cobaltstrike | e7ef6da78fd75cd805078d43bfe0fe761e83ef298a81490bea17c5f30bc36ab4

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13-12-2024 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c2349ecc832c612fba01693054def0a3
SHA1

6040351f8ad608f5f21856312e5f590726a7b304
SHA256

e7ef6da78fd75cd805078d43bfe0fe761e83ef298a81490bea17c5f30bc36ab4
SHA512

2bb879991f8c09b13322c2f452ca1742871ad857f01ece83e56e98b1216dad7a2a7cafc1f571a8b83c7d58f05538e6510bd128b990baa9bae29d66e6ae39dab7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000e000000013ab3-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016da7-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016db5-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de4-24.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d47-31.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016de8-32.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001707c-40.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016eb8-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018f65-46.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-50.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-58.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-62.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-66.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-80.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019377-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c1-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019446-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019450-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945b-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b3-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019433-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019387-110.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a4-114.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-102.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-94.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-86.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-78.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-74.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-70.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2480-0-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/files/0x000e000000013ab3-3.dat	xmrig
behavioral1/memory/2348-9-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2480-6-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/files/0x0008000000016da7-10.dat	xmrig
behavioral1/memory/1608-15-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016db5-12.dat	xmrig
behavioral1/memory/2508-21-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016de4-24.dat	xmrig
behavioral1/files/0x0009000000016d47-31.dat	xmrig
behavioral1/files/0x0007000000016de8-32.dat	xmrig
behavioral1/files/0x000800000001707c-40.dat	xmrig
behavioral1/files/0x0007000000016eb8-39.dat	xmrig
behavioral1/files/0x0007000000018f65-46.dat	xmrig
behavioral1/files/0x000600000001904c-50.dat	xmrig
behavioral1/files/0x00060000000190e1-54.dat	xmrig
behavioral1/files/0x00050000000191d2-58.dat	xmrig
behavioral1/files/0x00050000000191f6-62.dat	xmrig
behavioral1/files/0x0005000000019217-66.dat	xmrig
behavioral1/files/0x000500000001926c-80.dat	xmrig
behavioral1/files/0x0005000000019377-106.dat	xmrig
behavioral1/files/0x00050000000193c1-131.dat	xmrig
behavioral1/files/0x0005000000019446-152.dat	xmrig
behavioral1/memory/2980-1430-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2820-1439-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2756-1444-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2736-1458-0x000000013F750000-0x000000013FAA4000-memory.dmp	xmrig
behavioral1/memory/2908-1460-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2480-1465-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2480-1468-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2712-1467-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2624-1469-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2480-1472-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2580-1471-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2480-1475-0x000000013F630000-0x000000013F984000-memory.dmp	xmrig
behavioral1/memory/2644-1473-0x000000013FD40000-0x0000000140094000-memory.dmp	xmrig
behavioral1/memory/2680-1476-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2824-1477-0x000000013FDB0000-0x0000000140104000-memory.dmp	xmrig
behavioral1/files/0x0005000000019450-162.dat	xmrig
behavioral1/files/0x000500000001945b-166.dat	xmrig
behavioral1/files/0x00050000000193b3-143.dat	xmrig
behavioral1/files/0x0005000000019433-138.dat	xmrig
behavioral1/files/0x0005000000019387-110.dat	xmrig
behavioral1/files/0x00050000000193a4-114.dat	xmrig
behavioral1/files/0x0005000000019365-102.dat	xmrig
behavioral1/files/0x0005000000019319-98.dat	xmrig
behavioral1/files/0x000500000001929a-94.dat	xmrig
behavioral1/files/0x0005000000019278-90.dat	xmrig
behavioral1/files/0x0005000000019275-86.dat	xmrig
behavioral1/files/0x0005000000019268-78.dat	xmrig
behavioral1/files/0x0005000000019259-74.dat	xmrig
behavioral1/files/0x0005000000019240-70.dat	xmrig
behavioral1/memory/2348-1644-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/1608-1970-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2508-2283-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/2480-2371-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2508-3385-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/1608-3376-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2348-3392-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2756-3641-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2908-3644-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2624-3645-0x000000013FB70000-0x000000013FEC4000-memory.dmp	xmrig
behavioral1/memory/2980-3643-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2820-3650-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2348	fZTRbqO.exe
1608	SCQxGcD.exe
2508	mFDnlHG.exe
2680	aOzmLQn.exe
2824	zLxeXNH.exe
2980	hEpPWEU.exe
2820	TfFGgsK.exe
2756	GmvMnvm.exe
2736	ywEIlCk.exe
2908	MFwWqTy.exe
2712	TLQEIAZ.exe
2624	OkmvIyW.exe
2580	aXbrefv.exe
2644	VKEHywD.exe
3044	RGUxwBe.exe
3052	mXFzwuW.exe
780	qpTlmyj.exe
1992	XSQOpsb.exe
2948	ftdJRcu.exe
2036	gZKNsnO.exe
2800	PRLcDHc.exe
2640	HcOTxar.exe
2936	IWDLiXc.exe
1956	MwbIRqP.exe
2904	YHxwCbj.exe
1160	ANjRjKC.exe
2436	gEXDAYh.exe
856	AGXINVW.exe
2100	WEGMzyl.exe
2172	AIiWYAd.exe
2328	doIJclC.exe
1628	gRmNgpz.exe
2184	aaxYdAQ.exe
1308	mKuHWHv.exe
1616	xEfimzU.exe
1344	LMGmwBY.exe
1080	McoFsAE.exe
1388	HoaSAFe.exe
1572	kFFiDfu.exe
748	kHNQTjT.exe
1544	GsTGKyd.exe
924	iueHcYF.exe
556	HDkYQiX.exe
1772	UdrftYr.exe
2256	zqMjRpP.exe
2456	wMuzSRn.exe
2260	iRIrAgf.exe
904	OaMHRoA.exe
976	qWgNSxP.exe
1268	uyqANkh.exe
2128	dWdFbuz.exe
2488	gsqLchD.exe
884	eZYxjxD.exe
324	KVGkGEb.exe
1676	jfrYNyb.exe
1148	hFzTpSe.exe
1400	EAiIsQp.exe
1692	DbOGjkZ.exe
2344	lIswMEo.exe
2504	aROKDbb.exe
2296	bYKCDqa.exe
3048	vAZNuhY.exe
1960	zkTEaNy.exe
2072	aijbERS.exe

Loads dropped DLL 64 IoCs

pid	Process
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2480-0-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/files/0x000e000000013ab3-3.dat	upx
behavioral1/memory/2348-9-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2480-6-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/files/0x0008000000016da7-10.dat	upx
behavioral1/memory/1608-15-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/files/0x0008000000016db5-12.dat	upx
behavioral1/memory/2508-21-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/files/0x0007000000016de4-24.dat	upx
behavioral1/files/0x0009000000016d47-31.dat	upx
behavioral1/files/0x0007000000016de8-32.dat	upx
behavioral1/files/0x000800000001707c-40.dat	upx
behavioral1/files/0x0007000000016eb8-39.dat	upx
behavioral1/files/0x0007000000018f65-46.dat	upx
behavioral1/files/0x000600000001904c-50.dat	upx
behavioral1/files/0x00060000000190e1-54.dat	upx
behavioral1/files/0x00050000000191d2-58.dat	upx
behavioral1/files/0x00050000000191f6-62.dat	upx
behavioral1/files/0x0005000000019217-66.dat	upx
behavioral1/files/0x000500000001926c-80.dat	upx
behavioral1/files/0x0005000000019377-106.dat	upx
behavioral1/files/0x00050000000193c1-131.dat	upx
behavioral1/files/0x0005000000019446-152.dat	upx
behavioral1/memory/2980-1430-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2820-1439-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2756-1444-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2736-1458-0x000000013F750000-0x000000013FAA4000-memory.dmp	upx
behavioral1/memory/2908-1460-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2712-1467-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2624-1469-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2580-1471-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2480-1475-0x000000013F630000-0x000000013F984000-memory.dmp	upx
behavioral1/memory/2644-1473-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2680-1476-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2824-1477-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/files/0x0005000000019450-162.dat	upx
behavioral1/files/0x000500000001945b-166.dat	upx
behavioral1/files/0x00050000000193b3-143.dat	upx
behavioral1/files/0x0005000000019433-138.dat	upx
behavioral1/files/0x0005000000019387-110.dat	upx
behavioral1/files/0x00050000000193a4-114.dat	upx
behavioral1/files/0x0005000000019365-102.dat	upx
behavioral1/files/0x0005000000019319-98.dat	upx
behavioral1/files/0x000500000001929a-94.dat	upx
behavioral1/files/0x0005000000019278-90.dat	upx
behavioral1/files/0x0005000000019275-86.dat	upx
behavioral1/files/0x0005000000019268-78.dat	upx
behavioral1/files/0x0005000000019259-74.dat	upx
behavioral1/files/0x0005000000019240-70.dat	upx
behavioral1/memory/2348-1644-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/1608-1970-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2508-2283-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2508-3385-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/1608-3376-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2348-3392-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2756-3641-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2908-3644-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2624-3645-0x000000013FB70000-0x000000013FEC4000-memory.dmp	upx
behavioral1/memory/2980-3643-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2820-3650-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2644-3648-0x000000013FD40000-0x0000000140094000-memory.dmp	upx
behavioral1/memory/2824-3660-0x000000013FDB0000-0x0000000140104000-memory.dmp	upx
behavioral1/memory/2680-3640-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2580-3672-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cmfdNjW.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Pqqxbfn.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EsWnPea.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jiAZpHn.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsGGABe.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpmxwfb.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DsARoEq.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CcqbRTg.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZXLtCLZ.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLgPWXX.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SXWAwJH.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DavUOSd.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLddNxk.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTODEmk.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pGSVqsg.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MXGGpNS.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\adMNpTW.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QRoRCLz.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIfnwjw.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKsWDxM.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXybBqN.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yaHemxY.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCpNNdC.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rttZXdo.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgXNpQk.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WFxwgkx.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hmkkuAx.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hnfFWXv.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wFXKpcO.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIwUgFB.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVQbelU.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LwrEjSg.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oGWbfAI.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BIucbUX.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tmYHepm.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dsxXhsL.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kYCfBmt.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yZIszbt.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CVvnVIo.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xpAQLas.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\utEmEnN.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EiSvhFp.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTzJndL.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGknOEF.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DUfrbbj.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aodgiFd.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NRipRPS.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SFqDaCM.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BlkHpGe.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yCsEjxL.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPNbENn.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\USdJEzZ.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KjeLwks.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VTcLFnO.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmcSAPp.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JhPQZDI.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YCdHaRd.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lUfyyDE.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xkwhLgM.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPOWbiy.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WvNcpWa.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdpImYQ.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ugGLOKu.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uMfwDnY.exe	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2348	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 2348	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 2348	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2480 wrote to memory of 1608	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 1608	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 1608	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2480 wrote to memory of 2508	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 2508	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 2508	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2480 wrote to memory of 2680	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 2680	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 2680	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2480 wrote to memory of 2824	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2824	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2824	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2480 wrote to memory of 2980	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2980	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2980	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2480 wrote to memory of 2820	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2820	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2820	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2480 wrote to memory of 2756	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2756	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2756	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2480 wrote to memory of 2736	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2736	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2736	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2480 wrote to memory of 2908	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2908	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2908	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2480 wrote to memory of 2712	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 2712	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 2712	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2480 wrote to memory of 2624	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 2624	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 2624	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2480 wrote to memory of 2580	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 2580	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 2580	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2480 wrote to memory of 2644	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 2644	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 2644	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2480 wrote to memory of 3044	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 3044	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 3044	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2480 wrote to memory of 3052	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 3052	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 3052	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2480 wrote to memory of 780	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 780	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 780	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2480 wrote to memory of 1992	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 1992	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 1992	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2480 wrote to memory of 2948	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 2948	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 2948	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2480 wrote to memory of 2036	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 2036	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 2036	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2480 wrote to memory of 2800	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2480 wrote to memory of 2800	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2480 wrote to memory of 2800	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2480 wrote to memory of 2640	2480	2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-13_c2349ecc832c612fba01693054def0a3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\System\fZTRbqO.exe
  C:\Windows\System\fZTRbqO.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\SCQxGcD.exe
  C:\Windows\System\SCQxGcD.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\mFDnlHG.exe
  C:\Windows\System\mFDnlHG.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\aOzmLQn.exe
  C:\Windows\System\aOzmLQn.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\zLxeXNH.exe
  C:\Windows\System\zLxeXNH.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\hEpPWEU.exe
  C:\Windows\System\hEpPWEU.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\TfFGgsK.exe
  C:\Windows\System\TfFGgsK.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\GmvMnvm.exe
  C:\Windows\System\GmvMnvm.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\ywEIlCk.exe
  C:\Windows\System\ywEIlCk.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\MFwWqTy.exe
  C:\Windows\System\MFwWqTy.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\TLQEIAZ.exe
  C:\Windows\System\TLQEIAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\OkmvIyW.exe
  C:\Windows\System\OkmvIyW.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\aXbrefv.exe
  C:\Windows\System\aXbrefv.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\VKEHywD.exe
  C:\Windows\System\VKEHywD.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\RGUxwBe.exe
  C:\Windows\System\RGUxwBe.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\mXFzwuW.exe
  C:\Windows\System\mXFzwuW.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\qpTlmyj.exe
  C:\Windows\System\qpTlmyj.exe
  2⤵
  - Executes dropped EXE
  PID:780
- C:\Windows\System\XSQOpsb.exe
  C:\Windows\System\XSQOpsb.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\ftdJRcu.exe
  C:\Windows\System\ftdJRcu.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\gZKNsnO.exe
  C:\Windows\System\gZKNsnO.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\PRLcDHc.exe
  C:\Windows\System\PRLcDHc.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\HcOTxar.exe
  C:\Windows\System\HcOTxar.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\IWDLiXc.exe
  C:\Windows\System\IWDLiXc.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\MwbIRqP.exe
  C:\Windows\System\MwbIRqP.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\YHxwCbj.exe
  C:\Windows\System\YHxwCbj.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\ANjRjKC.exe
  C:\Windows\System\ANjRjKC.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\AGXINVW.exe
  C:\Windows\System\AGXINVW.exe
  2⤵
  - Executes dropped EXE
  PID:856
- C:\Windows\System\gEXDAYh.exe
  C:\Windows\System\gEXDAYh.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\AIiWYAd.exe
  C:\Windows\System\AIiWYAd.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\WEGMzyl.exe
  C:\Windows\System\WEGMzyl.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\doIJclC.exe
  C:\Windows\System\doIJclC.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\gRmNgpz.exe
  C:\Windows\System\gRmNgpz.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\aaxYdAQ.exe
  C:\Windows\System\aaxYdAQ.exe
  2⤵
  - Executes dropped EXE
  PID:2184
- C:\Windows\System\mKuHWHv.exe
  C:\Windows\System\mKuHWHv.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\xEfimzU.exe
  C:\Windows\System\xEfimzU.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\LMGmwBY.exe
  C:\Windows\System\LMGmwBY.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\McoFsAE.exe
  C:\Windows\System\McoFsAE.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\HoaSAFe.exe
  C:\Windows\System\HoaSAFe.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\kFFiDfu.exe
  C:\Windows\System\kFFiDfu.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\kHNQTjT.exe
  C:\Windows\System\kHNQTjT.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\GsTGKyd.exe
  C:\Windows\System\GsTGKyd.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\iueHcYF.exe
  C:\Windows\System\iueHcYF.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\HDkYQiX.exe
  C:\Windows\System\HDkYQiX.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\UdrftYr.exe
  C:\Windows\System\UdrftYr.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\zqMjRpP.exe
  C:\Windows\System\zqMjRpP.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\wMuzSRn.exe
  C:\Windows\System\wMuzSRn.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\iRIrAgf.exe
  C:\Windows\System\iRIrAgf.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\OaMHRoA.exe
  C:\Windows\System\OaMHRoA.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\qWgNSxP.exe
  C:\Windows\System\qWgNSxP.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\uyqANkh.exe
  C:\Windows\System\uyqANkh.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\dWdFbuz.exe
  C:\Windows\System\dWdFbuz.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\gsqLchD.exe
  C:\Windows\System\gsqLchD.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\eZYxjxD.exe
  C:\Windows\System\eZYxjxD.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\KVGkGEb.exe
  C:\Windows\System\KVGkGEb.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\jfrYNyb.exe
  C:\Windows\System\jfrYNyb.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\hFzTpSe.exe
  C:\Windows\System\hFzTpSe.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\EAiIsQp.exe
  C:\Windows\System\EAiIsQp.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\DbOGjkZ.exe
  C:\Windows\System\DbOGjkZ.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\lIswMEo.exe
  C:\Windows\System\lIswMEo.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\aROKDbb.exe
  C:\Windows\System\aROKDbb.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\bYKCDqa.exe
  C:\Windows\System\bYKCDqa.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\vAZNuhY.exe
  C:\Windows\System\vAZNuhY.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\zkTEaNy.exe
  C:\Windows\System\zkTEaNy.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\aijbERS.exe
  C:\Windows\System\aijbERS.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\NgGzygs.exe
  C:\Windows\System\NgGzygs.exe
  2⤵
  PID:2716
- C:\Windows\System\IszbvNb.exe
  C:\Windows\System\IszbvNb.exe
  2⤵
  PID:2808
- C:\Windows\System\ZuSbnWT.exe
  C:\Windows\System\ZuSbnWT.exe
  2⤵
  PID:2744
- C:\Windows\System\VTtxzkI.exe
  C:\Windows\System\VTtxzkI.exe
  2⤵
  PID:2636
- C:\Windows\System\izUQURi.exe
  C:\Windows\System\izUQURi.exe
  2⤵
  PID:1252
- C:\Windows\System\wOfWNEG.exe
  C:\Windows\System\wOfWNEG.exe
  2⤵
  PID:2868
- C:\Windows\System\FfRpsnc.exe
  C:\Windows\System\FfRpsnc.exe
  2⤵
  PID:2788
- C:\Windows\System\uffaZff.exe
  C:\Windows\System\uffaZff.exe
  2⤵
  PID:2004
- C:\Windows\System\rLLJRcK.exe
  C:\Windows\System\rLLJRcK.exe
  2⤵
  PID:3020
- C:\Windows\System\kefuKwh.exe
  C:\Windows\System\kefuKwh.exe
  2⤵
  PID:2668
- C:\Windows\System\fxeYAts.exe
  C:\Windows\System\fxeYAts.exe
  2⤵
  PID:2428
- C:\Windows\System\lGAOEHy.exe
  C:\Windows\System\lGAOEHy.exe
  2⤵
  PID:1044
- C:\Windows\System\dwHQkNj.exe
  C:\Windows\System\dwHQkNj.exe
  2⤵
  PID:1112
- C:\Windows\System\PbtBJwb.exe
  C:\Windows\System\PbtBJwb.exe
  2⤵
  PID:2096
- C:\Windows\System\RkGTUjp.exe
  C:\Windows\System\RkGTUjp.exe
  2⤵
  PID:1908
- C:\Windows\System\ZIaWaun.exe
  C:\Windows\System\ZIaWaun.exe
  2⤵
  PID:1776
- C:\Windows\System\jqPUXzQ.exe
  C:\Windows\System\jqPUXzQ.exe
  2⤵
  PID:1076
- C:\Windows\System\FiYeYpW.exe
  C:\Windows\System\FiYeYpW.exe
  2⤵
  PID:2276
- C:\Windows\System\EKeJXUy.exe
  C:\Windows\System\EKeJXUy.exe
  2⤵
  PID:1860
- C:\Windows\System\FiXbQHw.exe
  C:\Windows\System\FiXbQHw.exe
  2⤵
  PID:108
- C:\Windows\System\xAskUWj.exe
  C:\Windows\System\xAskUWj.exe
  2⤵
  PID:1640
- C:\Windows\System\usNcvmU.exe
  C:\Windows\System\usNcvmU.exe
  2⤵
  PID:824
- C:\Windows\System\jioyHTK.exe
  C:\Windows\System\jioyHTK.exe
  2⤵
  PID:1352
- C:\Windows\System\LsGYxta.exe
  C:\Windows\System\LsGYxta.exe
  2⤵
  PID:1368
- C:\Windows\System\HSSsbBQ.exe
  C:\Windows\System\HSSsbBQ.exe
  2⤵
  PID:348
- C:\Windows\System\wCmcOfI.exe
  C:\Windows\System\wCmcOfI.exe
  2⤵
  PID:2164
- C:\Windows\System\tctTtCb.exe
  C:\Windows\System\tctTtCb.exe
  2⤵
  PID:2524
- C:\Windows\System\ktvWopp.exe
  C:\Windows\System\ktvWopp.exe
  2⤵
  PID:2304
- C:\Windows\System\KYCFsNH.exe
  C:\Windows\System\KYCFsNH.exe
  2⤵
  PID:1824
- C:\Windows\System\CFmgaGR.exe
  C:\Windows\System\CFmgaGR.exe
  2⤵
  PID:880
- C:\Windows\System\xVGATSE.exe
  C:\Windows\System\xVGATSE.exe
  2⤵
  PID:2264
- C:\Windows\System\hwtlDax.exe
  C:\Windows\System\hwtlDax.exe
  2⤵
  PID:1592
- C:\Windows\System\ewzjgaX.exe
  C:\Windows\System\ewzjgaX.exe
  2⤵
  PID:580
- C:\Windows\System\hrjMJxF.exe
  C:\Windows\System\hrjMJxF.exe
  2⤵
  PID:2684
- C:\Windows\System\ExrxOHW.exe
  C:\Windows\System\ExrxOHW.exe
  2⤵
  PID:2500
- C:\Windows\System\yrAGUwW.exe
  C:\Windows\System\yrAGUwW.exe
  2⤵
  PID:2484
- C:\Windows\System\hvlETQv.exe
  C:\Windows\System\hvlETQv.exe
  2⤵
  PID:2964
- C:\Windows\System\UxcmHSc.exe
  C:\Windows\System\UxcmHSc.exe
  2⤵
  PID:2688
- C:\Windows\System\AqLtGga.exe
  C:\Windows\System\AqLtGga.exe
  2⤵
  PID:2620
- C:\Windows\System\VMtgurm.exe
  C:\Windows\System\VMtgurm.exe
  2⤵
  PID:2912
- C:\Windows\System\YMQSEqd.exe
  C:\Windows\System\YMQSEqd.exe
  2⤵
  PID:2928
- C:\Windows\System\QFoLrAD.exe
  C:\Windows\System\QFoLrAD.exe
  2⤵
  PID:1728
- C:\Windows\System\djBwMBp.exe
  C:\Windows\System\djBwMBp.exe
  2⤵
  PID:2196
- C:\Windows\System\IsHyPLC.exe
  C:\Windows\System\IsHyPLC.exe
  2⤵
  PID:1436
- C:\Windows\System\uEVqIfk.exe
  C:\Windows\System\uEVqIfk.exe
  2⤵
  PID:2160
- C:\Windows\System\qRpAnXe.exe
  C:\Windows\System\qRpAnXe.exe
  2⤵
  PID:440
- C:\Windows\System\SGRZoem.exe
  C:\Windows\System\SGRZoem.exe
  2⤵
  PID:2032
- C:\Windows\System\TJQDWvp.exe
  C:\Windows\System\TJQDWvp.exe
  2⤵
  PID:1324
- C:\Windows\System\SGbakqd.exe
  C:\Windows\System\SGbakqd.exe
  2⤵
  PID:2272
- C:\Windows\System\YCdHaRd.exe
  C:\Windows\System\YCdHaRd.exe
  2⤵
  PID:1812
- C:\Windows\System\inWgGTJ.exe
  C:\Windows\System\inWgGTJ.exe
  2⤵
  PID:940
- C:\Windows\System\wLWCoVm.exe
  C:\Windows\System\wLWCoVm.exe
  2⤵
  PID:1744
- C:\Windows\System\CdkZDLO.exe
  C:\Windows\System\CdkZDLO.exe
  2⤵
  PID:604
- C:\Windows\System\IYxioos.exe
  C:\Windows\System\IYxioos.exe
  2⤵
  PID:2512
- C:\Windows\System\ITOaIvD.exe
  C:\Windows\System\ITOaIvD.exe
  2⤵
  PID:1700
- C:\Windows\System\UxHSdmi.exe
  C:\Windows\System\UxHSdmi.exe
  2⤵
  PID:2760
- C:\Windows\System\ksNnCAd.exe
  C:\Windows\System\ksNnCAd.exe
  2⤵
  PID:2108
- C:\Windows\System\FmYmlcz.exe
  C:\Windows\System\FmYmlcz.exe
  2⤵
  PID:2804
- C:\Windows\System\LolIePZ.exe
  C:\Windows\System\LolIePZ.exe
  2⤵
  PID:2796
- C:\Windows\System\DTcQlue.exe
  C:\Windows\System\DTcQlue.exe
  2⤵
  PID:2556
- C:\Windows\System\NgWHbEx.exe
  C:\Windows\System\NgWHbEx.exe
  2⤵
  PID:2000
- C:\Windows\System\XVtkPrX.exe
  C:\Windows\System\XVtkPrX.exe
  2⤵
  PID:2176
- C:\Windows\System\HfxJiRd.exe
  C:\Windows\System\HfxJiRd.exe
  2⤵
  PID:1804
- C:\Windows\System\RPorptw.exe
  C:\Windows\System\RPorptw.exe
  2⤵
  PID:980
- C:\Windows\System\ABQYxqL.exe
  C:\Windows\System\ABQYxqL.exe
  2⤵
  PID:956
- C:\Windows\System\nYgePAP.exe
  C:\Windows\System\nYgePAP.exe
  2⤵
  PID:1276
- C:\Windows\System\BifMYiW.exe
  C:\Windows\System\BifMYiW.exe
  2⤵
  PID:2520
- C:\Windows\System\qlKniPa.exe
  C:\Windows\System\qlKniPa.exe
  2⤵
  PID:2200
- C:\Windows\System\prHcWYH.exe
  C:\Windows\System\prHcWYH.exe
  2⤵
  PID:3032
- C:\Windows\System\MdFXIxU.exe
  C:\Windows\System\MdFXIxU.exe
  2⤵
  PID:1600
- C:\Windows\System\FtbYefG.exe
  C:\Windows\System\FtbYefG.exe
  2⤵
  PID:2564
- C:\Windows\System\nYAZVIE.exe
  C:\Windows\System\nYAZVIE.exe
  2⤵
  PID:1784
- C:\Windows\System\KfltuiY.exe
  C:\Windows\System\KfltuiY.exe
  2⤵
  PID:620
- C:\Windows\System\kHICUbb.exe
  C:\Windows\System\kHICUbb.exe
  2⤵
  PID:3076
- C:\Windows\System\rHZkbLq.exe
  C:\Windows\System\rHZkbLq.exe
  2⤵
  PID:3096
- C:\Windows\System\ViZFcAP.exe
  C:\Windows\System\ViZFcAP.exe
  2⤵
  PID:3116
- C:\Windows\System\AthdswW.exe
  C:\Windows\System\AthdswW.exe
  2⤵
  PID:3136
- C:\Windows\System\KhRRdAA.exe
  C:\Windows\System\KhRRdAA.exe
  2⤵
  PID:3156
- C:\Windows\System\PQbvdYd.exe
  C:\Windows\System\PQbvdYd.exe
  2⤵
  PID:3176
- C:\Windows\System\EVYmjrc.exe
  C:\Windows\System\EVYmjrc.exe
  2⤵
  PID:3196
- C:\Windows\System\TCublgy.exe
  C:\Windows\System\TCublgy.exe
  2⤵
  PID:3216
- C:\Windows\System\ryUrVnf.exe
  C:\Windows\System\ryUrVnf.exe
  2⤵
  PID:3236
- C:\Windows\System\IbDjnCG.exe
  C:\Windows\System\IbDjnCG.exe
  2⤵
  PID:3256
- C:\Windows\System\dgropjv.exe
  C:\Windows\System\dgropjv.exe
  2⤵
  PID:3276
- C:\Windows\System\GCmcYfG.exe
  C:\Windows\System\GCmcYfG.exe
  2⤵
  PID:3296
- C:\Windows\System\zOnfhFC.exe
  C:\Windows\System\zOnfhFC.exe
  2⤵
  PID:3316
- C:\Windows\System\RvgbsKN.exe
  C:\Windows\System\RvgbsKN.exe
  2⤵
  PID:3336
- C:\Windows\System\ywCsKdo.exe
  C:\Windows\System\ywCsKdo.exe
  2⤵
  PID:3356
- C:\Windows\System\AeCvnfb.exe
  C:\Windows\System\AeCvnfb.exe
  2⤵
  PID:3376
- C:\Windows\System\kHHInjZ.exe
  C:\Windows\System\kHHInjZ.exe
  2⤵
  PID:3396
- C:\Windows\System\tyhreAY.exe
  C:\Windows\System\tyhreAY.exe
  2⤵
  PID:3416
- C:\Windows\System\GAlntqD.exe
  C:\Windows\System\GAlntqD.exe
  2⤵
  PID:3436
- C:\Windows\System\AUzRFbT.exe
  C:\Windows\System\AUzRFbT.exe
  2⤵
  PID:3456
- C:\Windows\System\LiQDmFS.exe
  C:\Windows\System\LiQDmFS.exe
  2⤵
  PID:3476
- C:\Windows\System\kDEiKqo.exe
  C:\Windows\System\kDEiKqo.exe
  2⤵
  PID:3496
- C:\Windows\System\KGxCDKC.exe
  C:\Windows\System\KGxCDKC.exe
  2⤵
  PID:3516
- C:\Windows\System\pzhRHvb.exe
  C:\Windows\System\pzhRHvb.exe
  2⤵
  PID:3536
- C:\Windows\System\ckABCZm.exe
  C:\Windows\System\ckABCZm.exe
  2⤵
  PID:3556
- C:\Windows\System\cQsFDQP.exe
  C:\Windows\System\cQsFDQP.exe
  2⤵
  PID:3576
- C:\Windows\System\KMRkfHl.exe
  C:\Windows\System\KMRkfHl.exe
  2⤵
  PID:3596
- C:\Windows\System\SFXERRM.exe
  C:\Windows\System\SFXERRM.exe
  2⤵
  PID:3616
- C:\Windows\System\EnRZKaL.exe
  C:\Windows\System\EnRZKaL.exe
  2⤵
  PID:3636
- C:\Windows\System\hRnnaOw.exe
  C:\Windows\System\hRnnaOw.exe
  2⤵
  PID:3656
- C:\Windows\System\RUvZHBk.exe
  C:\Windows\System\RUvZHBk.exe
  2⤵
  PID:3676
- C:\Windows\System\VVvymhf.exe
  C:\Windows\System\VVvymhf.exe
  2⤵
  PID:3696
- C:\Windows\System\aILMYmB.exe
  C:\Windows\System\aILMYmB.exe
  2⤵
  PID:3716
- C:\Windows\System\frbdeeH.exe
  C:\Windows\System\frbdeeH.exe
  2⤵
  PID:3736
- C:\Windows\System\icNjqSJ.exe
  C:\Windows\System\icNjqSJ.exe
  2⤵
  PID:3756
- C:\Windows\System\BwnOQXc.exe
  C:\Windows\System\BwnOQXc.exe
  2⤵
  PID:3776
- C:\Windows\System\vMrXdQd.exe
  C:\Windows\System\vMrXdQd.exe
  2⤵
  PID:3796
- C:\Windows\System\ftSLRTX.exe
  C:\Windows\System\ftSLRTX.exe
  2⤵
  PID:3816
- C:\Windows\System\cnQXJCx.exe
  C:\Windows\System\cnQXJCx.exe
  2⤵
  PID:3840
- C:\Windows\System\dEKmmSs.exe
  C:\Windows\System\dEKmmSs.exe
  2⤵
  PID:3860
- C:\Windows\System\KdOeEkQ.exe
  C:\Windows\System\KdOeEkQ.exe
  2⤵
  PID:3880
- C:\Windows\System\KnVIbJm.exe
  C:\Windows\System\KnVIbJm.exe
  2⤵
  PID:3900
- C:\Windows\System\XBqZRRq.exe
  C:\Windows\System\XBqZRRq.exe
  2⤵
  PID:3920
- C:\Windows\System\hNMCWaw.exe
  C:\Windows\System\hNMCWaw.exe
  2⤵
  PID:3940
- C:\Windows\System\cUubKbj.exe
  C:\Windows\System\cUubKbj.exe
  2⤵
  PID:3960
- C:\Windows\System\aOEuDEJ.exe
  C:\Windows\System\aOEuDEJ.exe
  2⤵
  PID:3980
- C:\Windows\System\rJUlkDi.exe
  C:\Windows\System\rJUlkDi.exe
  2⤵
  PID:4000
- C:\Windows\System\ahOxMLX.exe
  C:\Windows\System\ahOxMLX.exe
  2⤵
  PID:4020
- C:\Windows\System\oVfOYbE.exe
  C:\Windows\System\oVfOYbE.exe
  2⤵
  PID:4040
- C:\Windows\System\WzjcrBZ.exe
  C:\Windows\System\WzjcrBZ.exe
  2⤵
  PID:4060
- C:\Windows\System\KzgULlS.exe
  C:\Windows\System\KzgULlS.exe
  2⤵
  PID:4080
- C:\Windows\System\bboptbU.exe
  C:\Windows\System\bboptbU.exe
  2⤵
  PID:1188
- C:\Windows\System\doJulAv.exe
  C:\Windows\System\doJulAv.exe
  2⤵
  PID:1736
- C:\Windows\System\VASotFR.exe
  C:\Windows\System\VASotFR.exe
  2⤵
  PID:2992
- C:\Windows\System\UTjdlox.exe
  C:\Windows\System\UTjdlox.exe
  2⤵
  PID:1564
- C:\Windows\System\djxbsng.exe
  C:\Windows\System\djxbsng.exe
  2⤵
  PID:2888
- C:\Windows\System\qFuZtES.exe
  C:\Windows\System\qFuZtES.exe
  2⤵
  PID:1476
- C:\Windows\System\UlEaHYR.exe
  C:\Windows\System\UlEaHYR.exe
  2⤵
  PID:3084
- C:\Windows\System\NQjnKuZ.exe
  C:\Windows\System\NQjnKuZ.exe
  2⤵
  PID:3104
- C:\Windows\System\lLYsLYE.exe
  C:\Windows\System\lLYsLYE.exe
  2⤵
  PID:3128
- C:\Windows\System\POxcXlY.exe
  C:\Windows\System\POxcXlY.exe
  2⤵
  PID:3172
- C:\Windows\System\zNlNzBG.exe
  C:\Windows\System\zNlNzBG.exe
  2⤵
  PID:3204
- C:\Windows\System\fcWcvyX.exe
  C:\Windows\System\fcWcvyX.exe
  2⤵
  PID:3224
- C:\Windows\System\giOkyIY.exe
  C:\Windows\System\giOkyIY.exe
  2⤵
  PID:3272
- C:\Windows\System\csxvRkJ.exe
  C:\Windows\System\csxvRkJ.exe
  2⤵
  PID:3304
- C:\Windows\System\EcGtUDj.exe
  C:\Windows\System\EcGtUDj.exe
  2⤵
  PID:3328
- C:\Windows\System\IXVKoUN.exe
  C:\Windows\System\IXVKoUN.exe
  2⤵
  PID:3348
- C:\Windows\System\MmogChQ.exe
  C:\Windows\System\MmogChQ.exe
  2⤵
  PID:3404
- C:\Windows\System\IFNwIfq.exe
  C:\Windows\System\IFNwIfq.exe
  2⤵
  PID:3452
- C:\Windows\System\QVKNxpC.exe
  C:\Windows\System\QVKNxpC.exe
  2⤵
  PID:3472
- C:\Windows\System\TJHWpFU.exe
  C:\Windows\System\TJHWpFU.exe
  2⤵
  PID:3504
- C:\Windows\System\ZfovrEi.exe
  C:\Windows\System\ZfovrEi.exe
  2⤵
  PID:3528
- C:\Windows\System\ppNwFqc.exe
  C:\Windows\System\ppNwFqc.exe
  2⤵
  PID:3568
- C:\Windows\System\JUSlKVd.exe
  C:\Windows\System\JUSlKVd.exe
  2⤵
  PID:3604
- C:\Windows\System\LoLIJvw.exe
  C:\Windows\System\LoLIJvw.exe
  2⤵
  PID:3652
- C:\Windows\System\IgqBFJD.exe
  C:\Windows\System\IgqBFJD.exe
  2⤵
  PID:3672
- C:\Windows\System\nigNTgd.exe
  C:\Windows\System\nigNTgd.exe
  2⤵
  PID:3704
- C:\Windows\System\taMbVNV.exe
  C:\Windows\System\taMbVNV.exe
  2⤵
  PID:3732
- C:\Windows\System\ivbumLB.exe
  C:\Windows\System\ivbumLB.exe
  2⤵
  PID:3772
- C:\Windows\System\DMJQTFn.exe
  C:\Windows\System\DMJQTFn.exe
  2⤵
  PID:3804
- C:\Windows\System\wIpctgS.exe
  C:\Windows\System\wIpctgS.exe
  2⤵
  PID:3828
- C:\Windows\System\FfBfplQ.exe
  C:\Windows\System\FfBfplQ.exe
  2⤵
  PID:3876
- C:\Windows\System\ncnHpCV.exe
  C:\Windows\System\ncnHpCV.exe
  2⤵
  PID:3908
- C:\Windows\System\CvRFAov.exe
  C:\Windows\System\CvRFAov.exe
  2⤵
  PID:3932
- C:\Windows\System\OKFdNUN.exe
  C:\Windows\System\OKFdNUN.exe
  2⤵
  PID:3976
- C:\Windows\System\NLECauc.exe
  C:\Windows\System\NLECauc.exe
  2⤵
  PID:4008
- C:\Windows\System\HwysmDn.exe
  C:\Windows\System\HwysmDn.exe
  2⤵
  PID:4032
- C:\Windows\System\llpdWND.exe
  C:\Windows\System\llpdWND.exe
  2⤵
  PID:4076
- C:\Windows\System\LcLeEWa.exe
  C:\Windows\System\LcLeEWa.exe
  2⤵
  PID:888
- C:\Windows\System\vICNfik.exe
  C:\Windows\System\vICNfik.exe
  2⤵
  PID:896
- C:\Windows\System\cOBtHSJ.exe
  C:\Windows\System\cOBtHSJ.exe
  2⤵
  PID:2708
- C:\Windows\System\wrjQJcI.exe
  C:\Windows\System\wrjQJcI.exe
  2⤵
  PID:3036
- C:\Windows\System\OzRnORr.exe
  C:\Windows\System\OzRnORr.exe
  2⤵
  PID:664
- C:\Windows\System\QRmzxWa.exe
  C:\Windows\System\QRmzxWa.exe
  2⤵
  PID:3184
- C:\Windows\System\FQJqeAt.exe
  C:\Windows\System\FQJqeAt.exe
  2⤵
  PID:3208
- C:\Windows\System\DNCcJxJ.exe
  C:\Windows\System\DNCcJxJ.exe
  2⤵
  PID:3248
- C:\Windows\System\tDjpfhy.exe
  C:\Windows\System\tDjpfhy.exe
  2⤵
  PID:3332
- C:\Windows\System\lyyKapr.exe
  C:\Windows\System\lyyKapr.exe
  2⤵
  PID:3384
- C:\Windows\System\xGfMgMS.exe
  C:\Windows\System\xGfMgMS.exe
  2⤵
  PID:3424
- C:\Windows\System\IRmufdg.exe
  C:\Windows\System\IRmufdg.exe
  2⤵
  PID:3488
- C:\Windows\System\WlgVaRe.exe
  C:\Windows\System\WlgVaRe.exe
  2⤵
  PID:3564
- C:\Windows\System\KxBjFER.exe
  C:\Windows\System\KxBjFER.exe
  2⤵
  PID:3592
- C:\Windows\System\dBuYGUg.exe
  C:\Windows\System\dBuYGUg.exe
  2⤵
  PID:3644
- C:\Windows\System\eQHApWQ.exe
  C:\Windows\System\eQHApWQ.exe
  2⤵
  PID:3708
- C:\Windows\System\sIYGgVS.exe
  C:\Windows\System\sIYGgVS.exe
  2⤵
  PID:3788
- C:\Windows\System\nIMpjhW.exe
  C:\Windows\System\nIMpjhW.exe
  2⤵
  PID:3836
- C:\Windows\System\MgtJekT.exe
  C:\Windows\System\MgtJekT.exe
  2⤵
  PID:3936
- C:\Windows\System\hNCfCbp.exe
  C:\Windows\System\hNCfCbp.exe
  2⤵
  PID:3916
- C:\Windows\System\zGnqNpv.exe
  C:\Windows\System\zGnqNpv.exe
  2⤵
  PID:3952
- C:\Windows\System\rttZXdo.exe
  C:\Windows\System\rttZXdo.exe
  2⤵
  PID:4056
- C:\Windows\System\XAaAdCh.exe
  C:\Windows\System\XAaAdCh.exe
  2⤵
  PID:1940
- C:\Windows\System\yLvOvbx.exe
  C:\Windows\System\yLvOvbx.exe
  2⤵
  PID:1624
- C:\Windows\System\OsISWHz.exe
  C:\Windows\System\OsISWHz.exe
  2⤵
  PID:2940
- C:\Windows\System\MmnglMo.exe
  C:\Windows\System\MmnglMo.exe
  2⤵
  PID:3132
- C:\Windows\System\EYMbaDD.exe
  C:\Windows\System\EYMbaDD.exe
  2⤵
  PID:3264
- C:\Windows\System\preAOIt.exe
  C:\Windows\System\preAOIt.exe
  2⤵
  PID:3372
- C:\Windows\System\uIEDWNE.exe
  C:\Windows\System\uIEDWNE.exe
  2⤵
  PID:3464
- C:\Windows\System\FzWmVJu.exe
  C:\Windows\System\FzWmVJu.exe
  2⤵
  PID:3532
- C:\Windows\System\frjvfsF.exe
  C:\Windows\System\frjvfsF.exe
  2⤵
  PID:3664
- C:\Windows\System\hzVdPMt.exe
  C:\Windows\System\hzVdPMt.exe
  2⤵
  PID:3688
- C:\Windows\System\xpmJdyU.exe
  C:\Windows\System\xpmJdyU.exe
  2⤵
  PID:3752
- C:\Windows\System\AZrhkjP.exe
  C:\Windows\System\AZrhkjP.exe
  2⤵
  PID:3912
- C:\Windows\System\nmHNmYy.exe
  C:\Windows\System\nmHNmYy.exe
  2⤵
  PID:3992
- C:\Windows\System\AXawCpE.exe
  C:\Windows\System\AXawCpE.exe
  2⤵
  PID:4092
- C:\Windows\System\cNlOiQB.exe
  C:\Windows\System\cNlOiQB.exe
  2⤵
  PID:2376
- C:\Windows\System\EeCVsUT.exe
  C:\Windows\System\EeCVsUT.exe
  2⤵
  PID:3108
- C:\Windows\System\Lkpfcna.exe
  C:\Windows\System\Lkpfcna.exe
  2⤵
  PID:3288
- C:\Windows\System\TyfdqlJ.exe
  C:\Windows\System\TyfdqlJ.exe
  2⤵
  PID:3392
- C:\Windows\System\BMolDup.exe
  C:\Windows\System\BMolDup.exe
  2⤵
  PID:3508
- C:\Windows\System\cRnfHsP.exe
  C:\Windows\System\cRnfHsP.exe
  2⤵
  PID:4104
- C:\Windows\System\hxAZFsA.exe
  C:\Windows\System\hxAZFsA.exe
  2⤵
  PID:4124
- C:\Windows\System\zWDqyTl.exe
  C:\Windows\System\zWDqyTl.exe
  2⤵
  PID:4144
- C:\Windows\System\IjkFoal.exe
  C:\Windows\System\IjkFoal.exe
  2⤵
  PID:4164
- C:\Windows\System\qAmniWY.exe
  C:\Windows\System\qAmniWY.exe
  2⤵
  PID:4184
- C:\Windows\System\CoPXFCy.exe
  C:\Windows\System\CoPXFCy.exe
  2⤵
  PID:4204
- C:\Windows\System\NRdnmQj.exe
  C:\Windows\System\NRdnmQj.exe
  2⤵
  PID:4224
- C:\Windows\System\XwESyPn.exe
  C:\Windows\System\XwESyPn.exe
  2⤵
  PID:4244
- C:\Windows\System\ugGLOKu.exe
  C:\Windows\System\ugGLOKu.exe
  2⤵
  PID:4264
- C:\Windows\System\rCNeCeC.exe
  C:\Windows\System\rCNeCeC.exe
  2⤵
  PID:4284
- C:\Windows\System\hpuDYJc.exe
  C:\Windows\System\hpuDYJc.exe
  2⤵
  PID:4304
- C:\Windows\System\QPcpmuJ.exe
  C:\Windows\System\QPcpmuJ.exe
  2⤵
  PID:4324
- C:\Windows\System\znTBrDy.exe
  C:\Windows\System\znTBrDy.exe
  2⤵
  PID:4344
- C:\Windows\System\VKCwsfi.exe
  C:\Windows\System\VKCwsfi.exe
  2⤵
  PID:4364
- C:\Windows\System\cfDgwmY.exe
  C:\Windows\System\cfDgwmY.exe
  2⤵
  PID:4384
- C:\Windows\System\JcsdCXl.exe
  C:\Windows\System\JcsdCXl.exe
  2⤵
  PID:4404
- C:\Windows\System\iYvQTnr.exe
  C:\Windows\System\iYvQTnr.exe
  2⤵
  PID:4424
- C:\Windows\System\tXchtqk.exe
  C:\Windows\System\tXchtqk.exe
  2⤵
  PID:4444
- C:\Windows\System\xKsWaSu.exe
  C:\Windows\System\xKsWaSu.exe
  2⤵
  PID:4464
- C:\Windows\System\YLykpXg.exe
  C:\Windows\System\YLykpXg.exe
  2⤵
  PID:4484
- C:\Windows\System\gtMRyum.exe
  C:\Windows\System\gtMRyum.exe
  2⤵
  PID:4504
- C:\Windows\System\YyVijyi.exe
  C:\Windows\System\YyVijyi.exe
  2⤵
  PID:4524
- C:\Windows\System\EIpdxJi.exe
  C:\Windows\System\EIpdxJi.exe
  2⤵
  PID:4544
- C:\Windows\System\agzkdgi.exe
  C:\Windows\System\agzkdgi.exe
  2⤵
  PID:4564
- C:\Windows\System\jPuCFzj.exe
  C:\Windows\System\jPuCFzj.exe
  2⤵
  PID:4584
- C:\Windows\System\dCsResZ.exe
  C:\Windows\System\dCsResZ.exe
  2⤵
  PID:4604
- C:\Windows\System\morNbcQ.exe
  C:\Windows\System\morNbcQ.exe
  2⤵
  PID:4624
- C:\Windows\System\OsgDhxV.exe
  C:\Windows\System\OsgDhxV.exe
  2⤵
  PID:4644
- C:\Windows\System\arpKwDZ.exe
  C:\Windows\System\arpKwDZ.exe
  2⤵
  PID:4664
- C:\Windows\System\acBMcmh.exe
  C:\Windows\System\acBMcmh.exe
  2⤵
  PID:4684
- C:\Windows\System\MWMJPwc.exe
  C:\Windows\System\MWMJPwc.exe
  2⤵
  PID:4704
- C:\Windows\System\XJEbVbu.exe
  C:\Windows\System\XJEbVbu.exe
  2⤵
  PID:4724
- C:\Windows\System\sJacMBv.exe
  C:\Windows\System\sJacMBv.exe
  2⤵
  PID:4744
- C:\Windows\System\LxwTzGQ.exe
  C:\Windows\System\LxwTzGQ.exe
  2⤵
  PID:4764
- C:\Windows\System\ctHowQW.exe
  C:\Windows\System\ctHowQW.exe
  2⤵
  PID:4784
- C:\Windows\System\jjsuolQ.exe
  C:\Windows\System\jjsuolQ.exe
  2⤵
  PID:4804
- C:\Windows\System\YXAhqgg.exe
  C:\Windows\System\YXAhqgg.exe
  2⤵
  PID:4824
- C:\Windows\System\TrcpavC.exe
  C:\Windows\System\TrcpavC.exe
  2⤵
  PID:4844
- C:\Windows\System\thwsrWq.exe
  C:\Windows\System\thwsrWq.exe
  2⤵
  PID:4864
- C:\Windows\System\WfXKDzD.exe
  C:\Windows\System\WfXKDzD.exe
  2⤵
  PID:4884
- C:\Windows\System\IUdGMHl.exe
  C:\Windows\System\IUdGMHl.exe
  2⤵
  PID:4904
- C:\Windows\System\PILRiLh.exe
  C:\Windows\System\PILRiLh.exe
  2⤵
  PID:4924
- C:\Windows\System\VcdVpeN.exe
  C:\Windows\System\VcdVpeN.exe
  2⤵
  PID:4944
- C:\Windows\System\rmXnzoD.exe
  C:\Windows\System\rmXnzoD.exe
  2⤵
  PID:4964
- C:\Windows\System\mLBnGFL.exe
  C:\Windows\System\mLBnGFL.exe
  2⤵
  PID:4984
- C:\Windows\System\SrJIUav.exe
  C:\Windows\System\SrJIUav.exe
  2⤵
  PID:5004
- C:\Windows\System\oIOFpqR.exe
  C:\Windows\System\oIOFpqR.exe
  2⤵
  PID:5024
- C:\Windows\System\BWxfCAK.exe
  C:\Windows\System\BWxfCAK.exe
  2⤵
  PID:5044
- C:\Windows\System\LNXOKtP.exe
  C:\Windows\System\LNXOKtP.exe
  2⤵
  PID:5064
- C:\Windows\System\PLmFMNR.exe
  C:\Windows\System\PLmFMNR.exe
  2⤵
  PID:5084
- C:\Windows\System\kqCXUvB.exe
  C:\Windows\System\kqCXUvB.exe
  2⤵
  PID:5104
- C:\Windows\System\sOmSANO.exe
  C:\Windows\System\sOmSANO.exe
  2⤵
  PID:3784
- C:\Windows\System\fDqacBc.exe
  C:\Windows\System\fDqacBc.exe
  2⤵
  PID:3892
- C:\Windows\System\nisRDpc.exe
  C:\Windows\System\nisRDpc.exe
  2⤵
  PID:4036
- C:\Windows\System\eBNFSdU.exe
  C:\Windows\System\eBNFSdU.exe
  2⤵
  PID:2408
- C:\Windows\System\hFeVvpB.exe
  C:\Windows\System\hFeVvpB.exe
  2⤵
  PID:2732
- C:\Windows\System\ATDoLYM.exe
  C:\Windows\System\ATDoLYM.exe
  2⤵
  PID:3648
- C:\Windows\System\SdFiBWn.exe
  C:\Windows\System\SdFiBWn.exe
  2⤵
  PID:4112
- C:\Windows\System\AuBBjEz.exe
  C:\Windows\System\AuBBjEz.exe
  2⤵
  PID:4136
- C:\Windows\System\zZjUKLn.exe
  C:\Windows\System\zZjUKLn.exe
  2⤵
  PID:4180
- C:\Windows\System\mtOnJSh.exe
  C:\Windows\System\mtOnJSh.exe
  2⤵
  PID:4196
- C:\Windows\System\UwOkaRM.exe
  C:\Windows\System\UwOkaRM.exe
  2⤵
  PID:4236
- C:\Windows\System\BsSlneT.exe
  C:\Windows\System\BsSlneT.exe
  2⤵
  PID:4280
- C:\Windows\System\JonHICd.exe
  C:\Windows\System\JonHICd.exe
  2⤵
  PID:4312
- C:\Windows\System\tGGiwfm.exe
  C:\Windows\System\tGGiwfm.exe
  2⤵
  PID:4336
- C:\Windows\System\gqLweIN.exe
  C:\Windows\System\gqLweIN.exe
  2⤵
  PID:4380
- C:\Windows\System\bCkyYvZ.exe
  C:\Windows\System\bCkyYvZ.exe
  2⤵
  PID:4412
- C:\Windows\System\yyKVDcq.exe
  C:\Windows\System\yyKVDcq.exe
  2⤵
  PID:4436
- C:\Windows\System\zVgXGPn.exe
  C:\Windows\System\zVgXGPn.exe
  2⤵
  PID:4480
- C:\Windows\System\OAFFADE.exe
  C:\Windows\System\OAFFADE.exe
  2⤵
  PID:4512
- C:\Windows\System\zZdxcId.exe
  C:\Windows\System\zZdxcId.exe
  2⤵
  PID:4536
- C:\Windows\System\lDvNOyq.exe
  C:\Windows\System\lDvNOyq.exe
  2⤵
  PID:4580
- C:\Windows\System\KYfzlAX.exe
  C:\Windows\System\KYfzlAX.exe
  2⤵
  PID:4620
- C:\Windows\System\hNjzHRg.exe
  C:\Windows\System\hNjzHRg.exe
  2⤵
  PID:4636
- C:\Windows\System\nSXhWnY.exe
  C:\Windows\System\nSXhWnY.exe
  2⤵
  PID:4680
- C:\Windows\System\wBkocxW.exe
  C:\Windows\System\wBkocxW.exe
  2⤵
  PID:4712
- C:\Windows\System\DFVSgik.exe
  C:\Windows\System\DFVSgik.exe
  2⤵
  PID:4736
- C:\Windows\System\dJSWAEV.exe
  C:\Windows\System\dJSWAEV.exe
  2⤵
  PID:4780
- C:\Windows\System\fssTAyz.exe
  C:\Windows\System\fssTAyz.exe
  2⤵
  PID:4796
- C:\Windows\System\FgsmpDj.exe
  C:\Windows\System\FgsmpDj.exe
  2⤵
  PID:4836
- C:\Windows\System\ahSeeit.exe
  C:\Windows\System\ahSeeit.exe
  2⤵
  PID:4880
- C:\Windows\System\eyZyiep.exe
  C:\Windows\System\eyZyiep.exe
  2⤵
  PID:4912
- C:\Windows\System\HRMURFo.exe
  C:\Windows\System\HRMURFo.exe
  2⤵
  PID:4936
- C:\Windows\System\jxBLsVB.exe
  C:\Windows\System\jxBLsVB.exe
  2⤵
  PID:4980
- C:\Windows\System\BQTfxNE.exe
  C:\Windows\System\BQTfxNE.exe
  2⤵
  PID:5020
- C:\Windows\System\ujElimh.exe
  C:\Windows\System\ujElimh.exe
  2⤵
  PID:5060
- C:\Windows\System\QwEKtSZ.exe
  C:\Windows\System\QwEKtSZ.exe
  2⤵
  PID:5072
- C:\Windows\System\NLcXIhg.exe
  C:\Windows\System\NLcXIhg.exe
  2⤵
  PID:5096
- C:\Windows\System\DSSXqVm.exe
  C:\Windows\System\DSSXqVm.exe
  2⤵
  PID:5116
- C:\Windows\System\zsWkuGM.exe
  C:\Windows\System\zsWkuGM.exe
  2⤵
  PID:3988
- C:\Windows\System\IFZujyu.exe
  C:\Windows\System\IFZujyu.exe
  2⤵
  PID:3444
- C:\Windows\System\gPfNZgv.exe
  C:\Windows\System\gPfNZgv.exe
  2⤵
  PID:4116
- C:\Windows\System\RbioQve.exe
  C:\Windows\System\RbioQve.exe
  2⤵
  PID:4160
- C:\Windows\System\GcqnHER.exe
  C:\Windows\System\GcqnHER.exe
  2⤵
  PID:4200
- C:\Windows\System\WkJUiaF.exe
  C:\Windows\System\WkJUiaF.exe
  2⤵
  PID:4272
- C:\Windows\System\SbyuEtm.exe
  C:\Windows\System\SbyuEtm.exe
  2⤵
  PID:4316
- C:\Windows\System\LvbzAzS.exe
  C:\Windows\System\LvbzAzS.exe
  2⤵
  PID:4360
- C:\Windows\System\MXQIhXz.exe
  C:\Windows\System\MXQIhXz.exe
  2⤵
  PID:4440
- C:\Windows\System\EMoBwlg.exe
  C:\Windows\System\EMoBwlg.exe
  2⤵
  PID:4492
- C:\Windows\System\avEhClT.exe
  C:\Windows\System\avEhClT.exe
  2⤵
  PID:4500
- C:\Windows\System\vfuyLxk.exe
  C:\Windows\System\vfuyLxk.exe
  2⤵
  PID:4556
- C:\Windows\System\cAYTTUM.exe
  C:\Windows\System\cAYTTUM.exe
  2⤵
  PID:4660
- C:\Windows\System\ekDQBNY.exe
  C:\Windows\System\ekDQBNY.exe
  2⤵
  PID:4716
- C:\Windows\System\pKTjPuU.exe
  C:\Windows\System\pKTjPuU.exe
  2⤵
  PID:4760
- C:\Windows\System\drCDUag.exe
  C:\Windows\System\drCDUag.exe
  2⤵
  PID:4816
- C:\Windows\System\EqQvTiA.exe
  C:\Windows\System\EqQvTiA.exe
  2⤵
  PID:4856
- C:\Windows\System\JPtUhPw.exe
  C:\Windows\System\JPtUhPw.exe
  2⤵
  PID:4940
- C:\Windows\System\KQaEZdl.exe
  C:\Windows\System\KQaEZdl.exe
  2⤵
  PID:4960
- C:\Windows\System\UmhjuRk.exe
  C:\Windows\System\UmhjuRk.exe
  2⤵
  PID:5056
- C:\Windows\System\eRBRVwU.exe
  C:\Windows\System\eRBRVwU.exe
  2⤵
  PID:5076
- C:\Windows\System\UtdnEMi.exe
  C:\Windows\System\UtdnEMi.exe
  2⤵
  PID:3060
- C:\Windows\System\zXEBwbs.exe
  C:\Windows\System\zXEBwbs.exe
  2⤵
  PID:3244
- C:\Windows\System\ZHdAxfp.exe
  C:\Windows\System\ZHdAxfp.exe
  2⤵
  PID:3584
- C:\Windows\System\tIkpTGo.exe
  C:\Windows\System\tIkpTGo.exe
  2⤵
  PID:4216
- C:\Windows\System\TULfxUx.exe
  C:\Windows\System\TULfxUx.exe
  2⤵
  PID:4276
- C:\Windows\System\BJHASyp.exe
  C:\Windows\System\BJHASyp.exe
  2⤵
  PID:4416
- C:\Windows\System\PJUZIwj.exe
  C:\Windows\System\PJUZIwj.exe
  2⤵
  PID:4496
- C:\Windows\System\eVSctwa.exe
  C:\Windows\System\eVSctwa.exe
  2⤵
  PID:4540
- C:\Windows\System\OozASFU.exe
  C:\Windows\System\OozASFU.exe
  2⤵
  PID:4656
- C:\Windows\System\MEHynmd.exe
  C:\Windows\System\MEHynmd.exe
  2⤵
  PID:4732
- C:\Windows\System\cSUUMLI.exe
  C:\Windows\System\cSUUMLI.exe
  2⤵
  PID:4876
- C:\Windows\System\wFXKpcO.exe
  C:\Windows\System\wFXKpcO.exe
  2⤵
  PID:4972
- C:\Windows\System\shCfHld.exe
  C:\Windows\System\shCfHld.exe
  2⤵
  PID:5016
- C:\Windows\System\szJIJCO.exe
  C:\Windows\System\szJIJCO.exe
  2⤵
  PID:3808
- C:\Windows\System\XZRMbYA.exe
  C:\Windows\System\XZRMbYA.exe
  2⤵
  PID:4052
- C:\Windows\System\VcPhLQV.exe
  C:\Windows\System\VcPhLQV.exe
  2⤵
  PID:4332
- C:\Windows\System\drxcsSu.exe
  C:\Windows\System\drxcsSu.exe
  2⤵
  PID:4396
- C:\Windows\System\mQgemYQ.exe
  C:\Windows\System\mQgemYQ.exe
  2⤵
  PID:4392
- C:\Windows\System\mOmJLYJ.exe
  C:\Windows\System\mOmJLYJ.exe
  2⤵
  PID:4640
- C:\Windows\System\JcolCPi.exe
  C:\Windows\System\JcolCPi.exe
  2⤵
  PID:4792
- C:\Windows\System\ONTKMRc.exe
  C:\Windows\System\ONTKMRc.exe
  2⤵
  PID:4832
- C:\Windows\System\CDvrPKf.exe
  C:\Windows\System\CDvrPKf.exe
  2⤵
  PID:5128
- C:\Windows\System\tolhDXo.exe
  C:\Windows\System\tolhDXo.exe
  2⤵
  PID:5148
- C:\Windows\System\VnPvMHp.exe
  C:\Windows\System\VnPvMHp.exe
  2⤵
  PID:5168
- C:\Windows\System\vjMOKHY.exe
  C:\Windows\System\vjMOKHY.exe
  2⤵
  PID:5188
- C:\Windows\System\UhkoTbI.exe
  C:\Windows\System\UhkoTbI.exe
  2⤵
  PID:5208
- C:\Windows\System\jXGXidn.exe
  C:\Windows\System\jXGXidn.exe
  2⤵
  PID:5228
- C:\Windows\System\hOzKsbg.exe
  C:\Windows\System\hOzKsbg.exe
  2⤵
  PID:5248
- C:\Windows\System\pHCQiqz.exe
  C:\Windows\System\pHCQiqz.exe
  2⤵
  PID:5268
- C:\Windows\System\amiSLmQ.exe
  C:\Windows\System\amiSLmQ.exe
  2⤵
  PID:5288
- C:\Windows\System\ddueWjj.exe
  C:\Windows\System\ddueWjj.exe
  2⤵
  PID:5308
- C:\Windows\System\FHmVCvk.exe
  C:\Windows\System\FHmVCvk.exe
  2⤵
  PID:5328
- C:\Windows\System\sTFAtrW.exe
  C:\Windows\System\sTFAtrW.exe
  2⤵
  PID:5348
- C:\Windows\System\ublAXJB.exe
  C:\Windows\System\ublAXJB.exe
  2⤵
  PID:5368
- C:\Windows\System\TpykwXi.exe
  C:\Windows\System\TpykwXi.exe
  2⤵
  PID:5388
- C:\Windows\System\JkwxPdL.exe
  C:\Windows\System\JkwxPdL.exe
  2⤵
  PID:5408
- C:\Windows\System\iLyGHCN.exe
  C:\Windows\System\iLyGHCN.exe
  2⤵
  PID:5428
- C:\Windows\System\daocoXj.exe
  C:\Windows\System\daocoXj.exe
  2⤵
  PID:5448
- C:\Windows\System\EVRbxYA.exe
  C:\Windows\System\EVRbxYA.exe
  2⤵
  PID:5468
- C:\Windows\System\DYZgHIX.exe
  C:\Windows\System\DYZgHIX.exe
  2⤵
  PID:5488
- C:\Windows\System\ruGfQKF.exe
  C:\Windows\System\ruGfQKF.exe
  2⤵
  PID:5508
- C:\Windows\System\hnKPeXW.exe
  C:\Windows\System\hnKPeXW.exe
  2⤵
  PID:5528
- C:\Windows\System\fAjpcMk.exe
  C:\Windows\System\fAjpcMk.exe
  2⤵
  PID:5548
- C:\Windows\System\wjwFibD.exe
  C:\Windows\System\wjwFibD.exe
  2⤵
  PID:5568
- C:\Windows\System\OdoQqSE.exe
  C:\Windows\System\OdoQqSE.exe
  2⤵
  PID:5588
- C:\Windows\System\kEgPcyz.exe
  C:\Windows\System\kEgPcyz.exe
  2⤵
  PID:5608
- C:\Windows\System\TwfszeE.exe
  C:\Windows\System\TwfszeE.exe
  2⤵
  PID:5628
- C:\Windows\System\XnAetxr.exe
  C:\Windows\System\XnAetxr.exe
  2⤵
  PID:5648
- C:\Windows\System\fEFusJv.exe
  C:\Windows\System\fEFusJv.exe
  2⤵
  PID:5668
- C:\Windows\System\dAmtWaE.exe
  C:\Windows\System\dAmtWaE.exe
  2⤵
  PID:5688
- C:\Windows\System\SFqDaCM.exe
  C:\Windows\System\SFqDaCM.exe
  2⤵
  PID:5708
- C:\Windows\System\OdjBsxr.exe
  C:\Windows\System\OdjBsxr.exe
  2⤵
  PID:5728
- C:\Windows\System\LIfsJwN.exe
  C:\Windows\System\LIfsJwN.exe
  2⤵
  PID:5748
- C:\Windows\System\rBWTMlL.exe
  C:\Windows\System\rBWTMlL.exe
  2⤵
  PID:5768
- C:\Windows\System\pIuywoN.exe
  C:\Windows\System\pIuywoN.exe
  2⤵
  PID:5788
- C:\Windows\System\mlBajuE.exe
  C:\Windows\System\mlBajuE.exe
  2⤵
  PID:5808
- C:\Windows\System\CpaSook.exe
  C:\Windows\System\CpaSook.exe
  2⤵
  PID:5828
- C:\Windows\System\LsJAKMX.exe
  C:\Windows\System\LsJAKMX.exe
  2⤵
  PID:5848
- C:\Windows\System\WrpFGrJ.exe
  C:\Windows\System\WrpFGrJ.exe
  2⤵
  PID:5868
- C:\Windows\System\PaosshF.exe
  C:\Windows\System\PaosshF.exe
  2⤵
  PID:5888
- C:\Windows\System\JFqTINL.exe
  C:\Windows\System\JFqTINL.exe
  2⤵
  PID:5908
- C:\Windows\System\jPYTQDI.exe
  C:\Windows\System\jPYTQDI.exe
  2⤵
  PID:5928
- C:\Windows\System\jWreZAK.exe
  C:\Windows\System\jWreZAK.exe
  2⤵
  PID:5948
- C:\Windows\System\GrWKAwo.exe
  C:\Windows\System\GrWKAwo.exe
  2⤵
  PID:5968
- C:\Windows\System\DdPUTiQ.exe
  C:\Windows\System\DdPUTiQ.exe
  2⤵
  PID:5988
- C:\Windows\System\aAXMhsJ.exe
  C:\Windows\System\aAXMhsJ.exe
  2⤵
  PID:6008
- C:\Windows\System\whLCZTN.exe
  C:\Windows\System\whLCZTN.exe
  2⤵
  PID:6028
- C:\Windows\System\FWRwOnR.exe
  C:\Windows\System\FWRwOnR.exe
  2⤵
  PID:6048
- C:\Windows\System\FOFoYNf.exe
  C:\Windows\System\FOFoYNf.exe
  2⤵
  PID:6068
- C:\Windows\System\IyMcode.exe
  C:\Windows\System\IyMcode.exe
  2⤵
  PID:6088
- C:\Windows\System\RFWioDb.exe
  C:\Windows\System\RFWioDb.exe
  2⤵
  PID:6108
- C:\Windows\System\msFgRtP.exe
  C:\Windows\System\msFgRtP.exe
  2⤵
  PID:6128
- C:\Windows\System\YpdeBpF.exe
  C:\Windows\System\YpdeBpF.exe
  2⤵
  PID:4840
- C:\Windows\System\rPaYNhk.exe
  C:\Windows\System\rPaYNhk.exe
  2⤵
  PID:5100
- C:\Windows\System\UciIwEo.exe
  C:\Windows\System\UciIwEo.exe
  2⤵
  PID:4300
- C:\Windows\System\jvMdpNu.exe
  C:\Windows\System\jvMdpNu.exe
  2⤵
  PID:2840
- C:\Windows\System\kjHxkwK.exe
  C:\Windows\System\kjHxkwK.exe
  2⤵
  PID:4756
- C:\Windows\System\MXGGpNS.exe
  C:\Windows\System\MXGGpNS.exe
  2⤵
  PID:4632
- C:\Windows\System\iPocZVc.exe
  C:\Windows\System\iPocZVc.exe
  2⤵
  PID:5176
- C:\Windows\System\uOuSeRN.exe
  C:\Windows\System\uOuSeRN.exe
  2⤵
  PID:5204
- C:\Windows\System\ucnRMKu.exe
  C:\Windows\System\ucnRMKu.exe
  2⤵
  PID:5236
- C:\Windows\System\LzGGzDW.exe
  C:\Windows\System\LzGGzDW.exe
  2⤵
  PID:5260
- C:\Windows\System\zenwxGu.exe
  C:\Windows\System\zenwxGu.exe
  2⤵
  PID:5296
- C:\Windows\System\pTpcXip.exe
  C:\Windows\System\pTpcXip.exe
  2⤵
  PID:5384
- C:\Windows\System\SEuDyAe.exe
  C:\Windows\System\SEuDyAe.exe
  2⤵
  PID:5416
- C:\Windows\System\dOrhLQG.exe
  C:\Windows\System\dOrhLQG.exe
  2⤵
  PID:5504
- C:\Windows\System\egRGUKS.exe
  C:\Windows\System\egRGUKS.exe
  2⤵
  PID:5520
- C:\Windows\System\BmXyDQt.exe
  C:\Windows\System\BmXyDQt.exe
  2⤵
  PID:2576
- C:\Windows\System\CumVNuo.exe
  C:\Windows\System\CumVNuo.exe
  2⤵
  PID:5584
- C:\Windows\System\WvOMrBh.exe
  C:\Windows\System\WvOMrBh.exe
  2⤵
  PID:5600
- C:\Windows\System\laZLlqW.exe
  C:\Windows\System\laZLlqW.exe
  2⤵
  PID:5656
- C:\Windows\System\DdXwROp.exe
  C:\Windows\System\DdXwROp.exe
  2⤵
  PID:5684
- C:\Windows\System\fjNcAPd.exe
  C:\Windows\System\fjNcAPd.exe
  2⤵
  PID:2916
- C:\Windows\System\uwUWaQI.exe
  C:\Windows\System\uwUWaQI.exe
  2⤵
  PID:5696
- C:\Windows\System\hGykcdI.exe
  C:\Windows\System\hGykcdI.exe
  2⤵
  PID:1696
- C:\Windows\System\tFAFXEq.exe
  C:\Windows\System\tFAFXEq.exe
  2⤵
  PID:5724
- C:\Windows\System\PnwIyjj.exe
  C:\Windows\System\PnwIyjj.exe
  2⤵
  PID:5764
- C:\Windows\System\zefnWlm.exe
  C:\Windows\System\zefnWlm.exe
  2⤵
  PID:5780
- C:\Windows\System\AkXPQKq.exe
  C:\Windows\System\AkXPQKq.exe
  2⤵
  PID:5816
- C:\Windows\System\lLOwcki.exe
  C:\Windows\System\lLOwcki.exe
  2⤵
  PID:5820
- C:\Windows\System\xdUpbpx.exe
  C:\Windows\System\xdUpbpx.exe
  2⤵
  PID:5844
- C:\Windows\System\ZDOwscC.exe
  C:\Windows\System\ZDOwscC.exe
  2⤵
  PID:2628
- C:\Windows\System\GHumxTt.exe
  C:\Windows\System\GHumxTt.exe
  2⤵
  PID:5884
- C:\Windows\System\VtrwXjg.exe
  C:\Windows\System\VtrwXjg.exe
  2⤵
  PID:736
- C:\Windows\System\wGvWIOe.exe
  C:\Windows\System\wGvWIOe.exe
  2⤵
  PID:5964
- C:\Windows\System\UBprdiP.exe
  C:\Windows\System\UBprdiP.exe
  2⤵
  PID:5980
- C:\Windows\System\HeioYZx.exe
  C:\Windows\System\HeioYZx.exe
  2⤵
  PID:6016
- C:\Windows\System\zowxbAL.exe
  C:\Windows\System\zowxbAL.exe
  2⤵
  PID:2440
- C:\Windows\System\IyoXCLZ.exe
  C:\Windows\System\IyoXCLZ.exe
  2⤵
  PID:6056
- C:\Windows\System\jqIHgRU.exe
  C:\Windows\System\jqIHgRU.exe
  2⤵
  PID:2188
- C:\Windows\System\TXHrndW.exe
  C:\Windows\System\TXHrndW.exe
  2⤵
  PID:6080
- C:\Windows\System\wGUaVPZ.exe
  C:\Windows\System\wGUaVPZ.exe
  2⤵
  PID:6136
- C:\Windows\System\GeNqPft.exe
  C:\Windows\System\GeNqPft.exe
  2⤵
  PID:6116
- C:\Windows\System\vZqxGQh.exe
  C:\Windows\System\vZqxGQh.exe
  2⤵
  PID:6120
- C:\Windows\System\VnpPfnJ.exe
  C:\Windows\System\VnpPfnJ.exe
  2⤵
  PID:2852
- C:\Windows\System\iShMDpI.exe
  C:\Windows\System\iShMDpI.exe
  2⤵
  PID:4240
- C:\Windows\System\vfzHQUh.exe
  C:\Windows\System\vfzHQUh.exe
  2⤵
  PID:5124
- C:\Windows\System\PgUkqRE.exe
  C:\Windows\System\PgUkqRE.exe
  2⤵
  PID:5140
- C:\Windows\System\VDeJpgn.exe
  C:\Windows\System\VDeJpgn.exe
  2⤵
  PID:5000
- C:\Windows\System\TdLtRqQ.exe
  C:\Windows\System\TdLtRqQ.exe
  2⤵
  PID:5216
- C:\Windows\System\nfoeKTI.exe
  C:\Windows\System\nfoeKTI.exe
  2⤵
  PID:5280
- C:\Windows\System\aGvLfPq.exe
  C:\Windows\System\aGvLfPq.exe
  2⤵
  PID:5380
- C:\Windows\System\zeVcSqu.exe
  C:\Windows\System\zeVcSqu.exe
  2⤵
  PID:5136
- C:\Windows\System\droLeiq.exe
  C:\Windows\System\droLeiq.exe
  2⤵
  PID:1560
- C:\Windows\System\JLILtsw.exe
  C:\Windows\System\JLILtsw.exe
  2⤵
  PID:5360
- C:\Windows\System\qYiIHMs.exe
  C:\Windows\System\qYiIHMs.exe
  2⤵
  PID:5444
- C:\Windows\System\cJhshgZ.exe
  C:\Windows\System\cJhshgZ.exe
  2⤵
  PID:5440
- C:\Windows\System\ixtkqeA.exe
  C:\Windows\System\ixtkqeA.exe
  2⤵
  PID:5484
- C:\Windows\System\DeQnasD.exe
  C:\Windows\System\DeQnasD.exe
  2⤵
  PID:5544
- C:\Windows\System\JFgLjLi.exe
  C:\Windows\System\JFgLjLi.exe
  2⤵
  PID:5596
- C:\Windows\System\XnHxAcx.exe
  C:\Windows\System\XnHxAcx.exe
  2⤵
  PID:2332
- C:\Windows\System\bmthlgy.exe
  C:\Windows\System\bmthlgy.exe
  2⤵
  PID:2604
- C:\Windows\System\EAYZZpx.exe
  C:\Windows\System\EAYZZpx.exe
  2⤵
  PID:2776
- C:\Windows\System\llvEyBj.exe
  C:\Windows\System\llvEyBj.exe
  2⤵
  PID:5804
- C:\Windows\System\WmXesdp.exe
  C:\Windows\System\WmXesdp.exe
  2⤵
  PID:2748
- C:\Windows\System\RWyYwjc.exe
  C:\Windows\System\RWyYwjc.exe
  2⤵
  PID:5716
- C:\Windows\System\AQKedMf.exe
  C:\Windows\System\AQKedMf.exe
  2⤵
  PID:5936
- C:\Windows\System\fKWSBZS.exe
  C:\Windows\System\fKWSBZS.exe
  2⤵
  PID:1968
- C:\Windows\System\QedFVGq.exe
  C:\Windows\System\QedFVGq.exe
  2⤵
  PID:2780
- C:\Windows\System\tfsKWqH.exe
  C:\Windows\System\tfsKWqH.exe
  2⤵
  PID:5976
- C:\Windows\System\UBuATkL.exe
  C:\Windows\System\UBuATkL.exe
  2⤵
  PID:6044
- C:\Windows\System\FMufxHo.exe
  C:\Windows\System\FMufxHo.exe
  2⤵
  PID:6084
- C:\Windows\System\nTVObmG.exe
  C:\Windows\System\nTVObmG.exe
  2⤵
  PID:6100
- C:\Windows\System\zVaIboc.exe
  C:\Windows\System\zVaIboc.exe
  2⤵
  PID:2656
- C:\Windows\System\KWsVlKM.exe
  C:\Windows\System\KWsVlKM.exe
  2⤵
  PID:1124
- C:\Windows\System\LKlqqkD.exe
  C:\Windows\System\LKlqqkD.exe
  2⤵
  PID:4028
- C:\Windows\System\oVRFYmj.exe
  C:\Windows\System\oVRFYmj.exe
  2⤵
  PID:4456
- C:\Windows\System\qhdmYRA.exe
  C:\Windows\System\qhdmYRA.exe
  2⤵
  PID:5344
- C:\Windows\System\ujaIvpU.exe
  C:\Windows\System\ujaIvpU.exe
  2⤵
  PID:2692
- C:\Windows\System\NCmwztS.exe
  C:\Windows\System\NCmwztS.exe
  2⤵
  PID:2768
- C:\Windows\System\pxNmlZw.exe
  C:\Windows\System\pxNmlZw.exe
  2⤵
  PID:5556
- C:\Windows\System\ZYHeEHF.exe
  C:\Windows\System\ZYHeEHF.exe
  2⤵
  PID:5364
- C:\Windows\System\GLEvgcB.exe
  C:\Windows\System\GLEvgcB.exe
  2⤵
  PID:5524
- C:\Windows\System\dIlQxlh.exe
  C:\Windows\System\dIlQxlh.exe
  2⤵
  PID:5700
- C:\Windows\System\mJFoqax.exe
  C:\Windows\System\mJFoqax.exe
  2⤵
  PID:5864
- C:\Windows\System\glOZGzD.exe
  C:\Windows\System\glOZGzD.exe
  2⤵
  PID:2588
- C:\Windows\System\RXKgklC.exe
  C:\Windows\System\RXKgklC.exe
  2⤵
  PID:5660
- C:\Windows\System\vPVRUJd.exe
  C:\Windows\System\vPVRUJd.exe
  2⤵
  PID:5916
- C:\Windows\System\kpxhRZG.exe
  C:\Windows\System\kpxhRZG.exe
  2⤵
  PID:1140
- C:\Windows\System\dGHVlur.exe
  C:\Windows\System\dGHVlur.exe
  2⤵
  PID:2984
- C:\Windows\System\VRDeDys.exe
  C:\Windows\System\VRDeDys.exe
  2⤵
  PID:5284
- C:\Windows\System\QJSKTCt.exe
  C:\Windows\System\QJSKTCt.exe
  2⤵
  PID:6000
- C:\Windows\System\twKaOCa.exe
  C:\Windows\System\twKaOCa.exe
  2⤵
  PID:2468
- C:\Windows\System\wPYYlGK.exe
  C:\Windows\System\wPYYlGK.exe
  2⤵
  PID:4772
- C:\Windows\System\sTsYpFE.exe
  C:\Windows\System\sTsYpFE.exe
  2⤵
  PID:5300
- C:\Windows\System\TXXjIeG.exe
  C:\Windows\System\TXXjIeG.exe
  2⤵
  PID:5456
- C:\Windows\System\RDjvZFr.exe
  C:\Windows\System\RDjvZFr.exe
  2⤵
  PID:5856
- C:\Windows\System\HleJAkQ.exe
  C:\Windows\System\HleJAkQ.exe
  2⤵
  PID:5400
- C:\Windows\System\jjYLUhl.exe
  C:\Windows\System\jjYLUhl.exe
  2⤵
  PID:5896
- C:\Windows\System\YIdTePz.exe
  C:\Windows\System\YIdTePz.exe
  2⤵
  PID:2572
- C:\Windows\System\rYOTvYp.exe
  C:\Windows\System\rYOTvYp.exe
  2⤵
  PID:5956
- C:\Windows\System\wfoPftw.exe
  C:\Windows\System\wfoPftw.exe
  2⤵
  PID:5320
- C:\Windows\System\WhhyVmV.exe
  C:\Windows\System\WhhyVmV.exe
  2⤵
  PID:1632
- C:\Windows\System\bqUNcya.exe
  C:\Windows\System\bqUNcya.exe
  2⤵
  PID:4692
- C:\Windows\System\ZfedHIW.exe
  C:\Windows\System\ZfedHIW.exe
  2⤵
  PID:5516
- C:\Windows\System\dAESneC.exe
  C:\Windows\System\dAESneC.exe
  2⤵
  PID:5800
- C:\Windows\System\HhrpWkx.exe
  C:\Windows\System\HhrpWkx.exe
  2⤵
  PID:5920
- C:\Windows\System\uecqIDi.exe
  C:\Windows\System\uecqIDi.exe
  2⤵
  PID:5160
- C:\Windows\System\kYCfBmt.exe
  C:\Windows\System\kYCfBmt.exe
  2⤵
  PID:5224
- C:\Windows\System\NsjhSim.exe
  C:\Windows\System\NsjhSim.exe
  2⤵
  PID:5824
- C:\Windows\System\XJcaaKs.exe
  C:\Windows\System\XJcaaKs.exe
  2⤵
  PID:5576
- C:\Windows\System\kBtrIgK.exe
  C:\Windows\System\kBtrIgK.exe
  2⤵
  PID:6104
- C:\Windows\System\XDymuva.exe
  C:\Windows\System\XDymuva.exe
  2⤵
  PID:4156
- C:\Windows\System\xhydFzT.exe
  C:\Windows\System\xhydFzT.exe
  2⤵
  PID:1704
- C:\Windows\System\DDhOVNW.exe
  C:\Windows\System\DDhOVNW.exe
  2⤵
  PID:5480
- C:\Windows\System\kvPFyzs.exe
  C:\Windows\System\kvPFyzs.exe
  2⤵
  PID:6156
- C:\Windows\System\ZEmkQKu.exe
  C:\Windows\System\ZEmkQKu.exe
  2⤵
  PID:6176
- C:\Windows\System\wqeWbsF.exe
  C:\Windows\System\wqeWbsF.exe
  2⤵
  PID:6192
- C:\Windows\System\FBwTQqR.exe
  C:\Windows\System\FBwTQqR.exe
  2⤵
  PID:6208
- C:\Windows\System\rOiwmhd.exe
  C:\Windows\System\rOiwmhd.exe
  2⤵
  PID:6228
- C:\Windows\System\IpiwdOZ.exe
  C:\Windows\System\IpiwdOZ.exe
  2⤵
  PID:6244
- C:\Windows\System\KWUPlde.exe
  C:\Windows\System\KWUPlde.exe
  2⤵
  PID:6260
- C:\Windows\System\alYNxOj.exe
  C:\Windows\System\alYNxOj.exe
  2⤵
  PID:6276
- C:\Windows\System\EiOyDXd.exe
  C:\Windows\System\EiOyDXd.exe
  2⤵
  PID:6308
- C:\Windows\System\ycMhygo.exe
  C:\Windows\System\ycMhygo.exe
  2⤵
  PID:6332
- C:\Windows\System\fzUJwkZ.exe
  C:\Windows\System\fzUJwkZ.exe
  2⤵
  PID:6348
- C:\Windows\System\HeIbMWi.exe
  C:\Windows\System\HeIbMWi.exe
  2⤵
  PID:6396
- C:\Windows\System\cJuxAwi.exe
  C:\Windows\System\cJuxAwi.exe
  2⤵
  PID:6412
- C:\Windows\System\glXpcPn.exe
  C:\Windows\System\glXpcPn.exe
  2⤵
  PID:6428
- C:\Windows\System\tUjhgfU.exe
  C:\Windows\System\tUjhgfU.exe
  2⤵
  PID:6444
- C:\Windows\System\CYxFlry.exe
  C:\Windows\System\CYxFlry.exe
  2⤵
  PID:6460
- C:\Windows\System\jIXxsrk.exe
  C:\Windows\System\jIXxsrk.exe
  2⤵
  PID:6476
- C:\Windows\System\JfdDZBo.exe
  C:\Windows\System\JfdDZBo.exe
  2⤵
  PID:6492
- C:\Windows\System\NoUdyWx.exe
  C:\Windows\System\NoUdyWx.exe
  2⤵
  PID:6512
- C:\Windows\System\xPdcJRG.exe
  C:\Windows\System\xPdcJRG.exe
  2⤵
  PID:6544
- C:\Windows\System\BCCjdkK.exe
  C:\Windows\System\BCCjdkK.exe
  2⤵
  PID:6560
- C:\Windows\System\qMOzBbk.exe
  C:\Windows\System\qMOzBbk.exe
  2⤵
  PID:6576
- C:\Windows\System\sXSnyJa.exe
  C:\Windows\System\sXSnyJa.exe
  2⤵
  PID:6592
- C:\Windows\System\FLYUyFu.exe
  C:\Windows\System\FLYUyFu.exe
  2⤵
  PID:6636
- C:\Windows\System\MoynPyL.exe
  C:\Windows\System\MoynPyL.exe
  2⤵
  PID:6652
- C:\Windows\System\docaCcP.exe
  C:\Windows\System\docaCcP.exe
  2⤵
  PID:6668
- C:\Windows\System\yQrfdXd.exe
  C:\Windows\System\yQrfdXd.exe
  2⤵
  PID:6688
- C:\Windows\System\ihEyOkR.exe
  C:\Windows\System\ihEyOkR.exe
  2⤵
  PID:6704
- C:\Windows\System\wrsTjmK.exe
  C:\Windows\System\wrsTjmK.exe
  2⤵
  PID:6720
- C:\Windows\System\KQkVuQQ.exe
  C:\Windows\System\KQkVuQQ.exe
  2⤵
  PID:6752
- C:\Windows\System\IWpmDnn.exe
  C:\Windows\System\IWpmDnn.exe
  2⤵
  PID:6772
- C:\Windows\System\JeNDTiw.exe
  C:\Windows\System\JeNDTiw.exe
  2⤵
  PID:6796
- C:\Windows\System\EZFKRCp.exe
  C:\Windows\System\EZFKRCp.exe
  2⤵
  PID:6812
- C:\Windows\System\LDXyJPq.exe
  C:\Windows\System\LDXyJPq.exe
  2⤵
  PID:6828
- C:\Windows\System\KHsZEdD.exe
  C:\Windows\System\KHsZEdD.exe
  2⤵
  PID:6844
- C:\Windows\System\kCINWxm.exe
  C:\Windows\System\kCINWxm.exe
  2⤵
  PID:6860
- C:\Windows\System\EMNiPRe.exe
  C:\Windows\System\EMNiPRe.exe
  2⤵
  PID:6876
- C:\Windows\System\QGfpnKk.exe
  C:\Windows\System\QGfpnKk.exe
  2⤵
  PID:6892
- C:\Windows\System\tHYCuyv.exe
  C:\Windows\System\tHYCuyv.exe
  2⤵
  PID:6928
- C:\Windows\System\lZljIKb.exe
  C:\Windows\System\lZljIKb.exe
  2⤵
  PID:6944
- C:\Windows\System\pvnybhc.exe
  C:\Windows\System\pvnybhc.exe
  2⤵
  PID:6960
- C:\Windows\System\aDxKawE.exe
  C:\Windows\System\aDxKawE.exe
  2⤵
  PID:6976
- C:\Windows\System\tKdsWdL.exe
  C:\Windows\System\tKdsWdL.exe
  2⤵
  PID:6992
- C:\Windows\System\LgdgFUy.exe
  C:\Windows\System\LgdgFUy.exe
  2⤵
  PID:7012
- C:\Windows\System\zUHkhaj.exe
  C:\Windows\System\zUHkhaj.exe
  2⤵
  PID:7028
- C:\Windows\System\btuUtbK.exe
  C:\Windows\System\btuUtbK.exe
  2⤵
  PID:7044
- C:\Windows\System\pRqysvD.exe
  C:\Windows\System\pRqysvD.exe
  2⤵
  PID:7060
- C:\Windows\System\wGnfTgd.exe
  C:\Windows\System\wGnfTgd.exe
  2⤵
  PID:7076
- C:\Windows\System\MqyVmya.exe
  C:\Windows\System\MqyVmya.exe
  2⤵
  PID:7092
- C:\Windows\System\QpDPEVU.exe
  C:\Windows\System\QpDPEVU.exe
  2⤵
  PID:7108
- C:\Windows\System\vPPAjZX.exe
  C:\Windows\System\vPPAjZX.exe
  2⤵
  PID:7124
- C:\Windows\System\IZzWlKI.exe
  C:\Windows\System\IZzWlKI.exe
  2⤵
  PID:7140
- C:\Windows\System\asDScwB.exe
  C:\Windows\System\asDScwB.exe
  2⤵
  PID:7156
- C:\Windows\System\diwFjjX.exe
  C:\Windows\System\diwFjjX.exe
  2⤵
  PID:6040
- C:\Windows\System\aOBjfPJ.exe
  C:\Windows\System\aOBjfPJ.exe
  2⤵
  PID:6256
- C:\Windows\System\CCxvRxu.exe
  C:\Windows\System\CCxvRxu.exe
  2⤵
  PID:6324
- C:\Windows\System\Vizncdm.exe
  C:\Windows\System\Vizncdm.exe
  2⤵
  PID:6216
- C:\Windows\System\HFXEOzc.exe
  C:\Windows\System\HFXEOzc.exe
  2⤵
  PID:6304
- C:\Windows\System\ZkTRlKW.exe
  C:\Windows\System\ZkTRlKW.exe
  2⤵
  PID:6368
- C:\Windows\System\HjarClu.exe
  C:\Windows\System\HjarClu.exe
  2⤵
  PID:6380
- C:\Windows\System\QcFMqKm.exe
  C:\Windows\System\QcFMqKm.exe
  2⤵
  PID:6420
- C:\Windows\System\HZAurOX.exe
  C:\Windows\System\HZAurOX.exe
  2⤵
  PID:6488
- C:\Windows\System\PJPJfXF.exe
  C:\Windows\System\PJPJfXF.exe
  2⤵
  PID:6540
- C:\Windows\System\IYuYMPt.exe
  C:\Windows\System\IYuYMPt.exe
  2⤵
  PID:6508
- C:\Windows\System\TYrVnKc.exe
  C:\Windows\System\TYrVnKc.exe
  2⤵
  PID:6588
- C:\Windows\System\WOIAMkN.exe
  C:\Windows\System\WOIAMkN.exe
  2⤵
  PID:6572
- C:\Windows\System\ujMGAhN.exe
  C:\Windows\System\ujMGAhN.exe
  2⤵
  PID:6676
- C:\Windows\System\tTcQtwd.exe
  C:\Windows\System\tTcQtwd.exe
  2⤵
  PID:6680
- C:\Windows\System\aCODFFc.exe
  C:\Windows\System\aCODFFc.exe
  2⤵
  PID:6744
- C:\Windows\System\lyqfBZf.exe
  C:\Windows\System\lyqfBZf.exe
  2⤵
  PID:6780
- C:\Windows\System\yjJqjVA.exe
  C:\Windows\System\yjJqjVA.exe
  2⤵
  PID:6788
- C:\Windows\System\CNAVwnF.exe
  C:\Windows\System\CNAVwnF.exe
  2⤵
  PID:6840
- C:\Windows\System\XatTGYP.exe
  C:\Windows\System\XatTGYP.exe
  2⤵
  PID:6912
- C:\Windows\System\ltqKdoe.exe
  C:\Windows\System\ltqKdoe.exe
  2⤵
  PID:6904
- C:\Windows\System\diagLUl.exe
  C:\Windows\System\diagLUl.exe
  2⤵
  PID:6824
- C:\Windows\System\GXaJxZi.exe
  C:\Windows\System\GXaJxZi.exe
  2⤵
  PID:6936
- C:\Windows\System\dHjyKSZ.exe
  C:\Windows\System\dHjyKSZ.exe
  2⤵
  PID:7004
- C:\Windows\System\daCbFEv.exe
  C:\Windows\System\daCbFEv.exe
  2⤵
  PID:7068
- C:\Windows\System\ZGibnhO.exe
  C:\Windows\System\ZGibnhO.exe
  2⤵
  PID:5900
- C:\Windows\System\WGgiAqq.exe
  C:\Windows\System\WGgiAqq.exe
  2⤵
  PID:7024
- C:\Windows\System\baxlEbt.exe
  C:\Windows\System\baxlEbt.exe
  2⤵
  PID:7088
- C:\Windows\System\RordLmJ.exe
  C:\Windows\System\RordLmJ.exe
  2⤵
  PID:7152
- C:\Windows\System\UACgiOk.exe
  C:\Windows\System\UACgiOk.exe
  2⤵
  PID:6200
- C:\Windows\System\tUmkpRF.exe
  C:\Windows\System\tUmkpRF.exe
  2⤵
  PID:6268
- C:\Windows\System\uzcSZWa.exe
  C:\Windows\System\uzcSZWa.exe
  2⤵
  PID:6524
- C:\Windows\System\rrFGDzo.exe
  C:\Windows\System\rrFGDzo.exe
  2⤵
  PID:6552
- C:\Windows\System\hNwTbTP.exe
  C:\Windows\System\hNwTbTP.exe
  2⤵
  PID:6288
- C:\Windows\System\NobhwMW.exe
  C:\Windows\System\NobhwMW.exe
  2⤵
  PID:6360
- C:\Windows\System\SqvkqWW.exe
  C:\Windows\System\SqvkqWW.exe
  2⤵
  PID:6472
- C:\Windows\System\evQfGTe.exe
  C:\Windows\System\evQfGTe.exe
  2⤵
  PID:6568
- C:\Windows\System\XQpvedj.exe
  C:\Windows\System\XQpvedj.exe
  2⤵
  PID:6660
- C:\Windows\System\qTaBOYs.exe
  C:\Windows\System\qTaBOYs.exe
  2⤵
  PID:6728
- C:\Windows\System\VjOoUWg.exe
  C:\Windows\System\VjOoUWg.exe
  2⤵
  PID:6736
- C:\Windows\System\eNCSQPd.exe
  C:\Windows\System\eNCSQPd.exe
  2⤵
  PID:6836
- C:\Windows\System\IDcbQZp.exe
  C:\Windows\System\IDcbQZp.exe
  2⤵
  PID:6884
- C:\Windows\System\iyEbNQb.exe
  C:\Windows\System\iyEbNQb.exe
  2⤵
  PID:6740
- C:\Windows\System\nuWLndL.exe
  C:\Windows\System\nuWLndL.exe
  2⤵
  PID:6968
- C:\Windows\System\xNSVSdH.exe
  C:\Windows\System\xNSVSdH.exe
  2⤵
  PID:7104
- C:\Windows\System\bupzFuT.exe
  C:\Windows\System\bupzFuT.exe
  2⤵
  PID:6988
- C:\Windows\System\KODKOHK.exe
  C:\Windows\System\KODKOHK.exe
  2⤵
  PID:5904
- C:\Windows\System\qHMHGBp.exe
  C:\Windows\System\qHMHGBp.exe
  2⤵
  PID:6300
- C:\Windows\System\rhBvNeU.exe
  C:\Windows\System\rhBvNeU.exe
  2⤵
  PID:7056
- C:\Windows\System\RkhsYTq.exe
  C:\Windows\System\RkhsYTq.exe
  2⤵
  PID:7136
- C:\Windows\System\iyePZdb.exe
  C:\Windows\System\iyePZdb.exe
  2⤵
  PID:6220
- C:\Windows\System\WtVHVlm.exe
  C:\Windows\System\WtVHVlm.exe
  2⤵
  PID:6468
- C:\Windows\System\IJWjtMS.exe
  C:\Windows\System\IJWjtMS.exe
  2⤵
  PID:6648
- C:\Windows\System\xOYWLmx.exe
  C:\Windows\System\xOYWLmx.exe
  2⤵
  PID:6760
- C:\Windows\System\CNTdgHk.exe
  C:\Windows\System\CNTdgHk.exe
  2⤵
  PID:7100
- C:\Windows\System\tjaHVfx.exe
  C:\Windows\System\tjaHVfx.exe
  2⤵
  PID:6148
- C:\Windows\System\zEFaWYm.exe
  C:\Windows\System\zEFaWYm.exe
  2⤵
  PID:6036
- C:\Windows\System\PQTIxAB.exe
  C:\Windows\System\PQTIxAB.exe
  2⤵
  PID:6716
- C:\Windows\System\fPiCPuu.exe
  C:\Windows\System\fPiCPuu.exe
  2⤵
  PID:7040
- C:\Windows\System\knBDkLE.exe
  C:\Windows\System\knBDkLE.exe
  2⤵
  PID:5316
- C:\Windows\System\YihECfy.exe
  C:\Windows\System\YihECfy.exe
  2⤵
  PID:6856
- C:\Windows\System\sFZMYFj.exe
  C:\Windows\System\sFZMYFj.exe
  2⤵
  PID:6924
- C:\Windows\System\zYiXsce.exe
  C:\Windows\System\zYiXsce.exe
  2⤵
  PID:6608
- C:\Windows\System\vvduURx.exe
  C:\Windows\System\vvduURx.exe
  2⤵
  PID:6364
- C:\Windows\System\TZFHrNK.exe
  C:\Windows\System\TZFHrNK.exe
  2⤵
  PID:6452
- C:\Windows\System\owwNpik.exe
  C:\Windows\System\owwNpik.exe
  2⤵
  PID:7000
- C:\Windows\System\AJZMJCJ.exe
  C:\Windows\System\AJZMJCJ.exe
  2⤵
  PID:6060
- C:\Windows\System\lavISwt.exe
  C:\Windows\System\lavISwt.exe
  2⤵
  PID:6820
- C:\Windows\System\qGSqtZH.exe
  C:\Windows\System\qGSqtZH.exe
  2⤵
  PID:7164
- C:\Windows\System\odvwxxa.exe
  C:\Windows\System\odvwxxa.exe
  2⤵
  PID:6784
- C:\Windows\System\YZRgDib.exe
  C:\Windows\System\YZRgDib.exe
  2⤵
  PID:6624
- C:\Windows\System\uIgBxla.exe
  C:\Windows\System\uIgBxla.exe
  2⤵
  PID:6388
- C:\Windows\System\xFhgYkE.exe
  C:\Windows\System\xFhgYkE.exe
  2⤵
  PID:6532
- C:\Windows\System\tIoWHvi.exe
  C:\Windows\System\tIoWHvi.exe
  2⤵
  PID:6152
- C:\Windows\System\MjdAfRl.exe
  C:\Windows\System\MjdAfRl.exe
  2⤵
  PID:6484
- C:\Windows\System\acZxKhw.exe
  C:\Windows\System\acZxKhw.exe
  2⤵
  PID:7184
- C:\Windows\System\AsPIHXn.exe
  C:\Windows\System\AsPIHXn.exe
  2⤵
  PID:7216
- C:\Windows\System\aJcqOCu.exe
  C:\Windows\System\aJcqOCu.exe
  2⤵
  PID:7232
- C:\Windows\System\yMeehBE.exe
  C:\Windows\System\yMeehBE.exe
  2⤵
  PID:7252
- C:\Windows\System\bwkVglf.exe
  C:\Windows\System\bwkVglf.exe
  2⤵
  PID:7272
- C:\Windows\System\JNhQlDR.exe
  C:\Windows\System\JNhQlDR.exe
  2⤵
  PID:7288
- C:\Windows\System\aLHKGXp.exe
  C:\Windows\System\aLHKGXp.exe
  2⤵
  PID:7304
- C:\Windows\System\xfOpvTn.exe
  C:\Windows\System\xfOpvTn.exe
  2⤵
  PID:7336
- C:\Windows\System\WOlLnsZ.exe
  C:\Windows\System\WOlLnsZ.exe
  2⤵
  PID:7352
- C:\Windows\System\dhVjmTD.exe
  C:\Windows\System\dhVjmTD.exe
  2⤵
  PID:7372
- C:\Windows\System\NXYaiAx.exe
  C:\Windows\System\NXYaiAx.exe
  2⤵
  PID:7392
- C:\Windows\System\ujIIdmR.exe
  C:\Windows\System\ujIIdmR.exe
  2⤵
  PID:7412
- C:\Windows\System\MDoRdYS.exe
  C:\Windows\System\MDoRdYS.exe
  2⤵
  PID:7436
- C:\Windows\System\EkkXNqQ.exe
  C:\Windows\System\EkkXNqQ.exe
  2⤵
  PID:7452
- C:\Windows\System\RXRBIgE.exe
  C:\Windows\System\RXRBIgE.exe
  2⤵
  PID:7476
- C:\Windows\System\QJrzwZv.exe
  C:\Windows\System\QJrzwZv.exe
  2⤵
  PID:7492
- C:\Windows\System\DPkZXgY.exe
  C:\Windows\System\DPkZXgY.exe
  2⤵
  PID:7516
- C:\Windows\System\GFtIzFx.exe
  C:\Windows\System\GFtIzFx.exe
  2⤵
  PID:7540
- C:\Windows\System\cQfVjCs.exe
  C:\Windows\System\cQfVjCs.exe
  2⤵
  PID:7560
- C:\Windows\System\mdcBvdv.exe
  C:\Windows\System\mdcBvdv.exe
  2⤵
  PID:7580
- C:\Windows\System\mVlTFir.exe
  C:\Windows\System\mVlTFir.exe
  2⤵
  PID:7596
- C:\Windows\System\iUkgpTV.exe
  C:\Windows\System\iUkgpTV.exe
  2⤵
  PID:7612
- C:\Windows\System\KzYPqiI.exe
  C:\Windows\System\KzYPqiI.exe
  2⤵
  PID:7636
- C:\Windows\System\PgpMhzb.exe
  C:\Windows\System\PgpMhzb.exe
  2⤵
  PID:7652
- C:\Windows\System\nQJXLkB.exe
  C:\Windows\System\nQJXLkB.exe
  2⤵
  PID:7676
- C:\Windows\System\DxaykQE.exe
  C:\Windows\System\DxaykQE.exe
  2⤵
  PID:7696
- C:\Windows\System\renBcmW.exe
  C:\Windows\System\renBcmW.exe
  2⤵
  PID:7716
- C:\Windows\System\jxKUtuL.exe
  C:\Windows\System\jxKUtuL.exe
  2⤵
  PID:7732
- C:\Windows\System\DsGoEis.exe
  C:\Windows\System\DsGoEis.exe
  2⤵
  PID:7756
- C:\Windows\System\DQzRNdL.exe
  C:\Windows\System\DQzRNdL.exe
  2⤵
  PID:7776
- C:\Windows\System\dIwUgFB.exe
  C:\Windows\System\dIwUgFB.exe
  2⤵
  PID:7796
- C:\Windows\System\EgPANhE.exe
  C:\Windows\System\EgPANhE.exe
  2⤵
  PID:7812
- C:\Windows\System\ayFGXOZ.exe
  C:\Windows\System\ayFGXOZ.exe
  2⤵
  PID:7832
- C:\Windows\System\OLRgiCC.exe
  C:\Windows\System\OLRgiCC.exe
  2⤵
  PID:7852
- C:\Windows\System\KXJLDmJ.exe
  C:\Windows\System\KXJLDmJ.exe
  2⤵
  PID:7872
- C:\Windows\System\dongZmc.exe
  C:\Windows\System\dongZmc.exe
  2⤵
  PID:7892
- C:\Windows\System\iEaZCpt.exe
  C:\Windows\System\iEaZCpt.exe
  2⤵
  PID:7920
- C:\Windows\System\gJlTUeN.exe
  C:\Windows\System\gJlTUeN.exe
  2⤵
  PID:7936
- C:\Windows\System\JpzOBac.exe
  C:\Windows\System\JpzOBac.exe
  2⤵
  PID:7964
- C:\Windows\System\aFCWOrE.exe
  C:\Windows\System\aFCWOrE.exe
  2⤵
  PID:8012
- C:\Windows\System\vDzQIXA.exe
  C:\Windows\System\vDzQIXA.exe
  2⤵
  PID:8044
- C:\Windows\System\xgIgxBf.exe
  C:\Windows\System\xgIgxBf.exe
  2⤵
  PID:8064
- C:\Windows\System\ujrDAIR.exe
  C:\Windows\System\ujrDAIR.exe
  2⤵
  PID:8080
- C:\Windows\System\tKCLYUN.exe
  C:\Windows\System\tKCLYUN.exe
  2⤵
  PID:8096
- C:\Windows\System\GndqujR.exe
  C:\Windows\System\GndqujR.exe
  2⤵
  PID:8116
- C:\Windows\System\EFPYaZU.exe
  C:\Windows\System\EFPYaZU.exe
  2⤵
  PID:8132
- C:\Windows\System\lvRGRWz.exe
  C:\Windows\System\lvRGRWz.exe
  2⤵
  PID:8148
- C:\Windows\System\dhjYwlP.exe
  C:\Windows\System\dhjYwlP.exe
  2⤵
  PID:8172
- C:\Windows\System\kdFJHZp.exe
  C:\Windows\System\kdFJHZp.exe
  2⤵
  PID:8188
- C:\Windows\System\tCINTOQ.exe
  C:\Windows\System\tCINTOQ.exe
  2⤵
  PID:7200
- C:\Windows\System\fhKWMBc.exe
  C:\Windows\System\fhKWMBc.exe
  2⤵
  PID:7228
- C:\Windows\System\JvXQJAz.exe
  C:\Windows\System\JvXQJAz.exe
  2⤵
  PID:7264
- C:\Windows\System\CQWMMue.exe
  C:\Windows\System\CQWMMue.exe
  2⤵
  PID:7320
- C:\Windows\System\UDKRnnh.exe
  C:\Windows\System\UDKRnnh.exe
  2⤵
  PID:7360
- C:\Windows\System\RNUUdTy.exe
  C:\Windows\System\RNUUdTy.exe
  2⤵
  PID:7384
- C:\Windows\System\nFxfsSU.exe
  C:\Windows\System\nFxfsSU.exe
  2⤵
  PID:7404
- C:\Windows\System\ABYDKwG.exe
  C:\Windows\System\ABYDKwG.exe
  2⤵
  PID:7420
- C:\Windows\System\OuWVCwQ.exe
  C:\Windows\System\OuWVCwQ.exe
  2⤵
  PID:7468
- C:\Windows\System\VslNAdA.exe
  C:\Windows\System\VslNAdA.exe
  2⤵
  PID:7488
- C:\Windows\System\cOxRXJY.exe
  C:\Windows\System\cOxRXJY.exe
  2⤵
  PID:7552
- C:\Windows\System\GuWYTfY.exe
  C:\Windows\System\GuWYTfY.exe
  2⤵
  PID:7572
- C:\Windows\System\uCytKSH.exe
  C:\Windows\System\uCytKSH.exe
  2⤵
  PID:7588
- C:\Windows\System\TnzcSCO.exe
  C:\Windows\System\TnzcSCO.exe
  2⤵
  PID:7688
- C:\Windows\System\CwzDCGv.exe
  C:\Windows\System\CwzDCGv.exe
  2⤵
  PID:7664
- C:\Windows\System\FFMyrDv.exe
  C:\Windows\System\FFMyrDv.exe
  2⤵
  PID:7728
- C:\Windows\System\hdAKPBU.exe
  C:\Windows\System\hdAKPBU.exe
  2⤵
  PID:7768
- C:\Windows\System\oRcDwHQ.exe
  C:\Windows\System\oRcDwHQ.exe
  2⤵
  PID:7752
- C:\Windows\System\qMIEibm.exe
  C:\Windows\System\qMIEibm.exe
  2⤵
  PID:7840
- C:\Windows\System\HTqRbJY.exe
  C:\Windows\System\HTqRbJY.exe
  2⤵
  PID:7944
- C:\Windows\System\jCjcJAJ.exe
  C:\Windows\System\jCjcJAJ.exe
  2⤵
  PID:7204
- C:\Windows\System\LUGDUPw.exe
  C:\Windows\System\LUGDUPw.exe
  2⤵
  PID:8020
- C:\Windows\System\WjkyHoH.exe
  C:\Windows\System\WjkyHoH.exe
  2⤵
  PID:8040
- C:\Windows\System\uRDxuZe.exe
  C:\Windows\System\uRDxuZe.exe
  2⤵
  PID:8092
- C:\Windows\System\gVNkKPA.exe
  C:\Windows\System\gVNkKPA.exe
  2⤵
  PID:8160
- C:\Windows\System\nOcyOrD.exe
  C:\Windows\System\nOcyOrD.exe
  2⤵
  PID:8104
- C:\Windows\System\xUQcOUH.exe
  C:\Windows\System\xUQcOUH.exe
  2⤵
  PID:8144
- C:\Windows\System\ecYSHCA.exe
  C:\Windows\System\ecYSHCA.exe
  2⤵
  PID:8184
- C:\Windows\System\VfhBSqu.exe
  C:\Windows\System\VfhBSqu.exe
  2⤵
  PID:7240
- C:\Windows\System\NkGAiRF.exe
  C:\Windows\System\NkGAiRF.exe
  2⤵
  PID:7296
- C:\Windows\System\pHQRBju.exe
  C:\Windows\System\pHQRBju.exe
  2⤵
  PID:7400
- C:\Windows\System\rccOwzX.exe
  C:\Windows\System\rccOwzX.exe
  2⤵
  PID:7504
- C:\Windows\System\HdpTpOc.exe
  C:\Windows\System\HdpTpOc.exe
  2⤵
  PID:7444
- C:\Windows\System\iCkwEph.exe
  C:\Windows\System\iCkwEph.exe
  2⤵
  PID:7508
- C:\Windows\System\KRvHLgb.exe
  C:\Windows\System\KRvHLgb.exe
  2⤵
  PID:6240
- C:\Windows\System\cVSfJnp.exe
  C:\Windows\System\cVSfJnp.exe
  2⤵
  PID:7532
- C:\Windows\System\UiWhvXS.exe
  C:\Windows\System\UiWhvXS.exe
  2⤵
  PID:7684
- C:\Windows\System\UcwcHko.exe
  C:\Windows\System\UcwcHko.exe
  2⤵
  PID:7704
- C:\Windows\System\gNCbuNV.exe
  C:\Windows\System\gNCbuNV.exe
  2⤵
  PID:7880
- C:\Windows\System\YtRdjrG.exe
  C:\Windows\System\YtRdjrG.exe
  2⤵
  PID:7632
- C:\Windows\System\lbgUsuN.exe
  C:\Windows\System\lbgUsuN.exe
  2⤵
  PID:7792
- C:\Windows\System\ByzZhYn.exe
  C:\Windows\System\ByzZhYn.exe
  2⤵
  PID:7912
- C:\Windows\System\DavUOSd.exe
  C:\Windows\System\DavUOSd.exe
  2⤵
  PID:7956
- C:\Windows\System\kCOuZqs.exe
  C:\Windows\System\kCOuZqs.exe
  2⤵
  PID:8128
- C:\Windows\System\SUzgDrP.exe
  C:\Windows\System\SUzgDrP.exe
  2⤵
  PID:6392
- C:\Windows\System\FVhKFax.exe
  C:\Windows\System\FVhKFax.exe
  2⤵
  PID:7192
- C:\Windows\System\FfdxgSa.exe
  C:\Windows\System\FfdxgSa.exe
  2⤵
  PID:7992
- C:\Windows\System\tuAVGER.exe
  C:\Windows\System\tuAVGER.exe
  2⤵
  PID:7176
- C:\Windows\System\osCnbYd.exe
  C:\Windows\System\osCnbYd.exe
  2⤵
  PID:7260
- C:\Windows\System\XSxKsHD.exe
  C:\Windows\System\XSxKsHD.exe
  2⤵
  PID:7592
- C:\Windows\System\HzRbxzC.exe
  C:\Windows\System\HzRbxzC.exe
  2⤵
  PID:7644
- C:\Windows\System\dGAHltz.exe
  C:\Windows\System\dGAHltz.exe
  2⤵
  PID:7724
- C:\Windows\System\XyljKOT.exe
  C:\Windows\System\XyljKOT.exe
  2⤵
  PID:7764
- C:\Windows\System\qVvpwLl.exe
  C:\Windows\System\qVvpwLl.exe
  2⤵
  PID:7824
- C:\Windows\System\MVBjYZC.exe
  C:\Windows\System\MVBjYZC.exe
  2⤵
  PID:8168
- C:\Windows\System\lUfyyDE.exe
  C:\Windows\System\lUfyyDE.exe
  2⤵
  PID:8088
- C:\Windows\System\LeCmkUD.exe
  C:\Windows\System\LeCmkUD.exe
  2⤵
  PID:7428
- C:\Windows\System\pWFuuZN.exe
  C:\Windows\System\pWFuuZN.exe
  2⤵
  PID:7500
- C:\Windows\System\NqmhTfV.exe
  C:\Windows\System\NqmhTfV.exe
  2⤵
  PID:7348
- C:\Windows\System\YFaTyGp.exe
  C:\Windows\System\YFaTyGp.exe
  2⤵
  PID:7224
- C:\Windows\System\wznQDGq.exe
  C:\Windows\System\wznQDGq.exe
  2⤵
  PID:7248
- C:\Windows\System\rKNijpD.exe
  C:\Windows\System\rKNijpD.exe
  2⤵
  PID:7888
- C:\Windows\System\UZUcMSH.exe
  C:\Windows\System\UZUcMSH.exe
  2⤵
  PID:7460
- C:\Windows\System\sipwdsa.exe
  C:\Windows\System\sipwdsa.exe
  2⤵
  PID:8200
- C:\Windows\System\CmYvKQc.exe
  C:\Windows\System\CmYvKQc.exe
  2⤵
  PID:8216
- C:\Windows\System\hSOblEh.exe
  C:\Windows\System\hSOblEh.exe
  2⤵
  PID:8232
- C:\Windows\System\MtkeUxw.exe
  C:\Windows\System\MtkeUxw.exe
  2⤵
  PID:8256
- C:\Windows\System\zuaVJWl.exe
  C:\Windows\System\zuaVJWl.exe
  2⤵
  PID:8272
- C:\Windows\System\GWlRsIx.exe
  C:\Windows\System\GWlRsIx.exe
  2⤵
  PID:8292
- C:\Windows\System\nSoPQxg.exe
  C:\Windows\System\nSoPQxg.exe
  2⤵
  PID:8308
- C:\Windows\System\RfUsESA.exe
  C:\Windows\System\RfUsESA.exe
  2⤵
  PID:8324
- C:\Windows\System\fkKqpeg.exe
  C:\Windows\System\fkKqpeg.exe
  2⤵
  PID:8384
- C:\Windows\System\RuvoxKh.exe
  C:\Windows\System\RuvoxKh.exe
  2⤵
  PID:8404
- C:\Windows\System\QQjlcrf.exe
  C:\Windows\System\QQjlcrf.exe
  2⤵
  PID:8420
- C:\Windows\System\EvTHBdP.exe
  C:\Windows\System\EvTHBdP.exe
  2⤵
  PID:8440
- C:\Windows\System\klrBaQT.exe
  C:\Windows\System\klrBaQT.exe
  2⤵
  PID:8460
- C:\Windows\System\AZBZYLP.exe
  C:\Windows\System\AZBZYLP.exe
  2⤵
  PID:8480
- C:\Windows\System\pGjGSaO.exe
  C:\Windows\System\pGjGSaO.exe
  2⤵
  PID:8500
- C:\Windows\System\eapxRGh.exe
  C:\Windows\System\eapxRGh.exe
  2⤵
  PID:8520
- C:\Windows\System\xcgzTmO.exe
  C:\Windows\System\xcgzTmO.exe
  2⤵
  PID:8536
- C:\Windows\System\HyxECTl.exe
  C:\Windows\System\HyxECTl.exe
  2⤵
  PID:8552
- C:\Windows\System\Qjnctbj.exe
  C:\Windows\System\Qjnctbj.exe
  2⤵
  PID:8580
- C:\Windows\System\nYcHCbH.exe
  C:\Windows\System\nYcHCbH.exe
  2⤵
  PID:8612
- C:\Windows\System\MEXbzUm.exe
  C:\Windows\System\MEXbzUm.exe
  2⤵
  PID:8628
- C:\Windows\System\vlwPCSN.exe
  C:\Windows\System\vlwPCSN.exe
  2⤵
  PID:8644
- C:\Windows\System\PfmUEtj.exe
  C:\Windows\System\PfmUEtj.exe
  2⤵
  PID:8668
- C:\Windows\System\VoRfWgb.exe
  C:\Windows\System\VoRfWgb.exe
  2⤵
  PID:8688
- C:\Windows\System\VQpTLny.exe
  C:\Windows\System\VQpTLny.exe
  2⤵
  PID:8704
- C:\Windows\System\UhrDLVj.exe
  C:\Windows\System\UhrDLVj.exe
  2⤵
  PID:8720
- C:\Windows\System\EtcYxGn.exe
  C:\Windows\System\EtcYxGn.exe
  2⤵
  PID:8736
- C:\Windows\System\lMIgezR.exe
  C:\Windows\System\lMIgezR.exe
  2⤵
  PID:8756
- C:\Windows\System\hDzPeMT.exe
  C:\Windows\System\hDzPeMT.exe
  2⤵
  PID:8780
- C:\Windows\System\IFWrejh.exe
  C:\Windows\System\IFWrejh.exe
  2⤵
  PID:8808
- C:\Windows\System\yZIszbt.exe
  C:\Windows\System\yZIszbt.exe
  2⤵
  PID:8824
- C:\Windows\System\zxUDVgB.exe
  C:\Windows\System\zxUDVgB.exe
  2⤵
  PID:8856
- C:\Windows\System\bBtEzMJ.exe
  C:\Windows\System\bBtEzMJ.exe
  2⤵
  PID:8872
- C:\Windows\System\PdWPZwq.exe
  C:\Windows\System\PdWPZwq.exe
  2⤵
  PID:8888
- C:\Windows\System\LKUDdAk.exe
  C:\Windows\System\LKUDdAk.exe
  2⤵
  PID:8912
- C:\Windows\System\TtrRpQv.exe
  C:\Windows\System\TtrRpQv.exe
  2⤵
  PID:8928
- C:\Windows\System\ECipeDQ.exe
  C:\Windows\System\ECipeDQ.exe
  2⤵
  PID:8944
- C:\Windows\System\PWrUiyh.exe
  C:\Windows\System\PWrUiyh.exe
  2⤵
  PID:8960
- C:\Windows\System\dkNJziS.exe
  C:\Windows\System\dkNJziS.exe
  2⤵
  PID:8984
- C:\Windows\System\aDvYgDQ.exe
  C:\Windows\System\aDvYgDQ.exe
  2⤵
  PID:9004
- C:\Windows\System\SCeVwQH.exe
  C:\Windows\System\SCeVwQH.exe
  2⤵
  PID:9020
- C:\Windows\System\aRYYSCN.exe
  C:\Windows\System\aRYYSCN.exe
  2⤵
  PID:9040
- C:\Windows\System\djSRDMU.exe
  C:\Windows\System\djSRDMU.exe
  2⤵
  PID:9060
- C:\Windows\System\IDBkpTy.exe
  C:\Windows\System\IDBkpTy.exe
  2⤵
  PID:9076
- C:\Windows\System\HGZXKxh.exe
  C:\Windows\System\HGZXKxh.exe
  2⤵
  PID:9096
- C:\Windows\System\UuaYoUn.exe
  C:\Windows\System\UuaYoUn.exe
  2⤵
  PID:9112
- C:\Windows\System\dKfJpVU.exe
  C:\Windows\System\dKfJpVU.exe
  2⤵
  PID:9132
- C:\Windows\System\hxyAPTt.exe
  C:\Windows\System\hxyAPTt.exe
  2⤵
  PID:9148
- C:\Windows\System\cqRJmQp.exe
  C:\Windows\System\cqRJmQp.exe
  2⤵
  PID:9168
- C:\Windows\System\WJYTXTn.exe
  C:\Windows\System\WJYTXTn.exe
  2⤵
  PID:9184
- C:\Windows\System\eyLwmzv.exe
  C:\Windows\System\eyLwmzv.exe
  2⤵
  PID:9200
- C:\Windows\System\SJzigGb.exe
  C:\Windows\System\SJzigGb.exe
  2⤵
  PID:8032
- C:\Windows\System\FJEbxQt.exe
  C:\Windows\System\FJEbxQt.exe
  2⤵
  PID:7744
- C:\Windows\System\wFQttVX.exe
  C:\Windows\System\wFQttVX.exe
  2⤵
  PID:8028
- C:\Windows\System\HYcwlRu.exe
  C:\Windows\System\HYcwlRu.exe
  2⤵
  PID:7464
- C:\Windows\System\wzfiVnK.exe
  C:\Windows\System\wzfiVnK.exe
  2⤵
  PID:8228
- C:\Windows\System\WtsdeMH.exe
  C:\Windows\System\WtsdeMH.exe
  2⤵
  PID:8280
- C:\Windows\System\UvylQwy.exe
  C:\Windows\System\UvylQwy.exe
  2⤵
  PID:8208
- C:\Windows\System\PfDUYpb.exe
  C:\Windows\System\PfDUYpb.exe
  2⤵
  PID:8316
- C:\Windows\System\cxnjHUz.exe
  C:\Windows\System\cxnjHUz.exe
  2⤵
  PID:7828
- C:\Windows\System\hBHWruT.exe
  C:\Windows\System\hBHWruT.exe
  2⤵
  PID:8340
- C:\Windows\System\qAzuMmm.exe
  C:\Windows\System\qAzuMmm.exe
  2⤵
  PID:8400
- C:\Windows\System\NQttjTD.exe
  C:\Windows\System\NQttjTD.exe
  2⤵
  PID:8456
- C:\Windows\System\aTQjsAz.exe
  C:\Windows\System\aTQjsAz.exe
  2⤵
  PID:8412
- C:\Windows\System\EWPAViB.exe
  C:\Windows\System\EWPAViB.exe
  2⤵
  PID:8532
- C:\Windows\System\POJdsXw.exe
  C:\Windows\System\POJdsXw.exe
  2⤵
  PID:8596
- C:\Windows\System\YQNfKLp.exe
  C:\Windows\System\YQNfKLp.exe
  2⤵
  PID:8604
- C:\Windows\System\fPvslUT.exe
  C:\Windows\System\fPvslUT.exe
  2⤵
  PID:8712
- C:\Windows\System\arFhNik.exe
  C:\Windows\System\arFhNik.exe
  2⤵
  PID:8656
- C:\Windows\System\rCUgcRL.exe
  C:\Windows\System\rCUgcRL.exe
  2⤵
  PID:8744
- C:\Windows\System\cPeKUtc.exe
  C:\Windows\System\cPeKUtc.exe
  2⤵
  PID:8732
- C:\Windows\System\YKGpnmC.exe
  C:\Windows\System\YKGpnmC.exe
  2⤵
  PID:8804
- C:\Windows\System\rXthpaQ.exe
  C:\Windows\System\rXthpaQ.exe
  2⤵
  PID:8836
- C:\Windows\System\RBOUmot.exe
  C:\Windows\System\RBOUmot.exe
  2⤵
  PID:8852
- C:\Windows\System\hrogvaH.exe
  C:\Windows\System\hrogvaH.exe
  2⤵
  PID:8868
- C:\Windows\System\NkZeivW.exe
  C:\Windows\System\NkZeivW.exe
  2⤵
  PID:8908
- C:\Windows\System\MSoCoBX.exe
  C:\Windows\System\MSoCoBX.exe
  2⤵
  PID:8952
- C:\Windows\System\NeADlJY.exe
  C:\Windows\System\NeADlJY.exe
  2⤵
  PID:9032
- C:\Windows\System\sYnBJbU.exe
  C:\Windows\System\sYnBJbU.exe
  2⤵
  PID:9108
- C:\Windows\System\YOellDc.exe
  C:\Windows\System\YOellDc.exe
  2⤵
  PID:9212
- C:\Windows\System\wkdNELj.exe
  C:\Windows\System\wkdNELj.exe
  2⤵
  PID:8240
- C:\Windows\System\tLoKeoY.exe
  C:\Windows\System\tLoKeoY.exe
  2⤵
  PID:8980
- C:\Windows\System\GylvHSP.exe
  C:\Windows\System\GylvHSP.exe
  2⤵
  PID:9084
- C:\Windows\System\MIBnbsk.exe
  C:\Windows\System\MIBnbsk.exe
  2⤵
  PID:9128
- C:\Windows\System\kuDxSfB.exe
  C:\Windows\System\kuDxSfB.exe
  2⤵
  PID:9196
- C:\Windows\System\ZRAIWfj.exe
  C:\Windows\System\ZRAIWfj.exe
  2⤵
  PID:7316
- C:\Windows\System\cTjOSkB.exe
  C:\Windows\System\cTjOSkB.exe
  2⤵
  PID:8976
- C:\Windows\System\OfEeuPF.exe
  C:\Windows\System\OfEeuPF.exe
  2⤵
  PID:8356
- C:\Windows\System\xHNeezd.exe
  C:\Windows\System\xHNeezd.exe
  2⤵
  PID:8284
- C:\Windows\System\ospKzoa.exe
  C:\Windows\System\ospKzoa.exe
  2⤵
  PID:8332
- C:\Windows\System\jzmhNoz.exe
  C:\Windows\System\jzmhNoz.exe
  2⤵
  PID:8380
- C:\Windows\System\kDCNTdJ.exe
  C:\Windows\System\kDCNTdJ.exe
  2⤵
  PID:8516
- C:\Windows\System\DfVGlJI.exe
  C:\Windows\System\DfVGlJI.exe
  2⤵
  PID:8544
- C:\Windows\System\JYtGLfd.exe
  C:\Windows\System\JYtGLfd.exe
  2⤵
  PID:8560
- C:\Windows\System\OljgjXN.exe
  C:\Windows\System\OljgjXN.exe
  2⤵
  PID:8592
- C:\Windows\System\sukbRxy.exe
  C:\Windows\System\sukbRxy.exe
  2⤵
  PID:8676
- C:\Windows\System\AlgecCS.exe
  C:\Windows\System\AlgecCS.exe
  2⤵
  PID:8764
- C:\Windows\System\sFfIzUz.exe
  C:\Windows\System\sFfIzUz.exe
  2⤵
  PID:8752
- C:\Windows\System\pcjLuTP.exe
  C:\Windows\System\pcjLuTP.exe
  2⤵
  PID:8848
- C:\Windows\System\YZMHRaf.exe
  C:\Windows\System\YZMHRaf.exe
  2⤵
  PID:7932
- C:\Windows\System\rpBSGPw.exe
  C:\Windows\System\rpBSGPw.exe
  2⤵
  PID:8920
- C:\Windows\System\NPDeQly.exe
  C:\Windows\System\NPDeQly.exe
  2⤵
  PID:8996
- C:\Windows\System\nBIHRzI.exe
  C:\Windows\System\nBIHRzI.exe
  2⤵
  PID:9176
- C:\Windows\System\DcqjOMo.exe
  C:\Windows\System\DcqjOMo.exe
  2⤵
  PID:7928
- C:\Windows\System\zfcVELz.exe
  C:\Windows\System\zfcVELz.exe
  2⤵
  PID:9124
- C:\Windows\System\EOJsuIY.exe
  C:\Windows\System\EOJsuIY.exe
  2⤵
  PID:7332
- C:\Windows\System\fatrtJz.exe
  C:\Windows\System\fatrtJz.exe
  2⤵
  PID:8304
- C:\Windows\System\gLsVbyP.exe
  C:\Windows\System\gLsVbyP.exe
  2⤵
  PID:8140
- C:\Windows\System\xEjiqYk.exe
  C:\Windows\System\xEjiqYk.exe
  2⤵
  PID:8548
- C:\Windows\System\YtgsaxN.exe
  C:\Windows\System\YtgsaxN.exe
  2⤵
  PID:8608
- C:\Windows\System\mijMyha.exe
  C:\Windows\System\mijMyha.exe
  2⤵
  PID:8576
- C:\Windows\System\GPDCGHp.exe
  C:\Windows\System\GPDCGHp.exe
  2⤵
  PID:8512
- C:\Windows\System\sVuxpWc.exe
  C:\Windows\System\sVuxpWc.exe
  2⤵
  PID:8680
- C:\Windows\System\kFQQhcw.exe
  C:\Windows\System\kFQQhcw.exe
  2⤵
  PID:8800
- C:\Windows\System\zgxBQCs.exe
  C:\Windows\System\zgxBQCs.exe
  2⤵
  PID:8936
- C:\Windows\System\NyjaNqu.exe
  C:\Windows\System\NyjaNqu.exe
  2⤵
  PID:9000
- C:\Windows\System\kDQlISI.exe
  C:\Windows\System\kDQlISI.exe
  2⤵
  PID:9072
- C:\Windows\System\Pqqxbfn.exe
  C:\Windows\System\Pqqxbfn.exe
  2⤵
  PID:9092
- C:\Windows\System\bfpgIpS.exe
  C:\Windows\System\bfpgIpS.exe
  2⤵
  PID:8244
- C:\Windows\System\fHtofkC.exe
  C:\Windows\System\fHtofkC.exe
  2⤵
  PID:8264
- C:\Windows\System\YGeUxvC.exe
  C:\Windows\System\YGeUxvC.exe
  2⤵
  PID:8448
- C:\Windows\System\uMfwDnY.exe
  C:\Windows\System\uMfwDnY.exe
  2⤵
  PID:8624
- C:\Windows\System\PpzhhWm.exe
  C:\Windows\System\PpzhhWm.exe
  2⤵
  PID:8788
- C:\Windows\System\IpquSya.exe
  C:\Windows\System\IpquSya.exe
  2⤵
  PID:8700
- C:\Windows\System\AazUQRq.exe
  C:\Windows\System\AazUQRq.exe
  2⤵
  PID:8972
- C:\Windows\System\PBTHdeP.exe
  C:\Windows\System\PBTHdeP.exe
  2⤵
  PID:8496
- C:\Windows\System\wOvSlRi.exe
  C:\Windows\System\wOvSlRi.exe
  2⤵
  PID:7848
- C:\Windows\System\SKjQRlA.exe
  C:\Windows\System\SKjQRlA.exe
  2⤵
  PID:8376
- C:\Windows\System\puyFgwI.exe
  C:\Windows\System\puyFgwI.exe
  2⤵
  PID:9164
- C:\Windows\System\odwIDbb.exe
  C:\Windows\System\odwIDbb.exe
  2⤵
  PID:8396
- C:\Windows\System\ehURfBV.exe
  C:\Windows\System\ehURfBV.exe
  2⤵
  PID:9104
- C:\Windows\System\GIHfUhm.exe
  C:\Windows\System\GIHfUhm.exe
  2⤵
  PID:9232
- C:\Windows\System\ngsniyx.exe
  C:\Windows\System\ngsniyx.exe
  2⤵
  PID:9272
- C:\Windows\System\ylhNRia.exe
  C:\Windows\System\ylhNRia.exe
  2⤵
  PID:9296
- C:\Windows\System\WnBOvmL.exe
  C:\Windows\System\WnBOvmL.exe
  2⤵
  PID:9312
- C:\Windows\System\mHXAPJp.exe
  C:\Windows\System\mHXAPJp.exe
  2⤵
  PID:9328
- C:\Windows\System\HFxGUvX.exe
  C:\Windows\System\HFxGUvX.exe
  2⤵
  PID:9348
- C:\Windows\System\BoRkKNI.exe
  C:\Windows\System\BoRkKNI.exe
  2⤵
  PID:9364
- C:\Windows\System\QmkdnQI.exe
  C:\Windows\System\QmkdnQI.exe
  2⤵
  PID:9380
- C:\Windows\System\mkBFsPQ.exe
  C:\Windows\System\mkBFsPQ.exe
  2⤵
  PID:9404
- C:\Windows\System\mZHpLuc.exe
  C:\Windows\System\mZHpLuc.exe
  2⤵
  PID:9428
- C:\Windows\System\QImAvtG.exe
  C:\Windows\System\QImAvtG.exe
  2⤵
  PID:9444
- C:\Windows\System\CClpxfq.exe
  C:\Windows\System\CClpxfq.exe
  2⤵
  PID:9468
- C:\Windows\System\VgJgYzd.exe
  C:\Windows\System\VgJgYzd.exe
  2⤵
  PID:9488
- C:\Windows\System\XbcsYpU.exe
  C:\Windows\System\XbcsYpU.exe
  2⤵
  PID:9508
- C:\Windows\System\LzYWRKr.exe
  C:\Windows\System\LzYWRKr.exe
  2⤵
  PID:9524
- C:\Windows\System\iTzdhmt.exe
  C:\Windows\System\iTzdhmt.exe
  2⤵
  PID:9540
- C:\Windows\System\FsTjnLj.exe
  C:\Windows\System\FsTjnLj.exe
  2⤵
  PID:9560
- C:\Windows\System\CqeNCld.exe
  C:\Windows\System\CqeNCld.exe
  2⤵
  PID:9580
- C:\Windows\System\CGkcvfi.exe
  C:\Windows\System\CGkcvfi.exe
  2⤵
  PID:9596
- C:\Windows\System\RCWYLJn.exe
  C:\Windows\System\RCWYLJn.exe
  2⤵
  PID:9624
- C:\Windows\System\KTnXJWI.exe
  C:\Windows\System\KTnXJWI.exe
  2⤵
  PID:9644
- C:\Windows\System\sNpxHNj.exe
  C:\Windows\System\sNpxHNj.exe
  2⤵
  PID:9660
- C:\Windows\System\rLddNxk.exe
  C:\Windows\System\rLddNxk.exe
  2⤵
  PID:9684
- C:\Windows\System\LygdFqA.exe
  C:\Windows\System\LygdFqA.exe
  2⤵
  PID:9712
- C:\Windows\System\sKdbHUh.exe
  C:\Windows\System\sKdbHUh.exe
  2⤵
  PID:9728
- C:\Windows\System\rRffwBt.exe
  C:\Windows\System\rRffwBt.exe
  2⤵
  PID:9744
- C:\Windows\System\AcQZUrr.exe
  C:\Windows\System\AcQZUrr.exe
  2⤵
  PID:9760
- C:\Windows\System\fpMIUpn.exe
  C:\Windows\System\fpMIUpn.exe
  2⤵
  PID:9784
- C:\Windows\System\LUChiSc.exe
  C:\Windows\System\LUChiSc.exe
  2⤵
  PID:9800
- C:\Windows\System\sxfRbCP.exe
  C:\Windows\System\sxfRbCP.exe
  2⤵
  PID:9816
- C:\Windows\System\aUWuDdT.exe
  C:\Windows\System\aUWuDdT.exe
  2⤵
  PID:9836
- C:\Windows\System\WzRLfNE.exe
  C:\Windows\System\WzRLfNE.exe
  2⤵
  PID:9860
- C:\Windows\System\lFjbnhJ.exe
  C:\Windows\System\lFjbnhJ.exe
  2⤵
  PID:9884
- C:\Windows\System\flPeXiB.exe
  C:\Windows\System\flPeXiB.exe
  2⤵
  PID:9900
- C:\Windows\System\RCeznPn.exe
  C:\Windows\System\RCeznPn.exe
  2⤵
  PID:9952
- C:\Windows\System\tJTxYZF.exe
  C:\Windows\System\tJTxYZF.exe
  2⤵
  PID:9972
- C:\Windows\System\OaFOfld.exe
  C:\Windows\System\OaFOfld.exe
  2⤵
  PID:9992
- C:\Windows\System\ZXLtCLZ.exe
  C:\Windows\System\ZXLtCLZ.exe
  2⤵
  PID:10008
- C:\Windows\System\KfHxQbr.exe
  C:\Windows\System\KfHxQbr.exe
  2⤵
  PID:10028
- C:\Windows\System\sXKneBG.exe
  C:\Windows\System\sXKneBG.exe
  2⤵
  PID:10048
- C:\Windows\System\BvYHmmG.exe
  C:\Windows\System\BvYHmmG.exe
  2⤵
  PID:10064
- C:\Windows\System\AAwcnPE.exe
  C:\Windows\System\AAwcnPE.exe
  2⤵
  PID:10080
- C:\Windows\System\FyemwCH.exe
  C:\Windows\System\FyemwCH.exe
  2⤵
  PID:10096
- C:\Windows\System\CNfMaMr.exe
  C:\Windows\System\CNfMaMr.exe
  2⤵
  PID:10112
- C:\Windows\System\RgKiCaC.exe
  C:\Windows\System\RgKiCaC.exe
  2⤵
  PID:10128
- C:\Windows\System\TARaCNi.exe
  C:\Windows\System\TARaCNi.exe
  2⤵
  PID:10144
- C:\Windows\System\SRIqwDE.exe
  C:\Windows\System\SRIqwDE.exe
  2⤵
  PID:10160
- C:\Windows\System\SYOMqhm.exe
  C:\Windows\System\SYOMqhm.exe
  2⤵
  PID:10188
- C:\Windows\System\wAXDfMu.exe
  C:\Windows\System\wAXDfMu.exe
  2⤵
  PID:10212
- C:\Windows\System\lZbnEhV.exe
  C:\Windows\System\lZbnEhV.exe
  2⤵
  PID:7660
- C:\Windows\System\hJfBOSZ.exe
  C:\Windows\System\hJfBOSZ.exe
  2⤵
  PID:8772
- C:\Windows\System\YacBiLY.exe
  C:\Windows\System\YacBiLY.exe
  2⤵
  PID:9228
- C:\Windows\System\zkdVxpc.exe
  C:\Windows\System\zkdVxpc.exe
  2⤵
  PID:9280
- C:\Windows\System\uaCndok.exe
  C:\Windows\System\uaCndok.exe
  2⤵
  PID:9260
- C:\Windows\System\olmgUyF.exe
  C:\Windows\System\olmgUyF.exe
  2⤵
  PID:9284
- C:\Windows\System\wlusfZS.exe
  C:\Windows\System\wlusfZS.exe
  2⤵
  PID:9356
- C:\Windows\System\AwJCbuf.exe
  C:\Windows\System\AwJCbuf.exe
  2⤵
  PID:9392
- C:\Windows\System\QlKdJTK.exe
  C:\Windows\System\QlKdJTK.exe
  2⤵
  PID:9376
- C:\Windows\System\VtNnGtN.exe
  C:\Windows\System\VtNnGtN.exe
  2⤵
  PID:9516
- C:\Windows\System\HkSjSmI.exe
  C:\Windows\System\HkSjSmI.exe
  2⤵
  PID:9464
- C:\Windows\System\IHdoNGa.exe
  C:\Windows\System\IHdoNGa.exe
  2⤵
  PID:9496
- C:\Windows\System\RGemcVC.exe
  C:\Windows\System\RGemcVC.exe
  2⤵
  PID:9552
- C:\Windows\System\lkDgEJZ.exe
  C:\Windows\System\lkDgEJZ.exe
  2⤵
  PID:9592
- C:\Windows\System\KPRmETq.exe
  C:\Windows\System\KPRmETq.exe
  2⤵
  PID:9680
- C:\Windows\System\xCcbiPc.exe
  C:\Windows\System\xCcbiPc.exe
  2⤵
  PID:9792
- C:\Windows\System\yAFkvdP.exe
  C:\Windows\System\yAFkvdP.exe
  2⤵
  PID:9604
- C:\Windows\System\atqVWqJ.exe
  C:\Windows\System\atqVWqJ.exe
  2⤵
  PID:9656
- C:\Windows\System\YeGDwZe.exe
  C:\Windows\System\YeGDwZe.exe
  2⤵
  PID:9708
- C:\Windows\System\WCsdHAF.exe
  C:\Windows\System\WCsdHAF.exe
  2⤵
  PID:9780
- C:\Windows\System\ffrPJeG.exe
  C:\Windows\System\ffrPJeG.exe
  2⤵
  PID:9828
- C:\Windows\System\JfRtTbC.exe
  C:\Windows\System\JfRtTbC.exe
  2⤵
  PID:9848
- C:\Windows\System\tsXZHOK.exe
  C:\Windows\System\tsXZHOK.exe
  2⤵
  PID:9880
- C:\Windows\System\DkeJAMB.exe
  C:\Windows\System\DkeJAMB.exe
  2⤵
  PID:9912
- C:\Windows\System\vhayKni.exe
  C:\Windows\System\vhayKni.exe
  2⤵
  PID:9928
- C:\Windows\System\lMznNuh.exe
  C:\Windows\System\lMznNuh.exe
  2⤵
  PID:9968
- C:\Windows\System\pLoJUsy.exe
  C:\Windows\System\pLoJUsy.exe
  2⤵
  PID:10000
- C:\Windows\System\rHECsSz.exe
  C:\Windows\System\rHECsSz.exe
  2⤵
  PID:10088
- C:\Windows\System\LyvzeVz.exe
  C:\Windows\System\LyvzeVz.exe
  2⤵
  PID:10124
- C:\Windows\System\JHtxqNY.exe
  C:\Windows\System\JHtxqNY.exe
  2⤵
  PID:10196
- C:\Windows\System\YVnqDVM.exe
  C:\Windows\System\YVnqDVM.exe
  2⤵
  PID:8832
- C:\Windows\System\SrecRwK.exe
  C:\Windows\System\SrecRwK.exe
  2⤵
  PID:7804
- C:\Windows\System\CExnKkm.exe
  C:\Windows\System\CExnKkm.exe
  2⤵
  PID:10072
- C:\Windows\System\MtLDEXm.exe
  C:\Windows\System\MtLDEXm.exe
  2⤵
  PID:9268
- C:\Windows\System\GRRzhfj.exe
  C:\Windows\System\GRRzhfj.exe
  2⤵
  PID:10168
- C:\Windows\System\bGOnxJU.exe
  C:\Windows\System\bGOnxJU.exe
  2⤵
  PID:10228
- C:\Windows\System\kfbdiAI.exe
  C:\Windows\System\kfbdiAI.exe
  2⤵
  PID:8508
- C:\Windows\System\PyWRNTc.exe
  C:\Windows\System\PyWRNTc.exe
  2⤵
  PID:9388
- C:\Windows\System\SPBolob.exe
  C:\Windows\System\SPBolob.exe
  2⤵
  PID:9476
- C:\Windows\System\UdttREb.exe
  C:\Windows\System\UdttREb.exe
  2⤵
  PID:9412
- C:\Windows\System\JNbfrqs.exe
  C:\Windows\System\JNbfrqs.exe
  2⤵
  PID:9344
- C:\Windows\System\OLKmheZ.exe
  C:\Windows\System\OLKmheZ.exe
  2⤵
  PID:9340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AGXINVW.exe

Filesize
6.0MB

MD5
c8938fef2f3d8631daef27acd4c5fa17

SHA1
996b100483f7e90ea5370cb43a65c08654f3b4da

SHA256
1602f60bbd1f7d3aed606d0a7f98c2cf2948b442be04fda6494f3b5e9e9ab5b8

SHA512
036475e8f6476240202678d3b92c3b07f5d50fce4a6aed6dc2cd0875b160389b8a2d14f6e365727dbbeb8e0fc1aa59f923d01603ec606170eaaf0ec645be2c89

Download Submit
C:\Windows\system\ANjRjKC.exe

Filesize
6.0MB

MD5
1ecd7128e282b733e029590be986192e

SHA1
10d213634e182ff0e06296ecaf1b24b7486d711b

SHA256
f1b1328398773b6eae0a068027812c23e759a6747303c7335292c626948199f1

SHA512
0fe2310c001c620cee41d5825f52db5153c63bc8cfc3add80f4d660b6620bc36066cfa4a9c222797c5e37ecd068d138a56a75b00b95060b5a39b511f0b87f696

Download Submit
C:\Windows\system\HcOTxar.exe

Filesize
6.0MB

MD5
921f52637b79638de6db8c63fbd98006

SHA1
65015f6705021d20a3a9608ef6de13d59cfe37c9

SHA256
b79c9004e0edccf3ed3e5e07fec3c1e7916ce93171cdd80f2a94b3e50fe63fea

SHA512
588bcfccf53b2a08fd8c9f91f9cb0897e601b6384eddf8de5f64b260a84116bb7ef67669c43cb68ec8e2ed5e5bd5baf9de1cd5c9dd2c3b3dfa8ded2ed0ead771

Download Submit
C:\Windows\system\IWDLiXc.exe

Filesize
6.0MB

MD5
8840e5a659105aa93776942c11fa1407

SHA1
469704ab64e74ade9065369d2fba37475671971a

SHA256
1f2d152fe8c4ef5df99c326ada54ac557d79399f483f61c2ce3a6c3430c72a04

SHA512
49b4d915e05806520f87c982c247096677ac4d4b4814a413d14bfdf736e179d18a8b46e7251b222b4b44f6fc0c66f14f1b27c27ff7fdf8329fd93cd8343154c9

Download Submit
C:\Windows\system\LFMqBDb.exe

Filesize
8B

MD5
e43210ed139c756a3013f159162eeb92

SHA1
c5860e5a10f9f6b367d346b4f9f29fd0ebb41758

SHA256
a14a04ca0fb548b59c6acc8b2b243205f0ea3e218ce754671454c8efbe5ec119

SHA512
9f4a62fee511a50835f1168f8a7db5362df06f045fb657600c9818030c54d62dfec5ddb65f55c67ec2865142dd0a9e6bd842228c8820dcb64412580475aab4e1

Download Submit
C:\Windows\system\MFwWqTy.exe

Filesize
6.0MB

MD5
b7e69c44c568d7c5bd07bb9990b1bbd6

SHA1
02000c0be9492e6f0d2256f19ac955a4a1a0488c

SHA256
8038759356e95c1fb2953c50cf3d75c855b3c1bda88150f6e3d1c50e09449159

SHA512
bff24601adeeeb0040056e3f68291de620c41adcc611a9918268b3b4cafddec36f22a9f4f6564c37260c886e5e0cfa706c4f4919d3ff980446cf0bdd6ed45c45

Download Submit
C:\Windows\system\MwbIRqP.exe

Filesize
6.0MB

MD5
e3727ddf9e960970690cb01821a21175

SHA1
50550febc7ed4dd8e09cb906e74f6afb796c5461

SHA256
8a6acf04974f8b72b37202fbdd5288cf6beda92a5be155c169657629a31cfe1c

SHA512
551e1e2a4248f59bf750274eabd738e4ed07ccaf1ceab6fab681226ce7db35cbbd8b44d25bdb9a1bdb903ed09c19d718aa6278680ee83cd6b81d8c79b68c4ae3

Download Submit
C:\Windows\system\OkmvIyW.exe

Filesize
6.0MB

MD5
2a37f671f82c33de85a91216a9e4925b

SHA1
7a4721a8ea48f41006e1393b2feeb9e9156a7324

SHA256
7feb1c419904564de215262c191878098cbf91862137dbe3b7c1a5090df84ea0

SHA512
f724e1e2232479155494643025a5d6297e15abe26d0c40da5d76ef4dd09ba6af1d1fbc8eee95dc6ba22bb7e68f0f5133227ec70080a3d3aabd6d1acf03cfa8c5

Download Submit
C:\Windows\system\PRLcDHc.exe

Filesize
6.0MB

MD5
ba4681589b80328e032e642f854299d6

SHA1
cf51863a8951cabaf5b58f8f71eea3390fa03240

SHA256
f054f9bff58a5623d86f53ac2149da75b8955a495f91339a518001bc4836c437

SHA512
c0ab9925ada0bc3919b91a88a3ecafdca3c9825bc6b53d50e5b08c1c399c8a1b16d55395dc4fb4944fb55c626d409c79c154ffae1bae604b26f6e216370a6417

Download Submit
C:\Windows\system\RGUxwBe.exe

Filesize
6.0MB

MD5
7ca03c093b1c6c1dd0af03206e4236f0

SHA1
bb2958c48d2b231dcc611180815edf5d7b57293f

SHA256
72c3fa4a3a4635b2f02c9410be6493dc77c825a367453a86123a4fe4a3215353

SHA512
104f0027e9512fb78032f5aa20d5f8cbe3635bd7708a4c6d58e3723d2ea3059a563330a815320819f392c74ff0ee0041419e97d4b1bbb9b27460fa1fc376028a

Download Submit
C:\Windows\system\TLQEIAZ.exe

Filesize
6.0MB

MD5
082dd67394e8536568bdc7bb5efcf6a7

SHA1
e864d0b855abc87a40cf5c98bcedd0836e503010

SHA256
1ec15c6d14a8957aeb6ff247da94e12224b658ef626ad90d691a07707dd6290f

SHA512
3bb69745045bbbc734252c75064e74d0c8441c7d69cb9a01b8bffd745259807c391f13250718e5447ab09c6b8f894488ab6456cd4c259481dc06ce78b2a5c50a

Download Submit
C:\Windows\system\TfFGgsK.exe

Filesize
6.0MB

MD5
90e4406c2d693f74f9e2faccc52de019

SHA1
88b0d44c134d579409130942c78d8678639ae411

SHA256
9e6218ee6f32cb2121be0ce69d15b47006e7606d4993f527a8f490fcb6a8c5d4

SHA512
600aaa0a19573ad99fa3a5ca09a4b4a5b61262dd6fe9b703cce8089b34b5ddd40f9a5537291ae6518cac4e99fe74176ab7947dde95b5783ffc221eaaca3d2117

Download Submit
C:\Windows\system\VKEHywD.exe

Filesize
6.0MB

MD5
5f5ef1472b0162d589b29d5fc520a3f6

SHA1
bfeff00a73bb8a57d3a667e50e8d345368b2c2f6

SHA256
cd2707d25166385b6f2613b5bd847407605ebb841dede1479b5474854bf90386

SHA512
5783a6814aa8bf00816a25e77f57c4b43b1f8b23c1cccf8da10cb1ecb5be5b2c510b1a2563040fdde356592cfb76f6bf530c451c4612e08ff1c3ba4d9a0385c4

Download Submit
C:\Windows\system\YHxwCbj.exe

Filesize
6.0MB

MD5
e7d68777eec13eb4f9bacc767950f012

SHA1
4ba0b0c76df7a148b62c00a158244b846ccb64a7

SHA256
373dd310dfb59f82aab5f8119f50ea688e71aa8a066d0f828bc42c3be6b38281

SHA512
3a556ce94ef0605c98b430a4271aee956035632493da45415a6f284ac99a20f8953c6198960ecae0269c98ea17cc21cf202b5d0b35c87ef36f52721e12dc5654

Download Submit
C:\Windows\system\aXbrefv.exe

Filesize
6.0MB

MD5
6e55b9f5e93278752f77f721c1401d35

SHA1
b012b2701bf903ca5a6e876bd32318638797db43

SHA256
8dcde3f3242c8f63fd42eef3a172008fd8759e6f8fd42dc522db31d2396794e8

SHA512
853d144e00f2750fbf6fe67d5597c42b486b1378ab6631680149aa680a789ea7d35e58e60fd459a90b199dd3d844713a7e7590eb652c1af5c5c9f0e7ee19d2a3

Download Submit
C:\Windows\system\doIJclC.exe

Filesize
6.0MB

MD5
29823b31f0db2f6e69483d3f65f889e1

SHA1
c6b6e4d93c1e4a63a4ef7d5fb33839d182b17808

SHA256
695b84a72871edeef3b639bd35e64605cb67cc3ef23657a83901dd008bee6ca7

SHA512
2b1134630ef7e1b67fff03ee64130375376fa03dc803d449e697bea52972406c59d6ddc06512a3080801dd982480fd59c438c4ea20382983fb44cb5510ddc9a8

Download Submit
C:\Windows\system\ftdJRcu.exe

Filesize
6.0MB

MD5
2f1caf04c30b736c1c21d55daca1c434

SHA1
16195201de74c00bdfd1754c4a924e62e55f6ac2

SHA256
dca972440821466e14801b79d021bf9d10a574e3b76328656663dbafcfb41637

SHA512
767d5bb0531ee10006cc1647a3692c855404e565b418238bc2bbffa49d7c860d635de2b9afd26b05137ae23f58557bb670171b9605f0ef2150c7fc12ee5a7282

Download Submit
C:\Windows\system\gRmNgpz.exe

Filesize
6.0MB

MD5
1ffaa38c51e03a385389c261da5530f6

SHA1
db78ce1ca1aca80b3138fff70d5f1de48604d485

SHA256
cafaef49d4a40564b4067dd5690d491b38f064d36bb840cd72ac2171f265857e

SHA512
52bdc0200e710f75844148ebca38f79a473ddc8501a19e92bbfc21b6cd7b3e2290cfa922645aad37aa84d83f3e044603de1a715849ae1cf3be84662bbc2a90d4

Download Submit
C:\Windows\system\gZKNsnO.exe

Filesize
6.0MB

MD5
9d41d269cf04cdc786e689dd89a4ea7d

SHA1
081008303feb71f5ce6bcc64b861d4308c254baa

SHA256
f9f4fd1cfafca8fff3a9cfda5ed47384e2e5b21d3a78bdada19425ae9606239d

SHA512
bcda81a40b0deb8515eddc412bbad5b5e5a513cc44476876867788082ea1a72d31b86bd1510a1f6c5c28a48a25465186ca0daa9e5e20e729f44e693150d73d16

Download Submit
C:\Windows\system\mFDnlHG.exe

Filesize
6.0MB

MD5
2f2b33419916647199f43d495bf8b8a1

SHA1
c861a0b5ab1664968b52205024c61b4d105a636c

SHA256
ab3b1a6d76a859a45049009b42800e573b27476f8503efd76a7873398a1eccc3

SHA512
49de0147dc614c00cdfac9abc5458b439014f80814968fa397079289c5ca6113a7e06e6e1054406bb346a3ad115176610f1ed2c50368db3b35c165a70052b11a

Download Submit
C:\Windows\system\mXFzwuW.exe

Filesize
6.0MB

MD5
64e8910fab5a1a137a1128cb61199665

SHA1
30b7030c97fc8db4ba1a7d2631a54cd2fd5a7d6c

SHA256
e9fe407540ef83177239d52d06003a0ac25c255744f3d13037ab919e92b4bf54

SHA512
77925ad8873344a0e8d49db5fdc973ec4faf32dbdca2f4405fc68518da1b554bee513944067508e76dd6ae245e8063a7ac2a37291506d34308b932a6f20622e5

Download Submit
C:\Windows\system\qpTlmyj.exe

Filesize
6.0MB

MD5
53a613c11aa0cba83b8f1fb4d78ce4be

SHA1
c4c3eafc0b99accf1d7b6158639163e487ef80eb

SHA256
dcc97693dd1275f66f436356cfc7868cd0b7176d9abbaf36e1f70c606197e29c

SHA512
3913db5b4b99e8988661d91c62d523c0b650fd649044e142cdb733ca68857b55e9c542980bd20b1aef58c6dbebd6266595bf38c490cd29abd5da384cdcdf3a47

Download Submit
C:\Windows\system\ywEIlCk.exe

Filesize
6.0MB

MD5
9854e6d40478996c7b62b713973c0dae

SHA1
62846458a0548f4b18d6e02269b707db6ae1f3c9

SHA256
9258d0616a1ddd3d0f422c0b5e2e3b76256ba55e9f75e30895337c15cd39a638

SHA512
03affeb7592327bb64fb3e942884b2bbb286ab33583d03c8231c5907d7b9e7d5565db86c029e3bf1105630d7eb404736c9be23288ed68c452b58e6341206bdf6

Download Submit
C:\Windows\system\zLxeXNH.exe

Filesize
6.0MB

MD5
15e2dd616e9cafb893e24e3aefd2c2c0

SHA1
4192a523e0939e5bc2eca35427ad0822c70a95fc

SHA256
ed2c6020479cc112295c4262eec00f42120d8c452d7bb8c95587f5b941c6fc51

SHA512
bfcb656ea657ace6d06e7ed1f5eb4392fb22da41406e123385ba84f86948671b4162c5990de79fcc791883da62d664de338b76fa3aedcf499bc65bdec94d4337

Download Submit
\Windows\system\AIiWYAd.exe

Filesize
6.0MB

MD5
de5d775830625f06705cc8461d727626

SHA1
c339677daddaff42930a30b4fc45305af9e247e5

SHA256
896535621971f3648842bd671a0e65b2753caa5530a5e854ea02b4ab15414cde

SHA512
651ac069041c2e47a55ddc9fb4bb892134372a0190ba8c411016008c29a42f8a89313e43c320e2559541c381a9fde360f79c67d0931686323d32735d65d2fb51

Download Submit
\Windows\system\GmvMnvm.exe

Filesize
6.0MB

MD5
8247dc4acbe3d0b47f96d52ca110dda1

SHA1
0e49c9f67a021235eecf6f9e91d029cf62964dd7

SHA256
227af93263eb3b9f50ec81d938c0dce2b097e7cdfa2718d22fb702faf2d1cc4a

SHA512
4340b0477c9e79c09fdb389bd219609beeff4fc2b182a3e5231405494a3b726ad4872d6b480afdb8a363aefa55ede62d590e78427223e0bcb763b1af41cedc93

Download Submit
\Windows\system\SCQxGcD.exe

Filesize
6.0MB

MD5
7bc2c46db546d78007c1fcab6daf96ad

SHA1
20f0885249835d62ead0cc8dde57784042a2cd4d

SHA256
5073b91e37c4deb32ce3d68d8cee989a2ebfd2b2b65ce39eb9a762b7bc7ba6ff

SHA512
49284d8a2aa01dfab572bed2c5e24d540767a21b0cc432408f7a0f4343c68b2f08ac8f7fa8db386cfd0a2341293d922cef81b4c38a8af60ef15ecd8025f3f7f7

Download Submit
\Windows\system\WEGMzyl.exe

Filesize
6.0MB

MD5
fcf480ea669ec306c6e10897344aaaf5

SHA1
c5cc73687849af187d933e92653ef45723141ec4

SHA256
cdca0a79a70e0c8222b1eec5cc634b6fb4ac039fff4aa389708a9a1932bc1277

SHA512
63e412761868cc53bc929d283ec9f8fe292178b1f56a945574dc998d590efad40bac0eb9aed5e186af81b16c0db31acfca652b2f4a28aef265bdc3e34ce7d000

Download Submit
\Windows\system\XSQOpsb.exe

Filesize
6.0MB

MD5
4524a5ab478b820d18604a0d00170603

SHA1
87d2247c645c85d6ee332ecc158e9a879f9253af

SHA256
ac6ce4f02492425f5dd2ccdca3fd5c94cf9b17bb5534d479fe89d36e71570f63

SHA512
1fedc2f9fc0eaa8cfc5c4664953f32325fdef42c7aaf94f2f6e83fbcb2f6e046eeae9787bff899b74b5089871facc3a34ad816709b2d1af8c0a63ca5762b167e

Download Submit
\Windows\system\aOzmLQn.exe

Filesize
6.0MB

MD5
0c093b1f5894f63ae1e6401a66835899

SHA1
a519a15c46b5426984016c47cce7ab64f7d37d6b

SHA256
1764ba3548111fe0bb906488f6fe5eb78e5ac0a43ccd9d739993a7ecbad3b866

SHA512
79af9369ede09141847c16b6c8918b39400ced153932f18db4117b2de838e6234582b2bb7f79e9f8b4ee38ff76706e08bc5bc204ada56a05ebd29830a1a8eb40

Download Submit
\Windows\system\fZTRbqO.exe

Filesize
6.0MB

MD5
69266ee8d9e115d686450bd2b4801d8e

SHA1
34f3bb0103471df5c097d7d739e8bab1769802d9

SHA256
9e27289408d5ab2539c07fb103d5e4556a765a78ed35b11f05ad9c362c06f165

SHA512
7b1d99ed4b476e54b4ce363b8ca03b8a7ba968073989670977ad09cd873df8e32c687ea5bd9745cda30f7b666a4d49b73e36ba860d2ccf9be2c0eb1558126d29

Download Submit
\Windows\system\gEXDAYh.exe

Filesize
6.0MB

MD5
36b2fc1219c1a56a6f707ba28425eba4

SHA1
5e7557a93229972a99799712f85fc50c61526896

SHA256
00f3a7f906844494da0c77de733fa853051aec7a26d59bbd33e92d06f2869186

SHA512
820021ea7dd0d5151d65889d2311a346a9e3c395b8cd735adeeafd2e179583ebc8fbdd32c8dfcd5d5f815dcb706ff5f5e809a42ddab3d28fe78f8c1b283be0e7

Download Submit
\Windows\system\hEpPWEU.exe

Filesize
6.0MB

MD5
0e483ae09087da65e5a2fbb20adbc668

SHA1
480a486828c9cb41c8b618edf962b67a8d04f556

SHA256
faefe8e451c6985ad654c1970c6732b970737375f09feb3c36290ebbe4ae6d65

SHA512
fe8f5aac19025b6053461e994dfad18d4a0ec596990cd4a761ae1f8239b51f5f0018e259d15bd075224086eb64328253f7df993865dd5e1c0845a4d98b8f063a

Download Submit
memory/1608-1970-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1608-3376-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/1608-15-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2348-1644-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2348-3392-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2348-9-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1474-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2480-13-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2480-1472-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2480-6-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1475-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2480-0-0x000000013F630000-0x000000013F984000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1470-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2375-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2376-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2377-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1468-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1465-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2378-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1459-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2367-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1453-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2372-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2374-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1441-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2373-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1434-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1426-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2480-1416-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2480-19-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2371-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2480-2368-0x0000000002310000-0x0000000002664000-memory.dmp

Filesize
3.3MB

Download
memory/2508-3385-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-21-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-2283-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3672-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-1471-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-1469-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3645-0x000000013FB70000-0x000000013FEC4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3648-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2644-1473-0x000000013FD40000-0x0000000140094000-memory.dmp

Filesize
3.3MB

Download
memory/2680-1476-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3640-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3674-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-1467-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-1458-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-3673-0x000000013F750000-0x000000013FAA4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3641-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1444-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2820-1439-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3650-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1477-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3660-0x000000013FDB0000-0x0000000140104000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1460-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2908-3644-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3643-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1430-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download