cobaltstrike | 4f8d521d5bb40d2e26f5ff174b7440f2aaf45b9ee70be8985d046c7c50dc9235

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
16/02/2025, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

427aff601905a37a5440e432115d3769
SHA1

b9e5d16de1aefcf8e53165ac11ebe353d0757445
SHA256

4f8d521d5bb40d2e26f5ff174b7440f2aaf45b9ee70be8985d046c7c50dc9235
SHA512

ffc31d16f5620d6703432444bbcb2f606ce51f6987c4ced6245154f90ade5250799ca544c4874e1d1b6fb3465b561b73ea0b5d4cdebd7bcb5fc3b9802089524f
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUZ:T+q56utgpPF8u/7Z

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012262-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c23-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cab-15.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756b-50.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ef-64.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194eb-62.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-103.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-107.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-114.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-148.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-140.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-160.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-129.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-121.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a7-98.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019547-86.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950f-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a3-56.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce0-44.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000167e3-39.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccc-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd8-33.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2352-0-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x000a000000012262-3.dat	xmrig
behavioral1/files/0x0008000000016c23-11.dat	xmrig
behavioral1/files/0x0007000000016cab-15.dat	xmrig
behavioral1/memory/1700-23-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2848-35-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2788-29-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/3044-40-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/files/0x000900000001756b-50.dat	xmrig
behavioral1/files/0x00050000000194ef-64.dat	xmrig
behavioral1/files/0x00050000000194eb-62.dat	xmrig
behavioral1/files/0x00050000000195a9-103.dat	xmrig
behavioral1/files/0x00050000000195ab-107.dat	xmrig
behavioral1/files/0x00050000000195af-114.dat	xmrig
behavioral1/memory/2352-115-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ad-111.dat	xmrig
behavioral1/files/0x00050000000195c3-148.dat	xmrig
behavioral1/memory/2352-314-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-164.dat	xmrig
behavioral1/files/0x00050000000195c6-157.dat	xmrig
behavioral1/files/0x00050000000195bd-140.dat	xmrig
behavioral1/files/0x00050000000195c7-160.dat	xmrig
behavioral1/files/0x00050000000195c5-153.dat	xmrig
behavioral1/files/0x00050000000195c1-145.dat	xmrig
behavioral1/files/0x00050000000195bb-136.dat	xmrig
behavioral1/files/0x00050000000195b7-132.dat	xmrig
behavioral1/files/0x00050000000195b5-129.dat	xmrig
behavioral1/files/0x00050000000195b3-124.dat	xmrig
behavioral1/files/0x00050000000195b1-121.dat	xmrig
behavioral1/memory/2352-117-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/files/0x00050000000195a7-98.dat	xmrig
behavioral1/memory/2352-95-0x000000013FC00000-0x000000013FF54000-memory.dmp	xmrig
behavioral1/files/0x000500000001957c-93.dat	xmrig
behavioral1/memory/2352-90-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/memory/2084-89-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x0005000000019547-86.dat	xmrig
behavioral1/memory/2676-77-0x000000013F4B0000-0x000000013F804000-memory.dmp	xmrig
behavioral1/files/0x000500000001950f-76.dat	xmrig
behavioral1/memory/2352-74-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/memory/2628-73-0x000000013F470000-0x000000013F7C4000-memory.dmp	xmrig
behavioral1/memory/2680-72-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2396-83-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019515-80.dat	xmrig
behavioral1/memory/2264-59-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/2668-53-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2352-52-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/memory/2352-51-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a3-56.dat	xmrig
behavioral1/memory/2876-46-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ce0-44.dat	xmrig
behavioral1/files/0x00090000000167e3-39.dat	xmrig
behavioral1/files/0x0007000000016ccc-28.dat	xmrig
behavioral1/files/0x0007000000016cd8-33.dat	xmrig
behavioral1/memory/2932-22-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/2016-20-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2352-17-0x00000000024C0000-0x0000000002814000-memory.dmp	xmrig
behavioral1/memory/1700-1605-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/2016-1606-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2932-1607-0x000000013F150000-0x000000013F4A4000-memory.dmp	xmrig
behavioral1/memory/3044-3819-0x000000013F0B0000-0x000000013F404000-memory.dmp	xmrig
behavioral1/memory/2788-3818-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	xmrig
behavioral1/memory/2876-3958-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2396-3961-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2264-3962-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1700	rigKgQi.exe
2016	mBZlPzM.exe
2932	ZLxXEWO.exe
2788	YsYABes.exe
2848	PgqaqUY.exe
3044	dtWprxe.exe
2876	WVefozC.exe
2668	BlUWuaH.exe
2264	fEvyJZa.exe
2680	NeMAGsp.exe
2628	HFKCWcC.exe
2676	VSZzvDm.exe
2396	WNWyXxX.exe
2084	VwSStth.exe
2536	vmUtlYT.exe
2980	CVFQKHf.exe
1172	KVYEoZK.exe
1016	UuQsShc.exe
2620	gpMFfCS.exe
2368	cDnErbv.exe
2732	NXgKYjg.exe
1176	ZuDvVtd.exe
1880	IAwPRRG.exe
1480	zjjNonJ.exe
3012	JiClKLC.exe
3000	JQMwBjJ.exe
2400	UhsuAnz.exe
1120	vGGbvnn.exe
2296	tjNhCKl.exe
2248	BNekmWl.exe
2204	nGiZPgO.exe
1204	OQCPnXV.exe
1824	TgGffnO.exe
2004	GIzEBny.exe
916	mhErgKO.exe
1620	unExpkL.exe
2072	nEDyEVd.exe
1744	OAwSSKC.exe
1704	VgiVbAj.exe
1796	RsrLEmF.exe
944	opVfiQD.exe
1292	QGGIqBe.exe
1836	cflJhnD.exe
2460	oyuRThx.exe
1656	PMIgrVw.exe
2600	DFpLHFc.exe
1488	LQbgTpj.exe
1536	IeMLJVZ.exe
2180	hLfGtkt.exe
1968	jIeHJmX.exe
1980	PSrALuR.exe
1444	rXMVUvQ.exe
2288	TOqYtyB.exe
1592	NtgiBrN.exe
1912	MXemjJW.exe
628	cQbCorz.exe
2480	iAUQJBS.exe
2064	ceRWUru.exe
1716	SSqupwz.exe
2284	TDkhfgG.exe
2484	HqDDGyK.exe
1608	AaBSgaF.exe
1604	NfqJTgV.exe
2024	vALHFfm.exe

Loads dropped DLL 64 IoCs

pid	Process
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 62 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2352-0-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x000a000000012262-3.dat	upx
behavioral1/files/0x0008000000016c23-11.dat	upx
behavioral1/files/0x0007000000016cab-15.dat	upx
behavioral1/memory/1700-23-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2848-35-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2788-29-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/3044-40-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/files/0x000900000001756b-50.dat	upx
behavioral1/files/0x00050000000194ef-64.dat	upx
behavioral1/files/0x00050000000194eb-62.dat	upx
behavioral1/files/0x00050000000195a9-103.dat	upx
behavioral1/files/0x00050000000195ab-107.dat	upx
behavioral1/files/0x00050000000195af-114.dat	upx
behavioral1/files/0x00050000000195ad-111.dat	upx
behavioral1/files/0x00050000000195c3-148.dat	upx
behavioral1/files/0x000500000001960c-164.dat	upx
behavioral1/files/0x00050000000195c6-157.dat	upx
behavioral1/files/0x00050000000195bd-140.dat	upx
behavioral1/files/0x00050000000195c7-160.dat	upx
behavioral1/files/0x00050000000195c5-153.dat	upx
behavioral1/files/0x00050000000195c1-145.dat	upx
behavioral1/files/0x00050000000195bb-136.dat	upx
behavioral1/files/0x00050000000195b7-132.dat	upx
behavioral1/files/0x00050000000195b5-129.dat	upx
behavioral1/files/0x00050000000195b3-124.dat	upx
behavioral1/files/0x00050000000195b1-121.dat	upx
behavioral1/files/0x00050000000195a7-98.dat	upx
behavioral1/files/0x000500000001957c-93.dat	upx
behavioral1/memory/2084-89-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x0005000000019547-86.dat	upx
behavioral1/memory/2676-77-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/files/0x000500000001950f-76.dat	upx
behavioral1/memory/2628-73-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2680-72-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2396-83-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/files/0x0005000000019515-80.dat	upx
behavioral1/memory/2264-59-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2668-53-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2352-51-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/files/0x00050000000194a3-56.dat	upx
behavioral1/memory/2876-46-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0009000000016ce0-44.dat	upx
behavioral1/files/0x00090000000167e3-39.dat	upx
behavioral1/files/0x0007000000016ccc-28.dat	upx
behavioral1/files/0x0007000000016cd8-33.dat	upx
behavioral1/memory/2932-22-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/2016-20-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/1700-1605-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/2016-1606-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2932-1607-0x000000013F150000-0x000000013F4A4000-memory.dmp	upx
behavioral1/memory/3044-3819-0x000000013F0B0000-0x000000013F404000-memory.dmp	upx
behavioral1/memory/2788-3818-0x000000013F9A0000-0x000000013FCF4000-memory.dmp	upx
behavioral1/memory/2876-3958-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2396-3961-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2264-3962-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2628-3960-0x000000013F470000-0x000000013F7C4000-memory.dmp	upx
behavioral1/memory/2848-3959-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2668-4017-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2084-4001-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2676-4000-0x000000013F4B0000-0x000000013F804000-memory.dmp	upx
behavioral1/memory/2680-3999-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\PwKTPTT.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DLxEvvF.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjVsqEC.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\diEGzXu.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZhhZAbP.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jIeHJmX.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqzJskz.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GoIJMua.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iWfQLjj.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zCnJPyI.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Pxflgsi.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DoTvjoJ.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NBNpbXQ.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nVPGOeI.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itOGZWH.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkaFucF.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vzjERtr.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JltcVdm.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhSjAYH.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LjvxNZT.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLTIKrf.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eCtqvzs.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GElywDU.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVefozC.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uWIyuVa.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JSnkjDW.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IGHhNmP.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XsncFTc.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nLbcjFD.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFtzArA.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nvEXdIh.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\doaIcEk.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YqSmgtg.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XLooIvw.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kFIsXxZ.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iOXtRTa.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJKUnmQ.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZvBQzN.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zllZABZ.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWAOPyI.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwjAMbO.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\otbANFf.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XuqjuIJ.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyLMAlo.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XVeSfvB.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfjFIAe.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lHwgcmZ.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IsMvvRA.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHAlnYZ.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\znvgAfi.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nOYYFax.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gpTrFHp.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZIISXSD.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZALvkj.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BUhmkho.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ssNUKyp.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vNnLIrU.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VgQepvY.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHkNUtp.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SgTxuIm.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\azgDVTd.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eTYCBiW.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ICOvcUe.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FBfnosW.exe	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 1700	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2352 wrote to memory of 1700	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2352 wrote to memory of 1700	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2352 wrote to memory of 2016	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2352 wrote to memory of 2016	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2352 wrote to memory of 2016	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2352 wrote to memory of 2932	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2352 wrote to memory of 2932	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2352 wrote to memory of 2932	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2352 wrote to memory of 2788	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2352 wrote to memory of 2788	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2352 wrote to memory of 2788	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2352 wrote to memory of 2848	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2352 wrote to memory of 2848	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2352 wrote to memory of 2848	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2352 wrote to memory of 3044	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2352 wrote to memory of 3044	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2352 wrote to memory of 3044	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2352 wrote to memory of 2876	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2352 wrote to memory of 2876	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2352 wrote to memory of 2876	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2352 wrote to memory of 2668	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2352 wrote to memory of 2668	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2352 wrote to memory of 2668	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2352 wrote to memory of 2264	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2352 wrote to memory of 2264	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2352 wrote to memory of 2264	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2352 wrote to memory of 2680	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2352 wrote to memory of 2680	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2352 wrote to memory of 2680	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2352 wrote to memory of 2628	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2352 wrote to memory of 2628	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2352 wrote to memory of 2628	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2352 wrote to memory of 2676	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2352 wrote to memory of 2676	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2352 wrote to memory of 2676	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2352 wrote to memory of 2396	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2352 wrote to memory of 2396	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2352 wrote to memory of 2396	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2352 wrote to memory of 2084	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2352 wrote to memory of 2084	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2352 wrote to memory of 2084	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2352 wrote to memory of 2536	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2352 wrote to memory of 2536	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2352 wrote to memory of 2536	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2352 wrote to memory of 2980	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2352 wrote to memory of 2980	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2352 wrote to memory of 2980	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2352 wrote to memory of 1172	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2352 wrote to memory of 1172	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2352 wrote to memory of 1172	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2352 wrote to memory of 1016	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2352 wrote to memory of 1016	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2352 wrote to memory of 1016	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2352 wrote to memory of 2620	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2352 wrote to memory of 2620	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2352 wrote to memory of 2620	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2352 wrote to memory of 2368	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2352 wrote to memory of 2368	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2352 wrote to memory of 2368	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2352 wrote to memory of 2732	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2352 wrote to memory of 2732	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2352 wrote to memory of 2732	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2352 wrote to memory of 1176	2352	2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-16_427aff601905a37a5440e432115d3769_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\System\rigKgQi.exe
  C:\Windows\System\rigKgQi.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\mBZlPzM.exe
  C:\Windows\System\mBZlPzM.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\ZLxXEWO.exe
  C:\Windows\System\ZLxXEWO.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\YsYABes.exe
  C:\Windows\System\YsYABes.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\PgqaqUY.exe
  C:\Windows\System\PgqaqUY.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\dtWprxe.exe
  C:\Windows\System\dtWprxe.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\WVefozC.exe
  C:\Windows\System\WVefozC.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\BlUWuaH.exe
  C:\Windows\System\BlUWuaH.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\fEvyJZa.exe
  C:\Windows\System\fEvyJZa.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\NeMAGsp.exe
  C:\Windows\System\NeMAGsp.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\HFKCWcC.exe
  C:\Windows\System\HFKCWcC.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\VSZzvDm.exe
  C:\Windows\System\VSZzvDm.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\WNWyXxX.exe
  C:\Windows\System\WNWyXxX.exe
  2⤵
  - Executes dropped EXE
  PID:2396
- C:\Windows\System\VwSStth.exe
  C:\Windows\System\VwSStth.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\vmUtlYT.exe
  C:\Windows\System\vmUtlYT.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\CVFQKHf.exe
  C:\Windows\System\CVFQKHf.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\KVYEoZK.exe
  C:\Windows\System\KVYEoZK.exe
  2⤵
  - Executes dropped EXE
  PID:1172
- C:\Windows\System\UuQsShc.exe
  C:\Windows\System\UuQsShc.exe
  2⤵
  - Executes dropped EXE
  PID:1016
- C:\Windows\System\gpMFfCS.exe
  C:\Windows\System\gpMFfCS.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\cDnErbv.exe
  C:\Windows\System\cDnErbv.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\NXgKYjg.exe
  C:\Windows\System\NXgKYjg.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\ZuDvVtd.exe
  C:\Windows\System\ZuDvVtd.exe
  2⤵
  - Executes dropped EXE
  PID:1176
- C:\Windows\System\IAwPRRG.exe
  C:\Windows\System\IAwPRRG.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\zjjNonJ.exe
  C:\Windows\System\zjjNonJ.exe
  2⤵
  - Executes dropped EXE
  PID:1480
- C:\Windows\System\JiClKLC.exe
  C:\Windows\System\JiClKLC.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\JQMwBjJ.exe
  C:\Windows\System\JQMwBjJ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\UhsuAnz.exe
  C:\Windows\System\UhsuAnz.exe
  2⤵
  - Executes dropped EXE
  PID:2400
- C:\Windows\System\vGGbvnn.exe
  C:\Windows\System\vGGbvnn.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- C:\Windows\System\tjNhCKl.exe
  C:\Windows\System\tjNhCKl.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\BNekmWl.exe
  C:\Windows\System\BNekmWl.exe
  2⤵
  - Executes dropped EXE
  PID:2248
- C:\Windows\System\nGiZPgO.exe
  C:\Windows\System\nGiZPgO.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\OQCPnXV.exe
  C:\Windows\System\OQCPnXV.exe
  2⤵
  - Executes dropped EXE
  PID:1204
- C:\Windows\System\TgGffnO.exe
  C:\Windows\System\TgGffnO.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\nEDyEVd.exe
  C:\Windows\System\nEDyEVd.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\GIzEBny.exe
  C:\Windows\System\GIzEBny.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\RsrLEmF.exe
  C:\Windows\System\RsrLEmF.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\mhErgKO.exe
  C:\Windows\System\mhErgKO.exe
  2⤵
  - Executes dropped EXE
  PID:916
- C:\Windows\System\opVfiQD.exe
  C:\Windows\System\opVfiQD.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\unExpkL.exe
  C:\Windows\System\unExpkL.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\cflJhnD.exe
  C:\Windows\System\cflJhnD.exe
  2⤵
  - Executes dropped EXE
  PID:1836
- C:\Windows\System\OAwSSKC.exe
  C:\Windows\System\OAwSSKC.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\oyuRThx.exe
  C:\Windows\System\oyuRThx.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\VgiVbAj.exe
  C:\Windows\System\VgiVbAj.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\PMIgrVw.exe
  C:\Windows\System\PMIgrVw.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\QGGIqBe.exe
  C:\Windows\System\QGGIqBe.exe
  2⤵
  - Executes dropped EXE
  PID:1292
- C:\Windows\System\DFpLHFc.exe
  C:\Windows\System\DFpLHFc.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\LQbgTpj.exe
  C:\Windows\System\LQbgTpj.exe
  2⤵
  - Executes dropped EXE
  PID:1488
- C:\Windows\System\IeMLJVZ.exe
  C:\Windows\System\IeMLJVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\hLfGtkt.exe
  C:\Windows\System\hLfGtkt.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\jIeHJmX.exe
  C:\Windows\System\jIeHJmX.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\PSrALuR.exe
  C:\Windows\System\PSrALuR.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\rXMVUvQ.exe
  C:\Windows\System\rXMVUvQ.exe
  2⤵
  - Executes dropped EXE
  PID:1444
- C:\Windows\System\TOqYtyB.exe
  C:\Windows\System\TOqYtyB.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\NtgiBrN.exe
  C:\Windows\System\NtgiBrN.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\MXemjJW.exe
  C:\Windows\System\MXemjJW.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\cQbCorz.exe
  C:\Windows\System\cQbCorz.exe
  2⤵
  - Executes dropped EXE
  PID:628
- C:\Windows\System\iAUQJBS.exe
  C:\Windows\System\iAUQJBS.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\SSqupwz.exe
  C:\Windows\System\SSqupwz.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ceRWUru.exe
  C:\Windows\System\ceRWUru.exe
  2⤵
  - Executes dropped EXE
  PID:2064
- C:\Windows\System\HqDDGyK.exe
  C:\Windows\System\HqDDGyK.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\TDkhfgG.exe
  C:\Windows\System\TDkhfgG.exe
  2⤵
  - Executes dropped EXE
  PID:2284
- C:\Windows\System\AaBSgaF.exe
  C:\Windows\System\AaBSgaF.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\NfqJTgV.exe
  C:\Windows\System\NfqJTgV.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\vALHFfm.exe
  C:\Windows\System\vALHFfm.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\wCPaqCR.exe
  C:\Windows\System\wCPaqCR.exe
  2⤵
  PID:2816
- C:\Windows\System\UehgqQC.exe
  C:\Windows\System\UehgqQC.exe
  2⤵
  PID:1080
- C:\Windows\System\yPlSrgX.exe
  C:\Windows\System\yPlSrgX.exe
  2⤵
  PID:2884
- C:\Windows\System\NwAMnIJ.exe
  C:\Windows\System\NwAMnIJ.exe
  2⤵
  PID:2888
- C:\Windows\System\sPsIugf.exe
  C:\Windows\System\sPsIugf.exe
  2⤵
  PID:2652
- C:\Windows\System\gpTAEiw.exe
  C:\Windows\System\gpTAEiw.exe
  2⤵
  PID:2896
- C:\Windows\System\NxsUnrg.exe
  C:\Windows\System\NxsUnrg.exe
  2⤵
  PID:2752
- C:\Windows\System\ynwfaca.exe
  C:\Windows\System\ynwfaca.exe
  2⤵
  PID:2956
- C:\Windows\System\VsNNdze.exe
  C:\Windows\System\VsNNdze.exe
  2⤵
  PID:756
- C:\Windows\System\RWtAvUG.exe
  C:\Windows\System\RWtAvUG.exe
  2⤵
  PID:536
- C:\Windows\System\fJVFMkv.exe
  C:\Windows\System\fJVFMkv.exe
  2⤵
  PID:1904
- C:\Windows\System\IRtKbVV.exe
  C:\Windows\System\IRtKbVV.exe
  2⤵
  PID:828
- C:\Windows\System\lSlXeay.exe
  C:\Windows\System\lSlXeay.exe
  2⤵
  PID:2160
- C:\Windows\System\TbZXyMj.exe
  C:\Windows\System\TbZXyMj.exe
  2⤵
  PID:1740
- C:\Windows\System\xIDoHGY.exe
  C:\Windows\System\xIDoHGY.exe
  2⤵
  PID:1168
- C:\Windows\System\zYREGeY.exe
  C:\Windows\System\zYREGeY.exe
  2⤵
  PID:2120
- C:\Windows\System\lOvQkri.exe
  C:\Windows\System\lOvQkri.exe
  2⤵
  PID:972
- C:\Windows\System\AaZdLpT.exe
  C:\Windows\System\AaZdLpT.exe
  2⤵
  PID:2080
- C:\Windows\System\tEHHRlu.exe
  C:\Windows\System\tEHHRlu.exe
  2⤵
  PID:1088
- C:\Windows\System\vxJOwwG.exe
  C:\Windows\System\vxJOwwG.exe
  2⤵
  PID:2672
- C:\Windows\System\GZGVdsv.exe
  C:\Windows\System\GZGVdsv.exe
  2⤵
  PID:1644
- C:\Windows\System\QbZJXlP.exe
  C:\Windows\System\QbZJXlP.exe
  2⤵
  PID:880
- C:\Windows\System\sbkRLOO.exe
  C:\Windows\System\sbkRLOO.exe
  2⤵
  PID:1404
- C:\Windows\System\lUzAtMt.exe
  C:\Windows\System\lUzAtMt.exe
  2⤵
  PID:1184
- C:\Windows\System\WVtdEyV.exe
  C:\Windows\System\WVtdEyV.exe
  2⤵
  PID:2440
- C:\Windows\System\HNPrVWd.exe
  C:\Windows\System\HNPrVWd.exe
  2⤵
  PID:1472
- C:\Windows\System\aeRNFra.exe
  C:\Windows\System\aeRNFra.exe
  2⤵
  PID:848
- C:\Windows\System\gnoXeKB.exe
  C:\Windows\System\gnoXeKB.exe
  2⤵
  PID:2348
- C:\Windows\System\dXNFftR.exe
  C:\Windows\System\dXNFftR.exe
  2⤵
  PID:2104
- C:\Windows\System\CiCOFvt.exe
  C:\Windows\System\CiCOFvt.exe
  2⤵
  PID:2640
- C:\Windows\System\aRlTvWk.exe
  C:\Windows\System\aRlTvWk.exe
  2⤵
  PID:1952
- C:\Windows\System\wyyPEDL.exe
  C:\Windows\System\wyyPEDL.exe
  2⤵
  PID:516
- C:\Windows\System\BgboCrB.exe
  C:\Windows\System\BgboCrB.exe
  2⤵
  PID:1676
- C:\Windows\System\iarbFwA.exe
  C:\Windows\System\iarbFwA.exe
  2⤵
  PID:1484
- C:\Windows\System\YyLZRXD.exe
  C:\Windows\System\YyLZRXD.exe
  2⤵
  PID:2568
- C:\Windows\System\ssNUKyp.exe
  C:\Windows\System\ssNUKyp.exe
  2⤵
  PID:1828
- C:\Windows\System\RbbNMHc.exe
  C:\Windows\System\RbbNMHc.exe
  2⤵
  PID:3080
- C:\Windows\System\XelPvLU.exe
  C:\Windows\System\XelPvLU.exe
  2⤵
  PID:3096
- C:\Windows\System\WqjNPvH.exe
  C:\Windows\System\WqjNPvH.exe
  2⤵
  PID:3112
- C:\Windows\System\mHoMBEm.exe
  C:\Windows\System\mHoMBEm.exe
  2⤵
  PID:3128
- C:\Windows\System\euKxhfo.exe
  C:\Windows\System\euKxhfo.exe
  2⤵
  PID:3144
- C:\Windows\System\TeJtoeZ.exe
  C:\Windows\System\TeJtoeZ.exe
  2⤵
  PID:3160
- C:\Windows\System\wjDtQpj.exe
  C:\Windows\System\wjDtQpj.exe
  2⤵
  PID:3180
- C:\Windows\System\sVsebPl.exe
  C:\Windows\System\sVsebPl.exe
  2⤵
  PID:3196
- C:\Windows\System\XNxgCZh.exe
  C:\Windows\System\XNxgCZh.exe
  2⤵
  PID:3212
- C:\Windows\System\IzFTfsj.exe
  C:\Windows\System\IzFTfsj.exe
  2⤵
  PID:3228
- C:\Windows\System\MTFgywj.exe
  C:\Windows\System\MTFgywj.exe
  2⤵
  PID:3244
- C:\Windows\System\MFmaBld.exe
  C:\Windows\System\MFmaBld.exe
  2⤵
  PID:3260
- C:\Windows\System\XUszFrE.exe
  C:\Windows\System\XUszFrE.exe
  2⤵
  PID:3276
- C:\Windows\System\YSCHgbe.exe
  C:\Windows\System\YSCHgbe.exe
  2⤵
  PID:3292
- C:\Windows\System\xWtZDnN.exe
  C:\Windows\System\xWtZDnN.exe
  2⤵
  PID:3308
- C:\Windows\System\aaEDOef.exe
  C:\Windows\System\aaEDOef.exe
  2⤵
  PID:3324
- C:\Windows\System\yvdTWMG.exe
  C:\Windows\System\yvdTWMG.exe
  2⤵
  PID:3340
- C:\Windows\System\JbYFIdP.exe
  C:\Windows\System\JbYFIdP.exe
  2⤵
  PID:3356
- C:\Windows\System\GgirfWn.exe
  C:\Windows\System\GgirfWn.exe
  2⤵
  PID:3372
- C:\Windows\System\XrCPDab.exe
  C:\Windows\System\XrCPDab.exe
  2⤵
  PID:3388
- C:\Windows\System\RZvAWkS.exe
  C:\Windows\System\RZvAWkS.exe
  2⤵
  PID:3404
- C:\Windows\System\fOmxZst.exe
  C:\Windows\System\fOmxZst.exe
  2⤵
  PID:3420
- C:\Windows\System\SqzJskz.exe
  C:\Windows\System\SqzJskz.exe
  2⤵
  PID:3440
- C:\Windows\System\emImDBc.exe
  C:\Windows\System\emImDBc.exe
  2⤵
  PID:3456
- C:\Windows\System\sJYPFGf.exe
  C:\Windows\System\sJYPFGf.exe
  2⤵
  PID:3472
- C:\Windows\System\ayKzCmf.exe
  C:\Windows\System\ayKzCmf.exe
  2⤵
  PID:3488
- C:\Windows\System\vggkzvu.exe
  C:\Windows\System\vggkzvu.exe
  2⤵
  PID:3504
- C:\Windows\System\QygjyQa.exe
  C:\Windows\System\QygjyQa.exe
  2⤵
  PID:3520
- C:\Windows\System\dTOAWLA.exe
  C:\Windows\System\dTOAWLA.exe
  2⤵
  PID:3536
- C:\Windows\System\gRsINSd.exe
  C:\Windows\System\gRsINSd.exe
  2⤵
  PID:3552
- C:\Windows\System\JXIdYrU.exe
  C:\Windows\System\JXIdYrU.exe
  2⤵
  PID:3568
- C:\Windows\System\EcJOeCJ.exe
  C:\Windows\System\EcJOeCJ.exe
  2⤵
  PID:3584
- C:\Windows\System\OFhqSJD.exe
  C:\Windows\System\OFhqSJD.exe
  2⤵
  PID:3600
- C:\Windows\System\aeORDuR.exe
  C:\Windows\System\aeORDuR.exe
  2⤵
  PID:3620
- C:\Windows\System\fGbTDWp.exe
  C:\Windows\System\fGbTDWp.exe
  2⤵
  PID:3636
- C:\Windows\System\QQOQcvx.exe
  C:\Windows\System\QQOQcvx.exe
  2⤵
  PID:3652
- C:\Windows\System\gWLzSkK.exe
  C:\Windows\System\gWLzSkK.exe
  2⤵
  PID:3668
- C:\Windows\System\SmVwcFZ.exe
  C:\Windows\System\SmVwcFZ.exe
  2⤵
  PID:3684
- C:\Windows\System\ZoLMBCl.exe
  C:\Windows\System\ZoLMBCl.exe
  2⤵
  PID:3700
- C:\Windows\System\rpyLRik.exe
  C:\Windows\System\rpyLRik.exe
  2⤵
  PID:3716
- C:\Windows\System\NGEBgQN.exe
  C:\Windows\System\NGEBgQN.exe
  2⤵
  PID:3732
- C:\Windows\System\qDRLlHk.exe
  C:\Windows\System\qDRLlHk.exe
  2⤵
  PID:3748
- C:\Windows\System\ysLxHjE.exe
  C:\Windows\System\ysLxHjE.exe
  2⤵
  PID:3764
- C:\Windows\System\eiovaGz.exe
  C:\Windows\System\eiovaGz.exe
  2⤵
  PID:3780
- C:\Windows\System\fVzSdEZ.exe
  C:\Windows\System\fVzSdEZ.exe
  2⤵
  PID:3796
- C:\Windows\System\BysjwNY.exe
  C:\Windows\System\BysjwNY.exe
  2⤵
  PID:3812
- C:\Windows\System\LddGbMq.exe
  C:\Windows\System\LddGbMq.exe
  2⤵
  PID:3828
- C:\Windows\System\SdwxPEd.exe
  C:\Windows\System\SdwxPEd.exe
  2⤵
  PID:3844
- C:\Windows\System\MeWElef.exe
  C:\Windows\System\MeWElef.exe
  2⤵
  PID:3860
- C:\Windows\System\jJXmHiR.exe
  C:\Windows\System\jJXmHiR.exe
  2⤵
  PID:3876
- C:\Windows\System\Bykpmas.exe
  C:\Windows\System\Bykpmas.exe
  2⤵
  PID:3892
- C:\Windows\System\BJiXiVN.exe
  C:\Windows\System\BJiXiVN.exe
  2⤵
  PID:3908
- C:\Windows\System\SNosjbK.exe
  C:\Windows\System\SNosjbK.exe
  2⤵
  PID:3924
- C:\Windows\System\HxYykil.exe
  C:\Windows\System\HxYykil.exe
  2⤵
  PID:3940
- C:\Windows\System\KtBfJju.exe
  C:\Windows\System\KtBfJju.exe
  2⤵
  PID:3956
- C:\Windows\System\QWxlWIl.exe
  C:\Windows\System\QWxlWIl.exe
  2⤵
  PID:3972
- C:\Windows\System\uzgMfuG.exe
  C:\Windows\System\uzgMfuG.exe
  2⤵
  PID:3988
- C:\Windows\System\uBfybHT.exe
  C:\Windows\System\uBfybHT.exe
  2⤵
  PID:4004
- C:\Windows\System\JiyUwao.exe
  C:\Windows\System\JiyUwao.exe
  2⤵
  PID:4020
- C:\Windows\System\nvEXdIh.exe
  C:\Windows\System\nvEXdIh.exe
  2⤵
  PID:4036
- C:\Windows\System\KOxfLKW.exe
  C:\Windows\System\KOxfLKW.exe
  2⤵
  PID:4052
- C:\Windows\System\DnlFmBj.exe
  C:\Windows\System\DnlFmBj.exe
  2⤵
  PID:4068
- C:\Windows\System\TbNitJI.exe
  C:\Windows\System\TbNitJI.exe
  2⤵
  PID:4084
- C:\Windows\System\EdMHeJY.exe
  C:\Windows\System\EdMHeJY.exe
  2⤵
  PID:2244
- C:\Windows\System\mBlnoEi.exe
  C:\Windows\System\mBlnoEi.exe
  2⤵
  PID:1320
- C:\Windows\System\xPJZOtQ.exe
  C:\Windows\System\xPJZOtQ.exe
  2⤵
  PID:1128
- C:\Windows\System\jamzCah.exe
  C:\Windows\System\jamzCah.exe
  2⤵
  PID:2636
- C:\Windows\System\NhFjaeS.exe
  C:\Windows\System\NhFjaeS.exe
  2⤵
  PID:1460
- C:\Windows\System\SWRFsUA.exe
  C:\Windows\System\SWRFsUA.exe
  2⤵
  PID:696
- C:\Windows\System\jVmtxLC.exe
  C:\Windows\System\jVmtxLC.exe
  2⤵
  PID:2916
- C:\Windows\System\BmGYNLT.exe
  C:\Windows\System\BmGYNLT.exe
  2⤵
  PID:2404
- C:\Windows\System\EUNOEUV.exe
  C:\Windows\System\EUNOEUV.exe
  2⤵
  PID:1552
- C:\Windows\System\QOKDauV.exe
  C:\Windows\System\QOKDauV.exe
  2⤵
  PID:868
- C:\Windows\System\kCxmMqZ.exe
  C:\Windows\System\kCxmMqZ.exe
  2⤵
  PID:2556
- C:\Windows\System\qjvCuSG.exe
  C:\Windows\System\qjvCuSG.exe
  2⤵
  PID:2940
- C:\Windows\System\ajClRpF.exe
  C:\Windows\System\ajClRpF.exe
  2⤵
  PID:3088
- C:\Windows\System\hXGVnGf.exe
  C:\Windows\System\hXGVnGf.exe
  2⤵
  PID:2420
- C:\Windows\System\afwmfiP.exe
  C:\Windows\System\afwmfiP.exe
  2⤵
  PID:2304
- C:\Windows\System\UpDWGNB.exe
  C:\Windows\System\UpDWGNB.exe
  2⤵
  PID:3152
- C:\Windows\System\AWdkyfQ.exe
  C:\Windows\System\AWdkyfQ.exe
  2⤵
  PID:3156
- C:\Windows\System\QErnHil.exe
  C:\Windows\System\QErnHil.exe
  2⤵
  PID:3220
- C:\Windows\System\buIrJnA.exe
  C:\Windows\System\buIrJnA.exe
  2⤵
  PID:3284
- C:\Windows\System\AGOmNpa.exe
  C:\Windows\System\AGOmNpa.exe
  2⤵
  PID:3208
- C:\Windows\System\DiRUVOA.exe
  C:\Windows\System\DiRUVOA.exe
  2⤵
  PID:3268
- C:\Windows\System\vXXJoxQ.exe
  C:\Windows\System\vXXJoxQ.exe
  2⤵
  PID:3316
- C:\Windows\System\KWJkIZQ.exe
  C:\Windows\System\KWJkIZQ.exe
  2⤵
  PID:3348
- C:\Windows\System\FtLLXhp.exe
  C:\Windows\System\FtLLXhp.exe
  2⤵
  PID:3332
- C:\Windows\System\EbDDfKJ.exe
  C:\Windows\System\EbDDfKJ.exe
  2⤵
  PID:3368
- C:\Windows\System\buaUHZc.exe
  C:\Windows\System\buaUHZc.exe
  2⤵
  PID:3428
- C:\Windows\System\EzjWaxy.exe
  C:\Windows\System\EzjWaxy.exe
  2⤵
  PID:2476
- C:\Windows\System\eBWGZty.exe
  C:\Windows\System\eBWGZty.exe
  2⤵
  PID:3484
- C:\Windows\System\aGUzDFX.exe
  C:\Windows\System\aGUzDFX.exe
  2⤵
  PID:3464
- C:\Windows\System\uNuxvkZ.exe
  C:\Windows\System\uNuxvkZ.exe
  2⤵
  PID:3528
- C:\Windows\System\uctLQBt.exe
  C:\Windows\System\uctLQBt.exe
  2⤵
  PID:3532
- C:\Windows\System\euuEyQV.exe
  C:\Windows\System\euuEyQV.exe
  2⤵
  PID:3592
- C:\Windows\System\siuzTvv.exe
  C:\Windows\System\siuzTvv.exe
  2⤵
  PID:3644
- C:\Windows\System\WSEJyjM.exe
  C:\Windows\System\WSEJyjM.exe
  2⤵
  PID:3708
- C:\Windows\System\AhQEzms.exe
  C:\Windows\System\AhQEzms.exe
  2⤵
  PID:3696
- C:\Windows\System\lULVNsw.exe
  C:\Windows\System\lULVNsw.exe
  2⤵
  PID:3660
- C:\Windows\System\kIXVPsN.exe
  C:\Windows\System\kIXVPsN.exe
  2⤵
  PID:3724
- C:\Windows\System\CwmHBwQ.exe
  C:\Windows\System\CwmHBwQ.exe
  2⤵
  PID:3804
- C:\Windows\System\xIbgoEI.exe
  C:\Windows\System\xIbgoEI.exe
  2⤵
  PID:3788
- C:\Windows\System\MSDXhVr.exe
  C:\Windows\System\MSDXhVr.exe
  2⤵
  PID:3868
- C:\Windows\System\BuXWtDU.exe
  C:\Windows\System\BuXWtDU.exe
  2⤵
  PID:3856
- C:\Windows\System\rFdOWkK.exe
  C:\Windows\System\rFdOWkK.exe
  2⤵
  PID:3932
- C:\Windows\System\MdiJNRT.exe
  C:\Windows\System\MdiJNRT.exe
  2⤵
  PID:3964
- C:\Windows\System\UNMgYfH.exe
  C:\Windows\System\UNMgYfH.exe
  2⤵
  PID:4028
- C:\Windows\System\jPJyiyZ.exe
  C:\Windows\System\jPJyiyZ.exe
  2⤵
  PID:3980
- C:\Windows\System\UsPmTcS.exe
  C:\Windows\System\UsPmTcS.exe
  2⤵
  PID:4064
- C:\Windows\System\IYOQFrY.exe
  C:\Windows\System\IYOQFrY.exe
  2⤵
  PID:1364
- C:\Windows\System\PmGhwhO.exe
  C:\Windows\System\PmGhwhO.exe
  2⤵
  PID:2464
- C:\Windows\System\gSXvvXS.exe
  C:\Windows\System\gSXvvXS.exe
  2⤵
  PID:1568
- C:\Windows\System\ROhrWdb.exe
  C:\Windows\System\ROhrWdb.exe
  2⤵
  PID:4048
- C:\Windows\System\uNGQZZh.exe
  C:\Windows\System\uNGQZZh.exe
  2⤵
  PID:2756
- C:\Windows\System\drFnyhZ.exe
  C:\Windows\System\drFnyhZ.exe
  2⤵
  PID:900
- C:\Windows\System\mtDiicS.exe
  C:\Windows\System\mtDiicS.exe
  2⤵
  PID:672
- C:\Windows\System\CasoEMV.exe
  C:\Windows\System\CasoEMV.exe
  2⤵
  PID:3252
- C:\Windows\System\gckewwm.exe
  C:\Windows\System\gckewwm.exe
  2⤵
  PID:3304
- C:\Windows\System\gEnZQhG.exe
  C:\Windows\System\gEnZQhG.exe
  2⤵
  PID:376
- C:\Windows\System\kWEUptT.exe
  C:\Windows\System\kWEUptT.exe
  2⤵
  PID:3120
- C:\Windows\System\BeOQCAf.exe
  C:\Windows\System\BeOQCAf.exe
  2⤵
  PID:2760
- C:\Windows\System\qRBkauA.exe
  C:\Windows\System\qRBkauA.exe
  2⤵
  PID:2228
- C:\Windows\System\boqmnOj.exe
  C:\Windows\System\boqmnOj.exe
  2⤵
  PID:3188
- C:\Windows\System\ArSjVuE.exe
  C:\Windows\System\ArSjVuE.exe
  2⤵
  PID:3576
- C:\Windows\System\KJbVVYO.exe
  C:\Windows\System\KJbVVYO.exe
  2⤵
  PID:3692
- C:\Windows\System\hgtLPLb.exe
  C:\Windows\System\hgtLPLb.exe
  2⤵
  PID:3840
- C:\Windows\System\lYjPAoe.exe
  C:\Windows\System\lYjPAoe.exe
  2⤵
  PID:3496
- C:\Windows\System\LfjFIAe.exe
  C:\Windows\System\LfjFIAe.exe
  2⤵
  PID:3380
- C:\Windows\System\xpOyjXE.exe
  C:\Windows\System\xpOyjXE.exe
  2⤵
  PID:3560
- C:\Windows\System\mqfCneL.exe
  C:\Windows\System\mqfCneL.exe
  2⤵
  PID:3900
- C:\Windows\System\CSiEXMa.exe
  C:\Windows\System\CSiEXMa.exe
  2⤵
  PID:3676
- C:\Windows\System\pvByylT.exe
  C:\Windows\System\pvByylT.exe
  2⤵
  PID:3920
- C:\Windows\System\yAIkyIo.exe
  C:\Windows\System\yAIkyIo.exe
  2⤵
  PID:1684
- C:\Windows\System\pXpBZib.exe
  C:\Windows\System\pXpBZib.exe
  2⤵
  PID:3904
- C:\Windows\System\fzfLlXb.exe
  C:\Windows\System\fzfLlXb.exe
  2⤵
  PID:4060
- C:\Windows\System\YUzkinr.exe
  C:\Windows\System\YUzkinr.exe
  2⤵
  PID:4080
- C:\Windows\System\CDnHKcW.exe
  C:\Windows\System\CDnHKcW.exe
  2⤵
  PID:2736
- C:\Windows\System\ICOvcUe.exe
  C:\Windows\System\ICOvcUe.exe
  2⤵
  PID:2740
- C:\Windows\System\XkCqVgc.exe
  C:\Windows\System\XkCqVgc.exe
  2⤵
  PID:3288
- C:\Windows\System\pIZhIiP.exe
  C:\Windows\System\pIZhIiP.exe
  2⤵
  PID:2488
- C:\Windows\System\qPRSiow.exe
  C:\Windows\System\qPRSiow.exe
  2⤵
  PID:3516
- C:\Windows\System\mrCKtzM.exe
  C:\Windows\System\mrCKtzM.exe
  2⤵
  PID:3548
- C:\Windows\System\JPmTRIq.exe
  C:\Windows\System\JPmTRIq.exe
  2⤵
  PID:3480
- C:\Windows\System\KAHXzTB.exe
  C:\Windows\System\KAHXzTB.exe
  2⤵
  PID:2828
- C:\Windows\System\nbbWTWT.exe
  C:\Windows\System\nbbWTWT.exe
  2⤵
  PID:3760
- C:\Windows\System\iCWOrQr.exe
  C:\Windows\System\iCWOrQr.exe
  2⤵
  PID:3820
- C:\Windows\System\CpTzcot.exe
  C:\Windows\System\CpTzcot.exe
  2⤵
  PID:4108
- C:\Windows\System\BnxFTnx.exe
  C:\Windows\System\BnxFTnx.exe
  2⤵
  PID:4124
- C:\Windows\System\QPstMip.exe
  C:\Windows\System\QPstMip.exe
  2⤵
  PID:4140
- C:\Windows\System\msCkbLo.exe
  C:\Windows\System\msCkbLo.exe
  2⤵
  PID:4156
- C:\Windows\System\dDLNrsM.exe
  C:\Windows\System\dDLNrsM.exe
  2⤵
  PID:4172
- C:\Windows\System\KNqmwPZ.exe
  C:\Windows\System\KNqmwPZ.exe
  2⤵
  PID:4188
- C:\Windows\System\nPDCJKl.exe
  C:\Windows\System\nPDCJKl.exe
  2⤵
  PID:4204
- C:\Windows\System\SqdLUEU.exe
  C:\Windows\System\SqdLUEU.exe
  2⤵
  PID:4220
- C:\Windows\System\kblZROF.exe
  C:\Windows\System\kblZROF.exe
  2⤵
  PID:4236
- C:\Windows\System\CeywbYM.exe
  C:\Windows\System\CeywbYM.exe
  2⤵
  PID:4252
- C:\Windows\System\qAXHeYw.exe
  C:\Windows\System\qAXHeYw.exe
  2⤵
  PID:4268
- C:\Windows\System\Napvnit.exe
  C:\Windows\System\Napvnit.exe
  2⤵
  PID:4284
- C:\Windows\System\EwTjHZz.exe
  C:\Windows\System\EwTjHZz.exe
  2⤵
  PID:4300
- C:\Windows\System\jIMZlQM.exe
  C:\Windows\System\jIMZlQM.exe
  2⤵
  PID:4316
- C:\Windows\System\XWSnVyZ.exe
  C:\Windows\System\XWSnVyZ.exe
  2⤵
  PID:4332
- C:\Windows\System\dokxoca.exe
  C:\Windows\System\dokxoca.exe
  2⤵
  PID:4348
- C:\Windows\System\bkXJBCi.exe
  C:\Windows\System\bkXJBCi.exe
  2⤵
  PID:4364
- C:\Windows\System\ljaipRG.exe
  C:\Windows\System\ljaipRG.exe
  2⤵
  PID:4380
- C:\Windows\System\vAmZNfM.exe
  C:\Windows\System\vAmZNfM.exe
  2⤵
  PID:4396
- C:\Windows\System\yhQFgLH.exe
  C:\Windows\System\yhQFgLH.exe
  2⤵
  PID:4416
- C:\Windows\System\NnmLBpa.exe
  C:\Windows\System\NnmLBpa.exe
  2⤵
  PID:4432
- C:\Windows\System\mpJILyc.exe
  C:\Windows\System\mpJILyc.exe
  2⤵
  PID:4448
- C:\Windows\System\awgIrgi.exe
  C:\Windows\System\awgIrgi.exe
  2⤵
  PID:4464
- C:\Windows\System\BszkvLB.exe
  C:\Windows\System\BszkvLB.exe
  2⤵
  PID:4480
- C:\Windows\System\MalNQao.exe
  C:\Windows\System\MalNQao.exe
  2⤵
  PID:4496
- C:\Windows\System\dwlqtEJ.exe
  C:\Windows\System\dwlqtEJ.exe
  2⤵
  PID:4512
- C:\Windows\System\alUgUwC.exe
  C:\Windows\System\alUgUwC.exe
  2⤵
  PID:4528
- C:\Windows\System\Vqnixqy.exe
  C:\Windows\System\Vqnixqy.exe
  2⤵
  PID:4544
- C:\Windows\System\RmNZpXs.exe
  C:\Windows\System\RmNZpXs.exe
  2⤵
  PID:4560
- C:\Windows\System\iwbbthF.exe
  C:\Windows\System\iwbbthF.exe
  2⤵
  PID:4576
- C:\Windows\System\CsTPGyh.exe
  C:\Windows\System\CsTPGyh.exe
  2⤵
  PID:4592
- C:\Windows\System\wyuFIzr.exe
  C:\Windows\System\wyuFIzr.exe
  2⤵
  PID:4608
- C:\Windows\System\UAGTAft.exe
  C:\Windows\System\UAGTAft.exe
  2⤵
  PID:4624
- C:\Windows\System\VQfFuwk.exe
  C:\Windows\System\VQfFuwk.exe
  2⤵
  PID:4640
- C:\Windows\System\WPRHDog.exe
  C:\Windows\System\WPRHDog.exe
  2⤵
  PID:4656
- C:\Windows\System\zCnJPyI.exe
  C:\Windows\System\zCnJPyI.exe
  2⤵
  PID:4672
- C:\Windows\System\sqjwblT.exe
  C:\Windows\System\sqjwblT.exe
  2⤵
  PID:4688
- C:\Windows\System\QeXaQxU.exe
  C:\Windows\System\QeXaQxU.exe
  2⤵
  PID:4704
- C:\Windows\System\qQabCTx.exe
  C:\Windows\System\qQabCTx.exe
  2⤵
  PID:4720
- C:\Windows\System\BebYCnI.exe
  C:\Windows\System\BebYCnI.exe
  2⤵
  PID:4736
- C:\Windows\System\RjXbwdJ.exe
  C:\Windows\System\RjXbwdJ.exe
  2⤵
  PID:4752
- C:\Windows\System\jTJgRis.exe
  C:\Windows\System\jTJgRis.exe
  2⤵
  PID:4768
- C:\Windows\System\vgKkZuF.exe
  C:\Windows\System\vgKkZuF.exe
  2⤵
  PID:4788
- C:\Windows\System\RLBYjeo.exe
  C:\Windows\System\RLBYjeo.exe
  2⤵
  PID:4804
- C:\Windows\System\oTaUDQg.exe
  C:\Windows\System\oTaUDQg.exe
  2⤵
  PID:4820
- C:\Windows\System\eCzEbeu.exe
  C:\Windows\System\eCzEbeu.exe
  2⤵
  PID:4836
- C:\Windows\System\NZtYWCc.exe
  C:\Windows\System\NZtYWCc.exe
  2⤵
  PID:4852
- C:\Windows\System\fOYQSis.exe
  C:\Windows\System\fOYQSis.exe
  2⤵
  PID:4868
- C:\Windows\System\WczTKpV.exe
  C:\Windows\System\WczTKpV.exe
  2⤵
  PID:4884
- C:\Windows\System\LMkNOBY.exe
  C:\Windows\System\LMkNOBY.exe
  2⤵
  PID:4900
- C:\Windows\System\RqsNlSy.exe
  C:\Windows\System\RqsNlSy.exe
  2⤵
  PID:4916
- C:\Windows\System\IcoiZKR.exe
  C:\Windows\System\IcoiZKR.exe
  2⤵
  PID:4932
- C:\Windows\System\TEIDlTs.exe
  C:\Windows\System\TEIDlTs.exe
  2⤵
  PID:4948
- C:\Windows\System\bRVxyyY.exe
  C:\Windows\System\bRVxyyY.exe
  2⤵
  PID:4964
- C:\Windows\System\zrifVTX.exe
  C:\Windows\System\zrifVTX.exe
  2⤵
  PID:4980
- C:\Windows\System\jbUuZhp.exe
  C:\Windows\System\jbUuZhp.exe
  2⤵
  PID:4996
- C:\Windows\System\ELZMtdV.exe
  C:\Windows\System\ELZMtdV.exe
  2⤵
  PID:5012
- C:\Windows\System\eImITxA.exe
  C:\Windows\System\eImITxA.exe
  2⤵
  PID:5028
- C:\Windows\System\bAsivdP.exe
  C:\Windows\System\bAsivdP.exe
  2⤵
  PID:5044
- C:\Windows\System\HSemXEi.exe
  C:\Windows\System\HSemXEi.exe
  2⤵
  PID:5060
- C:\Windows\System\ThZhsoz.exe
  C:\Windows\System\ThZhsoz.exe
  2⤵
  PID:5076
- C:\Windows\System\QSlUNPb.exe
  C:\Windows\System\QSlUNPb.exe
  2⤵
  PID:5092
- C:\Windows\System\fWiajzr.exe
  C:\Windows\System\fWiajzr.exe
  2⤵
  PID:5108
- C:\Windows\System\sHzATDl.exe
  C:\Windows\System\sHzATDl.exe
  2⤵
  PID:3824
- C:\Windows\System\ThhilWe.exe
  C:\Windows\System\ThhilWe.exe
  2⤵
  PID:2220
- C:\Windows\System\VohnFaY.exe
  C:\Windows\System\VohnFaY.exe
  2⤵
  PID:2948
- C:\Windows\System\uvUyupN.exe
  C:\Windows\System\uvUyupN.exe
  2⤵
  PID:608
- C:\Windows\System\MuGnuiE.exe
  C:\Windows\System\MuGnuiE.exe
  2⤵
  PID:2500
- C:\Windows\System\YhpYaAk.exe
  C:\Windows\System\YhpYaAk.exe
  2⤵
  PID:2232
- C:\Windows\System\rBZbKKI.exe
  C:\Windows\System\rBZbKKI.exe
  2⤵
  PID:3776
- C:\Windows\System\oubQGfg.exe
  C:\Windows\System\oubQGfg.exe
  2⤵
  PID:4116
- C:\Windows\System\PZczjlh.exe
  C:\Windows\System\PZczjlh.exe
  2⤵
  PID:4152
- C:\Windows\System\BfVPqna.exe
  C:\Windows\System\BfVPqna.exe
  2⤵
  PID:4168
- C:\Windows\System\DhjIHMG.exe
  C:\Windows\System\DhjIHMG.exe
  2⤵
  PID:4212
- C:\Windows\System\zFYsjKy.exe
  C:\Windows\System\zFYsjKy.exe
  2⤵
  PID:4228
- C:\Windows\System\KfUfpDi.exe
  C:\Windows\System\KfUfpDi.exe
  2⤵
  PID:4260
- C:\Windows\System\sduenMW.exe
  C:\Windows\System\sduenMW.exe
  2⤵
  PID:4308
- C:\Windows\System\JAmBpfz.exe
  C:\Windows\System\JAmBpfz.exe
  2⤵
  PID:4340
- C:\Windows\System\GZzqcTO.exe
  C:\Windows\System\GZzqcTO.exe
  2⤵
  PID:4356
- C:\Windows\System\GoIJMua.exe
  C:\Windows\System\GoIJMua.exe
  2⤵
  PID:4404
- C:\Windows\System\EwcOuyn.exe
  C:\Windows\System\EwcOuyn.exe
  2⤵
  PID:4440
- C:\Windows\System\YiEnCIL.exe
  C:\Windows\System\YiEnCIL.exe
  2⤵
  PID:4472
- C:\Windows\System\lheVPlE.exe
  C:\Windows\System\lheVPlE.exe
  2⤵
  PID:4476
- C:\Windows\System\AKApcTn.exe
  C:\Windows\System\AKApcTn.exe
  2⤵
  PID:4492
- C:\Windows\System\sLUWtqq.exe
  C:\Windows\System\sLUWtqq.exe
  2⤵
  PID:4524
- C:\Windows\System\UJQnSoe.exe
  C:\Windows\System\UJQnSoe.exe
  2⤵
  PID:4572
- C:\Windows\System\zpHqgOg.exe
  C:\Windows\System\zpHqgOg.exe
  2⤵
  PID:4604
- C:\Windows\System\OcpezPm.exe
  C:\Windows\System\OcpezPm.exe
  2⤵
  PID:4636
- C:\Windows\System\hlKAEQv.exe
  C:\Windows\System\hlKAEQv.exe
  2⤵
  PID:4668
- C:\Windows\System\lcgNMcR.exe
  C:\Windows\System\lcgNMcR.exe
  2⤵
  PID:4700
- C:\Windows\System\vepwavt.exe
  C:\Windows\System\vepwavt.exe
  2⤵
  PID:4728
- C:\Windows\System\XzyIZVI.exe
  C:\Windows\System\XzyIZVI.exe
  2⤵
  PID:4748
- C:\Windows\System\oZykuWZ.exe
  C:\Windows\System\oZykuWZ.exe
  2⤵
  PID:4776
- C:\Windows\System\QPMVgyL.exe
  C:\Windows\System\QPMVgyL.exe
  2⤵
  PID:4832
- C:\Windows\System\mDXnuzK.exe
  C:\Windows\System\mDXnuzK.exe
  2⤵
  PID:4864
- C:\Windows\System\yXuQIho.exe
  C:\Windows\System\yXuQIho.exe
  2⤵
  PID:4880
- C:\Windows\System\ovoRoQH.exe
  C:\Windows\System\ovoRoQH.exe
  2⤵
  PID:4928
- C:\Windows\System\hDWVZhv.exe
  C:\Windows\System\hDWVZhv.exe
  2⤵
  PID:4944
- C:\Windows\System\RzeHgIk.exe
  C:\Windows\System\RzeHgIk.exe
  2⤵
  PID:4976
- C:\Windows\System\kUMFZWe.exe
  C:\Windows\System\kUMFZWe.exe
  2⤵
  PID:2372
- C:\Windows\System\BDjSuNx.exe
  C:\Windows\System\BDjSuNx.exe
  2⤵
  PID:5052
- C:\Windows\System\vwDWOAE.exe
  C:\Windows\System\vwDWOAE.exe
  2⤵
  PID:5072
- C:\Windows\System\RhBjYXY.exe
  C:\Windows\System\RhBjYXY.exe
  2⤵
  PID:5116
- C:\Windows\System\ocObkBO.exe
  C:\Windows\System\ocObkBO.exe
  2⤵
  PID:2200
- C:\Windows\System\CrBmibi.exe
  C:\Windows\System\CrBmibi.exe
  2⤵
  PID:4032
- C:\Windows\System\vlQsJOg.exe
  C:\Windows\System\vlQsJOg.exe
  2⤵
  PID:2832
- C:\Windows\System\iFRqauD.exe
  C:\Windows\System\iFRqauD.exe
  2⤵
  PID:3384
- C:\Windows\System\TiHaneB.exe
  C:\Windows\System\TiHaneB.exe
  2⤵
  PID:4120
- C:\Windows\System\EaRNNVf.exe
  C:\Windows\System\EaRNNVf.exe
  2⤵
  PID:4164
- C:\Windows\System\siICkTZ.exe
  C:\Windows\System\siICkTZ.exe
  2⤵
  PID:4244
- C:\Windows\System\fovPFrU.exe
  C:\Windows\System\fovPFrU.exe
  2⤵
  PID:4292
- C:\Windows\System\AzzEWBQ.exe
  C:\Windows\System\AzzEWBQ.exe
  2⤵
  PID:4344
- C:\Windows\System\hLwjilz.exe
  C:\Windows\System\hLwjilz.exe
  2⤵
  PID:2864
- C:\Windows\System\HMKVNid.exe
  C:\Windows\System\HMKVNid.exe
  2⤵
  PID:3052
- C:\Windows\System\xxQZyQS.exe
  C:\Windows\System\xxQZyQS.exe
  2⤵
  PID:4540
- C:\Windows\System\WYlTFbT.exe
  C:\Windows\System\WYlTFbT.exe
  2⤵
  PID:4588
- C:\Windows\System\Msnehxa.exe
  C:\Windows\System\Msnehxa.exe
  2⤵
  PID:4652
- C:\Windows\System\bzoLown.exe
  C:\Windows\System\bzoLown.exe
  2⤵
  PID:4744
- C:\Windows\System\sGTWoTp.exe
  C:\Windows\System\sGTWoTp.exe
  2⤵
  PID:4828
- C:\Windows\System\eCCnTln.exe
  C:\Windows\System\eCCnTln.exe
  2⤵
  PID:4876
- C:\Windows\System\gOBlqRE.exe
  C:\Windows\System\gOBlqRE.exe
  2⤵
  PID:4924
- C:\Windows\System\hTuoqoL.exe
  C:\Windows\System\hTuoqoL.exe
  2⤵
  PID:2132
- C:\Windows\System\sDkXiFl.exe
  C:\Windows\System\sDkXiFl.exe
  2⤵
  PID:5024
- C:\Windows\System\iIsKhWE.exe
  C:\Windows\System\iIsKhWE.exe
  2⤵
  PID:5068
- C:\Windows\System\jlKKWSe.exe
  C:\Windows\System\jlKKWSe.exe
  2⤵
  PID:3916
- C:\Windows\System\xisTxlR.exe
  C:\Windows\System\xisTxlR.exe
  2⤵
  PID:3888
- C:\Windows\System\CboZKRr.exe
  C:\Windows\System\CboZKRr.exe
  2⤵
  PID:3772
- C:\Windows\System\yueEwmx.exe
  C:\Windows\System\yueEwmx.exe
  2⤵
  PID:2824
- C:\Windows\System\kPbDcPa.exe
  C:\Windows\System\kPbDcPa.exe
  2⤵
  PID:4136
- C:\Windows\System\mUfwCNG.exe
  C:\Windows\System\mUfwCNG.exe
  2⤵
  PID:4312
- C:\Windows\System\HtCCpMH.exe
  C:\Windows\System\HtCCpMH.exe
  2⤵
  PID:4424
- C:\Windows\System\gTBLpiE.exe
  C:\Windows\System\gTBLpiE.exe
  2⤵
  PID:4568
- C:\Windows\System\wJpegsE.exe
  C:\Windows\System\wJpegsE.exe
  2⤵
  PID:4760
- C:\Windows\System\YlZafVZ.exe
  C:\Windows\System\YlZafVZ.exe
  2⤵
  PID:4800
- C:\Windows\System\XJJyKdf.exe
  C:\Windows\System\XJJyKdf.exe
  2⤵
  PID:5136
- C:\Windows\System\wKDAoml.exe
  C:\Windows\System\wKDAoml.exe
  2⤵
  PID:5152
- C:\Windows\System\vshjNyt.exe
  C:\Windows\System\vshjNyt.exe
  2⤵
  PID:5172
- C:\Windows\System\DnvVHtV.exe
  C:\Windows\System\DnvVHtV.exe
  2⤵
  PID:5188
- C:\Windows\System\SiuPpor.exe
  C:\Windows\System\SiuPpor.exe
  2⤵
  PID:5204
- C:\Windows\System\QTVXuSs.exe
  C:\Windows\System\QTVXuSs.exe
  2⤵
  PID:5220
- C:\Windows\System\pJfKMEd.exe
  C:\Windows\System\pJfKMEd.exe
  2⤵
  PID:5236
- C:\Windows\System\PplwXtZ.exe
  C:\Windows\System\PplwXtZ.exe
  2⤵
  PID:5252
- C:\Windows\System\TYukSUY.exe
  C:\Windows\System\TYukSUY.exe
  2⤵
  PID:5268
- C:\Windows\System\rqtuovV.exe
  C:\Windows\System\rqtuovV.exe
  2⤵
  PID:5284
- C:\Windows\System\JyuKFSS.exe
  C:\Windows\System\JyuKFSS.exe
  2⤵
  PID:5300
- C:\Windows\System\pHRtDIR.exe
  C:\Windows\System\pHRtDIR.exe
  2⤵
  PID:5316
- C:\Windows\System\lzXcnvl.exe
  C:\Windows\System\lzXcnvl.exe
  2⤵
  PID:5332
- C:\Windows\System\YqiaLxk.exe
  C:\Windows\System\YqiaLxk.exe
  2⤵
  PID:5348
- C:\Windows\System\ETQChEi.exe
  C:\Windows\System\ETQChEi.exe
  2⤵
  PID:5364
- C:\Windows\System\cBfVOWz.exe
  C:\Windows\System\cBfVOWz.exe
  2⤵
  PID:5380
- C:\Windows\System\OCXscBe.exe
  C:\Windows\System\OCXscBe.exe
  2⤵
  PID:5396
- C:\Windows\System\vdXaRWh.exe
  C:\Windows\System\vdXaRWh.exe
  2⤵
  PID:5412
- C:\Windows\System\RFdqHWO.exe
  C:\Windows\System\RFdqHWO.exe
  2⤵
  PID:5428
- C:\Windows\System\TKxtqYS.exe
  C:\Windows\System\TKxtqYS.exe
  2⤵
  PID:5444
- C:\Windows\System\fFTqtQL.exe
  C:\Windows\System\fFTqtQL.exe
  2⤵
  PID:5460
- C:\Windows\System\PSwuwuO.exe
  C:\Windows\System\PSwuwuO.exe
  2⤵
  PID:5476
- C:\Windows\System\lnnHGmY.exe
  C:\Windows\System\lnnHGmY.exe
  2⤵
  PID:5496
- C:\Windows\System\hnNxZWE.exe
  C:\Windows\System\hnNxZWE.exe
  2⤵
  PID:5512
- C:\Windows\System\rsOSpqx.exe
  C:\Windows\System\rsOSpqx.exe
  2⤵
  PID:5528
- C:\Windows\System\jCTtvhw.exe
  C:\Windows\System\jCTtvhw.exe
  2⤵
  PID:5544
- C:\Windows\System\ODPlBZk.exe
  C:\Windows\System\ODPlBZk.exe
  2⤵
  PID:5560
- C:\Windows\System\vwjAMbO.exe
  C:\Windows\System\vwjAMbO.exe
  2⤵
  PID:5576
- C:\Windows\System\zbgqGKA.exe
  C:\Windows\System\zbgqGKA.exe
  2⤵
  PID:5592
- C:\Windows\System\qAoZQrF.exe
  C:\Windows\System\qAoZQrF.exe
  2⤵
  PID:5608
- C:\Windows\System\wLVdwub.exe
  C:\Windows\System\wLVdwub.exe
  2⤵
  PID:5624
- C:\Windows\System\SHscFqW.exe
  C:\Windows\System\SHscFqW.exe
  2⤵
  PID:5640
- C:\Windows\System\JKnrvwv.exe
  C:\Windows\System\JKnrvwv.exe
  2⤵
  PID:5656
- C:\Windows\System\HHSDsJf.exe
  C:\Windows\System\HHSDsJf.exe
  2⤵
  PID:5672
- C:\Windows\System\zJMCJgl.exe
  C:\Windows\System\zJMCJgl.exe
  2⤵
  PID:5688
- C:\Windows\System\RLEJcrh.exe
  C:\Windows\System\RLEJcrh.exe
  2⤵
  PID:5704
- C:\Windows\System\OXaqpFr.exe
  C:\Windows\System\OXaqpFr.exe
  2⤵
  PID:5720
- C:\Windows\System\KzfUOnD.exe
  C:\Windows\System\KzfUOnD.exe
  2⤵
  PID:5736
- C:\Windows\System\PwKTPTT.exe
  C:\Windows\System\PwKTPTT.exe
  2⤵
  PID:5752
- C:\Windows\System\OwBRmbu.exe
  C:\Windows\System\OwBRmbu.exe
  2⤵
  PID:5768
- C:\Windows\System\KOsuDhE.exe
  C:\Windows\System\KOsuDhE.exe
  2⤵
  PID:5784
- C:\Windows\System\NBibsvC.exe
  C:\Windows\System\NBibsvC.exe
  2⤵
  PID:5800
- C:\Windows\System\cQuqMRo.exe
  C:\Windows\System\cQuqMRo.exe
  2⤵
  PID:5816
- C:\Windows\System\BvOcElQ.exe
  C:\Windows\System\BvOcElQ.exe
  2⤵
  PID:5836
- C:\Windows\System\PiRexRZ.exe
  C:\Windows\System\PiRexRZ.exe
  2⤵
  PID:5852
- C:\Windows\System\kbkLMlW.exe
  C:\Windows\System\kbkLMlW.exe
  2⤵
  PID:5868
- C:\Windows\System\gbsSQzR.exe
  C:\Windows\System\gbsSQzR.exe
  2⤵
  PID:5884
- C:\Windows\System\lHwgcmZ.exe
  C:\Windows\System\lHwgcmZ.exe
  2⤵
  PID:5900
- C:\Windows\System\gsDPSQz.exe
  C:\Windows\System\gsDPSQz.exe
  2⤵
  PID:5916
- C:\Windows\System\ddxWDYz.exe
  C:\Windows\System\ddxWDYz.exe
  2⤵
  PID:5932
- C:\Windows\System\IHSPJje.exe
  C:\Windows\System\IHSPJje.exe
  2⤵
  PID:5948
- C:\Windows\System\KVdEEZm.exe
  C:\Windows\System\KVdEEZm.exe
  2⤵
  PID:5964
- C:\Windows\System\UKAODsa.exe
  C:\Windows\System\UKAODsa.exe
  2⤵
  PID:5980
- C:\Windows\System\bKpuyOn.exe
  C:\Windows\System\bKpuyOn.exe
  2⤵
  PID:5996
- C:\Windows\System\VtFIoog.exe
  C:\Windows\System\VtFIoog.exe
  2⤵
  PID:6012
- C:\Windows\System\yCDInft.exe
  C:\Windows\System\yCDInft.exe
  2⤵
  PID:6028
- C:\Windows\System\qcwZdhs.exe
  C:\Windows\System\qcwZdhs.exe
  2⤵
  PID:6044
- C:\Windows\System\jJhOXpg.exe
  C:\Windows\System\jJhOXpg.exe
  2⤵
  PID:6060
- C:\Windows\System\lZXvoDc.exe
  C:\Windows\System\lZXvoDc.exe
  2⤵
  PID:6076
- C:\Windows\System\tDHOPOq.exe
  C:\Windows\System\tDHOPOq.exe
  2⤵
  PID:6092
- C:\Windows\System\HosAyac.exe
  C:\Windows\System\HosAyac.exe
  2⤵
  PID:6108
- C:\Windows\System\NbCbTwy.exe
  C:\Windows\System\NbCbTwy.exe
  2⤵
  PID:6124
- C:\Windows\System\RtxNWCA.exe
  C:\Windows\System\RtxNWCA.exe
  2⤵
  PID:4860
- C:\Windows\System\pjyPAbw.exe
  C:\Windows\System\pjyPAbw.exe
  2⤵
  PID:5020
- C:\Windows\System\MjWwGRm.exe
  C:\Windows\System\MjWwGRm.exe
  2⤵
  PID:4972
- C:\Windows\System\VwrkLaD.exe
  C:\Windows\System\VwrkLaD.exe
  2⤵
  PID:2116
- C:\Windows\System\nSKdqRg.exe
  C:\Windows\System\nSKdqRg.exe
  2⤵
  PID:4100
- C:\Windows\System\XodKCfE.exe
  C:\Windows\System\XodKCfE.exe
  2⤵
  PID:4376
- C:\Windows\System\JltcVdm.exe
  C:\Windows\System\JltcVdm.exe
  2⤵
  PID:4616
- C:\Windows\System\YGZfHiS.exe
  C:\Windows\System\YGZfHiS.exe
  2⤵
  PID:4848
- C:\Windows\System\gVcRAgd.exe
  C:\Windows\System\gVcRAgd.exe
  2⤵
  PID:2324
- C:\Windows\System\VzAFeLi.exe
  C:\Windows\System\VzAFeLi.exe
  2⤵
  PID:5180
- C:\Windows\System\VRMjgDP.exe
  C:\Windows\System\VRMjgDP.exe
  2⤵
  PID:5200
- C:\Windows\System\zVWGLvz.exe
  C:\Windows\System\zVWGLvz.exe
  2⤵
  PID:5232
- C:\Windows\System\WhQQuhc.exe
  C:\Windows\System\WhQQuhc.exe
  2⤵
  PID:5264
- C:\Windows\System\TQgiIpg.exe
  C:\Windows\System\TQgiIpg.exe
  2⤵
  PID:5308
- C:\Windows\System\CmQMYAu.exe
  C:\Windows\System\CmQMYAu.exe
  2⤵
  PID:5328
- C:\Windows\System\aFTXybq.exe
  C:\Windows\System\aFTXybq.exe
  2⤵
  PID:5372
- C:\Windows\System\GBrekHr.exe
  C:\Windows\System\GBrekHr.exe
  2⤵
  PID:5404
- C:\Windows\System\VvzBgzO.exe
  C:\Windows\System\VvzBgzO.exe
  2⤵
  PID:5436
- C:\Windows\System\StvOBRF.exe
  C:\Windows\System\StvOBRF.exe
  2⤵
  PID:5468
- C:\Windows\System\APGJvNb.exe
  C:\Windows\System\APGJvNb.exe
  2⤵
  PID:5504
- C:\Windows\System\VLQVXqX.exe
  C:\Windows\System\VLQVXqX.exe
  2⤵
  PID:5524
- C:\Windows\System\eElJQFj.exe
  C:\Windows\System\eElJQFj.exe
  2⤵
  PID:5552
- C:\Windows\System\jBmDuVX.exe
  C:\Windows\System\jBmDuVX.exe
  2⤵
  PID:5556
- C:\Windows\System\JtkMHUm.exe
  C:\Windows\System\JtkMHUm.exe
  2⤵
  PID:5604
- C:\Windows\System\HcWjyfP.exe
  C:\Windows\System\HcWjyfP.exe
  2⤵
  PID:5636
- C:\Windows\System\VYfPURT.exe
  C:\Windows\System\VYfPURT.exe
  2⤵
  PID:5680
- C:\Windows\System\OQHOcSE.exe
  C:\Windows\System\OQHOcSE.exe
  2⤵
  PID:5712
- C:\Windows\System\FSIwDdi.exe
  C:\Windows\System\FSIwDdi.exe
  2⤵
  PID:5760
- C:\Windows\System\doaIcEk.exe
  C:\Windows\System\doaIcEk.exe
  2⤵
  PID:5792
- C:\Windows\System\PsfETaC.exe
  C:\Windows\System\PsfETaC.exe
  2⤵
  PID:5808
- C:\Windows\System\KgnbZYC.exe
  C:\Windows\System\KgnbZYC.exe
  2⤵
  PID:5844
- C:\Windows\System\SwiFVVZ.exe
  C:\Windows\System\SwiFVVZ.exe
  2⤵
  PID:5876
- C:\Windows\System\MLVYOpy.exe
  C:\Windows\System\MLVYOpy.exe
  2⤵
  PID:5896
- C:\Windows\System\IvlpZcT.exe
  C:\Windows\System\IvlpZcT.exe
  2⤵
  PID:5928
- C:\Windows\System\uxPYBGT.exe
  C:\Windows\System\uxPYBGT.exe
  2⤵
  PID:5960
- C:\Windows\System\uoeGBUO.exe
  C:\Windows\System\uoeGBUO.exe
  2⤵
  PID:5992
- C:\Windows\System\gvTdXge.exe
  C:\Windows\System\gvTdXge.exe
  2⤵
  PID:6024
- C:\Windows\System\tLsCvKj.exe
  C:\Windows\System\tLsCvKj.exe
  2⤵
  PID:6056
- C:\Windows\System\VrjsSIa.exe
  C:\Windows\System\VrjsSIa.exe
  2⤵
  PID:6088
- C:\Windows\System\LMGixah.exe
  C:\Windows\System\LMGixah.exe
  2⤵
  PID:6120
- C:\Windows\System\OFBwVHn.exe
  C:\Windows\System\OFBwVHn.exe
  2⤵
  PID:4940
- C:\Windows\System\QWTXeCO.exe
  C:\Windows\System\QWTXeCO.exe
  2⤵
  PID:2300
- C:\Windows\System\YDrFJUZ.exe
  C:\Windows\System\YDrFJUZ.exe
  2⤵
  PID:4536
- C:\Windows\System\pphIHBH.exe
  C:\Windows\System\pphIHBH.exe
  2⤵
  PID:5144
- C:\Windows\System\atYDrLv.exe
  C:\Windows\System\atYDrLv.exe
  2⤵
  PID:5228
- C:\Windows\System\MuEUbYi.exe
  C:\Windows\System\MuEUbYi.exe
  2⤵
  PID:5248
- C:\Windows\System\ZTXOFWv.exe
  C:\Windows\System\ZTXOFWv.exe
  2⤵
  PID:5312
- C:\Windows\System\peaYnEO.exe
  C:\Windows\System\peaYnEO.exe
  2⤵
  PID:2380
- C:\Windows\System\ElhujLQ.exe
  C:\Windows\System\ElhujLQ.exe
  2⤵
  PID:5420
- C:\Windows\System\ATADxOS.exe
  C:\Windows\System\ATADxOS.exe
  2⤵
  PID:5452
- C:\Windows\System\xdiPkvG.exe
  C:\Windows\System\xdiPkvG.exe
  2⤵
  PID:2808
- C:\Windows\System\fusvNaq.exe
  C:\Windows\System\fusvNaq.exe
  2⤵
  PID:5572
- C:\Windows\System\QpDICVG.exe
  C:\Windows\System\QpDICVG.exe
  2⤵
  PID:5648
- C:\Windows\System\obeUGvG.exe
  C:\Windows\System\obeUGvG.exe
  2⤵
  PID:5700
- C:\Windows\System\AmVgJXV.exe
  C:\Windows\System\AmVgJXV.exe
  2⤵
  PID:5764
- C:\Windows\System\ZCtGvyX.exe
  C:\Windows\System\ZCtGvyX.exe
  2⤵
  PID:5832
- C:\Windows\System\UnIdaUs.exe
  C:\Windows\System\UnIdaUs.exe
  2⤵
  PID:5880
- C:\Windows\System\nkbfnAE.exe
  C:\Windows\System\nkbfnAE.exe
  2⤵
  PID:5944
- C:\Windows\System\HwXdkdt.exe
  C:\Windows\System\HwXdkdt.exe
  2⤵
  PID:6020
- C:\Windows\System\sadPMqW.exe
  C:\Windows\System\sadPMqW.exe
  2⤵
  PID:6072
- C:\Windows\System\FZicCux.exe
  C:\Windows\System\FZicCux.exe
  2⤵
  PID:6140
- C:\Windows\System\FBfnosW.exe
  C:\Windows\System\FBfnosW.exe
  2⤵
  PID:2468
- C:\Windows\System\LULEwPj.exe
  C:\Windows\System\LULEwPj.exe
  2⤵
  PID:5196
- C:\Windows\System\fqincKE.exe
  C:\Windows\System\fqincKE.exe
  2⤵
  PID:5324
- C:\Windows\System\tMnAENV.exe
  C:\Windows\System\tMnAENV.exe
  2⤵
  PID:5408
- C:\Windows\System\JpDiEkX.exe
  C:\Windows\System\JpDiEkX.exe
  2⤵
  PID:5568
- C:\Windows\System\PkpqumK.exe
  C:\Windows\System\PkpqumK.exe
  2⤵
  PID:6156
- C:\Windows\System\VHAGDQc.exe
  C:\Windows\System\VHAGDQc.exe
  2⤵
  PID:6172
- C:\Windows\System\oZvBQzN.exe
  C:\Windows\System\oZvBQzN.exe
  2⤵
  PID:6188
- C:\Windows\System\aQinsuU.exe
  C:\Windows\System\aQinsuU.exe
  2⤵
  PID:6204
- C:\Windows\System\MFcruFU.exe
  C:\Windows\System\MFcruFU.exe
  2⤵
  PID:6220
- C:\Windows\System\edDjkHR.exe
  C:\Windows\System\edDjkHR.exe
  2⤵
  PID:6236
- C:\Windows\System\FDjRXmO.exe
  C:\Windows\System\FDjRXmO.exe
  2⤵
  PID:6252
- C:\Windows\System\vClUTcW.exe
  C:\Windows\System\vClUTcW.exe
  2⤵
  PID:6268
- C:\Windows\System\FutaOmb.exe
  C:\Windows\System\FutaOmb.exe
  2⤵
  PID:6284
- C:\Windows\System\vxMEjqv.exe
  C:\Windows\System\vxMEjqv.exe
  2⤵
  PID:6300
- C:\Windows\System\WVLsQXt.exe
  C:\Windows\System\WVLsQXt.exe
  2⤵
  PID:6316
- C:\Windows\System\jcmANfX.exe
  C:\Windows\System\jcmANfX.exe
  2⤵
  PID:6332
- C:\Windows\System\WCqjzQd.exe
  C:\Windows\System\WCqjzQd.exe
  2⤵
  PID:6348
- C:\Windows\System\hrnIJXg.exe
  C:\Windows\System\hrnIJXg.exe
  2⤵
  PID:6368
- C:\Windows\System\eXxCbTw.exe
  C:\Windows\System\eXxCbTw.exe
  2⤵
  PID:6384
- C:\Windows\System\hakOADs.exe
  C:\Windows\System\hakOADs.exe
  2⤵
  PID:6400
- C:\Windows\System\AIhccGo.exe
  C:\Windows\System\AIhccGo.exe
  2⤵
  PID:6416
- C:\Windows\System\IGuBYLT.exe
  C:\Windows\System\IGuBYLT.exe
  2⤵
  PID:6432
- C:\Windows\System\YJHrsaH.exe
  C:\Windows\System\YJHrsaH.exe
  2⤵
  PID:6448
- C:\Windows\System\LpXVmgZ.exe
  C:\Windows\System\LpXVmgZ.exe
  2⤵
  PID:6464
- C:\Windows\System\nihRRtd.exe
  C:\Windows\System\nihRRtd.exe
  2⤵
  PID:6480
- C:\Windows\System\osHCugW.exe
  C:\Windows\System\osHCugW.exe
  2⤵
  PID:6496
- C:\Windows\System\rErXJVT.exe
  C:\Windows\System\rErXJVT.exe
  2⤵
  PID:6512
- C:\Windows\System\iGNkMUN.exe
  C:\Windows\System\iGNkMUN.exe
  2⤵
  PID:6528
- C:\Windows\System\eoUaWXD.exe
  C:\Windows\System\eoUaWXD.exe
  2⤵
  PID:6544
- C:\Windows\System\lPCusUX.exe
  C:\Windows\System\lPCusUX.exe
  2⤵
  PID:6560
- C:\Windows\System\DKuQxXC.exe
  C:\Windows\System\DKuQxXC.exe
  2⤵
  PID:6576
- C:\Windows\System\AkiMFPW.exe
  C:\Windows\System\AkiMFPW.exe
  2⤵
  PID:6592
- C:\Windows\System\wXmynQD.exe
  C:\Windows\System\wXmynQD.exe
  2⤵
  PID:6608
- C:\Windows\System\MbMRXYB.exe
  C:\Windows\System\MbMRXYB.exe
  2⤵
  PID:6624
- C:\Windows\System\eBcfoQq.exe
  C:\Windows\System\eBcfoQq.exe
  2⤵
  PID:6640
- C:\Windows\System\OhSjAYH.exe
  C:\Windows\System\OhSjAYH.exe
  2⤵
  PID:6656
- C:\Windows\System\SkSQPdk.exe
  C:\Windows\System\SkSQPdk.exe
  2⤵
  PID:6676
- C:\Windows\System\vNnLIrU.exe
  C:\Windows\System\vNnLIrU.exe
  2⤵
  PID:6692
- C:\Windows\System\oXjfSon.exe
  C:\Windows\System\oXjfSon.exe
  2⤵
  PID:6708
- C:\Windows\System\mfeXayN.exe
  C:\Windows\System\mfeXayN.exe
  2⤵
  PID:6724
- C:\Windows\System\YLIkMKj.exe
  C:\Windows\System\YLIkMKj.exe
  2⤵
  PID:6740
- C:\Windows\System\dEwJMFE.exe
  C:\Windows\System\dEwJMFE.exe
  2⤵
  PID:6756
- C:\Windows\System\UdgKGno.exe
  C:\Windows\System\UdgKGno.exe
  2⤵
  PID:6772
- C:\Windows\System\haqvEwh.exe
  C:\Windows\System\haqvEwh.exe
  2⤵
  PID:6788
- C:\Windows\System\aXxEWJH.exe
  C:\Windows\System\aXxEWJH.exe
  2⤵
  PID:6804
- C:\Windows\System\YhtnUSf.exe
  C:\Windows\System\YhtnUSf.exe
  2⤵
  PID:6820
- C:\Windows\System\UfMHcJx.exe
  C:\Windows\System\UfMHcJx.exe
  2⤵
  PID:6836
- C:\Windows\System\AbKfZle.exe
  C:\Windows\System\AbKfZle.exe
  2⤵
  PID:6852
- C:\Windows\System\zKRzmdD.exe
  C:\Windows\System\zKRzmdD.exe
  2⤵
  PID:6868
- C:\Windows\System\LjvxNZT.exe
  C:\Windows\System\LjvxNZT.exe
  2⤵
  PID:6884
- C:\Windows\System\vWnaWMk.exe
  C:\Windows\System\vWnaWMk.exe
  2⤵
  PID:6900
- C:\Windows\System\eRhIDRt.exe
  C:\Windows\System\eRhIDRt.exe
  2⤵
  PID:6916
- C:\Windows\System\cmwfimi.exe
  C:\Windows\System\cmwfimi.exe
  2⤵
  PID:6932
- C:\Windows\System\VgQepvY.exe
  C:\Windows\System\VgQepvY.exe
  2⤵
  PID:6948
- C:\Windows\System\bTdOJvl.exe
  C:\Windows\System\bTdOJvl.exe
  2⤵
  PID:6964
- C:\Windows\System\TrCIsKy.exe
  C:\Windows\System\TrCIsKy.exe
  2⤵
  PID:6980
- C:\Windows\System\oIjLYIT.exe
  C:\Windows\System\oIjLYIT.exe
  2⤵
  PID:7000
- C:\Windows\System\peLGckb.exe
  C:\Windows\System\peLGckb.exe
  2⤵
  PID:7016
- C:\Windows\System\hhNrzdQ.exe
  C:\Windows\System\hhNrzdQ.exe
  2⤵
  PID:7032
- C:\Windows\System\DHABMsh.exe
  C:\Windows\System\DHABMsh.exe
  2⤵
  PID:7048
- C:\Windows\System\eLBhaPr.exe
  C:\Windows\System\eLBhaPr.exe
  2⤵
  PID:7064
- C:\Windows\System\BThRfCy.exe
  C:\Windows\System\BThRfCy.exe
  2⤵
  PID:7080
- C:\Windows\System\NpWIpMY.exe
  C:\Windows\System\NpWIpMY.exe
  2⤵
  PID:7096
- C:\Windows\System\nmBdYLm.exe
  C:\Windows\System\nmBdYLm.exe
  2⤵
  PID:7112
- C:\Windows\System\LpHuQrV.exe
  C:\Windows\System\LpHuQrV.exe
  2⤵
  PID:7128
- C:\Windows\System\MNAHSSO.exe
  C:\Windows\System\MNAHSSO.exe
  2⤵
  PID:7144
- C:\Windows\System\lKfTimv.exe
  C:\Windows\System\lKfTimv.exe
  2⤵
  PID:7160
- C:\Windows\System\pNVwpUU.exe
  C:\Windows\System\pNVwpUU.exe
  2⤵
  PID:5632
- C:\Windows\System\rQfEyUr.exe
  C:\Windows\System\rQfEyUr.exe
  2⤵
  PID:5812
- C:\Windows\System\hvxWdjX.exe
  C:\Windows\System\hvxWdjX.exe
  2⤵
  PID:5956
- C:\Windows\System\wxdvoUc.exe
  C:\Windows\System\wxdvoUc.exe
  2⤵
  PID:6008
- C:\Windows\System\mwBYvqx.exe
  C:\Windows\System\mwBYvqx.exe
  2⤵
  PID:6104
- C:\Windows\System\byMgShF.exe
  C:\Windows\System\byMgShF.exe
  2⤵
  PID:5160
- C:\Windows\System\JKQnRlk.exe
  C:\Windows\System\JKQnRlk.exe
  2⤵
  PID:5356
- C:\Windows\System\ftkpmFL.exe
  C:\Windows\System\ftkpmFL.exe
  2⤵
  PID:6148
- C:\Windows\System\UWmdiwY.exe
  C:\Windows\System\UWmdiwY.exe
  2⤵
  PID:6168
- C:\Windows\System\fqcVjPz.exe
  C:\Windows\System\fqcVjPz.exe
  2⤵
  PID:6200
- C:\Windows\System\eGCMpsa.exe
  C:\Windows\System\eGCMpsa.exe
  2⤵
  PID:6216
- C:\Windows\System\imOqQIM.exe
  C:\Windows\System\imOqQIM.exe
  2⤵
  PID:6264
- C:\Windows\System\QbjelCv.exe
  C:\Windows\System\QbjelCv.exe
  2⤵
  PID:6296
- C:\Windows\System\CPtDnav.exe
  C:\Windows\System\CPtDnav.exe
  2⤵
  PID:6328
- C:\Windows\System\mklpzEz.exe
  C:\Windows\System\mklpzEz.exe
  2⤵
  PID:6364
- C:\Windows\System\XcZeJxm.exe
  C:\Windows\System\XcZeJxm.exe
  2⤵
  PID:6396
- C:\Windows\System\tClOOWc.exe
  C:\Windows\System\tClOOWc.exe
  2⤵
  PID:6428
- C:\Windows\System\QGubAUg.exe
  C:\Windows\System\QGubAUg.exe
  2⤵
  PID:3616
- C:\Windows\System\PKmTibi.exe
  C:\Windows\System\PKmTibi.exe
  2⤵
  PID:6476
- C:\Windows\System\rIAeMEh.exe
  C:\Windows\System\rIAeMEh.exe
  2⤵
  PID:6520
- C:\Windows\System\NBNpbXQ.exe
  C:\Windows\System\NBNpbXQ.exe
  2⤵
  PID:6552
- C:\Windows\System\jIBOqgf.exe
  C:\Windows\System\jIBOqgf.exe
  2⤵
  PID:6572
- C:\Windows\System\JZRJlYG.exe
  C:\Windows\System\JZRJlYG.exe
  2⤵
  PID:6616
- C:\Windows\System\hXsSwAv.exe
  C:\Windows\System\hXsSwAv.exe
  2⤵
  PID:6652
- C:\Windows\System\uWIyuVa.exe
  C:\Windows\System\uWIyuVa.exe
  2⤵
  PID:6684
- C:\Windows\System\YqSmgtg.exe
  C:\Windows\System\YqSmgtg.exe
  2⤵
  PID:6704
- C:\Windows\System\GmtpbOL.exe
  C:\Windows\System\GmtpbOL.exe
  2⤵
  PID:6752
- C:\Windows\System\NOPPbJn.exe
  C:\Windows\System\NOPPbJn.exe
  2⤵
  PID:6768
- C:\Windows\System\DLjHPQX.exe
  C:\Windows\System\DLjHPQX.exe
  2⤵
  PID:6800
- C:\Windows\System\lKaDmIC.exe
  C:\Windows\System\lKaDmIC.exe
  2⤵
  PID:6828
- C:\Windows\System\Pxflgsi.exe
  C:\Windows\System\Pxflgsi.exe
  2⤵
  PID:6876
- C:\Windows\System\aTuyVVm.exe
  C:\Windows\System\aTuyVVm.exe
  2⤵
  PID:6908
- C:\Windows\System\srZkwEF.exe
  C:\Windows\System\srZkwEF.exe
  2⤵
  PID:6924
- C:\Windows\System\byHsION.exe
  C:\Windows\System\byHsION.exe
  2⤵
  PID:6944
- C:\Windows\System\dYlOhEp.exe
  C:\Windows\System\dYlOhEp.exe
  2⤵
  PID:6976
- C:\Windows\System\gDHyruO.exe
  C:\Windows\System\gDHyruO.exe
  2⤵
  PID:7012
- C:\Windows\System\hObskjw.exe
  C:\Windows\System\hObskjw.exe
  2⤵
  PID:7040
- C:\Windows\System\aIeSMjn.exe
  C:\Windows\System\aIeSMjn.exe
  2⤵
  PID:7028
- C:\Windows\System\JPcvaeA.exe
  C:\Windows\System\JPcvaeA.exe
  2⤵
  PID:7076
- C:\Windows\System\TUsIDVq.exe
  C:\Windows\System\TUsIDVq.exe
  2⤵
  PID:7092
- C:\Windows\System\qWtdnmu.exe
  C:\Windows\System\qWtdnmu.exe
  2⤵
  PID:7124
- C:\Windows\System\TaNjXua.exe
  C:\Windows\System\TaNjXua.exe
  2⤵
  PID:7152
- C:\Windows\System\QuKnqJR.exe
  C:\Windows\System\QuKnqJR.exe
  2⤵
  PID:5716
- C:\Windows\System\OLXwPdm.exe
  C:\Windows\System\OLXwPdm.exe
  2⤵
  PID:6084
- C:\Windows\System\bQJfTXq.exe
  C:\Windows\System\bQJfTXq.exe
  2⤵
  PID:5164
- C:\Windows\System\ZeIfGgG.exe
  C:\Windows\System\ZeIfGgG.exe
  2⤵
  PID:6152
- C:\Windows\System\WIjrnOQ.exe
  C:\Windows\System\WIjrnOQ.exe
  2⤵
  PID:2100
- C:\Windows\System\LDVaIKI.exe
  C:\Windows\System\LDVaIKI.exe
  2⤵
  PID:6184
- C:\Windows\System\nHnHUUL.exe
  C:\Windows\System\nHnHUUL.exe
  2⤵
  PID:6292
- C:\Windows\System\kVAvLDG.exe
  C:\Windows\System\kVAvLDG.exe
  2⤵
  PID:6324
- C:\Windows\System\bzhMCvF.exe
  C:\Windows\System\bzhMCvF.exe
  2⤵
  PID:836
- C:\Windows\System\WTIfZzG.exe
  C:\Windows\System\WTIfZzG.exe
  2⤵
  PID:1924
- C:\Windows\System\BvsMFmn.exe
  C:\Windows\System\BvsMFmn.exe
  2⤵
  PID:2744
- C:\Windows\System\PfRdGJw.exe
  C:\Windows\System\PfRdGJw.exe
  2⤵
  PID:6672
- C:\Windows\System\nBIzAHY.exe
  C:\Windows\System\nBIzAHY.exe
  2⤵
  PID:6716
- C:\Windows\System\TaApsTN.exe
  C:\Windows\System\TaApsTN.exe
  2⤵
  PID:6796
- C:\Windows\System\DLxEvvF.exe
  C:\Windows\System\DLxEvvF.exe
  2⤵
  PID:6848
- C:\Windows\System\zllZABZ.exe
  C:\Windows\System\zllZABZ.exe
  2⤵
  PID:588
- C:\Windows\System\dSyCjCF.exe
  C:\Windows\System\dSyCjCF.exe
  2⤵
  PID:6912
- C:\Windows\System\VfnuaCT.exe
  C:\Windows\System\VfnuaCT.exe
  2⤵
  PID:1232
- C:\Windows\System\vGBrwLg.exe
  C:\Windows\System\vGBrwLg.exe
  2⤵
  PID:7044
- C:\Windows\System\LPvaeie.exe
  C:\Windows\System\LPvaeie.exe
  2⤵
  PID:7060
- C:\Windows\System\GKNbiDh.exe
  C:\Windows\System\GKNbiDh.exe
  2⤵
  PID:1884
- C:\Windows\System\gvCijny.exe
  C:\Windows\System\gvCijny.exe
  2⤵
  PID:5620
- C:\Windows\System\wiErMYf.exe
  C:\Windows\System\wiErMYf.exe
  2⤵
  PID:1908
- C:\Windows\System\FksDNHk.exe
  C:\Windows\System\FksDNHk.exe
  2⤵
  PID:4280
- C:\Windows\System\ggrQwgR.exe
  C:\Windows\System\ggrQwgR.exe
  2⤵
  PID:2076
- C:\Windows\System\UucfmYv.exe
  C:\Windows\System\UucfmYv.exe
  2⤵
  PID:6260
- C:\Windows\System\IufNhMm.exe
  C:\Windows\System\IufNhMm.exe
  2⤵
  PID:6536
- C:\Windows\System\VkAHeLQ.exe
  C:\Windows\System\VkAHeLQ.exe
  2⤵
  PID:6424
- C:\Windows\System\eTkEBAQ.exe
  C:\Windows\System\eTkEBAQ.exe
  2⤵
  PID:1916
- C:\Windows\System\nOYYFax.exe
  C:\Windows\System\nOYYFax.exe
  2⤵
  PID:2096
- C:\Windows\System\lPXQarY.exe
  C:\Windows\System\lPXQarY.exe
  2⤵
  PID:6412
- C:\Windows\System\SVBsUhE.exe
  C:\Windows\System\SVBsUhE.exe
  2⤵
  PID:1056
- C:\Windows\System\BEFeMVA.exe
  C:\Windows\System\BEFeMVA.exe
  2⤵
  PID:2820
- C:\Windows\System\VsOLpAu.exe
  C:\Windows\System\VsOLpAu.exe
  2⤵
  PID:6540
- C:\Windows\System\UJyopLP.exe
  C:\Windows\System\UJyopLP.exe
  2⤵
  PID:372
- C:\Windows\System\VKsOFZj.exe
  C:\Windows\System\VKsOFZj.exe
  2⤵
  PID:2068
- C:\Windows\System\kgdSRKy.exe
  C:\Windows\System\kgdSRKy.exe
  2⤵
  PID:6748
- C:\Windows\System\SIQGjrd.exe
  C:\Windows\System\SIQGjrd.exe
  2⤵
  PID:6860
- C:\Windows\System\UwvVRks.exe
  C:\Windows\System\UwvVRks.exe
  2⤵
  PID:6960
- C:\Windows\System\pHVtHDI.exe
  C:\Windows\System\pHVtHDI.exe
  2⤵
  PID:6816
- C:\Windows\System\fsXomnM.exe
  C:\Windows\System\fsXomnM.exe
  2⤵
  PID:692
- C:\Windows\System\GNlQUSK.exe
  C:\Windows\System\GNlQUSK.exe
  2⤵
  PID:2912
- C:\Windows\System\ZVMdQYv.exe
  C:\Windows\System\ZVMdQYv.exe
  2⤵
  PID:6228
- C:\Windows\System\iAeNcKP.exe
  C:\Windows\System\iAeNcKP.exe
  2⤵
  PID:1252
- C:\Windows\System\nBZTLdf.exe
  C:\Windows\System\nBZTLdf.exe
  2⤵
  PID:2952
- C:\Windows\System\ISGSzVk.exe
  C:\Windows\System\ISGSzVk.exe
  2⤵
  PID:6356
- C:\Windows\System\lTUvKOB.exe
  C:\Windows\System\lTUvKOB.exe
  2⤵
  PID:2428
- C:\Windows\System\oQczCIx.exe
  C:\Windows\System\oQczCIx.exe
  2⤵
  PID:2648
- C:\Windows\System\iBEzIzx.exe
  C:\Windows\System\iBEzIzx.exe
  2⤵
  PID:2984
- C:\Windows\System\eKAsfaX.exe
  C:\Windows\System\eKAsfaX.exe
  2⤵
  PID:6632
- C:\Windows\System\gpTrFHp.exe
  C:\Windows\System\gpTrFHp.exe
  2⤵
  PID:596
- C:\Windows\System\LnebuTQ.exe
  C:\Windows\System\LnebuTQ.exe
  2⤵
  PID:7136
- C:\Windows\System\IiyxNxc.exe
  C:\Windows\System\IiyxNxc.exe
  2⤵
  PID:2696
- C:\Windows\System\XzrtmLH.exe
  C:\Windows\System\XzrtmLH.exe
  2⤵
  PID:1672
- C:\Windows\System\VnMSVDG.exe
  C:\Windows\System\VnMSVDG.exe
  2⤵
  PID:2976
- C:\Windows\System\BSPVlXq.exe
  C:\Windows\System\BSPVlXq.exe
  2⤵
  PID:1972
- C:\Windows\System\eIDvLdM.exe
  C:\Windows\System\eIDvLdM.exe
  2⤵
  PID:1728
- C:\Windows\System\IxAfhsH.exe
  C:\Windows\System\IxAfhsH.exe
  2⤵
  PID:5892
- C:\Windows\System\lwWFapX.exe
  C:\Windows\System\lwWFapX.exe
  2⤵
  PID:6584
- C:\Windows\System\MTRWJXd.exe
  C:\Windows\System\MTRWJXd.exe
  2⤵
  PID:2720
- C:\Windows\System\DJniwHM.exe
  C:\Windows\System\DJniwHM.exe
  2⤵
  PID:1572
- C:\Windows\System\EKMywIc.exe
  C:\Windows\System\EKMywIc.exe
  2⤵
  PID:1612
- C:\Windows\System\PUEhMGy.exe
  C:\Windows\System\PUEhMGy.exe
  2⤵
  PID:7180
- C:\Windows\System\xVYWIgt.exe
  C:\Windows\System\xVYWIgt.exe
  2⤵
  PID:7196
- C:\Windows\System\XlkfjQC.exe
  C:\Windows\System\XlkfjQC.exe
  2⤵
  PID:7212
- C:\Windows\System\bAUvzFR.exe
  C:\Windows\System\bAUvzFR.exe
  2⤵
  PID:7232
- C:\Windows\System\nXUvByb.exe
  C:\Windows\System\nXUvByb.exe
  2⤵
  PID:7248
- C:\Windows\System\KHcVzFI.exe
  C:\Windows\System\KHcVzFI.exe
  2⤵
  PID:7264
- C:\Windows\System\zAFcVpd.exe
  C:\Windows\System\zAFcVpd.exe
  2⤵
  PID:7280
- C:\Windows\System\NSFyWhN.exe
  C:\Windows\System\NSFyWhN.exe
  2⤵
  PID:7296
- C:\Windows\System\kzdsmJj.exe
  C:\Windows\System\kzdsmJj.exe
  2⤵
  PID:7312
- C:\Windows\System\CMOEIRn.exe
  C:\Windows\System\CMOEIRn.exe
  2⤵
  PID:7328
- C:\Windows\System\gbCPkDo.exe
  C:\Windows\System\gbCPkDo.exe
  2⤵
  PID:7344
- C:\Windows\System\YtvWeiD.exe
  C:\Windows\System\YtvWeiD.exe
  2⤵
  PID:7360
- C:\Windows\System\fOlwlsl.exe
  C:\Windows\System\fOlwlsl.exe
  2⤵
  PID:7376
- C:\Windows\System\mLEFBhn.exe
  C:\Windows\System\mLEFBhn.exe
  2⤵
  PID:7392
- C:\Windows\System\WzAbMbB.exe
  C:\Windows\System\WzAbMbB.exe
  2⤵
  PID:7408
- C:\Windows\System\niuvJOW.exe
  C:\Windows\System\niuvJOW.exe
  2⤵
  PID:7424
- C:\Windows\System\GYnqzin.exe
  C:\Windows\System\GYnqzin.exe
  2⤵
  PID:7440
- C:\Windows\System\iirmupd.exe
  C:\Windows\System\iirmupd.exe
  2⤵
  PID:7456
- C:\Windows\System\BWkUgYP.exe
  C:\Windows\System\BWkUgYP.exe
  2⤵
  PID:7472
- C:\Windows\System\wKVyRaf.exe
  C:\Windows\System\wKVyRaf.exe
  2⤵
  PID:7488
- C:\Windows\System\EKgNvoe.exe
  C:\Windows\System\EKgNvoe.exe
  2⤵
  PID:7504
- C:\Windows\System\qSzNOtx.exe
  C:\Windows\System\qSzNOtx.exe
  2⤵
  PID:7520
- C:\Windows\System\hHNvLNl.exe
  C:\Windows\System\hHNvLNl.exe
  2⤵
  PID:7536
- C:\Windows\System\YvAuDZt.exe
  C:\Windows\System\YvAuDZt.exe
  2⤵
  PID:7552
- C:\Windows\System\bIXVQKp.exe
  C:\Windows\System\bIXVQKp.exe
  2⤵
  PID:7568
- C:\Windows\System\oeXRcXO.exe
  C:\Windows\System\oeXRcXO.exe
  2⤵
  PID:7584
- C:\Windows\System\DjVsqEC.exe
  C:\Windows\System\DjVsqEC.exe
  2⤵
  PID:7600
- C:\Windows\System\jEIuBPE.exe
  C:\Windows\System\jEIuBPE.exe
  2⤵
  PID:7616
- C:\Windows\System\vYcKGKI.exe
  C:\Windows\System\vYcKGKI.exe
  2⤵
  PID:7632
- C:\Windows\System\rHNUpFy.exe
  C:\Windows\System\rHNUpFy.exe
  2⤵
  PID:7648
- C:\Windows\System\RCugVIh.exe
  C:\Windows\System\RCugVIh.exe
  2⤵
  PID:7664
- C:\Windows\System\hmTELvH.exe
  C:\Windows\System\hmTELvH.exe
  2⤵
  PID:7680
- C:\Windows\System\FatxcBn.exe
  C:\Windows\System\FatxcBn.exe
  2⤵
  PID:7696
- C:\Windows\System\PTuYkYl.exe
  C:\Windows\System\PTuYkYl.exe
  2⤵
  PID:7712
- C:\Windows\System\ondaZis.exe
  C:\Windows\System\ondaZis.exe
  2⤵
  PID:7728
- C:\Windows\System\kPvFcAe.exe
  C:\Windows\System\kPvFcAe.exe
  2⤵
  PID:7744
- C:\Windows\System\MKkqoMJ.exe
  C:\Windows\System\MKkqoMJ.exe
  2⤵
  PID:7760
- C:\Windows\System\YFgDVmy.exe
  C:\Windows\System\YFgDVmy.exe
  2⤵
  PID:7776
- C:\Windows\System\cTpoSNy.exe
  C:\Windows\System\cTpoSNy.exe
  2⤵
  PID:7796
- C:\Windows\System\jrFOwXs.exe
  C:\Windows\System\jrFOwXs.exe
  2⤵
  PID:7812
- C:\Windows\System\nKBFqRJ.exe
  C:\Windows\System\nKBFqRJ.exe
  2⤵
  PID:7828
- C:\Windows\System\AzLgOsK.exe
  C:\Windows\System\AzLgOsK.exe
  2⤵
  PID:7844
- C:\Windows\System\yztzceM.exe
  C:\Windows\System\yztzceM.exe
  2⤵
  PID:7860
- C:\Windows\System\gLuInrx.exe
  C:\Windows\System\gLuInrx.exe
  2⤵
  PID:7876
- C:\Windows\System\bPHRZWf.exe
  C:\Windows\System\bPHRZWf.exe
  2⤵
  PID:7892
- C:\Windows\System\YsHmoMV.exe
  C:\Windows\System\YsHmoMV.exe
  2⤵
  PID:7908
- C:\Windows\System\PpcWwYp.exe
  C:\Windows\System\PpcWwYp.exe
  2⤵
  PID:7924
- C:\Windows\System\pYEylSq.exe
  C:\Windows\System\pYEylSq.exe
  2⤵
  PID:7940
- C:\Windows\System\ZIISXSD.exe
  C:\Windows\System\ZIISXSD.exe
  2⤵
  PID:7956
- C:\Windows\System\NlUnnoq.exe
  C:\Windows\System\NlUnnoq.exe
  2⤵
  PID:7972
- C:\Windows\System\diEGzXu.exe
  C:\Windows\System\diEGzXu.exe
  2⤵
  PID:7988
- C:\Windows\System\vUWrYqx.exe
  C:\Windows\System\vUWrYqx.exe
  2⤵
  PID:8004
- C:\Windows\System\yCJHGLj.exe
  C:\Windows\System\yCJHGLj.exe
  2⤵
  PID:8020
- C:\Windows\System\ARjwABh.exe
  C:\Windows\System\ARjwABh.exe
  2⤵
  PID:8036
- C:\Windows\System\amzRdEy.exe
  C:\Windows\System\amzRdEy.exe
  2⤵
  PID:8052
- C:\Windows\System\SLWgvOM.exe
  C:\Windows\System\SLWgvOM.exe
  2⤵
  PID:8068
- C:\Windows\System\uPbbsdZ.exe
  C:\Windows\System\uPbbsdZ.exe
  2⤵
  PID:8084
- C:\Windows\System\hGaFKql.exe
  C:\Windows\System\hGaFKql.exe
  2⤵
  PID:8100
- C:\Windows\System\PxuirZW.exe
  C:\Windows\System\PxuirZW.exe
  2⤵
  PID:8116
- C:\Windows\System\vsizxFz.exe
  C:\Windows\System\vsizxFz.exe
  2⤵
  PID:8132
- C:\Windows\System\gZALvkj.exe
  C:\Windows\System\gZALvkj.exe
  2⤵
  PID:8148
- C:\Windows\System\abgZYqz.exe
  C:\Windows\System\abgZYqz.exe
  2⤵
  PID:8164
- C:\Windows\System\rWxQuWN.exe
  C:\Windows\System\rWxQuWN.exe
  2⤵
  PID:8180
- C:\Windows\System\WsKwsUL.exe
  C:\Windows\System\WsKwsUL.exe
  2⤵
  PID:1932
- C:\Windows\System\LLhHrqU.exe
  C:\Windows\System\LLhHrqU.exe
  2⤵
  PID:7228
- C:\Windows\System\ImWCocY.exe
  C:\Windows\System\ImWCocY.exe
  2⤵
  PID:2868
- C:\Windows\System\NBmgtqa.exe
  C:\Windows\System\NBmgtqa.exe
  2⤵
  PID:7324
- C:\Windows\System\MeBpFof.exe
  C:\Windows\System\MeBpFof.exe
  2⤵
  PID:7176
- C:\Windows\System\YOJneGg.exe
  C:\Windows\System\YOJneGg.exe
  2⤵
  PID:7244
- C:\Windows\System\nBUZZuM.exe
  C:\Windows\System\nBUZZuM.exe
  2⤵
  PID:7336
- C:\Windows\System\CXaBeAA.exe
  C:\Windows\System\CXaBeAA.exe
  2⤵
  PID:7416
- C:\Windows\System\sZcjbZv.exe
  C:\Windows\System\sZcjbZv.exe
  2⤵
  PID:7404
- C:\Windows\System\hQvLJuS.exe
  C:\Windows\System\hQvLJuS.exe
  2⤵
  PID:7448
- C:\Windows\System\ayTxMgs.exe
  C:\Windows\System\ayTxMgs.exe
  2⤵
  PID:7464
- C:\Windows\System\oEkBBaJ.exe
  C:\Windows\System\oEkBBaJ.exe
  2⤵
  PID:7528
- C:\Windows\System\ivzvyVO.exe
  C:\Windows\System\ivzvyVO.exe
  2⤵
  PID:7580
- C:\Windows\System\EAJwuOn.exe
  C:\Windows\System\EAJwuOn.exe
  2⤵
  PID:7608
- C:\Windows\System\JInzNLB.exe
  C:\Windows\System\JInzNLB.exe
  2⤵
  PID:7624
- C:\Windows\System\zgWgLIz.exe
  C:\Windows\System\zgWgLIz.exe
  2⤵
  PID:7660
- C:\Windows\System\dubhpiw.exe
  C:\Windows\System\dubhpiw.exe
  2⤵
  PID:7688
- C:\Windows\System\JXOWxjx.exe
  C:\Windows\System\JXOWxjx.exe
  2⤵
  PID:7736
- C:\Windows\System\KvVynad.exe
  C:\Windows\System\KvVynad.exe
  2⤵
  PID:7772
- C:\Windows\System\YvWhHaf.exe
  C:\Windows\System\YvWhHaf.exe
  2⤵
  PID:7804
- C:\Windows\System\vKbsVSX.exe
  C:\Windows\System\vKbsVSX.exe
  2⤵
  PID:7224
- C:\Windows\System\rAajCmE.exe
  C:\Windows\System\rAajCmE.exe
  2⤵
  PID:7824
- C:\Windows\System\kWZtPSH.exe
  C:\Windows\System\kWZtPSH.exe
  2⤵
  PID:7900
- C:\Windows\System\jTzofMm.exe
  C:\Windows\System\jTzofMm.exe
  2⤵
  PID:7936
- C:\Windows\System\yHkNUtp.exe
  C:\Windows\System\yHkNUtp.exe
  2⤵
  PID:7916
- C:\Windows\System\SgTxuIm.exe
  C:\Windows\System\SgTxuIm.exe
  2⤵
  PID:7980
- C:\Windows\System\tzRwqcV.exe
  C:\Windows\System\tzRwqcV.exe
  2⤵
  PID:8016
- C:\Windows\System\uKsSMDx.exe
  C:\Windows\System\uKsSMDx.exe
  2⤵
  PID:8060
- C:\Windows\System\aIvKtNz.exe
  C:\Windows\System\aIvKtNz.exe
  2⤵
  PID:8076
- C:\Windows\System\ggbLwOq.exe
  C:\Windows\System\ggbLwOq.exe
  2⤵
  PID:8128
- C:\Windows\System\wTbYdtH.exe
  C:\Windows\System\wTbYdtH.exe
  2⤵
  PID:8144
- C:\Windows\System\VxTdsOa.exe
  C:\Windows\System\VxTdsOa.exe
  2⤵
  PID:8188
- C:\Windows\System\kZpBBBD.exe
  C:\Windows\System\kZpBBBD.exe
  2⤵
  PID:1692
- C:\Windows\System\ZJIIPqx.exe
  C:\Windows\System\ZJIIPqx.exe
  2⤵
  PID:7192
- C:\Windows\System\ZsJzoUv.exe
  C:\Windows\System\ZsJzoUv.exe
  2⤵
  PID:7208
- C:\Windows\System\qnigElz.exe
  C:\Windows\System\qnigElz.exe
  2⤵
  PID:7400
- C:\Windows\System\rnYqBOV.exe
  C:\Windows\System\rnYqBOV.exe
  2⤵
  PID:7340
- C:\Windows\System\nLswrTe.exe
  C:\Windows\System\nLswrTe.exe
  2⤵
  PID:7792
- C:\Windows\System\LWAOPyI.exe
  C:\Windows\System\LWAOPyI.exe
  2⤵
  PID:7512
- C:\Windows\System\uqrxjqK.exe
  C:\Windows\System\uqrxjqK.exe
  2⤵
  PID:7576
- C:\Windows\System\BZNvyEg.exe
  C:\Windows\System\BZNvyEg.exe
  2⤵
  PID:7596
- C:\Windows\System\KFsvkZi.exe
  C:\Windows\System\KFsvkZi.exe
  2⤵
  PID:7704
- C:\Windows\System\MTsOwRr.exe
  C:\Windows\System\MTsOwRr.exe
  2⤵
  PID:7708
- C:\Windows\System\MaXPrZD.exe
  C:\Windows\System\MaXPrZD.exe
  2⤵
  PID:7888
- C:\Windows\System\Slwirvz.exe
  C:\Windows\System\Slwirvz.exe
  2⤵
  PID:7756
- C:\Windows\System\eIIKNlw.exe
  C:\Windows\System\eIIKNlw.exe
  2⤵
  PID:7516
- C:\Windows\System\Hmtppoi.exe
  C:\Windows\System\Hmtppoi.exe
  2⤵
  PID:8048
- C:\Windows\System\RPedCcs.exe
  C:\Windows\System\RPedCcs.exe
  2⤵
  PID:8096
- C:\Windows\System\IsMvvRA.exe
  C:\Windows\System\IsMvvRA.exe
  2⤵
  PID:7496
- C:\Windows\System\cTRDOBY.exe
  C:\Windows\System\cTRDOBY.exe
  2⤵
  PID:7820
- C:\Windows\System\ctGXZGM.exe
  C:\Windows\System\ctGXZGM.exe
  2⤵
  PID:8140
- C:\Windows\System\FvJAfCe.exe
  C:\Windows\System\FvJAfCe.exe
  2⤵
  PID:7996
- C:\Windows\System\UqAYzxe.exe
  C:\Windows\System\UqAYzxe.exe
  2⤵
  PID:7560
- C:\Windows\System\SCWoPgG.exe
  C:\Windows\System\SCWoPgG.exe
  2⤵
  PID:7628
- C:\Windows\System\QQFkYCw.exe
  C:\Windows\System\QQFkYCw.exe
  2⤵
  PID:7952
- C:\Windows\System\iFjqVTx.exe
  C:\Windows\System\iFjqVTx.exe
  2⤵
  PID:8092
- C:\Windows\System\junYjaO.exe
  C:\Windows\System\junYjaO.exe
  2⤵
  PID:7784
- C:\Windows\System\ntzetOr.exe
  C:\Windows\System\ntzetOr.exe
  2⤵
  PID:8044
- C:\Windows\System\nVPGOeI.exe
  C:\Windows\System\nVPGOeI.exe
  2⤵
  PID:7672
- C:\Windows\System\sDpgVcr.exe
  C:\Windows\System\sDpgVcr.exe
  2⤵
  PID:7656
- C:\Windows\System\mkIFSVq.exe
  C:\Windows\System\mkIFSVq.exe
  2⤵
  PID:7480
- C:\Windows\System\nRFAkcI.exe
  C:\Windows\System\nRFAkcI.exe
  2⤵
  PID:8160
- C:\Windows\System\DkYxlIe.exe
  C:\Windows\System\DkYxlIe.exe
  2⤵
  PID:7372
- C:\Windows\System\QHlHDWv.exe
  C:\Windows\System\QHlHDWv.exe
  2⤵
  PID:7436
- C:\Windows\System\yMLGMxK.exe
  C:\Windows\System\yMLGMxK.exe
  2⤵
  PID:8208
- C:\Windows\System\roasvJu.exe
  C:\Windows\System\roasvJu.exe
  2⤵
  PID:8224
- C:\Windows\System\eLmtAlN.exe
  C:\Windows\System\eLmtAlN.exe
  2⤵
  PID:8240
- C:\Windows\System\fCFrQTE.exe
  C:\Windows\System\fCFrQTE.exe
  2⤵
  PID:8256
- C:\Windows\System\ZJWFMCP.exe
  C:\Windows\System\ZJWFMCP.exe
  2⤵
  PID:8272
- C:\Windows\System\fcpMbLK.exe
  C:\Windows\System\fcpMbLK.exe
  2⤵
  PID:8288
- C:\Windows\System\rkpHJKL.exe
  C:\Windows\System\rkpHJKL.exe
  2⤵
  PID:8304
- C:\Windows\System\rxRbnJu.exe
  C:\Windows\System\rxRbnJu.exe
  2⤵
  PID:8320
- C:\Windows\System\xyxfkLZ.exe
  C:\Windows\System\xyxfkLZ.exe
  2⤵
  PID:8336
- C:\Windows\System\SirNSyQ.exe
  C:\Windows\System\SirNSyQ.exe
  2⤵
  PID:8352
- C:\Windows\System\PeXBswf.exe
  C:\Windows\System\PeXBswf.exe
  2⤵
  PID:8368
- C:\Windows\System\dOrZCbF.exe
  C:\Windows\System\dOrZCbF.exe
  2⤵
  PID:8384
- C:\Windows\System\IaXyvHz.exe
  C:\Windows\System\IaXyvHz.exe
  2⤵
  PID:8400
- C:\Windows\System\yxzFaKK.exe
  C:\Windows\System\yxzFaKK.exe
  2⤵
  PID:8416
- C:\Windows\System\byzbrFR.exe
  C:\Windows\System\byzbrFR.exe
  2⤵
  PID:8432
- C:\Windows\System\JAXlXCa.exe
  C:\Windows\System\JAXlXCa.exe
  2⤵
  PID:8448
- C:\Windows\System\wwLDEvb.exe
  C:\Windows\System\wwLDEvb.exe
  2⤵
  PID:8464
- C:\Windows\System\MSBEhQk.exe
  C:\Windows\System\MSBEhQk.exe
  2⤵
  PID:8480
- C:\Windows\System\jaZjEsp.exe
  C:\Windows\System\jaZjEsp.exe
  2⤵
  PID:8496
- C:\Windows\System\HeBkMva.exe
  C:\Windows\System\HeBkMva.exe
  2⤵
  PID:8512
- C:\Windows\System\NsWkndt.exe
  C:\Windows\System\NsWkndt.exe
  2⤵
  PID:8528
- C:\Windows\System\IGHhNmP.exe
  C:\Windows\System\IGHhNmP.exe
  2⤵
  PID:8548
- C:\Windows\System\XsncFTc.exe
  C:\Windows\System\XsncFTc.exe
  2⤵
  PID:8564
- C:\Windows\System\yFIIDcX.exe
  C:\Windows\System\yFIIDcX.exe
  2⤵
  PID:8580
- C:\Windows\System\dJDkwqt.exe
  C:\Windows\System\dJDkwqt.exe
  2⤵
  PID:8596
- C:\Windows\System\VIAHiJB.exe
  C:\Windows\System\VIAHiJB.exe
  2⤵
  PID:8612
- C:\Windows\System\AUajgvQ.exe
  C:\Windows\System\AUajgvQ.exe
  2⤵
  PID:8628
- C:\Windows\System\YjoadOD.exe
  C:\Windows\System\YjoadOD.exe
  2⤵
  PID:8644
- C:\Windows\System\lhspsjF.exe
  C:\Windows\System\lhspsjF.exe
  2⤵
  PID:8680
- C:\Windows\System\SQxxtTB.exe
  C:\Windows\System\SQxxtTB.exe
  2⤵
  PID:8696
- C:\Windows\System\FEpSihi.exe
  C:\Windows\System\FEpSihi.exe
  2⤵
  PID:8712
- C:\Windows\System\LTbKHMw.exe
  C:\Windows\System\LTbKHMw.exe
  2⤵
  PID:8728
- C:\Windows\System\dfNdLpm.exe
  C:\Windows\System\dfNdLpm.exe
  2⤵
  PID:8748
- C:\Windows\System\kCvGQiy.exe
  C:\Windows\System\kCvGQiy.exe
  2⤵
  PID:8764
- C:\Windows\System\pwqnsGC.exe
  C:\Windows\System\pwqnsGC.exe
  2⤵
  PID:8780
- C:\Windows\System\kpLFAMN.exe
  C:\Windows\System\kpLFAMN.exe
  2⤵
  PID:8800
- C:\Windows\System\ZViRjYb.exe
  C:\Windows\System\ZViRjYb.exe
  2⤵
  PID:8816
- C:\Windows\System\LeHSlGB.exe
  C:\Windows\System\LeHSlGB.exe
  2⤵
  PID:8832
- C:\Windows\System\RMpbKdE.exe
  C:\Windows\System\RMpbKdE.exe
  2⤵
  PID:8848
- C:\Windows\System\VIrPAfg.exe
  C:\Windows\System\VIrPAfg.exe
  2⤵
  PID:8864
- C:\Windows\System\YOITLut.exe
  C:\Windows\System\YOITLut.exe
  2⤵
  PID:8888
- C:\Windows\System\sOoIEhp.exe
  C:\Windows\System\sOoIEhp.exe
  2⤵
  PID:8904
- C:\Windows\System\yVDNSEi.exe
  C:\Windows\System\yVDNSEi.exe
  2⤵
  PID:8920
- C:\Windows\System\mPmGHut.exe
  C:\Windows\System\mPmGHut.exe
  2⤵
  PID:8944
- C:\Windows\System\YhPnBnQ.exe
  C:\Windows\System\YhPnBnQ.exe
  2⤵
  PID:8960
- C:\Windows\System\Txfuhhx.exe
  C:\Windows\System\Txfuhhx.exe
  2⤵
  PID:8976
- C:\Windows\System\tgbeQYe.exe
  C:\Windows\System\tgbeQYe.exe
  2⤵
  PID:8996
- C:\Windows\System\shKQeMT.exe
  C:\Windows\System\shKQeMT.exe
  2⤵
  PID:9020
- C:\Windows\System\QUrXxJL.exe
  C:\Windows\System\QUrXxJL.exe
  2⤵
  PID:9040
- C:\Windows\System\yLKOurD.exe
  C:\Windows\System\yLKOurD.exe
  2⤵
  PID:9060
- C:\Windows\System\sosYBYP.exe
  C:\Windows\System\sosYBYP.exe
  2⤵
  PID:9080
- C:\Windows\System\ICmUwho.exe
  C:\Windows\System\ICmUwho.exe
  2⤵
  PID:9100
- C:\Windows\System\AqbcQMl.exe
  C:\Windows\System\AqbcQMl.exe
  2⤵
  PID:9116
- C:\Windows\System\jFaUsSF.exe
  C:\Windows\System\jFaUsSF.exe
  2⤵
  PID:9132
- C:\Windows\System\MgXFSSW.exe
  C:\Windows\System\MgXFSSW.exe
  2⤵
  PID:9148
- C:\Windows\System\sgVHtMg.exe
  C:\Windows\System\sgVHtMg.exe
  2⤵
  PID:9164
- C:\Windows\System\JwYnKTJ.exe
  C:\Windows\System\JwYnKTJ.exe
  2⤵
  PID:9184
- C:\Windows\System\jEILgvM.exe
  C:\Windows\System\jEILgvM.exe
  2⤵
  PID:9204
- C:\Windows\System\ngHXOHL.exe
  C:\Windows\System\ngHXOHL.exe
  2⤵
  PID:7420
- C:\Windows\System\cStTMSq.exe
  C:\Windows\System\cStTMSq.exe
  2⤵
  PID:8248
- C:\Windows\System\ARDIRkM.exe
  C:\Windows\System\ARDIRkM.exe
  2⤵
  PID:7724
- C:\Windows\System\dpIKxWh.exe
  C:\Windows\System\dpIKxWh.exe
  2⤵
  PID:8216
- C:\Windows\System\EOJELhJ.exe
  C:\Windows\System\EOJELhJ.exe
  2⤵
  PID:8296
- C:\Windows\System\yeAyUTt.exe
  C:\Windows\System\yeAyUTt.exe
  2⤵
  PID:8328
- C:\Windows\System\IQexDjm.exe
  C:\Windows\System\IQexDjm.exe
  2⤵
  PID:8380
- C:\Windows\System\uBwedOd.exe
  C:\Windows\System\uBwedOd.exe
  2⤵
  PID:8456
- C:\Windows\System\snlJsHS.exe
  C:\Windows\System\snlJsHS.exe
  2⤵
  PID:8440
- C:\Windows\System\tAAFZbF.exe
  C:\Windows\System\tAAFZbF.exe
  2⤵
  PID:8588
- C:\Windows\System\BtIqljq.exe
  C:\Windows\System\BtIqljq.exe
  2⤵
  PID:8576
- C:\Windows\System\cVbkvhN.exe
  C:\Windows\System\cVbkvhN.exe
  2⤵
  PID:8660
- C:\Windows\System\zImfzdx.exe
  C:\Windows\System\zImfzdx.exe
  2⤵
  PID:8688
- C:\Windows\System\JSnkjDW.exe
  C:\Windows\System\JSnkjDW.exe
  2⤵
  PID:8840
- C:\Windows\System\DfBgFJo.exe
  C:\Windows\System\DfBgFJo.exe
  2⤵
  PID:9004
- C:\Windows\System\iRfcVdM.exe
  C:\Windows\System\iRfcVdM.exe
  2⤵
  PID:8284
- C:\Windows\System\WCKekRB.exe
  C:\Windows\System\WCKekRB.exe
  2⤵
  PID:8664
- C:\Windows\System\lmyrCMU.exe
  C:\Windows\System\lmyrCMU.exe
  2⤵
  PID:8760
- C:\Windows\System\FjsUtvj.exe
  C:\Windows\System\FjsUtvj.exe
  2⤵
  PID:8992
- C:\Windows\System\qdQFhKt.exe
  C:\Windows\System\qdQFhKt.exe
  2⤵
  PID:9048
- C:\Windows\System\pZkdzjg.exe
  C:\Windows\System\pZkdzjg.exe
  2⤵
  PID:9068
- C:\Windows\System\lLnudOJ.exe
  C:\Windows\System\lLnudOJ.exe
  2⤵
  PID:9144
- C:\Windows\System\JqNmgSa.exe
  C:\Windows\System\JqNmgSa.exe
  2⤵
  PID:9128
- C:\Windows\System\OfpkOrH.exe
  C:\Windows\System\OfpkOrH.exe
  2⤵
  PID:9172
- C:\Windows\System\bRjzEXm.exe
  C:\Windows\System\bRjzEXm.exe
  2⤵
  PID:8200
- C:\Windows\System\ihMdffE.exe
  C:\Windows\System\ihMdffE.exe
  2⤵
  PID:9200
- C:\Windows\System\nixmKfi.exe
  C:\Windows\System\nixmKfi.exe
  2⤵
  PID:8232
- C:\Windows\System\iHysTOf.exe
  C:\Windows\System\iHysTOf.exe
  2⤵
  PID:7292
- C:\Windows\System\ZPZkVTb.exe
  C:\Windows\System\ZPZkVTb.exe
  2⤵
  PID:8316
- C:\Windows\System\SHQBCFM.exe
  C:\Windows\System\SHQBCFM.exe
  2⤵
  PID:8412
- C:\Windows\System\iflwLHG.exe
  C:\Windows\System\iflwLHG.exe
  2⤵
  PID:8492
- C:\Windows\System\DZxPDwD.exe
  C:\Windows\System\DZxPDwD.exe
  2⤵
  PID:8504
- C:\Windows\System\oYBeWeY.exe
  C:\Windows\System\oYBeWeY.exe
  2⤵
  PID:8536
- C:\Windows\System\CAktiQs.exe
  C:\Windows\System\CAktiQs.exe
  2⤵
  PID:8572
- C:\Windows\System\juBmAjS.exe
  C:\Windows\System\juBmAjS.exe
  2⤵
  PID:8608
- C:\Windows\System\abGHxlJ.exe
  C:\Windows\System\abGHxlJ.exe
  2⤵
  PID:8656
- C:\Windows\System\eLchhAU.exe
  C:\Windows\System\eLchhAU.exe
  2⤵
  PID:9076
- C:\Windows\System\WgJXSwm.exe
  C:\Windows\System\WgJXSwm.exe
  2⤵
  PID:8772
- C:\Windows\System\TMjJUaX.exe
  C:\Windows\System\TMjJUaX.exe
  2⤵
  PID:8884
- C:\Windows\System\QovtvmJ.exe
  C:\Windows\System\QovtvmJ.exe
  2⤵
  PID:8792
- C:\Windows\System\DoTvjoJ.exe
  C:\Windows\System\DoTvjoJ.exe
  2⤵
  PID:8912
- C:\Windows\System\aLIXyed.exe
  C:\Windows\System\aLIXyed.exe
  2⤵
  PID:8876
- C:\Windows\System\jAhmrgH.exe
  C:\Windows\System\jAhmrgH.exe
  2⤵
  PID:8896
- C:\Windows\System\whpJcPQ.exe
  C:\Windows\System\whpJcPQ.exe
  2⤵
  PID:8972
- C:\Windows\System\vfXKigv.exe
  C:\Windows\System\vfXKigv.exe
  2⤵
  PID:9036
- C:\Windows\System\OAjwoWO.exe
  C:\Windows\System\OAjwoWO.exe
  2⤵
  PID:9092
- C:\Windows\System\KmRILFu.exe
  C:\Windows\System\KmRILFu.exe
  2⤵
  PID:8264
- C:\Windows\System\WoIemnH.exe
  C:\Windows\System\WoIemnH.exe
  2⤵
  PID:8524
- C:\Windows\System\GbJEbUl.exe
  C:\Windows\System\GbJEbUl.exe
  2⤵
  PID:8556
- C:\Windows\System\YturOml.exe
  C:\Windows\System\YturOml.exe
  2⤵
  PID:9052
- C:\Windows\System\pOKdUhc.exe
  C:\Windows\System\pOKdUhc.exe
  2⤵
  PID:8708
- C:\Windows\System\mFKvEWj.exe
  C:\Windows\System\mFKvEWj.exe
  2⤵
  PID:8652
- C:\Windows\System\mwKBdCR.exe
  C:\Windows\System\mwKBdCR.exe
  2⤵
  PID:8880
- C:\Windows\System\NWRjnWa.exe
  C:\Windows\System\NWRjnWa.exe
  2⤵
  PID:7836
- C:\Windows\System\WvwLyyf.exe
  C:\Windows\System\WvwLyyf.exe
  2⤵
  PID:8604
- C:\Windows\System\ooMXUsh.exe
  C:\Windows\System\ooMXUsh.exe
  2⤵
  PID:8828
- C:\Windows\System\mqkBlgu.exe
  C:\Windows\System\mqkBlgu.exe
  2⤵
  PID:9180
- C:\Windows\System\qGgyYat.exe
  C:\Windows\System\qGgyYat.exe
  2⤵
  PID:8952
- C:\Windows\System\YHHByxj.exe
  C:\Windows\System\YHHByxj.exe
  2⤵
  PID:9032
- C:\Windows\System\qIJMghl.exe
  C:\Windows\System\qIJMghl.exe
  2⤵
  PID:8488
- C:\Windows\System\EZSNFdO.exe
  C:\Windows\System\EZSNFdO.exe
  2⤵
  PID:9140
- C:\Windows\System\LFCjYGk.exe
  C:\Windows\System\LFCjYGk.exe
  2⤵
  PID:8312
- C:\Windows\System\shfDGWB.exe
  C:\Windows\System\shfDGWB.exe
  2⤵
  PID:7356
- C:\Windows\System\fseagqv.exe
  C:\Windows\System\fseagqv.exe
  2⤵
  PID:8364
- C:\Windows\System\wVRoRNL.exe
  C:\Windows\System\wVRoRNL.exe
  2⤵
  PID:8916
- C:\Windows\System\UiGZpDk.exe
  C:\Windows\System\UiGZpDk.exe
  2⤵
  PID:8636
- C:\Windows\System\yIjquig.exe
  C:\Windows\System\yIjquig.exe
  2⤵
  PID:8956
- C:\Windows\System\kLaQtIX.exe
  C:\Windows\System\kLaQtIX.exe
  2⤵
  PID:8360
- C:\Windows\System\UZCBLiG.exe
  C:\Windows\System\UZCBLiG.exe
  2⤵
  PID:9228
- C:\Windows\System\TpNxkSI.exe
  C:\Windows\System\TpNxkSI.exe
  2⤵
  PID:9244
- C:\Windows\System\LvQvean.exe
  C:\Windows\System\LvQvean.exe
  2⤵
  PID:9260
- C:\Windows\System\dTijFcw.exe
  C:\Windows\System\dTijFcw.exe
  2⤵
  PID:9276
- C:\Windows\System\RWDQfmX.exe
  C:\Windows\System\RWDQfmX.exe
  2⤵
  PID:9292
- C:\Windows\System\XLooIvw.exe
  C:\Windows\System\XLooIvw.exe
  2⤵
  PID:9308
- C:\Windows\System\ZqHOAvE.exe
  C:\Windows\System\ZqHOAvE.exe
  2⤵
  PID:9324
- C:\Windows\System\zRogrUQ.exe
  C:\Windows\System\zRogrUQ.exe
  2⤵
  PID:9344
- C:\Windows\System\rWwdDDl.exe
  C:\Windows\System\rWwdDDl.exe
  2⤵
  PID:9360
- C:\Windows\System\JSXWbqG.exe
  C:\Windows\System\JSXWbqG.exe
  2⤵
  PID:9376
- C:\Windows\System\Ajksphz.exe
  C:\Windows\System\Ajksphz.exe
  2⤵
  PID:9392
- C:\Windows\System\GlPiWTz.exe
  C:\Windows\System\GlPiWTz.exe
  2⤵
  PID:9408
- C:\Windows\System\uCTPwcx.exe
  C:\Windows\System\uCTPwcx.exe
  2⤵
  PID:9424
- C:\Windows\System\RSRDncK.exe
  C:\Windows\System\RSRDncK.exe
  2⤵
  PID:9440
- C:\Windows\System\KkyzlXe.exe
  C:\Windows\System\KkyzlXe.exe
  2⤵
  PID:9456
- C:\Windows\System\DUUSdAd.exe
  C:\Windows\System\DUUSdAd.exe
  2⤵
  PID:9472
- C:\Windows\System\SNqOYnG.exe
  C:\Windows\System\SNqOYnG.exe
  2⤵
  PID:9488
- C:\Windows\System\LOBvMeJ.exe
  C:\Windows\System\LOBvMeJ.exe
  2⤵
  PID:9504
- C:\Windows\System\IeZAPxi.exe
  C:\Windows\System\IeZAPxi.exe
  2⤵
  PID:9520
- C:\Windows\System\oEByZOE.exe
  C:\Windows\System\oEByZOE.exe
  2⤵
  PID:9536
- C:\Windows\System\TztMYHY.exe
  C:\Windows\System\TztMYHY.exe
  2⤵
  PID:9552
- C:\Windows\System\MZRonqI.exe
  C:\Windows\System\MZRonqI.exe
  2⤵
  PID:9568
- C:\Windows\System\RaNvYEZ.exe
  C:\Windows\System\RaNvYEZ.exe
  2⤵
  PID:9584
- C:\Windows\System\OfTaxsw.exe
  C:\Windows\System\OfTaxsw.exe
  2⤵
  PID:9600
- C:\Windows\System\qCsTXON.exe
  C:\Windows\System\qCsTXON.exe
  2⤵
  PID:9620
- C:\Windows\System\YpyKpjf.exe
  C:\Windows\System\YpyKpjf.exe
  2⤵
  PID:10036
- C:\Windows\System\kYloWOU.exe
  C:\Windows\System\kYloWOU.exe
  2⤵
  PID:10052
- C:\Windows\System\EQrxerM.exe
  C:\Windows\System\EQrxerM.exe
  2⤵
  PID:10072
- C:\Windows\System\ebrhzft.exe
  C:\Windows\System\ebrhzft.exe
  2⤵
  PID:10088
- C:\Windows\System\MHNemoX.exe
  C:\Windows\System\MHNemoX.exe
  2⤵
  PID:10112
- C:\Windows\System\ZNHRdvt.exe
  C:\Windows\System\ZNHRdvt.exe
  2⤵
  PID:10144
- C:\Windows\System\oBlMpoJ.exe
  C:\Windows\System\oBlMpoJ.exe
  2⤵
  PID:10160
- C:\Windows\System\azjvmWw.exe
  C:\Windows\System\azjvmWw.exe
  2⤵
  PID:10176
- C:\Windows\System\zFCsoti.exe
  C:\Windows\System\zFCsoti.exe
  2⤵
  PID:10196
- C:\Windows\System\vNRipsE.exe
  C:\Windows\System\vNRipsE.exe
  2⤵
  PID:10212
- C:\Windows\System\KvcXLIP.exe
  C:\Windows\System\KvcXLIP.exe
  2⤵
  PID:9212
- C:\Windows\System\eGSeOoh.exe
  C:\Windows\System\eGSeOoh.exe
  2⤵
  PID:9268
- C:\Windows\System\vLTIKrf.exe
  C:\Windows\System\vLTIKrf.exe
  2⤵
  PID:9388
- C:\Windows\System\FPQowAy.exe
  C:\Windows\System\FPQowAy.exe
  2⤵
  PID:9304
- C:\Windows\System\smprplb.exe
  C:\Windows\System\smprplb.exe
  2⤵
  PID:9532
- C:\Windows\System\MXZoZaM.exe
  C:\Windows\System\MXZoZaM.exe
  2⤵
  PID:9548
- C:\Windows\System\BUhmkho.exe
  C:\Windows\System\BUhmkho.exe
  2⤵
  PID:9616
- C:\Windows\System\VqldXhE.exe
  C:\Windows\System\VqldXhE.exe
  2⤵
  PID:9636
- C:\Windows\System\ILBbhlH.exe
  C:\Windows\System\ILBbhlH.exe
  2⤵
  PID:9672
- C:\Windows\System\DjlzhZB.exe
  C:\Windows\System\DjlzhZB.exe
  2⤵
  PID:9684
- C:\Windows\System\WcWeGeg.exe
  C:\Windows\System\WcWeGeg.exe
  2⤵
  PID:9720
- C:\Windows\System\SMiyBiS.exe
  C:\Windows\System\SMiyBiS.exe
  2⤵
  PID:9732
- C:\Windows\System\OEOcnFF.exe
  C:\Windows\System\OEOcnFF.exe
  2⤵
  PID:9748
- C:\Windows\System\fRGyrIK.exe
  C:\Windows\System\fRGyrIK.exe
  2⤵
  PID:9768
- C:\Windows\System\jSWGPZX.exe
  C:\Windows\System\jSWGPZX.exe
  2⤵
  PID:9792
- C:\Windows\System\dagATQn.exe
  C:\Windows\System\dagATQn.exe
  2⤵
  PID:9808
- C:\Windows\System\yHLiMJh.exe
  C:\Windows\System\yHLiMJh.exe
  2⤵
  PID:2532
- C:\Windows\System\SPaKRtK.exe
  C:\Windows\System\SPaKRtK.exe
  2⤵
  PID:2128
- C:\Windows\System\czCqhrY.exe
  C:\Windows\System\czCqhrY.exe
  2⤵
  PID:2712
- C:\Windows\System\XdnYyKk.exe
  C:\Windows\System\XdnYyKk.exe
  2⤵
  PID:2528
- C:\Windows\System\nRmlYBe.exe
  C:\Windows\System\nRmlYBe.exe
  2⤵
  PID:9836
- C:\Windows\System\brZXdYK.exe
  C:\Windows\System\brZXdYK.exe
  2⤵
  PID:9820
- C:\Windows\System\AKhYHRJ.exe
  C:\Windows\System\AKhYHRJ.exe
  2⤵
  PID:9856
- C:\Windows\System\SCgrFlV.exe
  C:\Windows\System\SCgrFlV.exe
  2⤵
  PID:9872
- C:\Windows\System\GhcHhkl.exe
  C:\Windows\System\GhcHhkl.exe
  2⤵
  PID:9888
- C:\Windows\System\WtGFkIk.exe
  C:\Windows\System\WtGFkIk.exe
  2⤵
  PID:9904
- C:\Windows\System\DQXYjvk.exe
  C:\Windows\System\DQXYjvk.exe
  2⤵
  PID:9920
- C:\Windows\System\QnTutHX.exe
  C:\Windows\System\QnTutHX.exe
  2⤵
  PID:9936
- C:\Windows\System\spbdJky.exe
  C:\Windows\System\spbdJky.exe
  2⤵
  PID:9952
- C:\Windows\System\gNQAhli.exe
  C:\Windows\System\gNQAhli.exe
  2⤵
  PID:9968
- C:\Windows\System\ZjOUgRP.exe
  C:\Windows\System\ZjOUgRP.exe
  2⤵
  PID:9988
- C:\Windows\System\QVVCZuA.exe
  C:\Windows\System\QVVCZuA.exe
  2⤵
  PID:10004
- C:\Windows\System\MbdiusJ.exe
  C:\Windows\System\MbdiusJ.exe
  2⤵
  PID:10024
- C:\Windows\System\XkbUKuR.exe
  C:\Windows\System\XkbUKuR.exe
  2⤵
  PID:10064
- C:\Windows\System\kbYCgpe.exe
  C:\Windows\System\kbYCgpe.exe
  2⤵
  PID:2456
- C:\Windows\System\okvcEPA.exe
  C:\Windows\System\okvcEPA.exe
  2⤵
  PID:10168
- C:\Windows\System\LIwFzlI.exe
  C:\Windows\System\LIwFzlI.exe
  2⤵
  PID:10120
- C:\Windows\System\SRrqEoY.exe
  C:\Windows\System\SRrqEoY.exe
  2⤵
  PID:10152
- C:\Windows\System\iWfQLjj.exe
  C:\Windows\System\iWfQLjj.exe
  2⤵
  PID:10232
- C:\Windows\System\xCRVRCX.exe
  C:\Windows\System\xCRVRCX.exe
  2⤵
  PID:8476
- C:\Windows\System\ZbBuQdB.exe
  C:\Windows\System\ZbBuQdB.exe
  2⤵
  PID:9220
- C:\Windows\System\AAHxzHB.exe
  C:\Windows\System\AAHxzHB.exe
  2⤵
  PID:8392
- C:\Windows\System\QkKFGzC.exe
  C:\Windows\System\QkKFGzC.exe
  2⤵
  PID:8968
- C:\Windows\System\HbQJnmj.exe
  C:\Windows\System\HbQJnmj.exe
  2⤵
  PID:9320
- C:\Windows\System\KvOTLDm.exe
  C:\Windows\System\KvOTLDm.exe
  2⤵
  PID:9340
- C:\Windows\System\HzIAweb.exe
  C:\Windows\System\HzIAweb.exe
  2⤵
  PID:9404
- C:\Windows\System\SbioikS.exe
  C:\Windows\System\SbioikS.exe
  2⤵
  PID:9468
- C:\Windows\System\ICxbhiG.exe
  C:\Windows\System\ICxbhiG.exe
  2⤵
  PID:9496
- C:\Windows\System\avyiWoU.exe
  C:\Windows\System\avyiWoU.exe
  2⤵
  PID:8932
- C:\Windows\System\eHddoxm.exe
  C:\Windows\System\eHddoxm.exe
  2⤵
  PID:9544
- C:\Windows\System\SHBFxUq.exe
  C:\Windows\System\SHBFxUq.exe
  2⤵
  PID:9676
- C:\Windows\System\OSmKKUr.exe
  C:\Windows\System\OSmKKUr.exe
  2⤵
  PID:9660
- C:\Windows\System\wqHtXbV.exe
  C:\Windows\System\wqHtXbV.exe
  2⤵
  PID:9700
- C:\Windows\System\rrQkTcB.exe
  C:\Windows\System\rrQkTcB.exe
  2⤵
  PID:9724
- C:\Windows\System\klLbQjO.exe
  C:\Windows\System\klLbQjO.exe
  2⤵
  PID:9764
- C:\Windows\System\pMMchGK.exe
  C:\Windows\System\pMMchGK.exe
  2⤵
  PID:2392
- C:\Windows\System\hYJxeNb.exe
  C:\Windows\System\hYJxeNb.exe
  2⤵
  PID:9780
- C:\Windows\System\pxLMEtC.exe
  C:\Windows\System\pxLMEtC.exe
  2⤵
  PID:9868
- C:\Windows\System\FnjgLwJ.exe
  C:\Windows\System\FnjgLwJ.exe
  2⤵
  PID:9896
- C:\Windows\System\itOGZWH.exe
  C:\Windows\System\itOGZWH.exe
  2⤵
  PID:9960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BNekmWl.exe

Filesize
6.0MB

MD5
30df5cd51621d8f6cc15ffa9bca47710

SHA1
3a13747b7ba333d8e7e452adb2e9e65f21c4e1c9

SHA256
54688a42dc5ef95afe0a10cf25adf44543461d829ec36b253376f1ae1d066654

SHA512
15536d82529fc8c57bee475fec9ea002459564e9ed7d85ddc96aad1bbd8b6e8404de0ef2f2dfda1d8eed07178f7ec8fb3c5cb07f0df868efb317993ffc579267

Download Submit
C:\Windows\system\BlUWuaH.exe

Filesize
6.0MB

MD5
f2910b5388bee4c4096da359c93a6339

SHA1
28a53b3cd6fd4c9abba0b4a0bbb01b08bc0fd0ce

SHA256
3ce9e6f32d96a6d464933c8bc966ee7eb7ac194b828ab22dc0b64c56a4ca02c7

SHA512
bf9f392fef9507d5a0068fcd2528a7481ebb6d2eff5ae1ff02de1922b94bab2267feffb3b24e11fdade15e23e24e6f75c84217b306d54c96d190e2f35290d5a4

Download Submit
C:\Windows\system\CVFQKHf.exe

Filesize
6.0MB

MD5
9a7a260bfde88675b8b59e8e2071bc62

SHA1
f75e9b12b368cb47ec89c98fcdc91c56eecd6a49

SHA256
6132a85fac9d943c4a2f4739b7f89c10c437237404acf44acc6c37d455fb33bf

SHA512
a69225fbc4e83bc93f9c583dc909c841b5a666dd0fcbcdb41a906dfad2c510143c7cbb9ffef6b8200cc1ee49f8617ed8425197afed1a675ae7eb87d493f3e7af

Download Submit
C:\Windows\system\IAwPRRG.exe

Filesize
6.0MB

MD5
2ebdbbc839c22b6d1f69d6572c74e3e0

SHA1
0cdee29b71ffc0e3220f49fbb7da915a6f1fe337

SHA256
241bb0255360fb425191f927b86e32903f90b7224f808f4208763cf2c1cf968f

SHA512
8c72609f56a45dbf288be14a6cb0282d0babd70332f2946e7f51fcdfaee210cac1dcf930c48c6b2c4db5260c9c2ddcfb3d87f00f2d94efa05b6c9251ac887c0b

Download Submit
C:\Windows\system\JQMwBjJ.exe

Filesize
6.0MB

MD5
49ea354164b1968f787f751b975413c1

SHA1
41f69e37bd87f6e041adbb90c5cb9c7e6e424e22

SHA256
bdb9dbe4b6ab693597f7504d867915ad06c63c17dd7e641daa5c9710dc98e35d

SHA512
3be35e522a346b194176100cfb919b52217645857099395a9fb0724ccffb845ca863330874f4559fd9d1e93b5a9643487e94901c02e78b273140e23c93d52728

Download Submit
C:\Windows\system\JiClKLC.exe

Filesize
6.0MB

MD5
fe01295b09f103b11c5d1b1aba6a0c95

SHA1
1cecb2c0e6f8d7d86bc26544f7a1f50854180b62

SHA256
80b36c0cbe9062053b641a8e80251463dd392214775a458a8b1b478580223fe2

SHA512
2475036426a95780df87900422ea0ff31361ca3c0883132d8e28b92e083e64a8aab60181c6bdea1974e63c70bddb8339da7700fe2a51fcb66609a1fe60f11b3e

Download Submit
C:\Windows\system\KVYEoZK.exe

Filesize
6.0MB

MD5
7cf4ea82aed2ea9c6b707ed90d9a2cce

SHA1
11d0d9961311a8314fb6b2ac3c1bcea7fe00d236

SHA256
eba4a48f03fafda66e9cab1c879a543966e0a5d211ad54a20daa61dc68c1362a

SHA512
2753aaeb633a9a394047dc133a6a26293a07e7bbec8bd732bee3f88bb10c53e0e512d651e8e5e517816e478e93954e1cbedb9dabca33a5dce7add22ad0649017

Download Submit
C:\Windows\system\NXgKYjg.exe

Filesize
6.0MB

MD5
c5b0ee2d5a230e68330ee26c131b3f02

SHA1
234df2242c44689cb4c535d008f47fd7e60cd1d7

SHA256
744f71d6932c0194877285cc7e26d98b48a2008afcf1bb1f94862859407b74f1

SHA512
8c41d67fa10d6b96553b3dc7f08fa1239c5e0ad53484e33c407347837aecb8325438d55a57a0d190c784f4c9c0eb2ad228cd48a75a468685e1b9e4caf8bbfb67

Download Submit
C:\Windows\system\NeMAGsp.exe

Filesize
6.0MB

MD5
0c2fa464861f17fa27e742d254f4b9d1

SHA1
3469dc8c4dd6dc3fa2a7749460e11b7e3cdb7dcd

SHA256
b1a3b57ff4c9e48af66447805126e6498cac17279033651e7d956143f35c3fb1

SHA512
28e8d312504cf1ccaaaed6ea6d6ecc9c93c693653d55f815c64dcf8111662dc7d6969291df25366d022991364d3a090254848ab862ceb39bbfe701e34d5a7312

Download Submit
C:\Windows\system\OQCPnXV.exe

Filesize
6.0MB

MD5
4b0eaaba128b1db2f231bb76da86c794

SHA1
482f586edbcd1b16cf4262240ecec93506a84479

SHA256
68a4d84b665ee2b8e3dfa5fbbf70b4fecba6b69dc27c6a205c72bae215354377

SHA512
b54b0c96af7b0c8243c976b1355a5a29ebe309dd60fa8226b616f2388b8de0784551f750943a7a1ea2ebd6c11126f55bb0489353d40de1cffd1b1a8a47c977bd

Download Submit
C:\Windows\system\PgqaqUY.exe

Filesize
6.0MB

MD5
d2c7807da92ea5e64165f748910b3a72

SHA1
dde3617a5673e7d059caf24e5a8e758dfa2a0371

SHA256
b8c5486cd43840c7cb2de44ac0ae997bd3e003b92d1c894ebc1baa52b62b6af5

SHA512
83ebe5f56e3d3a5317415b8a0b3ca938c2d0c00c321ed1dae889bb7e820ae9f0459f7a3eff02a754751ac1fd912c98f84ece4c689dffb93d5daf59ff65d351bb

Download Submit
C:\Windows\system\UhsuAnz.exe

Filesize
6.0MB

MD5
2a4981780912bb5288c5d3fdf8edf9aa

SHA1
c51366925dc2e81d420728ca8fed393b34b2d3ca

SHA256
90b6318c781b0430b52229ded53871a50824bbd11c66ff0bc03d80bbb9b95a90

SHA512
6d7e1a67614c407788d08344f787a1dad0965092cc37117c5dfc9123bf5cabf8c1b3d731142da5c837ded4734a1af52ffd5662454e1b553d8551710958c630fa

Download Submit
C:\Windows\system\UuQsShc.exe

Filesize
6.0MB

MD5
d62b9be3fdbf6055d585c6910772cec3

SHA1
1fbf1fa987193cfdc45a8cf77878bd883faaf92e

SHA256
892028c2d92b4d3dc4263a8cfc870443e4de8ff21471d41b4debf688da5e63ca

SHA512
1193adc30988422fab9c7dd49457916ba4721e6345cde8c66af9a1aba12c95d3dae4d2f40393a8e545c4a765b9148c91ac70f783de85e287ba68d88b0ae4fde3

Download Submit
C:\Windows\system\VSZzvDm.exe

Filesize
6.0MB

MD5
f49a4ab298eca43dcb71d2bee805669e

SHA1
5372c96511098264df26c73cec8a8edf4d73de03

SHA256
94900fc7dfa08e70223b877edb882ed1a38239ed13456433e9f7f17455ab60c1

SHA512
f2e5d39c1cd00a48f6f66c62967e697a5804e21fa4bff04b7cd16d6598ac7bcb8c84eed517a912398f9304fac2ce538132eb57267e7f68190907f4c2d0afcc35

Download Submit
C:\Windows\system\VwSStth.exe

Filesize
6.0MB

MD5
00c2b0e5e44a8041f36eef85b8f506ed

SHA1
f6fe9f8ab305b9ccfd8f7351f0658a6fa2bb9a1a

SHA256
436eab5d1c3b24ac84c898920a4de2634a7d9fa3bc1b33630725675a7b2b5cc2

SHA512
91df15584e1d0fc134c8bfc713bd464b932af09ecd56c7579a571eae08128d27e600536011ec7fb9eab74a0080b2e9871f970b2b40e4ecf23dff8f9dfe217870

Download Submit
C:\Windows\system\WNWyXxX.exe

Filesize
6.0MB

MD5
257cf43bb63be38aa8f92bba91353bec

SHA1
396d06fb8be8e1f9d603a9ba1c6c62d4f9a63511

SHA256
a3b4a37587891d3277bafc074113e37aa1dd4807277a242bf7e3f5a67efd4ac7

SHA512
281aef93f8dca4d10e51bf1df6ad9ac67b0fce130c48b02818504f75c1d665b9e5825b659077c90b6960f35debf6e15a6813ce10178189d6948520e44b180b81

Download Submit
C:\Windows\system\WVefozC.exe

Filesize
6.0MB

MD5
bace812dc9cfcaa3bccee0ed3150aa4b

SHA1
6cf61c61a57a392ef04177422a46b7483cbaffde

SHA256
7b093a9efd85538f62468715876b553efb411d7998fca1fd503c8d99b00de37d

SHA512
81103ad0a8a5054ad2a3b61d9c73e0b196a7e16c3ccde848fb01dbbb0cb4ce2eaa78d320245e4b6645d9df329ace63078509a131eeaa4aa05d7a23bf13e33a37

Download Submit
C:\Windows\system\YsYABes.exe

Filesize
6.0MB

MD5
d4b3df7991b63dfd2ae12a6ed4c83b60

SHA1
78832382b3a3016e40c16182b689783cf1cf7646

SHA256
796ddfa1eadfd4a1b9bbd3793fba3420312427417b0b0bdb551ea6c2b0a8f74a

SHA512
27a17a41a6c434b6bca143e1bd46a1d7783588c7f4b6ccaf17099119c7197c8dc25dacc1180714b99710a20b59d6a90a4f91a846c6322971f85d57438f6aff92

Download Submit
C:\Windows\system\ZLxXEWO.exe

Filesize
6.0MB

MD5
a66be8c21d3c86486167ce2898ba899c

SHA1
ca228818e7af744cd21c4d851ab7f97225ca3cd2

SHA256
b4c9d4ee8146043ac5aa315b470162ca875e870585f0afb7cbbca2e812fd9e5e

SHA512
e2493798689e7aa546e69ff5b89d19581a38a842188d75e568057da4c7c77ce58c2c791c356a2f4a4b51ae04c7cdb158bd05832483965d30cbffda9a4c7888a1

Download Submit
C:\Windows\system\ZuDvVtd.exe

Filesize
6.0MB

MD5
96f95492b81a23bb7400604e7148ee7f

SHA1
b98b44f029bd1ff5c9ed5409e16d59991f582624

SHA256
649d71e1b72c9ed8493692dd7b9dd4e97919b0f6365aafee887d40d0b522391a

SHA512
6238662e2bae22e1ed6393de9ac0392a53b8159771340770e9e9ae39f91c1e2e187c579466353563bc26643900d9ca42e4eeadb65fb900b2cbd6067fc76dcd7f

Download Submit
C:\Windows\system\cDnErbv.exe

Filesize
6.0MB

MD5
d61d733fa6553857ef13b7d60dadef07

SHA1
d77950212a0144f43740140ec1cdcf141626db04

SHA256
a7a13e1d03f5c187f4414ed74040d634d1423b485f8e91ac7dec4d15365f78fd

SHA512
44cdeabe550700e28500b0afd6f5c119f9fa85871337b32ee82d2b5e54b24b4e7a549eb120f349380f1a2a7e4d05b3674f5c7c281a6dc85402abc73c1ac242db

Download Submit
C:\Windows\system\dtWprxe.exe

Filesize
6.0MB

MD5
24ef69d2082b2984c6a7b2773d038f29

SHA1
fcf5799f8aea9c3c6b3abf482980800f405bb062

SHA256
c328e145bb88cbf3bb1c4fd95acbd0a2a8b900cc90864385a78a9b0a991281d5

SHA512
482540be76970a66a38c3945cf19a31059593c698e4b99f6991621f974f0218ca00a7bd5cb7f50692247d6d8067811976f73b34148347a1249f792775be269f3

Download Submit
C:\Windows\system\fEvyJZa.exe

Filesize
6.0MB

MD5
87f4beca656c80a3f0355b04f9b703aa

SHA1
e57b9a6a35eae337f91960a5b3577d959355faec

SHA256
cc3569dc662b563081e134fce3fa47006fcd613670938615c320b664ef9c3aca

SHA512
3e8d6ba891e057765903b5fb53df72cb8d84517ffdc13fdf5a262344161d312446fb910a319f02f12b70e2e3bdc1a08bbb318848d8a756d534e2732df2eab811

Download Submit
C:\Windows\system\gpMFfCS.exe

Filesize
6.0MB

MD5
b386ff84089a0cd530f700915a336773

SHA1
633426d2c792132f5641bc6dc56da830556e7978

SHA256
4ddeafb9e48d8d34bff729a8933d7713b70e2fbda717875f5ea29e468feebe12

SHA512
7f864056ab2122b9d37d00b7c4240842c41f14320103d6ed6c8b17ebab6e6d5f0ba6a9532216ad633ccfd6784317b9951a51c42523ffe66ec7c5a89e264087c5

Download Submit
C:\Windows\system\mBZlPzM.exe

Filesize
6.0MB

MD5
107be92a6ce3d0bf8f0bb852d21f065a

SHA1
396f8021e8f739dbd4bee5e3d4626c3f3083d505

SHA256
817ac5f6524a19f0237bc32401f1ff88b61bc4a001a4c624ab83fe073a02f292

SHA512
403f4cb3d8d5cff90d6ff9fa38cb781fbcb4127f13cb54e2402c322408abc0a39993f0ac257cac39d06d1dd257b74a473b6ef245f35224be82b6a458311319e1

Download Submit
C:\Windows\system\nGiZPgO.exe

Filesize
6.0MB

MD5
e6ff5b18df2520f0d85511262fdda456

SHA1
a2e18894add6d12f6374c8c8e488e636a48cb708

SHA256
8eac1bc6ee0c5e9e761a3614742a7865d2618c65c305219c1a6e1e5d1ec46e89

SHA512
1eee68364fd1600d072e8a9e91bd3864d938423da4dfd783cdbe2d0ebae5f65575343e392cf99bf1fbc232e2b772d227edcac48ef71811e0182ce19255dae643

Download Submit
C:\Windows\system\tjNhCKl.exe

Filesize
6.0MB

MD5
0e539c0adef1793d04e789a7901eb7fd

SHA1
f1d8867977b0450d136cba51aefa45e817f7f3b4

SHA256
3336a8b64c86abe9cfc325f7352309490216a7ce2b5d242640980b65c96355bf

SHA512
cfdea9bcf07ca24e526938c1e96ef05670e5fcdc55edf9ccea6854752e20822b3374f6abb5011bc59cd2a87b4895efa4c771d331ea73be499aaed1cc24036cd1

Download Submit
C:\Windows\system\vGGbvnn.exe

Filesize
6.0MB

MD5
2eaa9405cc34c43942d87d5cf0548764

SHA1
6e7121e0ef217a75992a3b892667d9e8af486057

SHA256
bde9339542a0d38769dc745875e56f8a2849bfa3f2cac04757fdf493e2c2930d

SHA512
f25415d2f230f7e50e6e5fa857b7b1d0abfbf19bf3022b4891ef745fd328e53dcb2d55afc2127edd63dca98c6f1f5dbed9f4d9e945b06ad3ced6b76efae994f2

Download Submit
C:\Windows\system\vmUtlYT.exe

Filesize
6.0MB

MD5
46343bb5e7fd82225e7f30607d1a36d3

SHA1
336763340c4000e12fbc126224af3533d36c0652

SHA256
2c69897f23282c451b6a8ef46c86912f7a3aa8a4fe5bb03c472763b61717d64d

SHA512
db884ccd3c230e3bb2351c3dd84796964aaf5f90e8d8fac125b47ec12e0a70347f6e1d7fa2e4410c97facac6d4572f06bcdbcd3c26f9047739557a8062ebedd4

Download Submit
C:\Windows\system\zjjNonJ.exe

Filesize
6.0MB

MD5
77a0188513891b1862db99a14f73714e

SHA1
a22c3d75464349f2921ac3de876b59b56aa27bd6

SHA256
209e3a84c337c567db1798329c2512ef7a10262729e9636c09d6695054f852d0

SHA512
c7bb03fb97bda9f633807dd80ad5fd2e536ef17fbc6061f1d39b62a26237a62d9a5ffdbdf661a5b5c66aa8375fb4da6913d9bcd328bc4d569516d96eae54af6a

Download Submit
\Windows\system\HFKCWcC.exe

Filesize
6.0MB

MD5
88b6f192f19417e38cd2ea59637c8207

SHA1
88c041c6fac486498391fe6efc7d51b92428fedd

SHA256
a3adb46d48fd585225e04f1cd16621a4cb32ec04040b41e33a7d0dffc2998b88

SHA512
0c677111c4a8f3b9da5025a68adb78fce3ba39304f77a6e9611fc28f5e6ba3cc014bd2d336d5e9d4db062b1cd63d76984b347cf32510de842bae15e9cd302f55

Download Submit
\Windows\system\rigKgQi.exe

Filesize
6.0MB

MD5
1822b73a1e6c329a2185bc531f1fd99f

SHA1
b8f5f94e25572d6e5f7412cba71175d4dec48279

SHA256
9eafffaab7cab816245b1cd739846a78b1364f52ad6aa671fb8e6ccfc83a5b9f

SHA512
a14ce5318809f1bae07afde9be90c9c246f5a8898c955f9ce8d36c08156019c3baee5963b6adf655fd377d5a4a6e3a443fe110b61c4ba9e8851a29d548ca4d47

Download Submit
memory/1700-1605-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/1700-23-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2016-20-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2016-1606-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-4001-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2084-89-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2264-59-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2264-3962-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2352-75-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-314-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-90-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-0-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2352-74-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2352-17-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-71-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-19-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-82-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-95-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2352-117-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-58-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-88-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-52-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-51-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/2352-223-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-21-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-45-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-371-0x000000013FC00000-0x000000013FF54000-memory.dmp

Filesize
3.3MB

Download
memory/2352-348-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-115-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2352-25-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-34-0x00000000024C0000-0x0000000002814000-memory.dmp

Filesize
3.3MB

Download
memory/2396-83-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3961-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-73-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3960-0x000000013F470000-0x000000013F7C4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-53-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2668-4017-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2676-77-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2676-4000-0x000000013F4B0000-0x000000013F804000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3999-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-72-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-3818-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2788-29-0x000000013F9A0000-0x000000013FCF4000-memory.dmp

Filesize
3.3MB

Download
memory/2848-35-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2848-3959-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3958-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2876-46-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2932-1607-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-22-0x000000013F150000-0x000000013F4A4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-3819-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download
memory/3044-40-0x000000013F0B0000-0x000000013F404000-memory.dmp

Filesize
3.3MB

Download