cobaltstrike | e086c0b0485528a4f872d8b03716de0d6281c00016ac97bde6156a5a55ad40f0

Analysis

max time kernel
150s
max time network
29s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19-11-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

2996277099bb290c8be9fbd506f3ad3c
SHA1

b8e497ff63e77840986a823bf532929377fc4fc2
SHA256

e086c0b0485528a4f872d8b03716de0d6281c00016ac97bde6156a5a55ad40f0
SHA512

885c3cada995144c72a65a348e6f56340867bc7f3bd67c7900ef95b1108820743574e2f2ea243c7b912d544baa7636a4db0973801edb39de1ce0c1a1668c265a
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUd:T+q56utgpPF8u/7d

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000012238-3.dat	cobalt_reflective_dll
behavioral1/files/0x0031000000018bbf-13.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000193b8-10.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019470-24.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019489-38.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019480-30.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001948c-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019490-57.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194eb-71.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-137.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-183.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a479-203.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a477-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a473-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a475-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-173.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-163.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-157.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-126.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-98.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194a3-67.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2580-0-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/files/0x0009000000012238-3.dat	xmrig
behavioral1/files/0x0031000000018bbf-13.dat	xmrig
behavioral1/memory/2580-7-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/memory/2964-16-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2136-12-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x00080000000193b8-10.dat	xmrig
behavioral1/memory/828-22-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2580-20-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0007000000019470-24.dat	xmrig
behavioral1/memory/3032-29-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019489-38.dat	xmrig
behavioral1/memory/2920-43-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x0006000000019480-30.dat	xmrig
behavioral1/files/0x000600000001948c-45.dat	xmrig
behavioral1/files/0x0006000000019490-57.dat	xmrig
behavioral1/memory/2728-59-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2908-50-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/files/0x00080000000194eb-71.dat	xmrig
behavioral1/memory/2744-69-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3ab-89.dat	xmrig
behavioral1/files/0x000500000001a309-79.dat	xmrig
behavioral1/files/0x000500000001a3f8-105.dat	xmrig
behavioral1/memory/2036-108-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3fd-115.dat	xmrig
behavioral1/files/0x000500000001a400-120.dat	xmrig
behavioral1/files/0x000500000001a438-131.dat	xmrig
behavioral1/files/0x000500000001a44d-137.dat	xmrig
behavioral1/files/0x000500000001a471-183.dat	xmrig
behavioral1/memory/2964-776-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/828-777-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2036-458-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2920-781-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2456-794-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2136-803-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1780-793-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2072-792-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/memory/1920-791-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2744-790-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2908-789-0x000000013F7F0000-0x000000013FB44000-memory.dmp	xmrig
behavioral1/memory/2036-788-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2688-787-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2728-786-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/3032-785-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2456-372-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/1780-273-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a479-203.dat	xmrig
behavioral1/files/0x000500000001a477-197.dat	xmrig
behavioral1/files/0x000500000001a473-187.dat	xmrig
behavioral1/files/0x000500000001a475-193.dat	xmrig
behavioral1/files/0x000500000001a46f-177.dat	xmrig
behavioral1/files/0x000500000001a46d-173.dat	xmrig
behavioral1/files/0x000500000001a46b-167.dat	xmrig
behavioral1/files/0x000500000001a469-163.dat	xmrig
behavioral1/files/0x000500000001a463-157.dat	xmrig
behavioral1/files/0x000500000001a459-152.dat	xmrig
behavioral1/files/0x000500000001a457-147.dat	xmrig
behavioral1/memory/2072-144-0x000000013F920000-0x000000013FC74000-memory.dmp	xmrig
behavioral1/files/0x000500000001a44f-141.dat	xmrig
behavioral1/files/0x000500000001a404-126.dat	xmrig
behavioral1/memory/1920-123-0x000000013FFB0000-0x0000000140304000-memory.dmp	xmrig
behavioral1/memory/2744-107-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/memory/2456-100-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2728-99-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2136	JbyLsCQ.exe
2964	nhlwkUy.exe
828	aZCYYHS.exe
3032	odjQuSc.exe
2688	aZhGTNh.exe
2920	XIYQjWD.exe
2908	MWXuvZr.exe
2728	xhKcNvr.exe
2744	UCNYMzJ.exe
1920	vzEIcew.exe
2072	hCElJWk.exe
1780	sYUtBbv.exe
2456	XWPDnQO.exe
2036	BDwpepL.exe
2080	mjMmMXK.exe
956	TAuFUIl.exe
1764	XGLHSMN.exe
2472	loyngNL.exe
2312	ApaWpPl.exe
2116	ZFMwtMn.exe
1636	CVUWlam.exe
1380	EQcarSL.exe
3044	hMxdwZI.exe
3028	qSyGVeP.exe
3036	FdxfeRP.exe
2296	VzSsoJy.exe
2272	vKqrssr.exe
1664	fwTyMXF.exe
2316	ccZGwiw.exe
704	LAmVLek.exe
2092	cLzStNj.exe
2424	phEbPyd.exe
868	efskmmY.exe
1536	yLsfhvD.exe
2624	ThuYaje.exe
1720	hyGaMVn.exe
1568	pLjUmud.exe
1616	ZJToVWJ.exe
1328	jDUZfOl.exe
1456	TMMVNCE.exe
920	rhmlFig.exe
1964	RFDmCUn.exe
2628	qQdzXLB.exe
1624	RqFvfPY.exe
1676	EWuwRXl.exe
3064	hhJnmqP.exe
2508	WBVEkui.exe
524	KqHiuWj.exe
1648	eAweCPV.exe
1788	ShCAyBW.exe
1268	MyPJouB.exe
1504	phPtJbE.exe
2288	eLegDiw.exe
1248	YLisblV.exe
2792	PtSRqsT.exe
2708	JlECNjy.exe
2956	avLrfdB.exe
2820	fNbwRdJ.exe
2756	oouIKQQ.exe
2444	wwVfpQZ.exe
2448	enAhPjx.exe
1680	eGfPamV.exe
2988	GOMazsH.exe
316	QMNItjN.exe

Loads dropped DLL 64 IoCs

pid	Process
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2580-0-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/files/0x0009000000012238-3.dat	upx
behavioral1/files/0x0031000000018bbf-13.dat	upx
behavioral1/memory/2964-16-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2136-12-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x00080000000193b8-10.dat	upx
behavioral1/memory/828-22-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0007000000019470-24.dat	upx
behavioral1/memory/3032-29-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x0006000000019489-38.dat	upx
behavioral1/memory/2920-43-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0006000000019480-30.dat	upx
behavioral1/files/0x000600000001948c-45.dat	upx
behavioral1/files/0x0006000000019490-57.dat	upx
behavioral1/memory/2728-59-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2908-50-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/files/0x00080000000194eb-71.dat	upx
behavioral1/memory/2744-69-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x000500000001a3ab-89.dat	upx
behavioral1/files/0x000500000001a309-79.dat	upx
behavioral1/files/0x000500000001a3f8-105.dat	upx
behavioral1/memory/2036-108-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/files/0x000500000001a3fd-115.dat	upx
behavioral1/files/0x000500000001a400-120.dat	upx
behavioral1/files/0x000500000001a438-131.dat	upx
behavioral1/files/0x000500000001a44d-137.dat	upx
behavioral1/files/0x000500000001a471-183.dat	upx
behavioral1/memory/2964-776-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/828-777-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2036-458-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2920-781-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2456-794-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2136-803-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/1780-793-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2072-792-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/memory/1920-791-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2744-790-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2908-789-0x000000013F7F0000-0x000000013FB44000-memory.dmp	upx
behavioral1/memory/2036-788-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2688-787-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2728-786-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/3032-785-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2456-372-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/1780-273-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/files/0x000500000001a479-203.dat	upx
behavioral1/files/0x000500000001a477-197.dat	upx
behavioral1/files/0x000500000001a473-187.dat	upx
behavioral1/files/0x000500000001a475-193.dat	upx
behavioral1/files/0x000500000001a46f-177.dat	upx
behavioral1/files/0x000500000001a46d-173.dat	upx
behavioral1/files/0x000500000001a46b-167.dat	upx
behavioral1/files/0x000500000001a469-163.dat	upx
behavioral1/files/0x000500000001a463-157.dat	upx
behavioral1/files/0x000500000001a459-152.dat	upx
behavioral1/files/0x000500000001a457-147.dat	upx
behavioral1/memory/2072-144-0x000000013F920000-0x000000013FC74000-memory.dmp	upx
behavioral1/files/0x000500000001a44f-141.dat	upx
behavioral1/files/0x000500000001a404-126.dat	upx
behavioral1/memory/1920-123-0x000000013FFB0000-0x0000000140304000-memory.dmp	upx
behavioral1/memory/2744-107-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/memory/2456-100-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2728-99-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x000500000001a3f6-98.dat	upx
behavioral1/memory/2072-83-0x000000013F920000-0x000000013FC74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\bvcONmL.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZgoglTV.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PkwYjam.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcvpJnS.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNtHFHt.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aTTZnvT.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rxhORos.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYsyJJq.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwUYaLi.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IOnrhwc.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnxSDwt.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\avmaDQM.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WfgsGBZ.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTDMQOz.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLFwDyX.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLrgDnl.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nUMtdRr.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGzTkTH.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMaVDfA.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUBGIjx.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGUvUAc.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUgCMnV.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJiNJje.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEAnlxC.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOFOBZc.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BrEIKwT.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUxikDb.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZInntpQ.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGQQbti.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UnzOifR.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrKOZor.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HoUKRHO.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZuUewP.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFESiRe.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aFBHIdG.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TDwqjQQ.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GScvUep.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuJJyUQ.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjZizvQ.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tdUUWvO.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OVQICJE.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQFFptX.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xoSuMoF.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFdjebh.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twTaEuK.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYCnHxt.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvjHLFE.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iwmzDfC.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HlyYmPe.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QOOXOkq.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ingoSwD.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrlYglx.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rrHLeht.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvXrbjr.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlkEUmH.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsfvtMg.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdOosjR.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTpZkSA.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZYEhhM.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ccZGwiw.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zQRUSJv.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UhkXxnV.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nSKWcek.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVqWNFd.exe	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 2136	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2580 wrote to memory of 2136	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2580 wrote to memory of 2136	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 2580 wrote to memory of 2964	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 2964	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 2964	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2580 wrote to memory of 828	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 828	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 828	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2580 wrote to memory of 3032	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 3032	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 3032	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2580 wrote to memory of 2688	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2688	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2688	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2580 wrote to memory of 2920	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2920	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2920	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2580 wrote to memory of 2908	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2908	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2908	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2580 wrote to memory of 2728	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2728	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2728	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2580 wrote to memory of 2744	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 2744	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 2744	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2580 wrote to memory of 1920	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 1920	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 1920	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2580 wrote to memory of 2072	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 2072	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 2072	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2580 wrote to memory of 1780	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 1780	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 1780	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2580 wrote to memory of 2456	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2456	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2456	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2580 wrote to memory of 2036	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 2036	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 2036	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2580 wrote to memory of 2080	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 2080	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 2080	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2580 wrote to memory of 956	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 956	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 956	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2580 wrote to memory of 1764	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 1764	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 1764	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2580 wrote to memory of 2472	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 2472	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 2472	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2580 wrote to memory of 2312	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 2312	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 2312	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2580 wrote to memory of 2116	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 2116	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 2116	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2580 wrote to memory of 1636	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 1636	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 1636	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2580 wrote to memory of 1380	2580	2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-19_2996277099bb290c8be9fbd506f3ad3c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\System\JbyLsCQ.exe
  C:\Windows\System\JbyLsCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\nhlwkUy.exe
  C:\Windows\System\nhlwkUy.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\aZCYYHS.exe
  C:\Windows\System\aZCYYHS.exe
  2⤵
  - Executes dropped EXE
  PID:828
- C:\Windows\System\odjQuSc.exe
  C:\Windows\System\odjQuSc.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\aZhGTNh.exe
  C:\Windows\System\aZhGTNh.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\XIYQjWD.exe
  C:\Windows\System\XIYQjWD.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\MWXuvZr.exe
  C:\Windows\System\MWXuvZr.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\xhKcNvr.exe
  C:\Windows\System\xhKcNvr.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\UCNYMzJ.exe
  C:\Windows\System\UCNYMzJ.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\vzEIcew.exe
  C:\Windows\System\vzEIcew.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\hCElJWk.exe
  C:\Windows\System\hCElJWk.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\sYUtBbv.exe
  C:\Windows\System\sYUtBbv.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\XWPDnQO.exe
  C:\Windows\System\XWPDnQO.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\BDwpepL.exe
  C:\Windows\System\BDwpepL.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\mjMmMXK.exe
  C:\Windows\System\mjMmMXK.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\TAuFUIl.exe
  C:\Windows\System\TAuFUIl.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\XGLHSMN.exe
  C:\Windows\System\XGLHSMN.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\loyngNL.exe
  C:\Windows\System\loyngNL.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\ApaWpPl.exe
  C:\Windows\System\ApaWpPl.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\ZFMwtMn.exe
  C:\Windows\System\ZFMwtMn.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\CVUWlam.exe
  C:\Windows\System\CVUWlam.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\EQcarSL.exe
  C:\Windows\System\EQcarSL.exe
  2⤵
  - Executes dropped EXE
  PID:1380
- C:\Windows\System\hMxdwZI.exe
  C:\Windows\System\hMxdwZI.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\qSyGVeP.exe
  C:\Windows\System\qSyGVeP.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\FdxfeRP.exe
  C:\Windows\System\FdxfeRP.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\VzSsoJy.exe
  C:\Windows\System\VzSsoJy.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\vKqrssr.exe
  C:\Windows\System\vKqrssr.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\fwTyMXF.exe
  C:\Windows\System\fwTyMXF.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\ccZGwiw.exe
  C:\Windows\System\ccZGwiw.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\LAmVLek.exe
  C:\Windows\System\LAmVLek.exe
  2⤵
  - Executes dropped EXE
  PID:704
- C:\Windows\System\cLzStNj.exe
  C:\Windows\System\cLzStNj.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\phEbPyd.exe
  C:\Windows\System\phEbPyd.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\efskmmY.exe
  C:\Windows\System\efskmmY.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\yLsfhvD.exe
  C:\Windows\System\yLsfhvD.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\ThuYaje.exe
  C:\Windows\System\ThuYaje.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\hyGaMVn.exe
  C:\Windows\System\hyGaMVn.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\pLjUmud.exe
  C:\Windows\System\pLjUmud.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\ZJToVWJ.exe
  C:\Windows\System\ZJToVWJ.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\jDUZfOl.exe
  C:\Windows\System\jDUZfOl.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\TMMVNCE.exe
  C:\Windows\System\TMMVNCE.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\rhmlFig.exe
  C:\Windows\System\rhmlFig.exe
  2⤵
  - Executes dropped EXE
  PID:920
- C:\Windows\System\RFDmCUn.exe
  C:\Windows\System\RFDmCUn.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\qQdzXLB.exe
  C:\Windows\System\qQdzXLB.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\RqFvfPY.exe
  C:\Windows\System\RqFvfPY.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\EWuwRXl.exe
  C:\Windows\System\EWuwRXl.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\hhJnmqP.exe
  C:\Windows\System\hhJnmqP.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\WBVEkui.exe
  C:\Windows\System\WBVEkui.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\KqHiuWj.exe
  C:\Windows\System\KqHiuWj.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\eAweCPV.exe
  C:\Windows\System\eAweCPV.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\ShCAyBW.exe
  C:\Windows\System\ShCAyBW.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\MyPJouB.exe
  C:\Windows\System\MyPJouB.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\phPtJbE.exe
  C:\Windows\System\phPtJbE.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\eLegDiw.exe
  C:\Windows\System\eLegDiw.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\YLisblV.exe
  C:\Windows\System\YLisblV.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\PtSRqsT.exe
  C:\Windows\System\PtSRqsT.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\JlECNjy.exe
  C:\Windows\System\JlECNjy.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\avLrfdB.exe
  C:\Windows\System\avLrfdB.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\fNbwRdJ.exe
  C:\Windows\System\fNbwRdJ.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\oouIKQQ.exe
  C:\Windows\System\oouIKQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\wwVfpQZ.exe
  C:\Windows\System\wwVfpQZ.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\enAhPjx.exe
  C:\Windows\System\enAhPjx.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\eGfPamV.exe
  C:\Windows\System\eGfPamV.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\GOMazsH.exe
  C:\Windows\System\GOMazsH.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\QMNItjN.exe
  C:\Windows\System\QMNItjN.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\sXBihKO.exe
  C:\Windows\System\sXBihKO.exe
  2⤵
  PID:2784
- C:\Windows\System\xBSQlSg.exe
  C:\Windows\System\xBSQlSg.exe
  2⤵
  PID:764
- C:\Windows\System\RmoCqov.exe
  C:\Windows\System\RmoCqov.exe
  2⤵
  PID:2200
- C:\Windows\System\sDFFqzh.exe
  C:\Windows\System\sDFFqzh.exe
  2⤵
  PID:2204
- C:\Windows\System\XcjbtXF.exe
  C:\Windows\System\XcjbtXF.exe
  2⤵
  PID:2176
- C:\Windows\System\QTpZkSA.exe
  C:\Windows\System\QTpZkSA.exe
  2⤵
  PID:2260
- C:\Windows\System\uQMpmOU.exe
  C:\Windows\System\uQMpmOU.exe
  2⤵
  PID:2520
- C:\Windows\System\bdiTIcX.exe
  C:\Windows\System\bdiTIcX.exe
  2⤵
  PID:2376
- C:\Windows\System\yWKAfka.exe
  C:\Windows\System\yWKAfka.exe
  2⤵
  PID:1424
- C:\Windows\System\sVYSnkb.exe
  C:\Windows\System\sVYSnkb.exe
  2⤵
  PID:584
- C:\Windows\System\yegjPol.exe
  C:\Windows\System\yegjPol.exe
  2⤵
  PID:236
- C:\Windows\System\aTTZnvT.exe
  C:\Windows\System\aTTZnvT.exe
  2⤵
  PID:1712
- C:\Windows\System\ZrDeNyt.exe
  C:\Windows\System\ZrDeNyt.exe
  2⤵
  PID:1408
- C:\Windows\System\EMTPENW.exe
  C:\Windows\System\EMTPENW.exe
  2⤵
  PID:1952
- C:\Windows\System\RFZenTB.exe
  C:\Windows\System\RFZenTB.exe
  2⤵
  PID:1948
- C:\Windows\System\VePNCRP.exe
  C:\Windows\System\VePNCRP.exe
  2⤵
  PID:2588
- C:\Windows\System\YUGQzNu.exe
  C:\Windows\System\YUGQzNu.exe
  2⤵
  PID:1628
- C:\Windows\System\cBZpkFf.exe
  C:\Windows\System\cBZpkFf.exe
  2⤵
  PID:2640
- C:\Windows\System\SWgVgUG.exe
  C:\Windows\System\SWgVgUG.exe
  2⤵
  PID:1048
- C:\Windows\System\VWsqMIN.exe
  C:\Windows\System\VWsqMIN.exe
  2⤵
  PID:2608
- C:\Windows\System\nUMtdRr.exe
  C:\Windows\System\nUMtdRr.exe
  2⤵
  PID:2320
- C:\Windows\System\PluZdbT.exe
  C:\Windows\System\PluZdbT.exe
  2⤵
  PID:2772
- C:\Windows\System\GXYYdxl.exe
  C:\Windows\System\GXYYdxl.exe
  2⤵
  PID:2768
- C:\Windows\System\cAsYDJx.exe
  C:\Windows\System\cAsYDJx.exe
  2⤵
  PID:2684
- C:\Windows\System\nwLXGJc.exe
  C:\Windows\System\nwLXGJc.exe
  2⤵
  PID:2804
- C:\Windows\System\XfeKXCj.exe
  C:\Windows\System\XfeKXCj.exe
  2⤵
  PID:2968
- C:\Windows\System\ukKozJv.exe
  C:\Windows\System\ukKozJv.exe
  2⤵
  PID:2336
- C:\Windows\System\QZnSLeM.exe
  C:\Windows\System\QZnSLeM.exe
  2⤵
  PID:2128
- C:\Windows\System\zRoQRul.exe
  C:\Windows\System\zRoQRul.exe
  2⤵
  PID:1244
- C:\Windows\System\NICiTlT.exe
  C:\Windows\System\NICiTlT.exe
  2⤵
  PID:2512
- C:\Windows\System\NGBDtnZ.exe
  C:\Windows\System\NGBDtnZ.exe
  2⤵
  PID:1532
- C:\Windows\System\OzWubzg.exe
  C:\Windows\System\OzWubzg.exe
  2⤵
  PID:2392
- C:\Windows\System\fchRPnK.exe
  C:\Windows\System\fchRPnK.exe
  2⤵
  PID:1252
- C:\Windows\System\TwJifvG.exe
  C:\Windows\System\TwJifvG.exe
  2⤵
  PID:1988
- C:\Windows\System\CnAulqt.exe
  C:\Windows\System\CnAulqt.exe
  2⤵
  PID:1672
- C:\Windows\System\McXmoLk.exe
  C:\Windows\System\McXmoLk.exe
  2⤵
  PID:2120
- C:\Windows\System\wArPKAY.exe
  C:\Windows\System\wArPKAY.exe
  2⤵
  PID:924
- C:\Windows\System\MVncSCe.exe
  C:\Windows\System\MVncSCe.exe
  2⤵
  PID:844
- C:\Windows\System\RTnZkqo.exe
  C:\Windows\System\RTnZkqo.exe
  2⤵
  PID:1472
- C:\Windows\System\MFIAIKR.exe
  C:\Windows\System\MFIAIKR.exe
  2⤵
  PID:2700
- C:\Windows\System\yvTSGfP.exe
  C:\Windows\System\yvTSGfP.exe
  2⤵
  PID:2888
- C:\Windows\System\TCJNHah.exe
  C:\Windows\System\TCJNHah.exe
  2⤵
  PID:1876
- C:\Windows\System\wEAnlxC.exe
  C:\Windows\System\wEAnlxC.exe
  2⤵
  PID:3096
- C:\Windows\System\DXRwWGO.exe
  C:\Windows\System\DXRwWGO.exe
  2⤵
  PID:3120
- C:\Windows\System\iwmzDfC.exe
  C:\Windows\System\iwmzDfC.exe
  2⤵
  PID:3140
- C:\Windows\System\phFeeGR.exe
  C:\Windows\System\phFeeGR.exe
  2⤵
  PID:3160
- C:\Windows\System\DkyGjgA.exe
  C:\Windows\System\DkyGjgA.exe
  2⤵
  PID:3180
- C:\Windows\System\xDxEyql.exe
  C:\Windows\System\xDxEyql.exe
  2⤵
  PID:3200
- C:\Windows\System\yuGpHey.exe
  C:\Windows\System\yuGpHey.exe
  2⤵
  PID:3220
- C:\Windows\System\gYNaLPT.exe
  C:\Windows\System\gYNaLPT.exe
  2⤵
  PID:3240
- C:\Windows\System\ZwpUYRT.exe
  C:\Windows\System\ZwpUYRT.exe
  2⤵
  PID:3260
- C:\Windows\System\ECamcpq.exe
  C:\Windows\System\ECamcpq.exe
  2⤵
  PID:3280
- C:\Windows\System\tiEZKZY.exe
  C:\Windows\System\tiEZKZY.exe
  2⤵
  PID:3304
- C:\Windows\System\qQXGAEF.exe
  C:\Windows\System\qQXGAEF.exe
  2⤵
  PID:3324
- C:\Windows\System\ESyZonD.exe
  C:\Windows\System\ESyZonD.exe
  2⤵
  PID:3348
- C:\Windows\System\DguDcxJ.exe
  C:\Windows\System\DguDcxJ.exe
  2⤵
  PID:3364
- C:\Windows\System\ALuYxIk.exe
  C:\Windows\System\ALuYxIk.exe
  2⤵
  PID:3388
- C:\Windows\System\ukNMDuh.exe
  C:\Windows\System\ukNMDuh.exe
  2⤵
  PID:3412
- C:\Windows\System\AahIXdc.exe
  C:\Windows\System\AahIXdc.exe
  2⤵
  PID:3432
- C:\Windows\System\vkqQeev.exe
  C:\Windows\System\vkqQeev.exe
  2⤵
  PID:3452
- C:\Windows\System\xCznMZP.exe
  C:\Windows\System\xCznMZP.exe
  2⤵
  PID:3472
- C:\Windows\System\UcoCXAO.exe
  C:\Windows\System\UcoCXAO.exe
  2⤵
  PID:3492
- C:\Windows\System\teBWjMg.exe
  C:\Windows\System\teBWjMg.exe
  2⤵
  PID:3512
- C:\Windows\System\HdBwnsr.exe
  C:\Windows\System\HdBwnsr.exe
  2⤵
  PID:3532
- C:\Windows\System\sUGyxEv.exe
  C:\Windows\System\sUGyxEv.exe
  2⤵
  PID:3552
- C:\Windows\System\yPLngMd.exe
  C:\Windows\System\yPLngMd.exe
  2⤵
  PID:3572
- C:\Windows\System\riJQJOz.exe
  C:\Windows\System\riJQJOz.exe
  2⤵
  PID:3592
- C:\Windows\System\tdUUWvO.exe
  C:\Windows\System\tdUUWvO.exe
  2⤵
  PID:3616
- C:\Windows\System\kcNbYtX.exe
  C:\Windows\System\kcNbYtX.exe
  2⤵
  PID:3636
- C:\Windows\System\KfhUfId.exe
  C:\Windows\System\KfhUfId.exe
  2⤵
  PID:3656
- C:\Windows\System\FRkmIOp.exe
  C:\Windows\System\FRkmIOp.exe
  2⤵
  PID:3676
- C:\Windows\System\cUKNgWG.exe
  C:\Windows\System\cUKNgWG.exe
  2⤵
  PID:3696
- C:\Windows\System\BKxqNwr.exe
  C:\Windows\System\BKxqNwr.exe
  2⤵
  PID:3724
- C:\Windows\System\nUcDDCl.exe
  C:\Windows\System\nUcDDCl.exe
  2⤵
  PID:3744
- C:\Windows\System\dFMYrDJ.exe
  C:\Windows\System\dFMYrDJ.exe
  2⤵
  PID:3764
- C:\Windows\System\ByELUtS.exe
  C:\Windows\System\ByELUtS.exe
  2⤵
  PID:3784
- C:\Windows\System\CWCmbdH.exe
  C:\Windows\System\CWCmbdH.exe
  2⤵
  PID:3804
- C:\Windows\System\gjfXxAi.exe
  C:\Windows\System\gjfXxAi.exe
  2⤵
  PID:3824
- C:\Windows\System\FlkqRbj.exe
  C:\Windows\System\FlkqRbj.exe
  2⤵
  PID:3844
- C:\Windows\System\JJPGJCI.exe
  C:\Windows\System\JJPGJCI.exe
  2⤵
  PID:3864
- C:\Windows\System\DugWIRy.exe
  C:\Windows\System\DugWIRy.exe
  2⤵
  PID:3884
- C:\Windows\System\WBhHaNx.exe
  C:\Windows\System\WBhHaNx.exe
  2⤵
  PID:3904
- C:\Windows\System\nJnMgRq.exe
  C:\Windows\System\nJnMgRq.exe
  2⤵
  PID:3924
- C:\Windows\System\WEmZSjT.exe
  C:\Windows\System\WEmZSjT.exe
  2⤵
  PID:3944
- C:\Windows\System\fZUziwm.exe
  C:\Windows\System\fZUziwm.exe
  2⤵
  PID:3964
- C:\Windows\System\bmWGNDP.exe
  C:\Windows\System\bmWGNDP.exe
  2⤵
  PID:3984
- C:\Windows\System\JPdkRnX.exe
  C:\Windows\System\JPdkRnX.exe
  2⤵
  PID:4004
- C:\Windows\System\eQPdzNF.exe
  C:\Windows\System\eQPdzNF.exe
  2⤵
  PID:4028
- C:\Windows\System\amMJiMF.exe
  C:\Windows\System\amMJiMF.exe
  2⤵
  PID:4048
- C:\Windows\System\AxGvrrH.exe
  C:\Windows\System\AxGvrrH.exe
  2⤵
  PID:4068
- C:\Windows\System\zGSaLkK.exe
  C:\Windows\System\zGSaLkK.exe
  2⤵
  PID:4092
- C:\Windows\System\bvmEKvM.exe
  C:\Windows\System\bvmEKvM.exe
  2⤵
  PID:2544
- C:\Windows\System\NymWrjI.exe
  C:\Windows\System\NymWrjI.exe
  2⤵
  PID:1116
- C:\Windows\System\gsFhyeC.exe
  C:\Windows\System\gsFhyeC.exe
  2⤵
  PID:1324
- C:\Windows\System\LydGAci.exe
  C:\Windows\System\LydGAci.exe
  2⤵
  PID:2364
- C:\Windows\System\OblEdWR.exe
  C:\Windows\System\OblEdWR.exe
  2⤵
  PID:2264
- C:\Windows\System\WtFwKnf.exe
  C:\Windows\System\WtFwKnf.exe
  2⤵
  PID:1656
- C:\Windows\System\YLelubE.exe
  C:\Windows\System\YLelubE.exe
  2⤵
  PID:1984
- C:\Windows\System\EstQUWa.exe
  C:\Windows\System\EstQUWa.exe
  2⤵
  PID:1592
- C:\Windows\System\LHVnHIF.exe
  C:\Windows\System\LHVnHIF.exe
  2⤵
  PID:872
- C:\Windows\System\OwrZfCm.exe
  C:\Windows\System\OwrZfCm.exe
  2⤵
  PID:3080
- C:\Windows\System\pFKRhmf.exe
  C:\Windows\System\pFKRhmf.exe
  2⤵
  PID:1560
- C:\Windows\System\pTfDbas.exe
  C:\Windows\System\pTfDbas.exe
  2⤵
  PID:3116
- C:\Windows\System\phoutZx.exe
  C:\Windows\System\phoutZx.exe
  2⤵
  PID:3172
- C:\Windows\System\qCnFhOq.exe
  C:\Windows\System\qCnFhOq.exe
  2⤵
  PID:3216
- C:\Windows\System\wtHUZYR.exe
  C:\Windows\System\wtHUZYR.exe
  2⤵
  PID:3196
- C:\Windows\System\SmOyzNM.exe
  C:\Windows\System\SmOyzNM.exe
  2⤵
  PID:3232
- C:\Windows\System\vsfvtMg.exe
  C:\Windows\System\vsfvtMg.exe
  2⤵
  PID:3272
- C:\Windows\System\KIdiaQk.exe
  C:\Windows\System\KIdiaQk.exe
  2⤵
  PID:3316
- C:\Windows\System\lermcYy.exe
  C:\Windows\System\lermcYy.exe
  2⤵
  PID:3384
- C:\Windows\System\qjgWZYG.exe
  C:\Windows\System\qjgWZYG.exe
  2⤵
  PID:3396
- C:\Windows\System\TyQajbo.exe
  C:\Windows\System\TyQajbo.exe
  2⤵
  PID:3460
- C:\Windows\System\rxjnrvu.exe
  C:\Windows\System\rxjnrvu.exe
  2⤵
  PID:3464
- C:\Windows\System\pNhghWO.exe
  C:\Windows\System\pNhghWO.exe
  2⤵
  PID:3484
- C:\Windows\System\ipMnxlb.exe
  C:\Windows\System\ipMnxlb.exe
  2⤵
  PID:3528
- C:\Windows\System\PsfodNs.exe
  C:\Windows\System\PsfodNs.exe
  2⤵
  PID:3588
- C:\Windows\System\feyJuVx.exe
  C:\Windows\System\feyJuVx.exe
  2⤵
  PID:3632
- C:\Windows\System\wNzeQJJ.exe
  C:\Windows\System\wNzeQJJ.exe
  2⤵
  PID:3664
- C:\Windows\System\XFESiRe.exe
  C:\Windows\System\XFESiRe.exe
  2⤵
  PID:3668
- C:\Windows\System\FtxNcTK.exe
  C:\Windows\System\FtxNcTK.exe
  2⤵
  PID:3760
- C:\Windows\System\DAIKjyu.exe
  C:\Windows\System\DAIKjyu.exe
  2⤵
  PID:3740
- C:\Windows\System\puvbtEI.exe
  C:\Windows\System\puvbtEI.exe
  2⤵
  PID:3792
- C:\Windows\System\vnzTawJ.exe
  C:\Windows\System\vnzTawJ.exe
  2⤵
  PID:3836
- C:\Windows\System\iYCWvqt.exe
  C:\Windows\System\iYCWvqt.exe
  2⤵
  PID:3872
- C:\Windows\System\CQqFOoz.exe
  C:\Windows\System\CQqFOoz.exe
  2⤵
  PID:3876
- C:\Windows\System\wHwlThj.exe
  C:\Windows\System\wHwlThj.exe
  2⤵
  PID:3920
- C:\Windows\System\inwEiuO.exe
  C:\Windows\System\inwEiuO.exe
  2⤵
  PID:3936
- C:\Windows\System\pxGIDzv.exe
  C:\Windows\System\pxGIDzv.exe
  2⤵
  PID:3980
- C:\Windows\System\yGIEsVR.exe
  C:\Windows\System\yGIEsVR.exe
  2⤵
  PID:4016
- C:\Windows\System\OMrafLn.exe
  C:\Windows\System\OMrafLn.exe
  2⤵
  PID:4056
- C:\Windows\System\lsjOhgh.exe
  C:\Windows\System\lsjOhgh.exe
  2⤵
  PID:4080
- C:\Windows\System\XNyccZj.exe
  C:\Windows\System\XNyccZj.exe
  2⤵
  PID:2452
- C:\Windows\System\zknIIsw.exe
  C:\Windows\System\zknIIsw.exe
  2⤵
  PID:3040
- C:\Windows\System\hfrseda.exe
  C:\Windows\System\hfrseda.exe
  2⤵
  PID:2416
- C:\Windows\System\lIxsVxT.exe
  C:\Windows\System\lIxsVxT.exe
  2⤵
  PID:2468
- C:\Windows\System\IxFnJUm.exe
  C:\Windows\System\IxFnJUm.exe
  2⤵
  PID:2900
- C:\Windows\System\BzuumCY.exe
  C:\Windows\System\BzuumCY.exe
  2⤵
  PID:3092
- C:\Windows\System\FPYQUFo.exe
  C:\Windows\System\FPYQUFo.exe
  2⤵
  PID:3136
- C:\Windows\System\wKdNsyv.exe
  C:\Windows\System\wKdNsyv.exe
  2⤵
  PID:3152
- C:\Windows\System\aegzQre.exe
  C:\Windows\System\aegzQre.exe
  2⤵
  PID:3340
- C:\Windows\System\SbyhHwq.exe
  C:\Windows\System\SbyhHwq.exe
  2⤵
  PID:3288
- C:\Windows\System\AuCYlVl.exe
  C:\Windows\System\AuCYlVl.exe
  2⤵
  PID:3336
- C:\Windows\System\icBpzdO.exe
  C:\Windows\System\icBpzdO.exe
  2⤵
  PID:3360
- C:\Windows\System\xIQaJHm.exe
  C:\Windows\System\xIQaJHm.exe
  2⤵
  PID:3424
- C:\Windows\System\rNzegEj.exe
  C:\Windows\System\rNzegEj.exe
  2⤵
  PID:3488
- C:\Windows\System\DrNVhGN.exe
  C:\Windows\System\DrNVhGN.exe
  2⤵
  PID:3580
- C:\Windows\System\DLBSlYz.exe
  C:\Windows\System\DLBSlYz.exe
  2⤵
  PID:3612
- C:\Windows\System\YqWmTZJ.exe
  C:\Windows\System\YqWmTZJ.exe
  2⤵
  PID:3692
- C:\Windows\System\LNMykMj.exe
  C:\Windows\System\LNMykMj.exe
  2⤵
  PID:3832
- C:\Windows\System\VPFFFCI.exe
  C:\Windows\System\VPFFFCI.exe
  2⤵
  PID:3780
- C:\Windows\System\sIoCwUQ.exe
  C:\Windows\System\sIoCwUQ.exe
  2⤵
  PID:3860
- C:\Windows\System\nDaSvFn.exe
  C:\Windows\System\nDaSvFn.exe
  2⤵
  PID:3932
- C:\Windows\System\dSOYiZV.exe
  C:\Windows\System\dSOYiZV.exe
  2⤵
  PID:3972
- C:\Windows\System\syejNBN.exe
  C:\Windows\System\syejNBN.exe
  2⤵
  PID:4088
- C:\Windows\System\karXICi.exe
  C:\Windows\System\karXICi.exe
  2⤵
  PID:4100
- C:\Windows\System\TlznIfM.exe
  C:\Windows\System\TlznIfM.exe
  2⤵
  PID:4120
- C:\Windows\System\OBRIKsE.exe
  C:\Windows\System\OBRIKsE.exe
  2⤵
  PID:4288
- C:\Windows\System\gFFWzCi.exe
  C:\Windows\System\gFFWzCi.exe
  2⤵
  PID:4308
- C:\Windows\System\yXWHfsE.exe
  C:\Windows\System\yXWHfsE.exe
  2⤵
  PID:4376
- C:\Windows\System\Kqzyfsc.exe
  C:\Windows\System\Kqzyfsc.exe
  2⤵
  PID:4392
- C:\Windows\System\HjjxpRV.exe
  C:\Windows\System\HjjxpRV.exe
  2⤵
  PID:4408
- C:\Windows\System\MqPAiZM.exe
  C:\Windows\System\MqPAiZM.exe
  2⤵
  PID:4424
- C:\Windows\System\dwrBpDV.exe
  C:\Windows\System\dwrBpDV.exe
  2⤵
  PID:4472
- C:\Windows\System\oDGaNHi.exe
  C:\Windows\System\oDGaNHi.exe
  2⤵
  PID:4488
- C:\Windows\System\rrHLeht.exe
  C:\Windows\System\rrHLeht.exe
  2⤵
  PID:4508
- C:\Windows\System\yeTwLgM.exe
  C:\Windows\System\yeTwLgM.exe
  2⤵
  PID:4528
- C:\Windows\System\xYlSKPD.exe
  C:\Windows\System\xYlSKPD.exe
  2⤵
  PID:4544
- C:\Windows\System\gXDwWaf.exe
  C:\Windows\System\gXDwWaf.exe
  2⤵
  PID:4560
- C:\Windows\System\vCtmMwl.exe
  C:\Windows\System\vCtmMwl.exe
  2⤵
  PID:4576
- C:\Windows\System\LnpTtbs.exe
  C:\Windows\System\LnpTtbs.exe
  2⤵
  PID:4604
- C:\Windows\System\WXJRLIN.exe
  C:\Windows\System\WXJRLIN.exe
  2⤵
  PID:4620
- C:\Windows\System\APXUWRm.exe
  C:\Windows\System\APXUWRm.exe
  2⤵
  PID:4640
- C:\Windows\System\efVNWpN.exe
  C:\Windows\System\efVNWpN.exe
  2⤵
  PID:4656
- C:\Windows\System\KfKsahf.exe
  C:\Windows\System\KfKsahf.exe
  2⤵
  PID:4676
- C:\Windows\System\dnUbSIV.exe
  C:\Windows\System\dnUbSIV.exe
  2⤵
  PID:4712
- C:\Windows\System\wbaAuJS.exe
  C:\Windows\System\wbaAuJS.exe
  2⤵
  PID:4728
- C:\Windows\System\aYNKjHr.exe
  C:\Windows\System\aYNKjHr.exe
  2⤵
  PID:4752
- C:\Windows\System\etVNQxP.exe
  C:\Windows\System\etVNQxP.exe
  2⤵
  PID:4768
- C:\Windows\System\uYztvSC.exe
  C:\Windows\System\uYztvSC.exe
  2⤵
  PID:4784
- C:\Windows\System\cbaXSkO.exe
  C:\Windows\System\cbaXSkO.exe
  2⤵
  PID:4812
- C:\Windows\System\UOMNyxJ.exe
  C:\Windows\System\UOMNyxJ.exe
  2⤵
  PID:4828
- C:\Windows\System\YUQPkty.exe
  C:\Windows\System\YUQPkty.exe
  2⤵
  PID:4848
- C:\Windows\System\jwYUPlR.exe
  C:\Windows\System\jwYUPlR.exe
  2⤵
  PID:4872
- C:\Windows\System\NloyVhZ.exe
  C:\Windows\System\NloyVhZ.exe
  2⤵
  PID:4888
- C:\Windows\System\ASniXzh.exe
  C:\Windows\System\ASniXzh.exe
  2⤵
  PID:4904
- C:\Windows\System\bumthiV.exe
  C:\Windows\System\bumthiV.exe
  2⤵
  PID:4924
- C:\Windows\System\eGKaGfJ.exe
  C:\Windows\System\eGKaGfJ.exe
  2⤵
  PID:4940
- C:\Windows\System\WcESmum.exe
  C:\Windows\System\WcESmum.exe
  2⤵
  PID:4976
- C:\Windows\System\PFdjebh.exe
  C:\Windows\System\PFdjebh.exe
  2⤵
  PID:4996
- C:\Windows\System\BTtXWcd.exe
  C:\Windows\System\BTtXWcd.exe
  2⤵
  PID:5012
- C:\Windows\System\AkRQfjb.exe
  C:\Windows\System\AkRQfjb.exe
  2⤵
  PID:5028
- C:\Windows\System\afiMAOp.exe
  C:\Windows\System\afiMAOp.exe
  2⤵
  PID:5056
- C:\Windows\System\VBRPmJj.exe
  C:\Windows\System\VBRPmJj.exe
  2⤵
  PID:5076
- C:\Windows\System\lgdwgrY.exe
  C:\Windows\System\lgdwgrY.exe
  2⤵
  PID:5092
- C:\Windows\System\RFFLCLZ.exe
  C:\Windows\System\RFFLCLZ.exe
  2⤵
  PID:5116
- C:\Windows\System\CVWKSmA.exe
  C:\Windows\System\CVWKSmA.exe
  2⤵
  PID:2500
- C:\Windows\System\eaFblnm.exe
  C:\Windows\System\eaFblnm.exe
  2⤵
  PID:2164
- C:\Windows\System\pxvCEAQ.exe
  C:\Windows\System\pxvCEAQ.exe
  2⤵
  PID:1044
- C:\Windows\System\CHEQuiw.exe
  C:\Windows\System\CHEQuiw.exe
  2⤵
  PID:1076
- C:\Windows\System\zpFBATF.exe
  C:\Windows\System\zpFBATF.exe
  2⤵
  PID:3084
- C:\Windows\System\rJBvffp.exe
  C:\Windows\System\rJBvffp.exe
  2⤵
  PID:3168
- C:\Windows\System\nkdNaQx.exe
  C:\Windows\System\nkdNaQx.exe
  2⤵
  PID:3320
- C:\Windows\System\vCZOOrv.exe
  C:\Windows\System\vCZOOrv.exe
  2⤵
  PID:3420
- C:\Windows\System\zzhFvfi.exe
  C:\Windows\System\zzhFvfi.exe
  2⤵
  PID:3468
- C:\Windows\System\eLqvMzU.exe
  C:\Windows\System\eLqvMzU.exe
  2⤵
  PID:3548
- C:\Windows\System\GZrjUhB.exe
  C:\Windows\System\GZrjUhB.exe
  2⤵
  PID:3644
- C:\Windows\System\kpRFANo.exe
  C:\Windows\System\kpRFANo.exe
  2⤵
  PID:3776
- C:\Windows\System\AscRaCj.exe
  C:\Windows\System\AscRaCj.exe
  2⤵
  PID:3816
- C:\Windows\System\MNJcbdo.exe
  C:\Windows\System\MNJcbdo.exe
  2⤵
  PID:3960
- C:\Windows\System\rxhORos.exe
  C:\Windows\System\rxhORos.exe
  2⤵
  PID:4060
- C:\Windows\System\ywcIonb.exe
  C:\Windows\System\ywcIonb.exe
  2⤵
  PID:4112
- C:\Windows\System\glscPej.exe
  C:\Windows\System\glscPej.exe
  2⤵
  PID:2052
- C:\Windows\System\dokLAkG.exe
  C:\Windows\System\dokLAkG.exe
  2⤵
  PID:2892
- C:\Windows\System\bOxVkvQ.exe
  C:\Windows\System\bOxVkvQ.exe
  2⤵
  PID:4192
- C:\Windows\System\EZZxacd.exe
  C:\Windows\System\EZZxacd.exe
  2⤵
  PID:2844
- C:\Windows\System\jNRjNHI.exe
  C:\Windows\System\jNRjNHI.exe
  2⤵
  PID:2780
- C:\Windows\System\aCrsgNm.exe
  C:\Windows\System\aCrsgNm.exe
  2⤵
  PID:1968
- C:\Windows\System\MuCgjvF.exe
  C:\Windows\System\MuCgjvF.exe
  2⤵
  PID:2004
- C:\Windows\System\cYzkrWJ.exe
  C:\Windows\System\cYzkrWJ.exe
  2⤵
  PID:2000
- C:\Windows\System\IoyUFGk.exe
  C:\Windows\System\IoyUFGk.exe
  2⤵
  PID:4244
- C:\Windows\System\CzMyyGw.exe
  C:\Windows\System\CzMyyGw.exe
  2⤵
  PID:1436
- C:\Windows\System\SXvcwNF.exe
  C:\Windows\System\SXvcwNF.exe
  2⤵
  PID:2012
- C:\Windows\System\TdndEGp.exe
  C:\Windows\System\TdndEGp.exe
  2⤵
  PID:4260
- C:\Windows\System\gnSfaIm.exe
  C:\Windows\System\gnSfaIm.exe
  2⤵
  PID:1492
- C:\Windows\System\IanbTev.exe
  C:\Windows\System\IanbTev.exe
  2⤵
  PID:4268
- C:\Windows\System\TSUyHWx.exe
  C:\Windows\System\TSUyHWx.exe
  2⤵
  PID:4272
- C:\Windows\System\VixyzUy.exe
  C:\Windows\System\VixyzUy.exe
  2⤵
  PID:2868
- C:\Windows\System\pDVPSFP.exe
  C:\Windows\System\pDVPSFP.exe
  2⤵
  PID:2716
- C:\Windows\System\kEwtBFH.exe
  C:\Windows\System\kEwtBFH.exe
  2⤵
  PID:2856
- C:\Windows\System\FfKNFhd.exe
  C:\Windows\System\FfKNFhd.exe
  2⤵
  PID:2248
- C:\Windows\System\LRqjksG.exe
  C:\Windows\System\LRqjksG.exe
  2⤵
  PID:1692
- C:\Windows\System\HVDydrq.exe
  C:\Windows\System\HVDydrq.exe
  2⤵
  PID:2016
- C:\Windows\System\ZaJcWdw.exe
  C:\Windows\System\ZaJcWdw.exe
  2⤵
  PID:976
- C:\Windows\System\vfLBWDQ.exe
  C:\Windows\System\vfLBWDQ.exe
  2⤵
  PID:2632
- C:\Windows\System\aqngzhR.exe
  C:\Windows\System\aqngzhR.exe
  2⤵
  PID:2504
- C:\Windows\System\beJGDMQ.exe
  C:\Windows\System\beJGDMQ.exe
  2⤵
  PID:548
- C:\Windows\System\NcpbsrT.exe
  C:\Windows\System\NcpbsrT.exe
  2⤵
  PID:4324
- C:\Windows\System\RRIcPYZ.exe
  C:\Windows\System\RRIcPYZ.exe
  2⤵
  PID:4432
- C:\Windows\System\uIryrKw.exe
  C:\Windows\System\uIryrKw.exe
  2⤵
  PID:4296
- C:\Windows\System\RzddSgC.exe
  C:\Windows\System\RzddSgC.exe
  2⤵
  PID:4448
- C:\Windows\System\NASWuWs.exe
  C:\Windows\System\NASWuWs.exe
  2⤵
  PID:4276
- C:\Windows\System\WrhWdpv.exe
  C:\Windows\System\WrhWdpv.exe
  2⤵
  PID:2924
- C:\Windows\System\pOSniDm.exe
  C:\Windows\System\pOSniDm.exe
  2⤵
  PID:4336
- C:\Windows\System\umcgqKk.exe
  C:\Windows\System\umcgqKk.exe
  2⤵
  PID:4340
- C:\Windows\System\AYDMkiw.exe
  C:\Windows\System\AYDMkiw.exe
  2⤵
  PID:2524
- C:\Windows\System\Rmwuyvm.exe
  C:\Windows\System\Rmwuyvm.exe
  2⤵
  PID:4500
- C:\Windows\System\MfqVGsV.exe
  C:\Windows\System\MfqVGsV.exe
  2⤵
  PID:4572
- C:\Windows\System\xMnuLJr.exe
  C:\Windows\System\xMnuLJr.exe
  2⤵
  PID:4592
- C:\Windows\System\pwhrXqt.exe
  C:\Windows\System\pwhrXqt.exe
  2⤵
  PID:4588
- C:\Windows\System\MZgfSdk.exe
  C:\Windows\System\MZgfSdk.exe
  2⤵
  PID:4688
- C:\Windows\System\PkwYjam.exe
  C:\Windows\System\PkwYjam.exe
  2⤵
  PID:4632
- C:\Windows\System\PJQsxjU.exe
  C:\Windows\System\PJQsxjU.exe
  2⤵
  PID:4672
- C:\Windows\System\HQYwDjt.exe
  C:\Windows\System\HQYwDjt.exe
  2⤵
  PID:4740
- C:\Windows\System\bvcONmL.exe
  C:\Windows\System\bvcONmL.exe
  2⤵
  PID:4760
- C:\Windows\System\LGIREaF.exe
  C:\Windows\System\LGIREaF.exe
  2⤵
  PID:4792
- C:\Windows\System\iIbPSqK.exe
  C:\Windows\System\iIbPSqK.exe
  2⤵
  PID:4824
- C:\Windows\System\owNAIjA.exe
  C:\Windows\System\owNAIjA.exe
  2⤵
  PID:4844
- C:\Windows\System\cuiqhnn.exe
  C:\Windows\System\cuiqhnn.exe
  2⤵
  PID:4864
- C:\Windows\System\lsfsFmT.exe
  C:\Windows\System\lsfsFmT.exe
  2⤵
  PID:4916
- C:\Windows\System\GFASjxZ.exe
  C:\Windows\System\GFASjxZ.exe
  2⤵
  PID:4952
- C:\Windows\System\wDrnzrP.exe
  C:\Windows\System\wDrnzrP.exe
  2⤵
  PID:5004
- C:\Windows\System\WCZRCmF.exe
  C:\Windows\System\WCZRCmF.exe
  2⤵
  PID:5072
- C:\Windows\System\UumGWlC.exe
  C:\Windows\System\UumGWlC.exe
  2⤵
  PID:5048
- C:\Windows\System\tLRvPra.exe
  C:\Windows\System\tLRvPra.exe
  2⤵
  PID:5100
- C:\Windows\System\uQeiCfS.exe
  C:\Windows\System\uQeiCfS.exe
  2⤵
  PID:2096
- C:\Windows\System\vEtVVkZ.exe
  C:\Windows\System\vEtVVkZ.exe
  2⤵
  PID:3148
- C:\Windows\System\AFWTFPR.exe
  C:\Windows\System\AFWTFPR.exe
  2⤵
  PID:1700
- C:\Windows\System\eMMwWZi.exe
  C:\Windows\System\eMMwWZi.exe
  2⤵
  PID:864
- C:\Windows\System\weGRKMn.exe
  C:\Windows\System\weGRKMn.exe
  2⤵
  PID:3540
- C:\Windows\System\GlyrGwQ.exe
  C:\Windows\System\GlyrGwQ.exe
  2⤵
  PID:3628
- C:\Windows\System\fazKfkD.exe
  C:\Windows\System\fazKfkD.exe
  2⤵
  PID:3900
- C:\Windows\System\GkhcMAW.exe
  C:\Windows\System\GkhcMAW.exe
  2⤵
  PID:3756
- C:\Windows\System\OVQICJE.exe
  C:\Windows\System\OVQICJE.exe
  2⤵
  PID:4000
- C:\Windows\System\uwGnqWY.exe
  C:\Windows\System\uwGnqWY.exe
  2⤵
  PID:4116
- C:\Windows\System\xrbyISN.exe
  C:\Windows\System\xrbyISN.exe
  2⤵
  PID:3016
- C:\Windows\System\YRVQHNh.exe
  C:\Windows\System\YRVQHNh.exe
  2⤵
  PID:2816
- C:\Windows\System\rRAlEJz.exe
  C:\Windows\System\rRAlEJz.exe
  2⤵
  PID:2516
- C:\Windows\System\HVsfGeM.exe
  C:\Windows\System\HVsfGeM.exe
  2⤵
  PID:1332
- C:\Windows\System\mKAujar.exe
  C:\Windows\System\mKAujar.exe
  2⤵
  PID:4248
- C:\Windows\System\mVIDXEO.exe
  C:\Windows\System\mVIDXEO.exe
  2⤵
  PID:1884
- C:\Windows\System\EeBzdzM.exe
  C:\Windows\System\EeBzdzM.exe
  2⤵
  PID:2144
- C:\Windows\System\aQLoajv.exe
  C:\Windows\System\aQLoajv.exe
  2⤵
  PID:1468
- C:\Windows\System\nyksmpZ.exe
  C:\Windows\System\nyksmpZ.exe
  2⤵
  PID:2980
- C:\Windows\System\eEbadDQ.exe
  C:\Windows\System\eEbadDQ.exe
  2⤵
  PID:2736
- C:\Windows\System\ZMTzYER.exe
  C:\Windows\System\ZMTzYER.exe
  2⤵
  PID:760
- C:\Windows\System\IlcgseF.exe
  C:\Windows\System\IlcgseF.exe
  2⤵
  PID:1996
- C:\Windows\System\kbNlNXP.exe
  C:\Windows\System\kbNlNXP.exe
  2⤵
  PID:1888
- C:\Windows\System\istoLAV.exe
  C:\Windows\System\istoLAV.exe
  2⤵
  PID:1652
- C:\Windows\System\eKifwBo.exe
  C:\Windows\System\eKifwBo.exe
  2⤵
  PID:1064
- C:\Windows\System\ZGdkWxR.exe
  C:\Windows\System\ZGdkWxR.exe
  2⤵
  PID:2556
- C:\Windows\System\offHpil.exe
  C:\Windows\System\offHpil.exe
  2⤵
  PID:2536
- C:\Windows\System\QECyLeN.exe
  C:\Windows\System\QECyLeN.exe
  2⤵
  PID:4420
- C:\Windows\System\bQseOFW.exe
  C:\Windows\System\bQseOFW.exe
  2⤵
  PID:4444
- C:\Windows\System\FKPnGYL.exe
  C:\Windows\System\FKPnGYL.exe
  2⤵
  PID:4364
- C:\Windows\System\GLVtuzG.exe
  C:\Windows\System\GLVtuzG.exe
  2⤵
  PID:4516
- C:\Windows\System\ZInntpQ.exe
  C:\Windows\System\ZInntpQ.exe
  2⤵
  PID:4496
- C:\Windows\System\QLDDPQb.exe
  C:\Windows\System\QLDDPQb.exe
  2⤵
  PID:4520
- C:\Windows\System\ZOSHzHD.exe
  C:\Windows\System\ZOSHzHD.exe
  2⤵
  PID:4616
- C:\Windows\System\tsmCBWG.exe
  C:\Windows\System\tsmCBWG.exe
  2⤵
  PID:4628
- C:\Windows\System\GSKeXWG.exe
  C:\Windows\System\GSKeXWG.exe
  2⤵
  PID:4668
- C:\Windows\System\vdmlDdg.exe
  C:\Windows\System\vdmlDdg.exe
  2⤵
  PID:4780
- C:\Windows\System\QvQdaOv.exe
  C:\Windows\System\QvQdaOv.exe
  2⤵
  PID:4936
- C:\Windows\System\oZAyuGq.exe
  C:\Windows\System\oZAyuGq.exe
  2⤵
  PID:4808
- C:\Windows\System\AOYSevI.exe
  C:\Windows\System\AOYSevI.exe
  2⤵
  PID:4896
- C:\Windows\System\OwZBbbF.exe
  C:\Windows\System\OwZBbbF.exe
  2⤵
  PID:4988
- C:\Windows\System\wcSvDKI.exe
  C:\Windows\System\wcSvDKI.exe
  2⤵
  PID:4968
- C:\Windows\System\PGhsSJp.exe
  C:\Windows\System\PGhsSJp.exe
  2⤵
  PID:5024
- C:\Windows\System\yufDleb.exe
  C:\Windows\System\yufDleb.exe
  2⤵
  PID:5064
- C:\Windows\System\nBVIXbg.exe
  C:\Windows\System\nBVIXbg.exe
  2⤵
  PID:3256
- C:\Windows\System\nZRzgcf.exe
  C:\Windows\System\nZRzgcf.exe
  2⤵
  PID:3332
- C:\Windows\System\mrKqxmE.exe
  C:\Windows\System\mrKqxmE.exe
  2⤵
  PID:3428
- C:\Windows\System\rmOKaVa.exe
  C:\Windows\System\rmOKaVa.exe
  2⤵
  PID:3896
- C:\Windows\System\fXVPKww.exe
  C:\Windows\System\fXVPKww.exe
  2⤵
  PID:2800
- C:\Windows\System\nffpgQp.exe
  C:\Windows\System\nffpgQp.exe
  2⤵
  PID:1728
- C:\Windows\System\oxbiNPe.exe
  C:\Windows\System\oxbiNPe.exe
  2⤵
  PID:4960
- C:\Windows\System\CfeDuAL.exe
  C:\Windows\System\CfeDuAL.exe
  2⤵
  PID:3276
- C:\Windows\System\qOvRdsz.exe
  C:\Windows\System\qOvRdsz.exe
  2⤵
  PID:2884
- C:\Windows\System\KbGGLjQ.exe
  C:\Windows\System\KbGGLjQ.exe
  2⤵
  PID:1800
- C:\Windows\System\nYdUNhT.exe
  C:\Windows\System\nYdUNhT.exe
  2⤵
  PID:2032
- C:\Windows\System\RnkSJOM.exe
  C:\Windows\System\RnkSJOM.exe
  2⤵
  PID:1992
- C:\Windows\System\dAmXscK.exe
  C:\Windows\System\dAmXscK.exe
  2⤵
  PID:2384
- C:\Windows\System\CSDrUcs.exe
  C:\Windows\System\CSDrUcs.exe
  2⤵
  PID:4404
- C:\Windows\System\IuhYcWs.exe
  C:\Windows\System\IuhYcWs.exe
  2⤵
  PID:4440
- C:\Windows\System\seAbSvz.exe
  C:\Windows\System\seAbSvz.exe
  2⤵
  PID:4584
- C:\Windows\System\FqWmOLa.exe
  C:\Windows\System\FqWmOLa.exe
  2⤵
  PID:4800
- C:\Windows\System\RBteiLq.exe
  C:\Windows\System\RBteiLq.exe
  2⤵
  PID:4612
- C:\Windows\System\kzKNgMP.exe
  C:\Windows\System\kzKNgMP.exe
  2⤵
  PID:4912
- C:\Windows\System\ncaYDnd.exe
  C:\Windows\System\ncaYDnd.exe
  2⤵
  PID:4992
- C:\Windows\System\KjNXRaT.exe
  C:\Windows\System\KjNXRaT.exe
  2⤵
  PID:4972
- C:\Windows\System\LeaEJVK.exe
  C:\Windows\System\LeaEJVK.exe
  2⤵
  PID:3008
- C:\Windows\System\cSDXeVy.exe
  C:\Windows\System\cSDXeVy.exe
  2⤵
  PID:3248
- C:\Windows\System\KmycvGu.exe
  C:\Windows\System\KmycvGu.exe
  2⤵
  PID:4172
- C:\Windows\System\OYfPtox.exe
  C:\Windows\System\OYfPtox.exe
  2⤵
  PID:2696
- C:\Windows\System\mCbNsFY.exe
  C:\Windows\System\mCbNsFY.exe
  2⤵
  PID:2692
- C:\Windows\System\jDONmiu.exe
  C:\Windows\System\jDONmiu.exe
  2⤵
  PID:336
- C:\Windows\System\PiqLMwH.exe
  C:\Windows\System\PiqLMwH.exe
  2⤵
  PID:2752
- C:\Windows\System\FOKpPnx.exe
  C:\Windows\System\FOKpPnx.exe
  2⤵
  PID:2712
- C:\Windows\System\NzmLMtT.exe
  C:\Windows\System\NzmLMtT.exe
  2⤵
  PID:1792
- C:\Windows\System\epijQzg.exe
  C:\Windows\System\epijQzg.exe
  2⤵
  PID:4332
- C:\Windows\System\yRjqdWw.exe
  C:\Windows\System\yRjqdWw.exe
  2⤵
  PID:1596
- C:\Windows\System\sZFaGve.exe
  C:\Windows\System\sZFaGve.exe
  2⤵
  PID:4360
- C:\Windows\System\fwYafFF.exe
  C:\Windows\System\fwYafFF.exe
  2⤵
  PID:4720
- C:\Windows\System\hZJRErN.exe
  C:\Windows\System\hZJRErN.exe
  2⤵
  PID:4764
- C:\Windows\System\UfvznOL.exe
  C:\Windows\System\UfvznOL.exe
  2⤵
  PID:4956
- C:\Windows\System\TDKHSgN.exe
  C:\Windows\System\TDKHSgN.exe
  2⤵
  PID:5112
- C:\Windows\System\ABfDLOj.exe
  C:\Windows\System\ABfDLOj.exe
  2⤵
  PID:1308
- C:\Windows\System\pOVkbeM.exe
  C:\Windows\System\pOVkbeM.exe
  2⤵
  PID:2484
- C:\Windows\System\ZUymMrU.exe
  C:\Windows\System\ZUymMrU.exe
  2⤵
  PID:2808
- C:\Windows\System\IzzXuDc.exe
  C:\Windows\System\IzzXuDc.exe
  2⤵
  PID:4136
- C:\Windows\System\XIvtASJ.exe
  C:\Windows\System\XIvtASJ.exe
  2⤵
  PID:1184
- C:\Windows\System\napvozV.exe
  C:\Windows\System\napvozV.exe
  2⤵
  PID:2656
- C:\Windows\System\XfYJUsX.exe
  C:\Windows\System\XfYJUsX.exe
  2⤵
  PID:4552
- C:\Windows\System\uSWwojT.exe
  C:\Windows\System\uSWwojT.exe
  2⤵
  PID:4796
- C:\Windows\System\CgrlRcE.exe
  C:\Windows\System\CgrlRcE.exe
  2⤵
  PID:3812
- C:\Windows\System\DHZPFUj.exe
  C:\Windows\System\DHZPFUj.exe
  2⤵
  PID:4456
- C:\Windows\System\YptWWVO.exe
  C:\Windows\System\YptWWVO.exe
  2⤵
  PID:4240
- C:\Windows\System\yjNjUeA.exe
  C:\Windows\System\yjNjUeA.exe
  2⤵
  PID:2828
- C:\Windows\System\CwaLuCA.exe
  C:\Windows\System\CwaLuCA.exe
  2⤵
  PID:4372
- C:\Windows\System\qZNhSAS.exe
  C:\Windows\System\qZNhSAS.exe
  2⤵
  PID:4200
- C:\Windows\System\mTkwmoZ.exe
  C:\Windows\System\mTkwmoZ.exe
  2⤵
  PID:4900
- C:\Windows\System\hUAFEhy.exe
  C:\Windows\System\hUAFEhy.exe
  2⤵
  PID:4220
- C:\Windows\System\iLlNasP.exe
  C:\Windows\System\iLlNasP.exe
  2⤵
  PID:4484
- C:\Windows\System\XcxwEQR.exe
  C:\Windows\System\XcxwEQR.exe
  2⤵
  PID:4948
- C:\Windows\System\yuZPSqA.exe
  C:\Windows\System\yuZPSqA.exe
  2⤵
  PID:2636
- C:\Windows\System\tDOLmtL.exe
  C:\Windows\System\tDOLmtL.exe
  2⤵
  PID:3608
- C:\Windows\System\tyjwxmV.exe
  C:\Windows\System\tyjwxmV.exe
  2⤵
  PID:5124
- C:\Windows\System\SzvwItx.exe
  C:\Windows\System\SzvwItx.exe
  2⤵
  PID:5148
- C:\Windows\System\LMvjwjs.exe
  C:\Windows\System\LMvjwjs.exe
  2⤵
  PID:5164
- C:\Windows\System\kOxAkTq.exe
  C:\Windows\System\kOxAkTq.exe
  2⤵
  PID:5180
- C:\Windows\System\SMaLlnQ.exe
  C:\Windows\System\SMaLlnQ.exe
  2⤵
  PID:5200
- C:\Windows\System\EKotTDy.exe
  C:\Windows\System\EKotTDy.exe
  2⤵
  PID:5228
- C:\Windows\System\SHVMrld.exe
  C:\Windows\System\SHVMrld.exe
  2⤵
  PID:5244
- C:\Windows\System\NQIeXlu.exe
  C:\Windows\System\NQIeXlu.exe
  2⤵
  PID:5264
- C:\Windows\System\WdFBocX.exe
  C:\Windows\System\WdFBocX.exe
  2⤵
  PID:5280
- C:\Windows\System\VoNijGM.exe
  C:\Windows\System\VoNijGM.exe
  2⤵
  PID:5308
- C:\Windows\System\teWCCJI.exe
  C:\Windows\System\teWCCJI.exe
  2⤵
  PID:5324
- C:\Windows\System\PTqnUsf.exe
  C:\Windows\System\PTqnUsf.exe
  2⤵
  PID:5340
- C:\Windows\System\TzRHDlY.exe
  C:\Windows\System\TzRHDlY.exe
  2⤵
  PID:5356
- C:\Windows\System\cQOsYrk.exe
  C:\Windows\System\cQOsYrk.exe
  2⤵
  PID:5376
- C:\Windows\System\WiiMXTl.exe
  C:\Windows\System\WiiMXTl.exe
  2⤵
  PID:5392
- C:\Windows\System\QiaWktY.exe
  C:\Windows\System\QiaWktY.exe
  2⤵
  PID:5420
- C:\Windows\System\aYeFjSq.exe
  C:\Windows\System\aYeFjSq.exe
  2⤵
  PID:5436
- C:\Windows\System\MPEskxZ.exe
  C:\Windows\System\MPEskxZ.exe
  2⤵
  PID:5460
- C:\Windows\System\opBIhLZ.exe
  C:\Windows\System\opBIhLZ.exe
  2⤵
  PID:5480
- C:\Windows\System\jcFfErJ.exe
  C:\Windows\System\jcFfErJ.exe
  2⤵
  PID:5500
- C:\Windows\System\KSBAYVD.exe
  C:\Windows\System\KSBAYVD.exe
  2⤵
  PID:5516
- C:\Windows\System\VbPQdjK.exe
  C:\Windows\System\VbPQdjK.exe
  2⤵
  PID:5536
- C:\Windows\System\ScSKxcU.exe
  C:\Windows\System\ScSKxcU.exe
  2⤵
  PID:5564
- C:\Windows\System\VIEJHhP.exe
  C:\Windows\System\VIEJHhP.exe
  2⤵
  PID:5580
- C:\Windows\System\sIXBZaM.exe
  C:\Windows\System\sIXBZaM.exe
  2⤵
  PID:5600
- C:\Windows\System\IDcWyAl.exe
  C:\Windows\System\IDcWyAl.exe
  2⤵
  PID:5616
- C:\Windows\System\jQWQVTm.exe
  C:\Windows\System\jQWQVTm.exe
  2⤵
  PID:5636
- C:\Windows\System\WWzpjnU.exe
  C:\Windows\System\WWzpjnU.exe
  2⤵
  PID:5672
- C:\Windows\System\aTGMeey.exe
  C:\Windows\System\aTGMeey.exe
  2⤵
  PID:5692
- C:\Windows\System\kqcKnbI.exe
  C:\Windows\System\kqcKnbI.exe
  2⤵
  PID:5708
- C:\Windows\System\XRWPgOf.exe
  C:\Windows\System\XRWPgOf.exe
  2⤵
  PID:5732
- C:\Windows\System\TkfgKeV.exe
  C:\Windows\System\TkfgKeV.exe
  2⤵
  PID:5752
- C:\Windows\System\nTzdQFs.exe
  C:\Windows\System\nTzdQFs.exe
  2⤵
  PID:5772
- C:\Windows\System\NdceEvl.exe
  C:\Windows\System\NdceEvl.exe
  2⤵
  PID:5788
- C:\Windows\System\PfrRkQH.exe
  C:\Windows\System\PfrRkQH.exe
  2⤵
  PID:5808
- C:\Windows\System\tHqvPYL.exe
  C:\Windows\System\tHqvPYL.exe
  2⤵
  PID:5836
- C:\Windows\System\OUmrXJD.exe
  C:\Windows\System\OUmrXJD.exe
  2⤵
  PID:5852
- C:\Windows\System\HlyYmPe.exe
  C:\Windows\System\HlyYmPe.exe
  2⤵
  PID:5872
- C:\Windows\System\lKoBHTq.exe
  C:\Windows\System\lKoBHTq.exe
  2⤵
  PID:5892
- C:\Windows\System\gYmWYJM.exe
  C:\Windows\System\gYmWYJM.exe
  2⤵
  PID:5912
- C:\Windows\System\xRfDzSO.exe
  C:\Windows\System\xRfDzSO.exe
  2⤵
  PID:5932
- C:\Windows\System\MUUdMbC.exe
  C:\Windows\System\MUUdMbC.exe
  2⤵
  PID:5960
- C:\Windows\System\uJyDQFS.exe
  C:\Windows\System\uJyDQFS.exe
  2⤵
  PID:5976
- C:\Windows\System\HBBdJki.exe
  C:\Windows\System\HBBdJki.exe
  2⤵
  PID:5996
- C:\Windows\System\UhkXxnV.exe
  C:\Windows\System\UhkXxnV.exe
  2⤵
  PID:6016
- C:\Windows\System\bAmLRfh.exe
  C:\Windows\System\bAmLRfh.exe
  2⤵
  PID:6036
- C:\Windows\System\lRTcjxQ.exe
  C:\Windows\System\lRTcjxQ.exe
  2⤵
  PID:6056
- C:\Windows\System\hciYefy.exe
  C:\Windows\System\hciYefy.exe
  2⤵
  PID:6072
- C:\Windows\System\cgYwupF.exe
  C:\Windows\System\cgYwupF.exe
  2⤵
  PID:6092
- C:\Windows\System\OFXGDZT.exe
  C:\Windows\System\OFXGDZT.exe
  2⤵
  PID:6112
- C:\Windows\System\vMvRzuT.exe
  C:\Windows\System\vMvRzuT.exe
  2⤵
  PID:6140
- C:\Windows\System\aOEjnsl.exe
  C:\Windows\System\aOEjnsl.exe
  2⤵
  PID:2564
- C:\Windows\System\ewYOuQY.exe
  C:\Windows\System\ewYOuQY.exe
  2⤵
  PID:5172
- C:\Windows\System\YZvHjjO.exe
  C:\Windows\System\YZvHjjO.exe
  2⤵
  PID:5216
- C:\Windows\System\enDPgvQ.exe
  C:\Windows\System\enDPgvQ.exe
  2⤵
  PID:5192
- C:\Windows\System\jMZnvrY.exe
  C:\Windows\System\jMZnvrY.exe
  2⤵
  PID:5288
- C:\Windows\System\IcvpJnS.exe
  C:\Windows\System\IcvpJnS.exe
  2⤵
  PID:5276
- C:\Windows\System\vFMzBYh.exe
  C:\Windows\System\vFMzBYh.exe
  2⤵
  PID:5332
- C:\Windows\System\uAUsgzL.exe
  C:\Windows\System\uAUsgzL.exe
  2⤵
  PID:5408
- C:\Windows\System\CmKMrii.exe
  C:\Windows\System\CmKMrii.exe
  2⤵
  PID:5320
- C:\Windows\System\mYrGGGG.exe
  C:\Windows\System\mYrGGGG.exe
  2⤵
  PID:5492
- C:\Windows\System\IvchwmX.exe
  C:\Windows\System\IvchwmX.exe
  2⤵
  PID:5388
- C:\Windows\System\YPFKkZO.exe
  C:\Windows\System\YPFKkZO.exe
  2⤵
  PID:5432
- C:\Windows\System\RlGADQU.exe
  C:\Windows\System\RlGADQU.exe
  2⤵
  PID:5476
- C:\Windows\System\XuHEACL.exe
  C:\Windows\System\XuHEACL.exe
  2⤵
  PID:5548
- C:\Windows\System\GiToOHN.exe
  C:\Windows\System\GiToOHN.exe
  2⤵
  PID:5608
- C:\Windows\System\FUmnDvW.exe
  C:\Windows\System\FUmnDvW.exe
  2⤵
  PID:5648
- C:\Windows\System\SzAmIRr.exe
  C:\Windows\System\SzAmIRr.exe
  2⤵
  PID:5596
- C:\Windows\System\vOfzBdK.exe
  C:\Windows\System\vOfzBdK.exe
  2⤵
  PID:5684
- C:\Windows\System\UnzOifR.exe
  C:\Windows\System\UnzOifR.exe
  2⤵
  PID:5724
- C:\Windows\System\jEBGZvE.exe
  C:\Windows\System\jEBGZvE.exe
  2⤵
  PID:5764
- C:\Windows\System\bOyJxQv.exe
  C:\Windows\System\bOyJxQv.exe
  2⤵
  PID:5800
- C:\Windows\System\jyTZUqg.exe
  C:\Windows\System\jyTZUqg.exe
  2⤵
  PID:5828
- C:\Windows\System\yFxbtlo.exe
  C:\Windows\System\yFxbtlo.exe
  2⤵
  PID:5868
- C:\Windows\System\etVhcfw.exe
  C:\Windows\System\etVhcfw.exe
  2⤵
  PID:5888
- C:\Windows\System\kXvOVjH.exe
  C:\Windows\System\kXvOVjH.exe
  2⤵
  PID:2552
- C:\Windows\System\JqgcLZN.exe
  C:\Windows\System\JqgcLZN.exe
  2⤵
  PID:1976
- C:\Windows\System\nOFOBZc.exe
  C:\Windows\System\nOFOBZc.exe
  2⤵
  PID:5924
- C:\Windows\System\LJMfrZr.exe
  C:\Windows\System\LJMfrZr.exe
  2⤵
  PID:5944
- C:\Windows\System\tVSOQzW.exe
  C:\Windows\System\tVSOQzW.exe
  2⤵
  PID:6012
- C:\Windows\System\HKkoLEY.exe
  C:\Windows\System\HKkoLEY.exe
  2⤵
  PID:2680
- C:\Windows\System\CvyiKdX.exe
  C:\Windows\System\CvyiKdX.exe
  2⤵
  PID:6064
- C:\Windows\System\VuSaGcY.exe
  C:\Windows\System\VuSaGcY.exe
  2⤵
  PID:6132
- C:\Windows\System\yZvZXyP.exe
  C:\Windows\System\yZvZXyP.exe
  2⤵
  PID:564
- C:\Windows\System\WACBKfd.exe
  C:\Windows\System\WACBKfd.exe
  2⤵
  PID:5212
- C:\Windows\System\Wnhjzcv.exe
  C:\Windows\System\Wnhjzcv.exe
  2⤵
  PID:5220
- C:\Windows\System\iyLyHLW.exe
  C:\Windows\System\iyLyHLW.exe
  2⤵
  PID:5256
- C:\Windows\System\hhHvAGW.exe
  C:\Windows\System\hhHvAGW.exe
  2⤵
  PID:5300
- C:\Windows\System\VczBcgK.exe
  C:\Windows\System\VczBcgK.exe
  2⤵
  PID:5400
- C:\Windows\System\ilsYbAr.exe
  C:\Windows\System\ilsYbAr.exe
  2⤵
  PID:5352
- C:\Windows\System\XGSRARu.exe
  C:\Windows\System\XGSRARu.exe
  2⤵
  PID:5528
- C:\Windows\System\ZTWpsuS.exe
  C:\Windows\System\ZTWpsuS.exe
  2⤵
  PID:5560
- C:\Windows\System\IOnrhwc.exe
  C:\Windows\System\IOnrhwc.exe
  2⤵
  PID:5656
- C:\Windows\System\jQRWiJJ.exe
  C:\Windows\System\jQRWiJJ.exe
  2⤵
  PID:5632
- C:\Windows\System\pIArPYf.exe
  C:\Windows\System\pIArPYf.exe
  2⤵
  PID:5720
- C:\Windows\System\DmUJHcX.exe
  C:\Windows\System\DmUJHcX.exe
  2⤵
  PID:5796
- C:\Windows\System\eBYeEoU.exe
  C:\Windows\System\eBYeEoU.exe
  2⤵
  PID:5760
- C:\Windows\System\vcsBhuM.exe
  C:\Windows\System\vcsBhuM.exe
  2⤵
  PID:5824
- C:\Windows\System\rmInKZc.exe
  C:\Windows\System\rmInKZc.exe
  2⤵
  PID:556
- C:\Windows\System\HKgsnoA.exe
  C:\Windows\System\HKgsnoA.exe
  2⤵
  PID:5988
- C:\Windows\System\fPzbcpW.exe
  C:\Windows\System\fPzbcpW.exe
  2⤵
  PID:5948
- C:\Windows\System\bIlwhJK.exe
  C:\Windows\System\bIlwhJK.exe
  2⤵
  PID:6028
- C:\Windows\System\BUriUOB.exe
  C:\Windows\System\BUriUOB.exe
  2⤵
  PID:6108
- C:\Windows\System\jlaKAAb.exe
  C:\Windows\System\jlaKAAb.exe
  2⤵
  PID:6104
- C:\Windows\System\QpUGGJq.exe
  C:\Windows\System\QpUGGJq.exe
  2⤵
  PID:5144
- C:\Windows\System\RYGnihI.exe
  C:\Windows\System\RYGnihI.exe
  2⤵
  PID:5452
- C:\Windows\System\KhWCChm.exe
  C:\Windows\System\KhWCChm.exe
  2⤵
  PID:2812
- C:\Windows\System\JIyQgmM.exe
  C:\Windows\System\JIyQgmM.exe
  2⤵
  PID:5316
- C:\Windows\System\wnxSDwt.exe
  C:\Windows\System\wnxSDwt.exe
  2⤵
  PID:5348
- C:\Windows\System\zZfTkNM.exe
  C:\Windows\System\zZfTkNM.exe
  2⤵
  PID:5576
- C:\Windows\System\qWCHEWN.exe
  C:\Windows\System\qWCHEWN.exe
  2⤵
  PID:5664
- C:\Windows\System\SZasPnh.exe
  C:\Windows\System\SZasPnh.exe
  2⤵
  PID:5864
- C:\Windows\System\mcmdbeB.exe
  C:\Windows\System\mcmdbeB.exe
  2⤵
  PID:5908
- C:\Windows\System\HRITNyh.exe
  C:\Windows\System\HRITNyh.exe
  2⤵
  PID:1364
- C:\Windows\System\uMaVDfA.exe
  C:\Windows\System\uMaVDfA.exe
  2⤵
  PID:6100
- C:\Windows\System\gMVMesz.exe
  C:\Windows\System\gMVMesz.exe
  2⤵
  PID:5240
- C:\Windows\System\uIWmkgy.exe
  C:\Windows\System\uIWmkgy.exe
  2⤵
  PID:5416
- C:\Windows\System\ttCWpnQ.exe
  C:\Windows\System\ttCWpnQ.exe
  2⤵
  PID:5252
- C:\Windows\System\QOOXOkq.exe
  C:\Windows\System\QOOXOkq.exe
  2⤵
  PID:5704
- C:\Windows\System\sMWvvum.exe
  C:\Windows\System\sMWvvum.exe
  2⤵
  PID:5404
- C:\Windows\System\XQHwDKk.exe
  C:\Windows\System\XQHwDKk.exe
  2⤵
  PID:5768
- C:\Windows\System\BUBGIjx.exe
  C:\Windows\System\BUBGIjx.exe
  2⤵
  PID:6088
- C:\Windows\System\modxnOD.exe
  C:\Windows\System\modxnOD.exe
  2⤵
  PID:5900
- C:\Windows\System\RxrBSVN.exe
  C:\Windows\System\RxrBSVN.exe
  2⤵
  PID:2332
- C:\Windows\System\uzSzrcT.exe
  C:\Windows\System\uzSzrcT.exe
  2⤵
  PID:5428
- C:\Windows\System\AhPvVRK.exe
  C:\Windows\System\AhPvVRK.exe
  2⤵
  PID:2832
- C:\Windows\System\OwwndzR.exe
  C:\Windows\System\OwwndzR.exe
  2⤵
  PID:6048
- C:\Windows\System\htbNVVT.exe
  C:\Windows\System\htbNVVT.exe
  2⤵
  PID:5208
- C:\Windows\System\KWiKJTp.exe
  C:\Windows\System\KWiKJTp.exe
  2⤵
  PID:5572
- C:\Windows\System\YdTVfTA.exe
  C:\Windows\System\YdTVfTA.exe
  2⤵
  PID:6084
- C:\Windows\System\uTZazsn.exe
  C:\Windows\System\uTZazsn.exe
  2⤵
  PID:5088
- C:\Windows\System\GuitrGx.exe
  C:\Windows\System\GuitrGx.exe
  2⤵
  PID:5716
- C:\Windows\System\gXbnqEp.exe
  C:\Windows\System\gXbnqEp.exe
  2⤵
  PID:6152
- C:\Windows\System\rsrOJWq.exe
  C:\Windows\System\rsrOJWq.exe
  2⤵
  PID:6168
- C:\Windows\System\WKjyVnn.exe
  C:\Windows\System\WKjyVnn.exe
  2⤵
  PID:6196
- C:\Windows\System\sudHbDF.exe
  C:\Windows\System\sudHbDF.exe
  2⤵
  PID:6220
- C:\Windows\System\gzXTzrR.exe
  C:\Windows\System\gzXTzrR.exe
  2⤵
  PID:6236
- C:\Windows\System\DrkGRrQ.exe
  C:\Windows\System\DrkGRrQ.exe
  2⤵
  PID:6256
- C:\Windows\System\euIoWci.exe
  C:\Windows\System\euIoWci.exe
  2⤵
  PID:6280
- C:\Windows\System\Sgdapdy.exe
  C:\Windows\System\Sgdapdy.exe
  2⤵
  PID:6300
- C:\Windows\System\SsvcJnB.exe
  C:\Windows\System\SsvcJnB.exe
  2⤵
  PID:6316
- C:\Windows\System\dGMTGju.exe
  C:\Windows\System\dGMTGju.exe
  2⤵
  PID:6332
- C:\Windows\System\kwFzORG.exe
  C:\Windows\System\kwFzORG.exe
  2⤵
  PID:6348
- C:\Windows\System\BHttdyn.exe
  C:\Windows\System\BHttdyn.exe
  2⤵
  PID:6384
- C:\Windows\System\RpMiWUq.exe
  C:\Windows\System\RpMiWUq.exe
  2⤵
  PID:6400
- C:\Windows\System\ujSmAnp.exe
  C:\Windows\System\ujSmAnp.exe
  2⤵
  PID:6416
- C:\Windows\System\aSnoRPl.exe
  C:\Windows\System\aSnoRPl.exe
  2⤵
  PID:6440
- C:\Windows\System\LDfJtuR.exe
  C:\Windows\System\LDfJtuR.exe
  2⤵
  PID:6456
- C:\Windows\System\RQAeUSE.exe
  C:\Windows\System\RQAeUSE.exe
  2⤵
  PID:6476
- C:\Windows\System\DtcTeGJ.exe
  C:\Windows\System\DtcTeGJ.exe
  2⤵
  PID:6492
- C:\Windows\System\fJBwJxr.exe
  C:\Windows\System\fJBwJxr.exe
  2⤵
  PID:6512
- C:\Windows\System\vUaNrJj.exe
  C:\Windows\System\vUaNrJj.exe
  2⤵
  PID:6536
- C:\Windows\System\OAGrVRU.exe
  C:\Windows\System\OAGrVRU.exe
  2⤵
  PID:6552
- C:\Windows\System\BfGhjCV.exe
  C:\Windows\System\BfGhjCV.exe
  2⤵
  PID:6580
- C:\Windows\System\yPrsXXP.exe
  C:\Windows\System\yPrsXXP.exe
  2⤵
  PID:6600
- C:\Windows\System\ssEnoJP.exe
  C:\Windows\System\ssEnoJP.exe
  2⤵
  PID:6620
- C:\Windows\System\xZsptyc.exe
  C:\Windows\System\xZsptyc.exe
  2⤵
  PID:6640
- C:\Windows\System\cWCQipI.exe
  C:\Windows\System\cWCQipI.exe
  2⤵
  PID:6660
- C:\Windows\System\AsAMeVr.exe
  C:\Windows\System\AsAMeVr.exe
  2⤵
  PID:6680
- C:\Windows\System\qUIeKTv.exe
  C:\Windows\System\qUIeKTv.exe
  2⤵
  PID:6704
- C:\Windows\System\tgUZrdM.exe
  C:\Windows\System\tgUZrdM.exe
  2⤵
  PID:6720
- C:\Windows\System\LIyVmcj.exe
  C:\Windows\System\LIyVmcj.exe
  2⤵
  PID:6736
- C:\Windows\System\BdWxYmv.exe
  C:\Windows\System\BdWxYmv.exe
  2⤵
  PID:6764
- C:\Windows\System\tYIyand.exe
  C:\Windows\System\tYIyand.exe
  2⤵
  PID:6784
- C:\Windows\System\CmIyxan.exe
  C:\Windows\System\CmIyxan.exe
  2⤵
  PID:6800
- C:\Windows\System\SukEpzB.exe
  C:\Windows\System\SukEpzB.exe
  2⤵
  PID:6816
- C:\Windows\System\SGEYkHs.exe
  C:\Windows\System\SGEYkHs.exe
  2⤵
  PID:6836
- C:\Windows\System\dpDWpoJ.exe
  C:\Windows\System\dpDWpoJ.exe
  2⤵
  PID:6852
- C:\Windows\System\QjjXpvn.exe
  C:\Windows\System\QjjXpvn.exe
  2⤵
  PID:6872
- C:\Windows\System\rYinUSm.exe
  C:\Windows\System\rYinUSm.exe
  2⤵
  PID:6888
- C:\Windows\System\WvtZFJh.exe
  C:\Windows\System\WvtZFJh.exe
  2⤵
  PID:6904
- C:\Windows\System\DvyVCvp.exe
  C:\Windows\System\DvyVCvp.exe
  2⤵
  PID:6928
- C:\Windows\System\TUWsLaA.exe
  C:\Windows\System\TUWsLaA.exe
  2⤵
  PID:6944
- C:\Windows\System\HtkqcvK.exe
  C:\Windows\System\HtkqcvK.exe
  2⤵
  PID:6984
- C:\Windows\System\JEEglOO.exe
  C:\Windows\System\JEEglOO.exe
  2⤵
  PID:7000
- C:\Windows\System\eIxfAsb.exe
  C:\Windows\System\eIxfAsb.exe
  2⤵
  PID:7020
- C:\Windows\System\pxILUiR.exe
  C:\Windows\System\pxILUiR.exe
  2⤵
  PID:7040
- C:\Windows\System\dqviyBL.exe
  C:\Windows\System\dqviyBL.exe
  2⤵
  PID:7060
- C:\Windows\System\BPCIMGY.exe
  C:\Windows\System\BPCIMGY.exe
  2⤵
  PID:7080
- C:\Windows\System\bmULvCN.exe
  C:\Windows\System\bmULvCN.exe
  2⤵
  PID:7108
- C:\Windows\System\cKwvKVT.exe
  C:\Windows\System\cKwvKVT.exe
  2⤵
  PID:7124
- C:\Windows\System\MdwVQTs.exe
  C:\Windows\System\MdwVQTs.exe
  2⤵
  PID:7140
- C:\Windows\System\bFcvjjj.exe
  C:\Windows\System\bFcvjjj.exe
  2⤵
  PID:5968
- C:\Windows\System\sbfjwgP.exe
  C:\Windows\System\sbfjwgP.exe
  2⤵
  PID:856
- C:\Windows\System\LoJYEYS.exe
  C:\Windows\System\LoJYEYS.exe
  2⤵
  PID:6176
- C:\Windows\System\VtVnFtB.exe
  C:\Windows\System\VtVnFtB.exe
  2⤵
  PID:6204
- C:\Windows\System\wWVQQrq.exe
  C:\Windows\System\wWVQQrq.exe
  2⤵
  PID:6232
- C:\Windows\System\xgibbuJ.exe
  C:\Windows\System\xgibbuJ.exe
  2⤵
  PID:6276
- C:\Windows\System\ZYVPdDm.exe
  C:\Windows\System\ZYVPdDm.exe
  2⤵
  PID:6308
- C:\Windows\System\bWGvgNU.exe
  C:\Windows\System\bWGvgNU.exe
  2⤵
  PID:6356
- C:\Windows\System\ialpWHn.exe
  C:\Windows\System\ialpWHn.exe
  2⤵
  PID:6312
- C:\Windows\System\bXTlwiw.exe
  C:\Windows\System\bXTlwiw.exe
  2⤵
  PID:6408
- C:\Windows\System\SrKOZor.exe
  C:\Windows\System\SrKOZor.exe
  2⤵
  PID:6484
- C:\Windows\System\WdQoSzT.exe
  C:\Windows\System\WdQoSzT.exe
  2⤵
  PID:6528
- C:\Windows\System\WglipWh.exe
  C:\Windows\System\WglipWh.exe
  2⤵
  PID:6428
- C:\Windows\System\ctxiKmq.exe
  C:\Windows\System\ctxiKmq.exe
  2⤵
  PID:6468
- C:\Windows\System\XjcaInn.exe
  C:\Windows\System\XjcaInn.exe
  2⤵
  PID:6508
- C:\Windows\System\WnGuare.exe
  C:\Windows\System\WnGuare.exe
  2⤵
  PID:6608
- C:\Windows\System\esHDhah.exe
  C:\Windows\System\esHDhah.exe
  2⤵
  PID:6616
- C:\Windows\System\DmQBXrK.exe
  C:\Windows\System\DmQBXrK.exe
  2⤵
  PID:6668
- C:\Windows\System\DhNGFaa.exe
  C:\Windows\System\DhNGFaa.exe
  2⤵
  PID:6700
- C:\Windows\System\KSweMzk.exe
  C:\Windows\System\KSweMzk.exe
  2⤵
  PID:6756
- C:\Windows\System\NaQPGDi.exe
  C:\Windows\System\NaQPGDi.exe
  2⤵
  PID:6772
- C:\Windows\System\pVRMpxC.exe
  C:\Windows\System\pVRMpxC.exe
  2⤵
  PID:6844
- C:\Windows\System\HEehTpe.exe
  C:\Windows\System\HEehTpe.exe
  2⤵
  PID:6884
- C:\Windows\System\KtTDVmj.exe
  C:\Windows\System\KtTDVmj.exe
  2⤵
  PID:6952
- C:\Windows\System\UVYVIkA.exe
  C:\Windows\System\UVYVIkA.exe
  2⤵
  PID:6968
- C:\Windows\System\kbBVspm.exe
  C:\Windows\System\kbBVspm.exe
  2⤵
  PID:6860
- C:\Windows\System\VMuZYXF.exe
  C:\Windows\System\VMuZYXF.exe
  2⤵
  PID:6936
- C:\Windows\System\egvroos.exe
  C:\Windows\System\egvroos.exe
  2⤵
  PID:6996
- C:\Windows\System\SkFxIFY.exe
  C:\Windows\System\SkFxIFY.exe
  2⤵
  PID:7056
- C:\Windows\System\ExEqiqc.exe
  C:\Windows\System\ExEqiqc.exe
  2⤵
  PID:7076
- C:\Windows\System\vIaurdW.exe
  C:\Windows\System\vIaurdW.exe
  2⤵
  PID:7100
- C:\Windows\System\itySxRG.exe
  C:\Windows\System\itySxRG.exe
  2⤵
  PID:7136
- C:\Windows\System\BxqQVmt.exe
  C:\Windows\System\BxqQVmt.exe
  2⤵
  PID:7164
- C:\Windows\System\dOZivgS.exe
  C:\Windows\System\dOZivgS.exe
  2⤵
  PID:6184
- C:\Windows\System\hRLjeYG.exe
  C:\Windows\System\hRLjeYG.exe
  2⤵
  PID:6252
- C:\Windows\System\diuOXXf.exe
  C:\Windows\System\diuOXXf.exe
  2⤵
  PID:5820
- C:\Windows\System\kTDMQOz.exe
  C:\Windows\System\kTDMQOz.exe
  2⤵
  PID:6396
- C:\Windows\System\EFYiLWB.exe
  C:\Windows\System\EFYiLWB.exe
  2⤵
  PID:6520
- C:\Windows\System\tZBABdS.exe
  C:\Windows\System\tZBABdS.exe
  2⤵
  PID:6452
- C:\Windows\System\JxDbzlw.exe
  C:\Windows\System\JxDbzlw.exe
  2⤵
  PID:6588
- C:\Windows\System\MIizUNs.exe
  C:\Windows\System\MIizUNs.exe
  2⤵
  PID:6500
- C:\Windows\System\IsJeBei.exe
  C:\Windows\System\IsJeBei.exe
  2⤵
  PID:6632
- C:\Windows\System\qzBVsAo.exe
  C:\Windows\System\qzBVsAo.exe
  2⤵
  PID:6732
- C:\Windows\System\kwvexcT.exe
  C:\Windows\System\kwvexcT.exe
  2⤵
  PID:6692
- C:\Windows\System\ntDqEYd.exe
  C:\Windows\System\ntDqEYd.exe
  2⤵
  PID:6924
- C:\Windows\System\hEvtvYD.exe
  C:\Windows\System\hEvtvYD.exe
  2⤵
  PID:6824
- C:\Windows\System\BTBFkfi.exe
  C:\Windows\System\BTBFkfi.exe
  2⤵
  PID:6380
- C:\Windows\System\AGIMjGt.exe
  C:\Windows\System\AGIMjGt.exe
  2⤵
  PID:7008
- C:\Windows\System\sRLhPPL.exe
  C:\Windows\System\sRLhPPL.exe
  2⤵
  PID:7012
- C:\Windows\System\iMkmTEh.exe
  C:\Windows\System\iMkmTEh.exe
  2⤵
  PID:7132
- C:\Windows\System\BtEMeMg.exe
  C:\Windows\System\BtEMeMg.exe
  2⤵
  PID:7096
- C:\Windows\System\XxDUtNQ.exe
  C:\Windows\System\XxDUtNQ.exe
  2⤵
  PID:6180
- C:\Windows\System\VpNLFer.exe
  C:\Windows\System\VpNLFer.exe
  2⤵
  PID:6268
- C:\Windows\System\HvXrbjr.exe
  C:\Windows\System\HvXrbjr.exe
  2⤵
  PID:6368
- C:\Windows\System\NzTqkAA.exe
  C:\Windows\System\NzTqkAA.exe
  2⤵
  PID:6340
- C:\Windows\System\iPmIBih.exe
  C:\Windows\System\iPmIBih.exe
  2⤵
  PID:6592
- C:\Windows\System\JfQPpcK.exe
  C:\Windows\System\JfQPpcK.exe
  2⤵
  PID:6648
- C:\Windows\System\VBZujWb.exe
  C:\Windows\System\VBZujWb.exe
  2⤵
  PID:6808
- C:\Windows\System\xGHTMkx.exe
  C:\Windows\System\xGHTMkx.exe
  2⤵
  PID:6912
- C:\Windows\System\IDDaiLa.exe
  C:\Windows\System\IDDaiLa.exe
  2⤵
  PID:6796
- C:\Windows\System\GopTmNH.exe
  C:\Windows\System\GopTmNH.exe
  2⤵
  PID:6896
- C:\Windows\System\LQRuQaM.exe
  C:\Windows\System\LQRuQaM.exe
  2⤵
  PID:7116
- C:\Windows\System\GyKGyXB.exe
  C:\Windows\System\GyKGyXB.exe
  2⤵
  PID:7052
- C:\Windows\System\THjUJYN.exe
  C:\Windows\System\THjUJYN.exe
  2⤵
  PID:6296
- C:\Windows\System\EBLaPFp.exe
  C:\Windows\System\EBLaPFp.exe
  2⤵
  PID:6344
- C:\Windows\System\roMvXsl.exe
  C:\Windows\System\roMvXsl.exe
  2⤵
  PID:6424
- C:\Windows\System\pGUvUAc.exe
  C:\Windows\System\pGUvUAc.exe
  2⤵
  PID:6676
- C:\Windows\System\lmiOKte.exe
  C:\Windows\System\lmiOKte.exe
  2⤵
  PID:6960
- C:\Windows\System\FXSIBMa.exe
  C:\Windows\System\FXSIBMa.exe
  2⤵
  PID:7152
- C:\Windows\System\SUjLAzp.exe
  C:\Windows\System\SUjLAzp.exe
  2⤵
  PID:6264
- C:\Windows\System\WgMHxyz.exe
  C:\Windows\System\WgMHxyz.exe
  2⤵
  PID:6576
- C:\Windows\System\axeMPhs.exe
  C:\Windows\System\axeMPhs.exe
  2⤵
  PID:7072
- C:\Windows\System\zRBVtOS.exe
  C:\Windows\System\zRBVtOS.exe
  2⤵
  PID:6792
- C:\Windows\System\BwoRVII.exe
  C:\Windows\System\BwoRVII.exe
  2⤵
  PID:7088
- C:\Windows\System\sNtHFHt.exe
  C:\Windows\System\sNtHFHt.exe
  2⤵
  PID:6976
- C:\Windows\System\tVDYlMP.exe
  C:\Windows\System\tVDYlMP.exe
  2⤵
  PID:7160
- C:\Windows\System\ZcYRXgq.exe
  C:\Windows\System\ZcYRXgq.exe
  2⤵
  PID:6244
- C:\Windows\System\GhmkroE.exe
  C:\Windows\System\GhmkroE.exe
  2⤵
  PID:6292
- C:\Windows\System\JBJgjDk.exe
  C:\Windows\System\JBJgjDk.exe
  2⤵
  PID:7188
- C:\Windows\System\kIKSUIX.exe
  C:\Windows\System\kIKSUIX.exe
  2⤵
  PID:7220
- C:\Windows\System\eXhWfcA.exe
  C:\Windows\System\eXhWfcA.exe
  2⤵
  PID:7240
- C:\Windows\System\SbnqHrZ.exe
  C:\Windows\System\SbnqHrZ.exe
  2⤵
  PID:7264
- C:\Windows\System\aDtfetf.exe
  C:\Windows\System\aDtfetf.exe
  2⤵
  PID:7280
- C:\Windows\System\yJzgDRs.exe
  C:\Windows\System\yJzgDRs.exe
  2⤵
  PID:7296
- C:\Windows\System\wgoBfKg.exe
  C:\Windows\System\wgoBfKg.exe
  2⤵
  PID:7324
- C:\Windows\System\VbrDPAi.exe
  C:\Windows\System\VbrDPAi.exe
  2⤵
  PID:7340
- C:\Windows\System\yrBRrLm.exe
  C:\Windows\System\yrBRrLm.exe
  2⤵
  PID:7360
- C:\Windows\System\Obbckpl.exe
  C:\Windows\System\Obbckpl.exe
  2⤵
  PID:7380
- C:\Windows\System\cOwYWRD.exe
  C:\Windows\System\cOwYWRD.exe
  2⤵
  PID:7396
- C:\Windows\System\XyFYXln.exe
  C:\Windows\System\XyFYXln.exe
  2⤵
  PID:7412
- C:\Windows\System\RgCOeRv.exe
  C:\Windows\System\RgCOeRv.exe
  2⤵
  PID:7432
- C:\Windows\System\YaDecfm.exe
  C:\Windows\System\YaDecfm.exe
  2⤵
  PID:7460
- C:\Windows\System\BkemJxF.exe
  C:\Windows\System\BkemJxF.exe
  2⤵
  PID:7476
- C:\Windows\System\DAclmQK.exe
  C:\Windows\System\DAclmQK.exe
  2⤵
  PID:7504
- C:\Windows\System\cRApIJV.exe
  C:\Windows\System\cRApIJV.exe
  2⤵
  PID:7520
- C:\Windows\System\shNUjoV.exe
  C:\Windows\System\shNUjoV.exe
  2⤵
  PID:7544
- C:\Windows\System\QZIVwRz.exe
  C:\Windows\System\QZIVwRz.exe
  2⤵
  PID:7560
- C:\Windows\System\ViUUAkL.exe
  C:\Windows\System\ViUUAkL.exe
  2⤵
  PID:7576
- C:\Windows\System\dLRQOpk.exe
  C:\Windows\System\dLRQOpk.exe
  2⤵
  PID:7596
- C:\Windows\System\SdEGhCx.exe
  C:\Windows\System\SdEGhCx.exe
  2⤵
  PID:7624
- C:\Windows\System\dNYDKNZ.exe
  C:\Windows\System\dNYDKNZ.exe
  2⤵
  PID:7640
- C:\Windows\System\dPeWZFf.exe
  C:\Windows\System\dPeWZFf.exe
  2⤵
  PID:7664
- C:\Windows\System\YBbuXNS.exe
  C:\Windows\System\YBbuXNS.exe
  2⤵
  PID:7680
- C:\Windows\System\NQFFptX.exe
  C:\Windows\System\NQFFptX.exe
  2⤵
  PID:7696
- C:\Windows\System\qpyoBPN.exe
  C:\Windows\System\qpyoBPN.exe
  2⤵
  PID:7716
- C:\Windows\System\VSCOyya.exe
  C:\Windows\System\VSCOyya.exe
  2⤵
  PID:7740
- C:\Windows\System\kvlviXx.exe
  C:\Windows\System\kvlviXx.exe
  2⤵
  PID:7760
- C:\Windows\System\CsJObbO.exe
  C:\Windows\System\CsJObbO.exe
  2⤵
  PID:7784
- C:\Windows\System\zxNfRPl.exe
  C:\Windows\System\zxNfRPl.exe
  2⤵
  PID:7800
- C:\Windows\System\qcDCcnc.exe
  C:\Windows\System\qcDCcnc.exe
  2⤵
  PID:7816
- C:\Windows\System\XKSQkVD.exe
  C:\Windows\System\XKSQkVD.exe
  2⤵
  PID:7836
- C:\Windows\System\dZYEhhM.exe
  C:\Windows\System\dZYEhhM.exe
  2⤵
  PID:7860
- C:\Windows\System\kIQyNae.exe
  C:\Windows\System\kIQyNae.exe
  2⤵
  PID:7876
- C:\Windows\System\jZtRbxX.exe
  C:\Windows\System\jZtRbxX.exe
  2⤵
  PID:7896
- C:\Windows\System\jEUYnYZ.exe
  C:\Windows\System\jEUYnYZ.exe
  2⤵
  PID:7912
- C:\Windows\System\zSPblLr.exe
  C:\Windows\System\zSPblLr.exe
  2⤵
  PID:7932
- C:\Windows\System\vpBNefK.exe
  C:\Windows\System\vpBNefK.exe
  2⤵
  PID:7964
- C:\Windows\System\ADKDHpt.exe
  C:\Windows\System\ADKDHpt.exe
  2⤵
  PID:7988
- C:\Windows\System\OlgADrf.exe
  C:\Windows\System\OlgADrf.exe
  2⤵
  PID:8004
- C:\Windows\System\DYrirmb.exe
  C:\Windows\System\DYrirmb.exe
  2⤵
  PID:8024
- C:\Windows\System\tOZrMBz.exe
  C:\Windows\System\tOZrMBz.exe
  2⤵
  PID:8056
- C:\Windows\System\zhlpksd.exe
  C:\Windows\System\zhlpksd.exe
  2⤵
  PID:8072
- C:\Windows\System\mQkRPRK.exe
  C:\Windows\System\mQkRPRK.exe
  2⤵
  PID:8092
- C:\Windows\System\VVWflAM.exe
  C:\Windows\System\VVWflAM.exe
  2⤵
  PID:8116
- C:\Windows\System\SQxWltL.exe
  C:\Windows\System\SQxWltL.exe
  2⤵
  PID:8136
- C:\Windows\System\sHnsIWj.exe
  C:\Windows\System\sHnsIWj.exe
  2⤵
  PID:8156
- C:\Windows\System\rNUeLxS.exe
  C:\Windows\System\rNUeLxS.exe
  2⤵
  PID:8172
- C:\Windows\System\tbxerpl.exe
  C:\Windows\System\tbxerpl.exe
  2⤵
  PID:6548
- C:\Windows\System\ROJCyxD.exe
  C:\Windows\System\ROJCyxD.exe
  2⤵
  PID:7212
- C:\Windows\System\uolmqEK.exe
  C:\Windows\System\uolmqEK.exe
  2⤵
  PID:7184
- C:\Windows\System\bUOnQfK.exe
  C:\Windows\System\bUOnQfK.exe
  2⤵
  PID:7228
- C:\Windows\System\rAJmeoq.exe
  C:\Windows\System\rAJmeoq.exe
  2⤵
  PID:7288
- C:\Windows\System\qKHLEFh.exe
  C:\Windows\System\qKHLEFh.exe
  2⤵
  PID:7316
- C:\Windows\System\AQhEMFB.exe
  C:\Windows\System\AQhEMFB.exe
  2⤵
  PID:7368
- C:\Windows\System\fHEjpmm.exe
  C:\Windows\System\fHEjpmm.exe
  2⤵
  PID:7320
- C:\Windows\System\EORoQiy.exe
  C:\Windows\System\EORoQiy.exe
  2⤵
  PID:7348
- C:\Windows\System\ZlOLUIN.exe
  C:\Windows\System\ZlOLUIN.exe
  2⤵
  PID:7472
- C:\Windows\System\CshRqaZ.exe
  C:\Windows\System\CshRqaZ.exe
  2⤵
  PID:7468
- C:\Windows\System\avmaDQM.exe
  C:\Windows\System\avmaDQM.exe
  2⤵
  PID:7492
- C:\Windows\System\yidHrNK.exe
  C:\Windows\System\yidHrNK.exe
  2⤵
  PID:7540
- C:\Windows\System\nDQsvzF.exe
  C:\Windows\System\nDQsvzF.exe
  2⤵
  PID:7592
- C:\Windows\System\VdikEBF.exe
  C:\Windows\System\VdikEBF.exe
  2⤵
  PID:7588
- C:\Windows\System\fqezMPq.exe
  C:\Windows\System\fqezMPq.exe
  2⤵
  PID:7636
- C:\Windows\System\ExyRXZD.exe
  C:\Windows\System\ExyRXZD.exe
  2⤵
  PID:7692
- C:\Windows\System\QHReJkf.exe
  C:\Windows\System\QHReJkf.exe
  2⤵
  PID:7736
- C:\Windows\System\woyjdBi.exe
  C:\Windows\System\woyjdBi.exe
  2⤵
  PID:7752
- C:\Windows\System\LizZCZA.exe
  C:\Windows\System\LizZCZA.exe
  2⤵
  PID:7776
- C:\Windows\System\WlMEBPs.exe
  C:\Windows\System\WlMEBPs.exe
  2⤵
  PID:7792
- C:\Windows\System\pCAHxCE.exe
  C:\Windows\System\pCAHxCE.exe
  2⤵
  PID:7884
- C:\Windows\System\eOgUdNe.exe
  C:\Windows\System\eOgUdNe.exe
  2⤵
  PID:7940
- C:\Windows\System\tEVoYaE.exe
  C:\Windows\System\tEVoYaE.exe
  2⤵
  PID:7868
- C:\Windows\System\xDybdBu.exe
  C:\Windows\System\xDybdBu.exe
  2⤵
  PID:7972
- C:\Windows\System\RnXpyaO.exe
  C:\Windows\System\RnXpyaO.exe
  2⤵
  PID:7952
- C:\Windows\System\tfVOQqy.exe
  C:\Windows\System\tfVOQqy.exe
  2⤵
  PID:8012
- C:\Windows\System\LgAYGRF.exe
  C:\Windows\System\LgAYGRF.exe
  2⤵
  PID:8040
- C:\Windows\System\PQFeftt.exe
  C:\Windows\System\PQFeftt.exe
  2⤵
  PID:8100
- C:\Windows\System\LsQDzxc.exe
  C:\Windows\System\LsQDzxc.exe
  2⤵
  PID:8104
- C:\Windows\System\ajuhFId.exe
  C:\Windows\System\ajuhFId.exe
  2⤵
  PID:8132
- C:\Windows\System\JWexlqX.exe
  C:\Windows\System\JWexlqX.exe
  2⤵
  PID:8184
- C:\Windows\System\qjQKxUK.exe
  C:\Windows\System\qjQKxUK.exe
  2⤵
  PID:7196
- C:\Windows\System\ISRgrTW.exe
  C:\Windows\System\ISRgrTW.exe
  2⤵
  PID:7180
- C:\Windows\System\pJboykX.exe
  C:\Windows\System\pJboykX.exe
  2⤵
  PID:7332
- C:\Windows\System\yFqjBei.exe
  C:\Windows\System\yFqjBei.exe
  2⤵
  PID:7408
- C:\Windows\System\IpBvCAc.exe
  C:\Windows\System\IpBvCAc.exe
  2⤵
  PID:7304
- C:\Windows\System\NOpGSlg.exe
  C:\Windows\System\NOpGSlg.exe
  2⤵
  PID:7428
- C:\Windows\System\ceylTjJ.exe
  C:\Windows\System\ceylTjJ.exe
  2⤵
  PID:7528
- C:\Windows\System\bXsrSGs.exe
  C:\Windows\System\bXsrSGs.exe
  2⤵
  PID:7556
- C:\Windows\System\dtyLgaY.exe
  C:\Windows\System\dtyLgaY.exe
  2⤵
  PID:7584
- C:\Windows\System\tzsGpQm.exe
  C:\Windows\System\tzsGpQm.exe
  2⤵
  PID:7660
- C:\Windows\System\iTraUbJ.exe
  C:\Windows\System\iTraUbJ.exe
  2⤵
  PID:7712
- C:\Windows\System\XwrrOMJ.exe
  C:\Windows\System\XwrrOMJ.exe
  2⤵
  PID:7204
- C:\Windows\System\lKmrBRi.exe
  C:\Windows\System\lKmrBRi.exe
  2⤵
  PID:7796
- C:\Windows\System\rKGrfSD.exe
  C:\Windows\System\rKGrfSD.exe
  2⤵
  PID:7828
- C:\Windows\System\osqtghu.exe
  C:\Windows\System\osqtghu.exe
  2⤵
  PID:8000
- C:\Windows\System\YgDSkMb.exe
  C:\Windows\System\YgDSkMb.exe
  2⤵
  PID:8020
- C:\Windows\System\hnfvppc.exe
  C:\Windows\System\hnfvppc.exe
  2⤵
  PID:8032
- C:\Windows\System\cYoOjcd.exe
  C:\Windows\System\cYoOjcd.exe
  2⤵
  PID:8148
- C:\Windows\System\KUfgnmX.exe
  C:\Windows\System\KUfgnmX.exe
  2⤵
  PID:7208
- C:\Windows\System\HTxtzij.exe
  C:\Windows\System\HTxtzij.exe
  2⤵
  PID:7272
- C:\Windows\System\YwRjRkV.exe
  C:\Windows\System\YwRjRkV.exe
  2⤵
  PID:7404
- C:\Windows\System\gzxDRtL.exe
  C:\Windows\System\gzxDRtL.exe
  2⤵
  PID:7420
- C:\Windows\System\ZoUtqiT.exe
  C:\Windows\System\ZoUtqiT.exe
  2⤵
  PID:7496
- C:\Windows\System\uWKNCSw.exe
  C:\Windows\System\uWKNCSw.exe
  2⤵
  PID:7608
- C:\Windows\System\AcZwvKe.exe
  C:\Windows\System\AcZwvKe.exe
  2⤵
  PID:7656
- C:\Windows\System\TuJJyUQ.exe
  C:\Windows\System\TuJJyUQ.exe
  2⤵
  PID:7844
- C:\Windows\System\MkxUpPx.exe
  C:\Windows\System\MkxUpPx.exe
  2⤵
  PID:7984
- C:\Windows\System\IzvEoxe.exe
  C:\Windows\System\IzvEoxe.exe
  2⤵
  PID:7924
- C:\Windows\System\uLPbsfP.exe
  C:\Windows\System\uLPbsfP.exe
  2⤵
  PID:7960
- C:\Windows\System\WfgsGBZ.exe
  C:\Windows\System\WfgsGBZ.exe
  2⤵
  PID:8088
- C:\Windows\System\GzRrqXF.exe
  C:\Windows\System\GzRrqXF.exe
  2⤵
  PID:7312
- C:\Windows\System\HbihWMZ.exe
  C:\Windows\System\HbihWMZ.exe
  2⤵
  PID:7452
- C:\Windows\System\WawIxrU.exe
  C:\Windows\System\WawIxrU.exe
  2⤵
  PID:7768
- C:\Windows\System\srZwcVC.exe
  C:\Windows\System\srZwcVC.exe
  2⤵
  PID:8044
- C:\Windows\System\ryHoTkQ.exe
  C:\Windows\System\ryHoTkQ.exe
  2⤵
  PID:7892
- C:\Windows\System\TmGBGdQ.exe
  C:\Windows\System\TmGBGdQ.exe
  2⤵
  PID:7732
- C:\Windows\System\JuDUBVS.exe
  C:\Windows\System\JuDUBVS.exe
  2⤵
  PID:7632
- C:\Windows\System\KoslwPy.exe
  C:\Windows\System\KoslwPy.exe
  2⤵
  PID:7444
- C:\Windows\System\npHDjDV.exe
  C:\Windows\System\npHDjDV.exe
  2⤵
  PID:7848
- C:\Windows\System\jUfiTrM.exe
  C:\Windows\System\jUfiTrM.exe
  2⤵
  PID:7772
- C:\Windows\System\wrdDJHC.exe
  C:\Windows\System\wrdDJHC.exe
  2⤵
  PID:7948
- C:\Windows\System\MlBuWkc.exe
  C:\Windows\System\MlBuWkc.exe
  2⤵
  PID:7980
- C:\Windows\System\yXmkxVd.exe
  C:\Windows\System\yXmkxVd.exe
  2⤵
  PID:7728
- C:\Windows\System\SahLRxu.exe
  C:\Windows\System\SahLRxu.exe
  2⤵
  PID:7376
- C:\Windows\System\HoUKRHO.exe
  C:\Windows\System\HoUKRHO.exe
  2⤵
  PID:8068
- C:\Windows\System\AYAqjHu.exe
  C:\Windows\System\AYAqjHu.exe
  2⤵
  PID:8112
- C:\Windows\System\iGTuDtD.exe
  C:\Windows\System\iGTuDtD.exe
  2⤵
  PID:8216
- C:\Windows\System\MxvZBYq.exe
  C:\Windows\System\MxvZBYq.exe
  2⤵
  PID:8232
- C:\Windows\System\wnRwDwI.exe
  C:\Windows\System\wnRwDwI.exe
  2⤵
  PID:8248
- C:\Windows\System\nEYBSOr.exe
  C:\Windows\System\nEYBSOr.exe
  2⤵
  PID:8276
- C:\Windows\System\xzCbcaN.exe
  C:\Windows\System\xzCbcaN.exe
  2⤵
  PID:8292
- C:\Windows\System\JeIpOFF.exe
  C:\Windows\System\JeIpOFF.exe
  2⤵
  PID:8308
- C:\Windows\System\BJPJSbN.exe
  C:\Windows\System\BJPJSbN.exe
  2⤵
  PID:8324
- C:\Windows\System\CNQcYWD.exe
  C:\Windows\System\CNQcYWD.exe
  2⤵
  PID:8348
- C:\Windows\System\VFyPKqi.exe
  C:\Windows\System\VFyPKqi.exe
  2⤵
  PID:8376
- C:\Windows\System\TskMKqI.exe
  C:\Windows\System\TskMKqI.exe
  2⤵
  PID:8392
- C:\Windows\System\YCavXGI.exe
  C:\Windows\System\YCavXGI.exe
  2⤵
  PID:8412
- C:\Windows\System\fBQEmkB.exe
  C:\Windows\System\fBQEmkB.exe
  2⤵
  PID:8432
- C:\Windows\System\JoFpevX.exe
  C:\Windows\System\JoFpevX.exe
  2⤵
  PID:8464
- C:\Windows\System\qtxEaEE.exe
  C:\Windows\System\qtxEaEE.exe
  2⤵
  PID:8480
- C:\Windows\System\GrtRteA.exe
  C:\Windows\System\GrtRteA.exe
  2⤵
  PID:8504
- C:\Windows\System\saKTGym.exe
  C:\Windows\System\saKTGym.exe
  2⤵
  PID:8520
- C:\Windows\System\fnGbDvY.exe
  C:\Windows\System\fnGbDvY.exe
  2⤵
  PID:8544
- C:\Windows\System\oFwHEDH.exe
  C:\Windows\System\oFwHEDH.exe
  2⤵
  PID:8560
- C:\Windows\System\uzLwEQx.exe
  C:\Windows\System\uzLwEQx.exe
  2⤵
  PID:8584
- C:\Windows\System\pMgJBLQ.exe
  C:\Windows\System\pMgJBLQ.exe
  2⤵
  PID:8600
- C:\Windows\System\MjvVVxB.exe
  C:\Windows\System\MjvVVxB.exe
  2⤵
  PID:8620
- C:\Windows\System\dcZTjVp.exe
  C:\Windows\System\dcZTjVp.exe
  2⤵
  PID:8640
- C:\Windows\System\ruUlfda.exe
  C:\Windows\System\ruUlfda.exe
  2⤵
  PID:8664
- C:\Windows\System\sOygmJG.exe
  C:\Windows\System\sOygmJG.exe
  2⤵
  PID:8680
- C:\Windows\System\EeQRIEr.exe
  C:\Windows\System\EeQRIEr.exe
  2⤵
  PID:8704
- C:\Windows\System\JXtYzbB.exe
  C:\Windows\System\JXtYzbB.exe
  2⤵
  PID:8720
- C:\Windows\System\TkswkMk.exe
  C:\Windows\System\TkswkMk.exe
  2⤵
  PID:8744
- C:\Windows\System\MJJTJrX.exe
  C:\Windows\System\MJJTJrX.exe
  2⤵
  PID:8760
- C:\Windows\System\JXApXoR.exe
  C:\Windows\System\JXApXoR.exe
  2⤵
  PID:8776
- C:\Windows\System\HJPlpTC.exe
  C:\Windows\System\HJPlpTC.exe
  2⤵
  PID:8796
- C:\Windows\System\RwkhGNy.exe
  C:\Windows\System\RwkhGNy.exe
  2⤵
  PID:8824
- C:\Windows\System\WzkLvSH.exe
  C:\Windows\System\WzkLvSH.exe
  2⤵
  PID:8840
- C:\Windows\System\nSKWcek.exe
  C:\Windows\System\nSKWcek.exe
  2⤵
  PID:8856
- C:\Windows\System\RJAQvLs.exe
  C:\Windows\System\RJAQvLs.exe
  2⤵
  PID:8872
- C:\Windows\System\pjnpViD.exe
  C:\Windows\System\pjnpViD.exe
  2⤵
  PID:8892
- C:\Windows\System\mtJHXwQ.exe
  C:\Windows\System\mtJHXwQ.exe
  2⤵
  PID:8920
- C:\Windows\System\pTAWcMZ.exe
  C:\Windows\System\pTAWcMZ.exe
  2⤵
  PID:8944
- C:\Windows\System\bHIMGGk.exe
  C:\Windows\System\bHIMGGk.exe
  2⤵
  PID:8960
- C:\Windows\System\rruVvLo.exe
  C:\Windows\System\rruVvLo.exe
  2⤵
  PID:8976
- C:\Windows\System\kIJUUMb.exe
  C:\Windows\System\kIJUUMb.exe
  2⤵
  PID:8996
- C:\Windows\System\wlYwYhV.exe
  C:\Windows\System\wlYwYhV.exe
  2⤵
  PID:9024
- C:\Windows\System\GpjLyiX.exe
  C:\Windows\System\GpjLyiX.exe
  2⤵
  PID:9044
- C:\Windows\System\ouutrjk.exe
  C:\Windows\System\ouutrjk.exe
  2⤵
  PID:9068
- C:\Windows\System\miHpXSh.exe
  C:\Windows\System\miHpXSh.exe
  2⤵
  PID:9084
- C:\Windows\System\saBKLmP.exe
  C:\Windows\System\saBKLmP.exe
  2⤵
  PID:9100
- C:\Windows\System\UKdpuzD.exe
  C:\Windows\System\UKdpuzD.exe
  2⤵
  PID:9124
- C:\Windows\System\IaDYlJS.exe
  C:\Windows\System\IaDYlJS.exe
  2⤵
  PID:9144
- C:\Windows\System\RIsinuK.exe
  C:\Windows\System\RIsinuK.exe
  2⤵
  PID:9164
- C:\Windows\System\eowQUUI.exe
  C:\Windows\System\eowQUUI.exe
  2⤵
  PID:9188
- C:\Windows\System\mEoQNvu.exe
  C:\Windows\System\mEoQNvu.exe
  2⤵
  PID:9204
- C:\Windows\System\GcfuxCk.exe
  C:\Windows\System\GcfuxCk.exe
  2⤵
  PID:8200
- C:\Windows\System\sdbvJeQ.exe
  C:\Windows\System\sdbvJeQ.exe
  2⤵
  PID:7516
- C:\Windows\System\YncyBap.exe
  C:\Windows\System\YncyBap.exe
  2⤵
  PID:8268
- C:\Windows\System\QhQMURn.exe
  C:\Windows\System\QhQMURn.exe
  2⤵
  PID:8284
- C:\Windows\System\NFnznNT.exe
  C:\Windows\System\NFnznNT.exe
  2⤵
  PID:8360
- C:\Windows\System\ZhdDVuF.exe
  C:\Windows\System\ZhdDVuF.exe
  2⤵
  PID:8340
- C:\Windows\System\DrWoZDV.exe
  C:\Windows\System\DrWoZDV.exe
  2⤵
  PID:8440
- C:\Windows\System\nYzxOEz.exe
  C:\Windows\System\nYzxOEz.exe
  2⤵
  PID:8388
- C:\Windows\System\sykOUFs.exe
  C:\Windows\System\sykOUFs.exe
  2⤵
  PID:8472
- C:\Windows\System\BVXrzPf.exe
  C:\Windows\System\BVXrzPf.exe
  2⤵
  PID:8500
- C:\Windows\System\VIbXYxG.exe
  C:\Windows\System\VIbXYxG.exe
  2⤵
  PID:8512
- C:\Windows\System\iFOZWkV.exe
  C:\Windows\System\iFOZWkV.exe
  2⤵
  PID:8568
- C:\Windows\System\SOWANtm.exe
  C:\Windows\System\SOWANtm.exe
  2⤵
  PID:8572
- C:\Windows\System\ZgoglTV.exe
  C:\Windows\System\ZgoglTV.exe
  2⤵
  PID:8616
- C:\Windows\System\vgLtOrR.exe
  C:\Windows\System\vgLtOrR.exe
  2⤵
  PID:8652
- C:\Windows\System\XfFGsud.exe
  C:\Windows\System\XfFGsud.exe
  2⤵
  PID:8696
- C:\Windows\System\fBlaQbA.exe
  C:\Windows\System\fBlaQbA.exe
  2⤵
  PID:8740
- C:\Windows\System\gBssygq.exe
  C:\Windows\System\gBssygq.exe
  2⤵
  PID:8788
- C:\Windows\System\aFBHIdG.exe
  C:\Windows\System\aFBHIdG.exe
  2⤵
  PID:8812
- C:\Windows\System\sCHDQPv.exe
  C:\Windows\System\sCHDQPv.exe
  2⤵
  PID:8848
- C:\Windows\System\cagodxd.exe
  C:\Windows\System\cagodxd.exe
  2⤵
  PID:8916
- C:\Windows\System\NcQCgLf.exe
  C:\Windows\System\NcQCgLf.exe
  2⤵
  PID:8900
- C:\Windows\System\oFzTOga.exe
  C:\Windows\System\oFzTOga.exe
  2⤵
  PID:8932
- C:\Windows\System\EjkidHa.exe
  C:\Windows\System\EjkidHa.exe
  2⤵
  PID:9004
- C:\Windows\System\uYKWavZ.exe
  C:\Windows\System\uYKWavZ.exe
  2⤵
  PID:8956
- C:\Windows\System\bMPUIGI.exe
  C:\Windows\System\bMPUIGI.exe
  2⤵
  PID:9020
- C:\Windows\System\daZytkC.exe
  C:\Windows\System\daZytkC.exe
  2⤵
  PID:9064
- C:\Windows\System\yLEOIWf.exe
  C:\Windows\System\yLEOIWf.exe
  2⤵
  PID:9116
- C:\Windows\System\cefEOJO.exe
  C:\Windows\System\cefEOJO.exe
  2⤵
  PID:9140
- C:\Windows\System\YCYLuDl.exe
  C:\Windows\System\YCYLuDl.exe
  2⤵
  PID:9172
- C:\Windows\System\lIdLhFz.exe
  C:\Windows\System\lIdLhFz.exe
  2⤵
  PID:9196
- C:\Windows\System\vfemcdh.exe
  C:\Windows\System\vfemcdh.exe
  2⤵
  PID:8228
- C:\Windows\System\CiiVNJf.exe
  C:\Windows\System\CiiVNJf.exe
  2⤵
  PID:8264
- C:\Windows\System\geVTNme.exe
  C:\Windows\System\geVTNme.exe
  2⤵
  PID:8300
- C:\Windows\System\mbSlJSF.exe
  C:\Windows\System\mbSlJSF.exe
  2⤵
  PID:8336
- C:\Windows\System\IreKdbL.exe
  C:\Windows\System\IreKdbL.exe
  2⤵
  PID:8384
- C:\Windows\System\EPEabsd.exe
  C:\Windows\System\EPEabsd.exe
  2⤵
  PID:8492
- C:\Windows\System\nIvWfOK.exe
  C:\Windows\System\nIvWfOK.exe
  2⤵
  PID:8536
- C:\Windows\System\FasirAN.exe
  C:\Windows\System\FasirAN.exe
  2⤵
  PID:8540
- C:\Windows\System\FzntQUX.exe
  C:\Windows\System\FzntQUX.exe
  2⤵
  PID:8688
- C:\Windows\System\MuqxZyZ.exe
  C:\Windows\System\MuqxZyZ.exe
  2⤵
  PID:8716
- C:\Windows\System\pcjYHOY.exe
  C:\Windows\System\pcjYHOY.exe
  2⤵
  PID:8784
- C:\Windows\System\gxRwDaE.exe
  C:\Windows\System\gxRwDaE.exe
  2⤵
  PID:8792
- C:\Windows\System\gLFwDyX.exe
  C:\Windows\System\gLFwDyX.exe
  2⤵
  PID:8832
- C:\Windows\System\GaZFGsa.exe
  C:\Windows\System\GaZFGsa.exe
  2⤵
  PID:8904
- C:\Windows\System\caybfCJ.exe
  C:\Windows\System\caybfCJ.exe
  2⤵
  PID:8992
- C:\Windows\System\roFsKSq.exe
  C:\Windows\System\roFsKSq.exe
  2⤵
  PID:9092
- C:\Windows\System\MMBZKDw.exe
  C:\Windows\System\MMBZKDw.exe
  2⤵
  PID:9112
- C:\Windows\System\TWkDLzA.exe
  C:\Windows\System\TWkDLzA.exe
  2⤵
  PID:9156
- C:\Windows\System\ZOFFDSI.exe
  C:\Windows\System\ZOFFDSI.exe
  2⤵
  PID:7232
- C:\Windows\System\DAFEHnp.exe
  C:\Windows\System\DAFEHnp.exe
  2⤵
  PID:7648
- C:\Windows\System\RsStoqy.exe
  C:\Windows\System\RsStoqy.exe
  2⤵
  PID:8456
- C:\Windows\System\rHcNhxy.exe
  C:\Windows\System\rHcNhxy.exe
  2⤵
  PID:8408
- C:\Windows\System\rIJpNvc.exe
  C:\Windows\System\rIJpNvc.exe
  2⤵
  PID:1260
- C:\Windows\System\QMFBevI.exe
  C:\Windows\System\QMFBevI.exe
  2⤵
  PID:8516
- C:\Windows\System\YrlDkro.exe
  C:\Windows\System\YrlDkro.exe
  2⤵
  PID:8736
- C:\Windows\System\YLAqJxU.exe
  C:\Windows\System\YLAqJxU.exe
  2⤵
  PID:8928
- C:\Windows\System\mzfifDa.exe
  C:\Windows\System\mzfifDa.exe
  2⤵
  PID:8728
- C:\Windows\System\gCNDHWD.exe
  C:\Windows\System\gCNDHWD.exe
  2⤵
  PID:9016
- C:\Windows\System\AqhXukM.exe
  C:\Windows\System\AqhXukM.exe
  2⤵
  PID:9040
- C:\Windows\System\waoiqxB.exe
  C:\Windows\System\waoiqxB.exe
  2⤵
  PID:9152
- C:\Windows\System\PoYYeYo.exe
  C:\Windows\System\PoYYeYo.exe
  2⤵
  PID:8240
- C:\Windows\System\CdtrxHv.exe
  C:\Windows\System\CdtrxHv.exe
  2⤵
  PID:2108
- C:\Windows\System\AbaaFYB.exe
  C:\Windows\System\AbaaFYB.exe
  2⤵
  PID:8556
- C:\Windows\System\WFunOtu.exe
  C:\Windows\System\WFunOtu.exe
  2⤵
  PID:8372
- C:\Windows\System\dvTAVfO.exe
  C:\Windows\System\dvTAVfO.exe
  2⤵
  PID:8676
- C:\Windows\System\XbucDHo.exe
  C:\Windows\System\XbucDHo.exe
  2⤵
  PID:9132
- C:\Windows\System\JNgpJwF.exe
  C:\Windows\System\JNgpJwF.exe
  2⤵
  PID:9060
- C:\Windows\System\WcwYJrM.exe
  C:\Windows\System\WcwYJrM.exe
  2⤵
  PID:9212
- C:\Windows\System\zZmFrSK.exe
  C:\Windows\System\zZmFrSK.exe
  2⤵
  PID:8648
- C:\Windows\System\YdLTyqV.exe
  C:\Windows\System\YdLTyqV.exe
  2⤵
  PID:8880
- C:\Windows\System\hvaIZit.exe
  C:\Windows\System\hvaIZit.exe
  2⤵
  PID:8332
- C:\Windows\System\PXsxMEJ.exe
  C:\Windows\System\PXsxMEJ.exe
  2⤵
  PID:8888
- C:\Windows\System\mbfiLoa.exe
  C:\Windows\System\mbfiLoa.exe
  2⤵
  PID:7944
- C:\Windows\System\nkhKdtK.exe
  C:\Windows\System\nkhKdtK.exe
  2⤵
  PID:8940
- C:\Windows\System\UNdtClM.exe
  C:\Windows\System\UNdtClM.exe
  2⤵
  PID:8428
- C:\Windows\System\qRCjIxK.exe
  C:\Windows\System\qRCjIxK.exe
  2⤵
  PID:9244
- C:\Windows\System\ZOLpEUu.exe
  C:\Windows\System\ZOLpEUu.exe
  2⤵
  PID:9260
- C:\Windows\System\OydqUoD.exe
  C:\Windows\System\OydqUoD.exe
  2⤵
  PID:9280
- C:\Windows\System\eMKUsEZ.exe
  C:\Windows\System\eMKUsEZ.exe
  2⤵
  PID:9300
- C:\Windows\System\BFGsiuO.exe
  C:\Windows\System\BFGsiuO.exe
  2⤵
  PID:9316
- C:\Windows\System\lmfalwq.exe
  C:\Windows\System\lmfalwq.exe
  2⤵
  PID:9336
- C:\Windows\System\VllLxEa.exe
  C:\Windows\System\VllLxEa.exe
  2⤵
  PID:9360
- C:\Windows\System\snLiufM.exe
  C:\Windows\System\snLiufM.exe
  2⤵
  PID:9384
- C:\Windows\System\IEYoBfe.exe
  C:\Windows\System\IEYoBfe.exe
  2⤵
  PID:9404
- C:\Windows\System\YpAWNBO.exe
  C:\Windows\System\YpAWNBO.exe
  2⤵
  PID:9420
- C:\Windows\System\pSqJxmi.exe
  C:\Windows\System\pSqJxmi.exe
  2⤵
  PID:9436
- C:\Windows\System\IcXtVoG.exe
  C:\Windows\System\IcXtVoG.exe
  2⤵
  PID:9460
- C:\Windows\System\CUeRGFw.exe
  C:\Windows\System\CUeRGFw.exe
  2⤵
  PID:9480
- C:\Windows\System\gYUSmCX.exe
  C:\Windows\System\gYUSmCX.exe
  2⤵
  PID:9500
- C:\Windows\System\UgWABHr.exe
  C:\Windows\System\UgWABHr.exe
  2⤵
  PID:9520
- C:\Windows\System\LhIdOGa.exe
  C:\Windows\System\LhIdOGa.exe
  2⤵
  PID:9536
- C:\Windows\System\SCwuaTN.exe
  C:\Windows\System\SCwuaTN.exe
  2⤵
  PID:9556
- C:\Windows\System\sZmqTVz.exe
  C:\Windows\System\sZmqTVz.exe
  2⤵
  PID:9576
- C:\Windows\System\cVBEGuq.exe
  C:\Windows\System\cVBEGuq.exe
  2⤵
  PID:9596
- C:\Windows\System\gPBMFXB.exe
  C:\Windows\System\gPBMFXB.exe
  2⤵
  PID:9612
- C:\Windows\System\VMRaaHC.exe
  C:\Windows\System\VMRaaHC.exe
  2⤵
  PID:9644
- C:\Windows\System\jBsDJoN.exe
  C:\Windows\System\jBsDJoN.exe
  2⤵
  PID:9664
- C:\Windows\System\jauBXBi.exe
  C:\Windows\System\jauBXBi.exe
  2⤵
  PID:9684
- C:\Windows\System\wDWNFvq.exe
  C:\Windows\System\wDWNFvq.exe
  2⤵
  PID:9708
- C:\Windows\System\JxfIiqw.exe
  C:\Windows\System\JxfIiqw.exe
  2⤵
  PID:9724
- C:\Windows\System\kcVUqQN.exe
  C:\Windows\System\kcVUqQN.exe
  2⤵
  PID:9744
- C:\Windows\System\iWzCmqU.exe
  C:\Windows\System\iWzCmqU.exe
  2⤵
  PID:9760
- C:\Windows\System\NNNBSzc.exe
  C:\Windows\System\NNNBSzc.exe
  2⤵
  PID:9788
- C:\Windows\System\NjoCcRQ.exe
  C:\Windows\System\NjoCcRQ.exe
  2⤵
  PID:9804
- C:\Windows\System\TAostmN.exe
  C:\Windows\System\TAostmN.exe
  2⤵
  PID:9824
- C:\Windows\System\GKGKNJp.exe
  C:\Windows\System\GKGKNJp.exe
  2⤵
  PID:9840
- C:\Windows\System\fBxAxrA.exe
  C:\Windows\System\fBxAxrA.exe
  2⤵
  PID:9868
- C:\Windows\System\RxQPhxK.exe
  C:\Windows\System\RxQPhxK.exe
  2⤵
  PID:9884
- C:\Windows\System\uUgCMnV.exe
  C:\Windows\System\uUgCMnV.exe
  2⤵
  PID:9904
- C:\Windows\System\FKOrbAU.exe
  C:\Windows\System\FKOrbAU.exe
  2⤵
  PID:9928
- C:\Windows\System\LCPyioi.exe
  C:\Windows\System\LCPyioi.exe
  2⤵
  PID:9944
- C:\Windows\System\BXIZOVL.exe
  C:\Windows\System\BXIZOVL.exe
  2⤵
  PID:9968
- C:\Windows\System\oojWVAv.exe
  C:\Windows\System\oojWVAv.exe
  2⤵
  PID:9984
- C:\Windows\System\EfXJjrw.exe
  C:\Windows\System\EfXJjrw.exe
  2⤵
  PID:10000
- C:\Windows\System\XJSbNUf.exe
  C:\Windows\System\XJSbNUf.exe
  2⤵
  PID:10020
- C:\Windows\System\rroGhOZ.exe
  C:\Windows\System\rroGhOZ.exe
  2⤵
  PID:10048
- C:\Windows\System\JSphzLY.exe
  C:\Windows\System\JSphzLY.exe
  2⤵
  PID:10064
- C:\Windows\System\SfFEuoa.exe
  C:\Windows\System\SfFEuoa.exe
  2⤵
  PID:10080
- C:\Windows\System\uwrPrxX.exe
  C:\Windows\System\uwrPrxX.exe
  2⤵
  PID:10100
- C:\Windows\System\ODqjzny.exe
  C:\Windows\System\ODqjzny.exe
  2⤵
  PID:10120
- C:\Windows\System\ItmkmzE.exe
  C:\Windows\System\ItmkmzE.exe
  2⤵
  PID:10140
- C:\Windows\System\DsaZvre.exe
  C:\Windows\System\DsaZvre.exe
  2⤵
  PID:10156
- C:\Windows\System\OnjnFwh.exe
  C:\Windows\System\OnjnFwh.exe
  2⤵
  PID:10176
- C:\Windows\System\BCfTmpg.exe
  C:\Windows\System\BCfTmpg.exe
  2⤵
  PID:10212
- C:\Windows\System\AWQtGaB.exe
  C:\Windows\System\AWQtGaB.exe
  2⤵
  PID:10228
- C:\Windows\System\oKNXOpj.exe
  C:\Windows\System\oKNXOpj.exe
  2⤵
  PID:8224
- C:\Windows\System\dAVEPAO.exe
  C:\Windows\System\dAVEPAO.exe
  2⤵
  PID:9228
- C:\Windows\System\YYuToRT.exe
  C:\Windows\System\YYuToRT.exe
  2⤵
  PID:9268
- C:\Windows\System\DyFnpaN.exe
  C:\Windows\System\DyFnpaN.exe
  2⤵
  PID:9344
- C:\Windows\System\WdnaHaF.exe
  C:\Windows\System\WdnaHaF.exe
  2⤵
  PID:9324
- C:\Windows\System\otLTZik.exe
  C:\Windows\System\otLTZik.exe
  2⤵
  PID:9332
- C:\Windows\System\wpcfxpc.exe
  C:\Windows\System\wpcfxpc.exe
  2⤵
  PID:9380
- C:\Windows\System\QTHzmqm.exe
  C:\Windows\System\QTHzmqm.exe
  2⤵
  PID:9416
- C:\Windows\System\zgbDzHW.exe
  C:\Windows\System\zgbDzHW.exe
  2⤵
  PID:9452
- C:\Windows\System\SYyqOdB.exe
  C:\Windows\System\SYyqOdB.exe
  2⤵
  PID:9492
- C:\Windows\System\pTEMFnL.exe
  C:\Windows\System\pTEMFnL.exe
  2⤵
  PID:9516
- C:\Windows\System\tsYayQa.exe
  C:\Windows\System\tsYayQa.exe
  2⤵
  PID:9584
- C:\Windows\System\JWaknuM.exe
  C:\Windows\System\JWaknuM.exe
  2⤵
  PID:9528
- C:\Windows\System\XeaWhlb.exe
  C:\Windows\System\XeaWhlb.exe
  2⤵
  PID:9572
- C:\Windows\System\DAsTnQq.exe
  C:\Windows\System\DAsTnQq.exe
  2⤵
  PID:9692
- C:\Windows\System\LLQuUxl.exe
  C:\Windows\System\LLQuUxl.exe
  2⤵
  PID:9680
- C:\Windows\System\qdlEVPt.exe
  C:\Windows\System\qdlEVPt.exe
  2⤵
  PID:9732
- C:\Windows\System\wrfxFDM.exe
  C:\Windows\System\wrfxFDM.exe
  2⤵
  PID:9756
- C:\Windows\System\bUaKqyy.exe
  C:\Windows\System\bUaKqyy.exe
  2⤵
  PID:9776
- C:\Windows\System\PEEtHWp.exe
  C:\Windows\System\PEEtHWp.exe
  2⤵
  PID:9836
- C:\Windows\System\YMAXjTv.exe
  C:\Windows\System\YMAXjTv.exe
  2⤵
  PID:9816
- C:\Windows\System\GpqzaDS.exe
  C:\Windows\System\GpqzaDS.exe
  2⤵
  PID:9900
- C:\Windows\System\RKJezvP.exe
  C:\Windows\System\RKJezvP.exe
  2⤵
  PID:9924
- C:\Windows\System\WlUHrPP.exe
  C:\Windows\System\WlUHrPP.exe
  2⤵
  PID:9960
- C:\Windows\System\DrTwHmX.exe
  C:\Windows\System\DrTwHmX.exe
  2⤵
  PID:10036
- C:\Windows\System\zkTjuOQ.exe
  C:\Windows\System\zkTjuOQ.exe
  2⤵
  PID:10044
- C:\Windows\System\ibaLMLd.exe
  C:\Windows\System\ibaLMLd.exe
  2⤵
  PID:10076
- C:\Windows\System\eQUZLFn.exe
  C:\Windows\System\eQUZLFn.exe
  2⤵
  PID:10116
- C:\Windows\System\TEeJiSL.exe
  C:\Windows\System\TEeJiSL.exe
  2⤵
  PID:10196
- C:\Windows\System\BsTyfdR.exe
  C:\Windows\System\BsTyfdR.exe
  2⤵
  PID:10136
- C:\Windows\System\dXytNPs.exe
  C:\Windows\System\dXytNPs.exe
  2⤵
  PID:10096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ApaWpPl.exe

Filesize
6.0MB

MD5
7b7a4467c70ce9cbdc42257897a06da3

SHA1
bb6d4d49bb2b6cc7c6035d440fc16531302c4ffa

SHA256
0745adbf9f19687643d4fef404e3d6c93534cb75cfdefb6951fe94f6f1e09dd4

SHA512
20f3db2f42b68c3082a086495dbf62223d3a1095a268c5d857bf07415ef2826df15e6411bb841db2666fdae0e80dff53a2dde3f4b9e48b977002d9a39707084c

Download Submit
C:\Windows\system\BDwpepL.exe

Filesize
6.0MB

MD5
7fc77b01f926f0bdb3992decf9f9a56f

SHA1
50858d810a857be3287bd991c7cad840f9d14cce

SHA256
e1707d6e0c9b57bfd6a4af4ac7829b684f7774bdc50d195e535970e8c101ebab

SHA512
9f00b61c32ac97786ebabb948dd74e51c5a1079477df1feccb4a3f3db1921b9a5dea5cd5b732e483be73220b8c096f9552d2f4551e5f593f34ec935fbf35249d

Download Submit
C:\Windows\system\CVUWlam.exe

Filesize
6.0MB

MD5
732c0d2abfed1cce4f02fbd1e758e6ed

SHA1
6ddfc9c6bd86cbb19ba9a5afd841d9accdac238f

SHA256
ab98906342d4b639b2c949186249c3f2239137c9a0e74f1e6f5dfbe2881f1ec4

SHA512
bd653b629e01c2d4d618346a3dc6b0cbb5014777ae2ccbd987bc55a83ec07d9cf2694dbb21d73e31b23cd4fc6e1b220f66164fae3963e8f44ee98edb4587820d

Download Submit
C:\Windows\system\EQcarSL.exe

Filesize
6.0MB

MD5
d29f9cc6aeeebce8f7b8032bd9dd5849

SHA1
92c39944aeca49da634e0fba3af7fce1f8dfe9a0

SHA256
2aefcdd9790820c167d8dbc89302999af7930ccb759af4421af0e9d1f2026404

SHA512
e270a6c7570be83d65693297743c237d6d0b22c92dc0eada24e5685b59b55da45130d20eed97875b05836c0afa34ce675c1867a0c7e01d6dfb1580aeafc95ec3

Download Submit
C:\Windows\system\FdxfeRP.exe

Filesize
6.0MB

MD5
41070e2c4586a2c515102795e2aec752

SHA1
0bf9a9ffd26615a5da1c616726d098ab065273fc

SHA256
2268a6cf0ef0e8fa6d73fa9b086d49f699a261d64a862f6d3984fdcd31207158

SHA512
478282acc40d5772cfd662a460b02db202ffadaba7967ca9371a05822f82dbd5db9987d0222cb161f395f0b921b5f4e9b13dc4f94964725e4cf00f779babbab8

Download Submit
C:\Windows\system\LAmVLek.exe

Filesize
6.0MB

MD5
0b6be46a3501007d642df0dd7a9ca849

SHA1
1d02237a24bbea09cbd476b2117864f45c51a250

SHA256
c8ac9ca8bfcf7508282cf0c6002696a8aa8aafa9be6d592b0df7dc4ce540df67

SHA512
ba7409d89591e7233207c057ce37478cbcfe8f14e334cf9e03b835298abc37679dde585d4e924a0f6d6ba0d5341b0c9ab418329c1b44f50e100fd7252d37059a

Download Submit
C:\Windows\system\TAuFUIl.exe

Filesize
6.0MB

MD5
4644b26fcadb1e0b8da74b32877cfe0c

SHA1
22c10769d207af6800c09afc79dbd4798c48b083

SHA256
8a6d966c4c82c9a9c5c8755e0eb4ffcd2dc4e7efd99a6895c870cca6996ce078

SHA512
9940306fbb84ae0637db52d19cc1e18bc4808c7b4301d1218e1dae4947d25c60e6c4588b392d58f9eb475fa94648298d015ad0dbb1d047cd86e506f3b50e46ff

Download Submit
C:\Windows\system\UCNYMzJ.exe

Filesize
6.0MB

MD5
647bf8481d482df51b5d85a6646c7555

SHA1
c926c0860b7af94215fbe03650d51fee704f1e51

SHA256
1ae17b62cdf34df9e0901c538b90e0b9e0ab189383f417119ef5bf98506267fd

SHA512
0f03b0074221530e8fb3b27b8a2937927c6822e56217609eb2724ca32b1da5b8d30199e4c96f4dbef69fe4c911090093489b0e0a74fcb88de43573638996aaa3

Download Submit
C:\Windows\system\VzSsoJy.exe

Filesize
6.0MB

MD5
92458714527a7858141b14de254892c4

SHA1
22707f2cb63c2dada9f3f6d3ee9ee399a565e631

SHA256
3745a3dce2f6d120e9305d06ff13262d126c06855290910f7c5d08a44fb32f0d

SHA512
974fcd12328e7f355481000c7f0ffc8dd83605cafe0144b218d0b49207900e002b1058a426ce7cee26e40c2a562062dca6391fa3aa0fbbdd14e13f5ead4e6e2e

Download Submit
C:\Windows\system\XGLHSMN.exe

Filesize
6.0MB

MD5
f728b5aac3aabbec77b9de0b2b0fe955

SHA1
1c871fca4ce949d5998e2ccce0e16029e1d2e3b9

SHA256
2334b7b9303ceecd3059a38af4aef75ebfabe90fe5e8186879d3bfa3cf616d5e

SHA512
78543bdc8e5448b4ead1c5c4b6ae1c84646bb0742e1f86aaa666fe1ba477f7027656b535c8f93d8e7ea0ccf469968b17d07c01f0b544d4699ff7493c65cc46f4

Download Submit
C:\Windows\system\XWPDnQO.exe

Filesize
6.0MB

MD5
d3b5ba998a413086e295ed99654e54b7

SHA1
6a2ceb73b8d51343d70392efad95c57455cbd4dc

SHA256
3009b1a846a8b5528a7ea9b1673893de39841a9c84678239a0842317b6e20ff4

SHA512
01179a7bbbd5b4a06e896a62cf4e448090151b3477df0e2d7986bb467265c2356854b2c20c543d7b2a4ccb9e8ee7fc97fe396ce2bd96582095ccab165fe635f6

Download Submit
C:\Windows\system\ZFMwtMn.exe

Filesize
6.0MB

MD5
1624aa1cf15a0a44c90ed2e10f6c0e3a

SHA1
5361d269048d2c2bb2af54e6b17daf3c00564d20

SHA256
d48d3d62b2132fa4578c3a9e0af8aec0f0d1d7cbec20d667fb1bd9579daf0d80

SHA512
ecd6f1a8269fa46f3a1da1a51830e36f5b6124c2c6b21e7bdc9f996e15b639ed80d64a3134dd7842bcb08fe7c6dfddd6f0ca80bfed45af0119711b7c752a2106

Download Submit
C:\Windows\system\aZCYYHS.exe

Filesize
6.0MB

MD5
74a86f93aa73e85be5ed520551796fc3

SHA1
c53cbdad9b7d355cd0b65952a8a4ab5cdfe614a9

SHA256
67d52fbb350cf47f8c11e29106a14a66e70091cf2870b88ffde7741370832268

SHA512
a2cadd45503e9138ea30002e54433f33cf565ba035a2faaa97661903f60f7d3431464ef4c9a45243963b6a7333c62d7e157e92b09830ba0fab77a1bab1aed5a1

Download Submit
C:\Windows\system\cLzStNj.exe

Filesize
6.0MB

MD5
fcdd518896a0400d8753052921c74b51

SHA1
446aabb4cdbd9ad2df496babfcb988533e24b60f

SHA256
c19a9b7df7e602e2c0c5f1d176a043d8ae2a7f9adb8ef0c9b2c35635e8cde23c

SHA512
0a3dbbfb53ca1fa69a239b22b856d6cfadff875a8887144431384d7e6e56e53c7a2f622b36dc134bb71616a9fc7f1d857ac14ebdd763b16b3c7b1e09ac4214d3

Download Submit
C:\Windows\system\ccZGwiw.exe

Filesize
6.0MB

MD5
e1e42a817aae6d623ff90859d022e008

SHA1
35f7509afb103a95bfc05f4da386defd2dd35682

SHA256
081aa9755cdf1b7a501a35a707d692cb85853771c83cd12f8475fb418003a18f

SHA512
f01a5448f07893f235246f89bf3a870be709aa1d85e9e08471e473287d80cec526ea4c7801f139a5ddccca273387823d4d945fb06fe69636efe191f750e1e953

Download Submit
C:\Windows\system\fwTyMXF.exe

Filesize
6.0MB

MD5
40d53c9c31dce552e4d3d6f560d936ff

SHA1
7eb2311e7a847fb96c49ffac1c8796910953d0db

SHA256
0a6bec5d1a82194a0730e0cc0d9e9e582c6167ae75bbaa805c2b6937a2300659

SHA512
316015cc6eb5eca54459fed492a1b0db6636e50c21cf97ed76f6cce7c92e30d22826a711e746a57ad9ceae850b4751f988a70cc8b6af37acddd82385f36eaaa0

Download Submit
C:\Windows\system\hMxdwZI.exe

Filesize
6.0MB

MD5
9d72b67c0857a6bf5231c1490e84a484

SHA1
0102c96a82ef5a20435162ba2f8f114515e1002c

SHA256
3ecffcc7e98cb609159bd383e0e02fb5cddc9eb9753ad1af2fd0e9333e5085e4

SHA512
434bbd2934a776e24939dfeb7382570835c193aa5d199448a01f548bb80a3a7a124e122e66142af48cdfb8a17a1051feb7c876f13fe5dfc07d546043b715c493

Download Submit
C:\Windows\system\loyngNL.exe

Filesize
6.0MB

MD5
63bc90ed7c98242bc70e91309040a389

SHA1
598b676f8fa2e6bf32544596de37e3a371f8cbde

SHA256
526ff1d7cfb4ec408e6d36d5feda2b01a751e1166fec585a80a802193c6cd323

SHA512
7229f0f282a82de84b9d947937c8dbc9712001569e63f90c244b30ad446c4aa16584d6d4130df2e38d521af96bbf21a95de0c830753b5523e13fefa80dcbe0e4

Download Submit
C:\Windows\system\mjMmMXK.exe

Filesize
6.0MB

MD5
d0ba8218377153fda919c80a3c4bb67e

SHA1
cd12c14a10d080db73b6079100df1d1897cacf23

SHA256
d29d17fa56008dfd08d0d8cea1109c50ac09af9cbd207447d3ba567899d03217

SHA512
e049d88c3a2b1a8324c5e6eac572c9b5efea307c388f57a7b359d85faf672bbda4870dd87acbc381de6e9b292a1a890f291d0d01112422f7e123120f460aead0

Download Submit
C:\Windows\system\nhlwkUy.exe

Filesize
6.0MB

MD5
33a04b0be39153a027dca25c4d09b32d

SHA1
3bd154ac51eb9c279cfdf7cb4518b1d7bf2b42a7

SHA256
942644519f34d9b0925e70b540a1602019450cd116c87e2f8ffc9304384f87f1

SHA512
6a8378029c95cbb3fe76aa3beb206874e81033a57e573e2892a5558a633d8d0d5336ab96b11079e0495bf137da541194924f39222c53ee533c8056b7ec0d3f5f

Download Submit
C:\Windows\system\phEbPyd.exe

Filesize
6.0MB

MD5
9fda3574644dc2b33b25dabe404e6c32

SHA1
24af9abee92c0e70f9d9e7f6cc3e35c24bfe2b90

SHA256
2aa16b2acc7cabfdcdee5856441c32dfe04b8cdcbe7a0290f20be3f42335ee28

SHA512
0425786a2bb449599df676847620fe433011a6bf9e497928e06712e928f80f50e3afaf2e00af8757f240ea8ec264f4ab1e6684a682ee954739eee45e955f022e

Download Submit
C:\Windows\system\qSyGVeP.exe

Filesize
6.0MB

MD5
1476afb1e60d5a5b9f86d448b7b90c20

SHA1
293d969f82baaf9c47df77cbfebd329f0fb43dc2

SHA256
edc952e8dc63f8dff98b0f003badde7696fde50c955c224bc4808e0464a457e4

SHA512
aa1a3b40cd4fd1fe85f1f54f45d115d87ac03103f16042fcd59e9ededd7c645053880beae49ddb97ad0b1944f13e6cde0d13034ac73cc2a09c3cf6e55530dcd9

Download Submit
C:\Windows\system\sYUtBbv.exe

Filesize
6.0MB

MD5
e41436d799d1b93efebc378f8677ff4c

SHA1
b5f4542cc8e78ac153edc92bed46a21f337239ed

SHA256
a22187b325ab7176e1737ca1a2cb023a5a220c410e30dcb98ddb4f3bce4b6a12

SHA512
f4de7788ca5004241bfafe7d3c9f4da248ff2c37908211e18a66b64689c2234f268c5f068d7b979d30a88f10f17b80c01a403521d25b5714e43e054a90969d8c

Download Submit
C:\Windows\system\vKqrssr.exe

Filesize
6.0MB

MD5
9ba5dd106608e9985e782fff39c96964

SHA1
a9b7ec5b2c492a0e16420960c06e5d31bd701444

SHA256
d6f89309fbab76543674757bf590d2666d07a6aaf0aa4941e8e93a19f9954a5b

SHA512
7615068885b33ebda446e4a2ed0022ecc9c52d20a1a0fbe7f6d97f3127c40d7eb82e0bda8e0f3c9f34f182a32a6eae982dfe7660030b27618a289bde562a9ac9

Download Submit
C:\Windows\system\xhKcNvr.exe

Filesize
6.0MB

MD5
99d671d998db98fc2be3ec2557e750eb

SHA1
f3fcbbfd6acf9db8f8151be85a7c85b9c7574c91

SHA256
9d2ceb87e6abbbd7b3c6c4392a014c2b5ac226fd3113f9f921aeeff7879104e1

SHA512
d84e149fb86fce4c90ee35e96926ceb99e734abf78359daf93d5b42571450db0122c2cf9cc0a8dc37f2d7cd92bc94709dbe435e7a159e47f1d308c7bfe65e553

Download Submit
\Windows\system\JbyLsCQ.exe

Filesize
6.0MB

MD5
bc57b539d833b91ec78883260b9db5c7

SHA1
c4c345665947f9a2d0396a5158c88392efc632bb

SHA256
8f0cbfe6d9131362691b7779fa323c9de18fa211e0fc6607ed49c27d28b9a7d5

SHA512
5fc6df3b03fa1a670b1ffe476c3b4fa18e93316fa2c0cd7eb3c9532aff27286f9e2e58b8731ff9be7fd7746d0c7a2e0e57f89871ca8f48915ae1edc87bb217af

Download Submit
\Windows\system\MWXuvZr.exe

Filesize
6.0MB

MD5
7a60474645ad8ba49ef62cf3228e7f06

SHA1
187a928faa0ef0f45e20154f7b4da1f0a0b76376

SHA256
a0a55b75805bbcd77a7680f1c38c93f3f71df9300e5d240c5b318f6cc91940ae

SHA512
e7a53fdb7a9aff0119c68452c296c0ec6047fc7155e3461e58b0645433c6755538244975742fb7a0686abdfcd2dcc2bde2cfc3277488c87de92df820d99117de

Download Submit
\Windows\system\XIYQjWD.exe

Filesize
6.0MB

MD5
b972d25094fce963ff19d0ed92b9bb11

SHA1
acc7d48a28eae8773f88399e080be1332932f566

SHA256
c0d1900aecc5496a77ed7c1ae845e533959d57a5103335cea7ec0ec4cb54bb87

SHA512
04ee4cf01b222d16dad697411ebb277942decd2b904a94a4b1fb8080883f9c7a1458169ef1000f8db3283b4f1857a8367045906cae49a12d65adb95ca6cdd9b4

Download Submit
\Windows\system\aZhGTNh.exe

Filesize
6.0MB

MD5
cc8a51c3378186e131e0c8f857a3a1ee

SHA1
6151add420cf495ed06eaf776b4f98951192fa06

SHA256
5407fcbe3d893dbf8f0fdf89b46404b205c4ca4d04066124bcf70545208ff97c

SHA512
256cde3f4631af51c07fdf40b3261b28811131b6765b505740636f3b8560833dadfd1194443b2e6c05b2383970bc803955ef5cfe824de102650114fd8caf9f8f

Download Submit
\Windows\system\hCElJWk.exe

Filesize
6.0MB

MD5
edc5a942424dd6ab2c099cd5ec863519

SHA1
0ce340fd029ad6d1450a37975d4138a6ce80c19f

SHA256
96c2c39aad4f5b21db356f0227062ca9e2252b536465a9c29f7b0183157e2f5d

SHA512
a427e977355f29185519f992dadc9c09b57c76e3b94760200490ce85e096b62b2dc943a252edea37cb2c1663c07feeb3e478eb261ce8282116ac195e96d5d3ae

Download Submit
\Windows\system\odjQuSc.exe

Filesize
6.0MB

MD5
e59db637ccc3fd43d9d4af713570b009

SHA1
ad758fcb094031f0a0bf246c2726235debec0563

SHA256
1d7520457b6a7ecb1da9d0e5ee4fd81f5ea0097bb21be9bc4be98cbe1fa6c2b5

SHA512
44da3a8f994be994f37c8125978935f2e322cb0638794fb6b45ea6e3fc88b1dbc94edb068140b6365d536d624af942cf492c3ae66e781c81c7dd7177445336b1

Download Submit
\Windows\system\vzEIcew.exe

Filesize
6.0MB

MD5
93240dbfce93480aea7e566ba227442e

SHA1
cc138d7fb3321d322d8c0c5112706b68fa73b473

SHA256
6a7cdcfba29a425c19b4c36b86c9be6be97495250b4292aabe2cd027a384f8cc

SHA512
a7cfb626c9ce1a8570f8bdf6d79d5f6080b7eba7a36eb35b2ff6dfa4e801f5b1e8673eadec660bc52ae3a829aa9819083ea49f61700d460eca9019bdc5601ba0

Download Submit
memory/828-777-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/828-58-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/828-22-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1780-273-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1780-91-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1780-793-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/1920-791-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1920-123-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/1920-76-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2036-788-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-108-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2036-458-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2072-792-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2072-83-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2072-144-0x000000013F920000-0x000000013FC74000-memory.dmp

Filesize
3.3MB

Download
memory/2136-803-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2136-12-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2136-39-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2456-794-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-100-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2456-372-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-106-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-0-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2580-320-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-415-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2580-52-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-15-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-46-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2580-72-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2580-64-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-507-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-228-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-7-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-36-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-35-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2580-87-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-113-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-112-0x000000013FFB0000-0x0000000140304000-memory.dmp

Filesize
3.3MB

Download
memory/2580-20-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2580-25-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-42-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-95-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/2580-31-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-96-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-37-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-787-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2688-75-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2728-59-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2728-786-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2728-99-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2744-107-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-69-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-790-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-50-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2908-789-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2908-90-0x000000013F7F0000-0x000000013FB44000-memory.dmp

Filesize
3.3MB

Download
memory/2920-781-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2920-43-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2920-82-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2964-776-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2964-16-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-68-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-29-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-785-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download