cobaltstrike | 27ee5cd831f21695579433054ce22a76ddeac0aa19d243287750f7f98da466d6

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-01-2025 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5467fa453217366e07fc31441aac7419
SHA1

695be38e381f6dff2b5862beaee57cc036835450
SHA256

27ee5cd831f21695579433054ce22a76ddeac0aa19d243287750f7f98da466d6
SHA512

9e734064312d6a871542ead1ee53fe739d9c4cadd52b36bb2820ef641e7ad4a2711d3253ca17df16a1bde9ca278caad6dd62d0bac624faa5bf506f81bfcb26cb
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUM:T+q56utgpPF8u/7M

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016df8-7.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016edc-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016f02-33.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174f8-37.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-66.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193dc-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-189.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ad-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019428-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019426-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f9-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d0-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001939f-120.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019358-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192a1-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019354-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001927a-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019299-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019274-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001924f-60.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000175f7-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017570-46.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174b4-27.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2996-0-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-6.dat	xmrig
behavioral1/files/0x0008000000016df8-7.dat	xmrig
behavioral1/files/0x0008000000016edc-12.dat	xmrig
behavioral1/files/0x0008000000016f02-33.dat	xmrig
behavioral1/memory/2836-34-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x00070000000174f8-37.dat	xmrig
behavioral1/memory/2516-49-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2624-54-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019261-66.dat	xmrig
behavioral1/memory/2880-95-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x00050000000193dc-135.dat	xmrig
behavioral1/files/0x00050000000194c3-160.dat	xmrig
behavioral1/memory/2996-1001-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2996-430-0x00000000023B0000-0x0000000002704000-memory.dmp	xmrig
behavioral1/memory/1308-202-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019518-189.dat	xmrig
behavioral1/files/0x0005000000019508-180.dat	xmrig
behavioral1/files/0x0005000000019510-186.dat	xmrig
behavioral1/files/0x00050000000194e1-171.dat	xmrig
behavioral1/files/0x0005000000019502-174.dat	xmrig
behavioral1/files/0x00050000000194d5-164.dat	xmrig
behavioral1/files/0x00050000000194ad-155.dat	xmrig
behavioral1/files/0x0005000000019428-150.dat	xmrig
behavioral1/files/0x0005000000019426-145.dat	xmrig
behavioral1/files/0x00050000000193f9-140.dat	xmrig
behavioral1/files/0x00050000000193d0-130.dat	xmrig
behavioral1/files/0x00050000000193cc-125.dat	xmrig
behavioral1/files/0x000500000001939f-120.dat	xmrig
behavioral1/files/0x0005000000019358-106.dat	xmrig
behavioral1/files/0x000500000001938e-113.dat	xmrig
behavioral1/memory/764-111-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000192a1-92.dat	xmrig
behavioral1/files/0x0005000000019354-102.dat	xmrig
behavioral1/memory/2996-100-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2996-99-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/2624-98-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2640-97-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/1968-82-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x000500000001927a-79.dat	xmrig
behavioral1/files/0x0005000000019299-87.dat	xmrig
behavioral1/memory/2836-71-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/1964-70-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2996-84-0x000000013F0E0000-0x000000013F434000-memory.dmp	xmrig
behavioral1/memory/2688-77-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0005000000019274-74.dat	xmrig
behavioral1/memory/1308-62-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2996-53-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001924f-60.dat	xmrig
behavioral1/files/0x00080000000175f7-52.dat	xmrig
behavioral1/memory/2688-39-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/files/0x0007000000017570-46.dat	xmrig
behavioral1/memory/2808-32-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/2732-28-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x00070000000174b4-27.dat	xmrig
behavioral1/memory/2660-26-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2776-18-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2660-3889-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2836-3884-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2516-3881-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2732-3879-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2808-3946-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	xmrig
behavioral1/memory/1964-3945-0x000000013FE20000-0x0000000140174000-memory.dmp	xmrig
behavioral1/memory/2688-3982-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2732	YqTPtpl.exe
2776	XLvzEow.exe
2660	pDoSGQt.exe
2808	YTBjCGY.exe
2836	XBNnxKU.exe
2688	SNCbeqx.exe
2516	IYBkbYH.exe
2624	YzJdWii.exe
1308	yildhho.exe
1964	UlccsFM.exe
1968	NRfrtuH.exe
2880	OVjmIEY.exe
2640	VwBoMlW.exe
764	RZqNwFi.exe
1724	SaUVgYn.exe
1156	YKeLlnS.exe
1996	RiaQXgF.exe
2292	YRxzprj.exe
1496	ixvCpRr.exe
640	JoeWuYQ.exe
2840	mHDmqTc.exe
2384	weqjkJc.exe
2172	cGxIfvd.exe
2532	SmLSrPr.exe
2276	nEMOHtq.exe
2468	iBjpUoj.exe
2236	vTEypQC.exe
1772	VmIyWgM.exe
1140	wGOWTfI.exe
904	URsqjyI.exe
800	ONrotKz.exe
2940	kGlJpqV.exe
1788	QMrAJKN.exe
2364	zImOnOo.exe
2084	lHpWplC.exe
1720	AVVqWSX.exe
1556	khDPPxP.exe
784	VTbJOYO.exe
2896	Kmsjsim.exe
3016	ktLzptf.exe
2472	LDzelud.exe
2064	EikhHuG.exe
536	ZJnHrjH.exe
268	knMwNOB.exe
2892	udJhFND.exe
892	gvcVDJg.exe
1120	JtAptJC.exe
304	ZMwMbQj.exe
888	JJDArEb.exe
1260	dCNsRhK.exe
1596	hpjUvbP.exe
2692	gieCeta.exe
2744	RUcrGkY.exe
2656	JcmpCXu.exe
2380	SJhHkhn.exe
2724	rrhSgFI.exe
2340	GrtYpEN.exe
2552	lUhlFvF.exe
708	halKKPq.exe
2444	BUWwdzg.exe
1980	ZKwyqLH.exe
1440	HhCCUQS.exe
1848	KgpgWWy.exe
308	gEQNUsk.exe

Loads dropped DLL 64 IoCs

pid	Process
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2996-0-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-6.dat	upx
behavioral1/files/0x0008000000016df8-7.dat	upx
behavioral1/files/0x0008000000016edc-12.dat	upx
behavioral1/files/0x0008000000016f02-33.dat	upx
behavioral1/memory/2836-34-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x00070000000174f8-37.dat	upx
behavioral1/memory/2516-49-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2624-54-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x0005000000019261-66.dat	upx
behavioral1/memory/2880-95-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x00050000000193dc-135.dat	upx
behavioral1/files/0x00050000000194c3-160.dat	upx
behavioral1/memory/1308-202-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0005000000019518-189.dat	upx
behavioral1/files/0x0005000000019508-180.dat	upx
behavioral1/files/0x0005000000019510-186.dat	upx
behavioral1/files/0x00050000000194e1-171.dat	upx
behavioral1/files/0x0005000000019502-174.dat	upx
behavioral1/files/0x00050000000194d5-164.dat	upx
behavioral1/files/0x00050000000194ad-155.dat	upx
behavioral1/files/0x0005000000019428-150.dat	upx
behavioral1/files/0x0005000000019426-145.dat	upx
behavioral1/files/0x00050000000193f9-140.dat	upx
behavioral1/files/0x00050000000193d0-130.dat	upx
behavioral1/files/0x00050000000193cc-125.dat	upx
behavioral1/files/0x000500000001939f-120.dat	upx
behavioral1/files/0x0005000000019358-106.dat	upx
behavioral1/files/0x000500000001938e-113.dat	upx
behavioral1/memory/764-111-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x00050000000192a1-92.dat	upx
behavioral1/files/0x0005000000019354-102.dat	upx
behavioral1/memory/2624-98-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2640-97-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx
behavioral1/memory/1968-82-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x000500000001927a-79.dat	upx
behavioral1/files/0x0005000000019299-87.dat	upx
behavioral1/memory/2836-71-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/1964-70-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2688-77-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0005000000019274-74.dat	upx
behavioral1/memory/1308-62-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2996-53-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/files/0x000500000001924f-60.dat	upx
behavioral1/files/0x00080000000175f7-52.dat	upx
behavioral1/memory/2688-39-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/files/0x0007000000017570-46.dat	upx
behavioral1/memory/2808-32-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/2732-28-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x00070000000174b4-27.dat	upx
behavioral1/memory/2660-26-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2776-18-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2660-3889-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2836-3884-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2516-3881-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2732-3879-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2808-3946-0x000000013FAA0000-0x000000013FDF4000-memory.dmp	upx
behavioral1/memory/1964-3945-0x000000013FE20000-0x0000000140174000-memory.dmp	upx
behavioral1/memory/2688-3982-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/1308-3977-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/764-3971-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2624-3901-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2776-3878-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2640-4044-0x000000013F0E0000-0x000000013F434000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\umdkvqm.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MQicylA.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WrCMGwz.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwcEUYp.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JuPDnFk.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDHqTPi.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZBINmM.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jNOWJsY.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\blpKclI.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AkdgqHU.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doRzDSG.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BwBWGAp.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LryYKHK.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcflqPo.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwBoMlW.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MyfoHFt.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntEmcJl.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WaDXjjD.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XQKzFwz.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OEdpPgB.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tyYAXLL.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ANntlwW.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPsPVWM.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ikJkCQA.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VymHIpg.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cCMacCT.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIiCBXg.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QCLLfRR.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sVUbjYm.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GubzAki.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FrAMgXR.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\stGjljI.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCwzYos.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tiNswWc.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qFWaWMq.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PgVRZvb.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fuenMGy.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBksOSe.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trVsxQI.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RVMNuFV.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SEKODMi.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKcZDxq.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jXbOKYY.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZrNTKZ.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\smfYWFq.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XoIjLHX.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WxFLaHZ.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IYBkbYH.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLkboyy.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odzkzZR.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOXXFWC.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EGlTAlN.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\byLkvPg.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TFaUcSg.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuRlXtx.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xKOcTzw.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCcBLaF.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcCREJh.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OFllQgO.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ResmMHn.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPbcxSg.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHVfFCq.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yokvIuX.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgggdcO.exe	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 2732	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2732	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2732	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2996 wrote to memory of 2776	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2776	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2776	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2996 wrote to memory of 2660	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2660	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2660	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2996 wrote to memory of 2836	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 2836	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 2836	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2996 wrote to memory of 2808	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 2808	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 2808	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2996 wrote to memory of 2688	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 2688	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 2688	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2996 wrote to memory of 2516	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2516	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2516	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2996 wrote to memory of 2624	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 2624	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 2624	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2996 wrote to memory of 1308	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 1308	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 1308	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2996 wrote to memory of 1964	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 1964	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 1964	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2996 wrote to memory of 1968	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 1968	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 1968	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2996 wrote to memory of 2640	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 2640	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 2640	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2996 wrote to memory of 2880	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 2880	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 2880	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2996 wrote to memory of 1724	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 1724	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 1724	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2996 wrote to memory of 764	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 764	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 764	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2996 wrote to memory of 1996	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 1996	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 1996	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2996 wrote to memory of 1156	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 1156	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 1156	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2996 wrote to memory of 2292	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 2292	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 2292	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2996 wrote to memory of 1496	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 1496	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 1496	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2996 wrote to memory of 640	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 640	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 640	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2996 wrote to memory of 2840	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 2840	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 2840	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2996 wrote to memory of 2384	2996	2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-28_5467fa453217366e07fc31441aac7419_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\System\YqTPtpl.exe
  C:\Windows\System\YqTPtpl.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\XLvzEow.exe
  C:\Windows\System\XLvzEow.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\pDoSGQt.exe
  C:\Windows\System\pDoSGQt.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\XBNnxKU.exe
  C:\Windows\System\XBNnxKU.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\YTBjCGY.exe
  C:\Windows\System\YTBjCGY.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\SNCbeqx.exe
  C:\Windows\System\SNCbeqx.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\IYBkbYH.exe
  C:\Windows\System\IYBkbYH.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\YzJdWii.exe
  C:\Windows\System\YzJdWii.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\yildhho.exe
  C:\Windows\System\yildhho.exe
  2⤵
  - Executes dropped EXE
  PID:1308
- C:\Windows\System\UlccsFM.exe
  C:\Windows\System\UlccsFM.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\NRfrtuH.exe
  C:\Windows\System\NRfrtuH.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\VwBoMlW.exe
  C:\Windows\System\VwBoMlW.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\OVjmIEY.exe
  C:\Windows\System\OVjmIEY.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\SaUVgYn.exe
  C:\Windows\System\SaUVgYn.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\RZqNwFi.exe
  C:\Windows\System\RZqNwFi.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\RiaQXgF.exe
  C:\Windows\System\RiaQXgF.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\YKeLlnS.exe
  C:\Windows\System\YKeLlnS.exe
  2⤵
  - Executes dropped EXE
  PID:1156
- C:\Windows\System\YRxzprj.exe
  C:\Windows\System\YRxzprj.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\ixvCpRr.exe
  C:\Windows\System\ixvCpRr.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\JoeWuYQ.exe
  C:\Windows\System\JoeWuYQ.exe
  2⤵
  - Executes dropped EXE
  PID:640
- C:\Windows\System\mHDmqTc.exe
  C:\Windows\System\mHDmqTc.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\weqjkJc.exe
  C:\Windows\System\weqjkJc.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\cGxIfvd.exe
  C:\Windows\System\cGxIfvd.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\SmLSrPr.exe
  C:\Windows\System\SmLSrPr.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\nEMOHtq.exe
  C:\Windows\System\nEMOHtq.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\iBjpUoj.exe
  C:\Windows\System\iBjpUoj.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\vTEypQC.exe
  C:\Windows\System\vTEypQC.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\VmIyWgM.exe
  C:\Windows\System\VmIyWgM.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\wGOWTfI.exe
  C:\Windows\System\wGOWTfI.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\URsqjyI.exe
  C:\Windows\System\URsqjyI.exe
  2⤵
  - Executes dropped EXE
  PID:904
- C:\Windows\System\ONrotKz.exe
  C:\Windows\System\ONrotKz.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\kGlJpqV.exe
  C:\Windows\System\kGlJpqV.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\QMrAJKN.exe
  C:\Windows\System\QMrAJKN.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\zImOnOo.exe
  C:\Windows\System\zImOnOo.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\lHpWplC.exe
  C:\Windows\System\lHpWplC.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\AVVqWSX.exe
  C:\Windows\System\AVVqWSX.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\khDPPxP.exe
  C:\Windows\System\khDPPxP.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\VTbJOYO.exe
  C:\Windows\System\VTbJOYO.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\Kmsjsim.exe
  C:\Windows\System\Kmsjsim.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\ktLzptf.exe
  C:\Windows\System\ktLzptf.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\LDzelud.exe
  C:\Windows\System\LDzelud.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\EikhHuG.exe
  C:\Windows\System\EikhHuG.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\ZJnHrjH.exe
  C:\Windows\System\ZJnHrjH.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\knMwNOB.exe
  C:\Windows\System\knMwNOB.exe
  2⤵
  - Executes dropped EXE
  PID:268
- C:\Windows\System\udJhFND.exe
  C:\Windows\System\udJhFND.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\JtAptJC.exe
  C:\Windows\System\JtAptJC.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\gvcVDJg.exe
  C:\Windows\System\gvcVDJg.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\JJDArEb.exe
  C:\Windows\System\JJDArEb.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\ZMwMbQj.exe
  C:\Windows\System\ZMwMbQj.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\dCNsRhK.exe
  C:\Windows\System\dCNsRhK.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\hpjUvbP.exe
  C:\Windows\System\hpjUvbP.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\gieCeta.exe
  C:\Windows\System\gieCeta.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\RUcrGkY.exe
  C:\Windows\System\RUcrGkY.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\JcmpCXu.exe
  C:\Windows\System\JcmpCXu.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\SJhHkhn.exe
  C:\Windows\System\SJhHkhn.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\rrhSgFI.exe
  C:\Windows\System\rrhSgFI.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\GrtYpEN.exe
  C:\Windows\System\GrtYpEN.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\lUhlFvF.exe
  C:\Windows\System\lUhlFvF.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\halKKPq.exe
  C:\Windows\System\halKKPq.exe
  2⤵
  - Executes dropped EXE
  PID:708
- C:\Windows\System\BUWwdzg.exe
  C:\Windows\System\BUWwdzg.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\ZKwyqLH.exe
  C:\Windows\System\ZKwyqLH.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\HhCCUQS.exe
  C:\Windows\System\HhCCUQS.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\KgpgWWy.exe
  C:\Windows\System\KgpgWWy.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\gEQNUsk.exe
  C:\Windows\System\gEQNUsk.exe
  2⤵
  - Executes dropped EXE
  PID:308
- C:\Windows\System\uoRqZUl.exe
  C:\Windows\System\uoRqZUl.exe
  2⤵
  PID:2108
- C:\Windows\System\LOkIWrc.exe
  C:\Windows\System\LOkIWrc.exe
  2⤵
  PID:1448
- C:\Windows\System\GvplwOm.exe
  C:\Windows\System\GvplwOm.exe
  2⤵
  PID:2196
- C:\Windows\System\ZbHZrbb.exe
  C:\Windows\System\ZbHZrbb.exe
  2⤵
  PID:2352
- C:\Windows\System\mWLtbxF.exe
  C:\Windows\System\mWLtbxF.exe
  2⤵
  PID:900
- C:\Windows\System\dHqGNvp.exe
  C:\Windows\System\dHqGNvp.exe
  2⤵
  PID:1648
- C:\Windows\System\vJAiNkj.exe
  C:\Windows\System\vJAiNkj.exe
  2⤵
  PID:848
- C:\Windows\System\dIdCGMm.exe
  C:\Windows\System\dIdCGMm.exe
  2⤵
  PID:1084
- C:\Windows\System\NWIndMq.exe
  C:\Windows\System\NWIndMq.exe
  2⤵
  PID:1728
- C:\Windows\System\JUMVvzF.exe
  C:\Windows\System\JUMVvzF.exe
  2⤵
  PID:612
- C:\Windows\System\hZlVuLi.exe
  C:\Windows\System\hZlVuLi.exe
  2⤵
  PID:2636
- C:\Windows\System\NPRghSZ.exe
  C:\Windows\System\NPRghSZ.exe
  2⤵
  PID:2324
- C:\Windows\System\VOJOypL.exe
  C:\Windows\System\VOJOypL.exe
  2⤵
  PID:2068
- C:\Windows\System\RccOQQJ.exe
  C:\Windows\System\RccOQQJ.exe
  2⤵
  PID:1624
- C:\Windows\System\oFQHRTD.exe
  C:\Windows\System\oFQHRTD.exe
  2⤵
  PID:2944
- C:\Windows\System\DFYHUvu.exe
  C:\Windows\System\DFYHUvu.exe
  2⤵
  PID:2024
- C:\Windows\System\XXEjmHZ.exe
  C:\Windows\System\XXEjmHZ.exe
  2⤵
  PID:1508
- C:\Windows\System\JxqsUWA.exe
  C:\Windows\System\JxqsUWA.exe
  2⤵
  PID:1608
- C:\Windows\System\awHOTFO.exe
  C:\Windows\System\awHOTFO.exe
  2⤵
  PID:2824
- C:\Windows\System\VESfnwt.exe
  C:\Windows\System\VESfnwt.exe
  2⤵
  PID:2912
- C:\Windows\System\oiNnTNA.exe
  C:\Windows\System\oiNnTNA.exe
  2⤵
  PID:2812
- C:\Windows\System\IeGYtTA.exe
  C:\Windows\System\IeGYtTA.exe
  2⤵
  PID:2560
- C:\Windows\System\FbhUGMe.exe
  C:\Windows\System\FbhUGMe.exe
  2⤵
  PID:1696
- C:\Windows\System\wManpll.exe
  C:\Windows\System\wManpll.exe
  2⤵
  PID:2620
- C:\Windows\System\rbcWBix.exe
  C:\Windows\System\rbcWBix.exe
  2⤵
  PID:864
- C:\Windows\System\ujgaecm.exe
  C:\Windows\System\ujgaecm.exe
  2⤵
  PID:932
- C:\Windows\System\xlvxUef.exe
  C:\Windows\System\xlvxUef.exe
  2⤵
  PID:532
- C:\Windows\System\OlMgVrd.exe
  C:\Windows\System\OlMgVrd.exe
  2⤵
  PID:2920
- C:\Windows\System\YdTWTQP.exe
  C:\Windows\System\YdTWTQP.exe
  2⤵
  PID:1628
- C:\Windows\System\MbtYBFy.exe
  C:\Windows\System\MbtYBFy.exe
  2⤵
  PID:1704
- C:\Windows\System\dIJvLJo.exe
  C:\Windows\System\dIJvLJo.exe
  2⤵
  PID:1244
- C:\Windows\System\OhlrLfe.exe
  C:\Windows\System\OhlrLfe.exe
  2⤵
  PID:1732
- C:\Windows\System\JmfQYtv.exe
  C:\Windows\System\JmfQYtv.exe
  2⤵
  PID:2040
- C:\Windows\System\nkpFBLU.exe
  C:\Windows\System\nkpFBLU.exe
  2⤵
  PID:1804
- C:\Windows\System\zglysRZ.exe
  C:\Windows\System\zglysRZ.exe
  2⤵
  PID:2916
- C:\Windows\System\FrAMgXR.exe
  C:\Windows\System\FrAMgXR.exe
  2⤵
  PID:2336
- C:\Windows\System\faBIuzu.exe
  C:\Windows\System\faBIuzu.exe
  2⤵
  PID:2112
- C:\Windows\System\LZQAFmA.exe
  C:\Windows\System\LZQAFmA.exe
  2⤵
  PID:1604
- C:\Windows\System\TUbrogz.exe
  C:\Windows\System\TUbrogz.exe
  2⤵
  PID:2712
- C:\Windows\System\gGoKKAD.exe
  C:\Windows\System\gGoKKAD.exe
  2⤵
  PID:2348
- C:\Windows\System\rgyaDLg.exe
  C:\Windows\System\rgyaDLg.exe
  2⤵
  PID:1488
- C:\Windows\System\oMERAcB.exe
  C:\Windows\System\oMERAcB.exe
  2⤵
  PID:3092
- C:\Windows\System\jkpUfEv.exe
  C:\Windows\System\jkpUfEv.exe
  2⤵
  PID:3112
- C:\Windows\System\VAXvkJM.exe
  C:\Windows\System\VAXvkJM.exe
  2⤵
  PID:3132
- C:\Windows\System\NfEeYcx.exe
  C:\Windows\System\NfEeYcx.exe
  2⤵
  PID:3152
- C:\Windows\System\FtTQTIg.exe
  C:\Windows\System\FtTQTIg.exe
  2⤵
  PID:3172
- C:\Windows\System\ibYXYnD.exe
  C:\Windows\System\ibYXYnD.exe
  2⤵
  PID:3192
- C:\Windows\System\tOFKXuC.exe
  C:\Windows\System\tOFKXuC.exe
  2⤵
  PID:3216
- C:\Windows\System\WxERfwp.exe
  C:\Windows\System\WxERfwp.exe
  2⤵
  PID:3236
- C:\Windows\System\yXgKJtT.exe
  C:\Windows\System\yXgKJtT.exe
  2⤵
  PID:3256
- C:\Windows\System\tpJppsq.exe
  C:\Windows\System\tpJppsq.exe
  2⤵
  PID:3276
- C:\Windows\System\TRKnvpS.exe
  C:\Windows\System\TRKnvpS.exe
  2⤵
  PID:3296
- C:\Windows\System\AaCSdmG.exe
  C:\Windows\System\AaCSdmG.exe
  2⤵
  PID:3316
- C:\Windows\System\owPBWhc.exe
  C:\Windows\System\owPBWhc.exe
  2⤵
  PID:3336
- C:\Windows\System\AThNRtR.exe
  C:\Windows\System\AThNRtR.exe
  2⤵
  PID:3356
- C:\Windows\System\RezoGUx.exe
  C:\Windows\System\RezoGUx.exe
  2⤵
  PID:3376
- C:\Windows\System\XkgXNHk.exe
  C:\Windows\System\XkgXNHk.exe
  2⤵
  PID:3396
- C:\Windows\System\atiRKKl.exe
  C:\Windows\System\atiRKKl.exe
  2⤵
  PID:3416
- C:\Windows\System\FHhTQNQ.exe
  C:\Windows\System\FHhTQNQ.exe
  2⤵
  PID:3436
- C:\Windows\System\YouoeYt.exe
  C:\Windows\System\YouoeYt.exe
  2⤵
  PID:3452
- C:\Windows\System\ZdsqapJ.exe
  C:\Windows\System\ZdsqapJ.exe
  2⤵
  PID:3468
- C:\Windows\System\cJhqQJt.exe
  C:\Windows\System\cJhqQJt.exe
  2⤵
  PID:3496
- C:\Windows\System\AOkjoJd.exe
  C:\Windows\System\AOkjoJd.exe
  2⤵
  PID:3516
- C:\Windows\System\vCdhBRW.exe
  C:\Windows\System\vCdhBRW.exe
  2⤵
  PID:3536
- C:\Windows\System\OGTWEjN.exe
  C:\Windows\System\OGTWEjN.exe
  2⤵
  PID:3556
- C:\Windows\System\zyBstpv.exe
  C:\Windows\System\zyBstpv.exe
  2⤵
  PID:3576
- C:\Windows\System\fZAmMfR.exe
  C:\Windows\System\fZAmMfR.exe
  2⤵
  PID:3596
- C:\Windows\System\gJXwBNm.exe
  C:\Windows\System\gJXwBNm.exe
  2⤵
  PID:3616
- C:\Windows\System\YSyxhvF.exe
  C:\Windows\System\YSyxhvF.exe
  2⤵
  PID:3636
- C:\Windows\System\GcNaZpR.exe
  C:\Windows\System\GcNaZpR.exe
  2⤵
  PID:3656
- C:\Windows\System\thLvCoo.exe
  C:\Windows\System\thLvCoo.exe
  2⤵
  PID:3676
- C:\Windows\System\eetypNW.exe
  C:\Windows\System\eetypNW.exe
  2⤵
  PID:3696
- C:\Windows\System\FlvtZPi.exe
  C:\Windows\System\FlvtZPi.exe
  2⤵
  PID:3716
- C:\Windows\System\uxkcnxh.exe
  C:\Windows\System\uxkcnxh.exe
  2⤵
  PID:3736
- C:\Windows\System\ZucpovD.exe
  C:\Windows\System\ZucpovD.exe
  2⤵
  PID:3756
- C:\Windows\System\vxnIZsN.exe
  C:\Windows\System\vxnIZsN.exe
  2⤵
  PID:3776
- C:\Windows\System\hBXUOSk.exe
  C:\Windows\System\hBXUOSk.exe
  2⤵
  PID:3796
- C:\Windows\System\GVCKblv.exe
  C:\Windows\System\GVCKblv.exe
  2⤵
  PID:3816
- C:\Windows\System\dQdVxOl.exe
  C:\Windows\System\dQdVxOl.exe
  2⤵
  PID:3840
- C:\Windows\System\gtKIQBy.exe
  C:\Windows\System\gtKIQBy.exe
  2⤵
  PID:3860
- C:\Windows\System\HHxAqPi.exe
  C:\Windows\System\HHxAqPi.exe
  2⤵
  PID:3880
- C:\Windows\System\FPvTAkb.exe
  C:\Windows\System\FPvTAkb.exe
  2⤵
  PID:3900
- C:\Windows\System\qJcpWwz.exe
  C:\Windows\System\qJcpWwz.exe
  2⤵
  PID:3916
- C:\Windows\System\quYRkRD.exe
  C:\Windows\System\quYRkRD.exe
  2⤵
  PID:3940
- C:\Windows\System\OebepOb.exe
  C:\Windows\System\OebepOb.exe
  2⤵
  PID:3960
- C:\Windows\System\dWcYxmN.exe
  C:\Windows\System\dWcYxmN.exe
  2⤵
  PID:3984
- C:\Windows\System\ArIklnA.exe
  C:\Windows\System\ArIklnA.exe
  2⤵
  PID:4004
- C:\Windows\System\mEqHkFB.exe
  C:\Windows\System\mEqHkFB.exe
  2⤵
  PID:4024
- C:\Windows\System\BWDyjwe.exe
  C:\Windows\System\BWDyjwe.exe
  2⤵
  PID:4044
- C:\Windows\System\RGxKpuX.exe
  C:\Windows\System\RGxKpuX.exe
  2⤵
  PID:4064
- C:\Windows\System\zZrtCjm.exe
  C:\Windows\System\zZrtCjm.exe
  2⤵
  PID:4080
- C:\Windows\System\BTfKgfS.exe
  C:\Windows\System\BTfKgfS.exe
  2⤵
  PID:1936
- C:\Windows\System\kdGrsMt.exe
  C:\Windows\System\kdGrsMt.exe
  2⤵
  PID:1532
- C:\Windows\System\DwHzuoS.exe
  C:\Windows\System\DwHzuoS.exe
  2⤵
  PID:2176
- C:\Windows\System\WWOSAOC.exe
  C:\Windows\System\WWOSAOC.exe
  2⤵
  PID:2512
- C:\Windows\System\rZPWyIN.exe
  C:\Windows\System\rZPWyIN.exe
  2⤵
  PID:1960
- C:\Windows\System\nPyAvZO.exe
  C:\Windows\System\nPyAvZO.exe
  2⤵
  PID:1584
- C:\Windows\System\TxZFpnG.exe
  C:\Windows\System\TxZFpnG.exe
  2⤵
  PID:2016
- C:\Windows\System\fKegwvM.exe
  C:\Windows\System\fKegwvM.exe
  2⤵
  PID:996
- C:\Windows\System\XINHuen.exe
  C:\Windows\System\XINHuen.exe
  2⤵
  PID:1600
- C:\Windows\System\HRdTHhu.exe
  C:\Windows\System\HRdTHhu.exe
  2⤵
  PID:2704
- C:\Windows\System\rZkvkQu.exe
  C:\Windows\System\rZkvkQu.exe
  2⤵
  PID:2800
- C:\Windows\System\VCAbrPg.exe
  C:\Windows\System\VCAbrPg.exe
  2⤵
  PID:3104
- C:\Windows\System\lUuLNuS.exe
  C:\Windows\System\lUuLNuS.exe
  2⤵
  PID:3148
- C:\Windows\System\YUTGhNr.exe
  C:\Windows\System\YUTGhNr.exe
  2⤵
  PID:3164
- C:\Windows\System\yLkboyy.exe
  C:\Windows\System\yLkboyy.exe
  2⤵
  PID:3204
- C:\Windows\System\xvUPdMq.exe
  C:\Windows\System\xvUPdMq.exe
  2⤵
  PID:3252
- C:\Windows\System\MIRlKtI.exe
  C:\Windows\System\MIRlKtI.exe
  2⤵
  PID:3288
- C:\Windows\System\YrhpRCC.exe
  C:\Windows\System\YrhpRCC.exe
  2⤵
  PID:3332
- C:\Windows\System\HHNaoom.exe
  C:\Windows\System\HHNaoom.exe
  2⤵
  PID:3364
- C:\Windows\System\paKBETX.exe
  C:\Windows\System\paKBETX.exe
  2⤵
  PID:3384
- C:\Windows\System\YlrlBzv.exe
  C:\Windows\System\YlrlBzv.exe
  2⤵
  PID:3408
- C:\Windows\System\hxPeuJg.exe
  C:\Windows\System\hxPeuJg.exe
  2⤵
  PID:3476
- C:\Windows\System\vBUaKVF.exe
  C:\Windows\System\vBUaKVF.exe
  2⤵
  PID:3492
- C:\Windows\System\djQtVxv.exe
  C:\Windows\System\djQtVxv.exe
  2⤵
  PID:3532
- C:\Windows\System\nbGBvvi.exe
  C:\Windows\System\nbGBvvi.exe
  2⤵
  PID:3564
- C:\Windows\System\sQoIHSm.exe
  C:\Windows\System\sQoIHSm.exe
  2⤵
  PID:3604
- C:\Windows\System\gISOCBj.exe
  C:\Windows\System\gISOCBj.exe
  2⤵
  PID:3644
- C:\Windows\System\gdbjqSr.exe
  C:\Windows\System\gdbjqSr.exe
  2⤵
  PID:3664
- C:\Windows\System\aeRYLeo.exe
  C:\Windows\System\aeRYLeo.exe
  2⤵
  PID:3688
- C:\Windows\System\yQWtdQl.exe
  C:\Windows\System\yQWtdQl.exe
  2⤵
  PID:3704
- C:\Windows\System\eGDAfEs.exe
  C:\Windows\System\eGDAfEs.exe
  2⤵
  PID:3768
- C:\Windows\System\RptnsNZ.exe
  C:\Windows\System\RptnsNZ.exe
  2⤵
  PID:3784
- C:\Windows\System\LUIRmXr.exe
  C:\Windows\System\LUIRmXr.exe
  2⤵
  PID:3828
- C:\Windows\System\Zyxtpnr.exe
  C:\Windows\System\Zyxtpnr.exe
  2⤵
  PID:3888
- C:\Windows\System\rDXvbbM.exe
  C:\Windows\System\rDXvbbM.exe
  2⤵
  PID:3924
- C:\Windows\System\gcmGNuV.exe
  C:\Windows\System\gcmGNuV.exe
  2⤵
  PID:3908
- C:\Windows\System\qkzgjRP.exe
  C:\Windows\System\qkzgjRP.exe
  2⤵
  PID:3992
- C:\Windows\System\LuTyGvG.exe
  C:\Windows\System\LuTyGvG.exe
  2⤵
  PID:4012
- C:\Windows\System\TDrpavc.exe
  C:\Windows\System\TDrpavc.exe
  2⤵
  PID:4060
- C:\Windows\System\ojzVVDS.exe
  C:\Windows\System\ojzVVDS.exe
  2⤵
  PID:556
- C:\Windows\System\FmSqDsS.exe
  C:\Windows\System\FmSqDsS.exe
  2⤵
  PID:1984
- C:\Windows\System\NPpjcZj.exe
  C:\Windows\System\NPpjcZj.exe
  2⤵
  PID:2180
- C:\Windows\System\YoONQYG.exe
  C:\Windows\System\YoONQYG.exe
  2⤵
  PID:1352
- C:\Windows\System\YAgpbuW.exe
  C:\Windows\System\YAgpbuW.exe
  2⤵
  PID:1616
- C:\Windows\System\KVREcJT.exe
  C:\Windows\System\KVREcJT.exe
  2⤵
  PID:1716
- C:\Windows\System\orzvtEh.exe
  C:\Windows\System\orzvtEh.exe
  2⤵
  PID:2700
- C:\Windows\System\Palxiqk.exe
  C:\Windows\System\Palxiqk.exe
  2⤵
  PID:3088
- C:\Windows\System\QITztzc.exe
  C:\Windows\System\QITztzc.exe
  2⤵
  PID:3140
- C:\Windows\System\CzUVqnG.exe
  C:\Windows\System\CzUVqnG.exe
  2⤵
  PID:3272
- C:\Windows\System\oFytYlY.exe
  C:\Windows\System\oFytYlY.exe
  2⤵
  PID:3292
- C:\Windows\System\AtvTerR.exe
  C:\Windows\System\AtvTerR.exe
  2⤵
  PID:3344
- C:\Windows\System\TzAfNCr.exe
  C:\Windows\System\TzAfNCr.exe
  2⤵
  PID:3352
- C:\Windows\System\VStnMqR.exe
  C:\Windows\System\VStnMqR.exe
  2⤵
  PID:3488
- C:\Windows\System\YXBFppL.exe
  C:\Windows\System\YXBFppL.exe
  2⤵
  PID:3504
- C:\Windows\System\CJuAiid.exe
  C:\Windows\System\CJuAiid.exe
  2⤵
  PID:3508
- C:\Windows\System\uXtZHqA.exe
  C:\Windows\System\uXtZHqA.exe
  2⤵
  PID:3608
- C:\Windows\System\ucELZjm.exe
  C:\Windows\System\ucELZjm.exe
  2⤵
  PID:3624
- C:\Windows\System\zYJCxGp.exe
  C:\Windows\System\zYJCxGp.exe
  2⤵
  PID:3628
- C:\Windows\System\YdtZVGu.exe
  C:\Windows\System\YdtZVGu.exe
  2⤵
  PID:3772
- C:\Windows\System\ISafIXr.exe
  C:\Windows\System\ISafIXr.exe
  2⤵
  PID:3808
- C:\Windows\System\PgbYKlz.exe
  C:\Windows\System\PgbYKlz.exe
  2⤵
  PID:3892
- C:\Windows\System\VUgCZnT.exe
  C:\Windows\System\VUgCZnT.exe
  2⤵
  PID:3980
- C:\Windows\System\ntHXFwj.exe
  C:\Windows\System\ntHXFwj.exe
  2⤵
  PID:3996
- C:\Windows\System\UqAokLk.exe
  C:\Windows\System\UqAokLk.exe
  2⤵
  PID:4036
- C:\Windows\System\KUdtewj.exe
  C:\Windows\System\KUdtewj.exe
  2⤵
  PID:1544
- C:\Windows\System\syVTXrO.exe
  C:\Windows\System\syVTXrO.exe
  2⤵
  PID:632
- C:\Windows\System\eDJWPRS.exe
  C:\Windows\System\eDJWPRS.exe
  2⤵
  PID:1844
- C:\Windows\System\dTxlVTE.exe
  C:\Windows\System\dTxlVTE.exe
  2⤵
  PID:2820
- C:\Windows\System\wfJDYAo.exe
  C:\Windows\System\wfJDYAo.exe
  2⤵
  PID:3208
- C:\Windows\System\zEvUNqx.exe
  C:\Windows\System\zEvUNqx.exe
  2⤵
  PID:3312
- C:\Windows\System\umdkvqm.exe
  C:\Windows\System\umdkvqm.exe
  2⤵
  PID:3368
- C:\Windows\System\odzkzZR.exe
  C:\Windows\System\odzkzZR.exe
  2⤵
  PID:3836
- C:\Windows\System\rpmebaR.exe
  C:\Windows\System\rpmebaR.exe
  2⤵
  PID:3444
- C:\Windows\System\qVMNhKW.exe
  C:\Windows\System\qVMNhKW.exe
  2⤵
  PID:3584
- C:\Windows\System\EpTjzbC.exe
  C:\Windows\System\EpTjzbC.exe
  2⤵
  PID:3856
- C:\Windows\System\xPdnmgO.exe
  C:\Windows\System\xPdnmgO.exe
  2⤵
  PID:3896
- C:\Windows\System\FUZeSsP.exe
  C:\Windows\System\FUZeSsP.exe
  2⤵
  PID:3852
- C:\Windows\System\HkXiXJj.exe
  C:\Windows\System\HkXiXJj.exe
  2⤵
  PID:4108
- C:\Windows\System\lHVfFCq.exe
  C:\Windows\System\lHVfFCq.exe
  2⤵
  PID:4128
- C:\Windows\System\WAYosnk.exe
  C:\Windows\System\WAYosnk.exe
  2⤵
  PID:4148
- C:\Windows\System\QHdogHx.exe
  C:\Windows\System\QHdogHx.exe
  2⤵
  PID:4172
- C:\Windows\System\rLiHzTp.exe
  C:\Windows\System\rLiHzTp.exe
  2⤵
  PID:4188
- C:\Windows\System\WJJFBkp.exe
  C:\Windows\System\WJJFBkp.exe
  2⤵
  PID:4212
- C:\Windows\System\inLXAzk.exe
  C:\Windows\System\inLXAzk.exe
  2⤵
  PID:4232
- C:\Windows\System\XQKzFwz.exe
  C:\Windows\System\XQKzFwz.exe
  2⤵
  PID:4252
- C:\Windows\System\JIYvKfb.exe
  C:\Windows\System\JIYvKfb.exe
  2⤵
  PID:4268
- C:\Windows\System\XwIcxnr.exe
  C:\Windows\System\XwIcxnr.exe
  2⤵
  PID:4296
- C:\Windows\System\gNAaHIb.exe
  C:\Windows\System\gNAaHIb.exe
  2⤵
  PID:4316
- C:\Windows\System\yokvIuX.exe
  C:\Windows\System\yokvIuX.exe
  2⤵
  PID:4336
- C:\Windows\System\bkzMxyV.exe
  C:\Windows\System\bkzMxyV.exe
  2⤵
  PID:4356
- C:\Windows\System\GeJCSOO.exe
  C:\Windows\System\GeJCSOO.exe
  2⤵
  PID:4372
- C:\Windows\System\xhsFjZW.exe
  C:\Windows\System\xhsFjZW.exe
  2⤵
  PID:4392
- C:\Windows\System\bmMDBLS.exe
  C:\Windows\System\bmMDBLS.exe
  2⤵
  PID:4416
- C:\Windows\System\SYfXUmm.exe
  C:\Windows\System\SYfXUmm.exe
  2⤵
  PID:4436
- C:\Windows\System\HgNNvGB.exe
  C:\Windows\System\HgNNvGB.exe
  2⤵
  PID:4456
- C:\Windows\System\MQicylA.exe
  C:\Windows\System\MQicylA.exe
  2⤵
  PID:4472
- C:\Windows\System\hHVFyLh.exe
  C:\Windows\System\hHVFyLh.exe
  2⤵
  PID:4488
- C:\Windows\System\loamIIK.exe
  C:\Windows\System\loamIIK.exe
  2⤵
  PID:4512
- C:\Windows\System\gBIkquB.exe
  C:\Windows\System\gBIkquB.exe
  2⤵
  PID:4528
- C:\Windows\System\hxuJuwC.exe
  C:\Windows\System\hxuJuwC.exe
  2⤵
  PID:4544
- C:\Windows\System\xgNwXgn.exe
  C:\Windows\System\xgNwXgn.exe
  2⤵
  PID:4560
- C:\Windows\System\SCOKRBj.exe
  C:\Windows\System\SCOKRBj.exe
  2⤵
  PID:4576
- C:\Windows\System\aCCdsvs.exe
  C:\Windows\System\aCCdsvs.exe
  2⤵
  PID:4604
- C:\Windows\System\MHLKciz.exe
  C:\Windows\System\MHLKciz.exe
  2⤵
  PID:4628
- C:\Windows\System\MSolYoz.exe
  C:\Windows\System\MSolYoz.exe
  2⤵
  PID:4644
- C:\Windows\System\KJFLKpY.exe
  C:\Windows\System\KJFLKpY.exe
  2⤵
  PID:4664
- C:\Windows\System\UPKpGcw.exe
  C:\Windows\System\UPKpGcw.exe
  2⤵
  PID:4696
- C:\Windows\System\RWjzYJk.exe
  C:\Windows\System\RWjzYJk.exe
  2⤵
  PID:4712
- C:\Windows\System\mBOAewM.exe
  C:\Windows\System\mBOAewM.exe
  2⤵
  PID:4736
- C:\Windows\System\zwXiVKS.exe
  C:\Windows\System\zwXiVKS.exe
  2⤵
  PID:4752
- C:\Windows\System\vteMlGF.exe
  C:\Windows\System\vteMlGF.exe
  2⤵
  PID:4772
- C:\Windows\System\rQnXvhL.exe
  C:\Windows\System\rQnXvhL.exe
  2⤵
  PID:4788
- C:\Windows\System\nHMFVfH.exe
  C:\Windows\System\nHMFVfH.exe
  2⤵
  PID:4812
- C:\Windows\System\yuNnDIO.exe
  C:\Windows\System\yuNnDIO.exe
  2⤵
  PID:4832
- C:\Windows\System\okDABHZ.exe
  C:\Windows\System\okDABHZ.exe
  2⤵
  PID:4848
- C:\Windows\System\SkWxJre.exe
  C:\Windows\System\SkWxJre.exe
  2⤵
  PID:4864
- C:\Windows\System\lUIQDKi.exe
  C:\Windows\System\lUIQDKi.exe
  2⤵
  PID:4884
- C:\Windows\System\cCQKUIt.exe
  C:\Windows\System\cCQKUIt.exe
  2⤵
  PID:4900
- C:\Windows\System\iBksOSe.exe
  C:\Windows\System\iBksOSe.exe
  2⤵
  PID:4916
- C:\Windows\System\xJTIVzH.exe
  C:\Windows\System\xJTIVzH.exe
  2⤵
  PID:4944
- C:\Windows\System\fpXRFzR.exe
  C:\Windows\System\fpXRFzR.exe
  2⤵
  PID:4968
- C:\Windows\System\zClJzCW.exe
  C:\Windows\System\zClJzCW.exe
  2⤵
  PID:4984
- C:\Windows\System\ZfxGIjD.exe
  C:\Windows\System\ZfxGIjD.exe
  2⤵
  PID:5012
- C:\Windows\System\jQeTDgq.exe
  C:\Windows\System\jQeTDgq.exe
  2⤵
  PID:5028
- C:\Windows\System\QhUIxMM.exe
  C:\Windows\System\QhUIxMM.exe
  2⤵
  PID:5044
- C:\Windows\System\mskXbnc.exe
  C:\Windows\System\mskXbnc.exe
  2⤵
  PID:5064
- C:\Windows\System\BGivMpS.exe
  C:\Windows\System\BGivMpS.exe
  2⤵
  PID:5092
- C:\Windows\System\ZvNMlbR.exe
  C:\Windows\System\ZvNMlbR.exe
  2⤵
  PID:5112
- C:\Windows\System\kcFjLLy.exe
  C:\Windows\System\kcFjLLy.exe
  2⤵
  PID:4088
- C:\Windows\System\vUEtoyd.exe
  C:\Windows\System\vUEtoyd.exe
  2⤵
  PID:4092
- C:\Windows\System\oTllwiq.exe
  C:\Windows\System\oTllwiq.exe
  2⤵
  PID:2356
- C:\Windows\System\FIqBeBz.exe
  C:\Windows\System\FIqBeBz.exe
  2⤵
  PID:3100
- C:\Windows\System\kxsbnrE.exe
  C:\Windows\System\kxsbnrE.exe
  2⤵
  PID:3224
- C:\Windows\System\dDvsIwZ.exe
  C:\Windows\System\dDvsIwZ.exe
  2⤵
  PID:3428
- C:\Windows\System\FJqVuQW.exe
  C:\Windows\System\FJqVuQW.exe
  2⤵
  PID:3404
- C:\Windows\System\ExWrGKk.exe
  C:\Windows\System\ExWrGKk.exe
  2⤵
  PID:3788
- C:\Windows\System\cwktUKA.exe
  C:\Windows\System\cwktUKA.exe
  2⤵
  PID:4156
- C:\Windows\System\wNFUSmo.exe
  C:\Windows\System\wNFUSmo.exe
  2⤵
  PID:4100
- C:\Windows\System\vLoXJAd.exe
  C:\Windows\System\vLoXJAd.exe
  2⤵
  PID:4136
- C:\Windows\System\XXXDANQ.exe
  C:\Windows\System\XXXDANQ.exe
  2⤵
  PID:4196
- C:\Windows\System\Mkdbscf.exe
  C:\Windows\System\Mkdbscf.exe
  2⤵
  PID:4240
- C:\Windows\System\MKSOIRE.exe
  C:\Windows\System\MKSOIRE.exe
  2⤵
  PID:4280
- C:\Windows\System\DoXFXiU.exe
  C:\Windows\System\DoXFXiU.exe
  2⤵
  PID:4260
- C:\Windows\System\zipUths.exe
  C:\Windows\System\zipUths.exe
  2⤵
  PID:2860
- C:\Windows\System\hVkSKWv.exe
  C:\Windows\System\hVkSKWv.exe
  2⤵
  PID:4368
- C:\Windows\System\RlrOTwf.exe
  C:\Windows\System\RlrOTwf.exe
  2⤵
  PID:4404
- C:\Windows\System\faQIuid.exe
  C:\Windows\System\faQIuid.exe
  2⤵
  PID:4452
- C:\Windows\System\QJKdkpt.exe
  C:\Windows\System\QJKdkpt.exe
  2⤵
  PID:4344
- C:\Windows\System\JdSbSsZ.exe
  C:\Windows\System\JdSbSsZ.exe
  2⤵
  PID:4388
- C:\Windows\System\TbsYxXr.exe
  C:\Windows\System\TbsYxXr.exe
  2⤵
  PID:4524
- C:\Windows\System\nYFUmlv.exe
  C:\Windows\System\nYFUmlv.exe
  2⤵
  PID:4588
- C:\Windows\System\XQQqWvV.exe
  C:\Windows\System\XQQqWvV.exe
  2⤵
  PID:4640
- C:\Windows\System\RJMETmY.exe
  C:\Windows\System\RJMETmY.exe
  2⤵
  PID:4624
- C:\Windows\System\hBOOqRv.exe
  C:\Windows\System\hBOOqRv.exe
  2⤵
  PID:4688
- C:\Windows\System\ZMBfNsm.exe
  C:\Windows\System\ZMBfNsm.exe
  2⤵
  PID:4724
- C:\Windows\System\EdDPXhS.exe
  C:\Windows\System\EdDPXhS.exe
  2⤵
  PID:4764
- C:\Windows\System\wEAzBPD.exe
  C:\Windows\System\wEAzBPD.exe
  2⤵
  PID:4840
- C:\Windows\System\cWfZMoc.exe
  C:\Windows\System\cWfZMoc.exe
  2⤵
  PID:4540
- C:\Windows\System\bswvUCJ.exe
  C:\Windows\System\bswvUCJ.exe
  2⤵
  PID:4568
- C:\Windows\System\bgggdcO.exe
  C:\Windows\System\bgggdcO.exe
  2⤵
  PID:4748
- C:\Windows\System\UdNmKUD.exe
  C:\Windows\System\UdNmKUD.exe
  2⤵
  PID:4952
- C:\Windows\System\QzUBaYl.exe
  C:\Windows\System\QzUBaYl.exe
  2⤵
  PID:4824
- C:\Windows\System\qdwRoyS.exe
  C:\Windows\System\qdwRoyS.exe
  2⤵
  PID:4996
- C:\Windows\System\AkdgqHU.exe
  C:\Windows\System\AkdgqHU.exe
  2⤵
  PID:4856
- C:\Windows\System\rpYbtXJ.exe
  C:\Windows\System\rpYbtXJ.exe
  2⤵
  PID:4980
- C:\Windows\System\LZfyegS.exe
  C:\Windows\System\LZfyegS.exe
  2⤵
  PID:5080
- C:\Windows\System\IlVzcXL.exe
  C:\Windows\System\IlVzcXL.exe
  2⤵
  PID:5024
- C:\Windows\System\MrzBtpu.exe
  C:\Windows\System\MrzBtpu.exe
  2⤵
  PID:1340
- C:\Windows\System\IhwMcJt.exe
  C:\Windows\System\IhwMcJt.exe
  2⤵
  PID:3084
- C:\Windows\System\atSChZf.exe
  C:\Windows\System\atSChZf.exe
  2⤵
  PID:5104
- C:\Windows\System\CSFBkxy.exe
  C:\Windows\System\CSFBkxy.exe
  2⤵
  PID:3124
- C:\Windows\System\vAFtIUP.exe
  C:\Windows\System\vAFtIUP.exe
  2⤵
  PID:3548
- C:\Windows\System\pOcKhSz.exe
  C:\Windows\System\pOcKhSz.exe
  2⤵
  PID:3668
- C:\Windows\System\pkFoIOn.exe
  C:\Windows\System\pkFoIOn.exe
  2⤵
  PID:4124
- C:\Windows\System\LpoSDqc.exe
  C:\Windows\System\LpoSDqc.exe
  2⤵
  PID:4160
- C:\Windows\System\Gkcimjw.exe
  C:\Windows\System\Gkcimjw.exe
  2⤵
  PID:4144
- C:\Windows\System\iDGypEJ.exe
  C:\Windows\System\iDGypEJ.exe
  2⤵
  PID:4292
- C:\Windows\System\scdUMKn.exe
  C:\Windows\System\scdUMKn.exe
  2⤵
  PID:4328
- C:\Windows\System\GfJBjzN.exe
  C:\Windows\System\GfJBjzN.exe
  2⤵
  PID:2576
- C:\Windows\System\ExjvBxe.exe
  C:\Windows\System\ExjvBxe.exe
  2⤵
  PID:4352
- C:\Windows\System\eLATnlu.exe
  C:\Windows\System\eLATnlu.exe
  2⤵
  PID:4584
- C:\Windows\System\JDdgTYv.exe
  C:\Windows\System\JDdgTYv.exe
  2⤵
  PID:4408
- C:\Windows\System\FFANrVt.exe
  C:\Windows\System\FFANrVt.exe
  2⤵
  PID:4480
- C:\Windows\System\IFyRpUM.exe
  C:\Windows\System\IFyRpUM.exe
  2⤵
  PID:4620
- C:\Windows\System\JZZywwQ.exe
  C:\Windows\System\JZZywwQ.exe
  2⤵
  PID:2332
- C:\Windows\System\AuQqqsJ.exe
  C:\Windows\System\AuQqqsJ.exe
  2⤵
  PID:4804
- C:\Windows\System\vgjKbeG.exe
  C:\Windows\System\vgjKbeG.exe
  2⤵
  PID:4872
- C:\Windows\System\WxVglCa.exe
  C:\Windows\System\WxVglCa.exe
  2⤵
  PID:4704
- C:\Windows\System\MMedhFo.exe
  C:\Windows\System\MMedhFo.exe
  2⤵
  PID:4908
- C:\Windows\System\VgvHcle.exe
  C:\Windows\System\VgvHcle.exe
  2⤵
  PID:4956
- C:\Windows\System\nApZDJk.exe
  C:\Windows\System\nApZDJk.exe
  2⤵
  PID:4860
- C:\Windows\System\JuPDnFk.exe
  C:\Windows\System\JuPDnFk.exe
  2⤵
  PID:5040
- C:\Windows\System\kUIaliB.exe
  C:\Windows\System\kUIaliB.exe
  2⤵
  PID:4000
- C:\Windows\System\CUcBCLm.exe
  C:\Windows\System\CUcBCLm.exe
  2⤵
  PID:5108
- C:\Windows\System\DxwsQdL.exe
  C:\Windows\System\DxwsQdL.exe
  2⤵
  PID:2260
- C:\Windows\System\PrXYadv.exe
  C:\Windows\System\PrXYadv.exe
  2⤵
  PID:3160
- C:\Windows\System\gIHkTlg.exe
  C:\Windows\System\gIHkTlg.exe
  2⤵
  PID:4020
- C:\Windows\System\IqOMFgV.exe
  C:\Windows\System\IqOMFgV.exe
  2⤵
  PID:3952
- C:\Windows\System\wdALXxY.exe
  C:\Windows\System\wdALXxY.exe
  2⤵
  PID:4184
- C:\Windows\System\cyAvYqr.exe
  C:\Windows\System\cyAvYqr.exe
  2⤵
  PID:2584
- C:\Windows\System\PzKgBQI.exe
  C:\Windows\System\PzKgBQI.exe
  2⤵
  PID:4308
- C:\Windows\System\PLCifVx.exe
  C:\Windows\System\PLCifVx.exe
  2⤵
  PID:4600
- C:\Windows\System\AxQDLqG.exe
  C:\Windows\System\AxQDLqG.exe
  2⤵
  PID:4504
- C:\Windows\System\KmZTuDL.exe
  C:\Windows\System\KmZTuDL.exe
  2⤵
  PID:4680
- C:\Windows\System\wuhmgQJ.exe
  C:\Windows\System\wuhmgQJ.exe
  2⤵
  PID:2596
- C:\Windows\System\KELDVnx.exe
  C:\Windows\System\KELDVnx.exe
  2⤵
  PID:4612
- C:\Windows\System\BfBacZV.exe
  C:\Windows\System\BfBacZV.exe
  2⤵
  PID:2664
- C:\Windows\System\fNONnOz.exe
  C:\Windows\System\fNONnOz.exe
  2⤵
  PID:4924
- C:\Windows\System\JmSdTuN.exe
  C:\Windows\System\JmSdTuN.exe
  2⤵
  PID:2760
- C:\Windows\System\Dsqodzj.exe
  C:\Windows\System\Dsqodzj.exe
  2⤵
  PID:2872
- C:\Windows\System\hitPypN.exe
  C:\Windows\System\hitPypN.exe
  2⤵
  PID:3544
- C:\Windows\System\UNIYfUX.exe
  C:\Windows\System\UNIYfUX.exe
  2⤵
  PID:4200
- C:\Windows\System\LqzWVHL.exe
  C:\Windows\System\LqzWVHL.exe
  2⤵
  PID:4276
- C:\Windows\System\DgOBjvc.exe
  C:\Windows\System\DgOBjvc.exe
  2⤵
  PID:4348
- C:\Windows\System\edLnwml.exe
  C:\Windows\System\edLnwml.exe
  2⤵
  PID:5132
- C:\Windows\System\yhtYbRS.exe
  C:\Windows\System\yhtYbRS.exe
  2⤵
  PID:5152
- C:\Windows\System\zwDLXza.exe
  C:\Windows\System\zwDLXza.exe
  2⤵
  PID:5172
- C:\Windows\System\bPyyIjc.exe
  C:\Windows\System\bPyyIjc.exe
  2⤵
  PID:5192
- C:\Windows\System\GMJcwCL.exe
  C:\Windows\System\GMJcwCL.exe
  2⤵
  PID:5212
- C:\Windows\System\xINVTFe.exe
  C:\Windows\System\xINVTFe.exe
  2⤵
  PID:5232
- C:\Windows\System\gDQWGLi.exe
  C:\Windows\System\gDQWGLi.exe
  2⤵
  PID:5252
- C:\Windows\System\YcJMSQb.exe
  C:\Windows\System\YcJMSQb.exe
  2⤵
  PID:5272
- C:\Windows\System\uYsIOSk.exe
  C:\Windows\System\uYsIOSk.exe
  2⤵
  PID:5292
- C:\Windows\System\ZSSiimb.exe
  C:\Windows\System\ZSSiimb.exe
  2⤵
  PID:5312
- C:\Windows\System\dOXXFWC.exe
  C:\Windows\System\dOXXFWC.exe
  2⤵
  PID:5332
- C:\Windows\System\njiiNXO.exe
  C:\Windows\System\njiiNXO.exe
  2⤵
  PID:5352
- C:\Windows\System\CBeiKTf.exe
  C:\Windows\System\CBeiKTf.exe
  2⤵
  PID:5372
- C:\Windows\System\YPfYCjy.exe
  C:\Windows\System\YPfYCjy.exe
  2⤵
  PID:5392
- C:\Windows\System\tnEIoch.exe
  C:\Windows\System\tnEIoch.exe
  2⤵
  PID:5412
- C:\Windows\System\tsEnMgw.exe
  C:\Windows\System\tsEnMgw.exe
  2⤵
  PID:5432
- C:\Windows\System\vKVLGmk.exe
  C:\Windows\System\vKVLGmk.exe
  2⤵
  PID:5452
- C:\Windows\System\EtozrTn.exe
  C:\Windows\System\EtozrTn.exe
  2⤵
  PID:5472
- C:\Windows\System\GXTXZcL.exe
  C:\Windows\System\GXTXZcL.exe
  2⤵
  PID:5492
- C:\Windows\System\KxbHNwh.exe
  C:\Windows\System\KxbHNwh.exe
  2⤵
  PID:5512
- C:\Windows\System\dHqdOft.exe
  C:\Windows\System\dHqdOft.exe
  2⤵
  PID:5532
- C:\Windows\System\LgawwiO.exe
  C:\Windows\System\LgawwiO.exe
  2⤵
  PID:5556
- C:\Windows\System\gFbyqbR.exe
  C:\Windows\System\gFbyqbR.exe
  2⤵
  PID:5576
- C:\Windows\System\UPdXfCI.exe
  C:\Windows\System\UPdXfCI.exe
  2⤵
  PID:5596
- C:\Windows\System\nyXpikn.exe
  C:\Windows\System\nyXpikn.exe
  2⤵
  PID:5616
- C:\Windows\System\kGVyAMc.exe
  C:\Windows\System\kGVyAMc.exe
  2⤵
  PID:5636
- C:\Windows\System\OKrnUGT.exe
  C:\Windows\System\OKrnUGT.exe
  2⤵
  PID:5656
- C:\Windows\System\SXaaPvP.exe
  C:\Windows\System\SXaaPvP.exe
  2⤵
  PID:5676
- C:\Windows\System\ZMCWxZh.exe
  C:\Windows\System\ZMCWxZh.exe
  2⤵
  PID:5696
- C:\Windows\System\ToSSURq.exe
  C:\Windows\System\ToSSURq.exe
  2⤵
  PID:5716
- C:\Windows\System\trVsxQI.exe
  C:\Windows\System\trVsxQI.exe
  2⤵
  PID:5736
- C:\Windows\System\vwUtKFq.exe
  C:\Windows\System\vwUtKFq.exe
  2⤵
  PID:5756
- C:\Windows\System\xnYNqsf.exe
  C:\Windows\System\xnYNqsf.exe
  2⤵
  PID:5776
- C:\Windows\System\WPFkLHt.exe
  C:\Windows\System\WPFkLHt.exe
  2⤵
  PID:5796
- C:\Windows\System\NwKNvRo.exe
  C:\Windows\System\NwKNvRo.exe
  2⤵
  PID:5816
- C:\Windows\System\cOpabSf.exe
  C:\Windows\System\cOpabSf.exe
  2⤵
  PID:5836
- C:\Windows\System\mIYjqtB.exe
  C:\Windows\System\mIYjqtB.exe
  2⤵
  PID:5856
- C:\Windows\System\MNeIXOT.exe
  C:\Windows\System\MNeIXOT.exe
  2⤵
  PID:5876
- C:\Windows\System\cTpxXKz.exe
  C:\Windows\System\cTpxXKz.exe
  2⤵
  PID:5896
- C:\Windows\System\FjYoEvh.exe
  C:\Windows\System\FjYoEvh.exe
  2⤵
  PID:5916
- C:\Windows\System\ogltRIo.exe
  C:\Windows\System\ogltRIo.exe
  2⤵
  PID:5936
- C:\Windows\System\hWhQynS.exe
  C:\Windows\System\hWhQynS.exe
  2⤵
  PID:5956
- C:\Windows\System\KjiVerI.exe
  C:\Windows\System\KjiVerI.exe
  2⤵
  PID:5976
- C:\Windows\System\dMBTiIb.exe
  C:\Windows\System\dMBTiIb.exe
  2⤵
  PID:5996
- C:\Windows\System\EGlTAlN.exe
  C:\Windows\System\EGlTAlN.exe
  2⤵
  PID:6016
- C:\Windows\System\OZOjKyo.exe
  C:\Windows\System\OZOjKyo.exe
  2⤵
  PID:6036
- C:\Windows\System\YxzEpSq.exe
  C:\Windows\System\YxzEpSq.exe
  2⤵
  PID:6056
- C:\Windows\System\VHEpTYC.exe
  C:\Windows\System\VHEpTYC.exe
  2⤵
  PID:6076
- C:\Windows\System\SumhpxA.exe
  C:\Windows\System\SumhpxA.exe
  2⤵
  PID:6096
- C:\Windows\System\vYMZjqf.exe
  C:\Windows\System\vYMZjqf.exe
  2⤵
  PID:6116
- C:\Windows\System\stGjljI.exe
  C:\Windows\System\stGjljI.exe
  2⤵
  PID:6136
- C:\Windows\System\gKzZzQd.exe
  C:\Windows\System\gKzZzQd.exe
  2⤵
  PID:4412
- C:\Windows\System\OWffBIj.exe
  C:\Windows\System\OWffBIj.exe
  2⤵
  PID:4508
- C:\Windows\System\bUproTv.exe
  C:\Windows\System\bUproTv.exe
  2⤵
  PID:4728
- C:\Windows\System\TNqPqTu.exe
  C:\Windows\System\TNqPqTu.exe
  2⤵
  PID:1504
- C:\Windows\System\SBrARir.exe
  C:\Windows\System\SBrARir.exe
  2⤵
  PID:4708
- C:\Windows\System\SGcEqHN.exe
  C:\Windows\System\SGcEqHN.exe
  2⤵
  PID:5072
- C:\Windows\System\byLkvPg.exe
  C:\Windows\System\byLkvPg.exe
  2⤵
  PID:2980
- C:\Windows\System\afGUAyM.exe
  C:\Windows\System\afGUAyM.exe
  2⤵
  PID:3168
- C:\Windows\System\xMlPUxS.exe
  C:\Windows\System\xMlPUxS.exe
  2⤵
  PID:4220
- C:\Windows\System\WhuLeuK.exe
  C:\Windows\System\WhuLeuK.exe
  2⤵
  PID:4324
- C:\Windows\System\agJuKca.exe
  C:\Windows\System\agJuKca.exe
  2⤵
  PID:5036
- C:\Windows\System\MdACmYq.exe
  C:\Windows\System\MdACmYq.exe
  2⤵
  PID:5164
- C:\Windows\System\JVvPSFV.exe
  C:\Windows\System\JVvPSFV.exe
  2⤵
  PID:5184
- C:\Windows\System\pHpXUKL.exe
  C:\Windows\System\pHpXUKL.exe
  2⤵
  PID:5220
- C:\Windows\System\MneYNWx.exe
  C:\Windows\System\MneYNWx.exe
  2⤵
  PID:5280
- C:\Windows\System\KPFpCao.exe
  C:\Windows\System\KPFpCao.exe
  2⤵
  PID:5324
- C:\Windows\System\dHfIkAT.exe
  C:\Windows\System\dHfIkAT.exe
  2⤵
  PID:5348
- C:\Windows\System\EcflqPo.exe
  C:\Windows\System\EcflqPo.exe
  2⤵
  PID:5380
- C:\Windows\System\zOuzjvL.exe
  C:\Windows\System\zOuzjvL.exe
  2⤵
  PID:5384
- C:\Windows\System\EUtrtpz.exe
  C:\Windows\System\EUtrtpz.exe
  2⤵
  PID:5440
- C:\Windows\System\pMlzZmK.exe
  C:\Windows\System\pMlzZmK.exe
  2⤵
  PID:5424
- C:\Windows\System\SGcvnka.exe
  C:\Windows\System\SGcvnka.exe
  2⤵
  PID:5460
- C:\Windows\System\rIZWIPy.exe
  C:\Windows\System\rIZWIPy.exe
  2⤵
  PID:5504
- C:\Windows\System\PaMcnJO.exe
  C:\Windows\System\PaMcnJO.exe
  2⤵
  PID:5572
- C:\Windows\System\ZUxhCGC.exe
  C:\Windows\System\ZUxhCGC.exe
  2⤵
  PID:5584
- C:\Windows\System\osHvUeZ.exe
  C:\Windows\System\osHvUeZ.exe
  2⤵
  PID:5608
- C:\Windows\System\TlvDOAx.exe
  C:\Windows\System\TlvDOAx.exe
  2⤵
  PID:5652
- C:\Windows\System\CSEOZlR.exe
  C:\Windows\System\CSEOZlR.exe
  2⤵
  PID:5684
- C:\Windows\System\wlyfVhw.exe
  C:\Windows\System\wlyfVhw.exe
  2⤵
  PID:5712
- C:\Windows\System\Jviltzc.exe
  C:\Windows\System\Jviltzc.exe
  2⤵
  PID:2768
- C:\Windows\System\zsemrLH.exe
  C:\Windows\System\zsemrLH.exe
  2⤵
  PID:5768
- C:\Windows\System\lwoyRjJ.exe
  C:\Windows\System\lwoyRjJ.exe
  2⤵
  PID:5788
- C:\Windows\System\OGBpDWC.exe
  C:\Windows\System\OGBpDWC.exe
  2⤵
  PID:5852
- C:\Windows\System\GcGxPak.exe
  C:\Windows\System\GcGxPak.exe
  2⤵
  PID:5884
- C:\Windows\System\dAFGvQK.exe
  C:\Windows\System\dAFGvQK.exe
  2⤵
  PID:5924
- C:\Windows\System\XYqZYzJ.exe
  C:\Windows\System\XYqZYzJ.exe
  2⤵
  PID:5928
- C:\Windows\System\lOxaljS.exe
  C:\Windows\System\lOxaljS.exe
  2⤵
  PID:2708
- C:\Windows\System\aEmHXZw.exe
  C:\Windows\System\aEmHXZw.exe
  2⤵
  PID:5992
- C:\Windows\System\StnoDkf.exe
  C:\Windows\System\StnoDkf.exe
  2⤵
  PID:6032
- C:\Windows\System\AAykuyK.exe
  C:\Windows\System\AAykuyK.exe
  2⤵
  PID:5552
- C:\Windows\System\rgnXHjF.exe
  C:\Windows\System\rgnXHjF.exe
  2⤵
  PID:6092
- C:\Windows\System\eptwLgP.exe
  C:\Windows\System\eptwLgP.exe
  2⤵
  PID:6112
- C:\Windows\System\fvIQWtf.exe
  C:\Windows\System\fvIQWtf.exe
  2⤵
  PID:4424
- C:\Windows\System\dtTrUBR.exe
  C:\Windows\System\dtTrUBR.exe
  2⤵
  PID:4768
- C:\Windows\System\TQbycAR.exe
  C:\Windows\System\TQbycAR.exe
  2⤵
  PID:2000
- C:\Windows\System\XCMivto.exe
  C:\Windows\System\XCMivto.exe
  2⤵
  PID:4992
- C:\Windows\System\gRlduhk.exe
  C:\Windows\System\gRlduhk.exe
  2⤵
  PID:2984
- C:\Windows\System\jGNzKYN.exe
  C:\Windows\System\jGNzKYN.exe
  2⤵
  PID:2300
- C:\Windows\System\LgOfaCv.exe
  C:\Windows\System\LgOfaCv.exe
  2⤵
  PID:5168
- C:\Windows\System\QEvYgaw.exe
  C:\Windows\System\QEvYgaw.exe
  2⤵
  PID:5188
- C:\Windows\System\TFaUcSg.exe
  C:\Windows\System\TFaUcSg.exe
  2⤵
  PID:5224
- C:\Windows\System\PQwjzrg.exe
  C:\Windows\System\PQwjzrg.exe
  2⤵
  PID:5320
- C:\Windows\System\HKgBczg.exe
  C:\Windows\System\HKgBczg.exe
  2⤵
  PID:5344
- C:\Windows\System\WsdnYma.exe
  C:\Windows\System\WsdnYma.exe
  2⤵
  PID:5404
- C:\Windows\System\ZbsrovK.exe
  C:\Windows\System\ZbsrovK.exe
  2⤵
  PID:5420
- C:\Windows\System\pQyoegA.exe
  C:\Windows\System\pQyoegA.exe
  2⤵
  PID:5508
- C:\Windows\System\jSSAoEa.exe
  C:\Windows\System\jSSAoEa.exe
  2⤵
  PID:5588
- C:\Windows\System\OrZSbyT.exe
  C:\Windows\System\OrZSbyT.exe
  2⤵
  PID:5632
- C:\Windows\System\HjjzKId.exe
  C:\Windows\System\HjjzKId.exe
  2⤵
  PID:5672
- C:\Windows\System\XurORaq.exe
  C:\Windows\System\XurORaq.exe
  2⤵
  PID:5688
- C:\Windows\System\fgsBcqs.exe
  C:\Windows\System\fgsBcqs.exe
  2⤵
  PID:5772
- C:\Windows\System\YNQUZEE.exe
  C:\Windows\System\YNQUZEE.exe
  2⤵
  PID:5808
- C:\Windows\System\mkwGkIT.exe
  C:\Windows\System\mkwGkIT.exe
  2⤵
  PID:5888
- C:\Windows\System\iidyhYK.exe
  C:\Windows\System\iidyhYK.exe
  2⤵
  PID:5868
- C:\Windows\System\KSpngNb.exe
  C:\Windows\System\KSpngNb.exe
  2⤵
  PID:5948
- C:\Windows\System\ymcTaEB.exe
  C:\Windows\System\ymcTaEB.exe
  2⤵
  PID:6008
- C:\Windows\System\NNAIlok.exe
  C:\Windows\System\NNAIlok.exe
  2⤵
  PID:6104
- C:\Windows\System\NtTXJBW.exe
  C:\Windows\System\NtTXJBW.exe
  2⤵
  PID:3212
- C:\Windows\System\EdOsaWu.exe
  C:\Windows\System\EdOsaWu.exe
  2⤵
  PID:4676
- C:\Windows\System\fHoxJwP.exe
  C:\Windows\System\fHoxJwP.exe
  2⤵
  PID:4784
- C:\Windows\System\vnGKtyo.exe
  C:\Windows\System\vnGKtyo.exe
  2⤵
  PID:3432
- C:\Windows\System\hGpngkb.exe
  C:\Windows\System\hGpngkb.exe
  2⤵
  PID:4228
- C:\Windows\System\idMFljQ.exe
  C:\Windows\System\idMFljQ.exe
  2⤵
  PID:5124
- C:\Windows\System\DoUGJjg.exe
  C:\Windows\System\DoUGJjg.exe
  2⤵
  PID:5328
- C:\Windows\System\xmkdhhR.exe
  C:\Windows\System\xmkdhhR.exe
  2⤵
  PID:1096
- C:\Windows\System\eBlAUyB.exe
  C:\Windows\System\eBlAUyB.exe
  2⤵
  PID:5428
- C:\Windows\System\XADkMEj.exe
  C:\Windows\System\XADkMEj.exe
  2⤵
  PID:5500
- C:\Windows\System\ADkyRJX.exe
  C:\Windows\System\ADkyRJX.exe
  2⤵
  PID:5544
- C:\Windows\System\mlwGlGb.exe
  C:\Windows\System\mlwGlGb.exe
  2⤵
  PID:5704
- C:\Windows\System\aAlPxZj.exe
  C:\Windows\System\aAlPxZj.exe
  2⤵
  PID:5792
- C:\Windows\System\GLhxxUZ.exe
  C:\Windows\System\GLhxxUZ.exe
  2⤵
  PID:5824
- C:\Windows\System\RvMSEoG.exe
  C:\Windows\System\RvMSEoG.exe
  2⤵
  PID:5908
- C:\Windows\System\rTmOeGp.exe
  C:\Windows\System\rTmOeGp.exe
  2⤵
  PID:6024
- C:\Windows\System\jhyKyzY.exe
  C:\Windows\System\jhyKyzY.exe
  2⤵
  PID:6072
- C:\Windows\System\ocoiDMd.exe
  C:\Windows\System\ocoiDMd.exe
  2⤵
  PID:4496
- C:\Windows\System\kVxpkCK.exe
  C:\Windows\System\kVxpkCK.exe
  2⤵
  PID:4616
- C:\Windows\System\UIYUgrr.exe
  C:\Windows\System\UIYUgrr.exe
  2⤵
  PID:2564
- C:\Windows\System\XtYFGxP.exe
  C:\Windows\System\XtYFGxP.exe
  2⤵
  PID:5260
- C:\Windows\System\nCxfETk.exe
  C:\Windows\System\nCxfETk.exe
  2⤵
  PID:5304
- C:\Windows\System\POilhhw.exe
  C:\Windows\System\POilhhw.exe
  2⤵
  PID:5484
- C:\Windows\System\WvKLKDs.exe
  C:\Windows\System\WvKLKDs.exe
  2⤵
  PID:5540
- C:\Windows\System\raNTgVL.exe
  C:\Windows\System\raNTgVL.exe
  2⤵
  PID:5752
- C:\Windows\System\OtoQKrE.exe
  C:\Windows\System\OtoQKrE.exe
  2⤵
  PID:2736
- C:\Windows\System\SmXduUj.exe
  C:\Windows\System\SmXduUj.exe
  2⤵
  PID:5984
- C:\Windows\System\ywUItDe.exe
  C:\Windows\System\ywUItDe.exe
  2⤵
  PID:6052
- C:\Windows\System\yxoeAoh.exe
  C:\Windows\System\yxoeAoh.exe
  2⤵
  PID:6128
- C:\Windows\System\RlQuLbG.exe
  C:\Windows\System\RlQuLbG.exe
  2⤵
  PID:2832
- C:\Windows\System\lTcNsLY.exe
  C:\Windows\System\lTcNsLY.exe
  2⤵
  PID:5368
- C:\Windows\System\EzLkGTT.exe
  C:\Windows\System\EzLkGTT.exe
  2⤵
  PID:6156
- C:\Windows\System\xtNlYLd.exe
  C:\Windows\System\xtNlYLd.exe
  2⤵
  PID:6176
- C:\Windows\System\nHGwfiV.exe
  C:\Windows\System\nHGwfiV.exe
  2⤵
  PID:6196
- C:\Windows\System\tfajxyP.exe
  C:\Windows\System\tfajxyP.exe
  2⤵
  PID:6216
- C:\Windows\System\PRGxbro.exe
  C:\Windows\System\PRGxbro.exe
  2⤵
  PID:6236
- C:\Windows\System\XhxNFqm.exe
  C:\Windows\System\XhxNFqm.exe
  2⤵
  PID:6256
- C:\Windows\System\spdalOq.exe
  C:\Windows\System\spdalOq.exe
  2⤵
  PID:6276
- C:\Windows\System\VtHNAMl.exe
  C:\Windows\System\VtHNAMl.exe
  2⤵
  PID:6296
- C:\Windows\System\JBdnZHo.exe
  C:\Windows\System\JBdnZHo.exe
  2⤵
  PID:6316
- C:\Windows\System\AzhVRSZ.exe
  C:\Windows\System\AzhVRSZ.exe
  2⤵
  PID:6336
- C:\Windows\System\BgQsJDu.exe
  C:\Windows\System\BgQsJDu.exe
  2⤵
  PID:6356
- C:\Windows\System\euKGdOb.exe
  C:\Windows\System\euKGdOb.exe
  2⤵
  PID:6376
- C:\Windows\System\aoxUPjx.exe
  C:\Windows\System\aoxUPjx.exe
  2⤵
  PID:6396
- C:\Windows\System\HvPFBsf.exe
  C:\Windows\System\HvPFBsf.exe
  2⤵
  PID:6416
- C:\Windows\System\SDQqeeW.exe
  C:\Windows\System\SDQqeeW.exe
  2⤵
  PID:6436
- C:\Windows\System\PaVWqQM.exe
  C:\Windows\System\PaVWqQM.exe
  2⤵
  PID:6456
- C:\Windows\System\nDxxlYu.exe
  C:\Windows\System\nDxxlYu.exe
  2⤵
  PID:6476
- C:\Windows\System\nmQbtKk.exe
  C:\Windows\System\nmQbtKk.exe
  2⤵
  PID:6496
- C:\Windows\System\jXaRMEo.exe
  C:\Windows\System\jXaRMEo.exe
  2⤵
  PID:6516
- C:\Windows\System\uWKQBEk.exe
  C:\Windows\System\uWKQBEk.exe
  2⤵
  PID:6536
- C:\Windows\System\diQRPPZ.exe
  C:\Windows\System\diQRPPZ.exe
  2⤵
  PID:6556
- C:\Windows\System\WxFLaHZ.exe
  C:\Windows\System\WxFLaHZ.exe
  2⤵
  PID:6576
- C:\Windows\System\RlMWLLP.exe
  C:\Windows\System\RlMWLLP.exe
  2⤵
  PID:6596
- C:\Windows\System\yyIiyYy.exe
  C:\Windows\System\yyIiyYy.exe
  2⤵
  PID:6616
- C:\Windows\System\VUsnRKm.exe
  C:\Windows\System\VUsnRKm.exe
  2⤵
  PID:6636
- C:\Windows\System\yFsmedC.exe
  C:\Windows\System\yFsmedC.exe
  2⤵
  PID:6656
- C:\Windows\System\AgOuINf.exe
  C:\Windows\System\AgOuINf.exe
  2⤵
  PID:6676
- C:\Windows\System\FMEVPbi.exe
  C:\Windows\System\FMEVPbi.exe
  2⤵
  PID:6696
- C:\Windows\System\RVMNuFV.exe
  C:\Windows\System\RVMNuFV.exe
  2⤵
  PID:6716
- C:\Windows\System\WOulQRj.exe
  C:\Windows\System\WOulQRj.exe
  2⤵
  PID:6736
- C:\Windows\System\zXAHquT.exe
  C:\Windows\System\zXAHquT.exe
  2⤵
  PID:6756
- C:\Windows\System\jOPLzdb.exe
  C:\Windows\System\jOPLzdb.exe
  2⤵
  PID:6776
- C:\Windows\System\lSxUiKZ.exe
  C:\Windows\System\lSxUiKZ.exe
  2⤵
  PID:6796
- C:\Windows\System\PKtEiKB.exe
  C:\Windows\System\PKtEiKB.exe
  2⤵
  PID:6816
- C:\Windows\System\HUvRxXF.exe
  C:\Windows\System\HUvRxXF.exe
  2⤵
  PID:6836
- C:\Windows\System\bNoQGco.exe
  C:\Windows\System\bNoQGco.exe
  2⤵
  PID:6856
- C:\Windows\System\iuUqstb.exe
  C:\Windows\System\iuUqstb.exe
  2⤵
  PID:6876
- C:\Windows\System\hhCisEH.exe
  C:\Windows\System\hhCisEH.exe
  2⤵
  PID:6896
- C:\Windows\System\vzQNAMw.exe
  C:\Windows\System\vzQNAMw.exe
  2⤵
  PID:6916
- C:\Windows\System\HhGpwdS.exe
  C:\Windows\System\HhGpwdS.exe
  2⤵
  PID:6936
- C:\Windows\System\KkKAvTd.exe
  C:\Windows\System\KkKAvTd.exe
  2⤵
  PID:6956
- C:\Windows\System\ySsdoGW.exe
  C:\Windows\System\ySsdoGW.exe
  2⤵
  PID:6980
- C:\Windows\System\gDpqBgl.exe
  C:\Windows\System\gDpqBgl.exe
  2⤵
  PID:7000
- C:\Windows\System\mAYvoIJ.exe
  C:\Windows\System\mAYvoIJ.exe
  2⤵
  PID:7020
- C:\Windows\System\kRLKfRc.exe
  C:\Windows\System\kRLKfRc.exe
  2⤵
  PID:7040
- C:\Windows\System\QBIpXSb.exe
  C:\Windows\System\QBIpXSb.exe
  2⤵
  PID:7060
- C:\Windows\System\vYjzgAt.exe
  C:\Windows\System\vYjzgAt.exe
  2⤵
  PID:7080
- C:\Windows\System\ntvDCCI.exe
  C:\Windows\System\ntvDCCI.exe
  2⤵
  PID:7100
- C:\Windows\System\wvgMtaD.exe
  C:\Windows\System\wvgMtaD.exe
  2⤵
  PID:7116
- C:\Windows\System\qvobUQH.exe
  C:\Windows\System\qvobUQH.exe
  2⤵
  PID:7140
- C:\Windows\System\QXiMlLG.exe
  C:\Windows\System\QXiMlLG.exe
  2⤵
  PID:7156
- C:\Windows\System\fBiYAjk.exe
  C:\Windows\System\fBiYAjk.exe
  2⤵
  PID:2224
- C:\Windows\System\mNYoiro.exe
  C:\Windows\System\mNYoiro.exe
  2⤵
  PID:5848
- C:\Windows\System\xIqGInM.exe
  C:\Windows\System\xIqGInM.exe
  2⤵
  PID:2988
- C:\Windows\System\FKJiYnR.exe
  C:\Windows\System\FKJiYnR.exe
  2⤵
  PID:5604
- C:\Windows\System\wTYuOGf.exe
  C:\Windows\System\wTYuOGf.exe
  2⤵
  PID:2544
- C:\Windows\System\cnEvZKk.exe
  C:\Windows\System\cnEvZKk.exe
  2⤵
  PID:6148
- C:\Windows\System\sDavEUL.exe
  C:\Windows\System\sDavEUL.exe
  2⤵
  PID:6192
- C:\Windows\System\xJjgCqA.exe
  C:\Windows\System\xJjgCqA.exe
  2⤵
  PID:6224
- C:\Windows\System\nCwzYos.exe
  C:\Windows\System\nCwzYos.exe
  2⤵
  PID:6244
- C:\Windows\System\oJTkIqQ.exe
  C:\Windows\System\oJTkIqQ.exe
  2⤵
  PID:6268
- C:\Windows\System\NZrNTKZ.exe
  C:\Windows\System\NZrNTKZ.exe
  2⤵
  PID:6324
- C:\Windows\System\IFjxZTU.exe
  C:\Windows\System\IFjxZTU.exe
  2⤵
  PID:6328
- C:\Windows\System\BelFNQV.exe
  C:\Windows\System\BelFNQV.exe
  2⤵
  PID:6368
- C:\Windows\System\hBwPlrQ.exe
  C:\Windows\System\hBwPlrQ.exe
  2⤵
  PID:4820
- C:\Windows\System\XyOkGBW.exe
  C:\Windows\System\XyOkGBW.exe
  2⤵
  PID:6444
- C:\Windows\System\DYrrtNl.exe
  C:\Windows\System\DYrrtNl.exe
  2⤵
  PID:6484
- C:\Windows\System\bbndpeW.exe
  C:\Windows\System\bbndpeW.exe
  2⤵
  PID:6488
- C:\Windows\System\QeloZpY.exe
  C:\Windows\System\QeloZpY.exe
  2⤵
  PID:6528
- C:\Windows\System\ZVFiXYu.exe
  C:\Windows\System\ZVFiXYu.exe
  2⤵
  PID:6548
- C:\Windows\System\dAjrswG.exe
  C:\Windows\System\dAjrswG.exe
  2⤵
  PID:2720
- C:\Windows\System\RUMnFFb.exe
  C:\Windows\System\RUMnFFb.exe
  2⤵
  PID:6588
- C:\Windows\System\ZWwaTOT.exe
  C:\Windows\System\ZWwaTOT.exe
  2⤵
  PID:6632
- C:\Windows\System\SrjJPZn.exe
  C:\Windows\System\SrjJPZn.exe
  2⤵
  PID:6664
- C:\Windows\System\MSvSfEy.exe
  C:\Windows\System\MSvSfEy.exe
  2⤵
  PID:6672
- C:\Windows\System\QHzctCN.exe
  C:\Windows\System\QHzctCN.exe
  2⤵
  PID:6708
- C:\Windows\System\fJeNikB.exe
  C:\Windows\System\fJeNikB.exe
  2⤵
  PID:6744
- C:\Windows\System\EzvQftp.exe
  C:\Windows\System\EzvQftp.exe
  2⤵
  PID:6768
- C:\Windows\System\BjyEEJY.exe
  C:\Windows\System\BjyEEJY.exe
  2⤵
  PID:6808
- C:\Windows\System\kMGncHF.exe
  C:\Windows\System\kMGncHF.exe
  2⤵
  PID:6844
- C:\Windows\System\WNypGuw.exe
  C:\Windows\System\WNypGuw.exe
  2⤵
  PID:2672
- C:\Windows\System\tdgdgYe.exe
  C:\Windows\System\tdgdgYe.exe
  2⤵
  PID:6872
- C:\Windows\System\wHIGYaZ.exe
  C:\Windows\System\wHIGYaZ.exe
  2⤵
  PID:6912
- C:\Windows\System\bAgGHEv.exe
  C:\Windows\System\bAgGHEv.exe
  2⤵
  PID:6944
- C:\Windows\System\YNNUfir.exe
  C:\Windows\System\YNNUfir.exe
  2⤵
  PID:6948
- C:\Windows\System\ZJCWmPr.exe
  C:\Windows\System\ZJCWmPr.exe
  2⤵
  PID:6996
- C:\Windows\System\bVnnwlY.exe
  C:\Windows\System\bVnnwlY.exe
  2⤵
  PID:7052
- C:\Windows\System\INFOdzu.exe
  C:\Windows\System\INFOdzu.exe
  2⤵
  PID:7096
- C:\Windows\System\SojnsbJ.exe
  C:\Windows\System\SojnsbJ.exe
  2⤵
  PID:572
- C:\Windows\System\BBygxIM.exe
  C:\Windows\System\BBygxIM.exe
  2⤵
  PID:7112
- C:\Windows\System\pLbvowa.exe
  C:\Windows\System\pLbvowa.exe
  2⤵
  PID:7148
- C:\Windows\System\ukQUeRW.exe
  C:\Windows\System\ukQUeRW.exe
  2⤵
  PID:5732
- C:\Windows\System\vmtBuyK.exe
  C:\Windows\System\vmtBuyK.exe
  2⤵
  PID:5968
- C:\Windows\System\LJOVLHN.exe
  C:\Windows\System\LJOVLHN.exe
  2⤵
  PID:2404
- C:\Windows\System\ASMhTmb.exe
  C:\Windows\System\ASMhTmb.exe
  2⤵
  PID:4760
- C:\Windows\System\ScqLDMa.exe
  C:\Windows\System\ScqLDMa.exe
  2⤵
  PID:2184
- C:\Windows\System\XFFlaIy.exe
  C:\Windows\System\XFFlaIy.exe
  2⤵
  PID:2312
- C:\Windows\System\FtLIgmi.exe
  C:\Windows\System\FtLIgmi.exe
  2⤵
  PID:6212
- C:\Windows\System\jufuthN.exe
  C:\Windows\System\jufuthN.exe
  2⤵
  PID:6248
- C:\Windows\System\cIRtdnw.exe
  C:\Windows\System\cIRtdnw.exe
  2⤵
  PID:6332
- C:\Windows\System\RxMMNec.exe
  C:\Windows\System\RxMMNec.exe
  2⤵
  PID:6392
- C:\Windows\System\PPeVcEb.exe
  C:\Windows\System\PPeVcEb.exe
  2⤵
  PID:6448
- C:\Windows\System\zuFzkQT.exe
  C:\Windows\System\zuFzkQT.exe
  2⤵
  PID:6524
- C:\Windows\System\QhixHVg.exe
  C:\Windows\System\QhixHVg.exe
  2⤵
  PID:6512
- C:\Windows\System\VtjjIuJ.exe
  C:\Windows\System\VtjjIuJ.exe
  2⤵
  PID:6612
- C:\Windows\System\TQfAltB.exe
  C:\Windows\System\TQfAltB.exe
  2⤵
  PID:6652
- C:\Windows\System\utKgqZN.exe
  C:\Windows\System\utKgqZN.exe
  2⤵
  PID:2888
- C:\Windows\System\YVoaBxK.exe
  C:\Windows\System\YVoaBxK.exe
  2⤵
  PID:1708
- C:\Windows\System\pOmpqoA.exe
  C:\Windows\System\pOmpqoA.exe
  2⤵
  PID:6772
- C:\Windows\System\opeYxPg.exe
  C:\Windows\System\opeYxPg.exe
  2⤵
  PID:6752
- C:\Windows\System\EzFMheM.exe
  C:\Windows\System\EzFMheM.exe
  2⤵
  PID:6812
- C:\Windows\System\OGFtTeX.exe
  C:\Windows\System\OGFtTeX.exe
  2⤵
  PID:6848
- C:\Windows\System\fGYvfwe.exe
  C:\Windows\System\fGYvfwe.exe
  2⤵
  PID:6932
- C:\Windows\System\hbbigkt.exe
  C:\Windows\System\hbbigkt.exe
  2⤵
  PID:7016
- C:\Windows\System\PhTUygX.exe
  C:\Windows\System\PhTUygX.exe
  2⤵
  PID:7068
- C:\Windows\System\tugZdnZ.exe
  C:\Windows\System\tugZdnZ.exe
  2⤵
  PID:5564
- C:\Windows\System\rHhPpFr.exe
  C:\Windows\System\rHhPpFr.exe
  2⤵
  PID:5548
- C:\Windows\System\cxvjGNm.exe
  C:\Windows\System\cxvjGNm.exe
  2⤵
  PID:2992
- C:\Windows\System\KGOkSvE.exe
  C:\Windows\System\KGOkSvE.exe
  2⤵
  PID:4428
- C:\Windows\System\aAJsPcX.exe
  C:\Windows\System\aAJsPcX.exe
  2⤵
  PID:1572
- C:\Windows\System\HGErbzU.exe
  C:\Windows\System\HGErbzU.exe
  2⤵
  PID:6228
- C:\Windows\System\IycAear.exe
  C:\Windows\System\IycAear.exe
  2⤵
  PID:3020
- C:\Windows\System\dLilqfe.exe
  C:\Windows\System\dLilqfe.exe
  2⤵
  PID:6552
- C:\Windows\System\YPXkcEs.exe
  C:\Windows\System\YPXkcEs.exe
  2⤵
  PID:6292
- C:\Windows\System\GkvqdgU.exe
  C:\Windows\System\GkvqdgU.exe
  2⤵
  PID:6724
- C:\Windows\System\ZvIFGFR.exe
  C:\Windows\System\ZvIFGFR.exe
  2⤵
  PID:988
- C:\Windows\System\GObygmo.exe
  C:\Windows\System\GObygmo.exe
  2⤵
  PID:6748
- C:\Windows\System\DotRxXK.exe
  C:\Windows\System\DotRxXK.exe
  2⤵
  PID:2772
- C:\Windows\System\neDKTZS.exe
  C:\Windows\System\neDKTZS.exe
  2⤵
  PID:6648
- C:\Windows\System\dFXNdPX.exe
  C:\Windows\System\dFXNdPX.exe
  2⤵
  PID:6728
- C:\Windows\System\kgKSaKN.exe
  C:\Windows\System\kgKSaKN.exe
  2⤵
  PID:6864
- C:\Windows\System\VNAtatD.exe
  C:\Windows\System\VNAtatD.exe
  2⤵
  PID:6968
- C:\Windows\System\RohtNOn.exe
  C:\Windows\System\RohtNOn.exe
  2⤵
  PID:7136
- C:\Windows\System\XJpvgrT.exe
  C:\Windows\System\XJpvgrT.exe
  2⤵
  PID:6264
- C:\Windows\System\dsyWNGE.exe
  C:\Windows\System\dsyWNGE.exe
  2⤵
  PID:5160
- C:\Windows\System\TezEtzq.exe
  C:\Windows\System\TezEtzq.exe
  2⤵
  PID:2476
- C:\Windows\System\WfWpMGt.exe
  C:\Windows\System\WfWpMGt.exe
  2⤵
  PID:2964
- C:\Windows\System\ZnKuYYQ.exe
  C:\Windows\System\ZnKuYYQ.exe
  2⤵
  PID:868
- C:\Windows\System\xXqMoho.exe
  C:\Windows\System\xXqMoho.exe
  2⤵
  PID:6692
- C:\Windows\System\eiKQXlx.exe
  C:\Windows\System\eiKQXlx.exe
  2⤵
  PID:1376
- C:\Windows\System\UqYNOEs.exe
  C:\Windows\System\UqYNOEs.exe
  2⤵
  PID:6788
- C:\Windows\System\iDSKNYY.exe
  C:\Windows\System\iDSKNYY.exe
  2⤵
  PID:7012
- C:\Windows\System\gINnPHo.exe
  C:\Windows\System\gINnPHo.exe
  2⤵
  PID:7172
- C:\Windows\System\CsFMhHn.exe
  C:\Windows\System\CsFMhHn.exe
  2⤵
  PID:7188
- C:\Windows\System\xmmKWOn.exe
  C:\Windows\System\xmmKWOn.exe
  2⤵
  PID:7204
- C:\Windows\System\cZxVouT.exe
  C:\Windows\System\cZxVouT.exe
  2⤵
  PID:7220
- C:\Windows\System\jHHUPxu.exe
  C:\Windows\System\jHHUPxu.exe
  2⤵
  PID:7236
- C:\Windows\System\SEKODMi.exe
  C:\Windows\System\SEKODMi.exe
  2⤵
  PID:7252
- C:\Windows\System\WBeZNoz.exe
  C:\Windows\System\WBeZNoz.exe
  2⤵
  PID:7268
- C:\Windows\System\RgeVStB.exe
  C:\Windows\System\RgeVStB.exe
  2⤵
  PID:7284
- C:\Windows\System\EWCtqiL.exe
  C:\Windows\System\EWCtqiL.exe
  2⤵
  PID:7300
- C:\Windows\System\zTZxLQa.exe
  C:\Windows\System\zTZxLQa.exe
  2⤵
  PID:7316
- C:\Windows\System\znIHWEI.exe
  C:\Windows\System\znIHWEI.exe
  2⤵
  PID:7332
- C:\Windows\System\nmFFySc.exe
  C:\Windows\System\nmFFySc.exe
  2⤵
  PID:7348
- C:\Windows\System\JxLcABN.exe
  C:\Windows\System\JxLcABN.exe
  2⤵
  PID:7364
- C:\Windows\System\TClCzdx.exe
  C:\Windows\System\TClCzdx.exe
  2⤵
  PID:7384
- C:\Windows\System\FFbcECl.exe
  C:\Windows\System\FFbcECl.exe
  2⤵
  PID:7400
- C:\Windows\System\iHdcifI.exe
  C:\Windows\System\iHdcifI.exe
  2⤵
  PID:7416
- C:\Windows\System\cZgpgUd.exe
  C:\Windows\System\cZgpgUd.exe
  2⤵
  PID:7432
- C:\Windows\System\neDILra.exe
  C:\Windows\System\neDILra.exe
  2⤵
  PID:7448
- C:\Windows\System\OYjGDVE.exe
  C:\Windows\System\OYjGDVE.exe
  2⤵
  PID:7464
- C:\Windows\System\OALOodB.exe
  C:\Windows\System\OALOodB.exe
  2⤵
  PID:7480
- C:\Windows\System\eQZMwNV.exe
  C:\Windows\System\eQZMwNV.exe
  2⤵
  PID:7496
- C:\Windows\System\novgRCi.exe
  C:\Windows\System\novgRCi.exe
  2⤵
  PID:7512
- C:\Windows\System\sqgAkno.exe
  C:\Windows\System\sqgAkno.exe
  2⤵
  PID:7528
- C:\Windows\System\WoVlLFh.exe
  C:\Windows\System\WoVlLFh.exe
  2⤵
  PID:7544
- C:\Windows\System\bGXMKrx.exe
  C:\Windows\System\bGXMKrx.exe
  2⤵
  PID:7560
- C:\Windows\System\OJsxZCs.exe
  C:\Windows\System\OJsxZCs.exe
  2⤵
  PID:7576
- C:\Windows\System\lEmeOjq.exe
  C:\Windows\System\lEmeOjq.exe
  2⤵
  PID:7744
- C:\Windows\System\HwOUUfT.exe
  C:\Windows\System\HwOUUfT.exe
  2⤵
  PID:7768
- C:\Windows\System\uWqqLPc.exe
  C:\Windows\System\uWqqLPc.exe
  2⤵
  PID:7788
- C:\Windows\System\doRzDSG.exe
  C:\Windows\System\doRzDSG.exe
  2⤵
  PID:7808
- C:\Windows\System\OwqNfpS.exe
  C:\Windows\System\OwqNfpS.exe
  2⤵
  PID:7824
- C:\Windows\System\mMOaieV.exe
  C:\Windows\System\mMOaieV.exe
  2⤵
  PID:7840
- C:\Windows\System\MTAvPch.exe
  C:\Windows\System\MTAvPch.exe
  2⤵
  PID:7856
- C:\Windows\System\DqaOwaX.exe
  C:\Windows\System\DqaOwaX.exe
  2⤵
  PID:7872
- C:\Windows\System\AdzSNup.exe
  C:\Windows\System\AdzSNup.exe
  2⤵
  PID:7888
- C:\Windows\System\HcGPVTZ.exe
  C:\Windows\System\HcGPVTZ.exe
  2⤵
  PID:7904
- C:\Windows\System\KGGvnZo.exe
  C:\Windows\System\KGGvnZo.exe
  2⤵
  PID:7920
- C:\Windows\System\zhfJoKJ.exe
  C:\Windows\System\zhfJoKJ.exe
  2⤵
  PID:7936
- C:\Windows\System\PKGfCfg.exe
  C:\Windows\System\PKGfCfg.exe
  2⤵
  PID:7952
- C:\Windows\System\FWSJvJk.exe
  C:\Windows\System\FWSJvJk.exe
  2⤵
  PID:7968
- C:\Windows\System\bUErtCz.exe
  C:\Windows\System\bUErtCz.exe
  2⤵
  PID:8032
- C:\Windows\System\SzoKjTc.exe
  C:\Windows\System\SzoKjTc.exe
  2⤵
  PID:8048
- C:\Windows\System\LljvlVG.exe
  C:\Windows\System\LljvlVG.exe
  2⤵
  PID:8064
- C:\Windows\System\YWnjZbt.exe
  C:\Windows\System\YWnjZbt.exe
  2⤵
  PID:8080
- C:\Windows\System\IBjSCIQ.exe
  C:\Windows\System\IBjSCIQ.exe
  2⤵
  PID:8096
- C:\Windows\System\hhqiqCG.exe
  C:\Windows\System\hhqiqCG.exe
  2⤵
  PID:8112
- C:\Windows\System\wPzmjSu.exe
  C:\Windows\System\wPzmjSu.exe
  2⤵
  PID:8128
- C:\Windows\System\rpAgttv.exe
  C:\Windows\System\rpAgttv.exe
  2⤵
  PID:8144
- C:\Windows\System\pgnSJog.exe
  C:\Windows\System\pgnSJog.exe
  2⤵
  PID:8164
- C:\Windows\System\CJXCNjY.exe
  C:\Windows\System\CJXCNjY.exe
  2⤵
  PID:8184
- C:\Windows\System\XudhpEd.exe
  C:\Windows\System\XudhpEd.exe
  2⤵
  PID:1512
- C:\Windows\System\uhEDKkR.exe
  C:\Windows\System\uhEDKkR.exe
  2⤵
  PID:5128
- C:\Windows\System\kqcODoK.exe
  C:\Windows\System\kqcODoK.exe
  2⤵
  PID:6704
- C:\Windows\System\bryrVnO.exe
  C:\Windows\System\bryrVnO.exe
  2⤵
  PID:7072
- C:\Windows\System\aXpQmCA.exe
  C:\Windows\System\aXpQmCA.exe
  2⤵
  PID:568
- C:\Windows\System\InrFlTZ.exe
  C:\Windows\System\InrFlTZ.exe
  2⤵
  PID:2976
- C:\Windows\System\RtqPUeZ.exe
  C:\Windows\System\RtqPUeZ.exe
  2⤵
  PID:7212
- C:\Windows\System\mzhSOOu.exe
  C:\Windows\System\mzhSOOu.exe
  2⤵
  PID:7276
- C:\Windows\System\GmGkhfR.exe
  C:\Windows\System\GmGkhfR.exe
  2⤵
  PID:7340
- C:\Windows\System\yxeKGKL.exe
  C:\Windows\System\yxeKGKL.exe
  2⤵
  PID:7328
- C:\Windows\System\gAeKgce.exe
  C:\Windows\System\gAeKgce.exe
  2⤵
  PID:1664
- C:\Windows\System\DtJquvI.exe
  C:\Windows\System\DtJquvI.exe
  2⤵
  PID:1944
- C:\Windows\System\NtuCwDh.exe
  C:\Windows\System\NtuCwDh.exe
  2⤵
  PID:7228
- C:\Windows\System\fZQBSrj.exe
  C:\Windows\System\fZQBSrj.exe
  2⤵
  PID:7472
- C:\Windows\System\qXAxZkP.exe
  C:\Windows\System\qXAxZkP.exe
  2⤵
  PID:7444
- C:\Windows\System\uETuyEt.exe
  C:\Windows\System\uETuyEt.exe
  2⤵
  PID:7264
- C:\Windows\System\DKgLSrX.exe
  C:\Windows\System\DKgLSrX.exe
  2⤵
  PID:7424
- C:\Windows\System\aqfATOK.exe
  C:\Windows\System\aqfATOK.exe
  2⤵
  PID:7460
- C:\Windows\System\EOWhSdQ.exe
  C:\Windows\System\EOWhSdQ.exe
  2⤵
  PID:7492
- C:\Windows\System\OFptwTb.exe
  C:\Windows\System\OFptwTb.exe
  2⤵
  PID:7584
- C:\Windows\System\FnTtJJm.exe
  C:\Windows\System\FnTtJJm.exe
  2⤵
  PID:7600
- C:\Windows\System\WfZVxPo.exe
  C:\Windows\System\WfZVxPo.exe
  2⤵
  PID:7616
- C:\Windows\System\ZMymGek.exe
  C:\Windows\System\ZMymGek.exe
  2⤵
  PID:7648
- C:\Windows\System\YocRtxj.exe
  C:\Windows\System\YocRtxj.exe
  2⤵
  PID:7672
- C:\Windows\System\PNMfQuD.exe
  C:\Windows\System\PNMfQuD.exe
  2⤵
  PID:7684
- C:\Windows\System\FUwPgOT.exe
  C:\Windows\System\FUwPgOT.exe
  2⤵
  PID:7776
- C:\Windows\System\ifyJkbt.exe
  C:\Windows\System\ifyJkbt.exe
  2⤵
  PID:7780
- C:\Windows\System\zBeidVv.exe
  C:\Windows\System\zBeidVv.exe
  2⤵
  PID:7852
- C:\Windows\System\aNCCXUz.exe
  C:\Windows\System\aNCCXUz.exe
  2⤵
  PID:7944
- C:\Windows\System\XhiAALw.exe
  C:\Windows\System\XhiAALw.exe
  2⤵
  PID:7984
- C:\Windows\System\celAAGR.exe
  C:\Windows\System\celAAGR.exe
  2⤵
  PID:7832
- C:\Windows\System\BybkXvS.exe
  C:\Windows\System\BybkXvS.exe
  2⤵
  PID:7836
- C:\Windows\System\nhRjuuL.exe
  C:\Windows\System\nhRjuuL.exe
  2⤵
  PID:7964
- C:\Windows\System\vNLSWET.exe
  C:\Windows\System\vNLSWET.exe
  2⤵
  PID:8000
- C:\Windows\System\WkKZDty.exe
  C:\Windows\System\WkKZDty.exe
  2⤵
  PID:8020
- C:\Windows\System\PtNBTDv.exe
  C:\Windows\System\PtNBTDv.exe
  2⤵
  PID:8060
- C:\Windows\System\mIdWsnX.exe
  C:\Windows\System\mIdWsnX.exe
  2⤵
  PID:8124
- C:\Windows\System\nMOAqAT.exe
  C:\Windows\System\nMOAqAT.exe
  2⤵
  PID:6824
- C:\Windows\System\fENmmJd.exe
  C:\Windows\System\fENmmJd.exe
  2⤵
  PID:8136
- C:\Windows\System\zwllHDw.exe
  C:\Windows\System\zwllHDw.exe
  2⤵
  PID:8076
- C:\Windows\System\rboVnRA.exe
  C:\Windows\System\rboVnRA.exe
  2⤵
  PID:8180
- C:\Windows\System\HomvVZc.exe
  C:\Windows\System\HomvVZc.exe
  2⤵
  PID:6124
- C:\Windows\System\omwwDbN.exe
  C:\Windows\System\omwwDbN.exe
  2⤵
  PID:6428
- C:\Windows\System\vQaSTNc.exe
  C:\Windows\System\vQaSTNc.exe
  2⤵
  PID:832
- C:\Windows\System\qwXomCG.exe
  C:\Windows\System\qwXomCG.exe
  2⤵
  PID:6472
- C:\Windows\System\dSthoyO.exe
  C:\Windows\System\dSthoyO.exe
  2⤵
  PID:7308
- C:\Windows\System\QsknHpG.exe
  C:\Windows\System\QsknHpG.exe
  2⤵
  PID:7196
- C:\Windows\System\CmdwdEs.exe
  C:\Windows\System\CmdwdEs.exe
  2⤵
  PID:7292
- C:\Windows\System\OuRlXtx.exe
  C:\Windows\System\OuRlXtx.exe
  2⤵
  PID:7568
- C:\Windows\System\VymHIpg.exe
  C:\Windows\System\VymHIpg.exe
  2⤵
  PID:7596
- C:\Windows\System\kWkWcga.exe
  C:\Windows\System\kWkWcga.exe
  2⤵
  PID:7380
- C:\Windows\System\QwurMpE.exe
  C:\Windows\System\QwurMpE.exe
  2⤵
  PID:7704
- C:\Windows\System\zCoKpwp.exe
  C:\Windows\System\zCoKpwp.exe
  2⤵
  PID:7552
- C:\Windows\System\cCMacCT.exe
  C:\Windows\System\cCMacCT.exe
  2⤵
  PID:5400
- C:\Windows\System\cGGpaov.exe
  C:\Windows\System\cGGpaov.exe
  2⤵
  PID:2780
- C:\Windows\System\IGuEHDh.exe
  C:\Windows\System\IGuEHDh.exe
  2⤵
  PID:7612
- C:\Windows\System\qjwPPEg.exe
  C:\Windows\System\qjwPPEg.exe
  2⤵
  PID:7668
- C:\Windows\System\QCuxGzl.exe
  C:\Windows\System\QCuxGzl.exe
  2⤵
  PID:7724
- C:\Windows\System\EenbRra.exe
  C:\Windows\System\EenbRra.exe
  2⤵
  PID:7736
- C:\Windows\System\lZtTBMP.exe
  C:\Windows\System\lZtTBMP.exe
  2⤵
  PID:7696
- C:\Windows\System\VksAbuw.exe
  C:\Windows\System\VksAbuw.exe
  2⤵
  PID:7912
- C:\Windows\System\aiLgnmc.exe
  C:\Windows\System\aiLgnmc.exe
  2⤵
  PID:7900
- C:\Windows\System\GrMXjGd.exe
  C:\Windows\System\GrMXjGd.exe
  2⤵
  PID:8012
- C:\Windows\System\kZUzRcD.exe
  C:\Windows\System\kZUzRcD.exe
  2⤵
  PID:2408
- C:\Windows\System\xKOcTzw.exe
  C:\Windows\System\xKOcTzw.exe
  2⤵
  PID:8172
- C:\Windows\System\remkFwj.exe
  C:\Windows\System\remkFwj.exe
  2⤵
  PID:1776
- C:\Windows\System\sBgVrbz.exe
  C:\Windows\System\sBgVrbz.exe
  2⤵
  PID:6168
- C:\Windows\System\AHAzess.exe
  C:\Windows\System\AHAzess.exe
  2⤵
  PID:7636
- C:\Windows\System\uAHJpmI.exe
  C:\Windows\System\uAHJpmI.exe
  2⤵
  PID:7508
- C:\Windows\System\WBXCakL.exe
  C:\Windows\System\WBXCakL.exe
  2⤵
  PID:7732
- C:\Windows\System\MTyzkiQ.exe
  C:\Windows\System\MTyzkiQ.exe
  2⤵
  PID:8008
- C:\Windows\System\jvBslay.exe
  C:\Windows\System\jvBslay.exe
  2⤵
  PID:8200
- C:\Windows\System\ewBvWZh.exe
  C:\Windows\System\ewBvWZh.exe
  2⤵
  PID:8216
- C:\Windows\System\EoPUtTq.exe
  C:\Windows\System\EoPUtTq.exe
  2⤵
  PID:8232
- C:\Windows\System\oMikowJ.exe
  C:\Windows\System\oMikowJ.exe
  2⤵
  PID:8248
- C:\Windows\System\UOZSTEG.exe
  C:\Windows\System\UOZSTEG.exe
  2⤵
  PID:8264
- C:\Windows\System\RdtqXxR.exe
  C:\Windows\System\RdtqXxR.exe
  2⤵
  PID:8280
- C:\Windows\System\gjQUznT.exe
  C:\Windows\System\gjQUznT.exe
  2⤵
  PID:8296
- C:\Windows\System\vKRNzlB.exe
  C:\Windows\System\vKRNzlB.exe
  2⤵
  PID:8312
- C:\Windows\System\nXkMKCb.exe
  C:\Windows\System\nXkMKCb.exe
  2⤵
  PID:8328
- C:\Windows\System\CpSANhb.exe
  C:\Windows\System\CpSANhb.exe
  2⤵
  PID:8344
- C:\Windows\System\UNlgqWh.exe
  C:\Windows\System\UNlgqWh.exe
  2⤵
  PID:8392
- C:\Windows\System\awbWELL.exe
  C:\Windows\System\awbWELL.exe
  2⤵
  PID:8556
- C:\Windows\System\JPhmctj.exe
  C:\Windows\System\JPhmctj.exe
  2⤵
  PID:8572
- C:\Windows\System\TCdvuGc.exe
  C:\Windows\System\TCdvuGc.exe
  2⤵
  PID:8588
- C:\Windows\System\qUGcTSz.exe
  C:\Windows\System\qUGcTSz.exe
  2⤵
  PID:8604
- C:\Windows\System\ZrfFsWw.exe
  C:\Windows\System\ZrfFsWw.exe
  2⤵
  PID:8620
- C:\Windows\System\OEdpPgB.exe
  C:\Windows\System\OEdpPgB.exe
  2⤵
  PID:8636
- C:\Windows\System\AifDWeD.exe
  C:\Windows\System\AifDWeD.exe
  2⤵
  PID:8652
- C:\Windows\System\ygHwEKp.exe
  C:\Windows\System\ygHwEKp.exe
  2⤵
  PID:8668
- C:\Windows\System\ZDHqTPi.exe
  C:\Windows\System\ZDHqTPi.exe
  2⤵
  PID:8684
- C:\Windows\System\zhgzhMb.exe
  C:\Windows\System\zhgzhMb.exe
  2⤵
  PID:8700
- C:\Windows\System\QSZJUqk.exe
  C:\Windows\System\QSZJUqk.exe
  2⤵
  PID:8716
- C:\Windows\System\pxSAKFM.exe
  C:\Windows\System\pxSAKFM.exe
  2⤵
  PID:8736
- C:\Windows\System\MwWghLU.exe
  C:\Windows\System\MwWghLU.exe
  2⤵
  PID:8752
- C:\Windows\System\xalNKtX.exe
  C:\Windows\System\xalNKtX.exe
  2⤵
  PID:8768
- C:\Windows\System\VSEsacr.exe
  C:\Windows\System\VSEsacr.exe
  2⤵
  PID:8784
- C:\Windows\System\cGnclBI.exe
  C:\Windows\System\cGnclBI.exe
  2⤵
  PID:8800
- C:\Windows\System\rIiCBXg.exe
  C:\Windows\System\rIiCBXg.exe
  2⤵
  PID:8816
- C:\Windows\System\ePrkDoO.exe
  C:\Windows\System\ePrkDoO.exe
  2⤵
  PID:8832
- C:\Windows\System\YPmGuig.exe
  C:\Windows\System\YPmGuig.exe
  2⤵
  PID:8848
- C:\Windows\System\mDGURQd.exe
  C:\Windows\System\mDGURQd.exe
  2⤵
  PID:8864
- C:\Windows\System\eOHWPyA.exe
  C:\Windows\System\eOHWPyA.exe
  2⤵
  PID:8880
- C:\Windows\System\ESxNYGN.exe
  C:\Windows\System\ESxNYGN.exe
  2⤵
  PID:8896
- C:\Windows\System\vhUoXLK.exe
  C:\Windows\System\vhUoXLK.exe
  2⤵
  PID:8912
- C:\Windows\System\SeLJbKc.exe
  C:\Windows\System\SeLJbKc.exe
  2⤵
  PID:8928
- C:\Windows\System\nhdKXXO.exe
  C:\Windows\System\nhdKXXO.exe
  2⤵
  PID:8948
- C:\Windows\System\jFUnJMh.exe
  C:\Windows\System\jFUnJMh.exe
  2⤵
  PID:8964
- C:\Windows\System\CMYIWha.exe
  C:\Windows\System\CMYIWha.exe
  2⤵
  PID:8980
- C:\Windows\System\eofowTp.exe
  C:\Windows\System\eofowTp.exe
  2⤵
  PID:8996
- C:\Windows\System\kOtuNdZ.exe
  C:\Windows\System\kOtuNdZ.exe
  2⤵
  PID:9012
- C:\Windows\System\aQbypLZ.exe
  C:\Windows\System\aQbypLZ.exe
  2⤵
  PID:9028
- C:\Windows\System\OPSQoSS.exe
  C:\Windows\System\OPSQoSS.exe
  2⤵
  PID:9044
- C:\Windows\System\CUnUVSl.exe
  C:\Windows\System\CUnUVSl.exe
  2⤵
  PID:9060
- C:\Windows\System\DGwBIoh.exe
  C:\Windows\System\DGwBIoh.exe
  2⤵
  PID:9080
- C:\Windows\System\BJqbKKJ.exe
  C:\Windows\System\BJqbKKJ.exe
  2⤵
  PID:9096
- C:\Windows\System\jzXbBwf.exe
  C:\Windows\System\jzXbBwf.exe
  2⤵
  PID:9112
- C:\Windows\System\oFMwccX.exe
  C:\Windows\System\oFMwccX.exe
  2⤵
  PID:9128
- C:\Windows\System\IWBVIBT.exe
  C:\Windows\System\IWBVIBT.exe
  2⤵
  PID:9144
- C:\Windows\System\fzmuSUj.exe
  C:\Windows\System\fzmuSUj.exe
  2⤵
  PID:9160
- C:\Windows\System\WnAjBgO.exe
  C:\Windows\System\WnAjBgO.exe
  2⤵
  PID:9176
- C:\Windows\System\HEygxbc.exe
  C:\Windows\System\HEygxbc.exe
  2⤵
  PID:9192
- C:\Windows\System\FeRskzh.exe
  C:\Windows\System\FeRskzh.exe
  2⤵
  PID:9208
- C:\Windows\System\AdRmuIb.exe
  C:\Windows\System\AdRmuIb.exe
  2⤵
  PID:6288
- C:\Windows\System\uZBINmM.exe
  C:\Windows\System\uZBINmM.exe
  2⤵
  PID:7996
- C:\Windows\System\veEYhNf.exe
  C:\Windows\System\veEYhNf.exe
  2⤵
  PID:8244
- C:\Windows\System\orqjXXe.exe
  C:\Windows\System\orqjXXe.exe
  2⤵
  PID:7372
- C:\Windows\System\KlsHQuW.exe
  C:\Windows\System\KlsHQuW.exe
  2⤵
  PID:7712
- C:\Windows\System\oYpDoEU.exe
  C:\Windows\System\oYpDoEU.exe
  2⤵
  PID:7848
- C:\Windows\System\LRBcxDb.exe
  C:\Windows\System\LRBcxDb.exe
  2⤵
  PID:7928
- C:\Windows\System\HGbUXHt.exe
  C:\Windows\System\HGbUXHt.exe
  2⤵
  PID:7932
- C:\Windows\System\lAjRJkV.exe
  C:\Windows\System\lAjRJkV.exe
  2⤵
  PID:8028
- C:\Windows\System\RlUYKtH.exe
  C:\Windows\System\RlUYKtH.exe
  2⤵
  PID:2924
- C:\Windows\System\xiXUTWh.exe
  C:\Windows\System\xiXUTWh.exe
  2⤵
  PID:1800
- C:\Windows\System\smfYWFq.exe
  C:\Windows\System\smfYWFq.exe
  2⤵
  PID:448
- C:\Windows\System\WjpWJcv.exe
  C:\Windows\System\WjpWJcv.exe
  2⤵
  PID:8224
- C:\Windows\System\QuvHyQp.exe
  C:\Windows\System\QuvHyQp.exe
  2⤵
  PID:7440
- C:\Windows\System\lEAoyES.exe
  C:\Windows\System\lEAoyES.exe
  2⤵
  PID:7716
- C:\Windows\System\amUyMNg.exe
  C:\Windows\System\amUyMNg.exe
  2⤵
  PID:7092
- C:\Windows\System\pTBFphK.exe
  C:\Windows\System\pTBFphK.exe
  2⤵
  PID:8260
- C:\Windows\System\tiNswWc.exe
  C:\Windows\System\tiNswWc.exe
  2⤵
  PID:8324
- C:\Windows\System\wArToBk.exe
  C:\Windows\System\wArToBk.exe
  2⤵
  PID:8364
- C:\Windows\System\FvZXMEJ.exe
  C:\Windows\System\FvZXMEJ.exe
  2⤵
  PID:8340
- C:\Windows\System\uFvBeeP.exe
  C:\Windows\System\uFvBeeP.exe
  2⤵
  PID:8388
- C:\Windows\System\njhxksY.exe
  C:\Windows\System\njhxksY.exe
  2⤵
  PID:8412
- C:\Windows\System\dgMnEte.exe
  C:\Windows\System\dgMnEte.exe
  2⤵
  PID:8428
- C:\Windows\System\CYzkeNq.exe
  C:\Windows\System\CYzkeNq.exe
  2⤵
  PID:8444
- C:\Windows\System\wmFtkKN.exe
  C:\Windows\System\wmFtkKN.exe
  2⤵
  PID:8460
- C:\Windows\System\keoeBJs.exe
  C:\Windows\System\keoeBJs.exe
  2⤵
  PID:8476
- C:\Windows\System\btKgeLP.exe
  C:\Windows\System\btKgeLP.exe
  2⤵
  PID:8492
- C:\Windows\System\JcMWHsr.exe
  C:\Windows\System\JcMWHsr.exe
  2⤵
  PID:8628
- C:\Windows\System\yLRlEQT.exe
  C:\Windows\System\yLRlEQT.exe
  2⤵
  PID:8600
- C:\Windows\System\LycAzSU.exe
  C:\Windows\System\LycAzSU.exe
  2⤵
  PID:8744
- C:\Windows\System\nMMqNxG.exe
  C:\Windows\System\nMMqNxG.exe
  2⤵
  PID:9168
- C:\Windows\System\pPfraHM.exe
  C:\Windows\System\pPfraHM.exe
  2⤵
  PID:8892
- C:\Windows\System\iOSrPzK.exe
  C:\Windows\System\iOSrPzK.exe
  2⤵
  PID:9020
- C:\Windows\System\MxUqefr.exe
  C:\Windows\System\MxUqefr.exe
  2⤵
  PID:8156
- C:\Windows\System\RNIUbol.exe
  C:\Windows\System\RNIUbol.exe
  2⤵
  PID:9124
- C:\Windows\System\PewDcoK.exe
  C:\Windows\System\PewDcoK.exe
  2⤵
  PID:9188
- C:\Windows\System\jNOWJsY.exe
  C:\Windows\System\jNOWJsY.exe
  2⤵
  PID:7756
- C:\Windows\System\aWrRJsH.exe
  C:\Windows\System\aWrRJsH.exe
  2⤵
  PID:7752
- C:\Windows\System\sNIgmiE.exe
  C:\Windows\System\sNIgmiE.exe
  2⤵
  PID:7540
- C:\Windows\System\TeEgTVa.exe
  C:\Windows\System\TeEgTVa.exe
  2⤵
  PID:7728
- C:\Windows\System\FyjCAwU.exe
  C:\Windows\System\FyjCAwU.exe
  2⤵
  PID:7796
- C:\Windows\System\FbAstxw.exe
  C:\Windows\System\FbAstxw.exe
  2⤵
  PID:7184
- C:\Windows\System\rFBIPME.exe
  C:\Windows\System\rFBIPME.exe
  2⤵
  PID:8228
- C:\Windows\System\JijhJOV.exe
  C:\Windows\System\JijhJOV.exe
  2⤵
  PID:8356
- C:\Windows\System\kvUxSeG.exe
  C:\Windows\System\kvUxSeG.exe
  2⤵
  PID:8424
- C:\Windows\System\YSrrnnp.exe
  C:\Windows\System\YSrrnnp.exe
  2⤵
  PID:8456
- C:\Windows\System\NoRIHVC.exe
  C:\Windows\System\NoRIHVC.exe
  2⤵
  PID:8468
- C:\Windows\System\fzgYzVr.exe
  C:\Windows\System\fzgYzVr.exe
  2⤵
  PID:8520
- C:\Windows\System\ogDrgql.exe
  C:\Windows\System\ogDrgql.exe
  2⤵
  PID:8528
- C:\Windows\System\aOmLsAA.exe
  C:\Windows\System\aOmLsAA.exe
  2⤵
  PID:8540
- C:\Windows\System\ogrPVdY.exe
  C:\Windows\System\ogrPVdY.exe
  2⤵
  PID:8552
- C:\Windows\System\vtmwwQy.exe
  C:\Windows\System\vtmwwQy.exe
  2⤵
  PID:8584
- C:\Windows\System\YOUvJne.exe
  C:\Windows\System\YOUvJne.exe
  2⤵
  PID:8676
- C:\Windows\System\kbtDVUn.exe
  C:\Windows\System\kbtDVUn.exe
  2⤵
  PID:8708
- C:\Windows\System\wtEoznZ.exe
  C:\Windows\System\wtEoznZ.exe
  2⤵
  PID:8808
- C:\Windows\System\sUbRkVR.exe
  C:\Windows\System\sUbRkVR.exe
  2⤵
  PID:8872
- C:\Windows\System\aiqZyjx.exe
  C:\Windows\System\aiqZyjx.exe
  2⤵
  PID:8904
- C:\Windows\System\uFiqjjd.exe
  C:\Windows\System\uFiqjjd.exe
  2⤵
  PID:8972
- C:\Windows\System\iPECAfv.exe
  C:\Windows\System\iPECAfv.exe
  2⤵
  PID:9036
- C:\Windows\System\oHEDNxR.exe
  C:\Windows\System\oHEDNxR.exe
  2⤵
  PID:9072
- C:\Windows\System\MAFUJnp.exe
  C:\Windows\System\MAFUJnp.exe
  2⤵
  PID:9108
- C:\Windows\System\vDzIGFt.exe
  C:\Windows\System\vDzIGFt.exe
  2⤵
  PID:9200
- C:\Windows\System\erTWtSq.exe
  C:\Windows\System\erTWtSq.exe
  2⤵
  PID:8920
- C:\Windows\System\EtSmbgp.exe
  C:\Windows\System\EtSmbgp.exe
  2⤵
  PID:8860
- C:\Windows\System\knujtIF.exe
  C:\Windows\System\knujtIF.exe
  2⤵
  PID:8796
- C:\Windows\System\vQnjUUO.exe
  C:\Windows\System\vQnjUUO.exe
  2⤵
  PID:1744
- C:\Windows\System\uxwYGgS.exe
  C:\Windows\System\uxwYGgS.exe
  2⤵
  PID:8304
- C:\Windows\System\RJUMwSF.exe
  C:\Windows\System\RJUMwSF.exe
  2⤵
  PID:9120
- C:\Windows\System\rHeoCti.exe
  C:\Windows\System\rHeoCti.exe
  2⤵
  PID:6904
- C:\Windows\System\JmTmFSg.exe
  C:\Windows\System\JmTmFSg.exe
  2⤵
  PID:8308
- C:\Windows\System\vcMxmFi.exe
  C:\Windows\System\vcMxmFi.exe
  2⤵
  PID:8320
- C:\Windows\System\rKhozZw.exe
  C:\Windows\System\rKhozZw.exe
  2⤵
  PID:8408
- C:\Windows\System\xKvSFjk.exe
  C:\Windows\System\xKvSFjk.exe
  2⤵
  PID:8516
- C:\Windows\System\gILKoSk.exe
  C:\Windows\System\gILKoSk.exe
  2⤵
  PID:8380
- C:\Windows\System\aKZized.exe
  C:\Windows\System\aKZized.exe
  2⤵
  PID:8548
- C:\Windows\System\OGFApnf.exe
  C:\Windows\System\OGFApnf.exe
  2⤵
  PID:8612
- C:\Windows\System\KBeIEGZ.exe
  C:\Windows\System\KBeIEGZ.exe
  2⤵
  PID:8976
- C:\Windows\System\MvfOywf.exe
  C:\Windows\System\MvfOywf.exe
  2⤵
  PID:9004
- C:\Windows\System\uqGjpby.exe
  C:\Windows\System\uqGjpby.exe
  2⤵
  PID:8844
- C:\Windows\System\OIpYMbg.exe
  C:\Windows\System\OIpYMbg.exe
  2⤵
  PID:8764
- C:\Windows\System\BGCxdYZ.exe
  C:\Windows\System\BGCxdYZ.exe
  2⤵
  PID:8536
- C:\Windows\System\kIlEnfB.exe
  C:\Windows\System\kIlEnfB.exe
  2⤵
  PID:9076
- C:\Windows\System\RcYyUUJ.exe
  C:\Windows\System\RcYyUUJ.exe
  2⤵
  PID:8944
- C:\Windows\System\ewLXajk.exe
  C:\Windows\System\ewLXajk.exe
  2⤵
  PID:8724
- C:\Windows\System\bShfqSn.exe
  C:\Windows\System\bShfqSn.exe
  2⤵
  PID:9092
- C:\Windows\System\thcqvRG.exe
  C:\Windows\System\thcqvRG.exe
  2⤵
  PID:8956
- C:\Windows\System\eZgkvTZ.exe
  C:\Windows\System\eZgkvTZ.exe
  2⤵
  PID:9204
- C:\Windows\System\jZxVoVa.exe
  C:\Windows\System\jZxVoVa.exe
  2⤵
  PID:8336
- C:\Windows\System\imWmDaO.exe
  C:\Windows\System\imWmDaO.exe
  2⤵
  PID:8712
- C:\Windows\System\dXgwyEj.exe
  C:\Windows\System\dXgwyEj.exe
  2⤵
  PID:8840
- C:\Windows\System\hIloYIn.exe
  C:\Windows\System\hIloYIn.exe
  2⤵
  PID:8960
- C:\Windows\System\NluZQSQ.exe
  C:\Windows\System\NluZQSQ.exe
  2⤵
  PID:9156
- C:\Windows\System\UerdthS.exe
  C:\Windows\System\UerdthS.exe
  2⤵
  PID:8500
- C:\Windows\System\LKoogQt.exe
  C:\Windows\System\LKoogQt.exe
  2⤵
  PID:7412
- C:\Windows\System\QCQjFIt.exe
  C:\Windows\System\QCQjFIt.exe
  2⤵
  PID:8160
- C:\Windows\System\ftBwcoq.exe
  C:\Windows\System\ftBwcoq.exe
  2⤵
  PID:9244
- C:\Windows\System\xsRdLEA.exe
  C:\Windows\System\xsRdLEA.exe
  2⤵
  PID:9268
- C:\Windows\System\BwBWGAp.exe
  C:\Windows\System\BwBWGAp.exe
  2⤵
  PID:9316
- C:\Windows\System\DkiEcIq.exe
  C:\Windows\System\DkiEcIq.exe
  2⤵
  PID:9332
- C:\Windows\System\WCvLYnD.exe
  C:\Windows\System\WCvLYnD.exe
  2⤵
  PID:9348
- C:\Windows\System\KvdTUPS.exe
  C:\Windows\System\KvdTUPS.exe
  2⤵
  PID:9364
- C:\Windows\System\TSgiTQg.exe
  C:\Windows\System\TSgiTQg.exe
  2⤵
  PID:9380
- C:\Windows\System\IBWWtWa.exe
  C:\Windows\System\IBWWtWa.exe
  2⤵
  PID:9396
- C:\Windows\System\EoJVIVV.exe
  C:\Windows\System\EoJVIVV.exe
  2⤵
  PID:9412
- C:\Windows\System\zrvVfDB.exe
  C:\Windows\System\zrvVfDB.exe
  2⤵
  PID:9428
- C:\Windows\System\yUvBOGH.exe
  C:\Windows\System\yUvBOGH.exe
  2⤵
  PID:9444
- C:\Windows\System\NfiTpuM.exe
  C:\Windows\System\NfiTpuM.exe
  2⤵
  PID:9460
- C:\Windows\System\bfDGueB.exe
  C:\Windows\System\bfDGueB.exe
  2⤵
  PID:9476
- C:\Windows\System\djNlGIE.exe
  C:\Windows\System\djNlGIE.exe
  2⤵
  PID:9492
- C:\Windows\System\CDFPvwp.exe
  C:\Windows\System\CDFPvwp.exe
  2⤵
  PID:9508
- C:\Windows\System\vovBoUG.exe
  C:\Windows\System\vovBoUG.exe
  2⤵
  PID:9524
- C:\Windows\System\aZKLiUq.exe
  C:\Windows\System\aZKLiUq.exe
  2⤵
  PID:9540
- C:\Windows\System\wDuYFXv.exe
  C:\Windows\System\wDuYFXv.exe
  2⤵
  PID:9556
- C:\Windows\System\hwFAwuQ.exe
  C:\Windows\System\hwFAwuQ.exe
  2⤵
  PID:9576
- C:\Windows\System\koWqhBn.exe
  C:\Windows\System\koWqhBn.exe
  2⤵
  PID:9596
- C:\Windows\System\FJgPRym.exe
  C:\Windows\System\FJgPRym.exe
  2⤵
  PID:9612
- C:\Windows\System\MzblpcY.exe
  C:\Windows\System\MzblpcY.exe
  2⤵
  PID:9628
- C:\Windows\System\baOfqTR.exe
  C:\Windows\System\baOfqTR.exe
  2⤵
  PID:9644
- C:\Windows\System\cqCKTas.exe
  C:\Windows\System\cqCKTas.exe
  2⤵
  PID:9660
- C:\Windows\System\yaoNXHJ.exe
  C:\Windows\System\yaoNXHJ.exe
  2⤵
  PID:9680
- C:\Windows\System\WlwNfPD.exe
  C:\Windows\System\WlwNfPD.exe
  2⤵
  PID:9696
- C:\Windows\System\phyHWxp.exe
  C:\Windows\System\phyHWxp.exe
  2⤵
  PID:9712
- C:\Windows\System\dwKwwvM.exe
  C:\Windows\System\dwKwwvM.exe
  2⤵
  PID:9780
- C:\Windows\System\DCsIWYB.exe
  C:\Windows\System\DCsIWYB.exe
  2⤵
  PID:9800
- C:\Windows\System\mcDmkyE.exe
  C:\Windows\System\mcDmkyE.exe
  2⤵
  PID:9816
- C:\Windows\System\iikAbLh.exe
  C:\Windows\System\iikAbLh.exe
  2⤵
  PID:9832
- C:\Windows\System\cLAuPfe.exe
  C:\Windows\System\cLAuPfe.exe
  2⤵
  PID:9848
- C:\Windows\System\lzmftGC.exe
  C:\Windows\System\lzmftGC.exe
  2⤵
  PID:9868
- C:\Windows\System\XtEuRTC.exe
  C:\Windows\System\XtEuRTC.exe
  2⤵
  PID:9888
- C:\Windows\System\XcOzVWr.exe
  C:\Windows\System\XcOzVWr.exe
  2⤵
  PID:9904
- C:\Windows\System\Wkysjhm.exe
  C:\Windows\System\Wkysjhm.exe
  2⤵
  PID:9920
- C:\Windows\System\BfPwwNr.exe
  C:\Windows\System\BfPwwNr.exe
  2⤵
  PID:9936
- C:\Windows\System\hlfhVOK.exe
  C:\Windows\System\hlfhVOK.exe
  2⤵
  PID:9952
- C:\Windows\System\UefhlFN.exe
  C:\Windows\System\UefhlFN.exe
  2⤵
  PID:9968
- C:\Windows\System\LAEAGbf.exe
  C:\Windows\System\LAEAGbf.exe
  2⤵
  PID:9984
- C:\Windows\System\ptxkifr.exe
  C:\Windows\System\ptxkifr.exe
  2⤵
  PID:10000
- C:\Windows\System\qBDYKGu.exe
  C:\Windows\System\qBDYKGu.exe
  2⤵
  PID:10016
- C:\Windows\System\PsKxszg.exe
  C:\Windows\System\PsKxszg.exe
  2⤵
  PID:10032
- C:\Windows\System\VtFYiWp.exe
  C:\Windows\System\VtFYiWp.exe
  2⤵
  PID:10048
- C:\Windows\System\dgTGiMy.exe
  C:\Windows\System\dgTGiMy.exe
  2⤵
  PID:10064
- C:\Windows\System\oLvrumb.exe
  C:\Windows\System\oLvrumb.exe
  2⤵
  PID:10080
- C:\Windows\System\iXeaaKU.exe
  C:\Windows\System\iXeaaKU.exe
  2⤵
  PID:10096
- C:\Windows\System\eoUvJKM.exe
  C:\Windows\System\eoUvJKM.exe
  2⤵
  PID:10112
- C:\Windows\System\vFIHLvs.exe
  C:\Windows\System\vFIHLvs.exe
  2⤵
  PID:10128
- C:\Windows\System\tyYAXLL.exe
  C:\Windows\System\tyYAXLL.exe
  2⤵
  PID:10144
- C:\Windows\System\ffqWTuN.exe
  C:\Windows\System\ffqWTuN.exe
  2⤵
  PID:10160
- C:\Windows\System\gLIFEQn.exe
  C:\Windows\System\gLIFEQn.exe
  2⤵
  PID:10176
- C:\Windows\System\OfteNwd.exe
  C:\Windows\System\OfteNwd.exe
  2⤵
  PID:10192
- C:\Windows\System\lPOZFcP.exe
  C:\Windows\System\lPOZFcP.exe
  2⤵
  PID:10208
- C:\Windows\System\xBRMFqg.exe
  C:\Windows\System\xBRMFqg.exe
  2⤵
  PID:10224
- C:\Windows\System\fjIfQQL.exe
  C:\Windows\System\fjIfQQL.exe
  2⤵
  PID:8992
- C:\Windows\System\HsuvxtG.exe
  C:\Windows\System\HsuvxtG.exe
  2⤵
  PID:8936
- C:\Windows\System\MrbFPBm.exe
  C:\Windows\System\MrbFPBm.exe
  2⤵
  PID:8420
- C:\Windows\System\GNckkZY.exe
  C:\Windows\System\GNckkZY.exe
  2⤵
  PID:9228
- C:\Windows\System\uHOQlbN.exe
  C:\Windows\System\uHOQlbN.exe
  2⤵
  PID:9260
- C:\Windows\System\kkgXPHE.exe
  C:\Windows\System\kkgXPHE.exe
  2⤵
  PID:9280
- C:\Windows\System\frcKqLR.exe
  C:\Windows\System\frcKqLR.exe
  2⤵
  PID:9304
- C:\Windows\System\ZxXpVXP.exe
  C:\Windows\System\ZxXpVXP.exe
  2⤵
  PID:9312
- C:\Windows\System\gUGuFhy.exe
  C:\Windows\System\gUGuFhy.exe
  2⤵
  PID:9404
- C:\Windows\System\GPCCuXw.exe
  C:\Windows\System\GPCCuXw.exe
  2⤵
  PID:9468
- C:\Windows\System\AbNBIEA.exe
  C:\Windows\System\AbNBIEA.exe
  2⤵
  PID:9564
- C:\Windows\System\NpOvcnO.exe
  C:\Windows\System\NpOvcnO.exe
  2⤵
  PID:9636
- C:\Windows\System\KONYRZY.exe
  C:\Windows\System\KONYRZY.exe
  2⤵
  PID:9668
- C:\Windows\System\EDOCiqa.exe
  C:\Windows\System\EDOCiqa.exe
  2⤵
  PID:9452
- C:\Windows\System\rQfYash.exe
  C:\Windows\System\rQfYash.exe
  2⤵
  PID:9756
- C:\Windows\System\zsQPySJ.exe
  C:\Windows\System\zsQPySJ.exe
  2⤵
  PID:9960
- C:\Windows\System\DWoXZMn.exe
  C:\Windows\System\DWoXZMn.exe
  2⤵
  PID:10024
- C:\Windows\System\WJFPJux.exe
  C:\Windows\System\WJFPJux.exe
  2⤵
  PID:10088
- C:\Windows\System\lsrrHdI.exe
  C:\Windows\System\lsrrHdI.exe
  2⤵
  PID:10152
- C:\Windows\System\PjqPdmA.exe
  C:\Windows\System\PjqPdmA.exe
  2⤵
  PID:10216
- C:\Windows\System\wvKnzho.exe
  C:\Windows\System\wvKnzho.exe
  2⤵
  PID:8404
- C:\Windows\System\GtDBQwg.exe
  C:\Windows\System\GtDBQwg.exe
  2⤵
  PID:9264
- C:\Windows\System\ouclTaG.exe
  C:\Windows\System\ouclTaG.exe
  2⤵
  PID:9436
- C:\Windows\System\DOVvHKV.exe
  C:\Windows\System\DOVvHKV.exe
  2⤵
  PID:9808
- C:\Windows\System\WlZwnyG.exe
  C:\Windows\System\WlZwnyG.exe
  2⤵
  PID:9876
- C:\Windows\System\yajFlUI.exe
  C:\Windows\System\yajFlUI.exe
  2⤵
  PID:9976
- C:\Windows\System\rAaEfPM.exe
  C:\Windows\System\rAaEfPM.exe
  2⤵
  PID:10040
- C:\Windows\System\kMonpXj.exe
  C:\Windows\System\kMonpXj.exe
  2⤵
  PID:10108
- C:\Windows\System\pSbuZJX.exe
  C:\Windows\System\pSbuZJX.exe
  2⤵
  PID:10172
- C:\Windows\System\gOSYvrp.exe
  C:\Windows\System\gOSYvrp.exe
  2⤵
  PID:10236
- C:\Windows\System\pfZcICf.exe
  C:\Windows\System\pfZcICf.exe
  2⤵
  PID:8504
- C:\Windows\System\AYXCqzr.exe
  C:\Windows\System\AYXCqzr.exe
  2⤵
  PID:9276
- C:\Windows\System\FoJmRBW.exe
  C:\Windows\System\FoJmRBW.exe
  2⤵
  PID:9500
- C:\Windows\System\mjREeHV.exe
  C:\Windows\System\mjREeHV.exe
  2⤵
  PID:9704
- C:\Windows\System\uVFrGlU.exe
  C:\Windows\System\uVFrGlU.exe
  2⤵
  PID:9604
- C:\Windows\System\wWuiMmI.exe
  C:\Windows\System\wWuiMmI.exe
  2⤵
  PID:8856
- C:\Windows\System\OVCmHEJ.exe
  C:\Windows\System\OVCmHEJ.exe
  2⤵
  PID:9516
- C:\Windows\System\KFFKmPx.exe
  C:\Windows\System\KFFKmPx.exe
  2⤵
  PID:9584
- C:\Windows\System\SfngWnU.exe
  C:\Windows\System\SfngWnU.exe
  2⤵
  PID:9588
- C:\Windows\System\TlwxbqB.exe
  C:\Windows\System\TlwxbqB.exe
  2⤵
  PID:9656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\IYBkbYH.exe

Filesize
6.0MB

MD5
0817ae7de474adb8b725c2ff0b1c8413

SHA1
65a750c83d50f4b39da0424011594d77a81cb986

SHA256
42c7d2ef144c46856c7508fd25fcf662bd366e0a6dd874fb7b91be5889ee65d4

SHA512
ae0aaad8d74c5156c5124a927c2ce1445324476e7079d8d1e1a4060e40791a99dd3a810311323744e4e2205f8cbf390ad9852b8f8d98950444dbbaf4483555a9

Download Submit
C:\Windows\system\JoeWuYQ.exe

Filesize
6.0MB

MD5
0c4a266b22fd593f343d84a93b1aa937

SHA1
37b8b13c266005a1fb60bf5143152dc380d017a7

SHA256
bb65d6c289f46443ff182fc55a6e552e90a731f62dca1cfebb4b5114e09f49f7

SHA512
fc98648bee0d2222026f3b41ebfc06fbb26c53158cd69018fe592472b04f5ae67dba1d86b0c157aa5420286cc28a602f332827a74f98846d9fe5aed7bf5d6551

Download Submit
C:\Windows\system\NRfrtuH.exe

Filesize
6.0MB

MD5
45f6e1b9461c3eae66b358d0d2632f05

SHA1
08d8616b203f896c8481fe78015c0803cc462b46

SHA256
7c89d47c3d4f5ddd6c2f334f20dd4014967b4eb0568da8375f1159cfdbd41151

SHA512
bfa2d29c817a83d404e622929af12793f887ffb32114fbafd52b82ba9cb439fc523c184cff48caf84538f96c225351653cbe393519d4997408c573f540ae4a55

Download Submit
C:\Windows\system\ONrotKz.exe

Filesize
6.0MB

MD5
bcc7fe9290b98a6e7f8acd71407ef770

SHA1
843f1f6a56e6ceb13729b084ca42530fce755fb0

SHA256
f1f18836e671bb446695b1093864b3d43835776cf28dcac0389c566f4ea93c11

SHA512
7940354a5ab118f5a3c58f663cb44633d97a0167ae08c976123ab369e0c59ca9f8a9749d431b8f9aa0e2f9d1bf0f9e67786e39b519dd517f9418fd97bfec798b

Download Submit
C:\Windows\system\OVjmIEY.exe

Filesize
6.0MB

MD5
48b7d5f0c544ede2dfdf51ac675b7198

SHA1
6054f3bc3a9cfc6ebf4e7c0f9ad94aaef5c67e70

SHA256
7a9c9eb562aeb9a82ff1342fd9a12fd22a5d325c708c0709db263b169bdcc285

SHA512
b6e6bcd5e7fac4867abfd220a5d0da2a8e859b33fd8f97fe01be8dd42ab2379b1ac6516d0cd17df347936bc4d03cb753fa11b81874a929f3dfe36907c2eecb1f

Download Submit
C:\Windows\system\RZqNwFi.exe

Filesize
6.0MB

MD5
eb73d9855a3b675d30cdacc2c9e65ef5

SHA1
c8e70b46a0decab895c9766df0ac4186c73dfed5

SHA256
7a0cb9a743ed80b1287a318b4ebe62d552250cef10dd539850b1fa54ab75b7fd

SHA512
e97df1f837836b723a4f04c0e11b7b4540a21a20d6637376c6c351cac3c85ca5ae82bd409c2c77662dbdc81949c73abc63a3efdf17c41fe1ce73881da87a9a3a

Download Submit
C:\Windows\system\SNCbeqx.exe

Filesize
6.0MB

MD5
0c674e7c1d6d56befab743ca494acf1b

SHA1
ce818cbd0c56fc6948433e8cda4f82cdcbb8dc4e

SHA256
7cad077669fa7b2f9480d8608f7e2b38e54a907c40fa9c627b03a9749353cc9d

SHA512
adf4e3ddf15a884cc0af9e7be83b74291fefb9e5b70508378ec968f0a7bab9b79b74d6d6da503e0694a621bfa00d7562641a8dbcfef8f61bd60eef22e441e0e0

Download Submit
C:\Windows\system\SmLSrPr.exe

Filesize
6.0MB

MD5
21be65b00c7452fc0f4de030440b213e

SHA1
cf58d0bfdf3db11c41b4d01a4ee56d814f93923c

SHA256
1a35e139e7e23e8b8bd20c265978c87ad99be19d852a840718fb08d2ecc3dda6

SHA512
591a8da65dbc155f1dd098a225270b1ef04a516f6769426f01f33c0f8ada72d8a06834d400a469228ea3df3ab07806e346b809150a348b3f3942fae219bc9c9a

Download Submit
C:\Windows\system\URsqjyI.exe

Filesize
6.0MB

MD5
b585b1fa19e14bc8c92b33ac02949ebf

SHA1
cdb66c8fffc6d38affa5eaef93fdb1f6422115c7

SHA256
4899a4547950d4f8987a08c9fe4287527bf89e0450f03130a4709bc3790a7f90

SHA512
6a4e614722449d5c9bd459f4a09ccb9e32dba2caef24a57ca0737bc094f19df1699d8722d5734502bb4e7a08b9301e921c5dc89ce5a4b9aa81a0823640f12e78

Download Submit
C:\Windows\system\UlccsFM.exe

Filesize
6.0MB

MD5
54af0744bfb6be47332242eda79b5a8d

SHA1
4c798ba2b86f173c4003ad06b23c223a2ea5d715

SHA256
369eed7566b607dd7b684b1920b61bb6f2a386fff5dd9767cd29ee953cbc9be0

SHA512
643b8be4e8f82bed3e985f84f242c7d84eb013030a0f0d962ec548932823cdcd8ad1c0de66f4bf3d78de0251fcc6806cae4cfbf89a2edb63e3f6d8855b323d3b

Download Submit
C:\Windows\system\VmIyWgM.exe

Filesize
6.0MB

MD5
e86fea22580644fe1e3f49704b2d3d6a

SHA1
7cf22a00db1817c5e9ec1a9b3ca678964c77f193

SHA256
5c64c506a293c813bce7be3c78feaf438868e982bb719ac5b5d48c8c431dc1f9

SHA512
0fee263950f25d2d8b654e2383b6f0478d13d4794b2527e46cd4bca8fcf5b2b367e775ec7c9c6c0b10139047c5e611522ae346260855d550a54183823a27820a

Download Submit
C:\Windows\system\XBNnxKU.exe

Filesize
6.0MB

MD5
3dea2706f7593defe166569912bcc671

SHA1
eb18f07f25dce6c99ca21b4500f4a007ede5f540

SHA256
63621fb9ccbd03a1307a2d431ee3581cb33968f852b1c2cb0f4ae9365fd5adc1

SHA512
2fc429776d579c45ee9df68b2f9f1073a984c1d744c38123e1fe8ff0126daec44f5ea14b914dfc1dd46539f74fc2314ea24f7093ca72979b1bffe47b3e2c561e

Download Submit
C:\Windows\system\YKeLlnS.exe

Filesize
6.0MB

MD5
f36f0d655b8b627f3b9ed6a79f054d43

SHA1
8f58fcce513d9b4f8c75c21f08e89644838d8e62

SHA256
aec741e53e65fde2252aa95d3dc3b04ad1814a975cf09998798226ff2487dfd9

SHA512
c1b91eed1f7ce29c52aadd0d44d920e0e456346caf895216950a710e1778123e5e364bc85ff70685494fdd15fbc15872a86140174b2c8b33ff5e25668179424d

Download Submit
C:\Windows\system\YRxzprj.exe

Filesize
6.0MB

MD5
bb460d232fb5dbf04bfdf41278ebe6fb

SHA1
1c18ab7cab107370c8f9c1cb6c30bdadc96d4197

SHA256
c64158b2499dc55ddfff53121fdb74ac1f5290aaf01f1c138397e52889db9de1

SHA512
15aef94618e58e33bae665a67fa31f9145ffd994c811efabe53c992886fcc68063964a150212d99431386f117f0d6840954a5d7d839e2dbc0902a8be615b3d93

Download Submit
C:\Windows\system\YTBjCGY.exe

Filesize
6.0MB

MD5
f594441abc73aa6241f8149c4d1a1728

SHA1
792c64cdc97ff62c431d13672e18337159b1ea6d

SHA256
e05a304909846b1b52982a82cac3582765a4e8b11c24b022581496957b6f153d

SHA512
e6d12be9013d57c69a200459fba63dd8fa945a135f9b89449a5d995d70ef7e20115f4414c1150e46f094c5f451a643bc6e3b9254d553a728b1495c4174c121b3

Download Submit
C:\Windows\system\YqTPtpl.exe

Filesize
6.0MB

MD5
13524857aef4db3e0e14266066ed38b5

SHA1
4c86a02a13dc803b761333d57b6b9131d990b665

SHA256
d06ad6b22b4b65b7cc1ed83ae789e9577cf12d84ebf37534233cba960953acef

SHA512
3611a29da215e260180b4ff69a1162bc1452cb0151c53204bcb7f2a96949a6f5b4bd972cf9f2a7284ab091dc6adeaa7195d969422932edf6a21efd67da1a954c

Download Submit
C:\Windows\system\YzJdWii.exe

Filesize
6.0MB

MD5
bc618ddf8a01dff563af5e59e525a08d

SHA1
eca24ac901e5273fe16bba43245f462eef0bdcd9

SHA256
054cce7fa3cab46cfa4e99c3a87464f571d552bf6cd8fcc5c19d4071173ac6ed

SHA512
2ed013e5e1167aebb00d6c3ae171207def9041410575d920c6880229b790b4217869375ac08dc2289c62615c18a994d2dc329d6c967830cfe36dd9012a14aa2e

Download Submit
C:\Windows\system\cGxIfvd.exe

Filesize
6.0MB

MD5
4b8f330bdc4960a86a8506eaef003d82

SHA1
9f42a398a5a1143a3e151d7f5242dd76e66fc01e

SHA256
d194cd66380e38cb0f6c261407f19e686de3013dd99232c180713345b8cf8c66

SHA512
7b7cc47f16ba6f0069de8326e581d178ffff1eeebb4a559756466dc5f0bfa0830e04d52c63446199fc8e7333e0fc4e732ab5aa4397985f72c56dec6882191903

Download Submit
C:\Windows\system\iBjpUoj.exe

Filesize
6.0MB

MD5
c4f5f17f74f5407a8e2a0198f8be6fd0

SHA1
de6d8df7484eaa5656dacea26da167c11365ca2f

SHA256
3de4d5d5c842ea8237b5129eafb0442dd5fea57ddde8eeb6e25aa3231e83c2a5

SHA512
691da422c3d2e4940819079b9d3d754dd3154155fbc3bc1f1c753101c5c7694df45a15448fb7a0fa2c2e76cedb2970b051c4bd94239c2702487d6c55d389de0c

Download Submit
C:\Windows\system\ixvCpRr.exe

Filesize
6.0MB

MD5
1f2920a6a61b4b2cf8c58d733f9571db

SHA1
73941fe40f595723bf41dd0242ccc44196ac466d

SHA256
e078713207f68a7a1262c96e7bf73009fc42da38442aa917f1919f35ce7b7036

SHA512
3c48a27d73656f26d56afb542d370e3bb4484273c93afdc59b9b2a22ae15c1ef2f6141c2abb7b87b42fcac2b9dc4f975f8d328a3063de903194c6a89459ee003

Download Submit
C:\Windows\system\kGlJpqV.exe

Filesize
6.0MB

MD5
a8ebc5d1b3d3f5c8636cd6e630ca7f91

SHA1
ec8b5a7028c33450f7459273649687883e3d11f1

SHA256
034f3d947ce78c8681693166870e06a0e880f11f9093bcd4ea5abd539487e265

SHA512
63091feebb6dbf2fa6d24e3d9769d540cf88915ec8e1b093a15c0510f9efdf3e9f4f4e86cd01a5c0fb795aca7df03100c2773aec6a5157dd47c79abd37d5c469

Download Submit
C:\Windows\system\mHDmqTc.exe

Filesize
6.0MB

MD5
38864ad48b829333edf4916f3c9712f4

SHA1
620ff53d5c3951eb9bbc3acae03699f30161d7b0

SHA256
2ea119fcfb0b91dd1de8bd81cb09959a5b169fc440f11e48358966021d3f1e9c

SHA512
ac5c605886d462e71ab41fa6bc6118cfea8ec9fd0b0d6227edf528132f65894086d97724b3133b4568d01ddbc9cb61ee1535ca6c3e4fb686b8385a749f78b0fa

Download Submit
C:\Windows\system\nEMOHtq.exe

Filesize
6.0MB

MD5
958a7a5e4d1532f6139d0e5dc53f4fe2

SHA1
58c7a436996d2a61f9928afdb05c17c8e1745e94

SHA256
c2a67a37694e3b99876b54b0bc75f67ac94b8d1ddbca7e6f3f89e4f7b0a2711e

SHA512
ce2370d116c149d2b10a4e69fe2ea5b07b3c5dfbc9222f64ca3a5b212d332a1ef313e1a24163582e29794836d3cd4a186863918a960900e84e0d27a3f1206cab

Download Submit
C:\Windows\system\vTEypQC.exe

Filesize
6.0MB

MD5
84c4d32967e66bcbe052a24da98b3edb

SHA1
3edfa239444a1be3baa70e031954a6abb132a7eb

SHA256
d58f3ca176002b5a4b9e8e673b75de13b9b6f9950224347442f650f966a57b76

SHA512
ff53868838b8dd7d211b26b30773679ac6a3551dc3fd7ef7fe2d736e8578a3c66faf10f60eb5fdcf4e31325c3f56f1554a0009a588d0d87532f3d9a3b3ee9abe

Download Submit
C:\Windows\system\wGOWTfI.exe

Filesize
6.0MB

MD5
f3e7427489d03016757fcc610a96135b

SHA1
2094788cf547438c5815261296fad6fc39915902

SHA256
f4405236e598b53189d2ecc71d540f0cc017e1c0ebcb9f1bfec3b8df0c4f70a6

SHA512
4135713180af4d85d1b2caf138dc5c0fc651dcb32b8cf157a59ed00bdbd1da00e2f1c74c3ce6febfb5df96d3098479ea8e230c2993e7ab49108df5899596bace

Download Submit
C:\Windows\system\weqjkJc.exe

Filesize
6.0MB

MD5
1a18bf59e0a828fb3903393476cd5ab8

SHA1
3f240ce131f121ee094bd2d515bea49414cd470b

SHA256
b1c8f8272cb9d27a6a3e1bbfbbf1b82b0233c420c7dfd877026100cc279f26ae

SHA512
e3a48664ecaaf0efbe316e4f03f7d906147787ba9ad5070091173dedeea213fd1603cc879172863e2264d3e5cf94766224446b3e3b760291f7e1a898840f8f03

Download Submit
C:\Windows\system\yildhho.exe

Filesize
6.0MB

MD5
be157bbd224fe454e7032439616701f2

SHA1
da8478449d9f574123e122522eff98c87d41bab6

SHA256
5fbb74f12506629561fa4fbfcf2df5ee1e2bb6e618404e0b3fcd2b6b5d83d55d

SHA512
f44a140a1df276633928d8a348d7eca67a073b2b8ba482b5bba13bdc44ab739ff8e04561c6bbd641d2602e94e7b9d85ce5ada6fa719a96facaf33f96e6c03c5c

Download Submit
\Windows\system\RiaQXgF.exe

Filesize
6.0MB

MD5
17dd612a6cbadf183a87270e2595e894

SHA1
bf8d1791ddd9a60c3f453aab0c0f3f7f6b7d22da

SHA256
8043306d4336a1148e70a6b7d0d996385967d3eb2ef858864efe7a524a78607c

SHA512
7b833bb17f35621d0e02c55ce5ed1fd185c0ea70005aeee975611a69a2eeb56e05a6157ab97332f1be359432c56b0acbea2aea22d3409547ad6665f421bdbcc9

Download Submit
\Windows\system\SaUVgYn.exe

Filesize
6.0MB

MD5
599cb7c4c84ced56fac4d9e571c9fb54

SHA1
99f41287ebb7ec33d8a47601db777f464a78091e

SHA256
4e720056b8c946e3b24e982a194cf42eb21052abc6d432b1e2c88c631669d914

SHA512
1023571c0d2730a1327a7db04c5ee40eb4f3f43baba031df12f0b0703d019f6cd0973b7f8d0951869e38bef417da50ae8eb39ada78ac4f54092db2216ba29638

Download Submit
\Windows\system\VwBoMlW.exe

Filesize
6.0MB

MD5
dc8c740c7c78b3c59127385bb9fd66ac

SHA1
e81578089bcaf6f7ddfea62d0ff2e5cc5519f739

SHA256
516b9984ffe44f4e2844becc31bebba082f306546ce9ad35cdf5e79eb6d47d81

SHA512
bcff9a82b1cc33c27c6235e4bfa80b5a5b68a55e93238483aeb4497f8e5282d50205a66e2dd490a1823fab62dcfe96232067732aacb02634d99dfce1d4d854aa

Download Submit
\Windows\system\XLvzEow.exe

Filesize
6.0MB

MD5
dd673872043cfd739b2aaa54216732db

SHA1
7a69c2aaca2202a0d920a5427baf539b561b4c28

SHA256
8462993a3c63eac927299b92697c8f645116aff03786ce9d6eb858c1784d2fbf

SHA512
ca60e6f7da6594c1fe5bbea1646dec8791772ce6c975a8597bd1ad616e4e5c41db02a377d28fdc5065fa6dbe7d63eebda371be5ca2652a1aa583734e97cf184a

Download Submit
\Windows\system\pDoSGQt.exe

Filesize
6.0MB

MD5
14051a16682ba59d1e7321c4ecd1bead

SHA1
77ac2b6c2e4f36aab3548ba4a08c5728bbfdfd53

SHA256
ea69d16d4b31d819e1a3ad872f4b63bac0045914d138b8866b0846a042dac9c4

SHA512
ff1673becc64fc819d6016ad1aad2c6922bd25ad2f7770a458b8d29d7777419663133e82154aec50537e45de08fa4fe9fc4d47803072e2992eab79f639097abe

Download Submit
memory/764-3971-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/764-111-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/1308-3977-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1308-202-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1308-62-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1964-3945-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1964-70-0x000000013FE20000-0x0000000140174000-memory.dmp

Filesize
3.3MB

Download
memory/1968-4002-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/1968-82-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2516-49-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3881-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2624-54-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-98-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2624-3901-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2640-97-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2640-4044-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2660-3889-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2660-26-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2688-39-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2688-3982-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2688-77-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3879-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2732-28-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2776-3878-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2776-18-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2808-3946-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2808-32-0x000000013FAA0000-0x000000013FDF4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-71-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-34-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3884-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2880-95-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4004-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2996-99-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2996-53-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-606-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2996-22-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2996-430-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2996-38-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2996-48-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2996-820-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2996-100-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-30-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1001-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2996-55-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2996-0-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2996-85-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2996-31-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2996-78-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2996-84-0x000000013F0E0000-0x000000013F434000-memory.dmp

Filesize
3.3MB

Download
memory/2996-69-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download