cobaltstrike | 8e3283c1ec080a6c730dde597fc75542fa66b86ba3ea6dab8000df4764143a2b

Analysis

max time kernel
151s
max time network
125s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

63962bf53a86b3e905b03c301aa703af
SHA1

3acfa5bdec9e9453b98795865ed43109e09a9c27
SHA256

8e3283c1ec080a6c730dde597fc75542fa66b86ba3ea6dab8000df4764143a2b
SHA512

6ee9b5e9b22ee67c7b9bb8864525918a3ad21873e4c465ab69187e816c92b5af74fb7defe657e28c8bd0f858714523f66db15af9d2d6e9cc3a9b41f09c809f91
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUt:T+q56utgpPF8u/7t

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0009000000016d2c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d3f-10.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000016d64-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d69-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fe5-38.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016fc9-35.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001756e-54.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-65.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-77.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-141.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-161.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-202.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-197.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-192.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-167.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-156.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-75.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000170f8-51.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2308-0-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d2c-3.dat	xmrig
behavioral1/memory/1760-7-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d3f-10.dat	xmrig
behavioral1/memory/2372-15-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x000a000000016d64-12.dat	xmrig
behavioral1/files/0x0008000000016d69-23.dat	xmrig
behavioral1/memory/2956-29-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/536-22-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016fe5-38.dat	xmrig
behavioral1/memory/1760-42-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2836-45-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/584-36-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/files/0x0007000000016fc9-35.dat	xmrig
behavioral1/memory/2308-31-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2308-48-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x000800000001756e-54.dat	xmrig
behavioral1/memory/536-55-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2308-56-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/3008-60-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b3-65.dat	xmrig
behavioral1/memory/2816-66-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195b7-77.dat	xmrig
behavioral1/memory/2308-72-0x0000000002390000-0x00000000026E4000-memory.dmp	xmrig
behavioral1/memory/2676-76-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2032-90-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1496-99-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-125.dat	xmrig
behavioral1/files/0x000500000001960c-130.dat	xmrig
behavioral1/files/0x000500000001975a-141.dat	xmrig
behavioral1/files/0x000500000001998d-161.dat	xmrig
behavioral1/memory/2308-181-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019e92-202.dat	xmrig
behavioral1/memory/2800-212-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2032-246-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1496-330-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/692-407-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2308-421-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/536-1333-0x000000013FD80000-0x00000001400D4000-memory.dmp	xmrig
behavioral1/memory/2836-1336-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/584-1335-0x000000013FCE0000-0x0000000140034000-memory.dmp	xmrig
behavioral1/memory/2956-1334-0x000000013F130000-0x000000013F484000-memory.dmp	xmrig
behavioral1/memory/2372-1332-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/1760-1331-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/3052-1337-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/memory/2816-1339-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/3008-1338-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/2676-1341-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig
behavioral1/memory/2800-1340-0x000000013F580000-0x000000013F8D4000-memory.dmp	xmrig
behavioral1/memory/2032-1342-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/memory/1496-1343-0x000000013FA70000-0x000000013FDC4000-memory.dmp	xmrig
behavioral1/memory/692-1344-0x000000013FB30000-0x000000013FE84000-memory.dmp	xmrig
behavioral1/memory/2308-222-0x000000013F7E0000-0x000000013FB34000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d6d-197.dat	xmrig
behavioral1/files/0x0005000000019d62-192.dat	xmrig
behavioral1/files/0x0005000000019c3c-183.dat	xmrig
behavioral1/files/0x0005000000019d61-187.dat	xmrig
behavioral1/files/0x0005000000019bf9-175.dat	xmrig
behavioral1/files/0x0005000000019bf6-171.dat	xmrig
behavioral1/files/0x0005000000019bf5-167.dat	xmrig
behavioral1/files/0x0005000000019820-156.dat	xmrig
behavioral1/files/0x00050000000197fd-151.dat	xmrig
behavioral1/files/0x0005000000019761-146.dat	xmrig
behavioral1/memory/2676-138-0x000000013FD90000-0x00000001400E4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1760	dhPjUuW.exe
2372	CJjTIAt.exe
536	SDlNOHt.exe
2956	HmmRekE.exe
584	kVNiSuS.exe
2836	NJSDwyC.exe
3052	GxPQviF.exe
3008	AKMRNaP.exe
2816	kRIwoMR.exe
2676	QeSSfgT.exe
2800	kjmewxI.exe
2032	IPyazIn.exe
1496	hzQoHzT.exe
692	cNweoof.exe
1888	mTvxUlk.exe
1096	uOxpAhk.exe
2056	TqnKnIg.exe
1488	mFzHqXi.exe
1984	UVttygr.exe
836	tXoRohr.exe
3020	xBAAilI.exe
2416	BOPQEet.exe
2248	TSwwwmi.exe
2348	opzyvsz.exe
676	uWdudRU.exe
560	qiNDsTq.exe
108	rQhQtIT.exe
2124	UdfEPPx.exe
1512	XiZAXEp.exe
992	AlPEbrF.exe
968	BvHxorv.exe
964	fpZbFpM.exe
2036	QAOwqKT.exe
1716	uLaNySS.exe
272	EiCBncD.exe
1088	FmxIKef.exe
580	kICYqLF.exe
1820	OOeUwVI.exe
3060	HlLElpz.exe
1912	GmBZIws.exe
1892	SJFXDUj.exe
1016	awNtbLz.exe
2544	JNTNdeJ.exe
1620	CLVgGkm.exe
2456	FeObbmu.exe
1720	NDehjnH.exe
2452	gyldNZd.exe
2468	czUwdHo.exe
1596	zKtnfqw.exe
2620	RxRNQxL.exe
1104	dzlygqh.exe
2768	oIKWfpV.exe
2788	QteEbkt.exe
2232	NYBBTDh.exe
2700	uLEFunV.exe
2316	QLzGEtT.exe
2708	huwrjJS.exe
1196	iszRRsy.exe
1504	LmNpPOr.exe
1128	HEdBpcf.exe
1660	MzquXiX.exe
2288	fwyYaMn.exe
2976	KWkZntH.exe
2100	FpIzpTP.exe

Loads dropped DLL 64 IoCs

pid	Process
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2308-0-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x0009000000016d2c-3.dat	upx
behavioral1/memory/1760-7-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0009000000016d3f-10.dat	upx
behavioral1/memory/2372-15-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x000a000000016d64-12.dat	upx
behavioral1/files/0x0008000000016d69-23.dat	upx
behavioral1/memory/2956-29-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/536-22-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/files/0x0007000000016fe5-38.dat	upx
behavioral1/memory/1760-42-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2836-45-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/584-36-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/files/0x0007000000016fc9-35.dat	upx
behavioral1/memory/2308-31-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x000800000001756e-54.dat	upx
behavioral1/memory/536-55-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/3008-60-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/files/0x00050000000195b3-65.dat	upx
behavioral1/memory/2816-66-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x00050000000195b7-77.dat	upx
behavioral1/memory/2676-76-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2032-90-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1496-99-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-125.dat	upx
behavioral1/files/0x000500000001960c-130.dat	upx
behavioral1/files/0x000500000001975a-141.dat	upx
behavioral1/files/0x000500000001998d-161.dat	upx
behavioral1/files/0x0005000000019e92-202.dat	upx
behavioral1/memory/2800-212-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2032-246-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1496-330-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/692-407-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/536-1333-0x000000013FD80000-0x00000001400D4000-memory.dmp	upx
behavioral1/memory/2836-1336-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/584-1335-0x000000013FCE0000-0x0000000140034000-memory.dmp	upx
behavioral1/memory/2956-1334-0x000000013F130000-0x000000013F484000-memory.dmp	upx
behavioral1/memory/2372-1332-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/1760-1331-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/3052-1337-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2816-1339-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/3008-1338-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/2676-1341-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/memory/2800-1340-0x000000013F580000-0x000000013F8D4000-memory.dmp	upx
behavioral1/memory/2032-1342-0x000000013F7E0000-0x000000013FB34000-memory.dmp	upx
behavioral1/memory/1496-1343-0x000000013FA70000-0x000000013FDC4000-memory.dmp	upx
behavioral1/memory/692-1344-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/files/0x0005000000019d6d-197.dat	upx
behavioral1/files/0x0005000000019d62-192.dat	upx
behavioral1/files/0x0005000000019c3c-183.dat	upx
behavioral1/files/0x0005000000019d61-187.dat	upx
behavioral1/files/0x0005000000019bf9-175.dat	upx
behavioral1/files/0x0005000000019bf6-171.dat	upx
behavioral1/files/0x0005000000019bf5-167.dat	upx
behavioral1/files/0x0005000000019820-156.dat	upx
behavioral1/files/0x00050000000197fd-151.dat	upx
behavioral1/files/0x0005000000019761-146.dat	upx
behavioral1/memory/2676-138-0x000000013FD90000-0x00000001400E4000-memory.dmp	upx
behavioral1/files/0x0005000000019643-135.dat	upx
behavioral1/files/0x00050000000195c6-121.dat	upx
behavioral1/memory/692-108-0x000000013FB30000-0x000000013FE84000-memory.dmp	upx
behavioral1/memory/2816-107-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x00050000000195c1-106.dat	upx
behavioral1/files/0x00050000000195c5-116.dat	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\KIqpBTN.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tQUjxNy.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MivMLCb.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJspkaV.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GrvJwYG.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODfjCAN.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UAAAKWB.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPWhpSS.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqqbglj.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koGGdxd.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqmMwPe.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJLZaLe.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UNtMgNZ.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYgNVyU.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fbteXwf.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aILQdPG.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnvLzxd.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtKLXhy.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OflAarB.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFzHqXi.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rQhQtIT.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JOhngPK.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vpWIlCB.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yJRRwsG.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcASNdc.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qxFpXWk.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvaMsQI.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIpeQCa.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IxynMMT.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTioQkz.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dNJgoqS.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tjhBYtf.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDGpDxF.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKLoDrN.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQgBnsn.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfHVZiQ.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByOUIGz.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aiVdabj.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ODfdxbA.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iszRRsy.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jYlpZdR.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKxOTEd.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\llGWsPu.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ThsvXKv.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmoDHTN.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GmBZIws.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FeObbmu.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DGOARpd.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecufkar.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPeauxA.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fAvEErQ.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oMDfJqI.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZYvJRf.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwnttCb.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGwrTep.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJQxTwa.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dmbsOEc.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqCLotm.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZDEphox.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYYcfED.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\piPKJgj.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DpjdTYd.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qrofvZa.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\keYuXAw.exe	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2308 wrote to memory of 1760	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2308 wrote to memory of 1760	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2308 wrote to memory of 1760	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2308 wrote to memory of 2372	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2372	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 2372	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2308 wrote to memory of 536	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 536	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 536	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2308 wrote to memory of 2956	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 2956	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 2956	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2308 wrote to memory of 584	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 584	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 584	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2308 wrote to memory of 2836	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2836	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 2836	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2308 wrote to memory of 3052	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 3052	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 3052	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2308 wrote to memory of 3008	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 3008	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 3008	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2308 wrote to memory of 2816	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2816	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2816	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2308 wrote to memory of 2676	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2676	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2676	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2308 wrote to memory of 2800	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 2800	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 2800	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2308 wrote to memory of 2032	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 2032	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 2032	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2308 wrote to memory of 1496	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 1496	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 1496	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2308 wrote to memory of 692	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 692	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 692	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2308 wrote to memory of 1888	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 1888	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 1888	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2308 wrote to memory of 1096	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 1096	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 1096	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2308 wrote to memory of 2056	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 2056	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 2056	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2308 wrote to memory of 1488	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 1488	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 1488	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2308 wrote to memory of 1984	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 1984	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 1984	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2308 wrote to memory of 836	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 836	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 836	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2308 wrote to memory of 3020	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 3020	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 3020	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2308 wrote to memory of 2416	2308	2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_63962bf53a86b3e905b03c301aa703af_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2308
- C:\Windows\System\dhPjUuW.exe
  C:\Windows\System\dhPjUuW.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\CJjTIAt.exe
  C:\Windows\System\CJjTIAt.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\SDlNOHt.exe
  C:\Windows\System\SDlNOHt.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\HmmRekE.exe
  C:\Windows\System\HmmRekE.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\kVNiSuS.exe
  C:\Windows\System\kVNiSuS.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\NJSDwyC.exe
  C:\Windows\System\NJSDwyC.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\GxPQviF.exe
  C:\Windows\System\GxPQviF.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\AKMRNaP.exe
  C:\Windows\System\AKMRNaP.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\kRIwoMR.exe
  C:\Windows\System\kRIwoMR.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\QeSSfgT.exe
  C:\Windows\System\QeSSfgT.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\kjmewxI.exe
  C:\Windows\System\kjmewxI.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\IPyazIn.exe
  C:\Windows\System\IPyazIn.exe
  2⤵
  - Executes dropped EXE
  PID:2032
- C:\Windows\System\hzQoHzT.exe
  C:\Windows\System\hzQoHzT.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\cNweoof.exe
  C:\Windows\System\cNweoof.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\mTvxUlk.exe
  C:\Windows\System\mTvxUlk.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\uOxpAhk.exe
  C:\Windows\System\uOxpAhk.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\TqnKnIg.exe
  C:\Windows\System\TqnKnIg.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\mFzHqXi.exe
  C:\Windows\System\mFzHqXi.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\UVttygr.exe
  C:\Windows\System\UVttygr.exe
  2⤵
  - Executes dropped EXE
  PID:1984
- C:\Windows\System\tXoRohr.exe
  C:\Windows\System\tXoRohr.exe
  2⤵
  - Executes dropped EXE
  PID:836
- C:\Windows\System\xBAAilI.exe
  C:\Windows\System\xBAAilI.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\BOPQEet.exe
  C:\Windows\System\BOPQEet.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\TSwwwmi.exe
  C:\Windows\System\TSwwwmi.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\opzyvsz.exe
  C:\Windows\System\opzyvsz.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\uWdudRU.exe
  C:\Windows\System\uWdudRU.exe
  2⤵
  - Executes dropped EXE
  PID:676
- C:\Windows\System\qiNDsTq.exe
  C:\Windows\System\qiNDsTq.exe
  2⤵
  - Executes dropped EXE
  PID:560
- C:\Windows\System\rQhQtIT.exe
  C:\Windows\System\rQhQtIT.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\UdfEPPx.exe
  C:\Windows\System\UdfEPPx.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\XiZAXEp.exe
  C:\Windows\System\XiZAXEp.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\AlPEbrF.exe
  C:\Windows\System\AlPEbrF.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\BvHxorv.exe
  C:\Windows\System\BvHxorv.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\fpZbFpM.exe
  C:\Windows\System\fpZbFpM.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\QAOwqKT.exe
  C:\Windows\System\QAOwqKT.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\uLaNySS.exe
  C:\Windows\System\uLaNySS.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\EiCBncD.exe
  C:\Windows\System\EiCBncD.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\FmxIKef.exe
  C:\Windows\System\FmxIKef.exe
  2⤵
  - Executes dropped EXE
  PID:1088
- C:\Windows\System\kICYqLF.exe
  C:\Windows\System\kICYqLF.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\OOeUwVI.exe
  C:\Windows\System\OOeUwVI.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\HlLElpz.exe
  C:\Windows\System\HlLElpz.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\GmBZIws.exe
  C:\Windows\System\GmBZIws.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\SJFXDUj.exe
  C:\Windows\System\SJFXDUj.exe
  2⤵
  - Executes dropped EXE
  PID:1892
- C:\Windows\System\awNtbLz.exe
  C:\Windows\System\awNtbLz.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\JNTNdeJ.exe
  C:\Windows\System\JNTNdeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2544
- C:\Windows\System\CLVgGkm.exe
  C:\Windows\System\CLVgGkm.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\FeObbmu.exe
  C:\Windows\System\FeObbmu.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\NDehjnH.exe
  C:\Windows\System\NDehjnH.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\gyldNZd.exe
  C:\Windows\System\gyldNZd.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\czUwdHo.exe
  C:\Windows\System\czUwdHo.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\zKtnfqw.exe
  C:\Windows\System\zKtnfqw.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\RxRNQxL.exe
  C:\Windows\System\RxRNQxL.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\dzlygqh.exe
  C:\Windows\System\dzlygqh.exe
  2⤵
  - Executes dropped EXE
  PID:1104
- C:\Windows\System\oIKWfpV.exe
  C:\Windows\System\oIKWfpV.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\QteEbkt.exe
  C:\Windows\System\QteEbkt.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\NYBBTDh.exe
  C:\Windows\System\NYBBTDh.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\uLEFunV.exe
  C:\Windows\System\uLEFunV.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\QLzGEtT.exe
  C:\Windows\System\QLzGEtT.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\huwrjJS.exe
  C:\Windows\System\huwrjJS.exe
  2⤵
  - Executes dropped EXE
  PID:2708
- C:\Windows\System\iszRRsy.exe
  C:\Windows\System\iszRRsy.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\LmNpPOr.exe
  C:\Windows\System\LmNpPOr.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\HEdBpcf.exe
  C:\Windows\System\HEdBpcf.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\MzquXiX.exe
  C:\Windows\System\MzquXiX.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\fwyYaMn.exe
  C:\Windows\System\fwyYaMn.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\KWkZntH.exe
  C:\Windows\System\KWkZntH.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\BqHCcix.exe
  C:\Windows\System\BqHCcix.exe
  2⤵
  PID:2940
- C:\Windows\System\FpIzpTP.exe
  C:\Windows\System\FpIzpTP.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\sdbDGMD.exe
  C:\Windows\System\sdbDGMD.exe
  2⤵
  PID:112
- C:\Windows\System\riZmltY.exe
  C:\Windows\System\riZmltY.exe
  2⤵
  PID:1876
- C:\Windows\System\XECWXUb.exe
  C:\Windows\System\XECWXUb.exe
  2⤵
  PID:1796
- C:\Windows\System\sqUFtZr.exe
  C:\Windows\System\sqUFtZr.exe
  2⤵
  PID:1160
- C:\Windows\System\DqYDRCF.exe
  C:\Windows\System\DqYDRCF.exe
  2⤵
  PID:1728
- C:\Windows\System\YyzxTnX.exe
  C:\Windows\System\YyzxTnX.exe
  2⤵
  PID:1736
- C:\Windows\System\ftCosTa.exe
  C:\Windows\System\ftCosTa.exe
  2⤵
  PID:864
- C:\Windows\System\FRckZZk.exe
  C:\Windows\System\FRckZZk.exe
  2⤵
  PID:908
- C:\Windows\System\qbUyqKI.exe
  C:\Windows\System\qbUyqKI.exe
  2⤵
  PID:2216
- C:\Windows\System\GfRfXJX.exe
  C:\Windows\System\GfRfXJX.exe
  2⤵
  PID:2548
- C:\Windows\System\AEhPiTC.exe
  C:\Windows\System\AEhPiTC.exe
  2⤵
  PID:784
- C:\Windows\System\tbCexPc.exe
  C:\Windows\System\tbCexPc.exe
  2⤵
  PID:264
- C:\Windows\System\HcjHEEG.exe
  C:\Windows\System\HcjHEEG.exe
  2⤵
  PID:2508
- C:\Windows\System\kZnxdUL.exe
  C:\Windows\System\kZnxdUL.exe
  2⤵
  PID:900
- C:\Windows\System\koGGdxd.exe
  C:\Windows\System\koGGdxd.exe
  2⤵
  PID:2128
- C:\Windows\System\xNzAuqk.exe
  C:\Windows\System\xNzAuqk.exe
  2⤵
  PID:2608
- C:\Windows\System\LbfJyvF.exe
  C:\Windows\System\LbfJyvF.exe
  2⤵
  PID:2604
- C:\Windows\System\AMeWOBI.exe
  C:\Windows\System\AMeWOBI.exe
  2⤵
  PID:1708
- C:\Windows\System\xNpTWIv.exe
  C:\Windows\System\xNpTWIv.exe
  2⤵
  PID:2760
- C:\Windows\System\OKSLCgp.exe
  C:\Windows\System\OKSLCgp.exe
  2⤵
  PID:1772
- C:\Windows\System\JKAjcPm.exe
  C:\Windows\System\JKAjcPm.exe
  2⤵
  PID:2988
- C:\Windows\System\EvANLSU.exe
  C:\Windows\System\EvANLSU.exe
  2⤵
  PID:2428
- C:\Windows\System\BKpztde.exe
  C:\Windows\System\BKpztde.exe
  2⤵
  PID:2268
- C:\Windows\System\vOseFpM.exe
  C:\Windows\System\vOseFpM.exe
  2⤵
  PID:2496
- C:\Windows\System\zmHrvus.exe
  C:\Windows\System\zmHrvus.exe
  2⤵
  PID:2304
- C:\Windows\System\katYYxX.exe
  C:\Windows\System\katYYxX.exe
  2⤵
  PID:2024
- C:\Windows\System\CGqmJqs.exe
  C:\Windows\System\CGqmJqs.exe
  2⤵
  PID:1556
- C:\Windows\System\BbvncoO.exe
  C:\Windows\System\BbvncoO.exe
  2⤵
  PID:1908
- C:\Windows\System\upyBiJK.exe
  C:\Windows\System\upyBiJK.exe
  2⤵
  PID:1516
- C:\Windows\System\xIiwvgd.exe
  C:\Windows\System\xIiwvgd.exe
  2⤵
  PID:1784
- C:\Windows\System\GPUxvok.exe
  C:\Windows\System\GPUxvok.exe
  2⤵
  PID:1884
- C:\Windows\System\GAAQlMh.exe
  C:\Windows\System\GAAQlMh.exe
  2⤵
  PID:2260
- C:\Windows\System\DACXXgH.exe
  C:\Windows\System\DACXXgH.exe
  2⤵
  PID:2096
- C:\Windows\System\fXWwiRQ.exe
  C:\Windows\System\fXWwiRQ.exe
  2⤵
  PID:1604
- C:\Windows\System\DgAdJCG.exe
  C:\Windows\System\DgAdJCG.exe
  2⤵
  PID:2160
- C:\Windows\System\kYgOKuP.exe
  C:\Windows\System\kYgOKuP.exe
  2⤵
  PID:2756
- C:\Windows\System\CghJjOr.exe
  C:\Windows\System\CghJjOr.exe
  2⤵
  PID:2944
- C:\Windows\System\twhYllU.exe
  C:\Windows\System\twhYllU.exe
  2⤵
  PID:2004
- C:\Windows\System\jfgibrV.exe
  C:\Windows\System\jfgibrV.exe
  2⤵
  PID:1980
- C:\Windows\System\vzbWpkR.exe
  C:\Windows\System\vzbWpkR.exe
  2⤵
  PID:1148
- C:\Windows\System\AcPeklg.exe
  C:\Windows\System\AcPeklg.exe
  2⤵
  PID:2464
- C:\Windows\System\HohaNGg.exe
  C:\Windows\System\HohaNGg.exe
  2⤵
  PID:2520
- C:\Windows\System\ZyWABOL.exe
  C:\Windows\System\ZyWABOL.exe
  2⤵
  PID:2556
- C:\Windows\System\rMxqMzd.exe
  C:\Windows\System\rMxqMzd.exe
  2⤵
  PID:1552
- C:\Windows\System\TsgcAOt.exe
  C:\Windows\System\TsgcAOt.exe
  2⤵
  PID:1576
- C:\Windows\System\fspBVyp.exe
  C:\Windows\System\fspBVyp.exe
  2⤵
  PID:1100
- C:\Windows\System\aTshTAh.exe
  C:\Windows\System\aTshTAh.exe
  2⤵
  PID:2728
- C:\Windows\System\WhFKdZp.exe
  C:\Windows\System\WhFKdZp.exe
  2⤵
  PID:1200
- C:\Windows\System\sAdcjfL.exe
  C:\Windows\System\sAdcjfL.exe
  2⤵
  PID:1692
- C:\Windows\System\jTnALRU.exe
  C:\Windows\System\jTnALRU.exe
  2⤵
  PID:1456
- C:\Windows\System\RzbYDpm.exe
  C:\Windows\System\RzbYDpm.exe
  2⤵
  PID:2484
- C:\Windows\System\udajZLd.exe
  C:\Windows\System\udajZLd.exe
  2⤵
  PID:2276
- C:\Windows\System\PwPxwWU.exe
  C:\Windows\System\PwPxwWU.exe
  2⤵
  PID:2576
- C:\Windows\System\PyCNpuv.exe
  C:\Windows\System\PyCNpuv.exe
  2⤵
  PID:2272
- C:\Windows\System\XqmhFMT.exe
  C:\Windows\System\XqmhFMT.exe
  2⤵
  PID:2200
- C:\Windows\System\IDOnrsQ.exe
  C:\Windows\System\IDOnrsQ.exe
  2⤵
  PID:1816
- C:\Windows\System\wntsWmM.exe
  C:\Windows\System\wntsWmM.exe
  2⤵
  PID:3092
- C:\Windows\System\EPkJLTf.exe
  C:\Windows\System\EPkJLTf.exe
  2⤵
  PID:3112
- C:\Windows\System\UDGpDxF.exe
  C:\Windows\System\UDGpDxF.exe
  2⤵
  PID:3136
- C:\Windows\System\RWlznzB.exe
  C:\Windows\System\RWlznzB.exe
  2⤵
  PID:3156
- C:\Windows\System\kaffGxC.exe
  C:\Windows\System\kaffGxC.exe
  2⤵
  PID:3176
- C:\Windows\System\fYDKBcC.exe
  C:\Windows\System\fYDKBcC.exe
  2⤵
  PID:3192
- C:\Windows\System\srhwINA.exe
  C:\Windows\System\srhwINA.exe
  2⤵
  PID:3212
- C:\Windows\System\jtKLXhy.exe
  C:\Windows\System\jtKLXhy.exe
  2⤵
  PID:3232
- C:\Windows\System\vQAnpbR.exe
  C:\Windows\System\vQAnpbR.exe
  2⤵
  PID:3252
- C:\Windows\System\cMKPrQX.exe
  C:\Windows\System\cMKPrQX.exe
  2⤵
  PID:3280
- C:\Windows\System\OOtXBtM.exe
  C:\Windows\System\OOtXBtM.exe
  2⤵
  PID:3300
- C:\Windows\System\EtdCbgw.exe
  C:\Windows\System\EtdCbgw.exe
  2⤵
  PID:3316
- C:\Windows\System\MTbwvTM.exe
  C:\Windows\System\MTbwvTM.exe
  2⤵
  PID:3332
- C:\Windows\System\tfnPzXD.exe
  C:\Windows\System\tfnPzXD.exe
  2⤵
  PID:3348
- C:\Windows\System\ODfjCAN.exe
  C:\Windows\System\ODfjCAN.exe
  2⤵
  PID:3364
- C:\Windows\System\SksCPoF.exe
  C:\Windows\System\SksCPoF.exe
  2⤵
  PID:3380
- C:\Windows\System\BzQaMvp.exe
  C:\Windows\System\BzQaMvp.exe
  2⤵
  PID:3396
- C:\Windows\System\AAHYkpC.exe
  C:\Windows\System\AAHYkpC.exe
  2⤵
  PID:3412
- C:\Windows\System\yhUFVNK.exe
  C:\Windows\System\yhUFVNK.exe
  2⤵
  PID:3428
- C:\Windows\System\qpiuZyU.exe
  C:\Windows\System\qpiuZyU.exe
  2⤵
  PID:3444
- C:\Windows\System\ojrklxA.exe
  C:\Windows\System\ojrklxA.exe
  2⤵
  PID:3464
- C:\Windows\System\RUHOrOn.exe
  C:\Windows\System\RUHOrOn.exe
  2⤵
  PID:3480
- C:\Windows\System\voMfUiJ.exe
  C:\Windows\System\voMfUiJ.exe
  2⤵
  PID:3496
- C:\Windows\System\RdcreOO.exe
  C:\Windows\System\RdcreOO.exe
  2⤵
  PID:3512
- C:\Windows\System\oQbacPv.exe
  C:\Windows\System\oQbacPv.exe
  2⤵
  PID:3528
- C:\Windows\System\FhReoxV.exe
  C:\Windows\System\FhReoxV.exe
  2⤵
  PID:3544
- C:\Windows\System\MBdVABp.exe
  C:\Windows\System\MBdVABp.exe
  2⤵
  PID:3560
- C:\Windows\System\HCWhmGB.exe
  C:\Windows\System\HCWhmGB.exe
  2⤵
  PID:3576
- C:\Windows\System\LGpAkDa.exe
  C:\Windows\System\LGpAkDa.exe
  2⤵
  PID:3592
- C:\Windows\System\cIjsSYF.exe
  C:\Windows\System\cIjsSYF.exe
  2⤵
  PID:3608
- C:\Windows\System\ethfuOE.exe
  C:\Windows\System\ethfuOE.exe
  2⤵
  PID:3624
- C:\Windows\System\NeoYOCl.exe
  C:\Windows\System\NeoYOCl.exe
  2⤵
  PID:3640
- C:\Windows\System\FkkdhMC.exe
  C:\Windows\System\FkkdhMC.exe
  2⤵
  PID:3656
- C:\Windows\System\Wurnxej.exe
  C:\Windows\System\Wurnxej.exe
  2⤵
  PID:3672
- C:\Windows\System\Djlkjap.exe
  C:\Windows\System\Djlkjap.exe
  2⤵
  PID:3692
- C:\Windows\System\EjiubDW.exe
  C:\Windows\System\EjiubDW.exe
  2⤵
  PID:3708
- C:\Windows\System\eEVjudb.exe
  C:\Windows\System\eEVjudb.exe
  2⤵
  PID:3784
- C:\Windows\System\TVVpkwJ.exe
  C:\Windows\System\TVVpkwJ.exe
  2⤵
  PID:3852
- C:\Windows\System\avUrBUz.exe
  C:\Windows\System\avUrBUz.exe
  2⤵
  PID:3880
- C:\Windows\System\WMJUWbk.exe
  C:\Windows\System\WMJUWbk.exe
  2⤵
  PID:3904
- C:\Windows\System\UEdviGP.exe
  C:\Windows\System\UEdviGP.exe
  2⤵
  PID:3924
- C:\Windows\System\WuFmPhg.exe
  C:\Windows\System\WuFmPhg.exe
  2⤵
  PID:3944
- C:\Windows\System\PGEzyhT.exe
  C:\Windows\System\PGEzyhT.exe
  2⤵
  PID:3964
- C:\Windows\System\YeIXdFA.exe
  C:\Windows\System\YeIXdFA.exe
  2⤵
  PID:3984
- C:\Windows\System\YdmWcNU.exe
  C:\Windows\System\YdmWcNU.exe
  2⤵
  PID:4004
- C:\Windows\System\xrqciMX.exe
  C:\Windows\System\xrqciMX.exe
  2⤵
  PID:4024
- C:\Windows\System\FuFmhOV.exe
  C:\Windows\System\FuFmhOV.exe
  2⤵
  PID:4044
- C:\Windows\System\eIoOLOI.exe
  C:\Windows\System\eIoOLOI.exe
  2⤵
  PID:4064
- C:\Windows\System\nbBtfSB.exe
  C:\Windows\System\nbBtfSB.exe
  2⤵
  PID:4084
- C:\Windows\System\yMeKsOn.exe
  C:\Windows\System\yMeKsOn.exe
  2⤵
  PID:1500
- C:\Windows\System\aILQdPG.exe
  C:\Windows\System\aILQdPG.exe
  2⤵
  PID:1672
- C:\Windows\System\CTioQkz.exe
  C:\Windows\System\CTioQkz.exe
  2⤵
  PID:3088
- C:\Windows\System\oCtYlid.exe
  C:\Windows\System\oCtYlid.exe
  2⤵
  PID:3120
- C:\Windows\System\lTBUFxS.exe
  C:\Windows\System\lTBUFxS.exe
  2⤵
  PID:2512
- C:\Windows\System\RqtGYEq.exe
  C:\Windows\System\RqtGYEq.exe
  2⤵
  PID:1424
- C:\Windows\System\nQSyjyL.exe
  C:\Windows\System\nQSyjyL.exe
  2⤵
  PID:2812
- C:\Windows\System\TmeXlVz.exe
  C:\Windows\System\TmeXlVz.exe
  2⤵
  PID:3208
- C:\Windows\System\zdnqhXP.exe
  C:\Windows\System\zdnqhXP.exe
  2⤵
  PID:3144
- C:\Windows\System\RyzHccE.exe
  C:\Windows\System\RyzHccE.exe
  2⤵
  PID:3184
- C:\Windows\System\fAUVKJp.exe
  C:\Windows\System\fAUVKJp.exe
  2⤵
  PID:3296
- C:\Windows\System\uxnGPqc.exe
  C:\Windows\System\uxnGPqc.exe
  2⤵
  PID:3268
- C:\Windows\System\elvGxHi.exe
  C:\Windows\System\elvGxHi.exe
  2⤵
  PID:3312
- C:\Windows\System\Wejuhzo.exe
  C:\Windows\System\Wejuhzo.exe
  2⤵
  PID:3344
- C:\Windows\System\yVLnkAg.exe
  C:\Windows\System\yVLnkAg.exe
  2⤵
  PID:3376
- C:\Windows\System\GAUOFhp.exe
  C:\Windows\System\GAUOFhp.exe
  2⤵
  PID:3424
- C:\Windows\System\yjhvOkr.exe
  C:\Windows\System\yjhvOkr.exe
  2⤵
  PID:3440
- C:\Windows\System\MOfWOIM.exe
  C:\Windows\System\MOfWOIM.exe
  2⤵
  PID:3520
- C:\Windows\System\OLVXuwv.exe
  C:\Windows\System\OLVXuwv.exe
  2⤵
  PID:3536
- C:\Windows\System\LDIomYO.exe
  C:\Windows\System\LDIomYO.exe
  2⤵
  PID:3572
- C:\Windows\System\TtVjbUO.exe
  C:\Windows\System\TtVjbUO.exe
  2⤵
  PID:3616
- C:\Windows\System\wutxKYY.exe
  C:\Windows\System\wutxKYY.exe
  2⤵
  PID:3652
- C:\Windows\System\ZezkZOW.exe
  C:\Windows\System\ZezkZOW.exe
  2⤵
  PID:3684
- C:\Windows\System\rRTlsHX.exe
  C:\Windows\System\rRTlsHX.exe
  2⤵
  PID:3732
- C:\Windows\System\doNWMWh.exe
  C:\Windows\System\doNWMWh.exe
  2⤵
  PID:3752
- C:\Windows\System\cEgFbVq.exe
  C:\Windows\System\cEgFbVq.exe
  2⤵
  PID:3780
- C:\Windows\System\BeongcJ.exe
  C:\Windows\System\BeongcJ.exe
  2⤵
  PID:2952
- C:\Windows\System\ockHNzK.exe
  C:\Windows\System\ockHNzK.exe
  2⤵
  PID:2644
- C:\Windows\System\tAOiowN.exe
  C:\Windows\System\tAOiowN.exe
  2⤵
  PID:3808
- C:\Windows\System\WDxwLxv.exe
  C:\Windows\System\WDxwLxv.exe
  2⤵
  PID:3828
- C:\Windows\System\NwnttCb.exe
  C:\Windows\System\NwnttCb.exe
  2⤵
  PID:3848
- C:\Windows\System\kImFABl.exe
  C:\Windows\System\kImFABl.exe
  2⤵
  PID:3896
- C:\Windows\System\nIKPkdN.exe
  C:\Windows\System\nIKPkdN.exe
  2⤵
  PID:3960
- C:\Windows\System\HBjhtxg.exe
  C:\Windows\System\HBjhtxg.exe
  2⤵
  PID:3972
- C:\Windows\System\EBIGQes.exe
  C:\Windows\System\EBIGQes.exe
  2⤵
  PID:2912
- C:\Windows\System\IrOrCRL.exe
  C:\Windows\System\IrOrCRL.exe
  2⤵
  PID:4036
- C:\Windows\System\ciGJaDR.exe
  C:\Windows\System\ciGJaDR.exe
  2⤵
  PID:4080
- C:\Windows\System\eWAuDCe.exe
  C:\Windows\System\eWAuDCe.exe
  2⤵
  PID:2632
- C:\Windows\System\gYsQvUd.exe
  C:\Windows\System\gYsQvUd.exe
  2⤵
  PID:2152
- C:\Windows\System\duGCdng.exe
  C:\Windows\System\duGCdng.exe
  2⤵
  PID:1184
- C:\Windows\System\TMZVNWF.exe
  C:\Windows\System\TMZVNWF.exe
  2⤵
  PID:3128
- C:\Windows\System\pQNdrtU.exe
  C:\Windows\System\pQNdrtU.exe
  2⤵
  PID:3000
- C:\Windows\System\GoDvIkZ.exe
  C:\Windows\System\GoDvIkZ.exe
  2⤵
  PID:3188
- C:\Windows\System\srylMQX.exe
  C:\Windows\System\srylMQX.exe
  2⤵
  PID:3260
- C:\Windows\System\uRyHaEn.exe
  C:\Windows\System\uRyHaEn.exe
  2⤵
  PID:3264
- C:\Windows\System\ADLCCki.exe
  C:\Windows\System\ADLCCki.exe
  2⤵
  PID:3308
- C:\Windows\System\HNDfvuU.exe
  C:\Windows\System\HNDfvuU.exe
  2⤵
  PID:3056
- C:\Windows\System\wEZDtTD.exe
  C:\Windows\System\wEZDtTD.exe
  2⤵
  PID:3472
- C:\Windows\System\slGFlDP.exe
  C:\Windows\System\slGFlDP.exe
  2⤵
  PID:3492
- C:\Windows\System\zYYcfED.exe
  C:\Windows\System\zYYcfED.exe
  2⤵
  PID:3524
- C:\Windows\System\TVzcgry.exe
  C:\Windows\System\TVzcgry.exe
  2⤵
  PID:3588
- C:\Windows\System\wIMeiLj.exe
  C:\Windows\System\wIMeiLj.exe
  2⤵
  PID:3680
- C:\Windows\System\EnjXgxi.exe
  C:\Windows\System\EnjXgxi.exe
  2⤵
  PID:3740
- C:\Windows\System\mZvLhru.exe
  C:\Windows\System\mZvLhru.exe
  2⤵
  PID:3764
- C:\Windows\System\ItuuCtp.exe
  C:\Windows\System\ItuuCtp.exe
  2⤵
  PID:3868
- C:\Windows\System\Kigjggm.exe
  C:\Windows\System\Kigjggm.exe
  2⤵
  PID:3796
- C:\Windows\System\qGwrTep.exe
  C:\Windows\System\qGwrTep.exe
  2⤵
  PID:3888
- C:\Windows\System\qQXOeqa.exe
  C:\Windows\System\qQXOeqa.exe
  2⤵
  PID:3900
- C:\Windows\System\OCxXfAA.exe
  C:\Windows\System\OCxXfAA.exe
  2⤵
  PID:3936
- C:\Windows\System\QOApQiy.exe
  C:\Windows\System\QOApQiy.exe
  2⤵
  PID:3980
- C:\Windows\System\FWbuXAQ.exe
  C:\Windows\System\FWbuXAQ.exe
  2⤵
  PID:2704
- C:\Windows\System\PropRpF.exe
  C:\Windows\System\PropRpF.exe
  2⤵
  PID:1352
- C:\Windows\System\UmNjGzW.exe
  C:\Windows\System\UmNjGzW.exe
  2⤵
  PID:2460
- C:\Windows\System\nzWjdUR.exe
  C:\Windows\System\nzWjdUR.exe
  2⤵
  PID:2868
- C:\Windows\System\VjLxtGx.exe
  C:\Windows\System\VjLxtGx.exe
  2⤵
  PID:3228
- C:\Windows\System\bXMiNuv.exe
  C:\Windows\System\bXMiNuv.exe
  2⤵
  PID:1904
- C:\Windows\System\uIoNCmN.exe
  C:\Windows\System\uIoNCmN.exe
  2⤵
  PID:2752
- C:\Windows\System\TnBBSRn.exe
  C:\Windows\System\TnBBSRn.exe
  2⤵
  PID:3408
- C:\Windows\System\aNIzuiJ.exe
  C:\Windows\System\aNIzuiJ.exe
  2⤵
  PID:3568
- C:\Windows\System\lXjNYYa.exe
  C:\Windows\System\lXjNYYa.exe
  2⤵
  PID:3716
- C:\Windows\System\oIZTeRA.exe
  C:\Windows\System\oIZTeRA.exe
  2⤵
  PID:276
- C:\Windows\System\vdywavD.exe
  C:\Windows\System\vdywavD.exe
  2⤵
  PID:3876
- C:\Windows\System\XaozWeZ.exe
  C:\Windows\System\XaozWeZ.exe
  2⤵
  PID:3860
- C:\Windows\System\MJbbpsx.exe
  C:\Windows\System\MJbbpsx.exe
  2⤵
  PID:3844
- C:\Windows\System\qdcOpHM.exe
  C:\Windows\System\qdcOpHM.exe
  2⤵
  PID:3956
- C:\Windows\System\VtMdaVK.exe
  C:\Windows\System\VtMdaVK.exe
  2⤵
  PID:4032
- C:\Windows\System\gUQUqer.exe
  C:\Windows\System\gUQUqer.exe
  2⤵
  PID:2872
- C:\Windows\System\TkBfcrz.exe
  C:\Windows\System\TkBfcrz.exe
  2⤵
  PID:4104
- C:\Windows\System\rTUdKLy.exe
  C:\Windows\System\rTUdKLy.exe
  2⤵
  PID:4124
- C:\Windows\System\dvpjCov.exe
  C:\Windows\System\dvpjCov.exe
  2⤵
  PID:4144
- C:\Windows\System\YgrdjtO.exe
  C:\Windows\System\YgrdjtO.exe
  2⤵
  PID:4160
- C:\Windows\System\LZkcxiy.exe
  C:\Windows\System\LZkcxiy.exe
  2⤵
  PID:4184
- C:\Windows\System\cGKuySN.exe
  C:\Windows\System\cGKuySN.exe
  2⤵
  PID:4204
- C:\Windows\System\dJJJvVc.exe
  C:\Windows\System\dJJJvVc.exe
  2⤵
  PID:4228
- C:\Windows\System\lbvBvjd.exe
  C:\Windows\System\lbvBvjd.exe
  2⤵
  PID:4248
- C:\Windows\System\BcCFEAH.exe
  C:\Windows\System\BcCFEAH.exe
  2⤵
  PID:4268
- C:\Windows\System\xakyVlP.exe
  C:\Windows\System\xakyVlP.exe
  2⤵
  PID:4288
- C:\Windows\System\fsoiJnY.exe
  C:\Windows\System\fsoiJnY.exe
  2⤵
  PID:4312
- C:\Windows\System\PCGUblP.exe
  C:\Windows\System\PCGUblP.exe
  2⤵
  PID:4332
- C:\Windows\System\hKLoDrN.exe
  C:\Windows\System\hKLoDrN.exe
  2⤵
  PID:4352
- C:\Windows\System\jioTjnV.exe
  C:\Windows\System\jioTjnV.exe
  2⤵
  PID:4372
- C:\Windows\System\uGyOhWJ.exe
  C:\Windows\System\uGyOhWJ.exe
  2⤵
  PID:4392
- C:\Windows\System\sddPGsQ.exe
  C:\Windows\System\sddPGsQ.exe
  2⤵
  PID:4408
- C:\Windows\System\bBINGeg.exe
  C:\Windows\System\bBINGeg.exe
  2⤵
  PID:4432
- C:\Windows\System\qsSFwVA.exe
  C:\Windows\System\qsSFwVA.exe
  2⤵
  PID:4452
- C:\Windows\System\gPZrYnx.exe
  C:\Windows\System\gPZrYnx.exe
  2⤵
  PID:4472
- C:\Windows\System\DWeirdj.exe
  C:\Windows\System\DWeirdj.exe
  2⤵
  PID:4492
- C:\Windows\System\uGpdpbk.exe
  C:\Windows\System\uGpdpbk.exe
  2⤵
  PID:4512
- C:\Windows\System\CQHBShY.exe
  C:\Windows\System\CQHBShY.exe
  2⤵
  PID:4532
- C:\Windows\System\TrgbwSH.exe
  C:\Windows\System\TrgbwSH.exe
  2⤵
  PID:4552
- C:\Windows\System\iARJhBF.exe
  C:\Windows\System\iARJhBF.exe
  2⤵
  PID:4572
- C:\Windows\System\SmOZAzm.exe
  C:\Windows\System\SmOZAzm.exe
  2⤵
  PID:4592
- C:\Windows\System\aUvegZX.exe
  C:\Windows\System\aUvegZX.exe
  2⤵
  PID:4616
- C:\Windows\System\ACuxtvW.exe
  C:\Windows\System\ACuxtvW.exe
  2⤵
  PID:4640
- C:\Windows\System\iGrLBnR.exe
  C:\Windows\System\iGrLBnR.exe
  2⤵
  PID:4660
- C:\Windows\System\RbUCGeJ.exe
  C:\Windows\System\RbUCGeJ.exe
  2⤵
  PID:4680
- C:\Windows\System\wodTZio.exe
  C:\Windows\System\wodTZio.exe
  2⤵
  PID:4700
- C:\Windows\System\srWAqUt.exe
  C:\Windows\System\srWAqUt.exe
  2⤵
  PID:4720
- C:\Windows\System\TaVMPeu.exe
  C:\Windows\System\TaVMPeu.exe
  2⤵
  PID:4740
- C:\Windows\System\TGWFUpw.exe
  C:\Windows\System\TGWFUpw.exe
  2⤵
  PID:4760
- C:\Windows\System\PZafuIV.exe
  C:\Windows\System\PZafuIV.exe
  2⤵
  PID:4780
- C:\Windows\System\TOhQQCA.exe
  C:\Windows\System\TOhQQCA.exe
  2⤵
  PID:4800
- C:\Windows\System\KhrjjIe.exe
  C:\Windows\System\KhrjjIe.exe
  2⤵
  PID:4820
- C:\Windows\System\ZpWwyZr.exe
  C:\Windows\System\ZpWwyZr.exe
  2⤵
  PID:4840
- C:\Windows\System\glewoKl.exe
  C:\Windows\System\glewoKl.exe
  2⤵
  PID:4860
- C:\Windows\System\JLDuzbU.exe
  C:\Windows\System\JLDuzbU.exe
  2⤵
  PID:4884
- C:\Windows\System\oohGKxF.exe
  C:\Windows\System\oohGKxF.exe
  2⤵
  PID:4904
- C:\Windows\System\TezTHvZ.exe
  C:\Windows\System\TezTHvZ.exe
  2⤵
  PID:4924
- C:\Windows\System\CyDhkVk.exe
  C:\Windows\System\CyDhkVk.exe
  2⤵
  PID:4944
- C:\Windows\System\RGqysWR.exe
  C:\Windows\System\RGqysWR.exe
  2⤵
  PID:4964
- C:\Windows\System\qxqHNjB.exe
  C:\Windows\System\qxqHNjB.exe
  2⤵
  PID:4988
- C:\Windows\System\UjhyoxT.exe
  C:\Windows\System\UjhyoxT.exe
  2⤵
  PID:5008
- C:\Windows\System\AtEGbEM.exe
  C:\Windows\System\AtEGbEM.exe
  2⤵
  PID:5028
- C:\Windows\System\snJROVm.exe
  C:\Windows\System\snJROVm.exe
  2⤵
  PID:5048
- C:\Windows\System\OZTphfy.exe
  C:\Windows\System\OZTphfy.exe
  2⤵
  PID:5068
- C:\Windows\System\eqFIYgF.exe
  C:\Windows\System\eqFIYgF.exe
  2⤵
  PID:5088
- C:\Windows\System\ZouRVNd.exe
  C:\Windows\System\ZouRVNd.exe
  2⤵
  PID:5108
- C:\Windows\System\jlfllip.exe
  C:\Windows\System\jlfllip.exe
  2⤵
  PID:3168
- C:\Windows\System\hsXntmb.exe
  C:\Windows\System\hsXntmb.exe
  2⤵
  PID:3220
- C:\Windows\System\dvYRefG.exe
  C:\Windows\System\dvYRefG.exe
  2⤵
  PID:3420
- C:\Windows\System\WwASjYC.exe
  C:\Windows\System\WwASjYC.exe
  2⤵
  PID:2720
- C:\Windows\System\hlagUJH.exe
  C:\Windows\System\hlagUJH.exe
  2⤵
  PID:3744
- C:\Windows\System\dAqjMOh.exe
  C:\Windows\System\dAqjMOh.exe
  2⤵
  PID:3772
- C:\Windows\System\JGgvGFx.exe
  C:\Windows\System\JGgvGFx.exe
  2⤵
  PID:2980
- C:\Windows\System\vsZlyvq.exe
  C:\Windows\System\vsZlyvq.exe
  2⤵
  PID:1432
- C:\Windows\System\sunJZpu.exe
  C:\Windows\System\sunJZpu.exe
  2⤵
  PID:4020
- C:\Windows\System\fcbqNFD.exe
  C:\Windows\System\fcbqNFD.exe
  2⤵
  PID:4140
- C:\Windows\System\hJWcCTP.exe
  C:\Windows\System\hJWcCTP.exe
  2⤵
  PID:4172
- C:\Windows\System\tYWCjSD.exe
  C:\Windows\System\tYWCjSD.exe
  2⤵
  PID:4212
- C:\Windows\System\CJAIltl.exe
  C:\Windows\System\CJAIltl.exe
  2⤵
  PID:4216
- C:\Windows\System\kfkbnUh.exe
  C:\Windows\System\kfkbnUh.exe
  2⤵
  PID:4244
- C:\Windows\System\AZZzZuj.exe
  C:\Windows\System\AZZzZuj.exe
  2⤵
  PID:4276
- C:\Windows\System\TRFbdgd.exe
  C:\Windows\System\TRFbdgd.exe
  2⤵
  PID:4340
- C:\Windows\System\ZcXAyLr.exe
  C:\Windows\System\ZcXAyLr.exe
  2⤵
  PID:4328
- C:\Windows\System\vgrKTaR.exe
  C:\Windows\System\vgrKTaR.exe
  2⤵
  PID:4416
- C:\Windows\System\pUYvdZI.exe
  C:\Windows\System\pUYvdZI.exe
  2⤵
  PID:2780
- C:\Windows\System\ajutWUC.exe
  C:\Windows\System\ajutWUC.exe
  2⤵
  PID:4460
- C:\Windows\System\SnRwgIM.exe
  C:\Windows\System\SnRwgIM.exe
  2⤵
  PID:4500
- C:\Windows\System\ygthzII.exe
  C:\Windows\System\ygthzII.exe
  2⤵
  PID:4488
- C:\Windows\System\OXlocHp.exe
  C:\Windows\System\OXlocHp.exe
  2⤵
  PID:4548
- C:\Windows\System\jbkuEKv.exe
  C:\Windows\System\jbkuEKv.exe
  2⤵
  PID:4588
- C:\Windows\System\UtyjlwB.exe
  C:\Windows\System\UtyjlwB.exe
  2⤵
  PID:4600
- C:\Windows\System\iysqJwx.exe
  C:\Windows\System\iysqJwx.exe
  2⤵
  PID:4668
- C:\Windows\System\cNpBeDz.exe
  C:\Windows\System\cNpBeDz.exe
  2⤵
  PID:4652
- C:\Windows\System\dvSqgip.exe
  C:\Windows\System\dvSqgip.exe
  2⤵
  PID:4716
- C:\Windows\System\WrLvguO.exe
  C:\Windows\System\WrLvguO.exe
  2⤵
  PID:1180
- C:\Windows\System\BKrMsCV.exe
  C:\Windows\System\BKrMsCV.exe
  2⤵
  PID:4796
- C:\Windows\System\cNVFUIm.exe
  C:\Windows\System\cNVFUIm.exe
  2⤵
  PID:1216
- C:\Windows\System\awxuEHN.exe
  C:\Windows\System\awxuEHN.exe
  2⤵
  PID:4816
- C:\Windows\System\ldeReFp.exe
  C:\Windows\System\ldeReFp.exe
  2⤵
  PID:4852
- C:\Windows\System\PiFHxBZ.exe
  C:\Windows\System\PiFHxBZ.exe
  2⤵
  PID:4920
- C:\Windows\System\okHOmrd.exe
  C:\Windows\System\okHOmrd.exe
  2⤵
  PID:4940
- C:\Windows\System\okUTmdT.exe
  C:\Windows\System\okUTmdT.exe
  2⤵
  PID:4996
- C:\Windows\System\ouSMHOR.exe
  C:\Windows\System\ouSMHOR.exe
  2⤵
  PID:4976
- C:\Windows\System\fbUVVRC.exe
  C:\Windows\System\fbUVVRC.exe
  2⤵
  PID:5044
- C:\Windows\System\SkJnTHx.exe
  C:\Windows\System\SkJnTHx.exe
  2⤵
  PID:5116
- C:\Windows\System\yIypeTl.exe
  C:\Windows\System\yIypeTl.exe
  2⤵
  PID:5096
- C:\Windows\System\fRsQAjC.exe
  C:\Windows\System\fRsQAjC.exe
  2⤵
  PID:3324
- C:\Windows\System\IxnQssJ.exe
  C:\Windows\System\IxnQssJ.exe
  2⤵
  PID:3720
- C:\Windows\System\kqMnqas.exe
  C:\Windows\System\kqMnqas.exe
  2⤵
  PID:3100
- C:\Windows\System\MGdLgRf.exe
  C:\Windows\System\MGdLgRf.exe
  2⤵
  PID:3040
- C:\Windows\System\mcSgMKx.exe
  C:\Windows\System\mcSgMKx.exe
  2⤵
  PID:3976
- C:\Windows\System\jcTicDE.exe
  C:\Windows\System\jcTicDE.exe
  2⤵
  PID:4116
- C:\Windows\System\ysuqwOx.exe
  C:\Windows\System\ysuqwOx.exe
  2⤵
  PID:4180
- C:\Windows\System\qlgpggD.exe
  C:\Windows\System\qlgpggD.exe
  2⤵
  PID:4200
- C:\Windows\System\DGOARpd.exe
  C:\Windows\System\DGOARpd.exe
  2⤵
  PID:4264
- C:\Windows\System\CUGHFxZ.exe
  C:\Windows\System\CUGHFxZ.exe
  2⤵
  PID:4304
- C:\Windows\System\KeUWKLB.exe
  C:\Windows\System\KeUWKLB.exe
  2⤵
  PID:4428
- C:\Windows\System\QnWorCY.exe
  C:\Windows\System\QnWorCY.exe
  2⤵
  PID:4388
- C:\Windows\System\BvhLJRm.exe
  C:\Windows\System\BvhLJRm.exe
  2⤵
  PID:4420
- C:\Windows\System\aSnSQLe.exe
  C:\Windows\System\aSnSQLe.exe
  2⤵
  PID:4528
- C:\Windows\System\ZVgBtaY.exe
  C:\Windows\System\ZVgBtaY.exe
  2⤵
  PID:4580
- C:\Windows\System\KarJGXM.exe
  C:\Windows\System\KarJGXM.exe
  2⤵
  PID:4636
- C:\Windows\System\EIVkTok.exe
  C:\Windows\System\EIVkTok.exe
  2⤵
  PID:4688
- C:\Windows\System\TfBqbwY.exe
  C:\Windows\System\TfBqbwY.exe
  2⤵
  PID:4708
- C:\Windows\System\oFPXSat.exe
  C:\Windows\System\oFPXSat.exe
  2⤵
  PID:4756
- C:\Windows\System\adZpGfE.exe
  C:\Windows\System\adZpGfE.exe
  2⤵
  PID:4868
- C:\Windows\System\ipaewHA.exe
  C:\Windows\System\ipaewHA.exe
  2⤵
  PID:4952
- C:\Windows\System\DpjdTYd.exe
  C:\Windows\System\DpjdTYd.exe
  2⤵
  PID:5000
- C:\Windows\System\ZXHlpAk.exe
  C:\Windows\System\ZXHlpAk.exe
  2⤵
  PID:5020
- C:\Windows\System\xWappaF.exe
  C:\Windows\System\xWappaF.exe
  2⤵
  PID:3132
- C:\Windows\System\MibawAN.exe
  C:\Windows\System\MibawAN.exe
  2⤵
  PID:5060
- C:\Windows\System\VAIQcqt.exe
  C:\Windows\System\VAIQcqt.exe
  2⤵
  PID:2600
- C:\Windows\System\HyApzuq.exe
  C:\Windows\System\HyApzuq.exe
  2⤵
  PID:1064
- C:\Windows\System\nZiePFj.exe
  C:\Windows\System\nZiePFj.exe
  2⤵
  PID:4788
- C:\Windows\System\ZTqnDMw.exe
  C:\Windows\System\ZTqnDMw.exe
  2⤵
  PID:1144
- C:\Windows\System\HWpgqXL.exe
  C:\Windows\System\HWpgqXL.exe
  2⤵
  PID:4220
- C:\Windows\System\Srytrel.exe
  C:\Windows\System\Srytrel.exe
  2⤵
  PID:4380
- C:\Windows\System\UAAAKWB.exe
  C:\Windows\System\UAAAKWB.exe
  2⤵
  PID:4464
- C:\Windows\System\tqRxOLI.exe
  C:\Windows\System\tqRxOLI.exe
  2⤵
  PID:4568
- C:\Windows\System\ldEBLQI.exe
  C:\Windows\System\ldEBLQI.exe
  2⤵
  PID:4176
- C:\Windows\System\hAVHdni.exe
  C:\Windows\System\hAVHdni.exe
  2⤵
  PID:4560
- C:\Windows\System\tpZWwIu.exe
  C:\Windows\System\tpZWwIu.exe
  2⤵
  PID:2072
- C:\Windows\System\peUcBAC.exe
  C:\Windows\System\peUcBAC.exe
  2⤵
  PID:4836
- C:\Windows\System\LLsronp.exe
  C:\Windows\System\LLsronp.exe
  2⤵
  PID:4932
- C:\Windows\System\RoCWNWS.exe
  C:\Windows\System\RoCWNWS.exe
  2⤵
  PID:4900
- C:\Windows\System\FHlTQQC.exe
  C:\Windows\System\FHlTQQC.exe
  2⤵
  PID:5036
- C:\Windows\System\tjPTNaA.exe
  C:\Windows\System\tjPTNaA.exe
  2⤵
  PID:3460
- C:\Windows\System\fBUyVso.exe
  C:\Windows\System\fBUyVso.exe
  2⤵
  PID:4132
- C:\Windows\System\FPTkurV.exe
  C:\Windows\System\FPTkurV.exe
  2⤵
  PID:4260
- C:\Windows\System\WajqsmL.exe
  C:\Windows\System\WajqsmL.exe
  2⤵
  PID:4296
- C:\Windows\System\hgBsyyy.exe
  C:\Windows\System\hgBsyyy.exe
  2⤵
  PID:4504
- C:\Windows\System\KqOSbry.exe
  C:\Windows\System\KqOSbry.exe
  2⤵
  PID:4404
- C:\Windows\System\UlJimHw.exe
  C:\Windows\System\UlJimHw.exe
  2⤵
  PID:2844
- C:\Windows\System\xgorxdE.exe
  C:\Windows\System\xgorxdE.exe
  2⤵
  PID:4972
- C:\Windows\System\RwGbnEC.exe
  C:\Windows\System\RwGbnEC.exe
  2⤵
  PID:2436
- C:\Windows\System\WoQTazS.exe
  C:\Windows\System\WoQTazS.exe
  2⤵
  PID:2220
- C:\Windows\System\VnvLzxd.exe
  C:\Windows\System\VnvLzxd.exe
  2⤵
  PID:5132
- C:\Windows\System\YfJMhKx.exe
  C:\Windows\System\YfJMhKx.exe
  2⤵
  PID:5152
- C:\Windows\System\CFTURUc.exe
  C:\Windows\System\CFTURUc.exe
  2⤵
  PID:5172
- C:\Windows\System\QEZTDuT.exe
  C:\Windows\System\QEZTDuT.exe
  2⤵
  PID:5192
- C:\Windows\System\uXsANlr.exe
  C:\Windows\System\uXsANlr.exe
  2⤵
  PID:5212
- C:\Windows\System\VcjAEmF.exe
  C:\Windows\System\VcjAEmF.exe
  2⤵
  PID:5232
- C:\Windows\System\exslKLo.exe
  C:\Windows\System\exslKLo.exe
  2⤵
  PID:5252
- C:\Windows\System\kIpMNpH.exe
  C:\Windows\System\kIpMNpH.exe
  2⤵
  PID:5276
- C:\Windows\System\FlhZcZE.exe
  C:\Windows\System\FlhZcZE.exe
  2⤵
  PID:5296
- C:\Windows\System\oHWptde.exe
  C:\Windows\System\oHWptde.exe
  2⤵
  PID:5320
- C:\Windows\System\saweaIR.exe
  C:\Windows\System\saweaIR.exe
  2⤵
  PID:5340
- C:\Windows\System\KaCLecB.exe
  C:\Windows\System\KaCLecB.exe
  2⤵
  PID:5360
- C:\Windows\System\zASkecY.exe
  C:\Windows\System\zASkecY.exe
  2⤵
  PID:5380
- C:\Windows\System\JPhFZES.exe
  C:\Windows\System\JPhFZES.exe
  2⤵
  PID:5400
- C:\Windows\System\KODRZgj.exe
  C:\Windows\System\KODRZgj.exe
  2⤵
  PID:5420
- C:\Windows\System\YnNZlxM.exe
  C:\Windows\System\YnNZlxM.exe
  2⤵
  PID:5440
- C:\Windows\System\BmDSujQ.exe
  C:\Windows\System\BmDSujQ.exe
  2⤵
  PID:5460
- C:\Windows\System\MmraSkR.exe
  C:\Windows\System\MmraSkR.exe
  2⤵
  PID:5480
- C:\Windows\System\PUBxihb.exe
  C:\Windows\System\PUBxihb.exe
  2⤵
  PID:5588
- C:\Windows\System\lFVEuRq.exe
  C:\Windows\System\lFVEuRq.exe
  2⤵
  PID:5640
- C:\Windows\System\aQIbEci.exe
  C:\Windows\System\aQIbEci.exe
  2⤵
  PID:5656
- C:\Windows\System\UqqnEqP.exe
  C:\Windows\System\UqqnEqP.exe
  2⤵
  PID:5672
- C:\Windows\System\nMhnaYZ.exe
  C:\Windows\System\nMhnaYZ.exe
  2⤵
  PID:5688
- C:\Windows\System\ecufkar.exe
  C:\Windows\System\ecufkar.exe
  2⤵
  PID:5704
- C:\Windows\System\ljaVXgU.exe
  C:\Windows\System\ljaVXgU.exe
  2⤵
  PID:5720
- C:\Windows\System\OTsPRuz.exe
  C:\Windows\System\OTsPRuz.exe
  2⤵
  PID:5736
- C:\Windows\System\MvHRnqq.exe
  C:\Windows\System\MvHRnqq.exe
  2⤵
  PID:5752
- C:\Windows\System\bssHXXk.exe
  C:\Windows\System\bssHXXk.exe
  2⤵
  PID:5780
- C:\Windows\System\vJzfhOq.exe
  C:\Windows\System\vJzfhOq.exe
  2⤵
  PID:5800
- C:\Windows\System\wPfKBsq.exe
  C:\Windows\System\wPfKBsq.exe
  2⤵
  PID:5828
- C:\Windows\System\QMiCNLq.exe
  C:\Windows\System\QMiCNLq.exe
  2⤵
  PID:5848
- C:\Windows\System\VWOUKZb.exe
  C:\Windows\System\VWOUKZb.exe
  2⤵
  PID:5864
- C:\Windows\System\jYlpZdR.exe
  C:\Windows\System\jYlpZdR.exe
  2⤵
  PID:5880
- C:\Windows\System\acrqMfc.exe
  C:\Windows\System\acrqMfc.exe
  2⤵
  PID:5900
- C:\Windows\System\qrWFvGf.exe
  C:\Windows\System\qrWFvGf.exe
  2⤵
  PID:5916
- C:\Windows\System\GIvOSnG.exe
  C:\Windows\System\GIvOSnG.exe
  2⤵
  PID:5932
- C:\Windows\System\FqGSprr.exe
  C:\Windows\System\FqGSprr.exe
  2⤵
  PID:5948
- C:\Windows\System\TQqONsQ.exe
  C:\Windows\System\TQqONsQ.exe
  2⤵
  PID:5964
- C:\Windows\System\GRkiKmg.exe
  C:\Windows\System\GRkiKmg.exe
  2⤵
  PID:5980
- C:\Windows\System\WRDcGKy.exe
  C:\Windows\System\WRDcGKy.exe
  2⤵
  PID:6000
- C:\Windows\System\DtPiVjf.exe
  C:\Windows\System\DtPiVjf.exe
  2⤵
  PID:6016
- C:\Windows\System\dltUJvQ.exe
  C:\Windows\System\dltUJvQ.exe
  2⤵
  PID:6032
- C:\Windows\System\xJZYTJa.exe
  C:\Windows\System\xJZYTJa.exe
  2⤵
  PID:6048
- C:\Windows\System\kpTfpXH.exe
  C:\Windows\System\kpTfpXH.exe
  2⤵
  PID:6064
- C:\Windows\System\TWZprrE.exe
  C:\Windows\System\TWZprrE.exe
  2⤵
  PID:6080
- C:\Windows\System\gPeVfYX.exe
  C:\Windows\System\gPeVfYX.exe
  2⤵
  PID:6096
- C:\Windows\System\TYZsbhL.exe
  C:\Windows\System\TYZsbhL.exe
  2⤵
  PID:6112
- C:\Windows\System\HUGLrTV.exe
  C:\Windows\System\HUGLrTV.exe
  2⤵
  PID:6128
- C:\Windows\System\oEsCXKj.exe
  C:\Windows\System\oEsCXKj.exe
  2⤵
  PID:2736
- C:\Windows\System\FQxAzbY.exe
  C:\Windows\System\FQxAzbY.exe
  2⤵
  PID:2568
- C:\Windows\System\YfjWOVE.exe
  C:\Windows\System\YfjWOVE.exe
  2⤵
  PID:4196
- C:\Windows\System\ZOElzhb.exe
  C:\Windows\System\ZOElzhb.exe
  2⤵
  PID:4524
- C:\Windows\System\gUZlkFx.exe
  C:\Windows\System\gUZlkFx.exe
  2⤵
  PID:4648
- C:\Windows\System\eBRQYVd.exe
  C:\Windows\System\eBRQYVd.exe
  2⤵
  PID:4016
- C:\Windows\System\FAcSPpM.exe
  C:\Windows\System\FAcSPpM.exe
  2⤵
  PID:5080
- C:\Windows\System\rVfteVa.exe
  C:\Windows\System\rVfteVa.exe
  2⤵
  PID:2068
- C:\Windows\System\LmXZjXD.exe
  C:\Windows\System\LmXZjXD.exe
  2⤵
  PID:5148
- C:\Windows\System\dbGzNwc.exe
  C:\Windows\System\dbGzNwc.exe
  2⤵
  PID:5208
- C:\Windows\System\nqhppFZ.exe
  C:\Windows\System\nqhppFZ.exe
  2⤵
  PID:2384
- C:\Windows\System\MMHHEMZ.exe
  C:\Windows\System\MMHHEMZ.exe
  2⤵
  PID:5240
- C:\Windows\System\ylXkvzu.exe
  C:\Windows\System\ylXkvzu.exe
  2⤵
  PID:5292
- C:\Windows\System\cJLZaLe.exe
  C:\Windows\System\cJLZaLe.exe
  2⤵
  PID:5264
- C:\Windows\System\HxcdoAq.exe
  C:\Windows\System\HxcdoAq.exe
  2⤵
  PID:5308
- C:\Windows\System\aQeWhWD.exe
  C:\Windows\System\aQeWhWD.exe
  2⤵
  PID:5356
- C:\Windows\System\eCZWkyC.exe
  C:\Windows\System\eCZWkyC.exe
  2⤵
  PID:5372
- C:\Windows\System\cdqNUOo.exe
  C:\Windows\System\cdqNUOo.exe
  2⤵
  PID:5396
- C:\Windows\System\cHDnCxo.exe
  C:\Windows\System\cHDnCxo.exe
  2⤵
  PID:5448
- C:\Windows\System\PeKqGID.exe
  C:\Windows\System\PeKqGID.exe
  2⤵
  PID:5488
- C:\Windows\System\QYxGwTz.exe
  C:\Windows\System\QYxGwTz.exe
  2⤵
  PID:5476
- C:\Windows\System\espflIK.exe
  C:\Windows\System\espflIK.exe
  2⤵
  PID:1956
- C:\Windows\System\UDAURdD.exe
  C:\Windows\System\UDAURdD.exe
  2⤵
  PID:5516
- C:\Windows\System\RdqQHCI.exe
  C:\Windows\System\RdqQHCI.exe
  2⤵
  PID:2776
- C:\Windows\System\IiWNKRY.exe
  C:\Windows\System\IiWNKRY.exe
  2⤵
  PID:612
- C:\Windows\System\bUqtylk.exe
  C:\Windows\System\bUqtylk.exe
  2⤵
  PID:744
- C:\Windows\System\zqhpaIL.exe
  C:\Windows\System\zqhpaIL.exe
  2⤵
  PID:2748
- C:\Windows\System\MFYKrEe.exe
  C:\Windows\System\MFYKrEe.exe
  2⤵
  PID:1032
- C:\Windows\System\tSscSdT.exe
  C:\Windows\System\tSscSdT.exe
  2⤵
  PID:1972
- C:\Windows\System\nkEKozo.exe
  C:\Windows\System\nkEKozo.exe
  2⤵
  PID:2236
- C:\Windows\System\ntUCsMD.exe
  C:\Windows\System\ntUCsMD.exe
  2⤵
  PID:2992
- C:\Windows\System\gbcYpev.exe
  C:\Windows\System\gbcYpev.exe
  2⤵
  PID:2108
- C:\Windows\System\xGlWUjC.exe
  C:\Windows\System\xGlWUjC.exe
  2⤵
  PID:1920
- C:\Windows\System\ZknUiuI.exe
  C:\Windows\System\ZknUiuI.exe
  2⤵
  PID:2140
- C:\Windows\System\XNgbhfe.exe
  C:\Windows\System\XNgbhfe.exe
  2⤵
  PID:2828
- C:\Windows\System\SzuslOL.exe
  C:\Windows\System\SzuslOL.exe
  2⤵
  PID:5552
- C:\Windows\System\uOgHmOC.exe
  C:\Windows\System\uOgHmOC.exe
  2⤵
  PID:5584
- C:\Windows\System\cucqQLA.exe
  C:\Windows\System\cucqQLA.exe
  2⤵
  PID:5620
- C:\Windows\System\gEdBsDJ.exe
  C:\Windows\System\gEdBsDJ.exe
  2⤵
  PID:5652
- C:\Windows\System\mnIRPsV.exe
  C:\Windows\System\mnIRPsV.exe
  2⤵
  PID:5632
- C:\Windows\System\zJfNdLx.exe
  C:\Windows\System\zJfNdLx.exe
  2⤵
  PID:5716
- C:\Windows\System\QNfBBea.exe
  C:\Windows\System\QNfBBea.exe
  2⤵
  PID:5760
- C:\Windows\System\JXsZKkw.exe
  C:\Windows\System\JXsZKkw.exe
  2⤵
  PID:5776
- C:\Windows\System\OCgqKlM.exe
  C:\Windows\System\OCgqKlM.exe
  2⤵
  PID:5820
- C:\Windows\System\iQkUTir.exe
  C:\Windows\System\iQkUTir.exe
  2⤵
  PID:5824
- C:\Windows\System\BAWxEuJ.exe
  C:\Windows\System\BAWxEuJ.exe
  2⤵
  PID:5892
- C:\Windows\System\szAaRVs.exe
  C:\Windows\System\szAaRVs.exe
  2⤵
  PID:5972
- C:\Windows\System\UPsxVyu.exe
  C:\Windows\System\UPsxVyu.exe
  2⤵
  PID:6044
- C:\Windows\System\hqmMwPe.exe
  C:\Windows\System\hqmMwPe.exe
  2⤵
  PID:5924
- C:\Windows\System\uRzbMDX.exe
  C:\Windows\System\uRzbMDX.exe
  2⤵
  PID:6056
- C:\Windows\System\StmICgc.exe
  C:\Windows\System\StmICgc.exe
  2⤵
  PID:6092
- C:\Windows\System\bsbImkJ.exe
  C:\Windows\System\bsbImkJ.exe
  2⤵
  PID:6124
- C:\Windows\System\ukEpALl.exe
  C:\Windows\System\ukEpALl.exe
  2⤵
  PID:4540
- C:\Windows\System\YHuHrtf.exe
  C:\Windows\System\YHuHrtf.exe
  2⤵
  PID:5168
- C:\Windows\System\UWDJToW.exe
  C:\Windows\System\UWDJToW.exe
  2⤵
  PID:5200
- C:\Windows\System\IknYqLv.exe
  C:\Windows\System\IknYqLv.exe
  2⤵
  PID:5244
- C:\Windows\System\FZSxEPL.exe
  C:\Windows\System\FZSxEPL.exe
  2⤵
  PID:5304
- C:\Windows\System\TPeauxA.exe
  C:\Windows\System\TPeauxA.exe
  2⤵
  PID:5388
- C:\Windows\System\mrZCjwO.exe
  C:\Windows\System\mrZCjwO.exe
  2⤵
  PID:1664
- C:\Windows\System\HcASNdc.exe
  C:\Windows\System\HcASNdc.exe
  2⤵
  PID:5452
- C:\Windows\System\hQXJlIK.exe
  C:\Windows\System\hQXJlIK.exe
  2⤵
  PID:1264
- C:\Windows\System\fEBfZwB.exe
  C:\Windows\System\fEBfZwB.exe
  2⤵
  PID:2132
- C:\Windows\System\dsPuiQE.exe
  C:\Windows\System\dsPuiQE.exe
  2⤵
  PID:2328
- C:\Windows\System\xhysmKi.exe
  C:\Windows\System\xhysmKi.exe
  2⤵
  PID:1080
- C:\Windows\System\lIunnLa.exe
  C:\Windows\System\lIunnLa.exe
  2⤵
  PID:2860
- C:\Windows\System\WGcBNKC.exe
  C:\Windows\System\WGcBNKC.exe
  2⤵
  PID:2228
- C:\Windows\System\AcuREgh.exe
  C:\Windows\System\AcuREgh.exe
  2⤵
  PID:5524
- C:\Windows\System\lWLLRZS.exe
  C:\Windows\System\lWLLRZS.exe
  2⤵
  PID:5536
- C:\Windows\System\eDOSpRn.exe
  C:\Windows\System\eDOSpRn.exe
  2⤵
  PID:5648
- C:\Windows\System\pzEeYsR.exe
  C:\Windows\System\pzEeYsR.exe
  2⤵
  PID:5696
- C:\Windows\System\XUcAPMn.exe
  C:\Windows\System\XUcAPMn.exe
  2⤵
  PID:5628
- C:\Windows\System\YXMrSLI.exe
  C:\Windows\System\YXMrSLI.exe
  2⤵
  PID:5896
- C:\Windows\System\VuCQhRD.exe
  C:\Windows\System\VuCQhRD.exe
  2⤵
  PID:5956
- C:\Windows\System\iSSiZak.exe
  C:\Windows\System\iSSiZak.exe
  2⤵
  PID:5960
- C:\Windows\System\fpULkPl.exe
  C:\Windows\System\fpULkPl.exe
  2⤵
  PID:4384
- C:\Windows\System\RGQiqzW.exe
  C:\Windows\System\RGQiqzW.exe
  2⤵
  PID:5184
- C:\Windows\System\ibXkHvD.exe
  C:\Windows\System\ibXkHvD.exe
  2⤵
  PID:5140
- C:\Windows\System\LaXvEqv.exe
  C:\Windows\System\LaXvEqv.exe
  2⤵
  PID:4956
- C:\Windows\System\aVDTMZO.exe
  C:\Windows\System\aVDTMZO.exe
  2⤵
  PID:5332
- C:\Windows\System\afZpeGk.exe
  C:\Windows\System\afZpeGk.exe
  2⤵
  PID:5188
- C:\Windows\System\FRqlqoE.exe
  C:\Windows\System\FRqlqoE.exe
  2⤵
  PID:5456
- C:\Windows\System\YlVdxGj.exe
  C:\Windows\System\YlVdxGj.exe
  2⤵
  PID:1380
- C:\Windows\System\EdnPTPu.exe
  C:\Windows\System\EdnPTPu.exe
  2⤵
  PID:1068
- C:\Windows\System\wnovGsJ.exe
  C:\Windows\System\wnovGsJ.exe
  2⤵
  PID:5576
- C:\Windows\System\jyfzmtv.exe
  C:\Windows\System\jyfzmtv.exe
  2⤵
  PID:5520
- C:\Windows\System\mEejioh.exe
  C:\Windows\System\mEejioh.exe
  2⤵
  PID:5512
- C:\Windows\System\nzezbLC.exe
  C:\Windows\System\nzezbLC.exe
  2⤵
  PID:5616
- C:\Windows\System\HnFXlSJ.exe
  C:\Windows\System\HnFXlSJ.exe
  2⤵
  PID:5284
- C:\Windows\System\uwTqKkC.exe
  C:\Windows\System\uwTqKkC.exe
  2⤵
  PID:5836
- C:\Windows\System\QDcoTFq.exe
  C:\Windows\System\QDcoTFq.exe
  2⤵
  PID:5888
- C:\Windows\System\gmjWiyK.exe
  C:\Windows\System\gmjWiyK.exe
  2⤵
  PID:3632
- C:\Windows\System\EUNnpXU.exe
  C:\Windows\System\EUNnpXU.exe
  2⤵
  PID:4876
- C:\Windows\System\XPwIueR.exe
  C:\Windows\System\XPwIueR.exe
  2⤵
  PID:6120
- C:\Windows\System\vEaEoMj.exe
  C:\Windows\System\vEaEoMj.exe
  2⤵
  PID:4324
- C:\Windows\System\fWvyTtn.exe
  C:\Windows\System\fWvyTtn.exe
  2⤵
  PID:2896
- C:\Windows\System\tJgXLgJ.exe
  C:\Windows\System\tJgXLgJ.exe
  2⤵
  PID:2656
- C:\Windows\System\ktXgWVC.exe
  C:\Windows\System\ktXgWVC.exe
  2⤵
  PID:6040
- C:\Windows\System\yhIhyhZ.exe
  C:\Windows\System\yhIhyhZ.exe
  2⤵
  PID:5940
- C:\Windows\System\piPKJgj.exe
  C:\Windows\System\piPKJgj.exe
  2⤵
  PID:2996
- C:\Windows\System\ChnVYpp.exe
  C:\Windows\System\ChnVYpp.exe
  2⤵
  PID:5348
- C:\Windows\System\wSWiCbG.exe
  C:\Windows\System\wSWiCbG.exe
  2⤵
  PID:2020
- C:\Windows\System\eaxrAJM.exe
  C:\Windows\System\eaxrAJM.exe
  2⤵
  PID:5768
- C:\Windows\System\GnrTyLE.exe
  C:\Windows\System\GnrTyLE.exe
  2⤵
  PID:5668
- C:\Windows\System\fwUTQxD.exe
  C:\Windows\System\fwUTQxD.exe
  2⤵
  PID:2256
- C:\Windows\System\keYuXAw.exe
  C:\Windows\System\keYuXAw.exe
  2⤵
  PID:1524
- C:\Windows\System\HyFeESU.exe
  C:\Windows\System\HyFeESU.exe
  2⤵
  PID:5748
- C:\Windows\System\hPxSWpA.exe
  C:\Windows\System\hPxSWpA.exe
  2⤵
  PID:5432
- C:\Windows\System\IEFNfiq.exe
  C:\Windows\System\IEFNfiq.exe
  2⤵
  PID:5912
- C:\Windows\System\adjYsOR.exe
  C:\Windows\System\adjYsOR.exe
  2⤵
  PID:1324
- C:\Windows\System\dNJgoqS.exe
  C:\Windows\System\dNJgoqS.exe
  2⤵
  PID:2420
- C:\Windows\System\NPMKcsK.exe
  C:\Windows\System\NPMKcsK.exe
  2⤵
  PID:5100
- C:\Windows\System\LjAqSog.exe
  C:\Windows\System\LjAqSog.exe
  2⤵
  PID:1356
- C:\Windows\System\pVPtget.exe
  C:\Windows\System\pVPtget.exe
  2⤵
  PID:5260
- C:\Windows\System\qANrnjd.exe
  C:\Windows\System\qANrnjd.exe
  2⤵
  PID:5944
- C:\Windows\System\PjmNaTK.exe
  C:\Windows\System\PjmNaTK.exe
  2⤵
  PID:5764
- C:\Windows\System\zYSwPUW.exe
  C:\Windows\System\zYSwPUW.exe
  2⤵
  PID:1240
- C:\Windows\System\jbzohnL.exe
  C:\Windows\System\jbzohnL.exe
  2⤵
  PID:2888
- C:\Windows\System\vhlaUMB.exe
  C:\Windows\System\vhlaUMB.exe
  2⤵
  PID:6140
- C:\Windows\System\fFsnqDp.exe
  C:\Windows\System\fFsnqDp.exe
  2⤵
  PID:5992
- C:\Windows\System\OOZCkgU.exe
  C:\Windows\System\OOZCkgU.exe
  2⤵
  PID:5416
- C:\Windows\System\bkVwrYA.exe
  C:\Windows\System\bkVwrYA.exe
  2⤵
  PID:5808
- C:\Windows\System\ynIDRIk.exe
  C:\Windows\System\ynIDRIk.exe
  2⤵
  PID:5636
- C:\Windows\System\fxHxcxA.exe
  C:\Windows\System\fxHxcxA.exe
  2⤵
  PID:2884
- C:\Windows\System\pjCHZgL.exe
  C:\Windows\System\pjCHZgL.exe
  2⤵
  PID:6160
- C:\Windows\System\wzJUKBI.exe
  C:\Windows\System\wzJUKBI.exe
  2⤵
  PID:6184
- C:\Windows\System\ZsHNnSK.exe
  C:\Windows\System\ZsHNnSK.exe
  2⤵
  PID:6204
- C:\Windows\System\leCIbPq.exe
  C:\Windows\System\leCIbPq.exe
  2⤵
  PID:6224
- C:\Windows\System\cEPpQua.exe
  C:\Windows\System\cEPpQua.exe
  2⤵
  PID:6248
- C:\Windows\System\pXUtDqa.exe
  C:\Windows\System\pXUtDqa.exe
  2⤵
  PID:6284
- C:\Windows\System\ohEGFNI.exe
  C:\Windows\System\ohEGFNI.exe
  2⤵
  PID:6300
- C:\Windows\System\EtIcWtf.exe
  C:\Windows\System\EtIcWtf.exe
  2⤵
  PID:6324
- C:\Windows\System\oiuLhqD.exe
  C:\Windows\System\oiuLhqD.exe
  2⤵
  PID:6340
- C:\Windows\System\eQwjJJx.exe
  C:\Windows\System\eQwjJJx.exe
  2⤵
  PID:6356
- C:\Windows\System\LibNxCz.exe
  C:\Windows\System\LibNxCz.exe
  2⤵
  PID:6380
- C:\Windows\System\VFpZRfH.exe
  C:\Windows\System\VFpZRfH.exe
  2⤵
  PID:6396
- C:\Windows\System\hXDZgch.exe
  C:\Windows\System\hXDZgch.exe
  2⤵
  PID:6412
- C:\Windows\System\JxYPPpE.exe
  C:\Windows\System\JxYPPpE.exe
  2⤵
  PID:6432
- C:\Windows\System\DgUpzAM.exe
  C:\Windows\System\DgUpzAM.exe
  2⤵
  PID:6452
- C:\Windows\System\CHLCcnA.exe
  C:\Windows\System\CHLCcnA.exe
  2⤵
  PID:6484
- C:\Windows\System\sMQqMNQ.exe
  C:\Windows\System\sMQqMNQ.exe
  2⤵
  PID:6500
- C:\Windows\System\FvUIeXQ.exe
  C:\Windows\System\FvUIeXQ.exe
  2⤵
  PID:6520
- C:\Windows\System\UTZUizA.exe
  C:\Windows\System\UTZUizA.exe
  2⤵
  PID:6540
- C:\Windows\System\FiIcOCx.exe
  C:\Windows\System\FiIcOCx.exe
  2⤵
  PID:6560
- C:\Windows\System\ovaPLRQ.exe
  C:\Windows\System\ovaPLRQ.exe
  2⤵
  PID:6576
- C:\Windows\System\KonDMtY.exe
  C:\Windows\System\KonDMtY.exe
  2⤵
  PID:6596
- C:\Windows\System\JPWhpSS.exe
  C:\Windows\System\JPWhpSS.exe
  2⤵
  PID:6612
- C:\Windows\System\bvDwaER.exe
  C:\Windows\System\bvDwaER.exe
  2⤵
  PID:6644
- C:\Windows\System\nxdVHbU.exe
  C:\Windows\System\nxdVHbU.exe
  2⤵
  PID:6660
- C:\Windows\System\rjDgbqH.exe
  C:\Windows\System\rjDgbqH.exe
  2⤵
  PID:6684
- C:\Windows\System\BNLlpSB.exe
  C:\Windows\System\BNLlpSB.exe
  2⤵
  PID:6704
- C:\Windows\System\qxFpXWk.exe
  C:\Windows\System\qxFpXWk.exe
  2⤵
  PID:6728
- C:\Windows\System\KIqpBTN.exe
  C:\Windows\System\KIqpBTN.exe
  2⤵
  PID:6744
- C:\Windows\System\TyEUVwq.exe
  C:\Windows\System\TyEUVwq.exe
  2⤵
  PID:6764
- C:\Windows\System\dgLHdZQ.exe
  C:\Windows\System\dgLHdZQ.exe
  2⤵
  PID:6780
- C:\Windows\System\jDzXHiK.exe
  C:\Windows\System\jDzXHiK.exe
  2⤵
  PID:6808
- C:\Windows\System\UzOEIAs.exe
  C:\Windows\System\UzOEIAs.exe
  2⤵
  PID:6824
- C:\Windows\System\yROOszT.exe
  C:\Windows\System\yROOszT.exe
  2⤵
  PID:6848
- C:\Windows\System\tQzPtfJ.exe
  C:\Windows\System\tQzPtfJ.exe
  2⤵
  PID:6864
- C:\Windows\System\tBHAEpS.exe
  C:\Windows\System\tBHAEpS.exe
  2⤵
  PID:6892
- C:\Windows\System\HhepsZH.exe
  C:\Windows\System\HhepsZH.exe
  2⤵
  PID:6916
- C:\Windows\System\ZtdSEVL.exe
  C:\Windows\System\ZtdSEVL.exe
  2⤵
  PID:6932
- C:\Windows\System\cPDxHoH.exe
  C:\Windows\System\cPDxHoH.exe
  2⤵
  PID:6956
- C:\Windows\System\GLmPSWi.exe
  C:\Windows\System\GLmPSWi.exe
  2⤵
  PID:6976
- C:\Windows\System\AnMkUCR.exe
  C:\Windows\System\AnMkUCR.exe
  2⤵
  PID:6992
- C:\Windows\System\FAtsmdK.exe
  C:\Windows\System\FAtsmdK.exe
  2⤵
  PID:7016
- C:\Windows\System\IrGFuuQ.exe
  C:\Windows\System\IrGFuuQ.exe
  2⤵
  PID:7032
- C:\Windows\System\UnHjWqX.exe
  C:\Windows\System\UnHjWqX.exe
  2⤵
  PID:7048
- C:\Windows\System\FndobXE.exe
  C:\Windows\System\FndobXE.exe
  2⤵
  PID:7064
- C:\Windows\System\TcUUmTM.exe
  C:\Windows\System\TcUUmTM.exe
  2⤵
  PID:7092
- C:\Windows\System\SJTbBfx.exe
  C:\Windows\System\SJTbBfx.exe
  2⤵
  PID:7116
- C:\Windows\System\jXdfegR.exe
  C:\Windows\System\jXdfegR.exe
  2⤵
  PID:7136
- C:\Windows\System\RKxOTEd.exe
  C:\Windows\System\RKxOTEd.exe
  2⤵
  PID:7152
- C:\Windows\System\uIHAoOS.exe
  C:\Windows\System\uIHAoOS.exe
  2⤵
  PID:6168
- C:\Windows\System\LfshVxl.exe
  C:\Windows\System\LfshVxl.exe
  2⤵
  PID:6196
- C:\Windows\System\LeKwGqP.exe
  C:\Windows\System\LeKwGqP.exe
  2⤵
  PID:6220
- C:\Windows\System\CAehZxe.exe
  C:\Windows\System\CAehZxe.exe
  2⤵
  PID:2572
- C:\Windows\System\gAcXxQh.exe
  C:\Windows\System\gAcXxQh.exe
  2⤵
  PID:6200
- C:\Windows\System\zhUmEPc.exe
  C:\Windows\System\zhUmEPc.exe
  2⤵
  PID:6240
- C:\Windows\System\MJBOadW.exe
  C:\Windows\System\MJBOadW.exe
  2⤵
  PID:6308
- C:\Windows\System\WAUUQhk.exe
  C:\Windows\System\WAUUQhk.exe
  2⤵
  PID:6348
- C:\Windows\System\dFXmBDJ.exe
  C:\Windows\System\dFXmBDJ.exe
  2⤵
  PID:6376
- C:\Windows\System\BEQOvBo.exe
  C:\Windows\System\BEQOvBo.exe
  2⤵
  PID:6420
- C:\Windows\System\qGiALNf.exe
  C:\Windows\System\qGiALNf.exe
  2⤵
  PID:6408
- C:\Windows\System\hpAwtYQ.exe
  C:\Windows\System\hpAwtYQ.exe
  2⤵
  PID:6476
- C:\Windows\System\TcTQbEW.exe
  C:\Windows\System\TcTQbEW.exe
  2⤵
  PID:6496
- C:\Windows\System\ZpIXPOL.exe
  C:\Windows\System\ZpIXPOL.exe
  2⤵
  PID:6532
- C:\Windows\System\yPWdthw.exe
  C:\Windows\System\yPWdthw.exe
  2⤵
  PID:6584
- C:\Windows\System\VfXpGCg.exe
  C:\Windows\System\VfXpGCg.exe
  2⤵
  PID:6620
- C:\Windows\System\jtumhmC.exe
  C:\Windows\System\jtumhmC.exe
  2⤵
  PID:6572
- C:\Windows\System\tYYNius.exe
  C:\Windows\System\tYYNius.exe
  2⤵
  PID:6656
- C:\Windows\System\cmHUgNn.exe
  C:\Windows\System\cmHUgNn.exe
  2⤵
  PID:6712
- C:\Windows\System\cFWoIpS.exe
  C:\Windows\System\cFWoIpS.exe
  2⤵
  PID:6716
- C:\Windows\System\YPucgDo.exe
  C:\Windows\System\YPucgDo.exe
  2⤵
  PID:6740
- C:\Windows\System\mjlKkIp.exe
  C:\Windows\System\mjlKkIp.exe
  2⤵
  PID:6800
- C:\Windows\System\KaDdQhO.exe
  C:\Windows\System\KaDdQhO.exe
  2⤵
  PID:6816
- C:\Windows\System\mahsVmu.exe
  C:\Windows\System\mahsVmu.exe
  2⤵
  PID:6876
- C:\Windows\System\yssCIBy.exe
  C:\Windows\System\yssCIBy.exe
  2⤵
  PID:6908
- C:\Windows\System\YluOPBr.exe
  C:\Windows\System\YluOPBr.exe
  2⤵
  PID:6952
- C:\Windows\System\vhHhLzN.exe
  C:\Windows\System\vhHhLzN.exe
  2⤵
  PID:6968
- C:\Windows\System\nJThdCi.exe
  C:\Windows\System\nJThdCi.exe
  2⤵
  PID:7008
- C:\Windows\System\jpDQzbr.exe
  C:\Windows\System\jpDQzbr.exe
  2⤵
  PID:7044
- C:\Windows\System\wgPLTif.exe
  C:\Windows\System\wgPLTif.exe
  2⤵
  PID:7080
- C:\Windows\System\AdBSZEo.exe
  C:\Windows\System\AdBSZEo.exe
  2⤵
  PID:7104
- C:\Windows\System\nmrzbsU.exe
  C:\Windows\System\nmrzbsU.exe
  2⤵
  PID:7132
- C:\Windows\System\GprffrN.exe
  C:\Windows\System\GprffrN.exe
  2⤵
  PID:5684
- C:\Windows\System\kwkNZXs.exe
  C:\Windows\System\kwkNZXs.exe
  2⤵
  PID:6176
- C:\Windows\System\ZGKxDSw.exe
  C:\Windows\System\ZGKxDSw.exe
  2⤵
  PID:932
- C:\Windows\System\CSQYalM.exe
  C:\Windows\System\CSQYalM.exe
  2⤵
  PID:6296
- C:\Windows\System\mPDJrHZ.exe
  C:\Windows\System\mPDJrHZ.exe
  2⤵
  PID:6332
- C:\Windows\System\qbgzgWw.exe
  C:\Windows\System\qbgzgWw.exe
  2⤵
  PID:6392
- C:\Windows\System\llGWsPu.exe
  C:\Windows\System\llGWsPu.exe
  2⤵
  PID:6464
- C:\Windows\System\pzRkwDF.exe
  C:\Windows\System\pzRkwDF.exe
  2⤵
  PID:6492
- C:\Windows\System\TpIfSsz.exe
  C:\Windows\System\TpIfSsz.exe
  2⤵
  PID:6636
- C:\Windows\System\WOMLLGb.exe
  C:\Windows\System\WOMLLGb.exe
  2⤵
  PID:6528
- C:\Windows\System\lpqSSsq.exe
  C:\Windows\System\lpqSSsq.exe
  2⤵
  PID:6592
- C:\Windows\System\NecLrol.exe
  C:\Windows\System\NecLrol.exe
  2⤵
  PID:6720
- C:\Windows\System\WrQXFTz.exe
  C:\Windows\System\WrQXFTz.exe
  2⤵
  PID:6796
- C:\Windows\System\HjQhjqC.exe
  C:\Windows\System\HjQhjqC.exe
  2⤵
  PID:6792
- C:\Windows\System\CvguZVR.exe
  C:\Windows\System\CvguZVR.exe
  2⤵
  PID:6924
- C:\Windows\System\ZujSDbR.exe
  C:\Windows\System\ZujSDbR.exe
  2⤵
  PID:6928
- C:\Windows\System\amJoJJp.exe
  C:\Windows\System\amJoJJp.exe
  2⤵
  PID:7040
- C:\Windows\System\jAVcGwk.exe
  C:\Windows\System\jAVcGwk.exe
  2⤵
  PID:7076
- C:\Windows\System\XWliLGF.exe
  C:\Windows\System\XWliLGF.exe
  2⤵
  PID:7164
- C:\Windows\System\JPqyUrp.exe
  C:\Windows\System\JPqyUrp.exe
  2⤵
  PID:6212
- C:\Windows\System\JBCpfIS.exe
  C:\Windows\System\JBCpfIS.exe
  2⤵
  PID:2920
- C:\Windows\System\fAvEErQ.exe
  C:\Windows\System\fAvEErQ.exe
  2⤵
  PID:6276
- C:\Windows\System\lEocPKC.exe
  C:\Windows\System\lEocPKC.exe
  2⤵
  PID:6320
- C:\Windows\System\BFFvZlu.exe
  C:\Windows\System\BFFvZlu.exe
  2⤵
  PID:6364
- C:\Windows\System\kkuVjfJ.exe
  C:\Windows\System\kkuVjfJ.exe
  2⤵
  PID:6468
- C:\Windows\System\QDrQcND.exe
  C:\Windows\System\QDrQcND.exe
  2⤵
  PID:6632
- C:\Windows\System\fyEXQOW.exe
  C:\Windows\System\fyEXQOW.exe
  2⤵
  PID:6652
- C:\Windows\System\kFsINxt.exe
  C:\Windows\System\kFsINxt.exe
  2⤵
  PID:6640
- C:\Windows\System\ZWErFst.exe
  C:\Windows\System\ZWErFst.exe
  2⤵
  PID:6788
- C:\Windows\System\OxgypjS.exe
  C:\Windows\System\OxgypjS.exe
  2⤵
  PID:6904
- C:\Windows\System\gIOCflU.exe
  C:\Windows\System\gIOCflU.exe
  2⤵
  PID:6964
- C:\Windows\System\tQUjxNy.exe
  C:\Windows\System\tQUjxNy.exe
  2⤵
  PID:6948
- C:\Windows\System\aWxmazW.exe
  C:\Windows\System\aWxmazW.exe
  2⤵
  PID:7100
- C:\Windows\System\kQKfKSR.exe
  C:\Windows\System\kQKfKSR.exe
  2⤵
  PID:7160
- C:\Windows\System\FbxuOVE.exe
  C:\Windows\System\FbxuOVE.exe
  2⤵
  PID:6180
- C:\Windows\System\SUxcwTE.exe
  C:\Windows\System\SUxcwTE.exe
  2⤵
  PID:6272
- C:\Windows\System\BHYduEo.exe
  C:\Windows\System\BHYduEo.exe
  2⤵
  PID:6700
- C:\Windows\System\RYZIYPu.exe
  C:\Windows\System\RYZIYPu.exe
  2⤵
  PID:6512
- C:\Windows\System\LLohcdg.exe
  C:\Windows\System\LLohcdg.exe
  2⤵
  PID:6736
- C:\Windows\System\EsjCVRw.exe
  C:\Windows\System\EsjCVRw.exe
  2⤵
  PID:6884
- C:\Windows\System\IdFLHnu.exe
  C:\Windows\System\IdFLHnu.exe
  2⤵
  PID:7056
- C:\Windows\System\WmWTmxh.exe
  C:\Windows\System\WmWTmxh.exe
  2⤵
  PID:6472
- C:\Windows\System\HFlNsMg.exe
  C:\Windows\System\HFlNsMg.exe
  2⤵
  PID:6368
- C:\Windows\System\FvGtxRM.exe
  C:\Windows\System\FvGtxRM.exe
  2⤵
  PID:6760
- C:\Windows\System\pQxOwuS.exe
  C:\Windows\System\pQxOwuS.exe
  2⤵
  PID:7124
- C:\Windows\System\hhWbIEP.exe
  C:\Windows\System\hhWbIEP.exe
  2⤵
  PID:6316
- C:\Windows\System\cOwOLKh.exe
  C:\Windows\System\cOwOLKh.exe
  2⤵
  PID:6972
- C:\Windows\System\keLQPGu.exe
  C:\Windows\System\keLQPGu.exe
  2⤵
  PID:6260
- C:\Windows\System\PJsPjPU.exe
  C:\Windows\System\PJsPjPU.exe
  2⤵
  PID:7088
- C:\Windows\System\jRFidFI.exe
  C:\Windows\System\jRFidFI.exe
  2⤵
  PID:7184
- C:\Windows\System\RcGguUQ.exe
  C:\Windows\System\RcGguUQ.exe
  2⤵
  PID:7200
- C:\Windows\System\kMXXDFZ.exe
  C:\Windows\System\kMXXDFZ.exe
  2⤵
  PID:7216
- C:\Windows\System\xojEZzY.exe
  C:\Windows\System\xojEZzY.exe
  2⤵
  PID:7232
- C:\Windows\System\JbMdCbe.exe
  C:\Windows\System\JbMdCbe.exe
  2⤵
  PID:7248
- C:\Windows\System\jbUzgeP.exe
  C:\Windows\System\jbUzgeP.exe
  2⤵
  PID:7264
- C:\Windows\System\GWXWONe.exe
  C:\Windows\System\GWXWONe.exe
  2⤵
  PID:7280
- C:\Windows\System\rlCRVpv.exe
  C:\Windows\System\rlCRVpv.exe
  2⤵
  PID:7296
- C:\Windows\System\vvRTlDM.exe
  C:\Windows\System\vvRTlDM.exe
  2⤵
  PID:7312
- C:\Windows\System\vLbMHDc.exe
  C:\Windows\System\vLbMHDc.exe
  2⤵
  PID:7328
- C:\Windows\System\qmoVooX.exe
  C:\Windows\System\qmoVooX.exe
  2⤵
  PID:7348
- C:\Windows\System\ERBSGzD.exe
  C:\Windows\System\ERBSGzD.exe
  2⤵
  PID:7368
- C:\Windows\System\exksDly.exe
  C:\Windows\System\exksDly.exe
  2⤵
  PID:7388
- C:\Windows\System\IAvkKIZ.exe
  C:\Windows\System\IAvkKIZ.exe
  2⤵
  PID:7404
- C:\Windows\System\LQXmXWu.exe
  C:\Windows\System\LQXmXWu.exe
  2⤵
  PID:7424
- C:\Windows\System\PyPRfAJ.exe
  C:\Windows\System\PyPRfAJ.exe
  2⤵
  PID:7440
- C:\Windows\System\KqmzQpt.exe
  C:\Windows\System\KqmzQpt.exe
  2⤵
  PID:7464
- C:\Windows\System\uoKoPnX.exe
  C:\Windows\System\uoKoPnX.exe
  2⤵
  PID:7480
- C:\Windows\System\QrUFzIb.exe
  C:\Windows\System\QrUFzIb.exe
  2⤵
  PID:7500
- C:\Windows\System\dmbsOEc.exe
  C:\Windows\System\dmbsOEc.exe
  2⤵
  PID:7524
- C:\Windows\System\ERbphGm.exe
  C:\Windows\System\ERbphGm.exe
  2⤵
  PID:7544
- C:\Windows\System\tXNiQkk.exe
  C:\Windows\System\tXNiQkk.exe
  2⤵
  PID:7564
- C:\Windows\System\yhtQeqc.exe
  C:\Windows\System\yhtQeqc.exe
  2⤵
  PID:7580
- C:\Windows\System\guDOkfK.exe
  C:\Windows\System\guDOkfK.exe
  2⤵
  PID:7600
- C:\Windows\System\CqwLfFK.exe
  C:\Windows\System\CqwLfFK.exe
  2⤵
  PID:7620
- C:\Windows\System\SbEWojL.exe
  C:\Windows\System\SbEWojL.exe
  2⤵
  PID:7636
- C:\Windows\System\hLsfMxZ.exe
  C:\Windows\System\hLsfMxZ.exe
  2⤵
  PID:7652
- C:\Windows\System\wtYLyEK.exe
  C:\Windows\System\wtYLyEK.exe
  2⤵
  PID:7668
- C:\Windows\System\NMLlXaz.exe
  C:\Windows\System\NMLlXaz.exe
  2⤵
  PID:7684
- C:\Windows\System\vcDZTJJ.exe
  C:\Windows\System\vcDZTJJ.exe
  2⤵
  PID:7700
- C:\Windows\System\WaXenQE.exe
  C:\Windows\System\WaXenQE.exe
  2⤵
  PID:7720
- C:\Windows\System\KdqFICS.exe
  C:\Windows\System\KdqFICS.exe
  2⤵
  PID:7740
- C:\Windows\System\PlOtbAM.exe
  C:\Windows\System\PlOtbAM.exe
  2⤵
  PID:7756
- C:\Windows\System\GRsYlvg.exe
  C:\Windows\System\GRsYlvg.exe
  2⤵
  PID:7772
- C:\Windows\System\vzMOakm.exe
  C:\Windows\System\vzMOakm.exe
  2⤵
  PID:7796
- C:\Windows\System\vePOLAO.exe
  C:\Windows\System\vePOLAO.exe
  2⤵
  PID:7828
- C:\Windows\System\WTZfPTc.exe
  C:\Windows\System\WTZfPTc.exe
  2⤵
  PID:7844
- C:\Windows\System\LiFvgZw.exe
  C:\Windows\System\LiFvgZw.exe
  2⤵
  PID:7864
- C:\Windows\System\sPFwquF.exe
  C:\Windows\System\sPFwquF.exe
  2⤵
  PID:7880
- C:\Windows\System\PucyMeI.exe
  C:\Windows\System\PucyMeI.exe
  2⤵
  PID:7896
- C:\Windows\System\OMLYeNf.exe
  C:\Windows\System\OMLYeNf.exe
  2⤵
  PID:7912
- C:\Windows\System\XbvRWGw.exe
  C:\Windows\System\XbvRWGw.exe
  2⤵
  PID:7928
- C:\Windows\System\PwwLazl.exe
  C:\Windows\System\PwwLazl.exe
  2⤵
  PID:7944
- C:\Windows\System\SUokFsV.exe
  C:\Windows\System\SUokFsV.exe
  2⤵
  PID:7960
- C:\Windows\System\eAyZsbT.exe
  C:\Windows\System\eAyZsbT.exe
  2⤵
  PID:7976
- C:\Windows\System\kIBGRUQ.exe
  C:\Windows\System\kIBGRUQ.exe
  2⤵
  PID:8000
- C:\Windows\System\fnHCCfI.exe
  C:\Windows\System\fnHCCfI.exe
  2⤵
  PID:8032
- C:\Windows\System\YNMcrLW.exe
  C:\Windows\System\YNMcrLW.exe
  2⤵
  PID:8060
- C:\Windows\System\QasmclL.exe
  C:\Windows\System\QasmclL.exe
  2⤵
  PID:8076
- C:\Windows\System\INurZsl.exe
  C:\Windows\System\INurZsl.exe
  2⤵
  PID:8092
- C:\Windows\System\XSiyNRx.exe
  C:\Windows\System\XSiyNRx.exe
  2⤵
  PID:8108
- C:\Windows\System\NyABQdn.exe
  C:\Windows\System\NyABQdn.exe
  2⤵
  PID:8124
- C:\Windows\System\PGnpzTH.exe
  C:\Windows\System\PGnpzTH.exe
  2⤵
  PID:8140
- C:\Windows\System\htzlRXz.exe
  C:\Windows\System\htzlRXz.exe
  2⤵
  PID:8156
- C:\Windows\System\cotoYCp.exe
  C:\Windows\System\cotoYCp.exe
  2⤵
  PID:8172
- C:\Windows\System\PKRLwPX.exe
  C:\Windows\System\PKRLwPX.exe
  2⤵
  PID:6556
- C:\Windows\System\lBkWemP.exe
  C:\Windows\System\lBkWemP.exe
  2⤵
  PID:7212
- C:\Windows\System\PXLADOy.exe
  C:\Windows\System\PXLADOy.exe
  2⤵
  PID:7256
- C:\Windows\System\BHFNsCn.exe
  C:\Windows\System\BHFNsCn.exe
  2⤵
  PID:7272
- C:\Windows\System\isrJZOI.exe
  C:\Windows\System\isrJZOI.exe
  2⤵
  PID:7308
- C:\Windows\System\SUeRPDZ.exe
  C:\Windows\System\SUeRPDZ.exe
  2⤵
  PID:7360
- C:\Windows\System\QEmoSyw.exe
  C:\Windows\System\QEmoSyw.exe
  2⤵
  PID:7376
- C:\Windows\System\WFLQZtC.exe
  C:\Windows\System\WFLQZtC.exe
  2⤵
  PID:7400
- C:\Windows\System\jHcwItR.exe
  C:\Windows\System\jHcwItR.exe
  2⤵
  PID:7432
- C:\Windows\System\ZFuJhph.exe
  C:\Windows\System\ZFuJhph.exe
  2⤵
  PID:7456
- C:\Windows\System\atSKwzc.exe
  C:\Windows\System\atSKwzc.exe
  2⤵
  PID:7492
- C:\Windows\System\yRRYZpQ.exe
  C:\Windows\System\yRRYZpQ.exe
  2⤵
  PID:7512
- C:\Windows\System\JsnhjQN.exe
  C:\Windows\System\JsnhjQN.exe
  2⤵
  PID:7556
- C:\Windows\System\RhdrTqz.exe
  C:\Windows\System\RhdrTqz.exe
  2⤵
  PID:7608
- C:\Windows\System\mwubQGi.exe
  C:\Windows\System\mwubQGi.exe
  2⤵
  PID:7664
- C:\Windows\System\seBBnhw.exe
  C:\Windows\System\seBBnhw.exe
  2⤵
  PID:7676
- C:\Windows\System\AQpfANI.exe
  C:\Windows\System\AQpfANI.exe
  2⤵
  PID:7708
- C:\Windows\System\FSiaEfH.exe
  C:\Windows\System\FSiaEfH.exe
  2⤵
  PID:7716
- C:\Windows\System\XDFuVSe.exe
  C:\Windows\System\XDFuVSe.exe
  2⤵
  PID:7752
- C:\Windows\System\JQXUHOc.exe
  C:\Windows\System\JQXUHOc.exe
  2⤵
  PID:7788
- C:\Windows\System\QVOxjWq.exe
  C:\Windows\System\QVOxjWq.exe
  2⤵
  PID:7812
- C:\Windows\System\FZXUxvd.exe
  C:\Windows\System\FZXUxvd.exe
  2⤵
  PID:7852
- C:\Windows\System\juRCsKA.exe
  C:\Windows\System\juRCsKA.exe
  2⤵
  PID:7856
- C:\Windows\System\nnKBHWB.exe
  C:\Windows\System\nnKBHWB.exe
  2⤵
  PID:7892
- C:\Windows\System\ZAWeVAZ.exe
  C:\Windows\System\ZAWeVAZ.exe
  2⤵
  PID:7924
- C:\Windows\System\XkcqBNM.exe
  C:\Windows\System\XkcqBNM.exe
  2⤵
  PID:7956
- C:\Windows\System\jEUGFkF.exe
  C:\Windows\System\jEUGFkF.exe
  2⤵
  PID:7996
- C:\Windows\System\nKqIUwK.exe
  C:\Windows\System\nKqIUwK.exe
  2⤵
  PID:8024
- C:\Windows\System\OtrcvXl.exe
  C:\Windows\System\OtrcvXl.exe
  2⤵
  PID:8012
- C:\Windows\System\TScGSmj.exe
  C:\Windows\System\TScGSmj.exe
  2⤵
  PID:8084
- C:\Windows\System\JFPGQLM.exe
  C:\Windows\System\JFPGQLM.exe
  2⤵
  PID:8100
- C:\Windows\System\FcxGNzM.exe
  C:\Windows\System\FcxGNzM.exe
  2⤵
  PID:8148
- C:\Windows\System\NBovcRc.exe
  C:\Windows\System\NBovcRc.exe
  2⤵
  PID:8180
- C:\Windows\System\pboUrpA.exe
  C:\Windows\System\pboUrpA.exe
  2⤵
  PID:7180
- C:\Windows\System\bgcRoSk.exe
  C:\Windows\System\bgcRoSk.exe
  2⤵
  PID:7292
- C:\Windows\System\NKafcuc.exe
  C:\Windows\System\NKafcuc.exe
  2⤵
  PID:7356
- C:\Windows\System\JjvIADn.exe
  C:\Windows\System\JjvIADn.exe
  2⤵
  PID:7396
- C:\Windows\System\koPxVLf.exe
  C:\Windows\System\koPxVLf.exe
  2⤵
  PID:7452
- C:\Windows\System\qsTKKwS.exe
  C:\Windows\System\qsTKKwS.exe
  2⤵
  PID:7552
- C:\Windows\System\dVPbbMB.exe
  C:\Windows\System\dVPbbMB.exe
  2⤵
  PID:7612
- C:\Windows\System\nCVgScP.exe
  C:\Windows\System\nCVgScP.exe
  2⤵
  PID:7696
- C:\Windows\System\RdiAyZC.exe
  C:\Windows\System\RdiAyZC.exe
  2⤵
  PID:7792
- C:\Windows\System\hfJgCsi.exe
  C:\Windows\System\hfJgCsi.exe
  2⤵
  PID:7648
- C:\Windows\System\zCLFfij.exe
  C:\Windows\System\zCLFfij.exe
  2⤵
  PID:7732
- C:\Windows\System\AOwgDOM.exe
  C:\Windows\System\AOwgDOM.exe
  2⤵
  PID:7872
- C:\Windows\System\KcJhtml.exe
  C:\Windows\System\KcJhtml.exe
  2⤵
  PID:7984
- C:\Windows\System\QjOvLJk.exe
  C:\Windows\System\QjOvLJk.exe
  2⤵
  PID:8008
- C:\Windows\System\qJsdLJu.exe
  C:\Windows\System\qJsdLJu.exe
  2⤵
  PID:8052
- C:\Windows\System\ufUlLEr.exe
  C:\Windows\System\ufUlLEr.exe
  2⤵
  PID:8088
- C:\Windows\System\npjxpsg.exe
  C:\Windows\System\npjxpsg.exe
  2⤵
  PID:7596
- C:\Windows\System\DuEfZRy.exe
  C:\Windows\System\DuEfZRy.exe
  2⤵
  PID:7340
- C:\Windows\System\KtiamFu.exe
  C:\Windows\System\KtiamFu.exe
  2⤵
  PID:7416
- C:\Windows\System\Bqnmmde.exe
  C:\Windows\System\Bqnmmde.exe
  2⤵
  PID:7560
- C:\Windows\System\MxJvdME.exe
  C:\Windows\System\MxJvdME.exe
  2⤵
  PID:7644
- C:\Windows\System\ehVvLhO.exe
  C:\Windows\System\ehVvLhO.exe
  2⤵
  PID:6216
- C:\Windows\System\fBGihQQ.exe
  C:\Windows\System\fBGihQQ.exe
  2⤵
  PID:8044
- C:\Windows\System\SOJAfIa.exe
  C:\Windows\System\SOJAfIa.exe
  2⤵
  PID:8132
- C:\Windows\System\qXRarGL.exe
  C:\Windows\System\qXRarGL.exe
  2⤵
  PID:7224
- C:\Windows\System\fWgLyHF.exe
  C:\Windows\System\fWgLyHF.exe
  2⤵
  PID:7516
- C:\Windows\System\JOhngPK.exe
  C:\Windows\System\JOhngPK.exe
  2⤵
  PID:7472
- C:\Windows\System\sewWqFx.exe
  C:\Windows\System\sewWqFx.exe
  2⤵
  PID:7692
- C:\Windows\System\eRLOpoR.exe
  C:\Windows\System\eRLOpoR.exe
  2⤵
  PID:7532
- C:\Windows\System\pEpqwTw.exe
  C:\Windows\System\pEpqwTw.exe
  2⤵
  PID:7764
- C:\Windows\System\voicmOM.exe
  C:\Windows\System\voicmOM.exe
  2⤵
  PID:7940
- C:\Windows\System\LSiOQAf.exe
  C:\Windows\System\LSiOQAf.exe
  2⤵
  PID:8120
- C:\Windows\System\foqJmqP.exe
  C:\Windows\System\foqJmqP.exe
  2⤵
  PID:8040
- C:\Windows\System\FqCLotm.exe
  C:\Windows\System\FqCLotm.exe
  2⤵
  PID:7344
- C:\Windows\System\yJtYJny.exe
  C:\Windows\System\yJtYJny.exe
  2⤵
  PID:7660
- C:\Windows\System\mQgBnsn.exe
  C:\Windows\System\mQgBnsn.exe
  2⤵
  PID:7228
- C:\Windows\System\oMDfJqI.exe
  C:\Windows\System\oMDfJqI.exe
  2⤵
  PID:7992
- C:\Windows\System\bDHUZEU.exe
  C:\Windows\System\bDHUZEU.exe
  2⤵
  PID:7952
- C:\Windows\System\GVHNMpU.exe
  C:\Windows\System\GVHNMpU.exe
  2⤵
  PID:8200
- C:\Windows\System\ZbBjfOt.exe
  C:\Windows\System\ZbBjfOt.exe
  2⤵
  PID:8220
- C:\Windows\System\pejsCTM.exe
  C:\Windows\System\pejsCTM.exe
  2⤵
  PID:8240
- C:\Windows\System\rbMokyt.exe
  C:\Windows\System\rbMokyt.exe
  2⤵
  PID:8260
- C:\Windows\System\fBJNBhz.exe
  C:\Windows\System\fBJNBhz.exe
  2⤵
  PID:8276
- C:\Windows\System\PYcDCfw.exe
  C:\Windows\System\PYcDCfw.exe
  2⤵
  PID:8296
- C:\Windows\System\hJEIyKL.exe
  C:\Windows\System\hJEIyKL.exe
  2⤵
  PID:8320
- C:\Windows\System\sWnTgsq.exe
  C:\Windows\System\sWnTgsq.exe
  2⤵
  PID:8336
- C:\Windows\System\CbClBbb.exe
  C:\Windows\System\CbClBbb.exe
  2⤵
  PID:8360
- C:\Windows\System\imukXSV.exe
  C:\Windows\System\imukXSV.exe
  2⤵
  PID:8380
- C:\Windows\System\lZIFzBj.exe
  C:\Windows\System\lZIFzBj.exe
  2⤵
  PID:8400
- C:\Windows\System\HBYYySg.exe
  C:\Windows\System\HBYYySg.exe
  2⤵
  PID:8424
- C:\Windows\System\VoAmvMb.exe
  C:\Windows\System\VoAmvMb.exe
  2⤵
  PID:8440
- C:\Windows\System\fhrpAyl.exe
  C:\Windows\System\fhrpAyl.exe
  2⤵
  PID:8464
- C:\Windows\System\FbEQhaf.exe
  C:\Windows\System\FbEQhaf.exe
  2⤵
  PID:8480
- C:\Windows\System\VFuearh.exe
  C:\Windows\System\VFuearh.exe
  2⤵
  PID:8504
- C:\Windows\System\dShSMTm.exe
  C:\Windows\System\dShSMTm.exe
  2⤵
  PID:8520
- C:\Windows\System\nNpaKpN.exe
  C:\Windows\System\nNpaKpN.exe
  2⤵
  PID:8544
- C:\Windows\System\HJlDWPI.exe
  C:\Windows\System\HJlDWPI.exe
  2⤵
  PID:8560
- C:\Windows\System\pankCyH.exe
  C:\Windows\System\pankCyH.exe
  2⤵
  PID:8584
- C:\Windows\System\bHtLuAt.exe
  C:\Windows\System\bHtLuAt.exe
  2⤵
  PID:8600
- C:\Windows\System\aMCmnMP.exe
  C:\Windows\System\aMCmnMP.exe
  2⤵
  PID:8616
- C:\Windows\System\qIjOsXA.exe
  C:\Windows\System\qIjOsXA.exe
  2⤵
  PID:8636
- C:\Windows\System\awVIFsi.exe
  C:\Windows\System\awVIFsi.exe
  2⤵
  PID:8652
- C:\Windows\System\HSAcApy.exe
  C:\Windows\System\HSAcApy.exe
  2⤵
  PID:8672
- C:\Windows\System\EOaUzLX.exe
  C:\Windows\System\EOaUzLX.exe
  2⤵
  PID:8696
- C:\Windows\System\KwHOPou.exe
  C:\Windows\System\KwHOPou.exe
  2⤵
  PID:8720
- C:\Windows\System\wGunPZp.exe
  C:\Windows\System\wGunPZp.exe
  2⤵
  PID:8736
- C:\Windows\System\GnlBaDj.exe
  C:\Windows\System\GnlBaDj.exe
  2⤵
  PID:8760
- C:\Windows\System\wVyvaMd.exe
  C:\Windows\System\wVyvaMd.exe
  2⤵
  PID:8784
- C:\Windows\System\QFlRqEz.exe
  C:\Windows\System\QFlRqEz.exe
  2⤵
  PID:8800
- C:\Windows\System\NtucaFR.exe
  C:\Windows\System\NtucaFR.exe
  2⤵
  PID:8824
- C:\Windows\System\exvFQBL.exe
  C:\Windows\System\exvFQBL.exe
  2⤵
  PID:8840
- C:\Windows\System\MxBrzdI.exe
  C:\Windows\System\MxBrzdI.exe
  2⤵
  PID:8864
- C:\Windows\System\fyvsRlm.exe
  C:\Windows\System\fyvsRlm.exe
  2⤵
  PID:8880
- C:\Windows\System\higXOqc.exe
  C:\Windows\System\higXOqc.exe
  2⤵
  PID:8908
- C:\Windows\System\jnLcScM.exe
  C:\Windows\System\jnLcScM.exe
  2⤵
  PID:8924
- C:\Windows\System\kKorYDI.exe
  C:\Windows\System\kKorYDI.exe
  2⤵
  PID:8948
- C:\Windows\System\qjSVxCF.exe
  C:\Windows\System\qjSVxCF.exe
  2⤵
  PID:8964
- C:\Windows\System\nQbTZgd.exe
  C:\Windows\System\nQbTZgd.exe
  2⤵
  PID:8980
- C:\Windows\System\rjHQSPk.exe
  C:\Windows\System\rjHQSPk.exe
  2⤵
  PID:8996
- C:\Windows\System\vpWIlCB.exe
  C:\Windows\System\vpWIlCB.exe
  2⤵
  PID:9012
- C:\Windows\System\vuGXBln.exe
  C:\Windows\System\vuGXBln.exe
  2⤵
  PID:9048
- C:\Windows\System\rHqUAVQ.exe
  C:\Windows\System\rHqUAVQ.exe
  2⤵
  PID:9064
- C:\Windows\System\nJWXoHJ.exe
  C:\Windows\System\nJWXoHJ.exe
  2⤵
  PID:9084
- C:\Windows\System\msCUnpk.exe
  C:\Windows\System\msCUnpk.exe
  2⤵
  PID:9108
- C:\Windows\System\RIKYRdA.exe
  C:\Windows\System\RIKYRdA.exe
  2⤵
  PID:9124
- C:\Windows\System\LGwGNAO.exe
  C:\Windows\System\LGwGNAO.exe
  2⤵
  PID:9144
- C:\Windows\System\PwlHQfG.exe
  C:\Windows\System\PwlHQfG.exe
  2⤵
  PID:9164
- C:\Windows\System\sijsJQN.exe
  C:\Windows\System\sijsJQN.exe
  2⤵
  PID:9188
- C:\Windows\System\HxuraFw.exe
  C:\Windows\System\HxuraFw.exe
  2⤵
  PID:9204
- C:\Windows\System\bidmCzh.exe
  C:\Windows\System\bidmCzh.exe
  2⤵
  PID:7808
- C:\Windows\System\jgNHqBa.exe
  C:\Windows\System\jgNHqBa.exe
  2⤵
  PID:8228
- C:\Windows\System\pFvwSEg.exe
  C:\Windows\System\pFvwSEg.exe
  2⤵
  PID:8248
- C:\Windows\System\OntFVkt.exe
  C:\Windows\System\OntFVkt.exe
  2⤵
  PID:8284
- C:\Windows\System\MivMLCb.exe
  C:\Windows\System\MivMLCb.exe
  2⤵
  PID:8348
- C:\Windows\System\gdXBycJ.exe
  C:\Windows\System\gdXBycJ.exe
  2⤵
  PID:8368
- C:\Windows\System\jlNFysL.exe
  C:\Windows\System\jlNFysL.exe
  2⤵
  PID:8392
- C:\Windows\System\XLzOrnd.exe
  C:\Windows\System\XLzOrnd.exe
  2⤵
  PID:8416
- C:\Windows\System\XMCRMMv.exe
  C:\Windows\System\XMCRMMv.exe
  2⤵
  PID:8460
- C:\Windows\System\HtPzNxR.exe
  C:\Windows\System\HtPzNxR.exe
  2⤵
  PID:8476
- C:\Windows\System\hEhCxsB.exe
  C:\Windows\System\hEhCxsB.exe
  2⤵
  PID:8528
- C:\Windows\System\dPFLiRi.exe
  C:\Windows\System\dPFLiRi.exe
  2⤵
  PID:8568
- C:\Windows\System\YSokpPS.exe
  C:\Windows\System\YSokpPS.exe
  2⤵
  PID:8572
- C:\Windows\System\FNacHcX.exe
  C:\Windows\System\FNacHcX.exe
  2⤵
  PID:8628
- C:\Windows\System\CVkVhMG.exe
  C:\Windows\System\CVkVhMG.exe
  2⤵
  PID:8680
- C:\Windows\System\nnbwbUE.exe
  C:\Windows\System\nnbwbUE.exe
  2⤵
  PID:8684
- C:\Windows\System\qQchnWk.exe
  C:\Windows\System\qQchnWk.exe
  2⤵
  PID:8728
- C:\Windows\System\NnqFslG.exe
  C:\Windows\System\NnqFslG.exe
  2⤵
  PID:8768
- C:\Windows\System\AZoKRZN.exe
  C:\Windows\System\AZoKRZN.exe
  2⤵
  PID:8752
- C:\Windows\System\GHgAHxr.exe
  C:\Windows\System\GHgAHxr.exe
  2⤵
  PID:8812
- C:\Windows\System\pfckWno.exe
  C:\Windows\System\pfckWno.exe
  2⤵
  PID:8848
- C:\Windows\System\WHnCQss.exe
  C:\Windows\System\WHnCQss.exe
  2⤵
  PID:8852
- C:\Windows\System\VCccUax.exe
  C:\Windows\System\VCccUax.exe
  2⤵
  PID:8900
- C:\Windows\System\NUNifJd.exe
  C:\Windows\System\NUNifJd.exe
  2⤵
  PID:8976
- C:\Windows\System\gFJsGax.exe
  C:\Windows\System\gFJsGax.exe
  2⤵
  PID:8960
- C:\Windows\System\eXjjzrr.exe
  C:\Windows\System\eXjjzrr.exe
  2⤵
  PID:9028
- C:\Windows\System\IOMPhdn.exe
  C:\Windows\System\IOMPhdn.exe
  2⤵
  PID:9044
- C:\Windows\System\dwuGlxZ.exe
  C:\Windows\System\dwuGlxZ.exe
  2⤵
  PID:9076
- C:\Windows\System\RsDDBJE.exe
  C:\Windows\System\RsDDBJE.exe
  2⤵
  PID:8312
- C:\Windows\System\xgbXWbw.exe
  C:\Windows\System\xgbXWbw.exe
  2⤵
  PID:9140
- C:\Windows\System\mzLBlGY.exe
  C:\Windows\System\mzLBlGY.exe
  2⤵
  PID:9172
- C:\Windows\System\dTyhrjG.exe
  C:\Windows\System\dTyhrjG.exe
  2⤵
  PID:9196
- C:\Windows\System\XGMRhnt.exe
  C:\Windows\System\XGMRhnt.exe
  2⤵
  PID:8288
- C:\Windows\System\YOaQwMT.exe
  C:\Windows\System\YOaQwMT.exe
  2⤵
  PID:8216
- C:\Windows\System\ZYpthLH.exe
  C:\Windows\System\ZYpthLH.exe
  2⤵
  PID:8352
- C:\Windows\System\OdMBFUN.exe
  C:\Windows\System\OdMBFUN.exe
  2⤵
  PID:8388
- C:\Windows\System\OyOLqkq.exe
  C:\Windows\System\OyOLqkq.exe
  2⤵
  PID:8492
- C:\Windows\System\YYbMcep.exe
  C:\Windows\System\YYbMcep.exe
  2⤵
  PID:1436
- C:\Windows\System\aeSAxWd.exe
  C:\Windows\System\aeSAxWd.exe
  2⤵
  PID:8612
- C:\Windows\System\OZyFtEH.exe
  C:\Windows\System\OZyFtEH.exe
  2⤵
  PID:8576
- C:\Windows\System\XzGocYh.exe
  C:\Windows\System\XzGocYh.exe
  2⤵
  PID:8624
- C:\Windows\System\kHirgMl.exe
  C:\Windows\System\kHirgMl.exe
  2⤵
  PID:8704
- C:\Windows\System\NkZmNPt.exe
  C:\Windows\System\NkZmNPt.exe
  2⤵
  PID:8836
- C:\Windows\System\YFYTOkL.exe
  C:\Windows\System\YFYTOkL.exe
  2⤵
  PID:8808
- C:\Windows\System\uOBTCse.exe
  C:\Windows\System\uOBTCse.exe
  2⤵
  PID:8944
- C:\Windows\System\eZyjqRX.exe
  C:\Windows\System\eZyjqRX.exe
  2⤵
  PID:8936
- C:\Windows\System\yCLpKng.exe
  C:\Windows\System\yCLpKng.exe
  2⤵
  PID:9040
- C:\Windows\System\eDaZMKP.exe
  C:\Windows\System\eDaZMKP.exe
  2⤵
  PID:9072
- C:\Windows\System\eAQysTB.exe
  C:\Windows\System\eAQysTB.exe
  2⤵
  PID:9212
- C:\Windows\System\fBSdlSo.exe
  C:\Windows\System\fBSdlSo.exe
  2⤵
  PID:8196
- C:\Windows\System\ubcfuKt.exe
  C:\Windows\System\ubcfuKt.exe
  2⤵
  PID:8344
- C:\Windows\System\ToJVMZY.exe
  C:\Windows\System\ToJVMZY.exe
  2⤵
  PID:9184
- C:\Windows\System\xWUZBhQ.exe
  C:\Windows\System\xWUZBhQ.exe
  2⤵
  PID:8436
- C:\Windows\System\eWGMtWs.exe
  C:\Windows\System\eWGMtWs.exe
  2⤵
  PID:8472
- C:\Windows\System\oShZJpD.exe
  C:\Windows\System\oShZJpD.exe
  2⤵
  PID:8664
- C:\Windows\System\KzdSqRg.exe
  C:\Windows\System\KzdSqRg.exe
  2⤵
  PID:8860
- C:\Windows\System\ZaqAFFZ.exe
  C:\Windows\System\ZaqAFFZ.exe
  2⤵
  PID:8940
- C:\Windows\System\EvDMgel.exe
  C:\Windows\System\EvDMgel.exe
  2⤵
  PID:8888
- C:\Windows\System\TGdIpDZ.exe
  C:\Windows\System\TGdIpDZ.exe
  2⤵
  PID:9100
- C:\Windows\System\oVNsQOs.exe
  C:\Windows\System\oVNsQOs.exe
  2⤵
  PID:9096
- C:\Windows\System\XbHVZyz.exe
  C:\Windows\System\XbHVZyz.exe
  2⤵
  PID:9008
- C:\Windows\System\MDzWAUd.exe
  C:\Windows\System\MDzWAUd.exe
  2⤵
  PID:7592
- C:\Windows\System\ckILadp.exe
  C:\Windows\System\ckILadp.exe
  2⤵
  PID:8536
- C:\Windows\System\jrrBBGz.exe
  C:\Windows\System\jrrBBGz.exe
  2⤵
  PID:8668
- C:\Windows\System\kPyoJGU.exe
  C:\Windows\System\kPyoJGU.exe
  2⤵
  PID:8372
- C:\Windows\System\isGmrDe.exe
  C:\Windows\System\isGmrDe.exe
  2⤵
  PID:9004
- C:\Windows\System\dZJsFoJ.exe
  C:\Windows\System\dZJsFoJ.exe
  2⤵
  PID:8932
- C:\Windows\System\GzYQnFe.exe
  C:\Windows\System\GzYQnFe.exe
  2⤵
  PID:9180
- C:\Windows\System\yJInfab.exe
  C:\Windows\System\yJInfab.exe
  2⤵
  PID:8456
- C:\Windows\System\gtgDWwr.exe
  C:\Windows\System\gtgDWwr.exe
  2⤵
  PID:8688
- C:\Windows\System\kNWePBH.exe
  C:\Windows\System\kNWePBH.exe
  2⤵
  PID:8796
- C:\Windows\System\WukjZjw.exe
  C:\Windows\System\WukjZjw.exe
  2⤵
  PID:9120
- C:\Windows\System\ZQACDYP.exe
  C:\Windows\System\ZQACDYP.exe
  2⤵
  PID:8304
- C:\Windows\System\przgbin.exe
  C:\Windows\System\przgbin.exe
  2⤵
  PID:8540
- C:\Windows\System\CYNgMOX.exe
  C:\Windows\System\CYNgMOX.exe
  2⤵
  PID:8712
- C:\Windows\System\AIFnxDT.exe
  C:\Windows\System\AIFnxDT.exe
  2⤵
  PID:8268
- C:\Windows\System\ptxihVO.exe
  C:\Windows\System\ptxihVO.exe
  2⤵
  PID:8252
- C:\Windows\System\fwBrPwL.exe
  C:\Windows\System\fwBrPwL.exe
  2⤵
  PID:8820
- C:\Windows\System\hVdXeeq.exe
  C:\Windows\System\hVdXeeq.exe
  2⤵
  PID:9232
- C:\Windows\System\AoWKRvL.exe
  C:\Windows\System\AoWKRvL.exe
  2⤵
  PID:9248
- C:\Windows\System\tjhBYtf.exe
  C:\Windows\System\tjhBYtf.exe
  2⤵
  PID:9268
- C:\Windows\System\EmuAVNs.exe
  C:\Windows\System\EmuAVNs.exe
  2⤵
  PID:9284
- C:\Windows\System\wZYvJRf.exe
  C:\Windows\System\wZYvJRf.exe
  2⤵
  PID:9320
- C:\Windows\System\PbZwzFa.exe
  C:\Windows\System\PbZwzFa.exe
  2⤵
  PID:9336
- C:\Windows\System\cxQrnNU.exe
  C:\Windows\System\cxQrnNU.exe
  2⤵
  PID:9352
- C:\Windows\System\MYkQXGL.exe
  C:\Windows\System\MYkQXGL.exe
  2⤵
  PID:9376
- C:\Windows\System\krscDLE.exe
  C:\Windows\System\krscDLE.exe
  2⤵
  PID:9392
- C:\Windows\System\GLqYQQd.exe
  C:\Windows\System\GLqYQQd.exe
  2⤵
  PID:9408
- C:\Windows\System\avkARna.exe
  C:\Windows\System\avkARna.exe
  2⤵
  PID:9424
- C:\Windows\System\DYLrJhm.exe
  C:\Windows\System\DYLrJhm.exe
  2⤵
  PID:9440
- C:\Windows\System\AuUpfKK.exe
  C:\Windows\System\AuUpfKK.exe
  2⤵
  PID:9460
- C:\Windows\System\CaZASIj.exe
  C:\Windows\System\CaZASIj.exe
  2⤵
  PID:9484
- C:\Windows\System\cfHVZiQ.exe
  C:\Windows\System\cfHVZiQ.exe
  2⤵
  PID:9504
- C:\Windows\System\kbxeQCN.exe
  C:\Windows\System\kbxeQCN.exe
  2⤵
  PID:9540
- C:\Windows\System\VkKAYfP.exe
  C:\Windows\System\VkKAYfP.exe
  2⤵
  PID:9556
- C:\Windows\System\StasldW.exe
  C:\Windows\System\StasldW.exe
  2⤵
  PID:9572
- C:\Windows\System\GQLhXEC.exe
  C:\Windows\System\GQLhXEC.exe
  2⤵
  PID:9588
- C:\Windows\System\NDlhcMR.exe
  C:\Windows\System\NDlhcMR.exe
  2⤵
  PID:9620
- C:\Windows\System\moEpvFJ.exe
  C:\Windows\System\moEpvFJ.exe
  2⤵
  PID:9640
- C:\Windows\System\zsODBsN.exe
  C:\Windows\System\zsODBsN.exe
  2⤵
  PID:9660
- C:\Windows\System\dxgikZj.exe
  C:\Windows\System\dxgikZj.exe
  2⤵
  PID:9680
- C:\Windows\System\jLyUoCa.exe
  C:\Windows\System\jLyUoCa.exe
  2⤵
  PID:9696
- C:\Windows\System\OjjHFou.exe
  C:\Windows\System\OjjHFou.exe
  2⤵
  PID:9724
- C:\Windows\System\IPVVTXp.exe
  C:\Windows\System\IPVVTXp.exe
  2⤵
  PID:9740
- C:\Windows\System\GuflIrx.exe
  C:\Windows\System\GuflIrx.exe
  2⤵
  PID:9760
- C:\Windows\System\Hklwriz.exe
  C:\Windows\System\Hklwriz.exe
  2⤵
  PID:9780
- C:\Windows\System\eurHQtT.exe
  C:\Windows\System\eurHQtT.exe
  2⤵
  PID:9800
- C:\Windows\System\xfRgxpz.exe
  C:\Windows\System\xfRgxpz.exe
  2⤵
  PID:9824
- C:\Windows\System\JrzcTFV.exe
  C:\Windows\System\JrzcTFV.exe
  2⤵
  PID:9844
- C:\Windows\System\xodQEiY.exe
  C:\Windows\System\xodQEiY.exe
  2⤵
  PID:9860
- C:\Windows\System\pOybIlI.exe
  C:\Windows\System\pOybIlI.exe
  2⤵
  PID:9884
- C:\Windows\System\BoWrxqy.exe
  C:\Windows\System\BoWrxqy.exe
  2⤵
  PID:9900
- C:\Windows\System\fcKDwAy.exe
  C:\Windows\System\fcKDwAy.exe
  2⤵
  PID:9916
- C:\Windows\System\pWuCBlg.exe
  C:\Windows\System\pWuCBlg.exe
  2⤵
  PID:9936
- C:\Windows\System\fgroknw.exe
  C:\Windows\System\fgroknw.exe
  2⤵
  PID:9964
- C:\Windows\System\djhMiBv.exe
  C:\Windows\System\djhMiBv.exe
  2⤵
  PID:9980
- C:\Windows\System\KgokxsA.exe
  C:\Windows\System\KgokxsA.exe
  2⤵
  PID:10000
- C:\Windows\System\AdFFUEx.exe
  C:\Windows\System\AdFFUEx.exe
  2⤵
  PID:10016
- C:\Windows\System\pNyeYvk.exe
  C:\Windows\System\pNyeYvk.exe
  2⤵
  PID:10044
- C:\Windows\System\ThsvXKv.exe
  C:\Windows\System\ThsvXKv.exe
  2⤵
  PID:10060
- C:\Windows\System\TkXUViO.exe
  C:\Windows\System\TkXUViO.exe
  2⤵
  PID:10080
- C:\Windows\System\ZvaMsQI.exe
  C:\Windows\System\ZvaMsQI.exe
  2⤵
  PID:10096
- C:\Windows\System\uhLREij.exe
  C:\Windows\System\uhLREij.exe
  2⤵
  PID:10112
- C:\Windows\System\fZSjZrD.exe
  C:\Windows\System\fZSjZrD.exe
  2⤵
  PID:10144
- C:\Windows\System\dAxFNpO.exe
  C:\Windows\System\dAxFNpO.exe
  2⤵
  PID:10164
- C:\Windows\System\tydtkjC.exe
  C:\Windows\System\tydtkjC.exe
  2⤵
  PID:10180
- C:\Windows\System\jkxhmWP.exe
  C:\Windows\System\jkxhmWP.exe
  2⤵
  PID:10196
- C:\Windows\System\FtPcCtv.exe
  C:\Windows\System\FtPcCtv.exe
  2⤵
  PID:10224
- C:\Windows\System\BuGqHKX.exe
  C:\Windows\System\BuGqHKX.exe
  2⤵
  PID:9256
- C:\Windows\System\pnidrFq.exe
  C:\Windows\System\pnidrFq.exe
  2⤵
  PID:9280
- C:\Windows\System\gdcQqGL.exe
  C:\Windows\System\gdcQqGL.exe
  2⤵
  PID:9244
- C:\Windows\System\jIpeQCa.exe
  C:\Windows\System\jIpeQCa.exe
  2⤵
  PID:9312
- C:\Windows\System\KUNYrxt.exe
  C:\Windows\System\KUNYrxt.exe
  2⤵
  PID:9364
- C:\Windows\System\fCdrLuj.exe
  C:\Windows\System\fCdrLuj.exe
  2⤵
  PID:9384
- C:\Windows\System\qrofvZa.exe
  C:\Windows\System\qrofvZa.exe
  2⤵
  PID:9448
- C:\Windows\System\IepuLtN.exe
  C:\Windows\System\IepuLtN.exe
  2⤵
  PID:9500
- C:\Windows\System\AZoOQbj.exe
  C:\Windows\System\AZoOQbj.exe
  2⤵
  PID:9432
- C:\Windows\System\IsgoAQV.exe
  C:\Windows\System\IsgoAQV.exe
  2⤵
  PID:9480
- C:\Windows\System\JFdzwbr.exe
  C:\Windows\System\JFdzwbr.exe
  2⤵
  PID:9524
- C:\Windows\System\TevarDB.exe
  C:\Windows\System\TevarDB.exe
  2⤵
  PID:860
- C:\Windows\System\XUxZvNH.exe
  C:\Windows\System\XUxZvNH.exe
  2⤵
  PID:9616
- C:\Windows\System\vswsIrO.exe
  C:\Windows\System\vswsIrO.exe
  2⤵
  PID:9648
- C:\Windows\System\sIfYhkZ.exe
  C:\Windows\System\sIfYhkZ.exe
  2⤵
  PID:9704
- C:\Windows\System\IROcjQa.exe
  C:\Windows\System\IROcjQa.exe
  2⤵
  PID:9712
- C:\Windows\System\IIIIURe.exe
  C:\Windows\System\IIIIURe.exe
  2⤵
  PID:9748
- C:\Windows\System\UcuSdxp.exe
  C:\Windows\System\UcuSdxp.exe
  2⤵
  PID:9772
- C:\Windows\System\ymHdqfS.exe
  C:\Windows\System\ymHdqfS.exe
  2⤵
  PID:9792
- C:\Windows\System\pJtaOZd.exe
  C:\Windows\System\pJtaOZd.exe
  2⤵
  PID:9820
- C:\Windows\System\uzQiSqZ.exe
  C:\Windows\System\uzQiSqZ.exe
  2⤵
  PID:9872
- C:\Windows\System\SJEkjvD.exe
  C:\Windows\System\SJEkjvD.exe
  2⤵
  PID:9908
- C:\Windows\System\UvGOyDg.exe
  C:\Windows\System\UvGOyDg.exe
  2⤵
  PID:9932
- C:\Windows\System\fnLrJMO.exe
  C:\Windows\System\fnLrJMO.exe
  2⤵
  PID:9992
- C:\Windows\System\EMUfefP.exe
  C:\Windows\System\EMUfefP.exe
  2⤵
  PID:10024
- C:\Windows\System\hDtiJgh.exe
  C:\Windows\System\hDtiJgh.exe
  2⤵
  PID:10040
- C:\Windows\System\WmgVShf.exe
  C:\Windows\System\WmgVShf.exe
  2⤵
  PID:10076
- C:\Windows\System\HqqIDfQ.exe
  C:\Windows\System\HqqIDfQ.exe
  2⤵
  PID:10104
- C:\Windows\System\RaQQdAt.exe
  C:\Windows\System\RaQQdAt.exe
  2⤵
  PID:10136
- C:\Windows\System\iqiGOCO.exe
  C:\Windows\System\iqiGOCO.exe
  2⤵
  PID:10152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AlPEbrF.exe

Filesize
6.0MB

MD5
e58036fd174a95f11813e529a5fcedbf

SHA1
b83be104ed8c21f638f88ab0d4ca1866db240983

SHA256
8aa70cd5db20d8746a3463a12c2bbf6af5ecd66f2b23b8ddf59af6c8e6d64566

SHA512
e5e79f2109116f5721f78bc340ece050f7b7a46304305eebac51e5bac3ce9c1758412076e265d55e7917a0c11a7ec4be17457439ac1a36e7d4d29551561cddf9

Download Submit
C:\Windows\system\BOPQEet.exe

Filesize
6.0MB

MD5
84c1093e3418cbc450275ed69ece8261

SHA1
953c0e211b4bf616416205469ccbd8e5deec9081

SHA256
fbbf0103d765e878ffa167c5529cca84b06d0a433b7bcfe31d4009657ec8f4c7

SHA512
3c802e974e8a4148ea58ec46835e4beeb8cfaac6f77ba3857c7ab5494350e6ea6f5e85b509b43fc79ce2930530fc16eaba0e0e6b8d0eaaed8bc377474d747c6e

Download Submit
C:\Windows\system\BvHxorv.exe

Filesize
6.0MB

MD5
8d15d5e1e5032a840e246209acdc11b3

SHA1
5e8a8bdec76b7b9df6a5f57a6fa6cb1c5d864c18

SHA256
5b67dbf9de0a793790f2f4532f73acd8ec2daf6bada6ca6357d4b90ae6f6ffbb

SHA512
597745d9e3cdea8190f8f0f4ab82fe141570a382187574d086c4a94a45c0ef85b324c88ea710a1e3de621d7b4ba32e5c01c394792278812d29eda31dac137e65

Download Submit
C:\Windows\system\GxPQviF.exe

Filesize
6.0MB

MD5
f50956b1fb824772f410cc768afe3cba

SHA1
1dab582f53b0b094e717f4f6888f478f3060a66b

SHA256
3ef0df9c3f316b13037d4bbf90be67af0708ca8e639cac0e0f9ec1c60ff1ff92

SHA512
0b26c1929aa5207c836d260f993ca53fb46fcbe163de8300b14305e3cc80af491245631f9fabd5c86a5986164387ece6e9e8f0a0045f6a94f62b28185e100c57

Download Submit
C:\Windows\system\IPyazIn.exe

Filesize
6.0MB

MD5
64b26a133081d9fb723c50a151370d27

SHA1
81fcb51c2f45e5fb3fedf2bc874fdb0e841f3971

SHA256
81ba395e3069ebd0c25d3b2f37f97e97171df869ef8d5a8ec02866d3ae248d4a

SHA512
1c088347494e0514cd4595e26a14c21d9173d2f2b6c89bf4e7526778168679d17841ecd8a8a7eb7771bc5b9f7ba2c9626acfa35dcd3f94d7d22d639d333e3efe

Download Submit
C:\Windows\system\QeSSfgT.exe

Filesize
6.0MB

MD5
a260e4d01252eaa0bfd76ab3f248bb10

SHA1
6bb2ae6e8640e5964371ae79161813deb7fc7a50

SHA256
5725f5400f072a2a6067721fa61a4a71b174cfd623db3c4e1fbe5091a193a6c0

SHA512
24bb7beeea4e8862e3bda653c9696c08cffa54eacf4919e1aacd6489c593787ffc24560b38324ce19e92159e38360df8c2e45fed56f7d0fb1aa45741b9155e16

Download Submit
C:\Windows\system\SDlNOHt.exe

Filesize
6.0MB

MD5
3458ad9d7920709dfc2a72fa90c28620

SHA1
cb0c010c56f1b23f7460ff99472a6a8c9664d44d

SHA256
871a4ae062c76e6d28360ed7fede90e48f14a8e69f1329bbee507108bcc3eed2

SHA512
7f54068d41572969405e750cdfe3e987e7e73a5422ac0a7002a4839ed8be91a46d41352f9bfc39db9e99d4a36e3007ab4199e1502f186976753154d46645725b

Download Submit
C:\Windows\system\TSwwwmi.exe

Filesize
6.0MB

MD5
58993bde2dd4008a0f5e7df8dd18bb0c

SHA1
b1d322ff21e668db37e792823bfd2ca80f236517

SHA256
bd9681b360ac96ee197c4e470d9322061e77f1d47b1c80db86be837f236d1636

SHA512
5157a491f7fe5a888af20e1f7f24d46aa225915f81a631d1a70c1bf4676416ecf32b3a8e45bd426499e3d809eb7fceac421706ff0ee036159370eaaf736fc5cb

Download Submit
C:\Windows\system\TqnKnIg.exe

Filesize
6.0MB

MD5
db63e6f7a01772c1c77a5cd9c8faaad6

SHA1
bac9a44ced591e61459c36ef1eaf1a819cbc7112

SHA256
b61d283465532040e464d59a770142da4bc08e3bcf6ecb12b75db5ae63e0dd20

SHA512
a6bd20bebcc85c23366d96a9978ecde1f4d04092e95be76dfee12be5f35f407e157b30300fd4a8ae3cc370c5711ccea2607c976e289f7099181b3ae756db26a4

Download Submit
C:\Windows\system\UVttygr.exe

Filesize
6.0MB

MD5
0c14941dc74240a02d3b952afc58a22c

SHA1
2b2d62d16741a80bd8463b68375578c47d5b2181

SHA256
6e3a3fdc007701a061d98f323b4679b57e893f968a1f807de79a0ec486bd9c0f

SHA512
ed509107d8f5abdaaef1ad6233752be66f610d15fc95cd9a28de38ace26ccb65bfdc7299c8bf15c42420004f44727451ed1b3ac0b2b94be13ae133ac80dd9693

Download Submit
C:\Windows\system\UdfEPPx.exe

Filesize
6.0MB

MD5
5deb01288fe08e0043a1090ecb2b59d8

SHA1
a55f98f0e8a203dfffa3815b0828c483c0874757

SHA256
703426a9d8d6069dd250ca7b4cc0e5acfc83fa59dacb477e26a19899d079cd4b

SHA512
8e45a6b62dd7b104cc08ed0187d7ac9acc0a581428461b3f89236240cf543f2736b6509c0748ce41f77715e93f97e4f1434aa531f939d18626ba9afef10217bb

Download Submit
C:\Windows\system\XiZAXEp.exe

Filesize
6.0MB

MD5
bfc9a3dca4210e45a53bac77b76e3b1e

SHA1
e39c3188c345ce83a41826a9df5975b04bd88df8

SHA256
7635e7cc5bae970a9f49b9c40c1932f8594f00a981b5eddc5cc619811d7824b7

SHA512
1f61905404d3d9dc8fc79229ee5fd59daa73885ec938c22aa6672ff7cd152d2ae0fa0b14570f587a28c22c599cf5ebe31aa68bbf23e7fcbd9c7e65a18bbe970a

Download Submit
C:\Windows\system\cNweoof.exe

Filesize
6.0MB

MD5
0e4b8873dd7acf78c33b650db0d335e0

SHA1
577b1dfa5e050a3dc173cb12c374e9adaad94503

SHA256
53e1c86345ac09212bc2814256e92be74f73343c7681b2beb56825d18373cf4e

SHA512
dad44f73d98506e14b014f025fd76a81523ebdc8495afef205d8ecc349520e3db5f2860812188d894f766c5907303d7bf79bde20813e7c294d60e273bd91a201

Download Submit
C:\Windows\system\fpZbFpM.exe

Filesize
6.0MB

MD5
ecb01aedafbefd1e1d0fd7a3efb5c0e7

SHA1
a53733bcbd4299de6eb9f86cb1e9e9ee2912fb54

SHA256
d4b2ebb4464dd3001260730f251369b52bab5a765b7167ac4d75aec7447c3cd4

SHA512
8fed6c039ca743ffafd94cb2831aa8355cf9e664b3b5cefc146e4e982571b304add1c3ebfee1af70a9768d108bf5e180060dde9f5689db3e3db223704a949ad4

Download Submit
C:\Windows\system\hzQoHzT.exe

Filesize
6.0MB

MD5
d6a52fbead07f0309e3efd123300e899

SHA1
2ec4e6eb13204ff1e251eee970ac60aaa0701680

SHA256
d8015962ca8209adca80b3d7d5d966af70b309d3ed5191b62ee8335b810bd5d4

SHA512
4ef630208da800d60330b5e0df55c7c58c2cc0a0458adf6a0370937dde198ef3998ab7dbbb2f3d1d919f176407da6282a636a0ce4fbd3dace812e4c1879dbbbe

Download Submit
C:\Windows\system\kRIwoMR.exe

Filesize
6.0MB

MD5
67e7acad0ebc68f68161c1585cc54217

SHA1
3e0761a368ff47b9d05d52970fefb5114ecb5c74

SHA256
467f55b48d5858ca04b7b4d84c4c7f22384f3fe05ef55b2743522f64a3c7d32f

SHA512
bd75252123b5763167c3096acb46e0f1b9c7983deebda12fbeabbef38fee25ab15542b4db359e7292afd80864b843aa1125ff994f19a1989507c77679f0f7500

Download Submit
C:\Windows\system\kVNiSuS.exe

Filesize
6.0MB

MD5
b2c0569a321d8d447a4e1fbb842e0a88

SHA1
66a5d4a8d44cb42914697a3a3a8d15d9c99ae4d9

SHA256
9ed1d2f57a8ff8e54ab751706fcf9553cb60992bd30319667517f49223fa528a

SHA512
cb859324f10b3af6e226cca3679c4f0c1c42ab4b008fee4b53244b4efcfb1b1baa15d51aadf8cacafded747fc58885b618fc944af571f5d3d516eebed1c8c608

Download Submit
C:\Windows\system\mFzHqXi.exe

Filesize
6.0MB

MD5
ca50457a029e4ff5e47aa7b4cd934cac

SHA1
136865d943258814e10a2edcbe2e3cd70c6ef372

SHA256
c0fee4c821348e6aeaa9ae3b0e1ddeda55585880007296c68c8d622d74ca25e4

SHA512
5f76557d1a1693d112499a6e82c011ad91ef7958d7f815e53326292e516edb0c4376aec2624367b805830cde7d124a0754e7d9b91aefe8c4b2a413b5185a877e

Download Submit
C:\Windows\system\mTvxUlk.exe

Filesize
6.0MB

MD5
a5bba3d469328addbc416b96d12031ea

SHA1
a1c6d3725560ea87334e8c04d5528ff99715f97c

SHA256
ff806c8fe98a5460c1499eb0385d2625f8ec2f7c6101f6178c2f8d9c16b6ba1b

SHA512
5acf1efeb9f68f4e5702792bc0884dd64c11247f9d42e9ee82b766cf200fda180f1299a0bf0771407b2960a3b7de7c5424cda8224cb1b9567ac55e425ae1b78b

Download Submit
C:\Windows\system\opzyvsz.exe

Filesize
6.0MB

MD5
11757f1c352b18b2be8fc4d3d11ff50a

SHA1
6d0075884572641f711b4ce02beee185e159a3e2

SHA256
5f0ee31bc1789786c8011b06c13ff7616bdeaf32c960f987911cf1cdd28d9fb8

SHA512
e618aa84c7239aeb7d46f70fec0334362d7de3a77069c620e84cd1834dfea52e8d21ff77e946f9fd3007e944b737c85adeb7d964da526532aacda4b89c5d67a4

Download Submit
C:\Windows\system\qiNDsTq.exe

Filesize
6.0MB

MD5
b5e4cf011d5f9b8e61a34ad09897e9d2

SHA1
9c338e621d538de7f4b5f437cf920f1099b4e9c8

SHA256
e86e7851daf4a1866555c60a8dfc769ae92c7946254988055f6857d40414a621

SHA512
eac21651dd2b4511f5f7a51f260239beb5d7990c24e484213b1ae39f77b9d842c023bc9a6ba7b1c0870db22d617bf6b416231c18778db1749a7d80694ce6c49e

Download Submit
C:\Windows\system\rQhQtIT.exe

Filesize
6.0MB

MD5
104654f27def252fb3e2f7aa29a805a3

SHA1
84f2f7fcc91596e86d794c9d4f6786d1bde2aaba

SHA256
fd7e2cfe1dcdadcc6bd561a33102559dcb50568df130f8a6ded47017dc5226fb

SHA512
d1ca107b071a5168e1a1460ca1de8fbcf11cc7f9c4ffb40c6c1b2fcbe10a3a6ce5f366906cffa16f4fc354a24ea143615ea5923c59d50607de365c4aff3a4451

Download Submit
C:\Windows\system\tXoRohr.exe

Filesize
6.0MB

MD5
f37921e1ba82a0a2b465e8ccd6804162

SHA1
cd190c145d027a7f82f073712960151a96c11571

SHA256
91b6873a68bfda8e64fe2f4d6003cd97a99b1a75149739f802738856d48498e3

SHA512
951da8443c858eb2244dbbe3bec170ed4b04b6fd19fb9f194411aafbb22fc9a483d97c3c62be927dbe538606434b32db24e41b839c0ab09be16a003e78496e6e

Download Submit
C:\Windows\system\uOxpAhk.exe

Filesize
6.0MB

MD5
cdb2195744661b6d6d2e7a64d5599b18

SHA1
d0662798883c86e3bde738cca028080fd2a44fc4

SHA256
3f991a9b6aca5eb54e6f854bcd8cb19f0b96be75dca541b66a6ab5113a94132b

SHA512
10715e7c6249d229c14e9e167ee8f6a1651fe83f789e0d8700af7411807625f870b381f493779ffe3d5407fdcc824afb5ec4d3e172b531d0cd839e4f2e35f5f7

Download Submit
C:\Windows\system\uWdudRU.exe

Filesize
6.0MB

MD5
882930902a997421b72edf5ca26191f2

SHA1
af86cdfa0653dad6b06c01558e21172a6baf6440

SHA256
c21501700c1c3049768490ac54b4d307c5c7ccc4a6e61054d5fa3baea047ca63

SHA512
5df0ee476a383db1f60fb9d94c51cc1806c5960962bea813cbdfde6e22a9e361dc362a294eef2cc79db358f6af21815e481eafc6c8a4dbabb1e981dcc759b965

Download Submit
C:\Windows\system\xBAAilI.exe

Filesize
6.0MB

MD5
aa56345bfb6e23bafdfaacf773fbd4e6

SHA1
e405f93b2307fd33184864873951691b49b660c3

SHA256
eb997d53b647badb12adcd6fd07f7a4e83daaed8bd4c14846e567c967f18a2b1

SHA512
d917997d9092976bfa9b03c54868ddcfe19cacf978a1964fa7f539816e346467a6431ee652f97095bbd422a9570797690fb3354a37291af36d90521e3c073ed8

Download Submit
\Windows\system\AKMRNaP.exe

Filesize
6.0MB

MD5
254fbc8fb974220e6c603efb1aebc2f7

SHA1
eb18915aff52b9cdfbc6cf86156e88ee13bdaddb

SHA256
0080e74491cace744a3d24414ac9dea13566e886a5ffe25a443f810897177aed

SHA512
d5f8965b6383bd40656a7b824b4bff6dbf84899babbed85e583774e461f0214139295a6d1f7656034aab56d90b5913448fd3e804785f407c179b095de08db76c

Download Submit
\Windows\system\CJjTIAt.exe

Filesize
6.0MB

MD5
614d7d9674b0d118dced6cfae07b8210

SHA1
372a10e44140d87db1a5836a913b5dad78940c18

SHA256
d51a9ca76043e7813da6da505a9502ba105b709cf1c75ab8b2395358c2c2e925

SHA512
1aba8e1ad45e895d1cc1a105d1a7deea36a601b3be7639d6a24b1f6803b53d301229cb1653a524775ce9d3c6c3f7e6902ec05a13f111feed33b8195c42bca985

Download Submit
\Windows\system\HmmRekE.exe

Filesize
6.0MB

MD5
b7be22d21f347f8164c053c942096596

SHA1
1854e739483c8e44564902c206cb42ac2362c032

SHA256
75aa121c3aa10cb21e4cde1803c8e1fa000a30e321397918af99c80f750daf94

SHA512
9b276bb8e4e5a9fb4cedfa9d7ff6c6995fa7cbf2117eeade5696f73dc0b06f225520fbc94550040c4c7fa055b9e2f899d39547fd47c15e999731bfc01b77c927

Download Submit
\Windows\system\NJSDwyC.exe

Filesize
6.0MB

MD5
b6c91b5200d6d255ca3befa23202209c

SHA1
4e2dbd1016c729d17949e59823c9648b8859e429

SHA256
e5a8a6f9ab964165d8432275c594506dda690afbae3748d171a645c661e7d778

SHA512
c9e6df12a72626822f36e6077ee09e2e6d3a2e493725e633ec11f6132d352d7b4c1cb4d6aac7ec29b5174836c15f80fb0916bc18cd2cf4940c78e407c195e483

Download Submit
\Windows\system\dhPjUuW.exe

Filesize
6.0MB

MD5
c2746031a18d6828165905b6f18bb52b

SHA1
0fb296cee275e101aa9bb7add7c426778fb40c57

SHA256
51e6283544c37e4f38d6bf50b53f7b69c831571092f643cf3eeac5bdc5e7853b

SHA512
238b0efc1812b417b98c8c8baf44395ccc7ffb0c90bd6733d6bbabf19e517d5320b553e57ab14653b9cbae1a0c68279cbc36f373dfe1a2a2bc2ddb2cee909046

Download Submit
\Windows\system\kjmewxI.exe

Filesize
6.0MB

MD5
f361d55f46b3151fc0ed09ef1108f43e

SHA1
56bef2325683cee7ed7ac04c4126429ee94e16a5

SHA256
fbe7a7657ec96fe9af1f597849bd44ad0dbaf34710874608ea4e20276c8b1457

SHA512
670eb795d544f91456aab843d9e390bf97493096cb5aa41ba7862203ac85d00971022ad2f4d8567f4fe81d58ea632457d90de56fc62543874013f76ac949dc16

Download Submit
memory/536-22-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/536-1333-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/536-55-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/584-71-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/584-1335-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/584-36-0x000000013FCE0000-0x0000000140034000-memory.dmp

Filesize
3.3MB

Download
memory/692-1344-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/692-108-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/692-407-0x000000013FB30000-0x000000013FE84000-memory.dmp

Filesize
3.3MB

Download
memory/1496-330-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-99-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-1343-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-7-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-42-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1760-1331-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2032-246-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2032-90-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2032-1342-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2308-56-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-31-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2308-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2308-63-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-5-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-14-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-85-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-86-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2308-94-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-421-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2308-287-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-222-0x000000013F7E0000-0x000000013FB34000-memory.dmp

Filesize
3.3MB

Download
memory/2308-370-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-95-0x000000013FA70000-0x000000013FDC4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-181-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-104-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-24-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2308-72-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-103-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-112-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-0-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2308-48-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-113-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2308-20-0x0000000002390000-0x00000000026E4000-memory.dmp

Filesize
3.3MB

Download
memory/2308-39-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2372-15-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2372-1332-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2372-47-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2676-138-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-76-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-1341-0x000000013FD90000-0x00000001400E4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-80-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-212-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2800-1340-0x000000013F580000-0x000000013F8D4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-107-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-66-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-1339-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2836-1336-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2836-45-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2956-1334-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2956-62-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/2956-29-0x000000013F130000-0x000000013F484000-memory.dmp

Filesize
3.3MB

Download
memory/3008-1338-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-98-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3008-60-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-89-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-52-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-1337-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download