\pMcxhjo.exe
  2⤵
  PID:6020
- C:\Windows\System\qzYefNj.exe
  C:\Windows\System\qzYefNj.exe
  2⤵
  PID:6036
- C:\Windows\System\DVxGPSx.exe
  C:\Windows\System\DVxGPSx.exe
  2⤵
  PID:6060
- C:\Windows\System\DIfNDho.exe
  C:\Windows\System\DIfNDho.exe
  2⤵
  PID:6080
- C:\Windows\System\xkYgfRT.exe
  C:\Windows\System\xkYgfRT.exe
  2⤵
  PID:6100
- C:\Windows\System\pIMTjtd.exe
  C:\Windows\System\pIMTjtd.exe
  2⤵
  PID:6120
- C:\Windows\System\eeLKxku.exe
  C:\Windows\System\eeLKxku.exe
  2⤵
  PID:3236
- C:\Windows\System\RNbKUEz.exe
  C:\Windows\System\RNbKUEz.exe
  2⤵
  PID:4616
- C:\Windows\System\wDPPwmk.exe
  C:\Windows\System\wDPPwmk.exe
  2⤵
  PID:4620
- C:\Windows\System\fUmYenD.exe
  C:\Windows\System\fUmYenD.exe
  2⤵
  PID:4964
- C:\Windows\System\YQIjLIK.exe
  C:\Windows\System\YQIjLIK.exe
  2⤵
  PID:5152
- C:\Windows\System\KWBUtwW.exe
  C:\Windows\System\KWBUtwW.exe
  2⤵
  PID:3052
- C:\Windows\System\XfFwuui.exe
  C:\Windows\System\XfFwuui.exe
  2⤵
  PID:5220
- C:\Windows\System\uPKqmbi.exe
  C:\Windows\System\uPKqmbi.exe
  2⤵
  PID:5204
- C:\Windows\System\FigDhtl.exe
  C:\Windows\System\FigDhtl.exe
  2⤵
  PID:5264
- C:\Windows\System\WJHgcOy.exe
  C:\Windows\System\WJHgcOy.exe
  2⤵
  PID:5244
- C:\Windows\System\HLyTJeA.exe
  C:\Windows\System\HLyTJeA.exe
  2⤵
  PID:5292
- C:\Windows\System\zqkgRQq.exe
  C:\Windows\System\zqkgRQq.exe
  2⤵
  PID:5352
- C:\Windows\System\fOEhfMy.exe
  C:\Windows\System\fOEhfMy.exe
  2⤵
  PID:5364
- C:\Windows\System\drMHGXS.exe
  C:\Windows\System\drMHGXS.exe
  2⤵
  PID:5464
- C:\Windows\System\QRgoMXd.exe
  C:\Windows\System\QRgoMXd.exe
  2⤵
  PID:5472
- C:\Windows\System\qGJkBKA.exe
  C:\Windows\System\qGJkBKA.exe
  2⤵
  PID:2468
- C:\Windows\System\HjvBRIv.exe
  C:\Windows\System\HjvBRIv.exe
  2⤵
  PID:5508
- C:\Windows\System\SXsAgbQ.exe
  C:\Windows\System\SXsAgbQ.exe
  2⤵
  PID:5488
- C:\Windows\System\rFyPGuW.exe
  C:\Windows\System\rFyPGuW.exe
  2⤵
  PID:5596
- C:\Windows\System\BqxgjSD.exe
  C:\Windows\System\BqxgjSD.exe
  2⤵
  PID:5532
- C:\Windows\System\pTGDoaX.exe
  C:\Windows\System\pTGDoaX.exe
  2⤵
  PID:5640
- C:\Windows\System\FTWRKFD.exe
  C:\Windows\System\FTWRKFD.exe
  2⤵
  PID:5616
- C:\Windows\System\KpeoFek.exe
  C:\Windows\System\KpeoFek.exe
  2⤵
  PID:5652
- C:\Windows\System\TENSlPN.exe
  C:\Windows\System\TENSlPN.exe
  2⤵
  PID:5696
- C:\Windows\System\NouMTRi.exe
  C:\Windows\System\NouMTRi.exe
  2⤵
  PID:5832
- C:\Windows\System\ftMZBVA.exe
  C:\Windows\System\ftMZBVA.exe
  2⤵
  PID:5684
- C:\Windows\System\nmdAuKB.exe
  C:\Windows\System\nmdAuKB.exe
  2⤵
  PID:2648
- C:\Windows\System\QeEKFug.exe
  C:\Windows\System\QeEKFug.exe
  2⤵
  PID:1120
- C:\Windows\System\xRLfYTD.exe
  C:\Windows\System\xRLfYTD.exe
  2⤵
  PID:924
- C:\Windows\System\gWsGvXp.exe
  C:\Windows\System\gWsGvXp.exe
  2⤵
  PID:5808
- C:\Windows\System\akyTXuF.exe
  C:\Windows\System\akyTXuF.exe
  2⤵
  PID:5848
- C:\Windows\System\MOTiiHw.exe
  C:\Windows\System\MOTiiHw.exe
  2⤵
  PID:6012
- C:\Windows\System\StQDVmc.exe
  C:\Windows\System\StQDVmc.exe
  2⤵
  PID:6048
- C:\Windows\System\azQqaaA.exe
  C:\Windows\System\azQqaaA.exe
  2⤵
  PID:5976
- C:\Windows\System\tzAgkLN.exe
  C:\Windows\System\tzAgkLN.exe
  2⤵
  PID:6128
- C:\Windows\System\BdYkweW.exe
  C:\Windows\System\BdYkweW.exe
  2⤵
  PID:5572
- C:\Windows\System\NzfPcRD.exe
  C:\Windows\System\NzfPcRD.exe
  2⤵
  PID:6016
- C:\Windows\System\ykGwyPs.exe
  C:\Windows\System\ykGwyPs.exe
  2⤵
  PID:2352
- C:\Windows\System\hBzZHPK.exe
  C:\Windows\System\hBzZHPK.exe
  2⤵
  PID:6068
- C:\Windows\System\qUVZiUO.exe
  C:\Windows\System\qUVZiUO.exe
  2⤵
  PID:1968
- C:\Windows\System\ujFXPaY.exe
  C:\Windows\System\ujFXPaY.exe
  2⤵
  PID:4180
- C:\Windows\System\hdxSyKi.exe
  C:\Windows\System\hdxSyKi.exe
  2⤵
  PID:4520
- C:\Windows\System\QCBtohA.exe
  C:\Windows\System\QCBtohA.exe
  2⤵
  PID:2860
- C:\Windows\System\Uululwx.exe
  C:\Windows\System\Uululwx.exe
  2⤵
  PID:5192
- C:\Windows\System\ezMJIHa.exe
  C:\Windows\System\ezMJIHa.exe
  2⤵
  PID:5248
- C:\Windows\System\BcDMvft.exe
  C:\Windows\System\BcDMvft.exe
  2⤵
  PID:5476
- C:\Windows\System\VLadQwD.exe
  C:\Windows\System\VLadQwD.exe
  2⤵
  PID:5444
- C:\Windows\System\eKhqmXU.exe
  C:\Windows\System\eKhqmXU.exe
  2⤵
  PID:5184
- C:\Windows\System\OdaioyI.exe
  C:\Windows\System\OdaioyI.exe
  2⤵
  PID:5580
- C:\Windows\System\kYYspFs.exe
  C:\Windows\System\kYYspFs.exe
  2⤵
  PID:5712
- C:\Windows\System\cKApIdt.exe
  C:\Windows\System\cKApIdt.exe
  2⤵
  PID:5312
- C:\Windows\System\iYFTKyR.exe
  C:\Windows\System\iYFTKyR.exe
  2⤵
  PID:5324
- C:\Windows\System\WkinFqt.exe
  C:\Windows\System\WkinFqt.exe
  2⤵
  PID:5880
- C:\Windows\System\axYMOdJ.exe
  C:\Windows\System\axYMOdJ.exe
  2⤵
  PID:5432
- C:\Windows\System\BGqOmDC.exe
  C:\Windows\System\BGqOmDC.exe
  2⤵
  PID:5852
- C:\Windows\System\BbCxtzV.exe
  C:\Windows\System\BbCxtzV.exe
  2⤵
  PID:5408
- C:\Windows\System\tzfDRSi.exe
  C:\Windows\System\tzfDRSi.exe
  2⤵
  PID:5548
- C:\Windows\System\MvYvLdP.exe
  C:\Windows\System\MvYvLdP.exe
  2⤵
  PID:5672
- C:\Windows\System\tADhvqg.exe
  C:\Windows\System\tADhvqg.exe
  2⤵
  PID:5748
- C:\Windows\System\cfeNOIE.exe
  C:\Windows\System\cfeNOIE.exe
  2⤵
  PID:6108
- C:\Windows\System\giUhPoU.exe
  C:\Windows\System\giUhPoU.exe
  2⤵
  PID:364
- C:\Windows\System\pTBzGwm.exe
  C:\Windows\System\pTBzGwm.exe
  2⤵
  PID:968
- C:\Windows\System\fWBSuwI.exe
  C:\Windows\System\fWBSuwI.exe
  2⤵
  PID:2880
- C:\Windows\System\knLcwCU.exe
  C:\Windows\System\knLcwCU.exe
  2⤵
  PID:5228
- C:\Windows\System\lhOCJDg.exe
  C:\Windows\System\lhOCJDg.exe
  2⤵
  PID:5552
- C:\Windows\System\GLwhQlw.exe
  C:\Windows\System\GLwhQlw.exe
  2⤵
  PID:5796
- C:\Windows\System\XGGrgxU.exe
  C:\Windows\System\XGGrgxU.exe
  2⤵
  PID:5384
- C:\Windows\System\Mhwunpw.exe
  C:\Windows\System\Mhwunpw.exe
  2⤵
  PID:5972
- C:\Windows\System\yZTWTnu.exe
  C:\Windows\System\yZTWTnu.exe
  2⤵
  PID:6092
- C:\Windows\System\CMFozZA.exe
  C:\Windows\System\CMFozZA.exe
  2⤵
  PID:1384
- C:\Windows\System\DjyZplg.exe
  C:\Windows\System\DjyZplg.exe
  2⤵
  PID:5556
- C:\Windows\System\xPobZOQ.exe
  C:\Windows\System\xPobZOQ.exe
  2⤵
  PID:640
- C:\Windows\System\TrLLMyD.exe
  C:\Windows\System\TrLLMyD.exe
  2⤵
  PID:5328
- C:\Windows\System\SdRAmiF.exe
  C:\Windows\System\SdRAmiF.exe
  2⤵
  PID:5600
- C:\Windows\System\zELJZRz.exe
  C:\Windows\System\zELJZRz.exe
  2⤵
  PID:5828
- C:\Windows\System\pYsJBUi.exe
  C:\Windows\System\pYsJBUi.exe
  2⤵
  PID:5400
- C:\Windows\System\smYjQcf.exe
  C:\Windows\System\smYjQcf.exe
  2⤵
  PID:6096
- C:\Windows\System\LXvTZfy.exe
  C:\Windows\System\LXvTZfy.exe
  2⤵
  PID:5128
- C:\Windows\System\OOeyfME.exe
  C:\Windows\System\OOeyfME.exe
  2⤵
  PID:2528
- C:\Windows\System\VvknhEc.exe
  C:\Windows\System\VvknhEc.exe
  2⤵
  PID:3016
- C:\Windows\System\grRWQxu.exe
  C:\Windows\System\grRWQxu.exe
  2⤵
  PID:5916
- C:\Windows\System\kGHDBjH.exe
  C:\Windows\System\kGHDBjH.exe
  2⤵
  PID:2436
- C:\Windows\System\APvLAvR.exe
  C:\Windows\System\APvLAvR.exe
  2⤵
  PID:5368
- C:\Windows\System\KtgfQMW.exe
  C:\Windows\System\KtgfQMW.exe
  2⤵
  PID:1068
- C:\Windows\System\WGhNsjk.exe
  C:\Windows\System\WGhNsjk.exe
  2⤵
  PID:5148
- C:\Windows\System\VLtXFib.exe
  C:\Windows\System\VLtXFib.exe
  2⤵
  PID:5968
- C:\Windows\System\aFFiyoc.exe
  C:\Windows\System\aFFiyoc.exe
  2⤵
  PID:6004
- C:\Windows\System\YZlBiCz.exe
  C:\Windows\System\YZlBiCz.exe
  2⤵
  PID:5996
- C:\Windows\System\hknPHjU.exe
  C:\Windows\System\hknPHjU.exe
  2⤵
  PID:5168
- C:\Windows\System\tHWvVRy.exe
  C:\Windows\System\tHWvVRy.exe
  2⤵
  PID:6088
- C:\Windows\System\iTqGBQs.exe
  C:\Windows\System\iTqGBQs.exe
  2⤵
  PID:6044
- C:\Windows\System\pwjfNsn.exe
  C:\Windows\System\pwjfNsn.exe
  2⤵
  PID:2196
- C:\Windows\System\sXzYALR.exe
  C:\Windows\System\sXzYALR.exe
  2⤵
  PID:5304
- C:\Windows\System\kVeVQIc.exe
  C:\Windows\System\kVeVQIc.exe
  2⤵
  PID:5744
- C:\Windows\System\PTcDBHY.exe
  C:\Windows\System\PTcDBHY.exe
  2⤵
  PID:1900
- C:\Windows\System\gXNKgMa.exe
  C:\Windows\System\gXNKgMa.exe
  2⤵
  PID:5984
- C:\Windows\System\zjoaxDp.exe
  C:\Windows\System\zjoaxDp.exe
  2⤵
  PID:1744
- C:\Windows\System\jAwTLqt.exe
  C:\Windows\System\jAwTLqt.exe
  2⤵
  PID:2724
- C:\Windows\System\laGJWTm.exe
  C:\Windows\System\laGJWTm.exe
  2⤵
  PID:5424
- C:\Windows\System\wvmmTpx.exe
  C:\Windows\System\wvmmTpx.exe
  2⤵
  PID:5920
- C:\Windows\System\UTpRqgf.exe
  C:\Windows\System\UTpRqgf.exe
  2⤵
  PID:2472
- C:\Windows\System\pgEGpGo.exe
  C:\Windows\System\pgEGpGo.exe
  2⤵
  PID:3504
- C:\Windows\System\NYbBkRc.exe
  C:\Windows\System\NYbBkRc.exe
  2⤵
  PID:1148
- C:\Windows\System\gsPgMxq.exe
  C:\Windows\System\gsPgMxq.exe
  2⤵
  PID:2096
- C:\Windows\System\GUYrLkD.exe
  C:\Windows\System\GUYrLkD.exe
  2⤵
  PID:1824
- C:\Windows\System\IuIUnsm.exe
  C:\Windows\System\IuIUnsm.exe
  2⤵
  PID:6116
- C:\Windows\System\gyvRJbV.exe
  C:\Windows\System\gyvRJbV.exe
  2⤵
  PID:708
- C:\Windows\System\FzTRhvD.exe
  C:\Windows\System\FzTRhvD.exe
  2⤵
  PID:6148
- C:\Windows\System\FUxBURN.exe
  C:\Windows\System\FUxBURN.exe
  2⤵
  PID:6168
- C:\Windows\System\EYZMYjS.exe
  C:\Windows\System\EYZMYjS.exe
  2⤵
  PID:6208
- C:\Windows\System\NWxMTzQ.exe
  C:\Windows\System\NWxMTzQ.exe
  2⤵
  PID:6228
- C:\Windows\System\FuflUtv.exe
  C:\Windows\System\FuflUtv.exe
  2⤵
  PID:6244
- C:\Windows\System\DjGNjqe.exe
  C:\Windows\System\DjGNjqe.exe
  2⤵
  PID:6264
- C:\Windows\System\etarYxL.exe
  C:\Windows\System\etarYxL.exe
  2⤵
  PID:6288
- C:\Windows\System\mXBxsfe.exe
  C:\Windows\System\mXBxsfe.exe
  2⤵
  PID:6308
- C:\Windows\System\syTjxEI.exe
  C:\Windows\System\syTjxEI.exe
  2⤵
  PID:6324
- C:\Windows\System\oGUkGPm.exe
  C:\Windows\System\oGUkGPm.exe
  2⤵
  PID:6352
- C:\Windows\System\CfIxvps.exe
  C:\Windows\System\CfIxvps.exe
  2⤵
  PID:6372
- C:\Windows\System\OagvowD.exe
  C:\Windows\System\OagvowD.exe
  2⤵
  PID:6388
- C:\Windows\System\UMHtOMk.exe
  C:\Windows\System\UMHtOMk.exe
  2⤵
  PID:6408
- C:\Windows\System\aTxibhh.exe
  C:\Windows\System\aTxibhh.exe
  2⤵
  PID:6428
- C:\Windows\System\xdrufDn.exe
  C:\Windows\System\xdrufDn.exe
  2⤵
  PID:6448
- C:\Windows\System\TQNNnnW.exe
  C:\Windows\System\TQNNnnW.exe
  2⤵
  PID:6464
- C:\Windows\System\UowYNpa.exe
  C:\Windows\System\UowYNpa.exe
  2⤵
  PID:6480
- C:\Windows\System\BhEnSyM.exe
  C:\Windows\System\BhEnSyM.exe
  2⤵
  PID:6504
- C:\Windows\System\pmXbtDr.exe
  C:\Windows\System\pmXbtDr.exe
  2⤵
  PID:6524
- C:\Windows\System\aGHfHDl.exe
  C:\Windows\System\aGHfHDl.exe
  2⤵
  PID:6548
- C:\Windows\System\AXbrQoe.exe
  C:\Windows\System\AXbrQoe.exe
  2⤵
  PID:6568
- C:\Windows\System\aFkQqvo.exe
  C:\Windows\System\aFkQqvo.exe
  2⤵
  PID:6584
- C:\Windows\System\ovqufSM.exe
  C:\Windows\System\ovqufSM.exe
  2⤵
  PID:6600
- C:\Windows\System\AwUFdiG.exe
  C:\Windows\System\AwUFdiG.exe
  2⤵
  PID:6616
- C:\Windows\System\MbqdgRT.exe
  C:\Windows\System\MbqdgRT.exe
  2⤵
  PID:6636
- C:\Windows\System\ZQkgqbO.exe
  C:\Windows\System\ZQkgqbO.exe
  2⤵
  PID:6652
- C:\Windows\System\cSBdDry.exe
  C:\Windows\System\cSBdDry.exe
  2⤵
  PID:6668
- C:\Windows\System\LxlZbQx.exe
  C:\Windows\System\LxlZbQx.exe
  2⤵
  PID:6684
- C:\Windows\System\hgizvxt.exe
  C:\Windows\System\hgizvxt.exe
  2⤵
  PID:6700
- C:\Windows\System\YwdYixA.exe
  C:\Windows\System\YwdYixA.exe
  2⤵
  PID:6716
- C:\Windows\System\fTyEeej.exe
  C:\Windows\System\fTyEeej.exe
  2⤵
  PID:6732
- C:\Windows\System\LmnkmHD.exe
  C:\Windows\System\LmnkmHD.exe
  2⤵
  PID:6748
- C:\Windows\System\CmPbyWz.exe
  C:\Windows\System\CmPbyWz.exe
  2⤵
  PID:6764
- C:\Windows\System\SVaFIkc.exe
  C:\Windows\System\SVaFIkc.exe
  2⤵
  PID:6780
- C:\Windows\System\LfyohkI.exe
  C:\Windows\System\LfyohkI.exe
  2⤵
  PID:6796
- C:\Windows\System\VWavFtT.exe
  C:\Windows\System\VWavFtT.exe
  2⤵
  PID:6812
- C:\Windows\System\kqZJtmX.exe
  C:\Windows\System\kqZJtmX.exe
  2⤵
  PID:6828
- C:\Windows\System\cjzQNwi.exe
  C:\Windows\System\cjzQNwi.exe
  2⤵
  PID:6844
- C:\Windows\System\iuIpaGT.exe
  C:\Windows\System\iuIpaGT.exe
  2⤵
  PID:6860
- C:\Windows\System\PMcUvJG.exe
  C:\Windows\System\PMcUvJG.exe
  2⤵
  PID:6876
- C:\Windows\System\lHnjWfb.exe
  C:\Windows\System\lHnjWfb.exe
  2⤵
  PID:6892
- C:\Windows\System\sceCKfw.exe
  C:\Windows\System\sceCKfw.exe
  2⤵
  PID:6908
- C:\Windows\System\EbCWGVM.exe
  C:\Windows\System\EbCWGVM.exe
  2⤵
  PID:6924
- C:\Windows\System\gYWOlVV.exe
  C:\Windows\System\gYWOlVV.exe
  2⤵
  PID:6940
- C:\Windows\System\GoUbTVY.exe
  C:\Windows\System\GoUbTVY.exe
  2⤵
  PID:6956
- C:\Windows\System\nsEoIYs.exe
  C:\Windows\System\nsEoIYs.exe
  2⤵
  PID:6972
- C:\Windows\System\kqBwYFx.exe
  C:\Windows\System\kqBwYFx.exe
  2⤵
  PID:6988
- C:\Windows\System\UpCilRp.exe
  C:\Windows\System\UpCilRp.exe
  2⤵
  PID:7004
- C:\Windows\System\QybJxAR.exe
  C:\Windows\System\QybJxAR.exe
  2⤵
  PID:7020
- C:\Windows\System\kzYTCbO.exe
  C:\Windows\System\kzYTCbO.exe
  2⤵
  PID:7036
- C:\Windows\System\FUbZKnq.exe
  C:\Windows\System\FUbZKnq.exe
  2⤵
  PID:7052
- C:\Windows\System\MfOKuwy.exe
  C:\Windows\System\MfOKuwy.exe
  2⤵
  PID:7068
- C:\Windows\System\UHUtZap.exe
  C:\Windows\System\UHUtZap.exe
  2⤵
  PID:7084
- C:\Windows\System\IFYCTPE.exe
  C:\Windows\System\IFYCTPE.exe
  2⤵
  PID:7100
- C:\Windows\System\pDtUvnd.exe
  C:\Windows\System\pDtUvnd.exe
  2⤵
  PID:7116
- C:\Windows\System\wUMDZdR.exe
  C:\Windows\System\wUMDZdR.exe
  2⤵
  PID:7132
- C:\Windows\System\tUQWPGM.exe
  C:\Windows\System\tUQWPGM.exe
  2⤵
  PID:7148
- C:\Windows\System\XxEDeHK.exe
  C:\Windows\System\XxEDeHK.exe
  2⤵
  PID:7164
- C:\Windows\System\OFKKFUi.exe
  C:\Windows\System\OFKKFUi.exe
  2⤵
  PID:5268
- C:\Windows\System\VustOAp.exe
  C:\Windows\System\VustOAp.exe
  2⤵
  PID:6156
- C:\Windows\System\GmeeJmB.exe
  C:\Windows\System\GmeeJmB.exe
  2⤵
  PID:6224
- C:\Windows\System\MtqINMd.exe
  C:\Windows\System\MtqINMd.exe
  2⤵
  PID:6220
- C:\Windows\System\vFhhvKH.exe
  C:\Windows\System\vFhhvKH.exe
  2⤵
  PID:3312
- C:\Windows\System\TRpuxAk.exe
  C:\Windows\System\TRpuxAk.exe
  2⤵
  PID:6332
- C:\Windows\System\BfIOrwb.exe
  C:\Windows\System\BfIOrwb.exe
  2⤵
  PID:5308
- C:\Windows\System\RYIMzfs.exe
  C:\Windows\System\RYIMzfs.exe
  2⤵
  PID:6348
- C:\Windows\System\KQkiCqw.exe
  C:\Windows\System\KQkiCqw.exe
  2⤵
  PID:1632
- C:\Windows\System\yypLdys.exe
  C:\Windows\System\yypLdys.exe
  2⤵
  PID:6188
- C:\Windows\System\gEPjwDP.exe
  C:\Windows\System\gEPjwDP.exe
  2⤵
  PID:6416
- C:\Windows\System\KBWJwgV.exe
  C:\Windows\System\KBWJwgV.exe
  2⤵
  PID:6460
- C:\Windows\System\hVZleIK.exe
  C:\Windows\System\hVZleIK.exe
  2⤵
  PID:6496
- C:\Windows\System\TFGflzk.exe
  C:\Windows\System\TFGflzk.exe
  2⤵
  PID:4980
- C:\Windows\System\ppGgFky.exe
  C:\Windows\System\ppGgFky.exe
  2⤵
  PID:6316
- C:\Windows\System\KDDdejq.exe
  C:\Windows\System\KDDdejq.exe
  2⤵
  PID:6236
- C:\Windows\System\ciorPPI.exe
  C:\Windows\System\ciorPPI.exe
  2⤵
  PID:6540
- C:\Windows\System\cQPPYOb.exe
  C:\Windows\System\cQPPYOb.exe
  2⤵
  PID:6280
- C:\Windows\System\AIuJCtb.exe
  C:\Windows\System\AIuJCtb.exe
  2⤵
  PID:1308
- C:\Windows\System\BjeLXnV.exe
  C:\Windows\System\BjeLXnV.exe
  2⤵
  PID:6396
- C:\Windows\System\mGMlBxr.exe
  C:\Windows\System\mGMlBxr.exe
  2⤵
  PID:6580
- C:\Windows\System\NYnbjKB.exe
  C:\Windows\System\NYnbjKB.exe
  2⤵
  PID:6608
- C:\Windows\System\GsVRqVv.exe
  C:\Windows\System\GsVRqVv.exe
  2⤵
  PID:6612
- C:\Windows\System\DmCEUkj.exe
  C:\Windows\System\DmCEUkj.exe
  2⤵
  PID:6560
- C:\Windows\System\oNAkajZ.exe
  C:\Windows\System\oNAkajZ.exe
  2⤵
  PID:4228
- C:\Windows\System\ZkKcrKB.exe
  C:\Windows\System\ZkKcrKB.exe
  2⤵
  PID:6624
- C:\Windows\System\YChCrRg.exe
  C:\Windows\System\YChCrRg.exe
  2⤵
  PID:6664
- C:\Windows\System\epBOMOR.exe
  C:\Windows\System\epBOMOR.exe
  2⤵
  PID:6724
- C:\Windows\System\StKqMjE.exe
  C:\Windows\System\StKqMjE.exe
  2⤵
  PID:6740
- C:\Windows\System\dLZcShW.exe
  C:\Windows\System\dLZcShW.exe
  2⤵
  PID:6760
- C:\Windows\System\mknpeXc.exe
  C:\Windows\System\mknpeXc.exe
  2⤵
  PID:6788
- C:\Windows\System\VpyKvmp.exe
  C:\Windows\System\VpyKvmp.exe
  2⤵
  PID:6856
- C:\Windows\System\ZQgvPAj.exe
  C:\Windows\System\ZQgvPAj.exe
  2⤵
  PID:6948
- C:\Windows\System\sypcreC.exe
  C:\Windows\System\sypcreC.exe
  2⤵
  PID:6916
- C:\Windows\System\ezTTLgV.exe
  C:\Windows\System\ezTTLgV.exe
  2⤵
  PID:6836
- C:\Windows\System\viPSSWy.exe
  C:\Windows\System\viPSSWy.exe
  2⤵
  PID:6872
- C:\Windows\System\YbwSZSB.exe
  C:\Windows\System\YbwSZSB.exe
  2⤵
  PID:6964
- C:\Windows\System\twnkfjh.exe
  C:\Windows\System\twnkfjh.exe
  2⤵
  PID:7012
- C:\Windows\System\FpWqkyV.exe
  C:\Windows\System\FpWqkyV.exe
  2⤵
  PID:7028
- C:\Windows\System\EVKSiwV.exe
  C:\Windows\System\EVKSiwV.exe
  2⤵
  PID:7080
- C:\Windows\System\WjweBkf.exe
  C:\Windows\System\WjweBkf.exe
  2⤵
  PID:7112
- C:\Windows\System\IbbDiaV.exe
  C:\Windows\System\IbbDiaV.exe
  2⤵
  PID:7128
- C:\Windows\System\PkHvTpW.exe
  C:\Windows\System\PkHvTpW.exe
  2⤵
  PID:6256
- C:\Windows\System\uDMiNpo.exe
  C:\Windows\System\uDMiNpo.exe
  2⤵
  PID:6300
- C:\Windows\System\ihyKIel.exe
  C:\Windows\System\ihyKIel.exe
  2⤵
  PID:2072
- C:\Windows\System\lmIOLqh.exe
  C:\Windows\System\lmIOLqh.exe
  2⤵
  PID:1312
- C:\Windows\System\nSdFEcN.exe
  C:\Windows\System\nSdFEcN.exe
  2⤵
  PID:4512
- C:\Windows\System\zAoOHTw.exe
  C:\Windows\System\zAoOHTw.exe
  2⤵
  PID:6384
- C:\Windows\System\ZvELPiz.exe
  C:\Windows\System\ZvELPiz.exe
  2⤵
  PID:6456
- C:\Windows\System\iFMaHzd.exe
  C:\Windows\System\iFMaHzd.exe
  2⤵
  PID:3904
- C:\Windows\System\odvkGok.exe
  C:\Windows\System\odvkGok.exe
  2⤵
  PID:6404
- C:\Windows\System\kdZRaLp.exe
  C:\Windows\System\kdZRaLp.exe
  2⤵
  PID:6516
- C:\Windows\System\bUnFhur.exe
  C:\Windows\System\bUnFhur.exe
  2⤵
  PID:6576
- C:\Windows\System\drGiVrX.exe
  C:\Windows\System\drGiVrX.exe
  2⤵
  PID:6596
- C:\Windows\System\idScxHk.exe
  C:\Windows\System\idScxHk.exe
  2⤵
  PID:6712
- C:\Windows\System\ohzSsYq.exe
  C:\Windows\System\ohzSsYq.exe
  2⤵
  PID:6852
- C:\Windows\System\CbcnMBM.exe
  C:\Windows\System\CbcnMBM.exe
  2⤵
  PID:4240
- C:\Windows\System\RynEtVF.exe
  C:\Windows\System\RynEtVF.exe
  2⤵
  PID:6756
- C:\Windows\System\dhIbBbm.exe
  C:\Windows\System\dhIbBbm.exe
  2⤵
  PID:4488
- C:\Windows\System\Xfrzhcc.exe
  C:\Windows\System\Xfrzhcc.exe
  2⤵
  PID:6840
- C:\Windows\System\vEIwywV.exe
  C:\Windows\System\vEIwywV.exe
  2⤵
  PID:7000
- C:\Windows\System\CPBahmp.exe
  C:\Windows\System\CPBahmp.exe
  2⤵
  PID:6996
- C:\Windows\System\UytjDxe.exe
  C:\Windows\System\UytjDxe.exe
  2⤵
  PID:7144
- C:\Windows\System\PVtYRjV.exe
  C:\Windows\System\PVtYRjV.exe
  2⤵
  PID:4124
- C:\Windows\System\CFLmtop.exe
  C:\Windows\System\CFLmtop.exe
  2⤵
  PID:2192
- C:\Windows\System\XJbIsrq.exe
  C:\Windows\System\XJbIsrq.exe
  2⤵
  PID:6180
- C:\Windows\System\krwqxTD.exe
  C:\Windows\System\krwqxTD.exe
  2⤵
  PID:4692
- C:\Windows\System\VGfLuGD.exe
  C:\Windows\System\VGfLuGD.exe
  2⤵
  PID:6500
- C:\Windows\System\XmophUr.exe
  C:\Windows\System\XmophUr.exe
  2⤵
  PID:6472
- C:\Windows\System\YxbRvrd.exe
  C:\Windows\System\YxbRvrd.exe
  2⤵
  PID:6820
- C:\Windows\System\UUljdvN.exe
  C:\Windows\System\UUljdvN.exe
  2⤵
  PID:6436
- C:\Windows\System\upIHpeP.exe
  C:\Windows\System\upIHpeP.exe
  2⤵
  PID:6728
- C:\Windows\System\OISEpzd.exe
  C:\Windows\System\OISEpzd.exe
  2⤵
  PID:7076
- C:\Windows\System\IVvVBto.exe
  C:\Windows\System\IVvVBto.exe
  2⤵
  PID:7060
- C:\Windows\System\hYEkUmJ.exe
  C:\Windows\System\hYEkUmJ.exe
  2⤵
  PID:2084
- C:\Windows\System\sLtndwS.exe
  C:\Windows\System\sLtndwS.exe
  2⤵
  PID:6368
- C:\Windows\System\tHSNCUB.exe
  C:\Windows\System\tHSNCUB.exe
  2⤵
  PID:6164
- C:\Windows\System\KruRbFX.exe
  C:\Windows\System\KruRbFX.exe
  2⤵
  PID:6660
- C:\Windows\System\kkkmmvB.exe
  C:\Windows\System\kkkmmvB.exe
  2⤵
  PID:6680
- C:\Windows\System\FWVwQMa.exe
  C:\Windows\System\FWVwQMa.exe
  2⤵
  PID:7096
- C:\Windows\System\EYvGhTu.exe
  C:\Windows\System\EYvGhTu.exe
  2⤵
  PID:6272
- C:\Windows\System\TQJTcYu.exe
  C:\Windows\System\TQJTcYu.exe
  2⤵
  PID:6920
- C:\Windows\System\hSzsIqx.exe
  C:\Windows\System\hSzsIqx.exe
  2⤵
  PID:4168
- C:\Windows\System\gMOprzA.exe
  C:\Windows\System\gMOprzA.exe
  2⤵
  PID:7184
- C:\Windows\System\AxOXtnr.exe
  C:\Windows\System\AxOXtnr.exe
  2⤵
  PID:7200
- C:\Windows\System\pYJKDkC.exe
  C:\Windows\System\pYJKDkC.exe
  2⤵
  PID:7216
- C:\Windows\System\URCzXWx.exe
  C:\Windows\System\URCzXWx.exe
  2⤵
  PID:7232
- C:\Windows\System\OVahFqh.exe
  C:\Windows\System\OVahFqh.exe
  2⤵
  PID:7248
- C:\Windows\System\SpBeSZY.exe
  C:\Windows\System\SpBeSZY.exe
  2⤵
  PID:7264
- C:\Windows\System\JIYzKhZ.exe
  C:\Windows\System\JIYzKhZ.exe
  2⤵
  PID:7280
- C:\Windows\System\KDtMMrS.exe
  C:\Windows\System\KDtMMrS.exe
  2⤵
  PID:7296
- C:\Windows\System\EFaCCGx.exe
  C:\Windows\System\EFaCCGx.exe
  2⤵
  PID:7312
- C:\Windows\System\xGQOkoU.exe
  C:\Windows\System\xGQOkoU.exe
  2⤵
  PID:7328
- C:\Windows\System\chXPAPf.exe
  C:\Windows\System\chXPAPf.exe
  2⤵
  PID:7344
- C:\Windows\System\DCwqRHC.exe
  C:\Windows\System\DCwqRHC.exe
  2⤵
  PID:7360
- C:\Windows\System\NBNuvqo.exe
  C:\Windows\System\NBNuvqo.exe
  2⤵
  PID:7376
- C:\Windows\System\ITTnfrV.exe
  C:\Windows\System\ITTnfrV.exe
  2⤵
  PID:7392
- C:\Windows\System\asifylf.exe
  C:\Windows\System\asifylf.exe
  2⤵
  PID:7408
- C:\Windows\System\XpJdynC.exe
  C:\Windows\System\XpJdynC.exe
  2⤵
  PID:7424
- C:\Windows\System\RzcBihJ.exe
  C:\Windows\System\RzcBihJ.exe
  2⤵
  PID:7440
- C:\Windows\System\mRLMqaH.exe
  C:\Windows\System\mRLMqaH.exe
  2⤵
  PID:7460
- C:\Windows\System\JOmhRpQ.exe
  C:\Windows\System\JOmhRpQ.exe
  2⤵
  PID:7476
- C:\Windows\System\LLFmOQZ.exe
  C:\Windows\System\LLFmOQZ.exe
  2⤵
  PID:7492
- C:\Windows\System\TUPaHMK.exe
  C:\Windows\System\TUPaHMK.exe
  2⤵
  PID:7508
- C:\Windows\System\jvyxSKQ.exe
  C:\Windows\System\jvyxSKQ.exe
  2⤵
  PID:7524
- C:\Windows\System\YnCDhbf.exe
  C:\Windows\System\YnCDhbf.exe
  2⤵
  PID:7540
- C:\Windows\System\EfrHvTI.exe
  C:\Windows\System\EfrHvTI.exe
  2⤵
  PID:7556
- C:\Windows\System\LDyyDZE.exe
  C:\Windows\System\LDyyDZE.exe
  2⤵
  PID:7572
- C:\Windows\System\iaiGSyE.exe
  C:\Windows\System\iaiGSyE.exe
  2⤵
  PID:7588
- C:\Windows\System\pkMVLpS.exe
  C:\Windows\System\pkMVLpS.exe
  2⤵
  PID:7604
- C:\Windows\System\PZvzDIx.exe
  C:\Windows\System\PZvzDIx.exe
  2⤵
  PID:7620
- C:\Windows\System\ChoxPIk.exe
  C:\Windows\System\ChoxPIk.exe
  2⤵
  PID:7636
- C:\Windows\System\FMRQNes.exe
  C:\Windows\System\FMRQNes.exe
  2⤵
  PID:7652
- C:\Windows\System\lwpBbpk.exe
  C:\Windows\System\lwpBbpk.exe
  2⤵
  PID:7668
- C:\Windows\System\bIRIsod.exe
  C:\Windows\System\bIRIsod.exe
  2⤵
  PID:7684
- C:\Windows\System\wFBfQcQ.exe
  C:\Windows\System\wFBfQcQ.exe
  2⤵
  PID:7700
- C:\Windows\System\AkiABqh.exe
  C:\Windows\System\AkiABqh.exe
  2⤵
  PID:7716
- C:\Windows\System\oNJneof.exe
  C:\Windows\System\oNJneof.exe
  2⤵
  PID:7732
- C:\Windows\System\PzVdHPt.exe
  C:\Windows\System\PzVdHPt.exe
  2⤵
  PID:7748
- C:\Windows\System\NKssvMP.exe
  C:\Windows\System\NKssvMP.exe
  2⤵
  PID:7764
- C:\Windows\System\taVpTkt.exe
  C:\Windows\System\taVpTkt.exe
  2⤵
  PID:7780
- C:\Windows\System\jktlvWm.exe
  C:\Windows\System\jktlvWm.exe
  2⤵
  PID:7796
- C:\Windows\System\mZzhHBk.exe
  C:\Windows\System\mZzhHBk.exe
  2⤵
  PID:7812
- C:\Windows\System\dhqSPUi.exe
  C:\Windows\System\dhqSPUi.exe
  2⤵
  PID:7828
- C:\Windows\System\Onlnndc.exe
  C:\Windows\System\Onlnndc.exe
  2⤵
  PID:7844
- C:\Windows\System\uWyHdEz.exe
  C:\Windows\System\uWyHdEz.exe
  2⤵
  PID:7860
- C:\Windows\System\GcCYMGV.exe
  C:\Windows\System\GcCYMGV.exe
  2⤵
  PID:7876
- C:\Windows\System\fEvwyCY.exe
  C:\Windows\System\fEvwyCY.exe
  2⤵
  PID:7892
- C:\Windows\System\xyAIiGG.exe
  C:\Windows\System\xyAIiGG.exe
  2⤵
  PID:7908
- C:\Windows\System\lbndMWG.exe
  C:\Windows\System\lbndMWG.exe
  2⤵
  PID:7924
- C:\Windows\System\EpeWnlh.exe
  C:\Windows\System\EpeWnlh.exe
  2⤵
  PID:7944
- C:\Windows\System\skZzhbo.exe
  C:\Windows\System\skZzhbo.exe
  2⤵
  PID:7960
- C:\Windows\System\XxZUpLK.exe
  C:\Windows\System\XxZUpLK.exe
  2⤵
  PID:7976
- C:\Windows\System\ICsRBwD.exe
  C:\Windows\System\ICsRBwD.exe
  2⤵
  PID:7992
- C:\Windows\System\NEmiHwM.exe
  C:\Windows\System\NEmiHwM.exe
  2⤵
  PID:8008
- C:\Windows\System\nZipFgd.exe
  C:\Windows\System\nZipFgd.exe
  2⤵
  PID:8024
- C:\Windows\System\hcfMMmG.exe
  C:\Windows\System\hcfMMmG.exe
  2⤵
  PID:8040
- C:\Windows\System\iRzVsYc.exe
  C:\Windows\System\iRzVsYc.exe
  2⤵
  PID:8056
- C:\Windows\System\BrTEGRA.exe
  C:\Windows\System\BrTEGRA.exe
  2⤵
  PID:8072
- C:\Windows\System\wdcJfrs.exe
  C:\Windows\System\wdcJfrs.exe
  2⤵
  PID:8088
- C:\Windows\System\FuVltUX.exe
  C:\Windows\System\FuVltUX.exe
  2⤵
  PID:8104
- C:\Windows\System\kNWxKNk.exe
  C:\Windows\System\kNWxKNk.exe
  2⤵
  PID:8120
- C:\Windows\System\KumFfMJ.exe
  C:\Windows\System\KumFfMJ.exe
  2⤵
  PID:8136
- C:\Windows\System\lfXvtUV.exe
  C:\Windows\System\lfXvtUV.exe
  2⤵
  PID:8152
- C:\Windows\System\AHlGzZV.exe
  C:\Windows\System\AHlGzZV.exe
  2⤵
  PID:8168
- C:\Windows\System\SOsJFOu.exe
  C:\Windows\System\SOsJFOu.exe
  2⤵
  PID:8184
- C:\Windows\System\zeVZpcf.exe
  C:\Windows\System\zeVZpcf.exe
  2⤵
  PID:7192
- C:\Windows\System\ZIeMrBk.exe
  C:\Windows\System\ZIeMrBk.exe
  2⤵
  PID:5940
- C:\Windows\System\vCaAFKf.exe
  C:\Windows\System\vCaAFKf.exe
  2⤵
  PID:7208
- C:\Windows\System\XMieJjB.exe
  C:\Windows\System\XMieJjB.exe
  2⤵
  PID:7228
- C:\Windows\System\oJeyECU.exe
  C:\Windows\System\oJeyECU.exe
  2⤵
  PID:7292
- C:\Windows\System\BXLksxz.exe
  C:\Windows\System\BXLksxz.exe
  2⤵
  PID:7352
- C:\Windows\System\SsNlERK.exe
  C:\Windows\System\SsNlERK.exe
  2⤵
  PID:7388
- C:\Windows\System\xKHuUoF.exe
  C:\Windows\System\xKHuUoF.exe
  2⤵
  PID:7276
- C:\Windows\System\fKSZbJD.exe
  C:\Windows\System\fKSZbJD.exe
  2⤵
  PID:7436
- C:\Windows\System\tNPfVtJ.exe
  C:\Windows\System\tNPfVtJ.exe
  2⤵
  PID:7404
- C:\Windows\System\MsDNmRn.exe
  C:\Windows\System\MsDNmRn.exe
  2⤵
  PID:7484
- C:\Windows\System\lAzgjPJ.exe
  C:\Windows\System\lAzgjPJ.exe
  2⤵
  PID:7468
- C:\Windows\System\msNlFNm.exe
  C:\Windows\System\msNlFNm.exe
  2⤵
  PID:7548
- C:\Windows\System\RquaxlC.exe
  C:\Windows\System\RquaxlC.exe
  2⤵
  PID:7584
- C:\Windows\System\OWmDIsF.exe
  C:\Windows\System\OWmDIsF.exe
  2⤵
  PID:7568
- C:\Windows\System\EpSsvEH.exe
  C:\Windows\System\EpSsvEH.exe
  2⤵
  PID:7648
- C:\Windows\System\cgcbUDS.exe
  C:\Windows\System\cgcbUDS.exe
  2⤵
  PID:7712
- C:\Windows\System\uYdlnLD.exe
  C:\Windows\System\uYdlnLD.exe
  2⤵
  PID:7804
- C:\Windows\System\ROcFeLw.exe
  C:\Windows\System\ROcFeLw.exe
  2⤵
  PID:7628
- C:\Windows\System\oAdwHZJ.exe
  C:\Windows\System\oAdwHZJ.exe
  2⤵
  PID:7660
- C:\Windows\System\HGkLEor.exe
  C:\Windows\System\HGkLEor.exe
  2⤵
  PID:7728
- C:\Windows\System\yhWmfdW.exe
  C:\Windows\System\yhWmfdW.exe
  2⤵
  PID:7792
- C:\Windows\System\nsTirqf.exe
  C:\Windows\System\nsTirqf.exe
  2⤵
  PID:7868
- C:\Windows\System\xQmVcto.exe
  C:\Windows\System\xQmVcto.exe
  2⤵
  PID:7852
- C:\Windows\System\RJlHDCD.exe
  C:\Windows\System\RJlHDCD.exe
  2⤵
  PID:7920
- C:\Windows\System\XDyUdiJ.exe
  C:\Windows\System\XDyUdiJ.exe
  2⤵
  PID:7984
- C:\Windows\System\yBEOyaq.exe
  C:\Windows\System\yBEOyaq.exe
  2⤵
  PID:8032
- C:\Windows\System\xqYJkPo.exe
  C:\Windows\System\xqYJkPo.exe
  2⤵
  PID:7932
- C:\Windows\System\LAVDPWK.exe
  C:\Windows\System\LAVDPWK.exe
  2⤵
  PID:8004
- C:\Windows\System\ulKXlVf.exe
  C:\Windows\System\ulKXlVf.exe
  2⤵
  PID:8100
- C:\Windows\System\wphjzfK.exe
  C:\Windows\System\wphjzfK.exe
  2⤵
  PID:8112
- C:\Windows\System\gOOPavH.exe
  C:\Windows\System\gOOPavH.exe
  2⤵
  PID:8148
- C:\Windows\System\rZgUcTJ.exe
  C:\Windows\System\rZgUcTJ.exe
  2⤵
  PID:6304
- C:\Windows\System\epdzXaF.exe
  C:\Windows\System\epdzXaF.exe
  2⤵
  PID:7240
- C:\Windows\System\ZKLfQmu.exe
  C:\Windows\System\ZKLfQmu.exe
  2⤵
  PID:7260
- C:\Windows\System\SrEyUiE.exe
  C:\Windows\System\SrEyUiE.exe
  2⤵
  PID:7420
- C:\Windows\System\iurWwSL.exe
  C:\Windows\System\iurWwSL.exe
  2⤵
  PID:7384
- C:\Windows\System\DAGdOsb.exe
  C:\Windows\System\DAGdOsb.exe
  2⤵
  PID:7304
- C:\Windows\System\TCBdDNH.exe
  C:\Windows\System\TCBdDNH.exe
  2⤵
  PID:7520
- C:\Windows\System\GnBRUMM.exe
  C:\Windows\System\GnBRUMM.exe
  2⤵
  PID:7564
- C:\Windows\System\pnvZYjJ.exe
  C:\Windows\System\pnvZYjJ.exe
  2⤵
  PID:7596
- C:\Windows\System\BbZFyqa.exe
  C:\Windows\System\BbZFyqa.exe
  2⤵
  PID:7776
- C:\Windows\System\uVraXGD.exe
  C:\Windows\System\uVraXGD.exe
  2⤵
  PID:7696
- C:\Windows\System\lRPwmha.exe
  C:\Windows\System\lRPwmha.exe
  2⤵
  PID:7824
- C:\Windows\System\ziKrCFq.exe
  C:\Windows\System\ziKrCFq.exe
  2⤵
  PID:5936
- C:\Windows\System\cITXWeK.exe
  C:\Windows\System\cITXWeK.exe
  2⤵
  PID:7952
- C:\Windows\System\SqEvvyV.exe
  C:\Windows\System\SqEvvyV.exe
  2⤵
  PID:2120
- C:\Windows\System\Tfqmnxy.exe
  C:\Windows\System\Tfqmnxy.exe
  2⤵
  PID:580
- C:\Windows\System\YCvaEOf.exe
  C:\Windows\System\YCvaEOf.exe
  2⤵
  PID:2140
- C:\Windows\System\iNiwgxG.exe
  C:\Windows\System\iNiwgxG.exe
  2⤵
  PID:8084
- C:\Windows\System\MPvadZK.exe
  C:\Windows\System\MPvadZK.exe
  2⤵
  PID:8128
- C:\Windows\System\KyJOgsf.exe
  C:\Windows\System\KyJOgsf.exe
  2⤵
  PID:8180
- C:\Windows\System\VxaymzM.exe
  C:\Windows\System\VxaymzM.exe
  2⤵
  PID:2900
- C:\Windows\System\hzBKMLf.exe
  C:\Windows\System\hzBKMLf.exe
  2⤵
  PID:7452
- C:\Windows\System\qVFVIXa.exe
  C:\Windows\System\qVFVIXa.exe
  2⤵
  PID:7324
- C:\Windows\System\xEcxtkn.exe
  C:\Windows\System\xEcxtkn.exe
  2⤵
  PID:7516
- C:\Windows\System\iYLYyYy.exe
  C:\Windows\System\iYLYyYy.exe
  2⤵
  PID:7740
- C:\Windows\System\LUbplbV.exe
  C:\Windows\System\LUbplbV.exe
  2⤵
  PID:7632
- C:\Windows\System\iRqMuRh.exe
  C:\Windows\System\iRqMuRh.exe
  2⤵
  PID:7616
- C:\Windows\System\IrmOBXb.exe
  C:\Windows\System\IrmOBXb.exe
  2⤵
  PID:7840
- C:\Windows\System\SFzJZaX.exe
  C:\Windows\System\SFzJZaX.exe
  2⤵
  PID:524
- C:\Windows\System\tCspkdt.exe
  C:\Windows\System\tCspkdt.exe
  2⤵
  PID:436
- C:\Windows\System\qtQvFaO.exe
  C:\Windows\System\qtQvFaO.exe
  2⤵
  PID:1400
- C:\Windows\System\lKIfmkR.exe
  C:\Windows\System\lKIfmkR.exe
  2⤵
  PID:8064
- C:\Windows\System\pIBmhld.exe
  C:\Windows\System\pIBmhld.exe
  2⤵
  PID:7400
- C:\Windows\System\FhugkdN.exe
  C:\Windows\System\FhugkdN.exe
  2⤵
  PID:7916
- C:\Windows\System\eZzIbQK.exe
  C:\Windows\System\eZzIbQK.exe
  2⤵
  PID:7940
- C:\Windows\System\kkzLTZN.exe
  C:\Windows\System\kkzLTZN.exe
  2⤵
  PID:1648
- C:\Windows\System\eauKHIx.exe
  C:\Windows\System\eauKHIx.exe
  2⤵
  PID:8208
- C:\Windows\System\ZGCzFnN.exe
  C:\Windows\System\ZGCzFnN.exe
  2⤵
  PID:8224
- C:\Windows\System\iPptGQB.exe
  C:\Windows\System\iPptGQB.exe
  2⤵
  PID:8240
- C:\Windows\System\OuHIgcw.exe
  C:\Windows\System\OuHIgcw.exe
  2⤵
  PID:8256
- C:\Windows\System\ioFxJDQ.exe
  C:\Windows\System\ioFxJDQ.exe
  2⤵
  PID:8272
- C:\Windows\System\laAlkSI.exe
  C:\Windows\System\laAlkSI.exe
  2⤵
  PID:8288
- C:\Windows\System\UFYOPOS.exe
  C:\Windows\System\UFYOPOS.exe
  2⤵
  PID:8304
- C:\Windows\System\VnAyaIt.exe
  C:\Windows\System\VnAyaIt.exe
  2⤵
  PID:8320
- C:\Windows\System\pCeoxVw.exe
  C:\Windows\System\pCeoxVw.exe
  2⤵
  PID:8340
- C:\Windows\System\jilZblM.exe
  C:\Windows\System\jilZblM.exe
  2⤵
  PID:8356
- C:\Windows\System\ucwxKnO.exe
  C:\Windows\System\ucwxKnO.exe
  2⤵
  PID:8372
- C:\Windows\System\PIHAvgv.exe
  C:\Windows\System\PIHAvgv.exe
  2⤵
  PID:8388
- C:\Windows\System\WCavkWF.exe
  C:\Windows\System\WCavkWF.exe
  2⤵
  PID:8404
- C:\Windows\System\xqWeQKe.exe
  C:\Windows\System\xqWeQKe.exe
  2⤵
  PID:8420
- C:\Windows\System\oIjJFju.exe
  C:\Windows\System\oIjJFju.exe
  2⤵
  PID:8436
- C:\Windows\System\eGQXOjM.exe
  C:\Windows\System\eGQXOjM.exe
  2⤵
  PID:8452
- C:\Windows\System\zBmeEeb.exe
  C:\Windows\System\zBmeEeb.exe
  2⤵
  PID:8468
- C:\Windows\System\ygWoxWm.exe
  C:\Windows\System\ygWoxWm.exe
  2⤵
  PID:8484
- C:\Windows\System\yMwrpsD.exe
  C:\Windows\System\yMwrpsD.exe
  2⤵
  PID:8500
- C:\Windows\System\SQQTcaJ.exe
  C:\Windows\System\SQQTcaJ.exe
  2⤵
  PID:8516
- C:\Windows\System\WcwuxdY.exe
  C:\Windows\System\WcwuxdY.exe
  2⤵
  PID:8532
- C:\Windows\System\BPDKvGk.exe
  C:\Windows\System\BPDKvGk.exe
  2⤵
  PID:8548
- C:\Windows\System\DSnQNjA.exe
  C:\Windows\System\DSnQNjA.exe
  2⤵
  PID:8564
- C:\Windows\System\ioPvNuL.exe
  C:\Windows\System\ioPvNuL.exe
  2⤵
  PID:8580
- C:\Windows\System\QjukLCB.exe
  C:\Windows\System\QjukLCB.exe
  2⤵
  PID:8596
- C:\Windows\System\SvZhqOe.exe
  C:\Windows\System\SvZhqOe.exe
  2⤵
  PID:8612
- C:\Windows\System\JdJrmXC.exe
  C:\Windows\System\JdJrmXC.exe
  2⤵
  PID:8628
- C:\Windows\System\QpiNENW.exe
  C:\Windows\System\QpiNENW.exe
  2⤵
  PID:8644
- C:\Windows\System\ooAWPzo.exe
  C:\Windows\System\ooAWPzo.exe
  2⤵
  PID:8660
- C:\Windows\System\vSpgHXz.exe
  C:\Windows\System\vSpgHXz.exe
  2⤵
  PID:8676
- C:\Windows\System\SWxhJzb.exe
  C:\Windows\System\SWxhJzb.exe
  2⤵
  PID:8692
- C:\Windows\System\eyaiqvH.exe
  C:\Windows\System\eyaiqvH.exe
  2⤵
  PID:8708
- C:\Windows\System\MBlxDzn.exe
  C:\Windows\System\MBlxDzn.exe
  2⤵
  PID:8724
- C:\Windows\System\VtdhLdm.exe
  C:\Windows\System\VtdhLdm.exe
  2⤵
  PID:8740
- C:\Windows\System\jZhKXBr.exe
  C:\Windows\System\jZhKXBr.exe
  2⤵
  PID:8756
- C:\Windows\System\dsqtvNJ.exe
  C:\Windows\System\dsqtvNJ.exe
  2⤵
  PID:8772
- C:\Windows\System\HYsRnFS.exe
  C:\Windows\System\HYsRnFS.exe
  2⤵
  PID:8788
- C:\Windows\System\INTiyKX.exe
  C:\Windows\System\INTiyKX.exe
  2⤵
  PID:8804
- C:\Windows\System\ucinBcm.exe
  C:\Windows\System\ucinBcm.exe
  2⤵
  PID:8820
- C:\Windows\System\CsXHAUv.exe
  C:\Windows\System\CsXHAUv.exe
  2⤵
  PID:8836
- C:\Windows\System\nQrTVSg.exe
  C:\Windows\System\nQrTVSg.exe
  2⤵
  PID:8852
- C:\Windows\System\uHhWMyg.exe
  C:\Windows\System\uHhWMyg.exe
  2⤵
  PID:8868
- C:\Windows\System\uTFTNIZ.exe
  C:\Windows\System\uTFTNIZ.exe
  2⤵
  PID:8888
- C:\Windows\System\LYlmMUe.exe
  C:\Windows\System\LYlmMUe.exe
  2⤵
  PID:8904
- C:\Windows\System\cBtssAh.exe
  C:\Windows\System\cBtssAh.exe
  2⤵
  PID:8920
- C:\Windows\System\jTalTOa.exe
  C:\Windows\System\jTalTOa.exe
  2⤵
  PID:8936
- C:\Windows\System\emecLcw.exe
  C:\Windows\System\emecLcw.exe
  2⤵
  PID:8952
- C:\Windows\System\LWFwjNp.exe
  C:\Windows\System\LWFwjNp.exe
  2⤵
  PID:8968
- C:\Windows\System\oSWfCFP.exe
  C:\Windows\System\oSWfCFP.exe
  2⤵
  PID:8984
- C:\Windows\System\rbvyONB.exe
  C:\Windows\System\rbvyONB.exe
  2⤵
  PID:9000
- C:\Windows\System\mxdrkiL.exe
  C:\Windows\System\mxdrkiL.exe
  2⤵
  PID:9016
- C:\Windows\System\kBGllDe.exe
  C:\Windows\System\kBGllDe.exe
  2⤵
  PID:9032
- C:\Windows\System\YLdudTf.exe
  C:\Windows\System\YLdudTf.exe
  2⤵
  PID:9048
- C:\Windows\System\diZSAGu.exe
  C:\Windows\System\diZSAGu.exe
  2⤵
  PID:9064
- C:\Windows\System\fVQmexG.exe
  C:\Windows\System\fVQmexG.exe
  2⤵
  PID:9080
- C:\Windows\System\LhtMYng.exe
  C:\Windows\System\LhtMYng.exe
  2⤵
  PID:9096
- C:\Windows\System\hJpisDL.exe
  C:\Windows\System\hJpisDL.exe
  2⤵
  PID:9112
- C:\Windows\System\uXGCPuL.exe
  C:\Windows\System\uXGCPuL.exe
  2⤵
  PID:9128
- C:\Windows\System\eQCiBdp.exe
  C:\Windows\System\eQCiBdp.exe
  2⤵
  PID:9144
- C:\Windows\System\qRPIdHL.exe
  C:\Windows\System\qRPIdHL.exe
  2⤵
  PID:9160
- C:\Windows\System\YZKHzXO.exe
  C:\Windows\System\YZKHzXO.exe
  2⤵
  PID:9176
- C:\Windows\System\fhhhSXo.exe
  C:\Windows\System\fhhhSXo.exe
  2⤵
  PID:9192
- C:\Windows\System\qGLcPHV.exe
  C:\Windows\System\qGLcPHV.exe
  2⤵
  PID:9208
- C:\Windows\System\kUrKVBH.exe
  C:\Windows\System\kUrKVBH.exe
  2⤵
  PID:7900
- C:\Windows\System\HLOPKso.exe
  C:\Windows\System\HLOPKso.exe
  2⤵
  PID:8232
- C:\Windows\System\yEbZRWC.exe
  C:\Windows\System\yEbZRWC.exe
  2⤵
  PID:7600
- C:\Windows\System\jjJWAFx.exe
  C:\Windows\System\jjJWAFx.exe
  2⤵
  PID:8328
- C:\Windows\System\EdNJeDj.exe
  C:\Windows\System\EdNJeDj.exe
  2⤵
  PID:8396
- C:\Windows\System\ZvNguJp.exe
  C:\Windows\System\ZvNguJp.exe
  2⤵
  PID:8460
- C:\Windows\System\vCwEsFk.exe
  C:\Windows\System\vCwEsFk.exe
  2⤵
  PID:7196
- C:\Windows\System\lfKnvzM.exe
  C:\Windows\System\lfKnvzM.exe
  2⤵
  PID:8496
- C:\Windows\System\wGEaSkD.exe
  C:\Windows\System\wGEaSkD.exe
  2⤵
  PID:8312
- C:\Windows\System\lcxlxcP.exe
  C:\Windows\System\lcxlxcP.exe
  2⤵
  PID:8216
- C:\Windows\System\ZbGXDRq.exe
  C:\Windows\System\ZbGXDRq.exe
  2⤵
  PID:8252
- C:\Windows\System\KjanpER.exe
  C:\Windows\System\KjanpER.exe
  2⤵
  PID:8284
- C:\Windows\System\OVBEinH.exe
  C:\Windows\System\OVBEinH.exe
  2⤵
  PID:8380
- C:\Windows\System\FmQPbaF.exe
  C:\Windows\System\FmQPbaF.exe
  2⤵
  PID:8448
- C:\Windows\System\XUydewu.exe
  C:\Windows\System\XUydewu.exe
  2⤵
  PID:8588
- C:\Windows\System\ohwcywG.exe
  C:\Windows\System\ohwcywG.exe
  2⤵
  PID:8652
- C:\Windows\System\KZysiQk.exe
  C:\Windows\System\KZysiQk.exe
  2⤵
  PID:8604
- C:\Windows\System\ZQPZArs.exe
  C:\Windows\System\ZQPZArs.exe
  2⤵
  PID:8684
- C:\Windows\System\ntcqOeN.exe
  C:\Windows\System\ntcqOeN.exe
  2⤵
  PID:8752
- C:\Windows\System\HJdqcgp.exe
  C:\Windows\System\HJdqcgp.exe
  2⤵
  PID:8764
- C:\Windows\System\kmrDsIS.exe
  C:\Windows\System\kmrDsIS.exe
  2⤵
  PID:8736
- C:\Windows\System\UyRkxUS.exe
  C:\Windows\System\UyRkxUS.exe
  2⤵
  PID:8812
- C:\Windows\System\Ssrpznk.exe
  C:\Windows\System\Ssrpznk.exe
  2⤵
  PID:8880
- C:\Windows\System\tVYamrp.exe
  C:\Windows\System\tVYamrp.exe
  2⤵
  PID:8828
- C:\Windows\System\LuGdDTx.exe
  C:\Windows\System\LuGdDTx.exe
  2⤵
  PID:8900
- C:\Windows\System\JejKYwC.exe
  C:\Windows\System\JejKYwC.exe
  2⤵
  PID:8916
- C:\Windows\System\nQCeWDp.exe
  C:\Windows\System\nQCeWDp.exe
  2⤵
  PID:8980
- C:\Windows\System\pOVEOUb.exe
  C:\Windows\System\pOVEOUb.exe
  2⤵
  PID:9044
- C:\Windows\System\JeHxkkV.exe
  C:\Windows\System\JeHxkkV.exe
  2⤵
  PID:8992
- C:\Windows\System\BCbkhjT.exe
  C:\Windows\System\BCbkhjT.exe
  2⤵
  PID:9056
- C:\Windows\System\jvstbPP.exe
  C:\Windows\System\jvstbPP.exe
  2⤵
  PID:9104
- C:\Windows\System\YUNdFfb.exe
  C:\Windows\System\YUNdFfb.exe
  2⤵
  PID:9140
- C:\Windows\System\hABHBqI.exe
  C:\Windows\System\hABHBqI.exe
  2⤵
  PID:9120
- C:\Windows\System\RwKMiyM.exe
  C:\Windows\System\RwKMiyM.exe
  2⤵
  PID:9152
- C:\Windows\System\sjThauG.exe
  C:\Windows\System\sjThauG.exe
  2⤵
  PID:9200
- C:\Windows\System\SlxfgPA.exe
  C:\Windows\System\SlxfgPA.exe
  2⤵
  PID:8236
- C:\Windows\System\lURrtTl.exe
  C:\Windows\System\lURrtTl.exe
  2⤵
  PID:8264
- C:\Windows\System\LeoLCPe.exe
  C:\Windows\System\LeoLCPe.exe
  2⤵
  PID:3468
- C:\Windows\System\yAZPjwC.exe
  C:\Windows\System\yAZPjwC.exe
  2⤵
  PID:8464
- C:\Windows\System\nSIzWpc.exe
  C:\Windows\System\nSIzWpc.exe
  2⤵
  PID:7972
- C:\Windows\System\GfLjKxq.exe
  C:\Windows\System\GfLjKxq.exe
  2⤵
  PID:8556
- C:\Windows\System\BiyccOw.exe
  C:\Windows\System\BiyccOw.exe
  2⤵
  PID:8248
- C:\Windows\System\cfoDdap.exe
  C:\Windows\System\cfoDdap.exe
  2⤵
  PID:8512
- C:\Windows\System\lYQdoov.exe
  C:\Windows\System\lYQdoov.exe
  2⤵
  PID:8884
- C:\Windows\System\SQPRsMR.exe
  C:\Windows\System\SQPRsMR.exe
  2⤵
  PID:8640
- C:\Windows\System\FmhJCmO.exe
  C:\Windows\System\FmhJCmO.exe
  2⤵
  PID:8672
- C:\Windows\System\eVulklz.exe
  C:\Windows\System\eVulklz.exe
  2⤵
  PID:8780
- C:\Windows\System\MMgVbCH.exe
  C:\Windows\System\MMgVbCH.exe
  2⤵
  PID:8636
- C:\Windows\System\zvCzTYI.exe
  C:\Windows\System\zvCzTYI.exe
  2⤵
  PID:8912
- C:\Windows\System\FXhxKcr.exe
  C:\Windows\System\FXhxKcr.exe
  2⤵
  PID:9040
- C:\Windows\System\yypVeEa.exe
  C:\Windows\System\yypVeEa.exe
  2⤵
  PID:9076
- C:\Windows\System\tqeiVXe.exe
  C:\Windows\System\tqeiVXe.exe
  2⤵
  PID:9088
- C:\Windows\System\NMjrwzZ.exe
  C:\Windows\System\NMjrwzZ.exe
  2⤵
  PID:8000
- C:\Windows\System\rsRwnOA.exe
  C:\Windows\System\rsRwnOA.exe
  2⤵
  PID:8160
- C:\Windows\System\RVfsoSl.exe
  C:\Windows\System\RVfsoSl.exe
  2⤵
  PID:7336
- C:\Windows\System\BHcclxk.exe
  C:\Windows\System\BHcclxk.exe
  2⤵
  PID:8528
- C:\Windows\System\tvUfBGm.exe
  C:\Windows\System\tvUfBGm.exe
  2⤵
  PID:8624
- C:\Windows\System\jkJpPaY.exe
  C:\Windows\System\jkJpPaY.exe
  2⤵
  PID:8508
- C:\Windows\System\LyqPrXW.exe
  C:\Windows\System\LyqPrXW.exe
  2⤵
  PID:8716
- C:\Windows\System\pbgxxZN.exe
  C:\Windows\System\pbgxxZN.exe
  2⤵
  PID:8796
- C:\Windows\System\bVCQjRy.exe
  C:\Windows\System\bVCQjRy.exe
  2⤵
  PID:8876
- C:\Windows\System\XHRCoRL.exe
  C:\Windows\System\XHRCoRL.exe
  2⤵
  PID:8964
- C:\Windows\System\MuIooDp.exe
  C:\Windows\System\MuIooDp.exe
  2⤵
  PID:9172
- C:\Windows\System\qlzenFD.exe
  C:\Windows\System\qlzenFD.exe
  2⤵
  PID:8096
- C:\Windows\System\WBjhUji.exe
  C:\Windows\System\WBjhUji.exe
  2⤵
  PID:8280
- C:\Windows\System\nsWhRqc.exe
  C:\Windows\System\nsWhRqc.exe
  2⤵
  PID:8572
- C:\Windows\System\LHNlQZk.exe
  C:\Windows\System\LHNlQZk.exe
  2⤵
  PID:8948
- C:\Windows\System\vLMtUnf.exe
  C:\Windows\System\vLMtUnf.exe
  2⤵
  PID:7772
- C:\Windows\System\iBVZMvV.exe
  C:\Windows\System\iBVZMvV.exe
  2⤵
  PID:596
- C:\Windows\System\lBTHyPZ.exe
  C:\Windows\System\lBTHyPZ.exe
  2⤵
  PID:8668
- C:\Windows\System\IjgYJTa.exe
  C:\Windows\System\IjgYJTa.exe
  2⤵
  PID:8860
- C:\Windows\System\qwuDdpa.exe
  C:\Windows\System\qwuDdpa.exe
  2⤵
  PID:8368
- C:\Windows\System\VaoevKP.exe
  C:\Windows\System\VaoevKP.exe
  2⤵
  PID:9232
- C:\Windows\System\FmpODkI.exe
  C:\Windows\System\FmpODkI.exe
  2⤵
  PID:9248
- C:\Windows\System\bfUcphf.exe
  C:\Windows\System\bfUcphf.exe
  2⤵
  PID:9264
- C:\Windows\System\zWsPwDW.exe
  C:\Windows\System\zWsPwDW.exe
  2⤵
  PID:9280
- C:\Windows\System\XcubDuu.exe
  C:\Windows\System\XcubDuu.exe
  2⤵
  PID:9296
- C:\Windows\System\xQlGVGg.exe
  C:\Windows\System\xQlGVGg.exe
  2⤵
  PID:9312
- C:\Windows\System\kWKZJsY.exe
  C:\Windows\System\kWKZJsY.exe
  2⤵
  PID:9328
- C:\Windows\System\pwGOGAe.exe
  C:\Windows\System\pwGOGAe.exe
  2⤵
  PID:9344
- C:\Windows\System\NTQaLeO.exe
  C:\Windows\System\NTQaLeO.exe
  2⤵
  PID:9360
- C:\Windows\System\FPpKwJn.exe
  C:\Windows\System\FPpKwJn.exe
  2⤵
  PID:9376
- C:\Windows\System\JAbqOXk.exe
  C:\Windows\System\JAbqOXk.exe
  2⤵
  PID:9392
- C:\Windows\System\DdpdAWR.exe
  C:\Windows\System\DdpdAWR.exe
  2⤵
  PID:9408
- C:\Windows\System\uWdrZlS.exe
  C:\Windows\System\uWdrZlS.exe
  2⤵
  PID:9424
- C:\Windows\System\fSoJMDD.exe
  C:\Windows\System\fSoJMDD.exe
  2⤵
  PID:9440
- C:\Windows\System\agiijbu.exe
  C:\Windows\System\agiijbu.exe
  2⤵
  PID:9456
- C:\Windows\System\vCbbWIe.exe
  C:\Windows\System\vCbbWIe.exe
  2⤵
  PID:9472
- C:\Windows\System\qoVVWHD.exe
  C:\Windows\System\qoVVWHD.exe
  2⤵
  PID:9488
- C:\Windows\System\QeHVZcg.exe
  C:\Windows\System\QeHVZcg.exe
  2⤵
  PID:9504
- C:\Windows\System\BWhhkYn.exe
  C:\Windows\System\BWhhkYn.exe
  2⤵
  PID:9520
- C:\Windows\System\vfNqmAO.exe
  C:\Windows\System\vfNqmAO.exe
  2⤵
  PID:9536
- C:\Windows\System\yqZgvuf.exe
  C:\Windows\System\yqZgvuf.exe
  2⤵
  PID:9552
- C:\Windows\System\qhDAJWC.exe
  C:\Windows\System\qhDAJWC.exe
  2⤵
  PID:9568
- C:\Windows\System\tQjgnQh.exe
  C:\Windows\System\tQjgnQh.exe
  2⤵
  PID:9584
- C:\Windows\System\XhWBcEo.exe
  C:\Windows\System\XhWBcEo.exe
  2⤵
  PID:9600
- C:\Windows\System\THWtkzm.exe
  C:\Windows\System\THWtkzm.exe
  2⤵
  PID:9616
- C:\Windows\System\gHEVOnc.exe
  C:\Windows\System\gHEVOnc.exe
  2⤵
  PID:9632
- C:\Windows\System\UwuTUng.exe
  C:\Windows\System\UwuTUng.exe
  2⤵
  PID:9648
- C:\Windows\System\QhMaKTT.exe
  C:\Windows\System\QhMaKTT.exe
  2⤵
  PID:9664
- C:\Windows\System\mRKNWwC.exe
  C:\Windows\System\mRKNWwC.exe
  2⤵
  PID:9680
- C:\Windows\System\XDdJSxe.exe
  C:\Windows\System\XDdJSxe.exe
  2⤵
  PID:9700
- C:\Windows\System\GfPyANn.exe
  C:\Windows\System\GfPyANn.exe
  2⤵
  PID:9716
- C:\Windows\System\lKvjeyu.exe
  C:\Windows\System\lKvjeyu.exe
  2⤵
  PID:9732
- C:\Windows\System\tumUtEW.exe
  C:\Windows\System\tumUtEW.exe
  2⤵
  PID:9748
- C:\Windows\System\FZyvLwO.exe
  C:\Windows\System\FZyvLwO.exe
  2⤵
  PID:9764
- C:\Windows\System\vuxoVGm.exe
  C:\Windows\System\vuxoVGm.exe
  2⤵
  PID:9780
- C:\Windows\System\KpkjsCy.exe
  C:\Windows\System\KpkjsCy.exe
  2⤵
  PID:9796
- C:\Windows\System\XzWcrDI.exe
  C:\Windows\System\XzWcrDI.exe
  2⤵
  PID:9812
- C:\Windows\System\TtCGPIC.exe
  C:\Windows\System\TtCGPIC.exe
  2⤵
  PID:9828
- C:\Windows\System\ImOFdFe.exe
  C:\Windows\System\ImOFdFe.exe
  2⤵
  PID:9844
- C:\Windows\System\noXIDRd.exe
  C:\Windows\System\noXIDRd.exe
  2⤵
  PID:9860
- C:\Windows\System\prxHMGt.exe
  C:\Windows\System\prxHMGt.exe
  2⤵
  PID:9876
- C:\Windows\System\BMVgnWU.exe
  C:\Windows\System\BMVgnWU.exe
  2⤵
  PID:9892
- C:\Windows\System\GSWbtXH.exe
  C:\Windows\System\GSWbtXH.exe
  2⤵
  PID:9908
- C:\Windows\System\CDSzbCa.exe
  C:\Windows\System\CDSzbCa.exe
  2⤵
  PID:9924
- C:\Windows\System\htlgFDf.exe
  C:\Windows\System\htlgFDf.exe
  2⤵
  PID:9940
- C:\Windows\System\azGUIRF.exe
  C:\Windows\System\azGUIRF.exe
  2⤵
  PID:9956
- C:\Windows\System\QfRDkJe.exe
  C:\Windows\System\QfRDkJe.exe
  2⤵
  PID:9972
- C:\Windows\System\QLhoKyg.exe
  C:\Windows\System\QLhoKyg.exe
  2⤵
  PID:9988
- C:\Windows\System\OhKLaCN.exe
  C:\Windows\System\OhKLaCN.exe
  2⤵
  PID:10004
- C:\Windows\System\vHmJHwP.exe
  C:\Windows\System\vHmJHwP.exe
  2⤵
  PID:10020
- C:\Windows\System\pbLSPEg.exe
  C:\Windows\System\pbLSPEg.exe
  2⤵
  PID:10036
- C:\Windows\System\PqJqpAP.exe
  C:\Windows\System\PqJqpAP.exe
  2⤵
  PID:10052
- C:\Windows\System\AYQzvYE.exe
  C:\Windows\System\AYQzvYE.exe
  2⤵
  PID:10068
- C:\Windows\System\zoygHLs.exe
  C:\Windows\System\zoygHLs.exe
  2⤵
  PID:10084
- C:\Windows\System\vTLjrpH.exe
  C:\Windows\System\vTLjrpH.exe
  2⤵
  PID:10100
- C:\Windows\System\rjWnhoN.exe
  C:\Windows\System\rjWnhoN.exe
  2⤵
  PID:10116
- C:\Windows\System\vBDewHE.exe
  C:\Windows\System\vBDewHE.exe
  2⤵
  PID:10132
- C:\Windows\System\OVRhJCO.exe
  C:\Windows\System\OVRhJCO.exe
  2⤵
  PID:10148
- C:\Windows\System\RxVVWos.exe
  C:\Windows\System\RxVVWos.exe
  2⤵
  PID:10164
- C:\Windows\System\uHXMrUP.exe
  C:\Windows\System\uHXMrUP.exe
  2⤵
  PID:10180
- C:\Windows\System\xUTULHL.exe
  C:\Windows\System\xUTULHL.exe
  2⤵
  PID:10196
- C:\Windows\System\ZkXMgVZ.exe
  C:\Windows\System\ZkXMgVZ.exe
  2⤵
  PID:10212
- C:\Windows\System\cYXGuat.exe
  C:\Windows\System\cYXGuat.exe
  2⤵
  PID:10228
- C:\Windows\System\ErsfWKA.exe
  C:\Windows\System\ErsfWKA.exe
  2⤵
  PID:9228
- C:\Windows\System\CtbHsKY.exe
  C:\Windows\System\CtbHsKY.exe
  2⤵
  PID:9244
- C:\Windows\System\PZsFJXe.exe
  C:\Windows\System\PZsFJXe.exe
  2⤵
  PID:9304
- C:\Windows\System\qVcwGBk.exe
  C:\Windows\System\qVcwGBk.exe
  2⤵
  PID:9320
- C:\Windows\System\cddEXxs.exe
  C:\Windows\System\cddEXxs.exe
  2⤵
  PID:9336
- C:\Windows\System\DNUFrGF.exe
  C:\Windows\System\DNUFrGF.exe
  2⤵
  PID:9368
- C:\Windows\System\pojkRay.exe
  C:\Windows\System\pojkRay.exe
  2⤵
  PID:9404
- C:\Windows\System\LPeFoeM.exe
  C:\Windows\System\LPeFoeM.exe
  2⤵
  PID:9448
- C:\Windows\System\yhKPxZK.exe
  C:\Windows\System\yhKPxZK.exe
  2⤵
  PID:9512
- C:\Windows\System\LumYbTm.exe
  C:\Windows\System\LumYbTm.exe
  2⤵
  PID:9496
- C:\Windows\System\YeprSiL.exe
  C:\Windows\System\YeprSiL.exe
  2⤵
  PID:9544
- C:\Windows\System\jOFGYYi.exe
  C:\Windows\System\jOFGYYi.exe
  2⤵
  PID:9560
- C:\Windows\System\RChGwPa.exe
  C:\Windows\System\RChGwPa.exe
  2⤵
  PID:9592
- C:\Windows\System\ZIsOKbO.exe
  C:\Windows\System\ZIsOKbO.exe
  2⤵
  PID:9672
- C:\Windows\System\vcwOmic.exe
  C:\Windows\System\vcwOmic.exe
  2⤵
  PID:9708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AyqMQJU.exe

Filesize
6.0MB

MD5
2a5d0e0836e577c0298058f732ec1c34

SHA1
fa93432f24aaa1e905fe8bc07ffdccf3bba7690e

SHA256
c2ba9ffdde170ebba57ba0d98a18730d3b6bc05c24f59be917bcd2e491b3c5b5

SHA512
b1de48da2a0f397757953d034f78ac59e66134899835ebe229286b5db27692123939379dd709159f5dd27cdfc314ad8ba89f7836a35bf5e858ed27fe3c94c958

Download Submit
C:\Windows\system\CcoKVbR.exe

Filesize
6.0MB

MD5
e0ae916862a9df8696c8e5e808fa54ee

SHA1
eb9102573212200779a29544e9f57809955ae05f

SHA256
342f49f4c31c018aa962ef7b2b338da73ac9b460aea792def50f6580830ad578

SHA512
05d3f4233fa8fb1ee112aba90e82ccf4e734fbf041b2f4b4e0672d097fc60d3d93e72de4aaf5d10d6ff7201905936cbca50b41f3c0f4a5edab70ecad92f45fab

Download Submit
C:\Windows\system\CdBdIWP.exe

Filesize
6.0MB

MD5
2dc2eb37313d0eba1c49d0cafe2b76d5

SHA1
f1b5832d447308e97ce8cf95f6d85b6b7e197e24

SHA256
5dc3dc67d766633bb292a305bbe7065f78437a436c779608ba48f31a046d30fc

SHA512
f07e18e1916afed69400224e45495443a1cea5bb2705d88ecd9b69cbf8ae21a340fe65af820aee46298f056960590f8bc93f4eced71bce92f2ff81d365405372

Download Submit
C:\Windows\system\DElRPvb.exe

Filesize
6.0MB

MD5
4c49ae612903353658e62ac39561d48d

SHA1
2045cd75984bb793174bdb42ffe8eccc57a99275

SHA256
0931560c6c88209efbfdd1156baefbca17f646cba8044fc7a22cd8749ecef65b

SHA512
ea554203e25345c0ae96b0e2dbc6c3ad40fbaad3951bbbc26c9700432cef4553c90a88533419ea2014786eecca73c91c85ba4dc675e7a717431c77912d9b3e20

Download Submit
C:\Windows\system\FphoCUW.exe

Filesize
6.0MB

MD5
cd26917fac9a06ad41b0f37e92055ff3

SHA1
fdb79487af33c5bf28822b00026d524d4228ff7a

SHA256
1b2145d83987b603f01cb85e6da320410f75062884e8c4b98652e0e9703f9794

SHA512
1c3cd8cdea65fa172e216e8c793b00036bd20d50cc8279189c835dbeaa91b7218a835445554568a6a1f76c91a937091102e73be1d23d48348d4287cd6c281d38

Download Submit
C:\Windows\system\HHrFhRh.exe

Filesize
6.0MB

MD5
9c3e29f89827c0b5b2e778837cd421a0

SHA1
2bd913f7b5389c06d30ec6a281193cd4edd175fe

SHA256
ab3a4c7ae2026f24e17d16d5886c392d9d73dd280a37e1db6276c66935536382

SHA512
b9598a52a183611dca2ce847b435910dcd9bea07b05d4c74c39c30bbb7b0b232f752e859fa72e8aed6b8bdbccbf77bd198ef56eaffea12dded9213348e3c954d

Download Submit
C:\Windows\system\IpCJSdL.exe

Filesize
6.0MB

MD5
a7b44bba6878ef6a22d2728b9712b1ad

SHA1
186df77d6240c4a8db3661e01db744808f97c278

SHA256
37390c53c324ff5abe2d4ad96d936da7b3b2f583e1c9caf550ebb4612d7323c1

SHA512
e8c76365f4626e869f3eb711934ea3f681792d3d50e83f6470718c44f8322e7be822eed23e5167bf4e8ee209a35d76df52c29ca09c1d00f1a1672604f40a378f

Download Submit
C:\Windows\system\KNgVirW.exe

Filesize
6.0MB

MD5
c2439f3e37b4d113e072e26af95e19c6

SHA1
f05419a544b19d280b5d7b4f545dc4aacc821c18

SHA256
7607be32c3b95bff8ecdaaa9da1bd7a4b4cbc2a60d057f8c307eb112bbd7623e

SHA512
8b8f05b27149ef77f15bcc0fc91445796bd29a0300eb7eae2e4cf7ff79fd3e09f3d86b0febae2fd7ce23f601b8222cf778e5a98353037832d5940048f1e1d05b

Download Submit
C:\Windows\system\MWiiHZH.exe

Filesize
6.0MB

MD5
b61250cbaba991f570da7011e8462bd1

SHA1
80b769939dd4be39f09fb23b4fbedfa4e30c4241

SHA256
3b80ff471f7fc56f88998543d569ad72e344eb08c06c238b16a970e430f39a89

SHA512
1b39875087b63bf9f25699aa84459581b5c031c9404fd9966bdac9575af095c8264a008d67a77adc582fa128302134dc16bd959a4310c6728bc98a444293f25c

Download Submit
C:\Windows\system\MwXKKxn.exe

Filesize
6.0MB

MD5
4c828ba394e7bc2c5fdd88f379f9e465

SHA1
6a9986696a9c39f10e1f431bccc5d806abaedd3e

SHA256
4ce58cd68eef15eed62273b3773fe9159c25b4e6238b7efb25deb0d4a1b6aec7

SHA512
6b8f56afea4e2e5bd05817759a856ed63d4088477ebcb934197db5739d8d3333972924d45dc9e0507c6de03c140949a6996f1143abfb89b46c8f94fade239327

Download Submit
C:\Windows\system\ONxSBRJ.exe

Filesize
6.0MB

MD5
0c8a56b00164363bc61a2c29b7809069

SHA1
356ecbf7541e4f487b6b4c8b923a024d44472ec7

SHA256
2c7b460a510f6f2c17c2f3cf66b0acf3636046e5de5f75a7d8a307d8a5b687b1

SHA512
58d21e11f6251963afc7d34753113013facd93b9cab7a6a2ec0e02bc563425dbc4c90b5eb3ee1f995a4c0ea1bd9b325f32b8ac75d67d9ef72235549be0d4b0b4

Download Submit
C:\Windows\system\VOvrKRU.exe

Filesize
6.0MB

MD5
6be32ad65c2cd02e8b953ad535005261

SHA1
fa45e18abf50b27309fceec8cf437242d1007bf6

SHA256
73922ef7607832b2e325c46e82b85143f717be8b30253c16ba29cc4bca894f19

SHA512
77ffc38b8e6740e0bc677e3e3c43adabbce8a78dbeae38b204f239df54cb508bb59618d7d6cc76ccc521f7d14faa42eb7cf70bfcd93c66fead6b237771251430

Download Submit
C:\Windows\system\WGyuncc.exe

Filesize
6.0MB

MD5
12b86bb4b4733682588dd7f57fb7985e

SHA1
2ac877c1583df4b0d5e2bf34ab415e99e73de244

SHA256
8c45b357f33129727c3a9ca504a798e9b1d7db26eff0458d851c404601af01ed

SHA512
fef80b7978cac428076d3e5b854436e3109f29a9246f82fa5c4dc7968d29ce520f43054f3bf1ff1914640d317eb9f84ff2a7b9c9f1ef704a7efba9c93a6af5e5

Download Submit
C:\Windows\system\YTGyVCu.exe

Filesize
6.0MB

MD5
82d8c88b3031a30d5c14006eb13d5ac6

SHA1
0aa6e7d46b67cae4697dec5bd8bf5676b5a354d7

SHA256
9b60f00eaf60ed57db4b424a2d6bc55b14b1a5b7072d7ec02743e2463de3d147

SHA512
15f6f96099ae35f36cc51040d966a77babd5a9d949edc6b0f23d59a8daa458291ec204925c4e48b0b93c03937c0369650e191814898891537fa31d3913870002

Download Submit
C:\Windows\system\YcjnOtb.exe

Filesize
6.0MB

MD5
a1c0cd1a014375710c49652a192e2ab6

SHA1
4e59345a6c70e8a6c214b0567aa45c4c8251f942

SHA256
3d412391417b690d7349c8cc8a342fc163b972d5285c4f56f8722e8b749a36f4

SHA512
7d533d208340c5172c07f449de0cdb7faaccc7882e79f74bbc4615cf9c5ae3ed06cde6dda7f9ce93af738bb333414020f62392f90c0e9e3ddaa60390e4da99ea

Download Submit
C:\Windows\system\aXmJcdA.exe

Filesize
6.0MB

MD5
3f2e03e7ed701cc2ff72729c11d31d59

SHA1
bfe601e6000834d384624b502626c6746e17d774

SHA256
b74422bbec3f9fa4b15df0633acf2e4a48f43aa29c85fbde92b908672e1e826f

SHA512
b1d0048b7336adb17d49a30ac33eeee438571eaf6aa7dfed0a57af8b6b0f8079405f6498970fe05a33fc43a6c0ff3037f4935515ed067aa85f03c2ec848aee8a

Download Submit
C:\Windows\system\bDVXmjv.exe

Filesize
6.0MB

MD5
f9a9e77954f7626170a3af542fc70842

SHA1
13f03453308debfdbbf6765e47bdc68079fe067f

SHA256
d2e84d6051996969686a0e0b73c82c39d865be7f438bc789040f193e51515e02

SHA512
6b1315a45e0b8153660741b1b202da307ce19d2197b3b30823fae6e364bc9940d76bb81f39fa89d533bef5309e753f49886e6f027ae5affddacaacb0265536fb

Download Submit
C:\Windows\system\eGVCykV.exe

Filesize
6.0MB

MD5
77ab55dfdec4446a7786c635790f9065

SHA1
8ec0fbcd226c46d77128e62478f659abb7bfc295

SHA256
4151f6edcc8a86af735b65861423f15c475f99cf7cc43c8e424e688eee942d56

SHA512
796d042c8075bab1a000351d3c23a23011c3dab69a0dc13e440f7c550f4877afc891c58ab1eb18cb23b4679e448c770ce956aa1e7038c6f819c61ed30e1f1acb

Download Submit
C:\Windows\system\fHmUlkk.exe

Filesize
6.0MB

MD5
52f67bd7a2d607c36205d036237fcf89

SHA1
bee270741cfcd179d0acc767b1ceaa9a249ebdf5

SHA256
a347e7d2a92d489e02616caa64c11abdc400b310b9d55ef350d9a00b88e2fe3e

SHA512
8c7327c91e5c34badf46103bf620755e9fb917e01cbea0b41e01c2f7f86f331d6e48a18d9fa958c5a6200cfd0f9dc40e0eb6cf427734f91e94445a2255003c14

Download Submit
C:\Windows\system\gDSNLxz.exe

Filesize
6.0MB

MD5
f02d0fe02caa343b0d3f370375a04c52

SHA1
eb1d7969ee77668da9cc9fdf765c9a27741ba984

SHA256
c3d428383d65593101292ef3ce5a1b6c8327932529340a2d090db4450e880b55

SHA512
e88df2e26e761769502bf3fbb5773a2527bf5f7de353e2406eff3e260eac740ffe4ced42b786dec11f88b5e441351f5f8c337833ee5a5d528a82633204927ef3

Download Submit
C:\Windows\system\ghhUYEZ.exe

Filesize
6.0MB

MD5
3f7817b9d1e7a9e517f909e9325cd331

SHA1
6142e0f5adb99a343a06965eda6a18a2fd891841

SHA256
aefd6fe2cb7bf76e30f7fa504e68b02bd11fb3ad5f64f0e8ec6b1b7c6194face

SHA512
62235a87ba92d6f039505740d5ceeea7842322a2f26ef22f529d5c2520072d36213b71a1dd3a80225987a04e25dac3cfea7ab82abe71a4460b411a824f6707c8

Download Submit
C:\Windows\system\hvksiig.exe

Filesize
6.0MB

MD5
b37d1efc8f3f539c7df1bb3c903f6967

SHA1
b70c286e173f412917cefe8710b4732120362ee8

SHA256
e5d8bbf8dee4df2f426cf53a8fc2eccff56da20e291e45a8203556be3e25c857

SHA512
b384c67f9d28f9bf4550b696d1152424b3d56d08c80bbd443a199b83ee78430a5386d92e950232d4bbe65cc0e943c97f6a813003da2b4c25d19fe324e06dfe6f

Download Submit
C:\Windows\system\jHFlGYS.exe

Filesize
6.0MB

MD5
b3b6be797fdb4d9e2e0eb14145d945b9

SHA1
4d1f9037a151ed0585eefbd6855c72d932c6f1ad

SHA256
4d606b4188fac24e459f135d036528522ae4b44cacbbb2a1adcb64f04b20c8b9

SHA512
dea9cbaa607342561e1395b3db12e85b0c9dec703defc07e8a6e5e932b4680fd9a2197328cfce57dc3c0aeedc371b46d3808025b959b90167273ba8781b00ad7

Download Submit
C:\Windows\system\lbxXQhf.exe

Filesize
6.0MB

MD5
62b402bf01a38c009fcbe2674b1f603c

SHA1
93cb8a859131bca6488656df8e7e41a73ef43e1f

SHA256
caf4857623548d337a88b3e2a1ac7e0264bef9cdd3be626fc7b413078a4fb936

SHA512
84eafe1ce15d37ecb1de47f3b96cdb6def6f19928cc256384e52aac485bd95ffa80df23ccf676b53cfbf2d24e4e7302f9968eacb8f600d2bf63e55a16cd9aa60

Download Submit
C:\Windows\system\qOHLeSU.exe

Filesize
6.0MB

MD5
074871c936d4fa73eab9e5cc65070b4e

SHA1
273fc05ef4ecefd8c38d0e1bfbd02b2cce7f85cd

SHA256
03cbe252b8a980643318a17d64eb38d1d521d01c1f87053289255bbe2c3176be

SHA512
6c37a906ff011a28ca052da2ba0dfad08a316a5514a80b7a50dd8e3b79c6916e66cd9eee5a6bff1f9c4665eeaf361764a2108bef800c75a6d86ab72e46fce59f

Download Submit
C:\Windows\system\sISquhQ.exe

Filesize
6.0MB

MD5
17cd2b50032b31de70c3303841749872

SHA1
5ff939c49e7242bd5ee47d7c93d5ad8af190542d

SHA256
a45ee6f9d39e5298597e3bcda7b5aa4736d0391bcba6bdde4078313a49aaf3a6

SHA512
32347b9be549b59bbb3b8ca24fbc28e0c936d68bb139cc4ccb1e3f3f8732fa7f5dbe6e34cf38cea26e7a7f1c28f4b1a072536a559322d81067e6652e4c6586a2

Download Submit
C:\Windows\system\sniSSaV.exe

Filesize
6.0MB

MD5
5a990a154ba10171b5384a2151cae2ba

SHA1
1d21a2f47b430bd5c89cdba42b844a3559ec6e21

SHA256
0ceea8213e8955abcd5ac09dbcd0e9af2117b1df42e1f223c14587e579317471

SHA512
bc613c98cd6f7b8f0ed8a6a21d19a68630f1fe8055e8ac24929e002f8a5c75d81074a964f6ec40b7060ff8907a6df5fff03bd9eedc4f0138c6c5f96fbdc87bc8

Download Submit
C:\Windows\system\soNvKTw.exe

Filesize
6.0MB

MD5
15a70375b1afef56addbdd45d36ace37

SHA1
37abe0f396bef7bf066e2303633a0021a0db9e20

SHA256
c8a6cd8e16d479940f66fc9ea705b7d089f72c90b9692af782a4ac65c9f6d2e0

SHA512
bfb5d22d4a75175127afb22371bb5f39eeb9428285e3ffe2d186eba79b15591e78dad6d3465011bb0c589abf52e30428a8b46fc738213557941bf32e08b5ba6d

Download Submit
C:\Windows\system\sohaZqR.exe

Filesize
6.0MB

MD5
ff1ddda2e41be930cbf98dfc3c4530dc

SHA1
39a96603f0a8e840c24aaab5d2173f38efeda683

SHA256
e26fd922d9686294af9649b9e23b98ff9b07ea3830bf976e78404b7010f15f4a

SHA512
2c9c01492e18d3679c28b2b2ca9a28781e0dd923152e0c6f80587d5fde328d192ac2b80585d4519b33cba3a8ff261154081d7af4dd3124df9b86c54470630c2d

Download Submit
C:\Windows\system\wPjjfvu.exe

Filesize
6.0MB

MD5
24190606557f21aec83624862c9e76ce

SHA1
74595c33c6bf4a3b597805d5b53d8d3070958fd1

SHA256
dc72abb30da78080e559471245f69fe665366bc239d77462b2425ad202d74f9a

SHA512
7eca569b704f45997eaa3e1be93962a0fd7a6fbfdf08e0aafa7071193c2fd93c728a7f275d00f585b870fce787ea94f7d3344eaa40c1be4c430971c5a9451780

Download Submit
\Windows\system\NuplMED.exe

Filesize
6.0MB

MD5
9888135f797914470bb6e58dec82ada1

SHA1
e25de4dc62d0e2e4739095cb841794e22981d251

SHA256
81ba9745571dabfff102cff5eddd34d1138bf2d26772977650904a13e7f3ecc6

SHA512
a60c4ff2c071ca946cc650366ef93bb1a24c13bbe3e88f01a8e0705ec2d7b113450832f683a32e9e783491b6285d50799e78b95b1c4e70c2692eb0f5be0940f3

Download Submit
\Windows\system\WwDdFja.exe

Filesize
6.0MB

MD5
a1a5cc6920e01cb1f420190e317ec8c7

SHA1
847d091591f41cca1d107c1e131f917896d0c412

SHA256
3caa52128f54d6d30178e82a6c5618111d5e18db3d4004213d5999a643444f15

SHA512
1ea61b5bbcdc3b1438fea69da9ea7aaf8e73f6ad1751865ea2933d8ce79f8d7dfbb977d07375c333477d9fed5b763d6e8488f9e44daaa460b8d7b8b1e5a09356

Download Submit
memory/752-1398-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/752-71-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/784-1399-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/784-78-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/864-50-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/864-1394-0x000000013FF30000-0x0000000140284000-memory.dmp

Filesize
3.3MB

Download
memory/1172-1374-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1172-39-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1820-87-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1820-41-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/1820-142-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1820-0-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1820-96-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1820-1-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download
memory/1820-63-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/1820-33-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1820-85-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1820-106-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-70-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1820-173-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1820-77-0x000000013FFC0000-0x0000000140314000-memory.dmp

Filesize
3.3MB

Download
memory/1820-44-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-46-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1820-48-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-52-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/1820-53-0x0000000002330000-0x0000000002684000-memory.dmp

Filesize
3.3MB

Download
memory/2336-100-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-1402-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-1393-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-47-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2404-1401-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2404-95-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/2428-86-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2428-1400-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1369-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2480-51-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2784-64-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2784-1396-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2788-56-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1397-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-97-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1368-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2868-43-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2872-49-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2872-1395-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-1385-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2984-45-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download