cobaltstrike | 5cc70988266dd5f584b2e071b8587008579064d15026402cebfeb358c81403eb

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

d832caa700d3b09933a8260d6cb4d0dd
SHA1

151f0fefa5fc8df04230953f526a1cc125deff3f
SHA256

5cc70988266dd5f584b2e071b8587008579064d15026402cebfeb358c81403eb
SHA512

f43c9feea544477509002fdc15c1033966a40dbf5655c526fcfb5405bc9a6f468084e33cc4ed1e664caf874be6814f679b7db1b135db324189b2e20c6ce7ef7f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a0000000120d5-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000017342-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017349-14.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017355-18.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a3-25.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173ab-30.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017429-35.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017467-41.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bec-65.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d5c-89.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e8-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e4-124.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2b9-118.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016e1d-116.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a033-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a05a-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a020-103.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f57-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ea-134.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3e6-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a2fc-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019f71-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d69-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cfc-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019cd5-81.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c0b-77.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf2-73.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf0-70.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-57.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-53.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-49.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017420-34.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001739f-22.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2572-0-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/files/0x000a0000000120d5-3.dat	xmrig
behavioral1/files/0x0009000000017342-10.dat	xmrig
behavioral1/files/0x0008000000017349-14.dat	xmrig
behavioral1/files/0x0007000000017355-18.dat	xmrig
behavioral1/files/0x00070000000173a3-25.dat	xmrig
behavioral1/files/0x00070000000173ab-30.dat	xmrig
behavioral1/files/0x0007000000017429-35.dat	xmrig
behavioral1/files/0x0008000000017467-41.dat	xmrig
behavioral1/files/0x00050000000195e0-45.dat	xmrig
behavioral1/files/0x0005000000019bec-65.dat	xmrig
behavioral1/files/0x0005000000019d5c-89.dat	xmrig
behavioral1/files/0x000500000001a3e8-131.dat	xmrig
behavioral1/files/0x000500000001a3e4-124.dat	xmrig
behavioral1/files/0x000500000001a2b9-118.dat	xmrig
behavioral1/files/0x0009000000016e1d-116.dat	xmrig
behavioral1/files/0x000500000001a033-112.dat	xmrig
behavioral1/files/0x000500000001a05a-109.dat	xmrig
behavioral1/files/0x000500000001a020-103.dat	xmrig
behavioral1/files/0x0005000000019f57-97.dat	xmrig
behavioral1/files/0x000500000001a3ea-134.dat	xmrig
behavioral1/files/0x000500000001a3e6-130.dat	xmrig
behavioral1/files/0x000500000001a2fc-122.dat	xmrig
behavioral1/files/0x0005000000019f71-101.dat	xmrig
behavioral1/memory/2320-534-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2516-571-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2824-611-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2504-667-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/2788-643-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2572-642-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2820-641-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2748-639-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/3036-592-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/memory/2848-586-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2760-584-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/1912-582-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2440-580-0x000000013F3D0000-0x000000013F724000-memory.dmp	xmrig
behavioral1/memory/2120-578-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/1956-557-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d69-93.dat	xmrig
behavioral1/files/0x0005000000019cfc-85.dat	xmrig
behavioral1/files/0x0005000000019cd5-81.dat	xmrig
behavioral1/files/0x0005000000019c0b-77.dat	xmrig
behavioral1/files/0x0005000000019bf2-73.dat	xmrig
behavioral1/files/0x0005000000019bf0-70.dat	xmrig
behavioral1/files/0x0005000000019931-61.dat	xmrig
behavioral1/files/0x00050000000196a0-57.dat	xmrig
behavioral1/files/0x0005000000019665-53.dat	xmrig
behavioral1/files/0x0005000000019624-49.dat	xmrig
behavioral1/files/0x0007000000017420-34.dat	xmrig
behavioral1/files/0x000800000001739f-22.dat	xmrig
behavioral1/memory/2572-2191-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2572-2357-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2848-3357-0x000000013F640000-0x000000013F994000-memory.dmp	xmrig
behavioral1/memory/2120-3371-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/2820-3370-0x000000013F440000-0x000000013F794000-memory.dmp	xmrig
behavioral1/memory/2504-3369-0x000000013F530000-0x000000013F884000-memory.dmp	xmrig
behavioral1/memory/1956-3356-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/1912-3355-0x000000013FEE0000-0x0000000140234000-memory.dmp	xmrig
behavioral1/memory/2516-3354-0x000000013FB50000-0x000000013FEA4000-memory.dmp	xmrig
behavioral1/memory/2824-3353-0x000000013FA60000-0x000000013FDB4000-memory.dmp	xmrig
behavioral1/memory/2760-3352-0x000000013F730000-0x000000013FA84000-memory.dmp	xmrig
behavioral1/memory/2320-3410-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2748-3427-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2504	khYFKgY.exe
2320	jRRaaCA.exe
1956	LhHEuhs.exe
2516	SIZsQWw.exe
2120	tsaqaJT.exe
2440	wPMIlBV.exe
1912	zJeMzdK.exe
2760	FjBJVHA.exe
2848	cBpNuge.exe
3036	oInbDcc.exe
2824	VxVIMAZ.exe
2748	RTHcQrG.exe
2820	PvFeDGh.exe
2788	FrxuIjv.exe
2784	rlnpDxy.exe
2780	eWwhjLV.exe
2612	qcEFneT.exe
2644	BMvIRTj.exe
2736	BpIvVvM.exe
2940	vmLLVjJ.exe
2584	nEauVdr.exe
1508	sYoQBAg.exe
1988	WDJwmOG.exe
2136	dyTNQLF.exe
2512	FHGBiGZ.exe
1636	bFEWflG.exe
2912	eWbvmxH.exe
2292	IKoHUdM.exe
2468	uNjlhhC.exe
1676	AkuJBoY.exe
2248	DQYPTmS.exe
2596	VCspVvj.exe
1596	qorSZWI.exe
2904	DwFTAgV.exe
2896	HizPHTY.exe
2968	JqzUfPH.exe
1020	RcWviYh.exe
3000	qZbnuyP.exe
396	yLUCuLP.exe
444	gTydSSe.exe
2712	YafEnQS.exe
1972	sILDxJy.exe
1600	TTzCQMm.exe
1076	jgVdWfg.exe
1216	IUAoLSj.exe
1704	fkBDSkd.exe
884	WMsuUwG.exe
264	uxNGfCw.exe
1232	YPaYzzH.exe
2960	pUJnUcI.exe
748	NIAzrzk.exe
1576	kugdtdp.exe
1520	GmPBEBs.exe
2580	ksaFDUQ.exe
3048	gXfDWXm.exe
1240	oCAVFou.exe
1692	JSBbOLK.exe
3008	uAkNAcc.exe
2340	pTjRwHE.exe
2796	HKaUOOl.exe
2836	THGTNlP.exe
2868	ahjBTnm.exe
2776	OJRDjBb.exe
2752	aHbAFgc.exe

Loads dropped DLL 64 IoCs

pid	Process
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2572-0-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x000a0000000120d5-3.dat	upx
behavioral1/files/0x0009000000017342-10.dat	upx
behavioral1/files/0x0008000000017349-14.dat	upx
behavioral1/files/0x0007000000017355-18.dat	upx
behavioral1/files/0x00070000000173a3-25.dat	upx
behavioral1/files/0x00070000000173ab-30.dat	upx
behavioral1/files/0x0007000000017429-35.dat	upx
behavioral1/files/0x0008000000017467-41.dat	upx
behavioral1/files/0x00050000000195e0-45.dat	upx
behavioral1/files/0x0005000000019bec-65.dat	upx
behavioral1/files/0x0005000000019d5c-89.dat	upx
behavioral1/files/0x000500000001a3e8-131.dat	upx
behavioral1/files/0x000500000001a3e4-124.dat	upx
behavioral1/files/0x000500000001a2b9-118.dat	upx
behavioral1/files/0x0009000000016e1d-116.dat	upx
behavioral1/files/0x000500000001a033-112.dat	upx
behavioral1/files/0x000500000001a05a-109.dat	upx
behavioral1/files/0x000500000001a020-103.dat	upx
behavioral1/files/0x0005000000019f57-97.dat	upx
behavioral1/files/0x000500000001a3ea-134.dat	upx
behavioral1/files/0x000500000001a3e6-130.dat	upx
behavioral1/files/0x000500000001a2fc-122.dat	upx
behavioral1/files/0x0005000000019f71-101.dat	upx
behavioral1/memory/2320-534-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2516-571-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2824-611-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2504-667-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/2788-643-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2820-641-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2748-639-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/3036-592-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/memory/2848-586-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2760-584-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/1912-582-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2440-580-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/2120-578-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/1956-557-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/files/0x0005000000019d69-93.dat	upx
behavioral1/files/0x0005000000019cfc-85.dat	upx
behavioral1/files/0x0005000000019cd5-81.dat	upx
behavioral1/files/0x0005000000019c0b-77.dat	upx
behavioral1/files/0x0005000000019bf2-73.dat	upx
behavioral1/files/0x0005000000019bf0-70.dat	upx
behavioral1/files/0x0005000000019931-61.dat	upx
behavioral1/files/0x00050000000196a0-57.dat	upx
behavioral1/files/0x0005000000019665-53.dat	upx
behavioral1/files/0x0005000000019624-49.dat	upx
behavioral1/files/0x0007000000017420-34.dat	upx
behavioral1/files/0x000800000001739f-22.dat	upx
behavioral1/memory/2572-2191-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2848-3357-0x000000013F640000-0x000000013F994000-memory.dmp	upx
behavioral1/memory/2120-3371-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2820-3370-0x000000013F440000-0x000000013F794000-memory.dmp	upx
behavioral1/memory/2504-3369-0x000000013F530000-0x000000013F884000-memory.dmp	upx
behavioral1/memory/1956-3356-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/1912-3355-0x000000013FEE0000-0x0000000140234000-memory.dmp	upx
behavioral1/memory/2516-3354-0x000000013FB50000-0x000000013FEA4000-memory.dmp	upx
behavioral1/memory/2824-3353-0x000000013FA60000-0x000000013FDB4000-memory.dmp	upx
behavioral1/memory/2760-3352-0x000000013F730000-0x000000013FA84000-memory.dmp	upx
behavioral1/memory/2320-3410-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2748-3427-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/2440-3392-0x000000013F3D0000-0x000000013F724000-memory.dmp	upx
behavioral1/memory/3036-3394-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PVKQRNJ.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ilTQkUE.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GMNNQWB.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOjVQBA.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mabylOs.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cqERbGe.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ARgeWza.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HKaUOOl.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZvpOgpX.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\flZJlcL.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fdzEwcQ.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OwNBzVU.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MDNbMMd.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBIZCNO.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqQrgZs.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDUpWht.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NPyFyXv.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OckZvmP.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sklggko.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WBzJfSi.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrrmHDT.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvxNbiu.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bgDTwKD.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jLWdARc.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bDNMqbO.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQYraky.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfzkQdj.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vEEgAik.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VxVIMAZ.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JWVJjov.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVdmwWR.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VIOWvrA.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKShXgH.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iYnMMXw.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gJvmqWX.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oIVoLSk.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hgAkYlU.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cVDRJXq.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ubOwIHJ.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywHVksd.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tXjcjdq.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oRIZOmO.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idUdaXX.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\faHzsRM.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XaZHexH.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NNwdhRo.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\myTilar.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQOlnDH.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ccjLxIY.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rlQWJSJ.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qKgTyWr.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jJQokGu.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HMmcXiW.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qaLVSlP.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LTLiwFY.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gLRkyWi.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MrKwkAH.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NIAzrzk.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lKHUGkO.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HJRYosa.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LskaWCl.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qscQQoI.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhArppI.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsupQMq.exe	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2504	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2572 wrote to memory of 2504	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2572 wrote to memory of 2504	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2572 wrote to memory of 2320	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2572 wrote to memory of 2320	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2572 wrote to memory of 2320	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2572 wrote to memory of 1956	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2572 wrote to memory of 1956	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2572 wrote to memory of 1956	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2572 wrote to memory of 2516	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2572 wrote to memory of 2516	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2572 wrote to memory of 2516	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2572 wrote to memory of 2120	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2572 wrote to memory of 2120	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2572 wrote to memory of 2120	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2572 wrote to memory of 2440	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2572 wrote to memory of 2440	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2572 wrote to memory of 2440	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2572 wrote to memory of 1912	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2572 wrote to memory of 1912	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2572 wrote to memory of 1912	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2572 wrote to memory of 2760	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2572 wrote to memory of 2760	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2572 wrote to memory of 2760	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2572 wrote to memory of 2848	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2572 wrote to memory of 2848	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2572 wrote to memory of 2848	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2572 wrote to memory of 3036	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2572 wrote to memory of 3036	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2572 wrote to memory of 3036	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2572 wrote to memory of 2824	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2572 wrote to memory of 2824	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2572 wrote to memory of 2824	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2572 wrote to memory of 2748	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2572 wrote to memory of 2748	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2572 wrote to memory of 2748	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2572 wrote to memory of 2820	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2572 wrote to memory of 2820	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2572 wrote to memory of 2820	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2572 wrote to memory of 2788	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2572 wrote to memory of 2788	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2572 wrote to memory of 2788	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2572 wrote to memory of 2784	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2572 wrote to memory of 2784	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2572 wrote to memory of 2784	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2572 wrote to memory of 2780	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2572 wrote to memory of 2780	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2572 wrote to memory of 2780	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2572 wrote to memory of 2612	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2572 wrote to memory of 2612	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2572 wrote to memory of 2612	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2572 wrote to memory of 2644	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2572 wrote to memory of 2644	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2572 wrote to memory of 2644	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2572 wrote to memory of 2736	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2572 wrote to memory of 2736	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2572 wrote to memory of 2736	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2572 wrote to memory of 2940	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2572 wrote to memory of 2940	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2572 wrote to memory of 2940	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2572 wrote to memory of 2584	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2572 wrote to memory of 2584	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2572 wrote to memory of 2584	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2572 wrote to memory of 1508	2572	2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_d832caa700d3b09933a8260d6cb4d0dd_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Windows\System\khYFKgY.exe
  C:\Windows\System\khYFKgY.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\jRRaaCA.exe
  C:\Windows\System\jRRaaCA.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\LhHEuhs.exe
  C:\Windows\System\LhHEuhs.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\SIZsQWw.exe
  C:\Windows\System\SIZsQWw.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\tsaqaJT.exe
  C:\Windows\System\tsaqaJT.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\wPMIlBV.exe
  C:\Windows\System\wPMIlBV.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\zJeMzdK.exe
  C:\Windows\System\zJeMzdK.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\FjBJVHA.exe
  C:\Windows\System\FjBJVHA.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\cBpNuge.exe
  C:\Windows\System\cBpNuge.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\oInbDcc.exe
  C:\Windows\System\oInbDcc.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\VxVIMAZ.exe
  C:\Windows\System\VxVIMAZ.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\RTHcQrG.exe
  C:\Windows\System\RTHcQrG.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\PvFeDGh.exe
  C:\Windows\System\PvFeDGh.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\FrxuIjv.exe
  C:\Windows\System\FrxuIjv.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\rlnpDxy.exe
  C:\Windows\System\rlnpDxy.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\eWwhjLV.exe
  C:\Windows\System\eWwhjLV.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\qcEFneT.exe
  C:\Windows\System\qcEFneT.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\BMvIRTj.exe
  C:\Windows\System\BMvIRTj.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\BpIvVvM.exe
  C:\Windows\System\BpIvVvM.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\vmLLVjJ.exe
  C:\Windows\System\vmLLVjJ.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\nEauVdr.exe
  C:\Windows\System\nEauVdr.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\sYoQBAg.exe
  C:\Windows\System\sYoQBAg.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\WDJwmOG.exe
  C:\Windows\System\WDJwmOG.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\dyTNQLF.exe
  C:\Windows\System\dyTNQLF.exe
  2⤵
  - Executes dropped EXE
  PID:2136
- C:\Windows\System\FHGBiGZ.exe
  C:\Windows\System\FHGBiGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\qorSZWI.exe
  C:\Windows\System\qorSZWI.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\bFEWflG.exe
  C:\Windows\System\bFEWflG.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\DwFTAgV.exe
  C:\Windows\System\DwFTAgV.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\eWbvmxH.exe
  C:\Windows\System\eWbvmxH.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\HizPHTY.exe
  C:\Windows\System\HizPHTY.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\IKoHUdM.exe
  C:\Windows\System\IKoHUdM.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\JqzUfPH.exe
  C:\Windows\System\JqzUfPH.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\uNjlhhC.exe
  C:\Windows\System\uNjlhhC.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\qZbnuyP.exe
  C:\Windows\System\qZbnuyP.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\AkuJBoY.exe
  C:\Windows\System\AkuJBoY.exe
  2⤵
  - Executes dropped EXE
  PID:1676
- C:\Windows\System\yLUCuLP.exe
  C:\Windows\System\yLUCuLP.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\DQYPTmS.exe
  C:\Windows\System\DQYPTmS.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\gTydSSe.exe
  C:\Windows\System\gTydSSe.exe
  2⤵
  - Executes dropped EXE
  PID:444
- C:\Windows\System\VCspVvj.exe
  C:\Windows\System\VCspVvj.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\YafEnQS.exe
  C:\Windows\System\YafEnQS.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\RcWviYh.exe
  C:\Windows\System\RcWviYh.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\sILDxJy.exe
  C:\Windows\System\sILDxJy.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\TTzCQMm.exe
  C:\Windows\System\TTzCQMm.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\jgVdWfg.exe
  C:\Windows\System\jgVdWfg.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\IUAoLSj.exe
  C:\Windows\System\IUAoLSj.exe
  2⤵
  - Executes dropped EXE
  PID:1216
- C:\Windows\System\fkBDSkd.exe
  C:\Windows\System\fkBDSkd.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\WMsuUwG.exe
  C:\Windows\System\WMsuUwG.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\uxNGfCw.exe
  C:\Windows\System\uxNGfCw.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\YPaYzzH.exe
  C:\Windows\System\YPaYzzH.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\pUJnUcI.exe
  C:\Windows\System\pUJnUcI.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\NIAzrzk.exe
  C:\Windows\System\NIAzrzk.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\kugdtdp.exe
  C:\Windows\System\kugdtdp.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\GmPBEBs.exe
  C:\Windows\System\GmPBEBs.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\ksaFDUQ.exe
  C:\Windows\System\ksaFDUQ.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\gXfDWXm.exe
  C:\Windows\System\gXfDWXm.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\oCAVFou.exe
  C:\Windows\System\oCAVFou.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\JSBbOLK.exe
  C:\Windows\System\JSBbOLK.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\uAkNAcc.exe
  C:\Windows\System\uAkNAcc.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\pTjRwHE.exe
  C:\Windows\System\pTjRwHE.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\HKaUOOl.exe
  C:\Windows\System\HKaUOOl.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\THGTNlP.exe
  C:\Windows\System\THGTNlP.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\ahjBTnm.exe
  C:\Windows\System\ahjBTnm.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\OJRDjBb.exe
  C:\Windows\System\OJRDjBb.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\aHbAFgc.exe
  C:\Windows\System\aHbAFgc.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\tlXRbMT.exe
  C:\Windows\System\tlXRbMT.exe
  2⤵
  PID:2676
- C:\Windows\System\cWZFYjg.exe
  C:\Windows\System\cWZFYjg.exe
  2⤵
  PID:848
- C:\Windows\System\NAxGRBH.exe
  C:\Windows\System\NAxGRBH.exe
  2⤵
  PID:1940
- C:\Windows\System\jaRXUae.exe
  C:\Windows\System\jaRXUae.exe
  2⤵
  PID:2188
- C:\Windows\System\zWFLRZd.exe
  C:\Windows\System\zWFLRZd.exe
  2⤵
  PID:2688
- C:\Windows\System\BQOlnDH.exe
  C:\Windows\System\BQOlnDH.exe
  2⤵
  PID:1828
- C:\Windows\System\PgJRFim.exe
  C:\Windows\System\PgJRFim.exe
  2⤵
  PID:3040
- C:\Windows\System\kBndlcM.exe
  C:\Windows\System\kBndlcM.exe
  2⤵
  PID:296
- C:\Windows\System\oABGbPp.exe
  C:\Windows\System\oABGbPp.exe
  2⤵
  PID:2208
- C:\Windows\System\xCrlbpj.exe
  C:\Windows\System\xCrlbpj.exe
  2⤵
  PID:2592
- C:\Windows\System\wRjvQev.exe
  C:\Windows\System\wRjvQev.exe
  2⤵
  PID:1028
- C:\Windows\System\EqUNXhU.exe
  C:\Windows\System\EqUNXhU.exe
  2⤵
  PID:3052
- C:\Windows\System\gZDraXW.exe
  C:\Windows\System\gZDraXW.exe
  2⤵
  PID:2480
- C:\Windows\System\Ijucxjg.exe
  C:\Windows\System\Ijucxjg.exe
  2⤵
  PID:1356
- C:\Windows\System\wKZRjjo.exe
  C:\Windows\System\wKZRjjo.exe
  2⤵
  PID:2080
- C:\Windows\System\ibHUOka.exe
  C:\Windows\System\ibHUOka.exe
  2⤵
  PID:940
- C:\Windows\System\ptsKkoq.exe
  C:\Windows\System\ptsKkoq.exe
  2⤵
  PID:2060
- C:\Windows\System\jkolDoa.exe
  C:\Windows\System\jkolDoa.exe
  2⤵
  PID:2544
- C:\Windows\System\mDdVags.exe
  C:\Windows\System\mDdVags.exe
  2⤵
  PID:2008
- C:\Windows\System\UlsBeTX.exe
  C:\Windows\System\UlsBeTX.exe
  2⤵
  PID:2460
- C:\Windows\System\VPlbCwE.exe
  C:\Windows\System\VPlbCwE.exe
  2⤵
  PID:1644
- C:\Windows\System\vPEzMsn.exe
  C:\Windows\System\vPEzMsn.exe
  2⤵
  PID:2092
- C:\Windows\System\RhoLGSP.exe
  C:\Windows\System\RhoLGSP.exe
  2⤵
  PID:1984
- C:\Windows\System\AXlfEvB.exe
  C:\Windows\System\AXlfEvB.exe
  2⤵
  PID:1480
- C:\Windows\System\UdxEdYG.exe
  C:\Windows\System\UdxEdYG.exe
  2⤵
  PID:868
- C:\Windows\System\tgMbVHU.exe
  C:\Windows\System\tgMbVHU.exe
  2⤵
  PID:2540
- C:\Windows\System\DAzPYHV.exe
  C:\Windows\System\DAzPYHV.exe
  2⤵
  PID:1556
- C:\Windows\System\CqSyMeJ.exe
  C:\Windows\System\CqSyMeJ.exe
  2⤵
  PID:2332
- C:\Windows\System\vLCxERP.exe
  C:\Windows\System\vLCxERP.exe
  2⤵
  PID:2240
- C:\Windows\System\NRArGzH.exe
  C:\Windows\System\NRArGzH.exe
  2⤵
  PID:2648
- C:\Windows\System\iVUspua.exe
  C:\Windows\System\iVUspua.exe
  2⤵
  PID:1976
- C:\Windows\System\VRSzYyj.exe
  C:\Windows\System\VRSzYyj.exe
  2⤵
  PID:2304
- C:\Windows\System\xmkxRfk.exe
  C:\Windows\System\xmkxRfk.exe
  2⤵
  PID:2436
- C:\Windows\System\uJenxfT.exe
  C:\Windows\System\uJenxfT.exe
  2⤵
  PID:352
- C:\Windows\System\ilTQkUE.exe
  C:\Windows\System\ilTQkUE.exe
  2⤵
  PID:2992
- C:\Windows\System\pHENsvN.exe
  C:\Windows\System\pHENsvN.exe
  2⤵
  PID:980
- C:\Windows\System\ZvpOgpX.exe
  C:\Windows\System\ZvpOgpX.exe
  2⤵
  PID:2900
- C:\Windows\System\QZGuQeA.exe
  C:\Windows\System\QZGuQeA.exe
  2⤵
  PID:1460
- C:\Windows\System\pVXcAwU.exe
  C:\Windows\System\pVXcAwU.exe
  2⤵
  PID:1316
- C:\Windows\System\ljlBHNu.exe
  C:\Windows\System\ljlBHNu.exe
  2⤵
  PID:812
- C:\Windows\System\hPuXcgG.exe
  C:\Windows\System\hPuXcgG.exe
  2⤵
  PID:2312
- C:\Windows\System\zmcpXQH.exe
  C:\Windows\System\zmcpXQH.exe
  2⤵
  PID:2552
- C:\Windows\System\fLBomsX.exe
  C:\Windows\System\fLBomsX.exe
  2⤵
  PID:1464
- C:\Windows\System\OLnJyaT.exe
  C:\Windows\System\OLnJyaT.exe
  2⤵
  PID:2328
- C:\Windows\System\ndNySfM.exe
  C:\Windows\System\ndNySfM.exe
  2⤵
  PID:1620
- C:\Windows\System\bPSnxBs.exe
  C:\Windows\System\bPSnxBs.exe
  2⤵
  PID:620
- C:\Windows\System\oPxvXFz.exe
  C:\Windows\System\oPxvXFz.exe
  2⤵
  PID:2204
- C:\Windows\System\rPyIcxL.exe
  C:\Windows\System\rPyIcxL.exe
  2⤵
  PID:1592
- C:\Windows\System\JWVJjov.exe
  C:\Windows\System\JWVJjov.exe
  2⤵
  PID:2864
- C:\Windows\System\aTBlKks.exe
  C:\Windows\System\aTBlKks.exe
  2⤵
  PID:3084
- C:\Windows\System\ZmkNUIl.exe
  C:\Windows\System\ZmkNUIl.exe
  2⤵
  PID:3104
- C:\Windows\System\cqEbpdm.exe
  C:\Windows\System\cqEbpdm.exe
  2⤵
  PID:3128
- C:\Windows\System\siwubpU.exe
  C:\Windows\System\siwubpU.exe
  2⤵
  PID:3148
- C:\Windows\System\OkgIWvv.exe
  C:\Windows\System\OkgIWvv.exe
  2⤵
  PID:3164
- C:\Windows\System\DVesiIx.exe
  C:\Windows\System\DVesiIx.exe
  2⤵
  PID:3184
- C:\Windows\System\nVCcQcm.exe
  C:\Windows\System\nVCcQcm.exe
  2⤵
  PID:3208
- C:\Windows\System\UMAxuOZ.exe
  C:\Windows\System\UMAxuOZ.exe
  2⤵
  PID:3228
- C:\Windows\System\itbFvrO.exe
  C:\Windows\System\itbFvrO.exe
  2⤵
  PID:3244
- C:\Windows\System\GfkKGuJ.exe
  C:\Windows\System\GfkKGuJ.exe
  2⤵
  PID:3260
- C:\Windows\System\Cgcuncm.exe
  C:\Windows\System\Cgcuncm.exe
  2⤵
  PID:3284
- C:\Windows\System\rSIaPxj.exe
  C:\Windows\System\rSIaPxj.exe
  2⤵
  PID:3308
- C:\Windows\System\EMdMTsi.exe
  C:\Windows\System\EMdMTsi.exe
  2⤵
  PID:3328
- C:\Windows\System\nKApntt.exe
  C:\Windows\System\nKApntt.exe
  2⤵
  PID:3344
- C:\Windows\System\HfcOgZW.exe
  C:\Windows\System\HfcOgZW.exe
  2⤵
  PID:3364
- C:\Windows\System\GUCBrch.exe
  C:\Windows\System\GUCBrch.exe
  2⤵
  PID:3384
- C:\Windows\System\EFHeDgx.exe
  C:\Windows\System\EFHeDgx.exe
  2⤵
  PID:3400
- C:\Windows\System\qEpuVdH.exe
  C:\Windows\System\qEpuVdH.exe
  2⤵
  PID:3428
- C:\Windows\System\ccjLxIY.exe
  C:\Windows\System\ccjLxIY.exe
  2⤵
  PID:3444
- C:\Windows\System\rlQWJSJ.exe
  C:\Windows\System\rlQWJSJ.exe
  2⤵
  PID:3464
- C:\Windows\System\rYsAsjh.exe
  C:\Windows\System\rYsAsjh.exe
  2⤵
  PID:3484
- C:\Windows\System\eLOTZQA.exe
  C:\Windows\System\eLOTZQA.exe
  2⤵
  PID:3504
- C:\Windows\System\VQocFVF.exe
  C:\Windows\System\VQocFVF.exe
  2⤵
  PID:3528
- C:\Windows\System\EHpQSkH.exe
  C:\Windows\System\EHpQSkH.exe
  2⤵
  PID:3544
- C:\Windows\System\BJqjTWf.exe
  C:\Windows\System\BJqjTWf.exe
  2⤵
  PID:3564
- C:\Windows\System\kOToMvv.exe
  C:\Windows\System\kOToMvv.exe
  2⤵
  PID:3584
- C:\Windows\System\oNLcjIx.exe
  C:\Windows\System\oNLcjIx.exe
  2⤵
  PID:3600
- C:\Windows\System\uRweBcs.exe
  C:\Windows\System\uRweBcs.exe
  2⤵
  PID:3624
- C:\Windows\System\cmpjZOp.exe
  C:\Windows\System\cmpjZOp.exe
  2⤵
  PID:3648
- C:\Windows\System\AKsmxvJ.exe
  C:\Windows\System\AKsmxvJ.exe
  2⤵
  PID:3668
- C:\Windows\System\xCKKdRE.exe
  C:\Windows\System\xCKKdRE.exe
  2⤵
  PID:3684
- C:\Windows\System\YquTYPd.exe
  C:\Windows\System\YquTYPd.exe
  2⤵
  PID:3704
- C:\Windows\System\XlrYBPm.exe
  C:\Windows\System\XlrYBPm.exe
  2⤵
  PID:3728
- C:\Windows\System\BIcRKFu.exe
  C:\Windows\System\BIcRKFu.exe
  2⤵
  PID:3748
- C:\Windows\System\WijIWKf.exe
  C:\Windows\System\WijIWKf.exe
  2⤵
  PID:3764
- C:\Windows\System\cMLuvqa.exe
  C:\Windows\System\cMLuvqa.exe
  2⤵
  PID:3784
- C:\Windows\System\PRMnZyR.exe
  C:\Windows\System\PRMnZyR.exe
  2⤵
  PID:3804
- C:\Windows\System\QObrfgc.exe
  C:\Windows\System\QObrfgc.exe
  2⤵
  PID:3824
- C:\Windows\System\JFnLHDJ.exe
  C:\Windows\System\JFnLHDJ.exe
  2⤵
  PID:3844
- C:\Windows\System\nfEkSIy.exe
  C:\Windows\System\nfEkSIy.exe
  2⤵
  PID:3872
- C:\Windows\System\SvJjlIt.exe
  C:\Windows\System\SvJjlIt.exe
  2⤵
  PID:3892
- C:\Windows\System\lxVPItw.exe
  C:\Windows\System\lxVPItw.exe
  2⤵
  PID:3912
- C:\Windows\System\AIoXqBE.exe
  C:\Windows\System\AIoXqBE.exe
  2⤵
  PID:3928
- C:\Windows\System\ZdUuCZw.exe
  C:\Windows\System\ZdUuCZw.exe
  2⤵
  PID:3944
- C:\Windows\System\TjFMbRl.exe
  C:\Windows\System\TjFMbRl.exe
  2⤵
  PID:3964
- C:\Windows\System\BTCmMkk.exe
  C:\Windows\System\BTCmMkk.exe
  2⤵
  PID:3980
- C:\Windows\System\flZJlcL.exe
  C:\Windows\System\flZJlcL.exe
  2⤵
  PID:3996
- C:\Windows\System\YLieAjm.exe
  C:\Windows\System\YLieAjm.exe
  2⤵
  PID:4012
- C:\Windows\System\lbQCsEp.exe
  C:\Windows\System\lbQCsEp.exe
  2⤵
  PID:4032
- C:\Windows\System\ywHVksd.exe
  C:\Windows\System\ywHVksd.exe
  2⤵
  PID:4052
- C:\Windows\System\wucxBjm.exe
  C:\Windows\System\wucxBjm.exe
  2⤵
  PID:4068
- C:\Windows\System\KjNlKHV.exe
  C:\Windows\System\KjNlKHV.exe
  2⤵
  PID:4088
- C:\Windows\System\sTTlsoF.exe
  C:\Windows\System\sTTlsoF.exe
  2⤵
  PID:2888
- C:\Windows\System\wMokFvY.exe
  C:\Windows\System\wMokFvY.exe
  2⤵
  PID:112
- C:\Windows\System\tBxNXlo.exe
  C:\Windows\System\tBxNXlo.exe
  2⤵
  PID:2272
- C:\Windows\System\VdabBmK.exe
  C:\Windows\System\VdabBmK.exe
  2⤵
  PID:1588
- C:\Windows\System\TKcSaXS.exe
  C:\Windows\System\TKcSaXS.exe
  2⤵
  PID:2372
- C:\Windows\System\ENXoYYU.exe
  C:\Windows\System\ENXoYYU.exe
  2⤵
  PID:1288
- C:\Windows\System\aeyhvOC.exe
  C:\Windows\System\aeyhvOC.exe
  2⤵
  PID:2456
- C:\Windows\System\wvmPVvC.exe
  C:\Windows\System\wvmPVvC.exe
  2⤵
  PID:2928
- C:\Windows\System\OOhAuRu.exe
  C:\Windows\System\OOhAuRu.exe
  2⤵
  PID:3136
- C:\Windows\System\fdzEwcQ.exe
  C:\Windows\System\fdzEwcQ.exe
  2⤵
  PID:3140
- C:\Windows\System\STilVvM.exe
  C:\Windows\System\STilVvM.exe
  2⤵
  PID:3176
- C:\Windows\System\KlifmWR.exe
  C:\Windows\System\KlifmWR.exe
  2⤵
  PID:3192
- C:\Windows\System\NfMaknd.exe
  C:\Windows\System\NfMaknd.exe
  2⤵
  PID:3200
- C:\Windows\System\fhrLVRf.exe
  C:\Windows\System\fhrLVRf.exe
  2⤵
  PID:3236
- C:\Windows\System\nVdmwWR.exe
  C:\Windows\System\nVdmwWR.exe
  2⤵
  PID:3304
- C:\Windows\System\IUEBrpk.exe
  C:\Windows\System\IUEBrpk.exe
  2⤵
  PID:3280
- C:\Windows\System\fQscCoU.exe
  C:\Windows\System\fQscCoU.exe
  2⤵
  PID:3320
- C:\Windows\System\SyCapWX.exe
  C:\Windows\System\SyCapWX.exe
  2⤵
  PID:3408
- C:\Windows\System\TaEWLAe.exe
  C:\Windows\System\TaEWLAe.exe
  2⤵
  PID:3412
- C:\Windows\System\vhAbknG.exe
  C:\Windows\System\vhAbknG.exe
  2⤵
  PID:3352
- C:\Windows\System\YIBlVmB.exe
  C:\Windows\System\YIBlVmB.exe
  2⤵
  PID:3436
- C:\Windows\System\pVcKBmP.exe
  C:\Windows\System\pVcKBmP.exe
  2⤵
  PID:3476
- C:\Windows\System\EGGhysa.exe
  C:\Windows\System\EGGhysa.exe
  2⤵
  PID:3512
- C:\Windows\System\prZMVVF.exe
  C:\Windows\System\prZMVVF.exe
  2⤵
  PID:3540
- C:\Windows\System\ndfHaKO.exe
  C:\Windows\System\ndfHaKO.exe
  2⤵
  PID:3560
- C:\Windows\System\AOlXgaq.exe
  C:\Windows\System\AOlXgaq.exe
  2⤵
  PID:3620
- C:\Windows\System\xAIALFB.exe
  C:\Windows\System\xAIALFB.exe
  2⤵
  PID:3632
- C:\Windows\System\LjKaoPG.exe
  C:\Windows\System\LjKaoPG.exe
  2⤵
  PID:3664
- C:\Windows\System\lCFyGtr.exe
  C:\Windows\System\lCFyGtr.exe
  2⤵
  PID:3692
- C:\Windows\System\JpxFItZ.exe
  C:\Windows\System\JpxFItZ.exe
  2⤵
  PID:3696
- C:\Windows\System\xFHvMUU.exe
  C:\Windows\System\xFHvMUU.exe
  2⤵
  PID:3736
- C:\Windows\System\kmFLwtG.exe
  C:\Windows\System\kmFLwtG.exe
  2⤵
  PID:3796
- C:\Windows\System\tIMLbsF.exe
  C:\Windows\System\tIMLbsF.exe
  2⤵
  PID:3816
- C:\Windows\System\bdHpobC.exe
  C:\Windows\System\bdHpobC.exe
  2⤵
  PID:3832
- C:\Windows\System\rlkpRFn.exe
  C:\Windows\System\rlkpRFn.exe
  2⤵
  PID:2416
- C:\Windows\System\oVuzMuZ.exe
  C:\Windows\System\oVuzMuZ.exe
  2⤵
  PID:3012
- C:\Windows\System\CVYanTd.exe
  C:\Windows\System\CVYanTd.exe
  2⤵
  PID:2632
- C:\Windows\System\XVGARFL.exe
  C:\Windows\System\XVGARFL.exe
  2⤵
  PID:2348
- C:\Windows\System\IESWqxl.exe
  C:\Windows\System\IESWqxl.exe
  2⤵
  PID:2700
- C:\Windows\System\qDYQIBi.exe
  C:\Windows\System\qDYQIBi.exe
  2⤵
  PID:1964
- C:\Windows\System\zFUGLSQ.exe
  C:\Windows\System\zFUGLSQ.exe
  2⤵
  PID:2276
- C:\Windows\System\RuNvxpp.exe
  C:\Windows\System\RuNvxpp.exe
  2⤵
  PID:3868
- C:\Windows\System\RfEKUpH.exe
  C:\Windows\System\RfEKUpH.exe
  2⤵
  PID:2324
- C:\Windows\System\IWxhSgb.exe
  C:\Windows\System\IWxhSgb.exe
  2⤵
  PID:2396
- C:\Windows\System\VIOWvrA.exe
  C:\Windows\System\VIOWvrA.exe
  2⤵
  PID:2508
- C:\Windows\System\DCzHjNp.exe
  C:\Windows\System\DCzHjNp.exe
  2⤵
  PID:2228
- C:\Windows\System\vQOjgqi.exe
  C:\Windows\System\vQOjgqi.exe
  2⤵
  PID:2620
- C:\Windows\System\ZSBthst.exe
  C:\Windows\System\ZSBthst.exe
  2⤵
  PID:2444
- C:\Windows\System\bfijUZK.exe
  C:\Windows\System\bfijUZK.exe
  2⤵
  PID:2336
- C:\Windows\System\fkkHrbP.exe
  C:\Windows\System\fkkHrbP.exe
  2⤵
  PID:2664
- C:\Windows\System\cgEVGei.exe
  C:\Windows\System\cgEVGei.exe
  2⤵
  PID:3956
- C:\Windows\System\GMNNQWB.exe
  C:\Windows\System\GMNNQWB.exe
  2⤵
  PID:3908
- C:\Windows\System\BTUypta.exe
  C:\Windows\System\BTUypta.exe
  2⤵
  PID:4004
- C:\Windows\System\dPLOwGt.exe
  C:\Windows\System\dPLOwGt.exe
  2⤵
  PID:4048
- C:\Windows\System\PxSEPZG.exe
  C:\Windows\System\PxSEPZG.exe
  2⤵
  PID:2628
- C:\Windows\System\KNdxEcm.exe
  C:\Windows\System\KNdxEcm.exe
  2⤵
  PID:2920
- C:\Windows\System\msAxbEO.exe
  C:\Windows\System\msAxbEO.exe
  2⤵
  PID:3992
- C:\Windows\System\QVkAZIk.exe
  C:\Windows\System\QVkAZIk.exe
  2⤵
  PID:3936
- C:\Windows\System\HLiSSKQ.exe
  C:\Windows\System\HLiSSKQ.exe
  2⤵
  PID:348
- C:\Windows\System\TXFTUsL.exe
  C:\Windows\System\TXFTUsL.exe
  2⤵
  PID:876
- C:\Windows\System\KWuLbkH.exe
  C:\Windows\System\KWuLbkH.exe
  2⤵
  PID:2548
- C:\Windows\System\UoPyPMr.exe
  C:\Windows\System\UoPyPMr.exe
  2⤵
  PID:2156
- C:\Windows\System\AWGJPeS.exe
  C:\Windows\System\AWGJPeS.exe
  2⤵
  PID:3120
- C:\Windows\System\JhEeXRo.exe
  C:\Windows\System\JhEeXRo.exe
  2⤵
  PID:3340
- C:\Windows\System\TNpQdsR.exe
  C:\Windows\System\TNpQdsR.exe
  2⤵
  PID:3080
- C:\Windows\System\JSiQpAv.exe
  C:\Windows\System\JSiQpAv.exe
  2⤵
  PID:3224
- C:\Windows\System\PhNvYGq.exe
  C:\Windows\System\PhNvYGq.exe
  2⤵
  PID:3272
- C:\Windows\System\BLAkDFU.exe
  C:\Windows\System\BLAkDFU.exe
  2⤵
  PID:3392
- C:\Windows\System\aHYVcCi.exe
  C:\Windows\System\aHYVcCi.exe
  2⤵
  PID:3524
- C:\Windows\System\wdYIPLL.exe
  C:\Windows\System\wdYIPLL.exe
  2⤵
  PID:3636
- C:\Windows\System\xxmHbMb.exe
  C:\Windows\System\xxmHbMb.exe
  2⤵
  PID:3744
- C:\Windows\System\QXaahwF.exe
  C:\Windows\System\QXaahwF.exe
  2⤵
  PID:3580
- C:\Windows\System\SxBxwZn.exe
  C:\Windows\System\SxBxwZn.exe
  2⤵
  PID:3552
- C:\Windows\System\uviVooT.exe
  C:\Windows\System\uviVooT.exe
  2⤵
  PID:3644
- C:\Windows\System\kpmgzJl.exe
  C:\Windows\System\kpmgzJl.exe
  2⤵
  PID:3792
- C:\Windows\System\AjjWfiq.exe
  C:\Windows\System\AjjWfiq.exe
  2⤵
  PID:2148
- C:\Windows\System\nJaRWKb.exe
  C:\Windows\System\nJaRWKb.exe
  2⤵
  PID:2996
- C:\Windows\System\EWFuNKX.exe
  C:\Windows\System\EWFuNKX.exe
  2⤵
  PID:2668
- C:\Windows\System\WRjCBdc.exe
  C:\Windows\System\WRjCBdc.exe
  2⤵
  PID:3864
- C:\Windows\System\TrzGaVS.exe
  C:\Windows\System\TrzGaVS.exe
  2⤵
  PID:2852
- C:\Windows\System\REkkUul.exe
  C:\Windows\System\REkkUul.exe
  2⤵
  PID:3888
- C:\Windows\System\pfwlmeA.exe
  C:\Windows\System\pfwlmeA.exe
  2⤵
  PID:1268
- C:\Windows\System\ZUsWHbM.exe
  C:\Windows\System\ZUsWHbM.exe
  2⤵
  PID:2680
- C:\Windows\System\KmhOASH.exe
  C:\Windows\System\KmhOASH.exe
  2⤵
  PID:3988
- C:\Windows\System\tZfKXsx.exe
  C:\Windows\System\tZfKXsx.exe
  2⤵
  PID:4040
- C:\Windows\System\qgzsTNW.exe
  C:\Windows\System\qgzsTNW.exe
  2⤵
  PID:4084
- C:\Windows\System\rLtIgRW.exe
  C:\Windows\System\rLtIgRW.exe
  2⤵
  PID:4024
- C:\Windows\System\tGmFkcn.exe
  C:\Windows\System\tGmFkcn.exe
  2⤵
  PID:2484
- C:\Windows\System\dDmbyCd.exe
  C:\Windows\System\dDmbyCd.exe
  2⤵
  PID:1724
- C:\Windows\System\lmmawIa.exe
  C:\Windows\System\lmmawIa.exe
  2⤵
  PID:3240
- C:\Windows\System\KvvEylh.exe
  C:\Windows\System\KvvEylh.exe
  2⤵
  PID:3300
- C:\Windows\System\lFIULPT.exe
  C:\Windows\System\lFIULPT.exe
  2⤵
  PID:3376
- C:\Windows\System\lsaxFRK.exe
  C:\Windows\System\lsaxFRK.exe
  2⤵
  PID:3500
- C:\Windows\System\GkYXIQr.exe
  C:\Windows\System\GkYXIQr.exe
  2⤵
  PID:3700
- C:\Windows\System\rfjndtE.exe
  C:\Windows\System\rfjndtE.exe
  2⤵
  PID:3556
- C:\Windows\System\IgyYwtk.exe
  C:\Windows\System\IgyYwtk.exe
  2⤵
  PID:2756
- C:\Windows\System\DzguMmd.exe
  C:\Windows\System\DzguMmd.exe
  2⤵
  PID:2364
- C:\Windows\System\nzurwIP.exe
  C:\Windows\System\nzurwIP.exe
  2⤵
  PID:1948
- C:\Windows\System\wwLUKCW.exe
  C:\Windows\System\wwLUKCW.exe
  2⤵
  PID:1968
- C:\Windows\System\ovxmPzZ.exe
  C:\Windows\System\ovxmPzZ.exe
  2⤵
  PID:3640
- C:\Windows\System\Kbhhwff.exe
  C:\Windows\System\Kbhhwff.exe
  2⤵
  PID:4168
- C:\Windows\System\XOJjJih.exe
  C:\Windows\System\XOJjJih.exe
  2⤵
  PID:4184
- C:\Windows\System\navSjMw.exe
  C:\Windows\System\navSjMw.exe
  2⤵
  PID:4200
- C:\Windows\System\NWDUshe.exe
  C:\Windows\System\NWDUshe.exe
  2⤵
  PID:4216
- C:\Windows\System\zjhybrH.exe
  C:\Windows\System\zjhybrH.exe
  2⤵
  PID:4260
- C:\Windows\System\iOydgoI.exe
  C:\Windows\System\iOydgoI.exe
  2⤵
  PID:4276
- C:\Windows\System\DFchodf.exe
  C:\Windows\System\DFchodf.exe
  2⤵
  PID:4336
- C:\Windows\System\vLoAuXQ.exe
  C:\Windows\System\vLoAuXQ.exe
  2⤵
  PID:4352
- C:\Windows\System\epXWRGy.exe
  C:\Windows\System\epXWRGy.exe
  2⤵
  PID:4412
- C:\Windows\System\rZxQcOx.exe
  C:\Windows\System\rZxQcOx.exe
  2⤵
  PID:4436
- C:\Windows\System\FBXvYcQ.exe
  C:\Windows\System\FBXvYcQ.exe
  2⤵
  PID:4636
- C:\Windows\System\VeBqrpK.exe
  C:\Windows\System\VeBqrpK.exe
  2⤵
  PID:4656
- C:\Windows\System\jAZnymu.exe
  C:\Windows\System\jAZnymu.exe
  2⤵
  PID:4676
- C:\Windows\System\CxmIZji.exe
  C:\Windows\System\CxmIZji.exe
  2⤵
  PID:4696
- C:\Windows\System\CRETKlx.exe
  C:\Windows\System\CRETKlx.exe
  2⤵
  PID:4716
- C:\Windows\System\FJzWlKv.exe
  C:\Windows\System\FJzWlKv.exe
  2⤵
  PID:4732
- C:\Windows\System\jMfrexZ.exe
  C:\Windows\System\jMfrexZ.exe
  2⤵
  PID:4748
- C:\Windows\System\jTvvJDL.exe
  C:\Windows\System\jTvvJDL.exe
  2⤵
  PID:4768
- C:\Windows\System\Zfqaxfr.exe
  C:\Windows\System\Zfqaxfr.exe
  2⤵
  PID:4784
- C:\Windows\System\dDFfjzh.exe
  C:\Windows\System\dDFfjzh.exe
  2⤵
  PID:4800
- C:\Windows\System\xVAjghz.exe
  C:\Windows\System\xVAjghz.exe
  2⤵
  PID:4816
- C:\Windows\System\HHIcUmo.exe
  C:\Windows\System\HHIcUmo.exe
  2⤵
  PID:4836
- C:\Windows\System\UbrNEMm.exe
  C:\Windows\System\UbrNEMm.exe
  2⤵
  PID:4852
- C:\Windows\System\bvhpCDW.exe
  C:\Windows\System\bvhpCDW.exe
  2⤵
  PID:4868
- C:\Windows\System\sTyMisr.exe
  C:\Windows\System\sTyMisr.exe
  2⤵
  PID:4888
- C:\Windows\System\sKVdPDq.exe
  C:\Windows\System\sKVdPDq.exe
  2⤵
  PID:4904
- C:\Windows\System\LMxaDat.exe
  C:\Windows\System\LMxaDat.exe
  2⤵
  PID:4964
- C:\Windows\System\OcfdxCB.exe
  C:\Windows\System\OcfdxCB.exe
  2⤵
  PID:4980
- C:\Windows\System\ffVwxug.exe
  C:\Windows\System\ffVwxug.exe
  2⤵
  PID:4996
- C:\Windows\System\JANFyuK.exe
  C:\Windows\System\JANFyuK.exe
  2⤵
  PID:5012
- C:\Windows\System\rfwIENS.exe
  C:\Windows\System\rfwIENS.exe
  2⤵
  PID:5032
- C:\Windows\System\xBnZYym.exe
  C:\Windows\System\xBnZYym.exe
  2⤵
  PID:5048
- C:\Windows\System\XSDqaIb.exe
  C:\Windows\System\XSDqaIb.exe
  2⤵
  PID:5064
- C:\Windows\System\RHEGpin.exe
  C:\Windows\System\RHEGpin.exe
  2⤵
  PID:5080
- C:\Windows\System\dLvUxww.exe
  C:\Windows\System\dLvUxww.exe
  2⤵
  PID:5096
- C:\Windows\System\ptNDoka.exe
  C:\Windows\System\ptNDoka.exe
  2⤵
  PID:5112
- C:\Windows\System\Crarloz.exe
  C:\Windows\System\Crarloz.exe
  2⤵
  PID:4080
- C:\Windows\System\BYGQxma.exe
  C:\Windows\System\BYGQxma.exe
  2⤵
  PID:4064
- C:\Windows\System\fEQqIPE.exe
  C:\Windows\System\fEQqIPE.exe
  2⤵
  PID:3456
- C:\Windows\System\VdFNmPD.exe
  C:\Windows\System\VdFNmPD.exe
  2⤵
  PID:3268
- C:\Windows\System\qkvjgFK.exe
  C:\Windows\System\qkvjgFK.exe
  2⤵
  PID:3460
- C:\Windows\System\TMOtqSb.exe
  C:\Windows\System\TMOtqSb.exe
  2⤵
  PID:2804
- C:\Windows\System\eDSOMyq.exe
  C:\Windows\System\eDSOMyq.exe
  2⤵
  PID:4212
- C:\Windows\System\DENjiYZ.exe
  C:\Windows\System\DENjiYZ.exe
  2⤵
  PID:4120
- C:\Windows\System\bLpJJSh.exe
  C:\Windows\System\bLpJJSh.exe
  2⤵
  PID:2684
- C:\Windows\System\VgOwNvc.exe
  C:\Windows\System\VgOwNvc.exe
  2⤵
  PID:4108
- C:\Windows\System\aQUsKSL.exe
  C:\Windows\System\aQUsKSL.exe
  2⤵
  PID:4136
- C:\Windows\System\FPEVamr.exe
  C:\Windows\System\FPEVamr.exe
  2⤵
  PID:4152
- C:\Windows\System\Hjrneev.exe
  C:\Windows\System\Hjrneev.exe
  2⤵
  PID:4192
- C:\Windows\System\hBAsuAz.exe
  C:\Windows\System\hBAsuAz.exe
  2⤵
  PID:4256
- C:\Windows\System\mQmAfUQ.exe
  C:\Windows\System\mQmAfUQ.exe
  2⤵
  PID:1312
- C:\Windows\System\ramQOjH.exe
  C:\Windows\System\ramQOjH.exe
  2⤵
  PID:4300
- C:\Windows\System\sQSTpwL.exe
  C:\Windows\System\sQSTpwL.exe
  2⤵
  PID:4316
- C:\Windows\System\OBIZCNO.exe
  C:\Windows\System\OBIZCNO.exe
  2⤵
  PID:4332
- C:\Windows\System\drNzakS.exe
  C:\Windows\System\drNzakS.exe
  2⤵
  PID:4368
- C:\Windows\System\eDreVJu.exe
  C:\Windows\System\eDreVJu.exe
  2⤵
  PID:4384
- C:\Windows\System\fMWbhJb.exe
  C:\Windows\System\fMWbhJb.exe
  2⤵
  PID:4400
- C:\Windows\System\mdSzULX.exe
  C:\Windows\System\mdSzULX.exe
  2⤵
  PID:4404
- C:\Windows\System\kXYhtMT.exe
  C:\Windows\System\kXYhtMT.exe
  2⤵
  PID:4424
- C:\Windows\System\CZeKQMj.exe
  C:\Windows\System\CZeKQMj.exe
  2⤵
  PID:4448
- C:\Windows\System\BvuiHSA.exe
  C:\Windows\System\BvuiHSA.exe
  2⤵
  PID:4468
- C:\Windows\System\roljbDL.exe
  C:\Windows\System\roljbDL.exe
  2⤵
  PID:4504
- C:\Windows\System\ztybWRy.exe
  C:\Windows\System\ztybWRy.exe
  2⤵
  PID:4520
- C:\Windows\System\hFEZFol.exe
  C:\Windows\System\hFEZFol.exe
  2⤵
  PID:4492
- C:\Windows\System\gntmYXf.exe
  C:\Windows\System\gntmYXf.exe
  2⤵
  PID:4532
- C:\Windows\System\KAnsuij.exe
  C:\Windows\System\KAnsuij.exe
  2⤵
  PID:4552
- C:\Windows\System\DAZWmAj.exe
  C:\Windows\System\DAZWmAj.exe
  2⤵
  PID:4568
- C:\Windows\System\dqCLzhv.exe
  C:\Windows\System\dqCLzhv.exe
  2⤵
  PID:4576
- C:\Windows\System\TNKmpbF.exe
  C:\Windows\System\TNKmpbF.exe
  2⤵
  PID:4600
- C:\Windows\System\HJRYosa.exe
  C:\Windows\System\HJRYosa.exe
  2⤵
  PID:4616
- C:\Windows\System\oNZGLEg.exe
  C:\Windows\System\oNZGLEg.exe
  2⤵
  PID:4644
- C:\Windows\System\vztEMPM.exe
  C:\Windows\System\vztEMPM.exe
  2⤵
  PID:4664
- C:\Windows\System\wfICLkC.exe
  C:\Windows\System\wfICLkC.exe
  2⤵
  PID:4704
- C:\Windows\System\USJIBBe.exe
  C:\Windows\System\USJIBBe.exe
  2⤵
  PID:4712
- C:\Windows\System\mxojazG.exe
  C:\Windows\System\mxojazG.exe
  2⤵
  PID:4808
- C:\Windows\System\uYxJQen.exe
  C:\Windows\System\uYxJQen.exe
  2⤵
  PID:4848
- C:\Windows\System\nxBxdVm.exe
  C:\Windows\System\nxBxdVm.exe
  2⤵
  PID:5092
- C:\Windows\System\RVhhxNc.exe
  C:\Windows\System\RVhhxNc.exe
  2⤵
  PID:4900
- C:\Windows\System\psDPZAE.exe
  C:\Windows\System\psDPZAE.exe
  2⤵
  PID:5004
- C:\Windows\System\ZBZENzR.exe
  C:\Windows\System\ZBZENzR.exe
  2⤵
  PID:5072
- C:\Windows\System\SjZOuZJ.exe
  C:\Windows\System\SjZOuZJ.exe
  2⤵
  PID:4028
- C:\Windows\System\vFfPNXC.exe
  C:\Windows\System\vFfPNXC.exe
  2⤵
  PID:3952
- C:\Windows\System\YrzYSjf.exe
  C:\Windows\System\YrzYSjf.exe
  2⤵
  PID:1696
- C:\Windows\System\WKkseWR.exe
  C:\Windows\System\WKkseWR.exe
  2⤵
  PID:3680
- C:\Windows\System\AidmwUa.exe
  C:\Windows\System\AidmwUa.exe
  2⤵
  PID:4180
- C:\Windows\System\SsZTRVn.exe
  C:\Windows\System\SsZTRVn.exe
  2⤵
  PID:4116
- C:\Windows\System\xgHwtdS.exe
  C:\Windows\System\xgHwtdS.exe
  2⤵
  PID:4128
- C:\Windows\System\rHaUXwt.exe
  C:\Windows\System\rHaUXwt.exe
  2⤵
  PID:4272
- C:\Windows\System\FyqyxHM.exe
  C:\Windows\System\FyqyxHM.exe
  2⤵
  PID:4296
- C:\Windows\System\maLKvWL.exe
  C:\Windows\System\maLKvWL.exe
  2⤵
  PID:4328
- C:\Windows\System\vDBgGEE.exe
  C:\Windows\System\vDBgGEE.exe
  2⤵
  PID:3960
- C:\Windows\System\JRsfnnT.exe
  C:\Windows\System\JRsfnnT.exe
  2⤵
  PID:4348
- C:\Windows\System\wQllkpb.exe
  C:\Windows\System\wQllkpb.exe
  2⤵
  PID:4432
- C:\Windows\System\dFubqNL.exe
  C:\Windows\System\dFubqNL.exe
  2⤵
  PID:4496
- C:\Windows\System\lemophn.exe
  C:\Windows\System\lemophn.exe
  2⤵
  PID:3440
- C:\Windows\System\OzILuVf.exe
  C:\Windows\System\OzILuVf.exe
  2⤵
  PID:4764
- C:\Windows\System\Wzgzxpy.exe
  C:\Windows\System\Wzgzxpy.exe
  2⤵
  PID:4916
- C:\Windows\System\JmYeUwt.exe
  C:\Windows\System\JmYeUwt.exe
  2⤵
  PID:4936
- C:\Windows\System\RdKTNVY.exe
  C:\Windows\System\RdKTNVY.exe
  2⤵
  PID:4880
- C:\Windows\System\lhDkwfL.exe
  C:\Windows\System\lhDkwfL.exe
  2⤵
  PID:4756
- C:\Windows\System\WFtipgz.exe
  C:\Windows\System\WFtipgz.exe
  2⤵
  PID:4960
- C:\Windows\System\oxPvZiY.exe
  C:\Windows\System\oxPvZiY.exe
  2⤵
  PID:5028
- C:\Windows\System\BgqDlwg.exe
  C:\Windows\System\BgqDlwg.exe
  2⤵
  PID:4976
- C:\Windows\System\vrdlzGX.exe
  C:\Windows\System\vrdlzGX.exe
  2⤵
  PID:3772
- C:\Windows\System\oFDPfQe.exe
  C:\Windows\System\oFDPfQe.exe
  2⤵
  PID:4104
- C:\Windows\System\MgjSTJd.exe
  C:\Windows\System\MgjSTJd.exe
  2⤵
  PID:2144
- C:\Windows\System\WCuLJon.exe
  C:\Windows\System\WCuLJon.exe
  2⤵
  PID:2892
- C:\Windows\System\yyqVyfR.exe
  C:\Windows\System\yyqVyfR.exe
  2⤵
  PID:4148
- C:\Windows\System\eyQPYvk.exe
  C:\Windows\System\eyQPYvk.exe
  2⤵
  PID:4324
- C:\Windows\System\cIiUKug.exe
  C:\Windows\System\cIiUKug.exe
  2⤵
  PID:4376
- C:\Windows\System\wOPCWQQ.exe
  C:\Windows\System\wOPCWQQ.exe
  2⤵
  PID:4444
- C:\Windows\System\ELnBiMJ.exe
  C:\Windows\System\ELnBiMJ.exe
  2⤵
  PID:4500
- C:\Windows\System\gTeSwwV.exe
  C:\Windows\System\gTeSwwV.exe
  2⤵
  PID:4488
- C:\Windows\System\SraPUWs.exe
  C:\Windows\System\SraPUWs.exe
  2⤵
  PID:4564
- C:\Windows\System\ldPJhEe.exe
  C:\Windows\System\ldPJhEe.exe
  2⤵
  PID:4580
- C:\Windows\System\HQhihBA.exe
  C:\Windows\System\HQhihBA.exe
  2⤵
  PID:4596
- C:\Windows\System\XEQgiwk.exe
  C:\Windows\System\XEQgiwk.exe
  2⤵
  PID:4628
- C:\Windows\System\HYEmDjA.exe
  C:\Windows\System\HYEmDjA.exe
  2⤵
  PID:4760
- C:\Windows\System\ONvcdTI.exe
  C:\Windows\System\ONvcdTI.exe
  2⤵
  PID:4776
- C:\Windows\System\UcXZBMF.exe
  C:\Windows\System\UcXZBMF.exe
  2⤵
  PID:2952
- C:\Windows\System\DRxLgsQ.exe
  C:\Windows\System\DRxLgsQ.exe
  2⤵
  PID:3092
- C:\Windows\System\boIysiM.exe
  C:\Windows\System\boIysiM.exe
  2⤵
  PID:3424
- C:\Windows\System\isbTHZp.exe
  C:\Windows\System\isbTHZp.exe
  2⤵
  PID:4160
- C:\Windows\System\DSdEbbv.exe
  C:\Windows\System\DSdEbbv.exe
  2⤵
  PID:1552
- C:\Windows\System\fSJTQkt.exe
  C:\Windows\System\fSJTQkt.exe
  2⤵
  PID:5108
- C:\Windows\System\DyKbHgu.exe
  C:\Windows\System\DyKbHgu.exe
  2⤵
  PID:2064
- C:\Windows\System\QzHYbZA.exe
  C:\Windows\System\QzHYbZA.exe
  2⤵
  PID:4516
- C:\Windows\System\NGhSgzj.exe
  C:\Windows\System\NGhSgzj.exe
  2⤵
  PID:4648
- C:\Windows\System\YkMZNXU.exe
  C:\Windows\System\YkMZNXU.exe
  2⤵
  PID:5044
- C:\Windows\System\XAIQzjf.exe
  C:\Windows\System\XAIQzjf.exe
  2⤵
  PID:4396
- C:\Windows\System\fNbTTGk.exe
  C:\Windows\System\fNbTTGk.exe
  2⤵
  PID:4544
- C:\Windows\System\YhgpTct.exe
  C:\Windows\System\YhgpTct.exe
  2⤵
  PID:4592
- C:\Windows\System\vmpnJPC.exe
  C:\Windows\System\vmpnJPC.exe
  2⤵
  PID:4844
- C:\Windows\System\sQEHbDz.exe
  C:\Windows\System\sQEHbDz.exe
  2⤵
  PID:4692
- C:\Windows\System\LeYGfnr.exe
  C:\Windows\System\LeYGfnr.exe
  2⤵
  PID:3780
- C:\Windows\System\uGUwoYn.exe
  C:\Windows\System\uGUwoYn.exe
  2⤵
  PID:4948
- C:\Windows\System\pDUDaLr.exe
  C:\Windows\System\pDUDaLr.exe
  2⤵
  PID:4824
- C:\Windows\System\cdVzadI.exe
  C:\Windows\System\cdVzadI.exe
  2⤵
  PID:3096
- C:\Windows\System\MNvwWMn.exe
  C:\Windows\System\MNvwWMn.exe
  2⤵
  PID:4364
- C:\Windows\System\ircrenW.exe
  C:\Windows\System\ircrenW.exe
  2⤵
  PID:5132
- C:\Windows\System\XaCvjRQ.exe
  C:\Windows\System\XaCvjRQ.exe
  2⤵
  PID:5148
- C:\Windows\System\lJRXrNx.exe
  C:\Windows\System\lJRXrNx.exe
  2⤵
  PID:5164
- C:\Windows\System\PEypBWN.exe
  C:\Windows\System\PEypBWN.exe
  2⤵
  PID:5180
- C:\Windows\System\ENBiGaN.exe
  C:\Windows\System\ENBiGaN.exe
  2⤵
  PID:5256
- C:\Windows\System\wwSRDsi.exe
  C:\Windows\System\wwSRDsi.exe
  2⤵
  PID:5272
- C:\Windows\System\GYNyaXq.exe
  C:\Windows\System\GYNyaXq.exe
  2⤵
  PID:5288
- C:\Windows\System\rsOTYMi.exe
  C:\Windows\System\rsOTYMi.exe
  2⤵
  PID:5304
- C:\Windows\System\uifngMH.exe
  C:\Windows\System\uifngMH.exe
  2⤵
  PID:5320
- C:\Windows\System\fzfRWUp.exe
  C:\Windows\System\fzfRWUp.exe
  2⤵
  PID:5336
- C:\Windows\System\JlLEoCZ.exe
  C:\Windows\System\JlLEoCZ.exe
  2⤵
  PID:5352
- C:\Windows\System\jrKsHOX.exe
  C:\Windows\System\jrKsHOX.exe
  2⤵
  PID:5372
- C:\Windows\System\qKgTyWr.exe
  C:\Windows\System\qKgTyWr.exe
  2⤵
  PID:5392
- C:\Windows\System\MSlotaa.exe
  C:\Windows\System\MSlotaa.exe
  2⤵
  PID:5412
- C:\Windows\System\ffMKTcU.exe
  C:\Windows\System\ffMKTcU.exe
  2⤵
  PID:5432
- C:\Windows\System\zJSqjrF.exe
  C:\Windows\System\zJSqjrF.exe
  2⤵
  PID:5468
- C:\Windows\System\XUdkFnW.exe
  C:\Windows\System\XUdkFnW.exe
  2⤵
  PID:5488
- C:\Windows\System\gsKWAZU.exe
  C:\Windows\System\gsKWAZU.exe
  2⤵
  PID:5504
- C:\Windows\System\yCXVcqM.exe
  C:\Windows\System\yCXVcqM.exe
  2⤵
  PID:5520
- C:\Windows\System\RvjSBcJ.exe
  C:\Windows\System\RvjSBcJ.exe
  2⤵
  PID:5536
- C:\Windows\System\OwNBzVU.exe
  C:\Windows\System\OwNBzVU.exe
  2⤵
  PID:5552
- C:\Windows\System\PpVWMDt.exe
  C:\Windows\System\PpVWMDt.exe
  2⤵
  PID:5568
- C:\Windows\System\fmKJnyH.exe
  C:\Windows\System\fmKJnyH.exe
  2⤵
  PID:5588
- C:\Windows\System\tKFOIIf.exe
  C:\Windows\System\tKFOIIf.exe
  2⤵
  PID:5604
- C:\Windows\System\bqIXcTm.exe
  C:\Windows\System\bqIXcTm.exe
  2⤵
  PID:5624
- C:\Windows\System\eOAaKhB.exe
  C:\Windows\System\eOAaKhB.exe
  2⤵
  PID:5640
- C:\Windows\System\HuxGHXQ.exe
  C:\Windows\System\HuxGHXQ.exe
  2⤵
  PID:5656
- C:\Windows\System\deSmzld.exe
  C:\Windows\System\deSmzld.exe
  2⤵
  PID:5676
- C:\Windows\System\tgCBrOK.exe
  C:\Windows\System\tgCBrOK.exe
  2⤵
  PID:5700
- C:\Windows\System\DkjqZuv.exe
  C:\Windows\System\DkjqZuv.exe
  2⤵
  PID:5732
- C:\Windows\System\umqeMsw.exe
  C:\Windows\System\umqeMsw.exe
  2⤵
  PID:5748
- C:\Windows\System\RcnIUEA.exe
  C:\Windows\System\RcnIUEA.exe
  2⤵
  PID:5768
- C:\Windows\System\TCGfKFm.exe
  C:\Windows\System\TCGfKFm.exe
  2⤵
  PID:5784
- C:\Windows\System\gNQFUau.exe
  C:\Windows\System\gNQFUau.exe
  2⤵
  PID:5804
- C:\Windows\System\kECUpLC.exe
  C:\Windows\System\kECUpLC.exe
  2⤵
  PID:5820
- C:\Windows\System\tNEJqet.exe
  C:\Windows\System\tNEJqet.exe
  2⤵
  PID:5836
- C:\Windows\System\UTkaszD.exe
  C:\Windows\System\UTkaszD.exe
  2⤵
  PID:5852
- C:\Windows\System\CVNrjVh.exe
  C:\Windows\System\CVNrjVh.exe
  2⤵
  PID:5872
- C:\Windows\System\ujClDoL.exe
  C:\Windows\System\ujClDoL.exe
  2⤵
  PID:5888
- C:\Windows\System\wxCWQXP.exe
  C:\Windows\System\wxCWQXP.exe
  2⤵
  PID:5904
- C:\Windows\System\GYyjwrS.exe
  C:\Windows\System\GYyjwrS.exe
  2⤵
  PID:5920
- C:\Windows\System\WBepYNp.exe
  C:\Windows\System\WBepYNp.exe
  2⤵
  PID:5940
- C:\Windows\System\QDIeNaG.exe
  C:\Windows\System\QDIeNaG.exe
  2⤵
  PID:5956
- C:\Windows\System\OprspmH.exe
  C:\Windows\System\OprspmH.exe
  2⤵
  PID:5972
- C:\Windows\System\ydQpPBK.exe
  C:\Windows\System\ydQpPBK.exe
  2⤵
  PID:5988
- C:\Windows\System\dkEdoLr.exe
  C:\Windows\System\dkEdoLr.exe
  2⤵
  PID:6008
- C:\Windows\System\SoEfgYm.exe
  C:\Windows\System\SoEfgYm.exe
  2⤵
  PID:6028
- C:\Windows\System\oHqNGXW.exe
  C:\Windows\System\oHqNGXW.exe
  2⤵
  PID:6044
- C:\Windows\System\lyzMgNJ.exe
  C:\Windows\System\lyzMgNJ.exe
  2⤵
  PID:6060
- C:\Windows\System\moxArIG.exe
  C:\Windows\System\moxArIG.exe
  2⤵
  PID:6076
- C:\Windows\System\gbQLyqt.exe
  C:\Windows\System\gbQLyqt.exe
  2⤵
  PID:6092
- C:\Windows\System\UiMzoET.exe
  C:\Windows\System\UiMzoET.exe
  2⤵
  PID:6112
- C:\Windows\System\KvvGych.exe
  C:\Windows\System\KvvGych.exe
  2⤵
  PID:6128
- C:\Windows\System\GXfQGCe.exe
  C:\Windows\System\GXfQGCe.exe
  2⤵
  PID:3076
- C:\Windows\System\uFMzYyA.exe
  C:\Windows\System\uFMzYyA.exe
  2⤵
  PID:4728
- C:\Windows\System\bSrEuix.exe
  C:\Windows\System\bSrEuix.exe
  2⤵
  PID:4992
- C:\Windows\System\BsoFvTh.exe
  C:\Windows\System\BsoFvTh.exe
  2⤵
  PID:3180
- C:\Windows\System\TgldjiG.exe
  C:\Windows\System\TgldjiG.exe
  2⤵
  PID:4164
- C:\Windows\System\uThLwTE.exe
  C:\Windows\System\uThLwTE.exe
  2⤵
  PID:4896
- C:\Windows\System\HVutOqu.exe
  C:\Windows\System\HVutOqu.exe
  2⤵
  PID:2176
- C:\Windows\System\uFnwLsu.exe
  C:\Windows\System\uFnwLsu.exe
  2⤵
  PID:5160
- C:\Windows\System\DcjwAlI.exe
  C:\Windows\System\DcjwAlI.exe
  2⤵
  PID:5204
- C:\Windows\System\GaBgTYb.exe
  C:\Windows\System\GaBgTYb.exe
  2⤵
  PID:5224
- C:\Windows\System\mtrWoSO.exe
  C:\Windows\System\mtrWoSO.exe
  2⤵
  PID:2720
- C:\Windows\System\AkaIoHZ.exe
  C:\Windows\System\AkaIoHZ.exe
  2⤵
  PID:5172
- C:\Windows\System\sehNnLe.exe
  C:\Windows\System\sehNnLe.exe
  2⤵
  PID:5236
- C:\Windows\System\ABmSIjl.exe
  C:\Windows\System\ABmSIjl.exe
  2⤵
  PID:5192
- C:\Windows\System\rOvuhYD.exe
  C:\Windows\System\rOvuhYD.exe
  2⤵
  PID:5316
- C:\Windows\System\sVrxtKd.exe
  C:\Windows\System\sVrxtKd.exe
  2⤵
  PID:5388
- C:\Windows\System\TzThMzF.exe
  C:\Windows\System\TzThMzF.exe
  2⤵
  PID:5476
- C:\Windows\System\mFXHDbT.exe
  C:\Windows\System\mFXHDbT.exe
  2⤵
  PID:5484
- C:\Windows\System\zIRuVLd.exe
  C:\Windows\System\zIRuVLd.exe
  2⤵
  PID:4864
- C:\Windows\System\fRQFPqd.exe
  C:\Windows\System\fRQFPqd.exe
  2⤵
  PID:5368
- C:\Windows\System\SDSZqeX.exe
  C:\Windows\System\SDSZqeX.exe
  2⤵
  PID:5408
- C:\Windows\System\Nlmdtof.exe
  C:\Windows\System\Nlmdtof.exe
  2⤵
  PID:5576
- C:\Windows\System\zvArcvd.exe
  C:\Windows\System\zvArcvd.exe
  2⤵
  PID:5456
- C:\Windows\System\GdQnvaZ.exe
  C:\Windows\System\GdQnvaZ.exe
  2⤵
  PID:5440
- C:\Windows\System\eAiUAFp.exe
  C:\Windows\System\eAiUAFp.exe
  2⤵
  PID:5616
- C:\Windows\System\lCwdrCz.exe
  C:\Windows\System\lCwdrCz.exe
  2⤵
  PID:5652
- C:\Windows\System\mDodtQe.exe
  C:\Windows\System\mDodtQe.exe
  2⤵
  PID:5708
- C:\Windows\System\WcgsDIx.exe
  C:\Windows\System\WcgsDIx.exe
  2⤵
  PID:5728
- C:\Windows\System\kdpLCQd.exe
  C:\Windows\System\kdpLCQd.exe
  2⤵
  PID:5716
- C:\Windows\System\ufKwMxo.exe
  C:\Windows\System\ufKwMxo.exe
  2⤵
  PID:5776
- C:\Windows\System\wtTnOvs.exe
  C:\Windows\System\wtTnOvs.exe
  2⤵
  PID:5848
- C:\Windows\System\vgHBOqH.exe
  C:\Windows\System\vgHBOqH.exe
  2⤵
  PID:5800
- C:\Windows\System\KRZbqgS.exe
  C:\Windows\System\KRZbqgS.exe
  2⤵
  PID:5900
- C:\Windows\System\LFEbuov.exe
  C:\Windows\System\LFEbuov.exe
  2⤵
  PID:5832
- C:\Windows\System\RTKOUsO.exe
  C:\Windows\System\RTKOUsO.exe
  2⤵
  PID:5952
- C:\Windows\System\jJQokGu.exe
  C:\Windows\System\jJQokGu.exe
  2⤵
  PID:6020
- C:\Windows\System\anQKlhX.exe
  C:\Windows\System\anQKlhX.exe
  2⤵
  PID:6004
- C:\Windows\System\jGZyTuo.exe
  C:\Windows\System\jGZyTuo.exe
  2⤵
  PID:5996
- C:\Windows\System\rGeUlxL.exe
  C:\Windows\System\rGeUlxL.exe
  2⤵
  PID:6072
- C:\Windows\System\OtrmwZc.exe
  C:\Windows\System\OtrmwZc.exe
  2⤵
  PID:6104
- C:\Windows\System\pMpcEbq.exe
  C:\Windows\System\pMpcEbq.exe
  2⤵
  PID:5216
- C:\Windows\System\URpYhfv.exe
  C:\Windows\System\URpYhfv.exe
  2⤵
  PID:6084
- C:\Windows\System\VmOqSRj.exe
  C:\Windows\System\VmOqSRj.exe
  2⤵
  PID:4924
- C:\Windows\System\GEyXOUY.exe
  C:\Windows\System\GEyXOUY.exe
  2⤵
  PID:6120
- C:\Windows\System\SHJoHXw.exe
  C:\Windows\System\SHJoHXw.exe
  2⤵
  PID:6088
- C:\Windows\System\zUoJrBA.exe
  C:\Windows\System\zUoJrBA.exe
  2⤵
  PID:6124
- C:\Windows\System\kuFwKwM.exe
  C:\Windows\System\kuFwKwM.exe
  2⤵
  PID:5212
- C:\Windows\System\QHCzFdB.exe
  C:\Windows\System\QHCzFdB.exe
  2⤵
  PID:5252
- C:\Windows\System\jonLWmu.exe
  C:\Windows\System\jonLWmu.exe
  2⤵
  PID:5516
- C:\Windows\System\DZFKiJn.exe
  C:\Windows\System\DZFKiJn.exe
  2⤵
  PID:5612
- C:\Windows\System\PlWUKOr.exe
  C:\Windows\System\PlWUKOr.exe
  2⤵
  PID:5500
- C:\Windows\System\uRwuHpN.exe
  C:\Windows\System\uRwuHpN.exe
  2⤵
  PID:5560
- C:\Windows\System\NticlzM.exe
  C:\Windows\System\NticlzM.exe
  2⤵
  PID:5672
- C:\Windows\System\CpGwZMH.exe
  C:\Windows\System\CpGwZMH.exe
  2⤵
  PID:5296
- C:\Windows\System\nCPTZsH.exe
  C:\Windows\System\nCPTZsH.exe
  2⤵
  PID:5364
- C:\Windows\System\cKShXgH.exe
  C:\Windows\System\cKShXgH.exe
  2⤵
  PID:5328
- C:\Windows\System\eRZzvdi.exe
  C:\Windows\System\eRZzvdi.exe
  2⤵
  PID:5744
- C:\Windows\System\khXzYmh.exe
  C:\Windows\System\khXzYmh.exe
  2⤵
  PID:5896
- C:\Windows\System\yHvUkny.exe
  C:\Windows\System\yHvUkny.exe
  2⤵
  PID:5916
- C:\Windows\System\FrQncnr.exe
  C:\Windows\System\FrQncnr.exe
  2⤵
  PID:5720
- C:\Windows\System\AiOOlVy.exe
  C:\Windows\System\AiOOlVy.exe
  2⤵
  PID:5932
- C:\Windows\System\tXjcjdq.exe
  C:\Windows\System\tXjcjdq.exe
  2⤵
  PID:5936
- C:\Windows\System\JnIthai.exe
  C:\Windows\System\JnIthai.exe
  2⤵
  PID:5196
- C:\Windows\System\mcesyfy.exe
  C:\Windows\System\mcesyfy.exe
  2⤵
  PID:6136
- C:\Windows\System\iQoEKZp.exe
  C:\Windows\System\iQoEKZp.exe
  2⤵
  PID:4588
- C:\Windows\System\vcDAJGu.exe
  C:\Windows\System\vcDAJGu.exe
  2⤵
  PID:4228
- C:\Windows\System\DDlSkDB.exe
  C:\Windows\System\DDlSkDB.exe
  2⤵
  PID:5284
- C:\Windows\System\oGgMvWV.exe
  C:\Windows\System\oGgMvWV.exe
  2⤵
  PID:5312
- C:\Windows\System\XYOfUCx.exe
  C:\Windows\System\XYOfUCx.exe
  2⤵
  PID:5664
- C:\Windows\System\TlTgjZL.exe
  C:\Windows\System\TlTgjZL.exe
  2⤵
  PID:5428
- C:\Windows\System\CKLGqMX.exe
  C:\Windows\System\CKLGqMX.exe
  2⤵
  PID:5384
- C:\Windows\System\aorafxn.exe
  C:\Windows\System\aorafxn.exe
  2⤵
  PID:5692
- C:\Windows\System\AsFzPaX.exe
  C:\Windows\System\AsFzPaX.exe
  2⤵
  PID:5844
- C:\Windows\System\iYnMMXw.exe
  C:\Windows\System\iYnMMXw.exe
  2⤵
  PID:5884
- C:\Windows\System\YVAlFbN.exe
  C:\Windows\System\YVAlFbN.exe
  2⤵
  PID:5712
- C:\Windows\System\YizwXLK.exe
  C:\Windows\System\YizwXLK.exe
  2⤵
  PID:5984
- C:\Windows\System\UzQkJmv.exe
  C:\Windows\System\UzQkJmv.exe
  2⤵
  PID:6016
- C:\Windows\System\UAdlOiI.exe
  C:\Windows\System\UAdlOiI.exe
  2⤵
  PID:5144
- C:\Windows\System\VGkGBta.exe
  C:\Windows\System\VGkGBta.exe
  2⤵
  PID:5688
- C:\Windows\System\XdhtPcv.exe
  C:\Windows\System\XdhtPcv.exe
  2⤵
  PID:5792
- C:\Windows\System\BXCFZGA.exe
  C:\Windows\System\BXCFZGA.exe
  2⤵
  PID:5760
- C:\Windows\System\dAUnATF.exe
  C:\Windows\System\dAUnATF.exe
  2⤵
  PID:6156
- C:\Windows\System\SkNvAwK.exe
  C:\Windows\System\SkNvAwK.exe
  2⤵
  PID:6172
- C:\Windows\System\bhhmeAx.exe
  C:\Windows\System\bhhmeAx.exe
  2⤵
  PID:6188
- C:\Windows\System\VOjVQBA.exe
  C:\Windows\System\VOjVQBA.exe
  2⤵
  PID:6204
- C:\Windows\System\cBjLJIr.exe
  C:\Windows\System\cBjLJIr.exe
  2⤵
  PID:6220
- C:\Windows\System\iFtJSXr.exe
  C:\Windows\System\iFtJSXr.exe
  2⤵
  PID:6236
- C:\Windows\System\yEZrKLp.exe
  C:\Windows\System\yEZrKLp.exe
  2⤵
  PID:6256
- C:\Windows\System\tfviQAu.exe
  C:\Windows\System\tfviQAu.exe
  2⤵
  PID:6272
- C:\Windows\System\eeXOIPG.exe
  C:\Windows\System\eeXOIPG.exe
  2⤵
  PID:6288
- C:\Windows\System\qoswGzh.exe
  C:\Windows\System\qoswGzh.exe
  2⤵
  PID:6304
- C:\Windows\System\TqfqdHP.exe
  C:\Windows\System\TqfqdHP.exe
  2⤵
  PID:6320
- C:\Windows\System\FtVerIQ.exe
  C:\Windows\System\FtVerIQ.exe
  2⤵
  PID:6336
- C:\Windows\System\XbZYCCz.exe
  C:\Windows\System\XbZYCCz.exe
  2⤵
  PID:6352
- C:\Windows\System\kNSSbVp.exe
  C:\Windows\System\kNSSbVp.exe
  2⤵
  PID:6372
- C:\Windows\System\IlvMDOV.exe
  C:\Windows\System\IlvMDOV.exe
  2⤵
  PID:6388
- C:\Windows\System\XSILtEv.exe
  C:\Windows\System\XSILtEv.exe
  2⤵
  PID:6408
- C:\Windows\System\ZtoMNFr.exe
  C:\Windows\System\ZtoMNFr.exe
  2⤵
  PID:6424
- C:\Windows\System\uvcCqmv.exe
  C:\Windows\System\uvcCqmv.exe
  2⤵
  PID:6440
- C:\Windows\System\BdwcUQz.exe
  C:\Windows\System\BdwcUQz.exe
  2⤵
  PID:6456
- C:\Windows\System\mEqaDeY.exe
  C:\Windows\System\mEqaDeY.exe
  2⤵
  PID:6472
- C:\Windows\System\Gmdvtms.exe
  C:\Windows\System\Gmdvtms.exe
  2⤵
  PID:6488
- C:\Windows\System\HIhRClK.exe
  C:\Windows\System\HIhRClK.exe
  2⤵
  PID:6504
- C:\Windows\System\chykYoN.exe
  C:\Windows\System\chykYoN.exe
  2⤵
  PID:6520
- C:\Windows\System\ZWDweJV.exe
  C:\Windows\System\ZWDweJV.exe
  2⤵
  PID:6536
- C:\Windows\System\bWDyjec.exe
  C:\Windows\System\bWDyjec.exe
  2⤵
  PID:6552
- C:\Windows\System\BbVVdkx.exe
  C:\Windows\System\BbVVdkx.exe
  2⤵
  PID:6568
- C:\Windows\System\DTIWWZb.exe
  C:\Windows\System\DTIWWZb.exe
  2⤵
  PID:6584
- C:\Windows\System\tFXLgZk.exe
  C:\Windows\System\tFXLgZk.exe
  2⤵
  PID:6600
- C:\Windows\System\zvXfWJF.exe
  C:\Windows\System\zvXfWJF.exe
  2⤵
  PID:6616
- C:\Windows\System\RwudOxf.exe
  C:\Windows\System\RwudOxf.exe
  2⤵
  PID:6632
- C:\Windows\System\vyohnjt.exe
  C:\Windows\System\vyohnjt.exe
  2⤵
  PID:6648
- C:\Windows\System\KJEuNrM.exe
  C:\Windows\System\KJEuNrM.exe
  2⤵
  PID:6664
- C:\Windows\System\flMZFnD.exe
  C:\Windows\System\flMZFnD.exe
  2⤵
  PID:6680
- C:\Windows\System\qQfOWcG.exe
  C:\Windows\System\qQfOWcG.exe
  2⤵
  PID:6696
- C:\Windows\System\xgsweDF.exe
  C:\Windows\System\xgsweDF.exe
  2⤵
  PID:6712
- C:\Windows\System\pgXSogn.exe
  C:\Windows\System\pgXSogn.exe
  2⤵
  PID:6728
- C:\Windows\System\LrlikmL.exe
  C:\Windows\System\LrlikmL.exe
  2⤵
  PID:6744
- C:\Windows\System\blOEwih.exe
  C:\Windows\System\blOEwih.exe
  2⤵
  PID:6760
- C:\Windows\System\intiNIz.exe
  C:\Windows\System\intiNIz.exe
  2⤵
  PID:6776
- C:\Windows\System\IPyqDYj.exe
  C:\Windows\System\IPyqDYj.exe
  2⤵
  PID:6792
- C:\Windows\System\sdiupHm.exe
  C:\Windows\System\sdiupHm.exe
  2⤵
  PID:6808
- C:\Windows\System\IihkYsR.exe
  C:\Windows\System\IihkYsR.exe
  2⤵
  PID:6828
- C:\Windows\System\gmZkAhj.exe
  C:\Windows\System\gmZkAhj.exe
  2⤵
  PID:6844
- C:\Windows\System\fQNBYAG.exe
  C:\Windows\System\fQNBYAG.exe
  2⤵
  PID:6864
- C:\Windows\System\dPoSKXv.exe
  C:\Windows\System\dPoSKXv.exe
  2⤵
  PID:6880
- C:\Windows\System\lyDGOIH.exe
  C:\Windows\System\lyDGOIH.exe
  2⤵
  PID:6896
- C:\Windows\System\Xkiqcre.exe
  C:\Windows\System\Xkiqcre.exe
  2⤵
  PID:6912
- C:\Windows\System\hKlUHnd.exe
  C:\Windows\System\hKlUHnd.exe
  2⤵
  PID:6928
- C:\Windows\System\itNQCVJ.exe
  C:\Windows\System\itNQCVJ.exe
  2⤵
  PID:6944
- C:\Windows\System\UMHdfKM.exe
  C:\Windows\System\UMHdfKM.exe
  2⤵
  PID:6960
- C:\Windows\System\htrhrQD.exe
  C:\Windows\System\htrhrQD.exe
  2⤵
  PID:7012
- C:\Windows\System\TZkiCgv.exe
  C:\Windows\System\TZkiCgv.exe
  2⤵
  PID:7028
- C:\Windows\System\tnOxgwi.exe
  C:\Windows\System\tnOxgwi.exe
  2⤵
  PID:7044
- C:\Windows\System\LskaWCl.exe
  C:\Windows\System\LskaWCl.exe
  2⤵
  PID:7060
- C:\Windows\System\OipEqLM.exe
  C:\Windows\System\OipEqLM.exe
  2⤵
  PID:7076
- C:\Windows\System\HkjYGrX.exe
  C:\Windows\System\HkjYGrX.exe
  2⤵
  PID:7112
- C:\Windows\System\hAgiNpx.exe
  C:\Windows\System\hAgiNpx.exe
  2⤵
  PID:7128
- C:\Windows\System\OIeQXdn.exe
  C:\Windows\System\OIeQXdn.exe
  2⤵
  PID:7148
- C:\Windows\System\mabylOs.exe
  C:\Windows\System\mabylOs.exe
  2⤵
  PID:7164
- C:\Windows\System\peFUlIH.exe
  C:\Windows\System\peFUlIH.exe
  2⤵
  PID:6148
- C:\Windows\System\ongBreK.exe
  C:\Windows\System\ongBreK.exe
  2⤵
  PID:6216
- C:\Windows\System\BvHNtfK.exe
  C:\Windows\System\BvHNtfK.exe
  2⤵
  PID:5596
- C:\Windows\System\TAMNmfB.exe
  C:\Windows\System\TAMNmfB.exe
  2⤵
  PID:5740
- C:\Windows\System\ZQALCco.exe
  C:\Windows\System\ZQALCco.exe
  2⤵
  PID:6252
- C:\Windows\System\qYUtVOZ.exe
  C:\Windows\System\qYUtVOZ.exe
  2⤵
  PID:5232
- C:\Windows\System\JfXrBuj.exe
  C:\Windows\System\JfXrBuj.exe
  2⤵
  PID:6312
- C:\Windows\System\kSFBJNS.exe
  C:\Windows\System\kSFBJNS.exe
  2⤵
  PID:5240
- C:\Windows\System\gCUrMas.exe
  C:\Windows\System\gCUrMas.exe
  2⤵
  PID:6228
- C:\Windows\System\oRIZOmO.exe
  C:\Windows\System\oRIZOmO.exe
  2⤵
  PID:6300
- C:\Windows\System\WxZWoDU.exe
  C:\Windows\System\WxZWoDU.exe
  2⤵
  PID:6344
- C:\Windows\System\qyWUHWo.exe
  C:\Windows\System\qyWUHWo.exe
  2⤵
  PID:6368
- C:\Windows\System\KgvLQmj.exe
  C:\Windows\System\KgvLQmj.exe
  2⤵
  PID:6496
- C:\Windows\System\hoBLMRL.exe
  C:\Windows\System\hoBLMRL.exe
  2⤵
  PID:6468
- C:\Windows\System\vVMQOjQ.exe
  C:\Windows\System\vVMQOjQ.exe
  2⤵
  PID:6528
- C:\Windows\System\biFKMnB.exe
  C:\Windows\System\biFKMnB.exe
  2⤵
  PID:6596
- C:\Windows\System\lEWRdBf.exe
  C:\Windows\System\lEWRdBf.exe
  2⤵
  PID:6624
- C:\Windows\System\EfaAaQB.exe
  C:\Windows\System\EfaAaQB.exe
  2⤵
  PID:6580
- C:\Windows\System\PHFoFXm.exe
  C:\Windows\System\PHFoFXm.exe
  2⤵
  PID:6548
- C:\Windows\System\glIVeLz.exe
  C:\Windows\System\glIVeLz.exe
  2⤵
  PID:6672
- C:\Windows\System\zVGuJJO.exe
  C:\Windows\System\zVGuJJO.exe
  2⤵
  PID:6720
- C:\Windows\System\yScvYil.exe
  C:\Windows\System\yScvYil.exe
  2⤵
  PID:6708
- C:\Windows\System\KcSTfGH.exe
  C:\Windows\System\KcSTfGH.exe
  2⤵
  PID:6768
- C:\Windows\System\tjOzUud.exe
  C:\Windows\System\tjOzUud.exe
  2⤵
  PID:6816
- C:\Windows\System\TgRsfEs.exe
  C:\Windows\System\TgRsfEs.exe
  2⤵
  PID:6860
- C:\Windows\System\yGjxBha.exe
  C:\Windows\System\yGjxBha.exe
  2⤵
  PID:6888
- C:\Windows\System\pfzkQdj.exe
  C:\Windows\System\pfzkQdj.exe
  2⤵
  PID:6800
- C:\Windows\System\jiWChaV.exe
  C:\Windows\System\jiWChaV.exe
  2⤵
  PID:6904
- C:\Windows\System\rSgzVuy.exe
  C:\Windows\System\rSgzVuy.exe
  2⤵
  PID:6952
- C:\Windows\System\gpIxQcL.exe
  C:\Windows\System\gpIxQcL.exe
  2⤵
  PID:6972
- C:\Windows\System\iAaoDNz.exe
  C:\Windows\System\iAaoDNz.exe
  2⤵
  PID:7084
- C:\Windows\System\eQqvzfE.exe
  C:\Windows\System\eQqvzfE.exe
  2⤵
  PID:7096
- C:\Windows\System\fCWHgps.exe
  C:\Windows\System\fCWHgps.exe
  2⤵
  PID:7144
- C:\Windows\System\HSzVsKF.exe
  C:\Windows\System\HSzVsKF.exe
  2⤵
  PID:5668
- C:\Windows\System\koVZeCI.exe
  C:\Windows\System\koVZeCI.exe
  2⤵
  PID:6248
- C:\Windows\System\LJYMUUI.exe
  C:\Windows\System\LJYMUUI.exe
  2⤵
  PID:6984
- C:\Windows\System\XYgccjX.exe
  C:\Windows\System\XYgccjX.exe
  2⤵
  PID:7068
- C:\Windows\System\FyZrhIp.exe
  C:\Windows\System\FyZrhIp.exe
  2⤵
  PID:7072
- C:\Windows\System\qflpVTE.exe
  C:\Windows\System\qflpVTE.exe
  2⤵
  PID:6184
- C:\Windows\System\pAPwhMi.exe
  C:\Windows\System\pAPwhMi.exe
  2⤵
  PID:5452
- C:\Windows\System\UvBOKKI.exe
  C:\Windows\System\UvBOKKI.exe
  2⤵
  PID:6268
- C:\Windows\System\lcNwYbS.exe
  C:\Windows\System\lcNwYbS.exe
  2⤵
  PID:6416
- C:\Windows\System\QSsMQcX.exe
  C:\Windows\System\QSsMQcX.exe
  2⤵
  PID:6484
- C:\Windows\System\MLZPNai.exe
  C:\Windows\System\MLZPNai.exe
  2⤵
  PID:6592
- C:\Windows\System\kfptzCx.exe
  C:\Windows\System\kfptzCx.exe
  2⤵
  PID:6448
- C:\Windows\System\CWEwdQr.exe
  C:\Windows\System\CWEwdQr.exe
  2⤵
  PID:6704
- C:\Windows\System\idUdaXX.exe
  C:\Windows\System\idUdaXX.exe
  2⤵
  PID:6788
- C:\Windows\System\ZGYokag.exe
  C:\Windows\System\ZGYokag.exe
  2⤵
  PID:6892
- C:\Windows\System\ddcQCIc.exe
  C:\Windows\System\ddcQCIc.exe
  2⤵
  PID:7056
- C:\Windows\System\uvxNbiu.exe
  C:\Windows\System\uvxNbiu.exe
  2⤵
  PID:7136
- C:\Windows\System\qntybuN.exe
  C:\Windows\System\qntybuN.exe
  2⤵
  PID:6976
- C:\Windows\System\QDrpNRd.exe
  C:\Windows\System\QDrpNRd.exe
  2⤵
  PID:6956
- C:\Windows\System\JydqBxq.exe
  C:\Windows\System\JydqBxq.exe
  2⤵
  PID:5584
- C:\Windows\System\gIaCroy.exe
  C:\Windows\System\gIaCroy.exe
  2⤵
  PID:7008
- C:\Windows\System\EEWUdHK.exe
  C:\Windows\System\EEWUdHK.exe
  2⤵
  PID:3160
- C:\Windows\System\cKJRHGJ.exe
  C:\Windows\System\cKJRHGJ.exe
  2⤵
  PID:6660
- C:\Windows\System\oxMCLrF.exe
  C:\Windows\System\oxMCLrF.exe
  2⤵
  PID:6400
- C:\Windows\System\GcjzLVw.exe
  C:\Windows\System\GcjzLVw.exe
  2⤵
  PID:6564
- C:\Windows\System\roYUCzI.exe
  C:\Windows\System\roYUCzI.exe
  2⤵
  PID:6756
- C:\Windows\System\aUPqOAY.exe
  C:\Windows\System\aUPqOAY.exe
  2⤵
  PID:6772
- C:\Windows\System\YfLYpUJ.exe
  C:\Windows\System\YfLYpUJ.exe
  2⤵
  PID:6804
- C:\Windows\System\ZNJfbDY.exe
  C:\Windows\System\ZNJfbDY.exe
  2⤵
  PID:7108
- C:\Windows\System\MDNbMMd.exe
  C:\Windows\System\MDNbMMd.exe
  2⤵
  PID:5636
- C:\Windows\System\igOyHeL.exe
  C:\Windows\System\igOyHeL.exe
  2⤵
  PID:6244
- C:\Windows\System\Flykjqy.exe
  C:\Windows\System\Flykjqy.exe
  2⤵
  PID:6332
- C:\Windows\System\ouxiGRE.exe
  C:\Windows\System\ouxiGRE.exe
  2⤵
  PID:6420
- C:\Windows\System\bGmWlPc.exe
  C:\Windows\System\bGmWlPc.exe
  2⤵
  PID:6464
- C:\Windows\System\zedikhy.exe
  C:\Windows\System\zedikhy.exe
  2⤵
  PID:5400
- C:\Windows\System\HMmcXiW.exe
  C:\Windows\System\HMmcXiW.exe
  2⤵
  PID:6856
- C:\Windows\System\tuzOzgp.exe
  C:\Windows\System\tuzOzgp.exe
  2⤵
  PID:6924
- C:\Windows\System\heqhISf.exe
  C:\Windows\System\heqhISf.exe
  2⤵
  PID:6436
- C:\Windows\System\MtHnEKg.exe
  C:\Windows\System\MtHnEKg.exe
  2⤵
  PID:6108
- C:\Windows\System\YdHYOhA.exe
  C:\Windows\System\YdHYOhA.exe
  2⤵
  PID:3812
- C:\Windows\System\LQXgaBp.exe
  C:\Windows\System\LQXgaBp.exe
  2⤵
  PID:6840
- C:\Windows\System\NGJRuaJ.exe
  C:\Windows\System\NGJRuaJ.exe
  2⤵
  PID:7180
- C:\Windows\System\mkRaSbH.exe
  C:\Windows\System\mkRaSbH.exe
  2⤵
  PID:7204
- C:\Windows\System\WXrDkDB.exe
  C:\Windows\System\WXrDkDB.exe
  2⤵
  PID:7220
- C:\Windows\System\ewetBSJ.exe
  C:\Windows\System\ewetBSJ.exe
  2⤵
  PID:7244
- C:\Windows\System\nySFTxe.exe
  C:\Windows\System\nySFTxe.exe
  2⤵
  PID:7260
- C:\Windows\System\xzimqiA.exe
  C:\Windows\System\xzimqiA.exe
  2⤵
  PID:7284
- C:\Windows\System\WvsgmcR.exe
  C:\Windows\System\WvsgmcR.exe
  2⤵
  PID:7300
- C:\Windows\System\ZOUgcsq.exe
  C:\Windows\System\ZOUgcsq.exe
  2⤵
  PID:7316
- C:\Windows\System\gKyBqRd.exe
  C:\Windows\System\gKyBqRd.exe
  2⤵
  PID:7336
- C:\Windows\System\BsZSzZo.exe
  C:\Windows\System\BsZSzZo.exe
  2⤵
  PID:7356
- C:\Windows\System\AaIIMJC.exe
  C:\Windows\System\AaIIMJC.exe
  2⤵
  PID:7376
- C:\Windows\System\QprdvDA.exe
  C:\Windows\System\QprdvDA.exe
  2⤵
  PID:7400
- C:\Windows\System\fYmBWHH.exe
  C:\Windows\System\fYmBWHH.exe
  2⤵
  PID:7416
- C:\Windows\System\vqQksEg.exe
  C:\Windows\System\vqQksEg.exe
  2⤵
  PID:7440
- C:\Windows\System\TQZhoIf.exe
  C:\Windows\System\TQZhoIf.exe
  2⤵
  PID:7460
- C:\Windows\System\ehyLHsb.exe
  C:\Windows\System\ehyLHsb.exe
  2⤵
  PID:7508
- C:\Windows\System\FIJeaAE.exe
  C:\Windows\System\FIJeaAE.exe
  2⤵
  PID:7544
- C:\Windows\System\NNwdhRo.exe
  C:\Windows\System\NNwdhRo.exe
  2⤵
  PID:7560
- C:\Windows\System\zLcscWc.exe
  C:\Windows\System\zLcscWc.exe
  2⤵
  PID:7576
- C:\Windows\System\gxQvOSK.exe
  C:\Windows\System\gxQvOSK.exe
  2⤵
  PID:7760
- C:\Windows\System\isEcLvg.exe
  C:\Windows\System\isEcLvg.exe
  2⤵
  PID:7868
- C:\Windows\System\TPHXrkx.exe
  C:\Windows\System\TPHXrkx.exe
  2⤵
  PID:7884
- C:\Windows\System\OXOgpru.exe
  C:\Windows\System\OXOgpru.exe
  2⤵
  PID:7900
- C:\Windows\System\vEEgAik.exe
  C:\Windows\System\vEEgAik.exe
  2⤵
  PID:7916
- C:\Windows\System\VGnXiDi.exe
  C:\Windows\System\VGnXiDi.exe
  2⤵
  PID:7932
- C:\Windows\System\zPqrLSz.exe
  C:\Windows\System\zPqrLSz.exe
  2⤵
  PID:7948
- C:\Windows\System\msXcHnr.exe
  C:\Windows\System\msXcHnr.exe
  2⤵
  PID:7964
- C:\Windows\System\BcajMQh.exe
  C:\Windows\System\BcajMQh.exe
  2⤵
  PID:7980
- C:\Windows\System\GOoxFoa.exe
  C:\Windows\System\GOoxFoa.exe
  2⤵
  PID:7996
- C:\Windows\System\oGaPYwR.exe
  C:\Windows\System\oGaPYwR.exe
  2⤵
  PID:8012
- C:\Windows\System\ceMixRh.exe
  C:\Windows\System\ceMixRh.exe
  2⤵
  PID:8028
- C:\Windows\System\DyGLrBg.exe
  C:\Windows\System\DyGLrBg.exe
  2⤵
  PID:8044
- C:\Windows\System\wwdWoZv.exe
  C:\Windows\System\wwdWoZv.exe
  2⤵
  PID:8060
- C:\Windows\System\qyLFXto.exe
  C:\Windows\System\qyLFXto.exe
  2⤵
  PID:8076
- C:\Windows\System\ntkafbM.exe
  C:\Windows\System\ntkafbM.exe
  2⤵
  PID:8092
- C:\Windows\System\iEJrqpq.exe
  C:\Windows\System\iEJrqpq.exe
  2⤵
  PID:8108
- C:\Windows\System\VgcOfYV.exe
  C:\Windows\System\VgcOfYV.exe
  2⤵
  PID:8124
- C:\Windows\System\YwLrZvy.exe
  C:\Windows\System\YwLrZvy.exe
  2⤵
  PID:8140
- C:\Windows\System\cmQQeOV.exe
  C:\Windows\System\cmQQeOV.exe
  2⤵
  PID:8156
- C:\Windows\System\LifYjyV.exe
  C:\Windows\System\LifYjyV.exe
  2⤵
  PID:8172
- C:\Windows\System\KtGIVIE.exe
  C:\Windows\System\KtGIVIE.exe
  2⤵
  PID:8188
- C:\Windows\System\dXyIrMj.exe
  C:\Windows\System\dXyIrMj.exe
  2⤵
  PID:7036
- C:\Windows\System\wcIXCnR.exe
  C:\Windows\System\wcIXCnR.exe
  2⤵
  PID:7252
- C:\Windows\System\bgDTwKD.exe
  C:\Windows\System\bgDTwKD.exe
  2⤵
  PID:7324
- C:\Windows\System\JTXAVhD.exe
  C:\Windows\System\JTXAVhD.exe
  2⤵
  PID:7308
- C:\Windows\System\egTkrUp.exe
  C:\Windows\System\egTkrUp.exe
  2⤵
  PID:7312
- C:\Windows\System\gBcieca.exe
  C:\Windows\System\gBcieca.exe
  2⤵
  PID:7188
- C:\Windows\System\ghQlwPt.exe
  C:\Windows\System\ghQlwPt.exe
  2⤵
  PID:7228
- C:\Windows\System\AaelCss.exe
  C:\Windows\System\AaelCss.exe
  2⤵
  PID:7268
- C:\Windows\System\myTilar.exe
  C:\Windows\System\myTilar.exe
  2⤵
  PID:7344
- C:\Windows\System\PPbvUUH.exe
  C:\Windows\System\PPbvUUH.exe
  2⤵
  PID:7368
- C:\Windows\System\QQsXNMs.exe
  C:\Windows\System\QQsXNMs.exe
  2⤵
  PID:7408
- C:\Windows\System\DBKjTBl.exe
  C:\Windows\System\DBKjTBl.exe
  2⤵
  PID:7424
- C:\Windows\System\ZjImOYP.exe
  C:\Windows\System\ZjImOYP.exe
  2⤵
  PID:6452
- C:\Windows\System\qItigrQ.exe
  C:\Windows\System\qItigrQ.exe
  2⤵
  PID:7456
- C:\Windows\System\wsWnaNA.exe
  C:\Windows\System\wsWnaNA.exe
  2⤵
  PID:7520
- C:\Windows\System\fTABysy.exe
  C:\Windows\System\fTABysy.exe
  2⤵
  PID:7568
- C:\Windows\System\fVCbUfO.exe
  C:\Windows\System\fVCbUfO.exe
  2⤵
  PID:7496
- C:\Windows\System\bUXPcQx.exe
  C:\Windows\System\bUXPcQx.exe
  2⤵
  PID:7500
- C:\Windows\System\mlVeUvH.exe
  C:\Windows\System\mlVeUvH.exe
  2⤵
  PID:7592
- C:\Windows\System\gcVTugC.exe
  C:\Windows\System\gcVTugC.exe
  2⤵
  PID:7608
- C:\Windows\System\meCDsnz.exe
  C:\Windows\System\meCDsnz.exe
  2⤵
  PID:7628
- C:\Windows\System\knivitC.exe
  C:\Windows\System\knivitC.exe
  2⤵
  PID:7640
- C:\Windows\System\TbWnUWv.exe
  C:\Windows\System\TbWnUWv.exe
  2⤵
  PID:7660
- C:\Windows\System\exzjwtP.exe
  C:\Windows\System\exzjwtP.exe
  2⤵
  PID:7676
- C:\Windows\System\nOpMkVd.exe
  C:\Windows\System\nOpMkVd.exe
  2⤵
  PID:7692
- C:\Windows\System\MUtCglB.exe
  C:\Windows\System\MUtCglB.exe
  2⤵
  PID:7716
- C:\Windows\System\ZdPqlCA.exe
  C:\Windows\System\ZdPqlCA.exe
  2⤵
  PID:7736
- C:\Windows\System\nGcmqcH.exe
  C:\Windows\System\nGcmqcH.exe
  2⤵
  PID:7744
- C:\Windows\System\dCOghhs.exe
  C:\Windows\System\dCOghhs.exe
  2⤵
  PID:7896
- C:\Windows\System\farIRlS.exe
  C:\Windows\System\farIRlS.exe
  2⤵
  PID:7876
- C:\Windows\System\CKDKgdP.exe
  C:\Windows\System\CKDKgdP.exe
  2⤵
  PID:7880
- C:\Windows\System\WXPRjKk.exe
  C:\Windows\System\WXPRjKk.exe
  2⤵
  PID:7944
- C:\Windows\System\rfkkDuc.exe
  C:\Windows\System\rfkkDuc.exe
  2⤵
  PID:8008
- C:\Windows\System\MIsEHQT.exe
  C:\Windows\System\MIsEHQT.exe
  2⤵
  PID:8116
- C:\Windows\System\VCpRrjU.exe
  C:\Windows\System\VCpRrjU.exe
  2⤵
  PID:8152
- C:\Windows\System\ProLXuK.exe
  C:\Windows\System\ProLXuK.exe
  2⤵
  PID:8136
- C:\Windows\System\AwRUgdc.exe
  C:\Windows\System\AwRUgdc.exe
  2⤵
  PID:7176
- C:\Windows\System\gbKYgqV.exe
  C:\Windows\System\gbKYgqV.exe
  2⤵
  PID:7212
- C:\Windows\System\KESODuA.exe
  C:\Windows\System\KESODuA.exe
  2⤵
  PID:7000
- C:\Windows\System\DSpmgTP.exe
  C:\Windows\System\DSpmgTP.exe
  2⤵
  PID:7296
- C:\Windows\System\PdGQTar.exe
  C:\Windows\System\PdGQTar.exe
  2⤵
  PID:7196
- C:\Windows\System\dafVzuz.exe
  C:\Windows\System\dafVzuz.exe
  2⤵
  PID:7364
- C:\Windows\System\lSHQPXy.exe
  C:\Windows\System\lSHQPXy.exe
  2⤵
  PID:7392
- C:\Windows\System\KpPJkbk.exe
  C:\Windows\System\KpPJkbk.exe
  2⤵
  PID:7516
- C:\Windows\System\rHvKQUY.exe
  C:\Windows\System\rHvKQUY.exe
  2⤵
  PID:7484
- C:\Windows\System\VgDlceU.exe
  C:\Windows\System\VgDlceU.exe
  2⤵
  PID:7620
- C:\Windows\System\jaXbKKO.exe
  C:\Windows\System\jaXbKKO.exe
  2⤵
  PID:7604
- C:\Windows\System\dppofrF.exe
  C:\Windows\System\dppofrF.exe
  2⤵
  PID:7700
- C:\Windows\System\DqQrgZs.exe
  C:\Windows\System\DqQrgZs.exe
  2⤵
  PID:7644
- C:\Windows\System\jSlGLeY.exe
  C:\Windows\System\jSlGLeY.exe
  2⤵
  PID:7772
- C:\Windows\System\noqqnwZ.exe
  C:\Windows\System\noqqnwZ.exe
  2⤵
  PID:7732
- C:\Windows\System\BhpuXiG.exe
  C:\Windows\System\BhpuXiG.exe
  2⤵
  PID:7756
- C:\Windows\System\VmzpPdV.exe
  C:\Windows\System\VmzpPdV.exe
  2⤵
  PID:7788
- C:\Windows\System\TpxjSKh.exe
  C:\Windows\System\TpxjSKh.exe
  2⤵
  PID:7780
- C:\Windows\System\BOkLkdF.exe
  C:\Windows\System\BOkLkdF.exe
  2⤵
  PID:7820
- C:\Windows\System\qDRrJqM.exe
  C:\Windows\System\qDRrJqM.exe
  2⤵
  PID:7832
- C:\Windows\System\kaZoUWF.exe
  C:\Windows\System\kaZoUWF.exe
  2⤵
  PID:7848
- C:\Windows\System\gomaPgk.exe
  C:\Windows\System\gomaPgk.exe
  2⤵
  PID:7860
- C:\Windows\System\UQgGHtF.exe
  C:\Windows\System\UQgGHtF.exe
  2⤵
  PID:7908
- C:\Windows\System\TyKjhKx.exe
  C:\Windows\System\TyKjhKx.exe
  2⤵
  PID:8024
- C:\Windows\System\ZsUYWbx.exe
  C:\Windows\System\ZsUYWbx.exe
  2⤵
  PID:8068
- C:\Windows\System\jbuhwGi.exe
  C:\Windows\System\jbuhwGi.exe
  2⤵
  PID:8004
- C:\Windows\System\ZxnXcYz.exe
  C:\Windows\System\ZxnXcYz.exe
  2⤵
  PID:6996
- C:\Windows\System\sdmkmVh.exe
  C:\Windows\System\sdmkmVh.exe
  2⤵
  PID:7388
- C:\Windows\System\CqNQTdd.exe
  C:\Windows\System\CqNQTdd.exe
  2⤵
  PID:8104
- C:\Windows\System\RXeCTEh.exe
  C:\Windows\System\RXeCTEh.exe
  2⤵
  PID:7240
- C:\Windows\System\ZtqXCou.exe
  C:\Windows\System\ZtqXCou.exe
  2⤵
  PID:7468
- C:\Windows\System\OzJdvcz.exe
  C:\Windows\System\OzJdvcz.exe
  2⤵
  PID:8184
- C:\Windows\System\BIbBDpK.exe
  C:\Windows\System\BIbBDpK.exe
  2⤵
  PID:7396
- C:\Windows\System\JcqDfnN.exe
  C:\Windows\System\JcqDfnN.exe
  2⤵
  PID:7708
- C:\Windows\System\CaPwQjZ.exe
  C:\Windows\System\CaPwQjZ.exe
  2⤵
  PID:7824
- C:\Windows\System\vJoFCBp.exe
  C:\Windows\System\vJoFCBp.exe
  2⤵
  PID:7852
- C:\Windows\System\zDUpWht.exe
  C:\Windows\System\zDUpWht.exe
  2⤵
  PID:7616
- C:\Windows\System\UoBtfMP.exe
  C:\Windows\System\UoBtfMP.exe
  2⤵
  PID:8056
- C:\Windows\System\IAPtyet.exe
  C:\Windows\System\IAPtyet.exe
  2⤵
  PID:7940
- C:\Windows\System\ZLnkogs.exe
  C:\Windows\System\ZLnkogs.exe
  2⤵
  PID:8148
- C:\Windows\System\dcKUZTA.exe
  C:\Windows\System\dcKUZTA.exe
  2⤵
  PID:8132
- C:\Windows\System\DvVXeVi.exe
  C:\Windows\System\DvVXeVi.exe
  2⤵
  PID:7796
- C:\Windows\System\oytNFmA.exe
  C:\Windows\System\oytNFmA.exe
  2⤵
  PID:7280
- C:\Windows\System\ytVQiUu.exe
  C:\Windows\System\ytVQiUu.exe
  2⤵
  PID:8208
- C:\Windows\System\XCRSyEJ.exe
  C:\Windows\System\XCRSyEJ.exe
  2⤵
  PID:8224
- C:\Windows\System\KXSlqdV.exe
  C:\Windows\System\KXSlqdV.exe
  2⤵
  PID:8240
- C:\Windows\System\lKHUGkO.exe
  C:\Windows\System\lKHUGkO.exe
  2⤵
  PID:8264
- C:\Windows\System\APCdljQ.exe
  C:\Windows\System\APCdljQ.exe
  2⤵
  PID:8284
- C:\Windows\System\yZDazXz.exe
  C:\Windows\System\yZDazXz.exe
  2⤵
  PID:8300
- C:\Windows\System\jevmBrX.exe
  C:\Windows\System\jevmBrX.exe
  2⤵
  PID:8316
- C:\Windows\System\faHzsRM.exe
  C:\Windows\System\faHzsRM.exe
  2⤵
  PID:8344
- C:\Windows\System\lKNjSUO.exe
  C:\Windows\System\lKNjSUO.exe
  2⤵
  PID:8364
- C:\Windows\System\nDbnnxV.exe
  C:\Windows\System\nDbnnxV.exe
  2⤵
  PID:8380
- C:\Windows\System\EKizcxm.exe
  C:\Windows\System\EKizcxm.exe
  2⤵
  PID:8396
- C:\Windows\System\ikimCaN.exe
  C:\Windows\System\ikimCaN.exe
  2⤵
  PID:8524
- C:\Windows\System\MyodkRz.exe
  C:\Windows\System\MyodkRz.exe
  2⤵
  PID:8544
- C:\Windows\System\HSKQPXG.exe
  C:\Windows\System\HSKQPXG.exe
  2⤵
  PID:8592
- C:\Windows\System\Alzxmca.exe
  C:\Windows\System\Alzxmca.exe
  2⤵
  PID:8644
- C:\Windows\System\TQXgXMG.exe
  C:\Windows\System\TQXgXMG.exe
  2⤵
  PID:8660
- C:\Windows\System\LCzfNPl.exe
  C:\Windows\System\LCzfNPl.exe
  2⤵
  PID:8676
- C:\Windows\System\UqMmwHC.exe
  C:\Windows\System\UqMmwHC.exe
  2⤵
  PID:8692
- C:\Windows\System\aMwOTDh.exe
  C:\Windows\System\aMwOTDh.exe
  2⤵
  PID:8708
- C:\Windows\System\bRacaiF.exe
  C:\Windows\System\bRacaiF.exe
  2⤵
  PID:8724
- C:\Windows\System\QauiezP.exe
  C:\Windows\System\QauiezP.exe
  2⤵
  PID:8740
- C:\Windows\System\qnxnJSC.exe
  C:\Windows\System\qnxnJSC.exe
  2⤵
  PID:8756
- C:\Windows\System\BmsXitu.exe
  C:\Windows\System\BmsXitu.exe
  2⤵
  PID:8772
- C:\Windows\System\qaLVSlP.exe
  C:\Windows\System\qaLVSlP.exe
  2⤵
  PID:8788
- C:\Windows\System\cqERbGe.exe
  C:\Windows\System\cqERbGe.exe
  2⤵
  PID:8804
- C:\Windows\System\OUddbYA.exe
  C:\Windows\System\OUddbYA.exe
  2⤵
  PID:8820
- C:\Windows\System\JmxfbeH.exe
  C:\Windows\System\JmxfbeH.exe
  2⤵
  PID:8836
- C:\Windows\System\RmJoBkg.exe
  C:\Windows\System\RmJoBkg.exe
  2⤵
  PID:8852
- C:\Windows\System\TUbmggn.exe
  C:\Windows\System\TUbmggn.exe
  2⤵
  PID:8868
- C:\Windows\System\ABSPtYc.exe
  C:\Windows\System\ABSPtYc.exe
  2⤵
  PID:8884
- C:\Windows\System\IsmLaDR.exe
  C:\Windows\System\IsmLaDR.exe
  2⤵
  PID:9092
- C:\Windows\System\TAKsqpH.exe
  C:\Windows\System\TAKsqpH.exe
  2⤵
  PID:9120
- C:\Windows\System\OWVInyF.exe
  C:\Windows\System\OWVInyF.exe
  2⤵
  PID:9136
- C:\Windows\System\EPbDLzl.exe
  C:\Windows\System\EPbDLzl.exe
  2⤵
  PID:9168
- C:\Windows\System\bVzcKZf.exe
  C:\Windows\System\bVzcKZf.exe
  2⤵
  PID:9184
- C:\Windows\System\TahkzYq.exe
  C:\Windows\System\TahkzYq.exe
  2⤵
  PID:9200
- C:\Windows\System\xHWbYiW.exe
  C:\Windows\System\xHWbYiW.exe
  2⤵
  PID:7472
- C:\Windows\System\MnUdrZN.exe
  C:\Windows\System\MnUdrZN.exe
  2⤵
  PID:7812
- C:\Windows\System\HTewSVM.exe
  C:\Windows\System\HTewSVM.exe
  2⤵
  PID:7892
- C:\Windows\System\DvjUrGS.exe
  C:\Windows\System\DvjUrGS.exe
  2⤵
  PID:6384
- C:\Windows\System\OdUrRru.exe
  C:\Windows\System\OdUrRru.exe
  2⤵
  PID:8220
- C:\Windows\System\XptzmJx.exe
  C:\Windows\System\XptzmJx.exe
  2⤵
  PID:8196
- C:\Windows\System\npTgfdW.exe
  C:\Windows\System\npTgfdW.exe
  2⤵
  PID:8292
- C:\Windows\System\UqsDXpS.exe
  C:\Windows\System\UqsDXpS.exe
  2⤵
  PID:8272
- C:\Windows\System\aPkmqil.exe
  C:\Windows\System\aPkmqil.exe
  2⤵
  PID:8312
- C:\Windows\System\YdZsCEN.exe
  C:\Windows\System\YdZsCEN.exe
  2⤵
  PID:8376
- C:\Windows\System\anJysDa.exe
  C:\Windows\System\anJysDa.exe
  2⤵
  PID:8416
- C:\Windows\System\qscQQoI.exe
  C:\Windows\System\qscQQoI.exe
  2⤵
  PID:8428
- C:\Windows\System\sCOAMly.exe
  C:\Windows\System\sCOAMly.exe
  2⤵
  PID:8448
- C:\Windows\System\jkGxSUx.exe
  C:\Windows\System\jkGxSUx.exe
  2⤵
  PID:8464
- C:\Windows\System\gIXElZp.exe
  C:\Windows\System\gIXElZp.exe
  2⤵
  PID:8480
- C:\Windows\System\QIhNPuJ.exe
  C:\Windows\System\QIhNPuJ.exe
  2⤵
  PID:8500
- C:\Windows\System\nePGXOz.exe
  C:\Windows\System\nePGXOz.exe
  2⤵
  PID:8520
- C:\Windows\System\ryKhsio.exe
  C:\Windows\System\ryKhsio.exe
  2⤵
  PID:8552
- C:\Windows\System\KbQsWPs.exe
  C:\Windows\System\KbQsWPs.exe
  2⤵
  PID:8572
- C:\Windows\System\QSqQNpk.exe
  C:\Windows\System\QSqQNpk.exe
  2⤵
  PID:8600
- C:\Windows\System\NGxvqKD.exe
  C:\Windows\System\NGxvqKD.exe
  2⤵
  PID:8624
- C:\Windows\System\PYmqheO.exe
  C:\Windows\System\PYmqheO.exe
  2⤵
  PID:8656
- C:\Windows\System\kznpykn.exe
  C:\Windows\System\kznpykn.exe
  2⤵
  PID:8716
- C:\Windows\System\LHlysCj.exe
  C:\Windows\System\LHlysCj.exe
  2⤵
  PID:8780
- C:\Windows\System\oBqyLMf.exe
  C:\Windows\System\oBqyLMf.exe
  2⤵
  PID:8732
- C:\Windows\System\IrPYHlv.exe
  C:\Windows\System\IrPYHlv.exe
  2⤵
  PID:8668
- C:\Windows\System\oVOqvZa.exe
  C:\Windows\System\oVOqvZa.exe
  2⤵
  PID:8736
- C:\Windows\System\hUpznCb.exe
  C:\Windows\System\hUpznCb.exe
  2⤵
  PID:8860
- C:\Windows\System\yZBNLbG.exe
  C:\Windows\System\yZBNLbG.exe
  2⤵
  PID:8256
- C:\Windows\System\cUdISOf.exe
  C:\Windows\System\cUdISOf.exe
  2⤵
  PID:8340
- C:\Windows\System\mXZCHOO.exe
  C:\Windows\System\mXZCHOO.exe
  2⤵
  PID:8904
- C:\Windows\System\WBzJfSi.exe
  C:\Windows\System\WBzJfSi.exe
  2⤵
  PID:8920
- C:\Windows\System\kAQNrQB.exe
  C:\Windows\System\kAQNrQB.exe
  2⤵
  PID:8960
- C:\Windows\System\ktzkDyM.exe
  C:\Windows\System\ktzkDyM.exe
  2⤵
  PID:8976
- C:\Windows\System\jDlRBjo.exe
  C:\Windows\System\jDlRBjo.exe
  2⤵
  PID:8992
- C:\Windows\System\zYVICZb.exe
  C:\Windows\System\zYVICZb.exe
  2⤵
  PID:9020
- C:\Windows\System\OwmuNCv.exe
  C:\Windows\System\OwmuNCv.exe
  2⤵
  PID:9036
- C:\Windows\System\YbZLFyV.exe
  C:\Windows\System\YbZLFyV.exe
  2⤵
  PID:9052
- C:\Windows\System\dJjfcKA.exe
  C:\Windows\System\dJjfcKA.exe
  2⤵
  PID:9068
- C:\Windows\System\VNZdXWy.exe
  C:\Windows\System\VNZdXWy.exe
  2⤵
  PID:9112
- C:\Windows\System\daVPDAb.exe
  C:\Windows\System\daVPDAb.exe
  2⤵
  PID:9156
- C:\Windows\System\PEksyJx.exe
  C:\Windows\System\PEksyJx.exe
  2⤵
  PID:9084
- C:\Windows\System\ZDMDlsF.exe
  C:\Windows\System\ZDMDlsF.exe
  2⤵
  PID:8232
- C:\Windows\System\JPFODht.exe
  C:\Windows\System\JPFODht.exe
  2⤵
  PID:9128
- C:\Windows\System\WmuzLcD.exe
  C:\Windows\System\WmuzLcD.exe
  2⤵
  PID:8408
- C:\Windows\System\BdGBErh.exe
  C:\Windows\System\BdGBErh.exe
  2⤵
  PID:8356
- C:\Windows\System\GqfMmCp.exe
  C:\Windows\System\GqfMmCp.exe
  2⤵
  PID:7976
- C:\Windows\System\gJvmqWX.exe
  C:\Windows\System\gJvmqWX.exe
  2⤵
  PID:9212
- C:\Windows\System\lVBRzlQ.exe
  C:\Windows\System\lVBRzlQ.exe
  2⤵
  PID:8476
- C:\Windows\System\DjAMtnA.exe
  C:\Windows\System\DjAMtnA.exe
  2⤵
  PID:8564
- C:\Windows\System\BBjbaDb.exe
  C:\Windows\System\BBjbaDb.exe
  2⤵
  PID:8540
- C:\Windows\System\elNdPhO.exe
  C:\Windows\System\elNdPhO.exe
  2⤵
  PID:7276
- C:\Windows\System\SsTntAT.exe
  C:\Windows\System\SsTntAT.exe
  2⤵
  PID:8612
- C:\Windows\System\seixJwF.exe
  C:\Windows\System\seixJwF.exe
  2⤵
  PID:8620
- C:\Windows\System\UwztKWg.exe
  C:\Windows\System\UwztKWg.exe
  2⤵
  PID:8812
- C:\Windows\System\XvzOrVC.exe
  C:\Windows\System\XvzOrVC.exe
  2⤵
  PID:8848
- C:\Windows\System\IsYgbHh.exe
  C:\Windows\System\IsYgbHh.exe
  2⤵
  PID:8828
- C:\Windows\System\YUgzhYh.exe
  C:\Windows\System\YUgzhYh.exe
  2⤵
  PID:8800
- C:\Windows\System\rQyapxJ.exe
  C:\Windows\System\rQyapxJ.exe
  2⤵
  PID:7216
- C:\Windows\System\Qhrkwpf.exe
  C:\Windows\System\Qhrkwpf.exe
  2⤵
  PID:8968
- C:\Windows\System\ChRSMOS.exe
  C:\Windows\System\ChRSMOS.exe
  2⤵
  PID:8948
- C:\Windows\System\MBclkih.exe
  C:\Windows\System\MBclkih.exe
  2⤵
  PID:8252
- C:\Windows\System\gCPsKsK.exe
  C:\Windows\System\gCPsKsK.exe
  2⤵
  PID:8640
- C:\Windows\System\CKfgjPh.exe
  C:\Windows\System\CKfgjPh.exe
  2⤵
  PID:8796
- C:\Windows\System\BsVwmYt.exe
  C:\Windows\System\BsVwmYt.exe
  2⤵
  PID:8532
- C:\Windows\System\xCMIXAf.exe
  C:\Windows\System\xCMIXAf.exe
  2⤵
  PID:8280
- C:\Windows\System\nApecGj.exe
  C:\Windows\System\nApecGj.exe
  2⤵
  PID:8688
- C:\Windows\System\VTcxUBB.exe
  C:\Windows\System\VTcxUBB.exe
  2⤵
  PID:9104
- C:\Windows\System\gYatpnh.exe
  C:\Windows\System\gYatpnh.exe
  2⤵
  PID:9000
- C:\Windows\System\KLiTfRh.exe
  C:\Windows\System\KLiTfRh.exe
  2⤵
  PID:9048
- C:\Windows\System\EfHZktQ.exe
  C:\Windows\System\EfHZktQ.exe
  2⤵
  PID:9076
- C:\Windows\System\GtOzAtw.exe
  C:\Windows\System\GtOzAtw.exe
  2⤵
  PID:8360
- C:\Windows\System\QlrRAvQ.exe
  C:\Windows\System\QlrRAvQ.exe
  2⤵
  PID:9192
- C:\Windows\System\lEBrfHq.exe
  C:\Windows\System\lEBrfHq.exe
  2⤵
  PID:6872
- C:\Windows\System\hrFoyeJ.exe
  C:\Windows\System\hrFoyeJ.exe
  2⤵
  PID:8204
- C:\Windows\System\DumJFiE.exe
  C:\Windows\System\DumJFiE.exe
  2⤵
  PID:7652
- C:\Windows\System\mZkxNax.exe
  C:\Windows\System\mZkxNax.exe
  2⤵
  PID:8488
- C:\Windows\System\BLoizIR.exe
  C:\Windows\System\BLoizIR.exe
  2⤵
  PID:8216
- C:\Windows\System\ZKPRiWn.exe
  C:\Windows\System\ZKPRiWn.exe
  2⤵
  PID:8720
- C:\Windows\System\epniJXW.exe
  C:\Windows\System\epniJXW.exe
  2⤵
  PID:8912
- C:\Windows\System\MoTopVt.exe
  C:\Windows\System\MoTopVt.exe
  2⤵
  PID:9180
- C:\Windows\System\WZlwBez.exe
  C:\Windows\System\WZlwBez.exe
  2⤵
  PID:8880
- C:\Windows\System\rhAvftK.exe
  C:\Windows\System\rhAvftK.exe
  2⤵
  PID:9072
- C:\Windows\System\uivgFlG.exe
  C:\Windows\System\uivgFlG.exe
  2⤵
  PID:8248
- C:\Windows\System\lMikPaL.exe
  C:\Windows\System\lMikPaL.exe
  2⤵
  PID:8556
- C:\Windows\System\kQFbjtG.exe
  C:\Windows\System\kQFbjtG.exe
  2⤵
  PID:7668
- C:\Windows\System\tIYXyHN.exe
  C:\Windows\System\tIYXyHN.exe
  2⤵
  PID:7536
- C:\Windows\System\QaKNCXa.exe
  C:\Windows\System\QaKNCXa.exe
  2⤵
  PID:9220
- C:\Windows\System\TKesYSk.exe
  C:\Windows\System\TKesYSk.exe
  2⤵
  PID:9236
- C:\Windows\System\JzGDSze.exe
  C:\Windows\System\JzGDSze.exe
  2⤵
  PID:9256
- C:\Windows\System\ujIgOiO.exe
  C:\Windows\System\ujIgOiO.exe
  2⤵
  PID:9272
- C:\Windows\System\hNnCWSB.exe
  C:\Windows\System\hNnCWSB.exe
  2⤵
  PID:9292
- C:\Windows\System\BuJccSE.exe
  C:\Windows\System\BuJccSE.exe
  2⤵
  PID:9308
- C:\Windows\System\ohucdaZ.exe
  C:\Windows\System\ohucdaZ.exe
  2⤵
  PID:9324
- C:\Windows\System\hdjJRCk.exe
  C:\Windows\System\hdjJRCk.exe
  2⤵
  PID:9340
- C:\Windows\System\qdTFNfT.exe
  C:\Windows\System\qdTFNfT.exe
  2⤵
  PID:9356
- C:\Windows\System\MOAVOWZ.exe
  C:\Windows\System\MOAVOWZ.exe
  2⤵
  PID:9372
- C:\Windows\System\EaGMGiO.exe
  C:\Windows\System\EaGMGiO.exe
  2⤵
  PID:9392
- C:\Windows\System\zlouEcM.exe
  C:\Windows\System\zlouEcM.exe
  2⤵
  PID:9408
- C:\Windows\System\bqkCqHf.exe
  C:\Windows\System\bqkCqHf.exe
  2⤵
  PID:9424
- C:\Windows\System\NMWYLsd.exe
  C:\Windows\System\NMWYLsd.exe
  2⤵
  PID:9440
- C:\Windows\System\gscvtNo.exe
  C:\Windows\System\gscvtNo.exe
  2⤵
  PID:9456
- C:\Windows\System\iyzdleT.exe
  C:\Windows\System\iyzdleT.exe
  2⤵
  PID:9480
- C:\Windows\System\LTLiwFY.exe
  C:\Windows\System\LTLiwFY.exe
  2⤵
  PID:9496
- C:\Windows\System\lVLKlIV.exe
  C:\Windows\System\lVLKlIV.exe
  2⤵
  PID:9540
- C:\Windows\System\ZcNNpbB.exe
  C:\Windows\System\ZcNNpbB.exe
  2⤵
  PID:9556
- C:\Windows\System\vEzhGao.exe
  C:\Windows\System\vEzhGao.exe
  2⤵
  PID:9572
- C:\Windows\System\qhryybH.exe
  C:\Windows\System\qhryybH.exe
  2⤵
  PID:9596
- C:\Windows\System\cgEuwgq.exe
  C:\Windows\System\cgEuwgq.exe
  2⤵
  PID:9716
- C:\Windows\System\zfggSYu.exe
  C:\Windows\System\zfggSYu.exe
  2⤵
  PID:9732
- C:\Windows\System\sdQUScF.exe
  C:\Windows\System\sdQUScF.exe
  2⤵
  PID:9748
- C:\Windows\System\fKyCixX.exe
  C:\Windows\System\fKyCixX.exe
  2⤵
  PID:9764
- C:\Windows\System\KPadeJN.exe
  C:\Windows\System\KPadeJN.exe
  2⤵
  PID:9780
- C:\Windows\System\qlOIubY.exe
  C:\Windows\System\qlOIubY.exe
  2⤵
  PID:9800
- C:\Windows\System\TIHrJJi.exe
  C:\Windows\System\TIHrJJi.exe
  2⤵
  PID:9832
- C:\Windows\System\OGItJbw.exe
  C:\Windows\System\OGItJbw.exe
  2⤵
  PID:9848
- C:\Windows\System\LbVfEWx.exe
  C:\Windows\System\LbVfEWx.exe
  2⤵
  PID:9868
- C:\Windows\System\DpgzeVx.exe
  C:\Windows\System\DpgzeVx.exe
  2⤵
  PID:9884
- C:\Windows\System\lAPlFVu.exe
  C:\Windows\System\lAPlFVu.exe
  2⤵
  PID:9904
- C:\Windows\System\TVzPFpO.exe
  C:\Windows\System\TVzPFpO.exe
  2⤵
  PID:9924
- C:\Windows\System\QjTqzEe.exe
  C:\Windows\System\QjTqzEe.exe
  2⤵
  PID:9960
- C:\Windows\System\qZFlqwT.exe
  C:\Windows\System\qZFlqwT.exe
  2⤵
  PID:9976
- C:\Windows\System\jIeVrOk.exe
  C:\Windows\System\jIeVrOk.exe
  2⤵
  PID:10008
- C:\Windows\System\IaVakXf.exe
  C:\Windows\System\IaVakXf.exe
  2⤵
  PID:10024
- C:\Windows\System\QhArppI.exe
  C:\Windows\System\QhArppI.exe
  2⤵
  PID:10040
- C:\Windows\System\JKdSDWc.exe
  C:\Windows\System\JKdSDWc.exe
  2⤵
  PID:10056
- C:\Windows\System\klziNqr.exe
  C:\Windows\System\klziNqr.exe
  2⤵
  PID:10072
- C:\Windows\System\mDkDveA.exe
  C:\Windows\System\mDkDveA.exe
  2⤵
  PID:10088
- C:\Windows\System\RBFarfn.exe
  C:\Windows\System\RBFarfn.exe
  2⤵
  PID:10104
- C:\Windows\System\xGraCHq.exe
  C:\Windows\System\xGraCHq.exe
  2⤵
  PID:10120
- C:\Windows\System\DWgEvYo.exe
  C:\Windows\System\DWgEvYo.exe
  2⤵
  PID:10136
- C:\Windows\System\PWlLYqY.exe
  C:\Windows\System\PWlLYqY.exe
  2⤵
  PID:10152
- C:\Windows\System\ARgeWza.exe
  C:\Windows\System\ARgeWza.exe
  2⤵
  PID:10168
- C:\Windows\System\sdUUybg.exe
  C:\Windows\System\sdUUybg.exe
  2⤵
  PID:10184
- C:\Windows\System\jLWdARc.exe
  C:\Windows\System\jLWdARc.exe
  2⤵
  PID:10200
- C:\Windows\System\bvnuaAv.exe
  C:\Windows\System\bvnuaAv.exe
  2⤵
  PID:9152
- C:\Windows\System\Pakkxfu.exe
  C:\Windows\System\Pakkxfu.exe
  2⤵
  PID:9264
- C:\Windows\System\AQYQAbY.exe
  C:\Windows\System\AQYQAbY.exe
  2⤵
  PID:9304
- C:\Windows\System\NeKWqer.exe
  C:\Windows\System\NeKWqer.exe
  2⤵
  PID:8816
- C:\Windows\System\JkNGBlE.exe
  C:\Windows\System\JkNGBlE.exe
  2⤵
  PID:9464
- C:\Windows\System\nummTes.exe
  C:\Windows\System\nummTes.exe
  2⤵
  PID:8952
- C:\Windows\System\iheEGuj.exe
  C:\Windows\System\iheEGuj.exe
  2⤵
  PID:8440
- C:\Windows\System\omTwQWK.exe
  C:\Windows\System\omTwQWK.exe
  2⤵
  PID:9248
- C:\Windows\System\usMZXsk.exe
  C:\Windows\System\usMZXsk.exe
  2⤵
  PID:9316
- C:\Windows\System\puoKtFb.exe
  C:\Windows\System\puoKtFb.exe
  2⤵
  PID:9380
- C:\Windows\System\AqrZySv.exe
  C:\Windows\System\AqrZySv.exe
  2⤵
  PID:9448
- C:\Windows\System\gYFZfAb.exe
  C:\Windows\System\gYFZfAb.exe
  2⤵
  PID:9488
- C:\Windows\System\hSdxbSY.exe
  C:\Windows\System\hSdxbSY.exe
  2⤵
  PID:9520
- C:\Windows\System\ygZggVH.exe
  C:\Windows\System\ygZggVH.exe
  2⤵
  PID:9524
- C:\Windows\System\xIVdWVp.exe
  C:\Windows\System\xIVdWVp.exe
  2⤵
  PID:9548
- C:\Windows\System\hDwRlCc.exe
  C:\Windows\System\hDwRlCc.exe
  2⤵
  PID:9580
- C:\Windows\System\vgCjgfW.exe
  C:\Windows\System\vgCjgfW.exe
  2⤵
  PID:9604
- C:\Windows\System\hDfbrqJ.exe
  C:\Windows\System\hDfbrqJ.exe
  2⤵
  PID:9620
- C:\Windows\System\rdBRJwP.exe
  C:\Windows\System\rdBRJwP.exe
  2⤵
  PID:9640
- C:\Windows\System\TcEQulx.exe
  C:\Windows\System\TcEQulx.exe
  2⤵
  PID:9728
- C:\Windows\System\KdByDhW.exe
  C:\Windows\System\KdByDhW.exe
  2⤵
  PID:9704
- C:\Windows\System\KdfXUNX.exe
  C:\Windows\System\KdfXUNX.exe
  2⤵
  PID:9912
- C:\Windows\System\tWgsJPl.exe
  C:\Windows\System\tWgsJPl.exe
  2⤵
  PID:9944
- C:\Windows\System\pkBnvef.exe
  C:\Windows\System\pkBnvef.exe
  2⤵
  PID:9936
- C:\Windows\System\TLefXIh.exe
  C:\Windows\System\TLefXIh.exe
  2⤵
  PID:10016
- C:\Windows\System\wbUFMuB.exe
  C:\Windows\System\wbUFMuB.exe
  2⤵
  PID:10048
- C:\Windows\System\XaxTWxm.exe
  C:\Windows\System\XaxTWxm.exe
  2⤵
  PID:10176
- C:\Windows\System\fGcWxXj.exe
  C:\Windows\System\fGcWxXj.exe
  2⤵
  PID:9300
- C:\Windows\System\wPwQFCx.exe
  C:\Windows\System\wPwQFCx.exe
  2⤵
  PID:9336
- C:\Windows\System\qGxMWek.exe
  C:\Windows\System\qGxMWek.exe
  2⤵
  PID:9368
- C:\Windows\System\pcdwXyf.exe
  C:\Windows\System\pcdwXyf.exe
  2⤵
  PID:9916
- C:\Windows\System\AViOlKf.exe
  C:\Windows\System\AViOlKf.exe
  2⤵
  PID:7840
- C:\Windows\System\OjLGlMQ.exe
  C:\Windows\System\OjLGlMQ.exe
  2⤵
  PID:9280
- C:\Windows\System\iDGylOf.exe
  C:\Windows\System\iDGylOf.exe
  2⤵
  PID:9504
- C:\Windows\System\aZCawQB.exe
  C:\Windows\System\aZCawQB.exe
  2⤵
  PID:9508
- C:\Windows\System\AauXaJd.exe
  C:\Windows\System\AauXaJd.exe
  2⤵
  PID:9532
- C:\Windows\System\MrrmHDT.exe
  C:\Windows\System\MrrmHDT.exe
  2⤵
  PID:9512
- C:\Windows\System\bDNMqbO.exe
  C:\Windows\System\bDNMqbO.exe
  2⤵
  PID:9616
- C:\Windows\System\wwDdCTy.exe
  C:\Windows\System\wwDdCTy.exe
  2⤵
  PID:9636
- C:\Windows\System\wOpKGKH.exe
  C:\Windows\System\wOpKGKH.exe
  2⤵
  PID:9676
- C:\Windows\System\IyxtqAP.exe
  C:\Windows\System\IyxtqAP.exe
  2⤵
  PID:9708
- C:\Windows\System\jtDOvOo.exe
  C:\Windows\System\jtDOvOo.exe
  2⤵
  PID:9684
- C:\Windows\System\XtHnfnl.exe
  C:\Windows\System\XtHnfnl.exe
  2⤵
  PID:9740
- C:\Windows\System\MOVAZhd.exe
  C:\Windows\System\MOVAZhd.exe
  2⤵
  PID:9896
- C:\Windows\System\ikdPODt.exe
  C:\Windows\System\ikdPODt.exe
  2⤵
  PID:9844
- C:\Windows\System\iESSyEM.exe
  C:\Windows\System\iESSyEM.exe
  2⤵
  PID:9796
- C:\Windows\System\WPrxIVs.exe
  C:\Windows\System\WPrxIVs.exe
  2⤵
  PID:9820
- C:\Windows\System\HNbrVHi.exe
  C:\Windows\System\HNbrVHi.exe
  2⤵
  PID:9788
- C:\Windows\System\lqTarBz.exe
  C:\Windows\System\lqTarBz.exe
  2⤵
  PID:9968
- C:\Windows\System\dpeRlGG.exe
  C:\Windows\System\dpeRlGG.exe
  2⤵
  PID:9952
- C:\Windows\System\GcqbMru.exe
  C:\Windows\System\GcqbMru.exe
  2⤵
  PID:10036
- C:\Windows\System\OvERTbz.exe
  C:\Windows\System\OvERTbz.exe
  2⤵
  PID:10112
- C:\Windows\System\lbHUzSK.exe
  C:\Windows\System\lbHUzSK.exe
  2⤵
  PID:10100
- C:\Windows\System\EzyXSEw.exe
  C:\Windows\System\EzyXSEw.exe
  2⤵
  PID:10160
- C:\Windows\System\xykpdwu.exe
  C:\Windows\System\xykpdwu.exe
  2⤵
  PID:10212
- C:\Windows\System\JhlENQV.exe
  C:\Windows\System\JhlENQV.exe
  2⤵
  PID:10096
- C:\Windows\System\Ndssald.exe
  C:\Windows\System\Ndssald.exe
  2⤵
  PID:10224
- C:\Windows\System\latFKUM.exe
  C:\Windows\System\latFKUM.exe
  2⤵
  PID:10232
- C:\Windows\System\GYdCCqW.exe
  C:\Windows\System\GYdCCqW.exe
  2⤵
  PID:9364
- C:\Windows\System\oGhAtPU.exe
  C:\Windows\System\oGhAtPU.exe
  2⤵
  PID:9044
- C:\Windows\System\uaQNpgW.exe
  C:\Windows\System\uaQNpgW.exe
  2⤵
  PID:9352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BMvIRTj.exe

Filesize
6.0MB

MD5
960de6fb2e06170cc7fc79c7c946ed1b

SHA1
52de4b4218e9599d2815e5286027964065615ee2

SHA256
289f436039c3da16a73d5057ee206f0e258ad579d65b67deecb3444be54e9dcf

SHA512
253eecf43a53a4fbcc6c506b88651686f1421e255dbb8ecb8cd80b094500921bf527e748bb52e4be2b4306a8d7a6536dbe7799d851ce2afbdf3da1f463a137fe

Download Submit
C:\Windows\system\BpIvVvM.exe

Filesize
6.0MB

MD5
0487d09eb216e9ff314198165a5aaa8a

SHA1
b357325e48ccbb461f6eae998717acd5628b5715

SHA256
113d25ec5a1c1b54b309454d073f414f47a0cce316862792df2f97b956e89c0c

SHA512
7b07b7eeac921ca6f9247198f92d333dac784185b1ed9d097678f027c4f4ae77615a2975cfa8ab466bbc084b152d38dd0d5159756e02e90492d4dd4a724418f3

Download Submit
C:\Windows\system\FHGBiGZ.exe

Filesize
6.0MB

MD5
ab9d8809675635189f71ca1a16113868

SHA1
ff9f5b143a3d6040f79220f43128c65071f043fd

SHA256
db2f352ad51324f46789a3da43aaa577ed8c3cb73e0dc7714fb2272fed65c0dd

SHA512
cfb39c67c449d3930b30fb244d149e72d213b355354338bb675df66adf38a5f35aa8383ffaf292d91a1bf3bcfe909632008b1b4cb4517e3a03510297dead91ea

Download Submit
C:\Windows\system\FjBJVHA.exe

Filesize
6.0MB

MD5
f62f02e2cb02b7285795f492b132e3d7

SHA1
6980ee25dcc0ec2b755dc5f3dd09a20604f65032

SHA256
58b8903c40ce9d77798775cec17f4c816e88909c68a5c365859bd6a3e6f24cbb

SHA512
a51d4a3dc896c04b1000ace454914a0ec1b764b4a04aa2c228fe9ea970f7cc34aad84257b5cec00a50804674d800c1855a9b87bf9f1ca5ce6410cda009eb8db0

Download Submit
C:\Windows\system\FrxuIjv.exe

Filesize
6.0MB

MD5
f248740a77bee8a9d05d9e6f79468dbe

SHA1
6c42ed101d9caf46bd3b3dfcd5eab33e03450910

SHA256
e50992eccf020b27b2b8c5af3df461f210ffe160aab84734a7c6d34474137b21

SHA512
c6e1e669a7b7e39401cb6ee51553bf186f044eb1a97ce50b1b5172f535e016ba285102f7fc3ecf66a4dad3a665d86d6e95b65ed4ad8684e076efd24c2fc33fe1

Download Submit
C:\Windows\system\IKoHUdM.exe

Filesize
6.0MB

MD5
ed511233264099091e28ac503a67ea57

SHA1
cc7ac5c892dedeb063e31cd0c236f8adff0fd009

SHA256
518694951e383d340f9870f7a5769f8334e07d8306a014c08c12c551b5d6d0d6

SHA512
9b4065be0195261367440d7d71e2e385bdab2378e504195246383174347c92f9be90235e6b284767216fcf720608447869ef2be22cff7dfd5622a30e883a1659

Download Submit
C:\Windows\system\LhHEuhs.exe

Filesize
6.0MB

MD5
1645acde6d2c05f4b5c469071b6cb4a4

SHA1
21730c1e472292e8fe00ad1a5f01d1121531a406

SHA256
5256b5bd6dbac5e40278f0eb391d890ad2c6d6f57240d029561fec09df7928b5

SHA512
9431a75419cf6cefc84c8da09fa8a84f7b6364608a06063701292ae0c82c2eec8ea5272c136e47c591809bd7c62e7a6ad0706a4ff63e8ab3bfc49fbdade9264d

Download Submit
C:\Windows\system\PvFeDGh.exe

Filesize
6.0MB

MD5
b1a54747247ef1497f27da9007a50a59

SHA1
1204c56f73bab51e1ece6a9baecfb95d864d2d25

SHA256
f11d62e03b18f878ed237705fd1291ec94b0af1effc382a49a713af90778003c

SHA512
42e64631a7eb1027098d5d1579b421f61f98ca8c894e67979eba3694c5256a13df321d7489649abfc4d5f7f8e6459281801884b18031328900f98490b444f154

Download Submit
C:\Windows\system\RTHcQrG.exe

Filesize
6.0MB

MD5
857624d85f4949ee1e7575c82b650fff

SHA1
cd52b36406d833cea17c7de4806fd24878f8fc96

SHA256
6ae7eaf62dbb433eb71b3b2c4ce6ec08f5f583a8d18eb8c8ac593d5a9b9c4459

SHA512
203a1fe1a8489ecf97feafb1a84ecd394188da7f241f923c4bdc986147154a63b4962cf3e6554d345744897e5ddf5f66877b0cb3310fc9d43991d63c2b23f8a9

Download Submit
C:\Windows\system\SIZsQWw.exe

Filesize
6.0MB

MD5
f48c203cc6e2e5eaeb7d8a23e62757e8

SHA1
601278ce02363eff982d809e8e1641b14698bd90

SHA256
69a31f0f2cfbd5adc9dac052ab1244a3bf2f689c9b12368ecc38d75add4a68d9

SHA512
21ef03f81dce1f9ab3f691eae3816dc2bd44b641f21a10c317fa257d0e02ba6afa983473f4c70f63f1fc748ecdf7316141a2ec9f04a14c88d41e077da14c1001

Download Submit
C:\Windows\system\VxVIMAZ.exe

Filesize
6.0MB

MD5
88b7ec4b396d68f66040ef9728492b39

SHA1
cfa85ec8114e4acae96ed8aa435156c20d21b245

SHA256
06bb562f6debfddddd1581e422686f6938383d97eeeeb6a344c4c94f1dd98aa1

SHA512
7829b952f7568ddf5f013502514306667d8bbd6180b06a7347600d726bdc890de2bae19ec76338fa67dd35883e88254c83856ec286aab78b40a8151e5a25ddef

Download Submit
C:\Windows\system\WDJwmOG.exe

Filesize
6.0MB

MD5
580954c2f0e0cb26d85d4a412b066bee

SHA1
b84ea5c70c10f1231271e3dc962f2f7e0afffba7

SHA256
a5b6ca6684cf8d396815abda3f9f8ecb44f59c63c63ef70c46a37690b163ddfc

SHA512
1f7bc73e914acefd6f7ff9b0cc0513203166f457063da5038a840e0fbd3fbeb269ab06daaf4a8e2b51f993d10d09c2bbe2d43ca313c28c5476b77e5907cc7f90

Download Submit
C:\Windows\system\bFEWflG.exe

Filesize
6.0MB

MD5
e195a7746a3835c5ffcf5cc9f56a2617

SHA1
4c1d4ea1b8b9c673b4cc604f487bc54f599a2c49

SHA256
9dce686abeea0fcf957407f402c183676f627254ea565fe4bd3800ab131477f1

SHA512
8f4c0041ba3f0b2ee39347c326e0f021ce0b5b4f564f2430fe427d77ee7223d06905c15a2fd1baa085be5104f820a421f2571a4ab58cac6111665065875057a8

Download Submit
C:\Windows\system\dyTNQLF.exe

Filesize
6.0MB

MD5
a2b364c8ea65e2b4055dedd5e97f6c13

SHA1
8d34ef6cddbfaeea53b13de19561fa546f9e409c

SHA256
73f27dd8564c64f4bf2958581808218ca727bdad88ecff4896d38ad3eb257011

SHA512
46d6021bcf705b1221bc848bbebd0e6b68901b344c156aa4e28a8ba365c273e1a5a1c54752ca00790e96161396b111d1eb217d03ffff154696f02e7ab10ad9c4

Download Submit
C:\Windows\system\eWbvmxH.exe

Filesize
6.0MB

MD5
9ff1bc84d691123705eb0662f902d5d9

SHA1
0862925ff07107a6a35680463c42b616155711a6

SHA256
c1a724bd2038623df6f490ecb50fedab0674c257d4e76bd0eaabfcafbdabfb2c

SHA512
82d4353121aaf3cf3b45d91e2cc4cdba17fcac74d689eaaa0b5e70843ae5225b4f8fb4a30e74313249b6a50a35238c0bbceecf01284c1751fd1aa35b329abd3e

Download Submit
C:\Windows\system\eWwhjLV.exe

Filesize
6.0MB

MD5
3d19191d7d4928b7237981d068ad571d

SHA1
11c1868a21ddef38f1361fc6f1bb22a894ca7b97

SHA256
6235079b2142c40dd3d84728042de206a7cf8f98f9dd7018fcba74102866d659

SHA512
04ae1ec4d79a6fa82682d7b23beaa3eade54b55d60be9f2803685c9fb867eeed7c36fe7cc0ac8d376fba96a4b0c7644d71a79c7bf31405ec6777bd85d5b43659

Download Submit
C:\Windows\system\jRRaaCA.exe

Filesize
6.0MB

MD5
cd630139c9613e78d98fd5721494e81e

SHA1
8249ca49b8b92c875fd4c33d0d9c6be0b3b971f1

SHA256
cea5df76c0e8e06f1ac4d6763dadf3da63a81db2854291d9311570bec6eb937e

SHA512
a54bb09dd5ddb4ce4d875b059436e544950ca0d8425c2b34bb656d1d76d7df1122a3ec510c879553e2040b249b2a45d6d3d0238577df56de397344abeba18ad4

Download Submit
C:\Windows\system\nEauVdr.exe

Filesize
6.0MB

MD5
4e15d3ed81c907b5c4f50d9820fff32c

SHA1
679fdf3b871f0bf9e54f7c8444c7a9211e7c40d9

SHA256
d9b8af8349ce47681959dc40749bbcf08779febf7931bf86fc19824cc5b86d9e

SHA512
e2fff1f8aa9236d8ea2eecf1fe74bce0ae521378eb013ee5270b750796a56081d29646c788fadc451c7679adc04eedf2d630be699a7c66f6a8424544851a1e66

Download Submit
C:\Windows\system\oInbDcc.exe

Filesize
6.0MB

MD5
59c4d8024bc442d66c7857fe2e7b3d0e

SHA1
e44fff449fdbb2ad00a0f5a9129bf9478255b92c

SHA256
42026e0bdd1fd20d1fc5c78fcc58f4df050bb26fe4d644d988defb61c80dd152

SHA512
18fb3ccbf93215d477806d9f7c78cabcca9108247c871ad9c7ccf2b51bc7852966ec9211961b949b28fe217afe4d49aab05b56f586cad01827d52d3c41dfb37d

Download Submit
C:\Windows\system\qcEFneT.exe

Filesize
6.0MB

MD5
5aecf8d18d91dfa9307c454b7a111e3e

SHA1
387b80a5be0b2b79f891b56e91d180cad989cd24

SHA256
4e61920a438021c4dca1d51f641a5ba39787a6e14d14812a01903c4cafc14505

SHA512
8fd27a8e32ac999ece43475ef13066b785809b1e5eec6d4aa3c5c9ec00c79b9214539522d4f0cc35e2ac771e6462d20b451731607bdb14a07ee7c78ed18bbde5

Download Submit
C:\Windows\system\rlnpDxy.exe

Filesize
6.0MB

MD5
cfc2e58f64b8aefcc4d1c38f3b7b1f4a

SHA1
b47163a70ce6056cec1534f306deb7a46f64dcda

SHA256
0685c7fa07225a8650b9c0d1c1a6d2a750ec04424239469026a3546a614fca03

SHA512
dd0f30a08a0c5ec2dcddd83e47492f18a6148cf1c94a0dcae0fb6540657d4a18a7c1df095a93a62f0ee8acfee0ca384d2f32e7eeaacbf5e5d024ea623fb460be

Download Submit
C:\Windows\system\sYoQBAg.exe

Filesize
6.0MB

MD5
e6ea1bf19ae3f546cc1cb88c18d4a949

SHA1
ee6309dbf7993408536d63222f527d970c5612d8

SHA256
d7317de9dfbb0264e327e032416c93d7a8ec2e246f4bfa4fd5a05f3f7365501c

SHA512
5dff5f2057de7e1291fcfe1da19a8f672f59627430de6353850143dabde2327d722cf19de84a630f932afbf97c7f85e6aecadbbc69194c0641106190780a15f4

Download Submit
C:\Windows\system\tsaqaJT.exe

Filesize
6.0MB

MD5
12aa5764f72c193a1f2c73b1864e6b6a

SHA1
0172a2b22467cb233fe0ac31a62656c41a49ba73

SHA256
7ba25d7971ac28756341e65d4d4257fcd44664f539988a71b877c9ce02a846dd

SHA512
affeab2a41859f81e9243ca896ec21b728ccf824f62cd40b34dc8681db3f1b54579dc6d67d09854626a1742d5f476cfe1b250d3a7f4c54ca882e117f765dfc6f

Download Submit
C:\Windows\system\uNjlhhC.exe

Filesize
6.0MB

MD5
9ee9a1d851e5df0b3423fe84892e3171

SHA1
99a45974fd3d3b9afa2d392c0655f219b10b1e58

SHA256
deb4c902239663f4ea9cf31ae3467673ac1cd162b4c7091588e746d29ea0f6b7

SHA512
ddcc91f911cc4c42eaf7ba4264393db02dad5835d6bfc142df8fd1ed214110230c2c072e80e367e92bcfd11af92cdf23fe9ee4010551be725483137ca34e17f3

Download Submit
C:\Windows\system\vmLLVjJ.exe

Filesize
6.0MB

MD5
5c8e82eadf2052bcc621dae897b92f3d

SHA1
eb278679245228109e08e673acb43372b2aa7191

SHA256
660046eeed3360e3ee219b27173d6b8cb8a793fc9c05e8fddc3a4c2c5352710e

SHA512
3de583d6f27e79a3a08a11b1d900d27f69fe87b020ac22c719149b6deecadcdd6560fb1a22c638ae00a9091dd7429352c06e866ae8689e6acfcc21a894b5b5ad

Download Submit
C:\Windows\system\wPMIlBV.exe

Filesize
6.0MB

MD5
f412a5cde34f005a31c447ccdf064233

SHA1
8991435986f160306cfe4b3baf36d8fffd75237e

SHA256
b97942f33abfe40b1e70ac81dbc75464262bd2cd9f98f01bc6938844e102e483

SHA512
7f73c3bbddc5134f65a521f00ef6c6d3388c0b9201a0e39c0fa3df6bd4b213a471f513ed5bcc4b83c537fbe33ca71e9e6165514ef6329a4dd54b2c17ad7eeda4

Download Submit
C:\Windows\system\zJeMzdK.exe

Filesize
6.0MB

MD5
005778333ff264566de236effc051ee9

SHA1
9c90787ae9b24f6a2780a803607a22779ae83727

SHA256
fb22cbf6c3d3bf092d9a0d2234ae7546690ed5ab4c642a74c49f7ea9b0bde633

SHA512
d4cf0fba0f7eef77fdc33589c9aed6fd2861b599191b5ca4fc6b66eec5247e02c15a73cbfe16cee3dcf1cc5dd9e78f532abc96f3d5e3223576f12b5fa076b628

Download Submit
\Windows\system\AkuJBoY.exe

Filesize
6.0MB

MD5
7b3f22547e79d290ac24137beab4d23f

SHA1
4a1913d028061b70f31ee2ced5c3f2420ba99845

SHA256
114d4bcbe95f6be380a0bf9092966739d373bf1bdfab4030de82593549ca484b

SHA512
45d04bd976f10ec95aabb8178c63725e05ee10cf6976d147d265159995079d270de37dc68b3365c14158e260da17e4da43b52eca05a3b25f650525da55157922

Download Submit
\Windows\system\DwFTAgV.exe

Filesize
6.0MB

MD5
d290a95d131cd46586cf73337b226ae5

SHA1
4335f056647c17d047b1d53e6020f02a91a4c51d

SHA256
6c588abe4e487e5f94183c73238bc0e0d6d9289dd53b25f7cd52b3908b007848

SHA512
d34c40729549f02d6f7ff0b6cbb0c3789bc8ba7f26902ae7a7ee5969cb9a568e25bc063155284e00e3c0f703f6eb463283c905eac553ab6709032c7b169ca244

Download Submit
\Windows\system\HizPHTY.exe

Filesize
6.0MB

MD5
74f128dc427b38e655895f2103ba60d6

SHA1
9f8df7391aca6200d35c9d7ea6fdee0fe4f2198f

SHA256
c9a938576ba1b549a5443eb20a44048a47b288f4295f87efe401cc8abcd326b5

SHA512
ded659bf408943cb31ab671609ca28c9adfa0445612484ffb00500199b7480e9790bba5ccfa16993e62d3abfaf4aa9ade8dd2667c49ffddc5f21ebc4099c685c

Download Submit
\Windows\system\JqzUfPH.exe

Filesize
6.0MB

MD5
9a8fa0c840dcf3accac84cdab7586603

SHA1
84610015ecc76730f106dc8b2500fda2626935aa

SHA256
8c6e3d1b27b0865be7730d4f2500985b84a402253c5b6c76778e300f5a92a094

SHA512
f87c4e96e0a016d528076828f2e0baac1078cb9b4396e4173703c90e73c21f993bebf8d4d9dd12a4fba5ac900df5ea2b9bbc82ad27bb2704ff7e6bdb2ce9790c

Download Submit
\Windows\system\cBpNuge.exe

Filesize
6.0MB

MD5
d67040c7309870bd15d3c9ffbb364f5a

SHA1
1a9cce3cb04b300f1481e540aa91cffbe8f07133

SHA256
5fd2f57f0458cb64657e7cdd68eab761c5bc0a164407abf55f2ff41ec55bd613

SHA512
44715154985886b5c981cf39ed8e558a673a55cad03e585c59037446216a6704a3122a9b4418a90653d2776dd341b3444b3694954ec8b4f062aa81c1b0b36f29

Download Submit
\Windows\system\khYFKgY.exe

Filesize
6.0MB

MD5
a542f6d8a8115ec54418f5573215e583

SHA1
b1c73d22bfaa1a343051d410a323c10a29929a09

SHA256
bc017061ac7725646317e85bd66de51664b0d7bd8143ed140d9f20e97205e88d

SHA512
5480ac25f7848782ef9439121d35eeb5af55ce90f240d3074e9e32f39bfc7e3d6b4394b1fa6e1e5fb35268c020bae1675ff3f1c393a1653134e774231255d71d

Download Submit
\Windows\system\qZbnuyP.exe

Filesize
6.0MB

MD5
c564c6ae38fd360e449b2e979552547b

SHA1
db64e3ff70066e2a2274225c50ce8ae1417c4ada

SHA256
a87c983a46ea09247092802a8297ef34141a6aff4ebcb4652e784f1bed53ae03

SHA512
800c68798e2632a141db287c5665ff9f396fdf156075975e7879db031afcefb432cdd7f542390c1f80236a527745777bbb66149c17d4262cccc09186ba874885

Download Submit
\Windows\system\qorSZWI.exe

Filesize
6.0MB

MD5
8d7a38645e7be714056eb558c07d92d9

SHA1
ab91ba204d8c0e8c5040d856d69b05c95bde7c66

SHA256
e333abacbd1d501443982b054a039803b0b982fade10df007163592fafc991bc

SHA512
916fdc040d6f2cb7c94e104b22649ce3895dd4ac9ba31f235301b61239bb12ccfa6511985db886802b7a0ad58507b4355a61a5314f8ae66da6215dc2d46121f7

Download Submit
memory/1912-3355-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1912-582-0x000000013FEE0000-0x0000000140234000-memory.dmp

Filesize
3.3MB

Download
memory/1956-3356-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1956-557-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2120-3371-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2120-578-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2320-3410-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2320-534-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2440-580-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2440-3392-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2504-667-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2504-3369-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2516-3354-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-571-0x000000013FB50000-0x000000013FEA4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2306-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-583-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2572-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2572-2311-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2572-587-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-556-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-616-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2318-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2572-640-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2572-585-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2572-642-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2572-526-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-577-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2572-644-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2572-0-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2572-562-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2191-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2345-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2302-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-579-0x000000013F3D0000-0x000000013F724000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2329-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-581-0x0000000002350000-0x00000000026A4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-606-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2346-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2192-0x000000013F530000-0x000000013F884000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2338-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2358-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2361-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2357-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2356-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2572-2349-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-639-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2748-3427-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/2760-584-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2760-3352-0x000000013F730000-0x000000013FA84000-memory.dmp

Filesize
3.3MB

Download
memory/2788-643-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3385-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3370-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2820-641-0x000000013F440000-0x000000013F794000-memory.dmp

Filesize
3.3MB

Download
memory/2824-611-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3353-0x000000013FA60000-0x000000013FDB4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-586-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3357-0x000000013F640000-0x000000013F994000-memory.dmp

Filesize
3.3MB

Download
memory/3036-3394-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/3036-592-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download