cobaltstrike | 30b96af53c275544715644bce8205591d018d18121cf58909d929f2864f1159c

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
29-01-2025 14:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0faf87dfaf4156ab80297864a6392880
SHA1

0fff0692010e8be59ddf878bf3b379d025719ceb
SHA256

30b96af53c275544715644bce8205591d018d18121cf58909d929f2864f1159c
SHA512

73fbdd6f527d9eec7a42d184cfbffb0cd5eaaa757a89769ded747c79774ab499881772d17e706f4dd0d751857c826188840a01c4f686ab48b6318abb77c186f8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUE:T+q56utgpPF8u/7E

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0008000000015e25-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015dc3-9.dat	cobalt_reflective_dll
behavioral1/files/0x000b000000012259-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e47-23.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019228-54.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001920f-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019234-72.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001903d-55.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160d5-46.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019241-77.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160ae-34.dat	cobalt_reflective_dll
behavioral1/files/0x0027000000015d6d-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925c-92.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933e-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-183.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-173.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-178.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-163.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-143.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019346-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001932a-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000192f0-108.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f2a-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2980-1-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2140-18-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000015e25-11.dat	xmrig
behavioral1/files/0x0008000000015dc3-9.dat	xmrig
behavioral1/memory/2868-22-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/3008-21-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2980-20-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012259-6.dat	xmrig
behavioral1/files/0x0008000000015e47-23.dat	xmrig
behavioral1/memory/2724-28-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x0005000000019228-54.dat	xmrig
behavioral1/files/0x000500000001920f-65.dat	xmrig
behavioral1/memory/2016-70-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2720-69-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/2220-76-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/1908-75-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/files/0x0005000000019234-72.dat	xmrig
behavioral1/memory/2980-71-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2628-59-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x000700000001903d-55.dat	xmrig
behavioral1/memory/2780-53-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x00070000000160d5-46.dat	xmrig
behavioral1/files/0x0005000000019241-77.dat	xmrig
behavioral1/memory/2944-38-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x00070000000160ae-34.dat	xmrig
behavioral1/memory/2428-82-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0027000000015d6d-83.dat	xmrig
behavioral1/memory/1900-91-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2724-87-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/files/0x000500000001925c-92.dat	xmrig
behavioral1/files/0x0005000000019273-100.dat	xmrig
behavioral1/memory/2848-99-0x000000013FB80000-0x000000013FED4000-memory.dmp	xmrig
behavioral1/memory/2780-98-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2980-93-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/files/0x000500000001933e-118.dat	xmrig
behavioral1/files/0x00050000000193a2-133.dat	xmrig
behavioral1/files/0x00050000000194e2-186.dat	xmrig
behavioral1/memory/1900-855-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2980-1328-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2428-642-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x00050000000194da-183.dat	xmrig
behavioral1/files/0x00050000000194b4-173.dat	xmrig
behavioral1/files/0x00050000000194d4-178.dat	xmrig
behavioral1/files/0x0005000000019494-163.dat	xmrig
behavioral1/files/0x00050000000194a7-168.dat	xmrig
behavioral1/files/0x0005000000019408-158.dat	xmrig
behavioral1/files/0x00050000000193fa-153.dat	xmrig
behavioral1/files/0x00050000000193f8-149.dat	xmrig
behavioral1/files/0x00050000000193c9-143.dat	xmrig
behavioral1/files/0x00050000000193af-138.dat	xmrig
behavioral1/files/0x0005000000019384-128.dat	xmrig
behavioral1/files/0x0005000000019346-123.dat	xmrig
behavioral1/files/0x000500000001932a-113.dat	xmrig
behavioral1/files/0x00050000000192f0-108.dat	xmrig
behavioral1/files/0x0007000000015f2a-33.dat	xmrig
behavioral1/memory/3008-4023-0x000000013F560000-0x000000013F8B4000-memory.dmp	xmrig
behavioral1/memory/2868-4024-0x000000013F860000-0x000000013FBB4000-memory.dmp	xmrig
behavioral1/memory/2724-4025-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2944-4026-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/2628-4027-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2780-4028-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2720-4029-0x000000013F990000-0x000000013FCE4000-memory.dmp	xmrig
behavioral1/memory/1908-4030-0x000000013F240000-0x000000013F594000-memory.dmp	xmrig
behavioral1/memory/2016-4031-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2140	wBFnBiH.exe
2868	dKGvoHl.exe
3008	dltJLSQ.exe
2724	quEktlo.exe
2944	LEedLDs.exe
2628	VXTfMXb.exe
2780	wElIpZF.exe
2720	CMuydKz.exe
2016	HeuZrDD.exe
1908	QLdDKxq.exe
2220	KMlkTQI.exe
2428	wBvthfM.exe
1900	absTHTW.exe
2848	iOnIgVe.exe
2960	UDwWoXW.exe
1420	hRVtQqP.exe
2340	hqfoZTk.exe
1476	dvRRbtp.exe
2644	hzBnMch.exe
544	KNisMLx.exe
1332	lbVZkQV.exe
2000	wkRHpUY.exe
2448	GMzdkBu.exe
1480	ZtfyxAW.exe
2252	rRiXnMH.exe
2484	XGmalLF.exe
1708	fsUqQIH.exe
2200	CFUmywF.exe
3016	GJvCwkO.exe
288	ybJiZHU.exe
2012	epWPuxY.exe
2376	djJWTNU.exe
1344	sbiiucG.exe
320	JpymHrs.exe
1768	gFxcKQj.exe
2300	PHATHSv.exe
1004	rKyDZEd.exe
1764	YlIxHMy.exe
1776	gYuOZVY.exe
688	JCCHsAF.exe
600	iwIJCwF.exe
3044	NvNjquM.exe
2244	NxhcWsH.exe
1888	hQNtgew.exe
2036	lqfGvqG.exe
1052	qFsuUBH.exe
1008	PRBdEqG.exe
976	Ktazvet.exe
284	qEbBppe.exe
864	UHskJji.exe
1916	nYkzAAG.exe
2416	dCCllGE.exe
2544	LaYYoPT.exe
1564	RudqeFa.exe
1728	IbUvCss.exe
1956	qCxzYLx.exe
2204	MXnDrUr.exe
2640	WciAbfT.exe
2772	wuoWgFq.exe
2620	DpckyHN.exe
3068	INBkXYv.exe
2052	xsfFAGp.exe
664	nbnnoJP.exe
476	kdwBugn.exe

Loads dropped DLL 64 IoCs

pid	Process
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2980-1-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2140-18-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x0008000000015e25-11.dat	upx
behavioral1/files/0x0008000000015dc3-9.dat	upx
behavioral1/memory/2868-22-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/3008-21-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/files/0x000b000000012259-6.dat	upx
behavioral1/files/0x0008000000015e47-23.dat	upx
behavioral1/memory/2724-28-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x0005000000019228-54.dat	upx
behavioral1/files/0x000500000001920f-65.dat	upx
behavioral1/memory/2016-70-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2720-69-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/2220-76-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/1908-75-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/files/0x0005000000019234-72.dat	upx
behavioral1/memory/2980-71-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2628-59-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x000700000001903d-55.dat	upx
behavioral1/memory/2780-53-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x00070000000160d5-46.dat	upx
behavioral1/files/0x0005000000019241-77.dat	upx
behavioral1/memory/2944-38-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x00070000000160ae-34.dat	upx
behavioral1/memory/2428-82-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0027000000015d6d-83.dat	upx
behavioral1/memory/1900-91-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2724-87-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/files/0x000500000001925c-92.dat	upx
behavioral1/files/0x0005000000019273-100.dat	upx
behavioral1/memory/2848-99-0x000000013FB80000-0x000000013FED4000-memory.dmp	upx
behavioral1/memory/2780-98-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x000500000001933e-118.dat	upx
behavioral1/files/0x00050000000193a2-133.dat	upx
behavioral1/files/0x00050000000194e2-186.dat	upx
behavioral1/memory/1900-855-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2428-642-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x00050000000194da-183.dat	upx
behavioral1/files/0x00050000000194b4-173.dat	upx
behavioral1/files/0x00050000000194d4-178.dat	upx
behavioral1/files/0x0005000000019494-163.dat	upx
behavioral1/files/0x00050000000194a7-168.dat	upx
behavioral1/files/0x0005000000019408-158.dat	upx
behavioral1/files/0x00050000000193fa-153.dat	upx
behavioral1/files/0x00050000000193f8-149.dat	upx
behavioral1/files/0x00050000000193c9-143.dat	upx
behavioral1/files/0x00050000000193af-138.dat	upx
behavioral1/files/0x0005000000019384-128.dat	upx
behavioral1/files/0x0005000000019346-123.dat	upx
behavioral1/files/0x000500000001932a-113.dat	upx
behavioral1/files/0x00050000000192f0-108.dat	upx
behavioral1/files/0x0007000000015f2a-33.dat	upx
behavioral1/memory/3008-4023-0x000000013F560000-0x000000013F8B4000-memory.dmp	upx
behavioral1/memory/2868-4024-0x000000013F860000-0x000000013FBB4000-memory.dmp	upx
behavioral1/memory/2724-4025-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2944-4026-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2628-4027-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2780-4028-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2720-4029-0x000000013F990000-0x000000013FCE4000-memory.dmp	upx
behavioral1/memory/1908-4030-0x000000013F240000-0x000000013F594000-memory.dmp	upx
behavioral1/memory/2016-4031-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2220-4032-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2428-4033-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/1900-4034-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\drTIkqn.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FfLBbmY.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOatHYh.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\viqsmWx.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBoHzKq.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HhTSgQI.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtFHbld.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lZUtvFb.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPsGLPl.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JouKePX.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\teCLOtc.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPwSkBO.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hRVtQqP.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Ktazvet.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AqLubJQ.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DClckfx.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmhsfiO.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pUTZGZQ.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSWoVSi.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCQRFEH.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYvjRjY.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQEIRBa.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iKceztH.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LgfrNii.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KdqgDTh.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awAQOMH.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtTwQDX.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YhVgHrl.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbXACBf.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abnFhFz.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KZzIBjP.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AjzqmPm.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwWhItm.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuHzmso.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlJwCFn.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkNzZtY.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbnnoJP.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUgRtmP.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urcyWrg.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\haXsPMg.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IFFAOIP.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\izrviqD.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYpWVzZ.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QNmlKTP.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CflGsGd.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExtBdCO.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuETOZQ.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\noSxQWC.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PCENLko.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDghqzs.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FERaioz.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKXHDpM.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZtqSxrm.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTkGRwT.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjKhrJJ.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\goocDep.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMrzdAW.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EcQzxpa.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uRDXCko.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfmBKhO.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfQxEYA.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cDOHAlM.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wWOFldM.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JbBnyfp.exe	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2140	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2980 wrote to memory of 2140	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2980 wrote to memory of 2140	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2980 wrote to memory of 2868	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2980 wrote to memory of 2868	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2980 wrote to memory of 2868	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2980 wrote to memory of 3008	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2980 wrote to memory of 3008	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2980 wrote to memory of 3008	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2980 wrote to memory of 2724	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2980 wrote to memory of 2724	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2980 wrote to memory of 2724	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2980 wrote to memory of 2944	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2980 wrote to memory of 2944	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2980 wrote to memory of 2944	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2980 wrote to memory of 2628	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2980 wrote to memory of 2628	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2980 wrote to memory of 2628	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2980 wrote to memory of 2780	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2980 wrote to memory of 2780	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2980 wrote to memory of 2780	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2980 wrote to memory of 2720	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2980 wrote to memory of 2720	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2980 wrote to memory of 2720	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2980 wrote to memory of 1908	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2980 wrote to memory of 1908	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2980 wrote to memory of 1908	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2980 wrote to memory of 2016	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2980 wrote to memory of 2016	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2980 wrote to memory of 2016	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2980 wrote to memory of 2220	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2980 wrote to memory of 2220	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2980 wrote to memory of 2220	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2980 wrote to memory of 2428	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2980 wrote to memory of 2428	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2980 wrote to memory of 2428	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2980 wrote to memory of 1900	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2980 wrote to memory of 1900	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2980 wrote to memory of 1900	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2980 wrote to memory of 2848	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2980 wrote to memory of 2848	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2980 wrote to memory of 2848	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2980 wrote to memory of 2960	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2980 wrote to memory of 2960	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2980 wrote to memory of 2960	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2980 wrote to memory of 1420	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2980 wrote to memory of 1420	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2980 wrote to memory of 1420	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2980 wrote to memory of 2340	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2980 wrote to memory of 2340	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2980 wrote to memory of 2340	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2980 wrote to memory of 1476	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2980 wrote to memory of 1476	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2980 wrote to memory of 1476	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2980 wrote to memory of 2644	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2980 wrote to memory of 2644	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2980 wrote to memory of 2644	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2980 wrote to memory of 544	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2980 wrote to memory of 544	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2980 wrote to memory of 544	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2980 wrote to memory of 1332	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2980 wrote to memory of 1332	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2980 wrote to memory of 1332	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2980 wrote to memory of 2000	2980	2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-29_0faf87dfaf4156ab80297864a6392880_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\System\wBFnBiH.exe
  C:\Windows\System\wBFnBiH.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\dKGvoHl.exe
  C:\Windows\System\dKGvoHl.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\dltJLSQ.exe
  C:\Windows\System\dltJLSQ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\quEktlo.exe
  C:\Windows\System\quEktlo.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\LEedLDs.exe
  C:\Windows\System\LEedLDs.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\VXTfMXb.exe
  C:\Windows\System\VXTfMXb.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\wElIpZF.exe
  C:\Windows\System\wElIpZF.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\CMuydKz.exe
  C:\Windows\System\CMuydKz.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\QLdDKxq.exe
  C:\Windows\System\QLdDKxq.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\HeuZrDD.exe
  C:\Windows\System\HeuZrDD.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\KMlkTQI.exe
  C:\Windows\System\KMlkTQI.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\wBvthfM.exe
  C:\Windows\System\wBvthfM.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\absTHTW.exe
  C:\Windows\System\absTHTW.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\iOnIgVe.exe
  C:\Windows\System\iOnIgVe.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\UDwWoXW.exe
  C:\Windows\System\UDwWoXW.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\hRVtQqP.exe
  C:\Windows\System\hRVtQqP.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\hqfoZTk.exe
  C:\Windows\System\hqfoZTk.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\dvRRbtp.exe
  C:\Windows\System\dvRRbtp.exe
  2⤵
  - Executes dropped EXE
  PID:1476
- C:\Windows\System\hzBnMch.exe
  C:\Windows\System\hzBnMch.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\KNisMLx.exe
  C:\Windows\System\KNisMLx.exe
  2⤵
  - Executes dropped EXE
  PID:544
- C:\Windows\System\lbVZkQV.exe
  C:\Windows\System\lbVZkQV.exe
  2⤵
  - Executes dropped EXE
  PID:1332
- C:\Windows\System\wkRHpUY.exe
  C:\Windows\System\wkRHpUY.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\GMzdkBu.exe
  C:\Windows\System\GMzdkBu.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\ZtfyxAW.exe
  C:\Windows\System\ZtfyxAW.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\rRiXnMH.exe
  C:\Windows\System\rRiXnMH.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\XGmalLF.exe
  C:\Windows\System\XGmalLF.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\fsUqQIH.exe
  C:\Windows\System\fsUqQIH.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\CFUmywF.exe
  C:\Windows\System\CFUmywF.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\GJvCwkO.exe
  C:\Windows\System\GJvCwkO.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ybJiZHU.exe
  C:\Windows\System\ybJiZHU.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\epWPuxY.exe
  C:\Windows\System\epWPuxY.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\djJWTNU.exe
  C:\Windows\System\djJWTNU.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\sbiiucG.exe
  C:\Windows\System\sbiiucG.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\JpymHrs.exe
  C:\Windows\System\JpymHrs.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\gFxcKQj.exe
  C:\Windows\System\gFxcKQj.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\PHATHSv.exe
  C:\Windows\System\PHATHSv.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\rKyDZEd.exe
  C:\Windows\System\rKyDZEd.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\YlIxHMy.exe
  C:\Windows\System\YlIxHMy.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\gYuOZVY.exe
  C:\Windows\System\gYuOZVY.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\JCCHsAF.exe
  C:\Windows\System\JCCHsAF.exe
  2⤵
  - Executes dropped EXE
  PID:688
- C:\Windows\System\iwIJCwF.exe
  C:\Windows\System\iwIJCwF.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\NvNjquM.exe
  C:\Windows\System\NvNjquM.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\NxhcWsH.exe
  C:\Windows\System\NxhcWsH.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\hQNtgew.exe
  C:\Windows\System\hQNtgew.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\lqfGvqG.exe
  C:\Windows\System\lqfGvqG.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\qFsuUBH.exe
  C:\Windows\System\qFsuUBH.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\PRBdEqG.exe
  C:\Windows\System\PRBdEqG.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\Ktazvet.exe
  C:\Windows\System\Ktazvet.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\qEbBppe.exe
  C:\Windows\System\qEbBppe.exe
  2⤵
  - Executes dropped EXE
  PID:284
- C:\Windows\System\UHskJji.exe
  C:\Windows\System\UHskJji.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\nYkzAAG.exe
  C:\Windows\System\nYkzAAG.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\dCCllGE.exe
  C:\Windows\System\dCCllGE.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\LaYYoPT.exe
  C:\Windows\System\LaYYoPT.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\RudqeFa.exe
  C:\Windows\System\RudqeFa.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\IbUvCss.exe
  C:\Windows\System\IbUvCss.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\qCxzYLx.exe
  C:\Windows\System\qCxzYLx.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\MXnDrUr.exe
  C:\Windows\System\MXnDrUr.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\WciAbfT.exe
  C:\Windows\System\WciAbfT.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\wuoWgFq.exe
  C:\Windows\System\wuoWgFq.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\DpckyHN.exe
  C:\Windows\System\DpckyHN.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\INBkXYv.exe
  C:\Windows\System\INBkXYv.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\xsfFAGp.exe
  C:\Windows\System\xsfFAGp.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\nbnnoJP.exe
  C:\Windows\System\nbnnoJP.exe
  2⤵
  - Executes dropped EXE
  PID:664
- C:\Windows\System\kdwBugn.exe
  C:\Windows\System\kdwBugn.exe
  2⤵
  - Executes dropped EXE
  PID:476
- C:\Windows\System\jPXVJbE.exe
  C:\Windows\System\jPXVJbE.exe
  2⤵
  PID:2816
- C:\Windows\System\gHQTuXo.exe
  C:\Windows\System\gHQTuXo.exe
  2⤵
  PID:1096
- C:\Windows\System\QGDMyRf.exe
  C:\Windows\System\QGDMyRf.exe
  2⤵
  PID:620
- C:\Windows\System\sQPqzFR.exe
  C:\Windows\System\sQPqzFR.exe
  2⤵
  PID:356
- C:\Windows\System\MwwAaSC.exe
  C:\Windows\System\MwwAaSC.exe
  2⤵
  PID:584
- C:\Windows\System\wYALvLn.exe
  C:\Windows\System\wYALvLn.exe
  2⤵
  PID:1072
- C:\Windows\System\OdyzOZs.exe
  C:\Windows\System\OdyzOZs.exe
  2⤵
  PID:2044
- C:\Windows\System\BvGXFjh.exe
  C:\Windows\System\BvGXFjh.exe
  2⤵
  PID:2076
- C:\Windows\System\nswpcaL.exe
  C:\Windows\System\nswpcaL.exe
  2⤵
  PID:448
- C:\Windows\System\DjIunII.exe
  C:\Windows\System\DjIunII.exe
  2⤵
  PID:1124
- C:\Windows\System\SrhbYVd.exe
  C:\Windows\System\SrhbYVd.exe
  2⤵
  PID:952
- C:\Windows\System\NYFgQGs.exe
  C:\Windows\System\NYFgQGs.exe
  2⤵
  PID:2292
- C:\Windows\System\CvBJDvW.exe
  C:\Windows\System\CvBJDvW.exe
  2⤵
  PID:1524
- C:\Windows\System\AqLubJQ.exe
  C:\Windows\System\AqLubJQ.exe
  2⤵
  PID:1780
- C:\Windows\System\IWUiUJT.exe
  C:\Windows\System\IWUiUJT.exe
  2⤵
  PID:1756
- C:\Windows\System\eDWMECw.exe
  C:\Windows\System\eDWMECw.exe
  2⤵
  PID:1752
- C:\Windows\System\wGehsOJ.exe
  C:\Windows\System\wGehsOJ.exe
  2⤵
  PID:2360
- C:\Windows\System\jHDuiFG.exe
  C:\Windows\System\jHDuiFG.exe
  2⤵
  PID:2088
- C:\Windows\System\dBnOaRH.exe
  C:\Windows\System\dBnOaRH.exe
  2⤵
  PID:1036
- C:\Windows\System\GPLxLFA.exe
  C:\Windows\System\GPLxLFA.exe
  2⤵
  PID:2984
- C:\Windows\System\kYaNrho.exe
  C:\Windows\System\kYaNrho.exe
  2⤵
  PID:332
- C:\Windows\System\nPiwfzU.exe
  C:\Windows\System\nPiwfzU.exe
  2⤵
  PID:2112
- C:\Windows\System\GJyigdN.exe
  C:\Windows\System\GJyigdN.exe
  2⤵
  PID:1044
- C:\Windows\System\iOatHYh.exe
  C:\Windows\System\iOatHYh.exe
  2⤵
  PID:1140
- C:\Windows\System\EObIJZB.exe
  C:\Windows\System\EObIJZB.exe
  2⤵
  PID:2612
- C:\Windows\System\zPPbUYx.exe
  C:\Windows\System\zPPbUYx.exe
  2⤵
  PID:2976
- C:\Windows\System\HDMUPRH.exe
  C:\Windows\System\HDMUPRH.exe
  2⤵
  PID:2684
- C:\Windows\System\YgkgReB.exe
  C:\Windows\System\YgkgReB.exe
  2⤵
  PID:2608
- C:\Windows\System\WYHBZsH.exe
  C:\Windows\System\WYHBZsH.exe
  2⤵
  PID:888
- C:\Windows\System\qabXsGP.exe
  C:\Windows\System\qabXsGP.exe
  2⤵
  PID:2572
- C:\Windows\System\XLnABrI.exe
  C:\Windows\System\XLnABrI.exe
  2⤵
  PID:2964
- C:\Windows\System\gTUJYgG.exe
  C:\Windows\System\gTUJYgG.exe
  2⤵
  PID:1316
- C:\Windows\System\OkIqDgt.exe
  C:\Windows\System\OkIqDgt.exe
  2⤵
  PID:376
- C:\Windows\System\oKVgWFN.exe
  C:\Windows\System\oKVgWFN.exe
  2⤵
  PID:2440
- C:\Windows\System\PaeKuQX.exe
  C:\Windows\System\PaeKuQX.exe
  2⤵
  PID:2860
- C:\Windows\System\YzGmlrh.exe
  C:\Windows\System\YzGmlrh.exe
  2⤵
  PID:548
- C:\Windows\System\KfzWyuP.exe
  C:\Windows\System\KfzWyuP.exe
  2⤵
  PID:1048
- C:\Windows\System\yIYOGge.exe
  C:\Windows\System\yIYOGge.exe
  2⤵
  PID:1348
- C:\Windows\System\DClckfx.exe
  C:\Windows\System\DClckfx.exe
  2⤵
  PID:1772
- C:\Windows\System\gwamZCk.exe
  C:\Windows\System\gwamZCk.exe
  2⤵
  PID:1164
- C:\Windows\System\RDQzyLw.exe
  C:\Windows\System\RDQzyLw.exe
  2⤵
  PID:772
- C:\Windows\System\kqpkiZh.exe
  C:\Windows\System\kqpkiZh.exe
  2⤵
  PID:1892
- C:\Windows\System\DKXDJUX.exe
  C:\Windows\System\DKXDJUX.exe
  2⤵
  PID:2700
- C:\Windows\System\bkkDEeu.exe
  C:\Windows\System\bkkDEeu.exe
  2⤵
  PID:2896
- C:\Windows\System\uywmDfb.exe
  C:\Windows\System\uywmDfb.exe
  2⤵
  PID:2856
- C:\Windows\System\pyWgxys.exe
  C:\Windows\System\pyWgxys.exe
  2⤵
  PID:2748
- C:\Windows\System\OfAykRY.exe
  C:\Windows\System\OfAykRY.exe
  2⤵
  PID:2752
- C:\Windows\System\hpqiTSi.exe
  C:\Windows\System\hpqiTSi.exe
  2⤵
  PID:2792
- C:\Windows\System\ATWrQoQ.exe
  C:\Windows\System\ATWrQoQ.exe
  2⤵
  PID:1696
- C:\Windows\System\KGefWIc.exe
  C:\Windows\System\KGefWIc.exe
  2⤵
  PID:2788
- C:\Windows\System\zmvZTua.exe
  C:\Windows\System\zmvZTua.exe
  2⤵
  PID:2496
- C:\Windows\System\YjqsEck.exe
  C:\Windows\System\YjqsEck.exe
  2⤵
  PID:628
- C:\Windows\System\MBrdCDe.exe
  C:\Windows\System\MBrdCDe.exe
  2⤵
  PID:1640
- C:\Windows\System\bkCVBMB.exe
  C:\Windows\System\bkCVBMB.exe
  2⤵
  PID:2100
- C:\Windows\System\MQBLhWq.exe
  C:\Windows\System\MQBLhWq.exe
  2⤵
  PID:2348
- C:\Windows\System\QApgfAm.exe
  C:\Windows\System\QApgfAm.exe
  2⤵
  PID:2928
- C:\Windows\System\WtxALin.exe
  C:\Windows\System\WtxALin.exe
  2⤵
  PID:1800
- C:\Windows\System\hyOxtPP.exe
  C:\Windows\System\hyOxtPP.exe
  2⤵
  PID:2632
- C:\Windows\System\SOnEeRR.exe
  C:\Windows\System\SOnEeRR.exe
  2⤵
  PID:2064
- C:\Windows\System\qllVWro.exe
  C:\Windows\System\qllVWro.exe
  2⤵
  PID:2160
- C:\Windows\System\gIZGRoC.exe
  C:\Windows\System\gIZGRoC.exe
  2⤵
  PID:2216
- C:\Windows\System\RlSFFPW.exe
  C:\Windows\System\RlSFFPW.exe
  2⤵
  PID:2740
- C:\Windows\System\GnKGfqf.exe
  C:\Windows\System\GnKGfqf.exe
  2⤵
  PID:1760
- C:\Windows\System\NLCVyCV.exe
  C:\Windows\System\NLCVyCV.exe
  2⤵
  PID:2992
- C:\Windows\System\IWNzywf.exe
  C:\Windows\System\IWNzywf.exe
  2⤵
  PID:2148
- C:\Windows\System\bTTTSta.exe
  C:\Windows\System\bTTTSta.exe
  2⤵
  PID:2672
- C:\Windows\System\wrNIOKw.exe
  C:\Windows\System\wrNIOKw.exe
  2⤵
  PID:1724
- C:\Windows\System\jnYWNun.exe
  C:\Windows\System\jnYWNun.exe
  2⤵
  PID:2020
- C:\Windows\System\JHAoSXD.exe
  C:\Windows\System\JHAoSXD.exe
  2⤵
  PID:2296
- C:\Windows\System\lqnOCnw.exe
  C:\Windows\System\lqnOCnw.exe
  2⤵
  PID:2380
- C:\Windows\System\uoTYrNU.exe
  C:\Windows\System\uoTYrNU.exe
  2⤵
  PID:1584
- C:\Windows\System\fNXoEJe.exe
  C:\Windows\System\fNXoEJe.exe
  2⤵
  PID:2756
- C:\Windows\System\sgiGmSV.exe
  C:\Windows\System\sgiGmSV.exe
  2⤵
  PID:3084
- C:\Windows\System\XbqMFOZ.exe
  C:\Windows\System\XbqMFOZ.exe
  2⤵
  PID:3100
- C:\Windows\System\GKeLioV.exe
  C:\Windows\System\GKeLioV.exe
  2⤵
  PID:3124
- C:\Windows\System\kEiSGga.exe
  C:\Windows\System\kEiSGga.exe
  2⤵
  PID:3144
- C:\Windows\System\nniTQxI.exe
  C:\Windows\System\nniTQxI.exe
  2⤵
  PID:3164
- C:\Windows\System\IUlUfXj.exe
  C:\Windows\System\IUlUfXj.exe
  2⤵
  PID:3184
- C:\Windows\System\enOVAsB.exe
  C:\Windows\System\enOVAsB.exe
  2⤵
  PID:3204
- C:\Windows\System\XRBzjcJ.exe
  C:\Windows\System\XRBzjcJ.exe
  2⤵
  PID:3224
- C:\Windows\System\qYFEIiv.exe
  C:\Windows\System\qYFEIiv.exe
  2⤵
  PID:3248
- C:\Windows\System\dmhsfiO.exe
  C:\Windows\System\dmhsfiO.exe
  2⤵
  PID:3268
- C:\Windows\System\JPnGmfg.exe
  C:\Windows\System\JPnGmfg.exe
  2⤵
  PID:3288
- C:\Windows\System\IqXmGKH.exe
  C:\Windows\System\IqXmGKH.exe
  2⤵
  PID:3304
- C:\Windows\System\vFQeExK.exe
  C:\Windows\System\vFQeExK.exe
  2⤵
  PID:3328
- C:\Windows\System\pUTZGZQ.exe
  C:\Windows\System\pUTZGZQ.exe
  2⤵
  PID:3348
- C:\Windows\System\zXAGJBC.exe
  C:\Windows\System\zXAGJBC.exe
  2⤵
  PID:3368
- C:\Windows\System\fDflHWU.exe
  C:\Windows\System\fDflHWU.exe
  2⤵
  PID:3388
- C:\Windows\System\iRyfXlH.exe
  C:\Windows\System\iRyfXlH.exe
  2⤵
  PID:3408
- C:\Windows\System\YTKEtnI.exe
  C:\Windows\System\YTKEtnI.exe
  2⤵
  PID:3428
- C:\Windows\System\PJZzkVR.exe
  C:\Windows\System\PJZzkVR.exe
  2⤵
  PID:3448
- C:\Windows\System\wcLMHkP.exe
  C:\Windows\System\wcLMHkP.exe
  2⤵
  PID:3468
- C:\Windows\System\aTvCohc.exe
  C:\Windows\System\aTvCohc.exe
  2⤵
  PID:3488
- C:\Windows\System\TPPvAcW.exe
  C:\Windows\System\TPPvAcW.exe
  2⤵
  PID:3504
- C:\Windows\System\xemRckd.exe
  C:\Windows\System\xemRckd.exe
  2⤵
  PID:3528
- C:\Windows\System\MLYJHNM.exe
  C:\Windows\System\MLYJHNM.exe
  2⤵
  PID:3544
- C:\Windows\System\euWobVw.exe
  C:\Windows\System\euWobVw.exe
  2⤵
  PID:3568
- C:\Windows\System\wmEebfo.exe
  C:\Windows\System\wmEebfo.exe
  2⤵
  PID:3588
- C:\Windows\System\CGpAXqq.exe
  C:\Windows\System\CGpAXqq.exe
  2⤵
  PID:3608
- C:\Windows\System\qFvoqnI.exe
  C:\Windows\System\qFvoqnI.exe
  2⤵
  PID:3628
- C:\Windows\System\xghPqqc.exe
  C:\Windows\System\xghPqqc.exe
  2⤵
  PID:3648
- C:\Windows\System\OyPyJHw.exe
  C:\Windows\System\OyPyJHw.exe
  2⤵
  PID:3668
- C:\Windows\System\UVTkTFI.exe
  C:\Windows\System\UVTkTFI.exe
  2⤵
  PID:3688
- C:\Windows\System\CGIehxy.exe
  C:\Windows\System\CGIehxy.exe
  2⤵
  PID:3708
- C:\Windows\System\TPobCRx.exe
  C:\Windows\System\TPobCRx.exe
  2⤵
  PID:3728
- C:\Windows\System\CcXSLnK.exe
  C:\Windows\System\CcXSLnK.exe
  2⤵
  PID:3748
- C:\Windows\System\hqTGveO.exe
  C:\Windows\System\hqTGveO.exe
  2⤵
  PID:3768
- C:\Windows\System\DhjAxau.exe
  C:\Windows\System\DhjAxau.exe
  2⤵
  PID:3788
- C:\Windows\System\TBamaSn.exe
  C:\Windows\System\TBamaSn.exe
  2⤵
  PID:3808
- C:\Windows\System\qsqVDfy.exe
  C:\Windows\System\qsqVDfy.exe
  2⤵
  PID:3828
- C:\Windows\System\vOGuMjS.exe
  C:\Windows\System\vOGuMjS.exe
  2⤵
  PID:3848
- C:\Windows\System\wsntMHq.exe
  C:\Windows\System\wsntMHq.exe
  2⤵
  PID:3868
- C:\Windows\System\FcVTcfn.exe
  C:\Windows\System\FcVTcfn.exe
  2⤵
  PID:3888
- C:\Windows\System\ItFoAye.exe
  C:\Windows\System\ItFoAye.exe
  2⤵
  PID:3908
- C:\Windows\System\HHTTsJd.exe
  C:\Windows\System\HHTTsJd.exe
  2⤵
  PID:3928
- C:\Windows\System\VxOqTls.exe
  C:\Windows\System\VxOqTls.exe
  2⤵
  PID:3948
- C:\Windows\System\lEYGWOg.exe
  C:\Windows\System\lEYGWOg.exe
  2⤵
  PID:3968
- C:\Windows\System\EcanfOO.exe
  C:\Windows\System\EcanfOO.exe
  2⤵
  PID:3988
- C:\Windows\System\DLYzIvt.exe
  C:\Windows\System\DLYzIvt.exe
  2⤵
  PID:4012
- C:\Windows\System\RMODYOO.exe
  C:\Windows\System\RMODYOO.exe
  2⤵
  PID:4032
- C:\Windows\System\VxaXPlw.exe
  C:\Windows\System\VxaXPlw.exe
  2⤵
  PID:4052
- C:\Windows\System\zoImZod.exe
  C:\Windows\System\zoImZod.exe
  2⤵
  PID:4072
- C:\Windows\System\QvXnHAD.exe
  C:\Windows\System\QvXnHAD.exe
  2⤵
  PID:4092
- C:\Windows\System\TGyNfXg.exe
  C:\Windows\System\TGyNfXg.exe
  2⤵
  PID:1040
- C:\Windows\System\oeKRdbY.exe
  C:\Windows\System\oeKRdbY.exe
  2⤵
  PID:3076
- C:\Windows\System\oCEpvjc.exe
  C:\Windows\System\oCEpvjc.exe
  2⤵
  PID:1852
- C:\Windows\System\YhVgHrl.exe
  C:\Windows\System\YhVgHrl.exe
  2⤵
  PID:2828
- C:\Windows\System\fMVOYhO.exe
  C:\Windows\System\fMVOYhO.exe
  2⤵
  PID:3152
- C:\Windows\System\jkqHHgQ.exe
  C:\Windows\System\jkqHHgQ.exe
  2⤵
  PID:1240
- C:\Windows\System\KqwDIQz.exe
  C:\Windows\System\KqwDIQz.exe
  2⤵
  PID:3196
- C:\Windows\System\bTkZdhV.exe
  C:\Windows\System\bTkZdhV.exe
  2⤵
  PID:3240
- C:\Windows\System\wIdyaCr.exe
  C:\Windows\System\wIdyaCr.exe
  2⤵
  PID:3236
- C:\Windows\System\exEVJGA.exe
  C:\Windows\System\exEVJGA.exe
  2⤵
  PID:3280
- C:\Windows\System\wnqjSCi.exe
  C:\Windows\System\wnqjSCi.exe
  2⤵
  PID:3320
- C:\Windows\System\IwisoRi.exe
  C:\Windows\System\IwisoRi.exe
  2⤵
  PID:3336
- C:\Windows\System\ifyXEBB.exe
  C:\Windows\System\ifyXEBB.exe
  2⤵
  PID:3396
- C:\Windows\System\vpzlIvh.exe
  C:\Windows\System\vpzlIvh.exe
  2⤵
  PID:3436
- C:\Windows\System\UjSGmKg.exe
  C:\Windows\System\UjSGmKg.exe
  2⤵
  PID:3420
- C:\Windows\System\eIdefJn.exe
  C:\Windows\System\eIdefJn.exe
  2⤵
  PID:3464
- C:\Windows\System\pLfWNtc.exe
  C:\Windows\System\pLfWNtc.exe
  2⤵
  PID:3516
- C:\Windows\System\wORmANC.exe
  C:\Windows\System\wORmANC.exe
  2⤵
  PID:3564
- C:\Windows\System\izrviqD.exe
  C:\Windows\System\izrviqD.exe
  2⤵
  PID:3604
- C:\Windows\System\idYGcNo.exe
  C:\Windows\System\idYGcNo.exe
  2⤵
  PID:3636
- C:\Windows\System\RKUmLEJ.exe
  C:\Windows\System\RKUmLEJ.exe
  2⤵
  PID:3624
- C:\Windows\System\ZUytoZH.exe
  C:\Windows\System\ZUytoZH.exe
  2⤵
  PID:3660
- C:\Windows\System\Hghvfdg.exe
  C:\Windows\System\Hghvfdg.exe
  2⤵
  PID:3724
- C:\Windows\System\lwTPFLd.exe
  C:\Windows\System\lwTPFLd.exe
  2⤵
  PID:3736
- C:\Windows\System\gAzNwzI.exe
  C:\Windows\System\gAzNwzI.exe
  2⤵
  PID:3764
- C:\Windows\System\uxzwriH.exe
  C:\Windows\System\uxzwriH.exe
  2⤵
  PID:3784
- C:\Windows\System\kDeMoXh.exe
  C:\Windows\System\kDeMoXh.exe
  2⤵
  PID:3844
- C:\Windows\System\PWZZmhA.exe
  C:\Windows\System\PWZZmhA.exe
  2⤵
  PID:3876
- C:\Windows\System\lEIVRNB.exe
  C:\Windows\System\lEIVRNB.exe
  2⤵
  PID:3896
- C:\Windows\System\rqdZFVT.exe
  C:\Windows\System\rqdZFVT.exe
  2⤵
  PID:3964
- C:\Windows\System\cLOFkDz.exe
  C:\Windows\System\cLOFkDz.exe
  2⤵
  PID:3936
- C:\Windows\System\vTcOjqv.exe
  C:\Windows\System\vTcOjqv.exe
  2⤵
  PID:2956
- C:\Windows\System\vadXKuh.exe
  C:\Windows\System\vadXKuh.exe
  2⤵
  PID:4040
- C:\Windows\System\mplfZEX.exe
  C:\Windows\System\mplfZEX.exe
  2⤵
  PID:4024
- C:\Windows\System\DCzaYzD.exe
  C:\Windows\System\DCzaYzD.exe
  2⤵
  PID:4088
- C:\Windows\System\qyMUbdv.exe
  C:\Windows\System\qyMUbdv.exe
  2⤵
  PID:3080
- C:\Windows\System\XWKyUPE.exe
  C:\Windows\System\XWKyUPE.exe
  2⤵
  PID:2024
- C:\Windows\System\gCWpMxF.exe
  C:\Windows\System\gCWpMxF.exe
  2⤵
  PID:3120
- C:\Windows\System\vxxpOkT.exe
  C:\Windows\System\vxxpOkT.exe
  2⤵
  PID:3140
- C:\Windows\System\WGdbPlc.exe
  C:\Windows\System\WGdbPlc.exe
  2⤵
  PID:3212
- C:\Windows\System\TxTgwHM.exe
  C:\Windows\System\TxTgwHM.exe
  2⤵
  PID:3096
- C:\Windows\System\kkdgTDw.exe
  C:\Windows\System\kkdgTDw.exe
  2⤵
  PID:3264
- C:\Windows\System\dFJNZyO.exe
  C:\Windows\System\dFJNZyO.exe
  2⤵
  PID:3216
- C:\Windows\System\njMkKCU.exe
  C:\Windows\System\njMkKCU.exe
  2⤵
  PID:1940
- C:\Windows\System\RvnrqGf.exe
  C:\Windows\System\RvnrqGf.exe
  2⤵
  PID:3296
- C:\Windows\System\clmhKjf.exe
  C:\Windows\System\clmhKjf.exe
  2⤵
  PID:3380
- C:\Windows\System\tJhBPld.exe
  C:\Windows\System\tJhBPld.exe
  2⤵
  PID:3340
- C:\Windows\System\TuETOZQ.exe
  C:\Windows\System\TuETOZQ.exe
  2⤵
  PID:3480
- C:\Windows\System\tlJwCFn.exe
  C:\Windows\System\tlJwCFn.exe
  2⤵
  PID:3560
- C:\Windows\System\QslvCKS.exe
  C:\Windows\System\QslvCKS.exe
  2⤵
  PID:3524
- C:\Windows\System\mwBUtTF.exe
  C:\Windows\System\mwBUtTF.exe
  2⤵
  PID:3540
- C:\Windows\System\CkYVwAJ.exe
  C:\Windows\System\CkYVwAJ.exe
  2⤵
  PID:3664
- C:\Windows\System\wTkBAtW.exe
  C:\Windows\System\wTkBAtW.exe
  2⤵
  PID:3676
- C:\Windows\System\zbKasKz.exe
  C:\Windows\System\zbKasKz.exe
  2⤵
  PID:3720
- C:\Windows\System\yYtlZxq.exe
  C:\Windows\System\yYtlZxq.exe
  2⤵
  PID:3800
- C:\Windows\System\kgwiPWX.exe
  C:\Windows\System\kgwiPWX.exe
  2⤵
  PID:3796
- C:\Windows\System\MtNKeut.exe
  C:\Windows\System\MtNKeut.exe
  2⤵
  PID:3840
- C:\Windows\System\rOhMRyQ.exe
  C:\Windows\System\rOhMRyQ.exe
  2⤵
  PID:2056
- C:\Windows\System\DFpDOQM.exe
  C:\Windows\System\DFpDOQM.exe
  2⤵
  PID:4004
- C:\Windows\System\DYPoztt.exe
  C:\Windows\System\DYPoztt.exe
  2⤵
  PID:4020
- C:\Windows\System\HxMBjSl.exe
  C:\Windows\System\HxMBjSl.exe
  2⤵
  PID:3860
- C:\Windows\System\DfjkXzH.exe
  C:\Windows\System\DfjkXzH.exe
  2⤵
  PID:4044
- C:\Windows\System\iiqofzb.exe
  C:\Windows\System\iiqofzb.exe
  2⤵
  PID:4084
- C:\Windows\System\qOobFPw.exe
  C:\Windows\System\qOobFPw.exe
  2⤵
  PID:1520
- C:\Windows\System\bMCDIzy.exe
  C:\Windows\System\bMCDIzy.exe
  2⤵
  PID:3156
- C:\Windows\System\goocDep.exe
  C:\Windows\System\goocDep.exe
  2⤵
  PID:3176
- C:\Windows\System\USlGhXD.exe
  C:\Windows\System\USlGhXD.exe
  2⤵
  PID:3132
- C:\Windows\System\IhntiwA.exe
  C:\Windows\System\IhntiwA.exe
  2⤵
  PID:3316
- C:\Windows\System\kNNXcCi.exe
  C:\Windows\System\kNNXcCi.exe
  2⤵
  PID:3400
- C:\Windows\System\IbKBoAh.exe
  C:\Windows\System\IbKBoAh.exe
  2⤵
  PID:3376
- C:\Windows\System\KiNgQpb.exe
  C:\Windows\System\KiNgQpb.exe
  2⤵
  PID:3552
- C:\Windows\System\nvQmqNI.exe
  C:\Windows\System\nvQmqNI.exe
  2⤵
  PID:2996
- C:\Windows\System\cHRMIZX.exe
  C:\Windows\System\cHRMIZX.exe
  2⤵
  PID:3804
- C:\Windows\System\AwOihCk.exe
  C:\Windows\System\AwOihCk.exe
  2⤵
  PID:3836
- C:\Windows\System\NREHWxF.exe
  C:\Windows\System\NREHWxF.exe
  2⤵
  PID:2884
- C:\Windows\System\QiNXhIk.exe
  C:\Windows\System\QiNXhIk.exe
  2⤵
  PID:2924
- C:\Windows\System\sUhOXrk.exe
  C:\Windows\System\sUhOXrk.exe
  2⤵
  PID:1196
- C:\Windows\System\RUTPWDV.exe
  C:\Windows\System\RUTPWDV.exe
  2⤵
  PID:3284
- C:\Windows\System\ADfRpAX.exe
  C:\Windows\System\ADfRpAX.exe
  2⤵
  PID:1812
- C:\Windows\System\mRELufd.exe
  C:\Windows\System\mRELufd.exe
  2⤵
  PID:3324
- C:\Windows\System\grSVEbY.exe
  C:\Windows\System\grSVEbY.exe
  2⤵
  PID:3600
- C:\Windows\System\WZguJCv.exe
  C:\Windows\System\WZguJCv.exe
  2⤵
  PID:3500
- C:\Windows\System\yYsKegB.exe
  C:\Windows\System\yYsKegB.exe
  2⤵
  PID:3716
- C:\Windows\System\wxVClnY.exe
  C:\Windows\System\wxVClnY.exe
  2⤵
  PID:3984
- C:\Windows\System\GncSSmU.exe
  C:\Windows\System\GncSSmU.exe
  2⤵
  PID:576
- C:\Windows\System\nZfdkXf.exe
  C:\Windows\System\nZfdkXf.exe
  2⤵
  PID:2316
- C:\Windows\System\yTqOBuG.exe
  C:\Windows\System\yTqOBuG.exe
  2⤵
  PID:2616
- C:\Windows\System\uRNpdpY.exe
  C:\Windows\System\uRNpdpY.exe
  2⤵
  PID:3920
- C:\Windows\System\KjeaPYC.exe
  C:\Windows\System\KjeaPYC.exe
  2⤵
  PID:3924
- C:\Windows\System\ClHrslc.exe
  C:\Windows\System\ClHrslc.exe
  2⤵
  PID:4112
- C:\Windows\System\mbNlrFz.exe
  C:\Windows\System\mbNlrFz.exe
  2⤵
  PID:4128
- C:\Windows\System\gcWujAj.exe
  C:\Windows\System\gcWujAj.exe
  2⤵
  PID:4144
- C:\Windows\System\LgfrNii.exe
  C:\Windows\System\LgfrNii.exe
  2⤵
  PID:4168
- C:\Windows\System\lUbWvtw.exe
  C:\Windows\System\lUbWvtw.exe
  2⤵
  PID:4196
- C:\Windows\System\lufDhZY.exe
  C:\Windows\System\lufDhZY.exe
  2⤵
  PID:4232
- C:\Windows\System\QtHOQEj.exe
  C:\Windows\System\QtHOQEj.exe
  2⤵
  PID:4248
- C:\Windows\System\wRjNtrJ.exe
  C:\Windows\System\wRjNtrJ.exe
  2⤵
  PID:4264
- C:\Windows\System\iPcRghi.exe
  C:\Windows\System\iPcRghi.exe
  2⤵
  PID:4280
- C:\Windows\System\JaSLHpR.exe
  C:\Windows\System\JaSLHpR.exe
  2⤵
  PID:4296
- C:\Windows\System\ppmWLhn.exe
  C:\Windows\System\ppmWLhn.exe
  2⤵
  PID:4312
- C:\Windows\System\LVVQnbU.exe
  C:\Windows\System\LVVQnbU.exe
  2⤵
  PID:4328
- C:\Windows\System\AIWFJsj.exe
  C:\Windows\System\AIWFJsj.exe
  2⤵
  PID:4344
- C:\Windows\System\uILMzlI.exe
  C:\Windows\System\uILMzlI.exe
  2⤵
  PID:4360
- C:\Windows\System\xOWzdLi.exe
  C:\Windows\System\xOWzdLi.exe
  2⤵
  PID:4376
- C:\Windows\System\divbeyp.exe
  C:\Windows\System\divbeyp.exe
  2⤵
  PID:4392
- C:\Windows\System\wodNLKj.exe
  C:\Windows\System\wodNLKj.exe
  2⤵
  PID:4408
- C:\Windows\System\BeyWchW.exe
  C:\Windows\System\BeyWchW.exe
  2⤵
  PID:4424
- C:\Windows\System\AVktlzq.exe
  C:\Windows\System\AVktlzq.exe
  2⤵
  PID:4440
- C:\Windows\System\IMrsGko.exe
  C:\Windows\System\IMrsGko.exe
  2⤵
  PID:4456
- C:\Windows\System\qpcbOtL.exe
  C:\Windows\System\qpcbOtL.exe
  2⤵
  PID:4472
- C:\Windows\System\PvYcMGD.exe
  C:\Windows\System\PvYcMGD.exe
  2⤵
  PID:4548
- C:\Windows\System\GCisYmG.exe
  C:\Windows\System\GCisYmG.exe
  2⤵
  PID:4568
- C:\Windows\System\lJSiqNR.exe
  C:\Windows\System\lJSiqNR.exe
  2⤵
  PID:4640
- C:\Windows\System\dPONlgM.exe
  C:\Windows\System\dPONlgM.exe
  2⤵
  PID:4656
- C:\Windows\System\nmMSPXR.exe
  C:\Windows\System\nmMSPXR.exe
  2⤵
  PID:4676
- C:\Windows\System\vOUCVSG.exe
  C:\Windows\System\vOUCVSG.exe
  2⤵
  PID:4696
- C:\Windows\System\fqXWiyo.exe
  C:\Windows\System\fqXWiyo.exe
  2⤵
  PID:4712
- C:\Windows\System\cDOHAlM.exe
  C:\Windows\System\cDOHAlM.exe
  2⤵
  PID:4728
- C:\Windows\System\lKOqLPl.exe
  C:\Windows\System\lKOqLPl.exe
  2⤵
  PID:4748
- C:\Windows\System\kdOuZoc.exe
  C:\Windows\System\kdOuZoc.exe
  2⤵
  PID:4768
- C:\Windows\System\lrYxNqE.exe
  C:\Windows\System\lrYxNqE.exe
  2⤵
  PID:4784
- C:\Windows\System\IsgbZDQ.exe
  C:\Windows\System\IsgbZDQ.exe
  2⤵
  PID:4800
- C:\Windows\System\LsvuIeT.exe
  C:\Windows\System\LsvuIeT.exe
  2⤵
  PID:4840
- C:\Windows\System\iehZmen.exe
  C:\Windows\System\iehZmen.exe
  2⤵
  PID:4856
- C:\Windows\System\xVINUYH.exe
  C:\Windows\System\xVINUYH.exe
  2⤵
  PID:4876
- C:\Windows\System\jyqUcRi.exe
  C:\Windows\System\jyqUcRi.exe
  2⤵
  PID:4892
- C:\Windows\System\NnKunAd.exe
  C:\Windows\System\NnKunAd.exe
  2⤵
  PID:4924
- C:\Windows\System\YCSrRxw.exe
  C:\Windows\System\YCSrRxw.exe
  2⤵
  PID:4952
- C:\Windows\System\NlUQRqg.exe
  C:\Windows\System\NlUQRqg.exe
  2⤵
  PID:4968
- C:\Windows\System\VOQEXsN.exe
  C:\Windows\System\VOQEXsN.exe
  2⤵
  PID:4984
- C:\Windows\System\Xnlbfvw.exe
  C:\Windows\System\Xnlbfvw.exe
  2⤵
  PID:5000
- C:\Windows\System\puZUlgA.exe
  C:\Windows\System\puZUlgA.exe
  2⤵
  PID:5016
- C:\Windows\System\WWeheJO.exe
  C:\Windows\System\WWeheJO.exe
  2⤵
  PID:5036
- C:\Windows\System\EfdOZfT.exe
  C:\Windows\System\EfdOZfT.exe
  2⤵
  PID:5052
- C:\Windows\System\BZYeGoG.exe
  C:\Windows\System\BZYeGoG.exe
  2⤵
  PID:5068
- C:\Windows\System\ajeAAXT.exe
  C:\Windows\System\ajeAAXT.exe
  2⤵
  PID:5084
- C:\Windows\System\qTcMmlV.exe
  C:\Windows\System\qTcMmlV.exe
  2⤵
  PID:5100
- C:\Windows\System\pBNsIoK.exe
  C:\Windows\System\pBNsIoK.exe
  2⤵
  PID:3900
- C:\Windows\System\gYpWVzZ.exe
  C:\Windows\System\gYpWVzZ.exe
  2⤵
  PID:3620
- C:\Windows\System\jtjAizE.exe
  C:\Windows\System\jtjAizE.exe
  2⤵
  PID:1080
- C:\Windows\System\DtmZYqa.exe
  C:\Windows\System\DtmZYqa.exe
  2⤵
  PID:4136
- C:\Windows\System\kIWIZyH.exe
  C:\Windows\System\kIWIZyH.exe
  2⤵
  PID:4184
- C:\Windows\System\BKhJBrZ.exe
  C:\Windows\System\BKhJBrZ.exe
  2⤵
  PID:4120
- C:\Windows\System\WvgEebq.exe
  C:\Windows\System\WvgEebq.exe
  2⤵
  PID:4204
- C:\Windows\System\VYpHewQ.exe
  C:\Windows\System\VYpHewQ.exe
  2⤵
  PID:4224
- C:\Windows\System\LbxSZJH.exe
  C:\Windows\System\LbxSZJH.exe
  2⤵
  PID:2040
- C:\Windows\System\MqMbGVs.exe
  C:\Windows\System\MqMbGVs.exe
  2⤵
  PID:4276
- C:\Windows\System\YPdZJIV.exe
  C:\Windows\System\YPdZJIV.exe
  2⤵
  PID:4368
- C:\Windows\System\gAWTDBS.exe
  C:\Windows\System\gAWTDBS.exe
  2⤵
  PID:4432
- C:\Windows\System\jEbUIqV.exe
  C:\Windows\System\jEbUIqV.exe
  2⤵
  PID:4436
- C:\Windows\System\ccQaIYn.exe
  C:\Windows\System\ccQaIYn.exe
  2⤵
  PID:4468
- C:\Windows\System\jBUzTIn.exe
  C:\Windows\System\jBUzTIn.exe
  2⤵
  PID:4356
- C:\Windows\System\CvHavAF.exe
  C:\Windows\System\CvHavAF.exe
  2⤵
  PID:4420
- C:\Windows\System\tVgaDZb.exe
  C:\Windows\System\tVgaDZb.exe
  2⤵
  PID:4492
- C:\Windows\System\udfGSir.exe
  C:\Windows\System\udfGSir.exe
  2⤵
  PID:4504
- C:\Windows\System\YHytJDf.exe
  C:\Windows\System\YHytJDf.exe
  2⤵
  PID:532
- C:\Windows\System\RYLoHFi.exe
  C:\Windows\System\RYLoHFi.exe
  2⤵
  PID:4596
- C:\Windows\System\OsoSNpC.exe
  C:\Windows\System\OsoSNpC.exe
  2⤵
  PID:4612
- C:\Windows\System\mFiOIBx.exe
  C:\Windows\System\mFiOIBx.exe
  2⤵
  PID:4628
- C:\Windows\System\EiYSclP.exe
  C:\Windows\System\EiYSclP.exe
  2⤵
  PID:4652
- C:\Windows\System\PyjVYga.exe
  C:\Windows\System\PyjVYga.exe
  2⤵
  PID:4724
- C:\Windows\System\rdsLtnz.exe
  C:\Windows\System\rdsLtnz.exe
  2⤵
  PID:2664
- C:\Windows\System\ssXbTSU.exe
  C:\Windows\System\ssXbTSU.exe
  2⤵
  PID:4820
- C:\Windows\System\REzGWZv.exe
  C:\Windows\System\REzGWZv.exe
  2⤵
  PID:4852
- C:\Windows\System\GAcKFBv.exe
  C:\Windows\System\GAcKFBv.exe
  2⤵
  PID:4740
- C:\Windows\System\PnwUGrO.exe
  C:\Windows\System\PnwUGrO.exe
  2⤵
  PID:4836
- C:\Windows\System\OvWhOtl.exe
  C:\Windows\System\OvWhOtl.exe
  2⤵
  PID:4904
- C:\Windows\System\xOYnltq.exe
  C:\Windows\System\xOYnltq.exe
  2⤵
  PID:1636
- C:\Windows\System\qxZVFRP.exe
  C:\Windows\System\qxZVFRP.exe
  2⤵
  PID:4932
- C:\Windows\System\fEijtLx.exe
  C:\Windows\System\fEijtLx.exe
  2⤵
  PID:4948
- C:\Windows\System\PUzWAjf.exe
  C:\Windows\System\PUzWAjf.exe
  2⤵
  PID:2588
- C:\Windows\System\MWgekoQ.exe
  C:\Windows\System\MWgekoQ.exe
  2⤵
  PID:820
- C:\Windows\System\TRdmEcz.exe
  C:\Windows\System\TRdmEcz.exe
  2⤵
  PID:2604
- C:\Windows\System\qSpPCeD.exe
  C:\Windows\System\qSpPCeD.exe
  2⤵
  PID:3756
- C:\Windows\System\awJIMcB.exe
  C:\Windows\System\awJIMcB.exe
  2⤵
  PID:2880
- C:\Windows\System\IRllYFW.exe
  C:\Windows\System\IRllYFW.exe
  2⤵
  PID:5012
- C:\Windows\System\wUKTzfR.exe
  C:\Windows\System\wUKTzfR.exe
  2⤵
  PID:5080
- C:\Windows\System\HqLAKca.exe
  C:\Windows\System\HqLAKca.exe
  2⤵
  PID:3856
- C:\Windows\System\yNZGFOm.exe
  C:\Windows\System\yNZGFOm.exe
  2⤵
  PID:112
- C:\Windows\System\Xnomhbg.exe
  C:\Windows\System\Xnomhbg.exe
  2⤵
  PID:4388
- C:\Windows\System\TxELhEq.exe
  C:\Windows\System\TxELhEq.exe
  2⤵
  PID:4292
- C:\Windows\System\bsyoMzG.exe
  C:\Windows\System\bsyoMzG.exe
  2⤵
  PID:4220
- C:\Windows\System\HHFJAiQ.exe
  C:\Windows\System\HHFJAiQ.exe
  2⤵
  PID:4308
- C:\Windows\System\FOCuQIg.exe
  C:\Windows\System\FOCuQIg.exe
  2⤵
  PID:4256
- C:\Windows\System\tndeEKP.exe
  C:\Windows\System\tndeEKP.exe
  2⤵
  PID:4216
- C:\Windows\System\ulTKrGk.exe
  C:\Windows\System\ulTKrGk.exe
  2⤵
  PID:4352
- C:\Windows\System\mJQQHPP.exe
  C:\Windows\System\mJQQHPP.exe
  2⤵
  PID:4540
- C:\Windows\System\viqsmWx.exe
  C:\Windows\System\viqsmWx.exe
  2⤵
  PID:4600
- C:\Windows\System\zdkxvAd.exe
  C:\Windows\System\zdkxvAd.exe
  2⤵
  PID:4624
- C:\Windows\System\FClXYOb.exe
  C:\Windows\System\FClXYOb.exe
  2⤵
  PID:4672
- C:\Windows\System\kgPJhfd.exe
  C:\Windows\System\kgPJhfd.exe
  2⤵
  PID:4720
- C:\Windows\System\DdBHQsw.exe
  C:\Windows\System\DdBHQsw.exe
  2⤵
  PID:4776
- C:\Windows\System\JCavZsH.exe
  C:\Windows\System\JCavZsH.exe
  2⤵
  PID:2144
- C:\Windows\System\ZDghqzs.exe
  C:\Windows\System\ZDghqzs.exe
  2⤵
  PID:4736
- C:\Windows\System\MlxyFaZ.exe
  C:\Windows\System\MlxyFaZ.exe
  2⤵
  PID:4868
- C:\Windows\System\VNdRxQB.exe
  C:\Windows\System\VNdRxQB.exe
  2⤵
  PID:4068
- C:\Windows\System\QGoXPNE.exe
  C:\Windows\System\QGoXPNE.exe
  2⤵
  PID:348
- C:\Windows\System\BJTyKmj.exe
  C:\Windows\System\BJTyKmj.exe
  2⤵
  PID:4992
- C:\Windows\System\lPXETwB.exe
  C:\Windows\System\lPXETwB.exe
  2⤵
  PID:4976
- C:\Windows\System\CGljxap.exe
  C:\Windows\System\CGljxap.exe
  2⤵
  PID:4980
- C:\Windows\System\iFaHBcA.exe
  C:\Windows\System\iFaHBcA.exe
  2⤵
  PID:4180
- C:\Windows\System\vDFbxXo.exe
  C:\Windows\System\vDFbxXo.exe
  2⤵
  PID:4244
- C:\Windows\System\iFJvltD.exe
  C:\Windows\System\iFJvltD.exe
  2⤵
  PID:4108
- C:\Windows\System\LLMbPGp.exe
  C:\Windows\System\LLMbPGp.exe
  2⤵
  PID:4340
- C:\Windows\System\iNolXLP.exe
  C:\Windows\System\iNolXLP.exe
  2⤵
  PID:4516
- C:\Windows\System\xCgvfKu.exe
  C:\Windows\System\xCgvfKu.exe
  2⤵
  PID:4764
- C:\Windows\System\SdEFUwa.exe
  C:\Windows\System\SdEFUwa.exe
  2⤵
  PID:2948
- C:\Windows\System\PIqeNgu.exe
  C:\Windows\System\PIqeNgu.exe
  2⤵
  PID:4580
- C:\Windows\System\ponLlYm.exe
  C:\Windows\System\ponLlYm.exe
  2⤵
  PID:4760
- C:\Windows\System\ICfTbZW.exe
  C:\Windows\System\ICfTbZW.exe
  2⤵
  PID:1788
- C:\Windows\System\BmDPWyH.exe
  C:\Windows\System\BmDPWyH.exe
  2⤵
  PID:4900
- C:\Windows\System\fSASWRL.exe
  C:\Windows\System\fSASWRL.exe
  2⤵
  PID:1112
- C:\Windows\System\VgkFSib.exe
  C:\Windows\System\VgkFSib.exe
  2⤵
  PID:3092
- C:\Windows\System\VcyqkkY.exe
  C:\Windows\System\VcyqkkY.exe
  2⤵
  PID:4400
- C:\Windows\System\TuriKUL.exe
  C:\Windows\System\TuriKUL.exe
  2⤵
  PID:2224
- C:\Windows\System\TOYtYpl.exe
  C:\Windows\System\TOYtYpl.exe
  2⤵
  PID:2648
- C:\Windows\System\VRstuEJ.exe
  C:\Windows\System\VRstuEJ.exe
  2⤵
  PID:4176
- C:\Windows\System\RpmFVjm.exe
  C:\Windows\System\RpmFVjm.exe
  2⤵
  PID:4556
- C:\Windows\System\IFPpoDw.exe
  C:\Windows\System\IFPpoDw.exe
  2⤵
  PID:4324
- C:\Windows\System\SPsIKVo.exe
  C:\Windows\System\SPsIKVo.exe
  2⤵
  PID:4636
- C:\Windows\System\HToLElZ.exe
  C:\Windows\System\HToLElZ.exe
  2⤵
  PID:2128
- C:\Windows\System\ZpMQYEF.exe
  C:\Windows\System\ZpMQYEF.exe
  2⤵
  PID:4692
- C:\Windows\System\jodRSep.exe
  C:\Windows\System\jodRSep.exe
  2⤵
  PID:4996
- C:\Windows\System\ZLCDJfK.exe
  C:\Windows\System\ZLCDJfK.exe
  2⤵
  PID:752
- C:\Windows\System\vJDsLcU.exe
  C:\Windows\System\vJDsLcU.exe
  2⤵
  PID:4448
- C:\Windows\System\XuRyxrE.exe
  C:\Windows\System\XuRyxrE.exe
  2⤵
  PID:4188
- C:\Windows\System\KDlxknk.exe
  C:\Windows\System\KDlxknk.exe
  2⤵
  PID:4532
- C:\Windows\System\AyndCZU.exe
  C:\Windows\System\AyndCZU.exe
  2⤵
  PID:5064
- C:\Windows\System\iKRIoQZ.exe
  C:\Windows\System\iKRIoQZ.exe
  2⤵
  PID:2560
- C:\Windows\System\noSxQWC.exe
  C:\Windows\System\noSxQWC.exe
  2⤵
  PID:2488
- C:\Windows\System\qSXhECp.exe
  C:\Windows\System\qSXhECp.exe
  2⤵
  PID:1612
- C:\Windows\System\lVzoTeh.exe
  C:\Windows\System\lVzoTeh.exe
  2⤵
  PID:5128
- C:\Windows\System\lWLybcT.exe
  C:\Windows\System\lWLybcT.exe
  2⤵
  PID:5144
- C:\Windows\System\LHVadVr.exe
  C:\Windows\System\LHVadVr.exe
  2⤵
  PID:5160
- C:\Windows\System\cMzNIpR.exe
  C:\Windows\System\cMzNIpR.exe
  2⤵
  PID:5188
- C:\Windows\System\tYGRHMH.exe
  C:\Windows\System\tYGRHMH.exe
  2⤵
  PID:5240
- C:\Windows\System\CuHgomG.exe
  C:\Windows\System\CuHgomG.exe
  2⤵
  PID:5256
- C:\Windows\System\FhpCDTI.exe
  C:\Windows\System\FhpCDTI.exe
  2⤵
  PID:5276
- C:\Windows\System\NwnMybp.exe
  C:\Windows\System\NwnMybp.exe
  2⤵
  PID:5292
- C:\Windows\System\HoxnCdO.exe
  C:\Windows\System\HoxnCdO.exe
  2⤵
  PID:5308
- C:\Windows\System\EUWjsqV.exe
  C:\Windows\System\EUWjsqV.exe
  2⤵
  PID:5328
- C:\Windows\System\kIFLtJm.exe
  C:\Windows\System\kIFLtJm.exe
  2⤵
  PID:5352
- C:\Windows\System\MCeZHlI.exe
  C:\Windows\System\MCeZHlI.exe
  2⤵
  PID:5372
- C:\Windows\System\QNmlKTP.exe
  C:\Windows\System\QNmlKTP.exe
  2⤵
  PID:5388
- C:\Windows\System\DHBhjLT.exe
  C:\Windows\System\DHBhjLT.exe
  2⤵
  PID:5416
- C:\Windows\System\YIkmIMe.exe
  C:\Windows\System\YIkmIMe.exe
  2⤵
  PID:5432
- C:\Windows\System\iBoHzKq.exe
  C:\Windows\System\iBoHzKq.exe
  2⤵
  PID:5456
- C:\Windows\System\eGSLKeI.exe
  C:\Windows\System\eGSLKeI.exe
  2⤵
  PID:5480
- C:\Windows\System\Gwqizlc.exe
  C:\Windows\System\Gwqizlc.exe
  2⤵
  PID:5496
- C:\Windows\System\HnAqAHC.exe
  C:\Windows\System\HnAqAHC.exe
  2⤵
  PID:5512
- C:\Windows\System\jMhAGUE.exe
  C:\Windows\System\jMhAGUE.exe
  2⤵
  PID:5528
- C:\Windows\System\ynvOJHB.exe
  C:\Windows\System\ynvOJHB.exe
  2⤵
  PID:5544
- C:\Windows\System\tYauNRt.exe
  C:\Windows\System\tYauNRt.exe
  2⤵
  PID:5560
- C:\Windows\System\JYOcFHB.exe
  C:\Windows\System\JYOcFHB.exe
  2⤵
  PID:5584
- C:\Windows\System\LNxBmjs.exe
  C:\Windows\System\LNxBmjs.exe
  2⤵
  PID:5600
- C:\Windows\System\pICNwlq.exe
  C:\Windows\System\pICNwlq.exe
  2⤵
  PID:5616
- C:\Windows\System\rqchXzM.exe
  C:\Windows\System\rqchXzM.exe
  2⤵
  PID:5632
- C:\Windows\System\NgGWOgz.exe
  C:\Windows\System\NgGWOgz.exe
  2⤵
  PID:5652
- C:\Windows\System\DGnMLFg.exe
  C:\Windows\System\DGnMLFg.exe
  2⤵
  PID:5672
- C:\Windows\System\LtQNoDD.exe
  C:\Windows\System\LtQNoDD.exe
  2⤵
  PID:5688
- C:\Windows\System\BWcCJrK.exe
  C:\Windows\System\BWcCJrK.exe
  2⤵
  PID:5704
- C:\Windows\System\tBxIvdj.exe
  C:\Windows\System\tBxIvdj.exe
  2⤵
  PID:5756
- C:\Windows\System\tmMLNmi.exe
  C:\Windows\System\tmMLNmi.exe
  2⤵
  PID:5776
- C:\Windows\System\CtEaVTS.exe
  C:\Windows\System\CtEaVTS.exe
  2⤵
  PID:5792
- C:\Windows\System\ogjBjCs.exe
  C:\Windows\System\ogjBjCs.exe
  2⤵
  PID:5808
- C:\Windows\System\dQaeMdJ.exe
  C:\Windows\System\dQaeMdJ.exe
  2⤵
  PID:5824
- C:\Windows\System\tsMvFrh.exe
  C:\Windows\System\tsMvFrh.exe
  2⤵
  PID:5840
- C:\Windows\System\mFEiNQH.exe
  C:\Windows\System\mFEiNQH.exe
  2⤵
  PID:5864
- C:\Windows\System\JWSyMtc.exe
  C:\Windows\System\JWSyMtc.exe
  2⤵
  PID:5880
- C:\Windows\System\FeWhmwm.exe
  C:\Windows\System\FeWhmwm.exe
  2⤵
  PID:5896
- C:\Windows\System\XjwOFOi.exe
  C:\Windows\System\XjwOFOi.exe
  2⤵
  PID:5912
- C:\Windows\System\wglxnDm.exe
  C:\Windows\System\wglxnDm.exe
  2⤵
  PID:5928
- C:\Windows\System\GcEOYgJ.exe
  C:\Windows\System\GcEOYgJ.exe
  2⤵
  PID:5944
- C:\Windows\System\qnqcDXk.exe
  C:\Windows\System\qnqcDXk.exe
  2⤵
  PID:5964
- C:\Windows\System\vgeRLjc.exe
  C:\Windows\System\vgeRLjc.exe
  2⤵
  PID:5988
- C:\Windows\System\rDqqepy.exe
  C:\Windows\System\rDqqepy.exe
  2⤵
  PID:6004
- C:\Windows\System\HUIjTEQ.exe
  C:\Windows\System\HUIjTEQ.exe
  2⤵
  PID:6020
- C:\Windows\System\tGIGNxE.exe
  C:\Windows\System\tGIGNxE.exe
  2⤵
  PID:6036
- C:\Windows\System\mbXACBf.exe
  C:\Windows\System\mbXACBf.exe
  2⤵
  PID:6060
- C:\Windows\System\wdNlaDJ.exe
  C:\Windows\System\wdNlaDJ.exe
  2⤵
  PID:6076
- C:\Windows\System\FpIaxrX.exe
  C:\Windows\System\FpIaxrX.exe
  2⤵
  PID:6092
- C:\Windows\System\ZQCaRWI.exe
  C:\Windows\System\ZQCaRWI.exe
  2⤵
  PID:6108
- C:\Windows\System\YeTmjMh.exe
  C:\Windows\System\YeTmjMh.exe
  2⤵
  PID:6124
- C:\Windows\System\SqCxjbi.exe
  C:\Windows\System\SqCxjbi.exe
  2⤵
  PID:4916
- C:\Windows\System\NuOWOnb.exe
  C:\Windows\System\NuOWOnb.exe
  2⤵
  PID:5048
- C:\Windows\System\GwsIuvl.exe
  C:\Windows\System\GwsIuvl.exe
  2⤵
  PID:1148
- C:\Windows\System\wWOFldM.exe
  C:\Windows\System\wWOFldM.exe
  2⤵
  PID:5140
- C:\Windows\System\tjpgFKw.exe
  C:\Windows\System\tjpgFKw.exe
  2⤵
  PID:5172
- C:\Windows\System\HpFpGgP.exe
  C:\Windows\System\HpFpGgP.exe
  2⤵
  PID:4464
- C:\Windows\System\oePKLVQ.exe
  C:\Windows\System\oePKLVQ.exe
  2⤵
  PID:5200
- C:\Windows\System\zZNqAwZ.exe
  C:\Windows\System\zZNqAwZ.exe
  2⤵
  PID:5216
- C:\Windows\System\uBmHpcz.exe
  C:\Windows\System\uBmHpcz.exe
  2⤵
  PID:5232
- C:\Windows\System\eoEASEW.exe
  C:\Windows\System\eoEASEW.exe
  2⤵
  PID:5316
- C:\Windows\System\abnFhFz.exe
  C:\Windows\System\abnFhFz.exe
  2⤵
  PID:5396
- C:\Windows\System\iUkrvFs.exe
  C:\Windows\System\iUkrvFs.exe
  2⤵
  PID:5440
- C:\Windows\System\JccxnDY.exe
  C:\Windows\System\JccxnDY.exe
  2⤵
  PID:5464
- C:\Windows\System\aUgRtmP.exe
  C:\Windows\System\aUgRtmP.exe
  2⤵
  PID:5504
- C:\Windows\System\fqpGDVX.exe
  C:\Windows\System\fqpGDVX.exe
  2⤵
  PID:5576
- C:\Windows\System\OpBiULY.exe
  C:\Windows\System\OpBiULY.exe
  2⤵
  PID:5640
- C:\Windows\System\xrsGfgc.exe
  C:\Windows\System\xrsGfgc.exe
  2⤵
  PID:5712
- C:\Windows\System\teCLOtc.exe
  C:\Windows\System\teCLOtc.exe
  2⤵
  PID:5732
- C:\Windows\System\GFArosr.exe
  C:\Windows\System\GFArosr.exe
  2⤵
  PID:5488
- C:\Windows\System\YttmSdR.exe
  C:\Windows\System\YttmSdR.exe
  2⤵
  PID:5556
- C:\Windows\System\NGmyOLR.exe
  C:\Windows\System\NGmyOLR.exe
  2⤵
  PID:5628
- C:\Windows\System\LNsRqAG.exe
  C:\Windows\System\LNsRqAG.exe
  2⤵
  PID:5716
- C:\Windows\System\qVlvWwC.exe
  C:\Windows\System\qVlvWwC.exe
  2⤵
  PID:5848
- C:\Windows\System\DoCrpEo.exe
  C:\Windows\System\DoCrpEo.exe
  2⤵
  PID:5888
- C:\Windows\System\EgoerHi.exe
  C:\Windows\System\EgoerHi.exe
  2⤵
  PID:5952
- C:\Windows\System\LxLXnsL.exe
  C:\Windows\System\LxLXnsL.exe
  2⤵
  PID:6000
- C:\Windows\System\rlaodiu.exe
  C:\Windows\System\rlaodiu.exe
  2⤵
  PID:5764
- C:\Windows\System\xuBjMAr.exe
  C:\Windows\System\xuBjMAr.exe
  2⤵
  PID:5112
- C:\Windows\System\HNoNypK.exe
  C:\Windows\System\HNoNypK.exe
  2⤵
  PID:4884
- C:\Windows\System\umlRjtq.exe
  C:\Windows\System\umlRjtq.exe
  2⤵
  PID:5228
- C:\Windows\System\pESjnVX.exe
  C:\Windows\System\pESjnVX.exe
  2⤵
  PID:5984
- C:\Windows\System\GUEXdgX.exe
  C:\Windows\System\GUEXdgX.exe
  2⤵
  PID:5264
- C:\Windows\System\jqyCJLS.exe
  C:\Windows\System\jqyCJLS.exe
  2⤵
  PID:5980
- C:\Windows\System\bjhDcvp.exe
  C:\Windows\System\bjhDcvp.exe
  2⤵
  PID:5872
- C:\Windows\System\XAPMBLz.exe
  C:\Windows\System\XAPMBLz.exe
  2⤵
  PID:6052
- C:\Windows\System\alwZgUH.exe
  C:\Windows\System\alwZgUH.exe
  2⤵
  PID:5384
- C:\Windows\System\Umjzzzw.exe
  C:\Windows\System\Umjzzzw.exe
  2⤵
  PID:5324
- C:\Windows\System\rPwSkBO.exe
  C:\Windows\System\rPwSkBO.exe
  2⤵
  PID:5360
- C:\Windows\System\adJwZKQ.exe
  C:\Windows\System\adJwZKQ.exe
  2⤵
  PID:2320
- C:\Windows\System\AMJIlkX.exe
  C:\Windows\System\AMJIlkX.exe
  2⤵
  PID:5336
- C:\Windows\System\zXLAoyK.exe
  C:\Windows\System\zXLAoyK.exe
  2⤵
  PID:5364
- C:\Windows\System\zKoGaDn.exe
  C:\Windows\System\zKoGaDn.exe
  2⤵
  PID:5444
- C:\Windows\System\SqFtlHV.exe
  C:\Windows\System\SqFtlHV.exe
  2⤵
  PID:5408
- C:\Windows\System\UHazamL.exe
  C:\Windows\System\UHazamL.exe
  2⤵
  PID:5476
- C:\Windows\System\aEtemSf.exe
  C:\Windows\System\aEtemSf.exe
  2⤵
  PID:5700
- C:\Windows\System\oFUFJsF.exe
  C:\Windows\System\oFUFJsF.exe
  2⤵
  PID:5596
- C:\Windows\System\qJoSOzx.exe
  C:\Windows\System\qJoSOzx.exe
  2⤵
  PID:5856
- C:\Windows\System\bQOpJMF.exe
  C:\Windows\System\bQOpJMF.exe
  2⤵
  PID:6028
- C:\Windows\System\GKPDeCu.exe
  C:\Windows\System\GKPDeCu.exe
  2⤵
  PID:6100
- C:\Windows\System\sZSgHFf.exe
  C:\Windows\System\sZSgHFf.exe
  2⤵
  PID:6132
- C:\Windows\System\LHreALf.exe
  C:\Windows\System\LHreALf.exe
  2⤵
  PID:5860
- C:\Windows\System\slWrAaR.exe
  C:\Windows\System\slWrAaR.exe
  2⤵
  PID:5156
- C:\Windows\System\spccSUY.exe
  C:\Windows\System\spccSUY.exe
  2⤵
  PID:5180
- C:\Windows\System\WjQLQEF.exe
  C:\Windows\System\WjQLQEF.exe
  2⤵
  PID:2248
- C:\Windows\System\AFeWOrR.exe
  C:\Windows\System\AFeWOrR.exe
  2⤵
  PID:5208
- C:\Windows\System\MHPujIW.exe
  C:\Windows\System\MHPujIW.exe
  2⤵
  PID:6048
- C:\Windows\System\eRApTND.exe
  C:\Windows\System\eRApTND.exe
  2⤵
  PID:5344
- C:\Windows\System\FERaioz.exe
  C:\Windows\System\FERaioz.exe
  2⤵
  PID:5272
- C:\Windows\System\DyJEZqJ.exe
  C:\Windows\System\DyJEZqJ.exe
  2⤵
  PID:5288
- C:\Windows\System\scQFxIB.exe
  C:\Windows\System\scQFxIB.exe
  2⤵
  PID:5368
- C:\Windows\System\NlnBLIV.exe
  C:\Windows\System\NlnBLIV.exe
  2⤵
  PID:5572
- C:\Windows\System\MbcixaV.exe
  C:\Windows\System\MbcixaV.exe
  2⤵
  PID:5608
- C:\Windows\System\VaqueEU.exe
  C:\Windows\System\VaqueEU.exe
  2⤵
  PID:5524
- C:\Windows\System\OxzCHwk.exe
  C:\Windows\System\OxzCHwk.exe
  2⤵
  PID:5816
- C:\Windows\System\gtDxVBJ.exe
  C:\Windows\System\gtDxVBJ.exe
  2⤵
  PID:4780
- C:\Windows\System\XdRFTGg.exe
  C:\Windows\System\XdRFTGg.exe
  2⤵
  PID:5196
- C:\Windows\System\mBKfdFP.exe
  C:\Windows\System\mBKfdFP.exe
  2⤵
  PID:5684
- C:\Windows\System\ZUjmHdW.exe
  C:\Windows\System\ZUjmHdW.exe
  2⤵
  PID:5428
- C:\Windows\System\yTlXfPd.exe
  C:\Windows\System\yTlXfPd.exe
  2⤵
  PID:5168
- C:\Windows\System\cDzxFwc.exe
  C:\Windows\System\cDzxFwc.exe
  2⤵
  PID:5904
- C:\Windows\System\cnzKKIH.exe
  C:\Windows\System\cnzKKIH.exe
  2⤵
  PID:5924
- C:\Windows\System\JvMKwgr.exe
  C:\Windows\System\JvMKwgr.exe
  2⤵
  PID:5724
- C:\Windows\System\NKgfJfn.exe
  C:\Windows\System\NKgfJfn.exe
  2⤵
  PID:5664
- C:\Windows\System\KZzIBjP.exe
  C:\Windows\System\KZzIBjP.exe
  2⤵
  PID:5284
- C:\Windows\System\rjLvCjN.exe
  C:\Windows\System\rjLvCjN.exe
  2⤵
  PID:5520
- C:\Windows\System\RBrcRFW.exe
  C:\Windows\System\RBrcRFW.exe
  2⤵
  PID:2136
- C:\Windows\System\diJTNfq.exe
  C:\Windows\System\diJTNfq.exe
  2⤵
  PID:5936
- C:\Windows\System\JUwaEAV.exe
  C:\Windows\System\JUwaEAV.exe
  2⤵
  PID:6152
- C:\Windows\System\fdlmnPX.exe
  C:\Windows\System\fdlmnPX.exe
  2⤵
  PID:6168
- C:\Windows\System\HhTSgQI.exe
  C:\Windows\System\HhTSgQI.exe
  2⤵
  PID:6188
- C:\Windows\System\TttDyQi.exe
  C:\Windows\System\TttDyQi.exe
  2⤵
  PID:6216
- C:\Windows\System\wtvnKap.exe
  C:\Windows\System\wtvnKap.exe
  2⤵
  PID:6236
- C:\Windows\System\coWLUsf.exe
  C:\Windows\System\coWLUsf.exe
  2⤵
  PID:6256
- C:\Windows\System\jVhzAro.exe
  C:\Windows\System\jVhzAro.exe
  2⤵
  PID:6284
- C:\Windows\System\gccpdWb.exe
  C:\Windows\System\gccpdWb.exe
  2⤵
  PID:6300
- C:\Windows\System\gtClrtl.exe
  C:\Windows\System\gtClrtl.exe
  2⤵
  PID:6328
- C:\Windows\System\HGenGxV.exe
  C:\Windows\System\HGenGxV.exe
  2⤵
  PID:6344
- C:\Windows\System\ddtnsuk.exe
  C:\Windows\System\ddtnsuk.exe
  2⤵
  PID:6360
- C:\Windows\System\adpekjI.exe
  C:\Windows\System\adpekjI.exe
  2⤵
  PID:6380
- C:\Windows\System\nabiefC.exe
  C:\Windows\System\nabiefC.exe
  2⤵
  PID:6404
- C:\Windows\System\tbLktTA.exe
  C:\Windows\System\tbLktTA.exe
  2⤵
  PID:6428
- C:\Windows\System\QGnjHEL.exe
  C:\Windows\System\QGnjHEL.exe
  2⤵
  PID:6444
- C:\Windows\System\woLTfiI.exe
  C:\Windows\System\woLTfiI.exe
  2⤵
  PID:6460
- C:\Windows\System\gGMCCnp.exe
  C:\Windows\System\gGMCCnp.exe
  2⤵
  PID:6480
- C:\Windows\System\rsBgLVE.exe
  C:\Windows\System\rsBgLVE.exe
  2⤵
  PID:6496
- C:\Windows\System\MJLsAoK.exe
  C:\Windows\System\MJLsAoK.exe
  2⤵
  PID:6512
- C:\Windows\System\yfdlkmE.exe
  C:\Windows\System\yfdlkmE.exe
  2⤵
  PID:6528
- C:\Windows\System\tJclivo.exe
  C:\Windows\System\tJclivo.exe
  2⤵
  PID:6548
- C:\Windows\System\nSLrygP.exe
  C:\Windows\System\nSLrygP.exe
  2⤵
  PID:6568
- C:\Windows\System\dtciFsY.exe
  C:\Windows\System\dtciFsY.exe
  2⤵
  PID:6608
- C:\Windows\System\rgOpYLw.exe
  C:\Windows\System\rgOpYLw.exe
  2⤵
  PID:6624
- C:\Windows\System\VqTuleZ.exe
  C:\Windows\System\VqTuleZ.exe
  2⤵
  PID:6640
- C:\Windows\System\XFtzmyh.exe
  C:\Windows\System\XFtzmyh.exe
  2⤵
  PID:6660
- C:\Windows\System\sfyLgOg.exe
  C:\Windows\System\sfyLgOg.exe
  2⤵
  PID:6676
- C:\Windows\System\ujQqIxa.exe
  C:\Windows\System\ujQqIxa.exe
  2⤵
  PID:6692
- C:\Windows\System\VVCWQUS.exe
  C:\Windows\System\VVCWQUS.exe
  2⤵
  PID:6708
- C:\Windows\System\CNJxGVA.exe
  C:\Windows\System\CNJxGVA.exe
  2⤵
  PID:6724
- C:\Windows\System\UBBXxnv.exe
  C:\Windows\System\UBBXxnv.exe
  2⤵
  PID:6744
- C:\Windows\System\uSnihSu.exe
  C:\Windows\System\uSnihSu.exe
  2⤵
  PID:6764
- C:\Windows\System\aongwyD.exe
  C:\Windows\System\aongwyD.exe
  2⤵
  PID:6784
- C:\Windows\System\RJgahsF.exe
  C:\Windows\System\RJgahsF.exe
  2⤵
  PID:6800
- C:\Windows\System\DyonJZC.exe
  C:\Windows\System\DyonJZC.exe
  2⤵
  PID:6816
- C:\Windows\System\FgpSMXG.exe
  C:\Windows\System\FgpSMXG.exe
  2⤵
  PID:6832
- C:\Windows\System\oFwOkTx.exe
  C:\Windows\System\oFwOkTx.exe
  2⤵
  PID:6848
- C:\Windows\System\HaGdnJV.exe
  C:\Windows\System\HaGdnJV.exe
  2⤵
  PID:6868
- C:\Windows\System\OfQhGgg.exe
  C:\Windows\System\OfQhGgg.exe
  2⤵
  PID:6896
- C:\Windows\System\ZshPjWq.exe
  C:\Windows\System\ZshPjWq.exe
  2⤵
  PID:6912
- C:\Windows\System\ofznDMq.exe
  C:\Windows\System\ofznDMq.exe
  2⤵
  PID:6928
- C:\Windows\System\Fujdesx.exe
  C:\Windows\System\Fujdesx.exe
  2⤵
  PID:6944
- C:\Windows\System\bUcizYi.exe
  C:\Windows\System\bUcizYi.exe
  2⤵
  PID:6960
- C:\Windows\System\zZciUxJ.exe
  C:\Windows\System\zZciUxJ.exe
  2⤵
  PID:6976
- C:\Windows\System\fnbRDiS.exe
  C:\Windows\System\fnbRDiS.exe
  2⤵
  PID:7020
- C:\Windows\System\wnyqmnv.exe
  C:\Windows\System\wnyqmnv.exe
  2⤵
  PID:7076
- C:\Windows\System\kUOMFJD.exe
  C:\Windows\System\kUOMFJD.exe
  2⤵
  PID:7092
- C:\Windows\System\CortCFR.exe
  C:\Windows\System\CortCFR.exe
  2⤵
  PID:7108
- C:\Windows\System\hyqtMJx.exe
  C:\Windows\System\hyqtMJx.exe
  2⤵
  PID:7128
- C:\Windows\System\dFIwKak.exe
  C:\Windows\System\dFIwKak.exe
  2⤵
  PID:7144
- C:\Windows\System\nRtdmwM.exe
  C:\Windows\System\nRtdmwM.exe
  2⤵
  PID:5740
- C:\Windows\System\RzXvDuW.exe
  C:\Windows\System\RzXvDuW.exe
  2⤵
  PID:5452
- C:\Windows\System\hjyRWrI.exe
  C:\Windows\System\hjyRWrI.exe
  2⤵
  PID:5380
- C:\Windows\System\vznxUnF.exe
  C:\Windows\System\vznxUnF.exe
  2⤵
  PID:6072
- C:\Windows\System\aCqLfHL.exe
  C:\Windows\System\aCqLfHL.exe
  2⤵
  PID:6204
- C:\Windows\System\vjqefud.exe
  C:\Windows\System\vjqefud.exe
  2⤵
  PID:6148
- C:\Windows\System\HnUYALV.exe
  C:\Windows\System\HnUYALV.exe
  2⤵
  PID:6224
- C:\Windows\System\BfjbIVp.exe
  C:\Windows\System\BfjbIVp.exe
  2⤵
  PID:6084
- C:\Windows\System\BEOMBxn.exe
  C:\Windows\System\BEOMBxn.exe
  2⤵
  PID:6276
- C:\Windows\System\OElSlto.exe
  C:\Windows\System\OElSlto.exe
  2⤵
  PID:6356
- C:\Windows\System\imLIvbS.exe
  C:\Windows\System\imLIvbS.exe
  2⤵
  PID:6336
- C:\Windows\System\hJagAsl.exe
  C:\Windows\System\hJagAsl.exe
  2⤵
  PID:6420
- C:\Windows\System\iLCLZYg.exe
  C:\Windows\System\iLCLZYg.exe
  2⤵
  PID:6488
- C:\Windows\System\VIUaugf.exe
  C:\Windows\System\VIUaugf.exe
  2⤵
  PID:6436
- C:\Windows\System\rZLnGGk.exe
  C:\Windows\System\rZLnGGk.exe
  2⤵
  PID:6524
- C:\Windows\System\DzLaOWi.exe
  C:\Windows\System\DzLaOWi.exe
  2⤵
  PID:6392
- C:\Windows\System\eyIwQIR.exe
  C:\Windows\System\eyIwQIR.exe
  2⤵
  PID:6400
- C:\Windows\System\urcyWrg.exe
  C:\Windows\System\urcyWrg.exe
  2⤵
  PID:6584
- C:\Windows\System\IklUZQh.exe
  C:\Windows\System\IklUZQh.exe
  2⤵
  PID:6620
- C:\Windows\System\FzLBFEI.exe
  C:\Windows\System\FzLBFEI.exe
  2⤵
  PID:6656
- C:\Windows\System\nsSiZUi.exe
  C:\Windows\System\nsSiZUi.exe
  2⤵
  PID:6716
- C:\Windows\System\LaUNtrs.exe
  C:\Windows\System\LaUNtrs.exe
  2⤵
  PID:6792
- C:\Windows\System\GCSdILV.exe
  C:\Windows\System\GCSdILV.exe
  2⤵
  PID:6856
- C:\Windows\System\xHrcPjv.exe
  C:\Windows\System\xHrcPjv.exe
  2⤵
  PID:6904
- C:\Windows\System\luLSOsK.exe
  C:\Windows\System\luLSOsK.exe
  2⤵
  PID:6972
- C:\Windows\System\lgJsJKe.exe
  C:\Windows\System\lgJsJKe.exe
  2⤵
  PID:6700
- C:\Windows\System\TzHyijQ.exe
  C:\Windows\System\TzHyijQ.exe
  2⤵
  PID:6840
- C:\Windows\System\AjzqmPm.exe
  C:\Windows\System\AjzqmPm.exe
  2⤵
  PID:6984
- C:\Windows\System\DSWoVSi.exe
  C:\Windows\System\DSWoVSi.exe
  2⤵
  PID:7000
- C:\Windows\System\lbzafhA.exe
  C:\Windows\System\lbzafhA.exe
  2⤵
  PID:6772
- C:\Windows\System\ccWeSqt.exe
  C:\Windows\System\ccWeSqt.exe
  2⤵
  PID:832
- C:\Windows\System\pIluuLj.exe
  C:\Windows\System\pIluuLj.exe
  2⤵
  PID:7044
- C:\Windows\System\bsBsrYT.exe
  C:\Windows\System\bsBsrYT.exe
  2⤵
  PID:7064
- C:\Windows\System\QBiGgNb.exe
  C:\Windows\System\QBiGgNb.exe
  2⤵
  PID:7060
- C:\Windows\System\MHBnGVh.exe
  C:\Windows\System\MHBnGVh.exe
  2⤵
  PID:2824
- C:\Windows\System\KdqgDTh.exe
  C:\Windows\System\KdqgDTh.exe
  2⤵
  PID:7152
- C:\Windows\System\sQhQssJ.exe
  C:\Windows\System\sQhQssJ.exe
  2⤵
  PID:1312
- C:\Windows\System\WVmkvcE.exe
  C:\Windows\System\WVmkvcE.exe
  2⤵
  PID:7156
- C:\Windows\System\uWCMXHV.exe
  C:\Windows\System\uWCMXHV.exe
  2⤵
  PID:6160
- C:\Windows\System\sZWyRIp.exe
  C:\Windows\System\sZWyRIp.exe
  2⤵
  PID:5404
- C:\Windows\System\tEmNWMu.exe
  C:\Windows\System\tEmNWMu.exe
  2⤵
  PID:6196
- C:\Windows\System\OEJKEoc.exe
  C:\Windows\System\OEJKEoc.exe
  2⤵
  PID:6268
- C:\Windows\System\ckNXBPt.exe
  C:\Windows\System\ckNXBPt.exe
  2⤵
  PID:6352
- C:\Windows\System\UqjrESA.exe
  C:\Windows\System\UqjrESA.exe
  2⤵
  PID:6232
- C:\Windows\System\VeyslKZ.exe
  C:\Windows\System\VeyslKZ.exe
  2⤵
  PID:6416
- C:\Windows\System\yMHLPwB.exe
  C:\Windows\System\yMHLPwB.exe
  2⤵
  PID:6564
- C:\Windows\System\XMyuDnv.exe
  C:\Windows\System\XMyuDnv.exe
  2⤵
  PID:6576
- C:\Windows\System\zJIHOyr.exe
  C:\Windows\System\zJIHOyr.exe
  2⤵
  PID:6592
- C:\Windows\System\ROwqKST.exe
  C:\Windows\System\ROwqKST.exe
  2⤵
  PID:6452
- C:\Windows\System\uUOZusU.exe
  C:\Windows\System\uUOZusU.exe
  2⤵
  PID:6648
- C:\Windows\System\zAWEgej.exe
  C:\Windows\System\zAWEgej.exe
  2⤵
  PID:6892
- C:\Windows\System\JbBnyfp.exe
  C:\Windows\System\JbBnyfp.exe
  2⤵
  PID:6672
- C:\Windows\System\TYYcBnh.exe
  C:\Windows\System\TYYcBnh.exe
  2⤵
  PID:6920
- C:\Windows\System\ysTgjWa.exe
  C:\Windows\System\ysTgjWa.exe
  2⤵
  PID:6992
- C:\Windows\System\ApZeDjY.exe
  C:\Windows\System\ApZeDjY.exe
  2⤵
  PID:6808
- C:\Windows\System\LzGcBDF.exe
  C:\Windows\System\LzGcBDF.exe
  2⤵
  PID:2704
- C:\Windows\System\snYUIEu.exe
  C:\Windows\System\snYUIEu.exe
  2⤵
  PID:7116
- C:\Windows\System\KXwKFMP.exe
  C:\Windows\System\KXwKFMP.exe
  2⤵
  PID:7056
- C:\Windows\System\iyyRHNc.exe
  C:\Windows\System\iyyRHNc.exe
  2⤵
  PID:7012
- C:\Windows\System\qWVqSoe.exe
  C:\Windows\System\qWVqSoe.exe
  2⤵
  PID:764
- C:\Windows\System\LsWrrTD.exe
  C:\Windows\System\LsWrrTD.exe
  2⤵
  PID:5668
- C:\Windows\System\AbTafFX.exe
  C:\Windows\System\AbTafFX.exe
  2⤵
  PID:6248
- C:\Windows\System\wWzGcrV.exe
  C:\Windows\System\wWzGcrV.exe
  2⤵
  PID:6376
- C:\Windows\System\BmCWozs.exe
  C:\Windows\System\BmCWozs.exe
  2⤵
  PID:6668
- C:\Windows\System\pDGuJbm.exe
  C:\Windows\System\pDGuJbm.exe
  2⤵
  PID:6560
- C:\Windows\System\LuaUBXw.exe
  C:\Windows\System\LuaUBXw.exe
  2⤵
  PID:6600
- C:\Windows\System\AlPWDez.exe
  C:\Windows\System\AlPWDez.exe
  2⤵
  PID:6316
- C:\Windows\System\vbAOTRF.exe
  C:\Windows\System\vbAOTRF.exe
  2⤵
  PID:6776
- C:\Windows\System\XjuVlfj.exe
  C:\Windows\System\XjuVlfj.exe
  2⤵
  PID:7036
- C:\Windows\System\YLsxteh.exe
  C:\Windows\System\YLsxteh.exe
  2⤵
  PID:6088
- C:\Windows\System\VAYhYKE.exe
  C:\Windows\System\VAYhYKE.exe
  2⤵
  PID:6296
- C:\Windows\System\qqJMAvP.exe
  C:\Windows\System\qqJMAvP.exe
  2⤵
  PID:6760
- C:\Windows\System\giQBRQD.exe
  C:\Windows\System\giQBRQD.exe
  2⤵
  PID:6388
- C:\Windows\System\mBZbhsC.exe
  C:\Windows\System\mBZbhsC.exe
  2⤵
  PID:6812
- C:\Windows\System\yDkxvkl.exe
  C:\Windows\System\yDkxvkl.exe
  2⤵
  PID:7084
- C:\Windows\System\ygdveGJ.exe
  C:\Windows\System\ygdveGJ.exe
  2⤵
  PID:2192
- C:\Windows\System\CPXCrns.exe
  C:\Windows\System\CPXCrns.exe
  2⤵
  PID:7104
- C:\Windows\System\lBIxwLP.exe
  C:\Windows\System\lBIxwLP.exe
  2⤵
  PID:7088
- C:\Windows\System\OAVhRvI.exe
  C:\Windows\System\OAVhRvI.exe
  2⤵
  PID:6884
- C:\Windows\System\jRuQajk.exe
  C:\Windows\System\jRuQajk.exe
  2⤵
  PID:6968
- C:\Windows\System\zQMxBdw.exe
  C:\Windows\System\zQMxBdw.exe
  2⤵
  PID:7028
- C:\Windows\System\cofviqE.exe
  C:\Windows\System\cofviqE.exe
  2⤵
  PID:7184
- C:\Windows\System\vrLxlYE.exe
  C:\Windows\System\vrLxlYE.exe
  2⤵
  PID:7200
- C:\Windows\System\QVEvGIa.exe
  C:\Windows\System\QVEvGIa.exe
  2⤵
  PID:7216
- C:\Windows\System\yDcZPWD.exe
  C:\Windows\System\yDcZPWD.exe
  2⤵
  PID:7232
- C:\Windows\System\KbgKEGI.exe
  C:\Windows\System\KbgKEGI.exe
  2⤵
  PID:7304
- C:\Windows\System\vUKjaYN.exe
  C:\Windows\System\vUKjaYN.exe
  2⤵
  PID:7320
- C:\Windows\System\XommnfU.exe
  C:\Windows\System\XommnfU.exe
  2⤵
  PID:7336
- C:\Windows\System\LmtEhyJ.exe
  C:\Windows\System\LmtEhyJ.exe
  2⤵
  PID:7352
- C:\Windows\System\PJYSaqV.exe
  C:\Windows\System\PJYSaqV.exe
  2⤵
  PID:7368
- C:\Windows\System\rQZzlqV.exe
  C:\Windows\System\rQZzlqV.exe
  2⤵
  PID:7392
- C:\Windows\System\KNaEzMm.exe
  C:\Windows\System\KNaEzMm.exe
  2⤵
  PID:7408
- C:\Windows\System\yGulIZg.exe
  C:\Windows\System\yGulIZg.exe
  2⤵
  PID:7424
- C:\Windows\System\mOgClNo.exe
  C:\Windows\System\mOgClNo.exe
  2⤵
  PID:7440
- C:\Windows\System\qcbJKEm.exe
  C:\Windows\System\qcbJKEm.exe
  2⤵
  PID:7456
- C:\Windows\System\cEnEwSG.exe
  C:\Windows\System\cEnEwSG.exe
  2⤵
  PID:7472
- C:\Windows\System\pxaTTzt.exe
  C:\Windows\System\pxaTTzt.exe
  2⤵
  PID:7488
- C:\Windows\System\jNfTkkP.exe
  C:\Windows\System\jNfTkkP.exe
  2⤵
  PID:7504
- C:\Windows\System\ChMLgZW.exe
  C:\Windows\System\ChMLgZW.exe
  2⤵
  PID:7520
- C:\Windows\System\eWNksTj.exe
  C:\Windows\System\eWNksTj.exe
  2⤵
  PID:7564
- C:\Windows\System\IvIKdLV.exe
  C:\Windows\System\IvIKdLV.exe
  2⤵
  PID:7596
- C:\Windows\System\xHHcgUr.exe
  C:\Windows\System\xHHcgUr.exe
  2⤵
  PID:7616
- C:\Windows\System\QMfIQMi.exe
  C:\Windows\System\QMfIQMi.exe
  2⤵
  PID:7632
- C:\Windows\System\ZkgiGvD.exe
  C:\Windows\System\ZkgiGvD.exe
  2⤵
  PID:7648
- C:\Windows\System\RTldpNp.exe
  C:\Windows\System\RTldpNp.exe
  2⤵
  PID:7668
- C:\Windows\System\NDRVUSG.exe
  C:\Windows\System\NDRVUSG.exe
  2⤵
  PID:7684
- C:\Windows\System\WzZscPo.exe
  C:\Windows\System\WzZscPo.exe
  2⤵
  PID:7700
- C:\Windows\System\YghgyTV.exe
  C:\Windows\System\YghgyTV.exe
  2⤵
  PID:7732
- C:\Windows\System\VrHWgvz.exe
  C:\Windows\System\VrHWgvz.exe
  2⤵
  PID:7748
- C:\Windows\System\yZHBGsy.exe
  C:\Windows\System\yZHBGsy.exe
  2⤵
  PID:7764
- C:\Windows\System\ZacuqkP.exe
  C:\Windows\System\ZacuqkP.exe
  2⤵
  PID:7780
- C:\Windows\System\FZilqRQ.exe
  C:\Windows\System\FZilqRQ.exe
  2⤵
  PID:7804
- C:\Windows\System\tDAdiuS.exe
  C:\Windows\System\tDAdiuS.exe
  2⤵
  PID:7840
- C:\Windows\System\VpfBoFK.exe
  C:\Windows\System\VpfBoFK.exe
  2⤵
  PID:7860
- C:\Windows\System\XfBgdHE.exe
  C:\Windows\System\XfBgdHE.exe
  2⤵
  PID:7876
- C:\Windows\System\JljgFEB.exe
  C:\Windows\System\JljgFEB.exe
  2⤵
  PID:7892
- C:\Windows\System\pFUTToG.exe
  C:\Windows\System\pFUTToG.exe
  2⤵
  PID:7908
- C:\Windows\System\PrHFcMu.exe
  C:\Windows\System\PrHFcMu.exe
  2⤵
  PID:7924
- C:\Windows\System\KgKziVE.exe
  C:\Windows\System\KgKziVE.exe
  2⤵
  PID:7940
- C:\Windows\System\lzZEdQo.exe
  C:\Windows\System\lzZEdQo.exe
  2⤵
  PID:7960
- C:\Windows\System\LHGxNfn.exe
  C:\Windows\System\LHGxNfn.exe
  2⤵
  PID:7976
- C:\Windows\System\HSuwuTL.exe
  C:\Windows\System\HSuwuTL.exe
  2⤵
  PID:7992
- C:\Windows\System\UsHKMGR.exe
  C:\Windows\System\UsHKMGR.exe
  2⤵
  PID:8008
- C:\Windows\System\TfAMrwb.exe
  C:\Windows\System\TfAMrwb.exe
  2⤵
  PID:8024
- C:\Windows\System\OgKaAzT.exe
  C:\Windows\System\OgKaAzT.exe
  2⤵
  PID:8040
- C:\Windows\System\dBlsyCg.exe
  C:\Windows\System\dBlsyCg.exe
  2⤵
  PID:8076
- C:\Windows\System\ZBMCoBL.exe
  C:\Windows\System\ZBMCoBL.exe
  2⤵
  PID:8124
- C:\Windows\System\FwWhItm.exe
  C:\Windows\System\FwWhItm.exe
  2⤵
  PID:8144
- C:\Windows\System\KXXmdKo.exe
  C:\Windows\System\KXXmdKo.exe
  2⤵
  PID:8160
- C:\Windows\System\wvtjDki.exe
  C:\Windows\System\wvtjDki.exe
  2⤵
  PID:8176
- C:\Windows\System\HXuUeGu.exe
  C:\Windows\System\HXuUeGu.exe
  2⤵
  PID:6456
- C:\Windows\System\AlURGim.exe
  C:\Windows\System\AlURGim.exe
  2⤵
  PID:6828
- C:\Windows\System\dMrzdAW.exe
  C:\Windows\System\dMrzdAW.exe
  2⤵
  PID:7120
- C:\Windows\System\VCQRFEH.exe
  C:\Windows\System\VCQRFEH.exe
  2⤵
  PID:7176
- C:\Windows\System\AvnVHVb.exe
  C:\Windows\System\AvnVHVb.exe
  2⤵
  PID:7212
- C:\Windows\System\bWYayXb.exe
  C:\Windows\System\bWYayXb.exe
  2⤵
  PID:7252
- C:\Windows\System\wJsNiLV.exe
  C:\Windows\System\wJsNiLV.exe
  2⤵
  PID:7272
- C:\Windows\System\TetbWVV.exe
  C:\Windows\System\TetbWVV.exe
  2⤵
  PID:7284
- C:\Windows\System\XfXrFYa.exe
  C:\Windows\System\XfXrFYa.exe
  2⤵
  PID:6888
- C:\Windows\System\OVyagnL.exe
  C:\Windows\System\OVyagnL.exe
  2⤵
  PID:7312
- C:\Windows\System\CMRqPUs.exe
  C:\Windows\System\CMRqPUs.exe
  2⤵
  PID:7360
- C:\Windows\System\yLUJtke.exe
  C:\Windows\System\yLUJtke.exe
  2⤵
  PID:7432
- C:\Windows\System\YhODcwp.exe
  C:\Windows\System\YhODcwp.exe
  2⤵
  PID:7496
- C:\Windows\System\sqXKpRF.exe
  C:\Windows\System\sqXKpRF.exe
  2⤵
  PID:7348
- C:\Windows\System\OgUdxdP.exe
  C:\Windows\System\OgUdxdP.exe
  2⤵
  PID:7448
- C:\Windows\System\dqBHuoF.exe
  C:\Windows\System\dqBHuoF.exe
  2⤵
  PID:7512
- C:\Windows\System\jyzqceO.exe
  C:\Windows\System\jyzqceO.exe
  2⤵
  PID:7536
- C:\Windows\System\CIzGPLt.exe
  C:\Windows\System\CIzGPLt.exe
  2⤵
  PID:7556
- C:\Windows\System\iCoUYqP.exe
  C:\Windows\System\iCoUYqP.exe
  2⤵
  PID:7576
- C:\Windows\System\CECfEXT.exe
  C:\Windows\System\CECfEXT.exe
  2⤵
  PID:7584
- C:\Windows\System\LMpjfQT.exe
  C:\Windows\System\LMpjfQT.exe
  2⤵
  PID:7728
- C:\Windows\System\tgeskEY.exe
  C:\Windows\System\tgeskEY.exe
  2⤵
  PID:7788
- C:\Windows\System\HHVkkPR.exe
  C:\Windows\System\HHVkkPR.exe
  2⤵
  PID:7660
- C:\Windows\System\AfiBrsO.exe
  C:\Windows\System\AfiBrsO.exe
  2⤵
  PID:7692
- C:\Windows\System\EcQzxpa.exe
  C:\Windows\System\EcQzxpa.exe
  2⤵
  PID:7812
- C:\Windows\System\NUQTcHr.exe
  C:\Windows\System\NUQTcHr.exe
  2⤵
  PID:7832
- C:\Windows\System\eeLzuOV.exe
  C:\Windows\System\eeLzuOV.exe
  2⤵
  PID:7872
- C:\Windows\System\MkKeSbD.exe
  C:\Windows\System\MkKeSbD.exe
  2⤵
  PID:8000
- C:\Windows\System\KJzSimo.exe
  C:\Windows\System\KJzSimo.exe
  2⤵
  PID:8032
- C:\Windows\System\WzpMfbQ.exe
  C:\Windows\System\WzpMfbQ.exe
  2⤵
  PID:7856
- C:\Windows\System\YUeUmiX.exe
  C:\Windows\System\YUeUmiX.exe
  2⤵
  PID:7948
- C:\Windows\System\BDzVMGh.exe
  C:\Windows\System\BDzVMGh.exe
  2⤵
  PID:7956
- C:\Windows\System\pPDmcqa.exe
  C:\Windows\System\pPDmcqa.exe
  2⤵
  PID:7952
- C:\Windows\System\dYqOJOq.exe
  C:\Windows\System\dYqOJOq.exe
  2⤵
  PID:8068
- C:\Windows\System\jGjxMXw.exe
  C:\Windows\System\jGjxMXw.exe
  2⤵
  PID:8104
- C:\Windows\System\YLRAbUt.exe
  C:\Windows\System\YLRAbUt.exe
  2⤵
  PID:7248
- C:\Windows\System\VwooGxY.exe
  C:\Windows\System\VwooGxY.exe
  2⤵
  PID:6312
- C:\Windows\System\iDcmFEJ.exe
  C:\Windows\System\iDcmFEJ.exe
  2⤵
  PID:6936
- C:\Windows\System\GsfMIum.exe
  C:\Windows\System\GsfMIum.exe
  2⤵
  PID:7040
- C:\Windows\System\xrwiRzm.exe
  C:\Windows\System\xrwiRzm.exe
  2⤵
  PID:7328
- C:\Windows\System\AJCeRat.exe
  C:\Windows\System\AJCeRat.exe
  2⤵
  PID:7540
- C:\Windows\System\nEWMDMf.exe
  C:\Windows\System\nEWMDMf.exe
  2⤵
  PID:6164
- C:\Windows\System\lrRwmpF.exe
  C:\Windows\System\lrRwmpF.exe
  2⤵
  PID:7244
- C:\Windows\System\PSwLopH.exe
  C:\Windows\System\PSwLopH.exe
  2⤵
  PID:7364
- C:\Windows\System\OyhVtFN.exe
  C:\Windows\System\OyhVtFN.exe
  2⤵
  PID:7452
- C:\Windows\System\XcNvszJ.exe
  C:\Windows\System\XcNvszJ.exe
  2⤵
  PID:7604
- C:\Windows\System\zqjCHuT.exe
  C:\Windows\System\zqjCHuT.exe
  2⤵
  PID:7708
- C:\Windows\System\acDFqZC.exe
  C:\Windows\System\acDFqZC.exe
  2⤵
  PID:7824
- C:\Windows\System\vVqYxeo.exe
  C:\Windows\System\vVqYxeo.exe
  2⤵
  PID:7920
- C:\Windows\System\XlYvUZv.exe
  C:\Windows\System\XlYvUZv.exe
  2⤵
  PID:7852
- C:\Windows\System\OSCjirG.exe
  C:\Windows\System\OSCjirG.exe
  2⤵
  PID:8116
- C:\Windows\System\VaDSYfp.exe
  C:\Windows\System\VaDSYfp.exe
  2⤵
  PID:7868
- C:\Windows\System\uRDXCko.exe
  C:\Windows\System\uRDXCko.exe
  2⤵
  PID:7916
- C:\Windows\System\cjStUuR.exe
  C:\Windows\System\cjStUuR.exe
  2⤵
  PID:8088
- C:\Windows\System\YZYZdSu.exe
  C:\Windows\System\YZYZdSu.exe
  2⤵
  PID:7716
- C:\Windows\System\WTsBANc.exe
  C:\Windows\System\WTsBANc.exe
  2⤵
  PID:7776
- C:\Windows\System\imobgUV.exe
  C:\Windows\System\imobgUV.exe
  2⤵
  PID:8188
- C:\Windows\System\GFiNwHk.exe
  C:\Windows\System\GFiNwHk.exe
  2⤵
  PID:7332
- C:\Windows\System\ZfYnatq.exe
  C:\Windows\System\ZfYnatq.exe
  2⤵
  PID:7276
- C:\Windows\System\TPTicYJ.exe
  C:\Windows\System\TPTicYJ.exe
  2⤵
  PID:7552
- C:\Windows\System\wpwNgiu.exe
  C:\Windows\System\wpwNgiu.exe
  2⤵
  PID:4912
- C:\Windows\System\WVHIjZj.exe
  C:\Windows\System\WVHIjZj.exe
  2⤵
  PID:7484
- C:\Windows\System\pYSloVf.exe
  C:\Windows\System\pYSloVf.exe
  2⤵
  PID:7280
- C:\Windows\System\XhGRBgq.exe
  C:\Windows\System\XhGRBgq.exe
  2⤵
  PID:8136
- C:\Windows\System\REuOfwc.exe
  C:\Windows\System\REuOfwc.exe
  2⤵
  PID:7292
- C:\Windows\System\YYvjRjY.exe
  C:\Windows\System\YYvjRjY.exe
  2⤵
  PID:7800
- C:\Windows\System\DcpTTTJ.exe
  C:\Windows\System\DcpTTTJ.exe
  2⤵
  PID:7588
- C:\Windows\System\OItiHsV.exe
  C:\Windows\System\OItiHsV.exe
  2⤵
  PID:7744
- C:\Windows\System\OjyATXo.exe
  C:\Windows\System\OjyATXo.exe
  2⤵
  PID:7904
- C:\Windows\System\psQBjlj.exe
  C:\Windows\System\psQBjlj.exe
  2⤵
  PID:8184
- C:\Windows\System\bDgrbyk.exe
  C:\Windows\System\bDgrbyk.exe
  2⤵
  PID:7388
- C:\Windows\System\LpDaunZ.exe
  C:\Windows\System\LpDaunZ.exe
  2⤵
  PID:7380
- C:\Windows\System\fjLiFZb.exe
  C:\Windows\System\fjLiFZb.exe
  2⤵
  PID:5960
- C:\Windows\System\TEKHuHK.exe
  C:\Windows\System\TEKHuHK.exe
  2⤵
  PID:7268
- C:\Windows\System\nMUeNjq.exe
  C:\Windows\System\nMUeNjq.exe
  2⤵
  PID:7532
- C:\Windows\System\mbmioqU.exe
  C:\Windows\System\mbmioqU.exe
  2⤵
  PID:7932
- C:\Windows\System\oXnrLoH.exe
  C:\Windows\System\oXnrLoH.exe
  2⤵
  PID:8064
- C:\Windows\System\EfYwumt.exe
  C:\Windows\System\EfYwumt.exe
  2⤵
  PID:8140
- C:\Windows\System\vyazOwI.exe
  C:\Windows\System\vyazOwI.exe
  2⤵
  PID:7016
- C:\Windows\System\jaXeGLL.exe
  C:\Windows\System\jaXeGLL.exe
  2⤵
  PID:8100
- C:\Windows\System\TogIENw.exe
  C:\Windows\System\TogIENw.exe
  2⤵
  PID:7224
- C:\Windows\System\BgaFcyZ.exe
  C:\Windows\System\BgaFcyZ.exe
  2⤵
  PID:7656
- C:\Windows\System\usIlWHu.exe
  C:\Windows\System\usIlWHu.exe
  2⤵
  PID:8216
- C:\Windows\System\ZcpBbBy.exe
  C:\Windows\System\ZcpBbBy.exe
  2⤵
  PID:8232
- C:\Windows\System\IWDTRci.exe
  C:\Windows\System\IWDTRci.exe
  2⤵
  PID:8252
- C:\Windows\System\IgQzELj.exe
  C:\Windows\System\IgQzELj.exe
  2⤵
  PID:8268
- C:\Windows\System\qBdLmUa.exe
  C:\Windows\System\qBdLmUa.exe
  2⤵
  PID:8288
- C:\Windows\System\GGUktHL.exe
  C:\Windows\System\GGUktHL.exe
  2⤵
  PID:8308
- C:\Windows\System\IMAdgzp.exe
  C:\Windows\System\IMAdgzp.exe
  2⤵
  PID:8324
- C:\Windows\System\PSxWhPJ.exe
  C:\Windows\System\PSxWhPJ.exe
  2⤵
  PID:8372
- C:\Windows\System\VpBCKwe.exe
  C:\Windows\System\VpBCKwe.exe
  2⤵
  PID:8392
- C:\Windows\System\JWJKIyh.exe
  C:\Windows\System\JWJKIyh.exe
  2⤵
  PID:8408
- C:\Windows\System\kEeGuHw.exe
  C:\Windows\System\kEeGuHw.exe
  2⤵
  PID:8428
- C:\Windows\System\lKljguZ.exe
  C:\Windows\System\lKljguZ.exe
  2⤵
  PID:8456
- C:\Windows\System\GMRAuwj.exe
  C:\Windows\System\GMRAuwj.exe
  2⤵
  PID:8476
- C:\Windows\System\FWKvMID.exe
  C:\Windows\System\FWKvMID.exe
  2⤵
  PID:8492
- C:\Windows\System\goDzWNC.exe
  C:\Windows\System\goDzWNC.exe
  2⤵
  PID:8508
- C:\Windows\System\iUaDWAX.exe
  C:\Windows\System\iUaDWAX.exe
  2⤵
  PID:8524
- C:\Windows\System\rQEIRBa.exe
  C:\Windows\System\rQEIRBa.exe
  2⤵
  PID:8544
- C:\Windows\System\cUsyUzf.exe
  C:\Windows\System\cUsyUzf.exe
  2⤵
  PID:8568
- C:\Windows\System\TREVsdf.exe
  C:\Windows\System\TREVsdf.exe
  2⤵
  PID:8592
- C:\Windows\System\PCYvHWG.exe
  C:\Windows\System\PCYvHWG.exe
  2⤵
  PID:8612
- C:\Windows\System\WmEenLr.exe
  C:\Windows\System\WmEenLr.exe
  2⤵
  PID:8632
- C:\Windows\System\wheWRYr.exe
  C:\Windows\System\wheWRYr.exe
  2⤵
  PID:8652
- C:\Windows\System\DHYFhBB.exe
  C:\Windows\System\DHYFhBB.exe
  2⤵
  PID:8672
- C:\Windows\System\HNeKqEH.exe
  C:\Windows\System\HNeKqEH.exe
  2⤵
  PID:8692
- C:\Windows\System\GfJWddV.exe
  C:\Windows\System\GfJWddV.exe
  2⤵
  PID:8712
- C:\Windows\System\wzfGgwH.exe
  C:\Windows\System\wzfGgwH.exe
  2⤵
  PID:8732
- C:\Windows\System\lbpaYJQ.exe
  C:\Windows\System\lbpaYJQ.exe
  2⤵
  PID:8756
- C:\Windows\System\CflGsGd.exe
  C:\Windows\System\CflGsGd.exe
  2⤵
  PID:8772
- C:\Windows\System\rTNpzxc.exe
  C:\Windows\System\rTNpzxc.exe
  2⤵
  PID:8792
- C:\Windows\System\eYNbAdT.exe
  C:\Windows\System\eYNbAdT.exe
  2⤵
  PID:8820
- C:\Windows\System\GXnMyCv.exe
  C:\Windows\System\GXnMyCv.exe
  2⤵
  PID:8840
- C:\Windows\System\LiNAIBe.exe
  C:\Windows\System\LiNAIBe.exe
  2⤵
  PID:8856
- C:\Windows\System\wqVsQHx.exe
  C:\Windows\System\wqVsQHx.exe
  2⤵
  PID:8872
- C:\Windows\System\awAQOMH.exe
  C:\Windows\System\awAQOMH.exe
  2⤵
  PID:8888
- C:\Windows\System\kwPKWWy.exe
  C:\Windows\System\kwPKWWy.exe
  2⤵
  PID:8904
- C:\Windows\System\mPASBei.exe
  C:\Windows\System\mPASBei.exe
  2⤵
  PID:8920
- C:\Windows\System\ksCbWpZ.exe
  C:\Windows\System\ksCbWpZ.exe
  2⤵
  PID:8948
- C:\Windows\System\DpJtVsi.exe
  C:\Windows\System\DpJtVsi.exe
  2⤵
  PID:8980
- C:\Windows\System\REvxakM.exe
  C:\Windows\System\REvxakM.exe
  2⤵
  PID:9004
- C:\Windows\System\CBbZxOz.exe
  C:\Windows\System\CBbZxOz.exe
  2⤵
  PID:9024
- C:\Windows\System\haXsPMg.exe
  C:\Windows\System\haXsPMg.exe
  2⤵
  PID:9044
- C:\Windows\System\IUntHJU.exe
  C:\Windows\System\IUntHJU.exe
  2⤵
  PID:9060
- C:\Windows\System\ZWuyswK.exe
  C:\Windows\System\ZWuyswK.exe
  2⤵
  PID:9080
- C:\Windows\System\yWqQzyg.exe
  C:\Windows\System\yWqQzyg.exe
  2⤵
  PID:9096
- C:\Windows\System\xzJucHo.exe
  C:\Windows\System\xzJucHo.exe
  2⤵
  PID:9116
- C:\Windows\System\rNjSPoH.exe
  C:\Windows\System\rNjSPoH.exe
  2⤵
  PID:9132
- C:\Windows\System\YZjtWMU.exe
  C:\Windows\System\YZjtWMU.exe
  2⤵
  PID:9148
- C:\Windows\System\GZlHRPX.exe
  C:\Windows\System\GZlHRPX.exe
  2⤵
  PID:9176
- C:\Windows\System\hsIKrgP.exe
  C:\Windows\System\hsIKrgP.exe
  2⤵
  PID:9192
- C:\Windows\System\QjmLzNW.exe
  C:\Windows\System\QjmLzNW.exe
  2⤵
  PID:9208
- C:\Windows\System\eBXpbRS.exe
  C:\Windows\System\eBXpbRS.exe
  2⤵
  PID:8212
- C:\Windows\System\uvVIJEJ.exe
  C:\Windows\System\uvVIJEJ.exe
  2⤵
  PID:8248
- C:\Windows\System\QhnAYJI.exe
  C:\Windows\System\QhnAYJI.exe
  2⤵
  PID:8320
- C:\Windows\System\RqFDGYD.exe
  C:\Windows\System\RqFDGYD.exe
  2⤵
  PID:8296
- C:\Windows\System\QLUhsnf.exe
  C:\Windows\System\QLUhsnf.exe
  2⤵
  PID:8228
- C:\Windows\System\mEuWULi.exe
  C:\Windows\System\mEuWULi.exe
  2⤵
  PID:8384
- C:\Windows\System\PgcQFkU.exe
  C:\Windows\System\PgcQFkU.exe
  2⤵
  PID:8424
- C:\Windows\System\HgBTJdS.exe
  C:\Windows\System\HgBTJdS.exe
  2⤵
  PID:8464
- C:\Windows\System\xDGyOgC.exe
  C:\Windows\System\xDGyOgC.exe
  2⤵
  PID:8504
- C:\Windows\System\ZkKDFvk.exe
  C:\Windows\System\ZkKDFvk.exe
  2⤵
  PID:8576
- C:\Windows\System\fVkUrQy.exe
  C:\Windows\System\fVkUrQy.exe
  2⤵
  PID:8520
- C:\Windows\System\DrfYLAr.exe
  C:\Windows\System\DrfYLAr.exe
  2⤵
  PID:8564
- C:\Windows\System\WWLPjuA.exe
  C:\Windows\System\WWLPjuA.exe
  2⤵
  PID:8660
- C:\Windows\System\ymACWIu.exe
  C:\Windows\System\ymACWIu.exe
  2⤵
  PID:8640
- C:\Windows\System\tqeuzGF.exe
  C:\Windows\System\tqeuzGF.exe
  2⤵
  PID:8680
- C:\Windows\System\ExFAwsf.exe
  C:\Windows\System\ExFAwsf.exe
  2⤵
  PID:8724
- C:\Windows\System\juFgzof.exe
  C:\Windows\System\juFgzof.exe
  2⤵
  PID:8752
- C:\Windows\System\KPmnKQi.exe
  C:\Windows\System\KPmnKQi.exe
  2⤵
  PID:8800
- C:\Windows\System\CKzdRYA.exe
  C:\Windows\System\CKzdRYA.exe
  2⤵
  PID:8812
- C:\Windows\System\SsMBiki.exe
  C:\Windows\System\SsMBiki.exe
  2⤵
  PID:8864
- C:\Windows\System\dLBnppQ.exe
  C:\Windows\System\dLBnppQ.exe
  2⤵
  PID:8900
- C:\Windows\System\rAqvueY.exe
  C:\Windows\System\rAqvueY.exe
  2⤵
  PID:8940
- C:\Windows\System\RvBBXEl.exe
  C:\Windows\System\RvBBXEl.exe
  2⤵
  PID:8956
- C:\Windows\System\fjNUsfS.exe
  C:\Windows\System\fjNUsfS.exe
  2⤵
  PID:8972
- C:\Windows\System\EwEoycU.exe
  C:\Windows\System\EwEoycU.exe
  2⤵
  PID:9000
- C:\Windows\System\ndmwsuN.exe
  C:\Windows\System\ndmwsuN.exe
  2⤵
  PID:9036
- C:\Windows\System\yGrDmqN.exe
  C:\Windows\System\yGrDmqN.exe
  2⤵
  PID:9140
- C:\Windows\System\nrQbYeP.exe
  C:\Windows\System\nrQbYeP.exe
  2⤵
  PID:9124
- C:\Windows\System\TolUTFw.exe
  C:\Windows\System\TolUTFw.exe
  2⤵
  PID:9156
- C:\Windows\System\ZiaDQnY.exe
  C:\Windows\System\ZiaDQnY.exe
  2⤵
  PID:8280
- C:\Windows\System\fqWAxQz.exe
  C:\Windows\System\fqWAxQz.exe
  2⤵
  PID:9204
- C:\Windows\System\zwYnobX.exe
  C:\Windows\System\zwYnobX.exe
  2⤵
  PID:8244
- C:\Windows\System\oEDiGws.exe
  C:\Windows\System\oEDiGws.exe
  2⤵
  PID:8300
- C:\Windows\System\VkapumP.exe
  C:\Windows\System\VkapumP.exe
  2⤵
  PID:8380
- C:\Windows\System\wdpaqne.exe
  C:\Windows\System\wdpaqne.exe
  2⤵
  PID:8152
- C:\Windows\System\FlEVGpZ.exe
  C:\Windows\System\FlEVGpZ.exe
  2⤵
  PID:8472
- C:\Windows\System\KkYMeDp.exe
  C:\Windows\System\KkYMeDp.exe
  2⤵
  PID:8580
- C:\Windows\System\ZIarQgL.exe
  C:\Windows\System\ZIarQgL.exe
  2⤵
  PID:8584
- C:\Windows\System\inSmiiM.exe
  C:\Windows\System\inSmiiM.exe
  2⤵
  PID:8608
- C:\Windows\System\QfmBKhO.exe
  C:\Windows\System\QfmBKhO.exe
  2⤵
  PID:8668
- C:\Windows\System\iKceztH.exe
  C:\Windows\System\iKceztH.exe
  2⤵
  PID:8720
- C:\Windows\System\RBupyaw.exe
  C:\Windows\System\RBupyaw.exe
  2⤵
  PID:8808
- C:\Windows\System\qdCPcsC.exe
  C:\Windows\System\qdCPcsC.exe
  2⤵
  PID:8880
- C:\Windows\System\THXEmBE.exe
  C:\Windows\System\THXEmBE.exe
  2⤵
  PID:8836
- C:\Windows\System\eQaRCzF.exe
  C:\Windows\System\eQaRCzF.exe
  2⤵
  PID:9076
- C:\Windows\System\qNMZXSS.exe
  C:\Windows\System\qNMZXSS.exe
  2⤵
  PID:9032
- C:\Windows\System\GmBVQlX.exe
  C:\Windows\System\GmBVQlX.exe
  2⤵
  PID:9052
- C:\Windows\System\kSTXWWc.exe
  C:\Windows\System\kSTXWWc.exe
  2⤵
  PID:9188
- C:\Windows\System\tUhPifh.exe
  C:\Windows\System\tUhPifh.exe
  2⤵
  PID:7196
- C:\Windows\System\EKzsQQq.exe
  C:\Windows\System\EKzsQQq.exe
  2⤵
  PID:9172
- C:\Windows\System\RlyUovy.exe
  C:\Windows\System\RlyUovy.exe
  2⤵
  PID:8400
- C:\Windows\System\XqJXPJO.exe
  C:\Windows\System\XqJXPJO.exe
  2⤵
  PID:8452
- C:\Windows\System\EFGkFqS.exe
  C:\Windows\System\EFGkFqS.exe
  2⤵
  PID:8600
- C:\Windows\System\dzvAalD.exe
  C:\Windows\System\dzvAalD.exe
  2⤵
  PID:8708
- C:\Windows\System\hZfFmgF.exe
  C:\Windows\System\hZfFmgF.exe
  2⤵
  PID:8644
- C:\Windows\System\iKIxobr.exe
  C:\Windows\System\iKIxobr.exe
  2⤵
  PID:8932
- C:\Windows\System\RxkecgT.exe
  C:\Windows\System\RxkecgT.exe
  2⤵
  PID:8968
- C:\Windows\System\DSxJqxU.exe
  C:\Windows\System\DSxJqxU.exe
  2⤵
  PID:8832
- C:\Windows\System\grjeMNW.exe
  C:\Windows\System\grjeMNW.exe
  2⤵
  PID:8624
- C:\Windows\System\mnKFxzl.exe
  C:\Windows\System\mnKFxzl.exe
  2⤵
  PID:9092
- C:\Windows\System\jaFswlA.exe
  C:\Windows\System\jaFswlA.exe
  2⤵
  PID:8356
- C:\Windows\System\CHiuYTr.exe
  C:\Windows\System\CHiuYTr.exe
  2⤵
  PID:8416
- C:\Windows\System\WctfGmM.exe
  C:\Windows\System\WctfGmM.exe
  2⤵
  PID:8588
- C:\Windows\System\xMVpWYW.exe
  C:\Windows\System\xMVpWYW.exe
  2⤵
  PID:8664
- C:\Windows\System\wxopfmx.exe
  C:\Windows\System\wxopfmx.exe
  2⤵
  PID:9112
- C:\Windows\System\PpLEqBn.exe
  C:\Windows\System\PpLEqBn.exe
  2⤵
  PID:9040
- C:\Windows\System\fCtbxbJ.exe
  C:\Windows\System\fCtbxbJ.exe
  2⤵
  PID:8200
- C:\Windows\System\ZhiDnkR.exe
  C:\Windows\System\ZhiDnkR.exe
  2⤵
  PID:8420
- C:\Windows\System\NOlEYvS.exe
  C:\Windows\System\NOlEYvS.exe
  2⤵
  PID:8728
- C:\Windows\System\oGJgWPz.exe
  C:\Windows\System\oGJgWPz.exe
  2⤵
  PID:8916
- C:\Windows\System\AfdVseN.exe
  C:\Windows\System\AfdVseN.exe
  2⤵
  PID:9020
- C:\Windows\System\kAqhgfO.exe
  C:\Windows\System\kAqhgfO.exe
  2⤵
  PID:8368
- C:\Windows\System\NBJDKsv.exe
  C:\Windows\System\NBJDKsv.exe
  2⤵
  PID:8768
- C:\Windows\System\NcqzeHP.exe
  C:\Windows\System\NcqzeHP.exe
  2⤵
  PID:9168
- C:\Windows\System\UWwkAyt.exe
  C:\Windows\System\UWwkAyt.exe
  2⤵
  PID:7988
- C:\Windows\System\OKvwTqT.exe
  C:\Windows\System\OKvwTqT.exe
  2⤵
  PID:9104
- C:\Windows\System\arSPgBo.exe
  C:\Windows\System\arSPgBo.exe
  2⤵
  PID:8284
- C:\Windows\System\iiJpbOJ.exe
  C:\Windows\System\iiJpbOJ.exe
  2⤵
  PID:9232
- C:\Windows\System\ZscLSTS.exe
  C:\Windows\System\ZscLSTS.exe
  2⤵
  PID:9260
- C:\Windows\System\UYCvrKU.exe
  C:\Windows\System\UYCvrKU.exe
  2⤵
  PID:9280
- C:\Windows\System\xnhRNrw.exe
  C:\Windows\System\xnhRNrw.exe
  2⤵
  PID:9296
- C:\Windows\System\pSZjGKf.exe
  C:\Windows\System\pSZjGKf.exe
  2⤵
  PID:9316
- C:\Windows\System\pEdVVYo.exe
  C:\Windows\System\pEdVVYo.exe
  2⤵
  PID:9332
- C:\Windows\System\pjYQcCe.exe
  C:\Windows\System\pjYQcCe.exe
  2⤵
  PID:9348
- C:\Windows\System\CyPmcay.exe
  C:\Windows\System\CyPmcay.exe
  2⤵
  PID:9364
- C:\Windows\System\ZtFHbld.exe
  C:\Windows\System\ZtFHbld.exe
  2⤵
  PID:9380
- C:\Windows\System\gulNLpY.exe
  C:\Windows\System\gulNLpY.exe
  2⤵
  PID:9400
- C:\Windows\System\NobuvKz.exe
  C:\Windows\System\NobuvKz.exe
  2⤵
  PID:9428
- C:\Windows\System\vyiFmFO.exe
  C:\Windows\System\vyiFmFO.exe
  2⤵
  PID:9464
- C:\Windows\System\qHrVFQA.exe
  C:\Windows\System\qHrVFQA.exe
  2⤵
  PID:9484
- C:\Windows\System\IFFAOIP.exe
  C:\Windows\System\IFFAOIP.exe
  2⤵
  PID:9504
- C:\Windows\System\TNZudHn.exe
  C:\Windows\System\TNZudHn.exe
  2⤵
  PID:9520
- C:\Windows\System\KZrhdPC.exe
  C:\Windows\System\KZrhdPC.exe
  2⤵
  PID:9536
- C:\Windows\System\GVhllJX.exe
  C:\Windows\System\GVhllJX.exe
  2⤵
  PID:9556
- C:\Windows\System\PbRxGZg.exe
  C:\Windows\System\PbRxGZg.exe
  2⤵
  PID:9572
- C:\Windows\System\HERpSwe.exe
  C:\Windows\System\HERpSwe.exe
  2⤵
  PID:9588
- C:\Windows\System\DgppgQh.exe
  C:\Windows\System\DgppgQh.exe
  2⤵
  PID:9604
- C:\Windows\System\OOgbwci.exe
  C:\Windows\System\OOgbwci.exe
  2⤵
  PID:9620
- C:\Windows\System\cHIJhPl.exe
  C:\Windows\System\cHIJhPl.exe
  2⤵
  PID:9660
- C:\Windows\System\EiomSOE.exe
  C:\Windows\System\EiomSOE.exe
  2⤵
  PID:9676
- C:\Windows\System\JRMMqSP.exe
  C:\Windows\System\JRMMqSP.exe
  2⤵
  PID:9692
- C:\Windows\System\mZUGaoF.exe
  C:\Windows\System\mZUGaoF.exe
  2⤵
  PID:9708
- C:\Windows\System\vynOapP.exe
  C:\Windows\System\vynOapP.exe
  2⤵
  PID:9744
- C:\Windows\System\pLbpSLE.exe
  C:\Windows\System\pLbpSLE.exe
  2⤵
  PID:9764
- C:\Windows\System\BiGRKRI.exe
  C:\Windows\System\BiGRKRI.exe
  2⤵
  PID:9780
- C:\Windows\System\Hckxakq.exe
  C:\Windows\System\Hckxakq.exe
  2⤵
  PID:9796
- C:\Windows\System\ixyEhnq.exe
  C:\Windows\System\ixyEhnq.exe
  2⤵
  PID:9820
- C:\Windows\System\LSAnpUn.exe
  C:\Windows\System\LSAnpUn.exe
  2⤵
  PID:9836
- C:\Windows\System\fiujwLm.exe
  C:\Windows\System\fiujwLm.exe
  2⤵
  PID:9852
- C:\Windows\System\GGyYXND.exe
  C:\Windows\System\GGyYXND.exe
  2⤵
  PID:9872
- C:\Windows\System\slHPGgk.exe
  C:\Windows\System\slHPGgk.exe
  2⤵
  PID:9888
- C:\Windows\System\FcPvsuk.exe
  C:\Windows\System\FcPvsuk.exe
  2⤵
  PID:9908
- C:\Windows\System\zinnagJ.exe
  C:\Windows\System\zinnagJ.exe
  2⤵
  PID:9924
- C:\Windows\System\LdHnhXR.exe
  C:\Windows\System\LdHnhXR.exe
  2⤵
  PID:9968
- C:\Windows\System\NkNzZtY.exe
  C:\Windows\System\NkNzZtY.exe
  2⤵
  PID:9984
- C:\Windows\System\IvssVXK.exe
  C:\Windows\System\IvssVXK.exe
  2⤵
  PID:10000
- C:\Windows\System\HKXHDpM.exe
  C:\Windows\System\HKXHDpM.exe
  2⤵
  PID:10020
- C:\Windows\System\bqGRgUn.exe
  C:\Windows\System\bqGRgUn.exe
  2⤵
  PID:10036
- C:\Windows\System\QDMbjze.exe
  C:\Windows\System\QDMbjze.exe
  2⤵
  PID:10056
- C:\Windows\System\UOWZMGV.exe
  C:\Windows\System\UOWZMGV.exe
  2⤵
  PID:10072
- C:\Windows\System\aqdERtR.exe
  C:\Windows\System\aqdERtR.exe
  2⤵
  PID:10088
- C:\Windows\System\sCBiGim.exe
  C:\Windows\System\sCBiGim.exe
  2⤵
  PID:10116
- C:\Windows\System\pugtYvk.exe
  C:\Windows\System\pugtYvk.exe
  2⤵
  PID:10132
- C:\Windows\System\POlHsqx.exe
  C:\Windows\System\POlHsqx.exe
  2⤵
  PID:10148
- C:\Windows\System\qWEgbEb.exe
  C:\Windows\System\qWEgbEb.exe
  2⤵
  PID:10168
- C:\Windows\System\oTesMHg.exe
  C:\Windows\System\oTesMHg.exe
  2⤵
  PID:10196
- C:\Windows\System\xLKoaKH.exe
  C:\Windows\System\xLKoaKH.exe
  2⤵
  PID:10212
- C:\Windows\System\bqlcTkJ.exe
  C:\Windows\System\bqlcTkJ.exe
  2⤵
  PID:10228
- C:\Windows\System\UKzXzQN.exe
  C:\Windows\System\UKzXzQN.exe
  2⤵
  PID:8784
- C:\Windows\System\BvGpQrs.exe
  C:\Windows\System\BvGpQrs.exe
  2⤵
  PID:9244
- C:\Windows\System\wQmZGRv.exe
  C:\Windows\System\wQmZGRv.exe
  2⤵
  PID:9304
- C:\Windows\System\rFaWopB.exe
  C:\Windows\System\rFaWopB.exe
  2⤵
  PID:9272
- C:\Windows\System\ydZBflQ.exe
  C:\Windows\System\ydZBflQ.exe
  2⤵
  PID:9396
- C:\Windows\System\YdLxcnx.exe
  C:\Windows\System\YdLxcnx.exe
  2⤵
  PID:9412
- C:\Windows\System\ZKAkEGp.exe
  C:\Windows\System\ZKAkEGp.exe
  2⤵
  PID:9448
- C:\Windows\System\VQjPVeW.exe
  C:\Windows\System\VQjPVeW.exe
  2⤵
  PID:9492
- C:\Windows\System\rsDTBjE.exe
  C:\Windows\System\rsDTBjE.exe
  2⤵
  PID:9528
- C:\Windows\System\aUjYRMk.exe
  C:\Windows\System\aUjYRMk.exe
  2⤵
  PID:9628
- C:\Windows\System\oxMeFVp.exe
  C:\Windows\System\oxMeFVp.exe
  2⤵
  PID:9632
- C:\Windows\System\uHtaLDJ.exe
  C:\Windows\System\uHtaLDJ.exe
  2⤵
  PID:9544
- C:\Windows\System\ngqvfpT.exe
  C:\Windows\System\ngqvfpT.exe
  2⤵
  PID:9656
- C:\Windows\System\QwFkNsE.exe
  C:\Windows\System\QwFkNsE.exe
  2⤵
  PID:9704
- C:\Windows\System\lZUtvFb.exe
  C:\Windows\System\lZUtvFb.exe
  2⤵
  PID:9684
- C:\Windows\System\MswPVcw.exe
  C:\Windows\System\MswPVcw.exe
  2⤵
  PID:9740
- C:\Windows\System\UJYIzyO.exe
  C:\Windows\System\UJYIzyO.exe
  2⤵
  PID:9808
- C:\Windows\System\TxOHAqk.exe
  C:\Windows\System\TxOHAqk.exe
  2⤵
  PID:9752
- C:\Windows\System\hXCMUgk.exe
  C:\Windows\System\hXCMUgk.exe
  2⤵
  PID:9756
- C:\Windows\System\lTePRnz.exe
  C:\Windows\System\lTePRnz.exe
  2⤵
  PID:9868
- C:\Windows\System\vpOShgX.exe
  C:\Windows\System\vpOShgX.exe
  2⤵
  PID:9904
- C:\Windows\System\pOEdsbG.exe
  C:\Windows\System\pOEdsbG.exe
  2⤵
  PID:9964
- C:\Windows\System\UUndhNK.exe
  C:\Windows\System\UUndhNK.exe
  2⤵
  PID:10008
- C:\Windows\System\DFmsEne.exe
  C:\Windows\System\DFmsEne.exe
  2⤵
  PID:9992
- C:\Windows\System\fimBzhJ.exe
  C:\Windows\System\fimBzhJ.exe
  2⤵
  PID:10080
- C:\Windows\System\ZtqSxrm.exe
  C:\Windows\System\ZtqSxrm.exe
  2⤵
  PID:10128
- C:\Windows\System\kiNcepO.exe
  C:\Windows\System\kiNcepO.exe
  2⤵
  PID:10028
- C:\Windows\System\VdmLZQx.exe
  C:\Windows\System\VdmLZQx.exe
  2⤵
  PID:10208
- C:\Windows\System\xZXcinG.exe
  C:\Windows\System\xZXcinG.exe
  2⤵
  PID:9276
- C:\Windows\System\tufiLSz.exe
  C:\Windows\System\tufiLSz.exe
  2⤵
  PID:10100
- C:\Windows\System\bopGmoP.exe
  C:\Windows\System\bopGmoP.exe
  2⤵
  PID:9240
- C:\Windows\System\ezIgNgN.exe
  C:\Windows\System\ezIgNgN.exe
  2⤵
  PID:9292
- C:\Windows\System\wSaPyyQ.exe
  C:\Windows\System\wSaPyyQ.exe
  2⤵
  PID:10144
- C:\Windows\System\EfgifTJ.exe
  C:\Windows\System\EfgifTJ.exe
  2⤵
  PID:10192
- C:\Windows\System\maXugDa.exe
  C:\Windows\System\maXugDa.exe
  2⤵
  PID:9340
- C:\Windows\System\VNESTCg.exe
  C:\Windows\System\VNESTCg.exe
  2⤵
  PID:9436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CFUmywF.exe

Filesize
6.0MB

MD5
b7fb0d6851f1f5b06d88c6a0d11e6fdf

SHA1
6eff802d7323db66a9b29bbcb6834a0f897c2607

SHA256
4be1a2951f427242ac0563c151a403cab197ecf0b0ec9daedb3453ba44e5c782

SHA512
46995909d90fe260745a65722d6deffa9afe015c0b51371729d320694a20b12f9ab4bc9876e888628b1b786efcdeff276ed1b5037ee0d47ff644b55d18078b86

Download Submit
C:\Windows\system\CMuydKz.exe

Filesize
6.0MB

MD5
3dcce7381b2d3dad007feb7bfabf58ba

SHA1
48bfb877489c692293f3a391f67bef3359b870c6

SHA256
4ef09857b5205b4171b1154a884015362c8886f0ebb8f319a5527ae93157f503

SHA512
48f7b848639c70e0da4d174c02f902d5de865e5fac8b77cd899cb9c71a04cdfcd6e57a921cb62f93807777b409fb91017400a802a3badfd399f09dfdc6a4c55e

Download Submit
C:\Windows\system\GJvCwkO.exe

Filesize
6.0MB

MD5
15f5e24eaef22313c9fb7b4f754dae1b

SHA1
997aa3b045925b8afe93eecb381a46d724e903fe

SHA256
c5c6c07681b9734325b03c15a1b7c2cfa5692b4b520d51a334e40f01730eb3cb

SHA512
1d192ec1a5a78915e8a1fb460f8e308b866e54161a1016542922499657bf112a4b2dcfa9c96ff097d2a85aab8be8d1583c1a267c4ea320fe0567ca366eb17041

Download Submit
C:\Windows\system\GMzdkBu.exe

Filesize
6.0MB

MD5
5eef1e5a08112d3f532bfeb3c46e80ba

SHA1
b0f5b20b454494574bff00bf686394513df48fa4

SHA256
e4bc2231aee20bd9ff0576fe898793bd4177bbc6b6b541569f4557e44a8e73c4

SHA512
8e0450a76554684a22b9d5aac7fd43dfa67a57dfc95626bbf6709622c4cc5a8be66b054084b97f6b732d9952df5f74bb9d4be81d092ea9ff6b0a898c6efbfa74

Download Submit
C:\Windows\system\KMlkTQI.exe

Filesize
6.0MB

MD5
93ec5e66cb2f7e2c2a757c805393733b

SHA1
c56048be1cfa4d44413c31c0ea97de0b0bf58bd3

SHA256
3bb7885d2712f8e68907b36182332f7f2121f5629e7a7b9f69a242b8673c76eb

SHA512
af792e2193746b3acedd12185c171f7dcd2bb5e877f4bbc6ff78b8daa8ba289e0f0176ba9ca89ada49e4e5dc09a99ffb1c1d5dd5e3001ed92252607e4bced849

Download Submit
C:\Windows\system\KNisMLx.exe

Filesize
6.0MB

MD5
dfead6ea0368a2aebf6516437a2d6564

SHA1
61a3fddccc2138fd74b68a88bfc26a6e2c49f1eb

SHA256
cb2b4b3f34631da3b0214cef2afaf830571c9b8323d12c5ac12eb48c5ea258e8

SHA512
7c6a648fc6b5911fec8a688a966e6096fa418bddadd0c6f80d80668d67cf578f805880c11b4558889801de4877f455ac9a9cc028eb04660cb7493704bfdce92a

Download Submit
C:\Windows\system\LEedLDs.exe

Filesize
6.0MB

MD5
2f8e7fcdce6c9f664bdb5e6e7ee89af1

SHA1
980651dfb725c21c970e759a3a93ce0381ebc00c

SHA256
bdc601c80870c5440d8e2546abf81a9ad924f4dbb401b4e859a8f102640651b3

SHA512
531d149284fa76264f06e3f1cb491e8df2b160da4b638d170281439124d968c99b3974fec9b84d58d36470fde11daa979255f0354b95609403329e358daf8830

Download Submit
C:\Windows\system\QLdDKxq.exe

Filesize
6.0MB

MD5
56a6f73ae37bb49c3e2347a383c77c4c

SHA1
bb8a8a01703ad55b95d25dbcc48fd78bedcf4e1c

SHA256
1479e20cc98df8cf23dacd1dcd8b809492de9d022c6203c192c8988711b3f1e7

SHA512
594716fddf4a64b6bb1bf4cb8e5e7cf30e8a17c454b20d550519c8f8022e8b7cb0010610e616c3d5893458580e73758149318b825c66916c6d5f6a1a581b7b7b

Download Submit
C:\Windows\system\XGmalLF.exe

Filesize
6.0MB

MD5
ae112ab519530f83b5942c5d6d019c8f

SHA1
e8ae313f05dfbd4764f863b695e80c89e8baa1a3

SHA256
b152da1ec5ae688dece8a0e5757e615447b9385a0a7bbc500afb3ab64710ac44

SHA512
6caac386a0e22e26693bd1fef954b1a68b8166923195603d15e27924de79a002767bf42b0a0ebccac475e9e539239b95303ea6195095239f06996a1df8a4fc2a

Download Submit
C:\Windows\system\ZtfyxAW.exe

Filesize
6.0MB

MD5
7cb9e985e808be79564fa94981299436

SHA1
ed8ce38dd66535537bc1b934509f996911a1844d

SHA256
361f10149fd5ae93aac68017ebdd5ad38baeefa16cb6cc13286f305d07dd8b8d

SHA512
3f16d4e4f672b6732cf40596fe389b32c864e180f2d552dfa619917db3a8b7162da029110613e0b146079854d7ce717439316275c5a906c63f29e842ae81ebdf

Download Submit
C:\Windows\system\dltJLSQ.exe

Filesize
6.0MB

MD5
8b5dc971046dcf818039df3a094823e2

SHA1
5ec7a433f6734de6ebc83d3ff976fd67e03676e1

SHA256
f50a342850bb5beeb642963a8d2ff185e127e4c2cb87bf218034dc9434613a9b

SHA512
6d0cb944710d77d46617cced8c592f4f31d343e3414b86812eba3edd0918790baf1e685499b515f3adc41d09a5b4841d47768e7573607989325a5ddb525289a4

Download Submit
C:\Windows\system\dvRRbtp.exe

Filesize
6.0MB

MD5
06c5444f5c9a21f2c01a4753d527b9e8

SHA1
ca048791b0b36361358264a2a400cd2e05a3de08

SHA256
5410cc38f5eccb0616fda0852e7e3e0eb5dd4ad5397eed67f9ecab7529812eba

SHA512
970e10c0bba37e539de6a97b7a97446a447bec8a3eccc75f8125f939e7c596de13eb4900db19f2a0a8aadd50106907d280c09451256149fb5e69baf27ff9d451

Download Submit
C:\Windows\system\epWPuxY.exe

Filesize
6.0MB

MD5
fd6592babaa49cd57365aceb37437d5f

SHA1
ffc5c34c9f24e176b83203bd43b8002bd898b46c

SHA256
cb12a43d4233f9fae58a7a4267e449d0860b6c3c16ab07048a439340a9385aa2

SHA512
59fa89170387223be5305f40dd458d608be2714b9e143f28508da92cfec6359617334410b73a74be8f3587dc4913ca78078f25fad733dd1fe3331d8994f97e6b

Download Submit
C:\Windows\system\fsUqQIH.exe

Filesize
6.0MB

MD5
f79d42b6aa939659f5e67c1276256544

SHA1
ec7d562acbf508246fd33c60e2c56df252aef490

SHA256
2a8a056bb6e42123b3d4539462580ee178b28bf2317f0a2993beba93fbd276bd

SHA512
9ad47a9ebd348d530aab8ba5c5b816e224552e076ef89f1f5bbcf0b291cac949d3ccfdbb6850301b4671e01d4b70412ff23fa3005d47c50ea65fc31acd31c0a6

Download Submit
C:\Windows\system\hRVtQqP.exe

Filesize
6.0MB

MD5
f7af1eb46761c51a023769ca0cc5be2e

SHA1
2175537b03da291b3ab4b5b0a7d1af445b62a7dd

SHA256
41e4af7df999c1b2ae7fee857b3b1484e4676af57172c484e5cf814a9da9c3d8

SHA512
050caef2020f0c1746a40816297f6dca83a9f7098985191b321ffaa75da10154641fa4e11b8ea428f422993568d528c09ff8741cf23a0131c5f853452e56f300

Download Submit
C:\Windows\system\hqfoZTk.exe

Filesize
6.0MB

MD5
75b4f53ce9c62323c60d88f67f3c6a80

SHA1
fdcfd60a00bc7da205bc89865737ee17c09cb48b

SHA256
efcf48e4617d6ab621010f758b7f88ea4fb45b667e7db673768276a3076b5ee5

SHA512
f7cd7d364b5304f29e1eca557242b97480703ad3e918f891be436189cc7a584260fe803f190aee2f7cc9e243df7b4525fca9163bb419c40823d6932346053843

Download Submit
C:\Windows\system\hzBnMch.exe

Filesize
6.0MB

MD5
f470b69c9a6d4ad7a4eab753b9176728

SHA1
4c000850ee743b37df575172378bf3d36eeafd73

SHA256
542744e347e5f70bf7a9e8a74584ebbc91c81f1bb462f4cb4878ac213f41cf62

SHA512
813baa548216071650a535f4d5a186bbb26bf26f90a1320bd5e35d201460e2d3c08335966bcb5418e236431fb879a31e65a791e844900426a736569e9a8230d9

Download Submit
C:\Windows\system\lbVZkQV.exe

Filesize
6.0MB

MD5
de53f76d1e4dbe79c304359b0daf4908

SHA1
61fa804d8e4b8c4969700e91d5449df305775ed0

SHA256
a87d503f19d672d3eed78272822340d372f08a09a3362e6e053edcd9427fa2a1

SHA512
7ff55253aa9236a14e1af1eeb13470e085a67b5c34c7face94cd0302f292b516d6e03f8cb1a844ca0fef24191df90deeb8e4b67a8c98a06d2efab8322b93ec99

Download Submit
C:\Windows\system\rRiXnMH.exe

Filesize
6.0MB

MD5
336854fd576e510613616b1ef7eaac56

SHA1
2540d506f19e3423e79dc90c7e0304d6556bdd10

SHA256
2c004b02a866bb71bce3ad099879dee0bbb7192dfaaee6e83be4ae1155041be5

SHA512
cc4d654364c4d164e0226af42e5f21b7ccfa691dc936b0a1f3ac9e940e84e4a35d2929e3585967db8b446697d681a75d06c6ceab64bdba1a7aaf55af25bcc9d6

Download Submit
C:\Windows\system\wBFnBiH.exe

Filesize
6.0MB

MD5
dfd26521cc071faca5f30f8e2897569f

SHA1
d150fa18521eb2523ecbeafa529a265b16e50fd4

SHA256
038461e72275bbac61f8d95853dc60a4052aac7837a2cdf01bb22d9826a33a47

SHA512
ba57accd418900beb2f4b5da7547e7a0dc7fc00e2520f2b836a408d6f3fc3fd232ae0007865a9a11c101d8267b9d5cc0ab4330fdfea322c6569b8486061dff57

Download Submit
C:\Windows\system\wElIpZF.exe

Filesize
6.0MB

MD5
793258ec31805217efd8ddec360bbd70

SHA1
1661b5da926bb6a148261ab617b789f66b894d53

SHA256
6f6e8ba2f73017c0c2657c4085ad8546d29dc30f23c521a40e7a08e626f14fed

SHA512
be0c1de5fa9a91d26b46bf4486297bfbfbd7374f5ed2b51e252e97fe69a089e603e4d381d5f7b7dacef3ab61a44790d196409f08c518ac1a3482805018166275

Download Submit
C:\Windows\system\wkRHpUY.exe

Filesize
6.0MB

MD5
a1ea18aed11e3320bcdaca3fdcf7a033

SHA1
679937f06b922dffed1c18e87b78f6edd5f213c4

SHA256
d2e708b9f9ad34981d5a5a3e45fc49a284881e93b4c45f35d03251638fe6a9d1

SHA512
74ee74cbcbfa6f99f951a78b7fbf04b3034cff606ef9c5c7c09ebe526df18e7b1a5a38925e4fb56dda1b6720c2d8ea75613afd39d090d23d7fe39b7369013f59

Download Submit
C:\Windows\system\ybJiZHU.exe

Filesize
6.0MB

MD5
5e03b4fc35d29ada156f23e02c5cd181

SHA1
60efd4e2242b8ed4dc38299b5d9877f2036ed47b

SHA256
e96adfc73753e84961744afabf3cd310f96b47f9db3327a59496262faac94020

SHA512
7a5dee9c71429c0b50fbe0c75c45f0fccab0534371c0a5ebdb9b0cd5d063dc85765396fe8b147d2fdba4bc9538ce1e5b0f66211e02a4e0198c4562fce096fbb2

Download Submit
\Windows\system\HeuZrDD.exe

Filesize
6.0MB

MD5
2908bf4c892500c3b7879b38d308cc0c

SHA1
1fbd831c996147120a481352f89075098dc66325

SHA256
4e9179b638c367526c0b30aa2136642d628c5635141b7329a3eae312f3c4f91f

SHA512
646fa0a560f41f7ae35e494849551d49af107f95fbc38515698f8db3ebc2d9adb932e1aa1c9436477489c5138c27867b218e9d876b521dd476f9c743b346ba17

Download Submit
\Windows\system\UDwWoXW.exe

Filesize
6.0MB

MD5
59bcd30174b1c406fed4ac318b50c4b2

SHA1
0986fbdada83f1e8cff62a5ec4af66dfe3004ad9

SHA256
d81696b51a38ff8fef358db77feac4eb58de7978c464fa8f63c0d97d893737c3

SHA512
325908700cd8ccdc388f36c7fb575f3e765bc0209790fb08c9a0ebfb694f564bd19b1f20639a90be94a5bb732e1315a0817c0f96a0551d6a9138c87aefb85761

Download Submit
\Windows\system\VXTfMXb.exe

Filesize
6.0MB

MD5
bc0b2d2cb8eda53932438cfe7a294e5b

SHA1
02a9fb9ee014790ca1497d3b5201b87cad27753b

SHA256
fb6ab4ef9cda137bde5fac8f434368eb63f3e37d495de6fac02da6ba3e2a5011

SHA512
e5ae5a19263c2ce35eeaf0257cc2092b1f8b776a1cc971a66ed0430b3ddbd984bfe224dc7be593b0306a1c33e29833750ad3ba48917490454c459f512f205d27

Download Submit
\Windows\system\absTHTW.exe

Filesize
6.0MB

MD5
c0392e6a1069756803320056ce2f6943

SHA1
30265a14414f440c4c5c7db068e7f48edaaf578d

SHA256
379ec7cb231109afa050ea38f456f5b00c8a8af43903348e250943cf74a38ee1

SHA512
ae71100155534a8983e6278105394cee86a19d3fde9c885f648c3d56a3296c472a625593e479562aaafbdf62b9c7fe7e28d7d2463ccd24afb67a4815ab863dde

Download Submit
\Windows\system\dKGvoHl.exe

Filesize
6.0MB

MD5
8460994332ebaf90933054a0cc2ab9c9

SHA1
0c76f6344c88ece9a8e91e46f426dbe83de6c076

SHA256
cbd39f5ac92fdf7c984f35c3685c7bc20a8e25c6b07c4b5e97a49fa012d14870

SHA512
b25c703b65188cd874c7c2c63757d0478f35265f54a2e8fafd0d61d99c10580fc0d127079f05b0a6cc9d2845a48dac997b0bb97973767c0cb356290eaa00df14

Download Submit
\Windows\system\djJWTNU.exe

Filesize
6.0MB

MD5
d33771e08aa0868423aefe5a144c46b8

SHA1
d715d75c53d2f3e12fa2405c2affce3a1099ad43

SHA256
b8673031b22f8f3cf8ebefa8fd94b60e58c228e7983f44900757ec540aee8799

SHA512
f084f7c0680701892ec3338f9533b8e104bc40285c19b9cb960f634e73dc760d69dd04fe1bb3ccbdcd216e6e064accff3f2c9cc0ef7b66b9cef9d2c5d593ef2b

Download Submit
\Windows\system\iOnIgVe.exe

Filesize
6.0MB

MD5
e441651d3f141436cc4108b7c5ffb6d0

SHA1
db627ec7cb17820c0d1c98270fbf408222c8858b

SHA256
5f5aa0b4ff74afc0997082c50b14d1a06ad5324138d47d24fbe79514b853fed8

SHA512
6d634db2b9d7507e3a391b1de98d64622fac8f3a44c2117a63f70c422cafed3bc83ce3c67545263b38c272768eddb2e993ec7e4845fc0a73a01b2bdd9889ae3c

Download Submit
\Windows\system\quEktlo.exe

Filesize
6.0MB

MD5
d723579b71154abbc4d920824440813a

SHA1
7e25819aef0b0c00d090847caafb6a4a0bcad1a9

SHA256
25e6e2b37a83895cd1bd0feca5a8081acc90fada42ee6c1f1e890412ed352885

SHA512
b4a7af3c99aa9706a4cdd73d9b65d18e7e718e114b6078b2a85e8e48f7d05d9db8a46dc3c9a6a62024b5697131beb8eb31f1ed8912190594ad4f42114dd8d502

Download Submit
\Windows\system\wBvthfM.exe

Filesize
6.0MB

MD5
1cc9972d3f0853ae70774bfac29bf4f5

SHA1
62185879b822a9b8cb9987c4f447fe380302fc36

SHA256
891d73d34b67b51e6641c378ac04dadec79427ccb9d1abcb17c0df535e77162d

SHA512
fae9a103734bc21793e68a074e9a7b35b5c36f6bf4ff3dcb72e29e03ec9de50a3e6d43ae095229d5bb09b766192338bfe9aee6c7493cf9f25dffa1d17e8c8d4d

Download Submit
memory/1900-91-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-4034-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-855-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/1908-75-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/1908-4030-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2016-70-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2016-4031-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2140-18-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-4032-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2220-76-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2428-82-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2428-4033-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2428-642-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2628-59-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2628-4027-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2720-69-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-4029-0x000000013F990000-0x000000013FCE4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-28-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2724-87-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4025-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2780-53-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4028-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-98-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-99-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-4035-0x000000013FB80000-0x000000013FED4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-4024-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-22-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-38-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-4026-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1035-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-758-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-8-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-20-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-84-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-26-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2980-60-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-0-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2980-523-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2980-71-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-74-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1328-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-63-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2980-48-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-1-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-93-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-101-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-79-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/3008-4023-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-21-0x000000013F560000-0x000000013F8B4000-memory.dmp

Filesize
3.3MB

Download