cobaltstrike | 61b89944cb1a07de569e6cc042d4e9711fc8784e381d0165118945e9abfae9ae

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-12-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

fc06b2938d7eec627a709f8fd96b7d22
SHA1

80972c4c0d5340911cc94f355391986990e16d22
SHA256

61b89944cb1a07de569e6cc042d4e9711fc8784e381d0165118945e9abfae9ae
SHA512

a99e95b038712b9acc67a9455cefe5057645604d178acf098cd5703f08e251762137874c5a158c21b6abd0d4c60fe935e664255eadc12a0b304f6945f79f832a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUQ:T+q56utgpPF8u/7Q

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000012000-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d89-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017079-15.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a7-18.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a9-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-30.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000174cc-38.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-142.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-138.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-126.dat	cobalt_reflective_dll
behavioral1/files/0x0034000000016d64-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-105.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-60.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019282-45.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000017492-36.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2212-0-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x0003000000012000-3.dat	xmrig
behavioral1/files/0x0008000000016d89-8.dat	xmrig
behavioral1/files/0x0008000000017079-15.dat	xmrig
behavioral1/files/0x00070000000173a7-18.dat	xmrig
behavioral1/files/0x00070000000173a9-26.dat	xmrig
behavioral1/files/0x0007000000017488-30.dat	xmrig
behavioral1/files/0x00090000000174cc-38.dat	xmrig
behavioral1/files/0x0005000000019334-50.dat	xmrig
behavioral1/files/0x0005000000019350-55.dat	xmrig
behavioral1/files/0x00050000000193e1-70.dat	xmrig
behavioral1/files/0x000500000001941e-75.dat	xmrig
behavioral1/files/0x000500000001944f-95.dat	xmrig
behavioral1/files/0x0005000000019582-111.dat	xmrig
behavioral1/memory/2212-974-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001961b-159.dat	xmrig
behavioral1/files/0x0005000000019615-152.dat	xmrig
behavioral1/files/0x0005000000019611-151.dat	xmrig
behavioral1/files/0x0005000000019617-149.dat	xmrig
behavioral1/files/0x0005000000019613-142.dat	xmrig
behavioral1/files/0x000500000001960d-138.dat	xmrig
behavioral1/files/0x000500000001960f-135.dat	xmrig
behavioral1/files/0x000500000001960b-128.dat	xmrig
behavioral1/memory/2792-195-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/2220-193-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/3012-191-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/276-190-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2196-189-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/1856-187-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2580-185-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2548-183-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2212-182-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2716-181-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2736-179-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2212-178-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2668-177-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2684-175-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2212-174-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2008-173-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x000500000001961d-164.dat	xmrig
behavioral1/files/0x0005000000019619-158.dat	xmrig
behavioral1/files/0x00050000000195c5-120.dat	xmrig
behavioral1/memory/2816-134-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0005000000019609-126.dat	xmrig
behavioral1/files/0x0034000000016d64-115.dat	xmrig
behavioral1/files/0x000500000001950c-105.dat	xmrig
behavioral1/files/0x0005000000019461-100.dat	xmrig
behavioral1/files/0x0005000000019441-90.dat	xmrig
behavioral1/files/0x0005000000019431-85.dat	xmrig
behavioral1/files/0x0005000000019427-80.dat	xmrig
behavioral1/files/0x00050000000193c2-65.dat	xmrig
behavioral1/files/0x00050000000193b4-60.dat	xmrig
behavioral1/files/0x0007000000019282-45.dat	xmrig
behavioral1/files/0x000a000000017492-36.dat	xmrig
behavioral1/memory/2008-3832-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/2580-3830-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/2668-3831-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/2196-3834-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2684-3835-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2816-3839-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2716-3879-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2220-3873-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2792-3847-0x000000013F820000-0x000000013FB74000-memory.dmp	xmrig
behavioral1/memory/276-3846-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2792	VyhooUn.exe
2816	aPNgQyF.exe
2008	FTPSuyi.exe
2684	hDiByit.exe
2668	VrerbID.exe
2736	GhJfQpU.exe
2716	BixypvO.exe
2548	CMsFwkc.exe
2580	WxfCRTW.exe
1856	xdWRQAI.exe
2196	ykuCEsJ.exe
276	BgLvIoJ.exe
3012	KzffVNf.exe
2220	CrBAUGK.exe
2096	QFJGPZe.exe
1152	BdPjkcQ.exe
1356	PXELicL.exe
1724	ZKsMJEl.exe
344	bjPVsCt.exe
2608	SoZFqSn.exe
2284	RQoTosO.exe
2076	XAJbgmn.exe
2640	ivgqjlN.exe
2896	wQWPttU.exe
1820	xDPDznb.exe
1600	qxtFdhU.exe
2456	Lnhqxgy.exe
2036	GqhPnHL.exe
624	ZqPCLBu.exe
1716	UZowBRE.exe
1788	nJRynoH.exe
2320	cnLMZoe.exe
640	XjTtDsn.exe
1132	UcTPnan.exe
1920	ZpNlwVz.exe
1604	kXhWlVH.exe
1796	WwHUCso.exe
2960	aGhfdhj.exe
1640	TaKwsHP.exe
2300	wzliugF.exe
2224	DZxtsBz.exe
2112	NHxIRNF.exe
1224	LGwLgVT.exe
2072	DTsbJKp.exe
2428	VWgayAj.exe
2636	EiJSCtT.exe
2980	JdWjoBS.exe
2324	guBlCAA.exe
1948	gFzMjpN.exe
2372	zcUpAoH.exe
1588	JjsPUYV.exe
2416	KTXUCES.exe
2676	edDGUyj.exe
1584	LSPDYlJ.exe
2700	AnthVvP.exe
2136	BuaTSIq.exe
2688	adIrRTv.exe
1204	gQZBfHE.exe
2600	iaHBhgp.exe
1096	CknnUYc.exe
2276	vDGyDQe.exe
2396	NzEtxRG.exe
620	PAuaKJH.exe
1112	iIkEzVU.exe

Loads dropped DLL 64 IoCs

pid	Process
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2212-0-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x0003000000012000-3.dat	upx
behavioral1/files/0x0008000000016d89-8.dat	upx
behavioral1/files/0x0008000000017079-15.dat	upx
behavioral1/files/0x00070000000173a7-18.dat	upx
behavioral1/files/0x00070000000173a9-26.dat	upx
behavioral1/files/0x0007000000017488-30.dat	upx
behavioral1/files/0x00090000000174cc-38.dat	upx
behavioral1/files/0x0005000000019334-50.dat	upx
behavioral1/files/0x0005000000019350-55.dat	upx
behavioral1/files/0x00050000000193e1-70.dat	upx
behavioral1/files/0x000500000001941e-75.dat	upx
behavioral1/files/0x000500000001944f-95.dat	upx
behavioral1/files/0x0005000000019582-111.dat	upx
behavioral1/memory/2212-974-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x000500000001961b-159.dat	upx
behavioral1/files/0x0005000000019615-152.dat	upx
behavioral1/files/0x0005000000019611-151.dat	upx
behavioral1/files/0x0005000000019617-149.dat	upx
behavioral1/files/0x0005000000019613-142.dat	upx
behavioral1/files/0x000500000001960d-138.dat	upx
behavioral1/files/0x000500000001960f-135.dat	upx
behavioral1/files/0x000500000001960b-128.dat	upx
behavioral1/memory/2792-195-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/2220-193-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/3012-191-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/276-190-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2196-189-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/1856-187-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2580-185-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2548-183-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2716-181-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2736-179-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2668-177-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2684-175-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2008-173-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x000500000001961d-164.dat	upx
behavioral1/files/0x0005000000019619-158.dat	upx
behavioral1/files/0x00050000000195c5-120.dat	upx
behavioral1/memory/2816-134-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0005000000019609-126.dat	upx
behavioral1/files/0x0034000000016d64-115.dat	upx
behavioral1/files/0x000500000001950c-105.dat	upx
behavioral1/files/0x0005000000019461-100.dat	upx
behavioral1/files/0x0005000000019441-90.dat	upx
behavioral1/files/0x0005000000019431-85.dat	upx
behavioral1/files/0x0005000000019427-80.dat	upx
behavioral1/files/0x00050000000193c2-65.dat	upx
behavioral1/files/0x00050000000193b4-60.dat	upx
behavioral1/files/0x0007000000019282-45.dat	upx
behavioral1/files/0x000a000000017492-36.dat	upx
behavioral1/memory/2008-3832-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2580-3830-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2668-3831-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/2196-3834-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2684-3835-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2816-3839-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2716-3879-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2220-3873-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2792-3847-0x000000013F820000-0x000000013FB74000-memory.dmp	upx
behavioral1/memory/276-3846-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/3012-3878-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/1856-3922-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2736-3927-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\HMONeSe.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhLnMlu.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLRgXSw.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EtZhyzL.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tslvLnI.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGhfmAF.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtpjYpL.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AnOHdzt.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gMvFpAY.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DhsLpyo.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHsQlQc.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rYWyWIp.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfzbDnH.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLuaGtE.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HkbnnEP.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uIrQhHS.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DXadewC.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HWblsXj.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\miTCXCz.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSBlkaU.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XirxKlO.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hXtnjQG.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hiRPrpz.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FZtXtTo.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JgmlbXq.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WHvlBlb.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AxnVofy.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsFlLvB.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwHUCso.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbUdqgE.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INsJDHv.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Vezbycf.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dBSuxJK.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uFEePjQ.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXhWlVH.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhsnVNQ.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iPYWNpz.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyoBMel.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOkrPbe.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zoEGzht.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEviBSJ.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXYRgGg.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\msQWpax.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vuzGzvO.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtKpLIW.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ASdjCfw.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iXndJHX.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQfrzGA.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPbQfYL.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLwuaCz.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIqdfrq.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDPOywV.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BFOsnDp.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DIBmZBM.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lVgwgpT.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HexDwDE.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtiELlh.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hJdsDgF.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVIDfnV.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gSfinGk.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Rlwoqqh.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMynEmy.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AHvZMVs.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAvSOSb.exe	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2792	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 2792	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 2792	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 2816	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 2816	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 2816	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 2008	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 2008	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 2008	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 2684	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 2684	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 2684	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 2668	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 2668	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 2668	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 2736	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2736	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2736	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2716	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2716	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2716	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2548	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2548	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2548	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2580	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 2580	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 2580	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 1856	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 1856	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 1856	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 2196	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 2196	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 2196	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 276	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 276	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 276	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 3012	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2212 wrote to memory of 3012	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2212 wrote to memory of 3012	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2212 wrote to memory of 2220	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 2220	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 2220	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 2096	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 2096	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 2096	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 1152	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 1152	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 1152	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 1356	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 1356	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 1356	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 1724	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 1724	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 1724	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 344	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 344	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 344	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 2608	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 2608	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 2608	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 2284	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 2284	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 2284	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 2076	2212	2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-28_fc06b2938d7eec627a709f8fd96b7d22_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\System\VyhooUn.exe
  C:\Windows\System\VyhooUn.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\aPNgQyF.exe
  C:\Windows\System\aPNgQyF.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\FTPSuyi.exe
  C:\Windows\System\FTPSuyi.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\hDiByit.exe
  C:\Windows\System\hDiByit.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\VrerbID.exe
  C:\Windows\System\VrerbID.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\GhJfQpU.exe
  C:\Windows\System\GhJfQpU.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\BixypvO.exe
  C:\Windows\System\BixypvO.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\CMsFwkc.exe
  C:\Windows\System\CMsFwkc.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\WxfCRTW.exe
  C:\Windows\System\WxfCRTW.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\xdWRQAI.exe
  C:\Windows\System\xdWRQAI.exe
  2⤵
  - Executes dropped EXE
  PID:1856
- C:\Windows\System\ykuCEsJ.exe
  C:\Windows\System\ykuCEsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\BgLvIoJ.exe
  C:\Windows\System\BgLvIoJ.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\KzffVNf.exe
  C:\Windows\System\KzffVNf.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\CrBAUGK.exe
  C:\Windows\System\CrBAUGK.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\QFJGPZe.exe
  C:\Windows\System\QFJGPZe.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\BdPjkcQ.exe
  C:\Windows\System\BdPjkcQ.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\PXELicL.exe
  C:\Windows\System\PXELicL.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\ZKsMJEl.exe
  C:\Windows\System\ZKsMJEl.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\bjPVsCt.exe
  C:\Windows\System\bjPVsCt.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\SoZFqSn.exe
  C:\Windows\System\SoZFqSn.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\RQoTosO.exe
  C:\Windows\System\RQoTosO.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\XAJbgmn.exe
  C:\Windows\System\XAJbgmn.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\ivgqjlN.exe
  C:\Windows\System\ivgqjlN.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\wQWPttU.exe
  C:\Windows\System\wQWPttU.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\xDPDznb.exe
  C:\Windows\System\xDPDznb.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\nJRynoH.exe
  C:\Windows\System\nJRynoH.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\qxtFdhU.exe
  C:\Windows\System\qxtFdhU.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\cnLMZoe.exe
  C:\Windows\System\cnLMZoe.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\Lnhqxgy.exe
  C:\Windows\System\Lnhqxgy.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\UcTPnan.exe
  C:\Windows\System\UcTPnan.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\GqhPnHL.exe
  C:\Windows\System\GqhPnHL.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\ZpNlwVz.exe
  C:\Windows\System\ZpNlwVz.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\ZqPCLBu.exe
  C:\Windows\System\ZqPCLBu.exe
  2⤵
  - Executes dropped EXE
  PID:624
- C:\Windows\System\kXhWlVH.exe
  C:\Windows\System\kXhWlVH.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\UZowBRE.exe
  C:\Windows\System\UZowBRE.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\TaKwsHP.exe
  C:\Windows\System\TaKwsHP.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\XjTtDsn.exe
  C:\Windows\System\XjTtDsn.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\wzliugF.exe
  C:\Windows\System\wzliugF.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\WwHUCso.exe
  C:\Windows\System\WwHUCso.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\DZxtsBz.exe
  C:\Windows\System\DZxtsBz.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\aGhfdhj.exe
  C:\Windows\System\aGhfdhj.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\LGwLgVT.exe
  C:\Windows\System\LGwLgVT.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\NHxIRNF.exe
  C:\Windows\System\NHxIRNF.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\DTsbJKp.exe
  C:\Windows\System\DTsbJKp.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\VWgayAj.exe
  C:\Windows\System\VWgayAj.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\guBlCAA.exe
  C:\Windows\System\guBlCAA.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\EiJSCtT.exe
  C:\Windows\System\EiJSCtT.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\gFzMjpN.exe
  C:\Windows\System\gFzMjpN.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\JdWjoBS.exe
  C:\Windows\System\JdWjoBS.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\KTXUCES.exe
  C:\Windows\System\KTXUCES.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\zcUpAoH.exe
  C:\Windows\System\zcUpAoH.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\LSPDYlJ.exe
  C:\Windows\System\LSPDYlJ.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\JjsPUYV.exe
  C:\Windows\System\JjsPUYV.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\AnthVvP.exe
  C:\Windows\System\AnthVvP.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\edDGUyj.exe
  C:\Windows\System\edDGUyj.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\BuaTSIq.exe
  C:\Windows\System\BuaTSIq.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\adIrRTv.exe
  C:\Windows\System\adIrRTv.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\gQZBfHE.exe
  C:\Windows\System\gQZBfHE.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\iaHBhgp.exe
  C:\Windows\System\iaHBhgp.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\CknnUYc.exe
  C:\Windows\System\CknnUYc.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\vDGyDQe.exe
  C:\Windows\System\vDGyDQe.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\NzEtxRG.exe
  C:\Windows\System\NzEtxRG.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\PAuaKJH.exe
  C:\Windows\System\PAuaKJH.exe
  2⤵
  - Executes dropped EXE
  PID:620
- C:\Windows\System\iIkEzVU.exe
  C:\Windows\System\iIkEzVU.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\rnuRSpS.exe
  C:\Windows\System\rnuRSpS.exe
  2⤵
  PID:2856
- C:\Windows\System\aSesgwQ.exe
  C:\Windows\System\aSesgwQ.exe
  2⤵
  PID:596
- C:\Windows\System\vKWpmIF.exe
  C:\Windows\System\vKWpmIF.exe
  2⤵
  PID:340
- C:\Windows\System\LFVVWgZ.exe
  C:\Windows\System\LFVVWgZ.exe
  2⤵
  PID:408
- C:\Windows\System\DiiFFjy.exe
  C:\Windows\System\DiiFFjy.exe
  2⤵
  PID:1372
- C:\Windows\System\spSEoLG.exe
  C:\Windows\System\spSEoLG.exe
  2⤵
  PID:1148
- C:\Windows\System\wdusyDU.exe
  C:\Windows\System\wdusyDU.exe
  2⤵
  PID:1708
- C:\Windows\System\XIwRldC.exe
  C:\Windows\System\XIwRldC.exe
  2⤵
  PID:2476
- C:\Windows\System\hXWruEC.exe
  C:\Windows\System\hXWruEC.exe
  2⤵
  PID:1984
- C:\Windows\System\KQXYwjK.exe
  C:\Windows\System\KQXYwjK.exe
  2⤵
  PID:936
- C:\Windows\System\GustUxX.exe
  C:\Windows\System\GustUxX.exe
  2⤵
  PID:2252
- C:\Windows\System\UJDFlgc.exe
  C:\Windows\System\UJDFlgc.exe
  2⤵
  PID:2496
- C:\Windows\System\NYmdCfH.exe
  C:\Windows\System\NYmdCfH.exe
  2⤵
  PID:2040
- C:\Windows\System\wyjJtoz.exe
  C:\Windows\System\wyjJtoz.exe
  2⤵
  PID:1992
- C:\Windows\System\HktDYXS.exe
  C:\Windows\System\HktDYXS.exe
  2⤵
  PID:2408
- C:\Windows\System\rBcZWHn.exe
  C:\Windows\System\rBcZWHn.exe
  2⤵
  PID:1008
- C:\Windows\System\bhsnVNQ.exe
  C:\Windows\System\bhsnVNQ.exe
  2⤵
  PID:992
- C:\Windows\System\GWhUcfM.exe
  C:\Windows\System\GWhUcfM.exe
  2⤵
  PID:1320
- C:\Windows\System\xeIaZzN.exe
  C:\Windows\System\xeIaZzN.exe
  2⤵
  PID:3040
- C:\Windows\System\xWpGtPx.exe
  C:\Windows\System\xWpGtPx.exe
  2⤵
  PID:2832
- C:\Windows\System\DftYZYg.exe
  C:\Windows\System\DftYZYg.exe
  2⤵
  PID:3048
- C:\Windows\System\ogBctRW.exe
  C:\Windows\System\ogBctRW.exe
  2⤵
  PID:2660
- C:\Windows\System\xwxFaTm.exe
  C:\Windows\System\xwxFaTm.exe
  2⤵
  PID:1692
- C:\Windows\System\ftvuywu.exe
  C:\Windows\System\ftvuywu.exe
  2⤵
  PID:2808
- C:\Windows\System\zeVRNSZ.exe
  C:\Windows\System\zeVRNSZ.exe
  2⤵
  PID:3024
- C:\Windows\System\LiAmDer.exe
  C:\Windows\System\LiAmDer.exe
  2⤵
  PID:2628
- C:\Windows\System\UQmltge.exe
  C:\Windows\System\UQmltge.exe
  2⤵
  PID:2308
- C:\Windows\System\GBaeBKc.exe
  C:\Windows\System\GBaeBKc.exe
  2⤵
  PID:1932
- C:\Windows\System\UdajVXi.exe
  C:\Windows\System\UdajVXi.exe
  2⤵
  PID:1292
- C:\Windows\System\OZRBmKf.exe
  C:\Windows\System\OZRBmKf.exe
  2⤵
  PID:1240
- C:\Windows\System\HhwolfU.exe
  C:\Windows\System\HhwolfU.exe
  2⤵
  PID:2108
- C:\Windows\System\jtCOsIB.exe
  C:\Windows\System\jtCOsIB.exe
  2⤵
  PID:324
- C:\Windows\System\qKUUpRH.exe
  C:\Windows\System\qKUUpRH.exe
  2⤵
  PID:1508
- C:\Windows\System\YFTEeHf.exe
  C:\Windows\System\YFTEeHf.exe
  2⤵
  PID:1440
- C:\Windows\System\iogpSMs.exe
  C:\Windows\System\iogpSMs.exe
  2⤵
  PID:2092
- C:\Windows\System\YcZdQML.exe
  C:\Windows\System\YcZdQML.exe
  2⤵
  PID:3076
- C:\Windows\System\rXdEZWC.exe
  C:\Windows\System\rXdEZWC.exe
  2⤵
  PID:3096
- C:\Windows\System\dSaVyuX.exe
  C:\Windows\System\dSaVyuX.exe
  2⤵
  PID:3116
- C:\Windows\System\PFGSBhY.exe
  C:\Windows\System\PFGSBhY.exe
  2⤵
  PID:3136
- C:\Windows\System\hMlKqwK.exe
  C:\Windows\System\hMlKqwK.exe
  2⤵
  PID:3156
- C:\Windows\System\KdafQoq.exe
  C:\Windows\System\KdafQoq.exe
  2⤵
  PID:3176
- C:\Windows\System\jzbdvrp.exe
  C:\Windows\System\jzbdvrp.exe
  2⤵
  PID:3196
- C:\Windows\System\nXCAjJC.exe
  C:\Windows\System\nXCAjJC.exe
  2⤵
  PID:3216
- C:\Windows\System\edipZIr.exe
  C:\Windows\System\edipZIr.exe
  2⤵
  PID:3236
- C:\Windows\System\RygCgyq.exe
  C:\Windows\System\RygCgyq.exe
  2⤵
  PID:3256
- C:\Windows\System\HjolWkY.exe
  C:\Windows\System\HjolWkY.exe
  2⤵
  PID:3276
- C:\Windows\System\JPtVUAI.exe
  C:\Windows\System\JPtVUAI.exe
  2⤵
  PID:3296
- C:\Windows\System\fjrekmw.exe
  C:\Windows\System\fjrekmw.exe
  2⤵
  PID:3316
- C:\Windows\System\gtqZbyI.exe
  C:\Windows\System\gtqZbyI.exe
  2⤵
  PID:3336
- C:\Windows\System\XyuWTAm.exe
  C:\Windows\System\XyuWTAm.exe
  2⤵
  PID:3356
- C:\Windows\System\kubMbWl.exe
  C:\Windows\System\kubMbWl.exe
  2⤵
  PID:3376
- C:\Windows\System\RSiqzys.exe
  C:\Windows\System\RSiqzys.exe
  2⤵
  PID:3396
- C:\Windows\System\GEnxIGu.exe
  C:\Windows\System\GEnxIGu.exe
  2⤵
  PID:3416
- C:\Windows\System\TiVveZX.exe
  C:\Windows\System\TiVveZX.exe
  2⤵
  PID:3436
- C:\Windows\System\XnmdtRN.exe
  C:\Windows\System\XnmdtRN.exe
  2⤵
  PID:3456
- C:\Windows\System\cfXdoMt.exe
  C:\Windows\System\cfXdoMt.exe
  2⤵
  PID:3476
- C:\Windows\System\FdMJZwH.exe
  C:\Windows\System\FdMJZwH.exe
  2⤵
  PID:3496
- C:\Windows\System\OrDdyEj.exe
  C:\Windows\System\OrDdyEj.exe
  2⤵
  PID:3516
- C:\Windows\System\HoiqAWr.exe
  C:\Windows\System\HoiqAWr.exe
  2⤵
  PID:3536
- C:\Windows\System\JbUdqgE.exe
  C:\Windows\System\JbUdqgE.exe
  2⤵
  PID:3556
- C:\Windows\System\zwzCQgg.exe
  C:\Windows\System\zwzCQgg.exe
  2⤵
  PID:3576
- C:\Windows\System\npLCWSA.exe
  C:\Windows\System\npLCWSA.exe
  2⤵
  PID:3596
- C:\Windows\System\QalYdlh.exe
  C:\Windows\System\QalYdlh.exe
  2⤵
  PID:3616
- C:\Windows\System\OigeTzh.exe
  C:\Windows\System\OigeTzh.exe
  2⤵
  PID:3636
- C:\Windows\System\btnFIlb.exe
  C:\Windows\System\btnFIlb.exe
  2⤵
  PID:3656
- C:\Windows\System\JkIoGvp.exe
  C:\Windows\System\JkIoGvp.exe
  2⤵
  PID:3676
- C:\Windows\System\WlqQAUa.exe
  C:\Windows\System\WlqQAUa.exe
  2⤵
  PID:3696
- C:\Windows\System\XCvziRN.exe
  C:\Windows\System\XCvziRN.exe
  2⤵
  PID:3716
- C:\Windows\System\WwIsuUT.exe
  C:\Windows\System\WwIsuUT.exe
  2⤵
  PID:3736
- C:\Windows\System\gCnIooZ.exe
  C:\Windows\System\gCnIooZ.exe
  2⤵
  PID:3756
- C:\Windows\System\enuBnWv.exe
  C:\Windows\System\enuBnWv.exe
  2⤵
  PID:3776
- C:\Windows\System\pTQpgdA.exe
  C:\Windows\System\pTQpgdA.exe
  2⤵
  PID:3796
- C:\Windows\System\SngDmNb.exe
  C:\Windows\System\SngDmNb.exe
  2⤵
  PID:3816
- C:\Windows\System\dIdrNsU.exe
  C:\Windows\System\dIdrNsU.exe
  2⤵
  PID:3836
- C:\Windows\System\ekohhgY.exe
  C:\Windows\System\ekohhgY.exe
  2⤵
  PID:3856
- C:\Windows\System\xwpSXDA.exe
  C:\Windows\System\xwpSXDA.exe
  2⤵
  PID:3876
- C:\Windows\System\VYGHcKr.exe
  C:\Windows\System\VYGHcKr.exe
  2⤵
  PID:3896
- C:\Windows\System\EnghHBu.exe
  C:\Windows\System\EnghHBu.exe
  2⤵
  PID:3916
- C:\Windows\System\bkhbBWL.exe
  C:\Windows\System\bkhbBWL.exe
  2⤵
  PID:3936
- C:\Windows\System\ZqnjKbS.exe
  C:\Windows\System\ZqnjKbS.exe
  2⤵
  PID:3956
- C:\Windows\System\WwIuoee.exe
  C:\Windows\System\WwIuoee.exe
  2⤵
  PID:3976
- C:\Windows\System\PQQtmUh.exe
  C:\Windows\System\PQQtmUh.exe
  2⤵
  PID:3996
- C:\Windows\System\SAHfVHZ.exe
  C:\Windows\System\SAHfVHZ.exe
  2⤵
  PID:4016
- C:\Windows\System\KkMKEmB.exe
  C:\Windows\System\KkMKEmB.exe
  2⤵
  PID:4036
- C:\Windows\System\WxueUqI.exe
  C:\Windows\System\WxueUqI.exe
  2⤵
  PID:4056
- C:\Windows\System\jZdPmvX.exe
  C:\Windows\System\jZdPmvX.exe
  2⤵
  PID:4076
- C:\Windows\System\ajFbtsj.exe
  C:\Windows\System\ajFbtsj.exe
  2⤵
  PID:2388
- C:\Windows\System\mhACVFf.exe
  C:\Windows\System\mhACVFf.exe
  2⤵
  PID:1924
- C:\Windows\System\kjfGkxx.exe
  C:\Windows\System\kjfGkxx.exe
  2⤵
  PID:892
- C:\Windows\System\QfRaFBx.exe
  C:\Windows\System\QfRaFBx.exe
  2⤵
  PID:2384
- C:\Windows\System\OoEqmFM.exe
  C:\Windows\System\OoEqmFM.exe
  2⤵
  PID:1628
- C:\Windows\System\WSJQMDG.exe
  C:\Windows\System\WSJQMDG.exe
  2⤵
  PID:2900
- C:\Windows\System\QuLpvva.exe
  C:\Windows\System\QuLpvva.exe
  2⤵
  PID:2828
- C:\Windows\System\hfRVWuo.exe
  C:\Windows\System\hfRVWuo.exe
  2⤵
  PID:2732
- C:\Windows\System\KiDvMqr.exe
  C:\Windows\System\KiDvMqr.exe
  2⤵
  PID:1424
- C:\Windows\System\hiRPrpz.exe
  C:\Windows\System\hiRPrpz.exe
  2⤵
  PID:1036
- C:\Windows\System\pHJgHQM.exe
  C:\Windows\System\pHJgHQM.exe
  2⤵
  PID:2424
- C:\Windows\System\fLpblPO.exe
  C:\Windows\System\fLpblPO.exe
  2⤵
  PID:2448
- C:\Windows\System\ZasTJcb.exe
  C:\Windows\System\ZasTJcb.exe
  2⤵
  PID:1444
- C:\Windows\System\AHvZMVs.exe
  C:\Windows\System\AHvZMVs.exe
  2⤵
  PID:3084
- C:\Windows\System\IwVWcef.exe
  C:\Windows\System\IwVWcef.exe
  2⤵
  PID:3108
- C:\Windows\System\dZuCefP.exe
  C:\Windows\System\dZuCefP.exe
  2⤵
  PID:3128
- C:\Windows\System\WzMqASG.exe
  C:\Windows\System\WzMqASG.exe
  2⤵
  PID:3192
- C:\Windows\System\PgeJjcl.exe
  C:\Windows\System\PgeJjcl.exe
  2⤵
  PID:3208
- C:\Windows\System\UdhLCnO.exe
  C:\Windows\System\UdhLCnO.exe
  2⤵
  PID:3252
- C:\Windows\System\bcAFrqW.exe
  C:\Windows\System\bcAFrqW.exe
  2⤵
  PID:3292
- C:\Windows\System\VbtYYSn.exe
  C:\Windows\System\VbtYYSn.exe
  2⤵
  PID:3308
- C:\Windows\System\opegtKy.exe
  C:\Windows\System\opegtKy.exe
  2⤵
  PID:3348
- C:\Windows\System\YCZGPOn.exe
  C:\Windows\System\YCZGPOn.exe
  2⤵
  PID:3384
- C:\Windows\System\AgOUhPl.exe
  C:\Windows\System\AgOUhPl.exe
  2⤵
  PID:3428
- C:\Windows\System\JmoaVSd.exe
  C:\Windows\System\JmoaVSd.exe
  2⤵
  PID:3444
- C:\Windows\System\jNQRoVu.exe
  C:\Windows\System\jNQRoVu.exe
  2⤵
  PID:3492
- C:\Windows\System\SPqdfzu.exe
  C:\Windows\System\SPqdfzu.exe
  2⤵
  PID:3524
- C:\Windows\System\kttVBRt.exe
  C:\Windows\System\kttVBRt.exe
  2⤵
  PID:3548
- C:\Windows\System\unOsoSd.exe
  C:\Windows\System\unOsoSd.exe
  2⤵
  PID:3588
- C:\Windows\System\JIFTftF.exe
  C:\Windows\System\JIFTftF.exe
  2⤵
  PID:3612
- C:\Windows\System\PYLrvOi.exe
  C:\Windows\System\PYLrvOi.exe
  2⤵
  PID:3652
- C:\Windows\System\BOosfvF.exe
  C:\Windows\System\BOosfvF.exe
  2⤵
  PID:3704
- C:\Windows\System\NDPOywV.exe
  C:\Windows\System\NDPOywV.exe
  2⤵
  PID:3724
- C:\Windows\System\XviLMyY.exe
  C:\Windows\System\XviLMyY.exe
  2⤵
  PID:3748
- C:\Windows\System\LTvRGRt.exe
  C:\Windows\System\LTvRGRt.exe
  2⤵
  PID:3764
- C:\Windows\System\cSSWvVZ.exe
  C:\Windows\System\cSSWvVZ.exe
  2⤵
  PID:3832
- C:\Windows\System\XtuHhiQ.exe
  C:\Windows\System\XtuHhiQ.exe
  2⤵
  PID:3848
- C:\Windows\System\SkNyocq.exe
  C:\Windows\System\SkNyocq.exe
  2⤵
  PID:3892
- C:\Windows\System\YtpGLBd.exe
  C:\Windows\System\YtpGLBd.exe
  2⤵
  PID:3924
- C:\Windows\System\YElJcUY.exe
  C:\Windows\System\YElJcUY.exe
  2⤵
  PID:3948
- C:\Windows\System\StOxTYl.exe
  C:\Windows\System\StOxTYl.exe
  2⤵
  PID:3988
- C:\Windows\System\OUVDpXW.exe
  C:\Windows\System\OUVDpXW.exe
  2⤵
  PID:4012
- C:\Windows\System\ptwHiwh.exe
  C:\Windows\System\ptwHiwh.exe
  2⤵
  PID:4052
- C:\Windows\System\ZtKpLIW.exe
  C:\Windows\System\ZtKpLIW.exe
  2⤵
  PID:4068
- C:\Windows\System\MsCMNJn.exe
  C:\Windows\System\MsCMNJn.exe
  2⤵
  PID:1980
- C:\Windows\System\OIBoGtv.exe
  C:\Windows\System\OIBoGtv.exe
  2⤵
  PID:2692
- C:\Windows\System\VCqjpDU.exe
  C:\Windows\System\VCqjpDU.exe
  2⤵
  PID:3008
- C:\Windows\System\HYyioRO.exe
  C:\Windows\System\HYyioRO.exe
  2⤵
  PID:1912
- C:\Windows\System\aSatYJb.exe
  C:\Windows\System\aSatYJb.exe
  2⤵
  PID:1684
- C:\Windows\System\XPCySCU.exe
  C:\Windows\System\XPCySCU.exe
  2⤵
  PID:1084
- C:\Windows\System\psOWLaN.exe
  C:\Windows\System\psOWLaN.exe
  2⤵
  PID:860
- C:\Windows\System\feMbNKt.exe
  C:\Windows\System\feMbNKt.exe
  2⤵
  PID:3104
- C:\Windows\System\jJZJMUn.exe
  C:\Windows\System\jJZJMUn.exe
  2⤵
  PID:3132
- C:\Windows\System\gpglBjO.exe
  C:\Windows\System\gpglBjO.exe
  2⤵
  PID:3224
- C:\Windows\System\EAjNheq.exe
  C:\Windows\System\EAjNheq.exe
  2⤵
  PID:3268
- C:\Windows\System\vOvjoLi.exe
  C:\Windows\System\vOvjoLi.exe
  2⤵
  PID:3332
- C:\Windows\System\GarBbsO.exe
  C:\Windows\System\GarBbsO.exe
  2⤵
  PID:3388
- C:\Windows\System\rySGNRP.exe
  C:\Windows\System\rySGNRP.exe
  2⤵
  PID:3372
- C:\Windows\System\qIXgHqt.exe
  C:\Windows\System\qIXgHqt.exe
  2⤵
  PID:3448
- C:\Windows\System\MXYuGeO.exe
  C:\Windows\System\MXYuGeO.exe
  2⤵
  PID:3532
- C:\Windows\System\INsJDHv.exe
  C:\Windows\System\INsJDHv.exe
  2⤵
  PID:3604
- C:\Windows\System\thyJPmi.exe
  C:\Windows\System\thyJPmi.exe
  2⤵
  PID:3628
- C:\Windows\System\RnJghhs.exe
  C:\Windows\System\RnJghhs.exe
  2⤵
  PID:3672
- C:\Windows\System\bATZfBx.exe
  C:\Windows\System\bATZfBx.exe
  2⤵
  PID:3744
- C:\Windows\System\OnVosBp.exe
  C:\Windows\System\OnVosBp.exe
  2⤵
  PID:3708
- C:\Windows\System\lljrWzj.exe
  C:\Windows\System\lljrWzj.exe
  2⤵
  PID:3792
- C:\Windows\System\LBotucN.exe
  C:\Windows\System\LBotucN.exe
  2⤵
  PID:3952
- C:\Windows\System\EcGDSym.exe
  C:\Windows\System\EcGDSym.exe
  2⤵
  PID:3904
- C:\Windows\System\dLPgmQg.exe
  C:\Windows\System\dLPgmQg.exe
  2⤵
  PID:4064
- C:\Windows\System\BfPDJBe.exe
  C:\Windows\System\BfPDJBe.exe
  2⤵
  PID:884
- C:\Windows\System\BWeMfNJ.exe
  C:\Windows\System\BWeMfNJ.exe
  2⤵
  PID:2240
- C:\Windows\System\vfxUZtK.exe
  C:\Windows\System\vfxUZtK.exe
  2⤵
  PID:2148
- C:\Windows\System\fwcFGhm.exe
  C:\Windows\System\fwcFGhm.exe
  2⤵
  PID:1656
- C:\Windows\System\CitOAgn.exe
  C:\Windows\System\CitOAgn.exe
  2⤵
  PID:856
- C:\Windows\System\qCUEScW.exe
  C:\Windows\System\qCUEScW.exe
  2⤵
  PID:848
- C:\Windows\System\zoEGzht.exe
  C:\Windows\System\zoEGzht.exe
  2⤵
  PID:3088
- C:\Windows\System\oVtpbuF.exe
  C:\Windows\System\oVtpbuF.exe
  2⤵
  PID:3272
- C:\Windows\System\hgEvFpu.exe
  C:\Windows\System\hgEvFpu.exe
  2⤵
  PID:3468
- C:\Windows\System\NbyuKTv.exe
  C:\Windows\System\NbyuKTv.exe
  2⤵
  PID:3472
- C:\Windows\System\enBtOYU.exe
  C:\Windows\System\enBtOYU.exe
  2⤵
  PID:3728
- C:\Windows\System\qvZtUbQ.exe
  C:\Windows\System\qvZtUbQ.exe
  2⤵
  PID:4116
- C:\Windows\System\drgwRKj.exe
  C:\Windows\System\drgwRKj.exe
  2⤵
  PID:4132
- C:\Windows\System\wfslpKS.exe
  C:\Windows\System\wfslpKS.exe
  2⤵
  PID:4152
- C:\Windows\System\EtZhyzL.exe
  C:\Windows\System\EtZhyzL.exe
  2⤵
  PID:4176
- C:\Windows\System\cScAOiS.exe
  C:\Windows\System\cScAOiS.exe
  2⤵
  PID:4196
- C:\Windows\System\kmizVba.exe
  C:\Windows\System\kmizVba.exe
  2⤵
  PID:4212
- C:\Windows\System\gxabRjQ.exe
  C:\Windows\System\gxabRjQ.exe
  2⤵
  PID:4228
- C:\Windows\System\ccEVcTg.exe
  C:\Windows\System\ccEVcTg.exe
  2⤵
  PID:4252
- C:\Windows\System\rXyprEA.exe
  C:\Windows\System\rXyprEA.exe
  2⤵
  PID:4272
- C:\Windows\System\PHSYFeU.exe
  C:\Windows\System\PHSYFeU.exe
  2⤵
  PID:4288
- C:\Windows\System\GagQaXu.exe
  C:\Windows\System\GagQaXu.exe
  2⤵
  PID:4304
- C:\Windows\System\pvSVeFg.exe
  C:\Windows\System\pvSVeFg.exe
  2⤵
  PID:4324
- C:\Windows\System\AhDUnPp.exe
  C:\Windows\System\AhDUnPp.exe
  2⤵
  PID:4340
- C:\Windows\System\vPTrWle.exe
  C:\Windows\System\vPTrWle.exe
  2⤵
  PID:4360
- C:\Windows\System\sYsyfkt.exe
  C:\Windows\System\sYsyfkt.exe
  2⤵
  PID:4384
- C:\Windows\System\toqzZFT.exe
  C:\Windows\System\toqzZFT.exe
  2⤵
  PID:4412
- C:\Windows\System\twEJnim.exe
  C:\Windows\System\twEJnim.exe
  2⤵
  PID:4436
- C:\Windows\System\aDdGKBi.exe
  C:\Windows\System\aDdGKBi.exe
  2⤵
  PID:4456
- C:\Windows\System\fOOnaGN.exe
  C:\Windows\System\fOOnaGN.exe
  2⤵
  PID:4476
- C:\Windows\System\SgmPeJi.exe
  C:\Windows\System\SgmPeJi.exe
  2⤵
  PID:4492
- C:\Windows\System\jqMJgHQ.exe
  C:\Windows\System\jqMJgHQ.exe
  2⤵
  PID:4516
- C:\Windows\System\WvUhCzc.exe
  C:\Windows\System\WvUhCzc.exe
  2⤵
  PID:4532
- C:\Windows\System\IeErYUF.exe
  C:\Windows\System\IeErYUF.exe
  2⤵
  PID:4552
- C:\Windows\System\bUOHhpY.exe
  C:\Windows\System\bUOHhpY.exe
  2⤵
  PID:4568
- C:\Windows\System\ymUEOzp.exe
  C:\Windows\System\ymUEOzp.exe
  2⤵
  PID:4592
- C:\Windows\System\Oijqlkm.exe
  C:\Windows\System\Oijqlkm.exe
  2⤵
  PID:4612
- C:\Windows\System\lTvzxfE.exe
  C:\Windows\System\lTvzxfE.exe
  2⤵
  PID:4636
- C:\Windows\System\SLqPtPW.exe
  C:\Windows\System\SLqPtPW.exe
  2⤵
  PID:4656
- C:\Windows\System\zmIVPcj.exe
  C:\Windows\System\zmIVPcj.exe
  2⤵
  PID:4672
- C:\Windows\System\mflwnJW.exe
  C:\Windows\System\mflwnJW.exe
  2⤵
  PID:4696
- C:\Windows\System\wMuPlDQ.exe
  C:\Windows\System\wMuPlDQ.exe
  2⤵
  PID:4712
- C:\Windows\System\PJNTFWL.exe
  C:\Windows\System\PJNTFWL.exe
  2⤵
  PID:4736
- C:\Windows\System\ASdjCfw.exe
  C:\Windows\System\ASdjCfw.exe
  2⤵
  PID:4752
- C:\Windows\System\qtlzSsk.exe
  C:\Windows\System\qtlzSsk.exe
  2⤵
  PID:4776
- C:\Windows\System\OiiTkGZ.exe
  C:\Windows\System\OiiTkGZ.exe
  2⤵
  PID:4792
- C:\Windows\System\pZAgzaw.exe
  C:\Windows\System\pZAgzaw.exe
  2⤵
  PID:4816
- C:\Windows\System\PWieSmy.exe
  C:\Windows\System\PWieSmy.exe
  2⤵
  PID:4836
- C:\Windows\System\NbxPoax.exe
  C:\Windows\System\NbxPoax.exe
  2⤵
  PID:4856
- C:\Windows\System\ojOEUME.exe
  C:\Windows\System\ojOEUME.exe
  2⤵
  PID:4872
- C:\Windows\System\nOOjqfT.exe
  C:\Windows\System\nOOjqfT.exe
  2⤵
  PID:4896
- C:\Windows\System\TiZKdtJ.exe
  C:\Windows\System\TiZKdtJ.exe
  2⤵
  PID:4916
- C:\Windows\System\EBLmJxE.exe
  C:\Windows\System\EBLmJxE.exe
  2⤵
  PID:4940
- C:\Windows\System\lmBlTWJ.exe
  C:\Windows\System\lmBlTWJ.exe
  2⤵
  PID:4960
- C:\Windows\System\tZiMvmi.exe
  C:\Windows\System\tZiMvmi.exe
  2⤵
  PID:4976
- C:\Windows\System\KixAvap.exe
  C:\Windows\System\KixAvap.exe
  2⤵
  PID:4996
- C:\Windows\System\ifriXFM.exe
  C:\Windows\System\ifriXFM.exe
  2⤵
  PID:5020
- C:\Windows\System\ctpTslC.exe
  C:\Windows\System\ctpTslC.exe
  2⤵
  PID:5040
- C:\Windows\System\aFBGkXU.exe
  C:\Windows\System\aFBGkXU.exe
  2⤵
  PID:5060
- C:\Windows\System\rxHXMJw.exe
  C:\Windows\System\rxHXMJw.exe
  2⤵
  PID:5080
- C:\Windows\System\QJnNxTb.exe
  C:\Windows\System\QJnNxTb.exe
  2⤵
  PID:5096
- C:\Windows\System\fdJbVyb.exe
  C:\Windows\System\fdJbVyb.exe
  2⤵
  PID:5112
- C:\Windows\System\goRZQUH.exe
  C:\Windows\System\goRZQUH.exe
  2⤵
  PID:3688
- C:\Windows\System\fKXikUY.exe
  C:\Windows\System\fKXikUY.exe
  2⤵
  PID:3812
- C:\Windows\System\iPYWNpz.exe
  C:\Windows\System\iPYWNpz.exe
  2⤵
  PID:3512
- C:\Windows\System\arRgyda.exe
  C:\Windows\System\arRgyda.exe
  2⤵
  PID:1592
- C:\Windows\System\HkQRRXG.exe
  C:\Windows\System\HkQRRXG.exe
  2⤵
  PID:2876
- C:\Windows\System\DANaNon.exe
  C:\Windows\System\DANaNon.exe
  2⤵
  PID:3844
- C:\Windows\System\YFuIHkn.exe
  C:\Windows\System\YFuIHkn.exe
  2⤵
  PID:3264
- C:\Windows\System\qDLaovW.exe
  C:\Windows\System\qDLaovW.exe
  2⤵
  PID:828
- C:\Windows\System\MVxfSsX.exe
  C:\Windows\System\MVxfSsX.exe
  2⤵
  PID:3352
- C:\Windows\System\rnIEKGr.exe
  C:\Windows\System\rnIEKGr.exe
  2⤵
  PID:3664
- C:\Windows\System\JiwMlpK.exe
  C:\Windows\System\JiwMlpK.exe
  2⤵
  PID:3204
- C:\Windows\System\yLwuaCz.exe
  C:\Windows\System\yLwuaCz.exe
  2⤵
  PID:3488
- C:\Windows\System\xqDArQy.exe
  C:\Windows\System\xqDArQy.exe
  2⤵
  PID:4112
- C:\Windows\System\tslvLnI.exe
  C:\Windows\System\tslvLnI.exe
  2⤵
  PID:4192
- C:\Windows\System\kSzHmxR.exe
  C:\Windows\System\kSzHmxR.exe
  2⤵
  PID:4248
- C:\Windows\System\fqmVHoU.exe
  C:\Windows\System\fqmVHoU.exe
  2⤵
  PID:4284
- C:\Windows\System\UZEKnyu.exe
  C:\Windows\System\UZEKnyu.exe
  2⤵
  PID:4356
- C:\Windows\System\KsIqLGc.exe
  C:\Windows\System\KsIqLGc.exe
  2⤵
  PID:4368
- C:\Windows\System\zxRUpnX.exe
  C:\Windows\System\zxRUpnX.exe
  2⤵
  PID:4260
- C:\Windows\System\ohFxlmX.exe
  C:\Windows\System\ohFxlmX.exe
  2⤵
  PID:4400
- C:\Windows\System\dZklIxX.exe
  C:\Windows\System\dZklIxX.exe
  2⤵
  PID:4424
- C:\Windows\System\ztUUsZI.exe
  C:\Windows\System\ztUUsZI.exe
  2⤵
  PID:4448
- C:\Windows\System\DFVARog.exe
  C:\Windows\System\DFVARog.exe
  2⤵
  PID:4488
- C:\Windows\System\gXymeHr.exe
  C:\Windows\System\gXymeHr.exe
  2⤵
  PID:4508
- C:\Windows\System\SNoBdJJ.exe
  C:\Windows\System\SNoBdJJ.exe
  2⤵
  PID:4564
- C:\Windows\System\GVJJMWB.exe
  C:\Windows\System\GVJJMWB.exe
  2⤵
  PID:4580
- C:\Windows\System\YAUmBXl.exe
  C:\Windows\System\YAUmBXl.exe
  2⤵
  PID:4624
- C:\Windows\System\JrLdBYP.exe
  C:\Windows\System\JrLdBYP.exe
  2⤵
  PID:4648
- C:\Windows\System\nrHVCOC.exe
  C:\Windows\System\nrHVCOC.exe
  2⤵
  PID:4684
- C:\Windows\System\cHsIdYY.exe
  C:\Windows\System\cHsIdYY.exe
  2⤵
  PID:4760
- C:\Windows\System\ifOOSOz.exe
  C:\Windows\System\ifOOSOz.exe
  2⤵
  PID:4808
- C:\Windows\System\pzMcfiV.exe
  C:\Windows\System\pzMcfiV.exe
  2⤵
  PID:4708
- C:\Windows\System\FTjRQGm.exe
  C:\Windows\System\FTjRQGm.exe
  2⤵
  PID:4844
- C:\Windows\System\krzTtaH.exe
  C:\Windows\System\krzTtaH.exe
  2⤵
  PID:4828
- C:\Windows\System\gLffwFY.exe
  C:\Windows\System\gLffwFY.exe
  2⤵
  PID:4924
- C:\Windows\System\xqZZIQt.exe
  C:\Windows\System\xqZZIQt.exe
  2⤵
  PID:5012
- C:\Windows\System\QjKArZS.exe
  C:\Windows\System\QjKArZS.exe
  2⤵
  PID:4904
- C:\Windows\System\dFMKUFe.exe
  C:\Windows\System\dFMKUFe.exe
  2⤵
  PID:4956
- C:\Windows\System\mDfNfjh.exe
  C:\Windows\System\mDfNfjh.exe
  2⤵
  PID:5056
- C:\Windows\System\IqxjXWU.exe
  C:\Windows\System\IqxjXWU.exe
  2⤵
  PID:5088
- C:\Windows\System\mnPZOvm.exe
  C:\Windows\System\mnPZOvm.exe
  2⤵
  PID:3808
- C:\Windows\System\mQbygUC.exe
  C:\Windows\System\mQbygUC.exe
  2⤵
  PID:3692
- C:\Windows\System\JplKjNq.exe
  C:\Windows\System\JplKjNq.exe
  2⤵
  PID:5104
- C:\Windows\System\XhqYgpb.exe
  C:\Windows\System\XhqYgpb.exe
  2⤵
  PID:888
- C:\Windows\System\muHbFeu.exe
  C:\Windows\System\muHbFeu.exe
  2⤵
  PID:3184
- C:\Windows\System\UgaUTNX.exe
  C:\Windows\System\UgaUTNX.exe
  2⤵
  PID:2268
- C:\Windows\System\MAsFPJO.exe
  C:\Windows\System\MAsFPJO.exe
  2⤵
  PID:3312
- C:\Windows\System\KzNTAqV.exe
  C:\Windows\System\KzNTAqV.exe
  2⤵
  PID:3464
- C:\Windows\System\MvytrHb.exe
  C:\Windows\System\MvytrHb.exe
  2⤵
  PID:4172
- C:\Windows\System\kCFEpCU.exe
  C:\Windows\System\kCFEpCU.exe
  2⤵
  PID:4184
- C:\Windows\System\gGhfmAF.exe
  C:\Windows\System\gGhfmAF.exe
  2⤵
  PID:4316
- C:\Windows\System\oupQtQp.exe
  C:\Windows\System\oupQtQp.exe
  2⤵
  PID:4280
- C:\Windows\System\yUVzPUt.exe
  C:\Windows\System\yUVzPUt.exe
  2⤵
  PID:4380
- C:\Windows\System\qLmGqbq.exe
  C:\Windows\System\qLmGqbq.exe
  2⤵
  PID:4408
- C:\Windows\System\zlpyECw.exe
  C:\Windows\System\zlpyECw.exe
  2⤵
  PID:4452
- C:\Windows\System\SGaLSaT.exe
  C:\Windows\System\SGaLSaT.exe
  2⤵
  PID:4504
- C:\Windows\System\KrwbPPt.exe
  C:\Windows\System\KrwbPPt.exe
  2⤵
  PID:4604
- C:\Windows\System\XDrMlFx.exe
  C:\Windows\System\XDrMlFx.exe
  2⤵
  PID:4588
- C:\Windows\System\lKUOCYA.exe
  C:\Windows\System\lKUOCYA.exe
  2⤵
  PID:4692
- C:\Windows\System\ryubKHE.exe
  C:\Windows\System\ryubKHE.exe
  2⤵
  PID:4732
- C:\Windows\System\XTttKUs.exe
  C:\Windows\System\XTttKUs.exe
  2⤵
  PID:4784
- C:\Windows\System\DVVoHJV.exe
  C:\Windows\System\DVVoHJV.exe
  2⤵
  PID:4888
- C:\Windows\System\PtBHuZV.exe
  C:\Windows\System\PtBHuZV.exe
  2⤵
  PID:4972
- C:\Windows\System\enkHkIy.exe
  C:\Windows\System\enkHkIy.exe
  2⤵
  PID:4936
- C:\Windows\System\ZUdkNAy.exe
  C:\Windows\System\ZUdkNAy.exe
  2⤵
  PID:5048
- C:\Windows\System\OYkRFWr.exe
  C:\Windows\System\OYkRFWr.exe
  2⤵
  PID:5032
- C:\Windows\System\cMQjBqF.exe
  C:\Windows\System\cMQjBqF.exe
  2⤵
  PID:5076
- C:\Windows\System\Wbiwyiv.exe
  C:\Windows\System\Wbiwyiv.exe
  2⤵
  PID:3032
- C:\Windows\System\ZsutMqC.exe
  C:\Windows\System\ZsutMqC.exe
  2⤵
  PID:4088
- C:\Windows\System\RyoBMel.exe
  C:\Windows\System\RyoBMel.exe
  2⤵
  PID:4100
- C:\Windows\System\WIcwNFN.exe
  C:\Windows\System\WIcwNFN.exe
  2⤵
  PID:4140
- C:\Windows\System\jRxOTdH.exe
  C:\Windows\System\jRxOTdH.exe
  2⤵
  PID:4264
- C:\Windows\System\oyGjQVP.exe
  C:\Windows\System\oyGjQVP.exe
  2⤵
  PID:4300
- C:\Windows\System\hwzwsjH.exe
  C:\Windows\System\hwzwsjH.exe
  2⤵
  PID:4484
- C:\Windows\System\XaMYOJm.exe
  C:\Windows\System\XaMYOJm.exe
  2⤵
  PID:4540
- C:\Windows\System\rmUPwfV.exe
  C:\Windows\System\rmUPwfV.exe
  2⤵
  PID:4652
- C:\Windows\System\zapNLcO.exe
  C:\Windows\System\zapNLcO.exe
  2⤵
  PID:4764
- C:\Windows\System\LTljqHB.exe
  C:\Windows\System\LTljqHB.exe
  2⤵
  PID:4832
- C:\Windows\System\CIgDFKJ.exe
  C:\Windows\System\CIgDFKJ.exe
  2⤵
  PID:5108
- C:\Windows\System\vzXMiuT.exe
  C:\Windows\System\vzXMiuT.exe
  2⤵
  PID:4728
- C:\Windows\System\ddkgqKY.exe
  C:\Windows\System\ddkgqKY.exe
  2⤵
  PID:5016
- C:\Windows\System\xDaIqQy.exe
  C:\Windows\System\xDaIqQy.exe
  2⤵
  PID:3804
- C:\Windows\System\buXUqER.exe
  C:\Windows\System\buXUqER.exe
  2⤵
  PID:5128
- C:\Windows\System\UXevvGG.exe
  C:\Windows\System\UXevvGG.exe
  2⤵
  PID:5148
- C:\Windows\System\BnIAEHA.exe
  C:\Windows\System\BnIAEHA.exe
  2⤵
  PID:5168
- C:\Windows\System\lJUgWeu.exe
  C:\Windows\System\lJUgWeu.exe
  2⤵
  PID:5188
- C:\Windows\System\zuFlLsj.exe
  C:\Windows\System\zuFlLsj.exe
  2⤵
  PID:5208
- C:\Windows\System\gymGJDd.exe
  C:\Windows\System\gymGJDd.exe
  2⤵
  PID:5228
- C:\Windows\System\IeruyQa.exe
  C:\Windows\System\IeruyQa.exe
  2⤵
  PID:5248
- C:\Windows\System\YOgjfDv.exe
  C:\Windows\System\YOgjfDv.exe
  2⤵
  PID:5268
- C:\Windows\System\qWoDNql.exe
  C:\Windows\System\qWoDNql.exe
  2⤵
  PID:5288
- C:\Windows\System\GaCxKpx.exe
  C:\Windows\System\GaCxKpx.exe
  2⤵
  PID:5308
- C:\Windows\System\DIMaMbT.exe
  C:\Windows\System\DIMaMbT.exe
  2⤵
  PID:5328
- C:\Windows\System\kjcxCWz.exe
  C:\Windows\System\kjcxCWz.exe
  2⤵
  PID:5348
- C:\Windows\System\RaEvdYL.exe
  C:\Windows\System\RaEvdYL.exe
  2⤵
  PID:5368
- C:\Windows\System\pOlMwla.exe
  C:\Windows\System\pOlMwla.exe
  2⤵
  PID:5392
- C:\Windows\System\oIhEzFZ.exe
  C:\Windows\System\oIhEzFZ.exe
  2⤵
  PID:5412
- C:\Windows\System\ZvOmEzS.exe
  C:\Windows\System\ZvOmEzS.exe
  2⤵
  PID:5428
- C:\Windows\System\gNAHLHU.exe
  C:\Windows\System\gNAHLHU.exe
  2⤵
  PID:5452
- C:\Windows\System\iZivReb.exe
  C:\Windows\System\iZivReb.exe
  2⤵
  PID:5472
- C:\Windows\System\vPefVdB.exe
  C:\Windows\System\vPefVdB.exe
  2⤵
  PID:5492
- C:\Windows\System\mOLrXLZ.exe
  C:\Windows\System\mOLrXLZ.exe
  2⤵
  PID:5508
- C:\Windows\System\GAoVofr.exe
  C:\Windows\System\GAoVofr.exe
  2⤵
  PID:5524
- C:\Windows\System\sfPZGIq.exe
  C:\Windows\System\sfPZGIq.exe
  2⤵
  PID:5540
- C:\Windows\System\KACYQQQ.exe
  C:\Windows\System\KACYQQQ.exe
  2⤵
  PID:5556
- C:\Windows\System\lFwYjDA.exe
  C:\Windows\System\lFwYjDA.exe
  2⤵
  PID:5572
- C:\Windows\System\agkjcZn.exe
  C:\Windows\System\agkjcZn.exe
  2⤵
  PID:5588
- C:\Windows\System\mWsFxMl.exe
  C:\Windows\System\mWsFxMl.exe
  2⤵
  PID:5604
- C:\Windows\System\yOQtmaq.exe
  C:\Windows\System\yOQtmaq.exe
  2⤵
  PID:5632
- C:\Windows\System\uIrQhHS.exe
  C:\Windows\System\uIrQhHS.exe
  2⤵
  PID:5660
- C:\Windows\System\yOpDLeY.exe
  C:\Windows\System\yOpDLeY.exe
  2⤵
  PID:5680
- C:\Windows\System\ThUZdaH.exe
  C:\Windows\System\ThUZdaH.exe
  2⤵
  PID:5704
- C:\Windows\System\OkcDhmd.exe
  C:\Windows\System\OkcDhmd.exe
  2⤵
  PID:5732
- C:\Windows\System\dGNCbHd.exe
  C:\Windows\System\dGNCbHd.exe
  2⤵
  PID:5756
- C:\Windows\System\GkBqMmi.exe
  C:\Windows\System\GkBqMmi.exe
  2⤵
  PID:5776
- C:\Windows\System\MtqtYJJ.exe
  C:\Windows\System\MtqtYJJ.exe
  2⤵
  PID:5796
- C:\Windows\System\LLmgBkk.exe
  C:\Windows\System\LLmgBkk.exe
  2⤵
  PID:5816
- C:\Windows\System\UWKMsgQ.exe
  C:\Windows\System\UWKMsgQ.exe
  2⤵
  PID:5836
- C:\Windows\System\dPfbdRr.exe
  C:\Windows\System\dPfbdRr.exe
  2⤵
  PID:5856
- C:\Windows\System\lPndyxF.exe
  C:\Windows\System\lPndyxF.exe
  2⤵
  PID:5876
- C:\Windows\System\LAvSOSb.exe
  C:\Windows\System\LAvSOSb.exe
  2⤵
  PID:5896
- C:\Windows\System\evzICXN.exe
  C:\Windows\System\evzICXN.exe
  2⤵
  PID:5916
- C:\Windows\System\eofFuOA.exe
  C:\Windows\System\eofFuOA.exe
  2⤵
  PID:5936
- C:\Windows\System\abUfxfJ.exe
  C:\Windows\System\abUfxfJ.exe
  2⤵
  PID:5956
- C:\Windows\System\PfxXvpl.exe
  C:\Windows\System\PfxXvpl.exe
  2⤵
  PID:5976
- C:\Windows\System\BWNprtr.exe
  C:\Windows\System\BWNprtr.exe
  2⤵
  PID:5996
- C:\Windows\System\HEzdKIH.exe
  C:\Windows\System\HEzdKIH.exe
  2⤵
  PID:6016
- C:\Windows\System\LPGXjOa.exe
  C:\Windows\System\LPGXjOa.exe
  2⤵
  PID:6036
- C:\Windows\System\hkROXpx.exe
  C:\Windows\System\hkROXpx.exe
  2⤵
  PID:6056
- C:\Windows\System\tOeUbNB.exe
  C:\Windows\System\tOeUbNB.exe
  2⤵
  PID:6076
- C:\Windows\System\JbPfaOt.exe
  C:\Windows\System\JbPfaOt.exe
  2⤵
  PID:6096
- C:\Windows\System\bWQUhNM.exe
  C:\Windows\System\bWQUhNM.exe
  2⤵
  PID:6116
- C:\Windows\System\qVnDcoA.exe
  C:\Windows\System\qVnDcoA.exe
  2⤵
  PID:6136
- C:\Windows\System\cJXjLYQ.exe
  C:\Windows\System\cJXjLYQ.exe
  2⤵
  PID:4144
- C:\Windows\System\tzLYYUj.exe
  C:\Windows\System\tzLYYUj.exe
  2⤵
  PID:4220
- C:\Windows\System\vNuiSTx.exe
  C:\Windows\System\vNuiSTx.exe
  2⤵
  PID:5008
- C:\Windows\System\IuxYnkH.exe
  C:\Windows\System\IuxYnkH.exe
  2⤵
  PID:4620
- C:\Windows\System\BOoIciD.exe
  C:\Windows\System\BOoIciD.exe
  2⤵
  PID:4772
- C:\Windows\System\fYemGoE.exe
  C:\Windows\System\fYemGoE.exe
  2⤵
  PID:4864
- C:\Windows\System\UpkJMBf.exe
  C:\Windows\System\UpkJMBf.exe
  2⤵
  PID:3984
- C:\Windows\System\DdNcQcW.exe
  C:\Windows\System\DdNcQcW.exe
  2⤵
  PID:1952
- C:\Windows\System\yYveKOn.exe
  C:\Windows\System\yYveKOn.exe
  2⤵
  PID:4984
- C:\Windows\System\dCZsmpQ.exe
  C:\Windows\System\dCZsmpQ.exe
  2⤵
  PID:5196
- C:\Windows\System\auYOpXQ.exe
  C:\Windows\System\auYOpXQ.exe
  2⤵
  PID:5244
- C:\Windows\System\xZZWLYK.exe
  C:\Windows\System\xZZWLYK.exe
  2⤵
  PID:5280
- C:\Windows\System\YVMKmsv.exe
  C:\Windows\System\YVMKmsv.exe
  2⤵
  PID:5360
- C:\Windows\System\RkIWqsR.exe
  C:\Windows\System\RkIWqsR.exe
  2⤵
  PID:5400
- C:\Windows\System\gqHuntA.exe
  C:\Windows\System\gqHuntA.exe
  2⤵
  PID:5256
- C:\Windows\System\jzKtwBa.exe
  C:\Windows\System\jzKtwBa.exe
  2⤵
  PID:5300
- C:\Windows\System\pTkYcDw.exe
  C:\Windows\System\pTkYcDw.exe
  2⤵
  PID:5448
- C:\Windows\System\jCfKbqy.exe
  C:\Windows\System\jCfKbqy.exe
  2⤵
  PID:5388
- C:\Windows\System\SKSpZmQ.exe
  C:\Windows\System\SKSpZmQ.exe
  2⤵
  PID:5552
- C:\Windows\System\dEvfdDl.exe
  C:\Windows\System\dEvfdDl.exe
  2⤵
  PID:5464
- C:\Windows\System\mGomxBA.exe
  C:\Windows\System\mGomxBA.exe
  2⤵
  PID:2444
- C:\Windows\System\WmHHRkS.exe
  C:\Windows\System\WmHHRkS.exe
  2⤵
  PID:5504
- C:\Windows\System\DRPWMbV.exe
  C:\Windows\System\DRPWMbV.exe
  2⤵
  PID:5672
- C:\Windows\System\tnfBZYt.exe
  C:\Windows\System\tnfBZYt.exe
  2⤵
  PID:5652
- C:\Windows\System\btqMYsH.exe
  C:\Windows\System\btqMYsH.exe
  2⤵
  PID:5700
- C:\Windows\System\RpKEpMu.exe
  C:\Windows\System\RpKEpMu.exe
  2⤵
  PID:5724
- C:\Windows\System\zuZTVJl.exe
  C:\Windows\System\zuZTVJl.exe
  2⤵
  PID:5752
- C:\Windows\System\amtLVdD.exe
  C:\Windows\System\amtLVdD.exe
  2⤵
  PID:5804
- C:\Windows\System\KzbeNtP.exe
  C:\Windows\System\KzbeNtP.exe
  2⤵
  PID:5808
- C:\Windows\System\KtNCltm.exe
  C:\Windows\System\KtNCltm.exe
  2⤵
  PID:5852
- C:\Windows\System\rVhCpWV.exe
  C:\Windows\System\rVhCpWV.exe
  2⤵
  PID:5884
- C:\Windows\System\oJAtDNl.exe
  C:\Windows\System\oJAtDNl.exe
  2⤵
  PID:5908
- C:\Windows\System\QUJeCdY.exe
  C:\Windows\System\QUJeCdY.exe
  2⤵
  PID:5944
- C:\Windows\System\OddZCZN.exe
  C:\Windows\System\OddZCZN.exe
  2⤵
  PID:5968
- C:\Windows\System\jqzJpWE.exe
  C:\Windows\System\jqzJpWE.exe
  2⤵
  PID:6012
- C:\Windows\System\TsNQpQm.exe
  C:\Windows\System\TsNQpQm.exe
  2⤵
  PID:6044
- C:\Windows\System\ouZfsqV.exe
  C:\Windows\System\ouZfsqV.exe
  2⤵
  PID:6048
- C:\Windows\System\lESnJoZ.exe
  C:\Windows\System\lESnJoZ.exe
  2⤵
  PID:6072
- C:\Windows\System\NSzfYCG.exe
  C:\Windows\System\NSzfYCG.exe
  2⤵
  PID:6124
- C:\Windows\System\VDESGFH.exe
  C:\Windows\System\VDESGFH.exe
  2⤵
  PID:6128
- C:\Windows\System\WaoCCwv.exe
  C:\Windows\System\WaoCCwv.exe
  2⤵
  PID:4244
- C:\Windows\System\xovupCZ.exe
  C:\Windows\System\xovupCZ.exe
  2⤵
  PID:4332
- C:\Windows\System\nkazuZe.exe
  C:\Windows\System\nkazuZe.exe
  2⤵
  PID:3324
- C:\Windows\System\Zigplju.exe
  C:\Windows\System\Zigplju.exe
  2⤵
  PID:4908
- C:\Windows\System\eyrNXFe.exe
  C:\Windows\System\eyrNXFe.exe
  2⤵
  PID:4848
- C:\Windows\System\RHfEDEE.exe
  C:\Windows\System\RHfEDEE.exe
  2⤵
  PID:5124
- C:\Windows\System\YXEKhoV.exe
  C:\Windows\System\YXEKhoV.exe
  2⤵
  PID:5144
- C:\Windows\System\BMuhHMJ.exe
  C:\Windows\System\BMuhHMJ.exe
  2⤵
  PID:5200
- C:\Windows\System\TSpZWAP.exe
  C:\Windows\System\TSpZWAP.exe
  2⤵
  PID:1380
- C:\Windows\System\vWjpwVl.exe
  C:\Windows\System\vWjpwVl.exe
  2⤵
  PID:2064
- C:\Windows\System\mSKlaop.exe
  C:\Windows\System\mSKlaop.exe
  2⤵
  PID:5220
- C:\Windows\System\NxYJmDQ.exe
  C:\Windows\System\NxYJmDQ.exe
  2⤵
  PID:5304
- C:\Windows\System\QXToMWY.exe
  C:\Windows\System\QXToMWY.exe
  2⤵
  PID:5344
- C:\Windows\System\OreqSEa.exe
  C:\Windows\System\OreqSEa.exe
  2⤵
  PID:5420
- C:\Windows\System\JPrwzxh.exe
  C:\Windows\System\JPrwzxh.exe
  2⤵
  PID:1524
- C:\Windows\System\gVcwpNb.exe
  C:\Windows\System\gVcwpNb.exe
  2⤵
  PID:5620
- C:\Windows\System\hJdsDgF.exe
  C:\Windows\System\hJdsDgF.exe
  2⤵
  PID:5536
- C:\Windows\System\fGWBPNA.exe
  C:\Windows\System\fGWBPNA.exe
  2⤵
  PID:3068
- C:\Windows\System\mEMUiHT.exe
  C:\Windows\System\mEMUiHT.exe
  2⤵
  PID:5648
- C:\Windows\System\ePvmwlr.exe
  C:\Windows\System\ePvmwlr.exe
  2⤵
  PID:5720
- C:\Windows\System\kMSwDbC.exe
  C:\Windows\System\kMSwDbC.exe
  2⤵
  PID:5792
- C:\Windows\System\YvmpKad.exe
  C:\Windows\System\YvmpKad.exe
  2⤵
  PID:5788
- C:\Windows\System\RNPxpxL.exe
  C:\Windows\System\RNPxpxL.exe
  2⤵
  PID:5872
- C:\Windows\System\szzdYZO.exe
  C:\Windows\System\szzdYZO.exe
  2⤵
  PID:5932
- C:\Windows\System\mOhUmpt.exe
  C:\Windows\System\mOhUmpt.exe
  2⤵
  PID:2248
- C:\Windows\System\zJfgydI.exe
  C:\Windows\System\zJfgydI.exe
  2⤵
  PID:6084
- C:\Windows\System\kGCfAxo.exe
  C:\Windows\System\kGCfAxo.exe
  2⤵
  PID:3868
- C:\Windows\System\ZeVKxsS.exe
  C:\Windows\System\ZeVKxsS.exe
  2⤵
  PID:1228
- C:\Windows\System\kjORKbx.exe
  C:\Windows\System\kjORKbx.exe
  2⤵
  PID:4472
- C:\Windows\System\RbYrfXX.exe
  C:\Windows\System\RbYrfXX.exe
  2⤵
  PID:4560
- C:\Windows\System\KvZzmxs.exe
  C:\Windows\System\KvZzmxs.exe
  2⤵
  PID:3668
- C:\Windows\System\FZtXtTo.exe
  C:\Windows\System\FZtXtTo.exe
  2⤵
  PID:4724
- C:\Windows\System\biBoGpK.exe
  C:\Windows\System\biBoGpK.exe
  2⤵
  PID:2796
- C:\Windows\System\PEMaddH.exe
  C:\Windows\System\PEMaddH.exe
  2⤵
  PID:1728
- C:\Windows\System\WbvDpIJ.exe
  C:\Windows\System\WbvDpIJ.exe
  2⤵
  PID:5320
- C:\Windows\System\uUsJSQj.exe
  C:\Windows\System\uUsJSQj.exe
  2⤵
  PID:5488
- C:\Windows\System\DewhJGL.exe
  C:\Windows\System\DewhJGL.exe
  2⤵
  PID:1536
- C:\Windows\System\SgIzHzi.exe
  C:\Windows\System\SgIzHzi.exe
  2⤵
  PID:5616
- C:\Windows\System\QshJxVd.exe
  C:\Windows\System\QshJxVd.exe
  2⤵
  PID:5644
- C:\Windows\System\ThgdMbB.exe
  C:\Windows\System\ThgdMbB.exe
  2⤵
  PID:5692
- C:\Windows\System\MWfWWfw.exe
  C:\Windows\System\MWfWWfw.exe
  2⤵
  PID:5772
- C:\Windows\System\AXZQdVo.exe
  C:\Windows\System\AXZQdVo.exe
  2⤵
  PID:5972
- C:\Windows\System\OolydwE.exe
  C:\Windows\System\OolydwE.exe
  2⤵
  PID:6156
- C:\Windows\System\HEYZzBM.exe
  C:\Windows\System\HEYZzBM.exe
  2⤵
  PID:6176
- C:\Windows\System\EqxpUhp.exe
  C:\Windows\System\EqxpUhp.exe
  2⤵
  PID:6196
- C:\Windows\System\BsxmxWA.exe
  C:\Windows\System\BsxmxWA.exe
  2⤵
  PID:6216
- C:\Windows\System\VHdDBsN.exe
  C:\Windows\System\VHdDBsN.exe
  2⤵
  PID:6236
- C:\Windows\System\CjZLTAU.exe
  C:\Windows\System\CjZLTAU.exe
  2⤵
  PID:6256
- C:\Windows\System\EtLjyhV.exe
  C:\Windows\System\EtLjyhV.exe
  2⤵
  PID:6276
- C:\Windows\System\wcahQyQ.exe
  C:\Windows\System\wcahQyQ.exe
  2⤵
  PID:6296
- C:\Windows\System\TcIUWUc.exe
  C:\Windows\System\TcIUWUc.exe
  2⤵
  PID:6316
- C:\Windows\System\hLFPVLJ.exe
  C:\Windows\System\hLFPVLJ.exe
  2⤵
  PID:6336
- C:\Windows\System\nmJWVdQ.exe
  C:\Windows\System\nmJWVdQ.exe
  2⤵
  PID:6356
- C:\Windows\System\uGpkoXR.exe
  C:\Windows\System\uGpkoXR.exe
  2⤵
  PID:6376
- C:\Windows\System\skoKXTu.exe
  C:\Windows\System\skoKXTu.exe
  2⤵
  PID:6396
- C:\Windows\System\YwKSlJr.exe
  C:\Windows\System\YwKSlJr.exe
  2⤵
  PID:6416
- C:\Windows\System\tHfUhSJ.exe
  C:\Windows\System\tHfUhSJ.exe
  2⤵
  PID:6436
- C:\Windows\System\TBgOXRV.exe
  C:\Windows\System\TBgOXRV.exe
  2⤵
  PID:6456
- C:\Windows\System\DmPsMYP.exe
  C:\Windows\System\DmPsMYP.exe
  2⤵
  PID:6476
- C:\Windows\System\rANoMVe.exe
  C:\Windows\System\rANoMVe.exe
  2⤵
  PID:6496
- C:\Windows\System\DDfuTkR.exe
  C:\Windows\System\DDfuTkR.exe
  2⤵
  PID:6516
- C:\Windows\System\mmnNKOk.exe
  C:\Windows\System\mmnNKOk.exe
  2⤵
  PID:6536
- C:\Windows\System\RTHRagP.exe
  C:\Windows\System\RTHRagP.exe
  2⤵
  PID:6556
- C:\Windows\System\KeMGzpR.exe
  C:\Windows\System\KeMGzpR.exe
  2⤵
  PID:6576
- C:\Windows\System\JJbPURQ.exe
  C:\Windows\System\JJbPURQ.exe
  2⤵
  PID:6596
- C:\Windows\System\wdbOVnZ.exe
  C:\Windows\System\wdbOVnZ.exe
  2⤵
  PID:6616
- C:\Windows\System\QpXqwYi.exe
  C:\Windows\System\QpXqwYi.exe
  2⤵
  PID:6636
- C:\Windows\System\QGNMjGv.exe
  C:\Windows\System\QGNMjGv.exe
  2⤵
  PID:6656
- C:\Windows\System\TRdoxGd.exe
  C:\Windows\System\TRdoxGd.exe
  2⤵
  PID:6676
- C:\Windows\System\TXdIKKz.exe
  C:\Windows\System\TXdIKKz.exe
  2⤵
  PID:6700
- C:\Windows\System\AxrsYpb.exe
  C:\Windows\System\AxrsYpb.exe
  2⤵
  PID:6720
- C:\Windows\System\enywlzC.exe
  C:\Windows\System\enywlzC.exe
  2⤵
  PID:6740
- C:\Windows\System\YooAkcj.exe
  C:\Windows\System\YooAkcj.exe
  2⤵
  PID:6760
- C:\Windows\System\OsVvxvW.exe
  C:\Windows\System\OsVvxvW.exe
  2⤵
  PID:6780
- C:\Windows\System\FLVcqjy.exe
  C:\Windows\System\FLVcqjy.exe
  2⤵
  PID:6800
- C:\Windows\System\LCiagBh.exe
  C:\Windows\System\LCiagBh.exe
  2⤵
  PID:6820
- C:\Windows\System\CHNOhvK.exe
  C:\Windows\System\CHNOhvK.exe
  2⤵
  PID:6840
- C:\Windows\System\szsOmyM.exe
  C:\Windows\System\szsOmyM.exe
  2⤵
  PID:6860
- C:\Windows\System\JbHyPoM.exe
  C:\Windows\System\JbHyPoM.exe
  2⤵
  PID:6880
- C:\Windows\System\PMWPPlW.exe
  C:\Windows\System\PMWPPlW.exe
  2⤵
  PID:6900
- C:\Windows\System\nZIhGPF.exe
  C:\Windows\System\nZIhGPF.exe
  2⤵
  PID:6920
- C:\Windows\System\qxfRzMY.exe
  C:\Windows\System\qxfRzMY.exe
  2⤵
  PID:6940
- C:\Windows\System\EuZRdst.exe
  C:\Windows\System\EuZRdst.exe
  2⤵
  PID:6960
- C:\Windows\System\DSnaflo.exe
  C:\Windows\System\DSnaflo.exe
  2⤵
  PID:6984
- C:\Windows\System\rNOtOlq.exe
  C:\Windows\System\rNOtOlq.exe
  2⤵
  PID:7004
- C:\Windows\System\VFvizZH.exe
  C:\Windows\System\VFvizZH.exe
  2⤵
  PID:7024
- C:\Windows\System\KcvXQTt.exe
  C:\Windows\System\KcvXQTt.exe
  2⤵
  PID:7044
- C:\Windows\System\MbWwwbq.exe
  C:\Windows\System\MbWwwbq.exe
  2⤵
  PID:7064
- C:\Windows\System\iYerBai.exe
  C:\Windows\System\iYerBai.exe
  2⤵
  PID:7084
- C:\Windows\System\mzoqdwo.exe
  C:\Windows\System\mzoqdwo.exe
  2⤵
  PID:7104
- C:\Windows\System\oNOYnDc.exe
  C:\Windows\System\oNOYnDc.exe
  2⤵
  PID:7124
- C:\Windows\System\ChORVWd.exe
  C:\Windows\System\ChORVWd.exe
  2⤵
  PID:7144
- C:\Windows\System\LzZyiJX.exe
  C:\Windows\System\LzZyiJX.exe
  2⤵
  PID:7164
- C:\Windows\System\pwIaQqb.exe
  C:\Windows\System\pwIaQqb.exe
  2⤵
  PID:5992
- C:\Windows\System\HlIdDPU.exe
  C:\Windows\System\HlIdDPU.exe
  2⤵
  PID:6108
- C:\Windows\System\FaYkBOu.exe
  C:\Windows\System\FaYkBOu.exe
  2⤵
  PID:4164
- C:\Windows\System\rSNgSYG.exe
  C:\Windows\System\rSNgSYG.exe
  2⤵
  PID:1528
- C:\Windows\System\KpcwCPM.exe
  C:\Windows\System\KpcwCPM.exe
  2⤵
  PID:1804
- C:\Windows\System\RFhewdk.exe
  C:\Windows\System\RFhewdk.exe
  2⤵
  PID:1644
- C:\Windows\System\TajUEhK.exe
  C:\Windows\System\TajUEhK.exe
  2⤵
  PID:5436
- C:\Windows\System\uEJhnli.exe
  C:\Windows\System\uEJhnli.exe
  2⤵
  PID:5468
- C:\Windows\System\VdHrQTz.exe
  C:\Windows\System\VdHrQTz.exe
  2⤵
  PID:5640
- C:\Windows\System\YCttSqZ.exe
  C:\Windows\System\YCttSqZ.exe
  2⤵
  PID:5740
- C:\Windows\System\JtZbEMl.exe
  C:\Windows\System\JtZbEMl.exe
  2⤵
  PID:5912
- C:\Windows\System\cLdrADE.exe
  C:\Windows\System\cLdrADE.exe
  2⤵
  PID:6172
- C:\Windows\System\oDROpWQ.exe
  C:\Windows\System\oDROpWQ.exe
  2⤵
  PID:6204
- C:\Windows\System\gIfvNHq.exe
  C:\Windows\System\gIfvNHq.exe
  2⤵
  PID:6228
- C:\Windows\System\sRSkOYy.exe
  C:\Windows\System\sRSkOYy.exe
  2⤵
  PID:6272
- C:\Windows\System\ypXUyPk.exe
  C:\Windows\System\ypXUyPk.exe
  2⤵
  PID:6288
- C:\Windows\System\KcbnBrP.exe
  C:\Windows\System\KcbnBrP.exe
  2⤵
  PID:6324
- C:\Windows\System\KNfpcRo.exe
  C:\Windows\System\KNfpcRo.exe
  2⤵
  PID:2780
- C:\Windows\System\MZvcNgw.exe
  C:\Windows\System\MZvcNgw.exe
  2⤵
  PID:6384
- C:\Windows\System\PSMPkFD.exe
  C:\Windows\System\PSMPkFD.exe
  2⤵
  PID:6408
- C:\Windows\System\ganPpJe.exe
  C:\Windows\System\ganPpJe.exe
  2⤵
  PID:6452
- C:\Windows\System\BPKgYOt.exe
  C:\Windows\System\BPKgYOt.exe
  2⤵
  PID:6484
- C:\Windows\System\MHrkrLV.exe
  C:\Windows\System\MHrkrLV.exe
  2⤵
  PID:6508
- C:\Windows\System\ExVPPvM.exe
  C:\Windows\System\ExVPPvM.exe
  2⤵
  PID:6564
- C:\Windows\System\QpYILUd.exe
  C:\Windows\System\QpYILUd.exe
  2⤵
  PID:6584
- C:\Windows\System\NuNKDWx.exe
  C:\Windows\System\NuNKDWx.exe
  2⤵
  PID:6608
- C:\Windows\System\BhzhzEJ.exe
  C:\Windows\System\BhzhzEJ.exe
  2⤵
  PID:6652
- C:\Windows\System\IdwcwjT.exe
  C:\Windows\System\IdwcwjT.exe
  2⤵
  PID:6696
- C:\Windows\System\TNIoqep.exe
  C:\Windows\System\TNIoqep.exe
  2⤵
  PID:6736
- C:\Windows\System\WEquzhU.exe
  C:\Windows\System\WEquzhU.exe
  2⤵
  PID:6776
- C:\Windows\System\kLvhZTa.exe
  C:\Windows\System\kLvhZTa.exe
  2⤵
  PID:6808
- C:\Windows\System\TDLmEHw.exe
  C:\Windows\System\TDLmEHw.exe
  2⤵
  PID:6828
- C:\Windows\System\FiXSHVh.exe
  C:\Windows\System\FiXSHVh.exe
  2⤵
  PID:6852
- C:\Windows\System\wiAwRNy.exe
  C:\Windows\System\wiAwRNy.exe
  2⤵
  PID:6876
- C:\Windows\System\hOaUMXI.exe
  C:\Windows\System\hOaUMXI.exe
  2⤵
  PID:6916
- C:\Windows\System\ZWxjGWP.exe
  C:\Windows\System\ZWxjGWP.exe
  2⤵
  PID:6956
- C:\Windows\System\yabrgWV.exe
  C:\Windows\System\yabrgWV.exe
  2⤵
  PID:2052
- C:\Windows\System\UMLtJrj.exe
  C:\Windows\System\UMLtJrj.exe
  2⤵
  PID:7016
- C:\Windows\System\vvDIQya.exe
  C:\Windows\System\vvDIQya.exe
  2⤵
  PID:2776
- C:\Windows\System\cMEMdgM.exe
  C:\Windows\System\cMEMdgM.exe
  2⤵
  PID:7092
- C:\Windows\System\bJOPEDj.exe
  C:\Windows\System\bJOPEDj.exe
  2⤵
  PID:7132
- C:\Windows\System\sqLKeTV.exe
  C:\Windows\System\sqLKeTV.exe
  2⤵
  PID:5928
- C:\Windows\System\BvYCrSN.exe
  C:\Windows\System\BvYCrSN.exe
  2⤵
  PID:7160
- C:\Windows\System\oYFOvYI.exe
  C:\Windows\System\oYFOvYI.exe
  2⤵
  PID:6032
- C:\Windows\System\UynCovm.exe
  C:\Windows\System\UynCovm.exe
  2⤵
  PID:5176
- C:\Windows\System\ftaquds.exe
  C:\Windows\System\ftaquds.exe
  2⤵
  PID:1972
- C:\Windows\System\AuNPJdo.exe
  C:\Windows\System\AuNPJdo.exe
  2⤵
  PID:5628
- C:\Windows\System\YmcYbaH.exe
  C:\Windows\System\YmcYbaH.exe
  2⤵
  PID:5844
- C:\Windows\System\HlppOLs.exe
  C:\Windows\System\HlppOLs.exe
  2⤵
  PID:2812
- C:\Windows\System\hXlodVz.exe
  C:\Windows\System\hXlodVz.exe
  2⤵
  PID:6192
- C:\Windows\System\dFsBVRn.exe
  C:\Windows\System\dFsBVRn.exe
  2⤵
  PID:6232
- C:\Windows\System\nUaFWxK.exe
  C:\Windows\System\nUaFWxK.exe
  2⤵
  PID:6292
- C:\Windows\System\OnglVsT.exe
  C:\Windows\System\OnglVsT.exe
  2⤵
  PID:6328
- C:\Windows\System\PeIsNkF.exe
  C:\Windows\System\PeIsNkF.exe
  2⤵
  PID:6404
- C:\Windows\System\sQrvUog.exe
  C:\Windows\System\sQrvUog.exe
  2⤵
  PID:6488
- C:\Windows\System\iiEqrix.exe
  C:\Windows\System\iiEqrix.exe
  2⤵
  PID:6472
- C:\Windows\System\NRABoQd.exe
  C:\Windows\System\NRABoQd.exe
  2⤵
  PID:6568
- C:\Windows\System\beBWtnb.exe
  C:\Windows\System\beBWtnb.exe
  2⤵
  PID:6632
- C:\Windows\System\bhwbobb.exe
  C:\Windows\System\bhwbobb.exe
  2⤵
  PID:6664
- C:\Windows\System\wMPQMrE.exe
  C:\Windows\System\wMPQMrE.exe
  2⤵
  PID:6752
- C:\Windows\System\IhfozET.exe
  C:\Windows\System\IhfozET.exe
  2⤵
  PID:6732
- C:\Windows\System\KuUrfMt.exe
  C:\Windows\System\KuUrfMt.exe
  2⤵
  PID:6812
- C:\Windows\System\qsAoPFO.exe
  C:\Windows\System\qsAoPFO.exe
  2⤵
  PID:6928
- C:\Windows\System\HPNQwps.exe
  C:\Windows\System\HPNQwps.exe
  2⤵
  PID:6980
- C:\Windows\System\LHsQlQc.exe
  C:\Windows\System\LHsQlQc.exe
  2⤵
  PID:7052
- C:\Windows\System\pbsRJWT.exe
  C:\Windows\System\pbsRJWT.exe
  2⤵
  PID:7012
- C:\Windows\System\nJKjiRe.exe
  C:\Windows\System\nJKjiRe.exe
  2⤵
  PID:7076
- C:\Windows\System\IwprePX.exe
  C:\Windows\System\IwprePX.exe
  2⤵
  PID:7116
- C:\Windows\System\tCtDZnJ.exe
  C:\Windows\System\tCtDZnJ.exe
  2⤵
  PID:5140
- C:\Windows\System\qUjzPdT.exe
  C:\Windows\System\qUjzPdT.exe
  2⤵
  PID:5284
- C:\Windows\System\QdQQbsJ.exe
  C:\Windows\System\QdQQbsJ.exe
  2⤵
  PID:5356
- C:\Windows\System\JwPWSWk.exe
  C:\Windows\System\JwPWSWk.exe
  2⤵
  PID:5568
- C:\Windows\System\pciRQqe.exe
  C:\Windows\System\pciRQqe.exe
  2⤵
  PID:6372
- C:\Windows\System\pzhCYBw.exe
  C:\Windows\System\pzhCYBw.exe
  2⤵
  PID:6248
- C:\Windows\System\tqisEhe.exe
  C:\Windows\System\tqisEhe.exe
  2⤵
  PID:6352
- C:\Windows\System\LOSuXjy.exe
  C:\Windows\System\LOSuXjy.exe
  2⤵
  PID:6444
- C:\Windows\System\JSelbFo.exe
  C:\Windows\System\JSelbFo.exe
  2⤵
  PID:6976
- C:\Windows\System\VJxVZds.exe
  C:\Windows\System\VJxVZds.exe
  2⤵
  PID:6528
- C:\Windows\System\KtpjYpL.exe
  C:\Windows\System\KtpjYpL.exe
  2⤵
  PID:6772
- C:\Windows\System\BojkeGj.exe
  C:\Windows\System\BojkeGj.exe
  2⤵
  PID:6896
- C:\Windows\System\RhrvFtr.exe
  C:\Windows\System\RhrvFtr.exe
  2⤵
  PID:6836
- C:\Windows\System\sOXnJph.exe
  C:\Windows\System\sOXnJph.exe
  2⤵
  PID:6968
- C:\Windows\System\VVIDfnV.exe
  C:\Windows\System\VVIDfnV.exe
  2⤵
  PID:7020
- C:\Windows\System\ARQnmmT.exe
  C:\Windows\System\ARQnmmT.exe
  2⤵
  PID:7072
- C:\Windows\System\cMqiXmy.exe
  C:\Windows\System\cMqiXmy.exe
  2⤵
  PID:5324
- C:\Windows\System\ioDyltL.exe
  C:\Windows\System\ioDyltL.exe
  2⤵
  PID:2656
- C:\Windows\System\bUWZjwV.exe
  C:\Windows\System\bUWZjwV.exe
  2⤵
  PID:5584
- C:\Windows\System\tAltyyP.exe
  C:\Windows\System\tAltyyP.exe
  2⤵
  PID:1312
- C:\Windows\System\clWfKZi.exe
  C:\Windows\System\clWfKZi.exe
  2⤵
  PID:7184
- C:\Windows\System\zgrPFms.exe
  C:\Windows\System\zgrPFms.exe
  2⤵
  PID:7204
- C:\Windows\System\NfbzlWU.exe
  C:\Windows\System\NfbzlWU.exe
  2⤵
  PID:7224
- C:\Windows\System\CHMHkXy.exe
  C:\Windows\System\CHMHkXy.exe
  2⤵
  PID:7244
- C:\Windows\System\AAZSyJf.exe
  C:\Windows\System\AAZSyJf.exe
  2⤵
  PID:7264
- C:\Windows\System\DEIzqWy.exe
  C:\Windows\System\DEIzqWy.exe
  2⤵
  PID:7280
- C:\Windows\System\RSFSsnt.exe
  C:\Windows\System\RSFSsnt.exe
  2⤵
  PID:7304
- C:\Windows\System\OPgaPTD.exe
  C:\Windows\System\OPgaPTD.exe
  2⤵
  PID:7324
- C:\Windows\System\fzTZITb.exe
  C:\Windows\System\fzTZITb.exe
  2⤵
  PID:7344
- C:\Windows\System\UWaMHfl.exe
  C:\Windows\System\UWaMHfl.exe
  2⤵
  PID:7364
- C:\Windows\System\iQYtRSB.exe
  C:\Windows\System\iQYtRSB.exe
  2⤵
  PID:7384
- C:\Windows\System\QoatYur.exe
  C:\Windows\System\QoatYur.exe
  2⤵
  PID:7404
- C:\Windows\System\dXpAgKD.exe
  C:\Windows\System\dXpAgKD.exe
  2⤵
  PID:7424
- C:\Windows\System\iNimWld.exe
  C:\Windows\System\iNimWld.exe
  2⤵
  PID:7444
- C:\Windows\System\aTCcPTk.exe
  C:\Windows\System\aTCcPTk.exe
  2⤵
  PID:7464
- C:\Windows\System\BPNNoXp.exe
  C:\Windows\System\BPNNoXp.exe
  2⤵
  PID:7480
- C:\Windows\System\BFOsnDp.exe
  C:\Windows\System\BFOsnDp.exe
  2⤵
  PID:7504
- C:\Windows\System\tzoVVzq.exe
  C:\Windows\System\tzoVVzq.exe
  2⤵
  PID:7524
- C:\Windows\System\ftymaIR.exe
  C:\Windows\System\ftymaIR.exe
  2⤵
  PID:7548
- C:\Windows\System\mBiXNYO.exe
  C:\Windows\System\mBiXNYO.exe
  2⤵
  PID:7568
- C:\Windows\System\DXadewC.exe
  C:\Windows\System\DXadewC.exe
  2⤵
  PID:7588
- C:\Windows\System\etvOWfb.exe
  C:\Windows\System\etvOWfb.exe
  2⤵
  PID:7608
- C:\Windows\System\auFcbzn.exe
  C:\Windows\System\auFcbzn.exe
  2⤵
  PID:7628
- C:\Windows\System\PVEucCU.exe
  C:\Windows\System\PVEucCU.exe
  2⤵
  PID:7644
- C:\Windows\System\FlRqqsN.exe
  C:\Windows\System\FlRqqsN.exe
  2⤵
  PID:7664
- C:\Windows\System\UCzPRLY.exe
  C:\Windows\System\UCzPRLY.exe
  2⤵
  PID:7684
- C:\Windows\System\BfsFLkV.exe
  C:\Windows\System\BfsFLkV.exe
  2⤵
  PID:7708
- C:\Windows\System\NbMwDHl.exe
  C:\Windows\System\NbMwDHl.exe
  2⤵
  PID:7728
- C:\Windows\System\qEviBSJ.exe
  C:\Windows\System\qEviBSJ.exe
  2⤵
  PID:7744
- C:\Windows\System\lEnKYkR.exe
  C:\Windows\System\lEnKYkR.exe
  2⤵
  PID:7764
- C:\Windows\System\puUNrcQ.exe
  C:\Windows\System\puUNrcQ.exe
  2⤵
  PID:7792
- C:\Windows\System\lTrcJcY.exe
  C:\Windows\System\lTrcJcY.exe
  2⤵
  PID:7812
- C:\Windows\System\SisoVnZ.exe
  C:\Windows\System\SisoVnZ.exe
  2⤵
  PID:7832
- C:\Windows\System\NsvpsYr.exe
  C:\Windows\System\NsvpsYr.exe
  2⤵
  PID:7852
- C:\Windows\System\MoyElEx.exe
  C:\Windows\System\MoyElEx.exe
  2⤵
  PID:7872
- C:\Windows\System\FSmdDbM.exe
  C:\Windows\System\FSmdDbM.exe
  2⤵
  PID:7892
- C:\Windows\System\vyTaDOl.exe
  C:\Windows\System\vyTaDOl.exe
  2⤵
  PID:7912
- C:\Windows\System\iwGhWlb.exe
  C:\Windows\System\iwGhWlb.exe
  2⤵
  PID:7932
- C:\Windows\System\fjfsvqC.exe
  C:\Windows\System\fjfsvqC.exe
  2⤵
  PID:7952
- C:\Windows\System\mHSXZGU.exe
  C:\Windows\System\mHSXZGU.exe
  2⤵
  PID:7972
- C:\Windows\System\QHjpHSO.exe
  C:\Windows\System\QHjpHSO.exe
  2⤵
  PID:7992
- C:\Windows\System\vMhlWvl.exe
  C:\Windows\System\vMhlWvl.exe
  2⤵
  PID:8012
- C:\Windows\System\HWblsXj.exe
  C:\Windows\System\HWblsXj.exe
  2⤵
  PID:8032
- C:\Windows\System\EfwgKlO.exe
  C:\Windows\System\EfwgKlO.exe
  2⤵
  PID:8052
- C:\Windows\System\oyfWLIF.exe
  C:\Windows\System\oyfWLIF.exe
  2⤵
  PID:8072
- C:\Windows\System\RVkUvJo.exe
  C:\Windows\System\RVkUvJo.exe
  2⤵
  PID:8092
- C:\Windows\System\ZXFABUT.exe
  C:\Windows\System\ZXFABUT.exe
  2⤵
  PID:8112
- C:\Windows\System\IZazTkJ.exe
  C:\Windows\System\IZazTkJ.exe
  2⤵
  PID:8132
- C:\Windows\System\UFLCNEq.exe
  C:\Windows\System\UFLCNEq.exe
  2⤵
  PID:8148
- C:\Windows\System\xwfrtuy.exe
  C:\Windows\System\xwfrtuy.exe
  2⤵
  PID:8172
- C:\Windows\System\PZpcEZU.exe
  C:\Windows\System\PZpcEZU.exe
  2⤵
  PID:2604
- C:\Windows\System\kWiwVyV.exe
  C:\Windows\System\kWiwVyV.exe
  2⤵
  PID:6348
- C:\Windows\System\eVgZgNL.exe
  C:\Windows\System\eVgZgNL.exe
  2⤵
  PID:6668
- C:\Windows\System\bvRbxOQ.exe
  C:\Windows\System\bvRbxOQ.exe
  2⤵
  PID:6856
- C:\Windows\System\gUePDzj.exe
  C:\Windows\System\gUePDzj.exe
  2⤵
  PID:2720
- C:\Windows\System\fDTFrLx.exe
  C:\Windows\System\fDTFrLx.exe
  2⤵
  PID:7112
- C:\Windows\System\WTDtpFV.exe
  C:\Windows\System\WTDtpFV.exe
  2⤵
  PID:4868
- C:\Windows\System\OPJKwem.exe
  C:\Windows\System\OPJKwem.exe
  2⤵
  PID:6312
- C:\Windows\System\sasxNmn.exe
  C:\Windows\System\sasxNmn.exe
  2⤵
  PID:2956
- C:\Windows\System\oSaxkic.exe
  C:\Windows\System\oSaxkic.exe
  2⤵
  PID:7176
- C:\Windows\System\kdxSkNW.exe
  C:\Windows\System\kdxSkNW.exe
  2⤵
  PID:7216
- C:\Windows\System\ArwrbiG.exe
  C:\Windows\System\ArwrbiG.exe
  2⤵
  PID:7256
- C:\Windows\System\KHqCtbc.exe
  C:\Windows\System\KHqCtbc.exe
  2⤵
  PID:2556
- C:\Windows\System\ySubsXN.exe
  C:\Windows\System\ySubsXN.exe
  2⤵
  PID:7272
- C:\Windows\System\DXsIxRB.exe
  C:\Windows\System\DXsIxRB.exe
  2⤵
  PID:7316
- C:\Windows\System\UaaoBEX.exe
  C:\Windows\System\UaaoBEX.exe
  2⤵
  PID:7376
- C:\Windows\System\jPWrrlp.exe
  C:\Windows\System\jPWrrlp.exe
  2⤵
  PID:7420
- C:\Windows\System\JgmlbXq.exe
  C:\Windows\System\JgmlbXq.exe
  2⤵
  PID:308
- C:\Windows\System\FLbFRaJ.exe
  C:\Windows\System\FLbFRaJ.exe
  2⤵
  PID:7432
- C:\Windows\System\SBNepTh.exe
  C:\Windows\System\SBNepTh.exe
  2⤵
  PID:7488
- C:\Windows\System\mkZkhlf.exe
  C:\Windows\System\mkZkhlf.exe
  2⤵
  PID:2440
- C:\Windows\System\SfRPRux.exe
  C:\Windows\System\SfRPRux.exe
  2⤵
  PID:7532
- C:\Windows\System\eOlfpIV.exe
  C:\Windows\System\eOlfpIV.exe
  2⤵
  PID:7520
- C:\Windows\System\kZuYCKr.exe
  C:\Windows\System\kZuYCKr.exe
  2⤵
  PID:7556
- C:\Windows\System\BkoYqwO.exe
  C:\Windows\System\BkoYqwO.exe
  2⤵
  PID:7624
- C:\Windows\System\FQTBjak.exe
  C:\Windows\System\FQTBjak.exe
  2⤵
  PID:7656
- C:\Windows\System\QrLRqUM.exe
  C:\Windows\System\QrLRqUM.exe
  2⤵
  PID:7700
- C:\Windows\System\nXYRgGg.exe
  C:\Windows\System\nXYRgGg.exe
  2⤵
  PID:7680
- C:\Windows\System\JbOdzHK.exe
  C:\Windows\System\JbOdzHK.exe
  2⤵
  PID:7772
- C:\Windows\System\bRHWkFm.exe
  C:\Windows\System\bRHWkFm.exe
  2⤵
  PID:7752
- C:\Windows\System\VTFlKcH.exe
  C:\Windows\System\VTFlKcH.exe
  2⤵
  PID:7828
- C:\Windows\System\NkSpXNW.exe
  C:\Windows\System\NkSpXNW.exe
  2⤵
  PID:7860
- C:\Windows\System\ChndMrp.exe
  C:\Windows\System\ChndMrp.exe
  2⤵
  PID:7880
- C:\Windows\System\KMCqffC.exe
  C:\Windows\System\KMCqffC.exe
  2⤵
  PID:7904
- C:\Windows\System\CYjpZzp.exe
  C:\Windows\System\CYjpZzp.exe
  2⤵
  PID:7928
- C:\Windows\System\kjXQHYL.exe
  C:\Windows\System\kjXQHYL.exe
  2⤵
  PID:7960
- C:\Windows\System\cBefUyx.exe
  C:\Windows\System\cBefUyx.exe
  2⤵
  PID:8020
- C:\Windows\System\OvdVLzT.exe
  C:\Windows\System\OvdVLzT.exe
  2⤵
  PID:8008
- C:\Windows\System\VnlVmwv.exe
  C:\Windows\System\VnlVmwv.exe
  2⤵
  PID:8064
- C:\Windows\System\ghLaXfd.exe
  C:\Windows\System\ghLaXfd.exe
  2⤵
  PID:8100
- C:\Windows\System\iXndJHX.exe
  C:\Windows\System\iXndJHX.exe
  2⤵
  PID:8120
- C:\Windows\System\lhslHxM.exe
  C:\Windows\System\lhslHxM.exe
  2⤵
  PID:1672
- C:\Windows\System\mFPIrFW.exe
  C:\Windows\System\mFPIrFW.exe
  2⤵
  PID:8164
- C:\Windows\System\cQdmowv.exe
  C:\Windows\System\cQdmowv.exe
  2⤵
  PID:2316
- C:\Windows\System\XcDboSG.exe
  C:\Windows\System\XcDboSG.exe
  2⤵
  PID:6768
- C:\Windows\System\JDPSqbV.exe
  C:\Windows\System\JDPSqbV.exe
  2⤵
  PID:6592
- C:\Windows\System\ipPgiZm.exe
  C:\Windows\System\ipPgiZm.exe
  2⤵
  PID:6972
- C:\Windows\System\eOjlabH.exe
  C:\Windows\System\eOjlabH.exe
  2⤵
  PID:1864
- C:\Windows\System\adGQZcE.exe
  C:\Windows\System\adGQZcE.exe
  2⤵
  PID:7172
- C:\Windows\System\jFlkfTp.exe
  C:\Windows\System\jFlkfTp.exe
  2⤵
  PID:7212
- C:\Windows\System\WHvlBlb.exe
  C:\Windows\System\WHvlBlb.exe
  2⤵
  PID:3000
- C:\Windows\System\ocrVFpH.exe
  C:\Windows\System\ocrVFpH.exe
  2⤵
  PID:7300
- C:\Windows\System\YlIItdi.exe
  C:\Windows\System\YlIItdi.exe
  2⤵
  PID:7360
- C:\Windows\System\SyFmnBA.exe
  C:\Windows\System\SyFmnBA.exe
  2⤵
  PID:4204
- C:\Windows\System\ORZMcPF.exe
  C:\Windows\System\ORZMcPF.exe
  2⤵
  PID:236
- C:\Windows\System\UVjtgBO.exe
  C:\Windows\System\UVjtgBO.exe
  2⤵
  PID:1580
- C:\Windows\System\VJbutFd.exe
  C:\Windows\System\VJbutFd.exe
  2⤵
  PID:7560
- C:\Windows\System\SQfkqmN.exe
  C:\Windows\System\SQfkqmN.exe
  2⤵
  PID:7652
- C:\Windows\System\jKueSLE.exe
  C:\Windows\System\jKueSLE.exe
  2⤵
  PID:2760
- C:\Windows\System\SkcTSxO.exe
  C:\Windows\System\SkcTSxO.exe
  2⤵
  PID:7724
- C:\Windows\System\msQWpax.exe
  C:\Windows\System\msQWpax.exe
  2⤵
  PID:7760
- C:\Windows\System\UhvcTIB.exe
  C:\Windows\System\UhvcTIB.exe
  2⤵
  PID:816
- C:\Windows\System\RHMNzig.exe
  C:\Windows\System\RHMNzig.exe
  2⤵
  PID:7820
- C:\Windows\System\SUOhnMw.exe
  C:\Windows\System\SUOhnMw.exe
  2⤵
  PID:7840
- C:\Windows\System\rlbqJpw.exe
  C:\Windows\System\rlbqJpw.exe
  2⤵
  PID:7940
- C:\Windows\System\TollcBB.exe
  C:\Windows\System\TollcBB.exe
  2⤵
  PID:2868
- C:\Windows\System\rQnFSna.exe
  C:\Windows\System\rQnFSna.exe
  2⤵
  PID:7968
- C:\Windows\System\AkFjyoM.exe
  C:\Windows\System\AkFjyoM.exe
  2⤵
  PID:8060
- C:\Windows\System\assUlAH.exe
  C:\Windows\System\assUlAH.exe
  2⤵
  PID:8088
- C:\Windows\System\OBdPPeS.exe
  C:\Windows\System\OBdPPeS.exe
  2⤵
  PID:8160
- C:\Windows\System\lbSqaWX.exe
  C:\Windows\System\lbSqaWX.exe
  2⤵
  PID:3592
- C:\Windows\System\EkPCtFH.exe
  C:\Windows\System\EkPCtFH.exe
  2⤵
  PID:1348
- C:\Windows\System\NtLpXtS.exe
  C:\Windows\System\NtLpXtS.exe
  2⤵
  PID:496
- C:\Windows\System\REwuftW.exe
  C:\Windows\System\REwuftW.exe
  2⤵
  PID:6532
- C:\Windows\System\wiBmfBp.exe
  C:\Windows\System\wiBmfBp.exe
  2⤵
  PID:6936
- C:\Windows\System\hrougoq.exe
  C:\Windows\System\hrougoq.exe
  2⤵
  PID:2624
- C:\Windows\System\OHXJJoC.exe
  C:\Windows\System\OHXJJoC.exe
  2⤵
  PID:1928
- C:\Windows\System\cMNqgFq.exe
  C:\Windows\System\cMNqgFq.exe
  2⤵
  PID:1368
- C:\Windows\System\nfMYoJc.exe
  C:\Windows\System\nfMYoJc.exe
  2⤵
  PID:1968
- C:\Windows\System\Ggmizkg.exe
  C:\Windows\System\Ggmizkg.exe
  2⤵
  PID:7192
- C:\Windows\System\bRgGGSn.exe
  C:\Windows\System\bRgGGSn.exe
  2⤵
  PID:7336
- C:\Windows\System\aKZRPff.exe
  C:\Windows\System\aKZRPff.exe
  2⤵
  PID:7356
- C:\Windows\System\KOPsewe.exe
  C:\Windows\System\KOPsewe.exe
  2⤵
  PID:3056
- C:\Windows\System\AnOHdzt.exe
  C:\Windows\System\AnOHdzt.exe
  2⤵
  PID:7436
- C:\Windows\System\DjCroZI.exe
  C:\Windows\System\DjCroZI.exe
  2⤵
  PID:7472
- C:\Windows\System\GKQtcuB.exe
  C:\Windows\System\GKQtcuB.exe
  2⤵
  PID:576
- C:\Windows\System\MnXEvqF.exe
  C:\Windows\System\MnXEvqF.exe
  2⤵
  PID:2216
- C:\Windows\System\UQCdoTk.exe
  C:\Windows\System\UQCdoTk.exe
  2⤵
  PID:7696
- C:\Windows\System\ndgeDFF.exe
  C:\Windows\System\ndgeDFF.exe
  2⤵
  PID:604
- C:\Windows\System\UqfVBpS.exe
  C:\Windows\System\UqfVBpS.exe
  2⤵
  PID:484
- C:\Windows\System\cXTgzwR.exe
  C:\Windows\System\cXTgzwR.exe
  2⤵
  PID:2060
- C:\Windows\System\dOSwaYJ.exe
  C:\Windows\System\dOSwaYJ.exe
  2⤵
  PID:8024
- C:\Windows\System\hWjDmon.exe
  C:\Windows\System\hWjDmon.exe
  2⤵
  PID:8124
- C:\Windows\System\kjSwXom.exe
  C:\Windows\System\kjSwXom.exe
  2⤵
  PID:4104
- C:\Windows\System\vijzyov.exe
  C:\Windows\System\vijzyov.exe
  2⤵
  PID:7120
- C:\Windows\System\mwuFrUl.exe
  C:\Windows\System\mwuFrUl.exe
  2⤵
  PID:6996
- C:\Windows\System\TmPrHVz.exe
  C:\Windows\System\TmPrHVz.exe
  2⤵
  PID:7460
- C:\Windows\System\UEAwyFK.exe
  C:\Windows\System\UEAwyFK.exe
  2⤵
  PID:7676
- C:\Windows\System\hZkCLwS.exe
  C:\Windows\System\hZkCLwS.exe
  2⤵
  PID:8296
- C:\Windows\System\AuaiLNs.exe
  C:\Windows\System\AuaiLNs.exe
  2⤵
  PID:8312
- C:\Windows\System\WkYybrG.exe
  C:\Windows\System\WkYybrG.exe
  2⤵
  PID:8332
- C:\Windows\System\AxnVofy.exe
  C:\Windows\System\AxnVofy.exe
  2⤵
  PID:8348
- C:\Windows\System\TOTIXxO.exe
  C:\Windows\System\TOTIXxO.exe
  2⤵
  PID:8364
- C:\Windows\System\IkkOzMk.exe
  C:\Windows\System\IkkOzMk.exe
  2⤵
  PID:8380
- C:\Windows\System\mpWCYpf.exe
  C:\Windows\System\mpWCYpf.exe
  2⤵
  PID:8396
- C:\Windows\System\UMXuTWc.exe
  C:\Windows\System\UMXuTWc.exe
  2⤵
  PID:8412
- C:\Windows\System\mGsXzyO.exe
  C:\Windows\System\mGsXzyO.exe
  2⤵
  PID:8428
- C:\Windows\System\qFPRgzN.exe
  C:\Windows\System\qFPRgzN.exe
  2⤵
  PID:8460
- C:\Windows\System\UZqdMlo.exe
  C:\Windows\System\UZqdMlo.exe
  2⤵
  PID:8476
- C:\Windows\System\QTAeitm.exe
  C:\Windows\System\QTAeitm.exe
  2⤵
  PID:8492
- C:\Windows\System\bFJEDDY.exe
  C:\Windows\System\bFJEDDY.exe
  2⤵
  PID:8508
- C:\Windows\System\YLflRMi.exe
  C:\Windows\System\YLflRMi.exe
  2⤵
  PID:8524
- C:\Windows\System\TIqiWIx.exe
  C:\Windows\System\TIqiWIx.exe
  2⤵
  PID:8540
- C:\Windows\System\zyqpXHC.exe
  C:\Windows\System\zyqpXHC.exe
  2⤵
  PID:8556
- C:\Windows\System\ZoNJVWT.exe
  C:\Windows\System\ZoNJVWT.exe
  2⤵
  PID:8572
- C:\Windows\System\FGCsVhj.exe
  C:\Windows\System\FGCsVhj.exe
  2⤵
  PID:8588
- C:\Windows\System\hrFtWpp.exe
  C:\Windows\System\hrFtWpp.exe
  2⤵
  PID:8604
- C:\Windows\System\uZQqIqq.exe
  C:\Windows\System\uZQqIqq.exe
  2⤵
  PID:8620
- C:\Windows\System\rYWyWIp.exe
  C:\Windows\System\rYWyWIp.exe
  2⤵
  PID:8636
- C:\Windows\System\ClmLhpj.exe
  C:\Windows\System\ClmLhpj.exe
  2⤵
  PID:8652
- C:\Windows\System\OhfZeCk.exe
  C:\Windows\System\OhfZeCk.exe
  2⤵
  PID:8676
- C:\Windows\System\eOkrPbe.exe
  C:\Windows\System\eOkrPbe.exe
  2⤵
  PID:8696
- C:\Windows\System\mqyzwnG.exe
  C:\Windows\System\mqyzwnG.exe
  2⤵
  PID:8716
- C:\Windows\System\uBfgawF.exe
  C:\Windows\System\uBfgawF.exe
  2⤵
  PID:8736
- C:\Windows\System\gNEovKl.exe
  C:\Windows\System\gNEovKl.exe
  2⤵
  PID:8752
- C:\Windows\System\AdgbYyB.exe
  C:\Windows\System\AdgbYyB.exe
  2⤵
  PID:8768
- C:\Windows\System\tzoHMEC.exe
  C:\Windows\System\tzoHMEC.exe
  2⤵
  PID:8784
- C:\Windows\System\aFqcUUl.exe
  C:\Windows\System\aFqcUUl.exe
  2⤵
  PID:8800
- C:\Windows\System\ebZLyJc.exe
  C:\Windows\System\ebZLyJc.exe
  2⤵
  PID:8816
- C:\Windows\System\AzkUWDO.exe
  C:\Windows\System\AzkUWDO.exe
  2⤵
  PID:8832
- C:\Windows\System\InvCXKL.exe
  C:\Windows\System\InvCXKL.exe
  2⤵
  PID:8848
- C:\Windows\System\XirxKlO.exe
  C:\Windows\System\XirxKlO.exe
  2⤵
  PID:8864
- C:\Windows\System\NPihtxJ.exe
  C:\Windows\System\NPihtxJ.exe
  2⤵
  PID:8880
- C:\Windows\System\Bjwhiqm.exe
  C:\Windows\System\Bjwhiqm.exe
  2⤵
  PID:8896
- C:\Windows\System\CNEaStP.exe
  C:\Windows\System\CNEaStP.exe
  2⤵
  PID:8912
- C:\Windows\System\KYWedpq.exe
  C:\Windows\System\KYWedpq.exe
  2⤵
  PID:8928
- C:\Windows\System\cNRgqIn.exe
  C:\Windows\System\cNRgqIn.exe
  2⤵
  PID:8944
- C:\Windows\System\BwdhhUt.exe
  C:\Windows\System\BwdhhUt.exe
  2⤵
  PID:8964
- C:\Windows\System\NzLvxfj.exe
  C:\Windows\System\NzLvxfj.exe
  2⤵
  PID:8980
- C:\Windows\System\sVmBSBc.exe
  C:\Windows\System\sVmBSBc.exe
  2⤵
  PID:8996
- C:\Windows\System\JWBwIab.exe
  C:\Windows\System\JWBwIab.exe
  2⤵
  PID:9012
- C:\Windows\System\KqJxeRi.exe
  C:\Windows\System\KqJxeRi.exe
  2⤵
  PID:9028
- C:\Windows\System\qQIffVJ.exe
  C:\Windows\System\qQIffVJ.exe
  2⤵
  PID:9044
- C:\Windows\System\UZTRXqo.exe
  C:\Windows\System\UZTRXqo.exe
  2⤵
  PID:9060
- C:\Windows\System\dtRIVUS.exe
  C:\Windows\System\dtRIVUS.exe
  2⤵
  PID:9076
- C:\Windows\System\KGOcnKi.exe
  C:\Windows\System\KGOcnKi.exe
  2⤵
  PID:9092
- C:\Windows\System\bAbQqoq.exe
  C:\Windows\System\bAbQqoq.exe
  2⤵
  PID:9108
- C:\Windows\System\LkpoBXq.exe
  C:\Windows\System\LkpoBXq.exe
  2⤵
  PID:9124
- C:\Windows\System\ocsvqSE.exe
  C:\Windows\System\ocsvqSE.exe
  2⤵
  PID:9140
- C:\Windows\System\epIXuDR.exe
  C:\Windows\System\epIXuDR.exe
  2⤵
  PID:9156
- C:\Windows\System\wlHfcCi.exe
  C:\Windows\System\wlHfcCi.exe
  2⤵
  PID:9172
- C:\Windows\System\YGoaQuY.exe
  C:\Windows\System\YGoaQuY.exe
  2⤵
  PID:9188
- C:\Windows\System\SgXzNLo.exe
  C:\Windows\System\SgXzNLo.exe
  2⤵
  PID:9204
- C:\Windows\System\NZeHvMJ.exe
  C:\Windows\System\NZeHvMJ.exe
  2⤵
  PID:7964
- C:\Windows\System\jTAXatx.exe
  C:\Windows\System\jTAXatx.exe
  2⤵
  PID:8040
- C:\Windows\System\dAiJsBS.exe
  C:\Windows\System\dAiJsBS.exe
  2⤵
  PID:952
- C:\Windows\System\kVGBzCb.exe
  C:\Windows\System\kVGBzCb.exe
  2⤵
  PID:7740
- C:\Windows\System\udmTLEt.exe
  C:\Windows\System\udmTLEt.exe
  2⤵
  PID:1156
- C:\Windows\System\vndRRrw.exe
  C:\Windows\System\vndRRrw.exe
  2⤵
  PID:8248
- C:\Windows\System\bUCWsFD.exe
  C:\Windows\System\bUCWsFD.exe
  2⤵
  PID:8324
- C:\Windows\System\zJinJOL.exe
  C:\Windows\System\zJinJOL.exe
  2⤵
  PID:8420
- C:\Windows\System\wLyFxDc.exe
  C:\Windows\System\wLyFxDc.exe
  2⤵
  PID:8372
- C:\Windows\System\QFPbniD.exe
  C:\Windows\System\QFPbniD.exe
  2⤵
  PID:8448
- C:\Windows\System\inQOUOD.exe
  C:\Windows\System\inQOUOD.exe
  2⤵
  PID:8488
- C:\Windows\System\pfvRsGO.exe
  C:\Windows\System\pfvRsGO.exe
  2⤵
  PID:8552
- C:\Windows\System\XPiOLIb.exe
  C:\Windows\System\XPiOLIb.exe
  2⤵
  PID:8472
- C:\Windows\System\kGcdrsS.exe
  C:\Windows\System\kGcdrsS.exe
  2⤵
  PID:8536
- C:\Windows\System\UOKTKYH.exe
  C:\Windows\System\UOKTKYH.exe
  2⤵
  PID:8684
- C:\Windows\System\JIonOck.exe
  C:\Windows\System\JIonOck.exe
  2⤵
  PID:8728
- C:\Windows\System\IUKksLK.exe
  C:\Windows\System\IUKksLK.exe
  2⤵
  PID:8628
- C:\Windows\System\bvGWZdG.exe
  C:\Windows\System\bvGWZdG.exe
  2⤵
  PID:8708
- C:\Windows\System\OkLOTmV.exe
  C:\Windows\System\OkLOTmV.exe
  2⤵
  PID:8808
- C:\Windows\System\pCLNxyY.exe
  C:\Windows\System\pCLNxyY.exe
  2⤵
  PID:8840
- C:\Windows\System\wOahDUW.exe
  C:\Windows\System\wOahDUW.exe
  2⤵
  PID:8764
- C:\Windows\System\fjCSwEb.exe
  C:\Windows\System\fjCSwEb.exe
  2⤵
  PID:8828
- C:\Windows\System\aMhuOCU.exe
  C:\Windows\System\aMhuOCU.exe
  2⤵
  PID:8892
- C:\Windows\System\LkNjKzG.exe
  C:\Windows\System\LkNjKzG.exe
  2⤵
  PID:9084
- C:\Windows\System\CNnSGGR.exe
  C:\Windows\System\CNnSGGR.exe
  2⤵
  PID:8940
- C:\Windows\System\MoEJYlb.exe
  C:\Windows\System\MoEJYlb.exe
  2⤵
  PID:9008
- C:\Windows\System\vlJGsRp.exe
  C:\Windows\System\vlJGsRp.exe
  2⤵
  PID:9072
- C:\Windows\System\zxgPwDG.exe
  C:\Windows\System\zxgPwDG.exe
  2⤵
  PID:9116
- C:\Windows\System\ekxnKBb.exe
  C:\Windows\System\ekxnKBb.exe
  2⤵
  PID:9164
- C:\Windows\System\WeuDHpz.exe
  C:\Windows\System\WeuDHpz.exe
  2⤵
  PID:9196
- C:\Windows\System\hBiQQXm.exe
  C:\Windows\System\hBiQQXm.exe
  2⤵
  PID:9184
- C:\Windows\System\oWNHEnV.exe
  C:\Windows\System\oWNHEnV.exe
  2⤵
  PID:2364
- C:\Windows\System\QGgMPoc.exe
  C:\Windows\System\QGgMPoc.exe
  2⤵
  PID:1556
- C:\Windows\System\GukogNQ.exe
  C:\Windows\System\GukogNQ.exe
  2⤵
  PID:7396
- C:\Windows\System\TjNAqXR.exe
  C:\Windows\System\TjNAqXR.exe
  2⤵
  PID:7808
- C:\Windows\System\VKNaLkQ.exe
  C:\Windows\System\VKNaLkQ.exe
  2⤵
  PID:7260
- C:\Windows\System\HAKGAlz.exe
  C:\Windows\System\HAKGAlz.exe
  2⤵
  PID:2772
- C:\Windows\System\GQnYlVt.exe
  C:\Windows\System\GQnYlVt.exe
  2⤵
  PID:7456
- C:\Windows\System\bQfrzGA.exe
  C:\Windows\System\bQfrzGA.exe
  2⤵
  PID:8212
- C:\Windows\System\KHtTeYy.exe
  C:\Windows\System\KHtTeYy.exe
  2⤵
  PID:8240
- C:\Windows\System\DIBmZBM.exe
  C:\Windows\System\DIBmZBM.exe
  2⤵
  PID:8244
- C:\Windows\System\FlEYeLL.exe
  C:\Windows\System\FlEYeLL.exe
  2⤵
  PID:8288
- C:\Windows\System\UBlPzJZ.exe
  C:\Windows\System\UBlPzJZ.exe
  2⤵
  PID:8308
- C:\Windows\System\rhGvvQb.exe
  C:\Windows\System\rhGvvQb.exe
  2⤵
  PID:8320
- C:\Windows\System\ANUcCot.exe
  C:\Windows\System\ANUcCot.exe
  2⤵
  PID:8444
- C:\Windows\System\ZpNcXNE.exe
  C:\Windows\System\ZpNcXNE.exe
  2⤵
  PID:8660
- C:\Windows\System\MgHTCjk.exe
  C:\Windows\System\MgHTCjk.exe
  2⤵
  PID:8456
- C:\Windows\System\RgCKYeU.exe
  C:\Windows\System\RgCKYeU.exe
  2⤵
  PID:8596
- C:\Windows\System\SNOnoDh.exe
  C:\Windows\System\SNOnoDh.exe
  2⤵
  PID:8744
- C:\Windows\System\RfeQgDw.exe
  C:\Windows\System\RfeQgDw.exe
  2⤵
  PID:8888
- C:\Windows\System\JkciIea.exe
  C:\Windows\System\JkciIea.exe
  2⤵
  PID:8796
- C:\Windows\System\lVgwgpT.exe
  C:\Windows\System\lVgwgpT.exe
  2⤵
  PID:8648
- C:\Windows\System\HHdBDfN.exe
  C:\Windows\System\HHdBDfN.exe
  2⤵
  PID:9148
- C:\Windows\System\rzfwHAr.exe
  C:\Windows\System\rzfwHAr.exe
  2⤵
  PID:9180
- C:\Windows\System\ipmMWNk.exe
  C:\Windows\System\ipmMWNk.exe
  2⤵
  PID:8216
- C:\Windows\System\hmVcDFm.exe
  C:\Windows\System\hmVcDFm.exe
  2⤵
  PID:8952
- C:\Windows\System\gnuqqtd.exe
  C:\Windows\System\gnuqqtd.exe
  2⤵
  PID:1260
- C:\Windows\System\YWxVLJq.exe
  C:\Windows\System\YWxVLJq.exe
  2⤵
  PID:9168
- C:\Windows\System\dOrbQCo.exe
  C:\Windows\System\dOrbQCo.exe
  2⤵
  PID:6368
- C:\Windows\System\xWbKNFn.exe
  C:\Windows\System\xWbKNFn.exe
  2⤵
  PID:8144
- C:\Windows\System\KPOqJqE.exe
  C:\Windows\System\KPOqJqE.exe
  2⤵
  PID:8264
- C:\Windows\System\hBXJejU.exe
  C:\Windows\System\hBXJejU.exe
  2⤵
  PID:8344
- C:\Windows\System\QAjlKjD.exe
  C:\Windows\System\QAjlKjD.exe
  2⤵
  PID:8436
- C:\Windows\System\QUJmarF.exe
  C:\Windows\System\QUJmarF.exe
  2⤵
  PID:8468
- C:\Windows\System\AGsQmDm.exe
  C:\Windows\System\AGsQmDm.exe
  2⤵
  PID:8644
- C:\Windows\System\mOSSjwQ.exe
  C:\Windows\System\mOSSjwQ.exe
  2⤵
  PID:8992
- C:\Windows\System\cbqwixJ.exe
  C:\Windows\System\cbqwixJ.exe
  2⤵
  PID:9024
- C:\Windows\System\AwFIaaS.exe
  C:\Windows\System\AwFIaaS.exe
  2⤵
  PID:8724
- C:\Windows\System\kebeeqD.exe
  C:\Windows\System\kebeeqD.exe
  2⤵
  PID:8908
- C:\Windows\System\BFZpUqC.exe
  C:\Windows\System\BFZpUqC.exe
  2⤵
  PID:9200
- C:\Windows\System\ssoPcDo.exe
  C:\Windows\System\ssoPcDo.exe
  2⤵
  PID:7908
- C:\Windows\System\pREaMLj.exe
  C:\Windows\System\pREaMLj.exe
  2⤵
  PID:8224
- C:\Windows\System\iWPkQVP.exe
  C:\Windows\System\iWPkQVP.exe
  2⤵
  PID:8268
- C:\Windows\System\TtnBhGj.exe
  C:\Windows\System\TtnBhGj.exe
  2⤵
  PID:988
- C:\Windows\System\mRxgcaW.exe
  C:\Windows\System\mRxgcaW.exe
  2⤵
  PID:8392
- C:\Windows\System\jhIVfyp.exe
  C:\Windows\System\jhIVfyp.exe
  2⤵
  PID:8872
- C:\Windows\System\WQPDtuc.exe
  C:\Windows\System\WQPDtuc.exe
  2⤵
  PID:8812
- C:\Windows\System\aVVEYwg.exe
  C:\Windows\System\aVVEYwg.exe
  2⤵
  PID:8988
- C:\Windows\System\AotweBB.exe
  C:\Windows\System\AotweBB.exe
  2⤵
  PID:8408
- C:\Windows\System\xdVmVRK.exe
  C:\Windows\System\xdVmVRK.exe
  2⤵
  PID:6708
- C:\Windows\System\TjMdscd.exe
  C:\Windows\System\TjMdscd.exe
  2⤵
  PID:9132
- C:\Windows\System\vTtytJo.exe
  C:\Windows\System\vTtytJo.exe
  2⤵
  PID:8280
- C:\Windows\System\gIuCTsa.exe
  C:\Windows\System\gIuCTsa.exe
  2⤵
  PID:8404
- C:\Windows\System\vOtVlQk.exe
  C:\Windows\System\vOtVlQk.exe
  2⤵
  PID:8692
- C:\Windows\System\cpOWeIt.exe
  C:\Windows\System\cpOWeIt.exe
  2⤵
  PID:8956
- C:\Windows\System\pbWPiln.exe
  C:\Windows\System\pbWPiln.exe
  2⤵
  PID:9068
- C:\Windows\System\YRoUOCd.exe
  C:\Windows\System\YRoUOCd.exe
  2⤵
  PID:9104
- C:\Windows\System\gSfinGk.exe
  C:\Windows\System\gSfinGk.exe
  2⤵
  PID:8388
- C:\Windows\System\DxDoCpd.exe
  C:\Windows\System\DxDoCpd.exe
  2⤵
  PID:8936
- C:\Windows\System\zUEOUlO.exe
  C:\Windows\System\zUEOUlO.exe
  2⤵
  PID:7844
- C:\Windows\System\YaHaoQY.exe
  C:\Windows\System\YaHaoQY.exe
  2⤵
  PID:5716
- C:\Windows\System\gWvNdrX.exe
  C:\Windows\System\gWvNdrX.exe
  2⤵
  PID:8664
- C:\Windows\System\GGPIfME.exe
  C:\Windows\System\GGPIfME.exe
  2⤵
  PID:9232
- C:\Windows\System\nAeetVW.exe
  C:\Windows\System\nAeetVW.exe
  2⤵
  PID:9252
- C:\Windows\System\XFDTBuh.exe
  C:\Windows\System\XFDTBuh.exe
  2⤵
  PID:9272
- C:\Windows\System\dKbAxce.exe
  C:\Windows\System\dKbAxce.exe
  2⤵
  PID:9300
- C:\Windows\System\xgckQRv.exe
  C:\Windows\System\xgckQRv.exe
  2⤵
  PID:9316
- C:\Windows\System\FNGaOZI.exe
  C:\Windows\System\FNGaOZI.exe
  2⤵
  PID:9332
- C:\Windows\System\LDmbqtC.exe
  C:\Windows\System\LDmbqtC.exe
  2⤵
  PID:9352
- C:\Windows\System\fjDddjT.exe
  C:\Windows\System\fjDddjT.exe
  2⤵
  PID:9384
- C:\Windows\System\vTeNCqB.exe
  C:\Windows\System\vTeNCqB.exe
  2⤵
  PID:9400
- C:\Windows\System\REdfvGC.exe
  C:\Windows\System\REdfvGC.exe
  2⤵
  PID:9428
- C:\Windows\System\gspDYhf.exe
  C:\Windows\System\gspDYhf.exe
  2⤵
  PID:9444
- C:\Windows\System\VUxFHjR.exe
  C:\Windows\System\VUxFHjR.exe
  2⤵
  PID:9464
- C:\Windows\System\EKaPEjP.exe
  C:\Windows\System\EKaPEjP.exe
  2⤵
  PID:9484
- C:\Windows\System\miTCXCz.exe
  C:\Windows\System\miTCXCz.exe
  2⤵
  PID:9500
- C:\Windows\System\POubMZJ.exe
  C:\Windows\System\POubMZJ.exe
  2⤵
  PID:9520
- C:\Windows\System\NjLVDxD.exe
  C:\Windows\System\NjLVDxD.exe
  2⤵
  PID:9536
- C:\Windows\System\HexDwDE.exe
  C:\Windows\System\HexDwDE.exe
  2⤵
  PID:9556
- C:\Windows\System\nCVhwUy.exe
  C:\Windows\System\nCVhwUy.exe
  2⤵
  PID:9572
- C:\Windows\System\igkZeja.exe
  C:\Windows\System\igkZeja.exe
  2⤵
  PID:9588
- C:\Windows\System\ILjmjzf.exe
  C:\Windows\System\ILjmjzf.exe
  2⤵
  PID:9608
- C:\Windows\System\GAhAyma.exe
  C:\Windows\System\GAhAyma.exe
  2⤵
  PID:9628
- C:\Windows\System\enNiVUA.exe
  C:\Windows\System\enNiVUA.exe
  2⤵
  PID:9644
- C:\Windows\System\oyJdmCZ.exe
  C:\Windows\System\oyJdmCZ.exe
  2⤵
  PID:9660
- C:\Windows\System\EbloXvz.exe
  C:\Windows\System\EbloXvz.exe
  2⤵
  PID:9680
- C:\Windows\System\REvOFWo.exe
  C:\Windows\System\REvOFWo.exe
  2⤵
  PID:9696
- C:\Windows\System\ikYIOHN.exe
  C:\Windows\System\ikYIOHN.exe
  2⤵
  PID:9712
- C:\Windows\System\kKBcmZe.exe
  C:\Windows\System\kKBcmZe.exe
  2⤵
  PID:9732
- C:\Windows\System\HMlPmKn.exe
  C:\Windows\System\HMlPmKn.exe
  2⤵
  PID:9748
- C:\Windows\System\IKxSCwe.exe
  C:\Windows\System\IKxSCwe.exe
  2⤵
  PID:9768
- C:\Windows\System\NsHWDwE.exe
  C:\Windows\System\NsHWDwE.exe
  2⤵
  PID:9788
- C:\Windows\System\wRlMMBo.exe
  C:\Windows\System\wRlMMBo.exe
  2⤵
  PID:9808
- C:\Windows\System\zPMnHda.exe
  C:\Windows\System\zPMnHda.exe
  2⤵
  PID:9824
- C:\Windows\System\mNINfbm.exe
  C:\Windows\System\mNINfbm.exe
  2⤵
  PID:9840
- C:\Windows\System\RvGOgLL.exe
  C:\Windows\System\RvGOgLL.exe
  2⤵
  PID:9856
- C:\Windows\System\ZZbvyxZ.exe
  C:\Windows\System\ZZbvyxZ.exe
  2⤵
  PID:9872
- C:\Windows\System\EuCYwQz.exe
  C:\Windows\System\EuCYwQz.exe
  2⤵
  PID:9888
- C:\Windows\System\iAdfpdr.exe
  C:\Windows\System\iAdfpdr.exe
  2⤵
  PID:9916
- C:\Windows\System\utteepl.exe
  C:\Windows\System\utteepl.exe
  2⤵
  PID:9932
- C:\Windows\System\oHtaIah.exe
  C:\Windows\System\oHtaIah.exe
  2⤵
  PID:9948
- C:\Windows\System\IGezbII.exe
  C:\Windows\System\IGezbII.exe
  2⤵
  PID:9964
- C:\Windows\System\CTZejOt.exe
  C:\Windows\System\CTZejOt.exe
  2⤵
  PID:9980
- C:\Windows\System\qdVnAVF.exe
  C:\Windows\System\qdVnAVF.exe
  2⤵
  PID:9996
- C:\Windows\System\hDPVffx.exe
  C:\Windows\System\hDPVffx.exe
  2⤵
  PID:10044
- C:\Windows\System\wfFALYQ.exe
  C:\Windows\System\wfFALYQ.exe
  2⤵
  PID:10108
- C:\Windows\System\yoAeXDG.exe
  C:\Windows\System\yoAeXDG.exe
  2⤵
  PID:10124
- C:\Windows\System\GAQrlba.exe
  C:\Windows\System\GAQrlba.exe
  2⤵
  PID:10144
- C:\Windows\System\ExqaNmn.exe
  C:\Windows\System\ExqaNmn.exe
  2⤵
  PID:10172
- C:\Windows\System\ijVmQIX.exe
  C:\Windows\System\ijVmQIX.exe
  2⤵
  PID:10192
- C:\Windows\System\iRNIYiI.exe
  C:\Windows\System\iRNIYiI.exe
  2⤵
  PID:10212
- C:\Windows\System\Dctvpnm.exe
  C:\Windows\System\Dctvpnm.exe
  2⤵
  PID:10228
- C:\Windows\System\dtRqpbu.exe
  C:\Windows\System\dtRqpbu.exe
  2⤵
  PID:9224
- C:\Windows\System\XTtrrve.exe
  C:\Windows\System\XTtrrve.exe
  2⤵
  PID:8876
- C:\Windows\System\cGRJNkw.exe
  C:\Windows\System\cGRJNkw.exe
  2⤵
  PID:9280
- C:\Windows\System\QTaeIDK.exe
  C:\Windows\System\QTaeIDK.exe
  2⤵
  PID:9268
- C:\Windows\System\oSBlkaU.exe
  C:\Windows\System\oSBlkaU.exe
  2⤵
  PID:9360
- C:\Windows\System\FDwVDhP.exe
  C:\Windows\System\FDwVDhP.exe
  2⤵
  PID:9368
- C:\Windows\System\UgWDjmj.exe
  C:\Windows\System\UgWDjmj.exe
  2⤵
  PID:9396
- C:\Windows\System\dRdecKd.exe
  C:\Windows\System\dRdecKd.exe
  2⤵
  PID:9476
- C:\Windows\System\qFoCcfl.exe
  C:\Windows\System\qFoCcfl.exe
  2⤵
  PID:9516
- C:\Windows\System\fpABUZM.exe
  C:\Windows\System\fpABUZM.exe
  2⤵
  PID:9580
- C:\Windows\System\qveOqXr.exe
  C:\Windows\System\qveOqXr.exe
  2⤵
  PID:9724
- C:\Windows\System\nPicHrA.exe
  C:\Windows\System\nPicHrA.exe
  2⤵
  PID:9796
- C:\Windows\System\mIBNsvc.exe
  C:\Windows\System\mIBNsvc.exe
  2⤵
  PID:9452
- C:\Windows\System\KngwIYn.exe
  C:\Windows\System\KngwIYn.exe
  2⤵
  PID:9424
- C:\Windows\System\SgSqqWw.exe
  C:\Windows\System\SgSqqWw.exe
  2⤵
  PID:9564
- C:\Windows\System\GtsEzZV.exe
  C:\Windows\System\GtsEzZV.exe
  2⤵
  PID:9832
- C:\Windows\System\xUKCgrD.exe
  C:\Windows\System\xUKCgrD.exe
  2⤵
  PID:9896
- C:\Windows\System\QSAbLsh.exe
  C:\Windows\System\QSAbLsh.exe
  2⤵
  PID:9456
- C:\Windows\System\XbWPZtv.exe
  C:\Windows\System\XbWPZtv.exe
  2⤵
  PID:9600
- C:\Windows\System\dDigmag.exe
  C:\Windows\System\dDigmag.exe
  2⤵
  PID:9672
- C:\Windows\System\AMOpifA.exe
  C:\Windows\System\AMOpifA.exe
  2⤵
  PID:9784
- C:\Windows\System\FLqNVLU.exe
  C:\Windows\System\FLqNVLU.exe
  2⤵
  PID:9880
- C:\Windows\System\TdLtaBu.exe
  C:\Windows\System\TdLtaBu.exe
  2⤵
  PID:9912
- C:\Windows\System\vcixQvA.exe
  C:\Windows\System\vcixQvA.exe
  2⤵
  PID:9972
- C:\Windows\System\efRXgKB.exe
  C:\Windows\System\efRXgKB.exe
  2⤵
  PID:9988
- C:\Windows\System\GbsecpF.exe
  C:\Windows\System\GbsecpF.exe
  2⤵
  PID:10012
- C:\Windows\System\ITSaTxY.exe
  C:\Windows\System\ITSaTxY.exe
  2⤵
  PID:10028
- C:\Windows\System\HMONeSe.exe
  C:\Windows\System\HMONeSe.exe
  2⤵
  PID:10052
- C:\Windows\System\cVSZNhr.exe
  C:\Windows\System\cVSZNhr.exe
  2⤵
  PID:10068
- C:\Windows\System\QBhsKIn.exe
  C:\Windows\System\QBhsKIn.exe
  2⤵
  PID:10084
- C:\Windows\System\KXfHNwJ.exe
  C:\Windows\System\KXfHNwJ.exe
  2⤵
  PID:10100
- C:\Windows\System\ORwRkjp.exe
  C:\Windows\System\ORwRkjp.exe
  2⤵
  PID:10132
- C:\Windows\System\pjLLvAa.exe
  C:\Windows\System\pjLLvAa.exe
  2⤵
  PID:10160
- C:\Windows\System\WtiBSwH.exe
  C:\Windows\System\WtiBSwH.exe
  2⤵
  PID:10184
- C:\Windows\System\odPnhok.exe
  C:\Windows\System\odPnhok.exe
  2⤵
  PID:10208
- C:\Windows\System\iGSBFmH.exe
  C:\Windows\System\iGSBFmH.exe
  2⤵
  PID:10236
- C:\Windows\System\dEJzsuW.exe
  C:\Windows\System\dEJzsuW.exe
  2⤵
  PID:8128
- C:\Windows\System\kZyxUeF.exe
  C:\Windows\System\kZyxUeF.exe
  2⤵
  PID:9248
- C:\Windows\System\vduXyjt.exe
  C:\Windows\System\vduXyjt.exe
  2⤵
  PID:9324
- C:\Windows\System\nWRPmep.exe
  C:\Windows\System\nWRPmep.exe
  2⤵
  PID:9440
- C:\Windows\System\qqmhNjw.exe
  C:\Windows\System\qqmhNjw.exe
  2⤵
  PID:9472
- C:\Windows\System\kFAsdiJ.exe
  C:\Windows\System\kFAsdiJ.exe
  2⤵
  PID:9616
- C:\Windows\System\yDAhyaw.exe
  C:\Windows\System\yDAhyaw.exe
  2⤵
  PID:9692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BdPjkcQ.exe

Filesize
6.0MB

MD5
59d20d2883db75b094fe358c912de31a

SHA1
225f274aa7fd8c71276e31f2a6180e583020c222

SHA256
61e6ee608701f6b18a90115bf9d7dbe41689c0047fb7e8837652902294d7c8a3

SHA512
78f7657fa7934dc661a838c5e5aac850ea5cf44c0bda4296e67733906a751cdb6189ed5462d657d5d307663d241d08ed00b89d81066d00fbe1e7c5bccb76bc82

Download Submit
C:\Windows\system\BgLvIoJ.exe

Filesize
6.0MB

MD5
1ce035569be0b38ed8d18d748a5c4aef

SHA1
d366f3adb498ba2a2a9a9ff3b5874e7e18786561

SHA256
95ded7e1ece25eb3505885b2722a6be4ff46141ae2ea8bd5ca89226aceea6a45

SHA512
eed545f3ac050d34ae719532aae6044530223534ffac2fec862feef53e7b5696f656ca28f80b9504c5cafd1600f513e30c2234497f24f191c634e52924efd2db

Download Submit
C:\Windows\system\BixypvO.exe

Filesize
6.0MB

MD5
abfa1227b29db2b7fb2972bbfb4b6a77

SHA1
24217fcbffa6170ca4ccfb8dbb7d4f05d19e7b52

SHA256
bda77161ee8f468fcf16c42d7a6c1cc962423b82d206914a5c4a58067dcad741

SHA512
b8e0bb1fbd9078b1beb5ad11aeab97c8c524c741a7abdf63832f3890237988de18099de4175bc793f47be32f14c8032fffea4b8910c0470b38a90a60aec79f1d

Download Submit
C:\Windows\system\CrBAUGK.exe

Filesize
6.0MB

MD5
35b477fe885f85b0c9a57ff0a9c907bc

SHA1
aa5959d29fcff619f1d73a0abdeaad0311d8cbf2

SHA256
81eecf868993f5811440363c936eec6aa61d7f45bf2acdcabf4573a7744c23a1

SHA512
0e678f959c84028bd51ab0c1fdc3f91aead6b48b169ff541334cc4bbc07c6100d9eec008c6e75425b3df56e63e7005ef8d18e6786afe11f1558f913c7a08c91d

Download Submit
C:\Windows\system\FTPSuyi.exe

Filesize
6.0MB

MD5
179e45313b0b2104c96561468f172833

SHA1
84076b61731318c54d511e79ad8358f75590f356

SHA256
c9ea7cc7b1c162139e71f3ff5491bdb50ece63dc9d6592f727541fd3fc759ea3

SHA512
e891cae5487548d41333e41afbc92bce69b00a00ca2bb9924b029e2e0b1ada0a1b3de35cdea4983900ef17873abe7ff08f6088a99c8047ec864c68401ecf3e36

Download Submit
C:\Windows\system\GhJfQpU.exe

Filesize
6.0MB

MD5
6172488ac3891e8eb6b53ed135235cbe

SHA1
10100513c0796ce282032be819a447f94b656765

SHA256
dcae1b1a4a10f8c7e8abc8c30e9b2b609f7aced0b1ed70f40a81ce2e54ae3723

SHA512
8cea91161455d40a7b760451a6750d49aafe22fdeefbd381d3cee8fb29e7751e558bb85dee677ade442eafdee843ead70b84022cd289c1f89c7d1d5eafea6e73

Download Submit
C:\Windows\system\GqhPnHL.exe

Filesize
6.0MB

MD5
4fbfd4a8fc1e429f9281a5eda6a44082

SHA1
7c6b0e1d8ac8b7c78c7721addb3d9d363ac33a14

SHA256
a10ab6d5f95e0da184067fa70237b5e307c47a1eeff33f94f9e5c72dd7622179

SHA512
a5c1d7eb269e4a32a98f9a71a68407c85ae2b8d3e6a3b0287270f4b5188ec1eaf70d1589a626f59ffbb80725a15f607ea8f9ea60ac8d8dd2111d43a06a3752d4

Download Submit
C:\Windows\system\KzffVNf.exe

Filesize
6.0MB

MD5
7271510f810187f2f5001461c384a6b2

SHA1
883244a7ab760e66f02cee959856b36f2d80aee0

SHA256
3cbcdb517e56912d86fc5ed1fb67bf04f2c14f6ade18a18053cc3390a2715ef8

SHA512
dad540040a456913c9cd0a01ba84422d1fb70b72be3c28b6e8e5db75eb8ade9359c76a25932190fcf843961d3b49abadcec11f9d5e8fb0a27ffdd945c827d9ad

Download Submit
C:\Windows\system\Lnhqxgy.exe

Filesize
6.0MB

MD5
f1884c42c8f242c073f25cd1f8ef6e39

SHA1
30f65c967a3546dc64f935808231856feb6e8a78

SHA256
072c87dc482e8d8019c4082d9d41adb67d4402d06fb71f75a8ee5d4a5431803c

SHA512
67cb9c4f4337826f32ddb8a694ac4208e89780727cabe6305145414da9ece3346bca3c58a33f6cf65da50ab6ca64708f255741b76740b045005adf99032c82b8

Download Submit
C:\Windows\system\PXELicL.exe

Filesize
6.0MB

MD5
eed16fa977d1e43498201523d2352b7b

SHA1
625a3f12685820d15c7d2579446f3eb56d0cc133

SHA256
0956e195aaf4429505bc8c49f4becfe6da87084a3291c44a4ca7977af9920974

SHA512
3d0e19bf7ec91111c81e842c191f11f7e3440b67869de4764371c817759b5a37cfd41c873c054f4ade16fad1ddff45263ec5a56d688e52cbeaf9822b459b5715

Download Submit
C:\Windows\system\QFJGPZe.exe

Filesize
6.0MB

MD5
632054e5ae6f19163b38a8d60862521e

SHA1
ba94c2269f9f05c5375370c13f167ba00f3e3100

SHA256
089665e0f057c21e0a8e91bed040c43e6a50b30b88f22a75646b98c873df48ac

SHA512
6370c6b4cddf5499da0a8894428ba3125716776c793975019680b1e1cbe223c9ca4e414263ab2d11094ca5e8107d1008d92753c920921602aa76bdff66915244

Download Submit
C:\Windows\system\RQoTosO.exe

Filesize
6.0MB

MD5
74ad0efa5e65939c2746b48453fb58ee

SHA1
1566172f127dd482d5061487c9b505f454334932

SHA256
84245149d063ebb283704efaf95cd62e271606b2c811a95b4ab99a795fef751b

SHA512
8c06508d7863b11da25a59c213e15a2704683aa8b1842e86484a9a76421fd858090aaa3fd13494e7c98250a1d3ed11927659e72cce5567dc854b9f6cf711cf51

Download Submit
C:\Windows\system\SoZFqSn.exe

Filesize
6.0MB

MD5
7fd3ce6ed5b8652f4c5bca5c96f03343

SHA1
8a483221d6d75b55e046a3d8072b6eaeeb760893

SHA256
8df7746e8eb831df1957b6d699660d32139970f66314db52aaeccd3b0faa5f0e

SHA512
7e6f0026d345ad5d9d5e3f1976c1187e28a9148635eb5211372c7ef3495d25bdae98697828574dac89ee71fc3b9074269a3b519de4cb89897ea53f432846d574

Download Submit
C:\Windows\system\VrerbID.exe

Filesize
6.0MB

MD5
b215a632a2c9f6e8eb9624765ed27a1d

SHA1
225693fa1a724df684630eb44e3ff3a743c381f2

SHA256
72b5c38ba0152e626608854fb76928485d47c4e8ac680631385712ad14b067c9

SHA512
a5757c1b91fc25f2aac0c7c97924c4bb7af9d7802b0f2cf5e2aba24232061e5294f5ff07be534719a03472c34575ff27aa9bfcc36bf862583599d2b74fc2bad5

Download Submit
C:\Windows\system\WxfCRTW.exe

Filesize
6.0MB

MD5
137d752f7ab81717eab22c473548dfe0

SHA1
da8d4cc78fe12b6ccb03d1443a36fd46ccfdc1ee

SHA256
19d819533282589e7d9ae2ee3dade6179a0a6d558897700e145155c96b2637a8

SHA512
0e147cbbad5ca890292ada1de17f95aa0c86e2a8c9ec636ccc201eabaaa793485bbf466402327d08ffdeb9678eb4025be71b7cbf57f6be55d77053ae689f2c00

Download Submit
C:\Windows\system\XAJbgmn.exe

Filesize
6.0MB

MD5
8b1bbf1aae555bd21f1dd9d643dbb1a8

SHA1
ed08c927728b967b1b400606df771b56acb81e90

SHA256
f90bb562414605a773d709c619144475ed10d71add823b5857689489e89d8ec0

SHA512
17905275ef4693a4cbd08ce6a858f2a08ffcdd203c3733a3416d069be3eefca322dcc9bc753ae19c96c8e79d58de12daad56ad495e68874b47a189361345dac3

Download Submit
C:\Windows\system\ZKsMJEl.exe

Filesize
6.0MB

MD5
ec351ee44e6ed646e10f5c768c5f47bb

SHA1
18399a1e33f1861886523443bdb822ffed4da243

SHA256
4e94846466cbd5e3390c92796878209d82f3db50d4cd2a87f72a0c4a9813254d

SHA512
d906da09a471297355f48d124959d35dc9003a6471c4d0c0313069fac6e1e349f68ec1af3808b75d9eb9828365c7b148b5968ca12bbffe250464ebbaf816e106

Download Submit
C:\Windows\system\ZqPCLBu.exe

Filesize
6.0MB

MD5
4ced0ca4eb69f3fda72b772db616aebd

SHA1
8b369311d28ef550bb255c9b0a1e85197e7e1614

SHA256
0bf7e4e646dd55474a13c164353b8192fe51b6870c8d7a49c64da65ce2c11f3a

SHA512
386e1d40f18d8869fec665eb9d1ad4d317a604d7fd454a679be7e85b7ab89a7dbfbac14237bb2604367f5f401f5177794f3d5f313932e3db145ac76b6265f708

Download Submit
C:\Windows\system\bjPVsCt.exe

Filesize
6.0MB

MD5
e3eb0eed0f4ddc959df17d0ef001b02f

SHA1
8bc1c77cd2325dee11cd6625711d538cf6ed7e66

SHA256
e4e8b091f63b139025aba9d08a223677e70aec99a12962175a688d4ba2992eca

SHA512
b99a4da7a6a2c208320066b6dfc14f1d3f0fb69e6ecae94af41646d35200ce65303d276783b4866118325299e817829a980417a64ee6bb8397ecbbfef9d7316f

Download Submit
C:\Windows\system\ivgqjlN.exe

Filesize
6.0MB

MD5
d6847ae1d781c7e273c52bc698c68ab6

SHA1
af7d2cc7330d0cdde1de6228c67371c3b4ee826e

SHA256
f4d3b33378b9b91143d2cde2efb62edfdf22635a7e46b81a6521bc8bb2aa980e

SHA512
cbf675b95e978ff76316b8695864c7d252ace0444f9e93f6cf3911180e8ba6d1b6f1b2fd5a808e81be0699debdd663fae0e5e7397e8d7a7b3c2ebbb64ff80530

Download Submit
C:\Windows\system\qxtFdhU.exe

Filesize
6.0MB

MD5
6425392047da97cf9700baeff2934e71

SHA1
e1ba7681eab3f2bcf0b82b8b0a74a8ecdeb777c9

SHA256
e9f2755dd93f9f886657b87d564df928d567935b73dc9f911e31caeb91c61dae

SHA512
6fdce1d1c57df80af9c169e1c9d787af60ae30b3369da00b4c8b84569b3db55765f89bf6fa7ca5937e828bdbabb05b871fe376c1c831565bb9dd6d7d894c2c53

Download Submit
C:\Windows\system\wQWPttU.exe

Filesize
6.0MB

MD5
e180f7fc6e38ae8349b0b498293f573f

SHA1
ff0c45bfcbdb603de13ece4c9ae976689b6f0d12

SHA256
ae52ac972da36ea242b4803f004a8ddcdb9652674c348d427c402ae01cddea60

SHA512
4fd583dcc42fd07f5770ff859f3f87839730bdd091c99f61c55a899f3e982e5111c16ae7e2755634d13174631118187960233293b7404cacc2594c2eba0f3908

Download Submit
C:\Windows\system\xDPDznb.exe

Filesize
6.0MB

MD5
80e68a466c39d9eceb7fa4962c90bdf2

SHA1
0fd244ed489698ba894d1b45fe0183206054853b

SHA256
1f15ea1c0360a0fec25beb6c46d3e6b2d156b7edd1dc46c382ffea783956e0d2

SHA512
4e665c68068814f980d91db490176edb8c4562300700a2b7f4e0322c10423dc3c707a9317084390dcc0d2e6de3dbb860f220f8a7bd489bbe753e2e78699a38b3

Download Submit
C:\Windows\system\xdWRQAI.exe

Filesize
6.0MB

MD5
8e885e9cfea1b1af085a37a44c6c6ede

SHA1
90b89bb944277052e3236c3021a473121c9a5289

SHA256
43d262080125fc95f2eff39449bf75883d3e3646df684b1924f90e02ce0137b8

SHA512
751149f1d2f4176de024b88e13a3ec71cf87115918e0d43d53e8e6c8a70914634f116982a66add257c8bdd2ec5bed0dccf1030773dd182426587995c0f0446f5

Download Submit
C:\Windows\system\ykuCEsJ.exe

Filesize
6.0MB

MD5
63bf9c96efd3538052cf4e67576221ff

SHA1
6e88619c1214e0180c86b5061cec7c92222e4bdf

SHA256
07b19172fe507c26099a48f11084fab54a5fd3a6ef016ef7e482fd0c3a11e93d

SHA512
99484a67705fb76235befcf926e74cefc015026ee2968d0b0f73ffc9bba6025b7b1d17a12e351d701ec68e7e0e04cd03a696e8ed3297da321423a33c983037c7

Download Submit
\Windows\system\CMsFwkc.exe

Filesize
6.0MB

MD5
e6f7000992e6bc424b0d0c1e1a455384

SHA1
605f2912eb7025a477a3bbe66f5d97cf8c8451be

SHA256
890406befbd1878a646ff6cfac0c0cec26f450ee2086d4ec89cfec2887aed74a

SHA512
a50911bf18f9766d66bcc3d892cec9a4fe5a0c0c635156a6c3a500781c799bdb2e7857188f682f89a21748789bb4f8df156e12479cc473d0bbc566b6b331c107

Download Submit
\Windows\system\UZowBRE.exe

Filesize
6.0MB

MD5
d3c38a304a8c615f54f1124458994ceb

SHA1
3f6e635d30f1bb1ad0354501d33cab19a7e2d43c

SHA256
f17256bece420d7be08d88f941edad565386fbd14360bf2fed34002199e9949a

SHA512
82ca07594d091b08722a4c18550b4c8b06e48cbbd9c739998cd9a31ed0532d1b9c2d1501e80297080b6d2891556fa2c05bc798914601967dd6a742dad2454fc8

Download Submit
\Windows\system\UcTPnan.exe

Filesize
6.0MB

MD5
2002e2388ea41f10f517dc2e55198505

SHA1
6ca1dec7c26eeaa600fc9800a157b6e601d757df

SHA256
dd293555bcf6530c36b73538eea9eb1628ca36681cd52122997382dbadbd811d

SHA512
09053b6beff80dcd523e9c64e798d23f43e9b9c257066b33552ca5762e4c564c61a88aa3e3621aa6bcd858063220dc9c8e7323ab1288e9e34a87ab7cb02fdfe6

Download Submit
\Windows\system\VyhooUn.exe

Filesize
6.0MB

MD5
a71b6790034b33b540c6878247a1e712

SHA1
c81cdc37aafdb75c1748e00ce041f6e531940f2c

SHA256
34911434c7361808252d26a5a5224958b9fc34a39ec33d6897ba13289231e967

SHA512
a7b33838a27f888fd06cab030f87fbbbd35e8a5f764769969956b553baa49f92868c6a5bf8b1370231e5d7d892d5048f4e214dbf484568ee306654fd99d07417

Download Submit
\Windows\system\ZpNlwVz.exe

Filesize
6.0MB

MD5
8c13119a126467f4692c271082cf6aa0

SHA1
653f669002c8358580cda09b0c69b73ed6547b35

SHA256
40f18587d70f98d7938a17d355c1f4701c70140540e17e2e6ba17fb4d14037e7

SHA512
6cd2deb1ba4ca06c85214d43ac7326e8c8f2af6c3787e2cc4d3a89823d47e8b46d8be0c137b5fee7a022e96534094dcb9e5f8ad08737fe96d2689058b8103e54

Download Submit
\Windows\system\aPNgQyF.exe

Filesize
6.0MB

MD5
dcac7c67ae3707284a0717691e5728df

SHA1
8b4e8aceff0409ae1ae75ec0f852556a06df9ec7

SHA256
32d6a3474f0348119d5959c3d7f108dcdddb5e48e55d6b6e210f44cadb7b588c

SHA512
cb355c9750cb750eef0073376185a25dff9c8dca1702193908c88579ba989126b29acbe38a67cc36d24721a9561d39914bb95409816507516fbe228607dec10c

Download Submit
\Windows\system\cnLMZoe.exe

Filesize
6.0MB

MD5
23c8697f358cc835c7caf15213133fd4

SHA1
289c0119b007a431255b9bf7f0cd699f53cb35fe

SHA256
3ea7730d7656b9c928c030c5a7abdc456744e5ce2e4efc22c93182389e10aef3

SHA512
d770c539d8c6f4ab9302572068a4d164ec9194e19d4b1e68dcad6104f9b4a5b70d8b00d2a9b0e133da74e889ba334492c34a67f8a4756711f1a2b2eed5f23308

Download Submit
\Windows\system\hDiByit.exe

Filesize
6.0MB

MD5
d921f40a4bf1892930d3518ac0d3acf1

SHA1
47d8f0bb62f23ff80a61e1190af52229b8d56e5b

SHA256
0ea76bf286b9598ba5f6b70e8f26f57a38a9c50187411538e8c4b1313db14f60

SHA512
f4453da84d6ef434a2de37e087319cf77ee04f4fcfe88c308a95ea4cb01306c10467ef18d008c3c1c63253e34c4e3fc4fc3e3fe7531abc3c4e8831cb10610f45

Download Submit
\Windows\system\kXhWlVH.exe

Filesize
6.0MB

MD5
08b939e31e6ff6b45c9939001481eaab

SHA1
14cc9aa2a6efd62721d81eb80aae34556e580591

SHA256
dbb3bec58096e1b45bc01d44d2c5a8c5b7a000b9da8b4ee269aaf4952dbaafa7

SHA512
67f6cd34b32b6f030077a40d1eb7acc6ec41d07f93bc98d07bb49f05ad8c930cdf7dd44c296ab00bf5faa605ed41f3c9cb5e59a4fc6f57288ee76452d1ee89e2

Download Submit
\Windows\system\nJRynoH.exe

Filesize
6.0MB

MD5
c9c2cb32241835e5d3531b43996bd822

SHA1
526ad43cbfcf388ce5ff77cc82e10fc216f463db

SHA256
7a5b97fe12f2c551e3e5a142f4cdca23486b31609edb64fb1fa8533424a4c368

SHA512
a817a5b7baed3756a6d5f0b886169a133c22c339893a8b68e36018b86ff2694aadc463a5b338e5ee84140052ba9bb3812f4d3fcc776772c33746b85f8962decb

Download Submit
memory/276-190-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/276-3846-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/1856-3922-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1856-187-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2008-3832-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2008-173-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2196-189-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2196-3834-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1143-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-194-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2212-180-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2212-178-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1272-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2212-176-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1146-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2212-174-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2212-182-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2212-172-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1145-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2212-184-0x0000000002290000-0x00000000025E4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1144-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2212-0-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-186-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-188-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/2212-974-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-192-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2212-196-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2220-193-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2220-3873-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2548-183-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3921-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2580-185-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3830-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2668-177-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3831-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2684-175-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3835-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2716-181-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3879-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3927-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-179-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3847-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2792-195-0x000000013F820000-0x000000013FB74000-memory.dmp

Filesize
3.3MB

Download
memory/2816-3839-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2816-134-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/3012-3878-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/3012-191-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download