cobaltstrike | b42d39342ad5ea505ae50bb4b305b5ffd8f0d8309d767ac741f6b09efd349f98

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23-11-2024 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

c869ef80fb5028b2276b84f83411224f
SHA1

adafbfbdf24dcb8633e64df0ab7ab6830ae4c0d8
SHA256

b42d39342ad5ea505ae50bb4b305b5ffd8f0d8309d767ac741f6b09efd349f98
SHA512

c97054fe27e35ea2d098ee5451e3cbec936c92dc37a213a32464af6e332e351ac67f6a75a9b4522f82b5aadc6c62d7ecd65a88d0e5aae8791aaba8657e49f14e
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUN:T+q56utgpPF8u/7N

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0003000000012000-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000017079-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000017488-38.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000174cc-51.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-99.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019615-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019619-193.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019611-181.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019617-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019609-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960d-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-148.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019613-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960f-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019582-139.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960b-152.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-137.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-117.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-105.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-92.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-76.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-69.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000019282-58.dat	cobalt_reflective_dll
behavioral1/files/0x000a000000017492-47.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a7-16.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000173a9-29.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d89-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2212-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x0003000000012000-6.dat	xmrig
behavioral1/memory/2824-32-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2752-35-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x0008000000017079-19.dat	xmrig
behavioral1/files/0x0007000000017488-38.dat	xmrig
behavioral1/memory/2212-56-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/files/0x00090000000174cc-51.dat	xmrig
behavioral1/memory/2900-71-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/memory/2596-81-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2876-95-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x00050000000193e1-99.dat	xmrig
behavioral1/files/0x0005000000019427-112.dat	xmrig
behavioral1/files/0x0005000000019461-133.dat	xmrig
behavioral1/files/0x0005000000019615-188.dat	xmrig
behavioral1/memory/2160-533-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/memory/2876-711-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/memory/2220-354-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2212-352-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019619-193.dat	xmrig
behavioral1/files/0x0005000000019611-181.dat	xmrig
behavioral1/files/0x0005000000019617-185.dat	xmrig
behavioral1/files/0x0005000000019609-161.dat	xmrig
behavioral1/files/0x000500000001960d-158.dat	xmrig
behavioral1/files/0x00050000000195c5-148.dat	xmrig
behavioral1/files/0x0005000000019613-174.dat	xmrig
behavioral1/files/0x000500000001960f-165.dat	xmrig
behavioral1/files/0x0005000000019582-139.dat	xmrig
behavioral1/files/0x000500000001960b-152.dat	xmrig
behavioral1/files/0x000500000001944f-129.dat	xmrig
behavioral1/files/0x0005000000019441-122.dat	xmrig
behavioral1/files/0x000500000001950c-137.dat	xmrig
behavioral1/files/0x0005000000019431-117.dat	xmrig
behavioral1/memory/2900-108-0x000000013FE80000-0x00000001401D4000-memory.dmp	xmrig
behavioral1/files/0x000500000001941e-105.dat	xmrig
behavioral1/memory/2044-102-0x000000013F780000-0x000000013FAD4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c2-92.dat	xmrig
behavioral1/memory/2160-88-0x000000013FCD0000-0x0000000140024000-memory.dmp	xmrig
behavioral1/files/0x00050000000193b4-85.dat	xmrig
behavioral1/memory/2220-80-0x000000013F170000-0x000000013F4C4000-memory.dmp	xmrig
behavioral1/memory/2752-78-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x0005000000019350-76.dat	xmrig
behavioral1/files/0x0005000000019334-69.dat	xmrig
behavioral1/memory/2672-65-0x000000013F050000-0x000000013F3A4000-memory.dmp	xmrig
behavioral1/memory/2600-64-0x000000013FAB0000-0x000000013FE04000-memory.dmp	xmrig
behavioral1/memory/2680-63-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2212-54-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/files/0x0007000000019282-58.dat	xmrig
behavioral1/memory/2596-40-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2564-50-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x000a000000017492-47.dat	xmrig
behavioral1/files/0x00070000000173a7-16.dat	xmrig
behavioral1/memory/2744-33-0x000000013FE00000-0x0000000140154000-memory.dmp	xmrig
behavioral1/files/0x00070000000173a9-29.dat	xmrig
behavioral1/memory/2792-12-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2212-28-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d89-26.dat	xmrig
behavioral1/memory/2680-25-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2824-3218-0x000000013FF80000-0x00000001402D4000-memory.dmp	xmrig
behavioral1/memory/2680-3219-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2792-3223-0x000000013FDC0000-0x0000000140114000-memory.dmp	xmrig
behavioral1/memory/2596-3239-0x000000013F280000-0x000000013F5D4000-memory.dmp	xmrig
behavioral1/memory/2752-3243-0x000000013F1B0000-0x000000013F504000-memory.dmp	xmrig
behavioral1/memory/2564-3246-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2792	njoVDcD.exe
2680	IQRsHsz.exe
2824	CXriRmI.exe
2744	zePQHzy.exe
2752	XxeYFmF.exe
2596	riAnZcE.exe
2564	cPHqUjJ.exe
2600	szuOMpI.exe
2672	COcDeow.exe
2900	URnEXsJ.exe
2220	YdzRfpk.exe
2160	VoBLXiN.exe
2876	BMsWrQs.exe
2044	cIjPSow.exe
1424	MOARtWI.exe
2640	RNkHBRR.exe
2896	MOkDyvG.exe
1820	BBCzgjT.exe
540	LDEnrBx.exe
264	IWBYXhp.exe
2404	FfMxsdx.exe
2272	sFJJEgR.exe
2344	iQsrGzc.exe
2172	YjDTgWi.exe
1260	tbYPkat.exe
2108	HoHiHOl.exe
2316	EaHodbh.exe
1084	frSPeov.exe
1920	fuDQmJh.exe
1716	qQLSLIc.exe
1604	yrbEcmn.exe
760	Qqhprcd.exe
568	WgTZaxl.exe
2956	MfWNIua.exe
2484	SGHIlTt.exe
1776	zBkPdQz.exe
1780	lpKrpDl.exe
1324	LNkWeHd.exe
848	IPAOzVP.exe
1656	WwHhlTS.exe
3028	UWafeDu.exe
2092	sKlIRqD.exe
2000	Uegdzcq.exe
2408	wdYCeiT.exe
2972	SjaLPpq.exe
2452	kCYAlyg.exe
2324	vuwRUPv.exe
2480	QcOsclg.exe
1320	FXnaSCh.exe
892	wYHRvas.exe
3032	ScGbuBg.exe
2696	JOyQSPw.exe
2372	QgimVNr.exe
2804	yHzyZGZ.exe
1584	NJwNKEB.exe
2576	RgpdXFS.exe
2916	yXjKaAy.exe
2720	CQENGWN.exe
2592	oWOYtOZ.exe
2148	JsJSReg.exe
1700	KwPkPwt.exe
1708	dBUzUsr.exe
3008	mTmeEbQ.exe
1724	QLJtzBq.exe

Loads dropped DLL 64 IoCs

pid	Process
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2212-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x0003000000012000-6.dat	upx
behavioral1/memory/2824-32-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2752-35-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x0008000000017079-19.dat	upx
behavioral1/files/0x0007000000017488-38.dat	upx
behavioral1/files/0x00090000000174cc-51.dat	upx
behavioral1/memory/2900-71-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2596-81-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2876-95-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x00050000000193e1-99.dat	upx
behavioral1/files/0x0005000000019427-112.dat	upx
behavioral1/files/0x0005000000019461-133.dat	upx
behavioral1/files/0x0005000000019615-188.dat	upx
behavioral1/memory/2160-533-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/memory/2876-711-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/memory/2220-354-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/files/0x0005000000019619-193.dat	upx
behavioral1/files/0x0005000000019611-181.dat	upx
behavioral1/files/0x0005000000019617-185.dat	upx
behavioral1/files/0x0005000000019609-161.dat	upx
behavioral1/files/0x000500000001960d-158.dat	upx
behavioral1/files/0x00050000000195c5-148.dat	upx
behavioral1/files/0x0005000000019613-174.dat	upx
behavioral1/files/0x000500000001960f-165.dat	upx
behavioral1/files/0x0005000000019582-139.dat	upx
behavioral1/files/0x000500000001960b-152.dat	upx
behavioral1/files/0x000500000001944f-129.dat	upx
behavioral1/files/0x0005000000019441-122.dat	upx
behavioral1/files/0x000500000001950c-137.dat	upx
behavioral1/files/0x0005000000019431-117.dat	upx
behavioral1/memory/2900-108-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/files/0x000500000001941e-105.dat	upx
behavioral1/memory/2044-102-0x000000013F780000-0x000000013FAD4000-memory.dmp	upx
behavioral1/files/0x00050000000193c2-92.dat	upx
behavioral1/memory/2160-88-0x000000013FCD0000-0x0000000140024000-memory.dmp	upx
behavioral1/files/0x00050000000193b4-85.dat	upx
behavioral1/memory/2220-80-0x000000013F170000-0x000000013F4C4000-memory.dmp	upx
behavioral1/memory/2752-78-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/files/0x0005000000019350-76.dat	upx
behavioral1/files/0x0005000000019334-69.dat	upx
behavioral1/memory/2672-65-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx
behavioral1/memory/2600-64-0x000000013FAB0000-0x000000013FE04000-memory.dmp	upx
behavioral1/memory/2680-63-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2212-54-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/files/0x0007000000019282-58.dat	upx
behavioral1/memory/2596-40-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2564-50-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/files/0x000a000000017492-47.dat	upx
behavioral1/files/0x00070000000173a7-16.dat	upx
behavioral1/memory/2744-33-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/files/0x00070000000173a9-29.dat	upx
behavioral1/memory/2792-12-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/files/0x0008000000016d89-26.dat	upx
behavioral1/memory/2680-25-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2824-3218-0x000000013FF80000-0x00000001402D4000-memory.dmp	upx
behavioral1/memory/2680-3219-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2792-3223-0x000000013FDC0000-0x0000000140114000-memory.dmp	upx
behavioral1/memory/2596-3239-0x000000013F280000-0x000000013F5D4000-memory.dmp	upx
behavioral1/memory/2752-3243-0x000000013F1B0000-0x000000013F504000-memory.dmp	upx
behavioral1/memory/2564-3246-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2744-3240-0x000000013FE00000-0x0000000140154000-memory.dmp	upx
behavioral1/memory/2900-3356-0x000000013FE80000-0x00000001401D4000-memory.dmp	upx
behavioral1/memory/2672-3389-0x000000013F050000-0x000000013F3A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OxKKfpr.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mlHEnep.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eDUzhmN.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqmLnpd.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\szuOMpI.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wLTYfYt.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WTZZbcF.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yrqDQUH.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DYQenkr.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AlpXfsa.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzKdyGc.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iBUGzkE.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZvEAUJ.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rPWZKlg.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HGbSsXk.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ESQVLri.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IdLXRWG.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XmWcFRp.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AguMjjd.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EHSLITk.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IUDLLsu.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NirmOSK.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\huBIGVV.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SVMUccc.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EmXhtSp.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ggmmdJL.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fIFNEsI.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XUcuBhg.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vunwdbb.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KngZCSF.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VWRuEig.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KMaXmZZ.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjDTgWi.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YiIiksA.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qBWaSsv.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dFMxFIV.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qNkujqg.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjtKZpS.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yRUVvgF.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUtbrVX.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vwMzUik.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swaPHlh.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fImyUOp.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAaAijt.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cjQnHJG.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJpPVRK.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImLGNKU.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KKqoOFR.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QUzDkpb.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KQWmTjf.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QorlijE.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MOARtWI.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iraIfow.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKnqYQY.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cZhkxhC.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gyQuXCI.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aAiltfE.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pmaJIuQ.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UYBNipq.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HVwbQeo.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LQUXdTY.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RqPowrH.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fVCTHLU.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cgaRKWD.exe	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2792	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 2792	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 2792	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2212 wrote to memory of 2824	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 2824	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 2824	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2212 wrote to memory of 2680	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 2680	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 2680	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2212 wrote to memory of 2752	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 2752	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 2752	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2212 wrote to memory of 2744	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 2744	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 2744	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2212 wrote to memory of 2596	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2596	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2596	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2212 wrote to memory of 2564	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2564	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2564	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2212 wrote to memory of 2672	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2672	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2672	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2212 wrote to memory of 2600	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 2600	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 2600	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2212 wrote to memory of 2900	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 2900	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 2900	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2212 wrote to memory of 2220	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 2220	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 2220	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2212 wrote to memory of 2160	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 2160	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 2160	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2212 wrote to memory of 2876	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2212 wrote to memory of 2876	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2212 wrote to memory of 2876	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2212 wrote to memory of 2044	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 2044	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 2044	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2212 wrote to memory of 1424	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 1424	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 1424	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2212 wrote to memory of 2640	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 2640	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 2640	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2212 wrote to memory of 2896	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 2896	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 2896	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2212 wrote to memory of 1820	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 1820	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 1820	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2212 wrote to memory of 540	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 540	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 540	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2212 wrote to memory of 264	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 264	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 264	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2212 wrote to memory of 2404	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 2404	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 2404	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2212 wrote to memory of 2172	2212	2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_c869ef80fb5028b2276b84f83411224f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\System\njoVDcD.exe
  C:\Windows\System\njoVDcD.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\CXriRmI.exe
  C:\Windows\System\CXriRmI.exe
  2⤵
  - Executes dropped EXE
  PID:2824
- C:\Windows\System\IQRsHsz.exe
  C:\Windows\System\IQRsHsz.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\XxeYFmF.exe
  C:\Windows\System\XxeYFmF.exe
  2⤵
  - Executes dropped EXE
  PID:2752
- C:\Windows\System\zePQHzy.exe
  C:\Windows\System\zePQHzy.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\riAnZcE.exe
  C:\Windows\System\riAnZcE.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\cPHqUjJ.exe
  C:\Windows\System\cPHqUjJ.exe
  2⤵
  - Executes dropped EXE
  PID:2564
- C:\Windows\System\COcDeow.exe
  C:\Windows\System\COcDeow.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\szuOMpI.exe
  C:\Windows\System\szuOMpI.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\URnEXsJ.exe
  C:\Windows\System\URnEXsJ.exe
  2⤵
  - Executes dropped EXE
  PID:2900
- C:\Windows\System\YdzRfpk.exe
  C:\Windows\System\YdzRfpk.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\VoBLXiN.exe
  C:\Windows\System\VoBLXiN.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\BMsWrQs.exe
  C:\Windows\System\BMsWrQs.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\cIjPSow.exe
  C:\Windows\System\cIjPSow.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\MOARtWI.exe
  C:\Windows\System\MOARtWI.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\RNkHBRR.exe
  C:\Windows\System\RNkHBRR.exe
  2⤵
  - Executes dropped EXE
  PID:2640
- C:\Windows\System\MOkDyvG.exe
  C:\Windows\System\MOkDyvG.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\BBCzgjT.exe
  C:\Windows\System\BBCzgjT.exe
  2⤵
  - Executes dropped EXE
  PID:1820
- C:\Windows\System\LDEnrBx.exe
  C:\Windows\System\LDEnrBx.exe
  2⤵
  - Executes dropped EXE
  PID:540
- C:\Windows\System\IWBYXhp.exe
  C:\Windows\System\IWBYXhp.exe
  2⤵
  - Executes dropped EXE
  PID:264
- C:\Windows\System\FfMxsdx.exe
  C:\Windows\System\FfMxsdx.exe
  2⤵
  - Executes dropped EXE
  PID:2404
- C:\Windows\System\YjDTgWi.exe
  C:\Windows\System\YjDTgWi.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\sFJJEgR.exe
  C:\Windows\System\sFJJEgR.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\tbYPkat.exe
  C:\Windows\System\tbYPkat.exe
  2⤵
  - Executes dropped EXE
  PID:1260
- C:\Windows\System\iQsrGzc.exe
  C:\Windows\System\iQsrGzc.exe
  2⤵
  - Executes dropped EXE
  PID:2344
- C:\Windows\System\EaHodbh.exe
  C:\Windows\System\EaHodbh.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\HoHiHOl.exe
  C:\Windows\System\HoHiHOl.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\fuDQmJh.exe
  C:\Windows\System\fuDQmJh.exe
  2⤵
  - Executes dropped EXE
  PID:1920
- C:\Windows\System\frSPeov.exe
  C:\Windows\System\frSPeov.exe
  2⤵
  - Executes dropped EXE
  PID:1084
- C:\Windows\System\yrbEcmn.exe
  C:\Windows\System\yrbEcmn.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\qQLSLIc.exe
  C:\Windows\System\qQLSLIc.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\Qqhprcd.exe
  C:\Windows\System\Qqhprcd.exe
  2⤵
  - Executes dropped EXE
  PID:760
- C:\Windows\System\WgTZaxl.exe
  C:\Windows\System\WgTZaxl.exe
  2⤵
  - Executes dropped EXE
  PID:568
- C:\Windows\System\MfWNIua.exe
  C:\Windows\System\MfWNIua.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\SGHIlTt.exe
  C:\Windows\System\SGHIlTt.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\lpKrpDl.exe
  C:\Windows\System\lpKrpDl.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\zBkPdQz.exe
  C:\Windows\System\zBkPdQz.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\LNkWeHd.exe
  C:\Windows\System\LNkWeHd.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\IPAOzVP.exe
  C:\Windows\System\IPAOzVP.exe
  2⤵
  - Executes dropped EXE
  PID:848
- C:\Windows\System\WwHhlTS.exe
  C:\Windows\System\WwHhlTS.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\UWafeDu.exe
  C:\Windows\System\UWafeDu.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\sKlIRqD.exe
  C:\Windows\System\sKlIRqD.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\Uegdzcq.exe
  C:\Windows\System\Uegdzcq.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\wdYCeiT.exe
  C:\Windows\System\wdYCeiT.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\SjaLPpq.exe
  C:\Windows\System\SjaLPpq.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\kCYAlyg.exe
  C:\Windows\System\kCYAlyg.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\vuwRUPv.exe
  C:\Windows\System\vuwRUPv.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\QcOsclg.exe
  C:\Windows\System\QcOsclg.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\FXnaSCh.exe
  C:\Windows\System\FXnaSCh.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\wYHRvas.exe
  C:\Windows\System\wYHRvas.exe
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Windows\System\ScGbuBg.exe
  C:\Windows\System\ScGbuBg.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\QgimVNr.exe
  C:\Windows\System\QgimVNr.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\JOyQSPw.exe
  C:\Windows\System\JOyQSPw.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\NJwNKEB.exe
  C:\Windows\System\NJwNKEB.exe
  2⤵
  - Executes dropped EXE
  PID:1584
- C:\Windows\System\yHzyZGZ.exe
  C:\Windows\System\yHzyZGZ.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\RgpdXFS.exe
  C:\Windows\System\RgpdXFS.exe
  2⤵
  - Executes dropped EXE
  PID:2576
- C:\Windows\System\yXjKaAy.exe
  C:\Windows\System\yXjKaAy.exe
  2⤵
  - Executes dropped EXE
  PID:2916
- C:\Windows\System\oWOYtOZ.exe
  C:\Windows\System\oWOYtOZ.exe
  2⤵
  - Executes dropped EXE
  PID:2592
- C:\Windows\System\CQENGWN.exe
  C:\Windows\System\CQENGWN.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\mTmeEbQ.exe
  C:\Windows\System\mTmeEbQ.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\JsJSReg.exe
  C:\Windows\System\JsJSReg.exe
  2⤵
  - Executes dropped EXE
  PID:2148
- C:\Windows\System\QLJtzBq.exe
  C:\Windows\System\QLJtzBq.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\KwPkPwt.exe
  C:\Windows\System\KwPkPwt.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\vUUOBqq.exe
  C:\Windows\System\vUUOBqq.exe
  2⤵
  PID:1148
- C:\Windows\System\dBUzUsr.exe
  C:\Windows\System\dBUzUsr.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\pJajRTW.exe
  C:\Windows\System\pJajRTW.exe
  2⤵
  PID:2180
- C:\Windows\System\VJKiXQX.exe
  C:\Windows\System\VJKiXQX.exe
  2⤵
  PID:1932
- C:\Windows\System\SzkLblt.exe
  C:\Windows\System\SzkLblt.exe
  2⤵
  PID:1768
- C:\Windows\System\tloYnFJ.exe
  C:\Windows\System\tloYnFJ.exe
  2⤵
  PID:2364
- C:\Windows\System\TYDnxYu.exe
  C:\Windows\System\TYDnxYu.exe
  2⤵
  PID:1372
- C:\Windows\System\cuyUIzQ.exe
  C:\Windows\System\cuyUIzQ.exe
  2⤵
  PID:1076
- C:\Windows\System\CSMRDlu.exe
  C:\Windows\System\CSMRDlu.exe
  2⤵
  PID:1960
- C:\Windows\System\NLyvLoR.exe
  C:\Windows\System\NLyvLoR.exe
  2⤵
  PID:2512
- C:\Windows\System\wWirMLc.exe
  C:\Windows\System\wWirMLc.exe
  2⤵
  PID:640
- C:\Windows\System\hgYjsYp.exe
  C:\Windows\System\hgYjsYp.exe
  2⤵
  PID:2164
- C:\Windows\System\BBNuDSI.exe
  C:\Windows\System\BBNuDSI.exe
  2⤵
  PID:3068
- C:\Windows\System\uXoRzAP.exe
  C:\Windows\System\uXoRzAP.exe
  2⤵
  PID:1536
- C:\Windows\System\JuEQrbK.exe
  C:\Windows\System\JuEQrbK.exe
  2⤵
  PID:1796
- C:\Windows\System\UVYoFka.exe
  C:\Windows\System\UVYoFka.exe
  2⤵
  PID:280
- C:\Windows\System\vwqrYIW.exe
  C:\Windows\System\vwqrYIW.exe
  2⤵
  PID:2984
- C:\Windows\System\PGzoORr.exe
  C:\Windows\System\PGzoORr.exe
  2⤵
  PID:2268
- C:\Windows\System\zNzHmSp.exe
  C:\Windows\System\zNzHmSp.exe
  2⤵
  PID:2124
- C:\Windows\System\hUJvYtr.exe
  C:\Windows\System\hUJvYtr.exe
  2⤵
  PID:1992
- C:\Windows\System\tUkwTco.exe
  C:\Windows\System\tUkwTco.exe
  2⤵
  PID:1692
- C:\Windows\System\RTBvJkv.exe
  C:\Windows\System\RTBvJkv.exe
  2⤵
  PID:2708
- C:\Windows\System\QeBCAFy.exe
  C:\Windows\System\QeBCAFy.exe
  2⤵
  PID:1956
- C:\Windows\System\eXAHJjG.exe
  C:\Windows\System\eXAHJjG.exe
  2⤵
  PID:3000
- C:\Windows\System\wtapzeG.exe
  C:\Windows\System\wtapzeG.exe
  2⤵
  PID:2700
- C:\Windows\System\xjvTomv.exe
  C:\Windows\System\xjvTomv.exe
  2⤵
  PID:2544
- C:\Windows\System\BHNwhRS.exe
  C:\Windows\System\BHNwhRS.exe
  2⤵
  PID:2768
- C:\Windows\System\gOjVXpY.exe
  C:\Windows\System\gOjVXpY.exe
  2⤵
  PID:2176
- C:\Windows\System\ZhEneAc.exe
  C:\Windows\System\ZhEneAc.exe
  2⤵
  PID:2492
- C:\Windows\System\bkDVrDm.exe
  C:\Windows\System\bkDVrDm.exe
  2⤵
  PID:1744
- C:\Windows\System\loBQxoL.exe
  C:\Windows\System\loBQxoL.exe
  2⤵
  PID:2856
- C:\Windows\System\ilqIGgD.exe
  C:\Windows\System\ilqIGgD.exe
  2⤵
  PID:1640
- C:\Windows\System\wLTYfYt.exe
  C:\Windows\System\wLTYfYt.exe
  2⤵
  PID:1804
- C:\Windows\System\MgrbbEe.exe
  C:\Windows\System\MgrbbEe.exe
  2⤵
  PID:2332
- C:\Windows\System\PDyfGSW.exe
  C:\Windows\System\PDyfGSW.exe
  2⤵
  PID:1868
- C:\Windows\System\fVCTHLU.exe
  C:\Windows\System\fVCTHLU.exe
  2⤵
  PID:2964
- C:\Windows\System\TIoGMoJ.exe
  C:\Windows\System\TIoGMoJ.exe
  2⤵
  PID:2240
- C:\Windows\System\DoUONTZ.exe
  C:\Windows\System\DoUONTZ.exe
  2⤵
  PID:3084
- C:\Windows\System\TvEiDGQ.exe
  C:\Windows\System\TvEiDGQ.exe
  2⤵
  PID:3100
- C:\Windows\System\SNlLbyl.exe
  C:\Windows\System\SNlLbyl.exe
  2⤵
  PID:3116
- C:\Windows\System\OWYYQvG.exe
  C:\Windows\System\OWYYQvG.exe
  2⤵
  PID:3132
- C:\Windows\System\iiUiXwl.exe
  C:\Windows\System\iiUiXwl.exe
  2⤵
  PID:3148
- C:\Windows\System\bsEWdGS.exe
  C:\Windows\System\bsEWdGS.exe
  2⤵
  PID:3164
- C:\Windows\System\UVkvANP.exe
  C:\Windows\System\UVkvANP.exe
  2⤵
  PID:3188
- C:\Windows\System\exDvQqi.exe
  C:\Windows\System\exDvQqi.exe
  2⤵
  PID:3212
- C:\Windows\System\IsGucFz.exe
  C:\Windows\System\IsGucFz.exe
  2⤵
  PID:3232
- C:\Windows\System\HQcrweB.exe
  C:\Windows\System\HQcrweB.exe
  2⤵
  PID:3248
- C:\Windows\System\zKUPBgq.exe
  C:\Windows\System\zKUPBgq.exe
  2⤵
  PID:3268
- C:\Windows\System\ZDLanxE.exe
  C:\Windows\System\ZDLanxE.exe
  2⤵
  PID:3292
- C:\Windows\System\sFOXDPA.exe
  C:\Windows\System\sFOXDPA.exe
  2⤵
  PID:3336
- C:\Windows\System\CadKLdQ.exe
  C:\Windows\System\CadKLdQ.exe
  2⤵
  PID:3356
- C:\Windows\System\FwTAcNM.exe
  C:\Windows\System\FwTAcNM.exe
  2⤵
  PID:3372
- C:\Windows\System\BuRaBeA.exe
  C:\Windows\System\BuRaBeA.exe
  2⤵
  PID:3396
- C:\Windows\System\TKGSTEW.exe
  C:\Windows\System\TKGSTEW.exe
  2⤵
  PID:3416
- C:\Windows\System\uJmrWtF.exe
  C:\Windows\System\uJmrWtF.exe
  2⤵
  PID:3436
- C:\Windows\System\pMDPkeZ.exe
  C:\Windows\System\pMDPkeZ.exe
  2⤵
  PID:3456
- C:\Windows\System\IUrnEAx.exe
  C:\Windows\System\IUrnEAx.exe
  2⤵
  PID:3472
- C:\Windows\System\qyUtHkY.exe
  C:\Windows\System\qyUtHkY.exe
  2⤵
  PID:3488
- C:\Windows\System\HXHiRde.exe
  C:\Windows\System\HXHiRde.exe
  2⤵
  PID:3516
- C:\Windows\System\KmjrpTL.exe
  C:\Windows\System\KmjrpTL.exe
  2⤵
  PID:3532
- C:\Windows\System\OpNraax.exe
  C:\Windows\System\OpNraax.exe
  2⤵
  PID:3556
- C:\Windows\System\KosxLBh.exe
  C:\Windows\System\KosxLBh.exe
  2⤵
  PID:3576
- C:\Windows\System\RXxwjIB.exe
  C:\Windows\System\RXxwjIB.exe
  2⤵
  PID:3592
- C:\Windows\System\eGKeTeh.exe
  C:\Windows\System\eGKeTeh.exe
  2⤵
  PID:3608
- C:\Windows\System\CpmztLB.exe
  C:\Windows\System\CpmztLB.exe
  2⤵
  PID:3624
- C:\Windows\System\rXxuJFq.exe
  C:\Windows\System\rXxuJFq.exe
  2⤵
  PID:3644
- C:\Windows\System\IrniceY.exe
  C:\Windows\System\IrniceY.exe
  2⤵
  PID:3668
- C:\Windows\System\TiOnDnP.exe
  C:\Windows\System\TiOnDnP.exe
  2⤵
  PID:3696
- C:\Windows\System\vjaqOEr.exe
  C:\Windows\System\vjaqOEr.exe
  2⤵
  PID:3720
- C:\Windows\System\HYnmiZo.exe
  C:\Windows\System\HYnmiZo.exe
  2⤵
  PID:3736
- C:\Windows\System\uwaWHdq.exe
  C:\Windows\System\uwaWHdq.exe
  2⤵
  PID:3756
- C:\Windows\System\uMlyOsl.exe
  C:\Windows\System\uMlyOsl.exe
  2⤵
  PID:3776
- C:\Windows\System\iOGschf.exe
  C:\Windows\System\iOGschf.exe
  2⤵
  PID:3796
- C:\Windows\System\FSlXGZM.exe
  C:\Windows\System\FSlXGZM.exe
  2⤵
  PID:3816
- C:\Windows\System\FkDoIAU.exe
  C:\Windows\System\FkDoIAU.exe
  2⤵
  PID:3836
- C:\Windows\System\UbHXkDX.exe
  C:\Windows\System\UbHXkDX.exe
  2⤵
  PID:3860
- C:\Windows\System\BUeUfaW.exe
  C:\Windows\System\BUeUfaW.exe
  2⤵
  PID:3880
- C:\Windows\System\cnKqNHC.exe
  C:\Windows\System\cnKqNHC.exe
  2⤵
  PID:3900
- C:\Windows\System\lruFRXF.exe
  C:\Windows\System\lruFRXF.exe
  2⤵
  PID:3920
- C:\Windows\System\jLEKGvh.exe
  C:\Windows\System\jLEKGvh.exe
  2⤵
  PID:3940
- C:\Windows\System\OEuVfNa.exe
  C:\Windows\System\OEuVfNa.exe
  2⤵
  PID:3960
- C:\Windows\System\qBeKYMD.exe
  C:\Windows\System\qBeKYMD.exe
  2⤵
  PID:3976
- C:\Windows\System\GZpJzzj.exe
  C:\Windows\System\GZpJzzj.exe
  2⤵
  PID:4008
- C:\Windows\System\sSoBgtS.exe
  C:\Windows\System\sSoBgtS.exe
  2⤵
  PID:4028
- C:\Windows\System\WIzvjbS.exe
  C:\Windows\System\WIzvjbS.exe
  2⤵
  PID:4048
- C:\Windows\System\tbVHmXl.exe
  C:\Windows\System\tbVHmXl.exe
  2⤵
  PID:4068
- C:\Windows\System\AzrksgU.exe
  C:\Windows\System\AzrksgU.exe
  2⤵
  PID:4088
- C:\Windows\System\KUOZDrm.exe
  C:\Windows\System\KUOZDrm.exe
  2⤵
  PID:2348
- C:\Windows\System\XINUKwj.exe
  C:\Windows\System\XINUKwj.exe
  2⤵
  PID:2416
- C:\Windows\System\ytKwQGN.exe
  C:\Windows\System\ytKwQGN.exe
  2⤵
  PID:1524
- C:\Windows\System\akVWwOL.exe
  C:\Windows\System\akVWwOL.exe
  2⤵
  PID:588
- C:\Windows\System\DEptKHW.exe
  C:\Windows\System\DEptKHW.exe
  2⤵
  PID:1940
- C:\Windows\System\qTxdSfA.exe
  C:\Windows\System\qTxdSfA.exe
  2⤵
  PID:2820
- C:\Windows\System\dWDtXFZ.exe
  C:\Windows\System\dWDtXFZ.exe
  2⤵
  PID:1996
- C:\Windows\System\XzaBPfm.exe
  C:\Windows\System\XzaBPfm.exe
  2⤵
  PID:712
- C:\Windows\System\qoFRXVQ.exe
  C:\Windows\System\qoFRXVQ.exe
  2⤵
  PID:236
- C:\Windows\System\CUQIrDQ.exe
  C:\Windows\System\CUQIrDQ.exe
  2⤵
  PID:3092
- C:\Windows\System\VfsRGre.exe
  C:\Windows\System\VfsRGre.exe
  2⤵
  PID:840
- C:\Windows\System\EcgbLQm.exe
  C:\Windows\System\EcgbLQm.exe
  2⤵
  PID:2084
- C:\Windows\System\FxKkNRa.exe
  C:\Windows\System\FxKkNRa.exe
  2⤵
  PID:3128
- C:\Windows\System\USTMoJU.exe
  C:\Windows\System\USTMoJU.exe
  2⤵
  PID:3204
- C:\Windows\System\MIuvTlA.exe
  C:\Windows\System\MIuvTlA.exe
  2⤵
  PID:3284
- C:\Windows\System\aZHthqh.exe
  C:\Windows\System\aZHthqh.exe
  2⤵
  PID:3180
- C:\Windows\System\KyGTvjp.exe
  C:\Windows\System\KyGTvjp.exe
  2⤵
  PID:3264
- C:\Windows\System\WFXNnyh.exe
  C:\Windows\System\WFXNnyh.exe
  2⤵
  PID:3228
- C:\Windows\System\kklQdcX.exe
  C:\Windows\System\kklQdcX.exe
  2⤵
  PID:3140
- C:\Windows\System\mGEKxte.exe
  C:\Windows\System\mGEKxte.exe
  2⤵
  PID:3348
- C:\Windows\System\FIiSfNF.exe
  C:\Windows\System\FIiSfNF.exe
  2⤵
  PID:3424
- C:\Windows\System\zYrPXbP.exe
  C:\Windows\System\zYrPXbP.exe
  2⤵
  PID:3308
- C:\Windows\System\TKZosDQ.exe
  C:\Windows\System\TKZosDQ.exe
  2⤵
  PID:3332
- C:\Windows\System\xQIlgek.exe
  C:\Windows\System\xQIlgek.exe
  2⤵
  PID:3408
- C:\Windows\System\NZEVblb.exe
  C:\Windows\System\NZEVblb.exe
  2⤵
  PID:3496
- C:\Windows\System\uDuvZbx.exe
  C:\Windows\System\uDuvZbx.exe
  2⤵
  PID:3484
- C:\Windows\System\mhaEVoR.exe
  C:\Windows\System\mhaEVoR.exe
  2⤵
  PID:3528
- C:\Windows\System\OEQtyOE.exe
  C:\Windows\System\OEQtyOE.exe
  2⤵
  PID:3564
- C:\Windows\System\QgvCWoM.exe
  C:\Windows\System\QgvCWoM.exe
  2⤵
  PID:3620
- C:\Windows\System\VENlKnS.exe
  C:\Windows\System\VENlKnS.exe
  2⤵
  PID:3632
- C:\Windows\System\vPVZyUE.exe
  C:\Windows\System\vPVZyUE.exe
  2⤵
  PID:3600
- C:\Windows\System\tANBXDg.exe
  C:\Windows\System\tANBXDg.exe
  2⤵
  PID:3704
- C:\Windows\System\gYgrlDo.exe
  C:\Windows\System\gYgrlDo.exe
  2⤵
  PID:3752
- C:\Windows\System\FJwvIBF.exe
  C:\Windows\System\FJwvIBF.exe
  2⤵
  PID:3768
- C:\Windows\System\NjaHdkN.exe
  C:\Windows\System\NjaHdkN.exe
  2⤵
  PID:3804
- C:\Windows\System\LBGzLjf.exe
  C:\Windows\System\LBGzLjf.exe
  2⤵
  PID:3844
- C:\Windows\System\ckIPsma.exe
  C:\Windows\System\ckIPsma.exe
  2⤵
  PID:3876
- C:\Windows\System\IjcLpGJ.exe
  C:\Windows\System\IjcLpGJ.exe
  2⤵
  PID:3912
- C:\Windows\System\AcIiFmC.exe
  C:\Windows\System\AcIiFmC.exe
  2⤵
  PID:3936
- C:\Windows\System\UCxuMDi.exe
  C:\Windows\System\UCxuMDi.exe
  2⤵
  PID:3972
- C:\Windows\System\CClHIOM.exe
  C:\Windows\System\CClHIOM.exe
  2⤵
  PID:4000
- C:\Windows\System\GuleUPp.exe
  C:\Windows\System\GuleUPp.exe
  2⤵
  PID:4020
- C:\Windows\System\gzBfdKW.exe
  C:\Windows\System\gzBfdKW.exe
  2⤵
  PID:4060
- C:\Windows\System\xiemTcO.exe
  C:\Windows\System\xiemTcO.exe
  2⤵
  PID:2944
- C:\Windows\System\lFncecY.exe
  C:\Windows\System\lFncecY.exe
  2⤵
  PID:3064
- C:\Windows\System\wmtczAz.exe
  C:\Windows\System\wmtczAz.exe
  2⤵
  PID:2632
- C:\Windows\System\TMsRtNL.exe
  C:\Windows\System\TMsRtNL.exe
  2⤵
  PID:2472
- C:\Windows\System\xeypdTg.exe
  C:\Windows\System\xeypdTg.exe
  2⤵
  PID:1740
- C:\Windows\System\QNgYVSd.exe
  C:\Windows\System\QNgYVSd.exe
  2⤵
  PID:324
- C:\Windows\System\vbORsrc.exe
  C:\Windows\System\vbORsrc.exe
  2⤵
  PID:2732
- C:\Windows\System\YQAziiJ.exe
  C:\Windows\System\YQAziiJ.exe
  2⤵
  PID:2040
- C:\Windows\System\jPrnjYs.exe
  C:\Windows\System\jPrnjYs.exe
  2⤵
  PID:3240
- C:\Windows\System\buBZDQJ.exe
  C:\Windows\System\buBZDQJ.exe
  2⤵
  PID:3080
- C:\Windows\System\rnAekjy.exe
  C:\Windows\System\rnAekjy.exe
  2⤵
  PID:3144
- C:\Windows\System\ELOwXRt.exe
  C:\Windows\System\ELOwXRt.exe
  2⤵
  PID:3432
- C:\Windows\System\VuYRfbL.exe
  C:\Windows\System\VuYRfbL.exe
  2⤵
  PID:3388
- C:\Windows\System\dPEYcOD.exe
  C:\Windows\System\dPEYcOD.exe
  2⤵
  PID:3320
- C:\Windows\System\etsYtgz.exe
  C:\Windows\System\etsYtgz.exe
  2⤵
  PID:3468
- C:\Windows\System\XHlquXF.exe
  C:\Windows\System\XHlquXF.exe
  2⤵
  PID:3552
- C:\Windows\System\yiuRvcm.exe
  C:\Windows\System\yiuRvcm.exe
  2⤵
  PID:3656
- C:\Windows\System\wBdkWrk.exe
  C:\Windows\System\wBdkWrk.exe
  2⤵
  PID:3660
- C:\Windows\System\OCWjVHl.exe
  C:\Windows\System\OCWjVHl.exe
  2⤵
  PID:3604
- C:\Windows\System\zUaNBIf.exe
  C:\Windows\System\zUaNBIf.exe
  2⤵
  PID:3764
- C:\Windows\System\TsCmGwf.exe
  C:\Windows\System\TsCmGwf.exe
  2⤵
  PID:3824
- C:\Windows\System\CrpPGIM.exe
  C:\Windows\System\CrpPGIM.exe
  2⤵
  PID:3916
- C:\Windows\System\kznInlp.exe
  C:\Windows\System\kznInlp.exe
  2⤵
  PID:3968
- C:\Windows\System\PpufEmM.exe
  C:\Windows\System\PpufEmM.exe
  2⤵
  PID:3928
- C:\Windows\System\tuDhGNM.exe
  C:\Windows\System\tuDhGNM.exe
  2⤵
  PID:4076
- C:\Windows\System\jbpPMPJ.exe
  C:\Windows\System\jbpPMPJ.exe
  2⤵
  PID:4056
- C:\Windows\System\DcOzcAr.exe
  C:\Windows\System\DcOzcAr.exe
  2⤵
  PID:1152
- C:\Windows\System\sccziSw.exe
  C:\Windows\System\sccziSw.exe
  2⤵
  PID:1972
- C:\Windows\System\kVglSLu.exe
  C:\Windows\System\kVglSLu.exe
  2⤵
  PID:1684
- C:\Windows\System\JCUGAzg.exe
  C:\Windows\System\JCUGAzg.exe
  2⤵
  PID:1672
- C:\Windows\System\AdTdhww.exe
  C:\Windows\System\AdTdhww.exe
  2⤵
  PID:3200
- C:\Windows\System\qcojJuT.exe
  C:\Windows\System\qcojJuT.exe
  2⤵
  PID:1440
- C:\Windows\System\FVUsLVy.exe
  C:\Windows\System\FVUsLVy.exe
  2⤵
  PID:3344
- C:\Windows\System\AKBrZZN.exe
  C:\Windows\System\AKBrZZN.exe
  2⤵
  PID:3452
- C:\Windows\System\IPVOJnu.exe
  C:\Windows\System\IPVOJnu.exe
  2⤵
  PID:3588
- C:\Windows\System\KYGVpNf.exe
  C:\Windows\System\KYGVpNf.exe
  2⤵
  PID:3548
- C:\Windows\System\MRrckOY.exe
  C:\Windows\System\MRrckOY.exe
  2⤵
  PID:3568
- C:\Windows\System\WCrfFxY.exe
  C:\Windows\System\WCrfFxY.exe
  2⤵
  PID:3812
- C:\Windows\System\IxwDYfk.exe
  C:\Windows\System\IxwDYfk.exe
  2⤵
  PID:4100
- C:\Windows\System\EhXuAqc.exe
  C:\Windows\System\EhXuAqc.exe
  2⤵
  PID:4120
- C:\Windows\System\rpHfIeu.exe
  C:\Windows\System\rpHfIeu.exe
  2⤵
  PID:4136
- C:\Windows\System\ncvKSHv.exe
  C:\Windows\System\ncvKSHv.exe
  2⤵
  PID:4152
- C:\Windows\System\rFWXrUq.exe
  C:\Windows\System\rFWXrUq.exe
  2⤵
  PID:4176
- C:\Windows\System\XhzPzge.exe
  C:\Windows\System\XhzPzge.exe
  2⤵
  PID:4200
- C:\Windows\System\iSTHqvw.exe
  C:\Windows\System\iSTHqvw.exe
  2⤵
  PID:4216
- C:\Windows\System\XLBLiTm.exe
  C:\Windows\System\XLBLiTm.exe
  2⤵
  PID:4232
- C:\Windows\System\BQjZDYZ.exe
  C:\Windows\System\BQjZDYZ.exe
  2⤵
  PID:4252
- C:\Windows\System\bQdkYag.exe
  C:\Windows\System\bQdkYag.exe
  2⤵
  PID:4272
- C:\Windows\System\LrWxcao.exe
  C:\Windows\System\LrWxcao.exe
  2⤵
  PID:4300
- C:\Windows\System\BFeaSJF.exe
  C:\Windows\System\BFeaSJF.exe
  2⤵
  PID:4320
- C:\Windows\System\IMcchiz.exe
  C:\Windows\System\IMcchiz.exe
  2⤵
  PID:4340
- C:\Windows\System\HENhNGa.exe
  C:\Windows\System\HENhNGa.exe
  2⤵
  PID:4360
- C:\Windows\System\ICvjiFx.exe
  C:\Windows\System\ICvjiFx.exe
  2⤵
  PID:4380
- C:\Windows\System\BPhGOoB.exe
  C:\Windows\System\BPhGOoB.exe
  2⤵
  PID:4396
- C:\Windows\System\mrHAfNc.exe
  C:\Windows\System\mrHAfNc.exe
  2⤵
  PID:4420
- C:\Windows\System\cPjldkX.exe
  C:\Windows\System\cPjldkX.exe
  2⤵
  PID:4436
- C:\Windows\System\kDXFlEs.exe
  C:\Windows\System\kDXFlEs.exe
  2⤵
  PID:4460
- C:\Windows\System\qEvHdkp.exe
  C:\Windows\System\qEvHdkp.exe
  2⤵
  PID:4476
- C:\Windows\System\mDXaqzj.exe
  C:\Windows\System\mDXaqzj.exe
  2⤵
  PID:4500
- C:\Windows\System\HEPBahn.exe
  C:\Windows\System\HEPBahn.exe
  2⤵
  PID:4520
- C:\Windows\System\bXwUqnV.exe
  C:\Windows\System\bXwUqnV.exe
  2⤵
  PID:4540
- C:\Windows\System\UBwYiOE.exe
  C:\Windows\System\UBwYiOE.exe
  2⤵
  PID:4560
- C:\Windows\System\PUHKqJB.exe
  C:\Windows\System\PUHKqJB.exe
  2⤵
  PID:4580
- C:\Windows\System\sKZdNkF.exe
  C:\Windows\System\sKZdNkF.exe
  2⤵
  PID:4600
- C:\Windows\System\XJHAdwZ.exe
  C:\Windows\System\XJHAdwZ.exe
  2⤵
  PID:4620
- C:\Windows\System\hoDIJcQ.exe
  C:\Windows\System\hoDIJcQ.exe
  2⤵
  PID:4640
- C:\Windows\System\soTOVgN.exe
  C:\Windows\System\soTOVgN.exe
  2⤵
  PID:4660
- C:\Windows\System\jMzaeyq.exe
  C:\Windows\System\jMzaeyq.exe
  2⤵
  PID:4676
- C:\Windows\System\iIesNaN.exe
  C:\Windows\System\iIesNaN.exe
  2⤵
  PID:4696
- C:\Windows\System\qwzidwS.exe
  C:\Windows\System\qwzidwS.exe
  2⤵
  PID:4716
- C:\Windows\System\eZEkfPC.exe
  C:\Windows\System\eZEkfPC.exe
  2⤵
  PID:4736
- C:\Windows\System\WIgbcME.exe
  C:\Windows\System\WIgbcME.exe
  2⤵
  PID:4756
- C:\Windows\System\jClLWrE.exe
  C:\Windows\System\jClLWrE.exe
  2⤵
  PID:4776
- C:\Windows\System\QKlFlrz.exe
  C:\Windows\System\QKlFlrz.exe
  2⤵
  PID:4800
- C:\Windows\System\BbVkzBF.exe
  C:\Windows\System\BbVkzBF.exe
  2⤵
  PID:4820
- C:\Windows\System\IYAMnFN.exe
  C:\Windows\System\IYAMnFN.exe
  2⤵
  PID:4836
- C:\Windows\System\ngOtYBv.exe
  C:\Windows\System\ngOtYBv.exe
  2⤵
  PID:4856
- C:\Windows\System\GNVesHH.exe
  C:\Windows\System\GNVesHH.exe
  2⤵
  PID:4880
- C:\Windows\System\gywpyHg.exe
  C:\Windows\System\gywpyHg.exe
  2⤵
  PID:4900
- C:\Windows\System\MMJfxHy.exe
  C:\Windows\System\MMJfxHy.exe
  2⤵
  PID:4916
- C:\Windows\System\gcECffI.exe
  C:\Windows\System\gcECffI.exe
  2⤵
  PID:4940
- C:\Windows\System\JslRYzP.exe
  C:\Windows\System\JslRYzP.exe
  2⤵
  PID:4956
- C:\Windows\System\AkSGcUD.exe
  C:\Windows\System\AkSGcUD.exe
  2⤵
  PID:4976
- C:\Windows\System\aqiZLvN.exe
  C:\Windows\System\aqiZLvN.exe
  2⤵
  PID:4992
- C:\Windows\System\OrNsRdV.exe
  C:\Windows\System\OrNsRdV.exe
  2⤵
  PID:5016
- C:\Windows\System\tpEAqSM.exe
  C:\Windows\System\tpEAqSM.exe
  2⤵
  PID:5036
- C:\Windows\System\iLPjwoC.exe
  C:\Windows\System\iLPjwoC.exe
  2⤵
  PID:5060
- C:\Windows\System\PgmjOry.exe
  C:\Windows\System\PgmjOry.exe
  2⤵
  PID:5076
- C:\Windows\System\IkjuPwV.exe
  C:\Windows\System\IkjuPwV.exe
  2⤵
  PID:5096
- C:\Windows\System\wSzHFfM.exe
  C:\Windows\System\wSzHFfM.exe
  2⤵
  PID:3828
- C:\Windows\System\iEHRvtk.exe
  C:\Windows\System\iEHRvtk.exe
  2⤵
  PID:4004
- C:\Windows\System\QHgShRY.exe
  C:\Windows\System\QHgShRY.exe
  2⤵
  PID:2580
- C:\Windows\System\htaxSMU.exe
  C:\Windows\System\htaxSMU.exe
  2⤵
  PID:2552
- C:\Windows\System\rWLDHlN.exe
  C:\Windows\System\rWLDHlN.exe
  2⤵
  PID:3040
- C:\Windows\System\YvzQbEc.exe
  C:\Windows\System\YvzQbEc.exe
  2⤵
  PID:3160
- C:\Windows\System\NEgEajD.exe
  C:\Windows\System\NEgEajD.exe
  2⤵
  PID:3244
- C:\Windows\System\guumnlq.exe
  C:\Windows\System\guumnlq.exe
  2⤵
  PID:3184
- C:\Windows\System\UHCjlRL.exe
  C:\Windows\System\UHCjlRL.exe
  2⤵
  PID:3368
- C:\Windows\System\cqskDqN.exe
  C:\Windows\System\cqskDqN.exe
  2⤵
  PID:3684
- C:\Windows\System\CdkprQz.exe
  C:\Windows\System\CdkprQz.exe
  2⤵
  PID:3956
- C:\Windows\System\FDKacKG.exe
  C:\Windows\System\FDKacKG.exe
  2⤵
  PID:4116
- C:\Windows\System\glAWzks.exe
  C:\Windows\System\glAWzks.exe
  2⤵
  PID:4168
- C:\Windows\System\wJTeNXQ.exe
  C:\Windows\System\wJTeNXQ.exe
  2⤵
  PID:4144
- C:\Windows\System\EdsTUka.exe
  C:\Windows\System\EdsTUka.exe
  2⤵
  PID:4240
- C:\Windows\System\hhonGCC.exe
  C:\Windows\System\hhonGCC.exe
  2⤵
  PID:4264
- C:\Windows\System\WpyMYkB.exe
  C:\Windows\System\WpyMYkB.exe
  2⤵
  PID:4284
- C:\Windows\System\yZBOAqb.exe
  C:\Windows\System\yZBOAqb.exe
  2⤵
  PID:4332
- C:\Windows\System\YgaMxUv.exe
  C:\Windows\System\YgaMxUv.exe
  2⤵
  PID:4348
- C:\Windows\System\qjrlZpn.exe
  C:\Windows\System\qjrlZpn.exe
  2⤵
  PID:4372
- C:\Windows\System\cvVlKxz.exe
  C:\Windows\System\cvVlKxz.exe
  2⤵
  PID:4388
- C:\Windows\System\xVagvIO.exe
  C:\Windows\System\xVagvIO.exe
  2⤵
  PID:4452
- C:\Windows\System\zGMBowy.exe
  C:\Windows\System\zGMBowy.exe
  2⤵
  PID:4468
- C:\Windows\System\VTmPloJ.exe
  C:\Windows\System\VTmPloJ.exe
  2⤵
  PID:4488
- C:\Windows\System\GGyQWpN.exe
  C:\Windows\System\GGyQWpN.exe
  2⤵
  PID:4472
- C:\Windows\System\iKsLgNG.exe
  C:\Windows\System\iKsLgNG.exe
  2⤵
  PID:4576
- C:\Windows\System\tCkLfLs.exe
  C:\Windows\System\tCkLfLs.exe
  2⤵
  PID:4596
- C:\Windows\System\FWGAVwc.exe
  C:\Windows\System\FWGAVwc.exe
  2⤵
  PID:4648
- C:\Windows\System\pcqBpSQ.exe
  C:\Windows\System\pcqBpSQ.exe
  2⤵
  PID:4692
- C:\Windows\System\oRjzWAE.exe
  C:\Windows\System\oRjzWAE.exe
  2⤵
  PID:4668
- C:\Windows\System\RZxqlug.exe
  C:\Windows\System\RZxqlug.exe
  2⤵
  PID:4772
- C:\Windows\System\qSrgxUJ.exe
  C:\Windows\System\qSrgxUJ.exe
  2⤵
  PID:4788
- C:\Windows\System\SLpaOMo.exe
  C:\Windows\System\SLpaOMo.exe
  2⤵
  PID:4812
- C:\Windows\System\HCWmDYW.exe
  C:\Windows\System\HCWmDYW.exe
  2⤵
  PID:4852
- C:\Windows\System\EZcluMt.exe
  C:\Windows\System\EZcluMt.exe
  2⤵
  PID:4868
- C:\Windows\System\BDYClgX.exe
  C:\Windows\System\BDYClgX.exe
  2⤵
  PID:4936
- C:\Windows\System\qXIwiuv.exe
  C:\Windows\System\qXIwiuv.exe
  2⤵
  PID:2736
- C:\Windows\System\ibPgQnZ.exe
  C:\Windows\System\ibPgQnZ.exe
  2⤵
  PID:888
- C:\Windows\System\HviuCfq.exe
  C:\Windows\System\HviuCfq.exe
  2⤵
  PID:4968
- C:\Windows\System\KJSPGXH.exe
  C:\Windows\System\KJSPGXH.exe
  2⤵
  PID:5056
- C:\Windows\System\ejJtard.exe
  C:\Windows\System\ejJtard.exe
  2⤵
  PID:5092
- C:\Windows\System\HcCEsdh.exe
  C:\Windows\System\HcCEsdh.exe
  2⤵
  PID:3048
- C:\Windows\System\Zxolzbt.exe
  C:\Windows\System\Zxolzbt.exe
  2⤵
  PID:5104
- C:\Windows\System\LkVmCJT.exe
  C:\Windows\System\LkVmCJT.exe
  2⤵
  PID:3892
- C:\Windows\System\yuiruTK.exe
  C:\Windows\System\yuiruTK.exe
  2⤵
  PID:1664
- C:\Windows\System\SLZNhPL.exe
  C:\Windows\System\SLZNhPL.exe
  2⤵
  PID:2112
- C:\Windows\System\nPoWHex.exe
  C:\Windows\System\nPoWHex.exe
  2⤵
  PID:4108
- C:\Windows\System\XSQdvIB.exe
  C:\Windows\System\XSQdvIB.exe
  2⤵
  PID:4244
- C:\Windows\System\KvHqLNJ.exe
  C:\Windows\System\KvHqLNJ.exe
  2⤵
  PID:3508
- C:\Windows\System\VTqJDkd.exe
  C:\Windows\System\VTqJDkd.exe
  2⤵
  PID:2924
- C:\Windows\System\WpkmjAY.exe
  C:\Windows\System\WpkmjAY.exe
  2⤵
  PID:3852
- C:\Windows\System\RgwwVeZ.exe
  C:\Windows\System\RgwwVeZ.exe
  2⤵
  PID:4196
- C:\Windows\System\nXBDETN.exe
  C:\Windows\System\nXBDETN.exe
  2⤵
  PID:4336
- C:\Windows\System\mfCfuAR.exe
  C:\Windows\System\mfCfuAR.exe
  2⤵
  PID:4280
- C:\Windows\System\sDkzeow.exe
  C:\Windows\System\sDkzeow.exe
  2⤵
  PID:4308
- C:\Windows\System\aWtVZpG.exe
  C:\Windows\System\aWtVZpG.exe
  2⤵
  PID:4512
- C:\Windows\System\gQicaDx.exe
  C:\Windows\System\gQicaDx.exe
  2⤵
  PID:4432
- C:\Windows\System\ysWwElf.exe
  C:\Windows\System\ysWwElf.exe
  2⤵
  PID:4628
- C:\Windows\System\aYIitBo.exe
  C:\Windows\System\aYIitBo.exe
  2⤵
  PID:4672
- C:\Windows\System\PcndBOx.exe
  C:\Windows\System\PcndBOx.exe
  2⤵
  PID:4748
- C:\Windows\System\fZbFQIO.exe
  C:\Windows\System\fZbFQIO.exe
  2⤵
  PID:4652
- C:\Windows\System\FUtmICM.exe
  C:\Windows\System\FUtmICM.exe
  2⤵
  PID:4796
- C:\Windows\System\SJdKxgy.exe
  C:\Windows\System\SJdKxgy.exe
  2⤵
  PID:4832
- C:\Windows\System\RjKUDsC.exe
  C:\Windows\System\RjKUDsC.exe
  2⤵
  PID:3036
- C:\Windows\System\qmnZNBf.exe
  C:\Windows\System\qmnZNBf.exe
  2⤵
  PID:4972
- C:\Windows\System\padeDGT.exe
  C:\Windows\System\padeDGT.exe
  2⤵
  PID:5052
- C:\Windows\System\pbavGOj.exe
  C:\Windows\System\pbavGOj.exe
  2⤵
  PID:5084
- C:\Windows\System\UYkUUBx.exe
  C:\Windows\System\UYkUUBx.exe
  2⤵
  PID:3616
- C:\Windows\System\shrLHgJ.exe
  C:\Windows\System\shrLHgJ.exe
  2⤵
  PID:5032
- C:\Windows\System\pmaJIuQ.exe
  C:\Windows\System\pmaJIuQ.exe
  2⤵
  PID:1500
- C:\Windows\System\IXRhcgJ.exe
  C:\Windows\System\IXRhcgJ.exe
  2⤵
  PID:3412
- C:\Windows\System\fFnDZjH.exe
  C:\Windows\System\fFnDZjH.exe
  2⤵
  PID:4212
- C:\Windows\System\KhlpAza.exe
  C:\Windows\System\KhlpAza.exe
  2⤵
  PID:4260
- C:\Windows\System\WvqRWNe.exe
  C:\Windows\System\WvqRWNe.exe
  2⤵
  PID:4192
- C:\Windows\System\yaMCzWK.exe
  C:\Windows\System\yaMCzWK.exe
  2⤵
  PID:5124
- C:\Windows\System\RFGYSUx.exe
  C:\Windows\System\RFGYSUx.exe
  2⤵
  PID:5144
- C:\Windows\System\yOJVPzr.exe
  C:\Windows\System\yOJVPzr.exe
  2⤵
  PID:5164
- C:\Windows\System\gNhsMao.exe
  C:\Windows\System\gNhsMao.exe
  2⤵
  PID:5184
- C:\Windows\System\HHusBzy.exe
  C:\Windows\System\HHusBzy.exe
  2⤵
  PID:5204
- C:\Windows\System\UNzPHgz.exe
  C:\Windows\System\UNzPHgz.exe
  2⤵
  PID:5228
- C:\Windows\System\POHYVTv.exe
  C:\Windows\System\POHYVTv.exe
  2⤵
  PID:5248
- C:\Windows\System\UUBFSRq.exe
  C:\Windows\System\UUBFSRq.exe
  2⤵
  PID:5268
- C:\Windows\System\ejHaKKp.exe
  C:\Windows\System\ejHaKKp.exe
  2⤵
  PID:5284
- C:\Windows\System\NPDCUTM.exe
  C:\Windows\System\NPDCUTM.exe
  2⤵
  PID:5304
- C:\Windows\System\QBRODxm.exe
  C:\Windows\System\QBRODxm.exe
  2⤵
  PID:5328
- C:\Windows\System\rvQWDSP.exe
  C:\Windows\System\rvQWDSP.exe
  2⤵
  PID:5348
- C:\Windows\System\vCEwVjJ.exe
  C:\Windows\System\vCEwVjJ.exe
  2⤵
  PID:5368
- C:\Windows\System\MYrbZxZ.exe
  C:\Windows\System\MYrbZxZ.exe
  2⤵
  PID:5384
- C:\Windows\System\VskPMMi.exe
  C:\Windows\System\VskPMMi.exe
  2⤵
  PID:5408
- C:\Windows\System\IIQRtAj.exe
  C:\Windows\System\IIQRtAj.exe
  2⤵
  PID:5424
- C:\Windows\System\PAtDMSX.exe
  C:\Windows\System\PAtDMSX.exe
  2⤵
  PID:5440
- C:\Windows\System\ONhVCjN.exe
  C:\Windows\System\ONhVCjN.exe
  2⤵
  PID:5460
- C:\Windows\System\JUwopkO.exe
  C:\Windows\System\JUwopkO.exe
  2⤵
  PID:5476
- C:\Windows\System\UYaEDFQ.exe
  C:\Windows\System\UYaEDFQ.exe
  2⤵
  PID:5496
- C:\Windows\System\umbDjzv.exe
  C:\Windows\System\umbDjzv.exe
  2⤵
  PID:5520
- C:\Windows\System\tRcOtCa.exe
  C:\Windows\System\tRcOtCa.exe
  2⤵
  PID:5536
- C:\Windows\System\iMoWKLn.exe
  C:\Windows\System\iMoWKLn.exe
  2⤵
  PID:5552
- C:\Windows\System\rzKdyGc.exe
  C:\Windows\System\rzKdyGc.exe
  2⤵
  PID:5576
- C:\Windows\System\BXXKxRz.exe
  C:\Windows\System\BXXKxRz.exe
  2⤵
  PID:5596
- C:\Windows\System\KJpPVRK.exe
  C:\Windows\System\KJpPVRK.exe
  2⤵
  PID:5620
- C:\Windows\System\vYngWIf.exe
  C:\Windows\System\vYngWIf.exe
  2⤵
  PID:5636
- C:\Windows\System\luZgouF.exe
  C:\Windows\System\luZgouF.exe
  2⤵
  PID:5656
- C:\Windows\System\xHCfUSF.exe
  C:\Windows\System\xHCfUSF.exe
  2⤵
  PID:5676
- C:\Windows\System\PuIldpK.exe
  C:\Windows\System\PuIldpK.exe
  2⤵
  PID:5700
- C:\Windows\System\YjlgSEK.exe
  C:\Windows\System\YjlgSEK.exe
  2⤵
  PID:5716
- C:\Windows\System\pPtdfLw.exe
  C:\Windows\System\pPtdfLw.exe
  2⤵
  PID:5736
- C:\Windows\System\gDAFrOd.exe
  C:\Windows\System\gDAFrOd.exe
  2⤵
  PID:5756
- C:\Windows\System\SuVIskc.exe
  C:\Windows\System\SuVIskc.exe
  2⤵
  PID:5780
- C:\Windows\System\NqlgRbM.exe
  C:\Windows\System\NqlgRbM.exe
  2⤵
  PID:5800
- C:\Windows\System\iCLbOUF.exe
  C:\Windows\System\iCLbOUF.exe
  2⤵
  PID:5816
- C:\Windows\System\DkMpHNt.exe
  C:\Windows\System\DkMpHNt.exe
  2⤵
  PID:5840
- C:\Windows\System\pKCNELB.exe
  C:\Windows\System\pKCNELB.exe
  2⤵
  PID:5860
- C:\Windows\System\JJKonuj.exe
  C:\Windows\System\JJKonuj.exe
  2⤵
  PID:5880
- C:\Windows\System\tZsuUfL.exe
  C:\Windows\System\tZsuUfL.exe
  2⤵
  PID:5900
- C:\Windows\System\dHLdGSs.exe
  C:\Windows\System\dHLdGSs.exe
  2⤵
  PID:5916
- C:\Windows\System\WoiTHtp.exe
  C:\Windows\System\WoiTHtp.exe
  2⤵
  PID:5948
- C:\Windows\System\GfSQale.exe
  C:\Windows\System\GfSQale.exe
  2⤵
  PID:5968
- C:\Windows\System\uyrfCLm.exe
  C:\Windows\System\uyrfCLm.exe
  2⤵
  PID:5988
- C:\Windows\System\rsoKAGU.exe
  C:\Windows\System\rsoKAGU.exe
  2⤵
  PID:6008
- C:\Windows\System\apseXBx.exe
  C:\Windows\System\apseXBx.exe
  2⤵
  PID:6028
- C:\Windows\System\PshUyxs.exe
  C:\Windows\System\PshUyxs.exe
  2⤵
  PID:6048
- C:\Windows\System\PuZqmXJ.exe
  C:\Windows\System\PuZqmXJ.exe
  2⤵
  PID:6068
- C:\Windows\System\jbsYxuK.exe
  C:\Windows\System\jbsYxuK.exe
  2⤵
  PID:6088
- C:\Windows\System\TcGprgL.exe
  C:\Windows\System\TcGprgL.exe
  2⤵
  PID:6108
- C:\Windows\System\oYfCaPm.exe
  C:\Windows\System\oYfCaPm.exe
  2⤵
  PID:6128
- C:\Windows\System\txRsbGq.exe
  C:\Windows\System\txRsbGq.exe
  2⤵
  PID:4548
- C:\Windows\System\kylRhHk.exe
  C:\Windows\System\kylRhHk.exe
  2⤵
  PID:4448
- C:\Windows\System\TbyIHMw.exe
  C:\Windows\System\TbyIHMw.exe
  2⤵
  PID:4616
- C:\Windows\System\WzCIkVW.exe
  C:\Windows\System\WzCIkVW.exe
  2⤵
  PID:4724
- C:\Windows\System\eKWzIME.exe
  C:\Windows\System\eKWzIME.exe
  2⤵
  PID:4964
- C:\Windows\System\DTqCPbL.exe
  C:\Windows\System\DTqCPbL.exe
  2⤵
  PID:5008
- C:\Windows\System\veGXnSz.exe
  C:\Windows\System\veGXnSz.exe
  2⤵
  PID:4712
- C:\Windows\System\VPKTUwf.exe
  C:\Windows\System\VPKTUwf.exe
  2⤵
  PID:4844
- C:\Windows\System\HyLckPg.exe
  C:\Windows\System\HyLckPg.exe
  2⤵
  PID:4892
- C:\Windows\System\SAeyDtJ.exe
  C:\Windows\System\SAeyDtJ.exe
  2⤵
  PID:5072
- C:\Windows\System\woZpbwb.exe
  C:\Windows\System\woZpbwb.exe
  2⤵
  PID:1048
- C:\Windows\System\NjShGfB.exe
  C:\Windows\System\NjShGfB.exe
  2⤵
  PID:1752
- C:\Windows\System\UnNenZS.exe
  C:\Windows\System\UnNenZS.exe
  2⤵
  PID:5132
- C:\Windows\System\owLxmiJ.exe
  C:\Windows\System\owLxmiJ.exe
  2⤵
  PID:5176
- C:\Windows\System\wUyWAqL.exe
  C:\Windows\System\wUyWAqL.exe
  2⤵
  PID:5220
- C:\Windows\System\raOvsXQ.exe
  C:\Windows\System\raOvsXQ.exe
  2⤵
  PID:3728
- C:\Windows\System\NbcPTzE.exe
  C:\Windows\System\NbcPTzE.exe
  2⤵
  PID:5292
- C:\Windows\System\JkMpLWB.exe
  C:\Windows\System\JkMpLWB.exe
  2⤵
  PID:5344
- C:\Windows\System\VWMCvpD.exe
  C:\Windows\System\VWMCvpD.exe
  2⤵
  PID:576
- C:\Windows\System\AEeSBRZ.exe
  C:\Windows\System\AEeSBRZ.exe
  2⤵
  PID:5200
- C:\Windows\System\RRkIWoA.exe
  C:\Windows\System\RRkIWoA.exe
  2⤵
  PID:5448
- C:\Windows\System\uwjqfPS.exe
  C:\Windows\System\uwjqfPS.exe
  2⤵
  PID:5488
- C:\Windows\System\PGgXRBA.exe
  C:\Windows\System\PGgXRBA.exe
  2⤵
  PID:5560
- C:\Windows\System\briXNkQ.exe
  C:\Windows\System\briXNkQ.exe
  2⤵
  PID:5316
- C:\Windows\System\dujsyDE.exe
  C:\Windows\System\dujsyDE.exe
  2⤵
  PID:5616
- C:\Windows\System\ddkoHrC.exe
  C:\Windows\System\ddkoHrC.exe
  2⤵
  PID:5652
- C:\Windows\System\ANbJcVO.exe
  C:\Windows\System\ANbJcVO.exe
  2⤵
  PID:5360
- C:\Windows\System\dvtMqRz.exe
  C:\Windows\System\dvtMqRz.exe
  2⤵
  PID:5436
- C:\Windows\System\IUDLLsu.exe
  C:\Windows\System\IUDLLsu.exe
  2⤵
  PID:5696
- C:\Windows\System\nboJMwN.exe
  C:\Windows\System\nboJMwN.exe
  2⤵
  PID:5516
- C:\Windows\System\iLoGkHo.exe
  C:\Windows\System\iLoGkHo.exe
  2⤵
  PID:5732
- C:\Windows\System\kCxvHzl.exe
  C:\Windows\System\kCxvHzl.exe
  2⤵
  PID:5764
- C:\Windows\System\xrTacpj.exe
  C:\Windows\System\xrTacpj.exe
  2⤵
  PID:5776
- C:\Windows\System\FhdIVGw.exe
  C:\Windows\System\FhdIVGw.exe
  2⤵
  PID:5668
- C:\Windows\System\mhEgEaf.exe
  C:\Windows\System\mhEgEaf.exe
  2⤵
  PID:5712
- C:\Windows\System\cZhkxhC.exe
  C:\Windows\System\cZhkxhC.exe
  2⤵
  PID:5856
- C:\Windows\System\avBnlNs.exe
  C:\Windows\System\avBnlNs.exe
  2⤵
  PID:5796
- C:\Windows\System\YiIiksA.exe
  C:\Windows\System\YiIiksA.exe
  2⤵
  PID:5872
- C:\Windows\System\GvhgGHw.exe
  C:\Windows\System\GvhgGHw.exe
  2⤵
  PID:5912
- C:\Windows\System\eqHQcRi.exe
  C:\Windows\System\eqHQcRi.exe
  2⤵
  PID:5944
- C:\Windows\System\WSBtENJ.exe
  C:\Windows\System\WSBtENJ.exe
  2⤵
  PID:5976
- C:\Windows\System\CarnwOi.exe
  C:\Windows\System\CarnwOi.exe
  2⤵
  PID:6016
- C:\Windows\System\ADvvlRY.exe
  C:\Windows\System\ADvvlRY.exe
  2⤵
  PID:6044
- C:\Windows\System\TYzcCEr.exe
  C:\Windows\System\TYzcCEr.exe
  2⤵
  PID:6096
- C:\Windows\System\XUcuBhg.exe
  C:\Windows\System\XUcuBhg.exe
  2⤵
  PID:6100
- C:\Windows\System\IxpXyrA.exe
  C:\Windows\System\IxpXyrA.exe
  2⤵
  PID:4552
- C:\Windows\System\RLdpXIS.exe
  C:\Windows\System\RLdpXIS.exe
  2⤵
  PID:4532
- C:\Windows\System\MJEYoHP.exe
  C:\Windows\System\MJEYoHP.exe
  2⤵
  PID:4612
- C:\Windows\System\Eqcvmpz.exe
  C:\Windows\System\Eqcvmpz.exe
  2⤵
  PID:4732
- C:\Windows\System\HdwgfVS.exe
  C:\Windows\System\HdwgfVS.exe
  2⤵
  PID:4752
- C:\Windows\System\ArOScGR.exe
  C:\Windows\System\ArOScGR.exe
  2⤵
  PID:5108
- C:\Windows\System\ZHxNHKd.exe
  C:\Windows\System\ZHxNHKd.exe
  2⤵
  PID:3888
- C:\Windows\System\gNKvGqU.exe
  C:\Windows\System\gNKvGqU.exe
  2⤵
  PID:2308
- C:\Windows\System\leLiMOc.exe
  C:\Windows\System\leLiMOc.exe
  2⤵
  PID:3504
- C:\Windows\System\iBUGzkE.exe
  C:\Windows\System\iBUGzkE.exe
  2⤵
  PID:4376
- C:\Windows\System\VNWBxDw.exe
  C:\Windows\System\VNWBxDw.exe
  2⤵
  PID:5260
- C:\Windows\System\HtJpcxX.exe
  C:\Windows\System\HtJpcxX.exe
  2⤵
  PID:5296
- C:\Windows\System\lYIhzkb.exe
  C:\Windows\System\lYIhzkb.exe
  2⤵
  PID:2892
- C:\Windows\System\yMxYcQU.exe
  C:\Windows\System\yMxYcQU.exe
  2⤵
  PID:5236
- C:\Windows\System\zhfBNJn.exe
  C:\Windows\System\zhfBNJn.exe
  2⤵
  PID:5244
- C:\Windows\System\HLpMIxl.exe
  C:\Windows\System\HLpMIxl.exe
  2⤵
  PID:5312
- C:\Windows\System\iWmNVdY.exe
  C:\Windows\System\iWmNVdY.exe
  2⤵
  PID:5644
- C:\Windows\System\fHVyteA.exe
  C:\Windows\System\fHVyteA.exe
  2⤵
  PID:5404
- C:\Windows\System\wiyOaKN.exe
  C:\Windows\System\wiyOaKN.exe
  2⤵
  PID:5684
- C:\Windows\System\mLbPRmU.exe
  C:\Windows\System\mLbPRmU.exe
  2⤵
  PID:5508
- C:\Windows\System\NsBXnRs.exe
  C:\Windows\System\NsBXnRs.exe
  2⤵
  PID:5544
- C:\Windows\System\GnlGlaN.exe
  C:\Windows\System\GnlGlaN.exe
  2⤵
  PID:5708
- C:\Windows\System\aMrEHgp.exe
  C:\Windows\System\aMrEHgp.exe
  2⤵
  PID:5888
- C:\Windows\System\DZgrqfP.exe
  C:\Windows\System\DZgrqfP.exe
  2⤵
  PID:2588
- C:\Windows\System\ygYenlr.exe
  C:\Windows\System\ygYenlr.exe
  2⤵
  PID:5908
- C:\Windows\System\UHEJWIs.exe
  C:\Windows\System\UHEJWIs.exe
  2⤵
  PID:5956
- C:\Windows\System\gnKeqgL.exe
  C:\Windows\System\gnKeqgL.exe
  2⤵
  PID:6004
- C:\Windows\System\mKOokPA.exe
  C:\Windows\System\mKOokPA.exe
  2⤵
  PID:5980
- C:\Windows\System\KQWmTjf.exe
  C:\Windows\System\KQWmTjf.exe
  2⤵
  PID:6084
- C:\Windows\System\iraIfow.exe
  C:\Windows\System\iraIfow.exe
  2⤵
  PID:4416
- C:\Windows\System\EqtWDio.exe
  C:\Windows\System\EqtWDio.exe
  2⤵
  PID:4708
- C:\Windows\System\ROAvQCf.exe
  C:\Windows\System\ROAvQCf.exe
  2⤵
  PID:2748
- C:\Windows\System\ibDOJJJ.exe
  C:\Windows\System\ibDOJJJ.exe
  2⤵
  PID:4816
- C:\Windows\System\SDavogT.exe
  C:\Windows\System\SDavogT.exe
  2⤵
  PID:5028
- C:\Windows\System\XcYJqHf.exe
  C:\Windows\System\XcYJqHf.exe
  2⤵
  PID:5172
- C:\Windows\System\oRyTZjE.exe
  C:\Windows\System\oRyTZjE.exe
  2⤵
  PID:5216
- C:\Windows\System\aTaJfOp.exe
  C:\Windows\System\aTaJfOp.exe
  2⤵
  PID:1660
- C:\Windows\System\aHXqahA.exe
  C:\Windows\System\aHXqahA.exe
  2⤵
  PID:5532
- C:\Windows\System\TeLdkCP.exe
  C:\Windows\System\TeLdkCP.exe
  2⤵
  PID:5276
- C:\Windows\System\alAaOYA.exe
  C:\Windows\System\alAaOYA.exe
  2⤵
  PID:5324
- C:\Windows\System\KpsAXfo.exe
  C:\Windows\System\KpsAXfo.exe
  2⤵
  PID:2088
- C:\Windows\System\BrwDrht.exe
  C:\Windows\System\BrwDrht.exe
  2⤵
  PID:5592
- C:\Windows\System\dPLfQVD.exe
  C:\Windows\System\dPLfQVD.exe
  2⤵
  PID:5768
- C:\Windows\System\IpNFQqK.exe
  C:\Windows\System\IpNFQqK.exe
  2⤵
  PID:5788
- C:\Windows\System\fXgLuvO.exe
  C:\Windows\System\fXgLuvO.exe
  2⤵
  PID:5928
- C:\Windows\System\tDKcjbT.exe
  C:\Windows\System\tDKcjbT.exe
  2⤵
  PID:5996
- C:\Windows\System\yOAbTdo.exe
  C:\Windows\System\yOAbTdo.exe
  2⤵
  PID:6080
- C:\Windows\System\QizNuBD.exe
  C:\Windows\System\QizNuBD.exe
  2⤵
  PID:6152
- C:\Windows\System\ITNQLlI.exe
  C:\Windows\System\ITNQLlI.exe
  2⤵
  PID:6172
- C:\Windows\System\tTTKGIm.exe
  C:\Windows\System\tTTKGIm.exe
  2⤵
  PID:6192
- C:\Windows\System\SruRVzu.exe
  C:\Windows\System\SruRVzu.exe
  2⤵
  PID:6212
- C:\Windows\System\GzDGzkj.exe
  C:\Windows\System\GzDGzkj.exe
  2⤵
  PID:6232
- C:\Windows\System\wHzYVRz.exe
  C:\Windows\System\wHzYVRz.exe
  2⤵
  PID:6252
- C:\Windows\System\geJxWyt.exe
  C:\Windows\System\geJxWyt.exe
  2⤵
  PID:6272
- C:\Windows\System\fuBcrKt.exe
  C:\Windows\System\fuBcrKt.exe
  2⤵
  PID:6292
- C:\Windows\System\ZyBimIH.exe
  C:\Windows\System\ZyBimIH.exe
  2⤵
  PID:6312
- C:\Windows\System\IdLXRWG.exe
  C:\Windows\System\IdLXRWG.exe
  2⤵
  PID:6332
- C:\Windows\System\BSlAEWc.exe
  C:\Windows\System\BSlAEWc.exe
  2⤵
  PID:6352
- C:\Windows\System\dkPDKAD.exe
  C:\Windows\System\dkPDKAD.exe
  2⤵
  PID:6372
- C:\Windows\System\POvwziZ.exe
  C:\Windows\System\POvwziZ.exe
  2⤵
  PID:6392
- C:\Windows\System\eDUzhmN.exe
  C:\Windows\System\eDUzhmN.exe
  2⤵
  PID:6412
- C:\Windows\System\DZZMrQz.exe
  C:\Windows\System\DZZMrQz.exe
  2⤵
  PID:6432
- C:\Windows\System\ImLGNKU.exe
  C:\Windows\System\ImLGNKU.exe
  2⤵
  PID:6452
- C:\Windows\System\ntDynAb.exe
  C:\Windows\System\ntDynAb.exe
  2⤵
  PID:6472
- C:\Windows\System\pEZqIEw.exe
  C:\Windows\System\pEZqIEw.exe
  2⤵
  PID:6492
- C:\Windows\System\jbVLTdr.exe
  C:\Windows\System\jbVLTdr.exe
  2⤵
  PID:6512
- C:\Windows\System\FTQMpEh.exe
  C:\Windows\System\FTQMpEh.exe
  2⤵
  PID:6532
- C:\Windows\System\vemUSkV.exe
  C:\Windows\System\vemUSkV.exe
  2⤵
  PID:6552
- C:\Windows\System\NfAeyhC.exe
  C:\Windows\System\NfAeyhC.exe
  2⤵
  PID:6572
- C:\Windows\System\ghRBqPO.exe
  C:\Windows\System\ghRBqPO.exe
  2⤵
  PID:6592
- C:\Windows\System\uyJKCIT.exe
  C:\Windows\System\uyJKCIT.exe
  2⤵
  PID:6608
- C:\Windows\System\Klzzdvn.exe
  C:\Windows\System\Klzzdvn.exe
  2⤵
  PID:6632
- C:\Windows\System\WxeoyBU.exe
  C:\Windows\System\WxeoyBU.exe
  2⤵
  PID:6652
- C:\Windows\System\piXULMM.exe
  C:\Windows\System\piXULMM.exe
  2⤵
  PID:6672
- C:\Windows\System\vLXNdGV.exe
  C:\Windows\System\vLXNdGV.exe
  2⤵
  PID:6692
- C:\Windows\System\xcWYKOE.exe
  C:\Windows\System\xcWYKOE.exe
  2⤵
  PID:6712
- C:\Windows\System\enrgXuU.exe
  C:\Windows\System\enrgXuU.exe
  2⤵
  PID:6732
- C:\Windows\System\ModwcNa.exe
  C:\Windows\System\ModwcNa.exe
  2⤵
  PID:6752
- C:\Windows\System\djbVPcO.exe
  C:\Windows\System\djbVPcO.exe
  2⤵
  PID:6772
- C:\Windows\System\iHJpvgD.exe
  C:\Windows\System\iHJpvgD.exe
  2⤵
  PID:6796
- C:\Windows\System\FWauEjj.exe
  C:\Windows\System\FWauEjj.exe
  2⤵
  PID:6816
- C:\Windows\System\idoyMVm.exe
  C:\Windows\System\idoyMVm.exe
  2⤵
  PID:6832
- C:\Windows\System\UeKirGZ.exe
  C:\Windows\System\UeKirGZ.exe
  2⤵
  PID:6856
- C:\Windows\System\xVHYKTG.exe
  C:\Windows\System\xVHYKTG.exe
  2⤵
  PID:6876
- C:\Windows\System\GGipRte.exe
  C:\Windows\System\GGipRte.exe
  2⤵
  PID:6896
- C:\Windows\System\KQVFfqf.exe
  C:\Windows\System\KQVFfqf.exe
  2⤵
  PID:6916
- C:\Windows\System\ESxzACh.exe
  C:\Windows\System\ESxzACh.exe
  2⤵
  PID:6932
- C:\Windows\System\DruXluM.exe
  C:\Windows\System\DruXluM.exe
  2⤵
  PID:6956
- C:\Windows\System\qBEcCPz.exe
  C:\Windows\System\qBEcCPz.exe
  2⤵
  PID:6976
- C:\Windows\System\NazsDvn.exe
  C:\Windows\System\NazsDvn.exe
  2⤵
  PID:6996
- C:\Windows\System\zSuhdhl.exe
  C:\Windows\System\zSuhdhl.exe
  2⤵
  PID:7016
- C:\Windows\System\efkuGVA.exe
  C:\Windows\System\efkuGVA.exe
  2⤵
  PID:7036
- C:\Windows\System\qqPaYyn.exe
  C:\Windows\System\qqPaYyn.exe
  2⤵
  PID:7056
- C:\Windows\System\NwxKXid.exe
  C:\Windows\System\NwxKXid.exe
  2⤵
  PID:7076
- C:\Windows\System\huahvsf.exe
  C:\Windows\System\huahvsf.exe
  2⤵
  PID:7092
- C:\Windows\System\JcbPrDD.exe
  C:\Windows\System\JcbPrDD.exe
  2⤵
  PID:7116
- C:\Windows\System\GqGUezp.exe
  C:\Windows\System\GqGUezp.exe
  2⤵
  PID:7136
- C:\Windows\System\MEDQBTp.exe
  C:\Windows\System\MEDQBTp.exe
  2⤵
  PID:7156
- C:\Windows\System\SBNPFFk.exe
  C:\Windows\System\SBNPFFk.exe
  2⤵
  PID:4316
- C:\Windows\System\rPWZKlg.exe
  C:\Windows\System\rPWZKlg.exe
  2⤵
  PID:4016
- C:\Windows\System\eNcNsLc.exe
  C:\Windows\System\eNcNsLc.exe
  2⤵
  PID:5136
- C:\Windows\System\wBkwcfE.exe
  C:\Windows\System\wBkwcfE.exe
  2⤵
  PID:5152
- C:\Windows\System\zVOmDaB.exe
  C:\Windows\System\zVOmDaB.exe
  2⤵
  PID:5420
- C:\Windows\System\GsgYABh.exe
  C:\Windows\System\GsgYABh.exe
  2⤵
  PID:5492
- C:\Windows\System\IyILxpu.exe
  C:\Windows\System\IyILxpu.exe
  2⤵
  PID:5692
- C:\Windows\System\JSAEONM.exe
  C:\Windows\System\JSAEONM.exe
  2⤵
  PID:5588
- C:\Windows\System\Ghozlyh.exe
  C:\Windows\System\Ghozlyh.exe
  2⤵
  PID:5748
- C:\Windows\System\NhZfVcz.exe
  C:\Windows\System\NhZfVcz.exe
  2⤵
  PID:5792
- C:\Windows\System\zvHRXgY.exe
  C:\Windows\System\zvHRXgY.exe
  2⤵
  PID:6040
- C:\Windows\System\DBKAIUL.exe
  C:\Windows\System\DBKAIUL.exe
  2⤵
  PID:6188
- C:\Windows\System\MyovbXJ.exe
  C:\Windows\System\MyovbXJ.exe
  2⤵
  PID:6200
- C:\Windows\System\rTTKmKW.exe
  C:\Windows\System\rTTKmKW.exe
  2⤵
  PID:6208
- C:\Windows\System\aUAEmky.exe
  C:\Windows\System\aUAEmky.exe
  2⤵
  PID:6248
- C:\Windows\System\cNKmfRF.exe
  C:\Windows\System\cNKmfRF.exe
  2⤵
  PID:6284
- C:\Windows\System\XbUXMjW.exe
  C:\Windows\System\XbUXMjW.exe
  2⤵
  PID:6324
- C:\Windows\System\RIIMyRY.exe
  C:\Windows\System\RIIMyRY.exe
  2⤵
  PID:6368
- C:\Windows\System\eoRgahc.exe
  C:\Windows\System\eoRgahc.exe
  2⤵
  PID:6420
- C:\Windows\System\GXNTXUz.exe
  C:\Windows\System\GXNTXUz.exe
  2⤵
  PID:6460
- C:\Windows\System\TNXxMNR.exe
  C:\Windows\System\TNXxMNR.exe
  2⤵
  PID:6468
- C:\Windows\System\GnhwEXD.exe
  C:\Windows\System\GnhwEXD.exe
  2⤵
  PID:6484
- C:\Windows\System\NhAiCvE.exe
  C:\Windows\System\NhAiCvE.exe
  2⤵
  PID:6524
- C:\Windows\System\wRWYQFu.exe
  C:\Windows\System\wRWYQFu.exe
  2⤵
  PID:6568
- C:\Windows\System\TcTSePm.exe
  C:\Windows\System\TcTSePm.exe
  2⤵
  PID:6620
- C:\Windows\System\iPzoBCR.exe
  C:\Windows\System\iPzoBCR.exe
  2⤵
  PID:6640
- C:\Windows\System\uLVGyzC.exe
  C:\Windows\System\uLVGyzC.exe
  2⤵
  PID:6664
- C:\Windows\System\qgBaYFK.exe
  C:\Windows\System\qgBaYFK.exe
  2⤵
  PID:6700
- C:\Windows\System\ZAxJmLx.exe
  C:\Windows\System\ZAxJmLx.exe
  2⤵
  PID:6720
- C:\Windows\System\fzquGYc.exe
  C:\Windows\System\fzquGYc.exe
  2⤵
  PID:6760
- C:\Windows\System\QQTnhjH.exe
  C:\Windows\System\QQTnhjH.exe
  2⤵
  PID:6824
- C:\Windows\System\EyunIja.exe
  C:\Windows\System\EyunIja.exe
  2⤵
  PID:6844
- C:\Windows\System\uboEKpW.exe
  C:\Windows\System\uboEKpW.exe
  2⤵
  PID:6868
- C:\Windows\System\MjfHJmL.exe
  C:\Windows\System\MjfHJmL.exe
  2⤵
  PID:6940
- C:\Windows\System\npkoxeY.exe
  C:\Windows\System\npkoxeY.exe
  2⤵
  PID:6888
- C:\Windows\System\dARSIaz.exe
  C:\Windows\System\dARSIaz.exe
  2⤵
  PID:6972
- C:\Windows\System\NRLeAoG.exe
  C:\Windows\System\NRLeAoG.exe
  2⤵
  PID:7012
- C:\Windows\System\kqxzljo.exe
  C:\Windows\System\kqxzljo.exe
  2⤵
  PID:7028
- C:\Windows\System\sFbQqTU.exe
  C:\Windows\System\sFbQqTU.exe
  2⤵
  PID:7104
- C:\Windows\System\DFZWpsq.exe
  C:\Windows\System\DFZWpsq.exe
  2⤵
  PID:7052
- C:\Windows\System\cqwVqJf.exe
  C:\Windows\System\cqwVqJf.exe
  2⤵
  PID:7132
- C:\Windows\System\UYBNipq.exe
  C:\Windows\System\UYBNipq.exe
  2⤵
  PID:7164
- C:\Windows\System\rJgzAtr.exe
  C:\Windows\System\rJgzAtr.exe
  2⤵
  PID:5376
- C:\Windows\System\fdidHmt.exe
  C:\Windows\System\fdidHmt.exe
  2⤵
  PID:816
- C:\Windows\System\UNMatqx.exe
  C:\Windows\System\UNMatqx.exe
  2⤵
  PID:5512
- C:\Windows\System\dqeeUAk.exe
  C:\Windows\System\dqeeUAk.exe
  2⤵
  PID:5648
- C:\Windows\System\SHkaugW.exe
  C:\Windows\System\SHkaugW.exe
  2⤵
  PID:5392
- C:\Windows\System\TpwtRVP.exe
  C:\Windows\System\TpwtRVP.exe
  2⤵
  PID:5964
- C:\Windows\System\eVtShbA.exe
  C:\Windows\System\eVtShbA.exe
  2⤵
  PID:6060
- C:\Windows\System\MYdWzUI.exe
  C:\Windows\System\MYdWzUI.exe
  2⤵
  PID:6288
- C:\Windows\System\tOqbYpO.exe
  C:\Windows\System\tOqbYpO.exe
  2⤵
  PID:6240
- C:\Windows\System\wmcegKx.exe
  C:\Windows\System\wmcegKx.exe
  2⤵
  PID:6344
- C:\Windows\System\aJKWpSQ.exe
  C:\Windows\System\aJKWpSQ.exe
  2⤵
  PID:6328
- C:\Windows\System\OkgvSqD.exe
  C:\Windows\System\OkgvSqD.exe
  2⤵
  PID:6500
- C:\Windows\System\APybgjz.exe
  C:\Windows\System\APybgjz.exe
  2⤵
  PID:6580
- C:\Windows\System\RrtZlbo.exe
  C:\Windows\System\RrtZlbo.exe
  2⤵
  PID:2676
- C:\Windows\System\UHlIRSt.exe
  C:\Windows\System\UHlIRSt.exe
  2⤵
  PID:6520
- C:\Windows\System\gcPJLnt.exe
  C:\Windows\System\gcPJLnt.exe
  2⤵
  PID:6584
- C:\Windows\System\dkYlrVu.exe
  C:\Windows\System\dkYlrVu.exe
  2⤵
  PID:6780
- C:\Windows\System\ehypWXi.exe
  C:\Windows\System\ehypWXi.exe
  2⤵
  PID:6704
- C:\Windows\System\nHxBeAG.exe
  C:\Windows\System\nHxBeAG.exe
  2⤵
  PID:6748
- C:\Windows\System\swaPHlh.exe
  C:\Windows\System\swaPHlh.exe
  2⤵
  PID:2612
- C:\Windows\System\vGLsnro.exe
  C:\Windows\System\vGLsnro.exe
  2⤵
  PID:6872
- C:\Windows\System\gUHJfbB.exe
  C:\Windows\System\gUHJfbB.exe
  2⤵
  PID:6948
- C:\Windows\System\BpvRRab.exe
  C:\Windows\System\BpvRRab.exe
  2⤵
  PID:7112
- C:\Windows\System\EufBuSU.exe
  C:\Windows\System\EufBuSU.exe
  2⤵
  PID:7152
- C:\Windows\System\lObpNUx.exe
  C:\Windows\System\lObpNUx.exe
  2⤵
  PID:3984
- C:\Windows\System\gMTveQp.exe
  C:\Windows\System\gMTveQp.exe
  2⤵
  PID:5400
- C:\Windows\System\MZIEEkc.exe
  C:\Windows\System\MZIEEkc.exe
  2⤵
  PID:1480
- C:\Windows\System\MtgmjqB.exe
  C:\Windows\System\MtgmjqB.exe
  2⤵
  PID:4828
- C:\Windows\System\XkSwfWc.exe
  C:\Windows\System\XkSwfWc.exe
  2⤵
  PID:2712
- C:\Windows\System\ZFFXzVu.exe
  C:\Windows\System\ZFFXzVu.exe
  2⤵
  PID:6268
- C:\Windows\System\DugrLbg.exe
  C:\Windows\System\DugrLbg.exe
  2⤵
  PID:5936
- C:\Windows\System\SarPZds.exe
  C:\Windows\System\SarPZds.exe
  2⤵
  PID:6388
- C:\Windows\System\DqMoVGs.exe
  C:\Windows\System\DqMoVGs.exe
  2⤵
  PID:6164
- C:\Windows\System\LQUXdTY.exe
  C:\Windows\System\LQUXdTY.exe
  2⤵
  PID:6320
- C:\Windows\System\UzjRWIr.exe
  C:\Windows\System\UzjRWIr.exe
  2⤵
  PID:6560
- C:\Windows\System\RDYazNs.exe
  C:\Windows\System\RDYazNs.exe
  2⤵
  PID:6444
- C:\Windows\System\lNWvfOV.exe
  C:\Windows\System\lNWvfOV.exe
  2⤵
  PID:6668
- C:\Windows\System\lbtRYDX.exe
  C:\Windows\System\lbtRYDX.exe
  2⤵
  PID:6912
- C:\Windows\System\nNuAlkI.exe
  C:\Windows\System\nNuAlkI.exe
  2⤵
  PID:6952
- C:\Windows\System\FpPXgVI.exe
  C:\Windows\System\FpPXgVI.exe
  2⤵
  PID:7004
- C:\Windows\System\TLbfAJY.exe
  C:\Windows\System\TLbfAJY.exe
  2⤵
  PID:7008
- C:\Windows\System\OVzHgwM.exe
  C:\Windows\System\OVzHgwM.exe
  2⤵
  PID:3988
- C:\Windows\System\ofPIwSM.exe
  C:\Windows\System\ofPIwSM.exe
  2⤵
  PID:7088
- C:\Windows\System\WTZZbcF.exe
  C:\Windows\System\WTZZbcF.exe
  2⤵
  PID:6124
- C:\Windows\System\bFTylTu.exe
  C:\Windows\System\bFTylTu.exe
  2⤵
  PID:6180
- C:\Windows\System\ZiaIwVi.exe
  C:\Windows\System\ZiaIwVi.exe
  2⤵
  PID:6600
- C:\Windows\System\BLHorXQ.exe
  C:\Windows\System\BLHorXQ.exe
  2⤵
  PID:6168
- C:\Windows\System\uVWTiQm.exe
  C:\Windows\System\uVWTiQm.exe
  2⤵
  PID:6724
- C:\Windows\System\xZyextK.exe
  C:\Windows\System\xZyextK.exe
  2⤵
  PID:6684
- C:\Windows\System\fLzmlil.exe
  C:\Windows\System\fLzmlil.exe
  2⤵
  PID:7044
- C:\Windows\System\QiuTPvK.exe
  C:\Windows\System\QiuTPvK.exe
  2⤵
  PID:7188
- C:\Windows\System\GVZaqQX.exe
  C:\Windows\System\GVZaqQX.exe
  2⤵
  PID:7208
- C:\Windows\System\TAfGJUT.exe
  C:\Windows\System\TAfGJUT.exe
  2⤵
  PID:7228
- C:\Windows\System\AnysrJH.exe
  C:\Windows\System\AnysrJH.exe
  2⤵
  PID:7244
- C:\Windows\System\CmTHBTo.exe
  C:\Windows\System\CmTHBTo.exe
  2⤵
  PID:7268
- C:\Windows\System\JFeECax.exe
  C:\Windows\System\JFeECax.exe
  2⤵
  PID:7288
- C:\Windows\System\wRkRpow.exe
  C:\Windows\System\wRkRpow.exe
  2⤵
  PID:7308
- C:\Windows\System\zjDsJwD.exe
  C:\Windows\System\zjDsJwD.exe
  2⤵
  PID:7328
- C:\Windows\System\EFsDhEw.exe
  C:\Windows\System\EFsDhEw.exe
  2⤵
  PID:7344
- C:\Windows\System\YLLWWZb.exe
  C:\Windows\System\YLLWWZb.exe
  2⤵
  PID:7368
- C:\Windows\System\vZeOdPU.exe
  C:\Windows\System\vZeOdPU.exe
  2⤵
  PID:7388
- C:\Windows\System\YygrwBj.exe
  C:\Windows\System\YygrwBj.exe
  2⤵
  PID:7408
- C:\Windows\System\kVpMghU.exe
  C:\Windows\System\kVpMghU.exe
  2⤵
  PID:7432
- C:\Windows\System\ghWUCTn.exe
  C:\Windows\System\ghWUCTn.exe
  2⤵
  PID:7452
- C:\Windows\System\apAhOFv.exe
  C:\Windows\System\apAhOFv.exe
  2⤵
  PID:7472
- C:\Windows\System\PXFEtAR.exe
  C:\Windows\System\PXFEtAR.exe
  2⤵
  PID:7492
- C:\Windows\System\EwEMSCZ.exe
  C:\Windows\System\EwEMSCZ.exe
  2⤵
  PID:7512
- C:\Windows\System\iPirqcy.exe
  C:\Windows\System\iPirqcy.exe
  2⤵
  PID:7532
- C:\Windows\System\oABPTnR.exe
  C:\Windows\System\oABPTnR.exe
  2⤵
  PID:7552
- C:\Windows\System\MEDJrZt.exe
  C:\Windows\System\MEDJrZt.exe
  2⤵
  PID:7572
- C:\Windows\System\YrBRwIN.exe
  C:\Windows\System\YrBRwIN.exe
  2⤵
  PID:7588
- C:\Windows\System\dcaKevq.exe
  C:\Windows\System\dcaKevq.exe
  2⤵
  PID:7608
- C:\Windows\System\QRaYxKp.exe
  C:\Windows\System\QRaYxKp.exe
  2⤵
  PID:7628
- C:\Windows\System\yEBNIfW.exe
  C:\Windows\System\yEBNIfW.exe
  2⤵
  PID:7652
- C:\Windows\System\eUBItxA.exe
  C:\Windows\System\eUBItxA.exe
  2⤵
  PID:7672
- C:\Windows\System\MfWyMzd.exe
  C:\Windows\System\MfWyMzd.exe
  2⤵
  PID:7692
- C:\Windows\System\yafZBuz.exe
  C:\Windows\System\yafZBuz.exe
  2⤵
  PID:7712
- C:\Windows\System\wbUvgzv.exe
  C:\Windows\System\wbUvgzv.exe
  2⤵
  PID:7732
- C:\Windows\System\NYWWvkz.exe
  C:\Windows\System\NYWWvkz.exe
  2⤵
  PID:7752
- C:\Windows\System\SiEOcOh.exe
  C:\Windows\System\SiEOcOh.exe
  2⤵
  PID:7772
- C:\Windows\System\MzhMOty.exe
  C:\Windows\System\MzhMOty.exe
  2⤵
  PID:7792
- C:\Windows\System\jOZpIOj.exe
  C:\Windows\System\jOZpIOj.exe
  2⤵
  PID:7812
- C:\Windows\System\XoLvNIy.exe
  C:\Windows\System\XoLvNIy.exe
  2⤵
  PID:7832
- C:\Windows\System\HWOjMwJ.exe
  C:\Windows\System\HWOjMwJ.exe
  2⤵
  PID:7852
- C:\Windows\System\Rmaqbao.exe
  C:\Windows\System\Rmaqbao.exe
  2⤵
  PID:7868
- C:\Windows\System\wajdqAb.exe
  C:\Windows\System\wajdqAb.exe
  2⤵
  PID:7884
- C:\Windows\System\ePlCTpk.exe
  C:\Windows\System\ePlCTpk.exe
  2⤵
  PID:7908
- C:\Windows\System\CSfqBao.exe
  C:\Windows\System\CSfqBao.exe
  2⤵
  PID:7928
- C:\Windows\System\LFxocGw.exe
  C:\Windows\System\LFxocGw.exe
  2⤵
  PID:7948
- C:\Windows\System\FXZEHwu.exe
  C:\Windows\System\FXZEHwu.exe
  2⤵
  PID:7968
- C:\Windows\System\iVHoBQX.exe
  C:\Windows\System\iVHoBQX.exe
  2⤵
  PID:7988
- C:\Windows\System\GlcTDwb.exe
  C:\Windows\System\GlcTDwb.exe
  2⤵
  PID:8008
- C:\Windows\System\anWSQNW.exe
  C:\Windows\System\anWSQNW.exe
  2⤵
  PID:8028
- C:\Windows\System\gayDUvi.exe
  C:\Windows\System\gayDUvi.exe
  2⤵
  PID:8048
- C:\Windows\System\qaamtlO.exe
  C:\Windows\System\qaamtlO.exe
  2⤵
  PID:8072
- C:\Windows\System\FrfclMm.exe
  C:\Windows\System\FrfclMm.exe
  2⤵
  PID:8092
- C:\Windows\System\qzIKLQm.exe
  C:\Windows\System\qzIKLQm.exe
  2⤵
  PID:8108
- C:\Windows\System\PYVKxNC.exe
  C:\Windows\System\PYVKxNC.exe
  2⤵
  PID:8132
- C:\Windows\System\wIIMYUY.exe
  C:\Windows\System\wIIMYUY.exe
  2⤵
  PID:8156
- C:\Windows\System\elUXlfb.exe
  C:\Windows\System\elUXlfb.exe
  2⤵
  PID:8176
- C:\Windows\System\RuJXwSI.exe
  C:\Windows\System\RuJXwSI.exe
  2⤵
  PID:6840
- C:\Windows\System\FTxwmyi.exe
  C:\Windows\System\FTxwmyi.exe
  2⤵
  PID:7148
- C:\Windows\System\KiMxKWo.exe
  C:\Windows\System\KiMxKWo.exe
  2⤵
  PID:6300
- C:\Windows\System\SvZcJTw.exe
  C:\Windows\System\SvZcJTw.exe
  2⤵
  PID:1380
- C:\Windows\System\LhyqXOB.exe
  C:\Windows\System\LhyqXOB.exe
  2⤵
  PID:6280
- C:\Windows\System\PXLEDPq.exe
  C:\Windows\System\PXLEDPq.exe
  2⤵
  PID:6448
- C:\Windows\System\fftIMvY.exe
  C:\Windows\System\fftIMvY.exe
  2⤵
  PID:6360
- C:\Windows\System\iJlqzpi.exe
  C:\Windows\System\iJlqzpi.exe
  2⤵
  PID:7204
- C:\Windows\System\iCNcEls.exe
  C:\Windows\System\iCNcEls.exe
  2⤵
  PID:7216
- C:\Windows\System\axznWxw.exe
  C:\Windows\System\axznWxw.exe
  2⤵
  PID:7276
- C:\Windows\System\NBTydff.exe
  C:\Windows\System\NBTydff.exe
  2⤵
  PID:7280
- C:\Windows\System\HPfOORH.exe
  C:\Windows\System\HPfOORH.exe
  2⤵
  PID:7300
- C:\Windows\System\vunwdbb.exe
  C:\Windows\System\vunwdbb.exe
  2⤵
  PID:2196
- C:\Windows\System\VPfXkAo.exe
  C:\Windows\System\VPfXkAo.exe
  2⤵
  PID:7340
- C:\Windows\System\gyQuXCI.exe
  C:\Windows\System\gyQuXCI.exe
  2⤵
  PID:7400
- C:\Windows\System\bRAJUxA.exe
  C:\Windows\System\bRAJUxA.exe
  2⤵
  PID:7384
- C:\Windows\System\IxlDlMz.exe
  C:\Windows\System\IxlDlMz.exe
  2⤵
  PID:3004
- C:\Windows\System\vCjcHAv.exe
  C:\Windows\System\vCjcHAv.exe
  2⤵
  PID:7460
- C:\Windows\System\JzzyJWg.exe
  C:\Windows\System\JzzyJWg.exe
  2⤵
  PID:7500
- C:\Windows\System\bDrOvxI.exe
  C:\Windows\System\bDrOvxI.exe
  2⤵
  PID:7564
- C:\Windows\System\oMpGPWi.exe
  C:\Windows\System\oMpGPWi.exe
  2⤵
  PID:7544
- C:\Windows\System\muYYeJg.exe
  C:\Windows\System\muYYeJg.exe
  2⤵
  PID:7636
- C:\Windows\System\JqGWxuX.exe
  C:\Windows\System\JqGWxuX.exe
  2⤵
  PID:7620
- C:\Windows\System\XGlFVnI.exe
  C:\Windows\System\XGlFVnI.exe
  2⤵
  PID:1928
- C:\Windows\System\gezhoRo.exe
  C:\Windows\System\gezhoRo.exe
  2⤵
  PID:7728
- C:\Windows\System\lXHlYbG.exe
  C:\Windows\System\lXHlYbG.exe
  2⤵
  PID:7764
- C:\Windows\System\nKirDpz.exe
  C:\Windows\System\nKirDpz.exe
  2⤵
  PID:7804
- C:\Windows\System\WHpUdMN.exe
  C:\Windows\System\WHpUdMN.exe
  2⤵
  PID:2420
- C:\Windows\System\dUYSVCL.exe
  C:\Windows\System\dUYSVCL.exe
  2⤵
  PID:7820
- C:\Windows\System\wNbhTyI.exe
  C:\Windows\System\wNbhTyI.exe
  2⤵
  PID:7956
- C:\Windows\System\pjHsyls.exe
  C:\Windows\System\pjHsyls.exe
  2⤵
  PID:7904
- C:\Windows\System\bSujVdb.exe
  C:\Windows\System\bSujVdb.exe
  2⤵
  PID:8004
- C:\Windows\System\KerOzds.exe
  C:\Windows\System\KerOzds.exe
  2⤵
  PID:7944
- C:\Windows\System\sxjoeKy.exe
  C:\Windows\System\sxjoeKy.exe
  2⤵
  PID:804
- C:\Windows\System\NzBQYSc.exe
  C:\Windows\System\NzBQYSc.exe
  2⤵
  PID:7980
- C:\Windows\System\KIswNJp.exe
  C:\Windows\System\KIswNJp.exe
  2⤵
  PID:8116
- C:\Windows\System\tezVbDB.exe
  C:\Windows\System\tezVbDB.exe
  2⤵
  PID:8056
- C:\Windows\System\WzodHgk.exe
  C:\Windows\System\WzodHgk.exe
  2⤵
  PID:8164
- C:\Windows\System\PkyPADs.exe
  C:\Windows\System\PkyPADs.exe
  2⤵
  PID:8100
- C:\Windows\System\ZFchKAc.exe
  C:\Windows\System\ZFchKAc.exe
  2⤵
  PID:6848
- C:\Windows\System\iVWXOzH.exe
  C:\Windows\System\iVWXOzH.exe
  2⤵
  PID:4908
- C:\Windows\System\iWvshEB.exe
  C:\Windows\System\iWvshEB.exe
  2⤵
  PID:3176
- C:\Windows\System\NCSMtvo.exe
  C:\Windows\System\NCSMtvo.exe
  2⤵
  PID:6688
- C:\Windows\System\eFYUIsm.exe
  C:\Windows\System\eFYUIsm.exe
  2⤵
  PID:6064
- C:\Windows\System\BGjnjGp.exe
  C:\Windows\System\BGjnjGp.exe
  2⤵
  PID:6504
- C:\Windows\System\JIerpAY.exe
  C:\Windows\System\JIerpAY.exe
  2⤵
  PID:1204
- C:\Windows\System\HRenzhJ.exe
  C:\Windows\System\HRenzhJ.exe
  2⤵
  PID:2184
- C:\Windows\System\YMROivz.exe
  C:\Windows\System\YMROivz.exe
  2⤵
  PID:7236
- C:\Windows\System\QorlijE.exe
  C:\Windows\System\QorlijE.exe
  2⤵
  PID:2028
- C:\Windows\System\rLskexz.exe
  C:\Windows\System\rLskexz.exe
  2⤵
  PID:7396
- C:\Windows\System\HwTKdAU.exe
  C:\Windows\System\HwTKdAU.exe
  2⤵
  PID:7448
- C:\Windows\System\BfyJsYR.exe
  C:\Windows\System\BfyJsYR.exe
  2⤵
  PID:7296
- C:\Windows\System\pfAfUAJ.exe
  C:\Windows\System\pfAfUAJ.exe
  2⤵
  PID:7504
- C:\Windows\System\DzZTiuf.exe
  C:\Windows\System\DzZTiuf.exe
  2⤵
  PID:7600
- C:\Windows\System\NyFlxTh.exe
  C:\Windows\System\NyFlxTh.exe
  2⤵
  PID:7680
- C:\Windows\System\jfAkEao.exe
  C:\Windows\System\jfAkEao.exe
  2⤵
  PID:7480
- C:\Windows\System\njsmwXF.exe
  C:\Windows\System\njsmwXF.exe
  2⤵
  PID:7524
- C:\Windows\System\upnePNL.exe
  C:\Windows\System\upnePNL.exe
  2⤵
  PID:7668
- C:\Windows\System\RRfxFUi.exe
  C:\Windows\System\RRfxFUi.exe
  2⤵
  PID:7624
- C:\Windows\System\lxpvzqs.exe
  C:\Windows\System\lxpvzqs.exe
  2⤵
  PID:2008
- C:\Windows\System\xnsrLjS.exe
  C:\Windows\System\xnsrLjS.exe
  2⤵
  PID:7808
- C:\Windows\System\lgssoyX.exe
  C:\Windows\System\lgssoyX.exe
  2⤵
  PID:1040
- C:\Windows\System\aCHdeaa.exe
  C:\Windows\System\aCHdeaa.exe
  2⤵
  PID:7924
- C:\Windows\System\KaNLIut.exe
  C:\Windows\System\KaNLIut.exe
  2⤵
  PID:7996
- C:\Windows\System\PJbksFP.exe
  C:\Windows\System\PJbksFP.exe
  2⤵
  PID:7976
- C:\Windows\System\dFhrVFw.exe
  C:\Windows\System\dFhrVFw.exe
  2⤵
  PID:8128
- C:\Windows\System\QVSBtYu.exe
  C:\Windows\System\QVSBtYu.exe
  2⤵
  PID:2352
- C:\Windows\System\ZmJKRUZ.exe
  C:\Windows\System\ZmJKRUZ.exe
  2⤵
  PID:1760
- C:\Windows\System\eiFBkAp.exe
  C:\Windows\System\eiFBkAp.exe
  2⤵
  PID:8104
- C:\Windows\System\xONPKJo.exe
  C:\Windows\System\xONPKJo.exe
  2⤵
  PID:6964
- C:\Windows\System\abReixg.exe
  C:\Windows\System\abReixg.exe
  2⤵
  PID:5608
- C:\Windows\System\ZCynNCJ.exe
  C:\Windows\System\ZCynNCJ.exe
  2⤵
  PID:7252
- C:\Windows\System\GgJjuiz.exe
  C:\Windows\System\GgJjuiz.exe
  2⤵
  PID:7428
- C:\Windows\System\enMylql.exe
  C:\Windows\System\enMylql.exe
  2⤵
  PID:6408
- C:\Windows\System\sZvEAUJ.exe
  C:\Windows\System\sZvEAUJ.exe
  2⤵
  PID:7316
- C:\Windows\System\ZeRoJZL.exe
  C:\Windows\System\ZeRoJZL.exe
  2⤵
  PID:1676
- C:\Windows\System\XKcTbeL.exe
  C:\Windows\System\XKcTbeL.exe
  2⤵
  PID:7688
- C:\Windows\System\QXpaXyw.exe
  C:\Windows\System\QXpaXyw.exe
  2⤵
  PID:7700
- C:\Windows\System\MGdCfDF.exe
  C:\Windows\System\MGdCfDF.exe
  2⤵
  PID:7824
- C:\Windows\System\czMsjOL.exe
  C:\Windows\System\czMsjOL.exe
  2⤵
  PID:8064
- C:\Windows\System\JGlRjnT.exe
  C:\Windows\System\JGlRjnT.exe
  2⤵
  PID:7960
- C:\Windows\System\mFfDjLg.exe
  C:\Windows\System\mFfDjLg.exe
  2⤵
  PID:8188
- C:\Windows\System\LMHUOtv.exe
  C:\Windows\System\LMHUOtv.exe
  2⤵
  PID:8040
- C:\Windows\System\HKjqfXC.exe
  C:\Windows\System\HKjqfXC.exe
  2⤵
  PID:7196
- C:\Windows\System\PRiTtli.exe
  C:\Windows\System\PRiTtli.exe
  2⤵
  PID:2496
- C:\Windows\System\uOLltNJ.exe
  C:\Windows\System\uOLltNJ.exe
  2⤵
  PID:7864
- C:\Windows\System\qznCYmm.exe
  C:\Windows\System\qznCYmm.exe
  2⤵
  PID:2076
- C:\Windows\System\eggsgmn.exe
  C:\Windows\System\eggsgmn.exe
  2⤵
  PID:7484
- C:\Windows\System\lEGKuPM.exe
  C:\Windows\System\lEGKuPM.exe
  2⤵
  PID:2200
- C:\Windows\System\cFmZNZf.exe
  C:\Windows\System\cFmZNZf.exe
  2⤵
  PID:7648
- C:\Windows\System\lSLyAuI.exe
  C:\Windows\System\lSLyAuI.exe
  2⤵
  PID:7580
- C:\Windows\System\YlyyrPz.exe
  C:\Windows\System\YlyyrPz.exe
  2⤵
  PID:8024
- C:\Windows\System\ehUACDY.exe
  C:\Windows\System\ehUACDY.exe
  2⤵
  PID:2848
- C:\Windows\System\irznfWz.exe
  C:\Windows\System\irznfWz.exe
  2⤵
  PID:1556
- C:\Windows\System\vvPGJXk.exe
  C:\Windows\System\vvPGJXk.exe
  2⤵
  PID:8080
- C:\Windows\System\jlzjNHV.exe
  C:\Windows\System\jlzjNHV.exe
  2⤵
  PID:7184
- C:\Windows\System\CZMeOtP.exe
  C:\Windows\System\CZMeOtP.exe
  2⤵
  PID:6264
- C:\Windows\System\YJWGSXd.exe
  C:\Windows\System\YJWGSXd.exe
  2⤵
  PID:8044
- C:\Windows\System\YqhqZsN.exe
  C:\Windows\System\YqhqZsN.exe
  2⤵
  PID:7284
- C:\Windows\System\NVBDexD.exe
  C:\Windows\System\NVBDexD.exe
  2⤵
  PID:8184
- C:\Windows\System\KqvGyFA.exe
  C:\Windows\System\KqvGyFA.exe
  2⤵
  PID:7548
- C:\Windows\System\WaivVDq.exe
  C:\Windows\System\WaivVDq.exe
  2⤵
  PID:2760
- C:\Windows\System\RgdEqfQ.exe
  C:\Windows\System\RgdEqfQ.exe
  2⤵
  PID:7528
- C:\Windows\System\WtGgyGy.exe
  C:\Windows\System\WtGgyGy.exe
  2⤵
  PID:7780
- C:\Windows\System\LtOQdvQ.exe
  C:\Windows\System\LtOQdvQ.exe
  2⤵
  PID:1688
- C:\Windows\System\gwqFmZk.exe
  C:\Windows\System\gwqFmZk.exe
  2⤵
  PID:8204
- C:\Windows\System\cgGepWG.exe
  C:\Windows\System\cgGepWG.exe
  2⤵
  PID:8220
- C:\Windows\System\qUyxnVn.exe
  C:\Windows\System\qUyxnVn.exe
  2⤵
  PID:8236
- C:\Windows\System\eXottXR.exe
  C:\Windows\System\eXottXR.exe
  2⤵
  PID:8252
- C:\Windows\System\xfpXdZG.exe
  C:\Windows\System\xfpXdZG.exe
  2⤵
  PID:8268
- C:\Windows\System\gfAkHBh.exe
  C:\Windows\System\gfAkHBh.exe
  2⤵
  PID:8284
- C:\Windows\System\YEdopun.exe
  C:\Windows\System\YEdopun.exe
  2⤵
  PID:8300
- C:\Windows\System\MNmSsgR.exe
  C:\Windows\System\MNmSsgR.exe
  2⤵
  PID:8316
- C:\Windows\System\pfZUbOi.exe
  C:\Windows\System\pfZUbOi.exe
  2⤵
  PID:8332
- C:\Windows\System\urxXNbZ.exe
  C:\Windows\System\urxXNbZ.exe
  2⤵
  PID:8352
- C:\Windows\System\VMemhpN.exe
  C:\Windows\System\VMemhpN.exe
  2⤵
  PID:8400
- C:\Windows\System\VUeBhXI.exe
  C:\Windows\System\VUeBhXI.exe
  2⤵
  PID:8416
- C:\Windows\System\GUqvBTg.exe
  C:\Windows\System\GUqvBTg.exe
  2⤵
  PID:8432
- C:\Windows\System\RYwNbFM.exe
  C:\Windows\System\RYwNbFM.exe
  2⤵
  PID:8448
- C:\Windows\System\jwMkCVW.exe
  C:\Windows\System\jwMkCVW.exe
  2⤵
  PID:8464
- C:\Windows\System\SzYoccv.exe
  C:\Windows\System\SzYoccv.exe
  2⤵
  PID:8480
- C:\Windows\System\vXAcmvL.exe
  C:\Windows\System\vXAcmvL.exe
  2⤵
  PID:8496
- C:\Windows\System\jqEDeAM.exe
  C:\Windows\System\jqEDeAM.exe
  2⤵
  PID:8516
- C:\Windows\System\SvNURXG.exe
  C:\Windows\System\SvNURXG.exe
  2⤵
  PID:8532
- C:\Windows\System\WutYcuk.exe
  C:\Windows\System\WutYcuk.exe
  2⤵
  PID:8548
- C:\Windows\System\UJoPmNU.exe
  C:\Windows\System\UJoPmNU.exe
  2⤵
  PID:8564
- C:\Windows\System\MQJQmDX.exe
  C:\Windows\System\MQJQmDX.exe
  2⤵
  PID:8584
- C:\Windows\System\ZSlHNSx.exe
  C:\Windows\System\ZSlHNSx.exe
  2⤵
  PID:8600
- C:\Windows\System\pEjzHDT.exe
  C:\Windows\System\pEjzHDT.exe
  2⤵
  PID:8616
- C:\Windows\System\UHUpWho.exe
  C:\Windows\System\UHUpWho.exe
  2⤵
  PID:8636
- C:\Windows\System\GAsmlDa.exe
  C:\Windows\System\GAsmlDa.exe
  2⤵
  PID:8652
- C:\Windows\System\ElSqQsZ.exe
  C:\Windows\System\ElSqQsZ.exe
  2⤵
  PID:8676
- C:\Windows\System\hJHUNOv.exe
  C:\Windows\System\hJHUNOv.exe
  2⤵
  PID:8692
- C:\Windows\System\NuKQnOT.exe
  C:\Windows\System\NuKQnOT.exe
  2⤵
  PID:8708
- C:\Windows\System\fsfGYnX.exe
  C:\Windows\System\fsfGYnX.exe
  2⤵
  PID:8724
- C:\Windows\System\HqmLnpd.exe
  C:\Windows\System\HqmLnpd.exe
  2⤵
  PID:8740
- C:\Windows\System\giuQbtF.exe
  C:\Windows\System\giuQbtF.exe
  2⤵
  PID:8756
- C:\Windows\System\FUBYBAr.exe
  C:\Windows\System\FUBYBAr.exe
  2⤵
  PID:8772
- C:\Windows\System\vnzWMiY.exe
  C:\Windows\System\vnzWMiY.exe
  2⤵
  PID:8788
- C:\Windows\System\xOmbITA.exe
  C:\Windows\System\xOmbITA.exe
  2⤵
  PID:8804
- C:\Windows\System\PsmNhqh.exe
  C:\Windows\System\PsmNhqh.exe
  2⤵
  PID:8820
- C:\Windows\System\MUdqtGz.exe
  C:\Windows\System\MUdqtGz.exe
  2⤵
  PID:8836
- C:\Windows\System\GKAwtWj.exe
  C:\Windows\System\GKAwtWj.exe
  2⤵
  PID:8852
- C:\Windows\System\kNgrvQQ.exe
  C:\Windows\System\kNgrvQQ.exe
  2⤵
  PID:8868
- C:\Windows\System\gEXstBw.exe
  C:\Windows\System\gEXstBw.exe
  2⤵
  PID:8884
- C:\Windows\System\HVMKtPw.exe
  C:\Windows\System\HVMKtPw.exe
  2⤵
  PID:8900
- C:\Windows\System\kGfqstP.exe
  C:\Windows\System\kGfqstP.exe
  2⤵
  PID:8916
- C:\Windows\System\wRErWzB.exe
  C:\Windows\System\wRErWzB.exe
  2⤵
  PID:8932
- C:\Windows\System\RVuTJwI.exe
  C:\Windows\System\RVuTJwI.exe
  2⤵
  PID:8948
- C:\Windows\System\gnIwTHf.exe
  C:\Windows\System\gnIwTHf.exe
  2⤵
  PID:8964
- C:\Windows\System\NBWUHJR.exe
  C:\Windows\System\NBWUHJR.exe
  2⤵
  PID:8980
- C:\Windows\System\YUaSRZI.exe
  C:\Windows\System\YUaSRZI.exe
  2⤵
  PID:8996
- C:\Windows\System\wnndGXB.exe
  C:\Windows\System\wnndGXB.exe
  2⤵
  PID:9012
- C:\Windows\System\Xbxqfsa.exe
  C:\Windows\System\Xbxqfsa.exe
  2⤵
  PID:9028
- C:\Windows\System\uoVUVgf.exe
  C:\Windows\System\uoVUVgf.exe
  2⤵
  PID:9044
- C:\Windows\System\scGVFVw.exe
  C:\Windows\System\scGVFVw.exe
  2⤵
  PID:9060
- C:\Windows\System\bdFpzkn.exe
  C:\Windows\System\bdFpzkn.exe
  2⤵
  PID:9076
- C:\Windows\System\uedfHxf.exe
  C:\Windows\System\uedfHxf.exe
  2⤵
  PID:9092
- C:\Windows\System\aQNOzbY.exe
  C:\Windows\System\aQNOzbY.exe
  2⤵
  PID:9108
- C:\Windows\System\ZSwKGhi.exe
  C:\Windows\System\ZSwKGhi.exe
  2⤵
  PID:9124
- C:\Windows\System\zIXsNwy.exe
  C:\Windows\System\zIXsNwy.exe
  2⤵
  PID:9140
- C:\Windows\System\WfeUfpu.exe
  C:\Windows\System\WfeUfpu.exe
  2⤵
  PID:9156
- C:\Windows\System\XHBcELA.exe
  C:\Windows\System\XHBcELA.exe
  2⤵
  PID:9172
- C:\Windows\System\VXEUrUK.exe
  C:\Windows\System\VXEUrUK.exe
  2⤵
  PID:9188
- C:\Windows\System\WEEOmvR.exe
  C:\Windows\System\WEEOmvR.exe
  2⤵
  PID:9204
- C:\Windows\System\IOZGiZR.exe
  C:\Windows\System\IOZGiZR.exe
  2⤵
  PID:7376
- C:\Windows\System\YVjijyX.exe
  C:\Windows\System\YVjijyX.exe
  2⤵
  PID:8200
- C:\Windows\System\NcFaDdK.exe
  C:\Windows\System\NcFaDdK.exe
  2⤵
  PID:8232
- C:\Windows\System\VWRuEig.exe
  C:\Windows\System\VWRuEig.exe
  2⤵
  PID:8264
- C:\Windows\System\IUVxcjm.exe
  C:\Windows\System\IUVxcjm.exe
  2⤵
  PID:1720
- C:\Windows\System\OEefuaL.exe
  C:\Windows\System\OEefuaL.exe
  2⤵
  PID:8280
- C:\Windows\System\cQGmhVg.exe
  C:\Windows\System\cQGmhVg.exe
  2⤵
  PID:1864
- C:\Windows\System\ZGyfUFM.exe
  C:\Windows\System\ZGyfUFM.exe
  2⤵
  PID:624
- C:\Windows\System\aeqwVMb.exe
  C:\Windows\System\aeqwVMb.exe
  2⤵
  PID:444
- C:\Windows\System\PiUDXsA.exe
  C:\Windows\System\PiUDXsA.exe
  2⤵
  PID:2448
- C:\Windows\System\QeJHCDq.exe
  C:\Windows\System\QeJHCDq.exe
  2⤵
  PID:8340
- C:\Windows\System\CEMwVCR.exe
  C:\Windows\System\CEMwVCR.exe
  2⤵
  PID:8372
- C:\Windows\System\GVZrZtW.exe
  C:\Windows\System\GVZrZtW.exe
  2⤵
  PID:8388
- C:\Windows\System\VdDLtAp.exe
  C:\Windows\System\VdDLtAp.exe
  2⤵
  PID:8412
- C:\Windows\System\ChccKNq.exe
  C:\Windows\System\ChccKNq.exe
  2⤵
  PID:8472
- C:\Windows\System\FntLczO.exe
  C:\Windows\System\FntLczO.exe
  2⤵
  PID:8512
- C:\Windows\System\WReZfCF.exe
  C:\Windows\System\WReZfCF.exe
  2⤵
  PID:8580
- C:\Windows\System\rKmxpSv.exe
  C:\Windows\System\rKmxpSv.exe
  2⤵
  PID:8364
- C:\Windows\System\ncdQlVa.exe
  C:\Windows\System\ncdQlVa.exe
  2⤵
  PID:8488
- C:\Windows\System\ZYfYaPO.exe
  C:\Windows\System\ZYfYaPO.exe
  2⤵
  PID:8592
- C:\Windows\System\nERifyy.exe
  C:\Windows\System\nERifyy.exe
  2⤵
  PID:8648
- C:\Windows\System\URqdgEV.exe
  C:\Windows\System\URqdgEV.exe
  2⤵
  PID:8596
- C:\Windows\System\MSIeSGz.exe
  C:\Windows\System\MSIeSGz.exe
  2⤵
  PID:8684
- C:\Windows\System\qXFpaid.exe
  C:\Windows\System\qXFpaid.exe
  2⤵
  PID:8748
- C:\Windows\System\QrfEnnS.exe
  C:\Windows\System\QrfEnnS.exe
  2⤵
  PID:8812
- C:\Windows\System\sToMiXR.exe
  C:\Windows\System\sToMiXR.exe
  2⤵
  PID:8664
- C:\Windows\System\wAmunbG.exe
  C:\Windows\System\wAmunbG.exe
  2⤵
  PID:8844
- C:\Windows\System\JTdERIW.exe
  C:\Windows\System\JTdERIW.exe
  2⤵
  PID:8732
- C:\Windows\System\KPMzkhW.exe
  C:\Windows\System\KPMzkhW.exe
  2⤵
  PID:8828
- C:\Windows\System\eoWhaKQ.exe
  C:\Windows\System\eoWhaKQ.exe
  2⤵
  PID:8832
- C:\Windows\System\VBKcjaq.exe
  C:\Windows\System\VBKcjaq.exe
  2⤵
  PID:8956
- C:\Windows\System\qPWWbFf.exe
  C:\Windows\System\qPWWbFf.exe
  2⤵
  PID:8940
- C:\Windows\System\lqouEFx.exe
  C:\Windows\System\lqouEFx.exe
  2⤵
  PID:9004
- C:\Windows\System\ZBwThDM.exe
  C:\Windows\System\ZBwThDM.exe
  2⤵
  PID:9052
- C:\Windows\System\kEqrzfA.exe
  C:\Windows\System\kEqrzfA.exe
  2⤵
  PID:9056
- C:\Windows\System\OxSjfjE.exe
  C:\Windows\System\OxSjfjE.exe
  2⤵
  PID:9100
- C:\Windows\System\XMijKmM.exe
  C:\Windows\System\XMijKmM.exe
  2⤵
  PID:9088
- C:\Windows\System\VFUrWQi.exe
  C:\Windows\System\VFUrWQi.exe
  2⤵
  PID:9148
- C:\Windows\System\NShjZIR.exe
  C:\Windows\System\NShjZIR.exe
  2⤵
  PID:9152
- C:\Windows\System\HVwbQeo.exe
  C:\Windows\System\HVwbQeo.exe
  2⤵
  PID:2684
- C:\Windows\System\tWodWMX.exe
  C:\Windows\System\tWodWMX.exe
  2⤵
  PID:8244
- C:\Windows\System\erdsWgF.exe
  C:\Windows\System\erdsWgF.exe
  2⤵
  PID:908
- C:\Windows\System\ENjZPvk.exe
  C:\Windows\System\ENjZPvk.exe
  2⤵
  PID:8212
- C:\Windows\System\UXIBOJs.exe
  C:\Windows\System\UXIBOJs.exe
  2⤵
  PID:1508
- C:\Windows\System\cxVlEYV.exe
  C:\Windows\System\cxVlEYV.exe
  2⤵
  PID:8736
- C:\Windows\System\ZIkwgKS.exe
  C:\Windows\System\ZIkwgKS.exe
  2⤵
  PID:9072
- C:\Windows\System\yBDSEOI.exe
  C:\Windows\System\yBDSEOI.exe
  2⤵
  PID:9200
- C:\Windows\System\eLfHqsl.exe
  C:\Windows\System\eLfHqsl.exe
  2⤵
  PID:9196
- C:\Windows\System\DxXhdAs.exe
  C:\Windows\System\DxXhdAs.exe
  2⤵
  PID:9104
- C:\Windows\System\lIXkofo.exe
  C:\Windows\System\lIXkofo.exe
  2⤵
  PID:1348
- C:\Windows\System\knNcLJA.exe
  C:\Windows\System\knNcLJA.exe
  2⤵
  PID:8348
- C:\Windows\System\kCrFaRZ.exe
  C:\Windows\System\kCrFaRZ.exe
  2⤵
  PID:8504
- C:\Windows\System\hPoGezf.exe
  C:\Windows\System\hPoGezf.exe
  2⤵
  PID:8572
- C:\Windows\System\LRiWYLI.exe
  C:\Windows\System\LRiWYLI.exe
  2⤵
  PID:8328
- C:\Windows\System\gjvKhxr.exe
  C:\Windows\System\gjvKhxr.exe
  2⤵
  PID:8528
- C:\Windows\System\zYZRejt.exe
  C:\Windows\System\zYZRejt.exe
  2⤵
  PID:8644
- C:\Windows\System\iCoNmKa.exe
  C:\Windows\System\iCoNmKa.exe
  2⤵
  PID:8912
- C:\Windows\System\eFunYOj.exe
  C:\Windows\System\eFunYOj.exe
  2⤵
  PID:8892
- C:\Windows\System\LVENoYZ.exe
  C:\Windows\System\LVENoYZ.exe
  2⤵
  PID:8908
- C:\Windows\System\yQkAHau.exe
  C:\Windows\System\yQkAHau.exe
  2⤵
  PID:8928
- C:\Windows\System\fdeKlkd.exe
  C:\Windows\System\fdeKlkd.exe
  2⤵
  PID:9084
- C:\Windows\System\SDumULN.exe
  C:\Windows\System\SDumULN.exe
  2⤵
  PID:8196
- C:\Windows\System\eFpWHtt.exe
  C:\Windows\System\eFpWHtt.exe
  2⤵
  PID:8228
- C:\Windows\System\tqtGPXk.exe
  C:\Windows\System\tqtGPXk.exe
  2⤵
  PID:8312
- C:\Windows\System\bnefiFv.exe
  C:\Windows\System\bnefiFv.exe
  2⤵
  PID:8456
- C:\Windows\System\sHeGsfs.exe
  C:\Windows\System\sHeGsfs.exe
  2⤵
  PID:8800
- C:\Windows\System\wengtIk.exe
  C:\Windows\System\wengtIk.exe
  2⤵
  PID:8784
- C:\Windows\System\ETWhOfZ.exe
  C:\Windows\System\ETWhOfZ.exe
  2⤵
  PID:8716
- C:\Windows\System\AnktsKR.exe
  C:\Windows\System\AnktsKR.exe
  2⤵
  PID:9068
- C:\Windows\System\bqzQQHC.exe
  C:\Windows\System\bqzQQHC.exe
  2⤵
  PID:8380
- C:\Windows\System\jQAySbx.exe
  C:\Windows\System\jQAySbx.exe
  2⤵
  PID:9120
- C:\Windows\System\UZzYwoJ.exe
  C:\Windows\System\UZzYwoJ.exe
  2⤵
  PID:8880
- C:\Windows\System\XqGjXyN.exe
  C:\Windows\System\XqGjXyN.exe
  2⤵
  PID:8704
- C:\Windows\System\LWWTuCg.exe
  C:\Windows\System\LWWTuCg.exe
  2⤵
  PID:8556
- C:\Windows\System\PYIhncC.exe
  C:\Windows\System\PYIhncC.exe
  2⤵
  PID:8408
- C:\Windows\System\EvTsmkV.exe
  C:\Windows\System\EvTsmkV.exe
  2⤵
  PID:8384
- C:\Windows\System\CWSatIJ.exe
  C:\Windows\System\CWSatIJ.exe
  2⤵
  PID:8628
- C:\Windows\System\jqdGbZX.exe
  C:\Windows\System\jqdGbZX.exe
  2⤵
  PID:9224
- C:\Windows\System\BwpkiPv.exe
  C:\Windows\System\BwpkiPv.exe
  2⤵
  PID:9240
- C:\Windows\System\MxYBfPp.exe
  C:\Windows\System\MxYBfPp.exe
  2⤵
  PID:9256
- C:\Windows\System\TbIEJML.exe
  C:\Windows\System\TbIEJML.exe
  2⤵
  PID:9272
- C:\Windows\System\ZRukLJa.exe
  C:\Windows\System\ZRukLJa.exe
  2⤵
  PID:9288
- C:\Windows\System\huBIGVV.exe
  C:\Windows\System\huBIGVV.exe
  2⤵
  PID:9304
- C:\Windows\System\BxndoJU.exe
  C:\Windows\System\BxndoJU.exe
  2⤵
  PID:9320
- C:\Windows\System\jACAdmq.exe
  C:\Windows\System\jACAdmq.exe
  2⤵
  PID:9336
- C:\Windows\System\QUzDkpb.exe
  C:\Windows\System\QUzDkpb.exe
  2⤵
  PID:9352
- C:\Windows\System\UmAOmoW.exe
  C:\Windows\System\UmAOmoW.exe
  2⤵
  PID:9368
- C:\Windows\System\irGSyrn.exe
  C:\Windows\System\irGSyrn.exe
  2⤵
  PID:9384
- C:\Windows\System\JpQinwf.exe
  C:\Windows\System\JpQinwf.exe
  2⤵
  PID:9400
- C:\Windows\System\FXOKNlf.exe
  C:\Windows\System\FXOKNlf.exe
  2⤵
  PID:9416
- C:\Windows\System\ZRzddwn.exe
  C:\Windows\System\ZRzddwn.exe
  2⤵
  PID:9432
- C:\Windows\System\qTVTKrd.exe
  C:\Windows\System\qTVTKrd.exe
  2⤵
  PID:9448
- C:\Windows\System\vZUdWqD.exe
  C:\Windows\System\vZUdWqD.exe
  2⤵
  PID:9464
- C:\Windows\System\SEQxAGE.exe
  C:\Windows\System\SEQxAGE.exe
  2⤵
  PID:9480
- C:\Windows\System\eCMzATr.exe
  C:\Windows\System\eCMzATr.exe
  2⤵
  PID:9496
- C:\Windows\System\PstvDQt.exe
  C:\Windows\System\PstvDQt.exe
  2⤵
  PID:9512
- C:\Windows\System\OXtWkmj.exe
  C:\Windows\System\OXtWkmj.exe
  2⤵
  PID:9528
- C:\Windows\System\PDaeAiQ.exe
  C:\Windows\System\PDaeAiQ.exe
  2⤵
  PID:9544
- C:\Windows\System\MxPXTfN.exe
  C:\Windows\System\MxPXTfN.exe
  2⤵
  PID:9560
- C:\Windows\System\SwgQTbX.exe
  C:\Windows\System\SwgQTbX.exe
  2⤵
  PID:9580
- C:\Windows\System\gWjoMtS.exe
  C:\Windows\System\gWjoMtS.exe
  2⤵
  PID:9596
- C:\Windows\System\CJwfcXG.exe
  C:\Windows\System\CJwfcXG.exe
  2⤵
  PID:9612
- C:\Windows\System\HPqWyLe.exe
  C:\Windows\System\HPqWyLe.exe
  2⤵
  PID:9628
- C:\Windows\System\ZNJIFnf.exe
  C:\Windows\System\ZNJIFnf.exe
  2⤵
  PID:9644
- C:\Windows\System\oMsIyae.exe
  C:\Windows\System\oMsIyae.exe
  2⤵
  PID:9660
- C:\Windows\System\OFMdjZv.exe
  C:\Windows\System\OFMdjZv.exe
  2⤵
  PID:9676
- C:\Windows\System\unvnOiN.exe
  C:\Windows\System\unvnOiN.exe
  2⤵
  PID:9692
- C:\Windows\System\Ziacqvp.exe
  C:\Windows\System\Ziacqvp.exe
  2⤵
  PID:9708
- C:\Windows\System\MTKUYBZ.exe
  C:\Windows\System\MTKUYBZ.exe
  2⤵
  PID:9724
- C:\Windows\System\cIopcjj.exe
  C:\Windows\System\cIopcjj.exe
  2⤵
  PID:9740
- C:\Windows\System\IuZzmML.exe
  C:\Windows\System\IuZzmML.exe
  2⤵
  PID:9756
- C:\Windows\System\nsMmwdL.exe
  C:\Windows\System\nsMmwdL.exe
  2⤵
  PID:9772
- C:\Windows\System\GHkzSbl.exe
  C:\Windows\System\GHkzSbl.exe
  2⤵
  PID:9788
- C:\Windows\System\KfWxVbT.exe
  C:\Windows\System\KfWxVbT.exe
  2⤵
  PID:9804
- C:\Windows\System\EBXVKiF.exe
  C:\Windows\System\EBXVKiF.exe
  2⤵
  PID:9820
- C:\Windows\System\dpUbFnm.exe
  C:\Windows\System\dpUbFnm.exe
  2⤵
  PID:9836
- C:\Windows\System\qibezjS.exe
  C:\Windows\System\qibezjS.exe
  2⤵
  PID:9856
- C:\Windows\System\epIkMCQ.exe
  C:\Windows\System\epIkMCQ.exe
  2⤵
  PID:9872
- C:\Windows\System\WLvdMBJ.exe
  C:\Windows\System\WLvdMBJ.exe
  2⤵
  PID:9888
- C:\Windows\System\OpuqiWs.exe
  C:\Windows\System\OpuqiWs.exe
  2⤵
  PID:9904
- C:\Windows\System\Ifzcjee.exe
  C:\Windows\System\Ifzcjee.exe
  2⤵
  PID:9920
- C:\Windows\System\kbQaUkv.exe
  C:\Windows\System\kbQaUkv.exe
  2⤵
  PID:9936
- C:\Windows\System\xbhszDe.exe
  C:\Windows\System\xbhszDe.exe
  2⤵
  PID:9952
- C:\Windows\System\ZBfVvWJ.exe
  C:\Windows\System\ZBfVvWJ.exe
  2⤵
  PID:9968
- C:\Windows\System\IMmbUMn.exe
  C:\Windows\System\IMmbUMn.exe
  2⤵
  PID:9984
- C:\Windows\System\vOqvUTV.exe
  C:\Windows\System\vOqvUTV.exe
  2⤵
  PID:10000
- C:\Windows\System\ZYEneaQ.exe
  C:\Windows\System\ZYEneaQ.exe
  2⤵
  PID:10016
- C:\Windows\System\UyKFpeN.exe
  C:\Windows\System\UyKFpeN.exe
  2⤵
  PID:10032
- C:\Windows\System\zcmCeYl.exe
  C:\Windows\System\zcmCeYl.exe
  2⤵
  PID:10048
- C:\Windows\System\aJMQnfA.exe
  C:\Windows\System\aJMQnfA.exe
  2⤵
  PID:10064
- C:\Windows\System\pKeZYUA.exe
  C:\Windows\System\pKeZYUA.exe
  2⤵
  PID:10080
- C:\Windows\System\sJNSObe.exe
  C:\Windows\System\sJNSObe.exe
  2⤵
  PID:10096
- C:\Windows\System\WkvJtJD.exe
  C:\Windows\System\WkvJtJD.exe
  2⤵
  PID:10112
- C:\Windows\System\UYMkTUj.exe
  C:\Windows\System\UYMkTUj.exe
  2⤵
  PID:10128
- C:\Windows\System\jpALKAK.exe
  C:\Windows\System\jpALKAK.exe
  2⤵
  PID:10144
- C:\Windows\System\mWlddzQ.exe
  C:\Windows\System\mWlddzQ.exe
  2⤵
  PID:10160
- C:\Windows\System\qXzsFnz.exe
  C:\Windows\System\qXzsFnz.exe
  2⤵
  PID:10176
- C:\Windows\System\raqFEqM.exe
  C:\Windows\System\raqFEqM.exe
  2⤵
  PID:10192
- C:\Windows\System\VTIiuFx.exe
  C:\Windows\System\VTIiuFx.exe
  2⤵
  PID:10208
- C:\Windows\System\katOxEW.exe
  C:\Windows\System\katOxEW.exe
  2⤵
  PID:10224
- C:\Windows\System\ZFnIyrO.exe
  C:\Windows\System\ZFnIyrO.exe
  2⤵
  PID:8672
- C:\Windows\System\AhsBGOr.exe
  C:\Windows\System\AhsBGOr.exe
  2⤵
  PID:9220
- C:\Windows\System\QjwSggY.exe
  C:\Windows\System\QjwSggY.exe
  2⤵
  PID:9284
- C:\Windows\System\SRDuEAz.exe
  C:\Windows\System\SRDuEAz.exe
  2⤵
  PID:9348
- C:\Windows\System\BBUJtRs.exe
  C:\Windows\System\BBUJtRs.exe
  2⤵
  PID:9376
- C:\Windows\System\JAFoTza.exe
  C:\Windows\System\JAFoTza.exe
  2⤵
  PID:9264
- C:\Windows\System\rfyLrix.exe
  C:\Windows\System\rfyLrix.exe
  2⤵
  PID:9364
- C:\Windows\System\vzqjcmL.exe
  C:\Windows\System\vzqjcmL.exe
  2⤵
  PID:9428
- C:\Windows\System\RqrqEGA.exe
  C:\Windows\System\RqrqEGA.exe
  2⤵
  PID:9476
- C:\Windows\System\ntFtASv.exe
  C:\Windows\System\ntFtASv.exe
  2⤵
  PID:9536
- C:\Windows\System\cObbFAs.exe
  C:\Windows\System\cObbFAs.exe
  2⤵
  PID:9524
- C:\Windows\System\IKTumAE.exe
  C:\Windows\System\IKTumAE.exe
  2⤵
  PID:9572
- C:\Windows\System\vYveGvF.exe
  C:\Windows\System\vYveGvF.exe
  2⤵
  PID:9608
- C:\Windows\System\PfpajGt.exe
  C:\Windows\System\PfpajGt.exe
  2⤵
  PID:9732
- C:\Windows\System\StonBKJ.exe
  C:\Windows\System\StonBKJ.exe
  2⤵
  PID:9656
- C:\Windows\System\cwrLygl.exe
  C:\Windows\System\cwrLygl.exe
  2⤵
  PID:9800
- C:\Windows\System\LeYqaMR.exe
  C:\Windows\System\LeYqaMR.exe
  2⤵
  PID:9716
- C:\Windows\System\RqPowrH.exe
  C:\Windows\System\RqPowrH.exe
  2⤵
  PID:9688
- C:\Windows\System\tbZotOE.exe
  C:\Windows\System\tbZotOE.exe
  2⤵
  PID:9928
- C:\Windows\System\nrYQoMR.exe
  C:\Windows\System\nrYQoMR.exe
  2⤵
  PID:9976
- C:\Windows\System\xJzLTnu.exe
  C:\Windows\System\xJzLTnu.exe
  2⤵
  PID:9784
- C:\Windows\System\HGbSsXk.exe
  C:\Windows\System\HGbSsXk.exe
  2⤵
  PID:10040
- C:\Windows\System\jRgexzR.exe
  C:\Windows\System\jRgexzR.exe
  2⤵
  PID:9912
- C:\Windows\System\zgJCprt.exe
  C:\Windows\System\zgJCprt.exe
  2⤵
  PID:9964
- C:\Windows\System\EuJCXBv.exe
  C:\Windows\System\EuJCXBv.exe
  2⤵
  PID:10028
- C:\Windows\System\OLBQEqo.exe
  C:\Windows\System\OLBQEqo.exe
  2⤵
  PID:10092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BBCzgjT.exe

Filesize
6.0MB

MD5
260d2cb1608c3088f537af46a0454f51

SHA1
4a497a39db6cbf0cc2bb7646152de2e04aedbd26

SHA256
d6c5fc71434a968b200c8011e24f3c1fd8df60296564b765a439ac63b9ed249d

SHA512
a0d0c6e9293f49be514070d2c33ebc67b37b7d346a8d1c9fbba23ee21b029cc5f2115ccbdddfc8eca04458c7d537a9fe72c5c3a1b94e08a840f12034c19ded8c

Download Submit
C:\Windows\system\BMsWrQs.exe

Filesize
6.0MB

MD5
9bb6dcb014639f0624a2200e63b64d97

SHA1
4dd8887f5e6a7ec704570fa1cc55801edf932df3

SHA256
de3d017545876ab96f7f95027e3a41d0ec7985fdee74e24bef9a89a094e26e68

SHA512
94c862eec11b8e718e3219e579315eb8eb1d37dbe27afe2cd38d82392d7ea844b2a8937b3ebf5d938671502072cf8fd07e7d2bf824f73f16b87d8f46e774afb9

Download Submit
C:\Windows\system\CXriRmI.exe

Filesize
6.0MB

MD5
d7c06a2beb26ccd172e124c53ae517ec

SHA1
587ac8e5747f818caa1d9549b6339a2f3ccf3511

SHA256
40fd98bb01156d6ac53c44896ff9c488f084f4b9bed53df09a3091d18b49733e

SHA512
8036481fe01eea883fc1701b3593915b701aec74505e9f9712cddf13fe0219a17733e795db5dce16171df0dffde4acb1d58cbd9d003a5f24e139d022dab94bde

Download Submit
C:\Windows\system\FfMxsdx.exe

Filesize
6.0MB

MD5
edac1bb70aa91abb225b29f833dc2a08

SHA1
b0a68a5a7e307e4615abd7b0c314ef61a5b990d6

SHA256
96524297f6e672316e7f471c6979f6cc77838c1fb9205007f936498623a20846

SHA512
124826abe358ff5a05fe8111b9c90f8776721d609943d4c9198531ca3edb1d8c09e6e6b38cfc1391b890dcb600613f2218a80ccb7b7052aa0de7d42f2e860d3e

Download Submit
C:\Windows\system\HoHiHOl.exe

Filesize
6.0MB

MD5
72d62abca95a0886f38583f33cc642b4

SHA1
73467af6264c82deb80e3a3d57ea571831f310da

SHA256
8fb117fc4444eedf45ade54b9c972456834169d468f9d9185488d5a95faad7f7

SHA512
3f27f8815146ea720d6c40dac094b304ae62255744c668c9baa35e82ab3f3229f4922e35441cd4ceb5dae4ba875d6640dbba8a3e4e587d3fff92cb761da2942a

Download Submit
C:\Windows\system\IQRsHsz.exe

Filesize
6.0MB

MD5
763e234c530c92363c647ce5edfe2e20

SHA1
2162518469375e15c2c50a3685c9047b3235e5cf

SHA256
7254bd9ffc6797334e32966cc892fb23f349b8381b964d43b430ce965a71cc00

SHA512
d54c4d9c41416de68959f3b4c0fcbdfe6686daacf93202266d938d05ce7c8b211b38ec67c35c1768e82b82312e0f2f122ccd2891c1e71533ebb89d048ca5bbd5

Download Submit
C:\Windows\system\IWBYXhp.exe

Filesize
6.0MB

MD5
892e0c9a5ac0251135cbea11f2e7dad9

SHA1
4616eba5553e5ed5cf820d059c7f6a196b3be90f

SHA256
fd186cd1b4f3d2249dba8cd397c66fc5052775ebd57efddde3eb0635900d74ff

SHA512
32df5beab6d0657113d233125a93fb9d49ed8e275c3b11d29a9de0ff19498a6c4d783ea55ab005280b7e1c9f2e8b98d6978bfc1082b8a36e639dede22d78f41b

Download Submit
C:\Windows\system\LDEnrBx.exe

Filesize
6.0MB

MD5
b4d907697bfa70205a5e567e0d0b8cb0

SHA1
8538917a1d25489d34a33f4d135063fb9da707a1

SHA256
030abfc531ff71fecbe5d13fe570037357b033b14c073e6f41a39b8a00f2b64b

SHA512
020f555141ac676a2c088bd3452877d5992c709f3ebd6b6bd1db0c317360d8deca98646eb4d36e7174e1b8c6449f6142f198dd3f76e617e264f8476241d88386

Download Submit
C:\Windows\system\MOARtWI.exe

Filesize
6.0MB

MD5
05514e2194eae9e4b9a883dc29f59d81

SHA1
4633bc73879ec30c286dfe831af794891981f7c1

SHA256
4253bea20138c8afe975146e730ef9d8fd3ee4381b98005f294dddf468a04040

SHA512
2366e362ef2a081157395aa789efbb57f797884db3c1b80c15f4dfac6165600eb03181839f62e804934909f1d05c5bacbd8786dfcbd8124a4cd63a8dcedef86c

Download Submit
C:\Windows\system\MOkDyvG.exe

Filesize
6.0MB

MD5
7bc68ceaa6d84302079df92e2fc1b367

SHA1
31142dfafa34c69eaf4a597a68adcb4b1541b537

SHA256
ba3215bbd6b477caf0ccf95565460de9ced648cd64ae6e8b70380187d0cab398

SHA512
28b526b6139669bca88b0935ea17626e857a4ec2ea3a5a714b30a2bc0f2b02d3cdb587dc96bfefa22042e2100a3431a1e770f74cdc57d5f4b4203e86c2112926

Download Submit
C:\Windows\system\Qqhprcd.exe

Filesize
6.0MB

MD5
a96be81e485087d2ba6163a17d79d773

SHA1
9e9f3668ab3461fd2342b36212b91f7e7da846fc

SHA256
aecded054a76ee4a24ed6c49f5e7a942a18fd0776fdde03b231d5da672b70bee

SHA512
c45cf1a19b9023aa79ddd7a6fc6c98ab510939f079168ee540464221cddf15c55c78e597ad75a3ad95c57cd121c6ae49267291ec8a97ab586deb696b3fadabd1

Download Submit
C:\Windows\system\RNkHBRR.exe

Filesize
6.0MB

MD5
5e0e4186455c5c28a50ad7fa4ab027fa

SHA1
410e226f86f241bfe3237a704710120cfc42ae81

SHA256
18e0145dd8842672eee94be114c009478d7d0846dd039b57ba972a42373a2371

SHA512
7bf8b53fd6eee2f04d8e5a2c128dd1301ed46aef1e3dc26af2f292f350c1db3d22d9d27d9e7ec6b5e25917b6f7aa50670373eecd69e24c3b2a6bfe8cbbb10429

Download Submit
C:\Windows\system\URnEXsJ.exe

Filesize
6.0MB

MD5
c5058fc82b25e6435fffbcef4fd0c73e

SHA1
49c666ad4daacd7e9072ab000cfb373c6f94c9ff

SHA256
8ea6043ceafe4fc85bcf96d8c5e0ddb7be2ec4f82cca89cf55a90035c168d6ed

SHA512
48f9693d1329ccdbede01ee664c584ca3d4dcc0c3afbadedc1ff56c9a5873d134591886751b33177ca799c035b7ccaa7cdf0b60ef93e61c6ec54ff710119daad

Download Submit
C:\Windows\system\VoBLXiN.exe

Filesize
6.0MB

MD5
5f349a1a7d4bba0eac5695e50ec8627f

SHA1
6e5a2c42d70c01a4035c13061f9613e933f47e6f

SHA256
bd7db2ba7c513bda719a89e60e5e2e567d19a8acaf50004990cdfad76dfd5e1d

SHA512
12d8fcc7e1cce6475645d86e3ae986e15409ef28ba8ecbafd8c408f239ac7fdab3db02f6ebba3af24223143d2b984c9a560c2f699b671f3e231a492615dc5ab1

Download Submit
C:\Windows\system\YdzRfpk.exe

Filesize
6.0MB

MD5
82585ac550b51914e40c6e924898988d

SHA1
8ad0cfd12b180556eb4a4165e2ffbf76a1d5e019

SHA256
23adf2714df6df3b55bdda275dae05257511ca56d392d1021a47c43de83d36cf

SHA512
44ddcbcbd14b8c5afee28a1062db4532dbc782d4f4feef53c2d9e8fba2896fae331c5cc337a952e3e675a40351b288399c6f075225c69725d2c895b80fb5fd30

Download Submit
C:\Windows\system\cIjPSow.exe

Filesize
6.0MB

MD5
b86759d34055aed17def4c8d6c0e05c3

SHA1
755daffee22cebb100e9558642e68d7c220b9b51

SHA256
1ad9de633e0f92a25015db12a4cd7d51613090dd4eaa757bc3874e9f52172608

SHA512
b991ecca51bc6748d20b3754867c6286f25f16a8e76409faeddfe39d2c27cdaee672f5e136dc94cbf4e9a0ebeae02bb68d0c2d2575ee0a74d46ef6333a843da8

Download Submit
C:\Windows\system\cPHqUjJ.exe

Filesize
6.0MB

MD5
f680c2f02607d4c79e039fd42ca17f9e

SHA1
fcdd8052bf3527060336eacf03693c42c2ba0add

SHA256
15f81010f3b5e1f5a009a6e13d05808b8271be571e17ed28bffa6140dd20a86a

SHA512
dcae53d1c0b8899f88819944695c0c757d0477babcf8ca6ec2c8a57d63eb7ea1a12fa100321aaa732cd9def8d01c1e58683afd48e4157bd9bcfa0943284e91ab

Download Submit
C:\Windows\system\frSPeov.exe

Filesize
6.0MB

MD5
5c639537df33d6b585371161e67db5ee

SHA1
26478ca2a028a5226079dcbcf63469e4197583cf

SHA256
d7fed011a0e4df3d01183218057cf5adb996b9bb407ba772841327ad49dbbeaf

SHA512
518699af9429bd8d0482c1e54ab459ad666b221acad423e2a981fc5a4d2505c283d4eaec29df05f7e440af4a68f6ee30f0e28b41bb7a7d704a0c908a899a6efc

Download Submit
C:\Windows\system\fuDQmJh.exe

Filesize
6.0MB

MD5
17cbb05e048942c32c15daab9b4d55ff

SHA1
f90596f73ba86ce5f11f11d10f427c200290542d

SHA256
3df55f1dcf5450f466ecbd48d5f5f8775246eb00a2987d3ca081b5a71385e2e0

SHA512
15d9949d50b0fbdd29ed74126a88100918eba4b823ebaa75c96924fa9aa951dd8b787d380e46caa1bbcbfa69ae17ec78cac0aed7f8a5d91723df408bb25c14c7

Download Submit
C:\Windows\system\iQsrGzc.exe

Filesize
6.0MB

MD5
aa1b0285167eee786f73a48f7f64a6aa

SHA1
04ebea74265fa3a15c3519783e1b3036450a55e6

SHA256
9f306ffc8b92e34a1579b3b9f9a6db0aa3d2b3a79a0347524a11cf03046d7d96

SHA512
724372dfc019a84267227c68e333caf8b29c67e9b21761c1c964e1fa8b40dfba269773c644a32a64f07036d7f8c1beaa6cdec767e0bbdf6c61604bedcaf6b837

Download Submit
C:\Windows\system\njoVDcD.exe

Filesize
6.0MB

MD5
c13f5ae944b2e03ed056c29576f33507

SHA1
60d9f4f393ee361f91a010a59118d463eba8f373

SHA256
fed92043cb03c30c773934e5dc09a0d08b9f711bcf0f8507cd42aef9e1615f95

SHA512
941ca2737d6563eb91ee7164881c4d21a2a8b10f19d24880afa9fe169410233ab5bed859c8250ce5a6f19295490f767cb1fef44cd87afd32bdc1d4cdc32042b5

Download Submit
C:\Windows\system\qQLSLIc.exe

Filesize
6.0MB

MD5
15f4fdec26edcbe940f326e859bdb2e1

SHA1
1d14d4fe9cfb4057ea05c3f488c974949c04c5f2

SHA256
f143e57f5de0e3adec37e3ba7ba6090102f9d8864af707d350164d57a2be3797

SHA512
bc3c672e7625835b19aaf5967c19710763dafd706c7fdfb847a0d2c00de3911c7d4e7ee0e8eaa1932734b66058e5341f140285da9d186ab9868ad06692060732

Download Submit
C:\Windows\system\riAnZcE.exe

Filesize
6.0MB

MD5
6ef7f3d046ce1a49cdcfa126e2a739ca

SHA1
540375449fb7b264ad9086aae496829e332a211d

SHA256
3d85c75f7ac27797d87e4ca8e6e813e20073b3bf6dfb0306d870da7fc36e90e1

SHA512
4fba3a6625370d65402063826e6cce0438f6dabeacc8a248607b8c927ade1ecf06516df82c763ac56fbfc3d2ddb8f386aac10b394de32f3a48953760cdb4298d

Download Submit
C:\Windows\system\sFJJEgR.exe

Filesize
6.0MB

MD5
ac530f994cddb9acfddb91f4640f149b

SHA1
843dba0acd0eebae72d97e44ede388c9bcaf82c9

SHA256
b019891b87d8b670077db179e94319a563b96fe744ce01f33dc308e77ffc116b

SHA512
4fb5ee072c4d5033eb439ce05cf0400f7b4ed2d9e0e45905412ced7d5d290ff7bfd483d9ec5f165ab3ac3c0e376a5652799b65bf89c89a0a4c2150d8bd7524d2

Download Submit
C:\Windows\system\szuOMpI.exe

Filesize
6.0MB

MD5
d43fb92019fbf8a99adffe3042170ac6

SHA1
6d7d46b597e4faee988009dba44841395eb7f4f0

SHA256
cc21c71c2b79e936b0669fb94f553e64b25681be646b0da85fa4eefdc4adcc07

SHA512
4370cc444ead7fae55df3060bfb2614d3b42f08fb1809229151593069fb7f83d9ed181b446b7f7643709fb81b0cd787a69565cf7e4e590ba00fe594b5d057c69

Download Submit
C:\Windows\system\tbYPkat.exe

Filesize
6.0MB

MD5
ae373feacd6e616be2fbf9518d119de7

SHA1
e9dd6ce028a2357c4ab76b844f68d5e39ac8a979

SHA256
4c9ad6825d3a16c9457934e28af69c572982bbcf162d6f0429ae6991bf037fa1

SHA512
2a08033bfa41bd463405bbb720f17980f55aad2e0443600b8a9d2695eb5ec15b92f0f51a5eec57944d84e148c3eb7bc59f85d7906193e9939393a7c71c08d75d

Download Submit
C:\Windows\system\yrbEcmn.exe

Filesize
6.0MB

MD5
9e1f87d3c301f50bf87a9f26d6a5f7d3

SHA1
37f8e0756ae324127113f4c442cebc7aa89b8362

SHA256
0c3bd72f1d95a87da86a1cd2ca941457ea40a728dad056e2f0772f8d4af03564

SHA512
98c2996e4a2df674c9a0c23244aeded3e3017d35015b69b0b9df23cff688d003efd28d498a3b236a13a4791f22d6f6211389cb555ea6893faa733ea486c196d3

Download Submit
C:\Windows\system\zePQHzy.exe

Filesize
6.0MB

MD5
94d28bfae0c9f6fb1a10a20ebab253cd

SHA1
b24912cb8e6726532355db2d1eed208e61a3fea9

SHA256
23fed718c4ed63e40befde4da43f346a0e6bcfb9a22243151e17b10d134eb134

SHA512
5e583837d070715eab96f3ef40182300e5382fb029ac84a61d2d3e0994eb5a6a67e8f238f56cde980177b8bd47728e5d5f72bab6c0c8d7e8c17215ac4fb3a7b2

Download Submit
\Windows\system\COcDeow.exe

Filesize
6.0MB

MD5
f6d19560bdb94703c4e07490173a144f

SHA1
f8d9c035fd5c54bacd479f54443268469241763d

SHA256
767786b3378e007a8d498442024f8d792976291c03fbd8a9096fd35ea8129721

SHA512
56462051b91e6de69fe6e29f67eaf01f0103fee6ec64f653fc1c17b759e375dcc33c6f265d0ed74230f80ab59c44a6bd20055cb35ba9c82d5b83bd797a5de491

Download Submit
\Windows\system\EaHodbh.exe

Filesize
6.0MB

MD5
13ceb0982cdd6f6771267aa36b4385c4

SHA1
f76778b3ac044267c8858a1dd9814e48d9383d23

SHA256
7099a72abc15b70ec9f0a4486d7e263d754fcaf183b143a39ea5e6a01ab4019e

SHA512
84ca8c4181e342df7ade2d7d268ac2a38d35eac14ca6df72aba9fee5aa2cfdf456a0e751bf00f965db07f0970e5ae9f4a105eff409dfe213982826c2fad30578

Download Submit
\Windows\system\XxeYFmF.exe

Filesize
6.0MB

MD5
db61e61a870815a42fc167e227265df0

SHA1
40fd6b6b39d8bd295a65f12dc8c8e5585443865e

SHA256
568033007e5dd9282fb49fc011de5f4b3b66079e323b6ec64cd71e09a791eeaf

SHA512
d3e6343fdde08a06ecf75ac12c1384c166014012cb0b13ff6c66380517a4beac785fe72ce54aae998445b383ef306d1c2def76811f91526b9c3cfc81146a6bcf

Download Submit
\Windows\system\YjDTgWi.exe

Filesize
6.0MB

MD5
58febfdb2876882c6e0aa86b0e7103bf

SHA1
b13a7bd6f19ca60b2ed4f7b950afe608d63d98e8

SHA256
4986de415754230ee6cee599c071dd48856116634af763d74328b8c3b1a0330c

SHA512
ac94d722242c27fc7037952e47da56e37d0618e6fab7795c61a12e47c354aaabb8e34ced63ac4d46991c34d00d10812a8831539f95d910f828822eb3d12a0961

Download Submit
memory/2044-3454-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2044-102-0x000000013F780000-0x000000013FAD4000-memory.dmp

Filesize
3.3MB

Download
memory/2160-533-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2160-3416-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2160-88-0x000000013FCD0000-0x0000000140024000-memory.dmp

Filesize
3.3MB

Download
memory/2212-109-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-86-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-66-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-532-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-0-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2212-710-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-54-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-94-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-1061-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-8-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-39-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-352-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-79-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-28-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2212-20-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2212-70-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-30-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2212-56-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2212-49-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/2220-80-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-3422-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2220-354-0x000000013F170000-0x000000013F4C4000-memory.dmp

Filesize
3.3MB

Download
memory/2564-50-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2564-3246-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2596-81-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-40-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3239-0x000000013F280000-0x000000013F5D4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3338-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2600-64-0x000000013FAB0000-0x000000013FE04000-memory.dmp

Filesize
3.3MB

Download
memory/2672-65-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-3389-0x000000013F050000-0x000000013F3A4000-memory.dmp

Filesize
3.3MB

Download
memory/2680-3219-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2680-25-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2680-63-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2744-33-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3240-0x000000013FE00000-0x0000000140154000-memory.dmp

Filesize
3.3MB

Download
memory/2752-35-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2752-78-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2752-3243-0x000000013F1B0000-0x000000013F504000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3223-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2792-12-0x000000013FDC0000-0x0000000140114000-memory.dmp

Filesize
3.3MB

Download
memory/2824-3218-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2824-32-0x000000013FF80000-0x00000001402D4000-memory.dmp

Filesize
3.3MB

Download
memory/2876-95-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2876-711-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2876-3421-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/2900-3356-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-71-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download
memory/2900-108-0x000000013FE80000-0x00000001401D4000-memory.dmp

Filesize
3.3MB

Download