cobaltstrike | 8e04b1479619847f2bdbd130ded375a36d1a4214764d93ce3cd37a9480a27342

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 19:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

5da5dffcfac57a5cf49c3283c2a712e0
SHA1

380baf166445cb1b1fda80b5613b75ebbadd37b4
SHA256

8e04b1479619847f2bdbd130ded375a36d1a4214764d93ce3cd37a9480a27342
SHA512

98e85a95d0cef6a7e7411ee0aefe3c9b06b21752316701b940e37616dce5fa634bbe76c6a695a4750c4204c835bf4050893e754d3ab90d52cee26ef9d91c10c4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000700000001211a-6.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000161f6-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016307-12.dat	cobalt_reflective_dll
behavioral1/files/0x000800000001658c-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016855-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c62-52.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c84-49.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f4-80.dat	cobalt_reflective_dll
behavioral1/files/0x0036000000015f81-77.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f1-70.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000173da-58.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016aa9-35.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017472-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017487-113.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a2-112.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017525-111.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173fc-92.dat	cobalt_reflective_dll
behavioral1/files/0x0014000000018663-123.dat	cobalt_reflective_dll
behavioral1/files/0x000d00000001866e-128.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018792-139.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f53-152.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001903b-158.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190e0-165.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000190ce-162.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c26-148.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c1a-142.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018687-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191d4-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000191ff-176.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019244-184.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001922c-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019256-194.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2088-0-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x000700000001211a-6.dat	xmrig
behavioral1/memory/2160-9-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/files/0x00080000000161f6-10.dat	xmrig
behavioral1/memory/2820-14-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016307-12.dat	xmrig
behavioral1/memory/2864-22-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/files/0x000800000001658c-23.dat	xmrig
behavioral1/memory/2088-27-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016855-29.dat	xmrig
behavioral1/memory/2088-41-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2088-50-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/memory/2796-56-0x000000013F7D0000-0x000000013FB24000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c62-52.dat	xmrig
behavioral1/files/0x0008000000016c84-49.dat	xmrig
behavioral1/memory/2616-65-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2644-71-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/memory/2740-64-0x000000013F070000-0x000000013F3C4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f4-80.dat	xmrig
behavioral1/memory/2468-79-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2820-78-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/files/0x0036000000015f81-77.dat	xmrig
behavioral1/memory/1644-84-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2088-63-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/2088-62-0x000000013F160000-0x000000013F4B4000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f1-70.dat	xmrig
behavioral1/memory/2088-67-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/2716-61-0x000000013F350000-0x000000013F6A4000-memory.dmp	xmrig
behavioral1/files/0x00080000000173da-58.dat	xmrig
behavioral1/memory/2916-85-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2916-47-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2844-36-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016aa9-35.dat	xmrig
behavioral1/files/0x0006000000017472-94.dat	xmrig
behavioral1/memory/2088-101-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2644-110-0x000000013F2F0000-0x000000013F644000-memory.dmp	xmrig
behavioral1/files/0x0006000000017487-113.dat	xmrig
behavioral1/files/0x00060000000174a2-112.dat	xmrig
behavioral1/files/0x0006000000017525-111.dat	xmrig
behavioral1/files/0x00060000000173fc-92.dat	xmrig
behavioral1/memory/1992-102-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/1712-100-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2468-116-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x0014000000018663-123.dat	xmrig
behavioral1/files/0x000d00000001866e-128.dat	xmrig
behavioral1/files/0x0005000000018792-139.dat	xmrig
behavioral1/files/0x0006000000018f53-152.dat	xmrig
behavioral1/files/0x000600000001903b-158.dat	xmrig
behavioral1/files/0x00060000000190e0-165.dat	xmrig
behavioral1/files/0x00060000000190ce-162.dat	xmrig
behavioral1/files/0x0006000000018c26-148.dat	xmrig
behavioral1/files/0x0006000000018c1a-142.dat	xmrig
behavioral1/files/0x0005000000018687-133.dat	xmrig
behavioral1/memory/1644-119-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/files/0x00050000000191d4-174.dat	xmrig
behavioral1/files/0x00050000000191ff-176.dat	xmrig
behavioral1/files/0x0005000000019244-184.dat	xmrig
behavioral1/files/0x000500000001922c-182.dat	xmrig
behavioral1/files/0x0005000000019256-194.dat	xmrig
behavioral1/memory/2088-282-0x000000013F940000-0x000000013FC94000-memory.dmp	xmrig
behavioral1/memory/2160-3114-0x000000013F200000-0x000000013F554000-memory.dmp	xmrig
behavioral1/memory/2820-3121-0x000000013F680000-0x000000013F9D4000-memory.dmp	xmrig
behavioral1/memory/2864-3124-0x000000013F770000-0x000000013FAC4000-memory.dmp	xmrig
behavioral1/memory/2844-3153-0x000000013F380000-0x000000013F6D4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2160	YLHlmXh.exe
2820	lqLtioU.exe
2864	NaQsdyd.exe
2844	edLJKMO.exe
2796	AAkueeJ.exe
2916	QUPiDNW.exe
2716	UKZrzIq.exe
2740	tunTePf.exe
2616	uawlXed.exe
2644	FmywKJe.exe
2468	zGhIHXF.exe
1644	AzemVQR.exe
1712	ACeofWF.exe
1992	HWkoSRT.exe
2372	XjmgRkI.exe
1908	sqXBtnU.exe
1904	WQpQEqF.exe
484	XOLDHul.exe
2964	ZdQEIUP.exe
1608	YcaBvoL.exe
1268	AxmgEOy.exe
1260	xcYtyEu.exe
580	gQsbxVz.exe
2584	ruTlsSx.exe
2456	XTmXczq.exe
2104	jEsSMoS.exe
3008	JoGnrdQ.exe
748	dZiZXHy.exe
1604	wHLIMDp.exe
2260	SAPflBn.exe
448	kAQkenV.exe
956	MAYUGMv.exe
1848	acJgPGv.exe
2568	nDSZvBW.exe
1356	WaNIlRM.exe
1708	cLeAIrt.exe
1652	XxOudBD.exe
1732	rQxxyGl.exe
844	fvKEmqg.exe
2688	DRqpWfD.exe
692	AEOJdah.exe
2868	gAgkrCL.exe
1044	CneoAZw.exe
1500	qExfenP.exe
2200	TyBLDzL.exe
2392	aSjOAKy.exe
1736	YChYQOH.exe
872	KMGyLcl.exe
292	neGqyaa.exe
2348	jEidjaj.exe
2152	orSAwOD.exe
2328	euNXTZT.exe
1692	ybcBbeZ.exe
2800	OXBHOKF.exe
1812	ovdWBaS.exe
2636	gDTFWkF.exe
2676	nwMQwPO.exe
2604	MSWmYHU.exe
2020	yRPvUwa.exe
2888	HpVjJmM.exe
536	vNTMcii.exe
1972	rBqxpRJ.exe
2344	pJFDdxx.exe
2780	nIaySzb.exe

Loads dropped DLL 64 IoCs

pid	Process
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2088-0-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x000700000001211a-6.dat	upx
behavioral1/memory/2160-9-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/files/0x00080000000161f6-10.dat	upx
behavioral1/memory/2820-14-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x0008000000016307-12.dat	upx
behavioral1/memory/2864-22-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/files/0x000800000001658c-23.dat	upx
behavioral1/files/0x0007000000016855-29.dat	upx
behavioral1/memory/2796-56-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/files/0x0007000000016c62-52.dat	upx
behavioral1/files/0x0008000000016c84-49.dat	upx
behavioral1/memory/2616-65-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2644-71-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/2740-64-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/files/0x00060000000173f4-80.dat	upx
behavioral1/memory/2468-79-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2820-78-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/files/0x0036000000015f81-77.dat	upx
behavioral1/memory/1644-84-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2088-62-0x000000013F160000-0x000000013F4B4000-memory.dmp	upx
behavioral1/files/0x00060000000173f1-70.dat	upx
behavioral1/memory/2716-61-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/files/0x00080000000173da-58.dat	upx
behavioral1/memory/2916-85-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2916-47-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2844-36-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/files/0x0007000000016aa9-35.dat	upx
behavioral1/files/0x0006000000017472-94.dat	upx
behavioral1/memory/2644-110-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/files/0x0006000000017487-113.dat	upx
behavioral1/files/0x00060000000174a2-112.dat	upx
behavioral1/files/0x0006000000017525-111.dat	upx
behavioral1/files/0x00060000000173fc-92.dat	upx
behavioral1/memory/1992-102-0x000000013F940000-0x000000013FC94000-memory.dmp	upx
behavioral1/memory/1712-100-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2468-116-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/files/0x0014000000018663-123.dat	upx
behavioral1/files/0x000d00000001866e-128.dat	upx
behavioral1/files/0x0005000000018792-139.dat	upx
behavioral1/files/0x0006000000018f53-152.dat	upx
behavioral1/files/0x000600000001903b-158.dat	upx
behavioral1/files/0x00060000000190e0-165.dat	upx
behavioral1/files/0x00060000000190ce-162.dat	upx
behavioral1/files/0x0006000000018c26-148.dat	upx
behavioral1/files/0x0006000000018c1a-142.dat	upx
behavioral1/files/0x0005000000018687-133.dat	upx
behavioral1/memory/1644-119-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/files/0x00050000000191d4-174.dat	upx
behavioral1/files/0x00050000000191ff-176.dat	upx
behavioral1/files/0x0005000000019244-184.dat	upx
behavioral1/files/0x000500000001922c-182.dat	upx
behavioral1/files/0x0005000000019256-194.dat	upx
behavioral1/memory/2160-3114-0x000000013F200000-0x000000013F554000-memory.dmp	upx
behavioral1/memory/2820-3121-0x000000013F680000-0x000000013F9D4000-memory.dmp	upx
behavioral1/memory/2864-3124-0x000000013F770000-0x000000013FAC4000-memory.dmp	upx
behavioral1/memory/2844-3153-0x000000013F380000-0x000000013F6D4000-memory.dmp	upx
behavioral1/memory/2796-3152-0x000000013F7D0000-0x000000013FB24000-memory.dmp	upx
behavioral1/memory/2716-3162-0x000000013F350000-0x000000013F6A4000-memory.dmp	upx
behavioral1/memory/2916-3158-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2616-3172-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2740-3180-0x000000013F070000-0x000000013F3C4000-memory.dmp	upx
behavioral1/memory/2644-3187-0x000000013F2F0000-0x000000013F644000-memory.dmp	upx
behavioral1/memory/1644-3303-0x000000013F430000-0x000000013F784000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\WJEjbWA.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mkCdriv.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wzkaQsc.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oQUWtSD.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XqXPKZQ.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjkTkvy.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\taAjcZZ.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VsJFqTH.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jEidjaj.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sWuCatq.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qPKquVo.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mPUDayf.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PjaTENf.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\spNRJtm.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWkbeEe.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJJcffS.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqXBtnU.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JQozcXO.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sqMjJtG.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LYRduzE.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Fptwmhv.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKlpkNx.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hFaZeEp.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mapbDVK.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HeroMRA.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDgZvWg.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AsvJSWi.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zeKWnFS.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhBogjS.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UvvIGpQ.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmMBDkU.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ucYdCzH.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zYJbCSE.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnLtrBG.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HtvnHta.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TLorGyU.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TPWTsCj.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\imGDOhy.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PcqOblz.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OnHriYZ.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CfOQNfM.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EMfuyxl.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEWbrCU.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QTpDYoE.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uyZstFm.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YChYQOH.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UirIEsN.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HvdgDRL.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PwKpPdU.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HrHPwmL.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TyBLDzL.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PdUdEAh.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AgoAdCU.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FlEhtAK.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DCOkRDY.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlWyiFg.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TnUNevD.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYhwDTI.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\afhJONi.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huZMGKI.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyBIeLV.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wEtmoxx.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDQmCQo.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lJxWPHX.exe	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2160	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2088 wrote to memory of 2160	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2088 wrote to memory of 2160	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2088 wrote to memory of 2820	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2088 wrote to memory of 2820	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2088 wrote to memory of 2820	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2088 wrote to memory of 2864	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2088 wrote to memory of 2864	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2088 wrote to memory of 2864	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2088 wrote to memory of 2844	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2088 wrote to memory of 2844	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2088 wrote to memory of 2844	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2088 wrote to memory of 2796	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2088 wrote to memory of 2796	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2088 wrote to memory of 2796	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2088 wrote to memory of 2916	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2088 wrote to memory of 2916	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2088 wrote to memory of 2916	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2088 wrote to memory of 2740	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2088 wrote to memory of 2740	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2088 wrote to memory of 2740	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2088 wrote to memory of 2716	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2088 wrote to memory of 2716	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2088 wrote to memory of 2716	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2088 wrote to memory of 2616	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2088 wrote to memory of 2616	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2088 wrote to memory of 2616	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2088 wrote to memory of 2644	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2088 wrote to memory of 2644	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2088 wrote to memory of 2644	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2088 wrote to memory of 2468	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2088 wrote to memory of 2468	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2088 wrote to memory of 2468	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2088 wrote to memory of 1644	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2088 wrote to memory of 1644	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2088 wrote to memory of 1644	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2088 wrote to memory of 1712	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2088 wrote to memory of 1712	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2088 wrote to memory of 1712	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2088 wrote to memory of 1992	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2088 wrote to memory of 1992	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2088 wrote to memory of 1992	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2088 wrote to memory of 1908	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2088 wrote to memory of 1908	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2088 wrote to memory of 1908	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2088 wrote to memory of 2372	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2088 wrote to memory of 2372	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2088 wrote to memory of 2372	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2088 wrote to memory of 1904	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2088 wrote to memory of 1904	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2088 wrote to memory of 1904	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2088 wrote to memory of 484	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2088 wrote to memory of 484	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2088 wrote to memory of 484	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2088 wrote to memory of 2964	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2088 wrote to memory of 2964	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2088 wrote to memory of 2964	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2088 wrote to memory of 1608	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2088 wrote to memory of 1608	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2088 wrote to memory of 1608	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2088 wrote to memory of 1268	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2088 wrote to memory of 1268	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2088 wrote to memory of 1268	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2088 wrote to memory of 1260	2088	2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-20_5da5dffcfac57a5cf49c3283c2a712e0_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\System\YLHlmXh.exe
  C:\Windows\System\YLHlmXh.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\lqLtioU.exe
  C:\Windows\System\lqLtioU.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\NaQsdyd.exe
  C:\Windows\System\NaQsdyd.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\edLJKMO.exe
  C:\Windows\System\edLJKMO.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\AAkueeJ.exe
  C:\Windows\System\AAkueeJ.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\QUPiDNW.exe
  C:\Windows\System\QUPiDNW.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\tunTePf.exe
  C:\Windows\System\tunTePf.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\UKZrzIq.exe
  C:\Windows\System\UKZrzIq.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\uawlXed.exe
  C:\Windows\System\uawlXed.exe
  2⤵
  - Executes dropped EXE
  PID:2616
- C:\Windows\System\FmywKJe.exe
  C:\Windows\System\FmywKJe.exe
  2⤵
  - Executes dropped EXE
  PID:2644
- C:\Windows\System\zGhIHXF.exe
  C:\Windows\System\zGhIHXF.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\AzemVQR.exe
  C:\Windows\System\AzemVQR.exe
  2⤵
  - Executes dropped EXE
  PID:1644
- C:\Windows\System\ACeofWF.exe
  C:\Windows\System\ACeofWF.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\HWkoSRT.exe
  C:\Windows\System\HWkoSRT.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\sqXBtnU.exe
  C:\Windows\System\sqXBtnU.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\XjmgRkI.exe
  C:\Windows\System\XjmgRkI.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\WQpQEqF.exe
  C:\Windows\System\WQpQEqF.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\XOLDHul.exe
  C:\Windows\System\XOLDHul.exe
  2⤵
  - Executes dropped EXE
  PID:484
- C:\Windows\System\ZdQEIUP.exe
  C:\Windows\System\ZdQEIUP.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\YcaBvoL.exe
  C:\Windows\System\YcaBvoL.exe
  2⤵
  - Executes dropped EXE
  PID:1608
- C:\Windows\System\AxmgEOy.exe
  C:\Windows\System\AxmgEOy.exe
  2⤵
  - Executes dropped EXE
  PID:1268
- C:\Windows\System\xcYtyEu.exe
  C:\Windows\System\xcYtyEu.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\gQsbxVz.exe
  C:\Windows\System\gQsbxVz.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\ruTlsSx.exe
  C:\Windows\System\ruTlsSx.exe
  2⤵
  - Executes dropped EXE
  PID:2584
- C:\Windows\System\XTmXczq.exe
  C:\Windows\System\XTmXczq.exe
  2⤵
  - Executes dropped EXE
  PID:2456
- C:\Windows\System\jEsSMoS.exe
  C:\Windows\System\jEsSMoS.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\JoGnrdQ.exe
  C:\Windows\System\JoGnrdQ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\dZiZXHy.exe
  C:\Windows\System\dZiZXHy.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\wHLIMDp.exe
  C:\Windows\System\wHLIMDp.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\SAPflBn.exe
  C:\Windows\System\SAPflBn.exe
  2⤵
  - Executes dropped EXE
  PID:2260
- C:\Windows\System\kAQkenV.exe
  C:\Windows\System\kAQkenV.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\MAYUGMv.exe
  C:\Windows\System\MAYUGMv.exe
  2⤵
  - Executes dropped EXE
  PID:956
- C:\Windows\System\acJgPGv.exe
  C:\Windows\System\acJgPGv.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\nDSZvBW.exe
  C:\Windows\System\nDSZvBW.exe
  2⤵
  - Executes dropped EXE
  PID:2568
- C:\Windows\System\WaNIlRM.exe
  C:\Windows\System\WaNIlRM.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\cLeAIrt.exe
  C:\Windows\System\cLeAIrt.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\XxOudBD.exe
  C:\Windows\System\XxOudBD.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\rQxxyGl.exe
  C:\Windows\System\rQxxyGl.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\fvKEmqg.exe
  C:\Windows\System\fvKEmqg.exe
  2⤵
  - Executes dropped EXE
  PID:844
- C:\Windows\System\DRqpWfD.exe
  C:\Windows\System\DRqpWfD.exe
  2⤵
  - Executes dropped EXE
  PID:2688
- C:\Windows\System\AEOJdah.exe
  C:\Windows\System\AEOJdah.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\gAgkrCL.exe
  C:\Windows\System\gAgkrCL.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\CneoAZw.exe
  C:\Windows\System\CneoAZw.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\qExfenP.exe
  C:\Windows\System\qExfenP.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\aSjOAKy.exe
  C:\Windows\System\aSjOAKy.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\TyBLDzL.exe
  C:\Windows\System\TyBLDzL.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\YChYQOH.exe
  C:\Windows\System\YChYQOH.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\KMGyLcl.exe
  C:\Windows\System\KMGyLcl.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\neGqyaa.exe
  C:\Windows\System\neGqyaa.exe
  2⤵
  - Executes dropped EXE
  PID:292
- C:\Windows\System\jEidjaj.exe
  C:\Windows\System\jEidjaj.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\orSAwOD.exe
  C:\Windows\System\orSAwOD.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\euNXTZT.exe
  C:\Windows\System\euNXTZT.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\ybcBbeZ.exe
  C:\Windows\System\ybcBbeZ.exe
  2⤵
  - Executes dropped EXE
  PID:1692
- C:\Windows\System\OXBHOKF.exe
  C:\Windows\System\OXBHOKF.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\ovdWBaS.exe
  C:\Windows\System\ovdWBaS.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\gDTFWkF.exe
  C:\Windows\System\gDTFWkF.exe
  2⤵
  - Executes dropped EXE
  PID:2636
- C:\Windows\System\nwMQwPO.exe
  C:\Windows\System\nwMQwPO.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\MSWmYHU.exe
  C:\Windows\System\MSWmYHU.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\yRPvUwa.exe
  C:\Windows\System\yRPvUwa.exe
  2⤵
  - Executes dropped EXE
  PID:2020
- C:\Windows\System\HpVjJmM.exe
  C:\Windows\System\HpVjJmM.exe
  2⤵
  - Executes dropped EXE
  PID:2888
- C:\Windows\System\vNTMcii.exe
  C:\Windows\System\vNTMcii.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\rBqxpRJ.exe
  C:\Windows\System\rBqxpRJ.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\nIaySzb.exe
  C:\Windows\System\nIaySzb.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\pJFDdxx.exe
  C:\Windows\System\pJFDdxx.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\GDKprEw.exe
  C:\Windows\System\GDKprEw.exe
  2⤵
  PID:1576
- C:\Windows\System\EjBWPgt.exe
  C:\Windows\System\EjBWPgt.exe
  2⤵
  PID:2648
- C:\Windows\System\azPJzCQ.exe
  C:\Windows\System\azPJzCQ.exe
  2⤵
  PID:2472
- C:\Windows\System\jxoSddp.exe
  C:\Windows\System\jxoSddp.exe
  2⤵
  PID:1788
- C:\Windows\System\AlWyiFg.exe
  C:\Windows\System\AlWyiFg.exe
  2⤵
  PID:2572
- C:\Windows\System\LBjxfLn.exe
  C:\Windows\System\LBjxfLn.exe
  2⤵
  PID:2928
- C:\Windows\System\PdUdEAh.exe
  C:\Windows\System\PdUdEAh.exe
  2⤵
  PID:1100
- C:\Windows\System\IWpdjjK.exe
  C:\Windows\System\IWpdjjK.exe
  2⤵
  PID:1504
- C:\Windows\System\UNhgDDr.exe
  C:\Windows\System\UNhgDDr.exe
  2⤵
  PID:288
- C:\Windows\System\Tvzkkje.exe
  C:\Windows\System\Tvzkkje.exe
  2⤵
  PID:1048
- C:\Windows\System\wemQvYN.exe
  C:\Windows\System\wemQvYN.exe
  2⤵
  PID:2792
- C:\Windows\System\WKTZkJk.exe
  C:\Windows\System\WKTZkJk.exe
  2⤵
  PID:864
- C:\Windows\System\HeroMRA.exe
  C:\Windows\System\HeroMRA.exe
  2⤵
  PID:2624
- C:\Windows\System\mkCdriv.exe
  C:\Windows\System\mkCdriv.exe
  2⤵
  PID:1572
- C:\Windows\System\MSNvIbb.exe
  C:\Windows\System\MSNvIbb.exe
  2⤵
  PID:2632
- C:\Windows\System\dmcFdnL.exe
  C:\Windows\System\dmcFdnL.exe
  2⤵
  PID:320
- C:\Windows\System\bjMLdMd.exe
  C:\Windows\System\bjMLdMd.exe
  2⤵
  PID:2252
- C:\Windows\System\rIOKBab.exe
  C:\Windows\System\rIOKBab.exe
  2⤵
  PID:1080
- C:\Windows\System\AhSRoVd.exe
  C:\Windows\System\AhSRoVd.exe
  2⤵
  PID:2228
- C:\Windows\System\rYBucAA.exe
  C:\Windows\System\rYBucAA.exe
  2⤵
  PID:1996
- C:\Windows\System\PDAMqDB.exe
  C:\Windows\System\PDAMqDB.exe
  2⤵
  PID:1924
- C:\Windows\System\AvAsZad.exe
  C:\Windows\System\AvAsZad.exe
  2⤵
  PID:2960
- C:\Windows\System\OLeUYNj.exe
  C:\Windows\System\OLeUYNj.exe
  2⤵
  PID:1668
- C:\Windows\System\rsHksVK.exe
  C:\Windows\System\rsHksVK.exe
  2⤵
  PID:1640
- C:\Windows\System\tOFelGe.exe
  C:\Windows\System\tOFelGe.exe
  2⤵
  PID:1664
- C:\Windows\System\Szfkzbs.exe
  C:\Windows\System\Szfkzbs.exe
  2⤵
  PID:1756
- C:\Windows\System\WbcxsHe.exe
  C:\Windows\System\WbcxsHe.exe
  2⤵
  PID:2376
- C:\Windows\System\oThMbWw.exe
  C:\Windows\System\oThMbWw.exe
  2⤵
  PID:628
- C:\Windows\System\zBpCdNZ.exe
  C:\Windows\System\zBpCdNZ.exe
  2⤵
  PID:1532
- C:\Windows\System\eizBqYR.exe
  C:\Windows\System\eizBqYR.exe
  2⤵
  PID:1940
- C:\Windows\System\vWrWMch.exe
  C:\Windows\System\vWrWMch.exe
  2⤵
  PID:1524
- C:\Windows\System\sWuCatq.exe
  C:\Windows\System\sWuCatq.exe
  2⤵
  PID:2096
- C:\Windows\System\YrCUCfO.exe
  C:\Windows\System\YrCUCfO.exe
  2⤵
  PID:1740
- C:\Windows\System\kcQbyaj.exe
  C:\Windows\System\kcQbyaj.exe
  2⤵
  PID:2360
- C:\Windows\System\psVLcGw.exe
  C:\Windows\System\psVLcGw.exe
  2⤵
  PID:2756
- C:\Windows\System\tyeNVEA.exe
  C:\Windows\System\tyeNVEA.exe
  2⤵
  PID:2860
- C:\Windows\System\CBpVJax.exe
  C:\Windows\System\CBpVJax.exe
  2⤵
  PID:2904
- C:\Windows\System\HfocKrG.exe
  C:\Windows\System\HfocKrG.exe
  2⤵
  PID:2944
- C:\Windows\System\frMLoSk.exe
  C:\Windows\System\frMLoSk.exe
  2⤵
  PID:2112
- C:\Windows\System\UiVrVDs.exe
  C:\Windows\System\UiVrVDs.exe
  2⤵
  PID:2312
- C:\Windows\System\wEtmoxx.exe
  C:\Windows\System\wEtmoxx.exe
  2⤵
  PID:2988
- C:\Windows\System\GDzCNjy.exe
  C:\Windows\System\GDzCNjy.exe
  2⤵
  PID:2504
- C:\Windows\System\PxoGQEj.exe
  C:\Windows\System\PxoGQEj.exe
  2⤵
  PID:2296
- C:\Windows\System\AgoAdCU.exe
  C:\Windows\System\AgoAdCU.exe
  2⤵
  PID:2032
- C:\Windows\System\yecXvWW.exe
  C:\Windows\System\yecXvWW.exe
  2⤵
  PID:1920
- C:\Windows\System\IBQOPiw.exe
  C:\Windows\System\IBQOPiw.exe
  2⤵
  PID:2744
- C:\Windows\System\wyiypSF.exe
  C:\Windows\System\wyiypSF.exe
  2⤵
  PID:352
- C:\Windows\System\PcqOblz.exe
  C:\Windows\System\PcqOblz.exe
  2⤵
  PID:2608
- C:\Windows\System\gzYJcYG.exe
  C:\Windows\System\gzYJcYG.exe
  2⤵
  PID:1556
- C:\Windows\System\LPdoPTt.exe
  C:\Windows\System\LPdoPTt.exe
  2⤵
  PID:688
- C:\Windows\System\BMcVqEe.exe
  C:\Windows\System\BMcVqEe.exe
  2⤵
  PID:2912
- C:\Windows\System\oSzcGBg.exe
  C:\Windows\System\oSzcGBg.exe
  2⤵
  PID:2784
- C:\Windows\System\vTcgmCz.exe
  C:\Windows\System\vTcgmCz.exe
  2⤵
  PID:2880
- C:\Windows\System\pdsQGZP.exe
  C:\Windows\System\pdsQGZP.exe
  2⤵
  PID:2924
- C:\Windows\System\EmMBDkU.exe
  C:\Windows\System\EmMBDkU.exe
  2⤵
  PID:2056
- C:\Windows\System\MNHUJYX.exe
  C:\Windows\System\MNHUJYX.exe
  2⤵
  PID:1944
- C:\Windows\System\YEUhblU.exe
  C:\Windows\System\YEUhblU.exe
  2⤵
  PID:2952
- C:\Windows\System\GMHSAIV.exe
  C:\Windows\System\GMHSAIV.exe
  2⤵
  PID:800
- C:\Windows\System\jiLwhtI.exe
  C:\Windows\System\jiLwhtI.exe
  2⤵
  PID:924
- C:\Windows\System\wYFcZPf.exe
  C:\Windows\System\wYFcZPf.exe
  2⤵
  PID:1612
- C:\Windows\System\vuRSDJv.exe
  C:\Windows\System\vuRSDJv.exe
  2⤵
  PID:3012
- C:\Windows\System\ZkKEyuQ.exe
  C:\Windows\System\ZkKEyuQ.exe
  2⤵
  PID:804
- C:\Windows\System\ymDHFcT.exe
  C:\Windows\System\ymDHFcT.exe
  2⤵
  PID:1616
- C:\Windows\System\RuFcZFT.exe
  C:\Windows\System\RuFcZFT.exe
  2⤵
  PID:2148
- C:\Windows\System\YFSlbVP.exe
  C:\Windows\System\YFSlbVP.exe
  2⤵
  PID:3056
- C:\Windows\System\SBHldzS.exe
  C:\Windows\System\SBHldzS.exe
  2⤵
  PID:2380
- C:\Windows\System\SkWItQd.exe
  C:\Windows\System\SkWItQd.exe
  2⤵
  PID:1592
- C:\Windows\System\tkzhzev.exe
  C:\Windows\System\tkzhzev.exe
  2⤵
  PID:568
- C:\Windows\System\yDLXudt.exe
  C:\Windows\System\yDLXudt.exe
  2⤵
  PID:2920
- C:\Windows\System\YvlENQk.exe
  C:\Windows\System\YvlENQk.exe
  2⤵
  PID:2776
- C:\Windows\System\deDFBOK.exe
  C:\Windows\System\deDFBOK.exe
  2⤵
  PID:2752
- C:\Windows\System\WPnAAQs.exe
  C:\Windows\System\WPnAAQs.exe
  2⤵
  PID:2840
- C:\Windows\System\PWsLFJd.exe
  C:\Windows\System\PWsLFJd.exe
  2⤵
  PID:2816
- C:\Windows\System\otQVGLD.exe
  C:\Windows\System\otQVGLD.exe
  2⤵
  PID:544
- C:\Windows\System\EHCwIDf.exe
  C:\Windows\System\EHCwIDf.exe
  2⤵
  PID:2520
- C:\Windows\System\CWSbGKv.exe
  C:\Windows\System\CWSbGKv.exe
  2⤵
  PID:3016
- C:\Windows\System\MPIutld.exe
  C:\Windows\System\MPIutld.exe
  2⤵
  PID:740
- C:\Windows\System\hxOePru.exe
  C:\Windows\System\hxOePru.exe
  2⤵
  PID:1148
- C:\Windows\System\hBxNCHG.exe
  C:\Windows\System\hBxNCHG.exe
  2⤵
  PID:1352
- C:\Windows\System\VARsWrc.exe
  C:\Windows\System\VARsWrc.exe
  2⤵
  PID:588
- C:\Windows\System\YPVaETo.exe
  C:\Windows\System\YPVaETo.exe
  2⤵
  PID:984
- C:\Windows\System\UzFpOgq.exe
  C:\Windows\System\UzFpOgq.exe
  2⤵
  PID:2872
- C:\Windows\System\OdAHcQu.exe
  C:\Windows\System\OdAHcQu.exe
  2⤵
  PID:284
- C:\Windows\System\CzavEwi.exe
  C:\Windows\System\CzavEwi.exe
  2⤵
  PID:3040
- C:\Windows\System\AgVNhiy.exe
  C:\Windows\System\AgVNhiy.exe
  2⤵
  PID:876
- C:\Windows\System\HQqdzhT.exe
  C:\Windows\System\HQqdzhT.exe
  2⤵
  PID:2264
- C:\Windows\System\VMGVCsW.exe
  C:\Windows\System\VMGVCsW.exe
  2⤵
  PID:1568
- C:\Windows\System\sqTElWh.exe
  C:\Windows\System\sqTElWh.exe
  2⤵
  PID:1768
- C:\Windows\System\zzpNYma.exe
  C:\Windows\System\zzpNYma.exe
  2⤵
  PID:2196
- C:\Windows\System\TnCMrnk.exe
  C:\Windows\System\TnCMrnk.exe
  2⤵
  PID:1312
- C:\Windows\System\jaKMCyv.exe
  C:\Windows\System\jaKMCyv.exe
  2⤵
  PID:2948
- C:\Windows\System\fnNWelM.exe
  C:\Windows\System\fnNWelM.exe
  2⤵
  PID:348
- C:\Windows\System\gSXxuhY.exe
  C:\Windows\System\gSXxuhY.exe
  2⤵
  PID:1480
- C:\Windows\System\JXEVPLi.exe
  C:\Windows\System\JXEVPLi.exe
  2⤵
  PID:2156
- C:\Windows\System\rTbmpkl.exe
  C:\Windows\System\rTbmpkl.exe
  2⤵
  PID:1076
- C:\Windows\System\HhDJOLz.exe
  C:\Windows\System\HhDJOLz.exe
  2⤵
  PID:2672
- C:\Windows\System\mMdzXQQ.exe
  C:\Windows\System\mMdzXQQ.exe
  2⤵
  PID:1780
- C:\Windows\System\TJCjOmi.exe
  C:\Windows\System\TJCjOmi.exe
  2⤵
  PID:1124
- C:\Windows\System\KxQGNhC.exe
  C:\Windows\System\KxQGNhC.exe
  2⤵
  PID:2300
- C:\Windows\System\DTvMllC.exe
  C:\Windows\System\DTvMllC.exe
  2⤵
  PID:840
- C:\Windows\System\wJQsNis.exe
  C:\Windows\System\wJQsNis.exe
  2⤵
  PID:2184
- C:\Windows\System\LBxiqNP.exe
  C:\Windows\System\LBxiqNP.exe
  2⤵
  PID:2660
- C:\Windows\System\saHdoRL.exe
  C:\Windows\System\saHdoRL.exe
  2⤵
  PID:768
- C:\Windows\System\cfojcGO.exe
  C:\Windows\System\cfojcGO.exe
  2⤵
  PID:892
- C:\Windows\System\pmFvKph.exe
  C:\Windows\System\pmFvKph.exe
  2⤵
  PID:3080
- C:\Windows\System\WjiykCO.exe
  C:\Windows\System\WjiykCO.exe
  2⤵
  PID:3096
- C:\Windows\System\uAqaByn.exe
  C:\Windows\System\uAqaByn.exe
  2⤵
  PID:3120
- C:\Windows\System\WWDomZV.exe
  C:\Windows\System\WWDomZV.exe
  2⤵
  PID:3140
- C:\Windows\System\RnUtnXk.exe
  C:\Windows\System\RnUtnXk.exe
  2⤵
  PID:3156
- C:\Windows\System\avwcuVR.exe
  C:\Windows\System\avwcuVR.exe
  2⤵
  PID:3176
- C:\Windows\System\hvNEfmE.exe
  C:\Windows\System\hvNEfmE.exe
  2⤵
  PID:3192
- C:\Windows\System\rpKTxkW.exe
  C:\Windows\System\rpKTxkW.exe
  2⤵
  PID:3228
- C:\Windows\System\Nrjudjd.exe
  C:\Windows\System\Nrjudjd.exe
  2⤵
  PID:3256
- C:\Windows\System\WlzFHWZ.exe
  C:\Windows\System\WlzFHWZ.exe
  2⤵
  PID:3272
- C:\Windows\System\TEuAoxg.exe
  C:\Windows\System\TEuAoxg.exe
  2⤵
  PID:3300
- C:\Windows\System\fYThzJl.exe
  C:\Windows\System\fYThzJl.exe
  2⤵
  PID:3316
- C:\Windows\System\gzPjRhH.exe
  C:\Windows\System\gzPjRhH.exe
  2⤵
  PID:3332
- C:\Windows\System\dyNlZvB.exe
  C:\Windows\System\dyNlZvB.exe
  2⤵
  PID:3348
- C:\Windows\System\NUJPIex.exe
  C:\Windows\System\NUJPIex.exe
  2⤵
  PID:3368
- C:\Windows\System\LfyRcmn.exe
  C:\Windows\System\LfyRcmn.exe
  2⤵
  PID:3388
- C:\Windows\System\MyRJKqm.exe
  C:\Windows\System\MyRJKqm.exe
  2⤵
  PID:3404
- C:\Windows\System\ytHoUof.exe
  C:\Windows\System\ytHoUof.exe
  2⤵
  PID:3420
- C:\Windows\System\HzeVbPb.exe
  C:\Windows\System\HzeVbPb.exe
  2⤵
  PID:3436
- C:\Windows\System\etaAbYm.exe
  C:\Windows\System\etaAbYm.exe
  2⤵
  PID:3452
- C:\Windows\System\NwaiTya.exe
  C:\Windows\System\NwaiTya.exe
  2⤵
  PID:3468
- C:\Windows\System\nJMKBHH.exe
  C:\Windows\System\nJMKBHH.exe
  2⤵
  PID:3484
- C:\Windows\System\iGyTsBj.exe
  C:\Windows\System\iGyTsBj.exe
  2⤵
  PID:3500
- C:\Windows\System\TnUNevD.exe
  C:\Windows\System\TnUNevD.exe
  2⤵
  PID:3516
- C:\Windows\System\nJYspnN.exe
  C:\Windows\System\nJYspnN.exe
  2⤵
  PID:3532
- C:\Windows\System\neAFXwm.exe
  C:\Windows\System\neAFXwm.exe
  2⤵
  PID:3548
- C:\Windows\System\cVJcoow.exe
  C:\Windows\System\cVJcoow.exe
  2⤵
  PID:3564
- C:\Windows\System\jMzksvV.exe
  C:\Windows\System\jMzksvV.exe
  2⤵
  PID:3580
- C:\Windows\System\LdsdGsT.exe
  C:\Windows\System\LdsdGsT.exe
  2⤵
  PID:3596
- C:\Windows\System\hcIWVOp.exe
  C:\Windows\System\hcIWVOp.exe
  2⤵
  PID:3612
- C:\Windows\System\clTppYv.exe
  C:\Windows\System\clTppYv.exe
  2⤵
  PID:3628
- C:\Windows\System\PsyEtgH.exe
  C:\Windows\System\PsyEtgH.exe
  2⤵
  PID:3644
- C:\Windows\System\CVJNauG.exe
  C:\Windows\System\CVJNauG.exe
  2⤵
  PID:3660
- C:\Windows\System\zWxLJNy.exe
  C:\Windows\System\zWxLJNy.exe
  2⤵
  PID:3676
- C:\Windows\System\akVihMD.exe
  C:\Windows\System\akVihMD.exe
  2⤵
  PID:3692
- C:\Windows\System\mhbBzLJ.exe
  C:\Windows\System\mhbBzLJ.exe
  2⤵
  PID:3708
- C:\Windows\System\cTVhPwH.exe
  C:\Windows\System\cTVhPwH.exe
  2⤵
  PID:3724
- C:\Windows\System\RoPqJER.exe
  C:\Windows\System\RoPqJER.exe
  2⤵
  PID:3744
- C:\Windows\System\GhKiCvE.exe
  C:\Windows\System\GhKiCvE.exe
  2⤵
  PID:3796
- C:\Windows\System\YPDIgdS.exe
  C:\Windows\System\YPDIgdS.exe
  2⤵
  PID:3828
- C:\Windows\System\KOXnmxQ.exe
  C:\Windows\System\KOXnmxQ.exe
  2⤵
  PID:3872
- C:\Windows\System\VhTKxgH.exe
  C:\Windows\System\VhTKxgH.exe
  2⤵
  PID:3892
- C:\Windows\System\aJiGRes.exe
  C:\Windows\System\aJiGRes.exe
  2⤵
  PID:3912
- C:\Windows\System\lIRumka.exe
  C:\Windows\System\lIRumka.exe
  2⤵
  PID:3928
- C:\Windows\System\jitnhnx.exe
  C:\Windows\System\jitnhnx.exe
  2⤵
  PID:3944
- C:\Windows\System\Pfqdzow.exe
  C:\Windows\System\Pfqdzow.exe
  2⤵
  PID:3968
- C:\Windows\System\grUgKct.exe
  C:\Windows\System\grUgKct.exe
  2⤵
  PID:3988
- C:\Windows\System\FoWSKtu.exe
  C:\Windows\System\FoWSKtu.exe
  2⤵
  PID:4012
- C:\Windows\System\vJYalGh.exe
  C:\Windows\System\vJYalGh.exe
  2⤵
  PID:4032
- C:\Windows\System\DHYAXWu.exe
  C:\Windows\System\DHYAXWu.exe
  2⤵
  PID:4056
- C:\Windows\System\eFUIAEd.exe
  C:\Windows\System\eFUIAEd.exe
  2⤵
  PID:4072
- C:\Windows\System\UirIEsN.exe
  C:\Windows\System\UirIEsN.exe
  2⤵
  PID:4092
- C:\Windows\System\TEAFQQP.exe
  C:\Windows\System\TEAFQQP.exe
  2⤵
  PID:3152
- C:\Windows\System\eRHUWuv.exe
  C:\Windows\System\eRHUWuv.exe
  2⤵
  PID:2976
- C:\Windows\System\kKwOZio.exe
  C:\Windows\System\kKwOZio.exe
  2⤵
  PID:3088
- C:\Windows\System\hkkpLIu.exe
  C:\Windows\System\hkkpLIu.exe
  2⤵
  PID:3164
- C:\Windows\System\mXemvmS.exe
  C:\Windows\System\mXemvmS.exe
  2⤵
  PID:3204
- C:\Windows\System\FrXLjoe.exe
  C:\Windows\System\FrXLjoe.exe
  2⤵
  PID:1052
- C:\Windows\System\RqvOuem.exe
  C:\Windows\System\RqvOuem.exe
  2⤵
  PID:2172
- C:\Windows\System\ynGCTqL.exe
  C:\Windows\System\ynGCTqL.exe
  2⤵
  PID:2908
- C:\Windows\System\gJHxWYd.exe
  C:\Windows\System\gJHxWYd.exe
  2⤵
  PID:2288
- C:\Windows\System\EdHLYjv.exe
  C:\Windows\System\EdHLYjv.exe
  2⤵
  PID:3236
- C:\Windows\System\hqFCTdu.exe
  C:\Windows\System\hqFCTdu.exe
  2⤵
  PID:3248
- C:\Windows\System\SwCoYKO.exe
  C:\Windows\System\SwCoYKO.exe
  2⤵
  PID:3292
- C:\Windows\System\qPKquVo.exe
  C:\Windows\System\qPKquVo.exe
  2⤵
  PID:3268
- C:\Windows\System\kzIGDTo.exe
  C:\Windows\System\kzIGDTo.exe
  2⤵
  PID:3356
- C:\Windows\System\orvuHKe.exe
  C:\Windows\System\orvuHKe.exe
  2⤵
  PID:3312
- C:\Windows\System\cSxbWQF.exe
  C:\Windows\System\cSxbWQF.exe
  2⤵
  PID:3396
- C:\Windows\System\OwdZzbD.exe
  C:\Windows\System\OwdZzbD.exe
  2⤵
  PID:3432
- C:\Windows\System\ITiCkIi.exe
  C:\Windows\System\ITiCkIi.exe
  2⤵
  PID:3444
- C:\Windows\System\LvBYxaS.exe
  C:\Windows\System\LvBYxaS.exe
  2⤵
  PID:3496
- C:\Windows\System\xaduTqn.exe
  C:\Windows\System\xaduTqn.exe
  2⤵
  PID:3556
- C:\Windows\System\ndwTIBs.exe
  C:\Windows\System\ndwTIBs.exe
  2⤵
  PID:1376
- C:\Windows\System\QDFOEnH.exe
  C:\Windows\System\QDFOEnH.exe
  2⤵
  PID:3656
- C:\Windows\System\JQozcXO.exe
  C:\Windows\System\JQozcXO.exe
  2⤵
  PID:3720
- C:\Windows\System\bkggXdx.exe
  C:\Windows\System\bkggXdx.exe
  2⤵
  PID:3508
- C:\Windows\System\OzFYJdF.exe
  C:\Windows\System\OzFYJdF.exe
  2⤵
  PID:3732
- C:\Windows\System\lkwNKWK.exe
  C:\Windows\System\lkwNKWK.exe
  2⤵
  PID:3604
- C:\Windows\System\LgAoTAe.exe
  C:\Windows\System\LgAoTAe.exe
  2⤵
  PID:3740
- C:\Windows\System\RNWngmk.exe
  C:\Windows\System\RNWngmk.exe
  2⤵
  PID:3760
- C:\Windows\System\edIkPYv.exe
  C:\Windows\System\edIkPYv.exe
  2⤵
  PID:3780
- C:\Windows\System\WDYDMyv.exe
  C:\Windows\System\WDYDMyv.exe
  2⤵
  PID:3788
- C:\Windows\System\BcyoCIM.exe
  C:\Windows\System\BcyoCIM.exe
  2⤵
  PID:3820
- C:\Windows\System\hhVyERY.exe
  C:\Windows\System\hhVyERY.exe
  2⤵
  PID:3848
- C:\Windows\System\GOEvnaH.exe
  C:\Windows\System\GOEvnaH.exe
  2⤵
  PID:3868
- C:\Windows\System\CtzfHUe.exe
  C:\Windows\System\CtzfHUe.exe
  2⤵
  PID:3888
- C:\Windows\System\nUaqVWO.exe
  C:\Windows\System\nUaqVWO.exe
  2⤵
  PID:3920
- C:\Windows\System\YQXkLDE.exe
  C:\Windows\System\YQXkLDE.exe
  2⤵
  PID:3964
- C:\Windows\System\qLUVqsD.exe
  C:\Windows\System\qLUVqsD.exe
  2⤵
  PID:3976
- C:\Windows\System\SYdJOWD.exe
  C:\Windows\System\SYdJOWD.exe
  2⤵
  PID:4000
- C:\Windows\System\NDgZvWg.exe
  C:\Windows\System\NDgZvWg.exe
  2⤵
  PID:4028
- C:\Windows\System\ePtasxO.exe
  C:\Windows\System\ePtasxO.exe
  2⤵
  PID:4048
- C:\Windows\System\HvdgDRL.exe
  C:\Windows\System\HvdgDRL.exe
  2⤵
  PID:4084
- C:\Windows\System\yfpqcsV.exe
  C:\Windows\System\yfpqcsV.exe
  2⤵
  PID:3108
- C:\Windows\System\IjZkHCw.exe
  C:\Windows\System\IjZkHCw.exe
  2⤵
  PID:1916
- C:\Windows\System\CWUpfpM.exe
  C:\Windows\System\CWUpfpM.exe
  2⤵
  PID:3136
- C:\Windows\System\NDQmCQo.exe
  C:\Windows\System\NDQmCQo.exe
  2⤵
  PID:3132
- C:\Windows\System\BwhTllb.exe
  C:\Windows\System\BwhTllb.exe
  2⤵
  PID:3172
- C:\Windows\System\PBYJzzI.exe
  C:\Windows\System\PBYJzzI.exe
  2⤵
  PID:2804
- C:\Windows\System\vHBufcc.exe
  C:\Windows\System\vHBufcc.exe
  2⤵
  PID:3244
- C:\Windows\System\DERpapv.exe
  C:\Windows\System\DERpapv.exe
  2⤵
  PID:600
- C:\Windows\System\KteceRT.exe
  C:\Windows\System\KteceRT.exe
  2⤵
  PID:3340
- C:\Windows\System\AwtSNre.exe
  C:\Windows\System\AwtSNre.exe
  2⤵
  PID:3328
- C:\Windows\System\NSjxSyJ.exe
  C:\Windows\System\NSjxSyJ.exe
  2⤵
  PID:3384
- C:\Windows\System\FXjALzf.exe
  C:\Windows\System\FXjALzf.exe
  2⤵
  PID:3476
- C:\Windows\System\wEJpcOJ.exe
  C:\Windows\System\wEJpcOJ.exe
  2⤵
  PID:3492
- C:\Windows\System\MZsPrxP.exe
  C:\Windows\System\MZsPrxP.exe
  2⤵
  PID:3624
- C:\Windows\System\hbFRDUj.exe
  C:\Windows\System\hbFRDUj.exe
  2⤵
  PID:3704
- C:\Windows\System\NkqmNGt.exe
  C:\Windows\System\NkqmNGt.exe
  2⤵
  PID:3544
- C:\Windows\System\AsvJSWi.exe
  C:\Windows\System\AsvJSWi.exe
  2⤵
  PID:3776
- C:\Windows\System\YczDlQI.exe
  C:\Windows\System\YczDlQI.exe
  2⤵
  PID:3804
- C:\Windows\System\oKtUNCQ.exe
  C:\Windows\System\oKtUNCQ.exe
  2⤵
  PID:3864
- C:\Windows\System\XqXPKZQ.exe
  C:\Windows\System\XqXPKZQ.exe
  2⤵
  PID:3904
- C:\Windows\System\CKyGAXx.exe
  C:\Windows\System\CKyGAXx.exe
  2⤵
  PID:3940
- C:\Windows\System\UAtpbXE.exe
  C:\Windows\System\UAtpbXE.exe
  2⤵
  PID:4024
- C:\Windows\System\ViDQMXp.exe
  C:\Windows\System\ViDQMXp.exe
  2⤵
  PID:3148
- C:\Windows\System\ZqRSHQF.exe
  C:\Windows\System\ZqRSHQF.exe
  2⤵
  PID:4064
- C:\Windows\System\nRnnXZv.exe
  C:\Windows\System\nRnnXZv.exe
  2⤵
  PID:1964
- C:\Windows\System\FrgMoHj.exe
  C:\Windows\System\FrgMoHj.exe
  2⤵
  PID:1340
- C:\Windows\System\lDZagLe.exe
  C:\Windows\System\lDZagLe.exe
  2⤵
  PID:2848
- C:\Windows\System\dZRfhTw.exe
  C:\Windows\System\dZRfhTw.exe
  2⤵
  PID:2992
- C:\Windows\System\eYDMYwE.exe
  C:\Windows\System\eYDMYwE.exe
  2⤵
  PID:3416
- C:\Windows\System\YHlgAlX.exe
  C:\Windows\System\YHlgAlX.exe
  2⤵
  PID:3588
- C:\Windows\System\BsHwHMR.exe
  C:\Windows\System\BsHwHMR.exe
  2⤵
  PID:3652
- C:\Windows\System\jZdWzYI.exe
  C:\Windows\System\jZdWzYI.exe
  2⤵
  PID:3608
- C:\Windows\System\SfLPMgD.exe
  C:\Windows\System\SfLPMgD.exe
  2⤵
  PID:3936
- C:\Windows\System\LljKARh.exe
  C:\Windows\System\LljKARh.exe
  2⤵
  PID:3952
- C:\Windows\System\nNMRIhE.exe
  C:\Windows\System\nNMRIhE.exe
  2⤵
  PID:3980
- C:\Windows\System\AhiFxUP.exe
  C:\Windows\System\AhiFxUP.exe
  2⤵
  PID:3996
- C:\Windows\System\ieiorzf.exe
  C:\Windows\System\ieiorzf.exe
  2⤵
  PID:3344
- C:\Windows\System\sqMjJtG.exe
  C:\Windows\System\sqMjJtG.exe
  2⤵
  PID:3512
- C:\Windows\System\TsAlVbJ.exe
  C:\Windows\System\TsAlVbJ.exe
  2⤵
  PID:2292
- C:\Windows\System\eJhNQVw.exe
  C:\Windows\System\eJhNQVw.exe
  2⤵
  PID:3700
- C:\Windows\System\IJySAbi.exe
  C:\Windows\System\IJySAbi.exe
  2⤵
  PID:3880
- C:\Windows\System\ZseXtWU.exe
  C:\Windows\System\ZseXtWU.exe
  2⤵
  PID:4020
- C:\Windows\System\ujHBhBJ.exe
  C:\Windows\System\ujHBhBJ.exe
  2⤵
  PID:3464
- C:\Windows\System\ilDkyAb.exe
  C:\Windows\System\ilDkyAb.exe
  2⤵
  PID:4108
- C:\Windows\System\sifRpeS.exe
  C:\Windows\System\sifRpeS.exe
  2⤵
  PID:4124
- C:\Windows\System\tApYEkj.exe
  C:\Windows\System\tApYEkj.exe
  2⤵
  PID:4140
- C:\Windows\System\oGneVme.exe
  C:\Windows\System\oGneVme.exe
  2⤵
  PID:4156
- C:\Windows\System\UzPeCvo.exe
  C:\Windows\System\UzPeCvo.exe
  2⤵
  PID:4172
- C:\Windows\System\SAcAnRf.exe
  C:\Windows\System\SAcAnRf.exe
  2⤵
  PID:4188
- C:\Windows\System\pCoYuiS.exe
  C:\Windows\System\pCoYuiS.exe
  2⤵
  PID:4204
- C:\Windows\System\WLIGskn.exe
  C:\Windows\System\WLIGskn.exe
  2⤵
  PID:4220
- C:\Windows\System\MXZzaWE.exe
  C:\Windows\System\MXZzaWE.exe
  2⤵
  PID:4236
- C:\Windows\System\ftTjRlt.exe
  C:\Windows\System\ftTjRlt.exe
  2⤵
  PID:4252
- C:\Windows\System\WZhgNyO.exe
  C:\Windows\System\WZhgNyO.exe
  2⤵
  PID:4268
- C:\Windows\System\giVMTSC.exe
  C:\Windows\System\giVMTSC.exe
  2⤵
  PID:4284
- C:\Windows\System\SUBAcPF.exe
  C:\Windows\System\SUBAcPF.exe
  2⤵
  PID:4300
- C:\Windows\System\FmlcwZU.exe
  C:\Windows\System\FmlcwZU.exe
  2⤵
  PID:4328
- C:\Windows\System\FAgglHA.exe
  C:\Windows\System\FAgglHA.exe
  2⤵
  PID:4364
- C:\Windows\System\TdagQNj.exe
  C:\Windows\System\TdagQNj.exe
  2⤵
  PID:4392
- C:\Windows\System\iwtSiud.exe
  C:\Windows\System\iwtSiud.exe
  2⤵
  PID:4420
- C:\Windows\System\wlxzuTS.exe
  C:\Windows\System\wlxzuTS.exe
  2⤵
  PID:4452
- C:\Windows\System\pkCbcmG.exe
  C:\Windows\System\pkCbcmG.exe
  2⤵
  PID:4472
- C:\Windows\System\mPUDayf.exe
  C:\Windows\System\mPUDayf.exe
  2⤵
  PID:4492
- C:\Windows\System\hZJcZsp.exe
  C:\Windows\System\hZJcZsp.exe
  2⤵
  PID:4508
- C:\Windows\System\wIUWCRx.exe
  C:\Windows\System\wIUWCRx.exe
  2⤵
  PID:4524
- C:\Windows\System\wzkaQsc.exe
  C:\Windows\System\wzkaQsc.exe
  2⤵
  PID:4544
- C:\Windows\System\cniomNm.exe
  C:\Windows\System\cniomNm.exe
  2⤵
  PID:4560
- C:\Windows\System\mWoyEOo.exe
  C:\Windows\System\mWoyEOo.exe
  2⤵
  PID:4576
- C:\Windows\System\WOMvFsJ.exe
  C:\Windows\System\WOMvFsJ.exe
  2⤵
  PID:4592
- C:\Windows\System\LrDlhoT.exe
  C:\Windows\System\LrDlhoT.exe
  2⤵
  PID:4608
- C:\Windows\System\EixNlBZ.exe
  C:\Windows\System\EixNlBZ.exe
  2⤵
  PID:4624
- C:\Windows\System\gZdutQB.exe
  C:\Windows\System\gZdutQB.exe
  2⤵
  PID:4640
- C:\Windows\System\cYnOZOm.exe
  C:\Windows\System\cYnOZOm.exe
  2⤵
  PID:4656
- C:\Windows\System\LYRduzE.exe
  C:\Windows\System\LYRduzE.exe
  2⤵
  PID:4672
- C:\Windows\System\ChEndBn.exe
  C:\Windows\System\ChEndBn.exe
  2⤵
  PID:4692
- C:\Windows\System\suILuqF.exe
  C:\Windows\System\suILuqF.exe
  2⤵
  PID:4708
- C:\Windows\System\lqCYQfa.exe
  C:\Windows\System\lqCYQfa.exe
  2⤵
  PID:4724
- C:\Windows\System\myhQtbd.exe
  C:\Windows\System\myhQtbd.exe
  2⤵
  PID:4784
- C:\Windows\System\esrDDBy.exe
  C:\Windows\System\esrDDBy.exe
  2⤵
  PID:4800
- C:\Windows\System\mquzmAT.exe
  C:\Windows\System\mquzmAT.exe
  2⤵
  PID:4816
- C:\Windows\System\lkOUIBq.exe
  C:\Windows\System\lkOUIBq.exe
  2⤵
  PID:4832
- C:\Windows\System\EncsOcW.exe
  C:\Windows\System\EncsOcW.exe
  2⤵
  PID:4856
- C:\Windows\System\ixkMjxY.exe
  C:\Windows\System\ixkMjxY.exe
  2⤵
  PID:4876
- C:\Windows\System\vdJDBBD.exe
  C:\Windows\System\vdJDBBD.exe
  2⤵
  PID:4892
- C:\Windows\System\HuUcdul.exe
  C:\Windows\System\HuUcdul.exe
  2⤵
  PID:4908
- C:\Windows\System\gLRfvlh.exe
  C:\Windows\System\gLRfvlh.exe
  2⤵
  PID:4924
- C:\Windows\System\WhskPTQ.exe
  C:\Windows\System\WhskPTQ.exe
  2⤵
  PID:4944
- C:\Windows\System\WIuRCPE.exe
  C:\Windows\System\WIuRCPE.exe
  2⤵
  PID:4964
- C:\Windows\System\gMJBbUj.exe
  C:\Windows\System\gMJBbUj.exe
  2⤵
  PID:4980
- C:\Windows\System\PONSJIG.exe
  C:\Windows\System\PONSJIG.exe
  2⤵
  PID:4996
- C:\Windows\System\cqVdnFg.exe
  C:\Windows\System\cqVdnFg.exe
  2⤵
  PID:5012
- C:\Windows\System\WcdvqdG.exe
  C:\Windows\System\WcdvqdG.exe
  2⤵
  PID:5028
- C:\Windows\System\heEbiCU.exe
  C:\Windows\System\heEbiCU.exe
  2⤵
  PID:5044
- C:\Windows\System\htLXaaJ.exe
  C:\Windows\System\htLXaaJ.exe
  2⤵
  PID:5060
- C:\Windows\System\tsVpHVB.exe
  C:\Windows\System\tsVpHVB.exe
  2⤵
  PID:5076
- C:\Windows\System\UdTlZCR.exe
  C:\Windows\System\UdTlZCR.exe
  2⤵
  PID:5092
- C:\Windows\System\tDczjCX.exe
  C:\Windows\System\tDczjCX.exe
  2⤵
  PID:5108
- C:\Windows\System\WtoWBBr.exe
  C:\Windows\System\WtoWBBr.exe
  2⤵
  PID:3716
- C:\Windows\System\SCqstWL.exe
  C:\Windows\System\SCqstWL.exe
  2⤵
  PID:4104
- C:\Windows\System\blXevAu.exe
  C:\Windows\System\blXevAu.exe
  2⤵
  PID:4196
- C:\Windows\System\pecLoQc.exe
  C:\Windows\System\pecLoQc.exe
  2⤵
  PID:1232
- C:\Windows\System\wiBiTxf.exe
  C:\Windows\System\wiBiTxf.exe
  2⤵
  PID:4184
- C:\Windows\System\PIFjWuB.exe
  C:\Windows\System\PIFjWuB.exe
  2⤵
  PID:4116
- C:\Windows\System\lmcfZJi.exe
  C:\Windows\System\lmcfZJi.exe
  2⤵
  PID:4292
- C:\Windows\System\DBHGSuO.exe
  C:\Windows\System\DBHGSuO.exe
  2⤵
  PID:4312
- C:\Windows\System\gUWqkTZ.exe
  C:\Windows\System\gUWqkTZ.exe
  2⤵
  PID:4320
- C:\Windows\System\lktyBjC.exe
  C:\Windows\System\lktyBjC.exe
  2⤵
  PID:4344
- C:\Windows\System\yfznvTR.exe
  C:\Windows\System\yfznvTR.exe
  2⤵
  PID:4372
- C:\Windows\System\nFQxLEv.exe
  C:\Windows\System\nFQxLEv.exe
  2⤵
  PID:4384
- C:\Windows\System\fBKOgvx.exe
  C:\Windows\System\fBKOgvx.exe
  2⤵
  PID:4412
- C:\Windows\System\NKgoqGh.exe
  C:\Windows\System\NKgoqGh.exe
  2⤵
  PID:4428
- C:\Windows\System\wzFFLgV.exe
  C:\Windows\System\wzFFLgV.exe
  2⤵
  PID:4444
- C:\Windows\System\QfijigA.exe
  C:\Windows\System\QfijigA.exe
  2⤵
  PID:4480
- C:\Windows\System\fThjuoT.exe
  C:\Windows\System\fThjuoT.exe
  2⤵
  PID:4532
- C:\Windows\System\BaTyZAc.exe
  C:\Windows\System\BaTyZAc.exe
  2⤵
  PID:4568
- C:\Windows\System\nXrgIEh.exe
  C:\Windows\System\nXrgIEh.exe
  2⤵
  PID:4632
- C:\Windows\System\crHgzbx.exe
  C:\Windows\System\crHgzbx.exe
  2⤵
  PID:4700
- C:\Windows\System\uqzMBXW.exe
  C:\Windows\System\uqzMBXW.exe
  2⤵
  PID:4584
- C:\Windows\System\MOEmygD.exe
  C:\Windows\System\MOEmygD.exe
  2⤵
  PID:4616
- C:\Windows\System\QeFXGbB.exe
  C:\Windows\System\QeFXGbB.exe
  2⤵
  PID:4732
- C:\Windows\System\RirjECq.exe
  C:\Windows\System\RirjECq.exe
  2⤵
  PID:4748
- C:\Windows\System\XqYmXFn.exe
  C:\Windows\System\XqYmXFn.exe
  2⤵
  PID:4772
- C:\Windows\System\FCoJDmc.exe
  C:\Windows\System\FCoJDmc.exe
  2⤵
  PID:4808
- C:\Windows\System\vecCEYm.exe
  C:\Windows\System\vecCEYm.exe
  2⤵
  PID:4840
- C:\Windows\System\VTyDGKC.exe
  C:\Windows\System\VTyDGKC.exe
  2⤵
  PID:4852
- C:\Windows\System\PKUuUFZ.exe
  C:\Windows\System\PKUuUFZ.exe
  2⤵
  PID:4900
- C:\Windows\System\KadMWwQ.exe
  C:\Windows\System\KadMWwQ.exe
  2⤵
  PID:4916
- C:\Windows\System\mkURUho.exe
  C:\Windows\System\mkURUho.exe
  2⤵
  PID:4952
- C:\Windows\System\frwBnHZ.exe
  C:\Windows\System\frwBnHZ.exe
  2⤵
  PID:4988
- C:\Windows\System\BMtLXWo.exe
  C:\Windows\System\BMtLXWo.exe
  2⤵
  PID:5052
- C:\Windows\System\BITrRnO.exe
  C:\Windows\System\BITrRnO.exe
  2⤵
  PID:5088
- C:\Windows\System\HUCFhkl.exe
  C:\Windows\System\HUCFhkl.exe
  2⤵
  PID:5036
- C:\Windows\System\JUMlKQt.exe
  C:\Windows\System\JUMlKQt.exe
  2⤵
  PID:5116
- C:\Windows\System\uoimEjD.exe
  C:\Windows\System\uoimEjD.exe
  2⤵
  PID:5104
- C:\Windows\System\eLvYmiP.exe
  C:\Windows\System\eLvYmiP.exe
  2⤵
  PID:4168
- C:\Windows\System\IaIUBJE.exe
  C:\Windows\System\IaIUBJE.exe
  2⤵
  PID:3252
- C:\Windows\System\eBpUjnb.exe
  C:\Windows\System\eBpUjnb.exe
  2⤵
  PID:3768
- C:\Windows\System\ufrXeAd.exe
  C:\Windows\System\ufrXeAd.exe
  2⤵
  PID:3756
- C:\Windows\System\MEsTFdS.exe
  C:\Windows\System\MEsTFdS.exe
  2⤵
  PID:4120
- C:\Windows\System\YPseEFD.exe
  C:\Windows\System\YPseEFD.exe
  2⤵
  PID:4324
- C:\Windows\System\VVfcgVv.exe
  C:\Windows\System\VVfcgVv.exe
  2⤵
  PID:4356
- C:\Windows\System\uKtjkzA.exe
  C:\Windows\System\uKtjkzA.exe
  2⤵
  PID:4460
- C:\Windows\System\TsuwJKy.exe
  C:\Windows\System\TsuwJKy.exe
  2⤵
  PID:4464
- C:\Windows\System\qlNIYzH.exe
  C:\Windows\System\qlNIYzH.exe
  2⤵
  PID:4520
- C:\Windows\System\zyjFUcT.exe
  C:\Windows\System\zyjFUcT.exe
  2⤵
  PID:4604
- C:\Windows\System\lwjRKlk.exe
  C:\Windows\System\lwjRKlk.exe
  2⤵
  PID:4556
- C:\Windows\System\WrKxnuB.exe
  C:\Windows\System\WrKxnuB.exe
  2⤵
  PID:4680
- C:\Windows\System\guwWSpF.exe
  C:\Windows\System\guwWSpF.exe
  2⤵
  PID:4620
- C:\Windows\System\jSZArfz.exe
  C:\Windows\System\jSZArfz.exe
  2⤵
  PID:4760
- C:\Windows\System\LCmnXFY.exe
  C:\Windows\System\LCmnXFY.exe
  2⤵
  PID:4796
- C:\Windows\System\cuzCECg.exe
  C:\Windows\System\cuzCECg.exe
  2⤵
  PID:4884
- C:\Windows\System\KOWkGPM.exe
  C:\Windows\System\KOWkGPM.exe
  2⤵
  PID:5020
- C:\Windows\System\TgIeCLD.exe
  C:\Windows\System\TgIeCLD.exe
  2⤵
  PID:4904
- C:\Windows\System\VEDXkOo.exe
  C:\Windows\System\VEDXkOo.exe
  2⤵
  PID:5100
- C:\Windows\System\NxFchAr.exe
  C:\Windows\System\NxFchAr.exe
  2⤵
  PID:4216
- C:\Windows\System\DiOLdjT.exe
  C:\Windows\System\DiOLdjT.exe
  2⤵
  PID:4152
- C:\Windows\System\HUIDouh.exe
  C:\Windows\System\HUIDouh.exe
  2⤵
  PID:5072
- C:\Windows\System\EXEeRKW.exe
  C:\Windows\System\EXEeRKW.exe
  2⤵
  PID:4276
- C:\Windows\System\eKhdtvu.exe
  C:\Windows\System\eKhdtvu.exe
  2⤵
  PID:4380
- C:\Windows\System\gdxFcev.exe
  C:\Windows\System\gdxFcev.exe
  2⤵
  PID:4668
- C:\Windows\System\UFTVVMi.exe
  C:\Windows\System\UFTVVMi.exe
  2⤵
  PID:4440
- C:\Windows\System\BsSITtV.exe
  C:\Windows\System\BsSITtV.exe
  2⤵
  PID:4932
- C:\Windows\System\IYHUKkk.exe
  C:\Windows\System\IYHUKkk.exe
  2⤵
  PID:4716
- C:\Windows\System\yIxffNM.exe
  C:\Windows\System\yIxffNM.exe
  2⤵
  PID:4960
- C:\Windows\System\ADpfBAH.exe
  C:\Windows\System\ADpfBAH.exe
  2⤵
  PID:5008
- C:\Windows\System\lJxWPHX.exe
  C:\Windows\System\lJxWPHX.exe
  2⤵
  PID:5084
- C:\Windows\System\DmfbCWU.exe
  C:\Windows\System\DmfbCWU.exe
  2⤵
  PID:4500
- C:\Windows\System\aLkuPPG.exe
  C:\Windows\System\aLkuPPG.exe
  2⤵
  PID:4776
- C:\Windows\System\YHasEhO.exe
  C:\Windows\System\YHasEhO.exe
  2⤵
  PID:4780
- C:\Windows\System\ISrgtTi.exe
  C:\Windows\System\ISrgtTi.exe
  2⤵
  PID:4744
- C:\Windows\System\fNfwNHn.exe
  C:\Windows\System\fNfwNHn.exe
  2⤵
  PID:4868
- C:\Windows\System\qXBhSVf.exe
  C:\Windows\System\qXBhSVf.exe
  2⤵
  PID:4848
- C:\Windows\System\kYZCCLu.exe
  C:\Windows\System\kYZCCLu.exe
  2⤵
  PID:5068
- C:\Windows\System\NKGNtwd.exe
  C:\Windows\System\NKGNtwd.exe
  2⤵
  PID:4360
- C:\Windows\System\qVOghzR.exe
  C:\Windows\System\qVOghzR.exe
  2⤵
  PID:5132
- C:\Windows\System\HfXJlfL.exe
  C:\Windows\System\HfXJlfL.exe
  2⤵
  PID:5148
- C:\Windows\System\aYhwDTI.exe
  C:\Windows\System\aYhwDTI.exe
  2⤵
  PID:5164
- C:\Windows\System\TxNCySi.exe
  C:\Windows\System\TxNCySi.exe
  2⤵
  PID:5188
- C:\Windows\System\mohnnPO.exe
  C:\Windows\System\mohnnPO.exe
  2⤵
  PID:5204
- C:\Windows\System\iafFduJ.exe
  C:\Windows\System\iafFduJ.exe
  2⤵
  PID:5220
- C:\Windows\System\TxSrqYa.exe
  C:\Windows\System\TxSrqYa.exe
  2⤵
  PID:5236
- C:\Windows\System\YIJSNmE.exe
  C:\Windows\System\YIJSNmE.exe
  2⤵
  PID:5252
- C:\Windows\System\EMfuyxl.exe
  C:\Windows\System\EMfuyxl.exe
  2⤵
  PID:5268
- C:\Windows\System\QgNPEki.exe
  C:\Windows\System\QgNPEki.exe
  2⤵
  PID:5284
- C:\Windows\System\ucYdCzH.exe
  C:\Windows\System\ucYdCzH.exe
  2⤵
  PID:5300
- C:\Windows\System\SDSCMWB.exe
  C:\Windows\System\SDSCMWB.exe
  2⤵
  PID:5316
- C:\Windows\System\KryHyIa.exe
  C:\Windows\System\KryHyIa.exe
  2⤵
  PID:5332
- C:\Windows\System\QvwyZOj.exe
  C:\Windows\System\QvwyZOj.exe
  2⤵
  PID:5348
- C:\Windows\System\ENNrqjs.exe
  C:\Windows\System\ENNrqjs.exe
  2⤵
  PID:5364
- C:\Windows\System\gbZneVm.exe
  C:\Windows\System\gbZneVm.exe
  2⤵
  PID:5380
- C:\Windows\System\TLorGyU.exe
  C:\Windows\System\TLorGyU.exe
  2⤵
  PID:5396
- C:\Windows\System\NmswfER.exe
  C:\Windows\System\NmswfER.exe
  2⤵
  PID:5412
- C:\Windows\System\zYJbCSE.exe
  C:\Windows\System\zYJbCSE.exe
  2⤵
  PID:5428
- C:\Windows\System\yQArpUY.exe
  C:\Windows\System\yQArpUY.exe
  2⤵
  PID:5444
- C:\Windows\System\EGgYlbE.exe
  C:\Windows\System\EGgYlbE.exe
  2⤵
  PID:5460
- C:\Windows\System\ALFAUyx.exe
  C:\Windows\System\ALFAUyx.exe
  2⤵
  PID:5476
- C:\Windows\System\TyzfwrC.exe
  C:\Windows\System\TyzfwrC.exe
  2⤵
  PID:5492
- C:\Windows\System\LJQMgpd.exe
  C:\Windows\System\LJQMgpd.exe
  2⤵
  PID:5508
- C:\Windows\System\dGmqJsw.exe
  C:\Windows\System\dGmqJsw.exe
  2⤵
  PID:5524
- C:\Windows\System\yvzkFEJ.exe
  C:\Windows\System\yvzkFEJ.exe
  2⤵
  PID:5540
- C:\Windows\System\RkIwAEJ.exe
  C:\Windows\System\RkIwAEJ.exe
  2⤵
  PID:5556
- C:\Windows\System\qAvIdAC.exe
  C:\Windows\System\qAvIdAC.exe
  2⤵
  PID:5572
- C:\Windows\System\mjoPRoW.exe
  C:\Windows\System\mjoPRoW.exe
  2⤵
  PID:5588
- C:\Windows\System\cOVoVIl.exe
  C:\Windows\System\cOVoVIl.exe
  2⤵
  PID:5604
- C:\Windows\System\oQUWtSD.exe
  C:\Windows\System\oQUWtSD.exe
  2⤵
  PID:5624
- C:\Windows\System\ofuysRE.exe
  C:\Windows\System\ofuysRE.exe
  2⤵
  PID:5640
- C:\Windows\System\dpDgKut.exe
  C:\Windows\System\dpDgKut.exe
  2⤵
  PID:5656
- C:\Windows\System\UPVnmJU.exe
  C:\Windows\System\UPVnmJU.exe
  2⤵
  PID:5672
- C:\Windows\System\qlNObPn.exe
  C:\Windows\System\qlNObPn.exe
  2⤵
  PID:5688
- C:\Windows\System\TojlBxx.exe
  C:\Windows\System\TojlBxx.exe
  2⤵
  PID:5704
- C:\Windows\System\pmQKDeY.exe
  C:\Windows\System\pmQKDeY.exe
  2⤵
  PID:5720
- C:\Windows\System\aClsySv.exe
  C:\Windows\System\aClsySv.exe
  2⤵
  PID:5736
- C:\Windows\System\hXGFCmv.exe
  C:\Windows\System\hXGFCmv.exe
  2⤵
  PID:5752
- C:\Windows\System\demPYjV.exe
  C:\Windows\System\demPYjV.exe
  2⤵
  PID:5768
- C:\Windows\System\fpsIEBK.exe
  C:\Windows\System\fpsIEBK.exe
  2⤵
  PID:5784
- C:\Windows\System\soKFrqX.exe
  C:\Windows\System\soKFrqX.exe
  2⤵
  PID:5800
- C:\Windows\System\WLRejPW.exe
  C:\Windows\System\WLRejPW.exe
  2⤵
  PID:5820
- C:\Windows\System\cHXrfTJ.exe
  C:\Windows\System\cHXrfTJ.exe
  2⤵
  PID:5836
- C:\Windows\System\pEhdRKU.exe
  C:\Windows\System\pEhdRKU.exe
  2⤵
  PID:5852
- C:\Windows\System\UdticdL.exe
  C:\Windows\System\UdticdL.exe
  2⤵
  PID:5868
- C:\Windows\System\gqPbkkw.exe
  C:\Windows\System\gqPbkkw.exe
  2⤵
  PID:5892
- C:\Windows\System\fUazNPj.exe
  C:\Windows\System\fUazNPj.exe
  2⤵
  PID:5908
- C:\Windows\System\juukJRi.exe
  C:\Windows\System\juukJRi.exe
  2⤵
  PID:5924
- C:\Windows\System\niqyoYK.exe
  C:\Windows\System\niqyoYK.exe
  2⤵
  PID:5940
- C:\Windows\System\INMfqvF.exe
  C:\Windows\System\INMfqvF.exe
  2⤵
  PID:5956
- C:\Windows\System\JNNmVCy.exe
  C:\Windows\System\JNNmVCy.exe
  2⤵
  PID:5972
- C:\Windows\System\NxHpQRy.exe
  C:\Windows\System\NxHpQRy.exe
  2⤵
  PID:5988
- C:\Windows\System\OtpjZZG.exe
  C:\Windows\System\OtpjZZG.exe
  2⤵
  PID:6008
- C:\Windows\System\ZrKAvVr.exe
  C:\Windows\System\ZrKAvVr.exe
  2⤵
  PID:6032
- C:\Windows\System\mtpLHEj.exe
  C:\Windows\System\mtpLHEj.exe
  2⤵
  PID:6048
- C:\Windows\System\kTzXxdP.exe
  C:\Windows\System\kTzXxdP.exe
  2⤵
  PID:6064
- C:\Windows\System\mUvSOkY.exe
  C:\Windows\System\mUvSOkY.exe
  2⤵
  PID:6080
- C:\Windows\System\pPLGUFF.exe
  C:\Windows\System\pPLGUFF.exe
  2⤵
  PID:6100
- C:\Windows\System\UGFxdUv.exe
  C:\Windows\System\UGFxdUv.exe
  2⤵
  PID:6124
- C:\Windows\System\wXJnZdz.exe
  C:\Windows\System\wXJnZdz.exe
  2⤵
  PID:5172
- C:\Windows\System\zNtrAgt.exe
  C:\Windows\System\zNtrAgt.exe
  2⤵
  PID:5176
- C:\Windows\System\VrpoRhm.exe
  C:\Windows\System\VrpoRhm.exe
  2⤵
  PID:5196
- C:\Windows\System\pibuvfS.exe
  C:\Windows\System\pibuvfS.exe
  2⤵
  PID:5324
- C:\Windows\System\hBCwYQI.exe
  C:\Windows\System\hBCwYQI.exe
  2⤵
  PID:5260
- C:\Windows\System\YkQuYXT.exe
  C:\Windows\System\YkQuYXT.exe
  2⤵
  PID:5340
- C:\Windows\System\hLeMDCM.exe
  C:\Windows\System\hLeMDCM.exe
  2⤵
  PID:5436
- C:\Windows\System\bNCnINC.exe
  C:\Windows\System\bNCnINC.exe
  2⤵
  PID:5472
- C:\Windows\System\nvvWGfS.exe
  C:\Windows\System\nvvWGfS.exe
  2⤵
  PID:5488
- C:\Windows\System\zeVsxMs.exe
  C:\Windows\System\zeVsxMs.exe
  2⤵
  PID:5580
- C:\Windows\System\FTxKxec.exe
  C:\Windows\System\FTxKxec.exe
  2⤵
  PID:5536
- C:\Windows\System\xlHmSPj.exe
  C:\Windows\System\xlHmSPj.exe
  2⤵
  PID:5600
- C:\Windows\System\xcZhlXR.exe
  C:\Windows\System\xcZhlXR.exe
  2⤵
  PID:5668
- C:\Windows\System\USlVnUV.exe
  C:\Windows\System\USlVnUV.exe
  2⤵
  PID:5700
- C:\Windows\System\HPCTStI.exe
  C:\Windows\System\HPCTStI.exe
  2⤵
  PID:5764
- C:\Windows\System\NZcWoUK.exe
  C:\Windows\System\NZcWoUK.exe
  2⤵
  PID:5776
- C:\Windows\System\mgLCqRC.exe
  C:\Windows\System\mgLCqRC.exe
  2⤵
  PID:5780
- C:\Windows\System\OKGsBoc.exe
  C:\Windows\System\OKGsBoc.exe
  2⤵
  PID:5860
- C:\Windows\System\mzhocDM.exe
  C:\Windows\System\mzhocDM.exe
  2⤵
  PID:5888
- C:\Windows\System\oJOEscp.exe
  C:\Windows\System\oJOEscp.exe
  2⤵
  PID:5920
- C:\Windows\System\hawWvrM.exe
  C:\Windows\System\hawWvrM.exe
  2⤵
  PID:5964
- C:\Windows\System\zkPzvVv.exe
  C:\Windows\System\zkPzvVv.exe
  2⤵
  PID:6000
- C:\Windows\System\zQRRYUj.exe
  C:\Windows\System\zQRRYUj.exe
  2⤵
  PID:5904
- C:\Windows\System\EmpOSnf.exe
  C:\Windows\System\EmpOSnf.exe
  2⤵
  PID:5848
- C:\Windows\System\eXFBdJj.exe
  C:\Windows\System\eXFBdJj.exe
  2⤵
  PID:6060
- C:\Windows\System\rxaZOso.exe
  C:\Windows\System\rxaZOso.exe
  2⤵
  PID:6044
- C:\Windows\System\jlNTqIZ.exe
  C:\Windows\System\jlNTqIZ.exe
  2⤵
  PID:6132
- C:\Windows\System\SjhQMgF.exe
  C:\Windows\System\SjhQMgF.exe
  2⤵
  PID:4436
- C:\Windows\System\EUrAvmc.exe
  C:\Windows\System\EUrAvmc.exe
  2⤵
  PID:4244
- C:\Windows\System\DQugaer.exe
  C:\Windows\System\DQugaer.exe
  2⤵
  PID:6116
- C:\Windows\System\cduDvmK.exe
  C:\Windows\System\cduDvmK.exe
  2⤵
  PID:5144
- C:\Windows\System\afhJONi.exe
  C:\Windows\System\afhJONi.exe
  2⤵
  PID:5212
- C:\Windows\System\uvvBKBN.exe
  C:\Windows\System\uvvBKBN.exe
  2⤵
  PID:5244
- C:\Windows\System\lUbhoLC.exe
  C:\Windows\System\lUbhoLC.exe
  2⤵
  PID:5180
- C:\Windows\System\OzkIytg.exe
  C:\Windows\System\OzkIytg.exe
  2⤵
  PID:5452
- C:\Windows\System\KMRfUVe.exe
  C:\Windows\System\KMRfUVe.exe
  2⤵
  PID:5468
- C:\Windows\System\oxSASXc.exe
  C:\Windows\System\oxSASXc.exe
  2⤵
  PID:5312
- C:\Windows\System\wiMHNJn.exe
  C:\Windows\System\wiMHNJn.exe
  2⤵
  PID:5532
- C:\Windows\System\dnBeMDX.exe
  C:\Windows\System\dnBeMDX.exe
  2⤵
  PID:5596
- C:\Windows\System\Fptwmhv.exe
  C:\Windows\System\Fptwmhv.exe
  2⤵
  PID:5696
- C:\Windows\System\bIxhvrV.exe
  C:\Windows\System\bIxhvrV.exe
  2⤵
  PID:5744
- C:\Windows\System\oXXZxmR.exe
  C:\Windows\System\oXXZxmR.exe
  2⤵
  PID:6016
- C:\Windows\System\mnuPOfx.exe
  C:\Windows\System\mnuPOfx.exe
  2⤵
  PID:6020
- C:\Windows\System\VmZtFPL.exe
  C:\Windows\System\VmZtFPL.exe
  2⤵
  PID:5140
- C:\Windows\System\HyqRfhJ.exe
  C:\Windows\System\HyqRfhJ.exe
  2⤵
  PID:5296
- C:\Windows\System\BamvAPW.exe
  C:\Windows\System\BamvAPW.exe
  2⤵
  PID:5456
- C:\Windows\System\hEIRTyZ.exe
  C:\Windows\System\hEIRTyZ.exe
  2⤵
  PID:4824
- C:\Windows\System\UxJObRn.exe
  C:\Windows\System\UxJObRn.exe
  2⤵
  PID:5684
- C:\Windows\System\wcEvpBv.exe
  C:\Windows\System\wcEvpBv.exe
  2⤵
  PID:5388
- C:\Windows\System\yHGgoPw.exe
  C:\Windows\System\yHGgoPw.exe
  2⤵
  PID:6040
- C:\Windows\System\XkWVnUw.exe
  C:\Windows\System\XkWVnUw.exe
  2⤵
  PID:6108
- C:\Windows\System\wGiFJjP.exe
  C:\Windows\System\wGiFJjP.exe
  2⤵
  PID:5864
- C:\Windows\System\BEhyMma.exe
  C:\Windows\System\BEhyMma.exe
  2⤵
  PID:5548
- C:\Windows\System\cqrYUgA.exe
  C:\Windows\System\cqrYUgA.exe
  2⤵
  PID:6056
- C:\Windows\System\YoKIJxU.exe
  C:\Windows\System\YoKIJxU.exe
  2⤵
  PID:6072
- C:\Windows\System\JECDpif.exe
  C:\Windows\System\JECDpif.exe
  2⤵
  PID:5616
- C:\Windows\System\UbszXBj.exe
  C:\Windows\System\UbszXBj.exe
  2⤵
  PID:5128
- C:\Windows\System\qszyLdk.exe
  C:\Windows\System\qszyLdk.exe
  2⤵
  PID:6176
- C:\Windows\System\hveDmpB.exe
  C:\Windows\System\hveDmpB.exe
  2⤵
  PID:6204
- C:\Windows\System\UYdEjiu.exe
  C:\Windows\System\UYdEjiu.exe
  2⤵
  PID:6240
- C:\Windows\System\CaNNeBF.exe
  C:\Windows\System\CaNNeBF.exe
  2⤵
  PID:6268
- C:\Windows\System\ABRDpaX.exe
  C:\Windows\System\ABRDpaX.exe
  2⤵
  PID:6284
- C:\Windows\System\fSFnHwU.exe
  C:\Windows\System\fSFnHwU.exe
  2⤵
  PID:6300
- C:\Windows\System\VINFMVD.exe
  C:\Windows\System\VINFMVD.exe
  2⤵
  PID:6316
- C:\Windows\System\nYKTGRE.exe
  C:\Windows\System\nYKTGRE.exe
  2⤵
  PID:6336
- C:\Windows\System\MGmMJrC.exe
  C:\Windows\System\MGmMJrC.exe
  2⤵
  PID:6352
- C:\Windows\System\DKJrtVk.exe
  C:\Windows\System\DKJrtVk.exe
  2⤵
  PID:6372
- C:\Windows\System\vTSvykF.exe
  C:\Windows\System\vTSvykF.exe
  2⤵
  PID:6396
- C:\Windows\System\AkwPtJC.exe
  C:\Windows\System\AkwPtJC.exe
  2⤵
  PID:6412
- C:\Windows\System\EUcpvqB.exe
  C:\Windows\System\EUcpvqB.exe
  2⤵
  PID:6436
- C:\Windows\System\JHlMyZj.exe
  C:\Windows\System\JHlMyZj.exe
  2⤵
  PID:6456
- C:\Windows\System\XItMsjN.exe
  C:\Windows\System\XItMsjN.exe
  2⤵
  PID:6472
- C:\Windows\System\eOcNEeg.exe
  C:\Windows\System\eOcNEeg.exe
  2⤵
  PID:6492
- C:\Windows\System\XQovLHU.exe
  C:\Windows\System\XQovLHU.exe
  2⤵
  PID:6508
- C:\Windows\System\VuvPdmh.exe
  C:\Windows\System\VuvPdmh.exe
  2⤵
  PID:6536
- C:\Windows\System\dnkqMCg.exe
  C:\Windows\System\dnkqMCg.exe
  2⤵
  PID:6556
- C:\Windows\System\fycIrhe.exe
  C:\Windows\System\fycIrhe.exe
  2⤵
  PID:6588
- C:\Windows\System\CwQjayy.exe
  C:\Windows\System\CwQjayy.exe
  2⤵
  PID:6604
- C:\Windows\System\xRtAKuR.exe
  C:\Windows\System\xRtAKuR.exe
  2⤵
  PID:6624
- C:\Windows\System\dqxVKKj.exe
  C:\Windows\System\dqxVKKj.exe
  2⤵
  PID:6648
- C:\Windows\System\kSAjCnv.exe
  C:\Windows\System\kSAjCnv.exe
  2⤵
  PID:6664
- C:\Windows\System\JbeZbaY.exe
  C:\Windows\System\JbeZbaY.exe
  2⤵
  PID:6680
- C:\Windows\System\qJYHqAd.exe
  C:\Windows\System\qJYHqAd.exe
  2⤵
  PID:6696
- C:\Windows\System\OnHriYZ.exe
  C:\Windows\System\OnHriYZ.exe
  2⤵
  PID:6712
- C:\Windows\System\HTCroNf.exe
  C:\Windows\System\HTCroNf.exe
  2⤵
  PID:6728
- C:\Windows\System\cTpsfdP.exe
  C:\Windows\System\cTpsfdP.exe
  2⤵
  PID:6744
- C:\Windows\System\XxKFwqB.exe
  C:\Windows\System\XxKFwqB.exe
  2⤵
  PID:6768
- C:\Windows\System\HPDgltm.exe
  C:\Windows\System\HPDgltm.exe
  2⤵
  PID:6784
- C:\Windows\System\DZhAyhE.exe
  C:\Windows\System\DZhAyhE.exe
  2⤵
  PID:6800
- C:\Windows\System\tdlWvXE.exe
  C:\Windows\System\tdlWvXE.exe
  2⤵
  PID:6820
- C:\Windows\System\KDrQpfu.exe
  C:\Windows\System\KDrQpfu.exe
  2⤵
  PID:6836
- C:\Windows\System\oJfspSi.exe
  C:\Windows\System\oJfspSi.exe
  2⤵
  PID:6852
- C:\Windows\System\EIxIbDF.exe
  C:\Windows\System\EIxIbDF.exe
  2⤵
  PID:6876
- C:\Windows\System\TaImYJf.exe
  C:\Windows\System\TaImYJf.exe
  2⤵
  PID:6892
- C:\Windows\System\EdpiFDG.exe
  C:\Windows\System\EdpiFDG.exe
  2⤵
  PID:6908
- C:\Windows\System\fcwUiaG.exe
  C:\Windows\System\fcwUiaG.exe
  2⤵
  PID:6928
- C:\Windows\System\QuGvbBJ.exe
  C:\Windows\System\QuGvbBJ.exe
  2⤵
  PID:6948
- C:\Windows\System\LDHWeWv.exe
  C:\Windows\System\LDHWeWv.exe
  2⤵
  PID:6964
- C:\Windows\System\KawEBST.exe
  C:\Windows\System\KawEBST.exe
  2⤵
  PID:6984
- C:\Windows\System\lVdZVXy.exe
  C:\Windows\System\lVdZVXy.exe
  2⤵
  PID:7000
- C:\Windows\System\PeOWAUy.exe
  C:\Windows\System\PeOWAUy.exe
  2⤵
  PID:7016
- C:\Windows\System\rsygNPM.exe
  C:\Windows\System\rsygNPM.exe
  2⤵
  PID:7032
- C:\Windows\System\FvWlImW.exe
  C:\Windows\System\FvWlImW.exe
  2⤵
  PID:7052
- C:\Windows\System\gRMqWeL.exe
  C:\Windows\System\gRMqWeL.exe
  2⤵
  PID:7068
- C:\Windows\System\nriplTn.exe
  C:\Windows\System\nriplTn.exe
  2⤵
  PID:7084
- C:\Windows\System\zCLqqKO.exe
  C:\Windows\System\zCLqqKO.exe
  2⤵
  PID:7100
- C:\Windows\System\qDKGuHg.exe
  C:\Windows\System\qDKGuHg.exe
  2⤵
  PID:7116
- C:\Windows\System\cRVgLpu.exe
  C:\Windows\System\cRVgLpu.exe
  2⤵
  PID:7132
- C:\Windows\System\fJatcxz.exe
  C:\Windows\System\fJatcxz.exe
  2⤵
  PID:7156
- C:\Windows\System\solOuKA.exe
  C:\Windows\System\solOuKA.exe
  2⤵
  PID:5568
- C:\Windows\System\JrxfqKY.exe
  C:\Windows\System\JrxfqKY.exe
  2⤵
  PID:5916
- C:\Windows\System\AIYlXHc.exe
  C:\Windows\System\AIYlXHc.exe
  2⤵
  PID:5748
- C:\Windows\System\hHHShXP.exe
  C:\Windows\System\hHHShXP.exe
  2⤵
  PID:6188
- C:\Windows\System\hrJpclE.exe
  C:\Windows\System\hrJpclE.exe
  2⤵
  PID:6248
- C:\Windows\System\tulIkzn.exe
  C:\Windows\System\tulIkzn.exe
  2⤵
  PID:6332
- C:\Windows\System\zofpehY.exe
  C:\Windows\System\zofpehY.exe
  2⤵
  PID:6220
- C:\Windows\System\fQmrqZp.exe
  C:\Windows\System\fQmrqZp.exe
  2⤵
  PID:5372
- C:\Windows\System\sDXToPL.exe
  C:\Windows\System\sDXToPL.exe
  2⤵
  PID:6164
- C:\Windows\System\tYSAuzO.exe
  C:\Windows\System\tYSAuzO.exe
  2⤵
  PID:6276
- C:\Windows\System\mJlTbbo.exe
  C:\Windows\System\mJlTbbo.exe
  2⤵
  PID:6384
- C:\Windows\System\WJEjbWA.exe
  C:\Windows\System\WJEjbWA.exe
  2⤵
  PID:6404
- C:\Windows\System\QtLkrOR.exe
  C:\Windows\System\QtLkrOR.exe
  2⤵
  PID:6420
- C:\Windows\System\jwmeRPJ.exe
  C:\Windows\System\jwmeRPJ.exe
  2⤵
  PID:6480
- C:\Windows\System\uUUcJrK.exe
  C:\Windows\System\uUUcJrK.exe
  2⤵
  PID:6516
- C:\Windows\System\cewrGFf.exe
  C:\Windows\System\cewrGFf.exe
  2⤵
  PID:6544
- C:\Windows\System\JfPxRLs.exe
  C:\Windows\System\JfPxRLs.exe
  2⤵
  PID:6580
- C:\Windows\System\tqRLcke.exe
  C:\Windows\System\tqRLcke.exe
  2⤵
  PID:6620
- C:\Windows\System\KoHodpr.exe
  C:\Windows\System\KoHodpr.exe
  2⤵
  PID:6656
- C:\Windows\System\VeHgwAP.exe
  C:\Windows\System\VeHgwAP.exe
  2⤵
  PID:6724
- C:\Windows\System\GsFHAbX.exe
  C:\Windows\System\GsFHAbX.exe
  2⤵
  PID:6764
- C:\Windows\System\xlRXlnY.exe
  C:\Windows\System\xlRXlnY.exe
  2⤵
  PID:6672
- C:\Windows\System\QMWdFzt.exe
  C:\Windows\System\QMWdFzt.exe
  2⤵
  PID:6740
- C:\Windows\System\jpzRYeZ.exe
  C:\Windows\System\jpzRYeZ.exe
  2⤵
  PID:6792
- C:\Windows\System\TVpovzw.exe
  C:\Windows\System\TVpovzw.exe
  2⤵
  PID:6808
- C:\Windows\System\hHxrTxj.exe
  C:\Windows\System\hHxrTxj.exe
  2⤵
  PID:6780
- C:\Windows\System\RJBPsyn.exe
  C:\Windows\System\RJBPsyn.exe
  2⤵
  PID:6900
- C:\Windows\System\rcFKEjL.exe
  C:\Windows\System\rcFKEjL.exe
  2⤵
  PID:6848
- C:\Windows\System\VNVdLpT.exe
  C:\Windows\System\VNVdLpT.exe
  2⤵
  PID:6924
- C:\Windows\System\scRpZhP.exe
  C:\Windows\System\scRpZhP.exe
  2⤵
  PID:6956
- C:\Windows\System\nxqPrUu.exe
  C:\Windows\System\nxqPrUu.exe
  2⤵
  PID:6992
- C:\Windows\System\mvIlsOe.exe
  C:\Windows\System\mvIlsOe.exe
  2⤵
  PID:7012
- C:\Windows\System\fTLiXyY.exe
  C:\Windows\System\fTLiXyY.exe
  2⤵
  PID:7080
- C:\Windows\System\TBeEgcq.exe
  C:\Windows\System\TBeEgcq.exe
  2⤵
  PID:7064
- C:\Windows\System\VljXnsc.exe
  C:\Windows\System\VljXnsc.exe
  2⤵
  PID:7112
- C:\Windows\System\ELNUTEL.exe
  C:\Windows\System\ELNUTEL.exe
  2⤵
  PID:7148
- C:\Windows\System\ImPSogT.exe
  C:\Windows\System\ImPSogT.exe
  2⤵
  PID:6184
- C:\Windows\System\RTKqtEA.exe
  C:\Windows\System\RTKqtEA.exe
  2⤵
  PID:6292
- C:\Windows\System\zhjXprX.exe
  C:\Windows\System\zhjXprX.exe
  2⤵
  PID:6228
- C:\Windows\System\RXiAzsr.exe
  C:\Windows\System\RXiAzsr.exe
  2⤵
  PID:7164
- C:\Windows\System\PqECUWt.exe
  C:\Windows\System\PqECUWt.exe
  2⤵
  PID:5664
- C:\Windows\System\tdpIzBv.exe
  C:\Windows\System\tdpIzBv.exe
  2⤵
  PID:6192
- C:\Windows\System\XNCGvsV.exe
  C:\Windows\System\XNCGvsV.exe
  2⤵
  PID:6172
- C:\Windows\System\yvdYcLf.exe
  C:\Windows\System\yvdYcLf.exe
  2⤵
  PID:6348
- C:\Windows\System\xfRRaRL.exe
  C:\Windows\System\xfRRaRL.exe
  2⤵
  PID:6468
- C:\Windows\System\IaJOxUJ.exe
  C:\Windows\System\IaJOxUJ.exe
  2⤵
  PID:6368
- C:\Windows\System\hvAueGJ.exe
  C:\Windows\System\hvAueGJ.exe
  2⤵
  PID:6156
- C:\Windows\System\VqNzjls.exe
  C:\Windows\System\VqNzjls.exe
  2⤵
  PID:6380
- C:\Windows\System\ZnWcqzp.exe
  C:\Windows\System\ZnWcqzp.exe
  2⤵
  PID:6572
- C:\Windows\System\dbtPuBL.exe
  C:\Windows\System\dbtPuBL.exe
  2⤵
  PID:6688
- C:\Windows\System\ZjkTkvy.exe
  C:\Windows\System\ZjkTkvy.exe
  2⤵
  PID:6636
- C:\Windows\System\miErJye.exe
  C:\Windows\System\miErJye.exe
  2⤵
  PID:6816
- C:\Windows\System\llFpKlM.exe
  C:\Windows\System\llFpKlM.exe
  2⤵
  PID:6868
- C:\Windows\System\tqoBfJj.exe
  C:\Windows\System\tqoBfJj.exe
  2⤵
  PID:6844
- C:\Windows\System\IGgwGEj.exe
  C:\Windows\System\IGgwGEj.exe
  2⤵
  PID:6940
- C:\Windows\System\LioIBBF.exe
  C:\Windows\System\LioIBBF.exe
  2⤵
  PID:7060
- C:\Windows\System\RbAORzu.exe
  C:\Windows\System\RbAORzu.exe
  2⤵
  PID:6920
- C:\Windows\System\RdBsTBJ.exe
  C:\Windows\System\RdBsTBJ.exe
  2⤵
  PID:7076
- C:\Windows\System\UbqTFvQ.exe
  C:\Windows\System\UbqTFvQ.exe
  2⤵
  PID:5936
- C:\Windows\System\CqPHLlv.exe
  C:\Windows\System\CqPHLlv.exe
  2⤵
  PID:6112
- C:\Windows\System\XAdhOjj.exe
  C:\Windows\System\XAdhOjj.exe
  2⤵
  PID:6344
- C:\Windows\System\UgKiaMV.exe
  C:\Windows\System\UgKiaMV.exe
  2⤵
  PID:5404
- C:\Windows\System\mxnoqyw.exe
  C:\Windows\System\mxnoqyw.exe
  2⤵
  PID:6224
- C:\Windows\System\gfnMYFZ.exe
  C:\Windows\System\gfnMYFZ.exe
  2⤵
  PID:6612
- C:\Windows\System\WPoWEjL.exe
  C:\Windows\System\WPoWEjL.exe
  2⤵
  PID:6736
- C:\Windows\System\mQPhnOm.exe
  C:\Windows\System\mQPhnOm.exe
  2⤵
  PID:6596
- C:\Windows\System\peNitVw.exe
  C:\Windows\System\peNitVw.exe
  2⤵
  PID:7028
- C:\Windows\System\JDxCSLp.exe
  C:\Windows\System\JDxCSLp.exe
  2⤵
  PID:6500
- C:\Windows\System\NRddqfL.exe
  C:\Windows\System\NRddqfL.exe
  2⤵
  PID:7048
- C:\Windows\System\VBwIdfu.exe
  C:\Windows\System\VBwIdfu.exe
  2⤵
  PID:6884
- C:\Windows\System\FaTFopT.exe
  C:\Windows\System\FaTFopT.exe
  2⤵
  PID:7128
- C:\Windows\System\KvVfrfY.exe
  C:\Windows\System\KvVfrfY.exe
  2⤵
  PID:5844
- C:\Windows\System\LEPsGwT.exe
  C:\Windows\System\LEPsGwT.exe
  2⤵
  PID:6448
- C:\Windows\System\LbPbrec.exe
  C:\Windows\System\LbPbrec.exe
  2⤵
  PID:5280
- C:\Windows\System\ABSSBEE.exe
  C:\Windows\System\ABSSBEE.exe
  2⤵
  PID:6872
- C:\Windows\System\unYfjFc.exe
  C:\Windows\System\unYfjFc.exe
  2⤵
  PID:6796
- C:\Windows\System\lgEllGF.exe
  C:\Windows\System\lgEllGF.exe
  2⤵
  PID:7176
- C:\Windows\System\cYKPtLK.exe
  C:\Windows\System\cYKPtLK.exe
  2⤵
  PID:7192
- C:\Windows\System\akyMKWQ.exe
  C:\Windows\System\akyMKWQ.exe
  2⤵
  PID:7208
- C:\Windows\System\rZpAhBF.exe
  C:\Windows\System\rZpAhBF.exe
  2⤵
  PID:7228
- C:\Windows\System\hUtMmFL.exe
  C:\Windows\System\hUtMmFL.exe
  2⤵
  PID:7244
- C:\Windows\System\kZWGIsk.exe
  C:\Windows\System\kZWGIsk.exe
  2⤵
  PID:7260
- C:\Windows\System\kufelSv.exe
  C:\Windows\System\kufelSv.exe
  2⤵
  PID:7280
- C:\Windows\System\WjTrSwn.exe
  C:\Windows\System\WjTrSwn.exe
  2⤵
  PID:7296
- C:\Windows\System\ZxyClKv.exe
  C:\Windows\System\ZxyClKv.exe
  2⤵
  PID:7312
- C:\Windows\System\dkcpbTx.exe
  C:\Windows\System\dkcpbTx.exe
  2⤵
  PID:7328
- C:\Windows\System\cqVFMlQ.exe
  C:\Windows\System\cqVFMlQ.exe
  2⤵
  PID:7344
- C:\Windows\System\vEsuSHG.exe
  C:\Windows\System\vEsuSHG.exe
  2⤵
  PID:7360
- C:\Windows\System\EepVjeB.exe
  C:\Windows\System\EepVjeB.exe
  2⤵
  PID:7376
- C:\Windows\System\SwLUPQR.exe
  C:\Windows\System\SwLUPQR.exe
  2⤵
  PID:7392
- C:\Windows\System\LoTOKwJ.exe
  C:\Windows\System\LoTOKwJ.exe
  2⤵
  PID:7408
- C:\Windows\System\zrlwUio.exe
  C:\Windows\System\zrlwUio.exe
  2⤵
  PID:7424
- C:\Windows\System\aknqHwV.exe
  C:\Windows\System\aknqHwV.exe
  2⤵
  PID:7440
- C:\Windows\System\GnmPmtm.exe
  C:\Windows\System\GnmPmtm.exe
  2⤵
  PID:7456
- C:\Windows\System\QXGGCrn.exe
  C:\Windows\System\QXGGCrn.exe
  2⤵
  PID:7472
- C:\Windows\System\JpjarwB.exe
  C:\Windows\System\JpjarwB.exe
  2⤵
  PID:7488
- C:\Windows\System\KhmHbQM.exe
  C:\Windows\System\KhmHbQM.exe
  2⤵
  PID:7504
- C:\Windows\System\OsRHwyu.exe
  C:\Windows\System\OsRHwyu.exe
  2⤵
  PID:7520
- C:\Windows\System\DhPAeKt.exe
  C:\Windows\System\DhPAeKt.exe
  2⤵
  PID:7536
- C:\Windows\System\bBBTsLf.exe
  C:\Windows\System\bBBTsLf.exe
  2⤵
  PID:7552
- C:\Windows\System\cLSerKD.exe
  C:\Windows\System\cLSerKD.exe
  2⤵
  PID:7568
- C:\Windows\System\nqxHwBh.exe
  C:\Windows\System\nqxHwBh.exe
  2⤵
  PID:7592
- C:\Windows\System\WTXodML.exe
  C:\Windows\System\WTXodML.exe
  2⤵
  PID:7608
- C:\Windows\System\tcjgVGN.exe
  C:\Windows\System\tcjgVGN.exe
  2⤵
  PID:7624
- C:\Windows\System\hhhBZqR.exe
  C:\Windows\System\hhhBZqR.exe
  2⤵
  PID:7640
- C:\Windows\System\DTNrNPx.exe
  C:\Windows\System\DTNrNPx.exe
  2⤵
  PID:7656
- C:\Windows\System\XtYfUbz.exe
  C:\Windows\System\XtYfUbz.exe
  2⤵
  PID:7672
- C:\Windows\System\QlYVyUr.exe
  C:\Windows\System\QlYVyUr.exe
  2⤵
  PID:7688
- C:\Windows\System\lLXgwQZ.exe
  C:\Windows\System\lLXgwQZ.exe
  2⤵
  PID:7708
- C:\Windows\System\YMDBtLl.exe
  C:\Windows\System\YMDBtLl.exe
  2⤵
  PID:7724
- C:\Windows\System\FlEhtAK.exe
  C:\Windows\System\FlEhtAK.exe
  2⤵
  PID:7740
- C:\Windows\System\mazCMfA.exe
  C:\Windows\System\mazCMfA.exe
  2⤵
  PID:7780
- C:\Windows\System\OVwsVKA.exe
  C:\Windows\System\OVwsVKA.exe
  2⤵
  PID:7796
- C:\Windows\System\aykERvj.exe
  C:\Windows\System\aykERvj.exe
  2⤵
  PID:7812
- C:\Windows\System\fxepKAB.exe
  C:\Windows\System\fxepKAB.exe
  2⤵
  PID:7828
- C:\Windows\System\qCPAwVp.exe
  C:\Windows\System\qCPAwVp.exe
  2⤵
  PID:7844
- C:\Windows\System\EIMHpFQ.exe
  C:\Windows\System\EIMHpFQ.exe
  2⤵
  PID:7860
- C:\Windows\System\GtfDjSl.exe
  C:\Windows\System\GtfDjSl.exe
  2⤵
  PID:7876
- C:\Windows\System\pHrwIqe.exe
  C:\Windows\System\pHrwIqe.exe
  2⤵
  PID:7896
- C:\Windows\System\wIIcsnS.exe
  C:\Windows\System\wIIcsnS.exe
  2⤵
  PID:7920
- C:\Windows\System\COiNRdy.exe
  C:\Windows\System\COiNRdy.exe
  2⤵
  PID:7936
- C:\Windows\System\yiylYZk.exe
  C:\Windows\System\yiylYZk.exe
  2⤵
  PID:7960
- C:\Windows\System\MvcwaPs.exe
  C:\Windows\System\MvcwaPs.exe
  2⤵
  PID:7976
- C:\Windows\System\PZIldFt.exe
  C:\Windows\System\PZIldFt.exe
  2⤵
  PID:7992
- C:\Windows\System\HMIApET.exe
  C:\Windows\System\HMIApET.exe
  2⤵
  PID:8008
- C:\Windows\System\BxVUEwb.exe
  C:\Windows\System\BxVUEwb.exe
  2⤵
  PID:8024
- C:\Windows\System\eJqFVcr.exe
  C:\Windows\System\eJqFVcr.exe
  2⤵
  PID:8052
- C:\Windows\System\NOqPuBu.exe
  C:\Windows\System\NOqPuBu.exe
  2⤵
  PID:8072
- C:\Windows\System\ruSLXuE.exe
  C:\Windows\System\ruSLXuE.exe
  2⤵
  PID:8096
- C:\Windows\System\PwKpPdU.exe
  C:\Windows\System\PwKpPdU.exe
  2⤵
  PID:8112
- C:\Windows\System\SqAzmnt.exe
  C:\Windows\System\SqAzmnt.exe
  2⤵
  PID:8128
- C:\Windows\System\IPsfwFN.exe
  C:\Windows\System\IPsfwFN.exe
  2⤵
  PID:8144
- C:\Windows\System\lqLIfSC.exe
  C:\Windows\System\lqLIfSC.exe
  2⤵
  PID:8160
- C:\Windows\System\kjmiWes.exe
  C:\Windows\System\kjmiWes.exe
  2⤵
  PID:8176
- C:\Windows\System\mNjiKDn.exe
  C:\Windows\System\mNjiKDn.exe
  2⤵
  PID:6260
- C:\Windows\System\mvFfaxr.exe
  C:\Windows\System\mvFfaxr.exe
  2⤵
  PID:7188
- C:\Windows\System\UVfRMeJ.exe
  C:\Windows\System\UVfRMeJ.exe
  2⤵
  PID:6692
- C:\Windows\System\dkGNuFi.exe
  C:\Windows\System\dkGNuFi.exe
  2⤵
  PID:7204
- C:\Windows\System\auYkEYk.exe
  C:\Windows\System\auYkEYk.exe
  2⤵
  PID:6196
- C:\Windows\System\WxvJXPx.exe
  C:\Windows\System\WxvJXPx.exe
  2⤵
  PID:7200
- C:\Windows\System\sBuWnDS.exe
  C:\Windows\System\sBuWnDS.exe
  2⤵
  PID:7292
- C:\Windows\System\QpNgtCN.exe
  C:\Windows\System\QpNgtCN.exe
  2⤵
  PID:7276
- C:\Windows\System\NkZFlzL.exe
  C:\Windows\System\NkZFlzL.exe
  2⤵
  PID:7308
- C:\Windows\System\GyzAaxy.exe
  C:\Windows\System\GyzAaxy.exe
  2⤵
  PID:7400
- C:\Windows\System\beOxbKL.exe
  C:\Windows\System\beOxbKL.exe
  2⤵
  PID:7384
- C:\Windows\System\DKFluMu.exe
  C:\Windows\System\DKFluMu.exe
  2⤵
  PID:7480
- C:\Windows\System\XnYnLMq.exe
  C:\Windows\System\XnYnLMq.exe
  2⤵
  PID:7548
- C:\Windows\System\tdXipSh.exe
  C:\Windows\System\tdXipSh.exe
  2⤵
  PID:7340
- C:\Windows\System\QLUMOCb.exe
  C:\Windows\System\QLUMOCb.exe
  2⤵
  PID:7496
- C:\Windows\System\cEbsINz.exe
  C:\Windows\System\cEbsINz.exe
  2⤵
  PID:7564
- C:\Windows\System\GnnyJUP.exe
  C:\Windows\System\GnnyJUP.exe
  2⤵
  PID:7616
- C:\Windows\System\MhSevcE.exe
  C:\Windows\System\MhSevcE.exe
  2⤵
  PID:7532
- C:\Windows\System\MfYPAYc.exe
  C:\Windows\System\MfYPAYc.exe
  2⤵
  PID:7604
- C:\Windows\System\bPOxSQk.exe
  C:\Windows\System\bPOxSQk.exe
  2⤵
  PID:7748
- C:\Windows\System\NFmYSzj.exe
  C:\Windows\System\NFmYSzj.exe
  2⤵
  PID:7732
- C:\Windows\System\ebmKBrS.exe
  C:\Windows\System\ebmKBrS.exe
  2⤵
  PID:7736
- C:\Windows\System\tQAaxWo.exe
  C:\Windows\System\tQAaxWo.exe
  2⤵
  PID:7764
- C:\Windows\System\eCnrHET.exe
  C:\Windows\System\eCnrHET.exe
  2⤵
  PID:7788
- C:\Windows\System\ktylRdA.exe
  C:\Windows\System\ktylRdA.exe
  2⤵
  PID:7808
- C:\Windows\System\EKKipmk.exe
  C:\Windows\System\EKKipmk.exe
  2⤵
  PID:7872
- C:\Windows\System\cQoZpFK.exe
  C:\Windows\System\cQoZpFK.exe
  2⤵
  PID:7888
- C:\Windows\System\OEGlnUd.exe
  C:\Windows\System\OEGlnUd.exe
  2⤵
  PID:7948
- C:\Windows\System\QwhIoIl.exe
  C:\Windows\System\QwhIoIl.exe
  2⤵
  PID:7932
- C:\Windows\System\pjBHqwq.exe
  C:\Windows\System\pjBHqwq.exe
  2⤵
  PID:8040
- C:\Windows\System\ESbhhVK.exe
  C:\Windows\System\ESbhhVK.exe
  2⤵
  PID:8060
- C:\Windows\System\noGxUJX.exe
  C:\Windows\System\noGxUJX.exe
  2⤵
  PID:8136
- C:\Windows\System\kiOSGvE.exe
  C:\Windows\System\kiOSGvE.exe
  2⤵
  PID:8120
- C:\Windows\System\xIenhUI.exe
  C:\Windows\System\xIenhUI.exe
  2⤵
  PID:7040
- C:\Windows\System\tQHtEgS.exe
  C:\Windows\System\tQHtEgS.exe
  2⤵
  PID:7464
- C:\Windows\System\ROzBFSO.exe
  C:\Windows\System\ROzBFSO.exe
  2⤵
  PID:8260
- C:\Windows\System\HMTSjlB.exe
  C:\Windows\System\HMTSjlB.exe
  2⤵
  PID:8624
- C:\Windows\System\wXPvZel.exe
  C:\Windows\System\wXPvZel.exe
  2⤵
  PID:8640
- C:\Windows\System\WSGiBjL.exe
  C:\Windows\System\WSGiBjL.exe
  2⤵
  PID:8656
- C:\Windows\System\DTQRhgG.exe
  C:\Windows\System\DTQRhgG.exe
  2⤵
  PID:8676
- C:\Windows\System\HfMJnwY.exe
  C:\Windows\System\HfMJnwY.exe
  2⤵
  PID:8696
- C:\Windows\System\cQCsxNf.exe
  C:\Windows\System\cQCsxNf.exe
  2⤵
  PID:8712
- C:\Windows\System\OfthJoB.exe
  C:\Windows\System\OfthJoB.exe
  2⤵
  PID:8732
- C:\Windows\System\UkwEndO.exe
  C:\Windows\System\UkwEndO.exe
  2⤵
  PID:8748
- C:\Windows\System\uwaipVM.exe
  C:\Windows\System\uwaipVM.exe
  2⤵
  PID:8764
- C:\Windows\System\ImIODPW.exe
  C:\Windows\System\ImIODPW.exe
  2⤵
  PID:8808
- C:\Windows\System\oiRdzIQ.exe
  C:\Windows\System\oiRdzIQ.exe
  2⤵
  PID:8824
- C:\Windows\System\WdyijBk.exe
  C:\Windows\System\WdyijBk.exe
  2⤵
  PID:8840
- C:\Windows\System\FVxNXjf.exe
  C:\Windows\System\FVxNXjf.exe
  2⤵
  PID:8856
- C:\Windows\System\FsxkyMY.exe
  C:\Windows\System\FsxkyMY.exe
  2⤵
  PID:8872
- C:\Windows\System\ZtLSbKr.exe
  C:\Windows\System\ZtLSbKr.exe
  2⤵
  PID:8888
- C:\Windows\System\oAgGEli.exe
  C:\Windows\System\oAgGEli.exe
  2⤵
  PID:8904
- C:\Windows\System\ZxJLaUw.exe
  C:\Windows\System\ZxJLaUw.exe
  2⤵
  PID:8920
- C:\Windows\System\jEssYDg.exe
  C:\Windows\System\jEssYDg.exe
  2⤵
  PID:8936
- C:\Windows\System\IOZeisf.exe
  C:\Windows\System\IOZeisf.exe
  2⤵
  PID:8952
- C:\Windows\System\xKkqRuP.exe
  C:\Windows\System\xKkqRuP.exe
  2⤵
  PID:8968
- C:\Windows\System\VhEnlhv.exe
  C:\Windows\System\VhEnlhv.exe
  2⤵
  PID:8984
- C:\Windows\System\vgXIrVj.exe
  C:\Windows\System\vgXIrVj.exe
  2⤵
  PID:9000
- C:\Windows\System\uNctTsO.exe
  C:\Windows\System\uNctTsO.exe
  2⤵
  PID:9016
- C:\Windows\System\ONcFBRZ.exe
  C:\Windows\System\ONcFBRZ.exe
  2⤵
  PID:9032
- C:\Windows\System\NkYiFdF.exe
  C:\Windows\System\NkYiFdF.exe
  2⤵
  PID:9048
- C:\Windows\System\tKleHta.exe
  C:\Windows\System\tKleHta.exe
  2⤵
  PID:9088
- C:\Windows\System\poOrSct.exe
  C:\Windows\System\poOrSct.exe
  2⤵
  PID:9148
- C:\Windows\System\GGfgkzH.exe
  C:\Windows\System\GGfgkzH.exe
  2⤵
  PID:9164
- C:\Windows\System\JvOZJzp.exe
  C:\Windows\System\JvOZJzp.exe
  2⤵
  PID:9184
- C:\Windows\System\WSGhrPd.exe
  C:\Windows\System\WSGhrPd.exe
  2⤵
  PID:9200
- C:\Windows\System\cmmsKnx.exe
  C:\Windows\System\cmmsKnx.exe
  2⤵
  PID:7668
- C:\Windows\System\ofXaLzn.exe
  C:\Windows\System\ofXaLzn.exe
  2⤵
  PID:7648
- C:\Windows\System\FaIBrxE.exe
  C:\Windows\System\FaIBrxE.exe
  2⤵
  PID:7700
- C:\Windows\System\PPSkhKj.exe
  C:\Windows\System\PPSkhKj.exe
  2⤵
  PID:7868
- C:\Windows\System\HJLtLQm.exe
  C:\Windows\System\HJLtLQm.exe
  2⤵
  PID:7892
- C:\Windows\System\eeQvCyF.exe
  C:\Windows\System\eeQvCyF.exe
  2⤵
  PID:7928
- C:\Windows\System\rcPwAOI.exe
  C:\Windows\System\rcPwAOI.exe
  2⤵
  PID:8004
- C:\Windows\System\zNvkGxP.exe
  C:\Windows\System\zNvkGxP.exe
  2⤵
  PID:8048
- C:\Windows\System\IgDWJZs.exe
  C:\Windows\System\IgDWJZs.exe
  2⤵
  PID:8084
- C:\Windows\System\whuazUH.exe
  C:\Windows\System\whuazUH.exe
  2⤵
  PID:7216
- C:\Windows\System\KSOMEFp.exe
  C:\Windows\System\KSOMEFp.exe
  2⤵
  PID:8172
- C:\Windows\System\TrvXRTt.exe
  C:\Windows\System\TrvXRTt.exe
  2⤵
  PID:7224
- C:\Windows\System\EIAuZVn.exe
  C:\Windows\System\EIAuZVn.exe
  2⤵
  PID:7684
- C:\Windows\System\FEWbrCU.exe
  C:\Windows\System\FEWbrCU.exe
  2⤵
  PID:8200
- C:\Windows\System\AUtkiuJ.exe
  C:\Windows\System\AUtkiuJ.exe
  2⤵
  PID:8220
- C:\Windows\System\iwCOGOp.exe
  C:\Windows\System\iwCOGOp.exe
  2⤵
  PID:8236
- C:\Windows\System\akjaevg.exe
  C:\Windows\System\akjaevg.exe
  2⤵
  PID:8252
- C:\Windows\System\JpfaDYW.exe
  C:\Windows\System\JpfaDYW.exe
  2⤵
  PID:7588
- C:\Windows\System\Mkjxdel.exe
  C:\Windows\System\Mkjxdel.exe
  2⤵
  PID:7512
- C:\Windows\System\bSCfKKK.exe
  C:\Windows\System\bSCfKKK.exe
  2⤵
  PID:8280
- C:\Windows\System\orRKtBq.exe
  C:\Windows\System\orRKtBq.exe
  2⤵
  PID:8296
- C:\Windows\System\ZBMxGZG.exe
  C:\Windows\System\ZBMxGZG.exe
  2⤵
  PID:8408
- C:\Windows\System\KrmGRkY.exe
  C:\Windows\System\KrmGRkY.exe
  2⤵
  PID:8416
- C:\Windows\System\NMIBBFv.exe
  C:\Windows\System\NMIBBFv.exe
  2⤵
  PID:8456
- C:\Windows\System\Evmsrbd.exe
  C:\Windows\System\Evmsrbd.exe
  2⤵
  PID:8472
- C:\Windows\System\ujwyxWA.exe
  C:\Windows\System\ujwyxWA.exe
  2⤵
  PID:8488
- C:\Windows\System\zyMXJCs.exe
  C:\Windows\System\zyMXJCs.exe
  2⤵
  PID:8504
- C:\Windows\System\ehMUNjG.exe
  C:\Windows\System\ehMUNjG.exe
  2⤵
  PID:8316
- C:\Windows\System\lEZbSIQ.exe
  C:\Windows\System\lEZbSIQ.exe
  2⤵
  PID:8332
- C:\Windows\System\SPUssnT.exe
  C:\Windows\System\SPUssnT.exe
  2⤵
  PID:8380
- C:\Windows\System\JwlZnlf.exe
  C:\Windows\System\JwlZnlf.exe
  2⤵
  PID:8388
- C:\Windows\System\xpmJgvi.exe
  C:\Windows\System\xpmJgvi.exe
  2⤵
  PID:8516
- C:\Windows\System\APAmPAk.exe
  C:\Windows\System\APAmPAk.exe
  2⤵
  PID:8536
- C:\Windows\System\wQayklb.exe
  C:\Windows\System\wQayklb.exe
  2⤵
  PID:8540
- C:\Windows\System\tgrlFMW.exe
  C:\Windows\System\tgrlFMW.exe
  2⤵
  PID:8556
- C:\Windows\System\PheatzE.exe
  C:\Windows\System\PheatzE.exe
  2⤵
  PID:8572
- C:\Windows\System\TycjECh.exe
  C:\Windows\System\TycjECh.exe
  2⤵
  PID:8708
- C:\Windows\System\cutffwp.exe
  C:\Windows\System\cutffwp.exe
  2⤵
  PID:8688
- C:\Windows\System\gJMSTWk.exe
  C:\Windows\System\gJMSTWk.exe
  2⤵
  PID:8740
- C:\Windows\System\eEnoYAW.exe
  C:\Windows\System\eEnoYAW.exe
  2⤵
  PID:8788
- C:\Windows\System\gZOLVoE.exe
  C:\Windows\System\gZOLVoE.exe
  2⤵
  PID:8720
- C:\Windows\System\OspHLfN.exe
  C:\Windows\System\OspHLfN.exe
  2⤵
  PID:8652
- C:\Windows\System\qaoWQeX.exe
  C:\Windows\System\qaoWQeX.exe
  2⤵
  PID:8848
- C:\Windows\System\xeGdPzF.exe
  C:\Windows\System\xeGdPzF.exe
  2⤵
  PID:8912
- C:\Windows\System\UusyTYA.exe
  C:\Windows\System\UusyTYA.exe
  2⤵
  PID:8948
- C:\Windows\System\IgobEry.exe
  C:\Windows\System\IgobEry.exe
  2⤵
  PID:8836
- C:\Windows\System\LWzceap.exe
  C:\Windows\System\LWzceap.exe
  2⤵
  PID:8864
- C:\Windows\System\vPMjXuY.exe
  C:\Windows\System\vPMjXuY.exe
  2⤵
  PID:9056
- C:\Windows\System\vgQbhsi.exe
  C:\Windows\System\vgQbhsi.exe
  2⤵
  PID:9044
- C:\Windows\System\OJcdjlw.exe
  C:\Windows\System\OJcdjlw.exe
  2⤵
  PID:9080
- C:\Windows\System\SxSichf.exe
  C:\Windows\System\SxSichf.exe
  2⤵
  PID:9108
- C:\Windows\System\CTXhsjp.exe
  C:\Windows\System\CTXhsjp.exe
  2⤵
  PID:9124
- C:\Windows\System\OCsLyxP.exe
  C:\Windows\System\OCsLyxP.exe
  2⤵
  PID:9156
- C:\Windows\System\TbzaoOh.exe
  C:\Windows\System\TbzaoOh.exe
  2⤵
  PID:9192
- C:\Windows\System\aWqWOwW.exe
  C:\Windows\System\aWqWOwW.exe
  2⤵
  PID:9212
- C:\Windows\System\VjhlnBs.exe
  C:\Windows\System\VjhlnBs.exe
  2⤵
  PID:7560
- C:\Windows\System\QnmofbO.exe
  C:\Windows\System\QnmofbO.exe
  2⤵
  PID:7904
- C:\Windows\System\QRekLCq.exe
  C:\Windows\System\QRekLCq.exe
  2⤵
  PID:7984
- C:\Windows\System\XQOZYLc.exe
  C:\Windows\System\XQOZYLc.exe
  2⤵
  PID:8020
- C:\Windows\System\drjdmHR.exe
  C:\Windows\System\drjdmHR.exe
  2⤵
  PID:8152
- C:\Windows\System\nxngIXj.exe
  C:\Windows\System\nxngIXj.exe
  2⤵
  PID:7288
- C:\Windows\System\Osxozuv.exe
  C:\Windows\System\Osxozuv.exe
  2⤵
  PID:7184
- C:\Windows\System\fKlpkNx.exe
  C:\Windows\System\fKlpkNx.exe
  2⤵
  PID:8196
- C:\Windows\System\HHdDkKX.exe
  C:\Windows\System\HHdDkKX.exe
  2⤵
  PID:8208
- C:\Windows\System\KXVUhuH.exe
  C:\Windows\System\KXVUhuH.exe
  2⤵
  PID:7368
- C:\Windows\System\fwdXHOQ.exe
  C:\Windows\System\fwdXHOQ.exe
  2⤵
  PID:7448
- C:\Windows\System\JohGEzL.exe
  C:\Windows\System\JohGEzL.exe
  2⤵
  PID:8404
- C:\Windows\System\ERgUrME.exe
  C:\Windows\System\ERgUrME.exe
  2⤵
  PID:8364
- C:\Windows\System\yiFYVJB.exe
  C:\Windows\System\yiFYVJB.exe
  2⤵
  PID:8452
- C:\Windows\System\PjaTENf.exe
  C:\Windows\System\PjaTENf.exe
  2⤵
  PID:8480
- C:\Windows\System\TlELcgr.exe
  C:\Windows\System\TlELcgr.exe
  2⤵
  PID:8336
- C:\Windows\System\DHZGoBL.exe
  C:\Windows\System\DHZGoBL.exe
  2⤵
  PID:8632
- C:\Windows\System\nKMlkig.exe
  C:\Windows\System\nKMlkig.exe
  2⤵
  PID:8524
- C:\Windows\System\wmILLoQ.exe
  C:\Windows\System\wmILLoQ.exe
  2⤵
  PID:8608
- C:\Windows\System\auPrMmD.exe
  C:\Windows\System\auPrMmD.exe
  2⤵
  PID:8668
- C:\Windows\System\fNSVFCC.exe
  C:\Windows\System\fNSVFCC.exe
  2⤵
  PID:8352
- C:\Windows\System\srxqCJO.exe
  C:\Windows\System\srxqCJO.exe
  2⤵
  PID:8328
- C:\Windows\System\tTQgOgS.exe
  C:\Windows\System\tTQgOgS.exe
  2⤵
  PID:7528
- C:\Windows\System\bSLjHyk.exe
  C:\Windows\System\bSLjHyk.exe
  2⤵
  PID:8780
- C:\Windows\System\QBUwArG.exe
  C:\Windows\System\QBUwArG.exe
  2⤵
  PID:8884
- C:\Windows\System\jVOSwxG.exe
  C:\Windows\System\jVOSwxG.exe
  2⤵
  PID:8832
- C:\Windows\System\MgyZnUb.exe
  C:\Windows\System\MgyZnUb.exe
  2⤵
  PID:8776
- C:\Windows\System\sJCOblG.exe
  C:\Windows\System\sJCOblG.exe
  2⤵
  PID:9008
- C:\Windows\System\QltkdvA.exe
  C:\Windows\System\QltkdvA.exe
  2⤵
  PID:9076
- C:\Windows\System\colssIj.exe
  C:\Windows\System\colssIj.exe
  2⤵
  PID:9096
- C:\Windows\System\CsJbQYT.exe
  C:\Windows\System\CsJbQYT.exe
  2⤵
  PID:9176
- C:\Windows\System\OtuUSSx.exe
  C:\Windows\System\OtuUSSx.exe
  2⤵
  PID:7912
- C:\Windows\System\WtHPIHK.exe
  C:\Windows\System\WtHPIHK.exe
  2⤵
  PID:992
- C:\Windows\System\IGAoVEm.exe
  C:\Windows\System\IGAoVEm.exe
  2⤵
  PID:9208
- C:\Windows\System\XjfSOMn.exe
  C:\Windows\System\XjfSOMn.exe
  2⤵
  PID:7908
- C:\Windows\System\uZQVdkw.exe
  C:\Windows\System\uZQVdkw.exe
  2⤵
  PID:8796
- C:\Windows\System\prIKFEP.exe
  C:\Windows\System\prIKFEP.exe
  2⤵
  PID:7632
- C:\Windows\System\HvhEpGC.exe
  C:\Windows\System\HvhEpGC.exe
  2⤵
  PID:8248
- C:\Windows\System\UOlYVHE.exe
  C:\Windows\System\UOlYVHE.exe
  2⤵
  PID:8724
- C:\Windows\System\wrYRQIo.exe
  C:\Windows\System\wrYRQIo.exe
  2⤵
  PID:7420
- C:\Windows\System\DpUzmpP.exe
  C:\Windows\System\DpUzmpP.exe
  2⤵
  PID:8272
- C:\Windows\System\GCRVCml.exe
  C:\Windows\System\GCRVCml.exe
  2⤵
  PID:8288
- C:\Windows\System\AIkSFAk.exe
  C:\Windows\System\AIkSFAk.exe
  2⤵
  PID:8312
- C:\Windows\System\PfNvtUX.exe
  C:\Windows\System\PfNvtUX.exe
  2⤵
  PID:7272
- C:\Windows\System\lkJHxeR.exe
  C:\Windows\System\lkJHxeR.exe
  2⤵
  PID:8580
- C:\Windows\System\ttaoCVb.exe
  C:\Windows\System\ttaoCVb.exe
  2⤵
  PID:8552
- C:\Windows\System\spNRJtm.exe
  C:\Windows\System\spNRJtm.exe
  2⤵
  PID:8648
- C:\Windows\System\LDYATLB.exe
  C:\Windows\System\LDYATLB.exe
  2⤵
  PID:9024
- C:\Windows\System\huZMGKI.exe
  C:\Windows\System\huZMGKI.exe
  2⤵
  PID:8996
- C:\Windows\System\pDGzxyA.exe
  C:\Windows\System\pDGzxyA.exe
  2⤵
  PID:9064
- C:\Windows\System\hGsNPpU.exe
  C:\Windows\System\hGsNPpU.exe
  2⤵
  PID:9116
- C:\Windows\System\qurBFEV.exe
  C:\Windows\System\qurBFEV.exe
  2⤵
  PID:7756
- C:\Windows\System\lybWUFB.exe
  C:\Windows\System\lybWUFB.exe
  2⤵
  PID:7840
- C:\Windows\System\twQeCgz.exe
  C:\Windows\System\twQeCgz.exe
  2⤵
  PID:8044
- C:\Windows\System\SUeAJGE.exe
  C:\Windows\System\SUeAJGE.exe
  2⤵
  PID:7324
- C:\Windows\System\IolfuDp.exe
  C:\Windows\System\IolfuDp.exe
  2⤵
  PID:8424
- C:\Windows\System\pDZNqDJ.exe
  C:\Windows\System\pDZNqDJ.exe
  2⤵
  PID:8340
- C:\Windows\System\DAJOkVn.exe
  C:\Windows\System\DAJOkVn.exe
  2⤵
  PID:8448
- C:\Windows\System\hDWokBJ.exe
  C:\Windows\System\hDWokBJ.exe
  2⤵
  PID:8212
- C:\Windows\System\APSYCfG.exe
  C:\Windows\System\APSYCfG.exe
  2⤵
  PID:8496
- C:\Windows\System\QXLfstz.exe
  C:\Windows\System\QXLfstz.exe
  2⤵
  PID:8756
- C:\Windows\System\QooXMiG.exe
  C:\Windows\System\QooXMiG.exe
  2⤵
  PID:5996
- C:\Windows\System\UsNfjIc.exe
  C:\Windows\System\UsNfjIc.exe
  2⤵
  PID:8804
- C:\Windows\System\KmTnPUh.exe
  C:\Windows\System\KmTnPUh.exe
  2⤵
  PID:8816
- C:\Windows\System\plpZdWo.exe
  C:\Windows\System\plpZdWo.exe
  2⤵
  PID:9104
- C:\Windows\System\kHntIZs.exe
  C:\Windows\System\kHntIZs.exe
  2⤵
  PID:7256
- C:\Windows\System\bSnSiCH.exe
  C:\Windows\System\bSnSiCH.exe
  2⤵
  PID:7792
- C:\Windows\System\TPWTsCj.exe
  C:\Windows\System\TPWTsCj.exe
  2⤵
  PID:8568
- C:\Windows\System\PLMyNvJ.exe
  C:\Windows\System\PLMyNvJ.exe
  2⤵
  PID:8376
- C:\Windows\System\NjORESB.exe
  C:\Windows\System\NjORESB.exe
  2⤵
  PID:8616
- C:\Windows\System\pfSYLzN.exe
  C:\Windows\System\pfSYLzN.exe
  2⤵
  PID:6432
- C:\Windows\System\QoXJgtC.exe
  C:\Windows\System\QoXJgtC.exe
  2⤵
  PID:9100
- C:\Windows\System\sxKUjdw.exe
  C:\Windows\System\sxKUjdw.exe
  2⤵
  PID:8900
- C:\Windows\System\HgvpNXi.exe
  C:\Windows\System\HgvpNXi.exe
  2⤵
  PID:7416
- C:\Windows\System\XDFySJQ.exe
  C:\Windows\System\XDFySJQ.exe
  2⤵
  PID:6776
- C:\Windows\System\NHstQcG.exe
  C:\Windows\System\NHstQcG.exe
  2⤵
  PID:9132
- C:\Windows\System\TgfcVIa.exe
  C:\Windows\System\TgfcVIa.exe
  2⤵
  PID:9140
- C:\Windows\System\DekyeuB.exe
  C:\Windows\System\DekyeuB.exe
  2⤵
  PID:8244
- C:\Windows\System\uMoMKlb.exe
  C:\Windows\System\uMoMKlb.exe
  2⤵
  PID:8604
- C:\Windows\System\FdGcwTX.exe
  C:\Windows\System\FdGcwTX.exe
  2⤵
  PID:7720
- C:\Windows\System\taAjpiY.exe
  C:\Windows\System\taAjpiY.exe
  2⤵
  PID:8528
- C:\Windows\System\FIUVnlV.exe
  C:\Windows\System\FIUVnlV.exe
  2⤵
  PID:8292
- C:\Windows\System\ehAGisF.exe
  C:\Windows\System\ehAGisF.exe
  2⤵
  PID:9128
- C:\Windows\System\jpJWqYl.exe
  C:\Windows\System\jpJWqYl.exe
  2⤵
  PID:9236
- C:\Windows\System\qHVUyHB.exe
  C:\Windows\System\qHVUyHB.exe
  2⤵
  PID:9260
- C:\Windows\System\tlYteNh.exe
  C:\Windows\System\tlYteNh.exe
  2⤵
  PID:9276
- C:\Windows\System\frKyZxR.exe
  C:\Windows\System\frKyZxR.exe
  2⤵
  PID:9292
- C:\Windows\System\hUlTFwl.exe
  C:\Windows\System\hUlTFwl.exe
  2⤵
  PID:9312
- C:\Windows\System\yoTWRNO.exe
  C:\Windows\System\yoTWRNO.exe
  2⤵
  PID:9344
- C:\Windows\System\vzVDrMh.exe
  C:\Windows\System\vzVDrMh.exe
  2⤵
  PID:9360
- C:\Windows\System\bWTzxUN.exe
  C:\Windows\System\bWTzxUN.exe
  2⤵
  PID:9376
- C:\Windows\System\ksupYhD.exe
  C:\Windows\System\ksupYhD.exe
  2⤵
  PID:9404
- C:\Windows\System\WFomDGv.exe
  C:\Windows\System\WFomDGv.exe
  2⤵
  PID:9420
- C:\Windows\System\hsWmWLM.exe
  C:\Windows\System\hsWmWLM.exe
  2⤵
  PID:9440
- C:\Windows\System\KfFeAJV.exe
  C:\Windows\System\KfFeAJV.exe
  2⤵
  PID:9460
- C:\Windows\System\yUZHsWn.exe
  C:\Windows\System\yUZHsWn.exe
  2⤵
  PID:9480
- C:\Windows\System\zMYROpg.exe
  C:\Windows\System\zMYROpg.exe
  2⤵
  PID:9500
- C:\Windows\System\VBdFFis.exe
  C:\Windows\System\VBdFFis.exe
  2⤵
  PID:9524
- C:\Windows\System\ZyBixLi.exe
  C:\Windows\System\ZyBixLi.exe
  2⤵
  PID:9540
- C:\Windows\System\ayXLXTj.exe
  C:\Windows\System\ayXLXTj.exe
  2⤵
  PID:9560
- C:\Windows\System\LNKVFQG.exe
  C:\Windows\System\LNKVFQG.exe
  2⤵
  PID:9584
- C:\Windows\System\BJuQXxU.exe
  C:\Windows\System\BJuQXxU.exe
  2⤵
  PID:9600
- C:\Windows\System\UpCZjJD.exe
  C:\Windows\System\UpCZjJD.exe
  2⤵
  PID:9616
- C:\Windows\System\CWmGrta.exe
  C:\Windows\System\CWmGrta.exe
  2⤵
  PID:9636
- C:\Windows\System\UTsviAZ.exe
  C:\Windows\System\UTsviAZ.exe
  2⤵
  PID:9652
- C:\Windows\System\ylZkGym.exe
  C:\Windows\System\ylZkGym.exe
  2⤵
  PID:9676
- C:\Windows\System\hXWJavw.exe
  C:\Windows\System\hXWJavw.exe
  2⤵
  PID:9700
- C:\Windows\System\dUNAIzA.exe
  C:\Windows\System\dUNAIzA.exe
  2⤵
  PID:9716
- C:\Windows\System\lyDQGLo.exe
  C:\Windows\System\lyDQGLo.exe
  2⤵
  PID:9732
- C:\Windows\System\sdrjyMs.exe
  C:\Windows\System\sdrjyMs.exe
  2⤵
  PID:9756
- C:\Windows\System\HkpBrVB.exe
  C:\Windows\System\HkpBrVB.exe
  2⤵
  PID:9780
- C:\Windows\System\Zqbvklk.exe
  C:\Windows\System\Zqbvklk.exe
  2⤵
  PID:9800
- C:\Windows\System\VHZPSIa.exe
  C:\Windows\System\VHZPSIa.exe
  2⤵
  PID:9820
- C:\Windows\System\AtKTnzq.exe
  C:\Windows\System\AtKTnzq.exe
  2⤵
  PID:9840
- C:\Windows\System\NPRuskG.exe
  C:\Windows\System\NPRuskG.exe
  2⤵
  PID:9872
- C:\Windows\System\DcsjQxL.exe
  C:\Windows\System\DcsjQxL.exe
  2⤵
  PID:9892
- C:\Windows\System\LOEPFcC.exe
  C:\Windows\System\LOEPFcC.exe
  2⤵
  PID:9912
- C:\Windows\System\uIqBsAN.exe
  C:\Windows\System\uIqBsAN.exe
  2⤵
  PID:9928
- C:\Windows\System\aUkmPsF.exe
  C:\Windows\System\aUkmPsF.exe
  2⤵
  PID:9952
- C:\Windows\System\wdacqGr.exe
  C:\Windows\System\wdacqGr.exe
  2⤵
  PID:9972
- C:\Windows\System\klDKgtN.exe
  C:\Windows\System\klDKgtN.exe
  2⤵
  PID:9992
- C:\Windows\System\irJGDcl.exe
  C:\Windows\System\irJGDcl.exe
  2⤵
  PID:10012
- C:\Windows\System\VAReAVy.exe
  C:\Windows\System\VAReAVy.exe
  2⤵
  PID:10028
- C:\Windows\System\jwjZVYE.exe
  C:\Windows\System\jwjZVYE.exe
  2⤵
  PID:10048
- C:\Windows\System\wCpxZmw.exe
  C:\Windows\System\wCpxZmw.exe
  2⤵
  PID:10072
- C:\Windows\System\yEuatYx.exe
  C:\Windows\System\yEuatYx.exe
  2⤵
  PID:10092
- C:\Windows\System\DFzNjQh.exe
  C:\Windows\System\DFzNjQh.exe
  2⤵
  PID:10108
- C:\Windows\System\ZnkIBLL.exe
  C:\Windows\System\ZnkIBLL.exe
  2⤵
  PID:10132
- C:\Windows\System\hRrPaCE.exe
  C:\Windows\System\hRrPaCE.exe
  2⤵
  PID:10148
- C:\Windows\System\bOoTWcL.exe
  C:\Windows\System\bOoTWcL.exe
  2⤵
  PID:10164
- C:\Windows\System\feBrhmL.exe
  C:\Windows\System\feBrhmL.exe
  2⤵
  PID:10196
- C:\Windows\System\zPbcgAO.exe
  C:\Windows\System\zPbcgAO.exe
  2⤵
  PID:10212
- C:\Windows\System\EDUDWyf.exe
  C:\Windows\System\EDUDWyf.exe
  2⤵
  PID:10228
- C:\Windows\System\XcWlsRb.exe
  C:\Windows\System\XcWlsRb.exe
  2⤵
  PID:9220
- C:\Windows\System\WymuHOZ.exe
  C:\Windows\System\WymuHOZ.exe
  2⤵
  PID:9244
- C:\Windows\System\rzmzxgN.exe
  C:\Windows\System\rzmzxgN.exe
  2⤵
  PID:9268
- C:\Windows\System\LWJQkPB.exe
  C:\Windows\System\LWJQkPB.exe
  2⤵
  PID:9304
- C:\Windows\System\zaCDVfm.exe
  C:\Windows\System\zaCDVfm.exe
  2⤵
  PID:6364
- C:\Windows\System\wYLZYQo.exe
  C:\Windows\System\wYLZYQo.exe
  2⤵
  PID:9340
- C:\Windows\System\OJdACBg.exe
  C:\Windows\System\OJdACBg.exe
  2⤵
  PID:9384
- C:\Windows\System\gukzguB.exe
  C:\Windows\System\gukzguB.exe
  2⤵
  PID:9416
- C:\Windows\System\MElPqXU.exe
  C:\Windows\System\MElPqXU.exe
  2⤵
  PID:9492
- C:\Windows\System\kROapkE.exe
  C:\Windows\System\kROapkE.exe
  2⤵
  PID:9516
- C:\Windows\System\DCDSBhN.exe
  C:\Windows\System\DCDSBhN.exe
  2⤵
  PID:9568
- C:\Windows\System\rcJIxqD.exe
  C:\Windows\System\rcJIxqD.exe
  2⤵
  PID:9596
- C:\Windows\System\KaASqug.exe
  C:\Windows\System\KaASqug.exe
  2⤵
  PID:9628
- C:\Windows\System\UvqtfkB.exe
  C:\Windows\System\UvqtfkB.exe
  2⤵
  PID:9692
- C:\Windows\System\wukgXFr.exe
  C:\Windows\System\wukgXFr.exe
  2⤵
  PID:9708
- C:\Windows\System\YyroAOR.exe
  C:\Windows\System\YyroAOR.exe
  2⤵
  PID:9744
- C:\Windows\System\jsRElhA.exe
  C:\Windows\System\jsRElhA.exe
  2⤵
  PID:9748
- C:\Windows\System\oDPpisn.exe
  C:\Windows\System\oDPpisn.exe
  2⤵
  PID:9828
- C:\Windows\System\OBigsIH.exe
  C:\Windows\System\OBigsIH.exe
  2⤵
  PID:9852
- C:\Windows\System\eGkPAvu.exe
  C:\Windows\System\eGkPAvu.exe
  2⤵
  PID:9880
- C:\Windows\System\BYzZHaH.exe
  C:\Windows\System\BYzZHaH.exe
  2⤵
  PID:9904
- C:\Windows\System\rCVNaAG.exe
  C:\Windows\System\rCVNaAG.exe
  2⤵
  PID:9924
- C:\Windows\System\RWornMT.exe
  C:\Windows\System\RWornMT.exe
  2⤵
  PID:9964
- C:\Windows\System\QMXBHcM.exe
  C:\Windows\System\QMXBHcM.exe
  2⤵
  PID:10000
- C:\Windows\System\GxsCWbl.exe
  C:\Windows\System\GxsCWbl.exe
  2⤵
  PID:10036
- C:\Windows\System\taAjcZZ.exe
  C:\Windows\System\taAjcZZ.exe
  2⤵
  PID:10104
- C:\Windows\System\EacTygQ.exe
  C:\Windows\System\EacTygQ.exe
  2⤵
  PID:10144
- C:\Windows\System\hFaZeEp.exe
  C:\Windows\System\hFaZeEp.exe
  2⤵
  PID:10156
- C:\Windows\System\aIunFnE.exe
  C:\Windows\System\aIunFnE.exe
  2⤵
  PID:10236
- C:\Windows\System\zLkEmFM.exe
  C:\Windows\System\zLkEmFM.exe
  2⤵
  PID:9284
- C:\Windows\System\aqjXPaV.exe
  C:\Windows\System\aqjXPaV.exe
  2⤵
  PID:9332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ACeofWF.exe

Filesize
6.0MB

MD5
e08c928ff9534be53b3a910ce8cfa4c0

SHA1
cd86bfc34a6511e99bbcb95bbb8de1b5287a42e9

SHA256
af568186f5be2f0c1ca1b302df39b1465f54d0920ac6ee04c620af6e771e4761

SHA512
ffc29c3ee35f2fc073e8e6016ef49810038b4b34ff130ea2b6f8f0dc2b63e7158ae089ce5f6fa04889c7777c7774e86d43e05747a16732571ebacdbf84d75b55

Download Submit
C:\Windows\system\AxmgEOy.exe

Filesize
6.0MB

MD5
89f69a52eec9e2557e15c2ae8c646c8b

SHA1
6ccbaf22a9065f0ff2bddf5defe3044499d16fda

SHA256
13e33230e636c6c9859f8a811624cfcb3373a342fea12bd1658be9c909e4a6e3

SHA512
21e060188b67d0b98fff7b5520ff0771b4e99795b6a68f6af953f7af5f5ef967312eb659c425afd851afcd3eb214869540f839880f3fd293f978a6dcdd68ece2

Download Submit
C:\Windows\system\FmywKJe.exe

Filesize
6.0MB

MD5
4a804f150ab2b5b0d77095a2ad3f88fd

SHA1
5cd0eee861aa5b3bd0bb32f44032e04429383df1

SHA256
0a6f0dc901b26355ff8be982ffcc6ea3e05e004085f60e9ea894bd4418e69c76

SHA512
f806ac48804e967244e2fc1264825f6841911607dba4ba467c3d45b1b288fe6660a66d9740f94cd1802f3c08af2c99eb5e10ea3a8163990e6758bda99174d13b

Download Submit
C:\Windows\system\MAYUGMv.exe

Filesize
6.0MB

MD5
5185467eab095ebe2558bb92b26527ca

SHA1
e24c98c76295276a1dea24584c77b372e0d04ef8

SHA256
4a5332a0cd3a545933ab55c801ff00d3536e8ca77f3791b96182dbaf088cd2df

SHA512
cabbbfd5e21d22efb63ea6f36eda15a4ad164a0c917dd376e8df11bbeb65620799f61a02e7c9fd5a421c27225d5a90936c834d926d3d4de4c7ca19ae86ff071d

Download Submit
C:\Windows\system\NaQsdyd.exe

Filesize
6.0MB

MD5
2b99f8db04cb63a06205c76592e8e645

SHA1
aa37fa1cdf921e408a07e4bb9979abdb232b6002

SHA256
70b65b25132f32d0719a713c9ca2a8c3134f87808900d32a4eba764a32ef46fb

SHA512
e7992a48e4e020b85ad97ab225ccfb6e6f2902891c9d02cd29a309fbf25a04eac70d197208d46b07ae3abf226e95bf8e00f5f742cccd130ecbc5097a649f138a

Download Submit
C:\Windows\system\QUPiDNW.exe

Filesize
6.0MB

MD5
2cb4c5863003a6d69dffe7ead51255b4

SHA1
32d17aefe255eca84efc8f3337698391c20a2e06

SHA256
37ac5ec9c24cb6415bfe2af1de2c6c7c255f0ebca4584d43d159ce022a166540

SHA512
32b08d52a4470c90c0b1231345df99f4ff06c1955afa1a0c5ef47a3c2c946eb4a690af8ccc14e99e1a87c08e5e1c8f7416a9a2ddd1f142b80642f1c726e50e88

Download Submit
C:\Windows\system\SAPflBn.exe

Filesize
6.0MB

MD5
3d397cd5e55053d4393261f85dc9aac1

SHA1
96dda86ce1e0eaf5f1ceced5953652c80beb5bcf

SHA256
8bf474ef9cc131497db93dca52b09f7ec6c11ae6a50646417135b0c023225f92

SHA512
37fb13c930332091b82a2cdf9202f7fa605420594f7dd386e91fc8d797410c7502e01c54d4dba81e62656ade76a196d353cd299d0bc1c79fabe9d3353a9ddb2a

Download Submit
C:\Windows\system\UKZrzIq.exe

Filesize
6.0MB

MD5
ca4bf2873e1fd64b0e169b9d2160629b

SHA1
9a4d4dcd15bd4d0c7e0d580eb014f83a0b8046a1

SHA256
add0547234656b0e9c8ada6d11f6d0bbb3ac2ec66a62e3ec53fa7b3ddc3a303f

SHA512
38bec6ea57647f9c21f62b14c4c5f066b0b51691437ee2d49139d48269c3b6c68fad301ed73fea68f6165fb690ae453d2e0655f848b5686e57fbfb20169e66ae

Download Submit
C:\Windows\system\XOLDHul.exe

Filesize
6.0MB

MD5
9ed532b633c81f468522021c49c7a0d7

SHA1
d094dc0462e69fcd5a43870a50e1241f3948ab5f

SHA256
b13d85bbd08c4868e3b349aebee6f34f89fee859a7167fe32d8e45bac70db59b

SHA512
e8f42e0a07791d2ba97c53614a26265f52f8825970b667c719d8d9c0df2a5d9209387a6b3b5a74da0efb442b6398617df025a54e86a6781bc571efba84d232d3

Download Submit
C:\Windows\system\XTmXczq.exe

Filesize
6.0MB

MD5
38864a18bfa2e0991ec7917f3dd40c50

SHA1
a466ac0b87fed202dad91e2c59a3994e651e7ea2

SHA256
4052c8bbbf9bbb5c952bb62bd71d19ebfbf6813b7cd299c55c902af14f6ac927

SHA512
9df56d4fe2d713dfac8d79f38017ef1056396ce1c220f07fe725b920a5f0d56d1dd4a00102caec89ed249a9593715364ed6c1a3f163ee63cd1adf3236d588fd2

Download Submit
C:\Windows\system\XjmgRkI.exe

Filesize
6.0MB

MD5
992736f14dfed7945c7b32614749efc8

SHA1
3af92b6b3b066e5a039c0d27d514c2a19dd9cdd5

SHA256
2a2e6df2c4b957eed3c7761841480b4d75d572a8c680fe26ab53d23574f6fba5

SHA512
0eb833c5a53fb55613743a9904724fd1eb9b5e82e2fca4eeacecde3a2f5e875aec5f59aa5b1cdb0b3a3709260e9b05744145a831d8a24abb108709193f023ac9

Download Submit
C:\Windows\system\YLHlmXh.exe

Filesize
6.0MB

MD5
69690d5dfd7c63beb6c072ebbbd801dc

SHA1
128c5849fd0804d324994f95e87f192fa756acee

SHA256
10a6dc4aa243b2e9f31870c0d9fecdacfd766a62ac1461a22d54ed320428cda8

SHA512
4b74282d6f0661a0628ba03a00c9780269e7e85c60e3a73352a5b71597be64d7daa3d5a440e7e84d89b8b7bd59e299c08f9cdc49084380a8aea4c406294984e0

Download Submit
C:\Windows\system\YcaBvoL.exe

Filesize
6.0MB

MD5
e4f804d7ee06439a82f734b9f4755ca1

SHA1
2fed06e5500047a104b8ebcf6efb4967b28dd84e

SHA256
24cc7b23519334a11f4be5c077599454174ba1de5d961a2fb645aa9825c1a719

SHA512
2e6bc8a11b24f56995101fd2422c24b9977562ef855f2f9e8f89db7aa64f60d3027456ad392f9cf9a23e68e196f04de76e54a27db3900d2f7bd6c014e756303c

Download Submit
C:\Windows\system\ZdQEIUP.exe

Filesize
6.0MB

MD5
b88575a1d4278ba73345220e053d3ceb

SHA1
164372f231f39c6db85c51ad2671fc3ba103c857

SHA256
5c5b1907d21424be2640276ccf2b101922796ba1e9b0603a604f7d514dbf3e2f

SHA512
752b4ebdf673ce8083ba8e30547f450c6dbe5828b12d9cdd011838b522ec4d4c02dab993ca2e6063e1f239ef88dd2dbd47e37844ebf4a68ea5cedeb0df4d7348

Download Submit
C:\Windows\system\dZiZXHy.exe

Filesize
6.0MB

MD5
075eab75e1a9428b01de5bcb1bfcc1a7

SHA1
fc47422396accc9de2118034e3fffb53fa549374

SHA256
cc1482b73e04d6e41d50e337969057f7a90b75e4814c3ae9d94210a6591c0678

SHA512
2c12bec03e4c6dc490b7a80b01f0bb808aeeb0d3604417a69cf235c68e8e531997fa2f423aad182e66bd54345bfe6aaef34e522d37e9c6514c4ccc6d299ccae7

Download Submit
C:\Windows\system\gQsbxVz.exe

Filesize
6.0MB

MD5
0c865ef28fb75766e4bf947374957b7c

SHA1
7add8123aa4ec7453832c5cf03fdf9ec2ae8ae71

SHA256
3f5829663610a7b371b8014e3e7bfe1f999ab7f34a20ffd9b8ddd63a52cfb1bd

SHA512
1b543fdee1d238f85fd1eee050d2f00dc2da554c17abf102ed1ac13adef939605e00845f49fcd9525fd22bc524b67eb29112eefc7decbd92e10f9ce09d73c18d

Download Submit
C:\Windows\system\jEsSMoS.exe

Filesize
6.0MB

MD5
d998f4c9f5330a720eebc87c95f0198d

SHA1
7ac5f8f71d18ed561a9b68f8249896f7f7363f79

SHA256
a8c75b7a635f6ac8d1fe07bfd726e6da19b04a9fbd9b887b17764ac9fe2ceed4

SHA512
2ae1849afda07acb890eb240946edaf08c0b31fbb2cdecbcf8a612f66ed8bc639986d5ebc57679f273671353035de82c35fe499d84755d5502fd2e7b136389ad

Download Submit
C:\Windows\system\ruTlsSx.exe

Filesize
6.0MB

MD5
3f6c1da09b0663f0439d785abdd16611

SHA1
53a0325722af27d0617abe27d82a4463258e1851

SHA256
ea237517294af3bb462deabdf7e64b687d15546ccdc6fdb5dc344ccc1586eb38

SHA512
9623b171ddf37c098bd1c1ec17efb43bb71a44b771deeee0eb452eba73454672a48fa884af7034ae9ee04f4496f9b1f2fed25c4270373ae7a5d196c9c74c39af

Download Submit
C:\Windows\system\sqXBtnU.exe

Filesize
6.0MB

MD5
ff092e9fa8a575b745ec93c12bf2bbfa

SHA1
556e3b6f56b247d660b26fe21d2aa5f643a42857

SHA256
9d55cf943959e2e51d50b1add0e3ad927099c5cd5805b9a60648fdc7d3342688

SHA512
25785bb140a06f72f573078e242cc43833fc30e4ea40af72701519b6697ea13f9095fb65d45ff015a813ad0a8cc501a5938de51bf855f445d2bcbb9c5ea54eb2

Download Submit
C:\Windows\system\tunTePf.exe

Filesize
6.0MB

MD5
fbf1f0b3d670a50e70392a35dd932ff5

SHA1
c793035c2740c7d992ae462c51a8021d918f1256

SHA256
ff7615e3234ad3091854845dce6a7c9e9698ad26de3ca6ba2476601422139bce

SHA512
e9c2447b6329d60d92818d8e908dacbfb405db6d317a25c9d1759fcecd63e1522686e2871d505654b291e0fd3c53660df48a94e3676406ccb9d2dd8f9b6b5a7a

Download Submit
C:\Windows\system\uawlXed.exe

Filesize
6.0MB

MD5
2e2574a2b0368fcc206ee445befaa620

SHA1
164ad5466fc1db8673f0dbeda7db96ce63251b8e

SHA256
047132b84c6a27f5c02927c58c2fcbf9f4ce1e6ccda98bc74f9a27cafd708ff4

SHA512
e01d5589509036b52c7b161a63cbfffe344f633dd06388336889b4504677cb334695ca6d66af69b6a78758b5d36a8109aa352d6ebef6bbb9396890118165ceea

Download Submit
C:\Windows\system\xcYtyEu.exe

Filesize
6.0MB

MD5
f1833d1137bea0f509f9989790b4ef6c

SHA1
8269fb74a0aac663f6f97632e845b16793c55e70

SHA256
54742f913ec6b512f944a52ec1088cc83a6505c1ce5eea1884c33709c394563e

SHA512
1c5ae51f160d2668633c0deedccbe10cb7a78913621f96229e561f699ba4a6f8a8156863fa730e59594364e1a85be74b58a937eb7c307cfd12b91987d7f3336a

Download Submit
C:\Windows\system\zGhIHXF.exe

Filesize
6.0MB

MD5
8b420725634ac7d1d651120cb2dbc043

SHA1
5d2b8f49053a337741be4c4d75e275ffb295b49b

SHA256
0bd77f8794dca480bdbd2254aa71e5df74165cf1b6b4163a62f97340a3693647

SHA512
1c708c117ecd05c1987bcfa268b8d496c66182c3709fbeba6495b356958655dcdf889a3a02f1014d7c86f679fb90f881cd03d57dc742800001e77d4dbe50479c

Download Submit
\Windows\system\AAkueeJ.exe

Filesize
6.0MB

MD5
d4ef966953db27c6860b92eb9a3bd908

SHA1
77e0e25d27438353b1364e846538bf1751ee83a8

SHA256
57dc432ff03e806232049d27b7e16f198abcccb057a93c24bfd63cd5697269a3

SHA512
c3726ccceca724b7639261f85a05d26162c4e83da37cbe387855c508fcde7f9fc27767728273a747efd11a25862efafac4ca87e395e5740f242ee27edd3ae2e8

Download Submit
\Windows\system\AzemVQR.exe

Filesize
6.0MB

MD5
56949eb260ff064c8f5b4cda91e2721a

SHA1
628418cd0f7503bf4b298a4adc2a661e72632818

SHA256
9c009c9aaa5d17d8b7c04dbcfc6a5203ea4233c00790a0b1634b0a9d6f351883

SHA512
c930854071c1a58c2359452ab20fe864783d922d30f6576f425b4245cd6c4570d525e7913657e836ed2ce72ca8b85afa869c0b75d82feef398034d57990954df

Download Submit
\Windows\system\HWkoSRT.exe

Filesize
6.0MB

MD5
3f376e39036821e19df843688000fe14

SHA1
f7f28dc9eb202d5fcd5bfc0d48c89c8bb65810b1

SHA256
6ab163976546f66327e430619e6c6c0d84c12648538d66bd26d6c21e5b4f7465

SHA512
337561f852be21834dcd8bc303db6261144cbfae12ade5e49451bfaadbf5939297716aeaf7de5ac49c93889469775ce38a3b3c3e5241a1f8cf3ea77c29bee6b9

Download Submit
\Windows\system\JoGnrdQ.exe

Filesize
6.0MB

MD5
24e1f24bfc18dcd07508749e25c4d0b1

SHA1
4f90b4457573c6654ea7a19a361fbfcc4cd0e901

SHA256
59d6a6a5ecc4fb1075b82c35e20860b084c7b909142ec26cc89ac202fbbdc23d

SHA512
91f5f770063c41af08f6cd34845f4391c7c20511e88749b33ebd687314dc357f0dacdfa9bd66c807d6cd4c2adf1bc14476b6e72d96157f78eba67936297414c1

Download Submit
\Windows\system\WQpQEqF.exe

Filesize
6.0MB

MD5
b39012fe0362609bdd5eb193634985fb

SHA1
7797f7ef7d42986a94642accbe5b0ca68380de3a

SHA256
876362ba2321300c1dd56d2150f2cc60ce41e874ab9d8ec3c37b31b78174feb1

SHA512
62d904fa343ccb603716a40f1d44b07c21a187aa07c84f1c95c547412d95d358bdb5adcf1055ebff2ada1461a5ef05c025f1c055ad1c2fa09a906a1a848a48c2

Download Submit
\Windows\system\edLJKMO.exe

Filesize
6.0MB

MD5
347d4d72f361caf4c7c88be47e80d4cb

SHA1
a2376d24491b1c10bb842d042b6285351de15880

SHA256
a0ed06692c6290044fad5459aff504d9d92e1805f55140abd9afb886a60d9fb0

SHA512
36d4a29489010780c43b03127d1aad27fe8e2abc448091404830fd6e37fef3d60929790b3c940a59f58ddd813501e2b05364479cf684e45bf9a128abed0bbb10

Download Submit
\Windows\system\kAQkenV.exe

Filesize
6.0MB

MD5
1a7715a9fbf62e07c75148182f294bfb

SHA1
45cfb4de698f664447ebde281b3c9d56fa72305d

SHA256
13742b58c1b21530af2b70575a43654b0a3cb57790c095f0a15e300f95261abd

SHA512
5ea2c5071fcdfc1f1202c77fdf920dfa64a424188e2b19f478658afd7d2fc10d899b156b8b0b99f01d07fb2253c1e5d0d5732033810ea25b64b7cfbdab0843bb

Download Submit
\Windows\system\lqLtioU.exe

Filesize
6.0MB

MD5
ad157ebb000d9773fdfa6556f402c7f7

SHA1
0a4bc9753fc0c238c09b9d2614ac66a8342c1607

SHA256
aa29c1c0828bcdf9e690276240dee596cc9233337a265ef91ac702b78964f00a

SHA512
708fda283598f1377eec4939bf747c2a15fca0acfccbec5d4a81faf26c9da52f63d2eb88da5eae1f4233e3d7565d6ea8d1300140b58eb456919317f16fc2251d

Download Submit
\Windows\system\wHLIMDp.exe

Filesize
6.0MB

MD5
ae15e0ac0f43dc81b0a1d9cd854cd0dc

SHA1
f3dd3e8eaeebae339d7cebfb0c1a2ab9e7b15309

SHA256
09defe7103c934510ee453e410ebfc568c1286bdf8579aab0c7af318c53e03bf

SHA512
320ba0ea5cd5eaf939bbf2277d795c96c980b2e5daf3affd057ce0739affb5e261b40c53b0df602f386bf9c7b6c56d0cbbbf221391e5e2b8fdcbf2afb95c1b80

Download Submit
memory/1644-84-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1644-119-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1644-3303-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1712-100-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1712-3358-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/1992-102-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/1992-3359-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2088-101-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2088-62-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-0-0x000000013F160000-0x000000013F4B4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/2088-50-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2088-57-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-8-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-106-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2088-93-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-41-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-67-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-59-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-282-0x000000013F940000-0x000000013FC94000-memory.dmp

Filesize
3.3MB

Download
memory/2088-63-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-81-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-75-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-187-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-20-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2088-27-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3114-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2160-9-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/2468-116-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-79-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2468-3300-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-65-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-3172-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/2644-3187-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2644-71-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2644-110-0x000000013F2F0000-0x000000013F644000-memory.dmp

Filesize
3.3MB

Download
memory/2716-61-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3162-0x000000013F350000-0x000000013F6A4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3180-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-64-0x000000013F070000-0x000000013F3C4000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3152-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2796-56-0x000000013F7D0000-0x000000013FB24000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3121-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-14-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-78-0x000000013F680000-0x000000013F9D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-3153-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2844-36-0x000000013F380000-0x000000013F6D4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-3124-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2864-22-0x000000013F770000-0x000000013FAC4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-3158-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-85-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2916-47-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download