cobaltstrike | 07a7880c917cbe3a07d260c32364b03971fc8fea748ad233e654b2b26359649b

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

bcec638f273f648c957bfb2eb21a525e
SHA1

c6c8111d460a4fd9b13e94cfcfc8aa372cc2a11d
SHA256

07a7880c917cbe3a07d260c32364b03971fc8fea748ad233e654b2b26359649b
SHA512

9b6c75f5e2ca04acd9a4c69a8a46fe994004e2a79ee3b2fdf089d4532b49b40cddc3f375999c70ddae7254219bdfcee17a0ea4329e433fa647327a8f523cb7d4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUl:T+q56utgpPF8u/7l

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 35 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001686c-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c73-12.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c95-28.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ce1-33.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d47-45.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019240-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019319-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-162.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001926c-154.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000164db-149.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019259-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-131.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-130.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-128.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017403-127.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d0d-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191f6-123.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e1-111.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-100.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-93.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-92.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-90.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-76.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-56.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019365-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001929a-168.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019275-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019268-152.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019217-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d2-120.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-108.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-107.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-65.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/628-0-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x000800000001686c-8.dat	xmrig
behavioral1/files/0x0008000000016c73-12.dat	xmrig
behavioral1/memory/2128-19-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/628-17-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c95-28.dat	xmrig
behavioral1/files/0x0007000000016ce1-33.dat	xmrig
behavioral1/files/0x0009000000016d47-45.dat	xmrig
behavioral1/files/0x0005000000019240-140.dat	xmrig
behavioral1/memory/2896-979-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2308-833-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/628-531-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0005000000019319-169.dat	xmrig
behavioral1/files/0x0005000000019278-162.dat	xmrig
behavioral1/files/0x000500000001926c-154.dat	xmrig
behavioral1/files/0x00090000000164db-149.dat	xmrig
behavioral1/files/0x0005000000019259-146.dat	xmrig
behavioral1/files/0x0005000000018697-131.dat	xmrig
behavioral1/files/0x0015000000018676-130.dat	xmrig
behavioral1/files/0x00060000000174c3-129.dat	xmrig
behavioral1/files/0x0006000000017488-128.dat	xmrig
behavioral1/files/0x0008000000017403-127.dat	xmrig
behavioral1/files/0x0007000000016d0d-126.dat	xmrig
behavioral1/files/0x00050000000191f6-123.dat	xmrig
behavioral1/memory/2652-114-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x00060000000190e1-111.dat	xmrig
behavioral1/files/0x0006000000018f65-100.dat	xmrig
behavioral1/files/0x00050000000187a2-93.dat	xmrig
behavioral1/files/0x0005000000018696-92.dat	xmrig
behavioral1/files/0x0006000000018c34-90.dat	xmrig
behavioral1/files/0x000600000001757f-76.dat	xmrig
behavioral1/memory/3040-68-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2224-57-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x000600000001746a-56.dat	xmrig
behavioral1/memory/628-47-0x00000000023D0000-0x0000000002724000-memory.dmp	xmrig
behavioral1/memory/3000-43-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0005000000019365-172.dat	xmrig
behavioral1/files/0x000500000001929a-168.dat	xmrig
behavioral1/files/0x0005000000019275-159.dat	xmrig
behavioral1/files/0x0005000000019268-152.dat	xmrig
behavioral1/files/0x0005000000019217-134.dat	xmrig
behavioral1/files/0x00050000000191d2-120.dat	xmrig
behavioral1/memory/628-118-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2536-110-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2896-109-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/files/0x000600000001904c-108.dat	xmrig
behavioral1/files/0x0006000000018c44-107.dat	xmrig
behavioral1/memory/628-106-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2620-98-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/files/0x00060000000174a6-65.dat	xmrig
behavioral1/memory/2308-29-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/2444-25-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/628-24-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/1708-23-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2308-3652-0x000000013F0C0000-0x000000013F414000-memory.dmp	xmrig
behavioral1/memory/1708-3694-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/2620-3801-0x000000013F7C0000-0x000000013FB14000-memory.dmp	xmrig
behavioral1/memory/2652-3800-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/memory/3000-3799-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/3040-3807-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2128-3806-0x000000013F180000-0x000000013F4D4000-memory.dmp	xmrig
behavioral1/memory/2444-3805-0x000000013F760000-0x000000013FAB4000-memory.dmp	xmrig
behavioral1/memory/2224-3804-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2128	JTeFNix.exe
1708	OTRTHTS.exe
2444	rvZbVXj.exe
2308	gqElJPM.exe
3000	URUeBSZ.exe
2224	oynNUMu.exe
3040	kTEvTqK.exe
2652	ALnHJZQ.exe
2620	kuEpucb.exe
2896	zngyvSK.exe
2536	zGzmtpr.exe
2508	bRsHAnW.exe
2976	pGzAuib.exe
1820	NmlMePU.exe
3032	TNnhvPS.exe
908	LXpmToi.exe
3052	JYRnAqg.exe
2768	iNKOrxT.exe
2504	yxdfTML.exe
1656	RvUtwBX.exe
2024	fHGQBbo.exe
1720	gAPrnxr.exe
2572	gfbZeEI.exe
1296	lvlPjKN.exe
1932	pNOBWVl.exe
1988	BqXHaiZ.exe
2840	NMLbnmS.exe
2836	FVLhjgC.exe
852	QQrrwef.exe
2360	lrhpVZf.exe
924	KNDedvV.exe
2256	UsxTrjt.exe
1300	RdDAypw.exe
1620	mUWCVvo.exe
816	zBqoXUs.exe
1808	rRaoEOv.exe
2208	XXvDBMt.exe
2928	MhjrXti.exe
2356	nplkRdE.exe
2216	hhQylhO.exe
1508	NJcjKUg.exe
2164	cVMtgVR.exe
1968	EAoTjvV.exe
1920	sbinxup.exe
2564	fTzUnaY.exe
2868	xWuQsbE.exe
2808	xcUgZNn.exe
2672	SkbcPFT.exe
1696	WTcRdhL.exe
788	XutEPYS.exe
1000	MQhOpHL.exe
968	mWzSUvY.exe
716	clShndG.exe
1560	GLAJNKA.exe
2008	wBrdqST.exe
2156	salYPCx.exe
2908	BepGngU.exe
1640	XkbsUEd.exe
1752	lzOQzWw.exe
1604	VHHttnk.exe
2084	KrWjFAq.exe
648	GAQuKTp.exe
2848	mSnGXdw.exe
604	XHxiFxm.exe

Loads dropped DLL 64 IoCs

pid	Process
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 61 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/628-0-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x000800000001686c-8.dat	upx
behavioral1/files/0x0008000000016c73-12.dat	upx
behavioral1/memory/2128-19-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/files/0x0007000000016c95-28.dat	upx
behavioral1/files/0x0007000000016ce1-33.dat	upx
behavioral1/files/0x0009000000016d47-45.dat	upx
behavioral1/files/0x0005000000019240-140.dat	upx
behavioral1/memory/2896-979-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2308-833-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/628-531-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0005000000019319-169.dat	upx
behavioral1/files/0x0005000000019278-162.dat	upx
behavioral1/files/0x000500000001926c-154.dat	upx
behavioral1/files/0x00090000000164db-149.dat	upx
behavioral1/files/0x0005000000019259-146.dat	upx
behavioral1/files/0x0005000000018697-131.dat	upx
behavioral1/files/0x0015000000018676-130.dat	upx
behavioral1/files/0x00060000000174c3-129.dat	upx
behavioral1/files/0x0006000000017488-128.dat	upx
behavioral1/files/0x0008000000017403-127.dat	upx
behavioral1/files/0x0007000000016d0d-126.dat	upx
behavioral1/files/0x00050000000191f6-123.dat	upx
behavioral1/memory/2652-114-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x00060000000190e1-111.dat	upx
behavioral1/files/0x0006000000018f65-100.dat	upx
behavioral1/files/0x00050000000187a2-93.dat	upx
behavioral1/files/0x0005000000018696-92.dat	upx
behavioral1/files/0x0006000000018c34-90.dat	upx
behavioral1/files/0x000600000001757f-76.dat	upx
behavioral1/memory/3040-68-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2224-57-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x000600000001746a-56.dat	upx
behavioral1/memory/3000-43-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0005000000019365-172.dat	upx
behavioral1/files/0x000500000001929a-168.dat	upx
behavioral1/files/0x0005000000019275-159.dat	upx
behavioral1/files/0x0005000000019268-152.dat	upx
behavioral1/files/0x0005000000019217-134.dat	upx
behavioral1/files/0x00050000000191d2-120.dat	upx
behavioral1/memory/2536-110-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2896-109-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/files/0x000600000001904c-108.dat	upx
behavioral1/files/0x0006000000018c44-107.dat	upx
behavioral1/memory/2620-98-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/files/0x00060000000174a6-65.dat	upx
behavioral1/memory/2308-29-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/2444-25-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/1708-23-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2308-3652-0x000000013F0C0000-0x000000013F414000-memory.dmp	upx
behavioral1/memory/1708-3694-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/2620-3801-0x000000013F7C0000-0x000000013FB14000-memory.dmp	upx
behavioral1/memory/2652-3800-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/memory/3000-3799-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/3040-3807-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2128-3806-0x000000013F180000-0x000000013F4D4000-memory.dmp	upx
behavioral1/memory/2444-3805-0x000000013F760000-0x000000013FAB4000-memory.dmp	upx
behavioral1/memory/2224-3804-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2536-3803-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2896-3802-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\VHHttnk.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gZzCinT.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJfqeuO.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZrkTzI.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyjIEkY.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBfieRx.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FLTnXhx.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FiuZsuh.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PBWKkeu.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KCQTXuL.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xfEpXkW.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NsvjDwi.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yHgWJZa.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PbIcjqe.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTEvTqK.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XgTQoUb.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngBYOuk.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MJbCrSg.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BAOvaah.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EdmuhQj.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hkGCCKy.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WitbvPi.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIZegkB.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAgfsUA.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCybiiQ.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\StiECUz.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YizVrIl.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CTTjmDr.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pJUorpO.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCulehF.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JFFEyIi.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DvVnpkq.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EdwMwLG.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DToWSqf.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfiTXMj.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FHQyJms.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NYutBrh.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dzVvYGy.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dnqEYrP.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CnMoqYv.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBqycEl.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OTRTHTS.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NkcZCFB.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\idjigzL.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgBHADy.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fUSJQpt.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKAZbSE.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZemAoav.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSVQbWn.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUgAFGc.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIlBFCn.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JJgRKqz.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oUQUpPY.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDiSCQD.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSzlypP.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\guvcnMC.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWQqErG.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ALHpWjh.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMucGOA.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HeHAegR.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OgqkHRr.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CrDciRZ.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bhRGRRx.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aIMMhQk.exe	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 2128	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 628 wrote to memory of 2128	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 628 wrote to memory of 2128	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	29
PID 628 wrote to memory of 1708	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 628 wrote to memory of 1708	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 628 wrote to memory of 1708	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	30
PID 628 wrote to memory of 2444	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 628 wrote to memory of 2444	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 628 wrote to memory of 2444	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 628 wrote to memory of 2308	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 628 wrote to memory of 2308	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 628 wrote to memory of 2308	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 628 wrote to memory of 3000	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 628 wrote to memory of 3000	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 628 wrote to memory of 3000	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 628 wrote to memory of 3032	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 628 wrote to memory of 3032	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 628 wrote to memory of 3032	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 628 wrote to memory of 2224	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 628 wrote to memory of 2224	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 628 wrote to memory of 2224	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 628 wrote to memory of 908	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 628 wrote to memory of 908	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 628 wrote to memory of 908	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 628 wrote to memory of 3040	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 628 wrote to memory of 3040	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 628 wrote to memory of 3040	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 628 wrote to memory of 3052	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 628 wrote to memory of 3052	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 628 wrote to memory of 3052	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 628 wrote to memory of 2652	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 628 wrote to memory of 2652	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 628 wrote to memory of 2652	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 628 wrote to memory of 2768	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 628 wrote to memory of 2768	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 628 wrote to memory of 2768	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 628 wrote to memory of 2620	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 628 wrote to memory of 2620	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 628 wrote to memory of 2620	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 628 wrote to memory of 2504	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 628 wrote to memory of 2504	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 628 wrote to memory of 2504	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 628 wrote to memory of 2896	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 628 wrote to memory of 2896	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 628 wrote to memory of 2896	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 628 wrote to memory of 1656	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 628 wrote to memory of 1656	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 628 wrote to memory of 1656	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 628 wrote to memory of 2536	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 628 wrote to memory of 2536	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 628 wrote to memory of 2536	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 628 wrote to memory of 1720	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 628 wrote to memory of 1720	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 628 wrote to memory of 1720	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 628 wrote to memory of 2508	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 628 wrote to memory of 2508	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 628 wrote to memory of 2508	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 628 wrote to memory of 2572	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 628 wrote to memory of 2572	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 628 wrote to memory of 2572	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 628 wrote to memory of 2976	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 628 wrote to memory of 2976	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 628 wrote to memory of 2976	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 628 wrote to memory of 1296	628	2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe	50

C:\Users\Admin\AppData\Local\Temp\2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-16_bcec638f273f648c957bfb2eb21a525e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:628
- C:\Windows\System\JTeFNix.exe
  C:\Windows\System\JTeFNix.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\OTRTHTS.exe
  C:\Windows\System\OTRTHTS.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\rvZbVXj.exe
  C:\Windows\System\rvZbVXj.exe
  2⤵
  - Executes dropped EXE
  PID:2444
- C:\Windows\System\gqElJPM.exe
  C:\Windows\System\gqElJPM.exe
  2⤵
  - Executes dropped EXE
  PID:2308
- C:\Windows\System\URUeBSZ.exe
  C:\Windows\System\URUeBSZ.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\TNnhvPS.exe
  C:\Windows\System\TNnhvPS.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\oynNUMu.exe
  C:\Windows\System\oynNUMu.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\LXpmToi.exe
  C:\Windows\System\LXpmToi.exe
  2⤵
  - Executes dropped EXE
  PID:908
- C:\Windows\System\kTEvTqK.exe
  C:\Windows\System\kTEvTqK.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\JYRnAqg.exe
  C:\Windows\System\JYRnAqg.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\ALnHJZQ.exe
  C:\Windows\System\ALnHJZQ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\iNKOrxT.exe
  C:\Windows\System\iNKOrxT.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\kuEpucb.exe
  C:\Windows\System\kuEpucb.exe
  2⤵
  - Executes dropped EXE
  PID:2620
- C:\Windows\System\yxdfTML.exe
  C:\Windows\System\yxdfTML.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\zngyvSK.exe
  C:\Windows\System\zngyvSK.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\RvUtwBX.exe
  C:\Windows\System\RvUtwBX.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\zGzmtpr.exe
  C:\Windows\System\zGzmtpr.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\gAPrnxr.exe
  C:\Windows\System\gAPrnxr.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\bRsHAnW.exe
  C:\Windows\System\bRsHAnW.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\gfbZeEI.exe
  C:\Windows\System\gfbZeEI.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\pGzAuib.exe
  C:\Windows\System\pGzAuib.exe
  2⤵
  - Executes dropped EXE
  PID:2976
- C:\Windows\System\lvlPjKN.exe
  C:\Windows\System\lvlPjKN.exe
  2⤵
  - Executes dropped EXE
  PID:1296
- C:\Windows\System\NmlMePU.exe
  C:\Windows\System\NmlMePU.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\pNOBWVl.exe
  C:\Windows\System\pNOBWVl.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\fHGQBbo.exe
  C:\Windows\System\fHGQBbo.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\EAoTjvV.exe
  C:\Windows\System\EAoTjvV.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\BqXHaiZ.exe
  C:\Windows\System\BqXHaiZ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\sbinxup.exe
  C:\Windows\System\sbinxup.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\NMLbnmS.exe
  C:\Windows\System\NMLbnmS.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\fTzUnaY.exe
  C:\Windows\System\fTzUnaY.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\FVLhjgC.exe
  C:\Windows\System\FVLhjgC.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\xWuQsbE.exe
  C:\Windows\System\xWuQsbE.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\QQrrwef.exe
  C:\Windows\System\QQrrwef.exe
  2⤵
  - Executes dropped EXE
  PID:852
- C:\Windows\System\xcUgZNn.exe
  C:\Windows\System\xcUgZNn.exe
  2⤵
  - Executes dropped EXE
  PID:2808
- C:\Windows\System\lrhpVZf.exe
  C:\Windows\System\lrhpVZf.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\SkbcPFT.exe
  C:\Windows\System\SkbcPFT.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\KNDedvV.exe
  C:\Windows\System\KNDedvV.exe
  2⤵
  - Executes dropped EXE
  PID:924
- C:\Windows\System\WTcRdhL.exe
  C:\Windows\System\WTcRdhL.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\UsxTrjt.exe
  C:\Windows\System\UsxTrjt.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\XutEPYS.exe
  C:\Windows\System\XutEPYS.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\RdDAypw.exe
  C:\Windows\System\RdDAypw.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\MQhOpHL.exe
  C:\Windows\System\MQhOpHL.exe
  2⤵
  - Executes dropped EXE
  PID:1000
- C:\Windows\System\mUWCVvo.exe
  C:\Windows\System\mUWCVvo.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\mWzSUvY.exe
  C:\Windows\System\mWzSUvY.exe
  2⤵
  - Executes dropped EXE
  PID:968
- C:\Windows\System\zBqoXUs.exe
  C:\Windows\System\zBqoXUs.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\clShndG.exe
  C:\Windows\System\clShndG.exe
  2⤵
  - Executes dropped EXE
  PID:716
- C:\Windows\System\rRaoEOv.exe
  C:\Windows\System\rRaoEOv.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\GLAJNKA.exe
  C:\Windows\System\GLAJNKA.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\XXvDBMt.exe
  C:\Windows\System\XXvDBMt.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\wBrdqST.exe
  C:\Windows\System\wBrdqST.exe
  2⤵
  - Executes dropped EXE
  PID:2008
- C:\Windows\System\MhjrXti.exe
  C:\Windows\System\MhjrXti.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\salYPCx.exe
  C:\Windows\System\salYPCx.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\nplkRdE.exe
  C:\Windows\System\nplkRdE.exe
  2⤵
  - Executes dropped EXE
  PID:2356
- C:\Windows\System\BepGngU.exe
  C:\Windows\System\BepGngU.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\hhQylhO.exe
  C:\Windows\System\hhQylhO.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\XkbsUEd.exe
  C:\Windows\System\XkbsUEd.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\NJcjKUg.exe
  C:\Windows\System\NJcjKUg.exe
  2⤵
  - Executes dropped EXE
  PID:1508
- C:\Windows\System\lzOQzWw.exe
  C:\Windows\System\lzOQzWw.exe
  2⤵
  - Executes dropped EXE
  PID:1752
- C:\Windows\System\cVMtgVR.exe
  C:\Windows\System\cVMtgVR.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\VHHttnk.exe
  C:\Windows\System\VHHttnk.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\KrWjFAq.exe
  C:\Windows\System\KrWjFAq.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\pvVabnX.exe
  C:\Windows\System\pvVabnX.exe
  2⤵
  PID:2528
- C:\Windows\System\GAQuKTp.exe
  C:\Windows\System\GAQuKTp.exe
  2⤵
  - Executes dropped EXE
  PID:648
- C:\Windows\System\lJgQcbS.exe
  C:\Windows\System\lJgQcbS.exe
  2⤵
  PID:1940
- C:\Windows\System\mSnGXdw.exe
  C:\Windows\System\mSnGXdw.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\EVHUueP.exe
  C:\Windows\System\EVHUueP.exe
  2⤵
  PID:1668
- C:\Windows\System\XHxiFxm.exe
  C:\Windows\System\XHxiFxm.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\roXLobk.exe
  C:\Windows\System\roXLobk.exe
  2⤵
  PID:1260
- C:\Windows\System\UUhcsdk.exe
  C:\Windows\System\UUhcsdk.exe
  2⤵
  PID:1916
- C:\Windows\System\kqUoAMb.exe
  C:\Windows\System\kqUoAMb.exe
  2⤵
  PID:1156
- C:\Windows\System\TXVbwAR.exe
  C:\Windows\System\TXVbwAR.exe
  2⤵
  PID:2328
- C:\Windows\System\RkqftNI.exe
  C:\Windows\System\RkqftNI.exe
  2⤵
  PID:1648
- C:\Windows\System\KruhuRH.exe
  C:\Windows\System\KruhuRH.exe
  2⤵
  PID:568
- C:\Windows\System\bOaXsgj.exe
  C:\Windows\System\bOaXsgj.exe
  2⤵
  PID:2060
- C:\Windows\System\SYzKoXm.exe
  C:\Windows\System\SYzKoXm.exe
  2⤵
  PID:2188
- C:\Windows\System\cwrFJls.exe
  C:\Windows\System\cwrFJls.exe
  2⤵
  PID:2912
- C:\Windows\System\OYwGHac.exe
  C:\Windows\System\OYwGHac.exe
  2⤵
  PID:2700
- C:\Windows\System\LPOXQUK.exe
  C:\Windows\System\LPOXQUK.exe
  2⤵
  PID:2272
- C:\Windows\System\NXxpbdO.exe
  C:\Windows\System\NXxpbdO.exe
  2⤵
  PID:2116
- C:\Windows\System\stsfvvq.exe
  C:\Windows\System\stsfvvq.exe
  2⤵
  PID:1972
- C:\Windows\System\owkTbVZ.exe
  C:\Windows\System\owkTbVZ.exe
  2⤵
  PID:2584
- C:\Windows\System\SYhXjPd.exe
  C:\Windows\System\SYhXjPd.exe
  2⤵
  PID:2824
- C:\Windows\System\qMusNjM.exe
  C:\Windows\System\qMusNjM.exe
  2⤵
  PID:2276
- C:\Windows\System\leAeNnb.exe
  C:\Windows\System\leAeNnb.exe
  2⤵
  PID:2416
- C:\Windows\System\ulPVOBi.exe
  C:\Windows\System\ulPVOBi.exe
  2⤵
  PID:1724
- C:\Windows\System\OUeHtcr.exe
  C:\Windows\System\OUeHtcr.exe
  2⤵
  PID:2168
- C:\Windows\System\ZDMgVpQ.exe
  C:\Windows\System\ZDMgVpQ.exe
  2⤵
  PID:1384
- C:\Windows\System\dvrGmCM.exe
  C:\Windows\System\dvrGmCM.exe
  2⤵
  PID:2364
- C:\Windows\System\uPgAGsG.exe
  C:\Windows\System\uPgAGsG.exe
  2⤵
  PID:1628
- C:\Windows\System\ZNSsGKh.exe
  C:\Windows\System\ZNSsGKh.exe
  2⤵
  PID:3004
- C:\Windows\System\RZNeAwp.exe
  C:\Windows\System\RZNeAwp.exe
  2⤵
  PID:3028
- C:\Windows\System\XeotKZj.exe
  C:\Windows\System\XeotKZj.exe
  2⤵
  PID:2708
- C:\Windows\System\onTnaID.exe
  C:\Windows\System\onTnaID.exe
  2⤵
  PID:2668
- C:\Windows\System\FspKKsU.exe
  C:\Windows\System\FspKKsU.exe
  2⤵
  PID:832
- C:\Windows\System\TtrgYjK.exe
  C:\Windows\System\TtrgYjK.exe
  2⤵
  PID:2864
- C:\Windows\System\UEVJMkT.exe
  C:\Windows\System\UEVJMkT.exe
  2⤵
  PID:880
- C:\Windows\System\rSSsNJb.exe
  C:\Windows\System\rSSsNJb.exe
  2⤵
  PID:1676
- C:\Windows\System\CbhGoxw.exe
  C:\Windows\System\CbhGoxw.exe
  2⤵
  PID:1512
- C:\Windows\System\NkcZCFB.exe
  C:\Windows\System\NkcZCFB.exe
  2⤵
  PID:2624
- C:\Windows\System\kqbSKGF.exe
  C:\Windows\System\kqbSKGF.exe
  2⤵
  PID:2492
- C:\Windows\System\ZXIsHqK.exe
  C:\Windows\System\ZXIsHqK.exe
  2⤵
  PID:1036
- C:\Windows\System\RITcmyn.exe
  C:\Windows\System\RITcmyn.exe
  2⤵
  PID:2136
- C:\Windows\System\XnfDdBY.exe
  C:\Windows\System\XnfDdBY.exe
  2⤵
  PID:2352
- C:\Windows\System\FHQyJms.exe
  C:\Windows\System\FHQyJms.exe
  2⤵
  PID:2148
- C:\Windows\System\brtEDGx.exe
  C:\Windows\System\brtEDGx.exe
  2⤵
  PID:3044
- C:\Windows\System\oyOBoFf.exe
  C:\Windows\System\oyOBoFf.exe
  2⤵
  PID:1712
- C:\Windows\System\GvPrzsj.exe
  C:\Windows\System\GvPrzsj.exe
  2⤵
  PID:3008
- C:\Windows\System\giogtmF.exe
  C:\Windows\System\giogtmF.exe
  2⤵
  PID:3012
- C:\Windows\System\pvYuMLw.exe
  C:\Windows\System\pvYuMLw.exe
  2⤵
  PID:2212
- C:\Windows\System\GsefyvK.exe
  C:\Windows\System\GsefyvK.exe
  2⤵
  PID:2392
- C:\Windows\System\bhELHZR.exe
  C:\Windows\System\bhELHZR.exe
  2⤵
  PID:2140
- C:\Windows\System\DoXKLsU.exe
  C:\Windows\System\DoXKLsU.exe
  2⤵
  PID:448
- C:\Windows\System\SxuNkdO.exe
  C:\Windows\System\SxuNkdO.exe
  2⤵
  PID:2692
- C:\Windows\System\edQaLOx.exe
  C:\Windows\System\edQaLOx.exe
  2⤵
  PID:3068
- C:\Windows\System\GunNMyr.exe
  C:\Windows\System\GunNMyr.exe
  2⤵
  PID:3060
- C:\Windows\System\wFTBhrS.exe
  C:\Windows\System\wFTBhrS.exe
  2⤵
  PID:3076
- C:\Windows\System\pvNsnHl.exe
  C:\Windows\System\pvNsnHl.exe
  2⤵
  PID:3100
- C:\Windows\System\pRodpyX.exe
  C:\Windows\System\pRodpyX.exe
  2⤵
  PID:3120
- C:\Windows\System\ZYfkFyq.exe
  C:\Windows\System\ZYfkFyq.exe
  2⤵
  PID:3136
- C:\Windows\System\yuaSEvL.exe
  C:\Windows\System\yuaSEvL.exe
  2⤵
  PID:3160
- C:\Windows\System\FWuRpoH.exe
  C:\Windows\System\FWuRpoH.exe
  2⤵
  PID:3176
- C:\Windows\System\gqhwNZi.exe
  C:\Windows\System\gqhwNZi.exe
  2⤵
  PID:3200
- C:\Windows\System\fWKfxft.exe
  C:\Windows\System\fWKfxft.exe
  2⤵
  PID:3220
- C:\Windows\System\xfEpXkW.exe
  C:\Windows\System\xfEpXkW.exe
  2⤵
  PID:3236
- C:\Windows\System\BDpEUUT.exe
  C:\Windows\System\BDpEUUT.exe
  2⤵
  PID:3256
- C:\Windows\System\wSHikkj.exe
  C:\Windows\System\wSHikkj.exe
  2⤵
  PID:3280
- C:\Windows\System\nDiSCQD.exe
  C:\Windows\System\nDiSCQD.exe
  2⤵
  PID:3296
- C:\Windows\System\aePMfri.exe
  C:\Windows\System\aePMfri.exe
  2⤵
  PID:3320
- C:\Windows\System\kQnKEFO.exe
  C:\Windows\System\kQnKEFO.exe
  2⤵
  PID:3336
- C:\Windows\System\BlKHDgQ.exe
  C:\Windows\System\BlKHDgQ.exe
  2⤵
  PID:3356
- C:\Windows\System\jlGjQDr.exe
  C:\Windows\System\jlGjQDr.exe
  2⤵
  PID:3376
- C:\Windows\System\oitFAxp.exe
  C:\Windows\System\oitFAxp.exe
  2⤵
  PID:3400
- C:\Windows\System\QZytpEC.exe
  C:\Windows\System\QZytpEC.exe
  2⤵
  PID:3420
- C:\Windows\System\uXVntht.exe
  C:\Windows\System\uXVntht.exe
  2⤵
  PID:3436
- C:\Windows\System\fUSJQpt.exe
  C:\Windows\System\fUSJQpt.exe
  2⤵
  PID:3456
- C:\Windows\System\DZriJFV.exe
  C:\Windows\System\DZriJFV.exe
  2⤵
  PID:3472
- C:\Windows\System\dKPElJU.exe
  C:\Windows\System\dKPElJU.exe
  2⤵
  PID:3496
- C:\Windows\System\yajOSac.exe
  C:\Windows\System\yajOSac.exe
  2⤵
  PID:3516
- C:\Windows\System\xFxaCEq.exe
  C:\Windows\System\xFxaCEq.exe
  2⤵
  PID:3532
- C:\Windows\System\zlTdfSJ.exe
  C:\Windows\System\zlTdfSJ.exe
  2⤵
  PID:3556
- C:\Windows\System\QfAJGPc.exe
  C:\Windows\System\QfAJGPc.exe
  2⤵
  PID:3576
- C:\Windows\System\dciHNou.exe
  C:\Windows\System\dciHNou.exe
  2⤵
  PID:3592
- C:\Windows\System\AXYLCci.exe
  C:\Windows\System\AXYLCci.exe
  2⤵
  PID:3616
- C:\Windows\System\XgTQoUb.exe
  C:\Windows\System\XgTQoUb.exe
  2⤵
  PID:3632
- C:\Windows\System\ytEUyzE.exe
  C:\Windows\System\ytEUyzE.exe
  2⤵
  PID:3652
- C:\Windows\System\JpIaZNS.exe
  C:\Windows\System\JpIaZNS.exe
  2⤵
  PID:3676
- C:\Windows\System\YaGbCTE.exe
  C:\Windows\System\YaGbCTE.exe
  2⤵
  PID:3704
- C:\Windows\System\NsvjDwi.exe
  C:\Windows\System\NsvjDwi.exe
  2⤵
  PID:3720
- C:\Windows\System\WGvgTKs.exe
  C:\Windows\System\WGvgTKs.exe
  2⤵
  PID:3736
- C:\Windows\System\pniKeWB.exe
  C:\Windows\System\pniKeWB.exe
  2⤵
  PID:3756
- C:\Windows\System\OIxZawE.exe
  C:\Windows\System\OIxZawE.exe
  2⤵
  PID:3776
- C:\Windows\System\Aqwdruh.exe
  C:\Windows\System\Aqwdruh.exe
  2⤵
  PID:3792
- C:\Windows\System\GiSFavB.exe
  C:\Windows\System\GiSFavB.exe
  2⤵
  PID:3808
- C:\Windows\System\ZTFzHoM.exe
  C:\Windows\System\ZTFzHoM.exe
  2⤵
  PID:3828
- C:\Windows\System\lJovfym.exe
  C:\Windows\System\lJovfym.exe
  2⤵
  PID:3844
- C:\Windows\System\QYlXmUZ.exe
  C:\Windows\System\QYlXmUZ.exe
  2⤵
  PID:3860
- C:\Windows\System\vEYGpQI.exe
  C:\Windows\System\vEYGpQI.exe
  2⤵
  PID:3880
- C:\Windows\System\NYutBrh.exe
  C:\Windows\System\NYutBrh.exe
  2⤵
  PID:3896
- C:\Windows\System\SPqgAYT.exe
  C:\Windows\System\SPqgAYT.exe
  2⤵
  PID:3912
- C:\Windows\System\aIMMhQk.exe
  C:\Windows\System\aIMMhQk.exe
  2⤵
  PID:3936
- C:\Windows\System\gAPIHeg.exe
  C:\Windows\System\gAPIHeg.exe
  2⤵
  PID:3984
- C:\Windows\System\ULyyaVv.exe
  C:\Windows\System\ULyyaVv.exe
  2⤵
  PID:4000
- C:\Windows\System\dbzYxkW.exe
  C:\Windows\System\dbzYxkW.exe
  2⤵
  PID:4020
- C:\Windows\System\sLCUVIB.exe
  C:\Windows\System\sLCUVIB.exe
  2⤵
  PID:4036
- C:\Windows\System\miesmcG.exe
  C:\Windows\System\miesmcG.exe
  2⤵
  PID:4052
- C:\Windows\System\qQdirUr.exe
  C:\Windows\System\qQdirUr.exe
  2⤵
  PID:4068
- C:\Windows\System\EVDXPtU.exe
  C:\Windows\System\EVDXPtU.exe
  2⤵
  PID:4092
- C:\Windows\System\rpYLaQM.exe
  C:\Windows\System\rpYLaQM.exe
  2⤵
  PID:2016
- C:\Windows\System\HYRVopX.exe
  C:\Windows\System\HYRVopX.exe
  2⤵
  PID:2384
- C:\Windows\System\xYoLdeO.exe
  C:\Windows\System\xYoLdeO.exe
  2⤵
  PID:1516
- C:\Windows\System\yvZaHFU.exe
  C:\Windows\System\yvZaHFU.exe
  2⤵
  PID:1632
- C:\Windows\System\YWLmFWD.exe
  C:\Windows\System\YWLmFWD.exe
  2⤵
  PID:1312
- C:\Windows\System\vnXicSb.exe
  C:\Windows\System\vnXicSb.exe
  2⤵
  PID:2744
- C:\Windows\System\JGBxRSG.exe
  C:\Windows\System\JGBxRSG.exe
  2⤵
  PID:2332
- C:\Windows\System\NNlRiNA.exe
  C:\Windows\System\NNlRiNA.exe
  2⤵
  PID:3112
- C:\Windows\System\oSzlypP.exe
  C:\Windows\System\oSzlypP.exe
  2⤵
  PID:3096
- C:\Windows\System\gZzCinT.exe
  C:\Windows\System\gZzCinT.exe
  2⤵
  PID:3148
- C:\Windows\System\lbRyeBB.exe
  C:\Windows\System\lbRyeBB.exe
  2⤵
  PID:3168
- C:\Windows\System\RQdFfXW.exe
  C:\Windows\System\RQdFfXW.exe
  2⤵
  PID:3172
- C:\Windows\System\aCQajwP.exe
  C:\Windows\System\aCQajwP.exe
  2⤵
  PID:3272
- C:\Windows\System\DKSTTNM.exe
  C:\Windows\System\DKSTTNM.exe
  2⤵
  PID:3316
- C:\Windows\System\agdWmpv.exe
  C:\Windows\System\agdWmpv.exe
  2⤵
  PID:3384
- C:\Windows\System\QKLSZMj.exe
  C:\Windows\System\QKLSZMj.exe
  2⤵
  PID:3428
- C:\Windows\System\tBOWOoI.exe
  C:\Windows\System\tBOWOoI.exe
  2⤵
  PID:3504
- C:\Windows\System\mPLkzVu.exe
  C:\Windows\System\mPLkzVu.exe
  2⤵
  PID:3328
- C:\Windows\System\OXMuYWy.exe
  C:\Windows\System\OXMuYWy.exe
  2⤵
  PID:3540
- C:\Windows\System\lBtjjsU.exe
  C:\Windows\System\lBtjjsU.exe
  2⤵
  PID:3588
- C:\Windows\System\HTYtJiF.exe
  C:\Windows\System\HTYtJiF.exe
  2⤵
  PID:3672
- C:\Windows\System\boUHFmL.exe
  C:\Windows\System\boUHFmL.exe
  2⤵
  PID:3744
- C:\Windows\System\kHySpxo.exe
  C:\Windows\System\kHySpxo.exe
  2⤵
  PID:3372
- C:\Windows\System\VViyFBS.exe
  C:\Windows\System\VViyFBS.exe
  2⤵
  PID:3444
- C:\Windows\System\asGJPHA.exe
  C:\Windows\System\asGJPHA.exe
  2⤵
  PID:3856
- C:\Windows\System\sCSKZKa.exe
  C:\Windows\System\sCSKZKa.exe
  2⤵
  PID:3888
- C:\Windows\System\SJNUlBD.exe
  C:\Windows\System\SJNUlBD.exe
  2⤵
  PID:3928
- C:\Windows\System\uAgfsUA.exe
  C:\Windows\System\uAgfsUA.exe
  2⤵
  PID:3608
- C:\Windows\System\imaYjzz.exe
  C:\Windows\System\imaYjzz.exe
  2⤵
  PID:3692
- C:\Windows\System\EecQHyf.exe
  C:\Windows\System\EecQHyf.exe
  2⤵
  PID:3908
- C:\Windows\System\eGrutrD.exe
  C:\Windows\System\eGrutrD.exe
  2⤵
  PID:3836
- C:\Windows\System\cfVcAYx.exe
  C:\Windows\System\cfVcAYx.exe
  2⤵
  PID:3732
- C:\Windows\System\dIFjOQg.exe
  C:\Windows\System\dIFjOQg.exe
  2⤵
  PID:3992
- C:\Windows\System\CYavzzC.exe
  C:\Windows\System\CYavzzC.exe
  2⤵
  PID:3952
- C:\Windows\System\EHqTCOM.exe
  C:\Windows\System\EHqTCOM.exe
  2⤵
  PID:4060
- C:\Windows\System\HYXNpkt.exe
  C:\Windows\System\HYXNpkt.exe
  2⤵
  PID:848
- C:\Windows\System\kWRxVVP.exe
  C:\Windows\System\kWRxVVP.exe
  2⤵
  PID:1612
- C:\Windows\System\pwxBKLK.exe
  C:\Windows\System\pwxBKLK.exe
  2⤵
  PID:4012
- C:\Windows\System\ZXAUCOi.exe
  C:\Windows\System\ZXAUCOi.exe
  2⤵
  PID:4044
- C:\Windows\System\oCKyNln.exe
  C:\Windows\System\oCKyNln.exe
  2⤵
  PID:4080
- C:\Windows\System\ZlQimpn.exe
  C:\Windows\System\ZlQimpn.exe
  2⤵
  PID:2428
- C:\Windows\System\GVqWYRP.exe
  C:\Windows\System\GVqWYRP.exe
  2⤵
  PID:2500
- C:\Windows\System\yHgWJZa.exe
  C:\Windows\System\yHgWJZa.exe
  2⤵
  PID:1664
- C:\Windows\System\rQdwGpX.exe
  C:\Windows\System\rQdwGpX.exe
  2⤵
  PID:3084
- C:\Windows\System\RJlEZOO.exe
  C:\Windows\System\RJlEZOO.exe
  2⤵
  PID:3192
- C:\Windows\System\ZAgZJTw.exe
  C:\Windows\System\ZAgZJTw.exe
  2⤵
  PID:3268
- C:\Windows\System\BRAvomv.exe
  C:\Windows\System\BRAvomv.exe
  2⤵
  PID:3208
- C:\Windows\System\lnBhkld.exe
  C:\Windows\System\lnBhkld.exe
  2⤵
  PID:3660
- C:\Windows\System\aRyBGBS.exe
  C:\Windows\System\aRyBGBS.exe
  2⤵
  PID:3584
- C:\Windows\System\UkFmnWc.exe
  C:\Windows\System\UkFmnWc.exe
  2⤵
  PID:3492
- C:\Windows\System\JuoEZOC.exe
  C:\Windows\System\JuoEZOC.exe
  2⤵
  PID:3924
- C:\Windows\System\lCrGJaD.exe
  C:\Windows\System\lCrGJaD.exe
  2⤵
  PID:3412
- C:\Windows\System\qsgpNJA.exe
  C:\Windows\System\qsgpNJA.exe
  2⤵
  PID:3512
- C:\Windows\System\tCxWrsH.exe
  C:\Windows\System\tCxWrsH.exe
  2⤵
  PID:3868
- C:\Windows\System\yQdfvne.exe
  C:\Windows\System\yQdfvne.exe
  2⤵
  PID:3480
- C:\Windows\System\TdIbfKs.exe
  C:\Windows\System\TdIbfKs.exe
  2⤵
  PID:3600
- C:\Windows\System\tkHBIQs.exe
  C:\Windows\System\tkHBIQs.exe
  2⤵
  PID:3980
- C:\Windows\System\XNbFQbi.exe
  C:\Windows\System\XNbFQbi.exe
  2⤵
  PID:2576
- C:\Windows\System\QIQkFjC.exe
  C:\Windows\System\QIQkFjC.exe
  2⤵
  PID:3944
- C:\Windows\System\oyXIKed.exe
  C:\Windows\System\oyXIKed.exe
  2⤵
  PID:3108
- C:\Windows\System\dPYvcbl.exe
  C:\Windows\System\dPYvcbl.exe
  2⤵
  PID:3876
- C:\Windows\System\sKEBPmU.exe
  C:\Windows\System\sKEBPmU.exe
  2⤵
  PID:1144
- C:\Windows\System\FLhaLLz.exe
  C:\Windows\System\FLhaLLz.exe
  2⤵
  PID:2628
- C:\Windows\System\DOWTcmE.exe
  C:\Windows\System\DOWTcmE.exe
  2⤵
  PID:2468
- C:\Windows\System\pUEZghT.exe
  C:\Windows\System\pUEZghT.exe
  2⤵
  PID:2260
- C:\Windows\System\BgzSwpu.exe
  C:\Windows\System\BgzSwpu.exe
  2⤵
  PID:3212
- C:\Windows\System\tkTKsiL.exe
  C:\Windows\System\tkTKsiL.exe
  2⤵
  PID:3784
- C:\Windows\System\CBDYJEw.exe
  C:\Windows\System\CBDYJEw.exe
  2⤵
  PID:3368
- C:\Windows\System\OglMwfq.exe
  C:\Windows\System\OglMwfq.exe
  2⤵
  PID:3292
- C:\Windows\System\QUfgFbN.exe
  C:\Windows\System\QUfgFbN.exe
  2⤵
  PID:3452
- C:\Windows\System\tnnTnnW.exe
  C:\Windows\System\tnnTnnW.exe
  2⤵
  PID:3628
- C:\Windows\System\xLAoFOT.exe
  C:\Windows\System\xLAoFOT.exe
  2⤵
  PID:4112
- C:\Windows\System\QZczLVk.exe
  C:\Windows\System\QZczLVk.exe
  2⤵
  PID:4132
- C:\Windows\System\HJHTkRl.exe
  C:\Windows\System\HJHTkRl.exe
  2⤵
  PID:4148
- C:\Windows\System\KRbrePI.exe
  C:\Windows\System\KRbrePI.exe
  2⤵
  PID:4164
- C:\Windows\System\ueHPDAd.exe
  C:\Windows\System\ueHPDAd.exe
  2⤵
  PID:4180
- C:\Windows\System\uvTApSy.exe
  C:\Windows\System\uvTApSy.exe
  2⤵
  PID:4196
- C:\Windows\System\UrLvRVK.exe
  C:\Windows\System\UrLvRVK.exe
  2⤵
  PID:4224
- C:\Windows\System\COFKbpE.exe
  C:\Windows\System\COFKbpE.exe
  2⤵
  PID:4248
- C:\Windows\System\PDnhUbs.exe
  C:\Windows\System\PDnhUbs.exe
  2⤵
  PID:4264
- C:\Windows\System\rKCceNT.exe
  C:\Windows\System\rKCceNT.exe
  2⤵
  PID:4288
- C:\Windows\System\tDqHRPZ.exe
  C:\Windows\System\tDqHRPZ.exe
  2⤵
  PID:4308
- C:\Windows\System\QhfDtrh.exe
  C:\Windows\System\QhfDtrh.exe
  2⤵
  PID:4352
- C:\Windows\System\aIZJrUW.exe
  C:\Windows\System\aIZJrUW.exe
  2⤵
  PID:4372
- C:\Windows\System\WZPxWxI.exe
  C:\Windows\System\WZPxWxI.exe
  2⤵
  PID:4392
- C:\Windows\System\NCbxXPp.exe
  C:\Windows\System\NCbxXPp.exe
  2⤵
  PID:4408
- C:\Windows\System\vVZjdUy.exe
  C:\Windows\System\vVZjdUy.exe
  2⤵
  PID:4424
- C:\Windows\System\QGhNBvB.exe
  C:\Windows\System\QGhNBvB.exe
  2⤵
  PID:4440
- C:\Windows\System\iMixkKd.exe
  C:\Windows\System\iMixkKd.exe
  2⤵
  PID:4460
- C:\Windows\System\ZeffSEy.exe
  C:\Windows\System\ZeffSEy.exe
  2⤵
  PID:4480
- C:\Windows\System\ffNrNlw.exe
  C:\Windows\System\ffNrNlw.exe
  2⤵
  PID:4500
- C:\Windows\System\tIuBREC.exe
  C:\Windows\System\tIuBREC.exe
  2⤵
  PID:4520
- C:\Windows\System\iRditHm.exe
  C:\Windows\System\iRditHm.exe
  2⤵
  PID:4536
- C:\Windows\System\fhORjvP.exe
  C:\Windows\System\fhORjvP.exe
  2⤵
  PID:4560
- C:\Windows\System\MptlFHm.exe
  C:\Windows\System\MptlFHm.exe
  2⤵
  PID:4596
- C:\Windows\System\TuDOnXZ.exe
  C:\Windows\System\TuDOnXZ.exe
  2⤵
  PID:4612
- C:\Windows\System\ifwXZzm.exe
  C:\Windows\System\ifwXZzm.exe
  2⤵
  PID:4632
- C:\Windows\System\MqUCdpp.exe
  C:\Windows\System\MqUCdpp.exe
  2⤵
  PID:4652
- C:\Windows\System\mOIRDSX.exe
  C:\Windows\System\mOIRDSX.exe
  2⤵
  PID:4680
- C:\Windows\System\gshdFLe.exe
  C:\Windows\System\gshdFLe.exe
  2⤵
  PID:4696
- C:\Windows\System\uHOtqkW.exe
  C:\Windows\System\uHOtqkW.exe
  2⤵
  PID:4712
- C:\Windows\System\mhXYEKX.exe
  C:\Windows\System\mhXYEKX.exe
  2⤵
  PID:4732
- C:\Windows\System\OGGsahb.exe
  C:\Windows\System\OGGsahb.exe
  2⤵
  PID:4752
- C:\Windows\System\mcCMvSc.exe
  C:\Windows\System\mcCMvSc.exe
  2⤵
  PID:4776
- C:\Windows\System\zqJvadK.exe
  C:\Windows\System\zqJvadK.exe
  2⤵
  PID:4804
- C:\Windows\System\AMDrOsk.exe
  C:\Windows\System\AMDrOsk.exe
  2⤵
  PID:4824
- C:\Windows\System\IeIRiNg.exe
  C:\Windows\System\IeIRiNg.exe
  2⤵
  PID:4840
- C:\Windows\System\ErKPbLk.exe
  C:\Windows\System\ErKPbLk.exe
  2⤵
  PID:4860
- C:\Windows\System\IdKRjpq.exe
  C:\Windows\System\IdKRjpq.exe
  2⤵
  PID:4880
- C:\Windows\System\APGABXj.exe
  C:\Windows\System\APGABXj.exe
  2⤵
  PID:4900
- C:\Windows\System\XfSbBOS.exe
  C:\Windows\System\XfSbBOS.exe
  2⤵
  PID:4920
- C:\Windows\System\mqUZVmb.exe
  C:\Windows\System\mqUZVmb.exe
  2⤵
  PID:4936
- C:\Windows\System\FylEqQo.exe
  C:\Windows\System\FylEqQo.exe
  2⤵
  PID:4952
- C:\Windows\System\ICMrvLk.exe
  C:\Windows\System\ICMrvLk.exe
  2⤵
  PID:4972
- C:\Windows\System\dzVvYGy.exe
  C:\Windows\System\dzVvYGy.exe
  2⤵
  PID:4988
- C:\Windows\System\gQOAIey.exe
  C:\Windows\System\gQOAIey.exe
  2⤵
  PID:5012
- C:\Windows\System\usqzVbw.exe
  C:\Windows\System\usqzVbw.exe
  2⤵
  PID:5028
- C:\Windows\System\jVzcanw.exe
  C:\Windows\System\jVzcanw.exe
  2⤵
  PID:5052
- C:\Windows\System\BKuKeMg.exe
  C:\Windows\System\BKuKeMg.exe
  2⤵
  PID:5068
- C:\Windows\System\FOQDWVt.exe
  C:\Windows\System\FOQDWVt.exe
  2⤵
  PID:5088
- C:\Windows\System\fOnAAyS.exe
  C:\Windows\System\fOnAAyS.exe
  2⤵
  PID:5112
- C:\Windows\System\PFStMGB.exe
  C:\Windows\System\PFStMGB.exe
  2⤵
  PID:3904
- C:\Windows\System\BXWthdm.exe
  C:\Windows\System\BXWthdm.exe
  2⤵
  PID:3488
- C:\Windows\System\aPULooT.exe
  C:\Windows\System\aPULooT.exe
  2⤵
  PID:3304
- C:\Windows\System\IWwBWrF.exe
  C:\Windows\System\IWwBWrF.exe
  2⤵
  PID:3396
- C:\Windows\System\NfbtWOI.exe
  C:\Windows\System\NfbtWOI.exe
  2⤵
  PID:4124
- C:\Windows\System\tdMRrDx.exe
  C:\Windows\System\tdMRrDx.exe
  2⤵
  PID:3684
- C:\Windows\System\jrHklrF.exe
  C:\Windows\System\jrHklrF.exe
  2⤵
  PID:3188
- C:\Windows\System\OcRSwdo.exe
  C:\Windows\System\OcRSwdo.exe
  2⤵
  PID:4188
- C:\Windows\System\UPAvEqB.exe
  C:\Windows\System\UPAvEqB.exe
  2⤵
  PID:4240
- C:\Windows\System\gFmkURz.exe
  C:\Windows\System\gFmkURz.exe
  2⤵
  PID:4284
- C:\Windows\System\dnqEYrP.exe
  C:\Windows\System\dnqEYrP.exe
  2⤵
  PID:3772
- C:\Windows\System\BCWOXth.exe
  C:\Windows\System\BCWOXth.exe
  2⤵
  PID:4336
- C:\Windows\System\ZCPgbIZ.exe
  C:\Windows\System\ZCPgbIZ.exe
  2⤵
  PID:3128
- C:\Windows\System\ckLqlon.exe
  C:\Windows\System\ckLqlon.exe
  2⤵
  PID:3364
- C:\Windows\System\RxKLTkr.exe
  C:\Windows\System\RxKLTkr.exe
  2⤵
  PID:3964
- C:\Windows\System\opFayAk.exe
  C:\Windows\System\opFayAk.exe
  2⤵
  PID:4416
- C:\Windows\System\TwtNxlX.exe
  C:\Windows\System\TwtNxlX.exe
  2⤵
  PID:4172
- C:\Windows\System\TtuTNsm.exe
  C:\Windows\System\TtuTNsm.exe
  2⤵
  PID:4216
- C:\Windows\System\MyOwhTp.exe
  C:\Windows\System\MyOwhTp.exe
  2⤵
  PID:4296
- C:\Windows\System\fvVBmqo.exe
  C:\Windows\System\fvVBmqo.exe
  2⤵
  PID:4456
- C:\Windows\System\NshaEMS.exe
  C:\Windows\System\NshaEMS.exe
  2⤵
  PID:4368
- C:\Windows\System\erHOgOC.exe
  C:\Windows\System\erHOgOC.exe
  2⤵
  PID:4404
- C:\Windows\System\NHhPKbm.exe
  C:\Windows\System\NHhPKbm.exe
  2⤵
  PID:4580
- C:\Windows\System\mTPIXhN.exe
  C:\Windows\System\mTPIXhN.exe
  2⤵
  PID:4588
- C:\Windows\System\uSIOPzm.exe
  C:\Windows\System\uSIOPzm.exe
  2⤵
  PID:4432
- C:\Windows\System\pUAFLnT.exe
  C:\Windows\System\pUAFLnT.exe
  2⤵
  PID:4508
- C:\Windows\System\kZZppIa.exe
  C:\Windows\System\kZZppIa.exe
  2⤵
  PID:4604
- C:\Windows\System\KKAZbSE.exe
  C:\Windows\System\KKAZbSE.exe
  2⤵
  PID:4624
- C:\Windows\System\TBEwnUi.exe
  C:\Windows\System\TBEwnUi.exe
  2⤵
  PID:4640
- C:\Windows\System\GxWDxck.exe
  C:\Windows\System\GxWDxck.exe
  2⤵
  PID:4672
- C:\Windows\System\ynilYjB.exe
  C:\Windows\System\ynilYjB.exe
  2⤵
  PID:1804
- C:\Windows\System\uIzfLUl.exe
  C:\Windows\System\uIzfLUl.exe
  2⤵
  PID:4784
- C:\Windows\System\guvcnMC.exe
  C:\Windows\System\guvcnMC.exe
  2⤵
  PID:324
- C:\Windows\System\rSyBWsQ.exe
  C:\Windows\System\rSyBWsQ.exe
  2⤵
  PID:4868
- C:\Windows\System\jRdcYbA.exe
  C:\Windows\System\jRdcYbA.exe
  2⤵
  PID:4944
- C:\Windows\System\wwqITsM.exe
  C:\Windows\System\wwqITsM.exe
  2⤵
  PID:4764
- C:\Windows\System\Ohqogbx.exe
  C:\Windows\System\Ohqogbx.exe
  2⤵
  PID:5020
- C:\Windows\System\HLdIhXO.exe
  C:\Windows\System\HLdIhXO.exe
  2⤵
  PID:4364
- C:\Windows\System\csIxtbL.exe
  C:\Windows\System\csIxtbL.exe
  2⤵
  PID:2100
- C:\Windows\System\XIHxeMv.exe
  C:\Windows\System\XIHxeMv.exe
  2⤵
  PID:5044
- C:\Windows\System\QDNBjFZ.exe
  C:\Windows\System\QDNBjFZ.exe
  2⤵
  PID:4032
- C:\Windows\System\TZMGKgA.exe
  C:\Windows\System\TZMGKgA.exe
  2⤵
  PID:4064
- C:\Windows\System\ZZwMrlO.exe
  C:\Windows\System\ZZwMrlO.exe
  2⤵
  PID:3312
- C:\Windows\System\uGSJnRV.exe
  C:\Windows\System\uGSJnRV.exe
  2⤵
  PID:2464
- C:\Windows\System\fEWpnNn.exe
  C:\Windows\System\fEWpnNn.exe
  2⤵
  PID:4128
- C:\Windows\System\GwhRKxM.exe
  C:\Windows\System\GwhRKxM.exe
  2⤵
  PID:4280
- C:\Windows\System\WVCbhhj.exe
  C:\Windows\System\WVCbhhj.exe
  2⤵
  PID:3824
- C:\Windows\System\VZmdMbf.exe
  C:\Windows\System\VZmdMbf.exe
  2⤵
  PID:4208
- C:\Windows\System\QTXFfhc.exe
  C:\Windows\System\QTXFfhc.exe
  2⤵
  PID:4420
- C:\Windows\System\JmFehAB.exe
  C:\Windows\System\JmFehAB.exe
  2⤵
  PID:4512
- C:\Windows\System\WovtxcA.exe
  C:\Windows\System\WovtxcA.exe
  2⤵
  PID:3668
- C:\Windows\System\ohlPIZD.exe
  C:\Windows\System\ohlPIZD.exe
  2⤵
  PID:2884
- C:\Windows\System\bTMCjOl.exe
  C:\Windows\System\bTMCjOl.exe
  2⤵
  PID:4748
- C:\Windows\System\DvVnpkq.exe
  C:\Windows\System\DvVnpkq.exe
  2⤵
  PID:4244
- C:\Windows\System\MztKFhi.exe
  C:\Windows\System\MztKFhi.exe
  2⤵
  PID:4948
- C:\Windows\System\mwhGgJy.exe
  C:\Windows\System\mwhGgJy.exe
  2⤵
  PID:3132
- C:\Windows\System\NOhceBJ.exe
  C:\Windows\System\NOhceBJ.exe
  2⤵
  PID:4848
- C:\Windows\System\wodUeuV.exe
  C:\Windows\System\wodUeuV.exe
  2⤵
  PID:4360
- C:\Windows\System\MnrHEtA.exe
  C:\Windows\System\MnrHEtA.exe
  2⤵
  PID:4552
- C:\Windows\System\zTmtniF.exe
  C:\Windows\System\zTmtniF.exe
  2⤵
  PID:4664
- C:\Windows\System\RcyBnZd.exe
  C:\Windows\System\RcyBnZd.exe
  2⤵
  PID:4796
- C:\Windows\System\Csnwrib.exe
  C:\Windows\System\Csnwrib.exe
  2⤵
  PID:4688
- C:\Windows\System\OKHnRFY.exe
  C:\Windows\System\OKHnRFY.exe
  2⤵
  PID:4568
- C:\Windows\System\IxoFuwn.exe
  C:\Windows\System\IxoFuwn.exe
  2⤵
  PID:4176
- C:\Windows\System\dMTixyc.exe
  C:\Windows\System\dMTixyc.exe
  2⤵
  PID:4448
- C:\Windows\System\tiFXIlS.exe
  C:\Windows\System\tiFXIlS.exe
  2⤵
  PID:5040
- C:\Windows\System\wwVUosY.exe
  C:\Windows\System\wwVUosY.exe
  2⤵
  PID:5108
- C:\Windows\System\IsvkIFP.exe
  C:\Windows\System\IsvkIFP.exe
  2⤵
  PID:4772
- C:\Windows\System\WCybiiQ.exe
  C:\Windows\System\WCybiiQ.exe
  2⤵
  PID:5084
- C:\Windows\System\MilkmAf.exe
  C:\Windows\System\MilkmAf.exe
  2⤵
  PID:3232
- C:\Windows\System\MGztJKf.exe
  C:\Windows\System\MGztJKf.exe
  2⤵
  PID:4400
- C:\Windows\System\LynANEM.exe
  C:\Windows\System\LynANEM.exe
  2⤵
  PID:4332
- C:\Windows\System\IZUQrVN.exe
  C:\Windows\System\IZUQrVN.exe
  2⤵
  PID:3788
- C:\Windows\System\DPGAdzN.exe
  C:\Windows\System\DPGAdzN.exe
  2⤵
  PID:2020
- C:\Windows\System\ALZSRdQ.exe
  C:\Windows\System\ALZSRdQ.exe
  2⤵
  PID:4232
- C:\Windows\System\qzREOcg.exe
  C:\Windows\System\qzREOcg.exe
  2⤵
  PID:4852
- C:\Windows\System\JGYSLcY.exe
  C:\Windows\System\JGYSLcY.exe
  2⤵
  PID:2988
- C:\Windows\System\QfisHfR.exe
  C:\Windows\System\QfisHfR.exe
  2⤵
  PID:4832
- C:\Windows\System\EdmuhQj.exe
  C:\Windows\System\EdmuhQj.exe
  2⤵
  PID:5124
- C:\Windows\System\bqbUKqv.exe
  C:\Windows\System\bqbUKqv.exe
  2⤵
  PID:5140
- C:\Windows\System\BauXyzm.exe
  C:\Windows\System\BauXyzm.exe
  2⤵
  PID:5164
- C:\Windows\System\ASlFEBq.exe
  C:\Windows\System\ASlFEBq.exe
  2⤵
  PID:5184
- C:\Windows\System\xfBakRF.exe
  C:\Windows\System\xfBakRF.exe
  2⤵
  PID:5204
- C:\Windows\System\eOKabHk.exe
  C:\Windows\System\eOKabHk.exe
  2⤵
  PID:5220
- C:\Windows\System\GPoycjV.exe
  C:\Windows\System\GPoycjV.exe
  2⤵
  PID:5244
- C:\Windows\System\NvYyYBM.exe
  C:\Windows\System\NvYyYBM.exe
  2⤵
  PID:5260
- C:\Windows\System\MyxaZUJ.exe
  C:\Windows\System\MyxaZUJ.exe
  2⤵
  PID:5276
- C:\Windows\System\HCtmisO.exe
  C:\Windows\System\HCtmisO.exe
  2⤵
  PID:5292
- C:\Windows\System\MgAJQHz.exe
  C:\Windows\System\MgAJQHz.exe
  2⤵
  PID:5312
- C:\Windows\System\ucpJYaD.exe
  C:\Windows\System\ucpJYaD.exe
  2⤵
  PID:5328
- C:\Windows\System\AnhcEWl.exe
  C:\Windows\System\AnhcEWl.exe
  2⤵
  PID:5348
- C:\Windows\System\dfkmYAF.exe
  C:\Windows\System\dfkmYAF.exe
  2⤵
  PID:5364
- C:\Windows\System\AiNuJnN.exe
  C:\Windows\System\AiNuJnN.exe
  2⤵
  PID:5384
- C:\Windows\System\QEtMFID.exe
  C:\Windows\System\QEtMFID.exe
  2⤵
  PID:5400
- C:\Windows\System\NWvZefl.exe
  C:\Windows\System\NWvZefl.exe
  2⤵
  PID:5416
- C:\Windows\System\BmcokBj.exe
  C:\Windows\System\BmcokBj.exe
  2⤵
  PID:5432
- C:\Windows\System\BcGAzko.exe
  C:\Windows\System\BcGAzko.exe
  2⤵
  PID:5448
- C:\Windows\System\XizMpyX.exe
  C:\Windows\System\XizMpyX.exe
  2⤵
  PID:5464
- C:\Windows\System\xohedZM.exe
  C:\Windows\System\xohedZM.exe
  2⤵
  PID:5484
- C:\Windows\System\riHTtyw.exe
  C:\Windows\System\riHTtyw.exe
  2⤵
  PID:5504
- C:\Windows\System\oCNNLSx.exe
  C:\Windows\System\oCNNLSx.exe
  2⤵
  PID:5520
- C:\Windows\System\YwokcJO.exe
  C:\Windows\System\YwokcJO.exe
  2⤵
  PID:5536
- C:\Windows\System\bdHksZJ.exe
  C:\Windows\System\bdHksZJ.exe
  2⤵
  PID:5552
- C:\Windows\System\kmHwYla.exe
  C:\Windows\System\kmHwYla.exe
  2⤵
  PID:5584
- C:\Windows\System\ZSMYYid.exe
  C:\Windows\System\ZSMYYid.exe
  2⤵
  PID:5600
- C:\Windows\System\EhANmOQ.exe
  C:\Windows\System\EhANmOQ.exe
  2⤵
  PID:5616
- C:\Windows\System\WQIZPuZ.exe
  C:\Windows\System\WQIZPuZ.exe
  2⤵
  PID:5632
- C:\Windows\System\UAJSkjV.exe
  C:\Windows\System\UAJSkjV.exe
  2⤵
  PID:5648
- C:\Windows\System\fgZwkyp.exe
  C:\Windows\System\fgZwkyp.exe
  2⤵
  PID:5664
- C:\Windows\System\OlLphey.exe
  C:\Windows\System\OlLphey.exe
  2⤵
  PID:5680
- C:\Windows\System\kBfieRx.exe
  C:\Windows\System\kBfieRx.exe
  2⤵
  PID:5696
- C:\Windows\System\KNZmbRX.exe
  C:\Windows\System\KNZmbRX.exe
  2⤵
  PID:5712
- C:\Windows\System\tQtXYvK.exe
  C:\Windows\System\tQtXYvK.exe
  2⤵
  PID:5728
- C:\Windows\System\egeBCms.exe
  C:\Windows\System\egeBCms.exe
  2⤵
  PID:5744
- C:\Windows\System\fRZYtnn.exe
  C:\Windows\System\fRZYtnn.exe
  2⤵
  PID:5760
- C:\Windows\System\yTzQcep.exe
  C:\Windows\System\yTzQcep.exe
  2⤵
  PID:5776
- C:\Windows\System\ucXyLol.exe
  C:\Windows\System\ucXyLol.exe
  2⤵
  PID:5792
- C:\Windows\System\QjwIdfH.exe
  C:\Windows\System\QjwIdfH.exe
  2⤵
  PID:5808
- C:\Windows\System\AkFDxhF.exe
  C:\Windows\System\AkFDxhF.exe
  2⤵
  PID:5824
- C:\Windows\System\UTxZARO.exe
  C:\Windows\System\UTxZARO.exe
  2⤵
  PID:5840
- C:\Windows\System\wWNJZIm.exe
  C:\Windows\System\wWNJZIm.exe
  2⤵
  PID:5856
- C:\Windows\System\PTXEhgH.exe
  C:\Windows\System\PTXEhgH.exe
  2⤵
  PID:5872
- C:\Windows\System\icIoWPc.exe
  C:\Windows\System\icIoWPc.exe
  2⤵
  PID:5888
- C:\Windows\System\aihLWya.exe
  C:\Windows\System\aihLWya.exe
  2⤵
  PID:5904
- C:\Windows\System\WyxMNWk.exe
  C:\Windows\System\WyxMNWk.exe
  2⤵
  PID:5920
- C:\Windows\System\gBKLFOy.exe
  C:\Windows\System\gBKLFOy.exe
  2⤵
  PID:5936
- C:\Windows\System\UVpDQea.exe
  C:\Windows\System\UVpDQea.exe
  2⤵
  PID:5952
- C:\Windows\System\JFFEyIi.exe
  C:\Windows\System\JFFEyIi.exe
  2⤵
  PID:5968
- C:\Windows\System\ASjLIjT.exe
  C:\Windows\System\ASjLIjT.exe
  2⤵
  PID:5984
- C:\Windows\System\kbxokVA.exe
  C:\Windows\System\kbxokVA.exe
  2⤵
  PID:6000
- C:\Windows\System\avTTCog.exe
  C:\Windows\System\avTTCog.exe
  2⤵
  PID:6016
- C:\Windows\System\iZtWiXF.exe
  C:\Windows\System\iZtWiXF.exe
  2⤵
  PID:6032
- C:\Windows\System\GdSIcZm.exe
  C:\Windows\System\GdSIcZm.exe
  2⤵
  PID:6048
- C:\Windows\System\THdAtWp.exe
  C:\Windows\System\THdAtWp.exe
  2⤵
  PID:6064
- C:\Windows\System\MVFZJGx.exe
  C:\Windows\System\MVFZJGx.exe
  2⤵
  PID:6080
- C:\Windows\System\roVtxnv.exe
  C:\Windows\System\roVtxnv.exe
  2⤵
  PID:6108
- C:\Windows\System\LCDVaEp.exe
  C:\Windows\System\LCDVaEp.exe
  2⤵
  PID:6128
- C:\Windows\System\yafetdn.exe
  C:\Windows\System\yafetdn.exe
  2⤵
  PID:4160
- C:\Windows\System\PIWekRk.exe
  C:\Windows\System\PIWekRk.exe
  2⤵
  PID:4104
- C:\Windows\System\NLSqMpA.exe
  C:\Windows\System\NLSqMpA.exe
  2⤵
  PID:3464
- C:\Windows\System\ZSNSlna.exe
  C:\Windows\System\ZSNSlna.exe
  2⤵
  PID:5136
- C:\Windows\System\RaEbQqY.exe
  C:\Windows\System\RaEbQqY.exe
  2⤵
  PID:5212
- C:\Windows\System\wNlVakQ.exe
  C:\Windows\System\wNlVakQ.exe
  2⤵
  PID:5256
- C:\Windows\System\WsmsskY.exe
  C:\Windows\System\WsmsskY.exe
  2⤵
  PID:5324
- C:\Windows\System\JTJprRS.exe
  C:\Windows\System\JTJprRS.exe
  2⤵
  PID:5396
- C:\Windows\System\xctByYh.exe
  C:\Windows\System\xctByYh.exe
  2⤵
  PID:5460
- C:\Windows\System\WZlTNfD.exe
  C:\Windows\System\WZlTNfD.exe
  2⤵
  PID:5528
- C:\Windows\System\GEJsksw.exe
  C:\Windows\System\GEJsksw.exe
  2⤵
  PID:5564
- C:\Windows\System\KvzlHQK.exe
  C:\Windows\System\KvzlHQK.exe
  2⤵
  PID:5580
- C:\Windows\System\VGUHUoX.exe
  C:\Windows\System\VGUHUoX.exe
  2⤵
  PID:5640
- C:\Windows\System\ldIxPHM.exe
  C:\Windows\System\ldIxPHM.exe
  2⤵
  PID:2588
- C:\Windows\System\slzOmml.exe
  C:\Windows\System\slzOmml.exe
  2⤵
  PID:5740
- C:\Windows\System\nBvIpJo.exe
  C:\Windows\System\nBvIpJo.exe
  2⤵
  PID:5800
- C:\Windows\System\jBDMlYa.exe
  C:\Windows\System\jBDMlYa.exe
  2⤵
  PID:2752
- C:\Windows\System\dqfsxoP.exe
  C:\Windows\System\dqfsxoP.exe
  2⤵
  PID:5896
- C:\Windows\System\xnWyYCe.exe
  C:\Windows\System\xnWyYCe.exe
  2⤵
  PID:2972
- C:\Windows\System\xwSGYmL.exe
  C:\Windows\System\xwSGYmL.exe
  2⤵
  PID:5960
- C:\Windows\System\fWHVwev.exe
  C:\Windows\System\fWHVwev.exe
  2⤵
  PID:4820
- C:\Windows\System\iZFpFJf.exe
  C:\Windows\System\iZFpFJf.exe
  2⤵
  PID:4708
- C:\Windows\System\EwJufRo.exe
  C:\Windows\System\EwJufRo.exe
  2⤵
  PID:4812
- C:\Windows\System\XKbtCiW.exe
  C:\Windows\System\XKbtCiW.exe
  2⤵
  PID:4544
- C:\Windows\System\KzxGiPN.exe
  C:\Windows\System\KzxGiPN.exe
  2⤵
  PID:6092
- C:\Windows\System\fvVazyf.exe
  C:\Windows\System\fvVazyf.exe
  2⤵
  PID:6104
- C:\Windows\System\kTSmvpg.exe
  C:\Windows\System\kTSmvpg.exe
  2⤵
  PID:4572
- C:\Windows\System\PceogtN.exe
  C:\Windows\System\PceogtN.exe
  2⤵
  PID:1532
- C:\Windows\System\SgNzXcr.exe
  C:\Windows\System\SgNzXcr.exe
  2⤵
  PID:4996
- C:\Windows\System\HlNqiHf.exe
  C:\Windows\System\HlNqiHf.exe
  2⤵
  PID:4728
- C:\Windows\System\otcOkNY.exe
  C:\Windows\System\otcOkNY.exe
  2⤵
  PID:3352
- C:\Windows\System\lNdnFnq.exe
  C:\Windows\System\lNdnFnq.exe
  2⤵
  PID:956
- C:\Windows\System\RHhOZbu.exe
  C:\Windows\System\RHhOZbu.exe
  2⤵
  PID:5160
- C:\Windows\System\uPlkQfu.exe
  C:\Windows\System\uPlkQfu.exe
  2⤵
  PID:2040
- C:\Windows\System\vOSusGu.exe
  C:\Windows\System\vOSusGu.exe
  2⤵
  PID:5480
- C:\Windows\System\rNhKbDa.exe
  C:\Windows\System\rNhKbDa.exe
  2⤵
  PID:5848
- C:\Windows\System\RhMqUUJ.exe
  C:\Windows\System\RhMqUUJ.exe
  2⤵
  PID:5912
- C:\Windows\System\DhglDiB.exe
  C:\Windows\System\DhglDiB.exe
  2⤵
  PID:5692
- C:\Windows\System\fCvZASW.exe
  C:\Windows\System\fCvZASW.exe
  2⤵
  PID:5628
- C:\Windows\System\HhWtkts.exe
  C:\Windows\System\HhWtkts.exe
  2⤵
  PID:5548
- C:\Windows\System\aWQqErG.exe
  C:\Windows\System\aWQqErG.exe
  2⤵
  PID:5476
- C:\Windows\System\fATGHXg.exe
  C:\Windows\System\fATGHXg.exe
  2⤵
  PID:5412
- C:\Windows\System\dpAOBxc.exe
  C:\Windows\System\dpAOBxc.exe
  2⤵
  PID:5344
- C:\Windows\System\UKDYAZo.exe
  C:\Windows\System\UKDYAZo.exe
  2⤵
  PID:5272
- C:\Windows\System\LmJsZUg.exe
  C:\Windows\System\LmJsZUg.exe
  2⤵
  PID:5196
- C:\Windows\System\iUgAFGc.exe
  C:\Windows\System\iUgAFGc.exe
  2⤵
  PID:4916
- C:\Windows\System\pUlOFFQ.exe
  C:\Windows\System\pUlOFFQ.exe
  2⤵
  PID:2412
- C:\Windows\System\xxXWsFA.exe
  C:\Windows\System\xxXWsFA.exe
  2⤵
  PID:2032
- C:\Windows\System\qTBqNaT.exe
  C:\Windows\System\qTBqNaT.exe
  2⤵
  PID:2732
- C:\Windows\System\kKagOAT.exe
  C:\Windows\System\kKagOAT.exe
  2⤵
  PID:2396
- C:\Windows\System\jXnuobD.exe
  C:\Windows\System\jXnuobD.exe
  2⤵
  PID:2196
- C:\Windows\System\nsxktDN.exe
  C:\Windows\System\nsxktDN.exe
  2⤵
  PID:3800
- C:\Windows\System\EJfqeuO.exe
  C:\Windows\System\EJfqeuO.exe
  2⤵
  PID:5320
- C:\Windows\System\HnhPKgC.exe
  C:\Windows\System\HnhPKgC.exe
  2⤵
  PID:2992
- C:\Windows\System\uabObQx.exe
  C:\Windows\System\uabObQx.exe
  2⤵
  PID:2952
- C:\Windows\System\xrZcctj.exe
  C:\Windows\System\xrZcctj.exe
  2⤵
  PID:5612
- C:\Windows\System\oEFepcd.exe
  C:\Windows\System\oEFepcd.exe
  2⤵
  PID:5836
- C:\Windows\System\oXekJDO.exe
  C:\Windows\System\oXekJDO.exe
  2⤵
  PID:5252
- C:\Windows\System\yeBJfDb.exe
  C:\Windows\System\yeBJfDb.exe
  2⤵
  PID:5392
- C:\Windows\System\uSTeDnK.exe
  C:\Windows\System\uSTeDnK.exe
  2⤵
  PID:5572
- C:\Windows\System\MnsLACR.exe
  C:\Windows\System\MnsLACR.exe
  2⤵
  PID:5676
- C:\Windows\System\YjHGxEI.exe
  C:\Windows\System\YjHGxEI.exe
  2⤵
  PID:5864
- C:\Windows\System\jUQAVUY.exe
  C:\Windows\System\jUQAVUY.exe
  2⤵
  PID:5996
- C:\Windows\System\LTwGZUi.exe
  C:\Windows\System\LTwGZUi.exe
  2⤵
  PID:4888
- C:\Windows\System\JGUSaJj.exe
  C:\Windows\System\JGUSaJj.exe
  2⤵
  PID:4256
- C:\Windows\System\lGKccJH.exe
  C:\Windows\System\lGKccJH.exe
  2⤵
  PID:4984
- C:\Windows\System\JmXFmmh.exe
  C:\Windows\System\JmXFmmh.exe
  2⤵
  PID:4912
- C:\Windows\System\xHLkBFO.exe
  C:\Windows\System\xHLkBFO.exe
  2⤵
  PID:6100
- C:\Windows\System\RkMelLb.exe
  C:\Windows\System\RkMelLb.exe
  2⤵
  PID:296
- C:\Windows\System\KgHgHWe.exe
  C:\Windows\System\KgHgHWe.exe
  2⤵
  PID:5884
- C:\Windows\System\xItqscg.exe
  C:\Windows\System\xItqscg.exe
  2⤵
  PID:5372
- C:\Windows\System\fPTfzkT.exe
  C:\Windows\System\fPTfzkT.exe
  2⤵
  PID:5268
- C:\Windows\System\pfRPMHy.exe
  C:\Windows\System\pfRPMHy.exe
  2⤵
  PID:2292
- C:\Windows\System\ydGZULs.exe
  C:\Windows\System\ydGZULs.exe
  2⤵
  PID:2984
- C:\Windows\System\xNDSITA.exe
  C:\Windows\System\xNDSITA.exe
  2⤵
  PID:2944
- C:\Windows\System\uULGSxT.exe
  C:\Windows\System\uULGSxT.exe
  2⤵
  PID:5928
- C:\Windows\System\rNiPkFi.exe
  C:\Windows\System\rNiPkFi.exe
  2⤵
  PID:2828
- C:\Windows\System\PKCUlip.exe
  C:\Windows\System\PKCUlip.exe
  2⤵
  PID:6088
- C:\Windows\System\FKONcbj.exe
  C:\Windows\System\FKONcbj.exe
  2⤵
  PID:2560
- C:\Windows\System\tlNPaYG.exe
  C:\Windows\System\tlNPaYG.exe
  2⤵
  PID:1044
- C:\Windows\System\AIlBFCn.exe
  C:\Windows\System\AIlBFCn.exe
  2⤵
  PID:388
- C:\Windows\System\pmhToFX.exe
  C:\Windows\System\pmhToFX.exe
  2⤵
  PID:5948
- C:\Windows\System\uGvPQiF.exe
  C:\Windows\System\uGvPQiF.exe
  2⤵
  PID:6012
- C:\Windows\System\OOVwdoE.exe
  C:\Windows\System\OOVwdoE.exe
  2⤵
  PID:6076
- C:\Windows\System\XwgSXuH.exe
  C:\Windows\System\XwgSXuH.exe
  2⤵
  PID:4452
- C:\Windows\System\YizVrIl.exe
  C:\Windows\System\YizVrIl.exe
  2⤵
  PID:5756
- C:\Windows\System\LsIXTRc.exe
  C:\Windows\System\LsIXTRc.exe
  2⤵
  PID:5596
- C:\Windows\System\XPfGKsg.exe
  C:\Windows\System\XPfGKsg.exe
  2⤵
  PID:5440
- C:\Windows\System\JSsVEAp.exe
  C:\Windows\System\JSsVEAp.exe
  2⤵
  PID:2964
- C:\Windows\System\gwlYojQ.exe
  C:\Windows\System\gwlYojQ.exe
  2⤵
  PID:5772
- C:\Windows\System\zLfAERh.exe
  C:\Windows\System\zLfAERh.exe
  2⤵
  PID:4348
- C:\Windows\System\cfrBqWy.exe
  C:\Windows\System\cfrBqWy.exe
  2⤵
  PID:5880
- C:\Windows\System\qPdHxkx.exe
  C:\Windows\System\qPdHxkx.exe
  2⤵
  PID:1704
- C:\Windows\System\lJqVXDW.exe
  C:\Windows\System\lJqVXDW.exe
  2⤵
  PID:2892
- C:\Windows\System\khJGxQF.exe
  C:\Windows\System\khJGxQF.exe
  2⤵
  PID:1736
- C:\Windows\System\xHKChfH.exe
  C:\Windows\System\xHKChfH.exe
  2⤵
  PID:5132
- C:\Windows\System\ReOSwfH.exe
  C:\Windows\System\ReOSwfH.exe
  2⤵
  PID:2440
- C:\Windows\System\ePGtDOu.exe
  C:\Windows\System\ePGtDOu.exe
  2⤵
  PID:5360
- C:\Windows\System\oCNPgWn.exe
  C:\Windows\System\oCNPgWn.exe
  2⤵
  PID:5036
- C:\Windows\System\GnplfGZ.exe
  C:\Windows\System\GnplfGZ.exe
  2⤵
  PID:5660
- C:\Windows\System\VJQfbMk.exe
  C:\Windows\System\VJQfbMk.exe
  2⤵
  PID:6072
- C:\Windows\System\nTTZcAV.exe
  C:\Windows\System\nTTZcAV.exe
  2⤵
  PID:940
- C:\Windows\System\zczmKuP.exe
  C:\Windows\System\zczmKuP.exe
  2⤵
  PID:5720
- C:\Windows\System\fAFfNRX.exe
  C:\Windows\System\fAFfNRX.exe
  2⤵
  PID:5724
- C:\Windows\System\uGHNkDj.exe
  C:\Windows\System\uGHNkDj.exe
  2⤵
  PID:5376
- C:\Windows\System\LYCdnZs.exe
  C:\Windows\System\LYCdnZs.exe
  2⤵
  PID:5560
- C:\Windows\System\GdLwFwP.exe
  C:\Windows\System\GdLwFwP.exe
  2⤵
  PID:2640
- C:\Windows\System\ZafvvtS.exe
  C:\Windows\System\ZafvvtS.exe
  2⤵
  PID:4076
- C:\Windows\System\oMkJtVZ.exe
  C:\Windows\System\oMkJtVZ.exe
  2⤵
  PID:5000
- C:\Windows\System\ZTBxtMB.exe
  C:\Windows\System\ZTBxtMB.exe
  2⤵
  PID:2632
- C:\Windows\System\ShXWAAN.exe
  C:\Windows\System\ShXWAAN.exe
  2⤵
  PID:5308
- C:\Windows\System\ziMDOOL.exe
  C:\Windows\System\ziMDOOL.exe
  2⤵
  PID:6124
- C:\Windows\System\sEPlbbm.exe
  C:\Windows\System\sEPlbbm.exe
  2⤵
  PID:2516
- C:\Windows\System\Cgcavts.exe
  C:\Windows\System\Cgcavts.exe
  2⤵
  PID:6160
- C:\Windows\System\xbLIqWW.exe
  C:\Windows\System\xbLIqWW.exe
  2⤵
  PID:6176
- C:\Windows\System\rThjfmV.exe
  C:\Windows\System\rThjfmV.exe
  2⤵
  PID:6196
- C:\Windows\System\lcnJqAj.exe
  C:\Windows\System\lcnJqAj.exe
  2⤵
  PID:6212
- C:\Windows\System\wwzrTQq.exe
  C:\Windows\System\wwzrTQq.exe
  2⤵
  PID:6228
- C:\Windows\System\yNmFavN.exe
  C:\Windows\System\yNmFavN.exe
  2⤵
  PID:6252
- C:\Windows\System\oUqNDAk.exe
  C:\Windows\System\oUqNDAk.exe
  2⤵
  PID:6268
- C:\Windows\System\WPCHMyA.exe
  C:\Windows\System\WPCHMyA.exe
  2⤵
  PID:6284
- C:\Windows\System\ZQtbCFm.exe
  C:\Windows\System\ZQtbCFm.exe
  2⤵
  PID:6304
- C:\Windows\System\nlwQkgC.exe
  C:\Windows\System\nlwQkgC.exe
  2⤵
  PID:6320
- C:\Windows\System\WHVqsEN.exe
  C:\Windows\System\WHVqsEN.exe
  2⤵
  PID:6448
- C:\Windows\System\vtdbeGk.exe
  C:\Windows\System\vtdbeGk.exe
  2⤵
  PID:6476
- C:\Windows\System\HonjUOH.exe
  C:\Windows\System\HonjUOH.exe
  2⤵
  PID:6496
- C:\Windows\System\moHZoVs.exe
  C:\Windows\System\moHZoVs.exe
  2⤵
  PID:6512
- C:\Windows\System\pHczzOI.exe
  C:\Windows\System\pHczzOI.exe
  2⤵
  PID:6528
- C:\Windows\System\zHxcgdF.exe
  C:\Windows\System\zHxcgdF.exe
  2⤵
  PID:6544
- C:\Windows\System\DZIIqgI.exe
  C:\Windows\System\DZIIqgI.exe
  2⤵
  PID:6560
- C:\Windows\System\rAyvcVT.exe
  C:\Windows\System\rAyvcVT.exe
  2⤵
  PID:6576
- C:\Windows\System\UyGhWSB.exe
  C:\Windows\System\UyGhWSB.exe
  2⤵
  PID:6592
- C:\Windows\System\GwPFSZK.exe
  C:\Windows\System\GwPFSZK.exe
  2⤵
  PID:6608
- C:\Windows\System\SmwnbJU.exe
  C:\Windows\System\SmwnbJU.exe
  2⤵
  PID:6652
- C:\Windows\System\bspKlMO.exe
  C:\Windows\System\bspKlMO.exe
  2⤵
  PID:6668
- C:\Windows\System\qeENrJQ.exe
  C:\Windows\System\qeENrJQ.exe
  2⤵
  PID:6684
- C:\Windows\System\FnyAZZC.exe
  C:\Windows\System\FnyAZZC.exe
  2⤵
  PID:6700
- C:\Windows\System\idjigzL.exe
  C:\Windows\System\idjigzL.exe
  2⤵
  PID:6728
- C:\Windows\System\EdwMwLG.exe
  C:\Windows\System\EdwMwLG.exe
  2⤵
  PID:6764
- C:\Windows\System\CaflUdK.exe
  C:\Windows\System\CaflUdK.exe
  2⤵
  PID:6780
- C:\Windows\System\WyHwTji.exe
  C:\Windows\System\WyHwTji.exe
  2⤵
  PID:6800
- C:\Windows\System\PbXXqLV.exe
  C:\Windows\System\PbXXqLV.exe
  2⤵
  PID:6816
- C:\Windows\System\OUuRonM.exe
  C:\Windows\System\OUuRonM.exe
  2⤵
  PID:6836
- C:\Windows\System\IkRXuDR.exe
  C:\Windows\System\IkRXuDR.exe
  2⤵
  PID:6856
- C:\Windows\System\gXkvOSf.exe
  C:\Windows\System\gXkvOSf.exe
  2⤵
  PID:6880
- C:\Windows\System\pADYAtG.exe
  C:\Windows\System\pADYAtG.exe
  2⤵
  PID:6968
- C:\Windows\System\Zgzjsjv.exe
  C:\Windows\System\Zgzjsjv.exe
  2⤵
  PID:7064
- C:\Windows\System\iWfYAdo.exe
  C:\Windows\System\iWfYAdo.exe
  2⤵
  PID:7080
- C:\Windows\System\KxInpmg.exe
  C:\Windows\System\KxInpmg.exe
  2⤵
  PID:7096
- C:\Windows\System\ALPqQEb.exe
  C:\Windows\System\ALPqQEb.exe
  2⤵
  PID:7112
- C:\Windows\System\RRnBMLK.exe
  C:\Windows\System\RRnBMLK.exe
  2⤵
  PID:7128
- C:\Windows\System\UPNAkgX.exe
  C:\Windows\System\UPNAkgX.exe
  2⤵
  PID:7144
- C:\Windows\System\kxHjMnr.exe
  C:\Windows\System\kxHjMnr.exe
  2⤵
  PID:7160
- C:\Windows\System\ptnhxaw.exe
  C:\Windows\System\ptnhxaw.exe
  2⤵
  PID:1772
- C:\Windows\System\nmrTVHX.exe
  C:\Windows\System\nmrTVHX.exe
  2⤵
  PID:5180
- C:\Windows\System\KXstevb.exe
  C:\Windows\System\KXstevb.exe
  2⤵
  PID:2888
- C:\Windows\System\cdXfrFj.exe
  C:\Windows\System\cdXfrFj.exe
  2⤵
  PID:5444
- C:\Windows\System\ETtMFcu.exe
  C:\Windows\System\ETtMFcu.exe
  2⤵
  PID:6192
- C:\Windows\System\XGXYUWw.exe
  C:\Windows\System\XGXYUWw.exe
  2⤵
  PID:2436
- C:\Windows\System\glpemfN.exe
  C:\Windows\System\glpemfN.exe
  2⤵
  PID:6172
- C:\Windows\System\hyYvmjz.exe
  C:\Windows\System\hyYvmjz.exe
  2⤵
  PID:6264
- C:\Windows\System\qxYAwNR.exe
  C:\Windows\System\qxYAwNR.exe
  2⤵
  PID:6248
- C:\Windows\System\zaYXHbN.exe
  C:\Windows\System\zaYXHbN.exe
  2⤵
  PID:6296
- C:\Windows\System\ayurRVX.exe
  C:\Windows\System\ayurRVX.exe
  2⤵
  PID:6332
- C:\Windows\System\vLiAVsk.exe
  C:\Windows\System\vLiAVsk.exe
  2⤵
  PID:6348
- C:\Windows\System\CFVwlLV.exe
  C:\Windows\System\CFVwlLV.exe
  2⤵
  PID:6360
- C:\Windows\System\UTPNSCr.exe
  C:\Windows\System\UTPNSCr.exe
  2⤵
  PID:6376
- C:\Windows\System\hboRUui.exe
  C:\Windows\System\hboRUui.exe
  2⤵
  PID:6392
- C:\Windows\System\uiDXhHa.exe
  C:\Windows\System\uiDXhHa.exe
  2⤵
  PID:6408
- C:\Windows\System\zFFnMCr.exe
  C:\Windows\System\zFFnMCr.exe
  2⤵
  PID:6424
- C:\Windows\System\ElFykhu.exe
  C:\Windows\System\ElFykhu.exe
  2⤵
  PID:6440
- C:\Windows\System\XaAdLRW.exe
  C:\Windows\System\XaAdLRW.exe
  2⤵
  PID:6456
- C:\Windows\System\apaSkrM.exe
  C:\Windows\System\apaSkrM.exe
  2⤵
  PID:4928
- C:\Windows\System\FecmoPm.exe
  C:\Windows\System\FecmoPm.exe
  2⤵
  PID:6504
- C:\Windows\System\uMhHECh.exe
  C:\Windows\System\uMhHECh.exe
  2⤵
  PID:6584
- C:\Windows\System\nfwJocC.exe
  C:\Windows\System\nfwJocC.exe
  2⤵
  PID:6628
- C:\Windows\System\mmGXDfr.exe
  C:\Windows\System\mmGXDfr.exe
  2⤵
  PID:6648
- C:\Windows\System\QILtGoh.exe
  C:\Windows\System\QILtGoh.exe
  2⤵
  PID:6708
- C:\Windows\System\BTCfTVN.exe
  C:\Windows\System\BTCfTVN.exe
  2⤵
  PID:6772
- C:\Windows\System\DYyMaRs.exe
  C:\Windows\System\DYyMaRs.exe
  2⤵
  PID:6848
- C:\Windows\System\kiKknLg.exe
  C:\Windows\System\kiKknLg.exe
  2⤵
  PID:6896
- C:\Windows\System\jUpYlIL.exe
  C:\Windows\System\jUpYlIL.exe
  2⤵
  PID:6912
- C:\Windows\System\GwFDGNF.exe
  C:\Windows\System\GwFDGNF.exe
  2⤵
  PID:6932
- C:\Windows\System\MMauyEa.exe
  C:\Windows\System\MMauyEa.exe
  2⤵
  PID:6952
- C:\Windows\System\pjDidDC.exe
  C:\Windows\System\pjDidDC.exe
  2⤵
  PID:2716
- C:\Windows\System\ejMZpaR.exe
  C:\Windows\System\ejMZpaR.exe
  2⤵
  PID:6664
- C:\Windows\System\ykOXVyG.exe
  C:\Windows\System\ykOXVyG.exe
  2⤵
  PID:6744
- C:\Windows\System\tqadjIP.exe
  C:\Windows\System\tqadjIP.exe
  2⤵
  PID:6788
- C:\Windows\System\ALxzEIF.exe
  C:\Windows\System\ALxzEIF.exe
  2⤵
  PID:6832
- C:\Windows\System\nQVhYxn.exe
  C:\Windows\System\nQVhYxn.exe
  2⤵
  PID:6876
- C:\Windows\System\auPwUgS.exe
  C:\Windows\System\auPwUgS.exe
  2⤵
  PID:6984
- C:\Windows\System\MdepBFu.exe
  C:\Windows\System\MdepBFu.exe
  2⤵
  PID:7000
- C:\Windows\System\EdcBRQW.exe
  C:\Windows\System\EdcBRQW.exe
  2⤵
  PID:7016
- C:\Windows\System\IleyJXs.exe
  C:\Windows\System\IleyJXs.exe
  2⤵
  PID:7036
- C:\Windows\System\qBfuZZh.exe
  C:\Windows\System\qBfuZZh.exe
  2⤵
  PID:7056
- C:\Windows\System\zCdblbS.exe
  C:\Windows\System\zCdblbS.exe
  2⤵
  PID:7092
- C:\Windows\System\MYdgaAf.exe
  C:\Windows\System\MYdgaAf.exe
  2⤵
  PID:7140
- C:\Windows\System\bHnfswn.exe
  C:\Windows\System\bHnfswn.exe
  2⤵
  PID:6572
- C:\Windows\System\NmdgALY.exe
  C:\Windows\System\NmdgALY.exe
  2⤵
  PID:2832
- C:\Windows\System\KUsTfCl.exe
  C:\Windows\System\KUsTfCl.exe
  2⤵
  PID:2680
- C:\Windows\System\QoIufKJ.exe
  C:\Windows\System\QoIufKJ.exe
  2⤵
  PID:2636
- C:\Windows\System\qLdNCeB.exe
  C:\Windows\System\qLdNCeB.exe
  2⤵
  PID:6136
- C:\Windows\System\uhDqrZU.exe
  C:\Windows\System\uhDqrZU.exe
  2⤵
  PID:2704
- C:\Windows\System\phlWTEL.exe
  C:\Windows\System\phlWTEL.exe
  2⤵
  PID:2400
- C:\Windows\System\zzftWqz.exe
  C:\Windows\System\zzftWqz.exe
  2⤵
  PID:2948
- C:\Windows\System\QnOiLJa.exe
  C:\Windows\System\QnOiLJa.exe
  2⤵
  PID:2644
- C:\Windows\System\SvKUJDb.exe
  C:\Windows\System\SvKUJDb.exe
  2⤵
  PID:6292
- C:\Windows\System\hrQSaUR.exe
  C:\Windows\System\hrQSaUR.exe
  2⤵
  PID:3276
- C:\Windows\System\LInoIWS.exe
  C:\Windows\System\LInoIWS.exe
  2⤵
  PID:6352
- C:\Windows\System\cmKbaow.exe
  C:\Windows\System\cmKbaow.exe
  2⤵
  PID:6416
- C:\Windows\System\alVEfxi.exe
  C:\Windows\System\alVEfxi.exe
  2⤵
  PID:2296
- C:\Windows\System\ijnCote.exe
  C:\Windows\System\ijnCote.exe
  2⤵
  PID:6404
- C:\Windows\System\qAiAPbx.exe
  C:\Windows\System\qAiAPbx.exe
  2⤵
  PID:6340
- C:\Windows\System\dbVCxZy.exe
  C:\Windows\System\dbVCxZy.exe
  2⤵
  PID:1992
- C:\Windows\System\TzGaQlK.exe
  C:\Windows\System\TzGaQlK.exe
  2⤵
  PID:2324
- C:\Windows\System\vSuZfxP.exe
  C:\Windows\System\vSuZfxP.exe
  2⤵
  PID:6552
- C:\Windows\System\yWzPKiJ.exe
  C:\Windows\System\yWzPKiJ.exe
  2⤵
  PID:2524
- C:\Windows\System\GABnUZL.exe
  C:\Windows\System\GABnUZL.exe
  2⤵
  PID:2592
- C:\Windows\System\xgqeVJx.exe
  C:\Windows\System\xgqeVJx.exe
  2⤵
  PID:6724
- C:\Windows\System\fMLHsby.exe
  C:\Windows\System\fMLHsby.exe
  2⤵
  PID:6928
- C:\Windows\System\TTtLVTC.exe
  C:\Windows\System\TTtLVTC.exe
  2⤵
  PID:6808
- C:\Windows\System\xhXYVCH.exe
  C:\Windows\System\xhXYVCH.exe
  2⤵
  PID:6908
- C:\Windows\System\aEFJpvK.exe
  C:\Windows\System\aEFJpvK.exe
  2⤵
  PID:6740
- C:\Windows\System\wRiJRgs.exe
  C:\Windows\System\wRiJRgs.exe
  2⤵
  PID:6976
- C:\Windows\System\hqLuVNq.exe
  C:\Windows\System\hqLuVNq.exe
  2⤵
  PID:7076
- C:\Windows\System\hkGCCKy.exe
  C:\Windows\System\hkGCCKy.exe
  2⤵
  PID:6992
- C:\Windows\System\DhEkGaD.exe
  C:\Windows\System\DhEkGaD.exe
  2⤵
  PID:7032
- C:\Windows\System\UioSlLo.exe
  C:\Windows\System\UioSlLo.exe
  2⤵
  PID:6604
- C:\Windows\System\qJHtHKl.exe
  C:\Windows\System\qJHtHKl.exe
  2⤵
  PID:2000
- C:\Windows\System\FldYloX.exe
  C:\Windows\System\FldYloX.exe
  2⤵
  PID:7124
- C:\Windows\System\ffUioEl.exe
  C:\Windows\System\ffUioEl.exe
  2⤵
  PID:6168
- C:\Windows\System\RVksQhi.exe
  C:\Windows\System\RVksQhi.exe
  2⤵
  PID:6312
- C:\Windows\System\NgXmctA.exe
  C:\Windows\System\NgXmctA.exe
  2⤵
  PID:4548
- C:\Windows\System\TTmveqo.exe
  C:\Windows\System\TTmveqo.exe
  2⤵
  PID:6152
- C:\Windows\System\woJAIXO.exe
  C:\Windows\System\woJAIXO.exe
  2⤵
  PID:1816
- C:\Windows\System\QEViVzN.exe
  C:\Windows\System\QEViVzN.exe
  2⤵
  PID:2616
- C:\Windows\System\ORzzqrf.exe
  C:\Windows\System\ORzzqrf.exe
  2⤵
  PID:6520
- C:\Windows\System\kTTvjnj.exe
  C:\Windows\System\kTTvjnj.exe
  2⤵
  PID:6720
- C:\Windows\System\WbTvnPM.exe
  C:\Windows\System\WbTvnPM.exe
  2⤵
  PID:6960
- C:\Windows\System\lXqveMK.exe
  C:\Windows\System\lXqveMK.exe
  2⤵
  PID:6872
- C:\Windows\System\TxunxKH.exe
  C:\Windows\System\TxunxKH.exe
  2⤵
  PID:6828
- C:\Windows\System\BJuTvLX.exe
  C:\Windows\System\BJuTvLX.exe
  2⤵
  PID:1452
- C:\Windows\System\HdricOw.exe
  C:\Windows\System\HdricOw.exe
  2⤵
  PID:3036
- C:\Windows\System\nFMQLvp.exe
  C:\Windows\System\nFMQLvp.exe
  2⤵
  PID:6624
- C:\Windows\System\JTDfWHt.exe
  C:\Windows\System\JTDfWHt.exe
  2⤵
  PID:6904
- C:\Windows\System\ngBYOuk.exe
  C:\Windows\System\ngBYOuk.exe
  2⤵
  PID:7108
- C:\Windows\System\iRxzwmv.exe
  C:\Windows\System\iRxzwmv.exe
  2⤵
  PID:6892
- C:\Windows\System\yORMkWo.exe
  C:\Windows\System\yORMkWo.exe
  2⤵
  PID:7136
- C:\Windows\System\TouPLob.exe
  C:\Windows\System\TouPLob.exe
  2⤵
  PID:6224
- C:\Windows\System\aeFQxyD.exe
  C:\Windows\System\aeFQxyD.exe
  2⤵
  PID:6400
- C:\Windows\System\TOaaJhO.exe
  C:\Windows\System\TOaaJhO.exe
  2⤵
  PID:7024
- C:\Windows\System\UqdaXfw.exe
  C:\Windows\System\UqdaXfw.exe
  2⤵
  PID:6644
- C:\Windows\System\GwbDGDC.exe
  C:\Windows\System\GwbDGDC.exe
  2⤵
  PID:6676
- C:\Windows\System\ZDqiuyo.exe
  C:\Windows\System\ZDqiuyo.exe
  2⤵
  PID:7012
- C:\Windows\System\VloWxbj.exe
  C:\Windows\System\VloWxbj.exe
  2⤵
  PID:7180
- C:\Windows\System\FLTnXhx.exe
  C:\Windows\System\FLTnXhx.exe
  2⤵
  PID:7196
- C:\Windows\System\aRffOKe.exe
  C:\Windows\System\aRffOKe.exe
  2⤵
  PID:7212
- C:\Windows\System\hyQjGEm.exe
  C:\Windows\System\hyQjGEm.exe
  2⤵
  PID:7232
- C:\Windows\System\HijVGyc.exe
  C:\Windows\System\HijVGyc.exe
  2⤵
  PID:7248
- C:\Windows\System\iTxIxKy.exe
  C:\Windows\System\iTxIxKy.exe
  2⤵
  PID:7264
- C:\Windows\System\MclrBET.exe
  C:\Windows\System\MclrBET.exe
  2⤵
  PID:7280
- C:\Windows\System\eUUOoJH.exe
  C:\Windows\System\eUUOoJH.exe
  2⤵
  PID:7296
- C:\Windows\System\jpisJJb.exe
  C:\Windows\System\jpisJJb.exe
  2⤵
  PID:7312
- C:\Windows\System\VuKuuNE.exe
  C:\Windows\System\VuKuuNE.exe
  2⤵
  PID:7328
- C:\Windows\System\bzmbPSO.exe
  C:\Windows\System\bzmbPSO.exe
  2⤵
  PID:7344
- C:\Windows\System\BlDatUV.exe
  C:\Windows\System\BlDatUV.exe
  2⤵
  PID:7360
- C:\Windows\System\REZAaLe.exe
  C:\Windows\System\REZAaLe.exe
  2⤵
  PID:7376
- C:\Windows\System\fxmhUKL.exe
  C:\Windows\System\fxmhUKL.exe
  2⤵
  PID:7392
- C:\Windows\System\GPNqkiM.exe
  C:\Windows\System\GPNqkiM.exe
  2⤵
  PID:7408
- C:\Windows\System\MOEFzLk.exe
  C:\Windows\System\MOEFzLk.exe
  2⤵
  PID:7424
- C:\Windows\System\qbrNcxw.exe
  C:\Windows\System\qbrNcxw.exe
  2⤵
  PID:7440
- C:\Windows\System\rpGeNDB.exe
  C:\Windows\System\rpGeNDB.exe
  2⤵
  PID:7460
- C:\Windows\System\OubnRYn.exe
  C:\Windows\System\OubnRYn.exe
  2⤵
  PID:7476
- C:\Windows\System\zKmUFCo.exe
  C:\Windows\System\zKmUFCo.exe
  2⤵
  PID:7492
- C:\Windows\System\gtaJKQO.exe
  C:\Windows\System\gtaJKQO.exe
  2⤵
  PID:7508
- C:\Windows\System\llrKlFS.exe
  C:\Windows\System\llrKlFS.exe
  2⤵
  PID:7524
- C:\Windows\System\PHzlpmU.exe
  C:\Windows\System\PHzlpmU.exe
  2⤵
  PID:7540
- C:\Windows\System\IWjTyTm.exe
  C:\Windows\System\IWjTyTm.exe
  2⤵
  PID:7556
- C:\Windows\System\AaaJVdO.exe
  C:\Windows\System\AaaJVdO.exe
  2⤵
  PID:7572
- C:\Windows\System\sYSaVzI.exe
  C:\Windows\System\sYSaVzI.exe
  2⤵
  PID:7588
- C:\Windows\System\AfLdhYM.exe
  C:\Windows\System\AfLdhYM.exe
  2⤵
  PID:7604
- C:\Windows\System\KAMwBfc.exe
  C:\Windows\System\KAMwBfc.exe
  2⤵
  PID:7624
- C:\Windows\System\kdEZtlj.exe
  C:\Windows\System\kdEZtlj.exe
  2⤵
  PID:7640
- C:\Windows\System\YDiKzGg.exe
  C:\Windows\System\YDiKzGg.exe
  2⤵
  PID:7656
- C:\Windows\System\sncTHXZ.exe
  C:\Windows\System\sncTHXZ.exe
  2⤵
  PID:7672
- C:\Windows\System\zaPPGpU.exe
  C:\Windows\System\zaPPGpU.exe
  2⤵
  PID:7688
- C:\Windows\System\poQnvAC.exe
  C:\Windows\System\poQnvAC.exe
  2⤵
  PID:7704
- C:\Windows\System\uwjpBqD.exe
  C:\Windows\System\uwjpBqD.exe
  2⤵
  PID:7720
- C:\Windows\System\kxCcGXT.exe
  C:\Windows\System\kxCcGXT.exe
  2⤵
  PID:7736
- C:\Windows\System\UEllaDR.exe
  C:\Windows\System\UEllaDR.exe
  2⤵
  PID:7752
- C:\Windows\System\ZXIxphC.exe
  C:\Windows\System\ZXIxphC.exe
  2⤵
  PID:7768
- C:\Windows\System\nMqYuon.exe
  C:\Windows\System\nMqYuon.exe
  2⤵
  PID:7784
- C:\Windows\System\LlyPRQm.exe
  C:\Windows\System\LlyPRQm.exe
  2⤵
  PID:7800
- C:\Windows\System\DBUjMFY.exe
  C:\Windows\System\DBUjMFY.exe
  2⤵
  PID:7816
- C:\Windows\System\fsheXhC.exe
  C:\Windows\System\fsheXhC.exe
  2⤵
  PID:7832
- C:\Windows\System\qmAinkm.exe
  C:\Windows\System\qmAinkm.exe
  2⤵
  PID:7848
- C:\Windows\System\kfjcJvB.exe
  C:\Windows\System\kfjcJvB.exe
  2⤵
  PID:7864
- C:\Windows\System\eOudnuY.exe
  C:\Windows\System\eOudnuY.exe
  2⤵
  PID:7880
- C:\Windows\System\CGkeHFv.exe
  C:\Windows\System\CGkeHFv.exe
  2⤵
  PID:7896
- C:\Windows\System\ErjwcNW.exe
  C:\Windows\System\ErjwcNW.exe
  2⤵
  PID:7912
- C:\Windows\System\nUzExHe.exe
  C:\Windows\System\nUzExHe.exe
  2⤵
  PID:7928
- C:\Windows\System\UXcEVth.exe
  C:\Windows\System\UXcEVth.exe
  2⤵
  PID:7944
- C:\Windows\System\dQGZOfZ.exe
  C:\Windows\System\dQGZOfZ.exe
  2⤵
  PID:7960
- C:\Windows\System\ALzgPBG.exe
  C:\Windows\System\ALzgPBG.exe
  2⤵
  PID:7976
- C:\Windows\System\wKfJQQO.exe
  C:\Windows\System\wKfJQQO.exe
  2⤵
  PID:7992
- C:\Windows\System\SvKDBsF.exe
  C:\Windows\System\SvKDBsF.exe
  2⤵
  PID:8008
- C:\Windows\System\mXUVwoo.exe
  C:\Windows\System\mXUVwoo.exe
  2⤵
  PID:8024
- C:\Windows\System\CEHxOPd.exe
  C:\Windows\System\CEHxOPd.exe
  2⤵
  PID:8040
- C:\Windows\System\AAgCqYY.exe
  C:\Windows\System\AAgCqYY.exe
  2⤵
  PID:8056
- C:\Windows\System\xyXVWhq.exe
  C:\Windows\System\xyXVWhq.exe
  2⤵
  PID:8072
- C:\Windows\System\ZemAoav.exe
  C:\Windows\System\ZemAoav.exe
  2⤵
  PID:8088
- C:\Windows\System\RoCJWsS.exe
  C:\Windows\System\RoCJWsS.exe
  2⤵
  PID:8104
- C:\Windows\System\RToCXLi.exe
  C:\Windows\System\RToCXLi.exe
  2⤵
  PID:8120
- C:\Windows\System\KPOWqCw.exe
  C:\Windows\System\KPOWqCw.exe
  2⤵
  PID:8136
- C:\Windows\System\hfMFFJo.exe
  C:\Windows\System\hfMFFJo.exe
  2⤵
  PID:8152
- C:\Windows\System\KjEsBSH.exe
  C:\Windows\System\KjEsBSH.exe
  2⤵
  PID:8168
- C:\Windows\System\CQEfjDk.exe
  C:\Windows\System\CQEfjDk.exe
  2⤵
  PID:8184
- C:\Windows\System\cVyrIYd.exe
  C:\Windows\System\cVyrIYd.exe
  2⤵
  PID:7188
- C:\Windows\System\jBlVoxn.exe
  C:\Windows\System\jBlVoxn.exe
  2⤵
  PID:6372
- C:\Windows\System\XASQIyt.exe
  C:\Windows\System\XASQIyt.exe
  2⤵
  PID:7208
- C:\Windows\System\XBmoenY.exe
  C:\Windows\System\XBmoenY.exe
  2⤵
  PID:7288
- C:\Windows\System\CgUVJxf.exe
  C:\Windows\System\CgUVJxf.exe
  2⤵
  PID:7244
- C:\Windows\System\StiECUz.exe
  C:\Windows\System\StiECUz.exe
  2⤵
  PID:7308
- C:\Windows\System\IBaPjpV.exe
  C:\Windows\System\IBaPjpV.exe
  2⤵
  PID:7356
- C:\Windows\System\aOTTpuR.exe
  C:\Windows\System\aOTTpuR.exe
  2⤵
  PID:6996
- C:\Windows\System\inUuHkL.exe
  C:\Windows\System\inUuHkL.exe
  2⤵
  PID:7400
- C:\Windows\System\IpwTbOe.exe
  C:\Windows\System\IpwTbOe.exe
  2⤵
  PID:7436
- C:\Windows\System\VKywVFy.exe
  C:\Windows\System\VKywVFy.exe
  2⤵
  PID:7516
- C:\Windows\System\Cmplkdq.exe
  C:\Windows\System\Cmplkdq.exe
  2⤵
  PID:7580
- C:\Windows\System\IBLVmRU.exe
  C:\Windows\System\IBLVmRU.exe
  2⤵
  PID:7468
- C:\Windows\System\hZNilax.exe
  C:\Windows\System\hZNilax.exe
  2⤵
  PID:7532
- C:\Windows\System\WylGKLi.exe
  C:\Windows\System\WylGKLi.exe
  2⤵
  PID:7536
- C:\Windows\System\WitbvPi.exe
  C:\Windows\System\WitbvPi.exe
  2⤵
  PID:7636
- C:\Windows\System\QwYdQzL.exe
  C:\Windows\System\QwYdQzL.exe
  2⤵
  PID:7716
- C:\Windows\System\FNxgxnV.exe
  C:\Windows\System\FNxgxnV.exe
  2⤵
  PID:7664
- C:\Windows\System\TNquoGF.exe
  C:\Windows\System\TNquoGF.exe
  2⤵
  PID:7760
- C:\Windows\System\JJgRKqz.exe
  C:\Windows\System\JJgRKqz.exe
  2⤵
  PID:7780
- C:\Windows\System\qyzbLrH.exe
  C:\Windows\System\qyzbLrH.exe
  2⤵
  PID:7860
- C:\Windows\System\FMhmoRr.exe
  C:\Windows\System\FMhmoRr.exe
  2⤵
  PID:7812
- C:\Windows\System\QNEEhLS.exe
  C:\Windows\System\QNEEhLS.exe
  2⤵
  PID:7844
- C:\Windows\System\aFeKyxi.exe
  C:\Windows\System\aFeKyxi.exe
  2⤵
  PID:7936
- C:\Windows\System\ZMXnmDu.exe
  C:\Windows\System\ZMXnmDu.exe
  2⤵
  PID:7920
- C:\Windows\System\xCburRo.exe
  C:\Windows\System\xCburRo.exe
  2⤵
  PID:7972
- C:\Windows\System\mqYofmt.exe
  C:\Windows\System\mqYofmt.exe
  2⤵
  PID:7984
- C:\Windows\System\eKkqSdj.exe
  C:\Windows\System\eKkqSdj.exe
  2⤵
  PID:8064
- C:\Windows\System\OVvicfs.exe
  C:\Windows\System\OVvicfs.exe
  2⤵
  PID:8068
- C:\Windows\System\dqglwVL.exe
  C:\Windows\System\dqglwVL.exe
  2⤵
  PID:8132
- C:\Windows\System\gvRgkYA.exe
  C:\Windows\System\gvRgkYA.exe
  2⤵
  PID:6204
- C:\Windows\System\TfPbszl.exe
  C:\Windows\System\TfPbszl.exe
  2⤵
  PID:7320
- C:\Windows\System\gBWimtp.exe
  C:\Windows\System\gBWimtp.exe
  2⤵
  PID:8112
- C:\Windows\System\jRYvHjS.exe
  C:\Windows\System\jRYvHjS.exe
  2⤵
  PID:7612
- C:\Windows\System\RvCVMmb.exe
  C:\Windows\System\RvCVMmb.exe
  2⤵
  PID:7260
- C:\Windows\System\XYKUUjW.exe
  C:\Windows\System\XYKUUjW.exe
  2⤵
  PID:7368
- C:\Windows\System\HQZfzzU.exe
  C:\Windows\System\HQZfzzU.exe
  2⤵
  PID:7488
- C:\Windows\System\VgeCfmi.exe
  C:\Windows\System\VgeCfmi.exe
  2⤵
  PID:7472
- C:\Windows\System\ZGhkgEl.exe
  C:\Windows\System\ZGhkgEl.exe
  2⤵
  PID:7680
- C:\Windows\System\ZtscuwI.exe
  C:\Windows\System\ZtscuwI.exe
  2⤵
  PID:7548
- C:\Windows\System\aUWvAQX.exe
  C:\Windows\System\aUWvAQX.exe
  2⤵
  PID:7596
- C:\Windows\System\GLbXYue.exe
  C:\Windows\System\GLbXYue.exe
  2⤵
  PID:7968
- C:\Windows\System\xemVSks.exe
  C:\Windows\System\xemVSks.exe
  2⤵
  PID:7568
- C:\Windows\System\qLQzjco.exe
  C:\Windows\System\qLQzjco.exe
  2⤵
  PID:7904
- C:\Windows\System\EDgttNz.exe
  C:\Windows\System\EDgttNz.exe
  2⤵
  PID:7744
- C:\Windows\System\SIisltZ.exe
  C:\Windows\System\SIisltZ.exe
  2⤵
  PID:8016
- C:\Windows\System\gnmgCqq.exe
  C:\Windows\System\gnmgCqq.exe
  2⤵
  PID:8048
- C:\Windows\System\CbFRmlO.exe
  C:\Windows\System\CbFRmlO.exe
  2⤵
  PID:8052
- C:\Windows\System\BbEmTzY.exe
  C:\Windows\System\BbEmTzY.exe
  2⤵
  PID:7240
- C:\Windows\System\FiuZsuh.exe
  C:\Windows\System\FiuZsuh.exe
  2⤵
  PID:7416
- C:\Windows\System\QFzKMmf.exe
  C:\Windows\System\QFzKMmf.exe
  2⤵
  PID:7448
- C:\Windows\System\BjQWpKb.exe
  C:\Windows\System\BjQWpKb.exe
  2⤵
  PID:7620
- C:\Windows\System\ijTaBFB.exe
  C:\Windows\System\ijTaBFB.exe
  2⤵
  PID:8004
- C:\Windows\System\zIKkFLN.exe
  C:\Windows\System\zIKkFLN.exe
  2⤵
  PID:8164
- C:\Windows\System\BwmgaPs.exe
  C:\Windows\System\BwmgaPs.exe
  2⤵
  PID:7872
- C:\Windows\System\sIyChuP.exe
  C:\Windows\System\sIyChuP.exe
  2⤵
  PID:7484
- C:\Windows\System\RkpCORd.exe
  C:\Windows\System\RkpCORd.exe
  2⤵
  PID:8100
- C:\Windows\System\UZTIGiL.exe
  C:\Windows\System\UZTIGiL.exe
  2⤵
  PID:7668
- C:\Windows\System\XhtLUcm.exe
  C:\Windows\System\XhtLUcm.exe
  2⤵
  PID:7824
- C:\Windows\System\KOQbVqI.exe
  C:\Windows\System\KOQbVqI.exe
  2⤵
  PID:7952
- C:\Windows\System\igHRKYv.exe
  C:\Windows\System\igHRKYv.exe
  2⤵
  PID:8176
- C:\Windows\System\JPOAUyd.exe
  C:\Windows\System\JPOAUyd.exe
  2⤵
  PID:8204
- C:\Windows\System\MBIRNzI.exe
  C:\Windows\System\MBIRNzI.exe
  2⤵
  PID:8220
- C:\Windows\System\vQQHwsy.exe
  C:\Windows\System\vQQHwsy.exe
  2⤵
  PID:8236
- C:\Windows\System\ZmMpmvn.exe
  C:\Windows\System\ZmMpmvn.exe
  2⤵
  PID:8252
- C:\Windows\System\tSDTBaS.exe
  C:\Windows\System\tSDTBaS.exe
  2⤵
  PID:8268
- C:\Windows\System\XIZegkB.exe
  C:\Windows\System\XIZegkB.exe
  2⤵
  PID:8284
- C:\Windows\System\LjHXXvl.exe
  C:\Windows\System\LjHXXvl.exe
  2⤵
  PID:8300
- C:\Windows\System\yQgyhEj.exe
  C:\Windows\System\yQgyhEj.exe
  2⤵
  PID:8316
- C:\Windows\System\KEgznHj.exe
  C:\Windows\System\KEgznHj.exe
  2⤵
  PID:8332
- C:\Windows\System\usbkeDy.exe
  C:\Windows\System\usbkeDy.exe
  2⤵
  PID:8348
- C:\Windows\System\VjZKogz.exe
  C:\Windows\System\VjZKogz.exe
  2⤵
  PID:8364
- C:\Windows\System\gtDiabY.exe
  C:\Windows\System\gtDiabY.exe
  2⤵
  PID:8380
- C:\Windows\System\JOeXHCn.exe
  C:\Windows\System\JOeXHCn.exe
  2⤵
  PID:8396
- C:\Windows\System\eCifcCC.exe
  C:\Windows\System\eCifcCC.exe
  2⤵
  PID:8412
- C:\Windows\System\wHtqcjw.exe
  C:\Windows\System\wHtqcjw.exe
  2⤵
  PID:8428
- C:\Windows\System\zyqytFy.exe
  C:\Windows\System\zyqytFy.exe
  2⤵
  PID:8444
- C:\Windows\System\HuQdzzt.exe
  C:\Windows\System\HuQdzzt.exe
  2⤵
  PID:8460
- C:\Windows\System\odgqisL.exe
  C:\Windows\System\odgqisL.exe
  2⤵
  PID:8476
- C:\Windows\System\Esdscxc.exe
  C:\Windows\System\Esdscxc.exe
  2⤵
  PID:8492
- C:\Windows\System\PtjUvhC.exe
  C:\Windows\System\PtjUvhC.exe
  2⤵
  PID:8508
- C:\Windows\System\YHLdLsU.exe
  C:\Windows\System\YHLdLsU.exe
  2⤵
  PID:8524
- C:\Windows\System\kpFinKX.exe
  C:\Windows\System\kpFinKX.exe
  2⤵
  PID:8540
- C:\Windows\System\MVJUKfK.exe
  C:\Windows\System\MVJUKfK.exe
  2⤵
  PID:8560
- C:\Windows\System\oUQUpPY.exe
  C:\Windows\System\oUQUpPY.exe
  2⤵
  PID:8576
- C:\Windows\System\aHLzCSI.exe
  C:\Windows\System\aHLzCSI.exe
  2⤵
  PID:8592
- C:\Windows\System\bpVNWok.exe
  C:\Windows\System\bpVNWok.exe
  2⤵
  PID:8608
- C:\Windows\System\PbIcjqe.exe
  C:\Windows\System\PbIcjqe.exe
  2⤵
  PID:8624
- C:\Windows\System\kelMSfr.exe
  C:\Windows\System\kelMSfr.exe
  2⤵
  PID:8640
- C:\Windows\System\SHRZDYQ.exe
  C:\Windows\System\SHRZDYQ.exe
  2⤵
  PID:8656
- C:\Windows\System\CKlCQuK.exe
  C:\Windows\System\CKlCQuK.exe
  2⤵
  PID:8672
- C:\Windows\System\biWoBhg.exe
  C:\Windows\System\biWoBhg.exe
  2⤵
  PID:8688
- C:\Windows\System\xQfbMHm.exe
  C:\Windows\System\xQfbMHm.exe
  2⤵
  PID:8704
- C:\Windows\System\YdOYQTb.exe
  C:\Windows\System\YdOYQTb.exe
  2⤵
  PID:8720
- C:\Windows\System\kbxgGVD.exe
  C:\Windows\System\kbxgGVD.exe
  2⤵
  PID:8736
- C:\Windows\System\PmMrAtK.exe
  C:\Windows\System\PmMrAtK.exe
  2⤵
  PID:8752
- C:\Windows\System\aEIuqHs.exe
  C:\Windows\System\aEIuqHs.exe
  2⤵
  PID:8768
- C:\Windows\System\lqQKJCP.exe
  C:\Windows\System\lqQKJCP.exe
  2⤵
  PID:8784
- C:\Windows\System\CIjRGDP.exe
  C:\Windows\System\CIjRGDP.exe
  2⤵
  PID:8800
- C:\Windows\System\dETOErg.exe
  C:\Windows\System\dETOErg.exe
  2⤵
  PID:8816
- C:\Windows\System\VfBLXrt.exe
  C:\Windows\System\VfBLXrt.exe
  2⤵
  PID:8832
- C:\Windows\System\KsPfNLi.exe
  C:\Windows\System\KsPfNLi.exe
  2⤵
  PID:8848
- C:\Windows\System\WmkuBou.exe
  C:\Windows\System\WmkuBou.exe
  2⤵
  PID:8864
- C:\Windows\System\uwdafBr.exe
  C:\Windows\System\uwdafBr.exe
  2⤵
  PID:8880
- C:\Windows\System\bimTioS.exe
  C:\Windows\System\bimTioS.exe
  2⤵
  PID:8896
- C:\Windows\System\cimXnOA.exe
  C:\Windows\System\cimXnOA.exe
  2⤵
  PID:8912
- C:\Windows\System\hmOXMql.exe
  C:\Windows\System\hmOXMql.exe
  2⤵
  PID:8928
- C:\Windows\System\IkOVjIi.exe
  C:\Windows\System\IkOVjIi.exe
  2⤵
  PID:8944
- C:\Windows\System\rguIUCE.exe
  C:\Windows\System\rguIUCE.exe
  2⤵
  PID:8960
- C:\Windows\System\zMTDLLb.exe
  C:\Windows\System\zMTDLLb.exe
  2⤵
  PID:8976
- C:\Windows\System\kABLNmF.exe
  C:\Windows\System\kABLNmF.exe
  2⤵
  PID:8992
- C:\Windows\System\rsaawED.exe
  C:\Windows\System\rsaawED.exe
  2⤵
  PID:9008
- C:\Windows\System\hSuEFzY.exe
  C:\Windows\System\hSuEFzY.exe
  2⤵
  PID:9024
- C:\Windows\System\TBfLTtv.exe
  C:\Windows\System\TBfLTtv.exe
  2⤵
  PID:9040
- C:\Windows\System\PiJUhFV.exe
  C:\Windows\System\PiJUhFV.exe
  2⤵
  PID:9056
- C:\Windows\System\ZSVQbWn.exe
  C:\Windows\System\ZSVQbWn.exe
  2⤵
  PID:9072
- C:\Windows\System\yPlSLNc.exe
  C:\Windows\System\yPlSLNc.exe
  2⤵
  PID:9092
- C:\Windows\System\yssvMLP.exe
  C:\Windows\System\yssvMLP.exe
  2⤵
  PID:9108
- C:\Windows\System\XNZOweB.exe
  C:\Windows\System\XNZOweB.exe
  2⤵
  PID:9124
- C:\Windows\System\duERUVm.exe
  C:\Windows\System\duERUVm.exe
  2⤵
  PID:9140
- C:\Windows\System\ahhHCmI.exe
  C:\Windows\System\ahhHCmI.exe
  2⤵
  PID:9156
- C:\Windows\System\vBxzcsF.exe
  C:\Windows\System\vBxzcsF.exe
  2⤵
  PID:9172
- C:\Windows\System\lhjVRBa.exe
  C:\Windows\System\lhjVRBa.exe
  2⤵
  PID:9188
- C:\Windows\System\HKIzAfw.exe
  C:\Windows\System\HKIzAfw.exe
  2⤵
  PID:9204
- C:\Windows\System\hPFDTOl.exe
  C:\Windows\System\hPFDTOl.exe
  2⤵
  PID:7892
- C:\Windows\System\OayELVr.exe
  C:\Windows\System\OayELVr.exe
  2⤵
  PID:8196
- C:\Windows\System\KpptOYp.exe
  C:\Windows\System\KpptOYp.exe
  2⤵
  PID:8244
- C:\Windows\System\CySHAel.exe
  C:\Windows\System\CySHAel.exe
  2⤵
  PID:8212
- C:\Windows\System\kTZKMLe.exe
  C:\Windows\System\kTZKMLe.exe
  2⤵
  PID:8264
- C:\Windows\System\jJWuwOz.exe
  C:\Windows\System\jJWuwOz.exe
  2⤵
  PID:8328
- C:\Windows\System\pPFsdXC.exe
  C:\Windows\System\pPFsdXC.exe
  2⤵
  PID:8376
- C:\Windows\System\XKTcqWx.exe
  C:\Windows\System\XKTcqWx.exe
  2⤵
  PID:8404
- C:\Windows\System\iBsFnHd.exe
  C:\Windows\System\iBsFnHd.exe
  2⤵
  PID:8436
- C:\Windows\System\cOYXmXf.exe
  C:\Windows\System\cOYXmXf.exe
  2⤵
  PID:8500
- C:\Windows\System\jgBHADy.exe
  C:\Windows\System\jgBHADy.exe
  2⤵
  PID:8604
- C:\Windows\System\uUhmKEa.exe
  C:\Windows\System\uUhmKEa.exe
  2⤵
  PID:8388
- C:\Windows\System\IbpWNbF.exe
  C:\Windows\System\IbpWNbF.exe
  2⤵
  PID:8700
- C:\Windows\System\JcFOMRe.exe
  C:\Windows\System\JcFOMRe.exe
  2⤵
  PID:8548
- C:\Windows\System\mFrOeEy.exe
  C:\Windows\System\mFrOeEy.exe
  2⤵
  PID:8792
- C:\Windows\System\CQtNEpF.exe
  C:\Windows\System\CQtNEpF.exe
  2⤵
  PID:8860
- C:\Windows\System\twnGVVb.exe
  C:\Windows\System\twnGVVb.exe
  2⤵
  PID:8424
- C:\Windows\System\zeCTVdK.exe
  C:\Windows\System\zeCTVdK.exe
  2⤵
  PID:8452
- C:\Windows\System\BobQgLz.exe
  C:\Windows\System\BobQgLz.exe
  2⤵
  PID:8516
- C:\Windows\System\TFXaKJH.exe
  C:\Windows\System\TFXaKJH.exe
  2⤵
  PID:8952
- C:\Windows\System\HtBIHbW.exe
  C:\Windows\System\HtBIHbW.exe
  2⤵
  PID:8988
- C:\Windows\System\PfOoDEO.exe
  C:\Windows\System\PfOoDEO.exe
  2⤵
  PID:8648
- C:\Windows\System\LYjCFwB.exe
  C:\Windows\System\LYjCFwB.exe
  2⤵
  PID:8808
- C:\Windows\System\aCbBXDr.exe
  C:\Windows\System\aCbBXDr.exe
  2⤵
  PID:8780
- C:\Windows\System\OjlLybw.exe
  C:\Windows\System\OjlLybw.exe
  2⤵
  PID:8904
- C:\Windows\System\ucMcohO.exe
  C:\Windows\System\ucMcohO.exe
  2⤵
  PID:8968
- C:\Windows\System\dDzLQhc.exe
  C:\Windows\System\dDzLQhc.exe
  2⤵
  PID:9032
- C:\Windows\System\CfJqXsm.exe
  C:\Windows\System\CfJqXsm.exe
  2⤵
  PID:9036
- C:\Windows\System\ISeVexR.exe
  C:\Windows\System\ISeVexR.exe
  2⤵
  PID:9088
- C:\Windows\System\GyPqtSg.exe
  C:\Windows\System\GyPqtSg.exe
  2⤵
  PID:9104
- C:\Windows\System\EKBrxQF.exe
  C:\Windows\System\EKBrxQF.exe
  2⤵
  PID:9152
- C:\Windows\System\QPgkxAU.exe
  C:\Windows\System\QPgkxAU.exe
  2⤵
  PID:9212
- C:\Windows\System\YrLyivz.exe
  C:\Windows\System\YrLyivz.exe
  2⤵
  PID:9164
- C:\Windows\System\kMsUfyL.exe
  C:\Windows\System\kMsUfyL.exe
  2⤵
  PID:8344
- C:\Windows\System\PpOOmNd.exe
  C:\Windows\System\PpOOmNd.exe
  2⤵
  PID:8536
- C:\Windows\System\tYIUIDP.exe
  C:\Windows\System\tYIUIDP.exe
  2⤵
  PID:7956
- C:\Windows\System\lyASddj.exe
  C:\Windows\System\lyASddj.exe
  2⤵
  PID:8324
- C:\Windows\System\DxRjAnM.exe
  C:\Windows\System\DxRjAnM.exe
  2⤵
  PID:8468
- C:\Windows\System\hRzNMYo.exe
  C:\Windows\System\hRzNMYo.exe
  2⤵
  PID:8696
- C:\Windows\System\LdYqxqt.exe
  C:\Windows\System\LdYqxqt.exe
  2⤵
  PID:8484
- C:\Windows\System\zuqtbhl.exe
  C:\Windows\System\zuqtbhl.exe
  2⤵
  PID:8684
- C:\Windows\System\wcGROGH.exe
  C:\Windows\System\wcGROGH.exe
  2⤵
  PID:8732
- C:\Windows\System\QLEOXyl.exe
  C:\Windows\System\QLEOXyl.exe
  2⤵
  PID:8744
- C:\Windows\System\XqwLvES.exe
  C:\Windows\System\XqwLvES.exe
  2⤵
  PID:8984
- C:\Windows\System\lkBHRBy.exe
  C:\Windows\System\lkBHRBy.exe
  2⤵
  PID:8748
- C:\Windows\System\XzptrZt.exe
  C:\Windows\System\XzptrZt.exe
  2⤵
  PID:8872
- C:\Windows\System\bgpySRM.exe
  C:\Windows\System\bgpySRM.exe
  2⤵
  PID:9068
- C:\Windows\System\uHptAzv.exe
  C:\Windows\System\uHptAzv.exe
  2⤵
  PID:9052
- C:\Windows\System\pzVYBLT.exe
  C:\Windows\System\pzVYBLT.exe
  2⤵
  PID:9100
- C:\Windows\System\ZYORRtC.exe
  C:\Windows\System\ZYORRtC.exe
  2⤵
  PID:8408
- C:\Windows\System\EOVYhlm.exe
  C:\Windows\System\EOVYhlm.exe
  2⤵
  PID:8532
- C:\Windows\System\tlZodwl.exe
  C:\Windows\System\tlZodwl.exe
  2⤵
  PID:8588
- C:\Windows\System\uUTJisY.exe
  C:\Windows\System\uUTJisY.exe
  2⤵
  PID:9016
- C:\Windows\System\yZsADyg.exe
  C:\Windows\System\yZsADyg.exe
  2⤵
  PID:9136
- C:\Windows\System\LHCuVhL.exe
  C:\Windows\System\LHCuVhL.exe
  2⤵
  PID:8716
- C:\Windows\System\ppQYzuO.exe
  C:\Windows\System\ppQYzuO.exe
  2⤵
  PID:8356
- C:\Windows\System\CsHEOYx.exe
  C:\Windows\System\CsHEOYx.exe
  2⤵
  PID:8636
- C:\Windows\System\OjYXQwp.exe
  C:\Windows\System\OjYXQwp.exe
  2⤵
  PID:8824
- C:\Windows\System\SXWKHZl.exe
  C:\Windows\System\SXWKHZl.exe
  2⤵
  PID:8420
- C:\Windows\System\cYvtqan.exe
  C:\Windows\System\cYvtqan.exe
  2⤵
  PID:9148
- C:\Windows\System\xFLwSMY.exe
  C:\Windows\System\xFLwSMY.exe
  2⤵
  PID:9224
- C:\Windows\System\tiXPJKF.exe
  C:\Windows\System\tiXPJKF.exe
  2⤵
  PID:9240
- C:\Windows\System\CUIeezu.exe
  C:\Windows\System\CUIeezu.exe
  2⤵
  PID:9256
- C:\Windows\System\EgAgVoT.exe
  C:\Windows\System\EgAgVoT.exe
  2⤵
  PID:9272
- C:\Windows\System\sTMDFql.exe
  C:\Windows\System\sTMDFql.exe
  2⤵
  PID:9288
- C:\Windows\System\FEQUGMS.exe
  C:\Windows\System\FEQUGMS.exe
  2⤵
  PID:9304
- C:\Windows\System\DFqiBoI.exe
  C:\Windows\System\DFqiBoI.exe
  2⤵
  PID:9320
- C:\Windows\System\frvogVt.exe
  C:\Windows\System\frvogVt.exe
  2⤵
  PID:9336
- C:\Windows\System\UPpgpgR.exe
  C:\Windows\System\UPpgpgR.exe
  2⤵
  PID:9352
- C:\Windows\System\Mkhsctu.exe
  C:\Windows\System\Mkhsctu.exe
  2⤵
  PID:9368
- C:\Windows\System\kaxmRjD.exe
  C:\Windows\System\kaxmRjD.exe
  2⤵
  PID:9384
- C:\Windows\System\HSZvmtn.exe
  C:\Windows\System\HSZvmtn.exe
  2⤵
  PID:9400
- C:\Windows\System\GWRCbZK.exe
  C:\Windows\System\GWRCbZK.exe
  2⤵
  PID:9416
- C:\Windows\System\LaKSitp.exe
  C:\Windows\System\LaKSitp.exe
  2⤵
  PID:9432
- C:\Windows\System\ctvwaPY.exe
  C:\Windows\System\ctvwaPY.exe
  2⤵
  PID:9448
- C:\Windows\System\JfXChEN.exe
  C:\Windows\System\JfXChEN.exe
  2⤵
  PID:9464
- C:\Windows\System\hwdmvdP.exe
  C:\Windows\System\hwdmvdP.exe
  2⤵
  PID:9480
- C:\Windows\System\pPhHbMI.exe
  C:\Windows\System\pPhHbMI.exe
  2⤵
  PID:9496
- C:\Windows\System\qTwBkjP.exe
  C:\Windows\System\qTwBkjP.exe
  2⤵
  PID:9512
- C:\Windows\System\IzCyHxJ.exe
  C:\Windows\System\IzCyHxJ.exe
  2⤵
  PID:9528
- C:\Windows\System\Pjsffrm.exe
  C:\Windows\System\Pjsffrm.exe
  2⤵
  PID:9544
- C:\Windows\System\VlOmPjT.exe
  C:\Windows\System\VlOmPjT.exe
  2⤵
  PID:9560
- C:\Windows\System\bRoLLeW.exe
  C:\Windows\System\bRoLLeW.exe
  2⤵
  PID:9576
- C:\Windows\System\YNgTLFP.exe
  C:\Windows\System\YNgTLFP.exe
  2⤵
  PID:9592
- C:\Windows\System\ddlYGuS.exe
  C:\Windows\System\ddlYGuS.exe
  2⤵
  PID:9608
- C:\Windows\System\NTlaEbW.exe
  C:\Windows\System\NTlaEbW.exe
  2⤵
  PID:9624
- C:\Windows\System\kqzOfmn.exe
  C:\Windows\System\kqzOfmn.exe
  2⤵
  PID:9640
- C:\Windows\System\AEyFCjX.exe
  C:\Windows\System\AEyFCjX.exe
  2⤵
  PID:9656
- C:\Windows\System\nnYNMGz.exe
  C:\Windows\System\nnYNMGz.exe
  2⤵
  PID:9672
- C:\Windows\System\eRraNUY.exe
  C:\Windows\System\eRraNUY.exe
  2⤵
  PID:9688
- C:\Windows\System\PxJUJlH.exe
  C:\Windows\System\PxJUJlH.exe
  2⤵
  PID:9704
- C:\Windows\System\OCkHkfm.exe
  C:\Windows\System\OCkHkfm.exe
  2⤵
  PID:9720
- C:\Windows\System\dGuuZof.exe
  C:\Windows\System\dGuuZof.exe
  2⤵
  PID:9736
- C:\Windows\System\CdSNZHS.exe
  C:\Windows\System\CdSNZHS.exe
  2⤵
  PID:9752
- C:\Windows\System\DZfROaf.exe
  C:\Windows\System\DZfROaf.exe
  2⤵
  PID:9772
- C:\Windows\System\gZHHajG.exe
  C:\Windows\System\gZHHajG.exe
  2⤵
  PID:9788
- C:\Windows\System\rjQXNpD.exe
  C:\Windows\System\rjQXNpD.exe
  2⤵
  PID:9804
- C:\Windows\System\imMbdOF.exe
  C:\Windows\System\imMbdOF.exe
  2⤵
  PID:9820
- C:\Windows\System\iAwrYVt.exe
  C:\Windows\System\iAwrYVt.exe
  2⤵
  PID:9836
- C:\Windows\System\QlCEYTJ.exe
  C:\Windows\System\QlCEYTJ.exe
  2⤵
  PID:9852
- C:\Windows\System\SAPyEpu.exe
  C:\Windows\System\SAPyEpu.exe
  2⤵
  PID:9868
- C:\Windows\System\AxvexoG.exe
  C:\Windows\System\AxvexoG.exe
  2⤵
  PID:9884
- C:\Windows\System\hJGZaba.exe
  C:\Windows\System\hJGZaba.exe
  2⤵
  PID:9900
- C:\Windows\System\pEmgQUJ.exe
  C:\Windows\System\pEmgQUJ.exe
  2⤵
  PID:9916
- C:\Windows\System\sOftemb.exe
  C:\Windows\System\sOftemb.exe
  2⤵
  PID:9932
- C:\Windows\System\hCgiIuh.exe
  C:\Windows\System\hCgiIuh.exe
  2⤵
  PID:9948
- C:\Windows\System\kgtlfIb.exe
  C:\Windows\System\kgtlfIb.exe
  2⤵
  PID:9964
- C:\Windows\System\PnOZPrl.exe
  C:\Windows\System\PnOZPrl.exe
  2⤵
  PID:9980
- C:\Windows\System\NMmLbbq.exe
  C:\Windows\System\NMmLbbq.exe
  2⤵
  PID:9996
- C:\Windows\System\EJRsdzg.exe
  C:\Windows\System\EJRsdzg.exe
  2⤵
  PID:10012
- C:\Windows\System\HCPBfEL.exe
  C:\Windows\System\HCPBfEL.exe
  2⤵
  PID:10028
- C:\Windows\System\bGoHHBO.exe
  C:\Windows\System\bGoHHBO.exe
  2⤵
  PID:10044
- C:\Windows\System\macnUTS.exe
  C:\Windows\System\macnUTS.exe
  2⤵
  PID:10060
- C:\Windows\System\GmngWQh.exe
  C:\Windows\System\GmngWQh.exe
  2⤵
  PID:10080
- C:\Windows\System\rlqqTTC.exe
  C:\Windows\System\rlqqTTC.exe
  2⤵
  PID:10096
- C:\Windows\System\lRfZSlX.exe
  C:\Windows\System\lRfZSlX.exe
  2⤵
  PID:10112
- C:\Windows\System\YtWLPKh.exe
  C:\Windows\System\YtWLPKh.exe
  2⤵
  PID:10128
- C:\Windows\System\kKpyKff.exe
  C:\Windows\System\kKpyKff.exe
  2⤵
  PID:10144
- C:\Windows\System\gvdhtfu.exe
  C:\Windows\System\gvdhtfu.exe
  2⤵
  PID:10160
- C:\Windows\System\ZOvjkFn.exe
  C:\Windows\System\ZOvjkFn.exe
  2⤵
  PID:10176
- C:\Windows\System\BjFBTqN.exe
  C:\Windows\System\BjFBTqN.exe
  2⤵
  PID:10192
- C:\Windows\System\MJbCrSg.exe
  C:\Windows\System\MJbCrSg.exe
  2⤵
  PID:10208
- C:\Windows\System\LieroaY.exe
  C:\Windows\System\LieroaY.exe
  2⤵
  PID:10224
- C:\Windows\System\JtyJwLc.exe
  C:\Windows\System\JtyJwLc.exe
  2⤵
  PID:9168
- C:\Windows\System\VUIpFbd.exe
  C:\Windows\System\VUIpFbd.exe
  2⤵
  PID:8032
- C:\Windows\System\PwOZbDQ.exe
  C:\Windows\System\PwOZbDQ.exe
  2⤵
  PID:8936
- C:\Windows\System\YTwcSyQ.exe
  C:\Windows\System\YTwcSyQ.exe
  2⤵
  PID:8924
- C:\Windows\System\AHGIEId.exe
  C:\Windows\System\AHGIEId.exe
  2⤵
  PID:8632
- C:\Windows\System\usgFyKo.exe
  C:\Windows\System\usgFyKo.exe
  2⤵
  PID:9284
- C:\Windows\System\uSKPIlK.exe
  C:\Windows\System\uSKPIlK.exe
  2⤵
  PID:9316
- C:\Windows\System\ALHpWjh.exe
  C:\Windows\System\ALHpWjh.exe
  2⤵
  PID:9380
- C:\Windows\System\lwzVgOF.exe
  C:\Windows\System\lwzVgOF.exe
  2⤵
  PID:8556
- C:\Windows\System\idraWqx.exe
  C:\Windows\System\idraWqx.exe
  2⤵
  PID:9424
- C:\Windows\System\ZcFsVUs.exe
  C:\Windows\System\ZcFsVUs.exe
  2⤵
  PID:9504
- C:\Windows\System\ZDHVVtJ.exe
  C:\Windows\System\ZDHVVtJ.exe
  2⤵
  PID:9568
- C:\Windows\System\nHXEkeg.exe
  C:\Windows\System\nHXEkeg.exe
  2⤵
  PID:9632
- C:\Windows\System\VJnhAiK.exe
  C:\Windows\System\VJnhAiK.exe
  2⤵
  PID:9460
- C:\Windows\System\ATsdFPP.exe
  C:\Windows\System\ATsdFPP.exe
  2⤵
  PID:9488
- C:\Windows\System\NEyTLbl.exe
  C:\Windows\System\NEyTLbl.exe
  2⤵
  PID:9668
- C:\Windows\System\tOMNfid.exe
  C:\Windows\System\tOMNfid.exe
  2⤵
  PID:9552
- C:\Windows\System\owYqlvG.exe
  C:\Windows\System\owYqlvG.exe
  2⤵
  PID:9732
- C:\Windows\System\lUNuAlx.exe
  C:\Windows\System\lUNuAlx.exe
  2⤵
  PID:9744
- C:\Windows\System\dwzMNcI.exe
  C:\Windows\System\dwzMNcI.exe
  2⤵
  PID:9764
- C:\Windows\System\pLzRylY.exe
  C:\Windows\System\pLzRylY.exe
  2⤵
  PID:9780
- C:\Windows\System\gcRjPlH.exe
  C:\Windows\System\gcRjPlH.exe
  2⤵
  PID:9812
- C:\Windows\System\AHRlozk.exe
  C:\Windows\System\AHRlozk.exe
  2⤵
  PID:9864
- C:\Windows\System\UHQBMET.exe
  C:\Windows\System\UHQBMET.exe
  2⤵
  PID:9928
- C:\Windows\System\LJvhbvE.exe
  C:\Windows\System\LJvhbvE.exe
  2⤵
  PID:9844
- C:\Windows\System\wfoAsPX.exe
  C:\Windows\System\wfoAsPX.exe
  2⤵
  PID:9880
- C:\Windows\System\jtphnJB.exe
  C:\Windows\System\jtphnJB.exe
  2⤵
  PID:9944
- C:\Windows\System\fwZSFyX.exe
  C:\Windows\System\fwZSFyX.exe
  2⤵
  PID:10024
- C:\Windows\System\hEJfOtB.exe
  C:\Windows\System\hEJfOtB.exe
  2⤵
  PID:10052
- C:\Windows\System\goLJbDg.exe
  C:\Windows\System\goLJbDg.exe
  2⤵
  PID:10072
- C:\Windows\System\NRpHCtj.exe
  C:\Windows\System\NRpHCtj.exe
  2⤵
  PID:10124
- C:\Windows\System\lBFPrsp.exe
  C:\Windows\System\lBFPrsp.exe
  2⤵
  PID:10076
- C:\Windows\System\bluFnLf.exe
  C:\Windows\System\bluFnLf.exe
  2⤵
  PID:10108
- C:\Windows\System\QcVUUoy.exe
  C:\Windows\System\QcVUUoy.exe
  2⤵
  PID:10200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ALnHJZQ.exe

Filesize
6.0MB

MD5
ef89fcc489c6c7239f94c34f3fd0a102

SHA1
53e474c87009c7f6d22f74400018815e15c77784

SHA256
d312479dd9b52644b98571b5facf12aadbd7e8cfb9143e2d0dc8c466e266b68e

SHA512
dd963150b0947582262d13f7b8da5feae10bebf5b19ad366ac1a0ee97cbba13637b6f47e880077b0eaf568480257ef411b237682de8ca5cbf8b9ae0d46c74807

Download Submit
C:\Windows\system\BqXHaiZ.exe

Filesize
6.0MB

MD5
ccaeecdda54dec8775843c0bf8fc3c25

SHA1
d8a8ee0fe905ad911223665d62d73c735822977e

SHA256
3f06f996bc0eae6d9d4ef5ad5d1763b766fe40a2a174c75730f97fc41c266e3f

SHA512
4ee7a4f1e11fd041f0acda93a0c48ddd92b1d5018a1175e9c241ff9abfa4dcc27faf27f8e888fc0cff240275e67aac0fd0561d3c38b5ded92f8b34ca875fe1a2

Download Submit
C:\Windows\system\FVLhjgC.exe

Filesize
6.0MB

MD5
4faa40a816534184add473cecacdd801

SHA1
2c19f864f2469d6152374497433659c17fba1adc

SHA256
e3b0b182261d89b0f27634f00739a8b4eb89b88cb7b4c70674bc1eee49b4bf52

SHA512
3bcb32f0c142f9c801b97eccf7e9110649d2b71d0a3b7a8081d08f29acbffdcb40618ec53ce042b4727f85504d01e9a4d25ca31dd370e0bb88bc5cb5a5b4e36f

Download Submit
C:\Windows\system\JTeFNix.exe

Filesize
6.0MB

MD5
74a3066db04125c1a8214f4a705ebc99

SHA1
2204448cc1a606f02c12f9238c5bb6d44b440b72

SHA256
dd6c8254a2ec40cdc045126f07406a2d4a92f1a785189659bc4456c1d9f72356

SHA512
39813bca722a9745312230c7036de48a32f6db7b8ce799a228c19131a8e1665b66ad6f21fd4c93542e08e8504b57b23a050f022187205a0054c512d95f3fd65e

Download Submit
C:\Windows\system\JYRnAqg.exe

Filesize
6.0MB

MD5
8e8b44b5aba2fef99c84e3d3a65ac6e0

SHA1
3cfc5c29cae6fab8a8b5d9f81f76517d535253b8

SHA256
a92e6f30a24007f1c7054e66df17fcdb09a285bbc35b2b4ed6d0b17ab727b458

SHA512
c22d2cccc98f8bb2cd18d413e5eee90092ed0bcd17a6e8f79fac39b77809b645dd83fea61bb250f603763b7f6de3e824313d159fcbe24aaf52b7402ab08d2b2e

Download Submit
C:\Windows\system\LXpmToi.exe

Filesize
6.0MB

MD5
a8fbfad073dae03df59f878c424d2e3d

SHA1
869f52b635603ce2e64db8bcce1adf1e8f7ec9ad

SHA256
57d5788cddaefb6deb7d66a64fa27783ba723020d3319446c06408af54aa3123

SHA512
9bf039369de144cffa5a10d947631e40c249cecc5f8faac81c050db91425d148efee5b0dc32de28e61353c1f35b2f4407b5685e3aa0a91229c830fa2bca90eb9

Download Submit
C:\Windows\system\NMLbnmS.exe

Filesize
6.0MB

MD5
230518371daba732c2ae035bf253fd7e

SHA1
9622c3084567dd37b309a7940d1425db685dfa8e

SHA256
c6b02b1050f81afe65a410daec529523e35471b31a3a799279beaa134b0b92b7

SHA512
c516e2d1a431894621fe98c86b93d9cb38f680d62294e4116f810897a4c91fdf44ff0f5ae369d6e1051c80e2570e46c6b73ea4a7fac693e12dfd74fc6770b6ee

Download Submit
C:\Windows\system\NmlMePU.exe

Filesize
6.0MB

MD5
52ee145fed647021d120e4442bff4e37

SHA1
0f46754f12755990ca602318374eb20e378aa94a

SHA256
e91fdf97e7955532e6ca890863003488a8727d2aac3f24e30337306287a77ae1

SHA512
cc8b98d9f0e6c36433b747ad6bed5aa7b258dd249820f8ecf71fc62cce726019e81686b29a38dc21268fbc336079e44167902be580cf0f1e60176c8c708e7b06

Download Submit
C:\Windows\system\QQrrwef.exe

Filesize
6.0MB

MD5
64cbda70f1639f06625f966473a9c7a1

SHA1
17476147f1742af52b6dd2fed6cca7c20f44f31d

SHA256
503d35af216e7ce79399ec32fc3efc78da594d274651303a67bd9c1096c5ecf7

SHA512
7a05b369a844eaeb728d8e2b1ff404d78c998b29182c67406fac9c986c1d9c00f139518104364b0b1501fd654ad1166ba54fb2d1e07b50f8d7b5cbaa6317560b

Download Submit
C:\Windows\system\RvUtwBX.exe

Filesize
6.0MB

MD5
084903f4cbace1d8b5b3123a8211d71f

SHA1
76ef9e6f6f4d9ca638abdebf9b316d10728378cf

SHA256
c9a1045cfaffbd1be9e8b82c3429616bbe304039e9f504dc85cee15632283855

SHA512
5efc128f1094daba2a98ca58b435a4e5dda5d20fc958fdc9ac663d4e6841d28775fc3749613570a8dd39bfc0b99823f345a2b819c9ba6a38893022d0b9d220b4

Download Submit
C:\Windows\system\TNnhvPS.exe

Filesize
6.0MB

MD5
8870c663ad88c1423b7f471e4f84f336

SHA1
810900f13176366cb62a70753666b84d892d27d9

SHA256
894c12c33eb4433ab72e17c397fe915b1abbc8d2e68b534e1e8d8f5a843a87db

SHA512
99ba44988abf2dad6efa4609228fbf81e8ce144bcc2ffc5804f418f374398660d526c3e40e20908a6361fafd8ffd2e024ecaf16e8b12ba1eb465a61f9753b6c4

Download Submit
C:\Windows\system\URUeBSZ.exe

Filesize
6.0MB

MD5
b125b20b7585580f2f79dea84d1742dd

SHA1
09dc6e47b965f8cf8e6f060f43fa79afe44a2d70

SHA256
b21b971a503c21e850f2349ab4daa010375419e533a71debb16d5d076f79ea03

SHA512
e9c5e5d8da3af37117b1b0663b7a956c5bbe9ef4caeee4ee70ba280201b3b8d16e23d4d30849d5bc855e9f2f1f3b0624f203330745c4f75484712e07cf7a503b

Download Submit
C:\Windows\system\bRsHAnW.exe

Filesize
6.0MB

MD5
f2254d0beee0c7e3c1566be9571d0d36

SHA1
d4b0b8d84562afbb52e4805cea4e1bf40d89062d

SHA256
aef888189fee85ccdea1bfd2d7138635b4adc55bf5319eb24f1b6f5e4dd86474

SHA512
9e60b320f7f6b238a2891162aab43a6f15caf5dae58ef04cd0cfdeac3799e7e35652816cb15b543a239aab8f03fd09fbddd664c505354eea48116cb3284a2f30

Download Submit
C:\Windows\system\fHGQBbo.exe

Filesize
6.0MB

MD5
7d0f550ae1704b1d7979de63e3bb3489

SHA1
8baedeb290ead7b6caabb90f4911ddaf844594ee

SHA256
f7cff0ed2abf1e7b8630aafd3f3b8e03bb6e9369388f411a6b53f5a9a66cf5e1

SHA512
b312aa694f476d2886f37d338d4f9495f02030dd3a2b53c4832e2bef2fd92240dd7b1a5c60eaebccbfa5740eb8e98d549daa9a9d666ee15da6249ca3a62e0df0

Download Submit
C:\Windows\system\gqElJPM.exe

Filesize
6.0MB

MD5
5311c100bb0f24072b1f09ccea00250f

SHA1
4eb5232e7353cea9bdfe59135b02457735583ff7

SHA256
dbe48fb34fbd3bac5ec78f4af0b394c9d8d774dbb4edca1cd5f4b30a58fd88d3

SHA512
da8f086c94e63cc9d7098d708580671285c668b026959cf35444d0a1b7258737fcbb6c5cc4fd586bafb7f697a6514f7b71098909f338d5fbd1eb230dcdbbe3b7

Download Submit
C:\Windows\system\iNKOrxT.exe

Filesize
6.0MB

MD5
7290c3d352953c4af39f83417fd07cc5

SHA1
80f5f5f52ee85515f4efc01ce371b71ab1451e59

SHA256
77fbe66ba22f8d0c10d71699492bd1e502776fb98894aba7760b7e730dcfbe3d

SHA512
b4fae708621177c5f49d1ab5f502fc116c1462b8cfd6b2f589b6e54318250d57ba8d9ce89488ee5f9ae1ba0e1315b757613d796c15ffa26361ec21f03a9b8565

Download Submit
C:\Windows\system\kTEvTqK.exe

Filesize
6.0MB

MD5
1d6f5fcd48d05093aa9b8e23fd20c0a4

SHA1
ff472be5c04a1b549559df33b2410b3c27207140

SHA256
f9408b99dbbf8f0c95c4ed977c5c863553c002ee6ba0088d92197e4e9678b220

SHA512
d25b736f401aece11f4463e723f7936b33b68cdc1e0dd118dc0868fa61411da4785df92c4a8797f5c7ad1ad21b1d6f5d85cf96a88971a03862daef0b1200efcc

Download Submit
C:\Windows\system\kuEpucb.exe

Filesize
6.0MB

MD5
d273bae184143125ec0a9022aba77c70

SHA1
1d8366ad13d60e9e7b7df41e642edefed422e524

SHA256
242a7fa4f8d89a9383537ad2da6cfebb80aeb0556ae6b83462d2e8cd5fb13c5f

SHA512
7fe4e788295eec141e4471a4012fc6c79bbacc736952a6527d9073ff7cda0de75713fffc0fc8d75e38c165fdc13f9b5b302b6b92b75bd4299a8bb6cf5a3020bc

Download Submit
C:\Windows\system\oynNUMu.exe

Filesize
6.0MB

MD5
882534d9320c04a7ce976d84c0780e14

SHA1
5b6c5ccfcb8a3fa5b6bd9cac3e4b2fb965409991

SHA256
45aa7d33627f2996096c0ed7582c438fafdf6a15c5f49dc1ca904079e798a71d

SHA512
9282d6b19e7f97f334bceb0289e3d93454710bb07ee1cdac6a56f439e9028ef31e29de2247573c2550a2f95de52130a7c6afa9c41e6d3624631ca1e8b0d9fbeb

Download Submit
C:\Windows\system\pGzAuib.exe

Filesize
6.0MB

MD5
f8b65c669f54355de89a54cd614c5e32

SHA1
5b9f08203f069c665e572d00ef7265256731b107

SHA256
6e4c6db229425e7281a53426968335263886426dab2af042c4f678671b85f39a

SHA512
6dd4bae06314872a3166835151d64085510978c0b3ab1a2cd977ab92003f3f89738f2872ee78e208aab4daaee6679a3d836f515acdaa035056bc410143fd95fc

Download Submit
C:\Windows\system\yxdfTML.exe

Filesize
6.0MB

MD5
b94d85ca817ea30cf8fa29dcc488479b

SHA1
021dafbdd392f7c7a441007766e040a33651ed32

SHA256
6360135ad65097529cdfcc34738d1073f1cbbc0bbebd06062d498f19f76df2cf

SHA512
ce9e5c746583870e98241834ba8e1c4d2add0968e8d05c65da2cf062a129772464ac46125ef63b9b95c08917beabee41d7e868f3da3350a0eae7807a01bb5de2

Download Submit
C:\Windows\system\zGzmtpr.exe

Filesize
6.0MB

MD5
d2a1f9f0b8c6a9e96bebbb006263bac0

SHA1
f7550babd0971342fc23cf7da6ea362579e97123

SHA256
9360bc71b08f10c78224fb81eb419bf7d361cbad3ea157130ac1ce74a57144da

SHA512
c16bd28f37649bb97963ab4a3f107d0c74ef140470932aec15dfbcbe88a9cf7156f986a2d094f17b62cc228da558f911d74cb3f33a5a93f11389dc1dc5731856

Download Submit
C:\Windows\system\zngyvSK.exe

Filesize
6.0MB

MD5
02da4cc506824d4a373ec2204c79824a

SHA1
992ef3961b8c592d644eb50bc8a75b6361e666e4

SHA256
9396e8c2f774540c22827454461bc185d5294c0d9bca7f128d395115d0ef1a28

SHA512
0e4eaeb95671ff15c47c3b0ac0ad8ca1bf3a88335d844792b91852bb9b43be2aeaa8572a1f9c120764ccffb1270c51319359d6ff682a237fab03a358934ae645

Download Submit
\Windows\system\EAoTjvV.exe

Filesize
6.0MB

MD5
845a293b972b50e4425340840b4faf7d

SHA1
3a0f7242f49a7f7f5fccc953ef6d48dd56c84b56

SHA256
127064a6a3485e37b921a463076e588aff7179b6c5653b499717484ffede0663

SHA512
693cc12a22263fb7fd1840c1892d1c95b7b370d0d80ef52ece3d2ff6954492d5bd198b11034a9c0b67954f653c134e1f8300324b75c9944249ccde6abfeb2804

Download Submit
\Windows\system\OTRTHTS.exe

Filesize
6.0MB

MD5
d0aa913464d4df92016d7bd48999e1ee

SHA1
11133c5b686565394c64f52a65097f0e1b7093a5

SHA256
c0427a0a12dd9fc58da56b3911b5585730592b7443142402c40618e680acb6c9

SHA512
d5f7411d2ebd49e312e544cd0dcb52f680d9b8e38a65f635763d0529d2ccf0c7684895ba08fb5091bbcce15e3d46c177f954a712284e16b8f267bffdafd2b7ab

Download Submit
\Windows\system\fTzUnaY.exe

Filesize
6.0MB

MD5
2b494e53723349eafdca6f7367db81f3

SHA1
5b4fc94847a35811cc8f1a281d3e96e8f11cc5f5

SHA256
03b991acffba3adca892950c793dd0e4678ef21e381a1f15ae77644282ceb90e

SHA512
05e736769c0ef12cf4a221cb766c965f47631a53e49d69e8d21b4c462ea85367aa8ed44bc58393007f7275af7e9f48997378b2d68ba06b324561995ae3c243a1

Download Submit
\Windows\system\gAPrnxr.exe

Filesize
6.0MB

MD5
2f43e08b4b68f472ba889160eb11eee8

SHA1
89c3e5c6b91444c42526166d02667145db399e68

SHA256
18a9f4dd9c8b4dc1bdf303ea141fdfc443bd9c5d15202bc3f082e00996f14a94

SHA512
a0d4ef5f6ad6ea6704504cfb647b9df36855f41795862668400c35221b31aa219c77d36bdcbc63f4f5c171db28456342084801454d083444b287ede67630a9e4

Download Submit
\Windows\system\gfbZeEI.exe

Filesize
6.0MB

MD5
70a0818294a8eb93e18bef93e5f0b707

SHA1
7725f1fb37fc59ff7e7e6760b8d5b51c0e4ccf36

SHA256
3e6827c9f68262955176e1cb0f4985d4da4ffa786aef8babedeee089d52863ef

SHA512
ae5ffc69475ae510bd6aa846dfae58cb1726d0be942f6f664ad89215bc559cdb63ce0b2da0df05228c48ae08ac5c0a177cd7fb02828d1126caed14c253a48ef5

Download Submit
\Windows\system\lrhpVZf.exe

Filesize
6.0MB

MD5
49f67a1f588fd41b70b3fc7327e3eb1b

SHA1
40548a24dcc2cca6dce02fdced38da6a76557cc9

SHA256
4ba5966fd3c7948d8ff706a8e9126852375a52b910ab8ddaf52e78806dcd85ed

SHA512
af30e5f5c9189c11dcd1a0b4cb3e16e27a9364a61f5042cadf5df8a8356d25a4ecac2c3d6a4f472515dc7ca05d630fc877da868e984bf3340b8fd5421ee0372d

Download Submit
\Windows\system\lvlPjKN.exe

Filesize
6.0MB

MD5
d8236f2086e1f42a3c50903d92edee30

SHA1
aecd207584345c542bf75f683e42689a4ce573ab

SHA256
0feed1c2eaaf40fe5f2240be4d2df8bdcdf9b06cfb698b59a2cefece78fdfd33

SHA512
66f9992f6f57bc4bbecccc96604e6cc81a157057f1dfd4ef51adcd4a166c40ced012b05cb46cebc6a053a92f027c8bce318530dd3ae56688c506c27e410e58c9

Download Submit
\Windows\system\pNOBWVl.exe

Filesize
6.0MB

MD5
947c22fe82d3bd26e1a77c17289ec65f

SHA1
78b68277a66c1118b3ea4836b8078e9690a25967

SHA256
0bf5017f034619f3b8764e3a0844ab7663363dd1015303b7866aa519b2f8c826

SHA512
2a84a137c804a21583c26308f4125f9445e6034e554e79b7d69f059fae3da306407b8a4b204bc1a6e60440060acacf3a9542b9b7173ec1b762e295124e7ae705

Download Submit
\Windows\system\rvZbVXj.exe

Filesize
6.0MB

MD5
681480a8cb4f9bcc0a4680c3091c8684

SHA1
7efc565dc7f5525bed83e314c92a081d8a2ffb8b

SHA256
74e3297f74faf63e76276bf5f7b88bcac3b65306640a2343718b1e290ef8f89d

SHA512
93ef39582379cc8bbbdbc32712ca5d1d8f31d2a7ce59865a3af5949d5e7831867d8e4204eb381d69bd5fce1e188e33ec0bf90a5420faecbdd8a19a74469c969c

Download Submit
\Windows\system\sbinxup.exe

Filesize
6.0MB

MD5
b86b3ef88d57932ac5332179aed3de40

SHA1
2edee45e762e23df7164305fb7f04e95aea270fd

SHA256
bf6f391c9ca22c5b6a01f6b575d37f63a6d2b9f41a8f8e00ca51a91f63e7727c

SHA512
3c12d1456384b8c9348029f530e20d34f2d69cef4ea1e367efa7e9f5febc6bc91d88355a6e08f9c344d6612b10af994cb0d7de262fd0850d3524c61b7a7f8cf3

Download Submit
\Windows\system\xWuQsbE.exe

Filesize
6.0MB

MD5
a4be8e4fdef2a0a9c52334aecb8bcc4c

SHA1
f126a7ed9b6ff6e15290046df796208a373692c9

SHA256
b2914cc35fc9c549f377f99da0fc980fa75d30a8dc3ae4268893b5ea8564bd20

SHA512
90d731f021e67b908ef568bc4daeeb711cd8c97ca657521a89d6a280dd15241c9f5a8691e82c79798f7cc5b4eea4bc1346e1e4f02d15c15e8301413c65b40e6c

Download Submit
\Windows\system\xcUgZNn.exe

Filesize
6.0MB

MD5
04c5575a78fb283590cd83a62ba802c7

SHA1
e0d8728f38962828fb92f6dacb99bc2afe30209e

SHA256
779f1d3474a4b69151d6f6b5e76c7b3841344b5cedf388c665e4539d443de430

SHA512
9e36ee6e0f4ef27c54e5fea9f2e8127e31ec8dd75321030ebb4fe5194d3693ea739cbad5e8c6edcbfb2cb9c165dd58ef4246df0823dd343183303f3bf1c53fcb

Download Submit
memory/628-59-0x000000013F8B0000-0x000000013FC04000-memory.dmp

Filesize
3.3MB

Download
memory/628-106-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/628-24-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/628-26-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/628-0-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/628-27-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/628-531-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/628-54-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/628-47-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/628-61-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/628-730-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/628-63-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/628-890-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/628-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/628-1072-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/628-122-0x000000013F550000-0x000000013F8A4000-memory.dmp

Filesize
3.3MB

Download
memory/628-121-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/628-119-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/628-118-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/628-89-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/628-83-0x000000013F5B0000-0x000000013F904000-memory.dmp

Filesize
3.3MB

Download
memory/628-17-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-23-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/1708-3694-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2128-3806-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2128-19-0x000000013F180000-0x000000013F4D4000-memory.dmp

Filesize
3.3MB

Download
memory/2224-3804-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2224-57-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2308-3652-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2308-833-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2308-29-0x000000013F0C0000-0x000000013F414000-memory.dmp

Filesize
3.3MB

Download
memory/2444-25-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-3805-0x000000013F760000-0x000000013FAB4000-memory.dmp

Filesize
3.3MB

Download
memory/2536-110-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2536-3803-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2620-3801-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2620-98-0x000000013F7C0000-0x000000013FB14000-memory.dmp

Filesize
3.3MB

Download
memory/2652-114-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2652-3800-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2896-3802-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2896-979-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/2896-109-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/3000-43-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/3000-3799-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/3040-3807-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/3040-68-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download