cobaltstrike | 08b2086e51a3019983c4c88499675fd06a978ad311ce4ad0f5b7803854fa9ec5

Analysis

max time kernel
150s
max time network
20s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
15/11/2024, 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

10a89b309a7651b0aa94e9305e404614
SHA1

2084a2fae8a02eb683694fc79a44a364848a98f9
SHA256

08b2086e51a3019983c4c88499675fd06a978ad311ce4ad0f5b7803854fa9ec5
SHA512

94f29b6b9f3cbe271918b1ca2c8bf9ec34ace1dc5e1cbfb1d97f0369bd3f7f70077d4eedd1b19f55dca1db09857ac1fdcf88c5af8459ce9ae77cf1dd1eda4bbe
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUy:T+q56utgpPF8u/7y

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001225c-6.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ace-8.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c10-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c1a-18.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c23-25.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016fc9-30.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000016458-36.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-41.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c7-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019480-55.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019490-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-150.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-75.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001948c-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019489-60.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019470-50.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 62 IoCs

miner

resource	yara_rule
behavioral1/memory/2344-0-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x000c00000001225c-6.dat	xmrig
behavioral1/files/0x0009000000016ace-8.dat	xmrig
behavioral1/files/0x0007000000016c10-12.dat	xmrig
behavioral1/files/0x0007000000016c1a-18.dat	xmrig
behavioral1/files/0x0007000000016c23-25.dat	xmrig
behavioral1/files/0x0009000000016fc9-30.dat	xmrig
behavioral1/files/0x000c000000016458-36.dat	xmrig
behavioral1/files/0x0002000000018334-41.dat	xmrig
behavioral1/files/0x00060000000193c7-45.dat	xmrig
behavioral1/files/0x0005000000019480-55.dat	xmrig
behavioral1/files/0x0005000000019490-70.dat	xmrig
behavioral1/files/0x00050000000194eb-80.dat	xmrig
behavioral1/files/0x0005000000019515-95.dat	xmrig
behavioral1/files/0x0005000000019547-100.dat	xmrig
behavioral1/files/0x00050000000195a7-110.dat	xmrig
behavioral1/files/0x00050000000195b1-133.dat	xmrig
behavioral1/files/0x00050000000195b3-140.dat	xmrig
behavioral1/files/0x00050000000195b5-145.dat	xmrig
behavioral1/files/0x00050000000195af-130.dat	xmrig
behavioral1/files/0x00050000000195ab-120.dat	xmrig
behavioral1/files/0x00050000000195ad-126.dat	xmrig
behavioral1/memory/2344-661-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2868-278-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2876-276-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2772-274-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2432-272-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2284-270-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/1660-268-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/644-266-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2172-265-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2672-296-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/1920-294-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2692-292-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2892-290-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2928-288-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2960-286-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/files/0x00050000000195bd-160.dat	xmrig
behavioral1/files/0x00050000000195b7-150.dat	xmrig
behavioral1/files/0x00050000000195bb-154.dat	xmrig
behavioral1/files/0x00050000000195a9-116.dat	xmrig
behavioral1/files/0x000500000001957c-105.dat	xmrig
behavioral1/files/0x000500000001950f-90.dat	xmrig
behavioral1/files/0x00050000000194ef-85.dat	xmrig
behavioral1/files/0x00050000000194a3-75.dat	xmrig
behavioral1/files/0x000500000001948c-65.dat	xmrig
behavioral1/files/0x0005000000019489-60.dat	xmrig
behavioral1/files/0x0005000000019470-50.dat	xmrig
behavioral1/memory/2772-1499-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2672-1504-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2692-1503-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/644-1502-0x000000013F570000-0x000000013F8C4000-memory.dmp	xmrig
behavioral1/memory/2928-1501-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2868-1500-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2892-1490-0x000000013FF20000-0x0000000140274000-memory.dmp	xmrig
behavioral1/memory/2876-1488-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2172-1492-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/1920-1491-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/2960-1489-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2432-1487-0x000000013FCC0000-0x0000000140014000-memory.dmp	xmrig
behavioral1/memory/2284-1486-0x000000013FDF0000-0x0000000140144000-memory.dmp	xmrig
behavioral1/memory/1660-1485-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2172	gErIcov.exe
644	vfGwxrW.exe
1660	dVLyXNk.exe
2284	PVOWLOx.exe
2432	laOHSPs.exe
2772	QEDTaWY.exe
2876	JgQXZmK.exe
2868	KOYQgGF.exe
2960	cWQwpzg.exe
2928	uirxtBs.exe
2892	YekBUEz.exe
2692	NmbeWeM.exe
1920	SEMLreB.exe
2672	MPcqEYL.exe
2732	RgOjZvs.exe
436	uZVDIMc.exe
2904	AsHqIpi.exe
2308	tMiWdtl.exe
544	xSoTmOu.exe
2984	gLeidPo.exe
2584	LpWtUVB.exe
1760	KRYkyLI.exe
1800	INLFTmr.exe
3000	bSsiSGG.exe
2108	vIYlFLQ.exe
1400	QrwjItL.exe
1908	TljtOnU.exe
820	HkKoTFB.exe
2232	GWZofDi.exe
3044	kJNlCyV.exe
2424	HsXXHbg.exe
588	OzufZuo.exe
2356	Mdiflac.exe
648	bpSsFlz.exe
2532	wmdjOpd.exe
1412	hhdqBPO.exe
604	RFYGIey.exe
1492	iHOgYep.exe
1044	vedkqzu.exe
1772	nWdBwSZ.exe
1212	rgaGSqk.exe
2040	DExLSLO.exe
616	TuyVDDx.exe
960	oCbTEzj.exe
1580	HtSzlDw.exe
2596	osIkGYF.exe
792	TnbZZRu.exe
2436	qmQHCXW.exe
2556	gBdcyfl.exe
1572	SHEtiVI.exe
2748	WUPFZIO.exe
1740	ukyCAWo.exe
2164	WfJpwrJ.exe
2520	jGKoykI.exe
2872	ytJojOa.exe
2860	ZiIVkld.exe
2668	fNfIvdR.exe
2700	kYwHPyH.exe
2536	IuUKoHp.exe
2012	YuArmCf.exe
2492	nDQIQbi.exe
2448	WaGgqFh.exe
1112	oVUIeZh.exe
1540	CvFslQM.exe

Loads dropped DLL 64 IoCs

pid	Process
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-0-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x000c00000001225c-6.dat	upx
behavioral1/files/0x0009000000016ace-8.dat	upx
behavioral1/files/0x0007000000016c10-12.dat	upx
behavioral1/files/0x0007000000016c1a-18.dat	upx
behavioral1/files/0x0007000000016c23-25.dat	upx
behavioral1/files/0x0009000000016fc9-30.dat	upx
behavioral1/files/0x000c000000016458-36.dat	upx
behavioral1/files/0x0002000000018334-41.dat	upx
behavioral1/files/0x00060000000193c7-45.dat	upx
behavioral1/files/0x0005000000019480-55.dat	upx
behavioral1/files/0x0005000000019490-70.dat	upx
behavioral1/files/0x00050000000194eb-80.dat	upx
behavioral1/files/0x0005000000019515-95.dat	upx
behavioral1/files/0x0005000000019547-100.dat	upx
behavioral1/files/0x00050000000195a7-110.dat	upx
behavioral1/files/0x00050000000195b1-133.dat	upx
behavioral1/files/0x00050000000195b3-140.dat	upx
behavioral1/files/0x00050000000195b5-145.dat	upx
behavioral1/files/0x00050000000195af-130.dat	upx
behavioral1/files/0x00050000000195ab-120.dat	upx
behavioral1/files/0x00050000000195ad-126.dat	upx
behavioral1/memory/2344-661-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2868-278-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2876-276-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2772-274-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2432-272-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2284-270-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/1660-268-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/644-266-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2172-265-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2672-296-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/1920-294-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2692-292-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2892-290-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2928-288-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2960-286-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/files/0x00050000000195bd-160.dat	upx
behavioral1/files/0x00050000000195b7-150.dat	upx
behavioral1/files/0x00050000000195bb-154.dat	upx
behavioral1/files/0x00050000000195a9-116.dat	upx
behavioral1/files/0x000500000001957c-105.dat	upx
behavioral1/files/0x000500000001950f-90.dat	upx
behavioral1/files/0x00050000000194ef-85.dat	upx
behavioral1/files/0x00050000000194a3-75.dat	upx
behavioral1/files/0x000500000001948c-65.dat	upx
behavioral1/files/0x0005000000019489-60.dat	upx
behavioral1/files/0x0005000000019470-50.dat	upx
behavioral1/memory/2772-1499-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2672-1504-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2692-1503-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/644-1502-0x000000013F570000-0x000000013F8C4000-memory.dmp	upx
behavioral1/memory/2928-1501-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2868-1500-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2892-1490-0x000000013FF20000-0x0000000140274000-memory.dmp	upx
behavioral1/memory/2876-1488-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2172-1492-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/1920-1491-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/2960-1489-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/2432-1487-0x000000013FCC0000-0x0000000140014000-memory.dmp	upx
behavioral1/memory/2284-1486-0x000000013FDF0000-0x0000000140144000-memory.dmp	upx
behavioral1/memory/1660-1485-0x000000013F630000-0x000000013F984000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\zDoOGTy.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wAiBHtg.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZVCyOy.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGxkfQF.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ocfxCxk.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhakVqB.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPIKKaL.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTRgVNt.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Mdiflac.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nWdBwSZ.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xxCHatb.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYlclcO.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TSeeXzA.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MZwozUn.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hWApvCG.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KcYRqig.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owgqPuS.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFIkSMt.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IHBXzve.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XalmNtC.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MYUlVQT.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JnTvUbd.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lkPjQEA.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjibWxV.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bSsiSGG.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qANFYLL.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUrQyTX.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qkojUEn.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HkKoTFB.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMyKSWI.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSgdeVY.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\irvQopj.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sxoubNN.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShqsuNI.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jzuNTeP.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VaPcAmk.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGDsQPR.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHvtaSZ.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eRcXFzM.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oAzmwRE.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jxiQrut.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMsbNhj.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjFUECj.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYjGIpp.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHPxebZ.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUdxcPq.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FekUTZY.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKBUElA.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MUKZags.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxAfREX.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CEyBnJj.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oyhpfEI.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sJaxPBQ.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GNAlVlp.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\efHEaFg.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dHxZYeR.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rDPKLxw.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPyznDM.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnnoIco.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrDxfvh.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQasucC.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAebJDj.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVcewat.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eoARTYD.exe	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2172	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2344 wrote to memory of 2172	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2344 wrote to memory of 2172	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2344 wrote to memory of 644	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2344 wrote to memory of 644	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2344 wrote to memory of 644	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2344 wrote to memory of 1660	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2344 wrote to memory of 1660	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2344 wrote to memory of 1660	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2344 wrote to memory of 2284	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2344 wrote to memory of 2284	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2344 wrote to memory of 2284	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2344 wrote to memory of 2432	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2344 wrote to memory of 2432	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2344 wrote to memory of 2432	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2344 wrote to memory of 2772	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2344 wrote to memory of 2772	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2344 wrote to memory of 2772	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2344 wrote to memory of 2876	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2344 wrote to memory of 2876	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2344 wrote to memory of 2876	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2344 wrote to memory of 2868	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2344 wrote to memory of 2868	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2344 wrote to memory of 2868	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2344 wrote to memory of 2960	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2344 wrote to memory of 2960	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2344 wrote to memory of 2960	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2344 wrote to memory of 2928	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2344 wrote to memory of 2928	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2344 wrote to memory of 2928	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2344 wrote to memory of 2892	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2344 wrote to memory of 2892	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2344 wrote to memory of 2892	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2344 wrote to memory of 2692	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2344 wrote to memory of 2692	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2344 wrote to memory of 2692	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2344 wrote to memory of 1920	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2344 wrote to memory of 1920	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2344 wrote to memory of 1920	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2344 wrote to memory of 2672	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2344 wrote to memory of 2672	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2344 wrote to memory of 2672	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2344 wrote to memory of 2732	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2344 wrote to memory of 2732	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2344 wrote to memory of 2732	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2344 wrote to memory of 436	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2344 wrote to memory of 436	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2344 wrote to memory of 436	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2344 wrote to memory of 2904	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2344 wrote to memory of 2904	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2344 wrote to memory of 2904	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2344 wrote to memory of 2308	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2344 wrote to memory of 2308	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2344 wrote to memory of 2308	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2344 wrote to memory of 544	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2344 wrote to memory of 544	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2344 wrote to memory of 544	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2344 wrote to memory of 2984	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2344 wrote to memory of 2984	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2344 wrote to memory of 2984	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2344 wrote to memory of 2584	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2344 wrote to memory of 2584	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2344 wrote to memory of 2584	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2344 wrote to memory of 1760	2344	2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-15_10a89b309a7651b0aa94e9305e404614_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2344
- C:\Windows\System\gErIcov.exe
  C:\Windows\System\gErIcov.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\vfGwxrW.exe
  C:\Windows\System\vfGwxrW.exe
  2⤵
  - Executes dropped EXE
  PID:644
- C:\Windows\System\dVLyXNk.exe
  C:\Windows\System\dVLyXNk.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\PVOWLOx.exe
  C:\Windows\System\PVOWLOx.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\laOHSPs.exe
  C:\Windows\System\laOHSPs.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\QEDTaWY.exe
  C:\Windows\System\QEDTaWY.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\JgQXZmK.exe
  C:\Windows\System\JgQXZmK.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\KOYQgGF.exe
  C:\Windows\System\KOYQgGF.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\cWQwpzg.exe
  C:\Windows\System\cWQwpzg.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\uirxtBs.exe
  C:\Windows\System\uirxtBs.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\YekBUEz.exe
  C:\Windows\System\YekBUEz.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\NmbeWeM.exe
  C:\Windows\System\NmbeWeM.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\SEMLreB.exe
  C:\Windows\System\SEMLreB.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\MPcqEYL.exe
  C:\Windows\System\MPcqEYL.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\RgOjZvs.exe
  C:\Windows\System\RgOjZvs.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\uZVDIMc.exe
  C:\Windows\System\uZVDIMc.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\AsHqIpi.exe
  C:\Windows\System\AsHqIpi.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\tMiWdtl.exe
  C:\Windows\System\tMiWdtl.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\xSoTmOu.exe
  C:\Windows\System\xSoTmOu.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\gLeidPo.exe
  C:\Windows\System\gLeidPo.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\LpWtUVB.exe
  C:\Windows\System\LpWtUVB.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\KRYkyLI.exe
  C:\Windows\System\KRYkyLI.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\INLFTmr.exe
  C:\Windows\System\INLFTmr.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\bSsiSGG.exe
  C:\Windows\System\bSsiSGG.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\vIYlFLQ.exe
  C:\Windows\System\vIYlFLQ.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\QrwjItL.exe
  C:\Windows\System\QrwjItL.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\TljtOnU.exe
  C:\Windows\System\TljtOnU.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\HkKoTFB.exe
  C:\Windows\System\HkKoTFB.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\GWZofDi.exe
  C:\Windows\System\GWZofDi.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\kJNlCyV.exe
  C:\Windows\System\kJNlCyV.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\HsXXHbg.exe
  C:\Windows\System\HsXXHbg.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\OzufZuo.exe
  C:\Windows\System\OzufZuo.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\Mdiflac.exe
  C:\Windows\System\Mdiflac.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\bpSsFlz.exe
  C:\Windows\System\bpSsFlz.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\wmdjOpd.exe
  C:\Windows\System\wmdjOpd.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\hhdqBPO.exe
  C:\Windows\System\hhdqBPO.exe
  2⤵
  - Executes dropped EXE
  PID:1412
- C:\Windows\System\RFYGIey.exe
  C:\Windows\System\RFYGIey.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\oCbTEzj.exe
  C:\Windows\System\oCbTEzj.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\iHOgYep.exe
  C:\Windows\System\iHOgYep.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\TnbZZRu.exe
  C:\Windows\System\TnbZZRu.exe
  2⤵
  - Executes dropped EXE
  PID:792
- C:\Windows\System\vedkqzu.exe
  C:\Windows\System\vedkqzu.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\SHEtiVI.exe
  C:\Windows\System\SHEtiVI.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\nWdBwSZ.exe
  C:\Windows\System\nWdBwSZ.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\ukyCAWo.exe
  C:\Windows\System\ukyCAWo.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\rgaGSqk.exe
  C:\Windows\System\rgaGSqk.exe
  2⤵
  - Executes dropped EXE
  PID:1212
- C:\Windows\System\IuUKoHp.exe
  C:\Windows\System\IuUKoHp.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\DExLSLO.exe
  C:\Windows\System\DExLSLO.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\YuArmCf.exe
  C:\Windows\System\YuArmCf.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\TuyVDDx.exe
  C:\Windows\System\TuyVDDx.exe
  2⤵
  - Executes dropped EXE
  PID:616
- C:\Windows\System\nDQIQbi.exe
  C:\Windows\System\nDQIQbi.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\HtSzlDw.exe
  C:\Windows\System\HtSzlDw.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\WaGgqFh.exe
  C:\Windows\System\WaGgqFh.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\osIkGYF.exe
  C:\Windows\System\osIkGYF.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\oVUIeZh.exe
  C:\Windows\System\oVUIeZh.exe
  2⤵
  - Executes dropped EXE
  PID:1112
- C:\Windows\System\qmQHCXW.exe
  C:\Windows\System\qmQHCXW.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\CvFslQM.exe
  C:\Windows\System\CvFslQM.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\gBdcyfl.exe
  C:\Windows\System\gBdcyfl.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\oXwjcPw.exe
  C:\Windows\System\oXwjcPw.exe
  2⤵
  PID:2616
- C:\Windows\System\WUPFZIO.exe
  C:\Windows\System\WUPFZIO.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\biKPgVk.exe
  C:\Windows\System\biKPgVk.exe
  2⤵
  PID:1728
- C:\Windows\System\WfJpwrJ.exe
  C:\Windows\System\WfJpwrJ.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\FxwjLaU.exe
  C:\Windows\System\FxwjLaU.exe
  2⤵
  PID:3016
- C:\Windows\System\jGKoykI.exe
  C:\Windows\System\jGKoykI.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\cExNXXM.exe
  C:\Windows\System\cExNXXM.exe
  2⤵
  PID:2816
- C:\Windows\System\ytJojOa.exe
  C:\Windows\System\ytJojOa.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\BCLJbXy.exe
  C:\Windows\System\BCLJbXy.exe
  2⤵
  PID:2896
- C:\Windows\System\ZiIVkld.exe
  C:\Windows\System\ZiIVkld.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\xSZUJSV.exe
  C:\Windows\System\xSZUJSV.exe
  2⤵
  PID:2300
- C:\Windows\System\fNfIvdR.exe
  C:\Windows\System\fNfIvdR.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\RQsVXOH.exe
  C:\Windows\System\RQsVXOH.exe
  2⤵
  PID:2720
- C:\Windows\System\kYwHPyH.exe
  C:\Windows\System\kYwHPyH.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\Eopsmaj.exe
  C:\Windows\System\Eopsmaj.exe
  2⤵
  PID:772
- C:\Windows\System\ngHfWbb.exe
  C:\Windows\System\ngHfWbb.exe
  2⤵
  PID:1100
- C:\Windows\System\STkTeHK.exe
  C:\Windows\System\STkTeHK.exe
  2⤵
  PID:2468
- C:\Windows\System\szvgtck.exe
  C:\Windows\System\szvgtck.exe
  2⤵
  PID:1712
- C:\Windows\System\zpxjYMl.exe
  C:\Windows\System\zpxjYMl.exe
  2⤵
  PID:1964
- C:\Windows\System\fPSCPDA.exe
  C:\Windows\System\fPSCPDA.exe
  2⤵
  PID:804
- C:\Windows\System\OxJabdR.exe
  C:\Windows\System\OxJabdR.exe
  2⤵
  PID:2168
- C:\Windows\System\wPGACXb.exe
  C:\Windows\System\wPGACXb.exe
  2⤵
  PID:2704
- C:\Windows\System\tOFtnac.exe
  C:\Windows\System\tOFtnac.exe
  2⤵
  PID:2112
- C:\Windows\System\kRbESXr.exe
  C:\Windows\System\kRbESXr.exe
  2⤵
  PID:2756
- C:\Windows\System\FiRpbLb.exe
  C:\Windows\System\FiRpbLb.exe
  2⤵
  PID:2956
- C:\Windows\System\yomikjn.exe
  C:\Windows\System\yomikjn.exe
  2⤵
  PID:1752
- C:\Windows\System\nnhuwNE.exe
  C:\Windows\System\nnhuwNE.exe
  2⤵
  PID:2976
- C:\Windows\System\fyFKbsv.exe
  C:\Windows\System\fyFKbsv.exe
  2⤵
  PID:2020
- C:\Windows\System\WeTIqbK.exe
  C:\Windows\System\WeTIqbK.exe
  2⤵
  PID:892
- C:\Windows\System\bradAfb.exe
  C:\Windows\System\bradAfb.exe
  2⤵
  PID:2440
- C:\Windows\System\grPnDUr.exe
  C:\Windows\System\grPnDUr.exe
  2⤵
  PID:2628
- C:\Windows\System\KUKIzfO.exe
  C:\Windows\System\KUKIzfO.exe
  2⤵
  PID:1764
- C:\Windows\System\MPMzFFl.exe
  C:\Windows\System\MPMzFFl.exe
  2⤵
  PID:952
- C:\Windows\System\HPduwno.exe
  C:\Windows\System\HPduwno.exe
  2⤵
  PID:2396
- C:\Windows\System\AgDFcvp.exe
  C:\Windows\System\AgDFcvp.exe
  2⤵
  PID:2528
- C:\Windows\System\KcYRqig.exe
  C:\Windows\System\KcYRqig.exe
  2⤵
  PID:2120
- C:\Windows\System\qANFYLL.exe
  C:\Windows\System\qANFYLL.exe
  2⤵
  PID:2096
- C:\Windows\System\wwFEvOx.exe
  C:\Windows\System\wwFEvOx.exe
  2⤵
  PID:2224
- C:\Windows\System\HSkyeNp.exe
  C:\Windows\System\HSkyeNp.exe
  2⤵
  PID:1816
- C:\Windows\System\AsRzwlN.exe
  C:\Windows\System\AsRzwlN.exe
  2⤵
  PID:972
- C:\Windows\System\gRdrgHy.exe
  C:\Windows\System\gRdrgHy.exe
  2⤵
  PID:1724
- C:\Windows\System\oHhEsXd.exe
  C:\Windows\System\oHhEsXd.exe
  2⤵
  PID:1592
- C:\Windows\System\mGxkfQF.exe
  C:\Windows\System\mGxkfQF.exe
  2⤵
  PID:1656
- C:\Windows\System\hGKlDzY.exe
  C:\Windows\System\hGKlDzY.exe
  2⤵
  PID:1716
- C:\Windows\System\EClllYd.exe
  C:\Windows\System\EClllYd.exe
  2⤵
  PID:1888
- C:\Windows\System\OAdPjxy.exe
  C:\Windows\System\OAdPjxy.exe
  2⤵
  PID:2540
- C:\Windows\System\lpCKLeD.exe
  C:\Windows\System\lpCKLeD.exe
  2⤵
  PID:2932
- C:\Windows\System\zKbllth.exe
  C:\Windows\System\zKbllth.exe
  2⤵
  PID:2972
- C:\Windows\System\IeRulef.exe
  C:\Windows\System\IeRulef.exe
  2⤵
  PID:932
- C:\Windows\System\lWFXsaD.exe
  C:\Windows\System\lWFXsaD.exe
  2⤵
  PID:2268
- C:\Windows\System\wIcxsyO.exe
  C:\Windows\System\wIcxsyO.exe
  2⤵
  PID:2296
- C:\Windows\System\AkKjPdO.exe
  C:\Windows\System\AkKjPdO.exe
  2⤵
  PID:2320
- C:\Windows\System\Tlkwsfg.exe
  C:\Windows\System\Tlkwsfg.exe
  2⤵
  PID:1828
- C:\Windows\System\EcWBLPT.exe
  C:\Windows\System\EcWBLPT.exe
  2⤵
  PID:3068
- C:\Windows\System\aJdQIkQ.exe
  C:\Windows\System\aJdQIkQ.exe
  2⤵
  PID:788
- C:\Windows\System\pWawlOo.exe
  C:\Windows\System\pWawlOo.exe
  2⤵
  PID:1072
- C:\Windows\System\rWtgbvI.exe
  C:\Windows\System\rWtgbvI.exe
  2⤵
  PID:1104
- C:\Windows\System\QPaHYdV.exe
  C:\Windows\System\QPaHYdV.exe
  2⤵
  PID:2388
- C:\Windows\System\QSyDxkX.exe
  C:\Windows\System\QSyDxkX.exe
  2⤵
  PID:2264
- C:\Windows\System\pknZEOs.exe
  C:\Windows\System\pknZEOs.exe
  2⤵
  PID:3080
- C:\Windows\System\PJwttdN.exe
  C:\Windows\System\PJwttdN.exe
  2⤵
  PID:3100
- C:\Windows\System\akWahyf.exe
  C:\Windows\System\akWahyf.exe
  2⤵
  PID:3124
- C:\Windows\System\fIivCsk.exe
  C:\Windows\System\fIivCsk.exe
  2⤵
  PID:3160
- C:\Windows\System\MHCRJhL.exe
  C:\Windows\System\MHCRJhL.exe
  2⤵
  PID:3176
- C:\Windows\System\BCMCEey.exe
  C:\Windows\System\BCMCEey.exe
  2⤵
  PID:3196
- C:\Windows\System\fQuNuLQ.exe
  C:\Windows\System\fQuNuLQ.exe
  2⤵
  PID:3216
- C:\Windows\System\tsiecRk.exe
  C:\Windows\System\tsiecRk.exe
  2⤵
  PID:3232
- C:\Windows\System\dWDDonT.exe
  C:\Windows\System\dWDDonT.exe
  2⤵
  PID:3248
- C:\Windows\System\XyXZHKS.exe
  C:\Windows\System\XyXZHKS.exe
  2⤵
  PID:3264
- C:\Windows\System\nGwhaHo.exe
  C:\Windows\System\nGwhaHo.exe
  2⤵
  PID:3280
- C:\Windows\System\HhfqLmv.exe
  C:\Windows\System\HhfqLmv.exe
  2⤵
  PID:3296
- C:\Windows\System\BIJouWt.exe
  C:\Windows\System\BIJouWt.exe
  2⤵
  PID:3316
- C:\Windows\System\CGUkjzk.exe
  C:\Windows\System\CGUkjzk.exe
  2⤵
  PID:3340
- C:\Windows\System\BnvmrJs.exe
  C:\Windows\System\BnvmrJs.exe
  2⤵
  PID:3356
- C:\Windows\System\BKqTfgV.exe
  C:\Windows\System\BKqTfgV.exe
  2⤵
  PID:3372
- C:\Windows\System\YpdixKk.exe
  C:\Windows\System\YpdixKk.exe
  2⤵
  PID:3392
- C:\Windows\System\IDbDIQY.exe
  C:\Windows\System\IDbDIQY.exe
  2⤵
  PID:3412
- C:\Windows\System\hOmkooZ.exe
  C:\Windows\System\hOmkooZ.exe
  2⤵
  PID:3432
- C:\Windows\System\yCTXptw.exe
  C:\Windows\System\yCTXptw.exe
  2⤵
  PID:3448
- C:\Windows\System\oKdCnUi.exe
  C:\Windows\System\oKdCnUi.exe
  2⤵
  PID:3464
- C:\Windows\System\RUpfcnq.exe
  C:\Windows\System\RUpfcnq.exe
  2⤵
  PID:3480
- C:\Windows\System\fSzdQsn.exe
  C:\Windows\System\fSzdQsn.exe
  2⤵
  PID:3496
- C:\Windows\System\ayqgBCb.exe
  C:\Windows\System\ayqgBCb.exe
  2⤵
  PID:3516
- C:\Windows\System\HjEgQMe.exe
  C:\Windows\System\HjEgQMe.exe
  2⤵
  PID:3536
- C:\Windows\System\WhhWUXp.exe
  C:\Windows\System\WhhWUXp.exe
  2⤵
  PID:3560
- C:\Windows\System\AWUCkIW.exe
  C:\Windows\System\AWUCkIW.exe
  2⤵
  PID:3580
- C:\Windows\System\VHGNgXy.exe
  C:\Windows\System\VHGNgXy.exe
  2⤵
  PID:3596
- C:\Windows\System\aZwPMOs.exe
  C:\Windows\System\aZwPMOs.exe
  2⤵
  PID:3612
- C:\Windows\System\hWdtTdA.exe
  C:\Windows\System\hWdtTdA.exe
  2⤵
  PID:3628
- C:\Windows\System\XbNiBOH.exe
  C:\Windows\System\XbNiBOH.exe
  2⤵
  PID:3656
- C:\Windows\System\XuutTAV.exe
  C:\Windows\System\XuutTAV.exe
  2⤵
  PID:3680
- C:\Windows\System\qEIZYyA.exe
  C:\Windows\System\qEIZYyA.exe
  2⤵
  PID:3760
- C:\Windows\System\zWAhBkI.exe
  C:\Windows\System\zWAhBkI.exe
  2⤵
  PID:3780
- C:\Windows\System\DjLaNMA.exe
  C:\Windows\System\DjLaNMA.exe
  2⤵
  PID:3800
- C:\Windows\System\ksnDVIa.exe
  C:\Windows\System\ksnDVIa.exe
  2⤵
  PID:3816
- C:\Windows\System\GYSTklQ.exe
  C:\Windows\System\GYSTklQ.exe
  2⤵
  PID:3840
- C:\Windows\System\PJxFUEV.exe
  C:\Windows\System\PJxFUEV.exe
  2⤵
  PID:3856
- C:\Windows\System\GBUanFK.exe
  C:\Windows\System\GBUanFK.exe
  2⤵
  PID:3876
- C:\Windows\System\bgyCeWG.exe
  C:\Windows\System\bgyCeWG.exe
  2⤵
  PID:3900
- C:\Windows\System\NTRozMx.exe
  C:\Windows\System\NTRozMx.exe
  2⤵
  PID:3916
- C:\Windows\System\ZCQtCOV.exe
  C:\Windows\System\ZCQtCOV.exe
  2⤵
  PID:3932
- C:\Windows\System\rkkJjXn.exe
  C:\Windows\System\rkkJjXn.exe
  2⤵
  PID:3948
- C:\Windows\System\phqLiqZ.exe
  C:\Windows\System\phqLiqZ.exe
  2⤵
  PID:3964
- C:\Windows\System\CDmHOxL.exe
  C:\Windows\System\CDmHOxL.exe
  2⤵
  PID:3980
- C:\Windows\System\lJdDEkc.exe
  C:\Windows\System\lJdDEkc.exe
  2⤵
  PID:4004
- C:\Windows\System\DRiGksI.exe
  C:\Windows\System\DRiGksI.exe
  2⤵
  PID:4024
- C:\Windows\System\FVAXBGP.exe
  C:\Windows\System\FVAXBGP.exe
  2⤵
  PID:4040
- C:\Windows\System\AFInhUR.exe
  C:\Windows\System\AFInhUR.exe
  2⤵
  PID:4064
- C:\Windows\System\tJKyBqU.exe
  C:\Windows\System\tJKyBqU.exe
  2⤵
  PID:4084
- C:\Windows\System\ocfxCxk.exe
  C:\Windows\System\ocfxCxk.exe
  2⤵
  PID:2504
- C:\Windows\System\CsixXLH.exe
  C:\Windows\System\CsixXLH.exe
  2⤵
  PID:2648
- C:\Windows\System\BageYRB.exe
  C:\Windows\System\BageYRB.exe
  2⤵
  PID:1832
- C:\Windows\System\VmvRimw.exe
  C:\Windows\System\VmvRimw.exe
  2⤵
  PID:2792
- C:\Windows\System\SvFXxmv.exe
  C:\Windows\System\SvFXxmv.exe
  2⤵
  PID:3096
- C:\Windows\System\RbwYHrk.exe
  C:\Windows\System\RbwYHrk.exe
  2⤵
  PID:3136
- C:\Windows\System\kJLiRLz.exe
  C:\Windows\System\kJLiRLz.exe
  2⤵
  PID:3184
- C:\Windows\System\QTriAnn.exe
  C:\Windows\System\QTriAnn.exe
  2⤵
  PID:3228
- C:\Windows\System\kCJPUJF.exe
  C:\Windows\System\kCJPUJF.exe
  2⤵
  PID:3324
- C:\Windows\System\zFqAMVD.exe
  C:\Windows\System\zFqAMVD.exe
  2⤵
  PID:3364
- C:\Windows\System\FGFjjds.exe
  C:\Windows\System\FGFjjds.exe
  2⤵
  PID:3440
- C:\Windows\System\rqrJrKg.exe
  C:\Windows\System\rqrJrKg.exe
  2⤵
  PID:1936
- C:\Windows\System\xmHgeKN.exe
  C:\Windows\System\xmHgeKN.exe
  2⤵
  PID:3116
- C:\Windows\System\HYJfYve.exe
  C:\Windows\System\HYJfYve.exe
  2⤵
  PID:3620
- C:\Windows\System\CxeLQfL.exe
  C:\Windows\System\CxeLQfL.exe
  2⤵
  PID:3668
- C:\Windows\System\LlyBpni.exe
  C:\Windows\System\LlyBpni.exe
  2⤵
  PID:3240
- C:\Windows\System\jWKUUyk.exe
  C:\Windows\System\jWKUUyk.exe
  2⤵
  PID:3304
- C:\Windows\System\fHkIWGa.exe
  C:\Windows\System\fHkIWGa.exe
  2⤵
  PID:3380
- C:\Windows\System\lcOagFy.exe
  C:\Windows\System\lcOagFy.exe
  2⤵
  PID:3424
- C:\Windows\System\CqJfBRE.exe
  C:\Windows\System\CqJfBRE.exe
  2⤵
  PID:3524
- C:\Windows\System\ABZcsxc.exe
  C:\Windows\System\ABZcsxc.exe
  2⤵
  PID:3572
- C:\Windows\System\owgqPuS.exe
  C:\Windows\System\owgqPuS.exe
  2⤵
  PID:3644
- C:\Windows\System\cNGwifm.exe
  C:\Windows\System\cNGwifm.exe
  2⤵
  PID:3204
- C:\Windows\System\jllTWLI.exe
  C:\Windows\System\jllTWLI.exe
  2⤵
  PID:3712
- C:\Windows\System\VpVOesM.exe
  C:\Windows\System\VpVOesM.exe
  2⤵
  PID:3740
- C:\Windows\System\LntGZzo.exe
  C:\Windows\System\LntGZzo.exe
  2⤵
  PID:3768
- C:\Windows\System\RHskhvR.exe
  C:\Windows\System\RHskhvR.exe
  2⤵
  PID:3884
- C:\Windows\System\ajyegul.exe
  C:\Windows\System\ajyegul.exe
  2⤵
  PID:3956
- C:\Windows\System\UuqGTQS.exe
  C:\Windows\System\UuqGTQS.exe
  2⤵
  PID:3992
- C:\Windows\System\OZDdtnu.exe
  C:\Windows\System\OZDdtnu.exe
  2⤵
  PID:4076
- C:\Windows\System\peXbpOy.exe
  C:\Windows\System\peXbpOy.exe
  2⤵
  PID:2220
- C:\Windows\System\MGFcszR.exe
  C:\Windows\System\MGFcszR.exe
  2⤵
  PID:2776
- C:\Windows\System\rcoMgDc.exe
  C:\Windows\System\rcoMgDc.exe
  2⤵
  PID:3192
- C:\Windows\System\nKVTJPb.exe
  C:\Windows\System\nKVTJPb.exe
  2⤵
  PID:3824
- C:\Windows\System\TGWBwaO.exe
  C:\Windows\System\TGWBwaO.exe
  2⤵
  PID:3332
- C:\Windows\System\cPblEWl.exe
  C:\Windows\System\cPblEWl.exe
  2⤵
  PID:3912
- C:\Windows\System\OVPpgzJ.exe
  C:\Windows\System\OVPpgzJ.exe
  2⤵
  PID:2184
- C:\Windows\System\HLJavuN.exe
  C:\Windows\System\HLJavuN.exe
  2⤵
  PID:3288
- C:\Windows\System\OMfAUXO.exe
  C:\Windows\System\OMfAUXO.exe
  2⤵
  PID:3404
- C:\Windows\System\nFoKaTo.exe
  C:\Windows\System\nFoKaTo.exe
  2⤵
  PID:2144
- C:\Windows\System\DchUAOv.exe
  C:\Windows\System\DchUAOv.exe
  2⤵
  PID:1084
- C:\Windows\System\sCUcPYL.exe
  C:\Windows\System\sCUcPYL.exe
  2⤵
  PID:4012
- C:\Windows\System\xVRuWeS.exe
  C:\Windows\System\xVRuWeS.exe
  2⤵
  PID:3940
- C:\Windows\System\VytQbhQ.exe
  C:\Windows\System\VytQbhQ.exe
  2⤵
  PID:856
- C:\Windows\System\TuIZTBq.exe
  C:\Windows\System\TuIZTBq.exe
  2⤵
  PID:2768
- C:\Windows\System\tQeNJwK.exe
  C:\Windows\System\tQeNJwK.exe
  2⤵
  PID:3140
- C:\Windows\System\RYPqTLE.exe
  C:\Windows\System\RYPqTLE.exe
  2⤵
  PID:3348
- C:\Windows\System\SqTeEKf.exe
  C:\Windows\System\SqTeEKf.exe
  2⤵
  PID:3492
- C:\Windows\System\xLjyGPW.exe
  C:\Windows\System\xLjyGPW.exe
  2⤵
  PID:3636
- C:\Windows\System\UXvFtIM.exe
  C:\Windows\System\UXvFtIM.exe
  2⤵
  PID:3708
- C:\Windows\System\AqdOpHz.exe
  C:\Windows\System\AqdOpHz.exe
  2⤵
  PID:3672
- C:\Windows\System\ikqNgmI.exe
  C:\Windows\System\ikqNgmI.exe
  2⤵
  PID:3428
- C:\Windows\System\tFkgwvo.exe
  C:\Windows\System\tFkgwvo.exe
  2⤵
  PID:3688
- C:\Windows\System\zeYAXqn.exe
  C:\Windows\System\zeYAXqn.exe
  2⤵
  PID:3556
- C:\Windows\System\nISNKpk.exe
  C:\Windows\System\nISNKpk.exe
  2⤵
  PID:4032
- C:\Windows\System\VYVdjpo.exe
  C:\Windows\System\VYVdjpo.exe
  2⤵
  PID:2036
- C:\Windows\System\IjLaDoN.exe
  C:\Windows\System\IjLaDoN.exe
  2⤵
  PID:3868
- C:\Windows\System\JyFJnbU.exe
  C:\Windows\System\JyFJnbU.exe
  2⤵
  PID:3152
- C:\Windows\System\GGWvRDt.exe
  C:\Windows\System\GGWvRDt.exe
  2⤵
  PID:3924
- C:\Windows\System\irZhrck.exe
  C:\Windows\System\irZhrck.exe
  2⤵
  PID:4048
- C:\Windows\System\jMrqlsC.exe
  C:\Windows\System\jMrqlsC.exe
  2⤵
  PID:3512
- C:\Windows\System\ZYCWXGH.exe
  C:\Windows\System\ZYCWXGH.exe
  2⤵
  PID:3588
- C:\Windows\System\rpXDQcU.exe
  C:\Windows\System\rpXDQcU.exe
  2⤵
  PID:2028
- C:\Windows\System\UHdgVqj.exe
  C:\Windows\System\UHdgVqj.exe
  2⤵
  PID:3384
- C:\Windows\System\rjwQgWf.exe
  C:\Windows\System\rjwQgWf.exe
  2⤵
  PID:1708
- C:\Windows\System\nMHrAWG.exe
  C:\Windows\System\nMHrAWG.exe
  2⤵
  PID:4036
- C:\Windows\System\UgcXXCp.exe
  C:\Windows\System\UgcXXCp.exe
  2⤵
  PID:3088
- C:\Windows\System\qzhilhR.exe
  C:\Windows\System\qzhilhR.exe
  2⤵
  PID:2092
- C:\Windows\System\vZJKZom.exe
  C:\Windows\System\vZJKZom.exe
  2⤵
  PID:3052
- C:\Windows\System\qNSEbiu.exe
  C:\Windows\System\qNSEbiu.exe
  2⤵
  PID:4112
- C:\Windows\System\TOcblYH.exe
  C:\Windows\System\TOcblYH.exe
  2⤵
  PID:4128
- C:\Windows\System\KARcLVo.exe
  C:\Windows\System\KARcLVo.exe
  2⤵
  PID:4144
- C:\Windows\System\pLfpxMA.exe
  C:\Windows\System\pLfpxMA.exe
  2⤵
  PID:4160
- C:\Windows\System\rSgBREF.exe
  C:\Windows\System\rSgBREF.exe
  2⤵
  PID:4188
- C:\Windows\System\jpTOIeE.exe
  C:\Windows\System\jpTOIeE.exe
  2⤵
  PID:4204
- C:\Windows\System\rXmZNsr.exe
  C:\Windows\System\rXmZNsr.exe
  2⤵
  PID:4252
- C:\Windows\System\RjFUECj.exe
  C:\Windows\System\RjFUECj.exe
  2⤵
  PID:4272
- C:\Windows\System\XRSrWki.exe
  C:\Windows\System\XRSrWki.exe
  2⤵
  PID:4292
- C:\Windows\System\TLbXFQg.exe
  C:\Windows\System\TLbXFQg.exe
  2⤵
  PID:4320
- C:\Windows\System\oAzmwRE.exe
  C:\Windows\System\oAzmwRE.exe
  2⤵
  PID:4420
- C:\Windows\System\RfSvnQa.exe
  C:\Windows\System\RfSvnQa.exe
  2⤵
  PID:4440
- C:\Windows\System\bSXvKHc.exe
  C:\Windows\System\bSXvKHc.exe
  2⤵
  PID:4460
- C:\Windows\System\gUkMCSd.exe
  C:\Windows\System\gUkMCSd.exe
  2⤵
  PID:4484
- C:\Windows\System\rLWbhDE.exe
  C:\Windows\System\rLWbhDE.exe
  2⤵
  PID:4500
- C:\Windows\System\tUdlQuK.exe
  C:\Windows\System\tUdlQuK.exe
  2⤵
  PID:4520
- C:\Windows\System\RgadudX.exe
  C:\Windows\System\RgadudX.exe
  2⤵
  PID:4536
- C:\Windows\System\bmZmRyR.exe
  C:\Windows\System\bmZmRyR.exe
  2⤵
  PID:4564
- C:\Windows\System\YAFtxZo.exe
  C:\Windows\System\YAFtxZo.exe
  2⤵
  PID:4580
- C:\Windows\System\cwJbquQ.exe
  C:\Windows\System\cwJbquQ.exe
  2⤵
  PID:4608
- C:\Windows\System\hTdsZUw.exe
  C:\Windows\System\hTdsZUw.exe
  2⤵
  PID:4628
- C:\Windows\System\coiQDtK.exe
  C:\Windows\System\coiQDtK.exe
  2⤵
  PID:4644
- C:\Windows\System\XhNBcsx.exe
  C:\Windows\System\XhNBcsx.exe
  2⤵
  PID:4664
- C:\Windows\System\ftqPiab.exe
  C:\Windows\System\ftqPiab.exe
  2⤵
  PID:4692
- C:\Windows\System\tvlUmfM.exe
  C:\Windows\System\tvlUmfM.exe
  2⤵
  PID:4708
- C:\Windows\System\itfWLFb.exe
  C:\Windows\System\itfWLFb.exe
  2⤵
  PID:4732
- C:\Windows\System\CUqyYTq.exe
  C:\Windows\System\CUqyYTq.exe
  2⤵
  PID:4752
- C:\Windows\System\rZgBlmT.exe
  C:\Windows\System\rZgBlmT.exe
  2⤵
  PID:4772
- C:\Windows\System\IvcpHIN.exe
  C:\Windows\System\IvcpHIN.exe
  2⤵
  PID:4792
- C:\Windows\System\bOtUtha.exe
  C:\Windows\System\bOtUtha.exe
  2⤵
  PID:4812
- C:\Windows\System\TOZFKlT.exe
  C:\Windows\System\TOZFKlT.exe
  2⤵
  PID:4832
- C:\Windows\System\ZZkyLZJ.exe
  C:\Windows\System\ZZkyLZJ.exe
  2⤵
  PID:4852
- C:\Windows\System\WfXPLHI.exe
  C:\Windows\System\WfXPLHI.exe
  2⤵
  PID:4872
- C:\Windows\System\OvmWwJu.exe
  C:\Windows\System\OvmWwJu.exe
  2⤵
  PID:4892
- C:\Windows\System\iwJanfR.exe
  C:\Windows\System\iwJanfR.exe
  2⤵
  PID:4912
- C:\Windows\System\uxkeFZI.exe
  C:\Windows\System\uxkeFZI.exe
  2⤵
  PID:4932
- C:\Windows\System\iaqkfzm.exe
  C:\Windows\System\iaqkfzm.exe
  2⤵
  PID:4948
- C:\Windows\System\FrMFXjl.exe
  C:\Windows\System\FrMFXjl.exe
  2⤵
  PID:4972
- C:\Windows\System\kgOBGhG.exe
  C:\Windows\System\kgOBGhG.exe
  2⤵
  PID:4996
- C:\Windows\System\rPIKKaL.exe
  C:\Windows\System\rPIKKaL.exe
  2⤵
  PID:5016
- C:\Windows\System\ldNNnFU.exe
  C:\Windows\System\ldNNnFU.exe
  2⤵
  PID:5032
- C:\Windows\System\UlYmTzq.exe
  C:\Windows\System\UlYmTzq.exe
  2⤵
  PID:5060
- C:\Windows\System\ioFjfJP.exe
  C:\Windows\System\ioFjfJP.exe
  2⤵
  PID:5080
- C:\Windows\System\YpyvOzM.exe
  C:\Windows\System\YpyvOzM.exe
  2⤵
  PID:5100
- C:\Windows\System\gkkpebh.exe
  C:\Windows\System\gkkpebh.exe
  2⤵
  PID:1904
- C:\Windows\System\kwPeNbf.exe
  C:\Windows\System\kwPeNbf.exe
  2⤵
  PID:3008
- C:\Windows\System\cAnACvh.exe
  C:\Windows\System\cAnACvh.exe
  2⤵
  PID:780
- C:\Windows\System\gmsErIs.exe
  C:\Windows\System\gmsErIs.exe
  2⤵
  PID:1300
- C:\Windows\System\pUdxcPq.exe
  C:\Windows\System\pUdxcPq.exe
  2⤵
  PID:4184
- C:\Windows\System\SlkxGli.exe
  C:\Windows\System\SlkxGli.exe
  2⤵
  PID:4228
- C:\Windows\System\QgZVIys.exe
  C:\Windows\System\QgZVIys.exe
  2⤵
  PID:3736
- C:\Windows\System\mAQzCax.exe
  C:\Windows\System\mAQzCax.exe
  2⤵
  PID:4244
- C:\Windows\System\ScUONwl.exe
  C:\Windows\System\ScUONwl.exe
  2⤵
  PID:4280
- C:\Windows\System\bvpbTtA.exe
  C:\Windows\System\bvpbTtA.exe
  2⤵
  PID:3132
- C:\Windows\System\SOiGrMz.exe
  C:\Windows\System\SOiGrMz.exe
  2⤵
  PID:3836
- C:\Windows\System\BQNNgwW.exe
  C:\Windows\System\BQNNgwW.exe
  2⤵
  PID:3292
- C:\Windows\System\XWiwcqH.exe
  C:\Windows\System\XWiwcqH.exe
  2⤵
  PID:4344
- C:\Windows\System\euyZsHC.exe
  C:\Windows\System\euyZsHC.exe
  2⤵
  PID:2676
- C:\Windows\System\lMLSpar.exe
  C:\Windows\System\lMLSpar.exe
  2⤵
  PID:2156
- C:\Windows\System\zijXucK.exe
  C:\Windows\System\zijXucK.exe
  2⤵
  PID:3460
- C:\Windows\System\EKoCzVr.exe
  C:\Windows\System\EKoCzVr.exe
  2⤵
  PID:2696
- C:\Windows\System\tdfkdsu.exe
  C:\Windows\System\tdfkdsu.exe
  2⤵
  PID:3796
- C:\Windows\System\axMZePw.exe
  C:\Windows\System\axMZePw.exe
  2⤵
  PID:4056
- C:\Windows\System\bkbWWyM.exe
  C:\Windows\System\bkbWWyM.exe
  2⤵
  PID:2204
- C:\Windows\System\CfUHRBC.exe
  C:\Windows\System\CfUHRBC.exe
  2⤵
  PID:4124
- C:\Windows\System\mhOOOMy.exe
  C:\Windows\System\mhOOOMy.exe
  2⤵
  PID:4260
- C:\Windows\System\FUCGuoE.exe
  C:\Windows\System\FUCGuoE.exe
  2⤵
  PID:4304
- C:\Windows\System\fYIHZXj.exe
  C:\Windows\System\fYIHZXj.exe
  2⤵
  PID:4380
- C:\Windows\System\QEbdonW.exe
  C:\Windows\System\QEbdonW.exe
  2⤵
  PID:4400
- C:\Windows\System\HzwdZYl.exe
  C:\Windows\System\HzwdZYl.exe
  2⤵
  PID:3676
- C:\Windows\System\eNdfUdt.exe
  C:\Windows\System\eNdfUdt.exe
  2⤵
  PID:4436
- C:\Windows\System\kUniBxU.exe
  C:\Windows\System\kUniBxU.exe
  2⤵
  PID:4480
- C:\Windows\System\iOGDQGm.exe
  C:\Windows\System\iOGDQGm.exe
  2⤵
  PID:3604
- C:\Windows\System\EuTGgPX.exe
  C:\Windows\System\EuTGgPX.exe
  2⤵
  PID:4572
- C:\Windows\System\DSKvmpq.exe
  C:\Windows\System\DSKvmpq.exe
  2⤵
  PID:4560
- C:\Windows\System\ZwXiQyN.exe
  C:\Windows\System\ZwXiQyN.exe
  2⤵
  PID:4592
- C:\Windows\System\nXbIFkQ.exe
  C:\Windows\System\nXbIFkQ.exe
  2⤵
  PID:4660
- C:\Windows\System\VHNBYNV.exe
  C:\Windows\System\VHNBYNV.exe
  2⤵
  PID:4672
- C:\Windows\System\ressGUb.exe
  C:\Windows\System\ressGUb.exe
  2⤵
  PID:4688
- C:\Windows\System\ZflMxHE.exe
  C:\Windows\System\ZflMxHE.exe
  2⤵
  PID:4744
- C:\Windows\System\UAelNEa.exe
  C:\Windows\System\UAelNEa.exe
  2⤵
  PID:4764
- C:\Windows\System\dFtWObS.exe
  C:\Windows\System\dFtWObS.exe
  2⤵
  PID:4808
- C:\Windows\System\bDMvEcQ.exe
  C:\Windows\System\bDMvEcQ.exe
  2⤵
  PID:4864
- C:\Windows\System\GlMYRhm.exe
  C:\Windows\System\GlMYRhm.exe
  2⤵
  PID:3064
- C:\Windows\System\sPocmrO.exe
  C:\Windows\System\sPocmrO.exe
  2⤵
  PID:4908
- C:\Windows\System\fZSIlsj.exe
  C:\Windows\System\fZSIlsj.exe
  2⤵
  PID:4980
- C:\Windows\System\LFEnQFz.exe
  C:\Windows\System\LFEnQFz.exe
  2⤵
  PID:4920
- C:\Windows\System\miODdvy.exe
  C:\Windows\System\miODdvy.exe
  2⤵
  PID:5028
- C:\Windows\System\SsjXTcG.exe
  C:\Windows\System\SsjXTcG.exe
  2⤵
  PID:5052
- C:\Windows\System\ywSTHoe.exe
  C:\Windows\System\ywSTHoe.exe
  2⤵
  PID:5072
- C:\Windows\System\lEZovUd.exe
  C:\Windows\System\lEZovUd.exe
  2⤵
  PID:5096
- C:\Windows\System\YZOqdvG.exe
  C:\Windows\System\YZOqdvG.exe
  2⤵
  PID:2360
- C:\Windows\System\sxoubNN.exe
  C:\Windows\System\sxoubNN.exe
  2⤵
  PID:4140
- C:\Windows\System\ZhKgBGj.exe
  C:\Windows\System\ZhKgBGj.exe
  2⤵
  PID:4220
- C:\Windows\System\RbQnBLn.exe
  C:\Windows\System\RbQnBLn.exe
  2⤵
  PID:4224
- C:\Windows\System\vzWySyo.exe
  C:\Windows\System\vzWySyo.exe
  2⤵
  PID:4288
- C:\Windows\System\mmIxUZY.exe
  C:\Windows\System\mmIxUZY.exe
  2⤵
  PID:4340
- C:\Windows\System\ZSGGmjb.exe
  C:\Windows\System\ZSGGmjb.exe
  2⤵
  PID:4060
- C:\Windows\System\DusWXgC.exe
  C:\Windows\System\DusWXgC.exe
  2⤵
  PID:4360
- C:\Windows\System\UhakVqB.exe
  C:\Windows\System\UhakVqB.exe
  2⤵
  PID:3212
- C:\Windows\System\AWVnAdl.exe
  C:\Windows\System\AWVnAdl.exe
  2⤵
  PID:3568
- C:\Windows\System\QVqVAdR.exe
  C:\Windows\System\QVqVAdR.exe
  2⤵
  PID:3888
- C:\Windows\System\zuzMOoH.exe
  C:\Windows\System\zuzMOoH.exe
  2⤵
  PID:4156
- C:\Windows\System\KZhREfr.exe
  C:\Windows\System\KZhREfr.exe
  2⤵
  PID:4388
- C:\Windows\System\mlehRXa.exe
  C:\Windows\System\mlehRXa.exe
  2⤵
  PID:2408
- C:\Windows\System\CHhHwWf.exe
  C:\Windows\System\CHhHwWf.exe
  2⤵
  PID:4312
- C:\Windows\System\EuuQBdw.exe
  C:\Windows\System\EuuQBdw.exe
  2⤵
  PID:4476
- C:\Windows\System\hfDYOdf.exe
  C:\Windows\System\hfDYOdf.exe
  2⤵
  PID:4556
- C:\Windows\System\wdOLppI.exe
  C:\Windows\System\wdOLppI.exe
  2⤵
  PID:4516
- C:\Windows\System\dNnJNQX.exe
  C:\Windows\System\dNnJNQX.exe
  2⤵
  PID:4624
- C:\Windows\System\PxWQqQN.exe
  C:\Windows\System\PxWQqQN.exe
  2⤵
  PID:4748
- C:\Windows\System\uIVmXkK.exe
  C:\Windows\System\uIVmXkK.exe
  2⤵
  PID:4768
- C:\Windows\System\twkzwlg.exe
  C:\Windows\System\twkzwlg.exe
  2⤵
  PID:4724
- C:\Windows\System\wQernlq.exe
  C:\Windows\System\wQernlq.exe
  2⤵
  PID:4888
- C:\Windows\System\cobuhMU.exe
  C:\Windows\System\cobuhMU.exe
  2⤵
  PID:4992
- C:\Windows\System\OBwgpSI.exe
  C:\Windows\System\OBwgpSI.exe
  2⤵
  PID:4968
- C:\Windows\System\ujRCBno.exe
  C:\Windows\System\ujRCBno.exe
  2⤵
  PID:5040
- C:\Windows\System\WnrzAFs.exe
  C:\Windows\System\WnrzAFs.exe
  2⤵
  PID:5112
- C:\Windows\System\CmEQMTF.exe
  C:\Windows\System\CmEQMTF.exe
  2⤵
  PID:540
- C:\Windows\System\cGAZBaA.exe
  C:\Windows\System\cGAZBaA.exe
  2⤵
  PID:2128
- C:\Windows\System\TvpvwoH.exe
  C:\Windows\System\TvpvwoH.exe
  2⤵
  PID:4328
- C:\Windows\System\UQvVaZu.exe
  C:\Windows\System\UQvVaZu.exe
  2⤵
  PID:1332
- C:\Windows\System\TwnwwIT.exe
  C:\Windows\System\TwnwwIT.exe
  2⤵
  PID:2240
- C:\Windows\System\yzNyQEG.exe
  C:\Windows\System\yzNyQEG.exe
  2⤵
  PID:4372
- C:\Windows\System\IAOkHDD.exe
  C:\Windows\System\IAOkHDD.exe
  2⤵
  PID:4316
- C:\Windows\System\Qukuzzz.exe
  C:\Windows\System\Qukuzzz.exe
  2⤵
  PID:3928
- C:\Windows\System\KoTuYom.exe
  C:\Windows\System\KoTuYom.exe
  2⤵
  PID:3664
- C:\Windows\System\AwdVcjw.exe
  C:\Windows\System\AwdVcjw.exe
  2⤵
  PID:4704
- C:\Windows\System\jzArIee.exe
  C:\Windows\System\jzArIee.exe
  2⤵
  PID:4868
- C:\Windows\System\JtQnBLj.exe
  C:\Windows\System\JtQnBLj.exe
  2⤵
  PID:4532
- C:\Windows\System\HYRRUMy.exe
  C:\Windows\System\HYRRUMy.exe
  2⤵
  PID:4924
- C:\Windows\System\gIcBZsj.exe
  C:\Windows\System\gIcBZsj.exe
  2⤵
  PID:4604
- C:\Windows\System\EUqWsBC.exe
  C:\Windows\System\EUqWsBC.exe
  2⤵
  PID:4548
- C:\Windows\System\oUrQyTX.exe
  C:\Windows\System\oUrQyTX.exe
  2⤵
  PID:4848
- C:\Windows\System\RMVEpdt.exe
  C:\Windows\System\RMVEpdt.exe
  2⤵
  PID:5116
- C:\Windows\System\UXZPHgf.exe
  C:\Windows\System\UXZPHgf.exe
  2⤵
  PID:3996
- C:\Windows\System\KtdvaFS.exe
  C:\Windows\System\KtdvaFS.exe
  2⤵
  PID:5128
- C:\Windows\System\YWEWoGZ.exe
  C:\Windows\System\YWEWoGZ.exe
  2⤵
  PID:5148
- C:\Windows\System\YTZEkKg.exe
  C:\Windows\System\YTZEkKg.exe
  2⤵
  PID:5168
- C:\Windows\System\HjwJemE.exe
  C:\Windows\System\HjwJemE.exe
  2⤵
  PID:5188
- C:\Windows\System\qZvnEXe.exe
  C:\Windows\System\qZvnEXe.exe
  2⤵
  PID:5204
- C:\Windows\System\nxJDeAK.exe
  C:\Windows\System\nxJDeAK.exe
  2⤵
  PID:5228
- C:\Windows\System\nVHccow.exe
  C:\Windows\System\nVHccow.exe
  2⤵
  PID:5244
- C:\Windows\System\NzrRMyT.exe
  C:\Windows\System\NzrRMyT.exe
  2⤵
  PID:5272
- C:\Windows\System\wOYcrxx.exe
  C:\Windows\System\wOYcrxx.exe
  2⤵
  PID:5292
- C:\Windows\System\moKFtgm.exe
  C:\Windows\System\moKFtgm.exe
  2⤵
  PID:5316
- C:\Windows\System\MUKZags.exe
  C:\Windows\System\MUKZags.exe
  2⤵
  PID:5336
- C:\Windows\System\ABpBIpM.exe
  C:\Windows\System\ABpBIpM.exe
  2⤵
  PID:5356
- C:\Windows\System\hRNONaj.exe
  C:\Windows\System\hRNONaj.exe
  2⤵
  PID:5376
- C:\Windows\System\FFIkSMt.exe
  C:\Windows\System\FFIkSMt.exe
  2⤵
  PID:5396
- C:\Windows\System\jlguzxQ.exe
  C:\Windows\System\jlguzxQ.exe
  2⤵
  PID:5416
- C:\Windows\System\gcroXrk.exe
  C:\Windows\System\gcroXrk.exe
  2⤵
  PID:5436
- C:\Windows\System\gdvWXid.exe
  C:\Windows\System\gdvWXid.exe
  2⤵
  PID:5456
- C:\Windows\System\mlbenFQ.exe
  C:\Windows\System\mlbenFQ.exe
  2⤵
  PID:5476
- C:\Windows\System\PMmaHun.exe
  C:\Windows\System\PMmaHun.exe
  2⤵
  PID:5496
- C:\Windows\System\sUTDUVn.exe
  C:\Windows\System\sUTDUVn.exe
  2⤵
  PID:5516
- C:\Windows\System\kAgZYod.exe
  C:\Windows\System\kAgZYod.exe
  2⤵
  PID:5536
- C:\Windows\System\JnTvUbd.exe
  C:\Windows\System\JnTvUbd.exe
  2⤵
  PID:5556
- C:\Windows\System\TJwzynm.exe
  C:\Windows\System\TJwzynm.exe
  2⤵
  PID:5576
- C:\Windows\System\lycvgnB.exe
  C:\Windows\System\lycvgnB.exe
  2⤵
  PID:5596
- C:\Windows\System\MMXzQYs.exe
  C:\Windows\System\MMXzQYs.exe
  2⤵
  PID:5616
- C:\Windows\System\ovTkSEw.exe
  C:\Windows\System\ovTkSEw.exe
  2⤵
  PID:5636
- C:\Windows\System\JDzeMvo.exe
  C:\Windows\System\JDzeMvo.exe
  2⤵
  PID:5656
- C:\Windows\System\bcDSdjf.exe
  C:\Windows\System\bcDSdjf.exe
  2⤵
  PID:5676
- C:\Windows\System\qMVbkLZ.exe
  C:\Windows\System\qMVbkLZ.exe
  2⤵
  PID:5692
- C:\Windows\System\cuKscdJ.exe
  C:\Windows\System\cuKscdJ.exe
  2⤵
  PID:5716
- C:\Windows\System\OWdZUyn.exe
  C:\Windows\System\OWdZUyn.exe
  2⤵
  PID:5736
- C:\Windows\System\FoyuGbi.exe
  C:\Windows\System\FoyuGbi.exe
  2⤵
  PID:5752
- C:\Windows\System\FQKJSfy.exe
  C:\Windows\System\FQKJSfy.exe
  2⤵
  PID:5784
- C:\Windows\System\ISiPAgC.exe
  C:\Windows\System\ISiPAgC.exe
  2⤵
  PID:5804
- C:\Windows\System\oqKFjfp.exe
  C:\Windows\System\oqKFjfp.exe
  2⤵
  PID:5824
- C:\Windows\System\zEfJRzr.exe
  C:\Windows\System\zEfJRzr.exe
  2⤵
  PID:5844
- C:\Windows\System\zjZXeGK.exe
  C:\Windows\System\zjZXeGK.exe
  2⤵
  PID:5864
- C:\Windows\System\EgKZsFQ.exe
  C:\Windows\System\EgKZsFQ.exe
  2⤵
  PID:5884
- C:\Windows\System\gvNbrkc.exe
  C:\Windows\System\gvNbrkc.exe
  2⤵
  PID:5904
- C:\Windows\System\IbeutXn.exe
  C:\Windows\System\IbeutXn.exe
  2⤵
  PID:5924
- C:\Windows\System\iYKNgRM.exe
  C:\Windows\System\iYKNgRM.exe
  2⤵
  PID:5944
- C:\Windows\System\tQpeXrl.exe
  C:\Windows\System\tQpeXrl.exe
  2⤵
  PID:5964
- C:\Windows\System\pfIqtip.exe
  C:\Windows\System\pfIqtip.exe
  2⤵
  PID:5984
- C:\Windows\System\opORQHh.exe
  C:\Windows\System\opORQHh.exe
  2⤵
  PID:6008
- C:\Windows\System\mwJbLNP.exe
  C:\Windows\System\mwJbLNP.exe
  2⤵
  PID:6028
- C:\Windows\System\efHEaFg.exe
  C:\Windows\System\efHEaFg.exe
  2⤵
  PID:6044
- C:\Windows\System\RHedQEd.exe
  C:\Windows\System\RHedQEd.exe
  2⤵
  PID:6060
- C:\Windows\System\qkrwXIm.exe
  C:\Windows\System\qkrwXIm.exe
  2⤵
  PID:6084
- C:\Windows\System\kviKEKZ.exe
  C:\Windows\System\kviKEKZ.exe
  2⤵
  PID:6108
- C:\Windows\System\RPfbyGi.exe
  C:\Windows\System\RPfbyGi.exe
  2⤵
  PID:6128
- C:\Windows\System\HQyzffx.exe
  C:\Windows\System\HQyzffx.exe
  2⤵
  PID:3336
- C:\Windows\System\qkRdRYX.exe
  C:\Windows\System\qkRdRYX.exe
  2⤵
  PID:4152
- C:\Windows\System\YYlclcO.exe
  C:\Windows\System\YYlclcO.exe
  2⤵
  PID:4052
- C:\Windows\System\cVfEMrF.exe
  C:\Windows\System\cVfEMrF.exe
  2⤵
  PID:4200
- C:\Windows\System\mJfFvBm.exe
  C:\Windows\System\mJfFvBm.exe
  2⤵
  PID:4640
- C:\Windows\System\HxXRdjv.exe
  C:\Windows\System\HxXRdjv.exe
  2⤵
  PID:4884
- C:\Windows\System\pDabVfe.exe
  C:\Windows\System\pDabVfe.exe
  2⤵
  PID:4740
- C:\Windows\System\kWbyWtO.exe
  C:\Windows\System\kWbyWtO.exe
  2⤵
  PID:5056
- C:\Windows\System\CWuPWxc.exe
  C:\Windows\System\CWuPWxc.exe
  2⤵
  PID:3988
- C:\Windows\System\uOmjcCP.exe
  C:\Windows\System\uOmjcCP.exe
  2⤵
  PID:4988
- C:\Windows\System\AMyKSWI.exe
  C:\Windows\System\AMyKSWI.exe
  2⤵
  PID:5144
- C:\Windows\System\HdYEqHe.exe
  C:\Windows\System\HdYEqHe.exe
  2⤵
  PID:5200
- C:\Windows\System\vExeMRo.exe
  C:\Windows\System\vExeMRo.exe
  2⤵
  PID:5212
- C:\Windows\System\XetVGFd.exe
  C:\Windows\System\XetVGFd.exe
  2⤵
  PID:5256
- C:\Windows\System\DACDTNU.exe
  C:\Windows\System\DACDTNU.exe
  2⤵
  PID:5332
- C:\Windows\System\nwGRbca.exe
  C:\Windows\System\nwGRbca.exe
  2⤵
  PID:5328
- C:\Windows\System\mztiiok.exe
  C:\Windows\System\mztiiok.exe
  2⤵
  PID:1560
- C:\Windows\System\GRnAzbw.exe
  C:\Windows\System\GRnAzbw.exe
  2⤵
  PID:5352
- C:\Windows\System\dwssqKj.exe
  C:\Windows\System\dwssqKj.exe
  2⤵
  PID:5392
- C:\Windows\System\KPHMzAn.exe
  C:\Windows\System\KPHMzAn.exe
  2⤵
  PID:5388
- C:\Windows\System\nKaGAfc.exe
  C:\Windows\System\nKaGAfc.exe
  2⤵
  PID:5424
- C:\Windows\System\ttYddFm.exe
  C:\Windows\System\ttYddFm.exe
  2⤵
  PID:5492
- C:\Windows\System\mbpYpPB.exe
  C:\Windows\System\mbpYpPB.exe
  2⤵
  PID:5464
- C:\Windows\System\oAvShYg.exe
  C:\Windows\System\oAvShYg.exe
  2⤵
  PID:5564
- C:\Windows\System\rIGQQKV.exe
  C:\Windows\System\rIGQQKV.exe
  2⤵
  PID:5612
- C:\Windows\System\kdtDOjS.exe
  C:\Windows\System\kdtDOjS.exe
  2⤵
  PID:5548
- C:\Windows\System\DYmfiIr.exe
  C:\Windows\System\DYmfiIr.exe
  2⤵
  PID:5592
- C:\Windows\System\wAiBHtg.exe
  C:\Windows\System\wAiBHtg.exe
  2⤵
  PID:5684
- C:\Windows\System\uDtgrMb.exe
  C:\Windows\System\uDtgrMb.exe
  2⤵
  PID:5732
- C:\Windows\System\KTMACKB.exe
  C:\Windows\System\KTMACKB.exe
  2⤵
  PID:5700
- C:\Windows\System\sESZvRJ.exe
  C:\Windows\System\sESZvRJ.exe
  2⤵
  PID:5780
- C:\Windows\System\yLUgymU.exe
  C:\Windows\System\yLUgymU.exe
  2⤵
  PID:5744
- C:\Windows\System\trPVtdX.exe
  C:\Windows\System\trPVtdX.exe
  2⤵
  PID:5312
- C:\Windows\System\QSHInVg.exe
  C:\Windows\System\QSHInVg.exe
  2⤵
  PID:5816
- C:\Windows\System\gEdVfTm.exe
  C:\Windows\System\gEdVfTm.exe
  2⤵
  PID:5876
- C:\Windows\System\mQlfECE.exe
  C:\Windows\System\mQlfECE.exe
  2⤵
  PID:5936
- C:\Windows\System\sIYFQvI.exe
  C:\Windows\System\sIYFQvI.exe
  2⤵
  PID:5768
- C:\Windows\System\GeXXrSS.exe
  C:\Windows\System\GeXXrSS.exe
  2⤵
  PID:5960
- C:\Windows\System\vlxAIQZ.exe
  C:\Windows\System\vlxAIQZ.exe
  2⤵
  PID:6104
- C:\Windows\System\WEJEIPz.exe
  C:\Windows\System\WEJEIPz.exe
  2⤵
  PID:6080
- C:\Windows\System\ZHwzErG.exe
  C:\Windows\System\ZHwzErG.exe
  2⤵
  PID:6120
- C:\Windows\System\knHVAuO.exe
  C:\Windows\System\knHVAuO.exe
  2⤵
  PID:4196
- C:\Windows\System\ITlWBsB.exe
  C:\Windows\System\ITlWBsB.exe
  2⤵
  PID:5048
- C:\Windows\System\lVBXERW.exe
  C:\Windows\System\lVBXERW.exe
  2⤵
  PID:4960
- C:\Windows\System\sbcFITZ.exe
  C:\Windows\System\sbcFITZ.exe
  2⤵
  PID:5108
- C:\Windows\System\MlTCXmH.exe
  C:\Windows\System\MlTCXmH.exe
  2⤵
  PID:5236
- C:\Windows\System\ZWUJbHt.exe
  C:\Windows\System\ZWUJbHt.exe
  2⤵
  PID:2948
- C:\Windows\System\BChxFmA.exe
  C:\Windows\System\BChxFmA.exe
  2⤵
  PID:5412
- C:\Windows\System\luUudhO.exe
  C:\Windows\System\luUudhO.exe
  2⤵
  PID:5300
- C:\Windows\System\jsVqkOf.exe
  C:\Windows\System\jsVqkOf.exe
  2⤵
  PID:1996
- C:\Windows\System\pvMGgXS.exe
  C:\Windows\System\pvMGgXS.exe
  2⤵
  PID:5444
- C:\Windows\System\VTwNjEW.exe
  C:\Windows\System\VTwNjEW.exe
  2⤵
  PID:2968
- C:\Windows\System\WCsMOSd.exe
  C:\Windows\System\WCsMOSd.exe
  2⤵
  PID:5584
- C:\Windows\System\FTQZwBP.exe
  C:\Windows\System\FTQZwBP.exe
  2⤵
  PID:5776
- C:\Windows\System\tnWLIRo.exe
  C:\Windows\System\tnWLIRo.exe
  2⤵
  PID:5856
- C:\Windows\System\KhQMEpz.exe
  C:\Windows\System\KhQMEpz.exe
  2⤵
  PID:2076
- C:\Windows\System\AVwftKK.exe
  C:\Windows\System\AVwftKK.exe
  2⤵
  PID:3752
- C:\Windows\System\nFzLmZl.exe
  C:\Windows\System\nFzLmZl.exe
  2⤵
  PID:5668
- C:\Windows\System\xNjGWnY.exe
  C:\Windows\System\xNjGWnY.exe
  2⤵
  PID:5708
- C:\Windows\System\olJYnPZ.exe
  C:\Windows\System\olJYnPZ.exe
  2⤵
  PID:5796
- C:\Windows\System\YJBYQFw.exe
  C:\Windows\System\YJBYQFw.exe
  2⤵
  PID:5688
- C:\Windows\System\ncTVDxq.exe
  C:\Windows\System\ncTVDxq.exe
  2⤵
  PID:3728
- C:\Windows\System\feOmkCe.exe
  C:\Windows\System\feOmkCe.exe
  2⤵
  PID:3872
- C:\Windows\System\bPJEoKr.exe
  C:\Windows\System\bPJEoKr.exe
  2⤵
  PID:3732
- C:\Windows\System\FWQJeHK.exe
  C:\Windows\System\FWQJeHK.exe
  2⤵
  PID:5972
- C:\Windows\System\vEJgGWY.exe
  C:\Windows\System\vEJgGWY.exe
  2⤵
  PID:6020
- C:\Windows\System\YdUSlQz.exe
  C:\Windows\System\YdUSlQz.exe
  2⤵
  PID:5932
- C:\Windows\System\CkBqOwM.exe
  C:\Windows\System\CkBqOwM.exe
  2⤵
  PID:4716
- C:\Windows\System\JmQHlAR.exe
  C:\Windows\System\JmQHlAR.exe
  2⤵
  PID:4788
- C:\Windows\System\nYTECWl.exe
  C:\Windows\System\nYTECWl.exe
  2⤵
  PID:5288
- C:\Windows\System\BOTDHGP.exe
  C:\Windows\System\BOTDHGP.exe
  2⤵
  PID:5180
- C:\Windows\System\mpXXcvh.exe
  C:\Windows\System\mpXXcvh.exe
  2⤵
  PID:5308
- C:\Windows\System\mQjeELm.exe
  C:\Windows\System\mQjeELm.exe
  2⤵
  PID:5472
- C:\Windows\System\lIGeHFg.exe
  C:\Windows\System\lIGeHFg.exe
  2⤵
  PID:1644
- C:\Windows\System\bOKcanw.exe
  C:\Windows\System\bOKcanw.exe
  2⤵
  PID:5568
- C:\Windows\System\rsBPigV.exe
  C:\Windows\System\rsBPigV.exe
  2⤵
  PID:5812
- C:\Windows\System\lmOWoke.exe
  C:\Windows\System\lmOWoke.exe
  2⤵
  PID:5760
- C:\Windows\System\dHxZYeR.exe
  C:\Windows\System\dHxZYeR.exe
  2⤵
  PID:5528
- C:\Windows\System\ayerUSG.exe
  C:\Windows\System\ayerUSG.exe
  2⤵
  PID:2940
- C:\Windows\System\vjBeapl.exe
  C:\Windows\System\vjBeapl.exe
  2⤵
  PID:2788
- C:\Windows\System\ynFDEbY.exe
  C:\Windows\System\ynFDEbY.exe
  2⤵
  PID:2252
- C:\Windows\System\zrZXclw.exe
  C:\Windows\System\zrZXclw.exe
  2⤵
  PID:2744
- C:\Windows\System\YkNIBQr.exe
  C:\Windows\System\YkNIBQr.exe
  2⤵
  PID:1280
- C:\Windows\System\UrIWQid.exe
  C:\Windows\System\UrIWQid.exe
  2⤵
  PID:6024
- C:\Windows\System\KciWOhm.exe
  C:\Windows\System\KciWOhm.exe
  2⤵
  PID:2796
- C:\Windows\System\UITuLnv.exe
  C:\Windows\System\UITuLnv.exe
  2⤵
  PID:3048
- C:\Windows\System\GcxwCWx.exe
  C:\Windows\System\GcxwCWx.exe
  2⤵
  PID:6092
- C:\Windows\System\hyBFfUN.exe
  C:\Windows\System\hyBFfUN.exe
  2⤵
  PID:6116
- C:\Windows\System\rUFPmUX.exe
  C:\Windows\System\rUFPmUX.exe
  2⤵
  PID:4448
- C:\Windows\System\ywTEUle.exe
  C:\Windows\System\ywTEUle.exe
  2⤵
  PID:1028
- C:\Windows\System\cscVUZZ.exe
  C:\Windows\System\cscVUZZ.exe
  2⤵
  PID:4376
- C:\Windows\System\Neqdgkn.exe
  C:\Windows\System\Neqdgkn.exe
  2⤵
  PID:1968
- C:\Windows\System\NmKAtTy.exe
  C:\Windows\System\NmKAtTy.exe
  2⤵
  PID:2848
- C:\Windows\System\rDPKLxw.exe
  C:\Windows\System\rDPKLxw.exe
  2⤵
  PID:5344
- C:\Windows\System\ujXADad.exe
  C:\Windows\System\ujXADad.exe
  2⤵
  PID:2996
- C:\Windows\System\pKSjuin.exe
  C:\Windows\System\pKSjuin.exe
  2⤵
  PID:2912
- C:\Windows\System\CRmDQCj.exe
  C:\Windows\System\CRmDQCj.exe
  2⤵
  PID:5940
- C:\Windows\System\zsKBmRp.exe
  C:\Windows\System\zsKBmRp.exe
  2⤵
  PID:5468
- C:\Windows\System\UtmUkMX.exe
  C:\Windows\System\UtmUkMX.exe
  2⤵
  PID:964
- C:\Windows\System\clrniyn.exe
  C:\Windows\System\clrniyn.exe
  2⤵
  PID:5892
- C:\Windows\System\dEVKIXk.exe
  C:\Windows\System\dEVKIXk.exe
  2⤵
  PID:5836
- C:\Windows\System\YbChLtw.exe
  C:\Windows\System\YbChLtw.exe
  2⤵
  PID:2568
- C:\Windows\System\AhNXfFy.exe
  C:\Windows\System\AhNXfFy.exe
  2⤵
  PID:6096
- C:\Windows\System\wTfDPSA.exe
  C:\Windows\System\wTfDPSA.exe
  2⤵
  PID:5912
- C:\Windows\System\uyzkPwZ.exe
  C:\Windows\System\uyzkPwZ.exe
  2⤵
  PID:984
- C:\Windows\System\egxDvRx.exe
  C:\Windows\System\egxDvRx.exe
  2⤵
  PID:6036
- C:\Windows\System\tMaXLoX.exe
  C:\Windows\System\tMaXLoX.exe
  2⤵
  PID:4544
- C:\Windows\System\ogTrznj.exe
  C:\Windows\System\ogTrznj.exe
  2⤵
  PID:5368
- C:\Windows\System\etzCZjm.exe
  C:\Windows\System\etzCZjm.exe
  2⤵
  PID:2044
- C:\Windows\System\uKybBdP.exe
  C:\Windows\System\uKybBdP.exe
  2⤵
  PID:5224
- C:\Windows\System\zANVEtm.exe
  C:\Windows\System\zANVEtm.exe
  2⤵
  PID:4236
- C:\Windows\System\rjztoaB.exe
  C:\Windows\System\rjztoaB.exe
  2⤵
  PID:6016
- C:\Windows\System\gdgwitl.exe
  C:\Windows\System\gdgwitl.exe
  2⤵
  PID:3156
- C:\Windows\System\FPyznDM.exe
  C:\Windows\System\FPyznDM.exe
  2⤵
  PID:5664
- C:\Windows\System\ATHyEmx.exe
  C:\Windows\System\ATHyEmx.exe
  2⤵
  PID:5872
- C:\Windows\System\nSgdeVY.exe
  C:\Windows\System\nSgdeVY.exe
  2⤵
  PID:5176
- C:\Windows\System\PbUjnsl.exe
  C:\Windows\System\PbUjnsl.exe
  2⤵
  PID:2456
- C:\Windows\System\uojNVGe.exe
  C:\Windows\System\uojNVGe.exe
  2⤵
  PID:5840
- C:\Windows\System\NBitnrt.exe
  C:\Windows\System\NBitnrt.exe
  2⤵
  PID:5428
- C:\Windows\System\vblQeJD.exe
  C:\Windows\System\vblQeJD.exe
  2⤵
  PID:236
- C:\Windows\System\liWjwcA.exe
  C:\Windows\System\liWjwcA.exe
  2⤵
  PID:6140
- C:\Windows\System\fvXMYkz.exe
  C:\Windows\System\fvXMYkz.exe
  2⤵
  PID:6152
- C:\Windows\System\cYlgnPw.exe
  C:\Windows\System\cYlgnPw.exe
  2⤵
  PID:6168
- C:\Windows\System\rXTxvuO.exe
  C:\Windows\System\rXTxvuO.exe
  2⤵
  PID:6184
- C:\Windows\System\fkEpLRN.exe
  C:\Windows\System\fkEpLRN.exe
  2⤵
  PID:6200
- C:\Windows\System\VgLUFtQ.exe
  C:\Windows\System\VgLUFtQ.exe
  2⤵
  PID:6216
- C:\Windows\System\XohBcbt.exe
  C:\Windows\System\XohBcbt.exe
  2⤵
  PID:6232
- C:\Windows\System\YdfObhM.exe
  C:\Windows\System\YdfObhM.exe
  2⤵
  PID:6248
- C:\Windows\System\kQUnIwZ.exe
  C:\Windows\System\kQUnIwZ.exe
  2⤵
  PID:6264
- C:\Windows\System\SCWnrJW.exe
  C:\Windows\System\SCWnrJW.exe
  2⤵
  PID:6280
- C:\Windows\System\TvQmHTO.exe
  C:\Windows\System\TvQmHTO.exe
  2⤵
  PID:6296
- C:\Windows\System\FyijKDH.exe
  C:\Windows\System\FyijKDH.exe
  2⤵
  PID:6312
- C:\Windows\System\kptyMPa.exe
  C:\Windows\System\kptyMPa.exe
  2⤵
  PID:6328
- C:\Windows\System\KzGpeYF.exe
  C:\Windows\System\KzGpeYF.exe
  2⤵
  PID:6344
- C:\Windows\System\TEjTUed.exe
  C:\Windows\System\TEjTUed.exe
  2⤵
  PID:6360
- C:\Windows\System\EojDQfa.exe
  C:\Windows\System\EojDQfa.exe
  2⤵
  PID:6376
- C:\Windows\System\kxKENje.exe
  C:\Windows\System\kxKENje.exe
  2⤵
  PID:6392
- C:\Windows\System\eNesOGq.exe
  C:\Windows\System\eNesOGq.exe
  2⤵
  PID:6408
- C:\Windows\System\WZgIrKc.exe
  C:\Windows\System\WZgIrKc.exe
  2⤵
  PID:6424
- C:\Windows\System\RjQLpic.exe
  C:\Windows\System\RjQLpic.exe
  2⤵
  PID:6440
- C:\Windows\System\fRoFute.exe
  C:\Windows\System\fRoFute.exe
  2⤵
  PID:6456
- C:\Windows\System\jxiQrut.exe
  C:\Windows\System\jxiQrut.exe
  2⤵
  PID:6476
- C:\Windows\System\XfIvMcJ.exe
  C:\Windows\System\XfIvMcJ.exe
  2⤵
  PID:6492
- C:\Windows\System\tWsxoRb.exe
  C:\Windows\System\tWsxoRb.exe
  2⤵
  PID:6508
- C:\Windows\System\oZngpfo.exe
  C:\Windows\System\oZngpfo.exe
  2⤵
  PID:6524
- C:\Windows\System\ekprdId.exe
  C:\Windows\System\ekprdId.exe
  2⤵
  PID:6540
- C:\Windows\System\yhXtqFN.exe
  C:\Windows\System\yhXtqFN.exe
  2⤵
  PID:6556
- C:\Windows\System\PXkkxsT.exe
  C:\Windows\System\PXkkxsT.exe
  2⤵
  PID:6572
- C:\Windows\System\NrbwFbY.exe
  C:\Windows\System\NrbwFbY.exe
  2⤵
  PID:6588
- C:\Windows\System\bwiafUb.exe
  C:\Windows\System\bwiafUb.exe
  2⤵
  PID:6604
- C:\Windows\System\vMgkbam.exe
  C:\Windows\System\vMgkbam.exe
  2⤵
  PID:6620
- C:\Windows\System\hVPiCOt.exe
  C:\Windows\System\hVPiCOt.exe
  2⤵
  PID:6636
- C:\Windows\System\IyHlzIi.exe
  C:\Windows\System\IyHlzIi.exe
  2⤵
  PID:6652
- C:\Windows\System\yuAmaly.exe
  C:\Windows\System\yuAmaly.exe
  2⤵
  PID:6668
- C:\Windows\System\BRaikNq.exe
  C:\Windows\System\BRaikNq.exe
  2⤵
  PID:6684
- C:\Windows\System\fEEysDn.exe
  C:\Windows\System\fEEysDn.exe
  2⤵
  PID:6700
- C:\Windows\System\rugGUwm.exe
  C:\Windows\System\rugGUwm.exe
  2⤵
  PID:6716
- C:\Windows\System\AMNSduW.exe
  C:\Windows\System\AMNSduW.exe
  2⤵
  PID:6732
- C:\Windows\System\pxvAWDG.exe
  C:\Windows\System\pxvAWDG.exe
  2⤵
  PID:6748
- C:\Windows\System\IaYBsBt.exe
  C:\Windows\System\IaYBsBt.exe
  2⤵
  PID:6764
- C:\Windows\System\grQKSvI.exe
  C:\Windows\System\grQKSvI.exe
  2⤵
  PID:6780
- C:\Windows\System\DofHUyj.exe
  C:\Windows\System\DofHUyj.exe
  2⤵
  PID:6796
- C:\Windows\System\DUsGOFS.exe
  C:\Windows\System\DUsGOFS.exe
  2⤵
  PID:6812
- C:\Windows\System\dYjbJXe.exe
  C:\Windows\System\dYjbJXe.exe
  2⤵
  PID:6828
- C:\Windows\System\mxvoKRv.exe
  C:\Windows\System\mxvoKRv.exe
  2⤵
  PID:6844
- C:\Windows\System\YBGtiWu.exe
  C:\Windows\System\YBGtiWu.exe
  2⤵
  PID:6860
- C:\Windows\System\zBptewE.exe
  C:\Windows\System\zBptewE.exe
  2⤵
  PID:6876
- C:\Windows\System\JjNvMBt.exe
  C:\Windows\System\JjNvMBt.exe
  2⤵
  PID:6892
- C:\Windows\System\tlWYCtQ.exe
  C:\Windows\System\tlWYCtQ.exe
  2⤵
  PID:6908
- C:\Windows\System\WBVydeK.exe
  C:\Windows\System\WBVydeK.exe
  2⤵
  PID:6924
- C:\Windows\System\ipHireH.exe
  C:\Windows\System\ipHireH.exe
  2⤵
  PID:6944
- C:\Windows\System\VafzLaB.exe
  C:\Windows\System\VafzLaB.exe
  2⤵
  PID:6960
- C:\Windows\System\XUrevrV.exe
  C:\Windows\System\XUrevrV.exe
  2⤵
  PID:6976
- C:\Windows\System\IdpPxKq.exe
  C:\Windows\System\IdpPxKq.exe
  2⤵
  PID:6992
- C:\Windows\System\vwRuQwX.exe
  C:\Windows\System\vwRuQwX.exe
  2⤵
  PID:7008
- C:\Windows\System\fpPjQqA.exe
  C:\Windows\System\fpPjQqA.exe
  2⤵
  PID:7024
- C:\Windows\System\IvAFzWr.exe
  C:\Windows\System\IvAFzWr.exe
  2⤵
  PID:7040
- C:\Windows\System\phyxdVp.exe
  C:\Windows\System\phyxdVp.exe
  2⤵
  PID:7056
- C:\Windows\System\SxwZGhr.exe
  C:\Windows\System\SxwZGhr.exe
  2⤵
  PID:7072
- C:\Windows\System\nTLlxuH.exe
  C:\Windows\System\nTLlxuH.exe
  2⤵
  PID:7088
- C:\Windows\System\vcRExNv.exe
  C:\Windows\System\vcRExNv.exe
  2⤵
  PID:7104
- C:\Windows\System\vCewsrv.exe
  C:\Windows\System\vCewsrv.exe
  2⤵
  PID:7120
- C:\Windows\System\gnrjWBe.exe
  C:\Windows\System\gnrjWBe.exe
  2⤵
  PID:7136
- C:\Windows\System\gmlKiVS.exe
  C:\Windows\System\gmlKiVS.exe
  2⤵
  PID:7152
- C:\Windows\System\kGvEviD.exe
  C:\Windows\System\kGvEviD.exe
  2⤵
  PID:2804
- C:\Windows\System\mwhqRIR.exe
  C:\Windows\System\mwhqRIR.exe
  2⤵
  PID:6040
- C:\Windows\System\TrfDOLS.exe
  C:\Windows\System\TrfDOLS.exe
  2⤵
  PID:6176
- C:\Windows\System\BoDmrGx.exe
  C:\Windows\System\BoDmrGx.exe
  2⤵
  PID:5652
- C:\Windows\System\xRQMzoh.exe
  C:\Windows\System\xRQMzoh.exe
  2⤵
  PID:6164
- C:\Windows\System\ymtZswB.exe
  C:\Windows\System\ymtZswB.exe
  2⤵
  PID:6304
- C:\Windows\System\lhKkDVU.exe
  C:\Windows\System\lhKkDVU.exe
  2⤵
  PID:6192
- C:\Windows\System\IMlTrgz.exe
  C:\Windows\System\IMlTrgz.exe
  2⤵
  PID:6260
- C:\Windows\System\BpLShSI.exe
  C:\Windows\System\BpLShSI.exe
  2⤵
  PID:6324
- C:\Windows\System\vlnzPBB.exe
  C:\Windows\System\vlnzPBB.exe
  2⤵
  PID:6372
- C:\Windows\System\eCUIWup.exe
  C:\Windows\System\eCUIWup.exe
  2⤵
  PID:6436
- C:\Windows\System\XfiOvOD.exe
  C:\Windows\System\XfiOvOD.exe
  2⤵
  PID:6504
- C:\Windows\System\vtLUwZb.exe
  C:\Windows\System\vtLUwZb.exe
  2⤵
  PID:6564
- C:\Windows\System\EIfFPlP.exe
  C:\Windows\System\EIfFPlP.exe
  2⤵
  PID:6600
- C:\Windows\System\nRyPxrM.exe
  C:\Windows\System\nRyPxrM.exe
  2⤵
  PID:6384
- C:\Windows\System\pJsJWvh.exe
  C:\Windows\System\pJsJWvh.exe
  2⤵
  PID:6452
- C:\Windows\System\cxDPKTp.exe
  C:\Windows\System\cxDPKTp.exe
  2⤵
  PID:6644
- C:\Windows\System\xqAfNvo.exe
  C:\Windows\System\xqAfNvo.exe
  2⤵
  PID:6548
- C:\Windows\System\wZJGKxC.exe
  C:\Windows\System\wZJGKxC.exe
  2⤵
  PID:6648
- C:\Windows\System\JwNHYqd.exe
  C:\Windows\System\JwNHYqd.exe
  2⤵
  PID:6676
- C:\Windows\System\IcKphiF.exe
  C:\Windows\System\IcKphiF.exe
  2⤵
  PID:6920
- C:\Windows\System\RoDETpC.exe
  C:\Windows\System\RoDETpC.exe
  2⤵
  PID:6940
- C:\Windows\System\enVQQQQ.exe
  C:\Windows\System\enVQQQQ.exe
  2⤵
  PID:7048
- C:\Windows\System\cDMCPNM.exe
  C:\Windows\System\cDMCPNM.exe
  2⤵
  PID:6968
- C:\Windows\System\fDbmZJG.exe
  C:\Windows\System\fDbmZJG.exe
  2⤵
  PID:7036
- C:\Windows\System\yYgKttr.exe
  C:\Windows\System\yYgKttr.exe
  2⤵
  PID:7112
- C:\Windows\System\PratAxy.exe
  C:\Windows\System\PratAxy.exe
  2⤵
  PID:7128
- C:\Windows\System\PySWxcO.exe
  C:\Windows\System\PySWxcO.exe
  2⤵
  PID:2916
- C:\Windows\System\rzYEynf.exe
  C:\Windows\System\rzYEynf.exe
  2⤵
  PID:6208
- C:\Windows\System\CItzUkB.exe
  C:\Windows\System\CItzUkB.exe
  2⤵
  PID:6160
- C:\Windows\System\SShxMUM.exe
  C:\Windows\System\SShxMUM.exe
  2⤵
  PID:6244
- C:\Windows\System\WQSZXHP.exe
  C:\Windows\System\WQSZXHP.exe
  2⤵
  PID:6256
- C:\Windows\System\nArQsdh.exe
  C:\Windows\System\nArQsdh.exe
  2⤵
  PID:6368
- C:\Windows\System\PTTIrJq.exe
  C:\Windows\System\PTTIrJq.exe
  2⤵
  PID:6292
- C:\Windows\System\dvlENla.exe
  C:\Windows\System\dvlENla.exe
  2⤵
  PID:6628
- C:\Windows\System\DcxbsEb.exe
  C:\Windows\System\DcxbsEb.exe
  2⤵
  PID:6664
- C:\Windows\System\lLSaphC.exe
  C:\Windows\System\lLSaphC.exe
  2⤵
  PID:6612
- C:\Windows\System\VmxkhfK.exe
  C:\Windows\System\VmxkhfK.exe
  2⤵
  PID:6724
- C:\Windows\System\mqGbNGL.exe
  C:\Windows\System\mqGbNGL.exe
  2⤵
  PID:6792
- C:\Windows\System\GfDswbd.exe
  C:\Windows\System\GfDswbd.exe
  2⤵
  PID:6856
- C:\Windows\System\QLQsrOh.exe
  C:\Windows\System\QLQsrOh.exe
  2⤵
  PID:6776
- C:\Windows\System\IkSAiVW.exe
  C:\Windows\System\IkSAiVW.exe
  2⤵
  PID:7052
- C:\Windows\System\hrTpuRb.exe
  C:\Windows\System\hrTpuRb.exe
  2⤵
  PID:6872
- C:\Windows\System\LbmjzBf.exe
  C:\Windows\System\LbmjzBf.exe
  2⤵
  PID:6836
- C:\Windows\System\bAFViOR.exe
  C:\Windows\System\bAFViOR.exe
  2⤵
  PID:6916
- C:\Windows\System\JMfrmnq.exe
  C:\Windows\System\JMfrmnq.exe
  2⤵
  PID:6148
- C:\Windows\System\rHCTdjL.exe
  C:\Windows\System\rHCTdjL.exe
  2⤵
  PID:6984
- C:\Windows\System\WIsGmyP.exe
  C:\Windows\System\WIsGmyP.exe
  2⤵
  PID:7032
- C:\Windows\System\uWDRBBd.exe
  C:\Windows\System\uWDRBBd.exe
  2⤵
  PID:6240
- C:\Windows\System\YMgxAoy.exe
  C:\Windows\System\YMgxAoy.exe
  2⤵
  PID:6936
- C:\Windows\System\qHlYJtS.exe
  C:\Windows\System\qHlYJtS.exe
  2⤵
  PID:6520
- C:\Windows\System\zEmbtGs.exe
  C:\Windows\System\zEmbtGs.exe
  2⤵
  PID:6584
- C:\Windows\System\sVQYExv.exe
  C:\Windows\System\sVQYExv.exe
  2⤵
  PID:6484
- C:\Windows\System\KogleWb.exe
  C:\Windows\System\KogleWb.exe
  2⤵
  PID:6660
- C:\Windows\System\wsPKUoo.exe
  C:\Windows\System\wsPKUoo.exe
  2⤵
  PID:6728
- C:\Windows\System\gdvruFi.exe
  C:\Windows\System\gdvruFi.exe
  2⤵
  PID:6804
- C:\Windows\System\uQaPUEr.exe
  C:\Windows\System\uQaPUEr.exe
  2⤵
  PID:6772
- C:\Windows\System\GDUCnMX.exe
  C:\Windows\System\GDUCnMX.exe
  2⤵
  PID:7000
- C:\Windows\System\LYxxhHn.exe
  C:\Windows\System\LYxxhHn.exe
  2⤵
  PID:6340
- C:\Windows\System\kHgxbsm.exe
  C:\Windows\System\kHgxbsm.exe
  2⤵
  PID:6468
- C:\Windows\System\wnTXZtM.exe
  C:\Windows\System\wnTXZtM.exe
  2⤵
  PID:6532
- C:\Windows\System\zKaQknn.exe
  C:\Windows\System\zKaQknn.exe
  2⤵
  PID:6580
- C:\Windows\System\XbIBBlA.exe
  C:\Windows\System\XbIBBlA.exe
  2⤵
  PID:7084
- C:\Windows\System\ELrWIwn.exe
  C:\Windows\System\ELrWIwn.exe
  2⤵
  PID:6744
- C:\Windows\System\sJbJiBe.exe
  C:\Windows\System\sJbJiBe.exe
  2⤵
  PID:6596
- C:\Windows\System\ShqsuNI.exe
  C:\Windows\System\ShqsuNI.exe
  2⤵
  PID:7160
- C:\Windows\System\BsLFyGH.exe
  C:\Windows\System\BsLFyGH.exe
  2⤵
  PID:6868
- C:\Windows\System\DkNOPwT.exe
  C:\Windows\System\DkNOPwT.exe
  2⤵
  PID:7184
- C:\Windows\System\TTFRNXY.exe
  C:\Windows\System\TTFRNXY.exe
  2⤵
  PID:7200
- C:\Windows\System\ypmYEKl.exe
  C:\Windows\System\ypmYEKl.exe
  2⤵
  PID:7216
- C:\Windows\System\deuIyRA.exe
  C:\Windows\System\deuIyRA.exe
  2⤵
  PID:7232
- C:\Windows\System\FLZFquQ.exe
  C:\Windows\System\FLZFquQ.exe
  2⤵
  PID:7248
- C:\Windows\System\MRdpbRM.exe
  C:\Windows\System\MRdpbRM.exe
  2⤵
  PID:7264
- C:\Windows\System\iWiajOI.exe
  C:\Windows\System\iWiajOI.exe
  2⤵
  PID:7280
- C:\Windows\System\EmVEiTK.exe
  C:\Windows\System\EmVEiTK.exe
  2⤵
  PID:7296
- C:\Windows\System\xjgsXbE.exe
  C:\Windows\System\xjgsXbE.exe
  2⤵
  PID:7316
- C:\Windows\System\RKeACJt.exe
  C:\Windows\System\RKeACJt.exe
  2⤵
  PID:7332
- C:\Windows\System\aGYuWpF.exe
  C:\Windows\System\aGYuWpF.exe
  2⤵
  PID:7348
- C:\Windows\System\EZDgydv.exe
  C:\Windows\System\EZDgydv.exe
  2⤵
  PID:7364
- C:\Windows\System\WSCstGX.exe
  C:\Windows\System\WSCstGX.exe
  2⤵
  PID:7380
- C:\Windows\System\eErubBG.exe
  C:\Windows\System\eErubBG.exe
  2⤵
  PID:7396
- C:\Windows\System\pJMevhL.exe
  C:\Windows\System\pJMevhL.exe
  2⤵
  PID:7416
- C:\Windows\System\WagrvSC.exe
  C:\Windows\System\WagrvSC.exe
  2⤵
  PID:7432
- C:\Windows\System\WlpzfWy.exe
  C:\Windows\System\WlpzfWy.exe
  2⤵
  PID:7448
- C:\Windows\System\FZZgvuy.exe
  C:\Windows\System\FZZgvuy.exe
  2⤵
  PID:7464
- C:\Windows\System\PEpbJDb.exe
  C:\Windows\System\PEpbJDb.exe
  2⤵
  PID:7480
- C:\Windows\System\ezVMwwM.exe
  C:\Windows\System\ezVMwwM.exe
  2⤵
  PID:7496
- C:\Windows\System\aRASsbj.exe
  C:\Windows\System\aRASsbj.exe
  2⤵
  PID:7512
- C:\Windows\System\MUnsKPj.exe
  C:\Windows\System\MUnsKPj.exe
  2⤵
  PID:7528
- C:\Windows\System\kGqSYGJ.exe
  C:\Windows\System\kGqSYGJ.exe
  2⤵
  PID:7544
- C:\Windows\System\lrhTZBq.exe
  C:\Windows\System\lrhTZBq.exe
  2⤵
  PID:7560
- C:\Windows\System\RvbMppi.exe
  C:\Windows\System\RvbMppi.exe
  2⤵
  PID:7576
- C:\Windows\System\FQWqpXO.exe
  C:\Windows\System\FQWqpXO.exe
  2⤵
  PID:7592
- C:\Windows\System\IHBXzve.exe
  C:\Windows\System\IHBXzve.exe
  2⤵
  PID:7608
- C:\Windows\System\nMYdUmS.exe
  C:\Windows\System\nMYdUmS.exe
  2⤵
  PID:7624
- C:\Windows\System\RJSKKwU.exe
  C:\Windows\System\RJSKKwU.exe
  2⤵
  PID:7640
- C:\Windows\System\ctuHVPg.exe
  C:\Windows\System\ctuHVPg.exe
  2⤵
  PID:7656
- C:\Windows\System\qDuCEjD.exe
  C:\Windows\System\qDuCEjD.exe
  2⤵
  PID:7672
- C:\Windows\System\uqQhgPQ.exe
  C:\Windows\System\uqQhgPQ.exe
  2⤵
  PID:7688
- C:\Windows\System\pvhkgiI.exe
  C:\Windows\System\pvhkgiI.exe
  2⤵
  PID:7704
- C:\Windows\System\bZpBLJk.exe
  C:\Windows\System\bZpBLJk.exe
  2⤵
  PID:7724
- C:\Windows\System\ByJJujF.exe
  C:\Windows\System\ByJJujF.exe
  2⤵
  PID:7740
- C:\Windows\System\lCLXsyB.exe
  C:\Windows\System\lCLXsyB.exe
  2⤵
  PID:7756
- C:\Windows\System\MlqiRQw.exe
  C:\Windows\System\MlqiRQw.exe
  2⤵
  PID:7772
- C:\Windows\System\ZTzzMiz.exe
  C:\Windows\System\ZTzzMiz.exe
  2⤵
  PID:7788
- C:\Windows\System\UqlmQRe.exe
  C:\Windows\System\UqlmQRe.exe
  2⤵
  PID:7804
- C:\Windows\System\sovqbYg.exe
  C:\Windows\System\sovqbYg.exe
  2⤵
  PID:7820
- C:\Windows\System\mEfLBsT.exe
  C:\Windows\System\mEfLBsT.exe
  2⤵
  PID:7836
- C:\Windows\System\PrAEvLR.exe
  C:\Windows\System\PrAEvLR.exe
  2⤵
  PID:7852
- C:\Windows\System\RAFcPDp.exe
  C:\Windows\System\RAFcPDp.exe
  2⤵
  PID:7868
- C:\Windows\System\xBDpDIn.exe
  C:\Windows\System\xBDpDIn.exe
  2⤵
  PID:7884
- C:\Windows\System\jmoHCaF.exe
  C:\Windows\System\jmoHCaF.exe
  2⤵
  PID:7900
- C:\Windows\System\MnqiMFh.exe
  C:\Windows\System\MnqiMFh.exe
  2⤵
  PID:7916
- C:\Windows\System\DvmbBnz.exe
  C:\Windows\System\DvmbBnz.exe
  2⤵
  PID:7932
- C:\Windows\System\OPcDkaE.exe
  C:\Windows\System\OPcDkaE.exe
  2⤵
  PID:7948
- C:\Windows\System\IgfrUzr.exe
  C:\Windows\System\IgfrUzr.exe
  2⤵
  PID:7964
- C:\Windows\System\peBTavs.exe
  C:\Windows\System\peBTavs.exe
  2⤵
  PID:7980
- C:\Windows\System\DZMoBOH.exe
  C:\Windows\System\DZMoBOH.exe
  2⤵
  PID:7996
- C:\Windows\System\XbQDcdm.exe
  C:\Windows\System\XbQDcdm.exe
  2⤵
  PID:8012
- C:\Windows\System\UBQxdDr.exe
  C:\Windows\System\UBQxdDr.exe
  2⤵
  PID:8028
- C:\Windows\System\KRCJUvX.exe
  C:\Windows\System\KRCJUvX.exe
  2⤵
  PID:8044
- C:\Windows\System\QbpgMkV.exe
  C:\Windows\System\QbpgMkV.exe
  2⤵
  PID:8060
- C:\Windows\System\IQasucC.exe
  C:\Windows\System\IQasucC.exe
  2⤵
  PID:8076
- C:\Windows\System\zDNxQkS.exe
  C:\Windows\System\zDNxQkS.exe
  2⤵
  PID:8092
- C:\Windows\System\MHhpeVI.exe
  C:\Windows\System\MHhpeVI.exe
  2⤵
  PID:8108
- C:\Windows\System\LzLfatV.exe
  C:\Windows\System\LzLfatV.exe
  2⤵
  PID:8124
- C:\Windows\System\BrDEniy.exe
  C:\Windows\System\BrDEniy.exe
  2⤵
  PID:8140
- C:\Windows\System\rMNNMyg.exe
  C:\Windows\System\rMNNMyg.exe
  2⤵
  PID:8156
- C:\Windows\System\NcZuIOy.exe
  C:\Windows\System\NcZuIOy.exe
  2⤵
  PID:8172
- C:\Windows\System\bYiRTrD.exe
  C:\Windows\System\bYiRTrD.exe
  2⤵
  PID:8188
- C:\Windows\System\zCeRcsC.exe
  C:\Windows\System\zCeRcsC.exe
  2⤵
  PID:7208
- C:\Windows\System\sbGkuKr.exe
  C:\Windows\System\sbGkuKr.exe
  2⤵
  PID:7196
- C:\Windows\System\hBrNsMJ.exe
  C:\Windows\System\hBrNsMJ.exe
  2⤵
  PID:7276
- C:\Windows\System\KZtCrAz.exe
  C:\Windows\System\KZtCrAz.exe
  2⤵
  PID:7148
- C:\Windows\System\iOxsYBs.exe
  C:\Windows\System\iOxsYBs.exe
  2⤵
  PID:7256
- C:\Windows\System\tUIehOJ.exe
  C:\Windows\System\tUIehOJ.exe
  2⤵
  PID:7260
- C:\Windows\System\okpPodw.exe
  C:\Windows\System\okpPodw.exe
  2⤵
  PID:7356
- C:\Windows\System\KCfOikc.exe
  C:\Windows\System\KCfOikc.exe
  2⤵
  PID:7388
- C:\Windows\System\DLDrpIl.exe
  C:\Windows\System\DLDrpIl.exe
  2⤵
  PID:7312
- C:\Windows\System\qOZaydJ.exe
  C:\Windows\System\qOZaydJ.exe
  2⤵
  PID:7444
- C:\Windows\System\vwlRuhr.exe
  C:\Windows\System\vwlRuhr.exe
  2⤵
  PID:7472
- C:\Windows\System\wNOdGNF.exe
  C:\Windows\System\wNOdGNF.exe
  2⤵
  PID:7488
- C:\Windows\System\TMqcioL.exe
  C:\Windows\System\TMqcioL.exe
  2⤵
  PID:7536
- C:\Windows\System\yZYiyHQ.exe
  C:\Windows\System\yZYiyHQ.exe
  2⤵
  PID:7600
- C:\Windows\System\FmixHAr.exe
  C:\Windows\System\FmixHAr.exe
  2⤵
  PID:7552
- C:\Windows\System\XDvpEZv.exe
  C:\Windows\System\XDvpEZv.exe
  2⤵
  PID:7408
- C:\Windows\System\oArJdHl.exe
  C:\Windows\System\oArJdHl.exe
  2⤵
  PID:7588
- C:\Windows\System\VxAfREX.exe
  C:\Windows\System\VxAfREX.exe
  2⤵
  PID:7652
- C:\Windows\System\BXcNlyC.exe
  C:\Windows\System\BXcNlyC.exe
  2⤵
  PID:7732
- C:\Windows\System\oungdEu.exe
  C:\Windows\System\oungdEu.exe
  2⤵
  PID:7748
- C:\Windows\System\LxTdTWQ.exe
  C:\Windows\System\LxTdTWQ.exe
  2⤵
  PID:7784
- C:\Windows\System\UxNziVx.exe
  C:\Windows\System\UxNziVx.exe
  2⤵
  PID:7832
- C:\Windows\System\zDoOGTy.exe
  C:\Windows\System\zDoOGTy.exe
  2⤵
  PID:7892
- C:\Windows\System\zZyVoIs.exe
  C:\Windows\System\zZyVoIs.exe
  2⤵
  PID:7880
- C:\Windows\System\STBXaDs.exe
  C:\Windows\System\STBXaDs.exe
  2⤵
  PID:7908
- C:\Windows\System\VAebJDj.exe
  C:\Windows\System\VAebJDj.exe
  2⤵
  PID:7956
- C:\Windows\System\bjQrNCD.exe
  C:\Windows\System\bjQrNCD.exe
  2⤵
  PID:4508
- C:\Windows\System\imKNoxa.exe
  C:\Windows\System\imKNoxa.exe
  2⤵
  PID:8004
- C:\Windows\System\xRvWoWd.exe
  C:\Windows\System\xRvWoWd.exe
  2⤵
  PID:8084
- C:\Windows\System\ZrTiaAL.exe
  C:\Windows\System\ZrTiaAL.exe
  2⤵
  PID:8056
- C:\Windows\System\PVvaxKx.exe
  C:\Windows\System\PVvaxKx.exe
  2⤵
  PID:8148
- C:\Windows\System\iiGzYKl.exe
  C:\Windows\System\iiGzYKl.exe
  2⤵
  PID:8100
- C:\Windows\System\FTRgVNt.exe
  C:\Windows\System\FTRgVNt.exe
  2⤵
  PID:7176
- C:\Windows\System\oGkJDdK.exe
  C:\Windows\System\oGkJDdK.exe
  2⤵
  PID:8168
- C:\Windows\System\ZsJNvAc.exe
  C:\Windows\System\ZsJNvAc.exe
  2⤵
  PID:7288
- C:\Windows\System\FSWPeWj.exe
  C:\Windows\System\FSWPeWj.exe
  2⤵
  PID:7328
- C:\Windows\System\pxjLKTs.exe
  C:\Windows\System\pxjLKTs.exe
  2⤵
  PID:7412
- C:\Windows\System\aZrifgm.exe
  C:\Windows\System\aZrifgm.exe
  2⤵
  PID:7572
- C:\Windows\System\UFIWdnS.exe
  C:\Windows\System\UFIWdnS.exe
  2⤵
  PID:7620
- C:\Windows\System\IgRwFlG.exe
  C:\Windows\System\IgRwFlG.exe
  2⤵
  PID:7520
- C:\Windows\System\NWzOqWX.exe
  C:\Windows\System\NWzOqWX.exe
  2⤵
  PID:7524
- C:\Windows\System\cFbQyYB.exe
  C:\Windows\System\cFbQyYB.exe
  2⤵
  PID:7684
- C:\Windows\System\egYddOj.exe
  C:\Windows\System\egYddOj.exe
  2⤵
  PID:7768
- C:\Windows\System\RevmiiW.exe
  C:\Windows\System\RevmiiW.exe
  2⤵
  PID:7828
- C:\Windows\System\xSGcZGz.exe
  C:\Windows\System\xSGcZGz.exe
  2⤵
  PID:7848
- C:\Windows\System\oOZqcKx.exe
  C:\Windows\System\oOZqcKx.exe
  2⤵
  PID:7928
- C:\Windows\System\MLULKCL.exe
  C:\Windows\System\MLULKCL.exe
  2⤵
  PID:7976
- C:\Windows\System\Apzbbfx.exe
  C:\Windows\System\Apzbbfx.exe
  2⤵
  PID:8104
- C:\Windows\System\xszUKeJ.exe
  C:\Windows\System\xszUKeJ.exe
  2⤵
  PID:7340
- C:\Windows\System\BbITiZP.exe
  C:\Windows\System\BbITiZP.exe
  2⤵
  PID:8184
- C:\Windows\System\RJnJZfH.exe
  C:\Windows\System\RJnJZfH.exe
  2⤵
  PID:8116
- C:\Windows\System\YfViSNJ.exe
  C:\Windows\System\YfViSNJ.exe
  2⤵
  PID:7508
- C:\Windows\System\fVAgTHB.exe
  C:\Windows\System\fVAgTHB.exe
  2⤵
  PID:7636
- C:\Windows\System\vbZCWsO.exe
  C:\Windows\System\vbZCWsO.exe
  2⤵
  PID:7780
- C:\Windows\System\fMRTTPU.exe
  C:\Windows\System\fMRTTPU.exe
  2⤵
  PID:7648
- C:\Windows\System\hztSiRN.exe
  C:\Windows\System\hztSiRN.exe
  2⤵
  PID:7764
- C:\Windows\System\JZoRNbc.exe
  C:\Windows\System\JZoRNbc.exe
  2⤵
  PID:7992
- C:\Windows\System\cpXxmMf.exe
  C:\Windows\System\cpXxmMf.exe
  2⤵
  PID:8008
- C:\Windows\System\PEzstDe.exe
  C:\Windows\System\PEzstDe.exe
  2⤵
  PID:7568
- C:\Windows\System\PQQMOXu.exe
  C:\Windows\System\PQQMOXu.exe
  2⤵
  PID:7940
- C:\Windows\System\wFgSpQh.exe
  C:\Windows\System\wFgSpQh.exe
  2⤵
  PID:7460
- C:\Windows\System\XnDdZce.exe
  C:\Windows\System\XnDdZce.exe
  2⤵
  PID:8132
- C:\Windows\System\NBhLqfP.exe
  C:\Windows\System\NBhLqfP.exe
  2⤵
  PID:7376
- C:\Windows\System\TjMIHLQ.exe
  C:\Windows\System\TjMIHLQ.exe
  2⤵
  PID:8180
- C:\Windows\System\gJTbnRw.exe
  C:\Windows\System\gJTbnRw.exe
  2⤵
  PID:7812
- C:\Windows\System\uhONJmP.exe
  C:\Windows\System\uhONJmP.exe
  2⤵
  PID:8120
- C:\Windows\System\WldWNZt.exe
  C:\Windows\System\WldWNZt.exe
  2⤵
  PID:948
- C:\Windows\System\SKUljIR.exe
  C:\Windows\System\SKUljIR.exe
  2⤵
  PID:2336
- C:\Windows\System\hMucKzV.exe
  C:\Windows\System\hMucKzV.exe
  2⤵
  PID:8196
- C:\Windows\System\cipVbOr.exe
  C:\Windows\System\cipVbOr.exe
  2⤵
  PID:8212
- C:\Windows\System\GOUqVTF.exe
  C:\Windows\System\GOUqVTF.exe
  2⤵
  PID:8228
- C:\Windows\System\HlzWhco.exe
  C:\Windows\System\HlzWhco.exe
  2⤵
  PID:8244
- C:\Windows\System\wZtLhQs.exe
  C:\Windows\System\wZtLhQs.exe
  2⤵
  PID:8260
- C:\Windows\System\sJYUhzb.exe
  C:\Windows\System\sJYUhzb.exe
  2⤵
  PID:8280
- C:\Windows\System\kvdxMxP.exe
  C:\Windows\System\kvdxMxP.exe
  2⤵
  PID:8296
- C:\Windows\System\GhUjYPD.exe
  C:\Windows\System\GhUjYPD.exe
  2⤵
  PID:8320
- C:\Windows\System\rfBdFtb.exe
  C:\Windows\System\rfBdFtb.exe
  2⤵
  PID:8352
- C:\Windows\System\XFPiZsk.exe
  C:\Windows\System\XFPiZsk.exe
  2⤵
  PID:8384
- C:\Windows\System\OQwxjwZ.exe
  C:\Windows\System\OQwxjwZ.exe
  2⤵
  PID:8400
- C:\Windows\System\nhVgZaT.exe
  C:\Windows\System\nhVgZaT.exe
  2⤵
  PID:8416
- C:\Windows\System\WLGdVTP.exe
  C:\Windows\System\WLGdVTP.exe
  2⤵
  PID:8436
- C:\Windows\System\pUCvbrh.exe
  C:\Windows\System\pUCvbrh.exe
  2⤵
  PID:8452
- C:\Windows\System\RWtAqoB.exe
  C:\Windows\System\RWtAqoB.exe
  2⤵
  PID:8472
- C:\Windows\System\EwWbPcg.exe
  C:\Windows\System\EwWbPcg.exe
  2⤵
  PID:8492
- C:\Windows\System\jDAaupB.exe
  C:\Windows\System\jDAaupB.exe
  2⤵
  PID:8508
- C:\Windows\System\VJnWqVy.exe
  C:\Windows\System\VJnWqVy.exe
  2⤵
  PID:8524
- C:\Windows\System\zahcxoB.exe
  C:\Windows\System\zahcxoB.exe
  2⤵
  PID:8540
- C:\Windows\System\oyhpfEI.exe
  C:\Windows\System\oyhpfEI.exe
  2⤵
  PID:8556
- C:\Windows\System\ClRZuxV.exe
  C:\Windows\System\ClRZuxV.exe
  2⤵
  PID:8572
- C:\Windows\System\LRclQyY.exe
  C:\Windows\System\LRclQyY.exe
  2⤵
  PID:8588
- C:\Windows\System\oGnZPMX.exe
  C:\Windows\System\oGnZPMX.exe
  2⤵
  PID:8604
- C:\Windows\System\XOMNbTo.exe
  C:\Windows\System\XOMNbTo.exe
  2⤵
  PID:8628
- C:\Windows\System\RGIqsGc.exe
  C:\Windows\System\RGIqsGc.exe
  2⤵
  PID:8644
- C:\Windows\System\IXAzUyx.exe
  C:\Windows\System\IXAzUyx.exe
  2⤵
  PID:8660
- C:\Windows\System\XoHNVWp.exe
  C:\Windows\System\XoHNVWp.exe
  2⤵
  PID:8676
- C:\Windows\System\AgKaEKT.exe
  C:\Windows\System\AgKaEKT.exe
  2⤵
  PID:8692
- C:\Windows\System\VIxhvdk.exe
  C:\Windows\System\VIxhvdk.exe
  2⤵
  PID:8708
- C:\Windows\System\pwheidh.exe
  C:\Windows\System\pwheidh.exe
  2⤵
  PID:8724
- C:\Windows\System\eAlcdOQ.exe
  C:\Windows\System\eAlcdOQ.exe
  2⤵
  PID:8740
- C:\Windows\System\hwbMqMI.exe
  C:\Windows\System\hwbMqMI.exe
  2⤵
  PID:8756
- C:\Windows\System\ezOrUpP.exe
  C:\Windows\System\ezOrUpP.exe
  2⤵
  PID:8772
- C:\Windows\System\LxTQgQa.exe
  C:\Windows\System\LxTQgQa.exe
  2⤵
  PID:8788
- C:\Windows\System\UvodqtF.exe
  C:\Windows\System\UvodqtF.exe
  2⤵
  PID:8804
- C:\Windows\System\HVJFivH.exe
  C:\Windows\System\HVJFivH.exe
  2⤵
  PID:8820
- C:\Windows\System\jJTbbgU.exe
  C:\Windows\System\jJTbbgU.exe
  2⤵
  PID:8840
- C:\Windows\System\uZuwjev.exe
  C:\Windows\System\uZuwjev.exe
  2⤵
  PID:8856
- C:\Windows\System\huIgRBx.exe
  C:\Windows\System\huIgRBx.exe
  2⤵
  PID:8872
- C:\Windows\System\wdhDbcC.exe
  C:\Windows\System\wdhDbcC.exe
  2⤵
  PID:8888
- C:\Windows\System\yOzHHBD.exe
  C:\Windows\System\yOzHHBD.exe
  2⤵
  PID:8908
- C:\Windows\System\AKGXLIE.exe
  C:\Windows\System\AKGXLIE.exe
  2⤵
  PID:8924
- C:\Windows\System\lpVJXNV.exe
  C:\Windows\System\lpVJXNV.exe
  2⤵
  PID:8940
- C:\Windows\System\KeSmQxM.exe
  C:\Windows\System\KeSmQxM.exe
  2⤵
  PID:8956
- C:\Windows\System\VaPcAmk.exe
  C:\Windows\System\VaPcAmk.exe
  2⤵
  PID:8972
- C:\Windows\System\JqyLIcb.exe
  C:\Windows\System\JqyLIcb.exe
  2⤵
  PID:8988
- C:\Windows\System\JgxBHjd.exe
  C:\Windows\System\JgxBHjd.exe
  2⤵
  PID:9004
- C:\Windows\System\JiPiIOu.exe
  C:\Windows\System\JiPiIOu.exe
  2⤵
  PID:9032
- C:\Windows\System\VqyVtap.exe
  C:\Windows\System\VqyVtap.exe
  2⤵
  PID:9048
- C:\Windows\System\iibVBAQ.exe
  C:\Windows\System\iibVBAQ.exe
  2⤵
  PID:9068
- C:\Windows\System\ubrRDxN.exe
  C:\Windows\System\ubrRDxN.exe
  2⤵
  PID:9084
- C:\Windows\System\rKrYWvl.exe
  C:\Windows\System\rKrYWvl.exe
  2⤵
  PID:9100
- C:\Windows\System\dvzUdzY.exe
  C:\Windows\System\dvzUdzY.exe
  2⤵
  PID:9116
- C:\Windows\System\iXtSruA.exe
  C:\Windows\System\iXtSruA.exe
  2⤵
  PID:9132
- C:\Windows\System\KSzeOQs.exe
  C:\Windows\System\KSzeOQs.exe
  2⤵
  PID:9148
- C:\Windows\System\OnqPLwJ.exe
  C:\Windows\System\OnqPLwJ.exe
  2⤵
  PID:9164
- C:\Windows\System\AjxlOYZ.exe
  C:\Windows\System\AjxlOYZ.exe
  2⤵
  PID:9180
- C:\Windows\System\lnnoIco.exe
  C:\Windows\System\lnnoIco.exe
  2⤵
  PID:9196
- C:\Windows\System\WGplQOo.exe
  C:\Windows\System\WGplQOo.exe
  2⤵
  PID:9212
- C:\Windows\System\opFKPrI.exe
  C:\Windows\System\opFKPrI.exe
  2⤵
  PID:1632
- C:\Windows\System\SZMrMhJ.exe
  C:\Windows\System\SZMrMhJ.exe
  2⤵
  PID:1372
- C:\Windows\System\yvomMyX.exe
  C:\Windows\System\yvomMyX.exe
  2⤵
  PID:1884
- C:\Windows\System\TeLqsAs.exe
  C:\Windows\System\TeLqsAs.exe
  2⤵
  PID:844
- C:\Windows\System\lkPjQEA.exe
  C:\Windows\System\lkPjQEA.exe
  2⤵
  PID:2052
- C:\Windows\System\pmekkhn.exe
  C:\Windows\System\pmekkhn.exe
  2⤵
  PID:8272
- C:\Windows\System\bdGSONt.exe
  C:\Windows\System\bdGSONt.exe
  2⤵
  PID:8308
- C:\Windows\System\NYmBNma.exe
  C:\Windows\System\NYmBNma.exe
  2⤵
  PID:7700
- C:\Windows\System\zUiSQAN.exe
  C:\Windows\System\zUiSQAN.exe
  2⤵
  PID:8220
- C:\Windows\System\iFImCzk.exe
  C:\Windows\System\iFImCzk.exe
  2⤵
  PID:8364
- C:\Windows\System\HWWXMPd.exe
  C:\Windows\System\HWWXMPd.exe
  2⤵
  PID:8340
- C:\Windows\System\BMdsDTh.exe
  C:\Windows\System\BMdsDTh.exe
  2⤵
  PID:8380
- C:\Windows\System\DWTKAVZ.exe
  C:\Windows\System\DWTKAVZ.exe
  2⤵
  PID:8412
- C:\Windows\System\VEeJJSU.exe
  C:\Windows\System\VEeJJSU.exe
  2⤵
  PID:8392
- C:\Windows\System\eKKghte.exe
  C:\Windows\System\eKKghte.exe
  2⤵
  PID:8428
- C:\Windows\System\EEYcPNb.exe
  C:\Windows\System\EEYcPNb.exe
  2⤵
  PID:8516
- C:\Windows\System\UaZzyow.exe
  C:\Windows\System\UaZzyow.exe
  2⤵
  PID:8552
- C:\Windows\System\rPLYrub.exe
  C:\Windows\System\rPLYrub.exe
  2⤵
  PID:8580
- C:\Windows\System\rimfwuA.exe
  C:\Windows\System\rimfwuA.exe
  2⤵
  PID:8620
- C:\Windows\System\RaBJoRe.exe
  C:\Windows\System\RaBJoRe.exe
  2⤵
  PID:8616
- C:\Windows\System\RAGISgA.exe
  C:\Windows\System\RAGISgA.exe
  2⤵
  PID:8688
- C:\Windows\System\gjXfFtb.exe
  C:\Windows\System\gjXfFtb.exe
  2⤵
  PID:8752
- C:\Windows\System\OWRcIRN.exe
  C:\Windows\System\OWRcIRN.exe
  2⤵
  PID:8780
- C:\Windows\System\VVcewat.exe
  C:\Windows\System\VVcewat.exe
  2⤵
  PID:8640
- C:\Windows\System\zyGdZVY.exe
  C:\Windows\System\zyGdZVY.exe
  2⤵
  PID:8816
- C:\Windows\System\fQSNjlR.exe
  C:\Windows\System\fQSNjlR.exe
  2⤵
  PID:8832
- C:\Windows\System\iUdwazZ.exe
  C:\Windows\System\iUdwazZ.exe
  2⤵
  PID:8852
- C:\Windows\System\ZHSGWFB.exe
  C:\Windows\System\ZHSGWFB.exe
  2⤵
  PID:8920
- C:\Windows\System\AQKfvrV.exe
  C:\Windows\System\AQKfvrV.exe
  2⤵
  PID:8864
- C:\Windows\System\SdXXjEk.exe
  C:\Windows\System\SdXXjEk.exe
  2⤵
  PID:8936
- C:\Windows\System\LjNLrUW.exe
  C:\Windows\System\LjNLrUW.exe
  2⤵
  PID:8932
- C:\Windows\System\heupwnv.exe
  C:\Windows\System\heupwnv.exe
  2⤵
  PID:8996
- C:\Windows\System\MWMMIXu.exe
  C:\Windows\System\MWMMIXu.exe
  2⤵
  PID:9092
- C:\Windows\System\TTjJbRv.exe
  C:\Windows\System\TTjJbRv.exe
  2⤵
  PID:9128
- C:\Windows\System\gppYMOn.exe
  C:\Windows\System\gppYMOn.exe
  2⤵
  PID:9192
- C:\Windows\System\uCSEVji.exe
  C:\Windows\System\uCSEVji.exe
  2⤵
  PID:9044
- C:\Windows\System\cDZOdJv.exe
  C:\Windows\System\cDZOdJv.exe
  2⤵
  PID:9080
- C:\Windows\System\qZLXBUf.exe
  C:\Windows\System\qZLXBUf.exe
  2⤵
  PID:9172
- C:\Windows\System\sHZMyWx.exe
  C:\Windows\System\sHZMyWx.exe
  2⤵
  PID:9024
- C:\Windows\System\XkjIaYl.exe
  C:\Windows\System\XkjIaYl.exe
  2⤵
  PID:9056
- C:\Windows\System\fxXjGiY.exe
  C:\Windows\System\fxXjGiY.exe
  2⤵
  PID:9188
- C:\Windows\System\AhcTego.exe
  C:\Windows\System\AhcTego.exe
  2⤵
  PID:9144
- C:\Windows\System\bsbFoUe.exe
  C:\Windows\System\bsbFoUe.exe
  2⤵
  PID:9124
- C:\Windows\System\AFZJLrl.exe
  C:\Windows\System\AFZJLrl.exe
  2⤵
  PID:2764
- C:\Windows\System\LoRttqU.exe
  C:\Windows\System\LoRttqU.exe
  2⤵
  PID:1324
- C:\Windows\System\VBfZsJp.exe
  C:\Windows\System\VBfZsJp.exe
  2⤵
  PID:1616
- C:\Windows\System\XUwmMqF.exe
  C:\Windows\System\XUwmMqF.exe
  2⤵
  PID:8672
- C:\Windows\System\BUUKdcc.exe
  C:\Windows\System\BUUKdcc.exe
  2⤵
  PID:8884
- C:\Windows\System\ejgBhHT.exe
  C:\Windows\System\ejgBhHT.exe
  2⤵
  PID:1496
- C:\Windows\System\QtoGdsG.exe
  C:\Windows\System\QtoGdsG.exe
  2⤵
  PID:8520
- C:\Windows\System\BsYkNVg.exe
  C:\Windows\System\BsYkNVg.exe
  2⤵
  PID:9040
- C:\Windows\System\NhUsVyW.exe
  C:\Windows\System\NhUsVyW.exe
  2⤵
  PID:8968
- C:\Windows\System\tChtkjq.exe
  C:\Windows\System\tChtkjq.exe
  2⤵
  PID:8204
- C:\Windows\System\NCnmgTF.exe
  C:\Windows\System\NCnmgTF.exe
  2⤵
  PID:9248
- C:\Windows\System\VWSBZUY.exe
  C:\Windows\System\VWSBZUY.exe
  2⤵
  PID:9264
- C:\Windows\System\foMPaPX.exe
  C:\Windows\System\foMPaPX.exe
  2⤵
  PID:9280
- C:\Windows\System\yjceLKZ.exe
  C:\Windows\System\yjceLKZ.exe
  2⤵
  PID:9296
- C:\Windows\System\OGvmPVz.exe
  C:\Windows\System\OGvmPVz.exe
  2⤵
  PID:9312
- C:\Windows\System\mMYvXJe.exe
  C:\Windows\System\mMYvXJe.exe
  2⤵
  PID:9328
- C:\Windows\System\xFGBwBb.exe
  C:\Windows\System\xFGBwBb.exe
  2⤵
  PID:9344
- C:\Windows\System\NjIJSoQ.exe
  C:\Windows\System\NjIJSoQ.exe
  2⤵
  PID:9360
- C:\Windows\System\qUAwHUO.exe
  C:\Windows\System\qUAwHUO.exe
  2⤵
  PID:9376
- C:\Windows\System\YrrRQHY.exe
  C:\Windows\System\YrrRQHY.exe
  2⤵
  PID:9392
- C:\Windows\System\UmnytWC.exe
  C:\Windows\System\UmnytWC.exe
  2⤵
  PID:9408
- C:\Windows\System\KSsYvpm.exe
  C:\Windows\System\KSsYvpm.exe
  2⤵
  PID:9424
- C:\Windows\System\OOWlTdl.exe
  C:\Windows\System\OOWlTdl.exe
  2⤵
  PID:9440
- C:\Windows\System\DjBHqsN.exe
  C:\Windows\System\DjBHqsN.exe
  2⤵
  PID:9456
- C:\Windows\System\sICowvB.exe
  C:\Windows\System\sICowvB.exe
  2⤵
  PID:9476
- C:\Windows\System\ksYbETS.exe
  C:\Windows\System\ksYbETS.exe
  2⤵
  PID:9492
- C:\Windows\System\kHpEZBx.exe
  C:\Windows\System\kHpEZBx.exe
  2⤵
  PID:9508
- C:\Windows\System\imwejjR.exe
  C:\Windows\System\imwejjR.exe
  2⤵
  PID:9524
- C:\Windows\System\KEyhJll.exe
  C:\Windows\System\KEyhJll.exe
  2⤵
  PID:9540
- C:\Windows\System\AqAyCWP.exe
  C:\Windows\System\AqAyCWP.exe
  2⤵
  PID:9556
- C:\Windows\System\umUnZpc.exe
  C:\Windows\System\umUnZpc.exe
  2⤵
  PID:9572
- C:\Windows\System\BTLSjpN.exe
  C:\Windows\System\BTLSjpN.exe
  2⤵
  PID:9588
- C:\Windows\System\ORaYHgT.exe
  C:\Windows\System\ORaYHgT.exe
  2⤵
  PID:9604
- C:\Windows\System\kAOwhWZ.exe
  C:\Windows\System\kAOwhWZ.exe
  2⤵
  PID:9620
- C:\Windows\System\NVdOkhZ.exe
  C:\Windows\System\NVdOkhZ.exe
  2⤵
  PID:9640
- C:\Windows\System\SsWZiku.exe
  C:\Windows\System\SsWZiku.exe
  2⤵
  PID:9656
- C:\Windows\System\UEKPmnm.exe
  C:\Windows\System\UEKPmnm.exe
  2⤵
  PID:9672
- C:\Windows\System\LdFvnzN.exe
  C:\Windows\System\LdFvnzN.exe
  2⤵
  PID:9692
- C:\Windows\System\DJQpSAn.exe
  C:\Windows\System\DJQpSAn.exe
  2⤵
  PID:9708
- C:\Windows\System\zLkQuEn.exe
  C:\Windows\System\zLkQuEn.exe
  2⤵
  PID:9728
- C:\Windows\System\FITdHKG.exe
  C:\Windows\System\FITdHKG.exe
  2⤵
  PID:9744
- C:\Windows\System\hEHgKOL.exe
  C:\Windows\System\hEHgKOL.exe
  2⤵
  PID:9780
- C:\Windows\System\qvJYPSu.exe
  C:\Windows\System\qvJYPSu.exe
  2⤵
  PID:9796
- C:\Windows\System\rBcQzkL.exe
  C:\Windows\System\rBcQzkL.exe
  2⤵
  PID:9816
- C:\Windows\System\EmKcPJN.exe
  C:\Windows\System\EmKcPJN.exe
  2⤵
  PID:9832
- C:\Windows\System\TKjlTHp.exe
  C:\Windows\System\TKjlTHp.exe
  2⤵
  PID:9848
- C:\Windows\System\uMsbNhj.exe
  C:\Windows\System\uMsbNhj.exe
  2⤵
  PID:9864
- C:\Windows\System\uGUyxcr.exe
  C:\Windows\System\uGUyxcr.exe
  2⤵
  PID:9880
- C:\Windows\System\CVnRzdy.exe
  C:\Windows\System\CVnRzdy.exe
  2⤵
  PID:9896
- C:\Windows\System\FeRnMzN.exe
  C:\Windows\System\FeRnMzN.exe
  2⤵
  PID:9912
- C:\Windows\System\BrqgajJ.exe
  C:\Windows\System\BrqgajJ.exe
  2⤵
  PID:9928
- C:\Windows\System\VUjBZdl.exe
  C:\Windows\System\VUjBZdl.exe
  2⤵
  PID:9944
- C:\Windows\System\IobUzWR.exe
  C:\Windows\System\IobUzWR.exe
  2⤵
  PID:9960
- C:\Windows\System\RGJyoJm.exe
  C:\Windows\System\RGJyoJm.exe
  2⤵
  PID:9976
- C:\Windows\System\WPZKQcv.exe
  C:\Windows\System\WPZKQcv.exe
  2⤵
  PID:9996
- C:\Windows\System\wJvhCAD.exe
  C:\Windows\System\wJvhCAD.exe
  2⤵
  PID:10012
- C:\Windows\System\PNkPijq.exe
  C:\Windows\System\PNkPijq.exe
  2⤵
  PID:10028
- C:\Windows\System\TbzvxVI.exe
  C:\Windows\System\TbzvxVI.exe
  2⤵
  PID:10044
- C:\Windows\System\zlDnqYA.exe
  C:\Windows\System\zlDnqYA.exe
  2⤵
  PID:10060
- C:\Windows\System\ZGLnVsS.exe
  C:\Windows\System\ZGLnVsS.exe
  2⤵
  PID:10076
- C:\Windows\System\XMRLipF.exe
  C:\Windows\System\XMRLipF.exe
  2⤵
  PID:10092
- C:\Windows\System\tREOyvu.exe
  C:\Windows\System\tREOyvu.exe
  2⤵
  PID:10108
- C:\Windows\System\FSKVxkv.exe
  C:\Windows\System\FSKVxkv.exe
  2⤵
  PID:10124
- C:\Windows\System\ZqvScQJ.exe
  C:\Windows\System\ZqvScQJ.exe
  2⤵
  PID:10144
- C:\Windows\System\XlOMfkv.exe
  C:\Windows\System\XlOMfkv.exe
  2⤵
  PID:10160
- C:\Windows\System\hRMmxua.exe
  C:\Windows\System\hRMmxua.exe
  2⤵
  PID:10176
- C:\Windows\System\BXqAAKS.exe
  C:\Windows\System\BXqAAKS.exe
  2⤵
  PID:10192
- C:\Windows\System\Szibbrt.exe
  C:\Windows\System\Szibbrt.exe
  2⤵
  PID:10208
- C:\Windows\System\Zliwexf.exe
  C:\Windows\System\Zliwexf.exe
  2⤵
  PID:10224
- C:\Windows\System\gKQsBTX.exe
  C:\Windows\System\gKQsBTX.exe
  2⤵
  PID:8432
- C:\Windows\System\yZVCyOy.exe
  C:\Windows\System\yZVCyOy.exe
  2⤵
  PID:9208
- C:\Windows\System\EJIkKyi.exe
  C:\Windows\System\EJIkKyi.exe
  2⤵
  PID:8720
- C:\Windows\System\EfEceUR.exe
  C:\Windows\System\EfEceUR.exe
  2⤵
  PID:8480
- C:\Windows\System\sLQhFzk.exe
  C:\Windows\System\sLQhFzk.exe
  2⤵
  PID:8564
- C:\Windows\System\nOuTKcm.exe
  C:\Windows\System\nOuTKcm.exe
  2⤵
  PID:8800
- C:\Windows\System\EPhozCs.exe
  C:\Windows\System\EPhozCs.exe
  2⤵
  PID:8068
- C:\Windows\System\JVjRwjO.exe
  C:\Windows\System\JVjRwjO.exe
  2⤵
  PID:9112
- C:\Windows\System\jQXUHPK.exe
  C:\Windows\System\jQXUHPK.exe
  2⤵
  PID:2588
- C:\Windows\System\BDbZCqE.exe
  C:\Windows\System\BDbZCqE.exe
  2⤵
  PID:8312
- C:\Windows\System\rMTzfRZ.exe
  C:\Windows\System\rMTzfRZ.exe
  2⤵
  PID:8408
- C:\Windows\System\HCHLoVp.exe
  C:\Windows\System\HCHLoVp.exe
  2⤵
  PID:8548
- C:\Windows\System\HkbcWvw.exe
  C:\Windows\System\HkbcWvw.exe
  2⤵
  PID:8980
- C:\Windows\System\iUhHINT.exe
  C:\Windows\System\iUhHINT.exe
  2⤵
  PID:8224
- C:\Windows\System\GlbHyyi.exe
  C:\Windows\System\GlbHyyi.exe
  2⤵
  PID:9224
- C:\Windows\System\QhzgmDQ.exe
  C:\Windows\System\QhzgmDQ.exe
  2⤵
  PID:9256
- C:\Windows\System\WqmGmQz.exe
  C:\Windows\System\WqmGmQz.exe
  2⤵
  PID:9320
- C:\Windows\System\fhkKbPb.exe
  C:\Windows\System\fhkKbPb.exe
  2⤵
  PID:9276
- C:\Windows\System\CjtxgLP.exe
  C:\Windows\System\CjtxgLP.exe
  2⤵
  PID:9340
- C:\Windows\System\IjibWxV.exe
  C:\Windows\System\IjibWxV.exe
  2⤵
  PID:9372
- C:\Windows\System\XQUAZkb.exe
  C:\Windows\System\XQUAZkb.exe
  2⤵
  PID:9420
- C:\Windows\System\TTyUKes.exe
  C:\Windows\System\TTyUKes.exe
  2⤵
  PID:9488
- C:\Windows\System\MLCjZpc.exe
  C:\Windows\System\MLCjZpc.exe
  2⤵
  PID:9400
- C:\Windows\System\xoQMkWX.exe
  C:\Windows\System\xoQMkWX.exe
  2⤵
  PID:9516
- C:\Windows\System\SSsewhN.exe
  C:\Windows\System\SSsewhN.exe
  2⤵
  PID:9552
- C:\Windows\System\DPgVmuy.exe
  C:\Windows\System\DPgVmuy.exe
  2⤵
  PID:9532
- C:\Windows\System\YfWAhfo.exe
  C:\Windows\System\YfWAhfo.exe
  2⤵
  PID:9596
- C:\Windows\System\WMkeCxb.exe
  C:\Windows\System\WMkeCxb.exe
  2⤵
  PID:9632
- C:\Windows\System\cfDQwuT.exe
  C:\Windows\System\cfDQwuT.exe
  2⤵
  PID:9664
- C:\Windows\System\mwzDWxg.exe
  C:\Windows\System\mwzDWxg.exe
  2⤵
  PID:9684
- C:\Windows\System\NfHzeym.exe
  C:\Windows\System\NfHzeym.exe
  2⤵
  PID:9700
- C:\Windows\System\tKIbAyW.exe
  C:\Windows\System\tKIbAyW.exe
  2⤵
  PID:9752
- C:\Windows\System\wEaKTrD.exe
  C:\Windows\System\wEaKTrD.exe
  2⤵
  PID:9768
- C:\Windows\System\UktIXdA.exe
  C:\Windows\System\UktIXdA.exe
  2⤵
  PID:9804
- C:\Windows\System\EUmMCWP.exe
  C:\Windows\System\EUmMCWP.exe
  2⤵
  PID:9876
- C:\Windows\System\gKJaFOI.exe
  C:\Windows\System\gKJaFOI.exe
  2⤵
  PID:9920
- C:\Windows\System\wGoNdEc.exe
  C:\Windows\System\wGoNdEc.exe
  2⤵
  PID:9792
- C:\Windows\System\eqypkwR.exe
  C:\Windows\System\eqypkwR.exe
  2⤵
  PID:9940
- C:\Windows\System\LAsegyn.exe
  C:\Windows\System\LAsegyn.exe
  2⤵
  PID:9952
- C:\Windows\System\JqaOOVC.exe
  C:\Windows\System\JqaOOVC.exe
  2⤵
  PID:10008
- C:\Windows\System\lQdqxmu.exe
  C:\Windows\System\lQdqxmu.exe
  2⤵
  PID:10024
- C:\Windows\System\ChKLZYM.exe
  C:\Windows\System\ChKLZYM.exe
  2⤵
  PID:10072
- C:\Windows\System\hYyxbru.exe
  C:\Windows\System\hYyxbru.exe
  2⤵
  PID:10132
- C:\Windows\System\eQUmiIu.exe
  C:\Windows\System\eQUmiIu.exe
  2⤵
  PID:10200
- C:\Windows\System\lmcivqr.exe
  C:\Windows\System\lmcivqr.exe
  2⤵
  PID:10156
- C:\Windows\System\upilRHW.exe
  C:\Windows\System\upilRHW.exe
  2⤵
  PID:10216
- C:\Windows\System\jzuNTeP.exe
  C:\Windows\System\jzuNTeP.exe
  2⤵
  PID:10236
- C:\Windows\System\JknEuZo.exe
  C:\Windows\System\JknEuZo.exe
  2⤵
  PID:9972
- C:\Windows\System\cGARTpO.exe
  C:\Windows\System\cGARTpO.exe
  2⤵
  PID:10020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AsHqIpi.exe

Filesize
6.0MB

MD5
53e35d2c8b99c78df63d1569c28dd1b4

SHA1
89fe39c4b91ea9b80bf9f3aead4d21caf9ca12aa

SHA256
50bdae103ae637ad337bcce526c1edefd1bb826f9662bd02ea5ed4a1b3ec67c2

SHA512
39e72e0e467da85c319b894725ed701c33613cebcabf5d5f0f9b1d2ba158f4b94e453154a7ce255d2d8c63dbfe2daed0df2c25269bc918444ad7f107ac4d1e33

Download Submit
C:\Windows\system\GWZofDi.exe

Filesize
6.0MB

MD5
bcbbb61cd9bb84dc3c608a71ef07bb69

SHA1
499e8e4e0027612977021b50e75bf0e321365e70

SHA256
2e37de119fe5ab77e900846b11445116b705f7d09cc7d96bcc2d6522bbe3d83b

SHA512
d446a216c4cc357b7ee777f6b4e5c64b1530404c6193c8af8ecb25a87cee9ad7ab06ee70f125b6d8f1d18700a11ee340d548e43aeb4d0161bebeb8d8e00698a5

Download Submit
C:\Windows\system\HkKoTFB.exe

Filesize
6.0MB

MD5
72dfbc92485a56b9fa957f525f7bdac1

SHA1
9d243812f90349587cad1c0fa380ddc6b7e79b5f

SHA256
6eadaabde22d1e410b5d4ddd1f7a4d9933912d19a0afb37720af8b4a74cf8455

SHA512
6f6d3bac35789fda10769c1e141466a633d2076c44356aafbbabb964755c51ef7041e419142fcc147e6bb10e6d05e2afcba01c99325bc0bc009eba09a0df1f49

Download Submit
C:\Windows\system\HsXXHbg.exe

Filesize
6.0MB

MD5
75add30b5c7bc4cfe468a1a4183f10d4

SHA1
5eccb1d57095c83a01180f53bc09144703104048

SHA256
ef4943a1fe6910def2735847b6f52986ac87f99de4f4f65aaf04b156da6f562b

SHA512
3c33ed59bafba678fb0ce08a783c792b8bde9f307691705d6c553a018228e33c089bf56990fb11b3d15b184a059ba9562d2b90b8f61e1e5a64ed0c561e1c0e35

Download Submit
C:\Windows\system\INLFTmr.exe

Filesize
6.0MB

MD5
35dbac0fc4583628ef9f08a2fd671037

SHA1
bdf8c0e7e5ee2956f40bbdbbdeebec73b7452c2b

SHA256
4e30ec1ad79dfa52102b0b27b9f261700b954f79321f6ac032a0f88d365b6468

SHA512
115d73e42f78530637ec2142c7180d6ea4751ac5ff62458890e08df551aa6835207240426be8838240cb92e67290a29686caea7dc2c2471d6b002a97eff29e85

Download Submit
C:\Windows\system\JgQXZmK.exe

Filesize
6.0MB

MD5
376ce9d09cc4e07a38a704f253a1e0d9

SHA1
87b514e102e3ac2b0d4cf65838b9b108e981dd48

SHA256
c7467d9b5ad77775f006d7f44f0ce50769781345820e287ad0119103324a337a

SHA512
fe7f696c103fb6643cec36ee46c5bb4e9fb988243595b072bc8042c96d80643c98d224c52644e331243b4d8791e9a4d34e1f3ce5199e9cf76ec2190edd239e17

Download Submit
C:\Windows\system\KOYQgGF.exe

Filesize
6.0MB

MD5
18ceaf31e85997d70c7a7e9e1f8dd34c

SHA1
f5699d1bdc8a8b76a36aaff1a41342f2baa619af

SHA256
a4d7638b79243983feee6ad87da848d305287bbc608bc97f9d56c0b043b7de35

SHA512
bf4436b2151ea1a554e8a3c7d080d868e026359a40744168cbfa34d96dc930ba57010bfeba21d284326b572542743c2e35db4ca107ab546affda21b03127af2b

Download Submit
C:\Windows\system\KRYkyLI.exe

Filesize
6.0MB

MD5
c55f1f145116cf4c545760ebc383561c

SHA1
40c826dc2f31172de5f40d8cde925d0ce8ea3d4a

SHA256
f82520c909d6468fe8cea49afdbd5116a1991e6350c40f88d0d0d961d6794aec

SHA512
fdc7da07c6a4d6d3c95a38318613db2932de9ec515da25bed0204216cb31c8453313355b5c5a57b6c8dfbd802a4dbd5fb5e484abe136067b50eafca29dd4d572

Download Submit
C:\Windows\system\LpWtUVB.exe

Filesize
6.0MB

MD5
6e856ab86a26b5db4f570a64fe5b4444

SHA1
b2542cbffa38a863ab11024db458ff75f3e5a8e4

SHA256
a059e005dcde380f88ca6e4c6d822d1ace6c451a70071dd7afea9ef5d81ae146

SHA512
5dc06a89e2e1a4c94e7ed093f967f6ca97106ad0d45f8ac839504553c338c6ba148171840516ce63011818966b724c0e9f64b63a37437564e7aabe90d1a659f8

Download Submit
C:\Windows\system\MPcqEYL.exe

Filesize
6.0MB

MD5
e9a329c8fd1013d9b299f2993d85535b

SHA1
3478ce8ee596488fdfb3fcd882853fc1296072e7

SHA256
b4cbe7e1e8c1df24fedda454d43cd3e260e3bea88fea79d6b8e27cb64f2998ee

SHA512
47753cb8592dbd0d6f2c46f383a89703bfa0e429a4a92b9a5d2efee5671e870ebb06d986fca1950080a97c4ae77c22f876387cdf5b3df8a3dac98477808f04f2

Download Submit
C:\Windows\system\NmbeWeM.exe

Filesize
6.0MB

MD5
7d379dc2e489d15233207e2f25bd6d4c

SHA1
61404bebee0683f8b78a40e48ce8acacdac8c30a

SHA256
6b0e7da5e916b9a3f4e9d18a384a05d508be48318ad223cb515721369ce163d8

SHA512
c413891fe900c9be367891fc1f3e97f20c566602080f56672e9f288ebca4f3b06ec3620b7e2cce076ac3d98532918d45a64f1718fa3820445792df5e8116fbd7

Download Submit
C:\Windows\system\OzufZuo.exe

Filesize
6.0MB

MD5
ebbcd78d815b13c4fbafedc018a79bb9

SHA1
3e3ddb245fc2b261d27d0c1e576ee3f83c0f67da

SHA256
4ab57c903be0995d0d9a3f1b5c669c3359565bb469eaaf7ee78e107f856d25c0

SHA512
984ce058f758019fb08ecdee3bfd5ef2ae0df7e523a8261b65fc83676ef315afeecaf425c36fd9147e0ece02924d806400ecf72f683e60b50f43a0d56b5f6d02

Download Submit
C:\Windows\system\QEDTaWY.exe

Filesize
6.0MB

MD5
4f44722665be58123bb9ae03077ee4ab

SHA1
ebbf928b72db1e684f31b3bb264a71cbdc2ef92e

SHA256
73e456de5df568ac72d686eba682ccff9e2ab3daa9633481febb56a2025680ab

SHA512
8b04b26ba997ea57fe3f8915d2897d6425de587374adef5d68003c42fe8cfe6c7ebd501ddd0038c4ebec014df3ae700f7e845575320e8cabf87c69d474aeb851

Download Submit
C:\Windows\system\QrwjItL.exe

Filesize
6.0MB

MD5
8906fb5b688f4beeb878299827132892

SHA1
e2ec59e66004bafa2ec1b82bd585b0645f44493d

SHA256
1954732afe4e215c602f49460b03f750a51e77f1e2c4f347b64a195d6ea15ea1

SHA512
631fbbc01e2ca758b8d05ec2a82a794c8f2b545c8a2e3e5b774603d415ba107cfaab9cdc05aa506b331f74a34bd7d60faacd301eca82f75a49f6f45b0ab77b30

Download Submit
C:\Windows\system\RgOjZvs.exe

Filesize
6.0MB

MD5
db924e2337f5ca865495adab0efec6f2

SHA1
468d0f48acf71191c6a6531d205f4d2a91c2758e

SHA256
1170e380ae9682a3777307b13f59b10d4e4e757bb7865edf7e36d54a37404738

SHA512
38a5bcb782fd61e5388d3ab5cfca3f295e995c4997b9c83bdffec17ccc7a992f97a1e377a736b2439cbf6b494ba82359514caf038f948e2671447ed530d74a38

Download Submit
C:\Windows\system\SEMLreB.exe

Filesize
6.0MB

MD5
f0349d9583d7ceba217cbdd37a3c9c99

SHA1
7886a4f39d99aeeec32d03eaf990e1acbdec482f

SHA256
4bd5ade645133ed8ee4e4794d6d2a0502e0c07eb1274b94da3a6ac9abd60b05f

SHA512
279939461e5c3177ea5a4b9296ceed4a31afd00913a3c5dd542d6b719b2f4bbe95015165f9d15fef8366a48fa4ccc43f0b4c93da4a342f01b5a9ffb833c854ff

Download Submit
C:\Windows\system\YekBUEz.exe

Filesize
6.0MB

MD5
24b5fc338c9d830498d9522720aaa14b

SHA1
683910fcdf8fc422b7fd3c14798f3d46c66402df

SHA256
8d325700ea0b63ab890ee343c750ecf6709005693c7ffaca471ea3643bfc06a4

SHA512
c03a4d04ac82c3c3bbf5525c8bcf0a2f80d2c8e9e8dcec061437f12a284bdb195ae3088cd8603f15b6f03a88a70642c4c14c5b66e6202b0f31081c1d9c1b5591

Download Submit
C:\Windows\system\bSsiSGG.exe

Filesize
6.0MB

MD5
a1a782c4b67086ac59dd7ac83bdbf5c8

SHA1
e267b11680e89eb240c42dc1e6fafac8bb5b4b7c

SHA256
c96bbc5858fb55da878299ba05aab2de313b7e8d0a98cd6bd145709d1a897d89

SHA512
17a70944a8c615deab82c001db08f97a9ed445dc72961abe30606f4a641fb011e5d3c7426fd1205e00dac48e64fcb104fc193e40d8b2b18b953413a63fc05fc6

Download Submit
C:\Windows\system\cWQwpzg.exe

Filesize
6.0MB

MD5
0a0d85fe41b79563a324db0b9931a451

SHA1
ef45088fd80220fa0aac8d4c1211ff80d776517d

SHA256
5c9eb9574a6a92a8c673be7bfcc8dd4cdc2eb7dce52539f7a5a8e467e8fdb911

SHA512
aa9ad8d4a139978dbb85bcb869082d5b04e77f979b742453b5ca273e8f6f01db1c0e53510f7ccc56bc30d2969499836c1473faf94516f244b4c91626b4c6e538

Download Submit
C:\Windows\system\gErIcov.exe

Filesize
6.0MB

MD5
e8eadc7f9bed5b05ec771c852be2cace

SHA1
95f9b4b33a2ebb6609d3aff5b123a903c5b3c657

SHA256
73855a951bc4825b70c1e12e5df57ea70e4855368e791b2992500d8ebf64aada

SHA512
e3aec98ec61a5773ae8b10b55bd0a2c3f5ff8efd41234e73aa5db52a450a1c9a15820e8674ec37d185a54530dac26bf4176e7145aa8e36029deb456ef36f8200

Download Submit
C:\Windows\system\gLeidPo.exe

Filesize
6.0MB

MD5
472cc79d386d87fb2f3ad269d9f5a133

SHA1
3f95eff9eea5680839fada72d64123d84a3c8e9b

SHA256
3faa51dc8ace5b62d5ab8d3600005cac6d443858bd31b2dbf507e35eabbd1455

SHA512
1dae639f9c1fe4f99eb87de37ffde5f9e5664343548030e321b35769f1b5d36a1736df7debd29a77b45fbf5a243c67e29224a58f881a46a59b349293429a6b17

Download Submit
C:\Windows\system\kJNlCyV.exe

Filesize
6.0MB

MD5
b2dd94c70c8f4ff66f0923c6af953f5c

SHA1
77abe10b7244d2fef41fdff59badeb564ef2c0c7

SHA256
38013a7d4d2ff124c2b573ffa72e7855028b9897fb89960786cd8701b0c4463f

SHA512
28cdc91801e08d3df11fff3399f8da6682f16201b494fd04c08de8cc77cecd298b6427f6401dc75af23f13200a0386214891469dfbadd84d86a3c0667f2de92d

Download Submit
C:\Windows\system\laOHSPs.exe

Filesize
6.0MB

MD5
e4d47a2277f4251cbb66d5c8b6cf9f4d

SHA1
3272095a4e7c78d0b1d9600581af6b20487366d2

SHA256
0f84ca73cae18171bdc576882f8897403e344c4ae8d98985ea5f915594b38dd7

SHA512
52af9acd5cbd975e1bf76084093fb8374c0f951147dac0faed8dbe61a9bf25a43e19fb6ed4c1d4c260ab96ff067f805dc334f32b443735ff0e2eadb49cfc9622

Download Submit
C:\Windows\system\tMiWdtl.exe

Filesize
6.0MB

MD5
c51b0dad82ef8dd7dd1eb675040700e5

SHA1
3415658fd0659debd3dc99917f74115b6109fd19

SHA256
3bde8eb55251173f3eb0e6f36c7fafc079cb0335eae8f6764eaa7121233e97be

SHA512
ffd0101b55d6940f5e9ccff5c1ceb5bf6a1051525b6e433d0ade2cede8a4ad3acf503fa142ae4f11da40277db96586227e5134184cf8bc10cda32f5d54f168c5

Download Submit
C:\Windows\system\uZVDIMc.exe

Filesize
6.0MB

MD5
8b6e3de086fa6a386ac90bd0ff936b7d

SHA1
81f4d9d8639851b72d98cbafbc8f7e29a49cc583

SHA256
d505e342c7c391df50c1df18cbe497c350cc4068feb0fa12f28ed09c1625cb43

SHA512
e94bdb3e923c241ab92e889c3d3e1091bf1c339f90f1b670821104e109640c11c3606e181489e372a24bab5883f8241b8a2c8f599deed2b8bf31b4545739df18

Download Submit
C:\Windows\system\uirxtBs.exe

Filesize
6.0MB

MD5
2530eab2d131b4bbad5d148331bd5d52

SHA1
a9c1216995c647b5e7bbfefb2bf814a43c139013

SHA256
d7e7753d911ffaaed6c447afc6341d4bf742b47edb3c16348d534e3938291bde

SHA512
1a06abaea5fa8bd697cf74a1f078d06ff87510078f6358205239657fea1fd47012cfeacb074bd480d2dbd6c8b30024fa324a6707dd8d5178f6f275fb9ad72a37

Download Submit
C:\Windows\system\vIYlFLQ.exe

Filesize
6.0MB

MD5
9cfb947b16a906ef2881f3f19df7476b

SHA1
7a74b4c6e203580f7f6330c0ac61a9e52c2032c3

SHA256
3c4153a8e9448d2e62677e79b9f9b87354475152962c6094317d3aa32eb845ad

SHA512
f0f1beafaef1a56b55368d28f198526d67ce1f752b9a346092950fc3baea68147b269a91452c612214b675324e4b65bb966ba1992094e0da2c5fd96a801a8f0d

Download Submit
C:\Windows\system\xSoTmOu.exe

Filesize
6.0MB

MD5
6f946f4553f9565236d641147bda1178

SHA1
ba493a0771c4f209e2738e8cc6cce4196349848d

SHA256
a69818e8982a3010db3a9e02ccf58fa79f3cfcc4dd7a1992c9202bfb7f93a947

SHA512
784fa6ea54f98874dfa4f8f442a17054288e92eba3d12c61d387ffdf1f0dee0441e4db64e9f5dc6a34ca4c4f36d3948f93877cc93051504d54dd910f91c9f666

Download Submit
\Windows\system\PVOWLOx.exe

Filesize
6.0MB

MD5
8c9fbad05bb3111c4bb6f8b00047221a

SHA1
d574bfd2e93f0f6ed83ab4abb1e91b1611c11519

SHA256
0a438eb856eee3c118172814206bef07f684a09d4098e56fe0c91602172a416a

SHA512
b4de3df7603bdb1837b64b43fc7a75cdd5a3094cb9e1068574494dec9bf126154096f3686f3bb03a0357e9aea27d527fa786b64ce0c6e5be3074d6a489a26f53

Download Submit
\Windows\system\TljtOnU.exe

Filesize
6.0MB

MD5
bdaa291c9e02ddfd4bf99eea48bb0c4c

SHA1
1bbb205d83e29375ccc02eef7a9ea4015dd29e12

SHA256
3b08edc302dee26ed33b3a8bb6a5dd04161e82ea67c3ebc686eb2088e7bd4d64

SHA512
19553682284cf459a063358cbf309faead611801a04f224eb4f3fa53fe51e60682e331e55e18430e40fae819b0d98bcaba8cb195d177613a25ca291024c44bdb

Download Submit
\Windows\system\dVLyXNk.exe

Filesize
6.0MB

MD5
c58655b55454974e5c207b7bd1ac0d14

SHA1
953ea1f296ee1cdb3154f98499f62aaadf2d03e8

SHA256
f2dcdc37522043b579de5457940f37bda59a12d3b78973a838196e1d747e61b6

SHA512
3f626da47e01a8730280ed0c98f44f8c6933fdc60c42a153b23d21446a494f27fefbda41b4c84425f662605355f19c30e69ae505bb6f9b022a587cd635212bf5

Download Submit
\Windows\system\vfGwxrW.exe

Filesize
6.0MB

MD5
61b9706bc8418d1d44a0cabe9076f283

SHA1
f1025b132ec77104f3ab422c294cc75e8ee8ffea

SHA256
9ba97c3500449e6713d06fb2c57de6e2e8d4e0379f3730fa16b74df9101054fe

SHA512
7666bdd9de5eed3645f04572ef4e202978328d6d7d849bab99ac9e70f631be237a7b2b0a14c4aad0f1e746f4c433bf014083407609bb0aa720d20f935df103f1

Download Submit
memory/644-1502-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/644-266-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/1660-1485-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1660-268-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/1920-1491-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1920-294-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/2172-1492-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2172-265-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2284-270-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2284-1486-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2344-291-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2344-783-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-772-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-273-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2344-767-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-271-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2344-762-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-269-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2344-277-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-267-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-757-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-661-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2344-298-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-297-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-787-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-662-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-293-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2344-844-0x000000013F570000-0x000000013F8C4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-781-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-289-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2344-775-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2344-287-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-754-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2344-778-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2344-275-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-279-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-295-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-0-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2344-740-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2344-745-0x000000013FDF0000-0x0000000140144000-memory.dmp

Filesize
3.3MB

Download
memory/2432-1487-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2432-272-0x000000013FCC0000-0x0000000140014000-memory.dmp

Filesize
3.3MB

Download
memory/2672-1504-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-296-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-292-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2692-1503-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2772-274-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2772-1499-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/2868-278-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1500-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-1488-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-276-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1490-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2892-290-0x000000013FF20000-0x0000000140274000-memory.dmp

Filesize
3.3MB

Download
memory/2928-1501-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2928-288-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2960-286-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2960-1489-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download