cobaltstrike | 3c049dbceb71db3837067217da4cab6ec7af4c9c91b9a266025368e49f8c60d1

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-01-2025 12:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

ff56da643f5813be98d88dfe843ba445
SHA1

d0a2bc5f6c91308279a257984b657dfeb3b547c6
SHA256

3c049dbceb71db3837067217da4cab6ec7af4c9c91b9a266025368e49f8c60d1
SHA512

16519223582079c50d87815540217164d3e25a2d4c2d98263c81141260be9bede2e376b373ccf6bd654b2a57e3a2be4929a3d1174e79c2440f80434f7d0f3add
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUz:T+q56utgpPF8u/7z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00090000000120d6-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018be7-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018d7b-11.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019203-38.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001924f-48.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194c3-69.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019502-96.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019520-123.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019535-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c79-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b18-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019b16-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019a85-178.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197e4-173.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019650-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019647-158.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001964f-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019645-154.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a8-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019543-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952e-133.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001952b-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019518-118.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019508-108.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019510-113.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001870c-91.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e1-85.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d5-77.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019261-61.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019237-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019056-32.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000018fdf-25.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2156-1-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x00090000000120d6-3.dat	xmrig
behavioral1/memory/2580-8-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/files/0x0008000000018be7-9.dat	xmrig
behavioral1/memory/3036-13-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x0008000000018d7b-11.dat	xmrig
behavioral1/memory/2144-21-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019203-38.dat	xmrig
behavioral1/files/0x000800000001924f-48.dat	xmrig
behavioral1/memory/2580-52-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig
behavioral1/memory/2988-55-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x00050000000194c3-69.dat	xmrig
behavioral1/memory/2716-71-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/memory/2260-86-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2268-87-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0005000000019502-96.dat	xmrig
behavioral1/files/0x0005000000019520-123.dat	xmrig
behavioral1/files/0x0005000000019535-138.dat	xmrig
behavioral1/memory/592-1130-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2180-823-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2268-592-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2668-422-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2716-234-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0005000000019c79-193.dat	xmrig
behavioral1/files/0x0005000000019b18-188.dat	xmrig
behavioral1/files/0x0005000000019b16-183.dat	xmrig
behavioral1/files/0x0005000000019a85-178.dat	xmrig
behavioral1/files/0x00050000000197e4-173.dat	xmrig
behavioral1/files/0x0005000000019650-168.dat	xmrig
behavioral1/files/0x0005000000019647-158.dat	xmrig
behavioral1/files/0x000500000001964f-163.dat	xmrig
behavioral1/files/0x0005000000019645-154.dat	xmrig
behavioral1/files/0x00050000000195a8-148.dat	xmrig
behavioral1/files/0x0005000000019543-143.dat	xmrig
behavioral1/files/0x000500000001952e-133.dat	xmrig
behavioral1/files/0x000500000001952b-128.dat	xmrig
behavioral1/files/0x0005000000019518-118.dat	xmrig
behavioral1/files/0x0005000000019508-108.dat	xmrig
behavioral1/files/0x0005000000019510-113.dat	xmrig
behavioral1/memory/592-102-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2784-101-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2180-93-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2988-92-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x000800000001870c-91.dat	xmrig
behavioral1/files/0x00050000000194e1-85.dat	xmrig
behavioral1/memory/2668-79-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2748-78-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d5-77.dat	xmrig
behavioral1/memory/2320-70-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2784-63-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2144-62-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019261-61.dat	xmrig
behavioral1/memory/2156-58-0x00000000022D0000-0x0000000002624000-memory.dmp	xmrig
behavioral1/memory/3036-57-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019237-41.dat	xmrig
behavioral1/memory/2260-49-0x000000013FB60000-0x000000013FEB4000-memory.dmp	xmrig
behavioral1/memory/2748-34-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x0007000000019056-32.dat	xmrig
behavioral1/memory/2320-30-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x0007000000018fdf-25.dat	xmrig
behavioral1/memory/2860-46-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2156-36-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/3036-3733-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2580-3737-0x000000013FB40000-0x000000013FE94000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2580	oQFpAMr.exe
3036	fuONwHf.exe
2144	vGSJoVw.exe
2320	MtVtkIm.exe
2748	DQeYOcE.exe
2860	PRkZgmz.exe
2260	FTeyOjH.exe
2988	tytHgGN.exe
2784	yaUwsSk.exe
2716	UCisVBj.exe
2668	UErEGjV.exe
2268	YXkxvGV.exe
2180	WnVmZgC.exe
592	nuvncJg.exe
1632	dvPKGfi.exe
1496	FPypVaQ.exe
2704	BDhlOnV.exe
1260	nvFCaKO.exe
316	rQhKFTG.exe
1336	EuhMYfq.exe
2960	mdCvNnM.exe
2948	ZUYIfFH.exe
2060	trFcwdX.exe
1028	wETQgaG.exe
2356	katfZFM.exe
1560	hGrPVrU.exe
1032	QmBMIDb.exe
2100	OoSPXxL.exe
1140	WzIbHwD.exe
2584	JZduLas.exe
964	cckbtdn.exe
1876	kgZelKr.exe
3068	DkYYRfD.exe
1064	GYrtXeV.exe
1364	wYzbFlS.exe
2800	YftoRhs.exe
2016	SPThYmV.exe
1784	jVFYpjy.exe
556	tUiTPbT.exe
2316	zlZuAoa.exe
2040	cBbLKsM.exe
2112	NvSBzJD.exe
2992	CFIYUop.exe
2244	CAJNcRv.exe
2220	xwhmnwA.exe
2068	unUovmb.exe
2912	tJzwttu.exe
2308	scKwBgm.exe
1752	QGtiEZh.exe
876	loFTxtA.exe
2056	jlHCyvQ.exe
2516	hgfyLLl.exe
1692	boyHyeU.exe
2000	lDmyfUK.exe
2528	RNHsNYR.exe
2124	fpakNtU.exe
2872	RcLtwRu.exe
2256	aiiggji.exe
1796	GiJqYnM.exe
2636	zYrFIfE.exe
2272	WzIvHSw.exe
596	wHffsAD.exe
2828	xBgneKG.exe
1188	kxdLswP.exe

Loads dropped DLL 64 IoCs

pid	Process
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-1-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x00090000000120d6-3.dat	upx
behavioral1/memory/2580-8-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/files/0x0008000000018be7-9.dat	upx
behavioral1/memory/3036-13-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x0008000000018d7b-11.dat	upx
behavioral1/memory/2144-21-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x0006000000019203-38.dat	upx
behavioral1/files/0x000800000001924f-48.dat	upx
behavioral1/memory/2580-52-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2988-55-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x00050000000194c3-69.dat	upx
behavioral1/memory/2716-71-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/memory/2260-86-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2268-87-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0005000000019502-96.dat	upx
behavioral1/files/0x0005000000019520-123.dat	upx
behavioral1/files/0x0005000000019535-138.dat	upx
behavioral1/memory/592-1130-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2180-823-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2268-592-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2668-422-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2716-234-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0005000000019c79-193.dat	upx
behavioral1/files/0x0005000000019b18-188.dat	upx
behavioral1/files/0x0005000000019b16-183.dat	upx
behavioral1/files/0x0005000000019a85-178.dat	upx
behavioral1/files/0x00050000000197e4-173.dat	upx
behavioral1/files/0x0005000000019650-168.dat	upx
behavioral1/files/0x0005000000019647-158.dat	upx
behavioral1/files/0x000500000001964f-163.dat	upx
behavioral1/files/0x0005000000019645-154.dat	upx
behavioral1/files/0x00050000000195a8-148.dat	upx
behavioral1/files/0x0005000000019543-143.dat	upx
behavioral1/files/0x000500000001952e-133.dat	upx
behavioral1/files/0x000500000001952b-128.dat	upx
behavioral1/files/0x0005000000019518-118.dat	upx
behavioral1/files/0x0005000000019508-108.dat	upx
behavioral1/files/0x0005000000019510-113.dat	upx
behavioral1/memory/592-102-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2784-101-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2180-93-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2988-92-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x000800000001870c-91.dat	upx
behavioral1/files/0x00050000000194e1-85.dat	upx
behavioral1/memory/2668-79-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2748-78-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x00050000000194d5-77.dat	upx
behavioral1/memory/2320-70-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2784-63-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2144-62-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/files/0x0007000000019261-61.dat	upx
behavioral1/memory/3036-57-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/files/0x0006000000019237-41.dat	upx
behavioral1/memory/2260-49-0x000000013FB60000-0x000000013FEB4000-memory.dmp	upx
behavioral1/memory/2748-34-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x0007000000019056-32.dat	upx
behavioral1/memory/2320-30-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x0007000000018fdf-25.dat	upx
behavioral1/memory/2860-46-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2156-36-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/3036-3733-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2580-3737-0x000000013FB40000-0x000000013FE94000-memory.dmp	upx
behavioral1/memory/2144-3741-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\smSgrbw.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEoNnqu.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZEvRmgn.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrHaSWl.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qdqafno.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UEqJIMY.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHIYAvc.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GiJqYnM.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SlVkVcu.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yobZZyJ.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WyZfFNe.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WYZffJY.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\beeMLRe.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjUxbPL.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NUjDuxa.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mZdAtXT.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KRSOuyQ.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RuKejaR.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FwCugoj.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEswhXt.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZmxQuVJ.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOvCvjo.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYLqqrP.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MtWQsPB.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WwtVlYy.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBigixI.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAFggtj.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JLhDjrQ.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fTKTKva.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPdAkuM.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgxBLRB.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iJWpuSU.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQHPgLs.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GdMGoYg.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KaXjBdN.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UTbJtKv.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fiUxjCZ.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wOBaoXe.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hoJnNgW.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YRsFTeW.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkIGxIP.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wETQgaG.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MWEaQFC.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQhUqWS.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wuyABav.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GvtXILc.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tskkSiM.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRFUpiJ.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgaSEbx.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZYGlkob.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OOzenOf.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rikTgdI.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hqOsXGC.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SBGUsxk.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKsHUUj.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WoOvEdQ.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LNqJVDN.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CZgYVeX.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BYoIFGB.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vRPgMno.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Czjlowy.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLqBNiW.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvDqDmi.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\soCaPBW.exe	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2580	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 2580	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 2580	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2156 wrote to memory of 3036	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 3036	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 3036	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2156 wrote to memory of 2144	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 2144	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 2144	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2156 wrote to memory of 2320	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 2320	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 2320	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2156 wrote to memory of 2748	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2748	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2748	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2156 wrote to memory of 2860	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2860	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2860	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2156 wrote to memory of 2988	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2988	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2988	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2156 wrote to memory of 2260	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2260	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2260	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2156 wrote to memory of 2784	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2784	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2784	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2156 wrote to memory of 2716	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2716	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2716	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2156 wrote to memory of 2668	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2668	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2668	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2156 wrote to memory of 2268	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2268	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2268	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2156 wrote to memory of 2180	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 2180	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 2180	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2156 wrote to memory of 592	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 592	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 592	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2156 wrote to memory of 1632	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 1632	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 1632	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2156 wrote to memory of 1496	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 1496	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 1496	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2156 wrote to memory of 2704	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 2704	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 2704	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2156 wrote to memory of 1260	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 1260	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 1260	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2156 wrote to memory of 316	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 316	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 316	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2156 wrote to memory of 1336	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 1336	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 1336	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2156 wrote to memory of 2960	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 2960	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 2960	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2156 wrote to memory of 2948	2156	2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-27_ff56da643f5813be98d88dfe843ba445_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\System\oQFpAMr.exe
  C:\Windows\System\oQFpAMr.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\fuONwHf.exe
  C:\Windows\System\fuONwHf.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\vGSJoVw.exe
  C:\Windows\System\vGSJoVw.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\MtVtkIm.exe
  C:\Windows\System\MtVtkIm.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\DQeYOcE.exe
  C:\Windows\System\DQeYOcE.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\PRkZgmz.exe
  C:\Windows\System\PRkZgmz.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\tytHgGN.exe
  C:\Windows\System\tytHgGN.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\FTeyOjH.exe
  C:\Windows\System\FTeyOjH.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\yaUwsSk.exe
  C:\Windows\System\yaUwsSk.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\UCisVBj.exe
  C:\Windows\System\UCisVBj.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\UErEGjV.exe
  C:\Windows\System\UErEGjV.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\YXkxvGV.exe
  C:\Windows\System\YXkxvGV.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\WnVmZgC.exe
  C:\Windows\System\WnVmZgC.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\nuvncJg.exe
  C:\Windows\System\nuvncJg.exe
  2⤵
  - Executes dropped EXE
  PID:592
- C:\Windows\System\dvPKGfi.exe
  C:\Windows\System\dvPKGfi.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\FPypVaQ.exe
  C:\Windows\System\FPypVaQ.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\BDhlOnV.exe
  C:\Windows\System\BDhlOnV.exe
  2⤵
  - Executes dropped EXE
  PID:2704
- C:\Windows\System\nvFCaKO.exe
  C:\Windows\System\nvFCaKO.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\rQhKFTG.exe
  C:\Windows\System\rQhKFTG.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\EuhMYfq.exe
  C:\Windows\System\EuhMYfq.exe
  2⤵
  - Executes dropped EXE
  PID:1336
- C:\Windows\System\mdCvNnM.exe
  C:\Windows\System\mdCvNnM.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\ZUYIfFH.exe
  C:\Windows\System\ZUYIfFH.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\trFcwdX.exe
  C:\Windows\System\trFcwdX.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\wETQgaG.exe
  C:\Windows\System\wETQgaG.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\katfZFM.exe
  C:\Windows\System\katfZFM.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\hGrPVrU.exe
  C:\Windows\System\hGrPVrU.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\QmBMIDb.exe
  C:\Windows\System\QmBMIDb.exe
  2⤵
  - Executes dropped EXE
  PID:1032
- C:\Windows\System\OoSPXxL.exe
  C:\Windows\System\OoSPXxL.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\WzIbHwD.exe
  C:\Windows\System\WzIbHwD.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\JZduLas.exe
  C:\Windows\System\JZduLas.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\cckbtdn.exe
  C:\Windows\System\cckbtdn.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\kgZelKr.exe
  C:\Windows\System\kgZelKr.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\DkYYRfD.exe
  C:\Windows\System\DkYYRfD.exe
  2⤵
  - Executes dropped EXE
  PID:3068
- C:\Windows\System\GYrtXeV.exe
  C:\Windows\System\GYrtXeV.exe
  2⤵
  - Executes dropped EXE
  PID:1064
- C:\Windows\System\wYzbFlS.exe
  C:\Windows\System\wYzbFlS.exe
  2⤵
  - Executes dropped EXE
  PID:1364
- C:\Windows\System\YftoRhs.exe
  C:\Windows\System\YftoRhs.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\SPThYmV.exe
  C:\Windows\System\SPThYmV.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\jVFYpjy.exe
  C:\Windows\System\jVFYpjy.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\tUiTPbT.exe
  C:\Windows\System\tUiTPbT.exe
  2⤵
  - Executes dropped EXE
  PID:556
- C:\Windows\System\zlZuAoa.exe
  C:\Windows\System\zlZuAoa.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\cBbLKsM.exe
  C:\Windows\System\cBbLKsM.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\NvSBzJD.exe
  C:\Windows\System\NvSBzJD.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\CFIYUop.exe
  C:\Windows\System\CFIYUop.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\CAJNcRv.exe
  C:\Windows\System\CAJNcRv.exe
  2⤵
  - Executes dropped EXE
  PID:2244
- C:\Windows\System\xwhmnwA.exe
  C:\Windows\System\xwhmnwA.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\unUovmb.exe
  C:\Windows\System\unUovmb.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\tJzwttu.exe
  C:\Windows\System\tJzwttu.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\scKwBgm.exe
  C:\Windows\System\scKwBgm.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\QGtiEZh.exe
  C:\Windows\System\QGtiEZh.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\loFTxtA.exe
  C:\Windows\System\loFTxtA.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\jlHCyvQ.exe
  C:\Windows\System\jlHCyvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\hgfyLLl.exe
  C:\Windows\System\hgfyLLl.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\boyHyeU.exe
  C:\Windows\System\boyHyeU.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\lDmyfUK.exe
  C:\Windows\System\lDmyfUK.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\RNHsNYR.exe
  C:\Windows\System\RNHsNYR.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\fpakNtU.exe
  C:\Windows\System\fpakNtU.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\RcLtwRu.exe
  C:\Windows\System\RcLtwRu.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\aiiggji.exe
  C:\Windows\System\aiiggji.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\GiJqYnM.exe
  C:\Windows\System\GiJqYnM.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\zYrFIfE.exe
  C:\Windows\System\zYrFIfE.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\WzIvHSw.exe
  C:\Windows\System\WzIvHSw.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\wHffsAD.exe
  C:\Windows\System\wHffsAD.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\xBgneKG.exe
  C:\Windows\System\xBgneKG.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\kxdLswP.exe
  C:\Windows\System\kxdLswP.exe
  2⤵
  - Executes dropped EXE
  PID:1188
- C:\Windows\System\APlcLgz.exe
  C:\Windows\System\APlcLgz.exe
  2⤵
  PID:764
- C:\Windows\System\yYJnRBz.exe
  C:\Windows\System\yYJnRBz.exe
  2⤵
  PID:2644
- C:\Windows\System\TERfBMv.exe
  C:\Windows\System\TERfBMv.exe
  2⤵
  PID:2924
- C:\Windows\System\qYYYWgf.exe
  C:\Windows\System\qYYYWgf.exe
  2⤵
  PID:632
- C:\Windows\System\qOHTwDI.exe
  C:\Windows\System\qOHTwDI.exe
  2⤵
  PID:1488
- C:\Windows\System\NLZJfyO.exe
  C:\Windows\System\NLZJfyO.exe
  2⤵
  PID:2076
- C:\Windows\System\lCFLSup.exe
  C:\Windows\System\lCFLSup.exe
  2⤵
  PID:1020
- C:\Windows\System\vfjhvZG.exe
  C:\Windows\System\vfjhvZG.exe
  2⤵
  PID:2008
- C:\Windows\System\FrpjfBJ.exe
  C:\Windows\System\FrpjfBJ.exe
  2⤵
  PID:612
- C:\Windows\System\wfBoMmo.exe
  C:\Windows\System\wfBoMmo.exe
  2⤵
  PID:916
- C:\Windows\System\EGNSYiD.exe
  C:\Windows\System\EGNSYiD.exe
  2⤵
  PID:1788
- C:\Windows\System\xZgZdth.exe
  C:\Windows\System\xZgZdth.exe
  2⤵
  PID:1996
- C:\Windows\System\QURTged.exe
  C:\Windows\System\QURTged.exe
  2⤵
  PID:924
- C:\Windows\System\cKoajfX.exe
  C:\Windows\System\cKoajfX.exe
  2⤵
  PID:1536
- C:\Windows\System\GXTVTEA.exe
  C:\Windows\System\GXTVTEA.exe
  2⤵
  PID:1768
- C:\Windows\System\JMcmGKY.exe
  C:\Windows\System\JMcmGKY.exe
  2⤵
  PID:1832
- C:\Windows\System\IdkzVPT.exe
  C:\Windows\System\IdkzVPT.exe
  2⤵
  PID:2332
- C:\Windows\System\tkRzsFj.exe
  C:\Windows\System\tkRzsFj.exe
  2⤵
  PID:2684
- C:\Windows\System\OfwtMNv.exe
  C:\Windows\System\OfwtMNv.exe
  2⤵
  PID:1764
- C:\Windows\System\ztFHxYe.exe
  C:\Windows\System\ztFHxYe.exe
  2⤵
  PID:2544
- C:\Windows\System\RCUMXlA.exe
  C:\Windows\System\RCUMXlA.exe
  2⤵
  PID:1592
- C:\Windows\System\GdMGoYg.exe
  C:\Windows\System\GdMGoYg.exe
  2⤵
  PID:3048
- C:\Windows\System\BTKcAGc.exe
  C:\Windows\System\BTKcAGc.exe
  2⤵
  PID:3000
- C:\Windows\System\LkmGxHh.exe
  C:\Windows\System\LkmGxHh.exe
  2⤵
  PID:2132
- C:\Windows\System\TvOSaTo.exe
  C:\Windows\System\TvOSaTo.exe
  2⤵
  PID:2752
- C:\Windows\System\sPMHRtO.exe
  C:\Windows\System\sPMHRtO.exe
  2⤵
  PID:2856
- C:\Windows\System\WMaGonm.exe
  C:\Windows\System\WMaGonm.exe
  2⤵
  PID:1540
- C:\Windows\System\oKPOvVD.exe
  C:\Windows\System\oKPOvVD.exe
  2⤵
  PID:468
- C:\Windows\System\JMGDBVa.exe
  C:\Windows\System\JMGDBVa.exe
  2⤵
  PID:1960
- C:\Windows\System\NRKkUQW.exe
  C:\Windows\System\NRKkUQW.exe
  2⤵
  PID:2116
- C:\Windows\System\YTXUzSi.exe
  C:\Windows\System\YTXUzSi.exe
  2⤵
  PID:1704
- C:\Windows\System\UsdpwgG.exe
  C:\Windows\System\UsdpwgG.exe
  2⤵
  PID:2700
- C:\Windows\System\jPMVwgJ.exe
  C:\Windows\System\jPMVwgJ.exe
  2⤵
  PID:3008
- C:\Windows\System\TXLqWDM.exe
  C:\Windows\System\TXLqWDM.exe
  2⤵
  PID:2196
- C:\Windows\System\yzDpAeT.exe
  C:\Windows\System\yzDpAeT.exe
  2⤵
  PID:2192
- C:\Windows\System\mqBhgpq.exe
  C:\Windows\System\mqBhgpq.exe
  2⤵
  PID:2364
- C:\Windows\System\IoHOvpi.exe
  C:\Windows\System\IoHOvpi.exe
  2⤵
  PID:2408
- C:\Windows\System\ubyrVQn.exe
  C:\Windows\System\ubyrVQn.exe
  2⤵
  PID:1936
- C:\Windows\System\KKuENfC.exe
  C:\Windows\System\KKuENfC.exe
  2⤵
  PID:2344
- C:\Windows\System\OmoZYXH.exe
  C:\Windows\System\OmoZYXH.exe
  2⤵
  PID:1580
- C:\Windows\System\ZgbCslk.exe
  C:\Windows\System\ZgbCslk.exe
  2⤵
  PID:1072
- C:\Windows\System\VmxSWuQ.exe
  C:\Windows\System\VmxSWuQ.exe
  2⤵
  PID:2604
- C:\Windows\System\FRaASLM.exe
  C:\Windows\System\FRaASLM.exe
  2⤵
  PID:2612
- C:\Windows\System\FYEaVfj.exe
  C:\Windows\System\FYEaVfj.exe
  2⤵
  PID:1512
- C:\Windows\System\bGWLkIF.exe
  C:\Windows\System\bGWLkIF.exe
  2⤵
  PID:3084
- C:\Windows\System\wgvbIjV.exe
  C:\Windows\System\wgvbIjV.exe
  2⤵
  PID:3104
- C:\Windows\System\udDNzDR.exe
  C:\Windows\System\udDNzDR.exe
  2⤵
  PID:3124
- C:\Windows\System\jIdruTa.exe
  C:\Windows\System\jIdruTa.exe
  2⤵
  PID:3144
- C:\Windows\System\fEoyxpR.exe
  C:\Windows\System\fEoyxpR.exe
  2⤵
  PID:3164
- C:\Windows\System\fxzLgZT.exe
  C:\Windows\System\fxzLgZT.exe
  2⤵
  PID:3184
- C:\Windows\System\QVXAziv.exe
  C:\Windows\System\QVXAziv.exe
  2⤵
  PID:3204
- C:\Windows\System\JrwTSFz.exe
  C:\Windows\System\JrwTSFz.exe
  2⤵
  PID:3224
- C:\Windows\System\BoXFfDE.exe
  C:\Windows\System\BoXFfDE.exe
  2⤵
  PID:3244
- C:\Windows\System\rgWeItd.exe
  C:\Windows\System\rgWeItd.exe
  2⤵
  PID:3260
- C:\Windows\System\DXrxNcG.exe
  C:\Windows\System\DXrxNcG.exe
  2⤵
  PID:3284
- C:\Windows\System\YFCxkQh.exe
  C:\Windows\System\YFCxkQh.exe
  2⤵
  PID:3304
- C:\Windows\System\iXDLMXW.exe
  C:\Windows\System\iXDLMXW.exe
  2⤵
  PID:3324
- C:\Windows\System\cdnpogY.exe
  C:\Windows\System\cdnpogY.exe
  2⤵
  PID:3344
- C:\Windows\System\kHaFbfM.exe
  C:\Windows\System\kHaFbfM.exe
  2⤵
  PID:3364
- C:\Windows\System\LwmJsij.exe
  C:\Windows\System\LwmJsij.exe
  2⤵
  PID:3384
- C:\Windows\System\WVQTkuu.exe
  C:\Windows\System\WVQTkuu.exe
  2⤵
  PID:3404
- C:\Windows\System\TQKZARY.exe
  C:\Windows\System\TQKZARY.exe
  2⤵
  PID:3424
- C:\Windows\System\hgAiBgf.exe
  C:\Windows\System\hgAiBgf.exe
  2⤵
  PID:3444
- C:\Windows\System\UYNTzPD.exe
  C:\Windows\System\UYNTzPD.exe
  2⤵
  PID:3464
- C:\Windows\System\UVxobaL.exe
  C:\Windows\System\UVxobaL.exe
  2⤵
  PID:3484
- C:\Windows\System\xzWAivt.exe
  C:\Windows\System\xzWAivt.exe
  2⤵
  PID:3504
- C:\Windows\System\pMTgmHr.exe
  C:\Windows\System\pMTgmHr.exe
  2⤵
  PID:3524
- C:\Windows\System\VaxEKpy.exe
  C:\Windows\System\VaxEKpy.exe
  2⤵
  PID:3544
- C:\Windows\System\CnbhTZK.exe
  C:\Windows\System\CnbhTZK.exe
  2⤵
  PID:3564
- C:\Windows\System\MxSCcYY.exe
  C:\Windows\System\MxSCcYY.exe
  2⤵
  PID:3584
- C:\Windows\System\BijRacr.exe
  C:\Windows\System\BijRacr.exe
  2⤵
  PID:3604
- C:\Windows\System\vYzwhSV.exe
  C:\Windows\System\vYzwhSV.exe
  2⤵
  PID:3624
- C:\Windows\System\lMAPflZ.exe
  C:\Windows\System\lMAPflZ.exe
  2⤵
  PID:3644
- C:\Windows\System\LQDfzOt.exe
  C:\Windows\System\LQDfzOt.exe
  2⤵
  PID:3664
- C:\Windows\System\OOzenOf.exe
  C:\Windows\System\OOzenOf.exe
  2⤵
  PID:3684
- C:\Windows\System\vvJGlHt.exe
  C:\Windows\System\vvJGlHt.exe
  2⤵
  PID:3704
- C:\Windows\System\UTdMDAR.exe
  C:\Windows\System\UTdMDAR.exe
  2⤵
  PID:3724
- C:\Windows\System\gtGCHKp.exe
  C:\Windows\System\gtGCHKp.exe
  2⤵
  PID:3740
- C:\Windows\System\zHEQGHN.exe
  C:\Windows\System\zHEQGHN.exe
  2⤵
  PID:3760
- C:\Windows\System\nXyquZp.exe
  C:\Windows\System\nXyquZp.exe
  2⤵
  PID:3780
- C:\Windows\System\nSoFLcZ.exe
  C:\Windows\System\nSoFLcZ.exe
  2⤵
  PID:3804
- C:\Windows\System\wrkPtPJ.exe
  C:\Windows\System\wrkPtPJ.exe
  2⤵
  PID:3820
- C:\Windows\System\wIhDHtJ.exe
  C:\Windows\System\wIhDHtJ.exe
  2⤵
  PID:3840
- C:\Windows\System\mdDTpXO.exe
  C:\Windows\System\mdDTpXO.exe
  2⤵
  PID:3860
- C:\Windows\System\KVFMMiV.exe
  C:\Windows\System\KVFMMiV.exe
  2⤵
  PID:3884
- C:\Windows\System\oqZFvps.exe
  C:\Windows\System\oqZFvps.exe
  2⤵
  PID:3904
- C:\Windows\System\sqEIfxa.exe
  C:\Windows\System\sqEIfxa.exe
  2⤵
  PID:3924
- C:\Windows\System\hgLPXNd.exe
  C:\Windows\System\hgLPXNd.exe
  2⤵
  PID:3944
- C:\Windows\System\CsZZmkz.exe
  C:\Windows\System\CsZZmkz.exe
  2⤵
  PID:3964
- C:\Windows\System\hZZRRqs.exe
  C:\Windows\System\hZZRRqs.exe
  2⤵
  PID:3984
- C:\Windows\System\HIDyHrb.exe
  C:\Windows\System\HIDyHrb.exe
  2⤵
  PID:4004
- C:\Windows\System\hshLyfZ.exe
  C:\Windows\System\hshLyfZ.exe
  2⤵
  PID:4024
- C:\Windows\System\aesSRza.exe
  C:\Windows\System\aesSRza.exe
  2⤵
  PID:4044
- C:\Windows\System\CMwOwrD.exe
  C:\Windows\System\CMwOwrD.exe
  2⤵
  PID:4064
- C:\Windows\System\casRbER.exe
  C:\Windows\System\casRbER.exe
  2⤵
  PID:4084
- C:\Windows\System\XGoSULm.exe
  C:\Windows\System\XGoSULm.exe
  2⤵
  PID:2664
- C:\Windows\System\btJEuaa.exe
  C:\Windows\System\btJEuaa.exe
  2⤵
  PID:2968
- C:\Windows\System\uTubNag.exe
  C:\Windows\System\uTubNag.exe
  2⤵
  PID:904
- C:\Windows\System\BXXRQbx.exe
  C:\Windows\System\BXXRQbx.exe
  2⤵
  PID:340
- C:\Windows\System\JcLfZPT.exe
  C:\Windows\System\JcLfZPT.exe
  2⤵
  PID:2548
- C:\Windows\System\APHdqXA.exe
  C:\Windows\System\APHdqXA.exe
  2⤵
  PID:1988
- C:\Windows\System\gVNuzez.exe
  C:\Windows\System\gVNuzez.exe
  2⤵
  PID:2168
- C:\Windows\System\UPeOgsE.exe
  C:\Windows\System\UPeOgsE.exe
  2⤵
  PID:640
- C:\Windows\System\zEdunSJ.exe
  C:\Windows\System\zEdunSJ.exe
  2⤵
  PID:2720
- C:\Windows\System\bDMLwMQ.exe
  C:\Windows\System\bDMLwMQ.exe
  2⤵
  PID:3080
- C:\Windows\System\nOjyVDC.exe
  C:\Windows\System\nOjyVDC.exe
  2⤵
  PID:3100
- C:\Windows\System\vskilaI.exe
  C:\Windows\System\vskilaI.exe
  2⤵
  PID:3132
- C:\Windows\System\lYEjQvz.exe
  C:\Windows\System\lYEjQvz.exe
  2⤵
  PID:3136
- C:\Windows\System\weTPJzQ.exe
  C:\Windows\System\weTPJzQ.exe
  2⤵
  PID:3200
- C:\Windows\System\zJgvoBb.exe
  C:\Windows\System\zJgvoBb.exe
  2⤵
  PID:3236
- C:\Windows\System\nghqDSc.exe
  C:\Windows\System\nghqDSc.exe
  2⤵
  PID:3268
- C:\Windows\System\smSgrbw.exe
  C:\Windows\System\smSgrbw.exe
  2⤵
  PID:3312
- C:\Windows\System\StpHEnw.exe
  C:\Windows\System\StpHEnw.exe
  2⤵
  PID:3332
- C:\Windows\System\UZgSXJg.exe
  C:\Windows\System\UZgSXJg.exe
  2⤵
  PID:3392
- C:\Windows\System\nfmVEdQ.exe
  C:\Windows\System\nfmVEdQ.exe
  2⤵
  PID:3432
- C:\Windows\System\IeXSXRE.exe
  C:\Windows\System\IeXSXRE.exe
  2⤵
  PID:3372
- C:\Windows\System\tZwqtUW.exe
  C:\Windows\System\tZwqtUW.exe
  2⤵
  PID:3452
- C:\Windows\System\IhIwMvy.exe
  C:\Windows\System\IhIwMvy.exe
  2⤵
  PID:3520
- C:\Windows\System\FoDWrVv.exe
  C:\Windows\System\FoDWrVv.exe
  2⤵
  PID:3552
- C:\Windows\System\aeZVAwz.exe
  C:\Windows\System\aeZVAwz.exe
  2⤵
  PID:3536
- C:\Windows\System\XuEnbyJ.exe
  C:\Windows\System\XuEnbyJ.exe
  2⤵
  PID:3580
- C:\Windows\System\VSMFoSb.exe
  C:\Windows\System\VSMFoSb.exe
  2⤵
  PID:3620
- C:\Windows\System\IxamzfR.exe
  C:\Windows\System\IxamzfR.exe
  2⤵
  PID:3676
- C:\Windows\System\WHqaFvh.exe
  C:\Windows\System\WHqaFvh.exe
  2⤵
  PID:3720
- C:\Windows\System\pQmNSBt.exe
  C:\Windows\System\pQmNSBt.exe
  2⤵
  PID:3032
- C:\Windows\System\OZDIXrF.exe
  C:\Windows\System\OZDIXrF.exe
  2⤵
  PID:3736
- C:\Windows\System\RSxKCWv.exe
  C:\Windows\System\RSxKCWv.exe
  2⤵
  PID:3768
- C:\Windows\System\ZdveTlP.exe
  C:\Windows\System\ZdveTlP.exe
  2⤵
  PID:3832
- C:\Windows\System\QzbJtZO.exe
  C:\Windows\System\QzbJtZO.exe
  2⤵
  PID:3876
- C:\Windows\System\xwfHTpn.exe
  C:\Windows\System\xwfHTpn.exe
  2⤵
  PID:3892
- C:\Windows\System\NVwoUuz.exe
  C:\Windows\System\NVwoUuz.exe
  2⤵
  PID:3932
- C:\Windows\System\TQHMlYR.exe
  C:\Windows\System\TQHMlYR.exe
  2⤵
  PID:3936
- C:\Windows\System\JMiaafV.exe
  C:\Windows\System\JMiaafV.exe
  2⤵
  PID:3980
- C:\Windows\System\XGZDXHy.exe
  C:\Windows\System\XGZDXHy.exe
  2⤵
  PID:4036
- C:\Windows\System\Uxabhsw.exe
  C:\Windows\System\Uxabhsw.exe
  2⤵
  PID:4072
- C:\Windows\System\tjmYOfm.exe
  C:\Windows\System\tjmYOfm.exe
  2⤵
  PID:4092
- C:\Windows\System\EEHIKmF.exe
  C:\Windows\System\EEHIKmF.exe
  2⤵
  PID:2080
- C:\Windows\System\scQIOrw.exe
  C:\Windows\System\scQIOrw.exe
  2⤵
  PID:2236
- C:\Windows\System\TXgqtEH.exe
  C:\Windows\System\TXgqtEH.exe
  2⤵
  PID:1672
- C:\Windows\System\IxkEHlo.exe
  C:\Windows\System\IxkEHlo.exe
  2⤵
  PID:2440
- C:\Windows\System\NUjDuxa.exe
  C:\Windows\System\NUjDuxa.exe
  2⤵
  PID:1568
- C:\Windows\System\JwJOOby.exe
  C:\Windows\System\JwJOOby.exe
  2⤵
  PID:3092
- C:\Windows\System\gSWAKTF.exe
  C:\Windows\System\gSWAKTF.exe
  2⤵
  PID:3152
- C:\Windows\System\XELUDcT.exe
  C:\Windows\System\XELUDcT.exe
  2⤵
  PID:3160
- C:\Windows\System\GXtMfqh.exe
  C:\Windows\System\GXtMfqh.exe
  2⤵
  PID:3256
- C:\Windows\System\qXThmcQ.exe
  C:\Windows\System\qXThmcQ.exe
  2⤵
  PID:3296
- C:\Windows\System\QParWeA.exe
  C:\Windows\System\QParWeA.exe
  2⤵
  PID:3400
- C:\Windows\System\WzmknDM.exe
  C:\Windows\System\WzmknDM.exe
  2⤵
  PID:3416
- C:\Windows\System\OlZmqvX.exe
  C:\Windows\System\OlZmqvX.exe
  2⤵
  PID:3460
- C:\Windows\System\VfXRIUH.exe
  C:\Windows\System\VfXRIUH.exe
  2⤵
  PID:3456
- C:\Windows\System\EJHlQRq.exe
  C:\Windows\System\EJHlQRq.exe
  2⤵
  PID:3532
- C:\Windows\System\tqIyUNu.exe
  C:\Windows\System\tqIyUNu.exe
  2⤵
  PID:3672
- C:\Windows\System\ZEoNnqu.exe
  C:\Windows\System\ZEoNnqu.exe
  2⤵
  PID:3696
- C:\Windows\System\gdSOVLk.exe
  C:\Windows\System\gdSOVLk.exe
  2⤵
  PID:3792
- C:\Windows\System\GWDZnHg.exe
  C:\Windows\System\GWDZnHg.exe
  2⤵
  PID:3812
- C:\Windows\System\mSkHuWv.exe
  C:\Windows\System\mSkHuWv.exe
  2⤵
  PID:3816
- C:\Windows\System\OyAAcsc.exe
  C:\Windows\System\OyAAcsc.exe
  2⤵
  PID:3852
- C:\Windows\System\vLsyBkm.exe
  C:\Windows\System\vLsyBkm.exe
  2⤵
  PID:3940
- C:\Windows\System\YsFDhfj.exe
  C:\Windows\System\YsFDhfj.exe
  2⤵
  PID:4108
- C:\Windows\System\ApSOgJb.exe
  C:\Windows\System\ApSOgJb.exe
  2⤵
  PID:4128
- C:\Windows\System\PjMPZCv.exe
  C:\Windows\System\PjMPZCv.exe
  2⤵
  PID:4148
- C:\Windows\System\QMMJwOS.exe
  C:\Windows\System\QMMJwOS.exe
  2⤵
  PID:4168
- C:\Windows\System\mxVArvt.exe
  C:\Windows\System\mxVArvt.exe
  2⤵
  PID:4188
- C:\Windows\System\XWliAfw.exe
  C:\Windows\System\XWliAfw.exe
  2⤵
  PID:4208
- C:\Windows\System\eHqnBls.exe
  C:\Windows\System\eHqnBls.exe
  2⤵
  PID:4228
- C:\Windows\System\XSUSMCy.exe
  C:\Windows\System\XSUSMCy.exe
  2⤵
  PID:4248
- C:\Windows\System\uMDsBCB.exe
  C:\Windows\System\uMDsBCB.exe
  2⤵
  PID:4268
- C:\Windows\System\qTtuDhs.exe
  C:\Windows\System\qTtuDhs.exe
  2⤵
  PID:4288
- C:\Windows\System\gNlrSkL.exe
  C:\Windows\System\gNlrSkL.exe
  2⤵
  PID:4308
- C:\Windows\System\GIsdsTJ.exe
  C:\Windows\System\GIsdsTJ.exe
  2⤵
  PID:4328
- C:\Windows\System\aYxOkpc.exe
  C:\Windows\System\aYxOkpc.exe
  2⤵
  PID:4348
- C:\Windows\System\oDVxiZJ.exe
  C:\Windows\System\oDVxiZJ.exe
  2⤵
  PID:4368
- C:\Windows\System\rMbZyuA.exe
  C:\Windows\System\rMbZyuA.exe
  2⤵
  PID:4388
- C:\Windows\System\WipraIH.exe
  C:\Windows\System\WipraIH.exe
  2⤵
  PID:4408
- C:\Windows\System\IEswhXt.exe
  C:\Windows\System\IEswhXt.exe
  2⤵
  PID:4428
- C:\Windows\System\sGzjLea.exe
  C:\Windows\System\sGzjLea.exe
  2⤵
  PID:4448
- C:\Windows\System\KymgFKG.exe
  C:\Windows\System\KymgFKG.exe
  2⤵
  PID:4472
- C:\Windows\System\SuALCAl.exe
  C:\Windows\System\SuALCAl.exe
  2⤵
  PID:4492
- C:\Windows\System\crFNObZ.exe
  C:\Windows\System\crFNObZ.exe
  2⤵
  PID:4512
- C:\Windows\System\kdiNZOg.exe
  C:\Windows\System\kdiNZOg.exe
  2⤵
  PID:4532
- C:\Windows\System\cYEpThd.exe
  C:\Windows\System\cYEpThd.exe
  2⤵
  PID:4552
- C:\Windows\System\ipmtiGH.exe
  C:\Windows\System\ipmtiGH.exe
  2⤵
  PID:4572
- C:\Windows\System\rZZvKUC.exe
  C:\Windows\System\rZZvKUC.exe
  2⤵
  PID:4592
- C:\Windows\System\bxssfOr.exe
  C:\Windows\System\bxssfOr.exe
  2⤵
  PID:4612
- C:\Windows\System\dISDTzG.exe
  C:\Windows\System\dISDTzG.exe
  2⤵
  PID:4632
- C:\Windows\System\vRPgMno.exe
  C:\Windows\System\vRPgMno.exe
  2⤵
  PID:4652
- C:\Windows\System\GaBPvjr.exe
  C:\Windows\System\GaBPvjr.exe
  2⤵
  PID:4672
- C:\Windows\System\tPgLtZm.exe
  C:\Windows\System\tPgLtZm.exe
  2⤵
  PID:4692
- C:\Windows\System\FNEznId.exe
  C:\Windows\System\FNEznId.exe
  2⤵
  PID:4712
- C:\Windows\System\VdhUzzY.exe
  C:\Windows\System\VdhUzzY.exe
  2⤵
  PID:4732
- C:\Windows\System\JIzmZnb.exe
  C:\Windows\System\JIzmZnb.exe
  2⤵
  PID:4752
- C:\Windows\System\JLITfbZ.exe
  C:\Windows\System\JLITfbZ.exe
  2⤵
  PID:4772
- C:\Windows\System\xlSeOSE.exe
  C:\Windows\System\xlSeOSE.exe
  2⤵
  PID:4792
- C:\Windows\System\nHLpleL.exe
  C:\Windows\System\nHLpleL.exe
  2⤵
  PID:4812
- C:\Windows\System\cccqtcF.exe
  C:\Windows\System\cccqtcF.exe
  2⤵
  PID:4832
- C:\Windows\System\uyBpVNP.exe
  C:\Windows\System\uyBpVNP.exe
  2⤵
  PID:4852
- C:\Windows\System\eExRFop.exe
  C:\Windows\System\eExRFop.exe
  2⤵
  PID:4872
- C:\Windows\System\BUtJNoW.exe
  C:\Windows\System\BUtJNoW.exe
  2⤵
  PID:4896
- C:\Windows\System\sUyCxdx.exe
  C:\Windows\System\sUyCxdx.exe
  2⤵
  PID:4916
- C:\Windows\System\eEEzsUk.exe
  C:\Windows\System\eEEzsUk.exe
  2⤵
  PID:4936
- C:\Windows\System\PAbhLuY.exe
  C:\Windows\System\PAbhLuY.exe
  2⤵
  PID:4956
- C:\Windows\System\mZdAtXT.exe
  C:\Windows\System\mZdAtXT.exe
  2⤵
  PID:4976
- C:\Windows\System\RiJQUTc.exe
  C:\Windows\System\RiJQUTc.exe
  2⤵
  PID:4996
- C:\Windows\System\tSIfESm.exe
  C:\Windows\System\tSIfESm.exe
  2⤵
  PID:5016
- C:\Windows\System\mOtZJCJ.exe
  C:\Windows\System\mOtZJCJ.exe
  2⤵
  PID:5036
- C:\Windows\System\OqJPfZW.exe
  C:\Windows\System\OqJPfZW.exe
  2⤵
  PID:5056
- C:\Windows\System\ZZNkldA.exe
  C:\Windows\System\ZZNkldA.exe
  2⤵
  PID:5076
- C:\Windows\System\eHMtEPa.exe
  C:\Windows\System\eHMtEPa.exe
  2⤵
  PID:5096
- C:\Windows\System\tMkHtzh.exe
  C:\Windows\System\tMkHtzh.exe
  2⤵
  PID:5116
- C:\Windows\System\GJAxYVI.exe
  C:\Windows\System\GJAxYVI.exe
  2⤵
  PID:4040
- C:\Windows\System\qfOOuWs.exe
  C:\Windows\System\qfOOuWs.exe
  2⤵
  PID:4076
- C:\Windows\System\uSypjNK.exe
  C:\Windows\System\uSypjNK.exe
  2⤵
  PID:1096
- C:\Windows\System\HjQHsfm.exe
  C:\Windows\System\HjQHsfm.exe
  2⤵
  PID:2428
- C:\Windows\System\XfWFvpW.exe
  C:\Windows\System\XfWFvpW.exe
  2⤵
  PID:2744
- C:\Windows\System\MgnnrOd.exe
  C:\Windows\System\MgnnrOd.exe
  2⤵
  PID:3116
- C:\Windows\System\eKQMOGc.exe
  C:\Windows\System\eKQMOGc.exe
  2⤵
  PID:3180
- C:\Windows\System\xgRRruf.exe
  C:\Windows\System\xgRRruf.exe
  2⤵
  PID:3280
- C:\Windows\System\JWBuJUt.exe
  C:\Windows\System\JWBuJUt.exe
  2⤵
  PID:3472
- C:\Windows\System\jtWTzGL.exe
  C:\Windows\System\jtWTzGL.exe
  2⤵
  PID:3512
- C:\Windows\System\rjgpFLo.exe
  C:\Windows\System\rjgpFLo.exe
  2⤵
  PID:3632
- C:\Windows\System\zYLRDcj.exe
  C:\Windows\System\zYLRDcj.exe
  2⤵
  PID:3700
- C:\Windows\System\QVgqBjR.exe
  C:\Windows\System\QVgqBjR.exe
  2⤵
  PID:3800
- C:\Windows\System\YKwaCQL.exe
  C:\Windows\System\YKwaCQL.exe
  2⤵
  PID:3920
- C:\Windows\System\vKfFISO.exe
  C:\Windows\System\vKfFISO.exe
  2⤵
  PID:4000
- C:\Windows\System\glvSHUC.exe
  C:\Windows\System\glvSHUC.exe
  2⤵
  PID:4136
- C:\Windows\System\bIaLYlE.exe
  C:\Windows\System\bIaLYlE.exe
  2⤵
  PID:4156
- C:\Windows\System\ixvyXPd.exe
  C:\Windows\System\ixvyXPd.exe
  2⤵
  PID:4180
- C:\Windows\System\SPMhuBH.exe
  C:\Windows\System\SPMhuBH.exe
  2⤵
  PID:4220
- C:\Windows\System\yZEYcCo.exe
  C:\Windows\System\yZEYcCo.exe
  2⤵
  PID:4240
- C:\Windows\System\mHkaeko.exe
  C:\Windows\System\mHkaeko.exe
  2⤵
  PID:4280
- C:\Windows\System\wpyPRGB.exe
  C:\Windows\System\wpyPRGB.exe
  2⤵
  PID:4324
- C:\Windows\System\HkZRuws.exe
  C:\Windows\System\HkZRuws.exe
  2⤵
  PID:4376
- C:\Windows\System\ObMtWyJ.exe
  C:\Windows\System\ObMtWyJ.exe
  2⤵
  PID:4396
- C:\Windows\System\kEszjeu.exe
  C:\Windows\System\kEszjeu.exe
  2⤵
  PID:4420
- C:\Windows\System\sRIKGzy.exe
  C:\Windows\System\sRIKGzy.exe
  2⤵
  PID:4440
- C:\Windows\System\XOrwNIb.exe
  C:\Windows\System\XOrwNIb.exe
  2⤵
  PID:4508
- C:\Windows\System\oPbmHMh.exe
  C:\Windows\System\oPbmHMh.exe
  2⤵
  PID:4540
- C:\Windows\System\ZGUZyCD.exe
  C:\Windows\System\ZGUZyCD.exe
  2⤵
  PID:4580
- C:\Windows\System\ljrjhue.exe
  C:\Windows\System\ljrjhue.exe
  2⤵
  PID:4600
- C:\Windows\System\FvCxQUC.exe
  C:\Windows\System\FvCxQUC.exe
  2⤵
  PID:4628
- C:\Windows\System\JaRScjv.exe
  C:\Windows\System\JaRScjv.exe
  2⤵
  PID:4648
- C:\Windows\System\zZTPGPc.exe
  C:\Windows\System\zZTPGPc.exe
  2⤵
  PID:4708
- C:\Windows\System\bkOTjNM.exe
  C:\Windows\System\bkOTjNM.exe
  2⤵
  PID:4728
- C:\Windows\System\bTzoCVD.exe
  C:\Windows\System\bTzoCVD.exe
  2⤵
  PID:4760
- C:\Windows\System\FlKHRhk.exe
  C:\Windows\System\FlKHRhk.exe
  2⤵
  PID:4784
- C:\Windows\System\AVSAiPv.exe
  C:\Windows\System\AVSAiPv.exe
  2⤵
  PID:4828
- C:\Windows\System\JikVsgF.exe
  C:\Windows\System\JikVsgF.exe
  2⤵
  PID:4848
- C:\Windows\System\yaxxjwY.exe
  C:\Windows\System\yaxxjwY.exe
  2⤵
  PID:4888
- C:\Windows\System\CyNfyeH.exe
  C:\Windows\System\CyNfyeH.exe
  2⤵
  PID:4928
- C:\Windows\System\DlGVwjx.exe
  C:\Windows\System\DlGVwjx.exe
  2⤵
  PID:4972
- C:\Windows\System\yooeaye.exe
  C:\Windows\System\yooeaye.exe
  2⤵
  PID:5004
- C:\Windows\System\luCVjIv.exe
  C:\Windows\System\luCVjIv.exe
  2⤵
  PID:5028
- C:\Windows\System\srxeIGe.exe
  C:\Windows\System\srxeIGe.exe
  2⤵
  PID:5068
- C:\Windows\System\MqskmdS.exe
  C:\Windows\System\MqskmdS.exe
  2⤵
  PID:5088
- C:\Windows\System\BqOXndl.exe
  C:\Windows\System\BqOXndl.exe
  2⤵
  PID:2940
- C:\Windows\System\PelPzoA.exe
  C:\Windows\System\PelPzoA.exe
  2⤵
  PID:840
- C:\Windows\System\JTzgZgN.exe
  C:\Windows\System\JTzgZgN.exe
  2⤵
  PID:2756
- C:\Windows\System\fDmGuzk.exe
  C:\Windows\System\fDmGuzk.exe
  2⤵
  PID:2508
- C:\Windows\System\JQXrXmN.exe
  C:\Windows\System\JQXrXmN.exe
  2⤵
  PID:3212
- C:\Windows\System\JLhDjrQ.exe
  C:\Windows\System\JLhDjrQ.exe
  2⤵
  PID:3412
- C:\Windows\System\ZlyPEtG.exe
  C:\Windows\System\ZlyPEtG.exe
  2⤵
  PID:3572
- C:\Windows\System\QBeUVzC.exe
  C:\Windows\System\QBeUVzC.exe
  2⤵
  PID:3656
- C:\Windows\System\oiDhEQI.exe
  C:\Windows\System\oiDhEQI.exe
  2⤵
  PID:3916
- C:\Windows\System\YyNFuor.exe
  C:\Windows\System\YyNFuor.exe
  2⤵
  PID:4100
- C:\Windows\System\TsRfHCl.exe
  C:\Windows\System\TsRfHCl.exe
  2⤵
  PID:4160
- C:\Windows\System\XrozJWM.exe
  C:\Windows\System\XrozJWM.exe
  2⤵
  PID:4196
- C:\Windows\System\qykwPdv.exe
  C:\Windows\System\qykwPdv.exe
  2⤵
  PID:4296
- C:\Windows\System\frkiGwz.exe
  C:\Windows\System\frkiGwz.exe
  2⤵
  PID:4356
- C:\Windows\System\UalBkqs.exe
  C:\Windows\System\UalBkqs.exe
  2⤵
  PID:4404
- C:\Windows\System\bUHkKJW.exe
  C:\Windows\System\bUHkKJW.exe
  2⤵
  PID:4464
- C:\Windows\System\OYSBOsW.exe
  C:\Windows\System\OYSBOsW.exe
  2⤵
  PID:4504
- C:\Windows\System\ujjsdZG.exe
  C:\Windows\System\ujjsdZG.exe
  2⤵
  PID:4544
- C:\Windows\System\BgDnpNM.exe
  C:\Windows\System\BgDnpNM.exe
  2⤵
  PID:4640
- C:\Windows\System\glVpRiB.exe
  C:\Windows\System\glVpRiB.exe
  2⤵
  PID:4664
- C:\Windows\System\mVdQBee.exe
  C:\Windows\System\mVdQBee.exe
  2⤵
  PID:4704
- C:\Windows\System\BAHTBBb.exe
  C:\Windows\System\BAHTBBb.exe
  2⤵
  PID:4788
- C:\Windows\System\feGaSbz.exe
  C:\Windows\System\feGaSbz.exe
  2⤵
  PID:4860
- C:\Windows\System\RzWSobf.exe
  C:\Windows\System\RzWSobf.exe
  2⤵
  PID:4912
- C:\Windows\System\oWwecGf.exe
  C:\Windows\System\oWwecGf.exe
  2⤵
  PID:4948
- C:\Windows\System\KIbkMaD.exe
  C:\Windows\System\KIbkMaD.exe
  2⤵
  PID:5052
- C:\Windows\System\dczWFHk.exe
  C:\Windows\System\dczWFHk.exe
  2⤵
  PID:5108
- C:\Windows\System\dhfUddM.exe
  C:\Windows\System\dhfUddM.exe
  2⤵
  PID:4012
- C:\Windows\System\HGIHChr.exe
  C:\Windows\System\HGIHChr.exe
  2⤵
  PID:3056
- C:\Windows\System\RMdHWhI.exe
  C:\Windows\System\RMdHWhI.exe
  2⤵
  PID:2380
- C:\Windows\System\TfCsWxK.exe
  C:\Windows\System\TfCsWxK.exe
  2⤵
  PID:3376
- C:\Windows\System\NzOyuwn.exe
  C:\Windows\System\NzOyuwn.exe
  2⤵
  PID:5128
- C:\Windows\System\lIPhYnk.exe
  C:\Windows\System\lIPhYnk.exe
  2⤵
  PID:5148
- C:\Windows\System\QQPmMop.exe
  C:\Windows\System\QQPmMop.exe
  2⤵
  PID:5168
- C:\Windows\System\siYvznZ.exe
  C:\Windows\System\siYvznZ.exe
  2⤵
  PID:5188
- C:\Windows\System\EFibfHE.exe
  C:\Windows\System\EFibfHE.exe
  2⤵
  PID:5208
- C:\Windows\System\QKAuenv.exe
  C:\Windows\System\QKAuenv.exe
  2⤵
  PID:5228
- C:\Windows\System\VsxBRDW.exe
  C:\Windows\System\VsxBRDW.exe
  2⤵
  PID:5248
- C:\Windows\System\MxFzvbu.exe
  C:\Windows\System\MxFzvbu.exe
  2⤵
  PID:5268
- C:\Windows\System\xwGfLwZ.exe
  C:\Windows\System\xwGfLwZ.exe
  2⤵
  PID:5288
- C:\Windows\System\uJJDOMU.exe
  C:\Windows\System\uJJDOMU.exe
  2⤵
  PID:5308
- C:\Windows\System\rngmGWW.exe
  C:\Windows\System\rngmGWW.exe
  2⤵
  PID:5328
- C:\Windows\System\rctDoeD.exe
  C:\Windows\System\rctDoeD.exe
  2⤵
  PID:5348
- C:\Windows\System\ESXXeGb.exe
  C:\Windows\System\ESXXeGb.exe
  2⤵
  PID:5372
- C:\Windows\System\gIDUlhB.exe
  C:\Windows\System\gIDUlhB.exe
  2⤵
  PID:5392
- C:\Windows\System\DFnrnxU.exe
  C:\Windows\System\DFnrnxU.exe
  2⤵
  PID:5412
- C:\Windows\System\YIdaZmX.exe
  C:\Windows\System\YIdaZmX.exe
  2⤵
  PID:5432
- C:\Windows\System\YiIOcci.exe
  C:\Windows\System\YiIOcci.exe
  2⤵
  PID:5452
- C:\Windows\System\vxUnDCq.exe
  C:\Windows\System\vxUnDCq.exe
  2⤵
  PID:5472
- C:\Windows\System\NChmpHv.exe
  C:\Windows\System\NChmpHv.exe
  2⤵
  PID:5492
- C:\Windows\System\oDxclyc.exe
  C:\Windows\System\oDxclyc.exe
  2⤵
  PID:5512
- C:\Windows\System\KRSOuyQ.exe
  C:\Windows\System\KRSOuyQ.exe
  2⤵
  PID:5532
- C:\Windows\System\IOOopvg.exe
  C:\Windows\System\IOOopvg.exe
  2⤵
  PID:5552
- C:\Windows\System\fRwoxdt.exe
  C:\Windows\System\fRwoxdt.exe
  2⤵
  PID:5572
- C:\Windows\System\rbUYEVt.exe
  C:\Windows\System\rbUYEVt.exe
  2⤵
  PID:5592
- C:\Windows\System\uQPnUum.exe
  C:\Windows\System\uQPnUum.exe
  2⤵
  PID:5612
- C:\Windows\System\fSgUEHD.exe
  C:\Windows\System\fSgUEHD.exe
  2⤵
  PID:5632
- C:\Windows\System\fkhFLOx.exe
  C:\Windows\System\fkhFLOx.exe
  2⤵
  PID:5652
- C:\Windows\System\QDehfWn.exe
  C:\Windows\System\QDehfWn.exe
  2⤵
  PID:5672
- C:\Windows\System\qjUUhow.exe
  C:\Windows\System\qjUUhow.exe
  2⤵
  PID:5692
- C:\Windows\System\Vrizacr.exe
  C:\Windows\System\Vrizacr.exe
  2⤵
  PID:5712
- C:\Windows\System\sACHHWC.exe
  C:\Windows\System\sACHHWC.exe
  2⤵
  PID:5732
- C:\Windows\System\pkZxywQ.exe
  C:\Windows\System\pkZxywQ.exe
  2⤵
  PID:5752
- C:\Windows\System\XxgdPcM.exe
  C:\Windows\System\XxgdPcM.exe
  2⤵
  PID:5772
- C:\Windows\System\yvrlHYf.exe
  C:\Windows\System\yvrlHYf.exe
  2⤵
  PID:5792
- C:\Windows\System\bzAhjlt.exe
  C:\Windows\System\bzAhjlt.exe
  2⤵
  PID:5812
- C:\Windows\System\tMIDBcV.exe
  C:\Windows\System\tMIDBcV.exe
  2⤵
  PID:5832
- C:\Windows\System\CxIFwDK.exe
  C:\Windows\System\CxIFwDK.exe
  2⤵
  PID:5852
- C:\Windows\System\ICxXhbl.exe
  C:\Windows\System\ICxXhbl.exe
  2⤵
  PID:5872
- C:\Windows\System\MMiZkns.exe
  C:\Windows\System\MMiZkns.exe
  2⤵
  PID:5892
- C:\Windows\System\jDPTDmU.exe
  C:\Windows\System\jDPTDmU.exe
  2⤵
  PID:5912
- C:\Windows\System\DRcXuLF.exe
  C:\Windows\System\DRcXuLF.exe
  2⤵
  PID:5932
- C:\Windows\System\gEFdcVL.exe
  C:\Windows\System\gEFdcVL.exe
  2⤵
  PID:5952
- C:\Windows\System\BFNqwsf.exe
  C:\Windows\System\BFNqwsf.exe
  2⤵
  PID:5972
- C:\Windows\System\LHMBQFC.exe
  C:\Windows\System\LHMBQFC.exe
  2⤵
  PID:5992
- C:\Windows\System\TUjJsVm.exe
  C:\Windows\System\TUjJsVm.exe
  2⤵
  PID:6016
- C:\Windows\System\NwGjmmi.exe
  C:\Windows\System\NwGjmmi.exe
  2⤵
  PID:6036
- C:\Windows\System\YwKdTgw.exe
  C:\Windows\System\YwKdTgw.exe
  2⤵
  PID:6056
- C:\Windows\System\cAFoUGZ.exe
  C:\Windows\System\cAFoUGZ.exe
  2⤵
  PID:6076
- C:\Windows\System\NiRmUbI.exe
  C:\Windows\System\NiRmUbI.exe
  2⤵
  PID:6096
- C:\Windows\System\nSPTmtY.exe
  C:\Windows\System\nSPTmtY.exe
  2⤵
  PID:6116
- C:\Windows\System\VgaDSbw.exe
  C:\Windows\System\VgaDSbw.exe
  2⤵
  PID:6136
- C:\Windows\System\AoUYUoe.exe
  C:\Windows\System\AoUYUoe.exe
  2⤵
  PID:3716
- C:\Windows\System\MaJvXSw.exe
  C:\Windows\System\MaJvXSw.exe
  2⤵
  PID:4104
- C:\Windows\System\NIDkVxk.exe
  C:\Windows\System\NIDkVxk.exe
  2⤵
  PID:4276
- C:\Windows\System\VCSdZCX.exe
  C:\Windows\System\VCSdZCX.exe
  2⤵
  PID:4336
- C:\Windows\System\FnsclLg.exe
  C:\Windows\System\FnsclLg.exe
  2⤵
  PID:4380
- C:\Windows\System\TWULLGb.exe
  C:\Windows\System\TWULLGb.exe
  2⤵
  PID:4488
- C:\Windows\System\sYzFLbV.exe
  C:\Windows\System\sYzFLbV.exe
  2⤵
  PID:4560
- C:\Windows\System\VbVcOGL.exe
  C:\Windows\System\VbVcOGL.exe
  2⤵
  PID:4620
- C:\Windows\System\UnmHoSj.exe
  C:\Windows\System\UnmHoSj.exe
  2⤵
  PID:4808
- C:\Windows\System\fqddqtn.exe
  C:\Windows\System\fqddqtn.exe
  2⤵
  PID:4864
- C:\Windows\System\MUpCGAv.exe
  C:\Windows\System\MUpCGAv.exe
  2⤵
  PID:4988
- C:\Windows\System\rYDSxxj.exe
  C:\Windows\System\rYDSxxj.exe
  2⤵
  PID:4968
- C:\Windows\System\ZEvRmgn.exe
  C:\Windows\System\ZEvRmgn.exe
  2⤵
  PID:5092
- C:\Windows\System\PpwUuKo.exe
  C:\Windows\System\PpwUuKo.exe
  2⤵
  PID:3120
- C:\Windows\System\RJAhFIL.exe
  C:\Windows\System\RJAhFIL.exe
  2⤵
  PID:5124
- C:\Windows\System\nEeiwtW.exe
  C:\Windows\System\nEeiwtW.exe
  2⤵
  PID:5156
- C:\Windows\System\ZfakxEC.exe
  C:\Windows\System\ZfakxEC.exe
  2⤵
  PID:5180
- C:\Windows\System\kjWRPqw.exe
  C:\Windows\System\kjWRPqw.exe
  2⤵
  PID:5224
- C:\Windows\System\sJThCiq.exe
  C:\Windows\System\sJThCiq.exe
  2⤵
  PID:5256
- C:\Windows\System\wVSencA.exe
  C:\Windows\System\wVSencA.exe
  2⤵
  PID:5304
- C:\Windows\System\ZfhcqLh.exe
  C:\Windows\System\ZfhcqLh.exe
  2⤵
  PID:5336
- C:\Windows\System\wIIEqNp.exe
  C:\Windows\System\wIIEqNp.exe
  2⤵
  PID:5356
- C:\Windows\System\wROXqHu.exe
  C:\Windows\System\wROXqHu.exe
  2⤵
  PID:5388
- C:\Windows\System\FEmCOTN.exe
  C:\Windows\System\FEmCOTN.exe
  2⤵
  PID:5404
- C:\Windows\System\hVKqVzH.exe
  C:\Windows\System\hVKqVzH.exe
  2⤵
  PID:5460
- C:\Windows\System\uJxZWVK.exe
  C:\Windows\System\uJxZWVK.exe
  2⤵
  PID:5504
- C:\Windows\System\qpRcUaK.exe
  C:\Windows\System\qpRcUaK.exe
  2⤵
  PID:5540
- C:\Windows\System\nXfDGQs.exe
  C:\Windows\System\nXfDGQs.exe
  2⤵
  PID:5560
- C:\Windows\System\xGagmEm.exe
  C:\Windows\System\xGagmEm.exe
  2⤵
  PID:5584
- C:\Windows\System\EtpFZhI.exe
  C:\Windows\System\EtpFZhI.exe
  2⤵
  PID:5628
- C:\Windows\System\cjXLXAV.exe
  C:\Windows\System\cjXLXAV.exe
  2⤵
  PID:5668
- C:\Windows\System\GuneXUF.exe
  C:\Windows\System\GuneXUF.exe
  2⤵
  PID:5700
- C:\Windows\System\wKXfBKb.exe
  C:\Windows\System\wKXfBKb.exe
  2⤵
  PID:5720
- C:\Windows\System\cXvfpkJ.exe
  C:\Windows\System\cXvfpkJ.exe
  2⤵
  PID:5744
- C:\Windows\System\gvqASIR.exe
  C:\Windows\System\gvqASIR.exe
  2⤵
  PID:5764
- C:\Windows\System\TGXdPzD.exe
  C:\Windows\System\TGXdPzD.exe
  2⤵
  PID:2524
- C:\Windows\System\UbhfKwz.exe
  C:\Windows\System\UbhfKwz.exe
  2⤵
  PID:5840
- C:\Windows\System\owhbBLU.exe
  C:\Windows\System\owhbBLU.exe
  2⤵
  PID:5864
- C:\Windows\System\pKFcHmc.exe
  C:\Windows\System\pKFcHmc.exe
  2⤵
  PID:5884
- C:\Windows\System\WYREbYQ.exe
  C:\Windows\System\WYREbYQ.exe
  2⤵
  PID:5948
- C:\Windows\System\ywDiqUr.exe
  C:\Windows\System\ywDiqUr.exe
  2⤵
  PID:5964
- C:\Windows\System\DGJjBso.exe
  C:\Windows\System\DGJjBso.exe
  2⤵
  PID:6012
- C:\Windows\System\VtinuHs.exe
  C:\Windows\System\VtinuHs.exe
  2⤵
  PID:6044
- C:\Windows\System\IHTzhNR.exe
  C:\Windows\System\IHTzhNR.exe
  2⤵
  PID:6068
- C:\Windows\System\vlgCTSc.exe
  C:\Windows\System\vlgCTSc.exe
  2⤵
  PID:6112
- C:\Windows\System\HxqiZlZ.exe
  C:\Windows\System\HxqiZlZ.exe
  2⤵
  PID:6128
- C:\Windows\System\mocLoqb.exe
  C:\Windows\System\mocLoqb.exe
  2⤵
  PID:2876
- C:\Windows\System\uaHezCy.exe
  C:\Windows\System\uaHezCy.exe
  2⤵
  PID:4264
- C:\Windows\System\qAGGMek.exe
  C:\Windows\System\qAGGMek.exe
  2⤵
  PID:4244
- C:\Windows\System\DEtnqvq.exe
  C:\Windows\System\DEtnqvq.exe
  2⤵
  PID:4604
- C:\Windows\System\YWfdewS.exe
  C:\Windows\System\YWfdewS.exe
  2⤵
  PID:4660
- C:\Windows\System\rUpArQE.exe
  C:\Windows\System\rUpArQE.exe
  2⤵
  PID:4820
- C:\Windows\System\SLLabHD.exe
  C:\Windows\System\SLLabHD.exe
  2⤵
  PID:2812
- C:\Windows\System\KhHfiFS.exe
  C:\Windows\System\KhHfiFS.exe
  2⤵
  PID:5064
- C:\Windows\System\dSUGnPt.exe
  C:\Windows\System\dSUGnPt.exe
  2⤵
  PID:3040
- C:\Windows\System\bflxiPw.exe
  C:\Windows\System\bflxiPw.exe
  2⤵
  PID:5140
- C:\Windows\System\jSDsvFe.exe
  C:\Windows\System\jSDsvFe.exe
  2⤵
  PID:5240
- C:\Windows\System\oFtNEUa.exe
  C:\Windows\System\oFtNEUa.exe
  2⤵
  PID:5260
- C:\Windows\System\uYYVRwj.exe
  C:\Windows\System\uYYVRwj.exe
  2⤵
  PID:5300
- C:\Windows\System\eUZpFNf.exe
  C:\Windows\System\eUZpFNf.exe
  2⤵
  PID:5364
- C:\Windows\System\bjIScym.exe
  C:\Windows\System\bjIScym.exe
  2⤵
  PID:5440
- C:\Windows\System\iXdNzOS.exe
  C:\Windows\System\iXdNzOS.exe
  2⤵
  PID:5508
- C:\Windows\System\NMaCPYg.exe
  C:\Windows\System\NMaCPYg.exe
  2⤵
  PID:5524
- C:\Windows\System\ecLznVi.exe
  C:\Windows\System\ecLznVi.exe
  2⤵
  PID:5564
- C:\Windows\System\cwCFMtP.exe
  C:\Windows\System\cwCFMtP.exe
  2⤵
  PID:5620
- C:\Windows\System\qVkTtyn.exe
  C:\Windows\System\qVkTtyn.exe
  2⤵
  PID:5680
- C:\Windows\System\VlsDJUc.exe
  C:\Windows\System\VlsDJUc.exe
  2⤵
  PID:5724
- C:\Windows\System\pXpALFS.exe
  C:\Windows\System\pXpALFS.exe
  2⤵
  PID:5808
- C:\Windows\System\FylFfuv.exe
  C:\Windows\System\FylFfuv.exe
  2⤵
  PID:5848
- C:\Windows\System\FZKRhIv.exe
  C:\Windows\System\FZKRhIv.exe
  2⤵
  PID:5908
- C:\Windows\System\lOaJARW.exe
  C:\Windows\System\lOaJARW.exe
  2⤵
  PID:5968
- C:\Windows\System\VYixUNV.exe
  C:\Windows\System\VYixUNV.exe
  2⤵
  PID:6000
- C:\Windows\System\gGWqerO.exe
  C:\Windows\System\gGWqerO.exe
  2⤵
  PID:6072
- C:\Windows\System\eYdJmUv.exe
  C:\Windows\System\eYdJmUv.exe
  2⤵
  PID:6104
- C:\Windows\System\UYVfLOx.exe
  C:\Windows\System\UYVfLOx.exe
  2⤵
  PID:3896
- C:\Windows\System\dcGRjfx.exe
  C:\Windows\System\dcGRjfx.exe
  2⤵
  PID:4144
- C:\Windows\System\tToWKMZ.exe
  C:\Windows\System\tToWKMZ.exe
  2⤵
  PID:4520
- C:\Windows\System\saklYSp.exe
  C:\Windows\System\saklYSp.exe
  2⤵
  PID:4908
- C:\Windows\System\WmiKgeF.exe
  C:\Windows\System\WmiKgeF.exe
  2⤵
  PID:5104
- C:\Windows\System\wOEMQls.exe
  C:\Windows\System\wOEMQls.exe
  2⤵
  PID:3340
- C:\Windows\System\dsNVJjj.exe
  C:\Windows\System\dsNVJjj.exe
  2⤵
  PID:5236
- C:\Windows\System\SotWncq.exe
  C:\Windows\System\SotWncq.exe
  2⤵
  PID:5280
- C:\Windows\System\WKCvKZu.exe
  C:\Windows\System\WKCvKZu.exe
  2⤵
  PID:2788
- C:\Windows\System\PVRLvux.exe
  C:\Windows\System\PVRLvux.exe
  2⤵
  PID:5340
- C:\Windows\System\XqNNpAo.exe
  C:\Windows\System\XqNNpAo.exe
  2⤵
  PID:5448
- C:\Windows\System\vsEeHvl.exe
  C:\Windows\System\vsEeHvl.exe
  2⤵
  PID:5588
- C:\Windows\System\ukowoAw.exe
  C:\Windows\System\ukowoAw.exe
  2⤵
  PID:5684
- C:\Windows\System\IGLUeYw.exe
  C:\Windows\System\IGLUeYw.exe
  2⤵
  PID:5820
- C:\Windows\System\vWQFvKP.exe
  C:\Windows\System\vWQFvKP.exe
  2⤵
  PID:5940
- C:\Windows\System\rmvbSTK.exe
  C:\Windows\System\rmvbSTK.exe
  2⤵
  PID:5888
- C:\Windows\System\egWbnHj.exe
  C:\Windows\System\egWbnHj.exe
  2⤵
  PID:6032
- C:\Windows\System\jpZYcAz.exe
  C:\Windows\System\jpZYcAz.exe
  2⤵
  PID:2616
- C:\Windows\System\hSXRUmO.exe
  C:\Windows\System\hSXRUmO.exe
  2⤵
  PID:6152
- C:\Windows\System\LkzULDl.exe
  C:\Windows\System\LkzULDl.exe
  2⤵
  PID:6172
- C:\Windows\System\WhagBIH.exe
  C:\Windows\System\WhagBIH.exe
  2⤵
  PID:6192
- C:\Windows\System\KApcQyI.exe
  C:\Windows\System\KApcQyI.exe
  2⤵
  PID:6212
- C:\Windows\System\YWtbewO.exe
  C:\Windows\System\YWtbewO.exe
  2⤵
  PID:6232
- C:\Windows\System\TnQjBOP.exe
  C:\Windows\System\TnQjBOP.exe
  2⤵
  PID:6252
- C:\Windows\System\NgRugBo.exe
  C:\Windows\System\NgRugBo.exe
  2⤵
  PID:6272
- C:\Windows\System\fcvCePE.exe
  C:\Windows\System\fcvCePE.exe
  2⤵
  PID:6292
- C:\Windows\System\DgCaIYv.exe
  C:\Windows\System\DgCaIYv.exe
  2⤵
  PID:6312
- C:\Windows\System\GCYfftp.exe
  C:\Windows\System\GCYfftp.exe
  2⤵
  PID:6332
- C:\Windows\System\zFrQfAB.exe
  C:\Windows\System\zFrQfAB.exe
  2⤵
  PID:6352
- C:\Windows\System\wSAtHpg.exe
  C:\Windows\System\wSAtHpg.exe
  2⤵
  PID:6372
- C:\Windows\System\cdalLDd.exe
  C:\Windows\System\cdalLDd.exe
  2⤵
  PID:6392
- C:\Windows\System\BExkGLN.exe
  C:\Windows\System\BExkGLN.exe
  2⤵
  PID:6412
- C:\Windows\System\QQiyHRb.exe
  C:\Windows\System\QQiyHRb.exe
  2⤵
  PID:6432
- C:\Windows\System\cwpmSVj.exe
  C:\Windows\System\cwpmSVj.exe
  2⤵
  PID:6452
- C:\Windows\System\chnhRHI.exe
  C:\Windows\System\chnhRHI.exe
  2⤵
  PID:6472
- C:\Windows\System\ecEteoZ.exe
  C:\Windows\System\ecEteoZ.exe
  2⤵
  PID:6492
- C:\Windows\System\vlLKocD.exe
  C:\Windows\System\vlLKocD.exe
  2⤵
  PID:6516
- C:\Windows\System\mLlSguQ.exe
  C:\Windows\System\mLlSguQ.exe
  2⤵
  PID:6536
- C:\Windows\System\jpiCptn.exe
  C:\Windows\System\jpiCptn.exe
  2⤵
  PID:6556
- C:\Windows\System\qVhnAPW.exe
  C:\Windows\System\qVhnAPW.exe
  2⤵
  PID:6576
- C:\Windows\System\ofviYtd.exe
  C:\Windows\System\ofviYtd.exe
  2⤵
  PID:6596
- C:\Windows\System\qQczDby.exe
  C:\Windows\System\qQczDby.exe
  2⤵
  PID:6616
- C:\Windows\System\ItiYubk.exe
  C:\Windows\System\ItiYubk.exe
  2⤵
  PID:6636
- C:\Windows\System\mxTnQoL.exe
  C:\Windows\System\mxTnQoL.exe
  2⤵
  PID:6656
- C:\Windows\System\FABbQPq.exe
  C:\Windows\System\FABbQPq.exe
  2⤵
  PID:6676
- C:\Windows\System\IqPzQyG.exe
  C:\Windows\System\IqPzQyG.exe
  2⤵
  PID:6696
- C:\Windows\System\DxksBHJ.exe
  C:\Windows\System\DxksBHJ.exe
  2⤵
  PID:6716
- C:\Windows\System\HZyzHqa.exe
  C:\Windows\System\HZyzHqa.exe
  2⤵
  PID:6736
- C:\Windows\System\FpFqQIJ.exe
  C:\Windows\System\FpFqQIJ.exe
  2⤵
  PID:6756
- C:\Windows\System\ELOeGgq.exe
  C:\Windows\System\ELOeGgq.exe
  2⤵
  PID:6776
- C:\Windows\System\XMmWDpx.exe
  C:\Windows\System\XMmWDpx.exe
  2⤵
  PID:6796
- C:\Windows\System\cQdYxvG.exe
  C:\Windows\System\cQdYxvG.exe
  2⤵
  PID:6816
- C:\Windows\System\nuiFeEg.exe
  C:\Windows\System\nuiFeEg.exe
  2⤵
  PID:6836
- C:\Windows\System\MFIPpyC.exe
  C:\Windows\System\MFIPpyC.exe
  2⤵
  PID:6856
- C:\Windows\System\fPUjvQj.exe
  C:\Windows\System\fPUjvQj.exe
  2⤵
  PID:6876
- C:\Windows\System\uNCyXeI.exe
  C:\Windows\System\uNCyXeI.exe
  2⤵
  PID:6896
- C:\Windows\System\IUcApKV.exe
  C:\Windows\System\IUcApKV.exe
  2⤵
  PID:6916
- C:\Windows\System\dMegfpI.exe
  C:\Windows\System\dMegfpI.exe
  2⤵
  PID:6936
- C:\Windows\System\neQoGdH.exe
  C:\Windows\System\neQoGdH.exe
  2⤵
  PID:6956
- C:\Windows\System\AsOUojC.exe
  C:\Windows\System\AsOUojC.exe
  2⤵
  PID:6976
- C:\Windows\System\NjfBAWV.exe
  C:\Windows\System\NjfBAWV.exe
  2⤵
  PID:6996
- C:\Windows\System\HWeeWMv.exe
  C:\Windows\System\HWeeWMv.exe
  2⤵
  PID:7016
- C:\Windows\System\sQfoeFc.exe
  C:\Windows\System\sQfoeFc.exe
  2⤵
  PID:7036
- C:\Windows\System\AglHDAZ.exe
  C:\Windows\System\AglHDAZ.exe
  2⤵
  PID:7056
- C:\Windows\System\FGJnDoZ.exe
  C:\Windows\System\FGJnDoZ.exe
  2⤵
  PID:7076
- C:\Windows\System\aIXJCWG.exe
  C:\Windows\System\aIXJCWG.exe
  2⤵
  PID:7096
- C:\Windows\System\fDEYdrs.exe
  C:\Windows\System\fDEYdrs.exe
  2⤵
  PID:7116
- C:\Windows\System\WjZogrY.exe
  C:\Windows\System\WjZogrY.exe
  2⤵
  PID:7136
- C:\Windows\System\WyZfFNe.exe
  C:\Windows\System\WyZfFNe.exe
  2⤵
  PID:7156
- C:\Windows\System\blidZNL.exe
  C:\Windows\System\blidZNL.exe
  2⤵
  PID:4116
- C:\Windows\System\OERXXLn.exe
  C:\Windows\System\OERXXLn.exe
  2⤵
  PID:4320
- C:\Windows\System\iifmjFx.exe
  C:\Windows\System\iifmjFx.exe
  2⤵
  PID:4868
- C:\Windows\System\qURDOvz.exe
  C:\Windows\System\qURDOvz.exe
  2⤵
  PID:3300
- C:\Windows\System\iNFpBiZ.exe
  C:\Windows\System\iNFpBiZ.exe
  2⤵
  PID:5216
- C:\Windows\System\wejMxrh.exe
  C:\Windows\System\wejMxrh.exe
  2⤵
  PID:5384
- C:\Windows\System\qARNaQb.exe
  C:\Windows\System\qARNaQb.exe
  2⤵
  PID:5420
- C:\Windows\System\tMHCMrs.exe
  C:\Windows\System\tMHCMrs.exe
  2⤵
  PID:2868
- C:\Windows\System\OaDJeJJ.exe
  C:\Windows\System\OaDJeJJ.exe
  2⤵
  PID:5748
- C:\Windows\System\pWcxsnZ.exe
  C:\Windows\System\pWcxsnZ.exe
  2⤵
  PID:5944
- C:\Windows\System\FwLOFaK.exe
  C:\Windows\System\FwLOFaK.exe
  2⤵
  PID:6048
- C:\Windows\System\cYbtvkl.exe
  C:\Windows\System\cYbtvkl.exe
  2⤵
  PID:2188
- C:\Windows\System\TrsJsWl.exe
  C:\Windows\System\TrsJsWl.exe
  2⤵
  PID:6168
- C:\Windows\System\egSpCPM.exe
  C:\Windows\System\egSpCPM.exe
  2⤵
  PID:6200
- C:\Windows\System\jnvbYzh.exe
  C:\Windows\System\jnvbYzh.exe
  2⤵
  PID:6240
- C:\Windows\System\zmWVyVE.exe
  C:\Windows\System\zmWVyVE.exe
  2⤵
  PID:2680
- C:\Windows\System\IcNwaTo.exe
  C:\Windows\System\IcNwaTo.exe
  2⤵
  PID:6284
- C:\Windows\System\PNgnSMA.exe
  C:\Windows\System\PNgnSMA.exe
  2⤵
  PID:6328
- C:\Windows\System\IwfZZLu.exe
  C:\Windows\System\IwfZZLu.exe
  2⤵
  PID:6360
- C:\Windows\System\RQHjWdj.exe
  C:\Windows\System\RQHjWdj.exe
  2⤵
  PID:6384
- C:\Windows\System\IIFInYf.exe
  C:\Windows\System\IIFInYf.exe
  2⤵
  PID:6420
- C:\Windows\System\ATNuXmD.exe
  C:\Windows\System\ATNuXmD.exe
  2⤵
  PID:6444
- C:\Windows\System\JNgMota.exe
  C:\Windows\System\JNgMota.exe
  2⤵
  PID:6488
- C:\Windows\System\Skyoqvs.exe
  C:\Windows\System\Skyoqvs.exe
  2⤵
  PID:6524
- C:\Windows\System\DtOlDuN.exe
  C:\Windows\System\DtOlDuN.exe
  2⤵
  PID:6548
- C:\Windows\System\KtaouoK.exe
  C:\Windows\System\KtaouoK.exe
  2⤵
  PID:6592
- C:\Windows\System\mGVLnGb.exe
  C:\Windows\System\mGVLnGb.exe
  2⤵
  PID:6608
- C:\Windows\System\AIVrzyT.exe
  C:\Windows\System\AIVrzyT.exe
  2⤵
  PID:6672
- C:\Windows\System\UiEnYrM.exe
  C:\Windows\System\UiEnYrM.exe
  2⤵
  PID:6704
- C:\Windows\System\sGYLfkS.exe
  C:\Windows\System\sGYLfkS.exe
  2⤵
  PID:6724
- C:\Windows\System\qKwTZIE.exe
  C:\Windows\System\qKwTZIE.exe
  2⤵
  PID:6748
- C:\Windows\System\ABSJmdS.exe
  C:\Windows\System\ABSJmdS.exe
  2⤵
  PID:6792
- C:\Windows\System\gxikkWk.exe
  C:\Windows\System\gxikkWk.exe
  2⤵
  PID:6808
- C:\Windows\System\EBLGtaU.exe
  C:\Windows\System\EBLGtaU.exe
  2⤵
  PID:6864
- C:\Windows\System\uERHeWE.exe
  C:\Windows\System\uERHeWE.exe
  2⤵
  PID:6904
- C:\Windows\System\xiLBuRg.exe
  C:\Windows\System\xiLBuRg.exe
  2⤵
  PID:6908
- C:\Windows\System\hYYQCwc.exe
  C:\Windows\System\hYYQCwc.exe
  2⤵
  PID:6952
- C:\Windows\System\jBgESWd.exe
  C:\Windows\System\jBgESWd.exe
  2⤵
  PID:6992
- C:\Windows\System\tMVAAWE.exe
  C:\Windows\System\tMVAAWE.exe
  2⤵
  PID:7032
- C:\Windows\System\udSpLNW.exe
  C:\Windows\System\udSpLNW.exe
  2⤵
  PID:540
- C:\Windows\System\LWxbyZO.exe
  C:\Windows\System\LWxbyZO.exe
  2⤵
  PID:7048
- C:\Windows\System\LzaUZCb.exe
  C:\Windows\System\LzaUZCb.exe
  2⤵
  PID:7088
- C:\Windows\System\Vuaozcz.exe
  C:\Windows\System\Vuaozcz.exe
  2⤵
  PID:708
- C:\Windows\System\CUwNDJw.exe
  C:\Windows\System\CUwNDJw.exe
  2⤵
  PID:7152
- C:\Windows\System\WzDIVJX.exe
  C:\Windows\System\WzDIVJX.exe
  2⤵
  PID:4384
- C:\Windows\System\SijNHkh.exe
  C:\Windows\System\SijNHkh.exe
  2⤵
  PID:4720
- C:\Windows\System\BpvwAKy.exe
  C:\Windows\System\BpvwAKy.exe
  2⤵
  PID:5032
- C:\Windows\System\QnnUoWX.exe
  C:\Windows\System\QnnUoWX.exe
  2⤵
  PID:5276
- C:\Windows\System\VnkFyrb.exe
  C:\Windows\System\VnkFyrb.exe
  2⤵
  PID:5568
- C:\Windows\System\nCcyzIn.exe
  C:\Windows\System\nCcyzIn.exe
  2⤵
  PID:5928
- C:\Windows\System\FXrQtZG.exe
  C:\Windows\System\FXrQtZG.exe
  2⤵
  PID:5988
- C:\Windows\System\BcslBNi.exe
  C:\Windows\System\BcslBNi.exe
  2⤵
  PID:6188
- C:\Windows\System\CRYYajp.exe
  C:\Windows\System\CRYYajp.exe
  2⤵
  PID:6228
- C:\Windows\System\LAfCocT.exe
  C:\Windows\System\LAfCocT.exe
  2⤵
  PID:6248
- C:\Windows\System\imeHOvc.exe
  C:\Windows\System\imeHOvc.exe
  2⤵
  PID:6288
- C:\Windows\System\qMhCVIw.exe
  C:\Windows\System\qMhCVIw.exe
  2⤵
  PID:6364
- C:\Windows\System\sSWlwHr.exe
  C:\Windows\System\sSWlwHr.exe
  2⤵
  PID:6404
- C:\Windows\System\wGqYRxJ.exe
  C:\Windows\System\wGqYRxJ.exe
  2⤵
  PID:6480
- C:\Windows\System\giYgcfz.exe
  C:\Windows\System\giYgcfz.exe
  2⤵
  PID:6532
- C:\Windows\System\NxnWfVV.exe
  C:\Windows\System\NxnWfVV.exe
  2⤵
  PID:6568
- C:\Windows\System\FvUOnkr.exe
  C:\Windows\System\FvUOnkr.exe
  2⤵
  PID:6604
- C:\Windows\System\fFXmxyd.exe
  C:\Windows\System\fFXmxyd.exe
  2⤵
  PID:6684
- C:\Windows\System\TzjLmSz.exe
  C:\Windows\System\TzjLmSz.exe
  2⤵
  PID:6772
- C:\Windows\System\bCJNkrf.exe
  C:\Windows\System\bCJNkrf.exe
  2⤵
  PID:6812
- C:\Windows\System\pyeNJRn.exe
  C:\Windows\System\pyeNJRn.exe
  2⤵
  PID:6852
- C:\Windows\System\bcSOPQS.exe
  C:\Windows\System\bcSOPQS.exe
  2⤵
  PID:6892
- C:\Windows\System\MBAlTaF.exe
  C:\Windows\System\MBAlTaF.exe
  2⤵
  PID:6932
- C:\Windows\System\ULiaOxJ.exe
  C:\Windows\System\ULiaOxJ.exe
  2⤵
  PID:7024
- C:\Windows\System\GsKAdEU.exe
  C:\Windows\System\GsKAdEU.exe
  2⤵
  PID:7068
- C:\Windows\System\bxZBZvk.exe
  C:\Windows\System\bxZBZvk.exe
  2⤵
  PID:7112
- C:\Windows\System\iXDBfaJ.exe
  C:\Windows\System\iXDBfaJ.exe
  2⤵
  PID:1164
- C:\Windows\System\XKjMync.exe
  C:\Windows\System\XKjMync.exe
  2⤵
  PID:4584
- C:\Windows\System\SPShLiX.exe
  C:\Windows\System\SPShLiX.exe
  2⤵
  PID:2852
- C:\Windows\System\DigybNH.exe
  C:\Windows\System\DigybNH.exe
  2⤵
  PID:2628
- C:\Windows\System\KoTBhbQ.exe
  C:\Windows\System\KoTBhbQ.exe
  2⤵
  PID:6064
- C:\Windows\System\EyWFqcR.exe
  C:\Windows\System\EyWFqcR.exe
  2⤵
  PID:6208
- C:\Windows\System\HoIrCxq.exe
  C:\Windows\System\HoIrCxq.exe
  2⤵
  PID:6268
- C:\Windows\System\ezdPszS.exe
  C:\Windows\System\ezdPszS.exe
  2⤵
  PID:6324
- C:\Windows\System\zSPsWQV.exe
  C:\Windows\System\zSPsWQV.exe
  2⤵
  PID:6468
- C:\Windows\System\FXUPwbY.exe
  C:\Windows\System\FXUPwbY.exe
  2⤵
  PID:6528
- C:\Windows\System\IqEgfQC.exe
  C:\Windows\System\IqEgfQC.exe
  2⤵
  PID:6612
- C:\Windows\System\zfpoQNg.exe
  C:\Windows\System\zfpoQNg.exe
  2⤵
  PID:6784
- C:\Windows\System\EXinVIX.exe
  C:\Windows\System\EXinVIX.exe
  2⤵
  PID:6824
- C:\Windows\System\bBwepxD.exe
  C:\Windows\System\bBwepxD.exe
  2⤵
  PID:6912
- C:\Windows\System\EdnfDvq.exe
  C:\Windows\System\EdnfDvq.exe
  2⤵
  PID:6924
- C:\Windows\System\UYDpuZI.exe
  C:\Windows\System\UYDpuZI.exe
  2⤵
  PID:7188
- C:\Windows\System\rfxGjKZ.exe
  C:\Windows\System\rfxGjKZ.exe
  2⤵
  PID:7208
- C:\Windows\System\APHOGkO.exe
  C:\Windows\System\APHOGkO.exe
  2⤵
  PID:7228
- C:\Windows\System\lSzbsGQ.exe
  C:\Windows\System\lSzbsGQ.exe
  2⤵
  PID:7248
- C:\Windows\System\IRbgzLz.exe
  C:\Windows\System\IRbgzLz.exe
  2⤵
  PID:7268
- C:\Windows\System\Jrnerlq.exe
  C:\Windows\System\Jrnerlq.exe
  2⤵
  PID:7288
- C:\Windows\System\fmTPrUr.exe
  C:\Windows\System\fmTPrUr.exe
  2⤵
  PID:7308
- C:\Windows\System\QnMgJTQ.exe
  C:\Windows\System\QnMgJTQ.exe
  2⤵
  PID:7328
- C:\Windows\System\ZQRgNdR.exe
  C:\Windows\System\ZQRgNdR.exe
  2⤵
  PID:7348
- C:\Windows\System\uNoTndm.exe
  C:\Windows\System\uNoTndm.exe
  2⤵
  PID:7368
- C:\Windows\System\htryGrs.exe
  C:\Windows\System\htryGrs.exe
  2⤵
  PID:7388
- C:\Windows\System\pVqhpmp.exe
  C:\Windows\System\pVqhpmp.exe
  2⤵
  PID:7408
- C:\Windows\System\VccTSFx.exe
  C:\Windows\System\VccTSFx.exe
  2⤵
  PID:7428
- C:\Windows\System\mkfEgZG.exe
  C:\Windows\System\mkfEgZG.exe
  2⤵
  PID:7448
- C:\Windows\System\UfSzVxd.exe
  C:\Windows\System\UfSzVxd.exe
  2⤵
  PID:7468
- C:\Windows\System\sTqonyg.exe
  C:\Windows\System\sTqonyg.exe
  2⤵
  PID:7488
- C:\Windows\System\lyRfKNw.exe
  C:\Windows\System\lyRfKNw.exe
  2⤵
  PID:7508
- C:\Windows\System\NDkqzAv.exe
  C:\Windows\System\NDkqzAv.exe
  2⤵
  PID:7528
- C:\Windows\System\SlxbkQJ.exe
  C:\Windows\System\SlxbkQJ.exe
  2⤵
  PID:7548
- C:\Windows\System\MpmGBHC.exe
  C:\Windows\System\MpmGBHC.exe
  2⤵
  PID:7572
- C:\Windows\System\PkCRaUJ.exe
  C:\Windows\System\PkCRaUJ.exe
  2⤵
  PID:7592
- C:\Windows\System\YpVUjmu.exe
  C:\Windows\System\YpVUjmu.exe
  2⤵
  PID:7612
- C:\Windows\System\dhHOHlg.exe
  C:\Windows\System\dhHOHlg.exe
  2⤵
  PID:7632
- C:\Windows\System\geNSenI.exe
  C:\Windows\System\geNSenI.exe
  2⤵
  PID:7652
- C:\Windows\System\DGUOvmy.exe
  C:\Windows\System\DGUOvmy.exe
  2⤵
  PID:7672
- C:\Windows\System\rNOduWh.exe
  C:\Windows\System\rNOduWh.exe
  2⤵
  PID:7692
- C:\Windows\System\GgxBLRB.exe
  C:\Windows\System\GgxBLRB.exe
  2⤵
  PID:7712
- C:\Windows\System\ozzhQwR.exe
  C:\Windows\System\ozzhQwR.exe
  2⤵
  PID:7732
- C:\Windows\System\ztddmGZ.exe
  C:\Windows\System\ztddmGZ.exe
  2⤵
  PID:7752
- C:\Windows\System\tHwtnIt.exe
  C:\Windows\System\tHwtnIt.exe
  2⤵
  PID:7772
- C:\Windows\System\HiyfNyq.exe
  C:\Windows\System\HiyfNyq.exe
  2⤵
  PID:7792
- C:\Windows\System\WBadOjK.exe
  C:\Windows\System\WBadOjK.exe
  2⤵
  PID:7812
- C:\Windows\System\iTBfTeh.exe
  C:\Windows\System\iTBfTeh.exe
  2⤵
  PID:7832
- C:\Windows\System\QcIrapZ.exe
  C:\Windows\System\QcIrapZ.exe
  2⤵
  PID:7852
- C:\Windows\System\eJYINDi.exe
  C:\Windows\System\eJYINDi.exe
  2⤵
  PID:7872
- C:\Windows\System\WYZffJY.exe
  C:\Windows\System\WYZffJY.exe
  2⤵
  PID:7892
- C:\Windows\System\ZcdcVqp.exe
  C:\Windows\System\ZcdcVqp.exe
  2⤵
  PID:7912
- C:\Windows\System\GVqMhdb.exe
  C:\Windows\System\GVqMhdb.exe
  2⤵
  PID:7932
- C:\Windows\System\PWNbMKK.exe
  C:\Windows\System\PWNbMKK.exe
  2⤵
  PID:7952
- C:\Windows\System\HyTXXqD.exe
  C:\Windows\System\HyTXXqD.exe
  2⤵
  PID:7972
- C:\Windows\System\hsBipQu.exe
  C:\Windows\System\hsBipQu.exe
  2⤵
  PID:7992
- C:\Windows\System\RrPLfmY.exe
  C:\Windows\System\RrPLfmY.exe
  2⤵
  PID:8012
- C:\Windows\System\oGfrFar.exe
  C:\Windows\System\oGfrFar.exe
  2⤵
  PID:8032
- C:\Windows\System\EJWjupY.exe
  C:\Windows\System\EJWjupY.exe
  2⤵
  PID:8052
- C:\Windows\System\AjpBRgV.exe
  C:\Windows\System\AjpBRgV.exe
  2⤵
  PID:8072
- C:\Windows\System\ougqzLe.exe
  C:\Windows\System\ougqzLe.exe
  2⤵
  PID:8092
- C:\Windows\System\UxmXijU.exe
  C:\Windows\System\UxmXijU.exe
  2⤵
  PID:8112
- C:\Windows\System\ZcsHnPW.exe
  C:\Windows\System\ZcsHnPW.exe
  2⤵
  PID:8132
- C:\Windows\System\jZpepOn.exe
  C:\Windows\System\jZpepOn.exe
  2⤵
  PID:8152
- C:\Windows\System\htCNSNe.exe
  C:\Windows\System\htCNSNe.exe
  2⤵
  PID:8172
- C:\Windows\System\SFIvGhf.exe
  C:\Windows\System\SFIvGhf.exe
  2⤵
  PID:7008
- C:\Windows\System\JeEnbGi.exe
  C:\Windows\System\JeEnbGi.exe
  2⤵
  PID:816
- C:\Windows\System\eeevYtE.exe
  C:\Windows\System\eeevYtE.exe
  2⤵
  PID:7164
- C:\Windows\System\MJtaJZj.exe
  C:\Windows\System\MJtaJZj.exe
  2⤵
  PID:4588
- C:\Windows\System\OFgYCsS.exe
  C:\Windows\System\OFgYCsS.exe
  2⤵
  PID:5608
- C:\Windows\System\LNlRamm.exe
  C:\Windows\System\LNlRamm.exe
  2⤵
  PID:6180
- C:\Windows\System\ksvoyES.exe
  C:\Windows\System\ksvoyES.exe
  2⤵
  PID:6244
- C:\Windows\System\awFdnLL.exe
  C:\Windows\System\awFdnLL.exe
  2⤵
  PID:6400
- C:\Windows\System\HMyWJYA.exe
  C:\Windows\System\HMyWJYA.exe
  2⤵
  PID:6708
- C:\Windows\System\mdraNgo.exe
  C:\Windows\System\mdraNgo.exe
  2⤵
  PID:6844
- C:\Windows\System\HyGyDsN.exe
  C:\Windows\System\HyGyDsN.exe
  2⤵
  PID:7044
- C:\Windows\System\JIIiKZo.exe
  C:\Windows\System\JIIiKZo.exe
  2⤵
  PID:7196
- C:\Windows\System\rAYIrxR.exe
  C:\Windows\System\rAYIrxR.exe
  2⤵
  PID:7220
- C:\Windows\System\gpqCMTM.exe
  C:\Windows\System\gpqCMTM.exe
  2⤵
  PID:7264
- C:\Windows\System\BuBPpTb.exe
  C:\Windows\System\BuBPpTb.exe
  2⤵
  PID:7280
- C:\Windows\System\eRoYTBg.exe
  C:\Windows\System\eRoYTBg.exe
  2⤵
  PID:7320
- C:\Windows\System\vJUAhmY.exe
  C:\Windows\System\vJUAhmY.exe
  2⤵
  PID:7356
- C:\Windows\System\AwvgAmz.exe
  C:\Windows\System\AwvgAmz.exe
  2⤵
  PID:7380
- C:\Windows\System\WEBIfHH.exe
  C:\Windows\System\WEBIfHH.exe
  2⤵
  PID:7400
- C:\Windows\System\rphSITv.exe
  C:\Windows\System\rphSITv.exe
  2⤵
  PID:7444
- C:\Windows\System\YeNOEwp.exe
  C:\Windows\System\YeNOEwp.exe
  2⤵
  PID:7496
- C:\Windows\System\kEBVLFv.exe
  C:\Windows\System\kEBVLFv.exe
  2⤵
  PID:7524
- C:\Windows\System\Ytggntp.exe
  C:\Windows\System\Ytggntp.exe
  2⤵
  PID:7580
- C:\Windows\System\OPuXKln.exe
  C:\Windows\System\OPuXKln.exe
  2⤵
  PID:7584
- C:\Windows\System\ixhCtDK.exe
  C:\Windows\System\ixhCtDK.exe
  2⤵
  PID:7624
- C:\Windows\System\gSOlelu.exe
  C:\Windows\System\gSOlelu.exe
  2⤵
  PID:7644
- C:\Windows\System\qXHddpN.exe
  C:\Windows\System\qXHddpN.exe
  2⤵
  PID:7700
- C:\Windows\System\TONRqca.exe
  C:\Windows\System\TONRqca.exe
  2⤵
  PID:7720
- C:\Windows\System\phjADMn.exe
  C:\Windows\System\phjADMn.exe
  2⤵
  PID:7744
- C:\Windows\System\oqpCjyw.exe
  C:\Windows\System\oqpCjyw.exe
  2⤵
  PID:7764
- C:\Windows\System\VZahNIE.exe
  C:\Windows\System\VZahNIE.exe
  2⤵
  PID:7828
- C:\Windows\System\QWXxrVB.exe
  C:\Windows\System\QWXxrVB.exe
  2⤵
  PID:7860
- C:\Windows\System\nlFubQM.exe
  C:\Windows\System\nlFubQM.exe
  2⤵
  PID:7900
- C:\Windows\System\TQOkLRM.exe
  C:\Windows\System\TQOkLRM.exe
  2⤵
  PID:7904
- C:\Windows\System\jGabaux.exe
  C:\Windows\System\jGabaux.exe
  2⤵
  PID:7928
- C:\Windows\System\SFInDnJ.exe
  C:\Windows\System\SFInDnJ.exe
  2⤵
  PID:7968
- C:\Windows\System\fjVHyJp.exe
  C:\Windows\System\fjVHyJp.exe
  2⤵
  PID:8008
- C:\Windows\System\HIFJafk.exe
  C:\Windows\System\HIFJafk.exe
  2⤵
  PID:2120
- C:\Windows\System\eMrrbgt.exe
  C:\Windows\System\eMrrbgt.exe
  2⤵
  PID:8044
- C:\Windows\System\dFyuqgb.exe
  C:\Windows\System\dFyuqgb.exe
  2⤵
  PID:8088
- C:\Windows\System\YoQidjq.exe
  C:\Windows\System\YoQidjq.exe
  2⤵
  PID:8140
- C:\Windows\System\KtFtKYo.exe
  C:\Windows\System\KtFtKYo.exe
  2⤵
  PID:8160
- C:\Windows\System\MjUlPmn.exe
  C:\Windows\System\MjUlPmn.exe
  2⤵
  PID:8164
- C:\Windows\System\IFLMlmJ.exe
  C:\Windows\System\IFLMlmJ.exe
  2⤵
  PID:4724
- C:\Windows\System\kiktmQW.exe
  C:\Windows\System\kiktmQW.exe
  2⤵
  PID:5664
- C:\Windows\System\nJCnZUp.exe
  C:\Windows\System\nJCnZUp.exe
  2⤵
  PID:5824
- C:\Windows\System\uAaKOnl.exe
  C:\Windows\System\uAaKOnl.exe
  2⤵
  PID:6484
- C:\Windows\System\LZnwkFV.exe
  C:\Windows\System\LZnwkFV.exe
  2⤵
  PID:6692
- C:\Windows\System\jtUeDUn.exe
  C:\Windows\System\jtUeDUn.exe
  2⤵
  PID:6928
- C:\Windows\System\bXqPpLe.exe
  C:\Windows\System\bXqPpLe.exe
  2⤵
  PID:7216
- C:\Windows\System\tVyJENo.exe
  C:\Windows\System\tVyJENo.exe
  2⤵
  PID:7244
- C:\Windows\System\uGrOubc.exe
  C:\Windows\System\uGrOubc.exe
  2⤵
  PID:7340
- C:\Windows\System\rtyzonN.exe
  C:\Windows\System\rtyzonN.exe
  2⤵
  PID:7416
- C:\Windows\System\NAfBJGp.exe
  C:\Windows\System\NAfBJGp.exe
  2⤵
  PID:7436
- C:\Windows\System\iJWpuSU.exe
  C:\Windows\System\iJWpuSU.exe
  2⤵
  PID:7476
- C:\Windows\System\vXXHBtJ.exe
  C:\Windows\System\vXXHBtJ.exe
  2⤵
  PID:7540
- C:\Windows\System\FBJekeV.exe
  C:\Windows\System\FBJekeV.exe
  2⤵
  PID:1044
- C:\Windows\System\SNZUTEf.exe
  C:\Windows\System\SNZUTEf.exe
  2⤵
  PID:7668
- C:\Windows\System\pSMpypy.exe
  C:\Windows\System\pSMpypy.exe
  2⤵
  PID:7688
- C:\Windows\System\SZnhgnp.exe
  C:\Windows\System\SZnhgnp.exe
  2⤵
  PID:7748
- C:\Windows\System\rQSHvNZ.exe
  C:\Windows\System\rQSHvNZ.exe
  2⤵
  PID:7808
- C:\Windows\System\diHqfHL.exe
  C:\Windows\System\diHqfHL.exe
  2⤵
  PID:7864
- C:\Windows\System\mGtYYBP.exe
  C:\Windows\System\mGtYYBP.exe
  2⤵
  PID:7884
- C:\Windows\System\lIadEaO.exe
  C:\Windows\System\lIadEaO.exe
  2⤵
  PID:7944
- C:\Windows\System\xDHKwRR.exe
  C:\Windows\System\xDHKwRR.exe
  2⤵
  PID:8020
- C:\Windows\System\hTucgiX.exe
  C:\Windows\System\hTucgiX.exe
  2⤵
  PID:8040
- C:\Windows\System\EJBJbHs.exe
  C:\Windows\System\EJBJbHs.exe
  2⤵
  PID:8084
- C:\Windows\System\BVzatGY.exe
  C:\Windows\System\BVzatGY.exe
  2⤵
  PID:8168
- C:\Windows\System\HamSJcj.exe
  C:\Windows\System\HamSJcj.exe
  2⤵
  PID:7092
- C:\Windows\System\XFrwMpG.exe
  C:\Windows\System\XFrwMpG.exe
  2⤵
  PID:7064
- C:\Windows\System\kKsHUUj.exe
  C:\Windows\System\kKsHUUj.exe
  2⤵
  PID:6408
- C:\Windows\System\uhTaOkR.exe
  C:\Windows\System\uhTaOkR.exe
  2⤵
  PID:6572
- C:\Windows\System\NkyBAqq.exe
  C:\Windows\System\NkyBAqq.exe
  2⤵
  PID:7184
- C:\Windows\System\fBwKDEY.exe
  C:\Windows\System\fBwKDEY.exe
  2⤵
  PID:7336
- C:\Windows\System\QklcZwg.exe
  C:\Windows\System\QklcZwg.exe
  2⤵
  PID:7464
- C:\Windows\System\VKtpqJf.exe
  C:\Windows\System\VKtpqJf.exe
  2⤵
  PID:7456
- C:\Windows\System\BILRZEk.exe
  C:\Windows\System\BILRZEk.exe
  2⤵
  PID:7480
- C:\Windows\System\dQvqUBV.exe
  C:\Windows\System\dQvqUBV.exe
  2⤵
  PID:7604
- C:\Windows\System\xedQzkb.exe
  C:\Windows\System\xedQzkb.exe
  2⤵
  PID:7704
- C:\Windows\System\pqrrqtp.exe
  C:\Windows\System\pqrrqtp.exe
  2⤵
  PID:7800
- C:\Windows\System\yrHaSWl.exe
  C:\Windows\System\yrHaSWl.exe
  2⤵
  PID:7888
- C:\Windows\System\acOUxuw.exe
  C:\Windows\System\acOUxuw.exe
  2⤵
  PID:7988
- C:\Windows\System\xDsxcJN.exe
  C:\Windows\System\xDsxcJN.exe
  2⤵
  PID:8028
- C:\Windows\System\eUlWOpE.exe
  C:\Windows\System\eUlWOpE.exe
  2⤵
  PID:8180
- C:\Windows\System\nzFDdpx.exe
  C:\Windows\System\nzFDdpx.exe
  2⤵
  PID:1820
- C:\Windows\System\tAYcYwB.exe
  C:\Windows\System\tAYcYwB.exe
  2⤵
  PID:6088
- C:\Windows\System\SjPylpi.exe
  C:\Windows\System\SjPylpi.exe
  2⤵
  PID:7256
- C:\Windows\System\GQhgYeb.exe
  C:\Windows\System\GQhgYeb.exe
  2⤵
  PID:7240
- C:\Windows\System\fMUoJwm.exe
  C:\Windows\System\fMUoJwm.exe
  2⤵
  PID:7500
- C:\Windows\System\AVcrWEV.exe
  C:\Windows\System\AVcrWEV.exe
  2⤵
  PID:7424
- C:\Windows\System\bSHvzrs.exe
  C:\Windows\System\bSHvzrs.exe
  2⤵
  PID:7640
- C:\Windows\System\yOeERWb.exe
  C:\Windows\System\yOeERWb.exe
  2⤵
  PID:7684
- C:\Windows\System\JJtotkq.exe
  C:\Windows\System\JJtotkq.exe
  2⤵
  PID:8080
- C:\Windows\System\gNQkQPH.exe
  C:\Windows\System\gNQkQPH.exe
  2⤵
  PID:8100
- C:\Windows\System\LpVRdPp.exe
  C:\Windows\System\LpVRdPp.exe
  2⤵
  PID:8212
- C:\Windows\System\IcoclfD.exe
  C:\Windows\System\IcoclfD.exe
  2⤵
  PID:8296
- C:\Windows\System\QZGStrp.exe
  C:\Windows\System\QZGStrp.exe
  2⤵
  PID:8316
- C:\Windows\System\JGZkaPb.exe
  C:\Windows\System\JGZkaPb.exe
  2⤵
  PID:8336
- C:\Windows\System\cvHdMuF.exe
  C:\Windows\System\cvHdMuF.exe
  2⤵
  PID:8356
- C:\Windows\System\mPVYjwO.exe
  C:\Windows\System\mPVYjwO.exe
  2⤵
  PID:8376
- C:\Windows\System\CWbumIM.exe
  C:\Windows\System\CWbumIM.exe
  2⤵
  PID:8396
- C:\Windows\System\ZPqMXAT.exe
  C:\Windows\System\ZPqMXAT.exe
  2⤵
  PID:8416
- C:\Windows\System\PLqpISg.exe
  C:\Windows\System\PLqpISg.exe
  2⤵
  PID:8436
- C:\Windows\System\jcHUcLQ.exe
  C:\Windows\System\jcHUcLQ.exe
  2⤵
  PID:8456
- C:\Windows\System\Okovxpa.exe
  C:\Windows\System\Okovxpa.exe
  2⤵
  PID:8476
- C:\Windows\System\BpumQIw.exe
  C:\Windows\System\BpumQIw.exe
  2⤵
  PID:8496
- C:\Windows\System\YEnWunb.exe
  C:\Windows\System\YEnWunb.exe
  2⤵
  PID:8512
- C:\Windows\System\hIilAdu.exe
  C:\Windows\System\hIilAdu.exe
  2⤵
  PID:8528
- C:\Windows\System\PjBRetf.exe
  C:\Windows\System\PjBRetf.exe
  2⤵
  PID:8544
- C:\Windows\System\vAsZujU.exe
  C:\Windows\System\vAsZujU.exe
  2⤵
  PID:8560
- C:\Windows\System\ZbmQxRV.exe
  C:\Windows\System\ZbmQxRV.exe
  2⤵
  PID:8576
- C:\Windows\System\SSzhQes.exe
  C:\Windows\System\SSzhQes.exe
  2⤵
  PID:8592
- C:\Windows\System\MdlhmTU.exe
  C:\Windows\System\MdlhmTU.exe
  2⤵
  PID:8608
- C:\Windows\System\uYHGwEJ.exe
  C:\Windows\System\uYHGwEJ.exe
  2⤵
  PID:8624
- C:\Windows\System\miMGEam.exe
  C:\Windows\System\miMGEam.exe
  2⤵
  PID:8640
- C:\Windows\System\NQPmTtu.exe
  C:\Windows\System\NQPmTtu.exe
  2⤵
  PID:8656
- C:\Windows\System\FluOFvx.exe
  C:\Windows\System\FluOFvx.exe
  2⤵
  PID:8680
- C:\Windows\System\PHQYNsv.exe
  C:\Windows\System\PHQYNsv.exe
  2⤵
  PID:8696
- C:\Windows\System\MMTaaUM.exe
  C:\Windows\System\MMTaaUM.exe
  2⤵
  PID:8712
- C:\Windows\System\ZmxQuVJ.exe
  C:\Windows\System\ZmxQuVJ.exe
  2⤵
  PID:8776
- C:\Windows\System\iYdSylj.exe
  C:\Windows\System\iYdSylj.exe
  2⤵
  PID:8828
- C:\Windows\System\qjzjwqa.exe
  C:\Windows\System\qjzjwqa.exe
  2⤵
  PID:8844
- C:\Windows\System\HpliYob.exe
  C:\Windows\System\HpliYob.exe
  2⤵
  PID:8860
- C:\Windows\System\WxNUQfY.exe
  C:\Windows\System\WxNUQfY.exe
  2⤵
  PID:8876
- C:\Windows\System\AEwSDeq.exe
  C:\Windows\System\AEwSDeq.exe
  2⤵
  PID:8904
- C:\Windows\System\AZAHBuU.exe
  C:\Windows\System\AZAHBuU.exe
  2⤵
  PID:8924
- C:\Windows\System\HFAGZTt.exe
  C:\Windows\System\HFAGZTt.exe
  2⤵
  PID:8956
- C:\Windows\System\taAbnBF.exe
  C:\Windows\System\taAbnBF.exe
  2⤵
  PID:8980
- C:\Windows\System\kNOSRSy.exe
  C:\Windows\System\kNOSRSy.exe
  2⤵
  PID:9040
- C:\Windows\System\ThXEFxk.exe
  C:\Windows\System\ThXEFxk.exe
  2⤵
  PID:9056
- C:\Windows\System\HkxXwqb.exe
  C:\Windows\System\HkxXwqb.exe
  2⤵
  PID:9076
- C:\Windows\System\oRIoWjd.exe
  C:\Windows\System\oRIoWjd.exe
  2⤵
  PID:9100
- C:\Windows\System\qUHilXq.exe
  C:\Windows\System\qUHilXq.exe
  2⤵
  PID:9116
- C:\Windows\System\oliQBRM.exe
  C:\Windows\System\oliQBRM.exe
  2⤵
  PID:9132
- C:\Windows\System\uSgVWTl.exe
  C:\Windows\System\uSgVWTl.exe
  2⤵
  PID:9156
- C:\Windows\System\yiHgTCt.exe
  C:\Windows\System\yiHgTCt.exe
  2⤵
  PID:9172
- C:\Windows\System\okvxFtU.exe
  C:\Windows\System\okvxFtU.exe
  2⤵
  PID:9192
- C:\Windows\System\FvxlRHp.exe
  C:\Windows\System\FvxlRHp.exe
  2⤵
  PID:9212
- C:\Windows\System\gJRTuzS.exe
  C:\Windows\System\gJRTuzS.exe
  2⤵
  PID:6132
- C:\Windows\System\fqFSnZS.exe
  C:\Windows\System\fqFSnZS.exe
  2⤵
  PID:7344
- C:\Windows\System\duesAPr.exe
  C:\Windows\System\duesAPr.exe
  2⤵
  PID:2328
- C:\Windows\System\OIIbqVK.exe
  C:\Windows\System\OIIbqVK.exe
  2⤵
  PID:7664
- C:\Windows\System\aAFjLFH.exe
  C:\Windows\System\aAFjLFH.exe
  2⤵
  PID:2984
- C:\Windows\System\jjcyHYy.exe
  C:\Windows\System\jjcyHYy.exe
  2⤵
  PID:8200
- C:\Windows\System\tFDlxrR.exe
  C:\Windows\System\tFDlxrR.exe
  2⤵
  PID:8204
- C:\Windows\System\melmmdJ.exe
  C:\Windows\System\melmmdJ.exe
  2⤵
  PID:8308
- C:\Windows\System\TKYbYsX.exe
  C:\Windows\System\TKYbYsX.exe
  2⤵
  PID:8332
- C:\Windows\System\jhlEjvn.exe
  C:\Windows\System\jhlEjvn.exe
  2⤵
  PID:8384
- C:\Windows\System\gCdnlBB.exe
  C:\Windows\System\gCdnlBB.exe
  2⤵
  PID:8388
- C:\Windows\System\lAbqTsb.exe
  C:\Windows\System\lAbqTsb.exe
  2⤵
  PID:8424
- C:\Windows\System\qGhaXcQ.exe
  C:\Windows\System\qGhaXcQ.exe
  2⤵
  PID:8472
- C:\Windows\System\aZlJjVP.exe
  C:\Windows\System\aZlJjVP.exe
  2⤵
  PID:8468
- C:\Windows\System\EXAavjK.exe
  C:\Windows\System\EXAavjK.exe
  2⤵
  PID:8520
- C:\Windows\System\vaOIvjp.exe
  C:\Windows\System\vaOIvjp.exe
  2⤵
  PID:8552
- C:\Windows\System\UNtamPm.exe
  C:\Windows\System\UNtamPm.exe
  2⤵
  PID:8600
- C:\Windows\System\TLGdXMV.exe
  C:\Windows\System\TLGdXMV.exe
  2⤵
  PID:8616
- C:\Windows\System\zOBOIam.exe
  C:\Windows\System\zOBOIam.exe
  2⤵
  PID:8652
- C:\Windows\System\jTZHPuh.exe
  C:\Windows\System\jTZHPuh.exe
  2⤵
  PID:8668
- C:\Windows\System\PHEEqND.exe
  C:\Windows\System\PHEEqND.exe
  2⤵
  PID:8708
- C:\Windows\System\AGibCqD.exe
  C:\Windows\System\AGibCqD.exe
  2⤵
  PID:8732
- C:\Windows\System\JVwOEbi.exe
  C:\Windows\System\JVwOEbi.exe
  2⤵
  PID:2772
- C:\Windows\System\INjzgIT.exe
  C:\Windows\System\INjzgIT.exe
  2⤵
  PID:476
- C:\Windows\System\oAuLFor.exe
  C:\Windows\System\oAuLFor.exe
  2⤵
  PID:2296
- C:\Windows\System\EzWIIBU.exe
  C:\Windows\System\EzWIIBU.exe
  2⤵
  PID:1868
- C:\Windows\System\Qonnivv.exe
  C:\Windows\System\Qonnivv.exe
  2⤵
  PID:1664
- C:\Windows\System\IJYQyzR.exe
  C:\Windows\System\IJYQyzR.exe
  2⤵
  PID:1628
- C:\Windows\System\uQHPgLs.exe
  C:\Windows\System\uQHPgLs.exe
  2⤵
  PID:8800
- C:\Windows\System\tbCXwEk.exe
  C:\Windows\System\tbCXwEk.exe
  2⤵
  PID:548
- C:\Windows\System\RMmJDOZ.exe
  C:\Windows\System\RMmJDOZ.exe
  2⤵
  PID:1252
- C:\Windows\System\rOWHmzq.exe
  C:\Windows\System\rOWHmzq.exe
  2⤵
  PID:2360
- C:\Windows\System\YiQTTCL.exe
  C:\Windows\System\YiQTTCL.exe
  2⤵
  PID:8820
- C:\Windows\System\sEvSqWU.exe
  C:\Windows\System\sEvSqWU.exe
  2⤵
  PID:8920
- C:\Windows\System\BSJzHOd.exe
  C:\Windows\System\BSJzHOd.exe
  2⤵
  PID:8884
- C:\Windows\System\wrKcJgO.exe
  C:\Windows\System\wrKcJgO.exe
  2⤵
  PID:8852
- C:\Windows\System\NAigYGK.exe
  C:\Windows\System\NAigYGK.exe
  2⤵
  PID:8972
- C:\Windows\System\lLdruBP.exe
  C:\Windows\System\lLdruBP.exe
  2⤵
  PID:9012
- C:\Windows\System\FIbspDf.exe
  C:\Windows\System\FIbspDf.exe
  2⤵
  PID:9052
- C:\Windows\System\HibPDVt.exe
  C:\Windows\System\HibPDVt.exe
  2⤵
  PID:9096
- C:\Windows\System\qXOILkY.exe
  C:\Windows\System\qXOILkY.exe
  2⤵
  PID:9124
- C:\Windows\System\ZwLqVvp.exe
  C:\Windows\System\ZwLqVvp.exe
  2⤵
  PID:9200
- C:\Windows\System\ZrFzyzV.exe
  C:\Windows\System\ZrFzyzV.exe
  2⤵
  PID:9188
- C:\Windows\System\mQerngc.exe
  C:\Windows\System\mQerngc.exe
  2⤵
  PID:2888
- C:\Windows\System\lQGWGhR.exe
  C:\Windows\System\lQGWGhR.exe
  2⤵
  PID:6888
- C:\Windows\System\Hxbiges.exe
  C:\Windows\System\Hxbiges.exe
  2⤵
  PID:7628
- C:\Windows\System\czyuVQU.exe
  C:\Windows\System\czyuVQU.exe
  2⤵
  PID:7820
- C:\Windows\System\MOodtFP.exe
  C:\Windows\System\MOodtFP.exe
  2⤵
  PID:8208
- C:\Windows\System\ofbPNQq.exe
  C:\Windows\System\ofbPNQq.exe
  2⤵
  PID:8352
- C:\Windows\System\JDjJprF.exe
  C:\Windows\System\JDjJprF.exe
  2⤵
  PID:8404
- C:\Windows\System\anCzkKB.exe
  C:\Windows\System\anCzkKB.exe
  2⤵
  PID:8448
- C:\Windows\System\YPZYuyL.exe
  C:\Windows\System\YPZYuyL.exe
  2⤵
  PID:8368
- C:\Windows\System\nGyudhn.exe
  C:\Windows\System\nGyudhn.exe
  2⤵
  PID:8488
- C:\Windows\System\xQSFRWb.exe
  C:\Windows\System\xQSFRWb.exe
  2⤵
  PID:8604
- C:\Windows\System\vqPDXVC.exe
  C:\Windows\System\vqPDXVC.exe
  2⤵
  PID:2324
- C:\Windows\System\sBKalAG.exe
  C:\Windows\System\sBKalAG.exe
  2⤵
  PID:8728
- C:\Windows\System\RuKejaR.exe
  C:\Windows\System\RuKejaR.exe
  2⤵
  PID:6008
- C:\Windows\System\JExpeDn.exe
  C:\Windows\System\JExpeDn.exe
  2⤵
  PID:2916
- C:\Windows\System\mFvRBKe.exe
  C:\Windows\System\mFvRBKe.exe
  2⤵
  PID:1776
- C:\Windows\System\AdCgrje.exe
  C:\Windows\System\AdCgrje.exe
  2⤵
  PID:8788
- C:\Windows\System\ugbqZSo.exe
  C:\Windows\System\ugbqZSo.exe
  2⤵
  PID:1748
- C:\Windows\System\HzMniGd.exe
  C:\Windows\System\HzMniGd.exe
  2⤵
  PID:2920
- C:\Windows\System\ecRVAPZ.exe
  C:\Windows\System\ecRVAPZ.exe
  2⤵
  PID:8824
- C:\Windows\System\qvJzbTL.exe
  C:\Windows\System\qvJzbTL.exe
  2⤵
  PID:8912
- C:\Windows\System\QuOmoqD.exe
  C:\Windows\System\QuOmoqD.exe
  2⤵
  PID:8900
- C:\Windows\System\fHUNXNL.exe
  C:\Windows\System\fHUNXNL.exe
  2⤵
  PID:9164
- C:\Windows\System\zavqfpo.exe
  C:\Windows\System\zavqfpo.exe
  2⤵
  PID:9208
- C:\Windows\System\vbLEOOh.exe
  C:\Windows\System\vbLEOOh.exe
  2⤵
  PID:7176
- C:\Windows\System\ejgFOih.exe
  C:\Windows\System\ejgFOih.exe
  2⤵
  PID:9108
- C:\Windows\System\ezyOngS.exe
  C:\Windows\System\ezyOngS.exe
  2⤵
  PID:8940
- C:\Windows\System\IyPZank.exe
  C:\Windows\System\IyPZank.exe
  2⤵
  PID:9048
- C:\Windows\System\MdGrmcw.exe
  C:\Windows\System\MdGrmcw.exe
  2⤵
  PID:8428
- C:\Windows\System\iQeBKWQ.exe
  C:\Windows\System\iQeBKWQ.exe
  2⤵
  PID:8508
- C:\Windows\System\zwERcUi.exe
  C:\Windows\System\zwERcUi.exe
  2⤵
  PID:7600
- C:\Windows\System\jvPSKhu.exe
  C:\Windows\System\jvPSKhu.exe
  2⤵
  PID:8412
- C:\Windows\System\WMMWoPL.exe
  C:\Windows\System\WMMWoPL.exe
  2⤵
  PID:8524
- C:\Windows\System\TnWaWvj.exe
  C:\Windows\System\TnWaWvj.exe
  2⤵
  PID:2928
- C:\Windows\System\KqWzVdl.exe
  C:\Windows\System\KqWzVdl.exe
  2⤵
  PID:1720
- C:\Windows\System\dFlMoAE.exe
  C:\Windows\System\dFlMoAE.exe
  2⤵
  PID:2336
- C:\Windows\System\UYyLNpy.exe
  C:\Windows\System\UYyLNpy.exe
  2⤵
  PID:1264
- C:\Windows\System\iTXaIAP.exe
  C:\Windows\System\iTXaIAP.exe
  2⤵
  PID:3044
- C:\Windows\System\LOpuyRM.exe
  C:\Windows\System\LOpuyRM.exe
  2⤵
  PID:8840
- C:\Windows\System\HBMaTtD.exe
  C:\Windows\System\HBMaTtD.exe
  2⤵
  PID:8896
- C:\Windows\System\fFDCdnq.exe
  C:\Windows\System\fFDCdnq.exe
  2⤵
  PID:2252
- C:\Windows\System\qjhhiXi.exe
  C:\Windows\System\qjhhiXi.exe
  2⤵
  PID:8364
- C:\Windows\System\sTxXlDn.exe
  C:\Windows\System\sTxXlDn.exe
  2⤵
  PID:9088
- C:\Windows\System\KEfHGwq.exe
  C:\Windows\System\KEfHGwq.exe
  2⤵
  PID:4200
- C:\Windows\System\umoZDxI.exe
  C:\Windows\System\umoZDxI.exe
  2⤵
  PID:8672
- C:\Windows\System\NsqvbgV.exe
  C:\Windows\System\NsqvbgV.exe
  2⤵
  PID:9112
- C:\Windows\System\IIpGEJT.exe
  C:\Windows\System\IIpGEJT.exe
  2⤵
  PID:2880
- C:\Windows\System\EXyTyeM.exe
  C:\Windows\System\EXyTyeM.exe
  2⤵
  PID:3004
- C:\Windows\System\CyqhEgL.exe
  C:\Windows\System\CyqhEgL.exe
  2⤵
  PID:8184
- C:\Windows\System\fTYHgIW.exe
  C:\Windows\System\fTYHgIW.exe
  2⤵
  PID:2588
- C:\Windows\System\DytCaLQ.exe
  C:\Windows\System\DytCaLQ.exe
  2⤵
  PID:8872
- C:\Windows\System\fjQEbQo.exe
  C:\Windows\System\fjQEbQo.exe
  2⤵
  PID:6728
- C:\Windows\System\yYGysGI.exe
  C:\Windows\System\yYGysGI.exe
  2⤵
  PID:8228
- C:\Windows\System\pfhAbXa.exe
  C:\Windows\System\pfhAbXa.exe
  2⤵
  PID:2728
- C:\Windows\System\xWUFRko.exe
  C:\Windows\System\xWUFRko.exe
  2⤵
  PID:8796
- C:\Windows\System\UqwlHiR.exe
  C:\Windows\System\UqwlHiR.exe
  2⤵
  PID:7920
- C:\Windows\System\NqNHiqn.exe
  C:\Windows\System\NqNHiqn.exe
  2⤵
  PID:9180
- C:\Windows\System\oyocHXh.exe
  C:\Windows\System\oyocHXh.exe
  2⤵
  PID:688
- C:\Windows\System\Usrdqms.exe
  C:\Windows\System\Usrdqms.exe
  2⤵
  PID:8464
- C:\Windows\System\KfDwtVi.exe
  C:\Windows\System\KfDwtVi.exe
  2⤵
  PID:2012
- C:\Windows\System\eyaMVyS.exe
  C:\Windows\System\eyaMVyS.exe
  2⤵
  PID:8492
- C:\Windows\System\ffKaoAl.exe
  C:\Windows\System\ffKaoAl.exe
  2⤵
  PID:9072
- C:\Windows\System\UKhQGkm.exe
  C:\Windows\System\UKhQGkm.exe
  2⤵
  PID:1660
- C:\Windows\System\rSvXHar.exe
  C:\Windows\System\rSvXHar.exe
  2⤵
  PID:9228
- C:\Windows\System\FmBbjdw.exe
  C:\Windows\System\FmBbjdw.exe
  2⤵
  PID:9244
- C:\Windows\System\kSNNDSr.exe
  C:\Windows\System\kSNNDSr.exe
  2⤵
  PID:9264
- C:\Windows\System\SsnAlxK.exe
  C:\Windows\System\SsnAlxK.exe
  2⤵
  PID:9280
- C:\Windows\System\xNoffmZ.exe
  C:\Windows\System\xNoffmZ.exe
  2⤵
  PID:9308
- C:\Windows\System\cPoOSfJ.exe
  C:\Windows\System\cPoOSfJ.exe
  2⤵
  PID:9324
- C:\Windows\System\qpZlAyR.exe
  C:\Windows\System\qpZlAyR.exe
  2⤵
  PID:9344
- C:\Windows\System\SjgAumC.exe
  C:\Windows\System\SjgAumC.exe
  2⤵
  PID:9376
- C:\Windows\System\PLDrYCV.exe
  C:\Windows\System\PLDrYCV.exe
  2⤵
  PID:9396
- C:\Windows\System\QwEZxTK.exe
  C:\Windows\System\QwEZxTK.exe
  2⤵
  PID:9416
- C:\Windows\System\kYgFJqL.exe
  C:\Windows\System\kYgFJqL.exe
  2⤵
  PID:9436
- C:\Windows\System\lxurVAA.exe
  C:\Windows\System\lxurVAA.exe
  2⤵
  PID:9452
- C:\Windows\System\iPgMklF.exe
  C:\Windows\System\iPgMklF.exe
  2⤵
  PID:9468
- C:\Windows\System\SPlrqPq.exe
  C:\Windows\System\SPlrqPq.exe
  2⤵
  PID:9484
- C:\Windows\System\ggoSMZb.exe
  C:\Windows\System\ggoSMZb.exe
  2⤵
  PID:9516
- C:\Windows\System\wEAlObn.exe
  C:\Windows\System\wEAlObn.exe
  2⤵
  PID:9536
- C:\Windows\System\ByaWRgE.exe
  C:\Windows\System\ByaWRgE.exe
  2⤵
  PID:9556
- C:\Windows\System\pwARQPz.exe
  C:\Windows\System\pwARQPz.exe
  2⤵
  PID:9580
- C:\Windows\System\JLaFTNM.exe
  C:\Windows\System\JLaFTNM.exe
  2⤵
  PID:9596
- C:\Windows\System\HYOSQwQ.exe
  C:\Windows\System\HYOSQwQ.exe
  2⤵
  PID:9612
- C:\Windows\System\oLUGJJZ.exe
  C:\Windows\System\oLUGJJZ.exe
  2⤵
  PID:9636
- C:\Windows\System\oRUwZFq.exe
  C:\Windows\System\oRUwZFq.exe
  2⤵
  PID:9664
- C:\Windows\System\djQGYcU.exe
  C:\Windows\System\djQGYcU.exe
  2⤵
  PID:9680
- C:\Windows\System\tOzgAcl.exe
  C:\Windows\System\tOzgAcl.exe
  2⤵
  PID:9696
- C:\Windows\System\sDczVEP.exe
  C:\Windows\System\sDczVEP.exe
  2⤵
  PID:9716
- C:\Windows\System\klLuExA.exe
  C:\Windows\System\klLuExA.exe
  2⤵
  PID:9736
- C:\Windows\System\cIKJdfs.exe
  C:\Windows\System\cIKJdfs.exe
  2⤵
  PID:9752
- C:\Windows\System\JMVLUVh.exe
  C:\Windows\System\JMVLUVh.exe
  2⤵
  PID:9768
- C:\Windows\System\XPRFRTC.exe
  C:\Windows\System\XPRFRTC.exe
  2⤵
  PID:9792
- C:\Windows\System\USzivfM.exe
  C:\Windows\System\USzivfM.exe
  2⤵
  PID:9820
- C:\Windows\System\ByIEBQR.exe
  C:\Windows\System\ByIEBQR.exe
  2⤵
  PID:9836
- C:\Windows\System\IFqsStX.exe
  C:\Windows\System\IFqsStX.exe
  2⤵
  PID:9856
- C:\Windows\System\BRdPDUN.exe
  C:\Windows\System\BRdPDUN.exe
  2⤵
  PID:9876
- C:\Windows\System\nDWqjzb.exe
  C:\Windows\System\nDWqjzb.exe
  2⤵
  PID:9892
- C:\Windows\System\zuiUhek.exe
  C:\Windows\System\zuiUhek.exe
  2⤵
  PID:9908
- C:\Windows\System\SqNJdfz.exe
  C:\Windows\System\SqNJdfz.exe
  2⤵
  PID:9928
- C:\Windows\System\PfUMjqC.exe
  C:\Windows\System\PfUMjqC.exe
  2⤵
  PID:9952
- C:\Windows\System\wAyySKx.exe
  C:\Windows\System\wAyySKx.exe
  2⤵
  PID:9972
- C:\Windows\System\rQemwiE.exe
  C:\Windows\System\rQemwiE.exe
  2⤵
  PID:9992
- C:\Windows\System\dqLxFSY.exe
  C:\Windows\System\dqLxFSY.exe
  2⤵
  PID:10008
- C:\Windows\System\kKetdHe.exe
  C:\Windows\System\kKetdHe.exe
  2⤵
  PID:10024
- C:\Windows\System\bCrGdmn.exe
  C:\Windows\System\bCrGdmn.exe
  2⤵
  PID:10044
- C:\Windows\System\WcSJaEG.exe
  C:\Windows\System\WcSJaEG.exe
  2⤵
  PID:10084
- C:\Windows\System\MUFEuWa.exe
  C:\Windows\System\MUFEuWa.exe
  2⤵
  PID:10104
- C:\Windows\System\PnjRGPF.exe
  C:\Windows\System\PnjRGPF.exe
  2⤵
  PID:10124
- C:\Windows\System\eUhpWFu.exe
  C:\Windows\System\eUhpWFu.exe
  2⤵
  PID:10140
- C:\Windows\System\uIjzftm.exe
  C:\Windows\System\uIjzftm.exe
  2⤵
  PID:10168
- C:\Windows\System\uXMrVJD.exe
  C:\Windows\System\uXMrVJD.exe
  2⤵
  PID:10188
- C:\Windows\System\aQFqCEO.exe
  C:\Windows\System\aQFqCEO.exe
  2⤵
  PID:10208
- C:\Windows\System\RbzCAyj.exe
  C:\Windows\System\RbzCAyj.exe
  2⤵
  PID:10228
- C:\Windows\System\zbQllNx.exe
  C:\Windows\System\zbQllNx.exe
  2⤵
  PID:9240
- C:\Windows\System\mgCdvHm.exe
  C:\Windows\System\mgCdvHm.exe
  2⤵
  PID:2804
- C:\Windows\System\SmkbyPx.exe
  C:\Windows\System\SmkbyPx.exe
  2⤵
  PID:2088
- C:\Windows\System\UBkMehs.exe
  C:\Windows\System\UBkMehs.exe
  2⤵
  PID:8452
- C:\Windows\System\lbMHIdg.exe
  C:\Windows\System\lbMHIdg.exe
  2⤵
  PID:9320
- C:\Windows\System\cakGkds.exe
  C:\Windows\System\cakGkds.exe
  2⤵
  PID:9368
- C:\Windows\System\yNWAcqu.exe
  C:\Windows\System\yNWAcqu.exe
  2⤵
  PID:9356
- C:\Windows\System\eISrBFH.exe
  C:\Windows\System\eISrBFH.exe
  2⤵
  PID:9412
- C:\Windows\System\NNmJfns.exe
  C:\Windows\System\NNmJfns.exe
  2⤵
  PID:9432
- C:\Windows\System\bszkcQh.exe
  C:\Windows\System\bszkcQh.exe
  2⤵
  PID:9464
- C:\Windows\System\zirNnJD.exe
  C:\Windows\System\zirNnJD.exe
  2⤵
  PID:9492
- C:\Windows\System\bgcupqp.exe
  C:\Windows\System\bgcupqp.exe
  2⤵
  PID:9504
- C:\Windows\System\ADgJjKw.exe
  C:\Windows\System\ADgJjKw.exe
  2⤵
  PID:9564
- C:\Windows\System\JljFIMr.exe
  C:\Windows\System\JljFIMr.exe
  2⤵
  PID:9608
- C:\Windows\System\QzhqsqG.exe
  C:\Windows\System\QzhqsqG.exe
  2⤵
  PID:9632
- C:\Windows\System\kzmDpMv.exe
  C:\Windows\System\kzmDpMv.exe
  2⤵
  PID:9688
- C:\Windows\System\RmmaPSS.exe
  C:\Windows\System\RmmaPSS.exe
  2⤵
  PID:9732
- C:\Windows\System\gSIXkms.exe
  C:\Windows\System\gSIXkms.exe
  2⤵
  PID:9712
- C:\Windows\System\vjyxHFo.exe
  C:\Windows\System\vjyxHFo.exe
  2⤵
  PID:9808
- C:\Windows\System\LCsWbsn.exe
  C:\Windows\System\LCsWbsn.exe
  2⤵
  PID:9776
- C:\Windows\System\TuhMxFT.exe
  C:\Windows\System\TuhMxFT.exe
  2⤵
  PID:9788
- C:\Windows\System\AUvnDFd.exe
  C:\Windows\System\AUvnDFd.exe
  2⤵
  PID:9960
- C:\Windows\System\uAHZlKS.exe
  C:\Windows\System\uAHZlKS.exe
  2⤵
  PID:10036
- C:\Windows\System\kSkclSQ.exe
  C:\Windows\System\kSkclSQ.exe
  2⤵
  PID:10016
- C:\Windows\System\kIkexkE.exe
  C:\Windows\System\kIkexkE.exe
  2⤵
  PID:9944
- C:\Windows\System\ZaTerLZ.exe
  C:\Windows\System\ZaTerLZ.exe
  2⤵
  PID:9864
- C:\Windows\System\tjTmzjY.exe
  C:\Windows\System\tjTmzjY.exe
  2⤵
  PID:10064
- C:\Windows\System\LiPOHdX.exe
  C:\Windows\System\LiPOHdX.exe
  2⤵
  PID:10080
- C:\Windows\System\fWUCgxz.exe
  C:\Windows\System\fWUCgxz.exe
  2⤵
  PID:10132
- C:\Windows\System\RWarfLE.exe
  C:\Windows\System\RWarfLE.exe
  2⤵
  PID:10156
- C:\Windows\System\uCgfhCu.exe
  C:\Windows\System\uCgfhCu.exe
  2⤵
  PID:10180
- C:\Windows\System\iDDDHwn.exe
  C:\Windows\System\iDDDHwn.exe
  2⤵
  PID:10224
- C:\Windows\System\lUbfqXx.exe
  C:\Windows\System\lUbfqXx.exe
  2⤵
  PID:9224
- C:\Windows\System\HoBOjru.exe
  C:\Windows\System\HoBOjru.exe
  2⤵
  PID:9260
- C:\Windows\System\DdckYmo.exe
  C:\Windows\System\DdckYmo.exe
  2⤵
  PID:9332
- C:\Windows\System\FwuTTUu.exe
  C:\Windows\System\FwuTTUu.exe
  2⤵
  PID:9512
- C:\Windows\System\GfofDuQ.exe
  C:\Windows\System\GfofDuQ.exe
  2⤵
  PID:9592
- C:\Windows\System\uvAYxng.exe
  C:\Windows\System\uvAYxng.exe
  2⤵
  PID:9300
- C:\Windows\System\GmIigJi.exe
  C:\Windows\System\GmIigJi.exe
  2⤵
  PID:9652
- C:\Windows\System\ZDIglyZ.exe
  C:\Windows\System\ZDIglyZ.exe
  2⤵
  PID:9392
- C:\Windows\System\oWzUhnU.exe
  C:\Windows\System\oWzUhnU.exe
  2⤵
  PID:9624
- C:\Windows\System\lPlATUI.exe
  C:\Windows\System\lPlATUI.exe
  2⤵
  PID:9692
- C:\Windows\System\vvxPOKD.exe
  C:\Windows\System\vvxPOKD.exe
  2⤵
  PID:9748
- C:\Windows\System\XNDABVF.exe
  C:\Windows\System\XNDABVF.exe
  2⤵
  PID:9844
- C:\Windows\System\EgwXbVw.exe
  C:\Windows\System\EgwXbVw.exe
  2⤵
  PID:9852
- C:\Windows\System\kDPaIeZ.exe
  C:\Windows\System\kDPaIeZ.exe
  2⤵
  PID:10052
- C:\Windows\System\ARGvtHs.exe
  C:\Windows\System\ARGvtHs.exe
  2⤵
  PID:9900
- C:\Windows\System\cGxvpEO.exe
  C:\Windows\System\cGxvpEO.exe
  2⤵
  PID:9948
- C:\Windows\System\JqqQDcx.exe
  C:\Windows\System\JqqQDcx.exe
  2⤵
  PID:10100
- C:\Windows\System\baEsXek.exe
  C:\Windows\System\baEsXek.exe
  2⤵
  PID:10136
- C:\Windows\System\IRrIwar.exe
  C:\Windows\System\IRrIwar.exe
  2⤵
  PID:10216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BDhlOnV.exe

Filesize
6.0MB

MD5
99924ea56e2300692d81f44e0c9041e3

SHA1
287d2bf4f2f83ba672163d0d21f313c5e7adf875

SHA256
92b6e504a3f4b2fc59a0145cf288618542fbbd666463db4050e9bc7a5cc87012

SHA512
ca58547c2c52600b6ea3d716d5aff0fcd9c98a38e05f25c92a9075f3761072b64440a519908c39c89aece007046ee04064d7808f6ca0dd12964d0758271e85ec

Download Submit
C:\Windows\system\DQeYOcE.exe

Filesize
6.0MB

MD5
a5246a36239049d82de98aeaeec561aa

SHA1
e70ca6add0438fbbac87686cd28a0e0d8d99d6fb

SHA256
50c94f2a375fae7522e2dbc82a0f474f26b112c0c834c5e5fd845b8f29cf62a8

SHA512
05fba10a22207f017f19e1724d4dae9373bc67acf6e4e0568a2764cfdfe3b134301d39075b2eedf36e0d37be04bb5c53229f9a5eab2edf67999898195124bc30

Download Submit
C:\Windows\system\EuhMYfq.exe

Filesize
6.0MB

MD5
42bd7f9909518db77ac1234cd29dd6d9

SHA1
5201c36cfa43a9f1c39c4b58982b895e8b9bc9fb

SHA256
ee50ccec391d493254c018eb55cc3a54b71e1f54f79fa7bb87a7eb3431d5e0be

SHA512
581255111c97726e0cd05f6a20f8a4d864a1c0f01d5cb7ee1dd98ef1b8554682327d3283433358dd24b863e4ee8c8fdfe20063ab047aac6740893a4c4871e5c4

Download Submit
C:\Windows\system\FPypVaQ.exe

Filesize
6.0MB

MD5
ac8e4dac7e2153fdc1f862e93567608b

SHA1
52ea5e199f94c9e4eba20e465ff0d0792d959663

SHA256
aded6a16468eef3c5984f8b2d67463b5dc883231e2f24852104d08226a7c7f7a

SHA512
d3f33339ee6a5848c8100638c58bd0c6c0239db7ca27ef21dabd9bfa69b600c5955a18730e3d4ed503827e25caf19d7ca4e81ff7739a91cb8b1a0f5955fec081

Download Submit
C:\Windows\system\FTeyOjH.exe

Filesize
6.0MB

MD5
0e2973e0a0a9e6acfbb417c44bf033d4

SHA1
9cab2ff0bcae26f4f2547d8be04b848a414aabfc

SHA256
5379437ff351d622e2a6199333f06f149cc91b5b4505141c38efc3ee0d3c3c26

SHA512
2743d2f53cddb6e85788658e6394bdcd9f45f94c5cb457794a081d596b9610c16b18dfea785231ff04fdb496e31bbd408ca030702cd0caccd092f7086dd52aa6

Download Submit
C:\Windows\system\JZduLas.exe

Filesize
6.0MB

MD5
5fd489152994571130c27637de2fa2e7

SHA1
3701c45a7c40300c2b0e8e00cbf3fdbca0cceaa4

SHA256
ddbc0ef7b2162125a4fc6a288ebb69d7fb9829b6d9a78ea77f9dcc3598c2675b

SHA512
8599a358e96156aed056ed7408538778ac25bd7cb604a7e8429c2d1f582462470c2564e420a74bf1a82f609b60f9e4455c40e90d736058c83edc0e6bcfcf2469

Download Submit
C:\Windows\system\MtVtkIm.exe

Filesize
6.0MB

MD5
e8151c510a0ab796d1b45c2d9cdfc490

SHA1
a7a9cb060e96fad733b4d3bad8bc9b5e1b2d4175

SHA256
faa82d0887c0474e07822d8378715f9bdc758b021432ee5883fde471f2b03193

SHA512
ec57d907f9a31765215d7e3e491af368d457ae49be3eea942bc3ba0a373e9732906d2e93a2611427a9a201fce797bda9b262a7df31062f28cf0ce6aa24f601ab

Download Submit
C:\Windows\system\OoSPXxL.exe

Filesize
6.0MB

MD5
e7e9944e336cb67d49c68c1fa437f09a

SHA1
778ef8dde2b1e3f3334ae5adb2ff6cf32d7735b9

SHA256
e7c7e0781c4405de4132593fbc656db7b96814a795aeb5d60a464429154bf308

SHA512
d5450ea9818bc93836cb7bca1b92256baf6d122dcc62c11bcd0f7ada81ebc5f70ac51fb1bf37ec8bd330701b2f8478fc97de4a13b05d1105e84d1f206df920cf

Download Submit
C:\Windows\system\PRkZgmz.exe

Filesize
6.0MB

MD5
f553536514c329d9719540c0dae31768

SHA1
17a1b319e25c4090a72dcc0fb639cc1fdf91f353

SHA256
608b1eea7fe31d30ca4254a2c9564eb469c430e4c35141f914080753092d47f9

SHA512
c6872b73a8a1e1d9b12fa68c691ec7b9141e5e9bef3f88306972fb731d645fcc697a8dfac4ce1eeb9a84029bdcee96e9dab9729ed01a8737743a3b49a1998c31

Download Submit
C:\Windows\system\QmBMIDb.exe

Filesize
6.0MB

MD5
1489f528dd9c492a5b95ce18c50d213e

SHA1
f8e51e2821f2840a1d022b4a541c5e520911abb7

SHA256
4c9cff41ee1eb683a19f9838752c5323305d8b2d5100eddd0d89011097cdb5e6

SHA512
a25e094190cf097032254841fe8cba9c738df28aa553d2490b4db0bad695f89ed1e521e2c0a1819972e205325784f9e338a67ee2806a7c6942b728cca266b8f2

Download Submit
C:\Windows\system\UCisVBj.exe

Filesize
6.0MB

MD5
045dafaa3ddf58f3b07debb1ec6d4d19

SHA1
b67eb5625fb5576fa006b1ba27bad6311e348cff

SHA256
e6007202dddaf3e14251fa444e27a7bab579c721d6ef8eb63461da34bc527209

SHA512
1cfa60f2fa8890870eb58c74b9e104d57159c6277af189fc67a67cfae84d3ead0480a76c71468cef0b4dacbb18bd1f9c61082215291c7b30d70baf4992c896be

Download Submit
C:\Windows\system\UErEGjV.exe

Filesize
6.0MB

MD5
f48feff9fe82cdcd7980fba4d0cf791b

SHA1
747fb83cbb37df64df21b7e9e2ab4cc20193b7f2

SHA256
4a08b0c2af201b345cc3a45be52c68904f1c0e6e942b9e5d311c0ad799312111

SHA512
e1e7ea2a5ee54e8e6a1bea4e441c29d8841f0abace88aa6fd4cf6441c226d0d99875d35aab290b37c7f32bb1cc22d407befed9fcaaec1a503d7f4ec1b3a94398

Download Submit
C:\Windows\system\WnVmZgC.exe

Filesize
6.0MB

MD5
f95c902a8c7e1d9e52fc366f259c3331

SHA1
361b4d8a0c815c6620e9c6e01312ed956b6eb85d

SHA256
9907b90130144b880cfc9099afddebbffc047f66a8508783db94b11dc957e574

SHA512
d8ea49c274c84d8ef9ffe0e5b8af068aabac63345da059fbd041e8de06fc1659a01fec07995dc84b5acc65737f8fc7258c1d1fb464d3be7ffaad112164bca406

Download Submit
C:\Windows\system\WzIbHwD.exe

Filesize
6.0MB

MD5
a38edbf3a6f4b91c1de41b08a31a85c3

SHA1
2b3d092574fc20a8335a3235653f3e8b63554431

SHA256
8883da0e361a96f892d3b110fd0d245eca90a4613948f6e11a017ad56b6afe97

SHA512
031d4955f2b3d79b7cbcb3a210edc6e1bf6f5ca9a47effc1cf8591d4022123cd86b2b745e4dba70441d8e4eefebc80725eeae94b6b71beb258117ddee1058d2a

Download Submit
C:\Windows\system\YXkxvGV.exe

Filesize
6.0MB

MD5
7585689e18ed81b6d3043275034eebd4

SHA1
6e34cd71e200aeced5498245ce5baebf0f97f920

SHA256
34ba5b0abc265402a432ef270ec1d70c30b677db0fcdf1153d5345ab3d03f0a1

SHA512
24397a6a5639a08d76cece1a6b2e2aa2aaba6d4752d157f9f9e38bd894c14967e16f60a4e107724dcd886d924fa20c456e4b165840f05f0d22abbf40b50a4475

Download Submit
C:\Windows\system\ZUYIfFH.exe

Filesize
6.0MB

MD5
7408528a01b718753240dbe31c3c720a

SHA1
1afb05e218d0454dd7928e0e9381b036cf9edcc0

SHA256
b653f0d1c8fbae51e31b929dbeb0ee8ad5f3b373ecd18362b071b3600e60e6b4

SHA512
3a3b9c2cb25b3e4dccad1133f0dba2a13bd64842627b45cf48ecab832a7ebbd6fb7034b12b42a5db2afc4ecb212fbf913fcc1d370ae8a74b7a343b5da14ad059

Download Submit
C:\Windows\system\cckbtdn.exe

Filesize
6.0MB

MD5
7aae6d6f8a13fa0ef6746cd130239481

SHA1
8b09d8eb576e815907426ddf09a92758ddf18580

SHA256
777e5e7ecea768bd0daf361a566130625a36971f644ce442bd98569088f73380

SHA512
35f2eb7d2b10a5ffa701fc9282de5a5b55479a42ee37c016d7207a9e445d3211410b78701e9ddb92edc2b33bed30e467cf86fb3565a40efa6b56aed039e3f9bf

Download Submit
C:\Windows\system\dvPKGfi.exe

Filesize
6.0MB

MD5
22ec213e1178b1c239f2d528b01bb0e2

SHA1
8e79a0af5640a4df634d4174e247e3826bd38ffa

SHA256
948ad94e9cf545d694b683a004086b536c00895dae442f16b5f6911abff6ff9d

SHA512
8b39cefb2069cf5aee54eedc6f0b018dd90e9d132bc794c84133cafd130adef17f2812b4b44276b051faab59ac805d61039ad74af1c052068327c744b62006ce

Download Submit
C:\Windows\system\hGrPVrU.exe

Filesize
6.0MB

MD5
007f6f8c8fb734b791dbcb3419057244

SHA1
1b2a661cd51f7f22491ef0a1911e78a37443e61c

SHA256
6e0cdc72f4449963cb0e11dd9aec59e1b4e24e6a5b34ce8a4a966486c2a530ec

SHA512
ff97fee2c4af7d2ff6ba6ddfbf6543d84c5497c723432595145cd06592636ab007dec0bf35c1fa94d5444426d5f0031f91f4639e8c856ca18dfdf6f726e48b40

Download Submit
C:\Windows\system\katfZFM.exe

Filesize
6.0MB

MD5
fb242163de79fe44ed88e478a3026e15

SHA1
12e1966f00214d13897169bb17d8d23193f2ad97

SHA256
d7b42d127505b42786fb320efb278a8a1ff8a4679a6bf403c9e699a3e2271d9a

SHA512
f4707b400206ccdc8b088c115cd328d34e745f539bc1e0654d713141681acf92ff9ab8a6551e91c43c26d0990244c589c6cf3ff8158cf0ce3cd5af1f9f7fd845

Download Submit
C:\Windows\system\kgZelKr.exe

Filesize
6.0MB

MD5
c690da43123221d0eeffa0881e33f496

SHA1
5f0eafa0fe10a90b7f9a3c9cef5559d829e968c1

SHA256
095d30db65ae0b4710f8c42e48dfc3965fc8a48f9a8d01c4e34d3bd86f1c5377

SHA512
c0c795ca40669b4edf33e21ee84c7233657db723f92964fbddb5e21d651846ba922da49ce365aa05f874367c73bf812c5e8fe253ebbda656bbcac3f67f77e65f

Download Submit
C:\Windows\system\mdCvNnM.exe

Filesize
6.0MB

MD5
49d5336af103b61d09d0f467cf1d9e18

SHA1
6cde6cc93f08f602dc1485f3e9a3d5e79924aad3

SHA256
c654b1dd8e10f059fa429905fa506a0498b9b2e755ab48fbc2e8288bfd58847e

SHA512
be7dbbeca4314fd09edd3f07221819d26ee771e72309becdf53fee21407ff55359851fec68b796d11d0e9381ce1f87603d15461158647d23abd25d02da7ea8ef

Download Submit
C:\Windows\system\nvFCaKO.exe

Filesize
6.0MB

MD5
e169150c4cd309d857c738cced1138ab

SHA1
291a048e7db20d15cb04bf3d79b4cdd1dc621afc

SHA256
355f0fd92de550778b33280473a66c101cfe12089597c99b5c0ba1ea0a27bea4

SHA512
f681e117a4e41ba7118bce3a6860235c9d1f04dcf8d33ac8c664f5854e6402191e248214af7f33d590b3af7f706b91ab108c536ec651562179a325c3e85ea349

Download Submit
C:\Windows\system\rQhKFTG.exe

Filesize
6.0MB

MD5
7dab4014f473033e4f40c58b884571b1

SHA1
94423b53ab30079eab3e8bdef1b87fee77638be6

SHA256
96cf852992ca04690e698ff5e8e5f28a26d27a6bf858250ce246032c765403b3

SHA512
b3a5997a9abe1bf528296df36581a26cebc450ea0c6eff023608b79c329270d34f27acbb5aa2447c4d66f5d11033df843e3edb0fbe83311a5a3a57557241a01a

Download Submit
C:\Windows\system\trFcwdX.exe

Filesize
6.0MB

MD5
99a42492b610c61e09608484309098d2

SHA1
aff5966280916c50c39ddda31d616b7322ab808f

SHA256
2df8615e0791fd58063d55a1c17ea0cb43843774498951568ce4d2654aab3ae0

SHA512
cae08ffa86c09e58c8dc6e8cc54600a931561f73969dd7ac964069c66aba9578b3193da779f2665ab04d98c4198861340eb2e42b9a98c4da18d0a47fb074c33a

Download Submit
C:\Windows\system\vGSJoVw.exe

Filesize
6.0MB

MD5
1edce670fe0bd81cc94d862349a73c36

SHA1
588bd65201698225cd6a78d903f82c7ca304c1a1

SHA256
bbc3441573217e7c34a208cbe96897dda80e13f9bfb3dc741f25583e0543dde2

SHA512
e8fcf7e5e7b09e197074c8beafef76a667d8ac6ccdd55391084e0fbc2edb0e980f5cec28058e6a85a4b0448776b841599d0a8b9f746345643ffc4c3d5ad31b90

Download Submit
C:\Windows\system\vykkAZy.exe

Filesize
8B

MD5
febf99df58219c0be3df605839308be8

SHA1
fe08ce1d9706203d07fbc982e915a9748183cc3f

SHA256
2ce4a59836f0a031aec5d0d6f8f98a0ee6897953a52c2d5078ad2f6387c5fe28

SHA512
072f48361a96aff933e48813373ee8cb32016fd515623751cbbe6de4b7f708e17b737377255763f3861e774f66800a839af33790f30e4cf89e33517cb8d62729

Download Submit
C:\Windows\system\wETQgaG.exe

Filesize
6.0MB

MD5
cdde89e447d4012d20dd53b706a216d2

SHA1
ca80f7e3e829403be15838dfcc1f82560e458682

SHA256
03a1df85b5a12a323eee9202da4ec95e4f46719471612be0e356ab85acd9b12a

SHA512
ef9cc6b116bee6212e2628e846dfc4e173c4eff4372f329a00e5ca8ee97a5d5cc6d7677646cf55d420622300aa0ee911168124c81e185c381297df89cd57061f

Download Submit
C:\Windows\system\yaUwsSk.exe

Filesize
6.0MB

MD5
a21188996045ccbfba964ff2f90fcd94

SHA1
8b84ef0853737eaf48e5067dea9a65619d4e3aaf

SHA256
298d72c797c0fbd620572af1d93b338ab2fc4e2d8af94904e79c3b46effcff4b

SHA512
64b73be8c9b54ef42c4b1d7bd429209048ca49800de8c0a138eb924fc27b9073efb49959ea12d90a3ab3a42c2adc084e68d889c68cd7f0798d211fce93ef70c2

Download Submit
\Windows\system\fuONwHf.exe

Filesize
6.0MB

MD5
15a57b3ea358e003876127b0cec487b9

SHA1
7f0cedb1c91ea7964dd250f55f18602b0e13c004

SHA256
0b09ed21c684cf6322b8b378346b5f1d533dedfd71c290379328031a5ff82a5b

SHA512
7838434f101eca942dc458c188f84d312531c1ba74168fad1fb36d945bfee9d2bd534dc277815c2f1b8089d6ee55fac17b2530dce98f487baed3f04d20d39f9d

Download Submit
\Windows\system\nuvncJg.exe

Filesize
6.0MB

MD5
1fd11c5cd9b0943716507e9847699c4f

SHA1
d559d09037d07a45f4a5c9028c24b1e437e1c6fa

SHA256
f3a9add2a6d328e2a0ca7285f6ff66f1687c86b5d2026b5586f015bdfa559d60

SHA512
506bbb8acd71608ae9ebfdd63954805cc2c808593255045d0bdfcbb3120d66f25f475f972f2474afdf34228ff5078efef3d7569fe3eeafa3b58889493ba11193

Download Submit
\Windows\system\oQFpAMr.exe

Filesize
6.0MB

MD5
f76b3cca9af806e37385494ec0d6c422

SHA1
4c5e5d40e03bb1a673134c9dccb018631faa4fd2

SHA256
f8431c78735a941b015780fbea6ad61ed060b32d918f5de8f44b2bbeb336d3e7

SHA512
98368604c9c7c3d89cd2eb29f8166270ce6840660d262d3ff00a07f754c0c8048c2f42b947dab9934656b2424e1948ace498bb8ff4138cc2408dc866accd4599

Download Submit
\Windows\system\tytHgGN.exe

Filesize
6.0MB

MD5
1f5d4bd531363e45f7667cf62dedae62

SHA1
678c92db9bb6e446b14bdbda2689138c0ccb2be7

SHA256
222378396e37fece9f5ea530ff51199b5c117b14b179aedb0a86d93098256304

SHA512
471edd3a6c27905286cc7a9acc7885aa38d1e1981ee8c27765c9a6055f441096ada1e8c4b076dabda9f02a7dfee7d57473c8d60b0ef4664a31df753fc36d7d31

Download Submit
memory/592-3784-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/592-102-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/592-1130-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2144-3741-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-21-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2144-62-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/2156-979-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-98-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-331-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2156-1-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2156-31-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-680-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-106-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-18-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-75-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2156-67-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-97-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-54-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-26-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-0-0x0000000000580000-0x0000000000590000-memory.dmp

Filesize
64KB

Download
memory/2156-1286-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-58-0x00000000022D0000-0x0000000002624000-memory.dmp

Filesize
3.3MB

Download
memory/2156-36-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2180-93-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-3783-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2180-823-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-86-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-3748-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2260-49-0x000000013FB60000-0x000000013FEB4000-memory.dmp

Filesize
3.3MB

Download
memory/2268-87-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2268-3775-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2268-592-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2320-70-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3750-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2320-30-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2580-3737-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-8-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2580-52-0x000000013FB40000-0x000000013FE94000-memory.dmp

Filesize
3.3MB

Download
memory/2668-79-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2668-422-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2668-3782-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3767-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2716-234-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2716-71-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3769-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2748-78-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2748-34-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2784-63-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-101-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3781-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2860-3756-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2860-46-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2988-92-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2988-3779-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2988-55-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/3036-13-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-3733-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-57-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download