cobaltstrike | b640afa8bec303ca319a950c3e1281955e5fe4059afd62aa05b850f095a1d0ea

Analysis

max time kernel
150s
max time network
20s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a408366233e67aa0efa1502da7c75d9c
SHA1

7fdb8c5d0555029e20406860e5047fdc38bac018
SHA256

b640afa8bec303ca319a950c3e1281955e5fe4059afd62aa05b850f095a1d0ea
SHA512

3bbe7a7cd3bb96da59ecf241e5a0c9270a6f4b1da0c335bcb579a2feded9b12c807f718fb8ad304533574ebe298c75a3766766285604a425df1d9d51787c143d
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUN:T+q56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001933b-9.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001939b-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193b3-23.dat	cobalt_reflective_dll
behavioral1/files/0x003000000001926b-33.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193e8-39.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001949e-54.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193f7-43.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194c4-67.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194cd-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a307-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41b-92.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-185.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-179.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-114.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41d-100.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a359-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a09e-79.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/560-0-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/memory/560-6-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x000700000001933b-9.dat	xmrig
behavioral1/memory/560-12-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/files/0x000800000001939b-11.dat	xmrig
behavioral1/memory/2248-21-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2304-16-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/files/0x00070000000193b3-23.dat	xmrig
behavioral1/memory/2824-28-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/memory/2764-34-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x003000000001926b-33.dat	xmrig
behavioral1/memory/560-36-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x00060000000193e8-39.dat	xmrig
behavioral1/memory/2700-41-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x000600000001949e-54.dat	xmrig
behavioral1/memory/2780-55-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x00060000000193f7-43.dat	xmrig
behavioral1/memory/2968-62-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2756-59-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/560-58-0x0000000002360000-0x00000000026B4000-memory.dmp	xmrig
behavioral1/memory/2248-56-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2304-50-0x000000013F0F0000-0x000000013F444000-memory.dmp	xmrig
behavioral1/memory/2692-69-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2824-68-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x00080000000194c4-67.dat	xmrig
behavioral1/files/0x00070000000194cd-70.dat	xmrig
behavioral1/memory/2764-74-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x000500000001a307-84.dat	xmrig
behavioral1/files/0x000500000001a41b-92.dat	xmrig
behavioral1/files/0x000500000001a48b-122.dat	xmrig
behavioral1/memory/2204-1290-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/2892-1297-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2656-1302-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/560-1306-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/1708-1311-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2376-1333-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4bd-185.dat	xmrig
behavioral1/files/0x000500000001a4bb-179.dat	xmrig
behavioral1/files/0x000500000001a4b7-169.dat	xmrig
behavioral1/files/0x000500000001a4b9-175.dat	xmrig
behavioral1/files/0x000500000001a4b5-165.dat	xmrig
behavioral1/files/0x000500000001a4b3-159.dat	xmrig
behavioral1/files/0x000500000001a4b1-155.dat	xmrig
behavioral1/files/0x000500000001a4af-149.dat	xmrig
behavioral1/files/0x000500000001a4a9-144.dat	xmrig
behavioral1/files/0x000500000001a49a-139.dat	xmrig
behavioral1/files/0x000500000001a499-135.dat	xmrig
behavioral1/files/0x000500000001a48d-129.dat	xmrig
behavioral1/files/0x000500000001a46f-119.dat	xmrig
behavioral1/files/0x000500000001a427-109.dat	xmrig
behavioral1/files/0x000500000001a42d-114.dat	xmrig
behavioral1/files/0x000500000001a41e-104.dat	xmrig
behavioral1/files/0x000500000001a41d-100.dat	xmrig
behavioral1/files/0x000500000001a359-89.dat	xmrig
behavioral1/files/0x000500000001a09e-79.dat	xmrig
behavioral1/memory/2780-1559-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/560-1769-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2968-2080-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/560-2259-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2692-2260-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/560-2477-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/560-2480-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/560-2483-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2700	pYraIYI.exe
2304	MWggXGP.exe
2248	jwsRGOf.exe
2824	vFPcwoK.exe
2764	qPdXLzN.exe
2780	UiCnVTh.exe
2756	imOhWCz.exe
2968	gSuVhnJ.exe
2692	LpAaXXm.exe
2204	gVZufRP.exe
2892	OJkHale.exe
2656	HEPXVRG.exe
1708	SDXnOqq.exe
2376	yaHszHT.exe
2144	mmaZcyG.exe
2948	HsRDUuA.exe
2348	jhtUAmx.exe
924	IHkohjb.exe
1408	SgQqwKs.exe
2900	xBhSLfF.exe
2956	omoZyxx.exe
2996	aONbKOv.exe
2984	UoArzFw.exe
2508	dlxcGyB.exe
1028	xNShwWo.exe
908	tiueQOr.exe
2468	AcUzacA.exe
2040	RaKBDWR.exe
2272	KFsgSVZ.exe
2296	VIsphXc.exe
2424	IGMTNwm.exe
264	RhxmHSS.exe
772	WuYZgNX.exe
2572	wlOhIuU.exe
2004	YglouYV.exe
2364	bzUCpaJ.exe
2300	MmgSVsK.exe
1908	lQAJHfV.exe
940	ecHzDCo.exe
1608	gHCbQGG.exe
1552	TiOEwrk.exe
3052	xnZvEfr.exe
1960	tkzbAPL.exe
1952	jDcEERw.exe
2432	LbJFNHm.exe
2408	fascTab.exe
2260	pttyIbN.exe
2120	DHdsYHO.exe
3016	hrElYjf.exe
2808	ghApMtb.exe
1464	QStWEjP.exe
3028	vLpOpSw.exe
1680	gleAAfP.exe
876	UDleFnB.exe
1080	WahSAtf.exe
2052	reEraAT.exe
1636	QUDbRZZ.exe
2088	mnZmvgW.exe
3008	bNnOHLM.exe
1644	wLemGlO.exe
2932	niZMzfU.exe
2928	WwiGErs.exe
3024	lQFOlkb.exe
3020	HIBOvxk.exe

Loads dropped DLL 64 IoCs

pid	Process
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/560-0-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/memory/560-6-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x000700000001933b-9.dat	upx
behavioral1/memory/560-12-0x0000000002360000-0x00000000026B4000-memory.dmp	upx
behavioral1/files/0x000800000001939b-11.dat	upx
behavioral1/memory/2248-21-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2304-16-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/files/0x00070000000193b3-23.dat	upx
behavioral1/memory/2824-28-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2764-34-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x003000000001926b-33.dat	upx
behavioral1/memory/560-36-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x00060000000193e8-39.dat	upx
behavioral1/memory/2700-41-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x000600000001949e-54.dat	upx
behavioral1/memory/2780-55-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x00060000000193f7-43.dat	upx
behavioral1/memory/2968-62-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2756-59-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2248-56-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2304-50-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2692-69-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2824-68-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x00080000000194c4-67.dat	upx
behavioral1/files/0x00070000000194cd-70.dat	upx
behavioral1/memory/2764-74-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x000500000001a307-84.dat	upx
behavioral1/files/0x000500000001a41b-92.dat	upx
behavioral1/files/0x000500000001a48b-122.dat	upx
behavioral1/memory/2204-1290-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/2892-1297-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2656-1302-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/1708-1311-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2376-1333-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x000500000001a4bd-185.dat	upx
behavioral1/files/0x000500000001a4bb-179.dat	upx
behavioral1/files/0x000500000001a4b7-169.dat	upx
behavioral1/files/0x000500000001a4b9-175.dat	upx
behavioral1/files/0x000500000001a4b5-165.dat	upx
behavioral1/files/0x000500000001a4b3-159.dat	upx
behavioral1/files/0x000500000001a4b1-155.dat	upx
behavioral1/files/0x000500000001a4af-149.dat	upx
behavioral1/files/0x000500000001a4a9-144.dat	upx
behavioral1/files/0x000500000001a49a-139.dat	upx
behavioral1/files/0x000500000001a499-135.dat	upx
behavioral1/files/0x000500000001a48d-129.dat	upx
behavioral1/files/0x000500000001a46f-119.dat	upx
behavioral1/files/0x000500000001a427-109.dat	upx
behavioral1/files/0x000500000001a42d-114.dat	upx
behavioral1/files/0x000500000001a41e-104.dat	upx
behavioral1/files/0x000500000001a41d-100.dat	upx
behavioral1/files/0x000500000001a359-89.dat	upx
behavioral1/files/0x000500000001a09e-79.dat	upx
behavioral1/memory/2780-1559-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2968-2080-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2692-2260-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2700-3042-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/2304-3078-0x000000013F0F0000-0x000000013F444000-memory.dmp	upx
behavioral1/memory/2248-3081-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2824-3082-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2764-3098-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2780-3229-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2756-3237-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\QwQxnNp.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvCirtu.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrAWKoV.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GjKeTSv.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjBwsiI.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ndXephS.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wlOhIuU.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXSxNXJ.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbgaZVO.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aONUYWT.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lXdeeon.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aCUYoOa.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yUFECCG.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TMruDKT.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LDiunLm.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwfNMaQ.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VihUIfb.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yinhBBp.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RmBieyt.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JpBexgi.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rckHTFM.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glLUWhl.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaCxTXn.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ahKPqse.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Qzrrnvc.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PXWOUXr.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gVgkxdJ.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BmQfGTw.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dDoRBXB.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HaNjEjg.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RbLQRzT.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iMBdrnn.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yXSUzDj.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\twFCpVj.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jfEneWi.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XFrYblp.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkoTEaX.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgzrgfG.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cmPxEwq.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyBviJD.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCKwrRN.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XtlLjLp.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xVvhlpV.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMZzUAK.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lPAlATo.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPueWFq.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tBdzMYV.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oDDlCrh.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KtAZpLO.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\osNyXnP.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfrXSlC.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLkULXn.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uuuUFAJ.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dwxkAXx.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZMNtRSk.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAIlRfy.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exDFjJc.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpwUKrt.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\juLPhTW.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZZMyxM.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CjdrmCk.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBVhJqv.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTANyGg.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CqoSNAD.exe	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 2700	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 560 wrote to memory of 2700	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 560 wrote to memory of 2700	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 560 wrote to memory of 2304	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 560 wrote to memory of 2304	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 560 wrote to memory of 2304	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 560 wrote to memory of 2248	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 560 wrote to memory of 2248	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 560 wrote to memory of 2248	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 560 wrote to memory of 2824	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 560 wrote to memory of 2824	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 560 wrote to memory of 2824	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 560 wrote to memory of 2764	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 560 wrote to memory of 2764	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 560 wrote to memory of 2764	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 560 wrote to memory of 2780	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 560 wrote to memory of 2780	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 560 wrote to memory of 2780	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 560 wrote to memory of 2968	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 560 wrote to memory of 2968	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 560 wrote to memory of 2968	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 560 wrote to memory of 2756	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 560 wrote to memory of 2756	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 560 wrote to memory of 2756	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 560 wrote to memory of 2692	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 560 wrote to memory of 2692	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 560 wrote to memory of 2692	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 560 wrote to memory of 2204	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 560 wrote to memory of 2204	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 560 wrote to memory of 2204	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 560 wrote to memory of 2892	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 560 wrote to memory of 2892	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 560 wrote to memory of 2892	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 560 wrote to memory of 2656	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 560 wrote to memory of 2656	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 560 wrote to memory of 2656	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 560 wrote to memory of 1708	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 560 wrote to memory of 1708	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 560 wrote to memory of 1708	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 560 wrote to memory of 2376	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 560 wrote to memory of 2376	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 560 wrote to memory of 2376	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 560 wrote to memory of 2144	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 560 wrote to memory of 2144	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 560 wrote to memory of 2144	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 560 wrote to memory of 2948	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 560 wrote to memory of 2948	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 560 wrote to memory of 2948	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 560 wrote to memory of 2348	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 560 wrote to memory of 2348	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 560 wrote to memory of 2348	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 560 wrote to memory of 924	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 560 wrote to memory of 924	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 560 wrote to memory of 924	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 560 wrote to memory of 1408	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 560 wrote to memory of 1408	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 560 wrote to memory of 1408	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 560 wrote to memory of 2900	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 560 wrote to memory of 2900	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 560 wrote to memory of 2900	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 560 wrote to memory of 2956	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 560 wrote to memory of 2956	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 560 wrote to memory of 2956	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 560 wrote to memory of 2996	560	2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_a408366233e67aa0efa1502da7c75d9c_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:560
- C:\Windows\System\pYraIYI.exe
  C:\Windows\System\pYraIYI.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\MWggXGP.exe
  C:\Windows\System\MWggXGP.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\jwsRGOf.exe
  C:\Windows\System\jwsRGOf.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\vFPcwoK.exe
  C:\Windows\System\vFPcwoK.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\qPdXLzN.exe
  C:\Windows\System\qPdXLzN.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\UiCnVTh.exe
  C:\Windows\System\UiCnVTh.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\gSuVhnJ.exe
  C:\Windows\System\gSuVhnJ.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\imOhWCz.exe
  C:\Windows\System\imOhWCz.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\LpAaXXm.exe
  C:\Windows\System\LpAaXXm.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\gVZufRP.exe
  C:\Windows\System\gVZufRP.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\OJkHale.exe
  C:\Windows\System\OJkHale.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\HEPXVRG.exe
  C:\Windows\System\HEPXVRG.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\SDXnOqq.exe
  C:\Windows\System\SDXnOqq.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\yaHszHT.exe
  C:\Windows\System\yaHszHT.exe
  2⤵
  - Executes dropped EXE
  PID:2376
- C:\Windows\System\mmaZcyG.exe
  C:\Windows\System\mmaZcyG.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\HsRDUuA.exe
  C:\Windows\System\HsRDUuA.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\jhtUAmx.exe
  C:\Windows\System\jhtUAmx.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\IHkohjb.exe
  C:\Windows\System\IHkohjb.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\SgQqwKs.exe
  C:\Windows\System\SgQqwKs.exe
  2⤵
  - Executes dropped EXE
  PID:1408
- C:\Windows\System\xBhSLfF.exe
  C:\Windows\System\xBhSLfF.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\omoZyxx.exe
  C:\Windows\System\omoZyxx.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\aONbKOv.exe
  C:\Windows\System\aONbKOv.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\UoArzFw.exe
  C:\Windows\System\UoArzFw.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\dlxcGyB.exe
  C:\Windows\System\dlxcGyB.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\xNShwWo.exe
  C:\Windows\System\xNShwWo.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\tiueQOr.exe
  C:\Windows\System\tiueQOr.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\AcUzacA.exe
  C:\Windows\System\AcUzacA.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\RaKBDWR.exe
  C:\Windows\System\RaKBDWR.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\KFsgSVZ.exe
  C:\Windows\System\KFsgSVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\VIsphXc.exe
  C:\Windows\System\VIsphXc.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\IGMTNwm.exe
  C:\Windows\System\IGMTNwm.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\RhxmHSS.exe
  C:\Windows\System\RhxmHSS.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\WuYZgNX.exe
  C:\Windows\System\WuYZgNX.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\wlOhIuU.exe
  C:\Windows\System\wlOhIuU.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\YglouYV.exe
  C:\Windows\System\YglouYV.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\bzUCpaJ.exe
  C:\Windows\System\bzUCpaJ.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\MmgSVsK.exe
  C:\Windows\System\MmgSVsK.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\lQAJHfV.exe
  C:\Windows\System\lQAJHfV.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\ecHzDCo.exe
  C:\Windows\System\ecHzDCo.exe
  2⤵
  - Executes dropped EXE
  PID:940
- C:\Windows\System\gHCbQGG.exe
  C:\Windows\System\gHCbQGG.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\TiOEwrk.exe
  C:\Windows\System\TiOEwrk.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\xnZvEfr.exe
  C:\Windows\System\xnZvEfr.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\tkzbAPL.exe
  C:\Windows\System\tkzbAPL.exe
  2⤵
  - Executes dropped EXE
  PID:1960
- C:\Windows\System\jDcEERw.exe
  C:\Windows\System\jDcEERw.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\LbJFNHm.exe
  C:\Windows\System\LbJFNHm.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\fascTab.exe
  C:\Windows\System\fascTab.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\pttyIbN.exe
  C:\Windows\System\pttyIbN.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\DHdsYHO.exe
  C:\Windows\System\DHdsYHO.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\hrElYjf.exe
  C:\Windows\System\hrElYjf.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ghApMtb.exe
  C:\Windows\System\ghApMtb.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\QStWEjP.exe
  C:\Windows\System\QStWEjP.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\vLpOpSw.exe
  C:\Windows\System\vLpOpSw.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\gleAAfP.exe
  C:\Windows\System\gleAAfP.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\UDleFnB.exe
  C:\Windows\System\UDleFnB.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\WahSAtf.exe
  C:\Windows\System\WahSAtf.exe
  2⤵
  - Executes dropped EXE
  PID:1080
- C:\Windows\System\reEraAT.exe
  C:\Windows\System\reEraAT.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\QUDbRZZ.exe
  C:\Windows\System\QUDbRZZ.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\mnZmvgW.exe
  C:\Windows\System\mnZmvgW.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\bNnOHLM.exe
  C:\Windows\System\bNnOHLM.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\wLemGlO.exe
  C:\Windows\System\wLemGlO.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\niZMzfU.exe
  C:\Windows\System\niZMzfU.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\WwiGErs.exe
  C:\Windows\System\WwiGErs.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\lQFOlkb.exe
  C:\Windows\System\lQFOlkb.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\HIBOvxk.exe
  C:\Windows\System\HIBOvxk.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\rQnllId.exe
  C:\Windows\System\rQnllId.exe
  2⤵
  PID:2952
- C:\Windows\System\thukjnP.exe
  C:\Windows\System\thukjnP.exe
  2⤵
  PID:2844
- C:\Windows\System\urMFwKm.exe
  C:\Windows\System\urMFwKm.exe
  2⤵
  PID:2960
- C:\Windows\System\zMuHLLf.exe
  C:\Windows\System\zMuHLLf.exe
  2⤵
  PID:2080
- C:\Windows\System\miEKjJo.exe
  C:\Windows\System\miEKjJo.exe
  2⤵
  PID:2200
- C:\Windows\System\NORWvqu.exe
  C:\Windows\System\NORWvqu.exe
  2⤵
  PID:2384
- C:\Windows\System\ftsfAqn.exe
  C:\Windows\System\ftsfAqn.exe
  2⤵
  PID:2480
- C:\Windows\System\cnSZpZh.exe
  C:\Windows\System\cnSZpZh.exe
  2⤵
  PID:2720
- C:\Windows\System\VQXPOWN.exe
  C:\Windows\System\VQXPOWN.exe
  2⤵
  PID:476
- C:\Windows\System\AXRzfKW.exe
  C:\Windows\System\AXRzfKW.exe
  2⤵
  PID:2708
- C:\Windows\System\wIwgOUl.exe
  C:\Windows\System\wIwgOUl.exe
  2⤵
  PID:2612
- C:\Windows\System\nlhDfCm.exe
  C:\Windows\System\nlhDfCm.exe
  2⤵
  PID:1160
- C:\Windows\System\FptilkR.exe
  C:\Windows\System\FptilkR.exe
  2⤵
  PID:448
- C:\Windows\System\yLPUtAF.exe
  C:\Windows\System\yLPUtAF.exe
  2⤵
  PID:1132
- C:\Windows\System\XODyLjw.exe
  C:\Windows\System\XODyLjw.exe
  2⤵
  PID:1124
- C:\Windows\System\WSsDqSI.exe
  C:\Windows\System\WSsDqSI.exe
  2⤵
  PID:2256
- C:\Windows\System\qCXUDwE.exe
  C:\Windows\System\qCXUDwE.exe
  2⤵
  PID:2268
- C:\Windows\System\HMYSSRj.exe
  C:\Windows\System\HMYSSRj.exe
  2⤵
  PID:1044
- C:\Windows\System\BcVzPuB.exe
  C:\Windows\System\BcVzPuB.exe
  2⤵
  PID:2660
- C:\Windows\System\wTlntmv.exe
  C:\Windows\System\wTlntmv.exe
  2⤵
  PID:652
- C:\Windows\System\ZUUTvTI.exe
  C:\Windows\System\ZUUTvTI.exe
  2⤵
  PID:1468
- C:\Windows\System\JWWzmwy.exe
  C:\Windows\System\JWWzmwy.exe
  2⤵
  PID:672
- C:\Windows\System\JZdiZoS.exe
  C:\Windows\System\JZdiZoS.exe
  2⤵
  PID:944
- C:\Windows\System\tNZcAyi.exe
  C:\Windows\System\tNZcAyi.exe
  2⤵
  PID:1796
- C:\Windows\System\dWkXKEW.exe
  C:\Windows\System\dWkXKEW.exe
  2⤵
  PID:1108
- C:\Windows\System\nQebSRi.exe
  C:\Windows\System\nQebSRi.exe
  2⤵
  PID:1864
- C:\Windows\System\AKMgiXk.exe
  C:\Windows\System\AKMgiXk.exe
  2⤵
  PID:1488
- C:\Windows\System\IEAjcku.exe
  C:\Windows\System\IEAjcku.exe
  2⤵
  PID:2196
- C:\Windows\System\GShvAvA.exe
  C:\Windows\System\GShvAvA.exe
  2⤵
  PID:3068
- C:\Windows\System\nOYvmoq.exe
  C:\Windows\System\nOYvmoq.exe
  2⤵
  PID:1888
- C:\Windows\System\KCbRJjW.exe
  C:\Windows\System\KCbRJjW.exe
  2⤵
  PID:1584
- C:\Windows\System\QZiISzI.exe
  C:\Windows\System\QZiISzI.exe
  2⤵
  PID:352
- C:\Windows\System\dGIIzMU.exe
  C:\Windows\System\dGIIzMU.exe
  2⤵
  PID:1392
- C:\Windows\System\jHXNKMN.exe
  C:\Windows\System\jHXNKMN.exe
  2⤵
  PID:2704
- C:\Windows\System\BgBssNB.exe
  C:\Windows\System\BgBssNB.exe
  2⤵
  PID:2452
- C:\Windows\System\fhqvBJm.exe
  C:\Windows\System\fhqvBJm.exe
  2⤵
  PID:2856
- C:\Windows\System\IUZIJNZ.exe
  C:\Windows\System\IUZIJNZ.exe
  2⤵
  PID:2828
- C:\Windows\System\anWfGuS.exe
  C:\Windows\System\anWfGuS.exe
  2⤵
  PID:2980
- C:\Windows\System\UIBldXL.exe
  C:\Windows\System\UIBldXL.exe
  2⤵
  PID:2752
- C:\Windows\System\HELwlep.exe
  C:\Windows\System\HELwlep.exe
  2⤵
  PID:2436
- C:\Windows\System\wKenPMQ.exe
  C:\Windows\System\wKenPMQ.exe
  2⤵
  PID:880
- C:\Windows\System\AfXuUXp.exe
  C:\Windows\System\AfXuUXp.exe
  2⤵
  PID:2560
- C:\Windows\System\GkdCMtJ.exe
  C:\Windows\System\GkdCMtJ.exe
  2⤵
  PID:2336
- C:\Windows\System\nJHFGlK.exe
  C:\Windows\System\nJHFGlK.exe
  2⤵
  PID:2664
- C:\Windows\System\rkKlzBm.exe
  C:\Windows\System\rkKlzBm.exe
  2⤵
  PID:1260
- C:\Windows\System\tAVpUVr.exe
  C:\Windows\System\tAVpUVr.exe
  2⤵
  PID:996
- C:\Windows\System\mbxjYbS.exe
  C:\Windows\System\mbxjYbS.exe
  2⤵
  PID:2148
- C:\Windows\System\KQyWXvp.exe
  C:\Windows\System\KQyWXvp.exe
  2⤵
  PID:1212
- C:\Windows\System\dLKxhda.exe
  C:\Windows\System\dLKxhda.exe
  2⤵
  PID:2380
- C:\Windows\System\Ivcwwgn.exe
  C:\Windows\System\Ivcwwgn.exe
  2⤵
  PID:2684
- C:\Windows\System\IOasRbk.exe
  C:\Windows\System\IOasRbk.exe
  2⤵
  PID:1048
- C:\Windows\System\PIQfgaO.exe
  C:\Windows\System\PIQfgaO.exe
  2⤵
  PID:1972
- C:\Windows\System\EFVRxRU.exe
  C:\Windows\System\EFVRxRU.exe
  2⤵
  PID:1412
- C:\Windows\System\vaadRdM.exe
  C:\Windows\System\vaadRdM.exe
  2⤵
  PID:2576
- C:\Windows\System\ygLmFuj.exe
  C:\Windows\System\ygLmFuj.exe
  2⤵
  PID:916
- C:\Windows\System\IWUDatx.exe
  C:\Windows\System\IWUDatx.exe
  2⤵
  PID:2112
- C:\Windows\System\eSKXnlB.exe
  C:\Windows\System\eSKXnlB.exe
  2⤵
  PID:2092
- C:\Windows\System\kDrhaao.exe
  C:\Windows\System\kDrhaao.exe
  2⤵
  PID:1600
- C:\Windows\System\DSMCDMf.exe
  C:\Windows\System\DSMCDMf.exe
  2⤵
  PID:2284
- C:\Windows\System\lGgdKZt.exe
  C:\Windows\System\lGgdKZt.exe
  2⤵
  PID:2840
- C:\Windows\System\sKRfoDQ.exe
  C:\Windows\System\sKRfoDQ.exe
  2⤵
  PID:2728
- C:\Windows\System\mHmRkKo.exe
  C:\Windows\System\mHmRkKo.exe
  2⤵
  PID:2732
- C:\Windows\System\DvzfGsQ.exe
  C:\Windows\System\DvzfGsQ.exe
  2⤵
  PID:2532
- C:\Windows\System\SfrXSlC.exe
  C:\Windows\System\SfrXSlC.exe
  2⤵
  PID:2876
- C:\Windows\System\vfZjmXd.exe
  C:\Windows\System\vfZjmXd.exe
  2⤵
  PID:2688
- C:\Windows\System\pIrkDNh.exe
  C:\Windows\System\pIrkDNh.exe
  2⤵
  PID:1056
- C:\Windows\System\QbgqsUP.exe
  C:\Windows\System\QbgqsUP.exe
  2⤵
  PID:1740
- C:\Windows\System\EqvoIOv.exe
  C:\Windows\System\EqvoIOv.exe
  2⤵
  PID:1920
- C:\Windows\System\FueDjpu.exe
  C:\Windows\System\FueDjpu.exe
  2⤵
  PID:1548
- C:\Windows\System\PvFczpT.exe
  C:\Windows\System\PvFczpT.exe
  2⤵
  PID:1964
- C:\Windows\System\jySrCds.exe
  C:\Windows\System\jySrCds.exe
  2⤵
  PID:1968
- C:\Windows\System\txzzhlp.exe
  C:\Windows\System\txzzhlp.exe
  2⤵
  PID:1684
- C:\Windows\System\ENrsMlP.exe
  C:\Windows\System\ENrsMlP.exe
  2⤵
  PID:2556
- C:\Windows\System\VZMBHBe.exe
  C:\Windows\System\VZMBHBe.exe
  2⤵
  PID:2224
- C:\Windows\System\IaLSzSu.exe
  C:\Windows\System\IaLSzSu.exe
  2⤵
  PID:1996
- C:\Windows\System\RsxCIov.exe
  C:\Windows\System\RsxCIov.exe
  2⤵
  PID:2988
- C:\Windows\System\mqCXSzh.exe
  C:\Windows\System\mqCXSzh.exe
  2⤵
  PID:1016
- C:\Windows\System\yZFvqBj.exe
  C:\Windows\System\yZFvqBj.exe
  2⤵
  PID:2428
- C:\Windows\System\IXqugfZ.exe
  C:\Windows\System\IXqugfZ.exe
  2⤵
  PID:2228
- C:\Windows\System\LoGcFhK.exe
  C:\Windows\System\LoGcFhK.exe
  2⤵
  PID:2000
- C:\Windows\System\LeoftrP.exe
  C:\Windows\System\LeoftrP.exe
  2⤵
  PID:980
- C:\Windows\System\lKImZlI.exe
  C:\Windows\System\lKImZlI.exe
  2⤵
  PID:1592
- C:\Windows\System\aVqVefU.exe
  C:\Windows\System\aVqVefU.exe
  2⤵
  PID:3092
- C:\Windows\System\cjafquV.exe
  C:\Windows\System\cjafquV.exe
  2⤵
  PID:3112
- C:\Windows\System\wSNaoYo.exe
  C:\Windows\System\wSNaoYo.exe
  2⤵
  PID:3136
- C:\Windows\System\oYtxzeG.exe
  C:\Windows\System\oYtxzeG.exe
  2⤵
  PID:3156
- C:\Windows\System\jcHEqvv.exe
  C:\Windows\System\jcHEqvv.exe
  2⤵
  PID:3176
- C:\Windows\System\TOEBVEK.exe
  C:\Windows\System\TOEBVEK.exe
  2⤵
  PID:3196
- C:\Windows\System\uMotXLt.exe
  C:\Windows\System\uMotXLt.exe
  2⤵
  PID:3216
- C:\Windows\System\AWBtizj.exe
  C:\Windows\System\AWBtizj.exe
  2⤵
  PID:3236
- C:\Windows\System\coDSqTV.exe
  C:\Windows\System\coDSqTV.exe
  2⤵
  PID:3256
- C:\Windows\System\DlHwrFK.exe
  C:\Windows\System\DlHwrFK.exe
  2⤵
  PID:3276
- C:\Windows\System\NTpTOsc.exe
  C:\Windows\System\NTpTOsc.exe
  2⤵
  PID:3296
- C:\Windows\System\duhnCFD.exe
  C:\Windows\System\duhnCFD.exe
  2⤵
  PID:3316
- C:\Windows\System\IIFyoCn.exe
  C:\Windows\System\IIFyoCn.exe
  2⤵
  PID:3336
- C:\Windows\System\zWWLHqI.exe
  C:\Windows\System\zWWLHqI.exe
  2⤵
  PID:3356
- C:\Windows\System\EkVelAk.exe
  C:\Windows\System\EkVelAk.exe
  2⤵
  PID:3376
- C:\Windows\System\duwGpDT.exe
  C:\Windows\System\duwGpDT.exe
  2⤵
  PID:3396
- C:\Windows\System\cQxSSQv.exe
  C:\Windows\System\cQxSSQv.exe
  2⤵
  PID:3416
- C:\Windows\System\AqpIEkD.exe
  C:\Windows\System\AqpIEkD.exe
  2⤵
  PID:3436
- C:\Windows\System\qKtvllN.exe
  C:\Windows\System\qKtvllN.exe
  2⤵
  PID:3456
- C:\Windows\System\FvZgsJC.exe
  C:\Windows\System\FvZgsJC.exe
  2⤵
  PID:3476
- C:\Windows\System\GDITjIS.exe
  C:\Windows\System\GDITjIS.exe
  2⤵
  PID:3496
- C:\Windows\System\tyzDTHm.exe
  C:\Windows\System\tyzDTHm.exe
  2⤵
  PID:3516
- C:\Windows\System\VMqVshY.exe
  C:\Windows\System\VMqVshY.exe
  2⤵
  PID:3536
- C:\Windows\System\dXUHUxU.exe
  C:\Windows\System\dXUHUxU.exe
  2⤵
  PID:3556
- C:\Windows\System\ulyfBSl.exe
  C:\Windows\System\ulyfBSl.exe
  2⤵
  PID:3576
- C:\Windows\System\aFkKBoF.exe
  C:\Windows\System\aFkKBoF.exe
  2⤵
  PID:3596
- C:\Windows\System\lOHHCBb.exe
  C:\Windows\System\lOHHCBb.exe
  2⤵
  PID:3616
- C:\Windows\System\AMzZEwS.exe
  C:\Windows\System\AMzZEwS.exe
  2⤵
  PID:3636
- C:\Windows\System\HAKfHLA.exe
  C:\Windows\System\HAKfHLA.exe
  2⤵
  PID:3656
- C:\Windows\System\fIeZmNq.exe
  C:\Windows\System\fIeZmNq.exe
  2⤵
  PID:3676
- C:\Windows\System\aixXUwo.exe
  C:\Windows\System\aixXUwo.exe
  2⤵
  PID:3696
- C:\Windows\System\MtAYlpN.exe
  C:\Windows\System\MtAYlpN.exe
  2⤵
  PID:3716
- C:\Windows\System\XDWPXxY.exe
  C:\Windows\System\XDWPXxY.exe
  2⤵
  PID:3740
- C:\Windows\System\vbvGLCv.exe
  C:\Windows\System\vbvGLCv.exe
  2⤵
  PID:3760
- C:\Windows\System\jBXCGlz.exe
  C:\Windows\System\jBXCGlz.exe
  2⤵
  PID:3780
- C:\Windows\System\XbTvIsb.exe
  C:\Windows\System\XbTvIsb.exe
  2⤵
  PID:3800
- C:\Windows\System\yISSYnJ.exe
  C:\Windows\System\yISSYnJ.exe
  2⤵
  PID:3820
- C:\Windows\System\LnPxuAt.exe
  C:\Windows\System\LnPxuAt.exe
  2⤵
  PID:3840
- C:\Windows\System\NpGDyiF.exe
  C:\Windows\System\NpGDyiF.exe
  2⤵
  PID:3860
- C:\Windows\System\HXUSGrL.exe
  C:\Windows\System\HXUSGrL.exe
  2⤵
  PID:3880
- C:\Windows\System\mKKmLUr.exe
  C:\Windows\System\mKKmLUr.exe
  2⤵
  PID:3900
- C:\Windows\System\PYFbdFj.exe
  C:\Windows\System\PYFbdFj.exe
  2⤵
  PID:3920
- C:\Windows\System\YjtIEgc.exe
  C:\Windows\System\YjtIEgc.exe
  2⤵
  PID:3940
- C:\Windows\System\zMgkzVc.exe
  C:\Windows\System\zMgkzVc.exe
  2⤵
  PID:3960
- C:\Windows\System\VQjwbLg.exe
  C:\Windows\System\VQjwbLg.exe
  2⤵
  PID:3980
- C:\Windows\System\DZRknrJ.exe
  C:\Windows\System\DZRknrJ.exe
  2⤵
  PID:4000
- C:\Windows\System\uspwlnQ.exe
  C:\Windows\System\uspwlnQ.exe
  2⤵
  PID:4020
- C:\Windows\System\MrDmgyw.exe
  C:\Windows\System\MrDmgyw.exe
  2⤵
  PID:4040
- C:\Windows\System\ciAccgW.exe
  C:\Windows\System\ciAccgW.exe
  2⤵
  PID:4060
- C:\Windows\System\RadggJI.exe
  C:\Windows\System\RadggJI.exe
  2⤵
  PID:4080
- C:\Windows\System\LLxBMUV.exe
  C:\Windows\System\LLxBMUV.exe
  2⤵
  PID:2632
- C:\Windows\System\GnbFCcT.exe
  C:\Windows\System\GnbFCcT.exe
  2⤵
  PID:2516
- C:\Windows\System\gZDKbwx.exe
  C:\Windows\System\gZDKbwx.exe
  2⤵
  PID:2188
- C:\Windows\System\gfjSRkP.exe
  C:\Windows\System\gfjSRkP.exe
  2⤵
  PID:408
- C:\Windows\System\rAZjdYV.exe
  C:\Windows\System\rAZjdYV.exe
  2⤵
  PID:1492
- C:\Windows\System\STnMUuo.exe
  C:\Windows\System\STnMUuo.exe
  2⤵
  PID:3088
- C:\Windows\System\gculYGR.exe
  C:\Windows\System\gculYGR.exe
  2⤵
  PID:3100
- C:\Windows\System\zNPoHuj.exe
  C:\Windows\System\zNPoHuj.exe
  2⤵
  PID:3164
- C:\Windows\System\NAXZjQQ.exe
  C:\Windows\System\NAXZjQQ.exe
  2⤵
  PID:3148
- C:\Windows\System\HeQhtSU.exe
  C:\Windows\System\HeQhtSU.exe
  2⤵
  PID:3192
- C:\Windows\System\dWCOYcS.exe
  C:\Windows\System\dWCOYcS.exe
  2⤵
  PID:3248
- C:\Windows\System\ATYuxaN.exe
  C:\Windows\System\ATYuxaN.exe
  2⤵
  PID:3284
- C:\Windows\System\gbKRudm.exe
  C:\Windows\System\gbKRudm.exe
  2⤵
  PID:3324
- C:\Windows\System\ZswLUrr.exe
  C:\Windows\System\ZswLUrr.exe
  2⤵
  PID:3328
- C:\Windows\System\ixqsHWE.exe
  C:\Windows\System\ixqsHWE.exe
  2⤵
  PID:3372
- C:\Windows\System\MhpveqS.exe
  C:\Windows\System\MhpveqS.exe
  2⤵
  PID:3404
- C:\Windows\System\jQJeazB.exe
  C:\Windows\System\jQJeazB.exe
  2⤵
  PID:3424
- C:\Windows\System\DYlXUNR.exe
  C:\Windows\System\DYlXUNR.exe
  2⤵
  PID:3464
- C:\Windows\System\OZjpVSD.exe
  C:\Windows\System\OZjpVSD.exe
  2⤵
  PID:1380
- C:\Windows\System\sXzQkRS.exe
  C:\Windows\System\sXzQkRS.exe
  2⤵
  PID:3508
- C:\Windows\System\wcNuSOa.exe
  C:\Windows\System\wcNuSOa.exe
  2⤵
  PID:2084
- C:\Windows\System\bpwUKrt.exe
  C:\Windows\System\bpwUKrt.exe
  2⤵
  PID:3568
- C:\Windows\System\irTqGKM.exe
  C:\Windows\System\irTqGKM.exe
  2⤵
  PID:3588
- C:\Windows\System\YUxgxrm.exe
  C:\Windows\System\YUxgxrm.exe
  2⤵
  PID:3632
- C:\Windows\System\aUtoCnB.exe
  C:\Windows\System\aUtoCnB.exe
  2⤵
  PID:3664
- C:\Windows\System\QxfjUiZ.exe
  C:\Windows\System\QxfjUiZ.exe
  2⤵
  PID:3712
- C:\Windows\System\nYTeeum.exe
  C:\Windows\System\nYTeeum.exe
  2⤵
  PID:1732
- C:\Windows\System\AaVPvzm.exe
  C:\Windows\System\AaVPvzm.exe
  2⤵
  PID:3752
- C:\Windows\System\FMHClUX.exe
  C:\Windows\System\FMHClUX.exe
  2⤵
  PID:3796
- C:\Windows\System\VJNMwBv.exe
  C:\Windows\System\VJNMwBv.exe
  2⤵
  PID:3828
- C:\Windows\System\dfIgoVX.exe
  C:\Windows\System\dfIgoVX.exe
  2⤵
  PID:3852
- C:\Windows\System\eVfkefn.exe
  C:\Windows\System\eVfkefn.exe
  2⤵
  PID:3896
- C:\Windows\System\DYBEquL.exe
  C:\Windows\System\DYBEquL.exe
  2⤵
  PID:3936
- C:\Windows\System\YaWhQIW.exe
  C:\Windows\System\YaWhQIW.exe
  2⤵
  PID:3952
- C:\Windows\System\sjBgSSE.exe
  C:\Windows\System\sjBgSSE.exe
  2⤵
  PID:3996
- C:\Windows\System\egLyqTc.exe
  C:\Windows\System\egLyqTc.exe
  2⤵
  PID:4028
- C:\Windows\System\ygxeImw.exe
  C:\Windows\System\ygxeImw.exe
  2⤵
  PID:668
- C:\Windows\System\oPVMhxw.exe
  C:\Windows\System\oPVMhxw.exe
  2⤵
  PID:4072
- C:\Windows\System\RZvMfZS.exe
  C:\Windows\System\RZvMfZS.exe
  2⤵
  PID:2624
- C:\Windows\System\bTXlUoj.exe
  C:\Windows\System\bTXlUoj.exe
  2⤵
  PID:2888
- C:\Windows\System\awQFFkm.exe
  C:\Windows\System\awQFFkm.exe
  2⤵
  PID:2128
- C:\Windows\System\PlTZLwR.exe
  C:\Windows\System\PlTZLwR.exe
  2⤵
  PID:1652
- C:\Windows\System\hOCygYc.exe
  C:\Windows\System\hOCygYc.exe
  2⤵
  PID:3104
- C:\Windows\System\OBhCGoQ.exe
  C:\Windows\System\OBhCGoQ.exe
  2⤵
  PID:3244
- C:\Windows\System\LqyRmTL.exe
  C:\Windows\System\LqyRmTL.exe
  2⤵
  PID:3252
- C:\Windows\System\hHYJqAd.exe
  C:\Windows\System\hHYJqAd.exe
  2⤵
  PID:3272
- C:\Windows\System\EkezCiE.exe
  C:\Windows\System\EkezCiE.exe
  2⤵
  PID:3308
- C:\Windows\System\kcFxQSV.exe
  C:\Windows\System\kcFxQSV.exe
  2⤵
  PID:3392
- C:\Windows\System\YaFJMjf.exe
  C:\Windows\System\YaFJMjf.exe
  2⤵
  PID:3492
- C:\Windows\System\HvPlGKC.exe
  C:\Windows\System\HvPlGKC.exe
  2⤵
  PID:3524
- C:\Windows\System\zeiRPIs.exe
  C:\Windows\System\zeiRPIs.exe
  2⤵
  PID:2132
- C:\Windows\System\lECgLZO.exe
  C:\Windows\System\lECgLZO.exe
  2⤵
  PID:3564
- C:\Windows\System\dDoRBXB.exe
  C:\Windows\System\dDoRBXB.exe
  2⤵
  PID:3648
- C:\Windows\System\mHcQGmw.exe
  C:\Windows\System\mHcQGmw.exe
  2⤵
  PID:3688
- C:\Windows\System\HDWssdR.exe
  C:\Windows\System\HDWssdR.exe
  2⤵
  PID:3756
- C:\Windows\System\eUDJSht.exe
  C:\Windows\System\eUDJSht.exe
  2⤵
  PID:3808
- C:\Windows\System\OYxtqor.exe
  C:\Windows\System\OYxtqor.exe
  2⤵
  PID:3848
- C:\Windows\System\wfLxQVT.exe
  C:\Windows\System\wfLxQVT.exe
  2⤵
  PID:3872
- C:\Windows\System\dvdgeXb.exe
  C:\Windows\System\dvdgeXb.exe
  2⤵
  PID:3956
- C:\Windows\System\ssLngXF.exe
  C:\Windows\System\ssLngXF.exe
  2⤵
  PID:4016
- C:\Windows\System\LnzciSU.exe
  C:\Windows\System\LnzciSU.exe
  2⤵
  PID:4068
- C:\Windows\System\aigktht.exe
  C:\Windows\System\aigktht.exe
  2⤵
  PID:3732
- C:\Windows\System\TyrPdGC.exe
  C:\Windows\System\TyrPdGC.exe
  2⤵
  PID:2668
- C:\Windows\System\TfZUPUc.exe
  C:\Windows\System\TfZUPUc.exe
  2⤵
  PID:3132
- C:\Windows\System\fjmsBAS.exe
  C:\Windows\System\fjmsBAS.exe
  2⤵
  PID:3204
- C:\Windows\System\VJPlrbr.exe
  C:\Windows\System\VJPlrbr.exe
  2⤵
  PID:3304
- C:\Windows\System\xbxVaYB.exe
  C:\Windows\System\xbxVaYB.exe
  2⤵
  PID:3388
- C:\Windows\System\ulPDWBx.exe
  C:\Windows\System\ulPDWBx.exe
  2⤵
  PID:3452
- C:\Windows\System\DtoREvC.exe
  C:\Windows\System\DtoREvC.exe
  2⤵
  PID:3504
- C:\Windows\System\VmhEpNM.exe
  C:\Windows\System\VmhEpNM.exe
  2⤵
  PID:3612
- C:\Windows\System\WjBRCAJ.exe
  C:\Windows\System\WjBRCAJ.exe
  2⤵
  PID:3776
- C:\Windows\System\aMbhlAj.exe
  C:\Windows\System\aMbhlAj.exe
  2⤵
  PID:3816
- C:\Windows\System\LSbwpYH.exe
  C:\Windows\System\LSbwpYH.exe
  2⤵
  PID:3932
- C:\Windows\System\YxlmTEN.exe
  C:\Windows\System\YxlmTEN.exe
  2⤵
  PID:3976
- C:\Windows\System\MEkkbgn.exe
  C:\Windows\System\MEkkbgn.exe
  2⤵
  PID:1956
- C:\Windows\System\PShddVi.exe
  C:\Windows\System\PShddVi.exe
  2⤵
  PID:1976
- C:\Windows\System\pHKCRwY.exe
  C:\Windows\System\pHKCRwY.exe
  2⤵
  PID:1076
- C:\Windows\System\MafZQsf.exe
  C:\Windows\System\MafZQsf.exe
  2⤵
  PID:3288
- C:\Windows\System\IqqJwUK.exe
  C:\Windows\System\IqqJwUK.exe
  2⤵
  PID:3472
- C:\Windows\System\FBVhJqv.exe
  C:\Windows\System\FBVhJqv.exe
  2⤵
  PID:3468
- C:\Windows\System\fKpndAp.exe
  C:\Windows\System\fKpndAp.exe
  2⤵
  PID:3708
- C:\Windows\System\oLkULXn.exe
  C:\Windows\System\oLkULXn.exe
  2⤵
  PID:3668
- C:\Windows\System\NcgxOSz.exe
  C:\Windows\System\NcgxOSz.exe
  2⤵
  PID:3916
- C:\Windows\System\QYWvTTF.exe
  C:\Windows\System\QYWvTTF.exe
  2⤵
  PID:4092
- C:\Windows\System\NPjjUpU.exe
  C:\Windows\System\NPjjUpU.exe
  2⤵
  PID:3152
- C:\Windows\System\UXCxeEt.exe
  C:\Windows\System\UXCxeEt.exe
  2⤵
  PID:3352
- C:\Windows\System\yuZGYut.exe
  C:\Windows\System\yuZGYut.exe
  2⤵
  PID:4116
- C:\Windows\System\BkbfZJq.exe
  C:\Windows\System\BkbfZJq.exe
  2⤵
  PID:4136
- C:\Windows\System\KxISpgd.exe
  C:\Windows\System\KxISpgd.exe
  2⤵
  PID:4160
- C:\Windows\System\wtfyUMJ.exe
  C:\Windows\System\wtfyUMJ.exe
  2⤵
  PID:4180
- C:\Windows\System\GuARuOu.exe
  C:\Windows\System\GuARuOu.exe
  2⤵
  PID:4200
- C:\Windows\System\PzVNljJ.exe
  C:\Windows\System\PzVNljJ.exe
  2⤵
  PID:4220
- C:\Windows\System\VyDCEjq.exe
  C:\Windows\System\VyDCEjq.exe
  2⤵
  PID:4240
- C:\Windows\System\gFVPIJF.exe
  C:\Windows\System\gFVPIJF.exe
  2⤵
  PID:4260
- C:\Windows\System\hHLYHog.exe
  C:\Windows\System\hHLYHog.exe
  2⤵
  PID:4280
- C:\Windows\System\UWBfmar.exe
  C:\Windows\System\UWBfmar.exe
  2⤵
  PID:4300
- C:\Windows\System\OShmEmz.exe
  C:\Windows\System\OShmEmz.exe
  2⤵
  PID:4320
- C:\Windows\System\bflQXMp.exe
  C:\Windows\System\bflQXMp.exe
  2⤵
  PID:4340
- C:\Windows\System\oKgAdbj.exe
  C:\Windows\System\oKgAdbj.exe
  2⤵
  PID:4360
- C:\Windows\System\FSvbpxQ.exe
  C:\Windows\System\FSvbpxQ.exe
  2⤵
  PID:4380
- C:\Windows\System\EyxqCPA.exe
  C:\Windows\System\EyxqCPA.exe
  2⤵
  PID:4400
- C:\Windows\System\XEZjbXz.exe
  C:\Windows\System\XEZjbXz.exe
  2⤵
  PID:4420
- C:\Windows\System\uOAPmLe.exe
  C:\Windows\System\uOAPmLe.exe
  2⤵
  PID:4440
- C:\Windows\System\gQXERcw.exe
  C:\Windows\System\gQXERcw.exe
  2⤵
  PID:4460
- C:\Windows\System\ZagQxkn.exe
  C:\Windows\System\ZagQxkn.exe
  2⤵
  PID:4480
- C:\Windows\System\bdREgPs.exe
  C:\Windows\System\bdREgPs.exe
  2⤵
  PID:4500
- C:\Windows\System\gDGQsJV.exe
  C:\Windows\System\gDGQsJV.exe
  2⤵
  PID:4520
- C:\Windows\System\htRjOOn.exe
  C:\Windows\System\htRjOOn.exe
  2⤵
  PID:4540
- C:\Windows\System\xJdFiNx.exe
  C:\Windows\System\xJdFiNx.exe
  2⤵
  PID:4560
- C:\Windows\System\GNnUYWy.exe
  C:\Windows\System\GNnUYWy.exe
  2⤵
  PID:4580
- C:\Windows\System\kBqcxBL.exe
  C:\Windows\System\kBqcxBL.exe
  2⤵
  PID:4600
- C:\Windows\System\BMUrQnh.exe
  C:\Windows\System\BMUrQnh.exe
  2⤵
  PID:4620
- C:\Windows\System\cqDhTjN.exe
  C:\Windows\System\cqDhTjN.exe
  2⤵
  PID:4640
- C:\Windows\System\LUAFqYh.exe
  C:\Windows\System\LUAFqYh.exe
  2⤵
  PID:4660
- C:\Windows\System\EegzYKW.exe
  C:\Windows\System\EegzYKW.exe
  2⤵
  PID:4680
- C:\Windows\System\WpYIshC.exe
  C:\Windows\System\WpYIshC.exe
  2⤵
  PID:4700
- C:\Windows\System\JazHSkY.exe
  C:\Windows\System\JazHSkY.exe
  2⤵
  PID:4720
- C:\Windows\System\rUQDfbP.exe
  C:\Windows\System\rUQDfbP.exe
  2⤵
  PID:4740
- C:\Windows\System\TvvnmBU.exe
  C:\Windows\System\TvvnmBU.exe
  2⤵
  PID:4760
- C:\Windows\System\ZGWpaVO.exe
  C:\Windows\System\ZGWpaVO.exe
  2⤵
  PID:4780
- C:\Windows\System\vhskIPf.exe
  C:\Windows\System\vhskIPf.exe
  2⤵
  PID:4800
- C:\Windows\System\eZwWUQR.exe
  C:\Windows\System\eZwWUQR.exe
  2⤵
  PID:4820
- C:\Windows\System\QgILLTS.exe
  C:\Windows\System\QgILLTS.exe
  2⤵
  PID:4844
- C:\Windows\System\zzQDmWj.exe
  C:\Windows\System\zzQDmWj.exe
  2⤵
  PID:4864
- C:\Windows\System\kMmEDCj.exe
  C:\Windows\System\kMmEDCj.exe
  2⤵
  PID:4884
- C:\Windows\System\SNEgkio.exe
  C:\Windows\System\SNEgkio.exe
  2⤵
  PID:4904
- C:\Windows\System\dWhffGU.exe
  C:\Windows\System\dWhffGU.exe
  2⤵
  PID:4924
- C:\Windows\System\xrrLhzs.exe
  C:\Windows\System\xrrLhzs.exe
  2⤵
  PID:4944
- C:\Windows\System\ZbYMrDJ.exe
  C:\Windows\System\ZbYMrDJ.exe
  2⤵
  PID:4964
- C:\Windows\System\RpNIfWC.exe
  C:\Windows\System\RpNIfWC.exe
  2⤵
  PID:4984
- C:\Windows\System\GzAGXrF.exe
  C:\Windows\System\GzAGXrF.exe
  2⤵
  PID:5004
- C:\Windows\System\nPyIDIG.exe
  C:\Windows\System\nPyIDIG.exe
  2⤵
  PID:5024
- C:\Windows\System\XohLaCM.exe
  C:\Windows\System\XohLaCM.exe
  2⤵
  PID:5044
- C:\Windows\System\uYrlbzx.exe
  C:\Windows\System\uYrlbzx.exe
  2⤵
  PID:5064
- C:\Windows\System\CqoSNAD.exe
  C:\Windows\System\CqoSNAD.exe
  2⤵
  PID:5084
- C:\Windows\System\xOYCtSu.exe
  C:\Windows\System\xOYCtSu.exe
  2⤵
  PID:5104
- C:\Windows\System\MUDQXux.exe
  C:\Windows\System\MUDQXux.exe
  2⤵
  PID:3448
- C:\Windows\System\rODaUqW.exe
  C:\Windows\System\rODaUqW.exe
  2⤵
  PID:3972
- C:\Windows\System\TnoGIdv.exe
  C:\Windows\System\TnoGIdv.exe
  2⤵
  PID:2644
- C:\Windows\System\IYXZOiA.exe
  C:\Windows\System\IYXZOiA.exe
  2⤵
  PID:4032
- C:\Windows\System\IUfuXfm.exe
  C:\Windows\System\IUfuXfm.exe
  2⤵
  PID:3348
- C:\Windows\System\WYSQQiJ.exe
  C:\Windows\System\WYSQQiJ.exe
  2⤵
  PID:4124
- C:\Windows\System\ebGnxQd.exe
  C:\Windows\System\ebGnxQd.exe
  2⤵
  PID:4152
- C:\Windows\System\rUvjKTg.exe
  C:\Windows\System\rUvjKTg.exe
  2⤵
  PID:4196
- C:\Windows\System\LFsugzB.exe
  C:\Windows\System\LFsugzB.exe
  2⤵
  PID:4236
- C:\Windows\System\ZrQUdhO.exe
  C:\Windows\System\ZrQUdhO.exe
  2⤵
  PID:4268
- C:\Windows\System\BJfBfhr.exe
  C:\Windows\System\BJfBfhr.exe
  2⤵
  PID:4308
- C:\Windows\System\WdcYuXx.exe
  C:\Windows\System\WdcYuXx.exe
  2⤵
  PID:4312
- C:\Windows\System\cQkuAgt.exe
  C:\Windows\System\cQkuAgt.exe
  2⤵
  PID:4332
- C:\Windows\System\VqEmzIT.exe
  C:\Windows\System\VqEmzIT.exe
  2⤵
  PID:4368
- C:\Windows\System\WgoUipv.exe
  C:\Windows\System\WgoUipv.exe
  2⤵
  PID:4436
- C:\Windows\System\CLYlErZ.exe
  C:\Windows\System\CLYlErZ.exe
  2⤵
  PID:4476
- C:\Windows\System\sqPmich.exe
  C:\Windows\System\sqPmich.exe
  2⤵
  PID:4148
- C:\Windows\System\sEdkziS.exe
  C:\Windows\System\sEdkziS.exe
  2⤵
  PID:4516
- C:\Windows\System\aKGgxip.exe
  C:\Windows\System\aKGgxip.exe
  2⤵
  PID:4556
- C:\Windows\System\JwQzLca.exe
  C:\Windows\System\JwQzLca.exe
  2⤵
  PID:4588
- C:\Windows\System\fKVdKfR.exe
  C:\Windows\System\fKVdKfR.exe
  2⤵
  PID:4616
- C:\Windows\System\lQgvAfZ.exe
  C:\Windows\System\lQgvAfZ.exe
  2⤵
  PID:4648
- C:\Windows\System\gXiBbFj.exe
  C:\Windows\System\gXiBbFj.exe
  2⤵
  PID:4676
- C:\Windows\System\TZOiEOi.exe
  C:\Windows\System\TZOiEOi.exe
  2⤵
  PID:4716
- C:\Windows\System\ElcIuXA.exe
  C:\Windows\System\ElcIuXA.exe
  2⤵
  PID:4748
- C:\Windows\System\HaNjEjg.exe
  C:\Windows\System\HaNjEjg.exe
  2⤵
  PID:4796
- C:\Windows\System\YqxbqpI.exe
  C:\Windows\System\YqxbqpI.exe
  2⤵
  PID:4812
- C:\Windows\System\zAaBZdd.exe
  C:\Windows\System\zAaBZdd.exe
  2⤵
  PID:4856
- C:\Windows\System\bijJbUS.exe
  C:\Windows\System\bijJbUS.exe
  2⤵
  PID:4900
- C:\Windows\System\ksVzFMH.exe
  C:\Windows\System\ksVzFMH.exe
  2⤵
  PID:2740
- C:\Windows\System\mfoPRam.exe
  C:\Windows\System\mfoPRam.exe
  2⤵
  PID:4972
- C:\Windows\System\FOtSJkl.exe
  C:\Windows\System\FOtSJkl.exe
  2⤵
  PID:5012
- C:\Windows\System\okIVeXN.exe
  C:\Windows\System\okIVeXN.exe
  2⤵
  PID:1096
- C:\Windows\System\bLIWgLy.exe
  C:\Windows\System\bLIWgLy.exe
  2⤵
  PID:5080
- C:\Windows\System\bFdGiaZ.exe
  C:\Windows\System\bFdGiaZ.exe
  2⤵
  PID:5100
- C:\Windows\System\OuPOYuV.exe
  C:\Windows\System\OuPOYuV.exe
  2⤵
  PID:3592
- C:\Windows\System\EWVtGgT.exe
  C:\Windows\System\EWVtGgT.exe
  2⤵
  PID:3144
- C:\Windows\System\tEZofNd.exe
  C:\Windows\System\tEZofNd.exe
  2⤵
  PID:4104
- C:\Windows\System\eimyBhL.exe
  C:\Windows\System\eimyBhL.exe
  2⤵
  PID:4144
- C:\Windows\System\Xptcmnq.exe
  C:\Windows\System\Xptcmnq.exe
  2⤵
  PID:4216
- C:\Windows\System\XqQezZx.exe
  C:\Windows\System\XqQezZx.exe
  2⤵
  PID:4212
- C:\Windows\System\tUzwxTP.exe
  C:\Windows\System\tUzwxTP.exe
  2⤵
  PID:4252
- C:\Windows\System\icsDzzA.exe
  C:\Windows\System\icsDzzA.exe
  2⤵
  PID:4292
- C:\Windows\System\aOWNOuC.exe
  C:\Windows\System\aOWNOuC.exe
  2⤵
  PID:4428
- C:\Windows\System\GQJQeNT.exe
  C:\Windows\System\GQJQeNT.exe
  2⤵
  PID:4468
- C:\Windows\System\mkoTEaX.exe
  C:\Windows\System\mkoTEaX.exe
  2⤵
  PID:4508
- C:\Windows\System\mgzrgfG.exe
  C:\Windows\System\mgzrgfG.exe
  2⤵
  PID:4592
- C:\Windows\System\NiUhoRj.exe
  C:\Windows\System\NiUhoRj.exe
  2⤵
  PID:4568
- C:\Windows\System\HXjgfPg.exe
  C:\Windows\System\HXjgfPg.exe
  2⤵
  PID:4632
- C:\Windows\System\NJjRzsL.exe
  C:\Windows\System\NJjRzsL.exe
  2⤵
  PID:4708
- C:\Windows\System\BnlBzut.exe
  C:\Windows\System\BnlBzut.exe
  2⤵
  PID:4776
- C:\Windows\System\wehsoej.exe
  C:\Windows\System\wehsoej.exe
  2⤵
  PID:4880
- C:\Windows\System\KsqeJyZ.exe
  C:\Windows\System\KsqeJyZ.exe
  2⤵
  PID:4852
- C:\Windows\System\xMjJONI.exe
  C:\Windows\System\xMjJONI.exe
  2⤵
  PID:4960
- C:\Windows\System\VqwNBYU.exe
  C:\Windows\System\VqwNBYU.exe
  2⤵
  PID:4976
- C:\Windows\System\YuyxFiL.exe
  C:\Windows\System\YuyxFiL.exe
  2⤵
  PID:5060
- C:\Windows\System\vsRiFYp.exe
  C:\Windows\System\vsRiFYp.exe
  2⤵
  PID:5056
- C:\Windows\System\dvoqaiJ.exe
  C:\Windows\System\dvoqaiJ.exe
  2⤵
  PID:3384
- C:\Windows\System\csGzQbJ.exe
  C:\Windows\System\csGzQbJ.exe
  2⤵
  PID:4156
- C:\Windows\System\CtZqNlM.exe
  C:\Windows\System\CtZqNlM.exe
  2⤵
  PID:4836
- C:\Windows\System\slbMWhI.exe
  C:\Windows\System\slbMWhI.exe
  2⤵
  PID:4176
- C:\Windows\System\HrxLuOk.exe
  C:\Windows\System\HrxLuOk.exe
  2⤵
  PID:2788
- C:\Windows\System\axmJMDr.exe
  C:\Windows\System\axmJMDr.exe
  2⤵
  PID:4296
- C:\Windows\System\lJCtMEt.exe
  C:\Windows\System\lJCtMEt.exe
  2⤵
  PID:4388
- C:\Windows\System\YrfRKBQ.exe
  C:\Windows\System\YrfRKBQ.exe
  2⤵
  PID:2896
- C:\Windows\System\BhTeDrm.exe
  C:\Windows\System\BhTeDrm.exe
  2⤵
  PID:4472
- C:\Windows\System\qFlXcWv.exe
  C:\Windows\System\qFlXcWv.exe
  2⤵
  PID:4576
- C:\Windows\System\ozDqLlV.exe
  C:\Windows\System\ozDqLlV.exe
  2⤵
  PID:4628
- C:\Windows\System\TMruDKT.exe
  C:\Windows\System\TMruDKT.exe
  2⤵
  PID:4728
- C:\Windows\System\SjUIJbB.exe
  C:\Windows\System\SjUIJbB.exe
  2⤵
  PID:4808
- C:\Windows\System\VYhJUiq.exe
  C:\Windows\System\VYhJUiq.exe
  2⤵
  PID:4920
- C:\Windows\System\NtvjFXc.exe
  C:\Windows\System\NtvjFXc.exe
  2⤵
  PID:3000
- C:\Windows\System\JDfqvdE.exe
  C:\Windows\System\JDfqvdE.exe
  2⤵
  PID:4992
- C:\Windows\System\CuVHVAk.exe
  C:\Windows\System\CuVHVAk.exe
  2⤵
  PID:2236
- C:\Windows\System\NMwDmNH.exe
  C:\Windows\System\NMwDmNH.exe
  2⤵
  PID:3652
- C:\Windows\System\OqSBvOW.exe
  C:\Windows\System\OqSBvOW.exe
  2⤵
  PID:2680
- C:\Windows\System\jDeFHHe.exe
  C:\Windows\System\jDeFHHe.exe
  2⤵
  PID:2292
- C:\Windows\System\QkKVVnG.exe
  C:\Windows\System\QkKVVnG.exe
  2⤵
  PID:896
- C:\Windows\System\PjFakGn.exe
  C:\Windows\System\PjFakGn.exe
  2⤵
  PID:4668
- C:\Windows\System\INSiONU.exe
  C:\Windows\System\INSiONU.exe
  2⤵
  PID:3040
- C:\Windows\System\dTKyXJA.exe
  C:\Windows\System\dTKyXJA.exe
  2⤵
  PID:2600
- C:\Windows\System\toVxhXi.exe
  C:\Windows\System\toVxhXi.exe
  2⤵
  PID:4452
- C:\Windows\System\nEJSnlM.exe
  C:\Windows\System\nEJSnlM.exe
  2⤵
  PID:2352
- C:\Windows\System\axiLlgh.exe
  C:\Windows\System\axiLlgh.exe
  2⤵
  PID:2884
- C:\Windows\System\VAFnCPD.exe
  C:\Windows\System\VAFnCPD.exe
  2⤵
  PID:2008
- C:\Windows\System\FjgNuPG.exe
  C:\Windows\System\FjgNuPG.exe
  2⤵
  PID:1112
- C:\Windows\System\uTcHXUn.exe
  C:\Windows\System\uTcHXUn.exe
  2⤵
  PID:236
- C:\Windows\System\COMfSJC.exe
  C:\Windows\System\COMfSJC.exe
  2⤵
  PID:2520
- C:\Windows\System\RbLQRzT.exe
  C:\Windows\System\RbLQRzT.exe
  2⤵
  PID:2160
- C:\Windows\System\ETTJAbD.exe
  C:\Windows\System\ETTJAbD.exe
  2⤵
  PID:2504
- C:\Windows\System\oZrxleK.exe
  C:\Windows\System\oZrxleK.exe
  2⤵
  PID:4112
- C:\Windows\System\jyFQNXQ.exe
  C:\Windows\System\jyFQNXQ.exe
  2⤵
  PID:5116
- C:\Windows\System\aBmDLpx.exe
  C:\Windows\System\aBmDLpx.exe
  2⤵
  PID:4336
- C:\Windows\System\rBkDIDg.exe
  C:\Windows\System\rBkDIDg.exe
  2⤵
  PID:4536
- C:\Windows\System\BPMgIvB.exe
  C:\Windows\System\BPMgIvB.exe
  2⤵
  PID:4736
- C:\Windows\System\YHUnjMO.exe
  C:\Windows\System\YHUnjMO.exe
  2⤵
  PID:4036
- C:\Windows\System\cvYvbQF.exe
  C:\Windows\System\cvYvbQF.exe
  2⤵
  PID:1568
- C:\Windows\System\MsZfvjQ.exe
  C:\Windows\System\MsZfvjQ.exe
  2⤵
  PID:4456
- C:\Windows\System\nmtSsOs.exe
  C:\Windows\System\nmtSsOs.exe
  2⤵
  PID:2880
- C:\Windows\System\JfSqFpQ.exe
  C:\Windows\System\JfSqFpQ.exe
  2⤵
  PID:2116
- C:\Windows\System\ncXcrjU.exe
  C:\Windows\System\ncXcrjU.exe
  2⤵
  PID:5128
- C:\Windows\System\HebMOnR.exe
  C:\Windows\System\HebMOnR.exe
  2⤵
  PID:5148
- C:\Windows\System\bLtpNIx.exe
  C:\Windows\System\bLtpNIx.exe
  2⤵
  PID:5168
- C:\Windows\System\xxAAPLe.exe
  C:\Windows\System\xxAAPLe.exe
  2⤵
  PID:5188
- C:\Windows\System\sTRQnWW.exe
  C:\Windows\System\sTRQnWW.exe
  2⤵
  PID:5208
- C:\Windows\System\yWrzrRc.exe
  C:\Windows\System\yWrzrRc.exe
  2⤵
  PID:5228
- C:\Windows\System\JpacadZ.exe
  C:\Windows\System\JpacadZ.exe
  2⤵
  PID:5248
- C:\Windows\System\ofckRmx.exe
  C:\Windows\System\ofckRmx.exe
  2⤵
  PID:5268
- C:\Windows\System\UcMUMfB.exe
  C:\Windows\System\UcMUMfB.exe
  2⤵
  PID:5288
- C:\Windows\System\dFwkKDR.exe
  C:\Windows\System\dFwkKDR.exe
  2⤵
  PID:5304
- C:\Windows\System\zpPVPyA.exe
  C:\Windows\System\zpPVPyA.exe
  2⤵
  PID:5324
- C:\Windows\System\doHcmNc.exe
  C:\Windows\System\doHcmNc.exe
  2⤵
  PID:5344
- C:\Windows\System\KgBFGVk.exe
  C:\Windows\System\KgBFGVk.exe
  2⤵
  PID:5364
- C:\Windows\System\QKDMoMF.exe
  C:\Windows\System\QKDMoMF.exe
  2⤵
  PID:5384
- C:\Windows\System\SlPaKic.exe
  C:\Windows\System\SlPaKic.exe
  2⤵
  PID:5408
- C:\Windows\System\ohFWfhs.exe
  C:\Windows\System\ohFWfhs.exe
  2⤵
  PID:5424
- C:\Windows\System\QJdsfmb.exe
  C:\Windows\System\QJdsfmb.exe
  2⤵
  PID:5440
- C:\Windows\System\mACHKmK.exe
  C:\Windows\System\mACHKmK.exe
  2⤵
  PID:5456
- C:\Windows\System\TumbDZV.exe
  C:\Windows\System\TumbDZV.exe
  2⤵
  PID:5476
- C:\Windows\System\YOjFviu.exe
  C:\Windows\System\YOjFviu.exe
  2⤵
  PID:5496
- C:\Windows\System\rECoVPe.exe
  C:\Windows\System\rECoVPe.exe
  2⤵
  PID:5512
- C:\Windows\System\rvUMDik.exe
  C:\Windows\System\rvUMDik.exe
  2⤵
  PID:5528
- C:\Windows\System\TUMPLbM.exe
  C:\Windows\System\TUMPLbM.exe
  2⤵
  PID:5548
- C:\Windows\System\HXwqMAk.exe
  C:\Windows\System\HXwqMAk.exe
  2⤵
  PID:5568
- C:\Windows\System\CJknZkx.exe
  C:\Windows\System\CJknZkx.exe
  2⤵
  PID:5584
- C:\Windows\System\WSuTVgA.exe
  C:\Windows\System\WSuTVgA.exe
  2⤵
  PID:5600
- C:\Windows\System\fLnUNLM.exe
  C:\Windows\System\fLnUNLM.exe
  2⤵
  PID:5616
- C:\Windows\System\iffMueE.exe
  C:\Windows\System\iffMueE.exe
  2⤵
  PID:5632
- C:\Windows\System\WBrDdLY.exe
  C:\Windows\System\WBrDdLY.exe
  2⤵
  PID:5680
- C:\Windows\System\hrVsBNK.exe
  C:\Windows\System\hrVsBNK.exe
  2⤵
  PID:5696
- C:\Windows\System\CpkbKba.exe
  C:\Windows\System\CpkbKba.exe
  2⤵
  PID:5724
- C:\Windows\System\zSURhua.exe
  C:\Windows\System\zSURhua.exe
  2⤵
  PID:5740
- C:\Windows\System\eafISNw.exe
  C:\Windows\System\eafISNw.exe
  2⤵
  PID:5768
- C:\Windows\System\Jhutzpi.exe
  C:\Windows\System\Jhutzpi.exe
  2⤵
  PID:5784
- C:\Windows\System\EpkpeCg.exe
  C:\Windows\System\EpkpeCg.exe
  2⤵
  PID:5804
- C:\Windows\System\UzULQck.exe
  C:\Windows\System\UzULQck.exe
  2⤵
  PID:5820
- C:\Windows\System\VeuCwsA.exe
  C:\Windows\System\VeuCwsA.exe
  2⤵
  PID:5836
- C:\Windows\System\RHUBUvd.exe
  C:\Windows\System\RHUBUvd.exe
  2⤵
  PID:5852
- C:\Windows\System\KGmJzdC.exe
  C:\Windows\System\KGmJzdC.exe
  2⤵
  PID:5872
- C:\Windows\System\ungwgDC.exe
  C:\Windows\System\ungwgDC.exe
  2⤵
  PID:5888
- C:\Windows\System\bEeGJLa.exe
  C:\Windows\System\bEeGJLa.exe
  2⤵
  PID:5904
- C:\Windows\System\lfDEkPL.exe
  C:\Windows\System\lfDEkPL.exe
  2⤵
  PID:5944
- C:\Windows\System\MabqrhB.exe
  C:\Windows\System\MabqrhB.exe
  2⤵
  PID:5968
- C:\Windows\System\zAiaHkr.exe
  C:\Windows\System\zAiaHkr.exe
  2⤵
  PID:5984
- C:\Windows\System\hVwUBgE.exe
  C:\Windows\System\hVwUBgE.exe
  2⤵
  PID:6008
- C:\Windows\System\rPueWFq.exe
  C:\Windows\System\rPueWFq.exe
  2⤵
  PID:6024
- C:\Windows\System\FFCaLua.exe
  C:\Windows\System\FFCaLua.exe
  2⤵
  PID:6040
- C:\Windows\System\SyJbdWZ.exe
  C:\Windows\System\SyJbdWZ.exe
  2⤵
  PID:6060
- C:\Windows\System\AdqgxIZ.exe
  C:\Windows\System\AdqgxIZ.exe
  2⤵
  PID:6080
- C:\Windows\System\AzXHPOV.exe
  C:\Windows\System\AzXHPOV.exe
  2⤵
  PID:6096
- C:\Windows\System\aoeOAyZ.exe
  C:\Windows\System\aoeOAyZ.exe
  2⤵
  PID:6112
- C:\Windows\System\GNcwqRE.exe
  C:\Windows\System\GNcwqRE.exe
  2⤵
  PID:6128
- C:\Windows\System\siNJkNX.exe
  C:\Windows\System\siNJkNX.exe
  2⤵
  PID:2652
- C:\Windows\System\tHjenGG.exe
  C:\Windows\System\tHjenGG.exe
  2⤵
  PID:4916
- C:\Windows\System\ZCqvbgj.exe
  C:\Windows\System\ZCqvbgj.exe
  2⤵
  PID:5196
- C:\Windows\System\iFfUKsd.exe
  C:\Windows\System\iFfUKsd.exe
  2⤵
  PID:5220
- C:\Windows\System\eVfMBXT.exe
  C:\Windows\System\eVfMBXT.exe
  2⤵
  PID:5256
- C:\Windows\System\mNzVEPP.exe
  C:\Windows\System\mNzVEPP.exe
  2⤵
  PID:5036
- C:\Windows\System\Okoedvh.exe
  C:\Windows\System\Okoedvh.exe
  2⤵
  PID:5260
- C:\Windows\System\nGFDERf.exe
  C:\Windows\System\nGFDERf.exe
  2⤵
  PID:5312
- C:\Windows\System\shLGBbe.exe
  C:\Windows\System\shLGBbe.exe
  2⤵
  PID:5356
- C:\Windows\System\uSPjYfq.exe
  C:\Windows\System\uSPjYfq.exe
  2⤵
  PID:5380
- C:\Windows\System\QhqyDQQ.exe
  C:\Windows\System\QhqyDQQ.exe
  2⤵
  PID:5396
- C:\Windows\System\nAMHcNQ.exe
  C:\Windows\System\nAMHcNQ.exe
  2⤵
  PID:5484
- C:\Windows\System\rFHCEHJ.exe
  C:\Windows\System\rFHCEHJ.exe
  2⤵
  PID:5468
- C:\Windows\System\PFZWyfE.exe
  C:\Windows\System\PFZWyfE.exe
  2⤵
  PID:5508
- C:\Windows\System\TEbiDRo.exe
  C:\Windows\System\TEbiDRo.exe
  2⤵
  PID:5580
- C:\Windows\System\JXobfUt.exe
  C:\Windows\System\JXobfUt.exe
  2⤵
  PID:5652
- C:\Windows\System\MYBkLEp.exe
  C:\Windows\System\MYBkLEp.exe
  2⤵
  PID:5676
- C:\Windows\System\NqlBrsy.exe
  C:\Windows\System\NqlBrsy.exe
  2⤵
  PID:5564
- C:\Windows\System\IXtvrjS.exe
  C:\Windows\System\IXtvrjS.exe
  2⤵
  PID:5628
- C:\Windows\System\tBdzMYV.exe
  C:\Windows\System\tBdzMYV.exe
  2⤵
  PID:5708
- C:\Windows\System\uSQvVwX.exe
  C:\Windows\System\uSQvVwX.exe
  2⤵
  PID:5748
- C:\Windows\System\eKTmtWh.exe
  C:\Windows\System\eKTmtWh.exe
  2⤵
  PID:5732
- C:\Windows\System\XKKXKxR.exe
  C:\Windows\System\XKKXKxR.exe
  2⤵
  PID:5792
- C:\Windows\System\eIvmBFl.exe
  C:\Windows\System\eIvmBFl.exe
  2⤵
  PID:5860
- C:\Windows\System\XNnzqqh.exe
  C:\Windows\System\XNnzqqh.exe
  2⤵
  PID:5900
- C:\Windows\System\MqJqMgX.exe
  C:\Windows\System\MqJqMgX.exe
  2⤵
  PID:5780
- C:\Windows\System\ncPecji.exe
  C:\Windows\System\ncPecji.exe
  2⤵
  PID:5912
- C:\Windows\System\PkhmiOX.exe
  C:\Windows\System\PkhmiOX.exe
  2⤵
  PID:5960
- C:\Windows\System\HgwpTvt.exe
  C:\Windows\System\HgwpTvt.exe
  2⤵
  PID:6020
- C:\Windows\System\mDVqaFq.exe
  C:\Windows\System\mDVqaFq.exe
  2⤵
  PID:6092
- C:\Windows\System\pDLHjfY.exe
  C:\Windows\System\pDLHjfY.exe
  2⤵
  PID:6004
- C:\Windows\System\xcFGZaw.exe
  C:\Windows\System\xcFGZaw.exe
  2⤵
  PID:544
- C:\Windows\System\JJWgEAy.exe
  C:\Windows\System\JJWgEAy.exe
  2⤵
  PID:6108
- C:\Windows\System\YmbMrlO.exe
  C:\Windows\System\YmbMrlO.exe
  2⤵
  PID:5140
- C:\Windows\System\jaxWwbj.exe
  C:\Windows\System\jaxWwbj.exe
  2⤵
  PID:2252
- C:\Windows\System\AOiHYCm.exe
  C:\Windows\System\AOiHYCm.exe
  2⤵
  PID:5244
- C:\Windows\System\YOamnkN.exe
  C:\Windows\System\YOamnkN.exe
  2⤵
  PID:5264
- C:\Windows\System\PIjHVQi.exe
  C:\Windows\System\PIjHVQi.exe
  2⤵
  PID:5316
- C:\Windows\System\UrZRxCj.exe
  C:\Windows\System\UrZRxCj.exe
  2⤵
  PID:5216
- C:\Windows\System\DnpBKdq.exe
  C:\Windows\System\DnpBKdq.exe
  2⤵
  PID:4768
- C:\Windows\System\KDeLtXr.exe
  C:\Windows\System\KDeLtXr.exe
  2⤵
  PID:5464
- C:\Windows\System\ZiAuNzJ.exe
  C:\Windows\System\ZiAuNzJ.exe
  2⤵
  PID:5448
- C:\Windows\System\nTkKzcp.exe
  C:\Windows\System\nTkKzcp.exe
  2⤵
  PID:5756
- C:\Windows\System\BScBAtC.exe
  C:\Windows\System\BScBAtC.exe
  2⤵
  PID:5720
- C:\Windows\System\GayOwMZ.exe
  C:\Windows\System\GayOwMZ.exe
  2⤵
  PID:5612
- C:\Windows\System\DwoMJaN.exe
  C:\Windows\System\DwoMJaN.exe
  2⤵
  PID:5560
- C:\Windows\System\hrnqOAh.exe
  C:\Windows\System\hrnqOAh.exe
  2⤵
  PID:5932
- C:\Windows\System\IwLGJAv.exe
  C:\Windows\System\IwLGJAv.exe
  2⤵
  PID:5704
- C:\Windows\System\UdUYhau.exe
  C:\Windows\System\UdUYhau.exe
  2⤵
  PID:5688
- C:\Windows\System\AuRKhVO.exe
  C:\Windows\System\AuRKhVO.exe
  2⤵
  PID:5952
- C:\Windows\System\cNSCIRF.exe
  C:\Windows\System\cNSCIRF.exe
  2⤵
  PID:5980
- C:\Windows\System\wBNwFuD.exe
  C:\Windows\System\wBNwFuD.exe
  2⤵
  PID:1852
- C:\Windows\System\gznDpmS.exe
  C:\Windows\System\gznDpmS.exe
  2⤵
  PID:6088
- C:\Windows\System\FqsBrNN.exe
  C:\Windows\System\FqsBrNN.exe
  2⤵
  PID:5492
- C:\Windows\System\TJobvSg.exe
  C:\Windows\System\TJobvSg.exe
  2⤵
  PID:5144
- C:\Windows\System\CxfGyOR.exe
  C:\Windows\System\CxfGyOR.exe
  2⤵
  PID:5280
- C:\Windows\System\naKvPyS.exe
  C:\Windows\System\naKvPyS.exe
  2⤵
  PID:5472
- C:\Windows\System\pQodJDp.exe
  C:\Windows\System\pQodJDp.exe
  2⤵
  PID:5672
- C:\Windows\System\vrtGJmg.exe
  C:\Windows\System\vrtGJmg.exe
  2⤵
  PID:5880
- C:\Windows\System\AnHhMZX.exe
  C:\Windows\System\AnHhMZX.exe
  2⤵
  PID:5200
- C:\Windows\System\nYElSIH.exe
  C:\Windows\System\nYElSIH.exe
  2⤵
  PID:5436
- C:\Windows\System\RiZLKyN.exe
  C:\Windows\System\RiZLKyN.exe
  2⤵
  PID:5644
- C:\Windows\System\tMLKWdd.exe
  C:\Windows\System\tMLKWdd.exe
  2⤵
  PID:2184
- C:\Windows\System\vzlTEIT.exe
  C:\Windows\System\vzlTEIT.exe
  2⤵
  PID:6124
- C:\Windows\System\yhfLtBO.exe
  C:\Windows\System\yhfLtBO.exe
  2⤵
  PID:6056
- C:\Windows\System\zUIOgyE.exe
  C:\Windows\System\zUIOgyE.exe
  2⤵
  PID:5956
- C:\Windows\System\HBonkyT.exe
  C:\Windows\System\HBonkyT.exe
  2⤵
  PID:5372
- C:\Windows\System\QndpgyD.exe
  C:\Windows\System\QndpgyD.exe
  2⤵
  PID:5536
- C:\Windows\System\vsypSQR.exe
  C:\Windows\System\vsypSQR.exe
  2⤵
  PID:5664
- C:\Windows\System\buqsQac.exe
  C:\Windows\System\buqsQac.exe
  2⤵
  PID:5884
- C:\Windows\System\ieTJGMW.exe
  C:\Windows\System\ieTJGMW.exe
  2⤵
  PID:5240
- C:\Windows\System\avQSwZr.exe
  C:\Windows\System\avQSwZr.exe
  2⤵
  PID:6016
- C:\Windows\System\KsuODAa.exe
  C:\Windows\System\KsuODAa.exe
  2⤵
  PID:5284
- C:\Windows\System\NbvSkfD.exe
  C:\Windows\System\NbvSkfD.exe
  2⤵
  PID:6068
- C:\Windows\System\FmaIyRe.exe
  C:\Windows\System\FmaIyRe.exe
  2⤵
  PID:6168
- C:\Windows\System\wiSFjHH.exe
  C:\Windows\System\wiSFjHH.exe
  2⤵
  PID:6184
- C:\Windows\System\UxIzzuN.exe
  C:\Windows\System\UxIzzuN.exe
  2⤵
  PID:6216
- C:\Windows\System\OrfBfxf.exe
  C:\Windows\System\OrfBfxf.exe
  2⤵
  PID:6232
- C:\Windows\System\diOrMcd.exe
  C:\Windows\System\diOrMcd.exe
  2⤵
  PID:6252
- C:\Windows\System\trFmNFB.exe
  C:\Windows\System\trFmNFB.exe
  2⤵
  PID:6272
- C:\Windows\System\DQRIsRW.exe
  C:\Windows\System\DQRIsRW.exe
  2⤵
  PID:6288
- C:\Windows\System\gcMWGHL.exe
  C:\Windows\System\gcMWGHL.exe
  2⤵
  PID:6304
- C:\Windows\System\gwyBWxa.exe
  C:\Windows\System\gwyBWxa.exe
  2⤵
  PID:6332
- C:\Windows\System\cOeYgwz.exe
  C:\Windows\System\cOeYgwz.exe
  2⤵
  PID:6352
- C:\Windows\System\dSyFNmd.exe
  C:\Windows\System\dSyFNmd.exe
  2⤵
  PID:6368
- C:\Windows\System\NfqeAQO.exe
  C:\Windows\System\NfqeAQO.exe
  2⤵
  PID:6384
- C:\Windows\System\NLBuixf.exe
  C:\Windows\System\NLBuixf.exe
  2⤵
  PID:6400
- C:\Windows\System\oXdfkGN.exe
  C:\Windows\System\oXdfkGN.exe
  2⤵
  PID:6416
- C:\Windows\System\CzdWPRz.exe
  C:\Windows\System\CzdWPRz.exe
  2⤵
  PID:6460
- C:\Windows\System\NYQTmIA.exe
  C:\Windows\System\NYQTmIA.exe
  2⤵
  PID:6476
- C:\Windows\System\CmJaAzM.exe
  C:\Windows\System\CmJaAzM.exe
  2⤵
  PID:6492
- C:\Windows\System\oPRuXtI.exe
  C:\Windows\System\oPRuXtI.exe
  2⤵
  PID:6508
- C:\Windows\System\XimJaLz.exe
  C:\Windows\System\XimJaLz.exe
  2⤵
  PID:6524
- C:\Windows\System\xXnmXPP.exe
  C:\Windows\System\xXnmXPP.exe
  2⤵
  PID:6540
- C:\Windows\System\hrZALwE.exe
  C:\Windows\System\hrZALwE.exe
  2⤵
  PID:6568
- C:\Windows\System\apihhpL.exe
  C:\Windows\System\apihhpL.exe
  2⤵
  PID:6588
- C:\Windows\System\XeicJjv.exe
  C:\Windows\System\XeicJjv.exe
  2⤵
  PID:6604
- C:\Windows\System\TiTYtpM.exe
  C:\Windows\System\TiTYtpM.exe
  2⤵
  PID:6620
- C:\Windows\System\PSnoIHR.exe
  C:\Windows\System\PSnoIHR.exe
  2⤵
  PID:6636
- C:\Windows\System\vAUVMFB.exe
  C:\Windows\System\vAUVMFB.exe
  2⤵
  PID:6652
- C:\Windows\System\TKFovIo.exe
  C:\Windows\System\TKFovIo.exe
  2⤵
  PID:6688
- C:\Windows\System\DfMxOOK.exe
  C:\Windows\System\DfMxOOK.exe
  2⤵
  PID:6712
- C:\Windows\System\biWamSf.exe
  C:\Windows\System\biWamSf.exe
  2⤵
  PID:6728
- C:\Windows\System\NFkCtng.exe
  C:\Windows\System\NFkCtng.exe
  2⤵
  PID:6744
- C:\Windows\System\qaYbWuT.exe
  C:\Windows\System\qaYbWuT.exe
  2⤵
  PID:6760
- C:\Windows\System\ZcRbMJU.exe
  C:\Windows\System\ZcRbMJU.exe
  2⤵
  PID:6776
- C:\Windows\System\VXWwzdE.exe
  C:\Windows\System\VXWwzdE.exe
  2⤵
  PID:6812
- C:\Windows\System\JdjZXzH.exe
  C:\Windows\System\JdjZXzH.exe
  2⤵
  PID:6836
- C:\Windows\System\DMNKkEJ.exe
  C:\Windows\System\DMNKkEJ.exe
  2⤵
  PID:6860
- C:\Windows\System\zbtzcxK.exe
  C:\Windows\System\zbtzcxK.exe
  2⤵
  PID:6876
- C:\Windows\System\RQpIyoD.exe
  C:\Windows\System\RQpIyoD.exe
  2⤵
  PID:6896
- C:\Windows\System\QnzYcJG.exe
  C:\Windows\System\QnzYcJG.exe
  2⤵
  PID:6916
- C:\Windows\System\GfezORV.exe
  C:\Windows\System\GfezORV.exe
  2⤵
  PID:6932
- C:\Windows\System\DjXXScj.exe
  C:\Windows\System\DjXXScj.exe
  2⤵
  PID:6952
- C:\Windows\System\mjghalb.exe
  C:\Windows\System\mjghalb.exe
  2⤵
  PID:6968
- C:\Windows\System\hqqJjjV.exe
  C:\Windows\System\hqqJjjV.exe
  2⤵
  PID:6984
- C:\Windows\System\dkOfQWl.exe
  C:\Windows\System\dkOfQWl.exe
  2⤵
  PID:7000
- C:\Windows\System\wVQHSWJ.exe
  C:\Windows\System\wVQHSWJ.exe
  2⤵
  PID:7016
- C:\Windows\System\BMldsxl.exe
  C:\Windows\System\BMldsxl.exe
  2⤵
  PID:7040
- C:\Windows\System\ClOMDNT.exe
  C:\Windows\System\ClOMDNT.exe
  2⤵
  PID:7060
- C:\Windows\System\IgQbWWB.exe
  C:\Windows\System\IgQbWWB.exe
  2⤵
  PID:7076
- C:\Windows\System\ALlErms.exe
  C:\Windows\System\ALlErms.exe
  2⤵
  PID:7092
- C:\Windows\System\FIaZPGK.exe
  C:\Windows\System\FIaZPGK.exe
  2⤵
  PID:7112
- C:\Windows\System\ZQAkdDa.exe
  C:\Windows\System\ZQAkdDa.exe
  2⤵
  PID:5164
- C:\Windows\System\DUtsaMM.exe
  C:\Windows\System\DUtsaMM.exe
  2⤵
  PID:5180
- C:\Windows\System\RybEhYn.exe
  C:\Windows\System\RybEhYn.exe
  2⤵
  PID:5776
- C:\Windows\System\uksQgfm.exe
  C:\Windows\System\uksQgfm.exe
  2⤵
  PID:5716
- C:\Windows\System\AWIyNYZ.exe
  C:\Windows\System\AWIyNYZ.exe
  2⤵
  PID:6156
- C:\Windows\System\HAFPtwp.exe
  C:\Windows\System\HAFPtwp.exe
  2⤵
  PID:6200
- C:\Windows\System\yIPZISh.exe
  C:\Windows\System\yIPZISh.exe
  2⤵
  PID:6196
- C:\Windows\System\uSDDYEY.exe
  C:\Windows\System\uSDDYEY.exe
  2⤵
  PID:6228
- C:\Windows\System\UaPUKnf.exe
  C:\Windows\System\UaPUKnf.exe
  2⤵
  PID:6284
- C:\Windows\System\gUCRCiD.exe
  C:\Windows\System\gUCRCiD.exe
  2⤵
  PID:6344
- C:\Windows\System\ubJJZjD.exe
  C:\Windows\System\ubJJZjD.exe
  2⤵
  PID:6360
- C:\Windows\System\kjxZHsB.exe
  C:\Windows\System\kjxZHsB.exe
  2⤵
  PID:6396
- C:\Windows\System\OWkFCCC.exe
  C:\Windows\System\OWkFCCC.exe
  2⤵
  PID:6444
- C:\Windows\System\quwbaHu.exe
  C:\Windows\System\quwbaHu.exe
  2⤵
  PID:6484
- C:\Windows\System\cZRoeLU.exe
  C:\Windows\System\cZRoeLU.exe
  2⤵
  PID:6548
- C:\Windows\System\HijSnuR.exe
  C:\Windows\System\HijSnuR.exe
  2⤵
  PID:6560
- C:\Windows\System\rnLFWYa.exe
  C:\Windows\System\rnLFWYa.exe
  2⤵
  PID:6468
- C:\Windows\System\JOnPNpl.exe
  C:\Windows\System\JOnPNpl.exe
  2⤵
  PID:6504
- C:\Windows\System\rmINgNd.exe
  C:\Windows\System\rmINgNd.exe
  2⤵
  PID:6648
- C:\Windows\System\GDwmLaE.exe
  C:\Windows\System\GDwmLaE.exe
  2⤵
  PID:6736
- C:\Windows\System\FlhnSyk.exe
  C:\Windows\System\FlhnSyk.exe
  2⤵
  PID:6700
- C:\Windows\System\khxxaYA.exe
  C:\Windows\System\khxxaYA.exe
  2⤵
  PID:6752
- C:\Windows\System\QsNmYGb.exe
  C:\Windows\System\QsNmYGb.exe
  2⤵
  PID:6672
- C:\Windows\System\xagDcLH.exe
  C:\Windows\System\xagDcLH.exe
  2⤵
  PID:6820
- C:\Windows\System\KQHpgOq.exe
  C:\Windows\System\KQHpgOq.exe
  2⤵
  PID:6788
- C:\Windows\System\wEyLDLG.exe
  C:\Windows\System\wEyLDLG.exe
  2⤵
  PID:6856
- C:\Windows\System\nckiEzx.exe
  C:\Windows\System\nckiEzx.exe
  2⤵
  PID:6872
- C:\Windows\System\eVATPTO.exe
  C:\Windows\System\eVATPTO.exe
  2⤵
  PID:6904
- C:\Windows\System\CzFLZKg.exe
  C:\Windows\System\CzFLZKg.exe
  2⤵
  PID:6924
- C:\Windows\System\BVmzsxv.exe
  C:\Windows\System\BVmzsxv.exe
  2⤵
  PID:6992
- C:\Windows\System\CAGTnoF.exe
  C:\Windows\System\CAGTnoF.exe
  2⤵
  PID:7036
- C:\Windows\System\pyIprTl.exe
  C:\Windows\System\pyIprTl.exe
  2⤵
  PID:7104
- C:\Windows\System\oyIUPiy.exe
  C:\Windows\System\oyIUPiy.exe
  2⤵
  PID:7128
- C:\Windows\System\TKlgPvc.exe
  C:\Windows\System\TKlgPvc.exe
  2⤵
  PID:7152
- C:\Windows\System\SPJAwCG.exe
  C:\Windows\System\SPJAwCG.exe
  2⤵
  PID:5320
- C:\Windows\System\oUZWXjy.exe
  C:\Windows\System\oUZWXjy.exe
  2⤵
  PID:6176
- C:\Windows\System\fjbnTxk.exe
  C:\Windows\System\fjbnTxk.exe
  2⤵
  PID:6240
- C:\Windows\System\eDRmygt.exe
  C:\Windows\System\eDRmygt.exe
  2⤵
  PID:6148
- C:\Windows\System\OVsjDxx.exe
  C:\Windows\System\OVsjDxx.exe
  2⤵
  PID:6180
- C:\Windows\System\IZDtbbP.exe
  C:\Windows\System\IZDtbbP.exe
  2⤵
  PID:6324
- C:\Windows\System\EnOzYDJ.exe
  C:\Windows\System\EnOzYDJ.exe
  2⤵
  PID:6264
- C:\Windows\System\PYSqiTY.exe
  C:\Windows\System\PYSqiTY.exe
  2⤵
  PID:6296
- C:\Windows\System\OWMsjmf.exe
  C:\Windows\System\OWMsjmf.exe
  2⤵
  PID:6424
- C:\Windows\System\dFutsZN.exe
  C:\Windows\System\dFutsZN.exe
  2⤵
  PID:6392
- C:\Windows\System\XtpunKG.exe
  C:\Windows\System\XtpunKG.exe
  2⤵
  PID:6720
- C:\Windows\System\wNOdQaU.exe
  C:\Windows\System\wNOdQaU.exe
  2⤵
  PID:6772
- C:\Windows\System\TDbvacL.exe
  C:\Windows\System\TDbvacL.exe
  2⤵
  PID:6644
- C:\Windows\System\LJuStLG.exe
  C:\Windows\System\LJuStLG.exe
  2⤵
  PID:6612
- C:\Windows\System\YICHTme.exe
  C:\Windows\System\YICHTme.exe
  2⤵
  PID:6852
- C:\Windows\System\QlPKvLl.exe
  C:\Windows\System\QlPKvLl.exe
  2⤵
  PID:6804
- C:\Windows\System\yByATeY.exe
  C:\Windows\System\yByATeY.exe
  2⤵
  PID:6868
- C:\Windows\System\nSPIDSS.exe
  C:\Windows\System\nSPIDSS.exe
  2⤵
  PID:7072
- C:\Windows\System\MIBZuWp.exe
  C:\Windows\System\MIBZuWp.exe
  2⤵
  PID:7012
- C:\Windows\System\juLPhTW.exe
  C:\Windows\System\juLPhTW.exe
  2⤵
  PID:6928
- C:\Windows\System\XezKIrb.exe
  C:\Windows\System\XezKIrb.exe
  2⤵
  PID:7160
- C:\Windows\System\hubYkVJ.exe
  C:\Windows\System\hubYkVJ.exe
  2⤵
  PID:6208
- C:\Windows\System\QgqQCiZ.exe
  C:\Windows\System\QgqQCiZ.exe
  2⤵
  PID:6316
- C:\Windows\System\ibiauux.exe
  C:\Windows\System\ibiauux.exe
  2⤵
  PID:2340
- C:\Windows\System\CogWzIP.exe
  C:\Windows\System\CogWzIP.exe
  2⤵
  PID:6260
- C:\Windows\System\RUqUJmb.exe
  C:\Windows\System\RUqUJmb.exe
  2⤵
  PID:6628
- C:\Windows\System\jWzOvXU.exe
  C:\Windows\System\jWzOvXU.exe
  2⤵
  PID:6632
- C:\Windows\System\QKVsNfK.exe
  C:\Windows\System\QKVsNfK.exe
  2⤵
  PID:6436
- C:\Windows\System\DYrBLkT.exe
  C:\Windows\System\DYrBLkT.exe
  2⤵
  PID:6520
- C:\Windows\System\MngUDOn.exe
  C:\Windows\System\MngUDOn.exe
  2⤵
  PID:6844
- C:\Windows\System\sedEykA.exe
  C:\Windows\System\sedEykA.exe
  2⤵
  PID:6976
- C:\Windows\System\fPHXhVV.exe
  C:\Windows\System\fPHXhVV.exe
  2⤵
  PID:6940
- C:\Windows\System\XWFOclL.exe
  C:\Windows\System\XWFOclL.exe
  2⤵
  PID:6104
- C:\Windows\System\aNxqLPN.exe
  C:\Windows\System\aNxqLPN.exe
  2⤵
  PID:6552
- C:\Windows\System\SAgIdUC.exe
  C:\Windows\System\SAgIdUC.exe
  2⤵
  PID:7164
- C:\Windows\System\uHHrLMr.exe
  C:\Windows\System\uHHrLMr.exe
  2⤵
  PID:6696
- C:\Windows\System\ppncSab.exe
  C:\Windows\System\ppncSab.exe
  2⤵
  PID:6800
- C:\Windows\System\FKvqiyc.exe
  C:\Windows\System\FKvqiyc.exe
  2⤵
  PID:7172
- C:\Windows\System\TMoTlxA.exe
  C:\Windows\System\TMoTlxA.exe
  2⤵
  PID:7192
- C:\Windows\System\anInoAA.exe
  C:\Windows\System\anInoAA.exe
  2⤵
  PID:7212
- C:\Windows\System\cFfGKWf.exe
  C:\Windows\System\cFfGKWf.exe
  2⤵
  PID:7244
- C:\Windows\System\pcMHxOe.exe
  C:\Windows\System\pcMHxOe.exe
  2⤵
  PID:7260
- C:\Windows\System\LDiunLm.exe
  C:\Windows\System\LDiunLm.exe
  2⤵
  PID:7280
- C:\Windows\System\ltehWVZ.exe
  C:\Windows\System\ltehWVZ.exe
  2⤵
  PID:7296
- C:\Windows\System\DSUyDzN.exe
  C:\Windows\System\DSUyDzN.exe
  2⤵
  PID:7312
- C:\Windows\System\BnxbnMz.exe
  C:\Windows\System\BnxbnMz.exe
  2⤵
  PID:7328
- C:\Windows\System\BksxznE.exe
  C:\Windows\System\BksxznE.exe
  2⤵
  PID:7344
- C:\Windows\System\ehLPZJt.exe
  C:\Windows\System\ehLPZJt.exe
  2⤵
  PID:7360
- C:\Windows\System\MhVXKPY.exe
  C:\Windows\System\MhVXKPY.exe
  2⤵
  PID:7376
- C:\Windows\System\mhtWCZA.exe
  C:\Windows\System\mhtWCZA.exe
  2⤵
  PID:7392
- C:\Windows\System\WJSwVrG.exe
  C:\Windows\System\WJSwVrG.exe
  2⤵
  PID:7408
- C:\Windows\System\wqkMlRs.exe
  C:\Windows\System\wqkMlRs.exe
  2⤵
  PID:7424
- C:\Windows\System\EaoFIFH.exe
  C:\Windows\System\EaoFIFH.exe
  2⤵
  PID:7460
- C:\Windows\System\qjsfZli.exe
  C:\Windows\System\qjsfZli.exe
  2⤵
  PID:7488
- C:\Windows\System\CmTAZKL.exe
  C:\Windows\System\CmTAZKL.exe
  2⤵
  PID:7504
- C:\Windows\System\kZnfYNj.exe
  C:\Windows\System\kZnfYNj.exe
  2⤵
  PID:7544
- C:\Windows\System\UdWslhq.exe
  C:\Windows\System\UdWslhq.exe
  2⤵
  PID:7564
- C:\Windows\System\WuyBwfn.exe
  C:\Windows\System\WuyBwfn.exe
  2⤵
  PID:7580
- C:\Windows\System\ZOGiAXr.exe
  C:\Windows\System\ZOGiAXr.exe
  2⤵
  PID:7600
- C:\Windows\System\VqnoekJ.exe
  C:\Windows\System\VqnoekJ.exe
  2⤵
  PID:7620
- C:\Windows\System\zjsuLNJ.exe
  C:\Windows\System\zjsuLNJ.exe
  2⤵
  PID:7636
- C:\Windows\System\gPdWAsq.exe
  C:\Windows\System\gPdWAsq.exe
  2⤵
  PID:7672
- C:\Windows\System\vqHSJBS.exe
  C:\Windows\System\vqHSJBS.exe
  2⤵
  PID:7688
- C:\Windows\System\YcWeDQo.exe
  C:\Windows\System\YcWeDQo.exe
  2⤵
  PID:7704
- C:\Windows\System\ibbCmEO.exe
  C:\Windows\System\ibbCmEO.exe
  2⤵
  PID:7720
- C:\Windows\System\RImFAUC.exe
  C:\Windows\System\RImFAUC.exe
  2⤵
  PID:7736
- C:\Windows\System\ZsnlYdu.exe
  C:\Windows\System\ZsnlYdu.exe
  2⤵
  PID:7756
- C:\Windows\System\lYlpMPi.exe
  C:\Windows\System\lYlpMPi.exe
  2⤵
  PID:7772
- C:\Windows\System\luDoqBe.exe
  C:\Windows\System\luDoqBe.exe
  2⤵
  PID:7788
- C:\Windows\System\xpEKcTN.exe
  C:\Windows\System\xpEKcTN.exe
  2⤵
  PID:7804
- C:\Windows\System\xevcOeU.exe
  C:\Windows\System\xevcOeU.exe
  2⤵
  PID:7828
- C:\Windows\System\LUZOQnX.exe
  C:\Windows\System\LUZOQnX.exe
  2⤵
  PID:7848
- C:\Windows\System\YuIkIMW.exe
  C:\Windows\System\YuIkIMW.exe
  2⤵
  PID:7868
- C:\Windows\System\tkGdTup.exe
  C:\Windows\System\tkGdTup.exe
  2⤵
  PID:7900
- C:\Windows\System\eDoBnRf.exe
  C:\Windows\System\eDoBnRf.exe
  2⤵
  PID:7916
- C:\Windows\System\oMUoWsb.exe
  C:\Windows\System\oMUoWsb.exe
  2⤵
  PID:7956
- C:\Windows\System\tNHaait.exe
  C:\Windows\System\tNHaait.exe
  2⤵
  PID:7972
- C:\Windows\System\RyfieIM.exe
  C:\Windows\System\RyfieIM.exe
  2⤵
  PID:8004
- C:\Windows\System\FgVecsO.exe
  C:\Windows\System\FgVecsO.exe
  2⤵
  PID:8020
- C:\Windows\System\eXSxNXJ.exe
  C:\Windows\System\eXSxNXJ.exe
  2⤵
  PID:8036
- C:\Windows\System\cwfKHis.exe
  C:\Windows\System\cwfKHis.exe
  2⤵
  PID:8064
- C:\Windows\System\IgoIoDP.exe
  C:\Windows\System\IgoIoDP.exe
  2⤵
  PID:8080
- C:\Windows\System\iMBdrnn.exe
  C:\Windows\System\iMBdrnn.exe
  2⤵
  PID:8096
- C:\Windows\System\aCcQbnV.exe
  C:\Windows\System\aCcQbnV.exe
  2⤵
  PID:8120
- C:\Windows\System\IntteKL.exe
  C:\Windows\System\IntteKL.exe
  2⤵
  PID:8140
- C:\Windows\System\dcgHcJH.exe
  C:\Windows\System\dcgHcJH.exe
  2⤵
  PID:8160
- C:\Windows\System\qCWzWXj.exe
  C:\Windows\System\qCWzWXj.exe
  2⤵
  PID:8176
- C:\Windows\System\BdAIWib.exe
  C:\Windows\System\BdAIWib.exe
  2⤵
  PID:6280
- C:\Windows\System\unkevRK.exe
  C:\Windows\System\unkevRK.exe
  2⤵
  PID:6684
- C:\Windows\System\AveUyin.exe
  C:\Windows\System\AveUyin.exe
  2⤵
  PID:7120
- C:\Windows\System\kuVPmix.exe
  C:\Windows\System\kuVPmix.exe
  2⤵
  PID:7148
- C:\Windows\System\ubWeuXB.exe
  C:\Windows\System\ubWeuXB.exe
  2⤵
  PID:7208
- C:\Windows\System\TwWiied.exe
  C:\Windows\System\TwWiied.exe
  2⤵
  PID:7232
- C:\Windows\System\YMoRGHY.exe
  C:\Windows\System\YMoRGHY.exe
  2⤵
  PID:6768
- C:\Windows\System\mLSqkWC.exe
  C:\Windows\System\mLSqkWC.exe
  2⤵
  PID:7340
- C:\Windows\System\dcWJmFS.exe
  C:\Windows\System\dcWJmFS.exe
  2⤵
  PID:7404
- C:\Windows\System\huLltcs.exe
  C:\Windows\System\huLltcs.exe
  2⤵
  PID:7272
- C:\Windows\System\geluPZl.exe
  C:\Windows\System\geluPZl.exe
  2⤵
  PID:7420
- C:\Windows\System\JkqpskQ.exe
  C:\Windows\System\JkqpskQ.exe
  2⤵
  PID:7356
- C:\Windows\System\sWQMtey.exe
  C:\Windows\System\sWQMtey.exe
  2⤵
  PID:7292
- C:\Windows\System\txdVPSM.exe
  C:\Windows\System\txdVPSM.exe
  2⤵
  PID:7448
- C:\Windows\System\wDdYLtn.exe
  C:\Windows\System\wDdYLtn.exe
  2⤵
  PID:7476
- C:\Windows\System\pLxYxac.exe
  C:\Windows\System\pLxYxac.exe
  2⤵
  PID:7520
- C:\Windows\System\psANJGI.exe
  C:\Windows\System\psANJGI.exe
  2⤵
  PID:7536
- C:\Windows\System\BywcFUk.exe
  C:\Windows\System\BywcFUk.exe
  2⤵
  PID:7576
- C:\Windows\System\hCGNMKN.exe
  C:\Windows\System\hCGNMKN.exe
  2⤵
  PID:7596
- C:\Windows\System\weaLrrl.exe
  C:\Windows\System\weaLrrl.exe
  2⤵
  PID:7648
- C:\Windows\System\nUEpGcp.exe
  C:\Windows\System\nUEpGcp.exe
  2⤵
  PID:7664
- C:\Windows\System\fBxqzUp.exe
  C:\Windows\System\fBxqzUp.exe
  2⤵
  PID:7728
- C:\Windows\System\YeNrJxt.exe
  C:\Windows\System\YeNrJxt.exe
  2⤵
  PID:7800
- C:\Windows\System\WulPkrD.exe
  C:\Windows\System\WulPkrD.exe
  2⤵
  PID:7784
- C:\Windows\System\ZrVVgdV.exe
  C:\Windows\System\ZrVVgdV.exe
  2⤵
  PID:7748
- C:\Windows\System\eMJlwPo.exe
  C:\Windows\System\eMJlwPo.exe
  2⤵
  PID:7712
- C:\Windows\System\MqivFzq.exe
  C:\Windows\System\MqivFzq.exe
  2⤵
  PID:7840
- C:\Windows\System\srgMAAg.exe
  C:\Windows\System\srgMAAg.exe
  2⤵
  PID:7888
- C:\Windows\System\KEDUEwN.exe
  C:\Windows\System\KEDUEwN.exe
  2⤵
  PID:7860
- C:\Windows\System\BahrrwH.exe
  C:\Windows\System\BahrrwH.exe
  2⤵
  PID:7940
- C:\Windows\System\IiCfYwW.exe
  C:\Windows\System\IiCfYwW.exe
  2⤵
  PID:7988
- C:\Windows\System\eQPAzkF.exe
  C:\Windows\System\eQPAzkF.exe
  2⤵
  PID:8028
- C:\Windows\System\RnuDUvo.exe
  C:\Windows\System\RnuDUvo.exe
  2⤵
  PID:8044
- C:\Windows\System\HaXSKZc.exe
  C:\Windows\System\HaXSKZc.exe
  2⤵
  PID:8104
- C:\Windows\System\ossDmii.exe
  C:\Windows\System\ossDmii.exe
  2⤵
  PID:8116
- C:\Windows\System\xbVtiQO.exe
  C:\Windows\System\xbVtiQO.exe
  2⤵
  PID:8136
- C:\Windows\System\tskvUFc.exe
  C:\Windows\System\tskvUFc.exe
  2⤵
  PID:8168
- C:\Windows\System\avtJNNN.exe
  C:\Windows\System\avtJNNN.exe
  2⤵
  PID:6832
- C:\Windows\System\ULIDYoL.exe
  C:\Windows\System\ULIDYoL.exe
  2⤵
  PID:6792
- C:\Windows\System\oKuyTuo.exe
  C:\Windows\System\oKuyTuo.exe
  2⤵
  PID:7200
- C:\Windows\System\JYMTuZZ.exe
  C:\Windows\System\JYMTuZZ.exe
  2⤵
  PID:6892
- C:\Windows\System\cLcWowM.exe
  C:\Windows\System\cLcWowM.exe
  2⤵
  PID:7256
- C:\Windows\System\tpCVqbX.exe
  C:\Windows\System\tpCVqbX.exe
  2⤵
  PID:7304
- C:\Windows\System\sbIVkdT.exe
  C:\Windows\System\sbIVkdT.exe
  2⤵
  PID:7512
- C:\Windows\System\eVzlmtP.exe
  C:\Windows\System\eVzlmtP.exe
  2⤵
  PID:7532
- C:\Windows\System\RVoRtmT.exe
  C:\Windows\System\RVoRtmT.exe
  2⤵
  PID:7496
- C:\Windows\System\PXvBcny.exe
  C:\Windows\System\PXvBcny.exe
  2⤵
  PID:7560
- C:\Windows\System\YlDFXcc.exe
  C:\Windows\System\YlDFXcc.exe
  2⤵
  PID:7660
- C:\Windows\System\QCppYPN.exe
  C:\Windows\System\QCppYPN.exe
  2⤵
  PID:7824
- C:\Windows\System\YJsJHpS.exe
  C:\Windows\System\YJsJHpS.exe
  2⤵
  PID:7908
- C:\Windows\System\AQGeShO.exe
  C:\Windows\System\AQGeShO.exe
  2⤵
  PID:7632
- C:\Windows\System\qYADSbw.exe
  C:\Windows\System\qYADSbw.exe
  2⤵
  PID:7628
- C:\Windows\System\jLCUops.exe
  C:\Windows\System\jLCUops.exe
  2⤵
  PID:7924
- C:\Windows\System\ThBMJtf.exe
  C:\Windows\System\ThBMJtf.exe
  2⤵
  PID:7984
- C:\Windows\System\BcGGaqm.exe
  C:\Windows\System\BcGGaqm.exe
  2⤵
  PID:8108
- C:\Windows\System\dDguNsg.exe
  C:\Windows\System\dDguNsg.exe
  2⤵
  PID:8184
- C:\Windows\System\tQzjtns.exe
  C:\Windows\System\tQzjtns.exe
  2⤵
  PID:6796
- C:\Windows\System\MoLgATR.exe
  C:\Windows\System\MoLgATR.exe
  2⤵
  PID:8132
- C:\Windows\System\HxVWKhK.exe
  C:\Windows\System\HxVWKhK.exe
  2⤵
  PID:7372
- C:\Windows\System\sRDQHwF.exe
  C:\Windows\System\sRDQHwF.exe
  2⤵
  PID:7184
- C:\Windows\System\gtpPbBp.exe
  C:\Windows\System\gtpPbBp.exe
  2⤵
  PID:7540
- C:\Windows\System\pLcHiOr.exe
  C:\Windows\System\pLcHiOr.exe
  2⤵
  PID:7612
- C:\Windows\System\lomAbRY.exe
  C:\Windows\System\lomAbRY.exe
  2⤵
  PID:7928
- C:\Windows\System\KsOjyiW.exe
  C:\Windows\System\KsOjyiW.exe
  2⤵
  PID:7696
- C:\Windows\System\AYgRRuW.exe
  C:\Windows\System\AYgRRuW.exe
  2⤵
  PID:6980
- C:\Windows\System\RKEUlwv.exe
  C:\Windows\System\RKEUlwv.exe
  2⤵
  PID:7996
- C:\Windows\System\KHRqBgJ.exe
  C:\Windows\System\KHRqBgJ.exe
  2⤵
  PID:8000
- C:\Windows\System\egZnody.exe
  C:\Windows\System\egZnody.exe
  2⤵
  PID:8188
- C:\Windows\System\XxWRuWJ.exe
  C:\Windows\System\XxWRuWJ.exe
  2⤵
  PID:8072
- C:\Windows\System\MpzSkxr.exe
  C:\Windows\System\MpzSkxr.exe
  2⤵
  PID:7320
- C:\Windows\System\RvZdbcA.exe
  C:\Windows\System\RvZdbcA.exe
  2⤵
  PID:7552
- C:\Windows\System\PtuwGCD.exe
  C:\Windows\System\PtuwGCD.exe
  2⤵
  PID:7796
- C:\Windows\System\iXkyaCW.exe
  C:\Windows\System\iXkyaCW.exe
  2⤵
  PID:7588
- C:\Windows\System\QiMJBxj.exe
  C:\Windows\System\QiMJBxj.exe
  2⤵
  PID:7980
- C:\Windows\System\mbBjzhM.exe
  C:\Windows\System\mbBjzhM.exe
  2⤵
  PID:7308
- C:\Windows\System\INOBFwg.exe
  C:\Windows\System\INOBFwg.exe
  2⤵
  PID:8012
- C:\Windows\System\opwjDzf.exe
  C:\Windows\System\opwjDzf.exe
  2⤵
  PID:6756
- C:\Windows\System\mfluHvg.exe
  C:\Windows\System\mfluHvg.exe
  2⤵
  PID:7336
- C:\Windows\System\RKNhGTO.exe
  C:\Windows\System\RKNhGTO.exe
  2⤵
  PID:7964
- C:\Windows\System\lamWVBg.exe
  C:\Windows\System\lamWVBg.exe
  2⤵
  PID:8156
- C:\Windows\System\kDFWJkh.exe
  C:\Windows\System\kDFWJkh.exe
  2⤵
  PID:7484
- C:\Windows\System\sbGkHnI.exe
  C:\Windows\System\sbGkHnI.exe
  2⤵
  PID:7440
- C:\Windows\System\PHrxQwl.exe
  C:\Windows\System\PHrxQwl.exe
  2⤵
  PID:7028
- C:\Windows\System\SMDbBAj.exe
  C:\Windows\System\SMDbBAj.exe
  2⤵
  PID:7936
- C:\Windows\System\ALOdXSO.exe
  C:\Windows\System\ALOdXSO.exe
  2⤵
  PID:8052
- C:\Windows\System\YaUexMI.exe
  C:\Windows\System\YaUexMI.exe
  2⤵
  PID:6668
- C:\Windows\System\wYfKCvW.exe
  C:\Windows\System\wYfKCvW.exe
  2⤵
  PID:8208
- C:\Windows\System\ZUVNRGs.exe
  C:\Windows\System\ZUVNRGs.exe
  2⤵
  PID:8224
- C:\Windows\System\sasrtEU.exe
  C:\Windows\System\sasrtEU.exe
  2⤵
  PID:8240
- C:\Windows\System\sPdQjxX.exe
  C:\Windows\System\sPdQjxX.exe
  2⤵
  PID:8256
- C:\Windows\System\RsTBaeK.exe
  C:\Windows\System\RsTBaeK.exe
  2⤵
  PID:8284
- C:\Windows\System\iYEbktK.exe
  C:\Windows\System\iYEbktK.exe
  2⤵
  PID:8308
- C:\Windows\System\vRaFghQ.exe
  C:\Windows\System\vRaFghQ.exe
  2⤵
  PID:8328
- C:\Windows\System\fNrkALP.exe
  C:\Windows\System\fNrkALP.exe
  2⤵
  PID:8344
- C:\Windows\System\rLBWSGV.exe
  C:\Windows\System\rLBWSGV.exe
  2⤵
  PID:8376
- C:\Windows\System\nKrxVBu.exe
  C:\Windows\System\nKrxVBu.exe
  2⤵
  PID:8400
- C:\Windows\System\yUfSKts.exe
  C:\Windows\System\yUfSKts.exe
  2⤵
  PID:8416
- C:\Windows\System\tsdqsnH.exe
  C:\Windows\System\tsdqsnH.exe
  2⤵
  PID:8432
- C:\Windows\System\JBaHdjn.exe
  C:\Windows\System\JBaHdjn.exe
  2⤵
  PID:8452
- C:\Windows\System\FeSmzlN.exe
  C:\Windows\System\FeSmzlN.exe
  2⤵
  PID:8468
- C:\Windows\System\TbwLfkd.exe
  C:\Windows\System\TbwLfkd.exe
  2⤵
  PID:8484
- C:\Windows\System\htHCiKZ.exe
  C:\Windows\System\htHCiKZ.exe
  2⤵
  PID:8512
- C:\Windows\System\BlEHmxv.exe
  C:\Windows\System\BlEHmxv.exe
  2⤵
  PID:8528
- C:\Windows\System\wJAvmSn.exe
  C:\Windows\System\wJAvmSn.exe
  2⤵
  PID:8552
- C:\Windows\System\XqoQHeR.exe
  C:\Windows\System\XqoQHeR.exe
  2⤵
  PID:8584
- C:\Windows\System\dfpbkCU.exe
  C:\Windows\System\dfpbkCU.exe
  2⤵
  PID:8600
- C:\Windows\System\DaujBMa.exe
  C:\Windows\System\DaujBMa.exe
  2⤵
  PID:8616
- C:\Windows\System\cAapWOs.exe
  C:\Windows\System\cAapWOs.exe
  2⤵
  PID:8640
- C:\Windows\System\CmCOZpT.exe
  C:\Windows\System\CmCOZpT.exe
  2⤵
  PID:8664
- C:\Windows\System\ayvKSqj.exe
  C:\Windows\System\ayvKSqj.exe
  2⤵
  PID:8680
- C:\Windows\System\eIoYnkz.exe
  C:\Windows\System\eIoYnkz.exe
  2⤵
  PID:8696
- C:\Windows\System\ZEIHmYR.exe
  C:\Windows\System\ZEIHmYR.exe
  2⤵
  PID:8720
- C:\Windows\System\RePcLLz.exe
  C:\Windows\System\RePcLLz.exe
  2⤵
  PID:8744
- C:\Windows\System\KYPLijp.exe
  C:\Windows\System\KYPLijp.exe
  2⤵
  PID:8760
- C:\Windows\System\KUFdeGd.exe
  C:\Windows\System\KUFdeGd.exe
  2⤵
  PID:8776
- C:\Windows\System\qCHtoOs.exe
  C:\Windows\System\qCHtoOs.exe
  2⤵
  PID:8808
- C:\Windows\System\JyTVDkn.exe
  C:\Windows\System\JyTVDkn.exe
  2⤵
  PID:8824
- C:\Windows\System\SztZzHZ.exe
  C:\Windows\System\SztZzHZ.exe
  2⤵
  PID:8840
- C:\Windows\System\xVrlMov.exe
  C:\Windows\System\xVrlMov.exe
  2⤵
  PID:8864
- C:\Windows\System\HbaLnWP.exe
  C:\Windows\System\HbaLnWP.exe
  2⤵
  PID:8880
- C:\Windows\System\QiFgwmf.exe
  C:\Windows\System\QiFgwmf.exe
  2⤵
  PID:8900
- C:\Windows\System\vvDtxed.exe
  C:\Windows\System\vvDtxed.exe
  2⤵
  PID:8916
- C:\Windows\System\CblEVuy.exe
  C:\Windows\System\CblEVuy.exe
  2⤵
  PID:8940
- C:\Windows\System\HMOzZyX.exe
  C:\Windows\System\HMOzZyX.exe
  2⤵
  PID:8956
- C:\Windows\System\UcFqbCz.exe
  C:\Windows\System\UcFqbCz.exe
  2⤵
  PID:8972
- C:\Windows\System\DsFkVVG.exe
  C:\Windows\System\DsFkVVG.exe
  2⤵
  PID:9008
- C:\Windows\System\OHGYAWN.exe
  C:\Windows\System\OHGYAWN.exe
  2⤵
  PID:9028
- C:\Windows\System\FKFxiwn.exe
  C:\Windows\System\FKFxiwn.exe
  2⤵
  PID:9044
- C:\Windows\System\XKJxyyE.exe
  C:\Windows\System\XKJxyyE.exe
  2⤵
  PID:9068
- C:\Windows\System\KeTGXVB.exe
  C:\Windows\System\KeTGXVB.exe
  2⤵
  PID:9084
- C:\Windows\System\GPRwMHQ.exe
  C:\Windows\System\GPRwMHQ.exe
  2⤵
  PID:9104
- C:\Windows\System\tEqmIom.exe
  C:\Windows\System\tEqmIom.exe
  2⤵
  PID:9120
- C:\Windows\System\OoyJsOf.exe
  C:\Windows\System\OoyJsOf.exe
  2⤵
  PID:9136
- C:\Windows\System\dlKxoko.exe
  C:\Windows\System\dlKxoko.exe
  2⤵
  PID:9156
- C:\Windows\System\qIIFfIw.exe
  C:\Windows\System\qIIFfIw.exe
  2⤵
  PID:9176
- C:\Windows\System\eLKYVpx.exe
  C:\Windows\System\eLKYVpx.exe
  2⤵
  PID:9192
- C:\Windows\System\dMKKsrF.exe
  C:\Windows\System\dMKKsrF.exe
  2⤵
  PID:9208
- C:\Windows\System\HaJKrEn.exe
  C:\Windows\System\HaJKrEn.exe
  2⤵
  PID:8200
- C:\Windows\System\dkwFDTv.exe
  C:\Windows\System\dkwFDTv.exe
  2⤵
  PID:8276
- C:\Windows\System\gVgkxdJ.exe
  C:\Windows\System\gVgkxdJ.exe
  2⤵
  PID:4996
- C:\Windows\System\vRETPed.exe
  C:\Windows\System\vRETPed.exe
  2⤵
  PID:8316
- C:\Windows\System\fXeBZrg.exe
  C:\Windows\System\fXeBZrg.exe
  2⤵
  PID:8296
- C:\Windows\System\OgnVASx.exe
  C:\Windows\System\OgnVASx.exe
  2⤵
  PID:8352
- C:\Windows\System\QtqxSyf.exe
  C:\Windows\System\QtqxSyf.exe
  2⤵
  PID:8368
- C:\Windows\System\LtoejCZ.exe
  C:\Windows\System\LtoejCZ.exe
  2⤵
  PID:8392
- C:\Windows\System\ONrBbNJ.exe
  C:\Windows\System\ONrBbNJ.exe
  2⤵
  PID:8448
- C:\Windows\System\sZJGsoO.exe
  C:\Windows\System\sZJGsoO.exe
  2⤵
  PID:8520
- C:\Windows\System\dPuqCWx.exe
  C:\Windows\System\dPuqCWx.exe
  2⤵
  PID:8504
- C:\Windows\System\vOGjZGO.exe
  C:\Windows\System\vOGjZGO.exe
  2⤵
  PID:8500
- C:\Windows\System\OZUZaFc.exe
  C:\Windows\System\OZUZaFc.exe
  2⤵
  PID:8612
- C:\Windows\System\oMedNZT.exe
  C:\Windows\System\oMedNZT.exe
  2⤵
  PID:8632
- C:\Windows\System\fyRJTre.exe
  C:\Windows\System\fyRJTre.exe
  2⤵
  PID:8688
- C:\Windows\System\PICkqQO.exe
  C:\Windows\System\PICkqQO.exe
  2⤵
  PID:8712
- C:\Windows\System\QOVtfGn.exe
  C:\Windows\System\QOVtfGn.exe
  2⤵
  PID:8708
- C:\Windows\System\dOUsrkP.exe
  C:\Windows\System\dOUsrkP.exe
  2⤵
  PID:8752
- C:\Windows\System\ZKmpsuD.exe
  C:\Windows\System\ZKmpsuD.exe
  2⤵
  PID:8788
- C:\Windows\System\HqMXIQF.exe
  C:\Windows\System\HqMXIQF.exe
  2⤵
  PID:8820
- C:\Windows\System\dhexYni.exe
  C:\Windows\System\dhexYni.exe
  2⤵
  PID:8856
- C:\Windows\System\WqKoLNg.exe
  C:\Windows\System\WqKoLNg.exe
  2⤵
  PID:8896
- C:\Windows\System\ksCnIzn.exe
  C:\Windows\System\ksCnIzn.exe
  2⤵
  PID:8872
- C:\Windows\System\APJcuwE.exe
  C:\Windows\System\APJcuwE.exe
  2⤵
  PID:8948
- C:\Windows\System\WBJDjrt.exe
  C:\Windows\System\WBJDjrt.exe
  2⤵
  PID:8800
- C:\Windows\System\ZjbVEVR.exe
  C:\Windows\System\ZjbVEVR.exe
  2⤵
  PID:9020
- C:\Windows\System\WjInHiD.exe
  C:\Windows\System\WjInHiD.exe
  2⤵
  PID:9052
- C:\Windows\System\AFAgXuo.exe
  C:\Windows\System\AFAgXuo.exe
  2⤵
  PID:9092
- C:\Windows\System\gqiTWys.exe
  C:\Windows\System\gqiTWys.exe
  2⤵
  PID:9132
- C:\Windows\System\vuyCgSX.exe
  C:\Windows\System\vuyCgSX.exe
  2⤵
  PID:8232
- C:\Windows\System\XduRJHU.exe
  C:\Windows\System\XduRJHU.exe
  2⤵
  PID:8220
- C:\Windows\System\KKuTbbk.exe
  C:\Windows\System\KKuTbbk.exe
  2⤵
  PID:8356
- C:\Windows\System\xkuhnuR.exe
  C:\Windows\System\xkuhnuR.exe
  2⤵
  PID:9112
- C:\Windows\System\YzZtUXn.exe
  C:\Windows\System\YzZtUXn.exe
  2⤵
  PID:9116
- C:\Windows\System\creoLeM.exe
  C:\Windows\System\creoLeM.exe
  2⤵
  PID:8340
- C:\Windows\System\YYstcuc.exe
  C:\Windows\System\YYstcuc.exe
  2⤵
  PID:8480
- C:\Windows\System\kZnphfD.exe
  C:\Windows\System\kZnphfD.exe
  2⤵
  PID:8536
- C:\Windows\System\FHWlQBo.exe
  C:\Windows\System\FHWlQBo.exe
  2⤵
  PID:8548
- C:\Windows\System\xPsftmB.exe
  C:\Windows\System\xPsftmB.exe
  2⤵
  PID:8580
- C:\Windows\System\DwTqoDx.exe
  C:\Windows\System\DwTqoDx.exe
  2⤵
  PID:8596
- C:\Windows\System\UotGpkM.exe
  C:\Windows\System\UotGpkM.exe
  2⤵
  PID:8652
- C:\Windows\System\ScpMyCV.exe
  C:\Windows\System\ScpMyCV.exe
  2⤵
  PID:8732
- C:\Windows\System\TXytsik.exe
  C:\Windows\System\TXytsik.exe
  2⤵
  PID:8816
- C:\Windows\System\hFcLvED.exe
  C:\Windows\System\hFcLvED.exe
  2⤵
  PID:8928
- C:\Windows\System\KXmqrGO.exe
  C:\Windows\System\KXmqrGO.exe
  2⤵
  PID:8784
- C:\Windows\System\BoxnJug.exe
  C:\Windows\System\BoxnJug.exe
  2⤵
  PID:8968
- C:\Windows\System\xjTqGaQ.exe
  C:\Windows\System\xjTqGaQ.exe
  2⤵
  PID:9016
- C:\Windows\System\sLtlaOa.exe
  C:\Windows\System\sLtlaOa.exe
  2⤵
  PID:9060
- C:\Windows\System\YSeWzQJ.exe
  C:\Windows\System\YSeWzQJ.exe
  2⤵
  PID:9204
- C:\Windows\System\exesIZA.exe
  C:\Windows\System\exesIZA.exe
  2⤵
  PID:9100
- C:\Windows\System\eKaAVXg.exe
  C:\Windows\System\eKaAVXg.exe
  2⤵
  PID:8412
- C:\Windows\System\fMZzUAK.exe
  C:\Windows\System\fMZzUAK.exe
  2⤵
  PID:8384
- C:\Windows\System\eIzICtB.exe
  C:\Windows\System\eIzICtB.exe
  2⤵
  PID:8252
- C:\Windows\System\PTYUYjV.exe
  C:\Windows\System\PTYUYjV.exe
  2⤵
  PID:8540
- C:\Windows\System\TUIooce.exe
  C:\Windows\System\TUIooce.exe
  2⤵
  PID:8496
- C:\Windows\System\UGwZSut.exe
  C:\Windows\System\UGwZSut.exe
  2⤵
  PID:8648
- C:\Windows\System\CyFSKcG.exe
  C:\Windows\System\CyFSKcG.exe
  2⤵
  PID:8892
- C:\Windows\System\pecQbFp.exe
  C:\Windows\System\pecQbFp.exe
  2⤵
  PID:8772
- C:\Windows\System\oyxsvjG.exe
  C:\Windows\System\oyxsvjG.exe
  2⤵
  PID:8980
- C:\Windows\System\kiunyIu.exe
  C:\Windows\System\kiunyIu.exe
  2⤵
  PID:9064
- C:\Windows\System\jyLvzGh.exe
  C:\Windows\System\jyLvzGh.exe
  2⤵
  PID:9152
- C:\Windows\System\sDBLVhw.exe
  C:\Windows\System\sDBLVhw.exe
  2⤵
  PID:8476
- C:\Windows\System\UFmANFk.exe
  C:\Windows\System\UFmANFk.exe
  2⤵
  PID:8564
- C:\Windows\System\owbxdcd.exe
  C:\Windows\System\owbxdcd.exe
  2⤵
  PID:8440
- C:\Windows\System\MLFBdBZ.exe
  C:\Windows\System\MLFBdBZ.exe
  2⤵
  PID:8508
- C:\Windows\System\gdHwtgt.exe
  C:\Windows\System\gdHwtgt.exe
  2⤵
  PID:8568
- C:\Windows\System\sEzTHNp.exe
  C:\Windows\System\sEzTHNp.exe
  2⤵
  PID:8768
- C:\Windows\System\ZwIIrbt.exe
  C:\Windows\System\ZwIIrbt.exe
  2⤵
  PID:9076
- C:\Windows\System\BGlUCwo.exe
  C:\Windows\System\BGlUCwo.exe
  2⤵
  PID:8388
- C:\Windows\System\TQyYNYw.exe
  C:\Windows\System\TQyYNYw.exe
  2⤵
  PID:8592
- C:\Windows\System\dwmZThT.exe
  C:\Windows\System\dwmZThT.exe
  2⤵
  PID:8852
- C:\Windows\System\UoAmbcU.exe
  C:\Windows\System\UoAmbcU.exe
  2⤵
  PID:8304
- C:\Windows\System\bOzjTUD.exe
  C:\Windows\System\bOzjTUD.exe
  2⤵
  PID:9168
- C:\Windows\System\kzJwVzC.exe
  C:\Windows\System\kzJwVzC.exe
  2⤵
  PID:8444
- C:\Windows\System\MlPUVbj.exe
  C:\Windows\System\MlPUVbj.exe
  2⤵
  PID:8908
- C:\Windows\System\RmHVzIG.exe
  C:\Windows\System\RmHVzIG.exe
  2⤵
  PID:2368
- C:\Windows\System\smSbGeP.exe
  C:\Windows\System\smSbGeP.exe
  2⤵
  PID:9128
- C:\Windows\System\RNTGcPA.exe
  C:\Windows\System\RNTGcPA.exe
  2⤵
  PID:9024
- C:\Windows\System\AcleCSW.exe
  C:\Windows\System\AcleCSW.exe
  2⤵
  PID:9236
- C:\Windows\System\vIpIcwF.exe
  C:\Windows\System\vIpIcwF.exe
  2⤵
  PID:9264
- C:\Windows\System\PWITbxo.exe
  C:\Windows\System\PWITbxo.exe
  2⤵
  PID:9280
- C:\Windows\System\PpgcQAS.exe
  C:\Windows\System\PpgcQAS.exe
  2⤵
  PID:9296
- C:\Windows\System\VrGeSAc.exe
  C:\Windows\System\VrGeSAc.exe
  2⤵
  PID:9320
- C:\Windows\System\ZIqqJJf.exe
  C:\Windows\System\ZIqqJJf.exe
  2⤵
  PID:9336
- C:\Windows\System\EkoxPCs.exe
  C:\Windows\System\EkoxPCs.exe
  2⤵
  PID:9356
- C:\Windows\System\RkohmTm.exe
  C:\Windows\System\RkohmTm.exe
  2⤵
  PID:9380
- C:\Windows\System\rWIzAcD.exe
  C:\Windows\System\rWIzAcD.exe
  2⤵
  PID:9408
- C:\Windows\System\SnZxaWk.exe
  C:\Windows\System\SnZxaWk.exe
  2⤵
  PID:9428
- C:\Windows\System\ZHqRqBk.exe
  C:\Windows\System\ZHqRqBk.exe
  2⤵
  PID:9444
- C:\Windows\System\DJXLQqJ.exe
  C:\Windows\System\DJXLQqJ.exe
  2⤵
  PID:9464
- C:\Windows\System\jiQbNLx.exe
  C:\Windows\System\jiQbNLx.exe
  2⤵
  PID:9484
- C:\Windows\System\bPMqAJI.exe
  C:\Windows\System\bPMqAJI.exe
  2⤵
  PID:9500
- C:\Windows\System\FRPfAPD.exe
  C:\Windows\System\FRPfAPD.exe
  2⤵
  PID:9520
- C:\Windows\System\ZQpAfrD.exe
  C:\Windows\System\ZQpAfrD.exe
  2⤵
  PID:9540
- C:\Windows\System\YNDgBDy.exe
  C:\Windows\System\YNDgBDy.exe
  2⤵
  PID:9560
- C:\Windows\System\yRFmJAL.exe
  C:\Windows\System\yRFmJAL.exe
  2⤵
  PID:9584
- C:\Windows\System\DoKoYMI.exe
  C:\Windows\System\DoKoYMI.exe
  2⤵
  PID:9604
- C:\Windows\System\QwQxnNp.exe
  C:\Windows\System\QwQxnNp.exe
  2⤵
  PID:9628
- C:\Windows\System\pswyLbI.exe
  C:\Windows\System\pswyLbI.exe
  2⤵
  PID:9644
- C:\Windows\System\hWKwBKH.exe
  C:\Windows\System\hWKwBKH.exe
  2⤵
  PID:9668
- C:\Windows\System\qeofwff.exe
  C:\Windows\System\qeofwff.exe
  2⤵
  PID:9692
- C:\Windows\System\FcqiIhU.exe
  C:\Windows\System\FcqiIhU.exe
  2⤵
  PID:9708
- C:\Windows\System\YGAPBeB.exe
  C:\Windows\System\YGAPBeB.exe
  2⤵
  PID:9728
- C:\Windows\System\SpYmAwy.exe
  C:\Windows\System\SpYmAwy.exe
  2⤵
  PID:9744
- C:\Windows\System\oAgfaui.exe
  C:\Windows\System\oAgfaui.exe
  2⤵
  PID:9760
- C:\Windows\System\lsvJHbb.exe
  C:\Windows\System\lsvJHbb.exe
  2⤵
  PID:9784
- C:\Windows\System\xRwFWpQ.exe
  C:\Windows\System\xRwFWpQ.exe
  2⤵
  PID:9804
- C:\Windows\System\loYaoLw.exe
  C:\Windows\System\loYaoLw.exe
  2⤵
  PID:9820
- C:\Windows\System\vlIRWVv.exe
  C:\Windows\System\vlIRWVv.exe
  2⤵
  PID:9836
- C:\Windows\System\ztdkRks.exe
  C:\Windows\System\ztdkRks.exe
  2⤵
  PID:9852
- C:\Windows\System\sbJZhYX.exe
  C:\Windows\System\sbJZhYX.exe
  2⤵
  PID:9868
- C:\Windows\System\VmPIabI.exe
  C:\Windows\System\VmPIabI.exe
  2⤵
  PID:9884
- C:\Windows\System\YOlwyYU.exe
  C:\Windows\System\YOlwyYU.exe
  2⤵
  PID:9900
- C:\Windows\System\yQCpEGM.exe
  C:\Windows\System\yQCpEGM.exe
  2⤵
  PID:9920
- C:\Windows\System\GisJNxt.exe
  C:\Windows\System\GisJNxt.exe
  2⤵
  PID:9948
- C:\Windows\System\FPlEpYY.exe
  C:\Windows\System\FPlEpYY.exe
  2⤵
  PID:9972
- C:\Windows\System\dGTHGwA.exe
  C:\Windows\System\dGTHGwA.exe
  2⤵
  PID:9996
- C:\Windows\System\pxrKyTu.exe
  C:\Windows\System\pxrKyTu.exe
  2⤵
  PID:10012
- C:\Windows\System\LezktpG.exe
  C:\Windows\System\LezktpG.exe
  2⤵
  PID:10044
- C:\Windows\System\UIJjxnT.exe
  C:\Windows\System\UIJjxnT.exe
  2⤵
  PID:10068
- C:\Windows\System\sdXOldf.exe
  C:\Windows\System\sdXOldf.exe
  2⤵
  PID:10084
- C:\Windows\System\XeuZLhs.exe
  C:\Windows\System\XeuZLhs.exe
  2⤵
  PID:10108
- C:\Windows\System\POWOYXC.exe
  C:\Windows\System\POWOYXC.exe
  2⤵
  PID:10124
- C:\Windows\System\pwhFJNP.exe
  C:\Windows\System\pwhFJNP.exe
  2⤵
  PID:10148
- C:\Windows\System\CildZFu.exe
  C:\Windows\System\CildZFu.exe
  2⤵
  PID:10192
- C:\Windows\System\mxHtqOT.exe
  C:\Windows\System\mxHtqOT.exe
  2⤵
  PID:10208
- C:\Windows\System\sTVGBwR.exe
  C:\Windows\System\sTVGBwR.exe
  2⤵
  PID:10224
- C:\Windows\System\rttrthA.exe
  C:\Windows\System\rttrthA.exe
  2⤵
  PID:9248
- C:\Windows\System\vXlVccx.exe
  C:\Windows\System\vXlVccx.exe
  2⤵
  PID:9256
- C:\Windows\System\taeAbmg.exe
  C:\Windows\System\taeAbmg.exe
  2⤵
  PID:9276
- C:\Windows\System\hQnsoCd.exe
  C:\Windows\System\hQnsoCd.exe
  2⤵
  PID:9364
- C:\Windows\System\xUkGnSq.exe
  C:\Windows\System\xUkGnSq.exe
  2⤵
  PID:9312
- C:\Windows\System\nuhiWhH.exe
  C:\Windows\System\nuhiWhH.exe
  2⤵
  PID:9392
- C:\Windows\System\ZKrTQLm.exe
  C:\Windows\System\ZKrTQLm.exe
  2⤵
  PID:9424
- C:\Windows\System\dQxWZSR.exe
  C:\Windows\System\dQxWZSR.exe
  2⤵
  PID:9452
- C:\Windows\System\FyKAXTv.exe
  C:\Windows\System\FyKAXTv.exe
  2⤵
  PID:9492
- C:\Windows\System\iczujqv.exe
  C:\Windows\System\iczujqv.exe
  2⤵
  PID:9528
- C:\Windows\System\OtCfqnH.exe
  C:\Windows\System\OtCfqnH.exe
  2⤵
  PID:9548
- C:\Windows\System\UhdxXIN.exe
  C:\Windows\System\UhdxXIN.exe
  2⤵
  PID:9596
- C:\Windows\System\hBTJiox.exe
  C:\Windows\System\hBTJiox.exe
  2⤵
  PID:9624
- C:\Windows\System\iVZsIrd.exe
  C:\Windows\System\iVZsIrd.exe
  2⤵
  PID:9664
- C:\Windows\System\iJqvgZI.exe
  C:\Windows\System\iJqvgZI.exe
  2⤵
  PID:9688
- C:\Windows\System\HukwVoI.exe
  C:\Windows\System\HukwVoI.exe
  2⤵
  PID:9736
- C:\Windows\System\gahvGBv.exe
  C:\Windows\System\gahvGBv.exe
  2⤵
  PID:9780
- C:\Windows\System\oFTSIZT.exe
  C:\Windows\System\oFTSIZT.exe
  2⤵
  PID:9816
- C:\Windows\System\njzOOKa.exe
  C:\Windows\System\njzOOKa.exe
  2⤵
  PID:9792
- C:\Windows\System\pKzemax.exe
  C:\Windows\System\pKzemax.exe
  2⤵
  PID:9800
- C:\Windows\System\SOfGzpT.exe
  C:\Windows\System\SOfGzpT.exe
  2⤵
  PID:9912
- C:\Windows\System\wFXrMKb.exe
  C:\Windows\System\wFXrMKb.exe
  2⤵
  PID:9964
- C:\Windows\System\uDsZcSo.exe
  C:\Windows\System\uDsZcSo.exe
  2⤵
  PID:9932
- C:\Windows\System\ZwDDUTw.exe
  C:\Windows\System\ZwDDUTw.exe
  2⤵
  PID:10020
- C:\Windows\System\umWJgsn.exe
  C:\Windows\System\umWJgsn.exe
  2⤵
  PID:10036
- C:\Windows\System\XlWlxZU.exe
  C:\Windows\System\XlWlxZU.exe
  2⤵
  PID:10060
- C:\Windows\System\QbgaZVO.exe
  C:\Windows\System\QbgaZVO.exe
  2⤵
  PID:10104
- C:\Windows\System\pziiVxi.exe
  C:\Windows\System\pziiVxi.exe
  2⤵
  PID:10140
- C:\Windows\System\FGvdVjS.exe
  C:\Windows\System\FGvdVjS.exe
  2⤵
  PID:9656
- C:\Windows\System\Ommqxsy.exe
  C:\Windows\System\Ommqxsy.exe
  2⤵
  PID:10164
- C:\Windows\System\PJmKuAG.exe
  C:\Windows\System\PJmKuAG.exe
  2⤵
  PID:10232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AcUzacA.exe

Filesize
6.0MB

MD5
47cfdfc1e66cf7f4d3409e6e5bce33d4

SHA1
4dc90ea3f871764c0227f5ecec98d8e3808b1733

SHA256
65b77aaf9d6e9af1ab856639de737a192c7dcc59479312c06b04f9921564fa87

SHA512
37b866e0d1d14a966c4950f575fce7a9f48210c8d8835abcd9948f4f9211116869162fdcc03a344bafb524f4487d224844fe775148938744b9418893fef3f22b

Download Submit
C:\Windows\system\HEPXVRG.exe

Filesize
6.0MB

MD5
9e63977905a9fcd729029a3f5df9f7cf

SHA1
aeda63a24eb8a57c64a46c97ee8f70513a2edd91

SHA256
c292f31a578be6ded2a52a78f80ba21747405cd06c253df32e1fd6bbf9f5ead0

SHA512
2611a689efa77e111a701a49031193225c88565438ad0fc9bc483ce50e2abf616d5b6a09c0b23161e3ef102c54deec2c0b01e5f14d372fffb8bfdac3c1141bc0

Download Submit
C:\Windows\system\HsRDUuA.exe

Filesize
6.0MB

MD5
8fefcdb25dc67ad1577fb75d35a7f44e

SHA1
95d17e859b2675a284a4d080e5dc43a2327bf191

SHA256
888f81a276d957349e88c10126c1d09bc5e2afc069c086d2931cc949b95e6c60

SHA512
1e7867bfb3245c04211c062d2f61396c738453aa253c8935efad5d47fff589027c3be38c15429048f42cec7d7edae5a2aea907f6a67943e05680cc3ee92cef8c

Download Submit
C:\Windows\system\IGMTNwm.exe

Filesize
6.0MB

MD5
fac265a0e8af768c599cbe721b27c3c8

SHA1
efcf9b61cd8818fd0ac3ec96d45aec35d0a9de54

SHA256
c8ed379da32914f1f2c49436f9a43a260e64ae8dfd5378fd674a4dcd19f262b8

SHA512
b50dc122205eebb1acafd3065b93d110416b2d9df1db641fcbbb57b9c65c01d496b5b24263ebd4b4e509a18b1ae2117228595ee53058f71da176acc06c2eec44

Download Submit
C:\Windows\system\IHkohjb.exe

Filesize
6.0MB

MD5
9aaaea111a511a26de12f38ce86a5f8d

SHA1
9e3614ffcbe77dd1e2f4a4c78b764789813ed980

SHA256
1f785068fbb55834044ee7edefc3ae58fc22fb8268c8f570a59fb3b51cfe9cea

SHA512
6b310f7fbc04cc9b68607a872ae0eef4885d3c288f46394bc53de55690342f861342ec39af27d5d17ca53f8fcc11be0609dd228562adbdfe2a0078b9eb0056c3

Download Submit
C:\Windows\system\KFsgSVZ.exe

Filesize
6.0MB

MD5
3dab08ba42fb2c0afbe55e9935efbcfe

SHA1
2d9dbc47a33d92dbdfbe116365668699f6b47946

SHA256
a4e0df88e2c7fd94d39934ecdb21e0d8aeb980f1a3384da61fd2377c0d6d01bf

SHA512
6684aa06486d931e007211543461891d5b094bbeed34399788b24153dc1ae1890f696b927df5573469e21a7c1dc3d138da624a0988fd33e416008164a05a148e

Download Submit
C:\Windows\system\LpAaXXm.exe

Filesize
6.0MB

MD5
2ab32303c30a6d1c40303eff9ac3eed0

SHA1
b74076a536bbc2436fa2bab0883874efb8586965

SHA256
d8331aa2cb2ce870877c5a7dd93ea009edf86a6f647d0d733ecfc4f88ca5431b

SHA512
66f2eb59a974efd6d61a52c55a52ca9c2ae37e15cb310cde6b220b2f38703ee94bc782faee7f56367ca2b333e6b410ab1a43b8f8f91c621829d68b2ae519ee2b

Download Submit
C:\Windows\system\OJkHale.exe

Filesize
6.0MB

MD5
b42e46175dd40d0c5dbdbd7b666f4f3d

SHA1
a345cb1cf8d4f9a0d48ae2c66cdfed4d83e9e93b

SHA256
2f045539698c74fbfedb6b060a10dbdc27f83d74da9fcfc3fcdb91f1c5533137

SHA512
c63be8c5406617d81b9a940f375916c7ced7bde2e3eff1c11e47ede6bdeab152549db912b20aa5e5ee88760db203ea13557a7ca7bcfd48a4d886a4dffe7ccb15

Download Submit
C:\Windows\system\RIndTyQ.exe

Filesize
8B

MD5
1958057b1cb976b1a539dcb401d7083f

SHA1
4d7888c6ed97914cc959147f73f1497753ec2fd6

SHA256
8b897faa959ac8b5dac7eb8342ade99c4529d160b654c6b03a8a24efdeaf7ef4

SHA512
bb3757a0eb894392d040bff866a75240dadb7d68a953dbd6d5d35ed444d53a20ee1c93c019083f9941b52316e473e978cc1a9c95398ed54ffaefe183468d835b

Download Submit
C:\Windows\system\RaKBDWR.exe

Filesize
6.0MB

MD5
668a6383054e42bd3a5d2be1c41bf5f1

SHA1
abc02948242ce18dc171da6237bf4a342bcaa193

SHA256
5fefcdd90e201dff2ae2bc7ff06454312ec250057909ca6f2a52a5fcfa7cfe52

SHA512
4e82f82ba52122794dbd64a2011f02712e9605f0de448d35765025d7212bcb76bab32ecba8c78f9e04d3cf3ec72762f4146ba505ebf170c4e61686e911828e2a

Download Submit
C:\Windows\system\RhxmHSS.exe

Filesize
6.0MB

MD5
e967526f894c5390397353f8d5d0344d

SHA1
5bf5e9cd2e2bc67c5692730c2d3f0463de2eaeee

SHA256
7ca72ffca2f71ff2fc6fcdc894d7c124bc7514322ce8e074dc27769ca90c51f7

SHA512
95d3b0239873d49aae19b43b4bfb43468fc8870764bbe176ac0b82e177619cce84b6d62be5bf75bc18def65031ec23aacb072cf8690ab09f529e232241cde765

Download Submit
C:\Windows\system\SDXnOqq.exe

Filesize
6.0MB

MD5
ce8254590b51ca25bb3f372b262ecc34

SHA1
3bc958112b6f5c1c73ee32458d9c0bd674ba8f7a

SHA256
d86e468c973891ffab81ec6cc7f03aa10291ca69db23b30f311c0644aeb1339d

SHA512
d0af60735935b7ca89561fad6960a866b0d683d1441123f44ca0cffb5544efbe3520062a28b88c67ec933bfbff8b03700cc4bfc05da7c6600d0cf29aa392adad

Download Submit
C:\Windows\system\SgQqwKs.exe

Filesize
6.0MB

MD5
ddb2e9ea7924e986780e48f3bc5ce92a

SHA1
62b50d58d12db6f189a114775a5f48ce43055d67

SHA256
dabe81e2c3d7d648ee55aef290b0ae331f5b3d1230cd7cdfc052146dd143867b

SHA512
47c02ecef195a63b8c56f92b0dff7cba67287f15ae98af3c3a422e67fbdc4dee2db3fbd54ff1200cfca931d4dbc3f752866ccb407a76dbf9b3931419732b5bc4

Download Submit
C:\Windows\system\UoArzFw.exe

Filesize
6.0MB

MD5
4e3a49790d76a80a80af3351a30bed60

SHA1
899b9bebe96815b6f314c7d648f0ae2bb8185527

SHA256
a5c1eba53246547873d50af0cd890b40408cf32e620b5bd8bf00b0fab260c0a6

SHA512
6bc2555dd4e72df0616d1699fd29c4c6c38ab4557ec319013fcc2e6a6ad3c397974176cfc5bf7687a3aab17f79a210d938f602bab903a9561dab9a11d1cf86f3

Download Submit
C:\Windows\system\VIsphXc.exe

Filesize
6.0MB

MD5
be52f33ea314f627fd0cfcc10f7b32c9

SHA1
114e8ac60b794ca8105c6f504155073f3dc9c24c

SHA256
5fd8a47b060f5f758e0490ef362e2f8bfdb4e4055756fd48f46916d6fe1291c1

SHA512
010e8845d6091c2310af7fcbb1e05e91748c53151cb91ecd80eef2d08c6e7a8102e551b999b7f04795ad2da19d3984df4fe9f0d23588b1e98545831eb7de6883

Download Submit
C:\Windows\system\aONbKOv.exe

Filesize
6.0MB

MD5
cb3ca6463316a5f59e7dea378d970f94

SHA1
e55c364b13d4c052012f73ac53ba4168e1ea615e

SHA256
73e7622e731e490f0f7e5d8ede6babfa32ee6f2782c812aed1c866555200b817

SHA512
b120ce83faf1e1e38744d449f545de08e90e8b9aadbb729c130b3009c4a2d410e5d9352619478e818cb21d0e79b316daf6f88ab07b31fc6a56214ddc7ac80654

Download Submit
C:\Windows\system\dlxcGyB.exe

Filesize
6.0MB

MD5
039c23a42c9bbf8d32b934fd44f0729a

SHA1
a35c84438584b726126159779dffd27d9b83bdb7

SHA256
9a65294fdfce9b21130da6704cc07247618c6ed9f5c9569c795919766430860a

SHA512
8fce9d2a202f337e1118dacdbc89ea1bd51c0e1ac7b2bd1d10a1340360ae0697eff7255c7a00442f3e2dd2240ed6fa779f7b54954a2d0ae964da561d22086ff3

Download Submit
C:\Windows\system\imOhWCz.exe

Filesize
6.0MB

MD5
6a085e9f12b5fc216160ce8970167421

SHA1
9e9f9fa54c2fab696a7a57950136a666aa8bf5c9

SHA256
30c4eeb425244c102def46d7e909a4b7de9aa2c057d2e43674feb10c2e069aed

SHA512
3625fa10b2a36fd12e124d53ed2a1e0df204d7632b818b4bf07020ac5c9ab35249e185f2d4a9c6487d29a74f5ed382d9a6beb23a25b2d9e92b4286be6e988ff5

Download Submit
C:\Windows\system\jhtUAmx.exe

Filesize
6.0MB

MD5
d9336b42bc7ce333e943be242f3cfc4a

SHA1
fc5f11e04e07cad9dfda1dafc4e0788e763d1926

SHA256
c2fa5aa4e4438ac2798ff9363ff46c8e8c47e4747c567b341b2a2ea863e2a914

SHA512
95956c42a0e48307edfc22f2c6fc8bc5cae093e2f270a8a4b186d2008f4b5bf0d41dde742578d6003a1c1237f79649ba24a5f2a467a7fc4440201321d3581d67

Download Submit
C:\Windows\system\jwsRGOf.exe

Filesize
6.0MB

MD5
df72d7fd7d557cd6b063511207d8b972

SHA1
3a28443d8ce6458ca04ca71d4bfe2182f187611c

SHA256
b3987155fac688b0eddee8a6f1ca33943a9f5ec6c406980b56b8be8fa7ce89e6

SHA512
cc1e9245232c425162f47a369aa2da1b7ec58f170a9cf6542ea6fb3c7e0e60c27e0c86f31f0c44dd6db2ff677ff1217cbf25f5caab8250d77f3650f5861bc52c

Download Submit
C:\Windows\system\mmaZcyG.exe

Filesize
6.0MB

MD5
943acd737ddbc6a40a9bb20b3ccb807e

SHA1
d016d6fc5488bd70b1f2331de32163956dfdf6e3

SHA256
1b42e2a3473949789bf89e7a5e3d0401e5000526133863d245e51fcfb32a5795

SHA512
0277dc61d72b35f4b7eee3c6b254ebabb9a8bc32f283cae1929854e0905e34edf0be145a72d324368ca2bee528a0e354627976666cfac4fc774b6fdafabfa82d

Download Submit
C:\Windows\system\omoZyxx.exe

Filesize
6.0MB

MD5
e5f65b407a6f412accc9e5dc262b0973

SHA1
8f942027eeb10d633abcc1fcd9418f1d2ae1e6dc

SHA256
775e26b75fba21df326bade5291def920ccbbafbf6019297f279ec7aa85c11af

SHA512
f32903d6aeaa0a1c30077ab8d8390d0b5a0bf471944a7c7ffc35866a0e3a7da178e457177631ee0dbb258ca3e1af58caa670bc1902dfebc68cb99a103af04b82

Download Submit
C:\Windows\system\qPdXLzN.exe

Filesize
6.0MB

MD5
f8727b7384f02b3026d5282cd808c9af

SHA1
e6d36082c9bb12bda82564760e6a4a3fb2dee927

SHA256
d01ae078761e0cbe9ef12aa2158102e7c7c6d277d1433005c638b66c0667a5f6

SHA512
31cee0c84685eb91b07df939ba2490a652cc549147b20d77f03d0376f6cc60fa2b5b65d8885f58b5964d8d48fb50d7cb6d1ec24134a07a156c5c7be4213d15a1

Download Submit
C:\Windows\system\tiueQOr.exe

Filesize
6.0MB

MD5
b3e0990f4422b92de5dd399ec92e9097

SHA1
c040cf6195682dc3505b0cd091881540feb0798b

SHA256
8185c4294694e65ee4bd31282ac2a407f47d9831b364fd99d57f41faf7d098c4

SHA512
1e93dc90733b5cedb36f070ae250551eb365602f7190189548d125a9a62c6a474814e353dcc1ceac7be2753d47449628d897316566022cd8f9704f006d4acebe

Download Submit
C:\Windows\system\xNShwWo.exe

Filesize
6.0MB

MD5
9608d8eaf2f31dd1996020a8474933e7

SHA1
4d03d35bb104d0a6cf9fee0021330ba4bfc03303

SHA256
ea23676aef71b8a7e198affe7c18a79ad5f5c539e476f73081a6abf9c8b4039c

SHA512
8e087e91b5481716b6b72124cf95d7d7f0424277440534ca361c024fb4f292c4af564446784605bb00713f8c2abb486c8623e1f1c19ce748d9092c946765f20f

Download Submit
\Windows\system\MWggXGP.exe

Filesize
6.0MB

MD5
518f0d63b3a8f75f8b56265a61565b8b

SHA1
a7bc6f36e9a0afe4a291bfb38021278111fb951f

SHA256
9c64e0f41561d84bcc66afcd73f7b88e076a0f80e8b8a61e7c60abd0db6c3889

SHA512
624ddb2ae5e4865ee4f7d883122759ddbfcf7f3234e505f5245c3ef3495d1c5b9c5b53da03746ee6c7008fab696ef34f50d4609c3cf4ca2aaf7cfc45a9d1d384

Download Submit
\Windows\system\UiCnVTh.exe

Filesize
6.0MB

MD5
45126d7827b9608417bd3d6b24ef5cda

SHA1
81e856ea89c9bd7c54d8d204dba0eda49ce78c1d

SHA256
73ce47cd89e72fad94f8f0a9b71e03ae5eab25bcfd07225145b714f9d4230ca9

SHA512
6cd00ab8d6d52b975e7c30d4dc320f2a55151932480fb9c5264379ab34895435f6595e6f43ea4bc269d966efa91dc30ec33044ab3eb292ec4059495caa14ab54

Download Submit
\Windows\system\gSuVhnJ.exe

Filesize
6.0MB

MD5
8c92e0d84a67d0673c34643bde44d035

SHA1
780e01893c2c77f3169c5e77b82cc6a8090ddfe0

SHA256
e8bcac93f4226fc832add5b1e47fea3f96d1b726e4a95be1c79bd3d3eac37df5

SHA512
1ec6fc77ba2000d31c5272fbbb440e04aa5321192a10b01b88579dfbd2bdfd998d04238f62982d5ff8b97480f87bba33d143c62a81fc3327c9ed33cc481d00fa

Download Submit
\Windows\system\gVZufRP.exe

Filesize
6.0MB

MD5
42827c1b383f927b5ac550da728f4382

SHA1
f885bfbf27dd83bb9bb00429b1c1c1904bd623da

SHA256
4fe97f4b101339c9cd2c8afca3fa37f7cfa7a74dc47fdccf5f5534a18ff70f75

SHA512
e77c1d1b703f331a4beb9a9f9980463a95c185c862091ed742560a8ecda9d9ebbc9e1963a5406f98f7b423acdf616c13f68dc6a33941b465d670d944549483c0

Download Submit
\Windows\system\pYraIYI.exe

Filesize
6.0MB

MD5
e3a5cb72a9c9f5bc4ecaae7fe1dc96de

SHA1
e27c0d3401653e7479290925374179bfe0c81408

SHA256
335ad337a3d0089ceb339633e8df7e165a53d53d1db110bd73002fac1badb162

SHA512
a4df79d181f82def469396af825922b580050a6b78f234361fc0bca3774d738cdaa6e9d9c2849110d082b436380b651ff6b256e1a6d28cbdc2c13b96e1e7b282

Download Submit
\Windows\system\vFPcwoK.exe

Filesize
6.0MB

MD5
1a52d3e98f8c5ae5c5c1ad8c0a9c9139

SHA1
e050665bcc23914122595fdfac20022be88ac3e2

SHA256
117c87fa676d1842a9ecf2e68f380fcfd3c623b4f9c8cf5c8b80cc66cf0a290a

SHA512
e9a700377897a64c9e6e470d553244bdccba04c7de2223760530e641fe34f7ee343f4e7798b2e1be6e3a58cff8151c4b048bd8c0523c6a7425a67d3d497fa0ce

Download Submit
\Windows\system\xBhSLfF.exe

Filesize
6.0MB

MD5
e8bd69bde4452ffbd8fba7a6f0fe7683

SHA1
74b4b12667d45b92ec2679614121703c90c7b60b

SHA256
7320039b35efda8c931f5bcb70cb7c9979147ff0d3d7dc686d65bf07e1886f62

SHA512
3a7e2cf91c96d0e359d7933c4b17c3d59183ff031d5d68e84af5203df7b92c4d8140a9b47c645d14c908e2f566ea36d60fe60bbd92135462d45394e5635aac9b

Download Submit
\Windows\system\yaHszHT.exe

Filesize
6.0MB

MD5
7556e8eb3438a44ab7869a85ea9b6383

SHA1
096c2a7b54c1774d43ba87bb971357d080ebf3d6

SHA256
91afa1b24033f9bc657ac8dbee87fd36764a417c1882648a067cf071b30a19d5

SHA512
f07ffe30358d9d39e4de365865c0613d1e2969ca0ec0bbd4658f102e8ea7f51f936e1cb7271d5c970f298002f1094b851af4190c3869c9aec33fe39715e5526d

Download Submit
memory/560-2259-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/560-2483-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/560-71-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/560-1-0x0000000000090000-0x00000000000A0000-memory.dmp

Filesize
64KB

Download
memory/560-2569-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/560-65-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/560-2480-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/560-2478-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/560-2477-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/560-2449-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/560-1315-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/560-1298-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/560-1306-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/560-0-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/560-1339-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/560-1337-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/560-1924-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/560-52-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/560-1769-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/560-58-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/560-6-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/560-47-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/560-12-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/560-22-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/560-25-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/560-37-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/560-36-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/560-31-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/1708-3408-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/1708-1311-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2204-1290-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2204-3351-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2248-3081-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-21-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2248-56-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2304-3078-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2304-50-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2304-16-0x000000013F0F0000-0x000000013F444000-memory.dmp

Filesize
3.3MB

Download
memory/2376-1333-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2376-3405-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3389-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2656-1302-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-2260-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2692-69-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2692-4687-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2700-41-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2700-3042-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-59-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3237-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3098-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2764-34-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2764-74-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2780-55-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2780-3229-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2780-1559-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3082-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-68-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-28-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1297-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3399-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2968-2080-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2968-62-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2968-3243-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download