cobaltstrike | 2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103

Analysis

max time kernel
99s
max time network
21s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
29-12-2024 06:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c16e9d11b0b8e66d20294402871909bb
SHA1

0e34df63aade4cca0d13e8a9446f88e41fa3b27d
SHA256

2cb0f89b9ffb9d776bc335539e4cb534daf5696184c257635e005eecec66c103
SHA512

d2b12fb2d2566e8187e72e7233d8646c5ff9da869dc5019df0165c6786bd1f4f2b4c3ce5dd863c6e2d94a2770e272d1d4bd5af1feb9b98dfcb18b33124483b8a
SSDEEP

98304:EniLf9FdfE0pZB156utgpPFotBER/mQ32lUj:eOl56utgpPF8u/7j

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fe-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018710-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b68-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018b62-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018bf3-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019230-53.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961c-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a1-82.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f94-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-191.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-178.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a07e-164.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a075-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019dbf-144.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f8a-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d8e-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cca-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cba-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c57-124.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3e-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c34-108.dat	cobalt_reflective_dll
behavioral1/files/0x002a0000000186cc-100.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019926-90.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019667-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961e-69.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019223-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018766-17.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1760-0-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fe-3.dat	xmrig
behavioral1/memory/2272-18-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/files/0x0007000000018710-11.dat	xmrig
behavioral1/memory/2936-22-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018b68-32.dat	xmrig
behavioral1/files/0x0007000000018b62-26.dat	xmrig
behavioral1/files/0x0007000000018bf3-38.dat	xmrig
behavioral1/memory/2904-49-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/files/0x0007000000019230-53.dat	xmrig
behavioral1/files/0x000500000001961c-60.dat	xmrig
behavioral1/memory/2260-76-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2280-89-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a1-82.dat	xmrig
behavioral1/memory/2492-97-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/332-104-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c3c-115.dat	xmrig
behavioral1/files/0x0005000000019f94-154.dat	xmrig
behavioral1/files/0x000500000001a41e-190.dat	xmrig
behavioral1/memory/2060-775-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2280-662-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000500000001a41d-191.dat	xmrig
behavioral1/files/0x000500000001a41b-185.dat	xmrig
behavioral1/files/0x000500000001a307-172.dat	xmrig
behavioral1/files/0x000500000001a359-178.dat	xmrig
behavioral1/files/0x000500000001a09e-169.dat	xmrig
behavioral1/files/0x000500000001a07e-164.dat	xmrig
behavioral1/files/0x000500000001a075-158.dat	xmrig
behavioral1/files/0x0005000000019dbf-144.dat	xmrig
behavioral1/files/0x0005000000019f8a-148.dat	xmrig
behavioral1/files/0x0005000000019d8e-138.dat	xmrig
behavioral1/files/0x0005000000019cca-134.dat	xmrig
behavioral1/files/0x0005000000019cba-129.dat	xmrig
behavioral1/files/0x0005000000019c57-124.dat	xmrig
behavioral1/files/0x0005000000019c3e-119.dat	xmrig
behavioral1/files/0x0005000000019c34-108.dat	xmrig
behavioral1/memory/2860-105-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/files/0x002a0000000186cc-100.dat	xmrig
behavioral1/memory/2060-93-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0005000000019926-90.dat	xmrig
behavioral1/memory/3064-88-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019667-81.dat	xmrig
behavioral1/memory/2960-77-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x000500000001961e-69.dat	xmrig
behavioral1/memory/2716-68-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2936-67-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2272-59-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2860-58-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2788-56-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/1760-50-0x000000013FD50000-0x00000001400A4000-memory.dmp	xmrig
behavioral1/memory/3064-42-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019223-46.dat	xmrig
behavioral1/memory/2960-35-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/2852-33-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/1760-19-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018766-17.dat	xmrig
behavioral1/memory/2788-16-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/1760-9-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2852-3673-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2788-3682-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2904-3687-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/3064-3686-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2716-3724-0x000000013F1F0000-0x000000013F544000-memory.dmp	xmrig
behavioral1/memory/2260-3702-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2788	mKyopQR.exe
2272	VQrVXTp.exe
2936	KEjiadd.exe
2852	kIcDxMw.exe
2960	KVGiZVt.exe
3064	HNHNErl.exe
2904	ijdHAND.exe
2860	SOrSySc.exe
2716	zPHLJlu.exe
2260	jYAdQfF.exe
2280	eevAXaa.exe
2060	DziAYUW.exe
2492	MtUVnjN.exe
332	DGGiJJT.exe
2456	ETrSewd.exe
2684	LSxMXYM.exe
2440	seeMauw.exe
1600	ORktVQq.exe
2452	HylMDPS.exe
236	oAjuHKh.exe
528	HinidxF.exe
1620	fYRTtDy.exe
1976	WCbfMVI.exe
2972	JtwtqqY.exe
1400	zWEWmPT.exe
2316	kdsKKHz.exe
2012	iYkFdgq.exe
1612	LXPXLfR.exe
1932	dcSBMNR.exe
928	bTaDxAg.exe
2588	IhHREkW.exe
1660	MSxrEIX.exe
1088	UDcLYUe.exe
1812	ILxbPlm.exe
2560	XqxJpwM.exe
1460	FYJZPik.exe
2472	XUifxru.exe
2792	ISZhIAV.exe
1740	kVHaeJJ.exe
1012	FAzpRab.exe
1680	gHtctFw.exe
1068	LRLHohW.exe
2156	ynjfZvt.exe
1076	IsfICyY.exe
2076	yFQaFFz.exe
2304	sBmOZNd.exe
2336	DOqkTbV.exe
2332	JrPyBkf.exe
2344	qNDFRXp.exe
2040	oSibZuA.exe
1708	eTtPcZR.exe
1944	GggFHkn.exe
1544	ugmApOr.exe
2720	MFdkhgQ.exe
2920	zfiXDdP.exe
2748	rCjnSpH.exe
2888	KXMvrrm.exe
2088	anPGBdX.exe
1968	MMYwqKH.exe
2116	daIpzFb.exe
2756	JAhdtoA.exe
1264	usKKtJJ.exe
1564	quGAKxf.exe
1616	ufcZrLf.exe

Loads dropped DLL 64 IoCs

pid	Process
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1760-0-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/files/0x00080000000120fe-3.dat	upx
behavioral1/memory/2272-18-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/files/0x0007000000018710-11.dat	upx
behavioral1/memory/2936-22-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x0007000000018b68-32.dat	upx
behavioral1/files/0x0007000000018b62-26.dat	upx
behavioral1/files/0x0007000000018bf3-38.dat	upx
behavioral1/memory/2904-49-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/files/0x0007000000019230-53.dat	upx
behavioral1/files/0x000500000001961c-60.dat	upx
behavioral1/memory/2260-76-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2280-89-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x00050000000196a1-82.dat	upx
behavioral1/memory/2492-97-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/332-104-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/files/0x0005000000019c3c-115.dat	upx
behavioral1/files/0x0005000000019f94-154.dat	upx
behavioral1/files/0x000500000001a41e-190.dat	upx
behavioral1/memory/2060-775-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2280-662-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000500000001a41d-191.dat	upx
behavioral1/files/0x000500000001a41b-185.dat	upx
behavioral1/files/0x000500000001a307-172.dat	upx
behavioral1/files/0x000500000001a359-178.dat	upx
behavioral1/files/0x000500000001a09e-169.dat	upx
behavioral1/files/0x000500000001a07e-164.dat	upx
behavioral1/files/0x000500000001a075-158.dat	upx
behavioral1/files/0x0005000000019dbf-144.dat	upx
behavioral1/files/0x0005000000019f8a-148.dat	upx
behavioral1/files/0x0005000000019d8e-138.dat	upx
behavioral1/files/0x0005000000019cca-134.dat	upx
behavioral1/files/0x0005000000019cba-129.dat	upx
behavioral1/files/0x0005000000019c57-124.dat	upx
behavioral1/files/0x0005000000019c3e-119.dat	upx
behavioral1/files/0x0005000000019c34-108.dat	upx
behavioral1/memory/2860-105-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/files/0x002a0000000186cc-100.dat	upx
behavioral1/memory/2060-93-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0005000000019926-90.dat	upx
behavioral1/memory/3064-88-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x0005000000019667-81.dat	upx
behavioral1/memory/2960-77-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x000500000001961e-69.dat	upx
behavioral1/memory/2716-68-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2936-67-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2272-59-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2860-58-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2788-56-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/1760-50-0x000000013FD50000-0x00000001400A4000-memory.dmp	upx
behavioral1/memory/3064-42-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x0008000000019223-46.dat	upx
behavioral1/memory/2960-35-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2852-33-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/files/0x0007000000018766-17.dat	upx
behavioral1/memory/2788-16-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2852-3673-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2788-3682-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2904-3687-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/3064-3686-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2716-3724-0x000000013F1F0000-0x000000013F544000-memory.dmp	upx
behavioral1/memory/2260-3702-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2272-3721-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/2960-3719-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kqQDPBb.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\chbSbYT.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fZmIxYl.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UIlACkb.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHMgdjT.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XdqfeAQ.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kCwZyKX.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YDomoOD.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOnBZrI.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\csmtCqv.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYAdQfF.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BazNFFp.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aMkdBpv.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AFuKtpZ.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bFfwKFN.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AhgryFu.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBEckdw.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwewSDa.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dXqbEDz.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQBwjJV.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SWTWGlh.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QAaNRPw.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uckXozW.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\owedEAg.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRLHohW.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eADHVnV.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyoBBiN.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qIayVHA.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYkFdgq.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntrRAfI.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPLMaHO.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fiXExsk.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XOHnOfN.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\niBqKrz.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iuqEIRv.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBuUqKc.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZplPtOD.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahQBRxd.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GguNapX.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ttAdmTR.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DEZzOmk.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgWWHli.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuJSyth.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yqQjtqM.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ILxbPlm.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uXzXxeo.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgkPfzz.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYLzeSq.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ffKNueO.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\serUnpu.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiZTOqL.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lqUMefm.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJozoei.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qTditTX.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTszcMp.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIIjcRu.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDHFJMw.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PnpNQNL.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCiksbb.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mUGQDmj.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xulymzD.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\unhqKmz.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JAhdtoA.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YMDHNzZ.exe	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 2272	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1760 wrote to memory of 2272	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1760 wrote to memory of 2272	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1760 wrote to memory of 2788	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1760 wrote to memory of 2788	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1760 wrote to memory of 2788	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1760 wrote to memory of 2936	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1760 wrote to memory of 2936	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1760 wrote to memory of 2936	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1760 wrote to memory of 2852	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1760 wrote to memory of 2852	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1760 wrote to memory of 2852	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1760 wrote to memory of 2960	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1760 wrote to memory of 2960	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1760 wrote to memory of 2960	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1760 wrote to memory of 3064	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1760 wrote to memory of 3064	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1760 wrote to memory of 3064	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1760 wrote to memory of 2904	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1760 wrote to memory of 2904	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1760 wrote to memory of 2904	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1760 wrote to memory of 2860	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1760 wrote to memory of 2860	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1760 wrote to memory of 2860	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1760 wrote to memory of 2716	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1760 wrote to memory of 2716	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1760 wrote to memory of 2716	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1760 wrote to memory of 2260	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1760 wrote to memory of 2260	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1760 wrote to memory of 2260	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1760 wrote to memory of 2280	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1760 wrote to memory of 2280	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1760 wrote to memory of 2280	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1760 wrote to memory of 2492	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1760 wrote to memory of 2492	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1760 wrote to memory of 2492	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1760 wrote to memory of 2060	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1760 wrote to memory of 2060	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1760 wrote to memory of 2060	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1760 wrote to memory of 332	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1760 wrote to memory of 332	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1760 wrote to memory of 332	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1760 wrote to memory of 2456	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1760 wrote to memory of 2456	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1760 wrote to memory of 2456	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1760 wrote to memory of 2684	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1760 wrote to memory of 2684	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1760 wrote to memory of 2684	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1760 wrote to memory of 2440	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1760 wrote to memory of 2440	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1760 wrote to memory of 2440	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1760 wrote to memory of 1600	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1760 wrote to memory of 1600	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1760 wrote to memory of 1600	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1760 wrote to memory of 2452	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1760 wrote to memory of 2452	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1760 wrote to memory of 2452	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1760 wrote to memory of 236	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1760 wrote to memory of 236	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1760 wrote to memory of 236	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1760 wrote to memory of 528	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1760 wrote to memory of 528	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1760 wrote to memory of 528	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1760 wrote to memory of 1620	1760	2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-29_c16e9d11b0b8e66d20294402871909bb_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\System\VQrVXTp.exe
  C:\Windows\System\VQrVXTp.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\mKyopQR.exe
  C:\Windows\System\mKyopQR.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\KEjiadd.exe
  C:\Windows\System\KEjiadd.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\kIcDxMw.exe
  C:\Windows\System\kIcDxMw.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\KVGiZVt.exe
  C:\Windows\System\KVGiZVt.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\HNHNErl.exe
  C:\Windows\System\HNHNErl.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\ijdHAND.exe
  C:\Windows\System\ijdHAND.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\SOrSySc.exe
  C:\Windows\System\SOrSySc.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\zPHLJlu.exe
  C:\Windows\System\zPHLJlu.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\jYAdQfF.exe
  C:\Windows\System\jYAdQfF.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\eevAXaa.exe
  C:\Windows\System\eevAXaa.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\MtUVnjN.exe
  C:\Windows\System\MtUVnjN.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\DziAYUW.exe
  C:\Windows\System\DziAYUW.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\DGGiJJT.exe
  C:\Windows\System\DGGiJJT.exe
  2⤵
  - Executes dropped EXE
  PID:332
- C:\Windows\System\ETrSewd.exe
  C:\Windows\System\ETrSewd.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\LSxMXYM.exe
  C:\Windows\System\LSxMXYM.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\seeMauw.exe
  C:\Windows\System\seeMauw.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\ORktVQq.exe
  C:\Windows\System\ORktVQq.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\HylMDPS.exe
  C:\Windows\System\HylMDPS.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\oAjuHKh.exe
  C:\Windows\System\oAjuHKh.exe
  2⤵
  - Executes dropped EXE
  PID:236
- C:\Windows\System\HinidxF.exe
  C:\Windows\System\HinidxF.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\fYRTtDy.exe
  C:\Windows\System\fYRTtDy.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\WCbfMVI.exe
  C:\Windows\System\WCbfMVI.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\JtwtqqY.exe
  C:\Windows\System\JtwtqqY.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\zWEWmPT.exe
  C:\Windows\System\zWEWmPT.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\kdsKKHz.exe
  C:\Windows\System\kdsKKHz.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\iYkFdgq.exe
  C:\Windows\System\iYkFdgq.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\dcSBMNR.exe
  C:\Windows\System\dcSBMNR.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\LXPXLfR.exe
  C:\Windows\System\LXPXLfR.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\bTaDxAg.exe
  C:\Windows\System\bTaDxAg.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\IhHREkW.exe
  C:\Windows\System\IhHREkW.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\MSxrEIX.exe
  C:\Windows\System\MSxrEIX.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\UDcLYUe.exe
  C:\Windows\System\UDcLYUe.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\ILxbPlm.exe
  C:\Windows\System\ILxbPlm.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\XqxJpwM.exe
  C:\Windows\System\XqxJpwM.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\FYJZPik.exe
  C:\Windows\System\FYJZPik.exe
  2⤵
  - Executes dropped EXE
  PID:1460
- C:\Windows\System\XUifxru.exe
  C:\Windows\System\XUifxru.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\ISZhIAV.exe
  C:\Windows\System\ISZhIAV.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\kVHaeJJ.exe
  C:\Windows\System\kVHaeJJ.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\gHtctFw.exe
  C:\Windows\System\gHtctFw.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\FAzpRab.exe
  C:\Windows\System\FAzpRab.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\IsfICyY.exe
  C:\Windows\System\IsfICyY.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\LRLHohW.exe
  C:\Windows\System\LRLHohW.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\yFQaFFz.exe
  C:\Windows\System\yFQaFFz.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\ynjfZvt.exe
  C:\Windows\System\ynjfZvt.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\DOqkTbV.exe
  C:\Windows\System\DOqkTbV.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\sBmOZNd.exe
  C:\Windows\System\sBmOZNd.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\qNDFRXp.exe
  C:\Windows\System\qNDFRXp.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\JrPyBkf.exe
  C:\Windows\System\JrPyBkf.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\eTtPcZR.exe
  C:\Windows\System\eTtPcZR.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\oSibZuA.exe
  C:\Windows\System\oSibZuA.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\ugmApOr.exe
  C:\Windows\System\ugmApOr.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\GggFHkn.exe
  C:\Windows\System\GggFHkn.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\zfiXDdP.exe
  C:\Windows\System\zfiXDdP.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\MFdkhgQ.exe
  C:\Windows\System\MFdkhgQ.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\KXMvrrm.exe
  C:\Windows\System\KXMvrrm.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\rCjnSpH.exe
  C:\Windows\System\rCjnSpH.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\anPGBdX.exe
  C:\Windows\System\anPGBdX.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\MMYwqKH.exe
  C:\Windows\System\MMYwqKH.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\daIpzFb.exe
  C:\Windows\System\daIpzFb.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\JAhdtoA.exe
  C:\Windows\System\JAhdtoA.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\usKKtJJ.exe
  C:\Windows\System\usKKtJJ.exe
  2⤵
  - Executes dropped EXE
  PID:1264
- C:\Windows\System\quGAKxf.exe
  C:\Windows\System\quGAKxf.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\ufcZrLf.exe
  C:\Windows\System\ufcZrLf.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\GguNapX.exe
  C:\Windows\System\GguNapX.exe
  2⤵
  PID:1940
- C:\Windows\System\gIEFhZV.exe
  C:\Windows\System\gIEFhZV.exe
  2⤵
  PID:2248
- C:\Windows\System\Ojjvxfm.exe
  C:\Windows\System\Ojjvxfm.exe
  2⤵
  PID:2516
- C:\Windows\System\mGpyTHM.exe
  C:\Windows\System\mGpyTHM.exe
  2⤵
  PID:2036
- C:\Windows\System\RxJjdPv.exe
  C:\Windows\System\RxJjdPv.exe
  2⤵
  PID:2096
- C:\Windows\System\opsCUow.exe
  C:\Windows\System\opsCUow.exe
  2⤵
  PID:828
- C:\Windows\System\ZplPtOD.exe
  C:\Windows\System\ZplPtOD.exe
  2⤵
  PID:2444
- C:\Windows\System\ztuZrsU.exe
  C:\Windows\System\ztuZrsU.exe
  2⤵
  PID:1768
- C:\Windows\System\DElPniN.exe
  C:\Windows\System\DElPniN.exe
  2⤵
  PID:2652
- C:\Windows\System\jQjNStz.exe
  C:\Windows\System\jQjNStz.exe
  2⤵
  PID:1624
- C:\Windows\System\kdGRkaf.exe
  C:\Windows\System\kdGRkaf.exe
  2⤵
  PID:852
- C:\Windows\System\iBEckdw.exe
  C:\Windows\System\iBEckdw.exe
  2⤵
  PID:1732
- C:\Windows\System\QCUdJIU.exe
  C:\Windows\System\QCUdJIU.exe
  2⤵
  PID:2276
- C:\Windows\System\jVMlnNt.exe
  C:\Windows\System\jVMlnNt.exe
  2⤵
  PID:2392
- C:\Windows\System\RTUPYlL.exe
  C:\Windows\System\RTUPYlL.exe
  2⤵
  PID:2776
- C:\Windows\System\knemRmi.exe
  C:\Windows\System\knemRmi.exe
  2⤵
  PID:2404
- C:\Windows\System\NRbNrDU.exe
  C:\Windows\System\NRbNrDU.exe
  2⤵
  PID:2552
- C:\Windows\System\uGELmGR.exe
  C:\Windows\System\uGELmGR.exe
  2⤵
  PID:2924
- C:\Windows\System\cbcDtfT.exe
  C:\Windows\System\cbcDtfT.exe
  2⤵
  PID:2724
- C:\Windows\System\xYEriOo.exe
  C:\Windows\System\xYEriOo.exe
  2⤵
  PID:2476
- C:\Windows\System\AdyEySR.exe
  C:\Windows\System\AdyEySR.exe
  2⤵
  PID:2828
- C:\Windows\System\IXrZEAG.exe
  C:\Windows\System\IXrZEAG.exe
  2⤵
  PID:2696
- C:\Windows\System\egapZiC.exe
  C:\Windows\System\egapZiC.exe
  2⤵
  PID:3028
- C:\Windows\System\lYklkfD.exe
  C:\Windows\System\lYklkfD.exe
  2⤵
  PID:1048
- C:\Windows\System\lfSyPMD.exe
  C:\Windows\System\lfSyPMD.exe
  2⤵
  PID:784
- C:\Windows\System\NaJsnSl.exe
  C:\Windows\System\NaJsnSl.exe
  2⤵
  PID:832
- C:\Windows\System\osVsUJY.exe
  C:\Windows\System\osVsUJY.exe
  2⤵
  PID:2220
- C:\Windows\System\EwRyZgG.exe
  C:\Windows\System\EwRyZgG.exe
  2⤵
  PID:1496
- C:\Windows\System\uyidtHT.exe
  C:\Windows\System\uyidtHT.exe
  2⤵
  PID:2408
- C:\Windows\System\byLTznk.exe
  C:\Windows\System\byLTznk.exe
  2⤵
  PID:1676
- C:\Windows\System\JAurdBx.exe
  C:\Windows\System\JAurdBx.exe
  2⤵
  PID:2020
- C:\Windows\System\EdaBeUV.exe
  C:\Windows\System\EdaBeUV.exe
  2⤵
  PID:1604
- C:\Windows\System\DASTuYV.exe
  C:\Windows\System\DASTuYV.exe
  2⤵
  PID:1424
- C:\Windows\System\ZekkwJj.exe
  C:\Windows\System\ZekkwJj.exe
  2⤵
  PID:1668
- C:\Windows\System\WjopRAZ.exe
  C:\Windows\System\WjopRAZ.exe
  2⤵
  PID:1712
- C:\Windows\System\aWFydSb.exe
  C:\Windows\System\aWFydSb.exe
  2⤵
  PID:2400
- C:\Windows\System\MoHGsJn.exe
  C:\Windows\System\MoHGsJn.exe
  2⤵
  PID:2932
- C:\Windows\System\ruotHPg.exe
  C:\Windows\System\ruotHPg.exe
  2⤵
  PID:1576
- C:\Windows\System\fFfvZMv.exe
  C:\Windows\System\fFfvZMv.exe
  2⤵
  PID:2512
- C:\Windows\System\ZblPfQd.exe
  C:\Windows\System\ZblPfQd.exe
  2⤵
  PID:3092
- C:\Windows\System\GzmtQOc.exe
  C:\Windows\System\GzmtQOc.exe
  2⤵
  PID:3112
- C:\Windows\System\SwhXDwF.exe
  C:\Windows\System\SwhXDwF.exe
  2⤵
  PID:3132
- C:\Windows\System\PrcaHxW.exe
  C:\Windows\System\PrcaHxW.exe
  2⤵
  PID:3152
- C:\Windows\System\kfEGYrd.exe
  C:\Windows\System\kfEGYrd.exe
  2⤵
  PID:3172
- C:\Windows\System\jEdYaAk.exe
  C:\Windows\System\jEdYaAk.exe
  2⤵
  PID:3192
- C:\Windows\System\zgtECiC.exe
  C:\Windows\System\zgtECiC.exe
  2⤵
  PID:3212
- C:\Windows\System\bdSWXfP.exe
  C:\Windows\System\bdSWXfP.exe
  2⤵
  PID:3232
- C:\Windows\System\llaZhhv.exe
  C:\Windows\System\llaZhhv.exe
  2⤵
  PID:3252
- C:\Windows\System\NjQpiTz.exe
  C:\Windows\System\NjQpiTz.exe
  2⤵
  PID:3272
- C:\Windows\System\GOZNqAK.exe
  C:\Windows\System\GOZNqAK.exe
  2⤵
  PID:3292
- C:\Windows\System\IwoyUAX.exe
  C:\Windows\System\IwoyUAX.exe
  2⤵
  PID:3312
- C:\Windows\System\BoCgEEm.exe
  C:\Windows\System\BoCgEEm.exe
  2⤵
  PID:3332
- C:\Windows\System\AuBAeti.exe
  C:\Windows\System\AuBAeti.exe
  2⤵
  PID:3352
- C:\Windows\System\zHMgdjT.exe
  C:\Windows\System\zHMgdjT.exe
  2⤵
  PID:3372
- C:\Windows\System\xttWjEc.exe
  C:\Windows\System\xttWjEc.exe
  2⤵
  PID:3392
- C:\Windows\System\pzFzeqX.exe
  C:\Windows\System\pzFzeqX.exe
  2⤵
  PID:3412
- C:\Windows\System\OleJhpu.exe
  C:\Windows\System\OleJhpu.exe
  2⤵
  PID:3432
- C:\Windows\System\EfeqEFU.exe
  C:\Windows\System\EfeqEFU.exe
  2⤵
  PID:3452
- C:\Windows\System\UfvpcPI.exe
  C:\Windows\System\UfvpcPI.exe
  2⤵
  PID:3472
- C:\Windows\System\UpMzZQj.exe
  C:\Windows\System\UpMzZQj.exe
  2⤵
  PID:3492
- C:\Windows\System\cJozoei.exe
  C:\Windows\System\cJozoei.exe
  2⤵
  PID:3512
- C:\Windows\System\PaRjZkf.exe
  C:\Windows\System\PaRjZkf.exe
  2⤵
  PID:3532
- C:\Windows\System\WNgEKbb.exe
  C:\Windows\System\WNgEKbb.exe
  2⤵
  PID:3552
- C:\Windows\System\vZzpogY.exe
  C:\Windows\System\vZzpogY.exe
  2⤵
  PID:3572
- C:\Windows\System\HZMHQRC.exe
  C:\Windows\System\HZMHQRC.exe
  2⤵
  PID:3588
- C:\Windows\System\AwHGiDv.exe
  C:\Windows\System\AwHGiDv.exe
  2⤵
  PID:3612
- C:\Windows\System\wVWfFFM.exe
  C:\Windows\System\wVWfFFM.exe
  2⤵
  PID:3632
- C:\Windows\System\qhUixAb.exe
  C:\Windows\System\qhUixAb.exe
  2⤵
  PID:3652
- C:\Windows\System\soEEqCj.exe
  C:\Windows\System\soEEqCj.exe
  2⤵
  PID:3672
- C:\Windows\System\idupYhz.exe
  C:\Windows\System\idupYhz.exe
  2⤵
  PID:3692
- C:\Windows\System\dHCpBtz.exe
  C:\Windows\System\dHCpBtz.exe
  2⤵
  PID:3712
- C:\Windows\System\viqcOOC.exe
  C:\Windows\System\viqcOOC.exe
  2⤵
  PID:3732
- C:\Windows\System\lxWMAhA.exe
  C:\Windows\System\lxWMAhA.exe
  2⤵
  PID:3752
- C:\Windows\System\jXnxunb.exe
  C:\Windows\System\jXnxunb.exe
  2⤵
  PID:3772
- C:\Windows\System\GvpSSia.exe
  C:\Windows\System\GvpSSia.exe
  2⤵
  PID:3792
- C:\Windows\System\hmhusvs.exe
  C:\Windows\System\hmhusvs.exe
  2⤵
  PID:3812
- C:\Windows\System\YcKOvkT.exe
  C:\Windows\System\YcKOvkT.exe
  2⤵
  PID:3832
- C:\Windows\System\vtZqAaf.exe
  C:\Windows\System\vtZqAaf.exe
  2⤵
  PID:3852
- C:\Windows\System\zgLilJt.exe
  C:\Windows\System\zgLilJt.exe
  2⤵
  PID:3872
- C:\Windows\System\tiXgTgP.exe
  C:\Windows\System\tiXgTgP.exe
  2⤵
  PID:3892
- C:\Windows\System\rhTHwIX.exe
  C:\Windows\System\rhTHwIX.exe
  2⤵
  PID:3912
- C:\Windows\System\FucRhcP.exe
  C:\Windows\System\FucRhcP.exe
  2⤵
  PID:3932
- C:\Windows\System\YKuWlvv.exe
  C:\Windows\System\YKuWlvv.exe
  2⤵
  PID:3952
- C:\Windows\System\TUMjVVL.exe
  C:\Windows\System\TUMjVVL.exe
  2⤵
  PID:3972
- C:\Windows\System\grRZvIf.exe
  C:\Windows\System\grRZvIf.exe
  2⤵
  PID:3992
- C:\Windows\System\GDwISYS.exe
  C:\Windows\System\GDwISYS.exe
  2⤵
  PID:4012
- C:\Windows\System\QaTYgdk.exe
  C:\Windows\System\QaTYgdk.exe
  2⤵
  PID:4036
- C:\Windows\System\nUBpAdN.exe
  C:\Windows\System\nUBpAdN.exe
  2⤵
  PID:4052
- C:\Windows\System\owedEAg.exe
  C:\Windows\System\owedEAg.exe
  2⤵
  PID:4072
- C:\Windows\System\ESuudmh.exe
  C:\Windows\System\ESuudmh.exe
  2⤵
  PID:2820
- C:\Windows\System\aWyHVSk.exe
  C:\Windows\System\aWyHVSk.exe
  2⤵
  PID:2872
- C:\Windows\System\sVCcluU.exe
  C:\Windows\System\sVCcluU.exe
  2⤵
  PID:696
- C:\Windows\System\RogWwHa.exe
  C:\Windows\System\RogWwHa.exe
  2⤵
  PID:2436
- C:\Windows\System\RiHloSd.exe
  C:\Windows\System\RiHloSd.exe
  2⤵
  PID:2240
- C:\Windows\System\TcHaZcQ.exe
  C:\Windows\System\TcHaZcQ.exe
  2⤵
  PID:1808
- C:\Windows\System\uXzXxeo.exe
  C:\Windows\System\uXzXxeo.exe
  2⤵
  PID:1880
- C:\Windows\System\rNfcHRn.exe
  C:\Windows\System\rNfcHRn.exe
  2⤵
  PID:1528
- C:\Windows\System\NgzAZxa.exe
  C:\Windows\System\NgzAZxa.exe
  2⤵
  PID:1592
- C:\Windows\System\JGkJmZN.exe
  C:\Windows\System\JGkJmZN.exe
  2⤵
  PID:2928
- C:\Windows\System\MmfiCdj.exe
  C:\Windows\System\MmfiCdj.exe
  2⤵
  PID:2292
- C:\Windows\System\MqMZgFa.exe
  C:\Windows\System\MqMZgFa.exe
  2⤵
  PID:3068
- C:\Windows\System\fTdrKxL.exe
  C:\Windows\System\fTdrKxL.exe
  2⤵
  PID:3140
- C:\Windows\System\IKSNaCB.exe
  C:\Windows\System\IKSNaCB.exe
  2⤵
  PID:3144
- C:\Windows\System\RKwGqgQ.exe
  C:\Windows\System\RKwGqgQ.exe
  2⤵
  PID:3184
- C:\Windows\System\oewPrAx.exe
  C:\Windows\System\oewPrAx.exe
  2⤵
  PID:3228
- C:\Windows\System\reKkWDI.exe
  C:\Windows\System\reKkWDI.exe
  2⤵
  PID:3268
- C:\Windows\System\GcmtoSk.exe
  C:\Windows\System\GcmtoSk.exe
  2⤵
  PID:3328
- C:\Windows\System\nmnMSoG.exe
  C:\Windows\System\nmnMSoG.exe
  2⤵
  PID:3340
- C:\Windows\System\DzXgtDZ.exe
  C:\Windows\System\DzXgtDZ.exe
  2⤵
  PID:3364
- C:\Windows\System\QWntVPO.exe
  C:\Windows\System\QWntVPO.exe
  2⤵
  PID:3404
- C:\Windows\System\sSrnfHR.exe
  C:\Windows\System\sSrnfHR.exe
  2⤵
  PID:3440
- C:\Windows\System\UIlACkb.exe
  C:\Windows\System\UIlACkb.exe
  2⤵
  PID:3488
- C:\Windows\System\KIfzORO.exe
  C:\Windows\System\KIfzORO.exe
  2⤵
  PID:3520
- C:\Windows\System\MfNbRIF.exe
  C:\Windows\System\MfNbRIF.exe
  2⤵
  PID:3540
- C:\Windows\System\ntrRAfI.exe
  C:\Windows\System\ntrRAfI.exe
  2⤵
  PID:3564
- C:\Windows\System\SkNqtIp.exe
  C:\Windows\System\SkNqtIp.exe
  2⤵
  PID:3608
- C:\Windows\System\ODenaAE.exe
  C:\Windows\System\ODenaAE.exe
  2⤵
  PID:3648
- C:\Windows\System\HbgmuMQ.exe
  C:\Windows\System\HbgmuMQ.exe
  2⤵
  PID:3684
- C:\Windows\System\viYmIzQ.exe
  C:\Windows\System\viYmIzQ.exe
  2⤵
  PID:3708
- C:\Windows\System\Qxhbijx.exe
  C:\Windows\System\Qxhbijx.exe
  2⤵
  PID:3748
- C:\Windows\System\FNXUwcN.exe
  C:\Windows\System\FNXUwcN.exe
  2⤵
  PID:3744
- C:\Windows\System\VOVGFdb.exe
  C:\Windows\System\VOVGFdb.exe
  2⤵
  PID:3848
- C:\Windows\System\mpfOPRv.exe
  C:\Windows\System\mpfOPRv.exe
  2⤵
  PID:3820
- C:\Windows\System\NEKmvBi.exe
  C:\Windows\System\NEKmvBi.exe
  2⤵
  PID:3860
- C:\Windows\System\Ggnccdz.exe
  C:\Windows\System\Ggnccdz.exe
  2⤵
  PID:3924
- C:\Windows\System\eUyijFS.exe
  C:\Windows\System\eUyijFS.exe
  2⤵
  PID:3968
- C:\Windows\System\nZYyiHa.exe
  C:\Windows\System\nZYyiHa.exe
  2⤵
  PID:3944
- C:\Windows\System\HrOIRSa.exe
  C:\Windows\System\HrOIRSa.exe
  2⤵
  PID:3984
- C:\Windows\System\mPHrdgR.exe
  C:\Windows\System\mPHrdgR.exe
  2⤵
  PID:4060
- C:\Windows\System\cnCelpr.exe
  C:\Windows\System\cnCelpr.exe
  2⤵
  PID:4092
- C:\Windows\System\XdqfeAQ.exe
  C:\Windows\System\XdqfeAQ.exe
  2⤵
  PID:2396
- C:\Windows\System\aMRdRIz.exe
  C:\Windows\System\aMRdRIz.exe
  2⤵
  PID:1664
- C:\Windows\System\BazNFFp.exe
  C:\Windows\System\BazNFFp.exe
  2⤵
  PID:1416
- C:\Windows\System\gaStWTn.exe
  C:\Windows\System\gaStWTn.exe
  2⤵
  PID:104
- C:\Windows\System\aGCYMGX.exe
  C:\Windows\System\aGCYMGX.exe
  2⤵
  PID:1796
- C:\Windows\System\CGVntwe.exe
  C:\Windows\System\CGVntwe.exe
  2⤵
  PID:3128
- C:\Windows\System\wboHAfn.exe
  C:\Windows\System\wboHAfn.exe
  2⤵
  PID:3104
- C:\Windows\System\SQqpLmo.exe
  C:\Windows\System\SQqpLmo.exe
  2⤵
  PID:3148
- C:\Windows\System\DTpWNPX.exe
  C:\Windows\System\DTpWNPX.exe
  2⤵
  PID:3248
- C:\Windows\System\JPlUkLU.exe
  C:\Windows\System\JPlUkLU.exe
  2⤵
  PID:3288
- C:\Windows\System\jBwWHNa.exe
  C:\Windows\System\jBwWHNa.exe
  2⤵
  PID:3304
- C:\Windows\System\xlnBVXW.exe
  C:\Windows\System\xlnBVXW.exe
  2⤵
  PID:3444
- C:\Windows\System\OtbyZbs.exe
  C:\Windows\System\OtbyZbs.exe
  2⤵
  PID:3344
- C:\Windows\System\NosxzTj.exe
  C:\Windows\System\NosxzTj.exe
  2⤵
  PID:3424
- C:\Windows\System\KCiksbb.exe
  C:\Windows\System\KCiksbb.exe
  2⤵
  PID:3624
- C:\Windows\System\vRIysmv.exe
  C:\Windows\System\vRIysmv.exe
  2⤵
  PID:3560
- C:\Windows\System\eEBNBgZ.exe
  C:\Windows\System\eEBNBgZ.exe
  2⤵
  PID:3640
- C:\Windows\System\yoCXujh.exe
  C:\Windows\System\yoCXujh.exe
  2⤵
  PID:3724
- C:\Windows\System\nXlliDw.exe
  C:\Windows\System\nXlliDw.exe
  2⤵
  PID:3804
- C:\Windows\System\hjnRrOn.exe
  C:\Windows\System\hjnRrOn.exe
  2⤵
  PID:3784
- C:\Windows\System\elzovUG.exe
  C:\Windows\System\elzovUG.exe
  2⤵
  PID:3864
- C:\Windows\System\VEutVQs.exe
  C:\Windows\System\VEutVQs.exe
  2⤵
  PID:4048
- C:\Windows\System\EPExQex.exe
  C:\Windows\System\EPExQex.exe
  2⤵
  PID:4008
- C:\Windows\System\usMwIeT.exe
  C:\Windows\System\usMwIeT.exe
  2⤵
  PID:4088
- C:\Windows\System\uHIhiRC.exe
  C:\Windows\System\uHIhiRC.exe
  2⤵
  PID:1020
- C:\Windows\System\yaBocTS.exe
  C:\Windows\System\yaBocTS.exe
  2⤵
  PID:2112
- C:\Windows\System\TQoEpIQ.exe
  C:\Windows\System\TQoEpIQ.exe
  2⤵
  PID:1700
- C:\Windows\System\QPBxwTN.exe
  C:\Windows\System\QPBxwTN.exe
  2⤵
  PID:3108
- C:\Windows\System\GZjesZA.exe
  C:\Windows\System\GZjesZA.exe
  2⤵
  PID:3084
- C:\Windows\System\MMdkssG.exe
  C:\Windows\System\MMdkssG.exe
  2⤵
  PID:3308
- C:\Windows\System\xjNuIWC.exe
  C:\Windows\System\xjNuIWC.exe
  2⤵
  PID:3204
- C:\Windows\System\EwOAYhD.exe
  C:\Windows\System\EwOAYhD.exe
  2⤵
  PID:3460
- C:\Windows\System\uDghvOm.exe
  C:\Windows\System\uDghvOm.exe
  2⤵
  PID:3688
- C:\Windows\System\YlDXiyn.exe
  C:\Windows\System\YlDXiyn.exe
  2⤵
  PID:4108
- C:\Windows\System\XABIlYf.exe
  C:\Windows\System\XABIlYf.exe
  2⤵
  PID:4128
- C:\Windows\System\ZMZyMNO.exe
  C:\Windows\System\ZMZyMNO.exe
  2⤵
  PID:4152
- C:\Windows\System\abzNPLj.exe
  C:\Windows\System\abzNPLj.exe
  2⤵
  PID:4176
- C:\Windows\System\zLcVTJJ.exe
  C:\Windows\System\zLcVTJJ.exe
  2⤵
  PID:4192
- C:\Windows\System\IjceFxm.exe
  C:\Windows\System\IjceFxm.exe
  2⤵
  PID:4216
- C:\Windows\System\nHLGNeh.exe
  C:\Windows\System\nHLGNeh.exe
  2⤵
  PID:4232
- C:\Windows\System\UMDrZvU.exe
  C:\Windows\System\UMDrZvU.exe
  2⤵
  PID:4256
- C:\Windows\System\wujfenY.exe
  C:\Windows\System\wujfenY.exe
  2⤵
  PID:4276
- C:\Windows\System\BSJtVyw.exe
  C:\Windows\System\BSJtVyw.exe
  2⤵
  PID:4292
- C:\Windows\System\mUGQDmj.exe
  C:\Windows\System\mUGQDmj.exe
  2⤵
  PID:4312
- C:\Windows\System\tkfGTnY.exe
  C:\Windows\System\tkfGTnY.exe
  2⤵
  PID:4332
- C:\Windows\System\VFpjkDR.exe
  C:\Windows\System\VFpjkDR.exe
  2⤵
  PID:4352
- C:\Windows\System\DFEOuRq.exe
  C:\Windows\System\DFEOuRq.exe
  2⤵
  PID:4376
- C:\Windows\System\yHpcaNm.exe
  C:\Windows\System\yHpcaNm.exe
  2⤵
  PID:4396
- C:\Windows\System\WANrNaH.exe
  C:\Windows\System\WANrNaH.exe
  2⤵
  PID:4416
- C:\Windows\System\ftCmOjA.exe
  C:\Windows\System\ftCmOjA.exe
  2⤵
  PID:4432
- C:\Windows\System\DrkVDSs.exe
  C:\Windows\System\DrkVDSs.exe
  2⤵
  PID:4456
- C:\Windows\System\ZjihHUw.exe
  C:\Windows\System\ZjihHUw.exe
  2⤵
  PID:4476
- C:\Windows\System\KUwvJwB.exe
  C:\Windows\System\KUwvJwB.exe
  2⤵
  PID:4496
- C:\Windows\System\FKeeIIC.exe
  C:\Windows\System\FKeeIIC.exe
  2⤵
  PID:4516
- C:\Windows\System\KlKhOCM.exe
  C:\Windows\System\KlKhOCM.exe
  2⤵
  PID:4532
- C:\Windows\System\xjtluSJ.exe
  C:\Windows\System\xjtluSJ.exe
  2⤵
  PID:4556
- C:\Windows\System\IdOOXcc.exe
  C:\Windows\System\IdOOXcc.exe
  2⤵
  PID:4576
- C:\Windows\System\zIubblO.exe
  C:\Windows\System\zIubblO.exe
  2⤵
  PID:4592
- C:\Windows\System\EVytxwW.exe
  C:\Windows\System\EVytxwW.exe
  2⤵
  PID:4608
- C:\Windows\System\BzZjleQ.exe
  C:\Windows\System\BzZjleQ.exe
  2⤵
  PID:4632
- C:\Windows\System\pKXFUiy.exe
  C:\Windows\System\pKXFUiy.exe
  2⤵
  PID:4652
- C:\Windows\System\qbavLQz.exe
  C:\Windows\System\qbavLQz.exe
  2⤵
  PID:4672
- C:\Windows\System\OpBJFOs.exe
  C:\Windows\System\OpBJFOs.exe
  2⤵
  PID:4692
- C:\Windows\System\iIZukZC.exe
  C:\Windows\System\iIZukZC.exe
  2⤵
  PID:4712
- C:\Windows\System\ksVaxDj.exe
  C:\Windows\System\ksVaxDj.exe
  2⤵
  PID:4732
- C:\Windows\System\kQkdVyT.exe
  C:\Windows\System\kQkdVyT.exe
  2⤵
  PID:4752
- C:\Windows\System\WHutASO.exe
  C:\Windows\System\WHutASO.exe
  2⤵
  PID:4768
- C:\Windows\System\koVTPxm.exe
  C:\Windows\System\koVTPxm.exe
  2⤵
  PID:4792
- C:\Windows\System\kCwZyKX.exe
  C:\Windows\System\kCwZyKX.exe
  2⤵
  PID:4812
- C:\Windows\System\cVJhCTo.exe
  C:\Windows\System\cVJhCTo.exe
  2⤵
  PID:4828
- C:\Windows\System\MCdPMLC.exe
  C:\Windows\System\MCdPMLC.exe
  2⤵
  PID:4848
- C:\Windows\System\wUpIZqA.exe
  C:\Windows\System\wUpIZqA.exe
  2⤵
  PID:4868
- C:\Windows\System\qeIfpVr.exe
  C:\Windows\System\qeIfpVr.exe
  2⤵
  PID:4892
- C:\Windows\System\yhqRmhj.exe
  C:\Windows\System\yhqRmhj.exe
  2⤵
  PID:4916
- C:\Windows\System\CFOHnOK.exe
  C:\Windows\System\CFOHnOK.exe
  2⤵
  PID:4936
- C:\Windows\System\kqMNcuU.exe
  C:\Windows\System\kqMNcuU.exe
  2⤵
  PID:4952
- C:\Windows\System\mjmQVDC.exe
  C:\Windows\System\mjmQVDC.exe
  2⤵
  PID:4976
- C:\Windows\System\IROqfuY.exe
  C:\Windows\System\IROqfuY.exe
  2⤵
  PID:4996
- C:\Windows\System\OTiZTIf.exe
  C:\Windows\System\OTiZTIf.exe
  2⤵
  PID:5016
- C:\Windows\System\BqYTNBJ.exe
  C:\Windows\System\BqYTNBJ.exe
  2⤵
  PID:5032
- C:\Windows\System\ApYDTxl.exe
  C:\Windows\System\ApYDTxl.exe
  2⤵
  PID:5052
- C:\Windows\System\SqVuyHc.exe
  C:\Windows\System\SqVuyHc.exe
  2⤵
  PID:5068
- C:\Windows\System\yqUKqab.exe
  C:\Windows\System\yqUKqab.exe
  2⤵
  PID:5088
- C:\Windows\System\SYAbjDP.exe
  C:\Windows\System\SYAbjDP.exe
  2⤵
  PID:5112
- C:\Windows\System\uRkCdEc.exe
  C:\Windows\System\uRkCdEc.exe
  2⤵
  PID:3464
- C:\Windows\System\LGqAbHu.exe
  C:\Windows\System\LGqAbHu.exe
  2⤵
  PID:3764
- C:\Windows\System\OpNPbsn.exe
  C:\Windows\System\OpNPbsn.exe
  2⤵
  PID:3700
- C:\Windows\System\YwdpEno.exe
  C:\Windows\System\YwdpEno.exe
  2⤵
  PID:3960
- C:\Windows\System\GDJrpTC.exe
  C:\Windows\System\GDJrpTC.exe
  2⤵
  PID:3948
- C:\Windows\System\sEWuWaf.exe
  C:\Windows\System\sEWuWaf.exe
  2⤵
  PID:636
- C:\Windows\System\wPrNvpQ.exe
  C:\Windows\System\wPrNvpQ.exe
  2⤵
  PID:2664
- C:\Windows\System\YIBXPyO.exe
  C:\Windows\System\YIBXPyO.exe
  2⤵
  PID:1568
- C:\Windows\System\fawAemf.exe
  C:\Windows\System\fawAemf.exe
  2⤵
  PID:3368
- C:\Windows\System\dTiRRmJ.exe
  C:\Windows\System\dTiRRmJ.exe
  2⤵
  PID:3240
- C:\Windows\System\fuyXUlF.exe
  C:\Windows\System\fuyXUlF.exe
  2⤵
  PID:4136
- C:\Windows\System\irBcUDz.exe
  C:\Windows\System\irBcUDz.exe
  2⤵
  PID:4120
- C:\Windows\System\DPLMaHO.exe
  C:\Windows\System\DPLMaHO.exe
  2⤵
  PID:4184
- C:\Windows\System\QOGqmmH.exe
  C:\Windows\System\QOGqmmH.exe
  2⤵
  PID:4164
- C:\Windows\System\ZrnCDNK.exe
  C:\Windows\System\ZrnCDNK.exe
  2⤵
  PID:4212
- C:\Windows\System\XmaXxna.exe
  C:\Windows\System\XmaXxna.exe
  2⤵
  PID:4272
- C:\Windows\System\NdqfWHm.exe
  C:\Windows\System\NdqfWHm.exe
  2⤵
  PID:4252
- C:\Windows\System\pbkjQKc.exe
  C:\Windows\System\pbkjQKc.exe
  2⤵
  PID:4348
- C:\Windows\System\UcZsVxz.exe
  C:\Windows\System\UcZsVxz.exe
  2⤵
  PID:4392
- C:\Windows\System\XChXxeQ.exe
  C:\Windows\System\XChXxeQ.exe
  2⤵
  PID:4424
- C:\Windows\System\aChNMlP.exe
  C:\Windows\System\aChNMlP.exe
  2⤵
  PID:4368
- C:\Windows\System\yKuFSxG.exe
  C:\Windows\System\yKuFSxG.exe
  2⤵
  PID:4440
- C:\Windows\System\HqPEWmG.exe
  C:\Windows\System\HqPEWmG.exe
  2⤵
  PID:2848
- C:\Windows\System\qsEZMwH.exe
  C:\Windows\System\qsEZMwH.exe
  2⤵
  PID:4544
- C:\Windows\System\IaVjWtr.exe
  C:\Windows\System\IaVjWtr.exe
  2⤵
  PID:4492
- C:\Windows\System\qRwqTGu.exe
  C:\Windows\System\qRwqTGu.exe
  2⤵
  PID:4528
- C:\Windows\System\KivqAgm.exe
  C:\Windows\System\KivqAgm.exe
  2⤵
  PID:4660
- C:\Windows\System\TJdYnXx.exe
  C:\Windows\System\TJdYnXx.exe
  2⤵
  PID:4572
- C:\Windows\System\XKcJHSA.exe
  C:\Windows\System\XKcJHSA.exe
  2⤵
  PID:4604
- C:\Windows\System\OOQbegP.exe
  C:\Windows\System\OOQbegP.exe
  2⤵
  PID:4748
- C:\Windows\System\HNFnCSJ.exe
  C:\Windows\System\HNFnCSJ.exe
  2⤵
  PID:4724
- C:\Windows\System\EAerPus.exe
  C:\Windows\System\EAerPus.exe
  2⤵
  PID:4788
- C:\Windows\System\iGrOUYl.exe
  C:\Windows\System\iGrOUYl.exe
  2⤵
  PID:4760
- C:\Windows\System\SVPVThY.exe
  C:\Windows\System\SVPVThY.exe
  2⤵
  PID:4900
- C:\Windows\System\EacHKfM.exe
  C:\Windows\System\EacHKfM.exe
  2⤵
  PID:4908
- C:\Windows\System\UXgAVbw.exe
  C:\Windows\System\UXgAVbw.exe
  2⤵
  PID:4880
- C:\Windows\System\uAiZAHH.exe
  C:\Windows\System\uAiZAHH.exe
  2⤵
  PID:4924
- C:\Windows\System\yEFKzrK.exe
  C:\Windows\System\yEFKzrK.exe
  2⤵
  PID:4988
- C:\Windows\System\puJOrIW.exe
  C:\Windows\System\puJOrIW.exe
  2⤵
  PID:4968
- C:\Windows\System\uuiNyhj.exe
  C:\Windows\System\uuiNyhj.exe
  2⤵
  PID:5064
- C:\Windows\System\cXbSGEp.exe
  C:\Windows\System\cXbSGEp.exe
  2⤵
  PID:5044
- C:\Windows\System\wdKaDrq.exe
  C:\Windows\System\wdKaDrq.exe
  2⤵
  PID:5080
- C:\Windows\System\AItsYjv.exe
  C:\Windows\System\AItsYjv.exe
  2⤵
  PID:3728
- C:\Windows\System\wsJiNUW.exe
  C:\Windows\System\wsJiNUW.exe
  2⤵
  PID:3768
- C:\Windows\System\kytBUDP.exe
  C:\Windows\System\kytBUDP.exe
  2⤵
  PID:3928
- C:\Windows\System\TBhqUsT.exe
  C:\Windows\System\TBhqUsT.exe
  2⤵
  PID:4024
- C:\Windows\System\SKiNFOE.exe
  C:\Windows\System\SKiNFOE.exe
  2⤵
  PID:1448
- C:\Windows\System\BytjIBV.exe
  C:\Windows\System\BytjIBV.exe
  2⤵
  PID:4148
- C:\Windows\System\kqQDPBb.exe
  C:\Windows\System\kqQDPBb.exe
  2⤵
  PID:3384
- C:\Windows\System\KWFDEzN.exe
  C:\Windows\System\KWFDEzN.exe
  2⤵
  PID:4160
- C:\Windows\System\ttAdmTR.exe
  C:\Windows\System\ttAdmTR.exe
  2⤵
  PID:4264
- C:\Windows\System\AzhbwPu.exe
  C:\Windows\System\AzhbwPu.exe
  2⤵
  PID:3528
- C:\Windows\System\dcUKXzp.exe
  C:\Windows\System\dcUKXzp.exe
  2⤵
  PID:4308
- C:\Windows\System\cIWXPSj.exe
  C:\Windows\System\cIWXPSj.exe
  2⤵
  PID:4324
- C:\Windows\System\bvoexgo.exe
  C:\Windows\System\bvoexgo.exe
  2⤵
  PID:4344
- C:\Windows\System\EoumrHH.exe
  C:\Windows\System\EoumrHH.exe
  2⤵
  PID:4408
- C:\Windows\System\wprXTDd.exe
  C:\Windows\System\wprXTDd.exe
  2⤵
  PID:4472
- C:\Windows\System\iEUnZTb.exe
  C:\Windows\System\iEUnZTb.exe
  2⤵
  PID:4588
- C:\Windows\System\cyEVhcL.exe
  C:\Windows\System\cyEVhcL.exe
  2⤵
  PID:4664
- C:\Windows\System\CmQkLNF.exe
  C:\Windows\System\CmQkLNF.exe
  2⤵
  PID:4564
- C:\Windows\System\BMLtaAL.exe
  C:\Windows\System\BMLtaAL.exe
  2⤵
  PID:4740
- C:\Windows\System\jLjqCKY.exe
  C:\Windows\System\jLjqCKY.exe
  2⤵
  PID:4780
- C:\Windows\System\jkManyU.exe
  C:\Windows\System\jkManyU.exe
  2⤵
  PID:4808
- C:\Windows\System\PRfbGLs.exe
  C:\Windows\System\PRfbGLs.exe
  2⤵
  PID:4860
- C:\Windows\System\jBIeywD.exe
  C:\Windows\System\jBIeywD.exe
  2⤵
  PID:4928
- C:\Windows\System\nzTfmHe.exe
  C:\Windows\System\nzTfmHe.exe
  2⤵
  PID:4992
- C:\Windows\System\YVDOiTg.exe
  C:\Windows\System\YVDOiTg.exe
  2⤵
  PID:2704
- C:\Windows\System\VUfixlS.exe
  C:\Windows\System\VUfixlS.exe
  2⤵
  PID:5024
- C:\Windows\System\sxfxwTA.exe
  C:\Windows\System\sxfxwTA.exe
  2⤵
  PID:5104
- C:\Windows\System\IPSKjUN.exe
  C:\Windows\System\IPSKjUN.exe
  2⤵
  PID:592
- C:\Windows\System\dRKlhUm.exe
  C:\Windows\System\dRKlhUm.exe
  2⤵
  PID:1172
- C:\Windows\System\iyreNpf.exe
  C:\Windows\System\iyreNpf.exe
  2⤵
  PID:2024
- C:\Windows\System\MTYsfBb.exe
  C:\Windows\System\MTYsfBb.exe
  2⤵
  PID:1464
- C:\Windows\System\EBQlIZT.exe
  C:\Windows\System\EBQlIZT.exe
  2⤵
  PID:4284
- C:\Windows\System\vZVMXjk.exe
  C:\Windows\System\vZVMXjk.exe
  2⤵
  PID:4144
- C:\Windows\System\UgYkqRk.exe
  C:\Windows\System\UgYkqRk.exe
  2⤵
  PID:4244
- C:\Windows\System\DWbPKej.exe
  C:\Windows\System\DWbPKej.exe
  2⤵
  PID:4360
- C:\Windows\System\hTOusgr.exe
  C:\Windows\System\hTOusgr.exe
  2⤵
  PID:4508
- C:\Windows\System\DWAkqOz.exe
  C:\Windows\System\DWAkqOz.exe
  2⤵
  PID:4620
- C:\Windows\System\PJuWRZV.exe
  C:\Windows\System\PJuWRZV.exe
  2⤵
  PID:4484
- C:\Windows\System\tsLGZNM.exe
  C:\Windows\System\tsLGZNM.exe
  2⤵
  PID:4708
- C:\Windows\System\GxUETgV.exe
  C:\Windows\System\GxUETgV.exe
  2⤵
  PID:1892
- C:\Windows\System\OFpjusM.exe
  C:\Windows\System\OFpjusM.exe
  2⤵
  PID:5132
- C:\Windows\System\pYqTvHx.exe
  C:\Windows\System\pYqTvHx.exe
  2⤵
  PID:5152
- C:\Windows\System\uXSeQsg.exe
  C:\Windows\System\uXSeQsg.exe
  2⤵
  PID:5176
- C:\Windows\System\JrHDRqc.exe
  C:\Windows\System\JrHDRqc.exe
  2⤵
  PID:5196
- C:\Windows\System\cKRAoKl.exe
  C:\Windows\System\cKRAoKl.exe
  2⤵
  PID:5216
- C:\Windows\System\GIvQIts.exe
  C:\Windows\System\GIvQIts.exe
  2⤵
  PID:5236
- C:\Windows\System\AxxdERp.exe
  C:\Windows\System\AxxdERp.exe
  2⤵
  PID:5256
- C:\Windows\System\lPUZobs.exe
  C:\Windows\System\lPUZobs.exe
  2⤵
  PID:5272
- C:\Windows\System\SBlBKVC.exe
  C:\Windows\System\SBlBKVC.exe
  2⤵
  PID:5292
- C:\Windows\System\vKqpNVC.exe
  C:\Windows\System\vKqpNVC.exe
  2⤵
  PID:5316
- C:\Windows\System\IGDHSiT.exe
  C:\Windows\System\IGDHSiT.exe
  2⤵
  PID:5336
- C:\Windows\System\qBZGVEi.exe
  C:\Windows\System\qBZGVEi.exe
  2⤵
  PID:5352
- C:\Windows\System\aivRxup.exe
  C:\Windows\System\aivRxup.exe
  2⤵
  PID:5372
- C:\Windows\System\AGAOCvV.exe
  C:\Windows\System\AGAOCvV.exe
  2⤵
  PID:5396
- C:\Windows\System\zAzjbTK.exe
  C:\Windows\System\zAzjbTK.exe
  2⤵
  PID:5416
- C:\Windows\System\GUIkKbl.exe
  C:\Windows\System\GUIkKbl.exe
  2⤵
  PID:5432
- C:\Windows\System\HQvEqiD.exe
  C:\Windows\System\HQvEqiD.exe
  2⤵
  PID:5452
- C:\Windows\System\GasipBm.exe
  C:\Windows\System\GasipBm.exe
  2⤵
  PID:5476
- C:\Windows\System\uuVJinE.exe
  C:\Windows\System\uuVJinE.exe
  2⤵
  PID:5492
- C:\Windows\System\uNRyWwK.exe
  C:\Windows\System\uNRyWwK.exe
  2⤵
  PID:5516
- C:\Windows\System\NdhOyUZ.exe
  C:\Windows\System\NdhOyUZ.exe
  2⤵
  PID:5532
- C:\Windows\System\cWxhWWy.exe
  C:\Windows\System\cWxhWWy.exe
  2⤵
  PID:5556
- C:\Windows\System\wlGtGoR.exe
  C:\Windows\System\wlGtGoR.exe
  2⤵
  PID:5576
- C:\Windows\System\yrFcLeL.exe
  C:\Windows\System\yrFcLeL.exe
  2⤵
  PID:5596
- C:\Windows\System\qgvgDKm.exe
  C:\Windows\System\qgvgDKm.exe
  2⤵
  PID:5616
- C:\Windows\System\xnUVTAh.exe
  C:\Windows\System\xnUVTAh.exe
  2⤵
  PID:5636
- C:\Windows\System\zeVoVXq.exe
  C:\Windows\System\zeVoVXq.exe
  2⤵
  PID:5656
- C:\Windows\System\bjhmyPo.exe
  C:\Windows\System\bjhmyPo.exe
  2⤵
  PID:5680
- C:\Windows\System\dHOtyUM.exe
  C:\Windows\System\dHOtyUM.exe
  2⤵
  PID:5696
- C:\Windows\System\khcMvTF.exe
  C:\Windows\System\khcMvTF.exe
  2⤵
  PID:5720
- C:\Windows\System\gfiDoyg.exe
  C:\Windows\System\gfiDoyg.exe
  2⤵
  PID:5736
- C:\Windows\System\qOBQvDf.exe
  C:\Windows\System\qOBQvDf.exe
  2⤵
  PID:5760
- C:\Windows\System\jBVBAIl.exe
  C:\Windows\System\jBVBAIl.exe
  2⤵
  PID:5780
- C:\Windows\System\hwRpIAn.exe
  C:\Windows\System\hwRpIAn.exe
  2⤵
  PID:5800
- C:\Windows\System\UcIyZCo.exe
  C:\Windows\System\UcIyZCo.exe
  2⤵
  PID:5820
- C:\Windows\System\YDomoOD.exe
  C:\Windows\System\YDomoOD.exe
  2⤵
  PID:5840
- C:\Windows\System\wzrZfbd.exe
  C:\Windows\System\wzrZfbd.exe
  2⤵
  PID:5856
- C:\Windows\System\hOjFZfa.exe
  C:\Windows\System\hOjFZfa.exe
  2⤵
  PID:5876
- C:\Windows\System\GgbgxJU.exe
  C:\Windows\System\GgbgxJU.exe
  2⤵
  PID:5896
- C:\Windows\System\nuhvozw.exe
  C:\Windows\System\nuhvozw.exe
  2⤵
  PID:5916
- C:\Windows\System\WEFSezv.exe
  C:\Windows\System\WEFSezv.exe
  2⤵
  PID:5936
- C:\Windows\System\dYBISGP.exe
  C:\Windows\System\dYBISGP.exe
  2⤵
  PID:5960
- C:\Windows\System\amWLuyn.exe
  C:\Windows\System\amWLuyn.exe
  2⤵
  PID:5976
- C:\Windows\System\lqnzZzj.exe
  C:\Windows\System\lqnzZzj.exe
  2⤵
  PID:5992
- C:\Windows\System\QwvFRrX.exe
  C:\Windows\System\QwvFRrX.exe
  2⤵
  PID:6020
- C:\Windows\System\tHsNFJI.exe
  C:\Windows\System\tHsNFJI.exe
  2⤵
  PID:6036
- C:\Windows\System\JORUWuh.exe
  C:\Windows\System\JORUWuh.exe
  2⤵
  PID:6052
- C:\Windows\System\mvwpjLw.exe
  C:\Windows\System\mvwpjLw.exe
  2⤵
  PID:6076
- C:\Windows\System\PtgrDyx.exe
  C:\Windows\System\PtgrDyx.exe
  2⤵
  PID:6096
- C:\Windows\System\dqoCgPX.exe
  C:\Windows\System\dqoCgPX.exe
  2⤵
  PID:6120
- C:\Windows\System\aWNGRHE.exe
  C:\Windows\System\aWNGRHE.exe
  2⤵
  PID:6136
- C:\Windows\System\RCDrfFP.exe
  C:\Windows\System\RCDrfFP.exe
  2⤵
  PID:4888
- C:\Windows\System\sJhlteG.exe
  C:\Windows\System\sJhlteG.exe
  2⤵
  PID:3620
- C:\Windows\System\oIDmzRQ.exe
  C:\Windows\System\oIDmzRQ.exe
  2⤵
  PID:3320
- C:\Windows\System\jyZBYCr.exe
  C:\Windows\System\jyZBYCr.exe
  2⤵
  PID:5012
- C:\Windows\System\PWaKXVP.exe
  C:\Windows\System\PWaKXVP.exe
  2⤵
  PID:5100
- C:\Windows\System\gtKohDb.exe
  C:\Windows\System\gtKohDb.exe
  2⤵
  PID:4100
- C:\Windows\System\kosPIvY.exe
  C:\Windows\System\kosPIvY.exe
  2⤵
  PID:4328
- C:\Windows\System\WErVMJn.exe
  C:\Windows\System\WErVMJn.exe
  2⤵
  PID:4776
- C:\Windows\System\QwdgRdw.exe
  C:\Windows\System\QwdgRdw.exe
  2⤵
  PID:4820
- C:\Windows\System\nCehmwH.exe
  C:\Windows\System\nCehmwH.exe
  2⤵
  PID:4320
- C:\Windows\System\ogUWkZx.exe
  C:\Windows\System\ogUWkZx.exe
  2⤵
  PID:4864
- C:\Windows\System\urGDzZr.exe
  C:\Windows\System\urGDzZr.exe
  2⤵
  PID:2256
- C:\Windows\System\GugGyfJ.exe
  C:\Windows\System\GugGyfJ.exe
  2⤵
  PID:5124
- C:\Windows\System\pHDfpVe.exe
  C:\Windows\System\pHDfpVe.exe
  2⤵
  PID:2896
- C:\Windows\System\fUgUOJo.exe
  C:\Windows\System\fUgUOJo.exe
  2⤵
  PID:5208
- C:\Windows\System\WfoUVDC.exe
  C:\Windows\System\WfoUVDC.exe
  2⤵
  PID:5300
- C:\Windows\System\RkGYLNq.exe
  C:\Windows\System\RkGYLNq.exe
  2⤵
  PID:5248
- C:\Windows\System\hgkPfzz.exe
  C:\Windows\System\hgkPfzz.exe
  2⤵
  PID:5280
- C:\Windows\System\IARMcJR.exe
  C:\Windows\System\IARMcJR.exe
  2⤵
  PID:5384
- C:\Windows\System\dwvZhII.exe
  C:\Windows\System\dwvZhII.exe
  2⤵
  PID:5428
- C:\Windows\System\sdMXhcZ.exe
  C:\Windows\System\sdMXhcZ.exe
  2⤵
  PID:5468
- C:\Windows\System\AwQpjlv.exe
  C:\Windows\System\AwQpjlv.exe
  2⤵
  PID:5412
- C:\Windows\System\nKCJVAp.exe
  C:\Windows\System\nKCJVAp.exe
  2⤵
  PID:5504
- C:\Windows\System\EKuUHDo.exe
  C:\Windows\System\EKuUHDo.exe
  2⤵
  PID:5540
- C:\Windows\System\azQGEru.exe
  C:\Windows\System\azQGEru.exe
  2⤵
  PID:5524
- C:\Windows\System\xulymzD.exe
  C:\Windows\System\xulymzD.exe
  2⤵
  PID:5628
- C:\Windows\System\pMMarLO.exe
  C:\Windows\System\pMMarLO.exe
  2⤵
  PID:5564
- C:\Windows\System\aXmNcsy.exe
  C:\Windows\System\aXmNcsy.exe
  2⤵
  PID:5652
- C:\Windows\System\EUlWLWc.exe
  C:\Windows\System\EUlWLWc.exe
  2⤵
  PID:5704
- C:\Windows\System\fWlGtPr.exe
  C:\Windows\System\fWlGtPr.exe
  2⤵
  PID:5688
- C:\Windows\System\QHkgufy.exe
  C:\Windows\System\QHkgufy.exe
  2⤵
  PID:5728
- C:\Windows\System\RaVUpPv.exe
  C:\Windows\System\RaVUpPv.exe
  2⤵
  PID:5792
- C:\Windows\System\HbwYAEq.exe
  C:\Windows\System\HbwYAEq.exe
  2⤵
  PID:5808
- C:\Windows\System\bjEGDem.exe
  C:\Windows\System\bjEGDem.exe
  2⤵
  PID:5872
- C:\Windows\System\bLeKVmF.exe
  C:\Windows\System\bLeKVmF.exe
  2⤵
  PID:5848
- C:\Windows\System\dwqJCDF.exe
  C:\Windows\System\dwqJCDF.exe
  2⤵
  PID:5952
- C:\Windows\System\mKJeBii.exe
  C:\Windows\System\mKJeBii.exe
  2⤵
  PID:5984
- C:\Windows\System\ZUzrUAh.exe
  C:\Windows\System\ZUzrUAh.exe
  2⤵
  PID:5928
- C:\Windows\System\RMoIFZC.exe
  C:\Windows\System\RMoIFZC.exe
  2⤵
  PID:6028
- C:\Windows\System\KFVGrdH.exe
  C:\Windows\System\KFVGrdH.exe
  2⤵
  PID:3044
- C:\Windows\System\sBiKLqw.exe
  C:\Windows\System\sBiKLqw.exe
  2⤵
  PID:2708
- C:\Windows\System\THVYlyX.exe
  C:\Windows\System\THVYlyX.exe
  2⤵
  PID:6000
- C:\Windows\System\nlBXGVJ.exe
  C:\Windows\System\nlBXGVJ.exe
  2⤵
  PID:6048
- C:\Windows\System\qAKdvqd.exe
  C:\Windows\System\qAKdvqd.exe
  2⤵
  PID:4912
- C:\Windows\System\KwhBzYQ.exe
  C:\Windows\System\KwhBzYQ.exe
  2⤵
  PID:4840
- C:\Windows\System\WhIOQNY.exe
  C:\Windows\System\WhIOQNY.exe
  2⤵
  PID:5076
- C:\Windows\System\sckHRqt.exe
  C:\Windows\System\sckHRqt.exe
  2⤵
  PID:4412
- C:\Windows\System\tvzFROW.exe
  C:\Windows\System\tvzFROW.exe
  2⤵
  PID:4004
- C:\Windows\System\EbQwHZn.exe
  C:\Windows\System\EbQwHZn.exe
  2⤵
  PID:2868
- C:\Windows\System\DXxIfeb.exe
  C:\Windows\System\DXxIfeb.exe
  2⤵
  PID:4028
- C:\Windows\System\LFuGped.exe
  C:\Windows\System\LFuGped.exe
  2⤵
  PID:2980
- C:\Windows\System\yQIXhRD.exe
  C:\Windows\System\yQIXhRD.exe
  2⤵
  PID:5264
- C:\Windows\System\UHnXkIM.exe
  C:\Windows\System\UHnXkIM.exe
  2⤵
  PID:4204
- C:\Windows\System\WsnNLtw.exe
  C:\Windows\System\WsnNLtw.exe
  2⤵
  PID:344
- C:\Windows\System\sxZgyfj.exe
  C:\Windows\System\sxZgyfj.exe
  2⤵
  PID:5228
- C:\Windows\System\pulwTSK.exe
  C:\Windows\System\pulwTSK.exe
  2⤵
  PID:5212
- C:\Windows\System\ZxpmSbe.exe
  C:\Windows\System\ZxpmSbe.exe
  2⤵
  PID:5424
- C:\Windows\System\kDPEgAM.exe
  C:\Windows\System\kDPEgAM.exe
  2⤵
  PID:5460
- C:\Windows\System\hqgpWCd.exe
  C:\Windows\System\hqgpWCd.exe
  2⤵
  PID:5464
- C:\Windows\System\DEZzOmk.exe
  C:\Windows\System\DEZzOmk.exe
  2⤵
  PID:5552
- C:\Windows\System\ZFenUsA.exe
  C:\Windows\System\ZFenUsA.exe
  2⤵
  PID:5604
- C:\Windows\System\wdmOUrT.exe
  C:\Windows\System\wdmOUrT.exe
  2⤵
  PID:5624
- C:\Windows\System\IiWGfCi.exe
  C:\Windows\System\IiWGfCi.exe
  2⤵
  PID:5648
- C:\Windows\System\LOfXnUS.exe
  C:\Windows\System\LOfXnUS.exe
  2⤵
  PID:5692
- C:\Windows\System\iOTtLgh.exe
  C:\Windows\System\iOTtLgh.exe
  2⤵
  PID:5768
- C:\Windows\System\LUxFySU.exe
  C:\Windows\System\LUxFySU.exe
  2⤵
  PID:5908
- C:\Windows\System\XrKIMNJ.exe
  C:\Windows\System\XrKIMNJ.exe
  2⤵
  PID:5884
- C:\Windows\System\PcJIzWj.exe
  C:\Windows\System\PcJIzWj.exe
  2⤵
  PID:5832
- C:\Windows\System\GREtrCt.exe
  C:\Windows\System\GREtrCt.exe
  2⤵
  PID:6068
- C:\Windows\System\qNdBWHT.exe
  C:\Windows\System\qNdBWHT.exe
  2⤵
  PID:6060
- C:\Windows\System\gHzpPHq.exe
  C:\Windows\System\gHzpPHq.exe
  2⤵
  PID:2712
- C:\Windows\System\YkvfCEd.exe
  C:\Windows\System\YkvfCEd.exe
  2⤵
  PID:6084
- C:\Windows\System\AnJoSxU.exe
  C:\Windows\System\AnJoSxU.exe
  2⤵
  PID:6044
- C:\Windows\System\reUCkyJ.exe
  C:\Windows\System\reUCkyJ.exe
  2⤵
  PID:1500
- C:\Windows\System\VMsXivF.exe
  C:\Windows\System\VMsXivF.exe
  2⤵
  PID:4548
- C:\Windows\System\kmbxoIS.exe
  C:\Windows\System\kmbxoIS.exe
  2⤵
  PID:5188
- C:\Windows\System\uOwbriD.exe
  C:\Windows\System\uOwbriD.exe
  2⤵
  PID:5192
- C:\Windows\System\UarJXEL.exe
  C:\Windows\System\UarJXEL.exe
  2⤵
  PID:5224
- C:\Windows\System\ssSsmfh.exe
  C:\Windows\System\ssSsmfh.exe
  2⤵
  PID:5144
- C:\Windows\System\hZuwozX.exe
  C:\Windows\System\hZuwozX.exe
  2⤵
  PID:5164
- C:\Windows\System\evXOdiU.exe
  C:\Windows\System\evXOdiU.exe
  2⤵
  PID:5500
- C:\Windows\System\cgWWHli.exe
  C:\Windows\System\cgWWHli.exe
  2⤵
  PID:5408
- C:\Windows\System\yhdJSja.exe
  C:\Windows\System\yhdJSja.exe
  2⤵
  PID:5676
- C:\Windows\System\nAwGJuv.exe
  C:\Windows\System\nAwGJuv.exe
  2⤵
  PID:5716
- C:\Windows\System\aQwUMtr.exe
  C:\Windows\System\aQwUMtr.exe
  2⤵
  PID:5772
- C:\Windows\System\GnaWrkb.exe
  C:\Windows\System\GnaWrkb.exe
  2⤵
  PID:5932
- C:\Windows\System\FQHoynO.exe
  C:\Windows\System\FQHoynO.exe
  2⤵
  PID:5944
- C:\Windows\System\ynJlpZo.exe
  C:\Windows\System\ynJlpZo.exe
  2⤵
  PID:6012
- C:\Windows\System\cDucdcZ.exe
  C:\Windows\System\cDucdcZ.exe
  2⤵
  PID:5816
- C:\Windows\System\GsOrXYE.exe
  C:\Windows\System\GsOrXYE.exe
  2⤵
  PID:5040
- C:\Windows\System\fbbcpZa.exe
  C:\Windows\System\fbbcpZa.exe
  2⤵
  PID:4844
- C:\Windows\System\pPLlVMX.exe
  C:\Windows\System\pPLlVMX.exe
  2⤵
  PID:5380
- C:\Windows\System\SsCUZuy.exe
  C:\Windows\System\SsCUZuy.exe
  2⤵
  PID:3680
- C:\Windows\System\cRcJXES.exe
  C:\Windows\System\cRcJXES.exe
  2⤵
  PID:5232
- C:\Windows\System\wrUOgTY.exe
  C:\Windows\System\wrUOgTY.exe
  2⤵
  PID:5608
- C:\Windows\System\QpVLecp.exe
  C:\Windows\System\QpVLecp.exe
  2⤵
  PID:5348
- C:\Windows\System\qJcjBfC.exe
  C:\Windows\System\qJcjBfC.exe
  2⤵
  PID:5828
- C:\Windows\System\SbIqMfC.exe
  C:\Windows\System\SbIqMfC.exe
  2⤵
  PID:5968
- C:\Windows\System\zEqtrdU.exe
  C:\Windows\System\zEqtrdU.exe
  2⤵
  PID:3600
- C:\Windows\System\IDxzxcJ.exe
  C:\Windows\System\IDxzxcJ.exe
  2⤵
  PID:5904
- C:\Windows\System\mRRHkbL.exe
  C:\Windows\System\mRRHkbL.exe
  2⤵
  PID:4404
- C:\Windows\System\yRtrVMU.exe
  C:\Windows\System\yRtrVMU.exe
  2⤵
  PID:6092
- C:\Windows\System\YMDHNzZ.exe
  C:\Windows\System\YMDHNzZ.exe
  2⤵
  PID:6160
- C:\Windows\System\oCCECjC.exe
  C:\Windows\System\oCCECjC.exe
  2⤵
  PID:6180
- C:\Windows\System\DPSdTjA.exe
  C:\Windows\System\DPSdTjA.exe
  2⤵
  PID:6200
- C:\Windows\System\MuhXhUc.exe
  C:\Windows\System\MuhXhUc.exe
  2⤵
  PID:6220
- C:\Windows\System\fNsfocd.exe
  C:\Windows\System\fNsfocd.exe
  2⤵
  PID:6240
- C:\Windows\System\BmJMCFJ.exe
  C:\Windows\System\BmJMCFJ.exe
  2⤵
  PID:6260
- C:\Windows\System\lhhOxea.exe
  C:\Windows\System\lhhOxea.exe
  2⤵
  PID:6280
- C:\Windows\System\bixBQkU.exe
  C:\Windows\System\bixBQkU.exe
  2⤵
  PID:6300
- C:\Windows\System\mbMJjcJ.exe
  C:\Windows\System\mbMJjcJ.exe
  2⤵
  PID:6320
- C:\Windows\System\BYLzeSq.exe
  C:\Windows\System\BYLzeSq.exe
  2⤵
  PID:6340
- C:\Windows\System\ijqXiKI.exe
  C:\Windows\System\ijqXiKI.exe
  2⤵
  PID:6356
- C:\Windows\System\ONEfcyA.exe
  C:\Windows\System\ONEfcyA.exe
  2⤵
  PID:6380
- C:\Windows\System\qRbVpAM.exe
  C:\Windows\System\qRbVpAM.exe
  2⤵
  PID:6400
- C:\Windows\System\SNvbZUK.exe
  C:\Windows\System\SNvbZUK.exe
  2⤵
  PID:6420
- C:\Windows\System\LmdGxmS.exe
  C:\Windows\System\LmdGxmS.exe
  2⤵
  PID:6440
- C:\Windows\System\jnMpyVo.exe
  C:\Windows\System\jnMpyVo.exe
  2⤵
  PID:6460
- C:\Windows\System\GUazPwS.exe
  C:\Windows\System\GUazPwS.exe
  2⤵
  PID:6480
- C:\Windows\System\MBINtCu.exe
  C:\Windows\System\MBINtCu.exe
  2⤵
  PID:6500
- C:\Windows\System\xZNXLeu.exe
  C:\Windows\System\xZNXLeu.exe
  2⤵
  PID:6520
- C:\Windows\System\Ttnjopz.exe
  C:\Windows\System\Ttnjopz.exe
  2⤵
  PID:6540
- C:\Windows\System\Clpdrxu.exe
  C:\Windows\System\Clpdrxu.exe
  2⤵
  PID:6560
- C:\Windows\System\EWbTERX.exe
  C:\Windows\System\EWbTERX.exe
  2⤵
  PID:6580
- C:\Windows\System\CejxLOK.exe
  C:\Windows\System\CejxLOK.exe
  2⤵
  PID:6600
- C:\Windows\System\KTDWbip.exe
  C:\Windows\System\KTDWbip.exe
  2⤵
  PID:6620
- C:\Windows\System\aFwqkxn.exe
  C:\Windows\System\aFwqkxn.exe
  2⤵
  PID:6640
- C:\Windows\System\HgNDapD.exe
  C:\Windows\System\HgNDapD.exe
  2⤵
  PID:6660
- C:\Windows\System\RTwOhpI.exe
  C:\Windows\System\RTwOhpI.exe
  2⤵
  PID:6680
- C:\Windows\System\wKltYqg.exe
  C:\Windows\System\wKltYqg.exe
  2⤵
  PID:6700
- C:\Windows\System\EHuonfC.exe
  C:\Windows\System\EHuonfC.exe
  2⤵
  PID:6720
- C:\Windows\System\YkjtSVv.exe
  C:\Windows\System\YkjtSVv.exe
  2⤵
  PID:6740
- C:\Windows\System\bnmtBne.exe
  C:\Windows\System\bnmtBne.exe
  2⤵
  PID:6760
- C:\Windows\System\xyiMyEe.exe
  C:\Windows\System\xyiMyEe.exe
  2⤵
  PID:6780
- C:\Windows\System\bkLwgie.exe
  C:\Windows\System\bkLwgie.exe
  2⤵
  PID:6804
- C:\Windows\System\JfsZpoZ.exe
  C:\Windows\System\JfsZpoZ.exe
  2⤵
  PID:6824
- C:\Windows\System\NKQJCXt.exe
  C:\Windows\System\NKQJCXt.exe
  2⤵
  PID:6844
- C:\Windows\System\uMeTGdw.exe
  C:\Windows\System\uMeTGdw.exe
  2⤵
  PID:6864
- C:\Windows\System\wYGLIUV.exe
  C:\Windows\System\wYGLIUV.exe
  2⤵
  PID:6884
- C:\Windows\System\YnHmJuI.exe
  C:\Windows\System\YnHmJuI.exe
  2⤵
  PID:6904
- C:\Windows\System\UxsjNmW.exe
  C:\Windows\System\UxsjNmW.exe
  2⤵
  PID:6924
- C:\Windows\System\xletQWp.exe
  C:\Windows\System\xletQWp.exe
  2⤵
  PID:6944
- C:\Windows\System\vZYLalV.exe
  C:\Windows\System\vZYLalV.exe
  2⤵
  PID:6964
- C:\Windows\System\yqsRrLG.exe
  C:\Windows\System\yqsRrLG.exe
  2⤵
  PID:6984
- C:\Windows\System\wFqCtXC.exe
  C:\Windows\System\wFqCtXC.exe
  2⤵
  PID:7004
- C:\Windows\System\SYxsdnI.exe
  C:\Windows\System\SYxsdnI.exe
  2⤵
  PID:7024
- C:\Windows\System\qvDZUAz.exe
  C:\Windows\System\qvDZUAz.exe
  2⤵
  PID:7044
- C:\Windows\System\bxOBxju.exe
  C:\Windows\System\bxOBxju.exe
  2⤵
  PID:7064
- C:\Windows\System\vnURIYQ.exe
  C:\Windows\System\vnURIYQ.exe
  2⤵
  PID:7084
- C:\Windows\System\JoSZmyT.exe
  C:\Windows\System\JoSZmyT.exe
  2⤵
  PID:7104
- C:\Windows\System\nNLzDLu.exe
  C:\Windows\System\nNLzDLu.exe
  2⤵
  PID:7124
- C:\Windows\System\IMpKzbJ.exe
  C:\Windows\System\IMpKzbJ.exe
  2⤵
  PID:7144
- C:\Windows\System\ovhoBwF.exe
  C:\Windows\System\ovhoBwF.exe
  2⤵
  PID:7164
- C:\Windows\System\TRoUuPu.exe
  C:\Windows\System\TRoUuPu.exe
  2⤵
  PID:5584
- C:\Windows\System\WDnwhKX.exe
  C:\Windows\System\WDnwhKX.exe
  2⤵
  PID:5440
- C:\Windows\System\GQyutnM.exe
  C:\Windows\System\GQyutnM.exe
  2⤵
  PID:5756
- C:\Windows\System\YyUtUOV.exe
  C:\Windows\System\YyUtUOV.exe
  2⤵
  PID:2692
- C:\Windows\System\CNSuIjG.exe
  C:\Windows\System\CNSuIjG.exe
  2⤵
  PID:6108
- C:\Windows\System\MBkMneU.exe
  C:\Windows\System\MBkMneU.exe
  2⤵
  PID:6156
- C:\Windows\System\GnJdsqs.exe
  C:\Windows\System\GnJdsqs.exe
  2⤵
  PID:6168
- C:\Windows\System\VsDABQe.exe
  C:\Windows\System\VsDABQe.exe
  2⤵
  PID:6172
- C:\Windows\System\fyYRDSb.exe
  C:\Windows\System\fyYRDSb.exe
  2⤵
  PID:6236
- C:\Windows\System\USvmhjb.exe
  C:\Windows\System\USvmhjb.exe
  2⤵
  PID:6256
- C:\Windows\System\DDmyDdB.exe
  C:\Windows\System\DDmyDdB.exe
  2⤵
  PID:6316
- C:\Windows\System\hmRxUtK.exe
  C:\Windows\System\hmRxUtK.exe
  2⤵
  PID:6336
- C:\Windows\System\sWNkhjI.exe
  C:\Windows\System\sWNkhjI.exe
  2⤵
  PID:6368
- C:\Windows\System\fbrRjRq.exe
  C:\Windows\System\fbrRjRq.exe
  2⤵
  PID:6392
- C:\Windows\System\FieBSxb.exe
  C:\Windows\System\FieBSxb.exe
  2⤵
  PID:6412
- C:\Windows\System\aCohSyd.exe
  C:\Windows\System\aCohSyd.exe
  2⤵
  PID:6468
- C:\Windows\System\QARaqPu.exe
  C:\Windows\System\QARaqPu.exe
  2⤵
  PID:6488
- C:\Windows\System\VeVSBDV.exe
  C:\Windows\System\VeVSBDV.exe
  2⤵
  PID:6512
- C:\Windows\System\ZVdtwOO.exe
  C:\Windows\System\ZVdtwOO.exe
  2⤵
  PID:6532
- C:\Windows\System\jZmWnsj.exe
  C:\Windows\System\jZmWnsj.exe
  2⤵
  PID:6588
- C:\Windows\System\sAtprtf.exe
  C:\Windows\System\sAtprtf.exe
  2⤵
  PID:6608
- C:\Windows\System\IkcmPfw.exe
  C:\Windows\System\IkcmPfw.exe
  2⤵
  PID:6668
- C:\Windows\System\VFAVcjg.exe
  C:\Windows\System\VFAVcjg.exe
  2⤵
  PID:6688
- C:\Windows\System\NQPvsWs.exe
  C:\Windows\System\NQPvsWs.exe
  2⤵
  PID:6712
- C:\Windows\System\MFXBqnr.exe
  C:\Windows\System\MFXBqnr.exe
  2⤵
  PID:6752
- C:\Windows\System\LVaNFIb.exe
  C:\Windows\System\LVaNFIb.exe
  2⤵
  PID:6772
- C:\Windows\System\kWpZMqV.exe
  C:\Windows\System\kWpZMqV.exe
  2⤵
  PID:6816
- C:\Windows\System\ucnBYdi.exe
  C:\Windows\System\ucnBYdi.exe
  2⤵
  PID:6872
- C:\Windows\System\RMXTdXF.exe
  C:\Windows\System\RMXTdXF.exe
  2⤵
  PID:6900
- C:\Windows\System\rPnyWjG.exe
  C:\Windows\System\rPnyWjG.exe
  2⤵
  PID:6932
- C:\Windows\System\pXHtsqJ.exe
  C:\Windows\System\pXHtsqJ.exe
  2⤵
  PID:6956
- C:\Windows\System\HdIabDp.exe
  C:\Windows\System\HdIabDp.exe
  2⤵
  PID:7000
- C:\Windows\System\thjlVwQ.exe
  C:\Windows\System\thjlVwQ.exe
  2⤵
  PID:7020
- C:\Windows\System\UhJEnAD.exe
  C:\Windows\System\UhJEnAD.exe
  2⤵
  PID:7060
- C:\Windows\System\RlXOGrC.exe
  C:\Windows\System\RlXOGrC.exe
  2⤵
  PID:7092
- C:\Windows\System\fJAWKle.exe
  C:\Windows\System\fJAWKle.exe
  2⤵
  PID:7116
- C:\Windows\System\VNeUORa.exe
  C:\Windows\System\VNeUORa.exe
  2⤵
  PID:7140
- C:\Windows\System\ffKNueO.exe
  C:\Windows\System\ffKNueO.exe
  2⤵
  PID:5488
- C:\Windows\System\TFPfynd.exe
  C:\Windows\System\TFPfynd.exe
  2⤵
  PID:5948
- C:\Windows\System\aAcsfGW.exe
  C:\Windows\System\aAcsfGW.exe
  2⤵
  PID:3284
- C:\Windows\System\NucIQze.exe
  C:\Windows\System\NucIQze.exe
  2⤵
  PID:5184
- C:\Windows\System\SHxSqkX.exe
  C:\Windows\System\SHxSqkX.exe
  2⤵
  PID:6152
- C:\Windows\System\CknnzfX.exe
  C:\Windows\System\CknnzfX.exe
  2⤵
  PID:6212
- C:\Windows\System\XDQEXsI.exe
  C:\Windows\System\XDQEXsI.exe
  2⤵
  PID:6288
- C:\Windows\System\pAmIOFS.exe
  C:\Windows\System\pAmIOFS.exe
  2⤵
  PID:6364
- C:\Windows\System\JQjGmjw.exe
  C:\Windows\System\JQjGmjw.exe
  2⤵
  PID:2876
- C:\Windows\System\ioImexD.exe
  C:\Windows\System\ioImexD.exe
  2⤵
  PID:6456
- C:\Windows\System\XpdMVMJ.exe
  C:\Windows\System\XpdMVMJ.exe
  2⤵
  PID:6516
- C:\Windows\System\khwLmEa.exe
  C:\Windows\System\khwLmEa.exe
  2⤵
  PID:6548
- C:\Windows\System\JZiwAgx.exe
  C:\Windows\System\JZiwAgx.exe
  2⤵
  PID:6628
- C:\Windows\System\IwAnMrf.exe
  C:\Windows\System\IwAnMrf.exe
  2⤵
  PID:6652
- C:\Windows\System\VmFzQzc.exe
  C:\Windows\System\VmFzQzc.exe
  2⤵
  PID:6708
- C:\Windows\System\YFqadjb.exe
  C:\Windows\System\YFqadjb.exe
  2⤵
  PID:6756
- C:\Windows\System\mKCWNRi.exe
  C:\Windows\System\mKCWNRi.exe
  2⤵
  PID:6852
- C:\Windows\System\nlWdPMk.exe
  C:\Windows\System\nlWdPMk.exe
  2⤵
  PID:6896
- C:\Windows\System\jtUbcup.exe
  C:\Windows\System\jtUbcup.exe
  2⤵
  PID:6980
- C:\Windows\System\wFIqnSw.exe
  C:\Windows\System\wFIqnSw.exe
  2⤵
  PID:6952
- C:\Windows\System\jWjmMTJ.exe
  C:\Windows\System\jWjmMTJ.exe
  2⤵
  PID:7096
- C:\Windows\System\TOLmfWt.exe
  C:\Windows\System\TOLmfWt.exe
  2⤵
  PID:7076
- C:\Windows\System\DAMORfr.exe
  C:\Windows\System\DAMORfr.exe
  2⤵
  PID:5288
- C:\Windows\System\CxPCQeU.exe
  C:\Windows\System\CxPCQeU.exe
  2⤵
  PID:924
- C:\Windows\System\jJEGWwX.exe
  C:\Windows\System\jJEGWwX.exe
  2⤵
  PID:5888
- C:\Windows\System\KjgOziR.exe
  C:\Windows\System\KjgOziR.exe
  2⤵
  PID:6196
- C:\Windows\System\QAaNRPw.exe
  C:\Windows\System\QAaNRPw.exe
  2⤵
  PID:6308
- C:\Windows\System\KJqcylW.exe
  C:\Windows\System\KJqcylW.exe
  2⤵
  PID:2956
- C:\Windows\System\KryJEmo.exe
  C:\Windows\System\KryJEmo.exe
  2⤵
  PID:6432
- C:\Windows\System\sRnBQEJ.exe
  C:\Windows\System\sRnBQEJ.exe
  2⤵
  PID:6568
- C:\Windows\System\ADRWVSu.exe
  C:\Windows\System\ADRWVSu.exe
  2⤵
  PID:6676
- C:\Windows\System\CFOxhMi.exe
  C:\Windows\System\CFOxhMi.exe
  2⤵
  PID:6572
- C:\Windows\System\rfQBsDK.exe
  C:\Windows\System\rfQBsDK.exe
  2⤵
  PID:6748
- C:\Windows\System\CrFDycC.exe
  C:\Windows\System\CrFDycC.exe
  2⤵
  PID:6788
- C:\Windows\System\WYsDIHP.exe
  C:\Windows\System\WYsDIHP.exe
  2⤵
  PID:7120
- C:\Windows\System\jLfYjJC.exe
  C:\Windows\System\jLfYjJC.exe
  2⤵
  PID:6832
- C:\Windows\System\qlXkJve.exe
  C:\Windows\System\qlXkJve.exe
  2⤵
  PID:5244
- C:\Windows\System\gfFcNTR.exe
  C:\Windows\System\gfFcNTR.exe
  2⤵
  PID:1492
- C:\Windows\System\PaallDD.exe
  C:\Windows\System\PaallDD.exe
  2⤵
  PID:6272
- C:\Windows\System\XQonkdk.exe
  C:\Windows\System\XQonkdk.exe
  2⤵
  PID:6492
- C:\Windows\System\AAfatkh.exe
  C:\Windows\System\AAfatkh.exe
  2⤵
  PID:6716
- C:\Windows\System\VtSzDcO.exe
  C:\Windows\System\VtSzDcO.exe
  2⤵
  PID:6800
- C:\Windows\System\fyjLNFe.exe
  C:\Windows\System\fyjLNFe.exe
  2⤵
  PID:6836
- C:\Windows\System\ogBYEzD.exe
  C:\Windows\System\ogBYEzD.exe
  2⤵
  PID:7180
- C:\Windows\System\IvAVZEV.exe
  C:\Windows\System\IvAVZEV.exe
  2⤵
  PID:7204
- C:\Windows\System\ekEkBOX.exe
  C:\Windows\System\ekEkBOX.exe
  2⤵
  PID:7224
- C:\Windows\System\YfOKvPi.exe
  C:\Windows\System\YfOKvPi.exe
  2⤵
  PID:7244
- C:\Windows\System\TumvRZn.exe
  C:\Windows\System\TumvRZn.exe
  2⤵
  PID:7264
- C:\Windows\System\ggtfHbh.exe
  C:\Windows\System\ggtfHbh.exe
  2⤵
  PID:7284
- C:\Windows\System\fPMvfgc.exe
  C:\Windows\System\fPMvfgc.exe
  2⤵
  PID:7304
- C:\Windows\System\pahdxYE.exe
  C:\Windows\System\pahdxYE.exe
  2⤵
  PID:7324
- C:\Windows\System\NMpbJsc.exe
  C:\Windows\System\NMpbJsc.exe
  2⤵
  PID:7344
- C:\Windows\System\QWnHDir.exe
  C:\Windows\System\QWnHDir.exe
  2⤵
  PID:7364
- C:\Windows\System\bfsYiGE.exe
  C:\Windows\System\bfsYiGE.exe
  2⤵
  PID:7384
- C:\Windows\System\vMeUnkw.exe
  C:\Windows\System\vMeUnkw.exe
  2⤵
  PID:7400
- C:\Windows\System\MVwfPIV.exe
  C:\Windows\System\MVwfPIV.exe
  2⤵
  PID:7424
- C:\Windows\System\bkgBRSt.exe
  C:\Windows\System\bkgBRSt.exe
  2⤵
  PID:7444
- C:\Windows\System\mzTVQsq.exe
  C:\Windows\System\mzTVQsq.exe
  2⤵
  PID:7464
- C:\Windows\System\CioujbB.exe
  C:\Windows\System\CioujbB.exe
  2⤵
  PID:7484
- C:\Windows\System\OwfLEPY.exe
  C:\Windows\System\OwfLEPY.exe
  2⤵
  PID:7504
- C:\Windows\System\fiXExsk.exe
  C:\Windows\System\fiXExsk.exe
  2⤵
  PID:7524
- C:\Windows\System\XMpuCEB.exe
  C:\Windows\System\XMpuCEB.exe
  2⤵
  PID:7544
- C:\Windows\System\LrafvQV.exe
  C:\Windows\System\LrafvQV.exe
  2⤵
  PID:7564
- C:\Windows\System\NjXgENQ.exe
  C:\Windows\System\NjXgENQ.exe
  2⤵
  PID:7584
- C:\Windows\System\zAVEtGn.exe
  C:\Windows\System\zAVEtGn.exe
  2⤵
  PID:7600
- C:\Windows\System\ZkFvEhu.exe
  C:\Windows\System\ZkFvEhu.exe
  2⤵
  PID:7620
- C:\Windows\System\HaeHwRB.exe
  C:\Windows\System\HaeHwRB.exe
  2⤵
  PID:7644
- C:\Windows\System\JZwDIgL.exe
  C:\Windows\System\JZwDIgL.exe
  2⤵
  PID:7664
- C:\Windows\System\NcGxEnJ.exe
  C:\Windows\System\NcGxEnJ.exe
  2⤵
  PID:7684
- C:\Windows\System\ZhRzsvv.exe
  C:\Windows\System\ZhRzsvv.exe
  2⤵
  PID:7700
- C:\Windows\System\fSCKbTw.exe
  C:\Windows\System\fSCKbTw.exe
  2⤵
  PID:7724
- C:\Windows\System\bGniIPC.exe
  C:\Windows\System\bGniIPC.exe
  2⤵
  PID:7744
- C:\Windows\System\maXnwAg.exe
  C:\Windows\System\maXnwAg.exe
  2⤵
  PID:7764
- C:\Windows\System\xcljIun.exe
  C:\Windows\System\xcljIun.exe
  2⤵
  PID:7788
- C:\Windows\System\yBwkPgq.exe
  C:\Windows\System\yBwkPgq.exe
  2⤵
  PID:7808
- C:\Windows\System\dYWHrgm.exe
  C:\Windows\System\dYWHrgm.exe
  2⤵
  PID:7840
- C:\Windows\System\ufwWgTB.exe
  C:\Windows\System\ufwWgTB.exe
  2⤵
  PID:7864
- C:\Windows\System\uxQrmOq.exe
  C:\Windows\System\uxQrmOq.exe
  2⤵
  PID:7880
- C:\Windows\System\qNtfQMI.exe
  C:\Windows\System\qNtfQMI.exe
  2⤵
  PID:7900
- C:\Windows\System\nOlhBrl.exe
  C:\Windows\System\nOlhBrl.exe
  2⤵
  PID:7916
- C:\Windows\System\RZIpYtK.exe
  C:\Windows\System\RZIpYtK.exe
  2⤵
  PID:7932
- C:\Windows\System\MfccVKT.exe
  C:\Windows\System\MfccVKT.exe
  2⤵
  PID:7948
- C:\Windows\System\chbSbYT.exe
  C:\Windows\System\chbSbYT.exe
  2⤵
  PID:7968
- C:\Windows\System\serUnpu.exe
  C:\Windows\System\serUnpu.exe
  2⤵
  PID:8004
- C:\Windows\System\mliwQNO.exe
  C:\Windows\System\mliwQNO.exe
  2⤵
  PID:8020
- C:\Windows\System\RIqYJAJ.exe
  C:\Windows\System\RIqYJAJ.exe
  2⤵
  PID:8040
- C:\Windows\System\mIozDGI.exe
  C:\Windows\System\mIozDGI.exe
  2⤵
  PID:8060
- C:\Windows\System\senVhwd.exe
  C:\Windows\System\senVhwd.exe
  2⤵
  PID:8076
- C:\Windows\System\PXhxiFP.exe
  C:\Windows\System\PXhxiFP.exe
  2⤵
  PID:8092
- C:\Windows\System\GIgCUaH.exe
  C:\Windows\System\GIgCUaH.exe
  2⤵
  PID:8108
- C:\Windows\System\lxaQYEY.exe
  C:\Windows\System\lxaQYEY.exe
  2⤵
  PID:8124
- C:\Windows\System\pXdsjZh.exe
  C:\Windows\System\pXdsjZh.exe
  2⤵
  PID:8140
- C:\Windows\System\kgjczUm.exe
  C:\Windows\System\kgjczUm.exe
  2⤵
  PID:8156
- C:\Windows\System\brmqPYi.exe
  C:\Windows\System\brmqPYi.exe
  2⤵
  PID:8172
- C:\Windows\System\TqzXCIW.exe
  C:\Windows\System\TqzXCIW.exe
  2⤵
  PID:8188
- C:\Windows\System\WmMdYUe.exe
  C:\Windows\System\WmMdYUe.exe
  2⤵
  PID:6776
- C:\Windows\System\tiEpNwi.exe
  C:\Windows\System\tiEpNwi.exe
  2⤵
  PID:7052
- C:\Windows\System\CJegOLe.exe
  C:\Windows\System\CJegOLe.exe
  2⤵
  PID:6920
- C:\Windows\System\MMfzqCU.exe
  C:\Windows\System\MMfzqCU.exe
  2⤵
  PID:5588
- C:\Windows\System\TovHIAA.exe
  C:\Windows\System\TovHIAA.exe
  2⤵
  PID:6216
- C:\Windows\System\KIpMRVC.exe
  C:\Windows\System\KIpMRVC.exe
  2⤵
  PID:6292
- C:\Windows\System\OJbuZBK.exe
  C:\Windows\System\OJbuZBK.exe
  2⤵
  PID:6592
- C:\Windows\System\EcOysVX.exe
  C:\Windows\System\EcOysVX.exe
  2⤵
  PID:7200
- C:\Windows\System\TfosiFT.exe
  C:\Windows\System\TfosiFT.exe
  2⤵
  PID:7212
- C:\Windows\System\dQbkYfe.exe
  C:\Windows\System\dQbkYfe.exe
  2⤵
  PID:7260
- C:\Windows\System\kmvbNIn.exe
  C:\Windows\System\kmvbNIn.exe
  2⤵
  PID:7276
- C:\Windows\System\cbuuiWz.exe
  C:\Windows\System\cbuuiWz.exe
  2⤵
  PID:1852
- C:\Windows\System\WfixUIG.exe
  C:\Windows\System\WfixUIG.exe
  2⤵
  PID:1772
- C:\Windows\System\nVarEch.exe
  C:\Windows\System\nVarEch.exe
  2⤵
  PID:7416
- C:\Windows\System\QYxYBUx.exe
  C:\Windows\System\QYxYBUx.exe
  2⤵
  PID:2028
- C:\Windows\System\MUTuDOX.exe
  C:\Windows\System\MUTuDOX.exe
  2⤵
  PID:7512
- C:\Windows\System\jRCjjkb.exe
  C:\Windows\System\jRCjjkb.exe
  2⤵
  PID:7552
- C:\Windows\System\wqdsprP.exe
  C:\Windows\System\wqdsprP.exe
  2⤵
  PID:7560
- C:\Windows\System\pFQprWv.exe
  C:\Windows\System\pFQprWv.exe
  2⤵
  PID:7592
- C:\Windows\System\KoOZBpJ.exe
  C:\Windows\System\KoOZBpJ.exe
  2⤵
  PID:7580
- C:\Windows\System\VyMYlWH.exe
  C:\Windows\System\VyMYlWH.exe
  2⤵
  PID:7640
- C:\Windows\System\bbzCwUm.exe
  C:\Windows\System\bbzCwUm.exe
  2⤵
  PID:7660
- C:\Windows\System\rpmxrZI.exe
  C:\Windows\System\rpmxrZI.exe
  2⤵
  PID:7716
- C:\Windows\System\gfkSYYo.exe
  C:\Windows\System\gfkSYYo.exe
  2⤵
  PID:7740
- C:\Windows\System\UnfgjIK.exe
  C:\Windows\System\UnfgjIK.exe
  2⤵
  PID:7780
- C:\Windows\System\XDlrutK.exe
  C:\Windows\System\XDlrutK.exe
  2⤵
  PID:7800
- C:\Windows\System\yqylKlV.exe
  C:\Windows\System\yqylKlV.exe
  2⤵
  PID:2068
- C:\Windows\System\SUjgxiR.exe
  C:\Windows\System\SUjgxiR.exe
  2⤵
  PID:2532
- C:\Windows\System\PhXpbaJ.exe
  C:\Windows\System\PhXpbaJ.exe
  2⤵
  PID:652
- C:\Windows\System\nTjecQZ.exe
  C:\Windows\System\nTjecQZ.exe
  2⤵
  PID:2044
- C:\Windows\System\jEaveLY.exe
  C:\Windows\System\jEaveLY.exe
  2⤵
  PID:2468
- C:\Windows\System\eADHVnV.exe
  C:\Windows\System\eADHVnV.exe
  2⤵
  PID:2228
- C:\Windows\System\WmKxNFS.exe
  C:\Windows\System\WmKxNFS.exe
  2⤵
  PID:7852
- C:\Windows\System\HfLOdIT.exe
  C:\Windows\System\HfLOdIT.exe
  2⤵
  PID:7908
- C:\Windows\System\SWTWGlh.exe
  C:\Windows\System\SWTWGlh.exe
  2⤵
  PID:7888
- C:\Windows\System\xQiwIqb.exe
  C:\Windows\System\xQiwIqb.exe
  2⤵
  PID:7928
- C:\Windows\System\YLshaap.exe
  C:\Windows\System\YLshaap.exe
  2⤵
  PID:7984
- C:\Windows\System\NNxCeZK.exe
  C:\Windows\System\NNxCeZK.exe
  2⤵
  PID:7992
- C:\Windows\System\OaGBYZI.exe
  C:\Windows\System\OaGBYZI.exe
  2⤵
  PID:8036
- C:\Windows\System\VoREcaD.exe
  C:\Windows\System\VoREcaD.exe
  2⤵
  PID:3408
- C:\Windows\System\tNbOaRp.exe
  C:\Windows\System\tNbOaRp.exe
  2⤵
  PID:920
- C:\Windows\System\WQvsQKX.exe
  C:\Windows\System\WQvsQKX.exe
  2⤵
  PID:2840
- C:\Windows\System\gfhkjQC.exe
  C:\Windows\System\gfhkjQC.exe
  2⤵
  PID:8052
- C:\Windows\System\uutnMqP.exe
  C:\Windows\System\uutnMqP.exe
  2⤵
  PID:3904
- C:\Windows\System\NzMjYRU.exe
  C:\Windows\System\NzMjYRU.exe
  2⤵
  PID:6860
- C:\Windows\System\sRZjXsB.exe
  C:\Windows\System\sRZjXsB.exe
  2⤵
  PID:7176
- C:\Windows\System\coCsUES.exe
  C:\Windows\System\coCsUES.exe
  2⤵
  PID:8088
- C:\Windows\System\CsWrBWS.exe
  C:\Windows\System\CsWrBWS.exe
  2⤵
  PID:8152
- C:\Windows\System\bHJmjZP.exe
  C:\Windows\System\bHJmjZP.exe
  2⤵
  PID:2744
- C:\Windows\System\KnrDcRw.exe
  C:\Windows\System\KnrDcRw.exe
  2⤵
  PID:2804
- C:\Windows\System\PInQEcU.exe
  C:\Windows\System\PInQEcU.exe
  2⤵
  PID:7480
- C:\Windows\System\StVvJga.exe
  C:\Windows\System\StVvJga.exe
  2⤵
  PID:2540
- C:\Windows\System\AhmdIxi.exe
  C:\Windows\System\AhmdIxi.exe
  2⤵
  PID:7300
- C:\Windows\System\FMmUHmw.exe
  C:\Windows\System\FMmUHmw.exe
  2⤵
  PID:7240
- C:\Windows\System\bzSYFQY.exe
  C:\Windows\System\bzSYFQY.exe
  2⤵
  PID:7312
- C:\Windows\System\FiZTOqL.exe
  C:\Windows\System\FiZTOqL.exe
  2⤵
  PID:7360
- C:\Windows\System\GQmNada.exe
  C:\Windows\System\GQmNada.exe
  2⤵
  PID:7380
- C:\Windows\System\SoGfUjB.exe
  C:\Windows\System\SoGfUjB.exe
  2⤵
  PID:7412
- C:\Windows\System\NhrhuSb.exe
  C:\Windows\System\NhrhuSb.exe
  2⤵
  PID:2508
- C:\Windows\System\sjjRyMo.exe
  C:\Windows\System\sjjRyMo.exe
  2⤵
  PID:1540
- C:\Windows\System\TnzjVoG.exe
  C:\Windows\System\TnzjVoG.exe
  2⤵
  PID:1272
- C:\Windows\System\nGyVoUv.exe
  C:\Windows\System\nGyVoUv.exe
  2⤵
  PID:7820
- C:\Windows\System\nZYZMWX.exe
  C:\Windows\System\nZYZMWX.exe
  2⤵
  PID:272
- C:\Windows\System\uIovJuz.exe
  C:\Windows\System\uIovJuz.exe
  2⤵
  PID:7964
- C:\Windows\System\cPELzvy.exe
  C:\Windows\System\cPELzvy.exe
  2⤵
  PID:8012
- C:\Windows\System\WNRiYaI.exe
  C:\Windows\System\WNRiYaI.exe
  2⤵
  PID:5328
- C:\Windows\System\BjeODis.exe
  C:\Windows\System\BjeODis.exe
  2⤵
  PID:7696
- C:\Windows\System\PIURcLU.exe
  C:\Windows\System\PIURcLU.exe
  2⤵
  PID:7220
- C:\Windows\System\leUlaBU.exe
  C:\Windows\System\leUlaBU.exe
  2⤵
  PID:7336
- C:\Windows\System\SMNOTvl.exe
  C:\Windows\System\SMNOTvl.exe
  2⤵
  PID:7536
- C:\Windows\System\xWSPdhK.exe
  C:\Windows\System\xWSPdhK.exe
  2⤵
  PID:1132
- C:\Windows\System\IVGuLEJ.exe
  C:\Windows\System\IVGuLEJ.exe
  2⤵
  PID:756
- C:\Windows\System\oqfvzIz.exe
  C:\Windows\System\oqfvzIz.exe
  2⤵
  PID:7616
- C:\Windows\System\YCLJpfu.exe
  C:\Windows\System\YCLJpfu.exe
  2⤵
  PID:7896
- C:\Windows\System\yKIkAgf.exe
  C:\Windows\System\yKIkAgf.exe
  2⤵
  PID:8104
- C:\Windows\System\XQqLTNo.exe
  C:\Windows\System\XQqLTNo.exe
  2⤵
  PID:916
- C:\Windows\System\YsWfMdg.exe
  C:\Windows\System\YsWfMdg.exe
  2⤵
  PID:8120
- C:\Windows\System\AsVuTOF.exe
  C:\Windows\System\AsVuTOF.exe
  2⤵
  PID:6508
- C:\Windows\System\rUYGYdO.exe
  C:\Windows\System\rUYGYdO.exe
  2⤵
  PID:7540
- C:\Windows\System\vwLxleu.exe
  C:\Windows\System\vwLxleu.exe
  2⤵
  PID:7316
- C:\Windows\System\URfQTyM.exe
  C:\Windows\System\URfQTyM.exe
  2⤵
  PID:2984
- C:\Windows\System\TbpMQYU.exe
  C:\Windows\System\TbpMQYU.exe
  2⤵
  PID:7676
- C:\Windows\System\adpOUZP.exe
  C:\Windows\System\adpOUZP.exe
  2⤵
  PID:1212
- C:\Windows\System\EjEGJYK.exe
  C:\Windows\System\EjEGJYK.exe
  2⤵
  PID:932
- C:\Windows\System\tzEBess.exe
  C:\Windows\System\tzEBess.exe
  2⤵
  PID:1368
- C:\Windows\System\TRcPVwm.exe
  C:\Windows\System\TRcPVwm.exe
  2⤵
  PID:2784
- C:\Windows\System\MgewPXL.exe
  C:\Windows\System\MgewPXL.exe
  2⤵
  PID:8048
- C:\Windows\System\UxTwxcG.exe
  C:\Windows\System\UxTwxcG.exe
  2⤵
  PID:716
- C:\Windows\System\SRkznTb.exe
  C:\Windows\System\SRkznTb.exe
  2⤵
  PID:7340
- C:\Windows\System\JBalsZl.exe
  C:\Windows\System\JBalsZl.exe
  2⤵
  PID:7980
- C:\Windows\System\RoWEVoS.exe
  C:\Windows\System\RoWEVoS.exe
  2⤵
  PID:8100
- C:\Windows\System\XOHnOfN.exe
  C:\Windows\System\XOHnOfN.exe
  2⤵
  PID:7532
- C:\Windows\System\KFYKIHx.exe
  C:\Windows\System\KFYKIHx.exe
  2⤵
  PID:7652
- C:\Windows\System\kdpttCj.exe
  C:\Windows\System\kdpttCj.exe
  2⤵
  PID:7732
- C:\Windows\System\LxsOBZr.exe
  C:\Windows\System\LxsOBZr.exe
  2⤵
  PID:1864
- C:\Windows\System\gbRTUHc.exe
  C:\Windows\System\gbRTUHc.exe
  2⤵
  PID:7396
- C:\Windows\System\YiHgNnw.exe
  C:\Windows\System\YiHgNnw.exe
  2⤵
  PID:8204
- C:\Windows\System\BoNIGec.exe
  C:\Windows\System\BoNIGec.exe
  2⤵
  PID:8224
- C:\Windows\System\jXetaAG.exe
  C:\Windows\System\jXetaAG.exe
  2⤵
  PID:8240
- C:\Windows\System\hclTjzK.exe
  C:\Windows\System\hclTjzK.exe
  2⤵
  PID:8256
- C:\Windows\System\OjpXkJO.exe
  C:\Windows\System\OjpXkJO.exe
  2⤵
  PID:8272
- C:\Windows\System\OkiMeyw.exe
  C:\Windows\System\OkiMeyw.exe
  2⤵
  PID:8292
- C:\Windows\System\fUYkTXN.exe
  C:\Windows\System\fUYkTXN.exe
  2⤵
  PID:8312
- C:\Windows\System\XkTCelk.exe
  C:\Windows\System\XkTCelk.exe
  2⤵
  PID:8328
- C:\Windows\System\lFtnrNN.exe
  C:\Windows\System\lFtnrNN.exe
  2⤵
  PID:8344
- C:\Windows\System\JffZFov.exe
  C:\Windows\System\JffZFov.exe
  2⤵
  PID:8360
- C:\Windows\System\SwewSDa.exe
  C:\Windows\System\SwewSDa.exe
  2⤵
  PID:8380
- C:\Windows\System\XYEeEng.exe
  C:\Windows\System\XYEeEng.exe
  2⤵
  PID:8408
- C:\Windows\System\gLTazvB.exe
  C:\Windows\System\gLTazvB.exe
  2⤵
  PID:8424
- C:\Windows\System\IIDspTS.exe
  C:\Windows\System\IIDspTS.exe
  2⤵
  PID:8440
- C:\Windows\System\cuyetUh.exe
  C:\Windows\System\cuyetUh.exe
  2⤵
  PID:8456
- C:\Windows\System\ZIrGfAn.exe
  C:\Windows\System\ZIrGfAn.exe
  2⤵
  PID:8472
- C:\Windows\System\JFcwVyN.exe
  C:\Windows\System\JFcwVyN.exe
  2⤵
  PID:8492
- C:\Windows\System\OLtFFKc.exe
  C:\Windows\System\OLtFFKc.exe
  2⤵
  PID:8508
- C:\Windows\System\FndPsHg.exe
  C:\Windows\System\FndPsHg.exe
  2⤵
  PID:8528
- C:\Windows\System\wzpFOnh.exe
  C:\Windows\System\wzpFOnh.exe
  2⤵
  PID:8552
- C:\Windows\System\jDhSaKc.exe
  C:\Windows\System\jDhSaKc.exe
  2⤵
  PID:8568
- C:\Windows\System\JdpGlxp.exe
  C:\Windows\System\JdpGlxp.exe
  2⤵
  PID:8588
- C:\Windows\System\nuVqBDs.exe
  C:\Windows\System\nuVqBDs.exe
  2⤵
  PID:8608
- C:\Windows\System\eTZzqXQ.exe
  C:\Windows\System\eTZzqXQ.exe
  2⤵
  PID:8624
- C:\Windows\System\eDyqRpv.exe
  C:\Windows\System\eDyqRpv.exe
  2⤵
  PID:8644
- C:\Windows\System\QbUlytV.exe
  C:\Windows\System\QbUlytV.exe
  2⤵
  PID:8660
- C:\Windows\System\YkzstLJ.exe
  C:\Windows\System\YkzstLJ.exe
  2⤵
  PID:8752
- C:\Windows\System\DmXvTOk.exe
  C:\Windows\System\DmXvTOk.exe
  2⤵
  PID:8792
- C:\Windows\System\oXWSdxY.exe
  C:\Windows\System\oXWSdxY.exe
  2⤵
  PID:8808
- C:\Windows\System\uwzzxgA.exe
  C:\Windows\System\uwzzxgA.exe
  2⤵
  PID:8832
- C:\Windows\System\kYzFJnl.exe
  C:\Windows\System\kYzFJnl.exe
  2⤵
  PID:8848
- C:\Windows\System\nsiHIYz.exe
  C:\Windows\System\nsiHIYz.exe
  2⤵
  PID:8864
- C:\Windows\System\HGevYIG.exe
  C:\Windows\System\HGevYIG.exe
  2⤵
  PID:8884
- C:\Windows\System\OCpefwV.exe
  C:\Windows\System\OCpefwV.exe
  2⤵
  PID:8932
- C:\Windows\System\AXnCNLk.exe
  C:\Windows\System\AXnCNLk.exe
  2⤵
  PID:8956
- C:\Windows\System\TyoBBiN.exe
  C:\Windows\System\TyoBBiN.exe
  2⤵
  PID:8972
- C:\Windows\System\LwYvReF.exe
  C:\Windows\System\LwYvReF.exe
  2⤵
  PID:8988
- C:\Windows\System\IgbFpjl.exe
  C:\Windows\System\IgbFpjl.exe
  2⤵
  PID:9004
- C:\Windows\System\dVkZDvT.exe
  C:\Windows\System\dVkZDvT.exe
  2⤵
  PID:9020
- C:\Windows\System\HZLtcQc.exe
  C:\Windows\System\HZLtcQc.exe
  2⤵
  PID:9036
- C:\Windows\System\qaQbgBn.exe
  C:\Windows\System\qaQbgBn.exe
  2⤵
  PID:9052
- C:\Windows\System\DLIqKUL.exe
  C:\Windows\System\DLIqKUL.exe
  2⤵
  PID:9068
- C:\Windows\System\HtNEJZs.exe
  C:\Windows\System\HtNEJZs.exe
  2⤵
  PID:9084
- C:\Windows\System\bWEdrDV.exe
  C:\Windows\System\bWEdrDV.exe
  2⤵
  PID:9100
- C:\Windows\System\xkHgWjP.exe
  C:\Windows\System\xkHgWjP.exe
  2⤵
  PID:9116
- C:\Windows\System\WDDnALy.exe
  C:\Windows\System\WDDnALy.exe
  2⤵
  PID:9132
- C:\Windows\System\EKRNShX.exe
  C:\Windows\System\EKRNShX.exe
  2⤵
  PID:9148
- C:\Windows\System\iiEQELb.exe
  C:\Windows\System\iiEQELb.exe
  2⤵
  PID:9164
- C:\Windows\System\GRfneKc.exe
  C:\Windows\System\GRfneKc.exe
  2⤵
  PID:9180
- C:\Windows\System\ZPWsspT.exe
  C:\Windows\System\ZPWsspT.exe
  2⤵
  PID:9196
- C:\Windows\System\iLRaGUi.exe
  C:\Windows\System\iLRaGUi.exe
  2⤵
  PID:9212
- C:\Windows\System\LjRBPnz.exe
  C:\Windows\System\LjRBPnz.exe
  2⤵
  PID:8196
- C:\Windows\System\bSLatDT.exe
  C:\Windows\System\bSLatDT.exe
  2⤵
  PID:8264
- C:\Windows\System\AsEeoqC.exe
  C:\Windows\System\AsEeoqC.exe
  2⤵
  PID:8336
- C:\Windows\System\jgYcLrr.exe
  C:\Windows\System\jgYcLrr.exe
  2⤵
  PID:8372
- C:\Windows\System\LpZmURW.exe
  C:\Windows\System\LpZmURW.exe
  2⤵
  PID:8448
- C:\Windows\System\wwzHnAc.exe
  C:\Windows\System\wwzHnAc.exe
  2⤵
  PID:8560
- C:\Windows\System\XefmjOi.exe
  C:\Windows\System\XefmjOi.exe
  2⤵
  PID:8604
- C:\Windows\System\TUqvgrJ.exe
  C:\Windows\System\TUqvgrJ.exe
  2⤵
  PID:7172
- C:\Windows\System\tlOozrF.exe
  C:\Windows\System\tlOozrF.exe
  2⤵
  PID:8676
- C:\Windows\System\dAUryUL.exe
  C:\Windows\System\dAUryUL.exe
  2⤵
  PID:2208
- C:\Windows\System\WbZzxak.exe
  C:\Windows\System\WbZzxak.exe
  2⤵
  PID:8576
- C:\Windows\System\hmNLHBz.exe
  C:\Windows\System\hmNLHBz.exe
  2⤵
  PID:8536
- C:\Windows\System\BhffAEF.exe
  C:\Windows\System\BhffAEF.exe
  2⤵
  PID:8432
- C:\Windows\System\vqKMUED.exe
  C:\Windows\System\vqKMUED.exe
  2⤵
  PID:8388
- C:\Windows\System\LlgOMoE.exe
  C:\Windows\System\LlgOMoE.exe
  2⤵
  PID:8280
- C:\Windows\System\vWJMeht.exe
  C:\Windows\System\vWJMeht.exe
  2⤵
  PID:8216
- C:\Windows\System\BDRABxB.exe
  C:\Windows\System\BDRABxB.exe
  2⤵
  PID:2676
- C:\Windows\System\vtdQEAh.exe
  C:\Windows\System\vtdQEAh.exe
  2⤵
  PID:8028
- C:\Windows\System\MelAttd.exe
  C:\Windows\System\MelAttd.exe
  2⤵
  PID:7252
- C:\Windows\System\mjJJdPp.exe
  C:\Windows\System\mjJJdPp.exe
  2⤵
  PID:8352
- C:\Windows\System\ITeshSz.exe
  C:\Windows\System\ITeshSz.exe
  2⤵
  PID:7876
- C:\Windows\System\KJVGyYl.exe
  C:\Windows\System\KJVGyYl.exe
  2⤵
  PID:7804
- C:\Windows\System\XGciIPm.exe
  C:\Windows\System\XGciIPm.exe
  2⤵
  PID:8708
- C:\Windows\System\uwfYISl.exe
  C:\Windows\System\uwfYISl.exe
  2⤵
  PID:8720
- C:\Windows\System\WytQDGR.exe
  C:\Windows\System\WytQDGR.exe
  2⤵
  PID:8740
- C:\Windows\System\PnpNQNL.exe
  C:\Windows\System\PnpNQNL.exe
  2⤵
  PID:8764
- C:\Windows\System\YIIMuSG.exe
  C:\Windows\System\YIIMuSG.exe
  2⤵
  PID:8784
- C:\Windows\System\lqsaYfB.exe
  C:\Windows\System\lqsaYfB.exe
  2⤵
  PID:8816
- C:\Windows\System\fQAsbrx.exe
  C:\Windows\System\fQAsbrx.exe
  2⤵
  PID:8840
- C:\Windows\System\TsNgmZc.exe
  C:\Windows\System\TsNgmZc.exe
  2⤵
  PID:8892
- C:\Windows\System\uGobQQC.exe
  C:\Windows\System\uGobQQC.exe
  2⤵
  PID:8904
- C:\Windows\System\ThYJUzK.exe
  C:\Windows\System\ThYJUzK.exe
  2⤵
  PID:8912
- C:\Windows\System\csilmUI.exe
  C:\Windows\System\csilmUI.exe
  2⤵
  PID:8924
- C:\Windows\System\dTtKVkB.exe
  C:\Windows\System\dTtKVkB.exe
  2⤵
  PID:8392
- C:\Windows\System\niBqKrz.exe
  C:\Windows\System\niBqKrz.exe
  2⤵
  PID:9080
- C:\Windows\System\oyDVQco.exe
  C:\Windows\System\oyDVQco.exe
  2⤵
  PID:9096
- C:\Windows\System\nryaXkE.exe
  C:\Windows\System\nryaXkE.exe
  2⤵
  PID:9012
- C:\Windows\System\nSgdowc.exe
  C:\Windows\System\nSgdowc.exe
  2⤵
  PID:9064
- C:\Windows\System\VxlyhYr.exe
  C:\Windows\System\VxlyhYr.exe
  2⤵
  PID:9112
- C:\Windows\System\pxTjyMp.exe
  C:\Windows\System\pxTjyMp.exe
  2⤵
  PID:8368
- C:\Windows\System\wxdaLnQ.exe
  C:\Windows\System\wxdaLnQ.exe
  2⤵
  PID:8420
- C:\Windows\System\EdUBJqJ.exe
  C:\Windows\System\EdUBJqJ.exe
  2⤵
  PID:8600
- C:\Windows\System\XXevdOO.exe
  C:\Windows\System\XXevdOO.exe
  2⤵
  PID:9160
- C:\Windows\System\eIZuIzq.exe
  C:\Windows\System\eIZuIzq.exe
  2⤵
  PID:8640
- C:\Windows\System\sgonlwN.exe
  C:\Windows\System\sgonlwN.exe
  2⤵
  PID:7496
- C:\Windows\System\bwHsplz.exe
  C:\Windows\System\bwHsplz.exe
  2⤵
  PID:9208
- C:\Windows\System\tlWhoLM.exe
  C:\Windows\System\tlWhoLM.exe
  2⤵
  PID:8636
- C:\Windows\System\Rtjjpje.exe
  C:\Windows\System\Rtjjpje.exe
  2⤵
  PID:8168
- C:\Windows\System\wcRKQMi.exe
  C:\Windows\System\wcRKQMi.exe
  2⤵
  PID:7772
- C:\Windows\System\ockshfB.exe
  C:\Windows\System\ockshfB.exe
  2⤵
  PID:8620
- C:\Windows\System\veHCaZh.exe
  C:\Windows\System\veHCaZh.exe
  2⤵
  PID:8300
- C:\Windows\System\yfrsVsg.exe
  C:\Windows\System\yfrsVsg.exe
  2⤵
  PID:8540
- C:\Windows\System\BbUpNlW.exe
  C:\Windows\System\BbUpNlW.exe
  2⤵
  PID:8220
- C:\Windows\System\ZSLUjJH.exe
  C:\Windows\System\ZSLUjJH.exe
  2⤵
  PID:8324
- C:\Windows\System\ZfAehJX.exe
  C:\Windows\System\ZfAehJX.exe
  2⤵
  PID:7280
- C:\Windows\System\saRDXXE.exe
  C:\Windows\System\saRDXXE.exe
  2⤵
  PID:8084
- C:\Windows\System\UwsWaQm.exe
  C:\Windows\System\UwsWaQm.exe
  2⤵
  PID:8704
- C:\Windows\System\RjzUJJE.exe
  C:\Windows\System\RjzUJJE.exe
  2⤵
  PID:8748
- C:\Windows\System\ujmVBvy.exe
  C:\Windows\System\ujmVBvy.exe
  2⤵
  PID:8844
- C:\Windows\System\hvoSQTh.exe
  C:\Windows\System\hvoSQTh.exe
  2⤵
  PID:8940
- C:\Windows\System\nzlCQlL.exe
  C:\Windows\System\nzlCQlL.exe
  2⤵
  PID:8996
- C:\Windows\System\JeNslgY.exe
  C:\Windows\System\JeNslgY.exe
  2⤵
  PID:8896
- C:\Windows\System\CBbrFXg.exe
  C:\Windows\System\CBbrFXg.exe
  2⤵
  PID:8736
- C:\Windows\System\dRmXyUb.exe
  C:\Windows\System\dRmXyUb.exe
  2⤵
  PID:8596
- C:\Windows\System\ETYOBXY.exe
  C:\Windows\System\ETYOBXY.exe
  2⤵
  PID:8980
- C:\Windows\System\VryadLh.exe
  C:\Windows\System\VryadLh.exe
  2⤵
  PID:9016
- C:\Windows\System\ublubUl.exe
  C:\Windows\System\ublubUl.exe
  2⤵
  PID:9176
- C:\Windows\System\CMIiBeD.exe
  C:\Windows\System\CMIiBeD.exe
  2⤵
  PID:8656
- C:\Windows\System\JMQjIHJ.exe
  C:\Windows\System\JMQjIHJ.exe
  2⤵
  PID:4000
- C:\Windows\System\ccVlRgR.exe
  C:\Windows\System\ccVlRgR.exe
  2⤵
  PID:9000
- C:\Windows\System\XZlEDkV.exe
  C:\Windows\System\XZlEDkV.exe
  2⤵
  PID:2180
- C:\Windows\System\sTCRVvK.exe
  C:\Windows\System\sTCRVvK.exe
  2⤵
  PID:8232
- C:\Windows\System\BBDabNe.exe
  C:\Windows\System\BBDabNe.exe
  2⤵
  PID:7320
- C:\Windows\System\rVBERBn.exe
  C:\Windows\System\rVBERBn.exe
  2⤵
  PID:8284
- C:\Windows\System\GCXtoyu.exe
  C:\Windows\System\GCXtoyu.exe
  2⤵
  PID:8804
- C:\Windows\System\UADqkgy.exe
  C:\Windows\System\UADqkgy.exe
  2⤵
  PID:7500
- C:\Windows\System\xhRnGGA.exe
  C:\Windows\System\xhRnGGA.exe
  2⤵
  PID:9140
- C:\Windows\System\AbkqTnB.exe
  C:\Windows\System\AbkqTnB.exe
  2⤵
  PID:8304
- C:\Windows\System\goLvAUB.exe
  C:\Windows\System\goLvAUB.exe
  2⤵
  PID:8908
- C:\Windows\System\KMvuUKz.exe
  C:\Windows\System\KMvuUKz.exe
  2⤵
  PID:8248
- C:\Windows\System\LwIuOnU.exe
  C:\Windows\System\LwIuOnU.exe
  2⤵
  PID:9048
- C:\Windows\System\EDJelYS.exe
  C:\Windows\System\EDJelYS.exe
  2⤵
  PID:8520
- C:\Windows\System\rKGakjz.exe
  C:\Windows\System\rKGakjz.exe
  2⤵
  PID:8776
- C:\Windows\System\iWDPjpq.exe
  C:\Windows\System\iWDPjpq.exe
  2⤵
  PID:7612
- C:\Windows\System\oxdVZOo.exe
  C:\Windows\System\oxdVZOo.exe
  2⤵
  PID:8880
- C:\Windows\System\IqbKBpa.exe
  C:\Windows\System\IqbKBpa.exe
  2⤵
  PID:9128
- C:\Windows\System\ZDIOHrC.exe
  C:\Windows\System\ZDIOHrC.exe
  2⤵
  PID:8668
- C:\Windows\System\OWwPKCC.exe
  C:\Windows\System\OWwPKCC.exe
  2⤵
  PID:8732
- C:\Windows\System\lwRDewH.exe
  C:\Windows\System\lwRDewH.exe
  2⤵
  PID:9256
- C:\Windows\System\oUUbVrE.exe
  C:\Windows\System\oUUbVrE.exe
  2⤵
  PID:9508
- C:\Windows\System\qgXNqfT.exe
  C:\Windows\System\qgXNqfT.exe
  2⤵
  PID:9560
- C:\Windows\System\TKMEzBA.exe
  C:\Windows\System\TKMEzBA.exe
  2⤵
  PID:9580
- C:\Windows\System\getXYzl.exe
  C:\Windows\System\getXYzl.exe
  2⤵
  PID:9604
- C:\Windows\System\LbQtKXi.exe
  C:\Windows\System\LbQtKXi.exe
  2⤵
  PID:9624
- C:\Windows\System\ckOAMje.exe
  C:\Windows\System\ckOAMje.exe
  2⤵
  PID:9640
- C:\Windows\System\zufXTvt.exe
  C:\Windows\System\zufXTvt.exe
  2⤵
  PID:9660
- C:\Windows\System\tbqGJUT.exe
  C:\Windows\System\tbqGJUT.exe
  2⤵
  PID:9680
- C:\Windows\System\iGsKNmL.exe
  C:\Windows\System\iGsKNmL.exe
  2⤵
  PID:9708
- C:\Windows\System\pncXjEV.exe
  C:\Windows\System\pncXjEV.exe
  2⤵
  PID:9728
- C:\Windows\System\GmeBSRw.exe
  C:\Windows\System\GmeBSRw.exe
  2⤵
  PID:9756
- C:\Windows\System\LhnxeqF.exe
  C:\Windows\System\LhnxeqF.exe
  2⤵
  PID:9772
- C:\Windows\System\JuJSyth.exe
  C:\Windows\System\JuJSyth.exe
  2⤵
  PID:9796
- C:\Windows\System\uWPrmMH.exe
  C:\Windows\System\uWPrmMH.exe
  2⤵
  PID:9816
- C:\Windows\System\mJXVPOj.exe
  C:\Windows\System\mJXVPOj.exe
  2⤵
  PID:9836
- C:\Windows\System\aZdcmjJ.exe
  C:\Windows\System\aZdcmjJ.exe
  2⤵
  PID:9856
- C:\Windows\System\sBnfjoc.exe
  C:\Windows\System\sBnfjoc.exe
  2⤵
  PID:9876
- C:\Windows\System\tyjNIug.exe
  C:\Windows\System\tyjNIug.exe
  2⤵
  PID:9900
- C:\Windows\System\acopXNc.exe
  C:\Windows\System\acopXNc.exe
  2⤵
  PID:9920
- C:\Windows\System\UhWyvnJ.exe
  C:\Windows\System\UhWyvnJ.exe
  2⤵
  PID:9936
- C:\Windows\System\AIRjNbj.exe
  C:\Windows\System\AIRjNbj.exe
  2⤵
  PID:9952
- C:\Windows\System\QkfcmLE.exe
  C:\Windows\System\QkfcmLE.exe
  2⤵
  PID:9968
- C:\Windows\System\hrQnpxG.exe
  C:\Windows\System\hrQnpxG.exe
  2⤵
  PID:9984
- C:\Windows\System\ObhVjlD.exe
  C:\Windows\System\ObhVjlD.exe
  2⤵
  PID:10000
- C:\Windows\System\UWNtvVv.exe
  C:\Windows\System\UWNtvVv.exe
  2⤵
  PID:10016
- C:\Windows\System\afWUCqZ.exe
  C:\Windows\System\afWUCqZ.exe
  2⤵
  PID:10032
- C:\Windows\System\ADhtGkt.exe
  C:\Windows\System\ADhtGkt.exe
  2⤵
  PID:10060
- C:\Windows\System\XUpwgWi.exe
  C:\Windows\System\XUpwgWi.exe
  2⤵
  PID:10076
- C:\Windows\System\iIwwqsE.exe
  C:\Windows\System\iIwwqsE.exe
  2⤵
  PID:10116
- C:\Windows\System\qttCNLl.exe
  C:\Windows\System\qttCNLl.exe
  2⤵
  PID:10140
- C:\Windows\System\ndnHVty.exe
  C:\Windows\System\ndnHVty.exe
  2⤵
  PID:10160
- C:\Windows\System\yzXfcbD.exe
  C:\Windows\System\yzXfcbD.exe
  2⤵
  PID:10176
- C:\Windows\System\MIQFwAw.exe
  C:\Windows\System\MIQFwAw.exe
  2⤵
  PID:10200
- C:\Windows\System\aMkdBpv.exe
  C:\Windows\System\aMkdBpv.exe
  2⤵
  PID:10220
- C:\Windows\System\MeNtoQu.exe
  C:\Windows\System\MeNtoQu.exe
  2⤵
  PID:9220
- C:\Windows\System\MOnBZrI.exe
  C:\Windows\System\MOnBZrI.exe
  2⤵
  PID:8692
- C:\Windows\System\uHBWHqN.exe
  C:\Windows\System\uHBWHqN.exe
  2⤵
  PID:9224
- C:\Windows\System\qqrGHaU.exe
  C:\Windows\System\qqrGHaU.exe
  2⤵
  PID:8396
- C:\Windows\System\nwPvTwW.exe
  C:\Windows\System\nwPvTwW.exe
  2⤵
  PID:9280
- C:\Windows\System\xUVYxfZ.exe
  C:\Windows\System\xUVYxfZ.exe
  2⤵
  PID:9276
- C:\Windows\System\qIayVHA.exe
  C:\Windows\System\qIayVHA.exe
  2⤵
  PID:9304
- C:\Windows\System\pLtwljx.exe
  C:\Windows\System\pLtwljx.exe
  2⤵
  PID:9340
- C:\Windows\System\DljyDkb.exe
  C:\Windows\System\DljyDkb.exe
  2⤵
  PID:9320
- C:\Windows\System\HenINxZ.exe
  C:\Windows\System\HenINxZ.exe
  2⤵
  PID:9356
- C:\Windows\System\UkMxman.exe
  C:\Windows\System\UkMxman.exe
  2⤵
  PID:9384
- C:\Windows\System\HPSoEqy.exe
  C:\Windows\System\HPSoEqy.exe
  2⤵
  PID:9408
- C:\Windows\System\wEGgLHl.exe
  C:\Windows\System\wEGgLHl.exe
  2⤵
  PID:9432
- C:\Windows\System\FJeTBOa.exe
  C:\Windows\System\FJeTBOa.exe
  2⤵
  PID:9448
- C:\Windows\System\wpOMVnV.exe
  C:\Windows\System\wpOMVnV.exe
  2⤵
  PID:9464
- C:\Windows\System\iqzOHkI.exe
  C:\Windows\System\iqzOHkI.exe
  2⤵
  PID:9484
- C:\Windows\System\gbQyMOO.exe
  C:\Windows\System\gbQyMOO.exe
  2⤵
  PID:9504
- C:\Windows\System\FcjCcod.exe
  C:\Windows\System\FcjCcod.exe
  2⤵
  PID:9536
- C:\Windows\System\GxMmYpM.exe
  C:\Windows\System\GxMmYpM.exe
  2⤵
  PID:9568
- C:\Windows\System\MZlQkYF.exe
  C:\Windows\System\MZlQkYF.exe
  2⤵
  PID:9596
- C:\Windows\System\wFKADgO.exe
  C:\Windows\System\wFKADgO.exe
  2⤵
  PID:9616
- C:\Windows\System\exQBjPr.exe
  C:\Windows\System\exQBjPr.exe
  2⤵
  PID:9656
- C:\Windows\System\LHSyfkd.exe
  C:\Windows\System\LHSyfkd.exe
  2⤵
  PID:9692
- C:\Windows\System\wiGtenJ.exe
  C:\Windows\System\wiGtenJ.exe
  2⤵
  PID:9716
- C:\Windows\System\KCcfXij.exe
  C:\Windows\System\KCcfXij.exe
  2⤵
  PID:9748
- C:\Windows\System\HNUxGon.exe
  C:\Windows\System\HNUxGon.exe
  2⤵
  PID:9780
- C:\Windows\System\ffjYUGW.exe
  C:\Windows\System\ffjYUGW.exe
  2⤵
  PID:9808
- C:\Windows\System\hKNtHnJ.exe
  C:\Windows\System\hKNtHnJ.exe
  2⤵
  PID:9844
- C:\Windows\System\KrVCJLp.exe
  C:\Windows\System\KrVCJLp.exe
  2⤵
  PID:9868
- C:\Windows\System\yMvTzhE.exe
  C:\Windows\System\yMvTzhE.exe
  2⤵
  PID:9980
- C:\Windows\System\VhbNvTS.exe
  C:\Windows\System\VhbNvTS.exe
  2⤵
  PID:10040
- C:\Windows\System\ZJzIVKI.exe
  C:\Windows\System\ZJzIVKI.exe
  2⤵
  PID:10056
- C:\Windows\System\zvjoJdU.exe
  C:\Windows\System\zvjoJdU.exe
  2⤵
  PID:10028
- C:\Windows\System\cjKkBvE.exe
  C:\Windows\System\cjKkBvE.exe
  2⤵
  PID:10072
- C:\Windows\System\wfRkKkV.exe
  C:\Windows\System\wfRkKkV.exe
  2⤵
  PID:10108
- C:\Windows\System\Skplpyx.exe
  C:\Windows\System\Skplpyx.exe
  2⤵
  PID:10136
- C:\Windows\System\HlKJuYX.exe
  C:\Windows\System\HlKJuYX.exe
  2⤵
  PID:10168
- C:\Windows\System\zyxlLDS.exe
  C:\Windows\System\zyxlLDS.exe
  2⤵
  PID:10188
- C:\Windows\System\LgoeKUQ.exe
  C:\Windows\System\LgoeKUQ.exe
  2⤵
  PID:9232
- C:\Windows\System\RlRdCPn.exe
  C:\Windows\System\RlRdCPn.exe
  2⤵
  PID:2536
- C:\Windows\System\ZPrgHbU.exe
  C:\Windows\System\ZPrgHbU.exe
  2⤵
  PID:9252
- C:\Windows\System\BikExVN.exe
  C:\Windows\System\BikExVN.exe
  2⤵
  PID:9376
- C:\Windows\System\FjQdaAi.exe
  C:\Windows\System\FjQdaAi.exe
  2⤵
  PID:9316
- C:\Windows\System\BlIsExS.exe
  C:\Windows\System\BlIsExS.exe
  2⤵
  PID:9324
- C:\Windows\System\GcrvGJQ.exe
  C:\Windows\System\GcrvGJQ.exe
  2⤵
  PID:9392
- C:\Windows\System\JpnDJqJ.exe
  C:\Windows\System\JpnDJqJ.exe
  2⤵
  PID:9420
- C:\Windows\System\iACZZPu.exe
  C:\Windows\System\iACZZPu.exe
  2⤵
  PID:9440
- C:\Windows\System\EufwOOt.exe
  C:\Windows\System\EufwOOt.exe
  2⤵
  PID:9516
- C:\Windows\System\GlqWdGJ.exe
  C:\Windows\System\GlqWdGJ.exe
  2⤵
  PID:9620
- C:\Windows\System\vmwBOwz.exe
  C:\Windows\System\vmwBOwz.exe
  2⤵
  PID:9724
- C:\Windows\System\eHWbcMk.exe
  C:\Windows\System\eHWbcMk.exe
  2⤵
  PID:9804
- C:\Windows\System\hgHnpnn.exe
  C:\Windows\System\hgHnpnn.exe
  2⤵
  PID:9476
- C:\Windows\System\VqZiaTN.exe
  C:\Windows\System\VqZiaTN.exe
  2⤵
  PID:9888
- C:\Windows\System\uyGmBtk.exe
  C:\Windows\System\uyGmBtk.exe
  2⤵
  PID:9556
- C:\Windows\System\HApCZcA.exe
  C:\Windows\System\HApCZcA.exe
  2⤵
  PID:9696
- C:\Windows\System\wiaIyOR.exe
  C:\Windows\System\wiaIyOR.exe
  2⤵
  PID:9908
- C:\Windows\System\IbBQSPG.exe
  C:\Windows\System\IbBQSPG.exe
  2⤵
  PID:9960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\DGGiJJT.exe

Filesize
6.0MB

MD5
319f79b238baf8c628dc3f4b85d838e8

SHA1
c9101a7abd802bded7b3c09b2144c9697872513c

SHA256
c861d864748e36f11aaa75c9aa25c25d05977d42e439bac6e62f5151c90775b7

SHA512
97a6d00e7b139386eb9b436dcef2d505a116ca3dc58f559ef956a7b4358f86252d5a9fdfe2688b2fff584634bb107b09159559741514140f1391832be9077f45

Download Submit
C:\Windows\system\DziAYUW.exe

Filesize
6.0MB

MD5
02569903b55c52418fed6271b13f7755

SHA1
6d5cd5c80b28dba66c76b4ad71482736b17d8ad3

SHA256
3272cd8bc2814eff5298e7552ab35473d5b19a2565efc149e33c1bef207e1197

SHA512
8f22aa657af3369ca83b0ee8b393464a27e941197d3c30112093eacad7554aafac5df8be0fe8c9f1227145250bfca70ef8bcb7d17878c44b462a63a4b397ae88

Download Submit
C:\Windows\system\ETrSewd.exe

Filesize
6.0MB

MD5
d2ff111f118b2171edda306c0186cef7

SHA1
450708f97a1f5342ba4f072681667cdf18ce819e

SHA256
38d15ff7b2f9290ddc650d025059b9c0b5c7296e1c39801e05f7bf204e7b74fe

SHA512
f142539e8499c76c92358613c207a686fb7c4ae93547ae4af5cf6cc50fbb9efa688d946b50116ec71df7ae46367fc7b7bd62a296d059ae6d18f95ca07f6f3047

Download Submit
C:\Windows\system\HNHNErl.exe

Filesize
6.0MB

MD5
47495df79e8b828c740834b4fe6b1519

SHA1
8bc934e5a0e30c49b11cba80adab6b4619476f04

SHA256
d332326801ffe7bc2c6b589fc87cad31268a5fef08a6e9ddd4cc69b9fd85e4fa

SHA512
50a1bdee2978a8aa5a4a3c004b0d1410ae3b3fbfabbbb9922492a48e1f6954344111a579e8b59b754ed901d9738556d35af6040be2d78edd8d6ea483629735d3

Download Submit
C:\Windows\system\HinidxF.exe

Filesize
6.0MB

MD5
49db949d59493cd7bc83536c23914b1d

SHA1
25ebeda0eb612e218256dd348ef85b61707a1972

SHA256
783e0c6324c8ab5f79af846f5ec1706b840306367cb5d3751cb4679e16737e0f

SHA512
42f898fa63224c58f6092aebb10b1d48b3235dea568cfe159ebccf5cceb355362d09a1388e7339fbf4b52412a34609f773743d16dcc31a4608b90c4834a74171

Download Submit
C:\Windows\system\HylMDPS.exe

Filesize
6.0MB

MD5
5c51e47ace57fb57d0f40dcc1383571f

SHA1
4c42c265d63470d1d4b39b6f5d8dd997fd5d24b9

SHA256
b3f88d8f8541d1034e4856144a17aa6be7072f00626bdd9c77a3438c420dc10c

SHA512
3591198175f348d69ba575f62b150573cc861e57af121c842f6559a82400138ce0b5a7cca604a6310ac868165bd64c100679caeed0fa86f67ddfa972b57b5426

Download Submit
C:\Windows\system\IhHREkW.exe

Filesize
6.0MB

MD5
8f8081d17834bd6b56a5fdfd56381fc3

SHA1
69879c21ce809217a54bdceb09c8bc0c597a0e28

SHA256
a61d66b5b2ac1cfe64c7f15360312a9a77c6f8c8cbf0c3a3d66e5420be1881ee

SHA512
0cac2f4b5d06001a7f9024641f2f0aab1068134ea75a53ed28f71aaea656199f38af6a08a748ddd2ab6a1f1d9ef4adfa0980fe4123afa043fc442ae7ae64edf6

Download Submit
C:\Windows\system\JtwtqqY.exe

Filesize
6.0MB

MD5
2ca384d0440411bf1d9acb2d0259fd34

SHA1
d18a72c0cd655745cf92279358f5fa384b22a163

SHA256
957755b0d818d529b79f4560ca888fe34ba4dadd07b02d9bb5be95aa56044946

SHA512
9e60e33afd265a7683f35d103fbc2acbb3a9a81412bc198840023ff52c4bf60bb58cd4270d555fa34fa84414fcab42ee58af59afa7b2352785769e58f88bc09e

Download Submit
C:\Windows\system\KEjiadd.exe

Filesize
6.0MB

MD5
12afd52949b6461d869168917e6aebb7

SHA1
7eb6e1bc108758aa693c567a5c9be270a621b573

SHA256
a909a1a2d03b5c4650dfeea36416943aa16c3b9bb06f49fc996df5d6847b1e0c

SHA512
3793b37d38ed647b796eceebd9e95144aa3c414fca28b5e5d1e47b984c4dd1c117cecbdf87a60f576a0208414cbd3e5f56cda95f846a61d1aeceea11ca6e280b

Download Submit
C:\Windows\system\KVGiZVt.exe

Filesize
6.0MB

MD5
1fdb170130d0b0d7ae358412669243c1

SHA1
492668717529ef1fdc9642b2d5cc45037779f391

SHA256
6a1289a0b9b3b1a43e5e570cb087406bae456a346124ba371e75a13fa1b36fca

SHA512
63f66251167dc6e72e5addc68fd034ada96b0a47579e5f40d4ef83f65649afa1fc67b7bb3c43e898618b6257898feb4e4f20cc60a601057eee3ab7303f2d7298

Download Submit
C:\Windows\system\LSxMXYM.exe

Filesize
6.0MB

MD5
4b98d5a11b00d6be500f77c580e47adc

SHA1
e9e88f72a820e9c121fe0f1dfe2349a9a95fa418

SHA256
74892b25ffe4700c2db56da2f1c4cc3e61df2bdd8591be0485348084368a636a

SHA512
bf21425742e9a87772a62d586afec765b02c1d9638b8533d7c549f20f29869c0a4643509a9cbef46781cd59b53e19810f36cb4c3b3de1ba0c0cd61cded2517ac

Download Submit
C:\Windows\system\LXPXLfR.exe

Filesize
6.0MB

MD5
046d0dd0d4c51af21ae19b1637ba913d

SHA1
48e002dd5871ec8253d0d9b356faf40952e6eefc

SHA256
0d5937c1bc43c362a859f2a1ff0fcceb402b2d5919827c399dd14fa684ff9add

SHA512
1b9da6bad8aa9de0d10da5498628ecc2f6471545cfd1032ce9be0c5fdec3eae428afecc4f2af7a45290f77b847b0d75eb121058e1fc060d58889184eb66fe599

Download Submit
C:\Windows\system\ORktVQq.exe

Filesize
6.0MB

MD5
b508972bd653571ac761d8aed5312704

SHA1
722e0c55cc668a141d810cf91e988adf31198caf

SHA256
58b6aad55dcb5ffb6818efb44d1cd92f965a552024a1f040e074ca3921cc1b02

SHA512
b8e9191c954a5c38d295fe2ed8799574971b2194cd60ef515cca561680469aeee25789e1777ef2d4ba5348fc4955a3c168b6ab9162b0b8ced134a6992cbfa331

Download Submit
C:\Windows\system\SOrSySc.exe

Filesize
6.0MB

MD5
3c5126b716679d30f69e1ae41fa527a7

SHA1
4ef5fe92de18a150d7d4d5a7283044ae0cfb4f3b

SHA256
276a63b8b4974eff271708df1fdfc0924494ffc43684f5c8c8b3ba036f13fc93

SHA512
072915951984f5f7113aa3c97acf04fd69a19087700e5f59ac1d5a5251d79d268c97d91407e9007159c694c7f8477b095e484910502a299174d9fc22de81e20d

Download Submit
C:\Windows\system\WCbfMVI.exe

Filesize
6.0MB

MD5
a6fa02a346080cf65d60c4dc75596976

SHA1
001b2ae750d3deaa0d33fd9abc176b42c3cd860e

SHA256
2fdad9eb53b85dd2e5ced2ea6c4bec60721043b9d525261897ee51ecc9a4234a

SHA512
c52499345377aa8b0ab645adbbb04abf988c48084b1b59afe22698536a4d62d2279606c4d260d05eca4e29bf812e9bd07db75cee86a7c55af08c8d61ed2f4761

Download Submit
C:\Windows\system\bTaDxAg.exe

Filesize
6.0MB

MD5
4ef6a4528d37a7b05977607565c190ba

SHA1
8bdfce237d7533f24e12094527482b3cdd74943b

SHA256
82b110e6d2d91b5b40cdc0a1907b9d970ebcd6a4491f810a2de5dc63c44cdb6a

SHA512
c4aacfaf392f5c6cbf168a4dce11e764a5ebd98a15315f27ac61e53abef2809adcffd58a3964588fce003070cd7a487dd96db4c09c89ca4c0a1ba34e1ce86650

Download Submit
C:\Windows\system\eevAXaa.exe

Filesize
6.0MB

MD5
e129d7798eff898722d3cc4fbb700a7c

SHA1
b25f968e6c2743b1fcd5d5223fbfd8bcbb49d73e

SHA256
6123cc81e4c1b792b36c8bb33054235830a9d0eceecfec53682c56d802ca7d0a

SHA512
8d2be8e9b060062244a9eb5da5d45b5a815a651d748a65138ebeaa0adaab90addcecefebfe9b6abca91177581c7fe9bad20e9662279d076b476bc24288749fe7

Download Submit
C:\Windows\system\fYRTtDy.exe

Filesize
6.0MB

MD5
a3cb5d44beaee790b7b4369889be5970

SHA1
3bb345ac0c13a17c1fc37958fecb72845754191f

SHA256
69068799eb5a63696920fecd991a3b29ae49a1d9038fada4f68953633858cc8b

SHA512
d0e638c25c7a8470f37395a3b344d5bb9498a8092823ff0e677bb7d79015d226f7258f40668b0cd59fd58dead410e95a55bdab84905b7f47d8fbeb7ed9de3b1f

Download Submit
C:\Windows\system\iYkFdgq.exe

Filesize
6.0MB

MD5
d9cf509a9747fd59aee738490be3cb96

SHA1
d478c0abc7695dcf6332696968831e23525e32a3

SHA256
2013ab882dcf2f6edf96dec32f39414521e7616cf006771f368459d653a874a3

SHA512
944a6692e3aacc278a00b06a4faa889cfb2ee6d57ec00a98f816945aee5cc85062b198c1d60f0fc02f3bf0087a0da974cad26b9b095fcd88c7cded93babb0a1d

Download Submit
C:\Windows\system\ijdHAND.exe

Filesize
6.0MB

MD5
6a94492d1a8754a0b619d3f0723289db

SHA1
a860c49fdb10fc4308cf4c2261a96a1f4e795007

SHA256
5bc62d5369839eebf50dfdd26fc34db881611435470b6372289ebb791da52981

SHA512
a6dae238981ffe91d8ad38beec3a24031d10ce06a0212cd244aca3d5996a9273cb3725497bfce1f233f8cdde84b78596141fd4397c544dde17b49067239afa03

Download Submit
C:\Windows\system\kIcDxMw.exe

Filesize
6.0MB

MD5
b14ea11945386f8cff2012feb0da32b2

SHA1
56882f0f13213e180fae00932946395d3256d3cb

SHA256
da72e43d4a2f97642dec79cd44c75527c03577f88720c4559419d9b645fbaedc

SHA512
bf9db69226775342cc67a0b90df28ce5ec8dccc9f7084b653e61c6d0adf605818ddfa140292224d8ba589d4436e998c18e379c6f046a85fc8e9b9ac543b7d23d

Download Submit
C:\Windows\system\kdsKKHz.exe

Filesize
6.0MB

MD5
bf664652121329ae4f58e2d4b70d7251

SHA1
e83b3cef4fb36dd55f3910588e7afe26528dd4da

SHA256
9a158dde632bbfd4ab97f27d185801be82cb3cab3fe0b28da6344ee6cf319787

SHA512
3d34e6c336554034ac28c642d03b859ab214c4446baf3a083e8cef38115e957369e581b51dbb822eeb28871170db4aef6b4823f1887fb9f7e14c88339be7e36d

Download Submit
C:\Windows\system\mKyopQR.exe

Filesize
6.0MB

MD5
7ccf06beb236b70c167bcb76bff14335

SHA1
d1b73c2861ae2f769c7d366b5366b056791d380c

SHA256
af175a86cc4a4fceff772599bec021673bc7cad9304d0399df28941023f7935f

SHA512
bccc14cacc1a73009acd3014381c9abeda765283a23b7af1270b9af0ee324bf241a1e29bb66f5aacd795bdd065f336c67863ad2d0b517248f953de5af3044b52

Download Submit
C:\Windows\system\oAjuHKh.exe

Filesize
6.0MB

MD5
8d15b8178fc2e7ee8a55cee8c0419bbc

SHA1
c4413c789ba7919d9a72b6faa6c6a43973d065e6

SHA256
3e62e08d3982d905a2587ea04c65cb0438bce59d14c1d9d0fc50312241976da9

SHA512
4c6ffcada3a80c92ffad20d9f5955f1f38ffc5a7be25f4bbbd951f9b4ae73cc09ddb375bd15b197256326a32461245e295a140565c45f361b0b7314f1384d426

Download Submit
C:\Windows\system\seeMauw.exe

Filesize
6.0MB

MD5
764672dc93087efc67daa2b130b0f0f2

SHA1
08878704c987253c464468d149e65cf05c177688

SHA256
975ca19f38753039f2119ce49fbe02948550f0178591acc91119c29e3b29c950

SHA512
12240b253e314b3266ae6ff076ec220a4a36831fc7d6ff7c0c2b6d3127e89213d465423a21d7b8b7ca050b34e7f2855c1a06efaf31b75b36e1a76f74acffa6c7

Download Submit
C:\Windows\system\zWEWmPT.exe

Filesize
6.0MB

MD5
c171bbce18d5d362c5dab230f5b4cb6c

SHA1
39b9e7346a17189019dfdf72fc0d97d7c1a341e6

SHA256
54ab78ca4c33acc57cafcd2d840c51d72d98c3f56432935bfac072a9537f5f1c

SHA512
ed5cfeacdea058555ab20ecee1ecb0bab7db1ff100cb94105e76a8846f2489d3164abbfd4253ae220ff97451e9d4caa6e442e2e92b307fd7960cbf551fd9bdd8

Download Submit
\Windows\system\MSxrEIX.exe

Filesize
6.0MB

MD5
c7c68f6fc35fe59ca1e51570af023f99

SHA1
88086c30239ffd7199a4a80a9e559db93b0927fd

SHA256
981910f11b2dfdb26c6fcffc029f36dfa3d3763d05ffaf1cecce51f0b1e47fe7

SHA512
715c8a91870cb0073d4b7aaae61d88bd07c7c957bcacd9e8f58924f1cf4613c1fa2b5b99e090ea263ab2bb45c355da0c68c3f01fa35a609223023328db23a748

Download Submit
\Windows\system\MtUVnjN.exe

Filesize
6.0MB

MD5
e2df1c913c0b551f3d89662d3333fa77

SHA1
fe41b569d7e59e1be092ed7253e5654f71d3f4ac

SHA256
f95ca1cdaa58dc14e0d20ddcd2a1ae1ebb46bc4d68b2bb585a525dee9b9172d1

SHA512
c8f758810afd644502d056be8372f5f2d696e19a778d78d9e4063d1d690750eb18dd030436eadb2a176fc77722fbcb4864740607ef1d8b52499c53d26ac039af

Download Submit
\Windows\system\VQrVXTp.exe

Filesize
6.0MB

MD5
8f3b2fae0af0602950b074aa40904561

SHA1
cc0b4c700068465b3514d387d2f7f560b412380f

SHA256
f15c9189202c13b7f4653e50a381fc8a576f8547503e4c0d9d63780367962f36

SHA512
3be1a87b65f71cd7bda68b31f388cea8c958666354eff7fab570e81d611a85e90bc5d9f239b6484f085a10088312654fbaabe2e777f0c379892a5321ba129aff

Download Submit
\Windows\system\dcSBMNR.exe

Filesize
6.0MB

MD5
c2b4de9ce0616bc6beeb548bf3fdd402

SHA1
de0695e0f12bb13faa099a1652f99099659218e9

SHA256
85d55b6090617f6459fb914797fe748c5407d2a1f3bef7938c9f641bd2cf939a

SHA512
aeade97c8b05ca5797e40c724fba713c1f85424e532ddd5b737e2bf563092b33955a3238703a5ff3aea9d9ff778f1106e9aa53e4f146986dd819063fb50dc849

Download Submit
\Windows\system\jYAdQfF.exe

Filesize
6.0MB

MD5
04f025f4a0051bd790a9ada00abf95f0

SHA1
c252f8951e686e75ab3b29e338cd90fe30a63bc9

SHA256
6cee3ccdd8953ad6d202bf232cf2c33ecf0f47e077835716a1b67e6750cf8fbd

SHA512
2f6760dde489726c171a17040985cc1218894c6f264e99a72400f70f2714781431a9bc884afbf9d2c4cee0b7408b6c97d9659319dd381c418409a4589af0ab20

Download Submit
\Windows\system\zPHLJlu.exe

Filesize
6.0MB

MD5
d98e49c9492b31f34a651a41d035281a

SHA1
887fb17a91acdf611c8ce1369269e67e1d179e5c

SHA256
9763a33770c558eec52923aef7fc3d554b8700dcab6bd271fdc56ff8da741188

SHA512
ecbb2c5d82af8b6caab0b3d482b0e1301201527c13d0b642a943d82a9bc420302580b157023b050ff66008342ea79963db6f5f7e7bca08384745f738e758d145

Download Submit
memory/332-104-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/332-3755-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-103-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-50-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-547-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1760-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/1760-9-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1760-1188-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1760-19-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-111-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/1760-31-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-34-0x0000000002230000-0x0000000002584000-memory.dmp

Filesize
3.3MB

Download
memory/1760-0-0x000000013FD50000-0x00000001400A4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-10-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1760-48-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1760-92-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1760-91-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/1760-62-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1760-263-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/1760-57-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-79-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1760-75-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2060-3747-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2060-93-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2060-775-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3702-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-76-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2272-18-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2272-3721-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2272-59-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2280-662-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2280-89-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2280-3773-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2492-3759-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2492-97-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3724-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2716-68-0x000000013F1F0000-0x000000013F544000-memory.dmp

Filesize
3.3MB

Download
memory/2788-56-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2788-16-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3682-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3673-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-33-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-105-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3676-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-58-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-3687-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2904-49-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2936-22-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-3718-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2936-67-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2960-3719-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2960-77-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2960-35-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/3064-3686-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-88-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/3064-42-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download