cobaltstrike | 02c5447cf7b0f8c3a9c8408831769019ba42f43c1f233a34fe8e76069abee2aa

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
31-12-2024 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.1MB
MD5

02fed071869ace9f88563aba9548c3a4
SHA1

1fa548aa9d9b1256669b73451d2fed2a144a5245
SHA256

02c5447cf7b0f8c3a9c8408831769019ba42f43c1f233a34fe8e76069abee2aa
SHA512

e4bf5848c963e5337d847ab587e30089a8cb850c8febb044335411d9bc35a21b3d8cb03108da4a074761114a3fcb2f4ab0b8152f65bf836cb1584c68eea78e54
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUa:eOl56utgpPF8u/7a

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000900000001225f-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d04-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5a-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d71-26.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017342-37.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-108.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-157.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-145.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-125.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-123.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-121.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000018617-119.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016f45-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-57.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016e1d-34.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-80.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2184-0-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x000900000001225f-6.dat	xmrig
behavioral1/files/0x0008000000016d04-8.dat	xmrig
behavioral1/memory/2032-21-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d5a-10.dat	xmrig
behavioral1/files/0x0007000000016d71-26.dat	xmrig
behavioral1/files/0x0009000000017342-37.dat	xmrig
behavioral1/files/0x0005000000019624-108.dat	xmrig
behavioral1/files/0x000500000001958b-53.dat	xmrig
behavioral1/files/0x0005000000019c0b-149.dat	xmrig
behavioral1/memory/2448-288-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/1612-503-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2352-601-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2444-1047-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2184-1046-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2720-289-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2404-215-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d69-165.dat	xmrig
behavioral1/files/0x0005000000019d5c-161.dat	xmrig
behavioral1/files/0x0005000000019cfc-157.dat	xmrig
behavioral1/files/0x0005000000019cd5-153.dat	xmrig
behavioral1/files/0x0005000000019bf0-142.dat	xmrig
behavioral1/files/0x0005000000019bf2-145.dat	xmrig
behavioral1/files/0x0005000000019bec-137.dat	xmrig
behavioral1/files/0x0005000000019931-133.dat	xmrig
behavioral1/files/0x00050000000196a0-129.dat	xmrig
behavioral1/files/0x0005000000019665-126.dat	xmrig
behavioral1/files/0x00050000000195e0-125.dat	xmrig
behavioral1/files/0x00050000000195ce-124.dat	xmrig
behavioral1/files/0x00050000000195ca-123.dat	xmrig
behavioral1/files/0x00050000000195c7-122.dat	xmrig
behavioral1/files/0x00050000000195c4-121.dat	xmrig
behavioral1/files/0x000a000000018617-119.dat	xmrig
behavioral1/files/0x0009000000016f45-118.dat	xmrig
behavioral1/memory/2184-107-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x00050000000195d0-106.dat	xmrig
behavioral1/memory/2184-99-0x000000013F110000-0x000000013F464000-memory.dmp	xmrig
behavioral1/files/0x00050000000195cc-97.dat	xmrig
behavioral1/memory/2184-90-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2352-89-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2608-88-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c2-66.dat	xmrig
behavioral1/files/0x00050000000194e2-57.dat	xmrig
behavioral1/memory/2768-56-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2720-43-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2184-36-0x000000013F5A0000-0x000000013F8F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016e1d-34.dat	xmrig
behavioral1/memory/2448-33-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2356-114-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2444-111-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/memory/2184-84-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2752-83-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c8-81.dat	xmrig
behavioral1/files/0x00050000000195c6-80.dat	xmrig
behavioral1/memory/1612-71-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2184-61-0x000000013FD00000-0x0000000140054000-memory.dmp	xmrig
behavioral1/memory/2404-18-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2356-16-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2032-3448-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2356-3447-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2752-3454-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2720-3457-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2608-3930-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2352-3929-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2356	zChPhXJ.exe
2404	VHiQMjf.exe
2032	taEzAkN.exe
2448	gTVTAoF.exe
2720	mEHLxmx.exe
2768	jNHWrhy.exe
1612	CUxlqaF.exe
2752	YkQPwAb.exe
2608	UDKyaHD.exe
2352	OmhHuxr.exe
2444	bBcXJcs.exe
2952	efvUMpA.exe
1356	gbwOQzF.exe
2816	CnqCBoe.exe
2904	TfvOimK.exe
2960	ZskIeUS.exe
2660	vwQzRGv.exe
2684	jTZmJgg.exe
1028	gOFWknd.exe
2860	PyOQBVN.exe
2840	YjkFzkM.exe
1244	XKlYigr.exe
1916	jfRScEi.exe
2140	AKbxsTQ.exe
876	lZLvUQl.exe
1208	CxtsCTw.exe
584	mCLiDer.exe
2396	kIUVeqL.exe
1540	ceoltWt.exe
3036	cHYXOhG.exe
1048	rbCUtzP.exe
908	OmhHkDj.exe
3040	NCyRDAE.exe
3048	AcFjaAO.exe
1132	sGZTDwg.exe
1964	qDOvQQf.exe
960	MXtkogL.exe
2584	VlQhcyg.exe
612	NbtyunB.exe
1172	wbkDKxV.exe
1884	reLVYrv.exe
1392	USXUYKS.exe
2040	QRHgvYG.exe
1060	EbUcuYX.exe
2016	qUwMARe.exe
900	gPnFPvN.exe
928	ZvDKyRc.exe
772	XlVuUpk.exe
2236	CXpdklI.exe
1864	zHaPOQb.exe
2076	XgiBDhu.exe
1744	OzPMyVB.exe
2540	AhWqRQQ.exe
2096	fBTDdxW.exe
2164	XdcBTIP.exe
1732	BWMrjrB.exe
892	NQYmBeL.exe
912	bOPFpQl.exe
1676	wgPbgMq.exe
2204	ggvPVMi.exe
1924	iTcHiDf.exe
1932	PcygJTt.exe
1600	ydsLOLt.exe
2156	VbGRnks.exe

Loads dropped DLL 64 IoCs

pid	Process
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2184-0-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x000900000001225f-6.dat	upx
behavioral1/files/0x0008000000016d04-8.dat	upx
behavioral1/memory/2032-21-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0007000000016d5a-10.dat	upx
behavioral1/files/0x0007000000016d71-26.dat	upx
behavioral1/files/0x0009000000017342-37.dat	upx
behavioral1/files/0x0005000000019624-108.dat	upx
behavioral1/files/0x000500000001958b-53.dat	upx
behavioral1/files/0x0005000000019c0b-149.dat	upx
behavioral1/memory/2448-288-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/1612-503-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2352-601-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2444-1047-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2720-289-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2404-215-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0005000000019d69-165.dat	upx
behavioral1/files/0x0005000000019d5c-161.dat	upx
behavioral1/files/0x0005000000019cfc-157.dat	upx
behavioral1/files/0x0005000000019cd5-153.dat	upx
behavioral1/files/0x0005000000019bf0-142.dat	upx
behavioral1/files/0x0005000000019bf2-145.dat	upx
behavioral1/files/0x0005000000019bec-137.dat	upx
behavioral1/files/0x0005000000019931-133.dat	upx
behavioral1/files/0x00050000000196a0-129.dat	upx
behavioral1/files/0x0005000000019665-126.dat	upx
behavioral1/files/0x00050000000195e0-125.dat	upx
behavioral1/files/0x00050000000195ce-124.dat	upx
behavioral1/files/0x00050000000195ca-123.dat	upx
behavioral1/files/0x00050000000195c7-122.dat	upx
behavioral1/files/0x00050000000195c4-121.dat	upx
behavioral1/files/0x000a000000018617-119.dat	upx
behavioral1/files/0x0009000000016f45-118.dat	upx
behavioral1/files/0x00050000000195d0-106.dat	upx
behavioral1/memory/2184-99-0x000000013F110000-0x000000013F464000-memory.dmp	upx
behavioral1/files/0x00050000000195cc-97.dat	upx
behavioral1/memory/2352-89-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2608-88-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x00050000000195c2-66.dat	upx
behavioral1/files/0x00050000000194e2-57.dat	upx
behavioral1/memory/2768-56-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2720-43-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0007000000016e1d-34.dat	upx
behavioral1/memory/2448-33-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2356-114-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2444-111-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2752-83-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x00050000000195c8-81.dat	upx
behavioral1/files/0x00050000000195c6-80.dat	upx
behavioral1/memory/1612-71-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2404-18-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2356-16-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2032-3448-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2356-3447-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2752-3454-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2720-3457-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2608-3930-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2352-3929-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2444-3957-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2768-3756-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bhDmDqg.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VbGRnks.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OdiqVxi.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otlNmVy.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mwlwYBS.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zChPhXJ.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wBJveKD.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcSrdUY.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PisjJiz.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mVQnabM.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UuyaMtf.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ceoltWt.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCGXihI.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSmziNx.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hBDajwv.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wbkDKxV.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdpCTXH.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sLGVmyj.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpCZjpJ.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQUfMvm.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbgYYzz.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lDfLvVo.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCtihpp.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xOBBoUb.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGTIrOr.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WuAfHmw.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qUwMARe.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MnpOdAX.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNjQTsX.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uExAEXe.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FoGFZdq.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFJJZrb.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhgBEPw.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pFeYuCV.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGIvsyt.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XJrklPY.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvKeocN.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bLiNdxK.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCSIzHK.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCwJxoC.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gNayOml.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uPZOWYs.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMMQCjy.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEgqNMX.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gFuxOTY.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHUpPiy.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jkJnnFw.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRyJaKs.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWGEtNK.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YGCPPkZ.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jprXotg.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taEzAkN.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cHYXOhG.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kgWFYbb.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XfOAQyB.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQytczu.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGAowtQ.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xNkPZlB.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lsWaLLw.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZdfwax.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RtLVpAS.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbrFqZk.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCoqjrs.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iAbBczY.exe	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2356	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2184 wrote to memory of 2356	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2184 wrote to memory of 2356	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2184 wrote to memory of 2404	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2184 wrote to memory of 2404	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2184 wrote to memory of 2404	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2184 wrote to memory of 2032	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2184 wrote to memory of 2032	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2184 wrote to memory of 2032	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2184 wrote to memory of 2448	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2184 wrote to memory of 2448	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2184 wrote to memory of 2448	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2184 wrote to memory of 2720	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2184 wrote to memory of 2720	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2184 wrote to memory of 2720	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2184 wrote to memory of 2816	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2184 wrote to memory of 2816	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2184 wrote to memory of 2816	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2184 wrote to memory of 2768	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2184 wrote to memory of 2768	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2184 wrote to memory of 2768	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2184 wrote to memory of 2904	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2184 wrote to memory of 2904	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2184 wrote to memory of 2904	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2184 wrote to memory of 1612	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2184 wrote to memory of 1612	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2184 wrote to memory of 1612	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2184 wrote to memory of 2960	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2184 wrote to memory of 2960	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2184 wrote to memory of 2960	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2184 wrote to memory of 2752	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2184 wrote to memory of 2752	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2184 wrote to memory of 2752	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2184 wrote to memory of 2660	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2184 wrote to memory of 2660	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2184 wrote to memory of 2660	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2184 wrote to memory of 2608	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2184 wrote to memory of 2608	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2184 wrote to memory of 2608	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2184 wrote to memory of 2684	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2184 wrote to memory of 2684	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2184 wrote to memory of 2684	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2184 wrote to memory of 2352	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2184 wrote to memory of 2352	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2184 wrote to memory of 2352	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2184 wrote to memory of 1028	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2184 wrote to memory of 1028	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2184 wrote to memory of 1028	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2184 wrote to memory of 2444	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2184 wrote to memory of 2444	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2184 wrote to memory of 2444	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2184 wrote to memory of 2860	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2184 wrote to memory of 2860	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2184 wrote to memory of 2860	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2184 wrote to memory of 2952	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2184 wrote to memory of 2952	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2184 wrote to memory of 2952	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2184 wrote to memory of 2840	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2184 wrote to memory of 2840	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2184 wrote to memory of 2840	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2184 wrote to memory of 1356	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2184 wrote to memory of 1356	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2184 wrote to memory of 1356	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2184 wrote to memory of 1244	2184	2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-31_02fed071869ace9f88563aba9548c3a4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\System\zChPhXJ.exe
  C:\Windows\System\zChPhXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\VHiQMjf.exe
  C:\Windows\System\VHiQMjf.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\taEzAkN.exe
  C:\Windows\System\taEzAkN.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\gTVTAoF.exe
  C:\Windows\System\gTVTAoF.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\mEHLxmx.exe
  C:\Windows\System\mEHLxmx.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\CnqCBoe.exe
  C:\Windows\System\CnqCBoe.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\jNHWrhy.exe
  C:\Windows\System\jNHWrhy.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\TfvOimK.exe
  C:\Windows\System\TfvOimK.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\CUxlqaF.exe
  C:\Windows\System\CUxlqaF.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\ZskIeUS.exe
  C:\Windows\System\ZskIeUS.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\YkQPwAb.exe
  C:\Windows\System\YkQPwAb.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\vwQzRGv.exe
  C:\Windows\System\vwQzRGv.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\UDKyaHD.exe
  C:\Windows\System\UDKyaHD.exe
  2⤵
  - Executes dropped EXE
  PID:2608
- C:\Windows\System\jTZmJgg.exe
  C:\Windows\System\jTZmJgg.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\OmhHuxr.exe
  C:\Windows\System\OmhHuxr.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\gOFWknd.exe
  C:\Windows\System\gOFWknd.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\bBcXJcs.exe
  C:\Windows\System\bBcXJcs.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\PyOQBVN.exe
  C:\Windows\System\PyOQBVN.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\efvUMpA.exe
  C:\Windows\System\efvUMpA.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\YjkFzkM.exe
  C:\Windows\System\YjkFzkM.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\gbwOQzF.exe
  C:\Windows\System\gbwOQzF.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\XKlYigr.exe
  C:\Windows\System\XKlYigr.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\jfRScEi.exe
  C:\Windows\System\jfRScEi.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\AKbxsTQ.exe
  C:\Windows\System\AKbxsTQ.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\lZLvUQl.exe
  C:\Windows\System\lZLvUQl.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\CxtsCTw.exe
  C:\Windows\System\CxtsCTw.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\mCLiDer.exe
  C:\Windows\System\mCLiDer.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\kIUVeqL.exe
  C:\Windows\System\kIUVeqL.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\ceoltWt.exe
  C:\Windows\System\ceoltWt.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\cHYXOhG.exe
  C:\Windows\System\cHYXOhG.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\rbCUtzP.exe
  C:\Windows\System\rbCUtzP.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\OmhHkDj.exe
  C:\Windows\System\OmhHkDj.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\NCyRDAE.exe
  C:\Windows\System\NCyRDAE.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\AcFjaAO.exe
  C:\Windows\System\AcFjaAO.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\sGZTDwg.exe
  C:\Windows\System\sGZTDwg.exe
  2⤵
  - Executes dropped EXE
  PID:1132
- C:\Windows\System\qDOvQQf.exe
  C:\Windows\System\qDOvQQf.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\MXtkogL.exe
  C:\Windows\System\MXtkogL.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\VlQhcyg.exe
  C:\Windows\System\VlQhcyg.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\NbtyunB.exe
  C:\Windows\System\NbtyunB.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\wbkDKxV.exe
  C:\Windows\System\wbkDKxV.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\reLVYrv.exe
  C:\Windows\System\reLVYrv.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\USXUYKS.exe
  C:\Windows\System\USXUYKS.exe
  2⤵
  - Executes dropped EXE
  PID:1392
- C:\Windows\System\QRHgvYG.exe
  C:\Windows\System\QRHgvYG.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\EbUcuYX.exe
  C:\Windows\System\EbUcuYX.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\qUwMARe.exe
  C:\Windows\System\qUwMARe.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\gPnFPvN.exe
  C:\Windows\System\gPnFPvN.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\ZvDKyRc.exe
  C:\Windows\System\ZvDKyRc.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\XlVuUpk.exe
  C:\Windows\System\XlVuUpk.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\CXpdklI.exe
  C:\Windows\System\CXpdklI.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\zHaPOQb.exe
  C:\Windows\System\zHaPOQb.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\XgiBDhu.exe
  C:\Windows\System\XgiBDhu.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\AhWqRQQ.exe
  C:\Windows\System\AhWqRQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\OzPMyVB.exe
  C:\Windows\System\OzPMyVB.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\fBTDdxW.exe
  C:\Windows\System\fBTDdxW.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\XdcBTIP.exe
  C:\Windows\System\XdcBTIP.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\BWMrjrB.exe
  C:\Windows\System\BWMrjrB.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\NQYmBeL.exe
  C:\Windows\System\NQYmBeL.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\bOPFpQl.exe
  C:\Windows\System\bOPFpQl.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\wgPbgMq.exe
  C:\Windows\System\wgPbgMq.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\ggvPVMi.exe
  C:\Windows\System\ggvPVMi.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\iTcHiDf.exe
  C:\Windows\System\iTcHiDf.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\PcygJTt.exe
  C:\Windows\System\PcygJTt.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\ydsLOLt.exe
  C:\Windows\System\ydsLOLt.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\VbGRnks.exe
  C:\Windows\System\VbGRnks.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\jmYwTeu.exe
  C:\Windows\System\jmYwTeu.exe
  2⤵
  PID:1908
- C:\Windows\System\oecHPOA.exe
  C:\Windows\System\oecHPOA.exe
  2⤵
  PID:2552
- C:\Windows\System\RmSkphR.exe
  C:\Windows\System\RmSkphR.exe
  2⤵
  PID:2304
- C:\Windows\System\ergMBBo.exe
  C:\Windows\System\ergMBBo.exe
  2⤵
  PID:2812
- C:\Windows\System\LFVwqfy.exe
  C:\Windows\System\LFVwqfy.exe
  2⤵
  PID:2732
- C:\Windows\System\rvKeocN.exe
  C:\Windows\System\rvKeocN.exe
  2⤵
  PID:2788
- C:\Windows\System\iEgqNMX.exe
  C:\Windows\System\iEgqNMX.exe
  2⤵
  PID:2656
- C:\Windows\System\lOqYnKs.exe
  C:\Windows\System\lOqYnKs.exe
  2⤵
  PID:2708
- C:\Windows\System\TcfWImS.exe
  C:\Windows\System\TcfWImS.exe
  2⤵
  PID:2984
- C:\Windows\System\ldbWyeB.exe
  C:\Windows\System\ldbWyeB.exe
  2⤵
  PID:2892
- C:\Windows\System\ECFBZPJ.exe
  C:\Windows\System\ECFBZPJ.exe
  2⤵
  PID:2968
- C:\Windows\System\uNlpPdd.exe
  C:\Windows\System\uNlpPdd.exe
  2⤵
  PID:2152
- C:\Windows\System\OyqLVQs.exe
  C:\Windows\System\OyqLVQs.exe
  2⤵
  PID:2868
- C:\Windows\System\YRYNIgf.exe
  C:\Windows\System\YRYNIgf.exe
  2⤵
  PID:2836
- C:\Windows\System\wVPEOzW.exe
  C:\Windows\System\wVPEOzW.exe
  2⤵
  PID:1376
- C:\Windows\System\JuJQWNh.exe
  C:\Windows\System\JuJQWNh.exe
  2⤵
  PID:2024
- C:\Windows\System\KWNWNky.exe
  C:\Windows\System\KWNWNky.exe
  2⤵
  PID:1016
- C:\Windows\System\VjUhtGi.exe
  C:\Windows\System\VjUhtGi.exe
  2⤵
  PID:1364
- C:\Windows\System\eGTpIOZ.exe
  C:\Windows\System\eGTpIOZ.exe
  2⤵
  PID:3044
- C:\Windows\System\QGbmdbq.exe
  C:\Windows\System\QGbmdbq.exe
  2⤵
  PID:448
- C:\Windows\System\DUutpFU.exe
  C:\Windows\System\DUutpFU.exe
  2⤵
  PID:1080
- C:\Windows\System\HyIqnZn.exe
  C:\Windows\System\HyIqnZn.exe
  2⤵
  PID:1704
- C:\Windows\System\XXxhlhh.exe
  C:\Windows\System\XXxhlhh.exe
  2⤵
  PID:2456
- C:\Windows\System\QGGeRUx.exe
  C:\Windows\System\QGGeRUx.exe
  2⤵
  PID:2500
- C:\Windows\System\XqUCSWk.exe
  C:\Windows\System\XqUCSWk.exe
  2⤵
  PID:1088
- C:\Windows\System\NDJSXkP.exe
  C:\Windows\System\NDJSXkP.exe
  2⤵
  PID:2300
- C:\Windows\System\NaGbqvk.exe
  C:\Windows\System\NaGbqvk.exe
  2⤵
  PID:712
- C:\Windows\System\bGdyPjP.exe
  C:\Windows\System\bGdyPjP.exe
  2⤵
  PID:2524
- C:\Windows\System\niNJBJZ.exe
  C:\Windows\System\niNJBJZ.exe
  2⤵
  PID:2980
- C:\Windows\System\CnBdsfe.exe
  C:\Windows\System\CnBdsfe.exe
  2⤵
  PID:2420
- C:\Windows\System\dHqzMaH.exe
  C:\Windows\System\dHqzMaH.exe
  2⤵
  PID:1196
- C:\Windows\System\IaZXOGW.exe
  C:\Windows\System\IaZXOGW.exe
  2⤵
  PID:2488
- C:\Windows\System\WeXwrPQ.exe
  C:\Windows\System\WeXwrPQ.exe
  2⤵
  PID:2364
- C:\Windows\System\eQTwJhQ.exe
  C:\Windows\System\eQTwJhQ.exe
  2⤵
  PID:1596
- C:\Windows\System\GSGSQXp.exe
  C:\Windows\System\GSGSQXp.exe
  2⤵
  PID:2532
- C:\Windows\System\xPnqsRR.exe
  C:\Windows\System\xPnqsRR.exe
  2⤵
  PID:2380
- C:\Windows\System\nSXSiFa.exe
  C:\Windows\System\nSXSiFa.exe
  2⤵
  PID:2232
- C:\Windows\System\rsSzFui.exe
  C:\Windows\System\rsSzFui.exe
  2⤵
  PID:2264
- C:\Windows\System\gTSFEAv.exe
  C:\Windows\System\gTSFEAv.exe
  2⤵
  PID:2964
- C:\Windows\System\Bbhsupj.exe
  C:\Windows\System\Bbhsupj.exe
  2⤵
  PID:2748
- C:\Windows\System\vDdZWxN.exe
  C:\Windows\System\vDdZWxN.exe
  2⤵
  PID:848
- C:\Windows\System\dtqHlIX.exe
  C:\Windows\System\dtqHlIX.exe
  2⤵
  PID:1948
- C:\Windows\System\UyuTmGt.exe
  C:\Windows\System\UyuTmGt.exe
  2⤵
  PID:2592
- C:\Windows\System\OdiqVxi.exe
  C:\Windows\System\OdiqVxi.exe
  2⤵
  PID:3084
- C:\Windows\System\KnHUrPo.exe
  C:\Windows\System\KnHUrPo.exe
  2⤵
  PID:3100
- C:\Windows\System\ImOvHOx.exe
  C:\Windows\System\ImOvHOx.exe
  2⤵
  PID:3116
- C:\Windows\System\tumapzq.exe
  C:\Windows\System\tumapzq.exe
  2⤵
  PID:3132
- C:\Windows\System\EkusIWW.exe
  C:\Windows\System\EkusIWW.exe
  2⤵
  PID:3148
- C:\Windows\System\XDEmGJR.exe
  C:\Windows\System\XDEmGJR.exe
  2⤵
  PID:3164
- C:\Windows\System\nEYfqCE.exe
  C:\Windows\System\nEYfqCE.exe
  2⤵
  PID:3180
- C:\Windows\System\xruhzzU.exe
  C:\Windows\System\xruhzzU.exe
  2⤵
  PID:3196
- C:\Windows\System\JAvUVQV.exe
  C:\Windows\System\JAvUVQV.exe
  2⤵
  PID:3212
- C:\Windows\System\aqdowOz.exe
  C:\Windows\System\aqdowOz.exe
  2⤵
  PID:3228
- C:\Windows\System\ZZgnxnF.exe
  C:\Windows\System\ZZgnxnF.exe
  2⤵
  PID:3244
- C:\Windows\System\OOIrkrb.exe
  C:\Windows\System\OOIrkrb.exe
  2⤵
  PID:3260
- C:\Windows\System\keyywxG.exe
  C:\Windows\System\keyywxG.exe
  2⤵
  PID:3276
- C:\Windows\System\PjNCzuf.exe
  C:\Windows\System\PjNCzuf.exe
  2⤵
  PID:3292
- C:\Windows\System\YjEkgNa.exe
  C:\Windows\System\YjEkgNa.exe
  2⤵
  PID:3308
- C:\Windows\System\EaDGlUC.exe
  C:\Windows\System\EaDGlUC.exe
  2⤵
  PID:3324
- C:\Windows\System\DwUXnjf.exe
  C:\Windows\System\DwUXnjf.exe
  2⤵
  PID:3340
- C:\Windows\System\EPEKxXr.exe
  C:\Windows\System\EPEKxXr.exe
  2⤵
  PID:3356
- C:\Windows\System\QsQCEri.exe
  C:\Windows\System\QsQCEri.exe
  2⤵
  PID:3372
- C:\Windows\System\uVFozmY.exe
  C:\Windows\System\uVFozmY.exe
  2⤵
  PID:3388
- C:\Windows\System\vRqxDvV.exe
  C:\Windows\System\vRqxDvV.exe
  2⤵
  PID:3404
- C:\Windows\System\tJYcpRd.exe
  C:\Windows\System\tJYcpRd.exe
  2⤵
  PID:3420
- C:\Windows\System\lOdTuMy.exe
  C:\Windows\System\lOdTuMy.exe
  2⤵
  PID:3436
- C:\Windows\System\NmiKWlm.exe
  C:\Windows\System\NmiKWlm.exe
  2⤵
  PID:3452
- C:\Windows\System\rSLMIRV.exe
  C:\Windows\System\rSLMIRV.exe
  2⤵
  PID:3468
- C:\Windows\System\OiFvZCE.exe
  C:\Windows\System\OiFvZCE.exe
  2⤵
  PID:3484
- C:\Windows\System\zpjhEsX.exe
  C:\Windows\System\zpjhEsX.exe
  2⤵
  PID:3500
- C:\Windows\System\HNpVfve.exe
  C:\Windows\System\HNpVfve.exe
  2⤵
  PID:3516
- C:\Windows\System\MlWMvvS.exe
  C:\Windows\System\MlWMvvS.exe
  2⤵
  PID:3532
- C:\Windows\System\vapCruV.exe
  C:\Windows\System\vapCruV.exe
  2⤵
  PID:3548
- C:\Windows\System\uKTDQQo.exe
  C:\Windows\System\uKTDQQo.exe
  2⤵
  PID:3564
- C:\Windows\System\xBdJuAW.exe
  C:\Windows\System\xBdJuAW.exe
  2⤵
  PID:3580
- C:\Windows\System\YsebXku.exe
  C:\Windows\System\YsebXku.exe
  2⤵
  PID:3596
- C:\Windows\System\wtQHkcN.exe
  C:\Windows\System\wtQHkcN.exe
  2⤵
  PID:3612
- C:\Windows\System\kdeAEVP.exe
  C:\Windows\System\kdeAEVP.exe
  2⤵
  PID:3628
- C:\Windows\System\eQFxzyn.exe
  C:\Windows\System\eQFxzyn.exe
  2⤵
  PID:3644
- C:\Windows\System\OaXXnKa.exe
  C:\Windows\System\OaXXnKa.exe
  2⤵
  PID:3660
- C:\Windows\System\pWKFqca.exe
  C:\Windows\System\pWKFqca.exe
  2⤵
  PID:3676
- C:\Windows\System\EsBoEpG.exe
  C:\Windows\System\EsBoEpG.exe
  2⤵
  PID:3692
- C:\Windows\System\HlKcgyj.exe
  C:\Windows\System\HlKcgyj.exe
  2⤵
  PID:3708
- C:\Windows\System\KPqmgPt.exe
  C:\Windows\System\KPqmgPt.exe
  2⤵
  PID:3724
- C:\Windows\System\XuJRIFA.exe
  C:\Windows\System\XuJRIFA.exe
  2⤵
  PID:3740
- C:\Windows\System\vVuryPR.exe
  C:\Windows\System\vVuryPR.exe
  2⤵
  PID:3756
- C:\Windows\System\leFTSuu.exe
  C:\Windows\System\leFTSuu.exe
  2⤵
  PID:3772
- C:\Windows\System\SrbsOXW.exe
  C:\Windows\System\SrbsOXW.exe
  2⤵
  PID:3788
- C:\Windows\System\QKxdINl.exe
  C:\Windows\System\QKxdINl.exe
  2⤵
  PID:3804
- C:\Windows\System\iWTqbBu.exe
  C:\Windows\System\iWTqbBu.exe
  2⤵
  PID:3820
- C:\Windows\System\esjzNfa.exe
  C:\Windows\System\esjzNfa.exe
  2⤵
  PID:3836
- C:\Windows\System\uLleuRd.exe
  C:\Windows\System\uLleuRd.exe
  2⤵
  PID:3852
- C:\Windows\System\AKIfYXB.exe
  C:\Windows\System\AKIfYXB.exe
  2⤵
  PID:3872
- C:\Windows\System\MprCsbk.exe
  C:\Windows\System\MprCsbk.exe
  2⤵
  PID:3888
- C:\Windows\System\iuGioWx.exe
  C:\Windows\System\iuGioWx.exe
  2⤵
  PID:3904
- C:\Windows\System\jDqTPfh.exe
  C:\Windows\System\jDqTPfh.exe
  2⤵
  PID:3920
- C:\Windows\System\yslqoKm.exe
  C:\Windows\System\yslqoKm.exe
  2⤵
  PID:3936
- C:\Windows\System\NIqPDQy.exe
  C:\Windows\System\NIqPDQy.exe
  2⤵
  PID:3952
- C:\Windows\System\mWFAEcV.exe
  C:\Windows\System\mWFAEcV.exe
  2⤵
  PID:3968
- C:\Windows\System\DVkcqGJ.exe
  C:\Windows\System\DVkcqGJ.exe
  2⤵
  PID:3984
- C:\Windows\System\CKgNrAi.exe
  C:\Windows\System\CKgNrAi.exe
  2⤵
  PID:4000
- C:\Windows\System\VGVRczT.exe
  C:\Windows\System\VGVRczT.exe
  2⤵
  PID:4016
- C:\Windows\System\hZjVHFw.exe
  C:\Windows\System\hZjVHFw.exe
  2⤵
  PID:4032
- C:\Windows\System\jSRXegC.exe
  C:\Windows\System\jSRXegC.exe
  2⤵
  PID:4048
- C:\Windows\System\PujZCsS.exe
  C:\Windows\System\PujZCsS.exe
  2⤵
  PID:4064
- C:\Windows\System\HsghVRg.exe
  C:\Windows\System\HsghVRg.exe
  2⤵
  PID:4080
- C:\Windows\System\WXeUYmA.exe
  C:\Windows\System\WXeUYmA.exe
  2⤵
  PID:1036
- C:\Windows\System\YqjzVrI.exe
  C:\Windows\System\YqjzVrI.exe
  2⤵
  PID:1740
- C:\Windows\System\zzZrggl.exe
  C:\Windows\System\zzZrggl.exe
  2⤵
  PID:1800
- C:\Windows\System\QoUyctO.exe
  C:\Windows\System\QoUyctO.exe
  2⤵
  PID:1556
- C:\Windows\System\UPWcRmq.exe
  C:\Windows\System\UPWcRmq.exe
  2⤵
  PID:1780
- C:\Windows\System\fiZcvfd.exe
  C:\Windows\System\fiZcvfd.exe
  2⤵
  PID:640
- C:\Windows\System\zGvfhWQ.exe
  C:\Windows\System\zGvfhWQ.exe
  2⤵
  PID:768
- C:\Windows\System\ENsIFHt.exe
  C:\Windows\System\ENsIFHt.exe
  2⤵
  PID:2196
- C:\Windows\System\NGLTvAm.exe
  C:\Windows\System\NGLTvAm.exe
  2⤵
  PID:2760
- C:\Windows\System\RIAGHkj.exe
  C:\Windows\System\RIAGHkj.exe
  2⤵
  PID:2632
- C:\Windows\System\ruBNhmo.exe
  C:\Windows\System\ruBNhmo.exe
  2⤵
  PID:2924
- C:\Windows\System\CbUKeNf.exe
  C:\Windows\System\CbUKeNf.exe
  2⤵
  PID:780
- C:\Windows\System\kSshLul.exe
  C:\Windows\System\kSshLul.exe
  2⤵
  PID:3076
- C:\Windows\System\Akznsub.exe
  C:\Windows\System\Akznsub.exe
  2⤵
  PID:3108
- C:\Windows\System\zsSdCrB.exe
  C:\Windows\System\zsSdCrB.exe
  2⤵
  PID:3140
- C:\Windows\System\lZnlGkH.exe
  C:\Windows\System\lZnlGkH.exe
  2⤵
  PID:3172
- C:\Windows\System\duBuFzB.exe
  C:\Windows\System\duBuFzB.exe
  2⤵
  PID:3204
- C:\Windows\System\tjAbbcr.exe
  C:\Windows\System\tjAbbcr.exe
  2⤵
  PID:3236
- C:\Windows\System\TgCXgVj.exe
  C:\Windows\System\TgCXgVj.exe
  2⤵
  PID:3252
- C:\Windows\System\dwBvMRt.exe
  C:\Windows\System\dwBvMRt.exe
  2⤵
  PID:3284
- C:\Windows\System\RfLJNet.exe
  C:\Windows\System\RfLJNet.exe
  2⤵
  PID:3332
- C:\Windows\System\PQhWeLa.exe
  C:\Windows\System\PQhWeLa.exe
  2⤵
  PID:3364
- C:\Windows\System\fzfBdUj.exe
  C:\Windows\System\fzfBdUj.exe
  2⤵
  PID:3396
- C:\Windows\System\rCzdPhA.exe
  C:\Windows\System\rCzdPhA.exe
  2⤵
  PID:3416
- C:\Windows\System\vTwvuLX.exe
  C:\Windows\System\vTwvuLX.exe
  2⤵
  PID:3460
- C:\Windows\System\LTaAsHA.exe
  C:\Windows\System\LTaAsHA.exe
  2⤵
  PID:3492
- C:\Windows\System\WIfcUpN.exe
  C:\Windows\System\WIfcUpN.exe
  2⤵
  PID:3524
- C:\Windows\System\RagBeKv.exe
  C:\Windows\System\RagBeKv.exe
  2⤵
  PID:3556
- C:\Windows\System\YYeYzmg.exe
  C:\Windows\System\YYeYzmg.exe
  2⤵
  PID:3592
- C:\Windows\System\ECttSEF.exe
  C:\Windows\System\ECttSEF.exe
  2⤵
  PID:3624
- C:\Windows\System\GDLasbL.exe
  C:\Windows\System\GDLasbL.exe
  2⤵
  PID:3656
- C:\Windows\System\pHJNqEX.exe
  C:\Windows\System\pHJNqEX.exe
  2⤵
  PID:3672
- C:\Windows\System\bpGbmIE.exe
  C:\Windows\System\bpGbmIE.exe
  2⤵
  PID:3720
- C:\Windows\System\SqIYHFE.exe
  C:\Windows\System\SqIYHFE.exe
  2⤵
  PID:3752
- C:\Windows\System\DRpcJqv.exe
  C:\Windows\System\DRpcJqv.exe
  2⤵
  PID:3784
- C:\Windows\System\wQQeODO.exe
  C:\Windows\System\wQQeODO.exe
  2⤵
  PID:3828
- C:\Windows\System\mxviuxb.exe
  C:\Windows\System\mxviuxb.exe
  2⤵
  PID:3848
- C:\Windows\System\djXoIJD.exe
  C:\Windows\System\djXoIJD.exe
  2⤵
  PID:3868
- C:\Windows\System\GEMvIRI.exe
  C:\Windows\System\GEMvIRI.exe
  2⤵
  PID:3900
- C:\Windows\System\opwMnkv.exe
  C:\Windows\System\opwMnkv.exe
  2⤵
  PID:4024
- C:\Windows\System\tJqFDEJ.exe
  C:\Windows\System\tJqFDEJ.exe
  2⤵
  PID:4076
- C:\Windows\System\MnpOdAX.exe
  C:\Windows\System\MnpOdAX.exe
  2⤵
  PID:4060
- C:\Windows\System\EwaHjkM.exe
  C:\Windows\System\EwaHjkM.exe
  2⤵
  PID:1352
- C:\Windows\System\avthaRB.exe
  C:\Windows\System\avthaRB.exe
  2⤵
  PID:2388
- C:\Windows\System\LnBdJcR.exe
  C:\Windows\System\LnBdJcR.exe
  2⤵
  PID:2436
- C:\Windows\System\kQqEOZr.exe
  C:\Windows\System\kQqEOZr.exe
  2⤵
  PID:1828
- C:\Windows\System\AFaIwMg.exe
  C:\Windows\System\AFaIwMg.exe
  2⤵
  PID:500
- C:\Windows\System\QePDPHB.exe
  C:\Windows\System\QePDPHB.exe
  2⤵
  PID:2916
- C:\Windows\System\fdWUGpn.exe
  C:\Windows\System\fdWUGpn.exe
  2⤵
  PID:3220
- C:\Windows\System\AvBCqbl.exe
  C:\Windows\System\AvBCqbl.exe
  2⤵
  PID:3348
- C:\Windows\System\qIBiurG.exe
  C:\Windows\System\qIBiurG.exe
  2⤵
  PID:300
- C:\Windows\System\IdongKI.exe
  C:\Windows\System\IdongKI.exe
  2⤵
  PID:3188
- C:\Windows\System\WMioMGZ.exe
  C:\Windows\System\WMioMGZ.exe
  2⤵
  PID:3476
- C:\Windows\System\joqqELg.exe
  C:\Windows\System\joqqELg.exe
  2⤵
  PID:3620
- C:\Windows\System\ilaQaOr.exe
  C:\Windows\System\ilaQaOr.exe
  2⤵
  PID:3748
- C:\Windows\System\lwEssqc.exe
  C:\Windows\System\lwEssqc.exe
  2⤵
  PID:3884
- C:\Windows\System\qoivoIW.exe
  C:\Windows\System\qoivoIW.exe
  2⤵
  PID:3932
- C:\Windows\System\xOBBoUb.exe
  C:\Windows\System\xOBBoUb.exe
  2⤵
  PID:3964
- C:\Windows\System\rWvXnJm.exe
  C:\Windows\System\rWvXnJm.exe
  2⤵
  PID:3560
- C:\Windows\System\lmQGoxC.exe
  C:\Windows\System\lmQGoxC.exe
  2⤵
  PID:3508
- C:\Windows\System\ZGYbvfu.exe
  C:\Windows\System\ZGYbvfu.exe
  2⤵
  PID:3576
- C:\Windows\System\erfTwis.exe
  C:\Windows\System\erfTwis.exe
  2⤵
  PID:3716
- C:\Windows\System\mkRZDXc.exe
  C:\Windows\System\mkRZDXc.exe
  2⤵
  PID:3832
- C:\Windows\System\mIkjYNd.exe
  C:\Windows\System\mIkjYNd.exe
  2⤵
  PID:4012
- C:\Windows\System\lZpuqBo.exe
  C:\Windows\System\lZpuqBo.exe
  2⤵
  PID:4028
- C:\Windows\System\JZFMSlY.exe
  C:\Windows\System\JZFMSlY.exe
  2⤵
  PID:2724
- C:\Windows\System\xHMnJoT.exe
  C:\Windows\System\xHMnJoT.exe
  2⤵
  PID:588
- C:\Windows\System\vAHoKVu.exe
  C:\Windows\System\vAHoKVu.exe
  2⤵
  PID:4104
- C:\Windows\System\irWzCZp.exe
  C:\Windows\System\irWzCZp.exe
  2⤵
  PID:4120
- C:\Windows\System\CyeKiNg.exe
  C:\Windows\System\CyeKiNg.exe
  2⤵
  PID:4136
- C:\Windows\System\GQfbezh.exe
  C:\Windows\System\GQfbezh.exe
  2⤵
  PID:4152
- C:\Windows\System\TzewbDy.exe
  C:\Windows\System\TzewbDy.exe
  2⤵
  PID:4168
- C:\Windows\System\FXPahjn.exe
  C:\Windows\System\FXPahjn.exe
  2⤵
  PID:4188
- C:\Windows\System\IoGwmZc.exe
  C:\Windows\System\IoGwmZc.exe
  2⤵
  PID:4204
- C:\Windows\System\BbcIBUK.exe
  C:\Windows\System\BbcIBUK.exe
  2⤵
  PID:4220
- C:\Windows\System\GQVKkgu.exe
  C:\Windows\System\GQVKkgu.exe
  2⤵
  PID:4236
- C:\Windows\System\txtjybt.exe
  C:\Windows\System\txtjybt.exe
  2⤵
  PID:4252
- C:\Windows\System\yVNWjZR.exe
  C:\Windows\System\yVNWjZR.exe
  2⤵
  PID:4268
- C:\Windows\System\vYDkScZ.exe
  C:\Windows\System\vYDkScZ.exe
  2⤵
  PID:4284
- C:\Windows\System\LXkXfSM.exe
  C:\Windows\System\LXkXfSM.exe
  2⤵
  PID:4300
- C:\Windows\System\zKhAABR.exe
  C:\Windows\System\zKhAABR.exe
  2⤵
  PID:4316
- C:\Windows\System\rQprvgw.exe
  C:\Windows\System\rQprvgw.exe
  2⤵
  PID:4332
- C:\Windows\System\gFuxOTY.exe
  C:\Windows\System\gFuxOTY.exe
  2⤵
  PID:4348
- C:\Windows\System\NefrFni.exe
  C:\Windows\System\NefrFni.exe
  2⤵
  PID:4364
- C:\Windows\System\jQRRBiA.exe
  C:\Windows\System\jQRRBiA.exe
  2⤵
  PID:4380
- C:\Windows\System\kgWFYbb.exe
  C:\Windows\System\kgWFYbb.exe
  2⤵
  PID:4396
- C:\Windows\System\bLiNdxK.exe
  C:\Windows\System\bLiNdxK.exe
  2⤵
  PID:4412
- C:\Windows\System\NfQdoQq.exe
  C:\Windows\System\NfQdoQq.exe
  2⤵
  PID:4428
- C:\Windows\System\CIUoVBY.exe
  C:\Windows\System\CIUoVBY.exe
  2⤵
  PID:4444
- C:\Windows\System\WjCLBVJ.exe
  C:\Windows\System\WjCLBVJ.exe
  2⤵
  PID:4460
- C:\Windows\System\sjHyiRb.exe
  C:\Windows\System\sjHyiRb.exe
  2⤵
  PID:4476
- C:\Windows\System\ndIsQEw.exe
  C:\Windows\System\ndIsQEw.exe
  2⤵
  PID:4492
- C:\Windows\System\wDXfoPH.exe
  C:\Windows\System\wDXfoPH.exe
  2⤵
  PID:4508
- C:\Windows\System\qTSsELX.exe
  C:\Windows\System\qTSsELX.exe
  2⤵
  PID:4524
- C:\Windows\System\RWRuBpe.exe
  C:\Windows\System\RWRuBpe.exe
  2⤵
  PID:4540
- C:\Windows\System\tCSIzHK.exe
  C:\Windows\System\tCSIzHK.exe
  2⤵
  PID:4556
- C:\Windows\System\jFOCQGZ.exe
  C:\Windows\System\jFOCQGZ.exe
  2⤵
  PID:4572
- C:\Windows\System\CTdIpuR.exe
  C:\Windows\System\CTdIpuR.exe
  2⤵
  PID:4588
- C:\Windows\System\AOfDqDM.exe
  C:\Windows\System\AOfDqDM.exe
  2⤵
  PID:4604
- C:\Windows\System\PebPIBn.exe
  C:\Windows\System\PebPIBn.exe
  2⤵
  PID:4620
- C:\Windows\System\eQxSlko.exe
  C:\Windows\System\eQxSlko.exe
  2⤵
  PID:4636
- C:\Windows\System\BRurITQ.exe
  C:\Windows\System\BRurITQ.exe
  2⤵
  PID:4652
- C:\Windows\System\fZFlXnA.exe
  C:\Windows\System\fZFlXnA.exe
  2⤵
  PID:4668
- C:\Windows\System\hHZawQI.exe
  C:\Windows\System\hHZawQI.exe
  2⤵
  PID:4684
- C:\Windows\System\RuRHJda.exe
  C:\Windows\System\RuRHJda.exe
  2⤵
  PID:4700
- C:\Windows\System\BihlWpX.exe
  C:\Windows\System\BihlWpX.exe
  2⤵
  PID:4716
- C:\Windows\System\LfCnESv.exe
  C:\Windows\System\LfCnESv.exe
  2⤵
  PID:4732
- C:\Windows\System\rLcpuYE.exe
  C:\Windows\System\rLcpuYE.exe
  2⤵
  PID:4748
- C:\Windows\System\wramxCe.exe
  C:\Windows\System\wramxCe.exe
  2⤵
  PID:4764
- C:\Windows\System\oWLBRGo.exe
  C:\Windows\System\oWLBRGo.exe
  2⤵
  PID:4780
- C:\Windows\System\LOovVoJ.exe
  C:\Windows\System\LOovVoJ.exe
  2⤵
  PID:4796
- C:\Windows\System\zrNKyFg.exe
  C:\Windows\System\zrNKyFg.exe
  2⤵
  PID:4812
- C:\Windows\System\aMEqGSJ.exe
  C:\Windows\System\aMEqGSJ.exe
  2⤵
  PID:4828
- C:\Windows\System\pxSCSKr.exe
  C:\Windows\System\pxSCSKr.exe
  2⤵
  PID:4844
- C:\Windows\System\xxEHDJO.exe
  C:\Windows\System\xxEHDJO.exe
  2⤵
  PID:4860
- C:\Windows\System\TZCwmnv.exe
  C:\Windows\System\TZCwmnv.exe
  2⤵
  PID:4876
- C:\Windows\System\GoazmTb.exe
  C:\Windows\System\GoazmTb.exe
  2⤵
  PID:4892
- C:\Windows\System\QWIuXCz.exe
  C:\Windows\System\QWIuXCz.exe
  2⤵
  PID:4908
- C:\Windows\System\EZEOiHa.exe
  C:\Windows\System\EZEOiHa.exe
  2⤵
  PID:4924
- C:\Windows\System\PafHwHO.exe
  C:\Windows\System\PafHwHO.exe
  2⤵
  PID:4940
- C:\Windows\System\wBJveKD.exe
  C:\Windows\System\wBJveKD.exe
  2⤵
  PID:4956
- C:\Windows\System\KlfucyL.exe
  C:\Windows\System\KlfucyL.exe
  2⤵
  PID:4972
- C:\Windows\System\BXdmPdS.exe
  C:\Windows\System\BXdmPdS.exe
  2⤵
  PID:4988
- C:\Windows\System\BJWbdbb.exe
  C:\Windows\System\BJWbdbb.exe
  2⤵
  PID:5008
- C:\Windows\System\xyeiQiD.exe
  C:\Windows\System\xyeiQiD.exe
  2⤵
  PID:5028
- C:\Windows\System\SgnZeuK.exe
  C:\Windows\System\SgnZeuK.exe
  2⤵
  PID:5044
- C:\Windows\System\DJbxmHJ.exe
  C:\Windows\System\DJbxmHJ.exe
  2⤵
  PID:5060
- C:\Windows\System\aghwvrK.exe
  C:\Windows\System\aghwvrK.exe
  2⤵
  PID:5076
- C:\Windows\System\hQSaKTU.exe
  C:\Windows\System\hQSaKTU.exe
  2⤵
  PID:5092
- C:\Windows\System\xzWoklJ.exe
  C:\Windows\System\xzWoklJ.exe
  2⤵
  PID:5108
- C:\Windows\System\oAmkdeA.exe
  C:\Windows\System\oAmkdeA.exe
  2⤵
  PID:3256
- C:\Windows\System\OrBtpqo.exe
  C:\Windows\System\OrBtpqo.exe
  2⤵
  PID:3176
- C:\Windows\System\fGmNcFh.exe
  C:\Windows\System\fGmNcFh.exe
  2⤵
  PID:3192
- C:\Windows\System\nGmaHPA.exe
  C:\Windows\System\nGmaHPA.exe
  2⤵
  PID:3960
- C:\Windows\System\YMTGnlg.exe
  C:\Windows\System\YMTGnlg.exe
  2⤵
  PID:3688
- C:\Windows\System\LdCkkFP.exe
  C:\Windows\System\LdCkkFP.exe
  2⤵
  PID:3640
- C:\Windows\System\HABjeup.exe
  C:\Windows\System\HABjeup.exe
  2⤵
  PID:3736
- C:\Windows\System\DKzNWXX.exe
  C:\Windows\System\DKzNWXX.exe
  2⤵
  PID:632
- C:\Windows\System\IwxMwlI.exe
  C:\Windows\System\IwxMwlI.exe
  2⤵
  PID:4100
- C:\Windows\System\tDCYAnD.exe
  C:\Windows\System\tDCYAnD.exe
  2⤵
  PID:3316
- C:\Windows\System\GOhcjfn.exe
  C:\Windows\System\GOhcjfn.exe
  2⤵
  PID:4160
- C:\Windows\System\YQpGujy.exe
  C:\Windows\System\YQpGujy.exe
  2⤵
  PID:4112
- C:\Windows\System\mOYKgCD.exe
  C:\Windows\System\mOYKgCD.exe
  2⤵
  PID:4200
- C:\Windows\System\PiQGbDt.exe
  C:\Windows\System\PiQGbDt.exe
  2⤵
  PID:4176
- C:\Windows\System\LfHrSZo.exe
  C:\Windows\System\LfHrSZo.exe
  2⤵
  PID:4264
- C:\Windows\System\zvhCYGH.exe
  C:\Windows\System\zvhCYGH.exe
  2⤵
  PID:4328
- C:\Windows\System\xnYNbvt.exe
  C:\Windows\System\xnYNbvt.exe
  2⤵
  PID:4244
- C:\Windows\System\MedQnKm.exe
  C:\Windows\System\MedQnKm.exe
  2⤵
  PID:4360
- C:\Windows\System\MTQJhHB.exe
  C:\Windows\System\MTQJhHB.exe
  2⤵
  PID:4312
- C:\Windows\System\lgJypVc.exe
  C:\Windows\System\lgJypVc.exe
  2⤵
  PID:4420
- C:\Windows\System\LOisHWY.exe
  C:\Windows\System\LOisHWY.exe
  2⤵
  PID:4408
- C:\Windows\System\dxnmMKc.exe
  C:\Windows\System\dxnmMKc.exe
  2⤵
  PID:4484
- C:\Windows\System\zieMvpF.exe
  C:\Windows\System\zieMvpF.exe
  2⤵
  PID:4436
- C:\Windows\System\IiFyQIh.exe
  C:\Windows\System\IiFyQIh.exe
  2⤵
  PID:4500
- C:\Windows\System\uTNKbRd.exe
  C:\Windows\System\uTNKbRd.exe
  2⤵
  PID:4532
- C:\Windows\System\koheUaw.exe
  C:\Windows\System\koheUaw.exe
  2⤵
  PID:4584
- C:\Windows\System\XkNtpQt.exe
  C:\Windows\System\XkNtpQt.exe
  2⤵
  PID:4596
- C:\Windows\System\VUpNKNS.exe
  C:\Windows\System\VUpNKNS.exe
  2⤵
  PID:4676
- C:\Windows\System\iAbBczY.exe
  C:\Windows\System\iAbBczY.exe
  2⤵
  PID:4664
- C:\Windows\System\yhdlvUq.exe
  C:\Windows\System\yhdlvUq.exe
  2⤵
  PID:4696
- C:\Windows\System\fGErCXv.exe
  C:\Windows\System\fGErCXv.exe
  2⤵
  PID:4744
- C:\Windows\System\FCvVfLs.exe
  C:\Windows\System\FCvVfLs.exe
  2⤵
  PID:4760
- C:\Windows\System\yrAHVuu.exe
  C:\Windows\System\yrAHVuu.exe
  2⤵
  PID:4840
- C:\Windows\System\EOehkUa.exe
  C:\Windows\System\EOehkUa.exe
  2⤵
  PID:4792
- C:\Windows\System\FqjaOJA.exe
  C:\Windows\System\FqjaOJA.exe
  2⤵
  PID:4856
- C:\Windows\System\GYqnncu.exe
  C:\Windows\System\GYqnncu.exe
  2⤵
  PID:4920
- C:\Windows\System\mtTKbFm.exe
  C:\Windows\System\mtTKbFm.exe
  2⤵
  PID:5072
- C:\Windows\System\nmNipEK.exe
  C:\Windows\System\nmNipEK.exe
  2⤵
  PID:5812
- C:\Windows\System\dnijuBw.exe
  C:\Windows\System\dnijuBw.exe
  2⤵
  PID:5844
- C:\Windows\System\tHMQZnt.exe
  C:\Windows\System\tHMQZnt.exe
  2⤵
  PID:5888
- C:\Windows\System\bnIoZKn.exe
  C:\Windows\System\bnIoZKn.exe
  2⤵
  PID:5908
- C:\Windows\System\genOssU.exe
  C:\Windows\System\genOssU.exe
  2⤵
  PID:5924
- C:\Windows\System\YOiEeGB.exe
  C:\Windows\System\YOiEeGB.exe
  2⤵
  PID:5940
- C:\Windows\System\tFjpLtC.exe
  C:\Windows\System\tFjpLtC.exe
  2⤵
  PID:5956
- C:\Windows\System\qpZxjMg.exe
  C:\Windows\System\qpZxjMg.exe
  2⤵
  PID:5972
- C:\Windows\System\jkJnnFw.exe
  C:\Windows\System\jkJnnFw.exe
  2⤵
  PID:5988
- C:\Windows\System\yvnbyWL.exe
  C:\Windows\System\yvnbyWL.exe
  2⤵
  PID:6024
- C:\Windows\System\Rmbpsug.exe
  C:\Windows\System\Rmbpsug.exe
  2⤵
  PID:6040
- C:\Windows\System\ZAFiUDr.exe
  C:\Windows\System\ZAFiUDr.exe
  2⤵
  PID:6056
- C:\Windows\System\ujzwRIb.exe
  C:\Windows\System\ujzwRIb.exe
  2⤵
  PID:6072
- C:\Windows\System\waGQFcX.exe
  C:\Windows\System\waGQFcX.exe
  2⤵
  PID:6104
- C:\Windows\System\zlADuru.exe
  C:\Windows\System\zlADuru.exe
  2⤵
  PID:5104
- C:\Windows\System\dXBnaMu.exe
  C:\Windows\System\dXBnaMu.exe
  2⤵
  PID:3880
- C:\Windows\System\dcpPwmc.exe
  C:\Windows\System\dcpPwmc.exe
  2⤵
  PID:1664
- C:\Windows\System\rgbasfA.exe
  C:\Windows\System\rgbasfA.exe
  2⤵
  PID:764
- C:\Windows\System\WTIzlJi.exe
  C:\Windows\System\WTIzlJi.exe
  2⤵
  PID:3380
- C:\Windows\System\IRgvBgd.exe
  C:\Windows\System\IRgvBgd.exe
  2⤵
  PID:3444
- C:\Windows\System\HaNjgOC.exe
  C:\Windows\System\HaNjgOC.exe
  2⤵
  PID:2292
- C:\Windows\System\MErQHRB.exe
  C:\Windows\System\MErQHRB.exe
  2⤵
  PID:2704
- C:\Windows\System\jWZpvJR.exe
  C:\Windows\System\jWZpvJR.exe
  2⤵
  PID:4324
- C:\Windows\System\hkCUpYY.exe
  C:\Windows\System\hkCUpYY.exe
  2⤵
  PID:4392
- C:\Windows\System\syVmcPs.exe
  C:\Windows\System\syVmcPs.exe
  2⤵
  PID:4468
- C:\Windows\System\WPdQFPb.exe
  C:\Windows\System\WPdQFPb.exe
  2⤵
  PID:4648
- C:\Windows\System\QIYFXRB.exe
  C:\Windows\System\QIYFXRB.exe
  2⤵
  PID:4756
- C:\Windows\System\deqbVPy.exe
  C:\Windows\System\deqbVPy.exe
  2⤵
  PID:4612
- C:\Windows\System\rdASZXI.exe
  C:\Windows\System\rdASZXI.exe
  2⤵
  PID:3976
- C:\Windows\System\DAfjwCc.exe
  C:\Windows\System\DAfjwCc.exe
  2⤵
  PID:4552
- C:\Windows\System\ouHfvPv.exe
  C:\Windows\System\ouHfvPv.exe
  2⤵
  PID:4144
- C:\Windows\System\hbCNSnh.exe
  C:\Windows\System\hbCNSnh.exe
  2⤵
  PID:4308
- C:\Windows\System\YANzYWU.exe
  C:\Windows\System\YANzYWU.exe
  2⤵
  PID:4932
- C:\Windows\System\mdFubOn.exe
  C:\Windows\System\mdFubOn.exe
  2⤵
  PID:4964
- C:\Windows\System\siJaPJo.exe
  C:\Windows\System\siJaPJo.exe
  2⤵
  PID:5036
- C:\Windows\System\IuwWPke.exe
  C:\Windows\System\IuwWPke.exe
  2⤵
  PID:4952
- C:\Windows\System\USPrYTn.exe
  C:\Windows\System\USPrYTn.exe
  2⤵
  PID:4712
- C:\Windows\System\taltYJr.exe
  C:\Windows\System\taltYJr.exe
  2⤵
  PID:4708
- C:\Windows\System\LzoAbMw.exe
  C:\Windows\System\LzoAbMw.exe
  2⤵
  PID:5128
- C:\Windows\System\HjeEqFv.exe
  C:\Windows\System\HjeEqFv.exe
  2⤵
  PID:5140
- C:\Windows\System\wVdwOKX.exe
  C:\Windows\System\wVdwOKX.exe
  2⤵
  PID:5152
- C:\Windows\System\PcgxzUA.exe
  C:\Windows\System\PcgxzUA.exe
  2⤵
  PID:5168
- C:\Windows\System\HBGFHYp.exe
  C:\Windows\System\HBGFHYp.exe
  2⤵
  PID:5184
- C:\Windows\System\QqwjrBB.exe
  C:\Windows\System\QqwjrBB.exe
  2⤵
  PID:5200
- C:\Windows\System\iReYGNX.exe
  C:\Windows\System\iReYGNX.exe
  2⤵
  PID:5216
- C:\Windows\System\gpCZjpJ.exe
  C:\Windows\System\gpCZjpJ.exe
  2⤵
  PID:5232
- C:\Windows\System\UFmxNSF.exe
  C:\Windows\System\UFmxNSF.exe
  2⤵
  PID:5248
- C:\Windows\System\CsSrmnA.exe
  C:\Windows\System\CsSrmnA.exe
  2⤵
  PID:5264
- C:\Windows\System\LHUpPiy.exe
  C:\Windows\System\LHUpPiy.exe
  2⤵
  PID:5276
- C:\Windows\System\MxrxFbG.exe
  C:\Windows\System\MxrxFbG.exe
  2⤵
  PID:5296
- C:\Windows\System\irplHzi.exe
  C:\Windows\System\irplHzi.exe
  2⤵
  PID:5312
- C:\Windows\System\mntHjvL.exe
  C:\Windows\System\mntHjvL.exe
  2⤵
  PID:5360
- C:\Windows\System\FoGFZdq.exe
  C:\Windows\System\FoGFZdq.exe
  2⤵
  PID:5388
- C:\Windows\System\WUmXwZJ.exe
  C:\Windows\System\WUmXwZJ.exe
  2⤵
  PID:5404
- C:\Windows\System\oCGXihI.exe
  C:\Windows\System\oCGXihI.exe
  2⤵
  PID:5428
- C:\Windows\System\HxyQwCc.exe
  C:\Windows\System\HxyQwCc.exe
  2⤵
  PID:5448
- C:\Windows\System\ssqwuwR.exe
  C:\Windows\System\ssqwuwR.exe
  2⤵
  PID:5468
- C:\Windows\System\pzEOrah.exe
  C:\Windows\System\pzEOrah.exe
  2⤵
  PID:5484
- C:\Windows\System\oIBYjtZ.exe
  C:\Windows\System\oIBYjtZ.exe
  2⤵
  PID:5516
- C:\Windows\System\FtfJoRI.exe
  C:\Windows\System\FtfJoRI.exe
  2⤵
  PID:5600
- C:\Windows\System\xFxmUHT.exe
  C:\Windows\System\xFxmUHT.exe
  2⤵
  PID:5620
- C:\Windows\System\DPxWERC.exe
  C:\Windows\System\DPxWERC.exe
  2⤵
  PID:5636
- C:\Windows\System\MnpdRnf.exe
  C:\Windows\System\MnpdRnf.exe
  2⤵
  PID:5668
- C:\Windows\System\FTZjMbG.exe
  C:\Windows\System\FTZjMbG.exe
  2⤵
  PID:5684
- C:\Windows\System\nlKrBmf.exe
  C:\Windows\System\nlKrBmf.exe
  2⤵
  PID:5700
- C:\Windows\System\vVZMiTP.exe
  C:\Windows\System\vVZMiTP.exe
  2⤵
  PID:5724
- C:\Windows\System\czgTghJ.exe
  C:\Windows\System\czgTghJ.exe
  2⤵
  PID:840
- C:\Windows\System\DDcnJhf.exe
  C:\Windows\System\DDcnJhf.exe
  2⤵
  PID:5728
- C:\Windows\System\sPeSjkH.exe
  C:\Windows\System\sPeSjkH.exe
  2⤵
  PID:2412
- C:\Windows\System\XnnoBlu.exe
  C:\Windows\System\XnnoBlu.exe
  2⤵
  PID:2260
- C:\Windows\System\LgEtYPw.exe
  C:\Windows\System\LgEtYPw.exe
  2⤵
  PID:2620
- C:\Windows\System\HUvPSZd.exe
  C:\Windows\System\HUvPSZd.exe
  2⤵
  PID:5736
- C:\Windows\System\EtIZUrP.exe
  C:\Windows\System\EtIZUrP.exe
  2⤵
  PID:1720
- C:\Windows\System\nyNNxsB.exe
  C:\Windows\System\nyNNxsB.exe
  2⤵
  PID:3572
- C:\Windows\System\NpoMHGi.exe
  C:\Windows\System\NpoMHGi.exe
  2⤵
  PID:5004
- C:\Windows\System\KbJeXCI.exe
  C:\Windows\System\KbJeXCI.exe
  2⤵
  PID:2848
- C:\Windows\System\ADtAlte.exe
  C:\Windows\System\ADtAlte.exe
  2⤵
  PID:540
- C:\Windows\System\uEDOtip.exe
  C:\Windows\System\uEDOtip.exe
  2⤵
  PID:1116
- C:\Windows\System\yYuOgga.exe
  C:\Windows\System\yYuOgga.exe
  2⤵
  PID:5800
- C:\Windows\System\eszccqx.exe
  C:\Windows\System\eszccqx.exe
  2⤵
  PID:1952
- C:\Windows\System\hORAiXK.exe
  C:\Windows\System\hORAiXK.exe
  2⤵
  PID:2652
- C:\Windows\System\inytNrN.exe
  C:\Windows\System\inytNrN.exe
  2⤵
  PID:320
- C:\Windows\System\wsOMfxS.exe
  C:\Windows\System\wsOMfxS.exe
  2⤵
  PID:6000
- C:\Windows\System\ATJlLuu.exe
  C:\Windows\System\ATJlLuu.exe
  2⤵
  PID:5900
- C:\Windows\System\pexnfpD.exe
  C:\Windows\System\pexnfpD.exe
  2⤵
  PID:5968
- C:\Windows\System\WBlBmxi.exe
  C:\Windows\System\WBlBmxi.exe
  2⤵
  PID:5852
- C:\Windows\System\tdpCTXH.exe
  C:\Windows\System\tdpCTXH.exe
  2⤵
  PID:2864
- C:\Windows\System\NmUulNd.exe
  C:\Windows\System\NmUulNd.exe
  2⤵
  PID:5868
- C:\Windows\System\SkDVZfJ.exe
  C:\Windows\System\SkDVZfJ.exe
  2⤵
  PID:5880
- C:\Windows\System\wbCfECj.exe
  C:\Windows\System\wbCfECj.exe
  2⤵
  PID:5920
- C:\Windows\System\SPOIndP.exe
  C:\Windows\System\SPOIndP.exe
  2⤵
  PID:6036
- C:\Windows\System\SEYkXbk.exe
  C:\Windows\System\SEYkXbk.exe
  2⤵
  PID:6080
- C:\Windows\System\bdbXmwa.exe
  C:\Windows\System\bdbXmwa.exe
  2⤵
  PID:6088
- C:\Windows\System\fgXUszl.exe
  C:\Windows\System\fgXUszl.exe
  2⤵
  PID:2856
- C:\Windows\System\zoDFvmW.exe
  C:\Windows\System\zoDFvmW.exe
  2⤵
  PID:6124
- C:\Windows\System\pFeYuCV.exe
  C:\Windows\System\pFeYuCV.exe
  2⤵
  PID:6140
- C:\Windows\System\hIJfMtG.exe
  C:\Windows\System\hIJfMtG.exe
  2⤵
  PID:2368
- C:\Windows\System\WnDWXWW.exe
  C:\Windows\System\WnDWXWW.exe
  2⤵
  PID:1576
- C:\Windows\System\hSiuFUL.exe
  C:\Windows\System\hSiuFUL.exe
  2⤵
  PID:5088
- C:\Windows\System\xtAOYHw.exe
  C:\Windows\System\xtAOYHw.exe
  2⤵
  PID:2876
- C:\Windows\System\dCYlmUx.exe
  C:\Windows\System\dCYlmUx.exe
  2⤵
  PID:2240
- C:\Windows\System\MdaGrry.exe
  C:\Windows\System\MdaGrry.exe
  2⤵
  PID:868
- C:\Windows\System\Aecsojx.exe
  C:\Windows\System\Aecsojx.exe
  2⤵
  PID:4232
- C:\Windows\System\UbAuSwa.exe
  C:\Windows\System\UbAuSwa.exe
  2⤵
  PID:4456
- C:\Windows\System\BhpDpIg.exe
  C:\Windows\System\BhpDpIg.exe
  2⤵
  PID:2616
- C:\Windows\System\JKubPVg.exe
  C:\Windows\System\JKubPVg.exe
  2⤵
  PID:3768
- C:\Windows\System\KSzIyuw.exe
  C:\Windows\System\KSzIyuw.exe
  2⤵
  PID:1528
- C:\Windows\System\LCHKiOa.exe
  C:\Windows\System\LCHKiOa.exe
  2⤵
  PID:4996
- C:\Windows\System\zfAYvtz.exe
  C:\Windows\System\zfAYvtz.exe
  2⤵
  PID:4260
- C:\Windows\System\nqQkdIa.exe
  C:\Windows\System\nqQkdIa.exe
  2⤵
  PID:2284
- C:\Windows\System\IuhxxBr.exe
  C:\Windows\System\IuhxxBr.exe
  2⤵
  PID:2920
- C:\Windows\System\EMGOaJy.exe
  C:\Windows\System\EMGOaJy.exe
  2⤵
  PID:5212
- C:\Windows\System\pCLZRhB.exe
  C:\Windows\System\pCLZRhB.exe
  2⤵
  PID:5284
- C:\Windows\System\eUNzpon.exe
  C:\Windows\System\eUNzpon.exe
  2⤵
  PID:5268
- C:\Windows\System\WLMXAji.exe
  C:\Windows\System\WLMXAji.exe
  2⤵
  PID:4936
- C:\Windows\System\ODwvCgB.exe
  C:\Windows\System\ODwvCgB.exe
  2⤵
  PID:4564
- C:\Windows\System\AwUbnFn.exe
  C:\Windows\System\AwUbnFn.exe
  2⤵
  PID:5292
- C:\Windows\System\LasMFPr.exe
  C:\Windows\System\LasMFPr.exe
  2⤵
  PID:4164
- C:\Windows\System\pFFHGET.exe
  C:\Windows\System\pFFHGET.exe
  2⤵
  PID:5040
- C:\Windows\System\eclbtCO.exe
  C:\Windows\System\eclbtCO.exe
  2⤵
  PID:5196
- C:\Windows\System\XAddhrB.exe
  C:\Windows\System\XAddhrB.exe
  2⤵
  PID:5324
- C:\Windows\System\UuGyzdz.exe
  C:\Windows\System\UuGyzdz.exe
  2⤵
  PID:5420
- C:\Windows\System\NlrMwws.exe
  C:\Windows\System\NlrMwws.exe
  2⤵
  PID:5460
- C:\Windows\System\JXYUWeC.exe
  C:\Windows\System\JXYUWeC.exe
  2⤵
  PID:5440
- C:\Windows\System\FyouiTe.exe
  C:\Windows\System\FyouiTe.exe
  2⤵
  PID:5496
- C:\Windows\System\ciIFrPy.exe
  C:\Windows\System\ciIFrPy.exe
  2⤵
  PID:1568
- C:\Windows\System\sOlAmdp.exe
  C:\Windows\System\sOlAmdp.exe
  2⤵
  PID:5528
- C:\Windows\System\vAjYOzd.exe
  C:\Windows\System\vAjYOzd.exe
  2⤵
  PID:5548
- C:\Windows\System\vxaGkTQ.exe
  C:\Windows\System\vxaGkTQ.exe
  2⤵
  PID:5560
- C:\Windows\System\BgqbZMt.exe
  C:\Windows\System\BgqbZMt.exe
  2⤵
  PID:5580
- C:\Windows\System\DOUVZIv.exe
  C:\Windows\System\DOUVZIv.exe
  2⤵
  PID:5608
- C:\Windows\System\VImLMes.exe
  C:\Windows\System\VImLMes.exe
  2⤵
  PID:5652
- C:\Windows\System\jfZqIRA.exe
  C:\Windows\System\jfZqIRA.exe
  2⤵
  PID:5664
- C:\Windows\System\NfzdEGy.exe
  C:\Windows\System\NfzdEGy.exe
  2⤵
  PID:2784
- C:\Windows\System\GsMscct.exe
  C:\Windows\System\GsMscct.exe
  2⤵
  PID:2636
- C:\Windows\System\YlIAurN.exe
  C:\Windows\System\YlIAurN.exe
  2⤵
  PID:5676
- C:\Windows\System\rwkpslD.exe
  C:\Windows\System\rwkpslD.exe
  2⤵
  PID:2808
- C:\Windows\System\RLIwjJz.exe
  C:\Windows\System\RLIwjJz.exe
  2⤵
  PID:2308
- C:\Windows\System\PIFKcTj.exe
  C:\Windows\System\PIFKcTj.exe
  2⤵
  PID:1492
- C:\Windows\System\AiCYSZN.exe
  C:\Windows\System\AiCYSZN.exe
  2⤵
  PID:2804
- C:\Windows\System\YijLqoW.exe
  C:\Windows\System\YijLqoW.exe
  2⤵
  PID:1876
- C:\Windows\System\rYjfTNu.exe
  C:\Windows\System\rYjfTNu.exe
  2⤵
  PID:1724
- C:\Windows\System\LHSnpeh.exe
  C:\Windows\System\LHSnpeh.exe
  2⤵
  PID:5824
- C:\Windows\System\VvVZuFK.exe
  C:\Windows\System\VvVZuFK.exe
  2⤵
  PID:5716
- C:\Windows\System\eNnYcYN.exe
  C:\Windows\System\eNnYcYN.exe
  2⤵
  PID:816
- C:\Windows\System\PisjJiz.exe
  C:\Windows\System\PisjJiz.exe
  2⤵
  PID:2908
- C:\Windows\System\DbcUiJV.exe
  C:\Windows\System\DbcUiJV.exe
  2⤵
  PID:5952
- C:\Windows\System\xORVIum.exe
  C:\Windows\System\xORVIum.exe
  2⤵
  PID:6004
- C:\Windows\System\eZcnrRm.exe
  C:\Windows\System\eZcnrRm.exe
  2⤵
  PID:6008
- C:\Windows\System\bdbLjxR.exe
  C:\Windows\System\bdbLjxR.exe
  2⤵
  PID:5864
- C:\Windows\System\JYTACzW.exe
  C:\Windows\System\JYTACzW.exe
  2⤵
  PID:6112
- C:\Windows\System\gnLNHzc.exe
  C:\Windows\System\gnLNHzc.exe
  2⤵
  PID:6032
- C:\Windows\System\aaHCBZX.exe
  C:\Windows\System\aaHCBZX.exe
  2⤵
  PID:5084
- C:\Windows\System\HvtYBrz.exe
  C:\Windows\System\HvtYBrz.exe
  2⤵
  PID:2728
- C:\Windows\System\PBAcRWM.exe
  C:\Windows\System\PBAcRWM.exe
  2⤵
  PID:6100
- C:\Windows\System\xfcqAFC.exe
  C:\Windows\System\xfcqAFC.exe
  2⤵
  PID:452
- C:\Windows\System\nsGLYby.exe
  C:\Windows\System\nsGLYby.exe
  2⤵
  PID:600
- C:\Windows\System\iiYNCNU.exe
  C:\Windows\System\iiYNCNU.exe
  2⤵
  PID:2936
- C:\Windows\System\HOciKPS.exe
  C:\Windows\System\HOciKPS.exe
  2⤵
  PID:5124
- C:\Windows\System\FRibLKO.exe
  C:\Windows\System\FRibLKO.exe
  2⤵
  PID:2452
- C:\Windows\System\NAQsenf.exe
  C:\Windows\System\NAQsenf.exe
  2⤵
  PID:1000
- C:\Windows\System\MSLABIY.exe
  C:\Windows\System\MSLABIY.exe
  2⤵
  PID:4548
- C:\Windows\System\pUAmhXI.exe
  C:\Windows\System\pUAmhXI.exe
  2⤵
  PID:1912
- C:\Windows\System\sEQfxni.exe
  C:\Windows\System\sEQfxni.exe
  2⤵
  PID:4196
- C:\Windows\System\ymSeVJk.exe
  C:\Windows\System\ymSeVJk.exe
  2⤵
  PID:5224
- C:\Windows\System\eOXuTOa.exe
  C:\Windows\System\eOXuTOa.exe
  2⤵
  PID:5464
- C:\Windows\System\SbHVUdL.exe
  C:\Windows\System\SbHVUdL.exe
  2⤵
  PID:5480
- C:\Windows\System\splLvoq.exe
  C:\Windows\System\splLvoq.exe
  2⤵
  PID:5540
- C:\Windows\System\MamLDRe.exe
  C:\Windows\System\MamLDRe.exe
  2⤵
  PID:5412
- C:\Windows\System\jFHQLFk.exe
  C:\Windows\System\jFHQLFk.exe
  2⤵
  PID:5564
- C:\Windows\System\gKYuvie.exe
  C:\Windows\System\gKYuvie.exe
  2⤵
  PID:5536
- C:\Windows\System\gWnuAWr.exe
  C:\Windows\System\gWnuAWr.exe
  2⤵
  PID:5660
- C:\Windows\System\HYyPNRR.exe
  C:\Windows\System\HYyPNRR.exe
  2⤵
  PID:2676
- C:\Windows\System\BljXRzJ.exe
  C:\Windows\System\BljXRzJ.exe
  2⤵
  PID:2340
- C:\Windows\System\lsWaLLw.exe
  C:\Windows\System\lsWaLLw.exe
  2⤵
  PID:5616
- C:\Windows\System\unepgMu.exe
  C:\Windows\System\unepgMu.exe
  2⤵
  PID:4180
- C:\Windows\System\clMbXvD.exe
  C:\Windows\System\clMbXvD.exe
  2⤵
  PID:2664
- C:\Windows\System\aMiEpwU.exe
  C:\Windows\System\aMiEpwU.exe
  2⤵
  PID:5932
- C:\Windows\System\mOUVBgo.exe
  C:\Windows\System\mOUVBgo.exe
  2⤵
  PID:1736
- C:\Windows\System\UZQjgLb.exe
  C:\Windows\System\UZQjgLb.exe
  2⤵
  PID:5840
- C:\Windows\System\zmVsatd.exe
  C:\Windows\System\zmVsatd.exe
  2⤵
  PID:2176
- C:\Windows\System\sLGVmyj.exe
  C:\Windows\System\sLGVmyj.exe
  2⤵
  PID:5964
- C:\Windows\System\TwaZUZK.exe
  C:\Windows\System\TwaZUZK.exe
  2⤵
  PID:2408
- C:\Windows\System\tOfxnSu.exe
  C:\Windows\System\tOfxnSu.exe
  2⤵
  PID:2328
- C:\Windows\System\PdWPCcd.exe
  C:\Windows\System\PdWPCcd.exe
  2⤵
  PID:4728
- C:\Windows\System\foKXDZV.exe
  C:\Windows\System\foKXDZV.exe
  2⤵
  PID:3996
- C:\Windows\System\iolfOfy.exe
  C:\Windows\System\iolfOfy.exe
  2⤵
  PID:5396
- C:\Windows\System\SvTprFs.exe
  C:\Windows\System\SvTprFs.exe
  2⤵
  PID:2268
- C:\Windows\System\wOzqpgv.exe
  C:\Windows\System\wOzqpgv.exe
  2⤵
  PID:5304
- C:\Windows\System\wwCcTlk.exe
  C:\Windows\System\wwCcTlk.exe
  2⤵
  PID:5436
- C:\Windows\System\IKkRmqG.exe
  C:\Windows\System\IKkRmqG.exe
  2⤵
  PID:5228
- C:\Windows\System\EbFFajS.exe
  C:\Windows\System\EbFFajS.exe
  2⤵
  PID:5576
- C:\Windows\System\RGvayCC.exe
  C:\Windows\System\RGvayCC.exe
  2⤵
  PID:2896
- C:\Windows\System\RzFoPvX.exe
  C:\Windows\System\RzFoPvX.exe
  2⤵
  PID:5984
- C:\Windows\System\sTUjHAj.exe
  C:\Windows\System\sTUjHAj.exe
  2⤵
  PID:5556
- C:\Windows\System\QRyJaKs.exe
  C:\Windows\System\QRyJaKs.exe
  2⤵
  PID:3588
- C:\Windows\System\maRpBjD.exe
  C:\Windows\System\maRpBjD.exe
  2⤵
  PID:5916
- C:\Windows\System\OCUZgPn.exe
  C:\Windows\System\OCUZgPn.exe
  2⤵
  PID:6128
- C:\Windows\System\LBWIsnD.exe
  C:\Windows\System\LBWIsnD.exe
  2⤵
  PID:5164
- C:\Windows\System\HMiVwBj.exe
  C:\Windows\System\HMiVwBj.exe
  2⤵
  PID:3812
- C:\Windows\System\KDbyohT.exe
  C:\Windows\System\KDbyohT.exe
  2⤵
  PID:4628
- C:\Windows\System\UkuBMEB.exe
  C:\Windows\System\UkuBMEB.exe
  2⤵
  PID:5524
- C:\Windows\System\xMWwVpq.exe
  C:\Windows\System\xMWwVpq.exe
  2⤵
  PID:5160
- C:\Windows\System\wXaAcma.exe
  C:\Windows\System\wXaAcma.exe
  2⤵
  PID:2844
- C:\Windows\System\UMNakGV.exe
  C:\Windows\System\UMNakGV.exe
  2⤵
  PID:2692
- C:\Windows\System\biYoZAt.exe
  C:\Windows\System\biYoZAt.exe
  2⤵
  PID:4980
- C:\Windows\System\sMEKhTJ.exe
  C:\Windows\System\sMEKhTJ.exe
  2⤵
  PID:6052
- C:\Windows\System\ESDxeEN.exe
  C:\Windows\System\ESDxeEN.exe
  2⤵
  PID:6152
- C:\Windows\System\klkcJXP.exe
  C:\Windows\System\klkcJXP.exe
  2⤵
  PID:6168
- C:\Windows\System\hOMqwTE.exe
  C:\Windows\System\hOMqwTE.exe
  2⤵
  PID:6184
- C:\Windows\System\wpKYuWK.exe
  C:\Windows\System\wpKYuWK.exe
  2⤵
  PID:6200
- C:\Windows\System\Pyaawwm.exe
  C:\Windows\System\Pyaawwm.exe
  2⤵
  PID:6216
- C:\Windows\System\GmzSxCH.exe
  C:\Windows\System\GmzSxCH.exe
  2⤵
  PID:6232
- C:\Windows\System\jLxMNay.exe
  C:\Windows\System\jLxMNay.exe
  2⤵
  PID:6248
- C:\Windows\System\BbnFMaF.exe
  C:\Windows\System\BbnFMaF.exe
  2⤵
  PID:6264
- C:\Windows\System\uSmziNx.exe
  C:\Windows\System\uSmziNx.exe
  2⤵
  PID:6280
- C:\Windows\System\jhxxsdh.exe
  C:\Windows\System\jhxxsdh.exe
  2⤵
  PID:6296
- C:\Windows\System\sUGfOXk.exe
  C:\Windows\System\sUGfOXk.exe
  2⤵
  PID:6312
- C:\Windows\System\DFCrPkq.exe
  C:\Windows\System\DFCrPkq.exe
  2⤵
  PID:6328
- C:\Windows\System\cqeqtWQ.exe
  C:\Windows\System\cqeqtWQ.exe
  2⤵
  PID:6344
- C:\Windows\System\CZdfwax.exe
  C:\Windows\System\CZdfwax.exe
  2⤵
  PID:6360
- C:\Windows\System\bAAWwvl.exe
  C:\Windows\System\bAAWwvl.exe
  2⤵
  PID:6376
- C:\Windows\System\wQUfMvm.exe
  C:\Windows\System\wQUfMvm.exe
  2⤵
  PID:6392
- C:\Windows\System\rECdtCq.exe
  C:\Windows\System\rECdtCq.exe
  2⤵
  PID:6408
- C:\Windows\System\dNlIkgh.exe
  C:\Windows\System\dNlIkgh.exe
  2⤵
  PID:6424
- C:\Windows\System\OpBDvle.exe
  C:\Windows\System\OpBDvle.exe
  2⤵
  PID:6440
- C:\Windows\System\ccCmhbI.exe
  C:\Windows\System\ccCmhbI.exe
  2⤵
  PID:6456
- C:\Windows\System\nYZmUXN.exe
  C:\Windows\System\nYZmUXN.exe
  2⤵
  PID:6472
- C:\Windows\System\GArXkLi.exe
  C:\Windows\System\GArXkLi.exe
  2⤵
  PID:6488
- C:\Windows\System\fOUKQxp.exe
  C:\Windows\System\fOUKQxp.exe
  2⤵
  PID:6504
- C:\Windows\System\dbwUTKt.exe
  C:\Windows\System\dbwUTKt.exe
  2⤵
  PID:6520
- C:\Windows\System\wqTclhZ.exe
  C:\Windows\System\wqTclhZ.exe
  2⤵
  PID:6536
- C:\Windows\System\UXaavoE.exe
  C:\Windows\System\UXaavoE.exe
  2⤵
  PID:6552
- C:\Windows\System\LcamtIx.exe
  C:\Windows\System\LcamtIx.exe
  2⤵
  PID:6568
- C:\Windows\System\tAuklda.exe
  C:\Windows\System\tAuklda.exe
  2⤵
  PID:6584
- C:\Windows\System\uiatRhc.exe
  C:\Windows\System\uiatRhc.exe
  2⤵
  PID:6600
- C:\Windows\System\TTtyPPl.exe
  C:\Windows\System\TTtyPPl.exe
  2⤵
  PID:6616
- C:\Windows\System\zHZJKqv.exe
  C:\Windows\System\zHZJKqv.exe
  2⤵
  PID:6632
- C:\Windows\System\MfZSBcK.exe
  C:\Windows\System\MfZSBcK.exe
  2⤵
  PID:6648
- C:\Windows\System\KQGTKoY.exe
  C:\Windows\System\KQGTKoY.exe
  2⤵
  PID:6664
- C:\Windows\System\dVvTDTi.exe
  C:\Windows\System\dVvTDTi.exe
  2⤵
  PID:6680
- C:\Windows\System\aFFaEaS.exe
  C:\Windows\System\aFFaEaS.exe
  2⤵
  PID:6696
- C:\Windows\System\ZXwDUJE.exe
  C:\Windows\System\ZXwDUJE.exe
  2⤵
  PID:6712
- C:\Windows\System\rrzSetq.exe
  C:\Windows\System\rrzSetq.exe
  2⤵
  PID:6728
- C:\Windows\System\IDfZamJ.exe
  C:\Windows\System\IDfZamJ.exe
  2⤵
  PID:6744
- C:\Windows\System\vGEWciN.exe
  C:\Windows\System\vGEWciN.exe
  2⤵
  PID:6760
- C:\Windows\System\vEawqSF.exe
  C:\Windows\System\vEawqSF.exe
  2⤵
  PID:6776
- C:\Windows\System\bSWHGGA.exe
  C:\Windows\System\bSWHGGA.exe
  2⤵
  PID:6792
- C:\Windows\System\oqpWvAM.exe
  C:\Windows\System\oqpWvAM.exe
  2⤵
  PID:6808
- C:\Windows\System\VUFLFdP.exe
  C:\Windows\System\VUFLFdP.exe
  2⤵
  PID:6824
- C:\Windows\System\udXCRvF.exe
  C:\Windows\System\udXCRvF.exe
  2⤵
  PID:6840
- C:\Windows\System\ECocTLO.exe
  C:\Windows\System\ECocTLO.exe
  2⤵
  PID:6856
- C:\Windows\System\PZqaNhT.exe
  C:\Windows\System\PZqaNhT.exe
  2⤵
  PID:6872
- C:\Windows\System\vdZeQUo.exe
  C:\Windows\System\vdZeQUo.exe
  2⤵
  PID:6888
- C:\Windows\System\STZgSpQ.exe
  C:\Windows\System\STZgSpQ.exe
  2⤵
  PID:6904
- C:\Windows\System\surQHHA.exe
  C:\Windows\System\surQHHA.exe
  2⤵
  PID:6920
- C:\Windows\System\EDjYrMX.exe
  C:\Windows\System\EDjYrMX.exe
  2⤵
  PID:6936
- C:\Windows\System\Oqzilty.exe
  C:\Windows\System\Oqzilty.exe
  2⤵
  PID:6952
- C:\Windows\System\xPEouge.exe
  C:\Windows\System\xPEouge.exe
  2⤵
  PID:6968
- C:\Windows\System\AXQNnBI.exe
  C:\Windows\System\AXQNnBI.exe
  2⤵
  PID:6984
- C:\Windows\System\DvYgrdY.exe
  C:\Windows\System\DvYgrdY.exe
  2⤵
  PID:7000
- C:\Windows\System\rLZEGQj.exe
  C:\Windows\System\rLZEGQj.exe
  2⤵
  PID:7016
- C:\Windows\System\YOWVqJx.exe
  C:\Windows\System\YOWVqJx.exe
  2⤵
  PID:7032
- C:\Windows\System\WWUimku.exe
  C:\Windows\System\WWUimku.exe
  2⤵
  PID:7048
- C:\Windows\System\niMNezr.exe
  C:\Windows\System\niMNezr.exe
  2⤵
  PID:7064
- C:\Windows\System\sJGQcqz.exe
  C:\Windows\System\sJGQcqz.exe
  2⤵
  PID:7080
- C:\Windows\System\hsfavnf.exe
  C:\Windows\System\hsfavnf.exe
  2⤵
  PID:7096
- C:\Windows\System\IwIppWP.exe
  C:\Windows\System\IwIppWP.exe
  2⤵
  PID:7112
- C:\Windows\System\HQkhvaa.exe
  C:\Windows\System\HQkhvaa.exe
  2⤵
  PID:7128
- C:\Windows\System\ecEoJIp.exe
  C:\Windows\System\ecEoJIp.exe
  2⤵
  PID:7144
- C:\Windows\System\TFBWIPw.exe
  C:\Windows\System\TFBWIPw.exe
  2⤵
  PID:7160
- C:\Windows\System\WOqVnnr.exe
  C:\Windows\System\WOqVnnr.exe
  2⤵
  PID:6160
- C:\Windows\System\bdmPtMG.exe
  C:\Windows\System\bdmPtMG.exe
  2⤵
  PID:6196
- C:\Windows\System\BTaXbOa.exe
  C:\Windows\System\BTaXbOa.exe
  2⤵
  PID:6224
- C:\Windows\System\cZcjfMR.exe
  C:\Windows\System\cZcjfMR.exe
  2⤵
  PID:6288
- C:\Windows\System\HCqBruv.exe
  C:\Windows\System\HCqBruv.exe
  2⤵
  PID:3432
- C:\Windows\System\hOXNsPL.exe
  C:\Windows\System\hOXNsPL.exe
  2⤵
  PID:6176
- C:\Windows\System\aInIwwW.exe
  C:\Windows\System\aInIwwW.exe
  2⤵
  PID:6356
- C:\Windows\System\LcSrdUY.exe
  C:\Windows\System\LcSrdUY.exe
  2⤵
  PID:6208
- C:\Windows\System\IENYVJk.exe
  C:\Windows\System\IENYVJk.exe
  2⤵
  PID:6244
- C:\Windows\System\xRaCKYL.exe
  C:\Windows\System\xRaCKYL.exe
  2⤵
  PID:6420
- C:\Windows\System\pmyvaOs.exe
  C:\Windows\System\pmyvaOs.exe
  2⤵
  PID:6336
- C:\Windows\System\nwFJDWH.exe
  C:\Windows\System\nwFJDWH.exe
  2⤵
  PID:6452
- C:\Windows\System\JWGEtNK.exe
  C:\Windows\System\JWGEtNK.exe
  2⤵
  PID:6464
- C:\Windows\System\TRpTgqB.exe
  C:\Windows\System\TRpTgqB.exe
  2⤵
  PID:6516
- C:\Windows\System\YsdmsGM.exe
  C:\Windows\System\YsdmsGM.exe
  2⤵
  PID:6580
- C:\Windows\System\qbabNJB.exe
  C:\Windows\System\qbabNJB.exe
  2⤵
  PID:6500
- C:\Windows\System\lhzHMzo.exe
  C:\Windows\System\lhzHMzo.exe
  2⤵
  PID:6628
- C:\Windows\System\yXXZwHG.exe
  C:\Windows\System\yXXZwHG.exe
  2⤵
  PID:6624
- C:\Windows\System\hVWlkQx.exe
  C:\Windows\System\hVWlkQx.exe
  2⤵
  PID:6592
- C:\Windows\System\afsVfEN.exe
  C:\Windows\System\afsVfEN.exe
  2⤵
  PID:6688
- C:\Windows\System\kYQzrVr.exe
  C:\Windows\System\kYQzrVr.exe
  2⤵
  PID:6756
- C:\Windows\System\hohwJtO.exe
  C:\Windows\System\hohwJtO.exe
  2⤵
  PID:6820
- C:\Windows\System\nNlZSFq.exe
  C:\Windows\System\nNlZSFq.exe
  2⤵
  PID:6884
- C:\Windows\System\lFXYJlD.exe
  C:\Windows\System\lFXYJlD.exe
  2⤵
  PID:6676
- C:\Windows\System\KpJMQae.exe
  C:\Windows\System\KpJMQae.exe
  2⤵
  PID:6768
- C:\Windows\System\uhYOPWu.exe
  C:\Windows\System\uhYOPWu.exe
  2⤵
  PID:6868
- C:\Windows\System\cELRryB.exe
  C:\Windows\System\cELRryB.exe
  2⤵
  PID:6932
- C:\Windows\System\WkXusaU.exe
  C:\Windows\System\WkXusaU.exe
  2⤵
  PID:6772
- C:\Windows\System\RLnZKWC.exe
  C:\Windows\System\RLnZKWC.exe
  2⤵
  PID:6836
- C:\Windows\System\RFPAzsf.exe
  C:\Windows\System\RFPAzsf.exe
  2⤵
  PID:7012
- C:\Windows\System\oEMDMqX.exe
  C:\Windows\System\oEMDMqX.exe
  2⤵
  PID:7028
- C:\Windows\System\DeDvOjM.exe
  C:\Windows\System\DeDvOjM.exe
  2⤵
  PID:7060
- C:\Windows\System\xQmcFUp.exe
  C:\Windows\System\xQmcFUp.exe
  2⤵
  PID:7120
- C:\Windows\System\OCQcuax.exe
  C:\Windows\System\OCQcuax.exe
  2⤵
  PID:6164
- C:\Windows\System\sCWFZfX.exe
  C:\Windows\System\sCWFZfX.exe
  2⤵
  PID:7140
- C:\Windows\System\uHYkEjm.exe
  C:\Windows\System\uHYkEjm.exe
  2⤵
  PID:5416
- C:\Windows\System\PRMKnOM.exe
  C:\Windows\System\PRMKnOM.exe
  2⤵
  PID:5884
- C:\Windows\System\dOsOrAw.exe
  C:\Windows\System\dOsOrAw.exe
  2⤵
  PID:6148
- C:\Windows\System\uEKyweJ.exe
  C:\Windows\System\uEKyweJ.exe
  2⤵
  PID:6468
- C:\Windows\System\ztjVvgU.exe
  C:\Windows\System\ztjVvgU.exe
  2⤵
  PID:6564
- C:\Windows\System\MSJsDcl.exe
  C:\Windows\System\MSJsDcl.exe
  2⤵
  PID:6916
- C:\Windows\System\bwDTmSc.exe
  C:\Windows\System\bwDTmSc.exe
  2⤵
  PID:6980
- C:\Windows\System\fUVQWTu.exe
  C:\Windows\System\fUVQWTu.exe
  2⤵
  PID:6864
- C:\Windows\System\tSOUtIr.exe
  C:\Windows\System\tSOUtIr.exe
  2⤵
  PID:6292
- C:\Windows\System\DHINCIQ.exe
  C:\Windows\System\DHINCIQ.exe
  2⤵
  PID:6404
- C:\Windows\System\gqxiizQ.exe
  C:\Windows\System\gqxiizQ.exe
  2⤵
  PID:7152
- C:\Windows\System\qwIEXrm.exe
  C:\Windows\System\qwIEXrm.exe
  2⤵
  PID:6528
- C:\Windows\System\IlssAzS.exe
  C:\Windows\System\IlssAzS.exe
  2⤵
  PID:6724
- C:\Windows\System\HWtIcUd.exe
  C:\Windows\System\HWtIcUd.exe
  2⤵
  PID:6736
- C:\Windows\System\IBJkTkd.exe
  C:\Windows\System\IBJkTkd.exe
  2⤵
  PID:6964
- C:\Windows\System\cfaqmNo.exe
  C:\Windows\System\cfaqmNo.exe
  2⤵
  PID:7124
- C:\Windows\System\AJkNSZm.exe
  C:\Windows\System\AJkNSZm.exe
  2⤵
  PID:5632
- C:\Windows\System\GGIvsyt.exe
  C:\Windows\System\GGIvsyt.exe
  2⤵
  PID:6608
- C:\Windows\System\EjkPXoL.exe
  C:\Windows\System\EjkPXoL.exe
  2⤵
  PID:7056
- C:\Windows\System\mLSQRuZ.exe
  C:\Windows\System\mLSQRuZ.exe
  2⤵
  PID:6256
- C:\Windows\System\bwUdMVD.exe
  C:\Windows\System\bwUdMVD.exe
  2⤵
  PID:6788
- C:\Windows\System\wbOyikw.exe
  C:\Windows\System\wbOyikw.exe
  2⤵
  PID:6212
- C:\Windows\System\dqHyrkr.exe
  C:\Windows\System\dqHyrkr.exe
  2⤵
  PID:6596
- C:\Windows\System\SPkFvDu.exe
  C:\Windows\System\SPkFvDu.exe
  2⤵
  PID:7104
- C:\Windows\System\lCxvPKC.exe
  C:\Windows\System\lCxvPKC.exe
  2⤵
  PID:6548
- C:\Windows\System\WlPYFIA.exe
  C:\Windows\System\WlPYFIA.exe
  2⤵
  PID:6484
- C:\Windows\System\dbWLQCx.exe
  C:\Windows\System\dbWLQCx.exe
  2⤵
  PID:6996
- C:\Windows\System\UwFMhFY.exe
  C:\Windows\System\UwFMhFY.exe
  2⤵
  PID:6260
- C:\Windows\System\njswOmg.exe
  C:\Windows\System\njswOmg.exe
  2⤵
  PID:6928
- C:\Windows\System\fCwJxoC.exe
  C:\Windows\System\fCwJxoC.exe
  2⤵
  PID:7024
- C:\Windows\System\HCqnAVF.exe
  C:\Windows\System\HCqnAVF.exe
  2⤵
  PID:7184
- C:\Windows\System\NBSRIdn.exe
  C:\Windows\System\NBSRIdn.exe
  2⤵
  PID:7200
- C:\Windows\System\wEaiaKK.exe
  C:\Windows\System\wEaiaKK.exe
  2⤵
  PID:7216
- C:\Windows\System\fLUWZOb.exe
  C:\Windows\System\fLUWZOb.exe
  2⤵
  PID:7232
- C:\Windows\System\bROIwpx.exe
  C:\Windows\System\bROIwpx.exe
  2⤵
  PID:7248
- C:\Windows\System\ofVMQCL.exe
  C:\Windows\System\ofVMQCL.exe
  2⤵
  PID:7264
- C:\Windows\System\uhabCEP.exe
  C:\Windows\System\uhabCEP.exe
  2⤵
  PID:7280
- C:\Windows\System\NYAJeUS.exe
  C:\Windows\System\NYAJeUS.exe
  2⤵
  PID:7296
- C:\Windows\System\YhcAjqh.exe
  C:\Windows\System\YhcAjqh.exe
  2⤵
  PID:7316
- C:\Windows\System\ccDxpfI.exe
  C:\Windows\System\ccDxpfI.exe
  2⤵
  PID:7348
- C:\Windows\System\xSDzQtJ.exe
  C:\Windows\System\xSDzQtJ.exe
  2⤵
  PID:7364
- C:\Windows\System\DTlfXfd.exe
  C:\Windows\System\DTlfXfd.exe
  2⤵
  PID:7380
- C:\Windows\System\UAAGuWU.exe
  C:\Windows\System\UAAGuWU.exe
  2⤵
  PID:7396
- C:\Windows\System\kSeeJGK.exe
  C:\Windows\System\kSeeJGK.exe
  2⤵
  PID:7412
- C:\Windows\System\JfiUNrJ.exe
  C:\Windows\System\JfiUNrJ.exe
  2⤵
  PID:7428
- C:\Windows\System\eRDIUQs.exe
  C:\Windows\System\eRDIUQs.exe
  2⤵
  PID:7444
- C:\Windows\System\UxMLEtY.exe
  C:\Windows\System\UxMLEtY.exe
  2⤵
  PID:7460
- C:\Windows\System\yaoDhKQ.exe
  C:\Windows\System\yaoDhKQ.exe
  2⤵
  PID:7476
- C:\Windows\System\DFGwxll.exe
  C:\Windows\System\DFGwxll.exe
  2⤵
  PID:7492
- C:\Windows\System\WhBdZNW.exe
  C:\Windows\System\WhBdZNW.exe
  2⤵
  PID:7508
- C:\Windows\System\zsGdAQY.exe
  C:\Windows\System\zsGdAQY.exe
  2⤵
  PID:7524
- C:\Windows\System\KaugKBx.exe
  C:\Windows\System\KaugKBx.exe
  2⤵
  PID:7540
- C:\Windows\System\OXoiabZ.exe
  C:\Windows\System\OXoiabZ.exe
  2⤵
  PID:7556
- C:\Windows\System\DjnUgAl.exe
  C:\Windows\System\DjnUgAl.exe
  2⤵
  PID:7572
- C:\Windows\System\QLQPaaM.exe
  C:\Windows\System\QLQPaaM.exe
  2⤵
  PID:7588
- C:\Windows\System\qMKWsWF.exe
  C:\Windows\System\qMKWsWF.exe
  2⤵
  PID:7604
- C:\Windows\System\VsQHEDA.exe
  C:\Windows\System\VsQHEDA.exe
  2⤵
  PID:7620
- C:\Windows\System\KlCetlb.exe
  C:\Windows\System\KlCetlb.exe
  2⤵
  PID:7636
- C:\Windows\System\DpVOMTH.exe
  C:\Windows\System\DpVOMTH.exe
  2⤵
  PID:7652
- C:\Windows\System\rznNzLV.exe
  C:\Windows\System\rznNzLV.exe
  2⤵
  PID:7672
- C:\Windows\System\MKTZdti.exe
  C:\Windows\System\MKTZdti.exe
  2⤵
  PID:7688
- C:\Windows\System\EPjyusj.exe
  C:\Windows\System\EPjyusj.exe
  2⤵
  PID:7704
- C:\Windows\System\NjUTRET.exe
  C:\Windows\System\NjUTRET.exe
  2⤵
  PID:7720
- C:\Windows\System\rcBCqXh.exe
  C:\Windows\System\rcBCqXh.exe
  2⤵
  PID:7736
- C:\Windows\System\XdkVpdK.exe
  C:\Windows\System\XdkVpdK.exe
  2⤵
  PID:7752
- C:\Windows\System\MYjjOZv.exe
  C:\Windows\System\MYjjOZv.exe
  2⤵
  PID:7768
- C:\Windows\System\NMKeRKh.exe
  C:\Windows\System\NMKeRKh.exe
  2⤵
  PID:7784
- C:\Windows\System\AtQaAeo.exe
  C:\Windows\System\AtQaAeo.exe
  2⤵
  PID:7800
- C:\Windows\System\AGTIrOr.exe
  C:\Windows\System\AGTIrOr.exe
  2⤵
  PID:7816
- C:\Windows\System\NnJdoKr.exe
  C:\Windows\System\NnJdoKr.exe
  2⤵
  PID:7832
- C:\Windows\System\bnCmxMN.exe
  C:\Windows\System\bnCmxMN.exe
  2⤵
  PID:7848
- C:\Windows\System\uQsmvrI.exe
  C:\Windows\System\uQsmvrI.exe
  2⤵
  PID:7864
- C:\Windows\System\DNgmThW.exe
  C:\Windows\System\DNgmThW.exe
  2⤵
  PID:7880
- C:\Windows\System\woprFbb.exe
  C:\Windows\System\woprFbb.exe
  2⤵
  PID:7896
- C:\Windows\System\MexxVGk.exe
  C:\Windows\System\MexxVGk.exe
  2⤵
  PID:7912
- C:\Windows\System\vqbWybT.exe
  C:\Windows\System\vqbWybT.exe
  2⤵
  PID:7928
- C:\Windows\System\gzVKOoQ.exe
  C:\Windows\System\gzVKOoQ.exe
  2⤵
  PID:7944
- C:\Windows\System\WuAfHmw.exe
  C:\Windows\System\WuAfHmw.exe
  2⤵
  PID:7960
- C:\Windows\System\FbNyDwP.exe
  C:\Windows\System\FbNyDwP.exe
  2⤵
  PID:7976
- C:\Windows\System\jQMElFf.exe
  C:\Windows\System\jQMElFf.exe
  2⤵
  PID:7992
- C:\Windows\System\DakasjV.exe
  C:\Windows\System\DakasjV.exe
  2⤵
  PID:8008
- C:\Windows\System\kpPSLSu.exe
  C:\Windows\System\kpPSLSu.exe
  2⤵
  PID:8024
- C:\Windows\System\fWkhkrE.exe
  C:\Windows\System\fWkhkrE.exe
  2⤵
  PID:8040
- C:\Windows\System\FtQCJpB.exe
  C:\Windows\System\FtQCJpB.exe
  2⤵
  PID:8056
- C:\Windows\System\CCgqNhm.exe
  C:\Windows\System\CCgqNhm.exe
  2⤵
  PID:8072
- C:\Windows\System\tvAqbUM.exe
  C:\Windows\System\tvAqbUM.exe
  2⤵
  PID:8088
- C:\Windows\System\oXQsocn.exe
  C:\Windows\System\oXQsocn.exe
  2⤵
  PID:8104
- C:\Windows\System\kiMrCeI.exe
  C:\Windows\System\kiMrCeI.exe
  2⤵
  PID:8120
- C:\Windows\System\YKOcEpL.exe
  C:\Windows\System\YKOcEpL.exe
  2⤵
  PID:8136
- C:\Windows\System\ZbNEMZm.exe
  C:\Windows\System\ZbNEMZm.exe
  2⤵
  PID:8152
- C:\Windows\System\zFJJZrb.exe
  C:\Windows\System\zFJJZrb.exe
  2⤵
  PID:8168
- C:\Windows\System\hKyzvmt.exe
  C:\Windows\System\hKyzvmt.exe
  2⤵
  PID:8184
- C:\Windows\System\QVIfUXY.exe
  C:\Windows\System\QVIfUXY.exe
  2⤵
  PID:6560
- C:\Windows\System\HcWYABY.exe
  C:\Windows\System\HcWYABY.exe
  2⤵
  PID:6372
- C:\Windows\System\swZRaHw.exe
  C:\Windows\System\swZRaHw.exe
  2⤵
  PID:7196
- C:\Windows\System\OboRhRt.exe
  C:\Windows\System\OboRhRt.exe
  2⤵
  PID:7212
- C:\Windows\System\mKUdVoF.exe
  C:\Windows\System\mKUdVoF.exe
  2⤵
  PID:7272
- C:\Windows\System\htAZucg.exe
  C:\Windows\System\htAZucg.exe
  2⤵
  PID:7260
- C:\Windows\System\paOGtYk.exe
  C:\Windows\System\paOGtYk.exe
  2⤵
  PID:5628
- C:\Windows\System\uuXUptP.exe
  C:\Windows\System\uuXUptP.exe
  2⤵
  PID:7312
- C:\Windows\System\aiZYWOn.exe
  C:\Windows\System\aiZYWOn.exe
  2⤵
  PID:7392
- C:\Windows\System\MTrWIhZ.exe
  C:\Windows\System\MTrWIhZ.exe
  2⤵
  PID:7456
- C:\Windows\System\wSZfAfP.exe
  C:\Windows\System\wSZfAfP.exe
  2⤵
  PID:7488
- C:\Windows\System\QPTQfTh.exe
  C:\Windows\System\QPTQfTh.exe
  2⤵
  PID:7520
- C:\Windows\System\HaqJOtW.exe
  C:\Windows\System\HaqJOtW.exe
  2⤵
  PID:7408
- C:\Windows\System\CgVUJAv.exe
  C:\Windows\System\CgVUJAv.exe
  2⤵
  PID:7552
- C:\Windows\System\kRoZtXd.exe
  C:\Windows\System\kRoZtXd.exe
  2⤵
  PID:7616
- C:\Windows\System\vHPhzfl.exe
  C:\Windows\System\vHPhzfl.exe
  2⤵
  PID:7440
- C:\Windows\System\hgJjICR.exe
  C:\Windows\System\hgJjICR.exe
  2⤵
  PID:7644
- C:\Windows\System\OMTpmiS.exe
  C:\Windows\System\OMTpmiS.exe
  2⤵
  PID:7712
- C:\Windows\System\AIMvXRS.exe
  C:\Windows\System\AIMvXRS.exe
  2⤵
  PID:7596
- C:\Windows\System\MDhUwOX.exe
  C:\Windows\System\MDhUwOX.exe
  2⤵
  PID:7660
- C:\Windows\System\clpPtrG.exe
  C:\Windows\System\clpPtrG.exe
  2⤵
  PID:7728
- C:\Windows\System\hDVlKtR.exe
  C:\Windows\System\hDVlKtR.exe
  2⤵
  PID:7792
- C:\Windows\System\wqMZHgZ.exe
  C:\Windows\System\wqMZHgZ.exe
  2⤵
  PID:7840
- C:\Windows\System\AVLXOqy.exe
  C:\Windows\System\AVLXOqy.exe
  2⤵
  PID:7796
- C:\Windows\System\IiIerLQ.exe
  C:\Windows\System\IiIerLQ.exe
  2⤵
  PID:7936
- C:\Windows\System\AICQmLy.exe
  C:\Windows\System\AICQmLy.exe
  2⤵
  PID:7972
- C:\Windows\System\buaqUZq.exe
  C:\Windows\System\buaqUZq.exe
  2⤵
  PID:8036
- C:\Windows\System\ddPVUEG.exe
  C:\Windows\System\ddPVUEG.exe
  2⤵
  PID:8100
- C:\Windows\System\zqOjdBe.exe
  C:\Windows\System\zqOjdBe.exe
  2⤵
  PID:8164
- C:\Windows\System\vUXioAx.exe
  C:\Windows\System\vUXioAx.exe
  2⤵
  PID:7888
- C:\Windows\System\sMoAeiV.exe
  C:\Windows\System\sMoAeiV.exe
  2⤵
  PID:7856
- C:\Windows\System\ylmnYJZ.exe
  C:\Windows\System\ylmnYJZ.exe
  2⤵
  PID:7924
- C:\Windows\System\xjQJAVg.exe
  C:\Windows\System\xjQJAVg.exe
  2⤵
  PID:8020
- C:\Windows\System\KUvnUyg.exe
  C:\Windows\System\KUvnUyg.exe
  2⤵
  PID:7192
- C:\Windows\System\VFqojMm.exe
  C:\Windows\System\VFqojMm.exe
  2⤵
  PID:7304
- C:\Windows\System\Xaalbpz.exe
  C:\Windows\System\Xaalbpz.exe
  2⤵
  PID:8080
- C:\Windows\System\EuFxjIY.exe
  C:\Windows\System\EuFxjIY.exe
  2⤵
  PID:8144
- C:\Windows\System\KwgeVje.exe
  C:\Windows\System\KwgeVje.exe
  2⤵
  PID:7484
- C:\Windows\System\scQydhU.exe
  C:\Windows\System\scQydhU.exe
  2⤵
  PID:7376
- C:\Windows\System\pBGeyYc.exe
  C:\Windows\System\pBGeyYc.exe
  2⤵
  PID:7256
- C:\Windows\System\HUdkiKe.exe
  C:\Windows\System\HUdkiKe.exe
  2⤵
  PID:7452
- C:\Windows\System\oEwqLIY.exe
  C:\Windows\System\oEwqLIY.exe
  2⤵
  PID:7548
- C:\Windows\System\zWUPHnl.exe
  C:\Windows\System\zWUPHnl.exe
  2⤵
  PID:7536
- C:\Windows\System\uuofnPP.exe
  C:\Windows\System\uuofnPP.exe
  2⤵
  PID:7732
- C:\Windows\System\NOfkxXI.exe
  C:\Windows\System\NOfkxXI.exe
  2⤵
  PID:7908
- C:\Windows\System\ChJiapd.exe
  C:\Windows\System\ChJiapd.exe
  2⤵
  PID:7764
- C:\Windows\System\UtsnAFq.exe
  C:\Windows\System\UtsnAFq.exe
  2⤵
  PID:7696
- C:\Windows\System\YGCPPkZ.exe
  C:\Windows\System\YGCPPkZ.exe
  2⤵
  PID:7968
- C:\Windows\System\RmhGfvu.exe
  C:\Windows\System\RmhGfvu.exe
  2⤵
  PID:8096
- C:\Windows\System\fUuOrxN.exe
  C:\Windows\System\fUuOrxN.exe
  2⤵
  PID:6816
- C:\Windows\System\zyvJlJN.exe
  C:\Windows\System\zyvJlJN.exe
  2⤵
  PID:7892
- C:\Windows\System\IxAXITe.exe
  C:\Windows\System\IxAXITe.exe
  2⤵
  PID:8112
- C:\Windows\System\xSAGaVW.exe
  C:\Windows\System\xSAGaVW.exe
  2⤵
  PID:6852
- C:\Windows\System\oRYOWBG.exe
  C:\Windows\System\oRYOWBG.exe
  2⤵
  PID:6612
- C:\Windows\System\ibzrJbj.exe
  C:\Windows\System\ibzrJbj.exe
  2⤵
  PID:8180
- C:\Windows\System\zyBFSNb.exe
  C:\Windows\System\zyBFSNb.exe
  2⤵
  PID:7504
- C:\Windows\System\bNOspCQ.exe
  C:\Windows\System\bNOspCQ.exe
  2⤵
  PID:7648
- C:\Windows\System\tNTSRxi.exe
  C:\Windows\System\tNTSRxi.exe
  2⤵
  PID:8132
- C:\Windows\System\MZPwkGP.exe
  C:\Windows\System\MZPwkGP.exe
  2⤵
  PID:7988
- C:\Windows\System\sWbSjgn.exe
  C:\Windows\System\sWbSjgn.exe
  2⤵
  PID:8016
- C:\Windows\System\eSghhlG.exe
  C:\Windows\System\eSghhlG.exe
  2⤵
  PID:7812
- C:\Windows\System\lmKuCJT.exe
  C:\Windows\System\lmKuCJT.exe
  2⤵
  PID:7424
- C:\Windows\System\jhPbosK.exe
  C:\Windows\System\jhPbosK.exe
  2⤵
  PID:8204
- C:\Windows\System\KLrDGgc.exe
  C:\Windows\System\KLrDGgc.exe
  2⤵
  PID:8220
- C:\Windows\System\msLcUnJ.exe
  C:\Windows\System\msLcUnJ.exe
  2⤵
  PID:8236
- C:\Windows\System\fsRSZmn.exe
  C:\Windows\System\fsRSZmn.exe
  2⤵
  PID:8252
- C:\Windows\System\bqewbBf.exe
  C:\Windows\System\bqewbBf.exe
  2⤵
  PID:8268
- C:\Windows\System\tiMLoRz.exe
  C:\Windows\System\tiMLoRz.exe
  2⤵
  PID:8284
- C:\Windows\System\kCjnKoG.exe
  C:\Windows\System\kCjnKoG.exe
  2⤵
  PID:8300
- C:\Windows\System\EXiFbmB.exe
  C:\Windows\System\EXiFbmB.exe
  2⤵
  PID:8316
- C:\Windows\System\duusjHO.exe
  C:\Windows\System\duusjHO.exe
  2⤵
  PID:8332
- C:\Windows\System\SmxLnxo.exe
  C:\Windows\System\SmxLnxo.exe
  2⤵
  PID:8348
- C:\Windows\System\DdCXMUy.exe
  C:\Windows\System\DdCXMUy.exe
  2⤵
  PID:8364
- C:\Windows\System\bNrPQBT.exe
  C:\Windows\System\bNrPQBT.exe
  2⤵
  PID:8380
- C:\Windows\System\VkbVjGO.exe
  C:\Windows\System\VkbVjGO.exe
  2⤵
  PID:8396
- C:\Windows\System\dfRVhCm.exe
  C:\Windows\System\dfRVhCm.exe
  2⤵
  PID:8412
- C:\Windows\System\MlgDZdl.exe
  C:\Windows\System\MlgDZdl.exe
  2⤵
  PID:8428
- C:\Windows\System\uKYCjLi.exe
  C:\Windows\System\uKYCjLi.exe
  2⤵
  PID:8444
- C:\Windows\System\khboRMY.exe
  C:\Windows\System\khboRMY.exe
  2⤵
  PID:8460
- C:\Windows\System\NvoQGPj.exe
  C:\Windows\System\NvoQGPj.exe
  2⤵
  PID:8476
- C:\Windows\System\zJZryZp.exe
  C:\Windows\System\zJZryZp.exe
  2⤵
  PID:8492
- C:\Windows\System\RlEuQhq.exe
  C:\Windows\System\RlEuQhq.exe
  2⤵
  PID:8508
- C:\Windows\System\RHlhdow.exe
  C:\Windows\System\RHlhdow.exe
  2⤵
  PID:8524
- C:\Windows\System\rNIKuam.exe
  C:\Windows\System\rNIKuam.exe
  2⤵
  PID:8540
- C:\Windows\System\joDtayC.exe
  C:\Windows\System\joDtayC.exe
  2⤵
  PID:8556
- C:\Windows\System\hJTGCuD.exe
  C:\Windows\System\hJTGCuD.exe
  2⤵
  PID:8572
- C:\Windows\System\JyqUTgH.exe
  C:\Windows\System\JyqUTgH.exe
  2⤵
  PID:8588
- C:\Windows\System\VQxpMYl.exe
  C:\Windows\System\VQxpMYl.exe
  2⤵
  PID:8604
- C:\Windows\System\LBpHKyC.exe
  C:\Windows\System\LBpHKyC.exe
  2⤵
  PID:8620
- C:\Windows\System\wEYjkKZ.exe
  C:\Windows\System\wEYjkKZ.exe
  2⤵
  PID:8636
- C:\Windows\System\MiaPCHh.exe
  C:\Windows\System\MiaPCHh.exe
  2⤵
  PID:8652
- C:\Windows\System\lPKOHmr.exe
  C:\Windows\System\lPKOHmr.exe
  2⤵
  PID:8668
- C:\Windows\System\BuIQonX.exe
  C:\Windows\System\BuIQonX.exe
  2⤵
  PID:8684
- C:\Windows\System\FXSHuhS.exe
  C:\Windows\System\FXSHuhS.exe
  2⤵
  PID:8700
- C:\Windows\System\gOPuuCa.exe
  C:\Windows\System\gOPuuCa.exe
  2⤵
  PID:8716
- C:\Windows\System\MdhcFnn.exe
  C:\Windows\System\MdhcFnn.exe
  2⤵
  PID:8732
- C:\Windows\System\wIATfYu.exe
  C:\Windows\System\wIATfYu.exe
  2⤵
  PID:8748
- C:\Windows\System\noMPzbW.exe
  C:\Windows\System\noMPzbW.exe
  2⤵
  PID:8764
- C:\Windows\System\awlCwXW.exe
  C:\Windows\System\awlCwXW.exe
  2⤵
  PID:8780
- C:\Windows\System\gNayOml.exe
  C:\Windows\System\gNayOml.exe
  2⤵
  PID:8796
- C:\Windows\System\TGliyIs.exe
  C:\Windows\System\TGliyIs.exe
  2⤵
  PID:8812
- C:\Windows\System\BNTfHcR.exe
  C:\Windows\System\BNTfHcR.exe
  2⤵
  PID:8828
- C:\Windows\System\CMyaqVp.exe
  C:\Windows\System\CMyaqVp.exe
  2⤵
  PID:8844
- C:\Windows\System\xzMBtCX.exe
  C:\Windows\System\xzMBtCX.exe
  2⤵
  PID:8860
- C:\Windows\System\eHFJkwq.exe
  C:\Windows\System\eHFJkwq.exe
  2⤵
  PID:8876
- C:\Windows\System\LfniHAO.exe
  C:\Windows\System\LfniHAO.exe
  2⤵
  PID:8892
- C:\Windows\System\tqUJAOh.exe
  C:\Windows\System\tqUJAOh.exe
  2⤵
  PID:8908
- C:\Windows\System\MHTdOZm.exe
  C:\Windows\System\MHTdOZm.exe
  2⤵
  PID:8924
- C:\Windows\System\tbCFFqA.exe
  C:\Windows\System\tbCFFqA.exe
  2⤵
  PID:8940
- C:\Windows\System\UIGYDSs.exe
  C:\Windows\System\UIGYDSs.exe
  2⤵
  PID:8956
- C:\Windows\System\HSkaYFu.exe
  C:\Windows\System\HSkaYFu.exe
  2⤵
  PID:8972
- C:\Windows\System\cRFwdZq.exe
  C:\Windows\System\cRFwdZq.exe
  2⤵
  PID:8988
- C:\Windows\System\zJGjLlI.exe
  C:\Windows\System\zJGjLlI.exe
  2⤵
  PID:9004
- C:\Windows\System\AUBpkwB.exe
  C:\Windows\System\AUBpkwB.exe
  2⤵
  PID:9020
- C:\Windows\System\yOExnqr.exe
  C:\Windows\System\yOExnqr.exe
  2⤵
  PID:9036
- C:\Windows\System\FjGgSvR.exe
  C:\Windows\System\FjGgSvR.exe
  2⤵
  PID:9052
- C:\Windows\System\uwpyaUV.exe
  C:\Windows\System\uwpyaUV.exe
  2⤵
  PID:9068
- C:\Windows\System\ciWUgmb.exe
  C:\Windows\System\ciWUgmb.exe
  2⤵
  PID:9084
- C:\Windows\System\AfTVsEB.exe
  C:\Windows\System\AfTVsEB.exe
  2⤵
  PID:9100
- C:\Windows\System\gCmTkBD.exe
  C:\Windows\System\gCmTkBD.exe
  2⤵
  PID:9116
- C:\Windows\System\JdLAcnq.exe
  C:\Windows\System\JdLAcnq.exe
  2⤵
  PID:9132
- C:\Windows\System\cllxEGr.exe
  C:\Windows\System\cllxEGr.exe
  2⤵
  PID:9148
- C:\Windows\System\BjgqXMo.exe
  C:\Windows\System\BjgqXMo.exe
  2⤵
  PID:9164
- C:\Windows\System\lSfIQNm.exe
  C:\Windows\System\lSfIQNm.exe
  2⤵
  PID:9180
- C:\Windows\System\MgaBMOM.exe
  C:\Windows\System\MgaBMOM.exe
  2⤵
  PID:9196
- C:\Windows\System\mqUCrrB.exe
  C:\Windows\System\mqUCrrB.exe
  2⤵
  PID:9212
- C:\Windows\System\vwGsUKU.exe
  C:\Windows\System\vwGsUKU.exe
  2⤵
  PID:8160
- C:\Windows\System\ZvwOeCN.exe
  C:\Windows\System\ZvwOeCN.exe
  2⤵
  PID:8292
- C:\Windows\System\SDwzcJh.exe
  C:\Windows\System\SDwzcJh.exe
  2⤵
  PID:8356
- C:\Windows\System\hsIlupR.exe
  C:\Windows\System\hsIlupR.exe
  2⤵
  PID:7628
- C:\Windows\System\KZEpgNW.exe
  C:\Windows\System\KZEpgNW.exe
  2⤵
  PID:7208
- C:\Windows\System\dlbSHjd.exe
  C:\Windows\System\dlbSHjd.exe
  2⤵
  PID:7472
- C:\Windows\System\RlRBMkG.exe
  C:\Windows\System\RlRBMkG.exe
  2⤵
  PID:7700
- C:\Windows\System\cpryCZe.exe
  C:\Windows\System\cpryCZe.exe
  2⤵
  PID:8248
- C:\Windows\System\ZhaNyPG.exe
  C:\Windows\System\ZhaNyPG.exe
  2⤵
  PID:8312
- C:\Windows\System\aKUabVU.exe
  C:\Windows\System\aKUabVU.exe
  2⤵
  PID:8376
- C:\Windows\System\BXdjqIO.exe
  C:\Windows\System\BXdjqIO.exe
  2⤵
  PID:8452
- C:\Windows\System\BBabkLH.exe
  C:\Windows\System\BBabkLH.exe
  2⤵
  PID:8516
- C:\Windows\System\bGcsCbk.exe
  C:\Windows\System\bGcsCbk.exe
  2⤵
  PID:8472
- C:\Windows\System\PPZUNDC.exe
  C:\Windows\System\PPZUNDC.exe
  2⤵
  PID:8552
- C:\Windows\System\MnLItOa.exe
  C:\Windows\System\MnLItOa.exe
  2⤵
  PID:8616
- C:\Windows\System\QlFSzdY.exe
  C:\Windows\System\QlFSzdY.exe
  2⤵
  PID:8676
- C:\Windows\System\eYHWaeN.exe
  C:\Windows\System\eYHWaeN.exe
  2⤵
  PID:8740
- C:\Windows\System\DNBzmpP.exe
  C:\Windows\System\DNBzmpP.exe
  2⤵
  PID:8804
- C:\Windows\System\SGENAqC.exe
  C:\Windows\System\SGENAqC.exe
  2⤵
  PID:8868
- C:\Windows\System\zJNSwpM.exe
  C:\Windows\System\zJNSwpM.exe
  2⤵
  PID:8932
- C:\Windows\System\XHYxTOj.exe
  C:\Windows\System\XHYxTOj.exe
  2⤵
  PID:9028
- C:\Windows\System\LohVMft.exe
  C:\Windows\System\LohVMft.exe
  2⤵
  PID:9060
- C:\Windows\System\yemHApY.exe
  C:\Windows\System\yemHApY.exe
  2⤵
  PID:8824
- C:\Windows\System\GkTpeza.exe
  C:\Windows\System\GkTpeza.exe
  2⤵
  PID:8536
- C:\Windows\System\EFMIxVI.exe
  C:\Windows\System\EFMIxVI.exe
  2⤵
  PID:9160
- C:\Windows\System\yFyTGvm.exe
  C:\Windows\System\yFyTGvm.exe
  2⤵
  PID:8200
- C:\Windows\System\MNQeFIN.exe
  C:\Windows\System\MNQeFIN.exe
  2⤵
  PID:7292
- C:\Windows\System\PuiWAxL.exe
  C:\Windows\System\PuiWAxL.exe
  2⤵
  PID:8660
- C:\Windows\System\uKFpuEH.exe
  C:\Windows\System\uKFpuEH.exe
  2⤵
  PID:9112
- C:\Windows\System\XpUEtFg.exe
  C:\Windows\System\XpUEtFg.exe
  2⤵
  PID:8664
- C:\Windows\System\aWtsjiF.exe
  C:\Windows\System\aWtsjiF.exe
  2⤵
  PID:9048
- C:\Windows\System\xCTFzsk.exe
  C:\Windows\System\xCTFzsk.exe
  2⤵
  PID:8760
- C:\Windows\System\PSNzWuM.exe
  C:\Windows\System\PSNzWuM.exe
  2⤵
  PID:8820
- C:\Windows\System\ZoZQcab.exe
  C:\Windows\System\ZoZQcab.exe
  2⤵
  PID:9172
- C:\Windows\System\waCeUOI.exe
  C:\Windows\System\waCeUOI.exe
  2⤵
  PID:8948
- C:\Windows\System\KTJjLGP.exe
  C:\Windows\System\KTJjLGP.exe
  2⤵
  PID:7332
- C:\Windows\System\EnXqQkx.exe
  C:\Windows\System\EnXqQkx.exe
  2⤵
  PID:9016
- C:\Windows\System\zxnsIBr.exe
  C:\Windows\System\zxnsIBr.exe
  2⤵
  PID:9176
- C:\Windows\System\pAuBLgD.exe
  C:\Windows\System\pAuBLgD.exe
  2⤵
  PID:8264
- C:\Windows\System\GmxGkXo.exe
  C:\Windows\System\GmxGkXo.exe
  2⤵
  PID:8424
- C:\Windows\System\jlgVzhk.exe
  C:\Windows\System\jlgVzhk.exe
  2⤵
  PID:8584
- C:\Windows\System\prrchog.exe
  C:\Windows\System\prrchog.exe
  2⤵
  PID:8344
- C:\Windows\System\DaPpeKZ.exe
  C:\Windows\System\DaPpeKZ.exe
  2⤵
  PID:8836
- C:\Windows\System\YcveXMD.exe
  C:\Windows\System\YcveXMD.exe
  2⤵
  PID:8488
- C:\Windows\System\IHGRMXm.exe
  C:\Windows\System\IHGRMXm.exe
  2⤵
  PID:9092
- C:\Windows\System\zKEcYdk.exe
  C:\Windows\System\zKEcYdk.exe
  2⤵
  PID:8324
- C:\Windows\System\NmASyVu.exe
  C:\Windows\System\NmASyVu.exe
  2⤵
  PID:8596
- C:\Windows\System\EDibWFf.exe
  C:\Windows\System\EDibWFf.exe
  2⤵
  PID:8792
- C:\Windows\System\ZGAUyRA.exe
  C:\Windows\System\ZGAUyRA.exe
  2⤵
  PID:8920
- C:\Windows\System\jLodwHF.exe
  C:\Windows\System\jLodwHF.exe
  2⤵
  PID:8232
- C:\Windows\System\CFmGGla.exe
  C:\Windows\System\CFmGGla.exe
  2⤵
  PID:8708
- C:\Windows\System\DjwbbMC.exe
  C:\Windows\System\DjwbbMC.exe
  2⤵
  PID:8968
- C:\Windows\System\ebaTgpm.exe
  C:\Windows\System\ebaTgpm.exe
  2⤵
  PID:8328
- C:\Windows\System\oKCebeg.exe
  C:\Windows\System\oKCebeg.exe
  2⤵
  PID:8532
- C:\Windows\System\WxpeqEK.exe
  C:\Windows\System\WxpeqEK.exe
  2⤵
  PID:8984
- C:\Windows\System\eTrIBOl.exe
  C:\Windows\System\eTrIBOl.exe
  2⤵
  PID:8628
- C:\Windows\System\VtsmwhQ.exe
  C:\Windows\System\VtsmwhQ.exe
  2⤵
  PID:9140
- C:\Windows\System\AsoZTSi.exe
  C:\Windows\System\AsoZTSi.exe
  2⤵
  PID:9080
- C:\Windows\System\IRNeyeZ.exe
  C:\Windows\System\IRNeyeZ.exe
  2⤵
  PID:8408
- C:\Windows\System\TpcMYcp.exe
  C:\Windows\System\TpcMYcp.exe
  2⤵
  PID:8468
- C:\Windows\System\XhgBEPw.exe
  C:\Windows\System\XhgBEPw.exe
  2⤵
  PID:8788
- C:\Windows\System\zGtegEh.exe
  C:\Windows\System\zGtegEh.exe
  2⤵
  PID:8900
- C:\Windows\System\MwvloTb.exe
  C:\Windows\System\MwvloTb.exe
  2⤵
  PID:8484
- C:\Windows\System\oKcTIIX.exe
  C:\Windows\System\oKcTIIX.exe
  2⤵
  PID:9128
- C:\Windows\System\tOhRlNj.exe
  C:\Windows\System\tOhRlNj.exe
  2⤵
  PID:8648
- C:\Windows\System\QxKIbNB.exe
  C:\Windows\System\QxKIbNB.exe
  2⤵
  PID:8996
- C:\Windows\System\CbfLXiF.exe
  C:\Windows\System\CbfLXiF.exe
  2⤵
  PID:9144
- C:\Windows\System\TKmTZsl.exe
  C:\Windows\System\TKmTZsl.exe
  2⤵
  PID:8392
- C:\Windows\System\TNpMsoS.exe
  C:\Windows\System\TNpMsoS.exe
  2⤵
  PID:8964
- C:\Windows\System\uBzLRor.exe
  C:\Windows\System\uBzLRor.exe
  2⤵
  PID:9228
- C:\Windows\System\tLAivFQ.exe
  C:\Windows\System\tLAivFQ.exe
  2⤵
  PID:9244
- C:\Windows\System\dRJxpQr.exe
  C:\Windows\System\dRJxpQr.exe
  2⤵
  PID:9260
- C:\Windows\System\gySeaXg.exe
  C:\Windows\System\gySeaXg.exe
  2⤵
  PID:9276
- C:\Windows\System\hAmtDCu.exe
  C:\Windows\System\hAmtDCu.exe
  2⤵
  PID:9292
- C:\Windows\System\oTamjOh.exe
  C:\Windows\System\oTamjOh.exe
  2⤵
  PID:9308
- C:\Windows\System\rgqOBNA.exe
  C:\Windows\System\rgqOBNA.exe
  2⤵
  PID:9324
- C:\Windows\System\jNjQTsX.exe
  C:\Windows\System\jNjQTsX.exe
  2⤵
  PID:9344
- C:\Windows\System\msLQFfH.exe
  C:\Windows\System\msLQFfH.exe
  2⤵
  PID:9360
- C:\Windows\System\fHuVjLJ.exe
  C:\Windows\System\fHuVjLJ.exe
  2⤵
  PID:9376
- C:\Windows\System\mowsGWP.exe
  C:\Windows\System\mowsGWP.exe
  2⤵
  PID:9392
- C:\Windows\System\jprXotg.exe
  C:\Windows\System\jprXotg.exe
  2⤵
  PID:9408
- C:\Windows\System\bvndYjB.exe
  C:\Windows\System\bvndYjB.exe
  2⤵
  PID:9424
- C:\Windows\System\hlEJMeu.exe
  C:\Windows\System\hlEJMeu.exe
  2⤵
  PID:9440
- C:\Windows\System\pwmiRZl.exe
  C:\Windows\System\pwmiRZl.exe
  2⤵
  PID:9456
- C:\Windows\System\qMeeHDZ.exe
  C:\Windows\System\qMeeHDZ.exe
  2⤵
  PID:9472
- C:\Windows\System\sPAnJMA.exe
  C:\Windows\System\sPAnJMA.exe
  2⤵
  PID:9496
- C:\Windows\System\sKsUMxg.exe
  C:\Windows\System\sKsUMxg.exe
  2⤵
  PID:9516
- C:\Windows\System\MrAScGS.exe
  C:\Windows\System\MrAScGS.exe
  2⤵
  PID:9532
- C:\Windows\System\zvezLTW.exe
  C:\Windows\System\zvezLTW.exe
  2⤵
  PID:9548
- C:\Windows\System\poQkaiq.exe
  C:\Windows\System\poQkaiq.exe
  2⤵
  PID:9564
- C:\Windows\System\ueinPsX.exe
  C:\Windows\System\ueinPsX.exe
  2⤵
  PID:9580
- C:\Windows\System\VSpJUKq.exe
  C:\Windows\System\VSpJUKq.exe
  2⤵
  PID:9596
- C:\Windows\System\pDpRyeO.exe
  C:\Windows\System\pDpRyeO.exe
  2⤵
  PID:9612
- C:\Windows\System\NIfkTQR.exe
  C:\Windows\System\NIfkTQR.exe
  2⤵
  PID:9628
- C:\Windows\System\GPbjQuO.exe
  C:\Windows\System\GPbjQuO.exe
  2⤵
  PID:9644
- C:\Windows\System\CDnxTGW.exe
  C:\Windows\System\CDnxTGW.exe
  2⤵
  PID:9660
- C:\Windows\System\dtEbsLB.exe
  C:\Windows\System\dtEbsLB.exe
  2⤵
  PID:9676
- C:\Windows\System\WiwhsZy.exe
  C:\Windows\System\WiwhsZy.exe
  2⤵
  PID:9692
- C:\Windows\System\hoCzwWv.exe
  C:\Windows\System\hoCzwWv.exe
  2⤵
  PID:9708
- C:\Windows\System\uMhDIJm.exe
  C:\Windows\System\uMhDIJm.exe
  2⤵
  PID:9724
- C:\Windows\System\bDfDfAI.exe
  C:\Windows\System\bDfDfAI.exe
  2⤵
  PID:9740
- C:\Windows\System\iBzLiHJ.exe
  C:\Windows\System\iBzLiHJ.exe
  2⤵
  PID:9756
- C:\Windows\System\jZblElM.exe
  C:\Windows\System\jZblElM.exe
  2⤵
  PID:9772
- C:\Windows\System\gjYOpdT.exe
  C:\Windows\System\gjYOpdT.exe
  2⤵
  PID:9788
- C:\Windows\System\vWqgCGR.exe
  C:\Windows\System\vWqgCGR.exe
  2⤵
  PID:9804
- C:\Windows\System\DDWiqDv.exe
  C:\Windows\System\DDWiqDv.exe
  2⤵
  PID:9820
- C:\Windows\System\pubWGWh.exe
  C:\Windows\System\pubWGWh.exe
  2⤵
  PID:9836
- C:\Windows\System\RtLVpAS.exe
  C:\Windows\System\RtLVpAS.exe
  2⤵
  PID:9852
- C:\Windows\System\UUOWPOm.exe
  C:\Windows\System\UUOWPOm.exe
  2⤵
  PID:9868
- C:\Windows\System\iVrxVAP.exe
  C:\Windows\System\iVrxVAP.exe
  2⤵
  PID:9884
- C:\Windows\System\bPTDMda.exe
  C:\Windows\System\bPTDMda.exe
  2⤵
  PID:9900
- C:\Windows\System\VSgzFLC.exe
  C:\Windows\System\VSgzFLC.exe
  2⤵
  PID:9916
- C:\Windows\System\WlARVag.exe
  C:\Windows\System\WlARVag.exe
  2⤵
  PID:9932
- C:\Windows\System\JoMVQaa.exe
  C:\Windows\System\JoMVQaa.exe
  2⤵
  PID:9948
- C:\Windows\System\nRnqUIl.exe
  C:\Windows\System\nRnqUIl.exe
  2⤵
  PID:9964
- C:\Windows\System\GhnsCkx.exe
  C:\Windows\System\GhnsCkx.exe
  2⤵
  PID:9980
- C:\Windows\System\EgXPYHw.exe
  C:\Windows\System\EgXPYHw.exe
  2⤵
  PID:9996
- C:\Windows\System\LKseYgs.exe
  C:\Windows\System\LKseYgs.exe
  2⤵
  PID:10012
- C:\Windows\System\yluVIgV.exe
  C:\Windows\System\yluVIgV.exe
  2⤵
  PID:10028
- C:\Windows\System\pRGCpQO.exe
  C:\Windows\System\pRGCpQO.exe
  2⤵
  PID:10044
- C:\Windows\System\FiMiyXu.exe
  C:\Windows\System\FiMiyXu.exe
  2⤵
  PID:10060
- C:\Windows\System\HRyeALi.exe
  C:\Windows\System\HRyeALi.exe
  2⤵
  PID:10076
- C:\Windows\System\kSORfLk.exe
  C:\Windows\System\kSORfLk.exe
  2⤵
  PID:10092
- C:\Windows\System\gbSitfC.exe
  C:\Windows\System\gbSitfC.exe
  2⤵
  PID:10108
- C:\Windows\System\aBlSWhd.exe
  C:\Windows\System\aBlSWhd.exe
  2⤵
  PID:10124
- C:\Windows\System\CwSHqCQ.exe
  C:\Windows\System\CwSHqCQ.exe
  2⤵
  PID:10140
- C:\Windows\System\HvxgKFR.exe
  C:\Windows\System\HvxgKFR.exe
  2⤵
  PID:10156
- C:\Windows\System\HqbqQEF.exe
  C:\Windows\System\HqbqQEF.exe
  2⤵
  PID:10172
- C:\Windows\System\HWMqfwd.exe
  C:\Windows\System\HWMqfwd.exe
  2⤵
  PID:10188
- C:\Windows\System\uGnetVa.exe
  C:\Windows\System\uGnetVa.exe
  2⤵
  PID:10204
- C:\Windows\System\IEQFBii.exe
  C:\Windows\System\IEQFBii.exe
  2⤵
  PID:10220
- C:\Windows\System\PSZEQjz.exe
  C:\Windows\System\PSZEQjz.exe
  2⤵
  PID:10236
- C:\Windows\System\BlYoShN.exe
  C:\Windows\System\BlYoShN.exe
  2⤵
  PID:9240
- C:\Windows\System\QeKBqHu.exe
  C:\Windows\System\QeKBqHu.exe
  2⤵
  PID:9304
- C:\Windows\System\sjDUnGD.exe
  C:\Windows\System\sjDUnGD.exe
  2⤵
  PID:9252
- C:\Windows\System\npCCzZQ.exe
  C:\Windows\System\npCCzZQ.exe
  2⤵
  PID:9220
- C:\Windows\System\KVXfcwt.exe
  C:\Windows\System\KVXfcwt.exe
  2⤵
  PID:9336
- C:\Windows\System\TcxfJAm.exe
  C:\Windows\System\TcxfJAm.exe
  2⤵
  PID:9372
- C:\Windows\System\hLhdzQh.exe
  C:\Windows\System\hLhdzQh.exe
  2⤵
  PID:9436
- C:\Windows\System\repGkUB.exe
  C:\Windows\System\repGkUB.exe
  2⤵
  PID:9420
- C:\Windows\System\UcszwfV.exe
  C:\Windows\System\UcszwfV.exe
  2⤵
  PID:9468
- C:\Windows\System\jNrarxE.exe
  C:\Windows\System\jNrarxE.exe
  2⤵
  PID:5784
- C:\Windows\System\ZOlNhRu.exe
  C:\Windows\System\ZOlNhRu.exe
  2⤵
  PID:9508
- C:\Windows\System\mwlwYBS.exe
  C:\Windows\System\mwlwYBS.exe
  2⤵
  PID:9524
- C:\Windows\System\stTBQVh.exe
  C:\Windows\System\stTBQVh.exe
  2⤵
  PID:9588
- C:\Windows\System\XqAXuSl.exe
  C:\Windows\System\XqAXuSl.exe
  2⤵
  PID:9652
- C:\Windows\System\ejbmscb.exe
  C:\Windows\System\ejbmscb.exe
  2⤵
  PID:9608
- C:\Windows\System\xNHaXBT.exe
  C:\Windows\System\xNHaXBT.exe
  2⤵
  PID:9672
- C:\Windows\System\qtloXmf.exe
  C:\Windows\System\qtloXmf.exe
  2⤵
  PID:9736
- C:\Windows\System\qjRaIzP.exe
  C:\Windows\System\qjRaIzP.exe
  2⤵
  PID:9828
- C:\Windows\System\htvtAtT.exe
  C:\Windows\System\htvtAtT.exe
  2⤵
  PID:9892
- C:\Windows\System\MEhcaAp.exe
  C:\Windows\System\MEhcaAp.exe
  2⤵
  PID:9572
- C:\Windows\System\IztVvNH.exe
  C:\Windows\System\IztVvNH.exe
  2⤵
  PID:9988
- C:\Windows\System\UHaCvhL.exe
  C:\Windows\System\UHaCvhL.exe
  2⤵
  PID:10052
- C:\Windows\System\gHWRwDu.exe
  C:\Windows\System\gHWRwDu.exe
  2⤵
  PID:10056
- C:\Windows\System\mVQnabM.exe
  C:\Windows\System\mVQnabM.exe
  2⤵
  PID:9780
- C:\Windows\System\ZhIzIAx.exe
  C:\Windows\System\ZhIzIAx.exe
  2⤵
  PID:9784
- C:\Windows\System\dQplHpy.exe
  C:\Windows\System\dQplHpy.exe
  2⤵
  PID:9848
- C:\Windows\System\VgCXimR.exe
  C:\Windows\System\VgCXimR.exe
  2⤵
  PID:9912
- C:\Windows\System\McETSHY.exe
  C:\Windows\System\McETSHY.exe
  2⤵
  PID:9976
- C:\Windows\System\POrYuMw.exe
  C:\Windows\System\POrYuMw.exe
  2⤵
  PID:10040
- C:\Windows\System\ZGgIcxG.exe
  C:\Windows\System\ZGgIcxG.exe
  2⤵
  PID:10104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AKbxsTQ.exe

Filesize
6.1MB

MD5
cd094f0761275ef5096852d6a307300c

SHA1
47e616ace5ebd07a9d0a3ed3eaaaf06798b912bc

SHA256
0e448ffc6e45c25ff620945641844c6ab8de7a9b8342a07694d2cb8640085d52

SHA512
c28a0632abbacd8086a4a2dea4250e55ec557f367aa1c7a50048d931f297fbb5af81628b791ce68fc7d6cbe5146852960ce2f0b353106f3e0b6520b97cc5126c

Download Submit
C:\Windows\system\CUxlqaF.exe

Filesize
6.1MB

MD5
f0741aa13661d916861568719e9d4cef

SHA1
9a71e0d349a412b9eccff87a6ef2239e12c707b1

SHA256
1c47ae4429204d84a227cdca3320be1f8dc64b56563da64bc37ddb1a1175d72e

SHA512
bb09b4d46ed0e31990d680a3f00154fae0c5900c240da9b66f6e8c70e34f4da9426cbfe0242f944ea4a55f992ed85e8c1ed6fe5f0977719eb954ee59b8680b15

Download Submit
C:\Windows\system\CnqCBoe.exe

Filesize
6.1MB

MD5
46619f561cb1acb3d0662f1ac4d88d6f

SHA1
c925006e1c4731de620c955f1224995774a49b34

SHA256
5226fb5466d8a9765ec40c69f8f217a60660648415b65c0e3e9ec1248e3a4b65

SHA512
5cc9fa378fdaaeacfd0668dfb634183b2be65b5d2cd4035bef166d5833ad803fe4eaba7cd57f33ba2e5c5b8199a2f34fcc274449a5fbf1f59e2214408345ff6c

Download Submit
C:\Windows\system\CxtsCTw.exe

Filesize
6.1MB

MD5
81d6207d98942911aceead37c104b788

SHA1
c5cfef5a2e3f48ea3218290824a508ad2ae2f927

SHA256
d427c1d0c925898ef2d3ce60d89d2b1d971648480db24b471332bcd0b7848b7c

SHA512
1316fbce640f789f4db1e439b92abcdc6c7082c010ff316122467d00d8ee202911c0400255ba716d503b7e1efe1ac0d580495d4898d06c94f2129e09be063a95

Download Submit
C:\Windows\system\OmhHkDj.exe

Filesize
6.1MB

MD5
a7369b125ca0fb237230bb172ad2eb19

SHA1
3fc989d6068db9814029e76c22e51f4ccc3d3b56

SHA256
cb0cc52dc84fbac2ddf70efaf5754a54fcb8dac049c6d8cd3ba710ef1a9abad0

SHA512
b8d15a0bc9d32859f6dc0705d9edf2c9de400c3084835388970abf3ffaf7bbef75b075231350079a0a616983734ca2000ea778cc6d1cad5a0951913916c12635

Download Submit
C:\Windows\system\OmhHuxr.exe

Filesize
6.1MB

MD5
1bfbc5d20a4c680a9e05b77883240079

SHA1
638d79ebe2a4e4d4138ae3d9ecf5684e06e262a7

SHA256
9aa96e05ffcda21410877bd998b22ef3a0526b261e79b2394b79169b309183b5

SHA512
41c261364d7850e4017b708da3786fdcde3fdcd2028e60c2125105d7e3ba8de64b77d7ee1aa6604fa4f78fb663ba21751c560299958f6a3b3a5068472f4176ce

Download Submit
C:\Windows\system\PyOQBVN.exe

Filesize
6.1MB

MD5
27cdd4e7201ea01d6960a73b349114af

SHA1
01d1975ee518f314847ee0e801e3e9493f2f3702

SHA256
053cc17c818414c6c6cdb7467953f23c6aa0fb0003b3446ab9cd84aa4a38f3c3

SHA512
ea63ff7ed7b014d748a39d67c40bff6176b010d6abb81d4a6063ffe325ebdba8de6268d5a13f024de91a048e14c090df72d49ed3efc9f3006539acf977d88b17

Download Submit
C:\Windows\system\TfvOimK.exe

Filesize
6.1MB

MD5
8222973a2ca590411d92bc9dafb4c01d

SHA1
d2cf54df968e5a34d0a2beaa3f04a2aa49c265de

SHA256
8a880bb4c5948c7dd1ea564d4629ace7d0b22076a5d567c2dfaf95706017285c

SHA512
108f2f9e40bf70819f66bbbf5d158689ef98c1eafac6b7ea11290fde23c3803bdeca4a045eb01cae0e7f7d41511be7829aabbd29f6e4939dfa7944beeb7544f7

Download Submit
C:\Windows\system\UDKyaHD.exe

Filesize
6.1MB

MD5
4df155adb99a3a393402b7c200887b99

SHA1
19cb5185b9efbd288452a9d5f70a48f658157ee4

SHA256
06b4b847dc2e1d51bfe39df5d0744c3ad5daff0ad5a44bd6c00976feb5cd9917

SHA512
93c0811631e86915172f67c2ef3573f9d9e83dcbff15490b4f732c1e81321002fdd0225989b8df8f78f45a80d1f2e3d8a8e98b6b3c47b97180819a59db5a62d6

Download Submit
C:\Windows\system\XKlYigr.exe

Filesize
6.1MB

MD5
8de7f67a3afc1ea4be8533858e0775c3

SHA1
591236b5da74f834e17f332e5417b2135f642ef5

SHA256
3250b0f5e0cfda5dea8ca16205b17fce1506df90f1ade5ef59d9c7786c15983e

SHA512
718384809f864203e212046b69b01ff8ec589e3e1b15bc51fe08720e85dab87fbe5efbcc87763260b81015c453588a331da04ee480bd4f470d493cbe31167f9f

Download Submit
C:\Windows\system\YjkFzkM.exe

Filesize
6.1MB

MD5
66c5b7e131a4fed3924e95b6e835b12b

SHA1
11f3badeb0f67bbcdd76b8834224bcfb3ad14c1d

SHA256
7c8fde1f00f1ea11b3bef7d6019a09fac1c007eae96ececa3a4c6f64901bdf1b

SHA512
e6f86d7ca3e34257c833fe52fca8bf222b0b418bf6f74557de2cbaad3c2f5cfa98fd47295b526be9ea55a9dd98179f07db0da58136c21d1a21495bcad4f5ecfb

Download Submit
C:\Windows\system\YkQPwAb.exe

Filesize
6.1MB

MD5
364757c1b6cf6a47160241e2520203b3

SHA1
22a3eee8b3a066af79250f2479609074804c60bd

SHA256
67924342f04de7f2f99806ef9ea9d30243cc614e9a21f10bc1b39d3d5d34e9d6

SHA512
8b7436e1cb828a96b29824c8943e6a46aa2b3c1b9e98017f150ae98908ed2d8092854b6708ae636acb4c86abebb7dfa3cc780cb9c2c989c7021d92df7cd103c9

Download Submit
C:\Windows\system\bBcXJcs.exe

Filesize
6.1MB

MD5
0d08f017ee5c19486e856c456fb65597

SHA1
3faeffae41a253c634e596454ad898595fff92b2

SHA256
1ec9490f2b7b6d58cbdab3fe8184e17837412d94b68cc313bf9937d4e902cbdf

SHA512
3737d2ebfa78ae9f45ee4c6040b83da9c53b006bb19f2ca0a5f59267bb14a0b5754d9e80a23b0f656a6b14290d4a977d427cc22934299ee9df3c457c472598ab

Download Submit
C:\Windows\system\cHYXOhG.exe

Filesize
6.1MB

MD5
00c7992efe4885c5126504f424d95659

SHA1
effe9fbdbe3bd370e9878208d79cad26d058f8d5

SHA256
c0ad65355244e205c24faf13b666f8efa9ba1efdab83524cc937512485c7dd97

SHA512
b6f3902046f9ba9323a492a6499363d291a10fb217ed9ee916b4487dd08b7d24dac01289cef8228ad347b12f180f62c47fc453d31a0c14f9ee8b97b4d8613df5

Download Submit
C:\Windows\system\ceoltWt.exe

Filesize
6.1MB

MD5
b44ed64c1cc74f47779016c5354c6cae

SHA1
40785ead6111940e077cc786f322e7a250aad4a9

SHA256
2d1939b4b7d4a0b47fc10ff1d3a357f8b556d050f8be56edaf95a3b98ebd05fe

SHA512
ff857c424fdbd3809c9f1b0cbf59b1b2d8db96f5b636cdcbe7b2916039b682a06a798d97428a92f7409798db4688ad3a7068f60c68173711234a84985efd80bc

Download Submit
C:\Windows\system\efvUMpA.exe

Filesize
6.1MB

MD5
05e6adb7743b80c1a27dcd4664a08a8b

SHA1
730d6c51a93335aa73264757567ce67b902e2139

SHA256
24187ec554e4f6864d03843f60fc6cc1b98305e142d6eb64251b31880e707151

SHA512
bb11d3f951d4189da4e42a15e795356b038ac1088247a3f297c58e7ee50ea3aa58697cf14677aef649a422d2d57bca98a42c0f5d7d6ece7d971c521154fd7fe3

Download Submit
C:\Windows\system\gOFWknd.exe

Filesize
6.1MB

MD5
fb74d892356fa229937b25d4e91bb3d0

SHA1
595fa11ca547d1e7e8d00e6d41f5ecd95beb7480

SHA256
71e1185070772197d2aef5f9e39cedd39c366c6bcca212f5f22498c8e72bd5e3

SHA512
64414dc4fc0f1bf9cf412aff77b7b369d3ba0206f4ac91dd5dc466cfd5ea572a6befc656b02002f9d4a69be5da8d9172c9831ef0af6640eb207bec752ad4b65c

Download Submit
C:\Windows\system\gTVTAoF.exe

Filesize
6.1MB

MD5
1bd260bab6272fca1f1e91609afd1367

SHA1
d9d2446607ac95e248e34265b4ff2070e685ae23

SHA256
bdc830449c19621bdf699f2f98d16c5a130abbfc70cacfca0fba13320d323a55

SHA512
d24dfc63b184a1ab094d4cd404eb788dfd1ea42ddc65394427b44f0818a408306a001e9bf7badd330220c300b52bef12c53cddef9e3f7993ab418088920565ab

Download Submit
C:\Windows\system\jTZmJgg.exe

Filesize
6.1MB

MD5
f86b0f6f7c7003991f21b8a9ab3ee41f

SHA1
9ff8e3ea76d9d756674d9aae1dce3a77524e8ea5

SHA256
920df2903f23b2309f5295fb4d63902bbb461912166580873c4f8018c3e20d59

SHA512
5799083729eaba12af6c60bf5595f1f958dadfea97ddfb0121b46a057f54a8c0cd781cbd41f033c6ae69d0da828d660ed9b9d1cc4e254fb213c0aa462b26b31c

Download Submit
C:\Windows\system\jfRScEi.exe

Filesize
6.1MB

MD5
3278117e831768ba1a7f7f3c6f8a7cbd

SHA1
2ad5757c01b5bebe1f57e3cbf861d9b9798def3f

SHA256
d8d55b98dfe02c5568c15a5e3d2915c2cce93e36f1e7c700612767dd1ac2d774

SHA512
0f400c37c1d1301dff31b92be39fa239572f2fb2d5937268106168ff467ad3fcccd40a5649db8d01e7755f048e0fce3eda1a012d25c17cc96c7271ef470e504a

Download Submit
C:\Windows\system\kIUVeqL.exe

Filesize
6.1MB

MD5
0ad52d99b5d37337ee40bdd915b92806

SHA1
173bb666b8ad33396dd9edb2192bc4110d4d8dda

SHA256
7eb7475d8a573afc0b06fb28745051496d8b593541fa0a0674f873a9d97835b4

SHA512
fcffcc8e30287c7f7b48e3ea973cb3771fb7a4db6a510fdf9ca4a2e4826fdee6a81950c333f77e7bc8bfdd7d48bc8cecda4e5d10b0ddefe8e82428f9bea7e5be

Download Submit
C:\Windows\system\lZLvUQl.exe

Filesize
6.1MB

MD5
c51514f35641f989829a26531a32cb4d

SHA1
9c2363baa3ab9ccef81fe1b4dfafe4e965e9b67e

SHA256
5f8019226ceed71b2fe151103b130f0e07f9c4d5b3ce008f705255609c1b972f

SHA512
4ae66c240412c425ead4fdf6f3b8e8a316e2df2460e4ceb6baacb43311bd0b4703ade03977b2756f5c0d9f59009963d820145381ce799426c5df359ded3a9601

Download Submit
C:\Windows\system\mCLiDer.exe

Filesize
6.1MB

MD5
664be980cb3620708ccdec74f420b681

SHA1
c5abdfd643fe54384eb69b26edaa2d5878737029

SHA256
10587a19eece17a9fbca1ce44434ee4c8f4bd60fe9a827b74e42a86526023c9e

SHA512
2315c392340c3443263443300cfac9d93b2158d88b59572447224e17db21f72600a5217f9c40bfcc3de46fe07d19ebf8881832584b883f05f4a9fb01cc574ed0

Download Submit
C:\Windows\system\mEHLxmx.exe

Filesize
6.1MB

MD5
87c03fb4c8b0cf093db8edaf928bcea7

SHA1
15fea3a4cb4cb6e460b785be20f54c4526d87dfe

SHA256
58b2f96b303f705c3d903dbe7c07e6d826f373d4f8586f68c8411a0beb11ec4d

SHA512
6f4a499bfe8c28d0cc135295f3a18fcfd6d77a881e54ceac3cb0ec74401d7a56a177e71e4f2e5a857290db50519bbcb47f8e8996af5961a633cf3c9464100c74

Download Submit
C:\Windows\system\rbCUtzP.exe

Filesize
6.1MB

MD5
324021815f817a1053c2467026353736

SHA1
98eb6d8c900d7c15c614b2351cf19b3ba9553f0a

SHA256
8e4b4bfbaf2a1e13f27b1edb7dffe32126a9c61c5bbae02bb55d3a72882fb4c4

SHA512
4956b6a5bc8e62a22015a81ef49305bd6ee93030992d63d815b63e3ce547b128c9375ff9d5dfc5e9c39bcbe4a7e9712ede03e117f53eb9cc68e77742abbb4286

Download Submit
C:\Windows\system\taEzAkN.exe

Filesize
6.1MB

MD5
8759b74a06c659fb00da466b74e1510e

SHA1
b3e9098975c02127623a98b9c79d5b2ff3a2767b

SHA256
23c4d6a8117c96c3f0c3a262217977047d4024f63d85bc485aad3d834d190bf0

SHA512
21c688643f2f8231e3be0cf31e022b376eed84b0993b7cef7ace120a06b78aa537ee2a0cc8fb8ec739999908f3c4ba87ab07b47ddfd5859cee71bfdbb448b576

Download Submit
C:\Windows\system\vwQzRGv.exe

Filesize
6.1MB

MD5
8fa517970f342745fa2aecd5969a37d6

SHA1
f8b6db945a57d8c0df2cf969865df78f02f3f79e

SHA256
4ff60c25de38e4273463dedb63528265f64b3cb0a4bc4b2f46aef613d5fcd18e

SHA512
8d8165d6cf26ca957b573ce6deb57b6ccf894509d31afb72bec3a4d361413602302088b86b3cc3b3cc285387b8f1db2cde1c1a0a016901308c55e7369ab78c50

Download Submit
C:\Windows\system\zChPhXJ.exe

Filesize
6.1MB

MD5
bd4d57df9234e4540a0a3efc12d6f508

SHA1
8672230f11a9c86f4fd7aab03e1146cbd51f36d4

SHA256
24d012aaa3f74e66ae2034640726956131ae7066b2fc6158fcbf11c1ef0655b2

SHA512
64c51b0c391eb67ed26f851d942ab011e70132be9b97e179111b5aeffcb28a898c8ab4fb2fe40045a7441f48b9888b4d2eaa81facd1381853928dce0f5634db2

Download Submit
\Windows\system\VHiQMjf.exe

Filesize
6.1MB

MD5
a6dc1af5f53e5b99cd0116f11ec9092f

SHA1
6105f79fe6bc12ab09bdaae8690088d205b17214

SHA256
4ae6b18925b906e6b9ab8d1daa806f9af239ce604c2ba28216ae380f026f848d

SHA512
4a95a6e1781d0094c2520fa9553a9b8be8273ceddcc29521169c3550432e0d53ba9771023c335e65eb476c5257057a32173e87bec6ddbc3d26e13aa3878df202

Download Submit
\Windows\system\ZskIeUS.exe

Filesize
6.1MB

MD5
7e407782abd4a878f14dc9e04b8544f8

SHA1
d8ed6fe89aa3e80c8b959aa5d29e06e2b2de1c93

SHA256
d3266d85d9721feee6a5d0afc53de210f48a21c4a3f86ea7b55b0334954f0013

SHA512
70d38d16ddc8bf2d46868a7a8d17902309f0cdf511b1b54ec6733a242577e8e0e17104dc3a8935214702fd79fabd3b2b960604fee361d0f7200ed9fbfbeb9c31

Download Submit
\Windows\system\gbwOQzF.exe

Filesize
6.1MB

MD5
b6f3dc2e77300f63cba1e709240bab4d

SHA1
cae1968cf69136b4ffa24e544621222c5c8de193

SHA256
2babc05c103180e3615c1277f312aa94632a378ac7ff87d14c49250b7bd2b76f

SHA512
5a5a3caf78933dbd67d70914b0fed683052d7414b092818adf7f668f4f87f78eaff7cd0636ba8292d4f8403370759043a117041d9744b344f7748d9ee0287327

Download Submit
\Windows\system\jNHWrhy.exe

Filesize
6.1MB

MD5
c901af18d371fd5055e6fc04fa08c430

SHA1
de8ef2b0be7d02d57d1164e3e46a0865f62ec56a

SHA256
5fa9b716d22028f1744f649959b84248019d6f0e8b035bef9f175e92b023abbd

SHA512
c9db25f9e5a492f4c1d71150219cacbbda02851899e13ed770372fec49cfb65c193de5b25586ff9f5ee1e5892df355bd43dbaaa12a0077d5661dca826de06c06

Download Submit
memory/1612-71-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/1612-503-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-21-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2032-3448-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2184-82-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-47-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-1-0x0000000001B20000-0x0000000001B30000-memory.dmp

Filesize
64KB

Download
memory/2184-107-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2184-417-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-99-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2184-502-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-91-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-90-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-19-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2184-27-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2184-75-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-705-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-1046-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2184-52-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-61-0x000000013FD00000-0x0000000140054000-memory.dmp

Filesize
3.3MB

Download
memory/2184-36-0x000000013F5A0000-0x000000013F8F4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-62-0x0000000002250000-0x00000000025A4000-memory.dmp

Filesize
3.3MB

Download
memory/2184-22-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2184-0-0x000000013F110000-0x000000013F464000-memory.dmp

Filesize
3.3MB

Download
memory/2184-112-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2184-84-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2352-89-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-601-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-3929-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2356-114-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2356-3447-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2356-16-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2404-215-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2404-18-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3957-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2444-111-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1047-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2448-33-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2448-288-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2608-88-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2608-3930-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2720-289-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2720-43-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3457-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3454-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2752-83-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2768-56-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3756-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download