cobaltstrike | 92ff71f09f7e5ac28d5052d53bb038a14115a4221dfd98caf4fb07af2c29726a

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-11-2024 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

bd67ac724f121791da0c6a32d66ba1da
SHA1

9ae81ae8c3b5f6c614ec12620efb1a502c722775
SHA256

92ff71f09f7e5ac28d5052d53bb038a14115a4221dfd98caf4fb07af2c29726a
SHA512

b92020a079dd38a1329956c01b219697222b72b87dd621eb189e00e31ec73ce4ea1a609a8df92643da45d633756091e28a3d748d9cabd4a935503e8ee49e5b44
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUw:T+q56utgpPF8u/7w

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
behavioral1/files/0x000b000000012281-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ed2-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016009-20.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001613e-24.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016210-27.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000164db-31.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d58-35.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-55.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-67.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-101.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-158.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-146.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-141.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-124.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-161.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-149.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-138.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-129.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-122.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-113.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-106.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-95.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-63.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-59.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de4-51.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd0-47.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db5-43.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016da7-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f96-15.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/2788-0-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012281-6.dat	xmrig
behavioral1/files/0x0008000000015ed2-11.dat	xmrig
behavioral1/memory/2728-16-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0007000000016009-20.dat	xmrig
behavioral1/files/0x000700000001613e-24.dat	xmrig
behavioral1/files/0x0007000000016210-27.dat	xmrig
behavioral1/files/0x00090000000164db-31.dat	xmrig
behavioral1/files/0x0006000000016d58-35.dat	xmrig
behavioral1/files/0x0006000000016de8-55.dat	xmrig
behavioral1/files/0x000600000001707c-67.dat	xmrig
behavioral1/files/0x000600000001746a-101.dat	xmrig
behavioral1/files/0x000600000001904c-153.dat	xmrig
behavioral1/memory/3032-917-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2728-916-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2788-815-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2496-262-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2100-259-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/1712-257-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/772-255-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1868-253-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/1824-251-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2644-249-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2584-247-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2068-245-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2736-243-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2936-241-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2856-239-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/3032-207-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000187a2-158.dat	xmrig
behavioral1/files/0x000600000001757f-146.dat	xmrig
behavioral1/files/0x00060000000174a6-144.dat	xmrig
behavioral1/files/0x0006000000018c44-141.dat	xmrig
behavioral1/files/0x0005000000018696-124.dat	xmrig
behavioral1/files/0x00060000000190e1-161.dat	xmrig
behavioral1/files/0x0006000000018f65-149.dat	xmrig
behavioral1/files/0x0006000000018c34-138.dat	xmrig
behavioral1/files/0x0006000000017400-92.dat	xmrig
behavioral1/files/0x0005000000018697-129.dat	xmrig
behavioral1/files/0x0015000000018676-122.dat	xmrig
behavioral1/files/0x00060000000174c3-113.dat	xmrig
behavioral1/files/0x0006000000017488-106.dat	xmrig
behavioral1/files/0x0006000000017403-95.dat	xmrig
behavioral1/files/0x00060000000173f3-86.dat	xmrig
behavioral1/files/0x0006000000016edb-63.dat	xmrig
behavioral1/files/0x0006000000016eb8-59.dat	xmrig
behavioral1/files/0x0006000000016de4-51.dat	xmrig
behavioral1/files/0x0006000000016dd0-47.dat	xmrig
behavioral1/files/0x0006000000016db5-43.dat	xmrig
behavioral1/files/0x0006000000016da7-39.dat	xmrig
behavioral1/files/0x0007000000015f96-15.dat	xmrig
behavioral1/memory/2728-3344-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/1712-3351-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/1868-3350-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2644-3349-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2068-3348-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2856-3347-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2936-3346-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/3032-3368-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/2584-3362-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/1824-3399-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2736-3400-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2496-3378-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/772-3376-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

Processes:

zjpbFJJ.exefczVXAQ.exeEPwKiaP.exeHloNgAH.exeyAxRaqR.exeVPLkndd.exeRcVyYCt.exeAkTWJFd.exexQrwNwF.exenwKsJIz.exekfBTTnC.exeQdaZLDh.exeCAhZiyL.exebhoxyGk.exeSgvEOqd.exeNuRAGpd.exeuBSWARt.exeAXMOuLG.exeZqnRQSZ.exeFNsuERO.exeyCzenFx.exehQONbFb.exeSthKALS.exeyrKjcNm.exegBzOaFk.execGKRpBM.exekvLkCEh.exeSqHhySC.exegBULbEE.exeDOyCkUn.exePoqAatH.exeVVufVNz.exeVnjyaBo.exeqFvCpKz.execKaTlGF.exeeAbuJSv.exeTKQVdpI.exegZahPRW.exeghvUqQQ.exeJANbYHh.exeGmLaGLm.exeuFpOGbg.exevXLmqyt.exeMaeCxeV.exerZGbOCQ.exeolyHKWk.exeJLcWWlB.exeyQYGRQO.exeDfaQdka.exeoSZzZBT.exexfllFLs.exePFNmLMX.exeirWkkyZ.exeAYNWGka.exeYgcYUUr.exexJmjkMv.execwZkAFX.exeJYFduOn.exeySFcykd.exebtvzLgz.exeuRwjaQY.exelnFrefi.exeLoEoNMR.exefjiqyMT.exe

pid	Process
2728	zjpbFJJ.exe
3032	fczVXAQ.exe
2856	EPwKiaP.exe
2496	HloNgAH.exe
2936	yAxRaqR.exe
2736	VPLkndd.exe
2068	RcVyYCt.exe
2584	AkTWJFd.exe
2644	xQrwNwF.exe
1824	nwKsJIz.exe
1868	kfBTTnC.exe
772	QdaZLDh.exe
1712	CAhZiyL.exe
2100	bhoxyGk.exe
2020	SgvEOqd.exe
2072	NuRAGpd.exe
2772	uBSWARt.exe
2632	AXMOuLG.exe
2952	ZqnRQSZ.exe
2948	FNsuERO.exe
332	yCzenFx.exe
2140	hQONbFb.exe
2372	SthKALS.exe
2212	yrKjcNm.exe
2424	gBzOaFk.exe
1672	cGKRpBM.exe
2776	kvLkCEh.exe
2128	SqHhySC.exe
1076	gBULbEE.exe
1408	DOyCkUn.exe
1616	PoqAatH.exe
2040	VVufVNz.exe
960	VnjyaBo.exe
1096	qFvCpKz.exe
964	cKaTlGF.exe
2384	eAbuJSv.exe
2188	TKQVdpI.exe
2940	gZahPRW.exe
2080	ghvUqQQ.exe
1564	JANbYHh.exe
1160	GmLaGLm.exe
316	uFpOGbg.exe
568	vXLmqyt.exe
1692	MaeCxeV.exe
2220	rZGbOCQ.exe
2324	olyHKWk.exe
288	JLcWWlB.exe
892	yQYGRQO.exe
2464	DfaQdka.exe
2676	oSZzZBT.exe
1736	xfllFLs.exe
2320	PFNmLMX.exe
1872	irWkkyZ.exe
576	AYNWGka.exe
696	YgcYUUr.exe
1800	xJmjkMv.exe
1756	cwZkAFX.exe
2468	JYFduOn.exe
1708	ySFcykd.exe
2688	btvzLgz.exe
2288	uRwjaQY.exe
1996	lnFrefi.exe
2352	LoEoNMR.exe
2304	fjiqyMT.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe

pid	Process
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2788-0-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x000b000000012281-6.dat	upx
behavioral1/files/0x0008000000015ed2-11.dat	upx
behavioral1/memory/2728-16-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0007000000016009-20.dat	upx
behavioral1/files/0x000700000001613e-24.dat	upx
behavioral1/files/0x0007000000016210-27.dat	upx
behavioral1/files/0x00090000000164db-31.dat	upx
behavioral1/files/0x0006000000016d58-35.dat	upx
behavioral1/files/0x0006000000016de8-55.dat	upx
behavioral1/files/0x000600000001707c-67.dat	upx
behavioral1/files/0x000600000001746a-101.dat	upx
behavioral1/files/0x000600000001904c-153.dat	upx
behavioral1/memory/3032-917-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2728-916-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2788-815-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2496-262-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2100-259-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/1712-257-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/772-255-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1868-253-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/1824-251-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2644-249-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2584-247-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2068-245-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2736-243-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2936-241-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2856-239-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/3032-207-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/files/0x00050000000187a2-158.dat	upx
behavioral1/files/0x000600000001757f-146.dat	upx
behavioral1/files/0x00060000000174a6-144.dat	upx
behavioral1/files/0x0006000000018c44-141.dat	upx
behavioral1/files/0x0005000000018696-124.dat	upx
behavioral1/files/0x00060000000190e1-161.dat	upx
behavioral1/files/0x0006000000018f65-149.dat	upx
behavioral1/files/0x0006000000018c34-138.dat	upx
behavioral1/files/0x0006000000017400-92.dat	upx
behavioral1/files/0x0005000000018697-129.dat	upx
behavioral1/files/0x0015000000018676-122.dat	upx
behavioral1/files/0x00060000000174c3-113.dat	upx
behavioral1/files/0x0006000000017488-106.dat	upx
behavioral1/files/0x0006000000017403-95.dat	upx
behavioral1/files/0x00060000000173f3-86.dat	upx
behavioral1/files/0x0006000000016edb-63.dat	upx
behavioral1/files/0x0006000000016eb8-59.dat	upx
behavioral1/files/0x0006000000016de4-51.dat	upx
behavioral1/files/0x0006000000016dd0-47.dat	upx
behavioral1/files/0x0006000000016db5-43.dat	upx
behavioral1/files/0x0006000000016da7-39.dat	upx
behavioral1/files/0x0007000000015f96-15.dat	upx
behavioral1/memory/2728-3344-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/1712-3351-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/1868-3350-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2644-3349-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2068-3348-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2856-3347-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2936-3346-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/3032-3368-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2584-3362-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/1824-3399-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2736-3400-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2496-3378-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/772-3376-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	Process
File created	C:\Windows\System\epkaUMo.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oaICBkY.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jbGTCQH.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VdwqQor.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UODTcPl.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVZykSC.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrAaisR.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdcvpZS.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gykRdSq.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttFUgIq.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGFUSTz.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UABfkqu.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPrsklv.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NEkNnMg.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKaTlGF.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUQYlIH.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UZuLfCN.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DdnCSxA.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\egduMUt.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OurYzUE.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WSaoBmd.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKtihhS.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yAxRaqR.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQSrBgR.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IgRmKFi.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ldTAGNc.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fjcxyrl.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CFdYZYy.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhCYUQD.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sBZDncd.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqtvLaN.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZaZZMv.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGlAMOF.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qEbGIpL.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSxAumf.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dKXQKBH.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koPdOdI.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvdkwqV.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xmaZvvQ.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyquAdH.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADzbVXE.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJdiXno.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GeZyEHr.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSzMeuo.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgSETPU.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wyLelLa.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\drxgqlZ.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rjuOAjz.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GJqimzl.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEALfCU.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKVjngq.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uUsAOeF.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VofpaTg.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjynVoJ.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wnQVSAB.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xINmXeH.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnVTWEH.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzHACIu.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnTcSrj.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yQYGRQO.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bNujpwo.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHzoseM.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGUoZFB.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ueOzpJE.exe	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	Process	procid_target
PID 2788 wrote to memory of 2728	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2788 wrote to memory of 2728	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2788 wrote to memory of 2728	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2788 wrote to memory of 3032	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2788 wrote to memory of 3032	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2788 wrote to memory of 3032	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2788 wrote to memory of 2856	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2788 wrote to memory of 2856	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2788 wrote to memory of 2856	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2788 wrote to memory of 2496	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2788 wrote to memory of 2496	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2788 wrote to memory of 2496	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2788 wrote to memory of 2936	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2788 wrote to memory of 2936	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2788 wrote to memory of 2936	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2788 wrote to memory of 2736	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2788 wrote to memory of 2736	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2788 wrote to memory of 2736	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2788 wrote to memory of 2068	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2788 wrote to memory of 2068	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2788 wrote to memory of 2068	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2788 wrote to memory of 2584	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2788 wrote to memory of 2584	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2788 wrote to memory of 2584	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2788 wrote to memory of 2644	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2788 wrote to memory of 2644	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2788 wrote to memory of 2644	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2788 wrote to memory of 1824	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2788 wrote to memory of 1824	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2788 wrote to memory of 1824	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2788 wrote to memory of 1868	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2788 wrote to memory of 1868	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2788 wrote to memory of 1868	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2788 wrote to memory of 772	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2788 wrote to memory of 772	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2788 wrote to memory of 772	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2788 wrote to memory of 1712	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2788 wrote to memory of 1712	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2788 wrote to memory of 1712	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2788 wrote to memory of 2100	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2788 wrote to memory of 2100	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2788 wrote to memory of 2100	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2788 wrote to memory of 2020	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2788 wrote to memory of 2020	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2788 wrote to memory of 2020	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2788 wrote to memory of 2072	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2788 wrote to memory of 2072	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2788 wrote to memory of 2072	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2788 wrote to memory of 2772	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2788 wrote to memory of 2772	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2788 wrote to memory of 2772	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2788 wrote to memory of 2632	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2788 wrote to memory of 2632	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2788 wrote to memory of 2632	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2788 wrote to memory of 2952	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2788 wrote to memory of 2952	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2788 wrote to memory of 2952	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2788 wrote to memory of 2948	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2788 wrote to memory of 2948	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2788 wrote to memory of 2948	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2788 wrote to memory of 332	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2788 wrote to memory of 332	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2788 wrote to memory of 332	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2788 wrote to memory of 1672	2788	2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-25_bd67ac724f121791da0c6a32d66ba1da_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2788
- C:\Windows\System\zjpbFJJ.exe
  C:\Windows\System\zjpbFJJ.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\fczVXAQ.exe
  C:\Windows\System\fczVXAQ.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\EPwKiaP.exe
  C:\Windows\System\EPwKiaP.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\HloNgAH.exe
  C:\Windows\System\HloNgAH.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\yAxRaqR.exe
  C:\Windows\System\yAxRaqR.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\VPLkndd.exe
  C:\Windows\System\VPLkndd.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\RcVyYCt.exe
  C:\Windows\System\RcVyYCt.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\AkTWJFd.exe
  C:\Windows\System\AkTWJFd.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\xQrwNwF.exe
  C:\Windows\System\xQrwNwF.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\nwKsJIz.exe
  C:\Windows\System\nwKsJIz.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\kfBTTnC.exe
  C:\Windows\System\kfBTTnC.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\QdaZLDh.exe
  C:\Windows\System\QdaZLDh.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\CAhZiyL.exe
  C:\Windows\System\CAhZiyL.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\bhoxyGk.exe
  C:\Windows\System\bhoxyGk.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\SgvEOqd.exe
  C:\Windows\System\SgvEOqd.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\NuRAGpd.exe
  C:\Windows\System\NuRAGpd.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\uBSWARt.exe
  C:\Windows\System\uBSWARt.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\AXMOuLG.exe
  C:\Windows\System\AXMOuLG.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\ZqnRQSZ.exe
  C:\Windows\System\ZqnRQSZ.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\FNsuERO.exe
  C:\Windows\System\FNsuERO.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\yCzenFx.exe
  C:\Windows\System\yCzenFx.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\cGKRpBM.exe
  C:\Windows\System\cGKRpBM.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\hQONbFb.exe
  C:\Windows\System\hQONbFb.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\kvLkCEh.exe
  C:\Windows\System\kvLkCEh.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\SthKALS.exe
  C:\Windows\System\SthKALS.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\gBULbEE.exe
  C:\Windows\System\gBULbEE.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\yrKjcNm.exe
  C:\Windows\System\yrKjcNm.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\DOyCkUn.exe
  C:\Windows\System\DOyCkUn.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\gBzOaFk.exe
  C:\Windows\System\gBzOaFk.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\VVufVNz.exe
  C:\Windows\System\VVufVNz.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\SqHhySC.exe
  C:\Windows\System\SqHhySC.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\qFvCpKz.exe
  C:\Windows\System\qFvCpKz.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\PoqAatH.exe
  C:\Windows\System\PoqAatH.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\eAbuJSv.exe
  C:\Windows\System\eAbuJSv.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\VnjyaBo.exe
  C:\Windows\System\VnjyaBo.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\gZahPRW.exe
  C:\Windows\System\gZahPRW.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\cKaTlGF.exe
  C:\Windows\System\cKaTlGF.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\ghvUqQQ.exe
  C:\Windows\System\ghvUqQQ.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\TKQVdpI.exe
  C:\Windows\System\TKQVdpI.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\JANbYHh.exe
  C:\Windows\System\JANbYHh.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\GmLaGLm.exe
  C:\Windows\System\GmLaGLm.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\xfllFLs.exe
  C:\Windows\System\xfllFLs.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\uFpOGbg.exe
  C:\Windows\System\uFpOGbg.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\PFNmLMX.exe
  C:\Windows\System\PFNmLMX.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\vXLmqyt.exe
  C:\Windows\System\vXLmqyt.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\irWkkyZ.exe
  C:\Windows\System\irWkkyZ.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\MaeCxeV.exe
  C:\Windows\System\MaeCxeV.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\AYNWGka.exe
  C:\Windows\System\AYNWGka.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\rZGbOCQ.exe
  C:\Windows\System\rZGbOCQ.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\YgcYUUr.exe
  C:\Windows\System\YgcYUUr.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\olyHKWk.exe
  C:\Windows\System\olyHKWk.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\xJmjkMv.exe
  C:\Windows\System\xJmjkMv.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\JLcWWlB.exe
  C:\Windows\System\JLcWWlB.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\cwZkAFX.exe
  C:\Windows\System\cwZkAFX.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\yQYGRQO.exe
  C:\Windows\System\yQYGRQO.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\JYFduOn.exe
  C:\Windows\System\JYFduOn.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\DfaQdka.exe
  C:\Windows\System\DfaQdka.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\ySFcykd.exe
  C:\Windows\System\ySFcykd.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\oSZzZBT.exe
  C:\Windows\System\oSZzZBT.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\btvzLgz.exe
  C:\Windows\System\btvzLgz.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\uRwjaQY.exe
  C:\Windows\System\uRwjaQY.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\LoEoNMR.exe
  C:\Windows\System\LoEoNMR.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\lnFrefi.exe
  C:\Windows\System\lnFrefi.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\smThIyt.exe
  C:\Windows\System\smThIyt.exe
  2⤵
  PID:2520
- C:\Windows\System\fjiqyMT.exe
  C:\Windows\System\fjiqyMT.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\zMQBkja.exe
  C:\Windows\System\zMQBkja.exe
  2⤵
  PID:2044
- C:\Windows\System\ywqEAJB.exe
  C:\Windows\System\ywqEAJB.exe
  2⤵
  PID:2640
- C:\Windows\System\qEbGIpL.exe
  C:\Windows\System\qEbGIpL.exe
  2⤵
  PID:760
- C:\Windows\System\LCLckkX.exe
  C:\Windows\System\LCLckkX.exe
  2⤵
  PID:1360
- C:\Windows\System\PrGovGk.exe
  C:\Windows\System\PrGovGk.exe
  2⤵
  PID:1516
- C:\Windows\System\FGEHgvv.exe
  C:\Windows\System\FGEHgvv.exe
  2⤵
  PID:2328
- C:\Windows\System\OiKkbDj.exe
  C:\Windows\System\OiKkbDj.exe
  2⤵
  PID:2056
- C:\Windows\System\HseeTbW.exe
  C:\Windows\System\HseeTbW.exe
  2⤵
  PID:2160
- C:\Windows\System\TTJrzEa.exe
  C:\Windows\System\TTJrzEa.exe
  2⤵
  PID:876
- C:\Windows\System\LtJmquT.exe
  C:\Windows\System\LtJmquT.exe
  2⤵
  PID:2432
- C:\Windows\System\hvankUw.exe
  C:\Windows\System\hvankUw.exe
  2⤵
  PID:824
- C:\Windows\System\PBdZTWP.exe
  C:\Windows\System\PBdZTWP.exe
  2⤵
  PID:976
- C:\Windows\System\qRbsPSl.exe
  C:\Windows\System\qRbsPSl.exe
  2⤵
  PID:1576
- C:\Windows\System\bNujpwo.exe
  C:\Windows\System\bNujpwo.exe
  2⤵
  PID:916
- C:\Windows\System\GXgZLkk.exe
  C:\Windows\System\GXgZLkk.exe
  2⤵
  PID:1068
- C:\Windows\System\bxTigZB.exe
  C:\Windows\System\bxTigZB.exe
  2⤵
  PID:1720
- C:\Windows\System\XbLward.exe
  C:\Windows\System\XbLward.exe
  2⤵
  PID:2480
- C:\Windows\System\NVFnHhJ.exe
  C:\Windows\System\NVFnHhJ.exe
  2⤵
  PID:628
- C:\Windows\System\kudzKNX.exe
  C:\Windows\System\kudzKNX.exe
  2⤵
  PID:3040
- C:\Windows\System\nIPrOfW.exe
  C:\Windows\System\nIPrOfW.exe
  2⤵
  PID:2240
- C:\Windows\System\nSpyVHZ.exe
  C:\Windows\System\nSpyVHZ.exe
  2⤵
  PID:2956
- C:\Windows\System\zXmxngU.exe
  C:\Windows\System\zXmxngU.exe
  2⤵
  PID:1256
- C:\Windows\System\lRLTrHw.exe
  C:\Windows\System\lRLTrHw.exe
  2⤵
  PID:1656
- C:\Windows\System\rLAivjG.exe
  C:\Windows\System\rLAivjG.exe
  2⤵
  PID:2908
- C:\Windows\System\qRiBtCM.exe
  C:\Windows\System\qRiBtCM.exe
  2⤵
  PID:1552
- C:\Windows\System\iiZpqiw.exe
  C:\Windows\System\iiZpqiw.exe
  2⤵
  PID:2816
- C:\Windows\System\rgTKmsd.exe
  C:\Windows\System\rgTKmsd.exe
  2⤵
  PID:1340
- C:\Windows\System\xjkDBuW.exe
  C:\Windows\System\xjkDBuW.exe
  2⤵
  PID:1760
- C:\Windows\System\jSjUnKf.exe
  C:\Windows\System\jSjUnKf.exe
  2⤵
  PID:2096
- C:\Windows\System\crlGtAg.exe
  C:\Windows\System\crlGtAg.exe
  2⤵
  PID:1796
- C:\Windows\System\tlXIclu.exe
  C:\Windows\System\tlXIclu.exe
  2⤵
  PID:2144
- C:\Windows\System\XexnRPz.exe
  C:\Windows\System\XexnRPz.exe
  2⤵
  PID:1332
- C:\Windows\System\KXigNNx.exe
  C:\Windows\System\KXigNNx.exe
  2⤵
  PID:2852
- C:\Windows\System\dsKSLBB.exe
  C:\Windows\System\dsKSLBB.exe
  2⤵
  PID:448
- C:\Windows\System\VeyjUhp.exe
  C:\Windows\System\VeyjUhp.exe
  2⤵
  PID:1772
- C:\Windows\System\JxEOfeM.exe
  C:\Windows\System\JxEOfeM.exe
  2⤵
  PID:2108
- C:\Windows\System\rPXELFR.exe
  C:\Windows\System\rPXELFR.exe
  2⤵
  PID:2296
- C:\Windows\System\KwWxsHL.exe
  C:\Windows\System\KwWxsHL.exe
  2⤵
  PID:2024
- C:\Windows\System\PNOjFta.exe
  C:\Windows\System\PNOjFta.exe
  2⤵
  PID:108
- C:\Windows\System\mPxnMDz.exe
  C:\Windows\System\mPxnMDz.exe
  2⤵
  PID:900
- C:\Windows\System\WrsMTGI.exe
  C:\Windows\System\WrsMTGI.exe
  2⤵
  PID:3080
- C:\Windows\System\hQhpJoy.exe
  C:\Windows\System\hQhpJoy.exe
  2⤵
  PID:3100
- C:\Windows\System\TncPAzt.exe
  C:\Windows\System\TncPAzt.exe
  2⤵
  PID:3120
- C:\Windows\System\uUsAOeF.exe
  C:\Windows\System\uUsAOeF.exe
  2⤵
  PID:3140
- C:\Windows\System\ILFNNTC.exe
  C:\Windows\System\ILFNNTC.exe
  2⤵
  PID:3160
- C:\Windows\System\lxCyuPa.exe
  C:\Windows\System\lxCyuPa.exe
  2⤵
  PID:3180
- C:\Windows\System\kuISvlL.exe
  C:\Windows\System\kuISvlL.exe
  2⤵
  PID:3200
- C:\Windows\System\tfEwoKV.exe
  C:\Windows\System\tfEwoKV.exe
  2⤵
  PID:3220
- C:\Windows\System\QDZLCQl.exe
  C:\Windows\System\QDZLCQl.exe
  2⤵
  PID:3244
- C:\Windows\System\yMKvbhL.exe
  C:\Windows\System\yMKvbhL.exe
  2⤵
  PID:3260
- C:\Windows\System\UZsNwHd.exe
  C:\Windows\System\UZsNwHd.exe
  2⤵
  PID:3284
- C:\Windows\System\MWfKBaM.exe
  C:\Windows\System\MWfKBaM.exe
  2⤵
  PID:3300
- C:\Windows\System\omNaufe.exe
  C:\Windows\System\omNaufe.exe
  2⤵
  PID:3324
- C:\Windows\System\vnrpUsY.exe
  C:\Windows\System\vnrpUsY.exe
  2⤵
  PID:3344
- C:\Windows\System\jGLaldY.exe
  C:\Windows\System\jGLaldY.exe
  2⤵
  PID:3364
- C:\Windows\System\mNocUWW.exe
  C:\Windows\System\mNocUWW.exe
  2⤵
  PID:3384
- C:\Windows\System\fgwyzYq.exe
  C:\Windows\System\fgwyzYq.exe
  2⤵
  PID:3404
- C:\Windows\System\XvTNcYH.exe
  C:\Windows\System\XvTNcYH.exe
  2⤵
  PID:3424
- C:\Windows\System\xQSrBgR.exe
  C:\Windows\System\xQSrBgR.exe
  2⤵
  PID:3444
- C:\Windows\System\FXofIqh.exe
  C:\Windows\System\FXofIqh.exe
  2⤵
  PID:3464
- C:\Windows\System\LhrjWvV.exe
  C:\Windows\System\LhrjWvV.exe
  2⤵
  PID:3484
- C:\Windows\System\zuAduRe.exe
  C:\Windows\System\zuAduRe.exe
  2⤵
  PID:3504
- C:\Windows\System\vDbLrrp.exe
  C:\Windows\System\vDbLrrp.exe
  2⤵
  PID:3524
- C:\Windows\System\gEqamKd.exe
  C:\Windows\System\gEqamKd.exe
  2⤵
  PID:3544
- C:\Windows\System\tGFUSTz.exe
  C:\Windows\System\tGFUSTz.exe
  2⤵
  PID:3564
- C:\Windows\System\XDvGfKs.exe
  C:\Windows\System\XDvGfKs.exe
  2⤵
  PID:3584
- C:\Windows\System\vrkxPdQ.exe
  C:\Windows\System\vrkxPdQ.exe
  2⤵
  PID:3600
- C:\Windows\System\IreIjHA.exe
  C:\Windows\System\IreIjHA.exe
  2⤵
  PID:3624
- C:\Windows\System\SLHZSTf.exe
  C:\Windows\System\SLHZSTf.exe
  2⤵
  PID:3644
- C:\Windows\System\SIFzKai.exe
  C:\Windows\System\SIFzKai.exe
  2⤵
  PID:3664
- C:\Windows\System\mupJDan.exe
  C:\Windows\System\mupJDan.exe
  2⤵
  PID:3680
- C:\Windows\System\qdLKBQm.exe
  C:\Windows\System\qdLKBQm.exe
  2⤵
  PID:3700
- C:\Windows\System\IgRmKFi.exe
  C:\Windows\System\IgRmKFi.exe
  2⤵
  PID:3716
- C:\Windows\System\xlZFlRb.exe
  C:\Windows\System\xlZFlRb.exe
  2⤵
  PID:3736
- C:\Windows\System\cpUflcb.exe
  C:\Windows\System\cpUflcb.exe
  2⤵
  PID:3752
- C:\Windows\System\gWdsFya.exe
  C:\Windows\System\gWdsFya.exe
  2⤵
  PID:3776
- C:\Windows\System\ChVIugl.exe
  C:\Windows\System\ChVIugl.exe
  2⤵
  PID:3804
- C:\Windows\System\JuGwbcv.exe
  C:\Windows\System\JuGwbcv.exe
  2⤵
  PID:3820
- C:\Windows\System\FxDlNHW.exe
  C:\Windows\System\FxDlNHW.exe
  2⤵
  PID:3848
- C:\Windows\System\pWqAoUt.exe
  C:\Windows\System\pWqAoUt.exe
  2⤵
  PID:3868
- C:\Windows\System\emmRmjz.exe
  C:\Windows\System\emmRmjz.exe
  2⤵
  PID:3888
- C:\Windows\System\HsalLcz.exe
  C:\Windows\System\HsalLcz.exe
  2⤵
  PID:3904
- C:\Windows\System\QQnFPHT.exe
  C:\Windows\System\QQnFPHT.exe
  2⤵
  PID:3920
- C:\Windows\System\OoWvCqG.exe
  C:\Windows\System\OoWvCqG.exe
  2⤵
  PID:3940
- C:\Windows\System\fndRwwe.exe
  C:\Windows\System\fndRwwe.exe
  2⤵
  PID:3968
- C:\Windows\System\rHjzWZm.exe
  C:\Windows\System\rHjzWZm.exe
  2⤵
  PID:3984
- C:\Windows\System\BOcOpvg.exe
  C:\Windows\System\BOcOpvg.exe
  2⤵
  PID:4008
- C:\Windows\System\QRqkWKh.exe
  C:\Windows\System\QRqkWKh.exe
  2⤵
  PID:4028
- C:\Windows\System\XYJbXuy.exe
  C:\Windows\System\XYJbXuy.exe
  2⤵
  PID:4048
- C:\Windows\System\NYoTxrd.exe
  C:\Windows\System\NYoTxrd.exe
  2⤵
  PID:4068
- C:\Windows\System\YLZYvlj.exe
  C:\Windows\System\YLZYvlj.exe
  2⤵
  PID:4084
- C:\Windows\System\KISlZcB.exe
  C:\Windows\System\KISlZcB.exe
  2⤵
  PID:1744
- C:\Windows\System\SfVmHiS.exe
  C:\Windows\System\SfVmHiS.exe
  2⤵
  PID:2348
- C:\Windows\System\vlpoWtZ.exe
  C:\Windows\System\vlpoWtZ.exe
  2⤵
  PID:3052
- C:\Windows\System\LYXOjQj.exe
  C:\Windows\System\LYXOjQj.exe
  2⤵
  PID:1792
- C:\Windows\System\ggBYiZb.exe
  C:\Windows\System\ggBYiZb.exe
  2⤵
  PID:2724
- C:\Windows\System\eZttJlx.exe
  C:\Windows\System\eZttJlx.exe
  2⤵
  PID:2784
- C:\Windows\System\TXSGNeD.exe
  C:\Windows\System\TXSGNeD.exe
  2⤵
  PID:2828
- C:\Windows\System\OAoPtMn.exe
  C:\Windows\System\OAoPtMn.exe
  2⤵
  PID:1832
- C:\Windows\System\tDzFCnq.exe
  C:\Windows\System\tDzFCnq.exe
  2⤵
  PID:3108
- C:\Windows\System\iyaTUcu.exe
  C:\Windows\System\iyaTUcu.exe
  2⤵
  PID:3096
- C:\Windows\System\SjCYCUF.exe
  C:\Windows\System\SjCYCUF.exe
  2⤵
  PID:3156
- C:\Windows\System\pVPegUh.exe
  C:\Windows\System\pVPegUh.exe
  2⤵
  PID:3192
- C:\Windows\System\cIJaCCw.exe
  C:\Windows\System\cIJaCCw.exe
  2⤵
  PID:3212
- C:\Windows\System\BCIDfBy.exe
  C:\Windows\System\BCIDfBy.exe
  2⤵
  PID:3276
- C:\Windows\System\bFpQyBq.exe
  C:\Windows\System\bFpQyBq.exe
  2⤵
  PID:3256
- C:\Windows\System\gBJywZA.exe
  C:\Windows\System\gBJywZA.exe
  2⤵
  PID:3316
- C:\Windows\System\Rfmlmnj.exe
  C:\Windows\System\Rfmlmnj.exe
  2⤵
  PID:3336
- C:\Windows\System\HgxUwmn.exe
  C:\Windows\System\HgxUwmn.exe
  2⤵
  PID:3400
- C:\Windows\System\nlDIRHc.exe
  C:\Windows\System\nlDIRHc.exe
  2⤵
  PID:3412
- C:\Windows\System\TGfTOrd.exe
  C:\Windows\System\TGfTOrd.exe
  2⤵
  PID:3416
- C:\Windows\System\nqgGpIP.exe
  C:\Windows\System\nqgGpIP.exe
  2⤵
  PID:3456
- C:\Windows\System\sumiNhG.exe
  C:\Windows\System\sumiNhG.exe
  2⤵
  PID:3496
- C:\Windows\System\eBKuNxl.exe
  C:\Windows\System\eBKuNxl.exe
  2⤵
  PID:3540
- C:\Windows\System\ldTAGNc.exe
  C:\Windows\System\ldTAGNc.exe
  2⤵
  PID:3572
- C:\Windows\System\XYzGljh.exe
  C:\Windows\System\XYzGljh.exe
  2⤵
  PID:3608
- C:\Windows\System\VpDyynp.exe
  C:\Windows\System\VpDyynp.exe
  2⤵
  PID:3656
- C:\Windows\System\VrzOXuO.exe
  C:\Windows\System\VrzOXuO.exe
  2⤵
  PID:3712
- C:\Windows\System\NGeHiNE.exe
  C:\Windows\System\NGeHiNE.exe
  2⤵
  PID:3760
- C:\Windows\System\qcRIGiF.exe
  C:\Windows\System\qcRIGiF.exe
  2⤵
  PID:3724
- C:\Windows\System\sICQCyl.exe
  C:\Windows\System\sICQCyl.exe
  2⤵
  PID:3796
- C:\Windows\System\qCqGUYE.exe
  C:\Windows\System\qCqGUYE.exe
  2⤵
  PID:3836
- C:\Windows\System\MPMIlbr.exe
  C:\Windows\System\MPMIlbr.exe
  2⤵
  PID:3884
- C:\Windows\System\LHTCWAD.exe
  C:\Windows\System\LHTCWAD.exe
  2⤵
  PID:3912
- C:\Windows\System\cXZpCAA.exe
  C:\Windows\System\cXZpCAA.exe
  2⤵
  PID:3952
- C:\Windows\System\bWBECVV.exe
  C:\Windows\System\bWBECVV.exe
  2⤵
  PID:3956
- C:\Windows\System\NvnQHVT.exe
  C:\Windows\System\NvnQHVT.exe
  2⤵
  PID:4000
- C:\Windows\System\BgbbxDH.exe
  C:\Windows\System\BgbbxDH.exe
  2⤵
  PID:4036
- C:\Windows\System\fnSjVHW.exe
  C:\Windows\System\fnSjVHW.exe
  2⤵
  PID:4076
- C:\Windows\System\jKRDIGK.exe
  C:\Windows\System\jKRDIGK.exe
  2⤵
  PID:4092
- C:\Windows\System\VofpaTg.exe
  C:\Windows\System\VofpaTg.exe
  2⤵
  PID:2176
- C:\Windows\System\casfSCD.exe
  C:\Windows\System\casfSCD.exe
  2⤵
  PID:1928
- C:\Windows\System\mFvIhVu.exe
  C:\Windows\System\mFvIhVu.exe
  2⤵
  PID:2748
- C:\Windows\System\dnJErAR.exe
  C:\Windows\System\dnJErAR.exe
  2⤵
  PID:1020
- C:\Windows\System\eBQGshh.exe
  C:\Windows\System\eBQGshh.exe
  2⤵
  PID:3112
- C:\Windows\System\jbGTCQH.exe
  C:\Windows\System\jbGTCQH.exe
  2⤵
  PID:3148
- C:\Windows\System\jwtpeSp.exe
  C:\Windows\System\jwtpeSp.exe
  2⤵
  PID:3136
- C:\Windows\System\GYdPKRM.exe
  C:\Windows\System\GYdPKRM.exe
  2⤵
  PID:3216
- C:\Windows\System\wnQUMnW.exe
  C:\Windows\System\wnQUMnW.exe
  2⤵
  PID:2732
- C:\Windows\System\IZkzgLn.exe
  C:\Windows\System\IZkzgLn.exe
  2⤵
  PID:3372
- C:\Windows\System\cXlVtde.exe
  C:\Windows\System\cXlVtde.exe
  2⤵
  PID:3228
- C:\Windows\System\QAdCgjP.exe
  C:\Windows\System\QAdCgjP.exe
  2⤵
  PID:3472
- C:\Windows\System\czCigPl.exe
  C:\Windows\System\czCigPl.exe
  2⤵
  PID:3452
- C:\Windows\System\ITrfrJR.exe
  C:\Windows\System\ITrfrJR.exe
  2⤵
  PID:3536
- C:\Windows\System\HTBOnRi.exe
  C:\Windows\System\HTBOnRi.exe
  2⤵
  PID:3652
- C:\Windows\System\VdwqQor.exe
  C:\Windows\System\VdwqQor.exe
  2⤵
  PID:3748
- C:\Windows\System\JSIhDAE.exe
  C:\Windows\System\JSIhDAE.exe
  2⤵
  PID:3696
- C:\Windows\System\VbiLvZl.exe
  C:\Windows\System\VbiLvZl.exe
  2⤵
  PID:3688
- C:\Windows\System\ptQiiYr.exe
  C:\Windows\System\ptQiiYr.exe
  2⤵
  PID:3876
- C:\Windows\System\QnvCsoc.exe
  C:\Windows\System\QnvCsoc.exe
  2⤵
  PID:3860
- C:\Windows\System\cBplkPP.exe
  C:\Windows\System\cBplkPP.exe
  2⤵
  PID:4004
- C:\Windows\System\jgNAvwl.exe
  C:\Windows\System\jgNAvwl.exe
  2⤵
  PID:3980
- C:\Windows\System\LacAuxr.exe
  C:\Windows\System\LacAuxr.exe
  2⤵
  PID:4040
- C:\Windows\System\nFTQRNo.exe
  C:\Windows\System\nFTQRNo.exe
  2⤵
  PID:320
- C:\Windows\System\ufKsnOR.exe
  C:\Windows\System\ufKsnOR.exe
  2⤵
  PID:1168
- C:\Windows\System\xoQmzaH.exe
  C:\Windows\System\xoQmzaH.exe
  2⤵
  PID:3036
- C:\Windows\System\tCCWbhG.exe
  C:\Windows\System\tCCWbhG.exe
  2⤵
  PID:3168
- C:\Windows\System\jrQYflH.exe
  C:\Windows\System\jrQYflH.exe
  2⤵
  PID:3236
- C:\Windows\System\VJbjLly.exe
  C:\Windows\System\VJbjLly.exe
  2⤵
  PID:3268
- C:\Windows\System\TkwnjZf.exe
  C:\Windows\System\TkwnjZf.exe
  2⤵
  PID:3272
- C:\Windows\System\mdcNnxD.exe
  C:\Windows\System\mdcNnxD.exe
  2⤵
  PID:3476
- C:\Windows\System\VwWRUzY.exe
  C:\Windows\System\VwWRUzY.exe
  2⤵
  PID:3632
- C:\Windows\System\gSQUNWe.exe
  C:\Windows\System\gSQUNWe.exe
  2⤵
  PID:3676
- C:\Windows\System\wcpwvgm.exe
  C:\Windows\System\wcpwvgm.exe
  2⤵
  PID:3636
- C:\Windows\System\XKKOoWL.exe
  C:\Windows\System\XKKOoWL.exe
  2⤵
  PID:3832
- C:\Windows\System\bygTnvM.exe
  C:\Windows\System\bygTnvM.exe
  2⤵
  PID:3932
- C:\Windows\System\HrIFPgi.exe
  C:\Windows\System\HrIFPgi.exe
  2⤵
  PID:4112
- C:\Windows\System\HiPOCfA.exe
  C:\Windows\System\HiPOCfA.exe
  2⤵
  PID:4132
- C:\Windows\System\IvrhnRy.exe
  C:\Windows\System\IvrhnRy.exe
  2⤵
  PID:4148
- C:\Windows\System\TxRKDfI.exe
  C:\Windows\System\TxRKDfI.exe
  2⤵
  PID:4164
- C:\Windows\System\uMEuzdT.exe
  C:\Windows\System\uMEuzdT.exe
  2⤵
  PID:4192
- C:\Windows\System\iKgOkEX.exe
  C:\Windows\System\iKgOkEX.exe
  2⤵
  PID:4212
- C:\Windows\System\TJooGUI.exe
  C:\Windows\System\TJooGUI.exe
  2⤵
  PID:4232
- C:\Windows\System\KhzLUFV.exe
  C:\Windows\System\KhzLUFV.exe
  2⤵
  PID:4252
- C:\Windows\System\dNTWBhe.exe
  C:\Windows\System\dNTWBhe.exe
  2⤵
  PID:4272
- C:\Windows\System\rBuySpa.exe
  C:\Windows\System\rBuySpa.exe
  2⤵
  PID:4288
- C:\Windows\System\LXfkhTg.exe
  C:\Windows\System\LXfkhTg.exe
  2⤵
  PID:4308
- C:\Windows\System\dSVJptc.exe
  C:\Windows\System\dSVJptc.exe
  2⤵
  PID:4336
- C:\Windows\System\jdVQopr.exe
  C:\Windows\System\jdVQopr.exe
  2⤵
  PID:4356
- C:\Windows\System\JgSqbxQ.exe
  C:\Windows\System\JgSqbxQ.exe
  2⤵
  PID:4376
- C:\Windows\System\PBbDqGA.exe
  C:\Windows\System\PBbDqGA.exe
  2⤵
  PID:4400
- C:\Windows\System\IDKMFLE.exe
  C:\Windows\System\IDKMFLE.exe
  2⤵
  PID:4416
- C:\Windows\System\elZMPiZ.exe
  C:\Windows\System\elZMPiZ.exe
  2⤵
  PID:4436
- C:\Windows\System\ffcDzlV.exe
  C:\Windows\System\ffcDzlV.exe
  2⤵
  PID:4452
- C:\Windows\System\zLdVegv.exe
  C:\Windows\System\zLdVegv.exe
  2⤵
  PID:4476
- C:\Windows\System\fYlwgMY.exe
  C:\Windows\System\fYlwgMY.exe
  2⤵
  PID:4496
- C:\Windows\System\VfHetdp.exe
  C:\Windows\System\VfHetdp.exe
  2⤵
  PID:4520
- C:\Windows\System\YCrtqmo.exe
  C:\Windows\System\YCrtqmo.exe
  2⤵
  PID:4536
- C:\Windows\System\eicrKEQ.exe
  C:\Windows\System\eicrKEQ.exe
  2⤵
  PID:4556
- C:\Windows\System\rPNoQEx.exe
  C:\Windows\System\rPNoQEx.exe
  2⤵
  PID:4576
- C:\Windows\System\ipXtsPL.exe
  C:\Windows\System\ipXtsPL.exe
  2⤵
  PID:4596
- C:\Windows\System\UODTcPl.exe
  C:\Windows\System\UODTcPl.exe
  2⤵
  PID:4616
- C:\Windows\System\jLTRmUr.exe
  C:\Windows\System\jLTRmUr.exe
  2⤵
  PID:4636
- C:\Windows\System\uWngBsu.exe
  C:\Windows\System\uWngBsu.exe
  2⤵
  PID:4656
- C:\Windows\System\sgQXnYB.exe
  C:\Windows\System\sgQXnYB.exe
  2⤵
  PID:4676
- C:\Windows\System\vgfRvmT.exe
  C:\Windows\System\vgfRvmT.exe
  2⤵
  PID:4696
- C:\Windows\System\fjcxyrl.exe
  C:\Windows\System\fjcxyrl.exe
  2⤵
  PID:4716
- C:\Windows\System\QLaegII.exe
  C:\Windows\System\QLaegII.exe
  2⤵
  PID:4736
- C:\Windows\System\ICvyWVJ.exe
  C:\Windows\System\ICvyWVJ.exe
  2⤵
  PID:4756
- C:\Windows\System\UxzGOPY.exe
  C:\Windows\System\UxzGOPY.exe
  2⤵
  PID:4776
- C:\Windows\System\NPszjhq.exe
  C:\Windows\System\NPszjhq.exe
  2⤵
  PID:4796
- C:\Windows\System\SWhxchv.exe
  C:\Windows\System\SWhxchv.exe
  2⤵
  PID:4816
- C:\Windows\System\USivntF.exe
  C:\Windows\System\USivntF.exe
  2⤵
  PID:4836
- C:\Windows\System\TCwGFpb.exe
  C:\Windows\System\TCwGFpb.exe
  2⤵
  PID:4856
- C:\Windows\System\WQrAflz.exe
  C:\Windows\System\WQrAflz.exe
  2⤵
  PID:4880
- C:\Windows\System\EjiOVNX.exe
  C:\Windows\System\EjiOVNX.exe
  2⤵
  PID:4900
- C:\Windows\System\aPNhhUf.exe
  C:\Windows\System\aPNhhUf.exe
  2⤵
  PID:4920
- C:\Windows\System\gROQtiB.exe
  C:\Windows\System\gROQtiB.exe
  2⤵
  PID:4940
- C:\Windows\System\HXgGync.exe
  C:\Windows\System\HXgGync.exe
  2⤵
  PID:4960
- C:\Windows\System\qcKPVBG.exe
  C:\Windows\System\qcKPVBG.exe
  2⤵
  PID:4976
- C:\Windows\System\TpuaOYA.exe
  C:\Windows\System\TpuaOYA.exe
  2⤵
  PID:5004
- C:\Windows\System\eFVXRFF.exe
  C:\Windows\System\eFVXRFF.exe
  2⤵
  PID:5032
- C:\Windows\System\zXKsTCU.exe
  C:\Windows\System\zXKsTCU.exe
  2⤵
  PID:5048
- C:\Windows\System\CAdziqu.exe
  C:\Windows\System\CAdziqu.exe
  2⤵
  PID:5068
- C:\Windows\System\fQOYkQf.exe
  C:\Windows\System\fQOYkQf.exe
  2⤵
  PID:5092
- C:\Windows\System\WAfRgIx.exe
  C:\Windows\System\WAfRgIx.exe
  2⤵
  PID:5108
- C:\Windows\System\uaalSip.exe
  C:\Windows\System\uaalSip.exe
  2⤵
  PID:4056
- C:\Windows\System\kUSZWYl.exe
  C:\Windows\System\kUSZWYl.exe
  2⤵
  PID:3844
- C:\Windows\System\dXMlrdL.exe
  C:\Windows\System\dXMlrdL.exe
  2⤵
  PID:1636
- C:\Windows\System\YKGHhRa.exe
  C:\Windows\System\YKGHhRa.exe
  2⤵
  PID:2392
- C:\Windows\System\exAsqmC.exe
  C:\Windows\System\exAsqmC.exe
  2⤵
  PID:3240
- C:\Windows\System\AyQhwvw.exe
  C:\Windows\System\AyQhwvw.exe
  2⤵
  PID:3392
- C:\Windows\System\dhHjFNL.exe
  C:\Windows\System\dhHjFNL.exe
  2⤵
  PID:3616
- C:\Windows\System\asVfTAP.exe
  C:\Windows\System\asVfTAP.exe
  2⤵
  PID:3708
- C:\Windows\System\ksvCGSP.exe
  C:\Windows\System\ksvCGSP.exe
  2⤵
  PID:3640
- C:\Windows\System\CUtQYNL.exe
  C:\Windows\System\CUtQYNL.exe
  2⤵
  PID:3732
- C:\Windows\System\QtbPoat.exe
  C:\Windows\System\QtbPoat.exe
  2⤵
  PID:4120
- C:\Windows\System\XHQCAzv.exe
  C:\Windows\System\XHQCAzv.exe
  2⤵
  PID:4160
- C:\Windows\System\IudEzfE.exe
  C:\Windows\System\IudEzfE.exe
  2⤵
  PID:4220
- C:\Windows\System\NmJtLhv.exe
  C:\Windows\System\NmJtLhv.exe
  2⤵
  PID:4268
- C:\Windows\System\PIBbUIJ.exe
  C:\Windows\System\PIBbUIJ.exe
  2⤵
  PID:4344
- C:\Windows\System\zNDbObh.exe
  C:\Windows\System\zNDbObh.exe
  2⤵
  PID:4316
- C:\Windows\System\CjXbdNI.exe
  C:\Windows\System\CjXbdNI.exe
  2⤵
  PID:4396
- C:\Windows\System\fIhISKJ.exe
  C:\Windows\System\fIhISKJ.exe
  2⤵
  PID:4428
- C:\Windows\System\CXiHZEy.exe
  C:\Windows\System\CXiHZEy.exe
  2⤵
  PID:4328
- C:\Windows\System\HeeLTmq.exe
  C:\Windows\System\HeeLTmq.exe
  2⤵
  PID:4408
- C:\Windows\System\sPmqcxR.exe
  C:\Windows\System\sPmqcxR.exe
  2⤵
  PID:4516
- C:\Windows\System\jSxAumf.exe
  C:\Windows\System\jSxAumf.exe
  2⤵
  PID:4488
- C:\Windows\System\uuuuiAx.exe
  C:\Windows\System\uuuuiAx.exe
  2⤵
  PID:4548
- C:\Windows\System\wVjsmgg.exe
  C:\Windows\System\wVjsmgg.exe
  2⤵
  PID:4632
- C:\Windows\System\FqsLaJJ.exe
  C:\Windows\System\FqsLaJJ.exe
  2⤵
  PID:4672
- C:\Windows\System\wUZIByx.exe
  C:\Windows\System\wUZIByx.exe
  2⤵
  PID:4604
- C:\Windows\System\hWYilYh.exe
  C:\Windows\System\hWYilYh.exe
  2⤵
  PID:4788
- C:\Windows\System\fHWRaDi.exe
  C:\Windows\System\fHWRaDi.exe
  2⤵
  PID:4828
- C:\Windows\System\GeZyEHr.exe
  C:\Windows\System\GeZyEHr.exe
  2⤵
  PID:4864
- C:\Windows\System\BxTcqiy.exe
  C:\Windows\System\BxTcqiy.exe
  2⤵
  PID:4916
- C:\Windows\System\OSUcCXB.exe
  C:\Windows\System\OSUcCXB.exe
  2⤵
  PID:4808
- C:\Windows\System\lLcLLuh.exe
  C:\Windows\System\lLcLLuh.exe
  2⤵
  PID:4804
- C:\Windows\System\mcMKnuW.exe
  C:\Windows\System\mcMKnuW.exe
  2⤵
  PID:4888
- C:\Windows\System\sstBudS.exe
  C:\Windows\System\sstBudS.exe
  2⤵
  PID:4936
- C:\Windows\System\GHJeAWf.exe
  C:\Windows\System\GHJeAWf.exe
  2⤵
  PID:5016
- C:\Windows\System\lQrLzmP.exe
  C:\Windows\System\lQrLzmP.exe
  2⤵
  PID:5116
- C:\Windows\System\tBOwwXk.exe
  C:\Windows\System\tBOwwXk.exe
  2⤵
  PID:1356
- C:\Windows\System\NQinaKZ.exe
  C:\Windows\System\NQinaKZ.exe
  2⤵
  PID:5028
- C:\Windows\System\ibPdCKh.exe
  C:\Windows\System\ibPdCKh.exe
  2⤵
  PID:2516
- C:\Windows\System\NElMlxb.exe
  C:\Windows\System\NElMlxb.exe
  2⤵
  PID:3516
- C:\Windows\System\vVELvZq.exe
  C:\Windows\System\vVELvZq.exe
  2⤵
  PID:4100
- C:\Windows\System\cytwAKE.exe
  C:\Windows\System\cytwAKE.exe
  2⤵
  PID:3292
- C:\Windows\System\wyAvMsO.exe
  C:\Windows\System\wyAvMsO.exe
  2⤵
  PID:540
- C:\Windows\System\dhqfxDu.exe
  C:\Windows\System\dhqfxDu.exe
  2⤵
  PID:4208
- C:\Windows\System\WNAranQ.exe
  C:\Windows\System\WNAranQ.exe
  2⤵
  PID:4240
- C:\Windows\System\VvtroQz.exe
  C:\Windows\System\VvtroQz.exe
  2⤵
  PID:4468
- C:\Windows\System\qaGClpf.exe
  C:\Windows\System\qaGClpf.exe
  2⤵
  PID:4504
- C:\Windows\System\KlvqVYp.exe
  C:\Windows\System\KlvqVYp.exe
  2⤵
  PID:4492
- C:\Windows\System\GoIVBDy.exe
  C:\Windows\System\GoIVBDy.exe
  2⤵
  PID:4224
- C:\Windows\System\aeNXfCp.exe
  C:\Windows\System\aeNXfCp.exe
  2⤵
  PID:3784
- C:\Windows\System\ueOzpJE.exe
  C:\Windows\System\ueOzpJE.exe
  2⤵
  PID:4280
- C:\Windows\System\FCswyjk.exe
  C:\Windows\System\FCswyjk.exe
  2⤵
  PID:4432
- C:\Windows\System\iPcZwbU.exe
  C:\Windows\System\iPcZwbU.exe
  2⤵
  PID:4544
- C:\Windows\System\FKxcohn.exe
  C:\Windows\System\FKxcohn.exe
  2⤵
  PID:4572
- C:\Windows\System\ruVNKBv.exe
  C:\Windows\System\ruVNKBv.exe
  2⤵
  PID:4724
- C:\Windows\System\JHICjkt.exe
  C:\Windows\System\JHICjkt.exe
  2⤵
  PID:4984
- C:\Windows\System\bGDaFhT.exe
  C:\Windows\System\bGDaFhT.exe
  2⤵
  PID:3896
- C:\Windows\System\CyIPEaa.exe
  C:\Windows\System\CyIPEaa.exe
  2⤵
  PID:4868
- C:\Windows\System\GVTJRGt.exe
  C:\Windows\System\GVTJRGt.exe
  2⤵
  PID:2544
- C:\Windows\System\rlZmlKr.exe
  C:\Windows\System\rlZmlKr.exe
  2⤵
  PID:4472
- C:\Windows\System\TuBHrPS.exe
  C:\Windows\System\TuBHrPS.exe
  2⤵
  PID:4892
- C:\Windows\System\NFBqWrc.exe
  C:\Windows\System\NFBqWrc.exe
  2⤵
  PID:5088
- C:\Windows\System\EgPWdaG.exe
  C:\Windows\System\EgPWdaG.exe
  2⤵
  PID:5024
- C:\Windows\System\ronIoLp.exe
  C:\Windows\System\ronIoLp.exe
  2⤵
  PID:4372
- C:\Windows\System\EVZykSC.exe
  C:\Windows\System\EVZykSC.exe
  2⤵
  PID:4784
- C:\Windows\System\kuhadPA.exe
  C:\Windows\System\kuhadPA.exe
  2⤵
  PID:5136
- C:\Windows\System\VgZIhfN.exe
  C:\Windows\System\VgZIhfN.exe
  2⤵
  PID:5152
- C:\Windows\System\SLsTNMo.exe
  C:\Windows\System\SLsTNMo.exe
  2⤵
  PID:5168
- C:\Windows\System\UABfkqu.exe
  C:\Windows\System\UABfkqu.exe
  2⤵
  PID:5188
- C:\Windows\System\nRbILwq.exe
  C:\Windows\System\nRbILwq.exe
  2⤵
  PID:5208
- C:\Windows\System\xnnvAHe.exe
  C:\Windows\System\xnnvAHe.exe
  2⤵
  PID:5228
- C:\Windows\System\PgzNuRI.exe
  C:\Windows\System\PgzNuRI.exe
  2⤵
  PID:5248
- C:\Windows\System\NJWCyAd.exe
  C:\Windows\System\NJWCyAd.exe
  2⤵
  PID:5276
- C:\Windows\System\GfpiuDg.exe
  C:\Windows\System\GfpiuDg.exe
  2⤵
  PID:5292
- C:\Windows\System\kFXjDVs.exe
  C:\Windows\System\kFXjDVs.exe
  2⤵
  PID:5308
- C:\Windows\System\wZHguWz.exe
  C:\Windows\System\wZHguWz.exe
  2⤵
  PID:5332
- C:\Windows\System\DnSbNia.exe
  C:\Windows\System\DnSbNia.exe
  2⤵
  PID:5352
- C:\Windows\System\kbDErZO.exe
  C:\Windows\System\kbDErZO.exe
  2⤵
  PID:5376
- C:\Windows\System\CjWhlkb.exe
  C:\Windows\System\CjWhlkb.exe
  2⤵
  PID:5396
- C:\Windows\System\UsWvwSz.exe
  C:\Windows\System\UsWvwSz.exe
  2⤵
  PID:5416
- C:\Windows\System\bCjIoSk.exe
  C:\Windows\System\bCjIoSk.exe
  2⤵
  PID:5436
- C:\Windows\System\imNOZZn.exe
  C:\Windows\System\imNOZZn.exe
  2⤵
  PID:5452
- C:\Windows\System\mfJjyZl.exe
  C:\Windows\System\mfJjyZl.exe
  2⤵
  PID:5476
- C:\Windows\System\eiELLNW.exe
  C:\Windows\System\eiELLNW.exe
  2⤵
  PID:5496
- C:\Windows\System\OyJuRdm.exe
  C:\Windows\System\OyJuRdm.exe
  2⤵
  PID:5516
- C:\Windows\System\pbBjbuh.exe
  C:\Windows\System\pbBjbuh.exe
  2⤵
  PID:5536
- C:\Windows\System\nmZpsPq.exe
  C:\Windows\System\nmZpsPq.exe
  2⤵
  PID:5556
- C:\Windows\System\SqpjgqK.exe
  C:\Windows\System\SqpjgqK.exe
  2⤵
  PID:5572
- C:\Windows\System\eEdUUgz.exe
  C:\Windows\System\eEdUUgz.exe
  2⤵
  PID:5596
- C:\Windows\System\iyZePgF.exe
  C:\Windows\System\iyZePgF.exe
  2⤵
  PID:5616
- C:\Windows\System\VEaKNOs.exe
  C:\Windows\System\VEaKNOs.exe
  2⤵
  PID:5636
- C:\Windows\System\vEmwiSt.exe
  C:\Windows\System\vEmwiSt.exe
  2⤵
  PID:5652
- C:\Windows\System\aLhbOTX.exe
  C:\Windows\System\aLhbOTX.exe
  2⤵
  PID:5676
- C:\Windows\System\GiSlydE.exe
  C:\Windows\System\GiSlydE.exe
  2⤵
  PID:5696
- C:\Windows\System\dKXQKBH.exe
  C:\Windows\System\dKXQKBH.exe
  2⤵
  PID:5712
- C:\Windows\System\YPXVnyZ.exe
  C:\Windows\System\YPXVnyZ.exe
  2⤵
  PID:5736
- C:\Windows\System\AMfuhqs.exe
  C:\Windows\System\AMfuhqs.exe
  2⤵
  PID:5756
- C:\Windows\System\MfYNBKC.exe
  C:\Windows\System\MfYNBKC.exe
  2⤵
  PID:5780
- C:\Windows\System\FBZUSxV.exe
  C:\Windows\System\FBZUSxV.exe
  2⤵
  PID:5804
- C:\Windows\System\koPdOdI.exe
  C:\Windows\System\koPdOdI.exe
  2⤵
  PID:5824
- C:\Windows\System\ediqxAx.exe
  C:\Windows\System\ediqxAx.exe
  2⤵
  PID:5844
- C:\Windows\System\wVGmbid.exe
  C:\Windows\System\wVGmbid.exe
  2⤵
  PID:5864
- C:\Windows\System\KKcVRSy.exe
  C:\Windows\System\KKcVRSy.exe
  2⤵
  PID:5884
- C:\Windows\System\ODNaONt.exe
  C:\Windows\System\ODNaONt.exe
  2⤵
  PID:5904
- C:\Windows\System\CddxVLP.exe
  C:\Windows\System\CddxVLP.exe
  2⤵
  PID:5924
- C:\Windows\System\qgzdwJE.exe
  C:\Windows\System\qgzdwJE.exe
  2⤵
  PID:5944
- C:\Windows\System\tQNMwaD.exe
  C:\Windows\System\tQNMwaD.exe
  2⤵
  PID:5964
- C:\Windows\System\uIkxAMD.exe
  C:\Windows\System\uIkxAMD.exe
  2⤵
  PID:5984
- C:\Windows\System\NoSbeGo.exe
  C:\Windows\System\NoSbeGo.exe
  2⤵
  PID:6004
- C:\Windows\System\LczxPtq.exe
  C:\Windows\System\LczxPtq.exe
  2⤵
  PID:6024
- C:\Windows\System\fBxOpaQ.exe
  C:\Windows\System\fBxOpaQ.exe
  2⤵
  PID:6044
- C:\Windows\System\aockrEa.exe
  C:\Windows\System\aockrEa.exe
  2⤵
  PID:6064
- C:\Windows\System\TwgmEjf.exe
  C:\Windows\System\TwgmEjf.exe
  2⤵
  PID:6084
- C:\Windows\System\wMNxQYA.exe
  C:\Windows\System\wMNxQYA.exe
  2⤵
  PID:6104
- C:\Windows\System\lmxCSAj.exe
  C:\Windows\System\lmxCSAj.exe
  2⤵
  PID:6124
- C:\Windows\System\qFMeFqY.exe
  C:\Windows\System\qFMeFqY.exe
  2⤵
  PID:4664
- C:\Windows\System\HyWEJLp.exe
  C:\Windows\System\HyWEJLp.exe
  2⤵
  PID:4564
- C:\Windows\System\PSavjYK.exe
  C:\Windows\System\PSavjYK.exe
  2⤵
  PID:4948
- C:\Windows\System\XfUYRbR.exe
  C:\Windows\System\XfUYRbR.exe
  2⤵
  PID:4444
- C:\Windows\System\AOryXee.exe
  C:\Windows\System\AOryXee.exe
  2⤵
  PID:4180
- C:\Windows\System\SMyaaNt.exe
  C:\Windows\System\SMyaaNt.exe
  2⤵
  PID:4044
- C:\Windows\System\qjynVoJ.exe
  C:\Windows\System\qjynVoJ.exe
  2⤵
  PID:5064
- C:\Windows\System\DlWSqTq.exe
  C:\Windows\System\DlWSqTq.exe
  2⤵
  PID:4692
- C:\Windows\System\XkJsZbs.exe
  C:\Windows\System\XkJsZbs.exe
  2⤵
  PID:4108
- C:\Windows\System\jZuRWCX.exe
  C:\Windows\System\jZuRWCX.exe
  2⤵
  PID:4768
- C:\Windows\System\JYveCzS.exe
  C:\Windows\System\JYveCzS.exe
  2⤵
  PID:5176
- C:\Windows\System\dYIHAoL.exe
  C:\Windows\System\dYIHAoL.exe
  2⤵
  PID:4300
- C:\Windows\System\FpFIPYJ.exe
  C:\Windows\System\FpFIPYJ.exe
  2⤵
  PID:5216
- C:\Windows\System\ZrAaisR.exe
  C:\Windows\System\ZrAaisR.exe
  2⤵
  PID:5260
- C:\Windows\System\vGpCEfl.exe
  C:\Windows\System\vGpCEfl.exe
  2⤵
  PID:5300
- C:\Windows\System\utcRPbr.exe
  C:\Windows\System\utcRPbr.exe
  2⤵
  PID:5240
- C:\Windows\System\byevitM.exe
  C:\Windows\System\byevitM.exe
  2⤵
  PID:5160
- C:\Windows\System\bUQYlIH.exe
  C:\Windows\System\bUQYlIH.exe
  2⤵
  PID:5392
- C:\Windows\System\qNPJxsw.exe
  C:\Windows\System\qNPJxsw.exe
  2⤵
  PID:5316
- C:\Windows\System\kMkXzhc.exe
  C:\Windows\System\kMkXzhc.exe
  2⤵
  PID:5284
- C:\Windows\System\VtIYwhw.exe
  C:\Windows\System\VtIYwhw.exe
  2⤵
  PID:5460
- C:\Windows\System\edxhTrp.exe
  C:\Windows\System\edxhTrp.exe
  2⤵
  PID:5412
- C:\Windows\System\hpuMcXP.exe
  C:\Windows\System\hpuMcXP.exe
  2⤵
  PID:5448
- C:\Windows\System\SulhQaT.exe
  C:\Windows\System\SulhQaT.exe
  2⤵
  PID:5548
- C:\Windows\System\RemOehd.exe
  C:\Windows\System\RemOehd.exe
  2⤵
  PID:5524
- C:\Windows\System\vVBsyIz.exe
  C:\Windows\System\vVBsyIz.exe
  2⤵
  PID:5568
- C:\Windows\System\ZggJlwe.exe
  C:\Windows\System\ZggJlwe.exe
  2⤵
  PID:5644
- C:\Windows\System\hhLacaO.exe
  C:\Windows\System\hhLacaO.exe
  2⤵
  PID:5664
- C:\Windows\System\ikaXmfU.exe
  C:\Windows\System\ikaXmfU.exe
  2⤵
  PID:5684
- C:\Windows\System\XvzisUa.exe
  C:\Windows\System\XvzisUa.exe
  2⤵
  PID:5748
- C:\Windows\System\siaLGRA.exe
  C:\Windows\System\siaLGRA.exe
  2⤵
  PID:5752
- C:\Windows\System\EMKQPNZ.exe
  C:\Windows\System\EMKQPNZ.exe
  2⤵
  PID:5764
- C:\Windows\System\FQmvAUl.exe
  C:\Windows\System\FQmvAUl.exe
  2⤵
  PID:5832
- C:\Windows\System\FWSvgrv.exe
  C:\Windows\System\FWSvgrv.exe
  2⤵
  PID:5816
- C:\Windows\System\naHLngv.exe
  C:\Windows\System\naHLngv.exe
  2⤵
  PID:5880
- C:\Windows\System\OJhMvfd.exe
  C:\Windows\System\OJhMvfd.exe
  2⤵
  PID:5920
- C:\Windows\System\hjuICHl.exe
  C:\Windows\System\hjuICHl.exe
  2⤵
  PID:5960
- C:\Windows\System\ytyivDw.exe
  C:\Windows\System\ytyivDw.exe
  2⤵
  PID:5980
- C:\Windows\System\qyOAGuH.exe
  C:\Windows\System\qyOAGuH.exe
  2⤵
  PID:6012
- C:\Windows\System\CDuQwiT.exe
  C:\Windows\System\CDuQwiT.exe
  2⤵
  PID:6016
- C:\Windows\System\yRqXnin.exe
  C:\Windows\System\yRqXnin.exe
  2⤵
  PID:6076
- C:\Windows\System\DoYlrqm.exe
  C:\Windows\System\DoYlrqm.exe
  2⤵
  PID:6100
- C:\Windows\System\FdzQxly.exe
  C:\Windows\System\FdzQxly.exe
  2⤵
  PID:6132
- C:\Windows\System\nJrDrrH.exe
  C:\Windows\System\nJrDrrH.exe
  2⤵
  PID:4552
- C:\Windows\System\BNwEpRO.exe
  C:\Windows\System\BNwEpRO.exe
  2⤵
  PID:4388
- C:\Windows\System\VDiGAas.exe
  C:\Windows\System\VDiGAas.exe
  2⤵
  PID:5012
- C:\Windows\System\jVLlxoU.exe
  C:\Windows\System\jVLlxoU.exe
  2⤵
  PID:4176
- C:\Windows\System\VCPDYXH.exe
  C:\Windows\System\VCPDYXH.exe
  2⤵
  PID:3380
- C:\Windows\System\HLQztef.exe
  C:\Windows\System\HLQztef.exe
  2⤵
  PID:4284
- C:\Windows\System\IusFOnB.exe
  C:\Windows\System\IusFOnB.exe
  2⤵
  PID:5080
- C:\Windows\System\oAjkmBx.exe
  C:\Windows\System\oAjkmBx.exe
  2⤵
  PID:4424
- C:\Windows\System\gccVaiQ.exe
  C:\Windows\System\gccVaiQ.exe
  2⤵
  PID:5204
- C:\Windows\System\cvbjGpk.exe
  C:\Windows\System\cvbjGpk.exe
  2⤵
  PID:5164
- C:\Windows\System\YRKCFib.exe
  C:\Windows\System\YRKCFib.exe
  2⤵
  PID:5428
- C:\Windows\System\CFdYZYy.exe
  C:\Windows\System\CFdYZYy.exe
  2⤵
  PID:5472
- C:\Windows\System\LqwTjvA.exe
  C:\Windows\System\LqwTjvA.exe
  2⤵
  PID:5504
- C:\Windows\System\COjvkeK.exe
  C:\Windows\System\COjvkeK.exe
  2⤵
  PID:5488
- C:\Windows\System\SceBhDv.exe
  C:\Windows\System\SceBhDv.exe
  2⤵
  PID:5584
- C:\Windows\System\WSaoBmd.exe
  C:\Windows\System\WSaoBmd.exe
  2⤵
  PID:5660
- C:\Windows\System\TvomOYq.exe
  C:\Windows\System\TvomOYq.exe
  2⤵
  PID:5692
- C:\Windows\System\TgUYNyL.exe
  C:\Windows\System\TgUYNyL.exe
  2⤵
  PID:2484
- C:\Windows\System\PiAftne.exe
  C:\Windows\System\PiAftne.exe
  2⤵
  PID:5800
- C:\Windows\System\OGyiFSu.exe
  C:\Windows\System\OGyiFSu.exe
  2⤵
  PID:5820
- C:\Windows\System\SnZFGNW.exe
  C:\Windows\System\SnZFGNW.exe
  2⤵
  PID:5860
- C:\Windows\System\vvdkwqV.exe
  C:\Windows\System\vvdkwqV.exe
  2⤵
  PID:6164
- C:\Windows\System\lVmswPv.exe
  C:\Windows\System\lVmswPv.exe
  2⤵
  PID:6184
- C:\Windows\System\KGZIoOz.exe
  C:\Windows\System\KGZIoOz.exe
  2⤵
  PID:6204
- C:\Windows\System\uLoeoNd.exe
  C:\Windows\System\uLoeoNd.exe
  2⤵
  PID:6224
- C:\Windows\System\gSZErOS.exe
  C:\Windows\System\gSZErOS.exe
  2⤵
  PID:6244
- C:\Windows\System\YoiVUEt.exe
  C:\Windows\System\YoiVUEt.exe
  2⤵
  PID:6264
- C:\Windows\System\cbkrine.exe
  C:\Windows\System\cbkrine.exe
  2⤵
  PID:6288
- C:\Windows\System\EGXwzmT.exe
  C:\Windows\System\EGXwzmT.exe
  2⤵
  PID:6308
- C:\Windows\System\quxfudK.exe
  C:\Windows\System\quxfudK.exe
  2⤵
  PID:6328
- C:\Windows\System\dZyARMd.exe
  C:\Windows\System\dZyARMd.exe
  2⤵
  PID:6348
- C:\Windows\System\qijAltc.exe
  C:\Windows\System\qijAltc.exe
  2⤵
  PID:6368
- C:\Windows\System\piuRfPy.exe
  C:\Windows\System\piuRfPy.exe
  2⤵
  PID:6388
- C:\Windows\System\gipHFAa.exe
  C:\Windows\System\gipHFAa.exe
  2⤵
  PID:6408
- C:\Windows\System\CjMaeaW.exe
  C:\Windows\System\CjMaeaW.exe
  2⤵
  PID:6428
- C:\Windows\System\CZgGpnM.exe
  C:\Windows\System\CZgGpnM.exe
  2⤵
  PID:6448
- C:\Windows\System\RAhvIie.exe
  C:\Windows\System\RAhvIie.exe
  2⤵
  PID:6468
- C:\Windows\System\XYMyoBT.exe
  C:\Windows\System\XYMyoBT.exe
  2⤵
  PID:6484
- C:\Windows\System\bRBCJJn.exe
  C:\Windows\System\bRBCJJn.exe
  2⤵
  PID:6508
- C:\Windows\System\zZWLfyG.exe
  C:\Windows\System\zZWLfyG.exe
  2⤵
  PID:6528
- C:\Windows\System\eYNzIrD.exe
  C:\Windows\System\eYNzIrD.exe
  2⤵
  PID:6548
- C:\Windows\System\wnQVSAB.exe
  C:\Windows\System\wnQVSAB.exe
  2⤵
  PID:6568
- C:\Windows\System\lkdUhuc.exe
  C:\Windows\System\lkdUhuc.exe
  2⤵
  PID:6588
- C:\Windows\System\jVaiQmZ.exe
  C:\Windows\System\jVaiQmZ.exe
  2⤵
  PID:6608
- C:\Windows\System\RaWRQai.exe
  C:\Windows\System\RaWRQai.exe
  2⤵
  PID:6628
- C:\Windows\System\JRNDrty.exe
  C:\Windows\System\JRNDrty.exe
  2⤵
  PID:6648
- C:\Windows\System\cDOSyVZ.exe
  C:\Windows\System\cDOSyVZ.exe
  2⤵
  PID:6668
- C:\Windows\System\aePzLCV.exe
  C:\Windows\System\aePzLCV.exe
  2⤵
  PID:6688
- C:\Windows\System\iqpMUQQ.exe
  C:\Windows\System\iqpMUQQ.exe
  2⤵
  PID:6708
- C:\Windows\System\pZlGDGl.exe
  C:\Windows\System\pZlGDGl.exe
  2⤵
  PID:6728
- C:\Windows\System\ersGZej.exe
  C:\Windows\System\ersGZej.exe
  2⤵
  PID:6748
- C:\Windows\System\GoigcyP.exe
  C:\Windows\System\GoigcyP.exe
  2⤵
  PID:6768
- C:\Windows\System\vZmmGgA.exe
  C:\Windows\System\vZmmGgA.exe
  2⤵
  PID:6788
- C:\Windows\System\bRAmmQB.exe
  C:\Windows\System\bRAmmQB.exe
  2⤵
  PID:6808
- C:\Windows\System\yaWOTXU.exe
  C:\Windows\System\yaWOTXU.exe
  2⤵
  PID:6828
- C:\Windows\System\HYXIapl.exe
  C:\Windows\System\HYXIapl.exe
  2⤵
  PID:6848
- C:\Windows\System\dqJmMgu.exe
  C:\Windows\System\dqJmMgu.exe
  2⤵
  PID:6868
- C:\Windows\System\ppYqjSL.exe
  C:\Windows\System\ppYqjSL.exe
  2⤵
  PID:6888
- C:\Windows\System\yMEfUwj.exe
  C:\Windows\System\yMEfUwj.exe
  2⤵
  PID:6908
- C:\Windows\System\eBSdOJq.exe
  C:\Windows\System\eBSdOJq.exe
  2⤵
  PID:6928
- C:\Windows\System\AKFnmMn.exe
  C:\Windows\System\AKFnmMn.exe
  2⤵
  PID:6952
- C:\Windows\System\djmBRmS.exe
  C:\Windows\System\djmBRmS.exe
  2⤵
  PID:6972
- C:\Windows\System\CvExjbq.exe
  C:\Windows\System\CvExjbq.exe
  2⤵
  PID:6992
- C:\Windows\System\BcCloBA.exe
  C:\Windows\System\BcCloBA.exe
  2⤵
  PID:7012
- C:\Windows\System\pKaHFmB.exe
  C:\Windows\System\pKaHFmB.exe
  2⤵
  PID:7032
- C:\Windows\System\SewpjaS.exe
  C:\Windows\System\SewpjaS.exe
  2⤵
  PID:7052
- C:\Windows\System\hRVGtym.exe
  C:\Windows\System\hRVGtym.exe
  2⤵
  PID:7072
- C:\Windows\System\BZPFHfJ.exe
  C:\Windows\System\BZPFHfJ.exe
  2⤵
  PID:7092
- C:\Windows\System\mNPwEjy.exe
  C:\Windows\System\mNPwEjy.exe
  2⤵
  PID:7112
- C:\Windows\System\YMocGPA.exe
  C:\Windows\System\YMocGPA.exe
  2⤵
  PID:7132
- C:\Windows\System\SjoPSaZ.exe
  C:\Windows\System\SjoPSaZ.exe
  2⤵
  PID:7152
- C:\Windows\System\tijbJmN.exe
  C:\Windows\System\tijbJmN.exe
  2⤵
  PID:5916
- C:\Windows\System\GZNYjrl.exe
  C:\Windows\System\GZNYjrl.exe
  2⤵
  PID:5956
- C:\Windows\System\QTXFkbH.exe
  C:\Windows\System\QTXFkbH.exe
  2⤵
  PID:6040
- C:\Windows\System\VfIbmdA.exe
  C:\Windows\System\VfIbmdA.exe
  2⤵
  PID:6072
- C:\Windows\System\KMkwHgz.exe
  C:\Windows\System\KMkwHgz.exe
  2⤵
  PID:4624
- C:\Windows\System\DyqXRqR.exe
  C:\Windows\System\DyqXRqR.exe
  2⤵
  PID:4144
- C:\Windows\System\xKPEOED.exe
  C:\Windows\System\xKPEOED.exe
  2⤵
  PID:3252
- C:\Windows\System\bBwADLX.exe
  C:\Windows\System\bBwADLX.exe
  2⤵
  PID:3880
- C:\Windows\System\CsoJWRV.exe
  C:\Windows\System\CsoJWRV.exe
  2⤵
  PID:5148
- C:\Windows\System\KTQFVqv.exe
  C:\Windows\System\KTQFVqv.exe
  2⤵
  PID:5104
- C:\Windows\System\BByFdXh.exe
  C:\Windows\System\BByFdXh.exe
  2⤵
  PID:5244
- C:\Windows\System\eTxknzc.exe
  C:\Windows\System\eTxknzc.exe
  2⤵
  PID:5432
- C:\Windows\System\bKymABC.exe
  C:\Windows\System\bKymABC.exe
  2⤵
  PID:5552
- C:\Windows\System\DdcvpZS.exe
  C:\Windows\System\DdcvpZS.exe
  2⤵
  PID:5564
- C:\Windows\System\ijFtdad.exe
  C:\Windows\System\ijFtdad.exe
  2⤵
  PID:5668
- C:\Windows\System\wWllORY.exe
  C:\Windows\System\wWllORY.exe
  2⤵
  PID:5796
- C:\Windows\System\THCvxKH.exe
  C:\Windows\System\THCvxKH.exe
  2⤵
  PID:5776
- C:\Windows\System\oCXkdAH.exe
  C:\Windows\System\oCXkdAH.exe
  2⤵
  PID:6172
- C:\Windows\System\sOsXNgX.exe
  C:\Windows\System\sOsXNgX.exe
  2⤵
  PID:6220
- C:\Windows\System\UORIzdT.exe
  C:\Windows\System\UORIzdT.exe
  2⤵
  PID:6232
- C:\Windows\System\dtHHMiZ.exe
  C:\Windows\System\dtHHMiZ.exe
  2⤵
  PID:6236
- C:\Windows\System\zvyUHEd.exe
  C:\Windows\System\zvyUHEd.exe
  2⤵
  PID:6304
- C:\Windows\System\MqFJxIb.exe
  C:\Windows\System\MqFJxIb.exe
  2⤵
  PID:6320
- C:\Windows\System\cuTwTEK.exe
  C:\Windows\System\cuTwTEK.exe
  2⤵
  PID:6364
- C:\Windows\System\IWtXnRD.exe
  C:\Windows\System\IWtXnRD.exe
  2⤵
  PID:6396
- C:\Windows\System\YmPOouX.exe
  C:\Windows\System\YmPOouX.exe
  2⤵
  PID:6424
- C:\Windows\System\IYDirzq.exe
  C:\Windows\System\IYDirzq.exe
  2⤵
  PID:6464
- C:\Windows\System\ZNfePxt.exe
  C:\Windows\System\ZNfePxt.exe
  2⤵
  PID:6476
- C:\Windows\System\AKQWzIO.exe
  C:\Windows\System\AKQWzIO.exe
  2⤵
  PID:6536
- C:\Windows\System\BCVjIws.exe
  C:\Windows\System\BCVjIws.exe
  2⤵
  PID:6564
- C:\Windows\System\ChvNzrH.exe
  C:\Windows\System\ChvNzrH.exe
  2⤵
  PID:6616
- C:\Windows\System\VrIqkZk.exe
  C:\Windows\System\VrIqkZk.exe
  2⤵
  PID:6636
- C:\Windows\System\hTDHLKI.exe
  C:\Windows\System\hTDHLKI.exe
  2⤵
  PID:6660
- C:\Windows\System\PuNKOjB.exe
  C:\Windows\System\PuNKOjB.exe
  2⤵
  PID:6700
- C:\Windows\System\ECNgihJ.exe
  C:\Windows\System\ECNgihJ.exe
  2⤵
  PID:6720
- C:\Windows\System\oNILghY.exe
  C:\Windows\System\oNILghY.exe
  2⤵
  PID:6756
- C:\Windows\System\cDOXsrU.exe
  C:\Windows\System\cDOXsrU.exe
  2⤵
  PID:6804
- C:\Windows\System\tglucdd.exe
  C:\Windows\System\tglucdd.exe
  2⤵
  PID:6864
- C:\Windows\System\wiIUhmY.exe
  C:\Windows\System\wiIUhmY.exe
  2⤵
  PID:6896
- C:\Windows\System\jCRimgG.exe
  C:\Windows\System\jCRimgG.exe
  2⤵
  PID:3028
- C:\Windows\System\tcHLnqw.exe
  C:\Windows\System\tcHLnqw.exe
  2⤵
  PID:6924
- C:\Windows\System\LhixByw.exe
  C:\Windows\System\LhixByw.exe
  2⤵
  PID:6988
- C:\Windows\System\xKeazVv.exe
  C:\Windows\System\xKeazVv.exe
  2⤵
  PID:7000
- C:\Windows\System\NVQbfdl.exe
  C:\Windows\System\NVQbfdl.exe
  2⤵
  PID:7060
- C:\Windows\System\iqjszDo.exe
  C:\Windows\System\iqjszDo.exe
  2⤵
  PID:7044
- C:\Windows\System\yjAnBNk.exe
  C:\Windows\System\yjAnBNk.exe
  2⤵
  PID:7108
- C:\Windows\System\gULxRBQ.exe
  C:\Windows\System\gULxRBQ.exe
  2⤵
  PID:5936
- C:\Windows\System\DyEuhvS.exe
  C:\Windows\System\DyEuhvS.exe
  2⤵
  PID:6060
- C:\Windows\System\EwKMVAv.exe
  C:\Windows\System\EwKMVAv.exe
  2⤵
  PID:5900
- C:\Windows\System\ficQpSJ.exe
  C:\Windows\System\ficQpSJ.exe
  2⤵
  PID:4332
- C:\Windows\System\KUteEku.exe
  C:\Windows\System\KUteEku.exe
  2⤵
  PID:4592
- C:\Windows\System\oauvRUs.exe
  C:\Windows\System\oauvRUs.exe
  2⤵
  PID:4728
- C:\Windows\System\xuKjLFE.exe
  C:\Windows\System\xuKjLFE.exe
  2⤵
  PID:5236
- C:\Windows\System\EyRbEOe.exe
  C:\Windows\System\EyRbEOe.exe
  2⤵
  PID:5348
- C:\Windows\System\TxmysLQ.exe
  C:\Windows\System\TxmysLQ.exe
  2⤵
  PID:2608
- C:\Windows\System\hyLuKra.exe
  C:\Windows\System\hyLuKra.exe
  2⤵
  PID:5788
- C:\Windows\System\GYkHdHL.exe
  C:\Windows\System\GYkHdHL.exe
  2⤵
  PID:6156
- C:\Windows\System\pWaRgWF.exe
  C:\Windows\System\pWaRgWF.exe
  2⤵
  PID:5836
- C:\Windows\System\hpxvgSX.exe
  C:\Windows\System\hpxvgSX.exe
  2⤵
  PID:4588
- C:\Windows\System\whpRWvy.exe
  C:\Windows\System\whpRWvy.exe
  2⤵
  PID:6196
- C:\Windows\System\OwHQtGP.exe
  C:\Windows\System\OwHQtGP.exe
  2⤵
  PID:6272
- C:\Windows\System\AwNbQmg.exe
  C:\Windows\System\AwNbQmg.exe
  2⤵
  PID:6324
- C:\Windows\System\VUYxnxX.exe
  C:\Windows\System\VUYxnxX.exe
  2⤵
  PID:6360
- C:\Windows\System\WVKxpDO.exe
  C:\Windows\System\WVKxpDO.exe
  2⤵
  PID:6496
- C:\Windows\System\oyFkAaB.exe
  C:\Windows\System\oyFkAaB.exe
  2⤵
  PID:6440
- C:\Windows\System\CRmjqVA.exe
  C:\Windows\System\CRmjqVA.exe
  2⤵
  PID:6500
- C:\Windows\System\ovlQqvp.exe
  C:\Windows\System\ovlQqvp.exe
  2⤵
  PID:6580
- C:\Windows\System\ZjeoElg.exe
  C:\Windows\System\ZjeoElg.exe
  2⤵
  PID:6704
- C:\Windows\System\FWmvbBh.exe
  C:\Windows\System\FWmvbBh.exe
  2⤵
  PID:6744
- C:\Windows\System\PaWtGga.exe
  C:\Windows\System\PaWtGga.exe
  2⤵
  PID:6824
- C:\Windows\System\YxWgAHb.exe
  C:\Windows\System\YxWgAHb.exe
  2⤵
  PID:6900
- C:\Windows\System\yKYtwVX.exe
  C:\Windows\System\yKYtwVX.exe
  2⤵
  PID:6876
- C:\Windows\System\rjMseKQ.exe
  C:\Windows\System\rjMseKQ.exe
  2⤵
  PID:6920
- C:\Windows\System\YhfLQVq.exe
  C:\Windows\System\YhfLQVq.exe
  2⤵
  PID:6960
- C:\Windows\System\UTlMBzm.exe
  C:\Windows\System\UTlMBzm.exe
  2⤵
  PID:6968
- C:\Windows\System\zrZQZFn.exe
  C:\Windows\System\zrZQZFn.exe
  2⤵
  PID:5972
- C:\Windows\System\TsbHLwc.exe
  C:\Windows\System\TsbHLwc.exe
  2⤵
  PID:5976
- C:\Windows\System\JrhOfEZ.exe
  C:\Windows\System\JrhOfEZ.exe
  2⤵
  PID:2712
- C:\Windows\System\JBKifXD.exe
  C:\Windows\System\JBKifXD.exe
  2⤵
  PID:2316
- C:\Windows\System\UvapQhq.exe
  C:\Windows\System\UvapQhq.exe
  2⤵
  PID:4968
- C:\Windows\System\MNyvZYH.exe
  C:\Windows\System\MNyvZYH.exe
  2⤵
  PID:4200
- C:\Windows\System\inbezEP.exe
  C:\Windows\System\inbezEP.exe
  2⤵
  PID:5424
- C:\Windows\System\GPyUbFo.exe
  C:\Windows\System\GPyUbFo.exe
  2⤵
  PID:5464
- C:\Windows\System\xINmXeH.exe
  C:\Windows\System\xINmXeH.exe
  2⤵
  PID:6212
- C:\Windows\System\WVhSUOO.exe
  C:\Windows\System\WVhSUOO.exe
  2⤵
  PID:6336
- C:\Windows\System\DVoduBO.exe
  C:\Windows\System\DVoduBO.exe
  2⤵
  PID:6296
- C:\Windows\System\pwaWlLm.exe
  C:\Windows\System\pwaWlLm.exe
  2⤵
  PID:7180
- C:\Windows\System\QfvfzEI.exe
  C:\Windows\System\QfvfzEI.exe
  2⤵
  PID:7200
- C:\Windows\System\kCOAgBl.exe
  C:\Windows\System\kCOAgBl.exe
  2⤵
  PID:7220
- C:\Windows\System\uaVWySn.exe
  C:\Windows\System\uaVWySn.exe
  2⤵
  PID:7240
- C:\Windows\System\pXEgDMT.exe
  C:\Windows\System\pXEgDMT.exe
  2⤵
  PID:7260
- C:\Windows\System\cDuNlwa.exe
  C:\Windows\System\cDuNlwa.exe
  2⤵
  PID:7280
- C:\Windows\System\wbgpCCF.exe
  C:\Windows\System\wbgpCCF.exe
  2⤵
  PID:7300
- C:\Windows\System\FuuNLkr.exe
  C:\Windows\System\FuuNLkr.exe
  2⤵
  PID:7320
- C:\Windows\System\BwBQnRl.exe
  C:\Windows\System\BwBQnRl.exe
  2⤵
  PID:7340
- C:\Windows\System\fpxELrk.exe
  C:\Windows\System\fpxELrk.exe
  2⤵
  PID:7360
- C:\Windows\System\fYeRDWj.exe
  C:\Windows\System\fYeRDWj.exe
  2⤵
  PID:7380
- C:\Windows\System\frmNezV.exe
  C:\Windows\System\frmNezV.exe
  2⤵
  PID:7400
- C:\Windows\System\phUlWpK.exe
  C:\Windows\System\phUlWpK.exe
  2⤵
  PID:7420
- C:\Windows\System\upIhUtn.exe
  C:\Windows\System\upIhUtn.exe
  2⤵
  PID:7440
- C:\Windows\System\MdTwyoC.exe
  C:\Windows\System\MdTwyoC.exe
  2⤵
  PID:7460
- C:\Windows\System\COSFnqd.exe
  C:\Windows\System\COSFnqd.exe
  2⤵
  PID:7480
- C:\Windows\System\qPYwYDM.exe
  C:\Windows\System\qPYwYDM.exe
  2⤵
  PID:7500
- C:\Windows\System\elackGg.exe
  C:\Windows\System\elackGg.exe
  2⤵
  PID:7520
- C:\Windows\System\NYOkfBk.exe
  C:\Windows\System\NYOkfBk.exe
  2⤵
  PID:7540
- C:\Windows\System\fbEZztG.exe
  C:\Windows\System\fbEZztG.exe
  2⤵
  PID:7560
- C:\Windows\System\rQJseCg.exe
  C:\Windows\System\rQJseCg.exe
  2⤵
  PID:7580
- C:\Windows\System\WegrqFK.exe
  C:\Windows\System\WegrqFK.exe
  2⤵
  PID:7600
- C:\Windows\System\SVgVsdX.exe
  C:\Windows\System\SVgVsdX.exe
  2⤵
  PID:7616
- C:\Windows\System\jNsZTlP.exe
  C:\Windows\System\jNsZTlP.exe
  2⤵
  PID:7644
- C:\Windows\System\ouaEKGp.exe
  C:\Windows\System\ouaEKGp.exe
  2⤵
  PID:7664
- C:\Windows\System\iTTUHdw.exe
  C:\Windows\System\iTTUHdw.exe
  2⤵
  PID:7684
- C:\Windows\System\fgOFWyu.exe
  C:\Windows\System\fgOFWyu.exe
  2⤵
  PID:7704
- C:\Windows\System\YwQGjUq.exe
  C:\Windows\System\YwQGjUq.exe
  2⤵
  PID:7724
- C:\Windows\System\dHggXtp.exe
  C:\Windows\System\dHggXtp.exe
  2⤵
  PID:7744
- C:\Windows\System\uHzoseM.exe
  C:\Windows\System\uHzoseM.exe
  2⤵
  PID:7764
- C:\Windows\System\IuPXpth.exe
  C:\Windows\System\IuPXpth.exe
  2⤵
  PID:7788
- C:\Windows\System\civKoOV.exe
  C:\Windows\System\civKoOV.exe
  2⤵
  PID:7808
- C:\Windows\System\sdvMAoc.exe
  C:\Windows\System\sdvMAoc.exe
  2⤵
  PID:7828
- C:\Windows\System\KdQFFKa.exe
  C:\Windows\System\KdQFFKa.exe
  2⤵
  PID:7848
- C:\Windows\System\UEnjynm.exe
  C:\Windows\System\UEnjynm.exe
  2⤵
  PID:7868
- C:\Windows\System\lxZwVKM.exe
  C:\Windows\System\lxZwVKM.exe
  2⤵
  PID:7888
- C:\Windows\System\dIYooRv.exe
  C:\Windows\System\dIYooRv.exe
  2⤵
  PID:7908
- C:\Windows\System\uPUchBg.exe
  C:\Windows\System\uPUchBg.exe
  2⤵
  PID:7928
- C:\Windows\System\CyTvxaI.exe
  C:\Windows\System\CyTvxaI.exe
  2⤵
  PID:7948
- C:\Windows\System\gACDCrb.exe
  C:\Windows\System\gACDCrb.exe
  2⤵
  PID:7968
- C:\Windows\System\pvBSqTt.exe
  C:\Windows\System\pvBSqTt.exe
  2⤵
  PID:7988
- C:\Windows\System\fXqOyCj.exe
  C:\Windows\System\fXqOyCj.exe
  2⤵
  PID:8008
- C:\Windows\System\XKtihhS.exe
  C:\Windows\System\XKtihhS.exe
  2⤵
  PID:8028
- C:\Windows\System\WvvGezB.exe
  C:\Windows\System\WvvGezB.exe
  2⤵
  PID:8048
- C:\Windows\System\mxahonk.exe
  C:\Windows\System\mxahonk.exe
  2⤵
  PID:8068
- C:\Windows\System\NLvojWy.exe
  C:\Windows\System\NLvojWy.exe
  2⤵
  PID:8088
- C:\Windows\System\XLVCjKy.exe
  C:\Windows\System\XLVCjKy.exe
  2⤵
  PID:8108
- C:\Windows\System\BiwVutg.exe
  C:\Windows\System\BiwVutg.exe
  2⤵
  PID:8128
- C:\Windows\System\hbBxQDs.exe
  C:\Windows\System\hbBxQDs.exe
  2⤵
  PID:8148
- C:\Windows\System\qcLzUHv.exe
  C:\Windows\System\qcLzUHv.exe
  2⤵
  PID:8168
- C:\Windows\System\OSGgmbM.exe
  C:\Windows\System\OSGgmbM.exe
  2⤵
  PID:8188
- C:\Windows\System\yeDepAH.exe
  C:\Windows\System\yeDepAH.exe
  2⤵
  PID:6556
- C:\Windows\System\EJnRkZE.exe
  C:\Windows\System\EJnRkZE.exe
  2⤵
  PID:6676
- C:\Windows\System\JxakNDZ.exe
  C:\Windows\System\JxakNDZ.exe
  2⤵
  PID:6784
- C:\Windows\System\epkaUMo.exe
  C:\Windows\System\epkaUMo.exe
  2⤵
  PID:6620
- C:\Windows\System\dWMzwJd.exe
  C:\Windows\System\dWMzwJd.exe
  2⤵
  PID:6684
- C:\Windows\System\WyyfqFv.exe
  C:\Windows\System\WyyfqFv.exe
  2⤵
  PID:2580
- C:\Windows\System\VIFqBtQ.exe
  C:\Windows\System\VIFqBtQ.exe
  2⤵
  PID:2620
- C:\Windows\System\zvzhAGs.exe
  C:\Windows\System\zvzhAGs.exe
  2⤵
  PID:2136
- C:\Windows\System\ifnwmsO.exe
  C:\Windows\System\ifnwmsO.exe
  2⤵
  PID:6916
- C:\Windows\System\xUWDwpd.exe
  C:\Windows\System\xUWDwpd.exe
  2⤵
  PID:2872
- C:\Windows\System\UDFwYUF.exe
  C:\Windows\System\UDFwYUF.exe
  2⤵
  PID:1808
- C:\Windows\System\mlUwNaZ.exe
  C:\Windows\System\mlUwNaZ.exe
  2⤵
  PID:7100
- C:\Windows\System\wUblssc.exe
  C:\Windows\System\wUblssc.exe
  2⤵
  PID:2904
- C:\Windows\System\aOWTCTH.exe
  C:\Windows\System\aOWTCTH.exe
  2⤵
  PID:7148
- C:\Windows\System\mZZPXdW.exe
  C:\Windows\System\mZZPXdW.exe
  2⤵
  PID:888
- C:\Windows\System\heIfMfU.exe
  C:\Windows\System\heIfMfU.exe
  2⤵
  PID:5368
- C:\Windows\System\XovuNPo.exe
  C:\Windows\System\XovuNPo.exe
  2⤵
  PID:5632
- C:\Windows\System\QHuDWUw.exe
  C:\Windows\System\QHuDWUw.exe
  2⤵
  PID:5612
- C:\Windows\System\ebCQYNJ.exe
  C:\Windows\System\ebCQYNJ.exe
  2⤵
  PID:2564
- C:\Windows\System\cSYQCoD.exe
  C:\Windows\System\cSYQCoD.exe
  2⤵
  PID:7176
- C:\Windows\System\XKNIFbt.exe
  C:\Windows\System\XKNIFbt.exe
  2⤵
  PID:7228
- C:\Windows\System\GCUXgLy.exe
  C:\Windows\System\GCUXgLy.exe
  2⤵
  PID:7256
- C:\Windows\System\nDtPEUh.exe
  C:\Windows\System\nDtPEUh.exe
  2⤵
  PID:7296
- C:\Windows\System\vjvQyMJ.exe
  C:\Windows\System\vjvQyMJ.exe
  2⤵
  PID:7328
- C:\Windows\System\LaTvKHn.exe
  C:\Windows\System\LaTvKHn.exe
  2⤵
  PID:7352
- C:\Windows\System\roWysoj.exe
  C:\Windows\System\roWysoj.exe
  2⤵
  PID:7396
- C:\Windows\System\XkcPWuI.exe
  C:\Windows\System\XkcPWuI.exe
  2⤵
  PID:7416
- C:\Windows\System\stsYxFd.exe
  C:\Windows\System\stsYxFd.exe
  2⤵
  PID:7476
- C:\Windows\System\YlRmEKg.exe
  C:\Windows\System\YlRmEKg.exe
  2⤵
  PID:7488
- C:\Windows\System\PmHtIVX.exe
  C:\Windows\System\PmHtIVX.exe
  2⤵
  PID:2008
- C:\Windows\System\vxGzqru.exe
  C:\Windows\System\vxGzqru.exe
  2⤵
  PID:7556
- C:\Windows\System\qPckybQ.exe
  C:\Windows\System\qPckybQ.exe
  2⤵
  PID:7596
- C:\Windows\System\mUOZmpW.exe
  C:\Windows\System\mUOZmpW.exe
  2⤵
  PID:7632
- C:\Windows\System\OeCbxVi.exe
  C:\Windows\System\OeCbxVi.exe
  2⤵
  PID:7672
- C:\Windows\System\vWxjjxl.exe
  C:\Windows\System\vWxjjxl.exe
  2⤵
  PID:7692
- C:\Windows\System\ksJYxrw.exe
  C:\Windows\System\ksJYxrw.exe
  2⤵
  PID:7716
- C:\Windows\System\GhCYUQD.exe
  C:\Windows\System\GhCYUQD.exe
  2⤵
  PID:7760
- C:\Windows\System\fXAiDEM.exe
  C:\Windows\System\fXAiDEM.exe
  2⤵
  PID:7796
- C:\Windows\System\eRpcrVR.exe
  C:\Windows\System\eRpcrVR.exe
  2⤵
  PID:7816
- C:\Windows\System\ektrHHE.exe
  C:\Windows\System\ektrHHE.exe
  2⤵
  PID:7820
- C:\Windows\System\sVQLDCm.exe
  C:\Windows\System\sVQLDCm.exe
  2⤵
  PID:7860
- C:\Windows\System\wDdXZIo.exe
  C:\Windows\System\wDdXZIo.exe
  2⤵
  PID:7904
- C:\Windows\System\HmZUUUt.exe
  C:\Windows\System\HmZUUUt.exe
  2⤵
  PID:7964
- C:\Windows\System\ZRskwGr.exe
  C:\Windows\System\ZRskwGr.exe
  2⤵
  PID:3004
- C:\Windows\System\BToioFd.exe
  C:\Windows\System\BToioFd.exe
  2⤵
  PID:8000
- C:\Windows\System\jLHJqiK.exe
  C:\Windows\System\jLHJqiK.exe
  2⤵
  PID:8044
- C:\Windows\System\cpziafO.exe
  C:\Windows\System\cpziafO.exe
  2⤵
  PID:8056
- C:\Windows\System\bVtVCzQ.exe
  C:\Windows\System\bVtVCzQ.exe
  2⤵
  PID:8080
- C:\Windows\System\MitquLw.exe
  C:\Windows\System\MitquLw.exe
  2⤵
  PID:8120
- C:\Windows\System\yfCJfKY.exe
  C:\Windows\System\yfCJfKY.exe
  2⤵
  PID:8140
- C:\Windows\System\Mhwvgrp.exe
  C:\Windows\System\Mhwvgrp.exe
  2⤵
  PID:6444
- C:\Windows\System\ySTKNDP.exe
  C:\Windows\System\ySTKNDP.exe
  2⤵
  PID:6456
- C:\Windows\System\IcEtEIm.exe
  C:\Windows\System\IcEtEIm.exe
  2⤵
  PID:6656
- C:\Windows\System\IMCKCmQ.exe
  C:\Windows\System\IMCKCmQ.exe
  2⤵
  PID:1864
- C:\Windows\System\KyBUIlL.exe
  C:\Windows\System\KyBUIlL.exe
  2⤵
  PID:2636
- C:\Windows\System\MPfmJCq.exe
  C:\Windows\System\MPfmJCq.exe
  2⤵
  PID:7008
- C:\Windows\System\RIUwfuQ.exe
  C:\Windows\System\RIUwfuQ.exe
  2⤵
  PID:6840
- C:\Windows\System\xzQEkEH.exe
  C:\Windows\System\xzQEkEH.exe
  2⤵
  PID:7088
- C:\Windows\System\DYdgnHp.exe
  C:\Windows\System\DYdgnHp.exe
  2⤵
  PID:7080
- C:\Windows\System\QyjIBEc.exe
  C:\Windows\System\QyjIBEc.exe
  2⤵
  PID:4972
- C:\Windows\System\IHkSmcp.exe
  C:\Windows\System\IHkSmcp.exe
  2⤵
  PID:5604
- C:\Windows\System\ujJxlzE.exe
  C:\Windows\System\ujJxlzE.exe
  2⤵
  PID:7208
- C:\Windows\System\HezgXuj.exe
  C:\Windows\System\HezgXuj.exe
  2⤵
  PID:7252
- C:\Windows\System\lTaeMaw.exe
  C:\Windows\System\lTaeMaw.exe
  2⤵
  PID:7248
- C:\Windows\System\CKvwrUG.exe
  C:\Windows\System\CKvwrUG.exe
  2⤵
  PID:7356
- C:\Windows\System\BQLLhSS.exe
  C:\Windows\System\BQLLhSS.exe
  2⤵
  PID:2888
- C:\Windows\System\pKqHWFx.exe
  C:\Windows\System\pKqHWFx.exe
  2⤵
  PID:7376
- C:\Windows\System\IdRaSxe.exe
  C:\Windows\System\IdRaSxe.exe
  2⤵
  PID:7456
- C:\Windows\System\SZNRBFh.exe
  C:\Windows\System\SZNRBFh.exe
  2⤵
  PID:7528
- C:\Windows\System\TuXjafx.exe
  C:\Windows\System\TuXjafx.exe
  2⤵
  PID:7548
- C:\Windows\System\MyeEVjB.exe
  C:\Windows\System\MyeEVjB.exe
  2⤵
  PID:7552
- C:\Windows\System\jSzMeuo.exe
  C:\Windows\System\jSzMeuo.exe
  2⤵
  PID:7608
- C:\Windows\System\ClndydO.exe
  C:\Windows\System\ClndydO.exe
  2⤵
  PID:7752
- C:\Windows\System\dmobgoG.exe
  C:\Windows\System\dmobgoG.exe
  2⤵
  PID:7876
- C:\Windows\System\GGJOzea.exe
  C:\Windows\System\GGJOzea.exe
  2⤵
  PID:7920
- C:\Windows\System\xiLWyHG.exe
  C:\Windows\System\xiLWyHG.exe
  2⤵
  PID:7756
- C:\Windows\System\evtVJyF.exe
  C:\Windows\System\evtVJyF.exe
  2⤵
  PID:2268
- C:\Windows\System\FKeQUXa.exe
  C:\Windows\System\FKeQUXa.exe
  2⤵
  PID:8040
- C:\Windows\System\UPpYqmk.exe
  C:\Windows\System\UPpYqmk.exe
  2⤵
  PID:8104
- C:\Windows\System\KMdYbLj.exe
  C:\Windows\System\KMdYbLj.exe
  2⤵
  PID:7940
- C:\Windows\System\HUJmpMA.exe
  C:\Windows\System\HUJmpMA.exe
  2⤵
  PID:8176
- C:\Windows\System\HqDfNbU.exe
  C:\Windows\System\HqDfNbU.exe
  2⤵
  PID:2264
- C:\Windows\System\vZuyVRj.exe
  C:\Windows\System\vZuyVRj.exe
  2⤵
  PID:8136
- C:\Windows\System\vXMyXPL.exe
  C:\Windows\System\vXMyXPL.exe
  2⤵
  PID:6520
- C:\Windows\System\KeXgeVk.exe
  C:\Windows\System\KeXgeVk.exe
  2⤵
  PID:6940
- C:\Windows\System\vLPNXvA.exe
  C:\Windows\System\vLPNXvA.exe
  2⤵
  PID:7128
- C:\Windows\System\wXCItwm.exe
  C:\Windows\System\wXCItwm.exe
  2⤵
  PID:1040
- C:\Windows\System\tWSZEZE.exe
  C:\Windows\System\tWSZEZE.exe
  2⤵
  PID:6980
- C:\Windows\System\FkJFTEf.exe
  C:\Windows\System\FkJFTEf.exe
  2⤵
  PID:6260
- C:\Windows\System\PRVGKlM.exe
  C:\Windows\System\PRVGKlM.exe
  2⤵
  PID:5144
- C:\Windows\System\bJYVlQP.exe
  C:\Windows\System\bJYVlQP.exe
  2⤵
  PID:7216
- C:\Windows\System\zXwwRoX.exe
  C:\Windows\System\zXwwRoX.exe
  2⤵
  PID:7308
- C:\Windows\System\vpGoBxw.exe
  C:\Windows\System\vpGoBxw.exe
  2⤵
  PID:7468
- C:\Windows\System\PfnoBMn.exe
  C:\Windows\System\PfnoBMn.exe
  2⤵
  PID:7592
- C:\Windows\System\sivYfeN.exe
  C:\Windows\System\sivYfeN.exe
  2⤵
  PID:7516
- C:\Windows\System\sAfssnE.exe
  C:\Windows\System\sAfssnE.exe
  2⤵
  PID:7680
- C:\Windows\System\gjIBamk.exe
  C:\Windows\System\gjIBamk.exe
  2⤵
  PID:2704
- C:\Windows\System\xGhcqvU.exe
  C:\Windows\System\xGhcqvU.exe
  2⤵
  PID:7856
- C:\Windows\System\GEymcWe.exe
  C:\Windows\System\GEymcWe.exe
  2⤵
  PID:7996
- C:\Windows\System\ipSMPqP.exe
  C:\Windows\System\ipSMPqP.exe
  2⤵
  PID:484
- C:\Windows\System\tsOpIhz.exe
  C:\Windows\System\tsOpIhz.exe
  2⤵
  PID:2532
- C:\Windows\System\SCfASmd.exe
  C:\Windows\System\SCfASmd.exe
  2⤵
  PID:8124
- C:\Windows\System\PEJxmAL.exe
  C:\Windows\System\PEJxmAL.exe
  2⤵
  PID:8016
- C:\Windows\System\GqiAjmj.exe
  C:\Windows\System\GqiAjmj.exe
  2⤵
  PID:6436
- C:\Windows\System\LNNMUCP.exe
  C:\Windows\System\LNNMUCP.exe
  2⤵
  PID:2600
- C:\Windows\System\lHoAHeX.exe
  C:\Windows\System\lHoAHeX.exe
  2⤵
  PID:2700
- C:\Windows\System\uYXvRfQ.exe
  C:\Windows\System\uYXvRfQ.exe
  2⤵
  PID:2428
- C:\Windows\System\NawMMPH.exe
  C:\Windows\System\NawMMPH.exe
  2⤵
  PID:6032
- C:\Windows\System\UZuLfCN.exe
  C:\Windows\System\UZuLfCN.exe
  2⤵
  PID:5708
- C:\Windows\System\vtUJgRu.exe
  C:\Windows\System\vtUJgRu.exe
  2⤵
  PID:7316
- C:\Windows\System\WqgwvbW.exe
  C:\Windows\System\WqgwvbW.exe
  2⤵
  PID:7492
- C:\Windows\System\XfpMRYv.exe
  C:\Windows\System\XfpMRYv.exe
  2⤵
  PID:7784
- C:\Windows\System\quZbpJL.exe
  C:\Windows\System\quZbpJL.exe
  2⤵
  PID:7800
- C:\Windows\System\UUiVlCl.exe
  C:\Windows\System\UUiVlCl.exe
  2⤵
  PID:820
- C:\Windows\System\YhnJpuX.exe
  C:\Windows\System\YhnJpuX.exe
  2⤵
  PID:2616
- C:\Windows\System\kJbkjYz.exe
  C:\Windows\System\kJbkjYz.exe
  2⤵
  PID:7864
- C:\Windows\System\lFhxtbJ.exe
  C:\Windows\System\lFhxtbJ.exe
  2⤵
  PID:7212
- C:\Windows\System\bErGHqW.exe
  C:\Windows\System\bErGHqW.exe
  2⤵
  PID:6604
- C:\Windows\System\JKNYYZs.exe
  C:\Windows\System\JKNYYZs.exe
  2⤵
  PID:6284
- C:\Windows\System\eUPUluz.exe
  C:\Windows\System\eUPUluz.exe
  2⤵
  PID:4988
- C:\Windows\System\fbxGVRd.exe
  C:\Windows\System\fbxGVRd.exe
  2⤵
  PID:6036
- C:\Windows\System\RtZsDhi.exe
  C:\Windows\System\RtZsDhi.exe
  2⤵
  PID:8200
- C:\Windows\System\dpfzEZD.exe
  C:\Windows\System\dpfzEZD.exe
  2⤵
  PID:8220
- C:\Windows\System\kgSebDt.exe
  C:\Windows\System\kgSebDt.exe
  2⤵
  PID:8240
- C:\Windows\System\zhuVAyr.exe
  C:\Windows\System\zhuVAyr.exe
  2⤵
  PID:8260
- C:\Windows\System\qCgoWQC.exe
  C:\Windows\System\qCgoWQC.exe
  2⤵
  PID:8276
- C:\Windows\System\JhWFlBr.exe
  C:\Windows\System\JhWFlBr.exe
  2⤵
  PID:8292
- C:\Windows\System\uvVOOzw.exe
  C:\Windows\System\uvVOOzw.exe
  2⤵
  PID:8308
- C:\Windows\System\CVnJJFv.exe
  C:\Windows\System\CVnJJFv.exe
  2⤵
  PID:8324
- C:\Windows\System\bTKrSOo.exe
  C:\Windows\System\bTKrSOo.exe
  2⤵
  PID:8340
- C:\Windows\System\ESfeooH.exe
  C:\Windows\System\ESfeooH.exe
  2⤵
  PID:8356
- C:\Windows\System\qEmxZCH.exe
  C:\Windows\System\qEmxZCH.exe
  2⤵
  PID:8372
- C:\Windows\System\DiAtxnF.exe
  C:\Windows\System\DiAtxnF.exe
  2⤵
  PID:8388
- C:\Windows\System\rNQTPSt.exe
  C:\Windows\System\rNQTPSt.exe
  2⤵
  PID:8404
- C:\Windows\System\DJVcwjP.exe
  C:\Windows\System\DJVcwjP.exe
  2⤵
  PID:8420
- C:\Windows\System\cmBtggd.exe
  C:\Windows\System\cmBtggd.exe
  2⤵
  PID:8436
- C:\Windows\System\FyIqETN.exe
  C:\Windows\System\FyIqETN.exe
  2⤵
  PID:8472
- C:\Windows\System\DhhVntb.exe
  C:\Windows\System\DhhVntb.exe
  2⤵
  PID:8492
- C:\Windows\System\MjpTeNI.exe
  C:\Windows\System\MjpTeNI.exe
  2⤵
  PID:8512
- C:\Windows\System\njBIZZR.exe
  C:\Windows\System\njBIZZR.exe
  2⤵
  PID:8532
- C:\Windows\System\ZrkUBfj.exe
  C:\Windows\System\ZrkUBfj.exe
  2⤵
  PID:8556
- C:\Windows\System\gYjRncz.exe
  C:\Windows\System\gYjRncz.exe
  2⤵
  PID:8584
- C:\Windows\System\DeLrgZn.exe
  C:\Windows\System\DeLrgZn.exe
  2⤵
  PID:8612
- C:\Windows\System\pCMCSOm.exe
  C:\Windows\System\pCMCSOm.exe
  2⤵
  PID:8644
- C:\Windows\System\LrfqSWJ.exe
  C:\Windows\System\LrfqSWJ.exe
  2⤵
  PID:8664
- C:\Windows\System\ErSyrcF.exe
  C:\Windows\System\ErSyrcF.exe
  2⤵
  PID:8684
- C:\Windows\System\rHNcWbm.exe
  C:\Windows\System\rHNcWbm.exe
  2⤵
  PID:8704
- C:\Windows\System\ZfgUhTx.exe
  C:\Windows\System\ZfgUhTx.exe
  2⤵
  PID:8724
- C:\Windows\System\ucPHzpL.exe
  C:\Windows\System\ucPHzpL.exe
  2⤵
  PID:8744
- C:\Windows\System\HuSqePF.exe
  C:\Windows\System\HuSqePF.exe
  2⤵
  PID:8764
- C:\Windows\System\hPuzten.exe
  C:\Windows\System\hPuzten.exe
  2⤵
  PID:8788
- C:\Windows\System\jOXotgr.exe
  C:\Windows\System\jOXotgr.exe
  2⤵
  PID:8820
- C:\Windows\System\zdKLqGh.exe
  C:\Windows\System\zdKLqGh.exe
  2⤵
  PID:8836
- C:\Windows\System\XVnvjUC.exe
  C:\Windows\System\XVnvjUC.exe
  2⤵
  PID:8852
- C:\Windows\System\GRUOQGk.exe
  C:\Windows\System\GRUOQGk.exe
  2⤵
  PID:8868
- C:\Windows\System\oQRkKqv.exe
  C:\Windows\System\oQRkKqv.exe
  2⤵
  PID:8884
- C:\Windows\System\QhdIees.exe
  C:\Windows\System\QhdIees.exe
  2⤵
  PID:8916
- C:\Windows\System\rwWgQbS.exe
  C:\Windows\System\rwWgQbS.exe
  2⤵
  PID:8936
- C:\Windows\System\jbzznIT.exe
  C:\Windows\System\jbzznIT.exe
  2⤵
  PID:8952
- C:\Windows\System\PNUPVOc.exe
  C:\Windows\System\PNUPVOc.exe
  2⤵
  PID:8972
- C:\Windows\System\txaIgTY.exe
  C:\Windows\System\txaIgTY.exe
  2⤵
  PID:8988
- C:\Windows\System\OVaDrUG.exe
  C:\Windows\System\OVaDrUG.exe
  2⤵
  PID:9048
- C:\Windows\System\NZfZvst.exe
  C:\Windows\System\NZfZvst.exe
  2⤵
  PID:9064
- C:\Windows\System\bJXfjOx.exe
  C:\Windows\System\bJXfjOx.exe
  2⤵
  PID:9080
- C:\Windows\System\lxIonhX.exe
  C:\Windows\System\lxIonhX.exe
  2⤵
  PID:9096
- C:\Windows\System\PEymSBN.exe
  C:\Windows\System\PEymSBN.exe
  2⤵
  PID:9112
- C:\Windows\System\FLgMpCd.exe
  C:\Windows\System\FLgMpCd.exe
  2⤵
  PID:9128
- C:\Windows\System\YfcaxEu.exe
  C:\Windows\System\YfcaxEu.exe
  2⤵
  PID:9152
- C:\Windows\System\OIZBSWH.exe
  C:\Windows\System\OIZBSWH.exe
  2⤵
  PID:9168
- C:\Windows\System\zQNXgKi.exe
  C:\Windows\System\zQNXgKi.exe
  2⤵
  PID:9184
- C:\Windows\System\pQlGDGW.exe
  C:\Windows\System\pQlGDGW.exe
  2⤵
  PID:9200
- C:\Windows\System\VWlAOJt.exe
  C:\Windows\System\VWlAOJt.exe
  2⤵
  PID:7452
- C:\Windows\System\wrDOZmQ.exe
  C:\Windows\System\wrDOZmQ.exe
  2⤵
  PID:1052
- C:\Windows\System\BFFWIpx.exe
  C:\Windows\System\BFFWIpx.exe
  2⤵
  PID:7720
- C:\Windows\System\ykHsDRK.exe
  C:\Windows\System\ykHsDRK.exe
  2⤵
  PID:2260
- C:\Windows\System\oJDpTJK.exe
  C:\Windows\System\oJDpTJK.exe
  2⤵
  PID:2548
- C:\Windows\System\zAdpUbQ.exe
  C:\Windows\System\zAdpUbQ.exe
  2⤵
  PID:2448
- C:\Windows\System\DJrKyFS.exe
  C:\Windows\System\DJrKyFS.exe
  2⤵
  PID:788
- C:\Windows\System\EPLDLWY.exe
  C:\Windows\System\EPLDLWY.exe
  2⤵
  PID:2604
- C:\Windows\System\SuzWmmm.exe
  C:\Windows\System\SuzWmmm.exe
  2⤵
  PID:8256
- C:\Windows\System\oaICBkY.exe
  C:\Windows\System\oaICBkY.exe
  2⤵
  PID:8228
- C:\Windows\System\gykRdSq.exe
  C:\Windows\System\gykRdSq.exe
  2⤵
  PID:8272
- C:\Windows\System\ZGsJvhJ.exe
  C:\Windows\System\ZGsJvhJ.exe
  2⤵
  PID:4652
- C:\Windows\System\kWSXLNU.exe
  C:\Windows\System\kWSXLNU.exe
  2⤵
  PID:4708
- C:\Windows\System\sBvPYWA.exe
  C:\Windows\System\sBvPYWA.exe
  2⤵
  PID:8300
- C:\Windows\System\KxweeEm.exe
  C:\Windows\System\KxweeEm.exe
  2⤵
  PID:8352
- C:\Windows\System\mABaaHQ.exe
  C:\Windows\System\mABaaHQ.exe
  2⤵
  PID:4752
- C:\Windows\System\PUtHDuQ.exe
  C:\Windows\System\PUtHDuQ.exe
  2⤵
  PID:8384
- C:\Windows\System\YnWSiCd.exe
  C:\Windows\System\YnWSiCd.exe
  2⤵
  PID:8416
- C:\Windows\System\xQAHBxN.exe
  C:\Windows\System\xQAHBxN.exe
  2⤵
  PID:8460
- C:\Windows\System\ZxGNzmc.exe
  C:\Windows\System\ZxGNzmc.exe
  2⤵
  PID:8456
- C:\Windows\System\XJZDHLo.exe
  C:\Windows\System\XJZDHLo.exe
  2⤵
  PID:8432
- C:\Windows\System\JSrudTG.exe
  C:\Windows\System\JSrudTG.exe
  2⤵
  PID:2628
- C:\Windows\System\LrSgfEC.exe
  C:\Windows\System\LrSgfEC.exe
  2⤵
  PID:8552
- C:\Windows\System\SkoJwQL.exe
  C:\Windows\System\SkoJwQL.exe
  2⤵
  PID:2404
- C:\Windows\System\etTsdUB.exe
  C:\Windows\System\etTsdUB.exe
  2⤵
  PID:8004
- C:\Windows\System\WGdqnNl.exe
  C:\Windows\System\WGdqnNl.exe
  2⤵
  PID:8604
- C:\Windows\System\OadOuNL.exe
  C:\Windows\System\OadOuNL.exe
  2⤵
  PID:8564
- C:\Windows\System\odOKSOq.exe
  C:\Windows\System\odOKSOq.exe
  2⤵
  PID:2668
- C:\Windows\System\OWBswGC.exe
  C:\Windows\System\OWBswGC.exe
  2⤵
  PID:8632
- C:\Windows\System\XmcOCFG.exe
  C:\Windows\System\XmcOCFG.exe
  2⤵
  PID:8656
- C:\Windows\System\hJLsZhM.exe
  C:\Windows\System\hJLsZhM.exe
  2⤵
  PID:2944
- C:\Windows\System\AjtgztF.exe
  C:\Windows\System\AjtgztF.exe
  2⤵
  PID:8680
- C:\Windows\System\oqYCNzL.exe
  C:\Windows\System\oqYCNzL.exe
  2⤵
  PID:8796
- C:\Windows\System\RsiIduV.exe
  C:\Windows\System\RsiIduV.exe
  2⤵
  PID:8828
- C:\Windows\System\aOURPOn.exe
  C:\Windows\System\aOURPOn.exe
  2⤵
  PID:8808
- C:\Windows\System\AiTsKrt.exe
  C:\Windows\System\AiTsKrt.exe
  2⤵
  PID:8848
- C:\Windows\System\lshNboN.exe
  C:\Windows\System\lshNboN.exe
  2⤵
  PID:8944
- C:\Windows\System\ZdtNEZx.exe
  C:\Windows\System\ZdtNEZx.exe
  2⤵
  PID:8984
- C:\Windows\System\WEXpAYG.exe
  C:\Windows\System\WEXpAYG.exe
  2⤵
  PID:9044
- C:\Windows\System\eWJGZwg.exe
  C:\Windows\System\eWJGZwg.exe
  2⤵
  PID:9140
- C:\Windows\System\HmoWBvh.exe
  C:\Windows\System\HmoWBvh.exe
  2⤵
  PID:9124
- C:\Windows\System\TOcbDIP.exe
  C:\Windows\System\TOcbDIP.exe
  2⤵
  PID:9196
- C:\Windows\System\uMVUvbE.exe
  C:\Windows\System\uMVUvbE.exe
  2⤵
  PID:2820
- C:\Windows\System\wLsXTbs.exe
  C:\Windows\System\wLsXTbs.exe
  2⤵
  PID:7232
- C:\Windows\System\GiPUNuF.exe
  C:\Windows\System\GiPUNuF.exe
  2⤵
  PID:7976
- C:\Windows\System\rgPwOgG.exe
  C:\Windows\System\rgPwOgG.exe
  2⤵
  PID:8180
- C:\Windows\System\xTLyLvr.exe
  C:\Windows\System\xTLyLvr.exe
  2⤵
  PID:8248
- C:\Windows\System\MTUHBhD.exe
  C:\Windows\System\MTUHBhD.exe
  2⤵
  PID:4644
- C:\Windows\System\RYKQtSt.exe
  C:\Windows\System\RYKQtSt.exe
  2⤵
  PID:7844
- C:\Windows\System\ptGxtyr.exe
  C:\Windows\System\ptGxtyr.exe
  2⤵
  PID:8396
- C:\Windows\System\hbOXHHf.exe
  C:\Windows\System\hbOXHHf.exe
  2⤵
  PID:7388
- C:\Windows\System\LZBTWEh.exe
  C:\Windows\System\LZBTWEh.exe
  2⤵
  PID:8368
- C:\Windows\System\vTMLGTg.exe
  C:\Windows\System\vTMLGTg.exe
  2⤵
  PID:8428
- C:\Windows\System\RVcfyRG.exe
  C:\Windows\System\RVcfyRG.exe
  2⤵
  PID:8592
- C:\Windows\System\YaxreIM.exe
  C:\Windows\System\YaxreIM.exe
  2⤵
  PID:8596
- C:\Windows\System\LoQHfay.exe
  C:\Windows\System\LoQHfay.exe
  2⤵
  PID:8528
- C:\Windows\System\rLEVkGc.exe
  C:\Windows\System\rLEVkGc.exe
  2⤵
  PID:8580
- C:\Windows\System\PKEwyjP.exe
  C:\Windows\System\PKEwyjP.exe
  2⤵
  PID:8608
- C:\Windows\System\UQFvHlu.exe
  C:\Windows\System\UQFvHlu.exe
  2⤵
  PID:536
- C:\Windows\System\EjcNvXw.exe
  C:\Windows\System\EjcNvXw.exe
  2⤵
  PID:8672
- C:\Windows\System\eutdfVR.exe
  C:\Windows\System\eutdfVR.exe
  2⤵
  PID:8676
- C:\Windows\System\HldFlaR.exe
  C:\Windows\System\HldFlaR.exe
  2⤵
  PID:396
- C:\Windows\System\qqpnsNe.exe
  C:\Windows\System\qqpnsNe.exe
  2⤵
  PID:408
- C:\Windows\System\kPPJCGa.exe
  C:\Windows\System\kPPJCGa.exe
  2⤵
  PID:8784
- C:\Windows\System\sECTcoO.exe
  C:\Windows\System\sECTcoO.exe
  2⤵
  PID:8896
- C:\Windows\System\ZOqLCMA.exe
  C:\Windows\System\ZOqLCMA.exe
  2⤵
  PID:8816
- C:\Windows\System\mftSpNJ.exe
  C:\Windows\System\mftSpNJ.exe
  2⤵
  PID:8548
- C:\Windows\System\UGIaRij.exe
  C:\Windows\System\UGIaRij.exe
  2⤵
  PID:9028
- C:\Windows\System\ngvbYgd.exe
  C:\Windows\System\ngvbYgd.exe
  2⤵
  PID:9004
- C:\Windows\System\LxZBFmn.exe
  C:\Windows\System\LxZBFmn.exe
  2⤵
  PID:9008
- C:\Windows\System\jqHUbaz.exe
  C:\Windows\System\jqHUbaz.exe
  2⤵
  PID:9056
- C:\Windows\System\SQnIKiX.exe
  C:\Windows\System\SQnIKiX.exe
  2⤵
  PID:9148
- C:\Windows\System\TyvYKdH.exe
  C:\Windows\System\TyvYKdH.exe
  2⤵
  PID:9180
- C:\Windows\System\MNlFkYj.exe
  C:\Windows\System\MNlFkYj.exe
  2⤵
  PID:9160
- C:\Windows\System\QLpVcvw.exe
  C:\Windows\System\QLpVcvw.exe
  2⤵
  PID:2740
- C:\Windows\System\DTJcWPn.exe
  C:\Windows\System\DTJcWPn.exe
  2⤵
  PID:4648
- C:\Windows\System\sFKwdqQ.exe
  C:\Windows\System\sFKwdqQ.exe
  2⤵
  PID:4684
- C:\Windows\System\omkVkOu.exe
  C:\Windows\System\omkVkOu.exe
  2⤵
  PID:8800
- C:\Windows\System\IwxWbeN.exe
  C:\Windows\System\IwxWbeN.exe
  2⤵
  PID:8924
- C:\Windows\System\qGstOeS.exe
  C:\Windows\System\qGstOeS.exe
  2⤵
  PID:8736
- C:\Windows\System\KMotcSN.exe
  C:\Windows\System\KMotcSN.exe
  2⤵
  PID:9072
- C:\Windows\System\vGRgnmn.exe
  C:\Windows\System\vGRgnmn.exe
  2⤵
  PID:6216
- C:\Windows\System\PcgiOof.exe
  C:\Windows\System\PcgiOof.exe
  2⤵
  PID:1768
- C:\Windows\System\BhhGnuw.exe
  C:\Windows\System\BhhGnuw.exe
  2⤵
  PID:8332
- C:\Windows\System\uvkmfuw.exe
  C:\Windows\System\uvkmfuw.exe
  2⤵
  PID:8572
- C:\Windows\System\nCfnHpU.exe
  C:\Windows\System\nCfnHpU.exe
  2⤵
  PID:2928
- C:\Windows\System\LoYQqco.exe
  C:\Windows\System\LoYQqco.exe
  2⤵
  PID:9016
- C:\Windows\System\olNTEwi.exe
  C:\Windows\System\olNTEwi.exe
  2⤵
  PID:8696
- C:\Windows\System\akJunbK.exe
  C:\Windows\System\akJunbK.exe
  2⤵
  PID:8860
- C:\Windows\System\GApSxEl.exe
  C:\Windows\System\GApSxEl.exe
  2⤵
  PID:8600
- C:\Windows\System\NmeZBRk.exe
  C:\Windows\System\NmeZBRk.exe
  2⤵
  PID:9176
- C:\Windows\System\iplhLoo.exe
  C:\Windows\System\iplhLoo.exe
  2⤵
  PID:9036
- C:\Windows\System\dPrsklv.exe
  C:\Windows\System\dPrsklv.exe
  2⤵
  PID:7824
- C:\Windows\System\EYxuqsZ.exe
  C:\Windows\System\EYxuqsZ.exe
  2⤵
  PID:7588
- C:\Windows\System\Edrxbrm.exe
  C:\Windows\System\Edrxbrm.exe
  2⤵
  PID:1804
- C:\Windows\System\IBpRFtw.exe
  C:\Windows\System\IBpRFtw.exe
  2⤵
  PID:2488
- C:\Windows\System\okETXGj.exe
  C:\Windows\System\okETXGj.exe
  2⤵
  PID:2112
- C:\Windows\System\XNiRnkH.exe
  C:\Windows\System\XNiRnkH.exe
  2⤵
  PID:9092
- C:\Windows\System\OxFsVow.exe
  C:\Windows\System\OxFsVow.exe
  2⤵
  PID:8544
- C:\Windows\System\mDWuibf.exe
  C:\Windows\System\mDWuibf.exe
  2⤵
  PID:4320
- C:\Windows\System\WPgfUxI.exe
  C:\Windows\System\WPgfUxI.exe
  2⤵
  PID:9232
- C:\Windows\System\nFnLYEP.exe
  C:\Windows\System\nFnLYEP.exe
  2⤵
  PID:9252
- C:\Windows\System\RaiXEGQ.exe
  C:\Windows\System\RaiXEGQ.exe
  2⤵
  PID:9276
- C:\Windows\System\xNljUvA.exe
  C:\Windows\System\xNljUvA.exe
  2⤵
  PID:9292
- C:\Windows\System\nzQTljP.exe
  C:\Windows\System\nzQTljP.exe
  2⤵
  PID:9308
- C:\Windows\System\uQgspBa.exe
  C:\Windows\System\uQgspBa.exe
  2⤵
  PID:9328
- C:\Windows\System\YYogIAJ.exe
  C:\Windows\System\YYogIAJ.exe
  2⤵
  PID:9348
- C:\Windows\System\wRMVKmV.exe
  C:\Windows\System\wRMVKmV.exe
  2⤵
  PID:9368
- C:\Windows\System\LbAFQeY.exe
  C:\Windows\System\LbAFQeY.exe
  2⤵
  PID:9388
- C:\Windows\System\fqdNnbM.exe
  C:\Windows\System\fqdNnbM.exe
  2⤵
  PID:9408
- C:\Windows\System\LNBqegI.exe
  C:\Windows\System\LNBqegI.exe
  2⤵
  PID:9428
- C:\Windows\System\qwsrjkM.exe
  C:\Windows\System\qwsrjkM.exe
  2⤵
  PID:9444
- C:\Windows\System\VnrjAqR.exe
  C:\Windows\System\VnrjAqR.exe
  2⤵
  PID:9472
- C:\Windows\System\sPusndj.exe
  C:\Windows\System\sPusndj.exe
  2⤵
  PID:9488
- C:\Windows\System\fsGFoTK.exe
  C:\Windows\System\fsGFoTK.exe
  2⤵
  PID:9512
- C:\Windows\System\YwcZEzM.exe
  C:\Windows\System\YwcZEzM.exe
  2⤵
  PID:9528
- C:\Windows\System\dJhctXg.exe
  C:\Windows\System\dJhctXg.exe
  2⤵
  PID:9544
- C:\Windows\System\RUWSevD.exe
  C:\Windows\System\RUWSevD.exe
  2⤵
  PID:9560
- C:\Windows\System\Ebvhliu.exe
  C:\Windows\System\Ebvhliu.exe
  2⤵
  PID:9576
- C:\Windows\System\gGhCHce.exe
  C:\Windows\System\gGhCHce.exe
  2⤵
  PID:9592
- C:\Windows\System\qsZXCzO.exe
  C:\Windows\System\qsZXCzO.exe
  2⤵
  PID:9616
- C:\Windows\System\JvTargQ.exe
  C:\Windows\System\JvTargQ.exe
  2⤵
  PID:9636
- C:\Windows\System\oDMYtRF.exe
  C:\Windows\System\oDMYtRF.exe
  2⤵
  PID:9680
- C:\Windows\System\ZXOfXCu.exe
  C:\Windows\System\ZXOfXCu.exe
  2⤵
  PID:9696
- C:\Windows\System\itRqRMQ.exe
  C:\Windows\System\itRqRMQ.exe
  2⤵
  PID:9712
- C:\Windows\System\UMuxlHR.exe
  C:\Windows\System\UMuxlHR.exe
  2⤵
  PID:9728
- C:\Windows\System\qkutWzt.exe
  C:\Windows\System\qkutWzt.exe
  2⤵
  PID:9744
- C:\Windows\System\xVajyaQ.exe
  C:\Windows\System\xVajyaQ.exe
  2⤵
  PID:9760
- C:\Windows\System\dJcycjN.exe
  C:\Windows\System\dJcycjN.exe
  2⤵
  PID:9776
- C:\Windows\System\DdnCSxA.exe
  C:\Windows\System\DdnCSxA.exe
  2⤵
  PID:9792
- C:\Windows\System\OgKVvRw.exe
  C:\Windows\System\OgKVvRw.exe
  2⤵
  PID:9808
- C:\Windows\System\iIMZHeP.exe
  C:\Windows\System\iIMZHeP.exe
  2⤵
  PID:9824
- C:\Windows\System\vrhTwGZ.exe
  C:\Windows\System\vrhTwGZ.exe
  2⤵
  PID:9840
- C:\Windows\System\mBCmvSw.exe
  C:\Windows\System\mBCmvSw.exe
  2⤵
  PID:9856
- C:\Windows\System\JopNKWk.exe
  C:\Windows\System\JopNKWk.exe
  2⤵
  PID:9872
- C:\Windows\System\kkQmGjz.exe
  C:\Windows\System\kkQmGjz.exe
  2⤵
  PID:9888
- C:\Windows\System\fJwxvYf.exe
  C:\Windows\System\fJwxvYf.exe
  2⤵
  PID:9904
- C:\Windows\System\FoQxSTy.exe
  C:\Windows\System\FoQxSTy.exe
  2⤵
  PID:9920
- C:\Windows\System\UHOPkkM.exe
  C:\Windows\System\UHOPkkM.exe
  2⤵
  PID:9936
- C:\Windows\System\NEkNnMg.exe
  C:\Windows\System\NEkNnMg.exe
  2⤵
  PID:9952
- C:\Windows\System\BABzKKp.exe
  C:\Windows\System\BABzKKp.exe
  2⤵
  PID:9968
- C:\Windows\System\kNaZlgd.exe
  C:\Windows\System\kNaZlgd.exe
  2⤵
  PID:9984
- C:\Windows\System\jhAnQCl.exe
  C:\Windows\System\jhAnQCl.exe
  2⤵
  PID:10000
- C:\Windows\System\dGiTGaa.exe
  C:\Windows\System\dGiTGaa.exe
  2⤵
  PID:10016
- C:\Windows\System\stgyeSd.exe
  C:\Windows\System\stgyeSd.exe
  2⤵
  PID:10032
- C:\Windows\System\eiRwKbp.exe
  C:\Windows\System\eiRwKbp.exe
  2⤵
  PID:10048
- C:\Windows\System\MTMEbWX.exe
  C:\Windows\System\MTMEbWX.exe
  2⤵
  PID:10064
- C:\Windows\System\HiKQnkF.exe
  C:\Windows\System\HiKQnkF.exe
  2⤵
  PID:10080
- C:\Windows\System\yVQSmfc.exe
  C:\Windows\System\yVQSmfc.exe
  2⤵
  PID:10096
- C:\Windows\System\UckLdLj.exe
  C:\Windows\System\UckLdLj.exe
  2⤵
  PID:10112
- C:\Windows\System\ttFUgIq.exe
  C:\Windows\System\ttFUgIq.exe
  2⤵
  PID:10128
- C:\Windows\System\dUWCRdK.exe
  C:\Windows\System\dUWCRdK.exe
  2⤵
  PID:10144
- C:\Windows\System\cjSEVOt.exe
  C:\Windows\System\cjSEVOt.exe
  2⤵
  PID:10164
- C:\Windows\System\TGGOePW.exe
  C:\Windows\System\TGGOePW.exe
  2⤵
  PID:10180
- C:\Windows\System\SsEkOGT.exe
  C:\Windows\System\SsEkOGT.exe
  2⤵
  PID:10196
- C:\Windows\System\tJLmnMa.exe
  C:\Windows\System\tJLmnMa.exe
  2⤵
  PID:10212
- C:\Windows\System\KMzuSEo.exe
  C:\Windows\System\KMzuSEo.exe
  2⤵
  PID:10232
- C:\Windows\System\gBxCSwy.exe
  C:\Windows\System\gBxCSwy.exe
  2⤵
  PID:9228
- C:\Windows\System\JRWojEz.exe
  C:\Windows\System\JRWojEz.exe
  2⤵
  PID:8932
- C:\Windows\System\faydrmF.exe
  C:\Windows\System\faydrmF.exe
  2⤵
  PID:9040
- C:\Windows\System\XUbwxuE.exe
  C:\Windows\System\XUbwxuE.exe
  2⤵
  PID:9264
- C:\Windows\System\JrsFRot.exe
  C:\Windows\System\JrsFRot.exe
  2⤵
  PID:9284
- C:\Windows\System\OgSETPU.exe
  C:\Windows\System\OgSETPU.exe
  2⤵
  PID:9340
- C:\Windows\System\EoeGxOK.exe
  C:\Windows\System\EoeGxOK.exe
  2⤵
  PID:9376
- C:\Windows\System\cDVhcYv.exe
  C:\Windows\System\cDVhcYv.exe
  2⤵
  PID:9424
- C:\Windows\System\sdiqIgj.exe
  C:\Windows\System\sdiqIgj.exe
  2⤵
  PID:9584
- C:\Windows\System\xxTKvzV.exe
  C:\Windows\System\xxTKvzV.exe
  2⤵
  PID:9676
- C:\Windows\System\CyiQVWu.exe
  C:\Windows\System\CyiQVWu.exe
  2⤵
  PID:9772
- C:\Windows\System\GrtonBj.exe
  C:\Windows\System\GrtonBj.exe
  2⤵
  PID:9864
- C:\Windows\System\FTHEbhN.exe
  C:\Windows\System\FTHEbhN.exe
  2⤵
  PID:9928
- C:\Windows\System\FDXtDiw.exe
  C:\Windows\System\FDXtDiw.exe
  2⤵
  PID:9964
- C:\Windows\System\GuWMjMD.exe
  C:\Windows\System\GuWMjMD.exe
  2⤵
  PID:9980
- C:\Windows\System\gJYtvpU.exe
  C:\Windows\System\gJYtvpU.exe
  2⤵
  PID:9992
- C:\Windows\System\WXKxlHx.exe
  C:\Windows\System\WXKxlHx.exe
  2⤵
  PID:9852
- C:\Windows\System\fIpdcUa.exe
  C:\Windows\System\fIpdcUa.exe
  2⤵
  PID:9884
- C:\Windows\System\PwZQzIs.exe
  C:\Windows\System\PwZQzIs.exe
  2⤵
  PID:10136
- C:\Windows\System\QABRBHQ.exe
  C:\Windows\System\QABRBHQ.exe
  2⤵
  PID:10224
- C:\Windows\System\wNHdFqk.exe
  C:\Windows\System\wNHdFqk.exe
  2⤵
  PID:9224
- C:\Windows\System\QUKYCtT.exe
  C:\Windows\System\QUKYCtT.exe
  2⤵
  PID:9260
- C:\Windows\System\KPKIZNG.exe
  C:\Windows\System\KPKIZNG.exe
  2⤵
  PID:9316
- C:\Windows\System\DktUESU.exe
  C:\Windows\System\DktUESU.exe
  2⤵
  PID:9244
- C:\Windows\System\MuFADiZ.exe
  C:\Windows\System\MuFADiZ.exe
  2⤵
  PID:9320
- C:\Windows\System\AMjRTHA.exe
  C:\Windows\System\AMjRTHA.exe
  2⤵
  PID:9364
- C:\Windows\System\ZrGTKkr.exe
  C:\Windows\System\ZrGTKkr.exe
  2⤵
  PID:1980
- C:\Windows\System\YADNxJe.exe
  C:\Windows\System\YADNxJe.exe
  2⤵
  PID:1724
- C:\Windows\System\dSEykQQ.exe
  C:\Windows\System\dSEykQQ.exe
  2⤵
  PID:9688
- C:\Windows\System\DdEcQOv.exe
  C:\Windows\System\DdEcQOv.exe
  2⤵
  PID:9752
- C:\Windows\System\GYnPXQg.exe
  C:\Windows\System\GYnPXQg.exe
  2⤵
  PID:9628
- C:\Windows\System\HtyRZqT.exe
  C:\Windows\System\HtyRZqT.exe
  2⤵
  PID:9960
- C:\Windows\System\sXLsiVn.exe
  C:\Windows\System\sXLsiVn.exe
  2⤵
  PID:2552
- C:\Windows\System\vHKFRbl.exe
  C:\Windows\System\vHKFRbl.exe
  2⤵
  PID:9536
- C:\Windows\System\ZJUBMQg.exe
  C:\Windows\System\ZJUBMQg.exe
  2⤵
  PID:9588
- C:\Windows\System\GlFINnq.exe
  C:\Windows\System\GlFINnq.exe
  2⤵
  PID:9740
- C:\Windows\System\KZWmJVF.exe
  C:\Windows\System\KZWmJVF.exe
  2⤵
  PID:9816
- C:\Windows\System\SgUsOLA.exe
  C:\Windows\System\SgUsOLA.exe
  2⤵
  PID:10044
- C:\Windows\System\hEdeYEg.exe
  C:\Windows\System\hEdeYEg.exe
  2⤵
  PID:10028
- C:\Windows\System\czVRzKM.exe
  C:\Windows\System\czVRzKM.exe
  2⤵
  PID:9948
- C:\Windows\System\kEeGmOn.exe
  C:\Windows\System\kEeGmOn.exe
  2⤵
  PID:9944
- C:\Windows\System\wrSrJIy.exe
  C:\Windows\System\wrSrJIy.exe
  2⤵
  PID:10124
- C:\Windows\System\lyoaMVa.exe
  C:\Windows\System\lyoaMVa.exe
  2⤵
  PID:10192
- C:\Windows\System\OiMZlHg.exe
  C:\Windows\System\OiMZlHg.exe
  2⤵
  PID:10188
- C:\Windows\System\zHtjswG.exe
  C:\Windows\System\zHtjswG.exe
  2⤵
  PID:9240
- C:\Windows\System\LxsKqiu.exe
  C:\Windows\System\LxsKqiu.exe
  2⤵
  PID:2280
- C:\Windows\System\xftbQXV.exe
  C:\Windows\System\xftbQXV.exe
  2⤵
  PID:9360
- C:\Windows\System\EsKrCET.exe
  C:\Windows\System\EsKrCET.exe
  2⤵
  PID:9604

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AXMOuLG.exe

Filesize
6.0MB

MD5
99cd468573749706e98ec9beea1add76

SHA1
488928372cf87db852b1d47c409629fb447de599

SHA256
e74cb87f027e4779970c16f25439ab6f609469acb75c42ac6216a5f6f022a8ff

SHA512
5918c9c0298de763da990c3b099d638841a7c5cd078bb2cdf9e9c1fecb0d853dd165336bd4da12452150ba58feeb23ea9297d9819c198239ecb7a64c86d38a7f

Download Submit
C:\Windows\system\AkTWJFd.exe

Filesize
6.0MB

MD5
0dc836b5d150f54c6598d4af849bf483

SHA1
1bb36666c7ceda5b02b337d216a2b5ff1c84bb66

SHA256
f257f387be026b960bc5edd9d9810a0b8a724dc78b04601d58d9e383cbeabb67

SHA512
73f95fea6f17367cbc7caa8d77ec851a6989d094325c21ee8154d86dba9a5cbe0771d2be5496ed83fd995a486874eaa352438175ea64457a0fac59c610f119fc

Download Submit
C:\Windows\system\CAhZiyL.exe

Filesize
6.0MB

MD5
32b09c1da3057ab2979a368a8a3398f8

SHA1
6e86fe1be1b5a0cffca80e1982d6a8a8df0e4c0b

SHA256
e067492bad285a66994851ce9476dda2f639323d1acfc1c26142fee6dcc42c6e

SHA512
00191a1a3caddb2c8b4504e00ac48bc4551101df8ebab1bce913d39d30ada361f0ab043ba355b560d54209c030c43fdc3c6233685b808ba18e451d4330a0c5f2

Download Submit
C:\Windows\system\DOyCkUn.exe

Filesize
6.0MB

MD5
2f555f52b3d29c438423261d2d1a9872

SHA1
2c25099150d6705fdb9d85f10a2da78df68e88b9

SHA256
565c92078c9d9601ea531bcec2f403a743cdb367a9f0a36113a3cd2c6cd8694c

SHA512
2100b9fb1e8e8eaae95037b37e8f4292252d01707189d052142a89a9c1769000faf817b5192ec95731d1597504dc9d3898f58903bb2ac952fab227f0226eb10d

Download Submit
C:\Windows\system\EPwKiaP.exe

Filesize
6.0MB

MD5
989a3b31ffe51f9eebe4897bfe9f63cf

SHA1
9651bf5f2ddb05da1f7d4f8ad6e8f2eb6d67c4ba

SHA256
8c3b92dd68baaba9f945c78fa8c4529f8e92963b225549cb5d5911f2bb483b51

SHA512
a24cba6328efcbfa1d3c14d57407439cc7aa31eaf55972d343bbe3f71fe960394c9e0403165436fb3c62fda8023e358662e5ae36b7512c9880337f0ff193e5f4

Download Submit
C:\Windows\system\FNsuERO.exe

Filesize
6.0MB

MD5
03eb86750ea20cb5ebb709e67c7c52da

SHA1
0abf50b7ab5a39c8d397815538e25a7fa91f8b77

SHA256
295b5c5b26e4e928625aca8283a7491217228e29ae853498b0ef67738e39b663

SHA512
2d3dd7cd87f2724cd75eb3b32bee9d0c0ad492f89891b825cc8e97ca263f9a6af03e41c1a7a8ba1a5f5318b2ca39c93fd2c4c9e7f5bb457732f575045ea9590b

Download Submit
C:\Windows\system\HloNgAH.exe

Filesize
6.0MB

MD5
b3030af8069759572b9f9edfbec95634

SHA1
c19382e74dd4734b2dbb3c1772ecac459a621948

SHA256
c6727cf63129be3321cd74bd12c49300324ec537514c69b5aba8ba4c3d906222

SHA512
c3166b4cbda6a0fc820de74ce9b796bf42ea66fa2252281fc8b17eb4d94ee46fd3c387b26368492f48ee5e85ca99621822ca7c80d62e03f675b60bd514c2cf08

Download Submit
C:\Windows\system\NuRAGpd.exe

Filesize
6.0MB

MD5
f963bcd3677ad848efb52f0580819f43

SHA1
624e08c86cae277cef71f57fbb9ae781b1e9b109

SHA256
303306be07f12529910f2d756b2d299364bed8b10c776ec174c32b7bda6390c8

SHA512
13a619cf66f8e3702ef3bdc88531ecb96dfd0f59f32c154aef55d859b40c4516feb68b15163817cd457cf50b723e9ea7dbd4ecee26c7d4d9908b0915eb9ae3e3

Download Submit
C:\Windows\system\PoqAatH.exe

Filesize
6.0MB

MD5
894d7e3045169e6a7e7bdba5d68d60e9

SHA1
d23b3f217d72a39df7e750791afd3a1e60c962a7

SHA256
beb43100d8dfbbe9fa3c534da6c8c1ca39561893795bb13bd4ca6f81428485f4

SHA512
5a09ee65f73158e4acbeda543ae9a3c0c12a051feae0b62475a7891f08489704db31edd74339963bfbc20dde4526e0fd9bf159514d0027a6b1c4c7571bff6843

Download Submit
C:\Windows\system\QdaZLDh.exe

Filesize
6.0MB

MD5
884aee35a3f80b4af09f4ec0fe1a6bae

SHA1
74b3cbfb0a23a27704d49e31b6b953c3f79ad4ac

SHA256
2f14529065ee4cf35cc84784f90856c423a0c6c65dab9c5336a0d0a270a1a858

SHA512
0bced57ef2ab688d1c2f12b4fc57c71d1afafe6c74b7d150f778f4b74ae6d712d0eb888fb2683c576b6bb70a2ded43080170f94d4167dd3245b5f0a04386e0e4

Download Submit
C:\Windows\system\RcVyYCt.exe

Filesize
6.0MB

MD5
de9d234ec0e130d4633396d4cd6e0f0c

SHA1
cae3de9aa41d44013b95201fad2000a14d067ecc

SHA256
8abef1e11d4b7de1a735f8f29638c7ef6eaaee589d95c2e70820d1e555b67f55

SHA512
4c45594fc2893ecf4ab7c21c6bb45de7e30884d592d811b1b58a50dc89e6545cac25339a5e5e216fc31c29532718d99ed9e6b308cca970c37f58655fe54a5abc

Download Submit
C:\Windows\system\SgvEOqd.exe

Filesize
6.0MB

MD5
58fd0738ccaa73dc73b30176a0690e3b

SHA1
63295640299ed3c10013039789cacfe37c2c0988

SHA256
8b1492cb55201f99845e46502d16f9e0ba4ed2ab3984ff00e43fef70098fa372

SHA512
28bf8c58529d114961d11dae5e8f7429e48f34bc99143f6275c491741f8316d8df8e43d99866ba319c67c6f72f901d9137d9e6de3b4fdb9dce6cb22e676d0e74

Download Submit
C:\Windows\system\SqHhySC.exe

Filesize
6.0MB

MD5
2cf332431f9ae23ca65273b8bcaffe67

SHA1
8336b1b57a97b21015aa721bf349070acc71effc

SHA256
6346e97f15e4afb3956a4bb1f5f0922282003bd039feacd98e450984ceb229d0

SHA512
7906d8399bd4413d74d1cb93e69104607484ac24eb0886264ff82db97d8a98756a1b1b1001339af86489be907002fe9cd431cd4621609cd6d6456a84dd5171cf

Download Submit
C:\Windows\system\SthKALS.exe

Filesize
6.0MB

MD5
655c11e59f2bbf225f23c7ae1728841c

SHA1
0ea628f31bc3a14eea739799f14f1242de4efded

SHA256
4fa2592c4e5e3fded270c307a79ffdb5a08b3cf545205f3f08d4aea303e9c5a6

SHA512
104e0edfbd05db999088982a666db770e95dd4767fa6a38ab62bd3c9507129ca0bee2e08d271dfcdc8a8af96887731d771e4e9df2cb7d7ad671faa50a21aff2e

Download Submit
C:\Windows\system\VPLkndd.exe

Filesize
6.0MB

MD5
7d2b31cfc5aac575906dcf2ed4a1f241

SHA1
86143a1648ee8483da9db1033d360dbee0c5b7d6

SHA256
2720b9b6a76d743c13e89141f7cb1f8a93b6e0a7c8910e86cabd29114935de27

SHA512
c1834581fad5d219893c27de42e002514d3f77992ec3d801d17935ec05df8b2ea21249a0a8f4cb4bf9aad04130f7c18da13b344a5811b2718c71bfd08b99e74b

Download Submit
C:\Windows\system\ZqnRQSZ.exe

Filesize
6.0MB

MD5
87e6651c5033f8c9465116ebc9009abd

SHA1
e64230312b9f071d56af989a23cfcc09a69a2274

SHA256
3def56834a7d52aba1bf4593d8f7bec2544b1737f33d9af2ef157fe7d9a9fdac

SHA512
77b6d8ca51e99fdeeb975ba37bc1f78bc5165fba8d848bf0c76c450a07a03749560ddb840e40f816b174322f90806543aff960b55d23ac689c808e8b1ab80188

Download Submit
C:\Windows\system\bhoxyGk.exe

Filesize
6.0MB

MD5
29a8cf1a112943bd893a04a05a435e1e

SHA1
e60cace8052b5fffc8188e1c3dd18536d9e88ecd

SHA256
e28ba03a35a6a916ea7e5ba346bb86d11472d94512eb9677dcc2121150eedfb3

SHA512
d5a924c8930cdeea72f3ea801e9d6f83c13085c46d2106e20a46013684c37241973128aca138d9b56e8be9a96c330fbe0624054e6d190137fe53d4a186348641

Download Submit
C:\Windows\system\cGKRpBM.exe

Filesize
6.0MB

MD5
7f31fa6a986d74f7636591aef5b6255f

SHA1
566301ea631453473aba2c6bb54c1f90a5d8ae8e

SHA256
995fcd8937d48e9db5d07e088b52524eb424162b683ec551edc0dbdeec09bdc8

SHA512
d41704771fb34df51ffc7ff958ff1602caf82421ea3a3234678538050ee316808d81ebc94427aa30e8e0789ef90a32609f5730aec5cbb62da435e2e4ee8be98a

Download Submit
C:\Windows\system\fczVXAQ.exe

Filesize
6.0MB

MD5
efb88348be60fb5ab52384a168b23ce8

SHA1
bcbac439523460022173d923e981aa95a4461058

SHA256
92ac5cc28a13a22790bd677590fc27bbb902b1a6118e5db120689debb5837956

SHA512
a9d860c804ad2cc1f41fe4ae8d0bdc5d7751719ea9aa8e8008d398e990f900bcb945efb31388acc2528499ed4de8e0268a2c59eb7f2b5d764922be7dbd5e5ff8

Download Submit
C:\Windows\system\gBzOaFk.exe

Filesize
6.0MB

MD5
1128e500f621680efd80e7a03b656af0

SHA1
75e875167f876670376b2623bc561dc1c5e486a3

SHA256
d2bd18120b6efb7c76ac00332a846ca70204511932c6949adb81188500b13d39

SHA512
f9d156b74e87468bd29b837b91cf254bc642ca24e116ce2363553ce84c8846a413d9ac9b5154fba65e6c56a50b0ad2969fd3a1dc1f7dc638fa8628212eb18c5e

Download Submit
C:\Windows\system\hQONbFb.exe

Filesize
6.0MB

MD5
aaa2a2e44b6e357cab0adfd2b54e0b0b

SHA1
48bcf2e1863cebb518746be5a1ae451c90bafccb

SHA256
79a237479ba2566f043a91c4d55e7cebb3b3e741aa0e41682de7e75fe2c639ac

SHA512
33fb1153b517ec287fc5ea07cdee1da46a87d3d98736ca7b8c204b6c520e9809c801f361ed7ab27c4731ed85627139cd4320815e91daa60fb35e47ea5a52da60

Download Submit
C:\Windows\system\kfBTTnC.exe

Filesize
6.0MB

MD5
d571c00952289a32e2be1c0ba7ec4da5

SHA1
7d7709317efba04103cd1da4dc45d6d65b337567

SHA256
90364db0358affe9eb28d0e0f2d117410a0511862ff5397c611b190e185501fd

SHA512
de1ca3c98086b155e6f8caad8fc4e4d6d9aaed308b720c9b09284f67ba09419fe71de65dfdde90631a9c2cdeebb7ea6268a50e82229bda1034082e97ad7a17ac

Download Submit
C:\Windows\system\kvLkCEh.exe

Filesize
6.0MB

MD5
40a4e1f103732b81c3098671604922d4

SHA1
c4f65c606acb19f8f24ccbc2c88899a4672a593f

SHA256
2056e25cbf6a24f8e205f9816274c8f33a9a90d591b4e413570c536302190149

SHA512
02266cc1769026cca6b63822991768e48e84e52264bc34203e4ea7441ffa36852ea7d2f2114f2e1e0e6d35efa3c190efc4ba468907b72f5e37a6fedd66fa310e

Download Submit
C:\Windows\system\nwKsJIz.exe

Filesize
6.0MB

MD5
07e7c6518b75eeb8d5c714dd6b53855c

SHA1
1d8f168545db45b4802fcfd38f8ee18f0ee8abae

SHA256
e95e20f1b3c5176044fde22dbfa778b9d077a9b584bb7389939aa85a4a3e6011

SHA512
5e5853b84fcf7dae871e54ad057a08e7897c4c22d4d72aa1ebf4ccd299b036e5aba929c1c2b547b267f676c7a05af1a76736c22f8deac1fece0eda227772fa6f

Download Submit
C:\Windows\system\uBSWARt.exe

Filesize
6.0MB

MD5
046bc46590c13046d6b7664b2491bf35

SHA1
fb669a0a60b65f58045893207c29911ad705907b

SHA256
cbc51f4e93252e8f6c9119ef21d52ee90e0d801e422ac795ceea63e7cf6b0af5

SHA512
8856a742559296a47bdcf7199559a8618d461e039736d3ebc9aab6e810bda5b3517a9d1f782b8952f850678c6acf94945366f343f27710d8eca08290524faa72

Download Submit
C:\Windows\system\xQrwNwF.exe

Filesize
6.0MB

MD5
868512a8e77206b2fa1b9a2d7e027f37

SHA1
c3542722062bb1820eea8d1535084109280facd8

SHA256
87d049f71fdb650cb923e9c362f58c56e8585de4d11da8f6aed10bed83c13983

SHA512
98cda1df0dbf0ae1eb34a1dba816e40f5ecd84a7866107bac8a0de73e5a19acd748862c642c48e914c667eef9b10f6ed4508d38fb94f1931c21b625560761d6b

Download Submit
C:\Windows\system\yAxRaqR.exe

Filesize
6.0MB

MD5
56dbaf2c6cbcfa6b6e2652e734715350

SHA1
04f2fd8ff0e52229df1991f8f45a10274d6161f5

SHA256
852cc0143be3a75ffb7dd8ce36616c702620febd708959a18a3279d0bd79995d

SHA512
7b93ac7054d89420728f6bc0dce9579ea79f627b763574cfbef9cef9f0360ab504ebc3741fb2a473968ec632c34568513c66a3b225989afd3904502b7c8672e8

Download Submit
C:\Windows\system\yCzenFx.exe

Filesize
6.0MB

MD5
3df44e9a051718a0ea58089e4eaf60ce

SHA1
94a408fac51f2a0a9334b8720ce9f0509a26cef5

SHA256
9a6ddac14f63e087450e0a6b52aec86b0ed07e06148bcaf76887d167fb1a1d62

SHA512
85550991fc6b19893137bb53b813ab3919cf64d49735e5d71cf58b76381231e8a6ad18b0b513d2c4330fc61b84b6554a3f60bd303dc2d035192126400bced41f

Download Submit
C:\Windows\system\yrKjcNm.exe

Filesize
6.0MB

MD5
1fc56d3ca73e33700f8bba03768897c9

SHA1
ba066db6e63c1fb056ebaf5b131dab4f1e0e38e0

SHA256
7e3ffc93fb3d4d3c8cdd83faef0581b6c380257dcd4708ed7dc3ac6e61ca55d0

SHA512
313b7785cc38d6c219d81910b891f26bb021c329403b42fa12a7a70ceb623f1a5bfc0fb8c1d1ce342ffa48af3291c4f60aee5aedc306cc094e223a1066cef1e4

Download Submit
C:\Windows\system\zjpbFJJ.exe

Filesize
6.0MB

MD5
7d93883a551d8a0003e4bd7093703aa4

SHA1
25c6fc131e2b52598d76db60e5be9e07e66923b1

SHA256
68c4e618d82b88a6710b26d3ba1247613d4d5d2f2e9a5b2dd30be552bc732167

SHA512
d5e4905b8735d9dd2dbc11ed39ef4071b45a83d60d1b8675a4e6a84058df171551d2466f157626e94316aa24fa129466aa96c0edc44b23f5d4edb06f31d736ca

Download Submit
\Windows\system\VVufVNz.exe

Filesize
6.0MB

MD5
b8066b67f4fb7119338db3a0c03c94aa

SHA1
ba76cb50d50e35ca4c51840c90075fd711069cf3

SHA256
6047d6965962e22637360a7e909dc46ff5471092a4fb0008f2359b56622a8b04

SHA512
13dc5da86f2a021db619b0197a8c25567d3a824556fbcc5dc914a54a46ade2f2281ab2c3b9c26b052d1d6dd702df94856e1688ef4a27b075f0c936de1c9dadc4

Download Submit
\Windows\system\gBULbEE.exe

Filesize
6.0MB

MD5
f0261ad1626afa0a8b7feee51e7317f6

SHA1
884b3b2d637f781271bcd21504a2ddcc799de3be

SHA256
69f6c27f437318484f6d43dd4e9b35c1777b3c886b52e6077522124eee162280

SHA512
c8a140b77df3454e07bf6365779b119a30abf1b940c15f84ddf880de8c2abece87628eb82d1bd452fa541514ca8e6b013ff96f6fc4ed479e0fad8369cb73cf61

Download Submit
\Windows\system\qFvCpKz.exe

Filesize
6.0MB

MD5
082a8ab9ec2c4a42c4d7aebdad6a5df8

SHA1
8bf9493a81f3bc9c968c9308c3c05fe43a922ed7

SHA256
3bc790d68e4fdb57e936f85d22c52e6d4c48eed6c775d5c6d458f8ef3b36959f

SHA512
f54e87fe468e943708baf1be59817dc5833a860bd4ca124143d5eba5e640809b88a09ddb063f3e9e1d9e3f9756de1a0a50b13396aba612feb3fb816643b85604

Download Submit
memory/772-255-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/772-3376-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-257-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1712-3351-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1824-3399-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1824-251-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/1868-253-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/1868-3350-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2068-245-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2068-3348-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2100-3371-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2100-259-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2496-262-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2496-3378-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2584-247-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2584-3362-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-249-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3349-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2728-916-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2728-16-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3344-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3400-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-243-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-250-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1016-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-248-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2788-0-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2788-252-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-254-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-256-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2788-258-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2788-260-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2788-261-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-815-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-244-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2788-240-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1013-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1014-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1015-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2788-246-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1017-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1019-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1020-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-242-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1021-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1022-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/2788-210-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1023-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1018-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2788-1107-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3347-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-239-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3346-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2936-241-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/3032-3368-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-207-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/3032-917-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download