cobaltstrike | 16d0f7a93338f59d82b2d82afb89f39aebf4ca4f14faa283f5ac300c3555149a

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
18/11/2024, 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

bec95b6a2e8e42446105ec29810ee9dc
SHA1

e718201d01f467119b0b9b3682418e79139419bb
SHA256

16d0f7a93338f59d82b2d82afb89f39aebf4ca4f14faa283f5ac300c3555149a
SHA512

42fac1fb382edbc7d9ced18de7a951bbf4996c058341ca460becdd457e89c56d6d9f40b537d5c28f48b833915d87f3c15911a7b1c1e56377cda9163f5ec0a0db
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUt:T+q56utgpPF8u/7t

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00070000000120fb-3.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001956c-10.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019570-21.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001958e-23.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019604-42.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000195d6-35.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000019605-48.dat	cobalt_reflective_dll
behavioral1/files/0x00330000000194e9-55.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019606-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b3-67.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b5-72.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b9-80.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bb-83.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bd-88.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4bf-91.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c1-96.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c3-99.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c7-107.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cf-123.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4e0-156.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4de-151.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d9-144.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4db-147.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d7-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d5-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d3-131.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4d1-128.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cd-120.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4cb-115.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c9-112.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4c5-104.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a4b7-75.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2720-0-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x00070000000120fb-3.dat	xmrig
behavioral1/files/0x000700000001956c-10.dat	xmrig
behavioral1/memory/2832-22-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0006000000019570-21.dat	xmrig
behavioral1/memory/2828-20-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/files/0x000600000001958e-23.dat	xmrig
behavioral1/memory/2812-28-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/memory/2932-16-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2720-39-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/files/0x0006000000019604-42.dat	xmrig
behavioral1/memory/2748-36-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/memory/2584-43-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x00060000000195d6-35.dat	xmrig
behavioral1/memory/2720-40-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2720-8-0x000000013F2E0000-0x000000013F634000-memory.dmp	xmrig
behavioral1/memory/2932-45-0x000000013F670000-0x000000013F9C4000-memory.dmp	xmrig
behavioral1/memory/2832-46-0x000000013F480000-0x000000013F7D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000019605-48.dat	xmrig
behavioral1/memory/1496-54-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2812-51-0x000000013FE10000-0x0000000140164000-memory.dmp	xmrig
behavioral1/files/0x00330000000194e9-55.dat	xmrig
behavioral1/memory/2748-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp	xmrig
behavioral1/files/0x0007000000019606-64.dat	xmrig
behavioral1/files/0x000500000001a4b3-67.dat	xmrig
behavioral1/files/0x000500000001a4b5-72.dat	xmrig
behavioral1/files/0x000500000001a4b9-80.dat	xmrig
behavioral1/files/0x000500000001a4bb-83.dat	xmrig
behavioral1/files/0x000500000001a4bd-88.dat	xmrig
behavioral1/files/0x000500000001a4bf-91.dat	xmrig
behavioral1/files/0x000500000001a4c1-96.dat	xmrig
behavioral1/files/0x000500000001a4c3-99.dat	xmrig
behavioral1/files/0x000500000001a4c7-107.dat	xmrig
behavioral1/files/0x000500000001a4cf-123.dat	xmrig
behavioral1/memory/2548-604-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2264-606-0x000000013FD60000-0x00000001400B4000-memory.dmp	xmrig
behavioral1/memory/448-608-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2720-611-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2364-610-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/memory/1236-612-0x000000013F360000-0x000000013F6B4000-memory.dmp	xmrig
behavioral1/memory/2720-616-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/memory/2324-617-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2720-618-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/2856-614-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2584-787-0x000000013F100000-0x000000013F454000-memory.dmp	xmrig
behavioral1/files/0x000500000001a4e0-156.dat	xmrig
behavioral1/files/0x000500000001a4de-151.dat	xmrig
behavioral1/files/0x000500000001a4d9-144.dat	xmrig
behavioral1/files/0x000500000001a4db-147.dat	xmrig
behavioral1/files/0x000500000001a4d7-139.dat	xmrig
behavioral1/files/0x000500000001a4d5-136.dat	xmrig
behavioral1/files/0x000500000001a4d3-131.dat	xmrig
behavioral1/files/0x000500000001a4d1-128.dat	xmrig
behavioral1/files/0x000500000001a4cd-120.dat	xmrig
behavioral1/files/0x000500000001a4cb-115.dat	xmrig
behavioral1/files/0x000500000001a4c9-112.dat	xmrig
behavioral1/files/0x000500000001a4c5-104.dat	xmrig
behavioral1/files/0x000500000001a4b7-75.dat	xmrig
behavioral1/memory/2720-1371-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2720-1363-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/1496-1479-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2548-1604-0x000000013F540000-0x000000013F894000-memory.dmp	xmrig
behavioral1/memory/448-1610-0x000000013FC30000-0x000000013FF84000-memory.dmp	xmrig
behavioral1/memory/2364-1612-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2932	tBNUEyF.exe
2828	RYvtpLH.exe
2832	dyOKuPt.exe
2812	elYMchh.exe
2748	cvqrCbQ.exe
2584	HuwnTIz.exe
1496	LZBNixN.exe
2324	PFZOfrw.exe
2548	qKZcMWN.exe
2264	hXnkyQr.exe
448	iqdSFXa.exe
2364	UQclEBC.exe
1236	qzFaqom.exe
2856	NrFGGSD.exe
2288	SYQWvOp.exe
2560	RrDxdjF.exe
2112	qJlBsVF.exe
1976	EiZmLOl.exe
2872	VPKzWfW.exe
1920	VNffDfu.exe
1884	lvjHCal.exe
2240	GaybjtZ.exe
2332	BeOvLOa.exe
772	nVEXizt.exe
2252	QlKkJqH.exe
2268	ZZOulaW.exe
604	xgmHjVy.exe
2212	xcUbHIR.exe
1928	bDEIyEm.exe
1056	ETYbLwV.exe
2188	gIZLxYE.exe
812	ZELKLWA.exe
2092	cRtwEHa.exe
2484	bOMBUXu.exe
1568	IlfkxSC.exe
980	lkMxJsJ.exe
1808	uLnheNb.exe
1720	tbGqRFw.exe
652	hlUCiss.exe
1012	BPDkMQy.exe
2888	pAlqsmR.exe
1804	XDeEiiE.exe
1868	NRLcKCA.exe
1988	KMkLdss.exe
1744	iLCFfmk.exe
2452	SrBOBxQ.exe
1680	fcYdjGa.exe
1684	EyzQCAd.exe
272	oeopMui.exe
1912	SUmclJH.exe
3056	dYtakkF.exe
2296	BhCfSRt.exe
868	cqMPLur.exe
1996	LMVhGkn.exe
1852	rNXFdrm.exe
2456	yIMJZRP.exe
3028	WxXdpQC.exe
1880	HDRXutj.exe
712	EkofReP.exe
2504	FGQPzhL.exe
2540	dYZARXN.exe
964	hPCQMur.exe
1448	pkOcyhb.exe
2512	MJYPdSU.exe

Loads dropped DLL 64 IoCs

pid	Process
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2720-0-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x00070000000120fb-3.dat	upx
behavioral1/files/0x000700000001956c-10.dat	upx
behavioral1/memory/2832-22-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0006000000019570-21.dat	upx
behavioral1/memory/2828-20-0x000000013F2E0000-0x000000013F634000-memory.dmp	upx
behavioral1/files/0x000600000001958e-23.dat	upx
behavioral1/memory/2812-28-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2932-16-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2720-39-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/files/0x0006000000019604-42.dat	upx
behavioral1/memory/2748-36-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2584-43-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x00060000000195d6-35.dat	upx
behavioral1/memory/2932-45-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx
behavioral1/memory/2832-46-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/files/0x0008000000019605-48.dat	upx
behavioral1/memory/1496-54-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2812-51-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/files/0x00330000000194e9-55.dat	upx
behavioral1/memory/2748-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/files/0x0007000000019606-64.dat	upx
behavioral1/files/0x000500000001a4b3-67.dat	upx
behavioral1/files/0x000500000001a4b5-72.dat	upx
behavioral1/files/0x000500000001a4b9-80.dat	upx
behavioral1/files/0x000500000001a4bb-83.dat	upx
behavioral1/files/0x000500000001a4bd-88.dat	upx
behavioral1/files/0x000500000001a4bf-91.dat	upx
behavioral1/files/0x000500000001a4c1-96.dat	upx
behavioral1/files/0x000500000001a4c3-99.dat	upx
behavioral1/files/0x000500000001a4c7-107.dat	upx
behavioral1/files/0x000500000001a4cf-123.dat	upx
behavioral1/memory/2548-604-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/2264-606-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/448-608-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2364-610-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/1236-612-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2324-617-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2856-614-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2584-787-0x000000013F100000-0x000000013F454000-memory.dmp	upx
behavioral1/files/0x000500000001a4e0-156.dat	upx
behavioral1/files/0x000500000001a4de-151.dat	upx
behavioral1/files/0x000500000001a4d9-144.dat	upx
behavioral1/files/0x000500000001a4db-147.dat	upx
behavioral1/files/0x000500000001a4d7-139.dat	upx
behavioral1/files/0x000500000001a4d5-136.dat	upx
behavioral1/files/0x000500000001a4d3-131.dat	upx
behavioral1/files/0x000500000001a4d1-128.dat	upx
behavioral1/files/0x000500000001a4cd-120.dat	upx
behavioral1/files/0x000500000001a4cb-115.dat	upx
behavioral1/files/0x000500000001a4c9-112.dat	upx
behavioral1/files/0x000500000001a4c5-104.dat	upx
behavioral1/files/0x000500000001a4b7-75.dat	upx
behavioral1/memory/1496-1479-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2548-1604-0x000000013F540000-0x000000013F894000-memory.dmp	upx
behavioral1/memory/448-1610-0x000000013FC30000-0x000000013FF84000-memory.dmp	upx
behavioral1/memory/2364-1612-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2856-1616-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/1236-1614-0x000000013F360000-0x000000013F6B4000-memory.dmp	upx
behavioral1/memory/2264-1608-0x000000013FD60000-0x00000001400B4000-memory.dmp	upx
behavioral1/memory/2812-2593-0x000000013FE10000-0x0000000140164000-memory.dmp	upx
behavioral1/memory/2832-2594-0x000000013F480000-0x000000013F7D4000-memory.dmp	upx
behavioral1/memory/2748-2598-0x000000013FBD0000-0x000000013FF24000-memory.dmp	upx
behavioral1/memory/2932-2601-0x000000013F670000-0x000000013F9C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\mKuUXjv.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YbzlWnY.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ExPquWh.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWrSMVc.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sHKhvmS.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mHDjezB.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LMAKNHS.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiXYoNz.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yNLLjNy.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dGAbtVk.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tqQTnec.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JkIBgAj.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zBtUhWJ.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZpigCl.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AKaFmot.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fvhLUdn.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aeXITpU.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xcRLFNW.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zoCrYrv.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bXXpGpJ.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZsFyYbQ.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CYJimCY.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EJHByPK.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zKcpPjF.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IoUkFYu.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRVwruX.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zWVbKMC.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sNWrboG.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYeBGDe.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MMgxFeI.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pwBYlGd.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dMraMWo.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TzlUzEW.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uLnheNb.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQsjsex.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hrfhNJs.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TBhcrZk.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mWXgoGf.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PpqEmkm.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jtJCuhk.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gdiXEKV.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VuzIRqs.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByMANHG.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hfcLSme.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ybKEeYF.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MLklgma.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pvrMKgb.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KieLJKb.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vaokMJy.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zamUzDh.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCcxyrz.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rFFFevo.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dgiNFSc.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IMHQSCB.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HemItrE.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FttkWxD.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tfTfgvm.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lAdaCAB.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KXEEnLP.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZyvDoam.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JUmpPdN.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OlYpQUH.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fCcwBRE.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NAdZvka.exe	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2828	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2720 wrote to memory of 2828	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2720 wrote to memory of 2828	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2720 wrote to memory of 2932	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2720 wrote to memory of 2932	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2720 wrote to memory of 2932	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2720 wrote to memory of 2832	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2720 wrote to memory of 2832	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2720 wrote to memory of 2832	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2720 wrote to memory of 2812	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2720 wrote to memory of 2812	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2720 wrote to memory of 2812	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2720 wrote to memory of 2748	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2720 wrote to memory of 2748	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2720 wrote to memory of 2748	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2720 wrote to memory of 2584	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2720 wrote to memory of 2584	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2720 wrote to memory of 2584	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2720 wrote to memory of 1496	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2720 wrote to memory of 1496	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2720 wrote to memory of 1496	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2720 wrote to memory of 2324	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2720 wrote to memory of 2324	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2720 wrote to memory of 2324	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2720 wrote to memory of 2548	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2720 wrote to memory of 2548	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2720 wrote to memory of 2548	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2720 wrote to memory of 2264	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2720 wrote to memory of 2264	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2720 wrote to memory of 2264	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2720 wrote to memory of 448	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2720 wrote to memory of 448	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2720 wrote to memory of 448	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2720 wrote to memory of 2364	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2720 wrote to memory of 2364	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2720 wrote to memory of 2364	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2720 wrote to memory of 1236	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2720 wrote to memory of 1236	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2720 wrote to memory of 1236	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2720 wrote to memory of 2856	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2720 wrote to memory of 2856	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2720 wrote to memory of 2856	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2720 wrote to memory of 2288	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2720 wrote to memory of 2288	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2720 wrote to memory of 2288	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2720 wrote to memory of 2560	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2720 wrote to memory of 2560	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2720 wrote to memory of 2560	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2720 wrote to memory of 2112	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2720 wrote to memory of 2112	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2720 wrote to memory of 2112	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2720 wrote to memory of 1976	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2720 wrote to memory of 1976	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2720 wrote to memory of 1976	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2720 wrote to memory of 2872	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2720 wrote to memory of 2872	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2720 wrote to memory of 2872	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2720 wrote to memory of 1920	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2720 wrote to memory of 1920	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2720 wrote to memory of 1920	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2720 wrote to memory of 1884	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2720 wrote to memory of 1884	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2720 wrote to memory of 1884	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2720 wrote to memory of 2240	2720	2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-18_bec95b6a2e8e42446105ec29810ee9dc_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Windows\System\RYvtpLH.exe
  C:\Windows\System\RYvtpLH.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\tBNUEyF.exe
  C:\Windows\System\tBNUEyF.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\dyOKuPt.exe
  C:\Windows\System\dyOKuPt.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\elYMchh.exe
  C:\Windows\System\elYMchh.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\cvqrCbQ.exe
  C:\Windows\System\cvqrCbQ.exe
  2⤵
  - Executes dropped EXE
  PID:2748
- C:\Windows\System\HuwnTIz.exe
  C:\Windows\System\HuwnTIz.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\LZBNixN.exe
  C:\Windows\System\LZBNixN.exe
  2⤵
  - Executes dropped EXE
  PID:1496
- C:\Windows\System\PFZOfrw.exe
  C:\Windows\System\PFZOfrw.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\qKZcMWN.exe
  C:\Windows\System\qKZcMWN.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\hXnkyQr.exe
  C:\Windows\System\hXnkyQr.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\iqdSFXa.exe
  C:\Windows\System\iqdSFXa.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\UQclEBC.exe
  C:\Windows\System\UQclEBC.exe
  2⤵
  - Executes dropped EXE
  PID:2364
- C:\Windows\System\qzFaqom.exe
  C:\Windows\System\qzFaqom.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\NrFGGSD.exe
  C:\Windows\System\NrFGGSD.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\SYQWvOp.exe
  C:\Windows\System\SYQWvOp.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\RrDxdjF.exe
  C:\Windows\System\RrDxdjF.exe
  2⤵
  - Executes dropped EXE
  PID:2560
- C:\Windows\System\qJlBsVF.exe
  C:\Windows\System\qJlBsVF.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\EiZmLOl.exe
  C:\Windows\System\EiZmLOl.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\VPKzWfW.exe
  C:\Windows\System\VPKzWfW.exe
  2⤵
  - Executes dropped EXE
  PID:2872
- C:\Windows\System\VNffDfu.exe
  C:\Windows\System\VNffDfu.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\lvjHCal.exe
  C:\Windows\System\lvjHCal.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\GaybjtZ.exe
  C:\Windows\System\GaybjtZ.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\BeOvLOa.exe
  C:\Windows\System\BeOvLOa.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\nVEXizt.exe
  C:\Windows\System\nVEXizt.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Windows\System\QlKkJqH.exe
  C:\Windows\System\QlKkJqH.exe
  2⤵
  - Executes dropped EXE
  PID:2252
- C:\Windows\System\ZZOulaW.exe
  C:\Windows\System\ZZOulaW.exe
  2⤵
  - Executes dropped EXE
  PID:2268
- C:\Windows\System\xgmHjVy.exe
  C:\Windows\System\xgmHjVy.exe
  2⤵
  - Executes dropped EXE
  PID:604
- C:\Windows\System\xcUbHIR.exe
  C:\Windows\System\xcUbHIR.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\bDEIyEm.exe
  C:\Windows\System\bDEIyEm.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\ETYbLwV.exe
  C:\Windows\System\ETYbLwV.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\gIZLxYE.exe
  C:\Windows\System\gIZLxYE.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\ZELKLWA.exe
  C:\Windows\System\ZELKLWA.exe
  2⤵
  - Executes dropped EXE
  PID:812
- C:\Windows\System\cRtwEHa.exe
  C:\Windows\System\cRtwEHa.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\bOMBUXu.exe
  C:\Windows\System\bOMBUXu.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\IlfkxSC.exe
  C:\Windows\System\IlfkxSC.exe
  2⤵
  - Executes dropped EXE
  PID:1568
- C:\Windows\System\lkMxJsJ.exe
  C:\Windows\System\lkMxJsJ.exe
  2⤵
  - Executes dropped EXE
  PID:980
- C:\Windows\System\uLnheNb.exe
  C:\Windows\System\uLnheNb.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\tbGqRFw.exe
  C:\Windows\System\tbGqRFw.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\hlUCiss.exe
  C:\Windows\System\hlUCiss.exe
  2⤵
  - Executes dropped EXE
  PID:652
- C:\Windows\System\BPDkMQy.exe
  C:\Windows\System\BPDkMQy.exe
  2⤵
  - Executes dropped EXE
  PID:1012
- C:\Windows\System\pAlqsmR.exe
  C:\Windows\System\pAlqsmR.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\XDeEiiE.exe
  C:\Windows\System\XDeEiiE.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\NRLcKCA.exe
  C:\Windows\System\NRLcKCA.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\KMkLdss.exe
  C:\Windows\System\KMkLdss.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\iLCFfmk.exe
  C:\Windows\System\iLCFfmk.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\SrBOBxQ.exe
  C:\Windows\System\SrBOBxQ.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\fcYdjGa.exe
  C:\Windows\System\fcYdjGa.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\EyzQCAd.exe
  C:\Windows\System\EyzQCAd.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\oeopMui.exe
  C:\Windows\System\oeopMui.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\SUmclJH.exe
  C:\Windows\System\SUmclJH.exe
  2⤵
  - Executes dropped EXE
  PID:1912
- C:\Windows\System\dYtakkF.exe
  C:\Windows\System\dYtakkF.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\BhCfSRt.exe
  C:\Windows\System\BhCfSRt.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\cqMPLur.exe
  C:\Windows\System\cqMPLur.exe
  2⤵
  - Executes dropped EXE
  PID:868
- C:\Windows\System\LMVhGkn.exe
  C:\Windows\System\LMVhGkn.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\rNXFdrm.exe
  C:\Windows\System\rNXFdrm.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\yIMJZRP.exe
  C:\Windows\System\yIMJZRP.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\WxXdpQC.exe
  C:\Windows\System\WxXdpQC.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\HDRXutj.exe
  C:\Windows\System\HDRXutj.exe
  2⤵
  - Executes dropped EXE
  PID:1880
- C:\Windows\System\EkofReP.exe
  C:\Windows\System\EkofReP.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\FGQPzhL.exe
  C:\Windows\System\FGQPzhL.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\dYZARXN.exe
  C:\Windows\System\dYZARXN.exe
  2⤵
  - Executes dropped EXE
  PID:2540
- C:\Windows\System\hPCQMur.exe
  C:\Windows\System\hPCQMur.exe
  2⤵
  - Executes dropped EXE
  PID:964
- C:\Windows\System\pkOcyhb.exe
  C:\Windows\System\pkOcyhb.exe
  2⤵
  - Executes dropped EXE
  PID:1448
- C:\Windows\System\MJYPdSU.exe
  C:\Windows\System\MJYPdSU.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\nwbISaZ.exe
  C:\Windows\System\nwbISaZ.exe
  2⤵
  PID:2984
- C:\Windows\System\fCTZNEO.exe
  C:\Windows\System\fCTZNEO.exe
  2⤵
  PID:2980
- C:\Windows\System\VDrcVtR.exe
  C:\Windows\System\VDrcVtR.exe
  2⤵
  PID:2792
- C:\Windows\System\kYFbVLV.exe
  C:\Windows\System\kYFbVLV.exe
  2⤵
  PID:1556
- C:\Windows\System\KBZFGpe.exe
  C:\Windows\System\KBZFGpe.exe
  2⤵
  PID:2708
- C:\Windows\System\qzEPzmB.exe
  C:\Windows\System\qzEPzmB.exe
  2⤵
  PID:2844
- C:\Windows\System\DCDAlUC.exe
  C:\Windows\System\DCDAlUC.exe
  2⤵
  PID:2740
- C:\Windows\System\QSneYGE.exe
  C:\Windows\System\QSneYGE.exe
  2⤵
  PID:2688
- C:\Windows\System\KybDROW.exe
  C:\Windows\System\KybDROW.exe
  2⤵
  PID:2652
- C:\Windows\System\GQCrdwN.exe
  C:\Windows\System\GQCrdwN.exe
  2⤵
  PID:2712
- C:\Windows\System\eyIkkfb.exe
  C:\Windows\System\eyIkkfb.exe
  2⤵
  PID:2912
- C:\Windows\System\cCAtkNc.exe
  C:\Windows\System\cCAtkNc.exe
  2⤵
  PID:2648
- C:\Windows\System\dWVKOcI.exe
  C:\Windows\System\dWVKOcI.exe
  2⤵
  PID:2944
- C:\Windows\System\lQmNtQZ.exe
  C:\Windows\System\lQmNtQZ.exe
  2⤵
  PID:2728
- C:\Windows\System\TEyfUgh.exe
  C:\Windows\System\TEyfUgh.exe
  2⤵
  PID:2900
- C:\Windows\System\zIgSNub.exe
  C:\Windows\System\zIgSNub.exe
  2⤵
  PID:2840
- C:\Windows\System\BkfuRoM.exe
  C:\Windows\System\BkfuRoM.exe
  2⤵
  PID:276
- C:\Windows\System\ZyrSDdh.exe
  C:\Windows\System\ZyrSDdh.exe
  2⤵
  PID:2060
- C:\Windows\System\HBVulmP.exe
  C:\Windows\System\HBVulmP.exe
  2⤵
  PID:2376
- C:\Windows\System\raAOGsx.exe
  C:\Windows\System\raAOGsx.exe
  2⤵
  PID:2216
- C:\Windows\System\eUpHQHl.exe
  C:\Windows\System\eUpHQHl.exe
  2⤵
  PID:284
- C:\Windows\System\iGDiGHD.exe
  C:\Windows\System\iGDiGHD.exe
  2⤵
  PID:2016
- C:\Windows\System\QINSfRT.exe
  C:\Windows\System\QINSfRT.exe
  2⤵
  PID:2080
- C:\Windows\System\ENWtSyT.exe
  C:\Windows\System\ENWtSyT.exe
  2⤵
  PID:1892
- C:\Windows\System\XCLCjrQ.exe
  C:\Windows\System\XCLCjrQ.exe
  2⤵
  PID:1124
- C:\Windows\System\MMihbXs.exe
  C:\Windows\System\MMihbXs.exe
  2⤵
  PID:540
- C:\Windows\System\mguVSvu.exe
  C:\Windows\System\mguVSvu.exe
  2⤵
  PID:2392
- C:\Windows\System\PyqqQmI.exe
  C:\Windows\System\PyqqQmI.exe
  2⤵
  PID:860
- C:\Windows\System\HGQYsYb.exe
  C:\Windows\System\HGQYsYb.exe
  2⤵
  PID:2520
- C:\Windows\System\DJoyOKU.exe
  C:\Windows\System\DJoyOKU.exe
  2⤵
  PID:1936
- C:\Windows\System\OfBfWNF.exe
  C:\Windows\System\OfBfWNF.exe
  2⤵
  PID:2228
- C:\Windows\System\dLUqMod.exe
  C:\Windows\System\dLUqMod.exe
  2⤵
  PID:2056
- C:\Windows\System\jyWCPAo.exe
  C:\Windows\System\jyWCPAo.exe
  2⤵
  PID:1576
- C:\Windows\System\ucoCYwX.exe
  C:\Windows\System\ucoCYwX.exe
  2⤵
  PID:2260
- C:\Windows\System\aofSPWy.exe
  C:\Windows\System\aofSPWy.exe
  2⤵
  PID:304
- C:\Windows\System\cQPuwFg.exe
  C:\Windows\System\cQPuwFg.exe
  2⤵
  PID:1288
- C:\Windows\System\HgKdDcq.exe
  C:\Windows\System\HgKdDcq.exe
  2⤵
  PID:1676
- C:\Windows\System\MmuqfNw.exe
  C:\Windows\System\MmuqfNw.exe
  2⤵
  PID:1748
- C:\Windows\System\ZVBvBCN.exe
  C:\Windows\System\ZVBvBCN.exe
  2⤵
  PID:2200
- C:\Windows\System\nFkLcFK.exe
  C:\Windows\System\nFkLcFK.exe
  2⤵
  PID:2508
- C:\Windows\System\ZYPaFGm.exe
  C:\Windows\System\ZYPaFGm.exe
  2⤵
  PID:1128
- C:\Windows\System\VxmlVGQ.exe
  C:\Windows\System\VxmlVGQ.exe
  2⤵
  PID:2104
- C:\Windows\System\REiIrra.exe
  C:\Windows\System\REiIrra.exe
  2⤵
  PID:1740
- C:\Windows\System\hNjEmgX.exe
  C:\Windows\System\hNjEmgX.exe
  2⤵
  PID:1560
- C:\Windows\System\QYkGqFh.exe
  C:\Windows\System\QYkGqFh.exe
  2⤵
  PID:1444
- C:\Windows\System\pfJaQOn.exe
  C:\Windows\System\pfJaQOn.exe
  2⤵
  PID:908
- C:\Windows\System\BMDNROh.exe
  C:\Windows\System\BMDNROh.exe
  2⤵
  PID:2996
- C:\Windows\System\JGZgSkl.exe
  C:\Windows\System\JGZgSkl.exe
  2⤵
  PID:2824
- C:\Windows\System\xzYWbjQ.exe
  C:\Windows\System\xzYWbjQ.exe
  2⤵
  PID:2360
- C:\Windows\System\eyeoUmj.exe
  C:\Windows\System\eyeoUmj.exe
  2⤵
  PID:3012
- C:\Windows\System\KMHVaKB.exe
  C:\Windows\System\KMHVaKB.exe
  2⤵
  PID:2892
- C:\Windows\System\znkpvnX.exe
  C:\Windows\System\znkpvnX.exe
  2⤵
  PID:580
- C:\Windows\System\suzxqEB.exe
  C:\Windows\System\suzxqEB.exe
  2⤵
  PID:2796
- C:\Windows\System\wFozYQQ.exe
  C:\Windows\System\wFozYQQ.exe
  2⤵
  PID:2620
- C:\Windows\System\hqSZxDZ.exe
  C:\Windows\System\hqSZxDZ.exe
  2⤵
  PID:1956
- C:\Windows\System\MelAoDW.exe
  C:\Windows\System\MelAoDW.exe
  2⤵
  PID:2480
- C:\Windows\System\MNYwvgh.exe
  C:\Windows\System\MNYwvgh.exe
  2⤵
  PID:2864
- C:\Windows\System\iGSZtfW.exe
  C:\Windows\System\iGSZtfW.exe
  2⤵
  PID:1872
- C:\Windows\System\JENHKUx.exe
  C:\Windows\System\JENHKUx.exe
  2⤵
  PID:696
- C:\Windows\System\nCCwJKC.exe
  C:\Windows\System\nCCwJKC.exe
  2⤵
  PID:1704
- C:\Windows\System\zVPQSyV.exe
  C:\Windows\System\zVPQSyV.exe
  2⤵
  PID:2336
- C:\Windows\System\nDtELwn.exe
  C:\Windows\System\nDtELwn.exe
  2⤵
  PID:1308
- C:\Windows\System\YsIXAou.exe
  C:\Windows\System\YsIXAou.exe
  2⤵
  PID:976
- C:\Windows\System\tkmdgBa.exe
  C:\Windows\System\tkmdgBa.exe
  2⤵
  PID:904
- C:\Windows\System\DaqBLlt.exe
  C:\Windows\System\DaqBLlt.exe
  2⤵
  PID:1216
- C:\Windows\System\RCZqwwu.exe
  C:\Windows\System\RCZqwwu.exe
  2⤵
  PID:2492
- C:\Windows\System\SgWyWkE.exe
  C:\Windows\System\SgWyWkE.exe
  2⤵
  PID:1224
- C:\Windows\System\AGNjCZb.exe
  C:\Windows\System\AGNjCZb.exe
  2⤵
  PID:3032
- C:\Windows\System\fiqbQRn.exe
  C:\Windows\System\fiqbQRn.exe
  2⤵
  PID:1548
- C:\Windows\System\vSSaPrD.exe
  C:\Windows\System\vSSaPrD.exe
  2⤵
  PID:2800
- C:\Windows\System\CBDWLXn.exe
  C:\Windows\System\CBDWLXn.exe
  2⤵
  PID:2772
- C:\Windows\System\kWOSjKs.exe
  C:\Windows\System\kWOSjKs.exe
  2⤵
  PID:2164
- C:\Windows\System\FttkWxD.exe
  C:\Windows\System\FttkWxD.exe
  2⤵
  PID:2960
- C:\Windows\System\DdnmRoa.exe
  C:\Windows\System\DdnmRoa.exe
  2⤵
  PID:2676
- C:\Windows\System\VIsCexC.exe
  C:\Windows\System\VIsCexC.exe
  2⤵
  PID:2556
- C:\Windows\System\ydyLtFb.exe
  C:\Windows\System\ydyLtFb.exe
  2⤵
  PID:264
- C:\Windows\System\dhVHQpF.exe
  C:\Windows\System\dhVHQpF.exe
  2⤵
  PID:1564
- C:\Windows\System\PKmXrxk.exe
  C:\Windows\System\PKmXrxk.exe
  2⤵
  PID:2544
- C:\Windows\System\uBrzMBe.exe
  C:\Windows\System\uBrzMBe.exe
  2⤵
  PID:288
- C:\Windows\System\MgzYOqN.exe
  C:\Windows\System\MgzYOqN.exe
  2⤵
  PID:2072
- C:\Windows\System\HtXyKTo.exe
  C:\Windows\System\HtXyKTo.exe
  2⤵
  PID:2916
- C:\Windows\System\TbqClps.exe
  C:\Windows\System\TbqClps.exe
  2⤵
  PID:2616
- C:\Windows\System\iYydzMj.exe
  C:\Windows\System\iYydzMj.exe
  2⤵
  PID:2952
- C:\Windows\System\SxQPdnx.exe
  C:\Windows\System\SxQPdnx.exe
  2⤵
  PID:2004
- C:\Windows\System\zAZfzWQ.exe
  C:\Windows\System\zAZfzWQ.exe
  2⤵
  PID:3084
- C:\Windows\System\UdjDuNp.exe
  C:\Windows\System\UdjDuNp.exe
  2⤵
  PID:3100
- C:\Windows\System\dbIgStq.exe
  C:\Windows\System\dbIgStq.exe
  2⤵
  PID:3116
- C:\Windows\System\QtmFPrt.exe
  C:\Windows\System\QtmFPrt.exe
  2⤵
  PID:3132
- C:\Windows\System\NxEXxcr.exe
  C:\Windows\System\NxEXxcr.exe
  2⤵
  PID:3148
- C:\Windows\System\mVwBbNt.exe
  C:\Windows\System\mVwBbNt.exe
  2⤵
  PID:3164
- C:\Windows\System\PwjIbOS.exe
  C:\Windows\System\PwjIbOS.exe
  2⤵
  PID:3180
- C:\Windows\System\wqjUFvx.exe
  C:\Windows\System\wqjUFvx.exe
  2⤵
  PID:3196
- C:\Windows\System\XdUoMOj.exe
  C:\Windows\System\XdUoMOj.exe
  2⤵
  PID:3212
- C:\Windows\System\TorHahR.exe
  C:\Windows\System\TorHahR.exe
  2⤵
  PID:3228
- C:\Windows\System\fTThKCK.exe
  C:\Windows\System\fTThKCK.exe
  2⤵
  PID:3244
- C:\Windows\System\qTyWnIE.exe
  C:\Windows\System\qTyWnIE.exe
  2⤵
  PID:3260
- C:\Windows\System\Eovaily.exe
  C:\Windows\System\Eovaily.exe
  2⤵
  PID:3276
- C:\Windows\System\SKhQyLy.exe
  C:\Windows\System\SKhQyLy.exe
  2⤵
  PID:3296
- C:\Windows\System\tusQPMB.exe
  C:\Windows\System\tusQPMB.exe
  2⤵
  PID:3312
- C:\Windows\System\xmkyXwF.exe
  C:\Windows\System\xmkyXwF.exe
  2⤵
  PID:3328
- C:\Windows\System\hOjqyld.exe
  C:\Windows\System\hOjqyld.exe
  2⤵
  PID:3344
- C:\Windows\System\aWCfZNZ.exe
  C:\Windows\System\aWCfZNZ.exe
  2⤵
  PID:3360
- C:\Windows\System\DukOUBT.exe
  C:\Windows\System\DukOUBT.exe
  2⤵
  PID:3376
- C:\Windows\System\ybKEeYF.exe
  C:\Windows\System\ybKEeYF.exe
  2⤵
  PID:3392
- C:\Windows\System\DppRuhE.exe
  C:\Windows\System\DppRuhE.exe
  2⤵
  PID:3408
- C:\Windows\System\ytDDHfD.exe
  C:\Windows\System\ytDDHfD.exe
  2⤵
  PID:3424
- C:\Windows\System\crztWxg.exe
  C:\Windows\System\crztWxg.exe
  2⤵
  PID:3440
- C:\Windows\System\zWVbKMC.exe
  C:\Windows\System\zWVbKMC.exe
  2⤵
  PID:3456
- C:\Windows\System\yNLLjNy.exe
  C:\Windows\System\yNLLjNy.exe
  2⤵
  PID:3472
- C:\Windows\System\vMtNjAz.exe
  C:\Windows\System\vMtNjAz.exe
  2⤵
  PID:3488
- C:\Windows\System\xqalANF.exe
  C:\Windows\System\xqalANF.exe
  2⤵
  PID:3504
- C:\Windows\System\fCcwBRE.exe
  C:\Windows\System\fCcwBRE.exe
  2⤵
  PID:3520
- C:\Windows\System\gpqxqEq.exe
  C:\Windows\System\gpqxqEq.exe
  2⤵
  PID:3536
- C:\Windows\System\WMwhJBF.exe
  C:\Windows\System\WMwhJBF.exe
  2⤵
  PID:3552
- C:\Windows\System\DtzJrjt.exe
  C:\Windows\System\DtzJrjt.exe
  2⤵
  PID:3568
- C:\Windows\System\UmydkFF.exe
  C:\Windows\System\UmydkFF.exe
  2⤵
  PID:3584
- C:\Windows\System\JybsfMy.exe
  C:\Windows\System\JybsfMy.exe
  2⤵
  PID:3600
- C:\Windows\System\zpaLyvh.exe
  C:\Windows\System\zpaLyvh.exe
  2⤵
  PID:3616
- C:\Windows\System\qgNosmU.exe
  C:\Windows\System\qgNosmU.exe
  2⤵
  PID:3632
- C:\Windows\System\XkDncyz.exe
  C:\Windows\System\XkDncyz.exe
  2⤵
  PID:3648
- C:\Windows\System\dGAbtVk.exe
  C:\Windows\System\dGAbtVk.exe
  2⤵
  PID:3664
- C:\Windows\System\EThvpaZ.exe
  C:\Windows\System\EThvpaZ.exe
  2⤵
  PID:3680
- C:\Windows\System\dXeUEEq.exe
  C:\Windows\System\dXeUEEq.exe
  2⤵
  PID:3696
- C:\Windows\System\mVrbaTL.exe
  C:\Windows\System\mVrbaTL.exe
  2⤵
  PID:3716
- C:\Windows\System\ZZvoSvQ.exe
  C:\Windows\System\ZZvoSvQ.exe
  2⤵
  PID:3732
- C:\Windows\System\jBEyzrY.exe
  C:\Windows\System\jBEyzrY.exe
  2⤵
  PID:3748
- C:\Windows\System\apkJzLa.exe
  C:\Windows\System\apkJzLa.exe
  2⤵
  PID:3764
- C:\Windows\System\JrYPwiP.exe
  C:\Windows\System\JrYPwiP.exe
  2⤵
  PID:3780
- C:\Windows\System\SZtxknG.exe
  C:\Windows\System\SZtxknG.exe
  2⤵
  PID:3796
- C:\Windows\System\zyhMOZp.exe
  C:\Windows\System\zyhMOZp.exe
  2⤵
  PID:3812
- C:\Windows\System\jACZWEn.exe
  C:\Windows\System\jACZWEn.exe
  2⤵
  PID:3828
- C:\Windows\System\uYMjPqa.exe
  C:\Windows\System\uYMjPqa.exe
  2⤵
  PID:3844
- C:\Windows\System\NnvltOs.exe
  C:\Windows\System\NnvltOs.exe
  2⤵
  PID:3860
- C:\Windows\System\aDbrbVL.exe
  C:\Windows\System\aDbrbVL.exe
  2⤵
  PID:3876
- C:\Windows\System\ntSWKgi.exe
  C:\Windows\System\ntSWKgi.exe
  2⤵
  PID:3892
- C:\Windows\System\hKyCkAW.exe
  C:\Windows\System\hKyCkAW.exe
  2⤵
  PID:3908
- C:\Windows\System\WoOYHlK.exe
  C:\Windows\System\WoOYHlK.exe
  2⤵
  PID:3924
- C:\Windows\System\dCEXfXT.exe
  C:\Windows\System\dCEXfXT.exe
  2⤵
  PID:3940
- C:\Windows\System\GrxFqAt.exe
  C:\Windows\System\GrxFqAt.exe
  2⤵
  PID:3956
- C:\Windows\System\PxsgltM.exe
  C:\Windows\System\PxsgltM.exe
  2⤵
  PID:3972
- C:\Windows\System\NjjRUgl.exe
  C:\Windows\System\NjjRUgl.exe
  2⤵
  PID:3988
- C:\Windows\System\MChTWGt.exe
  C:\Windows\System\MChTWGt.exe
  2⤵
  PID:4004
- C:\Windows\System\bwjuJxA.exe
  C:\Windows\System\bwjuJxA.exe
  2⤵
  PID:4020
- C:\Windows\System\aEGfqUq.exe
  C:\Windows\System\aEGfqUq.exe
  2⤵
  PID:4036
- C:\Windows\System\bkMAgeN.exe
  C:\Windows\System\bkMAgeN.exe
  2⤵
  PID:4052
- C:\Windows\System\tWWklXO.exe
  C:\Windows\System\tWWklXO.exe
  2⤵
  PID:4068
- C:\Windows\System\NioxLfS.exe
  C:\Windows\System\NioxLfS.exe
  2⤵
  PID:4088
- C:\Windows\System\YdfrYXm.exe
  C:\Windows\System\YdfrYXm.exe
  2⤵
  PID:1904
- C:\Windows\System\YEhYZry.exe
  C:\Windows\System\YEhYZry.exe
  2⤵
  PID:2940
- C:\Windows\System\VhDTWWt.exe
  C:\Windows\System\VhDTWWt.exe
  2⤵
  PID:1616
- C:\Windows\System\AUSgqXy.exe
  C:\Windows\System\AUSgqXy.exe
  2⤵
  PID:2400
- C:\Windows\System\llWwPZf.exe
  C:\Windows\System\llWwPZf.exe
  2⤵
  PID:3080
- C:\Windows\System\gdEPfgD.exe
  C:\Windows\System\gdEPfgD.exe
  2⤵
  PID:3096
- C:\Windows\System\ZrnGphp.exe
  C:\Windows\System\ZrnGphp.exe
  2⤵
  PID:3140
- C:\Windows\System\ErOzLax.exe
  C:\Windows\System\ErOzLax.exe
  2⤵
  PID:3160
- C:\Windows\System\HnExfYy.exe
  C:\Windows\System\HnExfYy.exe
  2⤵
  PID:3192
- C:\Windows\System\DnuZPRu.exe
  C:\Windows\System\DnuZPRu.exe
  2⤵
  PID:3236
- C:\Windows\System\aEdbeOm.exe
  C:\Windows\System\aEdbeOm.exe
  2⤵
  PID:3256
- C:\Windows\System\iCVPXfV.exe
  C:\Windows\System\iCVPXfV.exe
  2⤵
  PID:3304
- C:\Windows\System\jekCFyX.exe
  C:\Windows\System\jekCFyX.exe
  2⤵
  PID:3340
- C:\Windows\System\UwXRNRN.exe
  C:\Windows\System\UwXRNRN.exe
  2⤵
  PID:3372
- C:\Windows\System\CogirHl.exe
  C:\Windows\System\CogirHl.exe
  2⤵
  PID:3404
- C:\Windows\System\YoXIdQT.exe
  C:\Windows\System\YoXIdQT.exe
  2⤵
  PID:3420
- C:\Windows\System\sZBlDsG.exe
  C:\Windows\System\sZBlDsG.exe
  2⤵
  PID:3468
- C:\Windows\System\ffxvUnX.exe
  C:\Windows\System\ffxvUnX.exe
  2⤵
  PID:3500
- C:\Windows\System\efFAjIH.exe
  C:\Windows\System\efFAjIH.exe
  2⤵
  PID:3528
- C:\Windows\System\WavYnCa.exe
  C:\Windows\System\WavYnCa.exe
  2⤵
  PID:3560
- C:\Windows\System\NlcVudL.exe
  C:\Windows\System\NlcVudL.exe
  2⤵
  PID:3592
- C:\Windows\System\nrZGTEo.exe
  C:\Windows\System\nrZGTEo.exe
  2⤵
  PID:3624
- C:\Windows\System\wiauaal.exe
  C:\Windows\System\wiauaal.exe
  2⤵
  PID:3656
- C:\Windows\System\JJtOWFk.exe
  C:\Windows\System\JJtOWFk.exe
  2⤵
  PID:3676
- C:\Windows\System\GSymTsT.exe
  C:\Windows\System\GSymTsT.exe
  2⤵
  PID:3724
- C:\Windows\System\wxjNOiN.exe
  C:\Windows\System\wxjNOiN.exe
  2⤵
  PID:3756
- C:\Windows\System\irgftAD.exe
  C:\Windows\System\irgftAD.exe
  2⤵
  PID:3772
- C:\Windows\System\cqfTXTG.exe
  C:\Windows\System\cqfTXTG.exe
  2⤵
  PID:3820
- C:\Windows\System\ZygRmIv.exe
  C:\Windows\System\ZygRmIv.exe
  2⤵
  PID:3836
- C:\Windows\System\twADOUW.exe
  C:\Windows\System\twADOUW.exe
  2⤵
  PID:3868
- C:\Windows\System\WySGYuv.exe
  C:\Windows\System\WySGYuv.exe
  2⤵
  PID:3900
- C:\Windows\System\UdDCqtL.exe
  C:\Windows\System\UdDCqtL.exe
  2⤵
  PID:3932
- C:\Windows\System\LXftOqJ.exe
  C:\Windows\System\LXftOqJ.exe
  2⤵
  PID:3964
- C:\Windows\System\iWcTOqp.exe
  C:\Windows\System\iWcTOqp.exe
  2⤵
  PID:3996
- C:\Windows\System\hiSCYmn.exe
  C:\Windows\System\hiSCYmn.exe
  2⤵
  PID:4028
- C:\Windows\System\YbOGgdI.exe
  C:\Windows\System\YbOGgdI.exe
  2⤵
  PID:4076
- C:\Windows\System\ypWADLU.exe
  C:\Windows\System\ypWADLU.exe
  2⤵
  PID:1540
- C:\Windows\System\XBTbDJA.exe
  C:\Windows\System\XBTbDJA.exe
  2⤵
  PID:2640
- C:\Windows\System\DlkeIuK.exe
  C:\Windows\System\DlkeIuK.exe
  2⤵
  PID:2408
- C:\Windows\System\DyplMpj.exe
  C:\Windows\System\DyplMpj.exe
  2⤵
  PID:3156
- C:\Windows\System\coOFoYp.exe
  C:\Windows\System\coOFoYp.exe
  2⤵
  PID:3204
- C:\Windows\System\rFLhLBr.exe
  C:\Windows\System\rFLhLBr.exe
  2⤵
  PID:3268
- C:\Windows\System\ZNdIfcf.exe
  C:\Windows\System\ZNdIfcf.exe
  2⤵
  PID:3320
- C:\Windows\System\SAbOumD.exe
  C:\Windows\System\SAbOumD.exe
  2⤵
  PID:3368
- C:\Windows\System\WKXeaMk.exe
  C:\Windows\System\WKXeaMk.exe
  2⤵
  PID:3432
- C:\Windows\System\CWerKak.exe
  C:\Windows\System\CWerKak.exe
  2⤵
  PID:4392
- C:\Windows\System\hFKXhAn.exe
  C:\Windows\System\hFKXhAn.exe
  2⤵
  PID:4408
- C:\Windows\System\sMLpHXA.exe
  C:\Windows\System\sMLpHXA.exe
  2⤵
  PID:4704
- C:\Windows\System\rhbNVQe.exe
  C:\Windows\System\rhbNVQe.exe
  2⤵
  PID:4720
- C:\Windows\System\zABRPpv.exe
  C:\Windows\System\zABRPpv.exe
  2⤵
  PID:4748
- C:\Windows\System\vJUTjuX.exe
  C:\Windows\System\vJUTjuX.exe
  2⤵
  PID:4768
- C:\Windows\System\uLciRSF.exe
  C:\Windows\System\uLciRSF.exe
  2⤵
  PID:4892
- C:\Windows\System\JhokkvH.exe
  C:\Windows\System\JhokkvH.exe
  2⤵
  PID:5016
- C:\Windows\System\BaSCYIm.exe
  C:\Windows\System\BaSCYIm.exe
  2⤵
  PID:5056
- C:\Windows\System\juzgQfi.exe
  C:\Windows\System\juzgQfi.exe
  2⤵
  PID:5076
- C:\Windows\System\uFjNogU.exe
  C:\Windows\System\uFjNogU.exe
  2⤵
  PID:5096
- C:\Windows\System\VUkcCNl.exe
  C:\Windows\System\VUkcCNl.exe
  2⤵
  PID:5116
- C:\Windows\System\ihCjaso.exe
  C:\Windows\System\ihCjaso.exe
  2⤵
  PID:3792
- C:\Windows\System\eEQSNze.exe
  C:\Windows\System\eEQSNze.exe
  2⤵
  PID:3856
- C:\Windows\System\HwGvlWY.exe
  C:\Windows\System\HwGvlWY.exe
  2⤵
  PID:3936
- C:\Windows\System\IAjywUr.exe
  C:\Windows\System\IAjywUr.exe
  2⤵
  PID:3952
- C:\Windows\System\ZpzFZID.exe
  C:\Windows\System\ZpzFZID.exe
  2⤵
  PID:3076
- C:\Windows\System\PqotfWL.exe
  C:\Windows\System\PqotfWL.exe
  2⤵
  PID:2020
- C:\Windows\System\koIesQo.exe
  C:\Windows\System\koIesQo.exe
  2⤵
  PID:2204
- C:\Windows\System\cSdeUGJ.exe
  C:\Windows\System\cSdeUGJ.exe
  2⤵
  PID:3920
- C:\Windows\System\wUXlxFD.exe
  C:\Windows\System\wUXlxFD.exe
  2⤵
  PID:2552
- C:\Windows\System\njRtTvW.exe
  C:\Windows\System\njRtTvW.exe
  2⤵
  PID:1340
- C:\Windows\System\VCYfqeX.exe
  C:\Windows\System\VCYfqeX.exe
  2⤵
  PID:4104
- C:\Windows\System\KkMxZYL.exe
  C:\Windows\System\KkMxZYL.exe
  2⤵
  PID:4124
- C:\Windows\System\qHSxWkM.exe
  C:\Windows\System\qHSxWkM.exe
  2⤵
  PID:4144
- C:\Windows\System\EQTjBaQ.exe
  C:\Windows\System\EQTjBaQ.exe
  2⤵
  PID:4164
- C:\Windows\System\tupakML.exe
  C:\Windows\System\tupakML.exe
  2⤵
  PID:4184
- C:\Windows\System\jlfQpMx.exe
  C:\Windows\System\jlfQpMx.exe
  2⤵
  PID:4196
- C:\Windows\System\vdVKzCf.exe
  C:\Windows\System\vdVKzCf.exe
  2⤵
  PID:4224
- C:\Windows\System\AKaFmot.exe
  C:\Windows\System\AKaFmot.exe
  2⤵
  PID:4240
- C:\Windows\System\faGDETt.exe
  C:\Windows\System\faGDETt.exe
  2⤵
  PID:4264
- C:\Windows\System\YUJoMlN.exe
  C:\Windows\System\YUJoMlN.exe
  2⤵
  PID:4284
- C:\Windows\System\xiCTppi.exe
  C:\Windows\System\xiCTppi.exe
  2⤵
  PID:3640
- C:\Windows\System\WKzRFtP.exe
  C:\Windows\System\WKzRFtP.exe
  2⤵
  PID:4324
- C:\Windows\System\PuCcSlk.exe
  C:\Windows\System\PuCcSlk.exe
  2⤵
  PID:4344
- C:\Windows\System\qaZmeLp.exe
  C:\Windows\System\qaZmeLp.exe
  2⤵
  PID:4364
- C:\Windows\System\xDsEjHE.exe
  C:\Windows\System\xDsEjHE.exe
  2⤵
  PID:4388
- C:\Windows\System\YeTTOOm.exe
  C:\Windows\System\YeTTOOm.exe
  2⤵
  PID:4428
- C:\Windows\System\UrdYCgW.exe
  C:\Windows\System\UrdYCgW.exe
  2⤵
  PID:4452
- C:\Windows\System\LyMvVbY.exe
  C:\Windows\System\LyMvVbY.exe
  2⤵
  PID:4468
- C:\Windows\System\BsRBxfk.exe
  C:\Windows\System\BsRBxfk.exe
  2⤵
  PID:4492
- C:\Windows\System\iOhpMXm.exe
  C:\Windows\System\iOhpMXm.exe
  2⤵
  PID:4508
- C:\Windows\System\lrcABuo.exe
  C:\Windows\System\lrcABuo.exe
  2⤵
  PID:4532
- C:\Windows\System\fneXcjl.exe
  C:\Windows\System\fneXcjl.exe
  2⤵
  PID:4548
- C:\Windows\System\KwgzbGg.exe
  C:\Windows\System\KwgzbGg.exe
  2⤵
  PID:4572
- C:\Windows\System\wwlTdNu.exe
  C:\Windows\System\wwlTdNu.exe
  2⤵
  PID:4596
- C:\Windows\System\QHMfZZk.exe
  C:\Windows\System\QHMfZZk.exe
  2⤵
  PID:4616
- C:\Windows\System\reyrJNl.exe
  C:\Windows\System\reyrJNl.exe
  2⤵
  PID:4400
- C:\Windows\System\casDtIi.exe
  C:\Windows\System\casDtIi.exe
  2⤵
  PID:4652
- C:\Windows\System\qDeVFEE.exe
  C:\Windows\System\qDeVFEE.exe
  2⤵
  PID:4664
- C:\Windows\System\RoZnDwF.exe
  C:\Windows\System\RoZnDwF.exe
  2⤵
  PID:4692
- C:\Windows\System\cGXDfzK.exe
  C:\Windows\System\cGXDfzK.exe
  2⤵
  PID:4404
- C:\Windows\System\fWaXTBQ.exe
  C:\Windows\System\fWaXTBQ.exe
  2⤵
  PID:4776
- C:\Windows\System\sYeguBX.exe
  C:\Windows\System\sYeguBX.exe
  2⤵
  PID:1456
- C:\Windows\System\scnGgva.exe
  C:\Windows\System\scnGgva.exe
  2⤵
  PID:4800
- C:\Windows\System\cGegcxU.exe
  C:\Windows\System\cGegcxU.exe
  2⤵
  PID:4816
- C:\Windows\System\wONHOEe.exe
  C:\Windows\System\wONHOEe.exe
  2⤵
  PID:4840
- C:\Windows\System\aZJZlsD.exe
  C:\Windows\System\aZJZlsD.exe
  2⤵
  PID:4848
- C:\Windows\System\sNWrboG.exe
  C:\Windows\System\sNWrboG.exe
  2⤵
  PID:4868
- C:\Windows\System\cuBpSId.exe
  C:\Windows\System\cuBpSId.exe
  2⤵
  PID:5032
- C:\Windows\System\ZVVDDUA.exe
  C:\Windows\System\ZVVDDUA.exe
  2⤵
  PID:5052
- C:\Windows\System\haKrzie.exe
  C:\Windows\System\haKrzie.exe
  2⤵
  PID:4900
- C:\Windows\System\AZJlAoS.exe
  C:\Windows\System\AZJlAoS.exe
  2⤵
  PID:4924
- C:\Windows\System\jMAObQz.exe
  C:\Windows\System\jMAObQz.exe
  2⤵
  PID:4944
- C:\Windows\System\xVLojQz.exe
  C:\Windows\System\xVLojQz.exe
  2⤵
  PID:4964
- C:\Windows\System\zlMyHJF.exe
  C:\Windows\System\zlMyHJF.exe
  2⤵
  PID:4980
- C:\Windows\System\xTdVGvV.exe
  C:\Windows\System\xTdVGvV.exe
  2⤵
  PID:5000
- C:\Windows\System\tTNxSwH.exe
  C:\Windows\System\tTNxSwH.exe
  2⤵
  PID:3760
- C:\Windows\System\FMZlUiy.exe
  C:\Windows\System\FMZlUiy.exe
  2⤵
  PID:5112
- C:\Windows\System\iZIFvKp.exe
  C:\Windows\System\iZIFvKp.exe
  2⤵
  PID:3872
- C:\Windows\System\rLejMHy.exe
  C:\Windows\System\rLejMHy.exe
  2⤵
  PID:3840
- C:\Windows\System\icGapYE.exe
  C:\Windows\System\icGapYE.exe
  2⤵
  PID:348
- C:\Windows\System\aldDBGT.exe
  C:\Windows\System\aldDBGT.exe
  2⤵
  PID:4064
- C:\Windows\System\xiXNCQp.exe
  C:\Windows\System\xiXNCQp.exe
  2⤵
  PID:3336
- C:\Windows\System\OvHRIDp.exe
  C:\Windows\System\OvHRIDp.exe
  2⤵
  PID:2168
- C:\Windows\System\hUouTQX.exe
  C:\Windows\System\hUouTQX.exe
  2⤵
  PID:2032
- C:\Windows\System\KLuOaiq.exe
  C:\Windows\System\KLuOaiq.exe
  2⤵
  PID:3400
- C:\Windows\System\brlnYDZ.exe
  C:\Windows\System\brlnYDZ.exe
  2⤵
  PID:4140
- C:\Windows\System\ELADaWx.exe
  C:\Windows\System\ELADaWx.exe
  2⤵
  PID:4156
- C:\Windows\System\GPhigii.exe
  C:\Windows\System\GPhigii.exe
  2⤵
  PID:484
- C:\Windows\System\FvhRrWn.exe
  C:\Windows\System\FvhRrWn.exe
  2⤵
  PID:4200
- C:\Windows\System\VJeIDLM.exe
  C:\Windows\System\VJeIDLM.exe
  2⤵
  PID:2040
- C:\Windows\System\vNoMtKS.exe
  C:\Windows\System\vNoMtKS.exe
  2⤵
  PID:4232
- C:\Windows\System\KyHPDRw.exe
  C:\Windows\System\KyHPDRw.exe
  2⤵
  PID:1788
- C:\Windows\System\aranfhg.exe
  C:\Windows\System\aranfhg.exe
  2⤵
  PID:4332
- C:\Windows\System\IKGCDDc.exe
  C:\Windows\System\IKGCDDc.exe
  2⤵
  PID:4376
- C:\Windows\System\xCosmkZ.exe
  C:\Windows\System\xCosmkZ.exe
  2⤵
  PID:4444
- C:\Windows\System\ynfmlKq.exe
  C:\Windows\System\ynfmlKq.exe
  2⤵
  PID:4352
- C:\Windows\System\dXodUTe.exe
  C:\Windows\System\dXodUTe.exe
  2⤵
  PID:4484
- C:\Windows\System\uJNRjNj.exe
  C:\Windows\System\uJNRjNj.exe
  2⤵
  PID:4464
- C:\Windows\System\DEKLwIw.exe
  C:\Windows\System\DEKLwIw.exe
  2⤵
  PID:4520
- C:\Windows\System\XaeGXot.exe
  C:\Windows\System\XaeGXot.exe
  2⤵
  PID:4568
- C:\Windows\System\YOKwSsd.exe
  C:\Windows\System\YOKwSsd.exe
  2⤵
  PID:4560
- C:\Windows\System\DeaCOll.exe
  C:\Windows\System\DeaCOll.exe
  2⤵
  PID:4592
- C:\Windows\System\yPOdczS.exe
  C:\Windows\System\yPOdczS.exe
  2⤵
  PID:4644
- C:\Windows\System\taySSuK.exe
  C:\Windows\System\taySSuK.exe
  2⤵
  PID:4680
- C:\Windows\System\NuUDAxj.exe
  C:\Windows\System\NuUDAxj.exe
  2⤵
  PID:4660
- C:\Windows\System\OasJawc.exe
  C:\Windows\System\OasJawc.exe
  2⤵
  PID:2820
- C:\Windows\System\KvbIBsM.exe
  C:\Windows\System\KvbIBsM.exe
  2⤵
  PID:640
- C:\Windows\System\dxQKCxg.exe
  C:\Windows\System\dxQKCxg.exe
  2⤵
  PID:4836
- C:\Windows\System\vDsThwk.exe
  C:\Windows\System\vDsThwk.exe
  2⤵
  PID:4756
- C:\Windows\System\NvJZkVn.exe
  C:\Windows\System\NvJZkVn.exe
  2⤵
  PID:4880
- C:\Windows\System\oteXBJM.exe
  C:\Windows\System\oteXBJM.exe
  2⤵
  PID:4912
- C:\Windows\System\SDNZRPU.exe
  C:\Windows\System\SDNZRPU.exe
  2⤵
  PID:5092
- C:\Windows\System\FOXkmBd.exe
  C:\Windows\System\FOXkmBd.exe
  2⤵
  PID:4936
- C:\Windows\System\IZCdfiO.exe
  C:\Windows\System\IZCdfiO.exe
  2⤵
  PID:4972
- C:\Windows\System\tEYLOez.exe
  C:\Windows\System\tEYLOez.exe
  2⤵
  PID:5072
- C:\Windows\System\LWSWYSg.exe
  C:\Windows\System\LWSWYSg.exe
  2⤵
  PID:4048
- C:\Windows\System\FwjCayS.exe
  C:\Windows\System\FwjCayS.exe
  2⤵
  PID:4280
- C:\Windows\System\YmaKcRF.exe
  C:\Windows\System\YmaKcRF.exe
  2⤵
  PID:4080
- C:\Windows\System\TKYXcfH.exe
  C:\Windows\System\TKYXcfH.exe
  2⤵
  PID:1424
- C:\Windows\System\xdspeXm.exe
  C:\Windows\System\xdspeXm.exe
  2⤵
  PID:3288
- C:\Windows\System\FIMOhIo.exe
  C:\Windows\System\FIMOhIo.exe
  2⤵
  PID:2764
- C:\Windows\System\eIPXwAr.exe
  C:\Windows\System\eIPXwAr.exe
  2⤵
  PID:2644
- C:\Windows\System\CnUlyhC.exe
  C:\Windows\System\CnUlyhC.exe
  2⤵
  PID:3544
- C:\Windows\System\Daijpbs.exe
  C:\Windows\System\Daijpbs.exe
  2⤵
  PID:4152
- C:\Windows\System\kxaDeGK.exe
  C:\Windows\System\kxaDeGK.exe
  2⤵
  PID:1588
- C:\Windows\System\aAlIdrX.exe
  C:\Windows\System\aAlIdrX.exe
  2⤵
  PID:2224
- C:\Windows\System\vLXhptc.exe
  C:\Windows\System\vLXhptc.exe
  2⤵
  PID:4260
- C:\Windows\System\PnjGvev.exe
  C:\Windows\System\PnjGvev.exe
  2⤵
  PID:3644
- C:\Windows\System\upzJcYt.exe
  C:\Windows\System\upzJcYt.exe
  2⤵
  PID:4272
- C:\Windows\System\heTlJUv.exe
  C:\Windows\System\heTlJUv.exe
  2⤵
  PID:3708
- C:\Windows\System\JIbqfJd.exe
  C:\Windows\System\JIbqfJd.exe
  2⤵
  PID:4380
- C:\Windows\System\KxkNUcN.exe
  C:\Windows\System\KxkNUcN.exe
  2⤵
  PID:2132
- C:\Windows\System\LkElpGt.exe
  C:\Windows\System\LkElpGt.exe
  2⤵
  PID:3068
- C:\Windows\System\AUpuPzb.exe
  C:\Windows\System\AUpuPzb.exe
  2⤵
  PID:4488
- C:\Windows\System\kbDHPpF.exe
  C:\Windows\System\kbDHPpF.exe
  2⤵
  PID:4416
- C:\Windows\System\JumepSO.exe
  C:\Windows\System\JumepSO.exe
  2⤵
  PID:4544
- C:\Windows\System\utKodFH.exe
  C:\Windows\System\utKodFH.exe
  2⤵
  PID:4632
- C:\Windows\System\RXfKmvZ.exe
  C:\Windows\System\RXfKmvZ.exe
  2⤵
  PID:4796
- C:\Windows\System\Kecuokl.exe
  C:\Windows\System\Kecuokl.exe
  2⤵
  PID:4612
- C:\Windows\System\CSVRwdN.exe
  C:\Windows\System\CSVRwdN.exe
  2⤵
  PID:4668
- C:\Windows\System\HEJFSow.exe
  C:\Windows\System\HEJFSow.exe
  2⤵
  PID:4864
- C:\Windows\System\ADrGQaA.exe
  C:\Windows\System\ADrGQaA.exe
  2⤵
  PID:4832
- C:\Windows\System\CIrsbMk.exe
  C:\Windows\System\CIrsbMk.exe
  2⤵
  PID:5040
- C:\Windows\System\LrGEBbU.exe
  C:\Windows\System\LrGEBbU.exe
  2⤵
  PID:4932
- C:\Windows\System\labXbsl.exe
  C:\Windows\System\labXbsl.exe
  2⤵
  PID:4968
- C:\Windows\System\TRAYTPS.exe
  C:\Windows\System\TRAYTPS.exe
  2⤵
  PID:5012
- C:\Windows\System\eMXNqrt.exe
  C:\Windows\System\eMXNqrt.exe
  2⤵
  PID:4120
- C:\Windows\System\EJjnQaj.exe
  C:\Windows\System\EJjnQaj.exe
  2⤵
  PID:3808
- C:\Windows\System\ecDpUag.exe
  C:\Windows\System\ecDpUag.exe
  2⤵
  PID:3108
- C:\Windows\System\uMpnfvx.exe
  C:\Windows\System\uMpnfvx.exe
  2⤵
  PID:4176
- C:\Windows\System\ACCqTpK.exe
  C:\Windows\System\ACCqTpK.exe
  2⤵
  PID:3516
- C:\Windows\System\YuYiqJY.exe
  C:\Windows\System\YuYiqJY.exe
  2⤵
  PID:3580
- C:\Windows\System\jWyjcvT.exe
  C:\Windows\System\jWyjcvT.exe
  2⤵
  PID:4304
- C:\Windows\System\QQBjlmT.exe
  C:\Windows\System\QQBjlmT.exe
  2⤵
  PID:4292
- C:\Windows\System\WylqXGW.exe
  C:\Windows\System\WylqXGW.exe
  2⤵
  PID:4296
- C:\Windows\System\arTnDDk.exe
  C:\Windows\System\arTnDDk.exe
  2⤵
  PID:4580
- C:\Windows\System\vqqiAPz.exe
  C:\Windows\System\vqqiAPz.exe
  2⤵
  PID:4524
- C:\Windows\System\HTDmnTH.exe
  C:\Windows\System\HTDmnTH.exe
  2⤵
  PID:4476
- C:\Windows\System\qMUYDqA.exe
  C:\Windows\System\qMUYDqA.exe
  2⤵
  PID:5048
- C:\Windows\System\bmvAHFN.exe
  C:\Windows\System\bmvAHFN.exe
  2⤵
  PID:4856
- C:\Windows\System\zQRZOCS.exe
  C:\Windows\System\zQRZOCS.exe
  2⤵
  PID:4904
- C:\Windows\System\RpvjDaY.exe
  C:\Windows\System\RpvjDaY.exe
  2⤵
  PID:4604
- C:\Windows\System\IzEMxCk.exe
  C:\Windows\System\IzEMxCk.exe
  2⤵
  PID:5068
- C:\Windows\System\QonyVrO.exe
  C:\Windows\System\QonyVrO.exe
  2⤵
  PID:5104
- C:\Windows\System\QLTCLMl.exe
  C:\Windows\System\QLTCLMl.exe
  2⤵
  PID:3464
- C:\Windows\System\AslCCCe.exe
  C:\Windows\System\AslCCCe.exe
  2⤵
  PID:4132
- C:\Windows\System\rSRutmo.exe
  C:\Windows\System\rSRutmo.exe
  2⤵
  PID:2096
- C:\Windows\System\CUQoxoe.exe
  C:\Windows\System\CUQoxoe.exe
  2⤵
  PID:4360
- C:\Windows\System\jPZaIYS.exe
  C:\Windows\System\jPZaIYS.exe
  2⤵
  PID:3608
- C:\Windows\System\jbeVBaA.exe
  C:\Windows\System\jbeVBaA.exe
  2⤵
  PID:2340
- C:\Windows\System\xIgGVYz.exe
  C:\Windows\System\xIgGVYz.exe
  2⤵
  PID:4736
- C:\Windows\System\biPJiTd.exe
  C:\Windows\System\biPJiTd.exe
  2⤵
  PID:4648
- C:\Windows\System\FzRdZDg.exe
  C:\Windows\System\FzRdZDg.exe
  2⤵
  PID:1096
- C:\Windows\System\zNNdyzw.exe
  C:\Windows\System\zNNdyzw.exe
  2⤵
  PID:3172
- C:\Windows\System\iFjFkmW.exe
  C:\Windows\System\iFjFkmW.exe
  2⤵
  PID:4824
- C:\Windows\System\pDEgYEP.exe
  C:\Windows\System\pDEgYEP.exe
  2⤵
  PID:2380
- C:\Windows\System\rpZJjHA.exe
  C:\Windows\System\rpZJjHA.exe
  2⤵
  PID:3692
- C:\Windows\System\OlLaNWm.exe
  C:\Windows\System\OlLaNWm.exe
  2⤵
  PID:4320
- C:\Windows\System\GZhSWXV.exe
  C:\Windows\System\GZhSWXV.exe
  2⤵
  PID:4504
- C:\Windows\System\JeIEZIo.exe
  C:\Windows\System\JeIEZIo.exe
  2⤵
  PID:4992
- C:\Windows\System\PLCyzFL.exe
  C:\Windows\System\PLCyzFL.exe
  2⤵
  PID:4628
- C:\Windows\System\VKmnflR.exe
  C:\Windows\System\VKmnflR.exe
  2⤵
  PID:4192
- C:\Windows\System\rDuMbUv.exe
  C:\Windows\System\rDuMbUv.exe
  2⤵
  PID:4728
- C:\Windows\System\cTEXRna.exe
  C:\Windows\System\cTEXRna.exe
  2⤵
  PID:4784
- C:\Windows\System\Mhrwpjz.exe
  C:\Windows\System\Mhrwpjz.exe
  2⤵
  PID:4220
- C:\Windows\System\KAxHlFG.exe
  C:\Windows\System\KAxHlFG.exe
  2⤵
  PID:4940
- C:\Windows\System\HagjXsi.exe
  C:\Windows\System\HagjXsi.exe
  2⤵
  PID:5136
- C:\Windows\System\UYcvzgj.exe
  C:\Windows\System\UYcvzgj.exe
  2⤵
  PID:5152
- C:\Windows\System\xnqwQNf.exe
  C:\Windows\System\xnqwQNf.exe
  2⤵
  PID:5168
- C:\Windows\System\qKvrHxJ.exe
  C:\Windows\System\qKvrHxJ.exe
  2⤵
  PID:5192
- C:\Windows\System\fUeGVzw.exe
  C:\Windows\System\fUeGVzw.exe
  2⤵
  PID:5208
- C:\Windows\System\ijSAFzN.exe
  C:\Windows\System\ijSAFzN.exe
  2⤵
  PID:5224
- C:\Windows\System\LhEdLad.exe
  C:\Windows\System\LhEdLad.exe
  2⤵
  PID:5244
- C:\Windows\System\gmqGuey.exe
  C:\Windows\System\gmqGuey.exe
  2⤵
  PID:5268
- C:\Windows\System\nOFJGDK.exe
  C:\Windows\System\nOFJGDK.exe
  2⤵
  PID:5284
- C:\Windows\System\PWdKGDa.exe
  C:\Windows\System\PWdKGDa.exe
  2⤵
  PID:5304
- C:\Windows\System\avvkAIt.exe
  C:\Windows\System\avvkAIt.exe
  2⤵
  PID:5320
- C:\Windows\System\YcALDvE.exe
  C:\Windows\System\YcALDvE.exe
  2⤵
  PID:5340
- C:\Windows\System\KzYjKzW.exe
  C:\Windows\System\KzYjKzW.exe
  2⤵
  PID:5360
- C:\Windows\System\SsRPCFU.exe
  C:\Windows\System\SsRPCFU.exe
  2⤵
  PID:5376
- C:\Windows\System\gbZibmc.exe
  C:\Windows\System\gbZibmc.exe
  2⤵
  PID:5412
- C:\Windows\System\jOQaQvt.exe
  C:\Windows\System\jOQaQvt.exe
  2⤵
  PID:5428
- C:\Windows\System\PRcYEkn.exe
  C:\Windows\System\PRcYEkn.exe
  2⤵
  PID:5444
- C:\Windows\System\FPRbiFs.exe
  C:\Windows\System\FPRbiFs.exe
  2⤵
  PID:5460
- C:\Windows\System\OArjrkZ.exe
  C:\Windows\System\OArjrkZ.exe
  2⤵
  PID:5480
- C:\Windows\System\TCNGYek.exe
  C:\Windows\System\TCNGYek.exe
  2⤵
  PID:5496
- C:\Windows\System\jLzffdv.exe
  C:\Windows\System\jLzffdv.exe
  2⤵
  PID:5512
- C:\Windows\System\QlvoLjj.exe
  C:\Windows\System\QlvoLjj.exe
  2⤵
  PID:5528
- C:\Windows\System\zYVFMGY.exe
  C:\Windows\System\zYVFMGY.exe
  2⤵
  PID:5544
- C:\Windows\System\FAevOQb.exe
  C:\Windows\System\FAevOQb.exe
  2⤵
  PID:5592
- C:\Windows\System\zBJXStJ.exe
  C:\Windows\System\zBJXStJ.exe
  2⤵
  PID:5616
- C:\Windows\System\VwhaNcc.exe
  C:\Windows\System\VwhaNcc.exe
  2⤵
  PID:5636
- C:\Windows\System\zpZxsHU.exe
  C:\Windows\System\zpZxsHU.exe
  2⤵
  PID:5652
- C:\Windows\System\PLJOPCS.exe
  C:\Windows\System\PLJOPCS.exe
  2⤵
  PID:5668
- C:\Windows\System\lIKrAMl.exe
  C:\Windows\System\lIKrAMl.exe
  2⤵
  PID:5684
- C:\Windows\System\zQckCxa.exe
  C:\Windows\System\zQckCxa.exe
  2⤵
  PID:5700
- C:\Windows\System\IoXAKkJ.exe
  C:\Windows\System\IoXAKkJ.exe
  2⤵
  PID:5720
- C:\Windows\System\amSHJiy.exe
  C:\Windows\System\amSHJiy.exe
  2⤵
  PID:5740
- C:\Windows\System\FLQVPYS.exe
  C:\Windows\System\FLQVPYS.exe
  2⤵
  PID:5768
- C:\Windows\System\YZTujhm.exe
  C:\Windows\System\YZTujhm.exe
  2⤵
  PID:5792
- C:\Windows\System\ERjVamm.exe
  C:\Windows\System\ERjVamm.exe
  2⤵
  PID:5820
- C:\Windows\System\gWLUoDo.exe
  C:\Windows\System\gWLUoDo.exe
  2⤵
  PID:5840
- C:\Windows\System\yHaXnDA.exe
  C:\Windows\System\yHaXnDA.exe
  2⤵
  PID:5856
- C:\Windows\System\pQIWYRi.exe
  C:\Windows\System\pQIWYRi.exe
  2⤵
  PID:5880
- C:\Windows\System\bPmnppO.exe
  C:\Windows\System\bPmnppO.exe
  2⤵
  PID:5912
- C:\Windows\System\Vhumyod.exe
  C:\Windows\System\Vhumyod.exe
  2⤵
  PID:5928
- C:\Windows\System\RMflJFD.exe
  C:\Windows\System\RMflJFD.exe
  2⤵
  PID:5944
- C:\Windows\System\jnIFPWA.exe
  C:\Windows\System\jnIFPWA.exe
  2⤵
  PID:5960
- C:\Windows\System\hoJSOOQ.exe
  C:\Windows\System\hoJSOOQ.exe
  2⤵
  PID:5980
- C:\Windows\System\AfnNHmE.exe
  C:\Windows\System\AfnNHmE.exe
  2⤵
  PID:5996
- C:\Windows\System\iXzaXij.exe
  C:\Windows\System\iXzaXij.exe
  2⤵
  PID:6016
- C:\Windows\System\sZTgvYy.exe
  C:\Windows\System\sZTgvYy.exe
  2⤵
  PID:6032
- C:\Windows\System\TmmgAzK.exe
  C:\Windows\System\TmmgAzK.exe
  2⤵
  PID:6068
- C:\Windows\System\XPBOioQ.exe
  C:\Windows\System\XPBOioQ.exe
  2⤵
  PID:6084
- C:\Windows\System\QlTwkyG.exe
  C:\Windows\System\QlTwkyG.exe
  2⤵
  PID:6100
- C:\Windows\System\zkYCtJT.exe
  C:\Windows\System\zkYCtJT.exe
  2⤵
  PID:6116
- C:\Windows\System\IqfhrUC.exe
  C:\Windows\System\IqfhrUC.exe
  2⤵
  PID:6136
- C:\Windows\System\rZJEBIL.exe
  C:\Windows\System\rZJEBIL.exe
  2⤵
  PID:5124
- C:\Windows\System\zLqVHWe.exe
  C:\Windows\System\zLqVHWe.exe
  2⤵
  PID:4312
- C:\Windows\System\sbDrtXu.exe
  C:\Windows\System\sbDrtXu.exe
  2⤵
  PID:5180
- C:\Windows\System\IyekpNM.exe
  C:\Windows\System\IyekpNM.exe
  2⤵
  PID:5188
- C:\Windows\System\gcaDFjs.exe
  C:\Windows\System\gcaDFjs.exe
  2⤵
  PID:5292
- C:\Windows\System\mSPdzli.exe
  C:\Windows\System\mSPdzli.exe
  2⤵
  PID:5280
- C:\Windows\System\poiNDau.exe
  C:\Windows\System\poiNDau.exe
  2⤵
  PID:5352
- C:\Windows\System\yNLqXRT.exe
  C:\Windows\System\yNLqXRT.exe
  2⤵
  PID:5392
- C:\Windows\System\pThbikL.exe
  C:\Windows\System\pThbikL.exe
  2⤵
  PID:5296
- C:\Windows\System\eRMtOlN.exe
  C:\Windows\System\eRMtOlN.exe
  2⤵
  PID:5368
- C:\Windows\System\OiwrawZ.exe
  C:\Windows\System\OiwrawZ.exe
  2⤵
  PID:5420
- C:\Windows\System\OjRwpWL.exe
  C:\Windows\System\OjRwpWL.exe
  2⤵
  PID:5524
- C:\Windows\System\HosHVwo.exe
  C:\Windows\System\HosHVwo.exe
  2⤵
  PID:5520
- C:\Windows\System\kFFOiJG.exe
  C:\Windows\System\kFFOiJG.exe
  2⤵
  PID:5440
- C:\Windows\System\DbhtpnD.exe
  C:\Windows\System\DbhtpnD.exe
  2⤵
  PID:5568
- C:\Windows\System\vqcqnVM.exe
  C:\Windows\System\vqcqnVM.exe
  2⤵
  PID:5504
- C:\Windows\System\MSRdeGQ.exe
  C:\Windows\System\MSRdeGQ.exe
  2⤵
  PID:5540
- C:\Windows\System\aeUGJsV.exe
  C:\Windows\System\aeUGJsV.exe
  2⤵
  PID:5676
- C:\Windows\System\evNTsvi.exe
  C:\Windows\System\evNTsvi.exe
  2⤵
  PID:5760
- C:\Windows\System\SiTFRtq.exe
  C:\Windows\System\SiTFRtq.exe
  2⤵
  PID:5852
- C:\Windows\System\HiOvKxl.exe
  C:\Windows\System\HiOvKxl.exe
  2⤵
  PID:5832
- C:\Windows\System\IrBlbHT.exe
  C:\Windows\System\IrBlbHT.exe
  2⤵
  PID:5936
- C:\Windows\System\NQpDsWF.exe
  C:\Windows\System\NQpDsWF.exe
  2⤵
  PID:5968
- C:\Windows\System\RNMgSdr.exe
  C:\Windows\System\RNMgSdr.exe
  2⤵
  PID:6012
- C:\Windows\System\jOWTEAH.exe
  C:\Windows\System\jOWTEAH.exe
  2⤵
  PID:6044
- C:\Windows\System\StryCXA.exe
  C:\Windows\System\StryCXA.exe
  2⤵
  PID:5956
- C:\Windows\System\PhllxaM.exe
  C:\Windows\System\PhllxaM.exe
  2⤵
  PID:6108
- C:\Windows\System\tfTfgvm.exe
  C:\Windows\System\tfTfgvm.exe
  2⤵
  PID:6128
- C:\Windows\System\yspsYZs.exe
  C:\Windows\System\yspsYZs.exe
  2⤵
  PID:6112
- C:\Windows\System\cgSaawN.exe
  C:\Windows\System\cgSaawN.exe
  2⤵
  PID:5144
- C:\Windows\System\uiUHItt.exe
  C:\Windows\System\uiUHItt.exe
  2⤵
  PID:5204
- C:\Windows\System\sDSMuOF.exe
  C:\Windows\System\sDSMuOF.exe
  2⤵
  PID:2348
- C:\Windows\System\hTusFON.exe
  C:\Windows\System\hTusFON.exe
  2⤵
  PID:5216
- C:\Windows\System\qMRxaRb.exe
  C:\Windows\System\qMRxaRb.exe
  2⤵
  PID:5332
- C:\Windows\System\yDwfLdx.exe
  C:\Windows\System\yDwfLdx.exe
  2⤵
  PID:5588
- C:\Windows\System\aoRuWwY.exe
  C:\Windows\System\aoRuWwY.exe
  2⤵
  PID:5424
- C:\Windows\System\DjSqnfr.exe
  C:\Windows\System\DjSqnfr.exe
  2⤵
  PID:5556
- C:\Windows\System\TpMplcD.exe
  C:\Windows\System\TpMplcD.exe
  2⤵
  PID:5476
- C:\Windows\System\UhGQSiq.exe
  C:\Windows\System\UhGQSiq.exe
  2⤵
  PID:5644
- C:\Windows\System\wlsaPqo.exe
  C:\Windows\System\wlsaPqo.exe
  2⤵
  PID:5816
- C:\Windows\System\azcXqus.exe
  C:\Windows\System\azcXqus.exe
  2⤵
  PID:5788
- C:\Windows\System\pjGWCXt.exe
  C:\Windows\System\pjGWCXt.exe
  2⤵
  PID:5868
- C:\Windows\System\NfRhVom.exe
  C:\Windows\System\NfRhVom.exe
  2⤵
  PID:5864
- C:\Windows\System\SLrDUwv.exe
  C:\Windows\System\SLrDUwv.exe
  2⤵
  PID:5988
- C:\Windows\System\loQLcwj.exe
  C:\Windows\System\loQLcwj.exe
  2⤵
  PID:6056
- C:\Windows\System\MrMYNTx.exe
  C:\Windows\System\MrMYNTx.exe
  2⤵
  PID:6028
- C:\Windows\System\RKujPrd.exe
  C:\Windows\System\RKujPrd.exe
  2⤵
  PID:6076
- C:\Windows\System\SbplTXw.exe
  C:\Windows\System\SbplTXw.exe
  2⤵
  PID:2448
- C:\Windows\System\fCOdhnN.exe
  C:\Windows\System\fCOdhnN.exe
  2⤵
  PID:5184
- C:\Windows\System\cAAkEYi.exe
  C:\Windows\System\cAAkEYi.exe
  2⤵
  PID:5260
- C:\Windows\System\KGehisD.exe
  C:\Windows\System\KGehisD.exe
  2⤵
  PID:5400
- C:\Windows\System\xHZHUDY.exe
  C:\Windows\System\xHZHUDY.exe
  2⤵
  PID:5664
- C:\Windows\System\UhbGmwR.exe
  C:\Windows\System\UhbGmwR.exe
  2⤵
  PID:5624
- C:\Windows\System\fyrrnhG.exe
  C:\Windows\System\fyrrnhG.exe
  2⤵
  PID:5488
- C:\Windows\System\AEwvhNH.exe
  C:\Windows\System\AEwvhNH.exe
  2⤵
  PID:5472
- C:\Windows\System\uARyvBb.exe
  C:\Windows\System\uARyvBb.exe
  2⤵
  PID:5752
- C:\Windows\System\pHduPfY.exe
  C:\Windows\System\pHduPfY.exe
  2⤵
  PID:6004
- C:\Windows\System\zhZYcAn.exe
  C:\Windows\System\zhZYcAn.exe
  2⤵
  PID:5900
- C:\Windows\System\puMnvuQ.exe
  C:\Windows\System\puMnvuQ.exe
  2⤵
  PID:6092
- C:\Windows\System\dqpEYhX.exe
  C:\Windows\System\dqpEYhX.exe
  2⤵
  PID:5164
- C:\Windows\System\YHBzRZe.exe
  C:\Windows\System\YHBzRZe.exe
  2⤵
  PID:5660
- C:\Windows\System\sBniRSb.exe
  C:\Windows\System\sBniRSb.exe
  2⤵
  PID:5232
- C:\Windows\System\JLpSRfy.exe
  C:\Windows\System\JLpSRfy.exe
  2⤵
  PID:5408
- C:\Windows\System\ytDRPuA.exe
  C:\Windows\System\ytDRPuA.exe
  2⤵
  PID:5264
- C:\Windows\System\CrXqoOO.exe
  C:\Windows\System\CrXqoOO.exe
  2⤵
  PID:5452
- C:\Windows\System\dSJYPGG.exe
  C:\Windows\System\dSJYPGG.exe
  2⤵
  PID:5404
- C:\Windows\System\UfbMAMr.exe
  C:\Windows\System\UfbMAMr.exe
  2⤵
  PID:5908
- C:\Windows\System\uVePbSt.exe
  C:\Windows\System\uVePbSt.exe
  2⤵
  PID:4624
- C:\Windows\System\GSmVbXq.exe
  C:\Windows\System\GSmVbXq.exe
  2⤵
  PID:6152
- C:\Windows\System\rWLmrNm.exe
  C:\Windows\System\rWLmrNm.exe
  2⤵
  PID:6168
- C:\Windows\System\PAWwQIA.exe
  C:\Windows\System\PAWwQIA.exe
  2⤵
  PID:6192
- C:\Windows\System\RHNLgHW.exe
  C:\Windows\System\RHNLgHW.exe
  2⤵
  PID:6208
- C:\Windows\System\UDgCWvx.exe
  C:\Windows\System\UDgCWvx.exe
  2⤵
  PID:6224
- C:\Windows\System\bxmESyT.exe
  C:\Windows\System\bxmESyT.exe
  2⤵
  PID:6240
- C:\Windows\System\BfunSfL.exe
  C:\Windows\System\BfunSfL.exe
  2⤵
  PID:6300
- C:\Windows\System\VXrPNQd.exe
  C:\Windows\System\VXrPNQd.exe
  2⤵
  PID:6320
- C:\Windows\System\fMUzDRK.exe
  C:\Windows\System\fMUzDRK.exe
  2⤵
  PID:6336
- C:\Windows\System\GTYGoHo.exe
  C:\Windows\System\GTYGoHo.exe
  2⤵
  PID:6352
- C:\Windows\System\lIpZvvM.exe
  C:\Windows\System\lIpZvvM.exe
  2⤵
  PID:6372
- C:\Windows\System\wYSABSL.exe
  C:\Windows\System\wYSABSL.exe
  2⤵
  PID:6388
- C:\Windows\System\YvdRhAA.exe
  C:\Windows\System\YvdRhAA.exe
  2⤵
  PID:6404
- C:\Windows\System\buJpKdb.exe
  C:\Windows\System\buJpKdb.exe
  2⤵
  PID:6420
- C:\Windows\System\RvCiygq.exe
  C:\Windows\System\RvCiygq.exe
  2⤵
  PID:6460
- C:\Windows\System\rdWHwjI.exe
  C:\Windows\System\rdWHwjI.exe
  2⤵
  PID:6476
- C:\Windows\System\rGvJLWW.exe
  C:\Windows\System\rGvJLWW.exe
  2⤵
  PID:6492
- C:\Windows\System\eRChCIv.exe
  C:\Windows\System\eRChCIv.exe
  2⤵
  PID:6520
- C:\Windows\System\lAdaCAB.exe
  C:\Windows\System\lAdaCAB.exe
  2⤵
  PID:6540
- C:\Windows\System\zAnIXvN.exe
  C:\Windows\System\zAnIXvN.exe
  2⤵
  PID:6556
- C:\Windows\System\nuPFgHr.exe
  C:\Windows\System\nuPFgHr.exe
  2⤵
  PID:6572
- C:\Windows\System\tkyUBUq.exe
  C:\Windows\System\tkyUBUq.exe
  2⤵
  PID:6604
- C:\Windows\System\ReOLCMU.exe
  C:\Windows\System\ReOLCMU.exe
  2⤵
  PID:6620
- C:\Windows\System\xkYiXTG.exe
  C:\Windows\System\xkYiXTG.exe
  2⤵
  PID:6636
- C:\Windows\System\UhkdGQy.exe
  C:\Windows\System\UhkdGQy.exe
  2⤵
  PID:6652
- C:\Windows\System\WCcxyrz.exe
  C:\Windows\System\WCcxyrz.exe
  2⤵
  PID:6676
- C:\Windows\System\JfeqykD.exe
  C:\Windows\System\JfeqykD.exe
  2⤵
  PID:6696
- C:\Windows\System\fqWDrZQ.exe
  C:\Windows\System\fqWDrZQ.exe
  2⤵
  PID:6720
- C:\Windows\System\sRaBeBT.exe
  C:\Windows\System\sRaBeBT.exe
  2⤵
  PID:6736
- C:\Windows\System\UKMJeRw.exe
  C:\Windows\System\UKMJeRw.exe
  2⤵
  PID:6756
- C:\Windows\System\HATcVMy.exe
  C:\Windows\System\HATcVMy.exe
  2⤵
  PID:6776
- C:\Windows\System\waRacpd.exe
  C:\Windows\System\waRacpd.exe
  2⤵
  PID:6796
- C:\Windows\System\JxqOOvC.exe
  C:\Windows\System\JxqOOvC.exe
  2⤵
  PID:6812
- C:\Windows\System\sKEUpZJ.exe
  C:\Windows\System\sKEUpZJ.exe
  2⤵
  PID:6836
- C:\Windows\System\lMmRAQh.exe
  C:\Windows\System\lMmRAQh.exe
  2⤵
  PID:6852
- C:\Windows\System\FdxfcDj.exe
  C:\Windows\System\FdxfcDj.exe
  2⤵
  PID:6884
- C:\Windows\System\vBevugf.exe
  C:\Windows\System\vBevugf.exe
  2⤵
  PID:6900
- C:\Windows\System\HrkBnqL.exe
  C:\Windows\System\HrkBnqL.exe
  2⤵
  PID:6924
- C:\Windows\System\EsEAhky.exe
  C:\Windows\System\EsEAhky.exe
  2⤵
  PID:6940
- C:\Windows\System\nnNZSZj.exe
  C:\Windows\System\nnNZSZj.exe
  2⤵
  PID:6956
- C:\Windows\System\bpLYJMo.exe
  C:\Windows\System\bpLYJMo.exe
  2⤵
  PID:6972
- C:\Windows\System\AjlYioP.exe
  C:\Windows\System\AjlYioP.exe
  2⤵
  PID:6988
- C:\Windows\System\nLcrvkN.exe
  C:\Windows\System\nLcrvkN.exe
  2⤵
  PID:7020
- C:\Windows\System\XkQiZSN.exe
  C:\Windows\System\XkQiZSN.exe
  2⤵
  PID:7040
- C:\Windows\System\oYwVuuw.exe
  C:\Windows\System\oYwVuuw.exe
  2⤵
  PID:7060
- C:\Windows\System\ETtEwBU.exe
  C:\Windows\System\ETtEwBU.exe
  2⤵
  PID:7076
- C:\Windows\System\LXJpHsX.exe
  C:\Windows\System\LXJpHsX.exe
  2⤵
  PID:7092
- C:\Windows\System\VBPbXVS.exe
  C:\Windows\System\VBPbXVS.exe
  2⤵
  PID:7108
- C:\Windows\System\nwFiFSc.exe
  C:\Windows\System\nwFiFSc.exe
  2⤵
  PID:7128
- C:\Windows\System\JrcWrEf.exe
  C:\Windows\System\JrcWrEf.exe
  2⤵
  PID:7144
- C:\Windows\System\kvTTfwL.exe
  C:\Windows\System\kvTTfwL.exe
  2⤵
  PID:5732
- C:\Windows\System\mguWiSM.exe
  C:\Windows\System\mguWiSM.exe
  2⤵
  PID:6164
- C:\Windows\System\ZqZpUWo.exe
  C:\Windows\System\ZqZpUWo.exe
  2⤵
  PID:6204
- C:\Windows\System\DVFqhjJ.exe
  C:\Windows\System\DVFqhjJ.exe
  2⤵
  PID:5348
- C:\Windows\System\XrmEJBC.exe
  C:\Windows\System\XrmEJBC.exe
  2⤵
  PID:5876
- C:\Windows\System\psonAIh.exe
  C:\Windows\System\psonAIh.exe
  2⤵
  PID:5784
- C:\Windows\System\AjaKybM.exe
  C:\Windows\System\AjaKybM.exe
  2⤵
  PID:6180
- C:\Windows\System\vtcNUHk.exe
  C:\Windows\System\vtcNUHk.exe
  2⤵
  PID:6248
- C:\Windows\System\xMcECwG.exe
  C:\Windows\System\xMcECwG.exe
  2⤵
  PID:6276
- C:\Windows\System\dgbCZmU.exe
  C:\Windows\System\dgbCZmU.exe
  2⤵
  PID:6296
- C:\Windows\System\jiFCDPr.exe
  C:\Windows\System\jiFCDPr.exe
  2⤵
  PID:6348
- C:\Windows\System\qLaWHpk.exe
  C:\Windows\System\qLaWHpk.exe
  2⤵
  PID:6384
- C:\Windows\System\TOlchuk.exe
  C:\Windows\System\TOlchuk.exe
  2⤵
  PID:6428
- C:\Windows\System\rypwtTj.exe
  C:\Windows\System\rypwtTj.exe
  2⤵
  PID:6456
- C:\Windows\System\BYXbLgy.exe
  C:\Windows\System\BYXbLgy.exe
  2⤵
  PID:6484
- C:\Windows\System\oCTjkHt.exe
  C:\Windows\System\oCTjkHt.exe
  2⤵
  PID:6512
- C:\Windows\System\rVOedds.exe
  C:\Windows\System\rVOedds.exe
  2⤵
  PID:6548
- C:\Windows\System\UFQBsOx.exe
  C:\Windows\System\UFQBsOx.exe
  2⤵
  PID:6584
- C:\Windows\System\orpPVSN.exe
  C:\Windows\System\orpPVSN.exe
  2⤵
  PID:6612
- C:\Windows\System\OaympaH.exe
  C:\Windows\System\OaympaH.exe
  2⤵
  PID:6664
- C:\Windows\System\HhhHfAI.exe
  C:\Windows\System\HhhHfAI.exe
  2⤵
  PID:6684
- C:\Windows\System\rQzAJyf.exe
  C:\Windows\System\rQzAJyf.exe
  2⤵
  PID:6716
- C:\Windows\System\sDSNSkW.exe
  C:\Windows\System\sDSNSkW.exe
  2⤵
  PID:6752
- C:\Windows\System\vwbqEKl.exe
  C:\Windows\System\vwbqEKl.exe
  2⤵
  PID:6820
- C:\Windows\System\UrlAxSf.exe
  C:\Windows\System\UrlAxSf.exe
  2⤵
  PID:6808
- C:\Windows\System\mNKTAmh.exe
  C:\Windows\System\mNKTAmh.exe
  2⤵
  PID:6764
- C:\Windows\System\vRBosId.exe
  C:\Windows\System\vRBosId.exe
  2⤵
  PID:6876
- C:\Windows\System\iryamtq.exe
  C:\Windows\System\iryamtq.exe
  2⤵
  PID:6908
- C:\Windows\System\cmwutHa.exe
  C:\Windows\System\cmwutHa.exe
  2⤵
  PID:6932
- C:\Windows\System\GOYbvRX.exe
  C:\Windows\System\GOYbvRX.exe
  2⤵
  PID:7000
- C:\Windows\System\WJlsDcK.exe
  C:\Windows\System\WJlsDcK.exe
  2⤵
  PID:6964
- C:\Windows\System\ExnevAu.exe
  C:\Windows\System\ExnevAu.exe
  2⤵
  PID:7016
- C:\Windows\System\cyrkBPu.exe
  C:\Windows\System\cyrkBPu.exe
  2⤵
  PID:7120
- C:\Windows\System\aVecdHT.exe
  C:\Windows\System\aVecdHT.exe
  2⤵
  PID:7072
- C:\Windows\System\ijriNvo.exe
  C:\Windows\System\ijriNvo.exe
  2⤵
  PID:7052
- C:\Windows\System\RJwdgYS.exe
  C:\Windows\System\RJwdgYS.exe
  2⤵
  PID:5604
- C:\Windows\System\LOQedsP.exe
  C:\Windows\System\LOQedsP.exe
  2⤵
  PID:5952
- C:\Windows\System\STwwdXD.exe
  C:\Windows\System\STwwdXD.exe
  2⤵
  PID:6232
- C:\Windows\System\bLjYbVf.exe
  C:\Windows\System\bLjYbVf.exe
  2⤵
  PID:5632
- C:\Windows\System\cjskMHL.exe
  C:\Windows\System\cjskMHL.exe
  2⤵
  PID:6176
- C:\Windows\System\KhXEEjB.exe
  C:\Windows\System\KhXEEjB.exe
  2⤵
  PID:6380
- C:\Windows\System\lETWHxe.exe
  C:\Windows\System\lETWHxe.exe
  2⤵
  PID:6436
- C:\Windows\System\qNRorbL.exe
  C:\Windows\System\qNRorbL.exe
  2⤵
  PID:6312
- C:\Windows\System\bidkhIz.exe
  C:\Windows\System\bidkhIz.exe
  2⤵
  PID:6472
- C:\Windows\System\ktcthNq.exe
  C:\Windows\System\ktcthNq.exe
  2⤵
  PID:6508
- C:\Windows\System\AVUUaRY.exe
  C:\Windows\System\AVUUaRY.exe
  2⤵
  PID:6532
- C:\Windows\System\ArMbvJR.exe
  C:\Windows\System\ArMbvJR.exe
  2⤵
  PID:6596
- C:\Windows\System\pddzIDi.exe
  C:\Windows\System\pddzIDi.exe
  2⤵
  PID:6704
- C:\Windows\System\AYyIthR.exe
  C:\Windows\System\AYyIthR.exe
  2⤵
  PID:6732
- C:\Windows\System\BtyhiBU.exe
  C:\Windows\System\BtyhiBU.exe
  2⤵
  PID:6980
- C:\Windows\System\uxPSVbT.exe
  C:\Windows\System\uxPSVbT.exe
  2⤵
  PID:6996
- C:\Windows\System\fhKeksd.exe
  C:\Windows\System\fhKeksd.exe
  2⤵
  PID:7156
- C:\Windows\System\nunOsNt.exe
  C:\Windows\System\nunOsNt.exe
  2⤵
  PID:5764
- C:\Windows\System\KhDikVw.exe
  C:\Windows\System\KhDikVw.exe
  2⤵
  PID:6920
- C:\Windows\System\GreODts.exe
  C:\Windows\System\GreODts.exe
  2⤵
  PID:6080
- C:\Windows\System\oHTJNSA.exe
  C:\Windows\System\oHTJNSA.exe
  2⤵
  PID:7036
- C:\Windows\System\cfphfhC.exe
  C:\Windows\System\cfphfhC.exe
  2⤵
  PID:7084
- C:\Windows\System\dGhTyaB.exe
  C:\Windows\System\dGhTyaB.exe
  2⤵
  PID:6516
- C:\Windows\System\wDhHjwL.exe
  C:\Windows\System\wDhHjwL.exe
  2⤵
  PID:6220
- C:\Windows\System\iPdDRFA.exe
  C:\Windows\System\iPdDRFA.exe
  2⤵
  PID:5612
- C:\Windows\System\JkmVVtS.exe
  C:\Windows\System\JkmVVtS.exe
  2⤵
  PID:6396
- C:\Windows\System\bhVcWLe.exe
  C:\Windows\System\bhVcWLe.exe
  2⤵
  PID:6568
- C:\Windows\System\nPcjBtu.exe
  C:\Windows\System\nPcjBtu.exe
  2⤵
  PID:6792
- C:\Windows\System\jYDSBEE.exe
  C:\Windows\System\jYDSBEE.exe
  2⤵
  PID:6564
- C:\Windows\System\CYJimCY.exe
  C:\Windows\System\CYJimCY.exe
  2⤵
  PID:7160
- C:\Windows\System\jwTjvVJ.exe
  C:\Windows\System\jwTjvVJ.exe
  2⤵
  PID:5336
- C:\Windows\System\fVNvgWK.exe
  C:\Windows\System\fVNvgWK.exe
  2⤵
  PID:6268
- C:\Windows\System\JLJNjRb.exe
  C:\Windows\System\JLJNjRb.exe
  2⤵
  PID:7100
- C:\Windows\System\QHoVNeq.exe
  C:\Windows\System\QHoVNeq.exe
  2⤵
  PID:7048
- C:\Windows\System\HcBEUVs.exe
  C:\Windows\System\HcBEUVs.exe
  2⤵
  PID:4276
- C:\Windows\System\lCwMFmI.exe
  C:\Windows\System\lCwMFmI.exe
  2⤵
  PID:5888
- C:\Windows\System\jMDhNKw.exe
  C:\Windows\System\jMDhNKw.exe
  2⤵
  PID:6832
- C:\Windows\System\brbtmtQ.exe
  C:\Windows\System\brbtmtQ.exe
  2⤵
  PID:6580
- C:\Windows\System\kOFPBzE.exe
  C:\Windows\System\kOFPBzE.exe
  2⤵
  PID:7028
- C:\Windows\System\CLOdODB.exe
  C:\Windows\System\CLOdODB.exe
  2⤵
  PID:7184
- C:\Windows\System\oSvuutD.exe
  C:\Windows\System\oSvuutD.exe
  2⤵
  PID:7200
- C:\Windows\System\jJgSECI.exe
  C:\Windows\System\jJgSECI.exe
  2⤵
  PID:7240
- C:\Windows\System\KAovPnG.exe
  C:\Windows\System\KAovPnG.exe
  2⤵
  PID:7284
- C:\Windows\System\zqNeSmW.exe
  C:\Windows\System\zqNeSmW.exe
  2⤵
  PID:7300
- C:\Windows\System\FyBUECk.exe
  C:\Windows\System\FyBUECk.exe
  2⤵
  PID:7316
- C:\Windows\System\REJHLOQ.exe
  C:\Windows\System\REJHLOQ.exe
  2⤵
  PID:7344
- C:\Windows\System\LzQXWri.exe
  C:\Windows\System\LzQXWri.exe
  2⤵
  PID:7364
- C:\Windows\System\iSSTxsi.exe
  C:\Windows\System\iSSTxsi.exe
  2⤵
  PID:7380
- C:\Windows\System\jZFOhuc.exe
  C:\Windows\System\jZFOhuc.exe
  2⤵
  PID:7400
- C:\Windows\System\KepZDjN.exe
  C:\Windows\System\KepZDjN.exe
  2⤵
  PID:7416
- C:\Windows\System\fbuMREG.exe
  C:\Windows\System\fbuMREG.exe
  2⤵
  PID:7440
- C:\Windows\System\tuAzgkZ.exe
  C:\Windows\System\tuAzgkZ.exe
  2⤵
  PID:7460
- C:\Windows\System\dabbhQy.exe
  C:\Windows\System\dabbhQy.exe
  2⤵
  PID:7484
- C:\Windows\System\OvvqXgu.exe
  C:\Windows\System\OvvqXgu.exe
  2⤵
  PID:7500
- C:\Windows\System\cinjyLb.exe
  C:\Windows\System\cinjyLb.exe
  2⤵
  PID:7520
- C:\Windows\System\HhDefFn.exe
  C:\Windows\System\HhDefFn.exe
  2⤵
  PID:7544
- C:\Windows\System\vSZWbVO.exe
  C:\Windows\System\vSZWbVO.exe
  2⤵
  PID:7560
- C:\Windows\System\EZLzDbk.exe
  C:\Windows\System\EZLzDbk.exe
  2⤵
  PID:7580
- C:\Windows\System\YhBGyeD.exe
  C:\Windows\System\YhBGyeD.exe
  2⤵
  PID:7608
- C:\Windows\System\SfYPpYy.exe
  C:\Windows\System\SfYPpYy.exe
  2⤵
  PID:7624
- C:\Windows\System\umuYOox.exe
  C:\Windows\System\umuYOox.exe
  2⤵
  PID:7640
- C:\Windows\System\RRRwDNc.exe
  C:\Windows\System\RRRwDNc.exe
  2⤵
  PID:7660
- C:\Windows\System\tTqWBQX.exe
  C:\Windows\System\tTqWBQX.exe
  2⤵
  PID:7688
- C:\Windows\System\HaTiCCu.exe
  C:\Windows\System\HaTiCCu.exe
  2⤵
  PID:7704
- C:\Windows\System\ErWjIcE.exe
  C:\Windows\System\ErWjIcE.exe
  2⤵
  PID:7720
- C:\Windows\System\ESDNCqa.exe
  C:\Windows\System\ESDNCqa.exe
  2⤵
  PID:7736
- C:\Windows\System\VPDpbjg.exe
  C:\Windows\System\VPDpbjg.exe
  2⤵
  PID:7752
- C:\Windows\System\CskXJHL.exe
  C:\Windows\System\CskXJHL.exe
  2⤵
  PID:7768
- C:\Windows\System\VIBkINK.exe
  C:\Windows\System\VIBkINK.exe
  2⤵
  PID:7784
- C:\Windows\System\dcUQuNN.exe
  C:\Windows\System\dcUQuNN.exe
  2⤵
  PID:7804
- C:\Windows\System\YKlSUoz.exe
  C:\Windows\System\YKlSUoz.exe
  2⤵
  PID:7840
- C:\Windows\System\Kzwjcqv.exe
  C:\Windows\System\Kzwjcqv.exe
  2⤵
  PID:7864
- C:\Windows\System\ZPVxpfq.exe
  C:\Windows\System\ZPVxpfq.exe
  2⤵
  PID:7880
- C:\Windows\System\SWFrHYV.exe
  C:\Windows\System\SWFrHYV.exe
  2⤵
  PID:7900
- C:\Windows\System\miCJQmc.exe
  C:\Windows\System\miCJQmc.exe
  2⤵
  PID:7928
- C:\Windows\System\LZfIvcS.exe
  C:\Windows\System\LZfIvcS.exe
  2⤵
  PID:7944
- C:\Windows\System\SFXTwPm.exe
  C:\Windows\System\SFXTwPm.exe
  2⤵
  PID:7960
- C:\Windows\System\RBEuLmK.exe
  C:\Windows\System\RBEuLmK.exe
  2⤵
  PID:7980
- C:\Windows\System\zQdrvBl.exe
  C:\Windows\System\zQdrvBl.exe
  2⤵
  PID:7996
- C:\Windows\System\wSHblJN.exe
  C:\Windows\System\wSHblJN.exe
  2⤵
  PID:8016
- C:\Windows\System\tRPKiZU.exe
  C:\Windows\System\tRPKiZU.exe
  2⤵
  PID:8032
- C:\Windows\System\dWYehAT.exe
  C:\Windows\System\dWYehAT.exe
  2⤵
  PID:8048
- C:\Windows\System\HZcGTIe.exe
  C:\Windows\System\HZcGTIe.exe
  2⤵
  PID:8068
- C:\Windows\System\lDUkMMf.exe
  C:\Windows\System\lDUkMMf.exe
  2⤵
  PID:8084
- C:\Windows\System\nCCWVuE.exe
  C:\Windows\System\nCCWVuE.exe
  2⤵
  PID:8104
- C:\Windows\System\LMNCMps.exe
  C:\Windows\System\LMNCMps.exe
  2⤵
  PID:8124
- C:\Windows\System\zrmdlYw.exe
  C:\Windows\System\zrmdlYw.exe
  2⤵
  PID:8140
- C:\Windows\System\RoBoIaU.exe
  C:\Windows\System\RoBoIaU.exe
  2⤵
  PID:8160
- C:\Windows\System\WBsIqdl.exe
  C:\Windows\System\WBsIqdl.exe
  2⤵
  PID:8180
- C:\Windows\System\KxnWmEg.exe
  C:\Windows\System\KxnWmEg.exe
  2⤵
  PID:6668
- C:\Windows\System\QeBlVwn.exe
  C:\Windows\System\QeBlVwn.exe
  2⤵
  PID:6880
- C:\Windows\System\nlwkkVL.exe
  C:\Windows\System\nlwkkVL.exe
  2⤵
  PID:6768
- C:\Windows\System\xcWGOtw.exe
  C:\Windows\System\xcWGOtw.exe
  2⤵
  PID:7032
- C:\Windows\System\GSKUszr.exe
  C:\Windows\System\GSKUszr.exe
  2⤵
  PID:7228
- C:\Windows\System\MLeBvZx.exe
  C:\Windows\System\MLeBvZx.exe
  2⤵
  PID:7176
- C:\Windows\System\rHkMpck.exe
  C:\Windows\System\rHkMpck.exe
  2⤵
  PID:7208
- C:\Windows\System\YqPrsyf.exe
  C:\Windows\System\YqPrsyf.exe
  2⤵
  PID:7248
- C:\Windows\System\arEbMJm.exe
  C:\Windows\System\arEbMJm.exe
  2⤵
  PID:7292
- C:\Windows\System\QhispnI.exe
  C:\Windows\System\QhispnI.exe
  2⤵
  PID:7340
- C:\Windows\System\yAzQeoc.exe
  C:\Windows\System\yAzQeoc.exe
  2⤵
  PID:7360
- C:\Windows\System\fvOlZPz.exe
  C:\Windows\System\fvOlZPz.exe
  2⤵
  PID:7392
- C:\Windows\System\nYBRypy.exe
  C:\Windows\System\nYBRypy.exe
  2⤵
  PID:7412
- C:\Windows\System\KEYVoXb.exe
  C:\Windows\System\KEYVoXb.exe
  2⤵
  PID:7436
- C:\Windows\System\jdCCJXg.exe
  C:\Windows\System\jdCCJXg.exe
  2⤵
  PID:7476
- C:\Windows\System\ReftiHf.exe
  C:\Windows\System\ReftiHf.exe
  2⤵
  PID:7508
- C:\Windows\System\qcHIhfP.exe
  C:\Windows\System\qcHIhfP.exe
  2⤵
  PID:7536
- C:\Windows\System\nfRZtcq.exe
  C:\Windows\System\nfRZtcq.exe
  2⤵
  PID:6660
- C:\Windows\System\ucIOSeZ.exe
  C:\Windows\System\ucIOSeZ.exe
  2⤵
  PID:7652
- C:\Windows\System\GtLOCfZ.exe
  C:\Windows\System\GtLOCfZ.exe
  2⤵
  PID:7656
- C:\Windows\System\RgnqsLi.exe
  C:\Windows\System\RgnqsLi.exe
  2⤵
  PID:7696
- C:\Windows\System\agpGSar.exe
  C:\Windows\System\agpGSar.exe
  2⤵
  PID:7796
- C:\Windows\System\XCBeJmg.exe
  C:\Windows\System\XCBeJmg.exe
  2⤵
  PID:7800
- C:\Windows\System\qSwNcCK.exe
  C:\Windows\System\qSwNcCK.exe
  2⤵
  PID:7716
- C:\Windows\System\NXnPhug.exe
  C:\Windows\System\NXnPhug.exe
  2⤵
  PID:7848
- C:\Windows\System\dMZDVlf.exe
  C:\Windows\System\dMZDVlf.exe
  2⤵
  PID:7876
- C:\Windows\System\qNElsNE.exe
  C:\Windows\System\qNElsNE.exe
  2⤵
  PID:7892
- C:\Windows\System\bTxllvS.exe
  C:\Windows\System\bTxllvS.exe
  2⤵
  PID:7952
- C:\Windows\System\eJZmdrD.exe
  C:\Windows\System\eJZmdrD.exe
  2⤵
  PID:7992
- C:\Windows\System\WzRbSRo.exe
  C:\Windows\System\WzRbSRo.exe
  2⤵
  PID:8060
- C:\Windows\System\CzVCSxy.exe
  C:\Windows\System\CzVCSxy.exe
  2⤵
  PID:8100
- C:\Windows\System\DbkJEpT.exe
  C:\Windows\System\DbkJEpT.exe
  2⤵
  PID:8148
- C:\Windows\System\cjzcrte.exe
  C:\Windows\System\cjzcrte.exe
  2⤵
  PID:8176
- C:\Windows\System\zhScdvd.exe
  C:\Windows\System\zhScdvd.exe
  2⤵
  PID:8076
- C:\Windows\System\FShrxtl.exe
  C:\Windows\System\FShrxtl.exe
  2⤵
  PID:8188
- C:\Windows\System\smimQLu.exe
  C:\Windows\System\smimQLu.exe
  2⤵
  PID:6648
- C:\Windows\System\oiCHuOH.exe
  C:\Windows\System\oiCHuOH.exe
  2⤵
  PID:7196
- C:\Windows\System\pwYgsHm.exe
  C:\Windows\System\pwYgsHm.exe
  2⤵
  PID:6692
- C:\Windows\System\SStIXZd.exe
  C:\Windows\System\SStIXZd.exe
  2⤵
  PID:6672
- C:\Windows\System\ZvOxAHC.exe
  C:\Windows\System\ZvOxAHC.exe
  2⤵
  PID:7268
- C:\Windows\System\WaspeVP.exe
  C:\Windows\System\WaspeVP.exe
  2⤵
  PID:7136
- C:\Windows\System\DxmVhOn.exe
  C:\Windows\System\DxmVhOn.exe
  2⤵
  PID:7276
- C:\Windows\System\VoSrFTj.exe
  C:\Windows\System\VoSrFTj.exe
  2⤵
  PID:7328
- C:\Windows\System\PVjlfgR.exe
  C:\Windows\System\PVjlfgR.exe
  2⤵
  PID:7408
- C:\Windows\System\SinjVYC.exe
  C:\Windows\System\SinjVYC.exe
  2⤵
  PID:7556
- C:\Windows\System\LYZCoIk.exe
  C:\Windows\System\LYZCoIk.exe
  2⤵
  PID:7352
- C:\Windows\System\cyNrNcN.exe
  C:\Windows\System\cyNrNcN.exe
  2⤵
  PID:7472
- C:\Windows\System\JaoCZOn.exe
  C:\Windows\System\JaoCZOn.exe
  2⤵
  PID:7636
- C:\Windows\System\oLThzIc.exe
  C:\Windows\System\oLThzIc.exe
  2⤵
  PID:7760
- C:\Windows\System\CgHwepA.exe
  C:\Windows\System\CgHwepA.exe
  2⤵
  PID:7820
- C:\Windows\System\FeCGoVv.exe
  C:\Windows\System\FeCGoVv.exe
  2⤵
  PID:7812
- C:\Windows\System\rQazXNJ.exe
  C:\Windows\System\rQazXNJ.exe
  2⤵
  PID:7728
- C:\Windows\System\BROvkKo.exe
  C:\Windows\System\BROvkKo.exe
  2⤵
  PID:7836
- C:\Windows\System\QThLSia.exe
  C:\Windows\System\QThLSia.exe
  2⤵
  PID:7856
- C:\Windows\System\rlCjhin.exe
  C:\Windows\System\rlCjhin.exe
  2⤵
  PID:7912
- C:\Windows\System\mHHswHR.exe
  C:\Windows\System\mHHswHR.exe
  2⤵
  PID:8004
- C:\Windows\System\sLCioVk.exe
  C:\Windows\System\sLCioVk.exe
  2⤵
  PID:8008
- C:\Windows\System\iPUshfp.exe
  C:\Windows\System\iPUshfp.exe
  2⤵
  PID:7972
- C:\Windows\System\kUezXgV.exe
  C:\Windows\System\kUezXgV.exe
  2⤵
  PID:7220
- C:\Windows\System\bgqkMwf.exe
  C:\Windows\System\bgqkMwf.exe
  2⤵
  PID:7496
- C:\Windows\System\MvMqctX.exe
  C:\Windows\System\MvMqctX.exe
  2⤵
  PID:7552
- C:\Windows\System\tjlgKvO.exe
  C:\Windows\System\tjlgKvO.exe
  2⤵
  PID:7152
- C:\Windows\System\trILdYi.exe
  C:\Windows\System\trILdYi.exe
  2⤵
  PID:7280
- C:\Windows\System\NIyAHhL.exe
  C:\Windows\System\NIyAHhL.exe
  2⤵
  PID:5728
- C:\Windows\System\YRKAZhS.exe
  C:\Windows\System\YRKAZhS.exe
  2⤵
  PID:7324
- C:\Windows\System\CZNYUVB.exe
  C:\Windows\System\CZNYUVB.exe
  2⤵
  PID:7588
- C:\Windows\System\WcFnJsH.exe
  C:\Windows\System\WcFnJsH.exe
  2⤵
  PID:7780
- C:\Windows\System\rMnOMAf.exe
  C:\Windows\System\rMnOMAf.exe
  2⤵
  PID:7620
- C:\Windows\System\nuHgLBb.exe
  C:\Windows\System\nuHgLBb.exe
  2⤵
  PID:7816
- C:\Windows\System\GWmrcTM.exe
  C:\Windows\System\GWmrcTM.exe
  2⤵
  PID:8028
- C:\Windows\System\hqeMCjo.exe
  C:\Windows\System\hqeMCjo.exe
  2⤵
  PID:7988
- C:\Windows\System\CDlsurw.exe
  C:\Windows\System\CDlsurw.exe
  2⤵
  PID:8156
- C:\Windows\System\cSNlIVR.exe
  C:\Windows\System\cSNlIVR.exe
  2⤵
  PID:6772
- C:\Windows\System\mgerhsa.exe
  C:\Windows\System\mgerhsa.exe
  2⤵
  PID:7260
- C:\Windows\System\zHwYWqD.exe
  C:\Windows\System\zHwYWqD.exe
  2⤵
  PID:6632
- C:\Windows\System\XOGyKVp.exe
  C:\Windows\System\XOGyKVp.exe
  2⤵
  PID:7272
- C:\Windows\System\GGSrLRO.exe
  C:\Windows\System\GGSrLRO.exe
  2⤵
  PID:7516
- C:\Windows\System\duUkQnV.exe
  C:\Windows\System\duUkQnV.exe
  2⤵
  PID:7428
- C:\Windows\System\aqROoPd.exe
  C:\Windows\System\aqROoPd.exe
  2⤵
  PID:7468
- C:\Windows\System\AAereuB.exe
  C:\Windows\System\AAereuB.exe
  2⤵
  PID:7896
- C:\Windows\System\amIPZOZ.exe
  C:\Windows\System\amIPZOZ.exe
  2⤵
  PID:8056
- C:\Windows\System\eZKeDnv.exe
  C:\Windows\System\eZKeDnv.exe
  2⤵
  PID:6440
- C:\Windows\System\JNdWBcj.exe
  C:\Windows\System\JNdWBcj.exe
  2⤵
  PID:6292
- C:\Windows\System\PcrtOSa.exe
  C:\Windows\System\PcrtOSa.exe
  2⤵
  PID:7540
- C:\Windows\System\wCAAejZ.exe
  C:\Windows\System\wCAAejZ.exe
  2⤵
  PID:8080
- C:\Windows\System\BZrBwGm.exe
  C:\Windows\System\BZrBwGm.exe
  2⤵
  PID:7968
- C:\Windows\System\dTobhTn.exe
  C:\Windows\System\dTobhTn.exe
  2⤵
  PID:7648
- C:\Windows\System\QUxygJB.exe
  C:\Windows\System\QUxygJB.exe
  2⤵
  PID:7388
- C:\Windows\System\cHpFhkL.exe
  C:\Windows\System\cHpFhkL.exe
  2⤵
  PID:8208
- C:\Windows\System\hOzcmaZ.exe
  C:\Windows\System\hOzcmaZ.exe
  2⤵
  PID:8224
- C:\Windows\System\zXRMyEy.exe
  C:\Windows\System\zXRMyEy.exe
  2⤵
  PID:8240
- C:\Windows\System\dDoTznh.exe
  C:\Windows\System\dDoTznh.exe
  2⤵
  PID:8256
- C:\Windows\System\IxGFkNB.exe
  C:\Windows\System\IxGFkNB.exe
  2⤵
  PID:8292
- C:\Windows\System\YIhYoFE.exe
  C:\Windows\System\YIhYoFE.exe
  2⤵
  PID:8320
- C:\Windows\System\GLSdFtf.exe
  C:\Windows\System\GLSdFtf.exe
  2⤵
  PID:8340
- C:\Windows\System\cNyuVQC.exe
  C:\Windows\System\cNyuVQC.exe
  2⤵
  PID:8356
- C:\Windows\System\XZcmJcr.exe
  C:\Windows\System\XZcmJcr.exe
  2⤵
  PID:8372
- C:\Windows\System\ZKJkNcA.exe
  C:\Windows\System\ZKJkNcA.exe
  2⤵
  PID:8396
- C:\Windows\System\lUvbjhz.exe
  C:\Windows\System\lUvbjhz.exe
  2⤵
  PID:8420
- C:\Windows\System\qiLBXHG.exe
  C:\Windows\System\qiLBXHG.exe
  2⤵
  PID:8452
- C:\Windows\System\BcScxzj.exe
  C:\Windows\System\BcScxzj.exe
  2⤵
  PID:8600
- C:\Windows\System\wsWiIox.exe
  C:\Windows\System\wsWiIox.exe
  2⤵
  PID:8620
- C:\Windows\System\jEHJArh.exe
  C:\Windows\System\jEHJArh.exe
  2⤵
  PID:8636
- C:\Windows\System\gppVEyF.exe
  C:\Windows\System\gppVEyF.exe
  2⤵
  PID:8652
- C:\Windows\System\ExVyDmg.exe
  C:\Windows\System\ExVyDmg.exe
  2⤵
  PID:8672
- C:\Windows\System\ORvfANT.exe
  C:\Windows\System\ORvfANT.exe
  2⤵
  PID:8696
- C:\Windows\System\MsRbgJR.exe
  C:\Windows\System\MsRbgJR.exe
  2⤵
  PID:8724
- C:\Windows\System\huaKbZm.exe
  C:\Windows\System\huaKbZm.exe
  2⤵
  PID:8744
- C:\Windows\System\uZqRbRk.exe
  C:\Windows\System\uZqRbRk.exe
  2⤵
  PID:8760
- C:\Windows\System\eFBPFhg.exe
  C:\Windows\System\eFBPFhg.exe
  2⤵
  PID:8776
- C:\Windows\System\QniLuVg.exe
  C:\Windows\System\QniLuVg.exe
  2⤵
  PID:8792
- C:\Windows\System\vjLwlQt.exe
  C:\Windows\System\vjLwlQt.exe
  2⤵
  PID:8812
- C:\Windows\System\JXXYeqi.exe
  C:\Windows\System\JXXYeqi.exe
  2⤵
  PID:8836
- C:\Windows\System\oMLCQJW.exe
  C:\Windows\System\oMLCQJW.exe
  2⤵
  PID:8856
- C:\Windows\System\QPTBsIe.exe
  C:\Windows\System\QPTBsIe.exe
  2⤵
  PID:8872
- C:\Windows\System\dvfIIFQ.exe
  C:\Windows\System\dvfIIFQ.exe
  2⤵
  PID:8888
- C:\Windows\System\WprKySU.exe
  C:\Windows\System\WprKySU.exe
  2⤵
  PID:8920
- C:\Windows\System\FhZeDBZ.exe
  C:\Windows\System\FhZeDBZ.exe
  2⤵
  PID:8940
- C:\Windows\System\lJMFxof.exe
  C:\Windows\System\lJMFxof.exe
  2⤵
  PID:8984
- C:\Windows\System\geCJacW.exe
  C:\Windows\System\geCJacW.exe
  2⤵
  PID:9000
- C:\Windows\System\ffEvdfQ.exe
  C:\Windows\System\ffEvdfQ.exe
  2⤵
  PID:9016
- C:\Windows\System\TWoIQyK.exe
  C:\Windows\System\TWoIQyK.exe
  2⤵
  PID:9048
- C:\Windows\System\vcJSgOu.exe
  C:\Windows\System\vcJSgOu.exe
  2⤵
  PID:9064
- C:\Windows\System\LPnGlwa.exe
  C:\Windows\System\LPnGlwa.exe
  2⤵
  PID:9080
- C:\Windows\System\HfuoNFg.exe
  C:\Windows\System\HfuoNFg.exe
  2⤵
  PID:9104
- C:\Windows\System\LkFrBYI.exe
  C:\Windows\System\LkFrBYI.exe
  2⤵
  PID:9124
- C:\Windows\System\OzXJKGt.exe
  C:\Windows\System\OzXJKGt.exe
  2⤵
  PID:9140
- C:\Windows\System\BpfaYsS.exe
  C:\Windows\System\BpfaYsS.exe
  2⤵
  PID:9164
- C:\Windows\System\yBGqmPS.exe
  C:\Windows\System\yBGqmPS.exe
  2⤵
  PID:9184
- C:\Windows\System\PtIuPtk.exe
  C:\Windows\System\PtIuPtk.exe
  2⤵
  PID:9200
- C:\Windows\System\GVfRNYr.exe
  C:\Windows\System\GVfRNYr.exe
  2⤵
  PID:7712
- C:\Windows\System\ZwAUZVN.exe
  C:\Windows\System\ZwAUZVN.exe
  2⤵
  PID:8248
- C:\Windows\System\ofanaOz.exe
  C:\Windows\System\ofanaOz.exe
  2⤵
  PID:8200
- C:\Windows\System\zoQagXa.exe
  C:\Windows\System\zoQagXa.exe
  2⤵
  PID:8280
- C:\Windows\System\JPjWfZZ.exe
  C:\Windows\System\JPjWfZZ.exe
  2⤵
  PID:8300
- C:\Windows\System\aWqAggu.exe
  C:\Windows\System\aWqAggu.exe
  2⤵
  PID:8312
- C:\Windows\System\LicszbT.exe
  C:\Windows\System\LicszbT.exe
  2⤵
  PID:8328
- C:\Windows\System\rAlsqgo.exe
  C:\Windows\System\rAlsqgo.exe
  2⤵
  PID:8364
- C:\Windows\System\YlCAMbh.exe
  C:\Windows\System\YlCAMbh.exe
  2⤵
  PID:8412
- C:\Windows\System\XEEAuQa.exe
  C:\Windows\System\XEEAuQa.exe
  2⤵
  PID:8436
- C:\Windows\System\OCiorJi.exe
  C:\Windows\System\OCiorJi.exe
  2⤵
  PID:8472
- C:\Windows\System\RrNDbqD.exe
  C:\Windows\System\RrNDbqD.exe
  2⤵
  PID:8524
- C:\Windows\System\HbjpfyC.exe
  C:\Windows\System\HbjpfyC.exe
  2⤵
  PID:8548
- C:\Windows\System\BzAHKYX.exe
  C:\Windows\System\BzAHKYX.exe
  2⤵
  PID:7376
- C:\Windows\System\yYGumfa.exe
  C:\Windows\System\yYGumfa.exe
  2⤵
  PID:8596
- C:\Windows\System\zYeBGDe.exe
  C:\Windows\System\zYeBGDe.exe
  2⤵
  PID:2120
- C:\Windows\System\gxSflow.exe
  C:\Windows\System\gxSflow.exe
  2⤵
  PID:8612
- C:\Windows\System\MLklgma.exe
  C:\Windows\System\MLklgma.exe
  2⤵
  PID:8632
- C:\Windows\System\QWptUjt.exe
  C:\Windows\System\QWptUjt.exe
  2⤵
  PID:8684
- C:\Windows\System\IZjWsAh.exe
  C:\Windows\System\IZjWsAh.exe
  2⤵
  PID:8720
- C:\Windows\System\uKGDxoz.exe
  C:\Windows\System\uKGDxoz.exe
  2⤵
  PID:8772
- C:\Windows\System\HgejAwx.exe
  C:\Windows\System\HgejAwx.exe
  2⤵
  PID:8736
- C:\Windows\System\HPAEbzB.exe
  C:\Windows\System\HPAEbzB.exe
  2⤵
  PID:8828
- C:\Windows\System\TWAMrPE.exe
  C:\Windows\System\TWAMrPE.exe
  2⤵
  PID:8880
- C:\Windows\System\glLgKpf.exe
  C:\Windows\System\glLgKpf.exe
  2⤵
  PID:8912
- C:\Windows\System\nnMiftW.exe
  C:\Windows\System\nnMiftW.exe
  2⤵
  PID:8936
- C:\Windows\System\guWjrCM.exe
  C:\Windows\System\guWjrCM.exe
  2⤵
  PID:8964
- C:\Windows\System\mUpBBPL.exe
  C:\Windows\System\mUpBBPL.exe
  2⤵
  PID:8992
- C:\Windows\System\tIaeEAY.exe
  C:\Windows\System\tIaeEAY.exe
  2⤵
  PID:9012
- C:\Windows\System\EJHByPK.exe
  C:\Windows\System\EJHByPK.exe
  2⤵
  PID:8900
- C:\Windows\System\zLaoNef.exe
  C:\Windows\System\zLaoNef.exe
  2⤵
  PID:9072
- C:\Windows\System\NafcYkn.exe
  C:\Windows\System\NafcYkn.exe
  2⤵
  PID:9100
- C:\Windows\System\Rxikzpk.exe
  C:\Windows\System\Rxikzpk.exe
  2⤵
  PID:9148
- C:\Windows\System\dVuZhEO.exe
  C:\Windows\System\dVuZhEO.exe
  2⤵
  PID:9152
- C:\Windows\System\gRpdYcc.exe
  C:\Windows\System\gRpdYcc.exe
  2⤵
  PID:8316
- C:\Windows\System\jteKjSG.exe
  C:\Windows\System\jteKjSG.exe
  2⤵
  PID:8416
- C:\Windows\System\nLvwxBz.exe
  C:\Windows\System\nLvwxBz.exe
  2⤵
  PID:9176
- C:\Windows\System\hcoEbNq.exe
  C:\Windows\System\hcoEbNq.exe
  2⤵
  PID:8444
- C:\Windows\System\LIoTPJn.exe
  C:\Windows\System\LIoTPJn.exe
  2⤵
  PID:8336
- C:\Windows\System\AyYPvnM.exe
  C:\Windows\System\AyYPvnM.exe
  2⤵
  PID:8464
- C:\Windows\System\XQtkhMj.exe
  C:\Windows\System\XQtkhMj.exe
  2⤵
  PID:8496
- C:\Windows\System\PKuYurH.exe
  C:\Windows\System\PKuYurH.exe
  2⤵
  PID:8572
- C:\Windows\System\EFgJyjb.exe
  C:\Windows\System\EFgJyjb.exe
  2⤵
  PID:956
- C:\Windows\System\xKTplVe.exe
  C:\Windows\System\xKTplVe.exe
  2⤵
  PID:8660
- C:\Windows\System\zSmxYzT.exe
  C:\Windows\System\zSmxYzT.exe
  2⤵
  PID:940
- C:\Windows\System\TBReeCb.exe
  C:\Windows\System\TBReeCb.exe
  2⤵
  PID:8768
- C:\Windows\System\HOfArii.exe
  C:\Windows\System\HOfArii.exe
  2⤵
  PID:8712
- C:\Windows\System\MaabrIl.exe
  C:\Windows\System\MaabrIl.exe
  2⤵
  PID:8808
- C:\Windows\System\frRYOAx.exe
  C:\Windows\System\frRYOAx.exe
  2⤵
  PID:8904
- C:\Windows\System\uxoaIeR.exe
  C:\Windows\System\uxoaIeR.exe
  2⤵
  PID:8976
- C:\Windows\System\OoOgUed.exe
  C:\Windows\System\OoOgUed.exe
  2⤵
  PID:9032
- C:\Windows\System\XvMDrqT.exe
  C:\Windows\System\XvMDrqT.exe
  2⤵
  PID:9112
- C:\Windows\System\ZnODdxv.exe
  C:\Windows\System\ZnODdxv.exe
  2⤵
  PID:9160
- C:\Windows\System\xXhAAoF.exe
  C:\Windows\System\xXhAAoF.exe
  2⤵
  PID:9060
- C:\Windows\System\zDQBYAg.exe
  C:\Windows\System\zDQBYAg.exe
  2⤵
  PID:8308
- C:\Windows\System\ubSsDkv.exe
  C:\Windows\System\ubSsDkv.exe
  2⤵
  PID:8236
- C:\Windows\System\CDGWICv.exe
  C:\Windows\System\CDGWICv.exe
  2⤵
  PID:7916
- C:\Windows\System\YxWNJMv.exe
  C:\Windows\System\YxWNJMv.exe
  2⤵
  PID:8448
- C:\Windows\System\wVERpop.exe
  C:\Windows\System\wVERpop.exe
  2⤵
  PID:8516
- C:\Windows\System\lHyCqfc.exe
  C:\Windows\System\lHyCqfc.exe
  2⤵
  PID:8528
- C:\Windows\System\SBUecPB.exe
  C:\Windows\System\SBUecPB.exe
  2⤵
  PID:8568
- C:\Windows\System\UUgzZXm.exe
  C:\Windows\System\UUgzZXm.exe
  2⤵
  PID:8688
- C:\Windows\System\UQPxVHW.exe
  C:\Windows\System\UQPxVHW.exe
  2⤵
  PID:8564
- C:\Windows\System\SsiarFx.exe
  C:\Windows\System\SsiarFx.exe
  2⤵
  PID:8868
- C:\Windows\System\OrKBmyp.exe
  C:\Windows\System\OrKBmyp.exe
  2⤵
  PID:8852
- C:\Windows\System\cfviPYG.exe
  C:\Windows\System\cfviPYG.exe
  2⤵
  PID:8220
- C:\Windows\System\GGlRhmB.exe
  C:\Windows\System\GGlRhmB.exe
  2⤵
  PID:9040
- C:\Windows\System\VqSKSEr.exe
  C:\Windows\System\VqSKSEr.exe
  2⤵
  PID:8276
- C:\Windows\System\IpDHNTD.exe
  C:\Windows\System\IpDHNTD.exe
  2⤵
  PID:8488
- C:\Windows\System\sumeqdZ.exe
  C:\Windows\System\sumeqdZ.exe
  2⤵
  PID:8708
- C:\Windows\System\VEbsnuE.exe
  C:\Windows\System\VEbsnuE.exe
  2⤵
  PID:8540
- C:\Windows\System\uKrYnlg.exe
  C:\Windows\System\uKrYnlg.exe
  2⤵
  PID:8732
- C:\Windows\System\CeQOvpm.exe
  C:\Windows\System\CeQOvpm.exe
  2⤵
  PID:8864
- C:\Windows\System\zeHGPOK.exe
  C:\Windows\System\zeHGPOK.exe
  2⤵
  PID:9056
- C:\Windows\System\lzGAAkA.exe
  C:\Windows\System\lzGAAkA.exe
  2⤵
  PID:9028
- C:\Windows\System\YUrPMmr.exe
  C:\Windows\System\YUrPMmr.exe
  2⤵
  PID:8476
- C:\Windows\System\ObFmfto.exe
  C:\Windows\System\ObFmfto.exe
  2⤵
  PID:8704
- C:\Windows\System\MgRWPGS.exe
  C:\Windows\System\MgRWPGS.exe
  2⤵
  PID:8552
- C:\Windows\System\eluSOCm.exe
  C:\Windows\System\eluSOCm.exe
  2⤵
  PID:8788
- C:\Windows\System\uQsjsex.exe
  C:\Windows\System\uQsjsex.exe
  2⤵
  PID:8428
- C:\Windows\System\XGdJshl.exe
  C:\Windows\System\XGdJshl.exe
  2⤵
  PID:8648
- C:\Windows\System\SRmtEsF.exe
  C:\Windows\System\SRmtEsF.exe
  2⤵
  PID:8368
- C:\Windows\System\HrMkSyW.exe
  C:\Windows\System\HrMkSyW.exe
  2⤵
  PID:8264
- C:\Windows\System\ctvSzoL.exe
  C:\Windows\System\ctvSzoL.exe
  2⤵
  PID:9196
- C:\Windows\System\hrfhNJs.exe
  C:\Windows\System\hrfhNJs.exe
  2⤵
  PID:9132
- C:\Windows\System\dByRcSy.exe
  C:\Windows\System\dByRcSy.exe
  2⤵
  PID:9228
- C:\Windows\System\qXdUnsa.exe
  C:\Windows\System\qXdUnsa.exe
  2⤵
  PID:9244
- C:\Windows\System\LPIzrXk.exe
  C:\Windows\System\LPIzrXk.exe
  2⤵
  PID:9264
- C:\Windows\System\xDeoFgj.exe
  C:\Windows\System\xDeoFgj.exe
  2⤵
  PID:9284
- C:\Windows\System\FjVFlBQ.exe
  C:\Windows\System\FjVFlBQ.exe
  2⤵
  PID:9320
- C:\Windows\System\qxpLtzY.exe
  C:\Windows\System\qxpLtzY.exe
  2⤵
  PID:9340
- C:\Windows\System\kDCbLTd.exe
  C:\Windows\System\kDCbLTd.exe
  2⤵
  PID:9360
- C:\Windows\System\mbpuMDL.exe
  C:\Windows\System\mbpuMDL.exe
  2⤵
  PID:9376
- C:\Windows\System\luTYcua.exe
  C:\Windows\System\luTYcua.exe
  2⤵
  PID:9392
- C:\Windows\System\rhePvMO.exe
  C:\Windows\System\rhePvMO.exe
  2⤵
  PID:9408
- C:\Windows\System\eTVBXkg.exe
  C:\Windows\System\eTVBXkg.exe
  2⤵
  PID:9428
- C:\Windows\System\tmBqpcA.exe
  C:\Windows\System\tmBqpcA.exe
  2⤵
  PID:9452
- C:\Windows\System\TMldVgR.exe
  C:\Windows\System\TMldVgR.exe
  2⤵
  PID:9480
- C:\Windows\System\davHnYn.exe
  C:\Windows\System\davHnYn.exe
  2⤵
  PID:9496
- C:\Windows\System\nQTKUqz.exe
  C:\Windows\System\nQTKUqz.exe
  2⤵
  PID:9512
- C:\Windows\System\kZvymTa.exe
  C:\Windows\System\kZvymTa.exe
  2⤵
  PID:9532
- C:\Windows\System\MxOmoTP.exe
  C:\Windows\System\MxOmoTP.exe
  2⤵
  PID:9556
- C:\Windows\System\ZOklRVi.exe
  C:\Windows\System\ZOklRVi.exe
  2⤵
  PID:9576
- C:\Windows\System\EhweGdr.exe
  C:\Windows\System\EhweGdr.exe
  2⤵
  PID:9592
- C:\Windows\System\fjfxEJA.exe
  C:\Windows\System\fjfxEJA.exe
  2⤵
  PID:9608
- C:\Windows\System\SKHHeof.exe
  C:\Windows\System\SKHHeof.exe
  2⤵
  PID:9624
- C:\Windows\System\vkNQZYM.exe
  C:\Windows\System\vkNQZYM.exe
  2⤵
  PID:9640
- C:\Windows\System\gnOLXuU.exe
  C:\Windows\System\gnOLXuU.exe
  2⤵
  PID:9668
- C:\Windows\System\fOdpZXc.exe
  C:\Windows\System\fOdpZXc.exe
  2⤵
  PID:9704
- C:\Windows\System\RhuqqXH.exe
  C:\Windows\System\RhuqqXH.exe
  2⤵
  PID:9720
- C:\Windows\System\uBpIZve.exe
  C:\Windows\System\uBpIZve.exe
  2⤵
  PID:9744
- C:\Windows\System\GOUSpfy.exe
  C:\Windows\System\GOUSpfy.exe
  2⤵
  PID:9764
- C:\Windows\System\SMhopKv.exe
  C:\Windows\System\SMhopKv.exe
  2⤵
  PID:9780
- C:\Windows\System\wPjBFMR.exe
  C:\Windows\System\wPjBFMR.exe
  2⤵
  PID:9800
- C:\Windows\System\gQppeZi.exe
  C:\Windows\System\gQppeZi.exe
  2⤵
  PID:9824
- C:\Windows\System\EtbEUkR.exe
  C:\Windows\System\EtbEUkR.exe
  2⤵
  PID:9844
- C:\Windows\System\znOaupZ.exe
  C:\Windows\System\znOaupZ.exe
  2⤵
  PID:9860
- C:\Windows\System\EpWiKZJ.exe
  C:\Windows\System\EpWiKZJ.exe
  2⤵
  PID:9876
- C:\Windows\System\aDCHhRe.exe
  C:\Windows\System\aDCHhRe.exe
  2⤵
  PID:9896
- C:\Windows\System\btkFhyy.exe
  C:\Windows\System\btkFhyy.exe
  2⤵
  PID:9916
- C:\Windows\System\CnrHdry.exe
  C:\Windows\System\CnrHdry.exe
  2⤵
  PID:9936
- C:\Windows\System\kHhNCvw.exe
  C:\Windows\System\kHhNCvw.exe
  2⤵
  PID:9964
- C:\Windows\System\rFFFevo.exe
  C:\Windows\System\rFFFevo.exe
  2⤵
  PID:9984
- C:\Windows\System\LHkTuTc.exe
  C:\Windows\System\LHkTuTc.exe
  2⤵
  PID:10000
- C:\Windows\System\YVhhpAm.exe
  C:\Windows\System\YVhhpAm.exe
  2⤵
  PID:10024
- C:\Windows\System\skXTORr.exe
  C:\Windows\System\skXTORr.exe
  2⤵
  PID:10040
- C:\Windows\System\WQZkOdM.exe
  C:\Windows\System\WQZkOdM.exe
  2⤵
  PID:10060
- C:\Windows\System\PjLtuxe.exe
  C:\Windows\System\PjLtuxe.exe
  2⤵
  PID:10084
- C:\Windows\System\qsLJZpz.exe
  C:\Windows\System\qsLJZpz.exe
  2⤵
  PID:10108
- C:\Windows\System\uibIIgG.exe
  C:\Windows\System\uibIIgG.exe
  2⤵
  PID:10128
- C:\Windows\System\GmHpAaU.exe
  C:\Windows\System\GmHpAaU.exe
  2⤵
  PID:10144
- C:\Windows\System\WkBeKOb.exe
  C:\Windows\System\WkBeKOb.exe
  2⤵
  PID:10160
- C:\Windows\System\AJPuWBK.exe
  C:\Windows\System\AJPuWBK.exe
  2⤵
  PID:10180
- C:\Windows\System\ZParotR.exe
  C:\Windows\System\ZParotR.exe
  2⤵
  PID:10196
- C:\Windows\System\LvHIybE.exe
  C:\Windows\System\LvHIybE.exe
  2⤵
  PID:10220
- C:\Windows\System\PaVqrph.exe
  C:\Windows\System\PaVqrph.exe
  2⤵
  PID:9252
- C:\Windows\System\zfAblxv.exe
  C:\Windows\System\zfAblxv.exe
  2⤵
  PID:9280
- C:\Windows\System\DEbhjlq.exe
  C:\Windows\System\DEbhjlq.exe
  2⤵
  PID:9092
- C:\Windows\System\iyMyFrP.exe
  C:\Windows\System\iyMyFrP.exe
  2⤵
  PID:9304
- C:\Windows\System\jYLkXIm.exe
  C:\Windows\System\jYLkXIm.exe
  2⤵
  PID:9336
- C:\Windows\System\AcdivUE.exe
  C:\Windows\System\AcdivUE.exe
  2⤵
  PID:9388
- C:\Windows\System\hHafXnb.exe
  C:\Windows\System\hHafXnb.exe
  2⤵
  PID:9404
- C:\Windows\System\WWmGEua.exe
  C:\Windows\System\WWmGEua.exe
  2⤵
  PID:9464
- C:\Windows\System\ISWALUu.exe
  C:\Windows\System\ISWALUu.exe
  2⤵
  PID:9400
- C:\Windows\System\uNBjVPA.exe
  C:\Windows\System\uNBjVPA.exe
  2⤵
  PID:9548
- C:\Windows\System\HPyeeHT.exe
  C:\Windows\System\HPyeeHT.exe
  2⤵
  PID:9588
- C:\Windows\System\gGDOQJZ.exe
  C:\Windows\System\gGDOQJZ.exe
  2⤵
  PID:9656
- C:\Windows\System\TBhcrZk.exe
  C:\Windows\System\TBhcrZk.exe
  2⤵
  PID:9676
- C:\Windows\System\uOryOFD.exe
  C:\Windows\System\uOryOFD.exe
  2⤵
  PID:9528
- C:\Windows\System\ZpFDYEF.exe
  C:\Windows\System\ZpFDYEF.exe
  2⤵
  PID:9680
- C:\Windows\System\SGLMSjS.exe
  C:\Windows\System\SGLMSjS.exe
  2⤵
  PID:9692
- C:\Windows\System\enLMsXB.exe
  C:\Windows\System\enLMsXB.exe
  2⤵
  PID:9752
- C:\Windows\System\jUKZRAO.exe
  C:\Windows\System\jUKZRAO.exe
  2⤵
  PID:9788
- C:\Windows\System\YbzlWnY.exe
  C:\Windows\System\YbzlWnY.exe
  2⤵
  PID:9808
- C:\Windows\System\LdzWkkt.exe
  C:\Windows\System\LdzWkkt.exe
  2⤵
  PID:9836
- C:\Windows\System\XjNqrkW.exe
  C:\Windows\System\XjNqrkW.exe
  2⤵
  PID:9884
- C:\Windows\System\xrghUtP.exe
  C:\Windows\System\xrghUtP.exe
  2⤵
  PID:9924
- C:\Windows\System\FBGRJEA.exe
  C:\Windows\System\FBGRJEA.exe
  2⤵
  PID:9948
- C:\Windows\System\kpiXzRc.exe
  C:\Windows\System\kpiXzRc.exe
  2⤵
  PID:9992
- C:\Windows\System\atStLDi.exe
  C:\Windows\System\atStLDi.exe
  2⤵
  PID:10016
- C:\Windows\System\WTKRCYf.exe
  C:\Windows\System\WTKRCYf.exe
  2⤵
  PID:10036
- C:\Windows\System\yvSGOwr.exe
  C:\Windows\System\yvSGOwr.exe
  2⤵
  PID:10076
- C:\Windows\System\oughmUi.exe
  C:\Windows\System\oughmUi.exe
  2⤵
  PID:10100
- C:\Windows\System\DkZKjEH.exe
  C:\Windows\System\DkZKjEH.exe
  2⤵
  PID:10140
- C:\Windows\System\UEqDUQh.exe
  C:\Windows\System\UEqDUQh.exe
  2⤵
  PID:10176
- C:\Windows\System\hEiuAVa.exe
  C:\Windows\System\hEiuAVa.exe
  2⤵
  PID:10228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BeOvLOa.exe

Filesize
6.0MB

MD5
086ed0358a5d5ea842cc28a6fb23952b

SHA1
6618da1d8eb85640dcdd316a297d2466c34bb2c5

SHA256
53056c1895580f0bb96f06aeaf87a2ea41cdb7b5634cd7de6c38ce23768c3f6f

SHA512
d3f7fcbcb4f53cc7b8170f280bd86ff14037d5dc5ab93d398914d05a309c54b15d0ae229758c944199c8acfa6d0acdd9ebb666a69beb0a93cb14a647398222ae

Download Submit
C:\Windows\system\ETYbLwV.exe

Filesize
6.0MB

MD5
3c0a110a5cc1a91bc6fa91a29f27d3ee

SHA1
4f0024a9b338a3074e1197b3a28d37cd965e4a45

SHA256
5c7ee8f5953d8a95b6e7cb519572cdd4905b1ce94e01eab0ba7ada04d76801b2

SHA512
eaa34e0b92d7a58fad35df21299a24068a7af4b280863df756c243dd6c55cf1759a5f86aa00f0cfc779dd9b3d6a5a2393c02fecf975e7e380de7220309b58ce3

Download Submit
C:\Windows\system\EiZmLOl.exe

Filesize
6.0MB

MD5
6015b6132e712d0a89ebcc32d7503220

SHA1
87947eefed7ee62aef8914beeb6e3b38938b5b63

SHA256
71a881bab64ab505d8bc61886d0d6430e900557e34ba9066fe42ad451ee7bb0b

SHA512
bdb8b0a4a298ee17823653b4772fbca0e64a87d6007b9195479e14b295f3853acb28a625c3c165d8f1b309422d94129e75256f6f326e2f570abff99c6081c126

Download Submit
C:\Windows\system\GaybjtZ.exe

Filesize
6.0MB

MD5
6a0b9676aca6c7f0172bf79f4aa5223c

SHA1
5406aba169b9c68859f7f9e748d1ca3998e132da

SHA256
e98af693fee5ec5b885cd9c3e6f628328d2f8f2d0a87b2404baedcaf37863b70

SHA512
8270e4da4c46a1d3e8bf2923071f16af9c7fbce1854211d8167004afd13023741578fa2ae5f4eb5efbcb2c4e1462bfe430533c8f7926006bdcefc081f14d3f8a

Download Submit
C:\Windows\system\HuwnTIz.exe

Filesize
6.0MB

MD5
c93d90479d7247fc21b1550d9212f8e4

SHA1
d31776ccb4883cebd28e98948e02417eb843d109

SHA256
5e99efac04ac02c9a06acb4e7f006372c4f3781403235aa5a6ec870c8220d7f6

SHA512
1690c7eca4c0f3d53209b1ece9911bafb413ae8e9ca235b8922e22b53e8bb8e9ad7493b3ff15f8a518b526cd5452126e3ac7224cc9dfd170c84a7e8c23dfa4da

Download Submit
C:\Windows\system\NrFGGSD.exe

Filesize
6.0MB

MD5
ac739a0922a11da6bc497808041a1772

SHA1
b12c341cee1e5e923548a4d1d7f8280a2a680790

SHA256
a4b12d391169acef9e97b73566c67e64a2ca1b0288f651f3c8300ce39107768e

SHA512
b4af64db523f41afd436c7604e767e104d044dc80ff73959191212653d2c494a717c1b47e5bf1c751823d659873f45d204cd5586eca1b0f8ffc29bfbc66e6274

Download Submit
C:\Windows\system\QlKkJqH.exe

Filesize
6.0MB

MD5
c835d0c42675436d4ab7853542de6835

SHA1
aac05484130e0bf1152ffb7a5987adc17b05c7ce

SHA256
96fc3e5cc27f30b5f5eade8b898d917e16cd2ce6105d17880979fc72d8f1f6d4

SHA512
31156b5d1306522b1a8906425ce67f4b4318b93c2bd14ef0691bad354ec707d04b7dda90d27791a830fb2c2fbd21715f3b48c2af9c8b85bc7f884ceb85ff290f

Download Submit
C:\Windows\system\RrDxdjF.exe

Filesize
6.0MB

MD5
f3806f66a712421508a5fd20f3c15036

SHA1
65911d8977fac5603c2c93b4c8a0bac32f17f094

SHA256
6d28fcc3805329849faa27147a2307b0ae44630eb5efc38130496c265d56ecbb

SHA512
d1cb90cbc7c21bce9c6d4641adabaea5e7ebc1a694925e98509b8908855cd006d07496fea8fd10c24a7ec91b761911541f45564e37b62eedebf255d12253c4ae

Download Submit
C:\Windows\system\SYQWvOp.exe

Filesize
6.0MB

MD5
a0ee7b10055e866ae76b18077189b129

SHA1
14f4bf22fc774ff3e1de1c933e1874f7cbcdb83f

SHA256
2a684e9d558883dc8bd92b8ea3f3cb98e1042ffda4aca0791aed07f37f35f776

SHA512
21dcc3baf7ad6b8e9aa74bae82ad4a794fc1053dadb1d606b1bbb2aa52e449680653c51a2e662ff353d3a07226dedcd4cec3157a97f5ac78bb9c4fc8d77ccf21

Download Submit
C:\Windows\system\UQclEBC.exe

Filesize
6.0MB

MD5
709bc38d5e7179ab97d45bc6de633f7b

SHA1
10baab047a02f0f26cc5efcef49c4ff3107247dc

SHA256
0b8fca851cabe4f60123e154f1e4eec9825c3b18bdc1ec5dc09f816a9e2e1ba6

SHA512
0caff1ee7b6798e5718a37e7fa3f8b30c95f197b04c8d6b422aa8418eb8f35e533f587cc4c066e49d535ed6ec1729cc06f959034adb648c4cd96fa4d13bce008

Download Submit
C:\Windows\system\VNffDfu.exe

Filesize
6.0MB

MD5
7d81470582aba67d900447bb9dba1a3c

SHA1
a828e4749e729e6c088c4135b262d4878b4cb12b

SHA256
1f47f43c7f75351c948350f91897521aeb022a3d97aef434bf95bf7e9fa39037

SHA512
762cf8aaf13517d4b2745fe27103013b585f2f6faba794b2fd86f5857581bfe7e7b7bf53cd370da4c0c71e7fce5f82e31862ce75ea95e8e734b41038a6e7d43a

Download Submit
C:\Windows\system\VPKzWfW.exe

Filesize
6.0MB

MD5
dc4e73bf69a46e2047e33ac20a0da13e

SHA1
55d150bf08cb95fe68c0c56e11704011c7465559

SHA256
62e17f0bbaa74de0275cec92f24aaf4f4f9e8ab39d4ee41cc13fc94e65911fca

SHA512
ea472a7c2d25be13be75f43458730e83d3b086e5fd32a22f4e319d8bedc4e2afca1c8afa2782ff6678fa78dc263a251708cc02bacc1d24a2be6a06f104027528

Download Submit
C:\Windows\system\ZELKLWA.exe

Filesize
6.0MB

MD5
5fbc39c4931a5a0ae0458130aaa1165c

SHA1
2ab356499ecb4a612df3de5ce6e936edd22c1eea

SHA256
f49c909a527fbeec11ddbdd12f3b6f3c96706d38421b987bf1d530970983d67a

SHA512
03ab0ebfba6da0aeeea75aaece77f0734755b2de8a23769766797391aed097da75e9a0f505cb09d7a9e3bcd85291360cd6f8fa19ddeb2c5a7f490dfdb4beb45c

Download Submit
C:\Windows\system\ZZOulaW.exe

Filesize
6.0MB

MD5
a14e086d14f9733c86f30da023045200

SHA1
f85963b87df5376c05e9ceecc7aa0990b7aaf813

SHA256
56cf1891cb02004401f003c30a2596ea935a688a5024fda44b452a024de6c881

SHA512
9f4b6281cbc3ca8f13838d6099083c8c4726dae9b59a75e75de9888c82f9de9b9b89d3bb3847a8d75a81ec608fec4d21fbca655ff37ddf2169d1e8108105fe83

Download Submit
C:\Windows\system\bDEIyEm.exe

Filesize
6.0MB

MD5
00c721d09c39568a851ef62c8b5d5558

SHA1
d88e2b19572758ddc15ccb929022a10eab623f3f

SHA256
719994e6cf1a431c964f545a0c5eb2483f19c663c3566f2cd78dcb8b77e3755d

SHA512
e4e7401f28a4f1e4768ca8f70e5f57b06b8f5191976fcf7075ecd176991b0e6fa4728f53c98f4f2b25cf262a635beccae10723e65ad2d3fe3a36decaf8ae0e84

Download Submit
C:\Windows\system\cvqrCbQ.exe

Filesize
6.0MB

MD5
ead186f28b54948056e98dbd3e05609a

SHA1
361d691c7ccdf5f2be75eb458cd1ae5b171588d8

SHA256
1c64b6ffad29e55d68023200161c7638d3e65b5772b2413fd462f80248235303

SHA512
5a5c1cf2081a0d2132be0cdde0ffd66244fed7c3e9bff74378aa477845a5dcc484fd17e6b04441e88adcee73f23f6753a1d41b40f2741c4e56acb368363550a1

Download Submit
C:\Windows\system\dyOKuPt.exe

Filesize
6.0MB

MD5
1cb0b0db4e7753b2cb184e3ccc8a561c

SHA1
2ea7310ad118f1c5282b29a8339f61410daa2e0c

SHA256
b4fbf18ae024812cfcd9bc2433d41574cc17385832e8b9a294f3aab2461290a4

SHA512
1b4765154ea5a7acecbe4975fde9e9d63467c0b7801d49ffc121d8a828bd50b4968d6bbd60184163df8a11cfa116363fe1ca096e8de58c19222cf8c0c829992d

Download Submit
C:\Windows\system\gIZLxYE.exe

Filesize
6.0MB

MD5
a16b10e6d42c9d185fb9a8dd87d74b24

SHA1
abfc3f9ad0c8eaf068a71830c535515a93d13eee

SHA256
a891969c2674456d92504a25a48e5b994fe710c65544e0486e803c857deb70b7

SHA512
f52680876d24ef1c8ac4a34322d341d1bf9fa4597c4b6fdeec8dd04e44aac05ab01bde64e36e1b89db669094e69b2deefb943521705224a663a97e8a603f7575

Download Submit
C:\Windows\system\hXnkyQr.exe

Filesize
6.0MB

MD5
3570cad75e3cc21d171ea9229f918c65

SHA1
7074791e5c10c2b569353252c6b7ec4d54872560

SHA256
93f83936cd7d94b7b9703037e43aca544a4ef6e8c4997941a03345200904dcbb

SHA512
49758bdaf4477c3659e3f4ec6f5776072a5fd4d67c40b0e116eaafab828441e9012c18ff735ebe05c82434d4c0f9b00122aaaad844c5230b9309765cc019e13e

Download Submit
C:\Windows\system\iqdSFXa.exe

Filesize
6.0MB

MD5
7947576b3046bf5c7c075ec9bb53f83a

SHA1
a7a49726f950db0847025eeeb162a0699f29c37c

SHA256
9fa1eaee5d66ad421a8f6754bd205b1395263da6896f00703cd80d537770312d

SHA512
5153685702d8cc91bb237a9e2541e9cdd041077bc3b6d4ea7220b6410395f69ead735f11176b4887bd94784a7d13cbc3b1b53f245fe9e34d171d95082a424f00

Download Submit
C:\Windows\system\lvjHCal.exe

Filesize
6.0MB

MD5
24024a71e1badd1e1c8f132c3fb0cca4

SHA1
87d31c4995471950f4c4e21ffaecdb00dbf97956

SHA256
ade6a1f623804271b5f348621eaaa73ac6c2243fa415a68aeb692dc6e2a20e60

SHA512
5f1b9b88416d5f826a2720a741f74b60eafe4db9285568844a7c072f5b9a9149236535d25adc5576a763dd1c52cc9769a6dd759cf140a2a625942f3b2fa44dcf

Download Submit
C:\Windows\system\nBRItJa.exe

Filesize
8B

MD5
338fde68ae7dad6345c4ed67f5eeae08

SHA1
e27075153e543cd3aadd16044aaa8953be280bac

SHA256
eabac93986cc662d95c9ce1e7d66a47d211f822f2107fbf6b0f3254e13aefe02

SHA512
5274b072a8ff1840ef85ea16f6e28edf3b5d70d825dbe9f599c13ba172c7f168366f2095597819fa7d68b30cdecf4e71c6928ae607be7a8a82e62143e0309a4a

Download Submit
C:\Windows\system\nVEXizt.exe

Filesize
6.0MB

MD5
bc277af04934ea35094b90594df51b4b

SHA1
8c44a8494ab0d3ab84269d10a67c0dba62ad33d2

SHA256
b74c1060bc7a0a0ac9d731e0ad9fbe1fe9bc1592aeadbbebcfa9fa7c98acee3e

SHA512
e5d5eb4a3f80fe53cffd30158ed72455dc2063e099c4c3e180e2fc32864030dee33b7856124234ec78297c7f07f5c8011a47f1d25d7c50475a915012e4322bad

Download Submit
C:\Windows\system\qJlBsVF.exe

Filesize
6.0MB

MD5
5b250665c311e365a871f0d3c32698ee

SHA1
19de35ceb5f84632abd4c3a10398556c4fb95a2c

SHA256
5b450a53da47464dcd5b53510399f3aa5a8eba584d899abf86517bf7f41c9900

SHA512
63c614b3614031bd5ee88161fbcee24dfc41e5a56af57ed692aaf8cb960d0fa57ef7a594bdd3320e85b5eddf54b198ce00186695707de7598c9bb90776d48b74

Download Submit
C:\Windows\system\qKZcMWN.exe

Filesize
6.0MB

MD5
c0c1d2456c24b92b61ee26fbd0279c35

SHA1
805f9fd2fb1af7e8ea9b93bc3da5404db28abf0b

SHA256
85d87a198adc4660368ff0f63134d089432187c16ad5ede9d0445088632fd970

SHA512
522774dd107525150270d22f5f877b246d754abb9095cab30bddd304442766d7de232e64b426dee5532105282ad01d2d60a0ca060d1707e17d5d70ef2d7d8907

Download Submit
C:\Windows\system\qzFaqom.exe

Filesize
6.0MB

MD5
0d8f840e906c3d7e0c47650717283d61

SHA1
53401538a7e18e3a7e50927a278e36117c583b6e

SHA256
e10eef85d144846e6f8a79af5e3e25842a4e950121fe73f07ecf28ae12546d84

SHA512
5a5a457e8f9cb4861109fe4db88108ffe144bd9b3f30287803ca1f3e845da5ac481b99fef657739a236e21d7539959fd3983d5d16860e0b083ef2319b6cc5d49

Download Submit
C:\Windows\system\tBNUEyF.exe

Filesize
6.0MB

MD5
50b9828eb6442cd98208d3928394583c

SHA1
0273dcf7c182d1fe5d3d988ae460837839a4741b

SHA256
1ca4393c32c170872e30217feb23478ad44aaed46c3e4f5fdddeb96e4c19267c

SHA512
6fe7d140195a934669af721f3496cc56585acff61dd86a94e5e998ef0cbdd480003d23e0487c4d8c4a192f2bcbd979d0874477fae32ee6ce972ec5abbdfdf267

Download Submit
C:\Windows\system\xcUbHIR.exe

Filesize
6.0MB

MD5
496c867b0257975b1a3cb13a45c681e5

SHA1
f6656b992cf65dab00aae78bb3e8d5a1423eb7b0

SHA256
ee7ffd91c4ccd912242c28a3939f09afb5bb991e5c523831a6196e29ea302f52

SHA512
9cf5f9efc4f137c6188a55169deeeb8ddee345b3551876e0d7a13ecc7b03dfc2a106f5c5b920fa36bcfa44d27c323c372e486d10c0ffbe32214db92eddf180f1

Download Submit
C:\Windows\system\xgmHjVy.exe

Filesize
6.0MB

MD5
356c051cc2791141f8fc29cf51ef6d75

SHA1
8b7f4d0589d3745713aa7a3d83c917b49a64e09e

SHA256
5362995fc11c0d7781024ce40f66d22835ad885e35f8e26dfa66aeeea17779d6

SHA512
666210ccd3be956108e3849d0e6db1bce5f96fd161167422c8521a4e265ae45e632c11359d3ee48c11b32ccb8cd0e28c8d6009cfda1c5ca554da332e573b52c2

Download Submit
\Windows\system\LZBNixN.exe

Filesize
6.0MB

MD5
71c166879152cab922c1848bcd6facf6

SHA1
e6532e1a89402570d92aae6e1f7d3d8dde83d0e2

SHA256
91d5306b59af55645afd026497aca9ce2f5561a37b94371e24b4b98c9fc2d714

SHA512
c303fcbad826ec7aa1e608d25266b39d81fcb003d5d13ff1b1ca7baba56ae205bbefc7805faab77acb350253e1ecda6199d291d1687b37963b4c7500f473185d

Download Submit
\Windows\system\PFZOfrw.exe

Filesize
6.0MB

MD5
73b6232b50ef559fb41e2e4710c24aa0

SHA1
62e07c48c5326c057d53ac5990917665554eba07

SHA256
137e593def543f8ab361d8beeb45eff2912310468207461f0033834a9b2c6728

SHA512
b2fae51e64e82b3749d6924a202f46db979725aeda2b52fb0b31a8d70f77337578c01c757cbc0f45538e3baaf02ace32e3dc6b1ea7c798dc79f081105e422ed6

Download Submit
\Windows\system\RYvtpLH.exe

Filesize
6.0MB

MD5
dcb7255ae979b1d40d5b755bba1da944

SHA1
69d6d21fc2799a9f9a84eaff74f38cd41a1edba2

SHA256
b07cbd26bf940276758f207a32824ffe53ea3921e84a95ba7878c6173fb30d0f

SHA512
311f08e2c19fb9a1e5b328e4707fb2c278cc9b97573590e12ad95253f8a563ed562baf11c1c95dff376bf50a7fb67c0feb1aaa94e4c793d6f4000c63002eb0d3

Download Submit
\Windows\system\elYMchh.exe

Filesize
6.0MB

MD5
df3dfd3026ab9c2eaa14b13ac4e6e0ce

SHA1
f00c79918e0a78750477d2e661d988318c273fa5

SHA256
1d7e0b2f133628dd7ffea6cf0a06b4989591104c365063ab65d85588d9bef82c

SHA512
dcf6e295ef5c9d1bbcdc080b4d72ec72fd0b95a852cf88b3d1259356579c3c2eb1d0e868bd142c436d58f96b9b1bba26d3a1cf9921c308f3ea921145227215f1

Download Submit
memory/448-608-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/448-1610-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/448-3861-0x000000013FC30000-0x000000013FF84000-memory.dmp

Filesize
3.3MB

Download
memory/1236-612-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-1614-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1236-3810-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-1479-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1496-54-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-1608-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-3621-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2264-606-0x000000013FD60000-0x00000001400B4000-memory.dmp

Filesize
3.3MB

Download
memory/2324-617-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2324-3521-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2364-1612-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-610-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-3667-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-1604-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2548-604-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2548-3953-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2584-2637-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2584-787-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2584-43-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1371-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1613-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2720-605-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2720-11-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-8-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2720-40-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2720-32-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2720-615-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2720-609-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-39-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2720-607-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2720-24-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1618-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2720-618-0x000000013F540000-0x000000013F894000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1363-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-0-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2720-616-0x000000013F100000-0x000000013F454000-memory.dmp

Filesize
3.3MB

Download
memory/2720-19-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1609-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2720-613-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1615-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1617-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1607-0x00000000022E0000-0x0000000002634000-memory.dmp

Filesize
3.3MB

Download
memory/2720-60-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/2720-611-0x000000013F360000-0x000000013F6B4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1611-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2748-58-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2748-2598-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2748-36-0x000000013FBD0000-0x000000013FF24000-memory.dmp

Filesize
3.3MB

Download
memory/2812-28-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2812-2593-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2812-51-0x000000013FE10000-0x0000000140164000-memory.dmp

Filesize
3.3MB

Download
memory/2828-20-0x000000013F2E0000-0x000000013F634000-memory.dmp

Filesize
3.3MB

Download
memory/2832-2594-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-22-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2832-46-0x000000013F480000-0x000000013F7D4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-1616-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-3675-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2856-614-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-2601-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-16-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download
memory/2932-45-0x000000013F670000-0x000000013F9C4000-memory.dmp

Filesize
3.3MB

Download