cobaltstrike | 5dc014440a3d943ed4e21e5b5a674e75c66960799ae308f4ba9e472c650c73f0

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
31-01-2025 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2b4b645a81567614745b52fab2ab8220
SHA1

8c319b6f58eae6b2c2c836905cd3789e97cd1658
SHA256

5dc014440a3d943ed4e21e5b5a674e75c66960799ae308f4ba9e472c650c73f0
SHA512

90fc5e286ed381580f027068ee9a8ff0eaa9ac53fbe574f9bb7cf36cb331ac5a26dc975ffb48625f6be3db7ee216c0ae5507b48d87e12bc16703086283f32785
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUp:T+q56utgpPF8u/7p

Score

10^/10

cobaltstrike xmrig 0 backdoor defense_evasion miner privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c23-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-15.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-25.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce9-34.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-37.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ace-45.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-83.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-75.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-98.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-146.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-55.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016ce0-29.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1956-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x000a000000012262-3.dat	xmrig
behavioral1/files/0x0008000000016c23-10.dat	xmrig
behavioral1/files/0x0007000000016cab-15.dat	xmrig
behavioral1/files/0x0007000000016ccc-20.dat	xmrig
behavioral1/files/0x0007000000016cd8-25.dat	xmrig
behavioral1/files/0x0008000000016ce9-34.dat	xmrig
behavioral1/files/0x00050000000194a3-37.dat	xmrig
behavioral1/files/0x0009000000016ace-45.dat	xmrig
behavioral1/files/0x00050000000194eb-50.dat	xmrig
behavioral1/files/0x000500000001950f-60.dat	xmrig
behavioral1/files/0x00050000000195a9-83.dat	xmrig
behavioral1/files/0x00050000000195a7-80.dat	xmrig
behavioral1/files/0x000500000001957c-75.dat	xmrig
behavioral1/files/0x00050000000195af-98.dat	xmrig
behavioral1/files/0x00050000000195b3-110.dat	xmrig
behavioral1/files/0x00050000000195c1-135.dat	xmrig
behavioral1/files/0x00050000000195bd-130.dat	xmrig
behavioral1/files/0x00050000000195bb-125.dat	xmrig
behavioral1/files/0x000500000001960c-158.dat	xmrig
behavioral1/files/0x00050000000195c7-155.dat	xmrig
behavioral1/files/0x00050000000195c6-151.dat	xmrig
behavioral1/files/0x00050000000195c5-146.dat	xmrig
behavioral1/files/0x00050000000195c3-140.dat	xmrig
behavioral1/files/0x00050000000195b7-120.dat	xmrig
behavioral1/files/0x00050000000195b5-116.dat	xmrig
behavioral1/files/0x00050000000195b1-106.dat	xmrig
behavioral1/files/0x00050000000195ad-96.dat	xmrig
behavioral1/files/0x00050000000195ab-90.dat	xmrig
behavioral1/files/0x0005000000019547-70.dat	xmrig
behavioral1/files/0x0005000000019515-65.dat	xmrig
behavioral1/files/0x00050000000194ef-55.dat	xmrig
behavioral1/files/0x0008000000016ce0-29.dat	xmrig
behavioral1/memory/1708-1403-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2016-1412-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2456-1421-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/1956-1422-0x0000000002450000-0x00000000027A4000-memory.dmp	xmrig
behavioral1/memory/2724-1423-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2904-1427-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2776-1448-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/1192-1450-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2912-1452-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2824-1454-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/1956-1455-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2052-1457-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2668-1459-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2456-1464-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2724-1465-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2696-1466-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/1956-1468-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2776-1469-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2824-1479-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2052-1482-0x000000013FD20000-0x0000000140074000-memory.dmp	xmrig
behavioral1/memory/2696-1491-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2632-1485-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2668-1483-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2552-1476-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/1708-1474-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2912-1472-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/1192-1471-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2904-1467-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2016-1463-0x000000013FF90000-0x00000001402E4000-memory.dmp	xmrig
behavioral1/memory/2632-1461-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/1956-1749-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2552	ZGtgZcC.exe
1708	nPnwUVE.exe
2016	XOZplCc.exe
2456	CKdZbrN.exe
2724	bNXGZGd.exe
2904	nbeSHEg.exe
2776	GCwZfWH.exe
1192	khcxMDm.exe
2912	fHERPcn.exe
2824	QVpChhH.exe
2052	jNesOic.exe
2668	lfftepP.exe
2632	mDzDdyP.exe
2696	JVHlgUT.exe
2664	xdGuxLz.exe
2088	ZJbGcEh.exe
2680	xuMyBAq.exe
2720	sJMSwHj.exe
2972	WZgRMJt.exe
800	yKRlMEN.exe
2820	QTRxCnz.exe
1464	hGRYmIE.exe
1460	QpeigTf.exe
1888	hovySQM.exe
2100	aFWoHbu.exe
1068	xbikxUH.exe
2024	LLdbKnf.exe
1504	ZlBCrmT.exe
2176	UzNMvwF.exe
1076	eMjNqVc.exe
1156	FWMydKQ.exe
2816	pIiSKsP.exe
1268	knrSnPP.exe
1164	QLMdiGs.exe
2504	oinNLGa.exe
1612	AdHDAvL.exe
2400	rhJoTgT.exe
1716	dBvtKPO.exe
1748	eXBfjWV.exe
2592	CyJTTQO.exe
2032	xRIHXdq.exe
1788	PsMYTaz.exe
1472	dqfjWWi.exe
572	MclZEDb.exe
2480	CMjgDkt.exe
2416	ViLqoCO.exe
2372	aJXjsnF.exe
1528	QlYZaGX.exe
1820	lorENhn.exe
672	cbZlzGG.exe
1012	vXXcOML.exe
2408	uLloQPo.exe
2112	XdDzbcg.exe
1040	HALcukP.exe
1940	hQpsLPa.exe
1600	VSwTxSI.exe
2268	IdmnsSk.exe
1620	WnwigvM.exe
2200	hfFVHpg.exe
2888	wnqjSaf.exe
2876	KytksAW.exe
2908	PZwtcOx.exe
2644	bPjJHfO.exe
2932	LqnpThw.exe

Loads dropped DLL 64 IoCs

pid	Process
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1956-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x000a000000012262-3.dat	upx
behavioral1/files/0x0008000000016c23-10.dat	upx
behavioral1/files/0x0007000000016cab-15.dat	upx
behavioral1/files/0x0007000000016ccc-20.dat	upx
behavioral1/files/0x0007000000016cd8-25.dat	upx
behavioral1/files/0x0008000000016ce9-34.dat	upx
behavioral1/files/0x00050000000194a3-37.dat	upx
behavioral1/files/0x0009000000016ace-45.dat	upx
behavioral1/files/0x00050000000194eb-50.dat	upx
behavioral1/files/0x000500000001950f-60.dat	upx
behavioral1/files/0x00050000000195a9-83.dat	upx
behavioral1/files/0x00050000000195a7-80.dat	upx
behavioral1/files/0x000500000001957c-75.dat	upx
behavioral1/files/0x00050000000195af-98.dat	upx
behavioral1/files/0x00050000000195b3-110.dat	upx
behavioral1/files/0x00050000000195c1-135.dat	upx
behavioral1/files/0x00050000000195bd-130.dat	upx
behavioral1/files/0x00050000000195bb-125.dat	upx
behavioral1/files/0x000500000001960c-158.dat	upx
behavioral1/files/0x00050000000195c7-155.dat	upx
behavioral1/files/0x00050000000195c6-151.dat	upx
behavioral1/files/0x00050000000195c5-146.dat	upx
behavioral1/files/0x00050000000195c3-140.dat	upx
behavioral1/files/0x00050000000195b7-120.dat	upx
behavioral1/files/0x00050000000195b5-116.dat	upx
behavioral1/files/0x00050000000195b1-106.dat	upx
behavioral1/files/0x00050000000195ad-96.dat	upx
behavioral1/files/0x00050000000195ab-90.dat	upx
behavioral1/files/0x0005000000019547-70.dat	upx
behavioral1/files/0x0005000000019515-65.dat	upx
behavioral1/files/0x00050000000194ef-55.dat	upx
behavioral1/files/0x0008000000016ce0-29.dat	upx
behavioral1/memory/1708-1403-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2016-1412-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2456-1421-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2724-1423-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2904-1427-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2776-1448-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/1192-1450-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2912-1452-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2824-1454-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2052-1457-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2668-1459-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2456-1464-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2724-1465-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2696-1466-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2776-1469-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2824-1479-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2052-1482-0x000000013FD20000-0x0000000140074000-memory.dmp	upx
behavioral1/memory/2696-1491-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2632-1485-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2668-1483-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2552-1476-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/1708-1474-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2912-1472-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1192-1471-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2904-1467-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2016-1463-0x000000013FF90000-0x00000001402E4000-memory.dmp	upx
behavioral1/memory/2632-1461-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/1956-1749-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bZPMWfX.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LynVCcD.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FXyeyVb.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LVEhrbU.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DNDIjjF.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GCwZfWH.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PDliLTm.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfXbUGI.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TfgVpGv.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOmhDye.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNKAhtP.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ixjwEnz.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mEPZFti.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsMYTaz.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFgwRnf.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Xslrmkn.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sdvCapV.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMCqfCZ.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGpzxoc.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxBvkqk.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osQOIWU.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nfowNBX.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gfIVvQG.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfuNFvm.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nsBHmai.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfwhVUE.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHBwhKJ.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fHERPcn.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NbuttSl.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yoDgqDJ.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niUATgp.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LkhkxPf.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fteRKQU.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XBYhpBu.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFfXQrP.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kXZKlxd.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hsOpGzW.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbspCUd.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eMjNqVc.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vIVtPDg.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kwPLPzt.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vxauTjJ.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AYvYcqH.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqlNWpK.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HxhbdmZ.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWIaepg.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wpwfPIS.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WtkZMSB.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKjlIhe.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKxFovy.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohxJius.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRNgpsh.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VNELfIv.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wvVrBLA.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImXeTdj.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fLTzvvy.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYhHlpF.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iVpBOMj.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhafArT.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XzRtwVr.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RcFjPzG.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYUFRGA.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKImGPR.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wxeiSxR.exe	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe

Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs

defense_evasion privilege_escalation

Create Process with Token

T1134.002

pid	Process
8496	YRunASs.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 2552	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1956 wrote to memory of 2552	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1956 wrote to memory of 2552	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1956 wrote to memory of 1708	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1956 wrote to memory of 1708	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1956 wrote to memory of 1708	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1956 wrote to memory of 2016	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1956 wrote to memory of 2016	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1956 wrote to memory of 2016	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1956 wrote to memory of 2456	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1956 wrote to memory of 2456	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1956 wrote to memory of 2456	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1956 wrote to memory of 2724	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1956 wrote to memory of 2724	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1956 wrote to memory of 2724	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1956 wrote to memory of 2904	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1956 wrote to memory of 2904	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1956 wrote to memory of 2904	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1956 wrote to memory of 2776	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1956 wrote to memory of 2776	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1956 wrote to memory of 2776	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1956 wrote to memory of 1192	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1956 wrote to memory of 1192	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1956 wrote to memory of 1192	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1956 wrote to memory of 2912	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1956 wrote to memory of 2912	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1956 wrote to memory of 2912	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1956 wrote to memory of 2824	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1956 wrote to memory of 2824	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1956 wrote to memory of 2824	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1956 wrote to memory of 2052	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1956 wrote to memory of 2052	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1956 wrote to memory of 2052	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1956 wrote to memory of 2668	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1956 wrote to memory of 2668	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1956 wrote to memory of 2668	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1956 wrote to memory of 2632	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1956 wrote to memory of 2632	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1956 wrote to memory of 2632	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1956 wrote to memory of 2696	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1956 wrote to memory of 2696	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1956 wrote to memory of 2696	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1956 wrote to memory of 2664	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1956 wrote to memory of 2664	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1956 wrote to memory of 2664	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1956 wrote to memory of 2088	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1956 wrote to memory of 2088	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1956 wrote to memory of 2088	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1956 wrote to memory of 2680	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1956 wrote to memory of 2680	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1956 wrote to memory of 2680	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1956 wrote to memory of 2720	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1956 wrote to memory of 2720	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1956 wrote to memory of 2720	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1956 wrote to memory of 2972	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1956 wrote to memory of 2972	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1956 wrote to memory of 2972	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1956 wrote to memory of 800	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1956 wrote to memory of 800	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1956 wrote to memory of 800	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1956 wrote to memory of 2820	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1956 wrote to memory of 2820	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1956 wrote to memory of 2820	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1956 wrote to memory of 1464	1956	2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-31_2b4b645a81567614745b52fab2ab8220_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\System\ZGtgZcC.exe
  C:\Windows\System\ZGtgZcC.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\nPnwUVE.exe
  C:\Windows\System\nPnwUVE.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\XOZplCc.exe
  C:\Windows\System\XOZplCc.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\CKdZbrN.exe
  C:\Windows\System\CKdZbrN.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\bNXGZGd.exe
  C:\Windows\System\bNXGZGd.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\nbeSHEg.exe
  C:\Windows\System\nbeSHEg.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\GCwZfWH.exe
  C:\Windows\System\GCwZfWH.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\khcxMDm.exe
  C:\Windows\System\khcxMDm.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\fHERPcn.exe
  C:\Windows\System\fHERPcn.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\QVpChhH.exe
  C:\Windows\System\QVpChhH.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\jNesOic.exe
  C:\Windows\System\jNesOic.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\lfftepP.exe
  C:\Windows\System\lfftepP.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\mDzDdyP.exe
  C:\Windows\System\mDzDdyP.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\JVHlgUT.exe
  C:\Windows\System\JVHlgUT.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\xdGuxLz.exe
  C:\Windows\System\xdGuxLz.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ZJbGcEh.exe
  C:\Windows\System\ZJbGcEh.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\xuMyBAq.exe
  C:\Windows\System\xuMyBAq.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\sJMSwHj.exe
  C:\Windows\System\sJMSwHj.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\WZgRMJt.exe
  C:\Windows\System\WZgRMJt.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\yKRlMEN.exe
  C:\Windows\System\yKRlMEN.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\QTRxCnz.exe
  C:\Windows\System\QTRxCnz.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\hGRYmIE.exe
  C:\Windows\System\hGRYmIE.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\QpeigTf.exe
  C:\Windows\System\QpeigTf.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\hovySQM.exe
  C:\Windows\System\hovySQM.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\aFWoHbu.exe
  C:\Windows\System\aFWoHbu.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\xbikxUH.exe
  C:\Windows\System\xbikxUH.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\LLdbKnf.exe
  C:\Windows\System\LLdbKnf.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\ZlBCrmT.exe
  C:\Windows\System\ZlBCrmT.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\UzNMvwF.exe
  C:\Windows\System\UzNMvwF.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\eMjNqVc.exe
  C:\Windows\System\eMjNqVc.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\FWMydKQ.exe
  C:\Windows\System\FWMydKQ.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\pIiSKsP.exe
  C:\Windows\System\pIiSKsP.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\knrSnPP.exe
  C:\Windows\System\knrSnPP.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\QLMdiGs.exe
  C:\Windows\System\QLMdiGs.exe
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\System\oinNLGa.exe
  C:\Windows\System\oinNLGa.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\AdHDAvL.exe
  C:\Windows\System\AdHDAvL.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\rhJoTgT.exe
  C:\Windows\System\rhJoTgT.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\dBvtKPO.exe
  C:\Windows\System\dBvtKPO.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\eXBfjWV.exe
  C:\Windows\System\eXBfjWV.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\CyJTTQO.exe
  C:\Windows\System\CyJTTQO.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\xRIHXdq.exe
  C:\Windows\System\xRIHXdq.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\PsMYTaz.exe
  C:\Windows\System\PsMYTaz.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\dqfjWWi.exe
  C:\Windows\System\dqfjWWi.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\MclZEDb.exe
  C:\Windows\System\MclZEDb.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\CMjgDkt.exe
  C:\Windows\System\CMjgDkt.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\ViLqoCO.exe
  C:\Windows\System\ViLqoCO.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\aJXjsnF.exe
  C:\Windows\System\aJXjsnF.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\QlYZaGX.exe
  C:\Windows\System\QlYZaGX.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\lorENhn.exe
  C:\Windows\System\lorENhn.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\cbZlzGG.exe
  C:\Windows\System\cbZlzGG.exe
  2⤵
  - Executes dropped EXE
  PID:672
- C:\Windows\System\vXXcOML.exe
  C:\Windows\System\vXXcOML.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\uLloQPo.exe
  C:\Windows\System\uLloQPo.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\XdDzbcg.exe
  C:\Windows\System\XdDzbcg.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\HALcukP.exe
  C:\Windows\System\HALcukP.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\hQpsLPa.exe
  C:\Windows\System\hQpsLPa.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\VSwTxSI.exe
  C:\Windows\System\VSwTxSI.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\IdmnsSk.exe
  C:\Windows\System\IdmnsSk.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\WnwigvM.exe
  C:\Windows\System\WnwigvM.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\hfFVHpg.exe
  C:\Windows\System\hfFVHpg.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\wnqjSaf.exe
  C:\Windows\System\wnqjSaf.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\KytksAW.exe
  C:\Windows\System\KytksAW.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\PZwtcOx.exe
  C:\Windows\System\PZwtcOx.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\bPjJHfO.exe
  C:\Windows\System\bPjJHfO.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\LqnpThw.exe
  C:\Windows\System\LqnpThw.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\GTMWnSO.exe
  C:\Windows\System\GTMWnSO.exe
  2⤵
  PID:2672
- C:\Windows\System\PnmkxeQ.exe
  C:\Windows\System\PnmkxeQ.exe
  2⤵
  PID:2324
- C:\Windows\System\uSLLtqU.exe
  C:\Windows\System\uSLLtqU.exe
  2⤵
  PID:2604
- C:\Windows\System\YrBDOLu.exe
  C:\Windows\System\YrBDOLu.exe
  2⤵
  PID:2840
- C:\Windows\System\lWIWVMl.exe
  C:\Windows\System\lWIWVMl.exe
  2⤵
  PID:2980
- C:\Windows\System\xFXuVdC.exe
  C:\Windows\System\xFXuVdC.exe
  2⤵
  PID:1920
- C:\Windows\System\ThMbrMP.exe
  C:\Windows\System\ThMbrMP.exe
  2⤵
  PID:1284
- C:\Windows\System\zQZOFzR.exe
  C:\Windows\System\zQZOFzR.exe
  2⤵
  PID:2808
- C:\Windows\System\fQpxqvA.exe
  C:\Windows\System\fQpxqvA.exe
  2⤵
  PID:2248
- C:\Windows\System\ROZipsH.exe
  C:\Windows\System\ROZipsH.exe
  2⤵
  PID:2096
- C:\Windows\System\LDRzVQE.exe
  C:\Windows\System\LDRzVQE.exe
  2⤵
  PID:1812
- C:\Windows\System\eHpOtEA.exe
  C:\Windows\System\eHpOtEA.exe
  2⤵
  PID:1172
- C:\Windows\System\PpQgdKL.exe
  C:\Windows\System\PpQgdKL.exe
  2⤵
  PID:928
- C:\Windows\System\ReybeMd.exe
  C:\Windows\System\ReybeMd.exe
  2⤵
  PID:1148
- C:\Windows\System\YCBtckD.exe
  C:\Windows\System\YCBtckD.exe
  2⤵
  PID:1704
- C:\Windows\System\rVwXkkW.exe
  C:\Windows\System\rVwXkkW.exe
  2⤵
  PID:2004
- C:\Windows\System\COzOlTV.exe
  C:\Windows\System\COzOlTV.exe
  2⤵
  PID:828
- C:\Windows\System\LeSxjKg.exe
  C:\Windows\System\LeSxjKg.exe
  2⤵
  PID:1816
- C:\Windows\System\vjSLPcI.exe
  C:\Windows\System\vjSLPcI.exe
  2⤵
  PID:676
- C:\Windows\System\ixjwEnz.exe
  C:\Windows\System\ixjwEnz.exe
  2⤵
  PID:1828
- C:\Windows\System\YgvQmCj.exe
  C:\Windows\System\YgvQmCj.exe
  2⤵
  PID:2700
- C:\Windows\System\HcSkaxF.exe
  C:\Windows\System\HcSkaxF.exe
  2⤵
  PID:2264
- C:\Windows\System\ywvpoHf.exe
  C:\Windows\System\ywvpoHf.exe
  2⤵
  PID:2092
- C:\Windows\System\zkHGIhh.exe
  C:\Windows\System\zkHGIhh.exe
  2⤵
  PID:2488
- C:\Windows\System\fXIvxAH.exe
  C:\Windows\System\fXIvxAH.exe
  2⤵
  PID:856
- C:\Windows\System\fteRKQU.exe
  C:\Windows\System\fteRKQU.exe
  2⤵
  PID:1564
- C:\Windows\System\bPPjiYx.exe
  C:\Windows\System\bPPjiYx.exe
  2⤵
  PID:1700
- C:\Windows\System\XFQruXR.exe
  C:\Windows\System\XFQruXR.exe
  2⤵
  PID:2492
- C:\Windows\System\UONtgqi.exe
  C:\Windows\System\UONtgqi.exe
  2⤵
  PID:2880
- C:\Windows\System\fLTzvvy.exe
  C:\Windows\System\fLTzvvy.exe
  2⤵
  PID:3040
- C:\Windows\System\gfIVvQG.exe
  C:\Windows\System\gfIVvQG.exe
  2⤵
  PID:3020
- C:\Windows\System\pzsCDIU.exe
  C:\Windows\System\pzsCDIU.exe
  2⤵
  PID:1580
- C:\Windows\System\bllvDRn.exe
  C:\Windows\System\bllvDRn.exe
  2⤵
  PID:384
- C:\Windows\System\QKLVUHA.exe
  C:\Windows\System\QKLVUHA.exe
  2⤵
  PID:1176
- C:\Windows\System\bpUzUGr.exe
  C:\Windows\System\bpUzUGr.exe
  2⤵
  PID:2476
- C:\Windows\System\vMuxmXr.exe
  C:\Windows\System\vMuxmXr.exe
  2⤵
  PID:1900
- C:\Windows\System\iTMXdIC.exe
  C:\Windows\System\iTMXdIC.exe
  2⤵
  PID:840
- C:\Windows\System\EsfmWqT.exe
  C:\Windows\System\EsfmWqT.exe
  2⤵
  PID:1632
- C:\Windows\System\nRtBsVX.exe
  C:\Windows\System\nRtBsVX.exe
  2⤵
  PID:1184
- C:\Windows\System\IwGSIMa.exe
  C:\Windows\System\IwGSIMa.exe
  2⤵
  PID:2864
- C:\Windows\System\FyKFPGZ.exe
  C:\Windows\System\FyKFPGZ.exe
  2⤵
  PID:648
- C:\Windows\System\aZazgbV.exe
  C:\Windows\System\aZazgbV.exe
  2⤵
  PID:896
- C:\Windows\System\yxrJvew.exe
  C:\Windows\System\yxrJvew.exe
  2⤵
  PID:1488
- C:\Windows\System\dTLsMsm.exe
  C:\Windows\System\dTLsMsm.exe
  2⤵
  PID:2704
- C:\Windows\System\SabToMl.exe
  C:\Windows\System\SabToMl.exe
  2⤵
  PID:1532
- C:\Windows\System\JvSGHjC.exe
  C:\Windows\System\JvSGHjC.exe
  2⤵
  PID:2260
- C:\Windows\System\vZBPGXR.exe
  C:\Windows\System\vZBPGXR.exe
  2⤵
  PID:2332
- C:\Windows\System\bxORAgW.exe
  C:\Windows\System\bxORAgW.exe
  2⤵
  PID:1056
- C:\Windows\System\wWJsQba.exe
  C:\Windows\System\wWJsQba.exe
  2⤵
  PID:2780
- C:\Windows\System\GGDFZQf.exe
  C:\Windows\System\GGDFZQf.exe
  2⤵
  PID:368
- C:\Windows\System\mkVoKSD.exe
  C:\Windows\System\mkVoKSD.exe
  2⤵
  PID:2844
- C:\Windows\System\rYyrLpp.exe
  C:\Windows\System\rYyrLpp.exe
  2⤵
  PID:2624
- C:\Windows\System\bfLBBQM.exe
  C:\Windows\System\bfLBBQM.exe
  2⤵
  PID:2364
- C:\Windows\System\XIHktcf.exe
  C:\Windows\System\XIHktcf.exe
  2⤵
  PID:432
- C:\Windows\System\roOZLvs.exe
  C:\Windows\System\roOZLvs.exe
  2⤵
  PID:620
- C:\Windows\System\qdMFOXh.exe
  C:\Windows\System\qdMFOXh.exe
  2⤵
  PID:1736
- C:\Windows\System\RLRNTgv.exe
  C:\Windows\System\RLRNTgv.exe
  2⤵
  PID:952
- C:\Windows\System\QOVGUtw.exe
  C:\Windows\System\QOVGUtw.exe
  2⤵
  PID:2392
- C:\Windows\System\eTwQyok.exe
  C:\Windows\System\eTwQyok.exe
  2⤵
  PID:872
- C:\Windows\System\abhPach.exe
  C:\Windows\System\abhPach.exe
  2⤵
  PID:1720
- C:\Windows\System\VkkOClT.exe
  C:\Windows\System\VkkOClT.exe
  2⤵
  PID:2528
- C:\Windows\System\MHAWvRs.exe
  C:\Windows\System\MHAWvRs.exe
  2⤵
  PID:1712
- C:\Windows\System\wyVnMoU.exe
  C:\Windows\System\wyVnMoU.exe
  2⤵
  PID:2692
- C:\Windows\System\vyOUljL.exe
  C:\Windows\System\vyOUljL.exe
  2⤵
  PID:3088
- C:\Windows\System\fndzKvW.exe
  C:\Windows\System\fndzKvW.exe
  2⤵
  PID:3108
- C:\Windows\System\mBxqXbc.exe
  C:\Windows\System\mBxqXbc.exe
  2⤵
  PID:3132
- C:\Windows\System\YboPCiR.exe
  C:\Windows\System\YboPCiR.exe
  2⤵
  PID:3148
- C:\Windows\System\VQqNziS.exe
  C:\Windows\System\VQqNziS.exe
  2⤵
  PID:3172
- C:\Windows\System\INYdJjb.exe
  C:\Windows\System\INYdJjb.exe
  2⤵
  PID:3192
- C:\Windows\System\KvyDFnP.exe
  C:\Windows\System\KvyDFnP.exe
  2⤵
  PID:3212
- C:\Windows\System\dMZDphP.exe
  C:\Windows\System\dMZDphP.exe
  2⤵
  PID:3232
- C:\Windows\System\ZpCidjB.exe
  C:\Windows\System\ZpCidjB.exe
  2⤵
  PID:3252
- C:\Windows\System\AlPZKxJ.exe
  C:\Windows\System\AlPZKxJ.exe
  2⤵
  PID:3272
- C:\Windows\System\NxBstCU.exe
  C:\Windows\System\NxBstCU.exe
  2⤵
  PID:3292
- C:\Windows\System\KeeRsPZ.exe
  C:\Windows\System\KeeRsPZ.exe
  2⤵
  PID:3308
- C:\Windows\System\eiXULBx.exe
  C:\Windows\System\eiXULBx.exe
  2⤵
  PID:3332
- C:\Windows\System\SOHcayn.exe
  C:\Windows\System\SOHcayn.exe
  2⤵
  PID:3352
- C:\Windows\System\hMepaum.exe
  C:\Windows\System\hMepaum.exe
  2⤵
  PID:3372
- C:\Windows\System\nIutdPi.exe
  C:\Windows\System\nIutdPi.exe
  2⤵
  PID:3392
- C:\Windows\System\HOTLpdM.exe
  C:\Windows\System\HOTLpdM.exe
  2⤵
  PID:3412
- C:\Windows\System\XicTqYH.exe
  C:\Windows\System\XicTqYH.exe
  2⤵
  PID:3432
- C:\Windows\System\YssGtgp.exe
  C:\Windows\System\YssGtgp.exe
  2⤵
  PID:3452
- C:\Windows\System\VLkhzvh.exe
  C:\Windows\System\VLkhzvh.exe
  2⤵
  PID:3472
- C:\Windows\System\FLafBAg.exe
  C:\Windows\System\FLafBAg.exe
  2⤵
  PID:3492
- C:\Windows\System\pOphKoh.exe
  C:\Windows\System\pOphKoh.exe
  2⤵
  PID:3516
- C:\Windows\System\wBBIUYR.exe
  C:\Windows\System\wBBIUYR.exe
  2⤵
  PID:3536
- C:\Windows\System\QYuFpZL.exe
  C:\Windows\System\QYuFpZL.exe
  2⤵
  PID:3556
- C:\Windows\System\vJeyZui.exe
  C:\Windows\System\vJeyZui.exe
  2⤵
  PID:3576
- C:\Windows\System\hZoTdmU.exe
  C:\Windows\System\hZoTdmU.exe
  2⤵
  PID:3596
- C:\Windows\System\yVacUpr.exe
  C:\Windows\System\yVacUpr.exe
  2⤵
  PID:3616
- C:\Windows\System\AsAJzpR.exe
  C:\Windows\System\AsAJzpR.exe
  2⤵
  PID:3636
- C:\Windows\System\tlXlDhB.exe
  C:\Windows\System\tlXlDhB.exe
  2⤵
  PID:3656
- C:\Windows\System\pzTcKzD.exe
  C:\Windows\System\pzTcKzD.exe
  2⤵
  PID:3676
- C:\Windows\System\sdEZXaH.exe
  C:\Windows\System\sdEZXaH.exe
  2⤵
  PID:3696
- C:\Windows\System\DwKsWoA.exe
  C:\Windows\System\DwKsWoA.exe
  2⤵
  PID:3716
- C:\Windows\System\qkpMntG.exe
  C:\Windows\System\qkpMntG.exe
  2⤵
  PID:3736
- C:\Windows\System\xHURCYO.exe
  C:\Windows\System\xHURCYO.exe
  2⤵
  PID:3756
- C:\Windows\System\BvlNhMA.exe
  C:\Windows\System\BvlNhMA.exe
  2⤵
  PID:3776
- C:\Windows\System\npxotqI.exe
  C:\Windows\System\npxotqI.exe
  2⤵
  PID:3796
- C:\Windows\System\XzCHaUP.exe
  C:\Windows\System\XzCHaUP.exe
  2⤵
  PID:3820
- C:\Windows\System\nyNlzYC.exe
  C:\Windows\System\nyNlzYC.exe
  2⤵
  PID:3840
- C:\Windows\System\XAQHdHI.exe
  C:\Windows\System\XAQHdHI.exe
  2⤵
  PID:3860
- C:\Windows\System\cQnmzaE.exe
  C:\Windows\System\cQnmzaE.exe
  2⤵
  PID:3880
- C:\Windows\System\JcuXkry.exe
  C:\Windows\System\JcuXkry.exe
  2⤵
  PID:3900
- C:\Windows\System\ybMDUMD.exe
  C:\Windows\System\ybMDUMD.exe
  2⤵
  PID:3924
- C:\Windows\System\HFLNaXo.exe
  C:\Windows\System\HFLNaXo.exe
  2⤵
  PID:3944
- C:\Windows\System\uGuDInM.exe
  C:\Windows\System\uGuDInM.exe
  2⤵
  PID:3964
- C:\Windows\System\ueqRjpR.exe
  C:\Windows\System\ueqRjpR.exe
  2⤵
  PID:3984
- C:\Windows\System\odWoBcG.exe
  C:\Windows\System\odWoBcG.exe
  2⤵
  PID:4004
- C:\Windows\System\hEqjICd.exe
  C:\Windows\System\hEqjICd.exe
  2⤵
  PID:4024
- C:\Windows\System\BMxzOlL.exe
  C:\Windows\System\BMxzOlL.exe
  2⤵
  PID:4044
- C:\Windows\System\cgbsKzr.exe
  C:\Windows\System\cgbsKzr.exe
  2⤵
  PID:4064
- C:\Windows\System\jYUFRGA.exe
  C:\Windows\System\jYUFRGA.exe
  2⤵
  PID:4084
- C:\Windows\System\aLMIAqG.exe
  C:\Windows\System\aLMIAqG.exe
  2⤵
  PID:1884
- C:\Windows\System\bDuHyBc.exe
  C:\Windows\System\bDuHyBc.exe
  2⤵
  PID:2384
- C:\Windows\System\pMMDvBG.exe
  C:\Windows\System\pMMDvBG.exe
  2⤵
  PID:2028
- C:\Windows\System\WyixMkA.exe
  C:\Windows\System\WyixMkA.exe
  2⤵
  PID:864
- C:\Windows\System\KPBdjhf.exe
  C:\Windows\System\KPBdjhf.exe
  2⤵
  PID:1976
- C:\Windows\System\KzhziON.exe
  C:\Windows\System\KzhziON.exe
  2⤵
  PID:2656
- C:\Windows\System\JlTdQoL.exe
  C:\Windows\System\JlTdQoL.exe
  2⤵
  PID:3084
- C:\Windows\System\zRJXwjB.exe
  C:\Windows\System\zRJXwjB.exe
  2⤵
  PID:3120
- C:\Windows\System\orioPvy.exe
  C:\Windows\System\orioPvy.exe
  2⤵
  PID:3156
- C:\Windows\System\hZjSxaq.exe
  C:\Windows\System\hZjSxaq.exe
  2⤵
  PID:3160
- C:\Windows\System\YbqLcDD.exe
  C:\Windows\System\YbqLcDD.exe
  2⤵
  PID:3204
- C:\Windows\System\CQevAKG.exe
  C:\Windows\System\CQevAKG.exe
  2⤵
  PID:3228
- C:\Windows\System\lRiTjlH.exe
  C:\Windows\System\lRiTjlH.exe
  2⤵
  PID:3260
- C:\Windows\System\BZVymDK.exe
  C:\Windows\System\BZVymDK.exe
  2⤵
  PID:3268
- C:\Windows\System\eQdKMxE.exe
  C:\Windows\System\eQdKMxE.exe
  2⤵
  PID:3304
- C:\Windows\System\vOKOfBY.exe
  C:\Windows\System\vOKOfBY.exe
  2⤵
  PID:3344
- C:\Windows\System\KgWCEEp.exe
  C:\Windows\System\KgWCEEp.exe
  2⤵
  PID:3408
- C:\Windows\System\wCMZLKc.exe
  C:\Windows\System\wCMZLKc.exe
  2⤵
  PID:3424
- C:\Windows\System\DRwoaGR.exe
  C:\Windows\System\DRwoaGR.exe
  2⤵
  PID:3488
- C:\Windows\System\yWnnJpJ.exe
  C:\Windows\System\yWnnJpJ.exe
  2⤵
  PID:3500
- C:\Windows\System\HUCFDCP.exe
  C:\Windows\System\HUCFDCP.exe
  2⤵
  PID:3528
- C:\Windows\System\qqTPFXu.exe
  C:\Windows\System\qqTPFXu.exe
  2⤵
  PID:3548
- C:\Windows\System\VYuceSm.exe
  C:\Windows\System\VYuceSm.exe
  2⤵
  PID:3612
- C:\Windows\System\MpOFRgR.exe
  C:\Windows\System\MpOFRgR.exe
  2⤵
  PID:3628
- C:\Windows\System\nBsppoS.exe
  C:\Windows\System\nBsppoS.exe
  2⤵
  PID:3684
- C:\Windows\System\WkzOmtf.exe
  C:\Windows\System\WkzOmtf.exe
  2⤵
  PID:3712
- C:\Windows\System\nwXXLEN.exe
  C:\Windows\System\nwXXLEN.exe
  2⤵
  PID:3512
- C:\Windows\System\oMCqfCZ.exe
  C:\Windows\System\oMCqfCZ.exe
  2⤵
  PID:3748
- C:\Windows\System\SliEAun.exe
  C:\Windows\System\SliEAun.exe
  2⤵
  PID:3812
- C:\Windows\System\PYcRgMc.exe
  C:\Windows\System\PYcRgMc.exe
  2⤵
  PID:3832
- C:\Windows\System\VJBFtVD.exe
  C:\Windows\System\VJBFtVD.exe
  2⤵
  PID:3876
- C:\Windows\System\AGysTWU.exe
  C:\Windows\System\AGysTWU.exe
  2⤵
  PID:3816
- C:\Windows\System\bsArENQ.exe
  C:\Windows\System\bsArENQ.exe
  2⤵
  PID:3916
- C:\Windows\System\tcRVDpe.exe
  C:\Windows\System\tcRVDpe.exe
  2⤵
  PID:3960
- C:\Windows\System\lSHbFjc.exe
  C:\Windows\System\lSHbFjc.exe
  2⤵
  PID:3992
- C:\Windows\System\tKyNyig.exe
  C:\Windows\System\tKyNyig.exe
  2⤵
  PID:4020
- C:\Windows\System\hKKNpwA.exe
  C:\Windows\System\hKKNpwA.exe
  2⤵
  PID:4052
- C:\Windows\System\PXVFRcq.exe
  C:\Windows\System\PXVFRcq.exe
  2⤵
  PID:4080
- C:\Windows\System\JYhjjiF.exe
  C:\Windows\System\JYhjjiF.exe
  2⤵
  PID:740
- C:\Windows\System\PWYkfDz.exe
  C:\Windows\System\PWYkfDz.exe
  2⤵
  PID:1412
- C:\Windows\System\HLEaKQg.exe
  C:\Windows\System\HLEaKQg.exe
  2⤵
  PID:2308
- C:\Windows\System\YDpLgtp.exe
  C:\Windows\System\YDpLgtp.exe
  2⤵
  PID:1312
- C:\Windows\System\XZgsHhY.exe
  C:\Windows\System\XZgsHhY.exe
  2⤵
  PID:3100
- C:\Windows\System\BusnMny.exe
  C:\Windows\System\BusnMny.exe
  2⤵
  PID:3168
- C:\Windows\System\VXOFkDT.exe
  C:\Windows\System\VXOFkDT.exe
  2⤵
  PID:3180
- C:\Windows\System\KZgDcZB.exe
  C:\Windows\System\KZgDcZB.exe
  2⤵
  PID:3220
- C:\Windows\System\aqxJMVS.exe
  C:\Windows\System\aqxJMVS.exe
  2⤵
  PID:3320
- C:\Windows\System\YxUYGVM.exe
  C:\Windows\System\YxUYGVM.exe
  2⤵
  PID:3400
- C:\Windows\System\xVKvTka.exe
  C:\Windows\System\xVKvTka.exe
  2⤵
  PID:3480
- C:\Windows\System\myIQWFH.exe
  C:\Windows\System\myIQWFH.exe
  2⤵
  PID:3464
- C:\Windows\System\iVOqkvJ.exe
  C:\Windows\System\iVOqkvJ.exe
  2⤵
  PID:3592
- C:\Windows\System\uISuGQg.exe
  C:\Windows\System\uISuGQg.exe
  2⤵
  PID:3588
- C:\Windows\System\nDHlelg.exe
  C:\Windows\System\nDHlelg.exe
  2⤵
  PID:3648
- C:\Windows\System\GeVhQFl.exe
  C:\Windows\System\GeVhQFl.exe
  2⤵
  PID:3704
- C:\Windows\System\MdpmxTI.exe
  C:\Windows\System\MdpmxTI.exe
  2⤵
  PID:3784
- C:\Windows\System\jPEeMkp.exe
  C:\Windows\System\jPEeMkp.exe
  2⤵
  PID:3868
- C:\Windows\System\NuHpYac.exe
  C:\Windows\System\NuHpYac.exe
  2⤵
  PID:3552
- C:\Windows\System\vYIaYeh.exe
  C:\Windows\System\vYIaYeh.exe
  2⤵
  PID:3896
- C:\Windows\System\npGSHRG.exe
  C:\Windows\System\npGSHRG.exe
  2⤵
  PID:3936
- C:\Windows\System\FecQujA.exe
  C:\Windows\System\FecQujA.exe
  2⤵
  PID:3996
- C:\Windows\System\eZLtfCj.exe
  C:\Windows\System\eZLtfCj.exe
  2⤵
  PID:4056
- C:\Windows\System\CKBYRNp.exe
  C:\Windows\System\CKBYRNp.exe
  2⤵
  PID:1484
- C:\Windows\System\sDneNkN.exe
  C:\Windows\System\sDneNkN.exe
  2⤵
  PID:2892
- C:\Windows\System\GdMvkfw.exe
  C:\Windows\System\GdMvkfw.exe
  2⤵
  PID:2000
- C:\Windows\System\gKImGPR.exe
  C:\Windows\System\gKImGPR.exe
  2⤵
  PID:3208
- C:\Windows\System\vLHEeLO.exe
  C:\Windows\System\vLHEeLO.exe
  2⤵
  PID:3328
- C:\Windows\System\XAHbyCR.exe
  C:\Windows\System\XAHbyCR.exe
  2⤵
  PID:3384
- C:\Windows\System\azohegu.exe
  C:\Windows\System\azohegu.exe
  2⤵
  PID:3460
- C:\Windows\System\SCcmiYt.exe
  C:\Windows\System\SCcmiYt.exe
  2⤵
  PID:3564
- C:\Windows\System\YqlaDat.exe
  C:\Windows\System\YqlaDat.exe
  2⤵
  PID:3688
- C:\Windows\System\CXRYaEC.exe
  C:\Windows\System\CXRYaEC.exe
  2⤵
  PID:3724
- C:\Windows\System\JaGqfJe.exe
  C:\Windows\System\JaGqfJe.exe
  2⤵
  PID:3792
- C:\Windows\System\qFXqvFQ.exe
  C:\Windows\System\qFXqvFQ.exe
  2⤵
  PID:3888
- C:\Windows\System\iBdrsAt.exe
  C:\Windows\System\iBdrsAt.exe
  2⤵
  PID:4032
- C:\Windows\System\mabAIIA.exe
  C:\Windows\System\mabAIIA.exe
  2⤵
  PID:4104
- C:\Windows\System\dFTzuSp.exe
  C:\Windows\System\dFTzuSp.exe
  2⤵
  PID:4124
- C:\Windows\System\TnUIafN.exe
  C:\Windows\System\TnUIafN.exe
  2⤵
  PID:4144
- C:\Windows\System\ngOyDzy.exe
  C:\Windows\System\ngOyDzy.exe
  2⤵
  PID:4164
- C:\Windows\System\rjOymPi.exe
  C:\Windows\System\rjOymPi.exe
  2⤵
  PID:4184
- C:\Windows\System\siBhbwm.exe
  C:\Windows\System\siBhbwm.exe
  2⤵
  PID:4204
- C:\Windows\System\BRjKmQI.exe
  C:\Windows\System\BRjKmQI.exe
  2⤵
  PID:4224
- C:\Windows\System\yeLeVhL.exe
  C:\Windows\System\yeLeVhL.exe
  2⤵
  PID:4244
- C:\Windows\System\VNELfIv.exe
  C:\Windows\System\VNELfIv.exe
  2⤵
  PID:4264
- C:\Windows\System\XYxrpuV.exe
  C:\Windows\System\XYxrpuV.exe
  2⤵
  PID:4284
- C:\Windows\System\hlnQzIn.exe
  C:\Windows\System\hlnQzIn.exe
  2⤵
  PID:4304
- C:\Windows\System\YMuEDKo.exe
  C:\Windows\System\YMuEDKo.exe
  2⤵
  PID:4324
- C:\Windows\System\KIxZTxo.exe
  C:\Windows\System\KIxZTxo.exe
  2⤵
  PID:4344
- C:\Windows\System\dluHFoj.exe
  C:\Windows\System\dluHFoj.exe
  2⤵
  PID:4364
- C:\Windows\System\zDKlhyQ.exe
  C:\Windows\System\zDKlhyQ.exe
  2⤵
  PID:4388
- C:\Windows\System\ZyHtNrS.exe
  C:\Windows\System\ZyHtNrS.exe
  2⤵
  PID:4408
- C:\Windows\System\oHsGwUo.exe
  C:\Windows\System\oHsGwUo.exe
  2⤵
  PID:4428
- C:\Windows\System\wDIMYZs.exe
  C:\Windows\System\wDIMYZs.exe
  2⤵
  PID:4448
- C:\Windows\System\OVEUIPW.exe
  C:\Windows\System\OVEUIPW.exe
  2⤵
  PID:4472
- C:\Windows\System\mxAyFWN.exe
  C:\Windows\System\mxAyFWN.exe
  2⤵
  PID:4492
- C:\Windows\System\pqzKKBP.exe
  C:\Windows\System\pqzKKBP.exe
  2⤵
  PID:4512
- C:\Windows\System\BpByxyp.exe
  C:\Windows\System\BpByxyp.exe
  2⤵
  PID:4532
- C:\Windows\System\RZsZzXI.exe
  C:\Windows\System\RZsZzXI.exe
  2⤵
  PID:4552
- C:\Windows\System\wftoELx.exe
  C:\Windows\System\wftoELx.exe
  2⤵
  PID:4568
- C:\Windows\System\pMIgbTH.exe
  C:\Windows\System\pMIgbTH.exe
  2⤵
  PID:4592
- C:\Windows\System\mACAPzZ.exe
  C:\Windows\System\mACAPzZ.exe
  2⤵
  PID:4612
- C:\Windows\System\rzjPnJG.exe
  C:\Windows\System\rzjPnJG.exe
  2⤵
  PID:4632
- C:\Windows\System\JFNmTZc.exe
  C:\Windows\System\JFNmTZc.exe
  2⤵
  PID:4652
- C:\Windows\System\tdCwJuI.exe
  C:\Windows\System\tdCwJuI.exe
  2⤵
  PID:4672
- C:\Windows\System\JnuGfJq.exe
  C:\Windows\System\JnuGfJq.exe
  2⤵
  PID:4692
- C:\Windows\System\aeCTAIV.exe
  C:\Windows\System\aeCTAIV.exe
  2⤵
  PID:4712
- C:\Windows\System\SXQGZEa.exe
  C:\Windows\System\SXQGZEa.exe
  2⤵
  PID:4732
- C:\Windows\System\RIeAcPH.exe
  C:\Windows\System\RIeAcPH.exe
  2⤵
  PID:4756
- C:\Windows\System\oSlXuDC.exe
  C:\Windows\System\oSlXuDC.exe
  2⤵
  PID:4776
- C:\Windows\System\uQBdwOP.exe
  C:\Windows\System\uQBdwOP.exe
  2⤵
  PID:4796
- C:\Windows\System\ORTogEd.exe
  C:\Windows\System\ORTogEd.exe
  2⤵
  PID:4816
- C:\Windows\System\YrlBkty.exe
  C:\Windows\System\YrlBkty.exe
  2⤵
  PID:4836
- C:\Windows\System\YOFbxLV.exe
  C:\Windows\System\YOFbxLV.exe
  2⤵
  PID:4856
- C:\Windows\System\rkyvRMS.exe
  C:\Windows\System\rkyvRMS.exe
  2⤵
  PID:4876
- C:\Windows\System\zmbPfID.exe
  C:\Windows\System\zmbPfID.exe
  2⤵
  PID:4896
- C:\Windows\System\WbguQEr.exe
  C:\Windows\System\WbguQEr.exe
  2⤵
  PID:4916
- C:\Windows\System\rChFMvK.exe
  C:\Windows\System\rChFMvK.exe
  2⤵
  PID:4940
- C:\Windows\System\etWAVtz.exe
  C:\Windows\System\etWAVtz.exe
  2⤵
  PID:4960
- C:\Windows\System\XvFsvBA.exe
  C:\Windows\System\XvFsvBA.exe
  2⤵
  PID:4980
- C:\Windows\System\toMViSD.exe
  C:\Windows\System\toMViSD.exe
  2⤵
  PID:5000
- C:\Windows\System\kXZKlxd.exe
  C:\Windows\System\kXZKlxd.exe
  2⤵
  PID:5020
- C:\Windows\System\ydXJKmm.exe
  C:\Windows\System\ydXJKmm.exe
  2⤵
  PID:5040
- C:\Windows\System\PMehJeC.exe
  C:\Windows\System\PMehJeC.exe
  2⤵
  PID:5060
- C:\Windows\System\wjXTSCq.exe
  C:\Windows\System\wjXTSCq.exe
  2⤵
  PID:5080
- C:\Windows\System\wsRazCU.exe
  C:\Windows\System\wsRazCU.exe
  2⤵
  PID:5100
- C:\Windows\System\idqfgUs.exe
  C:\Windows\System\idqfgUs.exe
  2⤵
  PID:612
- C:\Windows\System\fsnxhKi.exe
  C:\Windows\System\fsnxhKi.exe
  2⤵
  PID:3104
- C:\Windows\System\NJOGHOT.exe
  C:\Windows\System\NJOGHOT.exe
  2⤵
  PID:2368
- C:\Windows\System\RiySdKQ.exe
  C:\Windows\System\RiySdKQ.exe
  2⤵
  PID:3128
- C:\Windows\System\lCTShQJ.exe
  C:\Windows\System\lCTShQJ.exe
  2⤵
  PID:3420
- C:\Windows\System\MoOcbVV.exe
  C:\Windows\System\MoOcbVV.exe
  2⤵
  PID:3644
- C:\Windows\System\UwrQzRY.exe
  C:\Windows\System\UwrQzRY.exe
  2⤵
  PID:2448
- C:\Windows\System\BxCPUHR.exe
  C:\Windows\System\BxCPUHR.exe
  2⤵
  PID:3892
- C:\Windows\System\ZJzUQID.exe
  C:\Windows\System\ZJzUQID.exe
  2⤵
  PID:3388
- C:\Windows\System\jdiFuQd.exe
  C:\Windows\System\jdiFuQd.exe
  2⤵
  PID:4132
- C:\Windows\System\OqKKIQm.exe
  C:\Windows\System\OqKKIQm.exe
  2⤵
  PID:4152
- C:\Windows\System\vvAGMTq.exe
  C:\Windows\System\vvAGMTq.exe
  2⤵
  PID:4176
- C:\Windows\System\vBWJMCw.exe
  C:\Windows\System\vBWJMCw.exe
  2⤵
  PID:4216
- C:\Windows\System\piayXul.exe
  C:\Windows\System\piayXul.exe
  2⤵
  PID:4236
- C:\Windows\System\Ypaaieh.exe
  C:\Windows\System\Ypaaieh.exe
  2⤵
  PID:4300
- C:\Windows\System\eUTxQqi.exe
  C:\Windows\System\eUTxQqi.exe
  2⤵
  PID:4336
- C:\Windows\System\YYkuaTF.exe
  C:\Windows\System\YYkuaTF.exe
  2⤵
  PID:4372
- C:\Windows\System\MmwjGka.exe
  C:\Windows\System\MmwjGka.exe
  2⤵
  PID:4396
- C:\Windows\System\GcLlVth.exe
  C:\Windows\System\GcLlVth.exe
  2⤵
  PID:4456
- C:\Windows\System\GZMEVWf.exe
  C:\Windows\System\GZMEVWf.exe
  2⤵
  PID:4440
- C:\Windows\System\WLbkUok.exe
  C:\Windows\System\WLbkUok.exe
  2⤵
  PID:4484
- C:\Windows\System\OoVuKnf.exe
  C:\Windows\System\OoVuKnf.exe
  2⤵
  PID:4524
- C:\Windows\System\fIMLzjp.exe
  C:\Windows\System\fIMLzjp.exe
  2⤵
  PID:4588
- C:\Windows\System\hsOpGzW.exe
  C:\Windows\System\hsOpGzW.exe
  2⤵
  PID:4600
- C:\Windows\System\DtpfpPp.exe
  C:\Windows\System\DtpfpPp.exe
  2⤵
  PID:4604
- C:\Windows\System\lZaREHZ.exe
  C:\Windows\System\lZaREHZ.exe
  2⤵
  PID:4644
- C:\Windows\System\iCnlcQE.exe
  C:\Windows\System\iCnlcQE.exe
  2⤵
  PID:4700
- C:\Windows\System\WtkZMSB.exe
  C:\Windows\System\WtkZMSB.exe
  2⤵
  PID:4720
- C:\Windows\System\VbzQxjl.exe
  C:\Windows\System\VbzQxjl.exe
  2⤵
  PID:4744
- C:\Windows\System\ZjOLIQC.exe
  C:\Windows\System\ZjOLIQC.exe
  2⤵
  PID:4792
- C:\Windows\System\axZOcau.exe
  C:\Windows\System\axZOcau.exe
  2⤵
  PID:4812
- C:\Windows\System\hItTSsE.exe
  C:\Windows\System\hItTSsE.exe
  2⤵
  PID:4864
- C:\Windows\System\GdHhSSV.exe
  C:\Windows\System\GdHhSSV.exe
  2⤵
  PID:4884
- C:\Windows\System\ilAoVTS.exe
  C:\Windows\System\ilAoVTS.exe
  2⤵
  PID:4948
- C:\Windows\System\XILaaop.exe
  C:\Windows\System\XILaaop.exe
  2⤵
  PID:4952
- C:\Windows\System\CcgxNQU.exe
  C:\Windows\System\CcgxNQU.exe
  2⤵
  PID:4972
- C:\Windows\System\UIOvmrJ.exe
  C:\Windows\System\UIOvmrJ.exe
  2⤵
  PID:5012
- C:\Windows\System\FLgVMNo.exe
  C:\Windows\System\FLgVMNo.exe
  2⤵
  PID:5052
- C:\Windows\System\VZXFHcp.exe
  C:\Windows\System\VZXFHcp.exe
  2⤵
  PID:5092
- C:\Windows\System\SXtZbES.exe
  C:\Windows\System\SXtZbES.exe
  2⤵
  PID:2432
- C:\Windows\System\djZpQRc.exe
  C:\Windows\System\djZpQRc.exe
  2⤵
  PID:2208
- C:\Windows\System\kwPLPzt.exe
  C:\Windows\System\kwPLPzt.exe
  2⤵
  PID:3504
- C:\Windows\System\QnDTPpJ.exe
  C:\Windows\System\QnDTPpJ.exe
  2⤵
  PID:3728
- C:\Windows\System\jsxguAL.exe
  C:\Windows\System\jsxguAL.exe
  2⤵
  PID:3952
- C:\Windows\System\YfjGGjH.exe
  C:\Windows\System\YfjGGjH.exe
  2⤵
  PID:1064
- C:\Windows\System\TJXhGYh.exe
  C:\Windows\System\TJXhGYh.exe
  2⤵
  PID:4040
- C:\Windows\System\LWiEvyB.exe
  C:\Windows\System\LWiEvyB.exe
  2⤵
  PID:4200
- C:\Windows\System\UDBvpzw.exe
  C:\Windows\System\UDBvpzw.exe
  2⤵
  PID:4272
- C:\Windows\System\QRmVByx.exe
  C:\Windows\System\QRmVByx.exe
  2⤵
  PID:4320
- C:\Windows\System\ZdcUqYY.exe
  C:\Windows\System\ZdcUqYY.exe
  2⤵
  PID:4356
- C:\Windows\System\QIvfpgA.exe
  C:\Windows\System\QIvfpgA.exe
  2⤵
  PID:4424
- C:\Windows\System\vinjaLW.exe
  C:\Windows\System\vinjaLW.exe
  2⤵
  PID:2744
- C:\Windows\System\neVzfcK.exe
  C:\Windows\System\neVzfcK.exe
  2⤵
  PID:4520
- C:\Windows\System\bKNwEng.exe
  C:\Windows\System\bKNwEng.exe
  2⤵
  PID:4576
- C:\Windows\System\itfyvSU.exe
  C:\Windows\System\itfyvSU.exe
  2⤵
  PID:4608
- C:\Windows\System\DrEfTiC.exe
  C:\Windows\System\DrEfTiC.exe
  2⤵
  PID:4660
- C:\Windows\System\yoDgqDJ.exe
  C:\Windows\System\yoDgqDJ.exe
  2⤵
  PID:4740
- C:\Windows\System\JMavxLj.exe
  C:\Windows\System\JMavxLj.exe
  2⤵
  PID:4768
- C:\Windows\System\XdtVXQj.exe
  C:\Windows\System\XdtVXQj.exe
  2⤵
  PID:4852
- C:\Windows\System\leTmJkY.exe
  C:\Windows\System\leTmJkY.exe
  2⤵
  PID:4908
- C:\Windows\System\NBhCUBc.exe
  C:\Windows\System\NBhCUBc.exe
  2⤵
  PID:2036
- C:\Windows\System\wxeiSxR.exe
  C:\Windows\System\wxeiSxR.exe
  2⤵
  PID:4976
- C:\Windows\System\FoOpDUG.exe
  C:\Windows\System\FoOpDUG.exe
  2⤵
  PID:5088
- C:\Windows\System\cIifMZs.exe
  C:\Windows\System\cIifMZs.exe
  2⤵
  PID:5112
- C:\Windows\System\XRNNDsc.exe
  C:\Windows\System\XRNNDsc.exe
  2⤵
  PID:2056
- C:\Windows\System\diCrsFu.exe
  C:\Windows\System\diCrsFu.exe
  2⤵
  PID:2872
- C:\Windows\System\gEYhmzj.exe
  C:\Windows\System\gEYhmzj.exe
  2⤵
  PID:3836
- C:\Windows\System\IDAFQzA.exe
  C:\Windows\System\IDAFQzA.exe
  2⤵
  PID:4156
- C:\Windows\System\XzRtwVr.exe
  C:\Windows\System\XzRtwVr.exe
  2⤵
  PID:4280
- C:\Windows\System\EAhbTOK.exe
  C:\Windows\System\EAhbTOK.exe
  2⤵
  PID:4252
- C:\Windows\System\SvYqKtx.exe
  C:\Windows\System\SvYqKtx.exe
  2⤵
  PID:4332
- C:\Windows\System\uNLUrOF.exe
  C:\Windows\System\uNLUrOF.exe
  2⤵
  PID:4488
- C:\Windows\System\RzkzgLc.exe
  C:\Windows\System\RzkzgLc.exe
  2⤵
  PID:4628
- C:\Windows\System\CfUxPjL.exe
  C:\Windows\System\CfUxPjL.exe
  2⤵
  PID:4680
- C:\Windows\System\TDiDWzI.exe
  C:\Windows\System\TDiDWzI.exe
  2⤵
  PID:4684
- C:\Windows\System\xvUHnsN.exe
  C:\Windows\System\xvUHnsN.exe
  2⤵
  PID:4772
- C:\Windows\System\xzAwcjt.exe
  C:\Windows\System\xzAwcjt.exe
  2⤵
  PID:4888
- C:\Windows\System\SAjQmTu.exe
  C:\Windows\System\SAjQmTu.exe
  2⤵
  PID:5016
- C:\Windows\System\PEykfCw.exe
  C:\Windows\System\PEykfCw.exe
  2⤵
  PID:236
- C:\Windows\System\VUGhXGU.exe
  C:\Windows\System\VUGhXGU.exe
  2⤵
  PID:5068
- C:\Windows\System\tlBtNAq.exe
  C:\Windows\System\tlBtNAq.exe
  2⤵
  PID:3768
- C:\Windows\System\aYnUvgk.exe
  C:\Windows\System\aYnUvgk.exe
  2⤵
  PID:2388
- C:\Windows\System\nrvjEeB.exe
  C:\Windows\System\nrvjEeB.exe
  2⤵
  PID:4112
- C:\Windows\System\HTxwhYK.exe
  C:\Windows\System\HTxwhYK.exe
  2⤵
  PID:4240
- C:\Windows\System\RwKQaEU.exe
  C:\Windows\System\RwKQaEU.exe
  2⤵
  PID:4500
- C:\Windows\System\tYKAbal.exe
  C:\Windows\System\tYKAbal.exe
  2⤵
  PID:4540
- C:\Windows\System\JwqIMAt.exe
  C:\Windows\System\JwqIMAt.exe
  2⤵
  PID:4528
- C:\Windows\System\lBTPSQZ.exe
  C:\Windows\System\lBTPSQZ.exe
  2⤵
  PID:656
- C:\Windows\System\ABQzhjn.exe
  C:\Windows\System\ABQzhjn.exe
  2⤵
  PID:1692
- C:\Windows\System\bOsnKia.exe
  C:\Windows\System\bOsnKia.exe
  2⤵
  PID:4868
- C:\Windows\System\MWwbdOp.exe
  C:\Windows\System\MWwbdOp.exe
  2⤵
  PID:4136
- C:\Windows\System\fATLBiO.exe
  C:\Windows\System\fATLBiO.exe
  2⤵
  PID:2924
- C:\Windows\System\NQTpdcm.exe
  C:\Windows\System\NQTpdcm.exe
  2⤵
  PID:4316
- C:\Windows\System\MVoTcxk.exe
  C:\Windows\System\MVoTcxk.exe
  2⤵
  PID:2376
- C:\Windows\System\zGQKOBP.exe
  C:\Windows\System\zGQKOBP.exe
  2⤵
  PID:5128
- C:\Windows\System\tjJibOZ.exe
  C:\Windows\System\tjJibOZ.exe
  2⤵
  PID:5148
- C:\Windows\System\zNfqeOP.exe
  C:\Windows\System\zNfqeOP.exe
  2⤵
  PID:5168
- C:\Windows\System\JNZOyox.exe
  C:\Windows\System\JNZOyox.exe
  2⤵
  PID:5188
- C:\Windows\System\wkLIXbX.exe
  C:\Windows\System\wkLIXbX.exe
  2⤵
  PID:5208
- C:\Windows\System\TWdovfj.exe
  C:\Windows\System\TWdovfj.exe
  2⤵
  PID:5228
- C:\Windows\System\egobxgP.exe
  C:\Windows\System\egobxgP.exe
  2⤵
  PID:5248
- C:\Windows\System\LRydsKF.exe
  C:\Windows\System\LRydsKF.exe
  2⤵
  PID:5272
- C:\Windows\System\VHPrlgW.exe
  C:\Windows\System\VHPrlgW.exe
  2⤵
  PID:5292
- C:\Windows\System\wYvBQtE.exe
  C:\Windows\System\wYvBQtE.exe
  2⤵
  PID:5312
- C:\Windows\System\eDVoHes.exe
  C:\Windows\System\eDVoHes.exe
  2⤵
  PID:5332
- C:\Windows\System\vqCJtvN.exe
  C:\Windows\System\vqCJtvN.exe
  2⤵
  PID:5356
- C:\Windows\System\EbrdBFT.exe
  C:\Windows\System\EbrdBFT.exe
  2⤵
  PID:5376
- C:\Windows\System\FMxSiuY.exe
  C:\Windows\System\FMxSiuY.exe
  2⤵
  PID:5396
- C:\Windows\System\AVOXAir.exe
  C:\Windows\System\AVOXAir.exe
  2⤵
  PID:5416
- C:\Windows\System\BQpyDDx.exe
  C:\Windows\System\BQpyDDx.exe
  2⤵
  PID:5436
- C:\Windows\System\OdqYFXG.exe
  C:\Windows\System\OdqYFXG.exe
  2⤵
  PID:5456
- C:\Windows\System\OKQVvui.exe
  C:\Windows\System\OKQVvui.exe
  2⤵
  PID:5476
- C:\Windows\System\BiLftcn.exe
  C:\Windows\System\BiLftcn.exe
  2⤵
  PID:5496
- C:\Windows\System\JpiSGGC.exe
  C:\Windows\System\JpiSGGC.exe
  2⤵
  PID:5516
- C:\Windows\System\Kwosebm.exe
  C:\Windows\System\Kwosebm.exe
  2⤵
  PID:5536
- C:\Windows\System\uvmcdNJ.exe
  C:\Windows\System\uvmcdNJ.exe
  2⤵
  PID:5556
- C:\Windows\System\xBYYtHr.exe
  C:\Windows\System\xBYYtHr.exe
  2⤵
  PID:5576
- C:\Windows\System\gZWfudW.exe
  C:\Windows\System\gZWfudW.exe
  2⤵
  PID:5596
- C:\Windows\System\KKwfHus.exe
  C:\Windows\System\KKwfHus.exe
  2⤵
  PID:5616
- C:\Windows\System\sNKAhtP.exe
  C:\Windows\System\sNKAhtP.exe
  2⤵
  PID:5636
- C:\Windows\System\GWRgqHm.exe
  C:\Windows\System\GWRgqHm.exe
  2⤵
  PID:5656
- C:\Windows\System\DRYcFLJ.exe
  C:\Windows\System\DRYcFLJ.exe
  2⤵
  PID:5680
- C:\Windows\System\tfGtMms.exe
  C:\Windows\System\tfGtMms.exe
  2⤵
  PID:5700
- C:\Windows\System\KiCjbtH.exe
  C:\Windows\System\KiCjbtH.exe
  2⤵
  PID:5724
- C:\Windows\System\zHbTvDY.exe
  C:\Windows\System\zHbTvDY.exe
  2⤵
  PID:5744
- C:\Windows\System\AcmSEsR.exe
  C:\Windows\System\AcmSEsR.exe
  2⤵
  PID:5764
- C:\Windows\System\nWdIihF.exe
  C:\Windows\System\nWdIihF.exe
  2⤵
  PID:5784
- C:\Windows\System\HexvOrG.exe
  C:\Windows\System\HexvOrG.exe
  2⤵
  PID:5804
- C:\Windows\System\LxOBshk.exe
  C:\Windows\System\LxOBshk.exe
  2⤵
  PID:5824
- C:\Windows\System\yoqCEZV.exe
  C:\Windows\System\yoqCEZV.exe
  2⤵
  PID:5844
- C:\Windows\System\GlZTdoU.exe
  C:\Windows\System\GlZTdoU.exe
  2⤵
  PID:5864
- C:\Windows\System\EnQQaha.exe
  C:\Windows\System\EnQQaha.exe
  2⤵
  PID:5884
- C:\Windows\System\svjazZF.exe
  C:\Windows\System\svjazZF.exe
  2⤵
  PID:5904
- C:\Windows\System\GIGYczb.exe
  C:\Windows\System\GIGYczb.exe
  2⤵
  PID:5924
- C:\Windows\System\huLAnEq.exe
  C:\Windows\System\huLAnEq.exe
  2⤵
  PID:5944
- C:\Windows\System\BreLmtC.exe
  C:\Windows\System\BreLmtC.exe
  2⤵
  PID:5964
- C:\Windows\System\NNXSheA.exe
  C:\Windows\System\NNXSheA.exe
  2⤵
  PID:5988
- C:\Windows\System\hokhiQZ.exe
  C:\Windows\System\hokhiQZ.exe
  2⤵
  PID:6008
- C:\Windows\System\fKSSYym.exe
  C:\Windows\System\fKSSYym.exe
  2⤵
  PID:6032
- C:\Windows\System\PPwUlSQ.exe
  C:\Windows\System\PPwUlSQ.exe
  2⤵
  PID:6052
- C:\Windows\System\CWOlYzb.exe
  C:\Windows\System\CWOlYzb.exe
  2⤵
  PID:6068
- C:\Windows\System\OZeUFDR.exe
  C:\Windows\System\OZeUFDR.exe
  2⤵
  PID:6120
- C:\Windows\System\BGibxMu.exe
  C:\Windows\System\BGibxMu.exe
  2⤵
  PID:4828
- C:\Windows\System\LuZRNFD.exe
  C:\Windows\System\LuZRNFD.exe
  2⤵
  PID:4904
- C:\Windows\System\LNXJafB.exe
  C:\Windows\System\LNXJafB.exe
  2⤵
  PID:4748
- C:\Windows\System\PdXerUy.exe
  C:\Windows\System\PdXerUy.exe
  2⤵
  PID:4380
- C:\Windows\System\KninHDn.exe
  C:\Windows\System\KninHDn.exe
  2⤵
  PID:5124
- C:\Windows\System\gdjhLpx.exe
  C:\Windows\System\gdjhLpx.exe
  2⤵
  PID:2928
- C:\Windows\System\XRsTsvq.exe
  C:\Windows\System\XRsTsvq.exe
  2⤵
  PID:5140
- C:\Windows\System\RFvxpIM.exe
  C:\Windows\System\RFvxpIM.exe
  2⤵
  PID:2648
- C:\Windows\System\zDZNwrF.exe
  C:\Windows\System\zDZNwrF.exe
  2⤵
  PID:5260
- C:\Windows\System\AoGnXhY.exe
  C:\Windows\System\AoGnXhY.exe
  2⤵
  PID:5308
- C:\Windows\System\aBhDEWU.exe
  C:\Windows\System\aBhDEWU.exe
  2⤵
  PID:5352
- C:\Windows\System\lPHqnyF.exe
  C:\Windows\System\lPHqnyF.exe
  2⤵
  PID:5404
- C:\Windows\System\MTswSgi.exe
  C:\Windows\System\MTswSgi.exe
  2⤵
  PID:5424
- C:\Windows\System\MXemIkC.exe
  C:\Windows\System\MXemIkC.exe
  2⤵
  PID:5464
- C:\Windows\System\XCCcpoU.exe
  C:\Windows\System\XCCcpoU.exe
  2⤵
  PID:5624
- C:\Windows\System\ZFpGvOS.exe
  C:\Windows\System\ZFpGvOS.exe
  2⤵
  PID:1624
- C:\Windows\System\EzVbGWL.exe
  C:\Windows\System\EzVbGWL.exe
  2⤵
  PID:5736
- C:\Windows\System\HwAfgEz.exe
  C:\Windows\System\HwAfgEz.exe
  2⤵
  PID:5752
- C:\Windows\System\AUVjdBQ.exe
  C:\Windows\System\AUVjdBQ.exe
  2⤵
  PID:5820
- C:\Windows\System\ZscJSQk.exe
  C:\Windows\System\ZscJSQk.exe
  2⤵
  PID:5816
- C:\Windows\System\TKqFoyH.exe
  C:\Windows\System\TKqFoyH.exe
  2⤵
  PID:5852
- C:\Windows\System\NxYgQsV.exe
  C:\Windows\System\NxYgQsV.exe
  2⤵
  PID:2836
- C:\Windows\System\CzRicIq.exe
  C:\Windows\System\CzRicIq.exe
  2⤵
  PID:2852
- C:\Windows\System\IhzYVbH.exe
  C:\Windows\System\IhzYVbH.exe
  2⤵
  PID:5940
- C:\Windows\System\BjcxxpG.exe
  C:\Windows\System\BjcxxpG.exe
  2⤵
  PID:5936
- C:\Windows\System\EmcgAlk.exe
  C:\Windows\System\EmcgAlk.exe
  2⤵
  PID:5980
- C:\Windows\System\gPaQQsk.exe
  C:\Windows\System\gPaQQsk.exe
  2⤵
  PID:2020
- C:\Windows\System\WTysFpE.exe
  C:\Windows\System\WTysFpE.exe
  2⤵
  PID:2396
- C:\Windows\System\Tpmxbfe.exe
  C:\Windows\System\Tpmxbfe.exe
  2⤵
  PID:6064
- C:\Windows\System\jMayMYg.exe
  C:\Windows\System\jMayMYg.exe
  2⤵
  PID:6048
- C:\Windows\System\laNMXQP.exe
  C:\Windows\System\laNMXQP.exe
  2⤵
  PID:1332
- C:\Windows\System\RmqqQdK.exe
  C:\Windows\System\RmqqQdK.exe
  2⤵
  PID:6132
- C:\Windows\System\cPTCtlG.exe
  C:\Windows\System\cPTCtlG.exe
  2⤵
  PID:6140
- C:\Windows\System\TDZNNxt.exe
  C:\Windows\System\TDZNNxt.exe
  2⤵
  PID:2620
- C:\Windows\System\bGhQPUb.exe
  C:\Windows\System\bGhQPUb.exe
  2⤵
  PID:2792
- C:\Windows\System\JokEgio.exe
  C:\Windows\System\JokEgio.exe
  2⤵
  PID:4992
- C:\Windows\System\WhBcLtm.exe
  C:\Windows\System\WhBcLtm.exe
  2⤵
  PID:2964
- C:\Windows\System\OfzliUA.exe
  C:\Windows\System\OfzliUA.exe
  2⤵
  PID:5180
- C:\Windows\System\NJOpXeW.exe
  C:\Windows\System\NJOpXeW.exe
  2⤵
  PID:5280
- C:\Windows\System\vVKegCF.exe
  C:\Windows\System\vVKegCF.exe
  2⤵
  PID:5340
- C:\Windows\System\TixZyvT.exe
  C:\Windows\System\TixZyvT.exe
  2⤵
  PID:5408
- C:\Windows\System\cdvPwjA.exe
  C:\Windows\System\cdvPwjA.exe
  2⤵
  PID:5368
- C:\Windows\System\GrkYXUr.exe
  C:\Windows\System\GrkYXUr.exe
  2⤵
  PID:3532
- C:\Windows\System\xaPFGoW.exe
  C:\Windows\System\xaPFGoW.exe
  2⤵
  PID:5224
- C:\Windows\System\AvaTJMX.exe
  C:\Windows\System\AvaTJMX.exe
  2⤵
  PID:5264
- C:\Windows\System\rIHhfLJ.exe
  C:\Windows\System\rIHhfLJ.exe
  2⤵
  PID:5696
- C:\Windows\System\uSUiJhh.exe
  C:\Windows\System\uSUiJhh.exe
  2⤵
  PID:5472
- C:\Windows\System\akVgRbj.exe
  C:\Windows\System\akVgRbj.exe
  2⤵
  PID:5720
- C:\Windows\System\EfaIXje.exe
  C:\Windows\System\EfaIXje.exe
  2⤵
  PID:5900
- C:\Windows\System\BxYNbtg.exe
  C:\Windows\System\BxYNbtg.exe
  2⤵
  PID:5856
- C:\Windows\System\QMIFIcq.exe
  C:\Windows\System\QMIFIcq.exe
  2⤵
  PID:1948
- C:\Windows\System\ghXpLvL.exe
  C:\Windows\System\ghXpLvL.exe
  2⤵
  PID:560
- C:\Windows\System\GjeLQAz.exe
  C:\Windows\System\GjeLQAz.exe
  2⤵
  PID:5960
- C:\Windows\System\DrRJJBT.exe
  C:\Windows\System\DrRJJBT.exe
  2⤵
  PID:1628
- C:\Windows\System\TkfaqNF.exe
  C:\Windows\System\TkfaqNF.exe
  2⤵
  PID:5512
- C:\Windows\System\qTTUkEW.exe
  C:\Windows\System\qTTUkEW.exe
  2⤵
  PID:6108
- C:\Windows\System\flmTCcu.exe
  C:\Windows\System\flmTCcu.exe
  2⤵
  PID:6080
- C:\Windows\System\KaxtETw.exe
  C:\Windows\System\KaxtETw.exe
  2⤵
  PID:6136
- C:\Windows\System\dqWiJQX.exe
  C:\Windows\System\dqWiJQX.exe
  2⤵
  PID:4384
- C:\Windows\System\QaECvfC.exe
  C:\Windows\System\QaECvfC.exe
  2⤵
  PID:5256
- C:\Windows\System\RKwIyVK.exe
  C:\Windows\System\RKwIyVK.exe
  2⤵
  PID:5200
- C:\Windows\System\NbuttSl.exe
  C:\Windows\System\NbuttSl.exe
  2⤵
  PID:320
- C:\Windows\System\lfuNFvm.exe
  C:\Windows\System\lfuNFvm.exe
  2⤵
  PID:5384
- C:\Windows\System\njIXJUI.exe
  C:\Windows\System\njIXJUI.exe
  2⤵
  PID:5176
- C:\Windows\System\IMIfGnU.exe
  C:\Windows\System\IMIfGnU.exe
  2⤵
  PID:1984
- C:\Windows\System\XCyvogT.exe
  C:\Windows\System\XCyvogT.exe
  2⤵
  PID:5780
- C:\Windows\System\FRSpdrX.exe
  C:\Windows\System\FRSpdrX.exe
  2⤵
  PID:5776
- C:\Windows\System\VyJMofH.exe
  C:\Windows\System\VyJMofH.exe
  2⤵
  PID:5156
- C:\Windows\System\XtlyWrx.exe
  C:\Windows\System\XtlyWrx.exe
  2⤵
  PID:6016
- C:\Windows\System\uPCPTHU.exe
  C:\Windows\System\uPCPTHU.exe
  2⤵
  PID:5932
- C:\Windows\System\uZpJqel.exe
  C:\Windows\System\uZpJqel.exe
  2⤵
  PID:5504
- C:\Windows\System\fortahD.exe
  C:\Windows\System\fortahD.exe
  2⤵
  PID:6028
- C:\Windows\System\NZQTJDb.exe
  C:\Windows\System\NZQTJDb.exe
  2⤵
  PID:1348
- C:\Windows\System\EhltIpg.exe
  C:\Windows\System\EhltIpg.exe
  2⤵
  PID:5568
- C:\Windows\System\EcakQVg.exe
  C:\Windows\System\EcakQVg.exe
  2⤵
  PID:5524
- C:\Windows\System\HDuJGAM.exe
  C:\Windows\System\HDuJGAM.exe
  2⤵
  PID:5324
- C:\Windows\System\HxjHviF.exe
  C:\Windows\System\HxjHviF.exe
  2⤵
  PID:5452
- C:\Windows\System\ydPKhTO.exe
  C:\Windows\System\ydPKhTO.exe
  2⤵
  PID:5564
- C:\Windows\System\rTxjOcb.exe
  C:\Windows\System\rTxjOcb.exe
  2⤵
  PID:5896
- C:\Windows\System\YCJMGui.exe
  C:\Windows\System\YCJMGui.exe
  2⤵
  PID:5588
- C:\Windows\System\uMyZdFC.exe
  C:\Windows\System\uMyZdFC.exe
  2⤵
  PID:5268
- C:\Windows\System\baKaOme.exe
  C:\Windows\System\baKaOme.exe
  2⤵
  PID:5672
- C:\Windows\System\IDLyZII.exe
  C:\Windows\System\IDLyZII.exe
  2⤵
  PID:6024
- C:\Windows\System\hbHlwMK.exe
  C:\Windows\System\hbHlwMK.exe
  2⤵
  PID:5996
- C:\Windows\System\HlYoFsY.exe
  C:\Windows\System\HlYoFsY.exe
  2⤵
  PID:6084
- C:\Windows\System\juvxfOB.exe
  C:\Windows\System\juvxfOB.exe
  2⤵
  PID:5552
- C:\Windows\System\TiJfnYX.exe
  C:\Windows\System\TiJfnYX.exe
  2⤵
  PID:4648
- C:\Windows\System\berRSDG.exe
  C:\Windows\System\berRSDG.exe
  2⤵
  PID:5392
- C:\Windows\System\qgKoXUi.exe
  C:\Windows\System\qgKoXUi.exe
  2⤵
  PID:5572
- C:\Windows\System\eGNBFtd.exe
  C:\Windows\System\eGNBFtd.exe
  2⤵
  PID:936
- C:\Windows\System\DizEHNe.exe
  C:\Windows\System\DizEHNe.exe
  2⤵
  PID:5612
- C:\Windows\System\FEbccIu.exe
  C:\Windows\System\FEbccIu.exe
  2⤵
  PID:5756
- C:\Windows\System\gwQkaqu.exe
  C:\Windows\System\gwQkaqu.exe
  2⤵
  PID:5880
- C:\Windows\System\Fjwaddv.exe
  C:\Windows\System\Fjwaddv.exe
  2⤵
  PID:2676
- C:\Windows\System\NzUzhOZ.exe
  C:\Windows\System\NzUzhOZ.exe
  2⤵
  PID:940
- C:\Windows\System\gImEanM.exe
  C:\Windows\System\gImEanM.exe
  2⤵
  PID:5328
- C:\Windows\System\DhCweKB.exe
  C:\Windows\System\DhCweKB.exe
  2⤵
  PID:5832
- C:\Windows\System\KWztkYa.exe
  C:\Windows\System\KWztkYa.exe
  2⤵
  PID:5796
- C:\Windows\System\xehLDtP.exe
  C:\Windows\System\xehLDtP.exe
  2⤵
  PID:5548
- C:\Windows\System\dPsjxTc.exe
  C:\Windows\System\dPsjxTc.exe
  2⤵
  PID:5644
- C:\Windows\System\ArNKgrf.exe
  C:\Windows\System\ArNKgrf.exe
  2⤵
  PID:5300
- C:\Windows\System\pPcXVFZ.exe
  C:\Windows\System\pPcXVFZ.exe
  2⤵
  PID:5288
- C:\Windows\System\AwTIRxZ.exe
  C:\Windows\System\AwTIRxZ.exe
  2⤵
  PID:5648
- C:\Windows\System\hnFnBoC.exe
  C:\Windows\System\hnFnBoC.exe
  2⤵
  PID:5840
- C:\Windows\System\zrvXLKp.exe
  C:\Windows\System\zrvXLKp.exe
  2⤵
  PID:6152
- C:\Windows\System\dyftvlv.exe
  C:\Windows\System\dyftvlv.exe
  2⤵
  PID:6168
- C:\Windows\System\ikMOjie.exe
  C:\Windows\System\ikMOjie.exe
  2⤵
  PID:6192
- C:\Windows\System\nSgWaHK.exe
  C:\Windows\System\nSgWaHK.exe
  2⤵
  PID:6208
- C:\Windows\System\NxxYvdq.exe
  C:\Windows\System\NxxYvdq.exe
  2⤵
  PID:6232
- C:\Windows\System\YTorJHK.exe
  C:\Windows\System\YTorJHK.exe
  2⤵
  PID:6252
- C:\Windows\System\fEwjQPP.exe
  C:\Windows\System\fEwjQPP.exe
  2⤵
  PID:6272
- C:\Windows\System\unexrhZ.exe
  C:\Windows\System\unexrhZ.exe
  2⤵
  PID:6292
- C:\Windows\System\OrEMryT.exe
  C:\Windows\System\OrEMryT.exe
  2⤵
  PID:6316
- C:\Windows\System\QqiuRLg.exe
  C:\Windows\System\QqiuRLg.exe
  2⤵
  PID:6332
- C:\Windows\System\xvbpFZY.exe
  C:\Windows\System\xvbpFZY.exe
  2⤵
  PID:6356
- C:\Windows\System\ayFlknI.exe
  C:\Windows\System\ayFlknI.exe
  2⤵
  PID:6372
- C:\Windows\System\IbVabFK.exe
  C:\Windows\System\IbVabFK.exe
  2⤵
  PID:6396
- C:\Windows\System\XnTeDus.exe
  C:\Windows\System\XnTeDus.exe
  2⤵
  PID:6412
- C:\Windows\System\gvLFmIy.exe
  C:\Windows\System\gvLFmIy.exe
  2⤵
  PID:6432
- C:\Windows\System\wnjXdkd.exe
  C:\Windows\System\wnjXdkd.exe
  2⤵
  PID:6452
- C:\Windows\System\dDDSoVB.exe
  C:\Windows\System\dDDSoVB.exe
  2⤵
  PID:6476
- C:\Windows\System\BXzVXkP.exe
  C:\Windows\System\BXzVXkP.exe
  2⤵
  PID:6496
- C:\Windows\System\VHKOUTS.exe
  C:\Windows\System\VHKOUTS.exe
  2⤵
  PID:6516
- C:\Windows\System\vPWwDLO.exe
  C:\Windows\System\vPWwDLO.exe
  2⤵
  PID:6536
- C:\Windows\System\okmUFva.exe
  C:\Windows\System\okmUFva.exe
  2⤵
  PID:6560
- C:\Windows\System\UyhfWTu.exe
  C:\Windows\System\UyhfWTu.exe
  2⤵
  PID:6584
- C:\Windows\System\GimvhPz.exe
  C:\Windows\System\GimvhPz.exe
  2⤵
  PID:6604
- C:\Windows\System\TamdMIp.exe
  C:\Windows\System\TamdMIp.exe
  2⤵
  PID:6620
- C:\Windows\System\CNvfpgx.exe
  C:\Windows\System\CNvfpgx.exe
  2⤵
  PID:6644
- C:\Windows\System\gTXTyOo.exe
  C:\Windows\System\gTXTyOo.exe
  2⤵
  PID:6660
- C:\Windows\System\LVWSqhk.exe
  C:\Windows\System\LVWSqhk.exe
  2⤵
  PID:6680
- C:\Windows\System\brLrDHD.exe
  C:\Windows\System\brLrDHD.exe
  2⤵
  PID:6700
- C:\Windows\System\aASHJnV.exe
  C:\Windows\System\aASHJnV.exe
  2⤵
  PID:6716
- C:\Windows\System\ABGNxjt.exe
  C:\Windows\System\ABGNxjt.exe
  2⤵
  PID:6736
- C:\Windows\System\rWOloQW.exe
  C:\Windows\System\rWOloQW.exe
  2⤵
  PID:6752
- C:\Windows\System\wxBvkqk.exe
  C:\Windows\System\wxBvkqk.exe
  2⤵
  PID:6784
- C:\Windows\System\sbtGNRx.exe
  C:\Windows\System\sbtGNRx.exe
  2⤵
  PID:6804
- C:\Windows\System\jzLuFQO.exe
  C:\Windows\System\jzLuFQO.exe
  2⤵
  PID:6820
- C:\Windows\System\TPJSjXP.exe
  C:\Windows\System\TPJSjXP.exe
  2⤵
  PID:6840
- C:\Windows\System\VrztjkW.exe
  C:\Windows\System\VrztjkW.exe
  2⤵
  PID:6860
- C:\Windows\System\nuiZtvB.exe
  C:\Windows\System\nuiZtvB.exe
  2⤵
  PID:6880
- C:\Windows\System\fYJesPw.exe
  C:\Windows\System\fYJesPw.exe
  2⤵
  PID:6896
- C:\Windows\System\WVKMuYM.exe
  C:\Windows\System\WVKMuYM.exe
  2⤵
  PID:6924
- C:\Windows\System\BBAISCP.exe
  C:\Windows\System\BBAISCP.exe
  2⤵
  PID:6940
- C:\Windows\System\gwgXdFl.exe
  C:\Windows\System\gwgXdFl.exe
  2⤵
  PID:6964
- C:\Windows\System\qaUVofv.exe
  C:\Windows\System\qaUVofv.exe
  2⤵
  PID:6980
- C:\Windows\System\NenFkib.exe
  C:\Windows\System\NenFkib.exe
  2⤵
  PID:7000
- C:\Windows\System\dNQdQny.exe
  C:\Windows\System\dNQdQny.exe
  2⤵
  PID:7020
- C:\Windows\System\iyVDeyy.exe
  C:\Windows\System\iyVDeyy.exe
  2⤵
  PID:7040
- C:\Windows\System\ccvyrTm.exe
  C:\Windows\System\ccvyrTm.exe
  2⤵
  PID:7060
- C:\Windows\System\kowbWXM.exe
  C:\Windows\System\kowbWXM.exe
  2⤵
  PID:7084
- C:\Windows\System\Elbpufv.exe
  C:\Windows\System\Elbpufv.exe
  2⤵
  PID:7104
- C:\Windows\System\aEpUYwx.exe
  C:\Windows\System\aEpUYwx.exe
  2⤵
  PID:7124
- C:\Windows\System\KwEtapS.exe
  C:\Windows\System\KwEtapS.exe
  2⤵
  PID:7144
- C:\Windows\System\RJmtQjw.exe
  C:\Windows\System\RJmtQjw.exe
  2⤵
  PID:2508
- C:\Windows\System\AFxIMVU.exe
  C:\Windows\System\AFxIMVU.exe
  2⤵
  PID:6248
- C:\Windows\System\rgyKoQz.exe
  C:\Windows\System\rgyKoQz.exe
  2⤵
  PID:6264
- C:\Windows\System\oyTSQfN.exe
  C:\Windows\System\oyTSQfN.exe
  2⤵
  PID:6284
- C:\Windows\System\jTpMQXs.exe
  C:\Windows\System\jTpMQXs.exe
  2⤵
  PID:6340
- C:\Windows\System\pRxBDJH.exe
  C:\Windows\System\pRxBDJH.exe
  2⤵
  PID:6364
- C:\Windows\System\mqpeefT.exe
  C:\Windows\System\mqpeefT.exe
  2⤵
  PID:6392
- C:\Windows\System\KiLjLuk.exe
  C:\Windows\System\KiLjLuk.exe
  2⤵
  PID:6428
- C:\Windows\System\rmGKaMa.exe
  C:\Windows\System\rmGKaMa.exe
  2⤵
  PID:6472
- C:\Windows\System\pZlyvWg.exe
  C:\Windows\System\pZlyvWg.exe
  2⤵
  PID:6512
- C:\Windows\System\xrQDxpW.exe
  C:\Windows\System\xrQDxpW.exe
  2⤵
  PID:6528
- C:\Windows\System\JCDFKcy.exe
  C:\Windows\System\JCDFKcy.exe
  2⤵
  PID:6568
- C:\Windows\System\YLyignG.exe
  C:\Windows\System\YLyignG.exe
  2⤵
  PID:6596
- C:\Windows\System\JKbKTBX.exe
  C:\Windows\System\JKbKTBX.exe
  2⤵
  PID:6632
- C:\Windows\System\EnDOavj.exe
  C:\Windows\System\EnDOavj.exe
  2⤵
  PID:6656
- C:\Windows\System\hhfhWKv.exe
  C:\Windows\System\hhfhWKv.exe
  2⤵
  PID:6712
- C:\Windows\System\eVJsRbh.exe
  C:\Windows\System\eVJsRbh.exe
  2⤵
  PID:6688
- C:\Windows\System\OBpIwLS.exe
  C:\Windows\System\OBpIwLS.exe
  2⤵
  PID:6724
- C:\Windows\System\dYrjUGr.exe
  C:\Windows\System\dYrjUGr.exe
  2⤵
  PID:6764
- C:\Windows\System\aBPZqIa.exe
  C:\Windows\System\aBPZqIa.exe
  2⤵
  PID:6776
- C:\Windows\System\TmLcKZK.exe
  C:\Windows\System\TmLcKZK.exe
  2⤵
  PID:6832
- C:\Windows\System\xTXFAGg.exe
  C:\Windows\System\xTXFAGg.exe
  2⤵
  PID:6816
- C:\Windows\System\cvrkoDj.exe
  C:\Windows\System\cvrkoDj.exe
  2⤵
  PID:6872
- C:\Windows\System\dofeHUd.exe
  C:\Windows\System\dofeHUd.exe
  2⤵
  PID:6908
- C:\Windows\System\CxPDZvp.exe
  C:\Windows\System\CxPDZvp.exe
  2⤵
  PID:6936
- C:\Windows\System\suwlHwd.exe
  C:\Windows\System\suwlHwd.exe
  2⤵
  PID:7068
- C:\Windows\System\wpwfPIS.exe
  C:\Windows\System\wpwfPIS.exe
  2⤵
  PID:7132
- C:\Windows\System\falfnNX.exe
  C:\Windows\System\falfnNX.exe
  2⤵
  PID:7048
- C:\Windows\System\zHxapgc.exe
  C:\Windows\System\zHxapgc.exe
  2⤵
  PID:6532
- C:\Windows\System\MFGYWgm.exe
  C:\Windows\System\MFGYWgm.exe
  2⤵
  PID:6020
- C:\Windows\System\YVlCzww.exe
  C:\Windows\System\YVlCzww.exe
  2⤵
  PID:6280
- C:\Windows\System\GFYkaqf.exe
  C:\Windows\System\GFYkaqf.exe
  2⤵
  PID:6312
- C:\Windows\System\BEobgYX.exe
  C:\Windows\System\BEobgYX.exe
  2⤵
  PID:6348
- C:\Windows\System\CblawNZ.exe
  C:\Windows\System\CblawNZ.exe
  2⤵
  PID:6444
- C:\Windows\System\CgHLLFE.exe
  C:\Windows\System\CgHLLFE.exe
  2⤵
  PID:5668
- C:\Windows\System\GdEKuiW.exe
  C:\Windows\System\GdEKuiW.exe
  2⤵
  PID:6504
- C:\Windows\System\VqVUGmM.exe
  C:\Windows\System\VqVUGmM.exe
  2⤵
  PID:6572
- C:\Windows\System\xYrhcfW.exe
  C:\Windows\System\xYrhcfW.exe
  2⤵
  PID:7160
- C:\Windows\System\BOsEuTF.exe
  C:\Windows\System\BOsEuTF.exe
  2⤵
  PID:6744
- C:\Windows\System\waazVsi.exe
  C:\Windows\System\waazVsi.exe
  2⤵
  PID:6888
- C:\Windows\System\pNsjaNV.exe
  C:\Windows\System\pNsjaNV.exe
  2⤵
  PID:6920
- C:\Windows\System\lfbvNda.exe
  C:\Windows\System\lfbvNda.exe
  2⤵
  PID:6948
- C:\Windows\System\Uhinoiq.exe
  C:\Windows\System\Uhinoiq.exe
  2⤵
  PID:6960
- C:\Windows\System\FGbDdwZ.exe
  C:\Windows\System\FGbDdwZ.exe
  2⤵
  PID:6992
- C:\Windows\System\DslAvOn.exe
  C:\Windows\System\DslAvOn.exe
  2⤵
  PID:6812
- C:\Windows\System\rbPoqfq.exe
  C:\Windows\System\rbPoqfq.exe
  2⤵
  PID:7120
- C:\Windows\System\ilLxXJy.exe
  C:\Windows\System\ilLxXJy.exe
  2⤵
  PID:7096
- C:\Windows\System\EPYOCsg.exe
  C:\Windows\System\EPYOCsg.exe
  2⤵
  PID:5652
- C:\Windows\System\piJUAWx.exe
  C:\Windows\System\piJUAWx.exe
  2⤵
  PID:6224
- C:\Windows\System\sqlNWpK.exe
  C:\Windows\System\sqlNWpK.exe
  2⤵
  PID:6164
- C:\Windows\System\WInyKgi.exe
  C:\Windows\System\WInyKgi.exe
  2⤵
  PID:6228
- C:\Windows\System\pNJrqSi.exe
  C:\Windows\System\pNJrqSi.exe
  2⤵
  PID:6380
- C:\Windows\System\iorzDrq.exe
  C:\Windows\System\iorzDrq.exe
  2⤵
  PID:6468
- C:\Windows\System\QCvjBup.exe
  C:\Windows\System\QCvjBup.exe
  2⤵
  PID:6440
- C:\Windows\System\KUIGgnf.exe
  C:\Windows\System\KUIGgnf.exe
  2⤵
  PID:7028
- C:\Windows\System\ufMaFoo.exe
  C:\Windows\System\ufMaFoo.exe
  2⤵
  PID:6576
- C:\Windows\System\CAHYJxt.exe
  C:\Windows\System\CAHYJxt.exe
  2⤵
  PID:6852
- C:\Windows\System\NEKSSHO.exe
  C:\Windows\System\NEKSSHO.exe
  2⤵
  PID:6876
- C:\Windows\System\XoFXsTF.exe
  C:\Windows\System\XoFXsTF.exe
  2⤵
  PID:6976
- C:\Windows\System\mRxoSwp.exe
  C:\Windows\System\mRxoSwp.exe
  2⤵
  PID:7092
- C:\Windows\System\CPeOWGr.exe
  C:\Windows\System\CPeOWGr.exe
  2⤵
  PID:7012
- C:\Windows\System\MaiEfTI.exe
  C:\Windows\System\MaiEfTI.exe
  2⤵
  PID:5604
- C:\Windows\System\TgCAWye.exe
  C:\Windows\System\TgCAWye.exe
  2⤵
  PID:6148
- C:\Windows\System\FvLrbYJ.exe
  C:\Windows\System\FvLrbYJ.exe
  2⤵
  PID:6160
- C:\Windows\System\nsuavWl.exe
  C:\Windows\System\nsuavWl.exe
  2⤵
  PID:6676
- C:\Windows\System\otQcLoA.exe
  C:\Windows\System\otQcLoA.exe
  2⤵
  PID:6484
- C:\Windows\System\sLCKDaS.exe
  C:\Windows\System\sLCKDaS.exe
  2⤵
  PID:6780
- C:\Windows\System\KtILdXX.exe
  C:\Windows\System\KtILdXX.exe
  2⤵
  PID:6904
- C:\Windows\System\jABVXIM.exe
  C:\Windows\System\jABVXIM.exe
  2⤵
  PID:6464
- C:\Windows\System\nrfNlOj.exe
  C:\Windows\System\nrfNlOj.exe
  2⤵
  PID:6204
- C:\Windows\System\EvSxUHV.exe
  C:\Windows\System\EvSxUHV.exe
  2⤵
  PID:6652
- C:\Windows\System\ZIeHSQL.exe
  C:\Windows\System\ZIeHSQL.exe
  2⤵
  PID:6868
- C:\Windows\System\xNIeGME.exe
  C:\Windows\System\xNIeGME.exe
  2⤵
  PID:6732
- C:\Windows\System\tscCwHz.exe
  C:\Windows\System\tscCwHz.exe
  2⤵
  PID:6268
- C:\Windows\System\vxauTjJ.exe
  C:\Windows\System\vxauTjJ.exe
  2⤵
  PID:6552
- C:\Windows\System\BRXsKoO.exe
  C:\Windows\System\BRXsKoO.exe
  2⤵
  PID:6972
- C:\Windows\System\vhGKShY.exe
  C:\Windows\System\vhGKShY.exe
  2⤵
  PID:6424
- C:\Windows\System\TLhkRtq.exe
  C:\Windows\System\TLhkRtq.exe
  2⤵
  PID:7152
- C:\Windows\System\ImXeTdj.exe
  C:\Windows\System\ImXeTdj.exe
  2⤵
  PID:6932
- C:\Windows\System\vmVplcd.exe
  C:\Windows\System\vmVplcd.exe
  2⤵
  PID:7180
- C:\Windows\System\bZTOFxL.exe
  C:\Windows\System\bZTOFxL.exe
  2⤵
  PID:7204
- C:\Windows\System\QtEzYRc.exe
  C:\Windows\System\QtEzYRc.exe
  2⤵
  PID:7220
- C:\Windows\System\GtghqnU.exe
  C:\Windows\System\GtghqnU.exe
  2⤵
  PID:7236
- C:\Windows\System\oGjpwnV.exe
  C:\Windows\System\oGjpwnV.exe
  2⤵
  PID:7252
- C:\Windows\System\tfdHVWj.exe
  C:\Windows\System\tfdHVWj.exe
  2⤵
  PID:7284
- C:\Windows\System\JkDLqct.exe
  C:\Windows\System\JkDLqct.exe
  2⤵
  PID:7300
- C:\Windows\System\tjfycuW.exe
  C:\Windows\System\tjfycuW.exe
  2⤵
  PID:7320
- C:\Windows\System\pJPAwxT.exe
  C:\Windows\System\pJPAwxT.exe
  2⤵
  PID:7340
- C:\Windows\System\fXIVvXV.exe
  C:\Windows\System\fXIVvXV.exe
  2⤵
  PID:7364
- C:\Windows\System\WydOwjY.exe
  C:\Windows\System\WydOwjY.exe
  2⤵
  PID:7380
- C:\Windows\System\SwqXGkE.exe
  C:\Windows\System\SwqXGkE.exe
  2⤵
  PID:7404
- C:\Windows\System\jIepZFG.exe
  C:\Windows\System\jIepZFG.exe
  2⤵
  PID:7420
- C:\Windows\System\kpLSNuL.exe
  C:\Windows\System\kpLSNuL.exe
  2⤵
  PID:7444
- C:\Windows\System\PEZQLAM.exe
  C:\Windows\System\PEZQLAM.exe
  2⤵
  PID:7468
- C:\Windows\System\XDMzNJF.exe
  C:\Windows\System\XDMzNJF.exe
  2⤵
  PID:7484
- C:\Windows\System\iFpWxbN.exe
  C:\Windows\System\iFpWxbN.exe
  2⤵
  PID:7504
- C:\Windows\System\KgORayr.exe
  C:\Windows\System\KgORayr.exe
  2⤵
  PID:7524
- C:\Windows\System\KzsFIwr.exe
  C:\Windows\System\KzsFIwr.exe
  2⤵
  PID:7544
- C:\Windows\System\mBPtKiD.exe
  C:\Windows\System\mBPtKiD.exe
  2⤵
  PID:7568
- C:\Windows\System\dnheYaE.exe
  C:\Windows\System\dnheYaE.exe
  2⤵
  PID:7584
- C:\Windows\System\KoLfbpD.exe
  C:\Windows\System\KoLfbpD.exe
  2⤵
  PID:7604
- C:\Windows\System\FHjgXfN.exe
  C:\Windows\System\FHjgXfN.exe
  2⤵
  PID:7624
- C:\Windows\System\YnlCFvM.exe
  C:\Windows\System\YnlCFvM.exe
  2⤵
  PID:7648
- C:\Windows\System\CLRgomZ.exe
  C:\Windows\System\CLRgomZ.exe
  2⤵
  PID:7664
- C:\Windows\System\HQuNnmh.exe
  C:\Windows\System\HQuNnmh.exe
  2⤵
  PID:7688
- C:\Windows\System\nnYnVgN.exe
  C:\Windows\System\nnYnVgN.exe
  2⤵
  PID:7704
- C:\Windows\System\nUSWYKf.exe
  C:\Windows\System\nUSWYKf.exe
  2⤵
  PID:7728
- C:\Windows\System\HHKDMzR.exe
  C:\Windows\System\HHKDMzR.exe
  2⤵
  PID:7744
- C:\Windows\System\pdQKSMR.exe
  C:\Windows\System\pdQKSMR.exe
  2⤵
  PID:7760
- C:\Windows\System\YjwQgci.exe
  C:\Windows\System\YjwQgci.exe
  2⤵
  PID:7784
- C:\Windows\System\NGPpTqC.exe
  C:\Windows\System\NGPpTqC.exe
  2⤵
  PID:7804
- C:\Windows\System\rcElXqs.exe
  C:\Windows\System\rcElXqs.exe
  2⤵
  PID:7824
- C:\Windows\System\fARPLrC.exe
  C:\Windows\System\fARPLrC.exe
  2⤵
  PID:7844
- C:\Windows\System\GNkSbEe.exe
  C:\Windows\System\GNkSbEe.exe
  2⤵
  PID:7860
- C:\Windows\System\iDwFEoI.exe
  C:\Windows\System\iDwFEoI.exe
  2⤵
  PID:7892
- C:\Windows\System\mjBtNme.exe
  C:\Windows\System\mjBtNme.exe
  2⤵
  PID:7908
- C:\Windows\System\JCeloOF.exe
  C:\Windows\System\JCeloOF.exe
  2⤵
  PID:7924
- C:\Windows\System\aklpNpo.exe
  C:\Windows\System\aklpNpo.exe
  2⤵
  PID:7944
- C:\Windows\System\jgIqEnP.exe
  C:\Windows\System\jgIqEnP.exe
  2⤵
  PID:7972
- C:\Windows\System\VaUVXVj.exe
  C:\Windows\System\VaUVXVj.exe
  2⤵
  PID:7988
- C:\Windows\System\MaBUsaj.exe
  C:\Windows\System\MaBUsaj.exe
  2⤵
  PID:8008
- C:\Windows\System\FSBfWVO.exe
  C:\Windows\System\FSBfWVO.exe
  2⤵
  PID:8024
- C:\Windows\System\mYhHlpF.exe
  C:\Windows\System\mYhHlpF.exe
  2⤵
  PID:8044
- C:\Windows\System\sdADvcD.exe
  C:\Windows\System\sdADvcD.exe
  2⤵
  PID:8064
- C:\Windows\System\WAkjRFu.exe
  C:\Windows\System\WAkjRFu.exe
  2⤵
  PID:8084
- C:\Windows\System\ZkzhYqy.exe
  C:\Windows\System\ZkzhYqy.exe
  2⤵
  PID:8100
- C:\Windows\System\HHXBXhD.exe
  C:\Windows\System\HHXBXhD.exe
  2⤵
  PID:8120
- C:\Windows\System\dsVRprt.exe
  C:\Windows\System\dsVRprt.exe
  2⤵
  PID:8152
- C:\Windows\System\WSnQdXV.exe
  C:\Windows\System\WSnQdXV.exe
  2⤵
  PID:8172
- C:\Windows\System\bNZZIQU.exe
  C:\Windows\System\bNZZIQU.exe
  2⤵
  PID:8188
- C:\Windows\System\rrKBlfp.exe
  C:\Windows\System\rrKBlfp.exe
  2⤵
  PID:7176
- C:\Windows\System\BDxNkAD.exe
  C:\Windows\System\BDxNkAD.exe
  2⤵
  PID:7228
- C:\Windows\System\ySBcKRd.exe
  C:\Windows\System\ySBcKRd.exe
  2⤵
  PID:7264
- C:\Windows\System\UDVzbgs.exe
  C:\Windows\System\UDVzbgs.exe
  2⤵
  PID:7244
- C:\Windows\System\DvMdAYp.exe
  C:\Windows\System\DvMdAYp.exe
  2⤵
  PID:7296
- C:\Windows\System\iDESZGv.exe
  C:\Windows\System\iDESZGv.exe
  2⤵
  PID:7348
- C:\Windows\System\PUnWIGe.exe
  C:\Windows\System\PUnWIGe.exe
  2⤵
  PID:7372
- C:\Windows\System\JZjeXJQ.exe
  C:\Windows\System\JZjeXJQ.exe
  2⤵
  PID:7412
- C:\Windows\System\oNLcAIF.exe
  C:\Windows\System\oNLcAIF.exe
  2⤵
  PID:7436
- C:\Windows\System\drIsXWt.exe
  C:\Windows\System\drIsXWt.exe
  2⤵
  PID:7460
- C:\Windows\System\cIodxHT.exe
  C:\Windows\System\cIodxHT.exe
  2⤵
  PID:7512
- C:\Windows\System\KSFtnay.exe
  C:\Windows\System\KSFtnay.exe
  2⤵
  PID:7492
- C:\Windows\System\FSBeGpL.exe
  C:\Windows\System\FSBeGpL.exe
  2⤵
  PID:7556
- C:\Windows\System\DsDiQkP.exe
  C:\Windows\System\DsDiQkP.exe
  2⤵
  PID:7600
- C:\Windows\System\nJrFnIk.exe
  C:\Windows\System\nJrFnIk.exe
  2⤵
  PID:7636
- C:\Windows\System\OAPSfVx.exe
  C:\Windows\System\OAPSfVx.exe
  2⤵
  PID:7656
- C:\Windows\System\WTsSIXD.exe
  C:\Windows\System\WTsSIXD.exe
  2⤵
  PID:7696
- C:\Windows\System\RvnlFwD.exe
  C:\Windows\System\RvnlFwD.exe
  2⤵
  PID:7720
- C:\Windows\System\EZrwMXw.exe
  C:\Windows\System\EZrwMXw.exe
  2⤵
  PID:7756
- C:\Windows\System\rrDoIhi.exe
  C:\Windows\System\rrDoIhi.exe
  2⤵
  PID:7772
- C:\Windows\System\wroEhuV.exe
  C:\Windows\System\wroEhuV.exe
  2⤵
  PID:7800
- C:\Windows\System\iSiletD.exe
  C:\Windows\System\iSiletD.exe
  2⤵
  PID:7832
- C:\Windows\System\QNivLVE.exe
  C:\Windows\System\QNivLVE.exe
  2⤵
  PID:7872
- C:\Windows\System\NKDQQEz.exe
  C:\Windows\System\NKDQQEz.exe
  2⤵
  PID:7852
- C:\Windows\System\yFbaqOL.exe
  C:\Windows\System\yFbaqOL.exe
  2⤵
  PID:7916
- C:\Windows\System\vjLAtUE.exe
  C:\Windows\System\vjLAtUE.exe
  2⤵
  PID:7936
- C:\Windows\System\vQUdYFQ.exe
  C:\Windows\System\vQUdYFQ.exe
  2⤵
  PID:7964
- C:\Windows\System\vZCaAfn.exe
  C:\Windows\System\vZCaAfn.exe
  2⤵
  PID:7996
- C:\Windows\System\xkAAIHx.exe
  C:\Windows\System\xkAAIHx.exe
  2⤵
  PID:8016
- C:\Windows\System\DzMbtjT.exe
  C:\Windows\System\DzMbtjT.exe
  2⤵
  PID:8036
- C:\Windows\System\uYirTmD.exe
  C:\Windows\System\uYirTmD.exe
  2⤵
  PID:8112
- C:\Windows\System\BDRNSRc.exe
  C:\Windows\System\BDRNSRc.exe
  2⤵
  PID:8092
- C:\Windows\System\xoONNIL.exe
  C:\Windows\System\xoONNIL.exe
  2⤵
  PID:8140
- C:\Windows\System\sFvGAga.exe
  C:\Windows\System\sFvGAga.exe
  2⤵
  PID:8136
- C:\Windows\System\mfkFggS.exe
  C:\Windows\System\mfkFggS.exe
  2⤵
  PID:8168
- C:\Windows\System\XjWWblx.exe
  C:\Windows\System\XjWWblx.exe
  2⤵
  PID:8184
- C:\Windows\System\DLrMCVm.exe
  C:\Windows\System\DLrMCVm.exe
  2⤵
  PID:7276
- C:\Windows\System\idDhXXS.exe
  C:\Windows\System\idDhXXS.exe
  2⤵
  PID:7260
- C:\Windows\System\NCaYWtv.exe
  C:\Windows\System\NCaYWtv.exe
  2⤵
  PID:7360
- C:\Windows\System\aPVYidi.exe
  C:\Windows\System\aPVYidi.exe
  2⤵
  PID:7400
- C:\Windows\System\RQRjzFS.exe
  C:\Windows\System\RQRjzFS.exe
  2⤵
  PID:7456
- C:\Windows\System\xTNbVQf.exe
  C:\Windows\System\xTNbVQf.exe
  2⤵
  PID:7500
- C:\Windows\System\VndqsRx.exe
  C:\Windows\System\VndqsRx.exe
  2⤵
  PID:7620
- C:\Windows\System\zIAuawa.exe
  C:\Windows\System\zIAuawa.exe
  2⤵
  PID:7672
- C:\Windows\System\MwrJCsi.exe
  C:\Windows\System\MwrJCsi.exe
  2⤵
  PID:7736
- C:\Windows\System\wrneYRt.exe
  C:\Windows\System\wrneYRt.exe
  2⤵
  PID:7768
- C:\Windows\System\ueryExD.exe
  C:\Windows\System\ueryExD.exe
  2⤵
  PID:7840
- C:\Windows\System\JEBEDsB.exe
  C:\Windows\System\JEBEDsB.exe
  2⤵
  PID:7888
- C:\Windows\System\ZUATKsE.exe
  C:\Windows\System\ZUATKsE.exe
  2⤵
  PID:7960
- C:\Windows\System\woyDLLu.exe
  C:\Windows\System\woyDLLu.exe
  2⤵
  PID:8032
- C:\Windows\System\SFNCtIR.exe
  C:\Windows\System\SFNCtIR.exe
  2⤵
  PID:8056
- C:\Windows\System\ZcZxdfE.exe
  C:\Windows\System\ZcZxdfE.exe
  2⤵
  PID:8052
- C:\Windows\System\ejOGXAf.exe
  C:\Windows\System\ejOGXAf.exe
  2⤵
  PID:7196
- C:\Windows\System\NamHqZH.exe
  C:\Windows\System\NamHqZH.exe
  2⤵
  PID:7200
- C:\Windows\System\tcQFZgP.exe
  C:\Windows\System\tcQFZgP.exe
  2⤵
  PID:7316
- C:\Windows\System\lDlxRUM.exe
  C:\Windows\System\lDlxRUM.exe
  2⤵
  PID:7392
- C:\Windows\System\girdLJG.exe
  C:\Windows\System\girdLJG.exe
  2⤵
  PID:7452
- C:\Windows\System\WJLyKhs.exe
  C:\Windows\System\WJLyKhs.exe
  2⤵
  PID:7496
- C:\Windows\System\kukfxDr.exe
  C:\Windows\System\kukfxDr.exe
  2⤵
  PID:7580
- C:\Windows\System\toUFhJi.exe
  C:\Windows\System\toUFhJi.exe
  2⤵
  PID:7780
- C:\Windows\System\oiGfZGb.exe
  C:\Windows\System\oiGfZGb.exe
  2⤵
  PID:7812
- C:\Windows\System\EGigWxD.exe
  C:\Windows\System\EGigWxD.exe
  2⤵
  PID:7900
- C:\Windows\System\UjerwuZ.exe
  C:\Windows\System\UjerwuZ.exe
  2⤵
  PID:8080
- C:\Windows\System\TVWrHGX.exe
  C:\Windows\System\TVWrHGX.exe
  2⤵
  PID:7308
- C:\Windows\System\IUEDIga.exe
  C:\Windows\System\IUEDIga.exe
  2⤵
  PID:8116
- C:\Windows\System\oFgwRnf.exe
  C:\Windows\System\oFgwRnf.exe
  2⤵
  PID:7884
- C:\Windows\System\qbMlZif.exe
  C:\Windows\System\qbMlZif.exe
  2⤵
  PID:7336
- C:\Windows\System\TQVkhAD.exe
  C:\Windows\System\TQVkhAD.exe
  2⤵
  PID:7684
- C:\Windows\System\DLzhbSh.exe
  C:\Windows\System\DLzhbSh.exe
  2⤵
  PID:7792
- C:\Windows\System\KcqcIPU.exe
  C:\Windows\System\KcqcIPU.exe
  2⤵
  PID:7932
- C:\Windows\System\mafXxSK.exe
  C:\Windows\System\mafXxSK.exe
  2⤵
  PID:7980
- C:\Windows\System\BfrMolN.exe
  C:\Windows\System\BfrMolN.exe
  2⤵
  PID:7712
- C:\Windows\System\LynVCcD.exe
  C:\Windows\System\LynVCcD.exe
  2⤵
  PID:7516
- C:\Windows\System\FpaszpP.exe
  C:\Windows\System\FpaszpP.exe
  2⤵
  PID:8004
- C:\Windows\System\vdBaUUn.exe
  C:\Windows\System\vdBaUUn.exe
  2⤵
  PID:7332
- C:\Windows\System\ZmRJxxr.exe
  C:\Windows\System\ZmRJxxr.exe
  2⤵
  PID:8204
- C:\Windows\System\GgkyHvi.exe
  C:\Windows\System\GgkyHvi.exe
  2⤵
  PID:8220
- C:\Windows\System\pofTYdb.exe
  C:\Windows\System\pofTYdb.exe
  2⤵
  PID:8236
- C:\Windows\System\AlzxXlw.exe
  C:\Windows\System\AlzxXlw.exe
  2⤵
  PID:8252
- C:\Windows\System\pGgiPmS.exe
  C:\Windows\System\pGgiPmS.exe
  2⤵
  PID:8268
- C:\Windows\System\UHcJWjn.exe
  C:\Windows\System\UHcJWjn.exe
  2⤵
  PID:8284
- C:\Windows\System\vIVtPDg.exe
  C:\Windows\System\vIVtPDg.exe
  2⤵
  PID:8300
- C:\Windows\System\SZDkbPC.exe
  C:\Windows\System\SZDkbPC.exe
  2⤵
  PID:8316
- C:\Windows\System\MwNomht.exe
  C:\Windows\System\MwNomht.exe
  2⤵
  PID:8332
- C:\Windows\System\iOCuBwa.exe
  C:\Windows\System\iOCuBwa.exe
  2⤵
  PID:8348
- C:\Windows\System\medINZb.exe
  C:\Windows\System\medINZb.exe
  2⤵
  PID:8364
- C:\Windows\System\yWyypwC.exe
  C:\Windows\System\yWyypwC.exe
  2⤵
  PID:8380
- C:\Windows\System\HxhbdmZ.exe
  C:\Windows\System\HxhbdmZ.exe
  2⤵
  PID:8400
- C:\Windows\System\cLnHVBL.exe
  C:\Windows\System\cLnHVBL.exe
  2⤵
  PID:8416
- C:\Windows\System\PBJkzLp.exe
  C:\Windows\System\PBJkzLp.exe
  2⤵
  PID:8432
- C:\Windows\System\hpguobx.exe
  C:\Windows\System\hpguobx.exe
  2⤵
  PID:8448
- C:\Windows\System\OkCfByL.exe
  C:\Windows\System\OkCfByL.exe
  2⤵
  PID:8464
- C:\Windows\System\AxNGObB.exe
  C:\Windows\System\AxNGObB.exe
  2⤵
  PID:8480
- C:\Windows\System\bGKyYYL.exe
  C:\Windows\System\bGKyYYL.exe
  2⤵
  PID:8500
- C:\Windows\System\jQjitsG.exe
  C:\Windows\System\jQjitsG.exe
  2⤵
  PID:8516
- C:\Windows\System\ZbspCUd.exe
  C:\Windows\System\ZbspCUd.exe
  2⤵
  PID:8532
- C:\Windows\System\Fsosocd.exe
  C:\Windows\System\Fsosocd.exe
  2⤵
  PID:8548
- C:\Windows\System\CrrbmUI.exe
  C:\Windows\System\CrrbmUI.exe
  2⤵
  PID:8564
- C:\Windows\System\TkEaBmP.exe
  C:\Windows\System\TkEaBmP.exe
  2⤵
  PID:8580
- C:\Windows\System\vlMaDse.exe
  C:\Windows\System\vlMaDse.exe
  2⤵
  PID:8596
- C:\Windows\System\KTbGOkr.exe
  C:\Windows\System\KTbGOkr.exe
  2⤵
  PID:8612
- C:\Windows\System\IEdUqsc.exe
  C:\Windows\System\IEdUqsc.exe
  2⤵
  PID:8628
- C:\Windows\System\UoDnYWp.exe
  C:\Windows\System\UoDnYWp.exe
  2⤵
  PID:8644
- C:\Windows\System\YKURCsH.exe
  C:\Windows\System\YKURCsH.exe
  2⤵
  PID:8664
- C:\Windows\System\hyPXfnT.exe
  C:\Windows\System\hyPXfnT.exe
  2⤵
  PID:8680
- C:\Windows\System\QbSbPOF.exe
  C:\Windows\System\QbSbPOF.exe
  2⤵
  PID:8696
- C:\Windows\System\nKGVbSx.exe
  C:\Windows\System\nKGVbSx.exe
  2⤵
  PID:8712
- C:\Windows\System\YbgSkXT.exe
  C:\Windows\System\YbgSkXT.exe
  2⤵
  PID:8728
- C:\Windows\System\rEpqCJE.exe
  C:\Windows\System\rEpqCJE.exe
  2⤵
  PID:8752
- C:\Windows\System\vMxZOfL.exe
  C:\Windows\System\vMxZOfL.exe
  2⤵
  PID:8772
- C:\Windows\System\xffeHVC.exe
  C:\Windows\System\xffeHVC.exe
  2⤵
  PID:8796
- C:\Windows\System\XKuWYeQ.exe
  C:\Windows\System\XKuWYeQ.exe
  2⤵
  PID:8812
- C:\Windows\System\WTXDcQM.exe
  C:\Windows\System\WTXDcQM.exe
  2⤵
  PID:8828
- C:\Windows\System\eBhGPiV.exe
  C:\Windows\System\eBhGPiV.exe
  2⤵
  PID:8844
- C:\Windows\System\dtbWyOy.exe
  C:\Windows\System\dtbWyOy.exe
  2⤵
  PID:8864
- C:\Windows\System\bKJIROV.exe
  C:\Windows\System\bKJIROV.exe
  2⤵
  PID:8884
- C:\Windows\System\wKhzgPO.exe
  C:\Windows\System\wKhzgPO.exe
  2⤵
  PID:8900
- C:\Windows\System\gNoMshY.exe
  C:\Windows\System\gNoMshY.exe
  2⤵
  PID:8916
- C:\Windows\System\mNUPwYr.exe
  C:\Windows\System\mNUPwYr.exe
  2⤵
  PID:8948
- C:\Windows\System\eYrYBpx.exe
  C:\Windows\System\eYrYBpx.exe
  2⤵
  PID:8964
- C:\Windows\System\zVppZmU.exe
  C:\Windows\System\zVppZmU.exe
  2⤵
  PID:8984
- C:\Windows\System\EFQFATl.exe
  C:\Windows\System\EFQFATl.exe
  2⤵
  PID:9000
- C:\Windows\System\ZOwmRRF.exe
  C:\Windows\System\ZOwmRRF.exe
  2⤵
  PID:9016
- C:\Windows\System\iigvnYv.exe
  C:\Windows\System\iigvnYv.exe
  2⤵
  PID:9036
- C:\Windows\System\dAeJaRe.exe
  C:\Windows\System\dAeJaRe.exe
  2⤵
  PID:9052
- C:\Windows\System\hmevfTN.exe
  C:\Windows\System\hmevfTN.exe
  2⤵
  PID:9068
- C:\Windows\System\bNFKOKP.exe
  C:\Windows\System\bNFKOKP.exe
  2⤵
  PID:9084
- C:\Windows\System\LIxCYyd.exe
  C:\Windows\System\LIxCYyd.exe
  2⤵
  PID:9100
- C:\Windows\System\cQuLnts.exe
  C:\Windows\System\cQuLnts.exe
  2⤵
  PID:9116
- C:\Windows\System\DnIHkkp.exe
  C:\Windows\System\DnIHkkp.exe
  2⤵
  PID:9132
- C:\Windows\System\txBBMuK.exe
  C:\Windows\System\txBBMuK.exe
  2⤵
  PID:9156
- C:\Windows\System\BrVzTkD.exe
  C:\Windows\System\BrVzTkD.exe
  2⤵
  PID:9176
- C:\Windows\System\SnjanOA.exe
  C:\Windows\System\SnjanOA.exe
  2⤵
  PID:9192
- C:\Windows\System\jSvtnsK.exe
  C:\Windows\System\jSvtnsK.exe
  2⤵
  PID:9208
- C:\Windows\System\ssQVQrN.exe
  C:\Windows\System\ssQVQrN.exe
  2⤵
  PID:8196
- C:\Windows\System\mAJhHOe.exe
  C:\Windows\System\mAJhHOe.exe
  2⤵
  PID:8212
- C:\Windows\System\YgvEPJh.exe
  C:\Windows\System\YgvEPJh.exe
  2⤵
  PID:8276
- C:\Windows\System\tzFxlyd.exe
  C:\Windows\System\tzFxlyd.exe
  2⤵
  PID:8228
- C:\Windows\System\IzJjzhE.exe
  C:\Windows\System\IzJjzhE.exe
  2⤵
  PID:8308
- C:\Windows\System\FooLspJ.exe
  C:\Windows\System\FooLspJ.exe
  2⤵
  PID:8344
- C:\Windows\System\vLwgXWU.exe
  C:\Windows\System\vLwgXWU.exe
  2⤵
  PID:8360
- C:\Windows\System\aKvCTBj.exe
  C:\Windows\System\aKvCTBj.exe
  2⤵
  PID:8408
- C:\Windows\System\AIhKlsv.exe
  C:\Windows\System\AIhKlsv.exe
  2⤵
  PID:8428
- C:\Windows\System\AEqTipi.exe
  C:\Windows\System\AEqTipi.exe
  2⤵
  PID:8472
- C:\Windows\System\YRunASs.exe
  C:\Windows\System\YRunASs.exe
  2⤵
  - Access Token Manipulation: Create Process with Token
  PID:8496
- C:\Windows\System\xBYLgfp.exe
  C:\Windows\System\xBYLgfp.exe
  2⤵
  PID:8540
- C:\Windows\System\OWvfSzC.exe
  C:\Windows\System\OWvfSzC.exe
  2⤵
  PID:8560
- C:\Windows\System\beKacBN.exe
  C:\Windows\System\beKacBN.exe
  2⤵
  PID:8576
- C:\Windows\System\UAalTED.exe
  C:\Windows\System\UAalTED.exe
  2⤵
  PID:948
- C:\Windows\System\MjWiXdZ.exe
  C:\Windows\System\MjWiXdZ.exe
  2⤵
  PID:2960
- C:\Windows\System\rDaCFYz.exe
  C:\Windows\System\rDaCFYz.exe
  2⤵
  PID:8640
- C:\Windows\System\egJqVex.exe
  C:\Windows\System\egJqVex.exe
  2⤵
  PID:8620
- C:\Windows\System\Jjintnn.exe
  C:\Windows\System\Jjintnn.exe
  2⤵
  PID:8232
- C:\Windows\System\fXZIAZZ.exe
  C:\Windows\System\fXZIAZZ.exe
  2⤵
  PID:8376
- C:\Windows\System\oUvqYoD.exe
  C:\Windows\System\oUvqYoD.exe
  2⤵
  PID:2540
- C:\Windows\System\qIezGkF.exe
  C:\Windows\System\qIezGkF.exe
  2⤵
  PID:2512
- C:\Windows\System\DFMwCNM.exe
  C:\Windows\System\DFMwCNM.exe
  2⤵
  PID:8692
- C:\Windows\System\tbkXAgg.exe
  C:\Windows\System\tbkXAgg.exe
  2⤵
  PID:8768
- C:\Windows\System\QbBiijQ.exe
  C:\Windows\System\QbBiijQ.exe
  2⤵
  PID:8852
- C:\Windows\System\BGnqQsk.exe
  C:\Windows\System\BGnqQsk.exe
  2⤵
  PID:8840
- C:\Windows\System\seutrRj.exe
  C:\Windows\System\seutrRj.exe
  2⤵
  PID:8896
- C:\Windows\System\tNzgTGg.exe
  C:\Windows\System\tNzgTGg.exe
  2⤵
  PID:8908
- C:\Windows\System\zjbCOQd.exe
  C:\Windows\System\zjbCOQd.exe
  2⤵
  PID:8940
- C:\Windows\System\JpBRTWg.exe
  C:\Windows\System\JpBRTWg.exe
  2⤵
  PID:8972
- C:\Windows\System\OTUODVX.exe
  C:\Windows\System\OTUODVX.exe
  2⤵
  PID:9012
- C:\Windows\System\xiFqGNq.exe
  C:\Windows\System\xiFqGNq.exe
  2⤵
  PID:2216
- C:\Windows\System\ySFDYsm.exe
  C:\Windows\System\ySFDYsm.exe
  2⤵
  PID:9028
- C:\Windows\System\zQtIYMy.exe
  C:\Windows\System\zQtIYMy.exe
  2⤵
  PID:9140
- C:\Windows\System\vBkSDds.exe
  C:\Windows\System\vBkSDds.exe
  2⤵
  PID:9092
- C:\Windows\System\mGgIcGO.exe
  C:\Windows\System\mGgIcGO.exe
  2⤵
  PID:9152
- C:\Windows\System\HzGrujn.exe
  C:\Windows\System\HzGrujn.exe
  2⤵
  PID:832
- C:\Windows\System\rkCqTPa.exe
  C:\Windows\System\rkCqTPa.exe
  2⤵
  PID:2804
- C:\Windows\System\iknsFHZ.exe
  C:\Windows\System\iknsFHZ.exe
  2⤵
  PID:2976
- C:\Windows\System\JOuIIhy.exe
  C:\Windows\System\JOuIIhy.exe
  2⤵
  PID:7116
- C:\Windows\System\PAbvETd.exe
  C:\Windows\System\PAbvETd.exe
  2⤵
  PID:8244
- C:\Windows\System\iUQtgmp.exe
  C:\Windows\System\iUQtgmp.exe
  2⤵
  PID:8264
- C:\Windows\System\BUpWaDW.exe
  C:\Windows\System\BUpWaDW.exe
  2⤵
  PID:8388
- C:\Windows\System\kFgalfr.exe
  C:\Windows\System\kFgalfr.exe
  2⤵
  PID:8460
- C:\Windows\System\qrZQzkA.exe
  C:\Windows\System\qrZQzkA.exe
  2⤵
  PID:8588
- C:\Windows\System\HloVlQU.exe
  C:\Windows\System\HloVlQU.exe
  2⤵
  PID:8656
- C:\Windows\System\utlZvHo.exe
  C:\Windows\System\utlZvHo.exe
  2⤵
  PID:8708
- C:\Windows\System\pYdPWoe.exe
  C:\Windows\System\pYdPWoe.exe
  2⤵
  PID:8760
- C:\Windows\System\syxRVJO.exe
  C:\Windows\System\syxRVJO.exe
  2⤵
  PID:916
- C:\Windows\System\CxZXEIa.exe
  C:\Windows\System\CxZXEIa.exe
  2⤵
  PID:8780
- C:\Windows\System\pGKgCKY.exe
  C:\Windows\System\pGKgCKY.exe
  2⤵
  PID:8836
- C:\Windows\System\nZyyjQZ.exe
  C:\Windows\System\nZyyjQZ.exe
  2⤵
  PID:8932
- C:\Windows\System\bsvPBOk.exe
  C:\Windows\System\bsvPBOk.exe
  2⤵
  PID:9008
- C:\Windows\System\atfUkmp.exe
  C:\Windows\System\atfUkmp.exe
  2⤵
  PID:9112
- C:\Windows\System\erfMZKx.exe
  C:\Windows\System\erfMZKx.exe
  2⤵
  PID:8396
- C:\Windows\System\EslMZpw.exe
  C:\Windows\System\EslMZpw.exe
  2⤵
  PID:8688
- C:\Windows\System\SWSiScE.exe
  C:\Windows\System\SWSiScE.exe
  2⤵
  PID:2800
- C:\Windows\System\DDhhzfe.exe
  C:\Windows\System\DDhhzfe.exe
  2⤵
  PID:3016
- C:\Windows\System\hwzqWpq.exe
  C:\Windows\System\hwzqWpq.exe
  2⤵
  PID:8292
- C:\Windows\System\yIpyOCj.exe
  C:\Windows\System\yIpyOCj.exe
  2⤵
  PID:8444
- C:\Windows\System\JMqMzdX.exe
  C:\Windows\System\JMqMzdX.exe
  2⤵
  PID:8544
- C:\Windows\System\EXwJRkz.exe
  C:\Windows\System\EXwJRkz.exe
  2⤵
  PID:9032
- C:\Windows\System\Rztgaoq.exe
  C:\Windows\System\Rztgaoq.exe
  2⤵
  PID:8720
- C:\Windows\System\WfrsKMh.exe
  C:\Windows\System\WfrsKMh.exe
  2⤵
  PID:8736
- C:\Windows\System\ParzJCw.exe
  C:\Windows\System\ParzJCw.exe
  2⤵
  PID:8824
- C:\Windows\System\acIIYVh.exe
  C:\Windows\System\acIIYVh.exe
  2⤵
  PID:8928
- C:\Windows\System\vVFmRhl.exe
  C:\Windows\System\vVFmRhl.exe
  2⤵
  PID:9060
- C:\Windows\System\mxxSRBJ.exe
  C:\Windows\System\mxxSRBJ.exe
  2⤵
  PID:2832
- C:\Windows\System\nvNRStL.exe
  C:\Windows\System\nvNRStL.exe
  2⤵
  PID:2708
- C:\Windows\System\PIGHawA.exe
  C:\Windows\System\PIGHawA.exe
  2⤵
  PID:8260
- C:\Windows\System\EpRywfJ.exe
  C:\Windows\System\EpRywfJ.exe
  2⤵
  PID:8524
- C:\Windows\System\ApmbzAd.exe
  C:\Windows\System\ApmbzAd.exe
  2⤵
  PID:268
- C:\Windows\System\NXQXhhV.exe
  C:\Windows\System\NXQXhhV.exe
  2⤵
  PID:8892
- C:\Windows\System\HmpUGmN.exe
  C:\Windows\System\HmpUGmN.exe
  2⤵
  PID:9076
- C:\Windows\System\OkgTmea.exe
  C:\Windows\System\OkgTmea.exe
  2⤵
  PID:9128
- C:\Windows\System\HBJMLsU.exe
  C:\Windows\System\HBJMLsU.exe
  2⤵
  PID:3000
- C:\Windows\System\FFBMien.exe
  C:\Windows\System\FFBMien.exe
  2⤵
  PID:8572
- C:\Windows\System\gyTaete.exe
  C:\Windows\System\gyTaete.exe
  2⤵
  PID:9188
- C:\Windows\System\qnSlzpi.exe
  C:\Windows\System\qnSlzpi.exe
  2⤵
  PID:8976
- C:\Windows\System\cprftYb.exe
  C:\Windows\System\cprftYb.exe
  2⤵
  PID:1936
- C:\Windows\System\hUUaQnn.exe
  C:\Windows\System\hUUaQnn.exe
  2⤵
  PID:1548
- C:\Windows\System\AWidCwd.exe
  C:\Windows\System\AWidCwd.exe
  2⤵
  PID:2952
- C:\Windows\System\XBYhpBu.exe
  C:\Windows\System\XBYhpBu.exe
  2⤵
  PID:8488
- C:\Windows\System\jkhgqUY.exe
  C:\Windows\System\jkhgqUY.exe
  2⤵
  PID:7388
- C:\Windows\System\OsagAmn.exe
  C:\Windows\System\OsagAmn.exe
  2⤵
  PID:9228
- C:\Windows\System\hGpBgKL.exe
  C:\Windows\System\hGpBgKL.exe
  2⤵
  PID:9244
- C:\Windows\System\iBzTcYh.exe
  C:\Windows\System\iBzTcYh.exe
  2⤵
  PID:9264
- C:\Windows\System\FapMbLa.exe
  C:\Windows\System\FapMbLa.exe
  2⤵
  PID:9280
- C:\Windows\System\FqUGRIF.exe
  C:\Windows\System\FqUGRIF.exe
  2⤵
  PID:9304
- C:\Windows\System\RhLzYib.exe
  C:\Windows\System\RhLzYib.exe
  2⤵
  PID:9324
- C:\Windows\System\guOliVG.exe
  C:\Windows\System\guOliVG.exe
  2⤵
  PID:9344
- C:\Windows\System\NStCZxn.exe
  C:\Windows\System\NStCZxn.exe
  2⤵
  PID:9360
- C:\Windows\System\cwuYvGw.exe
  C:\Windows\System\cwuYvGw.exe
  2⤵
  PID:9376
- C:\Windows\System\piNScsE.exe
  C:\Windows\System\piNScsE.exe
  2⤵
  PID:9392
- C:\Windows\System\JSOKbIb.exe
  C:\Windows\System\JSOKbIb.exe
  2⤵
  PID:9416
- C:\Windows\System\TdgKNlC.exe
  C:\Windows\System\TdgKNlC.exe
  2⤵
  PID:9436
- C:\Windows\System\RwXkOfL.exe
  C:\Windows\System\RwXkOfL.exe
  2⤵
  PID:9472
- C:\Windows\System\ZbeudSJ.exe
  C:\Windows\System\ZbeudSJ.exe
  2⤵
  PID:9488
- C:\Windows\System\jiwDrri.exe
  C:\Windows\System\jiwDrri.exe
  2⤵
  PID:9508
- C:\Windows\System\kqKGDXC.exe
  C:\Windows\System\kqKGDXC.exe
  2⤵
  PID:9532
- C:\Windows\System\RONHpvy.exe
  C:\Windows\System\RONHpvy.exe
  2⤵
  PID:9588
- C:\Windows\System\hDcYZSS.exe
  C:\Windows\System\hDcYZSS.exe
  2⤵
  PID:9604
- C:\Windows\System\ZUDuZKm.exe
  C:\Windows\System\ZUDuZKm.exe
  2⤵
  PID:9628
- C:\Windows\System\MGvNxeT.exe
  C:\Windows\System\MGvNxeT.exe
  2⤵
  PID:9644
- C:\Windows\System\KdsEMiH.exe
  C:\Windows\System\KdsEMiH.exe
  2⤵
  PID:9660
- C:\Windows\System\tGQNtHl.exe
  C:\Windows\System\tGQNtHl.exe
  2⤵
  PID:9680
- C:\Windows\System\iOaUwqp.exe
  C:\Windows\System\iOaUwqp.exe
  2⤵
  PID:9704
- C:\Windows\System\SNNSViQ.exe
  C:\Windows\System\SNNSViQ.exe
  2⤵
  PID:9724
- C:\Windows\System\VLBBJur.exe
  C:\Windows\System\VLBBJur.exe
  2⤵
  PID:9748
- C:\Windows\System\JeSdShP.exe
  C:\Windows\System\JeSdShP.exe
  2⤵
  PID:9768
- C:\Windows\System\FLSfwyN.exe
  C:\Windows\System\FLSfwyN.exe
  2⤵
  PID:9784
- C:\Windows\System\UmyhxIh.exe
  C:\Windows\System\UmyhxIh.exe
  2⤵
  PID:9800
- C:\Windows\System\WSHflpg.exe
  C:\Windows\System\WSHflpg.exe
  2⤵
  PID:9828
- C:\Windows\System\LlszMQV.exe
  C:\Windows\System\LlszMQV.exe
  2⤵
  PID:9844
- C:\Windows\System\ggiKohU.exe
  C:\Windows\System\ggiKohU.exe
  2⤵
  PID:9868
- C:\Windows\System\BcuDlCj.exe
  C:\Windows\System\BcuDlCj.exe
  2⤵
  PID:9884
- C:\Windows\System\wvVrBLA.exe
  C:\Windows\System\wvVrBLA.exe
  2⤵
  PID:9908
- C:\Windows\System\gJKsKsg.exe
  C:\Windows\System\gJKsKsg.exe
  2⤵
  PID:9924
- C:\Windows\System\csVHvcC.exe
  C:\Windows\System\csVHvcC.exe
  2⤵
  PID:9948
- C:\Windows\System\VobjDiJ.exe
  C:\Windows\System\VobjDiJ.exe
  2⤵
  PID:9964
- C:\Windows\System\xmHCIwt.exe
  C:\Windows\System\xmHCIwt.exe
  2⤵
  PID:9988
- C:\Windows\System\Xquhgqq.exe
  C:\Windows\System\Xquhgqq.exe
  2⤵
  PID:10004
- C:\Windows\System\VPTbVRi.exe
  C:\Windows\System\VPTbVRi.exe
  2⤵
  PID:10020
- C:\Windows\System\ptLXNWc.exe
  C:\Windows\System\ptLXNWc.exe
  2⤵
  PID:10040
- C:\Windows\System\IVmFmJE.exe
  C:\Windows\System\IVmFmJE.exe
  2⤵
  PID:10056
- C:\Windows\System\ROKmfwV.exe
  C:\Windows\System\ROKmfwV.exe
  2⤵
  PID:10088
- C:\Windows\System\tWPeWwH.exe
  C:\Windows\System\tWPeWwH.exe
  2⤵
  PID:10104
- C:\Windows\System\YZWVmcy.exe
  C:\Windows\System\YZWVmcy.exe
  2⤵
  PID:10120
- C:\Windows\System\dTCiQXO.exe
  C:\Windows\System\dTCiQXO.exe
  2⤵
  PID:10136
- C:\Windows\System\PErHDqj.exe
  C:\Windows\System\PErHDqj.exe
  2⤵
  PID:10152
- C:\Windows\System\wXrurQe.exe
  C:\Windows\System\wXrurQe.exe
  2⤵
  PID:10168
- C:\Windows\System\uSDwXpt.exe
  C:\Windows\System\uSDwXpt.exe
  2⤵
  PID:10184
- C:\Windows\System\QBQzdJa.exe
  C:\Windows\System\QBQzdJa.exe
  2⤵
  PID:10204
- C:\Windows\System\wFvHRvU.exe
  C:\Windows\System\wFvHRvU.exe
  2⤵
  PID:10220
- C:\Windows\System\ZfcgoVF.exe
  C:\Windows\System\ZfcgoVF.exe
  2⤵
  PID:10236
- C:\Windows\System\FewgLfY.exe
  C:\Windows\System\FewgLfY.exe
  2⤵
  PID:9224
- C:\Windows\System\eSMoUPK.exe
  C:\Windows\System\eSMoUPK.exe
  2⤵
  PID:9256
- C:\Windows\System\OghuBcr.exe
  C:\Windows\System\OghuBcr.exe
  2⤵
  PID:9240
- C:\Windows\System\qZxWAsN.exe
  C:\Windows\System\qZxWAsN.exe
  2⤵
  PID:9272
- C:\Windows\System\ipKbsEH.exe
  C:\Windows\System\ipKbsEH.exe
  2⤵
  PID:9336
- C:\Windows\System\Rtzgpax.exe
  C:\Windows\System\Rtzgpax.exe
  2⤵
  PID:9356
- C:\Windows\System\eUvyoJc.exe
  C:\Windows\System\eUvyoJc.exe
  2⤵
  PID:9400
- C:\Windows\System\NdcGVwh.exe
  C:\Windows\System\NdcGVwh.exe
  2⤵
  PID:9428
- C:\Windows\System\uWKuEPL.exe
  C:\Windows\System\uWKuEPL.exe
  2⤵
  PID:9432
- C:\Windows\System\XIjbgfj.exe
  C:\Windows\System\XIjbgfj.exe
  2⤵
  PID:9496
- C:\Windows\System\HpkdyTN.exe
  C:\Windows\System\HpkdyTN.exe
  2⤵
  PID:9540
- C:\Windows\System\QECjpOF.exe
  C:\Windows\System\QECjpOF.exe
  2⤵
  PID:9520
- C:\Windows\System\ANTSHVT.exe
  C:\Windows\System\ANTSHVT.exe
  2⤵
  PID:9568
- C:\Windows\System\aCrqoHk.exe
  C:\Windows\System\aCrqoHk.exe
  2⤵
  PID:9584
- C:\Windows\System\qmTiGoi.exe
  C:\Windows\System\qmTiGoi.exe
  2⤵
  PID:9616
- C:\Windows\System\ypQjEBS.exe
  C:\Windows\System\ypQjEBS.exe
  2⤵
  PID:9692
- C:\Windows\System\vqRejiV.exe
  C:\Windows\System\vqRejiV.exe
  2⤵
  PID:9640
- C:\Windows\System\WMwvOid.exe
  C:\Windows\System\WMwvOid.exe
  2⤵
  PID:9716
- C:\Windows\System\hTtViGh.exe
  C:\Windows\System\hTtViGh.exe
  2⤵
  PID:9760
- C:\Windows\System\njOUJsb.exe
  C:\Windows\System\njOUJsb.exe
  2⤵
  PID:9900
- C:\Windows\System\cKndqxC.exe
  C:\Windows\System\cKndqxC.exe
  2⤵
  PID:9936
- C:\Windows\System\AuMMFHk.exe
  C:\Windows\System\AuMMFHk.exe
  2⤵
  PID:9972
- C:\Windows\System\UNFmgVs.exe
  C:\Windows\System\UNFmgVs.exe
  2⤵
  PID:9996
- C:\Windows\System\YlJmpgx.exe
  C:\Windows\System\YlJmpgx.exe
  2⤵
  PID:10068
- C:\Windows\System\UWfVZBr.exe
  C:\Windows\System\UWfVZBr.exe
  2⤵
  PID:10076
- C:\Windows\System\kZgdyRO.exe
  C:\Windows\System\kZgdyRO.exe
  2⤵
  PID:10116
- C:\Windows\System\MRQKzir.exe
  C:\Windows\System\MRQKzir.exe
  2⤵
  PID:10100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Defense Evasion

Access Token Manipulation

T1134

Create Process with Token

T1134.002

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CKdZbrN.exe

Filesize
6.0MB

MD5
1c139c164f5af564fdddf86480a09fce

SHA1
8e4e923b1c132d1a94300255ec0c2b50a5c3ed13

SHA256
f85734962ce778a2609cc7be69b0fc5fd55bf60ee21a3ada74ff597624c16b58

SHA512
961f8c560f28998c6219b19d5b597e02c80551733db6ff52a3c75d6f228c2e395a0f07ccc4856ad711cb36759ec2b17741e56f7e43bf7bbf27e1e2633c053cf2

Download Submit
C:\Windows\system\FWMydKQ.exe

Filesize
6.0MB

MD5
53d49e03395831147018132e27c1076c

SHA1
f7c033962ad9b56eeb4cdd28fdf92f0b46c81457

SHA256
db696a440f37f74b9b851c39a9bf2b7cbcc10fea4979de66c9c738d4c3d3a646

SHA512
a71bac5653d7f52d32bddb3c760d7e82085f51a53438958e0213e7928301ca6cb092a4070efc99875f334416bba29c69e92644f8aff1632a36ff197f1800dda0

Download Submit
C:\Windows\system\GCwZfWH.exe

Filesize
6.0MB

MD5
ff06cacb816b3eb09819c7e6e5710460

SHA1
351e5dde31150c4aeefc6fae51e685bff83d92d8

SHA256
65320d46ce82eb83284e84d7923f5fd1d5449032c3fb2c750b968ad8e086b017

SHA512
1b524d398872676798e22129b6abb79feaf5c77abeef3faad889d65a36cad3e7639eefda2b5f5a348c1368aa0cfe7381af7c90a2e1f4e34f484554ca05237157

Download Submit
C:\Windows\system\JVHlgUT.exe

Filesize
6.0MB

MD5
f56adfe570f6569c46fb18d76c456b6c

SHA1
9a5f5fb3e99f060167cf683eb5268376f42f7a04

SHA256
35af72cfc934af7d144655fd69148d5f78e3a45544cf80f1f4cfc02a422dab99

SHA512
b458c5c87a4e68bd62ef75a2ef9f97829306ea6ff41428b9f0223e9f86ddb6fa4f84daa43a0608fc54cd889e592326b8b7778ba32b82125806b9f54d4bad3565

Download Submit
C:\Windows\system\LLdbKnf.exe

Filesize
6.0MB

MD5
3edc7cfafeeb817f6b38e3d7ed8b0542

SHA1
f42544e3e59f306075706684417b8084037c138b

SHA256
741a9f1657ad7b861735bc526c2d2bb81b5d267bbe8c1f3cc59390ab62f6674a

SHA512
f09cabcc259409545279f200c12b19a7b597ba0b6a390b2ae22d1823ff0d79684f85a179088cf00b5762519e8d1f509942802e4c6e874af2fcd0992ef26c04a4

Download Submit
C:\Windows\system\QTRxCnz.exe

Filesize
6.0MB

MD5
e3584a6eb2ab405decd8106711769007

SHA1
c0fe3cea161165141a1f3c664f84546ac194063c

SHA256
667c5367cf7030c203646a93f2102369d4966c37efa4adce16eb953c29aac210

SHA512
61cb7042a7269edd2a9c0eb25151ea24f11dc2b5fafdd26f8622fa1a4c180e348830f96f984b220008e59327627e8afe8c08da8bbb312c0c4ff53c1d4be9222e

Download Submit
C:\Windows\system\QVpChhH.exe

Filesize
6.0MB

MD5
d8b92b5067e7b3fa9244b24960751fe0

SHA1
4ab5567bf785b8f8216a236dd91f659750c86087

SHA256
b3abc0f585876fbadbeafa08173e6ab682820e8d07ffd5e383303b5469b9bdbf

SHA512
ee1139d9479b181fce60676ddd0da785585dc365b19a076b35c90a90556c1097baf958a255c3521c91665a3082597b0358809332360a73579c650a10a68220db

Download Submit
C:\Windows\system\QpeigTf.exe

Filesize
6.0MB

MD5
bf837c791308c4dff648e0925b9d74a4

SHA1
8074ebc6a3740bbc174ce8fe9401fc0b02db39ac

SHA256
b872dd6be32a336b3538fe24c0b03411e8fe1345e48276f5cbab34073a7735f9

SHA512
be09592b206475b61021494faedd61aadee6b958c6f2e042b4a7ae29ad46e3fda55facb179f470d31bda99772201e17e2497b9be6801a2b2929f6e8b75df5b80

Download Submit
C:\Windows\system\UzNMvwF.exe

Filesize
6.0MB

MD5
ee580fede655269f9e34a6354b808f9b

SHA1
04db84529b1fb5e5edaf1a5ae78cbd65212b20b7

SHA256
365b2f7217c3102f3ad13649e8058b0d0a82bb0640aea10387d3ccb75a3ebbb2

SHA512
9949ed374710a0c3c3aeda0670cc36fc16358654736b531dc27e96790e5006e95da770f0c27b6757ae63ea9f936c16dd2067b1bb44b37ed1999dda9c0d99d08a

Download Submit
C:\Windows\system\WZgRMJt.exe

Filesize
6.0MB

MD5
a616283894b7d989f63aea7d3741ef9c

SHA1
605ddce875f0a8ad50f3ecfa291f7c05645f298c

SHA256
4b2fe9ac4f7763a8fa76fa38f2a0e40704fb41549f58b79b05cfcffe1ead38a2

SHA512
949ee09de00a01c8602cb90004b77fac9e230de24ed48b8d59c4e78080b1b5c29c7369a2ae5c7ec7fb4fb3f0d56df90ef89f2f8dffda3230e6aa1999709320bc

Download Submit
C:\Windows\system\XOZplCc.exe

Filesize
6.0MB

MD5
c5497b9caf410d16b520d72d8891b586

SHA1
61531f45c401c99762d2e71f2c379c118932a0ca

SHA256
a31b2c25a28e83c82b8c22424139d854cd55095b0c68c46de4cd20af62f7e5d1

SHA512
d4694ef65f404ef0c67121a4a6be63a3b474ab3f4cd0f9c5468fa371e098f409f592b39777d1b34b66ab6d1cdc06a580f1f0ed1da9b4718ac61a70fd3206ad3c

Download Submit
C:\Windows\system\ZJbGcEh.exe

Filesize
6.0MB

MD5
4e885a23771f4e98f28dfe922c5b3e95

SHA1
39253a655e35c4a9403b71602bb6313c73d01e47

SHA256
cbc4ce5634bbb76824d4f793d10d9470edc9dd02bbb59b3158328c3e2fb975ce

SHA512
f9c1458f3fb14b95cd1ec7075a58e3d73ffb184a3be8b8ce31936dc60f0bf74ed206b200db5a0c533e2d947435b32b34077fdde2e10934fc9445899ec8e471d8

Download Submit
C:\Windows\system\ZlBCrmT.exe

Filesize
6.0MB

MD5
e939612d7f6ab804a2419a657c6034e9

SHA1
60ba4fc0e874c93b3e3968a98e80f090f7ec6d78

SHA256
f5bf4a1ad177576a0612d226dbca318179c906c07f7d80ebb2fc8f3187d77808

SHA512
fc88efd43e333d07aaddc2cdbc86afa625236533eeb60cda0e138d331d014539e88e1b3d166559b2985ae154d9749f215a8c66912fab64e2d2140b3944cc3511

Download Submit
C:\Windows\system\aFWoHbu.exe

Filesize
6.0MB

MD5
3292b0ad0fc7c8d6022dc9d5b302f998

SHA1
818e6200ec00f722ba327928280177d5d808a006

SHA256
2a2c8bcf9262fced1782dff343ea28c90bc91ecd1b256911bf190833b58d111a

SHA512
adebd6affd2d81bab2a4f48ff68134d5f19e14fd0030ce785ae382bd1f65b93ad5c31b1b95bf5d24ef3b5073b61774ce36273dd34e96e74f83d608cddf1aff66

Download Submit
C:\Windows\system\bNXGZGd.exe

Filesize
6.0MB

MD5
0097705560b4f41266c5d6a1b2d409e6

SHA1
7419276366a1e548015a60407c3c7632988c3c0a

SHA256
779851a0192c172aee1d0c5a8b39a6579b156536ad61121ad7183cb622e8377f

SHA512
519c1abdf728db79f1c666268c51f8c77600c4008aca81ac08460f39100ab1c90df61b380f6195646ea79b63b0bafea2f026e36445bbfb82f506ed625f1e6808

Download Submit
C:\Windows\system\eMjNqVc.exe

Filesize
6.0MB

MD5
037a8d7f8d2b27da008a823aa1a6b9b2

SHA1
81d87b95e33e43afef9a2fd727eba73c3e833b92

SHA256
83c02310704e3c6a1f28a09a1743cd152026c0afc7245c20101f2a1e5c028715

SHA512
1afcc01c1725cd4b6a1ea2b1fb67936254d39f85b5dd3f917ce4f261723dc09cb5c260dff357b33070534f9565cf937b97ce15d964065cb86f7f3c2b7ce99128

Download Submit
C:\Windows\system\fHERPcn.exe

Filesize
6.0MB

MD5
0f038e79a604edf27a62a8913897656a

SHA1
7b41a7e10bd38c449f7468ea1c2a8ed969774cc6

SHA256
d0152940c2b1a54079ad05cafda57f76725ceec39dbe0a06c5d325c2587e7054

SHA512
c9f66f74029ed574e52276194d6cf39f6e199566207513b24200db5c22b40a7824b6d636c6f6fbbf63f5f8c7b9a20c2a51b9fd2e86c719a6a3f688735dc05dd0

Download Submit
C:\Windows\system\hGRYmIE.exe

Filesize
6.0MB

MD5
917f3ba02b4a061c08e55689e9950308

SHA1
6ea9e99373dc82745701eabb2a4e684dd2d7832e

SHA256
0eabb06dcf6f6b851ddf47fc98c4701885ffbd71a1c67be5906a2b5be429972b

SHA512
6efe5a6190e9879cb36f6ecceb7ba480e7a4db84ef2182335f1ebad7eb9838441869538e3fc8f52ce4e5cf51ff3a15571d44bf898977bba51c283422ebe85c0e

Download Submit
C:\Windows\system\hovySQM.exe

Filesize
6.0MB

MD5
cfbaa5ce2feebecb3093ca86ba9c0721

SHA1
f899eac553eb11ac6af26042efd8c741198c00ca

SHA256
79bcd27aa63883dff046bc06cbe2eb8d9118ade1db78a5da364a8051f7c38154

SHA512
1666db7da44c95470afe768e70b68d5a4da97abb6b353896286970553a3b393b4eda7a5f708ba3ab71153fcee19ba75538e6f13197035b428db1e1a46f4b0403

Download Submit
C:\Windows\system\jNesOic.exe

Filesize
6.0MB

MD5
bac5be0d958c6bbe5c0e34bc3a7b81be

SHA1
03e036f18727c7105f59d512088eeae2cd8b2836

SHA256
90998554573820e535343dedbc2d41e9df497e3be6e2474a92359e1255b6c1d5

SHA512
67d0f74e1b1fe6d924287820272a6a8d3ae2cb1f6035ca712b6b90559b6270242be10b1efdb11e076f62b92e9fe8ee7894a021f44d9c9bc4d59269a4891bca9e

Download Submit
C:\Windows\system\lfftepP.exe

Filesize
6.0MB

MD5
a850f70395814c516d95a593e4728ad6

SHA1
1e20649309213072ce456f8213d3dcf9600f9df7

SHA256
692de2f1d2bacdf9660885493e4a67cc6f4c6a73a613bf360259b69682516885

SHA512
7e6a36f0cadfb64785567ff77a97213dfe7ba61a5086cedc6d9e6a04d7bc3da7b604046903675dca45b4e87b638a1a7670ca676d831cd7513f7d5277e86da51a

Download Submit
C:\Windows\system\mDzDdyP.exe

Filesize
6.0MB

MD5
a511753bbe10c9df3bd5718e329825bf

SHA1
bb5c35b961fa8fbeaee71de1bd472d36063efb9c

SHA256
6f5c4640a967fc9d424ac54e287dd97e1efbe231a06f89e50c1e4e1f02798d4b

SHA512
a5736ca8241bba8869b28646f51077c764a72e494e2fd16426cecbbe4b5b1e9da22ba4658e964369fee981c4e819133657ee190a0883dffd9f7650b6abb0e7d6

Download Submit
C:\Windows\system\nPnwUVE.exe

Filesize
6.0MB

MD5
2fa6a3495e330e59f8d8b708812691e0

SHA1
cc25b123db5d967d93087a49861bd32bb1980e81

SHA256
41b6f578b12b5c438660e876bd7611c5ed3004aef88dc5cfccd074ef57b902a8

SHA512
bf80507e1fdb11eef597298db2388c821e46d63033b80f15054b2e1cec632617107411de268be9e27441e1057544bb977ef8d91e12cbd93a8ebeffc1e9087f2d

Download Submit
C:\Windows\system\nbeSHEg.exe

Filesize
6.0MB

MD5
1bc4a4874375f89ff41b521ec6830475

SHA1
da4807b915bf1639358bdec474164e32404a65c5

SHA256
4a161a9b8e59a09949ee48b392d70ceb361d5951d78c91b2ea2bda2cc7fe501e

SHA512
6e99731f691893b3e6fa9b6335b495c4ebb324f907b680abf40aace7b6269aee0c0c892335f935da6de4892d3b78df61fe3809eb844515ed45b4e143d2ec637f

Download Submit
C:\Windows\system\sJMSwHj.exe

Filesize
6.0MB

MD5
c2324f192c05bccd10411450c1e8248e

SHA1
95c894ba513335dfbe6642d72ddc7ddaacd7de40

SHA256
99eff966c70d5fadec0d7e286162a2d69c5edbb27adaad3a4a0ce6bfb78f0b7c

SHA512
b1d0660bcfec54ea87a19001ad78fffd87aa8c4ec972cdcb0c60cb4ef2747bfa8731e0ded40f0514bfbcf851db8eba7861ef2978bbc1ff2dca2cb9f930884b82

Download Submit
C:\Windows\system\xbikxUH.exe

Filesize
6.0MB

MD5
03b7173fd54cb2e3fe5f2f52ae0846b8

SHA1
b4928ab7f6ce18e2c8bc148ec5262f16a09ceece

SHA256
13614985b274229487beb1d3bcef911ccd780473a318655c8929578a1bb0cb0a

SHA512
7110c290d7d69fd2ca29185fae79772039d2f2c5cfce569fb0305507b5af45ba61a175571a432c5df6dc640c03535dfbe898502cabfcf396cee3a3b494a3c8c8

Download Submit
C:\Windows\system\xdGuxLz.exe

Filesize
6.0MB

MD5
e86fda061547acabd7ba939d2acffb6c

SHA1
f3255452f260345ccf4a55ec2ae707a2eeb831dc

SHA256
d596f84840524d895401981a2a1f394c3320b3d2ab54c576270d0fd2b1a2fcf2

SHA512
c8cd9964977a79f55b9e2a216ee18080ec69f13333b7b7e37b5c2e08eb24f830045edaeeba2f2845bea7714f1e1bc81a6fa35aae238354ac7ee816589624e773

Download Submit
\Windows\system\ZGtgZcC.exe

Filesize
6.0MB

MD5
5aeb68f8d709eb0fedf73fdefce14f2f

SHA1
443a6b49cf7a5b6293dbd13aa5db94443f84cda4

SHA256
ed53da3789ad14ddc39a1b2d0a10aa52f9c9f7861ccd70cc9cb80fd180015441

SHA512
599f3d03a96a472de054dbd1ea225a74d8562045731bdf37a0fdfc4a9e70222be5d5dc6eb736225e0a9ad4154dee001b6deeeb614eed05a9c36aca0030e0d0f7

Download Submit
\Windows\system\khcxMDm.exe

Filesize
6.0MB

MD5
370ffd2b333bcd28a9a7a245a305b228

SHA1
07f506a3d992139c60dc51503241677c3ad57c23

SHA256
754cde4f9544475a08f4152bf868ff52cd6e3495fe2d3d3b4230945a2d4a5ed7

SHA512
f5529b3cb4f9f4b05cfbac965f9406744e8cf84fc6682207f2643f623a6b4c09f3566edd7eb3b97a0a4be77a8ee9dd30b811f567b3724bc9ac6e3a67340599f8

Download Submit
\Windows\system\pIiSKsP.exe

Filesize
6.0MB

MD5
2c065490d719d5c5377a445425fb98cd

SHA1
6b9f1455ea2d8ea5507fccaaddf0b91a62a63a9f

SHA256
aa1b216c37210f35c75478fb10fc446c616f1a0a707f37d7b6f3959f2fc74c37

SHA512
6496abdedd117be27ebbb81ea7471f939105fdf5c82fae9d710dea8a22b4917e488803a082be7725e37756e539673e648d34df14fa02dc02587a1f0245af55c7

Download Submit
\Windows\system\xuMyBAq.exe

Filesize
6.0MB

MD5
2babbfaa615482891cb7f530acf169e6

SHA1
477bbeb903ba0ed5cb9733088748d3df3568b347

SHA256
96d52009bfeac6fd51f08379b57e8c6bd4b7bc299b4edd93831787f578f3e908

SHA512
adc1b8b4f91986fa6c8514da5e5297d8a3aa79e36cdb6451e906a00eb34def9e4fd7af457054c29085a6f08bb4c9de5632f6496b4290679dce791a0c6a0c2231

Download Submit
\Windows\system\yKRlMEN.exe

Filesize
6.0MB

MD5
bcb59e733b2071cce49625b14f7de549

SHA1
e519cca5b28975edce36e878ea3738c85046cb8d

SHA256
281282a755962c45404a252329475cb4a56b518c667a9374a6207d69360fb0a8

SHA512
09df1cf8365029f8fcd4e8da4d3e12f54b6e179732226362cf986f80f98de68149ec8792bd377bddf90492f45c5977a241553a82123f2f73cd191d52ff68d0a1

Download Submit
memory/1192-1471-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1192-1450-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1474-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1403-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1813-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1405-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1418-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1880-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1422-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1424-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1939-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1909-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1428-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1911-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1449-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1390-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1451-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1914-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1453-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1904-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1455-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1905-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1458-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1908-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1460-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1889-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1901-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1884-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1468-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1892-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1897-0x0000000002450000-0x00000000027A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1910-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/1956-1749-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1462-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-1470-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/1956-0-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2016-1412-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-1463-0x000000013FF90000-0x00000001402E4000-memory.dmp

Filesize
3.3MB

Download
memory/2052-1482-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2052-1457-0x000000013FD20000-0x0000000140074000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1421-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-1464-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2552-1476-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-1461-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2632-1485-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-1483-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2668-1459-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1491-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-1466-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1423-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2724-1465-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1469-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2776-1448-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1479-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1454-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1427-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1467-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1452-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1472-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads