cobaltstrike | bd0c96aac8edb162b5b233005b32ade12875284760bc1726c03b6dfbff2f9e2a

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d80a7bef5c14eb036ae8b734920b5508
SHA1

6da3da81b5e0664286432e66724c1fc5c2569c61
SHA256

bd0c96aac8edb162b5b233005b32ade12875284760bc1726c03b6dfbff2f9e2a
SHA512

125e97b0495b80bd4472945df35fd5f95cde2bf93cb4bc300203a6cceb50812238296523e58cbdf3997e4391941b1847f5fbde96a04432b144d3c4f37c9063a0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUT:T+q56utgpPF8u/7T

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

Processes:

resource	yara_rule
C:\Windows\system\gpJYfyN.exe	cobalt_reflective_dll
\Windows\system\swrehbT.exe	cobalt_reflective_dll
\Windows\system\nClpecj.exe	cobalt_reflective_dll
C:\Windows\system\DdWuxkI.exe	cobalt_reflective_dll
C:\Windows\system\vflvpsP.exe	cobalt_reflective_dll
C:\Windows\system\VRVKAHt.exe	cobalt_reflective_dll
C:\Windows\system\maActvu.exe	cobalt_reflective_dll
C:\Windows\system\gnjpJWl.exe	cobalt_reflective_dll
C:\Windows\system\XePeIus.exe	cobalt_reflective_dll
C:\Windows\system\ZCzuefR.exe	cobalt_reflective_dll
C:\Windows\system\CQaBZvw.exe	cobalt_reflective_dll
\Windows\system\YaEVeqL.exe	cobalt_reflective_dll
C:\Windows\system\IuSeuHP.exe	cobalt_reflective_dll
C:\Windows\system\dKvPgnI.exe	cobalt_reflective_dll
C:\Windows\system\oRDmZaQ.exe	cobalt_reflective_dll
C:\Windows\system\yQwEUhZ.exe	cobalt_reflective_dll
C:\Windows\system\dqAKUCB.exe	cobalt_reflective_dll
C:\Windows\system\mgfyQbF.exe	cobalt_reflective_dll
C:\Windows\system\crUlwVd.exe	cobalt_reflective_dll
C:\Windows\system\nFBYvMb.exe	cobalt_reflective_dll
C:\Windows\system\FOpBVby.exe	cobalt_reflective_dll
C:\Windows\system\aJmtxMs.exe	cobalt_reflective_dll
C:\Windows\system\FAdnngf.exe	cobalt_reflective_dll
C:\Windows\system\sTEQMaZ.exe	cobalt_reflective_dll
C:\Windows\system\zMOoibx.exe	cobalt_reflective_dll
C:\Windows\system\ltiEDeH.exe	cobalt_reflective_dll
C:\Windows\system\HBbKrpH.exe	cobalt_reflective_dll
C:\Windows\system\yhEspGt.exe	cobalt_reflective_dll
C:\Windows\system\MJHMEdk.exe	cobalt_reflective_dll
C:\Windows\system\UWBIvpa.exe	cobalt_reflective_dll
C:\Windows\system\xENTUxD.exe	cobalt_reflective_dll
C:\Windows\system\uHYIWVA.exe	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

Processes:

resource	yara_rule
behavioral1/memory/576-0-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
C:\Windows\system\gpJYfyN.exe	xmrig
\Windows\system\swrehbT.exe	xmrig
\Windows\system\nClpecj.exe	xmrig
behavioral1/memory/2888-22-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2252-23-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
C:\Windows\system\DdWuxkI.exe	xmrig
behavioral1/memory/2344-30-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2460-20-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
C:\Windows\system\vflvpsP.exe	xmrig
behavioral1/memory/576-51-0x000000013FF40000-0x0000000140294000-memory.dmp	xmrig
behavioral1/memory/576-53-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2772-60-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2452-68-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/576-72-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
C:\Windows\system\VRVKAHt.exe	xmrig
C:\Windows\system\maActvu.exe	xmrig
C:\Windows\system\gnjpJWl.exe	xmrig
C:\Windows\system\XePeIus.exe	xmrig
C:\Windows\system\ZCzuefR.exe	xmrig
C:\Windows\system\CQaBZvw.exe	xmrig
\Windows\system\YaEVeqL.exe	xmrig
behavioral1/memory/576-284-0x0000000002470000-0x00000000027C4000-memory.dmp	xmrig
behavioral1/memory/2888-747-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/3028-790-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	xmrig
behavioral1/memory/2336-905-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2648-886-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2372-885-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1600-872-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1168-865-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2452-843-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2772-833-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2788-815-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/864-819-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2344-757-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2252-740-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2460-744-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/576-335-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
C:\Windows\system\IuSeuHP.exe	xmrig
C:\Windows\system\dKvPgnI.exe	xmrig
C:\Windows\system\oRDmZaQ.exe	xmrig
C:\Windows\system\yQwEUhZ.exe	xmrig
C:\Windows\system\dqAKUCB.exe	xmrig
C:\Windows\system\mgfyQbF.exe	xmrig
behavioral1/memory/1168-162-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
C:\Windows\system\crUlwVd.exe	xmrig
C:\Windows\system\nFBYvMb.exe	xmrig
C:\Windows\system\FOpBVby.exe	xmrig
C:\Windows\system\aJmtxMs.exe	xmrig
C:\Windows\system\FAdnngf.exe	xmrig
C:\Windows\system\sTEQMaZ.exe	xmrig
behavioral1/memory/2336-104-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/576-103-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
C:\Windows\system\zMOoibx.exe	xmrig
C:\Windows\system\ltiEDeH.exe	xmrig
behavioral1/memory/2648-100-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2372-98-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1600-83-0x000000013FF60000-0x00000001402B4000-memory.dmp	xmrig
behavioral1/memory/1168-73-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/864-81-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
C:\Windows\system\HBbKrpH.exe	xmrig
C:\Windows\system\yhEspGt.exe	xmrig
C:\Windows\system\MJHMEdk.exe	xmrig
C:\Windows\system\UWBIvpa.exe	xmrig

Executes dropped EXE 64 IoCs

Processes:

gpJYfyN.exeswrehbT.exenClpecj.exeDdWuxkI.exeuHYIWVA.exevflvpsP.exexENTUxD.exeMJHMEdk.exeUWBIvpa.exeyhEspGt.exeHBbKrpH.exemaActvu.exeVRVKAHt.exeltiEDeH.exezMOoibx.exegnjpJWl.exesTEQMaZ.exeXePeIus.exeFAdnngf.exeaJmtxMs.exeZCzuefR.exeFOpBVby.exeCQaBZvw.exenFBYvMb.execrUlwVd.exemgfyQbF.exedqAKUCB.exeYaEVeqL.exeyQwEUhZ.exeoRDmZaQ.exedKvPgnI.exeIuSeuHP.exelNiscCc.exeIVbJziJ.exeGYOTZdJ.exeIhWMVfc.exeShcXKfq.exeCAHXcNW.exedVNCahq.exesbMnnLw.exeLBcjBXh.exeqYEkFbI.exerQydSqq.exeKQXkXVk.exelNwPnfT.exePmYRVbZ.exeMZvApQJ.exerYvyoBn.exekRcPzTa.exepdeUHiU.exeArbumPR.exeFJlvGxL.exephtaeex.exeqDnFufl.exeLOgZPhy.exeKzeUdVk.exeKbNvegc.exeIAwpdfb.exejhsrZFu.exeoYWQNmv.exewZbUEEc.exeCrQFGSA.exeiqMONVm.exeWSojTAz.exe

pid	process
2252	gpJYfyN.exe
2460	swrehbT.exe
2888	nClpecj.exe
2344	DdWuxkI.exe
3028	uHYIWVA.exe
864	vflvpsP.exe
2788	xENTUxD.exe
2772	MJHMEdk.exe
2452	UWBIvpa.exe
1168	yhEspGt.exe
1600	HBbKrpH.exe
2372	maActvu.exe
2648	VRVKAHt.exe
2336	ltiEDeH.exe
1472	zMOoibx.exe
2100	gnjpJWl.exe
2000	sTEQMaZ.exe
1872	XePeIus.exe
2264	FAdnngf.exe
2484	aJmtxMs.exe
296	ZCzuefR.exe
2020	FOpBVby.exe
1752	CQaBZvw.exe
2196	nFBYvMb.exe
2084	crUlwVd.exe
2492	mgfyQbF.exe
2088	dqAKUCB.exe
1992	YaEVeqL.exe
2192	yQwEUhZ.exe
1064	oRDmZaQ.exe
584	dKvPgnI.exe
2228	IuSeuHP.exe
1040	lNiscCc.exe
1532	IVbJziJ.exe
692	GYOTZdJ.exe
2144	IhWMVfc.exe
1916	ShcXKfq.exe
2104	CAHXcNW.exe
392	dVNCahq.exe
908	sbMnnLw.exe
936	LBcjBXh.exe
1740	qYEkFbI.exe
1896	rQydSqq.exe
1716	KQXkXVk.exe
2376	lNwPnfT.exe
1676	PmYRVbZ.exe
1004	MZvApQJ.exe
1536	rYvyoBn.exe
2692	kRcPzTa.exe
592	pdeUHiU.exe
884	ArbumPR.exe
1584	FJlvGxL.exe
2584	phtaeex.exe
2212	qDnFufl.exe
1964	LOgZPhy.exe
2968	KzeUdVk.exe
2740	KbNvegc.exe
2596	IAwpdfb.exe
2972	jhsrZFu.exe
3068	oYWQNmv.exe
2628	wZbUEEc.exe
1640	CrQFGSA.exe
1892	iqMONVm.exe
2236	WSojTAz.exe

Loads dropped DLL 64 IoCs

Processes:

2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe

pid	process
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/576-0-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
C:\Windows\system\gpJYfyN.exe	upx
\Windows\system\swrehbT.exe	upx
\Windows\system\nClpecj.exe	upx
behavioral1/memory/2888-22-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2252-23-0x000000013F130000-0x000000013F484000-memory.dmp	upx
C:\Windows\system\DdWuxkI.exe	upx
behavioral1/memory/2344-30-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2460-20-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
C:\Windows\system\vflvpsP.exe	upx
behavioral1/memory/576-51-0x000000013FF40000-0x0000000140294000-memory.dmp	upx
behavioral1/memory/2772-60-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2452-68-0x000000013F220000-0x000000013F574000-memory.dmp	upx
C:\Windows\system\VRVKAHt.exe	upx
C:\Windows\system\maActvu.exe	upx
C:\Windows\system\gnjpJWl.exe	upx
C:\Windows\system\XePeIus.exe	upx
C:\Windows\system\ZCzuefR.exe	upx
C:\Windows\system\CQaBZvw.exe	upx
\Windows\system\YaEVeqL.exe	upx
behavioral1/memory/2888-747-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/3028-790-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx
behavioral1/memory/2336-905-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2648-886-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2372-885-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1600-872-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1168-865-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2452-843-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2772-833-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2788-815-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/864-819-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2344-757-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2252-740-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2460-744-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
C:\Windows\system\IuSeuHP.exe	upx
C:\Windows\system\dKvPgnI.exe	upx
C:\Windows\system\oRDmZaQ.exe	upx
C:\Windows\system\yQwEUhZ.exe	upx
C:\Windows\system\dqAKUCB.exe	upx
C:\Windows\system\mgfyQbF.exe	upx
behavioral1/memory/1168-162-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
C:\Windows\system\crUlwVd.exe	upx
C:\Windows\system\nFBYvMb.exe	upx
C:\Windows\system\FOpBVby.exe	upx
C:\Windows\system\aJmtxMs.exe	upx
C:\Windows\system\FAdnngf.exe	upx
C:\Windows\system\sTEQMaZ.exe	upx
behavioral1/memory/2336-104-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
C:\Windows\system\zMOoibx.exe	upx
C:\Windows\system\ltiEDeH.exe	upx
behavioral1/memory/2648-100-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2372-98-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1600-83-0x000000013FF60000-0x00000001402B4000-memory.dmp	upx
behavioral1/memory/1168-73-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/864-81-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
C:\Windows\system\HBbKrpH.exe	upx
C:\Windows\system\yhEspGt.exe	upx
C:\Windows\system\MJHMEdk.exe	upx
C:\Windows\system\UWBIvpa.exe	upx
behavioral1/memory/2788-54-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
C:\Windows\system\xENTUxD.exe	upx
behavioral1/memory/576-45-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/864-42-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/3028-37-0x000000013FCA0000-0x000000013FFF4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

Processes:

2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe

description	ioc	process
File created	C:\Windows\System\oVBSoDL.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HHYpRzr.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YrNRPEm.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBOPqaX.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FYRwcQg.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cAXSyYy.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGZCyFJ.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\epghPkh.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GTXesYG.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\roucnDR.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ciuadwl.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PaucFld.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcGtQHx.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBtuKiZ.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ATpPBle.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lbfWCcl.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UPtrgyy.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfwiyNr.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMskkpv.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJVaqUB.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVbzwuk.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wwqiuyf.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWjJqLZ.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\suQQgpt.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GfYgisx.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VUlHLKG.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGpvgxg.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cbBwAis.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HnTyWWn.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMfOCph.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VFqrPAO.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sKeSpyK.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cpQUJbB.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jSMAeYr.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdwbEYV.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bxGNdvl.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJxtpCN.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Jeouekz.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vXcZFsy.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVImdsC.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Fqxfxbi.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAiXtsH.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcSWzAg.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AriPdQR.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tlqoipV.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZostRw.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XrLoTvW.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VDLCkSA.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiKHIBE.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aGcdRoA.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mITihtm.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgdKzbJ.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHBCzRz.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDplJXj.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WNajiOa.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DZDMLBH.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fcuFJBJ.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GcDOdhO.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qAeQVyE.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aINVNuv.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wUnBNFo.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omcbVyU.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOXRBmb.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SldFWIg.exe	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe

description	pid	process	target process
PID 576 wrote to memory of 2252	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	gpJYfyN.exe
PID 576 wrote to memory of 2252	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	gpJYfyN.exe
PID 576 wrote to memory of 2252	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	gpJYfyN.exe
PID 576 wrote to memory of 2460	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	swrehbT.exe
PID 576 wrote to memory of 2460	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	swrehbT.exe
PID 576 wrote to memory of 2460	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	swrehbT.exe
PID 576 wrote to memory of 2888	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	nClpecj.exe
PID 576 wrote to memory of 2888	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	nClpecj.exe
PID 576 wrote to memory of 2888	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	nClpecj.exe
PID 576 wrote to memory of 2344	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	DdWuxkI.exe
PID 576 wrote to memory of 2344	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	DdWuxkI.exe
PID 576 wrote to memory of 2344	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	DdWuxkI.exe
PID 576 wrote to memory of 3028	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	uHYIWVA.exe
PID 576 wrote to memory of 3028	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	uHYIWVA.exe
PID 576 wrote to memory of 3028	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	uHYIWVA.exe
PID 576 wrote to memory of 864	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	vflvpsP.exe
PID 576 wrote to memory of 864	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	vflvpsP.exe
PID 576 wrote to memory of 864	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	vflvpsP.exe
PID 576 wrote to memory of 2788	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	xENTUxD.exe
PID 576 wrote to memory of 2788	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	xENTUxD.exe
PID 576 wrote to memory of 2788	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	xENTUxD.exe
PID 576 wrote to memory of 2772	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	MJHMEdk.exe
PID 576 wrote to memory of 2772	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	MJHMEdk.exe
PID 576 wrote to memory of 2772	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	MJHMEdk.exe
PID 576 wrote to memory of 2452	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	UWBIvpa.exe
PID 576 wrote to memory of 2452	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	UWBIvpa.exe
PID 576 wrote to memory of 2452	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	UWBIvpa.exe
PID 576 wrote to memory of 1168	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	yhEspGt.exe
PID 576 wrote to memory of 1168	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	yhEspGt.exe
PID 576 wrote to memory of 1168	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	yhEspGt.exe
PID 576 wrote to memory of 1600	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	HBbKrpH.exe
PID 576 wrote to memory of 1600	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	HBbKrpH.exe
PID 576 wrote to memory of 1600	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	HBbKrpH.exe
PID 576 wrote to memory of 2372	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	maActvu.exe
PID 576 wrote to memory of 2372	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	maActvu.exe
PID 576 wrote to memory of 2372	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	maActvu.exe
PID 576 wrote to memory of 2648	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	VRVKAHt.exe
PID 576 wrote to memory of 2648	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	VRVKAHt.exe
PID 576 wrote to memory of 2648	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	VRVKAHt.exe
PID 576 wrote to memory of 2336	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	ltiEDeH.exe
PID 576 wrote to memory of 2336	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	ltiEDeH.exe
PID 576 wrote to memory of 2336	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	ltiEDeH.exe
PID 576 wrote to memory of 1472	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	zMOoibx.exe
PID 576 wrote to memory of 1472	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	zMOoibx.exe
PID 576 wrote to memory of 1472	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	zMOoibx.exe
PID 576 wrote to memory of 2100	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	gnjpJWl.exe
PID 576 wrote to memory of 2100	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	gnjpJWl.exe
PID 576 wrote to memory of 2100	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	gnjpJWl.exe
PID 576 wrote to memory of 2000	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	sTEQMaZ.exe
PID 576 wrote to memory of 2000	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	sTEQMaZ.exe
PID 576 wrote to memory of 2000	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	sTEQMaZ.exe
PID 576 wrote to memory of 1872	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	XePeIus.exe
PID 576 wrote to memory of 1872	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	XePeIus.exe
PID 576 wrote to memory of 1872	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	XePeIus.exe
PID 576 wrote to memory of 2264	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	FAdnngf.exe
PID 576 wrote to memory of 2264	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	FAdnngf.exe
PID 576 wrote to memory of 2264	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	FAdnngf.exe
PID 576 wrote to memory of 2484	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	aJmtxMs.exe
PID 576 wrote to memory of 2484	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	aJmtxMs.exe
PID 576 wrote to memory of 2484	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	aJmtxMs.exe
PID 576 wrote to memory of 296	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	ZCzuefR.exe
PID 576 wrote to memory of 296	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	ZCzuefR.exe
PID 576 wrote to memory of 296	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	ZCzuefR.exe
PID 576 wrote to memory of 2020	576	2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe	FOpBVby.exe

C:\Users\Admin\AppData\Local\Temp\2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-22_d80a7bef5c14eb036ae8b734920b5508_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:576
- C:\Windows\System\gpJYfyN.exe
  C:\Windows\System\gpJYfyN.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\swrehbT.exe
  C:\Windows\System\swrehbT.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\nClpecj.exe
  C:\Windows\System\nClpecj.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\DdWuxkI.exe
  C:\Windows\System\DdWuxkI.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\uHYIWVA.exe
  C:\Windows\System\uHYIWVA.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\vflvpsP.exe
  C:\Windows\System\vflvpsP.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\xENTUxD.exe
  C:\Windows\System\xENTUxD.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\MJHMEdk.exe
  C:\Windows\System\MJHMEdk.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\UWBIvpa.exe
  C:\Windows\System\UWBIvpa.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\yhEspGt.exe
  C:\Windows\System\yhEspGt.exe
  2⤵
  - Executes dropped EXE
  PID:1168
- C:\Windows\System\HBbKrpH.exe
  C:\Windows\System\HBbKrpH.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\maActvu.exe
  C:\Windows\System\maActvu.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\VRVKAHt.exe
  C:\Windows\System\VRVKAHt.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\ltiEDeH.exe
  C:\Windows\System\ltiEDeH.exe
  2⤵
  - Executes dropped EXE
  PID:2336
- C:\Windows\System\zMOoibx.exe
  C:\Windows\System\zMOoibx.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\gnjpJWl.exe
  C:\Windows\System\gnjpJWl.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\sTEQMaZ.exe
  C:\Windows\System\sTEQMaZ.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\XePeIus.exe
  C:\Windows\System\XePeIus.exe
  2⤵
  - Executes dropped EXE
  PID:1872
- C:\Windows\System\FAdnngf.exe
  C:\Windows\System\FAdnngf.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\aJmtxMs.exe
  C:\Windows\System\aJmtxMs.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\ZCzuefR.exe
  C:\Windows\System\ZCzuefR.exe
  2⤵
  - Executes dropped EXE
  PID:296
- C:\Windows\System\FOpBVby.exe
  C:\Windows\System\FOpBVby.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\CQaBZvw.exe
  C:\Windows\System\CQaBZvw.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\nFBYvMb.exe
  C:\Windows\System\nFBYvMb.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\crUlwVd.exe
  C:\Windows\System\crUlwVd.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\mgfyQbF.exe
  C:\Windows\System\mgfyQbF.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\dqAKUCB.exe
  C:\Windows\System\dqAKUCB.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\YaEVeqL.exe
  C:\Windows\System\YaEVeqL.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\yQwEUhZ.exe
  C:\Windows\System\yQwEUhZ.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\oRDmZaQ.exe
  C:\Windows\System\oRDmZaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\dKvPgnI.exe
  C:\Windows\System\dKvPgnI.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\IuSeuHP.exe
  C:\Windows\System\IuSeuHP.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\lNiscCc.exe
  C:\Windows\System\lNiscCc.exe
  2⤵
  - Executes dropped EXE
  PID:1040
- C:\Windows\System\GYOTZdJ.exe
  C:\Windows\System\GYOTZdJ.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\IVbJziJ.exe
  C:\Windows\System\IVbJziJ.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\ShcXKfq.exe
  C:\Windows\System\ShcXKfq.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\IhWMVfc.exe
  C:\Windows\System\IhWMVfc.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\CAHXcNW.exe
  C:\Windows\System\CAHXcNW.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\dVNCahq.exe
  C:\Windows\System\dVNCahq.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\qYEkFbI.exe
  C:\Windows\System\qYEkFbI.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\sbMnnLw.exe
  C:\Windows\System\sbMnnLw.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\rQydSqq.exe
  C:\Windows\System\rQydSqq.exe
  2⤵
  - Executes dropped EXE
  PID:1896
- C:\Windows\System\LBcjBXh.exe
  C:\Windows\System\LBcjBXh.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\lNwPnfT.exe
  C:\Windows\System\lNwPnfT.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\KQXkXVk.exe
  C:\Windows\System\KQXkXVk.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\PmYRVbZ.exe
  C:\Windows\System\PmYRVbZ.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\MZvApQJ.exe
  C:\Windows\System\MZvApQJ.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\rYvyoBn.exe
  C:\Windows\System\rYvyoBn.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\kRcPzTa.exe
  C:\Windows\System\kRcPzTa.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ArbumPR.exe
  C:\Windows\System\ArbumPR.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\pdeUHiU.exe
  C:\Windows\System\pdeUHiU.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\phtaeex.exe
  C:\Windows\System\phtaeex.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\FJlvGxL.exe
  C:\Windows\System\FJlvGxL.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\LOgZPhy.exe
  C:\Windows\System\LOgZPhy.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\qDnFufl.exe
  C:\Windows\System\qDnFufl.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\jhsrZFu.exe
  C:\Windows\System\jhsrZFu.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\KzeUdVk.exe
  C:\Windows\System\KzeUdVk.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\oYWQNmv.exe
  C:\Windows\System\oYWQNmv.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\KbNvegc.exe
  C:\Windows\System\KbNvegc.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\wZbUEEc.exe
  C:\Windows\System\wZbUEEc.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\IAwpdfb.exe
  C:\Windows\System\IAwpdfb.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\CrQFGSA.exe
  C:\Windows\System\CrQFGSA.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\iqMONVm.exe
  C:\Windows\System\iqMONVm.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\QJXgrSr.exe
  C:\Windows\System\QJXgrSr.exe
  2⤵
  PID:2800
- C:\Windows\System\WSojTAz.exe
  C:\Windows\System\WSojTAz.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\mvUXeCi.exe
  C:\Windows\System\mvUXeCi.exe
  2⤵
  PID:2656
- C:\Windows\System\GDdlsQp.exe
  C:\Windows\System\GDdlsQp.exe
  2⤵
  PID:1828
- C:\Windows\System\wDjPOec.exe
  C:\Windows\System\wDjPOec.exe
  2⤵
  PID:2060
- C:\Windows\System\GAjfjHN.exe
  C:\Windows\System\GAjfjHN.exe
  2⤵
  PID:2056
- C:\Windows\System\xMAnpUt.exe
  C:\Windows\System\xMAnpUt.exe
  2⤵
  PID:2496
- C:\Windows\System\rMxfALM.exe
  C:\Windows\System\rMxfALM.exe
  2⤵
  PID:1136
- C:\Windows\System\kcjNVCQ.exe
  C:\Windows\System\kcjNVCQ.exe
  2⤵
  PID:2368
- C:\Windows\System\tLaSWKw.exe
  C:\Windows\System\tLaSWKw.exe
  2⤵
  PID:1660
- C:\Windows\System\LHuUMaZ.exe
  C:\Windows\System\LHuUMaZ.exe
  2⤵
  PID:2396
- C:\Windows\System\RzjkDXN.exe
  C:\Windows\System\RzjkDXN.exe
  2⤵
  PID:1480
- C:\Windows\System\OyoJFBa.exe
  C:\Windows\System\OyoJFBa.exe
  2⤵
  PID:1804
- C:\Windows\System\cRiyrKC.exe
  C:\Windows\System\cRiyrKC.exe
  2⤵
  PID:1568
- C:\Windows\System\ieHvqbk.exe
  C:\Windows\System\ieHvqbk.exe
  2⤵
  PID:2136
- C:\Windows\System\bzgyjOE.exe
  C:\Windows\System\bzgyjOE.exe
  2⤵
  PID:2188
- C:\Windows\System\dQYotTc.exe
  C:\Windows\System\dQYotTc.exe
  2⤵
  PID:948
- C:\Windows\System\GfFzPgI.exe
  C:\Windows\System\GfFzPgI.exe
  2⤵
  PID:580
- C:\Windows\System\EFqYmpb.exe
  C:\Windows\System\EFqYmpb.exe
  2⤵
  PID:2420
- C:\Windows\System\ATpPBle.exe
  C:\Windows\System\ATpPBle.exe
  2⤵
  PID:2348
- C:\Windows\System\llgUKsM.exe
  C:\Windows\System\llgUKsM.exe
  2⤵
  PID:1748
- C:\Windows\System\XlVFLkt.exe
  C:\Windows\System\XlVFLkt.exe
  2⤵
  PID:688
- C:\Windows\System\STWXJGI.exe
  C:\Windows\System\STWXJGI.exe
  2⤵
  PID:1468
- C:\Windows\System\uQWaJWM.exe
  C:\Windows\System\uQWaJWM.exe
  2⤵
  PID:2744
- C:\Windows\System\twqKgVr.exe
  C:\Windows\System\twqKgVr.exe
  2⤵
  PID:2480
- C:\Windows\System\PExhzbd.exe
  C:\Windows\System\PExhzbd.exe
  2⤵
  PID:2556
- C:\Windows\System\HyTYuMi.exe
  C:\Windows\System\HyTYuMi.exe
  2⤵
  PID:3048
- C:\Windows\System\Scnhqyb.exe
  C:\Windows\System\Scnhqyb.exe
  2⤵
  PID:1744
- C:\Windows\System\dCQPhdF.exe
  C:\Windows\System\dCQPhdF.exe
  2⤵
  PID:3032
- C:\Windows\System\LMKhABR.exe
  C:\Windows\System\LMKhABR.exe
  2⤵
  PID:972
- C:\Windows\System\SmDGHzL.exe
  C:\Windows\System\SmDGHzL.exe
  2⤵
  PID:2080
- C:\Windows\System\qvDFkBU.exe
  C:\Windows\System\qvDFkBU.exe
  2⤵
  PID:1088
- C:\Windows\System\KZcqXsx.exe
  C:\Windows\System\KZcqXsx.exe
  2⤵
  PID:2116
- C:\Windows\System\WpHOfRu.exe
  C:\Windows\System\WpHOfRu.exe
  2⤵
  PID:2320
- C:\Windows\System\gdjnDqN.exe
  C:\Windows\System\gdjnDqN.exe
  2⤵
  PID:2636
- C:\Windows\System\WIYVCcz.exe
  C:\Windows\System\WIYVCcz.exe
  2⤵
  PID:1084
- C:\Windows\System\RPZHPjn.exe
  C:\Windows\System\RPZHPjn.exe
  2⤵
  PID:1932
- C:\Windows\System\iJKytaU.exe
  C:\Windows\System\iJKytaU.exe
  2⤵
  PID:1436
- C:\Windows\System\SGpvgxg.exe
  C:\Windows\System\SGpvgxg.exe
  2⤵
  PID:892
- C:\Windows\System\jkfLjbh.exe
  C:\Windows\System\jkfLjbh.exe
  2⤵
  PID:2664
- C:\Windows\System\FIQduSB.exe
  C:\Windows\System\FIQduSB.exe
  2⤵
  PID:3092
- C:\Windows\System\XWXGEjR.exe
  C:\Windows\System\XWXGEjR.exe
  2⤵
  PID:3108
- C:\Windows\System\qNWnDGx.exe
  C:\Windows\System\qNWnDGx.exe
  2⤵
  PID:3132
- C:\Windows\System\LiaPAVr.exe
  C:\Windows\System\LiaPAVr.exe
  2⤵
  PID:3152
- C:\Windows\System\SEVdclV.exe
  C:\Windows\System\SEVdclV.exe
  2⤵
  PID:3172
- C:\Windows\System\bxsnKre.exe
  C:\Windows\System\bxsnKre.exe
  2⤵
  PID:3188
- C:\Windows\System\ANGZpnI.exe
  C:\Windows\System\ANGZpnI.exe
  2⤵
  PID:3204
- C:\Windows\System\TgoISsl.exe
  C:\Windows\System\TgoISsl.exe
  2⤵
  PID:3228
- C:\Windows\System\tQbMDyt.exe
  C:\Windows\System\tQbMDyt.exe
  2⤵
  PID:3244
- C:\Windows\System\tZJduag.exe
  C:\Windows\System\tZJduag.exe
  2⤵
  PID:3272
- C:\Windows\System\swmccIZ.exe
  C:\Windows\System\swmccIZ.exe
  2⤵
  PID:3288
- C:\Windows\System\MKyftms.exe
  C:\Windows\System\MKyftms.exe
  2⤵
  PID:3316
- C:\Windows\System\PwWkvTt.exe
  C:\Windows\System\PwWkvTt.exe
  2⤵
  PID:3332
- C:\Windows\System\lcWgCzG.exe
  C:\Windows\System\lcWgCzG.exe
  2⤵
  PID:3352
- C:\Windows\System\HbsReth.exe
  C:\Windows\System\HbsReth.exe
  2⤵
  PID:3368
- C:\Windows\System\WFQMHZf.exe
  C:\Windows\System\WFQMHZf.exe
  2⤵
  PID:3392
- C:\Windows\System\tlFdfcn.exe
  C:\Windows\System\tlFdfcn.exe
  2⤵
  PID:3416
- C:\Windows\System\KiYEOya.exe
  C:\Windows\System\KiYEOya.exe
  2⤵
  PID:3436
- C:\Windows\System\Gywztjn.exe
  C:\Windows\System\Gywztjn.exe
  2⤵
  PID:3456
- C:\Windows\System\ZdxhzDO.exe
  C:\Windows\System\ZdxhzDO.exe
  2⤵
  PID:3476
- C:\Windows\System\nfPnByA.exe
  C:\Windows\System\nfPnByA.exe
  2⤵
  PID:3496
- C:\Windows\System\pQyixhU.exe
  C:\Windows\System\pQyixhU.exe
  2⤵
  PID:3512
- C:\Windows\System\UWyGiKN.exe
  C:\Windows\System\UWyGiKN.exe
  2⤵
  PID:3532
- C:\Windows\System\ZDknBlD.exe
  C:\Windows\System\ZDknBlD.exe
  2⤵
  PID:3552
- C:\Windows\System\EbviOzM.exe
  C:\Windows\System\EbviOzM.exe
  2⤵
  PID:3572
- C:\Windows\System\BfBXqxJ.exe
  C:\Windows\System\BfBXqxJ.exe
  2⤵
  PID:3592
- C:\Windows\System\TZGcIlq.exe
  C:\Windows\System\TZGcIlq.exe
  2⤵
  PID:3608
- C:\Windows\System\APeyPIc.exe
  C:\Windows\System\APeyPIc.exe
  2⤵
  PID:3640
- C:\Windows\System\eWjJqLZ.exe
  C:\Windows\System\eWjJqLZ.exe
  2⤵
  PID:3660
- C:\Windows\System\ifBvmmx.exe
  C:\Windows\System\ifBvmmx.exe
  2⤵
  PID:3680
- C:\Windows\System\TqtqBOL.exe
  C:\Windows\System\TqtqBOL.exe
  2⤵
  PID:3704
- C:\Windows\System\epghPkh.exe
  C:\Windows\System\epghPkh.exe
  2⤵
  PID:3720
- C:\Windows\System\HdDuinr.exe
  C:\Windows\System\HdDuinr.exe
  2⤵
  PID:3736
- C:\Windows\System\YYaWRpG.exe
  C:\Windows\System\YYaWRpG.exe
  2⤵
  PID:3764
- C:\Windows\System\QDYvUaw.exe
  C:\Windows\System\QDYvUaw.exe
  2⤵
  PID:3784
- C:\Windows\System\tvoRYWe.exe
  C:\Windows\System\tvoRYWe.exe
  2⤵
  PID:3804
- C:\Windows\System\IqCYwDr.exe
  C:\Windows\System\IqCYwDr.exe
  2⤵
  PID:3824
- C:\Windows\System\NHrJmzR.exe
  C:\Windows\System\NHrJmzR.exe
  2⤵
  PID:3840
- C:\Windows\System\rECjIeh.exe
  C:\Windows\System\rECjIeh.exe
  2⤵
  PID:3864
- C:\Windows\System\EtQIsTY.exe
  C:\Windows\System\EtQIsTY.exe
  2⤵
  PID:3884
- C:\Windows\System\kvGAaJG.exe
  C:\Windows\System\kvGAaJG.exe
  2⤵
  PID:3904
- C:\Windows\System\pLIoxNf.exe
  C:\Windows\System\pLIoxNf.exe
  2⤵
  PID:3924
- C:\Windows\System\sTUpFob.exe
  C:\Windows\System\sTUpFob.exe
  2⤵
  PID:3944
- C:\Windows\System\vxIiIoX.exe
  C:\Windows\System\vxIiIoX.exe
  2⤵
  PID:3964
- C:\Windows\System\KIQprnj.exe
  C:\Windows\System\KIQprnj.exe
  2⤵
  PID:3980
- C:\Windows\System\NPHdWPj.exe
  C:\Windows\System\NPHdWPj.exe
  2⤵
  PID:4000
- C:\Windows\System\tcOyQgL.exe
  C:\Windows\System\tcOyQgL.exe
  2⤵
  PID:4016
- C:\Windows\System\KlBCYQv.exe
  C:\Windows\System\KlBCYQv.exe
  2⤵
  PID:4048
- C:\Windows\System\jwnvHPG.exe
  C:\Windows\System\jwnvHPG.exe
  2⤵
  PID:4068
- C:\Windows\System\juYFtne.exe
  C:\Windows\System\juYFtne.exe
  2⤵
  PID:4088
- C:\Windows\System\XLbSkpJ.exe
  C:\Windows\System\XLbSkpJ.exe
  2⤵
  PID:2328
- C:\Windows\System\DFJUypU.exe
  C:\Windows\System\DFJUypU.exe
  2⤵
  PID:2932
- C:\Windows\System\EbFgIHQ.exe
  C:\Windows\System\EbFgIHQ.exe
  2⤵
  PID:436
- C:\Windows\System\Pmgtgew.exe
  C:\Windows\System\Pmgtgew.exe
  2⤵
  PID:2516
- C:\Windows\System\AfNMtHm.exe
  C:\Windows\System\AfNMtHm.exe
  2⤵
  PID:2152
- C:\Windows\System\jFGgzXt.exe
  C:\Windows\System\jFGgzXt.exe
  2⤵
  PID:1348
- C:\Windows\System\nzmtENB.exe
  C:\Windows\System\nzmtENB.exe
  2⤵
  PID:560
- C:\Windows\System\TLHpOfk.exe
  C:\Windows\System\TLHpOfk.exe
  2⤵
  PID:1148
- C:\Windows\System\QYlAdUv.exe
  C:\Windows\System\QYlAdUv.exe
  2⤵
  PID:2712
- C:\Windows\System\AtAemvw.exe
  C:\Windows\System\AtAemvw.exe
  2⤵
  PID:1520
- C:\Windows\System\mmzIHZH.exe
  C:\Windows\System\mmzIHZH.exe
  2⤵
  PID:2672
- C:\Windows\System\HcnbShT.exe
  C:\Windows\System\HcnbShT.exe
  2⤵
  PID:756
- C:\Windows\System\PVVsgAh.exe
  C:\Windows\System\PVVsgAh.exe
  2⤵
  PID:3124
- C:\Windows\System\jjHFkLx.exe
  C:\Windows\System\jjHFkLx.exe
  2⤵
  PID:2232
- C:\Windows\System\AKUhkCd.exe
  C:\Windows\System\AKUhkCd.exe
  2⤵
  PID:3104
- C:\Windows\System\CukKYqt.exe
  C:\Windows\System\CukKYqt.exe
  2⤵
  PID:3180
- C:\Windows\System\QZKpuzC.exe
  C:\Windows\System\QZKpuzC.exe
  2⤵
  PID:3280
- C:\Windows\System\hlNqgwG.exe
  C:\Windows\System\hlNqgwG.exe
  2⤵
  PID:3328
- C:\Windows\System\caIFMGb.exe
  C:\Windows\System\caIFMGb.exe
  2⤵
  PID:3260
- C:\Windows\System\wwqiuyf.exe
  C:\Windows\System\wwqiuyf.exe
  2⤵
  PID:3408
- C:\Windows\System\GdeqJGP.exe
  C:\Windows\System\GdeqJGP.exe
  2⤵
  PID:3308
- C:\Windows\System\vTLOJfc.exe
  C:\Windows\System\vTLOJfc.exe
  2⤵
  PID:3344
- C:\Windows\System\aOPpqpq.exe
  C:\Windows\System\aOPpqpq.exe
  2⤵
  PID:3424
- C:\Windows\System\jyvEPwj.exe
  C:\Windows\System\jyvEPwj.exe
  2⤵
  PID:3428
- C:\Windows\System\snxVMqO.exe
  C:\Windows\System\snxVMqO.exe
  2⤵
  PID:3488
- C:\Windows\System\rtRSYze.exe
  C:\Windows\System\rtRSYze.exe
  2⤵
  PID:2896
- C:\Windows\System\WwFfrHA.exe
  C:\Windows\System\WwFfrHA.exe
  2⤵
  PID:3564
- C:\Windows\System\IlGGPeP.exe
  C:\Windows\System\IlGGPeP.exe
  2⤵
  PID:3540
- C:\Windows\System\QpDTdsQ.exe
  C:\Windows\System\QpDTdsQ.exe
  2⤵
  PID:3652
- C:\Windows\System\rsUEkGE.exe
  C:\Windows\System\rsUEkGE.exe
  2⤵
  PID:3632
- C:\Windows\System\WTiGvAP.exe
  C:\Windows\System\WTiGvAP.exe
  2⤵
  PID:3688
- C:\Windows\System\fythGpQ.exe
  C:\Windows\System\fythGpQ.exe
  2⤵
  PID:3696
- C:\Windows\System\UiKjPpN.exe
  C:\Windows\System\UiKjPpN.exe
  2⤵
  PID:3712
- C:\Windows\System\vZKJtUi.exe
  C:\Windows\System\vZKJtUi.exe
  2⤵
  PID:3812
- C:\Windows\System\CSGphnY.exe
  C:\Windows\System\CSGphnY.exe
  2⤵
  PID:3852
- C:\Windows\System\UgpNSEE.exe
  C:\Windows\System\UgpNSEE.exe
  2⤵
  PID:3800
- C:\Windows\System\HSitxaa.exe
  C:\Windows\System\HSitxaa.exe
  2⤵
  PID:3892
- C:\Windows\System\FyhJEfP.exe
  C:\Windows\System\FyhJEfP.exe
  2⤵
  PID:3896
- C:\Windows\System\LknPCIP.exe
  C:\Windows\System\LknPCIP.exe
  2⤵
  PID:3916
- C:\Windows\System\BJHqkZT.exe
  C:\Windows\System\BJHqkZT.exe
  2⤵
  PID:3956
- C:\Windows\System\HxQAHFa.exe
  C:\Windows\System\HxQAHFa.exe
  2⤵
  PID:4064
- C:\Windows\System\ChjOgxO.exe
  C:\Windows\System\ChjOgxO.exe
  2⤵
  PID:4032
- C:\Windows\System\NxhuJHm.exe
  C:\Windows\System\NxhuJHm.exe
  2⤵
  PID:1144
- C:\Windows\System\RhoSJCG.exe
  C:\Windows\System\RhoSJCG.exe
  2⤵
  PID:2880
- C:\Windows\System\rRAKcWF.exe
  C:\Windows\System\rRAKcWF.exe
  2⤵
  PID:2920
- C:\Windows\System\DeRMhUH.exe
  C:\Windows\System\DeRMhUH.exe
  2⤵
  PID:2180
- C:\Windows\System\kFbGExU.exe
  C:\Windows\System\kFbGExU.exe
  2⤵
  PID:1464
- C:\Windows\System\FCYTunY.exe
  C:\Windows\System\FCYTunY.exe
  2⤵
  PID:2468
- C:\Windows\System\zGCryTQ.exe
  C:\Windows\System\zGCryTQ.exe
  2⤵
  PID:1100
- C:\Windows\System\FZtNixU.exe
  C:\Windows\System\FZtNixU.exe
  2⤵
  PID:952
- C:\Windows\System\PXTAOeX.exe
  C:\Windows\System\PXTAOeX.exe
  2⤵
  PID:3080
- C:\Windows\System\ZMsTywX.exe
  C:\Windows\System\ZMsTywX.exe
  2⤵
  PID:3492
- C:\Windows\System\RaUlRom.exe
  C:\Windows\System\RaUlRom.exe
  2⤵
  PID:1556
- C:\Windows\System\ThqdTzH.exe
  C:\Windows\System\ThqdTzH.exe
  2⤵
  PID:3448
- C:\Windows\System\bZJXcgK.exe
  C:\Windows\System\bZJXcgK.exe
  2⤵
  PID:2892
- C:\Windows\System\esliSkG.exe
  C:\Windows\System\esliSkG.exe
  2⤵
  PID:3668
- C:\Windows\System\PjLOxxS.exe
  C:\Windows\System\PjLOxxS.exe
  2⤵
  PID:3776
- C:\Windows\System\NlIVTvG.exe
  C:\Windows\System\NlIVTvG.exe
  2⤵
  PID:3816
- C:\Windows\System\gZCnnwj.exe
  C:\Windows\System\gZCnnwj.exe
  2⤵
  PID:3832
- C:\Windows\System\NUOrGpb.exe
  C:\Windows\System\NUOrGpb.exe
  2⤵
  PID:3792
- C:\Windows\System\tyjCtQG.exe
  C:\Windows\System\tyjCtQG.exe
  2⤵
  PID:4012
- C:\Windows\System\weJiCkC.exe
  C:\Windows\System\weJiCkC.exe
  2⤵
  PID:3952
- C:\Windows\System\IYhZDdG.exe
  C:\Windows\System\IYhZDdG.exe
  2⤵
  PID:4076
- C:\Windows\System\UAaIveO.exe
  C:\Windows\System\UAaIveO.exe
  2⤵
  PID:1672
- C:\Windows\System\WTTPUXi.exe
  C:\Windows\System\WTTPUXi.exe
  2⤵
  PID:3000
- C:\Windows\System\joAvWyE.exe
  C:\Windows\System\joAvWyE.exe
  2⤵
  PID:2380
- C:\Windows\System\lkFyhfy.exe
  C:\Windows\System\lkFyhfy.exe
  2⤵
  PID:1588
- C:\Windows\System\WDrAuvl.exe
  C:\Windows\System\WDrAuvl.exe
  2⤵
  PID:2168
- C:\Windows\System\MeiAyyR.exe
  C:\Windows\System\MeiAyyR.exe
  2⤵
  PID:2992
- C:\Windows\System\qoCJBzG.exe
  C:\Windows\System\qoCJBzG.exe
  2⤵
  PID:3200
- C:\Windows\System\XLAEPOr.exe
  C:\Windows\System\XLAEPOr.exe
  2⤵
  PID:976
- C:\Windows\System\mVVqwgG.exe
  C:\Windows\System\mVVqwgG.exe
  2⤵
  PID:2784
- C:\Windows\System\YCXwVGT.exe
  C:\Windows\System\YCXwVGT.exe
  2⤵
  PID:1576
- C:\Windows\System\BVhJTmm.exe
  C:\Windows\System\BVhJTmm.exe
  2⤵
  PID:2260
- C:\Windows\System\omcbVyU.exe
  C:\Windows\System\omcbVyU.exe
  2⤵
  PID:1868
- C:\Windows\System\TpvXEtb.exe
  C:\Windows\System\TpvXEtb.exe
  2⤵
  PID:2976
- C:\Windows\System\xMkbqiM.exe
  C:\Windows\System\xMkbqiM.exe
  2⤵
  PID:2868
- C:\Windows\System\oytSEWo.exe
  C:\Windows\System\oytSEWo.exe
  2⤵
  PID:2768
- C:\Windows\System\pDlFnij.exe
  C:\Windows\System\pDlFnij.exe
  2⤵
  PID:3384
- C:\Windows\System\DqKovwh.exe
  C:\Windows\System\DqKovwh.exe
  2⤵
  PID:3340
- C:\Windows\System\tTGeCcS.exe
  C:\Windows\System\tTGeCcS.exe
  2⤵
  PID:3528
- C:\Windows\System\OXHwJYo.exe
  C:\Windows\System\OXHwJYo.exe
  2⤵
  PID:3780
- C:\Windows\System\zaCeMVe.exe
  C:\Windows\System\zaCeMVe.exe
  2⤵
  PID:3508
- C:\Windows\System\oTnczRR.exe
  C:\Windows\System\oTnczRR.exe
  2⤵
  PID:3700
- C:\Windows\System\NyQJbzS.exe
  C:\Windows\System\NyQJbzS.exe
  2⤵
  PID:3748
- C:\Windows\System\AzkNwhw.exe
  C:\Windows\System\AzkNwhw.exe
  2⤵
  PID:4028
- C:\Windows\System\erDmPjB.exe
  C:\Windows\System\erDmPjB.exe
  2⤵
  PID:2308
- C:\Windows\System\GTXesYG.exe
  C:\Windows\System\GTXesYG.exe
  2⤵
  PID:2128
- C:\Windows\System\XkTKFBS.exe
  C:\Windows\System\XkTKFBS.exe
  2⤵
  PID:2568
- C:\Windows\System\ASNhpUi.exe
  C:\Windows\System\ASNhpUi.exe
  2⤵
  PID:2908
- C:\Windows\System\mBrpDqY.exe
  C:\Windows\System\mBrpDqY.exe
  2⤵
  PID:2412
- C:\Windows\System\aJHKqpS.exe
  C:\Windows\System\aJHKqpS.exe
  2⤵
  PID:3256
- C:\Windows\System\HfzySFn.exe
  C:\Windows\System\HfzySFn.exe
  2⤵
  PID:3412
- C:\Windows\System\JAhtrCy.exe
  C:\Windows\System\JAhtrCy.exe
  2⤵
  PID:3020
- C:\Windows\System\zrYTjBQ.exe
  C:\Windows\System\zrYTjBQ.exe
  2⤵
  PID:2960
- C:\Windows\System\tvftUjT.exe
  C:\Windows\System\tvftUjT.exe
  2⤵
  PID:3360
- C:\Windows\System\FmkOpUZ.exe
  C:\Windows\System\FmkOpUZ.exe
  2⤵
  PID:3444
- C:\Windows\System\VPrWdAU.exe
  C:\Windows\System\VPrWdAU.exe
  2⤵
  PID:3624
- C:\Windows\System\fWLrgbx.exe
  C:\Windows\System\fWLrgbx.exe
  2⤵
  PID:3504
- C:\Windows\System\LuzJgTy.exe
  C:\Windows\System\LuzJgTy.exe
  2⤵
  PID:2852
- C:\Windows\System\HbjxAQP.exe
  C:\Windows\System\HbjxAQP.exe
  2⤵
  PID:2924
- C:\Windows\System\ethElVo.exe
  C:\Windows\System\ethElVo.exe
  2⤵
  PID:4104
- C:\Windows\System\BkAgnmJ.exe
  C:\Windows\System\BkAgnmJ.exe
  2⤵
  PID:4120
- C:\Windows\System\eQoZyXJ.exe
  C:\Windows\System\eQoZyXJ.exe
  2⤵
  PID:4144
- C:\Windows\System\fFWHjmD.exe
  C:\Windows\System\fFWHjmD.exe
  2⤵
  PID:4176
- C:\Windows\System\mDUZObd.exe
  C:\Windows\System\mDUZObd.exe
  2⤵
  PID:4196
- C:\Windows\System\KNVTIZe.exe
  C:\Windows\System\KNVTIZe.exe
  2⤵
  PID:4212
- C:\Windows\System\PKGsCiJ.exe
  C:\Windows\System\PKGsCiJ.exe
  2⤵
  PID:4236
- C:\Windows\System\blhUmtH.exe
  C:\Windows\System\blhUmtH.exe
  2⤵
  PID:4256
- C:\Windows\System\UHUJvSo.exe
  C:\Windows\System\UHUJvSo.exe
  2⤵
  PID:4280
- C:\Windows\System\SnImYcb.exe
  C:\Windows\System\SnImYcb.exe
  2⤵
  PID:4300
- C:\Windows\System\KFMlrcn.exe
  C:\Windows\System\KFMlrcn.exe
  2⤵
  PID:4320
- C:\Windows\System\WcwmcZr.exe
  C:\Windows\System\WcwmcZr.exe
  2⤵
  PID:4340
- C:\Windows\System\UGZCyFJ.exe
  C:\Windows\System\UGZCyFJ.exe
  2⤵
  PID:4360
- C:\Windows\System\XlROLlH.exe
  C:\Windows\System\XlROLlH.exe
  2⤵
  PID:4376
- C:\Windows\System\VQSOkWu.exe
  C:\Windows\System\VQSOkWu.exe
  2⤵
  PID:4400
- C:\Windows\System\BhTtZdX.exe
  C:\Windows\System\BhTtZdX.exe
  2⤵
  PID:4420
- C:\Windows\System\OBOPqaX.exe
  C:\Windows\System\OBOPqaX.exe
  2⤵
  PID:4444
- C:\Windows\System\MRjGcDc.exe
  C:\Windows\System\MRjGcDc.exe
  2⤵
  PID:4464
- C:\Windows\System\YWRLuKx.exe
  C:\Windows\System\YWRLuKx.exe
  2⤵
  PID:4484
- C:\Windows\System\eyuDLSu.exe
  C:\Windows\System\eyuDLSu.exe
  2⤵
  PID:4504
- C:\Windows\System\DUEPQXr.exe
  C:\Windows\System\DUEPQXr.exe
  2⤵
  PID:4524
- C:\Windows\System\iuHkPMn.exe
  C:\Windows\System\iuHkPMn.exe
  2⤵
  PID:4544
- C:\Windows\System\VPtmbxJ.exe
  C:\Windows\System\VPtmbxJ.exe
  2⤵
  PID:4564
- C:\Windows\System\uJzAOLp.exe
  C:\Windows\System\uJzAOLp.exe
  2⤵
  PID:4584
- C:\Windows\System\noUFbzO.exe
  C:\Windows\System\noUFbzO.exe
  2⤵
  PID:4604
- C:\Windows\System\nSuuLQh.exe
  C:\Windows\System\nSuuLQh.exe
  2⤵
  PID:4624
- C:\Windows\System\HjBAjLW.exe
  C:\Windows\System\HjBAjLW.exe
  2⤵
  PID:4644
- C:\Windows\System\oyDwdOV.exe
  C:\Windows\System\oyDwdOV.exe
  2⤵
  PID:4664
- C:\Windows\System\lGTtgjB.exe
  C:\Windows\System\lGTtgjB.exe
  2⤵
  PID:4680
- C:\Windows\System\GaLZiah.exe
  C:\Windows\System\GaLZiah.exe
  2⤵
  PID:4704
- C:\Windows\System\IqhfJtQ.exe
  C:\Windows\System\IqhfJtQ.exe
  2⤵
  PID:4724
- C:\Windows\System\hJRleTF.exe
  C:\Windows\System\hJRleTF.exe
  2⤵
  PID:4744
- C:\Windows\System\GrFnTlj.exe
  C:\Windows\System\GrFnTlj.exe
  2⤵
  PID:4764
- C:\Windows\System\jvmPHBc.exe
  C:\Windows\System\jvmPHBc.exe
  2⤵
  PID:4784
- C:\Windows\System\iEpEdIM.exe
  C:\Windows\System\iEpEdIM.exe
  2⤵
  PID:4804
- C:\Windows\System\HilvSdl.exe
  C:\Windows\System\HilvSdl.exe
  2⤵
  PID:4824
- C:\Windows\System\tfyVRmD.exe
  C:\Windows\System\tfyVRmD.exe
  2⤵
  PID:4848
- C:\Windows\System\bubfzKZ.exe
  C:\Windows\System\bubfzKZ.exe
  2⤵
  PID:4868
- C:\Windows\System\DtsYTKx.exe
  C:\Windows\System\DtsYTKx.exe
  2⤵
  PID:4888
- C:\Windows\System\NwUQkLe.exe
  C:\Windows\System\NwUQkLe.exe
  2⤵
  PID:4908
- C:\Windows\System\SWlzrQE.exe
  C:\Windows\System\SWlzrQE.exe
  2⤵
  PID:4928
- C:\Windows\System\CzJlnrz.exe
  C:\Windows\System\CzJlnrz.exe
  2⤵
  PID:4948
- C:\Windows\System\BnrrxoS.exe
  C:\Windows\System\BnrrxoS.exe
  2⤵
  PID:4968
- C:\Windows\System\VRDzAGc.exe
  C:\Windows\System\VRDzAGc.exe
  2⤵
  PID:4988
- C:\Windows\System\PcSWzAg.exe
  C:\Windows\System\PcSWzAg.exe
  2⤵
  PID:5008
- C:\Windows\System\kqNxGqs.exe
  C:\Windows\System\kqNxGqs.exe
  2⤵
  PID:5028
- C:\Windows\System\skgXJRe.exe
  C:\Windows\System\skgXJRe.exe
  2⤵
  PID:5044
- C:\Windows\System\JzQldTK.exe
  C:\Windows\System\JzQldTK.exe
  2⤵
  PID:5060
- C:\Windows\System\WnniSRM.exe
  C:\Windows\System\WnniSRM.exe
  2⤵
  PID:5084
- C:\Windows\System\lHYeBPW.exe
  C:\Windows\System\lHYeBPW.exe
  2⤵
  PID:5104
- C:\Windows\System\ChCNIXG.exe
  C:\Windows\System\ChCNIXG.exe
  2⤵
  PID:3100
- C:\Windows\System\EYnyzAX.exe
  C:\Windows\System\EYnyzAX.exe
  2⤵
  PID:3236
- C:\Windows\System\heNbCWp.exe
  C:\Windows\System\heNbCWp.exe
  2⤵
  PID:2856
- C:\Windows\System\EXyIynM.exe
  C:\Windows\System\EXyIynM.exe
  2⤵
  PID:2844
- C:\Windows\System\fwXflxn.exe
  C:\Windows\System\fwXflxn.exe
  2⤵
  PID:2076
- C:\Windows\System\emGveZq.exe
  C:\Windows\System\emGveZq.exe
  2⤵
  PID:4044
- C:\Windows\System\xkltusD.exe
  C:\Windows\System\xkltusD.exe
  2⤵
  PID:3772
- C:\Windows\System\WnFwISU.exe
  C:\Windows\System\WnFwISU.exe
  2⤵
  PID:2292
- C:\Windows\System\owgNOIp.exe
  C:\Windows\System\owgNOIp.exe
  2⤵
  PID:4152
- C:\Windows\System\tjCxlXX.exe
  C:\Windows\System\tjCxlXX.exe
  2⤵
  PID:4100
- C:\Windows\System\pAQWxiR.exe
  C:\Windows\System\pAQWxiR.exe
  2⤵
  PID:4172
- C:\Windows\System\JyykTNK.exe
  C:\Windows\System\JyykTNK.exe
  2⤵
  PID:4192
- C:\Windows\System\VTVwkve.exe
  C:\Windows\System\VTVwkve.exe
  2⤵
  PID:4248
- C:\Windows\System\FwDrlNJ.exe
  C:\Windows\System\FwDrlNJ.exe
  2⤵
  PID:4288
- C:\Windows\System\AMfOCph.exe
  C:\Windows\System\AMfOCph.exe
  2⤵
  PID:4308
- C:\Windows\System\OfMQxFA.exe
  C:\Windows\System\OfMQxFA.exe
  2⤵
  PID:4368
- C:\Windows\System\lrrzCrz.exe
  C:\Windows\System\lrrzCrz.exe
  2⤵
  PID:4384
- C:\Windows\System\JKEjQYC.exe
  C:\Windows\System\JKEjQYC.exe
  2⤵
  PID:4408
- C:\Windows\System\KONFUdj.exe
  C:\Windows\System\KONFUdj.exe
  2⤵
  PID:4428
- C:\Windows\System\QNDnRmT.exe
  C:\Windows\System\QNDnRmT.exe
  2⤵
  PID:2268
- C:\Windows\System\oVBSoDL.exe
  C:\Windows\System\oVBSoDL.exe
  2⤵
  PID:4500
- C:\Windows\System\tpkLQLl.exe
  C:\Windows\System\tpkLQLl.exe
  2⤵
  PID:4540
- C:\Windows\System\TaqMnPC.exe
  C:\Windows\System\TaqMnPC.exe
  2⤵
  PID:4572
- C:\Windows\System\CIASlUE.exe
  C:\Windows\System\CIASlUE.exe
  2⤵
  PID:4600
- C:\Windows\System\MFyNrDJ.exe
  C:\Windows\System\MFyNrDJ.exe
  2⤵
  PID:4620
- C:\Windows\System\PlGkonU.exe
  C:\Windows\System\PlGkonU.exe
  2⤵
  PID:4660
- C:\Windows\System\rKqiLFs.exe
  C:\Windows\System\rKqiLFs.exe
  2⤵
  PID:4692
- C:\Windows\System\EnayjiE.exe
  C:\Windows\System\EnayjiE.exe
  2⤵
  PID:4672
- C:\Windows\System\EmvPrME.exe
  C:\Windows\System\EmvPrME.exe
  2⤵
  PID:4772
- C:\Windows\System\mQgGQZB.exe
  C:\Windows\System\mQgGQZB.exe
  2⤵
  PID:4760
- C:\Windows\System\HewaHoD.exe
  C:\Windows\System\HewaHoD.exe
  2⤵
  PID:640
- C:\Windows\System\tABggng.exe
  C:\Windows\System\tABggng.exe
  2⤵
  PID:4856
- C:\Windows\System\qAeQVyE.exe
  C:\Windows\System\qAeQVyE.exe
  2⤵
  PID:4896
- C:\Windows\System\rLRTSvN.exe
  C:\Windows\System\rLRTSvN.exe
  2⤵
  PID:4884
- C:\Windows\System\rxsOqjX.exe
  C:\Windows\System\rxsOqjX.exe
  2⤵
  PID:4976
- C:\Windows\System\eDplJXj.exe
  C:\Windows\System\eDplJXj.exe
  2⤵
  PID:4920
- C:\Windows\System\wBzgpxx.exe
  C:\Windows\System\wBzgpxx.exe
  2⤵
  PID:5016
- C:\Windows\System\wkZkagJ.exe
  C:\Windows\System\wkZkagJ.exe
  2⤵
  PID:5000
- C:\Windows\System\DDBFMBG.exe
  C:\Windows\System\DDBFMBG.exe
  2⤵
  PID:5100
- C:\Windows\System\KiAuFAV.exe
  C:\Windows\System\KiAuFAV.exe
  2⤵
  PID:4080
- C:\Windows\System\XfXNCDn.exe
  C:\Windows\System\XfXNCDn.exe
  2⤵
  PID:752
- C:\Windows\System\SzcYnRj.exe
  C:\Windows\System\SzcYnRj.exe
  2⤵
  PID:3304
- C:\Windows\System\jXtXndg.exe
  C:\Windows\System\jXtXndg.exe
  2⤵
  PID:3388
- C:\Windows\System\ABvCekX.exe
  C:\Windows\System\ABvCekX.exe
  2⤵
  PID:1476
- C:\Windows\System\WAUqpbB.exe
  C:\Windows\System\WAUqpbB.exe
  2⤵
  PID:4136
- C:\Windows\System\XAeAhnM.exe
  C:\Windows\System\XAeAhnM.exe
  2⤵
  PID:3992
- C:\Windows\System\OrubHas.exe
  C:\Windows\System\OrubHas.exe
  2⤵
  PID:4204
- C:\Windows\System\BwBdfAG.exe
  C:\Windows\System\BwBdfAG.exe
  2⤵
  PID:4168
- C:\Windows\System\XEnoduu.exe
  C:\Windows\System\XEnoduu.exe
  2⤵
  PID:4252
- C:\Windows\System\JdTqjFp.exe
  C:\Windows\System\JdTqjFp.exe
  2⤵
  PID:4336
- C:\Windows\System\QInIUXW.exe
  C:\Windows\System\QInIUXW.exe
  2⤵
  PID:4392
- C:\Windows\System\vXcZFsy.exe
  C:\Windows\System\vXcZFsy.exe
  2⤵
  PID:4372
- C:\Windows\System\GfdIATm.exe
  C:\Windows\System\GfdIATm.exe
  2⤵
  PID:2256
- C:\Windows\System\BkqyJuI.exe
  C:\Windows\System\BkqyJuI.exe
  2⤵
  PID:4492
- C:\Windows\System\ObHTpUr.exe
  C:\Windows\System\ObHTpUr.exe
  2⤵
  PID:4556
- C:\Windows\System\BRucgxV.exe
  C:\Windows\System\BRucgxV.exe
  2⤵
  PID:4516
- C:\Windows\System\gNjwXWK.exe
  C:\Windows\System\gNjwXWK.exe
  2⤵
  PID:4652
- C:\Windows\System\McnnCkY.exe
  C:\Windows\System\McnnCkY.exe
  2⤵
  PID:4612
- C:\Windows\System\LDdAGVy.exe
  C:\Windows\System\LDdAGVy.exe
  2⤵
  PID:4752
- C:\Windows\System\uybiACv.exe
  C:\Windows\System\uybiACv.exe
  2⤵
  PID:4796
- C:\Windows\System\SomgFWQ.exe
  C:\Windows\System\SomgFWQ.exe
  2⤵
  PID:4720
- C:\Windows\System\GoHYmCB.exe
  C:\Windows\System\GoHYmCB.exe
  2⤵
  PID:4924
- C:\Windows\System\FYRwcQg.exe
  C:\Windows\System\FYRwcQg.exe
  2⤵
  PID:5020
- C:\Windows\System\YNQuwHJ.exe
  C:\Windows\System\YNQuwHJ.exe
  2⤵
  PID:2840
- C:\Windows\System\kQSVrBp.exe
  C:\Windows\System\kQSVrBp.exe
  2⤵
  PID:2276
- C:\Windows\System\RHSGykH.exe
  C:\Windows\System\RHSGykH.exe
  2⤵
  PID:4864
- C:\Windows\System\hBSdBxh.exe
  C:\Windows\System\hBSdBxh.exe
  2⤵
  PID:4960
- C:\Windows\System\SAQkEjM.exe
  C:\Windows\System\SAQkEjM.exe
  2⤵
  PID:4112
- C:\Windows\System\UZgCaBO.exe
  C:\Windows\System\UZgCaBO.exe
  2⤵
  PID:5056
- C:\Windows\System\rWzeSwd.exe
  C:\Windows\System\rWzeSwd.exe
  2⤵
  PID:4228
- C:\Windows\System\JRTyoNF.exe
  C:\Windows\System\JRTyoNF.exe
  2⤵
  PID:5072
- C:\Windows\System\phnMDAJ.exe
  C:\Windows\System\phnMDAJ.exe
  2⤵
  PID:940
- C:\Windows\System\QyGcvfs.exe
  C:\Windows\System\QyGcvfs.exe
  2⤵
  PID:3016
- C:\Windows\System\AURXFGr.exe
  C:\Windows\System\AURXFGr.exe
  2⤵
  PID:3168
- C:\Windows\System\pYMdqYf.exe
  C:\Windows\System\pYMdqYf.exe
  2⤵
  PID:1704
- C:\Windows\System\wOzqwye.exe
  C:\Windows\System\wOzqwye.exe
  2⤵
  PID:4220
- C:\Windows\System\SqMiMgI.exe
  C:\Windows\System\SqMiMgI.exe
  2⤵
  PID:4740
- C:\Windows\System\XqBrmMO.exe
  C:\Windows\System\XqBrmMO.exe
  2⤵
  PID:4876
- C:\Windows\System\EAzgGny.exe
  C:\Windows\System\EAzgGny.exe
  2⤵
  PID:4820
- C:\Windows\System\qIJEFsa.exe
  C:\Windows\System\qIJEFsa.exe
  2⤵
  PID:4416
- C:\Windows\System\kXZVWPp.exe
  C:\Windows\System\kXZVWPp.exe
  2⤵
  PID:304
- C:\Windows\System\ffiuzSH.exe
  C:\Windows\System\ffiuzSH.exe
  2⤵
  PID:4632
- C:\Windows\System\ApWnkYr.exe
  C:\Windows\System\ApWnkYr.exe
  2⤵
  PID:4688
- C:\Windows\System\SaPXuZo.exe
  C:\Windows\System\SaPXuZo.exe
  2⤵
  PID:2432
- C:\Windows\System\wPEkfxr.exe
  C:\Windows\System\wPEkfxr.exe
  2⤵
  PID:4996
- C:\Windows\System\UJukUzL.exe
  C:\Windows\System\UJukUzL.exe
  2⤵
  PID:2736
- C:\Windows\System\vVhsrHg.exe
  C:\Windows\System\vVhsrHg.exe
  2⤵
  PID:2528
- C:\Windows\System\VrBZOAX.exe
  C:\Windows\System\VrBZOAX.exe
  2⤵
  PID:788
- C:\Windows\System\kxCrVdw.exe
  C:\Windows\System\kxCrVdw.exe
  2⤵
  PID:3220
- C:\Windows\System\ccFnJWv.exe
  C:\Windows\System\ccFnJWv.exe
  2⤵
  PID:4160
- C:\Windows\System\UpztQnF.exe
  C:\Windows\System\UpztQnF.exe
  2⤵
  PID:928
- C:\Windows\System\yKsQONB.exe
  C:\Windows\System\yKsQONB.exe
  2⤵
  PID:4836
- C:\Windows\System\KjBNbrT.exe
  C:\Windows\System\KjBNbrT.exe
  2⤵
  PID:960
- C:\Windows\System\EIQRvyb.exe
  C:\Windows\System\EIQRvyb.exe
  2⤵
  PID:5040
- C:\Windows\System\gfdDsAD.exe
  C:\Windows\System\gfdDsAD.exe
  2⤵
  PID:2884
- C:\Windows\System\heICCXC.exe
  C:\Windows\System\heICCXC.exe
  2⤵
  PID:872
- C:\Windows\System\SPeAAVo.exe
  C:\Windows\System\SPeAAVo.exe
  2⤵
  PID:4224
- C:\Windows\System\zvoTldy.exe
  C:\Windows\System\zvoTldy.exe
  2⤵
  PID:4184
- C:\Windows\System\bptnWQo.exe
  C:\Windows\System\bptnWQo.exe
  2⤵
  PID:2580
- C:\Windows\System\DuCBmQT.exe
  C:\Windows\System\DuCBmQT.exe
  2⤵
  PID:3452
- C:\Windows\System\OZGCQOP.exe
  C:\Windows\System\OZGCQOP.exe
  2⤵
  PID:2812
- C:\Windows\System\foVGdwo.exe
  C:\Windows\System\foVGdwo.exe
  2⤵
  PID:2792
- C:\Windows\System\IOInTBp.exe
  C:\Windows\System\IOInTBp.exe
  2⤵
  PID:4840
- C:\Windows\System\wKeGEQE.exe
  C:\Windows\System\wKeGEQE.exe
  2⤵
  PID:4640
- C:\Windows\System\TfexJGk.exe
  C:\Windows\System\TfexJGk.exe
  2⤵
  PID:5024
- C:\Windows\System\eqIculK.exe
  C:\Windows\System\eqIculK.exe
  2⤵
  PID:2352
- C:\Windows\System\AyYtrrG.exe
  C:\Windows\System\AyYtrrG.exe
  2⤵
  PID:2984
- C:\Windows\System\gEGNZoS.exe
  C:\Windows\System\gEGNZoS.exe
  2⤵
  PID:3976
- C:\Windows\System\eAuhiaI.exe
  C:\Windows\System\eAuhiaI.exe
  2⤵
  PID:4156
- C:\Windows\System\SYdALCo.exe
  C:\Windows\System\SYdALCo.exe
  2⤵
  PID:2476
- C:\Windows\System\ssdJrqp.exe
  C:\Windows\System\ssdJrqp.exe
  2⤵
  PID:4292
- C:\Windows\System\fpvbZnX.exe
  C:\Windows\System\fpvbZnX.exe
  2⤵
  PID:2576
- C:\Windows\System\pMzWQKl.exe
  C:\Windows\System\pMzWQKl.exe
  2⤵
  PID:2876
- C:\Windows\System\fzBVrpo.exe
  C:\Windows\System\fzBVrpo.exe
  2⤵
  PID:4328
- C:\Windows\System\iYVXtMD.exe
  C:\Windows\System\iYVXtMD.exe
  2⤵
  PID:1332
- C:\Windows\System\lwkJFxr.exe
  C:\Windows\System\lwkJFxr.exe
  2⤵
  PID:1816
- C:\Windows\System\nVeQFBp.exe
  C:\Windows\System\nVeQFBp.exe
  2⤵
  PID:3676
- C:\Windows\System\Hlzepra.exe
  C:\Windows\System\Hlzepra.exe
  2⤵
  PID:1396
- C:\Windows\System\igAwubn.exe
  C:\Windows\System\igAwubn.exe
  2⤵
  PID:2500
- C:\Windows\System\AWfIvcF.exe
  C:\Windows\System\AWfIvcF.exe
  2⤵
  PID:288
- C:\Windows\System\oYMrnYf.exe
  C:\Windows\System\oYMrnYf.exe
  2⤵
  PID:1384
- C:\Windows\System\nHsHNHO.exe
  C:\Windows\System\nHsHNHO.exe
  2⤵
  PID:2300
- C:\Windows\System\GNkpaaG.exe
  C:\Windows\System\GNkpaaG.exe
  2⤵
  PID:5128
- C:\Windows\System\EcmUZpu.exe
  C:\Windows\System\EcmUZpu.exe
  2⤵
  PID:5144
- C:\Windows\System\XqcKFXB.exe
  C:\Windows\System\XqcKFXB.exe
  2⤵
  PID:5160
- C:\Windows\System\xPTvyHZ.exe
  C:\Windows\System\xPTvyHZ.exe
  2⤵
  PID:5176
- C:\Windows\System\NyAQAFM.exe
  C:\Windows\System\NyAQAFM.exe
  2⤵
  PID:5192
- C:\Windows\System\VGhqlgu.exe
  C:\Windows\System\VGhqlgu.exe
  2⤵
  PID:5208
- C:\Windows\System\WvRDBNl.exe
  C:\Windows\System\WvRDBNl.exe
  2⤵
  PID:5224
- C:\Windows\System\FwZWDsx.exe
  C:\Windows\System\FwZWDsx.exe
  2⤵
  PID:5244
- C:\Windows\System\gOGjlEU.exe
  C:\Windows\System\gOGjlEU.exe
  2⤵
  PID:5260
- C:\Windows\System\ODcOxeA.exe
  C:\Windows\System\ODcOxeA.exe
  2⤵
  PID:5276
- C:\Windows\System\jhpKsOv.exe
  C:\Windows\System\jhpKsOv.exe
  2⤵
  PID:5292
- C:\Windows\System\JyqWJNp.exe
  C:\Windows\System\JyqWJNp.exe
  2⤵
  PID:5308
- C:\Windows\System\zuzElVr.exe
  C:\Windows\System\zuzElVr.exe
  2⤵
  PID:5324
- C:\Windows\System\GtBUWjV.exe
  C:\Windows\System\GtBUWjV.exe
  2⤵
  PID:5340
- C:\Windows\System\NxvIQRK.exe
  C:\Windows\System\NxvIQRK.exe
  2⤵
  PID:5356
- C:\Windows\System\uDvhvPO.exe
  C:\Windows\System\uDvhvPO.exe
  2⤵
  PID:5372
- C:\Windows\System\zvCxZGI.exe
  C:\Windows\System\zvCxZGI.exe
  2⤵
  PID:5388
- C:\Windows\System\gIzddGn.exe
  C:\Windows\System\gIzddGn.exe
  2⤵
  PID:5404
- C:\Windows\System\mMztuiF.exe
  C:\Windows\System\mMztuiF.exe
  2⤵
  PID:5420
- C:\Windows\System\zkJMeWw.exe
  C:\Windows\System\zkJMeWw.exe
  2⤵
  PID:5436
- C:\Windows\System\ghZNhcb.exe
  C:\Windows\System\ghZNhcb.exe
  2⤵
  PID:5452
- C:\Windows\System\NbxEVIy.exe
  C:\Windows\System\NbxEVIy.exe
  2⤵
  PID:5468
- C:\Windows\System\NfYmdtI.exe
  C:\Windows\System\NfYmdtI.exe
  2⤵
  PID:5484
- C:\Windows\System\UOkAigr.exe
  C:\Windows\System\UOkAigr.exe
  2⤵
  PID:5500
- C:\Windows\System\mKrqpft.exe
  C:\Windows\System\mKrqpft.exe
  2⤵
  PID:5516
- C:\Windows\System\OcBSOHV.exe
  C:\Windows\System\OcBSOHV.exe
  2⤵
  PID:5532
- C:\Windows\System\jgLWHTF.exe
  C:\Windows\System\jgLWHTF.exe
  2⤵
  PID:5548
- C:\Windows\System\UPtrgyy.exe
  C:\Windows\System\UPtrgyy.exe
  2⤵
  PID:5564
- C:\Windows\System\ctLSuNm.exe
  C:\Windows\System\ctLSuNm.exe
  2⤵
  PID:5580
- C:\Windows\System\PmykFRQ.exe
  C:\Windows\System\PmykFRQ.exe
  2⤵
  PID:5596
- C:\Windows\System\suYPHeT.exe
  C:\Windows\System\suYPHeT.exe
  2⤵
  PID:5612
- C:\Windows\System\YFLErxw.exe
  C:\Windows\System\YFLErxw.exe
  2⤵
  PID:5628
- C:\Windows\System\oGwsngY.exe
  C:\Windows\System\oGwsngY.exe
  2⤵
  PID:5644
- C:\Windows\System\Fqxfxbi.exe
  C:\Windows\System\Fqxfxbi.exe
  2⤵
  PID:5660
- C:\Windows\System\bPrCcWl.exe
  C:\Windows\System\bPrCcWl.exe
  2⤵
  PID:5676
- C:\Windows\System\ylxSlzE.exe
  C:\Windows\System\ylxSlzE.exe
  2⤵
  PID:5692
- C:\Windows\System\zhziUDD.exe
  C:\Windows\System\zhziUDD.exe
  2⤵
  PID:5708
- C:\Windows\System\MSqXpkq.exe
  C:\Windows\System\MSqXpkq.exe
  2⤵
  PID:5724
- C:\Windows\System\HHYpRzr.exe
  C:\Windows\System\HHYpRzr.exe
  2⤵
  PID:5740
- C:\Windows\System\zuEzuwl.exe
  C:\Windows\System\zuEzuwl.exe
  2⤵
  PID:5760
- C:\Windows\System\FQZBmaY.exe
  C:\Windows\System\FQZBmaY.exe
  2⤵
  PID:5804
- C:\Windows\System\upxqPMP.exe
  C:\Windows\System\upxqPMP.exe
  2⤵
  PID:5820
- C:\Windows\System\TAJzxvb.exe
  C:\Windows\System\TAJzxvb.exe
  2⤵
  PID:5836
- C:\Windows\System\UwTFEPQ.exe
  C:\Windows\System\UwTFEPQ.exe
  2⤵
  PID:5852
- C:\Windows\System\SmFyKcp.exe
  C:\Windows\System\SmFyKcp.exe
  2⤵
  PID:5868
- C:\Windows\System\anoqZhp.exe
  C:\Windows\System\anoqZhp.exe
  2⤵
  PID:5884
- C:\Windows\System\RQUODTQ.exe
  C:\Windows\System\RQUODTQ.exe
  2⤵
  PID:5924
- C:\Windows\System\yBZMXKs.exe
  C:\Windows\System\yBZMXKs.exe
  2⤵
  PID:5940
- C:\Windows\System\pcUOAGZ.exe
  C:\Windows\System\pcUOAGZ.exe
  2⤵
  PID:5956
- C:\Windows\System\YbieXLR.exe
  C:\Windows\System\YbieXLR.exe
  2⤵
  PID:5972
- C:\Windows\System\OYtrEqm.exe
  C:\Windows\System\OYtrEqm.exe
  2⤵
  PID:5988
- C:\Windows\System\CtSCBfc.exe
  C:\Windows\System\CtSCBfc.exe
  2⤵
  PID:6004
- C:\Windows\System\IxaUBRm.exe
  C:\Windows\System\IxaUBRm.exe
  2⤵
  PID:6020
- C:\Windows\System\cHKAgDS.exe
  C:\Windows\System\cHKAgDS.exe
  2⤵
  PID:6036
- C:\Windows\System\cQqpDeT.exe
  C:\Windows\System\cQqpDeT.exe
  2⤵
  PID:6052
- C:\Windows\System\HHPUrKE.exe
  C:\Windows\System\HHPUrKE.exe
  2⤵
  PID:6068
- C:\Windows\System\IKmJyaW.exe
  C:\Windows\System\IKmJyaW.exe
  2⤵
  PID:6084
- C:\Windows\System\jSFaEos.exe
  C:\Windows\System\jSFaEos.exe
  2⤵
  PID:6100
- C:\Windows\System\oInjIjm.exe
  C:\Windows\System\oInjIjm.exe
  2⤵
  PID:6116
- C:\Windows\System\Buiowst.exe
  C:\Windows\System\Buiowst.exe
  2⤵
  PID:6132
- C:\Windows\System\IuiHCFX.exe
  C:\Windows\System\IuiHCFX.exe
  2⤵
  PID:2836
- C:\Windows\System\GqEKCvk.exe
  C:\Windows\System\GqEKCvk.exe
  2⤵
  PID:5184
- C:\Windows\System\BzPrXTI.exe
  C:\Windows\System\BzPrXTI.exe
  2⤵
  PID:1312
- C:\Windows\System\QscvePm.exe
  C:\Windows\System\QscvePm.exe
  2⤵
  PID:5216
- C:\Windows\System\IJTSQIQ.exe
  C:\Windows\System\IJTSQIQ.exe
  2⤵
  PID:5200
- C:\Windows\System\cpQUJbB.exe
  C:\Windows\System\cpQUJbB.exe
  2⤵
  PID:5256
- C:\Windows\System\cXRTKpc.exe
  C:\Windows\System\cXRTKpc.exe
  2⤵
  PID:5320
- C:\Windows\System\YiKxBHV.exe
  C:\Windows\System\YiKxBHV.exe
  2⤵
  PID:5232
- C:\Windows\System\vQaOols.exe
  C:\Windows\System\vQaOols.exe
  2⤵
  PID:5236
- C:\Windows\System\ieNyaRe.exe
  C:\Windows\System\ieNyaRe.exe
  2⤵
  PID:5268
- C:\Windows\System\pnKfSUI.exe
  C:\Windows\System\pnKfSUI.exe
  2⤵
  PID:5460
- C:\Windows\System\kwENcxB.exe
  C:\Windows\System\kwENcxB.exe
  2⤵
  PID:5512
- C:\Windows\System\WqSERUo.exe
  C:\Windows\System\WqSERUo.exe
  2⤵
  PID:5556
- C:\Windows\System\nmhaRDY.exe
  C:\Windows\System\nmhaRDY.exe
  2⤵
  PID:5636
- C:\Windows\System\yMKNTQz.exe
  C:\Windows\System\yMKNTQz.exe
  2⤵
  PID:5848
- C:\Windows\System\smvcfFY.exe
  C:\Windows\System\smvcfFY.exe
  2⤵
  PID:5864
- C:\Windows\System\KZhQNrd.exe
  C:\Windows\System\KZhQNrd.exe
  2⤵
  PID:5240
- C:\Windows\System\PEvwryz.exe
  C:\Windows\System\PEvwryz.exe
  2⤵
  PID:5920
- C:\Windows\System\QkCGPah.exe
  C:\Windows\System\QkCGPah.exe
  2⤵
  PID:5932
- C:\Windows\System\PUiGyYT.exe
  C:\Windows\System\PUiGyYT.exe
  2⤵
  PID:5984
- C:\Windows\System\VIvoJKm.exe
  C:\Windows\System\VIvoJKm.exe
  2⤵
  PID:6044
- C:\Windows\System\NGEDZoE.exe
  C:\Windows\System\NGEDZoE.exe
  2⤵
  PID:6060
- C:\Windows\System\aAiXtsH.exe
  C:\Windows\System\aAiXtsH.exe
  2⤵
  PID:6140
- C:\Windows\System\obLDpeK.exe
  C:\Windows\System\obLDpeK.exe
  2⤵
  PID:6000
- C:\Windows\System\yvRXgIR.exe
  C:\Windows\System\yvRXgIR.exe
  2⤵
  PID:6092
- C:\Windows\System\ApGDTVg.exe
  C:\Windows\System\ApGDTVg.exe
  2⤵
  PID:5140
- C:\Windows\System\Dwxkfpv.exe
  C:\Windows\System\Dwxkfpv.exe
  2⤵
  PID:5316
- C:\Windows\System\AULLLcl.exe
  C:\Windows\System\AULLLcl.exe
  2⤵
  PID:5156
- C:\Windows\System\vqFQHbG.exe
  C:\Windows\System\vqFQHbG.exe
  2⤵
  PID:5220
- C:\Windows\System\jqqqgMa.exe
  C:\Windows\System\jqqqgMa.exe
  2⤵
  PID:5396
- C:\Windows\System\mHCHYqh.exe
  C:\Windows\System\mHCHYqh.exe
  2⤵
  PID:5368
- C:\Windows\System\RtHHeUw.exe
  C:\Windows\System\RtHHeUw.exe
  2⤵
  PID:5448
- C:\Windows\System\qZqKIWA.exe
  C:\Windows\System\qZqKIWA.exe
  2⤵
  PID:5480
- C:\Windows\System\JeXyJaw.exe
  C:\Windows\System\JeXyJaw.exe
  2⤵
  PID:5572
- C:\Windows\System\mnhUNNK.exe
  C:\Windows\System\mnhUNNK.exe
  2⤵
  PID:5672
- C:\Windows\System\vZmWCNX.exe
  C:\Windows\System\vZmWCNX.exe
  2⤵
  PID:5704
- C:\Windows\System\MGdLLbx.exe
  C:\Windows\System\MGdLLbx.exe
  2⤵
  PID:5560
- C:\Windows\System\yygjywf.exe
  C:\Windows\System\yygjywf.exe
  2⤵
  PID:5624
- C:\Windows\System\fhgLWXR.exe
  C:\Windows\System\fhgLWXR.exe
  2⤵
  PID:5720
- C:\Windows\System\bOJUNyW.exe
  C:\Windows\System\bOJUNyW.exe
  2⤵
  PID:5788
- C:\Windows\System\LswrHUw.exe
  C:\Windows\System\LswrHUw.exe
  2⤵
  PID:5124
- C:\Windows\System\fJxtpCN.exe
  C:\Windows\System\fJxtpCN.exe
  2⤵
  PID:5912
- C:\Windows\System\drQnSjv.exe
  C:\Windows\System\drQnSjv.exe
  2⤵
  PID:5916
- C:\Windows\System\qXDKAoG.exe
  C:\Windows\System\qXDKAoG.exe
  2⤵
  PID:6112
- C:\Windows\System\HBumngF.exe
  C:\Windows\System\HBumngF.exe
  2⤵
  PID:6064
- C:\Windows\System\dUCUjmT.exe
  C:\Windows\System\dUCUjmT.exe
  2⤵
  PID:5288
- C:\Windows\System\bWgwexq.exe
  C:\Windows\System\bWgwexq.exe
  2⤵
  PID:5968
- C:\Windows\System\ZFjJNoL.exe
  C:\Windows\System\ZFjJNoL.exe
  2⤵
  PID:4940
- C:\Windows\System\lysbbZN.exe
  C:\Windows\System\lysbbZN.exe
  2⤵
  PID:5304
- C:\Windows\System\CYehSWs.exe
  C:\Windows\System\CYehSWs.exe
  2⤵
  PID:5400
- C:\Windows\System\MSkAUXN.exe
  C:\Windows\System\MSkAUXN.exe
  2⤵
  PID:5604
- C:\Windows\System\tGSkMTX.exe
  C:\Windows\System\tGSkMTX.exe
  2⤵
  PID:5524
- C:\Windows\System\McXWLtv.exe
  C:\Windows\System\McXWLtv.exe
  2⤵
  PID:5896
- C:\Windows\System\qAQklFQ.exe
  C:\Windows\System\qAQklFQ.exe
  2⤵
  PID:5496
- C:\Windows\System\VisQkqt.exe
  C:\Windows\System\VisQkqt.exe
  2⤵
  PID:5700
- C:\Windows\System\rGtydfP.exe
  C:\Windows\System\rGtydfP.exe
  2⤵
  PID:5716
- C:\Windows\System\gvhBHSX.exe
  C:\Windows\System\gvhBHSX.exe
  2⤵
  PID:5352
- C:\Windows\System\oxhdhEb.exe
  C:\Windows\System\oxhdhEb.exe
  2⤵
  PID:6016
- C:\Windows\System\dGOSIQK.exe
  C:\Windows\System\dGOSIQK.exe
  2⤵
  PID:4356
- C:\Windows\System\HqOKAEj.exe
  C:\Windows\System\HqOKAEj.exe
  2⤵
  PID:5432
- C:\Windows\System\sXwDxQb.exe
  C:\Windows\System\sXwDxQb.exe
  2⤵
  PID:5860
- C:\Windows\System\HJsFXGt.exe
  C:\Windows\System\HJsFXGt.exe
  2⤵
  PID:6032
- C:\Windows\System\EDYyrfJ.exe
  C:\Windows\System\EDYyrfJ.exe
  2⤵
  PID:5816
- C:\Windows\System\JNOPuvA.exe
  C:\Windows\System\JNOPuvA.exe
  2⤵
  PID:6128
- C:\Windows\System\idfPaxT.exe
  C:\Windows\System\idfPaxT.exe
  2⤵
  PID:5996
- C:\Windows\System\PkxAXKQ.exe
  C:\Windows\System\PkxAXKQ.exe
  2⤵
  PID:6148
- C:\Windows\System\PWFRdaV.exe
  C:\Windows\System\PWFRdaV.exe
  2⤵
  PID:6164
- C:\Windows\System\FnVOIsw.exe
  C:\Windows\System\FnVOIsw.exe
  2⤵
  PID:6180
- C:\Windows\System\Jozjmno.exe
  C:\Windows\System\Jozjmno.exe
  2⤵
  PID:6196
- C:\Windows\System\ZMAFUjQ.exe
  C:\Windows\System\ZMAFUjQ.exe
  2⤵
  PID:6212
- C:\Windows\System\XaHjpLJ.exe
  C:\Windows\System\XaHjpLJ.exe
  2⤵
  PID:6228
- C:\Windows\System\BhHwgdR.exe
  C:\Windows\System\BhHwgdR.exe
  2⤵
  PID:6244
- C:\Windows\System\BnuVGUN.exe
  C:\Windows\System\BnuVGUN.exe
  2⤵
  PID:6260
- C:\Windows\System\iAuNtHb.exe
  C:\Windows\System\iAuNtHb.exe
  2⤵
  PID:6276
- C:\Windows\System\uPlQiqU.exe
  C:\Windows\System\uPlQiqU.exe
  2⤵
  PID:6292
- C:\Windows\System\jLMgLfA.exe
  C:\Windows\System\jLMgLfA.exe
  2⤵
  PID:6312
- C:\Windows\System\PpPVzlf.exe
  C:\Windows\System\PpPVzlf.exe
  2⤵
  PID:6328
- C:\Windows\System\BWKAYuA.exe
  C:\Windows\System\BWKAYuA.exe
  2⤵
  PID:6344
- C:\Windows\System\wFcozyg.exe
  C:\Windows\System\wFcozyg.exe
  2⤵
  PID:6360
- C:\Windows\System\EozcwIA.exe
  C:\Windows\System\EozcwIA.exe
  2⤵
  PID:6376
- C:\Windows\System\qnpyMUj.exe
  C:\Windows\System\qnpyMUj.exe
  2⤵
  PID:6392
- C:\Windows\System\nOVbtSX.exe
  C:\Windows\System\nOVbtSX.exe
  2⤵
  PID:6408
- C:\Windows\System\fErxlBA.exe
  C:\Windows\System\fErxlBA.exe
  2⤵
  PID:6424
- C:\Windows\System\khcQqZJ.exe
  C:\Windows\System\khcQqZJ.exe
  2⤵
  PID:6440
- C:\Windows\System\uYsiqZn.exe
  C:\Windows\System\uYsiqZn.exe
  2⤵
  PID:6456
- C:\Windows\System\zdblYBl.exe
  C:\Windows\System\zdblYBl.exe
  2⤵
  PID:6472
- C:\Windows\System\YDpgpyc.exe
  C:\Windows\System\YDpgpyc.exe
  2⤵
  PID:6488
- C:\Windows\System\KbsPbes.exe
  C:\Windows\System\KbsPbes.exe
  2⤵
  PID:6504
- C:\Windows\System\BZrrZSe.exe
  C:\Windows\System\BZrrZSe.exe
  2⤵
  PID:6520
- C:\Windows\System\pCjymSQ.exe
  C:\Windows\System\pCjymSQ.exe
  2⤵
  PID:6536
- C:\Windows\System\qqVAkxx.exe
  C:\Windows\System\qqVAkxx.exe
  2⤵
  PID:6556
- C:\Windows\System\fgZVdsA.exe
  C:\Windows\System\fgZVdsA.exe
  2⤵
  PID:6572
- C:\Windows\System\zwWmHAI.exe
  C:\Windows\System\zwWmHAI.exe
  2⤵
  PID:6588
- C:\Windows\System\uZwgzXM.exe
  C:\Windows\System\uZwgzXM.exe
  2⤵
  PID:6604
- C:\Windows\System\HUlQexv.exe
  C:\Windows\System\HUlQexv.exe
  2⤵
  PID:6620
- C:\Windows\System\QrzJkcT.exe
  C:\Windows\System\QrzJkcT.exe
  2⤵
  PID:6636
- C:\Windows\System\JyUTJtO.exe
  C:\Windows\System\JyUTJtO.exe
  2⤵
  PID:6652
- C:\Windows\System\WGEoOUZ.exe
  C:\Windows\System\WGEoOUZ.exe
  2⤵
  PID:6668
- C:\Windows\System\RVDXFnh.exe
  C:\Windows\System\RVDXFnh.exe
  2⤵
  PID:6684
- C:\Windows\System\pIJbqGY.exe
  C:\Windows\System\pIJbqGY.exe
  2⤵
  PID:6700
- C:\Windows\System\vkPaEuQ.exe
  C:\Windows\System\vkPaEuQ.exe
  2⤵
  PID:6716
- C:\Windows\System\bbxqrUU.exe
  C:\Windows\System\bbxqrUU.exe
  2⤵
  PID:6732
- C:\Windows\System\uaeXpHz.exe
  C:\Windows\System\uaeXpHz.exe
  2⤵
  PID:6748
- C:\Windows\System\MMPQFko.exe
  C:\Windows\System\MMPQFko.exe
  2⤵
  PID:6764
- C:\Windows\System\gzHNRsk.exe
  C:\Windows\System\gzHNRsk.exe
  2⤵
  PID:6780
- C:\Windows\System\EzIxuwZ.exe
  C:\Windows\System\EzIxuwZ.exe
  2⤵
  PID:6796
- C:\Windows\System\sIyDGmb.exe
  C:\Windows\System\sIyDGmb.exe
  2⤵
  PID:6812
- C:\Windows\System\kHTZLMa.exe
  C:\Windows\System\kHTZLMa.exe
  2⤵
  PID:6828
- C:\Windows\System\kBSqKjp.exe
  C:\Windows\System\kBSqKjp.exe
  2⤵
  PID:6844
- C:\Windows\System\lwFMJrf.exe
  C:\Windows\System\lwFMJrf.exe
  2⤵
  PID:6860
- C:\Windows\System\jHwRFQG.exe
  C:\Windows\System\jHwRFQG.exe
  2⤵
  PID:6880
- C:\Windows\System\QTmECUr.exe
  C:\Windows\System\QTmECUr.exe
  2⤵
  PID:6896
- C:\Windows\System\aPRtkNG.exe
  C:\Windows\System\aPRtkNG.exe
  2⤵
  PID:6912
- C:\Windows\System\hDQokcl.exe
  C:\Windows\System\hDQokcl.exe
  2⤵
  PID:6928
- C:\Windows\System\QwyQAVW.exe
  C:\Windows\System\QwyQAVW.exe
  2⤵
  PID:6944
- C:\Windows\System\LBKjLtJ.exe
  C:\Windows\System\LBKjLtJ.exe
  2⤵
  PID:6960
- C:\Windows\System\TLiTCez.exe
  C:\Windows\System\TLiTCez.exe
  2⤵
  PID:6976
- C:\Windows\System\VNpbtpr.exe
  C:\Windows\System\VNpbtpr.exe
  2⤵
  PID:6992
- C:\Windows\System\fqjiQzX.exe
  C:\Windows\System\fqjiQzX.exe
  2⤵
  PID:7008
- C:\Windows\System\iUzvRWk.exe
  C:\Windows\System\iUzvRWk.exe
  2⤵
  PID:7024
- C:\Windows\System\JpqQkVp.exe
  C:\Windows\System\JpqQkVp.exe
  2⤵
  PID:7040
- C:\Windows\System\zpsSCSS.exe
  C:\Windows\System\zpsSCSS.exe
  2⤵
  PID:7056
- C:\Windows\System\KIlpVYd.exe
  C:\Windows\System\KIlpVYd.exe
  2⤵
  PID:7072
- C:\Windows\System\Vwhbuag.exe
  C:\Windows\System\Vwhbuag.exe
  2⤵
  PID:7088
- C:\Windows\System\wfNUFDX.exe
  C:\Windows\System\wfNUFDX.exe
  2⤵
  PID:7104
- C:\Windows\System\ssymwDb.exe
  C:\Windows\System\ssymwDb.exe
  2⤵
  PID:7120
- C:\Windows\System\zYFsoKe.exe
  C:\Windows\System\zYFsoKe.exe
  2⤵
  PID:7136
- C:\Windows\System\yMtnzoe.exe
  C:\Windows\System\yMtnzoe.exe
  2⤵
  PID:7152
- C:\Windows\System\egqNMjM.exe
  C:\Windows\System\egqNMjM.exe
  2⤵
  PID:6156
- C:\Windows\System\UtiKUbH.exe
  C:\Windows\System\UtiKUbH.exe
  2⤵
  PID:5528
- C:\Windows\System\TDMdbXi.exe
  C:\Windows\System\TDMdbXi.exe
  2⤵
  PID:6176
- C:\Windows\System\xJWNKJM.exe
  C:\Windows\System\xJWNKJM.exe
  2⤵
  PID:6188
- C:\Windows\System\NqKrmjC.exe
  C:\Windows\System\NqKrmjC.exe
  2⤵
  PID:6236
- C:\Windows\System\rfDcmar.exe
  C:\Windows\System\rfDcmar.exe
  2⤵
  PID:6284
- C:\Windows\System\OcyPdmY.exe
  C:\Windows\System\OcyPdmY.exe
  2⤵
  PID:6544
- C:\Windows\System\bxGNdvl.exe
  C:\Windows\System\bxGNdvl.exe
  2⤵
  PID:6600
- C:\Windows\System\NDfKcVV.exe
  C:\Windows\System\NDfKcVV.exe
  2⤵
  PID:6644
- C:\Windows\System\JZDnwen.exe
  C:\Windows\System\JZDnwen.exe
  2⤵
  PID:6660
- C:\Windows\System\oYyUyqU.exe
  C:\Windows\System\oYyUyqU.exe
  2⤵
  PID:6724
- C:\Windows\System\UMvvqNY.exe
  C:\Windows\System\UMvvqNY.exe
  2⤵
  PID:6868
- C:\Windows\System\sSXCbWU.exe
  C:\Windows\System\sSXCbWU.exe
  2⤵
  PID:6792
- C:\Windows\System\kDAHWJx.exe
  C:\Windows\System\kDAHWJx.exe
  2⤵
  PID:6852
- C:\Windows\System\sABnQps.exe
  C:\Windows\System\sABnQps.exe
  2⤵
  PID:6892
- C:\Windows\System\VqUdYdI.exe
  C:\Windows\System\VqUdYdI.exe
  2⤵
  PID:6940
- C:\Windows\System\PbYxHPN.exe
  C:\Windows\System\PbYxHPN.exe
  2⤵
  PID:6952
- C:\Windows\System\KrrSEat.exe
  C:\Windows\System\KrrSEat.exe
  2⤵
  PID:1904
- C:\Windows\System\QUKWHHn.exe
  C:\Windows\System\QUKWHHn.exe
  2⤵
  PID:1400
- C:\Windows\System\XrLoTvW.exe
  C:\Windows\System\XrLoTvW.exe
  2⤵
  PID:524
- C:\Windows\System\SKJkUGK.exe
  C:\Windows\System\SKJkUGK.exe
  2⤵
  PID:2132
- C:\Windows\System\HYRGWcu.exe
  C:\Windows\System\HYRGWcu.exe
  2⤵
  PID:7064
- C:\Windows\System\Odoxmhm.exe
  C:\Windows\System\Odoxmhm.exe
  2⤵
  PID:7100
- C:\Windows\System\NPaxUzC.exe
  C:\Windows\System\NPaxUzC.exe
  2⤵
  PID:1668
- C:\Windows\System\lXzAtzT.exe
  C:\Windows\System\lXzAtzT.exe
  2⤵
  PID:7084
- C:\Windows\System\eOAJaIW.exe
  C:\Windows\System\eOAJaIW.exe
  2⤵
  PID:7116
- C:\Windows\System\CgLRkGA.exe
  C:\Windows\System\CgLRkGA.exe
  2⤵
  PID:5844
- C:\Windows\System\dzIeQoy.exe
  C:\Windows\System\dzIeQoy.exe
  2⤵
  PID:6192
- C:\Windows\System\yVkrzVo.exe
  C:\Windows\System\yVkrzVo.exe
  2⤵
  PID:6256
- C:\Windows\System\RppgINx.exe
  C:\Windows\System\RppgINx.exe
  2⤵
  PID:6308
- C:\Windows\System\IxtsWJT.exe
  C:\Windows\System\IxtsWJT.exe
  2⤵
  PID:6268
- C:\Windows\System\baphhbm.exe
  C:\Windows\System\baphhbm.exe
  2⤵
  PID:6336
- C:\Windows\System\pfsupfw.exe
  C:\Windows\System\pfsupfw.exe
  2⤵
  PID:6388
- C:\Windows\System\KcJuxfx.exe
  C:\Windows\System\KcJuxfx.exe
  2⤵
  PID:6464
- C:\Windows\System\ZIszgzM.exe
  C:\Windows\System\ZIszgzM.exe
  2⤵
  PID:6404
- C:\Windows\System\nuAwMkg.exe
  C:\Windows\System\nuAwMkg.exe
  2⤵
  PID:6528
- C:\Windows\System\YhEQjJS.exe
  C:\Windows\System\YhEQjJS.exe
  2⤵
  PID:6356
- C:\Windows\System\qYYdrGJ.exe
  C:\Windows\System\qYYdrGJ.exe
  2⤵
  PID:6696
- C:\Windows\System\gBdLBFg.exe
  C:\Windows\System\gBdLBFg.exe
  2⤵
  PID:6692
- C:\Windows\System\ymjCUJG.exe
  C:\Windows\System\ymjCUJG.exe
  2⤵
  PID:6584
- C:\Windows\System\zToRyfJ.exe
  C:\Windows\System\zToRyfJ.exe
  2⤵
  PID:6708
- C:\Windows\System\YTDacjU.exe
  C:\Windows\System\YTDacjU.exe
  2⤵
  PID:6728
- C:\Windows\System\hJKdlvP.exe
  C:\Windows\System\hJKdlvP.exe
  2⤵
  PID:6888
- C:\Windows\System\VyebYoD.exe
  C:\Windows\System\VyebYoD.exe
  2⤵
  PID:6824
- C:\Windows\System\wUrHauT.exe
  C:\Windows\System\wUrHauT.exe
  2⤵
  PID:7032
- C:\Windows\System\XxiWbzw.exe
  C:\Windows\System\XxiWbzw.exe
  2⤵
  PID:836
- C:\Windows\System\ZeLdMzR.exe
  C:\Windows\System\ZeLdMzR.exe
  2⤵
  PID:2160
- C:\Windows\System\zZOQdLT.exe
  C:\Windows\System\zZOQdLT.exe
  2⤵
  PID:7016
- C:\Windows\System\MpBisYO.exe
  C:\Windows\System\MpBisYO.exe
  2⤵
  PID:6252
- C:\Windows\System\QtaTYbE.exe
  C:\Windows\System\QtaTYbE.exe
  2⤵
  PID:6352
- C:\Windows\System\KOvmHis.exe
  C:\Windows\System\KOvmHis.exe
  2⤵
  PID:6484
- C:\Windows\System\QzrJGIx.exe
  C:\Windows\System\QzrJGIx.exe
  2⤵
  PID:6304
- C:\Windows\System\kxSrLjh.exe
  C:\Windows\System\kxSrLjh.exe
  2⤵
  PID:6616
- C:\Windows\System\ZKkdtPT.exe
  C:\Windows\System\ZKkdtPT.exe
  2⤵
  PID:6552
- C:\Windows\System\YBWjmpy.exe
  C:\Windows\System\YBWjmpy.exe
  2⤵
  PID:6872
- C:\Windows\System\WPCWELM.exe
  C:\Windows\System\WPCWELM.exe
  2⤵
  PID:6516
- C:\Windows\System\Mougcce.exe
  C:\Windows\System\Mougcce.exe
  2⤵
  PID:6840
- C:\Windows\System\FcPGRYT.exe
  C:\Windows\System\FcPGRYT.exe
  2⤵
  PID:6820
- C:\Windows\System\BqCtBHg.exe
  C:\Windows\System\BqCtBHg.exe
  2⤵
  PID:7068
- C:\Windows\System\DMLduFn.exe
  C:\Windows\System\DMLduFn.exe
  2⤵
  PID:6300
- C:\Windows\System\Ldruybw.exe
  C:\Windows\System\Ldruybw.exe
  2⤵
  PID:6160
- C:\Windows\System\xouoZOQ.exe
  C:\Windows\System\xouoZOQ.exe
  2⤵
  PID:6776
- C:\Windows\System\eXvqSTV.exe
  C:\Windows\System\eXvqSTV.exe
  2⤵
  PID:6400
- C:\Windows\System\gjaSAkB.exe
  C:\Windows\System\gjaSAkB.exe
  2⤵
  PID:2068
- C:\Windows\System\XAjJGBo.exe
  C:\Windows\System\XAjJGBo.exe
  2⤵
  PID:6972
- C:\Windows\System\rsbkrYI.exe
  C:\Windows\System\rsbkrYI.exe
  2⤵
  PID:6984
- C:\Windows\System\PciaMHz.exe
  C:\Windows\System\PciaMHz.exe
  2⤵
  PID:6680
- C:\Windows\System\ECnvqqT.exe
  C:\Windows\System\ECnvqqT.exe
  2⤵
  PID:6372
- C:\Windows\System\luCrfXP.exe
  C:\Windows\System\luCrfXP.exe
  2⤵
  PID:6836
- C:\Windows\System\jPnpELG.exe
  C:\Windows\System\jPnpELG.exe
  2⤵
  PID:6436
- C:\Windows\System\UBgbemN.exe
  C:\Windows\System\UBgbemN.exe
  2⤵
  PID:7180
- C:\Windows\System\CCHzCSt.exe
  C:\Windows\System\CCHzCSt.exe
  2⤵
  PID:7196
- C:\Windows\System\SXrxFNW.exe
  C:\Windows\System\SXrxFNW.exe
  2⤵
  PID:7212
- C:\Windows\System\TBQRxFx.exe
  C:\Windows\System\TBQRxFx.exe
  2⤵
  PID:7228
- C:\Windows\System\LaWQMVE.exe
  C:\Windows\System\LaWQMVE.exe
  2⤵
  PID:7244
- C:\Windows\System\BwrNDEj.exe
  C:\Windows\System\BwrNDEj.exe
  2⤵
  PID:7264
- C:\Windows\System\DakyfMz.exe
  C:\Windows\System\DakyfMz.exe
  2⤵
  PID:7280
- C:\Windows\System\sYIHseh.exe
  C:\Windows\System\sYIHseh.exe
  2⤵
  PID:7296
- C:\Windows\System\BHCROVS.exe
  C:\Windows\System\BHCROVS.exe
  2⤵
  PID:7312
- C:\Windows\System\ztYMXlw.exe
  C:\Windows\System\ztYMXlw.exe
  2⤵
  PID:7328
- C:\Windows\System\VfcWkNo.exe
  C:\Windows\System\VfcWkNo.exe
  2⤵
  PID:7344
- C:\Windows\System\wKdIgLB.exe
  C:\Windows\System\wKdIgLB.exe
  2⤵
  PID:7360
- C:\Windows\System\qOQlwDP.exe
  C:\Windows\System\qOQlwDP.exe
  2⤵
  PID:7376
- C:\Windows\System\iFmpxqp.exe
  C:\Windows\System\iFmpxqp.exe
  2⤵
  PID:7392
- C:\Windows\System\pPLCvXD.exe
  C:\Windows\System\pPLCvXD.exe
  2⤵
  PID:7408
- C:\Windows\System\DQlYjSg.exe
  C:\Windows\System\DQlYjSg.exe
  2⤵
  PID:7424
- C:\Windows\System\GuzWkdr.exe
  C:\Windows\System\GuzWkdr.exe
  2⤵
  PID:7440
- C:\Windows\System\FMTdAcA.exe
  C:\Windows\System\FMTdAcA.exe
  2⤵
  PID:7456
- C:\Windows\System\eDuHBbd.exe
  C:\Windows\System\eDuHBbd.exe
  2⤵
  PID:7472
- C:\Windows\System\iAZLfaK.exe
  C:\Windows\System\iAZLfaK.exe
  2⤵
  PID:7488
- C:\Windows\System\zDGQfzj.exe
  C:\Windows\System\zDGQfzj.exe
  2⤵
  PID:7504
- C:\Windows\System\qAXTshW.exe
  C:\Windows\System\qAXTshW.exe
  2⤵
  PID:7520
- C:\Windows\System\FkugtTb.exe
  C:\Windows\System\FkugtTb.exe
  2⤵
  PID:7536
- C:\Windows\System\JpcRsWT.exe
  C:\Windows\System\JpcRsWT.exe
  2⤵
  PID:7552
- C:\Windows\System\cMgQqyR.exe
  C:\Windows\System\cMgQqyR.exe
  2⤵
  PID:7568
- C:\Windows\System\UyhmVZJ.exe
  C:\Windows\System\UyhmVZJ.exe
  2⤵
  PID:7584
- C:\Windows\System\vpCmQAn.exe
  C:\Windows\System\vpCmQAn.exe
  2⤵
  PID:7604
- C:\Windows\System\kJDUwmL.exe
  C:\Windows\System\kJDUwmL.exe
  2⤵
  PID:7620
- C:\Windows\System\uDTFnKf.exe
  C:\Windows\System\uDTFnKf.exe
  2⤵
  PID:7636
- C:\Windows\System\PGbMuOF.exe
  C:\Windows\System\PGbMuOF.exe
  2⤵
  PID:7652
- C:\Windows\System\ZNOByWG.exe
  C:\Windows\System\ZNOByWG.exe
  2⤵
  PID:7668
- C:\Windows\System\iGGrqiS.exe
  C:\Windows\System\iGGrqiS.exe
  2⤵
  PID:7684
- C:\Windows\System\OPLrXTi.exe
  C:\Windows\System\OPLrXTi.exe
  2⤵
  PID:7700
- C:\Windows\System\SldFWIg.exe
  C:\Windows\System\SldFWIg.exe
  2⤵
  PID:7716
- C:\Windows\System\KfbGLQJ.exe
  C:\Windows\System\KfbGLQJ.exe
  2⤵
  PID:7732
- C:\Windows\System\sKqOfTh.exe
  C:\Windows\System\sKqOfTh.exe
  2⤵
  PID:7748
- C:\Windows\System\GXtJDEf.exe
  C:\Windows\System\GXtJDEf.exe
  2⤵
  PID:7764
- C:\Windows\System\NXyxRmL.exe
  C:\Windows\System\NXyxRmL.exe
  2⤵
  PID:7780
- C:\Windows\System\jJUzOjb.exe
  C:\Windows\System\jJUzOjb.exe
  2⤵
  PID:7800
- C:\Windows\System\SGJmUpt.exe
  C:\Windows\System\SGJmUpt.exe
  2⤵
  PID:7816
- C:\Windows\System\ffzBNLO.exe
  C:\Windows\System\ffzBNLO.exe
  2⤵
  PID:7836
- C:\Windows\System\UUppcgf.exe
  C:\Windows\System\UUppcgf.exe
  2⤵
  PID:7852
- C:\Windows\System\mfuHDRm.exe
  C:\Windows\System\mfuHDRm.exe
  2⤵
  PID:7868
- C:\Windows\System\ypBJZzF.exe
  C:\Windows\System\ypBJZzF.exe
  2⤵
  PID:7884
- C:\Windows\System\gehChmN.exe
  C:\Windows\System\gehChmN.exe
  2⤵
  PID:7900
- C:\Windows\System\AwIrjTr.exe
  C:\Windows\System\AwIrjTr.exe
  2⤵
  PID:7916
- C:\Windows\System\ZZVKMYF.exe
  C:\Windows\System\ZZVKMYF.exe
  2⤵
  PID:7936
- C:\Windows\System\qkNgIpe.exe
  C:\Windows\System\qkNgIpe.exe
  2⤵
  PID:7952
- C:\Windows\System\QfiTRXQ.exe
  C:\Windows\System\QfiTRXQ.exe
  2⤵
  PID:7972
- C:\Windows\System\SysKemA.exe
  C:\Windows\System\SysKemA.exe
  2⤵
  PID:7988
- C:\Windows\System\HEfSApQ.exe
  C:\Windows\System\HEfSApQ.exe
  2⤵
  PID:8004
- C:\Windows\System\jNOaUDj.exe
  C:\Windows\System\jNOaUDj.exe
  2⤵
  PID:8020
- C:\Windows\System\VVFTYBf.exe
  C:\Windows\System\VVFTYBf.exe
  2⤵
  PID:8036
- C:\Windows\System\cLSSHpw.exe
  C:\Windows\System\cLSSHpw.exe
  2⤵
  PID:8052
- C:\Windows\System\hGdqgXs.exe
  C:\Windows\System\hGdqgXs.exe
  2⤵
  PID:8068
- C:\Windows\System\gBYYlQu.exe
  C:\Windows\System\gBYYlQu.exe
  2⤵
  PID:8084
- C:\Windows\System\jSMAeYr.exe
  C:\Windows\System\jSMAeYr.exe
  2⤵
  PID:8100
- C:\Windows\System\HvySHXw.exe
  C:\Windows\System\HvySHXw.exe
  2⤵
  PID:8116
- C:\Windows\System\lUqmnlY.exe
  C:\Windows\System\lUqmnlY.exe
  2⤵
  PID:8132
- C:\Windows\System\iCttvRK.exe
  C:\Windows\System\iCttvRK.exe
  2⤵
  PID:8148
- C:\Windows\System\dtqBYpc.exe
  C:\Windows\System\dtqBYpc.exe
  2⤵
  PID:8164
- C:\Windows\System\qaQWItf.exe
  C:\Windows\System\qaQWItf.exe
  2⤵
  PID:8180
- C:\Windows\System\TZpXtHq.exe
  C:\Windows\System\TZpXtHq.exe
  2⤵
  PID:7172
- C:\Windows\System\nzBfcjq.exe
  C:\Windows\System\nzBfcjq.exe
  2⤵
  PID:7208
- C:\Windows\System\tMyHcrF.exe
  C:\Windows\System\tMyHcrF.exe
  2⤵
  PID:7240
- C:\Windows\System\OgCjqNJ.exe
  C:\Windows\System\OgCjqNJ.exe
  2⤵
  PID:7308
- C:\Windows\System\cEaxRwD.exe
  C:\Windows\System\cEaxRwD.exe
  2⤵
  PID:6648
- C:\Windows\System\APtrnBx.exe
  C:\Windows\System\APtrnBx.exe
  2⤵
  PID:7224
- C:\Windows\System\zwzeSjQ.exe
  C:\Windows\System\zwzeSjQ.exe
  2⤵
  PID:7352
- C:\Windows\System\cnXPZMP.exe
  C:\Windows\System\cnXPZMP.exe
  2⤵
  PID:7260
- C:\Windows\System\KNZFICE.exe
  C:\Windows\System\KNZFICE.exe
  2⤵
  PID:7436
- C:\Windows\System\ppiiZxO.exe
  C:\Windows\System\ppiiZxO.exe
  2⤵
  PID:7528
- C:\Windows\System\UQcWupq.exe
  C:\Windows\System\UQcWupq.exe
  2⤵
  PID:7560
- C:\Windows\System\PcSsFvI.exe
  C:\Windows\System\PcSsFvI.exe
  2⤵
  PID:7388
- C:\Windows\System\MHjttSm.exe
  C:\Windows\System\MHjttSm.exe
  2⤵
  PID:7512
- C:\Windows\System\ZrgeuFA.exe
  C:\Windows\System\ZrgeuFA.exe
  2⤵
  PID:7448
- C:\Windows\System\FnvRfym.exe
  C:\Windows\System\FnvRfym.exe
  2⤵
  PID:7644
- C:\Windows\System\gJKRomm.exe
  C:\Windows\System\gJKRomm.exe
  2⤵
  PID:7580
- C:\Windows\System\DrRorlz.exe
  C:\Windows\System\DrRorlz.exe
  2⤵
  PID:7692
- C:\Windows\System\xkTUPnh.exe
  C:\Windows\System\xkTUPnh.exe
  2⤵
  PID:7728
- C:\Windows\System\iFiSnyG.exe
  C:\Windows\System\iFiSnyG.exe
  2⤵
  PID:7796
- C:\Windows\System\aSyqYLj.exe
  C:\Windows\System\aSyqYLj.exe
  2⤵
  PID:7680
- C:\Windows\System\YDOUYpj.exe
  C:\Windows\System\YDOUYpj.exe
  2⤵
  PID:7772
- C:\Windows\System\FRSddRB.exe
  C:\Windows\System\FRSddRB.exe
  2⤵
  PID:7828
- C:\Windows\System\JeMpGOi.exe
  C:\Windows\System\JeMpGOi.exe
  2⤵
  PID:7844
- C:\Windows\System\LNmYVTk.exe
  C:\Windows\System\LNmYVTk.exe
  2⤵
  PID:7924
- C:\Windows\System\GLYlfiw.exe
  C:\Windows\System\GLYlfiw.exe
  2⤵
  PID:7912
- C:\Windows\System\vKNTvtV.exe
  C:\Windows\System\vKNTvtV.exe
  2⤵
  PID:7964
- C:\Windows\System\TNAbcQy.exe
  C:\Windows\System\TNAbcQy.exe
  2⤵
  PID:8000
- C:\Windows\System\RCjdIBw.exe
  C:\Windows\System\RCjdIBw.exe
  2⤵
  PID:8064
- C:\Windows\System\VsSoaDd.exe
  C:\Windows\System\VsSoaDd.exe
  2⤵
  PID:8096
- C:\Windows\System\rQApZSL.exe
  C:\Windows\System\rQApZSL.exe
  2⤵
  PID:8124
- C:\Windows\System\ULUFcgP.exe
  C:\Windows\System\ULUFcgP.exe
  2⤵
  PID:8156
- C:\Windows\System\zRikiYB.exe
  C:\Windows\System\zRikiYB.exe
  2⤵
  PID:7128
- C:\Windows\System\yPIjTDX.exe
  C:\Windows\System\yPIjTDX.exe
  2⤵
  PID:8144
- C:\Windows\System\nVVyECw.exe
  C:\Windows\System\nVVyECw.exe
  2⤵
  PID:8176
- C:\Windows\System\eUVSNlu.exe
  C:\Windows\System\eUVSNlu.exe
  2⤵
  PID:7272
- C:\Windows\System\yJxNIBT.exe
  C:\Windows\System\yJxNIBT.exe
  2⤵
  PID:7256
- C:\Windows\System\yUItiAO.exe
  C:\Windows\System\yUItiAO.exe
  2⤵
  PID:7192
- C:\Windows\System\rjuSMvE.exe
  C:\Windows\System\rjuSMvE.exe
  2⤵
  PID:7292
- C:\Windows\System\paFaYuf.exe
  C:\Windows\System\paFaYuf.exe
  2⤵
  PID:7532
- C:\Windows\System\YzKrIwg.exe
  C:\Windows\System\YzKrIwg.exe
  2⤵
  PID:7632
- C:\Windows\System\tBVKwTe.exe
  C:\Windows\System\tBVKwTe.exe
  2⤵
  PID:7500
- C:\Windows\System\uoDPhiB.exe
  C:\Windows\System\uoDPhiB.exe
  2⤵
  PID:7416
- C:\Windows\System\roucnDR.exe
  C:\Windows\System\roucnDR.exe
  2⤵
  PID:7712
- C:\Windows\System\ecaEmcz.exe
  C:\Windows\System\ecaEmcz.exe
  2⤵
  PID:7824
- C:\Windows\System\iaKjlBv.exe
  C:\Windows\System\iaKjlBv.exe
  2⤵
  PID:7740
- C:\Windows\System\HEbXTvR.exe
  C:\Windows\System\HEbXTvR.exe
  2⤵
  PID:7812
- C:\Windows\System\Lydbfoa.exe
  C:\Windows\System\Lydbfoa.exe
  2⤵
  PID:7876
- C:\Windows\System\EouJVzL.exe
  C:\Windows\System\EouJVzL.exe
  2⤵
  PID:7892
- C:\Windows\System\tExyfqL.exe
  C:\Windows\System\tExyfqL.exe
  2⤵
  PID:2728
- C:\Windows\System\sXowJdi.exe
  C:\Windows\System\sXowJdi.exe
  2⤵
  PID:4936
- C:\Windows\System\gvVbcmA.exe
  C:\Windows\System\gvVbcmA.exe
  2⤵
  PID:8188
- C:\Windows\System\YekxTto.exe
  C:\Windows\System\YekxTto.exe
  2⤵
  PID:8172
- C:\Windows\System\MMXVyIW.exe
  C:\Windows\System\MMXVyIW.exe
  2⤵
  PID:7404
- C:\Windows\System\HmNulSY.exe
  C:\Windows\System\HmNulSY.exe
  2⤵
  PID:7564
- C:\Windows\System\WNajiOa.exe
  C:\Windows\System\WNajiOa.exe
  2⤵
  PID:7220
- C:\Windows\System\kJZKgtf.exe
  C:\Windows\System\kJZKgtf.exe
  2⤵
  PID:7756
- C:\Windows\System\aSHPbgC.exe
  C:\Windows\System\aSHPbgC.exe
  2⤵
  PID:7544
- C:\Windows\System\tmQOMhQ.exe
  C:\Windows\System\tmQOMhQ.exe
  2⤵
  PID:8160
- C:\Windows\System\Ebuqqxy.exe
  C:\Windows\System\Ebuqqxy.exe
  2⤵
  PID:8044
- C:\Windows\System\jQvDGFY.exe
  C:\Windows\System\jQvDGFY.exe
  2⤵
  PID:7948
- C:\Windows\System\UVTpvzJ.exe
  C:\Windows\System\UVTpvzJ.exe
  2⤵
  PID:7864
- C:\Windows\System\rLiOUTH.exe
  C:\Windows\System\rLiOUTH.exe
  2⤵
  PID:8012
- C:\Windows\System\wLQRHGO.exe
  C:\Windows\System\wLQRHGO.exe
  2⤵
  PID:6420
- C:\Windows\System\HIJLukW.exe
  C:\Windows\System\HIJLukW.exe
  2⤵
  PID:8316
- C:\Windows\System\ZLNSosi.exe
  C:\Windows\System\ZLNSosi.exe
  2⤵
  PID:8364
- C:\Windows\System\kUCHQKl.exe
  C:\Windows\System\kUCHQKl.exe
  2⤵
  PID:8388
- C:\Windows\System\xWlKvgS.exe
  C:\Windows\System\xWlKvgS.exe
  2⤵
  PID:8464
- C:\Windows\System\nynwgie.exe
  C:\Windows\System\nynwgie.exe
  2⤵
  PID:8516
- C:\Windows\System\TRaDEJY.exe
  C:\Windows\System\TRaDEJY.exe
  2⤵
  PID:8532
- C:\Windows\System\gDHdOdX.exe
  C:\Windows\System\gDHdOdX.exe
  2⤵
  PID:8548
- C:\Windows\System\ADrajbk.exe
  C:\Windows\System\ADrajbk.exe
  2⤵
  PID:8564
- C:\Windows\System\DAbtcsS.exe
  C:\Windows\System\DAbtcsS.exe
  2⤵
  PID:8580
- C:\Windows\System\QGehTVY.exe
  C:\Windows\System\QGehTVY.exe
  2⤵
  PID:8596
- C:\Windows\System\XMzBwvn.exe
  C:\Windows\System\XMzBwvn.exe
  2⤵
  PID:8612
- C:\Windows\System\KPmsuio.exe
  C:\Windows\System\KPmsuio.exe
  2⤵
  PID:8628
- C:\Windows\System\LcFWrxQ.exe
  C:\Windows\System\LcFWrxQ.exe
  2⤵
  PID:8644
- C:\Windows\System\YlzNJpV.exe
  C:\Windows\System\YlzNJpV.exe
  2⤵
  PID:8660
- C:\Windows\System\mATIsrU.exe
  C:\Windows\System\mATIsrU.exe
  2⤵
  PID:8676
- C:\Windows\System\VWcLOIi.exe
  C:\Windows\System\VWcLOIi.exe
  2⤵
  PID:8692
- C:\Windows\System\IANRFee.exe
  C:\Windows\System\IANRFee.exe
  2⤵
  PID:8924
- C:\Windows\System\Nlftozk.exe
  C:\Windows\System\Nlftozk.exe
  2⤵
  PID:8952
- C:\Windows\System\QdvVPir.exe
  C:\Windows\System\QdvVPir.exe
  2⤵
  PID:9048
- C:\Windows\System\FauagHL.exe
  C:\Windows\System\FauagHL.exe
  2⤵
  PID:9064
- C:\Windows\System\NsKFnlJ.exe
  C:\Windows\System\NsKFnlJ.exe
  2⤵
  PID:9084
- C:\Windows\System\bbJuuqp.exe
  C:\Windows\System\bbJuuqp.exe
  2⤵
  PID:9100
- C:\Windows\System\nMzSIpp.exe
  C:\Windows\System\nMzSIpp.exe
  2⤵
  PID:9116
- C:\Windows\System\disfnMO.exe
  C:\Windows\System\disfnMO.exe
  2⤵
  PID:9148
- C:\Windows\System\eDtYoNF.exe
  C:\Windows\System\eDtYoNF.exe
  2⤵
  PID:9168
- C:\Windows\System\DvCpXBH.exe
  C:\Windows\System\DvCpXBH.exe
  2⤵
  PID:9184
- C:\Windows\System\CAEEmzv.exe
  C:\Windows\System\CAEEmzv.exe
  2⤵
  PID:9200
- C:\Windows\System\xOsbzNM.exe
  C:\Windows\System\xOsbzNM.exe
  2⤵
  PID:7628
- C:\Windows\System\UcgRyHn.exe
  C:\Windows\System\UcgRyHn.exe
  2⤵
  PID:8336
- C:\Windows\System\RclUQVE.exe
  C:\Windows\System\RclUQVE.exe
  2⤵
  PID:8356
- C:\Windows\System\oKuFCil.exe
  C:\Windows\System\oKuFCil.exe
  2⤵
  PID:8404
- C:\Windows\System\TrPyZMu.exe
  C:\Windows\System\TrPyZMu.exe
  2⤵
  PID:8428
- C:\Windows\System\NahgnzD.exe
  C:\Windows\System\NahgnzD.exe
  2⤵
  PID:8444
- C:\Windows\System\JwpgQoT.exe
  C:\Windows\System\JwpgQoT.exe
  2⤵
  PID:8460
- C:\Windows\System\pcjnZUq.exe
  C:\Windows\System\pcjnZUq.exe
  2⤵
  PID:7320
- C:\Windows\System\mPkJZBZ.exe
  C:\Windows\System\mPkJZBZ.exe
  2⤵
  PID:8196
- C:\Windows\System\ousogeh.exe
  C:\Windows\System\ousogeh.exe
  2⤵
  PID:8212
- C:\Windows\System\sKHiVnD.exe
  C:\Windows\System\sKHiVnD.exe
  2⤵
  PID:8232
- C:\Windows\System\IfNVhgF.exe
  C:\Windows\System\IfNVhgF.exe
  2⤵
  PID:8248
- C:\Windows\System\VpgEtsb.exe
  C:\Windows\System\VpgEtsb.exe
  2⤵
  PID:8264
- C:\Windows\System\GyGgraY.exe
  C:\Windows\System\GyGgraY.exe
  2⤵
  PID:8560
- C:\Windows\System\yruxTxO.exe
  C:\Windows\System\yruxTxO.exe
  2⤵
  PID:8588
- C:\Windows\System\rjGqgyy.exe
  C:\Windows\System\rjGqgyy.exe
  2⤵
  PID:8276
- C:\Windows\System\TbGYGVS.exe
  C:\Windows\System\TbGYGVS.exe
  2⤵
  PID:8656
- C:\Windows\System\JkpFvCD.exe
  C:\Windows\System\JkpFvCD.exe
  2⤵
  PID:8296
- C:\Windows\System\XacUToc.exe
  C:\Windows\System\XacUToc.exe
  2⤵
  PID:8312
- C:\Windows\System\fmedazm.exe
  C:\Windows\System\fmedazm.exe
  2⤵
  PID:8380
- C:\Windows\System\YCsdDVE.exe
  C:\Windows\System\YCsdDVE.exe
  2⤵
  PID:8476
- C:\Windows\System\OGjrorq.exe
  C:\Windows\System\OGjrorq.exe
  2⤵
  PID:8492
- C:\Windows\System\cRphPtI.exe
  C:\Windows\System\cRphPtI.exe
  2⤵
  PID:8512
- C:\Windows\System\bnZyWzx.exe
  C:\Windows\System\bnZyWzx.exe
  2⤵
  PID:8576
- C:\Windows\System\SChnZFG.exe
  C:\Windows\System\SChnZFG.exe
  2⤵
  PID:8672
- C:\Windows\System\vzyAHSN.exe
  C:\Windows\System\vzyAHSN.exe
  2⤵
  PID:8688
- C:\Windows\System\qRxuLWY.exe
  C:\Windows\System\qRxuLWY.exe
  2⤵
  PID:8720
- C:\Windows\System\voFFDes.exe
  C:\Windows\System\voFFDes.exe
  2⤵
  PID:8936
- C:\Windows\System\QyNQvBx.exe
  C:\Windows\System\QyNQvBx.exe
  2⤵
  PID:8732
- C:\Windows\System\nlsuPxV.exe
  C:\Windows\System\nlsuPxV.exe
  2⤵
  PID:8748
- C:\Windows\System\qstXbhi.exe
  C:\Windows\System\qstXbhi.exe
  2⤵
  PID:8764
- C:\Windows\System\qEaBakm.exe
  C:\Windows\System\qEaBakm.exe
  2⤵
  PID:8780
- C:\Windows\System\XSoXvAk.exe
  C:\Windows\System\XSoXvAk.exe
  2⤵
  PID:8800
- C:\Windows\System\tJmTgxr.exe
  C:\Windows\System\tJmTgxr.exe
  2⤵
  PID:8816
- C:\Windows\System\cfulyJq.exe
  C:\Windows\System\cfulyJq.exe
  2⤵
  PID:8836
- C:\Windows\System\ECwKHSb.exe
  C:\Windows\System\ECwKHSb.exe
  2⤵
  PID:8828
- C:\Windows\System\baQflOz.exe
  C:\Windows\System\baQflOz.exe
  2⤵
  PID:8860
- C:\Windows\System\XseRxTn.exe
  C:\Windows\System\XseRxTn.exe
  2⤵
  PID:8880
- C:\Windows\System\pLpBQap.exe
  C:\Windows\System\pLpBQap.exe
  2⤵
  PID:8904
- C:\Windows\System\zOkZDDt.exe
  C:\Windows\System\zOkZDDt.exe
  2⤵
  PID:8912
- C:\Windows\System\FbDNTRe.exe
  C:\Windows\System\FbDNTRe.exe
  2⤵
  PID:8972
- C:\Windows\System\xInAuVC.exe
  C:\Windows\System\xInAuVC.exe
  2⤵
  PID:8988
- C:\Windows\System\HvkWKNA.exe
  C:\Windows\System\HvkWKNA.exe
  2⤵
  PID:9004
- C:\Windows\System\zjAeKqj.exe
  C:\Windows\System\zjAeKqj.exe
  2⤵
  PID:9020
- C:\Windows\System\eDUYvZo.exe
  C:\Windows\System\eDUYvZo.exe
  2⤵
  PID:9036
- C:\Windows\System\JIzmVhz.exe
  C:\Windows\System\JIzmVhz.exe
  2⤵
  PID:9056
- C:\Windows\System\NGnICNB.exe
  C:\Windows\System\NGnICNB.exe
  2⤵
  PID:9124
- C:\Windows\System\rryrbow.exe
  C:\Windows\System\rryrbow.exe
  2⤵
  PID:9144
- C:\Windows\System\HdMFIfw.exe
  C:\Windows\System\HdMFIfw.exe
  2⤵
  PID:9072
- C:\Windows\System\lIjqnwA.exe
  C:\Windows\System\lIjqnwA.exe
  2⤵
  PID:9112
- C:\Windows\System\yWevPTM.exe
  C:\Windows\System\yWevPTM.exe
  2⤵
  PID:9164
- C:\Windows\System\BmJdfaj.exe
  C:\Windows\System\BmJdfaj.exe
  2⤵
  PID:8048
- C:\Windows\System\OwAiIEd.exe
  C:\Windows\System\OwAiIEd.exe
  2⤵
  PID:8328
- C:\Windows\System\cREwKej.exe
  C:\Windows\System\cREwKej.exe
  2⤵
  PID:7204
- C:\Windows\System\hmBpXCf.exe
  C:\Windows\System\hmBpXCf.exe
  2⤵
  PID:8440
- C:\Windows\System\jnBExAp.exe
  C:\Windows\System\jnBExAp.exe
  2⤵
  PID:8412
- C:\Windows\System\XrmyBFG.exe
  C:\Windows\System\XrmyBFG.exe
  2⤵
  PID:8224
- C:\Windows\System\kXFqUBM.exe
  C:\Windows\System\kXFqUBM.exe
  2⤵
  PID:7664
- C:\Windows\System\cpqSfxL.exe
  C:\Windows\System\cpqSfxL.exe
  2⤵
  PID:8256
- C:\Windows\System\UWZjhdo.exe
  C:\Windows\System\UWZjhdo.exe
  2⤵
  PID:8280
- C:\Windows\System\SLvLEUt.exe
  C:\Windows\System\SLvLEUt.exe
  2⤵
  PID:8652
- C:\Windows\System\ldIgXoj.exe
  C:\Windows\System\ldIgXoj.exe
  2⤵
  PID:8308
- C:\Windows\System\eTsRkFX.exe
  C:\Windows\System\eTsRkFX.exe
  2⤵
  PID:8484
- C:\Windows\System\lihysgZ.exe
  C:\Windows\System\lihysgZ.exe
  2⤵
  PID:8712
- C:\Windows\System\aJPmnwJ.exe
  C:\Windows\System\aJPmnwJ.exe
  2⤵
  PID:8376
- C:\Windows\System\gNSzgRj.exe
  C:\Windows\System\gNSzgRj.exe
  2⤵
  PID:8540
- C:\Windows\System\aINVNuv.exe
  C:\Windows\System\aINVNuv.exe
  2⤵
  PID:8488
- C:\Windows\System\MPkZlHB.exe
  C:\Windows\System\MPkZlHB.exe
  2⤵
  PID:8740
- C:\Windows\System\EMMZRLK.exe
  C:\Windows\System\EMMZRLK.exe
  2⤵
  PID:8824
- C:\Windows\System\zGRDFHj.exe
  C:\Windows\System\zGRDFHj.exe
  2⤵
  PID:8852
- C:\Windows\System\LXnkHmB.exe
  C:\Windows\System\LXnkHmB.exe
  2⤵
  PID:8808
- C:\Windows\System\QwWRloz.exe
  C:\Windows\System\QwWRloz.exe
  2⤵
  PID:8872
- C:\Windows\System\hVWkuJu.exe
  C:\Windows\System\hVWkuJu.exe
  2⤵
  PID:8960
- C:\Windows\System\XTAMbtg.exe
  C:\Windows\System\XTAMbtg.exe
  2⤵
  PID:9000
- C:\Windows\System\PkJUbkk.exe
  C:\Windows\System\PkJUbkk.exe
  2⤵
  PID:9180
- C:\Windows\System\JiwQQlM.exe
  C:\Windows\System\JiwQQlM.exe
  2⤵
  PID:9160
- C:\Windows\System\NxkZccU.exe
  C:\Windows\System\NxkZccU.exe
  2⤵
  PID:9016
- C:\Windows\System\cfuNYRK.exe
  C:\Windows\System\cfuNYRK.exe
  2⤵
  PID:8360
- C:\Windows\System\rxzYDXl.exe
  C:\Windows\System\rxzYDXl.exe
  2⤵
  PID:7896
- C:\Windows\System\Jeouekz.exe
  C:\Windows\System\Jeouekz.exe
  2⤵
  PID:8964
- C:\Windows\System\mAaKLul.exe
  C:\Windows\System\mAaKLul.exe
  2⤵
  PID:9212
- C:\Windows\System\utqoHvY.exe
  C:\Windows\System\utqoHvY.exe
  2⤵
  PID:7468
- C:\Windows\System\ZCoPzVo.exe
  C:\Windows\System\ZCoPzVo.exe
  2⤵
  PID:8260
- C:\Windows\System\mOdaSkW.exe
  C:\Windows\System\mOdaSkW.exe
  2⤵
  PID:8504
- C:\Windows\System\awdePNi.exe
  C:\Windows\System\awdePNi.exe
  2⤵
  PID:8372
- C:\Windows\System\Iessoou.exe
  C:\Windows\System\Iessoou.exe
  2⤵
  PID:8500
- C:\Windows\System\uCZLsQK.exe
  C:\Windows\System\uCZLsQK.exe
  2⤵
  PID:8608
- C:\Windows\System\ITUeCBJ.exe
  C:\Windows\System\ITUeCBJ.exe
  2⤵
  PID:8760
- C:\Windows\System\kQMXgxL.exe
  C:\Windows\System\kQMXgxL.exe
  2⤵
  PID:8908
- C:\Windows\System\HYmaKti.exe
  C:\Windows\System\HYmaKti.exe
  2⤵
  PID:9012
- C:\Windows\System\ZuBlQPK.exe
  C:\Windows\System\ZuBlQPK.exe
  2⤵
  PID:8456
- C:\Windows\System\OqwAeCd.exe
  C:\Windows\System\OqwAeCd.exe
  2⤵
  PID:9140
- C:\Windows\System\jDaWjSp.exe
  C:\Windows\System\jDaWjSp.exe
  2⤵
  PID:8452
- C:\Windows\System\JArODLU.exe
  C:\Windows\System\JArODLU.exe
  2⤵
  PID:8944
- C:\Windows\System\ZwfDtAQ.exe
  C:\Windows\System\ZwfDtAQ.exe
  2⤵
  PID:8332
- C:\Windows\System\ASayrmU.exe
  C:\Windows\System\ASayrmU.exe
  2⤵
  PID:8620
- C:\Windows\System\WAqXyzI.exe
  C:\Windows\System\WAqXyzI.exe
  2⤵
  PID:8544
- C:\Windows\System\fXMLNEG.exe
  C:\Windows\System\fXMLNEG.exe
  2⤵
  PID:8892
- C:\Windows\System\WVILYZH.exe
  C:\Windows\System\WVILYZH.exe
  2⤵
  PID:9108
- C:\Windows\System\cMayees.exe
  C:\Windows\System\cMayees.exe
  2⤵
  PID:8244
- C:\Windows\System\spPrzkZ.exe
  C:\Windows\System\spPrzkZ.exe
  2⤵
  PID:9136
- C:\Windows\System\Swcupbq.exe
  C:\Windows\System\Swcupbq.exe
  2⤵
  PID:8348
- C:\Windows\System\tihzRtu.exe
  C:\Windows\System\tihzRtu.exe
  2⤵
  PID:8996
- C:\Windows\System\LElcYTx.exe
  C:\Windows\System\LElcYTx.exe
  2⤵
  PID:9228
- C:\Windows\System\jqmHFvA.exe
  C:\Windows\System\jqmHFvA.exe
  2⤵
  PID:9244
- C:\Windows\System\hMcQXQX.exe
  C:\Windows\System\hMcQXQX.exe
  2⤵
  PID:9260
- C:\Windows\System\AChnXnS.exe
  C:\Windows\System\AChnXnS.exe
  2⤵
  PID:9276
- C:\Windows\System\axWrzoR.exe
  C:\Windows\System\axWrzoR.exe
  2⤵
  PID:9292
- C:\Windows\System\KjkbWXJ.exe
  C:\Windows\System\KjkbWXJ.exe
  2⤵
  PID:9308
- C:\Windows\System\uSbWWXy.exe
  C:\Windows\System\uSbWWXy.exe
  2⤵
  PID:9324
- C:\Windows\System\dYlSzZt.exe
  C:\Windows\System\dYlSzZt.exe
  2⤵
  PID:9340
- C:\Windows\System\ciuadwl.exe
  C:\Windows\System\ciuadwl.exe
  2⤵
  PID:9360
- C:\Windows\System\AqyBHFS.exe
  C:\Windows\System\AqyBHFS.exe
  2⤵
  PID:9376
- C:\Windows\System\gpvHbjp.exe
  C:\Windows\System\gpvHbjp.exe
  2⤵
  PID:9392
- C:\Windows\System\JVLjlXC.exe
  C:\Windows\System\JVLjlXC.exe
  2⤵
  PID:9408
- C:\Windows\System\EEgqseg.exe
  C:\Windows\System\EEgqseg.exe
  2⤵
  PID:9424
- C:\Windows\System\wYaTKzt.exe
  C:\Windows\System\wYaTKzt.exe
  2⤵
  PID:9440
- C:\Windows\System\wZAvhUP.exe
  C:\Windows\System\wZAvhUP.exe
  2⤵
  PID:9456
- C:\Windows\System\FZXenqV.exe
  C:\Windows\System\FZXenqV.exe
  2⤵
  PID:9472
- C:\Windows\System\QqJtnRu.exe
  C:\Windows\System\QqJtnRu.exe
  2⤵
  PID:9488
- C:\Windows\System\gypFkLQ.exe
  C:\Windows\System\gypFkLQ.exe
  2⤵
  PID:9504
- C:\Windows\System\lKSQBEe.exe
  C:\Windows\System\lKSQBEe.exe
  2⤵
  PID:9528
- C:\Windows\System\NuxnTUR.exe
  C:\Windows\System\NuxnTUR.exe
  2⤵
  PID:9556
- C:\Windows\System\kHXYWuV.exe
  C:\Windows\System\kHXYWuV.exe
  2⤵
  PID:9572
- C:\Windows\System\zpTNQfR.exe
  C:\Windows\System\zpTNQfR.exe
  2⤵
  PID:9588
- C:\Windows\System\vNvEAEs.exe
  C:\Windows\System\vNvEAEs.exe
  2⤵
  PID:9604
- C:\Windows\System\RFfsSBr.exe
  C:\Windows\System\RFfsSBr.exe
  2⤵
  PID:9620
- C:\Windows\System\iogpYvT.exe
  C:\Windows\System\iogpYvT.exe
  2⤵
  PID:9640
- C:\Windows\System\vqnMEHg.exe
  C:\Windows\System\vqnMEHg.exe
  2⤵
  PID:9656
- C:\Windows\System\xbTPwFS.exe
  C:\Windows\System\xbTPwFS.exe
  2⤵
  PID:9672
- C:\Windows\System\MIbwANS.exe
  C:\Windows\System\MIbwANS.exe
  2⤵
  PID:9688
- C:\Windows\System\bCOdhhv.exe
  C:\Windows\System\bCOdhhv.exe
  2⤵
  PID:9704
- C:\Windows\System\lWXVURq.exe
  C:\Windows\System\lWXVURq.exe
  2⤵
  PID:9720
- C:\Windows\System\ctUCcYt.exe
  C:\Windows\System\ctUCcYt.exe
  2⤵
  PID:9736
- C:\Windows\System\lCVsDZJ.exe
  C:\Windows\System\lCVsDZJ.exe
  2⤵
  PID:9756
- C:\Windows\System\clcpZzx.exe
  C:\Windows\System\clcpZzx.exe
  2⤵
  PID:9772
- C:\Windows\System\jytSgFN.exe
  C:\Windows\System\jytSgFN.exe
  2⤵
  PID:9788
- C:\Windows\System\bMLNeST.exe
  C:\Windows\System\bMLNeST.exe
  2⤵
  PID:9804
- C:\Windows\System\fvYcsXd.exe
  C:\Windows\System\fvYcsXd.exe
  2⤵
  PID:9820
- C:\Windows\System\ZbEaAPm.exe
  C:\Windows\System\ZbEaAPm.exe
  2⤵
  PID:9836
- C:\Windows\System\rePrruo.exe
  C:\Windows\System\rePrruo.exe
  2⤵
  PID:9852
- C:\Windows\System\EyXmuxu.exe
  C:\Windows\System\EyXmuxu.exe
  2⤵
  PID:9868
- C:\Windows\System\iEYmlhF.exe
  C:\Windows\System\iEYmlhF.exe
  2⤵
  PID:9884
- C:\Windows\System\UukswtI.exe
  C:\Windows\System\UukswtI.exe
  2⤵
  PID:9900
- C:\Windows\System\wgWBMZT.exe
  C:\Windows\System\wgWBMZT.exe
  2⤵
  PID:9916
- C:\Windows\System\DiVAHDw.exe
  C:\Windows\System\DiVAHDw.exe
  2⤵
  PID:9932
- C:\Windows\System\AreDDlB.exe
  C:\Windows\System\AreDDlB.exe
  2⤵
  PID:9948
- C:\Windows\System\IhcXPSM.exe
  C:\Windows\System\IhcXPSM.exe
  2⤵
  PID:9964
- C:\Windows\System\piUbJjL.exe
  C:\Windows\System\piUbJjL.exe
  2⤵
  PID:9980
- C:\Windows\System\oiClpyx.exe
  C:\Windows\System\oiClpyx.exe
  2⤵
  PID:9996
- C:\Windows\System\DghxuIX.exe
  C:\Windows\System\DghxuIX.exe
  2⤵
  PID:10012
- C:\Windows\System\tMVIKZV.exe
  C:\Windows\System\tMVIKZV.exe
  2⤵
  PID:10028
- C:\Windows\System\ZkIWjKR.exe
  C:\Windows\System\ZkIWjKR.exe
  2⤵
  PID:10044
- C:\Windows\System\FGAplom.exe
  C:\Windows\System\FGAplom.exe
  2⤵
  PID:10060
- C:\Windows\System\pVXRMLM.exe
  C:\Windows\System\pVXRMLM.exe
  2⤵
  PID:10076
- C:\Windows\System\zdgCmgd.exe
  C:\Windows\System\zdgCmgd.exe
  2⤵
  PID:10092
- C:\Windows\System\nphLXDg.exe
  C:\Windows\System\nphLXDg.exe
  2⤵
  PID:10108
- C:\Windows\System\OtzypxO.exe
  C:\Windows\System\OtzypxO.exe
  2⤵
  PID:10124
- C:\Windows\System\HUWOrqE.exe
  C:\Windows\System\HUWOrqE.exe
  2⤵
  PID:10140
- C:\Windows\System\QxUcjqy.exe
  C:\Windows\System\QxUcjqy.exe
  2⤵
  PID:10156
- C:\Windows\System\EZYARal.exe
  C:\Windows\System\EZYARal.exe
  2⤵
  PID:10172
- C:\Windows\System\HObaRZK.exe
  C:\Windows\System\HObaRZK.exe
  2⤵
  PID:10188
- C:\Windows\System\cwQbVns.exe
  C:\Windows\System\cwQbVns.exe
  2⤵
  PID:10204
- C:\Windows\System\HcEaPeT.exe
  C:\Windows\System\HcEaPeT.exe
  2⤵
  PID:10224
- C:\Windows\System\DZDMLBH.exe
  C:\Windows\System\DZDMLBH.exe
  2⤵
  PID:8888
- C:\Windows\System\lKCmzMP.exe
  C:\Windows\System\lKCmzMP.exe
  2⤵
  PID:9092
- C:\Windows\System\UbxVwkq.exe
  C:\Windows\System\UbxVwkq.exe
  2⤵
  PID:9336
- C:\Windows\System\cDchFKh.exe
  C:\Windows\System\cDchFKh.exe
  2⤵
  PID:9032
- C:\Windows\System\lshRXyc.exe
  C:\Windows\System\lshRXyc.exe
  2⤵
  PID:9256
- C:\Windows\System\dUcjYBc.exe
  C:\Windows\System\dUcjYBc.exe
  2⤵
  PID:9320
- C:\Windows\System\mFvuoEn.exe
  C:\Windows\System\mFvuoEn.exe
  2⤵
  PID:9356
- C:\Windows\System\QpQrSPR.exe
  C:\Windows\System\QpQrSPR.exe
  2⤵
  PID:9416
- C:\Windows\System\GASkYbx.exe
  C:\Windows\System\GASkYbx.exe
  2⤵
  PID:9404
- C:\Windows\System\WfAPUxT.exe
  C:\Windows\System\WfAPUxT.exe
  2⤵
  PID:9468
- C:\Windows\System\IlOspua.exe
  C:\Windows\System\IlOspua.exe
  2⤵
  PID:9496
- C:\Windows\System\dGJDKmi.exe
  C:\Windows\System\dGJDKmi.exe
  2⤵
  PID:9516
- C:\Windows\System\gWUhTkP.exe
  C:\Windows\System\gWUhTkP.exe
  2⤵
  PID:9548
- C:\Windows\System\ffSyecd.exe
  C:\Windows\System\ffSyecd.exe
  2⤵
  PID:9584
- C:\Windows\System\couMnLx.exe
  C:\Windows\System\couMnLx.exe
  2⤵
  PID:9568
- C:\Windows\System\qknLKKL.exe
  C:\Windows\System\qknLKKL.exe
  2⤵
  PID:9680
- C:\Windows\System\goaOOFF.exe
  C:\Windows\System\goaOOFF.exe
  2⤵
  PID:9652
- C:\Windows\System\Wwnhpuw.exe
  C:\Windows\System\Wwnhpuw.exe
  2⤵
  PID:9748
- C:\Windows\System\sXhaHmx.exe
  C:\Windows\System\sXhaHmx.exe
  2⤵
  PID:9664
- C:\Windows\System\fBonTgg.exe
  C:\Windows\System\fBonTgg.exe
  2⤵
  PID:9728
- C:\Windows\System\hTtwwGn.exe
  C:\Windows\System\hTtwwGn.exe
  2⤵
  PID:9848
- C:\Windows\System\PaucFld.exe
  C:\Windows\System\PaucFld.exe
  2⤵
  PID:9908
- C:\Windows\System\EBmqGAL.exe
  C:\Windows\System\EBmqGAL.exe
  2⤵
  PID:9768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CQaBZvw.exe

Filesize
6.0MB

MD5
e43f3e352d46dd052bf05a6493665f4d

SHA1
06682d4ac467585a7ddaed6afca08b6f804714b6

SHA256
895ed7a09965bb77ac7f695d68a40a8b84ae4f88eb7d647e0f77ce8c3d4dc17c

SHA512
6d3c1efb43870eabfd0514e876b0902af74012e2ed105d100166d41811587604f6e1cc1b1e8110dcb9830e3704a3273feee0379c14d5d04e45ea313a0adaea30

Download Submit
C:\Windows\system\DdWuxkI.exe

Filesize
6.0MB

MD5
359412fb370be4c1a16e2a30b211d221

SHA1
0dad03307c0f5c5addfdca4561e1b4c96c0a9137

SHA256
f32d852a0a5609d2c141e425a718f96d488a1c271beea43e7376f5ab08afcef8

SHA512
a302660bde41abfb3aefd099a05504d1a50db3fbe07a7d4cac87ee618050dc6947532c18fadcafb6cd3ba2cd1062c71739689733d3284ca3177148d264edc393

Download Submit
C:\Windows\system\FAdnngf.exe

Filesize
6.0MB

MD5
4fb0ba1cf8eac0092ad1837536319049

SHA1
0cd15cb3ef4bec50d37744f2a4606f9652ec1825

SHA256
cd8a45504b9ff78c02f7761ef6d824b8e63ea85109cb27c0b64ef306756ec985

SHA512
4809f681ea948d20bfd3426eb1e70c1a04fa8b3822a18dbd413f5b1850602d37e7b67b4d8baf29ec8bee8235ab524acec51ebfb692407fb1114f1295ad944d18

Download Submit
C:\Windows\system\FOpBVby.exe

Filesize
6.0MB

MD5
b56659cb78d1526de9615a6e0f3e4dff

SHA1
6443fd93771d3ef4b3934dcc8cdb1c4c7feaebf0

SHA256
bcc2dcf82cd1622ceb95d6e6cff15f378976e71ec7cb84eaa000d3d3df5496b2

SHA512
505c4c5a116da77b6c74bd526c3274526c1d57ed94bd758a68d6665d30e8a8e9f7d645ce1ef1d2d102c2ea75a5517cc471693cf441723e205537a472b6cce36d

Download Submit
C:\Windows\system\HBbKrpH.exe

Filesize
6.0MB

MD5
3d391ca66cfcaaf932d341ff673b9849

SHA1
3236d270d83098ebf672d925e23e44f37783c4d3

SHA256
5488b349a2facf9eaac3941f11a89824c892503ce23d5de5b278079704bec656

SHA512
95024f89b6f69fcaff28707801fc9eaa451d1ea66074c8ec005c3086780fffbb6dc637f10f994a7ffe491e0704122ba416b4fa1e7257ec3b9f1025f55a0304a3

Download Submit
C:\Windows\system\IuSeuHP.exe

Filesize
6.0MB

MD5
c2813a6e8f40e69a6e666975df82acb6

SHA1
8ff2d0da54f31467da30265c4c21d4457736be29

SHA256
07acab8fde6b8a42b1e88406580fe1b4f3f66c5930f680e81c1f71a684c81f3c

SHA512
b1561b266825e6114d10ba0b9fff6bf94cd2c32ea238de546e4dafe3213c5713c90f1588dc56a31221fb00e03eb72c13ec11075cd735711d773aa533a48c1778

Download Submit
C:\Windows\system\MJHMEdk.exe

Filesize
6.0MB

MD5
e3fddf74eb853777f6dcf6de1eb7d94e

SHA1
c900521dbbd3524867c2ea1197eb81464c47a707

SHA256
d1399e876bbe40ed8ee9cb41a8281880a1c5fca8f2bd377f7765fedc6a076f7a

SHA512
3db9474eba21e0a84d8ed3114385e436c025cc56fbc80291ce3d2ede80d2ec1e843b71f3fbd8e6c8db1af79be66c77b39b21852cd2c2235e30cc63284d21c9a9

Download Submit
C:\Windows\system\UWBIvpa.exe

Filesize
6.0MB

MD5
493ad01e5dd3530df396ff9603142145

SHA1
d0f496a667ba34050a8f86d13c73c675cc21cb77

SHA256
5a36bd110816ffa0ae80c2eef7fa9131a4da88f832fdba9e582ee7202c3c4580

SHA512
6861038f1241dea7653f81c67b0b162ac4ef667647f9aec25c32cc3ad64cbceedd234dafd4247f16f687a4025fb08f238c0d43b146b9ec20fda51b588d9be556

Download Submit
C:\Windows\system\VRVKAHt.exe

Filesize
6.0MB

MD5
e5ae4d571f1a7db56232135b637c4c1a

SHA1
91f670e0c726331fa0c45f7f58e713001168d569

SHA256
44ac55eb650d13d721cf6b75d48a3c6d3cb1ea6eff9b209177e0361b2c550e75

SHA512
9f39d893f4c04324ef8849508c4aab0647b416f7f10f069d342250495be506d0428920f79a4f4be3d5fc098b90ca651eb5b9684d1739560d9818a51e8ffb9074

Download Submit
C:\Windows\system\XePeIus.exe

Filesize
6.0MB

MD5
6642dba7dbfd08e4d1b2626c69d1e824

SHA1
0e41236bd7b4bfba168c0f169788c0b77f3aca29

SHA256
972f6d858edb536a3613a2e8ca7eaf865dd191fa2190938f77f3c0057df7ffe6

SHA512
80627110e9facdd02d1340c6cb5ca42362199af9d99670827459285518bc6cee37fcb2fa5ed85839b7322b761492b0fc27841086b4483c79f87ebd46e1d24251

Download Submit
C:\Windows\system\ZCzuefR.exe

Filesize
6.0MB

MD5
7ca73cd943b7e8f6febdb6dcea803025

SHA1
54ef9e6422862395838b17c595f351200f8c896e

SHA256
71e418ff0e9bda50ba98b23633b571b06ec069d823379eb001e0aeb4d2a0cf96

SHA512
d94bef79883a6847622e6574f158606c98c87b9c303384a168b6d84302b004efbdfb6b3f0808e9bee8b01fffd1d574197b26e82baa57414204865c8b4b7b3aae

Download Submit
C:\Windows\system\aJmtxMs.exe

Filesize
6.0MB

MD5
6f294ecfe8a7755587c20ba21e8385aa

SHA1
fc5e967b0870bb81ccba404ced3581b4a85e1df1

SHA256
a664726068899240d9e8aeb8fca38c48cab99e9723919da0802f81eed1f7dcf6

SHA512
b2145683d2d2963cd9440d81d15d0c081693c4bf02ea71bffe1358fa2e70ba7a5b82693cb0db560600a7a48ff3a0953d199a3ac17ef0e71c7ef0d6231ae2a625

Download Submit
C:\Windows\system\crUlwVd.exe

Filesize
6.0MB

MD5
f2643ad5db27c5b75519365fafea2f55

SHA1
87a88410c44c1c9a8730a207b54c20526a81edb1

SHA256
93ba08021eb56d4f24c300409ac83c9451ec71d390c05c2df5d0ab5feae6c67f

SHA512
f2092b0d7695a9bbdd7ed8bf5bdfc14be5fc45e739d76480283dd9d3e61d7b2c2c09e5f97a9dbb6b894c62f54a284e949ec49850d536cfd5a55ec0b87b30b27d

Download Submit
C:\Windows\system\dKvPgnI.exe

Filesize
6.0MB

MD5
80604ab8a249f85363d931ac4c0e3aea

SHA1
26b2059d1a0a612c3dfd21a8c6a5cbb61cfa3a96

SHA256
019bd35902e744840053ae34222e105f5aba40606b9276bbf3a50692cf628a87

SHA512
307512922cbd6508c3d099f4f5eca66c4b814f28bd82cfab043697918584d9599371a98db91bda392318260920ac28c759ec78eb56b9aa9ba71b360b5fd8baff

Download Submit
C:\Windows\system\dqAKUCB.exe

Filesize
6.0MB

MD5
28b901bda44af284770d8109af77f87a

SHA1
80f416f8d67e41975fb79c2d992ef849a7a98944

SHA256
50866e329bfa3682a8a0df62e71111b606e126eae201d13d2e61db339206cb3d

SHA512
bcd56ccfd498d634badf94ef3fe1a6d857834b6ad47dcb97ad183fb5281a0b1c8b53ca372579a0d3cedf235e9d4d0c75de843673fb8eeff3e76d95ff37efded6

Download Submit
C:\Windows\system\gnjpJWl.exe

Filesize
6.0MB

MD5
d121833b86a1ba743c27112c03661e7a

SHA1
1306afa422aaa821e404426047635265d8257d3e

SHA256
9c28f554495d01baa9ba7f9dfa260aafa02054a337e98c2ff9d86db91a5095bb

SHA512
64d1c08f348f2d470f3d8dee69da89537d634562d6091784615c4589a6d8dc379eea177871b68d486e5ea6356786e75565f8836fc5cff5be20e7378518e22db2

Download Submit
C:\Windows\system\gpJYfyN.exe

Filesize
6.0MB

MD5
bb0d50d5e5c5e44f99efb7f4551f32ea

SHA1
bcf3989e65650fdd9247bc5b16b7655896d03509

SHA256
583ed8d2d4aec2e3f6fc56be19dfd45b4c666b158233f8306f1cff3f03bb15af

SHA512
35bf9d78924bcc7a3225e561ab9e6a9e2183941b35b8bb5433ba279e0280a3b2f3b0022063cb6343833f2b599b777c7c26a912e0d8c803e3710821f150fb46a6

Download Submit
C:\Windows\system\ltiEDeH.exe

Filesize
6.0MB

MD5
4ed991beb551c61cf37187d121e767ae

SHA1
a4b5447324d6f56f58e8ac7ae542e01a2230d265

SHA256
87e124acffe9ac0e3f55dbe40e2bf37134da2f8e873c872e5af6c0adf349324b

SHA512
46af98497f3da631a57e6704f5b6ad8e4d8afd02b0ccdea44a29d78eda339d5365a3f819d343274b9221f6ea1774fb624b9b1e45391325adfcecc1bf17c93b2e

Download Submit
C:\Windows\system\maActvu.exe

Filesize
6.0MB

MD5
6122463ca7af1e332ace6d55279a577e

SHA1
c967b12cc2498fc51c25b9529c4789f5ce1f8876

SHA256
b85b3efbc61d6790137fa1b06d14b6babbbc06548175593d8de9a09e03f3f355

SHA512
eb899005d4b332cf8bd8fbd478c3c35e67fdd312be06f0d46029d87f90af86ee475c7a85bfbf2271369cbe43f8d7504b2d406a57cc63b8f1c45253ea746caf59

Download Submit
C:\Windows\system\mgfyQbF.exe

Filesize
6.0MB

MD5
3f01ae97142d2dd5998fa09775007733

SHA1
6f961825c0493d546add6890a4076f379a78a5a1

SHA256
4fc89321e84e430f199add3e5750cd3ff33166710647b984e52e11dc3d512648

SHA512
7cee4a30efd983a31764150bd7f24c5e7ce43b20e59aae3e35c43abad236d3f90c1577f6ed8e9efd9b002f329d2673da9a8fb844d44282fca24fe03b5322f945

Download Submit
C:\Windows\system\nFBYvMb.exe

Filesize
6.0MB

MD5
f3d664a9395f7e3f1a45bba3f1dca747

SHA1
01a21c1d5beb803de120d054309ebc9c71af67d6

SHA256
560775f8d87da22063cd7da3b064f14605f7992a30f3840bbd54b52b3c4100dc

SHA512
796efb892c1e7c5ca528c41196e6ceeaece3e151dab5cc0c7eee9f4c9eba33e7cd8c3d8d6d2c7268a37dd1b116493e3c9b9608386f08559cd6e5b024b58d6b9b

Download Submit
C:\Windows\system\oRDmZaQ.exe

Filesize
6.0MB

MD5
3546b8156f342a3ef1480479da98fd1a

SHA1
669cd3c82e4f8edcbeb2a14b8d8edcf78c5535b4

SHA256
7b12fbe509a2074e2eb7ff899836d2ac2cfc20cdf50cb89c0833c3229261d52b

SHA512
6fa98c28cc569f7bba725659d22813e74e77db23e7a4de01a9c9acd1f557f29417c81b18dc185ab5ae2b3b60ad84c0c2717f2f140a5e2ef68f6539f096d140df

Download Submit
C:\Windows\system\sTEQMaZ.exe

Filesize
6.0MB

MD5
bc4de6fedb77e6d62015fe9791dd95d1

SHA1
27a98df22fe89d6fa01411b9899827f929f4164d

SHA256
33b779893cdbed8dac5e37b93c515ce484c12c0cdaeb463b8215cd0e7c2bfb45

SHA512
121da374f762f58363136ba22e2db94bc3861e65c7eaba750aecd41f9559c8bfcae24d020bc9506c1cec1005171e181ddeff1f8650d394a1cc6354303675f18a

Download Submit
C:\Windows\system\uHYIWVA.exe

Filesize
6.0MB

MD5
4b1ef171f31a0454a2fe0e8badca03ec

SHA1
f72063a42fbb31997ea413d759d63e855d07cd64

SHA256
12fd3ee1ddce87391544971179c96c3a3430f4cc8c40b9e14e363e95e38fcf93

SHA512
8b00c8d88bd11bcee884b17e5e9b6b558ec11ef11199ae75cf980487a655e1ee96286a0d60d1f3cc7dd0870b92e7bc84f4e62d9e7d9bbc5702ae82042e12fdee

Download Submit
C:\Windows\system\vflvpsP.exe

Filesize
6.0MB

MD5
3f6ebef588d84ee992b122eeac532aed

SHA1
294326c3c2378cad4cc2b452a60a2c29a2e8d560

SHA256
504dd01a1d240a9fb91385b225ff1709aae2234eb5a5ad121e44c65ed5e7db6a

SHA512
9a830f01ff84e7cf8d7abb0dbef3a94286a7f318da6575941e0a750b3cfa3a31dd818e067728fbfcfb390503f8c9fba657cbd53c7475c80b4af398adf2356647

Download Submit
C:\Windows\system\xENTUxD.exe

Filesize
6.0MB

MD5
4aaee355da3cf2ab62ac76b74bf65cf7

SHA1
2174affdb030a8a1f1600a99dabefb61f0f4c69b

SHA256
bb9ca5795ec7d48ae3f767f18fe8ec9e2be4236141c5d66cae14e38a42c3d513

SHA512
70ffd2bc9460f7ddd9faf4455bc09256cab62c64bd441d30d45a561c6cfc2c4700ac8e31e8c338f64b84dfd31b5a15028a4e83b217de10a9d41f1f363892ab1c

Download Submit
C:\Windows\system\yQwEUhZ.exe

Filesize
6.0MB

MD5
c658eed3c088434761a6245b3509a703

SHA1
551625e886b2834f0e2d25a8c6742a3ec5b81e27

SHA256
406bb040eff80b045ce6363dc661892df5e81c1013d2505ec7d4c68a31a78872

SHA512
4a757b091d2c9c31025761899c6eb0c4ddb58d5ad8f5fac2731c00e9088c242f429e136ff21c40a36902bdd79d3cb2b9d66c5efe16486a685ab80889288cedba

Download Submit
C:\Windows\system\yhEspGt.exe

Filesize
6.0MB

MD5
35571f494b54cf47b90c9cf939fa6c69

SHA1
d6ab278961320055791a7ce60b26b3235ee7be1a

SHA256
3a00b0ea1b01230bc827a1b0651fa06cd9b4bbb8b555369838d616a8c8267c60

SHA512
717b7f06a9546266153ad24307b4b17c77199200ba9dea45e678b77adee290021ba10715ad204dfb19215f71c6a16aa385f449fe5e22ca835b2bd817e7042cf5

Download Submit
C:\Windows\system\zMOoibx.exe

Filesize
6.0MB

MD5
fd930fa298c4a4d0bdd0e3445142972a

SHA1
384ea1d786615dcc9313c34fea193e671ebc172f

SHA256
26bf7f07eac0202ad45fc366f058902ded4d5655a8082ef012604f2ea012b3e6

SHA512
77b0ba911369b929d573b5a32ac1cdfdaa05d24841283557101d5f0b2c6ced7015667d77278317d9a96727e49dbe162b13392d7c8f6d9493b431bf2b334e9985

Download Submit
\Windows\system\YaEVeqL.exe

Filesize
6.0MB

MD5
492bcda1959b4cc33840be277e6a0022

SHA1
795e7f8763cd11583f42920ce7533d1121e6de79

SHA256
57286b34b3ad62e395aaaed2ddb7ae72efff00c23a71fdf6031d8d45664529bb

SHA512
8d3f029bb03cabe27bf4eebfbf3a5617cfc6d77d40bb4e6b2be21fc94fc1b7ff7c0b53be8c726dd535a3675f3cfce6770a5433b076c80c16a82561ed97194289

Download Submit
\Windows\system\nClpecj.exe

Filesize
6.0MB

MD5
b4252f6960f9215252b79cca08df1d0c

SHA1
cce0fce016049a8a5c291130d22d8c07a18ca3f8

SHA256
23481702d4145c7d2be44c9286c0e4319119e4bb45732c161bed5156b4b28815

SHA512
2ec6d9c6b51588e5588fdaceacf85e501e35756a31318a7e2459a71810ee926db80f360a42da653ae8acb5fb14e15803ceab3c02454e2eabc9da67eb358d8c40

Download Submit
\Windows\system\swrehbT.exe

Filesize
6.0MB

MD5
8fec0adfe2230e154dfdc04574e9b511

SHA1
3dc54d788e03a1c734b663fee446b8f979a5bcf4

SHA256
69cd03c76c4420b6076506e0170059f3fcf9a4fe5f87e4ea4f28e1176311c47c

SHA512
880b4238cefb0d7f64b099390034185aa74813addac4c7c0e7fe2d1142a2ecc07def0e799f92b6146ff997e100a9fb1c7526398cb16b250d0132053b00dec2e3

Download Submit
memory/576-99-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/576-29-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/576-17-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/576-18-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/576-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/576-41-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/576-45-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/576-66-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/576-55-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/576-67-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/576-21-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/576-484-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/576-335-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/576-82-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/576-188-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/576-95-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/576-0-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/576-36-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/576-284-0x0000000002470000-0x00000000027C4000-memory.dmp

Filesize
3.3MB

Download
memory/576-131-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/576-103-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/576-110-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/576-72-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/576-51-0x000000013FF40000-0x0000000140294000-memory.dmp

Filesize
3.3MB

Download
memory/576-53-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/864-819-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/864-42-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/864-81-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/1168-73-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-162-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1168-865-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-872-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-83-0x000000013FF60000-0x00000001402B4000-memory.dmp

Filesize
3.3MB

Download
memory/2252-23-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2252-740-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2336-104-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2336-905-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2344-757-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2344-30-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2372-885-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2372-98-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2452-68-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2452-843-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2460-744-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2460-20-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2648-886-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2648-100-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2772-60-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2772-833-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2788-54-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-815-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-22-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2888-747-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-37-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download
memory/3028-790-0x000000013FCA0000-0x000000013FFF4000-memory.dmp

Filesize
3.3MB

Download