cobaltstrike | 05fccbcaff0d5c68cb5cc769f54a6ad185287c5ac222ff71b5431b4d3f30ccec

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
02/02/2025, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
Size

5.7MB
MD5

6369cd65cdf046479caf31ef2b020d72
SHA1

c2685daf8c05180d27415478189f6390bd78c26e
SHA256

05fccbcaff0d5c68cb5cc769f54a6ad185287c5ac222ff71b5431b4d3f30ccec
SHA512

971403610776a5899fb8a170b1c95d0e370889ceea9b5d4e959e0b9b8ea2835533845b71ed740df05f09181ff386f23ba5829f7d32529c4b9b206b4da4e1001c
SSDEEP

98304:4emTLkNdfE0pZaJ56utgpPFotBER/mQ32lU7:j+R56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 34 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739a-9.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173aa-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173fb-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017403-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017409-29.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001747b-34.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-53.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-103.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-90.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-172.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-180.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016dc8-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-81.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-61.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019271-50.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926b-45.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924c-41.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001748f-37.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2272-0-0x000000013F5C0000-0x000000013F90D000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/memory/2652-7-0x000000013FE80000-0x00000001401CD000-memory.dmp	xmrig
behavioral1/files/0x000800000001739a-9.dat	xmrig
behavioral1/files/0x00080000000173aa-11.dat	xmrig
behavioral1/files/0x00070000000173fb-21.dat	xmrig
behavioral1/memory/2280-22-0x000000013FA10000-0x000000013FD5D000-memory.dmp	xmrig
behavioral1/memory/2472-17-0x000000013FA00000-0x000000013FD4D000-memory.dmp	xmrig
behavioral1/files/0x0007000000017403-26.dat	xmrig
behavioral1/files/0x0007000000017409-29.dat	xmrig
behavioral1/files/0x000900000001747b-34.dat	xmrig
behavioral1/files/0x0005000000019273-53.dat	xmrig
behavioral1/files/0x00050000000193c4-73.dat	xmrig
behavioral1/files/0x0005000000019403-93.dat	xmrig
behavioral1/files/0x0005000000019441-101.dat	xmrig
behavioral1/files/0x000500000001947e-103.dat	xmrig
behavioral1/files/0x000500000001942f-97.dat	xmrig
behavioral1/files/0x0005000000019401-90.dat	xmrig
behavioral1/files/0x000500000001961b-150.dat	xmrig
behavioral1/memory/2716-157-0x000000013F800000-0x000000013FB4D000-memory.dmp	xmrig
behavioral1/memory/2464-161-0x000000013F900000-0x000000013FC4D000-memory.dmp	xmrig
behavioral1/memory/1728-201-0x000000013F560000-0x000000013F8AD000-memory.dmp	xmrig
behavioral1/memory/1964-220-0x000000013F470000-0x000000013F7BD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019539-189.dat	xmrig
behavioral1/files/0x0005000000019620-184.dat	xmrig
behavioral1/files/0x000500000001961d-172.dat	xmrig
behavioral1/memory/2900-146-0x000000013F6F0000-0x000000013FA3D000-memory.dmp	xmrig
behavioral1/files/0x00050000000195e4-142.dat	xmrig
behavioral1/memory/1992-122-0x000000013F100000-0x000000013F44D000-memory.dmp	xmrig
behavioral1/memory/1424-121-0x000000013FBA0000-0x000000013FEED000-memory.dmp	xmrig
behavioral1/memory/3052-120-0x000000013F910000-0x000000013FC5D000-memory.dmp	xmrig
behavioral1/memory/2584-119-0x000000013F280000-0x000000013F5CD000-memory.dmp	xmrig
behavioral1/memory/2744-118-0x000000013F9E0000-0x000000013FD2D000-memory.dmp	xmrig
behavioral1/memory/2860-117-0x000000013FE90000-0x00000001401DD000-memory.dmp	xmrig
behavioral1/memory/2580-116-0x000000013F240000-0x000000013F58D000-memory.dmp	xmrig
behavioral1/memory/2784-115-0x000000013F750000-0x000000013FA9D000-memory.dmp	xmrig
behavioral1/memory/2192-113-0x000000013FD60000-0x00000001400AD000-memory.dmp	xmrig
behavioral1/memory/648-213-0x000000013F2F0000-0x000000013F63D000-memory.dmp	xmrig
behavioral1/memory/900-207-0x000000013FF10000-0x000000014025D000-memory.dmp	xmrig
behavioral1/memory/2296-194-0x000000013F670000-0x000000013F9BD000-memory.dmp	xmrig
behavioral1/files/0x0005000000019621-191.dat	xmrig
behavioral1/memory/824-182-0x000000013F1C0000-0x000000013F50D000-memory.dmp	xmrig
behavioral1/files/0x000500000001961f-180.dat	xmrig
behavioral1/memory/2792-164-0x000000013F620000-0x000000013F96D000-memory.dmp	xmrig
behavioral1/memory/2808-163-0x000000013F180000-0x000000013F4CD000-memory.dmp	xmrig
behavioral1/memory/2732-162-0x000000013FC80000-0x000000013FFCD000-memory.dmp	xmrig
behavioral1/memory/2768-160-0x000000013F020000-0x000000013F36D000-memory.dmp	xmrig
behavioral1/memory/1784-158-0x000000013F360000-0x000000013F6AD000-memory.dmp	xmrig
behavioral1/memory/2500-156-0x000000013F420000-0x000000013F76D000-memory.dmp	xmrig
behavioral1/memory/2932-153-0x000000013FB40000-0x000000013FE8D000-memory.dmp	xmrig
behavioral1/memory/2256-152-0x000000013FB60000-0x000000013FEAD000-memory.dmp	xmrig
behavioral1/files/0x0009000000016dc8-132.dat	xmrig
behavioral1/files/0x00050000000194d8-110.dat	xmrig
behavioral1/memory/2008-107-0x000000013F700000-0x000000013FA4D000-memory.dmp	xmrig
behavioral1/files/0x00050000000193df-85.dat	xmrig
behavioral1/files/0x00050000000193d9-81.dat	xmrig
behavioral1/files/0x00050000000193cc-77.dat	xmrig
behavioral1/files/0x00050000000193be-69.dat	xmrig
behavioral1/files/0x0005000000019389-65.dat	xmrig
behavioral1/files/0x0005000000019382-61.dat	xmrig
behavioral1/files/0x0005000000019277-57.dat	xmrig
behavioral1/files/0x0005000000019271-50.dat	xmrig
behavioral1/files/0x000500000001926b-45.dat	xmrig
behavioral1/files/0x000500000001924c-41.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2652	DBNHvjF.exe
2280	Eievilm.exe
2472	ZYYghhU.exe
2008	exxOUqe.exe
2500	DdbOJwq.exe
2192	mLhzVyb.exe
2256	PpZDfUK.exe
2680	HcrNEXu.exe
2716	uYoxeAe.exe
2784	wJHECUX.exe
2768	OoPJeWE.exe
2580	AYtGCIz.exe
2732	iDNuUEl.exe
2860	DnrzjxL.exe
2792	ZBEoTBY.exe
2744	BRELoyY.exe
1708	LPwmaKx.exe
2584	oGwRebp.exe
2644	rjEVVmM.exe
3052	jBwfVSI.exe
2808	orsjlaM.exe
1424	vsgoYal.exe
2464	raEvJwg.exe
1992	IlflGGE.exe
1784	cOZhOXA.exe
1404	Okkirmi.exe
2900	RSDuUTm.exe
2932	ckoxCtf.exe
824	UakNYnT.exe
572	nDTNXWw.exe
2296	FvekCVN.exe
1728	NHIWhBd.exe
900	yeWTqGZ.exe
648	RudElbr.exe
2228	wGxdZYe.exe
1964	SIabyDp.exe
1036	emnZXJL.exe
944	mhYbpok.exe
2448	WpYYdNL.exe
568	QzgoKGh.exe
764	pMaKJUf.exe
984	rCgwDXK.exe
1716	JLbCKdc.exe
1528	VWtDrmz.exe
1900	QuUOfTB.exe
2408	eGqBXtk.exe
564	HejmHPs.exe
1756	IqwjdaD.exe
532	WoKXwzu.exe
844	CCJIBhl.exe
2292	xEVzOpM.exe
2712	TkYquxe.exe
2836	HPlVWNJ.exe
2952	sgUZUAn.exe
2568	gHrtYKS.exe
2044	evLnYsd.exe
2356	GrZqssZ.exe
2052	sFBKlOU.exe
2444	QRSPRjg.exe
3068	MPAlZSc.exe
772	mkFTgqY.exe
964	PJLALCW.exe
2176	gDrsBOu.exe
940	WaPllBH.exe

Loads dropped DLL 64 IoCs

pid	Process
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\nVtIsMj.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nBRRbCb.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgXSKkc.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iEyhIar.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XGzDPSs.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikCAsZP.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdcSSjL.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SzVeUtb.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rhTsoql.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBJMhJc.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEcHPfZ.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqIDjpV.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EwJzLYZ.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUFLHoE.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YliDEYD.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsCjDxB.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLNDqLt.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HejmHPs.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNaOaBA.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FWDZnrH.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xAYJWAK.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RXMEQFT.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CAYjkUZ.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSCsdVZ.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jFTcbNn.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vONYQbp.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFTsgnL.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sQkHLVA.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFWgWfY.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBCzZRk.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLAJLIZ.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\staevYE.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODahJFZ.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jGlRTVN.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\emGpcCO.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOgZDXV.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJvoVcv.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Eogpido.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KyFiXgT.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pQILxyz.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCheQWN.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFdNxqP.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXHuzOl.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcDOWlC.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRyLeTQ.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zXGuQDY.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ojqygLW.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWOdnhP.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCDtdAb.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWhzPfR.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dcdTTac.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHxdLMQ.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zlrILad.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HIuZhGz.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blVJysJ.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHtvDCa.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\upIPMbs.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrPiqcu.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\josIwiG.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Qlnpagd.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\phauRTF.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOMtvKm.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISKnfJi.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uoIuiQv.exe	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 2652	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2272 wrote to memory of 2652	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2272 wrote to memory of 2652	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2272 wrote to memory of 2280	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 2280	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 2280	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2272 wrote to memory of 2472	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 2472	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 2472	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2272 wrote to memory of 2008	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2008	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2008	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2272 wrote to memory of 2500	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2500	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2500	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2272 wrote to memory of 2192	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2192	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2192	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2272 wrote to memory of 2256	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2256	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2256	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2272 wrote to memory of 2680	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 2680	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 2680	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2272 wrote to memory of 2716	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 2716	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 2716	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2272 wrote to memory of 2784	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 2784	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 2784	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2272 wrote to memory of 2768	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 2768	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 2768	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2272 wrote to memory of 2580	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2580	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2580	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2272 wrote to memory of 2732	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2732	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2732	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2272 wrote to memory of 2860	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 2860	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 2860	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2272 wrote to memory of 2792	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 2792	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 2792	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2272 wrote to memory of 2744	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 2744	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 2744	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2272 wrote to memory of 1708	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 1708	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 1708	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2272 wrote to memory of 2584	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 2584	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 2584	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2272 wrote to memory of 2644	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 2644	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 2644	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2272 wrote to memory of 3052	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 3052	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 3052	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2272 wrote to memory of 2808	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 2808	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 2808	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2272 wrote to memory of 1424	2272	2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-02_6369cd65cdf046479caf31ef2b020d72_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\System\DBNHvjF.exe
  C:\Windows\System\DBNHvjF.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\Eievilm.exe
  C:\Windows\System\Eievilm.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\ZYYghhU.exe
  C:\Windows\System\ZYYghhU.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\exxOUqe.exe
  C:\Windows\System\exxOUqe.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\DdbOJwq.exe
  C:\Windows\System\DdbOJwq.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\mLhzVyb.exe
  C:\Windows\System\mLhzVyb.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\PpZDfUK.exe
  C:\Windows\System\PpZDfUK.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\HcrNEXu.exe
  C:\Windows\System\HcrNEXu.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\uYoxeAe.exe
  C:\Windows\System\uYoxeAe.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\wJHECUX.exe
  C:\Windows\System\wJHECUX.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\OoPJeWE.exe
  C:\Windows\System\OoPJeWE.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\AYtGCIz.exe
  C:\Windows\System\AYtGCIz.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\iDNuUEl.exe
  C:\Windows\System\iDNuUEl.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\DnrzjxL.exe
  C:\Windows\System\DnrzjxL.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\ZBEoTBY.exe
  C:\Windows\System\ZBEoTBY.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\BRELoyY.exe
  C:\Windows\System\BRELoyY.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\LPwmaKx.exe
  C:\Windows\System\LPwmaKx.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\oGwRebp.exe
  C:\Windows\System\oGwRebp.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\rjEVVmM.exe
  C:\Windows\System\rjEVVmM.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\jBwfVSI.exe
  C:\Windows\System\jBwfVSI.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\orsjlaM.exe
  C:\Windows\System\orsjlaM.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\vsgoYal.exe
  C:\Windows\System\vsgoYal.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\raEvJwg.exe
  C:\Windows\System\raEvJwg.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\IlflGGE.exe
  C:\Windows\System\IlflGGE.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\cOZhOXA.exe
  C:\Windows\System\cOZhOXA.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\Okkirmi.exe
  C:\Windows\System\Okkirmi.exe
  2⤵
  - Executes dropped EXE
  PID:1404
- C:\Windows\System\nDTNXWw.exe
  C:\Windows\System\nDTNXWw.exe
  2⤵
  - Executes dropped EXE
  PID:572
- C:\Windows\System\RSDuUTm.exe
  C:\Windows\System\RSDuUTm.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\wGxdZYe.exe
  C:\Windows\System\wGxdZYe.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\ckoxCtf.exe
  C:\Windows\System\ckoxCtf.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\emnZXJL.exe
  C:\Windows\System\emnZXJL.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\UakNYnT.exe
  C:\Windows\System\UakNYnT.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\mhYbpok.exe
  C:\Windows\System\mhYbpok.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\FvekCVN.exe
  C:\Windows\System\FvekCVN.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\pMaKJUf.exe
  C:\Windows\System\pMaKJUf.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\NHIWhBd.exe
  C:\Windows\System\NHIWhBd.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\JLbCKdc.exe
  C:\Windows\System\JLbCKdc.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\yeWTqGZ.exe
  C:\Windows\System\yeWTqGZ.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\VWtDrmz.exe
  C:\Windows\System\VWtDrmz.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\RudElbr.exe
  C:\Windows\System\RudElbr.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\QuUOfTB.exe
  C:\Windows\System\QuUOfTB.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\SIabyDp.exe
  C:\Windows\System\SIabyDp.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\eGqBXtk.exe
  C:\Windows\System\eGqBXtk.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\WpYYdNL.exe
  C:\Windows\System\WpYYdNL.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\HejmHPs.exe
  C:\Windows\System\HejmHPs.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\QzgoKGh.exe
  C:\Windows\System\QzgoKGh.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\IqwjdaD.exe
  C:\Windows\System\IqwjdaD.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\rCgwDXK.exe
  C:\Windows\System\rCgwDXK.exe
  2⤵
  - Executes dropped EXE
  PID:984
- C:\Windows\System\WoKXwzu.exe
  C:\Windows\System\WoKXwzu.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\CCJIBhl.exe
  C:\Windows\System\CCJIBhl.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\xEVzOpM.exe
  C:\Windows\System\xEVzOpM.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\TkYquxe.exe
  C:\Windows\System\TkYquxe.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\sgUZUAn.exe
  C:\Windows\System\sgUZUAn.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\HPlVWNJ.exe
  C:\Windows\System\HPlVWNJ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\gHrtYKS.exe
  C:\Windows\System\gHrtYKS.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\evLnYsd.exe
  C:\Windows\System\evLnYsd.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\GrZqssZ.exe
  C:\Windows\System\GrZqssZ.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\sFBKlOU.exe
  C:\Windows\System\sFBKlOU.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\MPAlZSc.exe
  C:\Windows\System\MPAlZSc.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\QRSPRjg.exe
  C:\Windows\System\QRSPRjg.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\mkFTgqY.exe
  C:\Windows\System\mkFTgqY.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\PJLALCW.exe
  C:\Windows\System\PJLALCW.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\WaPllBH.exe
  C:\Windows\System\WaPllBH.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\gDrsBOu.exe
  C:\Windows\System\gDrsBOu.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\FjWCNRM.exe
  C:\Windows\System\FjWCNRM.exe
  2⤵
  PID:2320
- C:\Windows\System\IIauzDB.exe
  C:\Windows\System\IIauzDB.exe
  2⤵
  PID:2816
- C:\Windows\System\MvBLKav.exe
  C:\Windows\System\MvBLKav.exe
  2⤵
  PID:2560
- C:\Windows\System\ZuXvGdc.exe
  C:\Windows\System\ZuXvGdc.exe
  2⤵
  PID:1504
- C:\Windows\System\MkozgHO.exe
  C:\Windows\System\MkozgHO.exe
  2⤵
  PID:2868
- C:\Windows\System\WXsSKeg.exe
  C:\Windows\System\WXsSKeg.exe
  2⤵
  PID:1684
- C:\Windows\System\DaQRAOc.exe
  C:\Windows\System\DaQRAOc.exe
  2⤵
  PID:2172
- C:\Windows\System\WuabGrj.exe
  C:\Windows\System\WuabGrj.exe
  2⤵
  PID:2528
- C:\Windows\System\sbOsMnE.exe
  C:\Windows\System\sbOsMnE.exe
  2⤵
  PID:880
- C:\Windows\System\JfPQOqk.exe
  C:\Windows\System\JfPQOqk.exe
  2⤵
  PID:848
- C:\Windows\System\bXklUhz.exe
  C:\Windows\System\bXklUhz.exe
  2⤵
  PID:1700
- C:\Windows\System\FiOzRmS.exe
  C:\Windows\System\FiOzRmS.exe
  2⤵
  PID:2212
- C:\Windows\System\bhefcgL.exe
  C:\Windows\System\bhefcgL.exe
  2⤵
  PID:1804
- C:\Windows\System\aCGdzkq.exe
  C:\Windows\System\aCGdzkq.exe
  2⤵
  PID:2572
- C:\Windows\System\ORPweIk.exe
  C:\Windows\System\ORPweIk.exe
  2⤵
  PID:1932
- C:\Windows\System\fReAGXf.exe
  C:\Windows\System\fReAGXf.exe
  2⤵
  PID:2460
- C:\Windows\System\vjGROiV.exe
  C:\Windows\System\vjGROiV.exe
  2⤵
  PID:3032
- C:\Windows\System\jsGLFEn.exe
  C:\Windows\System\jsGLFEn.exe
  2⤵
  PID:2384
- C:\Windows\System\aGYBDlv.exe
  C:\Windows\System\aGYBDlv.exe
  2⤵
  PID:2240
- C:\Windows\System\KWiXHXW.exe
  C:\Windows\System\KWiXHXW.exe
  2⤵
  PID:2068
- C:\Windows\System\Guayymg.exe
  C:\Windows\System\Guayymg.exe
  2⤵
  PID:608
- C:\Windows\System\xhMfLzH.exe
  C:\Windows\System\xhMfLzH.exe
  2⤵
  PID:2888
- C:\Windows\System\WemDZYi.exe
  C:\Windows\System\WemDZYi.exe
  2⤵
  PID:3016
- C:\Windows\System\FgLvsVr.exe
  C:\Windows\System\FgLvsVr.exe
  2⤵
  PID:1860
- C:\Windows\System\wYxeTnl.exe
  C:\Windows\System\wYxeTnl.exe
  2⤵
  PID:2752
- C:\Windows\System\iMyHAwz.exe
  C:\Windows\System\iMyHAwz.exe
  2⤵
  PID:544
- C:\Windows\System\jIzxeuK.exe
  C:\Windows\System\jIzxeuK.exe
  2⤵
  PID:1544
- C:\Windows\System\tXCEvrX.exe
  C:\Windows\System\tXCEvrX.exe
  2⤵
  PID:1940
- C:\Windows\System\nIUBYgp.exe
  C:\Windows\System\nIUBYgp.exe
  2⤵
  PID:1596
- C:\Windows\System\CWKFNWI.exe
  C:\Windows\System\CWKFNWI.exe
  2⤵
  PID:2696
- C:\Windows\System\SQDlMRF.exe
  C:\Windows\System\SQDlMRF.exe
  2⤵
  PID:2600
- C:\Windows\System\gCawYCa.exe
  C:\Windows\System\gCawYCa.exe
  2⤵
  PID:3064
- C:\Windows\System\KSYdieY.exe
  C:\Windows\System\KSYdieY.exe
  2⤵
  PID:2116
- C:\Windows\System\JgPnaED.exe
  C:\Windows\System\JgPnaED.exe
  2⤵
  PID:3024
- C:\Windows\System\fuAOGiF.exe
  C:\Windows\System\fuAOGiF.exe
  2⤵
  PID:912
- C:\Windows\System\CHWjdcE.exe
  C:\Windows\System\CHWjdcE.exe
  2⤵
  PID:1604
- C:\Windows\System\vswSnKP.exe
  C:\Windows\System\vswSnKP.exe
  2⤵
  PID:756
- C:\Windows\System\glyIqef.exe
  C:\Windows\System\glyIqef.exe
  2⤵
  PID:2072
- C:\Windows\System\hDHuFJN.exe
  C:\Windows\System\hDHuFJN.exe
  2⤵
  PID:2684
- C:\Windows\System\DwaTjwy.exe
  C:\Windows\System\DwaTjwy.exe
  2⤵
  PID:2304
- C:\Windows\System\eeUCSvm.exe
  C:\Windows\System\eeUCSvm.exe
  2⤵
  PID:3108
- C:\Windows\System\LTlZlsu.exe
  C:\Windows\System\LTlZlsu.exe
  2⤵
  PID:3132
- C:\Windows\System\nSLnXnT.exe
  C:\Windows\System\nSLnXnT.exe
  2⤵
  PID:3156
- C:\Windows\System\njLRVxR.exe
  C:\Windows\System\njLRVxR.exe
  2⤵
  PID:3180
- C:\Windows\System\DwVfnoU.exe
  C:\Windows\System\DwVfnoU.exe
  2⤵
  PID:3200
- C:\Windows\System\CLyWWzT.exe
  C:\Windows\System\CLyWWzT.exe
  2⤵
  PID:3224
- C:\Windows\System\YAYSPJo.exe
  C:\Windows\System\YAYSPJo.exe
  2⤵
  PID:3252
- C:\Windows\System\WwZnPOt.exe
  C:\Windows\System\WwZnPOt.exe
  2⤵
  PID:3272
- C:\Windows\System\giQVHCX.exe
  C:\Windows\System\giQVHCX.exe
  2⤵
  PID:3300
- C:\Windows\System\cApOtzM.exe
  C:\Windows\System\cApOtzM.exe
  2⤵
  PID:3324
- C:\Windows\System\fxaHAAO.exe
  C:\Windows\System\fxaHAAO.exe
  2⤵
  PID:3348
- C:\Windows\System\YElFrGt.exe
  C:\Windows\System\YElFrGt.exe
  2⤵
  PID:3372
- C:\Windows\System\fdmSvgk.exe
  C:\Windows\System\fdmSvgk.exe
  2⤵
  PID:3396
- C:\Windows\System\LTZTIec.exe
  C:\Windows\System\LTZTIec.exe
  2⤵
  PID:3420
- C:\Windows\System\KvDVNSn.exe
  C:\Windows\System\KvDVNSn.exe
  2⤵
  PID:3440
- C:\Windows\System\qCJodQP.exe
  C:\Windows\System\qCJodQP.exe
  2⤵
  PID:3464
- C:\Windows\System\zlrILad.exe
  C:\Windows\System\zlrILad.exe
  2⤵
  PID:3492
- C:\Windows\System\pmDksWB.exe
  C:\Windows\System\pmDksWB.exe
  2⤵
  PID:3516
- C:\Windows\System\RFEraty.exe
  C:\Windows\System\RFEraty.exe
  2⤵
  PID:3540
- C:\Windows\System\AjPOAAJ.exe
  C:\Windows\System\AjPOAAJ.exe
  2⤵
  PID:3560
- C:\Windows\System\kKeLnyS.exe
  C:\Windows\System\kKeLnyS.exe
  2⤵
  PID:3588
- C:\Windows\System\IoXIvtT.exe
  C:\Windows\System\IoXIvtT.exe
  2⤵
  PID:3608
- C:\Windows\System\nzMwpJz.exe
  C:\Windows\System\nzMwpJz.exe
  2⤵
  PID:3632
- C:\Windows\System\VEpVrUu.exe
  C:\Windows\System\VEpVrUu.exe
  2⤵
  PID:3656
- C:\Windows\System\rOHftPl.exe
  C:\Windows\System\rOHftPl.exe
  2⤵
  PID:3676
- C:\Windows\System\jpRqzGJ.exe
  C:\Windows\System\jpRqzGJ.exe
  2⤵
  PID:3700
- C:\Windows\System\UKYeHEn.exe
  C:\Windows\System\UKYeHEn.exe
  2⤵
  PID:3724
- C:\Windows\System\ghtWFGZ.exe
  C:\Windows\System\ghtWFGZ.exe
  2⤵
  PID:3744
- C:\Windows\System\iSwVjui.exe
  C:\Windows\System\iSwVjui.exe
  2⤵
  PID:3772
- C:\Windows\System\GQHvkKW.exe
  C:\Windows\System\GQHvkKW.exe
  2⤵
  PID:3796
- C:\Windows\System\CQpZiyK.exe
  C:\Windows\System\CQpZiyK.exe
  2⤵
  PID:3816
- C:\Windows\System\nXsSUBg.exe
  C:\Windows\System\nXsSUBg.exe
  2⤵
  PID:3856
- C:\Windows\System\WLAJLIZ.exe
  C:\Windows\System\WLAJLIZ.exe
  2⤵
  PID:3876
- C:\Windows\System\nIRhbYK.exe
  C:\Windows\System\nIRhbYK.exe
  2⤵
  PID:3900
- C:\Windows\System\JptpLfC.exe
  C:\Windows\System\JptpLfC.exe
  2⤵
  PID:3928
- C:\Windows\System\NJvmBTI.exe
  C:\Windows\System\NJvmBTI.exe
  2⤵
  PID:3952
- C:\Windows\System\tOqcURV.exe
  C:\Windows\System\tOqcURV.exe
  2⤵
  PID:3972
- C:\Windows\System\UXuBcLH.exe
  C:\Windows\System\UXuBcLH.exe
  2⤵
  PID:4000
- C:\Windows\System\IqWSPnv.exe
  C:\Windows\System\IqWSPnv.exe
  2⤵
  PID:4024
- C:\Windows\System\AsepUZe.exe
  C:\Windows\System\AsepUZe.exe
  2⤵
  PID:4048
- C:\Windows\System\bFUXYQg.exe
  C:\Windows\System\bFUXYQg.exe
  2⤵
  PID:4072
- C:\Windows\System\MmmpMKd.exe
  C:\Windows\System\MmmpMKd.exe
  2⤵
  PID:1512
- C:\Windows\System\YXvyZgT.exe
  C:\Windows\System\YXvyZgT.exe
  2⤵
  PID:2420
- C:\Windows\System\lBDReva.exe
  C:\Windows\System\lBDReva.exe
  2⤵
  PID:1344
- C:\Windows\System\tczVXkJ.exe
  C:\Windows\System\tczVXkJ.exe
  2⤵
  PID:2104
- C:\Windows\System\TYZdkTf.exe
  C:\Windows\System\TYZdkTf.exe
  2⤵
  PID:2940
- C:\Windows\System\ILUsUuR.exe
  C:\Windows\System\ILUsUuR.exe
  2⤵
  PID:2328
- C:\Windows\System\sCDoJuz.exe
  C:\Windows\System\sCDoJuz.exe
  2⤵
  PID:788
- C:\Windows\System\RLNoGjR.exe
  C:\Windows\System\RLNoGjR.exe
  2⤵
  PID:2632
- C:\Windows\System\gzXHQWX.exe
  C:\Windows\System\gzXHQWX.exe
  2⤵
  PID:2844
- C:\Windows\System\FcWJAfp.exe
  C:\Windows\System\FcWJAfp.exe
  2⤵
  PID:3096
- C:\Windows\System\kRhNTaM.exe
  C:\Windows\System\kRhNTaM.exe
  2⤵
  PID:3176
- C:\Windows\System\kOWtOsa.exe
  C:\Windows\System\kOWtOsa.exe
  2⤵
  PID:3216
- C:\Windows\System\nSgKSXk.exe
  C:\Windows\System\nSgKSXk.exe
  2⤵
  PID:3192
- C:\Windows\System\xLYbDtt.exe
  C:\Windows\System\xLYbDtt.exe
  2⤵
  PID:3244
- C:\Windows\System\qwULQDS.exe
  C:\Windows\System\qwULQDS.exe
  2⤵
  PID:3292
- C:\Windows\System\RDOVEzb.exe
  C:\Windows\System\RDOVEzb.exe
  2⤵
  PID:3320
- C:\Windows\System\uxfOajV.exe
  C:\Windows\System\uxfOajV.exe
  2⤵
  PID:3344
- C:\Windows\System\zskJrID.exe
  C:\Windows\System\zskJrID.exe
  2⤵
  PID:3408
- C:\Windows\System\foRJrle.exe
  C:\Windows\System\foRJrle.exe
  2⤵
  PID:3452
- C:\Windows\System\yIrFYYs.exe
  C:\Windows\System\yIrFYYs.exe
  2⤵
  PID:3508
- C:\Windows\System\JYxkcNL.exe
  C:\Windows\System\JYxkcNL.exe
  2⤵
  PID:3488
- C:\Windows\System\EmRLUPm.exe
  C:\Windows\System\EmRLUPm.exe
  2⤵
  PID:3600
- C:\Windows\System\eNJVZai.exe
  C:\Windows\System\eNJVZai.exe
  2⤵
  PID:3684
- C:\Windows\System\XGZoevi.exe
  C:\Windows\System\XGZoevi.exe
  2⤵
  PID:3572
- C:\Windows\System\ayLQbdw.exe
  C:\Windows\System\ayLQbdw.exe
  2⤵
  PID:3580
- C:\Windows\System\SeKJLXC.exe
  C:\Windows\System\SeKJLXC.exe
  2⤵
  PID:3780
- C:\Windows\System\fWDpKsa.exe
  C:\Windows\System\fWDpKsa.exe
  2⤵
  PID:3824
- C:\Windows\System\AMHkjao.exe
  C:\Windows\System\AMHkjao.exe
  2⤵
  PID:3828
- C:\Windows\System\stQDNTY.exe
  C:\Windows\System\stQDNTY.exe
  2⤵
  PID:3844
- C:\Windows\System\nDXXyrQ.exe
  C:\Windows\System\nDXXyrQ.exe
  2⤵
  PID:3768
- C:\Windows\System\jIJSLfc.exe
  C:\Windows\System\jIJSLfc.exe
  2⤵
  PID:3892
- C:\Windows\System\dqnKoIw.exe
  C:\Windows\System\dqnKoIw.exe
  2⤵
  PID:3864
- C:\Windows\System\btuJrGR.exe
  C:\Windows\System\btuJrGR.exe
  2⤵
  PID:3924
- C:\Windows\System\fOOIOQs.exe
  C:\Windows\System\fOOIOQs.exe
  2⤵
  PID:3996
- C:\Windows\System\pBQKpyW.exe
  C:\Windows\System\pBQKpyW.exe
  2⤵
  PID:3964
- C:\Windows\System\foBXaId.exe
  C:\Windows\System\foBXaId.exe
  2⤵
  PID:4008
- C:\Windows\System\aJWQICx.exe
  C:\Windows\System\aJWQICx.exe
  2⤵
  PID:1640
- C:\Windows\System\sNDocKu.exe
  C:\Windows\System\sNDocKu.exe
  2⤵
  PID:2200
- C:\Windows\System\wLZGKGN.exe
  C:\Windows\System\wLZGKGN.exe
  2⤵
  PID:1168
- C:\Windows\System\jRyLeTQ.exe
  C:\Windows\System\jRyLeTQ.exe
  2⤵
  PID:2524
- C:\Windows\System\XKbHesq.exe
  C:\Windows\System\XKbHesq.exe
  2⤵
  PID:1480
- C:\Windows\System\rvKNGxB.exe
  C:\Windows\System\rvKNGxB.exe
  2⤵
  PID:2796
- C:\Windows\System\zdZAlNQ.exe
  C:\Windows\System\zdZAlNQ.exe
  2⤵
  PID:3088
- C:\Windows\System\nzgjqTZ.exe
  C:\Windows\System\nzgjqTZ.exe
  2⤵
  PID:3092
- C:\Windows\System\FNrXZjW.exe
  C:\Windows\System\FNrXZjW.exe
  2⤵
  PID:3196
- C:\Windows\System\oRNCDEM.exe
  C:\Windows\System\oRNCDEM.exe
  2⤵
  PID:3332
- C:\Windows\System\vkurdfj.exe
  C:\Windows\System\vkurdfj.exe
  2⤵
  PID:3360
- C:\Windows\System\ZqZyqAx.exe
  C:\Windows\System\ZqZyqAx.exe
  2⤵
  PID:3392
- C:\Windows\System\CVqNfra.exe
  C:\Windows\System\CVqNfra.exe
  2⤵
  PID:3416
- C:\Windows\System\zXGuQDY.exe
  C:\Windows\System\zXGuQDY.exe
  2⤵
  PID:3484
- C:\Windows\System\PkNImXo.exe
  C:\Windows\System\PkNImXo.exe
  2⤵
  PID:3652
- C:\Windows\System\WgSSmbK.exe
  C:\Windows\System\WgSSmbK.exe
  2⤵
  PID:3604
- C:\Windows\System\xhkiJFw.exe
  C:\Windows\System\xhkiJFw.exe
  2⤵
  PID:3740
- C:\Windows\System\pvNbTeJ.exe
  C:\Windows\System\pvNbTeJ.exe
  2⤵
  PID:3620
- C:\Windows\System\JwYUuTT.exe
  C:\Windows\System\JwYUuTT.exe
  2⤵
  PID:3616
- C:\Windows\System\TUTcQlh.exe
  C:\Windows\System\TUTcQlh.exe
  2⤵
  PID:3752
- C:\Windows\System\PkKdeAs.exe
  C:\Windows\System\PkKdeAs.exe
  2⤵
  PID:3852
- C:\Windows\System\YKTZtVO.exe
  C:\Windows\System\YKTZtVO.exe
  2⤵
  PID:3912
- C:\Windows\System\xkxTgUo.exe
  C:\Windows\System\xkxTgUo.exe
  2⤵
  PID:3888
- C:\Windows\System\VqQdfEM.exe
  C:\Windows\System\VqQdfEM.exe
  2⤵
  PID:3988
- C:\Windows\System\uZLXkRH.exe
  C:\Windows\System\uZLXkRH.exe
  2⤵
  PID:4092
- C:\Windows\System\AEbSlhd.exe
  C:\Windows\System\AEbSlhd.exe
  2⤵
  PID:3036
- C:\Windows\System\tyKShIt.exe
  C:\Windows\System\tyKShIt.exe
  2⤵
  PID:872
- C:\Windows\System\SLrXYKq.exe
  C:\Windows\System\SLrXYKq.exe
  2⤵
  PID:3028
- C:\Windows\System\CzlsDen.exe
  C:\Windows\System\CzlsDen.exe
  2⤵
  PID:3104
- C:\Windows\System\WnouqBY.exe
  C:\Windows\System\WnouqBY.exe
  2⤵
  PID:3236
- C:\Windows\System\rYqdMjp.exe
  C:\Windows\System\rYqdMjp.exe
  2⤵
  PID:3232
- C:\Windows\System\vdSccTv.exe
  C:\Windows\System\vdSccTv.exe
  2⤵
  PID:3240
- C:\Windows\System\ogaYXPe.exe
  C:\Windows\System\ogaYXPe.exe
  2⤵
  PID:3368
- C:\Windows\System\SCLsbnM.exe
  C:\Windows\System\SCLsbnM.exe
  2⤵
  PID:3524
- C:\Windows\System\JUZmVrI.exe
  C:\Windows\System\JUZmVrI.exe
  2⤵
  PID:3436
- C:\Windows\System\FPfRrmr.exe
  C:\Windows\System\FPfRrmr.exe
  2⤵
  PID:3596
- C:\Windows\System\rhTsoql.exe
  C:\Windows\System\rhTsoql.exe
  2⤵
  PID:3792
- C:\Windows\System\QzQhCyc.exe
  C:\Windows\System\QzQhCyc.exe
  2⤵
  PID:3812
- C:\Windows\System\nwyrNsv.exe
  C:\Windows\System\nwyrNsv.exe
  2⤵
  PID:3576
- C:\Windows\System\OrapBOD.exe
  C:\Windows\System\OrapBOD.exe
  2⤵
  PID:3808
- C:\Windows\System\gbmCxCz.exe
  C:\Windows\System\gbmCxCz.exe
  2⤵
  PID:3920
- C:\Windows\System\EkxYYDA.exe
  C:\Windows\System\EkxYYDA.exe
  2⤵
  PID:2268
- C:\Windows\System\NOgnncP.exe
  C:\Windows\System\NOgnncP.exe
  2⤵
  PID:4088
- C:\Windows\System\BqcncAw.exe
  C:\Windows\System\BqcncAw.exe
  2⤵
  PID:3208
- C:\Windows\System\kUaOegY.exe
  C:\Windows\System\kUaOegY.exe
  2⤵
  PID:3460
- C:\Windows\System\IePgPMC.exe
  C:\Windows\System\IePgPMC.exe
  2⤵
  PID:2276
- C:\Windows\System\YWRibNT.exe
  C:\Windows\System\YWRibNT.exe
  2⤵
  PID:2892
- C:\Windows\System\WfpohzR.exe
  C:\Windows\System\WfpohzR.exe
  2⤵
  PID:3212
- C:\Windows\System\qsazrkt.exe
  C:\Windows\System\qsazrkt.exe
  2⤵
  PID:4012
- C:\Windows\System\TSBiFYZ.exe
  C:\Windows\System\TSBiFYZ.exe
  2⤵
  PID:3308
- C:\Windows\System\nROMHtD.exe
  C:\Windows\System\nROMHtD.exe
  2⤵
  PID:3476
- C:\Windows\System\UAHkcFZ.exe
  C:\Windows\System\UAHkcFZ.exe
  2⤵
  PID:3128
- C:\Windows\System\WUnapbX.exe
  C:\Windows\System\WUnapbX.exe
  2⤵
  PID:3404
- C:\Windows\System\TpwbzEa.exe
  C:\Windows\System\TpwbzEa.exe
  2⤵
  PID:3084
- C:\Windows\System\zHLQSWG.exe
  C:\Windows\System\zHLQSWG.exe
  2⤵
  PID:4104
- C:\Windows\System\nUqBeda.exe
  C:\Windows\System\nUqBeda.exe
  2⤵
  PID:4124
- C:\Windows\System\OznTRfD.exe
  C:\Windows\System\OznTRfD.exe
  2⤵
  PID:4144
- C:\Windows\System\NEYynkn.exe
  C:\Windows\System\NEYynkn.exe
  2⤵
  PID:4184
- C:\Windows\System\OwQWqxQ.exe
  C:\Windows\System\OwQWqxQ.exe
  2⤵
  PID:4208
- C:\Windows\System\SwOlfyn.exe
  C:\Windows\System\SwOlfyn.exe
  2⤵
  PID:4228
- C:\Windows\System\YWjzKKi.exe
  C:\Windows\System\YWjzKKi.exe
  2⤵
  PID:4252
- C:\Windows\System\dqJgztH.exe
  C:\Windows\System\dqJgztH.exe
  2⤵
  PID:4272
- C:\Windows\System\lTGNpJn.exe
  C:\Windows\System\lTGNpJn.exe
  2⤵
  PID:4304
- C:\Windows\System\lfgEgNX.exe
  C:\Windows\System\lfgEgNX.exe
  2⤵
  PID:4328
- C:\Windows\System\RXcfVBa.exe
  C:\Windows\System\RXcfVBa.exe
  2⤵
  PID:4352
- C:\Windows\System\yAZwdNc.exe
  C:\Windows\System\yAZwdNc.exe
  2⤵
  PID:4376
- C:\Windows\System\LgJIiMw.exe
  C:\Windows\System\LgJIiMw.exe
  2⤵
  PID:4400
- C:\Windows\System\rSGlErS.exe
  C:\Windows\System\rSGlErS.exe
  2⤵
  PID:4424
- C:\Windows\System\zqaxvuQ.exe
  C:\Windows\System\zqaxvuQ.exe
  2⤵
  PID:4448
- C:\Windows\System\rbPHCiQ.exe
  C:\Windows\System\rbPHCiQ.exe
  2⤵
  PID:4472
- C:\Windows\System\BlUDTQu.exe
  C:\Windows\System\BlUDTQu.exe
  2⤵
  PID:4500
- C:\Windows\System\loKfASw.exe
  C:\Windows\System\loKfASw.exe
  2⤵
  PID:4520
- C:\Windows\System\GecrFEY.exe
  C:\Windows\System\GecrFEY.exe
  2⤵
  PID:4544
- C:\Windows\System\sEKOjid.exe
  C:\Windows\System\sEKOjid.exe
  2⤵
  PID:4564
- C:\Windows\System\PjNoSHU.exe
  C:\Windows\System\PjNoSHU.exe
  2⤵
  PID:4596
- C:\Windows\System\igrUlUc.exe
  C:\Windows\System\igrUlUc.exe
  2⤵
  PID:4620
- C:\Windows\System\IECoyAr.exe
  C:\Windows\System\IECoyAr.exe
  2⤵
  PID:4644
- C:\Windows\System\mkmdAvV.exe
  C:\Windows\System\mkmdAvV.exe
  2⤵
  PID:4664
- C:\Windows\System\NYdHJXy.exe
  C:\Windows\System\NYdHJXy.exe
  2⤵
  PID:4692
- C:\Windows\System\nIrDYFj.exe
  C:\Windows\System\nIrDYFj.exe
  2⤵
  PID:4716
- C:\Windows\System\gEEfiCw.exe
  C:\Windows\System\gEEfiCw.exe
  2⤵
  PID:4740
- C:\Windows\System\sALDJQk.exe
  C:\Windows\System\sALDJQk.exe
  2⤵
  PID:4760
- C:\Windows\System\ZDjjTue.exe
  C:\Windows\System\ZDjjTue.exe
  2⤵
  PID:4788
- C:\Windows\System\rWnJvSD.exe
  C:\Windows\System\rWnJvSD.exe
  2⤵
  PID:4812
- C:\Windows\System\YIaqGFz.exe
  C:\Windows\System\YIaqGFz.exe
  2⤵
  PID:4840
- C:\Windows\System\KyFiXgT.exe
  C:\Windows\System\KyFiXgT.exe
  2⤵
  PID:4864
- C:\Windows\System\QVsSMDf.exe
  C:\Windows\System\QVsSMDf.exe
  2⤵
  PID:4888
- C:\Windows\System\rdlqeQI.exe
  C:\Windows\System\rdlqeQI.exe
  2⤵
  PID:4912
- C:\Windows\System\APofEKR.exe
  C:\Windows\System\APofEKR.exe
  2⤵
  PID:4936
- C:\Windows\System\FLHYNyd.exe
  C:\Windows\System\FLHYNyd.exe
  2⤵
  PID:4960
- C:\Windows\System\FbAoyZa.exe
  C:\Windows\System\FbAoyZa.exe
  2⤵
  PID:4984
- C:\Windows\System\xfbgBrC.exe
  C:\Windows\System\xfbgBrC.exe
  2⤵
  PID:5008
- C:\Windows\System\OvruNzn.exe
  C:\Windows\System\OvruNzn.exe
  2⤵
  PID:5032
- C:\Windows\System\nDoKziJ.exe
  C:\Windows\System\nDoKziJ.exe
  2⤵
  PID:5052
- C:\Windows\System\CphjnZH.exe
  C:\Windows\System\CphjnZH.exe
  2⤵
  PID:5080
- C:\Windows\System\tNXoobq.exe
  C:\Windows\System\tNXoobq.exe
  2⤵
  PID:5104
- C:\Windows\System\ZSUGDhY.exe
  C:\Windows\System\ZSUGDhY.exe
  2⤵
  PID:4056
- C:\Windows\System\QxzxJop.exe
  C:\Windows\System\QxzxJop.exe
  2⤵
  PID:1096
- C:\Windows\System\fEdAVah.exe
  C:\Windows\System\fEdAVah.exe
  2⤵
  PID:1856
- C:\Windows\System\dJsklkk.exe
  C:\Windows\System\dJsklkk.exe
  2⤵
  PID:3532
- C:\Windows\System\gyFcfYL.exe
  C:\Windows\System\gyFcfYL.exe
  2⤵
  PID:4036
- C:\Windows\System\dVUpgtP.exe
  C:\Windows\System\dVUpgtP.exe
  2⤵
  PID:4064
- C:\Windows\System\ZsTUMpo.exe
  C:\Windows\System\ZsTUMpo.exe
  2⤵
  PID:1080
- C:\Windows\System\jGlRTVN.exe
  C:\Windows\System\jGlRTVN.exe
  2⤵
  PID:4132
- C:\Windows\System\sBJMhJc.exe
  C:\Windows\System\sBJMhJc.exe
  2⤵
  PID:1052
- C:\Windows\System\qNffixO.exe
  C:\Windows\System\qNffixO.exe
  2⤵
  PID:4200
- C:\Windows\System\eLnmSTF.exe
  C:\Windows\System\eLnmSTF.exe
  2⤵
  PID:4112
- C:\Windows\System\YuzTazw.exe
  C:\Windows\System\YuzTazw.exe
  2⤵
  PID:3548
- C:\Windows\System\dfbZJav.exe
  C:\Windows\System\dfbZJav.exe
  2⤵
  PID:4164
- C:\Windows\System\XWJIHVW.exe
  C:\Windows\System\XWJIHVW.exe
  2⤵
  PID:4280
- C:\Windows\System\cJddYBS.exe
  C:\Windows\System\cJddYBS.exe
  2⤵
  PID:4268
- C:\Windows\System\AFxcBPO.exe
  C:\Windows\System\AFxcBPO.exe
  2⤵
  PID:2512
- C:\Windows\System\TivTzJf.exe
  C:\Windows\System\TivTzJf.exe
  2⤵
  PID:4320
- C:\Windows\System\hiMvcwn.exe
  C:\Windows\System\hiMvcwn.exe
  2⤵
  PID:2188
- C:\Windows\System\uwPbsdk.exe
  C:\Windows\System\uwPbsdk.exe
  2⤵
  PID:4360
- C:\Windows\System\FjxaUzS.exe
  C:\Windows\System\FjxaUzS.exe
  2⤵
  PID:4372
- C:\Windows\System\JRGFaGG.exe
  C:\Windows\System\JRGFaGG.exe
  2⤵
  PID:4412
- C:\Windows\System\lTVpDOL.exe
  C:\Windows\System\lTVpDOL.exe
  2⤵
  PID:4580
- C:\Windows\System\ucUwWTs.exe
  C:\Windows\System\ucUwWTs.exe
  2⤵
  PID:4460
- C:\Windows\System\MOtehxr.exe
  C:\Windows\System\MOtehxr.exe
  2⤵
  PID:4592
- C:\Windows\System\oqekqhx.exe
  C:\Windows\System\oqekqhx.exe
  2⤵
  PID:4632
- C:\Windows\System\vyhHyBx.exe
  C:\Windows\System\vyhHyBx.exe
  2⤵
  PID:4672
- C:\Windows\System\amlFlox.exe
  C:\Windows\System\amlFlox.exe
  2⤵
  PID:4656
- C:\Windows\System\HiWhTuE.exe
  C:\Windows\System\HiWhTuE.exe
  2⤵
  PID:4724
- C:\Windows\System\vRiZEoP.exe
  C:\Windows\System\vRiZEoP.exe
  2⤵
  PID:4772
- C:\Windows\System\kFSJbwz.exe
  C:\Windows\System\kFSJbwz.exe
  2⤵
  PID:4756
- C:\Windows\System\BqynTXt.exe
  C:\Windows\System\BqynTXt.exe
  2⤵
  PID:4800
- C:\Windows\System\EVZuSAi.exe
  C:\Windows\System\EVZuSAi.exe
  2⤵
  PID:4848
- C:\Windows\System\zPqrEjJ.exe
  C:\Windows\System\zPqrEjJ.exe
  2⤵
  PID:4880
- C:\Windows\System\gRyfrjU.exe
  C:\Windows\System\gRyfrjU.exe
  2⤵
  PID:4932
- C:\Windows\System\tsvGGPP.exe
  C:\Windows\System\tsvGGPP.exe
  2⤵
  PID:4944
- C:\Windows\System\usWNjHO.exe
  C:\Windows\System\usWNjHO.exe
  2⤵
  PID:4956
- C:\Windows\System\BFcYtaK.exe
  C:\Windows\System\BFcYtaK.exe
  2⤵
  PID:5024
- C:\Windows\System\lTaGdQg.exe
  C:\Windows\System\lTaGdQg.exe
  2⤵
  PID:5004
- C:\Windows\System\HqfhgTT.exe
  C:\Windows\System\HqfhgTT.exe
  2⤵
  PID:5112
- C:\Windows\System\ozGbtxA.exe
  C:\Windows\System\ozGbtxA.exe
  2⤵
  PID:3264
- C:\Windows\System\CNaOaBA.exe
  C:\Windows\System\CNaOaBA.exe
  2⤵
  PID:3280
- C:\Windows\System\coUTwnY.exe
  C:\Windows\System\coUTwnY.exe
  2⤵
  PID:1852
- C:\Windows\System\hOHOzIG.exe
  C:\Windows\System\hOHOzIG.exe
  2⤵
  PID:3736
- C:\Windows\System\SiirVfp.exe
  C:\Windows\System\SiirVfp.exe
  2⤵
  PID:2864
- C:\Windows\System\fGpEtvR.exe
  C:\Windows\System\fGpEtvR.exe
  2⤵
  PID:3668
- C:\Windows\System\wAhdPNr.exe
  C:\Windows\System\wAhdPNr.exe
  2⤵
  PID:4180
- C:\Windows\System\nmldNeT.exe
  C:\Windows\System\nmldNeT.exe
  2⤵
  PID:1260
- C:\Windows\System\igrpmPd.exe
  C:\Windows\System\igrpmPd.exe
  2⤵
  PID:4260
- C:\Windows\System\zECSOHC.exe
  C:\Windows\System\zECSOHC.exe
  2⤵
  PID:1436
- C:\Windows\System\GtlusuZ.exe
  C:\Windows\System\GtlusuZ.exe
  2⤵
  PID:2672
- C:\Windows\System\TGtmobZ.exe
  C:\Windows\System\TGtmobZ.exe
  2⤵
  PID:4244
- C:\Windows\System\cezcLZE.exe
  C:\Windows\System\cezcLZE.exe
  2⤵
  PID:4220
- C:\Windows\System\nysbxrL.exe
  C:\Windows\System\nysbxrL.exe
  2⤵
  PID:2904
- C:\Windows\System\VWJWgsk.exe
  C:\Windows\System\VWJWgsk.exe
  2⤵
  PID:2804
- C:\Windows\System\nrUMFOg.exe
  C:\Windows\System\nrUMFOg.exe
  2⤵
  PID:4396
- C:\Windows\System\WvJYxUs.exe
  C:\Windows\System\WvJYxUs.exe
  2⤵
  PID:4324
- C:\Windows\System\VLBpnWu.exe
  C:\Windows\System\VLBpnWu.exe
  2⤵
  PID:2660
- C:\Windows\System\JgRgrSb.exe
  C:\Windows\System\JgRgrSb.exe
  2⤵
  PID:1332
- C:\Windows\System\OXUhTai.exe
  C:\Windows\System\OXUhTai.exe
  2⤵
  PID:988
- C:\Windows\System\woPUYfB.exe
  C:\Windows\System\woPUYfB.exe
  2⤵
  PID:4540
- C:\Windows\System\bKrpPln.exe
  C:\Windows\System\bKrpPln.exe
  2⤵
  PID:4688
- C:\Windows\System\JBHDIdL.exe
  C:\Windows\System\JBHDIdL.exe
  2⤵
  PID:4704
- C:\Windows\System\UTpsLzr.exe
  C:\Windows\System\UTpsLzr.exe
  2⤵
  PID:1432
- C:\Windows\System\WNIPYkh.exe
  C:\Windows\System\WNIPYkh.exe
  2⤵
  PID:4808
- C:\Windows\System\ZAqypjs.exe
  C:\Windows\System\ZAqypjs.exe
  2⤵
  PID:2020
- C:\Windows\System\RazRcbF.exe
  C:\Windows\System\RazRcbF.exe
  2⤵
  PID:2108
- C:\Windows\System\bTZhFKy.exe
  C:\Windows\System\bTZhFKy.exe
  2⤵
  PID:4836
- C:\Windows\System\kIzZJFz.exe
  C:\Windows\System\kIzZJFz.exe
  2⤵
  PID:4896
- C:\Windows\System\KGmtTqW.exe
  C:\Windows\System\KGmtTqW.exe
  2⤵
  PID:4900
- C:\Windows\System\rSqWlKg.exe
  C:\Windows\System\rSqWlKg.exe
  2⤵
  PID:4980
- C:\Windows\System\nBsvVaI.exe
  C:\Windows\System\nBsvVaI.exe
  2⤵
  PID:1748
- C:\Windows\System\syGCkBD.exe
  C:\Windows\System\syGCkBD.exe
  2⤵
  PID:5072
- C:\Windows\System\EUBwfDI.exe
  C:\Windows\System\EUBwfDI.exe
  2⤵
  PID:1476
- C:\Windows\System\sEWwmVi.exe
  C:\Windows\System\sEWwmVi.exe
  2⤵
  PID:3948
- C:\Windows\System\srAqwzv.exe
  C:\Windows\System\srAqwzv.exe
  2⤵
  PID:3556
- C:\Windows\System\WzmiRSS.exe
  C:\Windows\System\WzmiRSS.exe
  2⤵
  PID:4116
- C:\Windows\System\XljlbZn.exe
  C:\Windows\System\XljlbZn.exe
  2⤵
  PID:2728
- C:\Windows\System\fJloKfW.exe
  C:\Windows\System\fJloKfW.exe
  2⤵
  PID:2708
- C:\Windows\System\IFGdDTw.exe
  C:\Windows\System\IFGdDTw.exe
  2⤵
  PID:2704
- C:\Windows\System\cyQzAlg.exe
  C:\Windows\System\cyQzAlg.exe
  2⤵
  PID:668
- C:\Windows\System\TgNZmle.exe
  C:\Windows\System\TgNZmle.exe
  2⤵
  PID:1760
- C:\Windows\System\MUVvprz.exe
  C:\Windows\System\MUVvprz.exe
  2⤵
  PID:4348
- C:\Windows\System\nSaxdma.exe
  C:\Windows\System\nSaxdma.exe
  2⤵
  PID:2896
- C:\Windows\System\FXzrFQf.exe
  C:\Windows\System\FXzrFQf.exe
  2⤵
  PID:2112
- C:\Windows\System\gtwUfXK.exe
  C:\Windows\System\gtwUfXK.exe
  2⤵
  PID:2288
- C:\Windows\System\NEgIixF.exe
  C:\Windows\System\NEgIixF.exe
  2⤵
  PID:4384
- C:\Windows\System\NPWaZrB.exe
  C:\Windows\System\NPWaZrB.exe
  2⤵
  PID:3056
- C:\Windows\System\yomTzeC.exe
  C:\Windows\System\yomTzeC.exe
  2⤵
  PID:4652
- C:\Windows\System\VDCHOXO.exe
  C:\Windows\System\VDCHOXO.exe
  2⤵
  PID:4628
- C:\Windows\System\RlDnegR.exe
  C:\Windows\System\RlDnegR.exe
  2⤵
  PID:4636
- C:\Windows\System\AoFpjYG.exe
  C:\Windows\System\AoFpjYG.exe
  2⤵
  PID:2912
- C:\Windows\System\HVmwoVA.exe
  C:\Windows\System\HVmwoVA.exe
  2⤵
  PID:4712
- C:\Windows\System\jYbgWup.exe
  C:\Windows\System\jYbgWup.exe
  2⤵
  PID:4708
- C:\Windows\System\RbWBMLn.exe
  C:\Windows\System\RbWBMLn.exe
  2⤵
  PID:4752
- C:\Windows\System\tnaqHZL.exe
  C:\Windows\System\tnaqHZL.exe
  2⤵
  PID:5000
- C:\Windows\System\Jisswct.exe
  C:\Windows\System\Jisswct.exe
  2⤵
  PID:5096
- C:\Windows\System\qUxStZu.exe
  C:\Windows\System\qUxStZu.exe
  2⤵
  PID:3732
- C:\Windows\System\JilsXwT.exe
  C:\Windows\System\JilsXwT.exe
  2⤵
  PID:4080
- C:\Windows\System\offDqAf.exe
  C:\Windows\System\offDqAf.exe
  2⤵
  PID:3624
- C:\Windows\System\FbnDDCA.exe
  C:\Windows\System\FbnDDCA.exe
  2⤵
  PID:3712
- C:\Windows\System\UGUfprd.exe
  C:\Windows\System\UGUfprd.exe
  2⤵
  PID:1488
- C:\Windows\System\weYoMDV.exe
  C:\Windows\System\weYoMDV.exe
  2⤵
  PID:2220
- C:\Windows\System\BrLRNJT.exe
  C:\Windows\System\BrLRNJT.exe
  2⤵
  PID:4168
- C:\Windows\System\IKNcXid.exe
  C:\Windows\System\IKNcXid.exe
  2⤵
  PID:2428
- C:\Windows\System\escbksv.exe
  C:\Windows\System\escbksv.exe
  2⤵
  PID:4392
- C:\Windows\System\wBLLqDV.exe
  C:\Windows\System\wBLLqDV.exe
  2⤵
  PID:4224
- C:\Windows\System\AEgjLnw.exe
  C:\Windows\System\AEgjLnw.exe
  2⤵
  PID:4432
- C:\Windows\System\zqqMzFh.exe
  C:\Windows\System\zqqMzFh.exe
  2⤵
  PID:4576
- C:\Windows\System\gTaPAWT.exe
  C:\Windows\System\gTaPAWT.exe
  2⤵
  PID:4616
- C:\Windows\System\XzyUTYq.exe
  C:\Windows\System\XzyUTYq.exe
  2⤵
  PID:4804
- C:\Windows\System\BliZDYG.exe
  C:\Windows\System\BliZDYG.exe
  2⤵
  PID:4872
- C:\Windows\System\PLtDHTU.exe
  C:\Windows\System\PLtDHTU.exe
  2⤵
  PID:5088
- C:\Windows\System\lBIcXDr.exe
  C:\Windows\System\lBIcXDr.exe
  2⤵
  PID:5064
- C:\Windows\System\AIwaJXl.exe
  C:\Windows\System\AIwaJXl.exe
  2⤵
  PID:4924
- C:\Windows\System\ikpFZxt.exe
  C:\Windows\System\ikpFZxt.exe
  2⤵
  PID:4044
- C:\Windows\System\EKUetff.exe
  C:\Windows\System\EKUetff.exe
  2⤵
  PID:4368
- C:\Windows\System\kItQMyr.exe
  C:\Windows\System\kItQMyr.exe
  2⤵
  PID:2364
- C:\Windows\System\VgPztWG.exe
  C:\Windows\System\VgPztWG.exe
  2⤵
  PID:3628
- C:\Windows\System\CroftrJ.exe
  C:\Windows\System\CroftrJ.exe
  2⤵
  PID:1084
- C:\Windows\System\ABvBzid.exe
  C:\Windows\System\ABvBzid.exe
  2⤵
  PID:4408
- C:\Windows\System\GQsGLxC.exe
  C:\Windows\System\GQsGLxC.exe
  2⤵
  PID:4488
- C:\Windows\System\tNTPitd.exe
  C:\Windows\System\tNTPitd.exe
  2⤵
  PID:5048
- C:\Windows\System\BGgvbhI.exe
  C:\Windows\System\BGgvbhI.exe
  2⤵
  PID:4292
- C:\Windows\System\eGkmQeu.exe
  C:\Windows\System\eGkmQeu.exe
  2⤵
  PID:5092
- C:\Windows\System\aESjkYP.exe
  C:\Windows\System\aESjkYP.exe
  2⤵
  PID:2612
- C:\Windows\System\EXEoEFG.exe
  C:\Windows\System\EXEoEFG.exe
  2⤵
  PID:2960
- C:\Windows\System\xmxWNgC.exe
  C:\Windows\System\xmxWNgC.exe
  2⤵
  PID:3412
- C:\Windows\System\QLLbvas.exe
  C:\Windows\System\QLLbvas.exe
  2⤵
  PID:3144
- C:\Windows\System\FPukUoz.exe
  C:\Windows\System\FPukUoz.exe
  2⤵
  PID:2780
- C:\Windows\System\OEkjsSH.exe
  C:\Windows\System\OEkjsSH.exe
  2⤵
  PID:1356
- C:\Windows\System\pWunFjF.exe
  C:\Windows\System\pWunFjF.exe
  2⤵
  PID:4196
- C:\Windows\System\nTCsKdp.exe
  C:\Windows\System\nTCsKdp.exe
  2⤵
  PID:1560
- C:\Windows\System\eFSCplh.exe
  C:\Windows\System\eFSCplh.exe
  2⤵
  PID:2180
- C:\Windows\System\LLEOOot.exe
  C:\Windows\System\LLEOOot.exe
  2⤵
  PID:2920
- C:\Windows\System\homocdP.exe
  C:\Windows\System\homocdP.exe
  2⤵
  PID:2640
- C:\Windows\System\wQCyRau.exe
  C:\Windows\System\wQCyRau.exe
  2⤵
  PID:4496
- C:\Windows\System\EReCqEL.exe
  C:\Windows\System\EReCqEL.exe
  2⤵
  PID:1792
- C:\Windows\System\OXJXgVx.exe
  C:\Windows\System\OXJXgVx.exe
  2⤵
  PID:4192
- C:\Windows\System\YzsebMF.exe
  C:\Windows\System\YzsebMF.exe
  2⤵
  PID:4736
- C:\Windows\System\EFWCGYb.exe
  C:\Windows\System\EFWCGYb.exe
  2⤵
  PID:1144
- C:\Windows\System\WGSQqyk.exe
  C:\Windows\System\WGSQqyk.exe
  2⤵
  PID:5132
- C:\Windows\System\pQILxyz.exe
  C:\Windows\System\pQILxyz.exe
  2⤵
  PID:5148
- C:\Windows\System\rGDAcBY.exe
  C:\Windows\System\rGDAcBY.exe
  2⤵
  PID:5232
- C:\Windows\System\ZqOzIXj.exe
  C:\Windows\System\ZqOzIXj.exe
  2⤵
  PID:5272
- C:\Windows\System\TIjaCFt.exe
  C:\Windows\System\TIjaCFt.exe
  2⤵
  PID:5288
- C:\Windows\System\xUGMPKW.exe
  C:\Windows\System\xUGMPKW.exe
  2⤵
  PID:5304
- C:\Windows\System\NLPpFoo.exe
  C:\Windows\System\NLPpFoo.exe
  2⤵
  PID:5344
- C:\Windows\System\lYrZwMF.exe
  C:\Windows\System\lYrZwMF.exe
  2⤵
  PID:5360
- C:\Windows\System\igYzUhC.exe
  C:\Windows\System\igYzUhC.exe
  2⤵
  PID:5376
- C:\Windows\System\WwOahhH.exe
  C:\Windows\System\WwOahhH.exe
  2⤵
  PID:5392
- C:\Windows\System\kroHtrE.exe
  C:\Windows\System\kroHtrE.exe
  2⤵
  PID:5420
- C:\Windows\System\iZlxlJB.exe
  C:\Windows\System\iZlxlJB.exe
  2⤵
  PID:5436
- C:\Windows\System\pczVTMR.exe
  C:\Windows\System\pczVTMR.exe
  2⤵
  PID:5460
- C:\Windows\System\PtlgYjX.exe
  C:\Windows\System\PtlgYjX.exe
  2⤵
  PID:5476
- C:\Windows\System\kxMRFJU.exe
  C:\Windows\System\kxMRFJU.exe
  2⤵
  PID:5500
- C:\Windows\System\fdjFEkf.exe
  C:\Windows\System\fdjFEkf.exe
  2⤵
  PID:5524
- C:\Windows\System\JWAnLdM.exe
  C:\Windows\System\JWAnLdM.exe
  2⤵
  PID:5548
- C:\Windows\System\btNuYvQ.exe
  C:\Windows\System\btNuYvQ.exe
  2⤵
  PID:5572
- C:\Windows\System\wdWocZX.exe
  C:\Windows\System\wdWocZX.exe
  2⤵
  PID:5588
- C:\Windows\System\MOSNtoR.exe
  C:\Windows\System\MOSNtoR.exe
  2⤵
  PID:5604
- C:\Windows\System\fWwTfJC.exe
  C:\Windows\System\fWwTfJC.exe
  2⤵
  PID:5620
- C:\Windows\System\VwErQol.exe
  C:\Windows\System\VwErQol.exe
  2⤵
  PID:5656
- C:\Windows\System\sRmqZZY.exe
  C:\Windows\System\sRmqZZY.exe
  2⤵
  PID:5692
- C:\Windows\System\sIsnaXy.exe
  C:\Windows\System\sIsnaXy.exe
  2⤵
  PID:5712
- C:\Windows\System\dDzuuVx.exe
  C:\Windows\System\dDzuuVx.exe
  2⤵
  PID:5744
- C:\Windows\System\BYRbLsO.exe
  C:\Windows\System\BYRbLsO.exe
  2⤵
  PID:5776
- C:\Windows\System\PunjlmF.exe
  C:\Windows\System\PunjlmF.exe
  2⤵
  PID:5792
- C:\Windows\System\LjaAIDi.exe
  C:\Windows\System\LjaAIDi.exe
  2⤵
  PID:5816
- C:\Windows\System\WhPetPx.exe
  C:\Windows\System\WhPetPx.exe
  2⤵
  PID:5852
- C:\Windows\System\UHzRLvS.exe
  C:\Windows\System\UHzRLvS.exe
  2⤵
  PID:5872
- C:\Windows\System\xQbtfuH.exe
  C:\Windows\System\xQbtfuH.exe
  2⤵
  PID:5892
- C:\Windows\System\HeSgDKf.exe
  C:\Windows\System\HeSgDKf.exe
  2⤵
  PID:5916
- C:\Windows\System\aEqnyvi.exe
  C:\Windows\System\aEqnyvi.exe
  2⤵
  PID:5936
- C:\Windows\System\MpnYWnd.exe
  C:\Windows\System\MpnYWnd.exe
  2⤵
  PID:5984
- C:\Windows\System\SRofKVP.exe
  C:\Windows\System\SRofKVP.exe
  2⤵
  PID:6008
- C:\Windows\System\FcmgJln.exe
  C:\Windows\System\FcmgJln.exe
  2⤵
  PID:6040
- C:\Windows\System\KYizOTf.exe
  C:\Windows\System\KYizOTf.exe
  2⤵
  PID:6056
- C:\Windows\System\WwfJQHz.exe
  C:\Windows\System\WwfJQHz.exe
  2⤵
  PID:6080
- C:\Windows\System\bBgIZwm.exe
  C:\Windows\System\bBgIZwm.exe
  2⤵
  PID:6104
- C:\Windows\System\DUmddJN.exe
  C:\Windows\System\DUmddJN.exe
  2⤵
  PID:6136
- C:\Windows\System\OgspiSA.exe
  C:\Windows\System\OgspiSA.exe
  2⤵
  PID:5128
- C:\Windows\System\YiJbmts.exe
  C:\Windows\System\YiJbmts.exe
  2⤵
  PID:2944
- C:\Windows\System\RfclqgH.exe
  C:\Windows\System\RfclqgH.exe
  2⤵
  PID:4420
- C:\Windows\System\GFkLhRe.exe
  C:\Windows\System\GFkLhRe.exe
  2⤵
  PID:5172
- C:\Windows\System\ajTYJzF.exe
  C:\Windows\System\ajTYJzF.exe
  2⤵
  PID:5200
- C:\Windows\System\wIhHavQ.exe
  C:\Windows\System\wIhHavQ.exe
  2⤵
  PID:5228
- C:\Windows\System\lJOlLxq.exe
  C:\Windows\System\lJOlLxq.exe
  2⤵
  PID:5260
- C:\Windows\System\gtRuaYy.exe
  C:\Windows\System\gtRuaYy.exe
  2⤵
  PID:5320
- C:\Windows\System\jtAKpsI.exe
  C:\Windows\System\jtAKpsI.exe
  2⤵
  PID:5368
- C:\Windows\System\VokFQKV.exe
  C:\Windows\System\VokFQKV.exe
  2⤵
  PID:5444
- C:\Windows\System\mOyXdkz.exe
  C:\Windows\System\mOyXdkz.exe
  2⤵
  PID:5496
- C:\Windows\System\fhwTKSR.exe
  C:\Windows\System\fhwTKSR.exe
  2⤵
  PID:5544
- C:\Windows\System\RMpUSwk.exe
  C:\Windows\System\RMpUSwk.exe
  2⤵
  PID:5468
- C:\Windows\System\XHxvuQA.exe
  C:\Windows\System\XHxvuQA.exe
  2⤵
  PID:5612
- C:\Windows\System\AIvOMxQ.exe
  C:\Windows\System\AIvOMxQ.exe
  2⤵
  PID:5508
- C:\Windows\System\RACVpsa.exe
  C:\Windows\System\RACVpsa.exe
  2⤵
  PID:5564
- C:\Windows\System\AsUXgWJ.exe
  C:\Windows\System\AsUXgWJ.exe
  2⤵
  PID:5672
- C:\Windows\System\VeQDrTW.exe
  C:\Windows\System\VeQDrTW.exe
  2⤵
  PID:5684
- C:\Windows\System\WjhzYIN.exe
  C:\Windows\System\WjhzYIN.exe
  2⤵
  PID:5688
- C:\Windows\System\hNtbCZi.exe
  C:\Windows\System\hNtbCZi.exe
  2⤵
  PID:5560
- C:\Windows\System\XWDafEI.exe
  C:\Windows\System\XWDafEI.exe
  2⤵
  PID:5824
- C:\Windows\System\HQVwLYH.exe
  C:\Windows\System\HQVwLYH.exe
  2⤵
  PID:5764
- C:\Windows\System\GNySsOp.exe
  C:\Windows\System\GNySsOp.exe
  2⤵
  PID:5880
- C:\Windows\System\ixrhtNf.exe
  C:\Windows\System\ixrhtNf.exe
  2⤵
  PID:5768
- C:\Windows\System\vuDkMrF.exe
  C:\Windows\System\vuDkMrF.exe
  2⤵
  PID:5708
- C:\Windows\System\pROPwTQ.exe
  C:\Windows\System\pROPwTQ.exe
  2⤵
  PID:5956
- C:\Windows\System\qBxFmKH.exe
  C:\Windows\System\qBxFmKH.exe
  2⤵
  PID:6000
- C:\Windows\System\oiWjXjz.exe
  C:\Windows\System\oiWjXjz.exe
  2⤵
  PID:5964
- C:\Windows\System\nFqoPMK.exe
  C:\Windows\System\nFqoPMK.exe
  2⤵
  PID:5908
- C:\Windows\System\zgnoinc.exe
  C:\Windows\System\zgnoinc.exe
  2⤵
  PID:6032
- C:\Windows\System\oUnkJsD.exe
  C:\Windows\System\oUnkJsD.exe
  2⤵
  PID:6052
- C:\Windows\System\EuHqRLG.exe
  C:\Windows\System\EuHqRLG.exe
  2⤵
  PID:6092
- C:\Windows\System\BWDGQLv.exe
  C:\Windows\System\BWDGQLv.exe
  2⤵
  PID:6120
- C:\Windows\System\xXLhLeG.exe
  C:\Windows\System\xXLhLeG.exe
  2⤵
  PID:4680
- C:\Windows\System\CnLZTlq.exe
  C:\Windows\System\CnLZTlq.exe
  2⤵
  PID:5124
- C:\Windows\System\YxMGfIx.exe
  C:\Windows\System\YxMGfIx.exe
  2⤵
  PID:4160
- C:\Windows\System\NnIRhMq.exe
  C:\Windows\System\NnIRhMq.exe
  2⤵
  PID:2156
- C:\Windows\System\UKcQopo.exe
  C:\Windows\System\UKcQopo.exe
  2⤵
  PID:5332
- C:\Windows\System\xVFxbHa.exe
  C:\Windows\System\xVFxbHa.exe
  2⤵
  PID:5492
- C:\Windows\System\jvVZtCc.exe
  C:\Windows\System\jvVZtCc.exe
  2⤵
  PID:5404
- C:\Windows\System\FbeWMic.exe
  C:\Windows\System\FbeWMic.exe
  2⤵
  PID:5600
- C:\Windows\System\XpynTdu.exe
  C:\Windows\System\XpynTdu.exe
  2⤵
  PID:5412
- C:\Windows\System\rnwHqBe.exe
  C:\Windows\System\rnwHqBe.exe
  2⤵
  PID:5644
- C:\Windows\System\ZNHzaWS.exe
  C:\Windows\System\ZNHzaWS.exe
  2⤵
  PID:5540
- C:\Windows\System\NBtbrtN.exe
  C:\Windows\System\NBtbrtN.exe
  2⤵
  PID:5740
- C:\Windows\System\WcEMjYt.exe
  C:\Windows\System\WcEMjYt.exe
  2⤵
  PID:5728
- C:\Windows\System\ymAUAYt.exe
  C:\Windows\System\ymAUAYt.exe
  2⤵
  PID:5516
- C:\Windows\System\yxjVNIq.exe
  C:\Windows\System\yxjVNIq.exe
  2⤵
  PID:5760
- C:\Windows\System\ovElKIN.exe
  C:\Windows\System\ovElKIN.exe
  2⤵
  PID:5968
- C:\Windows\System\HFMCtVM.exe
  C:\Windows\System\HFMCtVM.exe
  2⤵
  PID:6036
- C:\Windows\System\EbEHObG.exe
  C:\Windows\System\EbEHObG.exe
  2⤵
  PID:6112
- C:\Windows\System\nACBgCw.exe
  C:\Windows\System\nACBgCw.exe
  2⤵
  PID:6072
- C:\Windows\System\FzOkrIG.exe
  C:\Windows\System\FzOkrIG.exe
  2⤵
  PID:2184
- C:\Windows\System\jTfKxtt.exe
  C:\Windows\System\jTfKxtt.exe
  2⤵
  PID:4780
- C:\Windows\System\gIVLrLz.exe
  C:\Windows\System\gIVLrLz.exe
  2⤵
  PID:5632
- C:\Windows\System\GALWgvU.exe
  C:\Windows\System\GALWgvU.exe
  2⤵
  PID:5844
- C:\Windows\System\acBTYVm.exe
  C:\Windows\System\acBTYVm.exe
  2⤵
  PID:5848
- C:\Windows\System\uiOwIQs.exe
  C:\Windows\System\uiOwIQs.exe
  2⤵
  PID:5732
- C:\Windows\System\XKnbjms.exe
  C:\Windows\System\XKnbjms.exe
  2⤵
  PID:5864
- C:\Windows\System\JlBeRvP.exe
  C:\Windows\System\JlBeRvP.exe
  2⤵
  PID:5948
- C:\Windows\System\kLChKhW.exe
  C:\Windows\System\kLChKhW.exe
  2⤵
  PID:6116
- C:\Windows\System\PdvZBus.exe
  C:\Windows\System\PdvZBus.exe
  2⤵
  PID:5192
- C:\Windows\System\dNBHhAI.exe
  C:\Windows\System\dNBHhAI.exe
  2⤵
  PID:5924
- C:\Windows\System\vDwPqRe.exe
  C:\Windows\System\vDwPqRe.exe
  2⤵
  PID:5188
- C:\Windows\System\uQzaUEB.exe
  C:\Windows\System\uQzaUEB.exe
  2⤵
  PID:5336
- C:\Windows\System\MbhAiwH.exe
  C:\Windows\System\MbhAiwH.exe
  2⤵
  PID:5296
- C:\Windows\System\PclkIIZ.exe
  C:\Windows\System\PclkIIZ.exe
  2⤵
  PID:5312
- C:\Windows\System\SlssWVw.exe
  C:\Windows\System\SlssWVw.exe
  2⤵
  PID:5788
- C:\Windows\System\GqqJsFy.exe
  C:\Windows\System\GqqJsFy.exe
  2⤵
  PID:5648
- C:\Windows\System\rohGRAv.exe
  C:\Windows\System\rohGRAv.exe
  2⤵
  PID:5944
- C:\Windows\System\nrKrCpB.exe
  C:\Windows\System\nrKrCpB.exe
  2⤵
  PID:6132
- C:\Windows\System\pFrlStB.exe
  C:\Windows\System\pFrlStB.exe
  2⤵
  PID:5244
- C:\Windows\System\VmwFqhW.exe
  C:\Windows\System\VmwFqhW.exe
  2⤵
  PID:5216
- C:\Windows\System\UcuGnAR.exe
  C:\Windows\System\UcuGnAR.exe
  2⤵
  PID:5156
- C:\Windows\System\nEQhbjf.exe
  C:\Windows\System\nEQhbjf.exe
  2⤵
  PID:2956
- C:\Windows\System\tKIfdSF.exe
  C:\Windows\System\tKIfdSF.exe
  2⤵
  PID:5860
- C:\Windows\System\kWSaUfF.exe
  C:\Windows\System\kWSaUfF.exe
  2⤵
  PID:5168
- C:\Windows\System\TzMZuxc.exe
  C:\Windows\System\TzMZuxc.exe
  2⤵
  PID:5416
- C:\Windows\System\hUyovpX.exe
  C:\Windows\System\hUyovpX.exe
  2⤵
  PID:5996
- C:\Windows\System\XCGsCvV.exe
  C:\Windows\System\XCGsCvV.exe
  2⤵
  PID:5536
- C:\Windows\System\zpwwGju.exe
  C:\Windows\System\zpwwGju.exe
  2⤵
  PID:6020
- C:\Windows\System\ARaYHzd.exe
  C:\Windows\System\ARaYHzd.exe
  2⤵
  PID:5704
- C:\Windows\System\XMhQeOt.exe
  C:\Windows\System\XMhQeOt.exe
  2⤵
  PID:5400
- C:\Windows\System\cBiXWIa.exe
  C:\Windows\System\cBiXWIa.exe
  2⤵
  PID:6152
- C:\Windows\System\aJZQiTv.exe
  C:\Windows\System\aJZQiTv.exe
  2⤵
  PID:6168
- C:\Windows\System\UmdzQOT.exe
  C:\Windows\System\UmdzQOT.exe
  2⤵
  PID:6232
- C:\Windows\System\GKnmmRx.exe
  C:\Windows\System\GKnmmRx.exe
  2⤵
  PID:6248
- C:\Windows\System\LBYmNFi.exe
  C:\Windows\System\LBYmNFi.exe
  2⤵
  PID:6268
- C:\Windows\System\itLAiGb.exe
  C:\Windows\System\itLAiGb.exe
  2⤵
  PID:6296
- C:\Windows\System\ySGDWkC.exe
  C:\Windows\System\ySGDWkC.exe
  2⤵
  PID:6312
- C:\Windows\System\lkwJaGN.exe
  C:\Windows\System\lkwJaGN.exe
  2⤵
  PID:6332
- C:\Windows\System\JwxvBYX.exe
  C:\Windows\System\JwxvBYX.exe
  2⤵
  PID:6352
- C:\Windows\System\CXaFKqG.exe
  C:\Windows\System\CXaFKqG.exe
  2⤵
  PID:6376
- C:\Windows\System\staevYE.exe
  C:\Windows\System\staevYE.exe
  2⤵
  PID:6392
- C:\Windows\System\aHCfVsf.exe
  C:\Windows\System\aHCfVsf.exe
  2⤵
  PID:6408
- C:\Windows\System\fVTJPNC.exe
  C:\Windows\System\fVTJPNC.exe
  2⤵
  PID:6428
- C:\Windows\System\GbIBMHt.exe
  C:\Windows\System\GbIBMHt.exe
  2⤵
  PID:6456
- C:\Windows\System\yOiEFct.exe
  C:\Windows\System\yOiEFct.exe
  2⤵
  PID:6472
- C:\Windows\System\cVrKGLn.exe
  C:\Windows\System\cVrKGLn.exe
  2⤵
  PID:6492
- C:\Windows\System\zYJIQNJ.exe
  C:\Windows\System\zYJIQNJ.exe
  2⤵
  PID:6512
- C:\Windows\System\dfWahPD.exe
  C:\Windows\System\dfWahPD.exe
  2⤵
  PID:6532
- C:\Windows\System\pYMetdk.exe
  C:\Windows\System\pYMetdk.exe
  2⤵
  PID:6552
- C:\Windows\System\XpdJxDa.exe
  C:\Windows\System\XpdJxDa.exe
  2⤵
  PID:6572
- C:\Windows\System\uyIePGs.exe
  C:\Windows\System\uyIePGs.exe
  2⤵
  PID:6600
- C:\Windows\System\aHMFAMo.exe
  C:\Windows\System\aHMFAMo.exe
  2⤵
  PID:6672
- C:\Windows\System\ttegvMA.exe
  C:\Windows\System\ttegvMA.exe
  2⤵
  PID:6692
- C:\Windows\System\KPeVSID.exe
  C:\Windows\System\KPeVSID.exe
  2⤵
  PID:6712
- C:\Windows\System\XbPtHWv.exe
  C:\Windows\System\XbPtHWv.exe
  2⤵
  PID:6732
- C:\Windows\System\mplUFDD.exe
  C:\Windows\System\mplUFDD.exe
  2⤵
  PID:6748
- C:\Windows\System\GBoHIiE.exe
  C:\Windows\System\GBoHIiE.exe
  2⤵
  PID:6772
- C:\Windows\System\qqYOLwL.exe
  C:\Windows\System\qqYOLwL.exe
  2⤵
  PID:6828
- C:\Windows\System\gsVKLoA.exe
  C:\Windows\System\gsVKLoA.exe
  2⤵
  PID:6844
- C:\Windows\System\geYMecm.exe
  C:\Windows\System\geYMecm.exe
  2⤵
  PID:6860
- C:\Windows\System\bFKIvgf.exe
  C:\Windows\System\bFKIvgf.exe
  2⤵
  PID:6876
- C:\Windows\System\NESFFSF.exe
  C:\Windows\System\NESFFSF.exe
  2⤵
  PID:6900
- C:\Windows\System\ksdaEaL.exe
  C:\Windows\System\ksdaEaL.exe
  2⤵
  PID:6948
- C:\Windows\System\snGnmNt.exe
  C:\Windows\System\snGnmNt.exe
  2⤵
  PID:6964
- C:\Windows\System\tnMEkne.exe
  C:\Windows\System\tnMEkne.exe
  2⤵
  PID:6980
- C:\Windows\System\Ijaxulb.exe
  C:\Windows\System\Ijaxulb.exe
  2⤵
  PID:7028
- C:\Windows\System\RPFKDLA.exe
  C:\Windows\System\RPFKDLA.exe
  2⤵
  PID:7044
- C:\Windows\System\fueTpIy.exe
  C:\Windows\System\fueTpIy.exe
  2⤵
  PID:7060
- C:\Windows\System\SKDESqZ.exe
  C:\Windows\System\SKDESqZ.exe
  2⤵
  PID:7076
- C:\Windows\System\bwuyelP.exe
  C:\Windows\System\bwuyelP.exe
  2⤵
  PID:7096
- C:\Windows\System\euIsuaj.exe
  C:\Windows\System\euIsuaj.exe
  2⤵
  PID:7112
- C:\Windows\System\lYaFkKn.exe
  C:\Windows\System\lYaFkKn.exe
  2⤵
  PID:7132
- C:\Windows\System\EuPQPFo.exe
  C:\Windows\System\EuPQPFo.exe
  2⤵
  PID:7152
- C:\Windows\System\tYpXkhC.exe
  C:\Windows\System\tYpXkhC.exe
  2⤵
  PID:5700
- C:\Windows\System\yOTfFFN.exe
  C:\Windows\System\yOTfFFN.exe
  2⤵
  PID:5800
- C:\Windows\System\cDbzSKn.exe
  C:\Windows\System\cDbzSKn.exe
  2⤵
  PID:6204
- C:\Windows\System\hfvFmFL.exe
  C:\Windows\System\hfvFmFL.exe
  2⤵
  PID:6200
- C:\Windows\System\kvXisIl.exe
  C:\Windows\System\kvXisIl.exe
  2⤵
  PID:6224
- C:\Windows\System\cMmCwrr.exe
  C:\Windows\System\cMmCwrr.exe
  2⤵
  PID:6292
- C:\Windows\System\SmioxdR.exe
  C:\Windows\System\SmioxdR.exe
  2⤵
  PID:6360
- C:\Windows\System\lRdrVRs.exe
  C:\Windows\System\lRdrVRs.exe
  2⤵
  PID:6372
- C:\Windows\System\ybZFWck.exe
  C:\Windows\System\ybZFWck.exe
  2⤵
  PID:6452
- C:\Windows\System\emGpcCO.exe
  C:\Windows\System\emGpcCO.exe
  2⤵
  PID:6480
- C:\Windows\System\BlXovLt.exe
  C:\Windows\System\BlXovLt.exe
  2⤵
  PID:6524
- C:\Windows\System\RrXTqMW.exe
  C:\Windows\System\RrXTqMW.exe
  2⤵
  PID:6608
- C:\Windows\System\XSeCmWu.exe
  C:\Windows\System\XSeCmWu.exe
  2⤵
  PID:6416
- C:\Windows\System\vurPTwr.exe
  C:\Windows\System\vurPTwr.exe
  2⤵
  PID:6640
- C:\Windows\System\LgvvBdH.exe
  C:\Windows\System\LgvvBdH.exe
  2⤵
  PID:6348
- C:\Windows\System\DcuGQxS.exe
  C:\Windows\System\DcuGQxS.exe
  2⤵
  PID:6544
- C:\Windows\System\wwouNlY.exe
  C:\Windows\System\wwouNlY.exe
  2⤵
  PID:6684
- C:\Windows\System\ZKnpMAr.exe
  C:\Windows\System\ZKnpMAr.exe
  2⤵
  PID:6744
- C:\Windows\System\gigqjav.exe
  C:\Windows\System\gigqjav.exe
  2⤵
  PID:6784
- C:\Windows\System\lzrgXgX.exe
  C:\Windows\System\lzrgXgX.exe
  2⤵
  PID:6796
- C:\Windows\System\gOFnSvH.exe
  C:\Windows\System\gOFnSvH.exe
  2⤵
  PID:6852
- C:\Windows\System\YdusmVP.exe
  C:\Windows\System\YdusmVP.exe
  2⤵
  PID:6896
- C:\Windows\System\lpfkqeq.exe
  C:\Windows\System\lpfkqeq.exe
  2⤵
  PID:6920
- C:\Windows\System\wWSQSzK.exe
  C:\Windows\System\wWSQSzK.exe
  2⤵
  PID:6924
- C:\Windows\System\fXjmTdN.exe
  C:\Windows\System\fXjmTdN.exe
  2⤵
  PID:6944
- C:\Windows\System\gfmNboC.exe
  C:\Windows\System\gfmNboC.exe
  2⤵
  PID:6988
- C:\Windows\System\CDtkrZK.exe
  C:\Windows\System\CDtkrZK.exe
  2⤵
  PID:6992
- C:\Windows\System\NihLcfx.exe
  C:\Windows\System\NihLcfx.exe
  2⤵
  PID:7020
- C:\Windows\System\vZAyftV.exe
  C:\Windows\System\vZAyftV.exe
  2⤵
  PID:7084
- C:\Windows\System\TSCbjib.exe
  C:\Windows\System\TSCbjib.exe
  2⤵
  PID:7128
- C:\Windows\System\JiKoHbM.exe
  C:\Windows\System\JiKoHbM.exe
  2⤵
  PID:6148
- C:\Windows\System\cwkVicD.exe
  C:\Windows\System\cwkVicD.exe
  2⤵
  PID:7040
- C:\Windows\System\EKjmMqk.exe
  C:\Windows\System\EKjmMqk.exe
  2⤵
  PID:5804
- C:\Windows\System\uCsuCat.exe
  C:\Windows\System\uCsuCat.exe
  2⤵
  PID:6328
- C:\Windows\System\csYkfAc.exe
  C:\Windows\System\csYkfAc.exe
  2⤵
  PID:6440
- C:\Windows\System\AjQjncd.exe
  C:\Windows\System\AjQjncd.exe
  2⤵
  PID:5680
- C:\Windows\System\hoHhjje.exe
  C:\Windows\System\hoHhjje.exe
  2⤵
  PID:6180
- C:\Windows\System\zXcetny.exe
  C:\Windows\System\zXcetny.exe
  2⤵
  PID:6564
- C:\Windows\System\lAEOPte.exe
  C:\Windows\System\lAEOPte.exe
  2⤵
  PID:6244
- C:\Windows\System\FYcWYlL.exe
  C:\Windows\System\FYcWYlL.exe
  2⤵
  PID:6256
- C:\Windows\System\UvLFpHl.exe
  C:\Windows\System\UvLFpHl.exe
  2⤵
  PID:6560
- C:\Windows\System\ZKrVnOr.exe
  C:\Windows\System\ZKrVnOr.exe
  2⤵
  PID:6388
- C:\Windows\System\pSQwRfU.exe
  C:\Windows\System\pSQwRfU.exe
  2⤵
  PID:6308
- C:\Windows\System\YrgeKwf.exe
  C:\Windows\System\YrgeKwf.exe
  2⤵
  PID:6824
- C:\Windows\System\UEIpAqr.exe
  C:\Windows\System\UEIpAqr.exe
  2⤵
  PID:6940
- C:\Windows\System\WxtnbOF.exe
  C:\Windows\System\WxtnbOF.exe
  2⤵
  PID:6996
- C:\Windows\System\XrPDghn.exe
  C:\Windows\System\XrPDghn.exe
  2⤵
  PID:7164
- C:\Windows\System\pitBaMi.exe
  C:\Windows\System\pitBaMi.exe
  2⤵
  PID:6220
- C:\Windows\System\jynENxN.exe
  C:\Windows\System\jynENxN.exe
  2⤵
  PID:7148
- C:\Windows\System\eYpkWnt.exe
  C:\Windows\System\eYpkWnt.exe
  2⤵
  PID:6884
- C:\Windows\System\BdfohNA.exe
  C:\Windows\System\BdfohNA.exe
  2⤵
  PID:6760
- C:\Windows\System\thCTVkS.exe
  C:\Windows\System\thCTVkS.exe
  2⤵
  PID:7120
- C:\Windows\System\ViQudEb.exe
  C:\Windows\System\ViQudEb.exe
  2⤵
  PID:6768
- C:\Windows\System\zXOLorm.exe
  C:\Windows\System\zXOLorm.exe
  2⤵
  PID:6068
- C:\Windows\System\KLngzJm.exe
  C:\Windows\System\KLngzJm.exe
  2⤵
  PID:6192
- C:\Windows\System\YJZUCUS.exe
  C:\Windows\System\YJZUCUS.exe
  2⤵
  PID:6368
- C:\Windows\System\KlhHVrE.exe
  C:\Windows\System\KlhHVrE.exe
  2⤵
  PID:6568
- C:\Windows\System\szjcAFm.exe
  C:\Windows\System\szjcAFm.exe
  2⤵
  PID:6932
- C:\Windows\System\nMaPCJf.exe
  C:\Windows\System\nMaPCJf.exe
  2⤵
  PID:6540
- C:\Windows\System\YeHtkiC.exe
  C:\Windows\System\YeHtkiC.exe
  2⤵
  PID:6596
- C:\Windows\System\DzZSqMo.exe
  C:\Windows\System\DzZSqMo.exe
  2⤵
  PID:5972
- C:\Windows\System\Jxguqrs.exe
  C:\Windows\System\Jxguqrs.exe
  2⤵
  PID:6816
- C:\Windows\System\JFmLEPb.exe
  C:\Windows\System\JFmLEPb.exe
  2⤵
  PID:6808
- C:\Windows\System\lyZteyG.exe
  C:\Windows\System\lyZteyG.exe
  2⤵
  PID:6708
- C:\Windows\System\zSUyYLd.exe
  C:\Windows\System\zSUyYLd.exe
  2⤵
  PID:5284
- C:\Windows\System\UbDFegf.exe
  C:\Windows\System\UbDFegf.exe
  2⤵
  PID:7072
- C:\Windows\System\rxbNjWu.exe
  C:\Windows\System\rxbNjWu.exe
  2⤵
  PID:6264
- C:\Windows\System\cyUqNvz.exe
  C:\Windows\System\cyUqNvz.exe
  2⤵
  PID:6616
- C:\Windows\System\uuiWKyk.exe
  C:\Windows\System\uuiWKyk.exe
  2⤵
  PID:6592
- C:\Windows\System\ktPQMVn.exe
  C:\Windows\System\ktPQMVn.exe
  2⤵
  PID:6584
- C:\Windows\System\NgbJUlQ.exe
  C:\Windows\System\NgbJUlQ.exe
  2⤵
  PID:6548
- C:\Windows\System\DDNyjQw.exe
  C:\Windows\System\DDNyjQw.exe
  2⤵
  PID:7144
- C:\Windows\System\ATDHkbA.exe
  C:\Windows\System\ATDHkbA.exe
  2⤵
  PID:7036
- C:\Windows\System\rktzzdO.exe
  C:\Windows\System\rktzzdO.exe
  2⤵
  PID:6196
- C:\Windows\System\XgcvzzM.exe
  C:\Windows\System\XgcvzzM.exe
  2⤵
  PID:6628
- C:\Windows\System\XNPshgf.exe
  C:\Windows\System\XNPshgf.exe
  2⤵
  PID:5568
- C:\Windows\System\fuJFKDj.exe
  C:\Windows\System\fuJFKDj.exe
  2⤵
  PID:6580
- C:\Windows\System\ENVvpvZ.exe
  C:\Windows\System\ENVvpvZ.exe
  2⤵
  PID:6704
- C:\Windows\System\VMhxLnR.exe
  C:\Windows\System\VMhxLnR.exe
  2⤵
  PID:6916
- C:\Windows\System\mvWAvYz.exe
  C:\Windows\System\mvWAvYz.exe
  2⤵
  PID:6320
- C:\Windows\System\MXcNvbw.exe
  C:\Windows\System\MXcNvbw.exe
  2⤵
  PID:6344
- C:\Windows\System\LGlRUpL.exe
  C:\Windows\System\LGlRUpL.exe
  2⤵
  PID:6176
- C:\Windows\System\HiejgGp.exe
  C:\Windows\System\HiejgGp.exe
  2⤵
  PID:6588
- C:\Windows\System\sHzRSLv.exe
  C:\Windows\System\sHzRSLv.exe
  2⤵
  PID:7108
- C:\Windows\System\kNtpvDd.exe
  C:\Windows\System\kNtpvDd.exe
  2⤵
  PID:7196
- C:\Windows\System\ewMZyeY.exe
  C:\Windows\System\ewMZyeY.exe
  2⤵
  PID:7212
- C:\Windows\System\DZOfwnn.exe
  C:\Windows\System\DZOfwnn.exe
  2⤵
  PID:7228
- C:\Windows\System\MuwIyUD.exe
  C:\Windows\System\MuwIyUD.exe
  2⤵
  PID:7244
- C:\Windows\System\pLuqgDq.exe
  C:\Windows\System\pLuqgDq.exe
  2⤵
  PID:7292
- C:\Windows\System\lRouyuK.exe
  C:\Windows\System\lRouyuK.exe
  2⤵
  PID:7308
- C:\Windows\System\cFOcYuJ.exe
  C:\Windows\System\cFOcYuJ.exe
  2⤵
  PID:7324
- C:\Windows\System\tFWgWfY.exe
  C:\Windows\System\tFWgWfY.exe
  2⤵
  PID:7340
- C:\Windows\System\xrMaaTA.exe
  C:\Windows\System\xrMaaTA.exe
  2⤵
  PID:7372
- C:\Windows\System\LLivhBF.exe
  C:\Windows\System\LLivhBF.exe
  2⤵
  PID:7388
- C:\Windows\System\bafZSbN.exe
  C:\Windows\System\bafZSbN.exe
  2⤵
  PID:7408
- C:\Windows\System\ZQEHfzE.exe
  C:\Windows\System\ZQEHfzE.exe
  2⤵
  PID:7428
- C:\Windows\System\ZsvCvJJ.exe
  C:\Windows\System\ZsvCvJJ.exe
  2⤵
  PID:7444
- C:\Windows\System\EPqtcru.exe
  C:\Windows\System\EPqtcru.exe
  2⤵
  PID:7460
- C:\Windows\System\cDHQqSr.exe
  C:\Windows\System\cDHQqSr.exe
  2⤵
  PID:7476
- C:\Windows\System\EUUOAoS.exe
  C:\Windows\System\EUUOAoS.exe
  2⤵
  PID:7496
- C:\Windows\System\itIOpbA.exe
  C:\Windows\System\itIOpbA.exe
  2⤵
  PID:7512
- C:\Windows\System\usCoNuQ.exe
  C:\Windows\System\usCoNuQ.exe
  2⤵
  PID:7540
- C:\Windows\System\AazYyeb.exe
  C:\Windows\System\AazYyeb.exe
  2⤵
  PID:7556
- C:\Windows\System\RslUEhU.exe
  C:\Windows\System\RslUEhU.exe
  2⤵
  PID:7572
- C:\Windows\System\KMkpmxG.exe
  C:\Windows\System\KMkpmxG.exe
  2⤵
  PID:7596
- C:\Windows\System\orWLluE.exe
  C:\Windows\System\orWLluE.exe
  2⤵
  PID:7632
- C:\Windows\System\lgvzUXS.exe
  C:\Windows\System\lgvzUXS.exe
  2⤵
  PID:7652
- C:\Windows\System\ttxTkZm.exe
  C:\Windows\System\ttxTkZm.exe
  2⤵
  PID:7668
- C:\Windows\System\aSLHoCx.exe
  C:\Windows\System\aSLHoCx.exe
  2⤵
  PID:7684
- C:\Windows\System\wpmKuXj.exe
  C:\Windows\System\wpmKuXj.exe
  2⤵
  PID:7700
- C:\Windows\System\DRFpxCN.exe
  C:\Windows\System\DRFpxCN.exe
  2⤵
  PID:7728
- C:\Windows\System\MhHkKZS.exe
  C:\Windows\System\MhHkKZS.exe
  2⤵
  PID:7744
- C:\Windows\System\KBVPDbJ.exe
  C:\Windows\System\KBVPDbJ.exe
  2⤵
  PID:7772
- C:\Windows\System\XUxFjdR.exe
  C:\Windows\System\XUxFjdR.exe
  2⤵
  PID:7796
- C:\Windows\System\JyoLUUq.exe
  C:\Windows\System\JyoLUUq.exe
  2⤵
  PID:7812
- C:\Windows\System\MDaPKVS.exe
  C:\Windows\System\MDaPKVS.exe
  2⤵
  PID:7828
- C:\Windows\System\JCnMXms.exe
  C:\Windows\System\JCnMXms.exe
  2⤵
  PID:7884
- C:\Windows\System\siSEkaO.exe
  C:\Windows\System\siSEkaO.exe
  2⤵
  PID:7900
- C:\Windows\System\EsosWQT.exe
  C:\Windows\System\EsosWQT.exe
  2⤵
  PID:7956
- C:\Windows\System\ZgLDQAN.exe
  C:\Windows\System\ZgLDQAN.exe
  2⤵
  PID:7972
- C:\Windows\System\FLqCHrZ.exe
  C:\Windows\System\FLqCHrZ.exe
  2⤵
  PID:7992
- C:\Windows\System\aJGceHj.exe
  C:\Windows\System\aJGceHj.exe
  2⤵
  PID:8016
- C:\Windows\System\fZoHbOk.exe
  C:\Windows\System\fZoHbOk.exe
  2⤵
  PID:8040
- C:\Windows\System\HIuZhGz.exe
  C:\Windows\System\HIuZhGz.exe
  2⤵
  PID:8056
- C:\Windows\System\vsiFEOY.exe
  C:\Windows\System\vsiFEOY.exe
  2⤵
  PID:8072
- C:\Windows\System\yngZVoO.exe
  C:\Windows\System\yngZVoO.exe
  2⤵
  PID:8112
- C:\Windows\System\CwzLhzd.exe
  C:\Windows\System\CwzLhzd.exe
  2⤵
  PID:8132
- C:\Windows\System\hKmwgjL.exe
  C:\Windows\System\hKmwgjL.exe
  2⤵
  PID:8148
- C:\Windows\System\OjZaOfw.exe
  C:\Windows\System\OjZaOfw.exe
  2⤵
  PID:8164
- C:\Windows\System\CdrRYev.exe
  C:\Windows\System\CdrRYev.exe
  2⤵
  PID:8180
- C:\Windows\System\oCheQWN.exe
  C:\Windows\System\oCheQWN.exe
  2⤵
  PID:7224
- C:\Windows\System\VwYXAXM.exe
  C:\Windows\System\VwYXAXM.exe
  2⤵
  PID:6324
- C:\Windows\System\jXFwdbd.exe
  C:\Windows\System\jXFwdbd.exe
  2⤵
  PID:6488
- C:\Windows\System\FXqulpq.exe
  C:\Windows\System\FXqulpq.exe
  2⤵
  PID:6836
- C:\Windows\System\MalcMQF.exe
  C:\Windows\System\MalcMQF.exe
  2⤵
  PID:7140
- C:\Windows\System\BaqvGvS.exe
  C:\Windows\System\BaqvGvS.exe
  2⤵
  PID:7264
- C:\Windows\System\GSXiDvR.exe
  C:\Windows\System\GSXiDvR.exe
  2⤵
  PID:7284
- C:\Windows\System\PgxgPUB.exe
  C:\Windows\System\PgxgPUB.exe
  2⤵
  PID:7280
- C:\Windows\System\qOcbmLH.exe
  C:\Windows\System\qOcbmLH.exe
  2⤵
  PID:7356
- C:\Windows\System\uTmmnqp.exe
  C:\Windows\System\uTmmnqp.exe
  2⤵
  PID:7380
- C:\Windows\System\nmQSJYP.exe
  C:\Windows\System\nmQSJYP.exe
  2⤵
  PID:7472
- C:\Windows\System\GztLPTI.exe
  C:\Windows\System\GztLPTI.exe
  2⤵
  PID:7552
- C:\Windows\System\kxnOfrZ.exe
  C:\Windows\System\kxnOfrZ.exe
  2⤵
  PID:7592
- C:\Windows\System\FumZAyC.exe
  C:\Windows\System\FumZAyC.exe
  2⤵
  PID:7532
- C:\Windows\System\eOvPpVW.exe
  C:\Windows\System\eOvPpVW.exe
  2⤵
  PID:7488
- C:\Windows\System\wbTvmVr.exe
  C:\Windows\System\wbTvmVr.exe
  2⤵
  PID:7640
- C:\Windows\System\PNORlXb.exe
  C:\Windows\System\PNORlXb.exe
  2⤵
  PID:7676
- C:\Windows\System\graLpur.exe
  C:\Windows\System\graLpur.exe
  2⤵
  PID:7724
- C:\Windows\System\stzwqWt.exe
  C:\Windows\System\stzwqWt.exe
  2⤵
  PID:7628
- C:\Windows\System\alxyxVq.exe
  C:\Windows\System\alxyxVq.exe
  2⤵
  PID:7764
- C:\Windows\System\tPyHMQW.exe
  C:\Windows\System\tPyHMQW.exe
  2⤵
  PID:6424
- C:\Windows\System\EnKxYTD.exe
  C:\Windows\System\EnKxYTD.exe
  2⤵
  PID:7824
- C:\Windows\System\pxXbQZw.exe
  C:\Windows\System\pxXbQZw.exe
  2⤵
  PID:7848
- C:\Windows\System\NJDdXUU.exe
  C:\Windows\System\NJDdXUU.exe
  2⤵
  PID:7864
- C:\Windows\System\UeKhQol.exe
  C:\Windows\System\UeKhQol.exe
  2⤵
  PID:7880
- C:\Windows\System\zvqszLM.exe
  C:\Windows\System\zvqszLM.exe
  2⤵
  PID:7916
- C:\Windows\System\GCUbncO.exe
  C:\Windows\System\GCUbncO.exe
  2⤵
  PID:7936
- C:\Windows\System\tvpvPFL.exe
  C:\Windows\System\tvpvPFL.exe
  2⤵
  PID:7952
- C:\Windows\System\dTssuOJ.exe
  C:\Windows\System\dTssuOJ.exe
  2⤵
  PID:7964
- C:\Windows\System\JcsQBhJ.exe
  C:\Windows\System\JcsQBhJ.exe
  2⤵
  PID:8036
- C:\Windows\System\fRuOxpG.exe
  C:\Windows\System\fRuOxpG.exe
  2⤵
  PID:8120
- C:\Windows\System\muRGnCu.exe
  C:\Windows\System\muRGnCu.exe
  2⤵
  PID:6724
- C:\Windows\System\WmsPRWa.exe
  C:\Windows\System\WmsPRWa.exe
  2⤵
  PID:7524
- C:\Windows\System\OIspJCf.exe
  C:\Windows\System\OIspJCf.exe
  2⤵
  PID:7712
- C:\Windows\System\jitRyGh.exe
  C:\Windows\System\jitRyGh.exe
  2⤵
  PID:7804
- C:\Windows\System\ShniOiK.exe
  C:\Windows\System\ShniOiK.exe
  2⤵
  PID:7836
- C:\Windows\System\XFPsgLs.exe
  C:\Windows\System\XFPsgLs.exe
  2⤵
  PID:7788
- C:\Windows\System\YiScrXE.exe
  C:\Windows\System\YiScrXE.exe
  2⤵
  PID:7860
- C:\Windows\System\pJUJGwr.exe
  C:\Windows\System\pJUJGwr.exe
  2⤵
  PID:8068
- C:\Windows\System\WJjzhgA.exe
  C:\Windows\System\WJjzhgA.exe
  2⤵
  PID:7944
- C:\Windows\System\bRoacIE.exe
  C:\Windows\System\bRoacIE.exe
  2⤵
  PID:8156
- C:\Windows\System\nKxkWza.exe
  C:\Windows\System\nKxkWza.exe
  2⤵
  PID:8008
- C:\Windows\System\HlHjdrz.exe
  C:\Windows\System\HlHjdrz.exe
  2⤵
  PID:8088
- C:\Windows\System\bxlciSb.exe
  C:\Windows\System\bxlciSb.exe
  2⤵
  PID:8048
- C:\Windows\System\zRDszun.exe
  C:\Windows\System\zRDszun.exe
  2⤵
  PID:8144
- C:\Windows\System\ntVWjRJ.exe
  C:\Windows\System\ntVWjRJ.exe
  2⤵
  PID:7204
- C:\Windows\System\XKxSUWY.exe
  C:\Windows\System\XKxSUWY.exe
  2⤵
  PID:7588
- C:\Windows\System\wWJzZTo.exe
  C:\Windows\System\wWJzZTo.exe
  2⤵
  PID:7584
- C:\Windows\System\ynYrzLF.exe
  C:\Windows\System\ynYrzLF.exe
  2⤵
  PID:6728
- C:\Windows\System\RRTOnve.exe
  C:\Windows\System\RRTOnve.exe
  2⤵
  PID:7760
- C:\Windows\System\FWDZnrH.exe
  C:\Windows\System\FWDZnrH.exe
  2⤵
  PID:7364
- C:\Windows\System\ODodzti.exe
  C:\Windows\System\ODodzti.exe
  2⤵
  PID:7508
- C:\Windows\System\WvySPCp.exe
  C:\Windows\System\WvySPCp.exe
  2⤵
  PID:7720
- C:\Windows\System\HkuTpLj.exe
  C:\Windows\System\HkuTpLj.exe
  2⤵
  PID:7872
- C:\Windows\System\ybrcRRb.exe
  C:\Windows\System\ybrcRRb.exe
  2⤵
  PID:7896
- C:\Windows\System\QLJaSsm.exe
  C:\Windows\System\QLJaSsm.exe
  2⤵
  PID:8024
- C:\Windows\System\ySNEHcK.exe
  C:\Windows\System\ySNEHcK.exe
  2⤵
  PID:7792
- C:\Windows\System\MCzRWLy.exe
  C:\Windows\System\MCzRWLy.exe
  2⤵
  PID:6404
- C:\Windows\System\OpfJEaz.exe
  C:\Windows\System\OpfJEaz.exe
  2⤵
  PID:7968
- C:\Windows\System\cFGDJjo.exe
  C:\Windows\System\cFGDJjo.exe
  2⤵
  PID:6636
- C:\Windows\System\SYxtUWa.exe
  C:\Windows\System\SYxtUWa.exe
  2⤵
  PID:7012
- C:\Windows\System\IrZZbKG.exe
  C:\Windows\System\IrZZbKG.exe
  2⤵
  PID:7416
- C:\Windows\System\DQBxlHU.exe
  C:\Windows\System\DQBxlHU.exe
  2⤵
  PID:7236
- C:\Windows\System\AtYncbG.exe
  C:\Windows\System\AtYncbG.exe
  2⤵
  PID:7400
- C:\Windows\System\yTlopsd.exe
  C:\Windows\System\yTlopsd.exe
  2⤵
  PID:7616
- C:\Windows\System\fuvgHHu.exe
  C:\Windows\System\fuvgHHu.exe
  2⤵
  PID:7612
- C:\Windows\System\rRZsCUx.exe
  C:\Windows\System\rRZsCUx.exe
  2⤵
  PID:8172
- C:\Windows\System\sXtcNZP.exe
  C:\Windows\System\sXtcNZP.exe
  2⤵
  PID:7692
- C:\Windows\System\vKjleeY.exe
  C:\Windows\System\vKjleeY.exe
  2⤵
  PID:8188
- C:\Windows\System\PyEyLRo.exe
  C:\Windows\System\PyEyLRo.exe
  2⤵
  PID:8108
- C:\Windows\System\fNaYZom.exe
  C:\Windows\System\fNaYZom.exe
  2⤵
  PID:6520
- C:\Windows\System\nNSTRqi.exe
  C:\Windows\System\nNSTRqi.exe
  2⤵
  PID:7468
- C:\Windows\System\DDzCNpv.exe
  C:\Windows\System\DDzCNpv.exe
  2⤵
  PID:7780
- C:\Windows\System\gbTftQv.exe
  C:\Windows\System\gbTftQv.exe
  2⤵
  PID:7008
- C:\Windows\System\yUsVlPh.exe
  C:\Windows\System\yUsVlPh.exe
  2⤵
  PID:7740
- C:\Windows\System\yQHUQAf.exe
  C:\Windows\System\yQHUQAf.exe
  2⤵
  PID:7256
- C:\Windows\System\NgGdsTv.exe
  C:\Windows\System\NgGdsTv.exe
  2⤵
  PID:8128
- C:\Windows\System\bTGkKUh.exe
  C:\Windows\System\bTGkKUh.exe
  2⤵
  PID:7220
- C:\Windows\System\xndCylQ.exe
  C:\Windows\System\xndCylQ.exe
  2⤵
  PID:8264
- C:\Windows\System\syOmtAI.exe
  C:\Windows\System\syOmtAI.exe
  2⤵
  PID:8280
- C:\Windows\System\RfKOOha.exe
  C:\Windows\System\RfKOOha.exe
  2⤵
  PID:8300
- C:\Windows\System\RnLoEjs.exe
  C:\Windows\System\RnLoEjs.exe
  2⤵
  PID:8320
- C:\Windows\System\HyJiiUX.exe
  C:\Windows\System\HyJiiUX.exe
  2⤵
  PID:8352
- C:\Windows\System\HCJnIht.exe
  C:\Windows\System\HCJnIht.exe
  2⤵
  PID:8368
- C:\Windows\System\zCSuVwo.exe
  C:\Windows\System\zCSuVwo.exe
  2⤵
  PID:8416
- C:\Windows\System\viZlHCK.exe
  C:\Windows\System\viZlHCK.exe
  2⤵
  PID:8436
- C:\Windows\System\XXOzExP.exe
  C:\Windows\System\XXOzExP.exe
  2⤵
  PID:8464
- C:\Windows\System\lSbyuch.exe
  C:\Windows\System\lSbyuch.exe
  2⤵
  PID:8480
- C:\Windows\System\VJcZYbl.exe
  C:\Windows\System\VJcZYbl.exe
  2⤵
  PID:8496
- C:\Windows\System\rdddEpl.exe
  C:\Windows\System\rdddEpl.exe
  2⤵
  PID:8516
- C:\Windows\System\fWBfuBC.exe
  C:\Windows\System\fWBfuBC.exe
  2⤵
  PID:8540
- C:\Windows\System\EeGwQSR.exe
  C:\Windows\System\EeGwQSR.exe
  2⤵
  PID:8560
- C:\Windows\System\bqSZABT.exe
  C:\Windows\System\bqSZABT.exe
  2⤵
  PID:8576
- C:\Windows\System\syVSZOn.exe
  C:\Windows\System\syVSZOn.exe
  2⤵
  PID:8624
- C:\Windows\System\bZXREyI.exe
  C:\Windows\System\bZXREyI.exe
  2⤵
  PID:8640
- C:\Windows\System\gSUlDdw.exe
  C:\Windows\System\gSUlDdw.exe
  2⤵
  PID:8660
- C:\Windows\System\FgYnMaC.exe
  C:\Windows\System\FgYnMaC.exe
  2⤵
  PID:8680
- C:\Windows\System\VPtsaRZ.exe
  C:\Windows\System\VPtsaRZ.exe
  2⤵
  PID:8708
- C:\Windows\System\XIDyjMM.exe
  C:\Windows\System\XIDyjMM.exe
  2⤵
  PID:8728
- C:\Windows\System\bwrIxHV.exe
  C:\Windows\System\bwrIxHV.exe
  2⤵
  PID:8752
- C:\Windows\System\ByMnyGS.exe
  C:\Windows\System\ByMnyGS.exe
  2⤵
  PID:8768
- C:\Windows\System\kBcCCYK.exe
  C:\Windows\System\kBcCCYK.exe
  2⤵
  PID:8800
- C:\Windows\System\PJaKKoc.exe
  C:\Windows\System\PJaKKoc.exe
  2⤵
  PID:8816
- C:\Windows\System\ssHRmJq.exe
  C:\Windows\System\ssHRmJq.exe
  2⤵
  PID:8848
- C:\Windows\System\rmsKrKm.exe
  C:\Windows\System\rmsKrKm.exe
  2⤵
  PID:8876
- C:\Windows\System\YCzOkeb.exe
  C:\Windows\System\YCzOkeb.exe
  2⤵
  PID:8896
- C:\Windows\System\sqMNAeK.exe
  C:\Windows\System\sqMNAeK.exe
  2⤵
  PID:8916
- C:\Windows\System\fkPSFFy.exe
  C:\Windows\System\fkPSFFy.exe
  2⤵
  PID:8972
- C:\Windows\System\XqWikFP.exe
  C:\Windows\System\XqWikFP.exe
  2⤵
  PID:8996
- C:\Windows\System\iXsaPcu.exe
  C:\Windows\System\iXsaPcu.exe
  2⤵
  PID:9012
- C:\Windows\System\pDsNxax.exe
  C:\Windows\System\pDsNxax.exe
  2⤵
  PID:9036
- C:\Windows\System\UlWwdHl.exe
  C:\Windows\System\UlWwdHl.exe
  2⤵
  PID:9052
- C:\Windows\System\EijrpwA.exe
  C:\Windows\System\EijrpwA.exe
  2⤵
  PID:9068
- C:\Windows\System\oNwdfeX.exe
  C:\Windows\System\oNwdfeX.exe
  2⤵
  PID:9084
- C:\Windows\System\UYvMAvx.exe
  C:\Windows\System\UYvMAvx.exe
  2⤵
  PID:9108
- C:\Windows\System\GThGVFP.exe
  C:\Windows\System\GThGVFP.exe
  2⤵
  PID:9132
- C:\Windows\System\PWJFNUL.exe
  C:\Windows\System\PWJFNUL.exe
  2⤵
  PID:9152
- C:\Windows\System\sRJmjJD.exe
  C:\Windows\System\sRJmjJD.exe
  2⤵
  PID:9168
- C:\Windows\System\pWGPbLq.exe
  C:\Windows\System\pWGPbLq.exe
  2⤵
  PID:9188
- C:\Windows\System\CuxaDwp.exe
  C:\Windows\System\CuxaDwp.exe
  2⤵
  PID:9208
- C:\Windows\System\SZpAnAB.exe
  C:\Windows\System\SZpAnAB.exe
  2⤵
  PID:7192
- C:\Windows\System\TDbWjux.exe
  C:\Windows\System\TDbWjux.exe
  2⤵
  PID:8084
- C:\Windows\System\xsskVad.exe
  C:\Windows\System\xsskVad.exe
  2⤵
  PID:7484
- C:\Windows\System\UZKqXXn.exe
  C:\Windows\System\UZKqXXn.exe
  2⤵
  PID:7520
- C:\Windows\System\lVLJIYB.exe
  C:\Windows\System\lVLJIYB.exe
  2⤵
  PID:8288
- C:\Windows\System\YiAxrhs.exe
  C:\Windows\System\YiAxrhs.exe
  2⤵
  PID:8276
- C:\Windows\System\qkoxmlo.exe
  C:\Windows\System\qkoxmlo.exe
  2⤵
  PID:8376
- C:\Windows\System\BldgxPY.exe
  C:\Windows\System\BldgxPY.exe
  2⤵
  PID:8380
- C:\Windows\System\yGZulrK.exe
  C:\Windows\System\yGZulrK.exe
  2⤵
  PID:8384
- C:\Windows\System\fuEeFkc.exe
  C:\Windows\System\fuEeFkc.exe
  2⤵
  PID:8452
- C:\Windows\System\HYhjxPn.exe
  C:\Windows\System\HYhjxPn.exe
  2⤵
  PID:8524
- C:\Windows\System\AChbEzE.exe
  C:\Windows\System\AChbEzE.exe
  2⤵
  PID:8476
- C:\Windows\System\RLGhBvq.exe
  C:\Windows\System\RLGhBvq.exe
  2⤵
  PID:8556
- C:\Windows\System\sfaXFyL.exe
  C:\Windows\System\sfaXFyL.exe
  2⤵
  PID:8548
- C:\Windows\System\pukfCzM.exe
  C:\Windows\System\pukfCzM.exe
  2⤵
  PID:8596
- C:\Windows\System\vurMJey.exe
  C:\Windows\System\vurMJey.exe
  2⤵
  PID:8676
- C:\Windows\System\uvcNows.exe
  C:\Windows\System\uvcNows.exe
  2⤵
  PID:8696
- C:\Windows\System\PTadTMu.exe
  C:\Windows\System\PTadTMu.exe
  2⤵
  PID:8740
- C:\Windows\System\tnNTiOq.exe
  C:\Windows\System\tnNTiOq.exe
  2⤵
  PID:8808
- C:\Windows\System\rwBsNWz.exe
  C:\Windows\System\rwBsNWz.exe
  2⤵
  PID:8788
- C:\Windows\System\bbpZzqB.exe
  C:\Windows\System\bbpZzqB.exe
  2⤵
  PID:8784
- C:\Windows\System\GpLcawJ.exe
  C:\Windows\System\GpLcawJ.exe
  2⤵
  PID:8860
- C:\Windows\System\GTtpHaL.exe
  C:\Windows\System\GTtpHaL.exe
  2⤵
  PID:8864
- C:\Windows\System\FhWkiux.exe
  C:\Windows\System\FhWkiux.exe
  2⤵
  PID:8888
- C:\Windows\System\cwIMCMO.exe
  C:\Windows\System\cwIMCMO.exe
  2⤵
  PID:8952
- C:\Windows\System\FZSdGgl.exe
  C:\Windows\System\FZSdGgl.exe
  2⤵
  PID:8988
- C:\Windows\System\iMLKoic.exe
  C:\Windows\System\iMLKoic.exe
  2⤵
  PID:9060
- C:\Windows\System\mmERKyt.exe
  C:\Windows\System\mmERKyt.exe
  2⤵
  PID:9104
- C:\Windows\System\EjffcvR.exe
  C:\Windows\System\EjffcvR.exe
  2⤵
  PID:9164
- C:\Windows\System\uRdrsMU.exe
  C:\Windows\System\uRdrsMU.exe
  2⤵
  PID:7348
- C:\Windows\System\XsNwbiG.exe
  C:\Windows\System\XsNwbiG.exe
  2⤵
  PID:7696
- C:\Windows\System\ggDWCAJ.exe
  C:\Windows\System\ggDWCAJ.exe
  2⤵
  PID:8220
- C:\Windows\System\ssxGcbq.exe
  C:\Windows\System\ssxGcbq.exe
  2⤵
  PID:9044
- C:\Windows\System\ctqpQJm.exe
  C:\Windows\System\ctqpQJm.exe
  2⤵
  PID:9120
- C:\Windows\System\grHZuUp.exe
  C:\Windows\System\grHZuUp.exe
  2⤵
  PID:8912
- C:\Windows\System\hAWtIRR.exe
  C:\Windows\System\hAWtIRR.exe
  2⤵
  PID:8392
- C:\Windows\System\kqFFPqs.exe
  C:\Windows\System\kqFFPqs.exe
  2⤵
  PID:8328
- C:\Windows\System\fliWybx.exe
  C:\Windows\System\fliWybx.exe
  2⤵
  PID:8412
- C:\Windows\System\EcrlVEH.exe
  C:\Windows\System\EcrlVEH.exe
  2⤵
  PID:8512
- C:\Windows\System\tfrLOLN.exe
  C:\Windows\System\tfrLOLN.exe
  2⤵
  PID:8592
- C:\Windows\System\mtbvSgn.exe
  C:\Windows\System\mtbvSgn.exe
  2⤵
  PID:8760
- C:\Windows\System\WhWsORM.exe
  C:\Windows\System\WhWsORM.exe
  2⤵
  PID:8472
- C:\Windows\System\PoqFDxC.exe
  C:\Windows\System\PoqFDxC.exe
  2⤵
  PID:8444
- C:\Windows\System\XbFbdJV.exe
  C:\Windows\System\XbFbdJV.exe
  2⤵
  PID:8668
- C:\Windows\System\PrpHyJI.exe
  C:\Windows\System\PrpHyJI.exe
  2⤵
  PID:8744
- C:\Windows\System\TdfWshH.exe
  C:\Windows\System\TdfWshH.exe
  2⤵
  PID:8236
- C:\Windows\System\SYbfGpK.exe
  C:\Windows\System\SYbfGpK.exe
  2⤵
  PID:8828
- C:\Windows\System\RQZMEqc.exe
  C:\Windows\System\RQZMEqc.exe
  2⤵
  PID:8924
- C:\Windows\System\cNvlWWq.exe
  C:\Windows\System\cNvlWWq.exe
  2⤵
  PID:8960
- C:\Windows\System\JVYMtGc.exe
  C:\Windows\System\JVYMtGc.exe
  2⤵
  PID:9144
- C:\Windows\System\BDpagwZ.exe
  C:\Windows\System\BDpagwZ.exe
  2⤵
  PID:8992
- C:\Windows\System\dGElDqj.exe
  C:\Windows\System\dGElDqj.exe
  2⤵
  PID:8892
- C:\Windows\System\ajaWFEV.exe
  C:\Windows\System\ajaWFEV.exe
  2⤵
  PID:7384
- C:\Windows\System\wBAMHiK.exe
  C:\Windows\System\wBAMHiK.exe
  2⤵
  PID:7928
- C:\Windows\System\FTGAeUu.exe
  C:\Windows\System\FTGAeUu.exe
  2⤵
  PID:6756
- C:\Windows\System\JmoTTLQ.exe
  C:\Windows\System\JmoTTLQ.exe
  2⤵
  PID:8244
- C:\Windows\System\RlcTXWA.exe
  C:\Windows\System\RlcTXWA.exe
  2⤵
  PID:8256
- C:\Windows\System\wljJTKp.exe
  C:\Windows\System\wljJTKp.exe
  2⤵
  PID:7316
- C:\Windows\System\TngRHai.exe
  C:\Windows\System\TngRHai.exe
  2⤵
  PID:9076
- C:\Windows\System\IDlDoPN.exe
  C:\Windows\System\IDlDoPN.exe
  2⤵
  PID:8488
- C:\Windows\System\YXYzMgj.exe
  C:\Windows\System\YXYzMgj.exe
  2⤵
  PID:8400
- C:\Windows\System\xXNTDqp.exe
  C:\Windows\System\xXNTDqp.exe
  2⤵
  PID:8636
- C:\Windows\System\tRbCtiB.exe
  C:\Windows\System\tRbCtiB.exe
  2⤵
  PID:8612
- C:\Windows\System\HPadufh.exe
  C:\Windows\System\HPadufh.exe
  2⤵
  PID:8432
- C:\Windows\System\EjDBPpx.exe
  C:\Windows\System\EjDBPpx.exe
  2⤵
  PID:8736
- C:\Windows\System\nLCvHKM.exe
  C:\Windows\System\nLCvHKM.exe
  2⤵
  PID:8632
- C:\Windows\System\ozepUGV.exe
  C:\Windows\System\ozepUGV.exe
  2⤵
  PID:8856
- C:\Windows\System\uNiAKwS.exe
  C:\Windows\System\uNiAKwS.exe
  2⤵
  PID:9032
- C:\Windows\System\wDaUzlw.exe
  C:\Windows\System\wDaUzlw.exe
  2⤵
  PID:8968
- C:\Windows\System\jpEuVnB.exe
  C:\Windows\System\jpEuVnB.exe
  2⤵
  PID:9180
- C:\Windows\System\WKFFswy.exe
  C:\Windows\System\WKFFswy.exe
  2⤵
  PID:8252
- C:\Windows\System\yfrCMXg.exe
  C:\Windows\System\yfrCMXg.exe
  2⤵
  PID:8504
- C:\Windows\System\EVGnhLT.exe
  C:\Windows\System\EVGnhLT.exe
  2⤵
  PID:8704
- C:\Windows\System\heXjfbb.exe
  C:\Windows\System\heXjfbb.exe
  2⤵
  PID:9100
- C:\Windows\System\zIevxKc.exe
  C:\Windows\System\zIevxKc.exe
  2⤵
  PID:8272
- C:\Windows\System\OYZVnaK.exe
  C:\Windows\System\OYZVnaK.exe
  2⤵
  PID:8652
- C:\Windows\System\PVpuaXH.exe
  C:\Windows\System\PVpuaXH.exe
  2⤵
  PID:8796
- C:\Windows\System\caxPpGm.exe
  C:\Windows\System\caxPpGm.exe
  2⤵
  PID:8908
- C:\Windows\System\VuIecHr.exe
  C:\Windows\System\VuIecHr.exe
  2⤵
  PID:9128
- C:\Windows\System\yJBXPms.exe
  C:\Windows\System\yJBXPms.exe
  2⤵
  PID:8536
- C:\Windows\System\mqMdvMW.exe
  C:\Windows\System\mqMdvMW.exe
  2⤵
  PID:8984
- C:\Windows\System\jeQzoBC.exe
  C:\Windows\System\jeQzoBC.exe
  2⤵
  PID:8944
- C:\Windows\System\zzyidwS.exe
  C:\Windows\System\zzyidwS.exe
  2⤵
  PID:8608
- C:\Windows\System\ugRhZJc.exe
  C:\Windows\System\ugRhZJc.exe
  2⤵
  PID:7564
- C:\Windows\System\cfRczgE.exe
  C:\Windows\System\cfRczgE.exe
  2⤵
  PID:8312
- C:\Windows\System\EwJzLYZ.exe
  C:\Windows\System\EwJzLYZ.exe
  2⤵
  PID:8232
- C:\Windows\System\tDgUPwy.exe
  C:\Windows\System\tDgUPwy.exe
  2⤵
  PID:8212
- C:\Windows\System\oiGkgng.exe
  C:\Windows\System\oiGkgng.exe
  2⤵
  PID:8316
- C:\Windows\System\BkIKVBC.exe
  C:\Windows\System\BkIKVBC.exe
  2⤵
  PID:8604
- C:\Windows\System\maRnYTv.exe
  C:\Windows\System\maRnYTv.exe
  2⤵
  PID:8408
- C:\Windows\System\VUSkkeQ.exe
  C:\Windows\System\VUSkkeQ.exe
  2⤵
  PID:9224
- C:\Windows\System\GBtGZsx.exe
  C:\Windows\System\GBtGZsx.exe
  2⤵
  PID:9256
- C:\Windows\System\AoEetdV.exe
  C:\Windows\System\AoEetdV.exe
  2⤵
  PID:9272
- C:\Windows\System\RaNvvEf.exe
  C:\Windows\System\RaNvvEf.exe
  2⤵
  PID:9288
- C:\Windows\System\MxKADUt.exe
  C:\Windows\System\MxKADUt.exe
  2⤵
  PID:9304
- C:\Windows\System\LvMPovn.exe
  C:\Windows\System\LvMPovn.exe
  2⤵
  PID:9324
- C:\Windows\System\VKJiYww.exe
  C:\Windows\System\VKJiYww.exe
  2⤵
  PID:9352
- C:\Windows\System\DFeGMBg.exe
  C:\Windows\System\DFeGMBg.exe
  2⤵
  PID:9368
- C:\Windows\System\xVmNnPy.exe
  C:\Windows\System\xVmNnPy.exe
  2⤵
  PID:9384
- C:\Windows\System\LZJFRAc.exe
  C:\Windows\System\LZJFRAc.exe
  2⤵
  PID:9404
- C:\Windows\System\BaIWkTc.exe
  C:\Windows\System\BaIWkTc.exe
  2⤵
  PID:9432
- C:\Windows\System\ilANteZ.exe
  C:\Windows\System\ilANteZ.exe
  2⤵
  PID:9460
- C:\Windows\System\QSZBnfX.exe
  C:\Windows\System\QSZBnfX.exe
  2⤵
  PID:9480
- C:\Windows\System\SJQChMB.exe
  C:\Windows\System\SJQChMB.exe
  2⤵
  PID:9496
- C:\Windows\System\wtMXvGx.exe
  C:\Windows\System\wtMXvGx.exe
  2⤵
  PID:9516
- C:\Windows\System\kGNPWqT.exe
  C:\Windows\System\kGNPWqT.exe
  2⤵
  PID:9544
- C:\Windows\System\XBSfMCX.exe
  C:\Windows\System\XBSfMCX.exe
  2⤵
  PID:9560
- C:\Windows\System\PpZBwdJ.exe
  C:\Windows\System\PpZBwdJ.exe
  2⤵
  PID:9576
- C:\Windows\System\NiuyMTg.exe
  C:\Windows\System\NiuyMTg.exe
  2⤵
  PID:9612
- C:\Windows\System\hKOpHAr.exe
  C:\Windows\System\hKOpHAr.exe
  2⤵
  PID:9628
- C:\Windows\System\yuPsBDF.exe
  C:\Windows\System\yuPsBDF.exe
  2⤵
  PID:9644
- C:\Windows\System\uuvDtlP.exe
  C:\Windows\System\uuvDtlP.exe
  2⤵
  PID:9668
- C:\Windows\System\rgMlMKd.exe
  C:\Windows\System\rgMlMKd.exe
  2⤵
  PID:9692
- C:\Windows\System\xAYJWAK.exe
  C:\Windows\System\xAYJWAK.exe
  2⤵
  PID:9708
- C:\Windows\System\xGmEqSu.exe
  C:\Windows\System\xGmEqSu.exe
  2⤵
  PID:9724
- C:\Windows\System\lbfshYw.exe
  C:\Windows\System\lbfshYw.exe
  2⤵
  PID:9748
- C:\Windows\System\VWbgthu.exe
  C:\Windows\System\VWbgthu.exe
  2⤵
  PID:9784
- C:\Windows\System\tYAkWjV.exe
  C:\Windows\System\tYAkWjV.exe
  2⤵
  PID:9800
- C:\Windows\System\aaGnGPz.exe
  C:\Windows\System\aaGnGPz.exe
  2⤵
  PID:9840
- C:\Windows\System\UXvcuGn.exe
  C:\Windows\System\UXvcuGn.exe
  2⤵
  PID:9860
- C:\Windows\System\LHwnlRV.exe
  C:\Windows\System\LHwnlRV.exe
  2⤵
  PID:9884
- C:\Windows\System\WYAMzDj.exe
  C:\Windows\System\WYAMzDj.exe
  2⤵
  PID:9908
- C:\Windows\System\tvaUHsl.exe
  C:\Windows\System\tvaUHsl.exe
  2⤵
  PID:9932
- C:\Windows\System\HabldWT.exe
  C:\Windows\System\HabldWT.exe
  2⤵
  PID:9964
- C:\Windows\System\VpcvakC.exe
  C:\Windows\System\VpcvakC.exe
  2⤵
  PID:9984
- C:\Windows\System\duResjK.exe
  C:\Windows\System\duResjK.exe
  2⤵
  PID:10004
- C:\Windows\System\bTPUand.exe
  C:\Windows\System\bTPUand.exe
  2⤵
  PID:10020
- C:\Windows\System\YBjFTGh.exe
  C:\Windows\System\YBjFTGh.exe
  2⤵
  PID:10036
- C:\Windows\System\TxgaGiV.exe
  C:\Windows\System\TxgaGiV.exe
  2⤵
  PID:10060
- C:\Windows\System\tGfczqs.exe
  C:\Windows\System\tGfczqs.exe
  2⤵
  PID:10076
- C:\Windows\System\GExEUcU.exe
  C:\Windows\System\GExEUcU.exe
  2⤵
  PID:10092
- C:\Windows\System\dEQrceu.exe
  C:\Windows\System\dEQrceu.exe
  2⤵
  PID:10108
- C:\Windows\System\HvyUaxN.exe
  C:\Windows\System\HvyUaxN.exe
  2⤵
  PID:10128
- C:\Windows\System\xyAqpEo.exe
  C:\Windows\System\xyAqpEo.exe
  2⤵
  PID:10148
- C:\Windows\System\AAdlxfr.exe
  C:\Windows\System\AAdlxfr.exe
  2⤵
  PID:10164
- C:\Windows\System\DRaHZtf.exe
  C:\Windows\System\DRaHZtf.exe
  2⤵
  PID:10180
- C:\Windows\System\jSbpAhR.exe
  C:\Windows\System\jSbpAhR.exe
  2⤵
  PID:10196
- C:\Windows\System\cZGpFvW.exe
  C:\Windows\System\cZGpFvW.exe
  2⤵
  PID:10212
- C:\Windows\System\uKolPAs.exe
  C:\Windows\System\uKolPAs.exe
  2⤵
  PID:9332
- C:\Windows\System\iuvIGSB.exe
  C:\Windows\System\iuvIGSB.exe
  2⤵
  PID:9348
- C:\Windows\System\MwpKZTj.exe
  C:\Windows\System\MwpKZTj.exe
  2⤵
  PID:9244
- C:\Windows\System\pddczpS.exe
  C:\Windows\System\pddczpS.exe
  2⤵
  PID:9284
- C:\Windows\System\mqXwhLO.exe
  C:\Windows\System\mqXwhLO.exe
  2⤵
  PID:8216
- C:\Windows\System\dxnAqeB.exe
  C:\Windows\System\dxnAqeB.exe
  2⤵
  PID:9232
- C:\Windows\System\XQHJBtQ.exe
  C:\Windows\System\XQHJBtQ.exe
  2⤵
  PID:9316
- C:\Windows\System\Rbxctjy.exe
  C:\Windows\System\Rbxctjy.exe
  2⤵
  PID:9412
- C:\Windows\System\ucEwSZE.exe
  C:\Windows\System\ucEwSZE.exe
  2⤵
  PID:9428
- C:\Windows\System\znXClmB.exe
  C:\Windows\System\znXClmB.exe
  2⤵
  PID:9536
- C:\Windows\System\MpiCNlL.exe
  C:\Windows\System\MpiCNlL.exe
  2⤵
  PID:9588
- C:\Windows\System\JkQtTjr.exe
  C:\Windows\System\JkQtTjr.exe
  2⤵
  PID:9604
- C:\Windows\System\dqprnfy.exe
  C:\Windows\System\dqprnfy.exe
  2⤵
  PID:9680
- C:\Windows\System\gUPWUXZ.exe
  C:\Windows\System\gUPWUXZ.exe
  2⤵
  PID:9660
- C:\Windows\System\oMDoROv.exe
  C:\Windows\System\oMDoROv.exe
  2⤵
  PID:9768
- C:\Windows\System\BTShJfe.exe
  C:\Windows\System\BTShJfe.exe
  2⤵
  PID:9652
- C:\Windows\System\noOMJOv.exe
  C:\Windows\System\noOMJOv.exe
  2⤵
  PID:9744
- C:\Windows\System\QYAAakF.exe
  C:\Windows\System\QYAAakF.exe
  2⤵
  PID:9824
- C:\Windows\System\RmyjXqb.exe
  C:\Windows\System\RmyjXqb.exe
  2⤵
  PID:9736
- C:\Windows\System\TACproS.exe
  C:\Windows\System\TACproS.exe
  2⤵
  PID:9880
- C:\Windows\System\vcdZtbW.exe
  C:\Windows\System\vcdZtbW.exe
  2⤵
  PID:9924
- C:\Windows\System\iAKvQdD.exe
  C:\Windows\System\iAKvQdD.exe
  2⤵
  PID:9928
- C:\Windows\System\rDbnbvS.exe
  C:\Windows\System\rDbnbvS.exe
  2⤵
  PID:10052
- C:\Windows\System\wHILYiK.exe
  C:\Windows\System\wHILYiK.exe
  2⤵
  PID:9944
- C:\Windows\System\VtdTuli.exe
  C:\Windows\System\VtdTuli.exe
  2⤵
  PID:9956
- C:\Windows\System\LZuelpZ.exe
  C:\Windows\System\LZuelpZ.exe
  2⤵
  PID:10032
- C:\Windows\System\isMWyrO.exe
  C:\Windows\System\isMWyrO.exe
  2⤵
  PID:10100
- C:\Windows\System\oTvVmRI.exe
  C:\Windows\System\oTvVmRI.exe
  2⤵
  PID:10136
- C:\Windows\System\gUHNAYr.exe
  C:\Windows\System\gUHNAYr.exe
  2⤵
  PID:10160
- C:\Windows\System\yslEvsv.exe
  C:\Windows\System\yslEvsv.exe
  2⤵
  PID:9268
- C:\Windows\System\ckAbgSv.exe
  C:\Windows\System\ckAbgSv.exe
  2⤵
  PID:10236
- C:\Windows\System\sSyTxoO.exe
  C:\Windows\System\sSyTxoO.exe
  2⤵
  PID:9340
- C:\Windows\System\yXZTSNW.exe
  C:\Windows\System\yXZTSNW.exe
  2⤵
  PID:10204
- C:\Windows\System\CShgCpq.exe
  C:\Windows\System\CShgCpq.exe
  2⤵
  PID:10176
- C:\Windows\System\GpdqMQb.exe
  C:\Windows\System\GpdqMQb.exe
  2⤵
  PID:9444
- C:\Windows\System\fYWdbzJ.exe
  C:\Windows\System\fYWdbzJ.exe
  2⤵
  PID:9492
- C:\Windows\System\YblUTnx.exe
  C:\Windows\System\YblUTnx.exe
  2⤵
  PID:9532
- C:\Windows\System\nkqXfIu.exe
  C:\Windows\System\nkqXfIu.exe
  2⤵
  PID:9676
- C:\Windows\System\fKQpyAe.exe
  C:\Windows\System\fKQpyAe.exe
  2⤵
  PID:9704
- C:\Windows\System\qtCLXTp.exe
  C:\Windows\System\qtCLXTp.exe
  2⤵
  PID:9596
- C:\Windows\System\hyBZCGS.exe
  C:\Windows\System\hyBZCGS.exe
  2⤵
  PID:9760
- C:\Windows\System\Drhbfrx.exe
  C:\Windows\System\Drhbfrx.exe
  2⤵
  PID:9776
- C:\Windows\System\vngEWyO.exe
  C:\Windows\System\vngEWyO.exe
  2⤵
  PID:9816
- C:\Windows\System\LNxayfC.exe
  C:\Windows\System\LNxayfC.exe
  2⤵
  PID:9852
- C:\Windows\System\RNhKaiK.exe
  C:\Windows\System\RNhKaiK.exe
  2⤵
  PID:9976
- C:\Windows\System\YBinjrE.exe
  C:\Windows\System\YBinjrE.exe
  2⤵
  PID:9960
- C:\Windows\System\KsafuhS.exe
  C:\Windows\System\KsafuhS.exe
  2⤵
  PID:9916
- C:\Windows\System\Sqlcuea.exe
  C:\Windows\System\Sqlcuea.exe
  2⤵
  PID:10144
- C:\Windows\System\HEQhBtW.exe
  C:\Windows\System\HEQhBtW.exe
  2⤵
  PID:9252
- C:\Windows\System\YsoLTWK.exe
  C:\Windows\System\YsoLTWK.exe
  2⤵
  PID:9448
- C:\Windows\System\lMcKxTD.exe
  C:\Windows\System\lMcKxTD.exe
  2⤵
  PID:9472
- C:\Windows\System\lbmvrya.exe
  C:\Windows\System\lbmvrya.exe
  2⤵
  PID:9508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AYtGCIz.exe

Filesize
5.7MB

MD5
d078700958582f1e1cba1fbdfd8bed2b

SHA1
48ac50f3b8900805cf52e0833dbdcc0bb42b87f9

SHA256
fd4ade80f7685aa50ffc813803c0e9c618371001c01dd15f20694671ba3c7e23

SHA512
f95d9fa24f08d4ce37ad7dedb357c169fbecd3c77d9a18f684acdcd7dcbb6c343fd6d10ba3449b074a98bb188cd646064990338261515aff2a8a380e1a693e84

Download Submit
C:\Windows\system\BRELoyY.exe

Filesize
5.7MB

MD5
c1773e51f8cd580d05f02f95c1253b1c

SHA1
e504b3ba977bd0403442c96a1a88c30f8010a1ba

SHA256
bf927f6c0543e8d0c8104df1caaaac77188da1cab96b707447b1015f51b95de1

SHA512
3d28619cff65754af66970a3f5fdad1bf7e04db09af71cdfe6306115ba30e15ae9a91f6952adea703e145c29faa73685e296d253080fa3f5abc4f6460e1f9e65

Download Submit
C:\Windows\system\DdbOJwq.exe

Filesize
5.7MB

MD5
3873a1b6a2fbc6406200b4b8431aeba5

SHA1
506f8766bfeaf9698895e1f33cda0f834a1dfa71

SHA256
829c3c6c7b0eefcd91f9204c7675c071806ebc8a8b55e9fbadd9ca9ebc7a4885

SHA512
2e484b71a022fe7a845fc65f3fbe3fa2a7f5b420c772a87596f83845d857c3a957946b60abfecffa3667af934daee9e67023af6a8c11fe1669c7af1cbf7dc465

Download Submit
C:\Windows\system\DnrzjxL.exe

Filesize
5.7MB

MD5
e44b5704ce975e825b2c4fd5d6c353b3

SHA1
40f81a604d7e80c087cb76c20da333cf1d74891b

SHA256
3ab6c895d7619595cfac745cff3729435baade0b910f846f39f346f482e02ec3

SHA512
2313ae78f64698b2518ab3e47362a590f6df32107e42adc920c9d27e776e10a86fc3ae1d8955af19033bd6dd196885d8ac0c98620095a2caf84f7d633821abb5

Download Submit
C:\Windows\system\HcrNEXu.exe

Filesize
5.7MB

MD5
5f0a23d3d2a877ba6898278a5c664cea

SHA1
d8f54e05aba160fd3f7c48a4ba3eb438282e824e

SHA256
00141b8bb3ae53f93eec30e0a5fd0c6e521b9b59ee27badf9b593f09d689c75a

SHA512
694c08fa3e6df430069c07ca4c8c9f1118ea8b02b8a2804272e890c2f0f49b948ea0f3ee4239c94a894138ad19a80c01495bfbea5408a9b7875387c148d4515e

Download Submit
C:\Windows\system\IlflGGE.exe

Filesize
5.7MB

MD5
6a328bceba8a2d675b2c67dad54177dd

SHA1
d5e820f30952c44909bbbba5315d083eb1a9d260

SHA256
5195f7c2d997d095e087c900216833b38315046423450b471184b4c8822f87ec

SHA512
556c51c8d2d841b515a0117d591f668add576080cd6288487a6a6217ad1c76ad9576e61da392c5a149399d1aba9754a6138b2c67c9c3edbb751d7f7fb843d3f7

Download Submit
C:\Windows\system\LPwmaKx.exe

Filesize
5.7MB

MD5
abb533dac65618170c87eb11aaa4310e

SHA1
4d335fac901e41d33aabc144322bab318189759f

SHA256
d74d74ebfb6c0fd3d47f2ba7d2e1ea88bf2c57415207f5bfb0f84cf9d70a9262

SHA512
10e342115ede64d76ed8457035d0160d64a49604069f113c7a40a74c1c3ea0defc42a4aeefd5b52ffbbd2294279c9c08eb8c3df0faa13b469a61efdf6399daf8

Download Submit
C:\Windows\system\Okkirmi.exe

Filesize
5.7MB

MD5
c13a146616428cd07fef675b1fa588d4

SHA1
f2969e65c4d40a799f8572268761dc9257788c9d

SHA256
b65d26fd2ccd47539f99c6b6d750ff260d44a1465c2ac65126ddcd724693d680

SHA512
f53afa3bdb9d97d7552ca057c5e768af4c22d3ac0a57090d08333a5d0d6cd06c6a8df2854c601ebc101ae01aa3a63c5a9832406433c7c9bf7830f3501125a4eb

Download Submit
C:\Windows\system\OoPJeWE.exe

Filesize
5.7MB

MD5
d7e965486a29f830ecb2cbe45867f758

SHA1
881cbfc6583062fddde80049d683a0c0bf8bf5af

SHA256
ad1a2f1a4fbb3ac021b248d9f87e6c726c7bb19d60cfeac8fb5e01ec1c6a6a69

SHA512
384789cb32a8318af5e6d17a18aceca51bd7edf9776ab62ca4f240c5937322ad3d80053efb7b9a2820ecd5998036bdbfb55886fc12dc12c55b23bf18fb7fa278

Download Submit
C:\Windows\system\PpZDfUK.exe

Filesize
5.7MB

MD5
f85eb9a3b7e4ff00cf5b904c1762fb0c

SHA1
0ada35e88c23ce8f3e88c001e43f30d9fb322ecc

SHA256
0331db8b2034a1c8a79a79b5b93041e4574fddb4ebbe47ecbeca0cb3d7746c05

SHA512
9a04b663084241bdf684efcea7843fb795d6dfac18e84088589af8cb4d99b5bdf2e68c4ed37f983eb20f611925df0b2aa5f85fdd072a50978e1a275b8e78ddc4

Download Submit
C:\Windows\system\RSDuUTm.exe

Filesize
5.7MB

MD5
960fef2d4ea6a23bf11d2d6b0d1d77cd

SHA1
c1d3f14e76a94d602a70082b28be8fa61adc67f9

SHA256
253ba43b596e0deabd5616eb681ae566fa7a2eab5049d0fef495b7f9ddc197b5

SHA512
1d76f2247c5c0f4d7c2fc5d1b1a8b5cb1a0e59d8ade7688c6f988599f06053aa9d6a61a1a1697b47d1c7be92f92e0b07e0df8265c347c590b49d96dfcda0c6c7

Download Submit
C:\Windows\system\UakNYnT.exe

Filesize
5.7MB

MD5
ac3bb3465f626b6317e8dc3602f62a3c

SHA1
067b363af1c022542b6b2dd97b1167833f86cc0f

SHA256
4bfb45eb0bcbc7f9015c369fb59295dcfff42207d64bcb45223b692586c8f11b

SHA512
296e72885e25cd9efb8865e1f2547d5cb3be4dc839eaeac96d4b5c92e5598a9bc2afc0ed2e7881f457c00c4411f8275b92cff343f8e3978487336a3e02d0be29

Download Submit
C:\Windows\system\ZBEoTBY.exe

Filesize
5.7MB

MD5
68587d6a03a0939d76b538e23d48a541

SHA1
c45f4742c71c76ca61876c3162540447181e8078

SHA256
0f92d300fce7dfe64552774411ff8955b6c7aed1f53bd136a6f4a841cef1a3c5

SHA512
0695a684dc3cb6e39ff1a643fb7349d223bb6ac6aeffd33d6843ac2e6846be9bd2ef9f1a6ea721fd83e66d5ae858c8e43ec16c644a67b07acc27d5f77d17c71a

Download Submit
C:\Windows\system\ZYYghhU.exe

Filesize
5.7MB

MD5
5af54a71ef0ea5cb83ac79a88aae01fb

SHA1
38a4e889e934cdac0d18bd7711ef232df6786e24

SHA256
b0d92115a1be309b28711abffaa9c0414d4860104baccebd6e4c95d76b305c7e

SHA512
2a2d729d3b7d079bad58030edc54604067422d9dacac080d03890ac49e173c1f08488f886acadea3e68c2075ee76aaf173c1e067cf35151209ec15eff166aa48

Download Submit
C:\Windows\system\ckoxCtf.exe

Filesize
5.7MB

MD5
2b41eb1f3722cbfd89dd33fd76e6b493

SHA1
44166d94974c84e21ea532591b645053c947d9ff

SHA256
4956818f2de5dafbed3b599fcc8adddd4282bcecb2fe26f6119a14547718181f

SHA512
b02eb8a3c1e5aff529c87a3b6d1930443e34c10f1d38e81a23eede42d1a79b0b24e4e9c018594bcd7744902b6f5595937e53d55a4da42ebb447757a0a231ff8d

Download Submit
C:\Windows\system\exxOUqe.exe

Filesize
5.7MB

MD5
faab9c7bbf97c2f894cca46edf2c1995

SHA1
28834ce5cdc8df5ed3c39229e55ec96e02f02e34

SHA256
27a75392ca3523cd8f2edf0bd29a7bc5dd2e3bc5e96ecfedd8d7c174e47ba856

SHA512
0bd496472b4b84b4d16425fe37d95a44327c7e7415dd1075e101eff887ba56c9894ad9ec3cb00a25e54bcb84530dc540c3b1b5af860c6479328409df4a502f43

Download Submit
C:\Windows\system\iDNuUEl.exe

Filesize
5.7MB

MD5
030ec218374b6009561f450a7a3861de

SHA1
cffedd84c832dfa47d9c58b3640461837baf80f1

SHA256
37f64cf80752c033406dec2d16078bc72eecabd8a0b5f2d324ab18acb55651fa

SHA512
d0afad745d1daf39dd6ec52ca0930b25da32f97b8dda5b6ba0ba77ce09fdd40254fda4fead643ec8a8f807410c183d1ca34e7d171f21ddaa3c7328f6889da5e0

Download Submit
C:\Windows\system\jBwfVSI.exe

Filesize
5.7MB

MD5
88e0ca41916010001b50e38bc8bba538

SHA1
3db8a211a82bfa0564a22a08d777e208b847fa17

SHA256
68ba799f015b9490ad91b1d45fd1e632f69e2b4b32b7e828b8caedbc10e1217c

SHA512
c2ccee0618867b2f62fba92eddef444adcc204f70b10a0cf123270bed8cc54c632b5f25f7e13211015236fcc4922f3c06b065a645e1fed5489e78c065705fa40

Download Submit
C:\Windows\system\mLhzVyb.exe

Filesize
5.7MB

MD5
7f118c24728ec06080565c34b467e350

SHA1
35925667144168462676921ee1840e161001b6a8

SHA256
9a025f3ee1c1a32da18d86aca612da6022e84c2eae65552b9faf5297d4157f68

SHA512
bb2e61047f9d05448660a9db75ac81f4a487a537c3b8f1424572eebfc9823f742b11d6cdbe37f88eb69319488ec7593daccf7e55f923c13e09c2610a982e5b78

Download Submit
C:\Windows\system\nDTNXWw.exe

Filesize
5.7MB

MD5
33e4a95320c5a9b199372fc729acfe25

SHA1
9c497a7f8ad15d66439355a4a92c255cdd67cd85

SHA256
8de883f581b65a08298ad30f6331aab2c14758c2ba4e2658abecf463e7f86228

SHA512
4e92d003e2d90129108c983b2c856d295b4bed506f3bf65bd6e5e48cd304c049e480293de3bafe11215ce2aaece80d2696427829057487901620b05d5af43e03

Download Submit
C:\Windows\system\oGwRebp.exe

Filesize
5.7MB

MD5
2e7827aa410c8c3523ca8c7c0f0e10e5

SHA1
3fb5d3e77cbf9e9463c485ae13359f6ca611c63f

SHA256
68170109cd364b95022340a734d64da180b3e5b365e455af3ba82e4aeb1b9bbc

SHA512
7a9f33cd66ed0e7b23c39b838a1e8e676fc77c9118396e2f865bee601fc3bb2cbc629f6e74fee92f4b91a81a31faf923aa42937e7398025bb6c7216a3327f3a2

Download Submit
C:\Windows\system\orsjlaM.exe

Filesize
5.7MB

MD5
ea48442bf2f03e426c27da27959c77cc

SHA1
c17d2449612586901848852e875cc43bb2a5b7da

SHA256
d40357e6f416d9473fa3334dd36769169882f1bda99a6f2fa76460437746ad24

SHA512
5babe4e27dd1c62ba985a6ae0a0f45dc973ae65a8d2ff480ed65bee8cabbe6c90da111917d956d770d63f0d240138393d2817153ba7c0f9b2dcf85c5ff3d4541

Download Submit
C:\Windows\system\raEvJwg.exe

Filesize
5.7MB

MD5
c33dd272f41b98a6362663a954d58416

SHA1
b5c4fa49eceefa9609c04a212b0f7d120804e2a0

SHA256
3dd307e066820fc1729f78d65e7471dcb7943aa7c2db37f3c945913a9ce26419

SHA512
1f95a5a494fd93cca33718b30b561a1ef1f0e24d881fae501bf46f7c01c49b9510df3111e9e943a695db48b1d98c28cf69ed0f0c17116a952cb48592c4e6ad32

Download Submit
C:\Windows\system\rjEVVmM.exe

Filesize
5.7MB

MD5
a1ddd2efb3a394952e3356a1bede6bdb

SHA1
ed433687690fc93b252dc5b34e2dd80577d139e1

SHA256
c27dee0a87535ffad6cd3bd0619a16e2f9b50bb7407f777675bef7c2ebece354

SHA512
e74538d95cc7d3a1dbcbe8204ba7e9a63af2b7c2696cea25f6964b117376e088c82875a7c9a4b6b9477ee78c01adde94d853ea56b376bc78fd294e8677b2d7bf

Download Submit
C:\Windows\system\uYoxeAe.exe

Filesize
5.7MB

MD5
5a7bd276bc9af6c370d76c2e01f409a3

SHA1
4f55775c0af2137e0d1b76a6a7cc80ef14eeb890

SHA256
74d9c639c4734963d6defe82934fef00c7e5ea63bbc64bcf38dcb785059cdd02

SHA512
1bdd46a723c56bdfada6b7f6783edf846aa40beb0bafef4a3a0ca2327276c74de4388b349953f22f32b683e6f00a53e8d8010f1e95e2b2249beafdaa3f0cecce

Download Submit
C:\Windows\system\vsgoYal.exe

Filesize
5.7MB

MD5
78d43bc77c755a2be90f294324ce75a3

SHA1
803811932e2527bb9bb0d36a9df5f1f80415229d

SHA256
6c307ebf5237941a078f55e5a7ca524f053329f45527e518c10777e40131aef6

SHA512
d232d35980ff550c0ad0738be9f661198d31e2fc5693cd23b4ddb8e8a98f7134d82a51cd2b5f4d59bb542646f46743094c14ebba60f902a8502a1a55b8657483

Download Submit
C:\Windows\system\wJHECUX.exe

Filesize
5.7MB

MD5
455739066f49921aa5111a9290c8473d

SHA1
7eb48d0ff373187da2403c365febb3d50fa40403

SHA256
6b3754890c20ba6a866fc51d77008f82f66d5e42f0cace8057eeffebe66e94c9

SHA512
f9fc5a30b047322cb43b00c554f0ccdc166927b668fae251b1d3bac3fcc5df2d444892f3245851e24002790ca7530ad08bd6ddc2067670e6bdc7f47078fd6876

Download Submit
\Windows\system\DBNHvjF.exe

Filesize
5.7MB

MD5
035408834511d03f73f593c5f6b776c5

SHA1
b33653cec6b99ca21920e74775ac806b6716a646

SHA256
b58f1562f30ba65484b94a9157ae15c6d3b346ecbd32107a4bab4e1a29954305

SHA512
bc32e3412167bf9727c36e2aa143ae3e6810d49a2fc21bd1277764fcfaac1d96221c178e4e28a8c303f6cfedb757abe6494e04b27f70c9354579edb259718a92

Download Submit
\Windows\system\Eievilm.exe

Filesize
5.7MB

MD5
084cd40ac9b1e9a518a606ec6d3d4fa3

SHA1
6c16a380b785251ee59d406491033c85025138fd

SHA256
568ba17b91b1f414415f1457dd19f90f3d7dac8d028d4b40a029a6c2e56b547d

SHA512
46935282746338b3f663050b1b61db5ccf581ea4e101b82c57c67263ec5bb760fa1688ef421b2a20f6ccc73b6d91bd7e10da94c81e944a8a122f6f6fdeba3d0f

Download Submit
\Windows\system\FvekCVN.exe

Filesize
5.7MB

MD5
01a996930a566ac8f14c6deda5b06efb

SHA1
d36bc29fe6e7ff513592f116d83506c6bad6e79d

SHA256
26cd14782e3e3d743955b4c2dcd2c6173fca04a2fa37e0a846c17cd4c9a623b6

SHA512
60667aca6b147281bab8f9913737f0b10426b30a2c2486cd272dcc62dbd1ce60cc8bca4deaf08061dea1ae70e8ff0aa2017dbec8ee9db9c14e90726bebe8d123

Download Submit
\Windows\system\cOZhOXA.exe

Filesize
5.7MB

MD5
4bc65327bbdf968a0dbe209da4df0f1f

SHA1
0301186c59091b53b544d064b86d140533fd35e2

SHA256
e57dcaa89d0f94743b75f4e77dedefdb0be8f9669d2bfa08f78d267405f2668d

SHA512
9266284c39faa127c7af8c11e46e4c2baab74b70cc1b02803a2280202e9d64253aa9158f3a2f64f8c6fc0c7ba8777b564d5c4edb34344a3253803c3ad77a33ff

Download Submit
\Windows\system\emnZXJL.exe

Filesize
5.7MB

MD5
94a2f4252bb22cbc0132dee14d9fd6b4

SHA1
118342fbfd1d6fdc74aea7ee07a0310359d1ac3e

SHA256
752f37fbb1923c8ae737bdb2d73e119c60701476031c1200f0698392ed71b202

SHA512
98900ca4716090459f8b7a516bc89232fea84ae4905f7ce40238e17067aea5daccb64c034cf3b3e6f3449d33ce623fef6e9afa2c8cb4c7dd5f7fe3aae86a15d0

Download Submit
\Windows\system\mhYbpok.exe

Filesize
5.7MB

MD5
7a528a2ee082a1c62b6f34b94ec1c35f

SHA1
38f947f2e3cebb2558671892f4141c5e620620c8

SHA256
8f744e262df2c20be613c5dee762bbb2f73a3a2900cf3e69b22df547de9bac83

SHA512
def26bd69855e9671846255c094f2c9cc4cc1534b8dfd708c4df03456806f933d1d780457de021401c00de6a864e359363d1555632d20da4c5522368f980d305

Download Submit
\Windows\system\wGxdZYe.exe

Filesize
5.7MB

MD5
22b9cac01420d5e39aff25949a942c90

SHA1
9c50195eee76a6ec8a524894be70afd82cd10bdf

SHA256
3d7ca758ab594033357f45dcf7737e4f210bf9816de9df80f5ae0f9689ea1965

SHA512
b39d09d5ac77d8d692c04632a319abec61d4087beeccc48b40ab1c2a8261a1931b357ef48adcb0d1fcea9576a109bb4219135e631101f109cf9f25ddefecc2d6

Download Submit
memory/648-213-0x000000013F2F0000-0x000000013F63D000-memory.dmp

Filesize
3.3MB

Download
memory/824-182-0x000000013F1C0000-0x000000013F50D000-memory.dmp

Filesize
3.3MB

Download
memory/900-207-0x000000013FF10000-0x000000014025D000-memory.dmp

Filesize
3.3MB

Download
memory/1424-121-0x000000013FBA0000-0x000000013FEED000-memory.dmp

Filesize
3.3MB

Download
memory/1728-201-0x000000013F560000-0x000000013F8AD000-memory.dmp

Filesize
3.3MB

Download
memory/1784-158-0x000000013F360000-0x000000013F6AD000-memory.dmp

Filesize
3.3MB

Download
memory/1964-220-0x000000013F470000-0x000000013F7BD000-memory.dmp

Filesize
3.3MB

Download
memory/1992-122-0x000000013F100000-0x000000013F44D000-memory.dmp

Filesize
3.3MB

Download
memory/2008-107-0x000000013F700000-0x000000013FA4D000-memory.dmp

Filesize
3.3MB

Download
memory/2192-113-0x000000013FD60000-0x00000001400AD000-memory.dmp

Filesize
3.3MB

Download
memory/2256-152-0x000000013FB60000-0x000000013FEAD000-memory.dmp

Filesize
3.3MB

Download
memory/2272-0-0x000000013F5C0000-0x000000013F90D000-memory.dmp

Filesize
3.3MB

Download
memory/2272-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/2280-22-0x000000013FA10000-0x000000013FD5D000-memory.dmp

Filesize
3.3MB

Download
memory/2296-194-0x000000013F670000-0x000000013F9BD000-memory.dmp

Filesize
3.3MB

Download
memory/2464-161-0x000000013F900000-0x000000013FC4D000-memory.dmp

Filesize
3.3MB

Download
memory/2472-17-0x000000013FA00000-0x000000013FD4D000-memory.dmp

Filesize
3.3MB

Download
memory/2500-156-0x000000013F420000-0x000000013F76D000-memory.dmp

Filesize
3.3MB

Download
memory/2580-116-0x000000013F240000-0x000000013F58D000-memory.dmp

Filesize
3.3MB

Download
memory/2584-119-0x000000013F280000-0x000000013F5CD000-memory.dmp

Filesize
3.3MB

Download
memory/2652-7-0x000000013FE80000-0x00000001401CD000-memory.dmp

Filesize
3.3MB

Download
memory/2716-157-0x000000013F800000-0x000000013FB4D000-memory.dmp

Filesize
3.3MB

Download
memory/2732-162-0x000000013FC80000-0x000000013FFCD000-memory.dmp

Filesize
3.3MB

Download
memory/2744-118-0x000000013F9E0000-0x000000013FD2D000-memory.dmp

Filesize
3.3MB

Download
memory/2768-160-0x000000013F020000-0x000000013F36D000-memory.dmp

Filesize
3.3MB

Download
memory/2784-115-0x000000013F750000-0x000000013FA9D000-memory.dmp

Filesize
3.3MB

Download
memory/2792-164-0x000000013F620000-0x000000013F96D000-memory.dmp

Filesize
3.3MB

Download
memory/2808-163-0x000000013F180000-0x000000013F4CD000-memory.dmp

Filesize
3.3MB

Download
memory/2860-117-0x000000013FE90000-0x00000001401DD000-memory.dmp

Filesize
3.3MB

Download
memory/2900-146-0x000000013F6F0000-0x000000013FA3D000-memory.dmp

Filesize
3.3MB

Download
memory/2932-153-0x000000013FB40000-0x000000013FE8D000-memory.dmp

Filesize
3.3MB

Download
memory/3052-120-0x000000013F910000-0x000000013FC5D000-memory.dmp

Filesize
3.3MB

Download