cobaltstrike | 789a120f78d99392785c85b3c3ae75523a6cb9f3245d2342097ef68bf622a2fa

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-10-2024 20:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

81815d6985f20cba1b07f9195e1517b4
SHA1

f4e010235da25d0521a47173e9a63c96cffee7f4
SHA256

789a120f78d99392785c85b3c3ae75523a6cb9f3245d2342097ef68bf622a2fa
SHA512

cbe844983bbe1367ad27a995ada69ec1a695f2ba8267ed900cb1a5ee34d4bdb218713e963e99a19a04ab4f4b9d0229e0fd8b372d3ba11668ad806f4cc20793a3
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike strela xmrig 0 backdoor miner persistence privilege_escalation stealer trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000a000000012250-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d27-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d30-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d40-16.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d54-26.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016daf-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dc1-40.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d9-65.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960a-70.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-81.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960e-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019610-91.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019612-95.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019614-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001966c-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196e8-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c36-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d20-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c53-155.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3a-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c38-146.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001997c-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196ac-125.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001962a-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019618-110.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019616-105.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019537-60.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f3-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194bd-50.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-45.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016da6-30.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike

Detects Strela Stealer payload 1 IoCs

resource	yara_rule
behavioral1/memory/2756-1748-0x000000013F860000-0x000000013FBB4000-memory.dmp	family_strela

Strela family
strela
Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
stealer strela
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 61 IoCs

miner

resource	yara_rule
behavioral1/memory/2756-0-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/files/0x000a000000012250-6.dat	xmrig
behavioral1/files/0x0008000000016d27-8.dat	xmrig
behavioral1/files/0x0008000000016d30-12.dat	xmrig
behavioral1/files/0x0007000000016d40-16.dat	xmrig
behavioral1/files/0x0007000000016d54-26.dat	xmrig
behavioral1/files/0x0008000000016daf-36.dat	xmrig
behavioral1/files/0x0008000000016dc1-40.dat	xmrig
behavioral1/files/0x00050000000195d9-65.dat	xmrig
behavioral1/files/0x000500000001960a-70.dat	xmrig
behavioral1/files/0x000500000001960d-81.dat	xmrig
behavioral1/files/0x000500000001960e-85.dat	xmrig
behavioral1/files/0x0005000000019610-91.dat	xmrig
behavioral1/files/0x0005000000019612-95.dat	xmrig
behavioral1/files/0x0005000000019614-101.dat	xmrig
behavioral1/files/0x000500000001966c-120.dat	xmrig
behavioral1/files/0x00050000000196e8-130.dat	xmrig
behavioral1/files/0x0005000000019c36-140.dat	xmrig
behavioral1/memory/3000-528-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2756-1468-0x000000013FC70000-0x000000013FFC4000-memory.dmp	xmrig
behavioral1/memory/2084-526-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/1276-521-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/1348-518-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/1304-516-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/448-514-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2368-512-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2628-510-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2564-508-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2604-506-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2692-504-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/memory/2652-502-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2996-500-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2744-498-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d20-160.dat	xmrig
behavioral1/files/0x0005000000019c53-155.dat	xmrig
behavioral1/files/0x0005000000019c3a-150.dat	xmrig
behavioral1/files/0x0005000000019c38-146.dat	xmrig
behavioral1/files/0x000500000001997c-135.dat	xmrig
behavioral1/files/0x00050000000196ac-125.dat	xmrig
behavioral1/files/0x000500000001962a-115.dat	xmrig
behavioral1/files/0x0005000000019618-110.dat	xmrig
behavioral1/files/0x0005000000019616-105.dat	xmrig
behavioral1/files/0x000500000001960c-76.dat	xmrig
behavioral1/files/0x0005000000019537-60.dat	xmrig
behavioral1/files/0x00050000000194f3-55.dat	xmrig
behavioral1/files/0x00050000000194bd-50.dat	xmrig
behavioral1/files/0x0005000000019441-45.dat	xmrig
behavioral1/files/0x0007000000016da6-30.dat	xmrig
behavioral1/memory/448-3985-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1348-3986-0x000000013FE90000-0x00000001401E4000-memory.dmp	xmrig
behavioral1/memory/3000-3994-0x000000013FA40000-0x000000013FD94000-memory.dmp	xmrig
behavioral1/memory/2628-3996-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/1304-3995-0x000000013FFA0000-0x00000001402F4000-memory.dmp	xmrig
behavioral1/memory/2744-3997-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2996-3993-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/memory/2368-3992-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2564-3991-0x000000013F930000-0x000000013FC84000-memory.dmp	xmrig
behavioral1/memory/2604-4001-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2652-4000-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/1276-3990-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2692-3989-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
3000	XcBZXow.exe
2744	HRyOTxo.exe
2996	fVGeUDK.exe
2652	XRJlDQc.exe
2692	MjvUDwO.exe
2604	TYrhffI.exe
2564	FGBLbfL.exe
2628	EeUxCnz.exe
2368	qObZPBr.exe
448	YTLUNGY.exe
1304	fHyRDYP.exe
1348	UsbXEsi.exe
1276	EmoklzV.exe
2084	NrytvsQ.exe
2936	DOSBemm.exe
584	cZmZuDf.exe
540	wOUzfAg.exe
2884	AgiTINM.exe
2892	SYzchpY.exe
2968	aLZuECW.exe
2532	eiJLSiW.exe
3056	UnfhEAq.exe
660	bPNbxUD.exe
596	NecHvbT.exe
320	EiriToN.exe
2160	BNpuTEo.exe
2112	yTrebwg.exe
1148	ifqHdqg.exe
2332	mLJdrFi.exe
864	mCYsXzd.exe
716	rfbRjSZ.exe
1884	wqAGBAS.exe
1940	fyesdQT.exe
696	AjCJrFu.exe
944	XvXaXrN.exe
2344	OyTsHXv.exe
3008	xYLJKwq.exe
1368	dYfnqsX.exe
1544	rQrBNwK.exe
3064	ZpspAmn.exe
2088	JTIfecu.exe
1740	ukbTkfv.exe
1724	cjhjAAb.exe
2444	hDBkUxa.exe
772	TtLUUZS.exe
2304	GYSAfcX.exe
3032	GXeQjty.exe
2320	zhXAVom.exe
1196	IPHEKPy.exe
1572	uyWuBtv.exe
908	LKwSkHR.exe
1768	mVgKOKC.exe
1604	mqADKri.exe
2436	nNeKkMZ.exe
2768	ouThhUn.exe
1996	bDdErwa.exe
1964	uSYFAEB.exe
1236	LdPFFmN.exe
2508	zYsjIsa.exe
1708	cxkejAB.exe
2856	CRMuujy.exe
2232	HXtHXnl.exe
2592	jnFIlJv.exe
1160	ohFLfpw.exe

Loads dropped DLL 64 IoCs

pid	Process
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2756-0-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/files/0x000a000000012250-6.dat	upx
behavioral1/files/0x0008000000016d27-8.dat	upx
behavioral1/files/0x0008000000016d30-12.dat	upx
behavioral1/files/0x0007000000016d40-16.dat	upx
behavioral1/files/0x0007000000016d54-26.dat	upx
behavioral1/files/0x0008000000016daf-36.dat	upx
behavioral1/files/0x0008000000016dc1-40.dat	upx
behavioral1/files/0x00050000000195d9-65.dat	upx
behavioral1/files/0x000500000001960a-70.dat	upx
behavioral1/files/0x000500000001960d-81.dat	upx
behavioral1/files/0x000500000001960e-85.dat	upx
behavioral1/files/0x0005000000019610-91.dat	upx
behavioral1/files/0x0005000000019612-95.dat	upx
behavioral1/files/0x0005000000019614-101.dat	upx
behavioral1/files/0x000500000001966c-120.dat	upx
behavioral1/files/0x00050000000196e8-130.dat	upx
behavioral1/files/0x0005000000019c36-140.dat	upx
behavioral1/memory/3000-528-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2756-1468-0x000000013FC70000-0x000000013FFC4000-memory.dmp	upx
behavioral1/memory/2084-526-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/1276-521-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/1348-518-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/1304-516-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/448-514-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/2368-512-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2628-510-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2564-508-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2604-506-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2692-504-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/2652-502-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2996-500-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2744-498-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/files/0x0005000000019d20-160.dat	upx
behavioral1/files/0x0005000000019c53-155.dat	upx
behavioral1/files/0x0005000000019c3a-150.dat	upx
behavioral1/files/0x0005000000019c38-146.dat	upx
behavioral1/files/0x000500000001997c-135.dat	upx
behavioral1/files/0x00050000000196ac-125.dat	upx
behavioral1/files/0x000500000001962a-115.dat	upx
behavioral1/files/0x0005000000019618-110.dat	upx
behavioral1/files/0x0005000000019616-105.dat	upx
behavioral1/files/0x000500000001960c-76.dat	upx
behavioral1/files/0x0005000000019537-60.dat	upx
behavioral1/files/0x00050000000194f3-55.dat	upx
behavioral1/files/0x00050000000194bd-50.dat	upx
behavioral1/files/0x0005000000019441-45.dat	upx
behavioral1/files/0x0007000000016da6-30.dat	upx
behavioral1/memory/448-3985-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1348-3986-0x000000013FE90000-0x00000001401E4000-memory.dmp	upx
behavioral1/memory/3000-3994-0x000000013FA40000-0x000000013FD94000-memory.dmp	upx
behavioral1/memory/2628-3996-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1304-3995-0x000000013FFA0000-0x00000001402F4000-memory.dmp	upx
behavioral1/memory/2744-3997-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2996-3993-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2368-3992-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2564-3991-0x000000013F930000-0x000000013FC84000-memory.dmp	upx
behavioral1/memory/2604-4001-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2652-4000-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/1276-3990-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2692-3989-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\imslZIj.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laTDuBy.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kHomwPZ.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OpdgMda.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSlLyIH.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qHemxGt.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IlrZtAq.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\poQXBvy.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TuFtgay.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WVwNRGV.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSgOhxO.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XPTLNwO.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JDpKKHo.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AZDEXil.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rCzVFKS.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WZSYIJX.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hKXPXKv.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HUWTOAd.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aysnfBY.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzZHeIx.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pjfnZXe.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GVYUiLF.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fJNDVPf.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ziTsBby.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tpKiZOI.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bPNbxUD.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kxdAWUf.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMvsxCB.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfgIBUT.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQMwdah.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKhhDYI.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrBxwHO.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XZqbmiq.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GbwpNVh.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mAdJgwH.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HQOsbIp.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PipsXoP.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UiExuLh.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhewXtx.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XCsxxvZ.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LGkisYi.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SrxhKPO.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HiKafFg.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RiYGuUz.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YuoRvNi.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SqhzMTZ.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukHbSKz.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vvDuDDQ.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QzAyRTU.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kcNTiJD.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pfwOuvE.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kzumgcE.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GHUTGzd.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cKPkeVP.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bBzsiOD.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aBOfczX.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bKLGxWJ.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DSHdzEg.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abvHtBc.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TQTQJLK.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vaWDdPp.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OyTsHXv.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nXyihha.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ryBiTTq.exe	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 3000	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2756 wrote to memory of 3000	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2756 wrote to memory of 3000	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2756 wrote to memory of 2744	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2756 wrote to memory of 2744	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2756 wrote to memory of 2744	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2756 wrote to memory of 2996	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2756 wrote to memory of 2996	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2756 wrote to memory of 2996	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2756 wrote to memory of 2652	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2756 wrote to memory of 2652	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2756 wrote to memory of 2652	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2756 wrote to memory of 2692	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2756 wrote to memory of 2692	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2756 wrote to memory of 2692	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2756 wrote to memory of 2604	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2756 wrote to memory of 2604	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2756 wrote to memory of 2604	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2756 wrote to memory of 2564	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2756 wrote to memory of 2564	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2756 wrote to memory of 2564	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2756 wrote to memory of 2628	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2756 wrote to memory of 2628	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2756 wrote to memory of 2628	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2756 wrote to memory of 2368	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2756 wrote to memory of 2368	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2756 wrote to memory of 2368	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2756 wrote to memory of 448	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2756 wrote to memory of 448	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2756 wrote to memory of 448	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2756 wrote to memory of 1304	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2756 wrote to memory of 1304	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2756 wrote to memory of 1304	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2756 wrote to memory of 1348	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2756 wrote to memory of 1348	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2756 wrote to memory of 1348	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2756 wrote to memory of 1276	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2756 wrote to memory of 1276	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2756 wrote to memory of 1276	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2756 wrote to memory of 2084	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2756 wrote to memory of 2084	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2756 wrote to memory of 2084	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2756 wrote to memory of 2936	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2756 wrote to memory of 2936	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2756 wrote to memory of 2936	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2756 wrote to memory of 584	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2756 wrote to memory of 584	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2756 wrote to memory of 584	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2756 wrote to memory of 540	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2756 wrote to memory of 540	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2756 wrote to memory of 540	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2756 wrote to memory of 2884	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2756 wrote to memory of 2884	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2756 wrote to memory of 2884	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2756 wrote to memory of 2892	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2756 wrote to memory of 2892	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2756 wrote to memory of 2892	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2756 wrote to memory of 2968	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2756 wrote to memory of 2968	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2756 wrote to memory of 2968	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2756 wrote to memory of 2532	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2756 wrote to memory of 2532	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2756 wrote to memory of 2532	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2756 wrote to memory of 3056	2756	2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-28_81815d6985f20cba1b07f9195e1517b4_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\System\XcBZXow.exe
  C:\Windows\System\XcBZXow.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\HRyOTxo.exe
  C:\Windows\System\HRyOTxo.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\fVGeUDK.exe
  C:\Windows\System\fVGeUDK.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\XRJlDQc.exe
  C:\Windows\System\XRJlDQc.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\MjvUDwO.exe
  C:\Windows\System\MjvUDwO.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\TYrhffI.exe
  C:\Windows\System\TYrhffI.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\FGBLbfL.exe
  C:\Windows\System\FGBLbfL.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\EeUxCnz.exe
  C:\Windows\System\EeUxCnz.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\qObZPBr.exe
  C:\Windows\System\qObZPBr.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\YTLUNGY.exe
  C:\Windows\System\YTLUNGY.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\fHyRDYP.exe
  C:\Windows\System\fHyRDYP.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\UsbXEsi.exe
  C:\Windows\System\UsbXEsi.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\EmoklzV.exe
  C:\Windows\System\EmoklzV.exe
  2⤵
  - Executes dropped EXE
  PID:1276
- C:\Windows\System\NrytvsQ.exe
  C:\Windows\System\NrytvsQ.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\DOSBemm.exe
  C:\Windows\System\DOSBemm.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\cZmZuDf.exe
  C:\Windows\System\cZmZuDf.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\wOUzfAg.exe
  C:\Windows\System\wOUzfAg.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\AgiTINM.exe
  C:\Windows\System\AgiTINM.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\SYzchpY.exe
  C:\Windows\System\SYzchpY.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\aLZuECW.exe
  C:\Windows\System\aLZuECW.exe
  2⤵
  - Executes dropped EXE
  PID:2968
- C:\Windows\System\eiJLSiW.exe
  C:\Windows\System\eiJLSiW.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\UnfhEAq.exe
  C:\Windows\System\UnfhEAq.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\bPNbxUD.exe
  C:\Windows\System\bPNbxUD.exe
  2⤵
  - Executes dropped EXE
  PID:660
- C:\Windows\System\NecHvbT.exe
  C:\Windows\System\NecHvbT.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\EiriToN.exe
  C:\Windows\System\EiriToN.exe
  2⤵
  - Executes dropped EXE
  PID:320
- C:\Windows\System\BNpuTEo.exe
  C:\Windows\System\BNpuTEo.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\yTrebwg.exe
  C:\Windows\System\yTrebwg.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\ifqHdqg.exe
  C:\Windows\System\ifqHdqg.exe
  2⤵
  - Executes dropped EXE
  PID:1148
- C:\Windows\System\mLJdrFi.exe
  C:\Windows\System\mLJdrFi.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\mCYsXzd.exe
  C:\Windows\System\mCYsXzd.exe
  2⤵
  - Executes dropped EXE
  PID:864
- C:\Windows\System\rfbRjSZ.exe
  C:\Windows\System\rfbRjSZ.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\wqAGBAS.exe
  C:\Windows\System\wqAGBAS.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\fyesdQT.exe
  C:\Windows\System\fyesdQT.exe
  2⤵
  - Executes dropped EXE
  PID:1940
- C:\Windows\System\AjCJrFu.exe
  C:\Windows\System\AjCJrFu.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\XvXaXrN.exe
  C:\Windows\System\XvXaXrN.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\OyTsHXv.exe
  C:\Windows\System\OyTsHXv.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\xYLJKwq.exe
  C:\Windows\System\xYLJKwq.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\dYfnqsX.exe
  C:\Windows\System\dYfnqsX.exe
  2⤵
  - Executes dropped EXE
  PID:1368
- C:\Windows\System\rQrBNwK.exe
  C:\Windows\System\rQrBNwK.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\ZpspAmn.exe
  C:\Windows\System\ZpspAmn.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\JTIfecu.exe
  C:\Windows\System\JTIfecu.exe
  2⤵
  - Executes dropped EXE
  PID:2088
- C:\Windows\System\ukbTkfv.exe
  C:\Windows\System\ukbTkfv.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\cjhjAAb.exe
  C:\Windows\System\cjhjAAb.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\hDBkUxa.exe
  C:\Windows\System\hDBkUxa.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\TtLUUZS.exe
  C:\Windows\System\TtLUUZS.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\GXeQjty.exe
  C:\Windows\System\GXeQjty.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\GYSAfcX.exe
  C:\Windows\System\GYSAfcX.exe
  2⤵
  - Executes dropped EXE
  PID:2304
- C:\Windows\System\zhXAVom.exe
  C:\Windows\System\zhXAVom.exe
  2⤵
  - Executes dropped EXE
  PID:2320
- C:\Windows\System\IPHEKPy.exe
  C:\Windows\System\IPHEKPy.exe
  2⤵
  - Executes dropped EXE
  PID:1196
- C:\Windows\System\nNeKkMZ.exe
  C:\Windows\System\nNeKkMZ.exe
  2⤵
  - Executes dropped EXE
  PID:2436
- C:\Windows\System\uyWuBtv.exe
  C:\Windows\System\uyWuBtv.exe
  2⤵
  - Executes dropped EXE
  PID:1572
- C:\Windows\System\bDdErwa.exe
  C:\Windows\System\bDdErwa.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\LKwSkHR.exe
  C:\Windows\System\LKwSkHR.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\uSYFAEB.exe
  C:\Windows\System\uSYFAEB.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\mVgKOKC.exe
  C:\Windows\System\mVgKOKC.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\zYsjIsa.exe
  C:\Windows\System\zYsjIsa.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\mqADKri.exe
  C:\Windows\System\mqADKri.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\cxkejAB.exe
  C:\Windows\System\cxkejAB.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\ouThhUn.exe
  C:\Windows\System\ouThhUn.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\CRMuujy.exe
  C:\Windows\System\CRMuujy.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\LdPFFmN.exe
  C:\Windows\System\LdPFFmN.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\jnFIlJv.exe
  C:\Windows\System\jnFIlJv.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\HXtHXnl.exe
  C:\Windows\System\HXtHXnl.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\ohFLfpw.exe
  C:\Windows\System\ohFLfpw.exe
  2⤵
  - Executes dropped EXE
  PID:1160
- C:\Windows\System\AuygrzX.exe
  C:\Windows\System\AuygrzX.exe
  2⤵
  PID:1736
- C:\Windows\System\BrDZyMb.exe
  C:\Windows\System\BrDZyMb.exe
  2⤵
  PID:2960
- C:\Windows\System\hXukqKC.exe
  C:\Windows\System\hXukqKC.exe
  2⤵
  PID:2640
- C:\Windows\System\DkrtsET.exe
  C:\Windows\System\DkrtsET.exe
  2⤵
  PID:692
- C:\Windows\System\hFaaPmY.exe
  C:\Windows\System\hFaaPmY.exe
  2⤵
  PID:2928
- C:\Windows\System\oqSmRTS.exe
  C:\Windows\System\oqSmRTS.exe
  2⤵
  PID:1060
- C:\Windows\System\qOjwqjw.exe
  C:\Windows\System\qOjwqjw.exe
  2⤵
  PID:2060
- C:\Windows\System\lufRKyk.exe
  C:\Windows\System\lufRKyk.exe
  2⤵
  PID:700
- C:\Windows\System\HvBvnHq.exe
  C:\Windows\System\HvBvnHq.exe
  2⤵
  PID:2124
- C:\Windows\System\bMVFuLP.exe
  C:\Windows\System\bMVFuLP.exe
  2⤵
  PID:2448
- C:\Windows\System\VpHCzHm.exe
  C:\Windows\System\VpHCzHm.exe
  2⤵
  PID:1836
- C:\Windows\System\rriUYoG.exe
  C:\Windows\System\rriUYoG.exe
  2⤵
  PID:2524
- C:\Windows\System\nXyihha.exe
  C:\Windows\System\nXyihha.exe
  2⤵
  PID:1616
- C:\Windows\System\ZbCQwqh.exe
  C:\Windows\System\ZbCQwqh.exe
  2⤵
  PID:2196
- C:\Windows\System\dJXvkqe.exe
  C:\Windows\System\dJXvkqe.exe
  2⤵
  PID:2268
- C:\Windows\System\XPTLNwO.exe
  C:\Windows\System\XPTLNwO.exe
  2⤵
  PID:1864
- C:\Windows\System\QPpZcHI.exe
  C:\Windows\System\QPpZcHI.exe
  2⤵
  PID:1636
- C:\Windows\System\AKVEYnH.exe
  C:\Windows\System\AKVEYnH.exe
  2⤵
  PID:1096
- C:\Windows\System\ozPTmiL.exe
  C:\Windows\System\ozPTmiL.exe
  2⤵
  PID:1560
- C:\Windows\System\kHomwPZ.exe
  C:\Windows\System\kHomwPZ.exe
  2⤵
  PID:3052
- C:\Windows\System\zeADeDk.exe
  C:\Windows\System\zeADeDk.exe
  2⤵
  PID:1532
- C:\Windows\System\YtlYvIC.exe
  C:\Windows\System\YtlYvIC.exe
  2⤵
  PID:2696
- C:\Windows\System\cKrugcm.exe
  C:\Windows\System\cKrugcm.exe
  2⤵
  PID:2828
- C:\Windows\System\XtJJTtQ.exe
  C:\Windows\System\XtJJTtQ.exe
  2⤵
  PID:1652
- C:\Windows\System\wiesxra.exe
  C:\Windows\System\wiesxra.exe
  2⤵
  PID:900
- C:\Windows\System\fuWKVyc.exe
  C:\Windows\System\fuWKVyc.exe
  2⤵
  PID:2716
- C:\Windows\System\ClmrQAx.exe
  C:\Windows\System\ClmrQAx.exe
  2⤵
  PID:2456
- C:\Windows\System\NhJbwzS.exe
  C:\Windows\System\NhJbwzS.exe
  2⤵
  PID:2752
- C:\Windows\System\yrBxwHO.exe
  C:\Windows\System\yrBxwHO.exe
  2⤵
  PID:904
- C:\Windows\System\BWHzPZx.exe
  C:\Windows\System\BWHzPZx.exe
  2⤵
  PID:2216
- C:\Windows\System\pOIhjWi.exe
  C:\Windows\System\pOIhjWi.exe
  2⤵
  PID:2484
- C:\Windows\System\jCilnEo.exe
  C:\Windows\System\jCilnEo.exe
  2⤵
  PID:2624
- C:\Windows\System\kIgBqwv.exe
  C:\Windows\System\kIgBqwv.exe
  2⤵
  PID:2072
- C:\Windows\System\LaAHdhA.exe
  C:\Windows\System\LaAHdhA.exe
  2⤵
  PID:2648
- C:\Windows\System\GtJMUHb.exe
  C:\Windows\System\GtJMUHb.exe
  2⤵
  PID:532
- C:\Windows\System\ThReVQc.exe
  C:\Windows\System\ThReVQc.exe
  2⤵
  PID:1760
- C:\Windows\System\chBVeWB.exe
  C:\Windows\System\chBVeWB.exe
  2⤵
  PID:1028
- C:\Windows\System\KjTuBhK.exe
  C:\Windows\System\KjTuBhK.exe
  2⤵
  PID:2620
- C:\Windows\System\rJgSbzq.exe
  C:\Windows\System\rJgSbzq.exe
  2⤵
  PID:332
- C:\Windows\System\rqNwFai.exe
  C:\Windows\System\rqNwFai.exe
  2⤵
  PID:1692
- C:\Windows\System\nuGmVhI.exe
  C:\Windows\System\nuGmVhI.exe
  2⤵
  PID:3016
- C:\Windows\System\sPUFRwv.exe
  C:\Windows\System\sPUFRwv.exe
  2⤵
  PID:636
- C:\Windows\System\NHMmQjr.exe
  C:\Windows\System\NHMmQjr.exe
  2⤵
  PID:1524
- C:\Windows\System\bcTFcAJ.exe
  C:\Windows\System\bcTFcAJ.exe
  2⤵
  PID:2140
- C:\Windows\System\jbGxGkd.exe
  C:\Windows\System\jbGxGkd.exe
  2⤵
  PID:1676
- C:\Windows\System\LZATXyq.exe
  C:\Windows\System\LZATXyq.exe
  2⤵
  PID:1744
- C:\Windows\System\EvwhmBH.exe
  C:\Windows\System\EvwhmBH.exe
  2⤵
  PID:288
- C:\Windows\System\MmAPYwt.exe
  C:\Windows\System\MmAPYwt.exe
  2⤵
  PID:1752
- C:\Windows\System\dIcgMXk.exe
  C:\Windows\System\dIcgMXk.exe
  2⤵
  PID:2876
- C:\Windows\System\MHeHNYb.exe
  C:\Windows\System\MHeHNYb.exe
  2⤵
  PID:2408
- C:\Windows\System\ANbYYYY.exe
  C:\Windows\System\ANbYYYY.exe
  2⤵
  PID:2316
- C:\Windows\System\tncPsXS.exe
  C:\Windows\System\tncPsXS.exe
  2⤵
  PID:1324
- C:\Windows\System\zxDgLYb.exe
  C:\Windows\System\zxDgLYb.exe
  2⤵
  PID:3084
- C:\Windows\System\WkyCMQK.exe
  C:\Windows\System\WkyCMQK.exe
  2⤵
  PID:3100
- C:\Windows\System\pehNXKt.exe
  C:\Windows\System\pehNXKt.exe
  2⤵
  PID:3116
- C:\Windows\System\aBaxeId.exe
  C:\Windows\System\aBaxeId.exe
  2⤵
  PID:3140
- C:\Windows\System\wMFhogf.exe
  C:\Windows\System\wMFhogf.exe
  2⤵
  PID:3156
- C:\Windows\System\pFkXmSy.exe
  C:\Windows\System\pFkXmSy.exe
  2⤵
  PID:3172
- C:\Windows\System\DrWMWHs.exe
  C:\Windows\System\DrWMWHs.exe
  2⤵
  PID:3188
- C:\Windows\System\rJWrwmv.exe
  C:\Windows\System\rJWrwmv.exe
  2⤵
  PID:3204
- C:\Windows\System\EOQVrRF.exe
  C:\Windows\System\EOQVrRF.exe
  2⤵
  PID:3220
- C:\Windows\System\wZfuQCv.exe
  C:\Windows\System\wZfuQCv.exe
  2⤵
  PID:3236
- C:\Windows\System\kaOlgnU.exe
  C:\Windows\System\kaOlgnU.exe
  2⤵
  PID:3252
- C:\Windows\System\yNjQZwS.exe
  C:\Windows\System\yNjQZwS.exe
  2⤵
  PID:3288
- C:\Windows\System\iQcTlkw.exe
  C:\Windows\System\iQcTlkw.exe
  2⤵
  PID:3312
- C:\Windows\System\uXfSuSw.exe
  C:\Windows\System\uXfSuSw.exe
  2⤵
  PID:3328
- C:\Windows\System\IyxZFUz.exe
  C:\Windows\System\IyxZFUz.exe
  2⤵
  PID:3352
- C:\Windows\System\oPCRumh.exe
  C:\Windows\System\oPCRumh.exe
  2⤵
  PID:3368
- C:\Windows\System\fFcMTwo.exe
  C:\Windows\System\fFcMTwo.exe
  2⤵
  PID:3388
- C:\Windows\System\ZlCTRin.exe
  C:\Windows\System\ZlCTRin.exe
  2⤵
  PID:3412
- C:\Windows\System\wRSAYkE.exe
  C:\Windows\System\wRSAYkE.exe
  2⤵
  PID:3428
- C:\Windows\System\LfmTOrK.exe
  C:\Windows\System\LfmTOrK.exe
  2⤵
  PID:3448
- C:\Windows\System\XXZDlGs.exe
  C:\Windows\System\XXZDlGs.exe
  2⤵
  PID:3468
- C:\Windows\System\sqpksEX.exe
  C:\Windows\System\sqpksEX.exe
  2⤵
  PID:3492
- C:\Windows\System\YQaOfKv.exe
  C:\Windows\System\YQaOfKv.exe
  2⤵
  PID:3512
- C:\Windows\System\jmFaXGQ.exe
  C:\Windows\System\jmFaXGQ.exe
  2⤵
  PID:3532
- C:\Windows\System\otPaCyD.exe
  C:\Windows\System\otPaCyD.exe
  2⤵
  PID:3556
- C:\Windows\System\keeFzqC.exe
  C:\Windows\System\keeFzqC.exe
  2⤵
  PID:3576
- C:\Windows\System\nRqOAUc.exe
  C:\Windows\System\nRqOAUc.exe
  2⤵
  PID:3596
- C:\Windows\System\PzsrIkZ.exe
  C:\Windows\System\PzsrIkZ.exe
  2⤵
  PID:3616
- C:\Windows\System\JsiWjnb.exe
  C:\Windows\System\JsiWjnb.exe
  2⤵
  PID:3632
- C:\Windows\System\iBqcoCv.exe
  C:\Windows\System\iBqcoCv.exe
  2⤵
  PID:3648
- C:\Windows\System\HoiITiy.exe
  C:\Windows\System\HoiITiy.exe
  2⤵
  PID:3672
- C:\Windows\System\SLhWman.exe
  C:\Windows\System\SLhWman.exe
  2⤵
  PID:3688
- C:\Windows\System\BgXeNkC.exe
  C:\Windows\System\BgXeNkC.exe
  2⤵
  PID:3716
- C:\Windows\System\ITkAQVg.exe
  C:\Windows\System\ITkAQVg.exe
  2⤵
  PID:3956
- C:\Windows\System\dpfbUWl.exe
  C:\Windows\System\dpfbUWl.exe
  2⤵
  PID:3980
- C:\Windows\System\ryBiTTq.exe
  C:\Windows\System\ryBiTTq.exe
  2⤵
  PID:4000
- C:\Windows\System\himeuLP.exe
  C:\Windows\System\himeuLP.exe
  2⤵
  PID:4016
- C:\Windows\System\mltZcQy.exe
  C:\Windows\System\mltZcQy.exe
  2⤵
  PID:4032
- C:\Windows\System\ZEAPJnT.exe
  C:\Windows\System\ZEAPJnT.exe
  2⤵
  PID:4056
- C:\Windows\System\dsKIRJz.exe
  C:\Windows\System\dsKIRJz.exe
  2⤵
  PID:4076
- C:\Windows\System\ldLUInI.exe
  C:\Windows\System\ldLUInI.exe
  2⤵
  PID:1976
- C:\Windows\System\AJUeYlN.exe
  C:\Windows\System\AJUeYlN.exe
  2⤵
  PID:2184
- C:\Windows\System\qAWCZnq.exe
  C:\Windows\System\qAWCZnq.exe
  2⤵
  PID:2300
- C:\Windows\System\xQPHmGP.exe
  C:\Windows\System\xQPHmGP.exe
  2⤵
  PID:3128
- C:\Windows\System\KCPHkyp.exe
  C:\Windows\System\KCPHkyp.exe
  2⤵
  PID:3164
- C:\Windows\System\BbOjfGv.exe
  C:\Windows\System\BbOjfGv.exe
  2⤵
  PID:3232
- C:\Windows\System\rJSDRgX.exe
  C:\Windows\System\rJSDRgX.exe
  2⤵
  PID:2172
- C:\Windows\System\oTVpcmn.exe
  C:\Windows\System\oTVpcmn.exe
  2⤵
  PID:3264
- C:\Windows\System\RzuwXEN.exe
  C:\Windows\System\RzuwXEN.exe
  2⤵
  PID:3364
- C:\Windows\System\PNjJVEI.exe
  C:\Windows\System\PNjJVEI.exe
  2⤵
  PID:3408
- C:\Windows\System\SqhzMTZ.exe
  C:\Windows\System\SqhzMTZ.exe
  2⤵
  PID:3476
- C:\Windows\System\ClpSzmj.exe
  C:\Windows\System\ClpSzmj.exe
  2⤵
  PID:3520
- C:\Windows\System\uQsqzrt.exe
  C:\Windows\System\uQsqzrt.exe
  2⤵
  PID:3572
- C:\Windows\System\oMsSHtv.exe
  C:\Windows\System\oMsSHtv.exe
  2⤵
  PID:3608
- C:\Windows\System\sBbMAuk.exe
  C:\Windows\System\sBbMAuk.exe
  2⤵
  PID:3724
- C:\Windows\System\gAFPJVD.exe
  C:\Windows\System\gAFPJVD.exe
  2⤵
  PID:1016
- C:\Windows\System\uuwsZTt.exe
  C:\Windows\System\uuwsZTt.exe
  2⤵
  PID:1624
- C:\Windows\System\gHjUtNS.exe
  C:\Windows\System\gHjUtNS.exe
  2⤵
  PID:2912
- C:\Windows\System\aKkSgYL.exe
  C:\Windows\System\aKkSgYL.exe
  2⤵
  PID:2440
- C:\Windows\System\MQUhIsF.exe
  C:\Windows\System\MQUhIsF.exe
  2⤵
  PID:2372
- C:\Windows\System\BBOsZww.exe
  C:\Windows\System\BBOsZww.exe
  2⤵
  PID:1792
- C:\Windows\System\TbpqnIy.exe
  C:\Windows\System\TbpqnIy.exe
  2⤵
  PID:2560
- C:\Windows\System\orssPqW.exe
  C:\Windows\System\orssPqW.exe
  2⤵
  PID:1360
- C:\Windows\System\LKBFbLm.exe
  C:\Windows\System\LKBFbLm.exe
  2⤵
  PID:2292
- C:\Windows\System\VKpcjgm.exe
  C:\Windows\System\VKpcjgm.exe
  2⤵
  PID:3112
- C:\Windows\System\ulyojnG.exe
  C:\Windows\System\ulyojnG.exe
  2⤵
  PID:3184
- C:\Windows\System\UDbGeqv.exe
  C:\Windows\System\UDbGeqv.exe
  2⤵
  PID:3300
- C:\Windows\System\czwVQUq.exe
  C:\Windows\System\czwVQUq.exe
  2⤵
  PID:3248
- C:\Windows\System\TmEYMnj.exe
  C:\Windows\System\TmEYMnj.exe
  2⤵
  PID:3340
- C:\Windows\System\nLzssEI.exe
  C:\Windows\System\nLzssEI.exe
  2⤵
  PID:3424
- C:\Windows\System\YpUJHHa.exe
  C:\Windows\System\YpUJHHa.exe
  2⤵
  PID:3464
- C:\Windows\System\tZFUErQ.exe
  C:\Windows\System\tZFUErQ.exe
  2⤵
  PID:3920
- C:\Windows\System\sxRbqrV.exe
  C:\Windows\System\sxRbqrV.exe
  2⤵
  PID:3936
- C:\Windows\System\eWLaFBm.exe
  C:\Windows\System\eWLaFBm.exe
  2⤵
  PID:3952
- C:\Windows\System\GcIIqet.exe
  C:\Windows\System\GcIIqet.exe
  2⤵
  PID:3508
- C:\Windows\System\aqsrknG.exe
  C:\Windows\System\aqsrknG.exe
  2⤵
  PID:3552
- C:\Windows\System\wyIYtHQ.exe
  C:\Windows\System\wyIYtHQ.exe
  2⤵
  PID:3624
- C:\Windows\System\txGCmQp.exe
  C:\Windows\System\txGCmQp.exe
  2⤵
  PID:3664
- C:\Windows\System\qqgAcGS.exe
  C:\Windows\System\qqgAcGS.exe
  2⤵
  PID:3704
- C:\Windows\System\xOqivJy.exe
  C:\Windows\System\xOqivJy.exe
  2⤵
  PID:3968
- C:\Windows\System\TSEcMmw.exe
  C:\Windows\System\TSEcMmw.exe
  2⤵
  PID:3996
- C:\Windows\System\OvnNPhP.exe
  C:\Windows\System\OvnNPhP.exe
  2⤵
  PID:4064
- C:\Windows\System\BoqqQXC.exe
  C:\Windows\System\BoqqQXC.exe
  2⤵
  PID:2096
- C:\Windows\System\UfjUOVh.exe
  C:\Windows\System\UfjUOVh.exe
  2⤵
  PID:4008
- C:\Windows\System\ofKjysd.exe
  C:\Windows\System\ofKjysd.exe
  2⤵
  PID:4052
- C:\Windows\System\vWhCBJI.exe
  C:\Windows\System\vWhCBJI.exe
  2⤵
  PID:1984
- C:\Windows\System\SEVBPwE.exe
  C:\Windows\System\SEVBPwE.exe
  2⤵
  PID:1608
- C:\Windows\System\XoDkYBx.exe
  C:\Windows\System\XoDkYBx.exe
  2⤵
  PID:3684
- C:\Windows\System\EdjYXWO.exe
  C:\Windows\System\EdjYXWO.exe
  2⤵
  PID:3200
- C:\Windows\System\XCsxxvZ.exe
  C:\Windows\System\XCsxxvZ.exe
  2⤵
  PID:3948
- C:\Windows\System\eEyBawq.exe
  C:\Windows\System\eEyBawq.exe
  2⤵
  PID:968
- C:\Windows\System\mcfRLTS.exe
  C:\Windows\System\mcfRLTS.exe
  2⤵
  PID:3656
- C:\Windows\System\JpBRFRR.exe
  C:\Windows\System\JpBRFRR.exe
  2⤵
  PID:4024
- C:\Windows\System\GyLXYsp.exe
  C:\Windows\System\GyLXYsp.exe
  2⤵
  PID:2432
- C:\Windows\System\sqgsPOr.exe
  C:\Windows\System\sqgsPOr.exe
  2⤵
  PID:3440
- C:\Windows\System\cSuMXTw.exe
  C:\Windows\System\cSuMXTw.exe
  2⤵
  PID:3564
- C:\Windows\System\iYwoEkS.exe
  C:\Windows\System\iYwoEkS.exe
  2⤵
  PID:3700
- C:\Windows\System\QUxgghu.exe
  C:\Windows\System\QUxgghu.exe
  2⤵
  PID:2708
- C:\Windows\System\OcXjWaC.exe
  C:\Windows\System\OcXjWaC.exe
  2⤵
  PID:3132
- C:\Windows\System\VhMWLoC.exe
  C:\Windows\System\VhMWLoC.exe
  2⤵
  PID:1388
- C:\Windows\System\yOfpRUn.exe
  C:\Windows\System\yOfpRUn.exe
  2⤵
  PID:3284
- C:\Windows\System\MVgHCyk.exe
  C:\Windows\System\MVgHCyk.exe
  2⤵
  PID:3484
- C:\Windows\System\ZdtaKui.exe
  C:\Windows\System\ZdtaKui.exe
  2⤵
  PID:2324
- C:\Windows\System\diHWMpf.exe
  C:\Windows\System\diHWMpf.exe
  2⤵
  PID:2376
- C:\Windows\System\iJZhNwn.exe
  C:\Windows\System\iJZhNwn.exe
  2⤵
  PID:3612
- C:\Windows\System\oZeWMXH.exe
  C:\Windows\System\oZeWMXH.exe
  2⤵
  PID:3244
- C:\Windows\System\wmVcMCl.exe
  C:\Windows\System\wmVcMCl.exe
  2⤵
  PID:3456
- C:\Windows\System\cQAbgFv.exe
  C:\Windows\System\cQAbgFv.exe
  2⤵
  PID:3916
- C:\Windows\System\fsXBVmn.exe
  C:\Windows\System\fsXBVmn.exe
  2⤵
  PID:3660
- C:\Windows\System\tlLDgqC.exe
  C:\Windows\System\tlLDgqC.exe
  2⤵
  PID:3988
- C:\Windows\System\imyuaPw.exe
  C:\Windows\System\imyuaPw.exe
  2⤵
  PID:3488
- C:\Windows\System\JGdQSSG.exe
  C:\Windows\System\JGdQSSG.exe
  2⤵
  PID:4104
- C:\Windows\System\trPpvBu.exe
  C:\Windows\System\trPpvBu.exe
  2⤵
  PID:4128
- C:\Windows\System\sjltcRG.exe
  C:\Windows\System\sjltcRG.exe
  2⤵
  PID:4144
- C:\Windows\System\BewJztw.exe
  C:\Windows\System\BewJztw.exe
  2⤵
  PID:4172
- C:\Windows\System\IVYiZtl.exe
  C:\Windows\System\IVYiZtl.exe
  2⤵
  PID:4188
- C:\Windows\System\VOfqafS.exe
  C:\Windows\System\VOfqafS.exe
  2⤵
  PID:4204
- C:\Windows\System\DPwhAFd.exe
  C:\Windows\System\DPwhAFd.exe
  2⤵
  PID:4220
- C:\Windows\System\xtugQoz.exe
  C:\Windows\System\xtugQoz.exe
  2⤵
  PID:4236
- C:\Windows\System\CUxlxvc.exe
  C:\Windows\System\CUxlxvc.exe
  2⤵
  PID:4252
- C:\Windows\System\yfKijFq.exe
  C:\Windows\System\yfKijFq.exe
  2⤵
  PID:4268
- C:\Windows\System\uoMlKpe.exe
  C:\Windows\System\uoMlKpe.exe
  2⤵
  PID:4284
- C:\Windows\System\xBIQncu.exe
  C:\Windows\System\xBIQncu.exe
  2⤵
  PID:4300
- C:\Windows\System\WMsNrvG.exe
  C:\Windows\System\WMsNrvG.exe
  2⤵
  PID:4316
- C:\Windows\System\CRRNLnU.exe
  C:\Windows\System\CRRNLnU.exe
  2⤵
  PID:4332
- C:\Windows\System\QZUsFcG.exe
  C:\Windows\System\QZUsFcG.exe
  2⤵
  PID:4348
- C:\Windows\System\nKwvlch.exe
  C:\Windows\System\nKwvlch.exe
  2⤵
  PID:4364
- C:\Windows\System\xyjZJYx.exe
  C:\Windows\System\xyjZJYx.exe
  2⤵
  PID:4380
- C:\Windows\System\NJSHOIO.exe
  C:\Windows\System\NJSHOIO.exe
  2⤵
  PID:4396
- C:\Windows\System\CGPePPJ.exe
  C:\Windows\System\CGPePPJ.exe
  2⤵
  PID:4412
- C:\Windows\System\vnfbvxk.exe
  C:\Windows\System\vnfbvxk.exe
  2⤵
  PID:4432
- C:\Windows\System\rKVliXw.exe
  C:\Windows\System\rKVliXw.exe
  2⤵
  PID:4448
- C:\Windows\System\CYHzSnm.exe
  C:\Windows\System\CYHzSnm.exe
  2⤵
  PID:4464
- C:\Windows\System\IehHbOT.exe
  C:\Windows\System\IehHbOT.exe
  2⤵
  PID:4480
- C:\Windows\System\EtNRsWC.exe
  C:\Windows\System\EtNRsWC.exe
  2⤵
  PID:4496
- C:\Windows\System\jlYBOZM.exe
  C:\Windows\System\jlYBOZM.exe
  2⤵
  PID:4512
- C:\Windows\System\WlorFyL.exe
  C:\Windows\System\WlorFyL.exe
  2⤵
  PID:4532
- C:\Windows\System\TrLeEuM.exe
  C:\Windows\System\TrLeEuM.exe
  2⤵
  PID:4548
- C:\Windows\System\zJMsfFi.exe
  C:\Windows\System\zJMsfFi.exe
  2⤵
  PID:4564
- C:\Windows\System\Vscxqly.exe
  C:\Windows\System\Vscxqly.exe
  2⤵
  PID:4580
- C:\Windows\System\xLIAHfb.exe
  C:\Windows\System\xLIAHfb.exe
  2⤵
  PID:4596
- C:\Windows\System\BAIJWKD.exe
  C:\Windows\System\BAIJWKD.exe
  2⤵
  PID:4612
- C:\Windows\System\aFNaTwp.exe
  C:\Windows\System\aFNaTwp.exe
  2⤵
  PID:4628
- C:\Windows\System\ukHbSKz.exe
  C:\Windows\System\ukHbSKz.exe
  2⤵
  PID:4644
- C:\Windows\System\StkLwLV.exe
  C:\Windows\System\StkLwLV.exe
  2⤵
  PID:4660
- C:\Windows\System\wlqnfry.exe
  C:\Windows\System\wlqnfry.exe
  2⤵
  PID:4680
- C:\Windows\System\qWoINck.exe
  C:\Windows\System\qWoINck.exe
  2⤵
  PID:4700
- C:\Windows\System\zcwgmyK.exe
  C:\Windows\System\zcwgmyK.exe
  2⤵
  PID:4716
- C:\Windows\System\RbQXAaN.exe
  C:\Windows\System\RbQXAaN.exe
  2⤵
  PID:4732
- C:\Windows\System\gQczDem.exe
  C:\Windows\System\gQczDem.exe
  2⤵
  PID:4748
- C:\Windows\System\SHynfuz.exe
  C:\Windows\System\SHynfuz.exe
  2⤵
  PID:4768
- C:\Windows\System\nOhjKCW.exe
  C:\Windows\System\nOhjKCW.exe
  2⤵
  PID:4784
- C:\Windows\System\FbGtXGu.exe
  C:\Windows\System\FbGtXGu.exe
  2⤵
  PID:4800
- C:\Windows\System\HBbPoKY.exe
  C:\Windows\System\HBbPoKY.exe
  2⤵
  PID:4816
- C:\Windows\System\IqKlGBi.exe
  C:\Windows\System\IqKlGBi.exe
  2⤵
  PID:4832
- C:\Windows\System\LPOrfvH.exe
  C:\Windows\System\LPOrfvH.exe
  2⤵
  PID:4848
- C:\Windows\System\OpdgMda.exe
  C:\Windows\System\OpdgMda.exe
  2⤵
  PID:4864
- C:\Windows\System\dozsslI.exe
  C:\Windows\System\dozsslI.exe
  2⤵
  PID:4880
- C:\Windows\System\YCOjQWd.exe
  C:\Windows\System\YCOjQWd.exe
  2⤵
  PID:4896
- C:\Windows\System\yNxZtac.exe
  C:\Windows\System\yNxZtac.exe
  2⤵
  PID:4912
- C:\Windows\System\pZxIMUa.exe
  C:\Windows\System\pZxIMUa.exe
  2⤵
  PID:4928
- C:\Windows\System\YEWYBSf.exe
  C:\Windows\System\YEWYBSf.exe
  2⤵
  PID:4944
- C:\Windows\System\LOFhCfP.exe
  C:\Windows\System\LOFhCfP.exe
  2⤵
  PID:4960
- C:\Windows\System\lhutLBm.exe
  C:\Windows\System\lhutLBm.exe
  2⤵
  PID:4976
- C:\Windows\System\HiRZyUm.exe
  C:\Windows\System\HiRZyUm.exe
  2⤵
  PID:4992
- C:\Windows\System\IDuDNvc.exe
  C:\Windows\System\IDuDNvc.exe
  2⤵
  PID:5008
- C:\Windows\System\ccWPPJi.exe
  C:\Windows\System\ccWPPJi.exe
  2⤵
  PID:5024
- C:\Windows\System\lUBAuqO.exe
  C:\Windows\System\lUBAuqO.exe
  2⤵
  PID:5040
- C:\Windows\System\ReWBegH.exe
  C:\Windows\System\ReWBegH.exe
  2⤵
  PID:5056
- C:\Windows\System\DfNXuOE.exe
  C:\Windows\System\DfNXuOE.exe
  2⤵
  PID:5072
- C:\Windows\System\JDpKKHo.exe
  C:\Windows\System\JDpKKHo.exe
  2⤵
  PID:5088
- C:\Windows\System\ZlLeyHU.exe
  C:\Windows\System\ZlLeyHU.exe
  2⤵
  PID:5104
- C:\Windows\System\llsBRbg.exe
  C:\Windows\System\llsBRbg.exe
  2⤵
  PID:444
- C:\Windows\System\rZCgyFX.exe
  C:\Windows\System\rZCgyFX.exe
  2⤵
  PID:3344
- C:\Windows\System\zKVzLDW.exe
  C:\Windows\System\zKVzLDW.exe
  2⤵
  PID:3500
- C:\Windows\System\KbzIyQI.exe
  C:\Windows\System\KbzIyQI.exe
  2⤵
  PID:3444
- C:\Windows\System\CByFcmU.exe
  C:\Windows\System\CByFcmU.exe
  2⤵
  PID:4136
- C:\Windows\System\hlomJvq.exe
  C:\Windows\System\hlomJvq.exe
  2⤵
  PID:3152
- C:\Windows\System\UeMwgFF.exe
  C:\Windows\System\UeMwgFF.exe
  2⤵
  PID:3712
- C:\Windows\System\kzumgcE.exe
  C:\Windows\System\kzumgcE.exe
  2⤵
  PID:3324
- C:\Windows\System\oTobIxB.exe
  C:\Windows\System\oTobIxB.exe
  2⤵
  PID:3280
- C:\Windows\System\zjGruWI.exe
  C:\Windows\System\zjGruWI.exe
  2⤵
  PID:2328
- C:\Windows\System\wWnuENC.exe
  C:\Windows\System\wWnuENC.exe
  2⤵
  PID:4212
- C:\Windows\System\oAitrrI.exe
  C:\Windows\System\oAitrrI.exe
  2⤵
  PID:2256
- C:\Windows\System\RCKfiXt.exe
  C:\Windows\System\RCKfiXt.exe
  2⤵
  PID:4232
- C:\Windows\System\vINuUbc.exe
  C:\Windows\System\vINuUbc.exe
  2⤵
  PID:4248
- C:\Windows\System\QPxeoil.exe
  C:\Windows\System\QPxeoil.exe
  2⤵
  PID:4312
- C:\Windows\System\eOyTuqN.exe
  C:\Windows\System\eOyTuqN.exe
  2⤵
  PID:4376
- C:\Windows\System\zVVeAYn.exe
  C:\Windows\System\zVVeAYn.exe
  2⤵
  PID:4260
- C:\Windows\System\kYWMbnb.exe
  C:\Windows\System\kYWMbnb.exe
  2⤵
  PID:4200
- C:\Windows\System\YyTpMZZ.exe
  C:\Windows\System\YyTpMZZ.exe
  2⤵
  PID:4164
- C:\Windows\System\LwmNkje.exe
  C:\Windows\System\LwmNkje.exe
  2⤵
  PID:3932
- C:\Windows\System\XBCRigD.exe
  C:\Windows\System\XBCRigD.exe
  2⤵
  PID:4444
- C:\Windows\System\eKqZCdb.exe
  C:\Windows\System\eKqZCdb.exe
  2⤵
  PID:4508
- C:\Windows\System\fnfZLBg.exe
  C:\Windows\System\fnfZLBg.exe
  2⤵
  PID:4576
- C:\Windows\System\srhaoen.exe
  C:\Windows\System\srhaoen.exe
  2⤵
  PID:4640
- C:\Windows\System\txMrGxh.exe
  C:\Windows\System\txMrGxh.exe
  2⤵
  PID:4708
- C:\Windows\System\XeqUSnb.exe
  C:\Windows\System\XeqUSnb.exe
  2⤵
  PID:4740
- C:\Windows\System\xSlLyIH.exe
  C:\Windows\System\xSlLyIH.exe
  2⤵
  PID:4808
- C:\Windows\System\FVicvGf.exe
  C:\Windows\System\FVicvGf.exe
  2⤵
  PID:4360
- C:\Windows\System\PvOOcMx.exe
  C:\Windows\System\PvOOcMx.exe
  2⤵
  PID:4556
- C:\Windows\System\pwVrJwt.exe
  C:\Windows\System\pwVrJwt.exe
  2⤵
  PID:4724
- C:\Windows\System\tbQFSjK.exe
  C:\Windows\System\tbQFSjK.exe
  2⤵
  PID:4764
- C:\Windows\System\pkPdRvs.exe
  C:\Windows\System\pkPdRvs.exe
  2⤵
  PID:4828
- C:\Windows\System\jIiaXxC.exe
  C:\Windows\System\jIiaXxC.exe
  2⤵
  PID:4656
- C:\Windows\System\YECmSrj.exe
  C:\Windows\System\YECmSrj.exe
  2⤵
  PID:4588
- C:\Windows\System\pJOmaFO.exe
  C:\Windows\System\pJOmaFO.exe
  2⤵
  PID:5188
- C:\Windows\System\khCWnRG.exe
  C:\Windows\System\khCWnRG.exe
  2⤵
  PID:5208
- C:\Windows\System\mOrkxTk.exe
  C:\Windows\System\mOrkxTk.exe
  2⤵
  PID:5224
- C:\Windows\System\FexWVqo.exe
  C:\Windows\System\FexWVqo.exe
  2⤵
  PID:5244
- C:\Windows\System\AoCTpvK.exe
  C:\Windows\System\AoCTpvK.exe
  2⤵
  PID:5260
- C:\Windows\System\guTzifj.exe
  C:\Windows\System\guTzifj.exe
  2⤵
  PID:5280
- C:\Windows\System\GSrNZfE.exe
  C:\Windows\System\GSrNZfE.exe
  2⤵
  PID:5296
- C:\Windows\System\kPyCZWC.exe
  C:\Windows\System\kPyCZWC.exe
  2⤵
  PID:5316
- C:\Windows\System\ZCXPLbr.exe
  C:\Windows\System\ZCXPLbr.exe
  2⤵
  PID:5336
- C:\Windows\System\zjsHrxG.exe
  C:\Windows\System\zjsHrxG.exe
  2⤵
  PID:5356
- C:\Windows\System\ZCUNIWv.exe
  C:\Windows\System\ZCUNIWv.exe
  2⤵
  PID:5388
- C:\Windows\System\arOVODS.exe
  C:\Windows\System\arOVODS.exe
  2⤵
  PID:5408
- C:\Windows\System\DoAqZQe.exe
  C:\Windows\System\DoAqZQe.exe
  2⤵
  PID:5424
- C:\Windows\System\SAsvCCq.exe
  C:\Windows\System\SAsvCCq.exe
  2⤵
  PID:5440
- C:\Windows\System\XZqbmiq.exe
  C:\Windows\System\XZqbmiq.exe
  2⤵
  PID:5464
- C:\Windows\System\tYLAUHP.exe
  C:\Windows\System\tYLAUHP.exe
  2⤵
  PID:5488
- C:\Windows\System\OPuUqVr.exe
  C:\Windows\System\OPuUqVr.exe
  2⤵
  PID:5504
- C:\Windows\System\swQwaCH.exe
  C:\Windows\System\swQwaCH.exe
  2⤵
  PID:5520
- C:\Windows\System\vAZbUkw.exe
  C:\Windows\System\vAZbUkw.exe
  2⤵
  PID:5536
- C:\Windows\System\UIZiZcz.exe
  C:\Windows\System\UIZiZcz.exe
  2⤵
  PID:5552
- C:\Windows\System\BQUrRKH.exe
  C:\Windows\System\BQUrRKH.exe
  2⤵
  PID:5568
- C:\Windows\System\QjUOsqY.exe
  C:\Windows\System\QjUOsqY.exe
  2⤵
  PID:5584
- C:\Windows\System\QBwKpko.exe
  C:\Windows\System\QBwKpko.exe
  2⤵
  PID:5600
- C:\Windows\System\mDDiMkg.exe
  C:\Windows\System\mDDiMkg.exe
  2⤵
  PID:5616
- C:\Windows\System\FwhCAzD.exe
  C:\Windows\System\FwhCAzD.exe
  2⤵
  PID:5632
- C:\Windows\System\tFteFFp.exe
  C:\Windows\System\tFteFFp.exe
  2⤵
  PID:5652
- C:\Windows\System\ORWobUZ.exe
  C:\Windows\System\ORWobUZ.exe
  2⤵
  PID:5676
- C:\Windows\System\fWdoPbV.exe
  C:\Windows\System\fWdoPbV.exe
  2⤵
  PID:5692
- C:\Windows\System\vgudexh.exe
  C:\Windows\System\vgudexh.exe
  2⤵
  PID:5712
- C:\Windows\System\xImMlxe.exe
  C:\Windows\System\xImMlxe.exe
  2⤵
  PID:5740
- C:\Windows\System\vCCkmuo.exe
  C:\Windows\System\vCCkmuo.exe
  2⤵
  PID:5764
- C:\Windows\System\PSpZNYZ.exe
  C:\Windows\System\PSpZNYZ.exe
  2⤵
  PID:5780
- C:\Windows\System\COPvwqZ.exe
  C:\Windows\System\COPvwqZ.exe
  2⤵
  PID:5796
- C:\Windows\System\TBKYIQN.exe
  C:\Windows\System\TBKYIQN.exe
  2⤵
  PID:5824
- C:\Windows\System\GgNkQWH.exe
  C:\Windows\System\GgNkQWH.exe
  2⤵
  PID:5840
- C:\Windows\System\fSwkRTa.exe
  C:\Windows\System\fSwkRTa.exe
  2⤵
  PID:5860
- C:\Windows\System\MuhXvqa.exe
  C:\Windows\System\MuhXvqa.exe
  2⤵
  PID:5876
- C:\Windows\System\KyPTuic.exe
  C:\Windows\System\KyPTuic.exe
  2⤵
  PID:5892
- C:\Windows\System\TIxJcEw.exe
  C:\Windows\System\TIxJcEw.exe
  2⤵
  PID:5908
- C:\Windows\System\KBMXYSM.exe
  C:\Windows\System\KBMXYSM.exe
  2⤵
  PID:5928
- C:\Windows\System\RhPwYvr.exe
  C:\Windows\System\RhPwYvr.exe
  2⤵
  PID:5944
- C:\Windows\System\ebQxvkz.exe
  C:\Windows\System\ebQxvkz.exe
  2⤵
  PID:5960
- C:\Windows\System\auKyBhM.exe
  C:\Windows\System\auKyBhM.exe
  2⤵
  PID:5980
- C:\Windows\System\RdbBZiR.exe
  C:\Windows\System\RdbBZiR.exe
  2⤵
  PID:6000
- C:\Windows\System\vVkBISS.exe
  C:\Windows\System\vVkBISS.exe
  2⤵
  PID:6016
- C:\Windows\System\sJzJutI.exe
  C:\Windows\System\sJzJutI.exe
  2⤵
  PID:6092
- C:\Windows\System\AZDEXil.exe
  C:\Windows\System\AZDEXil.exe
  2⤵
  PID:6108
- C:\Windows\System\ddazdnd.exe
  C:\Windows\System\ddazdnd.exe
  2⤵
  PID:6124
- C:\Windows\System\aURSQyP.exe
  C:\Windows\System\aURSQyP.exe
  2⤵
  PID:6140
- C:\Windows\System\lPvGekH.exe
  C:\Windows\System\lPvGekH.exe
  2⤵
  PID:4924
- C:\Windows\System\XCNddsW.exe
  C:\Windows\System\XCNddsW.exe
  2⤵
  PID:4988
- C:\Windows\System\TiVhaAZ.exe
  C:\Windows\System\TiVhaAZ.exe
  2⤵
  PID:5020
- C:\Windows\System\mPgXZms.exe
  C:\Windows\System\mPgXZms.exe
  2⤵
  PID:5112
- C:\Windows\System\EagTyYs.exe
  C:\Windows\System\EagTyYs.exe
  2⤵
  PID:1812
- C:\Windows\System\UWeMAxC.exe
  C:\Windows\System\UWeMAxC.exe
  2⤵
  PID:3276
- C:\Windows\System\MFLcVII.exe
  C:\Windows\System\MFLcVII.exe
  2⤵
  PID:5196
- C:\Windows\System\xJUUzPJ.exe
  C:\Windows\System\xJUUzPJ.exe
  2⤵
  PID:3912
- C:\Windows\System\LocHlkB.exe
  C:\Windows\System\LocHlkB.exe
  2⤵
  PID:5304
- C:\Windows\System\tHAADxR.exe
  C:\Windows\System\tHAADxR.exe
  2⤵
  PID:4440
- C:\Windows\System\SQzkAoV.exe
  C:\Windows\System\SQzkAoV.exe
  2⤵
  PID:4296
- C:\Windows\System\zsmybeV.exe
  C:\Windows\System\zsmybeV.exe
  2⤵
  PID:4676
- C:\Windows\System\UiVQDVC.exe
  C:\Windows\System\UiVQDVC.exe
  2⤵
  PID:4756
- C:\Windows\System\FxtURNg.exe
  C:\Windows\System\FxtURNg.exe
  2⤵
  PID:4520
- C:\Windows\System\dXuuSsP.exe
  C:\Windows\System\dXuuSsP.exe
  2⤵
  PID:3796
- C:\Windows\System\hiqhhuc.exe
  C:\Windows\System\hiqhhuc.exe
  2⤵
  PID:5348
- C:\Windows\System\RrRoyFl.exe
  C:\Windows\System\RrRoyFl.exe
  2⤵
  PID:4424
- C:\Windows\System\hYCACwo.exe
  C:\Windows\System\hYCACwo.exe
  2⤵
  PID:2668
- C:\Windows\System\DzOKdTB.exe
  C:\Windows\System\DzOKdTB.exe
  2⤵
  PID:4892
- C:\Windows\System\BSqHwjW.exe
  C:\Windows\System\BSqHwjW.exe
  2⤵
  PID:5068
- C:\Windows\System\fPKQXbO.exe
  C:\Windows\System\fPKQXbO.exe
  2⤵
  PID:3076
- C:\Windows\System\whfLgxS.exe
  C:\Windows\System\whfLgxS.exe
  2⤵
  PID:3836
- C:\Windows\System\ZHHgrhW.exe
  C:\Windows\System\ZHHgrhW.exe
  2⤵
  PID:4048
- C:\Windows\System\pAfhYow.exe
  C:\Windows\System\pAfhYow.exe
  2⤵
  PID:3460
- C:\Windows\System\HwtTmJN.exe
  C:\Windows\System\HwtTmJN.exe
  2⤵
  PID:4120
- C:\Windows\System\bMBkRKF.exe
  C:\Windows\System\bMBkRKF.exe
  2⤵
  PID:4608
- C:\Windows\System\eRXjuxK.exe
  C:\Windows\System\eRXjuxK.exe
  2⤵
  PID:2728
- C:\Windows\System\SuHbWxh.exe
  C:\Windows\System\SuHbWxh.exe
  2⤵
  PID:4824
- C:\Windows\System\HmFVWYK.exe
  C:\Windows\System\HmFVWYK.exe
  2⤵
  PID:3748
- C:\Windows\System\sAgHexW.exe
  C:\Windows\System\sAgHexW.exe
  2⤵
  PID:3732
- C:\Windows\System\IKBqAnw.exe
  C:\Windows\System\IKBqAnw.exe
  2⤵
  PID:3736
- C:\Windows\System\WiKnPsD.exe
  C:\Windows\System\WiKnPsD.exe
  2⤵
  PID:5132
- C:\Windows\System\fGNjsby.exe
  C:\Windows\System\fGNjsby.exe
  2⤵
  PID:5156
- C:\Windows\System\eQAlvjD.exe
  C:\Windows\System\eQAlvjD.exe
  2⤵
  PID:5184
- C:\Windows\System\pgtHHQW.exe
  C:\Windows\System\pgtHHQW.exe
  2⤵
  PID:5364
- C:\Windows\System\jRoRCyC.exe
  C:\Windows\System\jRoRCyC.exe
  2⤵
  PID:5256
- C:\Windows\System\UXoxoir.exe
  C:\Windows\System\UXoxoir.exe
  2⤵
  PID:5400
- C:\Windows\System\erNTnPd.exe
  C:\Windows\System\erNTnPd.exe
  2⤵
  PID:5372
- C:\Windows\System\GIPULRa.exe
  C:\Windows\System\GIPULRa.exe
  2⤵
  PID:5448
- C:\Windows\System\nGMJCha.exe
  C:\Windows\System\nGMJCha.exe
  2⤵
  PID:3816
- C:\Windows\System\Jmqizue.exe
  C:\Windows\System\Jmqizue.exe
  2⤵
  PID:5576
- C:\Windows\System\mdxNQrj.exe
  C:\Windows\System\mdxNQrj.exe
  2⤵
  PID:3844
- C:\Windows\System\LoaRpqJ.exe
  C:\Windows\System\LoaRpqJ.exe
  2⤵
  PID:5648
- C:\Windows\System\xBBMVJq.exe
  C:\Windows\System\xBBMVJq.exe
  2⤵
  PID:5624
- C:\Windows\System\WNcYUOp.exe
  C:\Windows\System\WNcYUOp.exe
  2⤵
  PID:5664
- C:\Windows\System\ZCiJdWw.exe
  C:\Windows\System\ZCiJdWw.exe
  2⤵
  PID:5560
- C:\Windows\System\xWQkTjZ.exe
  C:\Windows\System\xWQkTjZ.exe
  2⤵
  PID:5748
- C:\Windows\System\QJhZNxS.exe
  C:\Windows\System\QJhZNxS.exe
  2⤵
  PID:5592
- C:\Windows\System\RiCKoFi.exe
  C:\Windows\System\RiCKoFi.exe
  2⤵
  PID:5872
- C:\Windows\System\IVeFhvX.exe
  C:\Windows\System\IVeFhvX.exe
  2⤵
  PID:5968
- C:\Windows\System\cKdKiVl.exe
  C:\Windows\System\cKdKiVl.exe
  2⤵
  PID:6012
- C:\Windows\System\IGcOoBu.exe
  C:\Windows\System\IGcOoBu.exe
  2⤵
  PID:3824
- C:\Windows\System\uTYEAop.exe
  C:\Windows\System\uTYEAop.exe
  2⤵
  PID:5816
- C:\Windows\System\jkEriZS.exe
  C:\Windows\System\jkEriZS.exe
  2⤵
  PID:2868
- C:\Windows\System\WddfWBt.exe
  C:\Windows\System\WddfWBt.exe
  2⤵
  PID:5688
- C:\Windows\System\AxnkpYg.exe
  C:\Windows\System\AxnkpYg.exe
  2⤵
  PID:5724
- C:\Windows\System\ICrRdXW.exe
  C:\Windows\System\ICrRdXW.exe
  2⤵
  PID:5776
- C:\Windows\System\ssRXkiN.exe
  C:\Windows\System\ssRXkiN.exe
  2⤵
  PID:6060
- C:\Windows\System\jlvgMrS.exe
  C:\Windows\System\jlvgMrS.exe
  2⤵
  PID:5884
- C:\Windows\System\WzXdOky.exe
  C:\Windows\System\WzXdOky.exe
  2⤵
  PID:5924
- C:\Windows\System\cKwBejt.exe
  C:\Windows\System\cKwBejt.exe
  2⤵
  PID:3020
- C:\Windows\System\JgyGgqa.exe
  C:\Windows\System\JgyGgqa.exe
  2⤵
  PID:6064
- C:\Windows\System\BoqVjJV.exe
  C:\Windows\System\BoqVjJV.exe
  2⤵
  PID:6084
- C:\Windows\System\TgCFrLR.exe
  C:\Windows\System\TgCFrLR.exe
  2⤵
  PID:6120
- C:\Windows\System\IVErNvn.exe
  C:\Windows\System\IVErNvn.exe
  2⤵
  PID:928
- C:\Windows\System\emkcZPF.exe
  C:\Windows\System\emkcZPF.exe
  2⤵
  PID:5204
- C:\Windows\System\jCdlVNh.exe
  C:\Windows\System\jCdlVNh.exe
  2⤵
  PID:5268
- C:\Windows\System\uGLGwOi.exe
  C:\Windows\System\uGLGwOi.exe
  2⤵
  PID:4184
- C:\Windows\System\qHemxGt.exe
  C:\Windows\System\qHemxGt.exe
  2⤵
  PID:3196
- C:\Windows\System\MKhlVqT.exe
  C:\Windows\System\MKhlVqT.exe
  2⤵
  PID:3776
- C:\Windows\System\XJubUAq.exe
  C:\Windows\System\XJubUAq.exe
  2⤵
  PID:4420
- C:\Windows\System\vamExgY.exe
  C:\Windows\System\vamExgY.exe
  2⤵
  PID:4780
- C:\Windows\System\trDKyTG.exe
  C:\Windows\System\trDKyTG.exe
  2⤵
  PID:2764
- C:\Windows\System\ZYllCea.exe
  C:\Windows\System\ZYllCea.exe
  2⤵
  PID:2584
- C:\Windows\System\IwTedlE.exe
  C:\Windows\System\IwTedlE.exe
  2⤵
  PID:2596
- C:\Windows\System\xgFYGHk.exe
  C:\Windows\System\xgFYGHk.exe
  2⤵
  PID:1156
- C:\Windows\System\BpWKiCa.exe
  C:\Windows\System\BpWKiCa.exe
  2⤵
  PID:4592
- C:\Windows\System\rVdLWyd.exe
  C:\Windows\System\rVdLWyd.exe
  2⤵
  PID:4908
- C:\Windows\System\ZTGgepZ.exe
  C:\Windows\System\ZTGgepZ.exe
  2⤵
  PID:4428
- C:\Windows\System\DxljoPz.exe
  C:\Windows\System\DxljoPz.exe
  2⤵
  PID:5124
- C:\Windows\System\fwmUjrD.exe
  C:\Windows\System\fwmUjrD.exe
  2⤵
  PID:4372
- C:\Windows\System\qbXCifF.exe
  C:\Windows\System\qbXCifF.exe
  2⤵
  PID:4356
- C:\Windows\System\UwPWXpi.exe
  C:\Windows\System\UwPWXpi.exe
  2⤵
  PID:3752
- C:\Windows\System\DPbfkQJ.exe
  C:\Windows\System\DPbfkQJ.exe
  2⤵
  PID:5164
- C:\Windows\System\MoIHnzR.exe
  C:\Windows\System\MoIHnzR.exe
  2⤵
  PID:5288
- C:\Windows\System\drgxlNE.exe
  C:\Windows\System\drgxlNE.exe
  2⤵
  PID:5180
- C:\Windows\System\JeIEVxU.exe
  C:\Windows\System\JeIEVxU.exe
  2⤵
  PID:5432
- C:\Windows\System\LPWbMpP.exe
  C:\Windows\System\LPWbMpP.exe
  2⤵
  PID:5148
- C:\Windows\System\PFSHEPm.exe
  C:\Windows\System\PFSHEPm.exe
  2⤵
  PID:2852
- C:\Windows\System\jyipWVs.exe
  C:\Windows\System\jyipWVs.exe
  2⤵
  PID:5612
- C:\Windows\System\mDiyQpm.exe
  C:\Windows\System\mDiyQpm.exe
  2⤵
  PID:5788
- C:\Windows\System\ZEAZILL.exe
  C:\Windows\System\ZEAZILL.exe
  2⤵
  PID:2796
- C:\Windows\System\uuNnCev.exe
  C:\Windows\System\uuNnCev.exe
  2⤵
  PID:3828
- C:\Windows\System\ZvDYUWE.exe
  C:\Windows\System\ZvDYUWE.exe
  2⤵
  PID:5384
- C:\Windows\System\EhXTogW.exe
  C:\Windows\System\EhXTogW.exe
  2⤵
  PID:1040
- C:\Windows\System\sTUeMmt.exe
  C:\Windows\System\sTUeMmt.exe
  2⤵
  PID:1956
- C:\Windows\System\psraVLE.exe
  C:\Windows\System\psraVLE.exe
  2⤵
  PID:5512
- C:\Windows\System\HTCdbCX.exe
  C:\Windows\System\HTCdbCX.exe
  2⤵
  PID:2956
- C:\Windows\System\asaeTKw.exe
  C:\Windows\System\asaeTKw.exe
  2⤵
  PID:5848
- C:\Windows\System\UKtAIpQ.exe
  C:\Windows\System\UKtAIpQ.exe
  2⤵
  PID:5992
- C:\Windows\System\jEgABub.exe
  C:\Windows\System\jEgABub.exe
  2⤵
  PID:5080
- C:\Windows\System\DeHoGzp.exe
  C:\Windows\System\DeHoGzp.exe
  2⤵
  PID:5276
- C:\Windows\System\QfOYmtN.exe
  C:\Windows\System\QfOYmtN.exe
  2⤵
  PID:3788
- C:\Windows\System\oWquzjN.exe
  C:\Windows\System\oWquzjN.exe
  2⤵
  PID:5548
- C:\Windows\System\JGUxagP.exe
  C:\Windows\System\JGUxagP.exe
  2⤵
  PID:5660
- C:\Windows\System\LPDQtmW.exe
  C:\Windows\System\LPDQtmW.exe
  2⤵
  PID:6028
- C:\Windows\System\LiJAtGn.exe
  C:\Windows\System\LiJAtGn.exe
  2⤵
  PID:5836
- C:\Windows\System\bdwgRvW.exe
  C:\Windows\System\bdwgRvW.exe
  2⤵
  PID:2784
- C:\Windows\System\qvdHuvd.exe
  C:\Windows\System\qvdHuvd.exe
  2⤵
  PID:4956
- C:\Windows\System\bCuajgW.exe
  C:\Windows\System\bCuajgW.exe
  2⤵
  PID:5736
- C:\Windows\System\xKhClJd.exe
  C:\Windows\System\xKhClJd.exe
  2⤵
  PID:6044
- C:\Windows\System\npFeeDf.exe
  C:\Windows\System\npFeeDf.exe
  2⤵
  PID:4476
- C:\Windows\System\GHUTGzd.exe
  C:\Windows\System\GHUTGzd.exe
  2⤵
  PID:5236
- C:\Windows\System\wvHFCOE.exe
  C:\Windows\System\wvHFCOE.exe
  2⤵
  PID:4796
- C:\Windows\System\eHEIxEn.exe
  C:\Windows\System\eHEIxEn.exe
  2⤵
  PID:3768
- C:\Windows\System\sRfLvRZ.exe
  C:\Windows\System\sRfLvRZ.exe
  2⤵
  PID:5128
- C:\Windows\System\QCPHLen.exe
  C:\Windows\System\QCPHLen.exe
  2⤵
  PID:2660
- C:\Windows\System\mZEaGQH.exe
  C:\Windows\System\mZEaGQH.exe
  2⤵
  PID:4544
- C:\Windows\System\FWhoMsD.exe
  C:\Windows\System\FWhoMsD.exe
  2⤵
  PID:5752
- C:\Windows\System\OXtuqYj.exe
  C:\Windows\System\OXtuqYj.exe
  2⤵
  PID:4264
- C:\Windows\System\rAruWUD.exe
  C:\Windows\System\rAruWUD.exe
  2⤵
  PID:5064
- C:\Windows\System\ZbbYQzr.exe
  C:\Windows\System\ZbbYQzr.exe
  2⤵
  PID:3800
- C:\Windows\System\BMDHNql.exe
  C:\Windows\System\BMDHNql.exe
  2⤵
  PID:4968
- C:\Windows\System\pMglKDS.exe
  C:\Windows\System\pMglKDS.exe
  2⤵
  PID:4888
- C:\Windows\System\iJrPSBm.exe
  C:\Windows\System\iJrPSBm.exe
  2⤵
  PID:5292
- C:\Windows\System\arJBrPi.exe
  C:\Windows\System\arJBrPi.exe
  2⤵
  PID:5328
- C:\Windows\System\vslBuAJ.exe
  C:\Windows\System\vslBuAJ.exe
  2⤵
  PID:1296
- C:\Windows\System\yleuujd.exe
  C:\Windows\System\yleuujd.exe
  2⤵
  PID:408
- C:\Windows\System\ujjlvne.exe
  C:\Windows\System\ujjlvne.exe
  2⤵
  PID:5856
- C:\Windows\System\OHmZtly.exe
  C:\Windows\System\OHmZtly.exe
  2⤵
  PID:2032
- C:\Windows\System\ARruyYN.exe
  C:\Windows\System\ARruyYN.exe
  2⤵
  PID:6040
- C:\Windows\System\WtKpSHs.exe
  C:\Windows\System\WtKpSHs.exe
  2⤵
  PID:860
- C:\Windows\System\RFTvssw.exe
  C:\Windows\System\RFTvssw.exe
  2⤵
  PID:1980
- C:\Windows\System\nqZzDZP.exe
  C:\Windows\System\nqZzDZP.exe
  2⤵
  PID:5396
- C:\Windows\System\gqRxrwy.exe
  C:\Windows\System\gqRxrwy.exe
  2⤵
  PID:4092
- C:\Windows\System\PwISWys.exe
  C:\Windows\System\PwISWys.exe
  2⤵
  PID:5456
- C:\Windows\System\sdrnFMS.exe
  C:\Windows\System\sdrnFMS.exe
  2⤵
  PID:6132
- C:\Windows\System\QXEYVDA.exe
  C:\Windows\System\QXEYVDA.exe
  2⤵
  PID:4044
- C:\Windows\System\ickpxoO.exe
  C:\Windows\System\ickpxoO.exe
  2⤵
  PID:5496
- C:\Windows\System\fQRiURd.exe
  C:\Windows\System\fQRiURd.exe
  2⤵
  PID:1412
- C:\Windows\System\DKTmhrD.exe
  C:\Windows\System\DKTmhrD.exe
  2⤵
  PID:3784
- C:\Windows\System\lhqSoFA.exe
  C:\Windows\System\lhqSoFA.exe
  2⤵
  PID:4904
- C:\Windows\System\aoRhjFk.exe
  C:\Windows\System\aoRhjFk.exe
  2⤵
  PID:536
- C:\Windows\System\cSLfMLH.exe
  C:\Windows\System\cSLfMLH.exe
  2⤵
  PID:4940
- C:\Windows\System\QkgwWaA.exe
  C:\Windows\System\QkgwWaA.exe
  2⤵
  PID:5760
- C:\Windows\System\BJXYPLS.exe
  C:\Windows\System\BJXYPLS.exe
  2⤵
  PID:1528
- C:\Windows\System\GcmnUVl.exe
  C:\Windows\System\GcmnUVl.exe
  2⤵
  PID:4308
- C:\Windows\System\RINrmAk.exe
  C:\Windows\System\RINrmAk.exe
  2⤵
  PID:5368
- C:\Windows\System\ropesWu.exe
  C:\Windows\System\ropesWu.exe
  2⤵
  PID:5476
- C:\Windows\System\qFfMkqE.exe
  C:\Windows\System\qFfMkqE.exe
  2⤵
  PID:3772
- C:\Windows\System\TKHbTED.exe
  C:\Windows\System\TKHbTED.exe
  2⤵
  PID:5708
- C:\Windows\System\QgQfRZG.exe
  C:\Windows\System\QgQfRZG.exe
  2⤵
  PID:5352
- C:\Windows\System\gBtNnSk.exe
  C:\Windows\System\gBtNnSk.exe
  2⤵
  PID:6036
- C:\Windows\System\xrZVMkx.exe
  C:\Windows\System\xrZVMkx.exe
  2⤵
  PID:4696
- C:\Windows\System\eBxSgKO.exe
  C:\Windows\System\eBxSgKO.exe
  2⤵
  PID:5544
- C:\Windows\System\ANNYZHQ.exe
  C:\Windows\System\ANNYZHQ.exe
  2⤵
  PID:6156
- C:\Windows\System\oXEaukh.exe
  C:\Windows\System\oXEaukh.exe
  2⤵
  PID:6172
- C:\Windows\System\LGkisYi.exe
  C:\Windows\System\LGkisYi.exe
  2⤵
  PID:6192
- C:\Windows\System\LGDXVEF.exe
  C:\Windows\System\LGDXVEF.exe
  2⤵
  PID:6208
- C:\Windows\System\oJqPqsD.exe
  C:\Windows\System\oJqPqsD.exe
  2⤵
  PID:6224
- C:\Windows\System\INGKEEs.exe
  C:\Windows\System\INGKEEs.exe
  2⤵
  PID:6240
- C:\Windows\System\nKDkfYF.exe
  C:\Windows\System\nKDkfYF.exe
  2⤵
  PID:6260
- C:\Windows\System\GbwpNVh.exe
  C:\Windows\System\GbwpNVh.exe
  2⤵
  PID:6276
- C:\Windows\System\OffoFQB.exe
  C:\Windows\System\OffoFQB.exe
  2⤵
  PID:6296
- C:\Windows\System\wDDJlxc.exe
  C:\Windows\System\wDDJlxc.exe
  2⤵
  PID:6312
- C:\Windows\System\UYNLUZc.exe
  C:\Windows\System\UYNLUZc.exe
  2⤵
  PID:6328
- C:\Windows\System\wjMKxJJ.exe
  C:\Windows\System\wjMKxJJ.exe
  2⤵
  PID:6348
- C:\Windows\System\ADzNBwu.exe
  C:\Windows\System\ADzNBwu.exe
  2⤵
  PID:6368
- C:\Windows\System\uqPeIAT.exe
  C:\Windows\System\uqPeIAT.exe
  2⤵
  PID:6384
- C:\Windows\System\jHwzWBj.exe
  C:\Windows\System\jHwzWBj.exe
  2⤵
  PID:6400
- C:\Windows\System\vXYLkgl.exe
  C:\Windows\System\vXYLkgl.exe
  2⤵
  PID:6420
- C:\Windows\System\NlJJPCV.exe
  C:\Windows\System\NlJJPCV.exe
  2⤵
  PID:6436
- C:\Windows\System\QrJRJET.exe
  C:\Windows\System\QrJRJET.exe
  2⤵
  PID:6452
- C:\Windows\System\amUbGsM.exe
  C:\Windows\System\amUbGsM.exe
  2⤵
  PID:6472
- C:\Windows\System\nJxWsXG.exe
  C:\Windows\System\nJxWsXG.exe
  2⤵
  PID:6488
- C:\Windows\System\ZiZOIVx.exe
  C:\Windows\System\ZiZOIVx.exe
  2⤵
  PID:6504
- C:\Windows\System\EPemnkv.exe
  C:\Windows\System\EPemnkv.exe
  2⤵
  PID:6532
- C:\Windows\System\CsLHnGL.exe
  C:\Windows\System\CsLHnGL.exe
  2⤵
  PID:6548
- C:\Windows\System\gPngbhg.exe
  C:\Windows\System\gPngbhg.exe
  2⤵
  PID:6564
- C:\Windows\System\Tzzwdor.exe
  C:\Windows\System\Tzzwdor.exe
  2⤵
  PID:6580
- C:\Windows\System\NCGMmUy.exe
  C:\Windows\System\NCGMmUy.exe
  2⤵
  PID:6596
- C:\Windows\System\mAdJgwH.exe
  C:\Windows\System\mAdJgwH.exe
  2⤵
  PID:6616
- C:\Windows\System\mVMxSri.exe
  C:\Windows\System\mVMxSri.exe
  2⤵
  PID:6632
- C:\Windows\System\uyzECEv.exe
  C:\Windows\System\uyzECEv.exe
  2⤵
  PID:6648
- C:\Windows\System\NHwoASI.exe
  C:\Windows\System\NHwoASI.exe
  2⤵
  PID:6664
- C:\Windows\System\pUYHzDq.exe
  C:\Windows\System\pUYHzDq.exe
  2⤵
  PID:6680
- C:\Windows\System\rEBHUKo.exe
  C:\Windows\System\rEBHUKo.exe
  2⤵
  PID:6696
- C:\Windows\System\YpCOMTV.exe
  C:\Windows\System\YpCOMTV.exe
  2⤵
  PID:6712
- C:\Windows\System\bFmAqXp.exe
  C:\Windows\System\bFmAqXp.exe
  2⤵
  PID:6728
- C:\Windows\System\XpGpsCF.exe
  C:\Windows\System\XpGpsCF.exe
  2⤵
  PID:6744
- C:\Windows\System\ThssMlz.exe
  C:\Windows\System\ThssMlz.exe
  2⤵
  PID:6760
- C:\Windows\System\bkprSPC.exe
  C:\Windows\System\bkprSPC.exe
  2⤵
  PID:6776
- C:\Windows\System\ZEOHHVZ.exe
  C:\Windows\System\ZEOHHVZ.exe
  2⤵
  PID:6792
- C:\Windows\System\thmJBLY.exe
  C:\Windows\System\thmJBLY.exe
  2⤵
  PID:6808
- C:\Windows\System\lgdLxoc.exe
  C:\Windows\System\lgdLxoc.exe
  2⤵
  PID:6824
- C:\Windows\System\aAvtuBh.exe
  C:\Windows\System\aAvtuBh.exe
  2⤵
  PID:6844
- C:\Windows\System\rEDISVj.exe
  C:\Windows\System\rEDISVj.exe
  2⤵
  PID:6860
- C:\Windows\System\HqXSoWC.exe
  C:\Windows\System\HqXSoWC.exe
  2⤵
  PID:6876
- C:\Windows\System\IiLVKAn.exe
  C:\Windows\System\IiLVKAn.exe
  2⤵
  PID:6892
- C:\Windows\System\tIkXMrl.exe
  C:\Windows\System\tIkXMrl.exe
  2⤵
  PID:6912
- C:\Windows\System\qLZEBnK.exe
  C:\Windows\System\qLZEBnK.exe
  2⤵
  PID:6220
- C:\Windows\System\QnnWEoj.exe
  C:\Windows\System\QnnWEoj.exe
  2⤵
  PID:2108
- C:\Windows\System\knOMCxs.exe
  C:\Windows\System\knOMCxs.exe
  2⤵
  PID:6480
- C:\Windows\System\JEyFvRR.exe
  C:\Windows\System\JEyFvRR.exe
  2⤵
  PID:6432
- C:\Windows\System\MdeVIDh.exe
  C:\Windows\System\MdeVIDh.exe
  2⤵
  PID:6484
- C:\Windows\System\EwEitBQ.exe
  C:\Windows\System\EwEitBQ.exe
  2⤵
  PID:6572
- C:\Windows\System\FrbhLBE.exe
  C:\Windows\System\FrbhLBE.exe
  2⤵
  PID:6676
- C:\Windows\System\PFgunbY.exe
  C:\Windows\System\PFgunbY.exe
  2⤵
  PID:1352
- C:\Windows\System\yIbpQks.exe
  C:\Windows\System\yIbpQks.exe
  2⤵
  PID:6772
- C:\Windows\System\KMnDNym.exe
  C:\Windows\System\KMnDNym.exe
  2⤵
  PID:6832
- C:\Windows\System\gsudjDw.exe
  C:\Windows\System\gsudjDw.exe
  2⤵
  PID:6520
- C:\Windows\System\vYMlDtx.exe
  C:\Windows\System\vYMlDtx.exe
  2⤵
  PID:6592
- C:\Windows\System\VNtuxus.exe
  C:\Windows\System\VNtuxus.exe
  2⤵
  PID:6752
- C:\Windows\System\EHuolxM.exe
  C:\Windows\System\EHuolxM.exe
  2⤵
  PID:6628
- C:\Windows\System\rcythWi.exe
  C:\Windows\System\rcythWi.exe
  2⤵
  PID:1796
- C:\Windows\System\vOKdOlv.exe
  C:\Windows\System\vOKdOlv.exe
  2⤵
  PID:6852
- C:\Windows\System\sVFLgjs.exe
  C:\Windows\System\sVFLgjs.exe
  2⤵
  PID:2924
- C:\Windows\System\ZwAflqW.exe
  C:\Windows\System\ZwAflqW.exe
  2⤵
  PID:3024
- C:\Windows\System\eWljWpE.exe
  C:\Windows\System\eWljWpE.exe
  2⤵
  PID:6956
- C:\Windows\System\ItffUcw.exe
  C:\Windows\System\ItffUcw.exe
  2⤵
  PID:6976
- C:\Windows\System\feqtaVt.exe
  C:\Windows\System\feqtaVt.exe
  2⤵
  PID:7004
- C:\Windows\System\kxdAWUf.exe
  C:\Windows\System\kxdAWUf.exe
  2⤵
  PID:7020
- C:\Windows\System\IlrZtAq.exe
  C:\Windows\System\IlrZtAq.exe
  2⤵
  PID:7044
- C:\Windows\System\WRfKnWa.exe
  C:\Windows\System\WRfKnWa.exe
  2⤵
  PID:7056
- C:\Windows\System\jyDzRyo.exe
  C:\Windows\System\jyDzRyo.exe
  2⤵
  PID:7076
- C:\Windows\System\tkHdDeL.exe
  C:\Windows\System\tkHdDeL.exe
  2⤵
  PID:7096
- C:\Windows\System\rCzVFKS.exe
  C:\Windows\System\rCzVFKS.exe
  2⤵
  PID:7116
- C:\Windows\System\QEaRwGe.exe
  C:\Windows\System\QEaRwGe.exe
  2⤵
  PID:7136
- C:\Windows\System\TQZoGwW.exe
  C:\Windows\System\TQZoGwW.exe
  2⤵
  PID:7156
- C:\Windows\System\WNBacsL.exe
  C:\Windows\System\WNBacsL.exe
  2⤵
  PID:6072
- C:\Windows\System\vppMRAq.exe
  C:\Windows\System\vppMRAq.exe
  2⤵
  PID:5436
- C:\Windows\System\FSPcbhQ.exe
  C:\Windows\System\FSPcbhQ.exe
  2⤵
  PID:6924
- C:\Windows\System\SevDgNO.exe
  C:\Windows\System\SevDgNO.exe
  2⤵
  PID:6204
- C:\Windows\System\BIpIoLx.exe
  C:\Windows\System\BIpIoLx.exe
  2⤵
  PID:6152
- C:\Windows\System\rsFqRPS.exe
  C:\Windows\System\rsFqRPS.exe
  2⤵
  PID:1044
- C:\Windows\System\ARyygbH.exe
  C:\Windows\System\ARyygbH.exe
  2⤵
  PID:6180
- C:\Windows\System\gcIRAYN.exe
  C:\Windows\System\gcIRAYN.exe
  2⤵
  PID:6284
- C:\Windows\System\AZuWQJk.exe
  C:\Windows\System\AZuWQJk.exe
  2⤵
  PID:6292
- C:\Windows\System\IlNRCRx.exe
  C:\Windows\System\IlNRCRx.exe
  2⤵
  PID:6364
- C:\Windows\System\VWvMGXp.exe
  C:\Windows\System\VWvMGXp.exe
  2⤵
  PID:6340
- C:\Windows\System\GvuxFGp.exe
  C:\Windows\System\GvuxFGp.exe
  2⤵
  PID:1840
- C:\Windows\System\WZSYIJX.exe
  C:\Windows\System\WZSYIJX.exe
  2⤵
  PID:6608
- C:\Windows\System\aTnIvPU.exe
  C:\Windows\System\aTnIvPU.exe
  2⤵
  PID:6644
- C:\Windows\System\MeRmgPo.exe
  C:\Windows\System\MeRmgPo.exe
  2⤵
  PID:2412
- C:\Windows\System\DAAQpRf.exe
  C:\Windows\System\DAAQpRf.exe
  2⤵
  PID:6868
- C:\Windows\System\VsrhIFD.exe
  C:\Windows\System\VsrhIFD.exe
  2⤵
  PID:6688
- C:\Windows\System\ZpyIBBn.exe
  C:\Windows\System\ZpyIBBn.exe
  2⤵
  PID:6588
- C:\Windows\System\nYgnnsw.exe
  C:\Windows\System\nYgnnsw.exe
  2⤵
  PID:6904
- C:\Windows\System\YgmegOQ.exe
  C:\Windows\System\YgmegOQ.exe
  2⤵
  PID:6968
- C:\Windows\System\SrxhKPO.exe
  C:\Windows\System\SrxhKPO.exe
  2⤵
  PID:2264
- C:\Windows\System\FSkglIy.exe
  C:\Windows\System\FSkglIy.exe
  2⤵
  PID:7052
- C:\Windows\System\XytXwNT.exe
  C:\Windows\System\XytXwNT.exe
  2⤵
  PID:7124
- C:\Windows\System\ZXEAuQp.exe
  C:\Windows\System\ZXEAuQp.exe
  2⤵
  PID:5808
- C:\Windows\System\BgsKrbM.exe
  C:\Windows\System\BgsKrbM.exe
  2⤵
  PID:6148
- C:\Windows\System\lpROjrW.exe
  C:\Windows\System\lpROjrW.exe
  2⤵
  PID:6888
- C:\Windows\System\LRceCKg.exe
  C:\Windows\System\LRceCKg.exe
  2⤵
  PID:6288
- C:\Windows\System\AZriREe.exe
  C:\Windows\System\AZriREe.exe
  2⤵
  PID:6940
- C:\Windows\System\KFqQFJX.exe
  C:\Windows\System\KFqQFJX.exe
  2⤵
  PID:6996
- C:\Windows\System\mPxmTSi.exe
  C:\Windows\System\mPxmTSi.exe
  2⤵
  PID:7040
- C:\Windows\System\GOpSERd.exe
  C:\Windows\System\GOpSERd.exe
  2⤵
  PID:7108
- C:\Windows\System\HGLCBuo.exe
  C:\Windows\System\HGLCBuo.exe
  2⤵
  PID:5220
- C:\Windows\System\mZNdzAk.exe
  C:\Windows\System\mZNdzAk.exe
  2⤵
  PID:2020
- C:\Windows\System\ZKwUxjc.exe
  C:\Windows\System\ZKwUxjc.exe
  2⤵
  PID:6104
- C:\Windows\System\uqkPekb.exe
  C:\Windows\System\uqkPekb.exe
  2⤵
  PID:6268
- C:\Windows\System\FEQxxvo.exe
  C:\Windows\System\FEQxxvo.exe
  2⤵
  PID:6336
- C:\Windows\System\jlpesMo.exe
  C:\Windows\System\jlpesMo.exe
  2⤵
  PID:6356
- C:\Windows\System\buVEmTN.exe
  C:\Windows\System\buVEmTN.exe
  2⤵
  PID:6544
- C:\Windows\System\QvtltrJ.exe
  C:\Windows\System\QvtltrJ.exe
  2⤵
  PID:2932
- C:\Windows\System\fBxSnjg.exe
  C:\Windows\System\fBxSnjg.exe
  2⤵
  PID:7088
- C:\Windows\System\WPzeoLW.exe
  C:\Windows\System\WPzeoLW.exe
  2⤵
  PID:6952
- C:\Windows\System\bQUXosB.exe
  C:\Windows\System\bQUXosB.exe
  2⤵
  PID:6236
- C:\Windows\System\bJEcXqi.exe
  C:\Windows\System\bJEcXqi.exe
  2⤵
  PID:6308
- C:\Windows\System\MArGHyH.exe
  C:\Windows\System\MArGHyH.exe
  2⤵
  PID:6428
- C:\Windows\System\iQWOaNe.exe
  C:\Windows\System\iQWOaNe.exe
  2⤵
  PID:6640
- C:\Windows\System\abLHLKF.exe
  C:\Windows\System\abLHLKF.exe
  2⤵
  PID:6804
- C:\Windows\System\poQXBvy.exe
  C:\Windows\System\poQXBvy.exe
  2⤵
  PID:6964
- C:\Windows\System\oEpaGET.exe
  C:\Windows\System\oEpaGET.exe
  2⤵
  PID:7164
- C:\Windows\System\acvEkBD.exe
  C:\Windows\System\acvEkBD.exe
  2⤵
  PID:6884
- C:\Windows\System\pnTZYgz.exe
  C:\Windows\System\pnTZYgz.exe
  2⤵
  PID:7028
- C:\Windows\System\HiKafFg.exe
  C:\Windows\System\HiKafFg.exe
  2⤵
  PID:6184
- C:\Windows\System\lsOtYyz.exe
  C:\Windows\System\lsOtYyz.exe
  2⤵
  PID:2952
- C:\Windows\System\HQOsbIp.exe
  C:\Windows\System\HQOsbIp.exe
  2⤵
  PID:6248
- C:\Windows\System\HqjcemF.exe
  C:\Windows\System\HqjcemF.exe
  2⤵
  PID:6100
- C:\Windows\System\TmrjNfc.exe
  C:\Windows\System\TmrjNfc.exe
  2⤵
  PID:6512
- C:\Windows\System\NvgKuax.exe
  C:\Windows\System\NvgKuax.exe
  2⤵
  PID:6900
- C:\Windows\System\pCgfKSv.exe
  C:\Windows\System\pCgfKSv.exe
  2⤵
  PID:6464
- C:\Windows\System\bVOWiPD.exe
  C:\Windows\System\bVOWiPD.exe
  2⤵
  PID:1548
- C:\Windows\System\GGrpZvb.exe
  C:\Windows\System\GGrpZvb.exe
  2⤵
  PID:2504
- C:\Windows\System\lfUloyD.exe
  C:\Windows\System\lfUloyD.exe
  2⤵
  PID:7144
- C:\Windows\System\QbflYsq.exe
  C:\Windows\System\QbflYsq.exe
  2⤵
  PID:1576
- C:\Windows\System\YgkpXRF.exe
  C:\Windows\System\YgkpXRF.exe
  2⤵
  PID:7184
- C:\Windows\System\DsXWilZ.exe
  C:\Windows\System\DsXWilZ.exe
  2⤵
  PID:7200
- C:\Windows\System\oCKCLLB.exe
  C:\Windows\System\oCKCLLB.exe
  2⤵
  PID:7216
- C:\Windows\System\oWyJtNs.exe
  C:\Windows\System\oWyJtNs.exe
  2⤵
  PID:7232
- C:\Windows\System\YpaAgDd.exe
  C:\Windows\System\YpaAgDd.exe
  2⤵
  PID:7248
- C:\Windows\System\cCiQliz.exe
  C:\Windows\System\cCiQliz.exe
  2⤵
  PID:7264
- C:\Windows\System\fmwFaQs.exe
  C:\Windows\System\fmwFaQs.exe
  2⤵
  PID:7280
- C:\Windows\System\YnJIZJc.exe
  C:\Windows\System\YnJIZJc.exe
  2⤵
  PID:7320
- C:\Windows\System\nEfzbIz.exe
  C:\Windows\System\nEfzbIz.exe
  2⤵
  PID:7336
- C:\Windows\System\OchQPNI.exe
  C:\Windows\System\OchQPNI.exe
  2⤵
  PID:7352
- C:\Windows\System\qcmsIwN.exe
  C:\Windows\System\qcmsIwN.exe
  2⤵
  PID:7368
- C:\Windows\System\vYeoIEo.exe
  C:\Windows\System\vYeoIEo.exe
  2⤵
  PID:7384
- C:\Windows\System\iOfbheB.exe
  C:\Windows\System\iOfbheB.exe
  2⤵
  PID:7400
- C:\Windows\System\DexdnUm.exe
  C:\Windows\System\DexdnUm.exe
  2⤵
  PID:7416
- C:\Windows\System\MHiQOtq.exe
  C:\Windows\System\MHiQOtq.exe
  2⤵
  PID:7432
- C:\Windows\System\VZtYJDn.exe
  C:\Windows\System\VZtYJDn.exe
  2⤵
  PID:7448
- C:\Windows\System\oKBgIzz.exe
  C:\Windows\System\oKBgIzz.exe
  2⤵
  PID:7464
- C:\Windows\System\UccAyxo.exe
  C:\Windows\System\UccAyxo.exe
  2⤵
  PID:7480
- C:\Windows\System\UgobgpJ.exe
  C:\Windows\System\UgobgpJ.exe
  2⤵
  PID:7552
- C:\Windows\System\xPSaWBV.exe
  C:\Windows\System\xPSaWBV.exe
  2⤵
  PID:7572
- C:\Windows\System\qEbSPHg.exe
  C:\Windows\System\qEbSPHg.exe
  2⤵
  PID:7588
- C:\Windows\System\XWUKEgG.exe
  C:\Windows\System\XWUKEgG.exe
  2⤵
  PID:7604
- C:\Windows\System\rGeNTfO.exe
  C:\Windows\System\rGeNTfO.exe
  2⤵
  PID:7620
- C:\Windows\System\FLgJGvf.exe
  C:\Windows\System\FLgJGvf.exe
  2⤵
  PID:7636
- C:\Windows\System\ndsFkXT.exe
  C:\Windows\System\ndsFkXT.exe
  2⤵
  PID:7652
- C:\Windows\System\jillipE.exe
  C:\Windows\System\jillipE.exe
  2⤵
  PID:7668
- C:\Windows\System\mqljCFe.exe
  C:\Windows\System\mqljCFe.exe
  2⤵
  PID:7684
- C:\Windows\System\qdPXUFp.exe
  C:\Windows\System\qdPXUFp.exe
  2⤵
  PID:7700
- C:\Windows\System\tilyCkS.exe
  C:\Windows\System\tilyCkS.exe
  2⤵
  PID:7716
- C:\Windows\System\kPeLVBz.exe
  C:\Windows\System\kPeLVBz.exe
  2⤵
  PID:7732
- C:\Windows\System\rxNqxdX.exe
  C:\Windows\System\rxNqxdX.exe
  2⤵
  PID:7748
- C:\Windows\System\VjJWGnD.exe
  C:\Windows\System\VjJWGnD.exe
  2⤵
  PID:7764
- C:\Windows\System\TlWQOJf.exe
  C:\Windows\System\TlWQOJf.exe
  2⤵
  PID:7784
- C:\Windows\System\aswYsfQ.exe
  C:\Windows\System\aswYsfQ.exe
  2⤵
  PID:7800
- C:\Windows\System\OpWMUrm.exe
  C:\Windows\System\OpWMUrm.exe
  2⤵
  PID:7816
- C:\Windows\System\WcxdoIR.exe
  C:\Windows\System\WcxdoIR.exe
  2⤵
  PID:7832
- C:\Windows\System\FFoRJCz.exe
  C:\Windows\System\FFoRJCz.exe
  2⤵
  PID:7848
- C:\Windows\System\kNzZkof.exe
  C:\Windows\System\kNzZkof.exe
  2⤵
  PID:7864
- C:\Windows\System\MKvzmxG.exe
  C:\Windows\System\MKvzmxG.exe
  2⤵
  PID:7880
- C:\Windows\System\wpztPfF.exe
  C:\Windows\System\wpztPfF.exe
  2⤵
  PID:7896
- C:\Windows\System\dUaNUnw.exe
  C:\Windows\System\dUaNUnw.exe
  2⤵
  PID:7912
- C:\Windows\System\yqAlhiI.exe
  C:\Windows\System\yqAlhiI.exe
  2⤵
  PID:7928
- C:\Windows\System\dvLyGnh.exe
  C:\Windows\System\dvLyGnh.exe
  2⤵
  PID:7944
- C:\Windows\System\FiAoRrT.exe
  C:\Windows\System\FiAoRrT.exe
  2⤵
  PID:7960
- C:\Windows\System\HvkItjX.exe
  C:\Windows\System\HvkItjX.exe
  2⤵
  PID:7976
- C:\Windows\System\ySrArpN.exe
  C:\Windows\System\ySrArpN.exe
  2⤵
  PID:7992
- C:\Windows\System\GQgcVTt.exe
  C:\Windows\System\GQgcVTt.exe
  2⤵
  PID:8008
- C:\Windows\System\rLPjLLD.exe
  C:\Windows\System\rLPjLLD.exe
  2⤵
  PID:8024
- C:\Windows\System\EOxOGTm.exe
  C:\Windows\System\EOxOGTm.exe
  2⤵
  PID:8040
- C:\Windows\System\rIZdOsK.exe
  C:\Windows\System\rIZdOsK.exe
  2⤵
  PID:8056
- C:\Windows\System\qArYPHv.exe
  C:\Windows\System\qArYPHv.exe
  2⤵
  PID:8076
- C:\Windows\System\ohJJCsN.exe
  C:\Windows\System\ohJJCsN.exe
  2⤵
  PID:8092
- C:\Windows\System\pEskauK.exe
  C:\Windows\System\pEskauK.exe
  2⤵
  PID:8108
- C:\Windows\System\yoCyoIj.exe
  C:\Windows\System\yoCyoIj.exe
  2⤵
  PID:8124
- C:\Windows\System\qAwFqee.exe
  C:\Windows\System\qAwFqee.exe
  2⤵
  PID:8140
- C:\Windows\System\glHYYOE.exe
  C:\Windows\System\glHYYOE.exe
  2⤵
  PID:8156
- C:\Windows\System\zfxhQYe.exe
  C:\Windows\System\zfxhQYe.exe
  2⤵
  PID:8172
- C:\Windows\System\aGUblkK.exe
  C:\Windows\System\aGUblkK.exe
  2⤵
  PID:8188
- C:\Windows\System\MRUOWLD.exe
  C:\Windows\System\MRUOWLD.exe
  2⤵
  PID:7192
- C:\Windows\System\fUviplO.exe
  C:\Windows\System\fUviplO.exe
  2⤵
  PID:6604
- C:\Windows\System\FPgWTqa.exe
  C:\Windows\System\FPgWTqa.exe
  2⤵
  PID:6820
- C:\Windows\System\thzubkU.exe
  C:\Windows\System\thzubkU.exe
  2⤵
  PID:6304
- C:\Windows\System\JrmTdUJ.exe
  C:\Windows\System\JrmTdUJ.exe
  2⤵
  PID:6416
- C:\Windows\System\yHSEURb.exe
  C:\Windows\System\yHSEURb.exe
  2⤵
  PID:6908
- C:\Windows\System\iSpObtI.exe
  C:\Windows\System\iSpObtI.exe
  2⤵
  PID:7104
- C:\Windows\System\dXUQpRw.exe
  C:\Windows\System\dXUQpRw.exe
  2⤵
  PID:7212
- C:\Windows\System\DGGDEJO.exe
  C:\Windows\System\DGGDEJO.exe
  2⤵
  PID:7276
- C:\Windows\System\yLQVxMd.exe
  C:\Windows\System\yLQVxMd.exe
  2⤵
  PID:7300
- C:\Windows\System\emlqwqk.exe
  C:\Windows\System\emlqwqk.exe
  2⤵
  PID:7316
- C:\Windows\System\yAlcPmX.exe
  C:\Windows\System\yAlcPmX.exe
  2⤵
  PID:7380
- C:\Windows\System\UpOzvtN.exe
  C:\Windows\System\UpOzvtN.exe
  2⤵
  PID:7440
- C:\Windows\System\SozGLCs.exe
  C:\Windows\System\SozGLCs.exe
  2⤵
  PID:7360
- C:\Windows\System\IdWDYnS.exe
  C:\Windows\System\IdWDYnS.exe
  2⤵
  PID:7424
- C:\Windows\System\dTRzDlY.exe
  C:\Windows\System\dTRzDlY.exe
  2⤵
  PID:6840
- C:\Windows\System\yETFDoW.exe
  C:\Windows\System\yETFDoW.exe
  2⤵
  PID:7496
- C:\Windows\System\FiLMexL.exe
  C:\Windows\System\FiLMexL.exe
  2⤵
  PID:7512
- C:\Windows\System\jxhHUnJ.exe
  C:\Windows\System\jxhHUnJ.exe
  2⤵
  PID:7528
- C:\Windows\System\XhiZdpg.exe
  C:\Windows\System\XhiZdpg.exe
  2⤵
  PID:7548
- C:\Windows\System\KiAhNjm.exe
  C:\Windows\System\KiAhNjm.exe
  2⤵
  PID:7568
- C:\Windows\System\FeyGnBZ.exe
  C:\Windows\System\FeyGnBZ.exe
  2⤵
  PID:7632
- C:\Windows\System\KZoRoZq.exe
  C:\Windows\System\KZoRoZq.exe
  2⤵
  PID:7696
- C:\Windows\System\EBcvyUQ.exe
  C:\Windows\System\EBcvyUQ.exe
  2⤵
  PID:7760
- C:\Windows\System\zVNlrlr.exe
  C:\Windows\System\zVNlrlr.exe
  2⤵
  PID:7856
- C:\Windows\System\hKXPXKv.exe
  C:\Windows\System\hKXPXKv.exe
  2⤵
  PID:7892
- C:\Windows\System\RvrGCNP.exe
  C:\Windows\System\RvrGCNP.exe
  2⤵
  PID:7580
- C:\Windows\System\pjfnZXe.exe
  C:\Windows\System\pjfnZXe.exe
  2⤵
  PID:7740
- C:\Windows\System\JPfBMLU.exe
  C:\Windows\System\JPfBMLU.exe
  2⤵
  PID:7680
- C:\Windows\System\zNqUund.exe
  C:\Windows\System\zNqUund.exe
  2⤵
  PID:7776
- C:\Windows\System\mrlPixb.exe
  C:\Windows\System\mrlPixb.exe
  2⤵
  PID:7844
- C:\Windows\System\mBaImfk.exe
  C:\Windows\System\mBaImfk.exe
  2⤵
  PID:7920
- C:\Windows\System\hYFACxw.exe
  C:\Windows\System\hYFACxw.exe
  2⤵
  PID:8036
- C:\Windows\System\wLUwUJe.exe
  C:\Windows\System\wLUwUJe.exe
  2⤵
  PID:8000
- C:\Windows\System\DtpJJZX.exe
  C:\Windows\System\DtpJJZX.exe
  2⤵
  PID:7984
- C:\Windows\System\gLKkNgn.exe
  C:\Windows\System\gLKkNgn.exe
  2⤵
  PID:8020
- C:\Windows\System\eFALLIm.exe
  C:\Windows\System\eFALLIm.exe
  2⤵
  PID:8088
- C:\Windows\System\KrYyCok.exe
  C:\Windows\System\KrYyCok.exe
  2⤵
  PID:8152
- C:\Windows\System\IzgknqH.exe
  C:\Windows\System\IzgknqH.exe
  2⤵
  PID:7228
- C:\Windows\System\HBkCbDS.exe
  C:\Windows\System\HBkCbDS.exe
  2⤵
  PID:8072
- C:\Windows\System\mBLorLJ.exe
  C:\Windows\System\mBLorLJ.exe
  2⤵
  PID:8136
- C:\Windows\System\OjpejhB.exe
  C:\Windows\System\OjpejhB.exe
  2⤵
  PID:6736
- C:\Windows\System\vlvNNob.exe
  C:\Windows\System\vlvNNob.exe
  2⤵
  PID:2900
- C:\Windows\System\RiYGuUz.exe
  C:\Windows\System\RiYGuUz.exe
  2⤵
  PID:7176
- C:\Windows\System\TnICNhT.exe
  C:\Windows\System\TnICNhT.exe
  2⤵
  PID:7180
- C:\Windows\System\vvDuDDQ.exe
  C:\Windows\System\vvDuDDQ.exe
  2⤵
  PID:7332
- C:\Windows\System\jOvOohz.exe
  C:\Windows\System\jOvOohz.exe
  2⤵
  PID:7500
- C:\Windows\System\lhJmzTS.exe
  C:\Windows\System\lhJmzTS.exe
  2⤵
  PID:7600
- C:\Windows\System\IrERqqK.exe
  C:\Windows\System\IrERqqK.exe
  2⤵
  PID:7888
- C:\Windows\System\AoVFgNk.exe
  C:\Windows\System\AoVFgNk.exe
  2⤵
  PID:7712
- C:\Windows\System\gTnXiSj.exe
  C:\Windows\System\gTnXiSj.exe
  2⤵
  PID:7564
- C:\Windows\System\faSPnwC.exe
  C:\Windows\System\faSPnwC.exe
  2⤵
  PID:6936
- C:\Windows\System\QLyihVX.exe
  C:\Windows\System\QLyihVX.exe
  2⤵
  PID:7412
- C:\Windows\System\DiAWNJG.exe
  C:\Windows\System\DiAWNJG.exe
  2⤵
  PID:2864
- C:\Windows\System\mhJOLdO.exe
  C:\Windows\System\mhJOLdO.exe
  2⤵
  PID:7940
- C:\Windows\System\izMsxZd.exe
  C:\Windows\System\izMsxZd.exe
  2⤵
  PID:7520
- C:\Windows\System\aqNVcdB.exe
  C:\Windows\System\aqNVcdB.exe
  2⤵
  PID:7828
- C:\Windows\System\mFojhjC.exe
  C:\Windows\System\mFojhjC.exe
  2⤵
  PID:7812
- C:\Windows\System\zqUeZLp.exe
  C:\Windows\System\zqUeZLp.exe
  2⤵
  PID:7988
- C:\Windows\System\IrYJFTz.exe
  C:\Windows\System\IrYJFTz.exe
  2⤵
  PID:6928
- C:\Windows\System\aCHZOsD.exe
  C:\Windows\System\aCHZOsD.exe
  2⤵
  PID:5240
- C:\Windows\System\eMjamHJ.exe
  C:\Windows\System\eMjamHJ.exe
  2⤵
  PID:6344
- C:\Windows\System\gqJYNAJ.exe
  C:\Windows\System\gqJYNAJ.exe
  2⤵
  PID:7616
- C:\Windows\System\yJZoCaA.exe
  C:\Windows\System\yJZoCaA.exe
  2⤵
  PID:7952
- C:\Windows\System\GVYUiLF.exe
  C:\Windows\System\GVYUiLF.exe
  2⤵
  PID:7956
- C:\Windows\System\FVMmxOU.exe
  C:\Windows\System\FVMmxOU.exe
  2⤵
  PID:7224
- C:\Windows\System\cKZoERF.exe
  C:\Windows\System\cKZoERF.exe
  2⤵
  PID:7296
- C:\Windows\System\VuRplFr.exe
  C:\Windows\System\VuRplFr.exe
  2⤵
  PID:7904
- C:\Windows\System\UveNQEm.exe
  C:\Windows\System\UveNQEm.exe
  2⤵
  PID:7476
- C:\Windows\System\bKLGxWJ.exe
  C:\Windows\System\bKLGxWJ.exe
  2⤵
  PID:7648
- C:\Windows\System\zYwEiXa.exe
  C:\Windows\System\zYwEiXa.exe
  2⤵
  PID:7376
- C:\Windows\System\ryHWWDa.exe
  C:\Windows\System\ryHWWDa.exe
  2⤵
  PID:8084
- C:\Windows\System\tTOrFzP.exe
  C:\Windows\System\tTOrFzP.exe
  2⤵
  PID:7492
- C:\Windows\System\IsAyMAF.exe
  C:\Windows\System\IsAyMAF.exe
  2⤵
  PID:7260
- C:\Windows\System\zJMsogF.exe
  C:\Windows\System\zJMsogF.exe
  2⤵
  PID:7692
- C:\Windows\System\dIOiVWo.exe
  C:\Windows\System\dIOiVWo.exe
  2⤵
  PID:7612
- C:\Windows\System\drSSNPa.exe
  C:\Windows\System\drSSNPa.exe
  2⤵
  PID:2792
- C:\Windows\System\eKhrVoJ.exe
  C:\Windows\System\eKhrVoJ.exe
  2⤵
  PID:7968
- C:\Windows\System\URCdjgk.exe
  C:\Windows\System\URCdjgk.exe
  2⤵
  PID:7068
- C:\Windows\System\HRiymjc.exe
  C:\Windows\System\HRiymjc.exe
  2⤵
  PID:7792
- C:\Windows\System\RXAlCnY.exe
  C:\Windows\System\RXAlCnY.exe
  2⤵
  PID:8004
- C:\Windows\System\IQpISPp.exe
  C:\Windows\System\IQpISPp.exe
  2⤵
  PID:7536
- C:\Windows\System\KeSarAv.exe
  C:\Windows\System\KeSarAv.exe
  2⤵
  PID:8104
- C:\Windows\System\lZSnnBr.exe
  C:\Windows\System\lZSnnBr.exe
  2⤵
  PID:8168
- C:\Windows\System\kdrpOdB.exe
  C:\Windows\System\kdrpOdB.exe
  2⤵
  PID:8200
- C:\Windows\System\IJjXoXA.exe
  C:\Windows\System\IJjXoXA.exe
  2⤵
  PID:8216
- C:\Windows\System\wfUrWcA.exe
  C:\Windows\System\wfUrWcA.exe
  2⤵
  PID:8232
- C:\Windows\System\pKZaUYe.exe
  C:\Windows\System\pKZaUYe.exe
  2⤵
  PID:8248
- C:\Windows\System\gcwxSpb.exe
  C:\Windows\System\gcwxSpb.exe
  2⤵
  PID:8264
- C:\Windows\System\REwVOUf.exe
  C:\Windows\System\REwVOUf.exe
  2⤵
  PID:8280
- C:\Windows\System\XpTVcej.exe
  C:\Windows\System\XpTVcej.exe
  2⤵
  PID:8300
- C:\Windows\System\pdFTXBu.exe
  C:\Windows\System\pdFTXBu.exe
  2⤵
  PID:8316
- C:\Windows\System\gjwdXXG.exe
  C:\Windows\System\gjwdXXG.exe
  2⤵
  PID:8332
- C:\Windows\System\WVwNRGV.exe
  C:\Windows\System\WVwNRGV.exe
  2⤵
  PID:8348
- C:\Windows\System\kZIGavO.exe
  C:\Windows\System\kZIGavO.exe
  2⤵
  PID:8364
- C:\Windows\System\qNhnBGb.exe
  C:\Windows\System\qNhnBGb.exe
  2⤵
  PID:8380
- C:\Windows\System\tuZPDpL.exe
  C:\Windows\System\tuZPDpL.exe
  2⤵
  PID:8396
- C:\Windows\System\ygtbGDa.exe
  C:\Windows\System\ygtbGDa.exe
  2⤵
  PID:8412
- C:\Windows\System\rRIHMNJ.exe
  C:\Windows\System\rRIHMNJ.exe
  2⤵
  PID:8428
- C:\Windows\System\tZOChfN.exe
  C:\Windows\System\tZOChfN.exe
  2⤵
  PID:8444
- C:\Windows\System\pZcIYMB.exe
  C:\Windows\System\pZcIYMB.exe
  2⤵
  PID:8460
- C:\Windows\System\NYtMfJS.exe
  C:\Windows\System\NYtMfJS.exe
  2⤵
  PID:8476
- C:\Windows\System\CsfgjND.exe
  C:\Windows\System\CsfgjND.exe
  2⤵
  PID:8492
- C:\Windows\System\PipsXoP.exe
  C:\Windows\System\PipsXoP.exe
  2⤵
  PID:8508
- C:\Windows\System\MnEvfDB.exe
  C:\Windows\System\MnEvfDB.exe
  2⤵
  PID:8528
- C:\Windows\System\GJzXgkV.exe
  C:\Windows\System\GJzXgkV.exe
  2⤵
  PID:9012
- C:\Windows\System\rDVXkyM.exe
  C:\Windows\System\rDVXkyM.exe
  2⤵
  PID:9124
- C:\Windows\System\DdpRRgh.exe
  C:\Windows\System\DdpRRgh.exe
  2⤵
  PID:9140
- C:\Windows\System\mTSpqyS.exe
  C:\Windows\System\mTSpqyS.exe
  2⤵
  PID:9156
- C:\Windows\System\IWSTfiL.exe
  C:\Windows\System\IWSTfiL.exe
  2⤵
  PID:8240
- C:\Windows\System\WsSwKkx.exe
  C:\Windows\System\WsSwKkx.exe
  2⤵
  PID:8260
- C:\Windows\System\IvyzDSH.exe
  C:\Windows\System\IvyzDSH.exe
  2⤵
  PID:7780
- C:\Windows\System\RAQWJtI.exe
  C:\Windows\System\RAQWJtI.exe
  2⤵
  PID:8328
- C:\Windows\System\WaUIRET.exe
  C:\Windows\System\WaUIRET.exe
  2⤵
  PID:8388
- C:\Windows\System\YwyOPgv.exe
  C:\Windows\System\YwyOPgv.exe
  2⤵
  PID:8372
- C:\Windows\System\vboNTOr.exe
  C:\Windows\System\vboNTOr.exe
  2⤵
  PID:8420
- C:\Windows\System\aVquXAL.exe
  C:\Windows\System\aVquXAL.exe
  2⤵
  PID:8468
- C:\Windows\System\gUxpOvl.exe
  C:\Windows\System\gUxpOvl.exe
  2⤵
  PID:8452
- C:\Windows\System\NztmCSp.exe
  C:\Windows\System\NztmCSp.exe
  2⤵
  PID:8516
- C:\Windows\System\cKPkeVP.exe
  C:\Windows\System\cKPkeVP.exe
  2⤵
  PID:8540
- C:\Windows\System\wCJkRLX.exe
  C:\Windows\System\wCJkRLX.exe
  2⤵
  PID:8552
- C:\Windows\System\YuoRvNi.exe
  C:\Windows\System\YuoRvNi.exe
  2⤵
  PID:8572
- C:\Windows\System\cenWsAd.exe
  C:\Windows\System\cenWsAd.exe
  2⤵
  PID:8588
- C:\Windows\System\DUyuiGU.exe
  C:\Windows\System\DUyuiGU.exe
  2⤵
  PID:8604
- C:\Windows\System\QNrFMoo.exe
  C:\Windows\System\QNrFMoo.exe
  2⤵
  PID:8620
- C:\Windows\System\nMmvIMH.exe
  C:\Windows\System\nMmvIMH.exe
  2⤵
  PID:8692
- C:\Windows\System\ceGLUao.exe
  C:\Windows\System\ceGLUao.exe
  2⤵
  PID:8636
- C:\Windows\System\CMkyiWp.exe
  C:\Windows\System\CMkyiWp.exe
  2⤵
  PID:8664
- C:\Windows\System\ejHxrbV.exe
  C:\Windows\System\ejHxrbV.exe
  2⤵
  PID:8680
- C:\Windows\System\nqKykIO.exe
  C:\Windows\System\nqKykIO.exe
  2⤵
  PID:8696
- C:\Windows\System\VolpZDG.exe
  C:\Windows\System\VolpZDG.exe
  2⤵
  PID:8716
- C:\Windows\System\swGLTtf.exe
  C:\Windows\System\swGLTtf.exe
  2⤵
  PID:8732
- C:\Windows\System\nPbReVL.exe
  C:\Windows\System\nPbReVL.exe
  2⤵
  PID:8760
- C:\Windows\System\ptAhtHc.exe
  C:\Windows\System\ptAhtHc.exe
  2⤵
  PID:8764
- C:\Windows\System\slnKbjH.exe
  C:\Windows\System\slnKbjH.exe
  2⤵
  PID:8780
- C:\Windows\System\mJXJmHr.exe
  C:\Windows\System\mJXJmHr.exe
  2⤵
  PID:8796
- C:\Windows\System\oOMJjNW.exe
  C:\Windows\System\oOMJjNW.exe
  2⤵
  PID:8812
- C:\Windows\System\mgUfgCE.exe
  C:\Windows\System\mgUfgCE.exe
  2⤵
  PID:8828
- C:\Windows\System\OCuwHqq.exe
  C:\Windows\System\OCuwHqq.exe
  2⤵
  PID:8844
- C:\Windows\System\ntHXcRe.exe
  C:\Windows\System\ntHXcRe.exe
  2⤵
  PID:8852
- C:\Windows\System\OCuGZbV.exe
  C:\Windows\System\OCuGZbV.exe
  2⤵
  PID:8876
- C:\Windows\System\ZiuKSof.exe
  C:\Windows\System\ZiuKSof.exe
  2⤵
  PID:8892
- C:\Windows\System\dQbDwWm.exe
  C:\Windows\System\dQbDwWm.exe
  2⤵
  PID:8908
- C:\Windows\System\OHBmzWG.exe
  C:\Windows\System\OHBmzWG.exe
  2⤵
  PID:8924
- C:\Windows\System\hrvcmGH.exe
  C:\Windows\System\hrvcmGH.exe
  2⤵
  PID:8940
- C:\Windows\System\TKZFUHG.exe
  C:\Windows\System\TKZFUHG.exe
  2⤵
  PID:8956
- C:\Windows\System\bVinKcq.exe
  C:\Windows\System\bVinKcq.exe
  2⤵
  PID:8972
- C:\Windows\System\ZXeYlZP.exe
  C:\Windows\System\ZXeYlZP.exe
  2⤵
  PID:8988
- C:\Windows\System\LzDDlKH.exe
  C:\Windows\System\LzDDlKH.exe
  2⤵
  PID:9000
- C:\Windows\System\UxKLCRo.exe
  C:\Windows\System\UxKLCRo.exe
  2⤵
  PID:9028
- C:\Windows\System\jpleTpk.exe
  C:\Windows\System\jpleTpk.exe
  2⤵
  PID:9044
- C:\Windows\System\pDvqcPs.exe
  C:\Windows\System\pDvqcPs.exe
  2⤵
  PID:9064
- C:\Windows\System\fYWcpJM.exe
  C:\Windows\System\fYWcpJM.exe
  2⤵
  PID:9080
- C:\Windows\System\ReHImFn.exe
  C:\Windows\System\ReHImFn.exe
  2⤵
  PID:9096
- C:\Windows\System\SLGSHnc.exe
  C:\Windows\System\SLGSHnc.exe
  2⤵
  PID:9132
- C:\Windows\System\MdjNAYg.exe
  C:\Windows\System\MdjNAYg.exe
  2⤵
  PID:9120
- C:\Windows\System\kvXKcie.exe
  C:\Windows\System\kvXKcie.exe
  2⤵
  PID:9172
- C:\Windows\System\oyNKRQV.exe
  C:\Windows\System\oyNKRQV.exe
  2⤵
  PID:9192
- C:\Windows\System\DSHdzEg.exe
  C:\Windows\System\DSHdzEg.exe
  2⤵
  PID:9196
- C:\Windows\System\qYgfdaR.exe
  C:\Windows\System\qYgfdaR.exe
  2⤵
  PID:8208
- C:\Windows\System\cHPibtw.exe
  C:\Windows\System\cHPibtw.exe
  2⤵
  PID:8228
- C:\Windows\System\AcMKxet.exe
  C:\Windows\System\AcMKxet.exe
  2⤵
  PID:8312
- C:\Windows\System\KbBvztc.exe
  C:\Windows\System\KbBvztc.exe
  2⤵
  PID:8856
- C:\Windows\System\dUlMFRz.exe
  C:\Windows\System\dUlMFRz.exe
  2⤵
  PID:8776
- C:\Windows\System\ZhClmeb.exe
  C:\Windows\System\ZhClmeb.exe
  2⤵
  PID:8808
- C:\Windows\System\WqlZgtO.exe
  C:\Windows\System\WqlZgtO.exe
  2⤵
  PID:8840
- C:\Windows\System\fNwYlll.exe
  C:\Windows\System\fNwYlll.exe
  2⤵
  PID:8904
- C:\Windows\System\wDUgmiE.exe
  C:\Windows\System\wDUgmiE.exe
  2⤵
  PID:9092
- C:\Windows\System\JjEwuye.exe
  C:\Windows\System\JjEwuye.exe
  2⤵
  PID:9168
- C:\Windows\System\PLaYPlL.exe
  C:\Windows\System\PLaYPlL.exe
  2⤵
  PID:9104
- C:\Windows\System\taLpsIb.exe
  C:\Windows\System\taLpsIb.exe
  2⤵
  PID:8272
- C:\Windows\System\UhqnnXk.exe
  C:\Windows\System\UhqnnXk.exe
  2⤵
  PID:8288
- C:\Windows\System\JLaNORh.exe
  C:\Windows\System\JLaNORh.exe
  2⤵
  PID:8484
- C:\Windows\System\MKhhDYI.exe
  C:\Windows\System\MKhhDYI.exe
  2⤵
  PID:8524
- C:\Windows\System\VpFmCJS.exe
  C:\Windows\System\VpFmCJS.exe
  2⤵
  PID:8600
- C:\Windows\System\fRpZdGr.exe
  C:\Windows\System\fRpZdGr.exe
  2⤵
  PID:8360
- C:\Windows\System\tHPqRME.exe
  C:\Windows\System\tHPqRME.exe
  2⤵
  PID:8700
- C:\Windows\System\BMEnEoi.exe
  C:\Windows\System\BMEnEoi.exe
  2⤵
  PID:8752
- C:\Windows\System\yETqcSV.exe
  C:\Windows\System\yETqcSV.exe
  2⤵
  PID:8648
- C:\Windows\System\gZgdPQK.exe
  C:\Windows\System\gZgdPQK.exe
  2⤵
  PID:8824
- C:\Windows\System\xAudnSn.exe
  C:\Windows\System\xAudnSn.exe
  2⤵
  PID:8916
- C:\Windows\System\UTkaAQS.exe
  C:\Windows\System\UTkaAQS.exe
  2⤵
  PID:8632
- C:\Windows\System\DlvbUTA.exe
  C:\Windows\System\DlvbUTA.exe
  2⤵
  PID:8744
- C:\Windows\System\btEVxyw.exe
  C:\Windows\System\btEVxyw.exe
  2⤵
  PID:9024
- C:\Windows\System\oTVuOMX.exe
  C:\Windows\System\oTVuOMX.exe
  2⤵
  PID:8996
- C:\Windows\System\qNxUHIZ.exe
  C:\Windows\System\qNxUHIZ.exe
  2⤵
  PID:9036
- C:\Windows\System\KculLpj.exe
  C:\Windows\System\KculLpj.exe
  2⤵
  PID:9004
- C:\Windows\System\UbLJcUW.exe
  C:\Windows\System\UbLJcUW.exe
  2⤵
  PID:8408
- C:\Windows\System\NnxuslA.exe
  C:\Windows\System\NnxuslA.exe
  2⤵
  PID:8720
- C:\Windows\System\SeoaWIS.exe
  C:\Windows\System\SeoaWIS.exe
  2⤵
  PID:8676
- C:\Windows\System\thIKMhq.exe
  C:\Windows\System\thIKMhq.exe
  2⤵
  PID:8948
- C:\Windows\System\uXkMfrU.exe
  C:\Windows\System\uXkMfrU.exe
  2⤵
  PID:8980
- C:\Windows\System\kOdBQXm.exe
  C:\Windows\System\kOdBQXm.exe
  2⤵
  PID:8792
- C:\Windows\System\NrNkFoG.exe
  C:\Windows\System\NrNkFoG.exe
  2⤵
  PID:8556
- C:\Windows\System\BakYOpg.exe
  C:\Windows\System\BakYOpg.exe
  2⤵
  PID:9020
- C:\Windows\System\dQzAVts.exe
  C:\Windows\System\dQzAVts.exe
  2⤵
  PID:8968
- C:\Windows\System\Kylhxju.exe
  C:\Windows\System\Kylhxju.exe
  2⤵
  PID:9152
- C:\Windows\System\RfUgaXs.exe
  C:\Windows\System\RfUgaXs.exe
  2⤵
  PID:8656
- C:\Windows\System\imslZIj.exe
  C:\Windows\System\imslZIj.exe
  2⤵
  PID:8660
- C:\Windows\System\IQcVTRH.exe
  C:\Windows\System\IQcVTRH.exe
  2⤵
  PID:8568
- C:\Windows\System\yXCtkeS.exe
  C:\Windows\System\yXCtkeS.exe
  2⤵
  PID:8712
- C:\Windows\System\sDNmWBW.exe
  C:\Windows\System\sDNmWBW.exe
  2⤵
  PID:8504
- C:\Windows\System\LkDKLYh.exe
  C:\Windows\System\LkDKLYh.exe
  2⤵
  PID:8224
- C:\Windows\System\ToKCeAe.exe
  C:\Windows\System\ToKCeAe.exe
  2⤵
  PID:8548
- C:\Windows\System\TEAiYdU.exe
  C:\Windows\System\TEAiYdU.exe
  2⤵
  PID:8652
- C:\Windows\System\hvywcxq.exe
  C:\Windows\System\hvywcxq.exe
  2⤵
  PID:6360
- C:\Windows\System\yfNmUNO.exe
  C:\Windows\System\yfNmUNO.exe
  2⤵
  PID:9188
- C:\Windows\System\tRgGLPI.exe
  C:\Windows\System\tRgGLPI.exe
  2⤵
  PID:8740
- C:\Windows\System\souhyUz.exe
  C:\Windows\System\souhyUz.exe
  2⤵
  PID:9228
- C:\Windows\System\GHVCtgi.exe
  C:\Windows\System\GHVCtgi.exe
  2⤵
  PID:9248
- C:\Windows\System\exZvhkP.exe
  C:\Windows\System\exZvhkP.exe
  2⤵
  PID:9268
- C:\Windows\System\rekLQFA.exe
  C:\Windows\System\rekLQFA.exe
  2⤵
  PID:9292
- C:\Windows\System\NGgdiUE.exe
  C:\Windows\System\NGgdiUE.exe
  2⤵
  PID:9312
- C:\Windows\System\znNRsyC.exe
  C:\Windows\System\znNRsyC.exe
  2⤵
  PID:9328
- C:\Windows\System\BfLZBcc.exe
  C:\Windows\System\BfLZBcc.exe
  2⤵
  PID:9352
- C:\Windows\System\KYenyjF.exe
  C:\Windows\System\KYenyjF.exe
  2⤵
  PID:9368
- C:\Windows\System\cGHZpQm.exe
  C:\Windows\System\cGHZpQm.exe
  2⤵
  PID:9388
- C:\Windows\System\ucvjhje.exe
  C:\Windows\System\ucvjhje.exe
  2⤵
  PID:9404
- C:\Windows\System\McHWuPm.exe
  C:\Windows\System\McHWuPm.exe
  2⤵
  PID:9424
- C:\Windows\System\sevuuGz.exe
  C:\Windows\System\sevuuGz.exe
  2⤵
  PID:9440
- C:\Windows\System\PzHDHyN.exe
  C:\Windows\System\PzHDHyN.exe
  2⤵
  PID:9460
- C:\Windows\System\gJlEdfr.exe
  C:\Windows\System\gJlEdfr.exe
  2⤵
  PID:9480
- C:\Windows\System\mHQFPWK.exe
  C:\Windows\System\mHQFPWK.exe
  2⤵
  PID:9496
- C:\Windows\System\iihcIVj.exe
  C:\Windows\System\iihcIVj.exe
  2⤵
  PID:9512
- C:\Windows\System\CZgjgkV.exe
  C:\Windows\System\CZgjgkV.exe
  2⤵
  PID:9532
- C:\Windows\System\ClvlTrH.exe
  C:\Windows\System\ClvlTrH.exe
  2⤵
  PID:9556
- C:\Windows\System\PKidiVN.exe
  C:\Windows\System\PKidiVN.exe
  2⤵
  PID:9572
- C:\Windows\System\bBzsiOD.exe
  C:\Windows\System\bBzsiOD.exe
  2⤵
  PID:9588
- C:\Windows\System\sAEXvZY.exe
  C:\Windows\System\sAEXvZY.exe
  2⤵
  PID:9608
- C:\Windows\System\qXxhYNO.exe
  C:\Windows\System\qXxhYNO.exe
  2⤵
  PID:9624
- C:\Windows\System\dyVlZvz.exe
  C:\Windows\System\dyVlZvz.exe
  2⤵
  PID:9644
- C:\Windows\System\EvnwzjM.exe
  C:\Windows\System\EvnwzjM.exe
  2⤵
  PID:9664
- C:\Windows\System\EpUMhJx.exe
  C:\Windows\System\EpUMhJx.exe
  2⤵
  PID:9680
- C:\Windows\System\fICrJHx.exe
  C:\Windows\System\fICrJHx.exe
  2⤵
  PID:9696
- C:\Windows\System\BvHEsyK.exe
  C:\Windows\System\BvHEsyK.exe
  2⤵
  PID:9712
- C:\Windows\System\bylsGak.exe
  C:\Windows\System\bylsGak.exe
  2⤵
  PID:9728
- C:\Windows\System\gjGCEZE.exe
  C:\Windows\System\gjGCEZE.exe
  2⤵
  PID:9744
- C:\Windows\System\JFmTfCi.exe
  C:\Windows\System\JFmTfCi.exe
  2⤵
  PID:9760
- C:\Windows\System\gOatNfT.exe
  C:\Windows\System\gOatNfT.exe
  2⤵
  PID:9784
- C:\Windows\System\OXRYNnW.exe
  C:\Windows\System\OXRYNnW.exe
  2⤵
  PID:9808
- C:\Windows\System\TnRlYSp.exe
  C:\Windows\System\TnRlYSp.exe
  2⤵
  PID:9844
- C:\Windows\System\pVZvGeM.exe
  C:\Windows\System\pVZvGeM.exe
  2⤵
  PID:9864
- C:\Windows\System\DtYCpAQ.exe
  C:\Windows\System\DtYCpAQ.exe
  2⤵
  PID:9880
- C:\Windows\System\HJUDfxu.exe
  C:\Windows\System\HJUDfxu.exe
  2⤵
  PID:9900
- C:\Windows\System\PWIutFG.exe
  C:\Windows\System\PWIutFG.exe
  2⤵
  PID:9916
- C:\Windows\System\SgSByxs.exe
  C:\Windows\System\SgSByxs.exe
  2⤵
  PID:9932
- C:\Windows\System\WDlMTnV.exe
  C:\Windows\System\WDlMTnV.exe
  2⤵
  PID:9952
- C:\Windows\System\SnyaLlZ.exe
  C:\Windows\System\SnyaLlZ.exe
  2⤵
  PID:9968
- C:\Windows\System\WawHAFP.exe
  C:\Windows\System\WawHAFP.exe
  2⤵
  PID:9984
- C:\Windows\System\cxMUdtQ.exe
  C:\Windows\System\cxMUdtQ.exe
  2⤵
  PID:10004
- C:\Windows\System\LHPCihx.exe
  C:\Windows\System\LHPCihx.exe
  2⤵
  PID:10020
- C:\Windows\System\PvHsdNB.exe
  C:\Windows\System\PvHsdNB.exe
  2⤵
  PID:10044
- C:\Windows\System\acTkSAn.exe
  C:\Windows\System\acTkSAn.exe
  2⤵
  PID:10064
- C:\Windows\System\nWSsEQn.exe
  C:\Windows\System\nWSsEQn.exe
  2⤵
  PID:10080
- C:\Windows\System\CEjSHOv.exe
  C:\Windows\System\CEjSHOv.exe
  2⤵
  PID:10096
- C:\Windows\System\CayzDrX.exe
  C:\Windows\System\CayzDrX.exe
  2⤵
  PID:10112
- C:\Windows\System\ljCnAug.exe
  C:\Windows\System\ljCnAug.exe
  2⤵
  PID:10128
- C:\Windows\System\TDCacCS.exe
  C:\Windows\System\TDCacCS.exe
  2⤵
  PID:10156
- C:\Windows\System\jvLafWf.exe
  C:\Windows\System\jvLafWf.exe
  2⤵
  PID:10172
- C:\Windows\System\UiLrnIW.exe
  C:\Windows\System\UiLrnIW.exe
  2⤵
  PID:10188
- C:\Windows\System\OJIljEx.exe
  C:\Windows\System\OJIljEx.exe
  2⤵
  PID:10204
- C:\Windows\System\MCjpfzd.exe
  C:\Windows\System\MCjpfzd.exe
  2⤵
  PID:10224
- C:\Windows\System\rWKRCDu.exe
  C:\Windows\System\rWKRCDu.exe
  2⤵
  PID:8404
- C:\Windows\System\fyOJfcO.exe
  C:\Windows\System\fyOJfcO.exe
  2⤵
  PID:9288
- C:\Windows\System\CNyVOLj.exe
  C:\Windows\System\CNyVOLj.exe
  2⤵
  PID:9396
- C:\Windows\System\PPMsfCf.exe
  C:\Windows\System\PPMsfCf.exe
  2⤵
  PID:9472
- C:\Windows\System\KoTLndd.exe
  C:\Windows\System\KoTLndd.exe
  2⤵
  PID:9544
- C:\Windows\System\lMRoxXq.exe
  C:\Windows\System\lMRoxXq.exe
  2⤵
  PID:9652
- C:\Windows\System\AJXjVoN.exe
  C:\Windows\System\AJXjVoN.exe
  2⤵
  PID:9720
- C:\Windows\System\EKKNrhv.exe
  C:\Windows\System\EKKNrhv.exe
  2⤵
  PID:9416
- C:\Windows\System\XiwRlii.exe
  C:\Windows\System\XiwRlii.exe
  2⤵
  PID:9852
- C:\Windows\System\MWQXsWR.exe
  C:\Windows\System\MWQXsWR.exe
  2⤵
  PID:10140
- C:\Windows\System\VXgFBGZ.exe
  C:\Windows\System\VXgFBGZ.exe
  2⤵
  PID:10180
- C:\Windows\System\lcXQbre.exe
  C:\Windows\System\lcXQbre.exe
  2⤵
  PID:9236
- C:\Windows\System\QzAyRTU.exe
  C:\Windows\System\QzAyRTU.exe
  2⤵
  PID:9284
- C:\Windows\System\IXChSFT.exe
  C:\Windows\System\IXChSFT.exe
  2⤵
  PID:9552
- C:\Windows\System\AjqAhcY.exe
  C:\Windows\System\AjqAhcY.exe
  2⤵
  PID:9616
- C:\Windows\System\gSXSyqo.exe
  C:\Windows\System\gSXSyqo.exe
  2⤵
  PID:9780
- C:\Windows\System\gxacFMP.exe
  C:\Windows\System\gxacFMP.exe
  2⤵
  PID:9300
- C:\Windows\System\vEylWkR.exe
  C:\Windows\System\vEylWkR.exe
  2⤵
  PID:9116
- C:\Windows\System\XuUtgju.exe
  C:\Windows\System\XuUtgju.exe
  2⤵
  PID:9908
- C:\Windows\System\WhovqSA.exe
  C:\Windows\System\WhovqSA.exe
  2⤵
  PID:9964
- C:\Windows\System\UiExuLh.exe
  C:\Windows\System\UiExuLh.exe
  2⤵
  PID:10032
- C:\Windows\System\DxbSnfe.exe
  C:\Windows\System\DxbSnfe.exe
  2⤵
  PID:10076
- C:\Windows\System\qXsFEgs.exe
  C:\Windows\System\qXsFEgs.exe
  2⤵
  PID:9264
- C:\Windows\System\GWIyeBq.exe
  C:\Windows\System\GWIyeBq.exe
  2⤵
  PID:9376
- C:\Windows\System\lsNOpZu.exe
  C:\Windows\System\lsNOpZu.exe
  2⤵
  PID:9456
- C:\Windows\System\StzBhpv.exe
  C:\Windows\System\StzBhpv.exe
  2⤵
  PID:9940
- C:\Windows\System\dcZSBPk.exe
  C:\Windows\System\dcZSBPk.exe
  2⤵
  PID:9640
- C:\Windows\System\AJUBPVo.exe
  C:\Windows\System\AJUBPVo.exe
  2⤵
  PID:9708
- C:\Windows\System\JLKvScL.exe
  C:\Windows\System\JLKvScL.exe
  2⤵
  PID:9824
- C:\Windows\System\XjpbWjf.exe
  C:\Windows\System\XjpbWjf.exe
  2⤵
  PID:9876
- C:\Windows\System\wWTmeqM.exe
  C:\Windows\System\wWTmeqM.exe
  2⤵
  PID:10016
- C:\Windows\System\nhbAdtI.exe
  C:\Windows\System\nhbAdtI.exe
  2⤵
  PID:10088
- C:\Windows\System\yWcfXvr.exe
  C:\Windows\System\yWcfXvr.exe
  2⤵
  PID:9060
- C:\Windows\System\hnAAddW.exe
  C:\Windows\System\hnAAddW.exe
  2⤵
  PID:9364
- C:\Windows\System\AUCDpwo.exe
  C:\Windows\System\AUCDpwo.exe
  2⤵
  PID:9688
- C:\Windows\System\TiPeorC.exe
  C:\Windows\System\TiPeorC.exe
  2⤵
  PID:9564
- C:\Windows\System\XCnLxvG.exe
  C:\Windows\System\XCnLxvG.exe
  2⤵
  PID:10152
- C:\Windows\System\sWzfwoN.exe
  C:\Windows\System\sWzfwoN.exe
  2⤵
  PID:9860
- C:\Windows\System\vKDDInB.exe
  C:\Windows\System\vKDDInB.exe
  2⤵
  PID:9976
- C:\Windows\System\VcXbLMB.exe
  C:\Windows\System\VcXbLMB.exe
  2⤵
  PID:9220
- C:\Windows\System\XaodFve.exe
  C:\Windows\System\XaodFve.exe
  2⤵
  PID:9796
- C:\Windows\System\VYeofbs.exe
  C:\Windows\System\VYeofbs.exe
  2⤵
  PID:9636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AgiTINM.exe

Filesize
6.0MB

MD5
1886cf613705bed109494f80fc24f197

SHA1
deedb5ce598f0e3892c1f84eb2ed5f92896f4285

SHA256
055b4945394113b5cc4656353753921a694bc57ec036a668e601044b3b214f8c

SHA512
66a5f75617348c89cf0e61ff4dc858f6c5cf5468da914c3ffa0154576caae0e933b2932e6411578a5d57b3ab936be52482765d07184a209efb4295569b858f36

Download Submit
C:\Windows\system\BNpuTEo.exe

Filesize
6.0MB

MD5
2daa8b47cd3217b4bcf6bfff75b182ed

SHA1
1d5cbf5eafdda2e7612117e4e4c8380edfeb6afd

SHA256
a5c0398f42254452b22a86d6cdd67a3cc5be7d13843393b355fd4f1936d5d0fd

SHA512
48970490d8a3202640260fcdbcdd44b503f9f892e70d14802782030ce75c9a83654d49e16bedab1be39813995f3abdc312f80536e8b5ce664de0a9e55d7aa0ac

Download Submit
C:\Windows\system\DOSBemm.exe

Filesize
6.0MB

MD5
9193fadd1b3138f029ba441c79c39e0e

SHA1
80f302c974e4ba0162a02445ceaaba47041075dd

SHA256
a70426da1c69e49d166b8ee24c491e34acb043268d641c4cf19840d5e30bd715

SHA512
69ab513e2baf80d14632641a9413bed30816dc73e079fb038b3aac27e22d97d92c8361cd36a4ba8e2d6d4c245819df98b58f4a2d96c9e598029020e898fb99fc

Download Submit
C:\Windows\system\EeUxCnz.exe

Filesize
6.0MB

MD5
049ed52d0b0bd2e90fd96b89ad48151c

SHA1
540e2edf6a74aae895ccbef9062b030aef41e136

SHA256
7e309b8d4157f34527b07e05351000857d2820b197b249bb377e765979fac434

SHA512
2a64f85830e39b0715dd900298b9c1d3b70d717ff2358873dca8c7a1f385d7fab796f89caab2763fbeb8e1e600fb349efd247d4de6ac4938cffbe1e59852c221

Download Submit
C:\Windows\system\EiriToN.exe

Filesize
6.0MB

MD5
adbc11b0015847b3cdde26c605fa935a

SHA1
14080ff3081836faff4b9b5e79f4a5a2568460a2

SHA256
628fc6a0fb66f6a72caa13fec7bf6258febb41f4155d4e81e1e1d52ca8a970f5

SHA512
05156c328af0a0907fe9ce3e44bc9ed413e19f257784ddf5f8ce98d65f9d5773813f6563c4fccd07aac360f1e6414064a8a99ec33f9cd77979c2b9945e102b86

Download Submit
C:\Windows\system\EmoklzV.exe

Filesize
6.0MB

MD5
f5ab7baf816c4583f157d4650fd68837

SHA1
f67bfb7d891643cc57301a635340edde9db26142

SHA256
64a58807a15038da9c551745354a4120e0dc0384f95e169a42218b907a4ed4d7

SHA512
01ea8b4033022df2079d6627ff64e1f6fd38cf59b05527a6fcb1e420d993386b2b83cb2116217467e5bd17c93e48674945114a176ead425f580962f1268d9619

Download Submit
C:\Windows\system\FGBLbfL.exe

Filesize
6.0MB

MD5
c4daa7d353ad1f8001ef3d3b5f6f63c7

SHA1
b7cf7c7388c3c082958b15e02c7b5ddc4d057b8c

SHA256
036a6cb6c12edf761410322aa6cdf7cee5b69a37735ebfd157e5d8fefe62fe73

SHA512
5cde7c381069d2196a23d5af8cb0af141b8effe6ba2990fcdd8272320345f6cda320755416a693bfb19f24c3904e3f8c2691bed701245741b682344b0e2ef4f7

Download Submit
C:\Windows\system\MjvUDwO.exe

Filesize
6.0MB

MD5
c8cf01aa674bd01aac7cf4457a76e60b

SHA1
749329fa554bfd01cf80bd1e7fafa916acc80a4a

SHA256
ca9c481fe9ca32c966b42f55804828ef7505f2e95c92d87a9c47e13b133665e7

SHA512
11ab2e626100ce96f032580a7c65ca31bdcd6f208030edb95bde134c2e7d3fce5fbdffc474eb23b41da99424e5cfc701e9ac5a46a70ce35d321b4d9acc114cbf

Download Submit
C:\Windows\system\NecHvbT.exe

Filesize
6.0MB

MD5
647d7faed656c194b6fa9437648227b8

SHA1
491874aeff6c9589f3c65c9041214748bf0bc08d

SHA256
b536b80c6d5acfe5075786dcf0f33545fa35860819aea1b3f3e8f20568956c7d

SHA512
4a64765b181c7cdc2e3c1a1000a252415da8f5f7d077f5d1280d23b796f71ea2302535e703d159814ecbe32817b196e9c79b3ffcbf77c045c5a15290b70256b9

Download Submit
C:\Windows\system\NrytvsQ.exe

Filesize
6.0MB

MD5
4b14d5a1dc486e873e7575d9234a9800

SHA1
d2cec50afc52863d8f6b595ba0d1df5ef1c22671

SHA256
fa692431d67577be360a1c606cc65dfb4ab2444a6b90634e077e48c5a9b88b21

SHA512
b2982a36ee5b0550ed5d65ae503e93a03ea89671f33df29e58969a0241c460edbd108a7b66bd227c6ea5479a204d9e4d712a91dceadcb41bb837847987ad8511

Download Submit
C:\Windows\system\SYzchpY.exe

Filesize
6.0MB

MD5
37e842832c3e63ab22c698738d206bc1

SHA1
8f2fa9db5f73240eca4b320360c7afbf909a72c2

SHA256
f5f4471fae7d29d93399853333c8fe78c5990494259b02eb1a5d3b0f30f67bdc

SHA512
bfd4706a87766cf458e7db115926f62528c944c747585910e935558c9da67569cb58b37b6cc8d6b01a03225c58c6cdff16cf57daa849331e8cd94de19793edfb

Download Submit
C:\Windows\system\TYrhffI.exe

Filesize
6.0MB

MD5
2e285e3c9415f62efe7f1247bde516c5

SHA1
2f14c035562040bd87ec101491e6b5fa545ab1f9

SHA256
1d6477f38b2857d894819af47c046bfdfd365caa487030280544dc84d3eb8c82

SHA512
115f0a94fcd902941303289fc543cbb9cd78f043986526eb644c01f4f6364b966686e821920789486cdd50dabcbb54fad2fdbe12263672502348151e92f57572

Download Submit
C:\Windows\system\UnfhEAq.exe

Filesize
6.0MB

MD5
05d2e9a5f75b375305491daeada74767

SHA1
09c9556ac18db2ac6c7a5a76b469be01a12ea245

SHA256
f9f651c6c2212a4bf26ed20c90bfacb09c4d8a76e39dc1f48d17861a972c9f2e

SHA512
f145275e27431f112c6b1360509bd1384e69ddfd5e5288a846afe53374e40d2c4909690fa2b76adc4ca4993ca8b2d2c662255757d4993703c5b2f45e3417787c

Download Submit
C:\Windows\system\UsbXEsi.exe

Filesize
6.0MB

MD5
744c2fdd6acdd57d3a6df0d2b6fcbca6

SHA1
129659dae2f43dfa45a0ebcce139d9e27fb8be24

SHA256
a9c3a4b40335ddd35650363387389372494aaa3f9e5b10c85fe6773d0db45796

SHA512
beb493336126eb067f4a21ae408a27c3c5293c5d02271a0b007749a53ccdb9a339a894aa5140b7622db5c2f9d2d06eabc10dd3734a3bef425eb67fa02fb9b95c

Download Submit
C:\Windows\system\XcBZXow.exe

Filesize
6.0MB

MD5
b14b3bb3691de260bf913882e171c677

SHA1
196c475e5a148568b9727900d191d686a1492363

SHA256
3f5d253d543b1f465355e1f2476f0a4fe7cd1363e3a7003e31a3da7aa3c72339

SHA512
f378a90910c5d27d9df98fa115011c147eff0175aa4d79ea7911e4e06ec36cd722fb84d8a351fa4c403885515fae50e513fce5e8146f13c78ebb4836eb27bb95

Download Submit
C:\Windows\system\YTLUNGY.exe

Filesize
6.0MB

MD5
4b0e7edd8d5a87d6a1f96098c94b4996

SHA1
c6502e04109dd3c4a25c0385b170a2da2cb10663

SHA256
002102b73280129a8855d317d350dd35bd596b1a741be56348965cb70e9b4558

SHA512
8ef762f9dceaa9c4d661b1e75e745c0bce2c50bdbbbaa30a313d20f12e04facfa179ad4895f3befbcad3cb1fbedb9af66a6473b965759775eca625a700b725b1

Download Submit
C:\Windows\system\aLZuECW.exe

Filesize
6.0MB

MD5
96b4d5f0756fd68d2479b920df5a2787

SHA1
c81f4b41dae1af46282e0f0ca19da4578d70dd78

SHA256
8037c3b9b4f2891a5250c422f560d117245848b4b350aba557efa074a5e88147

SHA512
988e2cd0b5d7990ca6239fe9c58583c5a2c9b405bbbed3965ee043b73f5a06da73b44266c1a038b00a36bbc492c14621012a9cfb8e9654c2281cd6f690a15011

Download Submit
C:\Windows\system\bPNbxUD.exe

Filesize
6.0MB

MD5
e9b033ebd6b59844008f1913cd5f3b48

SHA1
03e26d5f065610402a3016d37b9da1d103338ae5

SHA256
1679eb8e2cba1b593c8856c4c0cfeb26306529f53f38b740f2dc878089eddff3

SHA512
e5dc5f507425fd667de05fddef442e1814b4cb3b53cb1f9525e70b3b9f75e86129e4de53aa43141c6cc32556b092b875454b25b32f78d3e3d3bb5e55bc3a23ec

Download Submit
C:\Windows\system\cZmZuDf.exe

Filesize
6.0MB

MD5
21e07703514cbbfe0da093c198967b7f

SHA1
95d4edab39a63f51f7169e9b733c9b58fc6958bf

SHA256
93c61ebd7d9485ca7c5b51cc004635413372deb9c0e9060d8a5baeeedad29530

SHA512
f2c1889cc2114683bbec44b90a748eaa341a2281847d6f5fe48998c84953f22e74993660d84769d6b69ef182db36e38ce1320024a06ad18ac20374c1ed541f05

Download Submit
C:\Windows\system\eiJLSiW.exe

Filesize
6.0MB

MD5
f12564fecdb518333da547230a84db30

SHA1
54c7d79025426296e4b5abc33c18fd4ce275e255

SHA256
611754a6f476d494b6dcf159576dd58890011593f0e1d1f11e2aca63573be6b7

SHA512
5596c1dafbfccc87f7f6e6684d302f3f381ddf07ef53339f96e95c23551a832dea701c414b5454d9b3088a8bb5fb664fbc0a29bf821bf45f5df756c63a98e62d

Download Submit
C:\Windows\system\fHyRDYP.exe

Filesize
6.0MB

MD5
9d5943a12c7f9a322848df71831a085a

SHA1
6ff9d7fc0d085c2cc8b71c7ac841473d93193db1

SHA256
8a1a6e3c432e23937c93078e6c0b1bee61a0f305ffba57d0aaf5485a43d7e8c4

SHA512
4a236a876c160abd470b5844e0635a5bc6e250a39f164e3b5f8f285fd61e0f066fe6a21e0765d6ade9041cf0d3b0f1102bb72fa0805d2bd06cf4fa1e18c55462

Download Submit
C:\Windows\system\ifqHdqg.exe

Filesize
6.0MB

MD5
930e06b8d6ac71ef0614ea854889a426

SHA1
112afc043f1f2ce539ee4eb4e31eb97a7029e0f3

SHA256
6b2bc824ffa0a3dc343f8a0b470bdf5e7ba2c4813cb26fb653f657c81ac32322

SHA512
40df5f1dd46447852274ff6ddd45869e8a7afa131cc8b5802eca9df9de61452a13928ae4e5ac13e6bd08a4ba62a4e3d945770bba172726f38f905bb3f9c7e176

Download Submit
C:\Windows\system\mCYsXzd.exe

Filesize
6.0MB

MD5
9d60e259b683aed33bc334dc6162d312

SHA1
2f1c9f20fc268eae8786ff6c68d66840af1255bb

SHA256
c5413a3f0577fb7bc51c6137a485fb03b6902260dd50b1706ab06611a88e8c38

SHA512
f5bff2621d0a1bbc3879cdcd464261cfcb09c4fa6975b28547e456d32e5526698300cec12f18f5f82fa8d94ef5cfc63df630c60083e3f69a3fb471d8613756bd

Download Submit
C:\Windows\system\mLJdrFi.exe

Filesize
6.0MB

MD5
ba4cac9ca5c66c00ae8ee4a3abdb4c33

SHA1
314d40204c9b969065c76c15c27f54417dd2c2c7

SHA256
6c0daea71278bc5bf3c8d55eebe557623ac25031d199f9c10c1c4d867dd6b135

SHA512
796935640eeffb4a2cd6bd1f9594c9855284f1f2401cb25653a1e4069611362532b3418bf76dc51c070350beb66ed6abab9f0f4f245cf334dc275fb7e3452d1b

Download Submit
C:\Windows\system\qObZPBr.exe

Filesize
6.0MB

MD5
cdb11223228dc692202ee6916d0ff0a6

SHA1
f2dc017aeee7b191414b6d97d6f8284cfaf055be

SHA256
99c40b865716232b5e4d3b087549be4396477036da5c43e7c9af64e443adb135

SHA512
1ee220ab677444bbfad3a319cbf06678f5efb2eebd4113d533807784a0829a1eaa2d5a2beef069faeee879317c094dd226ba6a67841cafa40f720d24e13b3cf9

Download Submit
C:\Windows\system\rfbRjSZ.exe

Filesize
6.0MB

MD5
2478a6ac73614bfe0be98175f7a3bd67

SHA1
e3e0280c9c04591c4da98184d14f5d06f74da1bd

SHA256
07add80b423f70b3241dcdf1c4c86302b67d1f16a5f93a2331f36984c73c2653

SHA512
9c60ebdc284bc5d62aa64f810ce6f8e8aaf49ec04a55ec46fc485fa0aa9057890e25c58061d447533a01f1e40ea05fe8a43ba0e32885b523d9217de1fb3e19ab

Download Submit
C:\Windows\system\wOUzfAg.exe

Filesize
6.0MB

MD5
5157d2ffee7da1475269bc29732d4489

SHA1
0e31af153125fdaf0635a2937eb3278984bde83c

SHA256
f38930ece994c0370b79a70434559854d73cf494cfaaab7451b330870328ba9b

SHA512
cf311552bc062f378a401f7d87197f5933aafa357a1649af9f14f5f0f9974427a00d0ce2b1490c2e3751dcad323a9b00462e076e3b8ff2a112a6066bbdadb6e9

Download Submit
C:\Windows\system\wqAGBAS.exe

Filesize
6.0MB

MD5
ec848d1f564da32a13ef3665822ab806

SHA1
595b050b494acfd99ed170bdae250e07baecb0e1

SHA256
82f0873a27eb768e335fd51440bccd404853945afb1ac36a460c3f31b9d9dee0

SHA512
e67fd6be99c206039656bfd47342f83e174cb4ed2f3649e94b1e7dd15d6d16cc4f1edd00be0bc27fe76a37324fe2e2ab57544ed2fe73f1e3c5789dadffe5cbcc

Download Submit
C:\Windows\system\yTrebwg.exe

Filesize
6.0MB

MD5
203b2252415432906bd5fe686dcf483e

SHA1
1e29c92ede28b09c11ae1fc9939da29d84bec0d4

SHA256
f2c3cd2120e1f549b890f5993bacb74bd743ecb4054f68f048a045d08bc7f82c

SHA512
0b69cb34f10653558536561bb07dc41d8ff9ced37cd51df6b90419ffaef952276d5906a056058f0fd141056050fea03984518112fafed3c8d45b7aae9320934b

Download Submit
\Windows\system\HRyOTxo.exe

Filesize
6.0MB

MD5
05d7ac8e9efa4abf7fc9ca1a9dd73bf8

SHA1
b8a2c3cabe8e5441debe39892c95558341b7ba89

SHA256
afe4b3e721fdeb532efc860e10888dcc1751f0f5cf5e3692209cbfd06207cc65

SHA512
d455995d729a4b1528b99d91db4f165c4243c9b1fffebd2087055278361fbf1d3dbd6b3833ba283da9925f200e259a533059d0362fcdbac1e851c153561b6e34

Download Submit
\Windows\system\XRJlDQc.exe

Filesize
6.0MB

MD5
ea1a7a9f1a8e4e005439a7c61f271475

SHA1
b1aa016885b3e2b5a0e81d158e111087b996a3ab

SHA256
0b24b91717e66c2f0154309da37f906ab14434cdf07ab549cd6d1ba122d4aea1

SHA512
f30dafba3875fec74214fa9ad946eb5469fe97270be1597d424ca2abc661d1bddcd03574c16c4cb05a2525fd0aae1535182aba984918524fec8563fcab9b1986

Download Submit
\Windows\system\fVGeUDK.exe

Filesize
6.0MB

MD5
78837ed4493ecce3e65033f0cde36152

SHA1
4ab00637b8bd3285646db0845397c896544a34e2

SHA256
d61eb4c6dcfec1ae386fe1db402137a318cd86673046e835d14fcbe330ec160a

SHA512
f9f936bf6922ec3de6ab9e1d35f37e578f2f52ae7908f5ba907c85800aac960bc072c0b9d380044a2b86011796175765ae7cc94c6de9e2c55bdbada2e9b79a80

Download Submit
memory/448-3985-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/448-514-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/1276-521-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1276-3990-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/1304-3995-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1304-516-0x000000013FFA0000-0x00000001402F4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-3986-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/1348-518-0x000000013FE90000-0x00000001401E4000-memory.dmp

Filesize
3.3MB

Download
memory/2084-526-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2368-3992-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2368-512-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-508-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3991-0x000000013F930000-0x000000013FC84000-memory.dmp

Filesize
3.3MB

Download
memory/2604-506-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4001-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2628-510-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2628-3996-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4000-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2652-502-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3989-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-504-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-498-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3997-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1652-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1607-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2756-503-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-507-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-501-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2756-499-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2756-509-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2756-497-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-511-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-513-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-515-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-517-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-519-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2756-522-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-527-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1468-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1469-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1592-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-505-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1636-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1671-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1661-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1662-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1748-0x000000013F860000-0x000000013FBB4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1702-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-393-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1728-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1734-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1714-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1615-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2756-0-0x000000013FC70000-0x000000013FFC4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-1638-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2996-3993-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2996-500-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3994-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download
memory/3000-528-0x000000013FA40000-0x000000013FD94000-memory.dmp

Filesize
3.3MB

Download