cobaltstrike | b1144d8c10ebd032e43b418df1384c31c9a0f9c18163367850529119d3e3de18

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

0741086eecb3c9d9c722717ed4574d94
SHA1

3e6390e0c2d91fdd461c124658264f5ab1c2b54d
SHA256

b1144d8c10ebd032e43b418df1384c31c9a0f9c18163367850529119d3e3de18
SHA512

9596e0bc75f4a1afebe5b3f462bc1e23962857d8da393399924e490b8bb8abeceaf6d0507b16ca35462580beeef69525e8fb9000949741181797e87764b88d69
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUt:T+q56utgpPF8u/7t

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b0000000120f6-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015e48-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec9-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f71-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ff5-33.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d3f-48.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001630a-43.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d47-53.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016101-39.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4f-58.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd9-83.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-93.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017491-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018669-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018731-186.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f8-181.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f2-176.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001868b-171.dat	cobalt_reflective_dll
behavioral1/files/0x0011000000018682-166.dat	cobalt_reflective_dll
behavioral1/files/0x0033000000015d41-161.dat	cobalt_reflective_dll
behavioral1/files/0x001400000001866f-155.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175e7-123.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001747d-113.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001743a-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017047-103.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb4-98.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de0-88.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d72-78.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6d-73.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d69-68.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d63-63.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2900-0-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/files/0x000b0000000120f6-3.dat	xmrig
behavioral1/files/0x0008000000015d81-12.dat	xmrig
behavioral1/files/0x0008000000015e48-14.dat	xmrig
behavioral1/files/0x0007000000015ec9-19.dat	xmrig
behavioral1/memory/2328-18-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2660-23-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f71-28.dat	xmrig
behavioral1/files/0x0007000000015ff5-33.dat	xmrig
behavioral1/files/0x0006000000016d3f-48.dat	xmrig
behavioral1/files/0x000800000001630a-43.dat	xmrig
behavioral1/files/0x0006000000016d47-53.dat	xmrig
behavioral1/files/0x0007000000016101-39.dat	xmrig
behavioral1/files/0x0006000000016d4f-58.dat	xmrig
behavioral1/files/0x0006000000016dd9-83.dat	xmrig
behavioral1/files/0x0006000000016dea-93.dat	xmrig
behavioral1/files/0x0006000000017491-118.dat	xmrig
behavioral1/files/0x0006000000018669-128.dat	xmrig
behavioral1/memory/2816-131-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/540-140-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	xmrig
behavioral1/memory/528-146-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2832-156-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/files/0x0005000000018731-186.dat	xmrig
behavioral1/memory/2900-848-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2816-918-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/2660-912-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2328-906-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x00050000000186f8-181.dat	xmrig
behavioral1/files/0x00050000000186f2-176.dat	xmrig
behavioral1/files/0x000500000001868b-171.dat	xmrig
behavioral1/files/0x0011000000018682-166.dat	xmrig
behavioral1/files/0x0033000000015d41-161.dat	xmrig
behavioral1/files/0x001400000001866f-155.dat	xmrig
behavioral1/memory/2900-153-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2132-151-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/2592-148-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2900-147-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/1656-144-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/2900-143-0x000000013F5C0000-0x000000013F914000-memory.dmp	xmrig
behavioral1/memory/1500-142-0x000000013F060000-0x000000013F3B4000-memory.dmp	xmrig
behavioral1/memory/2652-132-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/536-138-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2900-137-0x00000000023F0000-0x0000000002744000-memory.dmp	xmrig
behavioral1/memory/2188-136-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/1312-134-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2900-133-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/files/0x00060000000175e7-123.dat	xmrig
behavioral1/files/0x000600000001747d-113.dat	xmrig
behavioral1/files/0x000600000001743a-108.dat	xmrig
behavioral1/files/0x0006000000017047-103.dat	xmrig
behavioral1/files/0x0006000000016eb4-98.dat	xmrig
behavioral1/files/0x0006000000016de0-88.dat	xmrig
behavioral1/files/0x0006000000016d72-78.dat	xmrig
behavioral1/files/0x0006000000016d6d-73.dat	xmrig
behavioral1/files/0x0006000000016d69-68.dat	xmrig
behavioral1/files/0x0006000000016d63-63.dat	xmrig
behavioral1/memory/2832-3998-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2328-3999-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2660-4000-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2652-4002-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2816-4001-0x000000013F550000-0x000000013F8A4000-memory.dmp	xmrig
behavioral1/memory/536-4005-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2188-4004-0x000000013F2C0000-0x000000013F614000-memory.dmp	xmrig
behavioral1/memory/1312-4003-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2832	HAYRIuU.exe
2328	ESkbUDM.exe
2660	POrxTDt.exe
2816	LkqhYMW.exe
2652	GoIjvww.exe
1312	UXZtVIe.exe
2188	MMVqnLK.exe
536	vlgjLVa.exe
540	yruFxjq.exe
1500	ZJnRxBn.exe
1656	ThzGaMg.exe
528	vPALaiE.exe
2592	LEqWUGE.exe
2132	CLSUHkP.exe
2136	koNhHil.exe
3056	sutsViM.exe
2952	fRNkJDX.exe
2868	zHquXgR.exe
2944	aQNBNIQ.exe
2104	iMFXZjI.exe
1764	CLQpDhz.exe
1976	AnibNYp.exe
2244	tlcqxBK.exe
1232	IVCNWFO.exe
1672	XnzATuN.exe
2008	xhqBNwx.exe
1652	qgqGBwX.exe
648	NDrijlo.exe
3036	FkFmVSA.exe
1492	awBZTDI.exe
1704	KdTrEbI.exe
1632	MrgvSlf.exe
1560	zcnUQeM.exe
1568	jvLdhrw.exe
868	qbFkNQj.exe
1192	cwYweLo.exe
1744	SRxrWtt.exe
936	MoFFepa.exe
548	RNlLlsd.exe
2156	EoTlXvn.exe
316	dthlOHp.exe
2556	RWmawlH.exe
2908	XvzzVRu.exe
2520	DyBCVJg.exe
2340	wPxKZWc.exe
1684	zWQYrwx.exe
3000	eJzlMxy.exe
1068	PDKingw.exe
876	LuFLprt.exe
396	ahFkYnW.exe
1612	CrgaMOx.exe
2844	khdbkLz.exe
2792	XEemXwb.exe
2668	shIXjhB.exe
1556	sTgDJOY.exe
2392	dEUVCOY.exe
500	qpVDxFt.exe
1512	BNapMRA.exe
1532	HtWjRnn.exe
2072	RdeUiHE.exe
3016	mokLhBv.exe
2972	ZEUCBpH.exe
2720	gjzjKFN.exe
2528	VgbKpmP.exe

Loads dropped DLL 64 IoCs

pid	Process
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2900-0-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/files/0x000b0000000120f6-3.dat	upx
behavioral1/files/0x0008000000015d81-12.dat	upx
behavioral1/files/0x0008000000015e48-14.dat	upx
behavioral1/files/0x0007000000015ec9-19.dat	upx
behavioral1/memory/2328-18-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2660-23-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x0007000000015f71-28.dat	upx
behavioral1/files/0x0007000000015ff5-33.dat	upx
behavioral1/files/0x0006000000016d3f-48.dat	upx
behavioral1/files/0x000800000001630a-43.dat	upx
behavioral1/files/0x0006000000016d47-53.dat	upx
behavioral1/files/0x0007000000016101-39.dat	upx
behavioral1/files/0x0006000000016d4f-58.dat	upx
behavioral1/files/0x0006000000016dd9-83.dat	upx
behavioral1/files/0x0006000000016dea-93.dat	upx
behavioral1/files/0x0006000000017491-118.dat	upx
behavioral1/files/0x0006000000018669-128.dat	upx
behavioral1/memory/2816-131-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/540-140-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/528-146-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2832-156-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x0005000000018731-186.dat	upx
behavioral1/memory/2900-848-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2816-918-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/2660-912-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2328-906-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x00050000000186f8-181.dat	upx
behavioral1/files/0x00050000000186f2-176.dat	upx
behavioral1/files/0x000500000001868b-171.dat	upx
behavioral1/files/0x0011000000018682-166.dat	upx
behavioral1/files/0x0033000000015d41-161.dat	upx
behavioral1/files/0x001400000001866f-155.dat	upx
behavioral1/memory/2132-151-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/2592-148-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/memory/1656-144-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/1500-142-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/2652-132-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/536-138-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2188-136-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/1312-134-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/files/0x00060000000175e7-123.dat	upx
behavioral1/files/0x000600000001747d-113.dat	upx
behavioral1/files/0x000600000001743a-108.dat	upx
behavioral1/files/0x0006000000017047-103.dat	upx
behavioral1/files/0x0006000000016eb4-98.dat	upx
behavioral1/files/0x0006000000016de0-88.dat	upx
behavioral1/files/0x0006000000016d72-78.dat	upx
behavioral1/files/0x0006000000016d6d-73.dat	upx
behavioral1/files/0x0006000000016d69-68.dat	upx
behavioral1/files/0x0006000000016d63-63.dat	upx
behavioral1/memory/2832-3998-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/memory/2328-3999-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2660-4000-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2652-4002-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2816-4001-0x000000013F550000-0x000000013F8A4000-memory.dmp	upx
behavioral1/memory/536-4005-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2188-4004-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx
behavioral1/memory/1312-4003-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/1500-4007-0x000000013F060000-0x000000013F3B4000-memory.dmp	upx
behavioral1/memory/540-4006-0x000000013F7A0000-0x000000013FAF4000-memory.dmp	upx
behavioral1/memory/1656-4008-0x000000013F5C0000-0x000000013F914000-memory.dmp	upx
behavioral1/memory/528-4009-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/memory/2132-4010-0x000000013F2C0000-0x000000013F614000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uIirRqt.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOFkOsk.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpQthCF.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xlxFWQJ.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nJvgHrS.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jQxGHwB.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bVrfwKE.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kitTwOi.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xEGQkhY.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VpCclcZ.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUZOxjz.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsNPFJI.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YanebsR.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\APtUBNo.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\exgnlKU.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IpjnXHw.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jjxktjQ.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtDyrPo.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EkvEQzX.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrqLSCH.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nFnAxnC.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tZMQAjh.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iFcKypB.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fBCbmBw.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nmaDfjC.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZWMHge.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBpoIUq.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVcCaat.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuDLLba.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YUIrWmo.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ohnBjWx.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yevGDUq.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pPVUQaP.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztfNrOt.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nwJdXgB.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oLuojgl.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHUnkeG.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQLkuvE.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tWViqDO.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mnsxEHF.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GLJIQMs.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HLsBIVg.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WdyKwqo.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bTwItUw.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tCBNhbR.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBlcPIA.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YNlCHtn.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PLHTLea.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bUovsxq.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SRxrWtt.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVrUDxO.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kqUlZlF.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otLRgpF.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISMFvZi.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yEDxxdt.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fDDLOnL.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tOGjxwO.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ejMEqzj.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xgkhXjq.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eaYMeqm.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YQTqVvU.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HoRXIcC.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OjtVlcQ.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZkNpUwU.exe	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2832	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2900 wrote to memory of 2832	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2900 wrote to memory of 2832	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2900 wrote to memory of 2328	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2900 wrote to memory of 2328	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2900 wrote to memory of 2328	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2900 wrote to memory of 2660	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2900 wrote to memory of 2660	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2900 wrote to memory of 2660	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2900 wrote to memory of 2816	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2900 wrote to memory of 2816	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2900 wrote to memory of 2816	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2900 wrote to memory of 2652	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2900 wrote to memory of 2652	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2900 wrote to memory of 2652	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2900 wrote to memory of 1312	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2900 wrote to memory of 1312	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2900 wrote to memory of 1312	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2900 wrote to memory of 2188	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2900 wrote to memory of 2188	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2900 wrote to memory of 2188	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2900 wrote to memory of 536	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2900 wrote to memory of 536	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2900 wrote to memory of 536	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2900 wrote to memory of 540	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2900 wrote to memory of 540	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2900 wrote to memory of 540	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2900 wrote to memory of 1500	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2900 wrote to memory of 1500	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2900 wrote to memory of 1500	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2900 wrote to memory of 1656	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2900 wrote to memory of 1656	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2900 wrote to memory of 1656	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2900 wrote to memory of 528	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2900 wrote to memory of 528	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2900 wrote to memory of 528	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2900 wrote to memory of 2592	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2900 wrote to memory of 2592	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2900 wrote to memory of 2592	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2900 wrote to memory of 2132	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2900 wrote to memory of 2132	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2900 wrote to memory of 2132	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2900 wrote to memory of 2136	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2900 wrote to memory of 2136	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2900 wrote to memory of 2136	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2900 wrote to memory of 3056	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2900 wrote to memory of 3056	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2900 wrote to memory of 3056	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2900 wrote to memory of 2952	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2900 wrote to memory of 2952	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2900 wrote to memory of 2952	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2900 wrote to memory of 2868	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2900 wrote to memory of 2868	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2900 wrote to memory of 2868	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2900 wrote to memory of 2944	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2900 wrote to memory of 2944	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2900 wrote to memory of 2944	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2900 wrote to memory of 2104	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2900 wrote to memory of 2104	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2900 wrote to memory of 2104	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2900 wrote to memory of 1764	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2900 wrote to memory of 1764	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2900 wrote to memory of 1764	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2900 wrote to memory of 1976	2900	2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_0741086eecb3c9d9c722717ed4574d94_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\System\HAYRIuU.exe
  C:\Windows\System\HAYRIuU.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\ESkbUDM.exe
  C:\Windows\System\ESkbUDM.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\POrxTDt.exe
  C:\Windows\System\POrxTDt.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\LkqhYMW.exe
  C:\Windows\System\LkqhYMW.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\GoIjvww.exe
  C:\Windows\System\GoIjvww.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\UXZtVIe.exe
  C:\Windows\System\UXZtVIe.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\MMVqnLK.exe
  C:\Windows\System\MMVqnLK.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\vlgjLVa.exe
  C:\Windows\System\vlgjLVa.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\yruFxjq.exe
  C:\Windows\System\yruFxjq.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\ZJnRxBn.exe
  C:\Windows\System\ZJnRxBn.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\ThzGaMg.exe
  C:\Windows\System\ThzGaMg.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\vPALaiE.exe
  C:\Windows\System\vPALaiE.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\LEqWUGE.exe
  C:\Windows\System\LEqWUGE.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\CLSUHkP.exe
  C:\Windows\System\CLSUHkP.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\koNhHil.exe
  C:\Windows\System\koNhHil.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\sutsViM.exe
  C:\Windows\System\sutsViM.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\fRNkJDX.exe
  C:\Windows\System\fRNkJDX.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\zHquXgR.exe
  C:\Windows\System\zHquXgR.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\aQNBNIQ.exe
  C:\Windows\System\aQNBNIQ.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\iMFXZjI.exe
  C:\Windows\System\iMFXZjI.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\CLQpDhz.exe
  C:\Windows\System\CLQpDhz.exe
  2⤵
  - Executes dropped EXE
  PID:1764
- C:\Windows\System\AnibNYp.exe
  C:\Windows\System\AnibNYp.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\tlcqxBK.exe
  C:\Windows\System\tlcqxBK.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\IVCNWFO.exe
  C:\Windows\System\IVCNWFO.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\XnzATuN.exe
  C:\Windows\System\XnzATuN.exe
  2⤵
  - Executes dropped EXE
  PID:1672
- C:\Windows\System\xhqBNwx.exe
  C:\Windows\System\xhqBNwx.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\qgqGBwX.exe
  C:\Windows\System\qgqGBwX.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\NDrijlo.exe
  C:\Windows\System\NDrijlo.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\FkFmVSA.exe
  C:\Windows\System\FkFmVSA.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\awBZTDI.exe
  C:\Windows\System\awBZTDI.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\KdTrEbI.exe
  C:\Windows\System\KdTrEbI.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\MrgvSlf.exe
  C:\Windows\System\MrgvSlf.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\zcnUQeM.exe
  C:\Windows\System\zcnUQeM.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\jvLdhrw.exe
  C:\Windows\System\jvLdhrw.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\qbFkNQj.exe
  C:\Windows\System\qbFkNQj.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\cwYweLo.exe
  C:\Windows\System\cwYweLo.exe
  2⤵
  - Executes dropped EXE
  PID:1192
- C:\Windows\System\SRxrWtt.exe
  C:\Windows\System\SRxrWtt.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\MoFFepa.exe
  C:\Windows\System\MoFFepa.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\RNlLlsd.exe
  C:\Windows\System\RNlLlsd.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\EoTlXvn.exe
  C:\Windows\System\EoTlXvn.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\dthlOHp.exe
  C:\Windows\System\dthlOHp.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\RWmawlH.exe
  C:\Windows\System\RWmawlH.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\XvzzVRu.exe
  C:\Windows\System\XvzzVRu.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\DyBCVJg.exe
  C:\Windows\System\DyBCVJg.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\wPxKZWc.exe
  C:\Windows\System\wPxKZWc.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\zWQYrwx.exe
  C:\Windows\System\zWQYrwx.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\eJzlMxy.exe
  C:\Windows\System\eJzlMxy.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\PDKingw.exe
  C:\Windows\System\PDKingw.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\LuFLprt.exe
  C:\Windows\System\LuFLprt.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\ahFkYnW.exe
  C:\Windows\System\ahFkYnW.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\CrgaMOx.exe
  C:\Windows\System\CrgaMOx.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\khdbkLz.exe
  C:\Windows\System\khdbkLz.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\XEemXwb.exe
  C:\Windows\System\XEemXwb.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\shIXjhB.exe
  C:\Windows\System\shIXjhB.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\sTgDJOY.exe
  C:\Windows\System\sTgDJOY.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\dEUVCOY.exe
  C:\Windows\System\dEUVCOY.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\qpVDxFt.exe
  C:\Windows\System\qpVDxFt.exe
  2⤵
  - Executes dropped EXE
  PID:500
- C:\Windows\System\BNapMRA.exe
  C:\Windows\System\BNapMRA.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\HtWjRnn.exe
  C:\Windows\System\HtWjRnn.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\RdeUiHE.exe
  C:\Windows\System\RdeUiHE.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\mokLhBv.exe
  C:\Windows\System\mokLhBv.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\ZEUCBpH.exe
  C:\Windows\System\ZEUCBpH.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\gjzjKFN.exe
  C:\Windows\System\gjzjKFN.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\VgbKpmP.exe
  C:\Windows\System\VgbKpmP.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\EzlMRkn.exe
  C:\Windows\System\EzlMRkn.exe
  2⤵
  PID:2580
- C:\Windows\System\PtDyrPo.exe
  C:\Windows\System\PtDyrPo.exe
  2⤵
  PID:2440
- C:\Windows\System\eiLzElK.exe
  C:\Windows\System\eiLzElK.exe
  2⤵
  PID:2200
- C:\Windows\System\mKuQZGi.exe
  C:\Windows\System\mKuQZGi.exe
  2⤵
  PID:2212
- C:\Windows\System\uKBpBpt.exe
  C:\Windows\System\uKBpBpt.exe
  2⤵
  PID:2588
- C:\Windows\System\NEYJNra.exe
  C:\Windows\System\NEYJNra.exe
  2⤵
  PID:3052
- C:\Windows\System\pPorfpg.exe
  C:\Windows\System\pPorfpg.exe
  2⤵
  PID:2584
- C:\Windows\System\VjbtKiK.exe
  C:\Windows\System\VjbtKiK.exe
  2⤵
  PID:1604
- C:\Windows\System\mstnitW.exe
  C:\Windows\System\mstnitW.exe
  2⤵
  PID:1728
- C:\Windows\System\nKbDMdt.exe
  C:\Windows\System\nKbDMdt.exe
  2⤵
  PID:1712
- C:\Windows\System\TFCrsqT.exe
  C:\Windows\System\TFCrsqT.exe
  2⤵
  PID:916
- C:\Windows\System\XSZYQUv.exe
  C:\Windows\System\XSZYQUv.exe
  2⤵
  PID:1740
- C:\Windows\System\iFcKypB.exe
  C:\Windows\System\iFcKypB.exe
  2⤵
  PID:1792
- C:\Windows\System\qcoqCrE.exe
  C:\Windows\System\qcoqCrE.exe
  2⤵
  PID:2404
- C:\Windows\System\WikzECq.exe
  C:\Windows\System\WikzECq.exe
  2⤵
  PID:2544
- C:\Windows\System\duJsfoy.exe
  C:\Windows\System\duJsfoy.exe
  2⤵
  PID:888
- C:\Windows\System\VoWaUPu.exe
  C:\Windows\System\VoWaUPu.exe
  2⤵
  PID:2812
- C:\Windows\System\ERTRwYm.exe
  C:\Windows\System\ERTRwYm.exe
  2⤵
  PID:1848
- C:\Windows\System\BEENGlt.exe
  C:\Windows\System\BEENGlt.exe
  2⤵
  PID:2400
- C:\Windows\System\tjQqCFz.exe
  C:\Windows\System\tjQqCFz.exe
  2⤵
  PID:1624
- C:\Windows\System\nGtymNU.exe
  C:\Windows\System\nGtymNU.exe
  2⤵
  PID:2808
- C:\Windows\System\Cfbugeu.exe
  C:\Windows\System\Cfbugeu.exe
  2⤵
  PID:2344
- C:\Windows\System\oVkavFD.exe
  C:\Windows\System\oVkavFD.exe
  2⤵
  PID:2820
- C:\Windows\System\rNfwTXH.exe
  C:\Windows\System\rNfwTXH.exe
  2⤵
  PID:2052
- C:\Windows\System\htxBnIL.exe
  C:\Windows\System\htxBnIL.exe
  2⤵
  PID:1748
- C:\Windows\System\GFhkjlS.exe
  C:\Windows\System\GFhkjlS.exe
  2⤵
  PID:2716
- C:\Windows\System\hQXxXvk.exe
  C:\Windows\System\hQXxXvk.exe
  2⤵
  PID:3028
- C:\Windows\System\LilLHbZ.exe
  C:\Windows\System\LilLHbZ.exe
  2⤵
  PID:816
- C:\Windows\System\GQFGlpX.exe
  C:\Windows\System\GQFGlpX.exe
  2⤵
  PID:1044
- C:\Windows\System\kitTwOi.exe
  C:\Windows\System\kitTwOi.exe
  2⤵
  PID:2288
- C:\Windows\System\yzzPMpq.exe
  C:\Windows\System\yzzPMpq.exe
  2⤵
  PID:1572
- C:\Windows\System\ulgDpzW.exe
  C:\Windows\System\ulgDpzW.exe
  2⤵
  PID:112
- C:\Windows\System\MdbBnay.exe
  C:\Windows\System\MdbBnay.exe
  2⤵
  PID:1108
- C:\Windows\System\bVzGSGw.exe
  C:\Windows\System\bVzGSGw.exe
  2⤵
  PID:276
- C:\Windows\System\iZttFtC.exe
  C:\Windows\System\iZttFtC.exe
  2⤵
  PID:1028
- C:\Windows\System\wzrxxbk.exe
  C:\Windows\System\wzrxxbk.exe
  2⤵
  PID:1380
- C:\Windows\System\mnsxEHF.exe
  C:\Windows\System\mnsxEHF.exe
  2⤵
  PID:772
- C:\Windows\System\GeYPsTq.exe
  C:\Windows\System\GeYPsTq.exe
  2⤵
  PID:2632
- C:\Windows\System\kHlUlSq.exe
  C:\Windows\System\kHlUlSq.exe
  2⤵
  PID:2996
- C:\Windows\System\wdqnkDP.exe
  C:\Windows\System\wdqnkDP.exe
  2⤵
  PID:380
- C:\Windows\System\cymjnyP.exe
  C:\Windows\System\cymjnyP.exe
  2⤵
  PID:292
- C:\Windows\System\YTZpfid.exe
  C:\Windows\System\YTZpfid.exe
  2⤵
  PID:1952
- C:\Windows\System\fkPJckj.exe
  C:\Windows\System\fkPJckj.exe
  2⤵
  PID:2068
- C:\Windows\System\GcsPmHi.exe
  C:\Windows\System\GcsPmHi.exe
  2⤵
  PID:1680
- C:\Windows\System\avMKpQu.exe
  C:\Windows\System\avMKpQu.exe
  2⤵
  PID:1444
- C:\Windows\System\xrAmWoM.exe
  C:\Windows\System\xrAmWoM.exe
  2⤵
  PID:1812
- C:\Windows\System\BZOIjjh.exe
  C:\Windows\System\BZOIjjh.exe
  2⤵
  PID:2300
- C:\Windows\System\kIBvyIi.exe
  C:\Windows\System\kIBvyIi.exe
  2⤵
  PID:1040
- C:\Windows\System\hXJraSl.exe
  C:\Windows\System\hXJraSl.exe
  2⤵
  PID:1048
- C:\Windows\System\EVGmoeZ.exe
  C:\Windows\System\EVGmoeZ.exe
  2⤵
  PID:2776
- C:\Windows\System\rJLOAOz.exe
  C:\Windows\System\rJLOAOz.exe
  2⤵
  PID:2192
- C:\Windows\System\LGboSDK.exe
  C:\Windows\System\LGboSDK.exe
  2⤵
  PID:1204
- C:\Windows\System\Unxwzec.exe
  C:\Windows\System\Unxwzec.exe
  2⤵
  PID:2968
- C:\Windows\System\TDDsrFG.exe
  C:\Windows\System\TDDsrFG.exe
  2⤵
  PID:3076
- C:\Windows\System\pWFnvTf.exe
  C:\Windows\System\pWFnvTf.exe
  2⤵
  PID:3096
- C:\Windows\System\eLFrJrC.exe
  C:\Windows\System\eLFrJrC.exe
  2⤵
  PID:3116
- C:\Windows\System\grHskTJ.exe
  C:\Windows\System\grHskTJ.exe
  2⤵
  PID:3136
- C:\Windows\System\OVfijEl.exe
  C:\Windows\System\OVfijEl.exe
  2⤵
  PID:3156
- C:\Windows\System\yJhLMgT.exe
  C:\Windows\System\yJhLMgT.exe
  2⤵
  PID:3176
- C:\Windows\System\PUdUPdj.exe
  C:\Windows\System\PUdUPdj.exe
  2⤵
  PID:3196
- C:\Windows\System\xSZfcMX.exe
  C:\Windows\System\xSZfcMX.exe
  2⤵
  PID:3216
- C:\Windows\System\uxczPPA.exe
  C:\Windows\System\uxczPPA.exe
  2⤵
  PID:3232
- C:\Windows\System\cjasniA.exe
  C:\Windows\System\cjasniA.exe
  2⤵
  PID:3248
- C:\Windows\System\HGluZGh.exe
  C:\Windows\System\HGluZGh.exe
  2⤵
  PID:3276
- C:\Windows\System\WdonFKu.exe
  C:\Windows\System\WdonFKu.exe
  2⤵
  PID:3296
- C:\Windows\System\Zqrubxm.exe
  C:\Windows\System\Zqrubxm.exe
  2⤵
  PID:3316
- C:\Windows\System\QSjnPGm.exe
  C:\Windows\System\QSjnPGm.exe
  2⤵
  PID:3336
- C:\Windows\System\XDNbVpz.exe
  C:\Windows\System\XDNbVpz.exe
  2⤵
  PID:3356
- C:\Windows\System\ZJmlwMZ.exe
  C:\Windows\System\ZJmlwMZ.exe
  2⤵
  PID:3376
- C:\Windows\System\PzPKcEH.exe
  C:\Windows\System\PzPKcEH.exe
  2⤵
  PID:3396
- C:\Windows\System\TxdsWXX.exe
  C:\Windows\System\TxdsWXX.exe
  2⤵
  PID:3416
- C:\Windows\System\aijuVuL.exe
  C:\Windows\System\aijuVuL.exe
  2⤵
  PID:3436
- C:\Windows\System\nAnluNG.exe
  C:\Windows\System\nAnluNG.exe
  2⤵
  PID:3456
- C:\Windows\System\ZzUUkzn.exe
  C:\Windows\System\ZzUUkzn.exe
  2⤵
  PID:3476
- C:\Windows\System\HilWIGw.exe
  C:\Windows\System\HilWIGw.exe
  2⤵
  PID:3496
- C:\Windows\System\xoZahzf.exe
  C:\Windows\System\xoZahzf.exe
  2⤵
  PID:3516
- C:\Windows\System\mDgNufV.exe
  C:\Windows\System\mDgNufV.exe
  2⤵
  PID:3536
- C:\Windows\System\nNsAovp.exe
  C:\Windows\System\nNsAovp.exe
  2⤵
  PID:3556
- C:\Windows\System\WgeplYB.exe
  C:\Windows\System\WgeplYB.exe
  2⤵
  PID:3576
- C:\Windows\System\tYpemOb.exe
  C:\Windows\System\tYpemOb.exe
  2⤵
  PID:3596
- C:\Windows\System\cuezvsD.exe
  C:\Windows\System\cuezvsD.exe
  2⤵
  PID:3616
- C:\Windows\System\UEjqnPS.exe
  C:\Windows\System\UEjqnPS.exe
  2⤵
  PID:3636
- C:\Windows\System\YVzUtls.exe
  C:\Windows\System\YVzUtls.exe
  2⤵
  PID:3656
- C:\Windows\System\xWhxesv.exe
  C:\Windows\System\xWhxesv.exe
  2⤵
  PID:3676
- C:\Windows\System\PrvuOcx.exe
  C:\Windows\System\PrvuOcx.exe
  2⤵
  PID:3696
- C:\Windows\System\uXGIdoE.exe
  C:\Windows\System\uXGIdoE.exe
  2⤵
  PID:3716
- C:\Windows\System\YTLCFTw.exe
  C:\Windows\System\YTLCFTw.exe
  2⤵
  PID:3740
- C:\Windows\System\TrnpZAO.exe
  C:\Windows\System\TrnpZAO.exe
  2⤵
  PID:3760
- C:\Windows\System\BCImGPC.exe
  C:\Windows\System\BCImGPC.exe
  2⤵
  PID:3780
- C:\Windows\System\rekinxH.exe
  C:\Windows\System\rekinxH.exe
  2⤵
  PID:3800
- C:\Windows\System\UoMGqiU.exe
  C:\Windows\System\UoMGqiU.exe
  2⤵
  PID:3820
- C:\Windows\System\TlyLgJP.exe
  C:\Windows\System\TlyLgJP.exe
  2⤵
  PID:3836
- C:\Windows\System\komZbgZ.exe
  C:\Windows\System\komZbgZ.exe
  2⤵
  PID:3860
- C:\Windows\System\rzToqtx.exe
  C:\Windows\System\rzToqtx.exe
  2⤵
  PID:3880
- C:\Windows\System\rVynTFu.exe
  C:\Windows\System\rVynTFu.exe
  2⤵
  PID:3900
- C:\Windows\System\sMlMmQo.exe
  C:\Windows\System\sMlMmQo.exe
  2⤵
  PID:3920
- C:\Windows\System\vBFKNXK.exe
  C:\Windows\System\vBFKNXK.exe
  2⤵
  PID:3940
- C:\Windows\System\YQzNCcU.exe
  C:\Windows\System\YQzNCcU.exe
  2⤵
  PID:3956
- C:\Windows\System\DxRwGuL.exe
  C:\Windows\System\DxRwGuL.exe
  2⤵
  PID:3980
- C:\Windows\System\qGaunEl.exe
  C:\Windows\System\qGaunEl.exe
  2⤵
  PID:4000
- C:\Windows\System\djAKsYA.exe
  C:\Windows\System\djAKsYA.exe
  2⤵
  PID:4020
- C:\Windows\System\JPRyeqP.exe
  C:\Windows\System\JPRyeqP.exe
  2⤵
  PID:4040
- C:\Windows\System\JgDlYdE.exe
  C:\Windows\System\JgDlYdE.exe
  2⤵
  PID:4060
- C:\Windows\System\jfWmeOC.exe
  C:\Windows\System\jfWmeOC.exe
  2⤵
  PID:4080
- C:\Windows\System\oeFlnOu.exe
  C:\Windows\System\oeFlnOu.exe
  2⤵
  PID:2152
- C:\Windows\System\ddknkqe.exe
  C:\Windows\System\ddknkqe.exe
  2⤵
  PID:376
- C:\Windows\System\uNpmhuk.exe
  C:\Windows\System\uNpmhuk.exe
  2⤵
  PID:1508
- C:\Windows\System\TKEownE.exe
  C:\Windows\System\TKEownE.exe
  2⤵
  PID:2616
- C:\Windows\System\rwUjDOr.exe
  C:\Windows\System\rwUjDOr.exe
  2⤵
  PID:3020
- C:\Windows\System\hDRFsRv.exe
  C:\Windows\System\hDRFsRv.exe
  2⤵
  PID:920
- C:\Windows\System\ejMEqzj.exe
  C:\Windows\System\ejMEqzj.exe
  2⤵
  PID:3112
- C:\Windows\System\hyzaWgy.exe
  C:\Windows\System\hyzaWgy.exe
  2⤵
  PID:3144
- C:\Windows\System\Vuwejxa.exe
  C:\Windows\System\Vuwejxa.exe
  2⤵
  PID:3172
- C:\Windows\System\qubeCNG.exe
  C:\Windows\System\qubeCNG.exe
  2⤵
  PID:3204
- C:\Windows\System\fBCbmBw.exe
  C:\Windows\System\fBCbmBw.exe
  2⤵
  PID:3244
- C:\Windows\System\xaMxwVj.exe
  C:\Windows\System\xaMxwVj.exe
  2⤵
  PID:3272
- C:\Windows\System\kUtkInD.exe
  C:\Windows\System\kUtkInD.exe
  2⤵
  PID:3324
- C:\Windows\System\kEGMSiM.exe
  C:\Windows\System\kEGMSiM.exe
  2⤵
  PID:3308
- C:\Windows\System\xIJPdZW.exe
  C:\Windows\System\xIJPdZW.exe
  2⤵
  PID:3368
- C:\Windows\System\sAmDisr.exe
  C:\Windows\System\sAmDisr.exe
  2⤵
  PID:3392
- C:\Windows\System\WPgdYmW.exe
  C:\Windows\System\WPgdYmW.exe
  2⤵
  PID:3424
- C:\Windows\System\PmMxLOI.exe
  C:\Windows\System\PmMxLOI.exe
  2⤵
  PID:3472
- C:\Windows\System\cqgZAka.exe
  C:\Windows\System\cqgZAka.exe
  2⤵
  PID:3512
- C:\Windows\System\aSwAXMj.exe
  C:\Windows\System\aSwAXMj.exe
  2⤵
  PID:3528
- C:\Windows\System\hqxhBnx.exe
  C:\Windows\System\hqxhBnx.exe
  2⤵
  PID:3568
- C:\Windows\System\EqkZovK.exe
  C:\Windows\System\EqkZovK.exe
  2⤵
  PID:3608
- C:\Windows\System\GxRKwpE.exe
  C:\Windows\System\GxRKwpE.exe
  2⤵
  PID:3644
- C:\Windows\System\ISMFvZi.exe
  C:\Windows\System\ISMFvZi.exe
  2⤵
  PID:3684
- C:\Windows\System\lfenSKi.exe
  C:\Windows\System\lfenSKi.exe
  2⤵
  PID:3668
- C:\Windows\System\PErplLa.exe
  C:\Windows\System\PErplLa.exe
  2⤵
  PID:3712
- C:\Windows\System\igElLOx.exe
  C:\Windows\System\igElLOx.exe
  2⤵
  PID:3776
- C:\Windows\System\qrSKlJM.exe
  C:\Windows\System\qrSKlJM.exe
  2⤵
  PID:3808
- C:\Windows\System\sxkrQzn.exe
  C:\Windows\System\sxkrQzn.exe
  2⤵
  PID:3856
- C:\Windows\System\zuIrgZM.exe
  C:\Windows\System\zuIrgZM.exe
  2⤵
  PID:3876
- C:\Windows\System\zKZxRzX.exe
  C:\Windows\System\zKZxRzX.exe
  2⤵
  PID:3928
- C:\Windows\System\zHbVDJw.exe
  C:\Windows\System\zHbVDJw.exe
  2⤵
  PID:3912
- C:\Windows\System\WnYTupX.exe
  C:\Windows\System\WnYTupX.exe
  2⤵
  PID:4008
- C:\Windows\System\bamKOZv.exe
  C:\Windows\System\bamKOZv.exe
  2⤵
  PID:3988
- C:\Windows\System\epgcayA.exe
  C:\Windows\System\epgcayA.exe
  2⤵
  PID:4052
- C:\Windows\System\IdDjqPr.exe
  C:\Windows\System\IdDjqPr.exe
  2⤵
  PID:4068
- C:\Windows\System\xTMpHdv.exe
  C:\Windows\System\xTMpHdv.exe
  2⤵
  PID:4072
- C:\Windows\System\BAbPyEi.exe
  C:\Windows\System\BAbPyEi.exe
  2⤵
  PID:1920
- C:\Windows\System\fIHLiCc.exe
  C:\Windows\System\fIHLiCc.exe
  2⤵
  PID:3092
- C:\Windows\System\OLGWnub.exe
  C:\Windows\System\OLGWnub.exe
  2⤵
  PID:572
- C:\Windows\System\pjYIJSf.exe
  C:\Windows\System\pjYIJSf.exe
  2⤵
  PID:3168
- C:\Windows\System\QsFFnpU.exe
  C:\Windows\System\QsFFnpU.exe
  2⤵
  PID:3208
- C:\Windows\System\avTlOfT.exe
  C:\Windows\System\avTlOfT.exe
  2⤵
  PID:3192
- C:\Windows\System\HEZMOZw.exe
  C:\Windows\System\HEZMOZw.exe
  2⤵
  PID:3288
- C:\Windows\System\ioxTkLQ.exe
  C:\Windows\System\ioxTkLQ.exe
  2⤵
  PID:3372
- C:\Windows\System\EtHHmIq.exe
  C:\Windows\System\EtHHmIq.exe
  2⤵
  PID:3312
- C:\Windows\System\jhAyLqa.exe
  C:\Windows\System\jhAyLqa.exe
  2⤵
  PID:3428
- C:\Windows\System\tlJwNjo.exe
  C:\Windows\System\tlJwNjo.exe
  2⤵
  PID:3564
- C:\Windows\System\fyzDRCR.exe
  C:\Windows\System\fyzDRCR.exe
  2⤵
  PID:3524
- C:\Windows\System\rPAuYxx.exe
  C:\Windows\System\rPAuYxx.exe
  2⤵
  PID:3688
- C:\Windows\System\SqelPfq.exe
  C:\Windows\System\SqelPfq.exe
  2⤵
  PID:3612
- C:\Windows\System\dXusUBp.exe
  C:\Windows\System\dXusUBp.exe
  2⤵
  PID:3768
- C:\Windows\System\gqDSqLt.exe
  C:\Windows\System\gqDSqLt.exe
  2⤵
  PID:3812
- C:\Windows\System\hHzqTGZ.exe
  C:\Windows\System\hHzqTGZ.exe
  2⤵
  PID:3796
- C:\Windows\System\alfvVSK.exe
  C:\Windows\System\alfvVSK.exe
  2⤵
  PID:3828
- C:\Windows\System\xEGQkhY.exe
  C:\Windows\System\xEGQkhY.exe
  2⤵
  PID:3976
- C:\Windows\System\wUaEzJC.exe
  C:\Windows\System\wUaEzJC.exe
  2⤵
  PID:4048
- C:\Windows\System\jcLXepl.exe
  C:\Windows\System\jcLXepl.exe
  2⤵
  PID:4036
- C:\Windows\System\XlaxNlH.exe
  C:\Windows\System\XlaxNlH.exe
  2⤵
  PID:1528
- C:\Windows\System\ZnyjMjT.exe
  C:\Windows\System\ZnyjMjT.exe
  2⤵
  PID:2100
- C:\Windows\System\rMkxdpG.exe
  C:\Windows\System\rMkxdpG.exe
  2⤵
  PID:844
- C:\Windows\System\GshxTmx.exe
  C:\Windows\System\GshxTmx.exe
  2⤵
  PID:3124
- C:\Windows\System\gBByzZC.exe
  C:\Windows\System\gBByzZC.exe
  2⤵
  PID:3268
- C:\Windows\System\mCjkbxM.exe
  C:\Windows\System\mCjkbxM.exe
  2⤵
  PID:3408
- C:\Windows\System\ysjnbzR.exe
  C:\Windows\System\ysjnbzR.exe
  2⤵
  PID:3444
- C:\Windows\System\vocaDNO.exe
  C:\Windows\System\vocaDNO.exe
  2⤵
  PID:3492
- C:\Windows\System\OEzRvgX.exe
  C:\Windows\System\OEzRvgX.exe
  2⤵
  PID:3588
- C:\Windows\System\ZPsGpIq.exe
  C:\Windows\System\ZPsGpIq.exe
  2⤵
  PID:3732
- C:\Windows\System\oyEPbfr.exe
  C:\Windows\System\oyEPbfr.exe
  2⤵
  PID:3652
- C:\Windows\System\TiGbiyr.exe
  C:\Windows\System\TiGbiyr.exe
  2⤵
  PID:3788
- C:\Windows\System\oeUoxYD.exe
  C:\Windows\System\oeUoxYD.exe
  2⤵
  PID:3972
- C:\Windows\System\xmfPkyJ.exe
  C:\Windows\System\xmfPkyJ.exe
  2⤵
  PID:4056
- C:\Windows\System\zBCabpn.exe
  C:\Windows\System\zBCabpn.exe
  2⤵
  PID:3044
- C:\Windows\System\UBhIJrh.exe
  C:\Windows\System\UBhIJrh.exe
  2⤵
  PID:2768
- C:\Windows\System\zdLvVjg.exe
  C:\Windows\System\zdLvVjg.exe
  2⤵
  PID:2948
- C:\Windows\System\PSwmSgz.exe
  C:\Windows\System\PSwmSgz.exe
  2⤵
  PID:2488
- C:\Windows\System\nmaDfjC.exe
  C:\Windows\System\nmaDfjC.exe
  2⤵
  PID:3240
- C:\Windows\System\WczZJdL.exe
  C:\Windows\System\WczZJdL.exe
  2⤵
  PID:3352
- C:\Windows\System\ieAXvty.exe
  C:\Windows\System\ieAXvty.exe
  2⤵
  PID:3508
- C:\Windows\System\gVQxlrK.exe
  C:\Windows\System\gVQxlrK.exe
  2⤵
  PID:3624
- C:\Windows\System\DvoKeDP.exe
  C:\Windows\System\DvoKeDP.exe
  2⤵
  PID:2264
- C:\Windows\System\kRSmBbC.exe
  C:\Windows\System\kRSmBbC.exe
  2⤵
  PID:3844
- C:\Windows\System\eMcqyTQ.exe
  C:\Windows\System\eMcqyTQ.exe
  2⤵
  PID:3916
- C:\Windows\System\OUVVekE.exe
  C:\Windows\System\OUVVekE.exe
  2⤵
  PID:2824
- C:\Windows\System\vSvFXAb.exe
  C:\Windows\System\vSvFXAb.exe
  2⤵
  PID:3228
- C:\Windows\System\gKiOxVY.exe
  C:\Windows\System\gKiOxVY.exe
  2⤵
  PID:768
- C:\Windows\System\GLJIQMs.exe
  C:\Windows\System\GLJIQMs.exe
  2⤵
  PID:3488
- C:\Windows\System\NWUyuHd.exe
  C:\Windows\System\NWUyuHd.exe
  2⤵
  PID:2636
- C:\Windows\System\vouOOGu.exe
  C:\Windows\System\vouOOGu.exe
  2⤵
  PID:3792
- C:\Windows\System\wSwxdoh.exe
  C:\Windows\System\wSwxdoh.exe
  2⤵
  PID:3148
- C:\Windows\System\sbhVIVa.exe
  C:\Windows\System\sbhVIVa.exe
  2⤵
  PID:2472
- C:\Windows\System\GSqVEuG.exe
  C:\Windows\System\GSqVEuG.exe
  2⤵
  PID:1820
- C:\Windows\System\CGjbutw.exe
  C:\Windows\System\CGjbutw.exe
  2⤵
  PID:2796
- C:\Windows\System\NwXjDzu.exe
  C:\Windows\System\NwXjDzu.exe
  2⤵
  PID:2640
- C:\Windows\System\QaHfEvX.exe
  C:\Windows\System\QaHfEvX.exe
  2⤵
  PID:2620
- C:\Windows\System\sQsRujj.exe
  C:\Windows\System\sQsRujj.exe
  2⤵
  PID:3648
- C:\Windows\System\DWLBOjl.exe
  C:\Windows\System\DWLBOjl.exe
  2⤵
  PID:4100
- C:\Windows\System\YJQnOmO.exe
  C:\Windows\System\YJQnOmO.exe
  2⤵
  PID:4116
- C:\Windows\System\tQEolYG.exe
  C:\Windows\System\tQEolYG.exe
  2⤵
  PID:4132
- C:\Windows\System\WGPJTVY.exe
  C:\Windows\System\WGPJTVY.exe
  2⤵
  PID:4156
- C:\Windows\System\PXgEBdg.exe
  C:\Windows\System\PXgEBdg.exe
  2⤵
  PID:4172
- C:\Windows\System\qrpaMrA.exe
  C:\Windows\System\qrpaMrA.exe
  2⤵
  PID:4188
- C:\Windows\System\eArBSer.exe
  C:\Windows\System\eArBSer.exe
  2⤵
  PID:4232
- C:\Windows\System\SrEFKuZ.exe
  C:\Windows\System\SrEFKuZ.exe
  2⤵
  PID:4256
- C:\Windows\System\QcJaTZp.exe
  C:\Windows\System\QcJaTZp.exe
  2⤵
  PID:4272
- C:\Windows\System\bZvONfN.exe
  C:\Windows\System\bZvONfN.exe
  2⤵
  PID:4324
- C:\Windows\System\LzAHsxY.exe
  C:\Windows\System\LzAHsxY.exe
  2⤵
  PID:4340
- C:\Windows\System\eVsrhuZ.exe
  C:\Windows\System\eVsrhuZ.exe
  2⤵
  PID:4360
- C:\Windows\System\CDgPYcx.exe
  C:\Windows\System\CDgPYcx.exe
  2⤵
  PID:4376
- C:\Windows\System\PHDGDNi.exe
  C:\Windows\System\PHDGDNi.exe
  2⤵
  PID:4392
- C:\Windows\System\PuxmNKE.exe
  C:\Windows\System\PuxmNKE.exe
  2⤵
  PID:4408
- C:\Windows\System\MJLmWKp.exe
  C:\Windows\System\MJLmWKp.exe
  2⤵
  PID:4424
- C:\Windows\System\CZQdHjR.exe
  C:\Windows\System\CZQdHjR.exe
  2⤵
  PID:4448
- C:\Windows\System\kCUlfwb.exe
  C:\Windows\System\kCUlfwb.exe
  2⤵
  PID:4476
- C:\Windows\System\wkAvKor.exe
  C:\Windows\System\wkAvKor.exe
  2⤵
  PID:4492
- C:\Windows\System\VocoXaw.exe
  C:\Windows\System\VocoXaw.exe
  2⤵
  PID:4508
- C:\Windows\System\ttNZDgX.exe
  C:\Windows\System\ttNZDgX.exe
  2⤵
  PID:4528
- C:\Windows\System\fbjfHkB.exe
  C:\Windows\System\fbjfHkB.exe
  2⤵
  PID:4544
- C:\Windows\System\qsjjQfD.exe
  C:\Windows\System\qsjjQfD.exe
  2⤵
  PID:4560
- C:\Windows\System\ldYWIQf.exe
  C:\Windows\System\ldYWIQf.exe
  2⤵
  PID:4576
- C:\Windows\System\uWuRpRq.exe
  C:\Windows\System\uWuRpRq.exe
  2⤵
  PID:4608
- C:\Windows\System\fCVfVOG.exe
  C:\Windows\System\fCVfVOG.exe
  2⤵
  PID:4628
- C:\Windows\System\iToZJge.exe
  C:\Windows\System\iToZJge.exe
  2⤵
  PID:4644
- C:\Windows\System\ysOIlDi.exe
  C:\Windows\System\ysOIlDi.exe
  2⤵
  PID:4672
- C:\Windows\System\BJROEYq.exe
  C:\Windows\System\BJROEYq.exe
  2⤵
  PID:4688
- C:\Windows\System\ZPAXcTT.exe
  C:\Windows\System\ZPAXcTT.exe
  2⤵
  PID:4736
- C:\Windows\System\kwUHxuc.exe
  C:\Windows\System\kwUHxuc.exe
  2⤵
  PID:4756
- C:\Windows\System\xKcEJzk.exe
  C:\Windows\System\xKcEJzk.exe
  2⤵
  PID:4772
- C:\Windows\System\hGApSJB.exe
  C:\Windows\System\hGApSJB.exe
  2⤵
  PID:4788
- C:\Windows\System\QBlcPIA.exe
  C:\Windows\System\QBlcPIA.exe
  2⤵
  PID:4804
- C:\Windows\System\FcFhzYY.exe
  C:\Windows\System\FcFhzYY.exe
  2⤵
  PID:4824
- C:\Windows\System\xThrVqp.exe
  C:\Windows\System\xThrVqp.exe
  2⤵
  PID:4840
- C:\Windows\System\IBZslHl.exe
  C:\Windows\System\IBZslHl.exe
  2⤵
  PID:4856
- C:\Windows\System\yodebdf.exe
  C:\Windows\System\yodebdf.exe
  2⤵
  PID:4872
- C:\Windows\System\PTjMbeP.exe
  C:\Windows\System\PTjMbeP.exe
  2⤵
  PID:4916
- C:\Windows\System\ImLTHzi.exe
  C:\Windows\System\ImLTHzi.exe
  2⤵
  PID:4932
- C:\Windows\System\vPyxaDZ.exe
  C:\Windows\System\vPyxaDZ.exe
  2⤵
  PID:4960
- C:\Windows\System\NlvJtEb.exe
  C:\Windows\System\NlvJtEb.exe
  2⤵
  PID:4976
- C:\Windows\System\LHnZyZC.exe
  C:\Windows\System\LHnZyZC.exe
  2⤵
  PID:4992
- C:\Windows\System\oYSgnoh.exe
  C:\Windows\System\oYSgnoh.exe
  2⤵
  PID:5008
- C:\Windows\System\yJDsnCu.exe
  C:\Windows\System\yJDsnCu.exe
  2⤵
  PID:5024
- C:\Windows\System\KnuiEgO.exe
  C:\Windows\System\KnuiEgO.exe
  2⤵
  PID:5040
- C:\Windows\System\BqijsJH.exe
  C:\Windows\System\BqijsJH.exe
  2⤵
  PID:5056
- C:\Windows\System\NTSiZFk.exe
  C:\Windows\System\NTSiZFk.exe
  2⤵
  PID:5072
- C:\Windows\System\YRSAlYV.exe
  C:\Windows\System\YRSAlYV.exe
  2⤵
  PID:5088
- C:\Windows\System\kYluhHD.exe
  C:\Windows\System\kYluhHD.exe
  2⤵
  PID:5104
- C:\Windows\System\APtUBNo.exe
  C:\Windows\System\APtUBNo.exe
  2⤵
  PID:3304
- C:\Windows\System\ZcMKGKC.exe
  C:\Windows\System\ZcMKGKC.exe
  2⤵
  PID:1800
- C:\Windows\System\mjBjbxn.exe
  C:\Windows\System\mjBjbxn.exe
  2⤵
  PID:1536
- C:\Windows\System\CpKMVTC.exe
  C:\Windows\System\CpKMVTC.exe
  2⤵
  PID:4124
- C:\Windows\System\HoRXIcC.exe
  C:\Windows\System\HoRXIcC.exe
  2⤵
  PID:4196
- C:\Windows\System\aQUAuQP.exe
  C:\Windows\System\aQUAuQP.exe
  2⤵
  PID:4144
- C:\Windows\System\xYNCJgT.exe
  C:\Windows\System\xYNCJgT.exe
  2⤵
  PID:2304
- C:\Windows\System\eaqgGEL.exe
  C:\Windows\System\eaqgGEL.exe
  2⤵
  PID:4216
- C:\Windows\System\mwDUMPW.exe
  C:\Windows\System\mwDUMPW.exe
  2⤵
  PID:4280
- C:\Windows\System\nRJZnkZ.exe
  C:\Windows\System\nRJZnkZ.exe
  2⤵
  PID:4304
- C:\Windows\System\gxHJOOv.exe
  C:\Windows\System\gxHJOOv.exe
  2⤵
  PID:4284
- C:\Windows\System\VdNotrM.exe
  C:\Windows\System\VdNotrM.exe
  2⤵
  PID:4516
- C:\Windows\System\LxwQepE.exe
  C:\Windows\System\LxwQepE.exe
  2⤵
  PID:4588
- C:\Windows\System\oLuojgl.exe
  C:\Windows\System\oLuojgl.exe
  2⤵
  PID:4348
- C:\Windows\System\hHVMJlD.exe
  C:\Windows\System\hHVMJlD.exe
  2⤵
  PID:4456
- C:\Windows\System\VenufaL.exe
  C:\Windows\System\VenufaL.exe
  2⤵
  PID:4604
- C:\Windows\System\whdCmuj.exe
  C:\Windows\System\whdCmuj.exe
  2⤵
  PID:4536
- C:\Windows\System\ExuCLcy.exe
  C:\Windows\System\ExuCLcy.exe
  2⤵
  PID:4640
- C:\Windows\System\qVqRShH.exe
  C:\Windows\System\qVqRShH.exe
  2⤵
  PID:2160
- C:\Windows\System\vtlAlSD.exe
  C:\Windows\System\vtlAlSD.exe
  2⤵
  PID:4660
- C:\Windows\System\rftHOyA.exe
  C:\Windows\System\rftHOyA.exe
  2⤵
  PID:4700
- C:\Windows\System\hMjpKdy.exe
  C:\Windows\System\hMjpKdy.exe
  2⤵
  PID:2872
- C:\Windows\System\YINskVD.exe
  C:\Windows\System\YINskVD.exe
  2⤵
  PID:4712
- C:\Windows\System\yUOJRIQ.exe
  C:\Windows\System\yUOJRIQ.exe
  2⤵
  PID:4748
- C:\Windows\System\BjpEgyn.exe
  C:\Windows\System\BjpEgyn.exe
  2⤵
  PID:3532
- C:\Windows\System\PttjoRD.exe
  C:\Windows\System\PttjoRD.exe
  2⤵
  PID:4864
- C:\Windows\System\JiERZpt.exe
  C:\Windows\System\JiERZpt.exe
  2⤵
  PID:4812
- C:\Windows\System\EoGFQDB.exe
  C:\Windows\System\EoGFQDB.exe
  2⤵
  PID:4848
- C:\Windows\System\sCPjuPL.exe
  C:\Windows\System\sCPjuPL.exe
  2⤵
  PID:4784
- C:\Windows\System\SiyFFgQ.exe
  C:\Windows\System\SiyFFgQ.exe
  2⤵
  PID:4924
- C:\Windows\System\rIUqKxd.exe
  C:\Windows\System\rIUqKxd.exe
  2⤵
  PID:4896
- C:\Windows\System\Prdlshb.exe
  C:\Windows\System\Prdlshb.exe
  2⤵
  PID:1972
- C:\Windows\System\OAfaKje.exe
  C:\Windows\System\OAfaKje.exe
  2⤵
  PID:5000
- C:\Windows\System\SoBJKwM.exe
  C:\Windows\System\SoBJKwM.exe
  2⤵
  PID:5064
- C:\Windows\System\tZzPKEp.exe
  C:\Windows\System\tZzPKEp.exe
  2⤵
  PID:3552
- C:\Windows\System\AFBdbeW.exe
  C:\Windows\System\AFBdbeW.exe
  2⤵
  PID:2744
- C:\Windows\System\ADKrxeA.exe
  C:\Windows\System\ADKrxeA.exe
  2⤵
  PID:4300
- C:\Windows\System\avvOOro.exe
  C:\Windows\System\avvOOro.exe
  2⤵
  PID:4268
- C:\Windows\System\hYsHCBA.exe
  C:\Windows\System\hYsHCBA.exe
  2⤵
  PID:4332
- C:\Windows\System\yEDxxdt.exe
  C:\Windows\System\yEDxxdt.exe
  2⤵
  PID:5084
- C:\Windows\System\mqbKMuf.exe
  C:\Windows\System\mqbKMuf.exe
  2⤵
  PID:2500
- C:\Windows\System\JssGukl.exe
  C:\Windows\System\JssGukl.exe
  2⤵
  PID:1760
- C:\Windows\System\vEzmJPF.exe
  C:\Windows\System\vEzmJPF.exe
  2⤵
  PID:3344
- C:\Windows\System\pSSOMFO.exe
  C:\Windows\System\pSSOMFO.exe
  2⤵
  PID:4432
- C:\Windows\System\GXPpLlH.exe
  C:\Windows\System\GXPpLlH.exe
  2⤵
  PID:4400
- C:\Windows\System\XvWWsgX.exe
  C:\Windows\System\XvWWsgX.exe
  2⤵
  PID:4420
- C:\Windows\System\XbvYpga.exe
  C:\Windows\System\XbvYpga.exe
  2⤵
  PID:4568
- C:\Windows\System\tiuohJk.exe
  C:\Windows\System\tiuohJk.exe
  2⤵
  PID:4668
- C:\Windows\System\jlcAFfR.exe
  C:\Windows\System\jlcAFfR.exe
  2⤵
  PID:4728
- C:\Windows\System\TySdlBl.exe
  C:\Windows\System\TySdlBl.exe
  2⤵
  PID:2076
- C:\Windows\System\gmmcgee.exe
  C:\Windows\System\gmmcgee.exe
  2⤵
  PID:4472
- C:\Windows\System\GJGRVyE.exe
  C:\Windows\System\GJGRVyE.exe
  2⤵
  PID:4636
- C:\Windows\System\lPYdBeH.exe
  C:\Windows\System\lPYdBeH.exe
  2⤵
  PID:4880
- C:\Windows\System\wwfMMUS.exe
  C:\Windows\System\wwfMMUS.exe
  2⤵
  PID:4596
- C:\Windows\System\kRRpGWj.exe
  C:\Windows\System\kRRpGWj.exe
  2⤵
  PID:4988
- C:\Windows\System\iyCHEBo.exe
  C:\Windows\System\iyCHEBo.exe
  2⤵
  PID:2756
- C:\Windows\System\GWZpFBn.exe
  C:\Windows\System\GWZpFBn.exe
  2⤵
  PID:4948
- C:\Windows\System\WGKFAFL.exe
  C:\Windows\System\WGKFAFL.exe
  2⤵
  PID:2516
- C:\Windows\System\JJZWlhi.exe
  C:\Windows\System\JJZWlhi.exe
  2⤵
  PID:5016
- C:\Windows\System\QakDasy.exe
  C:\Windows\System\QakDasy.exe
  2⤵
  PID:592
- C:\Windows\System\NaestXE.exe
  C:\Windows\System\NaestXE.exe
  2⤵
  PID:3948
- C:\Windows\System\RfRAHnR.exe
  C:\Windows\System\RfRAHnR.exe
  2⤵
  PID:4820
- C:\Windows\System\UPnprbU.exe
  C:\Windows\System\UPnprbU.exe
  2⤵
  PID:4224
- C:\Windows\System\ztwDCTm.exe
  C:\Windows\System\ztwDCTm.exe
  2⤵
  PID:5080
- C:\Windows\System\JUuYSSv.exe
  C:\Windows\System\JUuYSSv.exe
  2⤵
  PID:4320
- C:\Windows\System\AobCNgQ.exe
  C:\Windows\System\AobCNgQ.exe
  2⤵
  PID:1096
- C:\Windows\System\ACscMlx.exe
  C:\Windows\System\ACscMlx.exe
  2⤵
  PID:4708
- C:\Windows\System\dnmOJCO.exe
  C:\Windows\System\dnmOJCO.exe
  2⤵
  PID:4912
- C:\Windows\System\pxLxEOb.exe
  C:\Windows\System\pxLxEOb.exe
  2⤵
  PID:5032
- C:\Windows\System\OjtVlcQ.exe
  C:\Windows\System\OjtVlcQ.exe
  2⤵
  PID:4796
- C:\Windows\System\WTSyEzs.exe
  C:\Windows\System\WTSyEzs.exe
  2⤵
  PID:4972
- C:\Windows\System\OAABNvY.exe
  C:\Windows\System\OAABNvY.exe
  2⤵
  PID:2352
- C:\Windows\System\LheodEU.exe
  C:\Windows\System\LheodEU.exe
  2⤵
  PID:5116
- C:\Windows\System\bGyoKEM.exe
  C:\Windows\System\bGyoKEM.exe
  2⤵
  PID:4656
- C:\Windows\System\mUXtwCW.exe
  C:\Windows\System\mUXtwCW.exe
  2⤵
  PID:4780
- C:\Windows\System\uVyaMkT.exe
  C:\Windows\System\uVyaMkT.exe
  2⤵
  PID:1956
- C:\Windows\System\UfAiIEK.exe
  C:\Windows\System\UfAiIEK.exe
  2⤵
  PID:320
- C:\Windows\System\MvAZFtJ.exe
  C:\Windows\System\MvAZFtJ.exe
  2⤵
  PID:2752
- C:\Windows\System\lwKGshW.exe
  C:\Windows\System\lwKGshW.exe
  2⤵
  PID:2600
- C:\Windows\System\GEyPWNr.exe
  C:\Windows\System\GEyPWNr.exe
  2⤵
  PID:4832
- C:\Windows\System\eSDCEXS.exe
  C:\Windows\System\eSDCEXS.exe
  2⤵
  PID:4416
- C:\Windows\System\FQAIjnw.exe
  C:\Windows\System\FQAIjnw.exe
  2⤵
  PID:4680
- C:\Windows\System\MUoPIUS.exe
  C:\Windows\System\MUoPIUS.exe
  2⤵
  PID:5112
- C:\Windows\System\vBIHenj.exe
  C:\Windows\System\vBIHenj.exe
  2⤵
  PID:1992
- C:\Windows\System\xlxFWQJ.exe
  C:\Windows\System\xlxFWQJ.exe
  2⤵
  PID:4168
- C:\Windows\System\MamwoHV.exe
  C:\Windows\System\MamwoHV.exe
  2⤵
  PID:4252
- C:\Windows\System\KmbJyym.exe
  C:\Windows\System\KmbJyym.exe
  2⤵
  PID:4836
- C:\Windows\System\hPBjGsi.exe
  C:\Windows\System\hPBjGsi.exe
  2⤵
  PID:1832
- C:\Windows\System\iZrvpGJ.exe
  C:\Windows\System\iZrvpGJ.exe
  2⤵
  PID:4552
- C:\Windows\System\awhnHst.exe
  C:\Windows\System\awhnHst.exe
  2⤵
  PID:4368
- C:\Windows\System\HLsBIVg.exe
  C:\Windows\System\HLsBIVg.exe
  2⤵
  PID:5152
- C:\Windows\System\jowIweJ.exe
  C:\Windows\System\jowIweJ.exe
  2⤵
  PID:5168
- C:\Windows\System\PdFzjJL.exe
  C:\Windows\System\PdFzjJL.exe
  2⤵
  PID:5184
- C:\Windows\System\sUtjiSe.exe
  C:\Windows\System\sUtjiSe.exe
  2⤵
  PID:5200
- C:\Windows\System\NZWMHge.exe
  C:\Windows\System\NZWMHge.exe
  2⤵
  PID:5216
- C:\Windows\System\DATPyWZ.exe
  C:\Windows\System\DATPyWZ.exe
  2⤵
  PID:5232
- C:\Windows\System\HpnHoqp.exe
  C:\Windows\System\HpnHoqp.exe
  2⤵
  PID:5248
- C:\Windows\System\NMByFHU.exe
  C:\Windows\System\NMByFHU.exe
  2⤵
  PID:5264
- C:\Windows\System\tGSaWEY.exe
  C:\Windows\System\tGSaWEY.exe
  2⤵
  PID:5284
- C:\Windows\System\JLhvXOY.exe
  C:\Windows\System\JLhvXOY.exe
  2⤵
  PID:5300
- C:\Windows\System\nJvgHrS.exe
  C:\Windows\System\nJvgHrS.exe
  2⤵
  PID:5316
- C:\Windows\System\ufqkFlI.exe
  C:\Windows\System\ufqkFlI.exe
  2⤵
  PID:5336
- C:\Windows\System\PERtDvp.exe
  C:\Windows\System\PERtDvp.exe
  2⤵
  PID:5352
- C:\Windows\System\IwtlecH.exe
  C:\Windows\System\IwtlecH.exe
  2⤵
  PID:5368
- C:\Windows\System\BJyWwTj.exe
  C:\Windows\System\BJyWwTj.exe
  2⤵
  PID:5384
- C:\Windows\System\lDYwHCY.exe
  C:\Windows\System\lDYwHCY.exe
  2⤵
  PID:5400
- C:\Windows\System\lUFDXYG.exe
  C:\Windows\System\lUFDXYG.exe
  2⤵
  PID:5416
- C:\Windows\System\PAqOgox.exe
  C:\Windows\System\PAqOgox.exe
  2⤵
  PID:5432
- C:\Windows\System\WxUaJIb.exe
  C:\Windows\System\WxUaJIb.exe
  2⤵
  PID:5448
- C:\Windows\System\kRwuBQN.exe
  C:\Windows\System\kRwuBQN.exe
  2⤵
  PID:5464
- C:\Windows\System\JwNWMFn.exe
  C:\Windows\System\JwNWMFn.exe
  2⤵
  PID:5480
- C:\Windows\System\FhwWdOY.exe
  C:\Windows\System\FhwWdOY.exe
  2⤵
  PID:5496
- C:\Windows\System\NgUJMmL.exe
  C:\Windows\System\NgUJMmL.exe
  2⤵
  PID:5512
- C:\Windows\System\yINbdaG.exe
  C:\Windows\System\yINbdaG.exe
  2⤵
  PID:5528
- C:\Windows\System\EfNSVhK.exe
  C:\Windows\System\EfNSVhK.exe
  2⤵
  PID:5544
- C:\Windows\System\diKohDW.exe
  C:\Windows\System\diKohDW.exe
  2⤵
  PID:5560
- C:\Windows\System\UTUZWGI.exe
  C:\Windows\System\UTUZWGI.exe
  2⤵
  PID:5576
- C:\Windows\System\jPNIPnl.exe
  C:\Windows\System\jPNIPnl.exe
  2⤵
  PID:5600
- C:\Windows\System\rNKxMuG.exe
  C:\Windows\System\rNKxMuG.exe
  2⤵
  PID:5620
- C:\Windows\System\vkSUAkj.exe
  C:\Windows\System\vkSUAkj.exe
  2⤵
  PID:5636
- C:\Windows\System\xaHbVpm.exe
  C:\Windows\System\xaHbVpm.exe
  2⤵
  PID:5696
- C:\Windows\System\ZzJbATW.exe
  C:\Windows\System\ZzJbATW.exe
  2⤵
  PID:5724
- C:\Windows\System\bHwTJGE.exe
  C:\Windows\System\bHwTJGE.exe
  2⤵
  PID:5740
- C:\Windows\System\TztcUmL.exe
  C:\Windows\System\TztcUmL.exe
  2⤵
  PID:5756
- C:\Windows\System\PsUBeOH.exe
  C:\Windows\System\PsUBeOH.exe
  2⤵
  PID:5772
- C:\Windows\System\wbNlXoU.exe
  C:\Windows\System\wbNlXoU.exe
  2⤵
  PID:5788
- C:\Windows\System\dIrjYCH.exe
  C:\Windows\System\dIrjYCH.exe
  2⤵
  PID:5844
- C:\Windows\System\yvoeRNY.exe
  C:\Windows\System\yvoeRNY.exe
  2⤵
  PID:5860
- C:\Windows\System\exgnlKU.exe
  C:\Windows\System\exgnlKU.exe
  2⤵
  PID:5876
- C:\Windows\System\SjTfHMi.exe
  C:\Windows\System\SjTfHMi.exe
  2⤵
  PID:5896
- C:\Windows\System\FyHiDMS.exe
  C:\Windows\System\FyHiDMS.exe
  2⤵
  PID:5912
- C:\Windows\System\OcrYdPS.exe
  C:\Windows\System\OcrYdPS.exe
  2⤵
  PID:5928
- C:\Windows\System\OooPjdC.exe
  C:\Windows\System\OooPjdC.exe
  2⤵
  PID:5944
- C:\Windows\System\OHGdNwI.exe
  C:\Windows\System\OHGdNwI.exe
  2⤵
  PID:5960
- C:\Windows\System\MdTdDbf.exe
  C:\Windows\System\MdTdDbf.exe
  2⤵
  PID:5976
- C:\Windows\System\DOvsthX.exe
  C:\Windows\System\DOvsthX.exe
  2⤵
  PID:5992
- C:\Windows\System\rXdngRx.exe
  C:\Windows\System\rXdngRx.exe
  2⤵
  PID:6008
- C:\Windows\System\kHCQFQA.exe
  C:\Windows\System\kHCQFQA.exe
  2⤵
  PID:6024
- C:\Windows\System\jVrUDxO.exe
  C:\Windows\System\jVrUDxO.exe
  2⤵
  PID:6040
- C:\Windows\System\BlBPNeH.exe
  C:\Windows\System\BlBPNeH.exe
  2⤵
  PID:6056
- C:\Windows\System\vImfdEw.exe
  C:\Windows\System\vImfdEw.exe
  2⤵
  PID:6072
- C:\Windows\System\sLbMdAo.exe
  C:\Windows\System\sLbMdAo.exe
  2⤵
  PID:6088
- C:\Windows\System\nfdhKyl.exe
  C:\Windows\System\nfdhKyl.exe
  2⤵
  PID:6104
- C:\Windows\System\SrPmKke.exe
  C:\Windows\System\SrPmKke.exe
  2⤵
  PID:6120
- C:\Windows\System\YJlQcPw.exe
  C:\Windows\System\YJlQcPw.exe
  2⤵
  PID:6136
- C:\Windows\System\mdxWXQP.exe
  C:\Windows\System\mdxWXQP.exe
  2⤵
  PID:2664
- C:\Windows\System\ZYOwrRX.exe
  C:\Windows\System\ZYOwrRX.exe
  2⤵
  PID:4316
- C:\Windows\System\YNlCHtn.exe
  C:\Windows\System\YNlCHtn.exe
  2⤵
  PID:4904
- C:\Windows\System\NGRgNfO.exe
  C:\Windows\System\NGRgNfO.exe
  2⤵
  PID:5124
- C:\Windows\System\PNJUjQr.exe
  C:\Windows\System\PNJUjQr.exe
  2⤵
  PID:5144
- C:\Windows\System\qsILGsd.exe
  C:\Windows\System\qsILGsd.exe
  2⤵
  PID:5176
- C:\Windows\System\HDRulCL.exe
  C:\Windows\System\HDRulCL.exe
  2⤵
  PID:5240
- C:\Windows\System\SLVgkyK.exe
  C:\Windows\System\SLVgkyK.exe
  2⤵
  PID:5164
- C:\Windows\System\juEiFNh.exe
  C:\Windows\System\juEiFNh.exe
  2⤵
  PID:5256
- C:\Windows\System\RddDtIG.exe
  C:\Windows\System\RddDtIG.exe
  2⤵
  PID:5364
- C:\Windows\System\PHUnkeG.exe
  C:\Windows\System\PHUnkeG.exe
  2⤵
  PID:5276
- C:\Windows\System\crIwHdH.exe
  C:\Windows\System\crIwHdH.exe
  2⤵
  PID:5312
- C:\Windows\System\NThSFyv.exe
  C:\Windows\System\NThSFyv.exe
  2⤵
  PID:5408
- C:\Windows\System\ttXGFBI.exe
  C:\Windows\System\ttXGFBI.exe
  2⤵
  PID:5472
- C:\Windows\System\OiBsSqb.exe
  C:\Windows\System\OiBsSqb.exe
  2⤵
  PID:5536
- C:\Windows\System\sLTnIQF.exe
  C:\Windows\System\sLTnIQF.exe
  2⤵
  PID:5644
- C:\Windows\System\RebXIHd.exe
  C:\Windows\System\RebXIHd.exe
  2⤵
  PID:5736
- C:\Windows\System\ksiEIHb.exe
  C:\Windows\System\ksiEIHb.exe
  2⤵
  PID:5768
- C:\Windows\System\xgkhXjq.exe
  C:\Windows\System\xgkhXjq.exe
  2⤵
  PID:5808
- C:\Windows\System\RSLcIwB.exe
  C:\Windows\System\RSLcIwB.exe
  2⤵
  PID:5816
- C:\Windows\System\qbGMCGz.exe
  C:\Windows\System\qbGMCGz.exe
  2⤵
  PID:5840
- C:\Windows\System\eYkDAFg.exe
  C:\Windows\System\eYkDAFg.exe
  2⤵
  PID:5856
- C:\Windows\System\qhwDien.exe
  C:\Windows\System\qhwDien.exe
  2⤵
  PID:5884
- C:\Windows\System\rKJflHV.exe
  C:\Windows\System\rKJflHV.exe
  2⤵
  PID:5940
- C:\Windows\System\nxUZDVs.exe
  C:\Windows\System\nxUZDVs.exe
  2⤵
  PID:6004
- C:\Windows\System\iyELXRq.exe
  C:\Windows\System\iyELXRq.exe
  2⤵
  PID:6068
- C:\Windows\System\KlJhclp.exe
  C:\Windows\System\KlJhclp.exe
  2⤵
  PID:6128
- C:\Windows\System\zOzgSFo.exe
  C:\Windows\System\zOzgSFo.exe
  2⤵
  PID:5956
- C:\Windows\System\qBbAoHl.exe
  C:\Windows\System\qBbAoHl.exe
  2⤵
  PID:6048
- C:\Windows\System\OHqRquF.exe
  C:\Windows\System\OHqRquF.exe
  2⤵
  PID:6084
- C:\Windows\System\hECCOCC.exe
  C:\Windows\System\hECCOCC.exe
  2⤵
  PID:696
- C:\Windows\System\HDlFZwN.exe
  C:\Windows\System\HDlFZwN.exe
  2⤵
  PID:2380
- C:\Windows\System\rRjBQbn.exe
  C:\Windows\System\rRjBQbn.exe
  2⤵
  PID:5380
- C:\Windows\System\XyfqrqU.exe
  C:\Windows\System\XyfqrqU.exe
  2⤵
  PID:4716
- C:\Windows\System\FVpnSZB.exe
  C:\Windows\System\FVpnSZB.exe
  2⤵
  PID:5272
- C:\Windows\System\klrCnoi.exe
  C:\Windows\System\klrCnoi.exe
  2⤵
  PID:2044
- C:\Windows\System\pejtLSW.exe
  C:\Windows\System\pejtLSW.exe
  2⤵
  PID:5572
- C:\Windows\System\HUHFzyu.exe
  C:\Windows\System\HUHFzyu.exe
  2⤵
  PID:5224
- C:\Windows\System\DHSSWDx.exe
  C:\Windows\System\DHSSWDx.exe
  2⤵
  PID:5140
- C:\Windows\System\TsKjPAM.exe
  C:\Windows\System\TsKjPAM.exe
  2⤵
  PID:5648
- C:\Windows\System\yyvNEKp.exe
  C:\Windows\System\yyvNEKp.exe
  2⤵
  PID:5520
- C:\Windows\System\hBvSirp.exe
  C:\Windows\System\hBvSirp.exe
  2⤵
  PID:5584
- C:\Windows\System\MQUamtU.exe
  C:\Windows\System\MQUamtU.exe
  2⤵
  PID:5332
- C:\Windows\System\CGxpWGN.exe
  C:\Windows\System\CGxpWGN.exe
  2⤵
  PID:5632
- C:\Windows\System\gBpoIUq.exe
  C:\Windows\System\gBpoIUq.exe
  2⤵
  PID:5328
- C:\Windows\System\QIVIdXD.exe
  C:\Windows\System\QIVIdXD.exe
  2⤵
  PID:5680
- C:\Windows\System\JudUiHh.exe
  C:\Windows\System\JudUiHh.exe
  2⤵
  PID:5708
- C:\Windows\System\nQDUpWg.exe
  C:\Windows\System\nQDUpWg.exe
  2⤵
  PID:5720
- C:\Windows\System\RBrVawZ.exe
  C:\Windows\System\RBrVawZ.exe
  2⤵
  PID:5824
- C:\Windows\System\uKnfYDu.exe
  C:\Windows\System\uKnfYDu.exe
  2⤵
  PID:5852
- C:\Windows\System\MFoaUoO.exe
  C:\Windows\System\MFoaUoO.exe
  2⤵
  PID:6100
- C:\Windows\System\siPKesJ.exe
  C:\Windows\System\siPKesJ.exe
  2⤵
  PID:5764
- C:\Windows\System\pMcyDqm.exe
  C:\Windows\System\pMcyDqm.exe
  2⤵
  PID:5096
- C:\Windows\System\kGlJCdF.exe
  C:\Windows\System\kGlJCdF.exe
  2⤵
  PID:576
- C:\Windows\System\blmdTaw.exe
  C:\Windows\System\blmdTaw.exe
  2⤵
  PID:6036
- C:\Windows\System\EjpDUgp.exe
  C:\Windows\System\EjpDUgp.exe
  2⤵
  PID:2124
- C:\Windows\System\qeBsyeJ.exe
  C:\Windows\System\qeBsyeJ.exe
  2⤵
  PID:5308
- C:\Windows\System\EzhgwAO.exe
  C:\Windows\System\EzhgwAO.exe
  2⤵
  PID:2708
- C:\Windows\System\pPsQjxX.exe
  C:\Windows\System\pPsQjxX.exe
  2⤵
  PID:5212
- C:\Windows\System\WhHZzer.exe
  C:\Windows\System\WhHZzer.exe
  2⤵
  PID:5612
- C:\Windows\System\ryGqbnd.exe
  C:\Windows\System\ryGqbnd.exe
  2⤵
  PID:5628
- C:\Windows\System\uCfwUMp.exe
  C:\Windows\System\uCfwUMp.exe
  2⤵
  PID:5324
- C:\Windows\System\OAHrgtj.exe
  C:\Windows\System\OAHrgtj.exe
  2⤵
  PID:5664
- C:\Windows\System\FpkQazp.exe
  C:\Windows\System\FpkQazp.exe
  2⤵
  PID:5716
- C:\Windows\System\eaYMeqm.exe
  C:\Windows\System\eaYMeqm.exe
  2⤵
  PID:5892
- C:\Windows\System\GZxrUqK.exe
  C:\Windows\System\GZxrUqK.exe
  2⤵
  PID:6096
- C:\Windows\System\PNpFTkP.exe
  C:\Windows\System\PNpFTkP.exe
  2⤵
  PID:6016
- C:\Windows\System\uSbGYjI.exe
  C:\Windows\System\uSbGYjI.exe
  2⤵
  PID:1396
- C:\Windows\System\xmJXBQg.exe
  C:\Windows\System\xmJXBQg.exe
  2⤵
  PID:5428
- C:\Windows\System\zNvxfop.exe
  C:\Windows\System\zNvxfop.exe
  2⤵
  PID:5952
- C:\Windows\System\tNuwypu.exe
  C:\Windows\System\tNuwypu.exe
  2⤵
  PID:5208
- C:\Windows\System\frYsNAN.exe
  C:\Windows\System\frYsNAN.exe
  2⤵
  PID:5296
- C:\Windows\System\pEVGDHs.exe
  C:\Windows\System\pEVGDHs.exe
  2⤵
  PID:5492
- C:\Windows\System\XYibvCS.exe
  C:\Windows\System\XYibvCS.exe
  2⤵
  PID:6020
- C:\Windows\System\IpjnXHw.exe
  C:\Windows\System\IpjnXHw.exe
  2⤵
  PID:5444
- C:\Windows\System\SMLRjdI.exe
  C:\Windows\System\SMLRjdI.exe
  2⤵
  PID:6160
- C:\Windows\System\HkZoVdO.exe
  C:\Windows\System\HkZoVdO.exe
  2⤵
  PID:6176
- C:\Windows\System\mVubaCW.exe
  C:\Windows\System\mVubaCW.exe
  2⤵
  PID:6192
- C:\Windows\System\YqETPeH.exe
  C:\Windows\System\YqETPeH.exe
  2⤵
  PID:6208
- C:\Windows\System\kqUlZlF.exe
  C:\Windows\System\kqUlZlF.exe
  2⤵
  PID:6224
- C:\Windows\System\ngsMuoT.exe
  C:\Windows\System\ngsMuoT.exe
  2⤵
  PID:6240
- C:\Windows\System\LkefUEo.exe
  C:\Windows\System\LkefUEo.exe
  2⤵
  PID:6256
- C:\Windows\System\iTyXymx.exe
  C:\Windows\System\iTyXymx.exe
  2⤵
  PID:6272
- C:\Windows\System\wKuFhaQ.exe
  C:\Windows\System\wKuFhaQ.exe
  2⤵
  PID:6288
- C:\Windows\System\pdiOYGs.exe
  C:\Windows\System\pdiOYGs.exe
  2⤵
  PID:6308
- C:\Windows\System\SXiFEZH.exe
  C:\Windows\System\SXiFEZH.exe
  2⤵
  PID:6324
- C:\Windows\System\ATgPDWe.exe
  C:\Windows\System\ATgPDWe.exe
  2⤵
  PID:6340
- C:\Windows\System\pwdjUqW.exe
  C:\Windows\System\pwdjUqW.exe
  2⤵
  PID:6356
- C:\Windows\System\KSFnTxV.exe
  C:\Windows\System\KSFnTxV.exe
  2⤵
  PID:6376
- C:\Windows\System\vgQEVNp.exe
  C:\Windows\System\vgQEVNp.exe
  2⤵
  PID:6392
- C:\Windows\System\oNGQjSO.exe
  C:\Windows\System\oNGQjSO.exe
  2⤵
  PID:6408
- C:\Windows\System\Cexizbd.exe
  C:\Windows\System\Cexizbd.exe
  2⤵
  PID:6424
- C:\Windows\System\jxPRJNU.exe
  C:\Windows\System\jxPRJNU.exe
  2⤵
  PID:6440
- C:\Windows\System\gBJUkhH.exe
  C:\Windows\System\gBJUkhH.exe
  2⤵
  PID:6456
- C:\Windows\System\AdigxBu.exe
  C:\Windows\System\AdigxBu.exe
  2⤵
  PID:6472
- C:\Windows\System\wHOyAIZ.exe
  C:\Windows\System\wHOyAIZ.exe
  2⤵
  PID:6488
- C:\Windows\System\NFsHfap.exe
  C:\Windows\System\NFsHfap.exe
  2⤵
  PID:6504
- C:\Windows\System\WRHorTd.exe
  C:\Windows\System\WRHorTd.exe
  2⤵
  PID:6520
- C:\Windows\System\qQrKOhI.exe
  C:\Windows\System\qQrKOhI.exe
  2⤵
  PID:6536
- C:\Windows\System\XHoOAGl.exe
  C:\Windows\System\XHoOAGl.exe
  2⤵
  PID:6552
- C:\Windows\System\TTxZFoW.exe
  C:\Windows\System\TTxZFoW.exe
  2⤵
  PID:6568
- C:\Windows\System\BnhtRNS.exe
  C:\Windows\System\BnhtRNS.exe
  2⤵
  PID:6584
- C:\Windows\System\PzvrVwO.exe
  C:\Windows\System\PzvrVwO.exe
  2⤵
  PID:6600
- C:\Windows\System\RGVKTep.exe
  C:\Windows\System\RGVKTep.exe
  2⤵
  PID:6616
- C:\Windows\System\dRszMbJ.exe
  C:\Windows\System\dRszMbJ.exe
  2⤵
  PID:6632
- C:\Windows\System\fxTYZWo.exe
  C:\Windows\System\fxTYZWo.exe
  2⤵
  PID:6648
- C:\Windows\System\LoWLrpG.exe
  C:\Windows\System\LoWLrpG.exe
  2⤵
  PID:6664
- C:\Windows\System\QHJCeTg.exe
  C:\Windows\System\QHJCeTg.exe
  2⤵
  PID:6680
- C:\Windows\System\SUmUrHT.exe
  C:\Windows\System\SUmUrHT.exe
  2⤵
  PID:6696
- C:\Windows\System\AcGmGFQ.exe
  C:\Windows\System\AcGmGFQ.exe
  2⤵
  PID:6712
- C:\Windows\System\UqWUYLI.exe
  C:\Windows\System\UqWUYLI.exe
  2⤵
  PID:6728
- C:\Windows\System\jbKjTZX.exe
  C:\Windows\System\jbKjTZX.exe
  2⤵
  PID:6748
- C:\Windows\System\CGhecSh.exe
  C:\Windows\System\CGhecSh.exe
  2⤵
  PID:6764
- C:\Windows\System\bIMBrod.exe
  C:\Windows\System\bIMBrod.exe
  2⤵
  PID:6780
- C:\Windows\System\UgrojzH.exe
  C:\Windows\System\UgrojzH.exe
  2⤵
  PID:6796
- C:\Windows\System\sQlsEFY.exe
  C:\Windows\System\sQlsEFY.exe
  2⤵
  PID:6812
- C:\Windows\System\QODJqAi.exe
  C:\Windows\System\QODJqAi.exe
  2⤵
  PID:6828
- C:\Windows\System\RWTKknd.exe
  C:\Windows\System\RWTKknd.exe
  2⤵
  PID:6844
- C:\Windows\System\jWuIbit.exe
  C:\Windows\System\jWuIbit.exe
  2⤵
  PID:6860
- C:\Windows\System\gHaySPI.exe
  C:\Windows\System\gHaySPI.exe
  2⤵
  PID:6876
- C:\Windows\System\zVSMYJO.exe
  C:\Windows\System\zVSMYJO.exe
  2⤵
  PID:6892
- C:\Windows\System\BBbbSRc.exe
  C:\Windows\System\BBbbSRc.exe
  2⤵
  PID:6908
- C:\Windows\System\blcyQVB.exe
  C:\Windows\System\blcyQVB.exe
  2⤵
  PID:6924
- C:\Windows\System\MJyLrMu.exe
  C:\Windows\System\MJyLrMu.exe
  2⤵
  PID:6940
- C:\Windows\System\VhCZOlK.exe
  C:\Windows\System\VhCZOlK.exe
  2⤵
  PID:6956
- C:\Windows\System\jwEfGsa.exe
  C:\Windows\System\jwEfGsa.exe
  2⤵
  PID:6972
- C:\Windows\System\xpBiQGX.exe
  C:\Windows\System\xpBiQGX.exe
  2⤵
  PID:6988
- C:\Windows\System\ziTKNdt.exe
  C:\Windows\System\ziTKNdt.exe
  2⤵
  PID:7004
- C:\Windows\System\rSqLUJy.exe
  C:\Windows\System\rSqLUJy.exe
  2⤵
  PID:7020
- C:\Windows\System\rDZxzbg.exe
  C:\Windows\System\rDZxzbg.exe
  2⤵
  PID:7036
- C:\Windows\System\nrAwzkh.exe
  C:\Windows\System\nrAwzkh.exe
  2⤵
  PID:7060
- C:\Windows\System\BNPpCBP.exe
  C:\Windows\System\BNPpCBP.exe
  2⤵
  PID:7076
- C:\Windows\System\rnekHkj.exe
  C:\Windows\System\rnekHkj.exe
  2⤵
  PID:7092
- C:\Windows\System\aJdQXFG.exe
  C:\Windows\System\aJdQXFG.exe
  2⤵
  PID:7108
- C:\Windows\System\PgLcYCQ.exe
  C:\Windows\System\PgLcYCQ.exe
  2⤵
  PID:7124
- C:\Windows\System\OwItzVr.exe
  C:\Windows\System\OwItzVr.exe
  2⤵
  PID:7140
- C:\Windows\System\EQpmYGt.exe
  C:\Windows\System\EQpmYGt.exe
  2⤵
  PID:7156
- C:\Windows\System\xIkhezA.exe
  C:\Windows\System\xIkhezA.exe
  2⤵
  PID:5556
- C:\Windows\System\Mjkaqae.exe
  C:\Windows\System\Mjkaqae.exe
  2⤵
  PID:5692
- C:\Windows\System\aFMCTTC.exe
  C:\Windows\System\aFMCTTC.exe
  2⤵
  PID:5344
- C:\Windows\System\XBnMKoE.exe
  C:\Windows\System\XBnMKoE.exe
  2⤵
  PID:5784
- C:\Windows\System\uYVhSdh.exe
  C:\Windows\System\uYVhSdh.exe
  2⤵
  PID:6188
- C:\Windows\System\bGorKIN.exe
  C:\Windows\System\bGorKIN.exe
  2⤵
  PID:6172
- C:\Windows\System\kHeVspP.exe
  C:\Windows\System\kHeVspP.exe
  2⤵
  PID:6236
- C:\Windows\System\ignJvnd.exe
  C:\Windows\System\ignJvnd.exe
  2⤵
  PID:6300
- C:\Windows\System\mkblVJk.exe
  C:\Windows\System\mkblVJk.exe
  2⤵
  PID:6348
- C:\Windows\System\xurlNFN.exe
  C:\Windows\System\xurlNFN.exe
  2⤵
  PID:6388
- C:\Windows\System\QRPxBas.exe
  C:\Windows\System\QRPxBas.exe
  2⤵
  PID:6404
- C:\Windows\System\MgPDUlw.exe
  C:\Windows\System\MgPDUlw.exe
  2⤵
  PID:6364
- C:\Windows\System\BRDbwKj.exe
  C:\Windows\System\BRDbwKj.exe
  2⤵
  PID:3064
- C:\Windows\System\uqIBxOQ.exe
  C:\Windows\System\uqIBxOQ.exe
  2⤵
  PID:6484
- C:\Windows\System\LceJVMe.exe
  C:\Windows\System\LceJVMe.exe
  2⤵
  PID:6544
- C:\Windows\System\rfiBeqr.exe
  C:\Windows\System\rfiBeqr.exe
  2⤵
  PID:6532
- C:\Windows\System\fvwQgwC.exe
  C:\Windows\System\fvwQgwC.exe
  2⤵
  PID:2080
- C:\Windows\System\mceYupP.exe
  C:\Windows\System\mceYupP.exe
  2⤵
  PID:6612
- C:\Windows\System\qRWkQtb.exe
  C:\Windows\System\qRWkQtb.exe
  2⤵
  PID:6704
- C:\Windows\System\PLHTLea.exe
  C:\Windows\System\PLHTLea.exe
  2⤵
  PID:6688
- C:\Windows\System\LznvGhG.exe
  C:\Windows\System\LznvGhG.exe
  2⤵
  PID:6656
- C:\Windows\System\czxYRXx.exe
  C:\Windows\System\czxYRXx.exe
  2⤵
  PID:6792
- C:\Windows\System\xJrhEYs.exe
  C:\Windows\System\xJrhEYs.exe
  2⤵
  PID:6820
- C:\Windows\System\xlzmeVX.exe
  C:\Windows\System\xlzmeVX.exe
  2⤵
  PID:6872
- C:\Windows\System\BmThxqQ.exe
  C:\Windows\System\BmThxqQ.exe
  2⤵
  PID:6964
- C:\Windows\System\OSPlJBv.exe
  C:\Windows\System\OSPlJBv.exe
  2⤵
  PID:6856
- C:\Windows\System\zMYPAao.exe
  C:\Windows\System\zMYPAao.exe
  2⤵
  PID:6920
- C:\Windows\System\dOcngFJ.exe
  C:\Windows\System\dOcngFJ.exe
  2⤵
  PID:6984
- C:\Windows\System\NJDpzML.exe
  C:\Windows\System\NJDpzML.exe
  2⤵
  PID:7028
- C:\Windows\System\CwlKOBh.exe
  C:\Windows\System\CwlKOBh.exe
  2⤵
  PID:7100
- C:\Windows\System\DuxasrY.exe
  C:\Windows\System\DuxasrY.exe
  2⤵
  PID:7164
- C:\Windows\System\aIvxbhS.exe
  C:\Windows\System\aIvxbhS.exe
  2⤵
  PID:7152
- C:\Windows\System\omXfWxG.exe
  C:\Windows\System\omXfWxG.exe
  2⤵
  PID:7048
- C:\Windows\System\zLbtImg.exe
  C:\Windows\System\zLbtImg.exe
  2⤵
  PID:7084
- C:\Windows\System\jDYHRdo.exe
  C:\Windows\System\jDYHRdo.exe
  2⤵
  PID:5832
- C:\Windows\System\RkLAXhu.exe
  C:\Windows\System\RkLAXhu.exe
  2⤵
  PID:5596
- C:\Windows\System\mKmMrUl.exe
  C:\Windows\System\mKmMrUl.exe
  2⤵
  PID:6372
- C:\Windows\System\ODsqgvO.exe
  C:\Windows\System\ODsqgvO.exe
  2⤵
  PID:5812
- C:\Windows\System\fcWkreF.exe
  C:\Windows\System\fcWkreF.exe
  2⤵
  PID:6232
- C:\Windows\System\EOWLdFG.exe
  C:\Windows\System\EOWLdFG.exe
  2⤵
  PID:6448
- C:\Windows\System\YQRibwK.exe
  C:\Windows\System\YQRibwK.exe
  2⤵
  PID:6400
- C:\Windows\System\irxKGjh.exe
  C:\Windows\System\irxKGjh.exe
  2⤵
  PID:6480
- C:\Windows\System\pklDScN.exe
  C:\Windows\System\pklDScN.exe
  2⤵
  PID:6576
- C:\Windows\System\faqPzth.exe
  C:\Windows\System\faqPzth.exe
  2⤵
  PID:6500
- C:\Windows\System\UGjudGF.exe
  C:\Windows\System\UGjudGF.exe
  2⤵
  PID:6564
- C:\Windows\System\qbHukGb.exe
  C:\Windows\System\qbHukGb.exe
  2⤵
  PID:4352
- C:\Windows\System\npXHJtF.exe
  C:\Windows\System\npXHJtF.exe
  2⤵
  PID:6808
- C:\Windows\System\ZjOENFY.exe
  C:\Windows\System\ZjOENFY.exe
  2⤵
  PID:6936
- C:\Windows\System\Bpdciqp.exe
  C:\Windows\System\Bpdciqp.exe
  2⤵
  PID:6720
- C:\Windows\System\uWMHlSO.exe
  C:\Windows\System\uWMHlSO.exe
  2⤵
  PID:6840
- C:\Windows\System\DjFlQPS.exe
  C:\Windows\System\DjFlQPS.exe
  2⤵
  PID:6968
- C:\Windows\System\otnvfNI.exe
  C:\Windows\System\otnvfNI.exe
  2⤵
  PID:6916
- C:\Windows\System\thbazAA.exe
  C:\Windows\System\thbazAA.exe
  2⤵
  PID:7072
- C:\Windows\System\EjnvhdZ.exe
  C:\Windows\System\EjnvhdZ.exe
  2⤵
  PID:7044
- C:\Windows\System\XEnTCav.exe
  C:\Windows\System\XEnTCav.exe
  2⤵
  PID:7148
- C:\Windows\System\ilStnmH.exe
  C:\Windows\System\ilStnmH.exe
  2⤵
  PID:6284
- C:\Windows\System\fnFULOF.exe
  C:\Windows\System\fnFULOF.exe
  2⤵
  PID:7056
- C:\Windows\System\pAmkipX.exe
  C:\Windows\System\pAmkipX.exe
  2⤵
  PID:6184
- C:\Windows\System\arLscTa.exe
  C:\Windows\System\arLscTa.exe
  2⤵
  PID:6452
- C:\Windows\System\BeYvwCt.exe
  C:\Windows\System\BeYvwCt.exe
  2⤵
  PID:6672
- C:\Windows\System\yVieqKT.exe
  C:\Windows\System\yVieqKT.exe
  2⤵
  PID:6708
- C:\Windows\System\gItNDuF.exe
  C:\Windows\System\gItNDuF.exe
  2⤵
  PID:6932
- C:\Windows\System\eapNraw.exe
  C:\Windows\System\eapNraw.exe
  2⤵
  PID:6692
- C:\Windows\System\JgLutqW.exe
  C:\Windows\System\JgLutqW.exe
  2⤵
  PID:6320
- C:\Windows\System\yFfZkkC.exe
  C:\Windows\System\yFfZkkC.exe
  2⤵
  PID:6368
- C:\Windows\System\VPIipZl.exe
  C:\Windows\System\VPIipZl.exe
  2⤵
  PID:1004
- C:\Windows\System\YUIrWmo.exe
  C:\Windows\System\YUIrWmo.exe
  2⤵
  PID:4892
- C:\Windows\System\sQUKdaE.exe
  C:\Windows\System\sQUKdaE.exe
  2⤵
  PID:6724
- C:\Windows\System\HylTvII.exe
  C:\Windows\System\HylTvII.exe
  2⤵
  PID:7000
- C:\Windows\System\ZcIKvNq.exe
  C:\Windows\System\ZcIKvNq.exe
  2⤵
  PID:7116
- C:\Windows\System\IIkHEAw.exe
  C:\Windows\System\IIkHEAw.exe
  2⤵
  PID:6436
- C:\Windows\System\Awhvdmc.exe
  C:\Windows\System\Awhvdmc.exe
  2⤵
  PID:4312
- C:\Windows\System\IeplANm.exe
  C:\Windows\System\IeplANm.exe
  2⤵
  PID:7176
- C:\Windows\System\WJCgfht.exe
  C:\Windows\System\WJCgfht.exe
  2⤵
  PID:7192
- C:\Windows\System\mHXiJWh.exe
  C:\Windows\System\mHXiJWh.exe
  2⤵
  PID:7208
- C:\Windows\System\eUxFWjm.exe
  C:\Windows\System\eUxFWjm.exe
  2⤵
  PID:7224
- C:\Windows\System\QiiykEj.exe
  C:\Windows\System\QiiykEj.exe
  2⤵
  PID:7240
- C:\Windows\System\bCJKFZg.exe
  C:\Windows\System\bCJKFZg.exe
  2⤵
  PID:7264
- C:\Windows\System\cAIZLiY.exe
  C:\Windows\System\cAIZLiY.exe
  2⤵
  PID:7280
- C:\Windows\System\qSJjJtd.exe
  C:\Windows\System\qSJjJtd.exe
  2⤵
  PID:7300
- C:\Windows\System\bkxaUWi.exe
  C:\Windows\System\bkxaUWi.exe
  2⤵
  PID:7388
- C:\Windows\System\LGhPdNl.exe
  C:\Windows\System\LGhPdNl.exe
  2⤵
  PID:7436
- C:\Windows\System\UfimUyJ.exe
  C:\Windows\System\UfimUyJ.exe
  2⤵
  PID:7452
- C:\Windows\System\bqcMeHa.exe
  C:\Windows\System\bqcMeHa.exe
  2⤵
  PID:7472
- C:\Windows\System\pcLybCW.exe
  C:\Windows\System\pcLybCW.exe
  2⤵
  PID:7492
- C:\Windows\System\eiCLXwT.exe
  C:\Windows\System\eiCLXwT.exe
  2⤵
  PID:7508
- C:\Windows\System\aAKHmnF.exe
  C:\Windows\System\aAKHmnF.exe
  2⤵
  PID:7524
- C:\Windows\System\Hvocoiy.exe
  C:\Windows\System\Hvocoiy.exe
  2⤵
  PID:7540
- C:\Windows\System\bUovsxq.exe
  C:\Windows\System\bUovsxq.exe
  2⤵
  PID:7556
- C:\Windows\System\jjxktjQ.exe
  C:\Windows\System\jjxktjQ.exe
  2⤵
  PID:7572
- C:\Windows\System\EkvEQzX.exe
  C:\Windows\System\EkvEQzX.exe
  2⤵
  PID:7588
- C:\Windows\System\ThAXxRa.exe
  C:\Windows\System\ThAXxRa.exe
  2⤵
  PID:7612
- C:\Windows\System\ahzKkAh.exe
  C:\Windows\System\ahzKkAh.exe
  2⤵
  PID:7628
- C:\Windows\System\RvrzExX.exe
  C:\Windows\System\RvrzExX.exe
  2⤵
  PID:7644
- C:\Windows\System\QWGRnHq.exe
  C:\Windows\System\QWGRnHq.exe
  2⤵
  PID:7668
- C:\Windows\System\oRhzOHv.exe
  C:\Windows\System\oRhzOHv.exe
  2⤵
  PID:7684
- C:\Windows\System\BPsIMff.exe
  C:\Windows\System\BPsIMff.exe
  2⤵
  PID:7720
- C:\Windows\System\VdqiUsE.exe
  C:\Windows\System\VdqiUsE.exe
  2⤵
  PID:7904
- C:\Windows\System\fKNckkB.exe
  C:\Windows\System\fKNckkB.exe
  2⤵
  PID:7968
- C:\Windows\System\HNiFtmw.exe
  C:\Windows\System\HNiFtmw.exe
  2⤵
  PID:8000
- C:\Windows\System\yLYqnVv.exe
  C:\Windows\System\yLYqnVv.exe
  2⤵
  PID:8020
- C:\Windows\System\Hyryeam.exe
  C:\Windows\System\Hyryeam.exe
  2⤵
  PID:8036
- C:\Windows\System\TSfTYrp.exe
  C:\Windows\System\TSfTYrp.exe
  2⤵
  PID:8056
- C:\Windows\System\QylhOpT.exe
  C:\Windows\System\QylhOpT.exe
  2⤵
  PID:8072
- C:\Windows\System\gAbdcAV.exe
  C:\Windows\System\gAbdcAV.exe
  2⤵
  PID:8092
- C:\Windows\System\ZkNpUwU.exe
  C:\Windows\System\ZkNpUwU.exe
  2⤵
  PID:8112
- C:\Windows\System\AIFisbd.exe
  C:\Windows\System\AIFisbd.exe
  2⤵
  PID:8128
- C:\Windows\System\RCaitln.exe
  C:\Windows\System\RCaitln.exe
  2⤵
  PID:8144
- C:\Windows\System\JwCSPba.exe
  C:\Windows\System\JwCSPba.exe
  2⤵
  PID:8160
- C:\Windows\System\ZCcxvFt.exe
  C:\Windows\System\ZCcxvFt.exe
  2⤵
  PID:8176
- C:\Windows\System\WwFGvWA.exe
  C:\Windows\System\WwFGvWA.exe
  2⤵
  PID:1084
- C:\Windows\System\AIQECCC.exe
  C:\Windows\System\AIQECCC.exe
  2⤵
  PID:7200
- C:\Windows\System\pCcPPdw.exe
  C:\Windows\System\pCcPPdw.exe
  2⤵
  PID:7216
- C:\Windows\System\oKllNBY.exe
  C:\Windows\System\oKllNBY.exe
  2⤵
  PID:3292
- C:\Windows\System\INNrEwL.exe
  C:\Windows\System\INNrEwL.exe
  2⤵
  PID:6468
- C:\Windows\System\mmUCteu.exe
  C:\Windows\System\mmUCteu.exe
  2⤵
  PID:6852
- C:\Windows\System\hehFYqu.exe
  C:\Windows\System\hehFYqu.exe
  2⤵
  PID:7248
- C:\Windows\System\HrhXoQG.exe
  C:\Windows\System\HrhXoQG.exe
  2⤵
  PID:7312
- C:\Windows\System\cQUutbr.exe
  C:\Windows\System\cQUutbr.exe
  2⤵
  PID:7332
- C:\Windows\System\DTNLlLs.exe
  C:\Windows\System\DTNLlLs.exe
  2⤵
  PID:7288
- C:\Windows\System\DPWiCQM.exe
  C:\Windows\System\DPWiCQM.exe
  2⤵
  PID:7260
- C:\Windows\System\xlqnNDJ.exe
  C:\Windows\System\xlqnNDJ.exe
  2⤵
  PID:7364
- C:\Windows\System\AldTqHG.exe
  C:\Windows\System\AldTqHG.exe
  2⤵
  PID:7380
- C:\Windows\System\uuOsZEt.exe
  C:\Windows\System\uuOsZEt.exe
  2⤵
  PID:7400
- C:\Windows\System\wrtMNJt.exe
  C:\Windows\System\wrtMNJt.exe
  2⤵
  PID:7416
- C:\Windows\System\JdLxNhs.exe
  C:\Windows\System\JdLxNhs.exe
  2⤵
  PID:7424
- C:\Windows\System\VphCJSj.exe
  C:\Windows\System\VphCJSj.exe
  2⤵
  PID:7484
- C:\Windows\System\UzQfyUX.exe
  C:\Windows\System\UzQfyUX.exe
  2⤵
  PID:7500
- C:\Windows\System\vUiIPXm.exe
  C:\Windows\System\vUiIPXm.exe
  2⤵
  PID:7568
- C:\Windows\System\XLqCLGA.exe
  C:\Windows\System\XLqCLGA.exe
  2⤵
  PID:7548
- C:\Windows\System\jvyIpmz.exe
  C:\Windows\System\jvyIpmz.exe
  2⤵
  PID:7624
- C:\Windows\System\DorrueA.exe
  C:\Windows\System\DorrueA.exe
  2⤵
  PID:7600
- C:\Windows\System\djdOvdd.exe
  C:\Windows\System\djdOvdd.exe
  2⤵
  PID:7660
- C:\Windows\System\STRLhym.exe
  C:\Windows\System\STRLhym.exe
  2⤵
  PID:7640
- C:\Windows\System\fDDLOnL.exe
  C:\Windows\System\fDDLOnL.exe
  2⤵
  PID:7696
- C:\Windows\System\jjewKHz.exe
  C:\Windows\System\jjewKHz.exe
  2⤵
  PID:7716
- C:\Windows\System\ONbDMMf.exe
  C:\Windows\System\ONbDMMf.exe
  2⤵
  PID:7756
- C:\Windows\System\ACzypju.exe
  C:\Windows\System\ACzypju.exe
  2⤵
  PID:7760
- C:\Windows\System\qQejUAO.exe
  C:\Windows\System\qQejUAO.exe
  2⤵
  PID:7776
- C:\Windows\System\IRvKJlE.exe
  C:\Windows\System\IRvKJlE.exe
  2⤵
  PID:7816
- C:\Windows\System\OWNEvjE.exe
  C:\Windows\System\OWNEvjE.exe
  2⤵
  PID:7824
- C:\Windows\System\gLvYLsn.exe
  C:\Windows\System\gLvYLsn.exe
  2⤵
  PID:7844
- C:\Windows\System\ZNCvzix.exe
  C:\Windows\System\ZNCvzix.exe
  2⤵
  PID:7852
- C:\Windows\System\SZXWYwE.exe
  C:\Windows\System\SZXWYwE.exe
  2⤵
  PID:7932
- C:\Windows\System\fBXyTXd.exe
  C:\Windows\System\fBXyTXd.exe
  2⤵
  PID:7948
- C:\Windows\System\hACvLeg.exe
  C:\Windows\System\hACvLeg.exe
  2⤵
  PID:7964
- C:\Windows\System\chooHHA.exe
  C:\Windows\System\chooHHA.exe
  2⤵
  PID:7840
- C:\Windows\System\rauXwSU.exe
  C:\Windows\System\rauXwSU.exe
  2⤵
  PID:7872
- C:\Windows\System\wDflosC.exe
  C:\Windows\System\wDflosC.exe
  2⤵
  PID:7892
- C:\Windows\System\BOrMnJf.exe
  C:\Windows\System\BOrMnJf.exe
  2⤵
  PID:8012
- C:\Windows\System\ekhLVRt.exe
  C:\Windows\System\ekhLVRt.exe
  2⤵
  PID:8052
- C:\Windows\System\GBdfGgR.exe
  C:\Windows\System\GBdfGgR.exe
  2⤵
  PID:8080
- C:\Windows\System\dzFAlPf.exe
  C:\Windows\System\dzFAlPf.exe
  2⤵
  PID:8124
- C:\Windows\System\xbLkoKw.exe
  C:\Windows\System\xbLkoKw.exe
  2⤵
  PID:7900
- C:\Windows\System\TLsBfFw.exe
  C:\Windows\System\TLsBfFw.exe
  2⤵
  PID:7204
- C:\Windows\System\UplCEUi.exe
  C:\Windows\System\UplCEUi.exe
  2⤵
  PID:7016
- C:\Windows\System\hlKOpqL.exe
  C:\Windows\System\hlKOpqL.exe
  2⤵
  PID:4288
- C:\Windows\System\guyalAE.exe
  C:\Windows\System\guyalAE.exe
  2⤵
  PID:6904
- C:\Windows\System\ZovBzuX.exe
  C:\Windows\System\ZovBzuX.exe
  2⤵
  PID:8168
- C:\Windows\System\bZldpLx.exe
  C:\Windows\System\bZldpLx.exe
  2⤵
  PID:8136
- C:\Windows\System\KKqwQMC.exe
  C:\Windows\System\KKqwQMC.exe
  2⤵
  PID:8064
- C:\Windows\System\QWcMlXb.exe
  C:\Windows\System\QWcMlXb.exe
  2⤵
  PID:2684
- C:\Windows\System\doxeTxO.exe
  C:\Windows\System\doxeTxO.exe
  2⤵
  PID:7344
- C:\Windows\System\lHMgdew.exe
  C:\Windows\System\lHMgdew.exe
  2⤵
  PID:7256
- C:\Windows\System\TcAduKx.exe
  C:\Windows\System\TcAduKx.exe
  2⤵
  PID:7412
- C:\Windows\System\VpCclcZ.exe
  C:\Windows\System\VpCclcZ.exe
  2⤵
  PID:7532
- C:\Windows\System\mhEcjbn.exe
  C:\Windows\System\mhEcjbn.exe
  2⤵
  PID:7360
- C:\Windows\System\GILeLnJ.exe
  C:\Windows\System\GILeLnJ.exe
  2⤵
  PID:7584
- C:\Windows\System\TNJGDvk.exe
  C:\Windows\System\TNJGDvk.exe
  2⤵
  PID:7468
- C:\Windows\System\alcDCOD.exe
  C:\Windows\System\alcDCOD.exe
  2⤵
  PID:7680
- C:\Windows\System\snKtOTf.exe
  C:\Windows\System\snKtOTf.exe
  2⤵
  PID:7536
- C:\Windows\System\nILEeYg.exe
  C:\Windows\System\nILEeYg.exe
  2⤵
  PID:7740
- C:\Windows\System\TinPIZz.exe
  C:\Windows\System\TinPIZz.exe
  2⤵
  PID:7748
- C:\Windows\System\zmCnkmB.exe
  C:\Windows\System\zmCnkmB.exe
  2⤵
  PID:7800
- C:\Windows\System\FcTUBOq.exe
  C:\Windows\System\FcTUBOq.exe
  2⤵
  PID:7768
- C:\Windows\System\ZgRcXsp.exe
  C:\Windows\System\ZgRcXsp.exe
  2⤵
  PID:7944
- C:\Windows\System\gJAoLsO.exe
  C:\Windows\System\gJAoLsO.exe
  2⤵
  PID:7884
- C:\Windows\System\iFyjhcD.exe
  C:\Windows\System\iFyjhcD.exe
  2⤵
  PID:5136
- C:\Windows\System\PWtqHeE.exe
  C:\Windows\System\PWtqHeE.exe
  2⤵
  PID:7976
- C:\Windows\System\MtCMpty.exe
  C:\Windows\System\MtCMpty.exe
  2⤵
  PID:7744
- C:\Windows\System\bNtwNQU.exe
  C:\Windows\System\bNtwNQU.exe
  2⤵
  PID:8120
- C:\Windows\System\FQddFqi.exe
  C:\Windows\System\FQddFqi.exe
  2⤵
  PID:7984
- C:\Windows\System\QUZOxjz.exe
  C:\Windows\System\QUZOxjz.exe
  2⤵
  PID:7988
- C:\Windows\System\pxjqDqC.exe
  C:\Windows\System\pxjqDqC.exe
  2⤵
  PID:8108
- C:\Windows\System\HxItxia.exe
  C:\Windows\System\HxItxia.exe
  2⤵
  PID:8100
- C:\Windows\System\qkgDADF.exe
  C:\Windows\System\qkgDADF.exe
  2⤵
  PID:2208
- C:\Windows\System\cylKLrT.exe
  C:\Windows\System\cylKLrT.exe
  2⤵
  PID:7376
- C:\Windows\System\HXtARxY.exe
  C:\Windows\System\HXtARxY.exe
  2⤵
  PID:7428
- C:\Windows\System\gwLHkVT.exe
  C:\Windows\System\gwLHkVT.exe
  2⤵
  PID:7396
- C:\Windows\System\tvawMgu.exe
  C:\Windows\System\tvawMgu.exe
  2⤵
  PID:7520
- C:\Windows\System\gWnWglN.exe
  C:\Windows\System\gWnWglN.exe
  2⤵
  PID:7636
- C:\Windows\System\FpILuGR.exe
  C:\Windows\System\FpILuGR.exe
  2⤵
  PID:7772
- C:\Windows\System\jPuVvGo.exe
  C:\Windows\System\jPuVvGo.exe
  2⤵
  PID:7880
- C:\Windows\System\AmEKxsw.exe
  C:\Windows\System\AmEKxsw.exe
  2⤵
  PID:7788
- C:\Windows\System\YtPlDDC.exe
  C:\Windows\System\YtPlDDC.exe
  2⤵
  PID:7956
- C:\Windows\System\LISNlOZ.exe
  C:\Windows\System\LISNlOZ.exe
  2⤵
  PID:7928
- C:\Windows\System\ZLfMKDN.exe
  C:\Windows\System\ZLfMKDN.exe
  2⤵
  PID:8156
- C:\Windows\System\vPCXNeg.exe
  C:\Windows\System\vPCXNeg.exe
  2⤵
  PID:8028
- C:\Windows\System\KmONqwN.exe
  C:\Windows\System\KmONqwN.exe
  2⤵
  PID:7252
- C:\Windows\System\jBlemBv.exe
  C:\Windows\System\jBlemBv.exe
  2⤵
  PID:6952
- C:\Windows\System\oFivajD.exe
  C:\Windows\System\oFivajD.exe
  2⤵
  PID:7836
- C:\Windows\System\rWsBWyX.exe
  C:\Windows\System\rWsBWyX.exe
  2⤵
  PID:7324
- C:\Windows\System\HtjAkLQ.exe
  C:\Windows\System\HtjAkLQ.exe
  2⤵
  PID:2936
- C:\Windows\System\uHmVudL.exe
  C:\Windows\System\uHmVudL.exe
  2⤵
  PID:7700
- C:\Windows\System\NJtDBkO.exe
  C:\Windows\System\NJtDBkO.exe
  2⤵
  PID:7828
- C:\Windows\System\wKxduhM.exe
  C:\Windows\System\wKxduhM.exe
  2⤵
  PID:7916
- C:\Windows\System\iodwJWA.exe
  C:\Windows\System\iodwJWA.exe
  2⤵
  PID:7868
- C:\Windows\System\UqTIilH.exe
  C:\Windows\System\UqTIilH.exe
  2⤵
  PID:8196
- C:\Windows\System\KgJAnoe.exe
  C:\Windows\System\KgJAnoe.exe
  2⤵
  PID:8212
- C:\Windows\System\gQuXNob.exe
  C:\Windows\System\gQuXNob.exe
  2⤵
  PID:8228
- C:\Windows\System\BGsnThE.exe
  C:\Windows\System\BGsnThE.exe
  2⤵
  PID:8244
- C:\Windows\System\zzMnHxO.exe
  C:\Windows\System\zzMnHxO.exe
  2⤵
  PID:8260
- C:\Windows\System\MqAxcDz.exe
  C:\Windows\System\MqAxcDz.exe
  2⤵
  PID:8276
- C:\Windows\System\DoUuEkj.exe
  C:\Windows\System\DoUuEkj.exe
  2⤵
  PID:8292
- C:\Windows\System\SBgYSTo.exe
  C:\Windows\System\SBgYSTo.exe
  2⤵
  PID:8308
- C:\Windows\System\nqgRnje.exe
  C:\Windows\System\nqgRnje.exe
  2⤵
  PID:8328
- C:\Windows\System\KPfiHIO.exe
  C:\Windows\System\KPfiHIO.exe
  2⤵
  PID:8344
- C:\Windows\System\BqrIaCq.exe
  C:\Windows\System\BqrIaCq.exe
  2⤵
  PID:8360
- C:\Windows\System\ohACGUp.exe
  C:\Windows\System\ohACGUp.exe
  2⤵
  PID:8376
- C:\Windows\System\kzOyEGE.exe
  C:\Windows\System\kzOyEGE.exe
  2⤵
  PID:8392
- C:\Windows\System\VMDLysd.exe
  C:\Windows\System\VMDLysd.exe
  2⤵
  PID:8408
- C:\Windows\System\WfJnumn.exe
  C:\Windows\System\WfJnumn.exe
  2⤵
  PID:8424
- C:\Windows\System\eXZwlNO.exe
  C:\Windows\System\eXZwlNO.exe
  2⤵
  PID:8440
- C:\Windows\System\dFQUHsI.exe
  C:\Windows\System\dFQUHsI.exe
  2⤵
  PID:8456
- C:\Windows\System\uugaJFI.exe
  C:\Windows\System\uugaJFI.exe
  2⤵
  PID:8504
- C:\Windows\System\NaVugIA.exe
  C:\Windows\System\NaVugIA.exe
  2⤵
  PID:9000
- C:\Windows\System\lmjPRuc.exe
  C:\Windows\System\lmjPRuc.exe
  2⤵
  PID:9020
- C:\Windows\System\eDQhmeL.exe
  C:\Windows\System\eDQhmeL.exe
  2⤵
  PID:9036
- C:\Windows\System\CYMvOkE.exe
  C:\Windows\System\CYMvOkE.exe
  2⤵
  PID:9052
- C:\Windows\System\SyiYiWz.exe
  C:\Windows\System\SyiYiWz.exe
  2⤵
  PID:9068
- C:\Windows\System\cKNLXSw.exe
  C:\Windows\System\cKNLXSw.exe
  2⤵
  PID:9088
- C:\Windows\System\NmwwrVD.exe
  C:\Windows\System\NmwwrVD.exe
  2⤵
  PID:9108
- C:\Windows\System\XAMVsFl.exe
  C:\Windows\System\XAMVsFl.exe
  2⤵
  PID:9124
- C:\Windows\System\IZaqPWy.exe
  C:\Windows\System\IZaqPWy.exe
  2⤵
  PID:9152
- C:\Windows\System\KVjYXFN.exe
  C:\Windows\System\KVjYXFN.exe
  2⤵
  PID:9168
- C:\Windows\System\JTMYPOD.exe
  C:\Windows\System\JTMYPOD.exe
  2⤵
  PID:9184
- C:\Windows\System\Lvzvccx.exe
  C:\Windows\System\Lvzvccx.exe
  2⤵
  PID:8208
- C:\Windows\System\WDxXuTQ.exe
  C:\Windows\System\WDxXuTQ.exe
  2⤵
  PID:8220
- C:\Windows\System\MteTeFP.exe
  C:\Windows\System\MteTeFP.exe
  2⤵
  PID:7320
- C:\Windows\System\krZlfLx.exe
  C:\Windows\System\krZlfLx.exe
  2⤵
  PID:8304
- C:\Windows\System\HIZfnqa.exe
  C:\Windows\System\HIZfnqa.exe
  2⤵
  PID:8252
- C:\Windows\System\HThZpNP.exe
  C:\Windows\System\HThZpNP.exe
  2⤵
  PID:8316
- C:\Windows\System\LDbcaBi.exe
  C:\Windows\System\LDbcaBi.exe
  2⤵
  PID:8356
- C:\Windows\System\BJQQLHF.exe
  C:\Windows\System\BJQQLHF.exe
  2⤵
  PID:8384
- C:\Windows\System\mXcPVYf.exe
  C:\Windows\System\mXcPVYf.exe
  2⤵
  PID:968
- C:\Windows\System\zKBsPLN.exe
  C:\Windows\System\zKBsPLN.exe
  2⤵
  PID:8476
- C:\Windows\System\ohnBjWx.exe
  C:\Windows\System\ohnBjWx.exe
  2⤵
  PID:8500
- C:\Windows\System\otLRgpF.exe
  C:\Windows\System\otLRgpF.exe
  2⤵
  PID:8524
- C:\Windows\System\CrqLSCH.exe
  C:\Windows\System\CrqLSCH.exe
  2⤵
  PID:8520
- C:\Windows\System\hTCnOvQ.exe
  C:\Windows\System\hTCnOvQ.exe
  2⤵
  PID:8592
- C:\Windows\System\aasJAJc.exe
  C:\Windows\System\aasJAJc.exe
  2⤵
  PID:8560
- C:\Windows\System\vpQhaBy.exe
  C:\Windows\System\vpQhaBy.exe
  2⤵
  PID:8596
- C:\Windows\System\hJQmfiq.exe
  C:\Windows\System\hJQmfiq.exe
  2⤵
  PID:8616
- C:\Windows\System\dKGgYea.exe
  C:\Windows\System\dKGgYea.exe
  2⤵
  PID:8640
- C:\Windows\System\iTFcVfC.exe
  C:\Windows\System\iTFcVfC.exe
  2⤵
  PID:8652
- C:\Windows\System\vmynqKg.exe
  C:\Windows\System\vmynqKg.exe
  2⤵
  PID:8680
- C:\Windows\System\PgvrekN.exe
  C:\Windows\System\PgvrekN.exe
  2⤵
  PID:8696
- C:\Windows\System\SQcuqvt.exe
  C:\Windows\System\SQcuqvt.exe
  2⤵
  PID:8716
- C:\Windows\System\HirnRVW.exe
  C:\Windows\System\HirnRVW.exe
  2⤵
  PID:8724
- C:\Windows\System\yeWZRxK.exe
  C:\Windows\System\yeWZRxK.exe
  2⤵
  PID:8776
- C:\Windows\System\naAqJSf.exe
  C:\Windows\System\naAqJSf.exe
  2⤵
  PID:8768
- C:\Windows\System\ccEUTpN.exe
  C:\Windows\System\ccEUTpN.exe
  2⤵
  PID:8816
- C:\Windows\System\JzaiPJy.exe
  C:\Windows\System\JzaiPJy.exe
  2⤵
  PID:8836
- C:\Windows\System\FiTEawg.exe
  C:\Windows\System\FiTEawg.exe
  2⤵
  PID:8888
- C:\Windows\System\ZexNiId.exe
  C:\Windows\System\ZexNiId.exe
  2⤵
  PID:8880
- C:\Windows\System\dOqUcWR.exe
  C:\Windows\System\dOqUcWR.exe
  2⤵
  PID:8892
- C:\Windows\System\awbKmzu.exe
  C:\Windows\System\awbKmzu.exe
  2⤵
  PID:8904
- C:\Windows\System\rqZixZe.exe
  C:\Windows\System\rqZixZe.exe
  2⤵
  PID:8920
- C:\Windows\System\SQEVcRo.exe
  C:\Windows\System\SQEVcRo.exe
  2⤵
  PID:8948
- C:\Windows\System\QJoobdI.exe
  C:\Windows\System\QJoobdI.exe
  2⤵
  PID:8972
- C:\Windows\System\OkQGYRT.exe
  C:\Windows\System\OkQGYRT.exe
  2⤵
  PID:8988
- C:\Windows\System\wfinsnP.exe
  C:\Windows\System\wfinsnP.exe
  2⤵
  PID:9016
- C:\Windows\System\JMsxwvG.exe
  C:\Windows\System\JMsxwvG.exe
  2⤵
  PID:9076
- C:\Windows\System\qsQfmPL.exe
  C:\Windows\System\qsQfmPL.exe
  2⤵
  PID:9096
- C:\Windows\System\gBgNqwk.exe
  C:\Windows\System\gBgNqwk.exe
  2⤵
  PID:9136
- C:\Windows\System\ClvWHTu.exe
  C:\Windows\System\ClvWHTu.exe
  2⤵
  PID:9176
- C:\Windows\System\ykVYYbt.exe
  C:\Windows\System\ykVYYbt.exe
  2⤵
  PID:9204
- C:\Windows\System\dmCvfzs.exe
  C:\Windows\System\dmCvfzs.exe
  2⤵
  PID:6596
- C:\Windows\System\ZjYQBnF.exe
  C:\Windows\System\ZjYQBnF.exe
  2⤵
  PID:7420
- C:\Windows\System\NmlIUwz.exe
  C:\Windows\System\NmlIUwz.exe
  2⤵
  PID:688
- C:\Windows\System\rJSPvoQ.exe
  C:\Windows\System\rJSPvoQ.exe
  2⤵
  PID:8400
- C:\Windows\System\zEtnEfM.exe
  C:\Windows\System\zEtnEfM.exe
  2⤵
  PID:8464
- C:\Windows\System\WfGPVJm.exe
  C:\Windows\System\WfGPVJm.exe
  2⤵
  PID:8452
- C:\Windows\System\VBLduQh.exe
  C:\Windows\System\VBLduQh.exe
  2⤵
  PID:8492
- C:\Windows\System\rPPDOoN.exe
  C:\Windows\System\rPPDOoN.exe
  2⤵
  PID:8516
- C:\Windows\System\EFdqaDt.exe
  C:\Windows\System\EFdqaDt.exe
  2⤵
  PID:8552
- C:\Windows\System\qvkJVuU.exe
  C:\Windows\System\qvkJVuU.exe
  2⤵
  PID:8688
- C:\Windows\System\gDuCpST.exe
  C:\Windows\System\gDuCpST.exe
  2⤵
  PID:8764
- C:\Windows\System\uEzhQUU.exe
  C:\Windows\System\uEzhQUU.exe
  2⤵
  PID:8588
- C:\Windows\System\YKQsAtN.exe
  C:\Windows\System\YKQsAtN.exe
  2⤵
  PID:8672
- C:\Windows\System\CucpHpm.exe
  C:\Windows\System\CucpHpm.exe
  2⤵
  PID:8744
- C:\Windows\System\PvMNZtR.exe
  C:\Windows\System\PvMNZtR.exe
  2⤵
  PID:8780
- C:\Windows\System\XueapcA.exe
  C:\Windows\System\XueapcA.exe
  2⤵
  PID:8812
- C:\Windows\System\mDKaIOz.exe
  C:\Windows\System\mDKaIOz.exe
  2⤵
  PID:8868
- C:\Windows\System\XPUVtEE.exe
  C:\Windows\System\XPUVtEE.exe
  2⤵
  PID:8856
- C:\Windows\System\WjHWzhO.exe
  C:\Windows\System\WjHWzhO.exe
  2⤵
  PID:8936
- C:\Windows\System\iTIbjaU.exe
  C:\Windows\System\iTIbjaU.exe
  2⤵
  PID:8980
- C:\Windows\System\gUmRcqb.exe
  C:\Windows\System\gUmRcqb.exe
  2⤵
  PID:9008
- C:\Windows\System\OymYTfc.exe
  C:\Windows\System\OymYTfc.exe
  2⤵
  PID:9044
- C:\Windows\System\ufOmvLQ.exe
  C:\Windows\System\ufOmvLQ.exe
  2⤵
  PID:9060
- C:\Windows\System\QzioUET.exe
  C:\Windows\System\QzioUET.exe
  2⤵
  PID:9144
- C:\Windows\System\DBIQWLt.exe
  C:\Windows\System\DBIQWLt.exe
  2⤵
  PID:9200
- C:\Windows\System\GUCQQAT.exe
  C:\Windows\System\GUCQQAT.exe
  2⤵
  PID:8236
- C:\Windows\System\YyTuuct.exe
  C:\Windows\System\YyTuuct.exe
  2⤵
  PID:8284
- C:\Windows\System\OdeoSbt.exe
  C:\Windows\System\OdeoSbt.exe
  2⤵
  PID:2732
- C:\Windows\System\lATnEfH.exe
  C:\Windows\System\lATnEfH.exe
  2⤵
  PID:8432
- C:\Windows\System\VGPLVRt.exe
  C:\Windows\System\VGPLVRt.exe
  2⤵
  PID:8608
- C:\Windows\System\aZcOfQy.exe
  C:\Windows\System\aZcOfQy.exe
  2⤵
  PID:8556
- C:\Windows\System\PdePNlj.exe
  C:\Windows\System\PdePNlj.exe
  2⤵
  PID:8752
- C:\Windows\System\QZBWOfu.exe
  C:\Windows\System\QZBWOfu.exe
  2⤵
  PID:8704
- C:\Windows\System\jQxGHwB.exe
  C:\Windows\System\jQxGHwB.exe
  2⤵
  PID:8712
- C:\Windows\System\mYyspSc.exe
  C:\Windows\System\mYyspSc.exe
  2⤵
  PID:8804
- C:\Windows\System\RDJblKC.exe
  C:\Windows\System\RDJblKC.exe
  2⤵
  PID:8828
- C:\Windows\System\CVhSYpp.exe
  C:\Windows\System\CVhSYpp.exe
  2⤵
  PID:8896
- C:\Windows\System\VQuEdge.exe
  C:\Windows\System\VQuEdge.exe
  2⤵
  PID:8924
- C:\Windows\System\kcUxFQu.exe
  C:\Windows\System\kcUxFQu.exe
  2⤵
  PID:8968
- C:\Windows\System\cJvUhtu.exe
  C:\Windows\System\cJvUhtu.exe
  2⤵
  PID:9080
- C:\Windows\System\JGqGved.exe
  C:\Windows\System\JGqGved.exe
  2⤵
  PID:8204
- C:\Windows\System\MKUAkcJ.exe
  C:\Windows\System\MKUAkcJ.exe
  2⤵
  PID:8532
- C:\Windows\System\PSXAOOg.exe
  C:\Windows\System\PSXAOOg.exe
  2⤵
  PID:8580
- C:\Windows\System\WSgEWVZ.exe
  C:\Windows\System\WSgEWVZ.exe
  2⤵
  PID:8800
- C:\Windows\System\xBOOMDG.exe
  C:\Windows\System\xBOOMDG.exe
  2⤵
  PID:8436
- C:\Windows\System\byJcvwb.exe
  C:\Windows\System\byJcvwb.exe
  2⤵
  PID:7792
- C:\Windows\System\BZyUvUd.exe
  C:\Windows\System\BZyUvUd.exe
  2⤵
  PID:8844
- C:\Windows\System\WtLJgGR.exe
  C:\Windows\System\WtLJgGR.exe
  2⤵
  PID:9132
- C:\Windows\System\BPLbiGx.exe
  C:\Windows\System\BPLbiGx.exe
  2⤵
  PID:8996
- C:\Windows\System\bZDoOBF.exe
  C:\Windows\System\bZDoOBF.exe
  2⤵
  PID:8636
- C:\Windows\System\tfreKoJ.exe
  C:\Windows\System\tfreKoJ.exe
  2⤵
  PID:9164
- C:\Windows\System\eMdyrFq.exe
  C:\Windows\System\eMdyrFq.exe
  2⤵
  PID:9064
- C:\Windows\System\IhwuUfM.exe
  C:\Windows\System\IhwuUfM.exe
  2⤵
  PID:8912
- C:\Windows\System\DfFrNwl.exe
  C:\Windows\System\DfFrNwl.exe
  2⤵
  PID:8564
- C:\Windows\System\snpVJEL.exe
  C:\Windows\System\snpVJEL.exe
  2⤵
  PID:8940
- C:\Windows\System\cJCIyPn.exe
  C:\Windows\System\cJCIyPn.exe
  2⤵
  PID:8692
- C:\Windows\System\EiINedf.exe
  C:\Windows\System\EiINedf.exe
  2⤵
  PID:9232
- C:\Windows\System\ixQvBGr.exe
  C:\Windows\System\ixQvBGr.exe
  2⤵
  PID:9248
- C:\Windows\System\hTsZuWM.exe
  C:\Windows\System\hTsZuWM.exe
  2⤵
  PID:9264
- C:\Windows\System\bVrfwKE.exe
  C:\Windows\System\bVrfwKE.exe
  2⤵
  PID:9284
- C:\Windows\System\RTNHnwL.exe
  C:\Windows\System\RTNHnwL.exe
  2⤵
  PID:9308
- C:\Windows\System\psqsptp.exe
  C:\Windows\System\psqsptp.exe
  2⤵
  PID:9332
- C:\Windows\System\lNevhsM.exe
  C:\Windows\System\lNevhsM.exe
  2⤵
  PID:9348
- C:\Windows\System\aqsochn.exe
  C:\Windows\System\aqsochn.exe
  2⤵
  PID:9372
- C:\Windows\System\yutmAAB.exe
  C:\Windows\System\yutmAAB.exe
  2⤵
  PID:9388
- C:\Windows\System\sCJOZPR.exe
  C:\Windows\System\sCJOZPR.exe
  2⤵
  PID:9408
- C:\Windows\System\NpNbpdo.exe
  C:\Windows\System\NpNbpdo.exe
  2⤵
  PID:9424
- C:\Windows\System\YLpidQF.exe
  C:\Windows\System\YLpidQF.exe
  2⤵
  PID:9440
- C:\Windows\System\GKqDqNv.exe
  C:\Windows\System\GKqDqNv.exe
  2⤵
  PID:9456
- C:\Windows\System\GzPhLuM.exe
  C:\Windows\System\GzPhLuM.exe
  2⤵
  PID:9480
- C:\Windows\System\QBGxCRt.exe
  C:\Windows\System\QBGxCRt.exe
  2⤵
  PID:9496
- C:\Windows\System\XUtcChx.exe
  C:\Windows\System\XUtcChx.exe
  2⤵
  PID:9520
- C:\Windows\System\pkCozQR.exe
  C:\Windows\System\pkCozQR.exe
  2⤵
  PID:9544
- C:\Windows\System\BQLkuvE.exe
  C:\Windows\System\BQLkuvE.exe
  2⤵
  PID:9564
- C:\Windows\System\UVahKVD.exe
  C:\Windows\System\UVahKVD.exe
  2⤵
  PID:9588
- C:\Windows\System\lmGrtKw.exe
  C:\Windows\System\lmGrtKw.exe
  2⤵
  PID:9616
- C:\Windows\System\QoOKLIG.exe
  C:\Windows\System\QoOKLIG.exe
  2⤵
  PID:9632
- C:\Windows\System\lOUCZBd.exe
  C:\Windows\System\lOUCZBd.exe
  2⤵
  PID:9652
- C:\Windows\System\IVcCaat.exe
  C:\Windows\System\IVcCaat.exe
  2⤵
  PID:9668
- C:\Windows\System\dAiQDRl.exe
  C:\Windows\System\dAiQDRl.exe
  2⤵
  PID:9684
- C:\Windows\System\vWDDUOi.exe
  C:\Windows\System\vWDDUOi.exe
  2⤵
  PID:9700
- C:\Windows\System\hibIhaH.exe
  C:\Windows\System\hibIhaH.exe
  2⤵
  PID:9728
- C:\Windows\System\ZjxYDdq.exe
  C:\Windows\System\ZjxYDdq.exe
  2⤵
  PID:9756
- C:\Windows\System\YAgKDqS.exe
  C:\Windows\System\YAgKDqS.exe
  2⤵
  PID:9776
- C:\Windows\System\KbhQtDk.exe
  C:\Windows\System\KbhQtDk.exe
  2⤵
  PID:9792
- C:\Windows\System\oGkbnHD.exe
  C:\Windows\System\oGkbnHD.exe
  2⤵
  PID:9812
- C:\Windows\System\rcUaMzJ.exe
  C:\Windows\System\rcUaMzJ.exe
  2⤵
  PID:9836
- C:\Windows\System\UKjRsRO.exe
  C:\Windows\System\UKjRsRO.exe
  2⤵
  PID:9852
- C:\Windows\System\dksIznl.exe
  C:\Windows\System\dksIznl.exe
  2⤵
  PID:9876
- C:\Windows\System\EvCgUVR.exe
  C:\Windows\System\EvCgUVR.exe
  2⤵
  PID:9892
- C:\Windows\System\mXEGWJW.exe
  C:\Windows\System\mXEGWJW.exe
  2⤵
  PID:9908
- C:\Windows\System\UuzQWcj.exe
  C:\Windows\System\UuzQWcj.exe
  2⤵
  PID:9924
- C:\Windows\System\ZITBPqU.exe
  C:\Windows\System\ZITBPqU.exe
  2⤵
  PID:9944
- C:\Windows\System\QcbRcug.exe
  C:\Windows\System\QcbRcug.exe
  2⤵
  PID:9960
- C:\Windows\System\avvqcFu.exe
  C:\Windows\System\avvqcFu.exe
  2⤵
  PID:9988
- C:\Windows\System\CKaDhzg.exe
  C:\Windows\System\CKaDhzg.exe
  2⤵
  PID:10004
- C:\Windows\System\FdqiMvN.exe
  C:\Windows\System\FdqiMvN.exe
  2⤵
  PID:10020
- C:\Windows\System\moYhsFc.exe
  C:\Windows\System\moYhsFc.exe
  2⤵
  PID:10040
- C:\Windows\System\BnXDtYj.exe
  C:\Windows\System\BnXDtYj.exe
  2⤵
  PID:10064
- C:\Windows\System\IoxpKlk.exe
  C:\Windows\System\IoxpKlk.exe
  2⤵
  PID:10088
- C:\Windows\System\gyYGaYS.exe
  C:\Windows\System\gyYGaYS.exe
  2⤵
  PID:10112
- C:\Windows\System\aOqMxwZ.exe
  C:\Windows\System\aOqMxwZ.exe
  2⤵
  PID:10132
- C:\Windows\System\bwECqCR.exe
  C:\Windows\System\bwECqCR.exe
  2⤵
  PID:10148
- C:\Windows\System\AwNfmgO.exe
  C:\Windows\System\AwNfmgO.exe
  2⤵
  PID:10172
- C:\Windows\System\MobjaST.exe
  C:\Windows\System\MobjaST.exe
  2⤵
  PID:10196
- C:\Windows\System\iZIekQC.exe
  C:\Windows\System\iZIekQC.exe
  2⤵
  PID:10212
- C:\Windows\System\glfhdco.exe
  C:\Windows\System\glfhdco.exe
  2⤵
  PID:10228
- C:\Windows\System\uFmfDVg.exe
  C:\Windows\System\uFmfDVg.exe
  2⤵
  PID:8720
- C:\Windows\System\GxnmsQw.exe
  C:\Windows\System\GxnmsQw.exe
  2⤵
  PID:9228
- C:\Windows\System\pNmyVcZ.exe
  C:\Windows\System\pNmyVcZ.exe
  2⤵
  PID:9292
- C:\Windows\System\zqDZaxi.exe
  C:\Windows\System\zqDZaxi.exe
  2⤵
  PID:8760
- C:\Windows\System\PmJsjDr.exe
  C:\Windows\System\PmJsjDr.exe
  2⤵
  PID:9324
- C:\Windows\System\lqeJXoz.exe
  C:\Windows\System\lqeJXoz.exe
  2⤵
  PID:9356
- C:\Windows\System\BwoZvbX.exe
  C:\Windows\System\BwoZvbX.exe
  2⤵
  PID:9396
- C:\Windows\System\ySbImZT.exe
  C:\Windows\System\ySbImZT.exe
  2⤵
  PID:9448
- C:\Windows\System\ivuIigK.exe
  C:\Windows\System\ivuIigK.exe
  2⤵
  PID:9528
- C:\Windows\System\wawpJJv.exe
  C:\Windows\System\wawpJJv.exe
  2⤵
  PID:9468
- C:\Windows\System\NpuEvPh.exe
  C:\Windows\System\NpuEvPh.exe
  2⤵
  PID:9464
- C:\Windows\System\hwKWDOW.exe
  C:\Windows\System\hwKWDOW.exe
  2⤵
  PID:9596
- C:\Windows\System\kuDLLba.exe
  C:\Windows\System\kuDLLba.exe
  2⤵
  PID:9660
- C:\Windows\System\nYEUGwg.exe
  C:\Windows\System\nYEUGwg.exe
  2⤵
  PID:9644
- C:\Windows\System\uPtpUsr.exe
  C:\Windows\System\uPtpUsr.exe
  2⤵
  PID:9680
- C:\Windows\System\YaEMfGx.exe
  C:\Windows\System\YaEMfGx.exe
  2⤵
  PID:9720
- C:\Windows\System\BfvztAi.exe
  C:\Windows\System\BfvztAi.exe
  2⤵
  PID:9744
- C:\Windows\System\ZVlkEBc.exe
  C:\Windows\System\ZVlkEBc.exe
  2⤵
  PID:9772
- C:\Windows\System\raynDTS.exe
  C:\Windows\System\raynDTS.exe
  2⤵
  PID:9804
- C:\Windows\System\jtaHhkm.exe
  C:\Windows\System\jtaHhkm.exe
  2⤵
  PID:9800
- C:\Windows\System\zulcPTC.exe
  C:\Windows\System\zulcPTC.exe
  2⤵
  PID:9848
- C:\Windows\System\HWtjGRz.exe
  C:\Windows\System\HWtjGRz.exe
  2⤵
  PID:9940
- C:\Windows\System\rmvTfhX.exe
  C:\Windows\System\rmvTfhX.exe
  2⤵
  PID:9972
- C:\Windows\System\fPgadLu.exe
  C:\Windows\System\fPgadLu.exe
  2⤵
  PID:9952
- C:\Windows\System\MbhbYqk.exe
  C:\Windows\System\MbhbYqk.exe
  2⤵
  PID:10056
- C:\Windows\System\TmmbjtG.exe
  C:\Windows\System\TmmbjtG.exe
  2⤵
  PID:10032
- C:\Windows\System\kvPqFRj.exe
  C:\Windows\System\kvPqFRj.exe
  2⤵
  PID:9956
- C:\Windows\System\YidILoT.exe
  C:\Windows\System\YidILoT.exe
  2⤵
  PID:10080
- C:\Windows\System\QgOdyvS.exe
  C:\Windows\System\QgOdyvS.exe
  2⤵
  PID:10140
- C:\Windows\System\ewTItPE.exe
  C:\Windows\System\ewTItPE.exe
  2⤵
  PID:10224
- C:\Windows\System\RSfdZDH.exe
  C:\Windows\System\RSfdZDH.exe
  2⤵
  PID:9276
- C:\Windows\System\HWNQXCj.exe
  C:\Windows\System\HWNQXCj.exe
  2⤵
  PID:9180
- C:\Windows\System\gFjbnwV.exe
  C:\Windows\System\gFjbnwV.exe
  2⤵
  PID:9420
- C:\Windows\System\Cmexhzw.exe
  C:\Windows\System\Cmexhzw.exe
  2⤵
  PID:9280
- C:\Windows\System\mIOgWOZ.exe
  C:\Windows\System\mIOgWOZ.exe
  2⤵
  PID:9316
- C:\Windows\System\gsOiobQ.exe
  C:\Windows\System\gsOiobQ.exe
  2⤵
  PID:9536
- C:\Windows\System\RWeHirh.exe
  C:\Windows\System\RWeHirh.exe
  2⤵
  PID:9476
- C:\Windows\System\WWEiWYg.exe
  C:\Windows\System\WWEiWYg.exe
  2⤵
  PID:9584
- C:\Windows\System\mBeOjGk.exe
  C:\Windows\System\mBeOjGk.exe
  2⤵
  PID:9608
- C:\Windows\System\tWViqDO.exe
  C:\Windows\System\tWViqDO.exe
  2⤵
  PID:9752
- C:\Windows\System\rWdUlpP.exe
  C:\Windows\System\rWdUlpP.exe
  2⤵
  PID:9904
- C:\Windows\System\uIirRqt.exe
  C:\Windows\System\uIirRqt.exe
  2⤵
  PID:9936
- C:\Windows\System\fSYPjoT.exe
  C:\Windows\System\fSYPjoT.exe
  2⤵
  PID:10104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AnibNYp.exe

Filesize
6.0MB

MD5
926dd7821cd29abc6e3f91b29bf11c34

SHA1
3663b6cbac0a150d7f480c133895e1e2f3efe66e

SHA256
3add5206a76a15723ec5f7c42a4f2c87b9384a250606e9e70420998422337b1a

SHA512
f39c45e3f69315131b6585aaca8ddeb41b9755cfc11371c7f3645b3e72eff6e18b7954f90bcfb1b7b7133fd2e93f43a7d0f51d443e574646d2ca66de7862304c

Download Submit
C:\Windows\system\CLQpDhz.exe

Filesize
6.0MB

MD5
f7b10ff5e46dff5beb270d2939227faf

SHA1
04ed8519e73513ebc02af8ee148f62a36d6f41d7

SHA256
0d97147c46f526d66e98bd5004ded004e05d1f579ce376866b8d6b4cf365da78

SHA512
e75ae11ef3236049786c953ead0ca713bc9ce1348991162493eb48eeacd9f4b8796482cc16efb87f9b58677ea5e4cd3fc55c10a0087918f40773659a398ee139

Download Submit
C:\Windows\system\CLSUHkP.exe

Filesize
6.0MB

MD5
6ef04ac6708127008101aaf5d35c4262

SHA1
e48e64d4ccdb0c5fd190f41b73f4d2bf10ce4edd

SHA256
43a4e39b63a278e4c51242150099e6871c3a16db24604da318ce146b85a085a4

SHA512
00cf79f3978bf869da8ac45bb7fa555d8534ae384fa9d253a3a6e527dc4741d92fac2787ccd0f0f71ca75b42b06ae684740f102b8eb2a09cd61eda0efc38b3bb

Download Submit
C:\Windows\system\ESkbUDM.exe

Filesize
6.0MB

MD5
ca978ed2038131cae221afe973166ced

SHA1
2d5e5cbc599073b3550134774fa9db36db345371

SHA256
4d28fe4a97c72f5366972ca87eba02d3ab489562a98be32150b464d60fa4e46d

SHA512
03f75b958647fe1ccfd4e40d7335e3a5743d7f6f068cd298aad5942e02b3cd1d54f0c083c732a119c722c71ac90dd164a635012c8bb386126dbfa091ffb5b05e

Download Submit
C:\Windows\system\FkFmVSA.exe

Filesize
6.0MB

MD5
40417b3f70d6fee94646ec1cfa85a099

SHA1
d8e7925433af61f845ad524e054451ada1461c74

SHA256
21c2a20058f0022c7e186cd5a8efe96c4f8e98131c64093d70a4546b34d2093b

SHA512
8113f29fce59b6f2ce93175c457955a1c5fd4ca46c82619d6e5bbf16645b2d2c37552e06bca16f13e1f54be168ebf67a375ea3867ec5c5b5127ecb752785e664

Download Submit
C:\Windows\system\GoIjvww.exe

Filesize
6.0MB

MD5
73c4ccc8696219105cee5ab3d6bbe073

SHA1
6c6c1a21636328c67897d54606c9b7931b6a11ab

SHA256
9cae0614493844b9654cb253f644afe4e1845b3253e9e7f8a7624b5e4b7c7701

SHA512
60c2feaf3f9799aacad3fc2c4f01ef34503ee0e4cc16ad54ca40e30053fd77bb3d11accb7910487063259f6cbd2eb8abc45f151e52935d957c8ab299d7a48128

Download Submit
C:\Windows\system\IVCNWFO.exe

Filesize
6.0MB

MD5
d8120b7e5b3e3fc9f06a0dced390e164

SHA1
89367518efc5ddb076e4116c5fd9842e546177bb

SHA256
960d9955d8cb7aeb494b5c2bfa893ddf21e0a02ab6bccbbd736a92d35c2f7ac1

SHA512
15b0db50af063359396873d5c3bd42e3af2eb2e88f140726b9bebd8a2f1705656da9d0efbdb639ac3cce508352171fff9a6d491c662546d60df5ee4ec8ddbd5a

Download Submit
C:\Windows\system\KdTrEbI.exe

Filesize
6.0MB

MD5
6d0ea8c580e95cd95216b999e1df3961

SHA1
1b62ce5eab0b604802f653be37bfaa381cbd247d

SHA256
2f1074e3969868b2be72efe40e7a2100a2c9820a2145199c5f2966ead46644dc

SHA512
abae1927e2919b514bbb8526e3c04dea2a02743208a2eb707d262c0d4573174d18aa151db08c991e1f7befd99ba045b95e8696897a6cc8c9fc58dcfe05e40b2c

Download Submit
C:\Windows\system\LEqWUGE.exe

Filesize
6.0MB

MD5
560b0b9552c3b112edf6bffa74c6c84f

SHA1
22f001605c1b016499443ba437f7b2c29e938a13

SHA256
7d0a77636c501b1b96ec3f4d81b06ef9dacfbcdae26691929655c3ff52a9b8de

SHA512
d7418f9495dc1ef26fb08dc9c8021b001f699e63407183423a615d5d589febe3e212f38d5f85a3f8166e870a058d7ada03c35cca67ab17cb4771dfaa4d481e14

Download Submit
C:\Windows\system\MMVqnLK.exe

Filesize
6.0MB

MD5
66f7e73e23bb17a84548adc1c06b67b0

SHA1
d14b3236d10ef35644a28e23d60f5161902acdea

SHA256
23d575ba019fa37bcf2313dd30649baa25cc147df3c0c35d48c6d0b2a3f9f172

SHA512
a199f0f1086f12506ada55aab575a40a574c4ee3f7245fd692376613cf53800a720ca3e83a8ddecf88a93b9499b77e7ad3fd63a6e783ee646c809db42429b187

Download Submit
C:\Windows\system\MrgvSlf.exe

Filesize
6.0MB

MD5
8721b9ff598bd0af928dfba677fade53

SHA1
96134e87945d874ab502b2565dfb31d15370e4e7

SHA256
bfaf0b8cee038604a7f1f49aa4e662c62a9744154ad675ca56382d7206193b06

SHA512
4e0055a877970ea5a6067a7c88cc5068fa53d8cdd1d4f55f6e57da3b4c5f05387c56d488a3b39f0f01c35886526a21ba0e83cd9b67c4ffabc5a817f2ba4611ad

Download Submit
C:\Windows\system\NDrijlo.exe

Filesize
6.0MB

MD5
74e5c949e34adde6ebe58496e840ccf0

SHA1
6e16859a637af361c29b363e0162d647483627c5

SHA256
4c4ccbe510e4d23310bbc78e0f40ea7d31125c61feacc334bfd919273e661f3e

SHA512
2ba54c264dd24e1686250f1433c09a4126e29b636fb6fd5e5a3462c5e7b7b9bec89e036f8799d2131f02c6443ca34275dfdac355ee3bd32a5991df293f365db9

Download Submit
C:\Windows\system\ThzGaMg.exe

Filesize
6.0MB

MD5
0156c33864298397ea942159370d96ed

SHA1
e1b3ddcbc2568e23ea4ff4f1574474ce38118e2d

SHA256
ba71d28d13feec8f20c9e9599bd8b99daed334d8ce393a9fee79da626d103f86

SHA512
432c0257aff775a72b13bef8c0f1a6ccac35e46d2b5c59bd280a03bd33b28faa2980a648e558d2dc88f61fa8b65fc99e43058371cc2fb67f86f0b567e7cabbe0

Download Submit
C:\Windows\system\UXZtVIe.exe

Filesize
6.0MB

MD5
8135848ca3aa671604dfcacee9c981f5

SHA1
74272463715069ad32d2ff1556a3389612221157

SHA256
82242a099b07f089dd493153d2a64c92d75532ecdc1031de2e88302704455f1e

SHA512
b6be0c34afad895b9421e24ba460e5251c63e843832a23948a36d01144a32c855192ebc93891a39c66910ef4bbebe666447b4b66b9a0d1e13950fb9df6d4c1c5

Download Submit
C:\Windows\system\XnzATuN.exe

Filesize
6.0MB

MD5
20a6358877a6d7c619a8f71b55ce31da

SHA1
b80333e1ca99875aaea6c2a22f1810b3271e94ff

SHA256
5596c08c9c5168bd643b8f09b1ab8a611bd5f5ef9fcd60b427f0b49eeb857a2d

SHA512
a40532c8ee69ecef17aa1fa8a62eb3cdaab0a1c2444ca431d87fa31e1f5308319a486b274a3ddd8616f1fd922216c94f1adc71c11d1e2efba373abcb7dc076b6

Download Submit
C:\Windows\system\ZJnRxBn.exe

Filesize
6.0MB

MD5
967128750c7e03ddfb37d2ba6ae2779c

SHA1
dabf2e6138789e3437e8b77970e5e13a744065a1

SHA256
f44e0c8dfcfef4b6ec4969f884cf4559922e3082d2eebfd747e9aa3cc27f755e

SHA512
b11054312788b964e5ad2b000f1fac4ebba53adb301a9f3b3477dd2256a9f9b4c711ca2906a5045a369d1a74b09c38bc95050440c0e73fda14f044cf55658b9e

Download Submit
C:\Windows\system\aQNBNIQ.exe

Filesize
6.0MB

MD5
2d4ec80b880dbfec85e751189dca6736

SHA1
de46a84ea46d1f099950342c802d7dd37580fd41

SHA256
491f294124fa3c6fda7fad4772a0405be1eed7fbeb1fbbe611b1f61d631ebeb2

SHA512
bf01d90000b2a0b7b4d6c4649477375b818672e04a53122b6007370d5f9979aa354e546768231d9c597906438d459066afe108e44c4ace0fe0793567eb670593

Download Submit
C:\Windows\system\awBZTDI.exe

Filesize
6.0MB

MD5
df0aa9e155266b786831f502f15a6a9f

SHA1
f47b931bf45d6adff483a0312a68f9e55989b472

SHA256
b8ac199b8e771c8001b61c97a9d246110a46fa21b61b0bdc11428595bc193d45

SHA512
a39db9bcbb78f8b111a586fe21e493ce11b7ca7a7dfcb3eaec7ab58c8f072a3de1c35254bcd32276b12bc1207d0b0b4fa28f8164c7d1c8b1fee4d0be4aafe92d

Download Submit
C:\Windows\system\fRNkJDX.exe

Filesize
6.0MB

MD5
855d23f368ec3bbba73096f797992d05

SHA1
c2371706aa029f5544d9c12ce7ba81d4a1507820

SHA256
27a8ba85c53110c4dbd4bbde20fb84c518d36413a91e4bd749ac09a187cf0d8c

SHA512
0d36ea82d5d43deca3fc49c51e84540c471e05271226d2b004977f9883d13c895328542617adb8c49c2b19630338fa2d2c91dafc587fd05d77368c6bb0bed6d2

Download Submit
C:\Windows\system\iMFXZjI.exe

Filesize
6.0MB

MD5
9652d74da5e59c116ac91426d71c8929

SHA1
0ce4dc51da07ad8c2880f8bd25046974ccc674a4

SHA256
d291a84d639dcbdaaf8e515e42e9b6bffb7e971e0bb8a5fa18dc4ca4d814ed3c

SHA512
3ad38e1a2512b5b10026211493a26789b1574c593e8e02f49259bf289ecb1cff77bdb35be1a263cbf2fc552c080982d0ca962333dfbbb869bd09212835310ea6

Download Submit
C:\Windows\system\koNhHil.exe

Filesize
6.0MB

MD5
6dad1f745b3a3317d1c8651499ac632d

SHA1
507d94c5202a6f335d123bb14bafb57f626a58ef

SHA256
fa71d389fd2d8b408604a6511c9cdcb6fbdad537400544ea2d834e71ed0ec866

SHA512
8842368ce7cc1be8efe64c68b079f990a8352f16b71e728e572e1deac96fd7a04f4d240379ff481d6961500529961e46aa7ede837cd70dbd1a19ae31537adf26

Download Submit
C:\Windows\system\qgqGBwX.exe

Filesize
6.0MB

MD5
e3d9475d0720e674c09fdddcb2abc32f

SHA1
06267e07c0eccf96df112861e72164f89504e707

SHA256
59fdba4e5318f813eeff9c146823056dcfa384b03b62a9ea3001d21801b4cdee

SHA512
45ad34446e90a4cc0db28d6147122f1b2dc7894796b8d44bab3319f0a11ec8edb8e54e8df17d76542aae5ccb2947044f2420f2c98378f1d63599dd658f06089d

Download Submit
C:\Windows\system\sutsViM.exe

Filesize
6.0MB

MD5
40115a7703322563e14e4a42d58d2dc3

SHA1
2f05da04a54b7282a8c8ec82b8a8675af9003a9f

SHA256
6c1e2168edf9c49ff371d81636ade68c8f80bcf2573df88ed4b8a40054b55730

SHA512
d1f26d871c66a5bc2b63445d602d92e8163daa51447bdb053b777ee1eb48376fdd627d0f591adc6de05fed687bb3d98af4d3dc83afce741aafe2747944c845d1

Download Submit
C:\Windows\system\tlcqxBK.exe

Filesize
6.0MB

MD5
718c2f548615781f326d4f40aae602d3

SHA1
2197b9105f200fcbf617302f1b224db288b2c22f

SHA256
d6941acee78fc8cfcccc5978aa55112ba7f3932be71436840319192a29fb0335

SHA512
7a0c933290bfa7ac212685d1a10c3044946ba9272b32438cbd51b19ee0d94c00318bb2730867292875bb516b81fcda24d6dc09a0042af9a9a767ff7feb968b89

Download Submit
C:\Windows\system\vPALaiE.exe

Filesize
6.0MB

MD5
13b044565be542cc847be17292b6cf89

SHA1
1b3831a951292f7d7f272ee5b8c319dd56565e25

SHA256
98d32ec5746ea9377350bb5d9052dc1fc08fe2ebe3acec7f1b8af501e6a7a131

SHA512
266ad284657466a6bf5425bc33a19f151022d2a6a1ec7e96ec7aff2be366e954f21548c9723abae036c7b074262b75e937a16e771b64903eb797ffb01559dcb7

Download Submit
C:\Windows\system\vlgjLVa.exe

Filesize
6.0MB

MD5
7c91e3521c7204dc31addaea4abd4fe9

SHA1
987342f95fceb0ae5725865fbcecf568cf09c992

SHA256
54d89fad8d067dc7e6ae49d32b1d05b143a85ae442580cea224e4e37041c885a

SHA512
7265cc09bbb0f696e79582f77bb6912c19877e5d1f2338628e6f24f4ed18ed00ba4b2a5e560ebfe5114b2b8edc3fc37da72fa036f1bfd5c78a8b901ae60c6e94

Download Submit
C:\Windows\system\xhqBNwx.exe

Filesize
6.0MB

MD5
01987b889f529d30d6622f09c1d0efaa

SHA1
d31d17ead8e0e4aae5ef293e238933cee42c5880

SHA256
a73b39df269531664ff73a545bde92007d9b950f54dcdf53e098c4f3682dddc6

SHA512
5d3ae637f899e7a67286d6eacf054ad91a536dbfc07b7c11c891a8a6d263bf5999d447b6feb1cf67dae14db884de564ea377596cad7a3d014b77f804799e3328

Download Submit
C:\Windows\system\yruFxjq.exe

Filesize
6.0MB

MD5
6a5ac2db7e96f5fbcd9a424bc5ea1f28

SHA1
c6d4de5767fbcb7b6bfe0ecd517a2843265d1833

SHA256
13c7b67f19668d0d0f053f280d6ad952d41f987f0380c9a5736f91b0dab1417f

SHA512
61a36021e43f446c7d4237be052ec3f4cb651b5abd79d1675ee82b19b048bd862722e2bcab08ac9f3e12759f54218bed8e987e1f32f2c6b7620d2499953b814b

Download Submit
C:\Windows\system\zHquXgR.exe

Filesize
6.0MB

MD5
1da07e8bcaa620e9bd31f81cd11d0bec

SHA1
4102ba4b3ae4575ff607921ff09d735e912b1f2d

SHA256
4f67e5b18c00670240342cccff9f2be0645c529af1d9f1806e14538be24af945

SHA512
1f7c41153f4bf75566acc1a954f4dc10279399bd45c761e0b9975608953c066c133d483a6ea7bd4b6fc835824dd40031755b10dcfa6c548426cf5fdb628c745c

Download Submit
\Windows\system\HAYRIuU.exe

Filesize
6.0MB

MD5
cc9cd895a5588194ca7d716e5a1f602a

SHA1
268f357bf4d03c1555fc58f7172c146b541dca29

SHA256
57da967eb82b4b96f31a17b02bebb51d3f6c8c9f075bf8ab2f18cc8b47444c63

SHA512
33894d44cb5fc68d89b9d9fc22fb77bbc32ad9b99f0c5468ed7a9d543a60863694085543589bca386eff669367bdf906a7634c71c37759e530843df313741173

Download Submit
\Windows\system\LkqhYMW.exe

Filesize
6.0MB

MD5
9a6420d9a2ff717b5ef3f61797797d24

SHA1
ae12facc1a5bb160bc4ccc88f6180a4ce915437b

SHA256
6464efcc616f5407464fb13f989791e3b812e7aabe81e97f062d3b97d847f67c

SHA512
48af008c7924440e5cfb5ed15a6560bda1cf3748ac119c842f50581744a609b3919687d6d474d5da3223309cebf72459684b7fa33fca5f5519048f04b5f21d58

Download Submit
\Windows\system\POrxTDt.exe

Filesize
6.0MB

MD5
ed9437d7c351f0e4f08bb00e5c35abdf

SHA1
2515433ec5fbb81ea1d0310a1de450df67aa5698

SHA256
8ca7c8963aca16c603a78dac42f87f2d9811d886197f4dbb8c49668338ed21df

SHA512
85b1c6ed3d2e646c356c421c7c02f7822f49fab836438fcf66cbca7cded125cb6716af3ec84ef95e9f6814918d42737779443e61847fd0fdb2dab3ece910780a

Download Submit
memory/528-146-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/528-4009-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/536-138-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/536-4005-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/540-140-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/540-4006-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-134-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1312-4003-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/1500-4007-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1500-142-0x000000013F060000-0x000000013F3B4000-memory.dmp

Filesize
3.3MB

Download
memory/1656-4008-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/1656-144-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2132-151-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2132-4010-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2188-136-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2188-4004-0x000000013F2C0000-0x000000013F614000-memory.dmp

Filesize
3.3MB

Download
memory/2328-906-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2328-3999-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2328-18-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2592-148-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2592-4011-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4002-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2652-132-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2660-4000-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2660-912-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2660-23-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2816-4001-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-918-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2816-131-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-156-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2832-3998-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2900-850-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1301-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2900-137-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2900-848-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2900-998-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1302-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2900-139-0x000000013F7A0000-0x000000013FAF4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-135-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2900-141-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2900-0-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2900-6-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2900-143-0x000000013F5C0000-0x000000013F914000-memory.dmp

Filesize
3.3MB

Download
memory/2900-145-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2900-147-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-149-0x00000000023F0000-0x0000000002744000-memory.dmp

Filesize
3.3MB

Download
memory/2900-153-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2900-133-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-157-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download