cobaltstrike | ed544f0f6b35274a749f435a8414d60b43038de4395d21693d49e23e0405e560

Analysis

max time kernel
128s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/02/2025, 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7c9d8f87116b891d041141cef6e368b5
SHA1

bcda8decb7ffd530c21a00b7131ab51b04b7b61e
SHA256

ed544f0f6b35274a749f435a8414d60b43038de4395d21693d49e23e0405e560
SHA512

3eca994e51c23526920416c5680cd4e223758de546ca2c7a55a64046b1ec57ff772535e6eb22f556314d5441454bd5530eb00899b1bbab004a7b805e84abcd71
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUT:T+q56utgpPF8u/7T

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012117-3.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173fb-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017403-14.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001747b-15.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001748f-22.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000174ac-25.dat	cobalt_reflective_dll
behavioral1/files/0x001700000001866d-30.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019273-37.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193cc-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193df-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019629-131.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019620-119.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019621-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961d-111.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019539-97.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019639-134.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019627-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019623-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e4-101.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d8-93.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001947e-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-85.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001942f-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019403-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019401-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d9-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c4-57.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193be-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019389-49.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019382-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019277-41.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019271-34.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 48 IoCs

miner

resource	yara_rule
behavioral1/memory/2420-0-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012117-3.dat	xmrig
behavioral1/files/0x00080000000173fb-10.dat	xmrig
behavioral1/files/0x0008000000017403-14.dat	xmrig
behavioral1/files/0x000700000001747b-15.dat	xmrig
behavioral1/files/0x000700000001748f-22.dat	xmrig
behavioral1/files/0x00070000000174ac-25.dat	xmrig
behavioral1/files/0x001700000001866d-30.dat	xmrig
behavioral1/files/0x0005000000019273-37.dat	xmrig
behavioral1/files/0x00050000000193cc-61.dat	xmrig
behavioral1/files/0x00050000000193df-69.dat	xmrig
behavioral1/files/0x0005000000019629-131.dat	xmrig
behavioral1/files/0x0005000000019625-123.dat	xmrig
behavioral1/files/0x0005000000019620-119.dat	xmrig
behavioral1/files/0x0005000000019621-116.dat	xmrig
behavioral1/files/0x000500000001961d-111.dat	xmrig
behavioral1/files/0x000500000001961f-109.dat	xmrig
behavioral1/files/0x000500000001961b-103.dat	xmrig
behavioral1/files/0x0005000000019539-97.dat	xmrig
behavioral1/files/0x0005000000019639-134.dat	xmrig
behavioral1/files/0x0005000000019627-130.dat	xmrig
behavioral1/files/0x0005000000019623-129.dat	xmrig
behavioral1/files/0x00050000000195e4-101.dat	xmrig
behavioral1/files/0x00050000000194d8-93.dat	xmrig
behavioral1/files/0x000500000001947e-89.dat	xmrig
behavioral1/files/0x0005000000019441-85.dat	xmrig
behavioral1/files/0x000500000001942f-81.dat	xmrig
behavioral1/files/0x0005000000019403-77.dat	xmrig
behavioral1/files/0x0005000000019401-74.dat	xmrig
behavioral1/files/0x00050000000193d9-65.dat	xmrig
behavioral1/files/0x00050000000193c4-57.dat	xmrig
behavioral1/files/0x00050000000193be-53.dat	xmrig
behavioral1/files/0x0005000000019389-49.dat	xmrig
behavioral1/files/0x0005000000019382-45.dat	xmrig
behavioral1/files/0x0005000000019277-41.dat	xmrig
behavioral1/files/0x0006000000019271-34.dat	xmrig
behavioral1/memory/2420-3596-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/1432-3826-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2040-4632-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2704-4633-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2764-4634-0x000000013F700000-0x000000013FA54000-memory.dmp	xmrig
behavioral1/memory/2880-4635-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2872-4636-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2880-4637-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/536-4638-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2704-4639-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2040-4640-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/2872-4641-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3068	jhHTAmX.exe
2040	UnkTybX.exe
2704	lPivIwc.exe
2344	gAWzOik.exe
536	IAauIAY.exe
2764	ArXKxYc.exe
2880	GgZAXDE.exe
2872	OCDUwwU.exe
2744	qsUeKUO.exe
2628	nADFqeV.exe
2736	SMFfnqz.exe
2892	wRmJjqE.exe
2644	BYoTbpD.exe
1432	AjuDUaq.exe
2624	LgQePUB.exe
1736	OKWowJf.exe
2740	lnldnYk.exe
2672	woKvaih.exe
2544	PHwNRIG.exe
1224	zSFlttQ.exe
1800	VwxIGla.exe
1956	FnKmQjY.exe
1876	crsCcMg.exe
2156	kVQeDpW.exe
2016	XzPDJua.exe
1072	kIqmpxS.exe
2484	tcZjrYQ.exe
2136	FDoAhMk.exe
2244	nLdiHxM.exe
2204	INPGlVi.exe
1560	giTvwGm.exe
2180	eyPbNZp.exe
1624	hOjBaZE.exe
1236	hnDiRZp.exe
2032	bKsqkSx.exe
2008	jqVNWyX.exe
2576	NJucUXB.exe
2968	wLvHQJD.exe
2092	QdPeMAB.exe
2368	gwQIGbu.exe
1916	EGdNrjM.exe
3016	RvfYLxK.exe
1040	qAXxall.exe
952	GwwGJVM.exe
1820	AqKhIgF.exe
900	aOwxypK.exe
2604	IAJItqq.exe
2504	neIDzkk.exe
812	CTbilyd.exe
1544	AwKtbTo.exe
884	ulGWFDe.exe
1564	BvBmnig.exe
1888	CgrVFnF.exe
2464	zkltWTt.exe
2276	rvAQLdj.exe
596	XCvweNT.exe
3008	vWuelxM.exe
2124	tjiiFQk.exe
2500	jxsRwHJ.exe
2288	lrRpDxs.exe
300	YEDVCvC.exe
1780	VAjrLPV.exe
328	WAogulA.exe
2212	pUaGyPM.exe

Loads dropped DLL 64 IoCs

pid	Process
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 48 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2420-0-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x0007000000012117-3.dat	upx
behavioral1/files/0x00080000000173fb-10.dat	upx
behavioral1/files/0x0008000000017403-14.dat	upx
behavioral1/files/0x000700000001747b-15.dat	upx
behavioral1/files/0x000700000001748f-22.dat	upx
behavioral1/files/0x00070000000174ac-25.dat	upx
behavioral1/files/0x001700000001866d-30.dat	upx
behavioral1/files/0x0005000000019273-37.dat	upx
behavioral1/files/0x00050000000193cc-61.dat	upx
behavioral1/files/0x00050000000193df-69.dat	upx
behavioral1/files/0x0005000000019629-131.dat	upx
behavioral1/files/0x0005000000019625-123.dat	upx
behavioral1/files/0x0005000000019620-119.dat	upx
behavioral1/files/0x0005000000019621-116.dat	upx
behavioral1/files/0x000500000001961d-111.dat	upx
behavioral1/files/0x000500000001961f-109.dat	upx
behavioral1/files/0x000500000001961b-103.dat	upx
behavioral1/files/0x0005000000019539-97.dat	upx
behavioral1/files/0x0005000000019639-134.dat	upx
behavioral1/files/0x0005000000019627-130.dat	upx
behavioral1/files/0x0005000000019623-129.dat	upx
behavioral1/files/0x00050000000195e4-101.dat	upx
behavioral1/files/0x00050000000194d8-93.dat	upx
behavioral1/files/0x000500000001947e-89.dat	upx
behavioral1/files/0x0005000000019441-85.dat	upx
behavioral1/files/0x000500000001942f-81.dat	upx
behavioral1/files/0x0005000000019403-77.dat	upx
behavioral1/files/0x0005000000019401-74.dat	upx
behavioral1/files/0x00050000000193d9-65.dat	upx
behavioral1/files/0x00050000000193c4-57.dat	upx
behavioral1/files/0x00050000000193be-53.dat	upx
behavioral1/files/0x0005000000019389-49.dat	upx
behavioral1/files/0x0005000000019382-45.dat	upx
behavioral1/files/0x0005000000019277-41.dat	upx
behavioral1/files/0x0006000000019271-34.dat	upx
behavioral1/memory/2420-3596-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/1432-3826-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2040-4632-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2704-4633-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2764-4634-0x000000013F700000-0x000000013FA54000-memory.dmp	upx
behavioral1/memory/2880-4635-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2872-4636-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2880-4637-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/536-4638-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2704-4639-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/2040-4640-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/2872-4641-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\psqQdrl.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFoPXRL.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNNzuVD.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ddRDeec.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\THJJvEu.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jsDFvdv.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqElpKn.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUnGLKV.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIZJbGh.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qvwPbua.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rvAQLdj.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mqOtjsS.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jKLTIGK.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAxTQWR.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HjrUjIw.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UwVwXLE.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjSsxvi.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjAsEKv.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SkNcgWL.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsCGVMj.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDekqQy.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DawzlJY.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qoLGsGf.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QkMcUor.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tAkqfnX.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrVVuMi.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLdiHxM.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zjrzofD.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFxjehS.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UBfbrXP.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfYxdVz.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NoqgBad.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\llmFghb.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vBeRMQk.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQoxEuf.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AGGdBDM.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXEbTnF.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bfZEpcn.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HolcOTD.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nbaWwEI.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dviublp.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRgWnIS.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hLgSRKh.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LODPOFq.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YZjTJsI.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OsIgbVl.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfDYBzo.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kWozbNt.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTbilyd.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PSZMtjy.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjjIxkr.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JATQvRO.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\shOgziY.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTlwNzf.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIMDTsu.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nGjtnGf.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inMQdfX.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dRIXbWC.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPGcXNd.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBHQaDT.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OAUpzTr.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oByKcCW.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbCybvD.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlHdrRh.exe	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2420 wrote to memory of 3068	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 3068	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 3068	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2420 wrote to memory of 2040	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 2040	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 2040	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2420 wrote to memory of 2704	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2704	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2704	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2420 wrote to memory of 2344	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2344	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 2344	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2420 wrote to memory of 536	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 536	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 536	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2420 wrote to memory of 2764	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2764	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2764	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2420 wrote to memory of 2880	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2880	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2880	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2420 wrote to memory of 2872	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2872	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2872	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2420 wrote to memory of 2744	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2744	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2744	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2420 wrote to memory of 2628	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2628	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2628	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2420 wrote to memory of 2736	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2736	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2736	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2420 wrote to memory of 2892	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2892	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2892	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2420 wrote to memory of 2644	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2644	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 2644	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2420 wrote to memory of 1432	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 1432	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 1432	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2420 wrote to memory of 2624	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 2624	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 2624	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2420 wrote to memory of 1736	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 1736	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 1736	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2420 wrote to memory of 2740	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 2740	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 2740	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2420 wrote to memory of 2672	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 2672	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 2672	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2420 wrote to memory of 2544	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 2544	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 2544	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2420 wrote to memory of 1224	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 1224	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 1224	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2420 wrote to memory of 1800	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 1800	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 1800	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2420 wrote to memory of 1956	2420	2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-03_7c9d8f87116b891d041141cef6e368b5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2420
- C:\Windows\System\jhHTAmX.exe
  C:\Windows\System\jhHTAmX.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\UnkTybX.exe
  C:\Windows\System\UnkTybX.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\lPivIwc.exe
  C:\Windows\System\lPivIwc.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\gAWzOik.exe
  C:\Windows\System\gAWzOik.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\IAauIAY.exe
  C:\Windows\System\IAauIAY.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\ArXKxYc.exe
  C:\Windows\System\ArXKxYc.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\GgZAXDE.exe
  C:\Windows\System\GgZAXDE.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\OCDUwwU.exe
  C:\Windows\System\OCDUwwU.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\qsUeKUO.exe
  C:\Windows\System\qsUeKUO.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\nADFqeV.exe
  C:\Windows\System\nADFqeV.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\SMFfnqz.exe
  C:\Windows\System\SMFfnqz.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\wRmJjqE.exe
  C:\Windows\System\wRmJjqE.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\BYoTbpD.exe
  C:\Windows\System\BYoTbpD.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\AjuDUaq.exe
  C:\Windows\System\AjuDUaq.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\LgQePUB.exe
  C:\Windows\System\LgQePUB.exe
  2⤵
  - Executes dropped EXE
  PID:2624
- C:\Windows\System\OKWowJf.exe
  C:\Windows\System\OKWowJf.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\lnldnYk.exe
  C:\Windows\System\lnldnYk.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\woKvaih.exe
  C:\Windows\System\woKvaih.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\PHwNRIG.exe
  C:\Windows\System\PHwNRIG.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\zSFlttQ.exe
  C:\Windows\System\zSFlttQ.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\VwxIGla.exe
  C:\Windows\System\VwxIGla.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\FnKmQjY.exe
  C:\Windows\System\FnKmQjY.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\crsCcMg.exe
  C:\Windows\System\crsCcMg.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\kVQeDpW.exe
  C:\Windows\System\kVQeDpW.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\XzPDJua.exe
  C:\Windows\System\XzPDJua.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\bKsqkSx.exe
  C:\Windows\System\bKsqkSx.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\kIqmpxS.exe
  C:\Windows\System\kIqmpxS.exe
  2⤵
  - Executes dropped EXE
  PID:1072
- C:\Windows\System\jqVNWyX.exe
  C:\Windows\System\jqVNWyX.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\tcZjrYQ.exe
  C:\Windows\System\tcZjrYQ.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\wLvHQJD.exe
  C:\Windows\System\wLvHQJD.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\FDoAhMk.exe
  C:\Windows\System\FDoAhMk.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\QdPeMAB.exe
  C:\Windows\System\QdPeMAB.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\nLdiHxM.exe
  C:\Windows\System\nLdiHxM.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\gwQIGbu.exe
  C:\Windows\System\gwQIGbu.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\INPGlVi.exe
  C:\Windows\System\INPGlVi.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\EGdNrjM.exe
  C:\Windows\System\EGdNrjM.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\giTvwGm.exe
  C:\Windows\System\giTvwGm.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\RvfYLxK.exe
  C:\Windows\System\RvfYLxK.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\eyPbNZp.exe
  C:\Windows\System\eyPbNZp.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\qAXxall.exe
  C:\Windows\System\qAXxall.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\hOjBaZE.exe
  C:\Windows\System\hOjBaZE.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\GwwGJVM.exe
  C:\Windows\System\GwwGJVM.exe
  2⤵
  - Executes dropped EXE
  PID:952
- C:\Windows\System\hnDiRZp.exe
  C:\Windows\System\hnDiRZp.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\AqKhIgF.exe
  C:\Windows\System\AqKhIgF.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\NJucUXB.exe
  C:\Windows\System\NJucUXB.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\aOwxypK.exe
  C:\Windows\System\aOwxypK.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\IAJItqq.exe
  C:\Windows\System\IAJItqq.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\neIDzkk.exe
  C:\Windows\System\neIDzkk.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\CTbilyd.exe
  C:\Windows\System\CTbilyd.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\AwKtbTo.exe
  C:\Windows\System\AwKtbTo.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\ulGWFDe.exe
  C:\Windows\System\ulGWFDe.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\BvBmnig.exe
  C:\Windows\System\BvBmnig.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\CgrVFnF.exe
  C:\Windows\System\CgrVFnF.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\zkltWTt.exe
  C:\Windows\System\zkltWTt.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\rvAQLdj.exe
  C:\Windows\System\rvAQLdj.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\XCvweNT.exe
  C:\Windows\System\XCvweNT.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\vWuelxM.exe
  C:\Windows\System\vWuelxM.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\tjiiFQk.exe
  C:\Windows\System\tjiiFQk.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\jxsRwHJ.exe
  C:\Windows\System\jxsRwHJ.exe
  2⤵
  - Executes dropped EXE
  PID:2500
- C:\Windows\System\lrRpDxs.exe
  C:\Windows\System\lrRpDxs.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\YEDVCvC.exe
  C:\Windows\System\YEDVCvC.exe
  2⤵
  - Executes dropped EXE
  PID:300
- C:\Windows\System\VAjrLPV.exe
  C:\Windows\System\VAjrLPV.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\WAogulA.exe
  C:\Windows\System\WAogulA.exe
  2⤵
  - Executes dropped EXE
  PID:328
- C:\Windows\System\pUaGyPM.exe
  C:\Windows\System\pUaGyPM.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\VyWdNmu.exe
  C:\Windows\System\VyWdNmu.exe
  2⤵
  PID:1968
- C:\Windows\System\gEdsZNO.exe
  C:\Windows\System\gEdsZNO.exe
  2⤵
  PID:592
- C:\Windows\System\vuBgCUu.exe
  C:\Windows\System\vuBgCUu.exe
  2⤵
  PID:2340
- C:\Windows\System\OdIIISt.exe
  C:\Windows\System\OdIIISt.exe
  2⤵
  PID:1484
- C:\Windows\System\HhfCvBI.exe
  C:\Windows\System\HhfCvBI.exe
  2⤵
  PID:1716
- C:\Windows\System\BsjVQRg.exe
  C:\Windows\System\BsjVQRg.exe
  2⤵
  PID:1600
- C:\Windows\System\jnUGlxe.exe
  C:\Windows\System\jnUGlxe.exe
  2⤵
  PID:2352
- C:\Windows\System\XXpHFAd.exe
  C:\Windows\System\XXpHFAd.exe
  2⤵
  PID:1588
- C:\Windows\System\ribGHlo.exe
  C:\Windows\System\ribGHlo.exe
  2⤵
  PID:1668
- C:\Windows\System\pzfjMCY.exe
  C:\Windows\System\pzfjMCY.exe
  2⤵
  PID:2920
- C:\Windows\System\zwEQZkn.exe
  C:\Windows\System\zwEQZkn.exe
  2⤵
  PID:2912
- C:\Windows\System\GGBELgm.exe
  C:\Windows\System\GGBELgm.exe
  2⤵
  PID:2656
- C:\Windows\System\tgBrFrr.exe
  C:\Windows\System\tgBrFrr.exe
  2⤵
  PID:2784
- C:\Windows\System\rXAgwPc.exe
  C:\Windows\System\rXAgwPc.exe
  2⤵
  PID:1884
- C:\Windows\System\xRAVUBR.exe
  C:\Windows\System\xRAVUBR.exe
  2⤵
  PID:2268
- C:\Windows\System\ParWTug.exe
  C:\Windows\System\ParWTug.exe
  2⤵
  PID:652
- C:\Windows\System\jhuZsPg.exe
  C:\Windows\System\jhuZsPg.exe
  2⤵
  PID:1408
- C:\Windows\System\plBMeKm.exe
  C:\Windows\System\plBMeKm.exe
  2⤵
  PID:1084
- C:\Windows\System\XrafmYl.exe
  C:\Windows\System\XrafmYl.exe
  2⤵
  PID:2448
- C:\Windows\System\bnyhiPk.exe
  C:\Windows\System\bnyhiPk.exe
  2⤵
  PID:2716
- C:\Windows\System\zjrzofD.exe
  C:\Windows\System\zjrzofD.exe
  2⤵
  PID:1340
- C:\Windows\System\yATTsYB.exe
  C:\Windows\System\yATTsYB.exe
  2⤵
  PID:444
- C:\Windows\System\VoVHrKU.exe
  C:\Windows\System\VoVHrKU.exe
  2⤵
  PID:1920
- C:\Windows\System\dBfBFjZ.exe
  C:\Windows\System\dBfBFjZ.exe
  2⤵
  PID:2020
- C:\Windows\System\UvAFbQO.exe
  C:\Windows\System\UvAFbQO.exe
  2⤵
  PID:1768
- C:\Windows\System\ORnxcKP.exe
  C:\Windows\System\ORnxcKP.exe
  2⤵
  PID:2228
- C:\Windows\System\OMYQVmF.exe
  C:\Windows\System\OMYQVmF.exe
  2⤵
  PID:3028
- C:\Windows\System\KRyaMYb.exe
  C:\Windows\System\KRyaMYb.exe
  2⤵
  PID:1156
- C:\Windows\System\JgQbOBi.exe
  C:\Windows\System\JgQbOBi.exe
  2⤵
  PID:1276
- C:\Windows\System\bkXykjX.exe
  C:\Windows\System\bkXykjX.exe
  2⤵
  PID:2064
- C:\Windows\System\uthkOQh.exe
  C:\Windows\System\uthkOQh.exe
  2⤵
  PID:2248
- C:\Windows\System\FEYLfmL.exe
  C:\Windows\System\FEYLfmL.exe
  2⤵
  PID:904
- C:\Windows\System\ygUNhaw.exe
  C:\Windows\System\ygUNhaw.exe
  2⤵
  PID:1604
- C:\Windows\System\vzWmIvP.exe
  C:\Windows\System\vzWmIvP.exe
  2⤵
  PID:344
- C:\Windows\System\kBHQaDT.exe
  C:\Windows\System\kBHQaDT.exe
  2⤵
  PID:3040
- C:\Windows\System\fsXmoMm.exe
  C:\Windows\System\fsXmoMm.exe
  2⤵
  PID:1880
- C:\Windows\System\jtrOcTC.exe
  C:\Windows\System\jtrOcTC.exe
  2⤵
  PID:848
- C:\Windows\System\rgDPpTy.exe
  C:\Windows\System\rgDPpTy.exe
  2⤵
  PID:2364
- C:\Windows\System\qbYNUme.exe
  C:\Windows\System\qbYNUme.exe
  2⤵
  PID:2160
- C:\Windows\System\xPJiuLM.exe
  C:\Windows\System\xPJiuLM.exe
  2⤵
  PID:2396
- C:\Windows\System\RurAcJS.exe
  C:\Windows\System\RurAcJS.exe
  2⤵
  PID:1596
- C:\Windows\System\DOTwYqi.exe
  C:\Windows\System\DOTwYqi.exe
  2⤵
  PID:3064
- C:\Windows\System\SmpvoYM.exe
  C:\Windows\System\SmpvoYM.exe
  2⤵
  PID:2884
- C:\Windows\System\uFXmptC.exe
  C:\Windows\System\uFXmptC.exe
  2⤵
  PID:2052
- C:\Windows\System\oekGBnv.exe
  C:\Windows\System\oekGBnv.exe
  2⤵
  PID:1728
- C:\Windows\System\LQBUFtf.exe
  C:\Windows\System\LQBUFtf.exe
  2⤵
  PID:2192
- C:\Windows\System\SIBYgsG.exe
  C:\Windows\System\SIBYgsG.exe
  2⤵
  PID:1532
- C:\Windows\System\gKjMchB.exe
  C:\Windows\System\gKjMchB.exe
  2⤵
  PID:2860
- C:\Windows\System\lJTeIqy.exe
  C:\Windows\System\lJTeIqy.exe
  2⤵
  PID:3032
- C:\Windows\System\DqJDGZX.exe
  C:\Windows\System\DqJDGZX.exe
  2⤵
  PID:1584
- C:\Windows\System\ROFqstq.exe
  C:\Windows\System\ROFqstq.exe
  2⤵
  PID:1972
- C:\Windows\System\qMmPadx.exe
  C:\Windows\System\qMmPadx.exe
  2⤵
  PID:2660
- C:\Windows\System\gqswwRC.exe
  C:\Windows\System\gqswwRC.exe
  2⤵
  PID:2312
- C:\Windows\System\FWCiUxf.exe
  C:\Windows\System\FWCiUxf.exe
  2⤵
  PID:1708
- C:\Windows\System\wRLcnqf.exe
  C:\Windows\System\wRLcnqf.exe
  2⤵
  PID:1680
- C:\Windows\System\iArEzhc.exe
  C:\Windows\System\iArEzhc.exe
  2⤵
  PID:2296
- C:\Windows\System\oPgYzNo.exe
  C:\Windows\System\oPgYzNo.exe
  2⤵
  PID:2260
- C:\Windows\System\sGrdiEJ.exe
  C:\Windows\System\sGrdiEJ.exe
  2⤵
  PID:3056
- C:\Windows\System\tANfZIv.exe
  C:\Windows\System\tANfZIv.exe
  2⤵
  PID:1576
- C:\Windows\System\LksUBmn.exe
  C:\Windows\System\LksUBmn.exe
  2⤵
  PID:3084
- C:\Windows\System\rdbCApG.exe
  C:\Windows\System\rdbCApG.exe
  2⤵
  PID:3100
- C:\Windows\System\jkhxMAs.exe
  C:\Windows\System\jkhxMAs.exe
  2⤵
  PID:3116
- C:\Windows\System\huxlmKO.exe
  C:\Windows\System\huxlmKO.exe
  2⤵
  PID:3132
- C:\Windows\System\ClRmTkF.exe
  C:\Windows\System\ClRmTkF.exe
  2⤵
  PID:3148
- C:\Windows\System\CDNMhQi.exe
  C:\Windows\System\CDNMhQi.exe
  2⤵
  PID:3164
- C:\Windows\System\SwnwPjZ.exe
  C:\Windows\System\SwnwPjZ.exe
  2⤵
  PID:3180
- C:\Windows\System\peNraYk.exe
  C:\Windows\System\peNraYk.exe
  2⤵
  PID:3196
- C:\Windows\System\TGCqLxn.exe
  C:\Windows\System\TGCqLxn.exe
  2⤵
  PID:3212
- C:\Windows\System\WLKNcSo.exe
  C:\Windows\System\WLKNcSo.exe
  2⤵
  PID:3228
- C:\Windows\System\gozyNsI.exe
  C:\Windows\System\gozyNsI.exe
  2⤵
  PID:3244
- C:\Windows\System\qpbWIoC.exe
  C:\Windows\System\qpbWIoC.exe
  2⤵
  PID:3260
- C:\Windows\System\IGgVJgq.exe
  C:\Windows\System\IGgVJgq.exe
  2⤵
  PID:3276
- C:\Windows\System\HbNMpFw.exe
  C:\Windows\System\HbNMpFw.exe
  2⤵
  PID:3292
- C:\Windows\System\XMNBBoa.exe
  C:\Windows\System\XMNBBoa.exe
  2⤵
  PID:3308
- C:\Windows\System\ESOZyHS.exe
  C:\Windows\System\ESOZyHS.exe
  2⤵
  PID:3324
- C:\Windows\System\nPHwRvV.exe
  C:\Windows\System\nPHwRvV.exe
  2⤵
  PID:3340
- C:\Windows\System\qzsjuFT.exe
  C:\Windows\System\qzsjuFT.exe
  2⤵
  PID:3356
- C:\Windows\System\EOSKYTT.exe
  C:\Windows\System\EOSKYTT.exe
  2⤵
  PID:3372
- C:\Windows\System\YewRiwm.exe
  C:\Windows\System\YewRiwm.exe
  2⤵
  PID:3388
- C:\Windows\System\ddRDeec.exe
  C:\Windows\System\ddRDeec.exe
  2⤵
  PID:3404
- C:\Windows\System\cjehZFG.exe
  C:\Windows\System\cjehZFG.exe
  2⤵
  PID:3420
- C:\Windows\System\mcdkwKf.exe
  C:\Windows\System\mcdkwKf.exe
  2⤵
  PID:3436
- C:\Windows\System\QNmZgcv.exe
  C:\Windows\System\QNmZgcv.exe
  2⤵
  PID:3452
- C:\Windows\System\hDfHzzZ.exe
  C:\Windows\System\hDfHzzZ.exe
  2⤵
  PID:3468
- C:\Windows\System\pMrJpVc.exe
  C:\Windows\System\pMrJpVc.exe
  2⤵
  PID:3484
- C:\Windows\System\dyLYQKb.exe
  C:\Windows\System\dyLYQKb.exe
  2⤵
  PID:3500
- C:\Windows\System\VwuWHCz.exe
  C:\Windows\System\VwuWHCz.exe
  2⤵
  PID:3516
- C:\Windows\System\aIoaVxL.exe
  C:\Windows\System\aIoaVxL.exe
  2⤵
  PID:3532
- C:\Windows\System\NCspesB.exe
  C:\Windows\System\NCspesB.exe
  2⤵
  PID:3548
- C:\Windows\System\VTHrXuE.exe
  C:\Windows\System\VTHrXuE.exe
  2⤵
  PID:3564
- C:\Windows\System\MXQhfcX.exe
  C:\Windows\System\MXQhfcX.exe
  2⤵
  PID:3580
- C:\Windows\System\MELYugZ.exe
  C:\Windows\System\MELYugZ.exe
  2⤵
  PID:3596
- C:\Windows\System\SCgqLJo.exe
  C:\Windows\System\SCgqLJo.exe
  2⤵
  PID:3612
- C:\Windows\System\tKbqZrZ.exe
  C:\Windows\System\tKbqZrZ.exe
  2⤵
  PID:3628
- C:\Windows\System\qSmqMLT.exe
  C:\Windows\System\qSmqMLT.exe
  2⤵
  PID:3644
- C:\Windows\System\tRSfRTI.exe
  C:\Windows\System\tRSfRTI.exe
  2⤵
  PID:3660
- C:\Windows\System\VqXsFdd.exe
  C:\Windows\System\VqXsFdd.exe
  2⤵
  PID:3676
- C:\Windows\System\bfZEpcn.exe
  C:\Windows\System\bfZEpcn.exe
  2⤵
  PID:3692
- C:\Windows\System\pHcJhZr.exe
  C:\Windows\System\pHcJhZr.exe
  2⤵
  PID:3708
- C:\Windows\System\RFUZNMp.exe
  C:\Windows\System\RFUZNMp.exe
  2⤵
  PID:3724
- C:\Windows\System\THJJvEu.exe
  C:\Windows\System\THJJvEu.exe
  2⤵
  PID:3740
- C:\Windows\System\QtLArnM.exe
  C:\Windows\System\QtLArnM.exe
  2⤵
  PID:3756
- C:\Windows\System\sjxvPId.exe
  C:\Windows\System\sjxvPId.exe
  2⤵
  PID:3772
- C:\Windows\System\cvNxtNf.exe
  C:\Windows\System\cvNxtNf.exe
  2⤵
  PID:3788
- C:\Windows\System\YhntCQk.exe
  C:\Windows\System\YhntCQk.exe
  2⤵
  PID:3804
- C:\Windows\System\yeolSTd.exe
  C:\Windows\System\yeolSTd.exe
  2⤵
  PID:3820
- C:\Windows\System\brhYCKY.exe
  C:\Windows\System\brhYCKY.exe
  2⤵
  PID:3836
- C:\Windows\System\CwLRrHY.exe
  C:\Windows\System\CwLRrHY.exe
  2⤵
  PID:3852
- C:\Windows\System\XmcLuLl.exe
  C:\Windows\System\XmcLuLl.exe
  2⤵
  PID:3868
- C:\Windows\System\weIJeMR.exe
  C:\Windows\System\weIJeMR.exe
  2⤵
  PID:3884
- C:\Windows\System\rNJsoEd.exe
  C:\Windows\System\rNJsoEd.exe
  2⤵
  PID:3900
- C:\Windows\System\SnEJYJY.exe
  C:\Windows\System\SnEJYJY.exe
  2⤵
  PID:3916
- C:\Windows\System\DbLDnJl.exe
  C:\Windows\System\DbLDnJl.exe
  2⤵
  PID:3932
- C:\Windows\System\PymZonV.exe
  C:\Windows\System\PymZonV.exe
  2⤵
  PID:3948
- C:\Windows\System\ANxwaTO.exe
  C:\Windows\System\ANxwaTO.exe
  2⤵
  PID:3964
- C:\Windows\System\JEiBtuw.exe
  C:\Windows\System\JEiBtuw.exe
  2⤵
  PID:3980
- C:\Windows\System\vuWdaDH.exe
  C:\Windows\System\vuWdaDH.exe
  2⤵
  PID:3996
- C:\Windows\System\akChOMO.exe
  C:\Windows\System\akChOMO.exe
  2⤵
  PID:4012
- C:\Windows\System\rkiVPts.exe
  C:\Windows\System\rkiVPts.exe
  2⤵
  PID:4028
- C:\Windows\System\uYMPnOw.exe
  C:\Windows\System\uYMPnOw.exe
  2⤵
  PID:4044
- C:\Windows\System\Lwqynht.exe
  C:\Windows\System\Lwqynht.exe
  2⤵
  PID:4060
- C:\Windows\System\wqnXiAO.exe
  C:\Windows\System\wqnXiAO.exe
  2⤵
  PID:4076
- C:\Windows\System\rFQPJFR.exe
  C:\Windows\System\rFQPJFR.exe
  2⤵
  PID:4092
- C:\Windows\System\YNupoFA.exe
  C:\Windows\System\YNupoFA.exe
  2⤵
  PID:2360
- C:\Windows\System\GAkTBDm.exe
  C:\Windows\System\GAkTBDm.exe
  2⤵
  PID:2620
- C:\Windows\System\dsbnJDh.exe
  C:\Windows\System\dsbnJDh.exe
  2⤵
  PID:1648
- C:\Windows\System\dniLaCZ.exe
  C:\Windows\System\dniLaCZ.exe
  2⤵
  PID:1620
- C:\Windows\System\vSvmeeu.exe
  C:\Windows\System\vSvmeeu.exe
  2⤵
  PID:584
- C:\Windows\System\usYdbwA.exe
  C:\Windows\System\usYdbwA.exe
  2⤵
  PID:316
- C:\Windows\System\Pinnnpf.exe
  C:\Windows\System\Pinnnpf.exe
  2⤵
  PID:2284
- C:\Windows\System\JhTutEu.exe
  C:\Windows\System\JhTutEu.exe
  2⤵
  PID:2252
- C:\Windows\System\jsDFvdv.exe
  C:\Windows\System\jsDFvdv.exe
  2⤵
  PID:3080
- C:\Windows\System\KETHMHn.exe
  C:\Windows\System\KETHMHn.exe
  2⤵
  PID:3096
- C:\Windows\System\rJazBRj.exe
  C:\Windows\System\rJazBRj.exe
  2⤵
  PID:3128
- C:\Windows\System\gkJvIGv.exe
  C:\Windows\System\gkJvIGv.exe
  2⤵
  PID:3176
- C:\Windows\System\mApifxS.exe
  C:\Windows\System\mApifxS.exe
  2⤵
  PID:3188
- C:\Windows\System\FMDXnmK.exe
  C:\Windows\System\FMDXnmK.exe
  2⤵
  PID:3240
- C:\Windows\System\lkFtkhw.exe
  C:\Windows\System\lkFtkhw.exe
  2⤵
  PID:3256
- C:\Windows\System\ptoQRtJ.exe
  C:\Windows\System\ptoQRtJ.exe
  2⤵
  PID:3304
- C:\Windows\System\bcOhLBS.exe
  C:\Windows\System\bcOhLBS.exe
  2⤵
  PID:3320
- C:\Windows\System\fHddRrD.exe
  C:\Windows\System\fHddRrD.exe
  2⤵
  PID:3348
- C:\Windows\System\cmjhcss.exe
  C:\Windows\System\cmjhcss.exe
  2⤵
  PID:3400
- C:\Windows\System\LbEKUtR.exe
  C:\Windows\System\LbEKUtR.exe
  2⤵
  PID:3416
- C:\Windows\System\fBVzDrP.exe
  C:\Windows\System\fBVzDrP.exe
  2⤵
  PID:3448
- C:\Windows\System\zFxjehS.exe
  C:\Windows\System\zFxjehS.exe
  2⤵
  PID:3480
- C:\Windows\System\MRKKJfr.exe
  C:\Windows\System\MRKKJfr.exe
  2⤵
  PID:3512
- C:\Windows\System\FODVCgA.exe
  C:\Windows\System\FODVCgA.exe
  2⤵
  PID:3544
- C:\Windows\System\yjnlRhM.exe
  C:\Windows\System\yjnlRhM.exe
  2⤵
  PID:3604
- C:\Windows\System\VHMmgLI.exe
  C:\Windows\System\VHMmgLI.exe
  2⤵
  PID:3572
- C:\Windows\System\nbPftjj.exe
  C:\Windows\System\nbPftjj.exe
  2⤵
  PID:3640
- C:\Windows\System\ghyRcEa.exe
  C:\Windows\System\ghyRcEa.exe
  2⤵
  PID:3672
- C:\Windows\System\QaWfhTq.exe
  C:\Windows\System\QaWfhTq.exe
  2⤵
  PID:3704
- C:\Windows\System\kCciNWN.exe
  C:\Windows\System\kCciNWN.exe
  2⤵
  PID:3780
- C:\Windows\System\NjZtQmR.exe
  C:\Windows\System\NjZtQmR.exe
  2⤵
  PID:3768
- C:\Windows\System\vPRmUpZ.exe
  C:\Windows\System\vPRmUpZ.exe
  2⤵
  PID:3844
- C:\Windows\System\oPjEZeQ.exe
  C:\Windows\System\oPjEZeQ.exe
  2⤵
  PID:3876
- C:\Windows\System\LabAjZC.exe
  C:\Windows\System\LabAjZC.exe
  2⤵
  PID:3880
- C:\Windows\System\ugKrDVU.exe
  C:\Windows\System\ugKrDVU.exe
  2⤵
  PID:3896
- C:\Windows\System\gQfULIU.exe
  C:\Windows\System\gQfULIU.exe
  2⤵
  PID:3928
- C:\Windows\System\HUyqydA.exe
  C:\Windows\System\HUyqydA.exe
  2⤵
  PID:3960
- C:\Windows\System\mrZREqg.exe
  C:\Windows\System\mrZREqg.exe
  2⤵
  PID:3992
- C:\Windows\System\LyyARwg.exe
  C:\Windows\System\LyyARwg.exe
  2⤵
  PID:4024
- C:\Windows\System\TqvVbsG.exe
  C:\Windows\System\TqvVbsG.exe
  2⤵
  PID:4072
- C:\Windows\System\qKKBTZS.exe
  C:\Windows\System\qKKBTZS.exe
  2⤵
  PID:4088
- C:\Windows\System\DuxfkZZ.exe
  C:\Windows\System\DuxfkZZ.exe
  2⤵
  PID:2972
- C:\Windows\System\MNCfDNL.exe
  C:\Windows\System\MNCfDNL.exe
  2⤵
  PID:2960
- C:\Windows\System\KgRnbNJ.exe
  C:\Windows\System\KgRnbNJ.exe
  2⤵
  PID:2348
- C:\Windows\System\FuHobzR.exe
  C:\Windows\System\FuHobzR.exe
  2⤵
  PID:3036
- C:\Windows\System\OVXagll.exe
  C:\Windows\System\OVXagll.exe
  2⤵
  PID:3208
- C:\Windows\System\JtrtTIS.exe
  C:\Windows\System\JtrtTIS.exe
  2⤵
  PID:3160
- C:\Windows\System\NaLXXxj.exe
  C:\Windows\System\NaLXXxj.exe
  2⤵
  PID:3224
- C:\Windows\System\BnjdlET.exe
  C:\Windows\System\BnjdlET.exe
  2⤵
  PID:3288
- C:\Windows\System\uPSGAEi.exe
  C:\Windows\System\uPSGAEi.exe
  2⤵
  PID:3464
- C:\Windows\System\nwgSbgF.exe
  C:\Windows\System\nwgSbgF.exe
  2⤵
  PID:3528
- C:\Windows\System\XuZKBHE.exe
  C:\Windows\System\XuZKBHE.exe
  2⤵
  PID:3592
- C:\Windows\System\NPzVGyE.exe
  C:\Windows\System\NPzVGyE.exe
  2⤵
  PID:3560
- C:\Windows\System\UOiFftp.exe
  C:\Windows\System\UOiFftp.exe
  2⤵
  PID:3636
- C:\Windows\System\HNFNcSD.exe
  C:\Windows\System\HNFNcSD.exe
  2⤵
  PID:3668
- C:\Windows\System\QzjCHde.exe
  C:\Windows\System\QzjCHde.exe
  2⤵
  PID:3752
- C:\Windows\System\AYiIZNw.exe
  C:\Windows\System\AYiIZNw.exe
  2⤵
  PID:3800
- C:\Windows\System\KsqWjhH.exe
  C:\Windows\System\KsqWjhH.exe
  2⤵
  PID:3892
- C:\Windows\System\ptqYiKD.exe
  C:\Windows\System\ptqYiKD.exe
  2⤵
  PID:4040
- C:\Windows\System\JroOVPW.exe
  C:\Windows\System\JroOVPW.exe
  2⤵
  PID:4008
- C:\Windows\System\eSbOymI.exe
  C:\Windows\System\eSbOymI.exe
  2⤵
  PID:1720
- C:\Windows\System\WikmGOc.exe
  C:\Windows\System\WikmGOc.exe
  2⤵
  PID:4052
- C:\Windows\System\oNPYYUr.exe
  C:\Windows\System\oNPYYUr.exe
  2⤵
  PID:1948
- C:\Windows\System\qtIUjHv.exe
  C:\Windows\System\qtIUjHv.exe
  2⤵
  PID:3236
- C:\Windows\System\DGAzLaC.exe
  C:\Windows\System\DGAzLaC.exe
  2⤵
  PID:4112
- C:\Windows\System\OJDGcGd.exe
  C:\Windows\System\OJDGcGd.exe
  2⤵
  PID:4128
- C:\Windows\System\gckrLIj.exe
  C:\Windows\System\gckrLIj.exe
  2⤵
  PID:4144
- C:\Windows\System\xJXqzQf.exe
  C:\Windows\System\xJXqzQf.exe
  2⤵
  PID:4160
- C:\Windows\System\JQiIsYy.exe
  C:\Windows\System\JQiIsYy.exe
  2⤵
  PID:4176
- C:\Windows\System\AmmuFio.exe
  C:\Windows\System\AmmuFio.exe
  2⤵
  PID:4192
- C:\Windows\System\GtFBqot.exe
  C:\Windows\System\GtFBqot.exe
  2⤵
  PID:4208
- C:\Windows\System\ouPrOos.exe
  C:\Windows\System\ouPrOos.exe
  2⤵
  PID:4224
- C:\Windows\System\NZgVzQo.exe
  C:\Windows\System\NZgVzQo.exe
  2⤵
  PID:4240
- C:\Windows\System\fSqMbwm.exe
  C:\Windows\System\fSqMbwm.exe
  2⤵
  PID:4256
- C:\Windows\System\bmNaLwH.exe
  C:\Windows\System\bmNaLwH.exe
  2⤵
  PID:4272
- C:\Windows\System\FXvRkaa.exe
  C:\Windows\System\FXvRkaa.exe
  2⤵
  PID:4288
- C:\Windows\System\lkrOMpj.exe
  C:\Windows\System\lkrOMpj.exe
  2⤵
  PID:4304
- C:\Windows\System\GKIOeiB.exe
  C:\Windows\System\GKIOeiB.exe
  2⤵
  PID:4320
- C:\Windows\System\FtyVqCm.exe
  C:\Windows\System\FtyVqCm.exe
  2⤵
  PID:4336
- C:\Windows\System\XLdXLAI.exe
  C:\Windows\System\XLdXLAI.exe
  2⤵
  PID:4352
- C:\Windows\System\FdbrVAI.exe
  C:\Windows\System\FdbrVAI.exe
  2⤵
  PID:4368
- C:\Windows\System\BmPHHqy.exe
  C:\Windows\System\BmPHHqy.exe
  2⤵
  PID:4384
- C:\Windows\System\uLZdOQb.exe
  C:\Windows\System\uLZdOQb.exe
  2⤵
  PID:4400
- C:\Windows\System\IMHZrRi.exe
  C:\Windows\System\IMHZrRi.exe
  2⤵
  PID:4416
- C:\Windows\System\KgOyOXG.exe
  C:\Windows\System\KgOyOXG.exe
  2⤵
  PID:4432
- C:\Windows\System\BENNtGH.exe
  C:\Windows\System\BENNtGH.exe
  2⤵
  PID:4448
- C:\Windows\System\PFBYZnz.exe
  C:\Windows\System\PFBYZnz.exe
  2⤵
  PID:4464
- C:\Windows\System\vAWsOxW.exe
  C:\Windows\System\vAWsOxW.exe
  2⤵
  PID:4480
- C:\Windows\System\eUfJzdt.exe
  C:\Windows\System\eUfJzdt.exe
  2⤵
  PID:4496
- C:\Windows\System\UMXOrZE.exe
  C:\Windows\System\UMXOrZE.exe
  2⤵
  PID:4512
- C:\Windows\System\AlrHrJF.exe
  C:\Windows\System\AlrHrJF.exe
  2⤵
  PID:4528
- C:\Windows\System\RGjZBhs.exe
  C:\Windows\System\RGjZBhs.exe
  2⤵
  PID:4544
- C:\Windows\System\HtCzOOA.exe
  C:\Windows\System\HtCzOOA.exe
  2⤵
  PID:4560
- C:\Windows\System\ttbENvn.exe
  C:\Windows\System\ttbENvn.exe
  2⤵
  PID:4576
- C:\Windows\System\xZhVUqV.exe
  C:\Windows\System\xZhVUqV.exe
  2⤵
  PID:4592
- C:\Windows\System\OaQxXHn.exe
  C:\Windows\System\OaQxXHn.exe
  2⤵
  PID:4608
- C:\Windows\System\XWmElGV.exe
  C:\Windows\System\XWmElGV.exe
  2⤵
  PID:4624
- C:\Windows\System\NcipKSf.exe
  C:\Windows\System\NcipKSf.exe
  2⤵
  PID:4640
- C:\Windows\System\FmhaCBF.exe
  C:\Windows\System\FmhaCBF.exe
  2⤵
  PID:4656
- C:\Windows\System\RDfgafq.exe
  C:\Windows\System\RDfgafq.exe
  2⤵
  PID:4672
- C:\Windows\System\VZEYtvw.exe
  C:\Windows\System\VZEYtvw.exe
  2⤵
  PID:4688
- C:\Windows\System\ycrLttV.exe
  C:\Windows\System\ycrLttV.exe
  2⤵
  PID:4704
- C:\Windows\System\gTYwDRL.exe
  C:\Windows\System\gTYwDRL.exe
  2⤵
  PID:4720
- C:\Windows\System\BMbxMCe.exe
  C:\Windows\System\BMbxMCe.exe
  2⤵
  PID:4736
- C:\Windows\System\ZUiuSZk.exe
  C:\Windows\System\ZUiuSZk.exe
  2⤵
  PID:4752
- C:\Windows\System\MAigsuA.exe
  C:\Windows\System\MAigsuA.exe
  2⤵
  PID:4768
- C:\Windows\System\yyNaSdA.exe
  C:\Windows\System\yyNaSdA.exe
  2⤵
  PID:4784
- C:\Windows\System\KJdfIsf.exe
  C:\Windows\System\KJdfIsf.exe
  2⤵
  PID:4800
- C:\Windows\System\iueyXOD.exe
  C:\Windows\System\iueyXOD.exe
  2⤵
  PID:4816
- C:\Windows\System\eMyMYbP.exe
  C:\Windows\System\eMyMYbP.exe
  2⤵
  PID:4832
- C:\Windows\System\hBjZSmY.exe
  C:\Windows\System\hBjZSmY.exe
  2⤵
  PID:4848
- C:\Windows\System\gbKxWfd.exe
  C:\Windows\System\gbKxWfd.exe
  2⤵
  PID:4864
- C:\Windows\System\GyDpMSt.exe
  C:\Windows\System\GyDpMSt.exe
  2⤵
  PID:4880
- C:\Windows\System\XjFNCEP.exe
  C:\Windows\System\XjFNCEP.exe
  2⤵
  PID:4896
- C:\Windows\System\pqvZIDP.exe
  C:\Windows\System\pqvZIDP.exe
  2⤵
  PID:4912
- C:\Windows\System\yLgFPzC.exe
  C:\Windows\System\yLgFPzC.exe
  2⤵
  PID:4928
- C:\Windows\System\UBfbrXP.exe
  C:\Windows\System\UBfbrXP.exe
  2⤵
  PID:4944
- C:\Windows\System\LAdIcAQ.exe
  C:\Windows\System\LAdIcAQ.exe
  2⤵
  PID:4960
- C:\Windows\System\gRVEbAF.exe
  C:\Windows\System\gRVEbAF.exe
  2⤵
  PID:4976
- C:\Windows\System\YuXHqUl.exe
  C:\Windows\System\YuXHqUl.exe
  2⤵
  PID:4992
- C:\Windows\System\dhqwqqd.exe
  C:\Windows\System\dhqwqqd.exe
  2⤵
  PID:5008
- C:\Windows\System\uEwpzDz.exe
  C:\Windows\System\uEwpzDz.exe
  2⤵
  PID:5024
- C:\Windows\System\nvutSZN.exe
  C:\Windows\System\nvutSZN.exe
  2⤵
  PID:5040
- C:\Windows\System\pqaJKiD.exe
  C:\Windows\System\pqaJKiD.exe
  2⤵
  PID:5056
- C:\Windows\System\fWUfKTs.exe
  C:\Windows\System\fWUfKTs.exe
  2⤵
  PID:5072
- C:\Windows\System\bUtKnJp.exe
  C:\Windows\System\bUtKnJp.exe
  2⤵
  PID:5088
- C:\Windows\System\JmyQlhY.exe
  C:\Windows\System\JmyQlhY.exe
  2⤵
  PID:5104
- C:\Windows\System\uKSjsZs.exe
  C:\Windows\System\uKSjsZs.exe
  2⤵
  PID:3336
- C:\Windows\System\pApaHJJ.exe
  C:\Windows\System\pApaHJJ.exe
  2⤵
  PID:3384
- C:\Windows\System\CMEZCIo.exe
  C:\Windows\System\CMEZCIo.exe
  2⤵
  PID:3540
- C:\Windows\System\HolcOTD.exe
  C:\Windows\System\HolcOTD.exe
  2⤵
  PID:3624
- C:\Windows\System\DwTaQQx.exe
  C:\Windows\System\DwTaQQx.exe
  2⤵
  PID:3828
- C:\Windows\System\XsCeEum.exe
  C:\Windows\System\XsCeEum.exe
  2⤵
  PID:3864
- C:\Windows\System\RHkxgry.exe
  C:\Windows\System\RHkxgry.exe
  2⤵
  PID:3944
- C:\Windows\System\VvEikra.exe
  C:\Windows\System\VvEikra.exe
  2⤵
  PID:348
- C:\Windows\System\NRsYuVB.exe
  C:\Windows\System\NRsYuVB.exe
  2⤵
  PID:3172
- C:\Windows\System\ZfhfIRM.exe
  C:\Windows\System\ZfhfIRM.exe
  2⤵
  PID:4136
- C:\Windows\System\sLKtAVx.exe
  C:\Windows\System\sLKtAVx.exe
  2⤵
  PID:4168
- C:\Windows\System\XLwOpBt.exe
  C:\Windows\System\XLwOpBt.exe
  2⤵
  PID:4184
- C:\Windows\System\IWVZRUH.exe
  C:\Windows\System\IWVZRUH.exe
  2⤵
  PID:4232
- C:\Windows\System\QGnWoSK.exe
  C:\Windows\System\QGnWoSK.exe
  2⤵
  PID:4248
- C:\Windows\System\ukZHFga.exe
  C:\Windows\System\ukZHFga.exe
  2⤵
  PID:4280
- C:\Windows\System\dRxQvbj.exe
  C:\Windows\System\dRxQvbj.exe
  2⤵
  PID:4328
- C:\Windows\System\uDvlgDa.exe
  C:\Windows\System\uDvlgDa.exe
  2⤵
  PID:4360
- C:\Windows\System\xWdXNms.exe
  C:\Windows\System\xWdXNms.exe
  2⤵
  PID:4392
- C:\Windows\System\vvHTUoF.exe
  C:\Windows\System\vvHTUoF.exe
  2⤵
  PID:4380
- C:\Windows\System\XzBmXhf.exe
  C:\Windows\System\XzBmXhf.exe
  2⤵
  PID:4456
- C:\Windows\System\shOgziY.exe
  C:\Windows\System\shOgziY.exe
  2⤵
  PID:4472
- C:\Windows\System\atBQkkl.exe
  C:\Windows\System\atBQkkl.exe
  2⤵
  PID:4504
- C:\Windows\System\iyEtIKO.exe
  C:\Windows\System\iyEtIKO.exe
  2⤵
  PID:4552
- C:\Windows\System\mqOtjsS.exe
  C:\Windows\System\mqOtjsS.exe
  2⤵
  PID:4584
- C:\Windows\System\OVzzYpP.exe
  C:\Windows\System\OVzzYpP.exe
  2⤵
  PID:4600
- C:\Windows\System\IcHmCAs.exe
  C:\Windows\System\IcHmCAs.exe
  2⤵
  PID:4632
- C:\Windows\System\NwrZnzH.exe
  C:\Windows\System\NwrZnzH.exe
  2⤵
  PID:4664
- C:\Windows\System\rTTklWI.exe
  C:\Windows\System\rTTklWI.exe
  2⤵
  PID:4696
- C:\Windows\System\hXSzTDb.exe
  C:\Windows\System\hXSzTDb.exe
  2⤵
  PID:4700
- C:\Windows\System\Tyjmmxl.exe
  C:\Windows\System\Tyjmmxl.exe
  2⤵
  PID:4776
- C:\Windows\System\GtWoGVy.exe
  C:\Windows\System\GtWoGVy.exe
  2⤵
  PID:4808
- C:\Windows\System\bhChWLi.exe
  C:\Windows\System\bhChWLi.exe
  2⤵
  PID:4824
- C:\Windows\System\aCxwaxs.exe
  C:\Windows\System\aCxwaxs.exe
  2⤵
  PID:4872
- C:\Windows\System\Iemymor.exe
  C:\Windows\System\Iemymor.exe
  2⤵
  PID:4904
- C:\Windows\System\oVoKjqo.exe
  C:\Windows\System\oVoKjqo.exe
  2⤵
  PID:4920
- C:\Windows\System\fNQdxLc.exe
  C:\Windows\System\fNQdxLc.exe
  2⤵
  PID:4924
- C:\Windows\System\sFHhqkh.exe
  C:\Windows\System\sFHhqkh.exe
  2⤵
  PID:5000
- C:\Windows\System\wcghTds.exe
  C:\Windows\System\wcghTds.exe
  2⤵
  PID:5032
- C:\Windows\System\kmlCifz.exe
  C:\Windows\System\kmlCifz.exe
  2⤵
  PID:5064
- C:\Windows\System\BWBfklf.exe
  C:\Windows\System\BWBfklf.exe
  2⤵
  PID:5096
- C:\Windows\System\UdpLztp.exe
  C:\Windows\System\UdpLztp.exe
  2⤵
  PID:3300
- C:\Windows\System\ryboVnc.exe
  C:\Windows\System\ryboVnc.exe
  2⤵
  PID:3476
- C:\Windows\System\CghEyMW.exe
  C:\Windows\System\CghEyMW.exe
  2⤵
  PID:3748
- C:\Windows\System\jLzaPfj.exe
  C:\Windows\System\jLzaPfj.exe
  2⤵
  PID:4020
- C:\Windows\System\QewhdJH.exe
  C:\Windows\System\QewhdJH.exe
  2⤵
  PID:3144
- C:\Windows\System\zhbGyFM.exe
  C:\Windows\System\zhbGyFM.exe
  2⤵
  PID:4172
- C:\Windows\System\NApUnIX.exe
  C:\Windows\System\NApUnIX.exe
  2⤵
  PID:4124
- C:\Windows\System\VcsbMDZ.exe
  C:\Windows\System\VcsbMDZ.exe
  2⤵
  PID:4268
- C:\Windows\System\TGvnASL.exe
  C:\Windows\System\TGvnASL.exe
  2⤵
  PID:4344
- C:\Windows\System\qKODgHj.exe
  C:\Windows\System\qKODgHj.exe
  2⤵
  PID:4316
- C:\Windows\System\fFaYSBg.exe
  C:\Windows\System\fFaYSBg.exe
  2⤵
  PID:4312
- C:\Windows\System\BkdczUG.exe
  C:\Windows\System\BkdczUG.exe
  2⤵
  PID:4508
- C:\Windows\System\nZfaxuN.exe
  C:\Windows\System\nZfaxuN.exe
  2⤵
  PID:4568
- C:\Windows\System\sohxfEC.exe
  C:\Windows\System\sohxfEC.exe
  2⤵
  PID:4524
- C:\Windows\System\pfYxdVz.exe
  C:\Windows\System\pfYxdVz.exe
  2⤵
  PID:4732
- C:\Windows\System\OkevhjW.exe
  C:\Windows\System\OkevhjW.exe
  2⤵
  PID:4744
- C:\Windows\System\NoFDgCI.exe
  C:\Windows\System\NoFDgCI.exe
  2⤵
  PID:4856
- C:\Windows\System\oGGOvut.exe
  C:\Windows\System\oGGOvut.exe
  2⤵
  PID:4892
- C:\Windows\System\vPnoRdK.exe
  C:\Windows\System\vPnoRdK.exe
  2⤵
  PID:4972
- C:\Windows\System\LxRWGjd.exe
  C:\Windows\System\LxRWGjd.exe
  2⤵
  PID:4988
- C:\Windows\System\AxXNVAN.exe
  C:\Windows\System\AxXNVAN.exe
  2⤵
  PID:5084
- C:\Windows\System\BROcSYT.exe
  C:\Windows\System\BROcSYT.exe
  2⤵
  PID:3688
- C:\Windows\System\GOuckWL.exe
  C:\Windows\System\GOuckWL.exe
  2⤵
  PID:3832
- C:\Windows\System\KRSEZxk.exe
  C:\Windows\System\KRSEZxk.exe
  2⤵
  PID:5136
- C:\Windows\System\yStlMLB.exe
  C:\Windows\System\yStlMLB.exe
  2⤵
  PID:5152
- C:\Windows\System\mpfLoPH.exe
  C:\Windows\System\mpfLoPH.exe
  2⤵
  PID:5168
- C:\Windows\System\HaGDDXq.exe
  C:\Windows\System\HaGDDXq.exe
  2⤵
  PID:5184
- C:\Windows\System\EEyCSBV.exe
  C:\Windows\System\EEyCSBV.exe
  2⤵
  PID:5200
- C:\Windows\System\IOqgHea.exe
  C:\Windows\System\IOqgHea.exe
  2⤵
  PID:5216
- C:\Windows\System\OuhegMK.exe
  C:\Windows\System\OuhegMK.exe
  2⤵
  PID:5232
- C:\Windows\System\lRiMfJR.exe
  C:\Windows\System\lRiMfJR.exe
  2⤵
  PID:5248
- C:\Windows\System\RkxqYlY.exe
  C:\Windows\System\RkxqYlY.exe
  2⤵
  PID:5264
- C:\Windows\System\KOjgdFp.exe
  C:\Windows\System\KOjgdFp.exe
  2⤵
  PID:5280
- C:\Windows\System\EEVmyLo.exe
  C:\Windows\System\EEVmyLo.exe
  2⤵
  PID:5296
- C:\Windows\System\mSrdzOn.exe
  C:\Windows\System\mSrdzOn.exe
  2⤵
  PID:5312
- C:\Windows\System\RYKDAEV.exe
  C:\Windows\System\RYKDAEV.exe
  2⤵
  PID:5328
- C:\Windows\System\SdLtnop.exe
  C:\Windows\System\SdLtnop.exe
  2⤵
  PID:5344
- C:\Windows\System\stdIyzd.exe
  C:\Windows\System\stdIyzd.exe
  2⤵
  PID:5360
- C:\Windows\System\sGSWCIt.exe
  C:\Windows\System\sGSWCIt.exe
  2⤵
  PID:5376
- C:\Windows\System\NKdKSVo.exe
  C:\Windows\System\NKdKSVo.exe
  2⤵
  PID:5392
- C:\Windows\System\GunibCk.exe
  C:\Windows\System\GunibCk.exe
  2⤵
  PID:5408
- C:\Windows\System\BAGvtOq.exe
  C:\Windows\System\BAGvtOq.exe
  2⤵
  PID:5424
- C:\Windows\System\TOBfbbQ.exe
  C:\Windows\System\TOBfbbQ.exe
  2⤵
  PID:5440
- C:\Windows\System\nLqEOth.exe
  C:\Windows\System\nLqEOth.exe
  2⤵
  PID:5456
- C:\Windows\System\iullvGs.exe
  C:\Windows\System\iullvGs.exe
  2⤵
  PID:5472
- C:\Windows\System\CISalFE.exe
  C:\Windows\System\CISalFE.exe
  2⤵
  PID:5488
- C:\Windows\System\pZWKfoT.exe
  C:\Windows\System\pZWKfoT.exe
  2⤵
  PID:5504
- C:\Windows\System\WOdCwtR.exe
  C:\Windows\System\WOdCwtR.exe
  2⤵
  PID:5520
- C:\Windows\System\pUZtKST.exe
  C:\Windows\System\pUZtKST.exe
  2⤵
  PID:5536
- C:\Windows\System\VZyQeEk.exe
  C:\Windows\System\VZyQeEk.exe
  2⤵
  PID:5552
- C:\Windows\System\SdFrnJz.exe
  C:\Windows\System\SdFrnJz.exe
  2⤵
  PID:5568
- C:\Windows\System\kOymkZZ.exe
  C:\Windows\System\kOymkZZ.exe
  2⤵
  PID:5584
- C:\Windows\System\UQtBeIE.exe
  C:\Windows\System\UQtBeIE.exe
  2⤵
  PID:5600
- C:\Windows\System\naekpji.exe
  C:\Windows\System\naekpji.exe
  2⤵
  PID:5616
- C:\Windows\System\YlZoHhX.exe
  C:\Windows\System\YlZoHhX.exe
  2⤵
  PID:5632
- C:\Windows\System\EPNMLnx.exe
  C:\Windows\System\EPNMLnx.exe
  2⤵
  PID:5648
- C:\Windows\System\PdzGvXh.exe
  C:\Windows\System\PdzGvXh.exe
  2⤵
  PID:5664
- C:\Windows\System\QtYRHRn.exe
  C:\Windows\System\QtYRHRn.exe
  2⤵
  PID:5680
- C:\Windows\System\XXHdnzI.exe
  C:\Windows\System\XXHdnzI.exe
  2⤵
  PID:5696
- C:\Windows\System\nbaWwEI.exe
  C:\Windows\System\nbaWwEI.exe
  2⤵
  PID:5712
- C:\Windows\System\uTGvyjn.exe
  C:\Windows\System\uTGvyjn.exe
  2⤵
  PID:5728
- C:\Windows\System\japKXzj.exe
  C:\Windows\System\japKXzj.exe
  2⤵
  PID:5744
- C:\Windows\System\VMTTXyH.exe
  C:\Windows\System\VMTTXyH.exe
  2⤵
  PID:5760
- C:\Windows\System\wbDlUmi.exe
  C:\Windows\System\wbDlUmi.exe
  2⤵
  PID:5776
- C:\Windows\System\nTlwNzf.exe
  C:\Windows\System\nTlwNzf.exe
  2⤵
  PID:5792
- C:\Windows\System\Ezjvdnp.exe
  C:\Windows\System\Ezjvdnp.exe
  2⤵
  PID:5808
- C:\Windows\System\ketnvhc.exe
  C:\Windows\System\ketnvhc.exe
  2⤵
  PID:5824
- C:\Windows\System\OFZsgsr.exe
  C:\Windows\System\OFZsgsr.exe
  2⤵
  PID:5840
- C:\Windows\System\hHUQDAg.exe
  C:\Windows\System\hHUQDAg.exe
  2⤵
  PID:5856
- C:\Windows\System\dapiYsp.exe
  C:\Windows\System\dapiYsp.exe
  2⤵
  PID:5872
- C:\Windows\System\uYENYnc.exe
  C:\Windows\System\uYENYnc.exe
  2⤵
  PID:5888
- C:\Windows\System\WFMldRa.exe
  C:\Windows\System\WFMldRa.exe
  2⤵
  PID:5904
- C:\Windows\System\frmbABJ.exe
  C:\Windows\System\frmbABJ.exe
  2⤵
  PID:5920
- C:\Windows\System\BhYXUGI.exe
  C:\Windows\System\BhYXUGI.exe
  2⤵
  PID:5936
- C:\Windows\System\RxAhYKo.exe
  C:\Windows\System\RxAhYKo.exe
  2⤵
  PID:5952
- C:\Windows\System\EHjtmTq.exe
  C:\Windows\System\EHjtmTq.exe
  2⤵
  PID:5968
- C:\Windows\System\PmxXPml.exe
  C:\Windows\System\PmxXPml.exe
  2⤵
  PID:5984
- C:\Windows\System\oqoiZJU.exe
  C:\Windows\System\oqoiZJU.exe
  2⤵
  PID:6000
- C:\Windows\System\yJyWzcJ.exe
  C:\Windows\System\yJyWzcJ.exe
  2⤵
  PID:6016
- C:\Windows\System\MFhJxun.exe
  C:\Windows\System\MFhJxun.exe
  2⤵
  PID:6032
- C:\Windows\System\uAovBpW.exe
  C:\Windows\System\uAovBpW.exe
  2⤵
  PID:6048
- C:\Windows\System\XzVEhPK.exe
  C:\Windows\System\XzVEhPK.exe
  2⤵
  PID:6064
- C:\Windows\System\UbAKlkR.exe
  C:\Windows\System\UbAKlkR.exe
  2⤵
  PID:6080
- C:\Windows\System\OAUpzTr.exe
  C:\Windows\System\OAUpzTr.exe
  2⤵
  PID:6096
- C:\Windows\System\KUFHszk.exe
  C:\Windows\System\KUFHszk.exe
  2⤵
  PID:6112
- C:\Windows\System\PRiUwAW.exe
  C:\Windows\System\PRiUwAW.exe
  2⤵
  PID:6128
- C:\Windows\System\QMXLRCP.exe
  C:\Windows\System\QMXLRCP.exe
  2⤵
  PID:1076
- C:\Windows\System\ofgCTSP.exe
  C:\Windows\System\ofgCTSP.exe
  2⤵
  PID:4284
- C:\Windows\System\jAyfSJa.exe
  C:\Windows\System\jAyfSJa.exe
  2⤵
  PID:4396
- C:\Windows\System\NfnQpuh.exe
  C:\Windows\System\NfnQpuh.exe
  2⤵
  PID:4476
- C:\Windows\System\pNWkiCh.exe
  C:\Windows\System\pNWkiCh.exe
  2⤵
  PID:4444
- C:\Windows\System\kdapuEQ.exe
  C:\Windows\System\kdapuEQ.exe
  2⤵
  PID:4796
- C:\Windows\System\TouCNKA.exe
  C:\Windows\System\TouCNKA.exe
  2⤵
  PID:4844
- C:\Windows\System\mTguxeh.exe
  C:\Windows\System\mTguxeh.exe
  2⤵
  PID:5016
- C:\Windows\System\rXHtDua.exe
  C:\Windows\System\rXHtDua.exe
  2⤵
  PID:5068
- C:\Windows\System\RWsinAw.exe
  C:\Windows\System\RWsinAw.exe
  2⤵
  PID:3576
- C:\Windows\System\EyHrGia.exe
  C:\Windows\System\EyHrGia.exe
  2⤵
  PID:5148
- C:\Windows\System\KKJZUIL.exe
  C:\Windows\System\KKJZUIL.exe
  2⤵
  PID:5180
- C:\Windows\System\MnSHuot.exe
  C:\Windows\System\MnSHuot.exe
  2⤵
  PID:5224
- C:\Windows\System\eJgVrOm.exe
  C:\Windows\System\eJgVrOm.exe
  2⤵
  PID:5244
- C:\Windows\System\WssuBuR.exe
  C:\Windows\System\WssuBuR.exe
  2⤵
  PID:5288
- C:\Windows\System\YIIajTA.exe
  C:\Windows\System\YIIajTA.exe
  2⤵
  PID:5308
- C:\Windows\System\hgHROKx.exe
  C:\Windows\System\hgHROKx.exe
  2⤵
  PID:5352
- C:\Windows\System\nyPbMzZ.exe
  C:\Windows\System\nyPbMzZ.exe
  2⤵
  PID:5384
- C:\Windows\System\iegmxNi.exe
  C:\Windows\System\iegmxNi.exe
  2⤵
  PID:5404
- C:\Windows\System\DBCVBQp.exe
  C:\Windows\System\DBCVBQp.exe
  2⤵
  PID:5436
- C:\Windows\System\yjgCVKS.exe
  C:\Windows\System\yjgCVKS.exe
  2⤵
  PID:5468
- C:\Windows\System\psqQdrl.exe
  C:\Windows\System\psqQdrl.exe
  2⤵
  PID:5500
- C:\Windows\System\zUPzYHl.exe
  C:\Windows\System\zUPzYHl.exe
  2⤵
  PID:5532
- C:\Windows\System\XtkbVfi.exe
  C:\Windows\System\XtkbVfi.exe
  2⤵
  PID:5564
- C:\Windows\System\bkswHAF.exe
  C:\Windows\System\bkswHAF.exe
  2⤵
  PID:5596
- C:\Windows\System\LENFoeE.exe
  C:\Windows\System\LENFoeE.exe
  2⤵
  PID:5640
- C:\Windows\System\VQhWWTA.exe
  C:\Windows\System\VQhWWTA.exe
  2⤵
  PID:5672
- C:\Windows\System\pOtbWnS.exe
  C:\Windows\System\pOtbWnS.exe
  2⤵
  PID:5704
- C:\Windows\System\XVltpUi.exe
  C:\Windows\System\XVltpUi.exe
  2⤵
  PID:5736
- C:\Windows\System\dkdCIqr.exe
  C:\Windows\System\dkdCIqr.exe
  2⤵
  PID:5768
- C:\Windows\System\ZlYhxCu.exe
  C:\Windows\System\ZlYhxCu.exe
  2⤵
  PID:5800
- C:\Windows\System\fbnaHSb.exe
  C:\Windows\System\fbnaHSb.exe
  2⤵
  PID:5832
- C:\Windows\System\KdnSxEO.exe
  C:\Windows\System\KdnSxEO.exe
  2⤵
  PID:5864
- C:\Windows\System\LMWeiYJ.exe
  C:\Windows\System\LMWeiYJ.exe
  2⤵
  PID:5896
- C:\Windows\System\QirvCZF.exe
  C:\Windows\System\QirvCZF.exe
  2⤵
  PID:5928
- C:\Windows\System\eNDhkHd.exe
  C:\Windows\System\eNDhkHd.exe
  2⤵
  PID:5948
- C:\Windows\System\LobMioI.exe
  C:\Windows\System\LobMioI.exe
  2⤵
  PID:5980
- C:\Windows\System\CCUgNCu.exe
  C:\Windows\System\CCUgNCu.exe
  2⤵
  PID:6012
- C:\Windows\System\nKhaDYF.exe
  C:\Windows\System\nKhaDYF.exe
  2⤵
  PID:6044
- C:\Windows\System\jOPRaZy.exe
  C:\Windows\System\jOPRaZy.exe
  2⤵
  PID:6088
- C:\Windows\System\QZgEect.exe
  C:\Windows\System\QZgEect.exe
  2⤵
  PID:6108
- C:\Windows\System\GvOyqjU.exe
  C:\Windows\System\GvOyqjU.exe
  2⤵
  PID:3956
- C:\Windows\System\nnSBGGZ.exe
  C:\Windows\System\nnSBGGZ.exe
  2⤵
  PID:4412
- C:\Windows\System\PJPcOVw.exe
  C:\Windows\System\PJPcOVw.exe
  2⤵
  PID:4668
- C:\Windows\System\HefBnfe.exe
  C:\Windows\System\HefBnfe.exe
  2⤵
  PID:4860
- C:\Windows\System\weXuVGV.exe
  C:\Windows\System\weXuVGV.exe
  2⤵
  PID:3252
- C:\Windows\System\JkucJRC.exe
  C:\Windows\System\JkucJRC.exe
  2⤵
  PID:5164
- C:\Windows\System\oByKcCW.exe
  C:\Windows\System\oByKcCW.exe
  2⤵
  PID:5208
- C:\Windows\System\PsCGVMj.exe
  C:\Windows\System\PsCGVMj.exe
  2⤵
  PID:5292
- C:\Windows\System\fLBycGa.exe
  C:\Windows\System\fLBycGa.exe
  2⤵
  PID:5356
- C:\Windows\System\vbyHYES.exe
  C:\Windows\System\vbyHYES.exe
  2⤵
  PID:5420
- C:\Windows\System\GRLfUHa.exe
  C:\Windows\System\GRLfUHa.exe
  2⤵
  PID:5484
- C:\Windows\System\nPUplKc.exe
  C:\Windows\System\nPUplKc.exe
  2⤵
  PID:5548
- C:\Windows\System\qBZDNQZ.exe
  C:\Windows\System\qBZDNQZ.exe
  2⤵
  PID:5612
- C:\Windows\System\xrvRCVQ.exe
  C:\Windows\System\xrvRCVQ.exe
  2⤵
  PID:5688
- C:\Windows\System\mLZLNmC.exe
  C:\Windows\System\mLZLNmC.exe
  2⤵
  PID:5752
- C:\Windows\System\JIMRtxw.exe
  C:\Windows\System\JIMRtxw.exe
  2⤵
  PID:5788
- C:\Windows\System\vXKmEZs.exe
  C:\Windows\System\vXKmEZs.exe
  2⤵
  PID:5852
- C:\Windows\System\BycxMwk.exe
  C:\Windows\System\BycxMwk.exe
  2⤵
  PID:5916
- C:\Windows\System\LgvscTQ.exe
  C:\Windows\System\LgvscTQ.exe
  2⤵
  PID:6008
- C:\Windows\System\CCHztqc.exe
  C:\Windows\System\CCHztqc.exe
  2⤵
  PID:6072
- C:\Windows\System\YizJVtu.exe
  C:\Windows\System\YizJVtu.exe
  2⤵
  PID:6136
- C:\Windows\System\rLllndi.exe
  C:\Windows\System\rLllndi.exe
  2⤵
  PID:4540
- C:\Windows\System\OEYLNJt.exe
  C:\Windows\System\OEYLNJt.exe
  2⤵
  PID:5020
- C:\Windows\System\ZGzDMok.exe
  C:\Windows\System\ZGzDMok.exe
  2⤵
  PID:6156
- C:\Windows\System\jKLTIGK.exe
  C:\Windows\System\jKLTIGK.exe
  2⤵
  PID:6172
- C:\Windows\System\pQZPPTO.exe
  C:\Windows\System\pQZPPTO.exe
  2⤵
  PID:6188
- C:\Windows\System\bIMDTsu.exe
  C:\Windows\System\bIMDTsu.exe
  2⤵
  PID:6204
- C:\Windows\System\vbjkAln.exe
  C:\Windows\System\vbjkAln.exe
  2⤵
  PID:6220
- C:\Windows\System\qRVdmSc.exe
  C:\Windows\System\qRVdmSc.exe
  2⤵
  PID:6236
- C:\Windows\System\hjZutoT.exe
  C:\Windows\System\hjZutoT.exe
  2⤵
  PID:6252
- C:\Windows\System\OmCZCQc.exe
  C:\Windows\System\OmCZCQc.exe
  2⤵
  PID:6268
- C:\Windows\System\QcwTgNI.exe
  C:\Windows\System\QcwTgNI.exe
  2⤵
  PID:6284
- C:\Windows\System\OGcxQrV.exe
  C:\Windows\System\OGcxQrV.exe
  2⤵
  PID:6300
- C:\Windows\System\uHtuGzu.exe
  C:\Windows\System\uHtuGzu.exe
  2⤵
  PID:6316
- C:\Windows\System\fcIiDQT.exe
  C:\Windows\System\fcIiDQT.exe
  2⤵
  PID:6332
- C:\Windows\System\nGjtnGf.exe
  C:\Windows\System\nGjtnGf.exe
  2⤵
  PID:6348
- C:\Windows\System\hzlALFU.exe
  C:\Windows\System\hzlALFU.exe
  2⤵
  PID:6368
- C:\Windows\System\pzktrav.exe
  C:\Windows\System\pzktrav.exe
  2⤵
  PID:6384
- C:\Windows\System\FUhKeET.exe
  C:\Windows\System\FUhKeET.exe
  2⤵
  PID:6400
- C:\Windows\System\IyDpQGX.exe
  C:\Windows\System\IyDpQGX.exe
  2⤵
  PID:6416
- C:\Windows\System\scrAhAR.exe
  C:\Windows\System\scrAhAR.exe
  2⤵
  PID:6432
- C:\Windows\System\aNHGdIb.exe
  C:\Windows\System\aNHGdIb.exe
  2⤵
  PID:6448
- C:\Windows\System\nDekqQy.exe
  C:\Windows\System\nDekqQy.exe
  2⤵
  PID:6464
- C:\Windows\System\vWpQFUA.exe
  C:\Windows\System\vWpQFUA.exe
  2⤵
  PID:6480
- C:\Windows\System\yoJEZXe.exe
  C:\Windows\System\yoJEZXe.exe
  2⤵
  PID:6496
- C:\Windows\System\LtVWeHc.exe
  C:\Windows\System\LtVWeHc.exe
  2⤵
  PID:6512
- C:\Windows\System\YEMjDUw.exe
  C:\Windows\System\YEMjDUw.exe
  2⤵
  PID:6528
- C:\Windows\System\EPywczV.exe
  C:\Windows\System\EPywczV.exe
  2⤵
  PID:6544
- C:\Windows\System\YgaXCna.exe
  C:\Windows\System\YgaXCna.exe
  2⤵
  PID:6560
- C:\Windows\System\tDKikof.exe
  C:\Windows\System\tDKikof.exe
  2⤵
  PID:6576
- C:\Windows\System\nLTPnrd.exe
  C:\Windows\System\nLTPnrd.exe
  2⤵
  PID:6592
- C:\Windows\System\CqydFvU.exe
  C:\Windows\System\CqydFvU.exe
  2⤵
  PID:6608
- C:\Windows\System\kaDGExI.exe
  C:\Windows\System\kaDGExI.exe
  2⤵
  PID:6624
- C:\Windows\System\gOTyBXa.exe
  C:\Windows\System\gOTyBXa.exe
  2⤵
  PID:6640
- C:\Windows\System\ZfRiPFY.exe
  C:\Windows\System\ZfRiPFY.exe
  2⤵
  PID:6656
- C:\Windows\System\aplUQhC.exe
  C:\Windows\System\aplUQhC.exe
  2⤵
  PID:6672
- C:\Windows\System\mKwrFhE.exe
  C:\Windows\System\mKwrFhE.exe
  2⤵
  PID:6688
- C:\Windows\System\WtwLQjx.exe
  C:\Windows\System\WtwLQjx.exe
  2⤵
  PID:6704
- C:\Windows\System\AVNCacg.exe
  C:\Windows\System\AVNCacg.exe
  2⤵
  PID:6720
- C:\Windows\System\MPmynNA.exe
  C:\Windows\System\MPmynNA.exe
  2⤵
  PID:6736
- C:\Windows\System\soyyCHC.exe
  C:\Windows\System\soyyCHC.exe
  2⤵
  PID:6752
- C:\Windows\System\GUoqVvO.exe
  C:\Windows\System\GUoqVvO.exe
  2⤵
  PID:6768
- C:\Windows\System\sHYgAvl.exe
  C:\Windows\System\sHYgAvl.exe
  2⤵
  PID:6784
- C:\Windows\System\GDQfhgs.exe
  C:\Windows\System\GDQfhgs.exe
  2⤵
  PID:6800
- C:\Windows\System\GUrGbEe.exe
  C:\Windows\System\GUrGbEe.exe
  2⤵
  PID:6816
- C:\Windows\System\MyNNtNH.exe
  C:\Windows\System\MyNNtNH.exe
  2⤵
  PID:6832
- C:\Windows\System\RXuBrtp.exe
  C:\Windows\System\RXuBrtp.exe
  2⤵
  PID:6848
- C:\Windows\System\SQfTNUg.exe
  C:\Windows\System\SQfTNUg.exe
  2⤵
  PID:6864
- C:\Windows\System\VLMiQbs.exe
  C:\Windows\System\VLMiQbs.exe
  2⤵
  PID:6880
- C:\Windows\System\rpxlElP.exe
  C:\Windows\System\rpxlElP.exe
  2⤵
  PID:6896
- C:\Windows\System\UPPwjVj.exe
  C:\Windows\System\UPPwjVj.exe
  2⤵
  PID:6912
- C:\Windows\System\ZxQlnoI.exe
  C:\Windows\System\ZxQlnoI.exe
  2⤵
  PID:6928
- C:\Windows\System\WoDeqcm.exe
  C:\Windows\System\WoDeqcm.exe
  2⤵
  PID:6944
- C:\Windows\System\ogkuBPz.exe
  C:\Windows\System\ogkuBPz.exe
  2⤵
  PID:6960
- C:\Windows\System\iZNgGXi.exe
  C:\Windows\System\iZNgGXi.exe
  2⤵
  PID:6976
- C:\Windows\System\mDelxTI.exe
  C:\Windows\System\mDelxTI.exe
  2⤵
  PID:6992
- C:\Windows\System\isnShvJ.exe
  C:\Windows\System\isnShvJ.exe
  2⤵
  PID:7008
- C:\Windows\System\mhJZCWU.exe
  C:\Windows\System\mhJZCWU.exe
  2⤵
  PID:7024
- C:\Windows\System\nRUOpvj.exe
  C:\Windows\System\nRUOpvj.exe
  2⤵
  PID:7040
- C:\Windows\System\njiJQMI.exe
  C:\Windows\System\njiJQMI.exe
  2⤵
  PID:7056
- C:\Windows\System\yRxapYw.exe
  C:\Windows\System\yRxapYw.exe
  2⤵
  PID:7072
- C:\Windows\System\TifDWPS.exe
  C:\Windows\System\TifDWPS.exe
  2⤵
  PID:7088
- C:\Windows\System\zpFQvQN.exe
  C:\Windows\System\zpFQvQN.exe
  2⤵
  PID:7104
- C:\Windows\System\pDDjjBW.exe
  C:\Windows\System\pDDjjBW.exe
  2⤵
  PID:7120
- C:\Windows\System\EUBGwdH.exe
  C:\Windows\System\EUBGwdH.exe
  2⤵
  PID:7136
- C:\Windows\System\quacrlY.exe
  C:\Windows\System\quacrlY.exe
  2⤵
  PID:7152
- C:\Windows\System\SdDBhqH.exe
  C:\Windows\System\SdDBhqH.exe
  2⤵
  PID:5144
- C:\Windows\System\RcaMjAr.exe
  C:\Windows\System\RcaMjAr.exe
  2⤵
  PID:5272
- C:\Windows\System\aIIsAnl.exe
  C:\Windows\System\aIIsAnl.exe
  2⤵
  PID:5452
- C:\Windows\System\vWJTWNq.exe
  C:\Windows\System\vWJTWNq.exe
  2⤵
  PID:5580
- C:\Windows\System\cWQyiws.exe
  C:\Windows\System\cWQyiws.exe
  2⤵
  PID:5720
- C:\Windows\System\KPaoEUc.exe
  C:\Windows\System\KPaoEUc.exe
  2⤵
  PID:5848
- C:\Windows\System\DOpXTmX.exe
  C:\Windows\System\DOpXTmX.exe
  2⤵
  PID:5976
- C:\Windows\System\yNTrptx.exe
  C:\Windows\System\yNTrptx.exe
  2⤵
  PID:6104
- C:\Windows\System\fmJoJKO.exe
  C:\Windows\System\fmJoJKO.exe
  2⤵
  PID:4764
- C:\Windows\System\gagaBNU.exe
  C:\Windows\System\gagaBNU.exe
  2⤵
  PID:6152
- C:\Windows\System\QZKGoSx.exe
  C:\Windows\System\QZKGoSx.exe
  2⤵
  PID:6196
- C:\Windows\System\xbFnEYN.exe
  C:\Windows\System\xbFnEYN.exe
  2⤵
  PID:6228
- C:\Windows\System\KCjgmhw.exe
  C:\Windows\System\KCjgmhw.exe
  2⤵
  PID:6260
- C:\Windows\System\TkKmmbk.exe
  C:\Windows\System\TkKmmbk.exe
  2⤵
  PID:6292
- C:\Windows\System\fYmscTx.exe
  C:\Windows\System\fYmscTx.exe
  2⤵
  PID:6324
- C:\Windows\System\vvsNrpu.exe
  C:\Windows\System\vvsNrpu.exe
  2⤵
  PID:6356
- C:\Windows\System\jmUGZaR.exe
  C:\Windows\System\jmUGZaR.exe
  2⤵
  PID:6392
- C:\Windows\System\qQOniFO.exe
  C:\Windows\System\qQOniFO.exe
  2⤵
  PID:6424
- C:\Windows\System\PIYTQuF.exe
  C:\Windows\System\PIYTQuF.exe
  2⤵
  PID:6456
- C:\Windows\System\oNIIEzL.exe
  C:\Windows\System\oNIIEzL.exe
  2⤵
  PID:6488
- C:\Windows\System\zdKYwHt.exe
  C:\Windows\System\zdKYwHt.exe
  2⤵
  PID:6508
- C:\Windows\System\cLrRdPZ.exe
  C:\Windows\System\cLrRdPZ.exe
  2⤵
  PID:6540
- C:\Windows\System\GBxCNKR.exe
  C:\Windows\System\GBxCNKR.exe
  2⤵
  PID:6584
- C:\Windows\System\xrPughF.exe
  C:\Windows\System\xrPughF.exe
  2⤵
  PID:6616
- C:\Windows\System\StuZLdV.exe
  C:\Windows\System\StuZLdV.exe
  2⤵
  PID:6636
- C:\Windows\System\PmDkJbC.exe
  C:\Windows\System\PmDkJbC.exe
  2⤵
  PID:6668
- C:\Windows\System\meOBOEg.exe
  C:\Windows\System\meOBOEg.exe
  2⤵
  PID:6712
- C:\Windows\System\ypmNlFD.exe
  C:\Windows\System\ypmNlFD.exe
  2⤵
  PID:6744
- C:\Windows\System\UMlwkyC.exe
  C:\Windows\System\UMlwkyC.exe
  2⤵
  PID:6764
- C:\Windows\System\oWxRQmm.exe
  C:\Windows\System\oWxRQmm.exe
  2⤵
  PID:6796
- C:\Windows\System\KhNcdWV.exe
  C:\Windows\System\KhNcdWV.exe
  2⤵
  PID:6840
- C:\Windows\System\PYpYOGs.exe
  C:\Windows\System\PYpYOGs.exe
  2⤵
  PID:6856
- C:\Windows\System\OphiCoE.exe
  C:\Windows\System\OphiCoE.exe
  2⤵
  PID:6888
- C:\Windows\System\lWvsfYI.exe
  C:\Windows\System\lWvsfYI.exe
  2⤵
  PID:6920
- C:\Windows\System\JfXzqKS.exe
  C:\Windows\System\JfXzqKS.exe
  2⤵
  PID:6952
- C:\Windows\System\sWTSpJt.exe
  C:\Windows\System\sWTSpJt.exe
  2⤵
  PID:6984
- C:\Windows\System\AFvsNvx.exe
  C:\Windows\System\AFvsNvx.exe
  2⤵
  PID:7016
- C:\Windows\System\ZENfLCb.exe
  C:\Windows\System\ZENfLCb.exe
  2⤵
  PID:7048
- C:\Windows\System\QPDyDWv.exe
  C:\Windows\System\QPDyDWv.exe
  2⤵
  PID:7080
- C:\Windows\System\IvyUglg.exe
  C:\Windows\System\IvyUglg.exe
  2⤵
  PID:7112
- C:\Windows\System\xDWpEOv.exe
  C:\Windows\System\xDWpEOv.exe
  2⤵
  PID:7144
- C:\Windows\System\bVdqUyt.exe
  C:\Windows\System\bVdqUyt.exe
  2⤵
  PID:5228
- C:\Windows\System\WYOKCCo.exe
  C:\Windows\System\WYOKCCo.exe
  2⤵
  PID:5516
- C:\Windows\System\hyaAPAA.exe
  C:\Windows\System\hyaAPAA.exe
  2⤵
  PID:5784
- C:\Windows\System\JalAYDY.exe
  C:\Windows\System\JalAYDY.exe
  2⤵
  PID:6040
- C:\Windows\System\CJsXWuZ.exe
  C:\Windows\System\CJsXWuZ.exe
  2⤵
  PID:6148
- C:\Windows\System\MxxPLai.exe
  C:\Windows\System\MxxPLai.exe
  2⤵
  PID:1712
- C:\Windows\System\YvjTset.exe
  C:\Windows\System\YvjTset.exe
  2⤵
  PID:6248
- C:\Windows\System\saXtUtq.exe
  C:\Windows\System\saXtUtq.exe
  2⤵
  PID:6312
- C:\Windows\System\LxuBhxS.exe
  C:\Windows\System\LxuBhxS.exe
  2⤵
  PID:6380
- C:\Windows\System\YTHNfqt.exe
  C:\Windows\System\YTHNfqt.exe
  2⤵
  PID:6444
- C:\Windows\System\hooMGLc.exe
  C:\Windows\System\hooMGLc.exe
  2⤵
  PID:6520
- C:\Windows\System\pxLfQsn.exe
  C:\Windows\System\pxLfQsn.exe
  2⤵
  PID:6572
- C:\Windows\System\JKNgcBr.exe
  C:\Windows\System\JKNgcBr.exe
  2⤵
  PID:6652
- C:\Windows\System\JHUPOUa.exe
  C:\Windows\System\JHUPOUa.exe
  2⤵
  PID:6716
- C:\Windows\System\dviublp.exe
  C:\Windows\System\dviublp.exe
  2⤵
  PID:6780
- C:\Windows\System\KxdpfVx.exe
  C:\Windows\System\KxdpfVx.exe
  2⤵
  PID:6844
- C:\Windows\System\vqzSASK.exe
  C:\Windows\System\vqzSASK.exe
  2⤵
  PID:6892
- C:\Windows\System\icZFNfY.exe
  C:\Windows\System\icZFNfY.exe
  2⤵
  PID:6956
- C:\Windows\System\XkrfKqb.exe
  C:\Windows\System\XkrfKqb.exe
  2⤵
  PID:7032
- C:\Windows\System\lmjyTYi.exe
  C:\Windows\System\lmjyTYi.exe
  2⤵
  PID:7096
- C:\Windows\System\wakDfMg.exe
  C:\Windows\System\wakDfMg.exe
  2⤵
  PID:7160
- C:\Windows\System\rLzQrEy.exe
  C:\Windows\System\rLzQrEy.exe
  2⤵
  PID:5656
- C:\Windows\System\PeeRIPF.exe
  C:\Windows\System\PeeRIPF.exe
  2⤵
  PID:4300
- C:\Windows\System\GvImPYB.exe
  C:\Windows\System\GvImPYB.exe
  2⤵
  PID:6244
- C:\Windows\System\HCOfGRs.exe
  C:\Windows\System\HCOfGRs.exe
  2⤵
  PID:6344
- C:\Windows\System\mDWMaQE.exe
  C:\Windows\System\mDWMaQE.exe
  2⤵
  PID:6476
- C:\Windows\System\JGnKkXq.exe
  C:\Windows\System\JGnKkXq.exe
  2⤵
  PID:7184
- C:\Windows\System\vkjrliY.exe
  C:\Windows\System\vkjrliY.exe
  2⤵
  PID:7200
- C:\Windows\System\RVDCrjB.exe
  C:\Windows\System\RVDCrjB.exe
  2⤵
  PID:7216
- C:\Windows\System\OXMFJnH.exe
  C:\Windows\System\OXMFJnH.exe
  2⤵
  PID:7232
- C:\Windows\System\xERdtrQ.exe
  C:\Windows\System\xERdtrQ.exe
  2⤵
  PID:7248
- C:\Windows\System\FtatKRw.exe
  C:\Windows\System\FtatKRw.exe
  2⤵
  PID:7264
- C:\Windows\System\qFhLTUq.exe
  C:\Windows\System\qFhLTUq.exe
  2⤵
  PID:7280
- C:\Windows\System\GFOLfCd.exe
  C:\Windows\System\GFOLfCd.exe
  2⤵
  PID:7296
- C:\Windows\System\NNyHlhE.exe
  C:\Windows\System\NNyHlhE.exe
  2⤵
  PID:7312
- C:\Windows\System\EBGPaIc.exe
  C:\Windows\System\EBGPaIc.exe
  2⤵
  PID:7328
- C:\Windows\System\DPmKUxp.exe
  C:\Windows\System\DPmKUxp.exe
  2⤵
  PID:7344
- C:\Windows\System\wunWtLv.exe
  C:\Windows\System\wunWtLv.exe
  2⤵
  PID:7360
- C:\Windows\System\zmMybNH.exe
  C:\Windows\System\zmMybNH.exe
  2⤵
  PID:7376
- C:\Windows\System\tSMlpjT.exe
  C:\Windows\System\tSMlpjT.exe
  2⤵
  PID:7392
- C:\Windows\System\PPqFdhv.exe
  C:\Windows\System\PPqFdhv.exe
  2⤵
  PID:7408
- C:\Windows\System\OKHWSAc.exe
  C:\Windows\System\OKHWSAc.exe
  2⤵
  PID:7424
- C:\Windows\System\GYiqCyg.exe
  C:\Windows\System\GYiqCyg.exe
  2⤵
  PID:7440
- C:\Windows\System\knCBCnN.exe
  C:\Windows\System\knCBCnN.exe
  2⤵
  PID:7456
- C:\Windows\System\SvLFODa.exe
  C:\Windows\System\SvLFODa.exe
  2⤵
  PID:7472
- C:\Windows\System\IygZCel.exe
  C:\Windows\System\IygZCel.exe
  2⤵
  PID:7488
- C:\Windows\System\mhIHLxr.exe
  C:\Windows\System\mhIHLxr.exe
  2⤵
  PID:7504
- C:\Windows\System\RRBQHnS.exe
  C:\Windows\System\RRBQHnS.exe
  2⤵
  PID:7520
- C:\Windows\System\RlcivNd.exe
  C:\Windows\System\RlcivNd.exe
  2⤵
  PID:7536
- C:\Windows\System\UybyuxK.exe
  C:\Windows\System\UybyuxK.exe
  2⤵
  PID:7552
- C:\Windows\System\AwazlKq.exe
  C:\Windows\System\AwazlKq.exe
  2⤵
  PID:7568
- C:\Windows\System\DubnLzt.exe
  C:\Windows\System\DubnLzt.exe
  2⤵
  PID:7584
- C:\Windows\System\gYBsOsA.exe
  C:\Windows\System\gYBsOsA.exe
  2⤵
  PID:7600
- C:\Windows\System\ebuWGeV.exe
  C:\Windows\System\ebuWGeV.exe
  2⤵
  PID:7616
- C:\Windows\System\AhjLnjP.exe
  C:\Windows\System\AhjLnjP.exe
  2⤵
  PID:7632
- C:\Windows\System\RJnkLoH.exe
  C:\Windows\System\RJnkLoH.exe
  2⤵
  PID:7648
- C:\Windows\System\GiUZjZP.exe
  C:\Windows\System\GiUZjZP.exe
  2⤵
  PID:7664
- C:\Windows\System\yFNONTh.exe
  C:\Windows\System\yFNONTh.exe
  2⤵
  PID:7680
- C:\Windows\System\zZYtULM.exe
  C:\Windows\System\zZYtULM.exe
  2⤵
  PID:7696
- C:\Windows\System\SBUnxMc.exe
  C:\Windows\System\SBUnxMc.exe
  2⤵
  PID:7712
- C:\Windows\System\vfrvJnC.exe
  C:\Windows\System\vfrvJnC.exe
  2⤵
  PID:7728
- C:\Windows\System\bSUbSbq.exe
  C:\Windows\System\bSUbSbq.exe
  2⤵
  PID:7744
- C:\Windows\System\NSAiSos.exe
  C:\Windows\System\NSAiSos.exe
  2⤵
  PID:7760
- C:\Windows\System\bJFOzUJ.exe
  C:\Windows\System\bJFOzUJ.exe
  2⤵
  PID:7776
- C:\Windows\System\jYYjUmv.exe
  C:\Windows\System\jYYjUmv.exe
  2⤵
  PID:7796
- C:\Windows\System\CmmswbW.exe
  C:\Windows\System\CmmswbW.exe
  2⤵
  PID:7812
- C:\Windows\System\jhYyjXB.exe
  C:\Windows\System\jhYyjXB.exe
  2⤵
  PID:7828
- C:\Windows\System\hoEbfAc.exe
  C:\Windows\System\hoEbfAc.exe
  2⤵
  PID:7844
- C:\Windows\System\rbvHZMZ.exe
  C:\Windows\System\rbvHZMZ.exe
  2⤵
  PID:7860
- C:\Windows\System\SKplOvM.exe
  C:\Windows\System\SKplOvM.exe
  2⤵
  PID:7876
- C:\Windows\System\cAxTQWR.exe
  C:\Windows\System\cAxTQWR.exe
  2⤵
  PID:7892
- C:\Windows\System\sngGYoK.exe
  C:\Windows\System\sngGYoK.exe
  2⤵
  PID:7908
- C:\Windows\System\XBHmAZa.exe
  C:\Windows\System\XBHmAZa.exe
  2⤵
  PID:7924
- C:\Windows\System\EpxDSwl.exe
  C:\Windows\System\EpxDSwl.exe
  2⤵
  PID:7940
- C:\Windows\System\suxldCM.exe
  C:\Windows\System\suxldCM.exe
  2⤵
  PID:7956
- C:\Windows\System\iRgWnIS.exe
  C:\Windows\System\iRgWnIS.exe
  2⤵
  PID:7972
- C:\Windows\System\lGGNFqW.exe
  C:\Windows\System\lGGNFqW.exe
  2⤵
  PID:7988
- C:\Windows\System\bGQUfwO.exe
  C:\Windows\System\bGQUfwO.exe
  2⤵
  PID:8004
- C:\Windows\System\gxnPQWg.exe
  C:\Windows\System\gxnPQWg.exe
  2⤵
  PID:8020
- C:\Windows\System\dAKWXKV.exe
  C:\Windows\System\dAKWXKV.exe
  2⤵
  PID:8036
- C:\Windows\System\vWccgle.exe
  C:\Windows\System\vWccgle.exe
  2⤵
  PID:8052
- C:\Windows\System\LVvTwjj.exe
  C:\Windows\System\LVvTwjj.exe
  2⤵
  PID:8068
- C:\Windows\System\rcEnuVA.exe
  C:\Windows\System\rcEnuVA.exe
  2⤵
  PID:8084
- C:\Windows\System\CntxAmS.exe
  C:\Windows\System\CntxAmS.exe
  2⤵
  PID:8100
- C:\Windows\System\QHoRCbh.exe
  C:\Windows\System\QHoRCbh.exe
  2⤵
  PID:8116
- C:\Windows\System\BCYDaAm.exe
  C:\Windows\System\BCYDaAm.exe
  2⤵
  PID:8132
- C:\Windows\System\MapDOTf.exe
  C:\Windows\System\MapDOTf.exe
  2⤵
  PID:8148
- C:\Windows\System\fIuuPFX.exe
  C:\Windows\System\fIuuPFX.exe
  2⤵
  PID:8164
- C:\Windows\System\TxRiaSm.exe
  C:\Windows\System\TxRiaSm.exe
  2⤵
  PID:8180
- C:\Windows\System\rtvTrBG.exe
  C:\Windows\System\rtvTrBG.exe
  2⤵
  PID:6552
- C:\Windows\System\NoqgBad.exe
  C:\Windows\System\NoqgBad.exe
  2⤵
  PID:6620
- C:\Windows\System\tuOlZqB.exe
  C:\Windows\System\tuOlZqB.exe
  2⤵
  PID:6812
- C:\Windows\System\pVVgtCy.exe
  C:\Windows\System\pVVgtCy.exe
  2⤵
  PID:6908
- C:\Windows\System\xAaVIHw.exe
  C:\Windows\System\xAaVIHw.exe
  2⤵
  PID:7064
- C:\Windows\System\HjrUjIw.exe
  C:\Windows\System\HjrUjIw.exe
  2⤵
  PID:7164
- C:\Windows\System\DOElDHa.exe
  C:\Windows\System\DOElDHa.exe
  2⤵
  PID:6164
- C:\Windows\System\eHIcJlN.exe
  C:\Windows\System\eHIcJlN.exe
  2⤵
  PID:6412
- C:\Windows\System\loXXFFY.exe
  C:\Windows\System\loXXFFY.exe
  2⤵
  PID:7180
- C:\Windows\System\pYVzFqL.exe
  C:\Windows\System\pYVzFqL.exe
  2⤵
  PID:7224
- C:\Windows\System\wLBQDOg.exe
  C:\Windows\System\wLBQDOg.exe
  2⤵
  PID:7256
- C:\Windows\System\UtQFFPd.exe
  C:\Windows\System\UtQFFPd.exe
  2⤵
  PID:7276
- C:\Windows\System\LXrYPRS.exe
  C:\Windows\System\LXrYPRS.exe
  2⤵
  PID:7308
- C:\Windows\System\CawvTcC.exe
  C:\Windows\System\CawvTcC.exe
  2⤵
  PID:7340
- C:\Windows\System\EFKTFsM.exe
  C:\Windows\System\EFKTFsM.exe
  2⤵
  PID:7384
- C:\Windows\System\udVRQgu.exe
  C:\Windows\System\udVRQgu.exe
  2⤵
  PID:7416
- C:\Windows\System\azIbSKP.exe
  C:\Windows\System\azIbSKP.exe
  2⤵
  PID:7436
- C:\Windows\System\gJKTyyQ.exe
  C:\Windows\System\gJKTyyQ.exe
  2⤵
  PID:7480
- C:\Windows\System\tFZLZef.exe
  C:\Windows\System\tFZLZef.exe
  2⤵
  PID:7500
- C:\Windows\System\gIRlzqD.exe
  C:\Windows\System\gIRlzqD.exe
  2⤵
  PID:7528
- C:\Windows\System\pTCZoBL.exe
  C:\Windows\System\pTCZoBL.exe
  2⤵
  PID:7560
- C:\Windows\System\ubwymDv.exe
  C:\Windows\System\ubwymDv.exe
  2⤵
  PID:7592
- C:\Windows\System\sCCRxsn.exe
  C:\Windows\System\sCCRxsn.exe
  2⤵
  PID:7624
- C:\Windows\System\pcRAumi.exe
  C:\Windows\System\pcRAumi.exe
  2⤵
  PID:7656
- C:\Windows\System\jEBpErv.exe
  C:\Windows\System\jEBpErv.exe
  2⤵
  PID:7688
- C:\Windows\System\PVhAwLV.exe
  C:\Windows\System\PVhAwLV.exe
  2⤵
  PID:7720
- C:\Windows\System\hLgSRKh.exe
  C:\Windows\System\hLgSRKh.exe
  2⤵
  PID:7752
- C:\Windows\System\AcwKjQR.exe
  C:\Windows\System\AcwKjQR.exe
  2⤵
  PID:7784
- C:\Windows\System\xKQGkTG.exe
  C:\Windows\System\xKQGkTG.exe
  2⤵
  PID:7820
- C:\Windows\System\DLEPpSY.exe
  C:\Windows\System\DLEPpSY.exe
  2⤵
  PID:7856
- C:\Windows\System\QbCybvD.exe
  C:\Windows\System\QbCybvD.exe
  2⤵
  PID:7888
- C:\Windows\System\KvhDUch.exe
  C:\Windows\System\KvhDUch.exe
  2⤵
  PID:7932
- C:\Windows\System\XuARfUz.exe
  C:\Windows\System\XuARfUz.exe
  2⤵
  PID:7948
- C:\Windows\System\DTyyCKn.exe
  C:\Windows\System\DTyyCKn.exe
  2⤵
  PID:7980
- C:\Windows\System\PRZEBPY.exe
  C:\Windows\System\PRZEBPY.exe
  2⤵
  PID:8000
- C:\Windows\System\xomeWkB.exe
  C:\Windows\System\xomeWkB.exe
  2⤵
  PID:8032
- C:\Windows\System\gpgWQWm.exe
  C:\Windows\System\gpgWQWm.exe
  2⤵
  PID:8064
- C:\Windows\System\MVSiOGJ.exe
  C:\Windows\System\MVSiOGJ.exe
  2⤵
  PID:8096
- C:\Windows\System\Fpmiprn.exe
  C:\Windows\System\Fpmiprn.exe
  2⤵
  PID:8128
- C:\Windows\System\ZiExRcr.exe
  C:\Windows\System\ZiExRcr.exe
  2⤵
  PID:2728
- C:\Windows\System\jxICVsD.exe
  C:\Windows\System\jxICVsD.exe
  2⤵
  PID:8176
- C:\Windows\System\SmoXCii.exe
  C:\Windows\System\SmoXCii.exe
  2⤵
  PID:6684
- C:\Windows\System\WqiUuOl.exe
  C:\Windows\System\WqiUuOl.exe
  2⤵
  PID:6876
- C:\Windows\System\IYMiEGF.exe
  C:\Windows\System\IYMiEGF.exe
  2⤵
  PID:7128
- C:\Windows\System\jUlkWOh.exe
  C:\Windows\System\jUlkWOh.exe
  2⤵
  PID:6280
- C:\Windows\System\uSeXVgC.exe
  C:\Windows\System\uSeXVgC.exe
  2⤵
  PID:7208
- C:\Windows\System\aruhTLt.exe
  C:\Windows\System\aruhTLt.exe
  2⤵
  PID:7272
- C:\Windows\System\JWzdwyw.exe
  C:\Windows\System\JWzdwyw.exe
  2⤵
  PID:7324
- C:\Windows\System\kEogsvv.exe
  C:\Windows\System\kEogsvv.exe
  2⤵
  PID:7388
- C:\Windows\System\jhDqWyE.exe
  C:\Windows\System\jhDqWyE.exe
  2⤵
  PID:7452
- C:\Windows\System\ShVLGJb.exe
  C:\Windows\System\ShVLGJb.exe
  2⤵
  PID:2808
- C:\Windows\System\CpZuovM.exe
  C:\Windows\System\CpZuovM.exe
  2⤵
  PID:7576
- C:\Windows\System\vNtzRZu.exe
  C:\Windows\System\vNtzRZu.exe
  2⤵
  PID:7628
- C:\Windows\System\YXMySxN.exe
  C:\Windows\System\YXMySxN.exe
  2⤵
  PID:7704
- C:\Windows\System\MMSHLsC.exe
  C:\Windows\System\MMSHLsC.exe
  2⤵
  PID:7756
- C:\Windows\System\UVAjpPE.exe
  C:\Windows\System\UVAjpPE.exe
  2⤵
  PID:7836
- C:\Windows\System\AMqlNCm.exe
  C:\Windows\System\AMqlNCm.exe
  2⤵
  PID:7904
- C:\Windows\System\cPzqnQp.exe
  C:\Windows\System\cPzqnQp.exe
  2⤵
  PID:7964
- C:\Windows\System\JxOlByX.exe
  C:\Windows\System\JxOlByX.exe
  2⤵
  PID:8016
- C:\Windows\System\seNzMqD.exe
  C:\Windows\System\seNzMqD.exe
  2⤵
  PID:8092
- C:\Windows\System\dYNIznk.exe
  C:\Windows\System\dYNIznk.exe
  2⤵
  PID:8124
- C:\Windows\System\HVIJgxv.exe
  C:\Windows\System\HVIJgxv.exe
  2⤵
  PID:2760
- C:\Windows\System\IIeVbyE.exe
  C:\Windows\System\IIeVbyE.exe
  2⤵
  PID:6760
- C:\Windows\System\zojzvAm.exe
  C:\Windows\System\zojzvAm.exe
  2⤵
  PID:5912
- C:\Windows\System\opUhynn.exe
  C:\Windows\System\opUhynn.exe
  2⤵
  PID:7176
- C:\Windows\System\xxfpYgn.exe
  C:\Windows\System\xxfpYgn.exe
  2⤵
  PID:7304
- C:\Windows\System\ZAdUZoc.exe
  C:\Windows\System\ZAdUZoc.exe
  2⤵
  PID:7400
- C:\Windows\System\CzxhBpi.exe
  C:\Windows\System\CzxhBpi.exe
  2⤵
  PID:7516
- C:\Windows\System\VxVirJs.exe
  C:\Windows\System\VxVirJs.exe
  2⤵
  PID:7672
- C:\Windows\System\PSZMtjy.exe
  C:\Windows\System\PSZMtjy.exe
  2⤵
  PID:7772
- C:\Windows\System\iWYJSWH.exe
  C:\Windows\System\iWYJSWH.exe
  2⤵
  PID:7916
- C:\Windows\System\apkGYlG.exe
  C:\Windows\System\apkGYlG.exe
  2⤵
  PID:8200
- C:\Windows\System\ZlKPdxD.exe
  C:\Windows\System\ZlKPdxD.exe
  2⤵
  PID:8216
- C:\Windows\System\GqeOPYO.exe
  C:\Windows\System\GqeOPYO.exe
  2⤵
  PID:8232
- C:\Windows\System\vqTNUOn.exe
  C:\Windows\System\vqTNUOn.exe
  2⤵
  PID:8248
- C:\Windows\System\OxTEJZV.exe
  C:\Windows\System\OxTEJZV.exe
  2⤵
  PID:8264
- C:\Windows\System\hZDcNhc.exe
  C:\Windows\System\hZDcNhc.exe
  2⤵
  PID:8280
- C:\Windows\System\AGrrZFq.exe
  C:\Windows\System\AGrrZFq.exe
  2⤵
  PID:8296
- C:\Windows\System\MyBcPyt.exe
  C:\Windows\System\MyBcPyt.exe
  2⤵
  PID:8312
- C:\Windows\System\wgrSEEX.exe
  C:\Windows\System\wgrSEEX.exe
  2⤵
  PID:8332
- C:\Windows\System\mZWExFO.exe
  C:\Windows\System\mZWExFO.exe
  2⤵
  PID:8348
- C:\Windows\System\bAwKxFA.exe
  C:\Windows\System\bAwKxFA.exe
  2⤵
  PID:8364
- C:\Windows\System\EbIutmW.exe
  C:\Windows\System\EbIutmW.exe
  2⤵
  PID:8380
- C:\Windows\System\vUUjGFX.exe
  C:\Windows\System\vUUjGFX.exe
  2⤵
  PID:8396
- C:\Windows\System\oUgeOpX.exe
  C:\Windows\System\oUgeOpX.exe
  2⤵
  PID:8412
- C:\Windows\System\ghdVKMh.exe
  C:\Windows\System\ghdVKMh.exe
  2⤵
  PID:8428
- C:\Windows\System\YqElpKn.exe
  C:\Windows\System\YqElpKn.exe
  2⤵
  PID:8444
- C:\Windows\System\gQtAdVg.exe
  C:\Windows\System\gQtAdVg.exe
  2⤵
  PID:8460
- C:\Windows\System\TlhYNsE.exe
  C:\Windows\System\TlhYNsE.exe
  2⤵
  PID:8476
- C:\Windows\System\OpdBlwr.exe
  C:\Windows\System\OpdBlwr.exe
  2⤵
  PID:8492
- C:\Windows\System\OYNfxzT.exe
  C:\Windows\System\OYNfxzT.exe
  2⤵
  PID:8508
- C:\Windows\System\hXfDGfq.exe
  C:\Windows\System\hXfDGfq.exe
  2⤵
  PID:8524
- C:\Windows\System\alFbjDk.exe
  C:\Windows\System\alFbjDk.exe
  2⤵
  PID:8540
- C:\Windows\System\mRhdHkP.exe
  C:\Windows\System\mRhdHkP.exe
  2⤵
  PID:8556
- C:\Windows\System\Qnnjufi.exe
  C:\Windows\System\Qnnjufi.exe
  2⤵
  PID:8572
- C:\Windows\System\RThCRVH.exe
  C:\Windows\System\RThCRVH.exe
  2⤵
  PID:8588
- C:\Windows\System\sFQHsVs.exe
  C:\Windows\System\sFQHsVs.exe
  2⤵
  PID:8604
- C:\Windows\System\HquHbpK.exe
  C:\Windows\System\HquHbpK.exe
  2⤵
  PID:8620
- C:\Windows\System\bVCJyMC.exe
  C:\Windows\System\bVCJyMC.exe
  2⤵
  PID:8636
- C:\Windows\System\YnHwuSj.exe
  C:\Windows\System\YnHwuSj.exe
  2⤵
  PID:8652
- C:\Windows\System\MQQRcTs.exe
  C:\Windows\System\MQQRcTs.exe
  2⤵
  PID:8668
- C:\Windows\System\CQffuWk.exe
  C:\Windows\System\CQffuWk.exe
  2⤵
  PID:8684
- C:\Windows\System\IDtJRNs.exe
  C:\Windows\System\IDtJRNs.exe
  2⤵
  PID:8700
- C:\Windows\System\tYHMSMd.exe
  C:\Windows\System\tYHMSMd.exe
  2⤵
  PID:8716
- C:\Windows\System\ljUuUSk.exe
  C:\Windows\System\ljUuUSk.exe
  2⤵
  PID:8732
- C:\Windows\System\JBhXkai.exe
  C:\Windows\System\JBhXkai.exe
  2⤵
  PID:8748
- C:\Windows\System\bpcCZPl.exe
  C:\Windows\System\bpcCZPl.exe
  2⤵
  PID:8764
- C:\Windows\System\eTeAYVF.exe
  C:\Windows\System\eTeAYVF.exe
  2⤵
  PID:8780
- C:\Windows\System\ymhobvH.exe
  C:\Windows\System\ymhobvH.exe
  2⤵
  PID:8796
- C:\Windows\System\rAXFqDV.exe
  C:\Windows\System\rAXFqDV.exe
  2⤵
  PID:8812
- C:\Windows\System\wZPEorE.exe
  C:\Windows\System\wZPEorE.exe
  2⤵
  PID:8828
- C:\Windows\System\TrgswiX.exe
  C:\Windows\System\TrgswiX.exe
  2⤵
  PID:8844
- C:\Windows\System\QqKYkJq.exe
  C:\Windows\System\QqKYkJq.exe
  2⤵
  PID:8860
- C:\Windows\System\GfoNHNP.exe
  C:\Windows\System\GfoNHNP.exe
  2⤵
  PID:8876
- C:\Windows\System\wBJVGdd.exe
  C:\Windows\System\wBJVGdd.exe
  2⤵
  PID:8892
- C:\Windows\System\LaxajRm.exe
  C:\Windows\System\LaxajRm.exe
  2⤵
  PID:8908
- C:\Windows\System\SMpiYJJ.exe
  C:\Windows\System\SMpiYJJ.exe
  2⤵
  PID:8924
- C:\Windows\System\sRIGAbn.exe
  C:\Windows\System\sRIGAbn.exe
  2⤵
  PID:8940
- C:\Windows\System\dPzHduS.exe
  C:\Windows\System\dPzHduS.exe
  2⤵
  PID:9044
- C:\Windows\System\dYIzznH.exe
  C:\Windows\System\dYIzznH.exe
  2⤵
  PID:9064
- C:\Windows\System\qOzlFWV.exe
  C:\Windows\System\qOzlFWV.exe
  2⤵
  PID:9084
- C:\Windows\System\tnMssch.exe
  C:\Windows\System\tnMssch.exe
  2⤵
  PID:9104
- C:\Windows\System\LODPOFq.exe
  C:\Windows\System\LODPOFq.exe
  2⤵
  PID:9124
- C:\Windows\System\JfHDgVb.exe
  C:\Windows\System\JfHDgVb.exe
  2⤵
  PID:9140
- C:\Windows\System\oTSRYTn.exe
  C:\Windows\System\oTSRYTn.exe
  2⤵
  PID:9156
- C:\Windows\System\oZTpmKg.exe
  C:\Windows\System\oZTpmKg.exe
  2⤵
  PID:9172
- C:\Windows\System\edQchYo.exe
  C:\Windows\System\edQchYo.exe
  2⤵
  PID:9188
- C:\Windows\System\QSmNIkQ.exe
  C:\Windows\System\QSmNIkQ.exe
  2⤵
  PID:9204
- C:\Windows\System\ubIiwQd.exe
  C:\Windows\System\ubIiwQd.exe
  2⤵
  PID:2700
- C:\Windows\System\eHeZarO.exe
  C:\Windows\System\eHeZarO.exe
  2⤵
  PID:8060
- C:\Windows\System\obEYucx.exe
  C:\Windows\System\obEYucx.exe
  2⤵
  PID:8156
- C:\Windows\System\YbTAUdi.exe
  C:\Windows\System\YbTAUdi.exe
  2⤵
  PID:764
- C:\Windows\System\tiDYnCt.exe
  C:\Windows\System\tiDYnCt.exe
  2⤵
  PID:7356
- C:\Windows\System\ixWljvW.exe
  C:\Windows\System\ixWljvW.exe
  2⤵
  PID:7596
- C:\Windows\System\xHKzvhI.exe
  C:\Windows\System\xHKzvhI.exe
  2⤵
  PID:1900
- C:\Windows\System\sgvWcWA.exe
  C:\Windows\System\sgvWcWA.exe
  2⤵
  PID:7884
- C:\Windows\System\xYutrMV.exe
  C:\Windows\System\xYutrMV.exe
  2⤵
  PID:8212
- C:\Windows\System\DawzlJY.exe
  C:\Windows\System\DawzlJY.exe
  2⤵
  PID:8244
- C:\Windows\System\ZUIEqvr.exe
  C:\Windows\System\ZUIEqvr.exe
  2⤵
  PID:2768
- C:\Windows\System\IOsRHsh.exe
  C:\Windows\System\IOsRHsh.exe
  2⤵
  PID:8276
- C:\Windows\System\pbLtIXS.exe
  C:\Windows\System\pbLtIXS.exe
  2⤵
  PID:8308
- C:\Windows\System\sCOjyYj.exe
  C:\Windows\System\sCOjyYj.exe
  2⤵
  PID:1332
- C:\Windows\System\QRaYrnq.exe
  C:\Windows\System\QRaYrnq.exe
  2⤵
  PID:8344
- C:\Windows\System\RrpIovs.exe
  C:\Windows\System\RrpIovs.exe
  2⤵
  PID:1632
- C:\Windows\System\biqcPPQ.exe
  C:\Windows\System\biqcPPQ.exe
  2⤵
  PID:8404
- C:\Windows\System\nBnNLtr.exe
  C:\Windows\System\nBnNLtr.exe
  2⤵
  PID:8420
- C:\Windows\System\CCCnNJr.exe
  C:\Windows\System\CCCnNJr.exe
  2⤵
  PID:8424
- C:\Windows\System\GONhrFX.exe
  C:\Windows\System\GONhrFX.exe
  2⤵
  PID:8472
- C:\Windows\System\SdCYJws.exe
  C:\Windows\System\SdCYJws.exe
  2⤵
  PID:1980
- C:\Windows\System\FrxaHuA.exe
  C:\Windows\System\FrxaHuA.exe
  2⤵
  PID:8520
- C:\Windows\System\dEQMhcH.exe
  C:\Windows\System\dEQMhcH.exe
  2⤵
  PID:8564
- C:\Windows\System\CXldtqY.exe
  C:\Windows\System\CXldtqY.exe
  2⤵
  PID:8580
- C:\Windows\System\rLrWIGU.exe
  C:\Windows\System\rLrWIGU.exe
  2⤵
  PID:8612
- C:\Windows\System\xOCEsyZ.exe
  C:\Windows\System\xOCEsyZ.exe
  2⤵
  PID:2004
- C:\Windows\System\VWKhljP.exe
  C:\Windows\System\VWKhljP.exe
  2⤵
  PID:8660
- C:\Windows\System\uPlMgeb.exe
  C:\Windows\System\uPlMgeb.exe
  2⤵
  PID:8692
- C:\Windows\System\CcVliUR.exe
  C:\Windows\System\CcVliUR.exe
  2⤵
  PID:8708
- C:\Windows\System\GrGrqrT.exe
  C:\Windows\System\GrGrqrT.exe
  2⤵
  PID:2896
- C:\Windows\System\oZRbPKo.exe
  C:\Windows\System\oZRbPKo.exe
  2⤵
  PID:2292
- C:\Windows\System\uQRmGgE.exe
  C:\Windows\System\uQRmGgE.exe
  2⤵
  PID:8744
- C:\Windows\System\GqvLjfZ.exe
  C:\Windows\System\GqvLjfZ.exe
  2⤵
  PID:2256
- C:\Windows\System\YoAvWHM.exe
  C:\Windows\System\YoAvWHM.exe
  2⤵
  PID:8836
- C:\Windows\System\lemozcO.exe
  C:\Windows\System\lemozcO.exe
  2⤵
  PID:8868
- C:\Windows\System\cQNaMrN.exe
  C:\Windows\System\cQNaMrN.exe
  2⤵
  PID:2432
- C:\Windows\System\DrkGoOs.exe
  C:\Windows\System\DrkGoOs.exe
  2⤵
  PID:8900
- C:\Windows\System\ijgVToZ.exe
  C:\Windows\System\ijgVToZ.exe
  2⤵
  PID:8916
- C:\Windows\System\sAarQEB.exe
  C:\Windows\System\sAarQEB.exe
  2⤵
  PID:832
- C:\Windows\System\NLespOU.exe
  C:\Windows\System\NLespOU.exe
  2⤵
  PID:2840
- C:\Windows\System\kYJGGMk.exe
  C:\Windows\System\kYJGGMk.exe
  2⤵
  PID:8980
- C:\Windows\System\lmUToxC.exe
  C:\Windows\System\lmUToxC.exe
  2⤵
  PID:9080
- C:\Windows\System\tERNBqi.exe
  C:\Windows\System\tERNBqi.exe
  2⤵
  PID:9184
- C:\Windows\System\IIuFMXl.exe
  C:\Windows\System\IIuFMXl.exe
  2⤵
  PID:9100
- C:\Windows\System\QkRqByW.exe
  C:\Windows\System\QkRqByW.exe
  2⤵
  PID:9168
- C:\Windows\System\fqEcBNZ.exe
  C:\Windows\System\fqEcBNZ.exe
  2⤵
  PID:8080
- C:\Windows\System\GRgGgjb.exe
  C:\Windows\System\GRgGgjb.exe
  2⤵
  PID:7612
- C:\Windows\System\CIcJJAA.exe
  C:\Windows\System\CIcJJAA.exe
  2⤵
  PID:7004
- C:\Windows\System\GxYIDbo.exe
  C:\Windows\System\GxYIDbo.exe
  2⤵
  PID:7740
- C:\Windows\System\KMWQWdW.exe
  C:\Windows\System\KMWQWdW.exe
  2⤵
  PID:2632
- C:\Windows\System\pCiwuTJ.exe
  C:\Windows\System\pCiwuTJ.exe
  2⤵
  PID:2876
- C:\Windows\System\BVWisWs.exe
  C:\Windows\System\BVWisWs.exe
  2⤵
  PID:8360
- C:\Windows\System\vXEbTnF.exe
  C:\Windows\System\vXEbTnF.exe
  2⤵
  PID:8484
- C:\Windows\System\SLAfLOL.exe
  C:\Windows\System\SLAfLOL.exe
  2⤵
  PID:8340
- C:\Windows\System\JgumVkR.exe
  C:\Windows\System\JgumVkR.exe
  2⤵
  PID:1300
- C:\Windows\System\sEgNdJY.exe
  C:\Windows\System\sEgNdJY.exe
  2⤵
  PID:8568
- C:\Windows\System\llmFghb.exe
  C:\Windows\System\llmFghb.exe
  2⤵
  PID:8632
- C:\Windows\System\zSHpzDw.exe
  C:\Windows\System\zSHpzDw.exe
  2⤵
  PID:8808
- C:\Windows\System\skXhppS.exe
  C:\Windows\System\skXhppS.exe
  2⤵
  PID:8584
- C:\Windows\System\HTMnvFs.exe
  C:\Windows\System\HTMnvFs.exe
  2⤵
  PID:2516
- C:\Windows\System\OHCQZCA.exe
  C:\Windows\System\OHCQZCA.exe
  2⤵
  PID:5052
- C:\Windows\System\kxyqyAb.exe
  C:\Windows\System\kxyqyAb.exe
  2⤵
  PID:8728
- C:\Windows\System\twHdVyl.exe
  C:\Windows\System\twHdVyl.exe
  2⤵
  PID:8760
- C:\Windows\System\pxcrGOn.exe
  C:\Windows\System\pxcrGOn.exe
  2⤵
  PID:8820
- C:\Windows\System\QnRediG.exe
  C:\Windows\System\QnRediG.exe
  2⤵
  PID:2928
- C:\Windows\System\rAzYfeQ.exe
  C:\Windows\System\rAzYfeQ.exe
  2⤵
  PID:2956
- C:\Windows\System\uNSlkbz.exe
  C:\Windows\System\uNSlkbz.exe
  2⤵
  PID:9164
- C:\Windows\System\qOifmIa.exe
  C:\Windows\System\qOifmIa.exe
  2⤵
  PID:7464
- C:\Windows\System\bQovHEj.exe
  C:\Windows\System\bQovHEj.exe
  2⤵
  PID:2932
- C:\Windows\System\UlyciLY.exe
  C:\Windows\System\UlyciLY.exe
  2⤵
  PID:8292
- C:\Windows\System\tWVdrEp.exe
  C:\Windows\System\tWVdrEp.exe
  2⤵
  PID:6504
- C:\Windows\System\MCJvAtx.exe
  C:\Windows\System\MCJvAtx.exe
  2⤵
  PID:8376
- C:\Windows\System\alkWwIo.exe
  C:\Windows\System\alkWwIo.exe
  2⤵
  PID:8516
- C:\Windows\System\BxYEwbW.exe
  C:\Windows\System\BxYEwbW.exe
  2⤵
  PID:2216
- C:\Windows\System\VTivwLJ.exe
  C:\Windows\System\VTivwLJ.exe
  2⤵
  PID:2120
- C:\Windows\System\nqHKTGc.exe
  C:\Windows\System\nqHKTGc.exe
  2⤵
  PID:8872
- C:\Windows\System\VxmfsXD.exe
  C:\Windows\System\VxmfsXD.exe
  2⤵
  PID:8788
- C:\Windows\System\LyQwFVv.exe
  C:\Windows\System\LyQwFVv.exe
  2⤵
  PID:876
- C:\Windows\System\ltJIXBu.exe
  C:\Windows\System\ltJIXBu.exe
  2⤵
  PID:2224
- C:\Windows\System\YZjTJsI.exe
  C:\Windows\System\YZjTJsI.exe
  2⤵
  PID:8792
- C:\Windows\System\hkEnzmK.exe
  C:\Windows\System\hkEnzmK.exe
  2⤵
  PID:8144
- C:\Windows\System\LYUsrRS.exe
  C:\Windows\System\LYUsrRS.exe
  2⤵
  PID:8304
- C:\Windows\System\GUAIumG.exe
  C:\Windows\System\GUAIumG.exe
  2⤵
  PID:9120
- C:\Windows\System\PuwVkBO.exe
  C:\Windows\System\PuwVkBO.exe
  2⤵
  PID:8388
- C:\Windows\System\zjLHJZf.exe
  C:\Windows\System\zjLHJZf.exe
  2⤵
  PID:2164
- C:\Windows\System\MJknMTB.exe
  C:\Windows\System\MJknMTB.exe
  2⤵
  PID:8596
- C:\Windows\System\eQinKuy.exe
  C:\Windows\System\eQinKuy.exe
  2⤵
  PID:8536
- C:\Windows\System\ufpnCxm.exe
  C:\Windows\System\ufpnCxm.exe
  2⤵
  PID:2676
- C:\Windows\System\cszEusA.exe
  C:\Windows\System\cszEusA.exe
  2⤵
  PID:2332
- C:\Windows\System\JSybPsT.exe
  C:\Windows\System\JSybPsT.exe
  2⤵
  PID:8856
- C:\Windows\System\rIOYyQI.exe
  C:\Windows\System\rIOYyQI.exe
  2⤵
  PID:8648
- C:\Windows\System\ECsvsZr.exe
  C:\Windows\System\ECsvsZr.exe
  2⤵
  PID:7724
- C:\Windows\System\xrVVuMi.exe
  C:\Windows\System\xrVVuMi.exe
  2⤵
  PID:2692
- C:\Windows\System\uxyvWhR.exe
  C:\Windows\System\uxyvWhR.exe
  2⤵
  PID:9220
- C:\Windows\System\dKxWXiC.exe
  C:\Windows\System\dKxWXiC.exe
  2⤵
  PID:9236
- C:\Windows\System\eRZYBiS.exe
  C:\Windows\System\eRZYBiS.exe
  2⤵
  PID:9252
- C:\Windows\System\JFvDNkm.exe
  C:\Windows\System\JFvDNkm.exe
  2⤵
  PID:9268
- C:\Windows\System\awrhUma.exe
  C:\Windows\System\awrhUma.exe
  2⤵
  PID:9284
- C:\Windows\System\SuScZtT.exe
  C:\Windows\System\SuScZtT.exe
  2⤵
  PID:9300
- C:\Windows\System\EYJetRO.exe
  C:\Windows\System\EYJetRO.exe
  2⤵
  PID:9316
- C:\Windows\System\sbPvxze.exe
  C:\Windows\System\sbPvxze.exe
  2⤵
  PID:9332
- C:\Windows\System\datwNYX.exe
  C:\Windows\System\datwNYX.exe
  2⤵
  PID:9348
- C:\Windows\System\Mewtibd.exe
  C:\Windows\System\Mewtibd.exe
  2⤵
  PID:9364
- C:\Windows\System\PSwVjLB.exe
  C:\Windows\System\PSwVjLB.exe
  2⤵
  PID:9380
- C:\Windows\System\zmUxamw.exe
  C:\Windows\System\zmUxamw.exe
  2⤵
  PID:9396
- C:\Windows\System\hWxprRe.exe
  C:\Windows\System\hWxprRe.exe
  2⤵
  PID:9412
- C:\Windows\System\TSmCWvA.exe
  C:\Windows\System\TSmCWvA.exe
  2⤵
  PID:9428
- C:\Windows\System\MXjRypw.exe
  C:\Windows\System\MXjRypw.exe
  2⤵
  PID:9444
- C:\Windows\System\kyMgXrk.exe
  C:\Windows\System\kyMgXrk.exe
  2⤵
  PID:9460
- C:\Windows\System\RQAQjeM.exe
  C:\Windows\System\RQAQjeM.exe
  2⤵
  PID:9476
- C:\Windows\System\RrcTbSJ.exe
  C:\Windows\System\RrcTbSJ.exe
  2⤵
  PID:9492
- C:\Windows\System\hEjeaMS.exe
  C:\Windows\System\hEjeaMS.exe
  2⤵
  PID:9508
- C:\Windows\System\wrcGViO.exe
  C:\Windows\System\wrcGViO.exe
  2⤵
  PID:9524
- C:\Windows\System\fqJRjFd.exe
  C:\Windows\System\fqJRjFd.exe
  2⤵
  PID:9540
- C:\Windows\System\FytwELP.exe
  C:\Windows\System\FytwELP.exe
  2⤵
  PID:9556
- C:\Windows\System\PGSsPwx.exe
  C:\Windows\System\PGSsPwx.exe
  2⤵
  PID:9572
- C:\Windows\System\PbThnuz.exe
  C:\Windows\System\PbThnuz.exe
  2⤵
  PID:9588
- C:\Windows\System\LxTmLEd.exe
  C:\Windows\System\LxTmLEd.exe
  2⤵
  PID:9604
- C:\Windows\System\jjrYoat.exe
  C:\Windows\System\jjrYoat.exe
  2⤵
  PID:9620
- C:\Windows\System\RgnjgFG.exe
  C:\Windows\System\RgnjgFG.exe
  2⤵
  PID:9636
- C:\Windows\System\QPijhZB.exe
  C:\Windows\System\QPijhZB.exe
  2⤵
  PID:9652
- C:\Windows\System\lbDSIbQ.exe
  C:\Windows\System\lbDSIbQ.exe
  2⤵
  PID:9668
- C:\Windows\System\LCDZIcU.exe
  C:\Windows\System\LCDZIcU.exe
  2⤵
  PID:9684
- C:\Windows\System\xYdyZQY.exe
  C:\Windows\System\xYdyZQY.exe
  2⤵
  PID:9700
- C:\Windows\System\CCaYHnL.exe
  C:\Windows\System\CCaYHnL.exe
  2⤵
  PID:9716
- C:\Windows\System\LBYMKtw.exe
  C:\Windows\System\LBYMKtw.exe
  2⤵
  PID:9732
- C:\Windows\System\kygCZch.exe
  C:\Windows\System\kygCZch.exe
  2⤵
  PID:9748
- C:\Windows\System\cUNbNjI.exe
  C:\Windows\System\cUNbNjI.exe
  2⤵
  PID:9764
- C:\Windows\System\gNUicLy.exe
  C:\Windows\System\gNUicLy.exe
  2⤵
  PID:9780
- C:\Windows\System\dHhPaZl.exe
  C:\Windows\System\dHhPaZl.exe
  2⤵
  PID:9796
- C:\Windows\System\Gkbgqjb.exe
  C:\Windows\System\Gkbgqjb.exe
  2⤵
  PID:9812
- C:\Windows\System\cWPBCwl.exe
  C:\Windows\System\cWPBCwl.exe
  2⤵
  PID:9828
- C:\Windows\System\cBBbUMr.exe
  C:\Windows\System\cBBbUMr.exe
  2⤵
  PID:9844
- C:\Windows\System\lcPbWsn.exe
  C:\Windows\System\lcPbWsn.exe
  2⤵
  PID:9860
- C:\Windows\System\OQuimDN.exe
  C:\Windows\System\OQuimDN.exe
  2⤵
  PID:9876
- C:\Windows\System\gBrtpzO.exe
  C:\Windows\System\gBrtpzO.exe
  2⤵
  PID:9892
- C:\Windows\System\bFkfsQt.exe
  C:\Windows\System\bFkfsQt.exe
  2⤵
  PID:9908
- C:\Windows\System\cxasCAD.exe
  C:\Windows\System\cxasCAD.exe
  2⤵
  PID:9924
- C:\Windows\System\oaPErxg.exe
  C:\Windows\System\oaPErxg.exe
  2⤵
  PID:9940
- C:\Windows\System\yYfuTpD.exe
  C:\Windows\System\yYfuTpD.exe
  2⤵
  PID:9956
- C:\Windows\System\CEdKcex.exe
  C:\Windows\System\CEdKcex.exe
  2⤵
  PID:9972
- C:\Windows\System\wGyDccM.exe
  C:\Windows\System\wGyDccM.exe
  2⤵
  PID:9988
- C:\Windows\System\bJVaYTW.exe
  C:\Windows\System\bJVaYTW.exe
  2⤵
  PID:10004
- C:\Windows\System\mlpHzXN.exe
  C:\Windows\System\mlpHzXN.exe
  2⤵
  PID:10020
- C:\Windows\System\rtXFCwf.exe
  C:\Windows\System\rtXFCwf.exe
  2⤵
  PID:10036
- C:\Windows\System\lJCxedc.exe
  C:\Windows\System\lJCxedc.exe
  2⤵
  PID:10052
- C:\Windows\System\pXibnRG.exe
  C:\Windows\System\pXibnRG.exe
  2⤵
  PID:10068
- C:\Windows\System\DQIBPcZ.exe
  C:\Windows\System\DQIBPcZ.exe
  2⤵
  PID:10084
- C:\Windows\System\CQcUlMA.exe
  C:\Windows\System\CQcUlMA.exe
  2⤵
  PID:10100
- C:\Windows\System\mIPyWBb.exe
  C:\Windows\System\mIPyWBb.exe
  2⤵
  PID:10116
- C:\Windows\System\MqJtTkR.exe
  C:\Windows\System\MqJtTkR.exe
  2⤵
  PID:10132
- C:\Windows\System\tvcKnut.exe
  C:\Windows\System\tvcKnut.exe
  2⤵
  PID:10148
- C:\Windows\System\WfUoKeA.exe
  C:\Windows\System\WfUoKeA.exe
  2⤵
  PID:10164
- C:\Windows\System\yIKtvNU.exe
  C:\Windows\System\yIKtvNU.exe
  2⤵
  PID:10180
- C:\Windows\System\DqKgPoG.exe
  C:\Windows\System\DqKgPoG.exe
  2⤵
  PID:10196
- C:\Windows\System\LSUlntv.exe
  C:\Windows\System\LSUlntv.exe
  2⤵
  PID:10212
- C:\Windows\System\DqFVaOe.exe
  C:\Windows\System\DqFVaOe.exe
  2⤵
  PID:10228
- C:\Windows\System\IHaMqQg.exe
  C:\Windows\System\IHaMqQg.exe
  2⤵
  PID:8500
- C:\Windows\System\vYbFWKE.exe
  C:\Windows\System\vYbFWKE.exe
  2⤵
  PID:9228
- C:\Windows\System\siESkep.exe
  C:\Windows\System\siESkep.exe
  2⤵
  PID:8696
- C:\Windows\System\wjsqyqb.exe
  C:\Windows\System\wjsqyqb.exe
  2⤵
  PID:9260
- C:\Windows\System\IpArdRL.exe
  C:\Windows\System\IpArdRL.exe
  2⤵
  PID:9340
- C:\Windows\System\KDulYlp.exe
  C:\Windows\System\KDulYlp.exe
  2⤵
  PID:9404
- C:\Windows\System\hRXydrL.exe
  C:\Windows\System\hRXydrL.exe
  2⤵
  PID:9436
- C:\Windows\System\ACCSSLc.exe
  C:\Windows\System\ACCSSLc.exe
  2⤵
  PID:9324
- C:\Windows\System\XuRALKT.exe
  C:\Windows\System\XuRALKT.exe
  2⤵
  PID:9536
- C:\Windows\System\NTnxarx.exe
  C:\Windows\System\NTnxarx.exe
  2⤵
  PID:9440
- C:\Windows\System\HVeMGKc.exe
  C:\Windows\System\HVeMGKc.exe
  2⤵
  PID:9456
- C:\Windows\System\biYbCTQ.exe
  C:\Windows\System\biYbCTQ.exe
  2⤵
  PID:9596
- C:\Windows\System\KTXDldp.exe
  C:\Windows\System\KTXDldp.exe
  2⤵
  PID:9612
- C:\Windows\System\PtPzguA.exe
  C:\Windows\System\PtPzguA.exe
  2⤵
  PID:9548
- C:\Windows\System\fQagysX.exe
  C:\Windows\System\fQagysX.exe
  2⤵
  PID:9648
- C:\Windows\System\DhGIVPP.exe
  C:\Windows\System\DhGIVPP.exe
  2⤵
  PID:9708
- C:\Windows\System\GeoNrEj.exe
  C:\Windows\System\GeoNrEj.exe
  2⤵
  PID:9776
- C:\Windows\System\tXxDQSa.exe
  C:\Windows\System\tXxDQSa.exe
  2⤵
  PID:9692
- C:\Windows\System\yOLRsCS.exe
  C:\Windows\System\yOLRsCS.exe
  2⤵
  PID:9756
- C:\Windows\System\WDmMdpD.exe
  C:\Windows\System\WDmMdpD.exe
  2⤵
  PID:9804
- C:\Windows\System\AOfSbND.exe
  C:\Windows\System\AOfSbND.exe
  2⤵
  PID:9856
- C:\Windows\System\rvhtlJi.exe
  C:\Windows\System\rvhtlJi.exe
  2⤵
  PID:9888
- C:\Windows\System\HZLBeKm.exe
  C:\Windows\System\HZLBeKm.exe
  2⤵
  PID:9900
- C:\Windows\System\OGSsrAq.exe
  C:\Windows\System\OGSsrAq.exe
  2⤵
  PID:9980
- C:\Windows\System\uYCxXrc.exe
  C:\Windows\System\uYCxXrc.exe
  2⤵
  PID:10016
- C:\Windows\System\RYBRics.exe
  C:\Windows\System\RYBRics.exe
  2⤵
  PID:9996
- C:\Windows\System\xcynHzO.exe
  C:\Windows\System\xcynHzO.exe
  2⤵
  PID:10064
- C:\Windows\System\UHgplVW.exe
  C:\Windows\System\UHgplVW.exe
  2⤵
  PID:10128
- C:\Windows\System\xCQJEjH.exe
  C:\Windows\System\xCQJEjH.exe
  2⤵
  PID:10160
- C:\Windows\System\poDhHkn.exe
  C:\Windows\System\poDhHkn.exe
  2⤵
  PID:10220
- C:\Windows\System\EEdUpUn.exe
  C:\Windows\System\EEdUpUn.exe
  2⤵
  PID:10140
- C:\Windows\System\kdeEyez.exe
  C:\Windows\System\kdeEyez.exe
  2⤵
  PID:10048
- C:\Windows\System\kmygmoW.exe
  C:\Windows\System\kmygmoW.exe
  2⤵
  PID:10236
- C:\Windows\System\slnqKFY.exe
  C:\Windows\System\slnqKFY.exe
  2⤵
  PID:9280
- C:\Windows\System\KfesIeO.exe
  C:\Windows\System\KfesIeO.exe
  2⤵
  PID:9232
- C:\Windows\System\niYoeNP.exe
  C:\Windows\System\niYoeNP.exe
  2⤵
  PID:9500
- C:\Windows\System\XQgYUYX.exe
  C:\Windows\System\XQgYUYX.exe
  2⤵
  PID:9328
- C:\Windows\System\VLpPBqp.exe
  C:\Windows\System\VLpPBqp.exe
  2⤵
  PID:9532
- C:\Windows\System\MNBrlUE.exe
  C:\Windows\System\MNBrlUE.exe
  2⤵
  PID:9632
- C:\Windows\System\jLqseTJ.exe
  C:\Windows\System\jLqseTJ.exe
  2⤵
  PID:9484
- C:\Windows\System\YHDciLH.exe
  C:\Windows\System\YHDciLH.exe
  2⤵
  PID:9788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AjuDUaq.exe

Filesize
6.0MB

MD5
8810dfbaa6ca90affcf4f092ffbff3c0

SHA1
4000e5186c2eb332fbfb89a10b7f7ad1750d4643

SHA256
40b0b2ee9c0afee375f0ff237c520da5995de37bcb5a588cb3028365afa9db61

SHA512
fcc0f121fe04da9114d23eabb35fcfd5326888a8c56606aba7d3ec4a1deb4f517077cf37672686e29f0ad98df09f19bbd433bef2d31a59b7e010e764d780763b

Download Submit
C:\Windows\system\ArXKxYc.exe

Filesize
6.0MB

MD5
c3d810dbb0293fb51d180988b59f02d2

SHA1
3b05f40ce59900fa2d0bbfdc41bcbf4530cbd799

SHA256
32d93ad552714f7fc020aebb8d6026ebb326432df9d41d61e70abb532add90ae

SHA512
9cd45ae72e8608feafe42921682981b564977d5679d18710998ce448b1cdb63f3274f8419a2e7b69d938e64e484b1e25a5fed4b1b2631a00f3c6d202016bfec5

Download Submit
C:\Windows\system\BYoTbpD.exe

Filesize
6.0MB

MD5
526c4f20642bfd3f0b63641a237d4009

SHA1
8a13b532200b902c01f4d4a5c2da57304e30bc11

SHA256
3fda05b5233d44f39789a05e2d354226bb38ecadcb525afe3a819e5ad1a84354

SHA512
f77ac345800c8e7a6b8e39a3f09f566be9238bd635bea7c568a69df91c1066846aa49f8ba8f888849875f3357e330ad7905cd24fcae2cf32a03ab09cc826a55a

Download Submit
C:\Windows\system\FDoAhMk.exe

Filesize
6.0MB

MD5
ae9c8c800e2fe5b15ed0f2b1e6e475ce

SHA1
79d6b6a314c0d8ef455e3613c2014c6c05551b26

SHA256
e06b8306ba662a659558ce9fe0c423c27bdff11656ac2b12493422ac9212cafc

SHA512
003a5595a90d3c2025d13b8330e2b2ba0f1821e97ac3d1faaf08243033a9528e98c182b1709c074a6d2ac23c3dd0bee2d2a64c8376bf44482f642dbc1ddca4ce

Download Submit
C:\Windows\system\FnKmQjY.exe

Filesize
6.0MB

MD5
b977726c7c44af012ce9f48550e6f678

SHA1
3266134d757e99cd3d4cb5866c01dee248823913

SHA256
eaaa141927c911bdb2d17fee73964f6246bd0ce5c003a85aff4d1ea37445254d

SHA512
85bc4884776b5a8a4dc2b6fd5115bc0e0f93c6de6e0bdd54c5d32be5017efa4004d1ff179a9ff80ffa9ac737f5df72e585057eebb07d2fe15cd3851ff6126751

Download Submit
C:\Windows\system\GgZAXDE.exe

Filesize
6.0MB

MD5
74d56d6cfad16acd9a3449da681185e1

SHA1
1cbb82c2d7087422e36d69d3a671371e0e387adf

SHA256
634ad500fd543186866e7476bdf21c57d8b267a734365415ece16be7ecb91685

SHA512
47499e448101566d887ea662e929f1a57083335fa1a6b74054061c5431a0782a18e01af919d4b502be795323f81d2031e929b626ebb50f24186cd1a4826c5c76

Download Submit
C:\Windows\system\IAauIAY.exe

Filesize
6.0MB

MD5
5146faa1c2c3100c801bac42686cec28

SHA1
e976cfb0f2eca48371be00133abebc05e3120baf

SHA256
9567ebc78cc5d6ef78f77f3a7e4d23c362d8b8cc300fb1387db1741bd7ef87eb

SHA512
3b61b9cc164dee0d4412447edb0367639a8a5c2f08fdae589f2bb423b4958238670585764e173b1e50310ad4a91df077405833ccce9e64a267c39e4cb304a210

Download Submit
C:\Windows\system\LgQePUB.exe

Filesize
6.0MB

MD5
563accece113a43bfb0c49f1173ff7a8

SHA1
3f1d8a087d1bddb2d60967a9da04a13f97a4fdc8

SHA256
2f1d2daee6b952ed511b73bda48f6b09aec25fa69717d763f3fc40131bcd4c83

SHA512
e85ba1e68c106e94f3f95ff1b842aac527525b25b4a64d572d5e9b4848055ae8c4c5b788b38c913dffa605ffa32afbe8fb296e25970cf6be21e14957f810f180

Download Submit
C:\Windows\system\OCDUwwU.exe

Filesize
6.0MB

MD5
04684f3fe08796ee5b19683b81041286

SHA1
f29dd0afdb7d1b66beec018aa5ab4956abf8d75f

SHA256
fa11cd9e9c6c222b0316561f23cbe90f33e7720076f2ac1264476a4738cf00b2

SHA512
17b63aae3a76b9a310cdc30c05be9b8e4c3836f4eb1ca78f1d52929e2e22c396d3a982943fa94f3ac7ad3b18ce2affafc3aeb1fb290c09128557c5f0ad0a2701

Download Submit
C:\Windows\system\OKWowJf.exe

Filesize
6.0MB

MD5
d5541c0fe72ecdf8f268aeb2ef4f7988

SHA1
a50bec67b5e20605955543a7825f27065cc91843

SHA256
0c91116b3ca3c0d5e2552edbe9f79935d699885b56ca90675674a2f57fed11d6

SHA512
beeef54d28b743b783421797df149d37c79ecba1863165b5398f8d2ac76378cd13098699ec15ce41469d70663f7451c508e02e2b0ca3eb40d8bd35ec5086453c

Download Submit
C:\Windows\system\PHwNRIG.exe

Filesize
6.0MB

MD5
724213290c4c131474b533e79ff07416

SHA1
f4af763539be1cb6ed9ed379e8127d952a0260b7

SHA256
54bbe95236b6e24f9ae75f13a065cb70c71ce980b162feeb8a060be8bf6f8c25

SHA512
7658694f4fd4111543e59572fbf89c4eeba792d007c84b966e1b8cc79d4d5d4dc2236e1a328c8cfc471c19c4090832d01c2f7b2b75fa7616b83a38bac187add4

Download Submit
C:\Windows\system\SMFfnqz.exe

Filesize
6.0MB

MD5
58ea3db66230b5acfc1f3be7cf175979

SHA1
112e4480a0b2554f75c52cad531c9a4d23307570

SHA256
eded623023dfeb63e50ee98afb77945358c6211f8b66a66794ce3e5e01d1f587

SHA512
1b18509b0d9b8bb032c2e46a3f8f85271c79b1f93960bc92a97ad130bd3e6f6051145421efc3aa6a6a0735958f73f354e4b6256bd8b0b8a0ab9d6a688c3ec263

Download Submit
C:\Windows\system\UnkTybX.exe

Filesize
6.0MB

MD5
a576b61959b8db17705accd00e98cb36

SHA1
f7b468860a41642b6416b5a13dbd963433d0d06a

SHA256
36966460fdf4aee1e150760a14c6a6b4587e33f070ad917b1c5be4d12535b2bb

SHA512
802bdf252c936ec04abb7edd97731f40ce9695fee605829f889c037ea3052c17ac2e6bf966eb060efa33d952926a1238ffbb0ec9c2bf0812e550a676179b6bf9

Download Submit
C:\Windows\system\VwxIGla.exe

Filesize
6.0MB

MD5
fb9b0fa8790be1e7a8925424d86010e8

SHA1
f1da8cd22411de8774ebdf2fb1c87561ab262d2d

SHA256
d382fab446d1519ad7abf82ba49c822b09a31e416853f710020268b916ef715c

SHA512
1b29eb51ef9efc910f27a755a76bd9835761671c79ed040dddbf6046ce4b10dcf0da9f1978e8642133b2d4bb3c96d4b1f523373da790b7bb061e5f50bb9b972f

Download Submit
C:\Windows\system\XzPDJua.exe

Filesize
6.0MB

MD5
108428cb8603d7447756c34022416fcf

SHA1
eb327956942bc6b0df03fe2cca066f75bbf038ba

SHA256
3eb3226fbd06601eee8de4ff936aedb1ec360fb3d84782a9dd39456caa2eb7bd

SHA512
46d9dee2a492ac695031e5698275a5c7e70f26481384ac995a69dab4e37bf6c75f27fa7acf612b1f8fa4e936e581f09e830780ab4a9692b61c5d86805d43c174

Download Submit
C:\Windows\system\crsCcMg.exe

Filesize
6.0MB

MD5
7eb7052084eb7c9adc561a8c22499058

SHA1
9199255a395e6ef8272f8005f98c2c47addb1e4f

SHA256
43e431001859ca4c52751c0892c327529b5bae7892bd06b7cd26d59d3d51fcce

SHA512
d3cd5e046601befc51fcef91df3d5d5287fd325b98b896e16c5cc3421c366c88f38705dcf660e9cdeb32165de803f00c62af1314da8b0a4309dd02e3bedc00e8

Download Submit
C:\Windows\system\kIqmpxS.exe

Filesize
6.0MB

MD5
8922d4d5134dc5ba828f8ca3387d4dbe

SHA1
f16c3243362858a7303fec8a1d2e8b8aa2ad03d3

SHA256
e14c3e744e2c0ee6884818e3926139f122913c7586c0bb102666554b738fb6db

SHA512
b1346d2e2a26876ff7dd6482f43289ab5840cabd3fe97d111f42d68241a6204cb2480f2221faf8fdf4dd2727918716f6dd2f0eeb90651501c3dee1d1b17c0ce8

Download Submit
C:\Windows\system\kVQeDpW.exe

Filesize
6.0MB

MD5
036b4a7f8cea8e2ad3ba48d9ff5e27d1

SHA1
949b581eb13696356b09c905cad3896c52182118

SHA256
b21a1562e4ce1211edb6f09dfb3493318aa202839d7b397753b9ad409e297d07

SHA512
802e73b09afa0b44ecf3e7fa87e0ac292474f435a8b9924643558810c9af5279470da6cbb5e98178ce0847c60a89bacd1081348ecbc9d8e40845d4d061bf10e1

Download Submit
C:\Windows\system\lPivIwc.exe

Filesize
6.0MB

MD5
ed8e6e0a346f835396db09086cfbb1d8

SHA1
15bd5b186054e9fbbd4664ac96f5c5b5c4a46f55

SHA256
b25c1a8b4f4fdaa1188c30771047e5d1cc30a00fefcd9dd8e4239c4783edae81

SHA512
b95516521d8281b348bd2f77bc275130953082676fa63239fe24400055f4968661cd63e8358dbbed5f4a3ea83ecd0ddca68ed4cec234b965941ccb92e78bfc79

Download Submit
C:\Windows\system\lnldnYk.exe

Filesize
6.0MB

MD5
d8f71cb8b0a27dea41c59bebddda29b9

SHA1
0cd51910920eccc4d27077ea2dde4b58c66cd5fd

SHA256
8017b56faaf18e3819813581f16e98b8555e89b52d478f5471e9f29955b38b38

SHA512
4ff3afaca0857442473e6a5ce1badb60065a53ea78212be0e2492d96766d8f520b66cbd3b73aad4fd6249bec89c49e39aa49c8f68486ebc20fe0c2c6024c9363

Download Submit
C:\Windows\system\nADFqeV.exe

Filesize
6.0MB

MD5
9dc787c76bcb5484e6ded62213b00b1f

SHA1
90c3b96b31456e3a7df35b9d3554ab4c7d6a8092

SHA256
c8ded09cdaf7f157bc728683c939c007962e7cd2beb74c291438dd90af70cafa

SHA512
3e077eca72932b21e70fdd6e2dfc70ef531e91b86a4eb4ee2759b4a6c6259dea858150fff4932dc794507791b3a94787a63c8ce04fbc7258eb196c6c22eaf4f6

Download Submit
C:\Windows\system\nLdiHxM.exe

Filesize
6.0MB

MD5
6aacc96b9576984c33bfe311809a8531

SHA1
301fafb0836cdb5b383639c99204f9304b2cfbd4

SHA256
cee8b46802358af07ef0fe52896a5e6974ccc30f01d44f00067e7ba640af5d80

SHA512
ba019c0b1e69d92f08665dedab60b663f2476ffaeb2f94a4ffacfddc4ae2cd07a34aa8a9a421ac85c3ae81396be4d9aa7398cc4aad56bef51756c5491a801b7e

Download Submit
C:\Windows\system\qsUeKUO.exe

Filesize
6.0MB

MD5
b0f87b81b1cccd564cf537b3ec55d4fa

SHA1
7298d02e4146e7de10790f5a0a102b72371a1f27

SHA256
0eb8af44b194e17aa88a5f469c1e6f6aeae491c4e3d4706af6869b327dda4c09

SHA512
137d7f5fd8018bf97079cfb2c6b8c9effc34c8d17b5409acc0c1942bbf5f2a6032a8dd2a6b3e90621865a44226d9317acc7707e678eae6ad89cb7af64d52da88

Download Submit
C:\Windows\system\tcZjrYQ.exe

Filesize
6.0MB

MD5
a742957ad9fe7b81ab2b1ad07151be36

SHA1
49fa747b7f90d9e5cc57822df3913bd8a75e01f4

SHA256
a22eea8d5e45aa9c7695ef06e0aec0c812e04161f58789a277c05d57665b94fa

SHA512
c45232ad4284ffea8ed2e6af7b047512cfd7a1be786fca57240b8d3e554f7e629dfe705c0f9901e22337daac12b7d47edd20dd4edd70eb0dd318197ba23e1e4a

Download Submit
C:\Windows\system\wRmJjqE.exe

Filesize
6.0MB

MD5
78c75af8564d356f2024c7e4cf96055f

SHA1
aefd6efdc112079a9f8a6ca825ae459baab80ef2

SHA256
fd7ce7ed86ebbfc9a41a3675af6df5d8c963bf61aba543106685a35ff74a9e8d

SHA512
91182eb894d7e77768495ae384c53835a78c2347bdd40abee9a3bd51b67c38f073473894255d7ff5047b13d7cd7d103d9f2b7263f2a857bcd982c743ea86d1c9

Download Submit
C:\Windows\system\woKvaih.exe

Filesize
6.0MB

MD5
6ea00f54d8ca1e2dabeecebcf953da81

SHA1
1fb3baba6280d356de815b575da8e035075a0634

SHA256
e98895a31dd84642c4b65307583c74cd15a0e15086fbaa85054f5f659b4a138f

SHA512
d7ff787f24637be2ce02b1301de7e442556bef133ed1b27cf50677a5f4947c8f4aa06dcff0b6507880f8e813344b03f0e4696b9448b68f73e4a876a64e83f9ca

Download Submit
C:\Windows\system\zSFlttQ.exe

Filesize
6.0MB

MD5
8ffb0be57de0599830831e65361ff66f

SHA1
d94bb059cec8e871daba931dc251834f0306b2f9

SHA256
808b94eef7339ba16779093e5006ec97efa121d67ad17e805c66735409373074

SHA512
9b5981ab87636345fd1864505840fc25f42bd72d6ccc6a12594d425a907d712b0be5c1be101d7ab95b0b61581a3035f965e452b8488e40bcbfba8f2a3c54ec4c

Download Submit
\Windows\system\INPGlVi.exe

Filesize
6.0MB

MD5
1941366e5123dd8b055846d07f3cd018

SHA1
48bfbcdc8c5440c25ec4682a77f034f0e3efaca4

SHA256
4a7860fcf8a975d943a008495637a025dfb073e85d00c40f2dc024b2018d9772

SHA512
28adba81c26fce072defd1f32bec509e0504c4007b69810cf017573fb6101875f3ffad2d343cf2e5da662b9b75656cd4c038cd845bd67190afabf81845a09067

Download Submit
\Windows\system\QdPeMAB.exe

Filesize
6.0MB

MD5
8c1bbc6b76f634eea84583e7435e52cd

SHA1
9d0ec34abdd0441e2a64963837eac093db9428f7

SHA256
ba79c81e90af3eef575d4b89b909be9f2383595dbd579c7cfb42482a9acf4ce0

SHA512
f9491d89a27d941dab470f0726e4f61a00d2225f836c8d1895643b804780e756c3d5da4e6b6932d4f4428b83a0cf50400c80c168e9d8798567004055b621cf86

Download Submit
\Windows\system\bKsqkSx.exe

Filesize
6.0MB

MD5
53cb7214625452226483f5d1a98e7250

SHA1
4b236f1ccfce890bb294cd2ddcc1ad215ab6e203

SHA256
0755f5f233ac45942271127f9bd11d6cd2942d146ff3089a265f00b860b855f0

SHA512
02f7e6abee6295cc4486a93460529e850fc50760c57abb2ad4c1935d1fffbda1e2a0d161883eb9d0d61a8312e896fdc58e0ff8a4d01d0e067b5d766d2b6121a7

Download Submit
\Windows\system\gAWzOik.exe

Filesize
6.0MB

MD5
fce39d5b01987bbeaa0f9a12e86a5b37

SHA1
8af1496ec9051d585773efa1fb75d92fb1b5bb89

SHA256
b9feda1f135bd1722a7cf7ca09cb84e916d763dde8f23904ad92b4cea12ab203

SHA512
f2c0bfab6233f5c900f0f8cc2758450913daf678dd6f0a2bb818f1eb345ffbeb20f0cd34a79dba4b6686b21425b8f29cadef80ab5d228aac3f552787977e44f1

Download Submit
\Windows\system\gwQIGbu.exe

Filesize
6.0MB

MD5
489ac2996614f4a7f26a890133f04752

SHA1
3a0522d3aa4e5ab73f6ae77280508ac4d7f7f7bd

SHA256
4b0d6e2e737300d4399ff2362fafad00a2df3b8605922de4caf847dd6275bc79

SHA512
e9beae5c595e74c1201f63ad1c41e5336f40782699921d675d8d9dae9042d5d21f32cff13694e04ee2f857b3f5a5e457394b0b0d55b32afa9752bcc46d1374da

Download Submit
\Windows\system\jhHTAmX.exe

Filesize
6.0MB

MD5
3a53ec49c4eff635c2409ed7c8512466

SHA1
7e9f94f1e78b55624a566b87d8f090a857e00ed6

SHA256
79c7868822f11cd32424480f01b3f32b260ee90622ad92aa46521eb4a0a4e11d

SHA512
007d941a2bccc1ba8f70b9d0e7177a851677ad5ee8736381aa00ca16acd62bf4db538c34a0daa97c0ea6c96366195e3cc6ac9bec2402d1ff4a150bff7926cd09

Download Submit
\Windows\system\jqVNWyX.exe

Filesize
6.0MB

MD5
45e920efa3f8cbcd9caf00692cbc89c3

SHA1
83e6418ad4af8f8b4400e0b19467c2f3742dddb1

SHA256
ab7d81416f52b16d196a538375b3925fc50b99a1821d570e454d78fa0cf1932a

SHA512
928dd7a5c4d0b14f880d0d01c2abbe82c58711e9e1cc318a3b1b03604a265140ecdf1b8ea39cf601af08da86a0ad7e629245aa8940dabd200cb9660f6d550ae1

Download Submit
\Windows\system\wLvHQJD.exe

Filesize
6.0MB

MD5
2ecc65dfcb0f22fda944045bf6ed6d0e

SHA1
90af9afe456741b82ff3bfe7fe4e8b0f4ad354ef

SHA256
eec06a247ac10f2a98d100593d3fa14bcbc3bd3a25da9e0fc392d02120025c93

SHA512
c0b0cb8ff74a98d8134594bb74198a805c0660e3055d1b67b81fddca2e93ff50aea189bdd7c84a13b4a91f67aa08372e2da835d2dabba9d98ac7c688071dec38

Download Submit
memory/536-4638-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/1432-3826-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-4632-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2040-4640-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-0-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-3596-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2420-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2704-4633-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-4639-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2764-4634-0x000000013F700000-0x000000013FA54000-memory.dmp

Filesize
3.3MB

Download
memory/2872-4636-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2872-4641-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4635-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2880-4637-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download