cobaltstrike | f5acd48f2ac6cf765442a3f520e3a1549598927ed355e281f463dc0d57b9eea4

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
16-12-2024 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

90e8055cf93e803977e1f8387bcfe59a
SHA1

ba12540e28ae811883c1d564346002cccd7a85ce
SHA256

f5acd48f2ac6cf765442a3f520e3a1549598927ed355e281f463dc0d57b9eea4
SHA512

915b9638ccade4729b5ece38ec3def1c3c4333ab9a6c48ad536f05c0dcd5ed3fbe17bfca8f551a481df38f0f2425482b32d0a509b924a02cd9ecaeafd80568a8
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUt:T+q56utgpPF8u/7t

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 36 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120fe-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019490-8.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001949d-17.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194c6-26.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e4-39.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a5-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4da-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d6-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d8-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d4-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-170.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-150.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-113.dat	cobalt_reflective_dll
behavioral1/files/0x003000000001941b-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ab-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a495-58.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4ad-83.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019659-49.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a494-80.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e6-46.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194da-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2124-0-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x00090000000120fe-3.dat	xmrig
behavioral1/files/0x0007000000019490-8.dat	xmrig
behavioral1/files/0x000700000001949d-17.dat	xmrig
behavioral1/memory/2236-22-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/files/0x00070000000194c6-26.dat	xmrig
behavioral1/memory/2824-36-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x00060000000194e4-39.dat	xmrig
behavioral1/memory/2708-48-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4a5-81.dat	xmrig
behavioral1/memory/2236-61-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/1956-95-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2868-102-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2708-109-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bb-131.dat	xmrig
behavioral1/files/0x000500000001a4b5-120.dat	xmrig
behavioral1/files/0x000500000001a4cd-175.dat	xmrig
behavioral1/memory/2868-1233-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2124-536-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2716-246-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4da-196.dat	xmrig
behavioral1/files/0x000500000001a4d6-190.dat	xmrig
behavioral1/files/0x000500000001a4d1-184.dat	xmrig
behavioral1/files/0x000500000001a4c5-179.dat	xmrig
behavioral1/files/0x000500000001a4bd-167.dat	xmrig
behavioral1/files/0x000500000001a4b9-165.dat	xmrig
behavioral1/files/0x000500000001a4c9-162.dat	xmrig
behavioral1/files/0x000500000001a4c1-140.dat	xmrig
behavioral1/files/0x000500000001a4d8-193.dat	xmrig
behavioral1/files/0x000500000001a4d4-187.dat	xmrig
behavioral1/files/0x000500000001a4cf-181.dat	xmrig
behavioral1/files/0x000500000001a4cb-170.dat	xmrig
behavioral1/files/0x000500000001a4c7-159.dat	xmrig
behavioral1/files/0x000500000001a4c3-150.dat	xmrig
behavioral1/files/0x000500000001a4bf-146.dat	xmrig
behavioral1/files/0x000500000001a4b7-125.dat	xmrig
behavioral1/files/0x000500000001a4b3-117.dat	xmrig
behavioral1/files/0x000500000001a4b1-113.dat	xmrig
behavioral1/files/0x003000000001941b-105.dat	xmrig
behavioral1/memory/2820-100-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4af-99.dat	xmrig
behavioral1/memory/2124-72-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ab-69.dat	xmrig
behavioral1/files/0x000500000001a495-58.dat	xmrig
behavioral1/memory/1224-94-0x000000013F960000-0x000000013FCB4000-memory.dmp	xmrig
behavioral1/memory/2064-93-0x000000013F4C0000-0x000000013F814000-memory.dmp	xmrig
behavioral1/memory/548-92-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/1440-91-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2824-90-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4ad-83.dat	xmrig
behavioral1/files/0x0007000000019659-49.dat	xmrig
behavioral1/files/0x000500000001a494-80.dat	xmrig
behavioral1/memory/2956-77-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2124-65-0x00000000022C0000-0x0000000002614000-memory.dmp	xmrig
behavioral1/memory/2716-57-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2124-42-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2820-41-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2124-47-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x00060000000194e6-46.dat	xmrig
behavioral1/files/0x00060000000194da-33.dat	xmrig
behavioral1/memory/2956-29-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2796-16-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2912-15-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2708-3920-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2796	IIyPPUx.exe
2912	eyfXJzz.exe
2236	AEegOLZ.exe
2956	vlMVEvY.exe
2824	vDeQSme.exe
2820	frPtbFV.exe
2708	QfCaZva.exe
2716	ucXHsnv.exe
1440	GxVpWQe.exe
548	ijcMkUc.exe
2064	JiRNHNU.exe
1224	ubRWQEu.exe
1956	wakVAUc.exe
2868	zxHOflf.exe
2856	luyjLvh.exe
2072	VTAPxHP.exe
2016	iHfDlek.exe
3048	wTekQDT.exe
684	DDvZzBN.exe
776	rZPaLdd.exe
1324	XDVfDbh.exe
2992	LDxhloq.exe
2168	GWgRawN.exe
1236	vPZarec.exe
536	BABYQVf.exe
2368	NdwjLBd.exe
580	WSeviWA.exe
2224	VZseUqr.exe
736	XRaKEtB.exe
916	NOJTDbD.exe
1740	yFCJxVm.exe
496	NkQgyHv.exe
1684	aUnBVoY.exe
1864	RyOMNap.exe
2584	hvBqzza.exe
756	UcokIOa.exe
2288	ToQbvmm.exe
304	iCtRWqF.exe
1504	sjvDoJR.exe
876	LBppUhg.exe
2000	pDWpYdY.exe
1676	PYXhvls.exe
2092	uhnZTyL.exe
948	DyEoegX.exe
1776	VJSUMKL.exe
1540	vVKWIaB.exe
1972	QNNzgND.exe
840	CnjTjEU.exe
2552	JwJYJtw.exe
2280	CRGqlku.exe
2004	OshKVYI.exe
2604	FIlLdUq.exe
764	wtjENLX.exe
1148	tezhKfa.exe
2940	uitQqNN.exe
2772	JnTvThM.exe
1812	HBxPEZg.exe
2860	EBWcSlQ.exe
3040	plsxVXT.exe
280	UXbQuSa.exe
2700	CNRjbDV.exe
1724	BUaANiU.exe
316	hWPMpxE.exe
2140	EKDGIeU.exe

Loads dropped DLL 64 IoCs

pid	Process
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2124-0-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x00090000000120fe-3.dat	upx
behavioral1/files/0x0007000000019490-8.dat	upx
behavioral1/files/0x000700000001949d-17.dat	upx
behavioral1/memory/2236-22-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/files/0x00070000000194c6-26.dat	upx
behavioral1/memory/2824-36-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x00060000000194e4-39.dat	upx
behavioral1/memory/2708-48-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x000500000001a4a5-81.dat	upx
behavioral1/memory/2236-61-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/1956-95-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2868-102-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2708-109-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x000500000001a4bb-131.dat	upx
behavioral1/files/0x000500000001a4b5-120.dat	upx
behavioral1/files/0x000500000001a4cd-175.dat	upx
behavioral1/memory/2868-1233-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2716-246-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/files/0x000500000001a4da-196.dat	upx
behavioral1/files/0x000500000001a4d6-190.dat	upx
behavioral1/files/0x000500000001a4d1-184.dat	upx
behavioral1/files/0x000500000001a4c5-179.dat	upx
behavioral1/files/0x000500000001a4bd-167.dat	upx
behavioral1/files/0x000500000001a4b9-165.dat	upx
behavioral1/files/0x000500000001a4c9-162.dat	upx
behavioral1/files/0x000500000001a4c1-140.dat	upx
behavioral1/files/0x000500000001a4d8-193.dat	upx
behavioral1/files/0x000500000001a4d4-187.dat	upx
behavioral1/files/0x000500000001a4cf-181.dat	upx
behavioral1/files/0x000500000001a4cb-170.dat	upx
behavioral1/files/0x000500000001a4c7-159.dat	upx
behavioral1/files/0x000500000001a4c3-150.dat	upx
behavioral1/files/0x000500000001a4bf-146.dat	upx
behavioral1/files/0x000500000001a4b7-125.dat	upx
behavioral1/files/0x000500000001a4b3-117.dat	upx
behavioral1/files/0x000500000001a4b1-113.dat	upx
behavioral1/files/0x003000000001941b-105.dat	upx
behavioral1/memory/2820-100-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x000500000001a4af-99.dat	upx
behavioral1/files/0x000500000001a4ab-69.dat	upx
behavioral1/files/0x000500000001a495-58.dat	upx
behavioral1/memory/1224-94-0x000000013F960000-0x000000013FCB4000-memory.dmp	upx
behavioral1/memory/2064-93-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/548-92-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/1440-91-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2824-90-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/files/0x000500000001a4ad-83.dat	upx
behavioral1/files/0x0007000000019659-49.dat	upx
behavioral1/files/0x000500000001a494-80.dat	upx
behavioral1/memory/2956-77-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2716-57-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2124-42-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2820-41-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x00060000000194e6-46.dat	upx
behavioral1/files/0x00060000000194da-33.dat	upx
behavioral1/memory/2956-29-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2796-16-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2912-15-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2708-3920-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2824-3929-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/2064-3950-0x000000013F4C0000-0x000000013F814000-memory.dmp	upx
behavioral1/memory/548-3949-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/2796-3953-0x000000013F940000-0x000000013FC94000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QbcUtgy.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ULLkope.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iCBZfwI.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CoqwpxE.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QtpIwWc.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYbBjTH.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BuBZQZm.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bZTrtTr.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tHwlEwB.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWaDesb.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HzkxPLp.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jnmexjC.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XnhTqTl.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HtTyrdz.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VtHQcaR.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQaGCmu.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJGYWjH.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DWLysEl.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCDHRSi.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDSBzgb.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbCwmYm.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sFiqJId.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rMvRRRn.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\etffwJp.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnfWSsh.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hCkfQSh.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JviCKjz.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YTOVgVf.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NjxJBFE.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aRkXbuw.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lhabGnr.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zznoQeF.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LBppUhg.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NQMEBcb.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKTjBCP.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uZPXryK.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OvFSRMi.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnlefEk.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uitQqNN.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BaxyHbx.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fWuXMSd.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IqpSUws.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MazUgQx.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWvXojE.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YzfUleZ.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NacXpTi.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wfFVfTn.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wNXKXDg.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RChIaVA.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNRjbDV.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kaABkke.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBObnMJ.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yVsHTNt.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lmIZxWT.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMmbXGF.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FFNEHoq.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjAPUPJ.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qyaWfUx.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dCtYDNS.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeBHvHc.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZqYSqEU.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CuCPOYt.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AwvZhBj.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inbniVA.exe	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2796	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2124 wrote to memory of 2796	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2124 wrote to memory of 2796	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2124 wrote to memory of 2912	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2124 wrote to memory of 2912	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2124 wrote to memory of 2912	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2124 wrote to memory of 2236	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2124 wrote to memory of 2236	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2124 wrote to memory of 2236	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2124 wrote to memory of 2956	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2124 wrote to memory of 2956	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2124 wrote to memory of 2956	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2124 wrote to memory of 2824	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2124 wrote to memory of 2824	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2124 wrote to memory of 2824	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2124 wrote to memory of 2820	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2124 wrote to memory of 2820	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2124 wrote to memory of 2820	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2124 wrote to memory of 2708	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2124 wrote to memory of 2708	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2124 wrote to memory of 2708	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2124 wrote to memory of 2716	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2124 wrote to memory of 2716	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2124 wrote to memory of 2716	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2124 wrote to memory of 1440	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2124 wrote to memory of 1440	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2124 wrote to memory of 1440	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2124 wrote to memory of 1224	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2124 wrote to memory of 1224	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2124 wrote to memory of 1224	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2124 wrote to memory of 548	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2124 wrote to memory of 548	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2124 wrote to memory of 548	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2124 wrote to memory of 1956	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2124 wrote to memory of 1956	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2124 wrote to memory of 1956	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2124 wrote to memory of 2064	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2124 wrote to memory of 2064	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2124 wrote to memory of 2064	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2124 wrote to memory of 2868	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2124 wrote to memory of 2868	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2124 wrote to memory of 2868	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2124 wrote to memory of 2856	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2124 wrote to memory of 2856	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2124 wrote to memory of 2856	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2124 wrote to memory of 2072	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2124 wrote to memory of 2072	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2124 wrote to memory of 2072	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2124 wrote to memory of 2016	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2124 wrote to memory of 2016	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2124 wrote to memory of 2016	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2124 wrote to memory of 2992	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2124 wrote to memory of 2992	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2124 wrote to memory of 2992	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2124 wrote to memory of 3048	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2124 wrote to memory of 3048	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2124 wrote to memory of 3048	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2124 wrote to memory of 1236	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2124 wrote to memory of 1236	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2124 wrote to memory of 1236	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2124 wrote to memory of 684	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2124 wrote to memory of 684	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2124 wrote to memory of 684	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2124 wrote to memory of 536	2124	2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-12-16_90e8055cf93e803977e1f8387bcfe59a_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\System\IIyPPUx.exe
  C:\Windows\System\IIyPPUx.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\eyfXJzz.exe
  C:\Windows\System\eyfXJzz.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\AEegOLZ.exe
  C:\Windows\System\AEegOLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\vlMVEvY.exe
  C:\Windows\System\vlMVEvY.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\vDeQSme.exe
  C:\Windows\System\vDeQSme.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\frPtbFV.exe
  C:\Windows\System\frPtbFV.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\QfCaZva.exe
  C:\Windows\System\QfCaZva.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\ucXHsnv.exe
  C:\Windows\System\ucXHsnv.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\GxVpWQe.exe
  C:\Windows\System\GxVpWQe.exe
  2⤵
  - Executes dropped EXE
  PID:1440
- C:\Windows\System\ubRWQEu.exe
  C:\Windows\System\ubRWQEu.exe
  2⤵
  - Executes dropped EXE
  PID:1224
- C:\Windows\System\ijcMkUc.exe
  C:\Windows\System\ijcMkUc.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\wakVAUc.exe
  C:\Windows\System\wakVAUc.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\JiRNHNU.exe
  C:\Windows\System\JiRNHNU.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\zxHOflf.exe
  C:\Windows\System\zxHOflf.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\luyjLvh.exe
  C:\Windows\System\luyjLvh.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\VTAPxHP.exe
  C:\Windows\System\VTAPxHP.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\iHfDlek.exe
  C:\Windows\System\iHfDlek.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\LDxhloq.exe
  C:\Windows\System\LDxhloq.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\wTekQDT.exe
  C:\Windows\System\wTekQDT.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\vPZarec.exe
  C:\Windows\System\vPZarec.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\DDvZzBN.exe
  C:\Windows\System\DDvZzBN.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\BABYQVf.exe
  C:\Windows\System\BABYQVf.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\rZPaLdd.exe
  C:\Windows\System\rZPaLdd.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\WSeviWA.exe
  C:\Windows\System\WSeviWA.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\XDVfDbh.exe
  C:\Windows\System\XDVfDbh.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\VZseUqr.exe
  C:\Windows\System\VZseUqr.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\GWgRawN.exe
  C:\Windows\System\GWgRawN.exe
  2⤵
  - Executes dropped EXE
  PID:2168
- C:\Windows\System\pDWpYdY.exe
  C:\Windows\System\pDWpYdY.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\NdwjLBd.exe
  C:\Windows\System\NdwjLBd.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\PYXhvls.exe
  C:\Windows\System\PYXhvls.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\XRaKEtB.exe
  C:\Windows\System\XRaKEtB.exe
  2⤵
  - Executes dropped EXE
  PID:736
- C:\Windows\System\uhnZTyL.exe
  C:\Windows\System\uhnZTyL.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\NOJTDbD.exe
  C:\Windows\System\NOJTDbD.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\DyEoegX.exe
  C:\Windows\System\DyEoegX.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\yFCJxVm.exe
  C:\Windows\System\yFCJxVm.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\VJSUMKL.exe
  C:\Windows\System\VJSUMKL.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\NkQgyHv.exe
  C:\Windows\System\NkQgyHv.exe
  2⤵
  - Executes dropped EXE
  PID:496
- C:\Windows\System\vVKWIaB.exe
  C:\Windows\System\vVKWIaB.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\aUnBVoY.exe
  C:\Windows\System\aUnBVoY.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\QNNzgND.exe
  C:\Windows\System\QNNzgND.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\RyOMNap.exe
  C:\Windows\System\RyOMNap.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\CnjTjEU.exe
  C:\Windows\System\CnjTjEU.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\hvBqzza.exe
  C:\Windows\System\hvBqzza.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\JwJYJtw.exe
  C:\Windows\System\JwJYJtw.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\UcokIOa.exe
  C:\Windows\System\UcokIOa.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\CRGqlku.exe
  C:\Windows\System\CRGqlku.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\ToQbvmm.exe
  C:\Windows\System\ToQbvmm.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\OshKVYI.exe
  C:\Windows\System\OshKVYI.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\iCtRWqF.exe
  C:\Windows\System\iCtRWqF.exe
  2⤵
  - Executes dropped EXE
  PID:304
- C:\Windows\System\FIlLdUq.exe
  C:\Windows\System\FIlLdUq.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\sjvDoJR.exe
  C:\Windows\System\sjvDoJR.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\wtjENLX.exe
  C:\Windows\System\wtjENLX.exe
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Windows\System\LBppUhg.exe
  C:\Windows\System\LBppUhg.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\tezhKfa.exe
  C:\Windows\System\tezhKfa.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\uitQqNN.exe
  C:\Windows\System\uitQqNN.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\plsxVXT.exe
  C:\Windows\System\plsxVXT.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\JnTvThM.exe
  C:\Windows\System\JnTvThM.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\CNRjbDV.exe
  C:\Windows\System\CNRjbDV.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\HBxPEZg.exe
  C:\Windows\System\HBxPEZg.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\BUaANiU.exe
  C:\Windows\System\BUaANiU.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\EBWcSlQ.exe
  C:\Windows\System\EBWcSlQ.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\kiXEkiN.exe
  C:\Windows\System\kiXEkiN.exe
  2⤵
  PID:556
- C:\Windows\System\UXbQuSa.exe
  C:\Windows\System\UXbQuSa.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\snxBgdm.exe
  C:\Windows\System\snxBgdm.exe
  2⤵
  PID:1132
- C:\Windows\System\hWPMpxE.exe
  C:\Windows\System\hWPMpxE.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\jOwJGEs.exe
  C:\Windows\System\jOwJGEs.exe
  2⤵
  PID:332
- C:\Windows\System\EKDGIeU.exe
  C:\Windows\System\EKDGIeU.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\BXTJTgu.exe
  C:\Windows\System\BXTJTgu.exe
  2⤵
  PID:2348
- C:\Windows\System\oYsntuo.exe
  C:\Windows\System\oYsntuo.exe
  2⤵
  PID:1944
- C:\Windows\System\WQQOUed.exe
  C:\Windows\System\WQQOUed.exe
  2⤵
  PID:1008
- C:\Windows\System\OFylSxJ.exe
  C:\Windows\System\OFylSxJ.exe
  2⤵
  PID:1544
- C:\Windows\System\MxxdtER.exe
  C:\Windows\System\MxxdtER.exe
  2⤵
  PID:3052
- C:\Windows\System\bqJZzZd.exe
  C:\Windows\System\bqJZzZd.exe
  2⤵
  PID:1700
- C:\Windows\System\artmuoi.exe
  C:\Windows\System\artmuoi.exe
  2⤵
  PID:2276
- C:\Windows\System\JRVzkoH.exe
  C:\Windows\System\JRVzkoH.exe
  2⤵
  PID:1936
- C:\Windows\System\PLDgnBr.exe
  C:\Windows\System\PLDgnBr.exe
  2⤵
  PID:2960
- C:\Windows\System\VWrwLBx.exe
  C:\Windows\System\VWrwLBx.exe
  2⤵
  PID:2068
- C:\Windows\System\tkGVCxp.exe
  C:\Windows\System\tkGVCxp.exe
  2⤵
  PID:2520
- C:\Windows\System\xRgbAjW.exe
  C:\Windows\System\xRgbAjW.exe
  2⤵
  PID:380
- C:\Windows\System\OieGSHX.exe
  C:\Windows\System\OieGSHX.exe
  2⤵
  PID:1580
- C:\Windows\System\uPpnzss.exe
  C:\Windows\System\uPpnzss.exe
  2⤵
  PID:1988
- C:\Windows\System\ggfPiRE.exe
  C:\Windows\System\ggfPiRE.exe
  2⤵
  PID:1352
- C:\Windows\System\VEetkbp.exe
  C:\Windows\System\VEetkbp.exe
  2⤵
  PID:1512
- C:\Windows\System\qGyObyl.exe
  C:\Windows\System\qGyObyl.exe
  2⤵
  PID:912
- C:\Windows\System\LRpsRQj.exe
  C:\Windows\System\LRpsRQj.exe
  2⤵
  PID:3076
- C:\Windows\System\YAuFVyA.exe
  C:\Windows\System\YAuFVyA.exe
  2⤵
  PID:3092
- C:\Windows\System\lmIZxWT.exe
  C:\Windows\System\lmIZxWT.exe
  2⤵
  PID:3108
- C:\Windows\System\wQirfrP.exe
  C:\Windows\System\wQirfrP.exe
  2⤵
  PID:3124
- C:\Windows\System\UkfTxii.exe
  C:\Windows\System\UkfTxii.exe
  2⤵
  PID:3140
- C:\Windows\System\lLBIDSW.exe
  C:\Windows\System\lLBIDSW.exe
  2⤵
  PID:3156
- C:\Windows\System\HtTyrdz.exe
  C:\Windows\System\HtTyrdz.exe
  2⤵
  PID:3176
- C:\Windows\System\gjOLmEQ.exe
  C:\Windows\System\gjOLmEQ.exe
  2⤵
  PID:3192
- C:\Windows\System\ESzAzdA.exe
  C:\Windows\System\ESzAzdA.exe
  2⤵
  PID:3208
- C:\Windows\System\GHvcbTo.exe
  C:\Windows\System\GHvcbTo.exe
  2⤵
  PID:3224
- C:\Windows\System\vPwlJfO.exe
  C:\Windows\System\vPwlJfO.exe
  2⤵
  PID:3284
- C:\Windows\System\BHNAnJg.exe
  C:\Windows\System\BHNAnJg.exe
  2⤵
  PID:3428
- C:\Windows\System\ajBcrQS.exe
  C:\Windows\System\ajBcrQS.exe
  2⤵
  PID:3444
- C:\Windows\System\mqASRHJ.exe
  C:\Windows\System\mqASRHJ.exe
  2⤵
  PID:3460
- C:\Windows\System\PibDyxm.exe
  C:\Windows\System\PibDyxm.exe
  2⤵
  PID:3480
- C:\Windows\System\TarTInl.exe
  C:\Windows\System\TarTInl.exe
  2⤵
  PID:3508
- C:\Windows\System\xcvxKmL.exe
  C:\Windows\System\xcvxKmL.exe
  2⤵
  PID:3524
- C:\Windows\System\TpRrOKB.exe
  C:\Windows\System\TpRrOKB.exe
  2⤵
  PID:3548
- C:\Windows\System\XTYylFJ.exe
  C:\Windows\System\XTYylFJ.exe
  2⤵
  PID:3564
- C:\Windows\System\wWoOLAF.exe
  C:\Windows\System\wWoOLAF.exe
  2⤵
  PID:3588
- C:\Windows\System\dgjCNJV.exe
  C:\Windows\System\dgjCNJV.exe
  2⤵
  PID:3604
- C:\Windows\System\hFEOxij.exe
  C:\Windows\System\hFEOxij.exe
  2⤵
  PID:3628
- C:\Windows\System\IGxwzSo.exe
  C:\Windows\System\IGxwzSo.exe
  2⤵
  PID:3644
- C:\Windows\System\TqgkKAx.exe
  C:\Windows\System\TqgkKAx.exe
  2⤵
  PID:3668
- C:\Windows\System\lwKsizN.exe
  C:\Windows\System\lwKsizN.exe
  2⤵
  PID:3684
- C:\Windows\System\XaCfjmy.exe
  C:\Windows\System\XaCfjmy.exe
  2⤵
  PID:3700
- C:\Windows\System\cywnprf.exe
  C:\Windows\System\cywnprf.exe
  2⤵
  PID:3720
- C:\Windows\System\phkDWXU.exe
  C:\Windows\System\phkDWXU.exe
  2⤵
  PID:3736
- C:\Windows\System\rdGFJkt.exe
  C:\Windows\System\rdGFJkt.exe
  2⤵
  PID:3752
- C:\Windows\System\faCSYWB.exe
  C:\Windows\System\faCSYWB.exe
  2⤵
  PID:3768
- C:\Windows\System\TcXJCKw.exe
  C:\Windows\System\TcXJCKw.exe
  2⤵
  PID:3784
- C:\Windows\System\TDDEqLw.exe
  C:\Windows\System\TDDEqLw.exe
  2⤵
  PID:3808
- C:\Windows\System\SBZzSvo.exe
  C:\Windows\System\SBZzSvo.exe
  2⤵
  PID:3828
- C:\Windows\System\DaTlIQz.exe
  C:\Windows\System\DaTlIQz.exe
  2⤵
  PID:3844
- C:\Windows\System\XtExTQQ.exe
  C:\Windows\System\XtExTQQ.exe
  2⤵
  PID:3860
- C:\Windows\System\wLfBQlL.exe
  C:\Windows\System\wLfBQlL.exe
  2⤵
  PID:3884
- C:\Windows\System\ENttweu.exe
  C:\Windows\System\ENttweu.exe
  2⤵
  PID:3900
- C:\Windows\System\mVtACmv.exe
  C:\Windows\System\mVtACmv.exe
  2⤵
  PID:3916
- C:\Windows\System\uDPXqws.exe
  C:\Windows\System\uDPXqws.exe
  2⤵
  PID:3932
- C:\Windows\System\LlbUzLy.exe
  C:\Windows\System\LlbUzLy.exe
  2⤵
  PID:3952
- C:\Windows\System\JuBNFaH.exe
  C:\Windows\System\JuBNFaH.exe
  2⤵
  PID:3972
- C:\Windows\System\xugFfKT.exe
  C:\Windows\System\xugFfKT.exe
  2⤵
  PID:4028
- C:\Windows\System\YAEbIsr.exe
  C:\Windows\System\YAEbIsr.exe
  2⤵
  PID:4048
- C:\Windows\System\jHEKMPe.exe
  C:\Windows\System\jHEKMPe.exe
  2⤵
  PID:4068
- C:\Windows\System\CWqBmyA.exe
  C:\Windows\System\CWqBmyA.exe
  2⤵
  PID:4084
- C:\Windows\System\XCQQDwe.exe
  C:\Windows\System\XCQQDwe.exe
  2⤵
  PID:2748
- C:\Windows\System\efbdPfc.exe
  C:\Windows\System\efbdPfc.exe
  2⤵
  PID:2688
- C:\Windows\System\kzfYfmA.exe
  C:\Windows\System\kzfYfmA.exe
  2⤵
  PID:2572
- C:\Windows\System\YWWvwkz.exe
  C:\Windows\System\YWWvwkz.exe
  2⤵
  PID:1244
- C:\Windows\System\OsinULQ.exe
  C:\Windows\System\OsinULQ.exe
  2⤵
  PID:2496
- C:\Windows\System\llgLSog.exe
  C:\Windows\System\llgLSog.exe
  2⤵
  PID:2308
- C:\Windows\System\ZqYSqEU.exe
  C:\Windows\System\ZqYSqEU.exe
  2⤵
  PID:1720
- C:\Windows\System\ZNmpTOr.exe
  C:\Windows\System\ZNmpTOr.exe
  2⤵
  PID:2504
- C:\Windows\System\YodPYFE.exe
  C:\Windows\System\YodPYFE.exe
  2⤵
  PID:1952
- C:\Windows\System\YzfUleZ.exe
  C:\Windows\System\YzfUleZ.exe
  2⤵
  PID:2624
- C:\Windows\System\PeIdHua.exe
  C:\Windows\System\PeIdHua.exe
  2⤵
  PID:2432
- C:\Windows\System\QmohgUY.exe
  C:\Windows\System\QmohgUY.exe
  2⤵
  PID:2204
- C:\Windows\System\dCuAXZn.exe
  C:\Windows\System\dCuAXZn.exe
  2⤵
  PID:1436
- C:\Windows\System\jubbAUq.exe
  C:\Windows\System\jubbAUq.exe
  2⤵
  PID:2904
- C:\Windows\System\QJDGbWN.exe
  C:\Windows\System\QJDGbWN.exe
  2⤵
  PID:3120
- C:\Windows\System\LaUPcaE.exe
  C:\Windows\System\LaUPcaE.exe
  2⤵
  PID:3188
- C:\Windows\System\rBUzTAY.exe
  C:\Windows\System\rBUzTAY.exe
  2⤵
  PID:320
- C:\Windows\System\pZenBOV.exe
  C:\Windows\System\pZenBOV.exe
  2⤵
  PID:760
- C:\Windows\System\hDNGJit.exe
  C:\Windows\System\hDNGJit.exe
  2⤵
  PID:3104
- C:\Windows\System\hqGkYpX.exe
  C:\Windows\System\hqGkYpX.exe
  2⤵
  PID:3232
- C:\Windows\System\rrhYogg.exe
  C:\Windows\System\rrhYogg.exe
  2⤵
  PID:3308
- C:\Windows\System\YWcbBCX.exe
  C:\Windows\System\YWcbBCX.exe
  2⤵
  PID:3324
- C:\Windows\System\oSZMJyA.exe
  C:\Windows\System\oSZMJyA.exe
  2⤵
  PID:3344
- C:\Windows\System\iGOrNdS.exe
  C:\Windows\System\iGOrNdS.exe
  2⤵
  PID:1304
- C:\Windows\System\EGXzaXu.exe
  C:\Windows\System\EGXzaXu.exe
  2⤵
  PID:824
- C:\Windows\System\SZDhxzP.exe
  C:\Windows\System\SZDhxzP.exe
  2⤵
  PID:2112
- C:\Windows\System\FewgwDV.exe
  C:\Windows\System\FewgwDV.exe
  2⤵
  PID:1752
- C:\Windows\System\HoxNQzZ.exe
  C:\Windows\System\HoxNQzZ.exe
  2⤵
  PID:3356
- C:\Windows\System\KBsbMdE.exe
  C:\Windows\System\KBsbMdE.exe
  2⤵
  PID:3380
- C:\Windows\System\TDbnxVH.exe
  C:\Windows\System\TDbnxVH.exe
  2⤵
  PID:3396
- C:\Windows\System\GKaIAaH.exe
  C:\Windows\System\GKaIAaH.exe
  2⤵
  PID:3416
- C:\Windows\System\kKGkRFN.exe
  C:\Windows\System\kKGkRFN.exe
  2⤵
  PID:3488
- C:\Windows\System\PrsuEgk.exe
  C:\Windows\System\PrsuEgk.exe
  2⤵
  PID:3572
- C:\Windows\System\PYLyDDr.exe
  C:\Windows\System\PYLyDDr.exe
  2⤵
  PID:3612
- C:\Windows\System\OyuCiMj.exe
  C:\Windows\System\OyuCiMj.exe
  2⤵
  PID:3652
- C:\Windows\System\wnDgdwx.exe
  C:\Windows\System\wnDgdwx.exe
  2⤵
  PID:3692
- C:\Windows\System\fIqcnHM.exe
  C:\Windows\System\fIqcnHM.exe
  2⤵
  PID:3760
- C:\Windows\System\wYXiUdm.exe
  C:\Windows\System\wYXiUdm.exe
  2⤵
  PID:3436
- C:\Windows\System\ezanroB.exe
  C:\Windows\System\ezanroB.exe
  2⤵
  PID:3792
- C:\Windows\System\pwWTMca.exe
  C:\Windows\System\pwWTMca.exe
  2⤵
  PID:3556
- C:\Windows\System\iYuSbnf.exe
  C:\Windows\System\iYuSbnf.exe
  2⤵
  PID:3600
- C:\Windows\System\RykvlbV.exe
  C:\Windows\System\RykvlbV.exe
  2⤵
  PID:3840
- C:\Windows\System\BeKnuDB.exe
  C:\Windows\System\BeKnuDB.exe
  2⤵
  PID:3880
- C:\Windows\System\hBPelzd.exe
  C:\Windows\System\hBPelzd.exe
  2⤵
  PID:3944
- C:\Windows\System\BtTEPcK.exe
  C:\Windows\System\BtTEPcK.exe
  2⤵
  PID:3924
- C:\Windows\System\NGKmjDr.exe
  C:\Windows\System\NGKmjDr.exe
  2⤵
  PID:3896
- C:\Windows\System\DWLysEl.exe
  C:\Windows\System\DWLysEl.exe
  2⤵
  PID:3820
- C:\Windows\System\MWQkAaB.exe
  C:\Windows\System\MWQkAaB.exe
  2⤵
  PID:3748
- C:\Windows\System\YzbPMXJ.exe
  C:\Windows\System\YzbPMXJ.exe
  2⤵
  PID:3680
- C:\Windows\System\wVOXFKw.exe
  C:\Windows\System\wVOXFKw.exe
  2⤵
  PID:3984
- C:\Windows\System\zHkjSPZ.exe
  C:\Windows\System\zHkjSPZ.exe
  2⤵
  PID:4004
- C:\Windows\System\UhkZtvL.exe
  C:\Windows\System\UhkZtvL.exe
  2⤵
  PID:4024
- C:\Windows\System\jLMMNyU.exe
  C:\Windows\System\jLMMNyU.exe
  2⤵
  PID:4060
- C:\Windows\System\gZoEGyH.exe
  C:\Windows\System\gZoEGyH.exe
  2⤵
  PID:1336
- C:\Windows\System\etffwJp.exe
  C:\Windows\System\etffwJp.exe
  2⤵
  PID:2560
- C:\Windows\System\xYlKgkk.exe
  C:\Windows\System\xYlKgkk.exe
  2⤵
  PID:2160
- C:\Windows\System\YqgqRLi.exe
  C:\Windows\System\YqgqRLi.exe
  2⤵
  PID:880
- C:\Windows\System\UdUksxz.exe
  C:\Windows\System\UdUksxz.exe
  2⤵
  PID:2372
- C:\Windows\System\CNCnQsg.exe
  C:\Windows\System\CNCnQsg.exe
  2⤵
  PID:2984
- C:\Windows\System\NbzIAhF.exe
  C:\Windows\System\NbzIAhF.exe
  2⤵
  PID:3036
- C:\Windows\System\TcbFouw.exe
  C:\Windows\System\TcbFouw.exe
  2⤵
  PID:2976
- C:\Windows\System\RfyhtuM.exe
  C:\Windows\System\RfyhtuM.exe
  2⤵
  PID:3220
- C:\Windows\System\PELVJrb.exe
  C:\Windows\System\PELVJrb.exe
  2⤵
  PID:1360
- C:\Windows\System\kgOgeMy.exe
  C:\Windows\System\kgOgeMy.exe
  2⤵
  PID:3340
- C:\Windows\System\dDkcxai.exe
  C:\Windows\System\dDkcxai.exe
  2⤵
  PID:2872
- C:\Windows\System\iCrUWZG.exe
  C:\Windows\System\iCrUWZG.exe
  2⤵
  PID:3404
- C:\Windows\System\zSRqfbp.exe
  C:\Windows\System\zSRqfbp.exe
  2⤵
  PID:3504
- C:\Windows\System\ewjYIJP.exe
  C:\Windows\System\ewjYIJP.exe
  2⤵
  PID:3536
- C:\Windows\System\KaWOaHs.exe
  C:\Windows\System\KaWOaHs.exe
  2⤵
  PID:3732
- C:\Windows\System\snQBbiz.exe
  C:\Windows\System\snQBbiz.exe
  2⤵
  PID:3872
- C:\Windows\System\EfSnAhJ.exe
  C:\Windows\System\EfSnAhJ.exe
  2⤵
  PID:3856
- C:\Windows\System\oiJgpQd.exe
  C:\Windows\System\oiJgpQd.exe
  2⤵
  PID:3996
- C:\Windows\System\FpsdLIE.exe
  C:\Windows\System\FpsdLIE.exe
  2⤵
  PID:4036
- C:\Windows\System\VwoduCc.exe
  C:\Windows\System\VwoduCc.exe
  2⤵
  PID:1756
- C:\Windows\System\ULyeLDk.exe
  C:\Windows\System\ULyeLDk.exe
  2⤵
  PID:3116
- C:\Windows\System\NfFzlEV.exe
  C:\Windows\System\NfFzlEV.exe
  2⤵
  PID:4108
- C:\Windows\System\MmAqXRF.exe
  C:\Windows\System\MmAqXRF.exe
  2⤵
  PID:4124
- C:\Windows\System\oOvheRx.exe
  C:\Windows\System\oOvheRx.exe
  2⤵
  PID:4140
- C:\Windows\System\ecUTCiJ.exe
  C:\Windows\System\ecUTCiJ.exe
  2⤵
  PID:4156
- C:\Windows\System\szhNMNc.exe
  C:\Windows\System\szhNMNc.exe
  2⤵
  PID:4172
- C:\Windows\System\NbhptaZ.exe
  C:\Windows\System\NbhptaZ.exe
  2⤵
  PID:4188
- C:\Windows\System\siBqqya.exe
  C:\Windows\System\siBqqya.exe
  2⤵
  PID:4204
- C:\Windows\System\FWFVXKO.exe
  C:\Windows\System\FWFVXKO.exe
  2⤵
  PID:4224
- C:\Windows\System\ScXNvQY.exe
  C:\Windows\System\ScXNvQY.exe
  2⤵
  PID:4240
- C:\Windows\System\TPxnOWt.exe
  C:\Windows\System\TPxnOWt.exe
  2⤵
  PID:4256
- C:\Windows\System\MEdlznk.exe
  C:\Windows\System\MEdlznk.exe
  2⤵
  PID:4272
- C:\Windows\System\bQAzHzm.exe
  C:\Windows\System\bQAzHzm.exe
  2⤵
  PID:4288
- C:\Windows\System\xjKRktG.exe
  C:\Windows\System\xjKRktG.exe
  2⤵
  PID:4304
- C:\Windows\System\mFsUKDs.exe
  C:\Windows\System\mFsUKDs.exe
  2⤵
  PID:4320
- C:\Windows\System\bBKdYXQ.exe
  C:\Windows\System\bBKdYXQ.exe
  2⤵
  PID:4336
- C:\Windows\System\mzMhIKN.exe
  C:\Windows\System\mzMhIKN.exe
  2⤵
  PID:4352
- C:\Windows\System\UJrAdrD.exe
  C:\Windows\System\UJrAdrD.exe
  2⤵
  PID:4368
- C:\Windows\System\CcAoJLD.exe
  C:\Windows\System\CcAoJLD.exe
  2⤵
  PID:4384
- C:\Windows\System\wskhHTY.exe
  C:\Windows\System\wskhHTY.exe
  2⤵
  PID:4400
- C:\Windows\System\eFmJxBv.exe
  C:\Windows\System\eFmJxBv.exe
  2⤵
  PID:4416
- C:\Windows\System\rjhvWOs.exe
  C:\Windows\System\rjhvWOs.exe
  2⤵
  PID:4432
- C:\Windows\System\KPAqQSt.exe
  C:\Windows\System\KPAqQSt.exe
  2⤵
  PID:4448
- C:\Windows\System\BvfzAXW.exe
  C:\Windows\System\BvfzAXW.exe
  2⤵
  PID:4464
- C:\Windows\System\hwPreGs.exe
  C:\Windows\System\hwPreGs.exe
  2⤵
  PID:4480
- C:\Windows\System\SXavRIZ.exe
  C:\Windows\System\SXavRIZ.exe
  2⤵
  PID:4496
- C:\Windows\System\wNhfTgj.exe
  C:\Windows\System\wNhfTgj.exe
  2⤵
  PID:4512
- C:\Windows\System\aXrdlSe.exe
  C:\Windows\System\aXrdlSe.exe
  2⤵
  PID:4528
- C:\Windows\System\TocNnPP.exe
  C:\Windows\System\TocNnPP.exe
  2⤵
  PID:4544
- C:\Windows\System\CuCPOYt.exe
  C:\Windows\System\CuCPOYt.exe
  2⤵
  PID:4560
- C:\Windows\System\nPLmyZe.exe
  C:\Windows\System\nPLmyZe.exe
  2⤵
  PID:4592
- C:\Windows\System\pmDPiqW.exe
  C:\Windows\System\pmDPiqW.exe
  2⤵
  PID:4816
- C:\Windows\System\AQRyxaB.exe
  C:\Windows\System\AQRyxaB.exe
  2⤵
  PID:4836
- C:\Windows\System\YJHcFxa.exe
  C:\Windows\System\YJHcFxa.exe
  2⤵
  PID:4852
- C:\Windows\System\PGazWyd.exe
  C:\Windows\System\PGazWyd.exe
  2⤵
  PID:4868
- C:\Windows\System\rhWIDcu.exe
  C:\Windows\System\rhWIDcu.exe
  2⤵
  PID:4888
- C:\Windows\System\oPKJrwL.exe
  C:\Windows\System\oPKJrwL.exe
  2⤵
  PID:4904
- C:\Windows\System\VeLyQVQ.exe
  C:\Windows\System\VeLyQVQ.exe
  2⤵
  PID:4932
- C:\Windows\System\PFEVAxk.exe
  C:\Windows\System\PFEVAxk.exe
  2⤵
  PID:4956
- C:\Windows\System\cWBrRXD.exe
  C:\Windows\System\cWBrRXD.exe
  2⤵
  PID:4972
- C:\Windows\System\ExvaAYR.exe
  C:\Windows\System\ExvaAYR.exe
  2⤵
  PID:4988
- C:\Windows\System\AwvZhBj.exe
  C:\Windows\System\AwvZhBj.exe
  2⤵
  PID:5004
- C:\Windows\System\HmveYMM.exe
  C:\Windows\System\HmveYMM.exe
  2⤵
  PID:5020
- C:\Windows\System\KQejAhJ.exe
  C:\Windows\System\KQejAhJ.exe
  2⤵
  PID:5044
- C:\Windows\System\nUlmdXo.exe
  C:\Windows\System\nUlmdXo.exe
  2⤵
  PID:5060
- C:\Windows\System\iayWWNe.exe
  C:\Windows\System\iayWWNe.exe
  2⤵
  PID:5076
- C:\Windows\System\Zjnhhpf.exe
  C:\Windows\System\Zjnhhpf.exe
  2⤵
  PID:5092
- C:\Windows\System\VfYzQJn.exe
  C:\Windows\System\VfYzQJn.exe
  2⤵
  PID:5116
- C:\Windows\System\FraVURm.exe
  C:\Windows\System\FraVURm.exe
  2⤵
  PID:288
- C:\Windows\System\TJgfgCn.exe
  C:\Windows\System\TJgfgCn.exe
  2⤵
  PID:3412
- C:\Windows\System\VtHQcaR.exe
  C:\Windows\System\VtHQcaR.exe
  2⤵
  PID:3716
- C:\Windows\System\OsCKMAw.exe
  C:\Windows\System\OsCKMAw.exe
  2⤵
  PID:2628
- C:\Windows\System\bpZRDFK.exe
  C:\Windows\System\bpZRDFK.exe
  2⤵
  PID:1760
- C:\Windows\System\XUkfxFV.exe
  C:\Windows\System\XUkfxFV.exe
  2⤵
  PID:904
- C:\Windows\System\eIoFDqY.exe
  C:\Windows\System\eIoFDqY.exe
  2⤵
  PID:3136
- C:\Windows\System\CEnRKyu.exe
  C:\Windows\System\CEnRKyu.exe
  2⤵
  PID:4180
- C:\Windows\System\evQDNgq.exe
  C:\Windows\System\evQDNgq.exe
  2⤵
  PID:4216
- C:\Windows\System\zOICdgO.exe
  C:\Windows\System\zOICdgO.exe
  2⤵
  PID:4280
- C:\Windows\System\wOABbYz.exe
  C:\Windows\System\wOABbYz.exe
  2⤵
  PID:4312
- C:\Windows\System\AYduoxx.exe
  C:\Windows\System\AYduoxx.exe
  2⤵
  PID:4376
- C:\Windows\System\CQsRHlT.exe
  C:\Windows\System\CQsRHlT.exe
  2⤵
  PID:1828
- C:\Windows\System\XpyBqFH.exe
  C:\Windows\System\XpyBqFH.exe
  2⤵
  PID:3320
- C:\Windows\System\syGleRp.exe
  C:\Windows\System\syGleRp.exe
  2⤵
  PID:2232
- C:\Windows\System\IiwgVcc.exe
  C:\Windows\System\IiwgVcc.exe
  2⤵
  PID:3456
- C:\Windows\System\KqeahcO.exe
  C:\Windows\System\KqeahcO.exe
  2⤵
  PID:4472
- C:\Windows\System\tUWtjnv.exe
  C:\Windows\System\tUWtjnv.exe
  2⤵
  PID:4568
- C:\Windows\System\ZwEXldW.exe
  C:\Windows\System\ZwEXldW.exe
  2⤵
  PID:608
- C:\Windows\System\jTJrLed.exe
  C:\Windows\System\jTJrLed.exe
  2⤵
  PID:2128
- C:\Windows\System\OvgphVP.exe
  C:\Windows\System\OvgphVP.exe
  2⤵
  PID:2216
- C:\Windows\System\qhjXCDX.exe
  C:\Windows\System\qhjXCDX.exe
  2⤵
  PID:3804
- C:\Windows\System\eplLgJN.exe
  C:\Windows\System\eplLgJN.exe
  2⤵
  PID:2656
- C:\Windows\System\hAYWQwR.exe
  C:\Windows\System\hAYWQwR.exe
  2⤵
  PID:4136
- C:\Windows\System\agTHiTu.exe
  C:\Windows\System\agTHiTu.exe
  2⤵
  PID:4200
- C:\Windows\System\mqgHPWb.exe
  C:\Windows\System\mqgHPWb.exe
  2⤵
  PID:4268
- C:\Windows\System\bNnULUV.exe
  C:\Windows\System\bNnULUV.exe
  2⤵
  PID:4332
- C:\Windows\System\oMkFsoE.exe
  C:\Windows\System\oMkFsoE.exe
  2⤵
  PID:4392
- C:\Windows\System\xnHaieq.exe
  C:\Windows\System\xnHaieq.exe
  2⤵
  PID:4456
- C:\Windows\System\kldHONB.exe
  C:\Windows\System\kldHONB.exe
  2⤵
  PID:4524
- C:\Windows\System\WsoOHtI.exe
  C:\Windows\System\WsoOHtI.exe
  2⤵
  PID:3992
- C:\Windows\System\vdUKDqj.exe
  C:\Windows\System\vdUKDqj.exe
  2⤵
  PID:3532
- C:\Windows\System\LBNsDqN.exe
  C:\Windows\System\LBNsDqN.exe
  2⤵
  PID:1252
- C:\Windows\System\jjMljqP.exe
  C:\Windows\System\jjMljqP.exe
  2⤵
  PID:1716
- C:\Windows\System\OCANsxa.exe
  C:\Windows\System\OCANsxa.exe
  2⤵
  PID:2012
- C:\Windows\System\WsjFoRQ.exe
  C:\Windows\System\WsjFoRQ.exe
  2⤵
  PID:3980
- C:\Windows\System\BIDwfOl.exe
  C:\Windows\System\BIDwfOl.exe
  2⤵
  PID:3964
- C:\Windows\System\iumZqcG.exe
  C:\Windows\System\iumZqcG.exe
  2⤵
  PID:3836
- C:\Windows\System\wkPApjo.exe
  C:\Windows\System\wkPApjo.exe
  2⤵
  PID:3476
- C:\Windows\System\OZvMmxq.exe
  C:\Windows\System\OZvMmxq.exe
  2⤵
  PID:4612
- C:\Windows\System\RPhcGnV.exe
  C:\Windows\System\RPhcGnV.exe
  2⤵
  PID:4784
- C:\Windows\System\ujAwOFa.exe
  C:\Windows\System\ujAwOFa.exe
  2⤵
  PID:4800
- C:\Windows\System\lwylJxK.exe
  C:\Windows\System\lwylJxK.exe
  2⤵
  PID:4824
- C:\Windows\System\ERBXVPq.exe
  C:\Windows\System\ERBXVPq.exe
  2⤵
  PID:4864
- C:\Windows\System\COukMUi.exe
  C:\Windows\System\COukMUi.exe
  2⤵
  PID:4980
- C:\Windows\System\nnfWSsh.exe
  C:\Windows\System\nnfWSsh.exe
  2⤵
  PID:5012
- C:\Windows\System\BirICRu.exe
  C:\Windows\System\BirICRu.exe
  2⤵
  PID:5084
- C:\Windows\System\sSdIhrO.exe
  C:\Windows\System\sSdIhrO.exe
  2⤵
  PID:3616
- C:\Windows\System\sICzjBh.exe
  C:\Windows\System\sICzjBh.exe
  2⤵
  PID:3184
- C:\Windows\System\VOcLFEh.exe
  C:\Windows\System\VOcLFEh.exe
  2⤵
  PID:3204
- C:\Windows\System\mJKOQYQ.exe
  C:\Windows\System\mJKOQYQ.exe
  2⤵
  PID:4848
- C:\Windows\System\KFnelGR.exe
  C:\Windows\System\KFnelGR.exe
  2⤵
  PID:4844
- C:\Windows\System\sYMKmqz.exe
  C:\Windows\System\sYMKmqz.exe
  2⤵
  PID:4440
- C:\Windows\System\UIIfkrn.exe
  C:\Windows\System\UIIfkrn.exe
  2⤵
  PID:4920
- C:\Windows\System\FfcXppk.exe
  C:\Windows\System\FfcXppk.exe
  2⤵
  PID:5040
- C:\Windows\System\uTsfhPC.exe
  C:\Windows\System\uTsfhPC.exe
  2⤵
  PID:4196
- C:\Windows\System\pNcHxgs.exe
  C:\Windows\System\pNcHxgs.exe
  2⤵
  PID:3172
- C:\Windows\System\HsKmZFc.exe
  C:\Windows\System\HsKmZFc.exe
  2⤵
  PID:3424
- C:\Windows\System\HIcXumn.exe
  C:\Windows\System\HIcXumn.exe
  2⤵
  PID:4968
- C:\Windows\System\VJSdVsT.exe
  C:\Windows\System\VJSdVsT.exe
  2⤵
  PID:4064
- C:\Windows\System\GGEeuXA.exe
  C:\Windows\System\GGEeuXA.exe
  2⤵
  PID:5108
- C:\Windows\System\nmBZjbH.exe
  C:\Windows\System\nmBZjbH.exe
  2⤵
  PID:5028
- C:\Windows\System\VcRdKyB.exe
  C:\Windows\System\VcRdKyB.exe
  2⤵
  PID:4300
- C:\Windows\System\BNNmbSF.exe
  C:\Windows\System\BNNmbSF.exe
  2⤵
  PID:4588
- C:\Windows\System\ZCxqGTM.exe
  C:\Windows\System\ZCxqGTM.exe
  2⤵
  PID:3304
- C:\Windows\System\sDuIEmo.exe
  C:\Windows\System\sDuIEmo.exe
  2⤵
  PID:3800
- C:\Windows\System\InlXGKG.exe
  C:\Windows\System\InlXGKG.exe
  2⤵
  PID:2848
- C:\Windows\System\kvoCCqY.exe
  C:\Windows\System\kvoCCqY.exe
  2⤵
  PID:4640
- C:\Windows\System\haTeRhL.exe
  C:\Windows\System\haTeRhL.exe
  2⤵
  PID:4660
- C:\Windows\System\CmopSuL.exe
  C:\Windows\System\CmopSuL.exe
  2⤵
  PID:4736
- C:\Windows\System\uArHCYY.exe
  C:\Windows\System\uArHCYY.exe
  2⤵
  PID:4760
- C:\Windows\System\USHXaSr.exe
  C:\Windows\System\USHXaSr.exe
  2⤵
  PID:4772
- C:\Windows\System\iZlfFub.exe
  C:\Windows\System\iZlfFub.exe
  2⤵
  PID:4940
- C:\Windows\System\CQQJSAm.exe
  C:\Windows\System\CQQJSAm.exe
  2⤵
  PID:5056
- C:\Windows\System\hAXDWNV.exe
  C:\Windows\System\hAXDWNV.exe
  2⤵
  PID:3348
- C:\Windows\System\xmwBHAK.exe
  C:\Windows\System\xmwBHAK.exe
  2⤵
  PID:3164
- C:\Windows\System\fFNUWvs.exe
  C:\Windows\System\fFNUWvs.exe
  2⤵
  PID:3908
- C:\Windows\System\CDxaOzQ.exe
  C:\Windows\System\CDxaOzQ.exe
  2⤵
  PID:3664
- C:\Windows\System\uTlpeZA.exe
  C:\Windows\System\uTlpeZA.exe
  2⤵
  PID:3516
- C:\Windows\System\SEQQTEa.exe
  C:\Windows\System\SEQQTEa.exe
  2⤵
  PID:4236
- C:\Windows\System\MrERuWP.exe
  C:\Windows\System\MrERuWP.exe
  2⤵
  PID:3332
- C:\Windows\System\gwGhicD.exe
  C:\Windows\System\gwGhicD.exe
  2⤵
  PID:4996
- C:\Windows\System\SgRzuhD.exe
  C:\Windows\System\SgRzuhD.exe
  2⤵
  PID:3372
- C:\Windows\System\ObFAjDg.exe
  C:\Windows\System\ObFAjDg.exe
  2⤵
  PID:4792
- C:\Windows\System\BeQIQSq.exe
  C:\Windows\System\BeQIQSq.exe
  2⤵
  PID:4656
- C:\Windows\System\FejXyKO.exe
  C:\Windows\System\FejXyKO.exe
  2⤵
  PID:2588
- C:\Windows\System\BaxyHbx.exe
  C:\Windows\System\BaxyHbx.exe
  2⤵
  PID:4168
- C:\Windows\System\ghKjnFe.exe
  C:\Windows\System\ghKjnFe.exe
  2⤵
  PID:4556
- C:\Windows\System\YnucEcV.exe
  C:\Windows\System\YnucEcV.exe
  2⤵
  PID:3780
- C:\Windows\System\cQoWvhP.exe
  C:\Windows\System\cQoWvhP.exe
  2⤵
  PID:4636
- C:\Windows\System\wiPJOKI.exe
  C:\Windows\System\wiPJOKI.exe
  2⤵
  PID:2464
- C:\Windows\System\xaEVstz.exe
  C:\Windows\System\xaEVstz.exe
  2⤵
  PID:4828
- C:\Windows\System\JRdTxXP.exe
  C:\Windows\System\JRdTxXP.exe
  2⤵
  PID:4912
- C:\Windows\System\UOAgWgE.exe
  C:\Windows\System\UOAgWgE.exe
  2⤵
  PID:4680
- C:\Windows\System\xDlUgdN.exe
  C:\Windows\System\xDlUgdN.exe
  2⤵
  PID:4696
- C:\Windows\System\OhukDCU.exe
  C:\Windows\System\OhukDCU.exe
  2⤵
  PID:4716
- C:\Windows\System\KOYXcpc.exe
  C:\Windows\System\KOYXcpc.exe
  2⤵
  PID:4728
- C:\Windows\System\yRxeiGA.exe
  C:\Windows\System\yRxeiGA.exe
  2⤵
  PID:2908
- C:\Windows\System\gJHNKnd.exe
  C:\Windows\System\gJHNKnd.exe
  2⤵
  PID:5124
- C:\Windows\System\guLNnPM.exe
  C:\Windows\System\guLNnPM.exe
  2⤵
  PID:5140
- C:\Windows\System\HbznuuY.exe
  C:\Windows\System\HbznuuY.exe
  2⤵
  PID:5156
- C:\Windows\System\hUJSExf.exe
  C:\Windows\System\hUJSExf.exe
  2⤵
  PID:5172
- C:\Windows\System\pNqqjLE.exe
  C:\Windows\System\pNqqjLE.exe
  2⤵
  PID:5188
- C:\Windows\System\ZLyDVtM.exe
  C:\Windows\System\ZLyDVtM.exe
  2⤵
  PID:5204
- C:\Windows\System\iBhYAJt.exe
  C:\Windows\System\iBhYAJt.exe
  2⤵
  PID:5220
- C:\Windows\System\ZLHhMNJ.exe
  C:\Windows\System\ZLHhMNJ.exe
  2⤵
  PID:5236
- C:\Windows\System\QdwfaSY.exe
  C:\Windows\System\QdwfaSY.exe
  2⤵
  PID:5252
- C:\Windows\System\ngtkfYu.exe
  C:\Windows\System\ngtkfYu.exe
  2⤵
  PID:5268
- C:\Windows\System\gPTwJeD.exe
  C:\Windows\System\gPTwJeD.exe
  2⤵
  PID:5288
- C:\Windows\System\dJnlZsM.exe
  C:\Windows\System\dJnlZsM.exe
  2⤵
  PID:5304
- C:\Windows\System\jNXbGUE.exe
  C:\Windows\System\jNXbGUE.exe
  2⤵
  PID:5324
- C:\Windows\System\yuzjcyT.exe
  C:\Windows\System\yuzjcyT.exe
  2⤵
  PID:5340
- C:\Windows\System\YvsrTFg.exe
  C:\Windows\System\YvsrTFg.exe
  2⤵
  PID:5360
- C:\Windows\System\VrQQGyG.exe
  C:\Windows\System\VrQQGyG.exe
  2⤵
  PID:5376
- C:\Windows\System\NacXpTi.exe
  C:\Windows\System\NacXpTi.exe
  2⤵
  PID:5392
- C:\Windows\System\ZktOSHA.exe
  C:\Windows\System\ZktOSHA.exe
  2⤵
  PID:5412
- C:\Windows\System\eJqsSyd.exe
  C:\Windows\System\eJqsSyd.exe
  2⤵
  PID:5432
- C:\Windows\System\WwjrKSW.exe
  C:\Windows\System\WwjrKSW.exe
  2⤵
  PID:5448
- C:\Windows\System\hccPXYF.exe
  C:\Windows\System\hccPXYF.exe
  2⤵
  PID:5464
- C:\Windows\System\bZiZWgQ.exe
  C:\Windows\System\bZiZWgQ.exe
  2⤵
  PID:5480
- C:\Windows\System\CoqwpxE.exe
  C:\Windows\System\CoqwpxE.exe
  2⤵
  PID:5496
- C:\Windows\System\NQMEBcb.exe
  C:\Windows\System\NQMEBcb.exe
  2⤵
  PID:5512
- C:\Windows\System\RUyrToT.exe
  C:\Windows\System\RUyrToT.exe
  2⤵
  PID:5528
- C:\Windows\System\cYTOEnJ.exe
  C:\Windows\System\cYTOEnJ.exe
  2⤵
  PID:5544
- C:\Windows\System\XgiMHqj.exe
  C:\Windows\System\XgiMHqj.exe
  2⤵
  PID:5560
- C:\Windows\System\xECnyZU.exe
  C:\Windows\System\xECnyZU.exe
  2⤵
  PID:5576
- C:\Windows\System\rdLnwqt.exe
  C:\Windows\System\rdLnwqt.exe
  2⤵
  PID:5592
- C:\Windows\System\zThjzCY.exe
  C:\Windows\System\zThjzCY.exe
  2⤵
  PID:5608
- C:\Windows\System\toUWWkF.exe
  C:\Windows\System\toUWWkF.exe
  2⤵
  PID:5624
- C:\Windows\System\UxbeVPK.exe
  C:\Windows\System\UxbeVPK.exe
  2⤵
  PID:5640
- C:\Windows\System\QcgYrTb.exe
  C:\Windows\System\QcgYrTb.exe
  2⤵
  PID:5656
- C:\Windows\System\usjZLoE.exe
  C:\Windows\System\usjZLoE.exe
  2⤵
  PID:5672
- C:\Windows\System\aQpclwh.exe
  C:\Windows\System\aQpclwh.exe
  2⤵
  PID:5688
- C:\Windows\System\WnFeBAM.exe
  C:\Windows\System\WnFeBAM.exe
  2⤵
  PID:5704
- C:\Windows\System\kpVySUB.exe
  C:\Windows\System\kpVySUB.exe
  2⤵
  PID:5720
- C:\Windows\System\dNGKjne.exe
  C:\Windows\System\dNGKjne.exe
  2⤵
  PID:5736
- C:\Windows\System\bmErtwb.exe
  C:\Windows\System\bmErtwb.exe
  2⤵
  PID:5752
- C:\Windows\System\cmYZITz.exe
  C:\Windows\System\cmYZITz.exe
  2⤵
  PID:5768
- C:\Windows\System\gYkQkSH.exe
  C:\Windows\System\gYkQkSH.exe
  2⤵
  PID:5784
- C:\Windows\System\yXNcJfY.exe
  C:\Windows\System\yXNcJfY.exe
  2⤵
  PID:5800
- C:\Windows\System\izWBSrt.exe
  C:\Windows\System\izWBSrt.exe
  2⤵
  PID:5816
- C:\Windows\System\fWBqQJd.exe
  C:\Windows\System\fWBqQJd.exe
  2⤵
  PID:5832
- C:\Windows\System\bkjnDXV.exe
  C:\Windows\System\bkjnDXV.exe
  2⤵
  PID:5848
- C:\Windows\System\HnwpTOa.exe
  C:\Windows\System\HnwpTOa.exe
  2⤵
  PID:5868
- C:\Windows\System\mbHvlbU.exe
  C:\Windows\System\mbHvlbU.exe
  2⤵
  PID:5892
- C:\Windows\System\tZCvlvh.exe
  C:\Windows\System\tZCvlvh.exe
  2⤵
  PID:5920
- C:\Windows\System\UubOKdX.exe
  C:\Windows\System\UubOKdX.exe
  2⤵
  PID:5936
- C:\Windows\System\pUnMOga.exe
  C:\Windows\System\pUnMOga.exe
  2⤵
  PID:5952
- C:\Windows\System\qVYFgte.exe
  C:\Windows\System\qVYFgte.exe
  2⤵
  PID:5968
- C:\Windows\System\YNcnqgQ.exe
  C:\Windows\System\YNcnqgQ.exe
  2⤵
  PID:5984
- C:\Windows\System\rIVbfyM.exe
  C:\Windows\System\rIVbfyM.exe
  2⤵
  PID:6000
- C:\Windows\System\XeYmmMY.exe
  C:\Windows\System\XeYmmMY.exe
  2⤵
  PID:6016
- C:\Windows\System\CwXAtsw.exe
  C:\Windows\System\CwXAtsw.exe
  2⤵
  PID:6032
- C:\Windows\System\hCkfQSh.exe
  C:\Windows\System\hCkfQSh.exe
  2⤵
  PID:6048
- C:\Windows\System\mxQZwwb.exe
  C:\Windows\System\mxQZwwb.exe
  2⤵
  PID:6064
- C:\Windows\System\SeWnjSH.exe
  C:\Windows\System\SeWnjSH.exe
  2⤵
  PID:6080
- C:\Windows\System\oQHtxzu.exe
  C:\Windows\System\oQHtxzu.exe
  2⤵
  PID:6096
- C:\Windows\System\wVijNEz.exe
  C:\Windows\System\wVijNEz.exe
  2⤵
  PID:6112
- C:\Windows\System\mCswaPc.exe
  C:\Windows\System\mCswaPc.exe
  2⤵
  PID:6128
- C:\Windows\System\DNsXIhC.exe
  C:\Windows\System\DNsXIhC.exe
  2⤵
  PID:3016
- C:\Windows\System\EVBdsZz.exe
  C:\Windows\System\EVBdsZz.exe
  2⤵
  PID:4948
- C:\Windows\System\aDigRJb.exe
  C:\Windows\System\aDigRJb.exe
  2⤵
  PID:2508
- C:\Windows\System\JfvYmdr.exe
  C:\Windows\System\JfvYmdr.exe
  2⤵
  PID:4812
- C:\Windows\System\SvNQZBz.exe
  C:\Windows\System\SvNQZBz.exe
  2⤵
  PID:3660
- C:\Windows\System\fLyMxDN.exe
  C:\Windows\System\fLyMxDN.exe
  2⤵
  PID:4608
- C:\Windows\System\CfljtLF.exe
  C:\Windows\System\CfljtLF.exe
  2⤵
  PID:4540
- C:\Windows\System\FKNmdIW.exe
  C:\Windows\System\FKNmdIW.exe
  2⤵
  PID:2664
- C:\Windows\System\fWBKwrs.exe
  C:\Windows\System\fWBKwrs.exe
  2⤵
  PID:3776
- C:\Windows\System\DdqLAXB.exe
  C:\Windows\System\DdqLAXB.exe
  2⤵
  PID:4576
- C:\Windows\System\msVAezp.exe
  C:\Windows\System\msVAezp.exe
  2⤵
  PID:4692
- C:\Windows\System\mxTsNnK.exe
  C:\Windows\System\mxTsNnK.exe
  2⤵
  PID:4748
- C:\Windows\System\XGetURN.exe
  C:\Windows\System\XGetURN.exe
  2⤵
  PID:5184
- C:\Windows\System\RdoVoXC.exe
  C:\Windows\System\RdoVoXC.exe
  2⤵
  PID:5248
- C:\Windows\System\cqIXroi.exe
  C:\Windows\System\cqIXroi.exe
  2⤵
  PID:5312
- C:\Windows\System\rgTIrlz.exe
  C:\Windows\System\rgTIrlz.exe
  2⤵
  PID:5356
- C:\Windows\System\GuliYfF.exe
  C:\Windows\System\GuliYfF.exe
  2⤵
  PID:5420
- C:\Windows\System\JLUDNoz.exe
  C:\Windows\System\JLUDNoz.exe
  2⤵
  PID:5556
- C:\Windows\System\oEHGDiE.exe
  C:\Windows\System\oEHGDiE.exe
  2⤵
  PID:5032
- C:\Windows\System\BpzEoRJ.exe
  C:\Windows\System\BpzEoRJ.exe
  2⤵
  PID:1272
- C:\Windows\System\ZgquGcW.exe
  C:\Windows\System\ZgquGcW.exe
  2⤵
  PID:4264
- C:\Windows\System\bSXvzwp.exe
  C:\Windows\System\bSXvzwp.exe
  2⤵
  PID:4964
- C:\Windows\System\aWTSqdM.exe
  C:\Windows\System\aWTSqdM.exe
  2⤵
  PID:5652
- C:\Windows\System\pSfYpdp.exe
  C:\Windows\System\pSfYpdp.exe
  2⤵
  PID:5684
- C:\Windows\System\zqkcQkz.exe
  C:\Windows\System\zqkcQkz.exe
  2⤵
  PID:5748
- C:\Windows\System\FoSQnur.exe
  C:\Windows\System\FoSQnur.exe
  2⤵
  PID:5812
- C:\Windows\System\BxezncY.exe
  C:\Windows\System\BxezncY.exe
  2⤵
  PID:5572
- C:\Windows\System\fOCDyKy.exe
  C:\Windows\System\fOCDyKy.exe
  2⤵
  PID:5664
- C:\Windows\System\biSHOSK.exe
  C:\Windows\System\biSHOSK.exe
  2⤵
  PID:5728
- C:\Windows\System\wHYaqqL.exe
  C:\Windows\System\wHYaqqL.exe
  2⤵
  PID:5764
- C:\Windows\System\cgcJNvV.exe
  C:\Windows\System\cgcJNvV.exe
  2⤵
  PID:5828
- C:\Windows\System\UCJJerz.exe
  C:\Windows\System\UCJJerz.exe
  2⤵
  PID:5900
- C:\Windows\System\gNIlogp.exe
  C:\Windows\System\gNIlogp.exe
  2⤵
  PID:5336
- C:\Windows\System\rQaGCmu.exe
  C:\Windows\System\rQaGCmu.exe
  2⤵
  PID:5260
- C:\Windows\System\mvDVrnO.exe
  C:\Windows\System\mvDVrnO.exe
  2⤵
  PID:5200
- C:\Windows\System\wfFVfTn.exe
  C:\Windows\System\wfFVfTn.exe
  2⤵
  PID:5136
- C:\Windows\System\xnnICXr.exe
  C:\Windows\System\xnnICXr.exe
  2⤵
  PID:4708
- C:\Windows\System\txzbMIJ.exe
  C:\Windows\System\txzbMIJ.exe
  2⤵
  PID:4952
- C:\Windows\System\HVAKzeZ.exe
  C:\Windows\System\HVAKzeZ.exe
  2⤵
  PID:2712
- C:\Windows\System\NGkizqr.exe
  C:\Windows\System\NGkizqr.exe
  2⤵
  PID:1784
- C:\Windows\System\oPNfJGj.exe
  C:\Windows\System\oPNfJGj.exe
  2⤵
  PID:4396
- C:\Windows\System\xhQFrGL.exe
  C:\Windows\System\xhQFrGL.exe
  2⤵
  PID:4776
- C:\Windows\System\hccCGVb.exe
  C:\Windows\System\hccCGVb.exe
  2⤵
  PID:4600
- C:\Windows\System\nWaRlXV.exe
  C:\Windows\System\nWaRlXV.exe
  2⤵
  PID:2340
- C:\Windows\System\kefWZCx.exe
  C:\Windows\System\kefWZCx.exe
  2⤵
  PID:5244
- C:\Windows\System\EYPbmxF.exe
  C:\Windows\System\EYPbmxF.exe
  2⤵
  PID:6024
- C:\Windows\System\MYjOdzN.exe
  C:\Windows\System\MYjOdzN.exe
  2⤵
  PID:5348
- C:\Windows\System\XxsWAqX.exe
  C:\Windows\System\XxsWAqX.exe
  2⤵
  PID:4808
- C:\Windows\System\aRkXbuw.exe
  C:\Windows\System\aRkXbuw.exe
  2⤵
  PID:4104
- C:\Windows\System\msYgDhM.exe
  C:\Windows\System\msYgDhM.exe
  2⤵
  PID:4684
- C:\Windows\System\VWJhhAY.exe
  C:\Windows\System\VWJhhAY.exe
  2⤵
  PID:5284
- C:\Windows\System\CnQBxmf.exe
  C:\Windows\System\CnQBxmf.exe
  2⤵
  PID:4928
- C:\Windows\System\dMmbXGF.exe
  C:\Windows\System\dMmbXGF.exe
  2⤵
  PID:6104
- C:\Windows\System\uMTShSo.exe
  C:\Windows\System\uMTShSo.exe
  2⤵
  PID:5488
- C:\Windows\System\kewafHq.exe
  C:\Windows\System\kewafHq.exe
  2⤵
  PID:2616
- C:\Windows\System\DSwIcQQ.exe
  C:\Windows\System\DSwIcQQ.exe
  2⤵
  PID:2480
- C:\Windows\System\koWVaBc.exe
  C:\Windows\System\koWVaBc.exe
  2⤵
  PID:4768
- C:\Windows\System\YAKvRlv.exe
  C:\Windows\System\YAKvRlv.exe
  2⤵
  PID:5780
- C:\Windows\System\ccQUOid.exe
  C:\Windows\System\ccQUOid.exe
  2⤵
  PID:5636
- C:\Windows\System\cinkEeO.exe
  C:\Windows\System\cinkEeO.exe
  2⤵
  PID:5864
- C:\Windows\System\kItZcfu.exe
  C:\Windows\System\kItZcfu.exe
  2⤵
  PID:5300
- C:\Windows\System\iuscykz.exe
  C:\Windows\System\iuscykz.exe
  2⤵
  PID:5888
- C:\Windows\System\tqhOqMh.exe
  C:\Windows\System\tqhOqMh.exe
  2⤵
  PID:5404
- C:\Windows\System\WWcFYcR.exe
  C:\Windows\System\WWcFYcR.exe
  2⤵
  PID:5444
- C:\Windows\System\DeRMBau.exe
  C:\Windows\System\DeRMBau.exe
  2⤵
  PID:5508
- C:\Windows\System\ASHirox.exe
  C:\Windows\System\ASHirox.exe
  2⤵
  PID:5620
- C:\Windows\System\KZeMhtY.exe
  C:\Windows\System\KZeMhtY.exe
  2⤵
  PID:4880
- C:\Windows\System\UnNiFQJ.exe
  C:\Windows\System\UnNiFQJ.exe
  2⤵
  PID:5824
- C:\Windows\System\qRdWukz.exe
  C:\Windows\System\qRdWukz.exe
  2⤵
  PID:5372
- C:\Windows\System\tuCOhPE.exe
  C:\Windows\System\tuCOhPE.exe
  2⤵
  PID:5796
- C:\Windows\System\bFKnVhu.exe
  C:\Windows\System\bFKnVhu.exe
  2⤵
  PID:4672
- C:\Windows\System\rLTXQvR.exe
  C:\Windows\System\rLTXQvR.exe
  2⤵
  PID:6008
- C:\Windows\System\gsgPRod.exe
  C:\Windows\System\gsgPRod.exe
  2⤵
  PID:5976
- C:\Windows\System\ZHZhjVJ.exe
  C:\Windows\System\ZHZhjVJ.exe
  2⤵
  PID:6060
- C:\Windows\System\SIqkNXP.exe
  C:\Windows\System\SIqkNXP.exe
  2⤵
  PID:6124
- C:\Windows\System\uuAvfYo.exe
  C:\Windows\System\uuAvfYo.exe
  2⤵
  PID:2808
- C:\Windows\System\vGlowmU.exe
  C:\Windows\System\vGlowmU.exe
  2⤵
  PID:2840
- C:\Windows\System\ECcjSbe.exe
  C:\Windows\System\ECcjSbe.exe
  2⤵
  PID:6056
- C:\Windows\System\LQCDXQJ.exe
  C:\Windows\System\LQCDXQJ.exe
  2⤵
  PID:4520
- C:\Windows\System\aEOtNAs.exe
  C:\Windows\System\aEOtNAs.exe
  2⤵
  PID:4076
- C:\Windows\System\ZLCLsvp.exe
  C:\Windows\System\ZLCLsvp.exe
  2⤵
  PID:5280
- C:\Windows\System\TuySWMV.exe
  C:\Windows\System\TuySWMV.exe
  2⤵
  PID:5460
- C:\Windows\System\BNTkVMY.exe
  C:\Windows\System\BNTkVMY.exe
  2⤵
  PID:5588
- C:\Windows\System\OHZIpQm.exe
  C:\Windows\System\OHZIpQm.exe
  2⤵
  PID:2780
- C:\Windows\System\CjMJUaQ.exe
  C:\Windows\System\CjMJUaQ.exe
  2⤵
  PID:5860
- C:\Windows\System\moMfIwy.exe
  C:\Windows\System\moMfIwy.exe
  2⤵
  PID:5876
- C:\Windows\System\ielNBbS.exe
  C:\Windows\System\ielNBbS.exe
  2⤵
  PID:5400
- C:\Windows\System\iBLfUIa.exe
  C:\Windows\System\iBLfUIa.exe
  2⤵
  PID:5540
- C:\Windows\System\pctwSKQ.exe
  C:\Windows\System\pctwSKQ.exe
  2⤵
  PID:5164
- C:\Windows\System\QjAPUPJ.exe
  C:\Windows\System\QjAPUPJ.exe
  2⤵
  PID:5232
- C:\Windows\System\bZTrtTr.exe
  C:\Windows\System\bZTrtTr.exe
  2⤵
  PID:1484
- C:\Windows\System\dSgBDwY.exe
  C:\Windows\System\dSgBDwY.exe
  2⤵
  PID:6040
- C:\Windows\System\cBOeOtm.exe
  C:\Windows\System\cBOeOtm.exe
  2⤵
  PID:1332
- C:\Windows\System\Duhulxk.exe
  C:\Windows\System\Duhulxk.exe
  2⤵
  PID:4328
- C:\Windows\System\AygZBpx.exe
  C:\Windows\System\AygZBpx.exe
  2⤵
  PID:5216
- C:\Windows\System\TomhEey.exe
  C:\Windows\System\TomhEey.exe
  2⤵
  PID:1612
- C:\Windows\System\rMXQaME.exe
  C:\Windows\System\rMXQaME.exe
  2⤵
  PID:5456
- C:\Windows\System\oDVIgwa.exe
  C:\Windows\System\oDVIgwa.exe
  2⤵
  PID:5072
- C:\Windows\System\jVjNFMz.exe
  C:\Windows\System\jVjNFMz.exe
  2⤵
  PID:2776
- C:\Windows\System\dALRVEv.exe
  C:\Windows\System\dALRVEv.exe
  2⤵
  PID:5068
- C:\Windows\System\lQmxYta.exe
  C:\Windows\System\lQmxYta.exe
  2⤵
  PID:6156
- C:\Windows\System\LaYwUza.exe
  C:\Windows\System\LaYwUza.exe
  2⤵
  PID:6172
- C:\Windows\System\kaABkke.exe
  C:\Windows\System\kaABkke.exe
  2⤵
  PID:6188
- C:\Windows\System\YwmkMfI.exe
  C:\Windows\System\YwmkMfI.exe
  2⤵
  PID:6204
- C:\Windows\System\eKrkHkN.exe
  C:\Windows\System\eKrkHkN.exe
  2⤵
  PID:6220
- C:\Windows\System\HjmbPwb.exe
  C:\Windows\System\HjmbPwb.exe
  2⤵
  PID:6236
- C:\Windows\System\lzvJhwU.exe
  C:\Windows\System\lzvJhwU.exe
  2⤵
  PID:6252
- C:\Windows\System\HPawEJv.exe
  C:\Windows\System\HPawEJv.exe
  2⤵
  PID:6268
- C:\Windows\System\rfSzplB.exe
  C:\Windows\System\rfSzplB.exe
  2⤵
  PID:6284
- C:\Windows\System\VWnZkVm.exe
  C:\Windows\System\VWnZkVm.exe
  2⤵
  PID:6300
- C:\Windows\System\lzKQERZ.exe
  C:\Windows\System\lzKQERZ.exe
  2⤵
  PID:6316
- C:\Windows\System\pXJRGUi.exe
  C:\Windows\System\pXJRGUi.exe
  2⤵
  PID:6332
- C:\Windows\System\gkzuElj.exe
  C:\Windows\System\gkzuElj.exe
  2⤵
  PID:6348
- C:\Windows\System\iMqAgGN.exe
  C:\Windows\System\iMqAgGN.exe
  2⤵
  PID:6364
- C:\Windows\System\jzsYFrV.exe
  C:\Windows\System\jzsYFrV.exe
  2⤵
  PID:6380
- C:\Windows\System\tZWaJXb.exe
  C:\Windows\System\tZWaJXb.exe
  2⤵
  PID:6396
- C:\Windows\System\qSjuKHm.exe
  C:\Windows\System\qSjuKHm.exe
  2⤵
  PID:6412
- C:\Windows\System\REqxbtc.exe
  C:\Windows\System\REqxbtc.exe
  2⤵
  PID:6428
- C:\Windows\System\QtpIwWc.exe
  C:\Windows\System\QtpIwWc.exe
  2⤵
  PID:6444
- C:\Windows\System\yJXPZwa.exe
  C:\Windows\System\yJXPZwa.exe
  2⤵
  PID:6460
- C:\Windows\System\byrqjsW.exe
  C:\Windows\System\byrqjsW.exe
  2⤵
  PID:6476
- C:\Windows\System\fmrSnGK.exe
  C:\Windows\System\fmrSnGK.exe
  2⤵
  PID:6492
- C:\Windows\System\KTzjMEq.exe
  C:\Windows\System\KTzjMEq.exe
  2⤵
  PID:6508
- C:\Windows\System\vBLqvAg.exe
  C:\Windows\System\vBLqvAg.exe
  2⤵
  PID:6524
- C:\Windows\System\PBzSscY.exe
  C:\Windows\System\PBzSscY.exe
  2⤵
  PID:6540
- C:\Windows\System\GRiUTAB.exe
  C:\Windows\System\GRiUTAB.exe
  2⤵
  PID:6556
- C:\Windows\System\veqRiRL.exe
  C:\Windows\System\veqRiRL.exe
  2⤵
  PID:6572
- C:\Windows\System\JNzrTar.exe
  C:\Windows\System\JNzrTar.exe
  2⤵
  PID:6588
- C:\Windows\System\miSBTlT.exe
  C:\Windows\System\miSBTlT.exe
  2⤵
  PID:6604
- C:\Windows\System\QFXWYUD.exe
  C:\Windows\System\QFXWYUD.exe
  2⤵
  PID:6620
- C:\Windows\System\EbCwmYm.exe
  C:\Windows\System\EbCwmYm.exe
  2⤵
  PID:6636
- C:\Windows\System\TJMgLrf.exe
  C:\Windows\System\TJMgLrf.exe
  2⤵
  PID:6652
- C:\Windows\System\qtmfBOp.exe
  C:\Windows\System\qtmfBOp.exe
  2⤵
  PID:6668
- C:\Windows\System\HWEdKYo.exe
  C:\Windows\System\HWEdKYo.exe
  2⤵
  PID:6684
- C:\Windows\System\wBtlTDj.exe
  C:\Windows\System\wBtlTDj.exe
  2⤵
  PID:6700
- C:\Windows\System\AolhLRO.exe
  C:\Windows\System\AolhLRO.exe
  2⤵
  PID:6716
- C:\Windows\System\HfiRtCM.exe
  C:\Windows\System\HfiRtCM.exe
  2⤵
  PID:6732
- C:\Windows\System\XoiCdzs.exe
  C:\Windows\System\XoiCdzs.exe
  2⤵
  PID:6748
- C:\Windows\System\VwHRMCn.exe
  C:\Windows\System\VwHRMCn.exe
  2⤵
  PID:6764
- C:\Windows\System\qObuImd.exe
  C:\Windows\System\qObuImd.exe
  2⤵
  PID:6780
- C:\Windows\System\gISDHMe.exe
  C:\Windows\System\gISDHMe.exe
  2⤵
  PID:6800
- C:\Windows\System\uIMCCss.exe
  C:\Windows\System\uIMCCss.exe
  2⤵
  PID:6816
- C:\Windows\System\XRCneEa.exe
  C:\Windows\System\XRCneEa.exe
  2⤵
  PID:6832
- C:\Windows\System\LDRvjdS.exe
  C:\Windows\System\LDRvjdS.exe
  2⤵
  PID:6848
- C:\Windows\System\uHDpRAT.exe
  C:\Windows\System\uHDpRAT.exe
  2⤵
  PID:6864
- C:\Windows\System\VHxEWkr.exe
  C:\Windows\System\VHxEWkr.exe
  2⤵
  PID:6880
- C:\Windows\System\xeeUsxK.exe
  C:\Windows\System\xeeUsxK.exe
  2⤵
  PID:6896
- C:\Windows\System\bGXXRmQ.exe
  C:\Windows\System\bGXXRmQ.exe
  2⤵
  PID:6912
- C:\Windows\System\nAjSZbm.exe
  C:\Windows\System\nAjSZbm.exe
  2⤵
  PID:6928
- C:\Windows\System\sBRUquA.exe
  C:\Windows\System\sBRUquA.exe
  2⤵
  PID:6944
- C:\Windows\System\PYFmHeA.exe
  C:\Windows\System\PYFmHeA.exe
  2⤵
  PID:6964
- C:\Windows\System\PjdGnxw.exe
  C:\Windows\System\PjdGnxw.exe
  2⤵
  PID:6980
- C:\Windows\System\CqWqByW.exe
  C:\Windows\System\CqWqByW.exe
  2⤵
  PID:6996
- C:\Windows\System\jwHBLgo.exe
  C:\Windows\System\jwHBLgo.exe
  2⤵
  PID:7012
- C:\Windows\System\VOUEnMT.exe
  C:\Windows\System\VOUEnMT.exe
  2⤵
  PID:7028
- C:\Windows\System\AUTrQPy.exe
  C:\Windows\System\AUTrQPy.exe
  2⤵
  PID:7044
- C:\Windows\System\RzslJpz.exe
  C:\Windows\System\RzslJpz.exe
  2⤵
  PID:7060
- C:\Windows\System\ExWKMSj.exe
  C:\Windows\System\ExWKMSj.exe
  2⤵
  PID:7076
- C:\Windows\System\UKuhJnB.exe
  C:\Windows\System\UKuhJnB.exe
  2⤵
  PID:7092
- C:\Windows\System\NxblwMj.exe
  C:\Windows\System\NxblwMj.exe
  2⤵
  PID:7108
- C:\Windows\System\hKmYYKE.exe
  C:\Windows\System\hKmYYKE.exe
  2⤵
  PID:7124
- C:\Windows\System\LHRWgRG.exe
  C:\Windows\System\LHRWgRG.exe
  2⤵
  PID:7140
- C:\Windows\System\uLLSMoi.exe
  C:\Windows\System\uLLSMoi.exe
  2⤵
  PID:7156
- C:\Windows\System\qDEzuYu.exe
  C:\Windows\System\qDEzuYu.exe
  2⤵
  PID:3020
- C:\Windows\System\FUyORcA.exe
  C:\Windows\System\FUyORcA.exe
  2⤵
  PID:5368
- C:\Windows\System\cQMVlsx.exe
  C:\Windows\System\cQMVlsx.exe
  2⤵
  PID:5904
- C:\Windows\System\OlKHwCr.exe
  C:\Windows\System\OlKHwCr.exe
  2⤵
  PID:4752
- C:\Windows\System\OdjTFlp.exe
  C:\Windows\System\OdjTFlp.exe
  2⤵
  PID:6076
- C:\Windows\System\CVpXCzA.exe
  C:\Windows\System\CVpXCzA.exe
  2⤵
  PID:5680
- C:\Windows\System\aSuISem.exe
  C:\Windows\System\aSuISem.exe
  2⤵
  PID:5844
- C:\Windows\System\jlGEhJy.exe
  C:\Windows\System\jlGEhJy.exe
  2⤵
  PID:6168
- C:\Windows\System\LWgWCyk.exe
  C:\Windows\System\LWgWCyk.exe
  2⤵
  PID:2764
- C:\Windows\System\yGwcKly.exe
  C:\Windows\System\yGwcKly.exe
  2⤵
  PID:6228
- C:\Windows\System\UULxpjA.exe
  C:\Windows\System\UULxpjA.exe
  2⤵
  PID:6248
- C:\Windows\System\AxTFOvl.exe
  C:\Windows\System\AxTFOvl.exe
  2⤵
  PID:6280
- C:\Windows\System\NwaGEcU.exe
  C:\Windows\System\NwaGEcU.exe
  2⤵
  PID:6312
- C:\Windows\System\JeuPtVP.exe
  C:\Windows\System\JeuPtVP.exe
  2⤵
  PID:6356
- C:\Windows\System\yaagDgt.exe
  C:\Windows\System\yaagDgt.exe
  2⤵
  PID:6376
- C:\Windows\System\NFzxqNf.exe
  C:\Windows\System\NFzxqNf.exe
  2⤵
  PID:6420
- C:\Windows\System\BCBbpzK.exe
  C:\Windows\System\BCBbpzK.exe
  2⤵
  PID:6452
- C:\Windows\System\cmJftJc.exe
  C:\Windows\System\cmJftJc.exe
  2⤵
  PID:6484
- C:\Windows\System\qYtZpTG.exe
  C:\Windows\System\qYtZpTG.exe
  2⤵
  PID:6500
- C:\Windows\System\lvTdXNi.exe
  C:\Windows\System\lvTdXNi.exe
  2⤵
  PID:6532
- C:\Windows\System\AHqjrSd.exe
  C:\Windows\System\AHqjrSd.exe
  2⤵
  PID:6564
- C:\Windows\System\OcscsRh.exe
  C:\Windows\System\OcscsRh.exe
  2⤵
  PID:6596
- C:\Windows\System\fpULUzk.exe
  C:\Windows\System\fpULUzk.exe
  2⤵
  PID:6616
- C:\Windows\System\fBObnMJ.exe
  C:\Windows\System\fBObnMJ.exe
  2⤵
  PID:6648
- C:\Windows\System\eaRPhXC.exe
  C:\Windows\System\eaRPhXC.exe
  2⤵
  PID:2924
- C:\Windows\System\azWWKiy.exe
  C:\Windows\System\azWWKiy.exe
  2⤵
  PID:6696
- C:\Windows\System\tkOZNqZ.exe
  C:\Windows\System\tkOZNqZ.exe
  2⤵
  PID:6728
- C:\Windows\System\JDMWpJl.exe
  C:\Windows\System\JDMWpJl.exe
  2⤵
  PID:6772
- C:\Windows\System\OhuHnXD.exe
  C:\Windows\System\OhuHnXD.exe
  2⤵
  PID:1644
- C:\Windows\System\LHrcdyu.exe
  C:\Windows\System\LHrcdyu.exe
  2⤵
  PID:3008
- C:\Windows\System\tHwlEwB.exe
  C:\Windows\System\tHwlEwB.exe
  2⤵
  PID:6840
- C:\Windows\System\hZKaXdC.exe
  C:\Windows\System\hZKaXdC.exe
  2⤵
  PID:3240
- C:\Windows\System\vFxkjZE.exe
  C:\Windows\System\vFxkjZE.exe
  2⤵
  PID:6908
- C:\Windows\System\SwNPblU.exe
  C:\Windows\System\SwNPblU.exe
  2⤵
  PID:6824
- C:\Windows\System\nZbdDwy.exe
  C:\Windows\System\nZbdDwy.exe
  2⤵
  PID:6892
- C:\Windows\System\eXSvQZL.exe
  C:\Windows\System\eXSvQZL.exe
  2⤵
  PID:6972
- C:\Windows\System\PKmoHsh.exe
  C:\Windows\System\PKmoHsh.exe
  2⤵
  PID:6988
- C:\Windows\System\RKcsebh.exe
  C:\Windows\System\RKcsebh.exe
  2⤵
  PID:7036
- C:\Windows\System\SKtXytP.exe
  C:\Windows\System\SKtXytP.exe
  2⤵
  PID:2492
- C:\Windows\System\aJIXEOk.exe
  C:\Windows\System\aJIXEOk.exe
  2⤵
  PID:7100
- C:\Windows\System\KbYQnfy.exe
  C:\Windows\System\KbYQnfy.exe
  2⤵
  PID:7104
- C:\Windows\System\RQcRsFk.exe
  C:\Windows\System\RQcRsFk.exe
  2⤵
  PID:7136
- C:\Windows\System\XWMvGjX.exe
  C:\Windows\System\XWMvGjX.exe
  2⤵
  PID:7164
- C:\Windows\System\TEAqfIk.exe
  C:\Windows\System\TEAqfIk.exe
  2⤵
  PID:7088
- C:\Windows\System\zjoXCUX.exe
  C:\Windows\System\zjoXCUX.exe
  2⤵
  PID:6108
- C:\Windows\System\KQnMTkr.exe
  C:\Windows\System\KQnMTkr.exe
  2⤵
  PID:6152
- C:\Windows\System\IdOhdsV.exe
  C:\Windows\System\IdOhdsV.exe
  2⤵
  PID:2056
- C:\Windows\System\HzkxPLp.exe
  C:\Windows\System\HzkxPLp.exe
  2⤵
  PID:5744
- C:\Windows\System\dgElEBx.exe
  C:\Windows\System\dgElEBx.exe
  2⤵
  PID:6244
- C:\Windows\System\BPcPJdD.exe
  C:\Windows\System\BPcPJdD.exe
  2⤵
  PID:6340
- C:\Windows\System\cvubUDd.exe
  C:\Windows\System\cvubUDd.exe
  2⤵
  PID:6388
- C:\Windows\System\clunMqN.exe
  C:\Windows\System\clunMqN.exe
  2⤵
  PID:6344
- C:\Windows\System\axkOQYk.exe
  C:\Windows\System\axkOQYk.exe
  2⤵
  PID:6536
- C:\Windows\System\yEjwwQO.exe
  C:\Windows\System\yEjwwQO.exe
  2⤵
  PID:6092
- C:\Windows\System\cPUatNO.exe
  C:\Windows\System\cPUatNO.exe
  2⤵
  PID:6568
- C:\Windows\System\hmVHWvR.exe
  C:\Windows\System\hmVHWvR.exe
  2⤵
  PID:2752
- C:\Windows\System\wkkADxw.exe
  C:\Windows\System\wkkADxw.exe
  2⤵
  PID:6644
- C:\Windows\System\eOYuHEv.exe
  C:\Windows\System\eOYuHEv.exe
  2⤵
  PID:6664
- C:\Windows\System\IUfosBc.exe
  C:\Windows\System\IUfosBc.exe
  2⤵
  PID:6724
- C:\Windows\System\wRtEjKs.exe
  C:\Windows\System\wRtEjKs.exe
  2⤵
  PID:4584
- C:\Windows\System\CPwPsbW.exe
  C:\Windows\System\CPwPsbW.exe
  2⤵
  PID:6936
- C:\Windows\System\iVYNXWS.exe
  C:\Windows\System\iVYNXWS.exe
  2⤵
  PID:2512
- C:\Windows\System\CpEfTPd.exe
  C:\Windows\System\CpEfTPd.exe
  2⤵
  PID:2844
- C:\Windows\System\ghekgCf.exe
  C:\Windows\System\ghekgCf.exe
  2⤵
  PID:6760
- C:\Windows\System\xYVxmZh.exe
  C:\Windows\System\xYVxmZh.exe
  2⤵
  PID:6876
- C:\Windows\System\qmHycGz.exe
  C:\Windows\System\qmHycGz.exe
  2⤵
  PID:6952
- C:\Windows\System\fGpMnTO.exe
  C:\Windows\System\fGpMnTO.exe
  2⤵
  PID:2516
- C:\Windows\System\RiuZecL.exe
  C:\Windows\System\RiuZecL.exe
  2⤵
  PID:7072
- C:\Windows\System\PmRmQad.exe
  C:\Windows\System\PmRmQad.exe
  2⤵
  PID:5948
- C:\Windows\System\ecXSeBq.exe
  C:\Windows\System\ecXSeBq.exe
  2⤵
  PID:2028
- C:\Windows\System\tjzwUEd.exe
  C:\Windows\System\tjzwUEd.exe
  2⤵
  PID:6164
- C:\Windows\System\jARROty.exe
  C:\Windows\System\jARROty.exe
  2⤵
  PID:1804
- C:\Windows\System\EGzYfUI.exe
  C:\Windows\System\EGzYfUI.exe
  2⤵
  PID:6372
- C:\Windows\System\ijvzzIi.exe
  C:\Windows\System\ijvzzIi.exe
  2⤵
  PID:6600
- C:\Windows\System\KeSaMgw.exe
  C:\Windows\System\KeSaMgw.exe
  2⤵
  PID:6436
- C:\Windows\System\WJGqrqg.exe
  C:\Windows\System\WJGqrqg.exe
  2⤵
  PID:7184
- C:\Windows\System\UqPNHrz.exe
  C:\Windows\System\UqPNHrz.exe
  2⤵
  PID:7200
- C:\Windows\System\shgYzAy.exe
  C:\Windows\System\shgYzAy.exe
  2⤵
  PID:7220
- C:\Windows\System\DOwilaM.exe
  C:\Windows\System\DOwilaM.exe
  2⤵
  PID:7240
- C:\Windows\System\IqpSUws.exe
  C:\Windows\System\IqpSUws.exe
  2⤵
  PID:7256
- C:\Windows\System\lsfzzoZ.exe
  C:\Windows\System\lsfzzoZ.exe
  2⤵
  PID:7272
- C:\Windows\System\iQlwNft.exe
  C:\Windows\System\iQlwNft.exe
  2⤵
  PID:7288
- C:\Windows\System\KnvyrCV.exe
  C:\Windows\System\KnvyrCV.exe
  2⤵
  PID:7304
- C:\Windows\System\TaXlJAr.exe
  C:\Windows\System\TaXlJAr.exe
  2⤵
  PID:7320
- C:\Windows\System\MpYoNmq.exe
  C:\Windows\System\MpYoNmq.exe
  2⤵
  PID:7336
- C:\Windows\System\CawGRgq.exe
  C:\Windows\System\CawGRgq.exe
  2⤵
  PID:7384
- C:\Windows\System\orEgnJJ.exe
  C:\Windows\System\orEgnJJ.exe
  2⤵
  PID:7404
- C:\Windows\System\WghQuSK.exe
  C:\Windows\System\WghQuSK.exe
  2⤵
  PID:7432
- C:\Windows\System\qxVwpKY.exe
  C:\Windows\System\qxVwpKY.exe
  2⤵
  PID:7468
- C:\Windows\System\SouNHXg.exe
  C:\Windows\System\SouNHXg.exe
  2⤵
  PID:7488
- C:\Windows\System\yfPjvSH.exe
  C:\Windows\System\yfPjvSH.exe
  2⤵
  PID:7504
- C:\Windows\System\IvUCaBC.exe
  C:\Windows\System\IvUCaBC.exe
  2⤵
  PID:7520
- C:\Windows\System\CUAbruw.exe
  C:\Windows\System\CUAbruw.exe
  2⤵
  PID:7536
- C:\Windows\System\rkPcAOX.exe
  C:\Windows\System\rkPcAOX.exe
  2⤵
  PID:7552
- C:\Windows\System\iyHTmET.exe
  C:\Windows\System\iyHTmET.exe
  2⤵
  PID:7568
- C:\Windows\System\ssFptMn.exe
  C:\Windows\System\ssFptMn.exe
  2⤵
  PID:7584
- C:\Windows\System\HksYWER.exe
  C:\Windows\System\HksYWER.exe
  2⤵
  PID:7600
- C:\Windows\System\cpVmYYS.exe
  C:\Windows\System\cpVmYYS.exe
  2⤵
  PID:7616
- C:\Windows\System\pZdSxGV.exe
  C:\Windows\System\pZdSxGV.exe
  2⤵
  PID:7632
- C:\Windows\System\xTpsjPH.exe
  C:\Windows\System\xTpsjPH.exe
  2⤵
  PID:7648
- C:\Windows\System\dbjBvyN.exe
  C:\Windows\System\dbjBvyN.exe
  2⤵
  PID:7664
- C:\Windows\System\BZlIgZX.exe
  C:\Windows\System\BZlIgZX.exe
  2⤵
  PID:7680
- C:\Windows\System\aGdaJba.exe
  C:\Windows\System\aGdaJba.exe
  2⤵
  PID:7696
- C:\Windows\System\aaoadVH.exe
  C:\Windows\System\aaoadVH.exe
  2⤵
  PID:7712
- C:\Windows\System\UzKulVD.exe
  C:\Windows\System\UzKulVD.exe
  2⤵
  PID:7728
- C:\Windows\System\LmUqbTC.exe
  C:\Windows\System\LmUqbTC.exe
  2⤵
  PID:7744
- C:\Windows\System\SEbUzxY.exe
  C:\Windows\System\SEbUzxY.exe
  2⤵
  PID:7760
- C:\Windows\System\hlQNbtN.exe
  C:\Windows\System\hlQNbtN.exe
  2⤵
  PID:7776
- C:\Windows\System\COegZlg.exe
  C:\Windows\System\COegZlg.exe
  2⤵
  PID:7792
- C:\Windows\System\wxLwVuw.exe
  C:\Windows\System\wxLwVuw.exe
  2⤵
  PID:7808
- C:\Windows\System\EWMNGgy.exe
  C:\Windows\System\EWMNGgy.exe
  2⤵
  PID:7824
- C:\Windows\System\IVOTDIO.exe
  C:\Windows\System\IVOTDIO.exe
  2⤵
  PID:7840
- C:\Windows\System\EsyDScG.exe
  C:\Windows\System\EsyDScG.exe
  2⤵
  PID:7856
- C:\Windows\System\PJTrXnM.exe
  C:\Windows\System\PJTrXnM.exe
  2⤵
  PID:7872
- C:\Windows\System\EtaGXJX.exe
  C:\Windows\System\EtaGXJX.exe
  2⤵
  PID:7888
- C:\Windows\System\WTFLjBO.exe
  C:\Windows\System\WTFLjBO.exe
  2⤵
  PID:7904
- C:\Windows\System\joqQUBu.exe
  C:\Windows\System\joqQUBu.exe
  2⤵
  PID:7920
- C:\Windows\System\gWjDcJc.exe
  C:\Windows\System\gWjDcJc.exe
  2⤵
  PID:7936
- C:\Windows\System\Ywueaav.exe
  C:\Windows\System\Ywueaav.exe
  2⤵
  PID:7952
- C:\Windows\System\HDxiuIE.exe
  C:\Windows\System\HDxiuIE.exe
  2⤵
  PID:7968
- C:\Windows\System\MazUgQx.exe
  C:\Windows\System\MazUgQx.exe
  2⤵
  PID:7984
- C:\Windows\System\xEhjvIi.exe
  C:\Windows\System\xEhjvIi.exe
  2⤵
  PID:8000
- C:\Windows\System\zrzrdOW.exe
  C:\Windows\System\zrzrdOW.exe
  2⤵
  PID:8016
- C:\Windows\System\KVyOHcT.exe
  C:\Windows\System\KVyOHcT.exe
  2⤵
  PID:8032
- C:\Windows\System\lRMesxe.exe
  C:\Windows\System\lRMesxe.exe
  2⤵
  PID:8048
- C:\Windows\System\lcmQWAi.exe
  C:\Windows\System\lcmQWAi.exe
  2⤵
  PID:8064
- C:\Windows\System\pmnTNep.exe
  C:\Windows\System\pmnTNep.exe
  2⤵
  PID:8080
- C:\Windows\System\JIdkAmt.exe
  C:\Windows\System\JIdkAmt.exe
  2⤵
  PID:8096
- C:\Windows\System\bXBKcWg.exe
  C:\Windows\System\bXBKcWg.exe
  2⤵
  PID:8112
- C:\Windows\System\QZKJStI.exe
  C:\Windows\System\QZKJStI.exe
  2⤵
  PID:8128
- C:\Windows\System\RUcEpcM.exe
  C:\Windows\System\RUcEpcM.exe
  2⤵
  PID:8156
- C:\Windows\System\odnpDub.exe
  C:\Windows\System\odnpDub.exe
  2⤵
  PID:8172
- C:\Windows\System\WYavitq.exe
  C:\Windows\System\WYavitq.exe
  2⤵
  PID:8188
- C:\Windows\System\njUPmFl.exe
  C:\Windows\System\njUPmFl.exe
  2⤵
  PID:6276
- C:\Windows\System\lLKXwaD.exe
  C:\Windows\System\lLKXwaD.exe
  2⤵
  PID:3032
- C:\Windows\System\WCjHDKk.exe
  C:\Windows\System\WCjHDKk.exe
  2⤵
  PID:7152
- C:\Windows\System\tdMxqKN.exe
  C:\Windows\System\tdMxqKN.exe
  2⤵
  PID:1576
- C:\Windows\System\CKcuOwJ.exe
  C:\Windows\System\CKcuOwJ.exe
  2⤵
  PID:7192
- C:\Windows\System\iUhlTKa.exe
  C:\Windows\System\iUhlTKa.exe
  2⤵
  PID:6796
- C:\Windows\System\uPWGuUH.exe
  C:\Windows\System\uPWGuUH.exe
  2⤵
  PID:6520
- C:\Windows\System\mQDEjDH.exe
  C:\Windows\System\mQDEjDH.exe
  2⤵
  PID:7208
- C:\Windows\System\KMaDxZK.exe
  C:\Windows\System\KMaDxZK.exe
  2⤵
  PID:6584
- C:\Windows\System\BUzMJof.exe
  C:\Windows\System\BUzMJof.exe
  2⤵
  PID:2380
- C:\Windows\System\nwrNqmJ.exe
  C:\Windows\System\nwrNqmJ.exe
  2⤵
  PID:6956
- C:\Windows\System\qNWVIVD.exe
  C:\Windows\System\qNWVIVD.exe
  2⤵
  PID:6756
- C:\Windows\System\JtPnVRi.exe
  C:\Windows\System\JtPnVRi.exe
  2⤵
  PID:5880
- C:\Windows\System\FbhcjcO.exe
  C:\Windows\System\FbhcjcO.exe
  2⤵
  PID:7296
- C:\Windows\System\dIBQtHj.exe
  C:\Windows\System\dIBQtHj.exe
  2⤵
  PID:7376
- C:\Windows\System\HYpycVs.exe
  C:\Windows\System\HYpycVs.exe
  2⤵
  PID:7316
- C:\Windows\System\ekozwxs.exe
  C:\Windows\System\ekozwxs.exe
  2⤵
  PID:7364
- C:\Windows\System\JEtsNOT.exe
  C:\Windows\System\JEtsNOT.exe
  2⤵
  PID:7332
- C:\Windows\System\ojTqGuc.exe
  C:\Windows\System\ojTqGuc.exe
  2⤵
  PID:7420
- C:\Windows\System\vnuXQEJ.exe
  C:\Windows\System\vnuXQEJ.exe
  2⤵
  PID:7396
- C:\Windows\System\vPYrztK.exe
  C:\Windows\System\vPYrztK.exe
  2⤵
  PID:7448
- C:\Windows\System\nyLfCUK.exe
  C:\Windows\System\nyLfCUK.exe
  2⤵
  PID:7444
- C:\Windows\System\gQOieej.exe
  C:\Windows\System\gQOieej.exe
  2⤵
  PID:2888
- C:\Windows\System\BkSxIyP.exe
  C:\Windows\System\BkSxIyP.exe
  2⤵
  PID:7516
- C:\Windows\System\eBbRwnF.exe
  C:\Windows\System\eBbRwnF.exe
  2⤵
  PID:2084
- C:\Windows\System\YEsFTQk.exe
  C:\Windows\System\YEsFTQk.exe
  2⤵
  PID:7564
- C:\Windows\System\iukNXhC.exe
  C:\Windows\System\iukNXhC.exe
  2⤵
  PID:7656
- C:\Windows\System\cwAuXnJ.exe
  C:\Windows\System\cwAuXnJ.exe
  2⤵
  PID:7720
- C:\Windows\System\iYbBjTH.exe
  C:\Windows\System\iYbBjTH.exe
  2⤵
  PID:7784
- C:\Windows\System\OpLlTSL.exe
  C:\Windows\System\OpLlTSL.exe
  2⤵
  PID:7848
- C:\Windows\System\VldcFZG.exe
  C:\Windows\System\VldcFZG.exe
  2⤵
  PID:7912
- C:\Windows\System\SlsuxeT.exe
  C:\Windows\System\SlsuxeT.exe
  2⤵
  PID:7976
- C:\Windows\System\UYeWjGr.exe
  C:\Windows\System\UYeWjGr.exe
  2⤵
  PID:7992
- C:\Windows\System\SZCxOSg.exe
  C:\Windows\System\SZCxOSg.exe
  2⤵
  PID:7576
- C:\Windows\System\wutfGxM.exe
  C:\Windows\System\wutfGxM.exe
  2⤵
  PID:7612
- C:\Windows\System\JRyuujf.exe
  C:\Windows\System\JRyuujf.exe
  2⤵
  PID:7676
- C:\Windows\System\mPimBkH.exe
  C:\Windows\System\mPimBkH.exe
  2⤵
  PID:7768
- C:\Windows\System\DieHAcH.exe
  C:\Windows\System\DieHAcH.exe
  2⤵
  PID:7832
- C:\Windows\System\OYluiNq.exe
  C:\Windows\System\OYluiNq.exe
  2⤵
  PID:7896
- C:\Windows\System\LWkhJQU.exe
  C:\Windows\System\LWkhJQU.exe
  2⤵
  PID:7960
- C:\Windows\System\qGHRQGT.exe
  C:\Windows\System\qGHRQGT.exe
  2⤵
  PID:8060
- C:\Windows\System\YmUsucf.exe
  C:\Windows\System\YmUsucf.exe
  2⤵
  PID:2728
- C:\Windows\System\EeAXQCh.exe
  C:\Windows\System\EeAXQCh.exe
  2⤵
  PID:2648
- C:\Windows\System\TOqHCne.exe
  C:\Windows\System\TOqHCne.exe
  2⤵
  PID:8056
- C:\Windows\System\qEDfEFZ.exe
  C:\Windows\System\qEDfEFZ.exe
  2⤵
  PID:8136
- C:\Windows\System\lDNzTuC.exe
  C:\Windows\System\lDNzTuC.exe
  2⤵
  PID:2640
- C:\Windows\System\lgeuIAW.exe
  C:\Windows\System\lgeuIAW.exe
  2⤵
  PID:8148
- C:\Windows\System\civLGFp.exe
  C:\Windows\System\civLGFp.exe
  2⤵
  PID:8164
- C:\Windows\System\pwfEJfH.exe
  C:\Windows\System\pwfEJfH.exe
  2⤵
  PID:6992
- C:\Windows\System\enChRQQ.exe
  C:\Windows\System\enChRQQ.exe
  2⤵
  PID:1492
- C:\Windows\System\scNDDvh.exe
  C:\Windows\System\scNDDvh.exe
  2⤵
  PID:5884
- C:\Windows\System\hvXPMri.exe
  C:\Windows\System\hvXPMri.exe
  2⤵
  PID:7212
- C:\Windows\System\wEoTSoy.exe
  C:\Windows\System\wEoTSoy.exe
  2⤵
  PID:6788
- C:\Windows\System\pCXrDhz.exe
  C:\Windows\System\pCXrDhz.exe
  2⤵
  PID:7248
- C:\Windows\System\YIhjTTm.exe
  C:\Windows\System\YIhjTTm.exe
  2⤵
  PID:7352
- C:\Windows\System\PjTCVBY.exe
  C:\Windows\System\PjTCVBY.exe
  2⤵
  PID:7232
- C:\Windows\System\zXcXmZL.exe
  C:\Windows\System\zXcXmZL.exe
  2⤵
  PID:7344
- C:\Windows\System\CApWZQD.exe
  C:\Windows\System\CApWZQD.exe
  2⤵
  PID:7328
- C:\Windows\System\sDcIUcl.exe
  C:\Windows\System\sDcIUcl.exe
  2⤵
  PID:7476
- C:\Windows\System\bRanlXe.exe
  C:\Windows\System\bRanlXe.exe
  2⤵
  PID:7428
- C:\Windows\System\OLbLjEu.exe
  C:\Windows\System\OLbLjEu.exe
  2⤵
  PID:7628
- C:\Windows\System\NWwlszc.exe
  C:\Windows\System\NWwlszc.exe
  2⤵
  PID:7480
- C:\Windows\System\kCuBScK.exe
  C:\Windows\System\kCuBScK.exe
  2⤵
  PID:7560
- C:\Windows\System\ASilmtB.exe
  C:\Windows\System\ASilmtB.exe
  2⤵
  PID:7880
- C:\Windows\System\sKZdTrl.exe
  C:\Windows\System\sKZdTrl.exe
  2⤵
  PID:7788
- C:\Windows\System\ZpahHdl.exe
  C:\Windows\System\ZpahHdl.exe
  2⤵
  PID:7864
- C:\Windows\System\sxNuwOP.exe
  C:\Windows\System\sxNuwOP.exe
  2⤵
  PID:8120
- C:\Windows\System\UiLNkHt.exe
  C:\Windows\System\UiLNkHt.exe
  2⤵
  PID:8076
- C:\Windows\System\TIWfHEQ.exe
  C:\Windows\System\TIWfHEQ.exe
  2⤵
  PID:7944
- C:\Windows\System\VCUAiHa.exe
  C:\Windows\System\VCUAiHa.exe
  2⤵
  PID:7644
- C:\Windows\System\irkJEXB.exe
  C:\Windows\System\irkJEXB.exe
  2⤵
  PID:7928
- C:\Windows\System\jOPcDlO.exe
  C:\Windows\System\jOPcDlO.exe
  2⤵
  PID:8044
- C:\Windows\System\Dnvbsgz.exe
  C:\Windows\System\Dnvbsgz.exe
  2⤵
  PID:2944
- C:\Windows\System\AQQVMjm.exe
  C:\Windows\System\AQQVMjm.exe
  2⤵
  PID:6792
- C:\Windows\System\rBFhpJB.exe
  C:\Windows\System\rBFhpJB.exe
  2⤵
  PID:5980
- C:\Windows\System\bISbEKS.exe
  C:\Windows\System\bISbEKS.exe
  2⤵
  PID:7068
- C:\Windows\System\cTKijzq.exe
  C:\Windows\System\cTKijzq.exe
  2⤵
  PID:6940
- C:\Windows\System\yravPXk.exe
  C:\Windows\System\yravPXk.exe
  2⤵
  PID:7360
- C:\Windows\System\wbgTYnr.exe
  C:\Windows\System\wbgTYnr.exe
  2⤵
  PID:7512
- C:\Windows\System\JnPKEFN.exe
  C:\Windows\System\JnPKEFN.exe
  2⤵
  PID:7692
- C:\Windows\System\smkkXVw.exe
  C:\Windows\System\smkkXVw.exe
  2⤵
  PID:7868
- C:\Windows\System\nyszSIo.exe
  C:\Windows\System\nyszSIo.exe
  2⤵
  PID:1100
- C:\Windows\System\hqMFHoM.exe
  C:\Windows\System\hqMFHoM.exe
  2⤵
  PID:7216
- C:\Windows\System\wKpmmLi.exe
  C:\Windows\System\wKpmmLi.exe
  2⤵
  PID:7800
- C:\Windows\System\IkcRpTX.exe
  C:\Windows\System\IkcRpTX.exe
  2⤵
  PID:832
- C:\Windows\System\tWaDesb.exe
  C:\Windows\System\tWaDesb.exe
  2⤵
  PID:1808
- C:\Windows\System\wwxcFnP.exe
  C:\Windows\System\wwxcFnP.exe
  2⤵
  PID:2720
- C:\Windows\System\SAUjxRo.exe
  C:\Windows\System\SAUjxRo.exe
  2⤵
  PID:7464
- C:\Windows\System\fWuXMSd.exe
  C:\Windows\System\fWuXMSd.exe
  2⤵
  PID:2452
- C:\Windows\System\DsKFjsI.exe
  C:\Windows\System\DsKFjsI.exe
  2⤵
  PID:7176
- C:\Windows\System\zpiGvkj.exe
  C:\Windows\System\zpiGvkj.exe
  2⤵
  PID:2180
- C:\Windows\System\qmeYbCl.exe
  C:\Windows\System\qmeYbCl.exe
  2⤵
  PID:7548
- C:\Windows\System\QQfqViE.exe
  C:\Windows\System\QQfqViE.exe
  2⤵
  PID:2596
- C:\Windows\System\mhwUqpB.exe
  C:\Windows\System\mhwUqpB.exe
  2⤵
  PID:1328
- C:\Windows\System\JJXcaAN.exe
  C:\Windows\System\JJXcaAN.exe
  2⤵
  PID:8208
- C:\Windows\System\BmItCMz.exe
  C:\Windows\System\BmItCMz.exe
  2⤵
  PID:8224
- C:\Windows\System\yMXIWZY.exe
  C:\Windows\System\yMXIWZY.exe
  2⤵
  PID:8240
- C:\Windows\System\jatfToe.exe
  C:\Windows\System\jatfToe.exe
  2⤵
  PID:8256
- C:\Windows\System\GLMsQku.exe
  C:\Windows\System\GLMsQku.exe
  2⤵
  PID:8272
- C:\Windows\System\gRzpNoi.exe
  C:\Windows\System\gRzpNoi.exe
  2⤵
  PID:8288
- C:\Windows\System\lBFFaeI.exe
  C:\Windows\System\lBFFaeI.exe
  2⤵
  PID:8304
- C:\Windows\System\QxsXaOP.exe
  C:\Windows\System\QxsXaOP.exe
  2⤵
  PID:8320
- C:\Windows\System\VJLefSa.exe
  C:\Windows\System\VJLefSa.exe
  2⤵
  PID:8336
- C:\Windows\System\XGyAeuV.exe
  C:\Windows\System\XGyAeuV.exe
  2⤵
  PID:8352
- C:\Windows\System\BjPYTMv.exe
  C:\Windows\System\BjPYTMv.exe
  2⤵
  PID:8368
- C:\Windows\System\cbyaEMg.exe
  C:\Windows\System\cbyaEMg.exe
  2⤵
  PID:8384
- C:\Windows\System\SItjxbZ.exe
  C:\Windows\System\SItjxbZ.exe
  2⤵
  PID:8400
- C:\Windows\System\zCDHRSi.exe
  C:\Windows\System\zCDHRSi.exe
  2⤵
  PID:8416
- C:\Windows\System\mlCJfLd.exe
  C:\Windows\System\mlCJfLd.exe
  2⤵
  PID:8432
- C:\Windows\System\qpcFPws.exe
  C:\Windows\System\qpcFPws.exe
  2⤵
  PID:8448
- C:\Windows\System\QbcUtgy.exe
  C:\Windows\System\QbcUtgy.exe
  2⤵
  PID:8464
- C:\Windows\System\fRYjUui.exe
  C:\Windows\System\fRYjUui.exe
  2⤵
  PID:8480
- C:\Windows\System\UeTKysY.exe
  C:\Windows\System\UeTKysY.exe
  2⤵
  PID:8500
- C:\Windows\System\UQgcfxR.exe
  C:\Windows\System\UQgcfxR.exe
  2⤵
  PID:8536
- C:\Windows\System\gBptcoI.exe
  C:\Windows\System\gBptcoI.exe
  2⤵
  PID:8564
- C:\Windows\System\fJJZvKT.exe
  C:\Windows\System\fJJZvKT.exe
  2⤵
  PID:8580
- C:\Windows\System\zCwGvDh.exe
  C:\Windows\System\zCwGvDh.exe
  2⤵
  PID:8600
- C:\Windows\System\BZOkpyw.exe
  C:\Windows\System\BZOkpyw.exe
  2⤵
  PID:8616
- C:\Windows\System\CRlXlaY.exe
  C:\Windows\System\CRlXlaY.exe
  2⤵
  PID:8632
- C:\Windows\System\fxjsjXH.exe
  C:\Windows\System\fxjsjXH.exe
  2⤵
  PID:8648
- C:\Windows\System\HehETja.exe
  C:\Windows\System\HehETja.exe
  2⤵
  PID:8664
- C:\Windows\System\DREApyO.exe
  C:\Windows\System\DREApyO.exe
  2⤵
  PID:8680
- C:\Windows\System\eJKualz.exe
  C:\Windows\System\eJKualz.exe
  2⤵
  PID:8700
- C:\Windows\System\DFJSUZA.exe
  C:\Windows\System\DFJSUZA.exe
  2⤵
  PID:8728
- C:\Windows\System\tHCAeoX.exe
  C:\Windows\System\tHCAeoX.exe
  2⤵
  PID:8744
- C:\Windows\System\xMPjPcm.exe
  C:\Windows\System\xMPjPcm.exe
  2⤵
  PID:8764
- C:\Windows\System\wtnggvF.exe
  C:\Windows\System\wtnggvF.exe
  2⤵
  PID:8780
- C:\Windows\System\RPSsuMl.exe
  C:\Windows\System\RPSsuMl.exe
  2⤵
  PID:8796
- C:\Windows\System\PxZgAPf.exe
  C:\Windows\System\PxZgAPf.exe
  2⤵
  PID:8816
- C:\Windows\System\PgAqRHT.exe
  C:\Windows\System\PgAqRHT.exe
  2⤵
  PID:8900
- C:\Windows\System\FgyKSQs.exe
  C:\Windows\System\FgyKSQs.exe
  2⤵
  PID:8928
- C:\Windows\System\WRLMlho.exe
  C:\Windows\System\WRLMlho.exe
  2⤵
  PID:8964
- C:\Windows\System\xbKYPEj.exe
  C:\Windows\System\xbKYPEj.exe
  2⤵
  PID:8980
- C:\Windows\System\DhTgWWj.exe
  C:\Windows\System\DhTgWWj.exe
  2⤵
  PID:9000
- C:\Windows\System\DObjBus.exe
  C:\Windows\System\DObjBus.exe
  2⤵
  PID:9028
- C:\Windows\System\OICGMet.exe
  C:\Windows\System\OICGMet.exe
  2⤵
  PID:9052
- C:\Windows\System\SStUYZW.exe
  C:\Windows\System\SStUYZW.exe
  2⤵
  PID:9080
- C:\Windows\System\zeWFWJg.exe
  C:\Windows\System\zeWFWJg.exe
  2⤵
  PID:9116
- C:\Windows\System\jnmexjC.exe
  C:\Windows\System\jnmexjC.exe
  2⤵
  PID:9136
- C:\Windows\System\OZUhOjj.exe
  C:\Windows\System\OZUhOjj.exe
  2⤵
  PID:9160
- C:\Windows\System\QvXwENG.exe
  C:\Windows\System\QvXwENG.exe
  2⤵
  PID:9176
- C:\Windows\System\SLzLnVs.exe
  C:\Windows\System\SLzLnVs.exe
  2⤵
  PID:9192
- C:\Windows\System\AptNKGj.exe
  C:\Windows\System\AptNKGj.exe
  2⤵
  PID:8180
- C:\Windows\System\heICgEu.exe
  C:\Windows\System\heICgEu.exe
  2⤵
  PID:2812
- C:\Windows\System\dkUGCrO.exe
  C:\Windows\System\dkUGCrO.exe
  2⤵
  PID:8264
- C:\Windows\System\RmRRZxk.exe
  C:\Windows\System\RmRRZxk.exe
  2⤵
  PID:8328
- C:\Windows\System\sFiqJId.exe
  C:\Windows\System\sFiqJId.exe
  2⤵
  PID:8364
- C:\Windows\System\uYWQiSK.exe
  C:\Windows\System\uYWQiSK.exe
  2⤵
  PID:8424
- C:\Windows\System\ujJZmxH.exe
  C:\Windows\System\ujJZmxH.exe
  2⤵
  PID:7380
- C:\Windows\System\vNSdOLG.exe
  C:\Windows\System\vNSdOLG.exe
  2⤵
  PID:7756
- C:\Windows\System\pSCCevP.exe
  C:\Windows\System\pSCCevP.exe
  2⤵
  PID:2332
- C:\Windows\System\mERXzWu.exe
  C:\Windows\System\mERXzWu.exe
  2⤵
  PID:7820
- C:\Windows\System\PLdGRAf.exe
  C:\Windows\System\PLdGRAf.exe
  2⤵
  PID:8380
- C:\Windows\System\iFmxiBI.exe
  C:\Windows\System\iFmxiBI.exe
  2⤵
  PID:8476
- C:\Windows\System\icssemV.exe
  C:\Windows\System\icssemV.exe
  2⤵
  PID:8516
- C:\Windows\System\kvSxSmh.exe
  C:\Windows\System\kvSxSmh.exe
  2⤵
  PID:8528
- C:\Windows\System\TIgPRxh.exe
  C:\Windows\System\TIgPRxh.exe
  2⤵
  PID:8552
- C:\Windows\System\VNJVGNu.exe
  C:\Windows\System\VNJVGNu.exe
  2⤵
  PID:8592
- C:\Windows\System\GTWaVyI.exe
  C:\Windows\System\GTWaVyI.exe
  2⤵
  PID:8656
- C:\Windows\System\zYgchYk.exe
  C:\Windows\System\zYgchYk.exe
  2⤵
  PID:8696
- C:\Windows\System\eLDIejL.exe
  C:\Windows\System\eLDIejL.exe
  2⤵
  PID:8576
- C:\Windows\System\lhabGnr.exe
  C:\Windows\System\lhabGnr.exe
  2⤵
  PID:8676
- C:\Windows\System\RgTTDlC.exe
  C:\Windows\System\RgTTDlC.exe
  2⤵
  PID:8772
- C:\Windows\System\LXScLmu.exe
  C:\Windows\System\LXScLmu.exe
  2⤵
  PID:8812
- C:\Windows\System\hWRMKIR.exe
  C:\Windows\System\hWRMKIR.exe
  2⤵
  PID:8752
- C:\Windows\System\zznoQeF.exe
  C:\Windows\System\zznoQeF.exe
  2⤵
  PID:8792
- C:\Windows\System\ApMufnC.exe
  C:\Windows\System\ApMufnC.exe
  2⤵
  PID:8840
- C:\Windows\System\NGzkjVb.exe
  C:\Windows\System\NGzkjVb.exe
  2⤵
  PID:8856
- C:\Windows\System\AEKjfMx.exe
  C:\Windows\System\AEKjfMx.exe
  2⤵
  PID:8908
- C:\Windows\System\miNAFxk.exe
  C:\Windows\System\miNAFxk.exe
  2⤵
  PID:8924
- C:\Windows\System\zWidfuD.exe
  C:\Windows\System\zWidfuD.exe
  2⤵
  PID:8888
- C:\Windows\System\vkOJOey.exe
  C:\Windows\System\vkOJOey.exe
  2⤵
  PID:2136
- C:\Windows\System\yttjpBF.exe
  C:\Windows\System\yttjpBF.exe
  2⤵
  PID:9012
- C:\Windows\System\VDDEEpO.exe
  C:\Windows\System\VDDEEpO.exe
  2⤵
  PID:9060
- C:\Windows\System\ogYJEPK.exe
  C:\Windows\System\ogYJEPK.exe
  2⤵
  PID:9072
- C:\Windows\System\wwRwGiZ.exe
  C:\Windows\System\wwRwGiZ.exe
  2⤵
  PID:8952
- C:\Windows\System\uNiBwCy.exe
  C:\Windows\System\uNiBwCy.exe
  2⤵
  PID:9040
- C:\Windows\System\fUnhADh.exe
  C:\Windows\System\fUnhADh.exe
  2⤵
  PID:9096
- C:\Windows\System\rSssBwc.exe
  C:\Windows\System\rSssBwc.exe
  2⤵
  PID:9168
- C:\Windows\System\hCMuVpD.exe
  C:\Windows\System\hCMuVpD.exe
  2⤵
  PID:9200
- C:\Windows\System\DWCAQPD.exe
  C:\Windows\System\DWCAQPD.exe
  2⤵
  PID:8200
- C:\Windows\System\bpFWvqT.exe
  C:\Windows\System\bpFWvqT.exe
  2⤵
  PID:1288
- C:\Windows\System\tfemBAK.exe
  C:\Windows\System\tfemBAK.exe
  2⤵
  PID:8456
- C:\Windows\System\KvuCiDg.exe
  C:\Windows\System\KvuCiDg.exe
  2⤵
  PID:8488
- C:\Windows\System\KlCyIwe.exe
  C:\Windows\System\KlCyIwe.exe
  2⤵
  PID:9144
- C:\Windows\System\IIphGVg.exe
  C:\Windows\System\IIphGVg.exe
  2⤵
  PID:9188
- C:\Windows\System\OkkdMni.exe
  C:\Windows\System\OkkdMni.exe
  2⤵
  PID:8300
- C:\Windows\System\DqhpqGB.exe
  C:\Windows\System\DqhpqGB.exe
  2⤵
  PID:8396
- C:\Windows\System\YVyETPI.exe
  C:\Windows\System\YVyETPI.exe
  2⤵
  PID:8220
- C:\Windows\System\qyaWfUx.exe
  C:\Windows\System\qyaWfUx.exe
  2⤵
  PID:8348
- C:\Windows\System\RbJCRGX.exe
  C:\Windows\System\RbJCRGX.exe
  2⤵
  PID:8548
- C:\Windows\System\ANCMriD.exe
  C:\Windows\System\ANCMriD.exe
  2⤵
  PID:8612
- C:\Windows\System\tFhsKBD.exe
  C:\Windows\System\tFhsKBD.exe
  2⤵
  PID:8708
- C:\Windows\System\hOQOVqE.exe
  C:\Windows\System\hOQOVqE.exe
  2⤵
  PID:8588
- C:\Windows\System\QzTftwf.exe
  C:\Windows\System\QzTftwf.exe
  2⤵
  PID:8712
- C:\Windows\System\qfMCkwv.exe
  C:\Windows\System\qfMCkwv.exe
  2⤵
  PID:8520
- C:\Windows\System\TNfoagt.exe
  C:\Windows\System\TNfoagt.exe
  2⤵
  PID:8672
- C:\Windows\System\znFmLPV.exe
  C:\Windows\System\znFmLPV.exe
  2⤵
  PID:8836
- C:\Windows\System\AqNAEZF.exe
  C:\Windows\System\AqNAEZF.exe
  2⤵
  PID:8916
- C:\Windows\System\EeZIOdn.exe
  C:\Windows\System\EeZIOdn.exe
  2⤵
  PID:8884
- C:\Windows\System\YJdmtIL.exe
  C:\Windows\System\YJdmtIL.exe
  2⤵
  PID:9068
- C:\Windows\System\ebWoeEy.exe
  C:\Windows\System\ebWoeEy.exe
  2⤵
  PID:8996
- C:\Windows\System\ddbElPc.exe
  C:\Windows\System\ddbElPc.exe
  2⤵
  PID:9156
- C:\Windows\System\wNcBChZ.exe
  C:\Windows\System\wNcBChZ.exe
  2⤵
  PID:8216
- C:\Windows\System\FetdjDS.exe
  C:\Windows\System\FetdjDS.exe
  2⤵
  PID:6924
- C:\Windows\System\AQAdcta.exe
  C:\Windows\System\AQAdcta.exe
  2⤵
  PID:8440
- C:\Windows\System\AhEReKX.exe
  C:\Windows\System\AhEReKX.exe
  2⤵
  PID:8692
- C:\Windows\System\AIdDxku.exe
  C:\Windows\System\AIdDxku.exe
  2⤵
  PID:9172
- C:\Windows\System\MbrhDCd.exe
  C:\Windows\System\MbrhDCd.exe
  2⤵
  PID:9132
- C:\Windows\System\wNXKXDg.exe
  C:\Windows\System\wNXKXDg.exe
  2⤵
  PID:8940
- C:\Windows\System\ZgPzjro.exe
  C:\Windows\System\ZgPzjro.exe
  2⤵
  PID:1620
- C:\Windows\System\lwYhJRy.exe
  C:\Windows\System\lwYhJRy.exe
  2⤵
  PID:9092
- C:\Windows\System\oAYFlbg.exe
  C:\Windows\System\oAYFlbg.exe
  2⤵
  PID:8876
- C:\Windows\System\zNgYjDO.exe
  C:\Windows\System\zNgYjDO.exe
  2⤵
  PID:8992
- C:\Windows\System\DCdHmkP.exe
  C:\Windows\System\DCdHmkP.exe
  2⤵
  PID:9204
- C:\Windows\System\cIqIaqG.exe
  C:\Windows\System\cIqIaqG.exe
  2⤵
  PID:9184
- C:\Windows\System\pgwabMC.exe
  C:\Windows\System\pgwabMC.exe
  2⤵
  PID:8560
- C:\Windows\System\GFUkfdg.exe
  C:\Windows\System\GFUkfdg.exe
  2⤵
  PID:8808
- C:\Windows\System\MzecHlR.exe
  C:\Windows\System\MzecHlR.exe
  2⤵
  PID:8444
- C:\Windows\System\HOPVcFI.exe
  C:\Windows\System\HOPVcFI.exe
  2⤵
  PID:9088
- C:\Windows\System\nhfvMEi.exe
  C:\Windows\System\nhfvMEi.exe
  2⤵
  PID:568
- C:\Windows\System\WWCqqww.exe
  C:\Windows\System\WWCqqww.exe
  2⤵
  PID:8848
- C:\Windows\System\TsTsblb.exe
  C:\Windows\System\TsTsblb.exe
  2⤵
  PID:1588
- C:\Windows\System\XKIRweL.exe
  C:\Windows\System\XKIRweL.exe
  2⤵
  PID:9152
- C:\Windows\System\xHfUaig.exe
  C:\Windows\System\xHfUaig.exe
  2⤵
  PID:2544
- C:\Windows\System\rGdXbWU.exe
  C:\Windows\System\rGdXbWU.exe
  2⤵
  PID:7624
- C:\Windows\System\squzqED.exe
  C:\Windows\System\squzqED.exe
  2⤵
  PID:9048
- C:\Windows\System\zTqindB.exe
  C:\Windows\System\zTqindB.exe
  2⤵
  PID:8864
- C:\Windows\System\uQkdcGR.exe
  C:\Windows\System\uQkdcGR.exe
  2⤵
  PID:9128
- C:\Windows\System\VmYqTMs.exe
  C:\Windows\System\VmYqTMs.exe
  2⤵
  PID:9232
- C:\Windows\System\wyqQBQS.exe
  C:\Windows\System\wyqQBQS.exe
  2⤵
  PID:9248
- C:\Windows\System\OvYOJDQ.exe
  C:\Windows\System\OvYOJDQ.exe
  2⤵
  PID:9264
- C:\Windows\System\pZIgkuh.exe
  C:\Windows\System\pZIgkuh.exe
  2⤵
  PID:9280
- C:\Windows\System\koqxpFM.exe
  C:\Windows\System\koqxpFM.exe
  2⤵
  PID:9296
- C:\Windows\System\uAHfGXO.exe
  C:\Windows\System\uAHfGXO.exe
  2⤵
  PID:9312
- C:\Windows\System\UkWDWJZ.exe
  C:\Windows\System\UkWDWJZ.exe
  2⤵
  PID:9328
- C:\Windows\System\THbvCws.exe
  C:\Windows\System\THbvCws.exe
  2⤵
  PID:9344
- C:\Windows\System\PtGgNgP.exe
  C:\Windows\System\PtGgNgP.exe
  2⤵
  PID:9364
- C:\Windows\System\ojJlBPp.exe
  C:\Windows\System\ojJlBPp.exe
  2⤵
  PID:9380
- C:\Windows\System\wnyOGDJ.exe
  C:\Windows\System\wnyOGDJ.exe
  2⤵
  PID:9400
- C:\Windows\System\vbNlvLu.exe
  C:\Windows\System\vbNlvLu.exe
  2⤵
  PID:9428
- C:\Windows\System\aRICjZl.exe
  C:\Windows\System\aRICjZl.exe
  2⤵
  PID:9444
- C:\Windows\System\ULLkope.exe
  C:\Windows\System\ULLkope.exe
  2⤵
  PID:9460
- C:\Windows\System\wdVDlUD.exe
  C:\Windows\System\wdVDlUD.exe
  2⤵
  PID:9476
- C:\Windows\System\goSFicx.exe
  C:\Windows\System\goSFicx.exe
  2⤵
  PID:9492
- C:\Windows\System\dEAqHjI.exe
  C:\Windows\System\dEAqHjI.exe
  2⤵
  PID:9508
- C:\Windows\System\tJClADb.exe
  C:\Windows\System\tJClADb.exe
  2⤵
  PID:9524
- C:\Windows\System\YVldJKj.exe
  C:\Windows\System\YVldJKj.exe
  2⤵
  PID:9540
- C:\Windows\System\koLFyrg.exe
  C:\Windows\System\koLFyrg.exe
  2⤵
  PID:9556
- C:\Windows\System\GBnNXvW.exe
  C:\Windows\System\GBnNXvW.exe
  2⤵
  PID:9572
- C:\Windows\System\yXixmgL.exe
  C:\Windows\System\yXixmgL.exe
  2⤵
  PID:9588
- C:\Windows\System\UOvOzLy.exe
  C:\Windows\System\UOvOzLy.exe
  2⤵
  PID:9604
- C:\Windows\System\ECfjQOA.exe
  C:\Windows\System\ECfjQOA.exe
  2⤵
  PID:9620
- C:\Windows\System\DYkKEBq.exe
  C:\Windows\System\DYkKEBq.exe
  2⤵
  PID:9636
- C:\Windows\System\TeVnkcu.exe
  C:\Windows\System\TeVnkcu.exe
  2⤵
  PID:9652
- C:\Windows\System\uvxuYlH.exe
  C:\Windows\System\uvxuYlH.exe
  2⤵
  PID:9668
- C:\Windows\System\twdBRtd.exe
  C:\Windows\System\twdBRtd.exe
  2⤵
  PID:9684
- C:\Windows\System\DaFiYBZ.exe
  C:\Windows\System\DaFiYBZ.exe
  2⤵
  PID:9700
- C:\Windows\System\GbYWdKL.exe
  C:\Windows\System\GbYWdKL.exe
  2⤵
  PID:9716
- C:\Windows\System\uiIzGWW.exe
  C:\Windows\System\uiIzGWW.exe
  2⤵
  PID:9732
- C:\Windows\System\ipqHYoL.exe
  C:\Windows\System\ipqHYoL.exe
  2⤵
  PID:9748
- C:\Windows\System\eaGdhWO.exe
  C:\Windows\System\eaGdhWO.exe
  2⤵
  PID:9764
- C:\Windows\System\uhTkyAH.exe
  C:\Windows\System\uhTkyAH.exe
  2⤵
  PID:9780
- C:\Windows\System\kQjEwRW.exe
  C:\Windows\System\kQjEwRW.exe
  2⤵
  PID:9796
- C:\Windows\System\gIeJiiW.exe
  C:\Windows\System\gIeJiiW.exe
  2⤵
  PID:9812
- C:\Windows\System\fJoaVCc.exe
  C:\Windows\System\fJoaVCc.exe
  2⤵
  PID:9828
- C:\Windows\System\inbniVA.exe
  C:\Windows\System\inbniVA.exe
  2⤵
  PID:9844
- C:\Windows\System\wqRwiay.exe
  C:\Windows\System\wqRwiay.exe
  2⤵
  PID:9860
- C:\Windows\System\GDRZJCx.exe
  C:\Windows\System\GDRZJCx.exe
  2⤵
  PID:9876
- C:\Windows\System\lIoLqHl.exe
  C:\Windows\System\lIoLqHl.exe
  2⤵
  PID:9892
- C:\Windows\System\NnoBxiO.exe
  C:\Windows\System\NnoBxiO.exe
  2⤵
  PID:9908
- C:\Windows\System\NMFSzzr.exe
  C:\Windows\System\NMFSzzr.exe
  2⤵
  PID:9924
- C:\Windows\System\eBFCAke.exe
  C:\Windows\System\eBFCAke.exe
  2⤵
  PID:9944
- C:\Windows\System\sVGugpg.exe
  C:\Windows\System\sVGugpg.exe
  2⤵
  PID:9960
- C:\Windows\System\Kbrahnp.exe
  C:\Windows\System\Kbrahnp.exe
  2⤵
  PID:9976
- C:\Windows\System\MRoJely.exe
  C:\Windows\System\MRoJely.exe
  2⤵
  PID:9992
- C:\Windows\System\PXJsndQ.exe
  C:\Windows\System\PXJsndQ.exe
  2⤵
  PID:10008
- C:\Windows\System\NUnEBCn.exe
  C:\Windows\System\NUnEBCn.exe
  2⤵
  PID:10024
- C:\Windows\System\BgBbsRH.exe
  C:\Windows\System\BgBbsRH.exe
  2⤵
  PID:10040
- C:\Windows\System\ZFuOGrj.exe
  C:\Windows\System\ZFuOGrj.exe
  2⤵
  PID:10056
- C:\Windows\System\SlHYBuD.exe
  C:\Windows\System\SlHYBuD.exe
  2⤵
  PID:10072
- C:\Windows\System\OkXeyik.exe
  C:\Windows\System\OkXeyik.exe
  2⤵
  PID:10088
- C:\Windows\System\IGfAMHP.exe
  C:\Windows\System\IGfAMHP.exe
  2⤵
  PID:10104
- C:\Windows\System\fveUglT.exe
  C:\Windows\System\fveUglT.exe
  2⤵
  PID:10120
- C:\Windows\System\bgDOaYW.exe
  C:\Windows\System\bgDOaYW.exe
  2⤵
  PID:10136
- C:\Windows\System\ZCCJjQw.exe
  C:\Windows\System\ZCCJjQw.exe
  2⤵
  PID:10152
- C:\Windows\System\duuoAwd.exe
  C:\Windows\System\duuoAwd.exe
  2⤵
  PID:10168
- C:\Windows\System\aAPHAuz.exe
  C:\Windows\System\aAPHAuz.exe
  2⤵
  PID:10184
- C:\Windows\System\HiruXHS.exe
  C:\Windows\System\HiruXHS.exe
  2⤵
  PID:10200
- C:\Windows\System\SNVWvkZ.exe
  C:\Windows\System\SNVWvkZ.exe
  2⤵
  PID:10216
- C:\Windows\System\dPtYONq.exe
  C:\Windows\System\dPtYONq.exe
  2⤵
  PID:10232
- C:\Windows\System\rCJaiXb.exe
  C:\Windows\System\rCJaiXb.exe
  2⤵
  PID:9020
- C:\Windows\System\nxYKZFd.exe
  C:\Windows\System\nxYKZFd.exe
  2⤵
  PID:9212
- C:\Windows\System\NwCBXUh.exe
  C:\Windows\System\NwCBXUh.exe
  2⤵
  PID:8628
- C:\Windows\System\oSpOehd.exe
  C:\Windows\System\oSpOehd.exe
  2⤵
  PID:8532
- C:\Windows\System\urcQwfW.exe
  C:\Windows\System\urcQwfW.exe
  2⤵
  PID:9228
- C:\Windows\System\hzmdKza.exe
  C:\Windows\System\hzmdKza.exe
  2⤵
  PID:9288
- C:\Windows\System\ejBEnyj.exe
  C:\Windows\System\ejBEnyj.exe
  2⤵
  PID:9352
- C:\Windows\System\AKTjBCP.exe
  C:\Windows\System\AKTjBCP.exe
  2⤵
  PID:9388
- C:\Windows\System\OLxsltU.exe
  C:\Windows\System\OLxsltU.exe
  2⤵
  PID:2108
- C:\Windows\System\lDtfRGP.exe
  C:\Windows\System\lDtfRGP.exe
  2⤵
  PID:9424
- C:\Windows\System\XMAJHBx.exe
  C:\Windows\System\XMAJHBx.exe
  2⤵
  PID:9456
- C:\Windows\System\ZcwJiTk.exe
  C:\Windows\System\ZcwJiTk.exe
  2⤵
  PID:9552
- C:\Windows\System\bmuVFHP.exe
  C:\Windows\System\bmuVFHP.exe
  2⤵
  PID:9616
- C:\Windows\System\uCciuGk.exe
  C:\Windows\System\uCciuGk.exe
  2⤵
  PID:9676
- C:\Windows\System\WhmOxzd.exe
  C:\Windows\System\WhmOxzd.exe
  2⤵
  PID:9744
- C:\Windows\System\QIxtbdh.exe
  C:\Windows\System\QIxtbdh.exe
  2⤵
  PID:9808
- C:\Windows\System\sCYaYjL.exe
  C:\Windows\System\sCYaYjL.exe
  2⤵
  PID:9532
- C:\Windows\System\NRXFcwb.exe
  C:\Windows\System\NRXFcwb.exe
  2⤵
  PID:9872
- C:\Windows\System\dkaiLzz.exe
  C:\Windows\System\dkaiLzz.exe
  2⤵
  PID:9724
- C:\Windows\System\ucnCGGt.exe
  C:\Windows\System\ucnCGGt.exe
  2⤵
  PID:9472
- C:\Windows\System\EsvWomH.exe
  C:\Windows\System\EsvWomH.exe
  2⤵
  PID:9568
- C:\Windows\System\AgjtQgU.exe
  C:\Windows\System\AgjtQgU.exe
  2⤵
  PID:9692
- C:\Windows\System\RMfxJCj.exe
  C:\Windows\System\RMfxJCj.exe
  2⤵
  PID:9788
- C:\Windows\System\zGjGmaV.exe
  C:\Windows\System\zGjGmaV.exe
  2⤵
  PID:9824
- C:\Windows\System\iIHrqRz.exe
  C:\Windows\System\iIHrqRz.exe
  2⤵
  PID:9932
- C:\Windows\System\hoDyLes.exe
  C:\Windows\System\hoDyLes.exe
  2⤵
  PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BABYQVf.exe

Filesize
6.0MB

MD5
3e7a111cbb007d68413da9243a3da97a

SHA1
45ec1971d7bad17582002c105c7906eb2f203e43

SHA256
ca6a8bff7e3a1e10b67f6c14ab1e7bc050a211c97edf043677a98a561ed7f94e

SHA512
19921a08136e3195d0ea97dd0036335078cc37783d73892a72714bbf730e1d0b4fcc19b6f897fe87a489e2850344684bd664d191c8286a57875412b05f3fdad7

Download Submit
C:\Windows\system\GWgRawN.exe

Filesize
6.0MB

MD5
5b2642418418249ac1d2d2fa15f3134b

SHA1
032354f769eed61c06c67a485c3e5308a173fd78

SHA256
34b810688a59cad680315634cefcbc4bbc093878fc5f49243a4cbf44b06e92f5

SHA512
6a58fbbc1a11c8be45037ae86dd20bcbc38e4fd208a5a25030febcb618becc0df473c3083c117757742249ac77df63cc95a066f07bfdf12d17ca8316caccc786

Download Submit
C:\Windows\system\GxVpWQe.exe

Filesize
6.0MB

MD5
8d11c56e1a76c1e1ff2b124199e10114

SHA1
94251dac6ed7f21714836b79b849126c2a394a84

SHA256
e6dd4c282c687ff51a492aca3e631a4ac6ebd29e2c766890b2f24847c759e5fc

SHA512
d80b0529f7a5d40368edceebda3eb16df5d9db5e629e7caffa8abb6d497b6a6c0ce95c0cfcf6bb17cf7014ae7b671b46284717cf7c32c30700e27150a150afe5

Download Submit
C:\Windows\system\JiRNHNU.exe

Filesize
6.0MB

MD5
b03e64a632ee67a93b811adcdeb38f1a

SHA1
9eaa986ea45126f3e92420264d1f31df311e9929

SHA256
2916c43d0ddc96ed1d31c4c97e2f31b295d699f0dc3e8873ca734fd70ca25dda

SHA512
b68aff5ad64f4548a7fea5f5a3afd268631fec550d1694c18d8b7b07b7f9d316dd3faac1510937aaf63a422cce925e25671f6fdc16f30a88ea976b48d9f8a719

Download Submit
C:\Windows\system\NdwjLBd.exe

Filesize
6.0MB

MD5
64da472da979ff337f878db213911070

SHA1
c891a59fdd9a10a241a7d8cdb35875ab05f88756

SHA256
c694d8a4b5cc58e6f0192a4451ca0b92cc15b760e74c14c6a41d2924c8ba9496

SHA512
7a96c5c8b78d498ef0056afdfcd8ac3829d5fec86feb0123161f91e1ac5d7b805ddd4aea8c0a4de26b31a8ea2ca47bb07a83b3f66d23f42c9155fcea4b595983

Download Submit
C:\Windows\system\QfCaZva.exe

Filesize
6.0MB

MD5
39730c68a55e8672268cafcbd09c7ff8

SHA1
8ed154be22432cf3756f8c2e834a63c262f44203

SHA256
013fda5a3e28e55196c60077c1b4d380a3e7b8e4a59170aaa1082546842dd56e

SHA512
55280b323b0189682dd4ff5a9e2eb09cce1744f66133297e9a59f42cfa6ee8c301f161a6bcf6a5a77c49bb9e3097f788c7e0d6448b46f29f518a98ea8fbb5912

Download Submit
C:\Windows\system\VTAPxHP.exe

Filesize
6.0MB

MD5
0e3f8c41fd9cfeb2f4a098487c06d718

SHA1
8116ab5b4f5dce376b13ef26b83c5a757b5bb225

SHA256
f1389bafcb0f70e5e869b0f7748f413819a4326b4deb3ca410c89c914feefb34

SHA512
9e7e132507d9e2463816df30ee9e9a35c39f192e1a8fb023ce2b84e5620a44f6763841a4ef417aefd712992e8a2ca34416ec1b805464df3613404f75b26d0ab0

Download Submit
C:\Windows\system\VZseUqr.exe

Filesize
6.0MB

MD5
01f5d57a313a46ebcc25f518b61f2371

SHA1
6acfbf785a2d5665184acf3efb7f9650ab0a3550

SHA256
f09a88b39ef90b742182648727696fab26ea5fae822ef04faada144f36c5667a

SHA512
df8148619ad66fb024ab51c0527fad3bbb486ac84737fba9253c5b1dfaba11167754ce5221462ed06f9d022bf42e69fe75a0f92f5fb52248d5b88937bb463f93

Download Submit
C:\Windows\system\XDVfDbh.exe

Filesize
6.0MB

MD5
ce90eb07c42032eb32a3ae4b5b4b1dd9

SHA1
c2a67fd45bd0165d015a21da05f5009419dac788

SHA256
afd8cb07f87a255f593af76214de68a654ec51fe2b81c1528ff4030d28633ee1

SHA512
b1c45f908c685b15bd59bb13ef01d10fc9300976e23d9ac2dd2c203f05e989df7e6de7a1c2ee0941fc07756d7a3db2ad2898c085521d0a1937b6c99fc3a66688

Download Submit
C:\Windows\system\frPtbFV.exe

Filesize
6.0MB

MD5
84448a6ee9e1c7bca69f1605f0a9eaf8

SHA1
80fc899065cb25e5e8e667f20bbed50baeb19176

SHA256
661ae60d07a60bb2727ef4d86582e79dfbf542fc12baba64e385874285b7d537

SHA512
ac57e30391e72174e37fba4b717b925a50c8be4d05babaad4166ae00723dbe776f86a1ada4b516b579f154381187a58549369373d5aa007a725d64000f9ef22a

Download Submit
C:\Windows\system\iHfDlek.exe

Filesize
6.0MB

MD5
c80b09406de2b3111b803f3e8b54642f

SHA1
d6b9a13aa7936125a8983161640d915e8cf845d1

SHA256
098de87c88aa5e8306d038be2551d43be7f4cd787731ab9e56f75e6656e9d7d2

SHA512
48641f4f37a7e02aae520860b4a34637e6afb98e33d9ef82c275365482bd8ddc7f5843cf4ccc7e86b3af15cfe0bcc19eb80b94e6de45c7115287e57ede535db7

Download Submit
C:\Windows\system\ijcMkUc.exe

Filesize
6.0MB

MD5
e8137bda76ab69d26476924fc86f5790

SHA1
e66d5f123bf9f9ae43efd91b32d306ca482a0924

SHA256
a51f77243c7ba67479b3854acea04a67378a58ae1c805527869ece8206e42afb

SHA512
8296c0cb62e2b04692fdb4c9ae51538672d0f23af650b87a3fd8cdde0cdc1068fb126cde2a250bbe414396604fd941484609f6398284628d5146895ac44dd731

Download Submit
C:\Windows\system\luyjLvh.exe

Filesize
6.0MB

MD5
614c391aa44dee790d796dd65f39d21d

SHA1
4727e17dd0106498f871071b3dc46d5dc770e86a

SHA256
0e348a3b50df4ec1b288e35669b585caf1fc9dae64b666ec284249aab55ebd58

SHA512
c1a920c79faf96f80f31f48e34df15fd484b0304968bfea74cc58a487458275fd77c902ce513e60ec855ded34df610b070c8cae077d6a2df720ada8ee2e4e092

Download Submit
C:\Windows\system\rZPaLdd.exe

Filesize
6.0MB

MD5
6ee249e463ea920ec64404d6066bee18

SHA1
21d14230520ad59991eb41d1781882bae6996ff5

SHA256
510e403dd56fee54cfba4762b3ef941b2b110af8a38697c2ff27f23a9789eeaa

SHA512
4fe73b77d559d0f591c612ff03b1868da7fae18f2bcb504c5a00b48fb922cad1294cde7e4dd477b19e7b36576b5a5a6202d98222e9bbb0c912ea79cd43292178

Download Submit
C:\Windows\system\vDeQSme.exe

Filesize
6.0MB

MD5
2559a655935fac1f6ca468d98ad91d5c

SHA1
0c2548d32c5f38a6f20979c3765cc9424fa122f2

SHA256
7a94ff49f9d50b65dd86dd4f2c89b6eb42cbb3d872bd8aaf7b1c195abab868d9

SHA512
99cbb404ae6b5d7156efca46f60b423a1826ad3c0370801927617290ac308f50c9a34fe0d2e59a4790f9287bdf3a15b995d36d219c488ad1d883710cd1a28b62

Download Submit
C:\Windows\system\vPZarec.exe

Filesize
6.0MB

MD5
e5949e772f6f15d64332daed44b40bfa

SHA1
72079ff72bd67a469880f213cddba3eaf5904578

SHA256
31a4a57f7a829a4fbdbd3eb6545368e3c1a1d5a674f6d8f8d78563eb473aca55

SHA512
7f14e3dad07d86aa7e06b7d343cab4e3eb8821d0252071bd33708e09b9e84f78085618475d97972202fc58a7852dbc79469475b39b53bed2d82750b6b4851441

Download Submit
C:\Windows\system\vlMVEvY.exe

Filesize
6.0MB

MD5
bae18b2caec7fd5f50a1d3cef7fd5e35

SHA1
2d615e8859cb409faf6b5cd7016bc7d89f116579

SHA256
809a3cf534bfece501e9243ac91f3ee45815e85abbeeb001ff12d694acd0b3bc

SHA512
75627709b128675843ceec5e8979da2b9f96c03f3c9f63eeb64b86fd767101cb82eb73eee072f4fa8167496f737bf03f4c927950650537246d139a36137b0958

Download Submit
C:\Windows\system\wTekQDT.exe

Filesize
6.0MB

MD5
a927d2fd41c98ede6d329674a0d6af29

SHA1
3b589a6a2bb39bccad8d0e03aad699192205bfc6

SHA256
6713aee8cf1fa3d1b5fefe9bd71e26029cd6abb2d36826646a5ff49bcba4bed7

SHA512
306e68c23008d45052ebc875d1811e3de3b4b01d2a0969f0d56c1e2a318ea521d8b7bcaa5c776a8c8c0e10f999da564c4cedc2e7c62988ffdd05704ce5cd981a

Download Submit
C:\Windows\system\zxHOflf.exe

Filesize
6.0MB

MD5
44bf60b24fa026833843d3238701fb8e

SHA1
b9b6a695248cb4b618fcadfabf754b90da78cdab

SHA256
dbe5ece7e7ddcd3e7ea90e73e975cc557d28547311953e2a030fc43a86c809cd

SHA512
32e81bb4d95d4a99e3278688d4a365d550ede26aeee442f9afa75dee9092cf495065d7b440475aeecb9f6370503197e7fc6cf3b10d51281e61e26eb5f48be1c6

Download Submit
\Windows\system\AEegOLZ.exe

Filesize
6.0MB

MD5
9bb9507236ac51fdf7c4d771276cf33e

SHA1
7332ba6b46b1b49e49a2a36f3d64470ed49260bf

SHA256
de8f869f9c56806e5ef0644dcf5236725d1ee035f8e5238cb27b4392a17a462c

SHA512
cac36c9ec2ba46d72ed6201caabc3d956450f372a34c586a8e4bb3131bf0351e01a1e4b891e2f10d239fae3b639ed82007c05118132b6ae8528a17e1d11dd7a5

Download Submit
\Windows\system\DDvZzBN.exe

Filesize
6.0MB

MD5
f7502ef2cda7443f7a79059a6c6c776b

SHA1
e03ee06e5599065a8543b41917ccd6855c33d5cd

SHA256
cc5dc04d2cf99b2a7213a8f57ac019d83a96f06b3574533ced6922b2c3e885d9

SHA512
6203be6eeeee8eb7a3a476fb8d3d2bb7ae39d16d72e6a1deac4b738b224cbb60ababbed22c62a5f1605ca3f76ecbc5678d36cd0ef35fd709c28995c3768fa45b

Download Submit
\Windows\system\DyEoegX.exe

Filesize
6.0MB

MD5
31fbbcd644512fba06749562675d8ee9

SHA1
3a88c35cce49119c8c3849ed7fd1f5775cfd1bbb

SHA256
0afc811c1b2fd6813b760b4626471579eeec8e5457ce046209e9d63ac5f0f67c

SHA512
1d106d913d4cf4dc958254cbeff4e9e4ed7d9a3de4ec10765f989bc87ea7caf8f7a98019ae46943895ff84d96ad8a75501dbd3c829d1886018dc3cb7d75a8676

Download Submit
\Windows\system\IIyPPUx.exe

Filesize
6.0MB

MD5
c341a3add57f94130606747a4ae931c4

SHA1
02936f9293c629fc96dced30345ef614b435faa2

SHA256
5a28da004eb94d3f18d05c713af1e99b00401e89fd841d5f2e39824340f1c61f

SHA512
d9a6aa3ec5c7c244176eeef07742b34444685999fcf748ae6f8aa45240ee72dd8731bfc40e912af456bd9eec4ee38b72104c6bf588f3adf74f28f02e1a260daa

Download Submit
\Windows\system\LDxhloq.exe

Filesize
6.0MB

MD5
5f927c231596a01f51c99a34113fa936

SHA1
311f0b8ca68ac7bf4c31c968167e63daf5e831e9

SHA256
e7a71dede94857da6bc3d278db69162a4187e4ca73feb0cb250c9d5944f7b170

SHA512
4091b538a631ea91610bcadc200c57a85057bc99c620fed7ab4c8e591bfb409030d47f500933276d1610cd0520aaa2b21410c97fc631d53be7b5fa51e7a66ae4

Download Submit
\Windows\system\NOJTDbD.exe

Filesize
6.0MB

MD5
8c0e82d39aa0d326286b8e4f8462aa21

SHA1
190026df79c64bbe5d073611c59661f40c85e639

SHA256
b79075d0e0ed68d93750ffc4f18f37d8c18ebca20a60e5c69d010736092f63d3

SHA512
fc885cdee9c2074df40a6ec7a6c30792d592c12cf940d22c5414720d4991505fd6908e17451ce74fffc22ed1ab9737f10aeca186fc59d27bd8ed86f03c3d862e

Download Submit
\Windows\system\PYXhvls.exe

Filesize
6.0MB

MD5
717b26a48b7288c00e12925c3bb288c7

SHA1
fd028c305a7d3293b5486d227a494b1369a782e0

SHA256
0b4afe75e8d51a41944101dd58f3f3d2b9e6d2af432843c59c1a6edfdcf5d6d3

SHA512
268d4fdbda89849aef301ad8342fe42295ca5c70f35d8307cb9aa0dabf62b26f4c324bc92dd5c3f6502a0a8ef839edf6891da65e961b2f831c782d7652d74a68

Download Submit
\Windows\system\VJSUMKL.exe

Filesize
6.0MB

MD5
7fb587db81d978929a269f43b53ac5bf

SHA1
28125b5f340b8e984df373792b86c40f8e4ae474

SHA256
e78e19cf954ccfc5308d964482e0e26e9b2c82b69bc86456aefaaec70e954051

SHA512
bf7cbccb18f301b98702ed58e0432093d9f6ef2d2fc76932b8f5da38fa9cefbed587866be0ba25cb66de8258c9f9a7163beaec2151f8649d1d71bce8ddc5bab1

Download Submit
\Windows\system\WSeviWA.exe

Filesize
6.0MB

MD5
f6323542274e8eb70b91c1944b7668ee

SHA1
7ea185ae49332d09634b415e301e13fc72770e09

SHA256
4d979f7464f78b98978de35fb5bfdc5cf4f4196e98d20c4c0ce7eb3a5fa834ab

SHA512
c899a2538047fbf19a019b7daae35dad32278c8d643b7b94aafa62f726b51af9c08161d8482a1bb6520a6ed891f9085cf08c3d3914817f91ee84151cfe82f84c

Download Submit
\Windows\system\XRaKEtB.exe

Filesize
6.0MB

MD5
d42a7b26e440e5597736eccab4976d43

SHA1
a0e41e48f919b5f98d4bb91a774ed7f14476a0fa

SHA256
c6ee88623ec08824be75117f1fa3c667d1461e8074dbb869c59861c689a2f151

SHA512
695b1ec63660a834d50ce4af7e8a1a68aaaab017a643f056e97f8cc04c99cdd067cbf92c6ac0d067c6ff3160149004f24a2bb3c39aef9ae52bd1bf9abbd4f516

Download Submit
\Windows\system\eyfXJzz.exe

Filesize
6.0MB

MD5
67f80efe9b420883adcf36910236fc11

SHA1
cf3b2846803021a32b468a9ae5e221f6d13a406b

SHA256
1949b76f92c6a44419f850bee0555bc436220e0d88528dec83889facbc2d760e

SHA512
9149f89db62f8a0285d3c3532c6d08ef1137383ddc8704d8b8cf7a9750e916b2851a727bcc0b9500d2dbf656576c1c8b6f9d3d665b456635975d73c1b497f828

Download Submit
\Windows\system\pDWpYdY.exe

Filesize
6.0MB

MD5
3b767e2ebbb08e67171a56d171996b29

SHA1
7c7c9925c63fa3aa4e8632e2ffef2f00b6613f06

SHA256
836bf5af2d319264fca90b13642583b194f44d9df35682672968f2127dff4672

SHA512
3ede0e5de3aa988e503b7aa0ede6bba66aad02265afe2a0898fbceb39277fa7c72c175898f53b25158840e5cd6ad292096b61674b652a10fba4f3d29b3f48409

Download Submit
\Windows\system\ubRWQEu.exe

Filesize
6.0MB

MD5
b36cc18acc9312cd4933179d27019a6d

SHA1
31fd703f17810bb2c79daba5a7c99e2c9fdc2792

SHA256
e66482b21d3fd0eb0e7b2b1e88483a14d7d965ed431756a4ca84debf6a314481

SHA512
8cc5ea492c477a04ba9395d264c624e3da2b1bf94047a63c5f14220045a1f0dc0f111b5094a60a7fa98e3e6f7b2266f2db1b7e76ad228b5bf1925931cc4d1501

Download Submit
\Windows\system\ucXHsnv.exe

Filesize
6.0MB

MD5
1773717ddbf5fb69d4821d99568c63c3

SHA1
77932c481c5b77f9eaea6eb1274eacb75ca74a8b

SHA256
10ba26f7b8f3a80443a8205b1b076bd829d13fd7736871b3d193ccd35ee28611

SHA512
153a13d3b59fe55c9e0e8a18d348d2312ba8f9295b221ba8a7dcaea264ad172ea8cf80844297641c29bda638593c405895ba2b1ef0788f84f075ec99c47c0c78

Download Submit
\Windows\system\uhnZTyL.exe

Filesize
6.0MB

MD5
b62a7639b4a80ce1e13b68380e702877

SHA1
01c25d5fa5f6c5a1bd2173a795c6203b7a87d881

SHA256
22b78eac74fbc05c0eafb9da24cda640499e7557e3b63a42317908c6ad5b04d2

SHA512
c5bb552a8de36e29ee8daa7a18705ae5fb7b3c52d0d3b83c1378c1c8a4d87f68d8bfb17ae435c64955b99e8812e98b5e01326c77ec49a79a0a890fce355d07b5

Download Submit
\Windows\system\wakVAUc.exe

Filesize
6.0MB

MD5
cb59f776a4a6762b9a488db470030035

SHA1
d1d6bdfde7862711a8cf0ce78cd7d364027d801f

SHA256
b488d04583cf4757e2dfe301b6dd617efdf56c795dd20ae606202c46c666da9e

SHA512
45a27c419c2f116b217fcb59f25c6e5b5ffbdfeeccb620df97886313da2edf3de27b94c5aea59f842d2659ce51a4e187b563fb6fff1774b77a7be8869327db45

Download Submit
\Windows\system\yFCJxVm.exe

Filesize
6.0MB

MD5
947662a1810ca32e795cd7f6adf1287f

SHA1
35b455bb43a38196195a99ab2a4727231b1e2859

SHA256
d2a4d1322ac60e4f01d747a2d708c7c36a5967242c57d4dd708831807ec7bc48

SHA512
3b6d51398c80f66d8b96dcf0ad9fe8c4d1c955447d2e09ec221d876c12fd2dc5f1084bb2a2ecfb84772322696e06ceb75fe766c4b36c8f84bfd1b94be7b98e69

Download Submit
memory/548-3949-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/548-92-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/1224-94-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1224-3966-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/1440-3987-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1440-91-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1956-95-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/1956-3988-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2064-3950-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2064-93-0x000000013F4C0000-0x000000013F814000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1232-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2124-78-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2124-101-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2124-14-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2124-12-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2124-72-0x000000013F960000-0x000000013FCB4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-350-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-351-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2124-536-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2124-0-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1409-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2124-20-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-108-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2124-750-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2124-27-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2124-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2124-79-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/2124-35-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2124-47-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2124-65-0x00000000022C0000-0x0000000002614000-memory.dmp

Filesize
3.3MB

Download
memory/2124-42-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-53-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-61-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-22-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2236-3954-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2708-109-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2708-48-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2708-3920-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2716-57-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3990-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-246-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-16-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3953-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3991-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-100-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-41-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-90-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2824-36-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3929-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3989-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-102-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-1233-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-15-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2912-3963-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2956-29-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2956-77-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2956-3999-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download