cobaltstrike | 6d3556ee57ad48a0233938a5d2894180e0036579c0ce0c994ffdbc06f894552e

Analysis

max time kernel
150s
max time network
18s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25-01-2025 11:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

508f230d66d25ecd465eebcaa621c34b
SHA1

3e9f69ff87a186f5145ce30ab0a39c1e3b714ce0
SHA256

6d3556ee57ad48a0233938a5d2894180e0036579c0ce0c994ffdbc06f894552e
SHA512

7bd3ec5d4e543b3d5774b7811695f8cb1980e0926126129a718995f5f926acc0b89fd39c8d99158487464050ea7bd173f98be68e1578eb490def3424f8834069
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120fd-3.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000193f7-9.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001949e-11.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000194c4-21.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194d2-38.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194e3-50.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001958e-60.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a427-69.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48d-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a49a-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b1-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-165.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-169.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-155.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-159.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-149.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-129.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-119.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4af-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4a9-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a499-95.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a48b-84.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-79.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a42d-74.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a41e-64.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000194e9-55.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000194db-44.dat	cobalt_reflective_dll
behavioral1/files/0x003000000001939b-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/908-0-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00080000000120fd-3.dat	xmrig
behavioral1/memory/908-6-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/files/0x00070000000193f7-9.dat	xmrig
behavioral1/memory/2192-13-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x000600000001949e-11.dat	xmrig
behavioral1/memory/2728-20-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x00070000000194c4-21.dat	xmrig
behavioral1/memory/2852-28-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/files/0x00060000000194d2-38.dat	xmrig
behavioral1/memory/2704-39-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/908-34-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00060000000194e3-50.dat	xmrig
behavioral1/files/0x000700000001958e-60.dat	xmrig
behavioral1/files/0x000500000001a427-69.dat	xmrig
behavioral1/files/0x000500000001a48d-89.dat	xmrig
behavioral1/files/0x000500000001a49a-99.dat	xmrig
behavioral1/files/0x000500000001a4b1-115.dat	xmrig
behavioral1/files/0x000500000001a4c5-165.dat	xmrig
behavioral1/files/0x000500000001a4c7-169.dat	xmrig
behavioral1/files/0x000500000001a4c1-155.dat	xmrig
behavioral1/files/0x000500000001a4c3-159.dat	xmrig
behavioral1/files/0x000500000001a4bf-149.dat	xmrig
behavioral1/files/0x000500000001a4bd-145.dat	xmrig
behavioral1/files/0x000500000001a4b9-135.dat	xmrig
behavioral1/files/0x000500000001a4bb-139.dat	xmrig
behavioral1/files/0x000500000001a4b7-129.dat	xmrig
behavioral1/files/0x000500000001a4b5-125.dat	xmrig
behavioral1/files/0x000500000001a4b3-119.dat	xmrig
behavioral1/files/0x000500000001a4af-109.dat	xmrig
behavioral1/files/0x000500000001a4a9-104.dat	xmrig
behavioral1/files/0x000500000001a499-95.dat	xmrig
behavioral1/files/0x000500000001a48b-84.dat	xmrig
behavioral1/files/0x000500000001a46f-79.dat	xmrig
behavioral1/files/0x000500000001a42d-74.dat	xmrig
behavioral1/files/0x000500000001a41e-64.dat	xmrig
behavioral1/files/0x00080000000194e9-55.dat	xmrig
behavioral1/files/0x00060000000194db-44.dat	xmrig
behavioral1/files/0x003000000001939b-33.dat	xmrig
behavioral1/memory/2676-40-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2016-1825-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/908-1834-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2636-1832-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/908-1836-0x00000000023A0000-0x00000000026F4000-memory.dmp	xmrig
behavioral1/memory/2600-1835-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2664-1837-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/908-1840-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/2856-1845-0x000000013FAE0000-0x000000013FE34000-memory.dmp	xmrig
behavioral1/memory/908-1847-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/3068-1864-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/908-1865-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/1064-1867-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2144-1872-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/908-1879-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2944-1898-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2192-2225-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2728-2298-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2704-2469-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/memory/2676-2612-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/908-2633-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/2944-3450-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2192-3459-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2852-3527-0x000000013FD70000-0x00000001400C4000-memory.dmp	xmrig
behavioral1/memory/2676-3539-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2944	osAWlks.exe
2192	nMFzLXw.exe
2728	WHsbcMq.exe
2852	iFNnGUq.exe
2704	LcqbyNt.exe
2676	hjgzrpi.exe
2016	yvWvnlW.exe
2636	qqMVTvX.exe
2600	VlySOnt.exe
2664	MfipikD.exe
2856	ijqKnAI.exe
3068	CVGSaTF.exe
1064	hmdRUTo.exe
2144	tshgzLF.exe
1648	MRvtGDv.exe
1228	NJxOkhC.exe
1388	AftIFdQ.exe
2888	KByGvyw.exe
1652	lkuSJqq.exe
2656	FWGIcEE.exe
2796	hUwyhBd.exe
2900	vqYyGRT.exe
2936	nddMEnz.exe
1076	NZtAUHz.exe
2100	iCuSVkR.exe
1508	pcDyIpO.exe
1592	EQyhdbI.exe
2420	daihvHi.exe
2432	xukNzmn.exe
2176	OVDIHMv.exe
2216	ZqOzmtS.exe
2172	koJkSGa.exe
936	oHYIjBb.exe
2064	UQOxKTE.exe
596	Rquhpxm.exe
2548	gCDGjtp.exe
1880	BCUsQUx.exe
2272	sIwZzvD.exe
264	AUqcMXF.exe
976	PPyUEus.exe
824	MjtJCfk.exe
1480	yuOAxQJ.exe
1464	GpVIzWA.exe
1436	KiZBdTR.exe
2672	ZWdpdHR.exe
960	jLsibHM.exe
2004	BDnunCP.exe
1768	pWiJJSQ.exe
628	NkNuocO.exe
1232	QqtFPLI.exe
2364	FtLLwhn.exe
1456	RKdAiHG.exe
2140	VLCwNlT.exe
2268	yBrvbNb.exe
1752	gdXeFbP.exe
1448	zfCnBLw.exe
3024	FVtjqBI.exe
1580	haaIVhC.exe
1516	mSQjucF.exe
2776	aspmLoE.exe
2680	usWiJGM.exe
2864	jgteGDT.exe
2788	rOqsUeR.exe
2088	WKqQtXG.exe

Loads dropped DLL 64 IoCs

pid	Process
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/908-0-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-3.dat	upx
behavioral1/memory/908-6-0x00000000023A0000-0x00000000026F4000-memory.dmp	upx
behavioral1/files/0x00070000000193f7-9.dat	upx
behavioral1/memory/2192-13-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x000600000001949e-11.dat	upx
behavioral1/memory/2728-20-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/files/0x00070000000194c4-21.dat	upx
behavioral1/memory/2852-28-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/files/0x00060000000194d2-38.dat	upx
behavioral1/memory/2704-39-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/908-34-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00060000000194e3-50.dat	upx
behavioral1/files/0x000700000001958e-60.dat	upx
behavioral1/files/0x000500000001a427-69.dat	upx
behavioral1/files/0x000500000001a48d-89.dat	upx
behavioral1/files/0x000500000001a49a-99.dat	upx
behavioral1/files/0x000500000001a4b1-115.dat	upx
behavioral1/files/0x000500000001a4c5-165.dat	upx
behavioral1/files/0x000500000001a4c7-169.dat	upx
behavioral1/files/0x000500000001a4c1-155.dat	upx
behavioral1/files/0x000500000001a4c3-159.dat	upx
behavioral1/files/0x000500000001a4bf-149.dat	upx
behavioral1/files/0x000500000001a4bd-145.dat	upx
behavioral1/files/0x000500000001a4b9-135.dat	upx
behavioral1/files/0x000500000001a4bb-139.dat	upx
behavioral1/files/0x000500000001a4b7-129.dat	upx
behavioral1/files/0x000500000001a4b5-125.dat	upx
behavioral1/files/0x000500000001a4b3-119.dat	upx
behavioral1/files/0x000500000001a4af-109.dat	upx
behavioral1/files/0x000500000001a4a9-104.dat	upx
behavioral1/files/0x000500000001a499-95.dat	upx
behavioral1/files/0x000500000001a48b-84.dat	upx
behavioral1/files/0x000500000001a46f-79.dat	upx
behavioral1/files/0x000500000001a42d-74.dat	upx
behavioral1/files/0x000500000001a41e-64.dat	upx
behavioral1/files/0x00080000000194e9-55.dat	upx
behavioral1/files/0x00060000000194db-44.dat	upx
behavioral1/files/0x003000000001939b-33.dat	upx
behavioral1/memory/2676-40-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2016-1825-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2636-1832-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2600-1835-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2664-1837-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2856-1845-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/3068-1864-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/1064-1867-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2144-1872-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/2944-1898-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2192-2225-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2728-2298-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2704-2469-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/2676-2612-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2944-3450-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2192-3459-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2852-3527-0x000000013FD70000-0x00000001400C4000-memory.dmp	upx
behavioral1/memory/2676-3539-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2636-3542-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2016-3557-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2664-3561-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/2728-3563-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2856-3567-0x000000013FAE0000-0x000000013FE34000-memory.dmp	upx
behavioral1/memory/2600-3566-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/3068-3565-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\uVTaVLV.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGBBHpa.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PFmIArU.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koMVWXi.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DiKaAiG.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oXWpXET.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NTNrTXO.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vTrjzUY.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\STKqfTS.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\segoFpG.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QlegLAk.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mctmymh.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\koBMqVI.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvXvCdA.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XztEuPH.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dcPernB.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHRgCRl.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJxmAYP.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SwDwSJD.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqfmICw.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMednCM.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TAUFVNT.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gANNhnO.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ElYtNpi.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISbnlMZ.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ftPxkko.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZotTdcy.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MoGAadf.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bQSvcOW.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BStkPbQ.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWDmFQJ.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgiMcal.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GeQhjNu.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQwPhRR.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTsuXVG.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\muGIdIX.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjgDQVN.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eAyGTcG.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ApcAibq.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RTHZdBP.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zNfaxDc.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rHzqeaY.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HuzBZRb.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCisqSw.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\naDjxDB.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCxKzxJ.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HcHpSCY.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aOLCsHr.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NuNqGeI.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oOJVwBJ.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYWrjNN.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dIicrHl.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CNarakr.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFHYBeC.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ondcDYi.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PADOueE.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaRApqT.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FjTFFbV.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTrCCYY.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kbXtdMz.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gphOkqG.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDCVOUu.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvriPok.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ADiJhpx.exe	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 2944	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 908 wrote to memory of 2944	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 908 wrote to memory of 2944	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 908 wrote to memory of 2192	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 908 wrote to memory of 2192	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 908 wrote to memory of 2192	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 908 wrote to memory of 2728	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 908 wrote to memory of 2728	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 908 wrote to memory of 2728	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 908 wrote to memory of 2852	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 908 wrote to memory of 2852	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 908 wrote to memory of 2852	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 908 wrote to memory of 2704	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 908 wrote to memory of 2704	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 908 wrote to memory of 2704	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 908 wrote to memory of 2676	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 908 wrote to memory of 2676	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 908 wrote to memory of 2676	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 908 wrote to memory of 2016	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 908 wrote to memory of 2016	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 908 wrote to memory of 2016	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 908 wrote to memory of 2636	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 908 wrote to memory of 2636	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 908 wrote to memory of 2636	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 908 wrote to memory of 2600	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 908 wrote to memory of 2600	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 908 wrote to memory of 2600	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 908 wrote to memory of 2664	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 908 wrote to memory of 2664	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 908 wrote to memory of 2664	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 908 wrote to memory of 2856	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 908 wrote to memory of 2856	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 908 wrote to memory of 2856	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 908 wrote to memory of 3068	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 908 wrote to memory of 3068	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 908 wrote to memory of 3068	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 908 wrote to memory of 1064	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 908 wrote to memory of 1064	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 908 wrote to memory of 1064	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 908 wrote to memory of 2144	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 908 wrote to memory of 2144	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 908 wrote to memory of 2144	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 908 wrote to memory of 1648	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 908 wrote to memory of 1648	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 908 wrote to memory of 1648	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 908 wrote to memory of 1228	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 908 wrote to memory of 1228	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 908 wrote to memory of 1228	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 908 wrote to memory of 1388	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 908 wrote to memory of 1388	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 908 wrote to memory of 1388	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 908 wrote to memory of 2888	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 908 wrote to memory of 2888	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 908 wrote to memory of 2888	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 908 wrote to memory of 1652	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 908 wrote to memory of 1652	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 908 wrote to memory of 1652	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 908 wrote to memory of 2656	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 908 wrote to memory of 2656	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 908 wrote to memory of 2656	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 908 wrote to memory of 2796	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 908 wrote to memory of 2796	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 908 wrote to memory of 2796	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 908 wrote to memory of 2900	908	2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-25_508f230d66d25ecd465eebcaa621c34b_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:908
- C:\Windows\System\osAWlks.exe
  C:\Windows\System\osAWlks.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\nMFzLXw.exe
  C:\Windows\System\nMFzLXw.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\WHsbcMq.exe
  C:\Windows\System\WHsbcMq.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\iFNnGUq.exe
  C:\Windows\System\iFNnGUq.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\LcqbyNt.exe
  C:\Windows\System\LcqbyNt.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\hjgzrpi.exe
  C:\Windows\System\hjgzrpi.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\yvWvnlW.exe
  C:\Windows\System\yvWvnlW.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\qqMVTvX.exe
  C:\Windows\System\qqMVTvX.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\VlySOnt.exe
  C:\Windows\System\VlySOnt.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\MfipikD.exe
  C:\Windows\System\MfipikD.exe
  2⤵
  - Executes dropped EXE
  PID:2664
- C:\Windows\System\ijqKnAI.exe
  C:\Windows\System\ijqKnAI.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\CVGSaTF.exe
  C:\Windows\System\CVGSaTF.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\hmdRUTo.exe
  C:\Windows\System\hmdRUTo.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\tshgzLF.exe
  C:\Windows\System\tshgzLF.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\MRvtGDv.exe
  C:\Windows\System\MRvtGDv.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\NJxOkhC.exe
  C:\Windows\System\NJxOkhC.exe
  2⤵
  - Executes dropped EXE
  PID:1228
- C:\Windows\System\AftIFdQ.exe
  C:\Windows\System\AftIFdQ.exe
  2⤵
  - Executes dropped EXE
  PID:1388
- C:\Windows\System\KByGvyw.exe
  C:\Windows\System\KByGvyw.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\lkuSJqq.exe
  C:\Windows\System\lkuSJqq.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\FWGIcEE.exe
  C:\Windows\System\FWGIcEE.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\hUwyhBd.exe
  C:\Windows\System\hUwyhBd.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\vqYyGRT.exe
  C:\Windows\System\vqYyGRT.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\nddMEnz.exe
  C:\Windows\System\nddMEnz.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\NZtAUHz.exe
  C:\Windows\System\NZtAUHz.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\iCuSVkR.exe
  C:\Windows\System\iCuSVkR.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\pcDyIpO.exe
  C:\Windows\System\pcDyIpO.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\EQyhdbI.exe
  C:\Windows\System\EQyhdbI.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\daihvHi.exe
  C:\Windows\System\daihvHi.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\xukNzmn.exe
  C:\Windows\System\xukNzmn.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\OVDIHMv.exe
  C:\Windows\System\OVDIHMv.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\ZqOzmtS.exe
  C:\Windows\System\ZqOzmtS.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\koJkSGa.exe
  C:\Windows\System\koJkSGa.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\oHYIjBb.exe
  C:\Windows\System\oHYIjBb.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\UQOxKTE.exe
  C:\Windows\System\UQOxKTE.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\Rquhpxm.exe
  C:\Windows\System\Rquhpxm.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\gCDGjtp.exe
  C:\Windows\System\gCDGjtp.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\BCUsQUx.exe
  C:\Windows\System\BCUsQUx.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\sIwZzvD.exe
  C:\Windows\System\sIwZzvD.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\AUqcMXF.exe
  C:\Windows\System\AUqcMXF.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\PPyUEus.exe
  C:\Windows\System\PPyUEus.exe
  2⤵
  - Executes dropped EXE
  PID:976
- C:\Windows\System\MjtJCfk.exe
  C:\Windows\System\MjtJCfk.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\yuOAxQJ.exe
  C:\Windows\System\yuOAxQJ.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\GpVIzWA.exe
  C:\Windows\System\GpVIzWA.exe
  2⤵
  - Executes dropped EXE
  PID:1464
- C:\Windows\System\KiZBdTR.exe
  C:\Windows\System\KiZBdTR.exe
  2⤵
  - Executes dropped EXE
  PID:1436
- C:\Windows\System\ZWdpdHR.exe
  C:\Windows\System\ZWdpdHR.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\jLsibHM.exe
  C:\Windows\System\jLsibHM.exe
  2⤵
  - Executes dropped EXE
  PID:960
- C:\Windows\System\BDnunCP.exe
  C:\Windows\System\BDnunCP.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\pWiJJSQ.exe
  C:\Windows\System\pWiJJSQ.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\NkNuocO.exe
  C:\Windows\System\NkNuocO.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\QqtFPLI.exe
  C:\Windows\System\QqtFPLI.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\FtLLwhn.exe
  C:\Windows\System\FtLLwhn.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\RKdAiHG.exe
  C:\Windows\System\RKdAiHG.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\VLCwNlT.exe
  C:\Windows\System\VLCwNlT.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\yBrvbNb.exe
  C:\Windows\System\yBrvbNb.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\gdXeFbP.exe
  C:\Windows\System\gdXeFbP.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\zfCnBLw.exe
  C:\Windows\System\zfCnBLw.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\FVtjqBI.exe
  C:\Windows\System\FVtjqBI.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\haaIVhC.exe
  C:\Windows\System\haaIVhC.exe
  2⤵
  - Executes dropped EXE
  PID:1580
- C:\Windows\System\mSQjucF.exe
  C:\Windows\System\mSQjucF.exe
  2⤵
  - Executes dropped EXE
  PID:1516
- C:\Windows\System\aspmLoE.exe
  C:\Windows\System\aspmLoE.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\usWiJGM.exe
  C:\Windows\System\usWiJGM.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\jgteGDT.exe
  C:\Windows\System\jgteGDT.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\rOqsUeR.exe
  C:\Windows\System\rOqsUeR.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\WKqQtXG.exe
  C:\Windows\System\WKqQtXG.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\PXpXYzZ.exe
  C:\Windows\System\PXpXYzZ.exe
  2⤵
  PID:2584
- C:\Windows\System\HssqReO.exe
  C:\Windows\System\HssqReO.exe
  2⤵
  PID:2276
- C:\Windows\System\axSjQxz.exe
  C:\Windows\System\axSjQxz.exe
  2⤵
  PID:3064
- C:\Windows\System\VlmGDWq.exe
  C:\Windows\System\VlmGDWq.exe
  2⤵
  PID:2816
- C:\Windows\System\FQarfHF.exe
  C:\Windows\System\FQarfHF.exe
  2⤵
  PID:2536
- C:\Windows\System\JEkTRRf.exe
  C:\Windows\System\JEkTRRf.exe
  2⤵
  PID:1320
- C:\Windows\System\jCxKzxJ.exe
  C:\Windows\System\jCxKzxJ.exe
  2⤵
  PID:880
- C:\Windows\System\MrcnVKE.exe
  C:\Windows\System\MrcnVKE.exe
  2⤵
  PID:1632
- C:\Windows\System\RcxhGlu.exe
  C:\Windows\System\RcxhGlu.exe
  2⤵
  PID:2792
- C:\Windows\System\kmZTcZD.exe
  C:\Windows\System\kmZTcZD.exe
  2⤵
  PID:2920
- C:\Windows\System\EnFhtiB.exe
  C:\Windows\System\EnFhtiB.exe
  2⤵
  PID:2388
- C:\Windows\System\esDLZsy.exe
  C:\Windows\System\esDLZsy.exe
  2⤵
  PID:2360
- C:\Windows\System\seOYeCz.exe
  C:\Windows\System\seOYeCz.exe
  2⤵
  PID:2980
- C:\Windows\System\MfaWlJh.exe
  C:\Windows\System\MfaWlJh.exe
  2⤵
  PID:1196
- C:\Windows\System\rRmVBwL.exe
  C:\Windows\System\rRmVBwL.exe
  2⤵
  PID:2152
- C:\Windows\System\oZhxyDA.exe
  C:\Windows\System\oZhxyDA.exe
  2⤵
  PID:1776
- C:\Windows\System\qdlnXSI.exe
  C:\Windows\System\qdlnXSI.exe
  2⤵
  PID:1888
- C:\Windows\System\CiDtVhl.exe
  C:\Windows\System\CiDtVhl.exe
  2⤵
  PID:2480
- C:\Windows\System\uJwkbNY.exe
  C:\Windows\System\uJwkbNY.exe
  2⤵
  PID:280
- C:\Windows\System\NjcbJeo.exe
  C:\Windows\System\NjcbJeo.exe
  2⤵
  PID:888
- C:\Windows\System\lcuCJWA.exe
  C:\Windows\System\lcuCJWA.exe
  2⤵
  PID:2540
- C:\Windows\System\xVevoHn.exe
  C:\Windows\System\xVevoHn.exe
  2⤵
  PID:1260
- C:\Windows\System\fswaJuV.exe
  C:\Windows\System\fswaJuV.exe
  2⤵
  PID:1844
- C:\Windows\System\XDMlpiD.exe
  C:\Windows\System\XDMlpiD.exe
  2⤵
  PID:1884
- C:\Windows\System\lBQghVL.exe
  C:\Windows\System\lBQghVL.exe
  2⤵
  PID:3000
- C:\Windows\System\GNaFPjv.exe
  C:\Windows\System\GNaFPjv.exe
  2⤵
  PID:904
- C:\Windows\System\qaRlUSV.exe
  C:\Windows\System\qaRlUSV.exe
  2⤵
  PID:576
- C:\Windows\System\ppucmqy.exe
  C:\Windows\System\ppucmqy.exe
  2⤵
  PID:2092
- C:\Windows\System\DUwsEkW.exe
  C:\Windows\System\DUwsEkW.exe
  2⤵
  PID:1848
- C:\Windows\System\VhTcWBP.exe
  C:\Windows\System\VhTcWBP.exe
  2⤵
  PID:860
- C:\Windows\System\nVvZcMK.exe
  C:\Windows\System\nVvZcMK.exe
  2⤵
  PID:664
- C:\Windows\System\JlTqWjX.exe
  C:\Windows\System\JlTqWjX.exe
  2⤵
  PID:1712
- C:\Windows\System\LmreDeo.exe
  C:\Windows\System\LmreDeo.exe
  2⤵
  PID:1624
- C:\Windows\System\xdgiGsO.exe
  C:\Windows\System\xdgiGsO.exe
  2⤵
  PID:348
- C:\Windows\System\WNTnOMT.exe
  C:\Windows\System\WNTnOMT.exe
  2⤵
  PID:2836
- C:\Windows\System\DnPGsdQ.exe
  C:\Windows\System\DnPGsdQ.exe
  2⤵
  PID:3060
- C:\Windows\System\SNpFonn.exe
  C:\Windows\System\SNpFonn.exe
  2⤵
  PID:1032
- C:\Windows\System\oZeRGpX.exe
  C:\Windows\System\oZeRGpX.exe
  2⤵
  PID:1128
- C:\Windows\System\WdRTzXp.exe
  C:\Windows\System\WdRTzXp.exe
  2⤵
  PID:2556
- C:\Windows\System\WRyLnIQ.exe
  C:\Windows\System\WRyLnIQ.exe
  2⤵
  PID:3044
- C:\Windows\System\VcQrZwz.exe
  C:\Windows\System\VcQrZwz.exe
  2⤵
  PID:3016
- C:\Windows\System\RHSqAFE.exe
  C:\Windows\System\RHSqAFE.exe
  2⤵
  PID:1852
- C:\Windows\System\LEJrJkj.exe
  C:\Windows\System\LEJrJkj.exe
  2⤵
  PID:1512
- C:\Windows\System\obSdCbX.exe
  C:\Windows\System\obSdCbX.exe
  2⤵
  PID:1460
- C:\Windows\System\sEdOBAk.exe
  C:\Windows\System\sEdOBAk.exe
  2⤵
  PID:2164
- C:\Windows\System\MVdiXBN.exe
  C:\Windows\System\MVdiXBN.exe
  2⤵
  PID:2484
- C:\Windows\System\gDwTnsX.exe
  C:\Windows\System\gDwTnsX.exe
  2⤵
  PID:1200
- C:\Windows\System\CmfEGlU.exe
  C:\Windows\System\CmfEGlU.exe
  2⤵
  PID:1760
- C:\Windows\System\iHXeLvV.exe
  C:\Windows\System\iHXeLvV.exe
  2⤵
  PID:1224
- C:\Windows\System\QpGqLwp.exe
  C:\Windows\System\QpGqLwp.exe
  2⤵
  PID:1980
- C:\Windows\System\bwlWfip.exe
  C:\Windows\System\bwlWfip.exe
  2⤵
  PID:2080
- C:\Windows\System\YgdMNru.exe
  C:\Windows\System\YgdMNru.exe
  2⤵
  PID:852
- C:\Windows\System\MHNDNDc.exe
  C:\Windows\System\MHNDNDc.exe
  2⤵
  PID:2288
- C:\Windows\System\BiAdVIW.exe
  C:\Windows\System\BiAdVIW.exe
  2⤵
  PID:1584
- C:\Windows\System\WyeXwym.exe
  C:\Windows\System\WyeXwym.exe
  2⤵
  PID:2808
- C:\Windows\System\iDBeokc.exe
  C:\Windows\System\iDBeokc.exe
  2⤵
  PID:2620
- C:\Windows\System\iWTQVkm.exe
  C:\Windows\System\iWTQVkm.exe
  2⤵
  PID:2692
- C:\Windows\System\lbuQYog.exe
  C:\Windows\System\lbuQYog.exe
  2⤵
  PID:1820
- C:\Windows\System\qAsbxAs.exe
  C:\Windows\System\qAsbxAs.exe
  2⤵
  PID:1740
- C:\Windows\System\kOFAROi.exe
  C:\Windows\System\kOFAROi.exe
  2⤵
  PID:2244
- C:\Windows\System\NghzVAT.exe
  C:\Windows\System\NghzVAT.exe
  2⤵
  PID:1892
- C:\Windows\System\Xqphfbo.exe
  C:\Windows\System\Xqphfbo.exe
  2⤵
  PID:680
- C:\Windows\System\lyFOXqU.exe
  C:\Windows\System\lyFOXqU.exe
  2⤵
  PID:2996
- C:\Windows\System\qDpNlGR.exe
  C:\Windows\System\qDpNlGR.exe
  2⤵
  PID:276
- C:\Windows\System\ecPqZhR.exe
  C:\Windows\System\ecPqZhR.exe
  2⤵
  PID:1596
- C:\Windows\System\pjeReip.exe
  C:\Windows\System\pjeReip.exe
  2⤵
  PID:2204
- C:\Windows\System\vSSusuZ.exe
  C:\Windows\System\vSSusuZ.exe
  2⤵
  PID:1588
- C:\Windows\System\nGsXtkX.exe
  C:\Windows\System\nGsXtkX.exe
  2⤵
  PID:2316
- C:\Windows\System\kWFYfyz.exe
  C:\Windows\System\kWFYfyz.exe
  2⤵
  PID:2804
- C:\Windows\System\EJRxOBy.exe
  C:\Windows\System\EJRxOBy.exe
  2⤵
  PID:2652
- C:\Windows\System\HBJwJUu.exe
  C:\Windows\System\HBJwJUu.exe
  2⤵
  PID:2688
- C:\Windows\System\ceoEiCJ.exe
  C:\Windows\System\ceoEiCJ.exe
  2⤵
  PID:2292
- C:\Windows\System\oAZbrOO.exe
  C:\Windows\System\oAZbrOO.exe
  2⤵
  PID:3080
- C:\Windows\System\ybvuuCU.exe
  C:\Windows\System\ybvuuCU.exe
  2⤵
  PID:3100
- C:\Windows\System\byvLvJK.exe
  C:\Windows\System\byvLvJK.exe
  2⤵
  PID:3120
- C:\Windows\System\aclapLB.exe
  C:\Windows\System\aclapLB.exe
  2⤵
  PID:3140
- C:\Windows\System\QaxjART.exe
  C:\Windows\System\QaxjART.exe
  2⤵
  PID:3160
- C:\Windows\System\fnzdZig.exe
  C:\Windows\System\fnzdZig.exe
  2⤵
  PID:3180
- C:\Windows\System\tqNPRnW.exe
  C:\Windows\System\tqNPRnW.exe
  2⤵
  PID:3200
- C:\Windows\System\cVYjzbT.exe
  C:\Windows\System\cVYjzbT.exe
  2⤵
  PID:3216
- C:\Windows\System\jZVoreC.exe
  C:\Windows\System\jZVoreC.exe
  2⤵
  PID:3240
- C:\Windows\System\vWoQaFO.exe
  C:\Windows\System\vWoQaFO.exe
  2⤵
  PID:3260
- C:\Windows\System\AWZmpRe.exe
  C:\Windows\System\AWZmpRe.exe
  2⤵
  PID:3280
- C:\Windows\System\shKbxnz.exe
  C:\Windows\System\shKbxnz.exe
  2⤵
  PID:3300
- C:\Windows\System\GHSFgxP.exe
  C:\Windows\System\GHSFgxP.exe
  2⤵
  PID:3320
- C:\Windows\System\QSxmPEx.exe
  C:\Windows\System\QSxmPEx.exe
  2⤵
  PID:3340
- C:\Windows\System\QwyqToC.exe
  C:\Windows\System\QwyqToC.exe
  2⤵
  PID:3360
- C:\Windows\System\agOCGuz.exe
  C:\Windows\System\agOCGuz.exe
  2⤵
  PID:3380
- C:\Windows\System\kBDsGIO.exe
  C:\Windows\System\kBDsGIO.exe
  2⤵
  PID:3400
- C:\Windows\System\pVPUuuo.exe
  C:\Windows\System\pVPUuuo.exe
  2⤵
  PID:3420
- C:\Windows\System\SIKlOCa.exe
  C:\Windows\System\SIKlOCa.exe
  2⤵
  PID:3440
- C:\Windows\System\htOyXMp.exe
  C:\Windows\System\htOyXMp.exe
  2⤵
  PID:3460
- C:\Windows\System\DOyvqUx.exe
  C:\Windows\System\DOyvqUx.exe
  2⤵
  PID:3484
- C:\Windows\System\TdoVChd.exe
  C:\Windows\System\TdoVChd.exe
  2⤵
  PID:3504
- C:\Windows\System\FxIcsNX.exe
  C:\Windows\System\FxIcsNX.exe
  2⤵
  PID:3524
- C:\Windows\System\AZEfSOA.exe
  C:\Windows\System\AZEfSOA.exe
  2⤵
  PID:3544
- C:\Windows\System\qHvDxtI.exe
  C:\Windows\System\qHvDxtI.exe
  2⤵
  PID:3564
- C:\Windows\System\YJVXlmp.exe
  C:\Windows\System\YJVXlmp.exe
  2⤵
  PID:3584
- C:\Windows\System\oPHdAsM.exe
  C:\Windows\System\oPHdAsM.exe
  2⤵
  PID:3604
- C:\Windows\System\JonYzfd.exe
  C:\Windows\System\JonYzfd.exe
  2⤵
  PID:3624
- C:\Windows\System\MLpyIXL.exe
  C:\Windows\System\MLpyIXL.exe
  2⤵
  PID:3644
- C:\Windows\System\zbVAndG.exe
  C:\Windows\System\zbVAndG.exe
  2⤵
  PID:3664
- C:\Windows\System\IHlMwtz.exe
  C:\Windows\System\IHlMwtz.exe
  2⤵
  PID:3684
- C:\Windows\System\vqNWeOy.exe
  C:\Windows\System\vqNWeOy.exe
  2⤵
  PID:3704
- C:\Windows\System\aGQYVBg.exe
  C:\Windows\System\aGQYVBg.exe
  2⤵
  PID:3724
- C:\Windows\System\ScFdlfD.exe
  C:\Windows\System\ScFdlfD.exe
  2⤵
  PID:3744
- C:\Windows\System\JvFCKYC.exe
  C:\Windows\System\JvFCKYC.exe
  2⤵
  PID:3764
- C:\Windows\System\WyvXNiQ.exe
  C:\Windows\System\WyvXNiQ.exe
  2⤵
  PID:3780
- C:\Windows\System\axnfhyM.exe
  C:\Windows\System\axnfhyM.exe
  2⤵
  PID:3804
- C:\Windows\System\IfvVelt.exe
  C:\Windows\System\IfvVelt.exe
  2⤵
  PID:3820
- C:\Windows\System\KdGukFJ.exe
  C:\Windows\System\KdGukFJ.exe
  2⤵
  PID:3844
- C:\Windows\System\FlTnnJC.exe
  C:\Windows\System\FlTnnJC.exe
  2⤵
  PID:3864
- C:\Windows\System\wrNYAkz.exe
  C:\Windows\System\wrNYAkz.exe
  2⤵
  PID:3884
- C:\Windows\System\CnpCSHD.exe
  C:\Windows\System\CnpCSHD.exe
  2⤵
  PID:3904
- C:\Windows\System\OuBaLdc.exe
  C:\Windows\System\OuBaLdc.exe
  2⤵
  PID:3924
- C:\Windows\System\DbWepBv.exe
  C:\Windows\System\DbWepBv.exe
  2⤵
  PID:3944
- C:\Windows\System\UqOjImS.exe
  C:\Windows\System\UqOjImS.exe
  2⤵
  PID:3964
- C:\Windows\System\XrRGSLv.exe
  C:\Windows\System\XrRGSLv.exe
  2⤵
  PID:3984
- C:\Windows\System\MZtuRjY.exe
  C:\Windows\System\MZtuRjY.exe
  2⤵
  PID:4004
- C:\Windows\System\SCKaLHA.exe
  C:\Windows\System\SCKaLHA.exe
  2⤵
  PID:4024
- C:\Windows\System\nBigFQb.exe
  C:\Windows\System\nBigFQb.exe
  2⤵
  PID:4044
- C:\Windows\System\WipfWnM.exe
  C:\Windows\System\WipfWnM.exe
  2⤵
  PID:4064
- C:\Windows\System\tWXHElk.exe
  C:\Windows\System\tWXHElk.exe
  2⤵
  PID:4084
- C:\Windows\System\NMatYIm.exe
  C:\Windows\System\NMatYIm.exe
  2⤵
  PID:1836
- C:\Windows\System\xDiIsqj.exe
  C:\Windows\System\xDiIsqj.exe
  2⤵
  PID:1780
- C:\Windows\System\nFyiyWP.exe
  C:\Windows\System\nFyiyWP.exe
  2⤵
  PID:3020
- C:\Windows\System\aHhjXNR.exe
  C:\Windows\System\aHhjXNR.exe
  2⤵
  PID:2972
- C:\Windows\System\TnvHJVg.exe
  C:\Windows\System\TnvHJVg.exe
  2⤵
  PID:2940
- C:\Windows\System\kFNEnus.exe
  C:\Windows\System\kFNEnus.exe
  2⤵
  PID:868
- C:\Windows\System\kkyYDrQ.exe
  C:\Windows\System\kkyYDrQ.exe
  2⤵
  PID:3108
- C:\Windows\System\yKtKTpr.exe
  C:\Windows\System\yKtKTpr.exe
  2⤵
  PID:3128
- C:\Windows\System\IRDGMYU.exe
  C:\Windows\System\IRDGMYU.exe
  2⤵
  PID:3152
- C:\Windows\System\lMednCM.exe
  C:\Windows\System\lMednCM.exe
  2⤵
  PID:3196
- C:\Windows\System\zMiZbPE.exe
  C:\Windows\System\zMiZbPE.exe
  2⤵
  PID:3232
- C:\Windows\System\LulToaZ.exe
  C:\Windows\System\LulToaZ.exe
  2⤵
  PID:3256
- C:\Windows\System\yoCCjoL.exe
  C:\Windows\System\yoCCjoL.exe
  2⤵
  PID:3316
- C:\Windows\System\SktvKCt.exe
  C:\Windows\System\SktvKCt.exe
  2⤵
  PID:3348
- C:\Windows\System\ObzUMpB.exe
  C:\Windows\System\ObzUMpB.exe
  2⤵
  PID:3332
- C:\Windows\System\sQXKMNc.exe
  C:\Windows\System\sQXKMNc.exe
  2⤵
  PID:3392
- C:\Windows\System\ypvcSdX.exe
  C:\Windows\System\ypvcSdX.exe
  2⤵
  PID:3416
- C:\Windows\System\WRbWVqo.exe
  C:\Windows\System\WRbWVqo.exe
  2⤵
  PID:3468
- C:\Windows\System\VwBOiSV.exe
  C:\Windows\System\VwBOiSV.exe
  2⤵
  PID:3492
- C:\Windows\System\fUpsjKk.exe
  C:\Windows\System\fUpsjKk.exe
  2⤵
  PID:3520
- C:\Windows\System\VsyuEXr.exe
  C:\Windows\System\VsyuEXr.exe
  2⤵
  PID:3556
- C:\Windows\System\tiZfhhg.exe
  C:\Windows\System\tiZfhhg.exe
  2⤵
  PID:3580
- C:\Windows\System\BqqyTCE.exe
  C:\Windows\System\BqqyTCE.exe
  2⤵
  PID:3632
- C:\Windows\System\thVfSae.exe
  C:\Windows\System\thVfSae.exe
  2⤵
  PID:3616
- C:\Windows\System\WdhqOrw.exe
  C:\Windows\System\WdhqOrw.exe
  2⤵
  PID:3676
- C:\Windows\System\WmZdXYT.exe
  C:\Windows\System\WmZdXYT.exe
  2⤵
  PID:3696
- C:\Windows\System\VMMkkku.exe
  C:\Windows\System\VMMkkku.exe
  2⤵
  PID:3760
- C:\Windows\System\spucrdZ.exe
  C:\Windows\System\spucrdZ.exe
  2⤵
  PID:3736
- C:\Windows\System\YobUHgg.exe
  C:\Windows\System\YobUHgg.exe
  2⤵
  PID:3772
- C:\Windows\System\OqWrtPx.exe
  C:\Windows\System\OqWrtPx.exe
  2⤵
  PID:3840
- C:\Windows\System\tYnQVOp.exe
  C:\Windows\System\tYnQVOp.exe
  2⤵
  PID:3872
- C:\Windows\System\LBCVlUE.exe
  C:\Windows\System\LBCVlUE.exe
  2⤵
  PID:3892
- C:\Windows\System\QfzutSj.exe
  C:\Windows\System\QfzutSj.exe
  2⤵
  PID:3896
- C:\Windows\System\IOKSjpt.exe
  C:\Windows\System\IOKSjpt.exe
  2⤵
  PID:3940
- C:\Windows\System\JylFDXS.exe
  C:\Windows\System\JylFDXS.exe
  2⤵
  PID:3996
- C:\Windows\System\OemqBav.exe
  C:\Windows\System\OemqBav.exe
  2⤵
  PID:4040
- C:\Windows\System\kxHVKam.exe
  C:\Windows\System\kxHVKam.exe
  2⤵
  PID:4072
- C:\Windows\System\kRYtAwa.exe
  C:\Windows\System\kRYtAwa.exe
  2⤵
  PID:4092
- C:\Windows\System\IkdQkqI.exe
  C:\Windows\System\IkdQkqI.exe
  2⤵
  PID:2224
- C:\Windows\System\LpFmhev.exe
  C:\Windows\System\LpFmhev.exe
  2⤵
  PID:3036
- C:\Windows\System\KzEpYFM.exe
  C:\Windows\System\KzEpYFM.exe
  2⤵
  PID:3076
- C:\Windows\System\jRwawjH.exe
  C:\Windows\System\jRwawjH.exe
  2⤵
  PID:1100
- C:\Windows\System\OjUxKNI.exe
  C:\Windows\System\OjUxKNI.exe
  2⤵
  PID:3148
- C:\Windows\System\ObCKivQ.exe
  C:\Windows\System\ObCKivQ.exe
  2⤵
  PID:3248
- C:\Windows\System\KaWiMGE.exe
  C:\Windows\System\KaWiMGE.exe
  2⤵
  PID:3308
- C:\Windows\System\iiEXiwZ.exe
  C:\Windows\System\iiEXiwZ.exe
  2⤵
  PID:3368
- C:\Windows\System\JcXQTnC.exe
  C:\Windows\System\JcXQTnC.exe
  2⤵
  PID:3328
- C:\Windows\System\QIKJkNf.exe
  C:\Windows\System\QIKJkNf.exe
  2⤵
  PID:3428
- C:\Windows\System\rBWAlsD.exe
  C:\Windows\System\rBWAlsD.exe
  2⤵
  PID:3496
- C:\Windows\System\QqQEYhZ.exe
  C:\Windows\System\QqQEYhZ.exe
  2⤵
  PID:3532
- C:\Windows\System\ILpJWxH.exe
  C:\Windows\System\ILpJWxH.exe
  2⤵
  PID:3552
- C:\Windows\System\AYInGqi.exe
  C:\Windows\System\AYInGqi.exe
  2⤵
  PID:3600
- C:\Windows\System\ZkaKISH.exe
  C:\Windows\System\ZkaKISH.exe
  2⤵
  PID:3716
- C:\Windows\System\JoMgTxA.exe
  C:\Windows\System\JoMgTxA.exe
  2⤵
  PID:3740
- C:\Windows\System\VkHLsXG.exe
  C:\Windows\System\VkHLsXG.exe
  2⤵
  PID:3792
- C:\Windows\System\rzwOOcU.exe
  C:\Windows\System\rzwOOcU.exe
  2⤵
  PID:3800
- C:\Windows\System\eHPtHDQ.exe
  C:\Windows\System\eHPtHDQ.exe
  2⤵
  PID:3852
- C:\Windows\System\CsqvTWY.exe
  C:\Windows\System\CsqvTWY.exe
  2⤵
  PID:3900
- C:\Windows\System\saDocJj.exe
  C:\Windows\System\saDocJj.exe
  2⤵
  PID:4032
- C:\Windows\System\OIFogsR.exe
  C:\Windows\System\OIFogsR.exe
  2⤵
  PID:2772
- C:\Windows\System\gDCVOUu.exe
  C:\Windows\System\gDCVOUu.exe
  2⤵
  PID:4052
- C:\Windows\System\XsGhbqD.exe
  C:\Windows\System\XsGhbqD.exe
  2⤵
  PID:408
- C:\Windows\System\htqzRzc.exe
  C:\Windows\System\htqzRzc.exe
  2⤵
  PID:3092
- C:\Windows\System\BOtPqrI.exe
  C:\Windows\System\BOtPqrI.exe
  2⤵
  PID:3088
- C:\Windows\System\ycngNBt.exe
  C:\Windows\System\ycngNBt.exe
  2⤵
  PID:3176
- C:\Windows\System\zdKFLZD.exe
  C:\Windows\System\zdKFLZD.exe
  2⤵
  PID:3236
- C:\Windows\System\HlYlGBd.exe
  C:\Windows\System\HlYlGBd.exe
  2⤵
  PID:3436
- C:\Windows\System\zFZimsE.exe
  C:\Windows\System\zFZimsE.exe
  2⤵
  PID:3512
- C:\Windows\System\SqbZdlw.exe
  C:\Windows\System\SqbZdlw.exe
  2⤵
  PID:3560
- C:\Windows\System\uUEDPjF.exe
  C:\Windows\System\uUEDPjF.exe
  2⤵
  PID:3576
- C:\Windows\System\hRdnLYb.exe
  C:\Windows\System\hRdnLYb.exe
  2⤵
  PID:2868
- C:\Windows\System\LJnKKJB.exe
  C:\Windows\System\LJnKKJB.exe
  2⤵
  PID:3752
- C:\Windows\System\yQrQmUr.exe
  C:\Windows\System\yQrQmUr.exe
  2⤵
  PID:3860
- C:\Windows\System\fZKWDvT.exe
  C:\Windows\System\fZKWDvT.exe
  2⤵
  PID:3976
- C:\Windows\System\GoEXTFB.exe
  C:\Windows\System\GoEXTFB.exe
  2⤵
  PID:4056
- C:\Windows\System\moydVgP.exe
  C:\Windows\System\moydVgP.exe
  2⤵
  PID:376
- C:\Windows\System\ZqOTvmJ.exe
  C:\Windows\System\ZqOTvmJ.exe
  2⤵
  PID:4116
- C:\Windows\System\oqupqxj.exe
  C:\Windows\System\oqupqxj.exe
  2⤵
  PID:4136
- C:\Windows\System\Djarlhj.exe
  C:\Windows\System\Djarlhj.exe
  2⤵
  PID:4156
- C:\Windows\System\yxaatne.exe
  C:\Windows\System\yxaatne.exe
  2⤵
  PID:4176
- C:\Windows\System\RHxriPj.exe
  C:\Windows\System\RHxriPj.exe
  2⤵
  PID:4196
- C:\Windows\System\xXvBCgd.exe
  C:\Windows\System\xXvBCgd.exe
  2⤵
  PID:4216
- C:\Windows\System\HmQipxh.exe
  C:\Windows\System\HmQipxh.exe
  2⤵
  PID:4236
- C:\Windows\System\xruCKQE.exe
  C:\Windows\System\xruCKQE.exe
  2⤵
  PID:4256
- C:\Windows\System\VRCpdRL.exe
  C:\Windows\System\VRCpdRL.exe
  2⤵
  PID:4276
- C:\Windows\System\pDikxfo.exe
  C:\Windows\System\pDikxfo.exe
  2⤵
  PID:4296
- C:\Windows\System\eZkhnsz.exe
  C:\Windows\System\eZkhnsz.exe
  2⤵
  PID:4316
- C:\Windows\System\HwjNuUi.exe
  C:\Windows\System\HwjNuUi.exe
  2⤵
  PID:4336
- C:\Windows\System\pqIvlCL.exe
  C:\Windows\System\pqIvlCL.exe
  2⤵
  PID:4356
- C:\Windows\System\nHHZOJM.exe
  C:\Windows\System\nHHZOJM.exe
  2⤵
  PID:4376
- C:\Windows\System\PXwTHAl.exe
  C:\Windows\System\PXwTHAl.exe
  2⤵
  PID:4400
- C:\Windows\System\DnuQcVH.exe
  C:\Windows\System\DnuQcVH.exe
  2⤵
  PID:4420
- C:\Windows\System\STKqfTS.exe
  C:\Windows\System\STKqfTS.exe
  2⤵
  PID:4440
- C:\Windows\System\tkanGxe.exe
  C:\Windows\System\tkanGxe.exe
  2⤵
  PID:4460
- C:\Windows\System\SWZYrnn.exe
  C:\Windows\System\SWZYrnn.exe
  2⤵
  PID:4480
- C:\Windows\System\CtRdvDD.exe
  C:\Windows\System\CtRdvDD.exe
  2⤵
  PID:4500
- C:\Windows\System\fxJcEun.exe
  C:\Windows\System\fxJcEun.exe
  2⤵
  PID:4520
- C:\Windows\System\fehpUvp.exe
  C:\Windows\System\fehpUvp.exe
  2⤵
  PID:4540
- C:\Windows\System\fhnYWdR.exe
  C:\Windows\System\fhnYWdR.exe
  2⤵
  PID:4560
- C:\Windows\System\mhVeIWG.exe
  C:\Windows\System\mhVeIWG.exe
  2⤵
  PID:4580
- C:\Windows\System\pzpLaDI.exe
  C:\Windows\System\pzpLaDI.exe
  2⤵
  PID:4600
- C:\Windows\System\OcJexui.exe
  C:\Windows\System\OcJexui.exe
  2⤵
  PID:4620
- C:\Windows\System\ZbTdiCw.exe
  C:\Windows\System\ZbTdiCw.exe
  2⤵
  PID:4640
- C:\Windows\System\lhCkFkK.exe
  C:\Windows\System\lhCkFkK.exe
  2⤵
  PID:4660
- C:\Windows\System\LLuvKer.exe
  C:\Windows\System\LLuvKer.exe
  2⤵
  PID:4680
- C:\Windows\System\ZtxHstX.exe
  C:\Windows\System\ZtxHstX.exe
  2⤵
  PID:4700
- C:\Windows\System\UvsIOlw.exe
  C:\Windows\System\UvsIOlw.exe
  2⤵
  PID:4720
- C:\Windows\System\bvzfagf.exe
  C:\Windows\System\bvzfagf.exe
  2⤵
  PID:4740
- C:\Windows\System\CZCSbfL.exe
  C:\Windows\System\CZCSbfL.exe
  2⤵
  PID:4760
- C:\Windows\System\WqpESHb.exe
  C:\Windows\System\WqpESHb.exe
  2⤵
  PID:4780
- C:\Windows\System\djHGYzb.exe
  C:\Windows\System\djHGYzb.exe
  2⤵
  PID:4800
- C:\Windows\System\CZHYIPv.exe
  C:\Windows\System\CZHYIPv.exe
  2⤵
  PID:4820
- C:\Windows\System\waVKTah.exe
  C:\Windows\System\waVKTah.exe
  2⤵
  PID:4840
- C:\Windows\System\lZQCvCb.exe
  C:\Windows\System\lZQCvCb.exe
  2⤵
  PID:4860
- C:\Windows\System\QMsUTkF.exe
  C:\Windows\System\QMsUTkF.exe
  2⤵
  PID:4880
- C:\Windows\System\yzrbHyW.exe
  C:\Windows\System\yzrbHyW.exe
  2⤵
  PID:4900
- C:\Windows\System\rtYdBJu.exe
  C:\Windows\System\rtYdBJu.exe
  2⤵
  PID:4920
- C:\Windows\System\qzcuDof.exe
  C:\Windows\System\qzcuDof.exe
  2⤵
  PID:4940
- C:\Windows\System\iIklXjp.exe
  C:\Windows\System\iIklXjp.exe
  2⤵
  PID:4960
- C:\Windows\System\OkBWMtE.exe
  C:\Windows\System\OkBWMtE.exe
  2⤵
  PID:4980
- C:\Windows\System\UcZTbMH.exe
  C:\Windows\System\UcZTbMH.exe
  2⤵
  PID:5000
- C:\Windows\System\KFNDlYT.exe
  C:\Windows\System\KFNDlYT.exe
  2⤵
  PID:5020
- C:\Windows\System\FKttnOu.exe
  C:\Windows\System\FKttnOu.exe
  2⤵
  PID:5040
- C:\Windows\System\zVpnYgE.exe
  C:\Windows\System\zVpnYgE.exe
  2⤵
  PID:5060
- C:\Windows\System\XIEVchE.exe
  C:\Windows\System\XIEVchE.exe
  2⤵
  PID:5080
- C:\Windows\System\HBCVjTJ.exe
  C:\Windows\System\HBCVjTJ.exe
  2⤵
  PID:5100
- C:\Windows\System\ZvGDbNU.exe
  C:\Windows\System\ZvGDbNU.exe
  2⤵
  PID:2184
- C:\Windows\System\CxNDUup.exe
  C:\Windows\System\CxNDUup.exe
  2⤵
  PID:1204
- C:\Windows\System\XxlhLZT.exe
  C:\Windows\System\XxlhLZT.exe
  2⤵
  PID:3292
- C:\Windows\System\zWQWiuz.exe
  C:\Windows\System\zWQWiuz.exe
  2⤵
  PID:2612
- C:\Windows\System\ryqOAyS.exe
  C:\Windows\System\ryqOAyS.exe
  2⤵
  PID:3472
- C:\Windows\System\XQbvdpi.exe
  C:\Windows\System\XQbvdpi.exe
  2⤵
  PID:3660
- C:\Windows\System\uknLYvx.exe
  C:\Windows\System\uknLYvx.exe
  2⤵
  PID:3796
- C:\Windows\System\ADgBtuR.exe
  C:\Windows\System\ADgBtuR.exe
  2⤵
  PID:3876
- C:\Windows\System\QhumHcI.exe
  C:\Windows\System\QhumHcI.exe
  2⤵
  PID:4060
- C:\Windows\System\NDjGUyZ.exe
  C:\Windows\System\NDjGUyZ.exe
  2⤵
  PID:4132
- C:\Windows\System\ThTTpWs.exe
  C:\Windows\System\ThTTpWs.exe
  2⤵
  PID:4152
- C:\Windows\System\IBcnLWm.exe
  C:\Windows\System\IBcnLWm.exe
  2⤵
  PID:4184
- C:\Windows\System\opejbhE.exe
  C:\Windows\System\opejbhE.exe
  2⤵
  PID:4208
- C:\Windows\System\lPElUEU.exe
  C:\Windows\System\lPElUEU.exe
  2⤵
  PID:4248
- C:\Windows\System\qLxVzNI.exe
  C:\Windows\System\qLxVzNI.exe
  2⤵
  PID:4268
- C:\Windows\System\OxfpdPz.exe
  C:\Windows\System\OxfpdPz.exe
  2⤵
  PID:4324
- C:\Windows\System\WVTmueC.exe
  C:\Windows\System\WVTmueC.exe
  2⤵
  PID:4364
- C:\Windows\System\OZsFCVu.exe
  C:\Windows\System\OZsFCVu.exe
  2⤵
  PID:4408
- C:\Windows\System\DnZVCQT.exe
  C:\Windows\System\DnZVCQT.exe
  2⤵
  PID:4428
- C:\Windows\System\SsyRmjL.exe
  C:\Windows\System\SsyRmjL.exe
  2⤵
  PID:4452
- C:\Windows\System\oVXkxgL.exe
  C:\Windows\System\oVXkxgL.exe
  2⤵
  PID:4496
- C:\Windows\System\yMbODaz.exe
  C:\Windows\System\yMbODaz.exe
  2⤵
  PID:4536
- C:\Windows\System\yiBYBAQ.exe
  C:\Windows\System\yiBYBAQ.exe
  2⤵
  PID:4552
- C:\Windows\System\qeUPKwC.exe
  C:\Windows\System\qeUPKwC.exe
  2⤵
  PID:4608
- C:\Windows\System\QispjIP.exe
  C:\Windows\System\QispjIP.exe
  2⤵
  PID:4636
- C:\Windows\System\eOkfLbm.exe
  C:\Windows\System\eOkfLbm.exe
  2⤵
  PID:4668
- C:\Windows\System\bXVyBxu.exe
  C:\Windows\System\bXVyBxu.exe
  2⤵
  PID:4692
- C:\Windows\System\FYvpIjd.exe
  C:\Windows\System\FYvpIjd.exe
  2⤵
  PID:4732
- C:\Windows\System\UUVxHWv.exe
  C:\Windows\System\UUVxHWv.exe
  2⤵
  PID:4768
- C:\Windows\System\qWyPLgI.exe
  C:\Windows\System\qWyPLgI.exe
  2⤵
  PID:4796
- C:\Windows\System\HuQUXuY.exe
  C:\Windows\System\HuQUXuY.exe
  2⤵
  PID:4856
- C:\Windows\System\uzDOhGa.exe
  C:\Windows\System\uzDOhGa.exe
  2⤵
  PID:4868
- C:\Windows\System\KUrMhxG.exe
  C:\Windows\System\KUrMhxG.exe
  2⤵
  PID:4892
- C:\Windows\System\CcLdYGW.exe
  C:\Windows\System\CcLdYGW.exe
  2⤵
  PID:4912
- C:\Windows\System\ShgYeKS.exe
  C:\Windows\System\ShgYeKS.exe
  2⤵
  PID:4956
- C:\Windows\System\LpXsMWe.exe
  C:\Windows\System\LpXsMWe.exe
  2⤵
  PID:4988
- C:\Windows\System\wpBUfzI.exe
  C:\Windows\System\wpBUfzI.exe
  2⤵
  PID:4396
- C:\Windows\System\yJdchRk.exe
  C:\Windows\System\yJdchRk.exe
  2⤵
  PID:5056
- C:\Windows\System\ZZpRxNv.exe
  C:\Windows\System\ZZpRxNv.exe
  2⤵
  PID:2128
- C:\Windows\System\fIDwDXW.exe
  C:\Windows\System\fIDwDXW.exe
  2⤵
  PID:5108
- C:\Windows\System\VEQOAIp.exe
  C:\Windows\System\VEQOAIp.exe
  2⤵
  PID:3272
- C:\Windows\System\MZduiYa.exe
  C:\Windows\System\MZduiYa.exe
  2⤵
  PID:3228
- C:\Windows\System\MIUYiHg.exe
  C:\Windows\System\MIUYiHg.exe
  2⤵
  PID:3572
- C:\Windows\System\MVZZzpR.exe
  C:\Windows\System\MVZZzpR.exe
  2⤵
  PID:3712
- C:\Windows\System\yFpKAbD.exe
  C:\Windows\System\yFpKAbD.exe
  2⤵
  PID:4124
- C:\Windows\System\sBZmnMK.exe
  C:\Windows\System\sBZmnMK.exe
  2⤵
  PID:4144
- C:\Windows\System\rLYGkNe.exe
  C:\Windows\System\rLYGkNe.exe
  2⤵
  PID:4204
- C:\Windows\System\ecfXDwl.exe
  C:\Windows\System\ecfXDwl.exe
  2⤵
  PID:4212
- C:\Windows\System\vJytERM.exe
  C:\Windows\System\vJytERM.exe
  2⤵
  PID:4272
- C:\Windows\System\AVqwFKJ.exe
  C:\Windows\System\AVqwFKJ.exe
  2⤵
  PID:4352
- C:\Windows\System\IIdbjah.exe
  C:\Windows\System\IIdbjah.exe
  2⤵
  PID:4412
- C:\Windows\System\yISHhPp.exe
  C:\Windows\System\yISHhPp.exe
  2⤵
  PID:4508
- C:\Windows\System\zGkxSVQ.exe
  C:\Windows\System\zGkxSVQ.exe
  2⤵
  PID:4512
- C:\Windows\System\zMzEpQg.exe
  C:\Windows\System\zMzEpQg.exe
  2⤵
  PID:4572
- C:\Windows\System\nxUsJEh.exe
  C:\Windows\System\nxUsJEh.exe
  2⤵
  PID:4592
- C:\Windows\System\OGoeFvF.exe
  C:\Windows\System\OGoeFvF.exe
  2⤵
  PID:4736
- C:\Windows\System\FEIaENN.exe
  C:\Windows\System\FEIaENN.exe
  2⤵
  PID:4756
- C:\Windows\System\vjFGKrB.exe
  C:\Windows\System\vjFGKrB.exe
  2⤵
  PID:4812
- C:\Windows\System\dzfgkkM.exe
  C:\Windows\System\dzfgkkM.exe
  2⤵
  PID:4872
- C:\Windows\System\YtbjjCS.exe
  C:\Windows\System\YtbjjCS.exe
  2⤵
  PID:4952
- C:\Windows\System\aekEoCo.exe
  C:\Windows\System\aekEoCo.exe
  2⤵
  PID:5008
- C:\Windows\System\QDGRmvW.exe
  C:\Windows\System\QDGRmvW.exe
  2⤵
  PID:5012
- C:\Windows\System\QMWNmnC.exe
  C:\Windows\System\QMWNmnC.exe
  2⤵
  PID:5088
- C:\Windows\System\jDfqosK.exe
  C:\Windows\System\jDfqosK.exe
  2⤵
  PID:5112
- C:\Windows\System\UgAbskR.exe
  C:\Windows\System\UgAbskR.exe
  2⤵
  PID:2696
- C:\Windows\System\yonrRrr.exe
  C:\Windows\System\yonrRrr.exe
  2⤵
  PID:2716
- C:\Windows\System\UcMUoAb.exe
  C:\Windows\System\UcMUoAb.exe
  2⤵
  PID:4172
- C:\Windows\System\ADhnYoR.exe
  C:\Windows\System\ADhnYoR.exe
  2⤵
  PID:4252
- C:\Windows\System\KIFJwPi.exe
  C:\Windows\System\KIFJwPi.exe
  2⤵
  PID:4284
- C:\Windows\System\LAwyrGP.exe
  C:\Windows\System\LAwyrGP.exe
  2⤵
  PID:4432
- C:\Windows\System\IZkVzuK.exe
  C:\Windows\System\IZkVzuK.exe
  2⤵
  PID:4516
- C:\Windows\System\lcchEZE.exe
  C:\Windows\System\lcchEZE.exe
  2⤵
  PID:4652
- C:\Windows\System\YoSNbAM.exe
  C:\Windows\System\YoSNbAM.exe
  2⤵
  PID:4716
- C:\Windows\System\JkKCiIl.exe
  C:\Windows\System\JkKCiIl.exe
  2⤵
  PID:4816
- C:\Windows\System\XifBNwZ.exe
  C:\Windows\System\XifBNwZ.exe
  2⤵
  PID:4928
- C:\Windows\System\NgpkZpN.exe
  C:\Windows\System\NgpkZpN.exe
  2⤵
  PID:5032
- C:\Windows\System\mnFxqhu.exe
  C:\Windows\System\mnFxqhu.exe
  2⤵
  PID:5136
- C:\Windows\System\sTWHssg.exe
  C:\Windows\System\sTWHssg.exe
  2⤵
  PID:5156
- C:\Windows\System\dnDfjWw.exe
  C:\Windows\System\dnDfjWw.exe
  2⤵
  PID:5176
- C:\Windows\System\gxVfYUt.exe
  C:\Windows\System\gxVfYUt.exe
  2⤵
  PID:5196
- C:\Windows\System\jXLNvIZ.exe
  C:\Windows\System\jXLNvIZ.exe
  2⤵
  PID:5216
- C:\Windows\System\clMkeNh.exe
  C:\Windows\System\clMkeNh.exe
  2⤵
  PID:5236
- C:\Windows\System\izVIxkl.exe
  C:\Windows\System\izVIxkl.exe
  2⤵
  PID:5256
- C:\Windows\System\dQwgSPB.exe
  C:\Windows\System\dQwgSPB.exe
  2⤵
  PID:5280
- C:\Windows\System\xSjDbNo.exe
  C:\Windows\System\xSjDbNo.exe
  2⤵
  PID:5300
- C:\Windows\System\XdxBeWZ.exe
  C:\Windows\System\XdxBeWZ.exe
  2⤵
  PID:5320
- C:\Windows\System\IKmkdwN.exe
  C:\Windows\System\IKmkdwN.exe
  2⤵
  PID:5340
- C:\Windows\System\GKXUMts.exe
  C:\Windows\System\GKXUMts.exe
  2⤵
  PID:5360
- C:\Windows\System\LzXgfwj.exe
  C:\Windows\System\LzXgfwj.exe
  2⤵
  PID:5380
- C:\Windows\System\fDHSHsn.exe
  C:\Windows\System\fDHSHsn.exe
  2⤵
  PID:5400
- C:\Windows\System\AmFTjOz.exe
  C:\Windows\System\AmFTjOz.exe
  2⤵
  PID:5420
- C:\Windows\System\dkddaqy.exe
  C:\Windows\System\dkddaqy.exe
  2⤵
  PID:5440
- C:\Windows\System\VtqpdwQ.exe
  C:\Windows\System\VtqpdwQ.exe
  2⤵
  PID:5460
- C:\Windows\System\hDwAkXn.exe
  C:\Windows\System\hDwAkXn.exe
  2⤵
  PID:5480
- C:\Windows\System\YslebHW.exe
  C:\Windows\System\YslebHW.exe
  2⤵
  PID:5500
- C:\Windows\System\MkwnViA.exe
  C:\Windows\System\MkwnViA.exe
  2⤵
  PID:5520
- C:\Windows\System\LwmAulh.exe
  C:\Windows\System\LwmAulh.exe
  2⤵
  PID:5540
- C:\Windows\System\lWjqKLi.exe
  C:\Windows\System\lWjqKLi.exe
  2⤵
  PID:5560
- C:\Windows\System\UKTeJsT.exe
  C:\Windows\System\UKTeJsT.exe
  2⤵
  PID:5580
- C:\Windows\System\JXbABTn.exe
  C:\Windows\System\JXbABTn.exe
  2⤵
  PID:5600
- C:\Windows\System\tFwaSzI.exe
  C:\Windows\System\tFwaSzI.exe
  2⤵
  PID:5620
- C:\Windows\System\ONRgbHA.exe
  C:\Windows\System\ONRgbHA.exe
  2⤵
  PID:5640
- C:\Windows\System\JKIgAhz.exe
  C:\Windows\System\JKIgAhz.exe
  2⤵
  PID:5660
- C:\Windows\System\kmytsXU.exe
  C:\Windows\System\kmytsXU.exe
  2⤵
  PID:5680
- C:\Windows\System\KVjbRny.exe
  C:\Windows\System\KVjbRny.exe
  2⤵
  PID:5700
- C:\Windows\System\cIHpmoK.exe
  C:\Windows\System\cIHpmoK.exe
  2⤵
  PID:5720
- C:\Windows\System\hCHqTqj.exe
  C:\Windows\System\hCHqTqj.exe
  2⤵
  PID:5740
- C:\Windows\System\YgDeChf.exe
  C:\Windows\System\YgDeChf.exe
  2⤵
  PID:5760
- C:\Windows\System\gAKhnYw.exe
  C:\Windows\System\gAKhnYw.exe
  2⤵
  PID:5780
- C:\Windows\System\lHnbmAe.exe
  C:\Windows\System\lHnbmAe.exe
  2⤵
  PID:5800
- C:\Windows\System\HpSGSkK.exe
  C:\Windows\System\HpSGSkK.exe
  2⤵
  PID:5820
- C:\Windows\System\lKGthpp.exe
  C:\Windows\System\lKGthpp.exe
  2⤵
  PID:5844
- C:\Windows\System\ybksZjp.exe
  C:\Windows\System\ybksZjp.exe
  2⤵
  PID:5864
- C:\Windows\System\ZAkjJqr.exe
  C:\Windows\System\ZAkjJqr.exe
  2⤵
  PID:5884
- C:\Windows\System\UnBZQpY.exe
  C:\Windows\System\UnBZQpY.exe
  2⤵
  PID:5904
- C:\Windows\System\qKnlrGs.exe
  C:\Windows\System\qKnlrGs.exe
  2⤵
  PID:5924
- C:\Windows\System\ORQInvb.exe
  C:\Windows\System\ORQInvb.exe
  2⤵
  PID:5944
- C:\Windows\System\sKvoQqR.exe
  C:\Windows\System\sKvoQqR.exe
  2⤵
  PID:5964
- C:\Windows\System\IJTLwtR.exe
  C:\Windows\System\IJTLwtR.exe
  2⤵
  PID:5984
- C:\Windows\System\mLUcAte.exe
  C:\Windows\System\mLUcAte.exe
  2⤵
  PID:6004
- C:\Windows\System\NeODCwR.exe
  C:\Windows\System\NeODCwR.exe
  2⤵
  PID:6024
- C:\Windows\System\QKgOQyi.exe
  C:\Windows\System\QKgOQyi.exe
  2⤵
  PID:6044
- C:\Windows\System\PauabPY.exe
  C:\Windows\System\PauabPY.exe
  2⤵
  PID:6064
- C:\Windows\System\fVPodhy.exe
  C:\Windows\System\fVPodhy.exe
  2⤵
  PID:6084
- C:\Windows\System\DkDQTZg.exe
  C:\Windows\System\DkDQTZg.exe
  2⤵
  PID:6104
- C:\Windows\System\segoFpG.exe
  C:\Windows\System\segoFpG.exe
  2⤵
  PID:6124
- C:\Windows\System\rQZtbbZ.exe
  C:\Windows\System\rQZtbbZ.exe
  2⤵
  PID:5028
- C:\Windows\System\CmdmnDe.exe
  C:\Windows\System\CmdmnDe.exe
  2⤵
  PID:2524
- C:\Windows\System\nUpvFsn.exe
  C:\Windows\System\nUpvFsn.exe
  2⤵
  PID:3956
- C:\Windows\System\LCdQOwZ.exe
  C:\Windows\System\LCdQOwZ.exe
  2⤵
  PID:4104
- C:\Windows\System\sXYxZCm.exe
  C:\Windows\System\sXYxZCm.exe
  2⤵
  PID:4312
- C:\Windows\System\PGBNWrq.exe
  C:\Windows\System\PGBNWrq.exe
  2⤵
  PID:4392
- C:\Windows\System\REsTpXc.exe
  C:\Windows\System\REsTpXc.exe
  2⤵
  PID:4628
- C:\Windows\System\fdPXhZj.exe
  C:\Windows\System\fdPXhZj.exe
  2⤵
  PID:4676
- C:\Windows\System\oKVsSSQ.exe
  C:\Windows\System\oKVsSSQ.exe
  2⤵
  PID:4888
- C:\Windows\System\GmZqZDR.exe
  C:\Windows\System\GmZqZDR.exe
  2⤵
  PID:5144
- C:\Windows\System\SHBwPla.exe
  C:\Windows\System\SHBwPla.exe
  2⤵
  PID:5164
- C:\Windows\System\OwjqEgF.exe
  C:\Windows\System\OwjqEgF.exe
  2⤵
  PID:5168
- C:\Windows\System\MFcRbdc.exe
  C:\Windows\System\MFcRbdc.exe
  2⤵
  PID:5232
- C:\Windows\System\pbRpsel.exe
  C:\Windows\System\pbRpsel.exe
  2⤵
  PID:5276
- C:\Windows\System\PGhuqMf.exe
  C:\Windows\System\PGhuqMf.exe
  2⤵
  PID:5308
- C:\Windows\System\bUlHyvm.exe
  C:\Windows\System\bUlHyvm.exe
  2⤵
  PID:5348
- C:\Windows\System\hGsNSUg.exe
  C:\Windows\System\hGsNSUg.exe
  2⤵
  PID:5376
- C:\Windows\System\ZPIcKsP.exe
  C:\Windows\System\ZPIcKsP.exe
  2⤵
  PID:5428
- C:\Windows\System\dIicrHl.exe
  C:\Windows\System\dIicrHl.exe
  2⤵
  PID:5432
- C:\Windows\System\HPzwONy.exe
  C:\Windows\System\HPzwONy.exe
  2⤵
  PID:5452
- C:\Windows\System\IdNyRLV.exe
  C:\Windows\System\IdNyRLV.exe
  2⤵
  PID:5508
- C:\Windows\System\FscgSMU.exe
  C:\Windows\System\FscgSMU.exe
  2⤵
  PID:5548
- C:\Windows\System\ScgtPaE.exe
  C:\Windows\System\ScgtPaE.exe
  2⤵
  PID:5576
- C:\Windows\System\AcIOWVp.exe
  C:\Windows\System\AcIOWVp.exe
  2⤵
  PID:5608
- C:\Windows\System\wNGjAxg.exe
  C:\Windows\System\wNGjAxg.exe
  2⤵
  PID:5632
- C:\Windows\System\aPWDtkg.exe
  C:\Windows\System\aPWDtkg.exe
  2⤵
  PID:5676
- C:\Windows\System\oXojKmz.exe
  C:\Windows\System\oXojKmz.exe
  2⤵
  PID:5696
- C:\Windows\System\iLNszxh.exe
  C:\Windows\System\iLNszxh.exe
  2⤵
  PID:5748
- C:\Windows\System\ROjHTzm.exe
  C:\Windows\System\ROjHTzm.exe
  2⤵
  PID:2740
- C:\Windows\System\DPrOACp.exe
  C:\Windows\System\DPrOACp.exe
  2⤵
  PID:5772
- C:\Windows\System\ZcEbNNT.exe
  C:\Windows\System\ZcEbNNT.exe
  2⤵
  PID:5836
- C:\Windows\System\LsWuSME.exe
  C:\Windows\System\LsWuSME.exe
  2⤵
  PID:5872
- C:\Windows\System\EUgYiVS.exe
  C:\Windows\System\EUgYiVS.exe
  2⤵
  PID:5900
- C:\Windows\System\VxGRrNt.exe
  C:\Windows\System\VxGRrNt.exe
  2⤵
  PID:5932
- C:\Windows\System\BEVwLFR.exe
  C:\Windows\System\BEVwLFR.exe
  2⤵
  PID:5960
- C:\Windows\System\oHBOKZv.exe
  C:\Windows\System\oHBOKZv.exe
  2⤵
  PID:6000
- C:\Windows\System\KQzWxCn.exe
  C:\Windows\System\KQzWxCn.exe
  2⤵
  PID:6020
- C:\Windows\System\xAijQwy.exe
  C:\Windows\System\xAijQwy.exe
  2⤵
  PID:6060
- C:\Windows\System\tPQjGCc.exe
  C:\Windows\System\tPQjGCc.exe
  2⤵
  PID:6100
- C:\Windows\System\aXGGfEL.exe
  C:\Windows\System\aXGGfEL.exe
  2⤵
  PID:6132
- C:\Windows\System\kaGmGJv.exe
  C:\Windows\System\kaGmGJv.exe
  2⤵
  PID:5092
- C:\Windows\System\dIpkZXw.exe
  C:\Windows\System\dIpkZXw.exe
  2⤵
  PID:3992
- C:\Windows\System\gdhBnPk.exe
  C:\Windows\System\gdhBnPk.exe
  2⤵
  PID:4384
- C:\Windows\System\CuEPlGj.exe
  C:\Windows\System\CuEPlGj.exe
  2⤵
  PID:4612
- C:\Windows\System\RezPOMO.exe
  C:\Windows\System\RezPOMO.exe
  2⤵
  PID:4772
- C:\Windows\System\vdwDkCR.exe
  C:\Windows\System\vdwDkCR.exe
  2⤵
  PID:5188
- C:\Windows\System\ZTgrUxs.exe
  C:\Windows\System\ZTgrUxs.exe
  2⤵
  PID:5224
- C:\Windows\System\lnenPCi.exe
  C:\Windows\System\lnenPCi.exe
  2⤵
  PID:5244
- C:\Windows\System\oJRirZC.exe
  C:\Windows\System\oJRirZC.exe
  2⤵
  PID:5336
- C:\Windows\System\MmVwJBP.exe
  C:\Windows\System\MmVwJBP.exe
  2⤵
  PID:5368
- C:\Windows\System\rTocdjL.exe
  C:\Windows\System\rTocdjL.exe
  2⤵
  PID:5412
- C:\Windows\System\PCULNbu.exe
  C:\Windows\System\PCULNbu.exe
  2⤵
  PID:5492
- C:\Windows\System\sfWOLAG.exe
  C:\Windows\System\sfWOLAG.exe
  2⤵
  PID:5532
- C:\Windows\System\PvfWUhv.exe
  C:\Windows\System\PvfWUhv.exe
  2⤵
  PID:5596
- C:\Windows\System\ENZtaLQ.exe
  C:\Windows\System\ENZtaLQ.exe
  2⤵
  PID:5652
- C:\Windows\System\ACQORjk.exe
  C:\Windows\System\ACQORjk.exe
  2⤵
  PID:2840
- C:\Windows\System\XEQLEiN.exe
  C:\Windows\System\XEQLEiN.exe
  2⤵
  PID:5788
- C:\Windows\System\ugyxVaV.exe
  C:\Windows\System\ugyxVaV.exe
  2⤵
  PID:5796
- C:\Windows\System\zUelzke.exe
  C:\Windows\System\zUelzke.exe
  2⤵
  PID:5272
- C:\Windows\System\crejaaE.exe
  C:\Windows\System\crejaaE.exe
  2⤵
  PID:5892
- C:\Windows\System\cnuOTBP.exe
  C:\Windows\System\cnuOTBP.exe
  2⤵
  PID:5956
- C:\Windows\System\zrNseuH.exe
  C:\Windows\System\zrNseuH.exe
  2⤵
  PID:6036
- C:\Windows\System\XPfUHDK.exe
  C:\Windows\System\XPfUHDK.exe
  2⤵
  PID:6080
- C:\Windows\System\FOeiryV.exe
  C:\Windows\System\FOeiryV.exe
  2⤵
  PID:6096
- C:\Windows\System\DyItofR.exe
  C:\Windows\System\DyItofR.exe
  2⤵
  PID:3408
- C:\Windows\System\tOHYgmU.exe
  C:\Windows\System\tOHYgmU.exe
  2⤵
  PID:4244
- C:\Windows\System\ljBTyZt.exe
  C:\Windows\System\ljBTyZt.exe
  2⤵
  PID:5248
- C:\Windows\System\ZrhpXmA.exe
  C:\Windows\System\ZrhpXmA.exe
  2⤵
  PID:5152
- C:\Windows\System\XQIRFov.exe
  C:\Windows\System\XQIRFov.exe
  2⤵
  PID:5212
- C:\Windows\System\UtbTnbN.exe
  C:\Windows\System\UtbTnbN.exe
  2⤵
  PID:5392
- C:\Windows\System\zEUWouU.exe
  C:\Windows\System\zEUWouU.exe
  2⤵
  PID:5468
- C:\Windows\System\nsSSukN.exe
  C:\Windows\System\nsSSukN.exe
  2⤵
  PID:5528
- C:\Windows\System\ptgWcDX.exe
  C:\Windows\System\ptgWcDX.exe
  2⤵
  PID:5648
- C:\Windows\System\KlKyYEl.exe
  C:\Windows\System\KlKyYEl.exe
  2⤵
  PID:5716
- C:\Windows\System\VwzUGQs.exe
  C:\Windows\System\VwzUGQs.exe
  2⤵
  PID:5712
- C:\Windows\System\hUTfRom.exe
  C:\Windows\System\hUTfRom.exe
  2⤵
  PID:5916
- C:\Windows\System\MJCzbZh.exe
  C:\Windows\System\MJCzbZh.exe
  2⤵
  PID:5936
- C:\Windows\System\OQwvSsa.exe
  C:\Windows\System\OQwvSsa.exe
  2⤵
  PID:6092
- C:\Windows\System\oHhQImi.exe
  C:\Windows\System\oHhQImi.exe
  2⤵
  PID:6140
- C:\Windows\System\FvAydNe.exe
  C:\Windows\System\FvAydNe.exe
  2⤵
  PID:4168
- C:\Windows\System\zgvMtnh.exe
  C:\Windows\System\zgvMtnh.exe
  2⤵
  PID:4588
- C:\Windows\System\eZHylcD.exe
  C:\Windows\System\eZHylcD.exe
  2⤵
  PID:2624
- C:\Windows\System\xsATSzp.exe
  C:\Windows\System\xsATSzp.exe
  2⤵
  PID:5208
- C:\Windows\System\ERlTqDv.exe
  C:\Windows\System\ERlTqDv.exe
  2⤵
  PID:5416
- C:\Windows\System\pzmmLhI.exe
  C:\Windows\System\pzmmLhI.exe
  2⤵
  PID:5588
- C:\Windows\System\jmzISCw.exe
  C:\Windows\System\jmzISCw.exe
  2⤵
  PID:5636
- C:\Windows\System\yOZdIBG.exe
  C:\Windows\System\yOZdIBG.exe
  2⤵
  PID:5816
- C:\Windows\System\MoDlgEc.exe
  C:\Windows\System\MoDlgEc.exe
  2⤵
  PID:6160
- C:\Windows\System\ywZmvEO.exe
  C:\Windows\System\ywZmvEO.exe
  2⤵
  PID:6180
- C:\Windows\System\NmBtrLi.exe
  C:\Windows\System\NmBtrLi.exe
  2⤵
  PID:6204
- C:\Windows\System\rPsjpIp.exe
  C:\Windows\System\rPsjpIp.exe
  2⤵
  PID:6224
- C:\Windows\System\zuemOUz.exe
  C:\Windows\System\zuemOUz.exe
  2⤵
  PID:6244
- C:\Windows\System\yHhYAzc.exe
  C:\Windows\System\yHhYAzc.exe
  2⤵
  PID:6264
- C:\Windows\System\zNfaxDc.exe
  C:\Windows\System\zNfaxDc.exe
  2⤵
  PID:6284
- C:\Windows\System\RrKfWMh.exe
  C:\Windows\System\RrKfWMh.exe
  2⤵
  PID:6304
- C:\Windows\System\xbEXmVp.exe
  C:\Windows\System\xbEXmVp.exe
  2⤵
  PID:6324
- C:\Windows\System\doSSJEy.exe
  C:\Windows\System\doSSJEy.exe
  2⤵
  PID:6344
- C:\Windows\System\tggzifJ.exe
  C:\Windows\System\tggzifJ.exe
  2⤵
  PID:6364
- C:\Windows\System\KTiscvq.exe
  C:\Windows\System\KTiscvq.exe
  2⤵
  PID:6384
- C:\Windows\System\eczffAI.exe
  C:\Windows\System\eczffAI.exe
  2⤵
  PID:6404
- C:\Windows\System\MLPRrvC.exe
  C:\Windows\System\MLPRrvC.exe
  2⤵
  PID:6424
- C:\Windows\System\PBcDszg.exe
  C:\Windows\System\PBcDszg.exe
  2⤵
  PID:6444
- C:\Windows\System\hGMxLFS.exe
  C:\Windows\System\hGMxLFS.exe
  2⤵
  PID:6464
- C:\Windows\System\xuDvotc.exe
  C:\Windows\System\xuDvotc.exe
  2⤵
  PID:6484
- C:\Windows\System\MteVMHY.exe
  C:\Windows\System\MteVMHY.exe
  2⤵
  PID:6504
- C:\Windows\System\pUZhFpX.exe
  C:\Windows\System\pUZhFpX.exe
  2⤵
  PID:6524
- C:\Windows\System\UQKeTYK.exe
  C:\Windows\System\UQKeTYK.exe
  2⤵
  PID:6544
- C:\Windows\System\SHjhYlA.exe
  C:\Windows\System\SHjhYlA.exe
  2⤵
  PID:6564
- C:\Windows\System\giLGzaC.exe
  C:\Windows\System\giLGzaC.exe
  2⤵
  PID:6584
- C:\Windows\System\SOcVWps.exe
  C:\Windows\System\SOcVWps.exe
  2⤵
  PID:6604
- C:\Windows\System\ugDGPgm.exe
  C:\Windows\System\ugDGPgm.exe
  2⤵
  PID:6624
- C:\Windows\System\JgCUVkw.exe
  C:\Windows\System\JgCUVkw.exe
  2⤵
  PID:6644
- C:\Windows\System\aZIWAeE.exe
  C:\Windows\System\aZIWAeE.exe
  2⤵
  PID:6664
- C:\Windows\System\KvAifYx.exe
  C:\Windows\System\KvAifYx.exe
  2⤵
  PID:6684
- C:\Windows\System\GHSjMIq.exe
  C:\Windows\System\GHSjMIq.exe
  2⤵
  PID:6704
- C:\Windows\System\DLDmcpR.exe
  C:\Windows\System\DLDmcpR.exe
  2⤵
  PID:6724
- C:\Windows\System\zBrxAuX.exe
  C:\Windows\System\zBrxAuX.exe
  2⤵
  PID:6744
- C:\Windows\System\CThAyGP.exe
  C:\Windows\System\CThAyGP.exe
  2⤵
  PID:6764
- C:\Windows\System\KHCAKuf.exe
  C:\Windows\System\KHCAKuf.exe
  2⤵
  PID:6784
- C:\Windows\System\wSRqonS.exe
  C:\Windows\System\wSRqonS.exe
  2⤵
  PID:6804
- C:\Windows\System\gNcSiNG.exe
  C:\Windows\System\gNcSiNG.exe
  2⤵
  PID:6824
- C:\Windows\System\RvsIgCz.exe
  C:\Windows\System\RvsIgCz.exe
  2⤵
  PID:6844
- C:\Windows\System\bcmqIOc.exe
  C:\Windows\System\bcmqIOc.exe
  2⤵
  PID:6864
- C:\Windows\System\JYernvn.exe
  C:\Windows\System\JYernvn.exe
  2⤵
  PID:6884
- C:\Windows\System\MYOdJnR.exe
  C:\Windows\System\MYOdJnR.exe
  2⤵
  PID:6904
- C:\Windows\System\KVTprwI.exe
  C:\Windows\System\KVTprwI.exe
  2⤵
  PID:6928
- C:\Windows\System\TAUFVNT.exe
  C:\Windows\System\TAUFVNT.exe
  2⤵
  PID:6948
- C:\Windows\System\ITheVGn.exe
  C:\Windows\System\ITheVGn.exe
  2⤵
  PID:6968
- C:\Windows\System\doReNRB.exe
  C:\Windows\System\doReNRB.exe
  2⤵
  PID:6988
- C:\Windows\System\vPmsuUt.exe
  C:\Windows\System\vPmsuUt.exe
  2⤵
  PID:7008
- C:\Windows\System\EqzUDDw.exe
  C:\Windows\System\EqzUDDw.exe
  2⤵
  PID:7028
- C:\Windows\System\FDjtXSH.exe
  C:\Windows\System\FDjtXSH.exe
  2⤵
  PID:7048
- C:\Windows\System\vVUeyIv.exe
  C:\Windows\System\vVUeyIv.exe
  2⤵
  PID:7068
- C:\Windows\System\ezEEBMI.exe
  C:\Windows\System\ezEEBMI.exe
  2⤵
  PID:7092
- C:\Windows\System\xWUUQII.exe
  C:\Windows\System\xWUUQII.exe
  2⤵
  PID:7112
- C:\Windows\System\JjaEMKB.exe
  C:\Windows\System\JjaEMKB.exe
  2⤵
  PID:7132
- C:\Windows\System\YcFZmVG.exe
  C:\Windows\System\YcFZmVG.exe
  2⤵
  PID:7152
- C:\Windows\System\ylolQsj.exe
  C:\Windows\System\ylolQsj.exe
  2⤵
  PID:6012
- C:\Windows\System\mZOrYTT.exe
  C:\Windows\System\mZOrYTT.exe
  2⤵
  PID:6032
- C:\Windows\System\yjijmWs.exe
  C:\Windows\System\yjijmWs.exe
  2⤵
  PID:2640
- C:\Windows\System\bytnNEl.exe
  C:\Windows\System\bytnNEl.exe
  2⤵
  PID:620
- C:\Windows\System\IUlcMHA.exe
  C:\Windows\System\IUlcMHA.exe
  2⤵
  PID:2784
- C:\Windows\System\ZIGZHDo.exe
  C:\Windows\System\ZIGZHDo.exe
  2⤵
  PID:5856
- C:\Windows\System\OKAKqaa.exe
  C:\Windows\System\OKAKqaa.exe
  2⤵
  PID:6156
- C:\Windows\System\OhFiDLe.exe
  C:\Windows\System\OhFiDLe.exe
  2⤵
  PID:6200
- C:\Windows\System\aVzLNft.exe
  C:\Windows\System\aVzLNft.exe
  2⤵
  PID:1940
- C:\Windows\System\ebsrexq.exe
  C:\Windows\System\ebsrexq.exe
  2⤵
  PID:6280
- C:\Windows\System\nllXpGk.exe
  C:\Windows\System\nllXpGk.exe
  2⤵
  PID:6332
- C:\Windows\System\nLAsaWW.exe
  C:\Windows\System\nLAsaWW.exe
  2⤵
  PID:6356
- C:\Windows\System\nshvdaE.exe
  C:\Windows\System\nshvdaE.exe
  2⤵
  PID:6412
- C:\Windows\System\iCycDMr.exe
  C:\Windows\System\iCycDMr.exe
  2⤵
  PID:6452
- C:\Windows\System\QkLhsCp.exe
  C:\Windows\System\QkLhsCp.exe
  2⤵
  PID:5296
- C:\Windows\System\VRyqmbu.exe
  C:\Windows\System\VRyqmbu.exe
  2⤵
  PID:6520
- C:\Windows\System\gdxlydn.exe
  C:\Windows\System\gdxlydn.exe
  2⤵
  PID:6532
- C:\Windows\System\bFjufkf.exe
  C:\Windows\System\bFjufkf.exe
  2⤵
  PID:6536
- C:\Windows\System\lxtRRUO.exe
  C:\Windows\System\lxtRRUO.exe
  2⤵
  PID:6612
- C:\Windows\System\eiPwLtd.exe
  C:\Windows\System\eiPwLtd.exe
  2⤵
  PID:6680
- C:\Windows\System\InZvxJP.exe
  C:\Windows\System\InZvxJP.exe
  2⤵
  PID:6692
- C:\Windows\System\gANNhnO.exe
  C:\Windows\System\gANNhnO.exe
  2⤵
  PID:6712
- C:\Windows\System\vbXKENk.exe
  C:\Windows\System\vbXKENk.exe
  2⤵
  PID:6752
- C:\Windows\System\MzukjlX.exe
  C:\Windows\System\MzukjlX.exe
  2⤵
  PID:6756
- C:\Windows\System\ycTqLFf.exe
  C:\Windows\System\ycTqLFf.exe
  2⤵
  PID:6780
- C:\Windows\System\HVKtAyD.exe
  C:\Windows\System\HVKtAyD.exe
  2⤵
  PID:1732
- C:\Windows\System\lPKUvcO.exe
  C:\Windows\System\lPKUvcO.exe
  2⤵
  PID:6840
- C:\Windows\System\BPgpjnD.exe
  C:\Windows\System\BPgpjnD.exe
  2⤵
  PID:6872
- C:\Windows\System\egkHGOA.exe
  C:\Windows\System\egkHGOA.exe
  2⤵
  PID:2872
- C:\Windows\System\tvVGriu.exe
  C:\Windows\System\tvVGriu.exe
  2⤵
  PID:6912
- C:\Windows\System\YnxBbQs.exe
  C:\Windows\System\YnxBbQs.exe
  2⤵
  PID:6896
- C:\Windows\System\SjlPuJp.exe
  C:\Windows\System\SjlPuJp.exe
  2⤵
  PID:6936
- C:\Windows\System\tYNUaDx.exe
  C:\Windows\System\tYNUaDx.exe
  2⤵
  PID:1208
- C:\Windows\System\OqJcICO.exe
  C:\Windows\System\OqJcICO.exe
  2⤵
  PID:6984
- C:\Windows\System\kvFcLxO.exe
  C:\Windows\System\kvFcLxO.exe
  2⤵
  PID:7000
- C:\Windows\System\MkYPJLu.exe
  C:\Windows\System\MkYPJLu.exe
  2⤵
  PID:7044
- C:\Windows\System\YSeSkQA.exe
  C:\Windows\System\YSeSkQA.exe
  2⤵
  PID:7088
- C:\Windows\System\yOmYjLw.exe
  C:\Windows\System\yOmYjLw.exe
  2⤵
  PID:7128
- C:\Windows\System\VGWAhcM.exe
  C:\Windows\System\VGWAhcM.exe
  2⤵
  PID:7140
- C:\Windows\System\jEFnQdl.exe
  C:\Windows\System\jEFnQdl.exe
  2⤵
  PID:5828
- C:\Windows\System\MZYhvXk.exe
  C:\Windows\System\MZYhvXk.exe
  2⤵
  PID:2928
- C:\Windows\System\uOEaziu.exe
  C:\Windows\System\uOEaziu.exe
  2⤵
  PID:6136
- C:\Windows\System\YvASLxJ.exe
  C:\Windows\System\YvASLxJ.exe
  2⤵
  PID:2396
- C:\Windows\System\rPRySuu.exe
  C:\Windows\System\rPRySuu.exe
  2⤵
  PID:4976
- C:\Windows\System\WOSqDkI.exe
  C:\Windows\System\WOSqDkI.exe
  2⤵
  PID:2460
- C:\Windows\System\cxRJgEK.exe
  C:\Windows\System\cxRJgEK.exe
  2⤵
  PID:2308
- C:\Windows\System\MDMkULz.exe
  C:\Windows\System\MDMkULz.exe
  2⤵
  PID:6232
- C:\Windows\System\iWHaFBA.exe
  C:\Windows\System\iWHaFBA.exe
  2⤵
  PID:6176
- C:\Windows\System\UXCYJCn.exe
  C:\Windows\System\UXCYJCn.exe
  2⤵
  PID:6260
- C:\Windows\System\cUoowMu.exe
  C:\Windows\System\cUoowMu.exe
  2⤵
  PID:6316
- C:\Windows\System\oYYYjCG.exe
  C:\Windows\System\oYYYjCG.exe
  2⤵
  PID:5488
- C:\Windows\System\sPbdxrF.exe
  C:\Windows\System\sPbdxrF.exe
  2⤵
  PID:6480
- C:\Windows\System\RyXhYbe.exe
  C:\Windows\System\RyXhYbe.exe
  2⤵
  PID:6436
- C:\Windows\System\aBCUhVD.exe
  C:\Windows\System\aBCUhVD.exe
  2⤵
  PID:3032
- C:\Windows\System\cGEAGdT.exe
  C:\Windows\System\cGEAGdT.exe
  2⤵
  PID:6632
- C:\Windows\System\BYpWtUe.exe
  C:\Windows\System\BYpWtUe.exe
  2⤵
  PID:6312
- C:\Windows\System\lmJLSVt.exe
  C:\Windows\System\lmJLSVt.exe
  2⤵
  PID:6296
- C:\Windows\System\ozwsnyA.exe
  C:\Windows\System\ozwsnyA.exe
  2⤵
  PID:6616
- C:\Windows\System\fmUSbLA.exe
  C:\Windows\System\fmUSbLA.exe
  2⤵
  PID:6556
- C:\Windows\System\mweGkUu.exe
  C:\Windows\System\mweGkUu.exe
  2⤵
  PID:6596
- C:\Windows\System\KEMmBOw.exe
  C:\Windows\System\KEMmBOw.exe
  2⤵
  PID:2904
- C:\Windows\System\GVmQWZC.exe
  C:\Windows\System\GVmQWZC.exe
  2⤵
  PID:2876
- C:\Windows\System\MASbUbB.exe
  C:\Windows\System\MASbUbB.exe
  2⤵
  PID:6920
- C:\Windows\System\pienTsO.exe
  C:\Windows\System\pienTsO.exe
  2⤵
  PID:2208
- C:\Windows\System\KSDVCzY.exe
  C:\Windows\System\KSDVCzY.exe
  2⤵
  PID:6944
- C:\Windows\System\pYlrCYG.exe
  C:\Windows\System\pYlrCYG.exe
  2⤵
  PID:6960
- C:\Windows\System\IIPIzEL.exe
  C:\Windows\System\IIPIzEL.exe
  2⤵
  PID:7040
- C:\Windows\System\OkYBwKA.exe
  C:\Windows\System\OkYBwKA.exe
  2⤵
  PID:7076
- C:\Windows\System\xgEyani.exe
  C:\Windows\System\xgEyani.exe
  2⤵
  PID:5920
- C:\Windows\System\NLMsEYN.exe
  C:\Windows\System\NLMsEYN.exe
  2⤵
  PID:6916
- C:\Windows\System\sfRBFWA.exe
  C:\Windows\System\sfRBFWA.exe
  2⤵
  PID:5732
- C:\Windows\System\baFUlko.exe
  C:\Windows\System\baFUlko.exe
  2⤵
  PID:2428
- C:\Windows\System\OBgafsC.exe
  C:\Windows\System\OBgafsC.exe
  2⤵
  PID:6416
- C:\Windows\System\BOCOBTA.exe
  C:\Windows\System\BOCOBTA.exe
  2⤵
  PID:1088
- C:\Windows\System\zBATgOr.exe
  C:\Windows\System\zBATgOr.exe
  2⤵
  PID:5252
- C:\Windows\System\bobEHCi.exe
  C:\Windows\System\bobEHCi.exe
  2⤵
  PID:1764
- C:\Windows\System\YRVHbyN.exe
  C:\Windows\System\YRVHbyN.exe
  2⤵
  PID:1240
- C:\Windows\System\FDZQXef.exe
  C:\Windows\System\FDZQXef.exe
  2⤵
  PID:6776
- C:\Windows\System\smbdhil.exe
  C:\Windows\System\smbdhil.exe
  2⤵
  PID:6516
- C:\Windows\System\WeSCEfp.exe
  C:\Windows\System\WeSCEfp.exe
  2⤵
  PID:6860
- C:\Windows\System\rSKObCP.exe
  C:\Windows\System\rSKObCP.exe
  2⤵
  PID:6716
- C:\Windows\System\NCwGqdx.exe
  C:\Windows\System\NCwGqdx.exe
  2⤵
  PID:6400
- C:\Windows\System\gObjTdy.exe
  C:\Windows\System\gObjTdy.exe
  2⤵
  PID:6472
- C:\Windows\System\WdrNbHw.exe
  C:\Windows\System\WdrNbHw.exe
  2⤵
  PID:6560
- C:\Windows\System\uPboqZc.exe
  C:\Windows\System\uPboqZc.exe
  2⤵
  PID:6964
- C:\Windows\System\oOZlGFh.exe
  C:\Windows\System\oOZlGFh.exe
  2⤵
  PID:7004
- C:\Windows\System\QQrvnMd.exe
  C:\Windows\System\QQrvnMd.exe
  2⤵
  PID:5628
- C:\Windows\System\RGZzNSY.exe
  C:\Windows\System\RGZzNSY.exe
  2⤵
  PID:6500
- C:\Windows\System\BNXfCFA.exe
  C:\Windows\System\BNXfCFA.exe
  2⤵
  PID:6816
- C:\Windows\System\HSslUZF.exe
  C:\Windows\System\HSslUZF.exe
  2⤵
  PID:2828
- C:\Windows\System\JCdlnGE.exe
  C:\Windows\System\JCdlnGE.exe
  2⤵
  PID:6196
- C:\Windows\System\RoOAtGH.exe
  C:\Windows\System\RoOAtGH.exe
  2⤵
  PID:6300
- C:\Windows\System\avnvJjI.exe
  C:\Windows\System\avnvJjI.exe
  2⤵
  PID:6256
- C:\Windows\System\VIfBLHy.exe
  C:\Windows\System\VIfBLHy.exe
  2⤵
  PID:6496
- C:\Windows\System\ewoGYDL.exe
  C:\Windows\System\ewoGYDL.exe
  2⤵
  PID:6900
- C:\Windows\System\BoDqfVX.exe
  C:\Windows\System\BoDqfVX.exe
  2⤵
  PID:7108
- C:\Windows\System\pCGukHm.exe
  C:\Windows\System\pCGukHm.exe
  2⤵
  PID:7172
- C:\Windows\System\hPPqMhx.exe
  C:\Windows\System\hPPqMhx.exe
  2⤵
  PID:7188
- C:\Windows\System\TeKHqzN.exe
  C:\Windows\System\TeKHqzN.exe
  2⤵
  PID:7212
- C:\Windows\System\vehvxqc.exe
  C:\Windows\System\vehvxqc.exe
  2⤵
  PID:7232
- C:\Windows\System\zSXolNI.exe
  C:\Windows\System\zSXolNI.exe
  2⤵
  PID:7248
- C:\Windows\System\uaaIxRA.exe
  C:\Windows\System\uaaIxRA.exe
  2⤵
  PID:7264
- C:\Windows\System\UprRzkM.exe
  C:\Windows\System\UprRzkM.exe
  2⤵
  PID:7280
- C:\Windows\System\oChzMEI.exe
  C:\Windows\System\oChzMEI.exe
  2⤵
  PID:7296
- C:\Windows\System\uENPIQL.exe
  C:\Windows\System\uENPIQL.exe
  2⤵
  PID:7312
- C:\Windows\System\sngmupO.exe
  C:\Windows\System\sngmupO.exe
  2⤵
  PID:7332
- C:\Windows\System\jfNuCKG.exe
  C:\Windows\System\jfNuCKG.exe
  2⤵
  PID:7348
- C:\Windows\System\dXgpiab.exe
  C:\Windows\System\dXgpiab.exe
  2⤵
  PID:7364
- C:\Windows\System\YsycDzd.exe
  C:\Windows\System\YsycDzd.exe
  2⤵
  PID:7380
- C:\Windows\System\lljwTyr.exe
  C:\Windows\System\lljwTyr.exe
  2⤵
  PID:7396
- C:\Windows\System\veGoSRS.exe
  C:\Windows\System\veGoSRS.exe
  2⤵
  PID:7412
- C:\Windows\System\KnQmLmK.exe
  C:\Windows\System\KnQmLmK.exe
  2⤵
  PID:7428
- C:\Windows\System\eYubHUu.exe
  C:\Windows\System\eYubHUu.exe
  2⤵
  PID:7448
- C:\Windows\System\rfYOMwt.exe
  C:\Windows\System\rfYOMwt.exe
  2⤵
  PID:7476
- C:\Windows\System\xPNksxi.exe
  C:\Windows\System\xPNksxi.exe
  2⤵
  PID:7496
- C:\Windows\System\UjxgCrk.exe
  C:\Windows\System\UjxgCrk.exe
  2⤵
  PID:7516
- C:\Windows\System\fWRqQLh.exe
  C:\Windows\System\fWRqQLh.exe
  2⤵
  PID:7544
- C:\Windows\System\VMYJqpi.exe
  C:\Windows\System\VMYJqpi.exe
  2⤵
  PID:7560
- C:\Windows\System\LRcYAEG.exe
  C:\Windows\System\LRcYAEG.exe
  2⤵
  PID:7576
- C:\Windows\System\uITnlow.exe
  C:\Windows\System\uITnlow.exe
  2⤵
  PID:7668
- C:\Windows\System\btpfPBb.exe
  C:\Windows\System\btpfPBb.exe
  2⤵
  PID:7696
- C:\Windows\System\TIstafI.exe
  C:\Windows\System\TIstafI.exe
  2⤵
  PID:7716
- C:\Windows\System\rUQfatI.exe
  C:\Windows\System\rUQfatI.exe
  2⤵
  PID:7752
- C:\Windows\System\cIMAZOH.exe
  C:\Windows\System\cIMAZOH.exe
  2⤵
  PID:7772
- C:\Windows\System\HkqAOtI.exe
  C:\Windows\System\HkqAOtI.exe
  2⤵
  PID:7792
- C:\Windows\System\AswGOtS.exe
  C:\Windows\System\AswGOtS.exe
  2⤵
  PID:7808
- C:\Windows\System\OezlmDn.exe
  C:\Windows\System\OezlmDn.exe
  2⤵
  PID:7832
- C:\Windows\System\fuNWUYC.exe
  C:\Windows\System\fuNWUYC.exe
  2⤵
  PID:7852
- C:\Windows\System\iUfTBRo.exe
  C:\Windows\System\iUfTBRo.exe
  2⤵
  PID:7872
- C:\Windows\System\JzuLAim.exe
  C:\Windows\System\JzuLAim.exe
  2⤵
  PID:7892
- C:\Windows\System\wxbETkm.exe
  C:\Windows\System\wxbETkm.exe
  2⤵
  PID:7912
- C:\Windows\System\RHUFpEt.exe
  C:\Windows\System\RHUFpEt.exe
  2⤵
  PID:7936
- C:\Windows\System\jLOUPNI.exe
  C:\Windows\System\jLOUPNI.exe
  2⤵
  PID:7956
- C:\Windows\System\NXSVHPg.exe
  C:\Windows\System\NXSVHPg.exe
  2⤵
  PID:7972
- C:\Windows\System\BBixGVU.exe
  C:\Windows\System\BBixGVU.exe
  2⤵
  PID:7988
- C:\Windows\System\uFkHXWn.exe
  C:\Windows\System\uFkHXWn.exe
  2⤵
  PID:8004
- C:\Windows\System\VfNavJS.exe
  C:\Windows\System\VfNavJS.exe
  2⤵
  PID:8028
- C:\Windows\System\mzwmHXG.exe
  C:\Windows\System\mzwmHXG.exe
  2⤵
  PID:8056
- C:\Windows\System\BwePWfC.exe
  C:\Windows\System\BwePWfC.exe
  2⤵
  PID:8080
- C:\Windows\System\EXCaaqF.exe
  C:\Windows\System\EXCaaqF.exe
  2⤵
  PID:8096
- C:\Windows\System\vdYTGwL.exe
  C:\Windows\System\vdYTGwL.exe
  2⤵
  PID:8120
- C:\Windows\System\kekKyTR.exe
  C:\Windows\System\kekKyTR.exe
  2⤵
  PID:8144
- C:\Windows\System\zOUyUic.exe
  C:\Windows\System\zOUyUic.exe
  2⤵
  PID:8168
- C:\Windows\System\xJUuuFW.exe
  C:\Windows\System\xJUuuFW.exe
  2⤵
  PID:8184
- C:\Windows\System\BHcuGqx.exe
  C:\Windows\System\BHcuGqx.exe
  2⤵
  PID:1028
- C:\Windows\System\RjQGfjF.exe
  C:\Windows\System\RjQGfjF.exe
  2⤵
  PID:7024
- C:\Windows\System\BDIKFna.exe
  C:\Windows\System\BDIKFna.exe
  2⤵
  PID:7204
- C:\Windows\System\GSPRZdf.exe
  C:\Windows\System\GSPRZdf.exe
  2⤵
  PID:7276
- C:\Windows\System\rLnUCxh.exe
  C:\Windows\System\rLnUCxh.exe
  2⤵
  PID:7344
- C:\Windows\System\OhpIovW.exe
  C:\Windows\System\OhpIovW.exe
  2⤵
  PID:7436
- C:\Windows\System\ViYKcOp.exe
  C:\Windows\System\ViYKcOp.exe
  2⤵
  PID:7528
- C:\Windows\System\LjfJXdi.exe
  C:\Windows\System\LjfJXdi.exe
  2⤵
  PID:1112
- C:\Windows\System\tPLCuBb.exe
  C:\Windows\System\tPLCuBb.exe
  2⤵
  PID:2392
- C:\Windows\System\YeJyTOo.exe
  C:\Windows\System\YeJyTOo.exe
  2⤵
  PID:2988
- C:\Windows\System\PEOGyUX.exe
  C:\Windows\System\PEOGyUX.exe
  2⤵
  PID:6320
- C:\Windows\System\iPQBAAC.exe
  C:\Windows\System\iPQBAAC.exe
  2⤵
  PID:7120
- C:\Windows\System\xkkLnZF.exe
  C:\Windows\System\xkkLnZF.exe
  2⤵
  PID:7604
- C:\Windows\System\YyRuOjM.exe
  C:\Windows\System\YyRuOjM.exe
  2⤵
  PID:6832
- C:\Windows\System\ISHkKkI.exe
  C:\Windows\System\ISHkKkI.exe
  2⤵
  PID:7220
- C:\Windows\System\edTBcSa.exe
  C:\Windows\System\edTBcSa.exe
  2⤵
  PID:7260
- C:\Windows\System\QtohYfd.exe
  C:\Windows\System\QtohYfd.exe
  2⤵
  PID:7624
- C:\Windows\System\HjTIExu.exe
  C:\Windows\System\HjTIExu.exe
  2⤵
  PID:7356
- C:\Windows\System\XxpdAZk.exe
  C:\Windows\System\XxpdAZk.exe
  2⤵
  PID:7464
- C:\Windows\System\NGPgDph.exe
  C:\Windows\System\NGPgDph.exe
  2⤵
  PID:7640
- C:\Windows\System\AsmOmfp.exe
  C:\Windows\System\AsmOmfp.exe
  2⤵
  PID:7584
- C:\Windows\System\KezmImq.exe
  C:\Windows\System\KezmImq.exe
  2⤵
  PID:7656
- C:\Windows\System\OxNVqTB.exe
  C:\Windows\System\OxNVqTB.exe
  2⤵
  PID:7724
- C:\Windows\System\wfrIrVP.exe
  C:\Windows\System\wfrIrVP.exe
  2⤵
  PID:7736
- C:\Windows\System\cJbLWEU.exe
  C:\Windows\System\cJbLWEU.exe
  2⤵
  PID:7816
- C:\Windows\System\TAWawVi.exe
  C:\Windows\System\TAWawVi.exe
  2⤵
  PID:7768
- C:\Windows\System\UVDacPj.exe
  C:\Windows\System\UVDacPj.exe
  2⤵
  PID:7900
- C:\Windows\System\rozfbtQ.exe
  C:\Windows\System\rozfbtQ.exe
  2⤵
  PID:7800
- C:\Windows\System\AaUWXIH.exe
  C:\Windows\System\AaUWXIH.exe
  2⤵
  PID:7920
- C:\Windows\System\CKfiwzi.exe
  C:\Windows\System\CKfiwzi.exe
  2⤵
  PID:8044
- C:\Windows\System\yWiOWDk.exe
  C:\Windows\System\yWiOWDk.exe
  2⤵
  PID:8068
- C:\Windows\System\zeEeRwV.exe
  C:\Windows\System\zeEeRwV.exe
  2⤵
  PID:8072
- C:\Windows\System\sDFgiSI.exe
  C:\Windows\System\sDFgiSI.exe
  2⤵
  PID:8112
- C:\Windows\System\EdPYIAc.exe
  C:\Windows\System\EdPYIAc.exe
  2⤵
  PID:8128
- C:\Windows\System\vOhBsWS.exe
  C:\Windows\System\vOhBsWS.exe
  2⤵
  PID:8156
- C:\Windows\System\wwnZdNN.exe
  C:\Windows\System\wwnZdNN.exe
  2⤵
  PID:7036
- C:\Windows\System\CRrbsoY.exe
  C:\Windows\System\CRrbsoY.exe
  2⤵
  PID:7340
- C:\Windows\System\IXqZxUn.exe
  C:\Windows\System\IXqZxUn.exe
  2⤵
  PID:6892
- C:\Windows\System\BCdCHWE.exe
  C:\Windows\System\BCdCHWE.exe
  2⤵
  PID:8140
- C:\Windows\System\ZHQjQly.exe
  C:\Windows\System\ZHQjQly.exe
  2⤵
  PID:7272
- C:\Windows\System\gaSROgA.exe
  C:\Windows\System\gaSROgA.exe
  2⤵
  PID:7572
- C:\Windows\System\nYyFWEB.exe
  C:\Windows\System\nYyFWEB.exe
  2⤵
  PID:7660
- C:\Windows\System\AxzQacG.exe
  C:\Windows\System\AxzQacG.exe
  2⤵
  PID:7600
- C:\Windows\System\KpqQqUX.exe
  C:\Windows\System\KpqQqUX.exe
  2⤵
  PID:7292
- C:\Windows\System\aPOfKul.exe
  C:\Windows\System\aPOfKul.exe
  2⤵
  PID:1080
- C:\Windows\System\staijhR.exe
  C:\Windows\System\staijhR.exe
  2⤵
  PID:7388
- C:\Windows\System\AZkRZiL.exe
  C:\Windows\System\AZkRZiL.exe
  2⤵
  PID:7636
- C:\Windows\System\rmepJeH.exe
  C:\Windows\System\rmepJeH.exe
  2⤵
  PID:7504
- C:\Windows\System\tQrcuCH.exe
  C:\Windows\System\tQrcuCH.exe
  2⤵
  PID:7680
- C:\Windows\System\nZWPWVr.exe
  C:\Windows\System\nZWPWVr.exe
  2⤵
  PID:7864
- C:\Windows\System\lZpBzlJ.exe
  C:\Windows\System\lZpBzlJ.exe
  2⤵
  PID:7888
- C:\Windows\System\nMATjMh.exe
  C:\Windows\System\nMATjMh.exe
  2⤵
  PID:7744
- C:\Windows\System\eJPKLvw.exe
  C:\Windows\System\eJPKLvw.exe
  2⤵
  PID:7840
- C:\Windows\System\JQpcXmu.exe
  C:\Windows\System\JQpcXmu.exe
  2⤵
  PID:7592
- C:\Windows\System\lcIwMkn.exe
  C:\Windows\System\lcIwMkn.exe
  2⤵
  PID:7928
- C:\Windows\System\GYlWYBX.exe
  C:\Windows\System\GYlWYBX.exe
  2⤵
  PID:7200
- C:\Windows\System\tinRVFt.exe
  C:\Windows\System\tinRVFt.exe
  2⤵
  PID:2220
- C:\Windows\System\EkICasF.exe
  C:\Windows\System\EkICasF.exe
  2⤵
  PID:6652
- C:\Windows\System\MueboWF.exe
  C:\Windows\System\MueboWF.exe
  2⤵
  PID:6736
- C:\Windows\System\sWxXOBz.exe
  C:\Windows\System\sWxXOBz.exe
  2⤵
  PID:6360
- C:\Windows\System\QcJsXXd.exe
  C:\Windows\System\QcJsXXd.exe
  2⤵
  PID:7536
- C:\Windows\System\zVMDtUO.exe
  C:\Windows\System\zVMDtUO.exe
  2⤵
  PID:2000
- C:\Windows\System\WGyhRKx.exe
  C:\Windows\System\WGyhRKx.exe
  2⤵
  PID:6072
- C:\Windows\System\twGicAv.exe
  C:\Windows\System\twGicAv.exe
  2⤵
  PID:7420
- C:\Windows\System\vCmoftW.exe
  C:\Windows\System\vCmoftW.exe
  2⤵
  PID:7472
- C:\Windows\System\inSWdjE.exe
  C:\Windows\System\inSWdjE.exe
  2⤵
  PID:7552
- C:\Windows\System\MPjNnKv.exe
  C:\Windows\System\MPjNnKv.exe
  2⤵
  PID:7952
- C:\Windows\System\RzfPVFP.exe
  C:\Windows\System\RzfPVFP.exe
  2⤵
  PID:7588
- C:\Windows\System\lVxpBry.exe
  C:\Windows\System\lVxpBry.exe
  2⤵
  PID:8076
- C:\Windows\System\VFeMjDn.exe
  C:\Windows\System\VFeMjDn.exe
  2⤵
  PID:8012
- C:\Windows\System\pFZYSPs.exe
  C:\Windows\System\pFZYSPs.exe
  2⤵
  PID:7408
- C:\Windows\System\efTYwEg.exe
  C:\Windows\System\efTYwEg.exe
  2⤵
  PID:7468
- C:\Windows\System\oKUgEox.exe
  C:\Windows\System\oKUgEox.exe
  2⤵
  PID:4656
- C:\Windows\System\DBMXuhn.exe
  C:\Windows\System\DBMXuhn.exe
  2⤵
  PID:7760
- C:\Windows\System\nxCPdsf.exe
  C:\Windows\System\nxCPdsf.exe
  2⤵
  PID:7324
- C:\Windows\System\qKPkNGb.exe
  C:\Windows\System\qKPkNGb.exe
  2⤵
  PID:7392
- C:\Windows\System\QFwvhcq.exe
  C:\Windows\System\QFwvhcq.exe
  2⤵
  PID:7828
- C:\Windows\System\eawhquQ.exe
  C:\Windows\System\eawhquQ.exe
  2⤵
  PID:8048
- C:\Windows\System\eenJuRQ.exe
  C:\Windows\System\eenJuRQ.exe
  2⤵
  PID:7240
- C:\Windows\System\pkGQIgF.exe
  C:\Windows\System\pkGQIgF.exe
  2⤵
  PID:7824
- C:\Windows\System\LVGXGCa.exe
  C:\Windows\System\LVGXGCa.exe
  2⤵
  PID:7712
- C:\Windows\System\xzrOTvj.exe
  C:\Windows\System\xzrOTvj.exe
  2⤵
  PID:7620
- C:\Windows\System\yynwJsV.exe
  C:\Windows\System\yynwJsV.exe
  2⤵
  PID:8136
- C:\Windows\System\zDGLKHU.exe
  C:\Windows\System\zDGLKHU.exe
  2⤵
  PID:7404
- C:\Windows\System\KFRsfyn.exe
  C:\Windows\System\KFRsfyn.exe
  2⤵
  PID:2908
- C:\Windows\System\lPAOFaz.exe
  C:\Windows\System\lPAOFaz.exe
  2⤵
  PID:7016
- C:\Windows\System\pfXvblq.exe
  C:\Windows\System\pfXvblq.exe
  2⤵
  PID:7908
- C:\Windows\System\NTohbLm.exe
  C:\Windows\System\NTohbLm.exe
  2⤵
  PID:7848
- C:\Windows\System\hSZZnQY.exe
  C:\Windows\System\hSZZnQY.exe
  2⤵
  PID:7884
- C:\Windows\System\lZExvLE.exe
  C:\Windows\System\lZExvLE.exe
  2⤵
  PID:7984
- C:\Windows\System\entaied.exe
  C:\Windows\System\entaied.exe
  2⤵
  PID:8224
- C:\Windows\System\phnyjID.exe
  C:\Windows\System\phnyjID.exe
  2⤵
  PID:8240
- C:\Windows\System\ZyEcTZt.exe
  C:\Windows\System\ZyEcTZt.exe
  2⤵
  PID:8268
- C:\Windows\System\rHzqeaY.exe
  C:\Windows\System\rHzqeaY.exe
  2⤵
  PID:8288
- C:\Windows\System\lmyrffh.exe
  C:\Windows\System\lmyrffh.exe
  2⤵
  PID:8308
- C:\Windows\System\eEGyuYB.exe
  C:\Windows\System\eEGyuYB.exe
  2⤵
  PID:8324
- C:\Windows\System\iOiLPro.exe
  C:\Windows\System\iOiLPro.exe
  2⤵
  PID:8340
- C:\Windows\System\uXlyPOJ.exe
  C:\Windows\System\uXlyPOJ.exe
  2⤵
  PID:8356
- C:\Windows\System\qngKvQk.exe
  C:\Windows\System\qngKvQk.exe
  2⤵
  PID:8388
- C:\Windows\System\DTSQqLx.exe
  C:\Windows\System\DTSQqLx.exe
  2⤵
  PID:8404
- C:\Windows\System\fHasHOE.exe
  C:\Windows\System\fHasHOE.exe
  2⤵
  PID:8420
- C:\Windows\System\GIuTKJf.exe
  C:\Windows\System\GIuTKJf.exe
  2⤵
  PID:8436
- C:\Windows\System\ArCLROE.exe
  C:\Windows\System\ArCLROE.exe
  2⤵
  PID:8452
- C:\Windows\System\uhTErTN.exe
  C:\Windows\System\uhTErTN.exe
  2⤵
  PID:8472
- C:\Windows\System\RnfSTHT.exe
  C:\Windows\System\RnfSTHT.exe
  2⤵
  PID:8504
- C:\Windows\System\QWrWhHK.exe
  C:\Windows\System\QWrWhHK.exe
  2⤵
  PID:8520
- C:\Windows\System\GWoZQkY.exe
  C:\Windows\System\GWoZQkY.exe
  2⤵
  PID:8536
- C:\Windows\System\EjpyKdK.exe
  C:\Windows\System\EjpyKdK.exe
  2⤵
  PID:8552
- C:\Windows\System\rOqZtLz.exe
  C:\Windows\System\rOqZtLz.exe
  2⤵
  PID:8568
- C:\Windows\System\RMlYiLP.exe
  C:\Windows\System\RMlYiLP.exe
  2⤵
  PID:8588
- C:\Windows\System\qlXPJxj.exe
  C:\Windows\System\qlXPJxj.exe
  2⤵
  PID:8620
- C:\Windows\System\wmmANwZ.exe
  C:\Windows\System\wmmANwZ.exe
  2⤵
  PID:8640
- C:\Windows\System\DlbCZHI.exe
  C:\Windows\System\DlbCZHI.exe
  2⤵
  PID:8656
- C:\Windows\System\WqpjXdI.exe
  C:\Windows\System\WqpjXdI.exe
  2⤵
  PID:8680
- C:\Windows\System\wYLOrHC.exe
  C:\Windows\System\wYLOrHC.exe
  2⤵
  PID:8700
- C:\Windows\System\tVRAfwY.exe
  C:\Windows\System\tVRAfwY.exe
  2⤵
  PID:8720
- C:\Windows\System\jyHIMic.exe
  C:\Windows\System\jyHIMic.exe
  2⤵
  PID:8744
- C:\Windows\System\cuotdvO.exe
  C:\Windows\System\cuotdvO.exe
  2⤵
  PID:8780
- C:\Windows\System\lsCxzlN.exe
  C:\Windows\System\lsCxzlN.exe
  2⤵
  PID:8796
- C:\Windows\System\QZmgZWH.exe
  C:\Windows\System\QZmgZWH.exe
  2⤵
  PID:8836
- C:\Windows\System\neFbIQG.exe
  C:\Windows\System\neFbIQG.exe
  2⤵
  PID:8856
- C:\Windows\System\EfuFTqd.exe
  C:\Windows\System\EfuFTqd.exe
  2⤵
  PID:8876
- C:\Windows\System\VwcUKtR.exe
  C:\Windows\System\VwcUKtR.exe
  2⤵
  PID:8892
- C:\Windows\System\cKyNwiH.exe
  C:\Windows\System\cKyNwiH.exe
  2⤵
  PID:8912
- C:\Windows\System\aaxoZqs.exe
  C:\Windows\System\aaxoZqs.exe
  2⤵
  PID:8932
- C:\Windows\System\JdoObzd.exe
  C:\Windows\System\JdoObzd.exe
  2⤵
  PID:8948
- C:\Windows\System\YnpnzUt.exe
  C:\Windows\System\YnpnzUt.exe
  2⤵
  PID:8968
- C:\Windows\System\falKBEV.exe
  C:\Windows\System\falKBEV.exe
  2⤵
  PID:8988
- C:\Windows\System\VqtUhLS.exe
  C:\Windows\System\VqtUhLS.exe
  2⤵
  PID:9012
- C:\Windows\System\NNfmunt.exe
  C:\Windows\System\NNfmunt.exe
  2⤵
  PID:9036
- C:\Windows\System\NClQAiQ.exe
  C:\Windows\System\NClQAiQ.exe
  2⤵
  PID:9080
- C:\Windows\System\gyYrXwv.exe
  C:\Windows\System\gyYrXwv.exe
  2⤵
  PID:9100
- C:\Windows\System\ELGyxys.exe
  C:\Windows\System\ELGyxys.exe
  2⤵
  PID:9116
- C:\Windows\System\TXIvxHW.exe
  C:\Windows\System\TXIvxHW.exe
  2⤵
  PID:9136
- C:\Windows\System\VBqvOzq.exe
  C:\Windows\System\VBqvOzq.exe
  2⤵
  PID:9156
- C:\Windows\System\gXCrtRf.exe
  C:\Windows\System\gXCrtRf.exe
  2⤵
  PID:9172
- C:\Windows\System\HCOkQeS.exe
  C:\Windows\System\HCOkQeS.exe
  2⤵
  PID:9188
- C:\Windows\System\vznIRon.exe
  C:\Windows\System\vznIRon.exe
  2⤵
  PID:8200
- C:\Windows\System\tVoswFD.exe
  C:\Windows\System\tVoswFD.exe
  2⤵
  PID:8216
- C:\Windows\System\drmFHqz.exe
  C:\Windows\System\drmFHqz.exe
  2⤵
  PID:8252
- C:\Windows\System\WpTcuAE.exe
  C:\Windows\System\WpTcuAE.exe
  2⤵
  PID:8276
- C:\Windows\System\BvvWkcv.exe
  C:\Windows\System\BvvWkcv.exe
  2⤵
  PID:8304
- C:\Windows\System\TXvQbZT.exe
  C:\Windows\System\TXvQbZT.exe
  2⤵
  PID:8352
- C:\Windows\System\VHjnUfx.exe
  C:\Windows\System\VHjnUfx.exe
  2⤵
  PID:6272
- C:\Windows\System\JqhiSUz.exe
  C:\Windows\System\JqhiSUz.exe
  2⤵
  PID:8396
- C:\Windows\System\GuAAmOo.exe
  C:\Windows\System\GuAAmOo.exe
  2⤵
  PID:8492
- C:\Windows\System\qDoPPNx.exe
  C:\Windows\System\qDoPPNx.exe
  2⤵
  PID:8528
- C:\Windows\System\JJNVeZK.exe
  C:\Windows\System\JJNVeZK.exe
  2⤵
  PID:8432
- C:\Windows\System\WOdKPCN.exe
  C:\Windows\System\WOdKPCN.exe
  2⤵
  PID:8604
- C:\Windows\System\QuuEsBL.exe
  C:\Windows\System\QuuEsBL.exe
  2⤵
  PID:8652
- C:\Windows\System\nhGfReV.exe
  C:\Windows\System\nhGfReV.exe
  2⤵
  PID:8516
- C:\Windows\System\wOfxFyj.exe
  C:\Windows\System\wOfxFyj.exe
  2⤵
  PID:8576
- C:\Windows\System\BZMVhby.exe
  C:\Windows\System\BZMVhby.exe
  2⤵
  PID:8708
- C:\Windows\System\vgTBgpu.exe
  C:\Windows\System\vgTBgpu.exe
  2⤵
  PID:8728
- C:\Windows\System\SMpzfez.exe
  C:\Windows\System\SMpzfez.exe
  2⤵
  PID:8756
- C:\Windows\System\rMkQXRY.exe
  C:\Windows\System\rMkQXRY.exe
  2⤵
  PID:8788
- C:\Windows\System\AagHmrQ.exe
  C:\Windows\System\AagHmrQ.exe
  2⤵
  PID:8960
- C:\Windows\System\byzTTxx.exe
  C:\Windows\System\byzTTxx.exe
  2⤵
  PID:8864
- C:\Windows\System\jsaVCbM.exe
  C:\Windows\System\jsaVCbM.exe
  2⤵
  PID:9004
- C:\Windows\System\bCbyrsR.exe
  C:\Windows\System\bCbyrsR.exe
  2⤵
  PID:8832
- C:\Windows\System\jmLQWeP.exe
  C:\Windows\System\jmLQWeP.exe
  2⤵
  PID:8940
- C:\Windows\System\RTKkmRh.exe
  C:\Windows\System\RTKkmRh.exe
  2⤵
  PID:9020
- C:\Windows\System\gbdnTzR.exe
  C:\Windows\System\gbdnTzR.exe
  2⤵
  PID:8956
- C:\Windows\System\iyOlIoU.exe
  C:\Windows\System\iyOlIoU.exe
  2⤵
  PID:9056
- C:\Windows\System\xdhlGJc.exe
  C:\Windows\System\xdhlGJc.exe
  2⤵
  PID:8904
- C:\Windows\System\UGZmMGZ.exe
  C:\Windows\System\UGZmMGZ.exe
  2⤵
  PID:9092
- C:\Windows\System\iSERPKu.exe
  C:\Windows\System\iSERPKu.exe
  2⤵
  PID:9152
- C:\Windows\System\YaeFmaY.exe
  C:\Windows\System\YaeFmaY.exe
  2⤵
  PID:9168
- C:\Windows\System\VqxZtgt.exe
  C:\Windows\System\VqxZtgt.exe
  2⤵
  PID:9196
- C:\Windows\System\TATXvHg.exe
  C:\Windows\System\TATXvHg.exe
  2⤵
  PID:9204
- C:\Windows\System\rhgffRi.exe
  C:\Windows\System\rhgffRi.exe
  2⤵
  PID:8372
- C:\Windows\System\OaFmLBn.exe
  C:\Windows\System\OaFmLBn.exe
  2⤵
  PID:8368
- C:\Windows\System\Ffovtel.exe
  C:\Windows\System\Ffovtel.exe
  2⤵
  PID:8232
- C:\Windows\System\NXFIXts.exe
  C:\Windows\System\NXFIXts.exe
  2⤵
  PID:8416
- C:\Windows\System\DyJnoSF.exe
  C:\Windows\System\DyJnoSF.exe
  2⤵
  PID:8484
- C:\Windows\System\QkxEpsT.exe
  C:\Windows\System\QkxEpsT.exe
  2⤵
  PID:8696
- C:\Windows\System\tehbZOX.exe
  C:\Windows\System\tehbZOX.exe
  2⤵
  PID:8564
- C:\Windows\System\fKOXISC.exe
  C:\Windows\System\fKOXISC.exe
  2⤵
  PID:8668
- C:\Windows\System\tGuryun.exe
  C:\Windows\System\tGuryun.exe
  2⤵
  PID:8716
- C:\Windows\System\bgjuICF.exe
  C:\Windows\System\bgjuICF.exe
  2⤵
  PID:8580
- C:\Windows\System\yeVKkrI.exe
  C:\Windows\System\yeVKkrI.exe
  2⤵
  PID:8844
- C:\Windows\System\LdAchYZ.exe
  C:\Windows\System\LdAchYZ.exe
  2⤵
  PID:8908
- C:\Windows\System\pppkZai.exe
  C:\Windows\System\pppkZai.exe
  2⤵
  PID:8764
- C:\Windows\System\suoXSwT.exe
  C:\Windows\System\suoXSwT.exe
  2⤵
  PID:8868
- C:\Windows\System\qXwqJDh.exe
  C:\Windows\System\qXwqJDh.exe
  2⤵
  PID:8976
- C:\Windows\System\yabdtpp.exe
  C:\Windows\System\yabdtpp.exe
  2⤵
  PID:8808
- C:\Windows\System\EkSMDuC.exe
  C:\Windows\System\EkSMDuC.exe
  2⤵
  PID:9072
- C:\Windows\System\TcviYnu.exe
  C:\Windows\System\TcviYnu.exe
  2⤵
  PID:8212
- C:\Windows\System\RHowqzH.exe
  C:\Windows\System\RHowqzH.exe
  2⤵
  PID:8336
- C:\Windows\System\brhPuln.exe
  C:\Windows\System\brhPuln.exe
  2⤵
  PID:9208
- C:\Windows\System\qasOGRr.exe
  C:\Windows\System\qasOGRr.exe
  2⤵
  PID:8500
- C:\Windows\System\OLsiCds.exe
  C:\Windows\System\OLsiCds.exe
  2⤵
  PID:8676
- C:\Windows\System\GTwjkVQ.exe
  C:\Windows\System\GTwjkVQ.exe
  2⤵
  PID:8280
- C:\Windows\System\CDHDzQS.exe
  C:\Windows\System\CDHDzQS.exe
  2⤵
  PID:8772
- C:\Windows\System\TglbZAX.exe
  C:\Windows\System\TglbZAX.exe
  2⤵
  PID:8648
- C:\Windows\System\XympiTw.exe
  C:\Windows\System\XympiTw.exe
  2⤵
  PID:9108
- C:\Windows\System\iEawUpP.exe
  C:\Windows\System\iEawUpP.exe
  2⤵
  PID:9000
- C:\Windows\System\xVeoApE.exe
  C:\Windows\System\xVeoApE.exe
  2⤵
  PID:9044
- C:\Windows\System\tnRBwTy.exe
  C:\Windows\System\tnRBwTy.exe
  2⤵
  PID:8260
- C:\Windows\System\vaTyCXr.exe
  C:\Windows\System\vaTyCXr.exe
  2⤵
  PID:8448
- C:\Windows\System\BEYtpDx.exe
  C:\Windows\System\BEYtpDx.exe
  2⤵
  PID:8692
- C:\Windows\System\hBgtzYP.exe
  C:\Windows\System\hBgtzYP.exe
  2⤵
  PID:9128
- C:\Windows\System\AolGSSE.exe
  C:\Windows\System\AolGSSE.exe
  2⤵
  PID:8672
- C:\Windows\System\lFqofqO.exe
  C:\Windows\System\lFqofqO.exe
  2⤵
  PID:8740
- C:\Windows\System\RUAQEya.exe
  C:\Windows\System\RUAQEya.exe
  2⤵
  PID:8480
- C:\Windows\System\qgPaPlR.exe
  C:\Windows\System\qgPaPlR.exe
  2⤵
  PID:8888
- C:\Windows\System\oEAxWAY.exe
  C:\Windows\System\oEAxWAY.exe
  2⤵
  PID:8236
- C:\Windows\System\PVXGYfO.exe
  C:\Windows\System\PVXGYfO.exe
  2⤵
  PID:8984
- C:\Windows\System\fltYTVx.exe
  C:\Windows\System\fltYTVx.exe
  2⤵
  PID:9064
- C:\Windows\System\rPJSVlj.exe
  C:\Windows\System\rPJSVlj.exe
  2⤵
  PID:8560
- C:\Windows\System\bHLDMrS.exe
  C:\Windows\System\bHLDMrS.exe
  2⤵
  PID:8980
- C:\Windows\System\XoRRJZK.exe
  C:\Windows\System\XoRRJZK.exe
  2⤵
  PID:8376
- C:\Windows\System\AeNYeHU.exe
  C:\Windows\System\AeNYeHU.exe
  2⤵
  PID:8924
- C:\Windows\System\DuYJsQZ.exe
  C:\Windows\System\DuYJsQZ.exe
  2⤵
  PID:9228
- C:\Windows\System\kZlpZmz.exe
  C:\Windows\System\kZlpZmz.exe
  2⤵
  PID:9256
- C:\Windows\System\UplKgaQ.exe
  C:\Windows\System\UplKgaQ.exe
  2⤵
  PID:9272
- C:\Windows\System\FAXEAwv.exe
  C:\Windows\System\FAXEAwv.exe
  2⤵
  PID:9292
- C:\Windows\System\UiChlZY.exe
  C:\Windows\System\UiChlZY.exe
  2⤵
  PID:9332
- C:\Windows\System\sIEjBDK.exe
  C:\Windows\System\sIEjBDK.exe
  2⤵
  PID:9348
- C:\Windows\System\koBMqVI.exe
  C:\Windows\System\koBMqVI.exe
  2⤵
  PID:9368
- C:\Windows\System\hluFpbw.exe
  C:\Windows\System\hluFpbw.exe
  2⤵
  PID:9384
- C:\Windows\System\zSUfcrt.exe
  C:\Windows\System\zSUfcrt.exe
  2⤵
  PID:9400
- C:\Windows\System\trAGnqa.exe
  C:\Windows\System\trAGnqa.exe
  2⤵
  PID:9424
- C:\Windows\System\penacGR.exe
  C:\Windows\System\penacGR.exe
  2⤵
  PID:9444
- C:\Windows\System\IMZETVl.exe
  C:\Windows\System\IMZETVl.exe
  2⤵
  PID:9460
- C:\Windows\System\vWBColn.exe
  C:\Windows\System\vWBColn.exe
  2⤵
  PID:9492
- C:\Windows\System\XnBNFLQ.exe
  C:\Windows\System\XnBNFLQ.exe
  2⤵
  PID:9512
- C:\Windows\System\UmickIp.exe
  C:\Windows\System\UmickIp.exe
  2⤵
  PID:9532
- C:\Windows\System\ptmmpeZ.exe
  C:\Windows\System\ptmmpeZ.exe
  2⤵
  PID:9548
- C:\Windows\System\tNGooza.exe
  C:\Windows\System\tNGooza.exe
  2⤵
  PID:9572
- C:\Windows\System\rGzysRw.exe
  C:\Windows\System\rGzysRw.exe
  2⤵
  PID:9592
- C:\Windows\System\wiOGYrE.exe
  C:\Windows\System\wiOGYrE.exe
  2⤵
  PID:9608
- C:\Windows\System\yqUiZdu.exe
  C:\Windows\System\yqUiZdu.exe
  2⤵
  PID:9624
- C:\Windows\System\IaxgVcP.exe
  C:\Windows\System\IaxgVcP.exe
  2⤵
  PID:9640
- C:\Windows\System\xcucBkm.exe
  C:\Windows\System\xcucBkm.exe
  2⤵
  PID:9672
- C:\Windows\System\XyyMyRH.exe
  C:\Windows\System\XyyMyRH.exe
  2⤵
  PID:9696
- C:\Windows\System\pUVOjuw.exe
  C:\Windows\System\pUVOjuw.exe
  2⤵
  PID:9716
- C:\Windows\System\xTVCBqH.exe
  C:\Windows\System\xTVCBqH.exe
  2⤵
  PID:9732
- C:\Windows\System\zBddIzF.exe
  C:\Windows\System\zBddIzF.exe
  2⤵
  PID:9756
- C:\Windows\System\oJyrFhi.exe
  C:\Windows\System\oJyrFhi.exe
  2⤵
  PID:9776
- C:\Windows\System\PdiGTJp.exe
  C:\Windows\System\PdiGTJp.exe
  2⤵
  PID:9796
- C:\Windows\System\CVJsEMh.exe
  C:\Windows\System\CVJsEMh.exe
  2⤵
  PID:9816
- C:\Windows\System\oEZZMno.exe
  C:\Windows\System\oEZZMno.exe
  2⤵
  PID:9832
- C:\Windows\System\ozpDskp.exe
  C:\Windows\System\ozpDskp.exe
  2⤵
  PID:9848
- C:\Windows\System\nRmMHtt.exe
  C:\Windows\System\nRmMHtt.exe
  2⤵
  PID:9868
- C:\Windows\System\VBVyKgf.exe
  C:\Windows\System\VBVyKgf.exe
  2⤵
  PID:9888
- C:\Windows\System\UrBFnyx.exe
  C:\Windows\System\UrBFnyx.exe
  2⤵
  PID:9912
- C:\Windows\System\dGKjaOM.exe
  C:\Windows\System\dGKjaOM.exe
  2⤵
  PID:9932
- C:\Windows\System\wJAXHcw.exe
  C:\Windows\System\wJAXHcw.exe
  2⤵
  PID:9956
- C:\Windows\System\lcnGGpW.exe
  C:\Windows\System\lcnGGpW.exe
  2⤵
  PID:9976
- C:\Windows\System\kASIwDU.exe
  C:\Windows\System\kASIwDU.exe
  2⤵
  PID:9996
- C:\Windows\System\iCMdNzb.exe
  C:\Windows\System\iCMdNzb.exe
  2⤵
  PID:10012
- C:\Windows\System\PLRVHqv.exe
  C:\Windows\System\PLRVHqv.exe
  2⤵
  PID:10028
- C:\Windows\System\FpSOGfc.exe
  C:\Windows\System\FpSOGfc.exe
  2⤵
  PID:10056
- C:\Windows\System\sdDssyY.exe
  C:\Windows\System\sdDssyY.exe
  2⤵
  PID:10072
- C:\Windows\System\EXhmaTz.exe
  C:\Windows\System\EXhmaTz.exe
  2⤵
  PID:10092
- C:\Windows\System\XRgfGNV.exe
  C:\Windows\System\XRgfGNV.exe
  2⤵
  PID:10112
- C:\Windows\System\cwSzPbY.exe
  C:\Windows\System\cwSzPbY.exe
  2⤵
  PID:10128
- C:\Windows\System\rJIzunV.exe
  C:\Windows\System\rJIzunV.exe
  2⤵
  PID:10156
- C:\Windows\System\pHsmyEl.exe
  C:\Windows\System\pHsmyEl.exe
  2⤵
  PID:10172
- C:\Windows\System\MIAJyCS.exe
  C:\Windows\System\MIAJyCS.exe
  2⤵
  PID:10196
- C:\Windows\System\KVBbgLM.exe
  C:\Windows\System\KVBbgLM.exe
  2⤵
  PID:10212
- C:\Windows\System\oloZfmV.exe
  C:\Windows\System\oloZfmV.exe
  2⤵
  PID:10228
- C:\Windows\System\LzTlCyg.exe
  C:\Windows\System\LzTlCyg.exe
  2⤵
  PID:9236
- C:\Windows\System\vSnFkHn.exe
  C:\Windows\System\vSnFkHn.exe
  2⤵
  PID:9252
- C:\Windows\System\NCnKFKg.exe
  C:\Windows\System\NCnKFKg.exe
  2⤵
  PID:9288
- C:\Windows\System\tmFHglu.exe
  C:\Windows\System\tmFHglu.exe
  2⤵
  PID:8736
- C:\Windows\System\nYHZoBj.exe
  C:\Windows\System\nYHZoBj.exe
  2⤵
  PID:9268
- C:\Windows\System\eOcxYci.exe
  C:\Windows\System\eOcxYci.exe
  2⤵
  PID:9312
- C:\Windows\System\MvInIGp.exe
  C:\Windows\System\MvInIGp.exe
  2⤵
  PID:9328
- C:\Windows\System\lHSZXTA.exe
  C:\Windows\System\lHSZXTA.exe
  2⤵
  PID:9380
- C:\Windows\System\zFeSDtL.exe
  C:\Windows\System\zFeSDtL.exe
  2⤵
  PID:9440
- C:\Windows\System\FwREamP.exe
  C:\Windows\System\FwREamP.exe
  2⤵
  PID:9480
- C:\Windows\System\rUUFjqZ.exe
  C:\Windows\System\rUUFjqZ.exe
  2⤵
  PID:9500
- C:\Windows\System\maQKgiM.exe
  C:\Windows\System\maQKgiM.exe
  2⤵
  PID:9528
- C:\Windows\System\YRGapIe.exe
  C:\Windows\System\YRGapIe.exe
  2⤵
  PID:9556
- C:\Windows\System\bsbLOZs.exe
  C:\Windows\System\bsbLOZs.exe
  2⤵
  PID:9588
- C:\Windows\System\pHfPuZa.exe
  C:\Windows\System\pHfPuZa.exe
  2⤵
  PID:9616
- C:\Windows\System\SKxRvyn.exe
  C:\Windows\System\SKxRvyn.exe
  2⤵
  PID:9660
- C:\Windows\System\CrSgqIV.exe
  C:\Windows\System\CrSgqIV.exe
  2⤵
  PID:9704
- C:\Windows\System\ZhPQBhn.exe
  C:\Windows\System\ZhPQBhn.exe
  2⤵
  PID:9728
- C:\Windows\System\OcXaeib.exe
  C:\Windows\System\OcXaeib.exe
  2⤵
  PID:9744
- C:\Windows\System\jDVgpaW.exe
  C:\Windows\System\jDVgpaW.exe
  2⤵
  PID:9788
- C:\Windows\System\dGPxeFn.exe
  C:\Windows\System\dGPxeFn.exe
  2⤵
  PID:9808
- C:\Windows\System\vbaEEws.exe
  C:\Windows\System\vbaEEws.exe
  2⤵
  PID:9844
- C:\Windows\System\SgKNIYf.exe
  C:\Windows\System\SgKNIYf.exe
  2⤵
  PID:9876
- C:\Windows\System\igmBtwa.exe
  C:\Windows\System\igmBtwa.exe
  2⤵
  PID:9928
- C:\Windows\System\lSJScsP.exe
  C:\Windows\System\lSJScsP.exe
  2⤵
  PID:9972
- C:\Windows\System\NjfBpoJ.exe
  C:\Windows\System\NjfBpoJ.exe
  2⤵
  PID:10004
- C:\Windows\System\iVClKaN.exe
  C:\Windows\System\iVClKaN.exe
  2⤵
  PID:10036
- C:\Windows\System\DGLiQAP.exe
  C:\Windows\System\DGLiQAP.exe
  2⤵
  PID:10080
- C:\Windows\System\mcGFtzV.exe
  C:\Windows\System\mcGFtzV.exe
  2⤵
  PID:10108
- C:\Windows\System\fBqsrff.exe
  C:\Windows\System\fBqsrff.exe
  2⤵
  PID:10144
- C:\Windows\System\TFPkRyi.exe
  C:\Windows\System\TFPkRyi.exe
  2⤵
  PID:10168
- C:\Windows\System\obGVOQo.exe
  C:\Windows\System\obGVOQo.exe
  2⤵
  PID:10208
- C:\Windows\System\NxOHWEN.exe
  C:\Windows\System\NxOHWEN.exe
  2⤵
  PID:8996
- C:\Windows\System\pnnVXAd.exe
  C:\Windows\System\pnnVXAd.exe
  2⤵
  PID:8636
- C:\Windows\System\reSSfKq.exe
  C:\Windows\System\reSSfKq.exe
  2⤵
  PID:9320
- C:\Windows\System\wOLWCbp.exe
  C:\Windows\System\wOLWCbp.exe
  2⤵
  PID:9304
- C:\Windows\System\XYvEijh.exe
  C:\Windows\System\XYvEijh.exe
  2⤵
  PID:9416
- C:\Windows\System\bgcFqTz.exe
  C:\Windows\System\bgcFqTz.exe
  2⤵
  PID:9436
- C:\Windows\System\UBCbZug.exe
  C:\Windows\System\UBCbZug.exe
  2⤵
  PID:9504
- C:\Windows\System\cQNhVLU.exe
  C:\Windows\System\cQNhVLU.exe
  2⤵
  PID:9652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AftIFdQ.exe

Filesize
6.0MB

MD5
4fa1e4c3ff9ee6134d16233fc0569f65

SHA1
9e13b75e4e3b5313fdd42c41bf7407a0c69e705c

SHA256
560b5df6f1b25022fdb6e5b40a7676ee00a2e17a8ecf4ce07e7cbd1f98126c91

SHA512
bf3472371f0e09de5c49cf51cca6fc3063eedba11c5bbc9d5a0720dd80d51e8e7a4041a466c4b052fd44a5587fd8f286a2a42e36e161d8fa6431b1dfc1dc7195

Download Submit
C:\Windows\system\CVGSaTF.exe

Filesize
6.0MB

MD5
ae1de8c124110ab99b6ef0108367e80f

SHA1
e52ae416ec4fcae4c01815a5507c321c1d9c41d7

SHA256
67d937fe89922f5e2972bb754eb7f8c6a6197f4c6d369dde9527bb827bfeb0c3

SHA512
703dbf5113a6b06e477834827385516e57b0fd076644c3d1c7cffe0b83ea7c5dd763993e78a2c7b3f3132db514671812e1c36f04a2669fe7ff9942425523019e

Download Submit
C:\Windows\system\EQyhdbI.exe

Filesize
6.0MB

MD5
5e988c4d54d2ce5abbcb21598563641f

SHA1
390d15f8b9af219ffb8d348f7461d2cbfc8dde64

SHA256
2af0d4b73d186d4ce0161f65c22ba103cffd3455db94a4ef6ae8d7ba84a5ffe9

SHA512
5350a43a287ed812ad7ce0d5d5a4f49256b3ab2b45be6693f16e1ad34a4dc736403c2496f154770d128d741f00f86c266ff2330378f1374b8ad661dc90d90a79

Download Submit
C:\Windows\system\FWGIcEE.exe

Filesize
6.0MB

MD5
a8e2c4de12cbc2d82c7aab63849b7424

SHA1
6c9e70e0181f712cebadd0351caef5cebdea74c2

SHA256
f14f18e58c030e306fa8f7c2950ab9da90282ac0046dedcfcd4cdba20ba5c072

SHA512
0dbe0e1a4b70e28866f0c807d2371d66d660107ca0d6c4afa3f6406d54e1ebc9c891235b42fd3da9da5f577e0050a0fc3e88866f225b92af0f83c2d4e3591210

Download Submit
C:\Windows\system\KByGvyw.exe

Filesize
6.0MB

MD5
9fc9867ec4609ed8c4786a8b5986749b

SHA1
80bcc55bb65a964db395b13613d8a280a9710de1

SHA256
51aa935f36bae56e5dc781b68f093e5c314e0d84320d1aaa39863acc3be88750

SHA512
213b85372519e0f16cd54cec644b1cbcb9e9155557fee224f9cbfd40a91951e9f71a48a0b1fa935e18772eb9f392c3dc22875e36a3f83e6ab1a97a4a2e70d609

Download Submit
C:\Windows\system\LcqbyNt.exe

Filesize
6.0MB

MD5
20b85d23af6042c7b7d8899d55797d32

SHA1
fdbcff2dbbcf7c43f29b17384e68da2e5a6f41d4

SHA256
a54c6d815453cc8b93f5457530a3e6f38eaa7c1c02512e4ebfe594b47360c6ac

SHA512
1a6bc146327778dd68077e81d728158d7c5b8b0bdbd7a71449935b8b0483a0626886fc293ba06cefe7c5c424fe89ed1522994737b51c4f5b65decf1a9097edb6

Download Submit
C:\Windows\system\MRvtGDv.exe

Filesize
6.0MB

MD5
a148a8ba8a57870d13634835a870836c

SHA1
ee119c2523895c285059e3e1700f90bb01e7dbd4

SHA256
a1967d108e7226eb83e11b0472dc262ae875bc921d1978a0d262f0e570a1575e

SHA512
5dcbb7df6fc362dad0d9821face3017b0796662f74a1147fd9a25f216a73c0ea0fe0c2c9c022718eb7fc7bc3a9f46386157b09b9f241eed320d558d24f004b34

Download Submit
C:\Windows\system\MfipikD.exe

Filesize
6.0MB

MD5
d71e96785495058de67e34cb4700327d

SHA1
09e1883a20b9014602439af7eac41e2f24f657d3

SHA256
0d91ae17e1f18360f7c218327de5900752e439c2c0ef709fe35546fe91699375

SHA512
568ed368d1bf10873df1a89272b1d9edd254f1f1326410f6fe9c8426aa55698b385968eb33c338b9f9f67e0e5dbb1cc9e342230709dfc0e074c9d2af5e8c4d29

Download Submit
C:\Windows\system\NJxOkhC.exe

Filesize
6.0MB

MD5
219ece751650dbad2439fb58f962cb64

SHA1
96226338dc75cf2700477a79d79988f91451468b

SHA256
576e65734c5652bec1a45766e6b6ba7f89120854d30ef5f36d952161ab641b33

SHA512
8252733206c887437cbf15f0e41413117e7cff98bd2a809322225ff3c16d2f86627e7233d781e3c9333d53f18b2e0db827e1189cbf4c6350f1e085ea4aa1499c

Download Submit
C:\Windows\system\NZtAUHz.exe

Filesize
6.0MB

MD5
fb3afd3bd0707d936b88aa4855f483fb

SHA1
4c1fd0d4d4fdab09909bd2fa7e786a9a008ee315

SHA256
feca9bcde139149b49a3fae2cf324c4eaf68b6b63c4475c46d69f2e15b3c67ad

SHA512
931aaeb57de2725e18f896462651ce8599c20b1327e1fafc64d9bbe2737e8a170bb48c85304db6171c2b07631465433cdbfa4bdc3a3356c39ee6c8c0be347328

Download Submit
C:\Windows\system\OVDIHMv.exe

Filesize
6.0MB

MD5
ee82d7492bb180b72e2438ead5a52d87

SHA1
1e38f219594424bc1637101b824b721c66096de5

SHA256
b671696345566bd8440e12b558642f45114aa304a74e478b94814bc92d5b4f99

SHA512
5b2f9fbf65c0be2c5f55a84fcc4d538dd2a35c7b1f23b3e7e8bf08a725702990d45f786f37c8a46a203665d8d7cdfa400c1482d8ac6f05aedbf067c3fa38d21d

Download Submit
C:\Windows\system\VlySOnt.exe

Filesize
6.0MB

MD5
50fa1b3e217da0301bc62ffdd385fcf6

SHA1
7695aa0a42162ce7d1c3790057d9c29e38e8ede7

SHA256
5785340af50b51a773fae1ec163434233a3ce02e7713c9c3152f35c3ea7feeb5

SHA512
21d94a8730f053b0efc4b61954b871391888d0476650b53f60f5750cc6e54d1c36c97e831afd5ddba32a88bdcd1db9a7932fd7a54a0faaa4fabdbc64f49af362

Download Submit
C:\Windows\system\WHsbcMq.exe

Filesize
6.0MB

MD5
904b550fadaea22fef171c9c7ac34fd9

SHA1
760b776b51edeaef402a555afafa5b2f6de127e7

SHA256
3d1d38be093cf37c48538e12d0dd89e764060a63092eb02f032f512d8be3d044

SHA512
e3f62a38798bf59926182113f07ac836479a1f0cf25fc0c2180148aed169cbd577e1a4658a84b5a48bacbe6542c16f40caadbd81f75339284f223a461913325f

Download Submit
C:\Windows\system\ZqOzmtS.exe

Filesize
6.0MB

MD5
32e87d673e63beac9bae63bc812faaef

SHA1
4ed41825242d86c02c1eadc3eb7e5d60e0986a02

SHA256
099adcae4a5b7899aa2e36e0419bc48c50bc0e7bdb5e3cc094f9fac1a0bd7a1a

SHA512
981820e96e0a51d4c4cfaf60b8d2eaa9405664b6196230ea562873571a61f3f4f7c6bd8f2147ab545a2602bb5a88a444195d447af13e66972fb70a833330f3ec

Download Submit
C:\Windows\system\daihvHi.exe

Filesize
6.0MB

MD5
b5e6afdc154cc73dfa80b79c7d059351

SHA1
e6665823339b24ab7d14f8ac5a212312829e543d

SHA256
c2cd5dd5502aa521f0d3893314ae4c1cf0786611e36e838fb770fda816dcb9d0

SHA512
4a4528197d84f943b2e22ee383debaff887c216c2b6d060cf642efb449cf99d8eba689c1b4483d40a5086b40e8c196f6a11f07d5a6f85ad115d52b4d070dca6a

Download Submit
C:\Windows\system\eSlUUfa.exe

Filesize
8B

MD5
868b7e0b0b7c9ed30133606a1d9e2b2a

SHA1
45e801ec8a1de20d56cc274dab385c4488267fc2

SHA256
14680ac75c31f7637018c6f665ec23350ca73c316c5edad0d5c9eeffabd7111d

SHA512
fc92b13d2fc445bb8a7dd86044b7c11720bafb1ee8f6221c750825546ec2b9957a68de79ba584fc801d6880ed139f36edd3e1711bebf42faa5bc7092cde308fc

Download Submit
C:\Windows\system\hUwyhBd.exe

Filesize
6.0MB

MD5
d62340311a28fd97a722e6d37c11928c

SHA1
a8e07fd1373c6a1d858a694f281baa1820511183

SHA256
81ec8cef6ac14688f58d2bc3464649f9e2c19dac471391316b92091330ecbc1c

SHA512
974f0ff04be3e7dd68023deb215bd933b18c492c722fad865081fc378f0eb92f676516fcceebb3a14b3e3d51896840678286a7778a2aa340d280bcd72865bec3

Download Submit
C:\Windows\system\hjgzrpi.exe

Filesize
6.0MB

MD5
86a68884bb5043f05e075fc21c0d519d

SHA1
623e49d3a617b54b7d7d7307f4ee5f9e16307c76

SHA256
ad937373bc017f61b013c130ac2e5a7d90ee4d9186de5bbccbca136f258f38c4

SHA512
195f1ac435db17f139b6ab48ebda068d57ad6270567b212388da6881d47bae4a5a09b100687c77dc9bad87bb02427667e4b6f3070708eb52b771dfc71bd7c1e8

Download Submit
C:\Windows\system\hmdRUTo.exe

Filesize
6.0MB

MD5
4510527096711aa572f3e6b584e2bfcf

SHA1
75c4828c89fd9b0085f781de7ee54ac71957dd20

SHA256
4bade2605600a443bde4a34773427de5b5ac304c52e2317917873acda449459e

SHA512
d45b0a9df4325918fdec71017cc6270df40ef7a3cc673cd54c4593784a7989775e64c5cb327d60b77c522b09b2efc80128ff0705797e2da7738608d107aa0bb0

Download Submit
C:\Windows\system\iCuSVkR.exe

Filesize
6.0MB

MD5
5fd94064a2d622092cb8476e79d9b769

SHA1
cbdd67fc5240158ba4bae9d2d23d99677a732824

SHA256
3626bcfc24ac60676541537a7467f6a000589932956e159c022614a949d4fbb5

SHA512
bfa32c2d3cc5cbfc1754c71afe1b1a7dfc541a67b455a56879c831a5dbc2eb2028336cf78067265997dc915f34b85e6015310e1f5bcb553a5310140e5873cdc6

Download Submit
C:\Windows\system\ijqKnAI.exe

Filesize
6.0MB

MD5
22dcfc7c98eeb3751d33f669524902f8

SHA1
064f180d05e2be372147a387bf3d9f3feee7f83e

SHA256
5e38ea0db8da391ba791a183bd2396c9d3f2f30c13e77751f6736cb317fe1a08

SHA512
fde03ff9263bc937444c337124147754aaf4e3575021fbe878583ead0c4886b3b031bdfec96e3fe2d0b6ec3d090a8044e6d77ffdff22d9174b5966745966e7e4

Download Submit
C:\Windows\system\koJkSGa.exe

Filesize
6.0MB

MD5
56d25eda253b3f9b243982c925990a7d

SHA1
8b54f7a2c737692f4f50f7df3544593ff46381a1

SHA256
74e5c38cfaee2e04e977365595eeb2e53801f6f3f0397b586905be3b2e4aa9bb

SHA512
063716d0239f2af78fbc302abe8f7b7ac934431259c511c573a1598f1dd2f14bce9e3aac2fee3dff381e2935226b578261b43e7f10e0c395b60d0403ef949413

Download Submit
C:\Windows\system\lkuSJqq.exe

Filesize
6.0MB

MD5
c94f12d65d38ee4acb3a93d88d2b8fbf

SHA1
ef9467471336a40ea247937bf89f1956baea9369

SHA256
d4d67392ed0f3469cead9378fc3ef661dbe09208b51885befd448b6847f65a68

SHA512
d84e0371065f3256959dfff275f4a1dc7a97d683bd9d762a580225440cecc6fdb97c78be6b0a7df7d5dc9fb6c11e40c94f8b7c07b23cf0ca68ddc4e41263e309

Download Submit
C:\Windows\system\nddMEnz.exe

Filesize
6.0MB

MD5
e63caca0b373ed08afc2646ff1924474

SHA1
2683f43daf0ee7f71d048caa8b1ab37c553d641e

SHA256
f75910420a042b51bd367cb3f5019b9f6d45c6180ad59781d97b0f112deec112

SHA512
44e6e9172a22172d2e9de4c6df613a8ad32b04dc1114ecf4ceeb9f77bf84eaaebd0943fb9e435f38dd9102ce55f1b68518e809408a9ca70bbe6c609bd6cd7226

Download Submit
C:\Windows\system\pcDyIpO.exe

Filesize
6.0MB

MD5
99b3be5edacd3824c00ad68757415cb7

SHA1
935e1e2bd63288f80cf23ee77717e98fba1e95a1

SHA256
214f2fa8bcea59bbd53b28bab494f2facdeec908bda5efc9a441f971feeaf222

SHA512
2aaf7c2bec71c39bfec3272d3e2c4139be9a1982b2cfa11ed6b1836ccc35ddf2b7463d1f5b4657a09e6e2ccc793584a57bd3a946ddf6296df57acfd7e78f32cd

Download Submit
C:\Windows\system\qqMVTvX.exe

Filesize
6.0MB

MD5
3a3b9e5e662fd8d819a3bfb3772fd562

SHA1
208d5d3ad988ce39c4d23ed4fe995f90c5664730

SHA256
141cda0dc61c9cd3b9e0ff4a58a534a7c16593e58389544ea24538f81036282b

SHA512
0a61f6e07d15a5fdb35c987d66ca482f850a5e6f6d89f5200c98a4babe8cfc4ee8e0ff8026eb410e55278cd00649b514bbf271498b22ed710c5403c56a9b3419

Download Submit
C:\Windows\system\tshgzLF.exe

Filesize
6.0MB

MD5
16532c0d885d6d7f99109cb5408f5953

SHA1
0c5c8f2b00e1be9efe81ac90f2678acef944499b

SHA256
b8c54e84f20b5cf8761803f83aba1682b62379c5efab657ec73ed802f9bf1339

SHA512
5d7a3340d143e3d8db5db6f286c6c288617b5282582217d869d0a25e8c2cb5890135e4c6448f259d9b8fda312d56595ef17e7e5f5c1bf4cca99a1e9303f00133

Download Submit
C:\Windows\system\vqYyGRT.exe

Filesize
6.0MB

MD5
63012c24693d062791561898ad888943

SHA1
967e2d65ca1063be512bb5031327d8a9a1520787

SHA256
82c4723287c953464f4139012aa18fc86931ecbc09a0fb2efe0bfed642976de9

SHA512
eacc959e7187798575a2a5bf99b31fb0d41667677215d6148d70cd24a7e6d7c4921bc348342bd1c09a2c07ee6d494b85a4983f2a66cace7cd38c19f950a4074c

Download Submit
C:\Windows\system\xukNzmn.exe

Filesize
6.0MB

MD5
82ecf148f075171eb12263df7dc1b79d

SHA1
2e26bd22e864d3a2ee3690c00a7cfe84cab34a6f

SHA256
f134a60bbac4a163aa8b4070cd36c7d92d48d92b94d92d4857d758d7a6d96614

SHA512
6857a227eb84ac4da95a8ab1b13b2c8aaefb7a1b09f4813002132d69a62a024f96a76304538cabec225d11548a7fcc138f7d1267490e93302b6dca9cffe20f78

Download Submit
C:\Windows\system\yvWvnlW.exe

Filesize
6.0MB

MD5
f495f6a8d7b3e62f3bd94270479fb1ab

SHA1
460da8271369e267303ab033dd2d9bb14ff15c4d

SHA256
756537ad73d7a50722d80ecbf62799c7135e0f062da06eaaef3b3ab8d2ba5438

SHA512
2863d8ae4ea3ace5f62c2dfa09a2bddd1830b2b5961598638f461eb2c317a33bb356f42fb74bcec2c453de69c1d72c45f2e59ad18047b9ef46f038c65fd660f0

Download Submit
\Windows\system\iFNnGUq.exe

Filesize
6.0MB

MD5
8366b940aa436b3345cd8fdc496c8e31

SHA1
bfeb2ca597c61b14fb962c5d6cbbd6e8c988288f

SHA256
32f724581c02078d0ae691324fe0fee2f89e9619b516177172ad38d8474e3ff8

SHA512
85c047dbb6a915ba930586d40ea90a320e2e63754dcd59b67baeb256e07fc689f847ddb5d8d51008b622f83455398ed9348ae9e241ebd758e5ba27fe6b7c8bac

Download Submit
\Windows\system\nMFzLXw.exe

Filesize
6.0MB

MD5
dd1f797891da3f1c1b6bc7328ce4a0a0

SHA1
8de20f889677fb1a5a204eb61b2d169ae475f477

SHA256
e381d9b694e66e2d36e83decbe70cfecce2ed575b0e273b5cc6cb76a5490e760

SHA512
eee582feb20e092e44e0dc510c8d3fb464ef9070d0e13602ae05ae064be685a228b1870659f78dfddf2d458d9de6108111aca3a4286508aab7411591528ce885

Download Submit
\Windows\system\osAWlks.exe

Filesize
6.0MB

MD5
7f06394f43575633ef082696adeb876d

SHA1
1e088172bccafe84e926d6377f0badfab62aad5a

SHA256
ea6d962736239304a740d9777e8c6adea77a9fd711ebbf9f9963e75750dba3d6

SHA512
f412d33c061164b0b0be2651cb03e6f1484fac0a6f2f7aef2d45eb22b6772437d0b892889e36bdc74b174b43e026f1bf80ff18951e44a69dac5c57d607dbcacb

Download Submit
memory/908-2613-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-2622-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/908-1-0x00000000002F0000-0x0000000000300000-memory.dmp

Filesize
64KB

Download
memory/908-27-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/908-2536-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-17-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-0-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/908-2628-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/908-6-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-30-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-2651-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-2295-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-1827-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-1834-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/908-2653-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/908-1836-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-2617-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/908-2633-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/908-1840-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/908-2640-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-1847-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/908-2619-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-1865-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/908-1870-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/908-34-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/908-2078-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/908-1875-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-1879-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/908-1878-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-1877-0x00000000023A0000-0x00000000026F4000-memory.dmp

Filesize
3.3MB

Download
memory/908-2625-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1064-1867-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1064-3568-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2016-1825-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2016-3557-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/2144-1872-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-3571-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2192-2225-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2192-13-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2192-3459-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3566-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1835-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2636-1832-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2636-3542-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2664-3561-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2664-1837-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-2612-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-40-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-3539-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2704-4629-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2704-39-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2704-2469-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2728-20-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2728-3563-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2728-2298-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2852-3527-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2852-28-0x000000013FD70000-0x00000001400C4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3567-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1845-0x000000013FAE0000-0x000000013FE34000-memory.dmp

Filesize
3.3MB

Download
memory/2944-3450-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2944-1898-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-3565-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/3068-1864-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download