cobaltstrike | f4841082d3cad1d6f292b944dfb8140e3e49952a681a3edbc366254f9e26316b

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

3a15eb20f137cbdd86d965ed233bf3f3
SHA1

7a155706d4ef88289942e3b16103d9a4de0f9c9b
SHA256

f4841082d3cad1d6f292b944dfb8140e3e49952a681a3edbc366254f9e26316b
SHA512

ab728281585a7747d787367b1b4495627204fa2f16ba3619c41684a7c1631285e6223820d8c1e1f4dee06ec7c73db3b7a91edb09cb9f7ce5998fcca888e11e8e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUJ:T+q56utgpPF8u/7J

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012033-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000146e1-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014714-10.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001471c-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014864-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014a05-37.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000014ac1-45.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dc1-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f97-140.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001739b-154.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f6-182.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746c-186.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173ee-177.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173b2-164.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017390-162.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016e73-137.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016daf-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016da6-121.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-116.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000014504-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d40-107.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d38-101.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d30-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d27-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d1f-86.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d15-81.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d0c-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d02-71.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016cf6-66.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ccb-61.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014c00-56.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000014b38-52.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1716-0-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x000a000000012033-6.dat	xmrig
behavioral1/files/0x00080000000146e1-8.dat	xmrig
behavioral1/files/0x0008000000014714-10.dat	xmrig
behavioral1/memory/2796-21-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/1716-22-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/2640-20-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1344-14-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/files/0x000800000001471c-26.dat	xmrig
behavioral1/memory/2508-28-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000014864-32.dat	xmrig
behavioral1/memory/2232-34-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/files/0x0007000000014a05-37.dat	xmrig
behavioral1/memory/2736-41-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/1716-48-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/1716-46-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/files/0x0007000000014ac1-45.dat	xmrig
behavioral1/files/0x0006000000016dc1-131.dat	xmrig
behavioral1/files/0x0006000000016f97-140.dat	xmrig
behavioral1/files/0x000600000001739b-154.dat	xmrig
behavioral1/memory/2796-4007-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2640-4006-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/1344-4005-0x000000013F5B0000-0x000000013F904000-memory.dmp	xmrig
behavioral1/memory/2232-4009-0x000000013F410000-0x000000013F764000-memory.dmp	xmrig
behavioral1/memory/2508-4008-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2736-4010-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2664-4011-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2504-4012-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2988-4014-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/1816-4015-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/320-4017-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/992-4018-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/1788-4016-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2564-4013-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f6-182.dat	xmrig
behavioral1/files/0x000600000001746c-186.dat	xmrig
behavioral1/files/0x00060000000173ee-177.dat	xmrig
behavioral1/memory/992-172-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/1716-171-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/320-170-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/1716-167-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/1788-166-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1716-165-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x00060000000173b2-164.dat	xmrig
behavioral1/files/0x0006000000017390-162.dat	xmrig
behavioral1/memory/1816-161-0x000000013F500000-0x000000013F854000-memory.dmp	xmrig
behavioral1/memory/2988-159-0x000000013F810000-0x000000013FB64000-memory.dmp	xmrig
behavioral1/memory/2664-139-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/1716-158-0x0000000002380000-0x00000000026D4000-memory.dmp	xmrig
behavioral1/memory/2564-157-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2504-155-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016e73-137.dat	xmrig
behavioral1/files/0x0006000000016daf-126.dat	xmrig
behavioral1/files/0x0006000000016da6-121.dat	xmrig
behavioral1/files/0x0006000000016d54-116.dat	xmrig
behavioral1/files/0x0036000000014504-111.dat	xmrig
behavioral1/files/0x0006000000016d40-107.dat	xmrig
behavioral1/files/0x0006000000016d38-101.dat	xmrig
behavioral1/files/0x0006000000016d30-96.dat	xmrig
behavioral1/files/0x0006000000016d27-91.dat	xmrig
behavioral1/files/0x0006000000016d1f-86.dat	xmrig
behavioral1/files/0x0006000000016d15-81.dat	xmrig
behavioral1/files/0x0006000000016d0c-76.dat	xmrig
behavioral1/files/0x0006000000016d02-71.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1344	KGmHazo.exe
2640	VWUkvPy.exe
2796	YczqiUj.exe
2508	DVfwHIV.exe
2232	oJVNBfU.exe
2736	glzubSl.exe
2664	LOgGtjP.exe
2504	UtuNCag.exe
2564	PWyegBP.exe
2988	nEouvNi.exe
1816	ghplZmK.exe
1788	LaokPmm.exe
320	dYPYjdx.exe
992	BnaQgRg.exe
596	xUZghqC.exe
944	ZprkRwX.exe
2852	VRRRgUY.exe
2892	ysliLoi.exe
3020	eLDiRgH.exe
3040	ORolFQB.exe
2768	UUgmmPj.exe
1792	AVdjJhi.exe
1868	fvsCkqu.exe
1100	thUeogQ.exe
1748	HXRktoh.exe
2000	YnTTbtL.exe
2112	hkvVIHd.exe
2316	OBjhtSi.exe
2104	VMYZnfz.exe
1760	UcpuqrA.exe
292	sPCBzOM.exe
344	NXzVJtW.exe
2380	ywVYzpn.exe
812	FqptPcF.exe
1040	tjVAbDA.exe
2488	OmwyPSX.exe
968	geFJjas.exe
1784	MlLIoSI.exe
1560	mHafqQs.exe
2100	ZbNZoRT.exe
1520	pxYBKFN.exe
2248	vOcLAiZ.exe
908	ZFysNpJ.exe
2952	voRSLlp.exe
2444	LXUmwUs.exe
1928	iCFyiIN.exe
2976	bEoBNzE.exe
1948	WNLLQUM.exe
2320	wHahJXp.exe
2296	yhkKUhC.exe
2416	cMPaLxX.exe
1072	FoVAyPD.exe
3048	rYhqJAT.exe
1608	yiseXBK.exe
1272	wKBhWjS.exe
2700	dTVczMM.exe
2916	mYfLOIf.exe
2788	rTrbgwi.exe
1800	VLpHpeg.exe
2620	irxQmgg.exe
2464	noXhsbD.exe
592	ZOXukBH.exe
580	FncuLgY.exe
1860	ZhsUcfz.exe

Loads dropped DLL 64 IoCs

pid	Process
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1716-0-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x000a000000012033-6.dat	upx
behavioral1/files/0x00080000000146e1-8.dat	upx
behavioral1/files/0x0008000000014714-10.dat	upx
behavioral1/memory/2796-21-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2640-20-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/1344-14-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/files/0x000800000001471c-26.dat	upx
behavioral1/memory/2508-28-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x0007000000014864-32.dat	upx
behavioral1/memory/2232-34-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/files/0x0007000000014a05-37.dat	upx
behavioral1/memory/2736-41-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/1716-46-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x0007000000014ac1-45.dat	upx
behavioral1/files/0x0006000000016dc1-131.dat	upx
behavioral1/files/0x0006000000016f97-140.dat	upx
behavioral1/files/0x000600000001739b-154.dat	upx
behavioral1/memory/2796-4007-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2640-4006-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/1344-4005-0x000000013F5B0000-0x000000013F904000-memory.dmp	upx
behavioral1/memory/2232-4009-0x000000013F410000-0x000000013F764000-memory.dmp	upx
behavioral1/memory/2508-4008-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2736-4010-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2664-4011-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2504-4012-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2988-4014-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/1816-4015-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/320-4017-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/992-4018-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/1788-4016-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2564-4013-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/files/0x00060000000173f6-182.dat	upx
behavioral1/files/0x000600000001746c-186.dat	upx
behavioral1/files/0x00060000000173ee-177.dat	upx
behavioral1/memory/992-172-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/320-170-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/1788-166-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x00060000000173b2-164.dat	upx
behavioral1/files/0x0006000000017390-162.dat	upx
behavioral1/memory/1816-161-0x000000013F500000-0x000000013F854000-memory.dmp	upx
behavioral1/memory/2988-159-0x000000013F810000-0x000000013FB64000-memory.dmp	upx
behavioral1/memory/2664-139-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2564-157-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2504-155-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/files/0x0006000000016e73-137.dat	upx
behavioral1/files/0x0006000000016daf-126.dat	upx
behavioral1/files/0x0006000000016da6-121.dat	upx
behavioral1/files/0x0006000000016d54-116.dat	upx
behavioral1/files/0x0036000000014504-111.dat	upx
behavioral1/files/0x0006000000016d40-107.dat	upx
behavioral1/files/0x0006000000016d38-101.dat	upx
behavioral1/files/0x0006000000016d30-96.dat	upx
behavioral1/files/0x0006000000016d27-91.dat	upx
behavioral1/files/0x0006000000016d1f-86.dat	upx
behavioral1/files/0x0006000000016d15-81.dat	upx
behavioral1/files/0x0006000000016d0c-76.dat	upx
behavioral1/files/0x0006000000016d02-71.dat	upx
behavioral1/files/0x0006000000016cf6-66.dat	upx
behavioral1/files/0x0006000000016ccb-61.dat	upx
behavioral1/files/0x0008000000014c00-56.dat	upx
behavioral1/files/0x0008000000014b38-52.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\BrMAjXr.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LkMQKKw.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LaokPmm.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KbyDVzH.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhUDAov.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUrfOiV.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\geFJjas.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mDoEPGo.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bASmjCX.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zGAlkBU.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vdhnkZF.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZTqHaAA.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CdZOSkf.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CBUgLoB.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlmlPEK.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sMJuzcq.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\amfpEtZ.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFsKYEH.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rfgSfoE.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLelwnk.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SKPpKeq.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bercjIk.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGFoRca.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shSZHKy.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Lfkqwza.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwJKnsH.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEvDLaK.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmwlNEi.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVZuqDG.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPHTvjR.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdHJjab.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blztCBY.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tDpLUsi.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdeuQko.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MpINbJY.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZnIklD.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BgXcDIp.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\axaiEer.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVdjJhi.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSKakXd.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrQNSuC.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ErSuezB.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJvPaxC.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yubXwfc.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HXhPqcP.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fmPKbqN.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlWpulF.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRkGURU.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddNeUzk.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TCTVCpI.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgrvNNY.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ETYGRsQ.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\snumBDv.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlgYPYM.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiVHRku.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zPnywNH.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bRdyOwI.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CXgRUuG.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ITIMMwL.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\saQJybG.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veZtFtD.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QrwLtif.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JODDpSy.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yDxNBWu.exe	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 1344	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1716 wrote to memory of 1344	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1716 wrote to memory of 1344	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 1716 wrote to memory of 2640	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1716 wrote to memory of 2640	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1716 wrote to memory of 2640	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1716 wrote to memory of 2796	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1716 wrote to memory of 2796	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1716 wrote to memory of 2796	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1716 wrote to memory of 2508	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1716 wrote to memory of 2508	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1716 wrote to memory of 2508	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1716 wrote to memory of 2232	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1716 wrote to memory of 2232	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1716 wrote to memory of 2232	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1716 wrote to memory of 2736	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1716 wrote to memory of 2736	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1716 wrote to memory of 2736	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1716 wrote to memory of 2664	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1716 wrote to memory of 2664	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1716 wrote to memory of 2664	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1716 wrote to memory of 2504	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1716 wrote to memory of 2504	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1716 wrote to memory of 2504	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1716 wrote to memory of 2564	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1716 wrote to memory of 2564	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1716 wrote to memory of 2564	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1716 wrote to memory of 2988	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1716 wrote to memory of 2988	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1716 wrote to memory of 2988	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1716 wrote to memory of 1816	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1716 wrote to memory of 1816	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1716 wrote to memory of 1816	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1716 wrote to memory of 1788	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1716 wrote to memory of 1788	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1716 wrote to memory of 1788	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1716 wrote to memory of 320	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1716 wrote to memory of 320	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1716 wrote to memory of 320	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1716 wrote to memory of 992	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1716 wrote to memory of 992	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1716 wrote to memory of 992	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1716 wrote to memory of 596	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1716 wrote to memory of 596	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1716 wrote to memory of 596	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1716 wrote to memory of 944	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1716 wrote to memory of 944	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1716 wrote to memory of 944	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1716 wrote to memory of 2852	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1716 wrote to memory of 2852	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1716 wrote to memory of 2852	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1716 wrote to memory of 2892	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1716 wrote to memory of 2892	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1716 wrote to memory of 2892	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1716 wrote to memory of 3020	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1716 wrote to memory of 3020	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1716 wrote to memory of 3020	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1716 wrote to memory of 3040	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1716 wrote to memory of 3040	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1716 wrote to memory of 3040	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1716 wrote to memory of 2768	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1716 wrote to memory of 2768	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1716 wrote to memory of 2768	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1716 wrote to memory of 1792	1716	2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-25_3a15eb20f137cbdd86d965ed233bf3f3_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\System\KGmHazo.exe
  C:\Windows\System\KGmHazo.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\VWUkvPy.exe
  C:\Windows\System\VWUkvPy.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\YczqiUj.exe
  C:\Windows\System\YczqiUj.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\DVfwHIV.exe
  C:\Windows\System\DVfwHIV.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\oJVNBfU.exe
  C:\Windows\System\oJVNBfU.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\glzubSl.exe
  C:\Windows\System\glzubSl.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\LOgGtjP.exe
  C:\Windows\System\LOgGtjP.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\UtuNCag.exe
  C:\Windows\System\UtuNCag.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\PWyegBP.exe
  C:\Windows\System\PWyegBP.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\nEouvNi.exe
  C:\Windows\System\nEouvNi.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\ghplZmK.exe
  C:\Windows\System\ghplZmK.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\LaokPmm.exe
  C:\Windows\System\LaokPmm.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\dYPYjdx.exe
  C:\Windows\System\dYPYjdx.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\BnaQgRg.exe
  C:\Windows\System\BnaQgRg.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\xUZghqC.exe
  C:\Windows\System\xUZghqC.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\ZprkRwX.exe
  C:\Windows\System\ZprkRwX.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\VRRRgUY.exe
  C:\Windows\System\VRRRgUY.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\ysliLoi.exe
  C:\Windows\System\ysliLoi.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\eLDiRgH.exe
  C:\Windows\System\eLDiRgH.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\ORolFQB.exe
  C:\Windows\System\ORolFQB.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\UUgmmPj.exe
  C:\Windows\System\UUgmmPj.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\AVdjJhi.exe
  C:\Windows\System\AVdjJhi.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\fvsCkqu.exe
  C:\Windows\System\fvsCkqu.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\thUeogQ.exe
  C:\Windows\System\thUeogQ.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\HXRktoh.exe
  C:\Windows\System\HXRktoh.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\YnTTbtL.exe
  C:\Windows\System\YnTTbtL.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\OBjhtSi.exe
  C:\Windows\System\OBjhtSi.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\hkvVIHd.exe
  C:\Windows\System\hkvVIHd.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\VMYZnfz.exe
  C:\Windows\System\VMYZnfz.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\UcpuqrA.exe
  C:\Windows\System\UcpuqrA.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\sPCBzOM.exe
  C:\Windows\System\sPCBzOM.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\NXzVJtW.exe
  C:\Windows\System\NXzVJtW.exe
  2⤵
  - Executes dropped EXE
  PID:344
- C:\Windows\System\ywVYzpn.exe
  C:\Windows\System\ywVYzpn.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\FqptPcF.exe
  C:\Windows\System\FqptPcF.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\tjVAbDA.exe
  C:\Windows\System\tjVAbDA.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\OmwyPSX.exe
  C:\Windows\System\OmwyPSX.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\geFJjas.exe
  C:\Windows\System\geFJjas.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\MlLIoSI.exe
  C:\Windows\System\MlLIoSI.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\mHafqQs.exe
  C:\Windows\System\mHafqQs.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\ZbNZoRT.exe
  C:\Windows\System\ZbNZoRT.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\pxYBKFN.exe
  C:\Windows\System\pxYBKFN.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\vOcLAiZ.exe
  C:\Windows\System\vOcLAiZ.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\ZFysNpJ.exe
  C:\Windows\System\ZFysNpJ.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\voRSLlp.exe
  C:\Windows\System\voRSLlp.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\LXUmwUs.exe
  C:\Windows\System\LXUmwUs.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\iCFyiIN.exe
  C:\Windows\System\iCFyiIN.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\bEoBNzE.exe
  C:\Windows\System\bEoBNzE.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\WNLLQUM.exe
  C:\Windows\System\WNLLQUM.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\wHahJXp.exe
  C:\Windows\System\wHahJXp.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\yhkKUhC.exe
  C:\Windows\System\yhkKUhC.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\cMPaLxX.exe
  C:\Windows\System\cMPaLxX.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\FoVAyPD.exe
  C:\Windows\System\FoVAyPD.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\rYhqJAT.exe
  C:\Windows\System\rYhqJAT.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\yiseXBK.exe
  C:\Windows\System\yiseXBK.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\wKBhWjS.exe
  C:\Windows\System\wKBhWjS.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\dTVczMM.exe
  C:\Windows\System\dTVczMM.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\mYfLOIf.exe
  C:\Windows\System\mYfLOIf.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\rTrbgwi.exe
  C:\Windows\System\rTrbgwi.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\VLpHpeg.exe
  C:\Windows\System\VLpHpeg.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\irxQmgg.exe
  C:\Windows\System\irxQmgg.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\noXhsbD.exe
  C:\Windows\System\noXhsbD.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\ZOXukBH.exe
  C:\Windows\System\ZOXukBH.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\FncuLgY.exe
  C:\Windows\System\FncuLgY.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\ZhsUcfz.exe
  C:\Windows\System\ZhsUcfz.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\UkhpJtT.exe
  C:\Windows\System\UkhpJtT.exe
  2⤵
  PID:2900
- C:\Windows\System\ZRuMSsj.exe
  C:\Windows\System\ZRuMSsj.exe
  2⤵
  PID:3008
- C:\Windows\System\PlTzukh.exe
  C:\Windows\System\PlTzukh.exe
  2⤵
  PID:2240
- C:\Windows\System\TwExwWX.exe
  C:\Windows\System\TwExwWX.exe
  2⤵
  PID:2332
- C:\Windows\System\fphSvai.exe
  C:\Windows\System\fphSvai.exe
  2⤵
  PID:1640
- C:\Windows\System\aIakncI.exe
  C:\Windows\System\aIakncI.exe
  2⤵
  PID:2940
- C:\Windows\System\tsookrV.exe
  C:\Windows\System\tsookrV.exe
  2⤵
  PID:1224
- C:\Windows\System\blztCBY.exe
  C:\Windows\System\blztCBY.exe
  2⤵
  PID:2208
- C:\Windows\System\SMIydEV.exe
  C:\Windows\System\SMIydEV.exe
  2⤵
  PID:2388
- C:\Windows\System\KQtCeex.exe
  C:\Windows\System\KQtCeex.exe
  2⤵
  PID:2080
- C:\Windows\System\aTfzQNu.exe
  C:\Windows\System\aTfzQNu.exe
  2⤵
  PID:1244
- C:\Windows\System\AzrQChr.exe
  C:\Windows\System\AzrQChr.exe
  2⤵
  PID:708
- C:\Windows\System\uhjNLyL.exe
  C:\Windows\System\uhjNLyL.exe
  2⤵
  PID:1568
- C:\Windows\System\zFfKSOs.exe
  C:\Windows\System\zFfKSOs.exe
  2⤵
  PID:1780
- C:\Windows\System\WgzlIdp.exe
  C:\Windows\System\WgzlIdp.exe
  2⤵
  PID:1564
- C:\Windows\System\tNUMiXF.exe
  C:\Windows\System\tNUMiXF.exe
  2⤵
  PID:928
- C:\Windows\System\amfpEtZ.exe
  C:\Windows\System\amfpEtZ.exe
  2⤵
  PID:2396
- C:\Windows\System\srpRysc.exe
  C:\Windows\System\srpRysc.exe
  2⤵
  PID:2452
- C:\Windows\System\tVGHyDA.exe
  C:\Windows\System\tVGHyDA.exe
  2⤵
  PID:1956
- C:\Windows\System\YalaKnT.exe
  C:\Windows\System\YalaKnT.exe
  2⤵
  PID:1304
- C:\Windows\System\PLAJMJs.exe
  C:\Windows\System\PLAJMJs.exe
  2⤵
  PID:1508
- C:\Windows\System\xLjHPOa.exe
  C:\Windows\System\xLjHPOa.exe
  2⤵
  PID:3064
- C:\Windows\System\RQRXiYH.exe
  C:\Windows\System\RQRXiYH.exe
  2⤵
  PID:2308
- C:\Windows\System\mwqscXE.exe
  C:\Windows\System\mwqscXE.exe
  2⤵
  PID:1612
- C:\Windows\System\mFbfxal.exe
  C:\Windows\System\mFbfxal.exe
  2⤵
  PID:2716
- C:\Windows\System\JcSzrIf.exe
  C:\Windows\System\JcSzrIf.exe
  2⤵
  PID:2668
- C:\Windows\System\WogDtWv.exe
  C:\Windows\System\WogDtWv.exe
  2⤵
  PID:2776
- C:\Windows\System\ymaYmrh.exe
  C:\Windows\System\ymaYmrh.exe
  2⤵
  PID:648
- C:\Windows\System\LwGcnTN.exe
  C:\Windows\System\LwGcnTN.exe
  2⤵
  PID:1108
- C:\Windows\System\nmLfuRO.exe
  C:\Windows\System\nmLfuRO.exe
  2⤵
  PID:2024
- C:\Windows\System\QeXRoxk.exe
  C:\Windows\System\QeXRoxk.exe
  2⤵
  PID:2784
- C:\Windows\System\tdAHxHk.exe
  C:\Windows\System\tdAHxHk.exe
  2⤵
  PID:2400
- C:\Windows\System\PyUsnjf.exe
  C:\Windows\System\PyUsnjf.exe
  2⤵
  PID:1540
- C:\Windows\System\bKsEUiQ.exe
  C:\Windows\System\bKsEUiQ.exe
  2⤵
  PID:2136
- C:\Windows\System\mZWjctp.exe
  C:\Windows\System\mZWjctp.exe
  2⤵
  PID:1636
- C:\Windows\System\PpxRaUb.exe
  C:\Windows\System\PpxRaUb.exe
  2⤵
  PID:2384
- C:\Windows\System\yZcHBJS.exe
  C:\Windows\System\yZcHBJS.exe
  2⤵
  PID:2676
- C:\Windows\System\iwbMpEc.exe
  C:\Windows\System\iwbMpEc.exe
  2⤵
  PID:2300
- C:\Windows\System\pmwlNEi.exe
  C:\Windows\System\pmwlNEi.exe
  2⤵
  PID:2004
- C:\Windows\System\RDHRpaB.exe
  C:\Windows\System\RDHRpaB.exe
  2⤵
  PID:2304
- C:\Windows\System\OJMFqai.exe
  C:\Windows\System\OJMFqai.exe
  2⤵
  PID:2812
- C:\Windows\System\GJzwHPJ.exe
  C:\Windows\System\GJzwHPJ.exe
  2⤵
  PID:2324
- C:\Windows\System\WOPbkUx.exe
  C:\Windows\System\WOPbkUx.exe
  2⤵
  PID:2840
- C:\Windows\System\DAeeNvl.exe
  C:\Windows\System\DAeeNvl.exe
  2⤵
  PID:2704
- C:\Windows\System\tKizODh.exe
  C:\Windows\System\tKizODh.exe
  2⤵
  PID:2648
- C:\Windows\System\HeJFvMp.exe
  C:\Windows\System\HeJFvMp.exe
  2⤵
  PID:2992
- C:\Windows\System\EoeReHA.exe
  C:\Windows\System\EoeReHA.exe
  2⤵
  PID:1756
- C:\Windows\System\ZcHIVmb.exe
  C:\Windows\System\ZcHIVmb.exe
  2⤵
  PID:2084
- C:\Windows\System\IUtMOFX.exe
  C:\Windows\System\IUtMOFX.exe
  2⤵
  PID:852
- C:\Windows\System\hhFsVYK.exe
  C:\Windows\System\hhFsVYK.exe
  2⤵
  PID:2328
- C:\Windows\System\gWATOxK.exe
  C:\Windows\System\gWATOxK.exe
  2⤵
  PID:1360
- C:\Windows\System\bEDDUjW.exe
  C:\Windows\System\bEDDUjW.exe
  2⤵
  PID:1624
- C:\Windows\System\mtwmCmh.exe
  C:\Windows\System\mtwmCmh.exe
  2⤵
  PID:2456
- C:\Windows\System\PsbHBzQ.exe
  C:\Windows\System\PsbHBzQ.exe
  2⤵
  PID:2904
- C:\Windows\System\QhMHLwK.exe
  C:\Windows\System\QhMHLwK.exe
  2⤵
  PID:2228
- C:\Windows\System\XXsikJa.exe
  C:\Windows\System\XXsikJa.exe
  2⤵
  PID:2616
- C:\Windows\System\rTcyNqD.exe
  C:\Windows\System\rTcyNqD.exe
  2⤵
  PID:1660
- C:\Windows\System\gOZEMur.exe
  C:\Windows\System\gOZEMur.exe
  2⤵
  PID:560
- C:\Windows\System\MQZqBFy.exe
  C:\Windows\System\MQZqBFy.exe
  2⤵
  PID:2168
- C:\Windows\System\dnPfDPr.exe
  C:\Windows\System\dnPfDPr.exe
  2⤵
  PID:1052
- C:\Windows\System\aZLQDRQ.exe
  C:\Windows\System\aZLQDRQ.exe
  2⤵
  PID:3080
- C:\Windows\System\GKPgfly.exe
  C:\Windows\System\GKPgfly.exe
  2⤵
  PID:3100
- C:\Windows\System\ZGFoRca.exe
  C:\Windows\System\ZGFoRca.exe
  2⤵
  PID:3120
- C:\Windows\System\UWZGopK.exe
  C:\Windows\System\UWZGopK.exe
  2⤵
  PID:3136
- C:\Windows\System\tKpsmsZ.exe
  C:\Windows\System\tKpsmsZ.exe
  2⤵
  PID:3168
- C:\Windows\System\QanXtIp.exe
  C:\Windows\System\QanXtIp.exe
  2⤵
  PID:3188
- C:\Windows\System\xvRaVNB.exe
  C:\Windows\System\xvRaVNB.exe
  2⤵
  PID:3208
- C:\Windows\System\UcFWwdA.exe
  C:\Windows\System\UcFWwdA.exe
  2⤵
  PID:3228
- C:\Windows\System\lrrxdyp.exe
  C:\Windows\System\lrrxdyp.exe
  2⤵
  PID:3248
- C:\Windows\System\kmytBXJ.exe
  C:\Windows\System\kmytBXJ.exe
  2⤵
  PID:3264
- C:\Windows\System\nZKfdqK.exe
  C:\Windows\System\nZKfdqK.exe
  2⤵
  PID:3288
- C:\Windows\System\NqzQePQ.exe
  C:\Windows\System\NqzQePQ.exe
  2⤵
  PID:3308
- C:\Windows\System\JGUeBol.exe
  C:\Windows\System\JGUeBol.exe
  2⤵
  PID:3328
- C:\Windows\System\rNUZxwF.exe
  C:\Windows\System\rNUZxwF.exe
  2⤵
  PID:3344
- C:\Windows\System\ZHzMuID.exe
  C:\Windows\System\ZHzMuID.exe
  2⤵
  PID:3368
- C:\Windows\System\yATxAvH.exe
  C:\Windows\System\yATxAvH.exe
  2⤵
  PID:3384
- C:\Windows\System\oIjpQny.exe
  C:\Windows\System\oIjpQny.exe
  2⤵
  PID:3404
- C:\Windows\System\CvdhNNf.exe
  C:\Windows\System\CvdhNNf.exe
  2⤵
  PID:3428
- C:\Windows\System\jvqLaCu.exe
  C:\Windows\System\jvqLaCu.exe
  2⤵
  PID:3448
- C:\Windows\System\iiwCXCp.exe
  C:\Windows\System\iiwCXCp.exe
  2⤵
  PID:3468
- C:\Windows\System\HuDuTYU.exe
  C:\Windows\System\HuDuTYU.exe
  2⤵
  PID:3488
- C:\Windows\System\lvPTRVi.exe
  C:\Windows\System\lvPTRVi.exe
  2⤵
  PID:3504
- C:\Windows\System\WAxWEpZ.exe
  C:\Windows\System\WAxWEpZ.exe
  2⤵
  PID:3524
- C:\Windows\System\SKkktME.exe
  C:\Windows\System\SKkktME.exe
  2⤵
  PID:3548
- C:\Windows\System\Nbjmdny.exe
  C:\Windows\System\Nbjmdny.exe
  2⤵
  PID:3568
- C:\Windows\System\CceXSNJ.exe
  C:\Windows\System\CceXSNJ.exe
  2⤵
  PID:3584
- C:\Windows\System\ndfsBvj.exe
  C:\Windows\System\ndfsBvj.exe
  2⤵
  PID:3608
- C:\Windows\System\otPNMlE.exe
  C:\Windows\System\otPNMlE.exe
  2⤵
  PID:3628
- C:\Windows\System\JPfeLzx.exe
  C:\Windows\System\JPfeLzx.exe
  2⤵
  PID:3648
- C:\Windows\System\VhsCKic.exe
  C:\Windows\System\VhsCKic.exe
  2⤵
  PID:3668
- C:\Windows\System\YwHLUpp.exe
  C:\Windows\System\YwHLUpp.exe
  2⤵
  PID:3688
- C:\Windows\System\IHroWtv.exe
  C:\Windows\System\IHroWtv.exe
  2⤵
  PID:3708
- C:\Windows\System\vTDzMEZ.exe
  C:\Windows\System\vTDzMEZ.exe
  2⤵
  PID:3728
- C:\Windows\System\JURRsYg.exe
  C:\Windows\System\JURRsYg.exe
  2⤵
  PID:3748
- C:\Windows\System\cclxbxA.exe
  C:\Windows\System\cclxbxA.exe
  2⤵
  PID:3768
- C:\Windows\System\nctLdEP.exe
  C:\Windows\System\nctLdEP.exe
  2⤵
  PID:3784
- C:\Windows\System\hvtxVcj.exe
  C:\Windows\System\hvtxVcj.exe
  2⤵
  PID:3804
- C:\Windows\System\zIvKxVt.exe
  C:\Windows\System\zIvKxVt.exe
  2⤵
  PID:3828
- C:\Windows\System\snumBDv.exe
  C:\Windows\System\snumBDv.exe
  2⤵
  PID:3848
- C:\Windows\System\bcfBiwa.exe
  C:\Windows\System\bcfBiwa.exe
  2⤵
  PID:3864
- C:\Windows\System\bOigEke.exe
  C:\Windows\System\bOigEke.exe
  2⤵
  PID:3884
- C:\Windows\System\AibExdv.exe
  C:\Windows\System\AibExdv.exe
  2⤵
  PID:3904
- C:\Windows\System\JRkclVm.exe
  C:\Windows\System\JRkclVm.exe
  2⤵
  PID:3924
- C:\Windows\System\rdRvzCk.exe
  C:\Windows\System\rdRvzCk.exe
  2⤵
  PID:3944
- C:\Windows\System\HRetpxa.exe
  C:\Windows\System\HRetpxa.exe
  2⤵
  PID:3964
- C:\Windows\System\qdrQWoN.exe
  C:\Windows\System\qdrQWoN.exe
  2⤵
  PID:3984
- C:\Windows\System\IdHJjab.exe
  C:\Windows\System\IdHJjab.exe
  2⤵
  PID:4004
- C:\Windows\System\eyBjqvo.exe
  C:\Windows\System\eyBjqvo.exe
  2⤵
  PID:4028
- C:\Windows\System\QJYWtZr.exe
  C:\Windows\System\QJYWtZr.exe
  2⤵
  PID:4048
- C:\Windows\System\UmRwSGY.exe
  C:\Windows\System\UmRwSGY.exe
  2⤵
  PID:4064
- C:\Windows\System\tfmBFxX.exe
  C:\Windows\System\tfmBFxX.exe
  2⤵
  PID:4084
- C:\Windows\System\dcavmZs.exe
  C:\Windows\System\dcavmZs.exe
  2⤵
  PID:856
- C:\Windows\System\VotjugQ.exe
  C:\Windows\System\VotjugQ.exe
  2⤵
  PID:2340
- C:\Windows\System\rKNJqiv.exe
  C:\Windows\System\rKNJqiv.exe
  2⤵
  PID:1368
- C:\Windows\System\yWImipK.exe
  C:\Windows\System\yWImipK.exe
  2⤵
  PID:2344
- C:\Windows\System\RgurUJt.exe
  C:\Windows\System\RgurUJt.exe
  2⤵
  PID:2624
- C:\Windows\System\rVPckQz.exe
  C:\Windows\System\rVPckQz.exe
  2⤵
  PID:3144
- C:\Windows\System\FNqxSLt.exe
  C:\Windows\System\FNqxSLt.exe
  2⤵
  PID:588
- C:\Windows\System\sowYaFN.exe
  C:\Windows\System\sowYaFN.exe
  2⤵
  PID:3164
- C:\Windows\System\fJfXCBZ.exe
  C:\Windows\System\fJfXCBZ.exe
  2⤵
  PID:3200
- C:\Windows\System\ovbueZy.exe
  C:\Windows\System\ovbueZy.exe
  2⤵
  PID:3244
- C:\Windows\System\bercjIk.exe
  C:\Windows\System\bercjIk.exe
  2⤵
  PID:3276
- C:\Windows\System\VbYXsRc.exe
  C:\Windows\System\VbYXsRc.exe
  2⤵
  PID:3256
- C:\Windows\System\xZifyPN.exe
  C:\Windows\System\xZifyPN.exe
  2⤵
  PID:3304
- C:\Windows\System\nlCqePC.exe
  C:\Windows\System\nlCqePC.exe
  2⤵
  PID:3364
- C:\Windows\System\eCEyIDn.exe
  C:\Windows\System\eCEyIDn.exe
  2⤵
  PID:3340
- C:\Windows\System\NUYrKxX.exe
  C:\Windows\System\NUYrKxX.exe
  2⤵
  PID:3436
- C:\Windows\System\dQZLgqu.exe
  C:\Windows\System\dQZLgqu.exe
  2⤵
  PID:3420
- C:\Windows\System\zTOrZRG.exe
  C:\Windows\System\zTOrZRG.exe
  2⤵
  PID:3484
- C:\Windows\System\lsvwQUc.exe
  C:\Windows\System\lsvwQUc.exe
  2⤵
  PID:3532
- C:\Windows\System\wqHzJRB.exe
  C:\Windows\System\wqHzJRB.exe
  2⤵
  PID:3540
- C:\Windows\System\FnwYlSJ.exe
  C:\Windows\System\FnwYlSJ.exe
  2⤵
  PID:3592
- C:\Windows\System\gLNrUEB.exe
  C:\Windows\System\gLNrUEB.exe
  2⤵
  PID:2632
- C:\Windows\System\OYjAJMS.exe
  C:\Windows\System\OYjAJMS.exe
  2⤵
  PID:3640
- C:\Windows\System\BpgGBGK.exe
  C:\Windows\System\BpgGBGK.exe
  2⤵
  PID:3680
- C:\Windows\System\QRFhKVm.exe
  C:\Windows\System\QRFhKVm.exe
  2⤵
  PID:3724
- C:\Windows\System\QXIryVF.exe
  C:\Windows\System\QXIryVF.exe
  2⤵
  PID:3704
- C:\Windows\System\bUjKzse.exe
  C:\Windows\System\bUjKzse.exe
  2⤵
  PID:3800
- C:\Windows\System\vdDfNmp.exe
  C:\Windows\System\vdDfNmp.exe
  2⤵
  PID:3844
- C:\Windows\System\MpgibSF.exe
  C:\Windows\System\MpgibSF.exe
  2⤵
  PID:3812
- C:\Windows\System\hNRspXz.exe
  C:\Windows\System\hNRspXz.exe
  2⤵
  PID:3820
- C:\Windows\System\IkFIrtC.exe
  C:\Windows\System\IkFIrtC.exe
  2⤵
  PID:3952
- C:\Windows\System\QeyaShD.exe
  C:\Windows\System\QeyaShD.exe
  2⤵
  PID:3900
- C:\Windows\System\ahOvsgG.exe
  C:\Windows\System\ahOvsgG.exe
  2⤵
  PID:4000
- C:\Windows\System\kynDLpT.exe
  C:\Windows\System\kynDLpT.exe
  2⤵
  PID:3976
- C:\Windows\System\vdhnkZF.exe
  C:\Windows\System\vdhnkZF.exe
  2⤵
  PID:4020
- C:\Windows\System\NRihJzY.exe
  C:\Windows\System\NRihJzY.exe
  2⤵
  PID:4076
- C:\Windows\System\XCYCyqp.exe
  C:\Windows\System\XCYCyqp.exe
  2⤵
  PID:3012
- C:\Windows\System\apppDNR.exe
  C:\Windows\System\apppDNR.exe
  2⤵
  PID:2944
- C:\Windows\System\oZHncxY.exe
  C:\Windows\System\oZHncxY.exe
  2⤵
  PID:3112
- C:\Windows\System\NddLPLO.exe
  C:\Windows\System\NddLPLO.exe
  2⤵
  PID:3116
- C:\Windows\System\OrclzPC.exe
  C:\Windows\System\OrclzPC.exe
  2⤵
  PID:2824
- C:\Windows\System\IEESUxb.exe
  C:\Windows\System\IEESUxb.exe
  2⤵
  PID:3156
- C:\Windows\System\zlGnKMy.exe
  C:\Windows\System\zlGnKMy.exe
  2⤵
  PID:3216
- C:\Windows\System\AGOaskk.exe
  C:\Windows\System\AGOaskk.exe
  2⤵
  PID:3316
- C:\Windows\System\hTodAQF.exe
  C:\Windows\System\hTodAQF.exe
  2⤵
  PID:2800
- C:\Windows\System\RTIgBIV.exe
  C:\Windows\System\RTIgBIV.exe
  2⤵
  PID:3396
- C:\Windows\System\otVfwMu.exe
  C:\Windows\System\otVfwMu.exe
  2⤵
  PID:2920
- C:\Windows\System\wepSpnm.exe
  C:\Windows\System\wepSpnm.exe
  2⤵
  PID:3512
- C:\Windows\System\veZtFtD.exe
  C:\Windows\System\veZtFtD.exe
  2⤵
  PID:2772
- C:\Windows\System\vIGmJyR.exe
  C:\Windows\System\vIGmJyR.exe
  2⤵
  PID:3684
- C:\Windows\System\ZjcXSbf.exe
  C:\Windows\System\ZjcXSbf.exe
  2⤵
  PID:3520
- C:\Windows\System\ZgNPPNC.exe
  C:\Windows\System\ZgNPPNC.exe
  2⤵
  PID:3560
- C:\Windows\System\IHqVxWk.exe
  C:\Windows\System\IHqVxWk.exe
  2⤵
  PID:3664
- C:\Windows\System\ZtvLyXa.exe
  C:\Windows\System\ZtvLyXa.exe
  2⤵
  PID:3860
- C:\Windows\System\zEVhmaJ.exe
  C:\Windows\System\zEVhmaJ.exe
  2⤵
  PID:4044
- C:\Windows\System\tDpLUsi.exe
  C:\Windows\System\tDpLUsi.exe
  2⤵
  PID:3920
- C:\Windows\System\kdhfJmY.exe
  C:\Windows\System\kdhfJmY.exe
  2⤵
  PID:4072
- C:\Windows\System\AYxjmRJ.exe
  C:\Windows\System\AYxjmRJ.exe
  2⤵
  PID:3076
- C:\Windows\System\pLVjtNX.exe
  C:\Windows\System\pLVjtNX.exe
  2⤵
  PID:2408
- C:\Windows\System\dRbGisR.exe
  C:\Windows\System\dRbGisR.exe
  2⤵
  PID:2932
- C:\Windows\System\SZxhMpy.exe
  C:\Windows\System\SZxhMpy.exe
  2⤵
  PID:4060
- C:\Windows\System\GXQcgTW.exe
  C:\Windows\System\GXQcgTW.exe
  2⤵
  PID:4092
- C:\Windows\System\MpnfKNl.exe
  C:\Windows\System\MpnfKNl.exe
  2⤵
  PID:3088
- C:\Windows\System\XluuCsC.exe
  C:\Windows\System\XluuCsC.exe
  2⤵
  PID:3204
- C:\Windows\System\QClhbft.exe
  C:\Windows\System\QClhbft.exe
  2⤵
  PID:3496
- C:\Windows\System\aEmmjap.exe
  C:\Windows\System\aEmmjap.exe
  2⤵
  PID:3400
- C:\Windows\System\CBUgLoB.exe
  C:\Windows\System\CBUgLoB.exe
  2⤵
  PID:3604
- C:\Windows\System\nQnfFpM.exe
  C:\Windows\System\nQnfFpM.exe
  2⤵
  PID:3424
- C:\Windows\System\igiUSsf.exe
  C:\Windows\System\igiUSsf.exe
  2⤵
  PID:3780
- C:\Windows\System\CxVRJan.exe
  C:\Windows\System\CxVRJan.exe
  2⤵
  PID:3856
- C:\Windows\System\mGnkFst.exe
  C:\Windows\System\mGnkFst.exe
  2⤵
  PID:3644
- C:\Windows\System\gOOLTBQ.exe
  C:\Windows\System\gOOLTBQ.exe
  2⤵
  PID:3980
- C:\Windows\System\JAxqIQO.exe
  C:\Windows\System\JAxqIQO.exe
  2⤵
  PID:3132
- C:\Windows\System\paifNeM.exe
  C:\Windows\System\paifNeM.exe
  2⤵
  PID:3940
- C:\Windows\System\gEkebqf.exe
  C:\Windows\System\gEkebqf.exe
  2⤵
  PID:3108
- C:\Windows\System\ooifAro.exe
  C:\Windows\System\ooifAro.exe
  2⤵
  PID:3160
- C:\Windows\System\xEmIrtW.exe
  C:\Windows\System\xEmIrtW.exe
  2⤵
  PID:3500
- C:\Windows\System\mhUWFtW.exe
  C:\Windows\System\mhUWFtW.exe
  2⤵
  PID:3600
- C:\Windows\System\zNnxcDs.exe
  C:\Windows\System\zNnxcDs.exe
  2⤵
  PID:2500
- C:\Windows\System\VFsKYEH.exe
  C:\Windows\System\VFsKYEH.exe
  2⤵
  PID:3936
- C:\Windows\System\BgQXULS.exe
  C:\Windows\System\BgQXULS.exe
  2⤵
  PID:2780
- C:\Windows\System\VgVKSoe.exe
  C:\Windows\System\VgVKSoe.exe
  2⤵
  PID:3128
- C:\Windows\System\cEyIrgE.exe
  C:\Windows\System\cEyIrgE.exe
  2⤵
  PID:2204
- C:\Windows\System\GEwksQr.exe
  C:\Windows\System\GEwksQr.exe
  2⤵
  PID:2712
- C:\Windows\System\WhHfVFh.exe
  C:\Windows\System\WhHfVFh.exe
  2⤵
  PID:2120
- C:\Windows\System\CQdQHji.exe
  C:\Windows\System\CQdQHji.exe
  2⤵
  PID:2604
- C:\Windows\System\RCNDfDi.exe
  C:\Windows\System\RCNDfDi.exe
  2⤵
  PID:2820
- C:\Windows\System\LKQpiQp.exe
  C:\Windows\System\LKQpiQp.exe
  2⤵
  PID:2808
- C:\Windows\System\KCLlePQ.exe
  C:\Windows\System\KCLlePQ.exe
  2⤵
  PID:2284
- C:\Windows\System\LQCVSNM.exe
  C:\Windows\System\LQCVSNM.exe
  2⤵
  PID:3740
- C:\Windows\System\UFBLmpM.exe
  C:\Windows\System\UFBLmpM.exe
  2⤵
  PID:3736
- C:\Windows\System\SgmFcEk.exe
  C:\Windows\System\SgmFcEk.exe
  2⤵
  PID:2688
- C:\Windows\System\RqLkxKv.exe
  C:\Windows\System\RqLkxKv.exe
  2⤵
  PID:3972
- C:\Windows\System\MzzZeaA.exe
  C:\Windows\System\MzzZeaA.exe
  2⤵
  PID:2696
- C:\Windows\System\LtdcnPL.exe
  C:\Windows\System\LtdcnPL.exe
  2⤵
  PID:672
- C:\Windows\System\JZrCQdH.exe
  C:\Windows\System\JZrCQdH.exe
  2⤵
  PID:3352
- C:\Windows\System\jWwaSmE.exe
  C:\Windows\System\jWwaSmE.exe
  2⤵
  PID:2532
- C:\Windows\System\IioNCzd.exe
  C:\Windows\System\IioNCzd.exe
  2⤵
  PID:2348
- C:\Windows\System\AlmlPEK.exe
  C:\Windows\System\AlmlPEK.exe
  2⤵
  PID:2936
- C:\Windows\System\qkPSzcQ.exe
  C:\Windows\System\qkPSzcQ.exe
  2⤵
  PID:3792
- C:\Windows\System\luBppOY.exe
  C:\Windows\System\luBppOY.exe
  2⤵
  PID:4112
- C:\Windows\System\oFmzkam.exe
  C:\Windows\System\oFmzkam.exe
  2⤵
  PID:4128
- C:\Windows\System\ZmQxkPN.exe
  C:\Windows\System\ZmQxkPN.exe
  2⤵
  PID:4152
- C:\Windows\System\LWhxHJA.exe
  C:\Windows\System\LWhxHJA.exe
  2⤵
  PID:4172
- C:\Windows\System\tbYwHdV.exe
  C:\Windows\System\tbYwHdV.exe
  2⤵
  PID:4188
- C:\Windows\System\PZSXmsd.exe
  C:\Windows\System\PZSXmsd.exe
  2⤵
  PID:4212
- C:\Windows\System\TSSjiRC.exe
  C:\Windows\System\TSSjiRC.exe
  2⤵
  PID:4244
- C:\Windows\System\yubXwfc.exe
  C:\Windows\System\yubXwfc.exe
  2⤵
  PID:4264
- C:\Windows\System\jPHCoBt.exe
  C:\Windows\System\jPHCoBt.exe
  2⤵
  PID:4288
- C:\Windows\System\ZkPIiTf.exe
  C:\Windows\System\ZkPIiTf.exe
  2⤵
  PID:4304
- C:\Windows\System\neWmnji.exe
  C:\Windows\System\neWmnji.exe
  2⤵
  PID:4324
- C:\Windows\System\dbJUwjQ.exe
  C:\Windows\System\dbJUwjQ.exe
  2⤵
  PID:4344
- C:\Windows\System\JVjypqQ.exe
  C:\Windows\System\JVjypqQ.exe
  2⤵
  PID:4364
- C:\Windows\System\pJxkslT.exe
  C:\Windows\System\pJxkslT.exe
  2⤵
  PID:4380
- C:\Windows\System\RIFjzkV.exe
  C:\Windows\System\RIFjzkV.exe
  2⤵
  PID:4400
- C:\Windows\System\wKruNHX.exe
  C:\Windows\System\wKruNHX.exe
  2⤵
  PID:4424
- C:\Windows\System\BeSapeW.exe
  C:\Windows\System\BeSapeW.exe
  2⤵
  PID:4444
- C:\Windows\System\mFrplVw.exe
  C:\Windows\System\mFrplVw.exe
  2⤵
  PID:4460
- C:\Windows\System\NeLWNKX.exe
  C:\Windows\System\NeLWNKX.exe
  2⤵
  PID:4476
- C:\Windows\System\NpkTEpE.exe
  C:\Windows\System\NpkTEpE.exe
  2⤵
  PID:4496
- C:\Windows\System\PvEKnFt.exe
  C:\Windows\System\PvEKnFt.exe
  2⤵
  PID:4512
- C:\Windows\System\tTqdsjU.exe
  C:\Windows\System\tTqdsjU.exe
  2⤵
  PID:4528
- C:\Windows\System\lqadwRV.exe
  C:\Windows\System\lqadwRV.exe
  2⤵
  PID:4548
- C:\Windows\System\QwptoSt.exe
  C:\Windows\System\QwptoSt.exe
  2⤵
  PID:4564
- C:\Windows\System\yTunhEY.exe
  C:\Windows\System\yTunhEY.exe
  2⤵
  PID:4580
- C:\Windows\System\GOzovYu.exe
  C:\Windows\System\GOzovYu.exe
  2⤵
  PID:4596
- C:\Windows\System\pEiTxyr.exe
  C:\Windows\System\pEiTxyr.exe
  2⤵
  PID:4620
- C:\Windows\System\UQwgBCz.exe
  C:\Windows\System\UQwgBCz.exe
  2⤵
  PID:4636
- C:\Windows\System\AdeuQko.exe
  C:\Windows\System\AdeuQko.exe
  2⤵
  PID:4656
- C:\Windows\System\vvUTXVY.exe
  C:\Windows\System\vvUTXVY.exe
  2⤵
  PID:4696
- C:\Windows\System\INrioGI.exe
  C:\Windows\System\INrioGI.exe
  2⤵
  PID:4720
- C:\Windows\System\VURkVZO.exe
  C:\Windows\System\VURkVZO.exe
  2⤵
  PID:4736
- C:\Windows\System\xbUFqlk.exe
  C:\Windows\System\xbUFqlk.exe
  2⤵
  PID:4752
- C:\Windows\System\PguFnvg.exe
  C:\Windows\System\PguFnvg.exe
  2⤵
  PID:4784
- C:\Windows\System\MapYynQ.exe
  C:\Windows\System\MapYynQ.exe
  2⤵
  PID:4800
- C:\Windows\System\UQcOGet.exe
  C:\Windows\System\UQcOGet.exe
  2⤵
  PID:4824
- C:\Windows\System\hArUuEz.exe
  C:\Windows\System\hArUuEz.exe
  2⤵
  PID:4844
- C:\Windows\System\mIfAaQF.exe
  C:\Windows\System\mIfAaQF.exe
  2⤵
  PID:4860
- C:\Windows\System\fQwfwHL.exe
  C:\Windows\System\fQwfwHL.exe
  2⤵
  PID:4880
- C:\Windows\System\SLbSYqx.exe
  C:\Windows\System\SLbSYqx.exe
  2⤵
  PID:4908
- C:\Windows\System\QuTKzpu.exe
  C:\Windows\System\QuTKzpu.exe
  2⤵
  PID:4928
- C:\Windows\System\vkZqgOK.exe
  C:\Windows\System\vkZqgOK.exe
  2⤵
  PID:4944
- C:\Windows\System\wzCQFcs.exe
  C:\Windows\System\wzCQFcs.exe
  2⤵
  PID:4960
- C:\Windows\System\aiwGxAu.exe
  C:\Windows\System\aiwGxAu.exe
  2⤵
  PID:4976
- C:\Windows\System\OGaiETc.exe
  C:\Windows\System\OGaiETc.exe
  2⤵
  PID:5012
- C:\Windows\System\PQgnSRl.exe
  C:\Windows\System\PQgnSRl.exe
  2⤵
  PID:5032
- C:\Windows\System\eOgvKze.exe
  C:\Windows\System\eOgvKze.exe
  2⤵
  PID:5048
- C:\Windows\System\ivrngEe.exe
  C:\Windows\System\ivrngEe.exe
  2⤵
  PID:5064
- C:\Windows\System\bcUqHJY.exe
  C:\Windows\System\bcUqHJY.exe
  2⤵
  PID:5088
- C:\Windows\System\KrlDJZw.exe
  C:\Windows\System\KrlDJZw.exe
  2⤵
  PID:5104
- C:\Windows\System\kIoPwfV.exe
  C:\Windows\System\kIoPwfV.exe
  2⤵
  PID:3516
- C:\Windows\System\lGptGfz.exe
  C:\Windows\System\lGptGfz.exe
  2⤵
  PID:2128
- C:\Windows\System\usMLGoA.exe
  C:\Windows\System\usMLGoA.exe
  2⤵
  PID:4196
- C:\Windows\System\zsFHsSi.exe
  C:\Windows\System\zsFHsSi.exe
  2⤵
  PID:3544
- C:\Windows\System\UbhRqBz.exe
  C:\Windows\System\UbhRqBz.exe
  2⤵
  PID:4108
- C:\Windows\System\MpINbJY.exe
  C:\Windows\System\MpINbJY.exe
  2⤵
  PID:4148
- C:\Windows\System\HVLfZEc.exe
  C:\Windows\System\HVLfZEc.exe
  2⤵
  PID:4228
- C:\Windows\System\JDUxveb.exe
  C:\Windows\System\JDUxveb.exe
  2⤵
  PID:4260
- C:\Windows\System\qhXRdHM.exe
  C:\Windows\System\qhXRdHM.exe
  2⤵
  PID:4240
- C:\Windows\System\jnButLe.exe
  C:\Windows\System\jnButLe.exe
  2⤵
  PID:4372
- C:\Windows\System\DUmUnvX.exe
  C:\Windows\System\DUmUnvX.exe
  2⤵
  PID:4276
- C:\Windows\System\alDrjHq.exe
  C:\Windows\System\alDrjHq.exe
  2⤵
  PID:4416
- C:\Windows\System\zSurqkP.exe
  C:\Windows\System\zSurqkP.exe
  2⤵
  PID:4492
- C:\Windows\System\mwmRRCZ.exe
  C:\Windows\System\mwmRRCZ.exe
  2⤵
  PID:4352
- C:\Windows\System\kFjYmQf.exe
  C:\Windows\System\kFjYmQf.exe
  2⤵
  PID:4588
- C:\Windows\System\AqTQiLH.exe
  C:\Windows\System\AqTQiLH.exe
  2⤵
  PID:4392
- C:\Windows\System\PCvGmDG.exe
  C:\Windows\System\PCvGmDG.exe
  2⤵
  PID:4576
- C:\Windows\System\plSlatd.exe
  C:\Windows\System\plSlatd.exe
  2⤵
  PID:4604
- C:\Windows\System\iEOVUGt.exe
  C:\Windows\System\iEOVUGt.exe
  2⤵
  PID:380
- C:\Windows\System\HBhIyOF.exe
  C:\Windows\System\HBhIyOF.exe
  2⤵
  PID:4728
- C:\Windows\System\KseJniy.exe
  C:\Windows\System\KseJniy.exe
  2⤵
  PID:4764
- C:\Windows\System\XTsQEBS.exe
  C:\Windows\System\XTsQEBS.exe
  2⤵
  PID:4808
- C:\Windows\System\lrzwbch.exe
  C:\Windows\System\lrzwbch.exe
  2⤵
  PID:4544
- C:\Windows\System\MkKTrGK.exe
  C:\Windows\System\MkKTrGK.exe
  2⤵
  PID:4436
- C:\Windows\System\OmcOXXl.exe
  C:\Windows\System\OmcOXXl.exe
  2⤵
  PID:4820
- C:\Windows\System\NYmSmsp.exe
  C:\Windows\System\NYmSmsp.exe
  2⤵
  PID:4888
- C:\Windows\System\GNVSlHe.exe
  C:\Windows\System\GNVSlHe.exe
  2⤵
  PID:4896
- C:\Windows\System\LhZnoKk.exe
  C:\Windows\System\LhZnoKk.exe
  2⤵
  PID:4708
- C:\Windows\System\ruFNdVx.exe
  C:\Windows\System\ruFNdVx.exe
  2⤵
  PID:4916
- C:\Windows\System\ZGBFqIU.exe
  C:\Windows\System\ZGBFqIU.exe
  2⤵
  PID:4876
- C:\Windows\System\GosYwnq.exe
  C:\Windows\System\GosYwnq.exe
  2⤵
  PID:4936
- C:\Windows\System\hjXlYPL.exe
  C:\Windows\System\hjXlYPL.exe
  2⤵
  PID:5004
- C:\Windows\System\YznwrTD.exe
  C:\Windows\System\YznwrTD.exe
  2⤵
  PID:5056
- C:\Windows\System\GLzAPfS.exe
  C:\Windows\System\GLzAPfS.exe
  2⤵
  PID:5044
- C:\Windows\System\buLANsk.exe
  C:\Windows\System\buLANsk.exe
  2⤵
  PID:3764
- C:\Windows\System\blPnJjh.exe
  C:\Windows\System\blPnJjh.exe
  2⤵
  PID:5116
- C:\Windows\System\IHPxDJp.exe
  C:\Windows\System\IHPxDJp.exe
  2⤵
  PID:1532
- C:\Windows\System\lTnHILa.exe
  C:\Windows\System\lTnHILa.exe
  2⤵
  PID:3320
- C:\Windows\System\yRkGURU.exe
  C:\Windows\System\yRkGURU.exe
  2⤵
  PID:4200
- C:\Windows\System\QnCjqWv.exe
  C:\Windows\System\QnCjqWv.exe
  2⤵
  PID:4184
- C:\Windows\System\quPMecH.exe
  C:\Windows\System\quPMecH.exe
  2⤵
  PID:4232
- C:\Windows\System\eueHvgz.exe
  C:\Windows\System\eueHvgz.exe
  2⤵
  PID:4236
- C:\Windows\System\jiblmun.exe
  C:\Windows\System\jiblmun.exe
  2⤵
  PID:4320
- C:\Windows\System\ArnvJWP.exe
  C:\Windows\System\ArnvJWP.exe
  2⤵
  PID:4252
- C:\Windows\System\Qnkvevo.exe
  C:\Windows\System\Qnkvevo.exe
  2⤵
  PID:4360
- C:\Windows\System\JdaahzW.exe
  C:\Windows\System\JdaahzW.exe
  2⤵
  PID:4632
- C:\Windows\System\zSKakXd.exe
  C:\Windows\System\zSKakXd.exe
  2⤵
  PID:4672
- C:\Windows\System\jwGzRwe.exe
  C:\Windows\System\jwGzRwe.exe
  2⤵
  PID:4776
- C:\Windows\System\OqcEdnr.exe
  C:\Windows\System\OqcEdnr.exe
  2⤵
  PID:4852
- C:\Windows\System\ZWsmfki.exe
  C:\Windows\System\ZWsmfki.exe
  2⤵
  PID:4904
- C:\Windows\System\QPbgMne.exe
  C:\Windows\System\QPbgMne.exe
  2⤵
  PID:4940
- C:\Windows\System\kHQZCAR.exe
  C:\Windows\System\kHQZCAR.exe
  2⤵
  PID:4992
- C:\Windows\System\IWQjAww.exe
  C:\Windows\System\IWQjAww.exe
  2⤵
  PID:4680
- C:\Windows\System\VXPMksD.exe
  C:\Windows\System\VXPMksD.exe
  2⤵
  PID:4648
- C:\Windows\System\wceQoSK.exe
  C:\Windows\System\wceQoSK.exe
  2⤵
  PID:4792
- C:\Windows\System\DsZzLvE.exe
  C:\Windows\System\DsZzLvE.exe
  2⤵
  PID:4748
- C:\Windows\System\FmbEhDb.exe
  C:\Windows\System\FmbEhDb.exe
  2⤵
  PID:4560
- C:\Windows\System\eXuPEyY.exe
  C:\Windows\System\eXuPEyY.exe
  2⤵
  PID:5072
- C:\Windows\System\BJwTtgX.exe
  C:\Windows\System\BJwTtgX.exe
  2⤵
  PID:2512
- C:\Windows\System\tEVUbTM.exe
  C:\Windows\System\tEVUbTM.exe
  2⤵
  PID:3360
- C:\Windows\System\NhOQSew.exe
  C:\Windows\System\NhOQSew.exe
  2⤵
  PID:4160
- C:\Windows\System\IfiMYbK.exe
  C:\Windows\System\IfiMYbK.exe
  2⤵
  PID:4140
- C:\Windows\System\seWeyzm.exe
  C:\Windows\System\seWeyzm.exe
  2⤵
  PID:4484
- C:\Windows\System\gvMJQDk.exe
  C:\Windows\System\gvMJQDk.exe
  2⤵
  PID:4524
- C:\Windows\System\DZIjWlT.exe
  C:\Windows\System\DZIjWlT.exe
  2⤵
  PID:4628
- C:\Windows\System\jRCSgMN.exe
  C:\Windows\System\jRCSgMN.exe
  2⤵
  PID:4872
- C:\Windows\System\sQkwKlF.exe
  C:\Windows\System\sQkwKlF.exe
  2⤵
  PID:4644
- C:\Windows\System\ChlqEkf.exe
  C:\Windows\System\ChlqEkf.exe
  2⤵
  PID:4924
- C:\Windows\System\GvZHNhX.exe
  C:\Windows\System\GvZHNhX.exe
  2⤵
  PID:1248
- C:\Windows\System\ofdwOGS.exe
  C:\Windows\System\ofdwOGS.exe
  2⤵
  PID:5040
- C:\Windows\System\dBLSrIs.exe
  C:\Windows\System\dBLSrIs.exe
  2⤵
  PID:4204
- C:\Windows\System\MQcTkcP.exe
  C:\Windows\System\MQcTkcP.exe
  2⤵
  PID:4952
- C:\Windows\System\NOCGlMv.exe
  C:\Windows\System\NOCGlMv.exe
  2⤵
  PID:4164
- C:\Windows\System\kEAbbiQ.exe
  C:\Windows\System\kEAbbiQ.exe
  2⤵
  PID:4388
- C:\Windows\System\FTqJMgg.exe
  C:\Windows\System\FTqJMgg.exe
  2⤵
  PID:4396
- C:\Windows\System\jwLTiQq.exe
  C:\Windows\System\jwLTiQq.exe
  2⤵
  PID:4336
- C:\Windows\System\HMZPWHq.exe
  C:\Windows\System\HMZPWHq.exe
  2⤵
  PID:4616
- C:\Windows\System\TShDqaH.exe
  C:\Windows\System\TShDqaH.exe
  2⤵
  PID:3324
- C:\Windows\System\iPOENPB.exe
  C:\Windows\System\iPOENPB.exe
  2⤵
  PID:4836
- C:\Windows\System\HRXIgIK.exe
  C:\Windows\System\HRXIgIK.exe
  2⤵
  PID:4508
- C:\Windows\System\ZiqVyAu.exe
  C:\Windows\System\ZiqVyAu.exe
  2⤵
  PID:4676
- C:\Windows\System\rNkhynp.exe
  C:\Windows\System\rNkhynp.exe
  2⤵
  PID:4768
- C:\Windows\System\tQopcHm.exe
  C:\Windows\System\tQopcHm.exe
  2⤵
  PID:5028
- C:\Windows\System\qpJGVNF.exe
  C:\Windows\System\qpJGVNF.exe
  2⤵
  PID:4456
- C:\Windows\System\SkRSnjk.exe
  C:\Windows\System\SkRSnjk.exe
  2⤵
  PID:5136
- C:\Windows\System\xycGojx.exe
  C:\Windows\System\xycGojx.exe
  2⤵
  PID:5152
- C:\Windows\System\rfgSfoE.exe
  C:\Windows\System\rfgSfoE.exe
  2⤵
  PID:5168
- C:\Windows\System\wtYMEpO.exe
  C:\Windows\System\wtYMEpO.exe
  2⤵
  PID:5184
- C:\Windows\System\tmbCexI.exe
  C:\Windows\System\tmbCexI.exe
  2⤵
  PID:5200
- C:\Windows\System\mpphuPY.exe
  C:\Windows\System\mpphuPY.exe
  2⤵
  PID:5220
- C:\Windows\System\MTSEqnS.exe
  C:\Windows\System\MTSEqnS.exe
  2⤵
  PID:5244
- C:\Windows\System\dxKGPhE.exe
  C:\Windows\System\dxKGPhE.exe
  2⤵
  PID:5272
- C:\Windows\System\MrQNSuC.exe
  C:\Windows\System\MrQNSuC.exe
  2⤵
  PID:5300
- C:\Windows\System\oLdVAsD.exe
  C:\Windows\System\oLdVAsD.exe
  2⤵
  PID:5316
- C:\Windows\System\sZuWplu.exe
  C:\Windows\System\sZuWplu.exe
  2⤵
  PID:5340
- C:\Windows\System\GCppvAz.exe
  C:\Windows\System\GCppvAz.exe
  2⤵
  PID:5356
- C:\Windows\System\nksbGhL.exe
  C:\Windows\System\nksbGhL.exe
  2⤵
  PID:5372
- C:\Windows\System\eIvdgLD.exe
  C:\Windows\System\eIvdgLD.exe
  2⤵
  PID:5388
- C:\Windows\System\yyBcDHX.exe
  C:\Windows\System\yyBcDHX.exe
  2⤵
  PID:5404
- C:\Windows\System\QndqwwC.exe
  C:\Windows\System\QndqwwC.exe
  2⤵
  PID:5420
- C:\Windows\System\NeyUqwC.exe
  C:\Windows\System\NeyUqwC.exe
  2⤵
  PID:5436
- C:\Windows\System\kcbnrwI.exe
  C:\Windows\System\kcbnrwI.exe
  2⤵
  PID:5452
- C:\Windows\System\iGEqpQg.exe
  C:\Windows\System\iGEqpQg.exe
  2⤵
  PID:5468
- C:\Windows\System\MxXZNep.exe
  C:\Windows\System\MxXZNep.exe
  2⤵
  PID:5484
- C:\Windows\System\zUQGRAS.exe
  C:\Windows\System\zUQGRAS.exe
  2⤵
  PID:5500
- C:\Windows\System\jfSquoD.exe
  C:\Windows\System\jfSquoD.exe
  2⤵
  PID:5516
- C:\Windows\System\IYDfzSk.exe
  C:\Windows\System\IYDfzSk.exe
  2⤵
  PID:5532
- C:\Windows\System\FBXdBAB.exe
  C:\Windows\System\FBXdBAB.exe
  2⤵
  PID:5552
- C:\Windows\System\GSFKrAt.exe
  C:\Windows\System\GSFKrAt.exe
  2⤵
  PID:5568
- C:\Windows\System\QAnYhOe.exe
  C:\Windows\System\QAnYhOe.exe
  2⤵
  PID:5584
- C:\Windows\System\lhyxlHw.exe
  C:\Windows\System\lhyxlHw.exe
  2⤵
  PID:5600
- C:\Windows\System\YeVobMu.exe
  C:\Windows\System\YeVobMu.exe
  2⤵
  PID:5616
- C:\Windows\System\oiFtudY.exe
  C:\Windows\System\oiFtudY.exe
  2⤵
  PID:5632
- C:\Windows\System\FPUuvsq.exe
  C:\Windows\System\FPUuvsq.exe
  2⤵
  PID:5652
- C:\Windows\System\IjjXCpe.exe
  C:\Windows\System\IjjXCpe.exe
  2⤵
  PID:5668
- C:\Windows\System\JBzwnKt.exe
  C:\Windows\System\JBzwnKt.exe
  2⤵
  PID:5684
- C:\Windows\System\opGucAK.exe
  C:\Windows\System\opGucAK.exe
  2⤵
  PID:5700
- C:\Windows\System\nILAZSS.exe
  C:\Windows\System\nILAZSS.exe
  2⤵
  PID:5716
- C:\Windows\System\VReuLFk.exe
  C:\Windows\System\VReuLFk.exe
  2⤵
  PID:5732
- C:\Windows\System\wWhEeYq.exe
  C:\Windows\System\wWhEeYq.exe
  2⤵
  PID:5748
- C:\Windows\System\KQAlOId.exe
  C:\Windows\System\KQAlOId.exe
  2⤵
  PID:5764
- C:\Windows\System\jsuYVCx.exe
  C:\Windows\System\jsuYVCx.exe
  2⤵
  PID:5780
- C:\Windows\System\jaxCNLb.exe
  C:\Windows\System\jaxCNLb.exe
  2⤵
  PID:5796
- C:\Windows\System\zomZfip.exe
  C:\Windows\System\zomZfip.exe
  2⤵
  PID:5812
- C:\Windows\System\ziSUhxo.exe
  C:\Windows\System\ziSUhxo.exe
  2⤵
  PID:5828
- C:\Windows\System\UdJIYhP.exe
  C:\Windows\System\UdJIYhP.exe
  2⤵
  PID:5844
- C:\Windows\System\xbdboaT.exe
  C:\Windows\System\xbdboaT.exe
  2⤵
  PID:5860
- C:\Windows\System\MCuxHws.exe
  C:\Windows\System\MCuxHws.exe
  2⤵
  PID:5876
- C:\Windows\System\CNeATEQ.exe
  C:\Windows\System\CNeATEQ.exe
  2⤵
  PID:5892
- C:\Windows\System\GYNYUXJ.exe
  C:\Windows\System\GYNYUXJ.exe
  2⤵
  PID:5908
- C:\Windows\System\EFUIuVb.exe
  C:\Windows\System\EFUIuVb.exe
  2⤵
  PID:5924
- C:\Windows\System\CdqJesf.exe
  C:\Windows\System\CdqJesf.exe
  2⤵
  PID:5940
- C:\Windows\System\GwlPQoR.exe
  C:\Windows\System\GwlPQoR.exe
  2⤵
  PID:5956
- C:\Windows\System\zbliBfE.exe
  C:\Windows\System\zbliBfE.exe
  2⤵
  PID:5972
- C:\Windows\System\fEdWvhA.exe
  C:\Windows\System\fEdWvhA.exe
  2⤵
  PID:5988
- C:\Windows\System\tcToCrX.exe
  C:\Windows\System\tcToCrX.exe
  2⤵
  PID:6004
- C:\Windows\System\UiOQDnG.exe
  C:\Windows\System\UiOQDnG.exe
  2⤵
  PID:6020
- C:\Windows\System\OCkkbjd.exe
  C:\Windows\System\OCkkbjd.exe
  2⤵
  PID:6036
- C:\Windows\System\RllkiBR.exe
  C:\Windows\System\RllkiBR.exe
  2⤵
  PID:6052
- C:\Windows\System\QqQqbUG.exe
  C:\Windows\System\QqQqbUG.exe
  2⤵
  PID:6068
- C:\Windows\System\eNYRmBm.exe
  C:\Windows\System\eNYRmBm.exe
  2⤵
  PID:6084
- C:\Windows\System\HijsEDj.exe
  C:\Windows\System\HijsEDj.exe
  2⤵
  PID:6100
- C:\Windows\System\IayhPAu.exe
  C:\Windows\System\IayhPAu.exe
  2⤵
  PID:6116
- C:\Windows\System\nGxGWEe.exe
  C:\Windows\System\nGxGWEe.exe
  2⤵
  PID:6132
- C:\Windows\System\nSPEcnV.exe
  C:\Windows\System\nSPEcnV.exe
  2⤵
  PID:5144
- C:\Windows\System\WYQKVeQ.exe
  C:\Windows\System\WYQKVeQ.exe
  2⤵
  PID:4556
- C:\Windows\System\XotLYrE.exe
  C:\Windows\System\XotLYrE.exe
  2⤵
  PID:1400
- C:\Windows\System\mFuFFNI.exe
  C:\Windows\System\mFuFFNI.exe
  2⤵
  PID:5160
- C:\Windows\System\dmzGvPb.exe
  C:\Windows\System\dmzGvPb.exe
  2⤵
  PID:5208
- C:\Windows\System\iiXsNxw.exe
  C:\Windows\System\iiXsNxw.exe
  2⤵
  PID:5228
- C:\Windows\System\JGipGCO.exe
  C:\Windows\System\JGipGCO.exe
  2⤵
  PID:5260
- C:\Windows\System\HXhPqcP.exe
  C:\Windows\System\HXhPqcP.exe
  2⤵
  PID:5280
- C:\Windows\System\gKPXvsp.exe
  C:\Windows\System\gKPXvsp.exe
  2⤵
  PID:2836
- C:\Windows\System\KdoVosT.exe
  C:\Windows\System\KdoVosT.exe
  2⤵
  PID:5348
- C:\Windows\System\xfqhzKb.exe
  C:\Windows\System\xfqhzKb.exe
  2⤵
  PID:5332
- C:\Windows\System\YcESfiz.exe
  C:\Windows\System\YcESfiz.exe
  2⤵
  PID:5324
- C:\Windows\System\uoCxAfw.exe
  C:\Windows\System\uoCxAfw.exe
  2⤵
  PID:5396
- C:\Windows\System\JGpNKNS.exe
  C:\Windows\System\JGpNKNS.exe
  2⤵
  PID:5444
- C:\Windows\System\BPaoYZY.exe
  C:\Windows\System\BPaoYZY.exe
  2⤵
  PID:5512
- C:\Windows\System\VzDGmSQ.exe
  C:\Windows\System\VzDGmSQ.exe
  2⤵
  PID:5428
- C:\Windows\System\qMSqciu.exe
  C:\Windows\System\qMSqciu.exe
  2⤵
  PID:5496
- C:\Windows\System\DtBPfsr.exe
  C:\Windows\System\DtBPfsr.exe
  2⤵
  PID:4144
- C:\Windows\System\MMdfylo.exe
  C:\Windows\System\MMdfylo.exe
  2⤵
  PID:5624
- C:\Windows\System\uVZuqDG.exe
  C:\Windows\System\uVZuqDG.exe
  2⤵
  PID:5676
- C:\Windows\System\omhVWQU.exe
  C:\Windows\System\omhVWQU.exe
  2⤵
  PID:5804
- C:\Windows\System\BLjGakP.exe
  C:\Windows\System\BLjGakP.exe
  2⤵
  PID:5836
- C:\Windows\System\WnUKUsr.exe
  C:\Windows\System\WnUKUsr.exe
  2⤵
  PID:5900
- C:\Windows\System\GdgRtTx.exe
  C:\Windows\System\GdgRtTx.exe
  2⤵
  PID:5792
- C:\Windows\System\BOukHSo.exe
  C:\Windows\System\BOukHSo.exe
  2⤵
  PID:5596
- C:\Windows\System\RkfFDKS.exe
  C:\Windows\System\RkfFDKS.exe
  2⤵
  PID:5692
- C:\Windows\System\XJyEdri.exe
  C:\Windows\System\XJyEdri.exe
  2⤵
  PID:5884
- C:\Windows\System\XsFHUkN.exe
  C:\Windows\System\XsFHUkN.exe
  2⤵
  PID:5920
- C:\Windows\System\aYZAVgE.exe
  C:\Windows\System\aYZAVgE.exe
  2⤵
  PID:5852
- C:\Windows\System\ZYOwdgw.exe
  C:\Windows\System\ZYOwdgw.exe
  2⤵
  PID:5952
- C:\Windows\System\rrbkQNm.exe
  C:\Windows\System\rrbkQNm.exe
  2⤵
  PID:5948
- C:\Windows\System\gJsnFki.exe
  C:\Windows\System\gJsnFki.exe
  2⤵
  PID:6028
- C:\Windows\System\KOGihdZ.exe
  C:\Windows\System\KOGihdZ.exe
  2⤵
  PID:6092
- C:\Windows\System\KIeHYix.exe
  C:\Windows\System\KIeHYix.exe
  2⤵
  PID:6124
- C:\Windows\System\DINFlgu.exe
  C:\Windows\System\DINFlgu.exe
  2⤵
  PID:5148
- C:\Windows\System\PynHLFX.exe
  C:\Windows\System\PynHLFX.exe
  2⤵
  PID:5216
- C:\Windows\System\lVLPhIl.exe
  C:\Windows\System\lVLPhIl.exe
  2⤵
  PID:5312
- C:\Windows\System\XAVeBvX.exe
  C:\Windows\System\XAVeBvX.exe
  2⤵
  PID:5288
- C:\Windows\System\NqCidyi.exe
  C:\Windows\System\NqCidyi.exe
  2⤵
  PID:6108
- C:\Windows\System\kJfTyEy.exe
  C:\Windows\System\kJfTyEy.exe
  2⤵
  PID:4744
- C:\Windows\System\ctbeeSa.exe
  C:\Windows\System\ctbeeSa.exe
  2⤵
  PID:5236
- C:\Windows\System\YgqSAzm.exe
  C:\Windows\System\YgqSAzm.exe
  2⤵
  PID:5492
- C:\Windows\System\exctWzg.exe
  C:\Windows\System\exctWzg.exe
  2⤵
  PID:5432
- C:\Windows\System\enxwAUy.exe
  C:\Windows\System\enxwAUy.exe
  2⤵
  PID:5644
- C:\Windows\System\OBufFzE.exe
  C:\Windows\System\OBufFzE.exe
  2⤵
  PID:5772
- C:\Windows\System\uZKzcDt.exe
  C:\Windows\System\uZKzcDt.exe
  2⤵
  PID:5756
- C:\Windows\System\fQFkJXH.exe
  C:\Windows\System\fQFkJXH.exe
  2⤵
  PID:5868
- C:\Windows\System\OFnUfNG.exe
  C:\Windows\System\OFnUfNG.exe
  2⤵
  PID:5936
- C:\Windows\System\NCtFaNE.exe
  C:\Windows\System\NCtFaNE.exe
  2⤵
  PID:5660
- C:\Windows\System\ErSuezB.exe
  C:\Windows\System\ErSuezB.exe
  2⤵
  PID:6064
- C:\Windows\System\ecaefiG.exe
  C:\Windows\System\ecaefiG.exe
  2⤵
  PID:5788
- C:\Windows\System\FEYRaCm.exe
  C:\Windows\System\FEYRaCm.exe
  2⤵
  PID:6012
- C:\Windows\System\EjbKkLH.exe
  C:\Windows\System\EjbKkLH.exe
  2⤵
  PID:5968
- C:\Windows\System\zpFjhTk.exe
  C:\Windows\System\zpFjhTk.exe
  2⤵
  PID:844
- C:\Windows\System\tXAelYa.exe
  C:\Windows\System\tXAelYa.exe
  2⤵
  PID:6140
- C:\Windows\System\kQNwbNR.exe
  C:\Windows\System\kQNwbNR.exe
  2⤵
  PID:2156
- C:\Windows\System\IBTuQcI.exe
  C:\Windows\System\IBTuQcI.exe
  2⤵
  PID:5476
- C:\Windows\System\wXiOuKd.exe
  C:\Windows\System\wXiOuKd.exe
  2⤵
  PID:5464
- C:\Windows\System\vsgiUJr.exe
  C:\Windows\System\vsgiUJr.exe
  2⤵
  PID:5580
- C:\Windows\System\OpabSAU.exe
  C:\Windows\System\OpabSAU.exe
  2⤵
  PID:5592
- C:\Windows\System\EjNDRfT.exe
  C:\Windows\System\EjNDRfT.exe
  2⤵
  PID:5996
- C:\Windows\System\BrMAjXr.exe
  C:\Windows\System\BrMAjXr.exe
  2⤵
  PID:5132
- C:\Windows\System\TEQKjWm.exe
  C:\Windows\System\TEQKjWm.exe
  2⤵
  PID:5296
- C:\Windows\System\SYLbgwn.exe
  C:\Windows\System\SYLbgwn.exe
  2⤵
  PID:6080
- C:\Windows\System\JBBoUnf.exe
  C:\Windows\System\JBBoUnf.exe
  2⤵
  PID:5176
- C:\Windows\System\QrwLtif.exe
  C:\Windows\System\QrwLtif.exe
  2⤵
  PID:5984
- C:\Windows\System\XnCMdXw.exe
  C:\Windows\System\XnCMdXw.exe
  2⤵
  PID:5384
- C:\Windows\System\BYlgEzu.exe
  C:\Windows\System\BYlgEzu.exe
  2⤵
  PID:1556
- C:\Windows\System\ZWccQzz.exe
  C:\Windows\System\ZWccQzz.exe
  2⤵
  PID:5180
- C:\Windows\System\lkRUdax.exe
  C:\Windows\System\lkRUdax.exe
  2⤵
  PID:5576
- C:\Windows\System\rxeBGlf.exe
  C:\Windows\System\rxeBGlf.exe
  2⤵
  PID:6148
- C:\Windows\System\UXtqvaC.exe
  C:\Windows\System\UXtqvaC.exe
  2⤵
  PID:6164
- C:\Windows\System\sRERdVa.exe
  C:\Windows\System\sRERdVa.exe
  2⤵
  PID:6180
- C:\Windows\System\btptYSF.exe
  C:\Windows\System\btptYSF.exe
  2⤵
  PID:6196
- C:\Windows\System\fMSdjpU.exe
  C:\Windows\System\fMSdjpU.exe
  2⤵
  PID:6212
- C:\Windows\System\GnIXmoB.exe
  C:\Windows\System\GnIXmoB.exe
  2⤵
  PID:6228
- C:\Windows\System\bkHLefU.exe
  C:\Windows\System\bkHLefU.exe
  2⤵
  PID:6244
- C:\Windows\System\wLEzJlL.exe
  C:\Windows\System\wLEzJlL.exe
  2⤵
  PID:6260
- C:\Windows\System\fkOYVXe.exe
  C:\Windows\System\fkOYVXe.exe
  2⤵
  PID:6276
- C:\Windows\System\fNzHZaa.exe
  C:\Windows\System\fNzHZaa.exe
  2⤵
  PID:6292
- C:\Windows\System\ddNeUzk.exe
  C:\Windows\System\ddNeUzk.exe
  2⤵
  PID:6312
- C:\Windows\System\XuHpQPT.exe
  C:\Windows\System\XuHpQPT.exe
  2⤵
  PID:6328
- C:\Windows\System\bMlpQLd.exe
  C:\Windows\System\bMlpQLd.exe
  2⤵
  PID:6344
- C:\Windows\System\YiKWtYo.exe
  C:\Windows\System\YiKWtYo.exe
  2⤵
  PID:6360
- C:\Windows\System\akPNmev.exe
  C:\Windows\System\akPNmev.exe
  2⤵
  PID:6376
- C:\Windows\System\EUyYCcP.exe
  C:\Windows\System\EUyYCcP.exe
  2⤵
  PID:6392
- C:\Windows\System\WoKfJid.exe
  C:\Windows\System\WoKfJid.exe
  2⤵
  PID:6408
- C:\Windows\System\aWkMcnR.exe
  C:\Windows\System\aWkMcnR.exe
  2⤵
  PID:6424
- C:\Windows\System\SrSmqNu.exe
  C:\Windows\System\SrSmqNu.exe
  2⤵
  PID:6440
- C:\Windows\System\jlBWHmo.exe
  C:\Windows\System\jlBWHmo.exe
  2⤵
  PID:6460
- C:\Windows\System\VqETLPZ.exe
  C:\Windows\System\VqETLPZ.exe
  2⤵
  PID:6476
- C:\Windows\System\IGHesBR.exe
  C:\Windows\System\IGHesBR.exe
  2⤵
  PID:6492
- C:\Windows\System\svQBHgP.exe
  C:\Windows\System\svQBHgP.exe
  2⤵
  PID:6508
- C:\Windows\System\raRHVij.exe
  C:\Windows\System\raRHVij.exe
  2⤵
  PID:6524
- C:\Windows\System\yNtrAQw.exe
  C:\Windows\System\yNtrAQw.exe
  2⤵
  PID:6540
- C:\Windows\System\WKlFcgj.exe
  C:\Windows\System\WKlFcgj.exe
  2⤵
  PID:6556
- C:\Windows\System\UxQoWWc.exe
  C:\Windows\System\UxQoWWc.exe
  2⤵
  PID:6572
- C:\Windows\System\CkdRIOz.exe
  C:\Windows\System\CkdRIOz.exe
  2⤵
  PID:6588
- C:\Windows\System\zcXVvdw.exe
  C:\Windows\System\zcXVvdw.exe
  2⤵
  PID:6604
- C:\Windows\System\NDICtSN.exe
  C:\Windows\System\NDICtSN.exe
  2⤵
  PID:6660
- C:\Windows\System\VUcixoC.exe
  C:\Windows\System\VUcixoC.exe
  2⤵
  PID:6676
- C:\Windows\System\RRnEtwY.exe
  C:\Windows\System\RRnEtwY.exe
  2⤵
  PID:6696
- C:\Windows\System\pmEehEH.exe
  C:\Windows\System\pmEehEH.exe
  2⤵
  PID:6728
- C:\Windows\System\yKRMdcr.exe
  C:\Windows\System\yKRMdcr.exe
  2⤵
  PID:6760
- C:\Windows\System\VzrQQti.exe
  C:\Windows\System\VzrQQti.exe
  2⤵
  PID:6784
- C:\Windows\System\JAvcRWa.exe
  C:\Windows\System\JAvcRWa.exe
  2⤵
  PID:6800
- C:\Windows\System\AFTRfGL.exe
  C:\Windows\System\AFTRfGL.exe
  2⤵
  PID:6816
- C:\Windows\System\gilzQDF.exe
  C:\Windows\System\gilzQDF.exe
  2⤵
  PID:6832
- C:\Windows\System\AlVglFO.exe
  C:\Windows\System\AlVglFO.exe
  2⤵
  PID:6848
- C:\Windows\System\TWyBEJA.exe
  C:\Windows\System\TWyBEJA.exe
  2⤵
  PID:6868
- C:\Windows\System\shSZHKy.exe
  C:\Windows\System\shSZHKy.exe
  2⤵
  PID:6916
- C:\Windows\System\bTPWyaN.exe
  C:\Windows\System\bTPWyaN.exe
  2⤵
  PID:6936
- C:\Windows\System\wlgYPYM.exe
  C:\Windows\System\wlgYPYM.exe
  2⤵
  PID:6952
- C:\Windows\System\TCTVCpI.exe
  C:\Windows\System\TCTVCpI.exe
  2⤵
  PID:6968
- C:\Windows\System\CNkHLZi.exe
  C:\Windows\System\CNkHLZi.exe
  2⤵
  PID:6984
- C:\Windows\System\BDPyNNo.exe
  C:\Windows\System\BDPyNNo.exe
  2⤵
  PID:7000
- C:\Windows\System\AcILTyL.exe
  C:\Windows\System\AcILTyL.exe
  2⤵
  PID:7016
- C:\Windows\System\dcDaUzM.exe
  C:\Windows\System\dcDaUzM.exe
  2⤵
  PID:7036
- C:\Windows\System\ESUvdho.exe
  C:\Windows\System\ESUvdho.exe
  2⤵
  PID:7052
- C:\Windows\System\lnrepzp.exe
  C:\Windows\System\lnrepzp.exe
  2⤵
  PID:7068
- C:\Windows\System\rsJxCOx.exe
  C:\Windows\System\rsJxCOx.exe
  2⤵
  PID:7084
- C:\Windows\System\WTdJnyR.exe
  C:\Windows\System\WTdJnyR.exe
  2⤵
  PID:7100
- C:\Windows\System\TAVrWZP.exe
  C:\Windows\System\TAVrWZP.exe
  2⤵
  PID:7116
- C:\Windows\System\jGVUsrC.exe
  C:\Windows\System\jGVUsrC.exe
  2⤵
  PID:7132
- C:\Windows\System\XDWLhRR.exe
  C:\Windows\System\XDWLhRR.exe
  2⤵
  PID:7148
- C:\Windows\System\RFwqxmp.exe
  C:\Windows\System\RFwqxmp.exe
  2⤵
  PID:7164
- C:\Windows\System\JyycYGd.exe
  C:\Windows\System\JyycYGd.exe
  2⤵
  PID:6096
- C:\Windows\System\LIEuncx.exe
  C:\Windows\System\LIEuncx.exe
  2⤵
  PID:6160
- C:\Windows\System\DIIgzRE.exe
  C:\Windows\System\DIIgzRE.exe
  2⤵
  PID:6044
- C:\Windows\System\LZiJsJk.exe
  C:\Windows\System\LZiJsJk.exe
  2⤵
  PID:5728
- C:\Windows\System\hLJYRbY.exe
  C:\Windows\System\hLJYRbY.exe
  2⤵
  PID:2272
- C:\Windows\System\ZPUMdrn.exe
  C:\Windows\System\ZPUMdrn.exe
  2⤵
  PID:6236
- C:\Windows\System\YPsVhjA.exe
  C:\Windows\System\YPsVhjA.exe
  2⤵
  PID:6308
- C:\Windows\System\CgjimPT.exe
  C:\Windows\System\CgjimPT.exe
  2⤵
  PID:6356
- C:\Windows\System\STaVFus.exe
  C:\Windows\System\STaVFus.exe
  2⤵
  PID:6336
- C:\Windows\System\nBknpfJ.exe
  C:\Windows\System\nBknpfJ.exe
  2⤵
  PID:6340
- C:\Windows\System\bpvPOre.exe
  C:\Windows\System\bpvPOre.exe
  2⤵
  PID:6420
- C:\Windows\System\sgDtihv.exe
  C:\Windows\System\sgDtihv.exe
  2⤵
  PID:6484
- C:\Windows\System\QnMDckn.exe
  C:\Windows\System\QnMDckn.exe
  2⤵
  PID:6520
- C:\Windows\System\liUknUT.exe
  C:\Windows\System\liUknUT.exe
  2⤵
  PID:6468
- C:\Windows\System\GFTHAnM.exe
  C:\Windows\System\GFTHAnM.exe
  2⤵
  PID:6472
- C:\Windows\System\KpiULER.exe
  C:\Windows\System\KpiULER.exe
  2⤵
  PID:6568
- C:\Windows\System\UIEIdLf.exe
  C:\Windows\System\UIEIdLf.exe
  2⤵
  PID:6620
- C:\Windows\System\WePmlTi.exe
  C:\Windows\System\WePmlTi.exe
  2⤵
  PID:6640
- C:\Windows\System\IIiGqrt.exe
  C:\Windows\System\IIiGqrt.exe
  2⤵
  PID:6644
- C:\Windows\System\EOfIDYt.exe
  C:\Windows\System\EOfIDYt.exe
  2⤵
  PID:6668
- C:\Windows\System\QaUhDBY.exe
  C:\Windows\System\QaUhDBY.exe
  2⤵
  PID:6736
- C:\Windows\System\KnEDiSq.exe
  C:\Windows\System\KnEDiSq.exe
  2⤵
  PID:6720
- C:\Windows\System\hfgPJJv.exe
  C:\Windows\System\hfgPJJv.exe
  2⤵
  PID:6752
- C:\Windows\System\CSkIlkU.exe
  C:\Windows\System\CSkIlkU.exe
  2⤵
  PID:6776
- C:\Windows\System\mUUAUSi.exe
  C:\Windows\System\mUUAUSi.exe
  2⤵
  PID:6828
- C:\Windows\System\hCXOoCL.exe
  C:\Windows\System\hCXOoCL.exe
  2⤵
  PID:6844
- C:\Windows\System\IQfioWn.exe
  C:\Windows\System\IQfioWn.exe
  2⤵
  PID:6876
- C:\Windows\System\dKQvhDV.exe
  C:\Windows\System\dKQvhDV.exe
  2⤵
  PID:6896
- C:\Windows\System\UatFdTh.exe
  C:\Windows\System\UatFdTh.exe
  2⤵
  PID:6924
- C:\Windows\System\uLDZKYd.exe
  C:\Windows\System\uLDZKYd.exe
  2⤵
  PID:6932
- C:\Windows\System\sfaUhfM.exe
  C:\Windows\System\sfaUhfM.exe
  2⤵
  PID:6980
- C:\Windows\System\smCIGEw.exe
  C:\Windows\System\smCIGEw.exe
  2⤵
  PID:6964
- C:\Windows\System\hOMXHVp.exe
  C:\Windows\System\hOMXHVp.exe
  2⤵
  PID:7028
- C:\Windows\System\SlquWDq.exe
  C:\Windows\System\SlquWDq.exe
  2⤵
  PID:7092
- C:\Windows\System\WXIPmNz.exe
  C:\Windows\System\WXIPmNz.exe
  2⤵
  PID:7156
- C:\Windows\System\DshTSHs.exe
  C:\Windows\System\DshTSHs.exe
  2⤵
  PID:6176
- C:\Windows\System\qNMEubI.exe
  C:\Windows\System\qNMEubI.exe
  2⤵
  PID:7044
- C:\Windows\System\TMCGNhK.exe
  C:\Windows\System\TMCGNhK.exe
  2⤵
  PID:6256
- C:\Windows\System\vUUhKff.exe
  C:\Windows\System\vUUhKff.exe
  2⤵
  PID:1864
- C:\Windows\System\EXYwCdj.exe
  C:\Windows\System\EXYwCdj.exe
  2⤵
  PID:6224
- C:\Windows\System\NXLyLIK.exe
  C:\Windows\System\NXLyLIK.exe
  2⤵
  PID:6352
- C:\Windows\System\etaxRYp.exe
  C:\Windows\System\etaxRYp.exe
  2⤵
  PID:6388
- C:\Windows\System\Lfkqwza.exe
  C:\Windows\System\Lfkqwza.exe
  2⤵
  PID:6432
- C:\Windows\System\GfePMzl.exe
  C:\Windows\System\GfePMzl.exe
  2⤵
  PID:6632
- C:\Windows\System\sfVVYJi.exe
  C:\Windows\System\sfVVYJi.exe
  2⤵
  PID:6532
- C:\Windows\System\XgCyyfg.exe
  C:\Windows\System\XgCyyfg.exe
  2⤵
  PID:7128
- C:\Windows\System\YjTQpvx.exe
  C:\Windows\System\YjTQpvx.exe
  2⤵
  PID:7112
- C:\Windows\System\hNGxFep.exe
  C:\Windows\System\hNGxFep.exe
  2⤵
  PID:6900
- C:\Windows\System\KtJwrCZ.exe
  C:\Windows\System\KtJwrCZ.exe
  2⤵
  PID:2244
- C:\Windows\System\tSnqlWp.exe
  C:\Windows\System\tSnqlWp.exe
  2⤵
  PID:6996
- C:\Windows\System\HdZeGEu.exe
  C:\Windows\System\HdZeGEu.exe
  2⤵
  PID:6976
- C:\Windows\System\iolkshe.exe
  C:\Windows\System\iolkshe.exe
  2⤵
  PID:5760
- C:\Windows\System\JrAHUZk.exe
  C:\Windows\System\JrAHUZk.exe
  2⤵
  PID:7140
- C:\Windows\System\JODDpSy.exe
  C:\Windows\System\JODDpSy.exe
  2⤵
  PID:6584
- C:\Windows\System\jWhPzYs.exe
  C:\Windows\System\jWhPzYs.exe
  2⤵
  PID:6324
- C:\Windows\System\itlDgni.exe
  C:\Windows\System\itlDgni.exe
  2⤵
  PID:6652
- C:\Windows\System\iUSxHjY.exe
  C:\Windows\System\iUSxHjY.exe
  2⤵
  PID:6516
- C:\Windows\System\VbfPOYV.exe
  C:\Windows\System\VbfPOYV.exe
  2⤵
  PID:2760
- C:\Windows\System\PnchXiO.exe
  C:\Windows\System\PnchXiO.exe
  2⤵
  PID:6708
- C:\Windows\System\wUcoCYP.exe
  C:\Windows\System\wUcoCYP.exe
  2⤵
  PID:6716
- C:\Windows\System\GPGSsRw.exe
  C:\Windows\System\GPGSsRw.exe
  2⤵
  PID:640
- C:\Windows\System\FkJZXWG.exe
  C:\Windows\System\FkJZXWG.exe
  2⤵
  PID:6840
- C:\Windows\System\UkJtJPc.exe
  C:\Windows\System\UkJtJPc.exe
  2⤵
  PID:6884
- C:\Windows\System\bavGnOw.exe
  C:\Windows\System\bavGnOw.exe
  2⤵
  PID:7080
- C:\Windows\System\gHiCUsf.exe
  C:\Windows\System\gHiCUsf.exe
  2⤵
  PID:6456
- C:\Windows\System\qVdAJfY.exe
  C:\Windows\System\qVdAJfY.exe
  2⤵
  PID:6636
- C:\Windows\System\dSANYxF.exe
  C:\Windows\System\dSANYxF.exe
  2⤵
  PID:6748
- C:\Windows\System\afAHZdJ.exe
  C:\Windows\System\afAHZdJ.exe
  2⤵
  PID:6796
- C:\Windows\System\YtHaCKW.exe
  C:\Windows\System\YtHaCKW.exe
  2⤵
  PID:6684
- C:\Windows\System\FmlxEEU.exe
  C:\Windows\System\FmlxEEU.exe
  2⤵
  PID:5740
- C:\Windows\System\pizJtKu.exe
  C:\Windows\System\pizJtKu.exe
  2⤵
  PID:6300
- C:\Windows\System\VSXAmje.exe
  C:\Windows\System\VSXAmje.exe
  2⤵
  PID:6740
- C:\Windows\System\YVgaOBD.exe
  C:\Windows\System\YVgaOBD.exe
  2⤵
  PID:6912
- C:\Windows\System\gwGySxa.exe
  C:\Windows\System\gwGySxa.exe
  2⤵
  PID:1396
- C:\Windows\System\XHeSxUh.exe
  C:\Windows\System\XHeSxUh.exe
  2⤵
  PID:6948
- C:\Windows\System\xXOLDzr.exe
  C:\Windows\System\xXOLDzr.exe
  2⤵
  PID:7184
- C:\Windows\System\zEeoBbf.exe
  C:\Windows\System\zEeoBbf.exe
  2⤵
  PID:7200
- C:\Windows\System\XIauCFX.exe
  C:\Windows\System\XIauCFX.exe
  2⤵
  PID:7216
- C:\Windows\System\PYTSWGB.exe
  C:\Windows\System\PYTSWGB.exe
  2⤵
  PID:7232
- C:\Windows\System\FNrrdHU.exe
  C:\Windows\System\FNrrdHU.exe
  2⤵
  PID:7248
- C:\Windows\System\KkLtCML.exe
  C:\Windows\System\KkLtCML.exe
  2⤵
  PID:7264
- C:\Windows\System\kYWEofm.exe
  C:\Windows\System\kYWEofm.exe
  2⤵
  PID:7280
- C:\Windows\System\YkPLmQh.exe
  C:\Windows\System\YkPLmQh.exe
  2⤵
  PID:7296
- C:\Windows\System\hWAUtqr.exe
  C:\Windows\System\hWAUtqr.exe
  2⤵
  PID:7312
- C:\Windows\System\cJzEiiM.exe
  C:\Windows\System\cJzEiiM.exe
  2⤵
  PID:7328
- C:\Windows\System\QfHtamX.exe
  C:\Windows\System\QfHtamX.exe
  2⤵
  PID:7344
- C:\Windows\System\CcchVvx.exe
  C:\Windows\System\CcchVvx.exe
  2⤵
  PID:7360
- C:\Windows\System\tiVHRku.exe
  C:\Windows\System\tiVHRku.exe
  2⤵
  PID:7376
- C:\Windows\System\DYMKmTC.exe
  C:\Windows\System\DYMKmTC.exe
  2⤵
  PID:7392
- C:\Windows\System\VGtmsBe.exe
  C:\Windows\System\VGtmsBe.exe
  2⤵
  PID:7408
- C:\Windows\System\pltuDdW.exe
  C:\Windows\System\pltuDdW.exe
  2⤵
  PID:7424
- C:\Windows\System\fKpgZeZ.exe
  C:\Windows\System\fKpgZeZ.exe
  2⤵
  PID:7440
- C:\Windows\System\Ffdyvqr.exe
  C:\Windows\System\Ffdyvqr.exe
  2⤵
  PID:7456
- C:\Windows\System\oYAVnlD.exe
  C:\Windows\System\oYAVnlD.exe
  2⤵
  PID:7472
- C:\Windows\System\bNHijHy.exe
  C:\Windows\System\bNHijHy.exe
  2⤵
  PID:7488
- C:\Windows\System\QjHwuhh.exe
  C:\Windows\System\QjHwuhh.exe
  2⤵
  PID:7504
- C:\Windows\System\XrQMoQE.exe
  C:\Windows\System\XrQMoQE.exe
  2⤵
  PID:7520
- C:\Windows\System\Uxxdwqq.exe
  C:\Windows\System\Uxxdwqq.exe
  2⤵
  PID:7536
- C:\Windows\System\pNxawWx.exe
  C:\Windows\System\pNxawWx.exe
  2⤵
  PID:7552
- C:\Windows\System\YkfOZOk.exe
  C:\Windows\System\YkfOZOk.exe
  2⤵
  PID:7568
- C:\Windows\System\njguBwo.exe
  C:\Windows\System\njguBwo.exe
  2⤵
  PID:7584
- C:\Windows\System\RpFvTJG.exe
  C:\Windows\System\RpFvTJG.exe
  2⤵
  PID:7600
- C:\Windows\System\LRnFbuW.exe
  C:\Windows\System\LRnFbuW.exe
  2⤵
  PID:7616
- C:\Windows\System\vXsurtq.exe
  C:\Windows\System\vXsurtq.exe
  2⤵
  PID:7632
- C:\Windows\System\ieLnreh.exe
  C:\Windows\System\ieLnreh.exe
  2⤵
  PID:7648
- C:\Windows\System\sBdoBLs.exe
  C:\Windows\System\sBdoBLs.exe
  2⤵
  PID:7664
- C:\Windows\System\cAadGWo.exe
  C:\Windows\System\cAadGWo.exe
  2⤵
  PID:7680
- C:\Windows\System\rCpDiVi.exe
  C:\Windows\System\rCpDiVi.exe
  2⤵
  PID:7696
- C:\Windows\System\KbyDVzH.exe
  C:\Windows\System\KbyDVzH.exe
  2⤵
  PID:7712
- C:\Windows\System\uuYyCRe.exe
  C:\Windows\System\uuYyCRe.exe
  2⤵
  PID:7728
- C:\Windows\System\OLEalYN.exe
  C:\Windows\System\OLEalYN.exe
  2⤵
  PID:7744
- C:\Windows\System\aeoDtju.exe
  C:\Windows\System\aeoDtju.exe
  2⤵
  PID:7760
- C:\Windows\System\cxkzqkq.exe
  C:\Windows\System\cxkzqkq.exe
  2⤵
  PID:7780
- C:\Windows\System\yDxNBWu.exe
  C:\Windows\System\yDxNBWu.exe
  2⤵
  PID:7796
- C:\Windows\System\TQzyDSs.exe
  C:\Windows\System\TQzyDSs.exe
  2⤵
  PID:7812
- C:\Windows\System\RhFUZGX.exe
  C:\Windows\System\RhFUZGX.exe
  2⤵
  PID:7828
- C:\Windows\System\hrYdBQq.exe
  C:\Windows\System\hrYdBQq.exe
  2⤵
  PID:7844
- C:\Windows\System\RgVxMdv.exe
  C:\Windows\System\RgVxMdv.exe
  2⤵
  PID:7860
- C:\Windows\System\bmxpHeG.exe
  C:\Windows\System\bmxpHeG.exe
  2⤵
  PID:7876
- C:\Windows\System\YYKfMCF.exe
  C:\Windows\System\YYKfMCF.exe
  2⤵
  PID:7892
- C:\Windows\System\tVkTwjs.exe
  C:\Windows\System\tVkTwjs.exe
  2⤵
  PID:7908
- C:\Windows\System\WYfXYZO.exe
  C:\Windows\System\WYfXYZO.exe
  2⤵
  PID:7928
- C:\Windows\System\nhodlLx.exe
  C:\Windows\System\nhodlLx.exe
  2⤵
  PID:7944
- C:\Windows\System\OcFkTIx.exe
  C:\Windows\System\OcFkTIx.exe
  2⤵
  PID:7960
- C:\Windows\System\qbigSse.exe
  C:\Windows\System\qbigSse.exe
  2⤵
  PID:7976
- C:\Windows\System\rBzUlMC.exe
  C:\Windows\System\rBzUlMC.exe
  2⤵
  PID:7992
- C:\Windows\System\MzASFQs.exe
  C:\Windows\System\MzASFQs.exe
  2⤵
  PID:8008
- C:\Windows\System\roGqewX.exe
  C:\Windows\System\roGqewX.exe
  2⤵
  PID:8024
- C:\Windows\System\nIftufV.exe
  C:\Windows\System\nIftufV.exe
  2⤵
  PID:8040
- C:\Windows\System\zwIBAlU.exe
  C:\Windows\System\zwIBAlU.exe
  2⤵
  PID:8056
- C:\Windows\System\gESDueg.exe
  C:\Windows\System\gESDueg.exe
  2⤵
  PID:8072
- C:\Windows\System\pRAnAqt.exe
  C:\Windows\System\pRAnAqt.exe
  2⤵
  PID:8088
- C:\Windows\System\vQBfDxV.exe
  C:\Windows\System\vQBfDxV.exe
  2⤵
  PID:8104
- C:\Windows\System\ZwzSVvf.exe
  C:\Windows\System\ZwzSVvf.exe
  2⤵
  PID:8120
- C:\Windows\System\kWeXiQZ.exe
  C:\Windows\System\kWeXiQZ.exe
  2⤵
  PID:8136
- C:\Windows\System\idmQDXC.exe
  C:\Windows\System\idmQDXC.exe
  2⤵
  PID:8152
- C:\Windows\System\nfuHppC.exe
  C:\Windows\System\nfuHppC.exe
  2⤵
  PID:8168
- C:\Windows\System\fFwVUuj.exe
  C:\Windows\System\fFwVUuj.exe
  2⤵
  PID:8184
- C:\Windows\System\LtfhDxn.exe
  C:\Windows\System\LtfhDxn.exe
  2⤵
  PID:6504
- C:\Windows\System\fGmtdCv.exe
  C:\Windows\System\fGmtdCv.exe
  2⤵
  PID:6372
- C:\Windows\System\cmabOZV.exe
  C:\Windows\System\cmabOZV.exe
  2⤵
  PID:7176
- C:\Windows\System\SOAMjwX.exe
  C:\Windows\System\SOAMjwX.exe
  2⤵
  PID:7192
- C:\Windows\System\yYpgkVU.exe
  C:\Windows\System\yYpgkVU.exe
  2⤵
  PID:7208
- C:\Windows\System\PeHpgus.exe
  C:\Windows\System\PeHpgus.exe
  2⤵
  PID:7256
- C:\Windows\System\UkLKSni.exe
  C:\Windows\System\UkLKSni.exe
  2⤵
  PID:7320
- C:\Windows\System\rTEkoqU.exe
  C:\Windows\System\rTEkoqU.exe
  2⤵
  PID:7276
- C:\Windows\System\TLelwnk.exe
  C:\Windows\System\TLelwnk.exe
  2⤵
  PID:7372
- C:\Windows\System\uFOcYyT.exe
  C:\Windows\System\uFOcYyT.exe
  2⤵
  PID:7624
- C:\Windows\System\RmMuBXl.exe
  C:\Windows\System\RmMuBXl.exe
  2⤵
  PID:7608
- C:\Windows\System\aUfjEnI.exe
  C:\Windows\System\aUfjEnI.exe
  2⤵
  PID:7724
- C:\Windows\System\eTbRJBT.exe
  C:\Windows\System\eTbRJBT.exe
  2⤵
  PID:7768
- C:\Windows\System\DfShFfi.exe
  C:\Windows\System\DfShFfi.exe
  2⤵
  PID:7904
- C:\Windows\System\QIhNNxW.exe
  C:\Windows\System\QIhNNxW.exe
  2⤵
  PID:7924
- C:\Windows\System\EhWpUou.exe
  C:\Windows\System\EhWpUou.exe
  2⤵
  PID:7956
- C:\Windows\System\TNkqlBh.exe
  C:\Windows\System\TNkqlBh.exe
  2⤵
  PID:8096
- C:\Windows\System\FxSOzqI.exe
  C:\Windows\System\FxSOzqI.exe
  2⤵
  PID:8160
- C:\Windows\System\pOhJVlR.exe
  C:\Windows\System\pOhJVlR.exe
  2⤵
  PID:8064
- C:\Windows\System\OJGCOXI.exe
  C:\Windows\System\OJGCOXI.exe
  2⤵
  PID:6704
- C:\Windows\System\XhMaRqN.exe
  C:\Windows\System\XhMaRqN.exe
  2⤵
  PID:8052
- C:\Windows\System\lajTPlb.exe
  C:\Windows\System\lajTPlb.exe
  2⤵
  PID:8116
- C:\Windows\System\SwJKnsH.exe
  C:\Windows\System\SwJKnsH.exe
  2⤵
  PID:8180
- C:\Windows\System\kvoPLVv.exe
  C:\Windows\System\kvoPLVv.exe
  2⤵
  PID:6768
- C:\Windows\System\PjvSDsa.exe
  C:\Windows\System\PjvSDsa.exe
  2⤵
  PID:2752
- C:\Windows\System\VYZZoqD.exe
  C:\Windows\System\VYZZoqD.exe
  2⤵
  PID:1644
- C:\Windows\System\ibzWMFp.exe
  C:\Windows\System\ibzWMFp.exe
  2⤵
  PID:7340
- C:\Windows\System\zxdxffh.exe
  C:\Windows\System\zxdxffh.exe
  2⤵
  PID:2360
- C:\Windows\System\RwlNchC.exe
  C:\Windows\System\RwlNchC.exe
  2⤵
  PID:2008
- C:\Windows\System\bZnIklD.exe
  C:\Windows\System\bZnIklD.exe
  2⤵
  PID:1876
- C:\Windows\System\LOABFRD.exe
  C:\Windows\System\LOABFRD.exe
  2⤵
  PID:7500
- C:\Windows\System\grENlaw.exe
  C:\Windows\System\grENlaw.exe
  2⤵
  PID:7384
- C:\Windows\System\CsxJjWC.exe
  C:\Windows\System\CsxJjWC.exe
  2⤵
  PID:7468
- C:\Windows\System\sMmvZlf.exe
  C:\Windows\System\sMmvZlf.exe
  2⤵
  PID:7560
- C:\Windows\System\ycesatB.exe
  C:\Windows\System\ycesatB.exe
  2⤵
  PID:7544
- C:\Windows\System\FcjTtpD.exe
  C:\Windows\System\FcjTtpD.exe
  2⤵
  PID:7512
- C:\Windows\System\iwwfNNW.exe
  C:\Windows\System\iwwfNNW.exe
  2⤵
  PID:7644
- C:\Windows\System\cwSFugB.exe
  C:\Windows\System\cwSFugB.exe
  2⤵
  PID:7660
- C:\Windows\System\CdZOSkf.exe
  C:\Windows\System\CdZOSkf.exe
  2⤵
  PID:7792
- C:\Windows\System\MxrHJto.exe
  C:\Windows\System\MxrHJto.exe
  2⤵
  PID:7740
- C:\Windows\System\OvSaWKt.exe
  C:\Windows\System\OvSaWKt.exe
  2⤵
  PID:7900
- C:\Windows\System\ADxlnVL.exe
  C:\Windows\System\ADxlnVL.exe
  2⤵
  PID:7884
- C:\Windows\System\kEzSeGW.exe
  C:\Windows\System\kEzSeGW.exe
  2⤵
  PID:888
- C:\Windows\System\lagUVBK.exe
  C:\Windows\System\lagUVBK.exe
  2⤵
  PID:8084
- C:\Windows\System\ygjaLPp.exe
  C:\Windows\System\ygjaLPp.exe
  2⤵
  PID:7852
- C:\Windows\System\BUSmgBp.exe
  C:\Windows\System\BUSmgBp.exe
  2⤵
  PID:8032
- C:\Windows\System\szQirhH.exe
  C:\Windows\System\szQirhH.exe
  2⤵
  PID:2612
- C:\Windows\System\yoCZaWl.exe
  C:\Windows\System\yoCZaWl.exe
  2⤵
  PID:8020
- C:\Windows\System\ibqmOKb.exe
  C:\Windows\System\ibqmOKb.exe
  2⤵
  PID:7224
- C:\Windows\System\NnzQeRa.exe
  C:\Windows\System\NnzQeRa.exe
  2⤵
  PID:7432
- C:\Windows\System\dsdksTB.exe
  C:\Windows\System\dsdksTB.exe
  2⤵
  PID:3036
- C:\Windows\System\pdxvFHd.exe
  C:\Windows\System\pdxvFHd.exe
  2⤵
  PID:7564
- C:\Windows\System\efWeega.exe
  C:\Windows\System\efWeega.exe
  2⤵
  PID:1752
- C:\Windows\System\ponsBnM.exe
  C:\Windows\System\ponsBnM.exe
  2⤵
  PID:2856
- C:\Windows\System\qEJlbMR.exe
  C:\Windows\System\qEJlbMR.exe
  2⤵
  PID:7452
- C:\Windows\System\DlCofMd.exe
  C:\Windows\System\DlCofMd.exe
  2⤵
  PID:7420
- C:\Windows\System\richDNT.exe
  C:\Windows\System\richDNT.exe
  2⤵
  PID:7692
- C:\Windows\System\MaxmJpw.exe
  C:\Windows\System\MaxmJpw.exe
  2⤵
  PID:7708
- C:\Windows\System\vJJyQbF.exe
  C:\Windows\System\vJJyQbF.exe
  2⤵
  PID:7756
- C:\Windows\System\RiiMNMu.exe
  C:\Windows\System\RiiMNMu.exe
  2⤵
  PID:8000
- C:\Windows\System\VwPsfnd.exe
  C:\Windows\System\VwPsfnd.exe
  2⤵
  PID:7984
- C:\Windows\System\RdtegzQ.exe
  C:\Windows\System\RdtegzQ.exe
  2⤵
  PID:6416
- C:\Windows\System\qcShWPT.exe
  C:\Windows\System\qcShWPT.exe
  2⤵
  PID:7308
- C:\Windows\System\owMhaWK.exe
  C:\Windows\System\owMhaWK.exe
  2⤵
  PID:2804
- C:\Windows\System\rXBtGJg.exe
  C:\Windows\System\rXBtGJg.exe
  2⤵
  PID:7516
- C:\Windows\System\IFoHSCF.exe
  C:\Windows\System\IFoHSCF.exe
  2⤵
  PID:8148
- C:\Windows\System\nOqdoHr.exe
  C:\Windows\System\nOqdoHr.exe
  2⤵
  PID:7628
- C:\Windows\System\BcYHLFB.exe
  C:\Windows\System\BcYHLFB.exe
  2⤵
  PID:7872
- C:\Windows\System\LGvMODY.exe
  C:\Windows\System\LGvMODY.exe
  2⤵
  PID:8068
- C:\Windows\System\jliSDwt.exe
  C:\Windows\System\jliSDwt.exe
  2⤵
  PID:7788
- C:\Windows\System\WEEgXzZ.exe
  C:\Windows\System\WEEgXzZ.exe
  2⤵
  PID:7856
- C:\Windows\System\hgdjnie.exe
  C:\Windows\System\hgdjnie.exe
  2⤵
  PID:7532
- C:\Windows\System\LRZMVzK.exe
  C:\Windows\System\LRZMVzK.exe
  2⤵
  PID:7868
- C:\Windows\System\XFFRqUX.exe
  C:\Windows\System\XFFRqUX.exe
  2⤵
  PID:6656
- C:\Windows\System\RMUmobz.exe
  C:\Windows\System\RMUmobz.exe
  2⤵
  PID:8200
- C:\Windows\System\snsKjaT.exe
  C:\Windows\System\snsKjaT.exe
  2⤵
  PID:8216
- C:\Windows\System\ksxHBKL.exe
  C:\Windows\System\ksxHBKL.exe
  2⤵
  PID:8232
- C:\Windows\System\bWpFNhv.exe
  C:\Windows\System\bWpFNhv.exe
  2⤵
  PID:8248
- C:\Windows\System\IDjkTak.exe
  C:\Windows\System\IDjkTak.exe
  2⤵
  PID:8264
- C:\Windows\System\FNyjUbz.exe
  C:\Windows\System\FNyjUbz.exe
  2⤵
  PID:8280
- C:\Windows\System\tZwXNLb.exe
  C:\Windows\System\tZwXNLb.exe
  2⤵
  PID:8296
- C:\Windows\System\wNpFbsf.exe
  C:\Windows\System\wNpFbsf.exe
  2⤵
  PID:8312
- C:\Windows\System\jazaTod.exe
  C:\Windows\System\jazaTod.exe
  2⤵
  PID:8328
- C:\Windows\System\EWNLWHd.exe
  C:\Windows\System\EWNLWHd.exe
  2⤵
  PID:8344
- C:\Windows\System\WOHJHsF.exe
  C:\Windows\System\WOHJHsF.exe
  2⤵
  PID:8360
- C:\Windows\System\Qeywzij.exe
  C:\Windows\System\Qeywzij.exe
  2⤵
  PID:8376
- C:\Windows\System\hUUgYGG.exe
  C:\Windows\System\hUUgYGG.exe
  2⤵
  PID:8392
- C:\Windows\System\GfyIWrl.exe
  C:\Windows\System\GfyIWrl.exe
  2⤵
  PID:8408
- C:\Windows\System\aBWjhQm.exe
  C:\Windows\System\aBWjhQm.exe
  2⤵
  PID:8424
- C:\Windows\System\mnsdUQe.exe
  C:\Windows\System\mnsdUQe.exe
  2⤵
  PID:8440
- C:\Windows\System\ghRxvFY.exe
  C:\Windows\System\ghRxvFY.exe
  2⤵
  PID:8456
- C:\Windows\System\VorDyuX.exe
  C:\Windows\System\VorDyuX.exe
  2⤵
  PID:8472
- C:\Windows\System\lRubRDL.exe
  C:\Windows\System\lRubRDL.exe
  2⤵
  PID:8488
- C:\Windows\System\BZVPtBp.exe
  C:\Windows\System\BZVPtBp.exe
  2⤵
  PID:8504
- C:\Windows\System\ghrXVVN.exe
  C:\Windows\System\ghrXVVN.exe
  2⤵
  PID:8520
- C:\Windows\System\nmLplYK.exe
  C:\Windows\System\nmLplYK.exe
  2⤵
  PID:8536
- C:\Windows\System\ocuxJhj.exe
  C:\Windows\System\ocuxJhj.exe
  2⤵
  PID:8552
- C:\Windows\System\STQkPKg.exe
  C:\Windows\System\STQkPKg.exe
  2⤵
  PID:8568
- C:\Windows\System\gSuzzWA.exe
  C:\Windows\System\gSuzzWA.exe
  2⤵
  PID:8584
- C:\Windows\System\YVEcRCA.exe
  C:\Windows\System\YVEcRCA.exe
  2⤵
  PID:8600
- C:\Windows\System\AajPWBd.exe
  C:\Windows\System\AajPWBd.exe
  2⤵
  PID:8616
- C:\Windows\System\BgXcDIp.exe
  C:\Windows\System\BgXcDIp.exe
  2⤵
  PID:8632
- C:\Windows\System\QMaDVRr.exe
  C:\Windows\System\QMaDVRr.exe
  2⤵
  PID:8648
- C:\Windows\System\RhUDAov.exe
  C:\Windows\System\RhUDAov.exe
  2⤵
  PID:8664
- C:\Windows\System\qxvjobJ.exe
  C:\Windows\System\qxvjobJ.exe
  2⤵
  PID:8680
- C:\Windows\System\zPnywNH.exe
  C:\Windows\System\zPnywNH.exe
  2⤵
  PID:8696
- C:\Windows\System\tQdObta.exe
  C:\Windows\System\tQdObta.exe
  2⤵
  PID:8712
- C:\Windows\System\igHPwnZ.exe
  C:\Windows\System\igHPwnZ.exe
  2⤵
  PID:8728
- C:\Windows\System\jPZSfQJ.exe
  C:\Windows\System\jPZSfQJ.exe
  2⤵
  PID:8744
- C:\Windows\System\ICNcQnq.exe
  C:\Windows\System\ICNcQnq.exe
  2⤵
  PID:8760
- C:\Windows\System\qkIWHUV.exe
  C:\Windows\System\qkIWHUV.exe
  2⤵
  PID:8776
- C:\Windows\System\cQEWcqw.exe
  C:\Windows\System\cQEWcqw.exe
  2⤵
  PID:8792
- C:\Windows\System\CttXpzh.exe
  C:\Windows\System\CttXpzh.exe
  2⤵
  PID:8808
- C:\Windows\System\XGmpvQK.exe
  C:\Windows\System\XGmpvQK.exe
  2⤵
  PID:8824
- C:\Windows\System\effDehN.exe
  C:\Windows\System\effDehN.exe
  2⤵
  PID:8844
- C:\Windows\System\HaFSbof.exe
  C:\Windows\System\HaFSbof.exe
  2⤵
  PID:8860
- C:\Windows\System\hpzcipE.exe
  C:\Windows\System\hpzcipE.exe
  2⤵
  PID:8876
- C:\Windows\System\yNkgPRO.exe
  C:\Windows\System\yNkgPRO.exe
  2⤵
  PID:8892
- C:\Windows\System\lwYalbh.exe
  C:\Windows\System\lwYalbh.exe
  2⤵
  PID:8908
- C:\Windows\System\snAKdSE.exe
  C:\Windows\System\snAKdSE.exe
  2⤵
  PID:8924
- C:\Windows\System\JDzMGqo.exe
  C:\Windows\System\JDzMGqo.exe
  2⤵
  PID:8940
- C:\Windows\System\vrXPsKy.exe
  C:\Windows\System\vrXPsKy.exe
  2⤵
  PID:8956
- C:\Windows\System\xrVolJq.exe
  C:\Windows\System\xrVolJq.exe
  2⤵
  PID:8972
- C:\Windows\System\OsKiuGD.exe
  C:\Windows\System\OsKiuGD.exe
  2⤵
  PID:8988
- C:\Windows\System\ZwcTwxD.exe
  C:\Windows\System\ZwcTwxD.exe
  2⤵
  PID:9004
- C:\Windows\System\nnzHhWm.exe
  C:\Windows\System\nnzHhWm.exe
  2⤵
  PID:9024
- C:\Windows\System\cFjERzk.exe
  C:\Windows\System\cFjERzk.exe
  2⤵
  PID:9040
- C:\Windows\System\wEkNYeG.exe
  C:\Windows\System\wEkNYeG.exe
  2⤵
  PID:9056
- C:\Windows\System\TJwSMGp.exe
  C:\Windows\System\TJwSMGp.exe
  2⤵
  PID:9072
- C:\Windows\System\RjOfwFD.exe
  C:\Windows\System\RjOfwFD.exe
  2⤵
  PID:9088
- C:\Windows\System\VkRaRQS.exe
  C:\Windows\System\VkRaRQS.exe
  2⤵
  PID:9104
- C:\Windows\System\QtVXoLD.exe
  C:\Windows\System\QtVXoLD.exe
  2⤵
  PID:9120
- C:\Windows\System\mhQrFqp.exe
  C:\Windows\System\mhQrFqp.exe
  2⤵
  PID:9140
- C:\Windows\System\oaIxJaI.exe
  C:\Windows\System\oaIxJaI.exe
  2⤵
  PID:9156
- C:\Windows\System\kjTazxe.exe
  C:\Windows\System\kjTazxe.exe
  2⤵
  PID:9172
- C:\Windows\System\NPyQrZa.exe
  C:\Windows\System\NPyQrZa.exe
  2⤵
  PID:9188
- C:\Windows\System\zjuXjtg.exe
  C:\Windows\System\zjuXjtg.exe
  2⤵
  PID:9204
- C:\Windows\System\sXubmTO.exe
  C:\Windows\System\sXubmTO.exe
  2⤵
  PID:2368
- C:\Windows\System\rgwlDjf.exe
  C:\Windows\System\rgwlDjf.exe
  2⤵
  PID:7836
- C:\Windows\System\uTOmNPt.exe
  C:\Windows\System\uTOmNPt.exe
  2⤵
  PID:7404
- C:\Windows\System\HaTspLg.exe
  C:\Windows\System\HaTspLg.exe
  2⤵
  PID:8276
- C:\Windows\System\pPYfpnE.exe
  C:\Windows\System\pPYfpnE.exe
  2⤵
  PID:8336
- C:\Windows\System\xxqMzAq.exe
  C:\Windows\System\xxqMzAq.exe
  2⤵
  PID:8368
- C:\Windows\System\ciyzsVh.exe
  C:\Windows\System\ciyzsVh.exe
  2⤵
  PID:8432
- C:\Windows\System\zQJtfKc.exe
  C:\Windows\System\zQJtfKc.exe
  2⤵
  PID:604
- C:\Windows\System\GIoYBwM.exe
  C:\Windows\System\GIoYBwM.exe
  2⤵
  PID:8320
- C:\Windows\System\zUhzpqh.exe
  C:\Windows\System\zUhzpqh.exe
  2⤵
  PID:8384
- C:\Windows\System\aGVlBpM.exe
  C:\Windows\System\aGVlBpM.exe
  2⤵
  PID:8452
- C:\Windows\System\bJybGem.exe
  C:\Windows\System\bJybGem.exe
  2⤵
  PID:8500
- C:\Windows\System\OwAcQiL.exe
  C:\Windows\System\OwAcQiL.exe
  2⤵
  PID:8560
- C:\Windows\System\NAsPQlH.exe
  C:\Windows\System\NAsPQlH.exe
  2⤵
  PID:8576
- C:\Windows\System\jgrvNNY.exe
  C:\Windows\System\jgrvNNY.exe
  2⤵
  PID:8516
- C:\Windows\System\lOKUJBZ.exe
  C:\Windows\System\lOKUJBZ.exe
  2⤵
  PID:8628
- C:\Windows\System\bRdyOwI.exe
  C:\Windows\System\bRdyOwI.exe
  2⤵
  PID:8660
- C:\Windows\System\zQuqaZX.exe
  C:\Windows\System\zQuqaZX.exe
  2⤵
  PID:8708
- C:\Windows\System\ggNtCgk.exe
  C:\Windows\System\ggNtCgk.exe
  2⤵
  PID:8704
- C:\Windows\System\QLGEOBF.exe
  C:\Windows\System\QLGEOBF.exe
  2⤵
  PID:8736
- C:\Windows\System\qOeSugM.exe
  C:\Windows\System\qOeSugM.exe
  2⤵
  PID:8676
- C:\Windows\System\ojqnDwZ.exe
  C:\Windows\System\ojqnDwZ.exe
  2⤵
  PID:8800
- C:\Windows\System\vzIkxOM.exe
  C:\Windows\System\vzIkxOM.exe
  2⤵
  PID:8888
- C:\Windows\System\GzvKagr.exe
  C:\Windows\System\GzvKagr.exe
  2⤵
  PID:8832
- C:\Windows\System\PtPifJT.exe
  C:\Windows\System\PtPifJT.exe
  2⤵
  PID:8948
- C:\Windows\System\FPoppvH.exe
  C:\Windows\System\FPoppvH.exe
  2⤵
  PID:9012
- C:\Windows\System\zaBiHWH.exe
  C:\Windows\System\zaBiHWH.exe
  2⤵
  PID:8932
- C:\Windows\System\BnpZuxg.exe
  C:\Windows\System\BnpZuxg.exe
  2⤵
  PID:9052
- C:\Windows\System\YCTHvga.exe
  C:\Windows\System\YCTHvga.exe
  2⤵
  PID:9064
- C:\Windows\System\KvBLOoq.exe
  C:\Windows\System\KvBLOoq.exe
  2⤵
  PID:9080
- C:\Windows\System\USvKkXv.exe
  C:\Windows\System\USvKkXv.exe
  2⤵
  PID:9096
- C:\Windows\System\mDoEPGo.exe
  C:\Windows\System\mDoEPGo.exe
  2⤵
  PID:9180
- C:\Windows\System\agWUXbV.exe
  C:\Windows\System\agWUXbV.exe
  2⤵
  PID:8244
- C:\Windows\System\TEqsYGQ.exe
  C:\Windows\System\TEqsYGQ.exe
  2⤵
  PID:8212
- C:\Windows\System\KNATZqD.exe
  C:\Windows\System\KNATZqD.exe
  2⤵
  PID:9128
- C:\Windows\System\iwKxXhb.exe
  C:\Windows\System\iwKxXhb.exe
  2⤵
  PID:9200
- C:\Windows\System\htLgYFZ.exe
  C:\Windows\System\htLgYFZ.exe
  2⤵
  PID:8404
- C:\Windows\System\psieytW.exe
  C:\Windows\System\psieytW.exe
  2⤵
  PID:2352
- C:\Windows\System\IvRpmqx.exe
  C:\Windows\System\IvRpmqx.exe
  2⤵
  PID:8324
- C:\Windows\System\yyINOhW.exe
  C:\Windows\System\yyINOhW.exe
  2⤵
  PID:8532
- C:\Windows\System\OVnTGwl.exe
  C:\Windows\System\OVnTGwl.exe
  2⤵
  PID:8484
- C:\Windows\System\FsBFRve.exe
  C:\Windows\System\FsBFRve.exe
  2⤵
  PID:9016
- C:\Windows\System\hKySXjw.exe
  C:\Windows\System\hKySXjw.exe
  2⤵
  PID:9168
- C:\Windows\System\jNzBzdg.exe
  C:\Windows\System\jNzBzdg.exe
  2⤵
  PID:2476
- C:\Windows\System\YYQriba.exe
  C:\Windows\System\YYQriba.exe
  2⤵
  PID:8224
- C:\Windows\System\skcHlvM.exe
  C:\Windows\System\skcHlvM.exe
  2⤵
  PID:8436
- C:\Windows\System\vHseAXY.exe
  C:\Windows\System\vHseAXY.exe
  2⤵
  PID:8464
- C:\Windows\System\wQsHPwp.exe
  C:\Windows\System\wQsHPwp.exe
  2⤵
  PID:8548
- C:\Windows\System\DHeQltv.exe
  C:\Windows\System\DHeQltv.exe
  2⤵
  PID:8644
- C:\Windows\System\JcwBCXE.exe
  C:\Windows\System\JcwBCXE.exe
  2⤵
  PID:8724
- C:\Windows\System\KRfJmWA.exe
  C:\Windows\System\KRfJmWA.exe
  2⤵
  PID:8884
- C:\Windows\System\KVwJCOR.exe
  C:\Windows\System\KVwJCOR.exe
  2⤵
  PID:8756
- C:\Windows\System\aXYPitq.exe
  C:\Windows\System\aXYPitq.exe
  2⤵
  PID:8900
- C:\Windows\System\fFdDrsY.exe
  C:\Windows\System\fFdDrsY.exe
  2⤵
  PID:8688
- C:\Windows\System\huzfmyv.exe
  C:\Windows\System\huzfmyv.exe
  2⤵
  PID:8984
- C:\Windows\System\fCAHHMk.exe
  C:\Windows\System\fCAHHMk.exe
  2⤵
  PID:9048
- C:\Windows\System\PQSbVFU.exe
  C:\Windows\System\PQSbVFU.exe
  2⤵
  PID:9148
- C:\Windows\System\ofrhzJT.exe
  C:\Windows\System\ofrhzJT.exe
  2⤵
  PID:9112
- C:\Windows\System\sevPwnc.exe
  C:\Windows\System\sevPwnc.exe
  2⤵
  PID:8448
- C:\Windows\System\cLkdTvP.exe
  C:\Windows\System\cLkdTvP.exe
  2⤵
  PID:1824
- C:\Windows\System\RkKDQMX.exe
  C:\Windows\System\RkKDQMX.exe
  2⤵
  PID:8608
- C:\Windows\System\KJWOBRD.exe
  C:\Windows\System\KJWOBRD.exe
  2⤵
  PID:8624
- C:\Windows\System\zfdYfbr.exe
  C:\Windows\System\zfdYfbr.exe
  2⤵
  PID:9036
- C:\Windows\System\vtcaMFA.exe
  C:\Windows\System\vtcaMFA.exe
  2⤵
  PID:8804
- C:\Windows\System\aiDpPwM.exe
  C:\Windows\System\aiDpPwM.exe
  2⤵
  PID:8208
- C:\Windows\System\jlfWKHz.exe
  C:\Windows\System\jlfWKHz.exe
  2⤵
  PID:8788
- C:\Windows\System\NiyCFFr.exe
  C:\Windows\System\NiyCFFr.exe
  2⤵
  PID:8512
- C:\Windows\System\RFvEani.exe
  C:\Windows\System\RFvEani.exe
  2⤵
  PID:9228
- C:\Windows\System\VxVhttL.exe
  C:\Windows\System\VxVhttL.exe
  2⤵
  PID:9244
- C:\Windows\System\SUrIJHq.exe
  C:\Windows\System\SUrIJHq.exe
  2⤵
  PID:9260
- C:\Windows\System\tKYdoPx.exe
  C:\Windows\System\tKYdoPx.exe
  2⤵
  PID:9276
- C:\Windows\System\pPnELDR.exe
  C:\Windows\System\pPnELDR.exe
  2⤵
  PID:9292
- C:\Windows\System\tOJAGFJ.exe
  C:\Windows\System\tOJAGFJ.exe
  2⤵
  PID:9308
- C:\Windows\System\hbiqcQT.exe
  C:\Windows\System\hbiqcQT.exe
  2⤵
  PID:9324
- C:\Windows\System\wFGPWEn.exe
  C:\Windows\System\wFGPWEn.exe
  2⤵
  PID:9340
- C:\Windows\System\eCAPkww.exe
  C:\Windows\System\eCAPkww.exe
  2⤵
  PID:9356
- C:\Windows\System\tQubBlt.exe
  C:\Windows\System\tQubBlt.exe
  2⤵
  PID:9372
- C:\Windows\System\IMYGBqL.exe
  C:\Windows\System\IMYGBqL.exe
  2⤵
  PID:9388
- C:\Windows\System\BuvlkOQ.exe
  C:\Windows\System\BuvlkOQ.exe
  2⤵
  PID:9404
- C:\Windows\System\EPTCwQY.exe
  C:\Windows\System\EPTCwQY.exe
  2⤵
  PID:9420
- C:\Windows\System\FsnEWBc.exe
  C:\Windows\System\FsnEWBc.exe
  2⤵
  PID:9436
- C:\Windows\System\sJLKFxk.exe
  C:\Windows\System\sJLKFxk.exe
  2⤵
  PID:9452
- C:\Windows\System\SrpBtKE.exe
  C:\Windows\System\SrpBtKE.exe
  2⤵
  PID:9468
- C:\Windows\System\QgpDveE.exe
  C:\Windows\System\QgpDveE.exe
  2⤵
  PID:9484
- C:\Windows\System\cYHPPrU.exe
  C:\Windows\System\cYHPPrU.exe
  2⤵
  PID:9500
- C:\Windows\System\OSDSQYV.exe
  C:\Windows\System\OSDSQYV.exe
  2⤵
  PID:9516
- C:\Windows\System\iiwxdso.exe
  C:\Windows\System\iiwxdso.exe
  2⤵
  PID:9532
- C:\Windows\System\wWqocKi.exe
  C:\Windows\System\wWqocKi.exe
  2⤵
  PID:9548
- C:\Windows\System\FmLQJaB.exe
  C:\Windows\System\FmLQJaB.exe
  2⤵
  PID:9564
- C:\Windows\System\TxWqycJ.exe
  C:\Windows\System\TxWqycJ.exe
  2⤵
  PID:9580
- C:\Windows\System\CXgRUuG.exe
  C:\Windows\System\CXgRUuG.exe
  2⤵
  PID:9596
- C:\Windows\System\zBbuXpR.exe
  C:\Windows\System\zBbuXpR.exe
  2⤵
  PID:9612
- C:\Windows\System\tJaEAnk.exe
  C:\Windows\System\tJaEAnk.exe
  2⤵
  PID:9628
- C:\Windows\System\RulpdMU.exe
  C:\Windows\System\RulpdMU.exe
  2⤵
  PID:9644
- C:\Windows\System\dZOogpx.exe
  C:\Windows\System\dZOogpx.exe
  2⤵
  PID:9660
- C:\Windows\System\ulnuRea.exe
  C:\Windows\System\ulnuRea.exe
  2⤵
  PID:9676
- C:\Windows\System\asSqYbn.exe
  C:\Windows\System\asSqYbn.exe
  2⤵
  PID:9692
- C:\Windows\System\ATWYNYz.exe
  C:\Windows\System\ATWYNYz.exe
  2⤵
  PID:9708
- C:\Windows\System\TWKPUAM.exe
  C:\Windows\System\TWKPUAM.exe
  2⤵
  PID:9724
- C:\Windows\System\DWmmwJB.exe
  C:\Windows\System\DWmmwJB.exe
  2⤵
  PID:9740
- C:\Windows\System\EeMXUzI.exe
  C:\Windows\System\EeMXUzI.exe
  2⤵
  PID:9756
- C:\Windows\System\UkZbzTO.exe
  C:\Windows\System\UkZbzTO.exe
  2⤵
  PID:9772
- C:\Windows\System\CLxvpeT.exe
  C:\Windows\System\CLxvpeT.exe
  2⤵
  PID:9788
- C:\Windows\System\LjlYhNN.exe
  C:\Windows\System\LjlYhNN.exe
  2⤵
  PID:9804
- C:\Windows\System\ELIBEbb.exe
  C:\Windows\System\ELIBEbb.exe
  2⤵
  PID:9820
- C:\Windows\System\miFBHdd.exe
  C:\Windows\System\miFBHdd.exe
  2⤵
  PID:9840
- C:\Windows\System\HNMzZDQ.exe
  C:\Windows\System\HNMzZDQ.exe
  2⤵
  PID:9856
- C:\Windows\System\TfXlbYp.exe
  C:\Windows\System\TfXlbYp.exe
  2⤵
  PID:9872
- C:\Windows\System\FsqlFoS.exe
  C:\Windows\System\FsqlFoS.exe
  2⤵
  PID:9888
- C:\Windows\System\cIRcUpB.exe
  C:\Windows\System\cIRcUpB.exe
  2⤵
  PID:9904
- C:\Windows\System\FpkqjVQ.exe
  C:\Windows\System\FpkqjVQ.exe
  2⤵
  PID:9920
- C:\Windows\System\zVGPaIZ.exe
  C:\Windows\System\zVGPaIZ.exe
  2⤵
  PID:9936
- C:\Windows\System\aruJVZI.exe
  C:\Windows\System\aruJVZI.exe
  2⤵
  PID:9952
- C:\Windows\System\gNCZERD.exe
  C:\Windows\System\gNCZERD.exe
  2⤵
  PID:9968
- C:\Windows\System\nZlwvkc.exe
  C:\Windows\System\nZlwvkc.exe
  2⤵
  PID:9984
- C:\Windows\System\mkPeDEx.exe
  C:\Windows\System\mkPeDEx.exe
  2⤵
  PID:10000
- C:\Windows\System\clgBsgb.exe
  C:\Windows\System\clgBsgb.exe
  2⤵
  PID:10016
- C:\Windows\System\nBMXuzr.exe
  C:\Windows\System\nBMXuzr.exe
  2⤵
  PID:10032
- C:\Windows\System\ViNQZqZ.exe
  C:\Windows\System\ViNQZqZ.exe
  2⤵
  PID:10048
- C:\Windows\System\TDNVNBj.exe
  C:\Windows\System\TDNVNBj.exe
  2⤵
  PID:10064
- C:\Windows\System\RCqPEOg.exe
  C:\Windows\System\RCqPEOg.exe
  2⤵
  PID:10080
- C:\Windows\System\aokDUKt.exe
  C:\Windows\System\aokDUKt.exe
  2⤵
  PID:10096
- C:\Windows\System\zCKYpoA.exe
  C:\Windows\System\zCKYpoA.exe
  2⤵
  PID:10112
- C:\Windows\System\DdXVahG.exe
  C:\Windows\System\DdXVahG.exe
  2⤵
  PID:10128
- C:\Windows\System\XAzHjRw.exe
  C:\Windows\System\XAzHjRw.exe
  2⤵
  PID:10152
- C:\Windows\System\JcjtRSy.exe
  C:\Windows\System\JcjtRSy.exe
  2⤵
  PID:10168
- C:\Windows\System\zVADzxt.exe
  C:\Windows\System\zVADzxt.exe
  2⤵
  PID:10184
- C:\Windows\System\HLTqbKQ.exe
  C:\Windows\System\HLTqbKQ.exe
  2⤵
  PID:10204
- C:\Windows\System\bAyQPDR.exe
  C:\Windows\System\bAyQPDR.exe
  2⤵
  PID:10220
- C:\Windows\System\JdsCaWl.exe
  C:\Windows\System\JdsCaWl.exe
  2⤵
  PID:10236
- C:\Windows\System\PYivARc.exe
  C:\Windows\System\PYivARc.exe
  2⤵
  PID:9000
- C:\Windows\System\ZuXOeHp.exe
  C:\Windows\System\ZuXOeHp.exe
  2⤵
  PID:8672
- C:\Windows\System\TVWZxfb.exe
  C:\Windows\System\TVWZxfb.exe
  2⤵
  PID:9252
- C:\Windows\System\ceIpVRa.exe
  C:\Windows\System\ceIpVRa.exe
  2⤵
  PID:9272
- C:\Windows\System\cPqHAwR.exe
  C:\Windows\System\cPqHAwR.exe
  2⤵
  PID:9396
- C:\Windows\System\PCDbhuE.exe
  C:\Windows\System\PCDbhuE.exe
  2⤵
  PID:9400
- C:\Windows\System\IErFIAp.exe
  C:\Windows\System\IErFIAp.exe
  2⤵
  PID:9288
- C:\Windows\System\VpefXuC.exe
  C:\Windows\System\VpefXuC.exe
  2⤵
  PID:9352
- C:\Windows\System\SFNuOZp.exe
  C:\Windows\System\SFNuOZp.exe
  2⤵
  PID:9416
- C:\Windows\System\PkguLBr.exe
  C:\Windows\System\PkguLBr.exe
  2⤵
  PID:9464
- C:\Windows\System\vtKACEs.exe
  C:\Windows\System\vtKACEs.exe
  2⤵
  PID:9496
- C:\Windows\System\HnKyRpT.exe
  C:\Windows\System\HnKyRpT.exe
  2⤵
  PID:9604
- C:\Windows\System\mbDxXzR.exe
  C:\Windows\System\mbDxXzR.exe
  2⤵
  PID:9592
- C:\Windows\System\zDNEQpx.exe
  C:\Windows\System\zDNEQpx.exe
  2⤵
  PID:9556
- C:\Windows\System\WlJCdAg.exe
  C:\Windows\System\WlJCdAg.exe
  2⤵
  PID:9640
- C:\Windows\System\IgSNBYu.exe
  C:\Windows\System\IgSNBYu.exe
  2⤵
  PID:9672
- C:\Windows\System\RhadBrQ.exe
  C:\Windows\System\RhadBrQ.exe
  2⤵
  PID:9688
- C:\Windows\System\XdcZdHE.exe
  C:\Windows\System\XdcZdHE.exe
  2⤵
  PID:9720
- C:\Windows\System\dhXPcRp.exe
  C:\Windows\System\dhXPcRp.exe
  2⤵
  PID:9764
- C:\Windows\System\TUdmzCz.exe
  C:\Windows\System\TUdmzCz.exe
  2⤵
  PID:9812
- C:\Windows\System\KeYhuVM.exe
  C:\Windows\System\KeYhuVM.exe
  2⤵
  PID:9848
- C:\Windows\System\TohGxZM.exe
  C:\Windows\System\TohGxZM.exe
  2⤵
  PID:9796
- C:\Windows\System\TPwPlsv.exe
  C:\Windows\System\TPwPlsv.exe
  2⤵
  PID:8840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AVdjJhi.exe

Filesize
6.0MB

MD5
67c4b4bb205b7556a156097fc3e1cb11

SHA1
a15fa66f98a33704d3acb2768f7ddb0a3973a3bb

SHA256
fe0daee92038d7100f1097c2a2ed917fb76e75689f733e476f1fc678715c96ba

SHA512
cbebdc89f5b5ad8b12c2ae1210509f8b90d4eb9980a754d64c7f2fab87e0cef6a3bfa9f8e72ebfd31657a061107717398a2e20a3c4f819e105e60a7c0d3969bd

Download Submit
C:\Windows\system\BnaQgRg.exe

Filesize
6.0MB

MD5
6687f7971a17d3b1eff63ad9fa647c83

SHA1
2c3b8d91235520ce665adb39a8e4b497959a644c

SHA256
8e877b2a577f8c26dc218410de534ed839aac85fb9151284a62ffe475c199e0d

SHA512
8ad51ba39549b602de3e5d1d7c1a3efd23d912439f197c9e42af83a7d6f3083d7adffe9d347c937af8af8b5bdaf023e96c5aa4b45c470efcf70ab20eb1ddf8f0

Download Submit
C:\Windows\system\DVfwHIV.exe

Filesize
6.0MB

MD5
bfd661afac1b176eb19d3358f9dd0ad0

SHA1
e2f754e72e0a43560ed8d35896bf3aefee07dba4

SHA256
31decf776fd6ae9223b61c3a23570e62a97939a7527a4e5f54f41f71ca61ad7e

SHA512
e0081ac28d21dff02d60bf93cb12fefa717b4bada195994df9f345526616c1b9f90754f096a2878ede07f6931cfecc36fcb405d2dc38ab0f35d77b8d1ceb69c0

Download Submit
C:\Windows\system\HXRktoh.exe

Filesize
6.0MB

MD5
d63e91483dd7dab90256604485840a51

SHA1
1c712a684129de2ea932c92ecc6426400813e879

SHA256
206ee993a0691658dc158295ee4bdabe44b58c92cf6285180e0e645d3267ef8d

SHA512
a9cd01c424d6fd8be4025d8ede90ad6092625b323c9151504cf9f0bd9ccb239b58e093c69e6bfdfa473e327e0cffa5d3e078832e4fee7c51665db0b7b0dd479c

Download Submit
C:\Windows\system\KGmHazo.exe

Filesize
6.0MB

MD5
94a695fe42ef430f91b3bd48c3ce1a15

SHA1
ca696e2033ad53c1454c445496f55ebc2cab17aa

SHA256
a3e36f157319185356ca7bee23fe7705adca8585185fa2860e403ee76171d307

SHA512
97eb46f520da7b7c932a28970dac271d9a12680e49f189846bbb2820e36691f3392d436b6623f4cec579be8bee6694e4b0c55adf8c3c17721ac31a2d02afe658

Download Submit
C:\Windows\system\LOgGtjP.exe

Filesize
6.0MB

MD5
6bc60d328c17cf0f487319615ded7bc7

SHA1
43dfe3205f23d1d8d65c0989c712c9a0d958be28

SHA256
2b29131389afa6584d6aefcfc97c9424e548cd05077f90e03c964149803b154f

SHA512
aaf8050a8bd39bc8f148de9b28965192b7956ae9db9cf8fe9888080bb1c9379283f1073ab2816af48b902b652833a369ca759e8558feabf390304885499e16c9

Download Submit
C:\Windows\system\LaokPmm.exe

Filesize
6.0MB

MD5
e95836c8f3915de169c18c88e6b5e050

SHA1
da082c14765961818215f86f831f2917a8c7a67d

SHA256
41ad30066b66611a8dee79bc272273a1b204c74bc7f49cb7c9edba2190bdfe42

SHA512
6d114bb9dbcd925aad6f06e2da5eb9c1a953acd6c16524fd8a20391465ffdbadda2532454fa1aa20509d57b4c83121fb429ff70b4bff2cb251a9193b6cb1dcb1

Download Submit
C:\Windows\system\NXzVJtW.exe

Filesize
6.0MB

MD5
77702eaff947a8c1e60d40002485ceb0

SHA1
8682bfad87248d8e5c72998848cc894d67ab0636

SHA256
fd41c232436bb56cd2dadfd9ea0e7a055fab952218bc4c65cf0f2f74b738e846

SHA512
7321985775dec9b01b58a642622235adbe7f878ffe50abc69e5d11ff7082b93fbb31651207d30dff6001fff50e02da3743c109cf867dddae221e1f31c1b279d4

Download Submit
C:\Windows\system\OBjhtSi.exe

Filesize
6.0MB

MD5
3eee5a213b495339f77b126ae1c52bec

SHA1
c1d381c169ad2c664f5f86960cf4bfac6dabaed1

SHA256
c8b93cfc0f47e106f4664a49e95ebc670b7f821b89547eedaee98d63e491fca6

SHA512
f34df46c374bc68f76143228eada3352b8791b744abc83ff4916feedf9e15bb94149f6f516155964d73a7b3becf508928faddc20e097873335bb695f3aaced3f

Download Submit
C:\Windows\system\ORolFQB.exe

Filesize
6.0MB

MD5
14a00421d26a862586f67aa3d3384b22

SHA1
423817fdfd97ba39e48acf63e7ffc8b0dfa59264

SHA256
f7f773eddc528229be89a348b4da8462521737706f1a5f11420c8293676e1eba

SHA512
001060bffac4e40ae84c92cda8b0073ed4efa4ca5e9c7825555390873b6e26a2fc39b5bb2621ec4ac288083823c3fab5dcf203596f8a02fdf12c4decdf4720ca

Download Submit
C:\Windows\system\PWyegBP.exe

Filesize
6.0MB

MD5
19c6f9ff83f83d2211ea511136bea455

SHA1
58e07a3c2f11ba1f9f7e46eaf6c36a2240d477e5

SHA256
4a9d16104ba3a1fa479268535753c0f429b6cdeb396d76c298e2c6f685420d78

SHA512
42cf6426fa8c5ab31d0c32f81db98718616c20e83ba9ec986e13a8eb94461cc8d351394123d6186083293ac8974dcb2e5828e769fa9f6ee5074aac60f0bd2699

Download Submit
C:\Windows\system\UUgmmPj.exe

Filesize
6.0MB

MD5
bc9264a5f21d353aeea8a75ad27bac7b

SHA1
2db02e7484c8c3c4d5271616039ba836d70201ff

SHA256
3b2c98ed40b0d17075dea6baf56d3f936a0c256b6d5aa7568b5bf3e924fd0f02

SHA512
e57b6bc96c9adaea716b2137db0eac09c70a5b8f7489477873181601a79476e3884cb58f978096b12f3dd58cc8fc35a384991a16f678b9d1a4954eae9d36f897

Download Submit
C:\Windows\system\UcpuqrA.exe

Filesize
6.0MB

MD5
a1899157cd99a258c15b8460b0186399

SHA1
fece444701ab1ae6cc551bf40e960b5dfe63c03a

SHA256
79d788e00be78552305ec081c288ba5096234f5fb00e062230886a8ba88ed610

SHA512
58e9a3f45e5f460db3732a6a943571f6e6ac6791f806e2fa2265c31a5f0c48168416179bcc2bb66ac113e1d37bef8e00c98d0876eb691053133642354aeaf03c

Download Submit
C:\Windows\system\UtuNCag.exe

Filesize
6.0MB

MD5
4cbab19a03303724f25a477821050858

SHA1
0382b682b0bee774de028ae4628d3f91a7fc76db

SHA256
2792d0286ded205c2246bf94dd24610e5bce0ea49fbb9f6884c9fbb5e47b032e

SHA512
36bb724798f276d5f2707d9f00e2925ccd3c4955395d0dbb5bcb9a2315a47855c8a95dd43719972571f29dad378974ab340a05b926e42fb0bdb44bb80c3acc88

Download Submit
C:\Windows\system\VMYZnfz.exe

Filesize
6.0MB

MD5
563bdda4fa23dab9b2c32bf2e928e8b7

SHA1
535c946420d9239f5bddd253276a766c7dba45e2

SHA256
9c2d8b21178597fcb01c753083ef68f4b6c8719e6be60ee7830055da1ba800bb

SHA512
283f600f89c991b1af9886c5dd2089bd44042cd457174ffebf6e0b257f796effd2defb270b74dc0ded998be2ef373a0dfd0a97eb8a82abf92620f2132af41e7e

Download Submit
C:\Windows\system\VRRRgUY.exe

Filesize
6.0MB

MD5
5f475eb84ec109750b54ca63a8724259

SHA1
77610da77d7b9aa6fdd60c4e9f5b3a665f1bc966

SHA256
e3dcdaa8038f0cc94a938c5cb464cfa4f60415d414960082d10c544711c5c482

SHA512
d144ab95cad96406dc00660720b7ad958dcab2f8a486e6abdc37c56557457f1deda7ae7d2f56fbdea1c37378b1bd18958b2b0141b36315b2a0e23dea7667aefe

Download Submit
C:\Windows\system\YczqiUj.exe

Filesize
6.0MB

MD5
f99307b0cbb6f20101df09079b2e498c

SHA1
84721bf20ef70fcc431596df02a550728b5da730

SHA256
2cf8946e7269336e0f20f32b3263061e337c921283b43538447339716c0d7e0c

SHA512
180df0e5167c9f03e74615b260b8f4b301608a9b5573d3a0e932852fbde3a8237ec462fcfb23e71066fa1f5858af89a133d7832941cd7b73dda923a12535acbb

Download Submit
C:\Windows\system\ZprkRwX.exe

Filesize
6.0MB

MD5
c2c57f0367d2e20493fe0aefa70ecf03

SHA1
a34d4a0208983d876d17375893156987eb2c7810

SHA256
57fb325e47f4ac3ea02c4d16d1c255b291e2dca0d4cd0f5fb51bab27360e33c2

SHA512
e2717ed649b6734f55bf11272b1a35ef1c3b967fc0cbad2b60c4e8f321c4db69a6ff2aa00c4a67423f8157a7ec53480a497fefa4bc144adb1bcd550f52e565c4

Download Submit
C:\Windows\system\dYPYjdx.exe

Filesize
6.0MB

MD5
9765aeaa67a6cc8694e0307c0a1c0026

SHA1
fe58520ad07394a09a917023c70e8b203dd3c5b0

SHA256
659110aede4898159bf64dabe9571ce6049baf02c2cbdeae172e59587d44368f

SHA512
c08ac868ae676c94c3b97a019dcb4b29f3adc490677f9a60ecf47af2973cfaafce56785d2f2cf669ac4e9e644019ffc295f32b31ab5e0bc506c841f672be035c

Download Submit
C:\Windows\system\eLDiRgH.exe

Filesize
6.0MB

MD5
3e81e982717db388f73adf204e477071

SHA1
3af25875d4a5e005323f4de364249bb9d20a2f19

SHA256
9c21036e18057876f108c905ff4004258f7c1954ee4c56e174b1f5bc0cf4f506

SHA512
cbac2bee4efc08613251cf81e707f6a14d0f5490c3c211bb79cda5cae351a5803beea7c0bcf922d739a0c93a6840bb6425ff1850cefe90585d8ae239f8341b99

Download Submit
C:\Windows\system\fvsCkqu.exe

Filesize
6.0MB

MD5
ed0389f1292459635b92d4fd77cabb9c

SHA1
aa378992c688e7f55c1b83852b929bae948355e0

SHA256
42432f0f8760e517654097906203f9818555e54ef5e749dc602bf72e026573d0

SHA512
0a557f7daaec5b420a90dcb3257b14e182c03701cfead38a6b221ddf6ac8bde1b0527d9290fc893413de2b8489bafa1ed22b2cb27ebb70cd27c629ed2cd3f049

Download Submit
C:\Windows\system\ghplZmK.exe

Filesize
6.0MB

MD5
6fde5d444d3fb08b9de7e92c49f73e79

SHA1
d74d3cc9eba80f27c7b7ec897086b19736f68544

SHA256
1e3c58808df4a95bd18e6304d6b207bb35c4bb21f4cc9f6206bbcc71d0630f00

SHA512
b988b110b6e3f5447edce058585fe3a4793cc9811f5c8ecf02fbc210c497610ba5dce1d0d049991a3f9cf3f3110e887232dbbb122b5d3002692f3beeb679e381

Download Submit
C:\Windows\system\glzubSl.exe

Filesize
6.0MB

MD5
256e07f9f1e165a0404b0db505301952

SHA1
d201cb21dfb5dbf4dd2ab7b4f39f0116878b34be

SHA256
51c58edde3cabe06663cd973c2d5ab47b0ed59da99acc3f2d30df48aeaf8835a

SHA512
cb0f334462b176b01c1536224992ff63c0be7684b7f6db9fb66df8f81eadde736e95091c7aac967ae0e046553219a5b5ad5eb51a50a9b368990c3ff9d85eb31c

Download Submit
C:\Windows\system\hkvVIHd.exe

Filesize
6.0MB

MD5
837f61c12768d5dcdd104fd22f5de198

SHA1
d8d83364deda0f57b31b41b9d66b66ffd2325d8c

SHA256
25a3fa01b6f0986308ef8d973e6c06e6187a7c29aa8cc6e8a0285f8cb743ddcb

SHA512
ed762399a4ce490e0526d44065ddb21fdf2acc224d3a0f870abf8cdd68ba91c86e46225bb78099355fc64359f8de240a329b29a28dea3188bc8a8cb537455da8

Download Submit
C:\Windows\system\nEouvNi.exe

Filesize
6.0MB

MD5
419b10030deda66b9906f294883bc930

SHA1
0d4f9ea396ff8cc1d8b1f2899bdc5f08a27bc3f8

SHA256
46fb46d93f9b5868b33c73c7e70694dd1b28fa898121c52d960f90d6a86ea1d8

SHA512
5141abc91aaee8aeedc9f85799f912e081f6550cdf72b57d6efc871934b61b80e552cac8f897e08fd94077b5e845393c98f399e418e567a301033ba8e44774e5

Download Submit
C:\Windows\system\oJVNBfU.exe

Filesize
6.0MB

MD5
5d0c0eb546b40d0154e1d6ceca8259cd

SHA1
cd55f853d163dded9e8a80907216ed0d7fb0e1ef

SHA256
8a442c2b17d61b8d5f70b85310bf8a8ceee695b7b8986ae7d6d25bcb5f3d9cd7

SHA512
cb0bacc35f42332a6e6dc1d7151620a2f7b9611c80c942ce20069f16995c7cb594b5b3b09ea04abf6b536ba09b402a48086e9f6b4ead472ebdf3c3b5faecfaed

Download Submit
C:\Windows\system\sPCBzOM.exe

Filesize
6.0MB

MD5
37b8a14d77fbbbe42c920a72d247a6aa

SHA1
8a523ac5a0a343cdbb7c0d58b7e442eb5cc190d3

SHA256
866de871fa0b63a6ccc7f75a738e5102f5b6498364994281b7aeeec9f4fafe92

SHA512
3d6142b95c2a2f4d6ceeaf95232fa0fb6ed22b5717797d5c7e4885e629f27ef5f6257236b8f3ec1cfb03d6d2498acf3db29334ae89cec36d0980a7fa8b66a40d

Download Submit
C:\Windows\system\thUeogQ.exe

Filesize
6.0MB

MD5
9f584eb37eb41650bfa5560ae9fcbeae

SHA1
2b54f8f1af1e1ade69675f000ee77831f3bab768

SHA256
c24f63d19465a6b752d28db25debe6a676c8763b665c51be4187e915bfa07cc2

SHA512
923e81f377aca2a048acd7c0059f6853d199ab50429b2d3012928afff766088f909112e5b56966a9234261377795a9a03aa70a6bfd6ee60e5b9bc4d8c07d15b4

Download Submit
C:\Windows\system\xUZghqC.exe

Filesize
6.0MB

MD5
d81924fbe0bbeec6e2da360466c9aad3

SHA1
baf468c030606f53ee39452ef5eb0d9f50d5381a

SHA256
c4f139384c6ae71e480e59980290d07817134b7dcfff793f47016c19a0196859

SHA512
9c3af0baab9c275a2851891b31dcce622d17df59336057f79b5db3ef7ef636516f027952d1b7d091c4221cca16865f10d7ef29865c73455a4981818133a91bf9

Download Submit
C:\Windows\system\ysliLoi.exe

Filesize
6.0MB

MD5
b917bea81d1e744f3bd24633328b4152

SHA1
e9f2d973f93cbdda811a23026213fd09502026d5

SHA256
188329ff9185d9ab69631201652084c0dce120ac34c0ecba4f8ba57d262549cb

SHA512
8677bbe07cbd0e545bb1fd1be149c84128a0ac6cfae2760e023a0eb6c410ccc24894e70aa5a7ff23c1791ab6a58d857fee2f8e119059e843b16caeb7da42f282

Download Submit
\Windows\system\VWUkvPy.exe

Filesize
6.0MB

MD5
17d8750f2b864cf9f0508bd7f26d815c

SHA1
cd59835994ff7f986bffcbb01eff6f2d01a01342

SHA256
7a3a34ff6af0e50fe758f59a01e830ba053d75df95f7751e3373bb3e72ce7f7a

SHA512
19768f5edff744a671042c4c129df1e31f8bf2fe09f17348efbf94398ec0b6eea583a9eca4504241f79f05f3d6a79525ecc6bbd8602e9768e696df936bdd862a

Download Submit
\Windows\system\YnTTbtL.exe

Filesize
6.0MB

MD5
2f803dba146567f589edd63f1a1eb6e6

SHA1
9cd7d94d449d3cfb5e028f13e41fd2abe5edd7eb

SHA256
485aac4ec80482b4deb9caa29a064cdf53dbd416f0cfbb698cf1dd6826d983a7

SHA512
9a25eb5f19dd55c3e9e9e1303dc195e073e149806be0ad03cf221506949acb03d0d3f0a51e7471ca27bd4e0441e321bd81f3b673e10479e54b34745e6f744729

Download Submit
memory/320-4017-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/320-170-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/992-4018-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/992-172-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1344-14-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1344-4005-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1716-173-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/1716-171-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1090-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-22-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1117-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-281-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-7-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/1716-39-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/1716-48-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/1716-3280-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-158-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-0-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/1716-167-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-174-0x0000000002380000-0x00000000026D4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-165-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1716-46-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1716-156-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/1716-160-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1788-166-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1788-4016-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/1816-161-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/1816-4015-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2232-4009-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2232-34-0x000000013F410000-0x000000013F764000-memory.dmp

Filesize
3.3MB

Download
memory/2504-4012-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2504-155-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-4008-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2508-28-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-4013-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-157-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-20-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4006-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2664-139-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2664-4011-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2736-41-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2736-4010-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2796-4007-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-21-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2988-159-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download
memory/2988-4014-0x000000013F810000-0x000000013FB64000-memory.dmp

Filesize
3.3MB

Download