cobaltstrike | b566acf1cd9c3bde3c7f2bf02057a62c75b23227b17fa35a9d6b61d31a5fb706

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
01-02-2025 07:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

61777ed3128d93b50caba6830e47e2ee
SHA1

a8dba1d113946e8362181ee116c96ffaea195723
SHA256

b566acf1cd9c3bde3c7f2bf02057a62c75b23227b17fa35a9d6b61d31a5fb706
SHA512

fa840356529daf53729b96b5caec09c21786224caf7a00539f118f7ef61a2137b6bd666914629f32ad193d908a99b615568f75dc353d856d0f4a8625a69e6bb4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUg:T+q56utgpPF8u/7g

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fc-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019326-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019394-15.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193a0-24.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193b8-31.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000193c7-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019489-72.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3ab-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a404-145.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44d-154.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46f-197.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a471-203.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46b-187.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a46d-193.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a469-182.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a463-177.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a459-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a457-166.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a44f-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a438-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a400-140.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3fd-135.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f8-130.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a3f6-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a309-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-106.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-97.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-83.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019480-68.dat	cobalt_reflective_dll
behavioral1/files/0x0026000000018b89-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019470-58.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1704-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fc-3.dat	xmrig
behavioral1/memory/2484-11-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x0008000000019326-12.dat	xmrig
behavioral1/files/0x0007000000019394-15.dat	xmrig
behavioral1/memory/2912-23-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x00060000000193a0-24.dat	xmrig
behavioral1/memory/2120-30-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x00060000000193b8-31.dat	xmrig
behavioral1/files/0x00060000000193c7-41.dat	xmrig
behavioral1/memory/2848-39-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/1704-55-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/memory/2484-49-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2828-53-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0007000000019489-72.dat	xmrig
behavioral1/memory/2848-74-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2648-76-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2888-70-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2448-91-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2828-90-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x000500000001a3ab-120.dat	xmrig
behavioral1/files/0x000500000001a404-145.dat	xmrig
behavioral1/memory/2648-146-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a44d-154.dat	xmrig
behavioral1/files/0x000500000001a46f-197.dat	xmrig
behavioral1/memory/1744-367-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2612-417-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2448-298-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/1432-225-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x000500000001a471-203.dat	xmrig
behavioral1/files/0x000500000001a46b-187.dat	xmrig
behavioral1/files/0x000500000001a46d-193.dat	xmrig
behavioral1/files/0x000500000001a469-182.dat	xmrig
behavioral1/files/0x000500000001a463-177.dat	xmrig
behavioral1/memory/1704-174-0x0000000002300000-0x0000000002654000-memory.dmp	xmrig
behavioral1/files/0x000500000001a459-171.dat	xmrig
behavioral1/files/0x000500000001a457-166.dat	xmrig
behavioral1/files/0x000500000001a44f-161.dat	xmrig
behavioral1/files/0x000500000001a438-151.dat	xmrig
behavioral1/files/0x000500000001a400-140.dat	xmrig
behavioral1/files/0x000500000001a3fd-135.dat	xmrig
behavioral1/files/0x000500000001a3f8-130.dat	xmrig
behavioral1/files/0x000500000001a3f6-125.dat	xmrig
behavioral1/files/0x000500000001a309-115.dat	xmrig
behavioral1/memory/2612-109-0x000000013F650000-0x000000013F9A4000-memory.dmp	xmrig
behavioral1/memory/2888-107-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-106.dat	xmrig
behavioral1/memory/1744-99-0x000000013F6D0000-0x000000013FA24000-memory.dmp	xmrig
behavioral1/memory/2684-98-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x000500000001a049-97.dat	xmrig
behavioral1/files/0x000500000001a03c-89.dat	xmrig
behavioral1/memory/1432-84-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/files/0x0005000000019fdd-83.dat	xmrig
behavioral1/memory/3044-80-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2120-69-0x000000013F6C0000-0x000000013FA14000-memory.dmp	xmrig
behavioral1/files/0x0008000000019480-68.dat	xmrig
behavioral1/memory/2540-52-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/files/0x0026000000018b89-50.dat	xmrig
behavioral1/memory/1704-48-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/3044-46-0x000000013FC90000-0x000000013FFE4000-memory.dmp	xmrig
behavioral1/memory/2684-63-0x000000013F980000-0x000000013FCD4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019470-58.dat	xmrig
behavioral1/memory/2540-17-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig
behavioral1/memory/2540-1672-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2484	LaQEiUp.exe
2540	QHTjzzP.exe
2912	gTVxKOB.exe
2120	jSkoQWS.exe
2848	OmDSWlv.exe
3044	UMszSOg.exe
2828	mpibxNP.exe
2684	xZKRgoc.exe
2888	VoMfvbh.exe
2648	CsBTyQL.exe
1432	OOMpIjH.exe
2448	qotahjk.exe
1744	gTgaeWa.exe
2612	oAyMOLT.exe
2972	mtujIVO.exe
3040	RbyyAWg.exe
2072	xEBuOTo.exe
3012	AuxBZDJ.exe
1664	XHqFoSk.exe
2368	htCUIvQ.exe
2276	QnkzJjw.exe
1836	fJCuKlF.exe
824	NVMTUBE.exe
2112	Wuolofh.exe
2384	vgHUNdN.exe
2224	trbkPkN.exe
2344	GyoCxac.exe
2504	tBADGMO.exe
1952	hJkdCgT.exe
1056	kzTJEPe.exe
2096	kmyEUeP.exe
928	IFHoIsb.exe
2172	wFOfufg.exe
1008	ZbLSlpR.exe
2040	KPWuraU.exe
1864	AVybbDi.exe
1780	YsCMIBL.exe
552	bEXBRsN.exe
1712	kzKiDRo.exe
1620	rtWnNvg.exe
612	GERFPFV.exe
2000	EzuHHDh.exe
2516	ZzxwTfb.exe
1736	ggpOWph.exe
1152	wcsMhBP.exe
2416	HCNhyiV.exe
1816	pIPkqEW.exe
548	cULjSEq.exe
2404	MFOIKdL.exe
1656	WWzXJuO.exe
2300	yfmONPT.exe
1584	lXncEkI.exe
1720	DbYfbDJ.exe
2808	LIXIEBQ.exe
2884	bXNfGyu.exe
1508	CkySiIs.exe
2728	zsWJCoJ.exe
2960	oHrWnSH.exe
1628	aMoLndX.exe
1340	WRvNkPq.exe
2760	GhHawPX.exe
1472	LIkKjWa.exe
2468	pbpNuoa.exe
3004	FAwYFid.exe

Loads dropped DLL 64 IoCs

pid	Process
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1704-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/files/0x00070000000120fc-3.dat	upx
behavioral1/memory/2484-11-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x0008000000019326-12.dat	upx
behavioral1/files/0x0007000000019394-15.dat	upx
behavioral1/memory/2912-23-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x00060000000193a0-24.dat	upx
behavioral1/memory/2120-30-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x00060000000193b8-31.dat	upx
behavioral1/files/0x00060000000193c7-41.dat	upx
behavioral1/memory/2848-39-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2484-49-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/memory/2828-53-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0007000000019489-72.dat	upx
behavioral1/memory/2848-74-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2648-76-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2888-70-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/2448-91-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/2828-90-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x000500000001a3ab-120.dat	upx
behavioral1/files/0x000500000001a404-145.dat	upx
behavioral1/memory/2648-146-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/files/0x000500000001a44d-154.dat	upx
behavioral1/files/0x000500000001a46f-197.dat	upx
behavioral1/memory/1744-367-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2612-417-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2448-298-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/memory/1432-225-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x000500000001a471-203.dat	upx
behavioral1/files/0x000500000001a46b-187.dat	upx
behavioral1/files/0x000500000001a46d-193.dat	upx
behavioral1/files/0x000500000001a469-182.dat	upx
behavioral1/files/0x000500000001a463-177.dat	upx
behavioral1/files/0x000500000001a459-171.dat	upx
behavioral1/files/0x000500000001a457-166.dat	upx
behavioral1/files/0x000500000001a44f-161.dat	upx
behavioral1/files/0x000500000001a438-151.dat	upx
behavioral1/files/0x000500000001a400-140.dat	upx
behavioral1/files/0x000500000001a3fd-135.dat	upx
behavioral1/files/0x000500000001a3f8-130.dat	upx
behavioral1/files/0x000500000001a3f6-125.dat	upx
behavioral1/files/0x000500000001a309-115.dat	upx
behavioral1/memory/2612-109-0x000000013F650000-0x000000013F9A4000-memory.dmp	upx
behavioral1/memory/2888-107-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/files/0x000500000001a0b6-106.dat	upx
behavioral1/memory/1744-99-0x000000013F6D0000-0x000000013FA24000-memory.dmp	upx
behavioral1/memory/2684-98-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x000500000001a049-97.dat	upx
behavioral1/files/0x000500000001a03c-89.dat	upx
behavioral1/memory/1432-84-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/files/0x0005000000019fdd-83.dat	upx
behavioral1/memory/3044-80-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2120-69-0x000000013F6C0000-0x000000013FA14000-memory.dmp	upx
behavioral1/files/0x0008000000019480-68.dat	upx
behavioral1/memory/2540-52-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/files/0x0026000000018b89-50.dat	upx
behavioral1/memory/1704-48-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/3044-46-0x000000013FC90000-0x000000013FFE4000-memory.dmp	upx
behavioral1/memory/2684-63-0x000000013F980000-0x000000013FCD4000-memory.dmp	upx
behavioral1/files/0x0006000000019470-58.dat	upx
behavioral1/memory/2540-17-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2540-1672-0x000000013F2A0000-0x000000013F5F4000-memory.dmp	upx
behavioral1/memory/2912-1677-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2484-1673-0x000000013F100000-0x000000013F454000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ywWrwIj.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PocztgM.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\trVxJff.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEZWoBQ.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNZFQuZ.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XONKwoD.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiOvqZp.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PmqCQDZ.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybMpNkx.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zxVVdmh.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeUqdAP.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VhZjTLG.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EbjUWxG.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tTxCHTW.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tnKKKgS.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtjiZCT.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pWLJDTi.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PHKDlOS.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PIAfOAs.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZfgnsoK.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxzmjiM.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BinkvUO.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rngVvOD.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GsQEWRE.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hjrHNDi.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gDGnanB.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GUvFpvs.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJmoqpc.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IWjHfsu.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ntBbyvv.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oTdOZmr.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AXAkLqI.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVuWKEB.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PnXkbBa.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fwtWkGr.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JVPObLi.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDkDLUG.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DezwgRl.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVPfMLS.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgkyVGm.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DDgToOK.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QBaEaxj.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfiVVwI.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veWVxJB.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgGZtWN.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZKPzsdj.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RjHKttu.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yPxAmzr.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hQjXzei.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gHKDjtD.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShhSXXg.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VchgYvx.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOSbIIv.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MEofwTW.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FqWxVxF.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YIEgzOH.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mINGYao.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlaunJu.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kEbLTwj.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MjWptXq.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NHBupee.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gYEwEpK.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MiTzvJP.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hDrwAqr.exe	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2484	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1704 wrote to memory of 2484	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1704 wrote to memory of 2484	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 1704 wrote to memory of 2540	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1704 wrote to memory of 2540	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1704 wrote to memory of 2540	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1704 wrote to memory of 2912	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 2912	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 2912	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 2120	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 2120	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 2120	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 2848	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 2848	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 2848	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 3044	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 3044	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 3044	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 2828	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2828	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2828	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2684	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2684	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2684	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2888	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2888	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2888	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2648	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 2648	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 2648	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 1432	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 1432	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 1432	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 2448	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 2448	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 2448	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 1744	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 1744	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 1744	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 2612	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 2612	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 2612	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 2972	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 2972	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 2972	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 3040	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 3040	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 3040	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 2072	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 2072	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 2072	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 3012	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 3012	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 3012	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 1664	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 1664	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 1664	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 2368	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 2368	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 2368	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 2276	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 2276	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 2276	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 1836	1704	2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe	51

C:\Users\Admin\AppData\Local\Temp\2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-01_61777ed3128d93b50caba6830e47e2ee_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\System\LaQEiUp.exe
  C:\Windows\System\LaQEiUp.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\QHTjzzP.exe
  C:\Windows\System\QHTjzzP.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\gTVxKOB.exe
  C:\Windows\System\gTVxKOB.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\jSkoQWS.exe
  C:\Windows\System\jSkoQWS.exe
  2⤵
  - Executes dropped EXE
  PID:2120
- C:\Windows\System\OmDSWlv.exe
  C:\Windows\System\OmDSWlv.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\UMszSOg.exe
  C:\Windows\System\UMszSOg.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\mpibxNP.exe
  C:\Windows\System\mpibxNP.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\xZKRgoc.exe
  C:\Windows\System\xZKRgoc.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\VoMfvbh.exe
  C:\Windows\System\VoMfvbh.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\CsBTyQL.exe
  C:\Windows\System\CsBTyQL.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\OOMpIjH.exe
  C:\Windows\System\OOMpIjH.exe
  2⤵
  - Executes dropped EXE
  PID:1432
- C:\Windows\System\qotahjk.exe
  C:\Windows\System\qotahjk.exe
  2⤵
  - Executes dropped EXE
  PID:2448
- C:\Windows\System\gTgaeWa.exe
  C:\Windows\System\gTgaeWa.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\oAyMOLT.exe
  C:\Windows\System\oAyMOLT.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\mtujIVO.exe
  C:\Windows\System\mtujIVO.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\RbyyAWg.exe
  C:\Windows\System\RbyyAWg.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\xEBuOTo.exe
  C:\Windows\System\xEBuOTo.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\AuxBZDJ.exe
  C:\Windows\System\AuxBZDJ.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\XHqFoSk.exe
  C:\Windows\System\XHqFoSk.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\htCUIvQ.exe
  C:\Windows\System\htCUIvQ.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\QnkzJjw.exe
  C:\Windows\System\QnkzJjw.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\fJCuKlF.exe
  C:\Windows\System\fJCuKlF.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\NVMTUBE.exe
  C:\Windows\System\NVMTUBE.exe
  2⤵
  - Executes dropped EXE
  PID:824
- C:\Windows\System\Wuolofh.exe
  C:\Windows\System\Wuolofh.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\vgHUNdN.exe
  C:\Windows\System\vgHUNdN.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\trbkPkN.exe
  C:\Windows\System\trbkPkN.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\GyoCxac.exe
  C:\Windows\System\GyoCxac.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\tBADGMO.exe
  C:\Windows\System\tBADGMO.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\hJkdCgT.exe
  C:\Windows\System\hJkdCgT.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\kzTJEPe.exe
  C:\Windows\System\kzTJEPe.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\kmyEUeP.exe
  C:\Windows\System\kmyEUeP.exe
  2⤵
  - Executes dropped EXE
  PID:2096
- C:\Windows\System\IFHoIsb.exe
  C:\Windows\System\IFHoIsb.exe
  2⤵
  - Executes dropped EXE
  PID:928
- C:\Windows\System\wFOfufg.exe
  C:\Windows\System\wFOfufg.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\ZbLSlpR.exe
  C:\Windows\System\ZbLSlpR.exe
  2⤵
  - Executes dropped EXE
  PID:1008
- C:\Windows\System\KPWuraU.exe
  C:\Windows\System\KPWuraU.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\AVybbDi.exe
  C:\Windows\System\AVybbDi.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\YsCMIBL.exe
  C:\Windows\System\YsCMIBL.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\bEXBRsN.exe
  C:\Windows\System\bEXBRsN.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\rtWnNvg.exe
  C:\Windows\System\rtWnNvg.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\kzKiDRo.exe
  C:\Windows\System\kzKiDRo.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\GERFPFV.exe
  C:\Windows\System\GERFPFV.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\EzuHHDh.exe
  C:\Windows\System\EzuHHDh.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\ZzxwTfb.exe
  C:\Windows\System\ZzxwTfb.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\ggpOWph.exe
  C:\Windows\System\ggpOWph.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\wcsMhBP.exe
  C:\Windows\System\wcsMhBP.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Windows\System\HCNhyiV.exe
  C:\Windows\System\HCNhyiV.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\pIPkqEW.exe
  C:\Windows\System\pIPkqEW.exe
  2⤵
  - Executes dropped EXE
  PID:1816
- C:\Windows\System\cULjSEq.exe
  C:\Windows\System\cULjSEq.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\MFOIKdL.exe
  C:\Windows\System\MFOIKdL.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\WWzXJuO.exe
  C:\Windows\System\WWzXJuO.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\yfmONPT.exe
  C:\Windows\System\yfmONPT.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\lXncEkI.exe
  C:\Windows\System\lXncEkI.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\DbYfbDJ.exe
  C:\Windows\System\DbYfbDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\LIXIEBQ.exe
  C:\Windows\System\LIXIEBQ.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\bXNfGyu.exe
  C:\Windows\System\bXNfGyu.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\CkySiIs.exe
  C:\Windows\System\CkySiIs.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\zsWJCoJ.exe
  C:\Windows\System\zsWJCoJ.exe
  2⤵
  - Executes dropped EXE
  PID:2728
- C:\Windows\System\oHrWnSH.exe
  C:\Windows\System\oHrWnSH.exe
  2⤵
  - Executes dropped EXE
  PID:2960
- C:\Windows\System\aMoLndX.exe
  C:\Windows\System\aMoLndX.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\WRvNkPq.exe
  C:\Windows\System\WRvNkPq.exe
  2⤵
  - Executes dropped EXE
  PID:1340
- C:\Windows\System\GhHawPX.exe
  C:\Windows\System\GhHawPX.exe
  2⤵
  - Executes dropped EXE
  PID:2760
- C:\Windows\System\LIkKjWa.exe
  C:\Windows\System\LIkKjWa.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\pbpNuoa.exe
  C:\Windows\System\pbpNuoa.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\FAwYFid.exe
  C:\Windows\System\FAwYFid.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\DgGSgFX.exe
  C:\Windows\System\DgGSgFX.exe
  2⤵
  PID:1312
- C:\Windows\System\svtVJVm.exe
  C:\Windows\System\svtVJVm.exe
  2⤵
  PID:1016
- C:\Windows\System\ViJHLkT.exe
  C:\Windows\System\ViJHLkT.exe
  2⤵
  PID:2168
- C:\Windows\System\ylGrgHp.exe
  C:\Windows\System\ylGrgHp.exe
  2⤵
  PID:2348
- C:\Windows\System\mnjATyd.exe
  C:\Windows\System\mnjATyd.exe
  2⤵
  PID:676
- C:\Windows\System\yKoLYAM.exe
  C:\Windows\System\yKoLYAM.exe
  2⤵
  PID:272
- C:\Windows\System\BsLGFXy.exe
  C:\Windows\System\BsLGFXy.exe
  2⤵
  PID:2220
- C:\Windows\System\cTCymGw.exe
  C:\Windows\System\cTCymGw.exe
  2⤵
  PID:1520
- C:\Windows\System\gKBhSmS.exe
  C:\Windows\System\gKBhSmS.exe
  2⤵
  PID:2528
- C:\Windows\System\EqKMwlA.exe
  C:\Windows\System\EqKMwlA.exe
  2⤵
  PID:340
- C:\Windows\System\KuAKDnx.exe
  C:\Windows\System\KuAKDnx.exe
  2⤵
  PID:1020
- C:\Windows\System\LXihYFz.exe
  C:\Windows\System\LXihYFz.exe
  2⤵
  PID:2636
- C:\Windows\System\aBYivdk.exe
  C:\Windows\System\aBYivdk.exe
  2⤵
  PID:916
- C:\Windows\System\FOzPttI.exe
  C:\Windows\System\FOzPttI.exe
  2⤵
  PID:2008
- C:\Windows\System\bjHojga.exe
  C:\Windows\System\bjHojga.exe
  2⤵
  PID:1072
- C:\Windows\System\GMvQWgL.exe
  C:\Windows\System\GMvQWgL.exe
  2⤵
  PID:1468
- C:\Windows\System\LfrRGwb.exe
  C:\Windows\System\LfrRGwb.exe
  2⤵
  PID:2480
- C:\Windows\System\PeLreAc.exe
  C:\Windows\System\PeLreAc.exe
  2⤵
  PID:2600
- C:\Windows\System\EbzlqYA.exe
  C:\Windows\System\EbzlqYA.exe
  2⤵
  PID:1604
- C:\Windows\System\kXUTIFx.exe
  C:\Windows\System\kXUTIFx.exe
  2⤵
  PID:1088
- C:\Windows\System\lXwoMSC.exe
  C:\Windows\System\lXwoMSC.exe
  2⤵
  PID:2904
- C:\Windows\System\HZdcCPQ.exe
  C:\Windows\System\HZdcCPQ.exe
  2⤵
  PID:1636
- C:\Windows\System\Dattbsw.exe
  C:\Windows\System\Dattbsw.exe
  2⤵
  PID:1144
- C:\Windows\System\wgnDeTS.exe
  C:\Windows\System\wgnDeTS.exe
  2⤵
  PID:1236
- C:\Windows\System\mskigpP.exe
  C:\Windows\System\mskigpP.exe
  2⤵
  PID:580
- C:\Windows\System\nBtGFhA.exe
  C:\Windows\System\nBtGFhA.exe
  2⤵
  PID:3008
- C:\Windows\System\mDYoMqX.exe
  C:\Windows\System\mDYoMqX.exe
  2⤵
  PID:2472
- C:\Windows\System\hyKNhre.exe
  C:\Windows\System\hyKNhre.exe
  2⤵
  PID:1212
- C:\Windows\System\aXoNPhl.exe
  C:\Windows\System\aXoNPhl.exe
  2⤵
  PID:2212
- C:\Windows\System\jbRvXLU.exe
  C:\Windows\System\jbRvXLU.exe
  2⤵
  PID:2392
- C:\Windows\System\npyziJH.exe
  C:\Windows\System\npyziJH.exe
  2⤵
  PID:700
- C:\Windows\System\jtAKsIl.exe
  C:\Windows\System\jtAKsIl.exe
  2⤵
  PID:968
- C:\Windows\System\ibxOrvB.exe
  C:\Windows\System\ibxOrvB.exe
  2⤵
  PID:1368
- C:\Windows\System\JVPObLi.exe
  C:\Windows\System\JVPObLi.exe
  2⤵
  PID:1764
- C:\Windows\System\GXbfYzw.exe
  C:\Windows\System\GXbfYzw.exe
  2⤵
  PID:1748
- C:\Windows\System\BFwsKqz.exe
  C:\Windows\System\BFwsKqz.exe
  2⤵
  PID:2016
- C:\Windows\System\UBneLcK.exe
  C:\Windows\System\UBneLcK.exe
  2⤵
  PID:2144
- C:\Windows\System\bnTauoe.exe
  C:\Windows\System\bnTauoe.exe
  2⤵
  PID:2408
- C:\Windows\System\bztZtGT.exe
  C:\Windows\System\bztZtGT.exe
  2⤵
  PID:2920
- C:\Windows\System\vXjaBav.exe
  C:\Windows\System\vXjaBav.exe
  2⤵
  PID:2936
- C:\Windows\System\BJlzzMu.exe
  C:\Windows\System\BJlzzMu.exe
  2⤵
  PID:2744
- C:\Windows\System\bpvRwmM.exe
  C:\Windows\System\bpvRwmM.exe
  2⤵
  PID:2832
- C:\Windows\System\fHseMQx.exe
  C:\Windows\System\fHseMQx.exe
  2⤵
  PID:1964
- C:\Windows\System\xiRVrnY.exe
  C:\Windows\System\xiRVrnY.exe
  2⤵
  PID:1488
- C:\Windows\System\CJibwrT.exe
  C:\Windows\System\CJibwrT.exe
  2⤵
  PID:1372
- C:\Windows\System\oLRoOBK.exe
  C:\Windows\System\oLRoOBK.exe
  2⤵
  PID:1280
- C:\Windows\System\IvBPFwo.exe
  C:\Windows\System\IvBPFwo.exe
  2⤵
  PID:2200
- C:\Windows\System\WhEySTB.exe
  C:\Windows\System\WhEySTB.exe
  2⤵
  PID:1484
- C:\Windows\System\shwFxJv.exe
  C:\Windows\System\shwFxJv.exe
  2⤵
  PID:1300
- C:\Windows\System\EUbXimk.exe
  C:\Windows\System\EUbXimk.exe
  2⤵
  PID:880
- C:\Windows\System\XdVtTNF.exe
  C:\Windows\System\XdVtTNF.exe
  2⤵
  PID:1108
- C:\Windows\System\buGtwAr.exe
  C:\Windows\System\buGtwAr.exe
  2⤵
  PID:1844
- C:\Windows\System\RIQdkLv.exe
  C:\Windows\System\RIQdkLv.exe
  2⤵
  PID:1672
- C:\Windows\System\asLPkRi.exe
  C:\Windows\System\asLPkRi.exe
  2⤵
  PID:1084
- C:\Windows\System\qQdsvOm.exe
  C:\Windows\System\qQdsvOm.exe
  2⤵
  PID:2948
- C:\Windows\System\PoLuzwz.exe
  C:\Windows\System\PoLuzwz.exe
  2⤵
  PID:2260
- C:\Windows\System\eYGqGcD.exe
  C:\Windows\System\eYGqGcD.exe
  2⤵
  PID:3092
- C:\Windows\System\HNBhMkb.exe
  C:\Windows\System\HNBhMkb.exe
  2⤵
  PID:3108
- C:\Windows\System\oFtqwKf.exe
  C:\Windows\System\oFtqwKf.exe
  2⤵
  PID:3132
- C:\Windows\System\iRsHomi.exe
  C:\Windows\System\iRsHomi.exe
  2⤵
  PID:3152
- C:\Windows\System\adFCWjY.exe
  C:\Windows\System\adFCWjY.exe
  2⤵
  PID:3172
- C:\Windows\System\AXAkLqI.exe
  C:\Windows\System\AXAkLqI.exe
  2⤵
  PID:3192
- C:\Windows\System\uDqenEL.exe
  C:\Windows\System\uDqenEL.exe
  2⤵
  PID:3212
- C:\Windows\System\VJJaHzg.exe
  C:\Windows\System\VJJaHzg.exe
  2⤵
  PID:3232
- C:\Windows\System\XXWTrzN.exe
  C:\Windows\System\XXWTrzN.exe
  2⤵
  PID:3252
- C:\Windows\System\vPfvzWq.exe
  C:\Windows\System\vPfvzWq.exe
  2⤵
  PID:3272
- C:\Windows\System\swMWIYR.exe
  C:\Windows\System\swMWIYR.exe
  2⤵
  PID:3292
- C:\Windows\System\imFyyEQ.exe
  C:\Windows\System\imFyyEQ.exe
  2⤵
  PID:3308
- C:\Windows\System\sJEDgKl.exe
  C:\Windows\System\sJEDgKl.exe
  2⤵
  PID:3332
- C:\Windows\System\JOZmZGf.exe
  C:\Windows\System\JOZmZGf.exe
  2⤵
  PID:3352
- C:\Windows\System\NCNLbeZ.exe
  C:\Windows\System\NCNLbeZ.exe
  2⤵
  PID:3376
- C:\Windows\System\KhtssyC.exe
  C:\Windows\System\KhtssyC.exe
  2⤵
  PID:3396
- C:\Windows\System\ZKPzsdj.exe
  C:\Windows\System\ZKPzsdj.exe
  2⤵
  PID:3416
- C:\Windows\System\JEnCHhA.exe
  C:\Windows\System\JEnCHhA.exe
  2⤵
  PID:3436
- C:\Windows\System\NBToOOY.exe
  C:\Windows\System\NBToOOY.exe
  2⤵
  PID:3456
- C:\Windows\System\YYdoKvL.exe
  C:\Windows\System\YYdoKvL.exe
  2⤵
  PID:3476
- C:\Windows\System\rzojiOH.exe
  C:\Windows\System\rzojiOH.exe
  2⤵
  PID:3496
- C:\Windows\System\uVuWKEB.exe
  C:\Windows\System\uVuWKEB.exe
  2⤵
  PID:3512
- C:\Windows\System\IOuAeee.exe
  C:\Windows\System\IOuAeee.exe
  2⤵
  PID:3536
- C:\Windows\System\dqdYwlQ.exe
  C:\Windows\System\dqdYwlQ.exe
  2⤵
  PID:3556
- C:\Windows\System\xAKUoGt.exe
  C:\Windows\System\xAKUoGt.exe
  2⤵
  PID:3576
- C:\Windows\System\kekprPR.exe
  C:\Windows\System\kekprPR.exe
  2⤵
  PID:3596
- C:\Windows\System\QYYCFRd.exe
  C:\Windows\System\QYYCFRd.exe
  2⤵
  PID:3616
- C:\Windows\System\IMJJzIO.exe
  C:\Windows\System\IMJJzIO.exe
  2⤵
  PID:3636
- C:\Windows\System\lMwSAHR.exe
  C:\Windows\System\lMwSAHR.exe
  2⤵
  PID:3656
- C:\Windows\System\weitdlo.exe
  C:\Windows\System\weitdlo.exe
  2⤵
  PID:3676
- C:\Windows\System\SGgZVIw.exe
  C:\Windows\System\SGgZVIw.exe
  2⤵
  PID:3696
- C:\Windows\System\pHStjSI.exe
  C:\Windows\System\pHStjSI.exe
  2⤵
  PID:3712
- C:\Windows\System\NbeGFho.exe
  C:\Windows\System\NbeGFho.exe
  2⤵
  PID:3736
- C:\Windows\System\rgiWUQQ.exe
  C:\Windows\System\rgiWUQQ.exe
  2⤵
  PID:3752
- C:\Windows\System\wvBgwwj.exe
  C:\Windows\System\wvBgwwj.exe
  2⤵
  PID:3776
- C:\Windows\System\FdtHyiG.exe
  C:\Windows\System\FdtHyiG.exe
  2⤵
  PID:3800
- C:\Windows\System\GxLzBVM.exe
  C:\Windows\System\GxLzBVM.exe
  2⤵
  PID:3820
- C:\Windows\System\ohJEwHe.exe
  C:\Windows\System\ohJEwHe.exe
  2⤵
  PID:3840
- C:\Windows\System\yCEZrnf.exe
  C:\Windows\System\yCEZrnf.exe
  2⤵
  PID:3864
- C:\Windows\System\QOIlAaV.exe
  C:\Windows\System\QOIlAaV.exe
  2⤵
  PID:3884
- C:\Windows\System\dYCNmuA.exe
  C:\Windows\System\dYCNmuA.exe
  2⤵
  PID:3904
- C:\Windows\System\nLqfVyd.exe
  C:\Windows\System\nLqfVyd.exe
  2⤵
  PID:3924
- C:\Windows\System\cAkYCee.exe
  C:\Windows\System\cAkYCee.exe
  2⤵
  PID:3944
- C:\Windows\System\zXkwUVg.exe
  C:\Windows\System\zXkwUVg.exe
  2⤵
  PID:3964
- C:\Windows\System\srXdbwj.exe
  C:\Windows\System\srXdbwj.exe
  2⤵
  PID:3984
- C:\Windows\System\cMmLhMj.exe
  C:\Windows\System\cMmLhMj.exe
  2⤵
  PID:4000
- C:\Windows\System\vsumFwp.exe
  C:\Windows\System\vsumFwp.exe
  2⤵
  PID:4024
- C:\Windows\System\Arwrglw.exe
  C:\Windows\System\Arwrglw.exe
  2⤵
  PID:4040
- C:\Windows\System\GkeAOrD.exe
  C:\Windows\System\GkeAOrD.exe
  2⤵
  PID:4064
- C:\Windows\System\FDXgdqM.exe
  C:\Windows\System\FDXgdqM.exe
  2⤵
  PID:4080
- C:\Windows\System\neMZakJ.exe
  C:\Windows\System\neMZakJ.exe
  2⤵
  PID:2364
- C:\Windows\System\WJHTqNb.exe
  C:\Windows\System\WJHTqNb.exe
  2⤵
  PID:760
- C:\Windows\System\StIvGHa.exe
  C:\Windows\System\StIvGHa.exe
  2⤵
  PID:2232
- C:\Windows\System\OpvCtoL.exe
  C:\Windows\System\OpvCtoL.exe
  2⤵
  PID:2060
- C:\Windows\System\EcMpaNJ.exe
  C:\Windows\System\EcMpaNJ.exe
  2⤵
  PID:3088
- C:\Windows\System\TKBqOhX.exe
  C:\Windows\System\TKBqOhX.exe
  2⤵
  PID:1796
- C:\Windows\System\xLgyzMn.exe
  C:\Windows\System\xLgyzMn.exe
  2⤵
  PID:3128
- C:\Windows\System\ASnhoYz.exe
  C:\Windows\System\ASnhoYz.exe
  2⤵
  PID:3140
- C:\Windows\System\mIMxCEd.exe
  C:\Windows\System\mIMxCEd.exe
  2⤵
  PID:3208
- C:\Windows\System\BgoVuZu.exe
  C:\Windows\System\BgoVuZu.exe
  2⤵
  PID:3184
- C:\Windows\System\qNzjiJL.exe
  C:\Windows\System\qNzjiJL.exe
  2⤵
  PID:3248
- C:\Windows\System\dfFxSmu.exe
  C:\Windows\System\dfFxSmu.exe
  2⤵
  PID:3284
- C:\Windows\System\pTPkyRe.exe
  C:\Windows\System\pTPkyRe.exe
  2⤵
  PID:3324
- C:\Windows\System\LoMDVxE.exe
  C:\Windows\System\LoMDVxE.exe
  2⤵
  PID:3340
- C:\Windows\System\JqweJkM.exe
  C:\Windows\System\JqweJkM.exe
  2⤵
  PID:3364
- C:\Windows\System\sEmJpAU.exe
  C:\Windows\System\sEmJpAU.exe
  2⤵
  PID:3388
- C:\Windows\System\gqdielA.exe
  C:\Windows\System\gqdielA.exe
  2⤵
  PID:3484
- C:\Windows\System\SXqobpi.exe
  C:\Windows\System\SXqobpi.exe
  2⤵
  PID:3488
- C:\Windows\System\tyaeMGO.exe
  C:\Windows\System\tyaeMGO.exe
  2⤵
  PID:3464
- C:\Windows\System\UoCBGaJ.exe
  C:\Windows\System\UoCBGaJ.exe
  2⤵
  PID:2476
- C:\Windows\System\AWBBbhZ.exe
  C:\Windows\System\AWBBbhZ.exe
  2⤵
  PID:3604
- C:\Windows\System\zVNWyKs.exe
  C:\Windows\System\zVNWyKs.exe
  2⤵
  PID:3548
- C:\Windows\System\ABEzZNb.exe
  C:\Windows\System\ABEzZNb.exe
  2⤵
  PID:3652
- C:\Windows\System\sbgjqcM.exe
  C:\Windows\System\sbgjqcM.exe
  2⤵
  PID:3628
- C:\Windows\System\qvPCKOV.exe
  C:\Windows\System\qvPCKOV.exe
  2⤵
  PID:3688
- C:\Windows\System\uJprfZu.exe
  C:\Windows\System\uJprfZu.exe
  2⤵
  PID:3708
- C:\Windows\System\FAEbDXX.exe
  C:\Windows\System\FAEbDXX.exe
  2⤵
  PID:3808
- C:\Windows\System\UcAkItW.exe
  C:\Windows\System\UcAkItW.exe
  2⤵
  PID:3784
- C:\Windows\System\xFpIzxw.exe
  C:\Windows\System\xFpIzxw.exe
  2⤵
  PID:3828
- C:\Windows\System\qDvfzoC.exe
  C:\Windows\System\qDvfzoC.exe
  2⤵
  PID:3900
- C:\Windows\System\xQPPodj.exe
  C:\Windows\System\xQPPodj.exe
  2⤵
  PID:3880
- C:\Windows\System\EJvxGqE.exe
  C:\Windows\System\EJvxGqE.exe
  2⤵
  PID:3916
- C:\Windows\System\qtmgiKN.exe
  C:\Windows\System\qtmgiKN.exe
  2⤵
  PID:4016
- C:\Windows\System\lTqSyCx.exe
  C:\Windows\System\lTqSyCx.exe
  2⤵
  PID:3852
- C:\Windows\System\eWLiddI.exe
  C:\Windows\System\eWLiddI.exe
  2⤵
  PID:4052
- C:\Windows\System\kjrAXLB.exe
  C:\Windows\System\kjrAXLB.exe
  2⤵
  PID:4088
- C:\Windows\System\CojYmQt.exe
  C:\Windows\System\CojYmQt.exe
  2⤵
  PID:3028
- C:\Windows\System\XnOdfre.exe
  C:\Windows\System\XnOdfre.exe
  2⤵
  PID:4076
- C:\Windows\System\kgTClkm.exe
  C:\Windows\System\kgTClkm.exe
  2⤵
  PID:3080
- C:\Windows\System\UiOFFMb.exe
  C:\Windows\System\UiOFFMb.exe
  2⤵
  PID:2004
- C:\Windows\System\PhZUYHL.exe
  C:\Windows\System\PhZUYHL.exe
  2⤵
  PID:1784
- C:\Windows\System\QCHHhDq.exe
  C:\Windows\System\QCHHhDq.exe
  2⤵
  PID:3240
- C:\Windows\System\jKfhAeC.exe
  C:\Windows\System\jKfhAeC.exe
  2⤵
  PID:3144
- C:\Windows\System\NmMVffe.exe
  C:\Windows\System\NmMVffe.exe
  2⤵
  PID:3264
- C:\Windows\System\igtUlbD.exe
  C:\Windows\System\igtUlbD.exe
  2⤵
  PID:3304
- C:\Windows\System\wpFVKyE.exe
  C:\Windows\System\wpFVKyE.exe
  2⤵
  PID:3448
- C:\Windows\System\hIbdxly.exe
  C:\Windows\System\hIbdxly.exe
  2⤵
  PID:3520
- C:\Windows\System\eTLevtf.exe
  C:\Windows\System\eTLevtf.exe
  2⤵
  PID:3428
- C:\Windows\System\hwldwwN.exe
  C:\Windows\System\hwldwwN.exe
  2⤵
  PID:3504
- C:\Windows\System\lLKryRa.exe
  C:\Windows\System\lLKryRa.exe
  2⤵
  PID:3588
- C:\Windows\System\IHaGTDG.exe
  C:\Windows\System\IHaGTDG.exe
  2⤵
  PID:3632
- C:\Windows\System\BZehUnr.exe
  C:\Windows\System\BZehUnr.exe
  2⤵
  PID:3764
- C:\Windows\System\HeEeuRS.exe
  C:\Windows\System\HeEeuRS.exe
  2⤵
  PID:3788
- C:\Windows\System\PWMFtSC.exe
  C:\Windows\System\PWMFtSC.exe
  2⤵
  PID:3856
- C:\Windows\System\kPUnHGk.exe
  C:\Windows\System\kPUnHGk.exe
  2⤵
  PID:3860
- C:\Windows\System\jtZlNge.exe
  C:\Windows\System\jtZlNge.exe
  2⤵
  PID:4008
- C:\Windows\System\etwTdPZ.exe
  C:\Windows\System\etwTdPZ.exe
  2⤵
  PID:3960
- C:\Windows\System\afxTwcs.exe
  C:\Windows\System\afxTwcs.exe
  2⤵
  PID:1768
- C:\Windows\System\OKLyEfV.exe
  C:\Windows\System\OKLyEfV.exe
  2⤵
  PID:4032
- C:\Windows\System\tseaAQw.exe
  C:\Windows\System\tseaAQw.exe
  2⤵
  PID:2892
- C:\Windows\System\zqBOCjY.exe
  C:\Windows\System\zqBOCjY.exe
  2⤵
  PID:2796
- C:\Windows\System\cEINDiK.exe
  C:\Windows\System\cEINDiK.exe
  2⤵
  PID:3280
- C:\Windows\System\nhYkAHj.exe
  C:\Windows\System\nhYkAHj.exe
  2⤵
  PID:3320
- C:\Windows\System\WoXkahJ.exe
  C:\Windows\System\WoXkahJ.exe
  2⤵
  PID:3316
- C:\Windows\System\uyylUFD.exe
  C:\Windows\System\uyylUFD.exe
  2⤵
  PID:2940
- C:\Windows\System\ITSYjoN.exe
  C:\Windows\System\ITSYjoN.exe
  2⤵
  PID:952
- C:\Windows\System\hZJsetJ.exe
  C:\Windows\System\hZJsetJ.exe
  2⤵
  PID:3592
- C:\Windows\System\IiGHnjX.exe
  C:\Windows\System\IiGHnjX.exe
  2⤵
  PID:3668
- C:\Windows\System\wblKmFC.exe
  C:\Windows\System\wblKmFC.exe
  2⤵
  PID:3748
- C:\Windows\System\qkiAIkZ.exe
  C:\Windows\System\qkiAIkZ.exe
  2⤵
  PID:3912
- C:\Windows\System\fjyZrsO.exe
  C:\Windows\System\fjyZrsO.exe
  2⤵
  PID:2716
- C:\Windows\System\vAiDbUA.exe
  C:\Windows\System\vAiDbUA.exe
  2⤵
  PID:4108
- C:\Windows\System\EyTeyCX.exe
  C:\Windows\System\EyTeyCX.exe
  2⤵
  PID:4128
- C:\Windows\System\LzzsDug.exe
  C:\Windows\System\LzzsDug.exe
  2⤵
  PID:4148
- C:\Windows\System\WiqLVhp.exe
  C:\Windows\System\WiqLVhp.exe
  2⤵
  PID:4168
- C:\Windows\System\wzEvTeL.exe
  C:\Windows\System\wzEvTeL.exe
  2⤵
  PID:4188
- C:\Windows\System\RYiXbpJ.exe
  C:\Windows\System\RYiXbpJ.exe
  2⤵
  PID:4208
- C:\Windows\System\SFtachT.exe
  C:\Windows\System\SFtachT.exe
  2⤵
  PID:4228
- C:\Windows\System\JlzVmtZ.exe
  C:\Windows\System\JlzVmtZ.exe
  2⤵
  PID:4248
- C:\Windows\System\NHHSHiD.exe
  C:\Windows\System\NHHSHiD.exe
  2⤵
  PID:4268
- C:\Windows\System\iTAAtuH.exe
  C:\Windows\System\iTAAtuH.exe
  2⤵
  PID:4288
- C:\Windows\System\TkOQEhN.exe
  C:\Windows\System\TkOQEhN.exe
  2⤵
  PID:4304
- C:\Windows\System\iWznujr.exe
  C:\Windows\System\iWznujr.exe
  2⤵
  PID:4328
- C:\Windows\System\yvaNzuS.exe
  C:\Windows\System\yvaNzuS.exe
  2⤵
  PID:4344
- C:\Windows\System\vayAaRG.exe
  C:\Windows\System\vayAaRG.exe
  2⤵
  PID:4368
- C:\Windows\System\oGkeefv.exe
  C:\Windows\System\oGkeefv.exe
  2⤵
  PID:4392
- C:\Windows\System\qNfCSuw.exe
  C:\Windows\System\qNfCSuw.exe
  2⤵
  PID:4412
- C:\Windows\System\EDpHCRv.exe
  C:\Windows\System\EDpHCRv.exe
  2⤵
  PID:4432
- C:\Windows\System\nNhnJOX.exe
  C:\Windows\System\nNhnJOX.exe
  2⤵
  PID:4456
- C:\Windows\System\fWoIWqQ.exe
  C:\Windows\System\fWoIWqQ.exe
  2⤵
  PID:4476
- C:\Windows\System\gCIYmrS.exe
  C:\Windows\System\gCIYmrS.exe
  2⤵
  PID:4496
- C:\Windows\System\HkBtavM.exe
  C:\Windows\System\HkBtavM.exe
  2⤵
  PID:4516
- C:\Windows\System\CDSsebm.exe
  C:\Windows\System\CDSsebm.exe
  2⤵
  PID:4536
- C:\Windows\System\tluEDIT.exe
  C:\Windows\System\tluEDIT.exe
  2⤵
  PID:4552
- C:\Windows\System\bYBzrQb.exe
  C:\Windows\System\bYBzrQb.exe
  2⤵
  PID:4576
- C:\Windows\System\mHyaWqH.exe
  C:\Windows\System\mHyaWqH.exe
  2⤵
  PID:4596
- C:\Windows\System\HldhTJP.exe
  C:\Windows\System\HldhTJP.exe
  2⤵
  PID:4616
- C:\Windows\System\PocztgM.exe
  C:\Windows\System\PocztgM.exe
  2⤵
  PID:4632
- C:\Windows\System\IYilheC.exe
  C:\Windows\System\IYilheC.exe
  2⤵
  PID:4732
- C:\Windows\System\qjxdpeZ.exe
  C:\Windows\System\qjxdpeZ.exe
  2⤵
  PID:4748
- C:\Windows\System\FBBSibE.exe
  C:\Windows\System\FBBSibE.exe
  2⤵
  PID:4768
- C:\Windows\System\opebTki.exe
  C:\Windows\System\opebTki.exe
  2⤵
  PID:4788
- C:\Windows\System\IRVzkRD.exe
  C:\Windows\System\IRVzkRD.exe
  2⤵
  PID:4808
- C:\Windows\System\ymaKUHD.exe
  C:\Windows\System\ymaKUHD.exe
  2⤵
  PID:4824
- C:\Windows\System\stRQAgw.exe
  C:\Windows\System\stRQAgw.exe
  2⤵
  PID:4844
- C:\Windows\System\hjrHNDi.exe
  C:\Windows\System\hjrHNDi.exe
  2⤵
  PID:4868
- C:\Windows\System\oLhKlvc.exe
  C:\Windows\System\oLhKlvc.exe
  2⤵
  PID:4888
- C:\Windows\System\bMpkvGw.exe
  C:\Windows\System\bMpkvGw.exe
  2⤵
  PID:4908
- C:\Windows\System\WNjvMHu.exe
  C:\Windows\System\WNjvMHu.exe
  2⤵
  PID:4924
- C:\Windows\System\RjHKttu.exe
  C:\Windows\System\RjHKttu.exe
  2⤵
  PID:4944
- C:\Windows\System\aLVMUuf.exe
  C:\Windows\System\aLVMUuf.exe
  2⤵
  PID:4960
- C:\Windows\System\sGwwHoe.exe
  C:\Windows\System\sGwwHoe.exe
  2⤵
  PID:4988
- C:\Windows\System\RVcTBaF.exe
  C:\Windows\System\RVcTBaF.exe
  2⤵
  PID:5004
- C:\Windows\System\HudTpFJ.exe
  C:\Windows\System\HudTpFJ.exe
  2⤵
  PID:5028
- C:\Windows\System\siFyuWN.exe
  C:\Windows\System\siFyuWN.exe
  2⤵
  PID:5048
- C:\Windows\System\voMhGjs.exe
  C:\Windows\System\voMhGjs.exe
  2⤵
  PID:5064
- C:\Windows\System\MsOWoYd.exe
  C:\Windows\System\MsOWoYd.exe
  2⤵
  PID:5080
- C:\Windows\System\OHzSnIt.exe
  C:\Windows\System\OHzSnIt.exe
  2⤵
  PID:5100
- C:\Windows\System\QIwDnST.exe
  C:\Windows\System\QIwDnST.exe
  2⤵
  PID:3952
- C:\Windows\System\GXocFsk.exe
  C:\Windows\System\GXocFsk.exe
  2⤵
  PID:2488
- C:\Windows\System\GxBjIXV.exe
  C:\Windows\System\GxBjIXV.exe
  2⤵
  PID:3164
- C:\Windows\System\hRxhPzs.exe
  C:\Windows\System\hRxhPzs.exe
  2⤵
  PID:2800
- C:\Windows\System\DIfQBQp.exe
  C:\Windows\System\DIfQBQp.exe
  2⤵
  PID:3644
- C:\Windows\System\LVbNVFk.exe
  C:\Windows\System\LVbNVFk.exe
  2⤵
  PID:3872
- C:\Windows\System\BrNJrmS.exe
  C:\Windows\System\BrNJrmS.exe
  2⤵
  PID:3728
- C:\Windows\System\mgocfVW.exe
  C:\Windows\System\mgocfVW.exe
  2⤵
  PID:3980
- C:\Windows\System\hFRQAGf.exe
  C:\Windows\System\hFRQAGf.exe
  2⤵
  PID:4116
- C:\Windows\System\FqWxVxF.exe
  C:\Windows\System\FqWxVxF.exe
  2⤵
  PID:4164
- C:\Windows\System\MuxmTNa.exe
  C:\Windows\System\MuxmTNa.exe
  2⤵
  PID:4140
- C:\Windows\System\HALJUqM.exe
  C:\Windows\System\HALJUqM.exe
  2⤵
  PID:4200
- C:\Windows\System\uCuCyhr.exe
  C:\Windows\System\uCuCyhr.exe
  2⤵
  PID:4224
- C:\Windows\System\jBzgTmH.exe
  C:\Windows\System\jBzgTmH.exe
  2⤵
  PID:4276
- C:\Windows\System\llgFlqv.exe
  C:\Windows\System\llgFlqv.exe
  2⤵
  PID:4260
- C:\Windows\System\oeeCiei.exe
  C:\Windows\System\oeeCiei.exe
  2⤵
  PID:4296
- C:\Windows\System\xRtYagJ.exe
  C:\Windows\System\xRtYagJ.exe
  2⤵
  PID:4360
- C:\Windows\System\tqYrWyn.exe
  C:\Windows\System\tqYrWyn.exe
  2⤵
  PID:4400
- C:\Windows\System\MVxESOe.exe
  C:\Windows\System\MVxESOe.exe
  2⤵
  PID:3048
- C:\Windows\System\vBHmqgW.exe
  C:\Windows\System\vBHmqgW.exe
  2⤵
  PID:4452
- C:\Windows\System\JMcIhkI.exe
  C:\Windows\System\JMcIhkI.exe
  2⤵
  PID:4468
- C:\Windows\System\VKtvjSH.exe
  C:\Windows\System\VKtvjSH.exe
  2⤵
  PID:4524
- C:\Windows\System\RfflfJs.exe
  C:\Windows\System\RfflfJs.exe
  2⤵
  PID:4568
- C:\Windows\System\XxdVrak.exe
  C:\Windows\System\XxdVrak.exe
  2⤵
  PID:4564
- C:\Windows\System\WrIDSFO.exe
  C:\Windows\System\WrIDSFO.exe
  2⤵
  PID:4640
- C:\Windows\System\XqrkhSQ.exe
  C:\Windows\System\XqrkhSQ.exe
  2⤵
  PID:4628
- C:\Windows\System\TMYmQJj.exe
  C:\Windows\System\TMYmQJj.exe
  2⤵
  PID:1580
- C:\Windows\System\EbLXgch.exe
  C:\Windows\System\EbLXgch.exe
  2⤵
  PID:1992
- C:\Windows\System\mHQFZyM.exe
  C:\Windows\System\mHQFZyM.exe
  2⤵
  PID:2628
- C:\Windows\System\YIEgzOH.exe
  C:\Windows\System\YIEgzOH.exe
  2⤵
  PID:3032
- C:\Windows\System\iRQlvKy.exe
  C:\Windows\System\iRQlvKy.exe
  2⤵
  PID:2864
- C:\Windows\System\EacQKiX.exe
  C:\Windows\System\EacQKiX.exe
  2⤵
  PID:1728
- C:\Windows\System\UzgFSId.exe
  C:\Windows\System\UzgFSId.exe
  2⤵
  PID:2444
- C:\Windows\System\iDKlKwd.exe
  C:\Windows\System\iDKlKwd.exe
  2⤵
  PID:4684
- C:\Windows\System\SIjmxxn.exe
  C:\Windows\System\SIjmxxn.exe
  2⤵
  PID:4692
- C:\Windows\System\IpgQJHK.exe
  C:\Windows\System\IpgQJHK.exe
  2⤵
  PID:2812
- C:\Windows\System\qIvmpNO.exe
  C:\Windows\System\qIvmpNO.exe
  2⤵
  PID:2720
- C:\Windows\System\kWMSeNO.exe
  C:\Windows\System\kWMSeNO.exe
  2⤵
  PID:4700
- C:\Windows\System\neijwWk.exe
  C:\Windows\System\neijwWk.exe
  2⤵
  PID:2660
- C:\Windows\System\DMQekWq.exe
  C:\Windows\System\DMQekWq.exe
  2⤵
  PID:2712
- C:\Windows\System\FDIGZUC.exe
  C:\Windows\System\FDIGZUC.exe
  2⤵
  PID:1204
- C:\Windows\System\WOmQfQf.exe
  C:\Windows\System\WOmQfQf.exe
  2⤵
  PID:4724
- C:\Windows\System\FhLqoOH.exe
  C:\Windows\System\FhLqoOH.exe
  2⤵
  PID:2204
- C:\Windows\System\OvEjbWV.exe
  C:\Windows\System\OvEjbWV.exe
  2⤵
  PID:4764
- C:\Windows\System\BrdiVmm.exe
  C:\Windows\System\BrdiVmm.exe
  2⤵
  PID:2840
- C:\Windows\System\yVVNPCB.exe
  C:\Windows\System\yVVNPCB.exe
  2⤵
  PID:4832
- C:\Windows\System\djYUENH.exe
  C:\Windows\System\djYUENH.exe
  2⤵
  PID:4820
- C:\Windows\System\LriaLOX.exe
  C:\Windows\System\LriaLOX.exe
  2⤵
  PID:4856
- C:\Windows\System\IIKnzHs.exe
  C:\Windows\System\IIKnzHs.exe
  2⤵
  PID:4880
- C:\Windows\System\PbHIMZo.exe
  C:\Windows\System\PbHIMZo.exe
  2⤵
  PID:4916
- C:\Windows\System\IaxdMnK.exe
  C:\Windows\System\IaxdMnK.exe
  2⤵
  PID:4904
- C:\Windows\System\fpYbvqG.exe
  C:\Windows\System\fpYbvqG.exe
  2⤵
  PID:4936
- C:\Windows\System\sEgfnrI.exe
  C:\Windows\System\sEgfnrI.exe
  2⤵
  PID:5036
- C:\Windows\System\tnKKKgS.exe
  C:\Windows\System\tnKKKgS.exe
  2⤵
  PID:4976
- C:\Windows\System\vzOwJTx.exe
  C:\Windows\System\vzOwJTx.exe
  2⤵
  PID:1820
- C:\Windows\System\uSpQMSZ.exe
  C:\Windows\System\uSpQMSZ.exe
  2⤵
  PID:5116
- C:\Windows\System\nnseNvj.exe
  C:\Windows\System\nnseNvj.exe
  2⤵
  PID:1536
- C:\Windows\System\ElwTUxU.exe
  C:\Windows\System\ElwTUxU.exe
  2⤵
  PID:3052
- C:\Windows\System\gqrayra.exe
  C:\Windows\System\gqrayra.exe
  2⤵
  PID:5092
- C:\Windows\System\FsdWCwk.exe
  C:\Windows\System\FsdWCwk.exe
  2⤵
  PID:3368
- C:\Windows\System\shMPBwN.exe
  C:\Windows\System\shMPBwN.exe
  2⤵
  PID:3344
- C:\Windows\System\REcfMLt.exe
  C:\Windows\System\REcfMLt.exe
  2⤵
  PID:2732
- C:\Windows\System\trVxJff.exe
  C:\Windows\System\trVxJff.exe
  2⤵
  PID:3936
- C:\Windows\System\ucSxyEy.exe
  C:\Windows\System\ucSxyEy.exe
  2⤵
  PID:2164
- C:\Windows\System\FXOHCiC.exe
  C:\Windows\System\FXOHCiC.exe
  2⤵
  PID:4256
- C:\Windows\System\UimVRNI.exe
  C:\Windows\System\UimVRNI.exe
  2⤵
  PID:4204
- C:\Windows\System\EixQToc.exe
  C:\Windows\System\EixQToc.exe
  2⤵
  PID:932
- C:\Windows\System\hZFLMXb.exe
  C:\Windows\System\hZFLMXb.exe
  2⤵
  PID:4312
- C:\Windows\System\eCOfzrS.exe
  C:\Windows\System\eCOfzrS.exe
  2⤵
  PID:4376
- C:\Windows\System\esKfNtc.exe
  C:\Windows\System\esKfNtc.exe
  2⤵
  PID:4464
- C:\Windows\System\yKrAilr.exe
  C:\Windows\System\yKrAilr.exe
  2⤵
  PID:4508
- C:\Windows\System\vVMkMao.exe
  C:\Windows\System\vVMkMao.exe
  2⤵
  PID:4612
- C:\Windows\System\nuHCfeK.exe
  C:\Windows\System\nuHCfeK.exe
  2⤵
  PID:4488
- C:\Windows\System\fxtrUcK.exe
  C:\Windows\System\fxtrUcK.exe
  2⤵
  PID:2244
- C:\Windows\System\kWvNTPv.exe
  C:\Windows\System\kWvNTPv.exe
  2⤵
  PID:2792
- C:\Windows\System\CuuoHlR.exe
  C:\Windows\System\CuuoHlR.exe
  2⤵
  PID:1876
- C:\Windows\System\STCZiMd.exe
  C:\Windows\System\STCZiMd.exe
  2⤵
  PID:2900
- C:\Windows\System\biafNhr.exe
  C:\Windows\System\biafNhr.exe
  2⤵
  PID:2688
- C:\Windows\System\TIlZamj.exe
  C:\Windows\System\TIlZamj.exe
  2⤵
  PID:1596
- C:\Windows\System\JACOEqs.exe
  C:\Windows\System\JACOEqs.exe
  2⤵
  PID:584
- C:\Windows\System\zmmRHYo.exe
  C:\Windows\System\zmmRHYo.exe
  2⤵
  PID:2440
- C:\Windows\System\yNDfZHv.exe
  C:\Windows\System\yNDfZHv.exe
  2⤵
  PID:2980
- C:\Windows\System\QsrzfwL.exe
  C:\Windows\System\QsrzfwL.exe
  2⤵
  PID:2952
- C:\Windows\System\yxRPIpj.exe
  C:\Windows\System\yxRPIpj.exe
  2⤵
  PID:2216
- C:\Windows\System\ehHvFsp.exe
  C:\Windows\System\ehHvFsp.exe
  2⤵
  PID:1288
- C:\Windows\System\Znsbdbr.exe
  C:\Windows\System\Znsbdbr.exe
  2⤵
  PID:4800
- C:\Windows\System\SkJeyla.exe
  C:\Windows\System\SkJeyla.exe
  2⤵
  PID:4864
- C:\Windows\System\yWoqbqC.exe
  C:\Windows\System\yWoqbqC.exe
  2⤵
  PID:1988
- C:\Windows\System\ozaYleO.exe
  C:\Windows\System\ozaYleO.exe
  2⤵
  PID:4932
- C:\Windows\System\RVrIUFG.exe
  C:\Windows\System\RVrIUFG.exe
  2⤵
  PID:4996
- C:\Windows\System\blnmfHq.exe
  C:\Windows\System\blnmfHq.exe
  2⤵
  PID:5076
- C:\Windows\System\rPbKDMz.exe
  C:\Windows\System\rPbKDMz.exe
  2⤵
  PID:5088
- C:\Windows\System\ZkkNZXc.exe
  C:\Windows\System\ZkkNZXc.exe
  2⤵
  PID:5056
- C:\Windows\System\WorHdis.exe
  C:\Windows\System\WorHdis.exe
  2⤵
  PID:3116
- C:\Windows\System\WWYaLeX.exe
  C:\Windows\System\WWYaLeX.exe
  2⤵
  PID:3812
- C:\Windows\System\OHCbXLc.exe
  C:\Windows\System\OHCbXLc.exe
  2⤵
  PID:3568
- C:\Windows\System\XbWykeJ.exe
  C:\Windows\System\XbWykeJ.exe
  2⤵
  PID:3920
- C:\Windows\System\rQCQLxf.exe
  C:\Windows\System\rQCQLxf.exe
  2⤵
  PID:4120
- C:\Windows\System\gTlJJRk.exe
  C:\Windows\System\gTlJJRk.exe
  2⤵
  PID:4380
- C:\Windows\System\yqpjpZb.exe
  C:\Windows\System\yqpjpZb.exe
  2⤵
  PID:4404
- C:\Windows\System\XveGxRp.exe
  C:\Windows\System\XveGxRp.exe
  2⤵
  PID:4448
- C:\Windows\System\dbQhpco.exe
  C:\Windows\System\dbQhpco.exe
  2⤵
  PID:4512
- C:\Windows\System\mILBxxN.exe
  C:\Windows\System\mILBxxN.exe
  2⤵
  PID:2420
- C:\Windows\System\XLZZtun.exe
  C:\Windows\System\XLZZtun.exe
  2⤵
  PID:2032
- C:\Windows\System\nLZwBEK.exe
  C:\Windows\System\nLZwBEK.exe
  2⤵
  PID:2944
- C:\Windows\System\hIRqsgJ.exe
  C:\Windows\System\hIRqsgJ.exe
  2⤵
  PID:1732
- C:\Windows\System\bultWlp.exe
  C:\Windows\System\bultWlp.exe
  2⤵
  PID:640
- C:\Windows\System\lEZufZz.exe
  C:\Windows\System\lEZufZz.exe
  2⤵
  PID:4744
- C:\Windows\System\gSjQijQ.exe
  C:\Windows\System\gSjQijQ.exe
  2⤵
  PID:3228
- C:\Windows\System\yNuMrpw.exe
  C:\Windows\System\yNuMrpw.exe
  2⤵
  PID:848
- C:\Windows\System\BbWUIcN.exe
  C:\Windows\System\BbWUIcN.exe
  2⤵
  PID:4816
- C:\Windows\System\lVqOkrm.exe
  C:\Windows\System\lVqOkrm.exe
  2⤵
  PID:4984
- C:\Windows\System\BuTCfRI.exe
  C:\Windows\System\BuTCfRI.exe
  2⤵
  PID:5016
- C:\Windows\System\jrPDYYf.exe
  C:\Windows\System\jrPDYYf.exe
  2⤵
  PID:2552
- C:\Windows\System\vPRWWQh.exe
  C:\Windows\System\vPRWWQh.exe
  2⤵
  PID:3528
- C:\Windows\System\lmjWNFt.exe
  C:\Windows\System\lmjWNFt.exe
  2⤵
  PID:4728
- C:\Windows\System\yOpeZMK.exe
  C:\Windows\System\yOpeZMK.exe
  2⤵
  PID:4240
- C:\Windows\System\xlyDYns.exe
  C:\Windows\System\xlyDYns.exe
  2⤵
  PID:4528
- C:\Windows\System\wjXlSHv.exe
  C:\Windows\System\wjXlSHv.exe
  2⤵
  PID:4588
- C:\Windows\System\hlGzscG.exe
  C:\Windows\System\hlGzscG.exe
  2⤵
  PID:1624
- C:\Windows\System\hreLlPf.exe
  C:\Windows\System\hreLlPf.exe
  2⤵
  PID:2464
- C:\Windows\System\rQoTxhX.exe
  C:\Windows\System\rQoTxhX.exe
  2⤵
  PID:2156
- C:\Windows\System\xEGyMBF.exe
  C:\Windows\System\xEGyMBF.exe
  2⤵
  PID:3000
- C:\Windows\System\zETjiwG.exe
  C:\Windows\System\zETjiwG.exe
  2⤵
  PID:4136
- C:\Windows\System\FTyVNdb.exe
  C:\Windows\System\FTyVNdb.exe
  2⤵
  PID:2676
- C:\Windows\System\AfulzwN.exe
  C:\Windows\System\AfulzwN.exe
  2⤵
  PID:4920
- C:\Windows\System\npRMsJR.exe
  C:\Windows\System\npRMsJR.exe
  2⤵
  PID:2836
- C:\Windows\System\mplkVHR.exe
  C:\Windows\System\mplkVHR.exe
  2⤵
  PID:4160
- C:\Windows\System\mINGYao.exe
  C:\Windows\System\mINGYao.exe
  2⤵
  PID:4440
- C:\Windows\System\QgcqKRq.exe
  C:\Windows\System\QgcqKRq.exe
  2⤵
  PID:4604
- C:\Windows\System\FrAGwMg.exe
  C:\Windows\System\FrAGwMg.exe
  2⤵
  PID:2672
- C:\Windows\System\ZAYLASa.exe
  C:\Windows\System\ZAYLASa.exe
  2⤵
  PID:2152
- C:\Windows\System\IplLdoF.exe
  C:\Windows\System\IplLdoF.exe
  2⤵
  PID:4012
- C:\Windows\System\RqDQTCT.exe
  C:\Windows\System\RqDQTCT.exe
  2⤵
  PID:2456
- C:\Windows\System\ZHPNgER.exe
  C:\Windows\System\ZHPNgER.exe
  2⤵
  PID:4180
- C:\Windows\System\DtjiZCT.exe
  C:\Windows\System\DtjiZCT.exe
  2⤵
  PID:2668
- C:\Windows\System\eyuAdSN.exe
  C:\Windows\System\eyuAdSN.exe
  2⤵
  PID:3020
- C:\Windows\System\TvIKnpY.exe
  C:\Windows\System\TvIKnpY.exe
  2⤵
  PID:4860
- C:\Windows\System\LzcgbjJ.exe
  C:\Windows\System\LzcgbjJ.exe
  2⤵
  PID:2520
- C:\Windows\System\hqqXYrD.exe
  C:\Windows\System\hqqXYrD.exe
  2⤵
  PID:3572
- C:\Windows\System\EIOesFu.exe
  C:\Windows\System\EIOesFu.exe
  2⤵
  PID:976
- C:\Windows\System\XlaunJu.exe
  C:\Windows\System\XlaunJu.exe
  2⤵
  PID:4876
- C:\Windows\System\dpzLeHf.exe
  C:\Windows\System\dpzLeHf.exe
  2⤵
  PID:4952
- C:\Windows\System\EGmLDvg.exe
  C:\Windows\System\EGmLDvg.exe
  2⤵
  PID:5152
- C:\Windows\System\LIFejUK.exe
  C:\Windows\System\LIFejUK.exe
  2⤵
  PID:5172
- C:\Windows\System\MbQNGFZ.exe
  C:\Windows\System\MbQNGFZ.exe
  2⤵
  PID:5188
- C:\Windows\System\tzADggZ.exe
  C:\Windows\System\tzADggZ.exe
  2⤵
  PID:5204
- C:\Windows\System\jfVvNyU.exe
  C:\Windows\System\jfVvNyU.exe
  2⤵
  PID:5228
- C:\Windows\System\NXoyFDH.exe
  C:\Windows\System\NXoyFDH.exe
  2⤵
  PID:5248
- C:\Windows\System\TWkOaIq.exe
  C:\Windows\System\TWkOaIq.exe
  2⤵
  PID:5272
- C:\Windows\System\IEZWoBQ.exe
  C:\Windows\System\IEZWoBQ.exe
  2⤵
  PID:5296
- C:\Windows\System\ZfgnsoK.exe
  C:\Windows\System\ZfgnsoK.exe
  2⤵
  PID:5312
- C:\Windows\System\yZapeLe.exe
  C:\Windows\System\yZapeLe.exe
  2⤵
  PID:5332
- C:\Windows\System\lVfkwRq.exe
  C:\Windows\System\lVfkwRq.exe
  2⤵
  PID:5360
- C:\Windows\System\FKpjIGt.exe
  C:\Windows\System\FKpjIGt.exe
  2⤵
  PID:5376
- C:\Windows\System\CqXngQx.exe
  C:\Windows\System\CqXngQx.exe
  2⤵
  PID:5392
- C:\Windows\System\KEceuCB.exe
  C:\Windows\System\KEceuCB.exe
  2⤵
  PID:5420
- C:\Windows\System\CxPgeHw.exe
  C:\Windows\System\CxPgeHw.exe
  2⤵
  PID:5436
- C:\Windows\System\GBRSKXS.exe
  C:\Windows\System\GBRSKXS.exe
  2⤵
  PID:5464
- C:\Windows\System\XwlbIXT.exe
  C:\Windows\System\XwlbIXT.exe
  2⤵
  PID:5480
- C:\Windows\System\ylendwZ.exe
  C:\Windows\System\ylendwZ.exe
  2⤵
  PID:5496
- C:\Windows\System\TAWUIIQ.exe
  C:\Windows\System\TAWUIIQ.exe
  2⤵
  PID:5512
- C:\Windows\System\wiiClcf.exe
  C:\Windows\System\wiiClcf.exe
  2⤵
  PID:5544
- C:\Windows\System\BSkRpuc.exe
  C:\Windows\System\BSkRpuc.exe
  2⤵
  PID:5560
- C:\Windows\System\qpVOmjB.exe
  C:\Windows\System\qpVOmjB.exe
  2⤵
  PID:5576
- C:\Windows\System\SxRQuLx.exe
  C:\Windows\System\SxRQuLx.exe
  2⤵
  PID:5600
- C:\Windows\System\AUNCoEm.exe
  C:\Windows\System\AUNCoEm.exe
  2⤵
  PID:5616
- C:\Windows\System\qxCwqdl.exe
  C:\Windows\System\qxCwqdl.exe
  2⤵
  PID:5632
- C:\Windows\System\DSficYV.exe
  C:\Windows\System\DSficYV.exe
  2⤵
  PID:5656
- C:\Windows\System\jCbeOKA.exe
  C:\Windows\System\jCbeOKA.exe
  2⤵
  PID:5676
- C:\Windows\System\XyGVICA.exe
  C:\Windows\System\XyGVICA.exe
  2⤵
  PID:5700
- C:\Windows\System\RUUgiUw.exe
  C:\Windows\System\RUUgiUw.exe
  2⤵
  PID:5724
- C:\Windows\System\KcNzcrf.exe
  C:\Windows\System\KcNzcrf.exe
  2⤵
  PID:5752
- C:\Windows\System\CzGONYb.exe
  C:\Windows\System\CzGONYb.exe
  2⤵
  PID:5768
- C:\Windows\System\duwAbLK.exe
  C:\Windows\System\duwAbLK.exe
  2⤵
  PID:5788
- C:\Windows\System\eXhbmCS.exe
  C:\Windows\System\eXhbmCS.exe
  2⤵
  PID:5804
- C:\Windows\System\rafFvTp.exe
  C:\Windows\System\rafFvTp.exe
  2⤵
  PID:5836
- C:\Windows\System\pkTwgaw.exe
  C:\Windows\System\pkTwgaw.exe
  2⤵
  PID:5856
- C:\Windows\System\gQEZPvi.exe
  C:\Windows\System\gQEZPvi.exe
  2⤵
  PID:5880
- C:\Windows\System\UtXPFpA.exe
  C:\Windows\System\UtXPFpA.exe
  2⤵
  PID:5900
- C:\Windows\System\fTjOAUV.exe
  C:\Windows\System\fTjOAUV.exe
  2⤵
  PID:5920
- C:\Windows\System\keTcMqp.exe
  C:\Windows\System\keTcMqp.exe
  2⤵
  PID:5940
- C:\Windows\System\uWGpgnt.exe
  C:\Windows\System\uWGpgnt.exe
  2⤵
  PID:5956
- C:\Windows\System\ejEzRhh.exe
  C:\Windows\System\ejEzRhh.exe
  2⤵
  PID:5976
- C:\Windows\System\zQgnMUH.exe
  C:\Windows\System\zQgnMUH.exe
  2⤵
  PID:6000
- C:\Windows\System\EjzMrak.exe
  C:\Windows\System\EjzMrak.exe
  2⤵
  PID:6016
- C:\Windows\System\JVdrHCW.exe
  C:\Windows\System\JVdrHCW.exe
  2⤵
  PID:6040
- C:\Windows\System\iKTsRww.exe
  C:\Windows\System\iKTsRww.exe
  2⤵
  PID:6060
- C:\Windows\System\mCAoqTn.exe
  C:\Windows\System\mCAoqTn.exe
  2⤵
  PID:6076
- C:\Windows\System\IHiGakN.exe
  C:\Windows\System\IHiGakN.exe
  2⤵
  PID:6096
- C:\Windows\System\KBkhCoz.exe
  C:\Windows\System\KBkhCoz.exe
  2⤵
  PID:6120
- C:\Windows\System\ECLpAXF.exe
  C:\Windows\System\ECLpAXF.exe
  2⤵
  PID:6136
- C:\Windows\System\kDyooGC.exe
  C:\Windows\System\kDyooGC.exe
  2⤵
  PID:5140
- C:\Windows\System\vLOlQPd.exe
  C:\Windows\System\vLOlQPd.exe
  2⤵
  PID:4336
- C:\Windows\System\pgvxRRR.exe
  C:\Windows\System\pgvxRRR.exe
  2⤵
  PID:5160
- C:\Windows\System\KMEzzyp.exe
  C:\Windows\System\KMEzzyp.exe
  2⤵
  PID:5220
- C:\Windows\System\pcjIgvS.exe
  C:\Windows\System\pcjIgvS.exe
  2⤵
  PID:5260
- C:\Windows\System\ZGWQArW.exe
  C:\Windows\System\ZGWQArW.exe
  2⤵
  PID:5264
- C:\Windows\System\UesOwDJ.exe
  C:\Windows\System\UesOwDJ.exe
  2⤵
  PID:5308
- C:\Windows\System\NSmwfLY.exe
  C:\Windows\System\NSmwfLY.exe
  2⤵
  PID:5340
- C:\Windows\System\uAUNFCo.exe
  C:\Windows\System\uAUNFCo.exe
  2⤵
  PID:5404
- C:\Windows\System\mpWXrck.exe
  C:\Windows\System\mpWXrck.exe
  2⤵
  PID:5352
- C:\Windows\System\UbCJfRN.exe
  C:\Windows\System\UbCJfRN.exe
  2⤵
  PID:5452
- C:\Windows\System\eREBdCE.exe
  C:\Windows\System\eREBdCE.exe
  2⤵
  PID:5492
- C:\Windows\System\ywGHarU.exe
  C:\Windows\System\ywGHarU.exe
  2⤵
  PID:5504
- C:\Windows\System\jWsMDgN.exe
  C:\Windows\System\jWsMDgN.exe
  2⤵
  PID:5540
- C:\Windows\System\MJmIQIX.exe
  C:\Windows\System\MJmIQIX.exe
  2⤵
  PID:5652
- C:\Windows\System\KEZsjXR.exe
  C:\Windows\System\KEZsjXR.exe
  2⤵
  PID:5684
- C:\Windows\System\rlNauIs.exe
  C:\Windows\System\rlNauIs.exe
  2⤵
  PID:5732
- C:\Windows\System\aCyUred.exe
  C:\Windows\System\aCyUred.exe
  2⤵
  PID:5748
- C:\Windows\System\WWBpTeJ.exe
  C:\Windows\System\WWBpTeJ.exe
  2⤵
  PID:5784
- C:\Windows\System\sfSqAsl.exe
  C:\Windows\System\sfSqAsl.exe
  2⤵
  PID:5812
- C:\Windows\System\cISOScI.exe
  C:\Windows\System\cISOScI.exe
  2⤵
  PID:5796
- C:\Windows\System\VcSYaIZ.exe
  C:\Windows\System\VcSYaIZ.exe
  2⤵
  PID:5832
- C:\Windows\System\qdzyYxe.exe
  C:\Windows\System\qdzyYxe.exe
  2⤵
  PID:5868
- C:\Windows\System\JTOGFQv.exe
  C:\Windows\System\JTOGFQv.exe
  2⤵
  PID:5892
- C:\Windows\System\puAoOsa.exe
  C:\Windows\System\puAoOsa.exe
  2⤵
  PID:5984
- C:\Windows\System\YkaSIAU.exe
  C:\Windows\System\YkaSIAU.exe
  2⤵
  PID:6024
- C:\Windows\System\WwIYRID.exe
  C:\Windows\System\WwIYRID.exe
  2⤵
  PID:5936
- C:\Windows\System\pzisssj.exe
  C:\Windows\System\pzisssj.exe
  2⤵
  PID:5972
- C:\Windows\System\KRkTnnv.exe
  C:\Windows\System\KRkTnnv.exe
  2⤵
  PID:6104
- C:\Windows\System\ilelKXT.exe
  C:\Windows\System\ilelKXT.exe
  2⤵
  PID:6108
- C:\Windows\System\vyIJzEq.exe
  C:\Windows\System\vyIJzEq.exe
  2⤵
  PID:6128
- C:\Windows\System\upvEuQM.exe
  C:\Windows\System\upvEuQM.exe
  2⤵
  PID:4756
- C:\Windows\System\udsrgmd.exe
  C:\Windows\System\udsrgmd.exe
  2⤵
  PID:5212
- C:\Windows\System\JlNhGpO.exe
  C:\Windows\System\JlNhGpO.exe
  2⤵
  PID:5164
- C:\Windows\System\zlbYiMT.exe
  C:\Windows\System\zlbYiMT.exe
  2⤵
  PID:5284
- C:\Windows\System\ofdSnEl.exe
  C:\Windows\System\ofdSnEl.exe
  2⤵
  PID:5324
- C:\Windows\System\IUTcPom.exe
  C:\Windows\System\IUTcPom.exe
  2⤵
  PID:5428
- C:\Windows\System\hmsqPqu.exe
  C:\Windows\System\hmsqPqu.exe
  2⤵
  PID:5460
- C:\Windows\System\wjtCSEf.exe
  C:\Windows\System\wjtCSEf.exe
  2⤵
  PID:5472
- C:\Windows\System\jEvSRll.exe
  C:\Windows\System\jEvSRll.exe
  2⤵
  PID:5644
- C:\Windows\System\PfvuNkT.exe
  C:\Windows\System\PfvuNkT.exe
  2⤵
  PID:5628
- C:\Windows\System\rQBjwqh.exe
  C:\Windows\System\rQBjwqh.exe
  2⤵
  PID:5744
- C:\Windows\System\SKfmoVx.exe
  C:\Windows\System\SKfmoVx.exe
  2⤵
  PID:5760
- C:\Windows\System\GpptAbx.exe
  C:\Windows\System\GpptAbx.exe
  2⤵
  PID:5844
- C:\Windows\System\jzabelY.exe
  C:\Windows\System\jzabelY.exe
  2⤵
  PID:5912
- C:\Windows\System\TnuXTwy.exe
  C:\Windows\System\TnuXTwy.exe
  2⤵
  PID:5908
- C:\Windows\System\TfFzlSM.exe
  C:\Windows\System\TfFzlSM.exe
  2⤵
  PID:6036
- C:\Windows\System\ZtcCIPJ.exe
  C:\Windows\System\ZtcCIPJ.exe
  2⤵
  PID:5588
- C:\Windows\System\RHQOliA.exe
  C:\Windows\System\RHQOliA.exe
  2⤵
  PID:3444
- C:\Windows\System\iBaNxda.exe
  C:\Windows\System\iBaNxda.exe
  2⤵
  PID:692
- C:\Windows\System\sxDFyol.exe
  C:\Windows\System\sxDFyol.exe
  2⤵
  PID:5412
- C:\Windows\System\XaCAHAz.exe
  C:\Windows\System\XaCAHAz.exe
  2⤵
  PID:5688
- C:\Windows\System\flIvgKm.exe
  C:\Windows\System\flIvgKm.exe
  2⤵
  PID:5668
- C:\Windows\System\xIdjrQm.exe
  C:\Windows\System\xIdjrQm.exe
  2⤵
  PID:5872
- C:\Windows\System\RbvIafL.exe
  C:\Windows\System\RbvIafL.exe
  2⤵
  PID:5932
- C:\Windows\System\mKIUTgJ.exe
  C:\Windows\System\mKIUTgJ.exe
  2⤵
  PID:6072
- C:\Windows\System\qLhSldO.exe
  C:\Windows\System\qLhSldO.exe
  2⤵
  PID:6088
- C:\Windows\System\UnrKSWG.exe
  C:\Windows\System\UnrKSWG.exe
  2⤵
  PID:6092
- C:\Windows\System\vSLmGwM.exe
  C:\Windows\System\vSLmGwM.exe
  2⤵
  PID:5236
- C:\Windows\System\GSgBWkq.exe
  C:\Windows\System\GSgBWkq.exe
  2⤵
  PID:5996
- C:\Windows\System\ZhpUonF.exe
  C:\Windows\System\ZhpUonF.exe
  2⤵
  PID:5304
- C:\Windows\System\ISfXWtw.exe
  C:\Windows\System\ISfXWtw.exe
  2⤵
  PID:5524
- C:\Windows\System\mAISKzw.exe
  C:\Windows\System\mAISKzw.exe
  2⤵
  PID:5432
- C:\Windows\System\NHBupee.exe
  C:\Windows\System\NHBupee.exe
  2⤵
  PID:5776
- C:\Windows\System\uAAybKz.exe
  C:\Windows\System\uAAybKz.exe
  2⤵
  PID:5916
- C:\Windows\System\BinkvUO.exe
  C:\Windows\System\BinkvUO.exe
  2⤵
  PID:5848
- C:\Windows\System\waGNypA.exe
  C:\Windows\System\waGNypA.exe
  2⤵
  PID:5800
- C:\Windows\System\MjtaQdg.exe
  C:\Windows\System\MjtaQdg.exe
  2⤵
  PID:5780
- C:\Windows\System\cuxaUdt.exe
  C:\Windows\System\cuxaUdt.exe
  2⤵
  PID:5224
- C:\Windows\System\qHeIrMZ.exe
  C:\Windows\System\qHeIrMZ.exe
  2⤵
  PID:5716
- C:\Windows\System\IHfiDCi.exe
  C:\Windows\System\IHfiDCi.exe
  2⤵
  PID:6172
- C:\Windows\System\yPxAmzr.exe
  C:\Windows\System\yPxAmzr.exe
  2⤵
  PID:6188
- C:\Windows\System\mXDVoKW.exe
  C:\Windows\System\mXDVoKW.exe
  2⤵
  PID:6204
- C:\Windows\System\cgwIIyW.exe
  C:\Windows\System\cgwIIyW.exe
  2⤵
  PID:6220
- C:\Windows\System\sMLuZZn.exe
  C:\Windows\System\sMLuZZn.exe
  2⤵
  PID:6244
- C:\Windows\System\DlPZjVg.exe
  C:\Windows\System\DlPZjVg.exe
  2⤵
  PID:6264
- C:\Windows\System\pGFOsYQ.exe
  C:\Windows\System\pGFOsYQ.exe
  2⤵
  PID:6280
- C:\Windows\System\lloBRsP.exe
  C:\Windows\System\lloBRsP.exe
  2⤵
  PID:6300
- C:\Windows\System\gzsBehy.exe
  C:\Windows\System\gzsBehy.exe
  2⤵
  PID:6332
- C:\Windows\System\uegQQaY.exe
  C:\Windows\System\uegQQaY.exe
  2⤵
  PID:6348
- C:\Windows\System\DMLVQoh.exe
  C:\Windows\System\DMLVQoh.exe
  2⤵
  PID:6372
- C:\Windows\System\igfYscG.exe
  C:\Windows\System\igfYscG.exe
  2⤵
  PID:6388
- C:\Windows\System\VamrtKH.exe
  C:\Windows\System\VamrtKH.exe
  2⤵
  PID:6408
- C:\Windows\System\qpxhKil.exe
  C:\Windows\System\qpxhKil.exe
  2⤵
  PID:6424
- C:\Windows\System\EuzcEDJ.exe
  C:\Windows\System\EuzcEDJ.exe
  2⤵
  PID:6448
- C:\Windows\System\ofRNAtM.exe
  C:\Windows\System\ofRNAtM.exe
  2⤵
  PID:6468
- C:\Windows\System\xFWYmmY.exe
  C:\Windows\System\xFWYmmY.exe
  2⤵
  PID:6484
- C:\Windows\System\NUhqrSe.exe
  C:\Windows\System\NUhqrSe.exe
  2⤵
  PID:6508
- C:\Windows\System\YQTfIVB.exe
  C:\Windows\System\YQTfIVB.exe
  2⤵
  PID:6536
- C:\Windows\System\xUttBJr.exe
  C:\Windows\System\xUttBJr.exe
  2⤵
  PID:6552
- C:\Windows\System\itdHSkG.exe
  C:\Windows\System\itdHSkG.exe
  2⤵
  PID:6572
- C:\Windows\System\RPJrmAl.exe
  C:\Windows\System\RPJrmAl.exe
  2⤵
  PID:6592
- C:\Windows\System\cWnecDH.exe
  C:\Windows\System\cWnecDH.exe
  2⤵
  PID:6616
- C:\Windows\System\WvlYwgT.exe
  C:\Windows\System\WvlYwgT.exe
  2⤵
  PID:6636
- C:\Windows\System\VNBwLlR.exe
  C:\Windows\System\VNBwLlR.exe
  2⤵
  PID:6652
- C:\Windows\System\YrlnNcv.exe
  C:\Windows\System\YrlnNcv.exe
  2⤵
  PID:6668
- C:\Windows\System\rgbVipR.exe
  C:\Windows\System\rgbVipR.exe
  2⤵
  PID:6688
- C:\Windows\System\COQHlcd.exe
  C:\Windows\System\COQHlcd.exe
  2⤵
  PID:6708
- C:\Windows\System\JxwGcPJ.exe
  C:\Windows\System\JxwGcPJ.exe
  2⤵
  PID:6736
- C:\Windows\System\sPcyvqB.exe
  C:\Windows\System\sPcyvqB.exe
  2⤵
  PID:6752
- C:\Windows\System\lnZfhKl.exe
  C:\Windows\System\lnZfhKl.exe
  2⤵
  PID:6776
- C:\Windows\System\sZxeNVD.exe
  C:\Windows\System\sZxeNVD.exe
  2⤵
  PID:6792
- C:\Windows\System\MvXhajj.exe
  C:\Windows\System\MvXhajj.exe
  2⤵
  PID:6808
- C:\Windows\System\gfQUMwK.exe
  C:\Windows\System\gfQUMwK.exe
  2⤵
  PID:6828
- C:\Windows\System\XuhVBcZ.exe
  C:\Windows\System\XuhVBcZ.exe
  2⤵
  PID:6844
- C:\Windows\System\OrHVnAD.exe
  C:\Windows\System\OrHVnAD.exe
  2⤵
  PID:6860
- C:\Windows\System\rngVvOD.exe
  C:\Windows\System\rngVvOD.exe
  2⤵
  PID:6880
- C:\Windows\System\bNLSESp.exe
  C:\Windows\System\bNLSESp.exe
  2⤵
  PID:6896
- C:\Windows\System\KDfElVL.exe
  C:\Windows\System\KDfElVL.exe
  2⤵
  PID:6916
- C:\Windows\System\VxhQbkw.exe
  C:\Windows\System\VxhQbkw.exe
  2⤵
  PID:6952
- C:\Windows\System\QNzVaNp.exe
  C:\Windows\System\QNzVaNp.exe
  2⤵
  PID:6976
- C:\Windows\System\anvBzqZ.exe
  C:\Windows\System\anvBzqZ.exe
  2⤵
  PID:6992
- C:\Windows\System\UjKbyQE.exe
  C:\Windows\System\UjKbyQE.exe
  2⤵
  PID:7016
- C:\Windows\System\qlpArre.exe
  C:\Windows\System\qlpArre.exe
  2⤵
  PID:7032
- C:\Windows\System\GDdORgu.exe
  C:\Windows\System\GDdORgu.exe
  2⤵
  PID:7056
- C:\Windows\System\UmBcdYh.exe
  C:\Windows\System\UmBcdYh.exe
  2⤵
  PID:7072
- C:\Windows\System\ZXphIOJ.exe
  C:\Windows\System\ZXphIOJ.exe
  2⤵
  PID:7088
- C:\Windows\System\CkmKsvC.exe
  C:\Windows\System\CkmKsvC.exe
  2⤵
  PID:7108
- C:\Windows\System\AxVyeoA.exe
  C:\Windows\System\AxVyeoA.exe
  2⤵
  PID:7136
- C:\Windows\System\BldbhSD.exe
  C:\Windows\System\BldbhSD.exe
  2⤵
  PID:7156
- C:\Windows\System\WJfgdzl.exe
  C:\Windows\System\WJfgdzl.exe
  2⤵
  PID:5988
- C:\Windows\System\XKxmBAq.exe
  C:\Windows\System\XKxmBAq.exe
  2⤵
  PID:5596
- C:\Windows\System\swUhKVo.exe
  C:\Windows\System\swUhKVo.exe
  2⤵
  PID:6160
- C:\Windows\System\qkPsOos.exe
  C:\Windows\System\qkPsOos.exe
  2⤵
  PID:6048
- C:\Windows\System\btamOGA.exe
  C:\Windows\System\btamOGA.exe
  2⤵
  PID:5400
- C:\Windows\System\hzyCmGL.exe
  C:\Windows\System\hzyCmGL.exe
  2⤵
  PID:6228
- C:\Windows\System\SgtSlHN.exe
  C:\Windows\System\SgtSlHN.exe
  2⤵
  PID:6184
- C:\Windows\System\gwelGTu.exe
  C:\Windows\System\gwelGTu.exe
  2⤵
  PID:6324
- C:\Windows\System\NocyUzt.exe
  C:\Windows\System\NocyUzt.exe
  2⤵
  PID:6252
- C:\Windows\System\BloZeWM.exe
  C:\Windows\System\BloZeWM.exe
  2⤵
  PID:6340
- C:\Windows\System\ZTkbNDR.exe
  C:\Windows\System\ZTkbNDR.exe
  2⤵
  PID:6368
- C:\Windows\System\ikcfQVm.exe
  C:\Windows\System\ikcfQVm.exe
  2⤵
  PID:6404
- C:\Windows\System\CtDqQst.exe
  C:\Windows\System\CtDqQst.exe
  2⤵
  PID:6436
- C:\Windows\System\HTbSxVX.exe
  C:\Windows\System\HTbSxVX.exe
  2⤵
  PID:6460
- C:\Windows\System\QCoJFui.exe
  C:\Windows\System\QCoJFui.exe
  2⤵
  PID:6492
- C:\Windows\System\ZkbVdxP.exe
  C:\Windows\System\ZkbVdxP.exe
  2⤵
  PID:6532
- C:\Windows\System\jlnUNOs.exe
  C:\Windows\System\jlnUNOs.exe
  2⤵
  PID:6568
- C:\Windows\System\ECaTtJV.exe
  C:\Windows\System\ECaTtJV.exe
  2⤵
  PID:6608
- C:\Windows\System\KcvJfce.exe
  C:\Windows\System\KcvJfce.exe
  2⤵
  PID:6632
- C:\Windows\System\oUplRot.exe
  C:\Windows\System\oUplRot.exe
  2⤵
  PID:6716
- C:\Windows\System\ELcqjPS.exe
  C:\Windows\System\ELcqjPS.exe
  2⤵
  PID:6732
- C:\Windows\System\DvxpjgZ.exe
  C:\Windows\System\DvxpjgZ.exe
  2⤵
  PID:6664
- C:\Windows\System\YiXcdjx.exe
  C:\Windows\System\YiXcdjx.exe
  2⤵
  PID:6804
- C:\Windows\System\xguMpWR.exe
  C:\Windows\System\xguMpWR.exe
  2⤵
  PID:6876
- C:\Windows\System\gxKHodX.exe
  C:\Windows\System\gxKHodX.exe
  2⤵
  PID:6748
- C:\Windows\System\BXoleRx.exe
  C:\Windows\System\BXoleRx.exe
  2⤵
  PID:6824
- C:\Windows\System\XVSXpBq.exe
  C:\Windows\System\XVSXpBq.exe
  2⤵
  PID:6784
- C:\Windows\System\khqfLEl.exe
  C:\Windows\System\khqfLEl.exe
  2⤵
  PID:6928
- C:\Windows\System\csHLPUx.exe
  C:\Windows\System\csHLPUx.exe
  2⤵
  PID:6948
- C:\Windows\System\bketVre.exe
  C:\Windows\System\bketVre.exe
  2⤵
  PID:6988
- C:\Windows\System\hXPGEGF.exe
  C:\Windows\System\hXPGEGF.exe
  2⤵
  PID:7004
- C:\Windows\System\jNrTFrf.exe
  C:\Windows\System\jNrTFrf.exe
  2⤵
  PID:7024
- C:\Windows\System\ctwViGU.exe
  C:\Windows\System\ctwViGU.exe
  2⤵
  PID:7120
- C:\Windows\System\tHDtOck.exe
  C:\Windows\System\tHDtOck.exe
  2⤵
  PID:7128
- C:\Windows\System\gDPjIKv.exe
  C:\Windows\System\gDPjIKv.exe
  2⤵
  PID:6056
- C:\Windows\System\KYXqXsi.exe
  C:\Windows\System\KYXqXsi.exe
  2⤵
  PID:5488
- C:\Windows\System\JEKaXod.exe
  C:\Windows\System\JEKaXod.exe
  2⤵
  PID:6236
- C:\Windows\System\PfjrxBe.exe
  C:\Windows\System\PfjrxBe.exe
  2⤵
  PID:6180
- C:\Windows\System\PrkFlfs.exe
  C:\Windows\System\PrkFlfs.exe
  2⤵
  PID:6240
- C:\Windows\System\xgyWciX.exe
  C:\Windows\System\xgyWciX.exe
  2⤵
  PID:6260
- C:\Windows\System\IsYffzg.exe
  C:\Windows\System\IsYffzg.exe
  2⤵
  PID:6364
- C:\Windows\System\VqTLkWC.exe
  C:\Windows\System\VqTLkWC.exe
  2⤵
  PID:6420
- C:\Windows\System\CgsifYh.exe
  C:\Windows\System\CgsifYh.exe
  2⤵
  PID:6456
- C:\Windows\System\JRQqaQJ.exe
  C:\Windows\System\JRQqaQJ.exe
  2⤵
  PID:6604
- C:\Windows\System\gGjPsrS.exe
  C:\Windows\System\gGjPsrS.exe
  2⤵
  PID:6724
- C:\Windows\System\viUWvYj.exe
  C:\Windows\System\viUWvYj.exe
  2⤵
  PID:6584
- C:\Windows\System\FleEtnH.exe
  C:\Windows\System\FleEtnH.exe
  2⤵
  PID:6384
- C:\Windows\System\CqMzDJx.exe
  C:\Windows\System\CqMzDJx.exe
  2⤵
  PID:6680
- C:\Windows\System\QvMIkIL.exe
  C:\Windows\System\QvMIkIL.exe
  2⤵
  PID:6912
- C:\Windows\System\cekZbRM.exe
  C:\Windows\System\cekZbRM.exe
  2⤵
  PID:6936
- C:\Windows\System\LUAYMev.exe
  C:\Windows\System\LUAYMev.exe
  2⤵
  PID:7008
- C:\Windows\System\JXPlzFS.exe
  C:\Windows\System\JXPlzFS.exe
  2⤵
  PID:6816
- C:\Windows\System\QGkvUHf.exe
  C:\Windows\System\QGkvUHf.exe
  2⤵
  PID:7044
- C:\Windows\System\HitsJUW.exe
  C:\Windows\System\HitsJUW.exe
  2⤵
  PID:5992
- C:\Windows\System\XiLiNpi.exe
  C:\Windows\System\XiLiNpi.exe
  2⤵
  PID:6320
- C:\Windows\System\zddyysu.exe
  C:\Windows\System\zddyysu.exe
  2⤵
  PID:6212
- C:\Windows\System\kFDDdXu.exe
  C:\Windows\System\kFDDdXu.exe
  2⤵
  PID:7104
- C:\Windows\System\wCEXSnQ.exe
  C:\Windows\System\wCEXSnQ.exe
  2⤵
  PID:6292
- C:\Windows\System\bwPBlVI.exe
  C:\Windows\System\bwPBlVI.exe
  2⤵
  PID:6480
- C:\Windows\System\oTnowQT.exe
  C:\Windows\System\oTnowQT.exe
  2⤵
  PID:6728
- C:\Windows\System\elxUVkF.exe
  C:\Windows\System\elxUVkF.exe
  2⤵
  PID:6628
- C:\Windows\System\XHsMhDq.exe
  C:\Windows\System\XHsMhDq.exe
  2⤵
  PID:6560
- C:\Windows\System\oqxIAcJ.exe
  C:\Windows\System\oqxIAcJ.exe
  2⤵
  PID:6676
- C:\Windows\System\DBVWvRC.exe
  C:\Windows\System\DBVWvRC.exe
  2⤵
  PID:6908
- C:\Windows\System\mknVPcM.exe
  C:\Windows\System\mknVPcM.exe
  2⤵
  PID:5568
- C:\Windows\System\QWsGlsQ.exe
  C:\Windows\System\QWsGlsQ.exe
  2⤵
  PID:7124
- C:\Windows\System\zelqSIa.exe
  C:\Windows\System\zelqSIa.exe
  2⤵
  PID:6216
- C:\Windows\System\jxvGYog.exe
  C:\Windows\System\jxvGYog.exe
  2⤵
  PID:7164
- C:\Windows\System\DcDIIKM.exe
  C:\Windows\System\DcDIIKM.exe
  2⤵
  PID:5608
- C:\Windows\System\GWaAEaC.exe
  C:\Windows\System\GWaAEaC.exe
  2⤵
  PID:6516
- C:\Windows\System\OycNfCS.exe
  C:\Windows\System\OycNfCS.exe
  2⤵
  PID:6504
- C:\Windows\System\qGApvZC.exe
  C:\Windows\System\qGApvZC.exe
  2⤵
  PID:6840
- C:\Windows\System\RBqpUHN.exe
  C:\Windows\System\RBqpUHN.exe
  2⤵
  PID:6788
- C:\Windows\System\gwtzpnI.exe
  C:\Windows\System\gwtzpnI.exe
  2⤵
  PID:7064
- C:\Windows\System\ohqVDXQ.exe
  C:\Windows\System\ohqVDXQ.exe
  2⤵
  PID:6964
- C:\Windows\System\lXxAWJH.exe
  C:\Windows\System\lXxAWJH.exe
  2⤵
  PID:5828
- C:\Windows\System\WgkyVGm.exe
  C:\Windows\System\WgkyVGm.exe
  2⤵
  PID:6836
- C:\Windows\System\NFPEeGx.exe
  C:\Windows\System\NFPEeGx.exe
  2⤵
  PID:6704
- C:\Windows\System\JkGLJlO.exe
  C:\Windows\System\JkGLJlO.exe
  2⤵
  PID:6256
- C:\Windows\System\nmZfRBl.exe
  C:\Windows\System\nmZfRBl.exe
  2⤵
  PID:6924
- C:\Windows\System\cGViBSa.exe
  C:\Windows\System\cGViBSa.exe
  2⤵
  PID:6396
- C:\Windows\System\DdDnjPC.exe
  C:\Windows\System\DdDnjPC.exe
  2⤵
  PID:6892
- C:\Windows\System\YdTZqwv.exe
  C:\Windows\System\YdTZqwv.exe
  2⤵
  PID:6760
- C:\Windows\System\eZnFtow.exe
  C:\Windows\System\eZnFtow.exe
  2⤵
  PID:6868
- C:\Windows\System\dIfLjQJ.exe
  C:\Windows\System\dIfLjQJ.exe
  2⤵
  PID:7188
- C:\Windows\System\dSYkmUD.exe
  C:\Windows\System\dSYkmUD.exe
  2⤵
  PID:7216
- C:\Windows\System\tUvDssr.exe
  C:\Windows\System\tUvDssr.exe
  2⤵
  PID:7232
- C:\Windows\System\bfUlyQr.exe
  C:\Windows\System\bfUlyQr.exe
  2⤵
  PID:7252
- C:\Windows\System\aUHtWJD.exe
  C:\Windows\System\aUHtWJD.exe
  2⤵
  PID:7272
- C:\Windows\System\TygbxAl.exe
  C:\Windows\System\TygbxAl.exe
  2⤵
  PID:7288
- C:\Windows\System\TdWwtZn.exe
  C:\Windows\System\TdWwtZn.exe
  2⤵
  PID:7312
- C:\Windows\System\XjYPuut.exe
  C:\Windows\System\XjYPuut.exe
  2⤵
  PID:7328
- C:\Windows\System\aOnqGHe.exe
  C:\Windows\System\aOnqGHe.exe
  2⤵
  PID:7348
- C:\Windows\System\bItNQwQ.exe
  C:\Windows\System\bItNQwQ.exe
  2⤵
  PID:7364
- C:\Windows\System\lPuPkHJ.exe
  C:\Windows\System\lPuPkHJ.exe
  2⤵
  PID:7380
- C:\Windows\System\knJVcJN.exe
  C:\Windows\System\knJVcJN.exe
  2⤵
  PID:7416
- C:\Windows\System\JjzSdou.exe
  C:\Windows\System\JjzSdou.exe
  2⤵
  PID:7436
- C:\Windows\System\XryulxG.exe
  C:\Windows\System\XryulxG.exe
  2⤵
  PID:7452
- C:\Windows\System\JFwtHCZ.exe
  C:\Windows\System\JFwtHCZ.exe
  2⤵
  PID:7472
- C:\Windows\System\jbWIvcz.exe
  C:\Windows\System\jbWIvcz.exe
  2⤵
  PID:7488
- C:\Windows\System\NpwwqMB.exe
  C:\Windows\System\NpwwqMB.exe
  2⤵
  PID:7508
- C:\Windows\System\FxKpYOk.exe
  C:\Windows\System\FxKpYOk.exe
  2⤵
  PID:7528
- C:\Windows\System\CGwVyAO.exe
  C:\Windows\System\CGwVyAO.exe
  2⤵
  PID:7552
- C:\Windows\System\EizbIKE.exe
  C:\Windows\System\EizbIKE.exe
  2⤵
  PID:7568
- C:\Windows\System\mLWIiqq.exe
  C:\Windows\System\mLWIiqq.exe
  2⤵
  PID:7588
- C:\Windows\System\wQtjkdh.exe
  C:\Windows\System\wQtjkdh.exe
  2⤵
  PID:7604
- C:\Windows\System\REokmLm.exe
  C:\Windows\System\REokmLm.exe
  2⤵
  PID:7624
- C:\Windows\System\WNxYkSh.exe
  C:\Windows\System\WNxYkSh.exe
  2⤵
  PID:7644
- C:\Windows\System\VVcArxJ.exe
  C:\Windows\System\VVcArxJ.exe
  2⤵
  PID:7664
- C:\Windows\System\HpcubrD.exe
  C:\Windows\System\HpcubrD.exe
  2⤵
  PID:7696
- C:\Windows\System\Gabtrir.exe
  C:\Windows\System\Gabtrir.exe
  2⤵
  PID:7716
- C:\Windows\System\IWjHfsu.exe
  C:\Windows\System\IWjHfsu.exe
  2⤵
  PID:7732
- C:\Windows\System\GedWlAU.exe
  C:\Windows\System\GedWlAU.exe
  2⤵
  PID:7748
- C:\Windows\System\oRexrvF.exe
  C:\Windows\System\oRexrvF.exe
  2⤵
  PID:7764
- C:\Windows\System\pYUUxLF.exe
  C:\Windows\System\pYUUxLF.exe
  2⤵
  PID:7780
- C:\Windows\System\QzRsoEV.exe
  C:\Windows\System\QzRsoEV.exe
  2⤵
  PID:7796
- C:\Windows\System\ExMGAjt.exe
  C:\Windows\System\ExMGAjt.exe
  2⤵
  PID:7816
- C:\Windows\System\CsaCeIP.exe
  C:\Windows\System\CsaCeIP.exe
  2⤵
  PID:7832
- C:\Windows\System\aZkCGIG.exe
  C:\Windows\System\aZkCGIG.exe
  2⤵
  PID:7848
- C:\Windows\System\mwzMWzZ.exe
  C:\Windows\System\mwzMWzZ.exe
  2⤵
  PID:7864
- C:\Windows\System\cyQpftp.exe
  C:\Windows\System\cyQpftp.exe
  2⤵
  PID:7884
- C:\Windows\System\NjGQdVv.exe
  C:\Windows\System\NjGQdVv.exe
  2⤵
  PID:7904
- C:\Windows\System\PuNUJZf.exe
  C:\Windows\System\PuNUJZf.exe
  2⤵
  PID:7920
- C:\Windows\System\eaWSLgY.exe
  C:\Windows\System\eaWSLgY.exe
  2⤵
  PID:7936
- C:\Windows\System\BbxJOoH.exe
  C:\Windows\System\BbxJOoH.exe
  2⤵
  PID:7952
- C:\Windows\System\mQvFnWO.exe
  C:\Windows\System\mQvFnWO.exe
  2⤵
  PID:7968
- C:\Windows\System\olygepZ.exe
  C:\Windows\System\olygepZ.exe
  2⤵
  PID:7984
- C:\Windows\System\jUQzLXb.exe
  C:\Windows\System\jUQzLXb.exe
  2⤵
  PID:8000
- C:\Windows\System\zOkmEVG.exe
  C:\Windows\System\zOkmEVG.exe
  2⤵
  PID:8020
- C:\Windows\System\kuJwFCL.exe
  C:\Windows\System\kuJwFCL.exe
  2⤵
  PID:8040
- C:\Windows\System\CwCAnZZ.exe
  C:\Windows\System\CwCAnZZ.exe
  2⤵
  PID:8060
- C:\Windows\System\pLVMhEB.exe
  C:\Windows\System\pLVMhEB.exe
  2⤵
  PID:8076
- C:\Windows\System\KLjILNv.exe
  C:\Windows\System\KLjILNv.exe
  2⤵
  PID:8092
- C:\Windows\System\ovsaxUs.exe
  C:\Windows\System\ovsaxUs.exe
  2⤵
  PID:8184
- C:\Windows\System\UvlPvhy.exe
  C:\Windows\System\UvlPvhy.exe
  2⤵
  PID:6200
- C:\Windows\System\HDYqJKx.exe
  C:\Windows\System\HDYqJKx.exe
  2⤵
  PID:7180
- C:\Windows\System\xpVIGIK.exe
  C:\Windows\System\xpVIGIK.exe
  2⤵
  PID:7228
- C:\Windows\System\JzhyKpS.exe
  C:\Windows\System\JzhyKpS.exe
  2⤵
  PID:7300
- C:\Windows\System\HqclbBQ.exe
  C:\Windows\System\HqclbBQ.exe
  2⤵
  PID:7336
- C:\Windows\System\wscdwxV.exe
  C:\Windows\System\wscdwxV.exe
  2⤵
  PID:7284
- C:\Windows\System\pIBcDRR.exe
  C:\Windows\System\pIBcDRR.exe
  2⤵
  PID:7360
- C:\Windows\System\bWcoizf.exe
  C:\Windows\System\bWcoizf.exe
  2⤵
  PID:7412
- C:\Windows\System\zLWYUJF.exe
  C:\Windows\System\zLWYUJF.exe
  2⤵
  PID:7432
- C:\Windows\System\kTHaabU.exe
  C:\Windows\System\kTHaabU.exe
  2⤵
  PID:7464
- C:\Windows\System\qkprUfv.exe
  C:\Windows\System\qkprUfv.exe
  2⤵
  PID:7448
- C:\Windows\System\IEYoyap.exe
  C:\Windows\System\IEYoyap.exe
  2⤵
  PID:7548
- C:\Windows\System\MinGFji.exe
  C:\Windows\System\MinGFji.exe
  2⤵
  PID:7584
- C:\Windows\System\hEQPkDE.exe
  C:\Windows\System\hEQPkDE.exe
  2⤵
  PID:7516
- C:\Windows\System\ZCRJcUN.exe
  C:\Windows\System\ZCRJcUN.exe
  2⤵
  PID:7656
- C:\Windows\System\ZAsKZAY.exe
  C:\Windows\System\ZAsKZAY.exe
  2⤵
  PID:7640
- C:\Windows\System\GlGxRlN.exe
  C:\Windows\System\GlGxRlN.exe
  2⤵
  PID:7680
- C:\Windows\System\HJSPxxL.exe
  C:\Windows\System\HJSPxxL.exe
  2⤵
  PID:7728
- C:\Windows\System\QKCVnyQ.exe
  C:\Windows\System\QKCVnyQ.exe
  2⤵
  PID:7772
- C:\Windows\System\rGcCtSv.exe
  C:\Windows\System\rGcCtSv.exe
  2⤵
  PID:7824
- C:\Windows\System\agtGVEV.exe
  C:\Windows\System\agtGVEV.exe
  2⤵
  PID:7860
- C:\Windows\System\XEITUYM.exe
  C:\Windows\System\XEITUYM.exe
  2⤵
  PID:7872
- C:\Windows\System\bovTiwc.exe
  C:\Windows\System\bovTiwc.exe
  2⤵
  PID:7932
- C:\Windows\System\UiOvqZp.exe
  C:\Windows\System\UiOvqZp.exe
  2⤵
  PID:8036
- C:\Windows\System\OBavmAm.exe
  C:\Windows\System\OBavmAm.exe
  2⤵
  PID:8008
- C:\Windows\System\XAuIsCl.exe
  C:\Windows\System\XAuIsCl.exe
  2⤵
  PID:7912
- C:\Windows\System\icfOwds.exe
  C:\Windows\System\icfOwds.exe
  2⤵
  PID:7976
- C:\Windows\System\xvfQnkK.exe
  C:\Windows\System\xvfQnkK.exe
  2⤵
  PID:8100
- C:\Windows\System\tvVPnYN.exe
  C:\Windows\System\tvVPnYN.exe
  2⤵
  PID:8120
- C:\Windows\System\pNzZCkD.exe
  C:\Windows\System\pNzZCkD.exe
  2⤵
  PID:8136
- C:\Windows\System\HXiiFOG.exe
  C:\Windows\System\HXiiFOG.exe
  2⤵
  PID:8160
- C:\Windows\System\gxDCKbf.exe
  C:\Windows\System\gxDCKbf.exe
  2⤵
  PID:8172
- C:\Windows\System\CARJSis.exe
  C:\Windows\System\CARJSis.exe
  2⤵
  PID:8108
- C:\Windows\System\ejMQsks.exe
  C:\Windows\System\ejMQsks.exe
  2⤵
  PID:7264
- C:\Windows\System\NkuBURl.exe
  C:\Windows\System\NkuBURl.exe
  2⤵
  PID:7296
- C:\Windows\System\cZXptvS.exe
  C:\Windows\System\cZXptvS.exe
  2⤵
  PID:7344
- C:\Windows\System\WUDmCgx.exe
  C:\Windows\System\WUDmCgx.exe
  2⤵
  PID:7424
- C:\Windows\System\QjMuZIc.exe
  C:\Windows\System\QjMuZIc.exe
  2⤵
  PID:7444
- C:\Windows\System\SkoefeR.exe
  C:\Windows\System\SkoefeR.exe
  2⤵
  PID:7540
- C:\Windows\System\QGmYueq.exe
  C:\Windows\System\QGmYueq.exe
  2⤵
  PID:7564
- C:\Windows\System\sgmuzKW.exe
  C:\Windows\System\sgmuzKW.exe
  2⤵
  PID:7620
- C:\Windows\System\IdzBIhc.exe
  C:\Windows\System\IdzBIhc.exe
  2⤵
  PID:7724
- C:\Windows\System\MXkiBhV.exe
  C:\Windows\System\MXkiBhV.exe
  2⤵
  PID:7708
- C:\Windows\System\jAOXQwh.exe
  C:\Windows\System\jAOXQwh.exe
  2⤵
  PID:7792
- C:\Windows\System\vNImqvA.exe
  C:\Windows\System\vNImqvA.exe
  2⤵
  PID:7788
- C:\Windows\System\XVcqIEx.exe
  C:\Windows\System\XVcqIEx.exe
  2⤵
  PID:7900
- C:\Windows\System\rxgjpyN.exe
  C:\Windows\System\rxgjpyN.exe
  2⤵
  PID:8016
- C:\Windows\System\iNxcKME.exe
  C:\Windows\System\iNxcKME.exe
  2⤵
  PID:7916
- C:\Windows\System\CineTsi.exe
  C:\Windows\System\CineTsi.exe
  2⤵
  PID:8116
- C:\Windows\System\HPZbLZi.exe
  C:\Windows\System\HPZbLZi.exe
  2⤵
  PID:6972
- C:\Windows\System\cEkLMcH.exe
  C:\Windows\System\cEkLMcH.exe
  2⤵
  PID:8132
- C:\Windows\System\IFgiNJU.exe
  C:\Windows\System\IFgiNJU.exe
  2⤵
  PID:7320
- C:\Windows\System\ZIqBmeF.exe
  C:\Windows\System\ZIqBmeF.exe
  2⤵
  PID:7408
- C:\Windows\System\YszrocF.exe
  C:\Windows\System\YszrocF.exe
  2⤵
  PID:7340
- C:\Windows\System\LmxOQGu.exe
  C:\Windows\System\LmxOQGu.exe
  2⤵
  PID:7484
- C:\Windows\System\tmYdxxJ.exe
  C:\Windows\System\tmYdxxJ.exe
  2⤵
  PID:7672
- C:\Windows\System\diZEqWm.exe
  C:\Windows\System\diZEqWm.exe
  2⤵
  PID:7636
- C:\Windows\System\FPbNDuK.exe
  C:\Windows\System\FPbNDuK.exe
  2⤵
  PID:7776
- C:\Windows\System\lOfWMDE.exe
  C:\Windows\System\lOfWMDE.exe
  2⤵
  PID:7992
- C:\Windows\System\SCPnmOw.exe
  C:\Windows\System\SCPnmOw.exe
  2⤵
  PID:7840
- C:\Windows\System\iSzDFRl.exe
  C:\Windows\System\iSzDFRl.exe
  2⤵
  PID:6764
- C:\Windows\System\zwVoJsV.exe
  C:\Windows\System\zwVoJsV.exe
  2⤵
  PID:8152
- C:\Windows\System\oPDpDui.exe
  C:\Windows\System\oPDpDui.exe
  2⤵
  PID:8088
- C:\Windows\System\jvnbdlW.exe
  C:\Windows\System\jvnbdlW.exe
  2⤵
  PID:7404
- C:\Windows\System\mGEkSVt.exe
  C:\Windows\System\mGEkSVt.exe
  2⤵
  PID:7744
- C:\Windows\System\yRBdgCV.exe
  C:\Windows\System\yRBdgCV.exe
  2⤵
  PID:7524
- C:\Windows\System\OvamElS.exe
  C:\Windows\System\OvamElS.exe
  2⤵
  PID:7704
- C:\Windows\System\xSRODat.exe
  C:\Windows\System\xSRODat.exe
  2⤵
  PID:7856
- C:\Windows\System\bMlubBS.exe
  C:\Windows\System\bMlubBS.exe
  2⤵
  PID:7280
- C:\Windows\System\QLYgHVG.exe
  C:\Windows\System\QLYgHVG.exe
  2⤵
  PID:7944
- C:\Windows\System\DHiqtby.exe
  C:\Windows\System\DHiqtby.exe
  2⤵
  PID:7600
- C:\Windows\System\eMGcEBs.exe
  C:\Windows\System\eMGcEBs.exe
  2⤵
  PID:8056
- C:\Windows\System\lhXweBE.exe
  C:\Windows\System\lhXweBE.exe
  2⤵
  PID:7928
- C:\Windows\System\HAEOvLp.exe
  C:\Windows\System\HAEOvLp.exe
  2⤵
  PID:7676
- C:\Windows\System\FomElDr.exe
  C:\Windows\System\FomElDr.exe
  2⤵
  PID:7712
- C:\Windows\System\NbIuVUd.exe
  C:\Windows\System\NbIuVUd.exe
  2⤵
  PID:8216
- C:\Windows\System\abjIBca.exe
  C:\Windows\System\abjIBca.exe
  2⤵
  PID:8232
- C:\Windows\System\tJWkZGn.exe
  C:\Windows\System\tJWkZGn.exe
  2⤵
  PID:8248
- C:\Windows\System\DvrIlRM.exe
  C:\Windows\System\DvrIlRM.exe
  2⤵
  PID:8264
- C:\Windows\System\ZICwWkJ.exe
  C:\Windows\System\ZICwWkJ.exe
  2⤵
  PID:8284
- C:\Windows\System\RLdWUzL.exe
  C:\Windows\System\RLdWUzL.exe
  2⤵
  PID:8300
- C:\Windows\System\egvfADt.exe
  C:\Windows\System\egvfADt.exe
  2⤵
  PID:8336
- C:\Windows\System\jBGIrHY.exe
  C:\Windows\System\jBGIrHY.exe
  2⤵
  PID:8356
- C:\Windows\System\mVcrNBL.exe
  C:\Windows\System\mVcrNBL.exe
  2⤵
  PID:8372
- C:\Windows\System\jgMVnlJ.exe
  C:\Windows\System\jgMVnlJ.exe
  2⤵
  PID:8388
- C:\Windows\System\TDJOIen.exe
  C:\Windows\System\TDJOIen.exe
  2⤵
  PID:8404
- C:\Windows\System\qXPVKDZ.exe
  C:\Windows\System\qXPVKDZ.exe
  2⤵
  PID:8440
- C:\Windows\System\pWLJDTi.exe
  C:\Windows\System\pWLJDTi.exe
  2⤵
  PID:8456
- C:\Windows\System\HFQifoF.exe
  C:\Windows\System\HFQifoF.exe
  2⤵
  PID:8472
- C:\Windows\System\NKnxMsC.exe
  C:\Windows\System\NKnxMsC.exe
  2⤵
  PID:8488
- C:\Windows\System\oPtBhrS.exe
  C:\Windows\System\oPtBhrS.exe
  2⤵
  PID:8508
- C:\Windows\System\cHlYvVg.exe
  C:\Windows\System\cHlYvVg.exe
  2⤵
  PID:8524
- C:\Windows\System\TtBTnYa.exe
  C:\Windows\System\TtBTnYa.exe
  2⤵
  PID:8548
- C:\Windows\System\gRttLBz.exe
  C:\Windows\System\gRttLBz.exe
  2⤵
  PID:8580
- C:\Windows\System\oEwBZWZ.exe
  C:\Windows\System\oEwBZWZ.exe
  2⤵
  PID:8596
- C:\Windows\System\bcdLDYo.exe
  C:\Windows\System\bcdLDYo.exe
  2⤵
  PID:8616
- C:\Windows\System\mcUAQfK.exe
  C:\Windows\System\mcUAQfK.exe
  2⤵
  PID:8640
- C:\Windows\System\rtgLxUt.exe
  C:\Windows\System\rtgLxUt.exe
  2⤵
  PID:8656
- C:\Windows\System\YvkgpUW.exe
  C:\Windows\System\YvkgpUW.exe
  2⤵
  PID:8680
- C:\Windows\System\wuFHqjg.exe
  C:\Windows\System\wuFHqjg.exe
  2⤵
  PID:8696
- C:\Windows\System\GfCBOci.exe
  C:\Windows\System\GfCBOci.exe
  2⤵
  PID:8720
- C:\Windows\System\GrlLoeW.exe
  C:\Windows\System\GrlLoeW.exe
  2⤵
  PID:8736
- C:\Windows\System\tgpFMVO.exe
  C:\Windows\System\tgpFMVO.exe
  2⤵
  PID:8756
- C:\Windows\System\dGtRzKN.exe
  C:\Windows\System\dGtRzKN.exe
  2⤵
  PID:8776
- C:\Windows\System\DNqOeah.exe
  C:\Windows\System\DNqOeah.exe
  2⤵
  PID:8792
- C:\Windows\System\yhCgyww.exe
  C:\Windows\System\yhCgyww.exe
  2⤵
  PID:8812
- C:\Windows\System\bHUKsiu.exe
  C:\Windows\System\bHUKsiu.exe
  2⤵
  PID:8828
- C:\Windows\System\ZrapWXC.exe
  C:\Windows\System\ZrapWXC.exe
  2⤵
  PID:8844
- C:\Windows\System\anXdYhh.exe
  C:\Windows\System\anXdYhh.exe
  2⤵
  PID:8880
- C:\Windows\System\PBJPPLD.exe
  C:\Windows\System\PBJPPLD.exe
  2⤵
  PID:8896
- C:\Windows\System\FkwUKmm.exe
  C:\Windows\System\FkwUKmm.exe
  2⤵
  PID:8912
- C:\Windows\System\GwOdpsJ.exe
  C:\Windows\System\GwOdpsJ.exe
  2⤵
  PID:8932
- C:\Windows\System\ayIsqrV.exe
  C:\Windows\System\ayIsqrV.exe
  2⤵
  PID:8948
- C:\Windows\System\cxOLMpM.exe
  C:\Windows\System\cxOLMpM.exe
  2⤵
  PID:8968
- C:\Windows\System\qUdEHHJ.exe
  C:\Windows\System\qUdEHHJ.exe
  2⤵
  PID:8988
- C:\Windows\System\uWJhRgj.exe
  C:\Windows\System\uWJhRgj.exe
  2⤵
  PID:9004
- C:\Windows\System\uxzmjiM.exe
  C:\Windows\System\uxzmjiM.exe
  2⤵
  PID:9024
- C:\Windows\System\ykVYQli.exe
  C:\Windows\System\ykVYQli.exe
  2⤵
  PID:9040
- C:\Windows\System\oIslnvP.exe
  C:\Windows\System\oIslnvP.exe
  2⤵
  PID:9056
- C:\Windows\System\EDTspFY.exe
  C:\Windows\System\EDTspFY.exe
  2⤵
  PID:9072
- C:\Windows\System\PmqCQDZ.exe
  C:\Windows\System\PmqCQDZ.exe
  2⤵
  PID:9112
- C:\Windows\System\znWoTMe.exe
  C:\Windows\System\znWoTMe.exe
  2⤵
  PID:9128
- C:\Windows\System\nkkQaRC.exe
  C:\Windows\System\nkkQaRC.exe
  2⤵
  PID:9144
- C:\Windows\System\bqcvsNC.exe
  C:\Windows\System\bqcvsNC.exe
  2⤵
  PID:9160
- C:\Windows\System\OEDrnOQ.exe
  C:\Windows\System\OEDrnOQ.exe
  2⤵
  PID:9192
- C:\Windows\System\yLOsnJN.exe
  C:\Windows\System\yLOsnJN.exe
  2⤵
  PID:7964
- C:\Windows\System\gOCTMlc.exe
  C:\Windows\System\gOCTMlc.exe
  2⤵
  PID:7688
- C:\Windows\System\OMlqTeE.exe
  C:\Windows\System\OMlqTeE.exe
  2⤵
  PID:8200
- C:\Windows\System\kSIQstt.exe
  C:\Windows\System\kSIQstt.exe
  2⤵
  PID:8292
- C:\Windows\System\MPRsHDv.exe
  C:\Windows\System\MPRsHDv.exe
  2⤵
  PID:8272
- C:\Windows\System\DDgToOK.exe
  C:\Windows\System\DDgToOK.exe
  2⤵
  PID:8344
- C:\Windows\System\AhUAkNu.exe
  C:\Windows\System\AhUAkNu.exe
  2⤵
  PID:8276
- C:\Windows\System\buGwAQJ.exe
  C:\Windows\System\buGwAQJ.exe
  2⤵
  PID:8416
- C:\Windows\System\RIVmqKm.exe
  C:\Windows\System\RIVmqKm.exe
  2⤵
  PID:8324
- C:\Windows\System\TOSKsTF.exe
  C:\Windows\System\TOSKsTF.exe
  2⤵
  PID:8436
- C:\Windows\System\aceXYGt.exe
  C:\Windows\System\aceXYGt.exe
  2⤵
  PID:8332
- C:\Windows\System\QBaEaxj.exe
  C:\Windows\System\QBaEaxj.exe
  2⤵
  PID:8500
- C:\Windows\System\xqNjhFQ.exe
  C:\Windows\System\xqNjhFQ.exe
  2⤵
  PID:8516
- C:\Windows\System\IzRjFgw.exe
  C:\Windows\System\IzRjFgw.exe
  2⤵
  PID:8448
- C:\Windows\System\jWcZNwj.exe
  C:\Windows\System\jWcZNwj.exe
  2⤵
  PID:8452
- C:\Windows\System\zIykNnD.exe
  C:\Windows\System\zIykNnD.exe
  2⤵
  PID:8560
- C:\Windows\System\JVqdlSG.exe
  C:\Windows\System\JVqdlSG.exe
  2⤵
  PID:8624
- C:\Windows\System\gdgMalA.exe
  C:\Windows\System\gdgMalA.exe
  2⤵
  PID:8604
- C:\Windows\System\hiqEuwh.exe
  C:\Windows\System\hiqEuwh.exe
  2⤵
  PID:8668
- C:\Windows\System\HTjirpA.exe
  C:\Windows\System\HTjirpA.exe
  2⤵
  PID:8716
- C:\Windows\System\IXErzgE.exe
  C:\Windows\System\IXErzgE.exe
  2⤵
  PID:8836
- C:\Windows\System\rKQHmsD.exe
  C:\Windows\System\rKQHmsD.exe
  2⤵
  PID:8748
- C:\Windows\System\LMjMuug.exe
  C:\Windows\System\LMjMuug.exe
  2⤵
  PID:8804
- C:\Windows\System\oIHFQfn.exe
  C:\Windows\System\oIHFQfn.exe
  2⤵
  PID:8860
- C:\Windows\System\wntQHIN.exe
  C:\Windows\System\wntQHIN.exe
  2⤵
  PID:8840
- C:\Windows\System\klugvtn.exe
  C:\Windows\System\klugvtn.exe
  2⤵
  PID:8904
- C:\Windows\System\LnbCyQz.exe
  C:\Windows\System\LnbCyQz.exe
  2⤵
  PID:8984
- C:\Windows\System\pkPkrZJ.exe
  C:\Windows\System\pkPkrZJ.exe
  2⤵
  PID:9000
- C:\Windows\System\SnoyJpJ.exe
  C:\Windows\System\SnoyJpJ.exe
  2⤵
  PID:8924
- C:\Windows\System\ecYPYgH.exe
  C:\Windows\System\ecYPYgH.exe
  2⤵
  PID:9080
- C:\Windows\System\vXKQfZX.exe
  C:\Windows\System\vXKQfZX.exe
  2⤵
  PID:9096
- C:\Windows\System\MbdXvLy.exe
  C:\Windows\System\MbdXvLy.exe
  2⤵
  PID:9152
- C:\Windows\System\LCuwWFD.exe
  C:\Windows\System\LCuwWFD.exe
  2⤵
  PID:9052
- C:\Windows\System\QOtCicB.exe
  C:\Windows\System\QOtCicB.exe
  2⤵
  PID:9176
- C:\Windows\System\GgJCvmS.exe
  C:\Windows\System\GgJCvmS.exe
  2⤵
  PID:9204
- C:\Windows\System\DKVixRn.exe
  C:\Windows\System\DKVixRn.exe
  2⤵
  PID:7244
- C:\Windows\System\GbcLPSn.exe
  C:\Windows\System\GbcLPSn.exe
  2⤵
  PID:8028
- C:\Windows\System\skDmQvc.exe
  C:\Windows\System\skDmQvc.exe
  2⤵
  PID:8212
- C:\Windows\System\mTWnUEA.exe
  C:\Windows\System\mTWnUEA.exe
  2⤵
  PID:8364
- C:\Windows\System\JPxeDZQ.exe
  C:\Windows\System\JPxeDZQ.exe
  2⤵
  PID:8496
- C:\Windows\System\RCgDJIN.exe
  C:\Windows\System\RCgDJIN.exe
  2⤵
  PID:8532
- C:\Windows\System\bnlOhWq.exe
  C:\Windows\System\bnlOhWq.exe
  2⤵
  PID:8564
- C:\Windows\System\bfOyPpk.exe
  C:\Windows\System\bfOyPpk.exe
  2⤵
  PID:8608
- C:\Windows\System\ycMhnyr.exe
  C:\Windows\System\ycMhnyr.exe
  2⤵
  PID:8704
- C:\Windows\System\gYEwEpK.exe
  C:\Windows\System\gYEwEpK.exe
  2⤵
  PID:8768
- C:\Windows\System\HkSBdOq.exe
  C:\Windows\System\HkSBdOq.exe
  2⤵
  PID:8784
- C:\Windows\System\BiaFIUN.exe
  C:\Windows\System\BiaFIUN.exe
  2⤵
  PID:8944
- C:\Windows\System\RUiZbdM.exe
  C:\Windows\System\RUiZbdM.exe
  2⤵
  PID:8876
- C:\Windows\System\PETDYHi.exe
  C:\Windows\System\PETDYHi.exe
  2⤵
  PID:8980
- C:\Windows\System\FIrLEhZ.exe
  C:\Windows\System\FIrLEhZ.exe
  2⤵
  PID:9068
- C:\Windows\System\rJFJatq.exe
  C:\Windows\System\rJFJatq.exe
  2⤵
  PID:8964
- C:\Windows\System\PDCGjTc.exe
  C:\Windows\System\PDCGjTc.exe
  2⤵
  PID:9124
- C:\Windows\System\vUnAGqM.exe
  C:\Windows\System\vUnAGqM.exe
  2⤵
  PID:9140
- C:\Windows\System\kDEBNyC.exe
  C:\Windows\System\kDEBNyC.exe
  2⤵
  PID:8224
- C:\Windows\System\TfCNOsP.exe
  C:\Windows\System\TfCNOsP.exe
  2⤵
  PID:7428
- C:\Windows\System\VrcpaUc.exe
  C:\Windows\System\VrcpaUc.exe
  2⤵
  PID:8240
- C:\Windows\System\VCdwqNm.exe
  C:\Windows\System\VCdwqNm.exe
  2⤵
  PID:8244
- C:\Windows\System\HLDoSWm.exe
  C:\Windows\System\HLDoSWm.exe
  2⤵
  PID:8400
- C:\Windows\System\EerSbcD.exe
  C:\Windows\System\EerSbcD.exe
  2⤵
  PID:8420
- C:\Windows\System\JrgsRUV.exe
  C:\Windows\System\JrgsRUV.exe
  2⤵
  PID:8960
- C:\Windows\System\zvtARkY.exe
  C:\Windows\System\zvtARkY.exe
  2⤵
  PID:9212
- C:\Windows\System\eoCyzqX.exe
  C:\Windows\System\eoCyzqX.exe
  2⤵
  PID:8296
- C:\Windows\System\HWxEqNi.exe
  C:\Windows\System\HWxEqNi.exe
  2⤵
  PID:9156
- C:\Windows\System\UyvomCw.exe
  C:\Windows\System\UyvomCw.exe
  2⤵
  PID:8208
- C:\Windows\System\KsdvUCd.exe
  C:\Windows\System\KsdvUCd.exe
  2⤵
  PID:8744
- C:\Windows\System\bGxaFaj.exe
  C:\Windows\System\bGxaFaj.exe
  2⤵
  PID:8892
- C:\Windows\System\CIABffN.exe
  C:\Windows\System\CIABffN.exe
  2⤵
  PID:8764
- C:\Windows\System\LxBAwUc.exe
  C:\Windows\System\LxBAwUc.exe
  2⤵
  PID:8788
- C:\Windows\System\VBRAESK.exe
  C:\Windows\System\VBRAESK.exe
  2⤵
  PID:9120
- C:\Windows\System\NZdPmvR.exe
  C:\Windows\System\NZdPmvR.exe
  2⤵
  PID:8544
- C:\Windows\System\VZnuOeZ.exe
  C:\Windows\System\VZnuOeZ.exe
  2⤵
  PID:8676
- C:\Windows\System\FAOfNsi.exe
  C:\Windows\System\FAOfNsi.exe
  2⤵
  PID:9084
- C:\Windows\System\mLRADai.exe
  C:\Windows\System\mLRADai.exe
  2⤵
  PID:8852
- C:\Windows\System\yOarjdx.exe
  C:\Windows\System\yOarjdx.exe
  2⤵
  PID:9200
- C:\Windows\System\WDYJvMp.exe
  C:\Windows\System\WDYJvMp.exe
  2⤵
  PID:9104
- C:\Windows\System\ojLidJJ.exe
  C:\Windows\System\ojLidJJ.exe
  2⤵
  PID:8652
- C:\Windows\System\eARtfZQ.exe
  C:\Windows\System\eARtfZQ.exe
  2⤵
  PID:9232
- C:\Windows\System\sHSiUBs.exe
  C:\Windows\System\sHSiUBs.exe
  2⤵
  PID:9268
- C:\Windows\System\lpMZuWv.exe
  C:\Windows\System\lpMZuWv.exe
  2⤵
  PID:9284
- C:\Windows\System\rBMkasn.exe
  C:\Windows\System\rBMkasn.exe
  2⤵
  PID:9300
- C:\Windows\System\NeTEsmU.exe
  C:\Windows\System\NeTEsmU.exe
  2⤵
  PID:9316
- C:\Windows\System\znduRSF.exe
  C:\Windows\System\znduRSF.exe
  2⤵
  PID:9336
- C:\Windows\System\KWLUcVK.exe
  C:\Windows\System\KWLUcVK.exe
  2⤵
  PID:9360
- C:\Windows\System\jeaZjXp.exe
  C:\Windows\System\jeaZjXp.exe
  2⤵
  PID:9376
- C:\Windows\System\UeZZAvB.exe
  C:\Windows\System\UeZZAvB.exe
  2⤵
  PID:9404
- C:\Windows\System\XGwVPBS.exe
  C:\Windows\System\XGwVPBS.exe
  2⤵
  PID:9424
- C:\Windows\System\HwinLWb.exe
  C:\Windows\System\HwinLWb.exe
  2⤵
  PID:9444
- C:\Windows\System\WQiSHZa.exe
  C:\Windows\System\WQiSHZa.exe
  2⤵
  PID:9464
- C:\Windows\System\eqxylrH.exe
  C:\Windows\System\eqxylrH.exe
  2⤵
  PID:9488
- C:\Windows\System\tMBFBZC.exe
  C:\Windows\System\tMBFBZC.exe
  2⤵
  PID:9504
- C:\Windows\System\RkQVUGD.exe
  C:\Windows\System\RkQVUGD.exe
  2⤵
  PID:9524
- C:\Windows\System\EAISSbA.exe
  C:\Windows\System\EAISSbA.exe
  2⤵
  PID:9544
- C:\Windows\System\JVoNqIi.exe
  C:\Windows\System\JVoNqIi.exe
  2⤵
  PID:9564
- C:\Windows\System\hjNZqqM.exe
  C:\Windows\System\hjNZqqM.exe
  2⤵
  PID:9584
- C:\Windows\System\EceGjyM.exe
  C:\Windows\System\EceGjyM.exe
  2⤵
  PID:9604
- C:\Windows\System\jJtJdHm.exe
  C:\Windows\System\jJtJdHm.exe
  2⤵
  PID:9628
- C:\Windows\System\zOjXkSq.exe
  C:\Windows\System\zOjXkSq.exe
  2⤵
  PID:9648
- C:\Windows\System\WEOkEsf.exe
  C:\Windows\System\WEOkEsf.exe
  2⤵
  PID:9672
- C:\Windows\System\rnTYJnr.exe
  C:\Windows\System\rnTYJnr.exe
  2⤵
  PID:9688
- C:\Windows\System\JGkTVbQ.exe
  C:\Windows\System\JGkTVbQ.exe
  2⤵
  PID:9708
- C:\Windows\System\gpbUZbX.exe
  C:\Windows\System\gpbUZbX.exe
  2⤵
  PID:9728
- C:\Windows\System\oLYkuWh.exe
  C:\Windows\System\oLYkuWh.exe
  2⤵
  PID:9744
- C:\Windows\System\OpHkDBx.exe
  C:\Windows\System\OpHkDBx.exe
  2⤵
  PID:9764
- C:\Windows\System\TfnjRxH.exe
  C:\Windows\System\TfnjRxH.exe
  2⤵
  PID:9784
- C:\Windows\System\takOOXH.exe
  C:\Windows\System\takOOXH.exe
  2⤵
  PID:9804
- C:\Windows\System\bnJbHBz.exe
  C:\Windows\System\bnJbHBz.exe
  2⤵
  PID:9820
- C:\Windows\System\ejdFSZG.exe
  C:\Windows\System\ejdFSZG.exe
  2⤵
  PID:9840
- C:\Windows\System\mdXDfid.exe
  C:\Windows\System\mdXDfid.exe
  2⤵
  PID:9868
- C:\Windows\System\ggiIyZx.exe
  C:\Windows\System\ggiIyZx.exe
  2⤵
  PID:9884
- C:\Windows\System\rYFYJje.exe
  C:\Windows\System\rYFYJje.exe
  2⤵
  PID:9900
- C:\Windows\System\LRyGzXR.exe
  C:\Windows\System\LRyGzXR.exe
  2⤵
  PID:9924
- C:\Windows\System\ShhSXXg.exe
  C:\Windows\System\ShhSXXg.exe
  2⤵
  PID:9944
- C:\Windows\System\wskigjg.exe
  C:\Windows\System\wskigjg.exe
  2⤵
  PID:9960
- C:\Windows\System\YoqjTxF.exe
  C:\Windows\System\YoqjTxF.exe
  2⤵
  PID:9976
- C:\Windows\System\osRVpFa.exe
  C:\Windows\System\osRVpFa.exe
  2⤵
  PID:9996
- C:\Windows\System\lTWfTLD.exe
  C:\Windows\System\lTWfTLD.exe
  2⤵
  PID:10012
- C:\Windows\System\gPfbcmW.exe
  C:\Windows\System\gPfbcmW.exe
  2⤵
  PID:10028
- C:\Windows\System\uUMQBlX.exe
  C:\Windows\System\uUMQBlX.exe
  2⤵
  PID:10048
- C:\Windows\System\aBbmkTJ.exe
  C:\Windows\System\aBbmkTJ.exe
  2⤵
  PID:10068
- C:\Windows\System\bGQpAga.exe
  C:\Windows\System\bGQpAga.exe
  2⤵
  PID:10088
- C:\Windows\System\VmKzvaa.exe
  C:\Windows\System\VmKzvaa.exe
  2⤵
  PID:10112
- C:\Windows\System\VdqtqqD.exe
  C:\Windows\System\VdqtqqD.exe
  2⤵
  PID:10156
- C:\Windows\System\prVEZUN.exe
  C:\Windows\System\prVEZUN.exe
  2⤵
  PID:10176
- C:\Windows\System\EzoFJpY.exe
  C:\Windows\System\EzoFJpY.exe
  2⤵
  PID:10196
- C:\Windows\System\xmrhmKY.exe
  C:\Windows\System\xmrhmKY.exe
  2⤵
  PID:10216
- C:\Windows\System\hSivSoz.exe
  C:\Windows\System\hSivSoz.exe
  2⤵
  PID:10232
- C:\Windows\System\yfdCdEw.exe
  C:\Windows\System\yfdCdEw.exe
  2⤵
  PID:8588
- C:\Windows\System\FYWKyPS.exe
  C:\Windows\System\FYWKyPS.exe
  2⤵
  PID:9036
- C:\Windows\System\WjVlMbs.exe
  C:\Windows\System\WjVlMbs.exe
  2⤵
  PID:8308
- C:\Windows\System\xKkKHdA.exe
  C:\Windows\System\xKkKHdA.exe
  2⤵
  PID:9296
- C:\Windows\System\HForzpy.exe
  C:\Windows\System\HForzpy.exe
  2⤵
  PID:9332
- C:\Windows\System\bOxiDQL.exe
  C:\Windows\System\bOxiDQL.exe
  2⤵
  PID:9388
- C:\Windows\System\sfguEAT.exe
  C:\Windows\System\sfguEAT.exe
  2⤵
  PID:9416
- C:\Windows\System\MReCrwA.exe
  C:\Windows\System\MReCrwA.exe
  2⤵
  PID:9312
- C:\Windows\System\FUWyhhZ.exe
  C:\Windows\System\FUWyhhZ.exe
  2⤵
  PID:9396
- C:\Windows\System\qSqbDHc.exe
  C:\Windows\System\qSqbDHc.exe
  2⤵
  PID:9432
- C:\Windows\System\gJSgiHq.exe
  C:\Windows\System\gJSgiHq.exe
  2⤵
  PID:9496
- C:\Windows\System\wihprqn.exe
  C:\Windows\System\wihprqn.exe
  2⤵
  PID:9540
- C:\Windows\System\fcAmNKx.exe
  C:\Windows\System\fcAmNKx.exe
  2⤵
  PID:9572
- C:\Windows\System\cvdwSJD.exe
  C:\Windows\System\cvdwSJD.exe
  2⤵
  PID:9616
- C:\Windows\System\ZxlJacS.exe
  C:\Windows\System\ZxlJacS.exe
  2⤵
  PID:9640
- C:\Windows\System\dCozlyk.exe
  C:\Windows\System\dCozlyk.exe
  2⤵
  PID:9664
- C:\Windows\System\tpQTDqM.exe
  C:\Windows\System\tpQTDqM.exe
  2⤵
  PID:9696
- C:\Windows\System\lDDusbQ.exe
  C:\Windows\System\lDDusbQ.exe
  2⤵
  PID:9720
- C:\Windows\System\bSWDpZS.exe
  C:\Windows\System\bSWDpZS.exe
  2⤵
  PID:9812
- C:\Windows\System\WpOsDSM.exe
  C:\Windows\System\WpOsDSM.exe
  2⤵
  PID:9828
- C:\Windows\System\EEmjVpF.exe
  C:\Windows\System\EEmjVpF.exe
  2⤵
  PID:2080
- C:\Windows\System\XuXrPIO.exe
  C:\Windows\System\XuXrPIO.exe
  2⤵
  PID:2356
- C:\Windows\System\bFBYYUX.exe
  C:\Windows\System\bFBYYUX.exe
  2⤵
  PID:9860
- C:\Windows\System\coRaTih.exe
  C:\Windows\System\coRaTih.exe
  2⤵
  PID:9892
- C:\Windows\System\anNDdDw.exe
  C:\Windows\System\anNDdDw.exe
  2⤵
  PID:9936
- C:\Windows\System\UAEVKQP.exe
  C:\Windows\System\UAEVKQP.exe
  2⤵
  PID:10040
- C:\Windows\System\MTUKNRR.exe
  C:\Windows\System\MTUKNRR.exe
  2⤵
  PID:9880
- C:\Windows\System\sXfaPmL.exe
  C:\Windows\System\sXfaPmL.exe
  2⤵
  PID:10020
- C:\Windows\System\AODUFYj.exe
  C:\Windows\System\AODUFYj.exe
  2⤵
  PID:10064
- C:\Windows\System\HzvKHEH.exe
  C:\Windows\System\HzvKHEH.exe
  2⤵
  PID:10124
- C:\Windows\System\vHElVpY.exe
  C:\Windows\System\vHElVpY.exe
  2⤵
  PID:10144
- C:\Windows\System\xQsNbYR.exe
  C:\Windows\System\xQsNbYR.exe
  2⤵
  PID:10100
- C:\Windows\System\sELZhuW.exe
  C:\Windows\System\sELZhuW.exe
  2⤵
  PID:10168
- C:\Windows\System\pssEHax.exe
  C:\Windows\System\pssEHax.exe
  2⤵
  PID:10224
- C:\Windows\System\LsTkhDh.exe
  C:\Windows\System\LsTkhDh.exe
  2⤵
  PID:8956
- C:\Windows\System\DWvSSCC.exe
  C:\Windows\System\DWvSSCC.exe
  2⤵
  PID:9260
- C:\Windows\System\EPGKVxI.exe
  C:\Windows\System\EPGKVxI.exe
  2⤵
  PID:8864
- C:\Windows\System\zcMHXdA.exe
  C:\Windows\System\zcMHXdA.exe
  2⤵
  PID:7504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AuxBZDJ.exe

Filesize
6.0MB

MD5
24e38df2fc675d3832dc78b24ed8a1dd

SHA1
ba419e7e57270c0ef1fe820b50168cf02824a1b9

SHA256
2c8fd8a86b6a39f5f8d103218639433946e767ff87d7d76e5240309d55f97cf2

SHA512
54229e78eb5bb61cd37c3c624860ea0c1a28848ace488ae2cd899f1fd5f7ee7da49feb556c63be689dec1065dbb543f8a912190125161d72e589f06e1ec28778

Download Submit
C:\Windows\system\GyoCxac.exe

Filesize
6.0MB

MD5
7d98059b8bc26857572d1eb99526d220

SHA1
2c43569f0779e349b1afd2ffa91625b7ab91644c

SHA256
13aa06a520dda2401724ee29c83a1d1dcdceda23868a550793cdff1376894fed

SHA512
397a967e9a8feadb431641c4cda1fcb88dfa9f4397e79ca8718b4d5a56fb3ee4a5e80eeeb4843b5f8d91a1e029be1d06be9e35cf8925b827e6b21db107420503

Download Submit
C:\Windows\system\IFHoIsb.exe

Filesize
6.0MB

MD5
e3249a17d3e952cbcc95a5dc0fa55e5c

SHA1
2de5d33c0f4a3c3b6b908e0bbda28d924dea6811

SHA256
73ddb4e1ec1239db2a6f66262f1c37dfdd1ab3df0979aed6d25a416b2556a9dc

SHA512
b81a4f234981eed2343298ed95455d752f528607136778590da7eaf5813d77ea2220a51af79510614319aec255cbfdc8a34523bbd91daa3fe0b7dc042194b3d3

Download Submit
C:\Windows\system\OOMpIjH.exe

Filesize
6.0MB

MD5
bca7f18328d13d676478862ca6ef567c

SHA1
76a8c04a452ffa4a2f1b36779cdae2fbfa58076c

SHA256
37e82d8217ad172fb5dc086f1a1dab39d89196486fa9809550148d8390be4eda

SHA512
de77df334aea7644b3a89d088c16d306572f260c0275c71c5c39794d29147165693d46b0a051e144fd70d6f82bc26e1ff10d403043c97ec12313eb2940dac0d0

Download Submit
C:\Windows\system\QHTjzzP.exe

Filesize
6.0MB

MD5
c336ba99aaeb1b601a44a504fbc5026e

SHA1
c0d775a16838bc3538a05aa585fe0fb5a022b54a

SHA256
774898680abbc988ee1c044bb6eba56bbfe4fbf4d0c5a9f1002c8149d3c496f0

SHA512
343a7c74d6115e8e8f49f425e552ad7940ed992504f673fd4118f41018354b39db0ace3e28be880f8daded97875aaf505d8f76d9412b70d107562f6ed901d7e3

Download Submit
C:\Windows\system\QnkzJjw.exe

Filesize
6.0MB

MD5
6e8d6128a3e4917b96633efe05592f87

SHA1
79b6b7ef8b7fb13ceec08223f25e09af7504d3b9

SHA256
b96ce148fb387be5f1311f7fd19874879d39e9b6bd44286cd05f018f728b3bda

SHA512
c63c07c5c716e435cfc2e06cdff84884e729f035441a8b1748de886ec82515b61e2b7e6c891670c349df892b9e39c6f425a99c16a66f47237efd358b31b2a49c

Download Submit
C:\Windows\system\RbyyAWg.exe

Filesize
6.0MB

MD5
df5a7716b5aeba0f82f67346f77068c8

SHA1
1346ef9b26eb38e56cc854df548756e8e68e0951

SHA256
5e1eb4b20934637f1122215fe7e6c6b65604708a459506a52bc7c4b0d0d0bf06

SHA512
1f1b3157fd207d3982f976b85b1cf8a68696cf63b37a58960dc0f1fcf09c9b2beb646c5596a876cfca53ae54a5cb8ec230f059d43cfb83dab451565ea8b049af

Download Submit
C:\Windows\system\UMszSOg.exe

Filesize
6.0MB

MD5
157b9764d4c8fd5f01e589d78d67b6b0

SHA1
418c82882ad7f9a3edcd860f7e170c762c2875eb

SHA256
1b166c4d0b4af2de2309afc69a3c86d186057d0cc51477110e724f10b9e96490

SHA512
62e37bc11bddaa9267a5f8253591792a906ae5e0897591eb3017aea039557533da2ffbf2af8eb12395b8b422b62b8c1f3e0ca2906e4bf5141cd7f354cb25727d

Download Submit
C:\Windows\system\VoMfvbh.exe

Filesize
6.0MB

MD5
a5f53af7b9efcbc4a5ce3f9cbecff200

SHA1
d07eb8d6d03f13f1ee7a7478de244e287b125d8b

SHA256
b50258365f934bc4882f16fcab135f0b3906bf8d4eb0a94c3f885898771ea4e8

SHA512
23ae18c834cb2d2c416e9031a546367163e4add0834dad4062b8b89ae195a48b1c527ac40aa9fb28bdc3112f987a40a0fb305974b3129740eee86aeb37df340f

Download Submit
C:\Windows\system\Wuolofh.exe

Filesize
6.0MB

MD5
14dc6e50fc54a31e410ab1fc99693c78

SHA1
2cbc033de7ee941e71b5daacb73f08e99dc2d667

SHA256
fb0a39ee309786504a2566e70572e773b3e5cab5699107bc7ec89d3a6346b46b

SHA512
e9a0773d8414bec8b31cec662568a775a4da3e3510ab41f7e6a10043eb04f9c2d7dff52a541aa1bb39fe747ef1691246e1b2eafab7479d1ca1f60a771a61c5d2

Download Submit
C:\Windows\system\XHqFoSk.exe

Filesize
6.0MB

MD5
2677fb3a992ba4e2bbfbcfa1b309d3fe

SHA1
2b06937a0643f5ba4dbb2da8b1ab92fd59139830

SHA256
fc03bbc1f1172eb447171829b767b9641ad5aa5d2d0d35a744879df874170fe7

SHA512
7684f784f5b069d3337dc473a3965aff3a2fac5bd79c291e245d5b89739c9513bfc64efcd42c28ce176a175c76cf27a6bc5f1bf74adc6ed2e91247e229d4f508

Download Submit
C:\Windows\system\fJCuKlF.exe

Filesize
6.0MB

MD5
b134dba3c074158d009ef881b26fa427

SHA1
c3b6ab840fe3ecfc3a34972e6bb5e1d3cd58fcf3

SHA256
91ca58cdb6942bb82744e6846f31c3df381a1879534383d89bd58350d9736175

SHA512
e786da6db9da6e5b96bf218c90edbb705dcd030498d9965ac7d6d7a592ba87400218cfa52ed2391c73a6ade5e24c570a18bdd2f79682ad8a5d1d57ce100a42e6

Download Submit
C:\Windows\system\gTgaeWa.exe

Filesize
6.0MB

MD5
c306c99395ef9a1e9ca3801df2baea0e

SHA1
9c658e5e050629947cd2cb07a1e384486fd10205

SHA256
168c88a5aca90e2ca240a0d084b425d6d6f407b9166a188a54b7737a01a3f2a2

SHA512
5a49ac39e4d105f2f6f2af8f71ba2a071a5bb5d855c51fba18189d2d8a8fdcfc43211ca7f2b49cba9a82e055c47a08047628653d589b9c5d34d055011d42692c

Download Submit
C:\Windows\system\hJkdCgT.exe

Filesize
6.0MB

MD5
6a65c15222122f25f6213195a29a86cb

SHA1
91e61d671e8feaefca9830f4da57b0c301bbc424

SHA256
e885943658aa35067d0fd5950a54aac50a2d9edb0d8a88e55eb8195da84fd3a9

SHA512
8986bd5049190cc117bdca69172006d03053e94005453a69eca560074572094af289b9ee4c822f0aa284c9d19c31d197d7e010149300a73d63a22be694bbec1c

Download Submit
C:\Windows\system\htCUIvQ.exe

Filesize
6.0MB

MD5
2d7332a05b682a95119b98a231f906a9

SHA1
ee4fff888033caf65dbad0f85710e43451d213e5

SHA256
948e36bbef1df54bf0386f02136df81523fd86f7afb0de1454027115115f9b08

SHA512
577740b72a23d9ce5ea5b4f24d8ef5d78ddb41330f5f6a79255e329a976ad9a3116ce01e73cade3491adb45451c62bf99eca5fa1666f85d9713e9a6ac399d2e8

Download Submit
C:\Windows\system\kmyEUeP.exe

Filesize
6.0MB

MD5
3c7ea94521f9a7360b1cae630479d096

SHA1
7b10f92d42b902d8a096573ed9662336e585c7e9

SHA256
3b728e9a3e46785d1abf86abb80bffe34486b2997beddcc96c40c9ab47d47e2c

SHA512
b31acbfd8000ca87b44e47d48ab5063170e13d6f8b2e1d48d1b56fe937edcadbc644c18459a9ba0acb7138fec5260625663a145229b34285c37b4d4cd7741557

Download Submit
C:\Windows\system\kzTJEPe.exe

Filesize
6.0MB

MD5
15b3a68cc6f263d463ee34e0fa9a07bb

SHA1
31ea88c8eb95c87f9d5709329538e9f86a0efae6

SHA256
c6fc285af20728a2735dc919a468feb6e960f3d5423dc25fcdd9832ca5b436c8

SHA512
cde7ef50e172f4050fad9c095cd9eea52662791968b3fbff58d97e77b029f97aac44a77e87cf5e4a682268a4b193ddcdded1727761ff8e81b29dfbc19c781391

Download Submit
C:\Windows\system\mpibxNP.exe

Filesize
6.0MB

MD5
605c6b1f51617344b54fb3436d712eac

SHA1
ffdd835ffbc071f7c14c0120bbc23c99048aaa98

SHA256
086a369202946e50e352e14d91e028e81c52c1335e46b258d40b619c36ce1941

SHA512
ea927ae9fb0d7f1fe433249693d497dde77e72ac8c55b113160d0de79b314e717d4378c3043e077831dcd94fe54c47ee9af184d3134ad9f7e755d735a1265695

Download Submit
C:\Windows\system\mtujIVO.exe

Filesize
6.0MB

MD5
edb3b01daf64dfd782497fd42ed11078

SHA1
926bc237f617dcf7caf71d2e340c58d531c63276

SHA256
643165d56e14f4df9afa81645609e29892f5cab5da0a8befa658014ba66157a8

SHA512
f7229de7cb5df19796cfad61d11531d9f0d2aebe44764a0fb074c13ee74f51f7d8fad4f7f433201f70234c0b3846f07a80bfc08b0cd0e4f758da7d5fde0ffb41

Download Submit
C:\Windows\system\oAyMOLT.exe

Filesize
6.0MB

MD5
e8dc6ddda7e3d43f4b9f1e1d951f8b8d

SHA1
836625ef1b88f027f5b8f79c7425a6521fda4ecb

SHA256
6f7c42490380a361cc8400098d5f1b752b06fcdf3e6518d129ad3d53291fe8e6

SHA512
d73cef1a3cb9f55289bb0c7373fcf31ac8598ead1acdd686584c9b87f552389de7b8d348c74eedf4f2de29819fad01a48116256afff20b9045417adc7d873b45

Download Submit
C:\Windows\system\qotahjk.exe

Filesize
6.0MB

MD5
a00e74cfa42ae7c18ed7ec6831211354

SHA1
ca352cc558078aef47bafdf75a124a969361dc0c

SHA256
e890a505a1ec20707b3190e2f8afb287f91591b2b5547938ec84b49410a0d6aa

SHA512
d6116a9354531d2d93b0ae31c7245f4526b1279930c6b82a47e2328d373e8259c4ba81c14d885b680f74201721050cd562ed01e883ecf168ea2e92615e30e90e

Download Submit
C:\Windows\system\tBADGMO.exe

Filesize
6.0MB

MD5
c7428b3bbcd2b63d26e7bddc343201aa

SHA1
65e357b921a404e321cb8fc80d2223bf79d5e716

SHA256
288a4318bec9aaa8cecbd7c8557fe0765861f1410f8ae6d2bea7b70c7638e192

SHA512
0930bb2cb4be3388d6692e2fcc0a9c625ce20d028f9a00f80b1538e221feba4ec6d33b6548eb557b3ae19e7219b55b9280da5f30fbf9ca83ecac8fed179ef05b

Download Submit
C:\Windows\system\trbkPkN.exe

Filesize
6.0MB

MD5
be0d53f7813762950799f53d657ddee0

SHA1
461422614321328ae67c48c6f66a6c79cfd4516d

SHA256
49841468f95109504347e89e47c636d7fe9e3a65253dd274992ffb98d9a97a49

SHA512
2c958eabfb4c2d0df2714f640fa2fabab39fb2df14c1dc84d1cb4521faa59eae1a22304243608c9f97f6faa1902a18dfd809a1bef6e2182dbcd143025aed2da6

Download Submit
C:\Windows\system\vgHUNdN.exe

Filesize
6.0MB

MD5
4031eaa4b773ee3321f138cdf5b70627

SHA1
023f88fafa4501a7b6e241a5d6fceabebe2e142b

SHA256
67fe9953031ee9a1f44cdb722302d98c2f28e107400a1ae8c7cbd30ee30f8ce0

SHA512
df31ddb39a385abbf9fd577110a7f74be50edcd6d3d2e3f4b208a208e583c8851fed0697cef39586f1f71b15c77ac0a1e477f8cab1e3e89374cbd70d1b0eb650

Download Submit
C:\Windows\system\xEBuOTo.exe

Filesize
6.0MB

MD5
4080432b0503fa9f66a4206cd6a3be5b

SHA1
ddc5f16b9f111781d661b5c951cefaed002db462

SHA256
fd6d1990389ec4ba27c687c302ec6fc72e17a73bb94f42cf238fc263e342618c

SHA512
7c25481927eb1129c571b46c5d4cec17e3adbf77ea3309ffdb51708505cdafaeb6c440996bf2651d98f2bc2b28f4b0914075fa0fefa9413882ecc009846f68b1

Download Submit
C:\Windows\system\xZKRgoc.exe

Filesize
6.0MB

MD5
d0320376d8a0712f808d6371dde5c698

SHA1
5a9e1229602ad1013ac073d91cdb0c44bb89226d

SHA256
cd96fd0e0018adc17313b6cf0f06a5feb4c37880fdb0ecf8f166f6e7ed176559

SHA512
21ff4a018c6f45a84101097ee1681582e7525ebdcd9c87c15088f6b30b61b2f2436fde1a5939f5138f69f8bb6c40de0249a3193170ec12a9bb92ae83de01478c

Download Submit
\Windows\system\CsBTyQL.exe

Filesize
6.0MB

MD5
d0ebeafd0e65923af3dd519b44bc25f1

SHA1
dc2100d54fa0efe190c58238e6e52ef55dee30e3

SHA256
7936dc65175e31b8c88685e5ccaa49e821126f25fb2771ba8fa704ba60320fb7

SHA512
892a1bb8ee5fc04692711d567e918a8c14e6693ec4f7d6ed68db9ae45db15902ff5ae8792638d9cb83c0dd026dd06cb118d96e784c480c3af7624834c97390b2

Download Submit
\Windows\system\LaQEiUp.exe

Filesize
6.0MB

MD5
7d3bbb287bda80ba651859005cc25c74

SHA1
2c8ced30b45f6c6a33fe5f1684cec7007086de04

SHA256
63e339eb1eca33714831b80371005acec4c449ba2a40be44cb0c5ea235731ebc

SHA512
961b971a3801525be00c83e55b003db24eb8ab9d4636bccd9463f4c461b4464bd3fe860b294db24505dca154a03fa85ea7b8a0f372453a8a748f53c86347ac51

Download Submit
\Windows\system\NVMTUBE.exe

Filesize
6.0MB

MD5
a2746305a4fcce17e61297f6034a8f49

SHA1
3966ef3d2295b4500752c5641db091cf9ab74917

SHA256
48401970f7a4fc249f014316d45741783e554e18ba1c65dc09817e68f5876698

SHA512
78f6b389137549c7cf790bc76ebe3c93258c46dd48919e07533be343051e426ca00d4e80dd474a33d819957eb83e988c2237e0c122fd480f972969bbcc8b6a66

Download Submit
\Windows\system\OmDSWlv.exe

Filesize
6.0MB

MD5
ef42a4252fbef3ba8c5202c64025a9ee

SHA1
7dcc5f209fb78ddc0df0747964ed8a963c382339

SHA256
f869e4df38aad1350583fd22408f675b46f03b325330731debb1460946757a31

SHA512
fff4dc499ffc658b8d6cdaac59fb746f69d67379499116c5782d689e09d21e2e017fb005e59b890c88c08df43bad5673f02a21ab9fd0085e91be332b6f907710

Download Submit
\Windows\system\gTVxKOB.exe

Filesize
6.0MB

MD5
2f562b60b06ddd380784d5f31754e008

SHA1
7cfe91ca457c9a82a56cf1611b02fa86ca695689

SHA256
e64ceb7e51a802c10e362a4f1aae76cdecfd384a1ae5f361e18922d618985ccc

SHA512
4a14a7bcd9af2969c19b0ae99b426d7cdd4bc5202667fe70bbfbb4b0341b8c7dd8164cd339b38d95d1fe724784e5692be704f7e9d1a65407f9d92c2c4684cda8

Download Submit
\Windows\system\jSkoQWS.exe

Filesize
6.0MB

MD5
5685e2f4374047d17b37f8d2a57f37f8

SHA1
3587bd2429623f76c92e45c2965d05a9f1b0a10d

SHA256
696f87476782e4b02e3fa4fd1a606befd2abcd386143098178182e0e802a5cec

SHA512
c06da3b1ef37c0c8f7e22fcd40d8349d54d736d3104400d666c2670782e935df8e3b3122de67b65e378477387db0d4753e64d597ac8a67daa4057e2bdc37f9e1

Download Submit
memory/1432-225-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1432-84-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1432-1715-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/1704-51-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1704-81-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1704-339-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1704-383-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1704-21-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1704-34-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/1704-48-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-174-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1704-6-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1704-0-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-65-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1704-27-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/1704-42-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-95-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1704-60-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1704-59-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1704-55-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-113-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1704-103-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1704-108-0x0000000002300000-0x0000000002654000-memory.dmp

Filesize
3.3MB

Download
memory/1704-104-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-22-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1744-1717-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1744-99-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/1744-367-0x000000013F6D0000-0x000000013FA24000-memory.dmp

Filesize
3.3MB

Download
memory/2120-30-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2120-1692-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2120-69-0x000000013F6C0000-0x000000013FA14000-memory.dmp

Filesize
3.3MB

Download
memory/2448-298-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-91-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2448-1716-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2484-1673-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2484-11-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2484-49-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2540-52-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-1672-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2540-17-0x000000013F2A0000-0x000000013F5F4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-417-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-1718-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2612-109-0x000000013F650000-0x000000013F9A4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-1714-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-146-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2648-76-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-63-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1711-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-98-0x000000013F980000-0x000000013FCD4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-53-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2828-90-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2828-1713-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/2848-39-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2848-74-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2848-1704-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2888-1712-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2888-107-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2888-70-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2912-1677-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2912-23-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/3044-1707-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-80-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-46-0x000000013FC90000-0x000000013FFE4000-memory.dmp

Filesize
3.3MB

Download