cobaltstrike | 7e056a33e8ba6ea2ab98731377aa143f0682a2d60a6a1449dde7c13df0217cf5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
23/11/2024, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a27f12e24976f7f22c63baf70b0fb5e1
SHA1

d60a96d10a172e0b6da83fee466a3da5a0a09ac3
SHA256

7e056a33e8ba6ea2ab98731377aa143f0682a2d60a6a1449dde7c13df0217cf5
SHA512

fb6e7eb85417d77526b0fe28c057b400db851d72f9eceadc1a9945b9d4007ea093caa2fdcb73e0cc18fa0725169f0c5a418799122cbc5cd573a1b3f2d2230870
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUF:T+q56utgpPF8u/7F

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000b000000012281-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015ed2-9.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707c-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c44-178.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001904c-187.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018f65-182.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018696-166.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a2-162.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174a6-154.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001746a-152.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016eb8-138.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001757f-133.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016db5-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d58-123.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017488-116.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017403-105.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016210-103.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000173f3-94.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017400-91.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c34-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de4-55.dat	cobalt_reflective_dll
behavioral1/files/0x0015000000018676-143.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016da7-50.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000164db-49.dat	cobalt_reflective_dll
behavioral1/files/0x000700000001613e-33.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174c3-129.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edb-73.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-72.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dd0-71.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016009-61.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f96-21.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 59 IoCs

miner

resource	yara_rule
behavioral1/memory/2720-0-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000b000000012281-6.dat	xmrig
behavioral1/files/0x0008000000015ed2-9.dat	xmrig
behavioral1/files/0x000600000001707c-140.dat	xmrig
behavioral1/files/0x0006000000018c44-178.dat	xmrig
behavioral1/memory/3032-892-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2720-891-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x000600000001904c-187.dat	xmrig
behavioral1/files/0x0006000000018f65-182.dat	xmrig
behavioral1/files/0x0005000000018696-166.dat	xmrig
behavioral1/files/0x00050000000187a2-162.dat	xmrig
behavioral1/files/0x00060000000174a6-154.dat	xmrig
behavioral1/files/0x000600000001746a-152.dat	xmrig
behavioral1/files/0x0006000000016eb8-138.dat	xmrig
behavioral1/files/0x000600000001757f-133.dat	xmrig
behavioral1/files/0x0006000000016db5-126.dat	xmrig
behavioral1/files/0x0006000000016d58-123.dat	xmrig
behavioral1/memory/2772-120-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x0006000000017488-116.dat	xmrig
behavioral1/memory/2572-108-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2720-106-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017403-105.dat	xmrig
behavioral1/files/0x0007000000016210-103.dat	xmrig
behavioral1/memory/2820-102-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/files/0x00060000000173f3-94.dat	xmrig
behavioral1/files/0x0006000000017400-91.dat	xmrig
behavioral1/files/0x0006000000018c34-169.dat	xmrig
behavioral1/files/0x0005000000018697-157.dat	xmrig
behavioral1/memory/2720-85-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016de4-55.dat	xmrig
behavioral1/files/0x0015000000018676-143.dat	xmrig
behavioral1/files/0x0006000000016da7-50.dat	xmrig
behavioral1/files/0x00090000000164db-49.dat	xmrig
behavioral1/memory/2856-46-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/files/0x000700000001613e-33.dat	xmrig
behavioral1/files/0x00060000000174c3-129.dat	xmrig
behavioral1/memory/2124-98-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2980-90-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/776-87-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2756-81-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2720-75-0x0000000002270000-0x00000000025C4000-memory.dmp	xmrig
behavioral1/memory/2692-74-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0006000000016edb-73.dat	xmrig
behavioral1/files/0x0006000000016de8-72.dat	xmrig
behavioral1/files/0x0006000000016dd0-71.dat	xmrig
behavioral1/files/0x0007000000016009-61.dat	xmrig
behavioral1/files/0x0007000000015f96-21.dat	xmrig
behavioral1/memory/3032-20-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig
behavioral1/memory/2720-26-0x000000013FE50000-0x00000001401A4000-memory.dmp	xmrig
behavioral1/memory/2784-13-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/2692-3737-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2980-3739-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/776-3738-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2756-3741-0x000000013FFE0000-0x0000000140334000-memory.dmp	xmrig
behavioral1/memory/2820-3740-0x000000013F710000-0x000000013FA64000-memory.dmp	xmrig
behavioral1/memory/2124-3736-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2772-3735-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/memory/2784-3734-0x000000013F790000-0x000000013FAE4000-memory.dmp	xmrig
behavioral1/memory/3032-3766-0x000000013F9B0000-0x000000013FD04000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2784	pQgQOUM.exe
3032	vkXxkpZ.exe
2856	CfiUQme.exe
2820	OFhHnVL.exe
2572	BAaHigU.exe
2692	LclvAEX.exe
2756	BeVRXNs.exe
776	UfUkOyD.exe
2980	veCrHGy.exe
2124	SupKpMs.exe
2772	TluXgJk.exe
2736	qmoOvgP.exe
2952	QDKTjVT.exe
3000	ZUUryyT.exe
2600	vafkUsS.exe
2416	hnMXOsY.exe
788	dqnrvfi.exe
2864	uDVxdCT.exe
2272	eivEIYL.exe
2044	vKWsvGw.exe
2552	EaBELkz.exe
2632	JhYAjAo.exe
2288	qESYRlE.exe
2964	QijIiNj.exe
396	nLEqhlS.exe
1776	enuwPHi.exe
1996	UfVijUa.exe
1616	IciwGWb.exe
1096	Hljfkes.exe
108	RZREgmF.exe
280	QJFGeqm.exe
2080	PYmbtOB.exe
1788	PbmXwNc.exe
1560	fgAtRat.exe
1596	wKkzbZO.exe
1728	vNvgIvK.exe
1720	GKiMjyK.exe
712	BuGOZJd.exe
2656	cJeVbpt.exe
2480	gkVEPdK.exe
576	XJagyTm.exe
2484	LvMIakl.exe
696	AGdCbtY.exe
2180	kAjFxKl.exe
1288	ZtViyuk.exe
1060	ShokTIk.exe
1756	KDmlcZi.exe
2468	gfdmPPC.exe
2464	YNHWhfO.exe
1708	aYCYzRu.exe
2836	lmCXyCB.exe
2804	xsanXdn.exe
2100	AmCAArt.exe
2884	pILCsQD.exe
2984	CjdDiKG.exe
820	GXnRCfn.exe
2680	bUEhGFJ.exe
1824	NvEIMnM.exe
2412	uyCiDNb.exe
588	csVGjea.exe
3048	inGXevB.exe
1344	AuZvrRE.exe
2648	mCBJhHy.exe
912	XxpbKlB.exe

Loads dropped DLL 64 IoCs

pid	Process
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 55 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2720-0-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000b000000012281-6.dat	upx
behavioral1/files/0x0008000000015ed2-9.dat	upx
behavioral1/files/0x000600000001707c-140.dat	upx
behavioral1/files/0x0006000000018c44-178.dat	upx
behavioral1/memory/3032-892-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2720-891-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x000600000001904c-187.dat	upx
behavioral1/files/0x0006000000018f65-182.dat	upx
behavioral1/files/0x0005000000018696-166.dat	upx
behavioral1/files/0x00050000000187a2-162.dat	upx
behavioral1/files/0x00060000000174a6-154.dat	upx
behavioral1/files/0x000600000001746a-152.dat	upx
behavioral1/files/0x0006000000016eb8-138.dat	upx
behavioral1/files/0x000600000001757f-133.dat	upx
behavioral1/files/0x0006000000016db5-126.dat	upx
behavioral1/files/0x0006000000016d58-123.dat	upx
behavioral1/memory/2772-120-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x0006000000017488-116.dat	upx
behavioral1/memory/2572-108-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/files/0x0006000000017403-105.dat	upx
behavioral1/files/0x0007000000016210-103.dat	upx
behavioral1/memory/2820-102-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/files/0x00060000000173f3-94.dat	upx
behavioral1/files/0x0006000000017400-91.dat	upx
behavioral1/files/0x0006000000018c34-169.dat	upx
behavioral1/files/0x0005000000018697-157.dat	upx
behavioral1/files/0x0006000000016de4-55.dat	upx
behavioral1/files/0x0015000000018676-143.dat	upx
behavioral1/files/0x0006000000016da7-50.dat	upx
behavioral1/files/0x00090000000164db-49.dat	upx
behavioral1/memory/2856-46-0x000000013FE50000-0x00000001401A4000-memory.dmp	upx
behavioral1/files/0x000700000001613e-33.dat	upx
behavioral1/files/0x00060000000174c3-129.dat	upx
behavioral1/memory/2124-98-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2980-90-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/776-87-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2756-81-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2692-74-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0006000000016edb-73.dat	upx
behavioral1/files/0x0006000000016de8-72.dat	upx
behavioral1/files/0x0006000000016dd0-71.dat	upx
behavioral1/files/0x0007000000016009-61.dat	upx
behavioral1/files/0x0007000000015f96-21.dat	upx
behavioral1/memory/3032-20-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx
behavioral1/memory/2784-13-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/2692-3737-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2980-3739-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/776-3738-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2756-3741-0x000000013FFE0000-0x0000000140334000-memory.dmp	upx
behavioral1/memory/2820-3740-0x000000013F710000-0x000000013FA64000-memory.dmp	upx
behavioral1/memory/2124-3736-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2772-3735-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/memory/2784-3734-0x000000013F790000-0x000000013FAE4000-memory.dmp	upx
behavioral1/memory/3032-3766-0x000000013F9B0000-0x000000013FD04000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\pRGeNqt.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cwBpjIT.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mJeJrEI.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeVRXNs.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FEYrRGb.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XYNoTVf.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pSJIagR.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rzLasjz.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RehoOTS.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NyGNIyB.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JtigtJV.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FhiHBHl.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jVxQHTO.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YXTirrJ.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MGFoyHM.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EeLoLCw.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OWCDnTg.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iIXOfsA.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QIfBAMh.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AuZvrRE.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QhealUm.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yMwMcjB.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gjgJBPh.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hljfkes.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KOIDIIE.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTPgIIC.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nCOFzBz.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RBSjzVD.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OrtSNsR.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHbMiwe.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jznnqXo.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eHeKvwL.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPBcNFO.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rEecKqj.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PnURehE.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ABGtdzr.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XlAsCpf.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXmnZJb.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WKjkEGO.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uSkEIMe.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nzRZXEL.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cuuRRow.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RIbTfpG.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JiFlHKn.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tMqSQhJ.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AuBfkvP.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mCBJhHy.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mLSZtAH.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kKOPNgD.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hypoxhg.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IciwGWb.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GuVSOMZ.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vyDMhpH.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhXIrJh.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gBxswlR.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pREdVlE.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UfpibVF.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkrPFja.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TNahyVP.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKlURWD.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kyvrnBy.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PRjcTdY.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBFXRBw.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fgZLOxa.exe	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 2784	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2720 wrote to memory of 2784	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2720 wrote to memory of 2784	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2720 wrote to memory of 3032	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2720 wrote to memory of 3032	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2720 wrote to memory of 3032	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2720 wrote to memory of 2856	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2720 wrote to memory of 2856	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2720 wrote to memory of 2856	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2720 wrote to memory of 2756	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2720 wrote to memory of 2756	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2720 wrote to memory of 2756	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2720 wrote to memory of 2820	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2720 wrote to memory of 2820	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2720 wrote to memory of 2820	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2720 wrote to memory of 2736	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2720 wrote to memory of 2736	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2720 wrote to memory of 2736	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2720 wrote to memory of 2572	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2720 wrote to memory of 2572	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2720 wrote to memory of 2572	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2720 wrote to memory of 2600	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2720 wrote to memory of 2600	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2720 wrote to memory of 2600	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2720 wrote to memory of 2692	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2720 wrote to memory of 2692	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2720 wrote to memory of 2692	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2720 wrote to memory of 2416	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2720 wrote to memory of 2416	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2720 wrote to memory of 2416	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2720 wrote to memory of 776	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2720 wrote to memory of 776	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2720 wrote to memory of 776	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2720 wrote to memory of 2864	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2720 wrote to memory of 2864	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2720 wrote to memory of 2864	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2720 wrote to memory of 2980	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2720 wrote to memory of 2980	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2720 wrote to memory of 2980	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2720 wrote to memory of 2272	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2720 wrote to memory of 2272	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2720 wrote to memory of 2272	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2720 wrote to memory of 2124	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2720 wrote to memory of 2124	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2720 wrote to memory of 2124	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2720 wrote to memory of 2044	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2720 wrote to memory of 2044	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2720 wrote to memory of 2044	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2720 wrote to memory of 2772	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2720 wrote to memory of 2772	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2720 wrote to memory of 2772	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2720 wrote to memory of 2632	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2720 wrote to memory of 2632	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2720 wrote to memory of 2632	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2720 wrote to memory of 2952	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2720 wrote to memory of 2952	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2720 wrote to memory of 2952	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2720 wrote to memory of 2288	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2720 wrote to memory of 2288	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2720 wrote to memory of 2288	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2720 wrote to memory of 3000	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2720 wrote to memory of 3000	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2720 wrote to memory of 3000	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2720 wrote to memory of 2964	2720	2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-23_a27f12e24976f7f22c63baf70b0fb5e1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Windows\System\pQgQOUM.exe
  C:\Windows\System\pQgQOUM.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\vkXxkpZ.exe
  C:\Windows\System\vkXxkpZ.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\CfiUQme.exe
  C:\Windows\System\CfiUQme.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\BeVRXNs.exe
  C:\Windows\System\BeVRXNs.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\OFhHnVL.exe
  C:\Windows\System\OFhHnVL.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\qmoOvgP.exe
  C:\Windows\System\qmoOvgP.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\BAaHigU.exe
  C:\Windows\System\BAaHigU.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\vafkUsS.exe
  C:\Windows\System\vafkUsS.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\LclvAEX.exe
  C:\Windows\System\LclvAEX.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\hnMXOsY.exe
  C:\Windows\System\hnMXOsY.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\UfUkOyD.exe
  C:\Windows\System\UfUkOyD.exe
  2⤵
  - Executes dropped EXE
  PID:776
- C:\Windows\System\uDVxdCT.exe
  C:\Windows\System\uDVxdCT.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\veCrHGy.exe
  C:\Windows\System\veCrHGy.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\eivEIYL.exe
  C:\Windows\System\eivEIYL.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\SupKpMs.exe
  C:\Windows\System\SupKpMs.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\vKWsvGw.exe
  C:\Windows\System\vKWsvGw.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\TluXgJk.exe
  C:\Windows\System\TluXgJk.exe
  2⤵
  - Executes dropped EXE
  PID:2772
- C:\Windows\System\JhYAjAo.exe
  C:\Windows\System\JhYAjAo.exe
  2⤵
  - Executes dropped EXE
  PID:2632
- C:\Windows\System\QDKTjVT.exe
  C:\Windows\System\QDKTjVT.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\qESYRlE.exe
  C:\Windows\System\qESYRlE.exe
  2⤵
  - Executes dropped EXE
  PID:2288
- C:\Windows\System\ZUUryyT.exe
  C:\Windows\System\ZUUryyT.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\QijIiNj.exe
  C:\Windows\System\QijIiNj.exe
  2⤵
  - Executes dropped EXE
  PID:2964
- C:\Windows\System\dqnrvfi.exe
  C:\Windows\System\dqnrvfi.exe
  2⤵
  - Executes dropped EXE
  PID:788
- C:\Windows\System\enuwPHi.exe
  C:\Windows\System\enuwPHi.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\EaBELkz.exe
  C:\Windows\System\EaBELkz.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\UfVijUa.exe
  C:\Windows\System\UfVijUa.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\nLEqhlS.exe
  C:\Windows\System\nLEqhlS.exe
  2⤵
  - Executes dropped EXE
  PID:396
- C:\Windows\System\Hljfkes.exe
  C:\Windows\System\Hljfkes.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\IciwGWb.exe
  C:\Windows\System\IciwGWb.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\RZREgmF.exe
  C:\Windows\System\RZREgmF.exe
  2⤵
  - Executes dropped EXE
  PID:108
- C:\Windows\System\QJFGeqm.exe
  C:\Windows\System\QJFGeqm.exe
  2⤵
  - Executes dropped EXE
  PID:280
- C:\Windows\System\PYmbtOB.exe
  C:\Windows\System\PYmbtOB.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\PbmXwNc.exe
  C:\Windows\System\PbmXwNc.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\wKkzbZO.exe
  C:\Windows\System\wKkzbZO.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\fgAtRat.exe
  C:\Windows\System\fgAtRat.exe
  2⤵
  - Executes dropped EXE
  PID:1560
- C:\Windows\System\vNvgIvK.exe
  C:\Windows\System\vNvgIvK.exe
  2⤵
  - Executes dropped EXE
  PID:1728
- C:\Windows\System\GKiMjyK.exe
  C:\Windows\System\GKiMjyK.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\BuGOZJd.exe
  C:\Windows\System\BuGOZJd.exe
  2⤵
  - Executes dropped EXE
  PID:712
- C:\Windows\System\cJeVbpt.exe
  C:\Windows\System\cJeVbpt.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\gkVEPdK.exe
  C:\Windows\System\gkVEPdK.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\XJagyTm.exe
  C:\Windows\System\XJagyTm.exe
  2⤵
  - Executes dropped EXE
  PID:576
- C:\Windows\System\LvMIakl.exe
  C:\Windows\System\LvMIakl.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\AGdCbtY.exe
  C:\Windows\System\AGdCbtY.exe
  2⤵
  - Executes dropped EXE
  PID:696
- C:\Windows\System\kAjFxKl.exe
  C:\Windows\System\kAjFxKl.exe
  2⤵
  - Executes dropped EXE
  PID:2180
- C:\Windows\System\ZtViyuk.exe
  C:\Windows\System\ZtViyuk.exe
  2⤵
  - Executes dropped EXE
  PID:1288
- C:\Windows\System\ShokTIk.exe
  C:\Windows\System\ShokTIk.exe
  2⤵
  - Executes dropped EXE
  PID:1060
- C:\Windows\System\KDmlcZi.exe
  C:\Windows\System\KDmlcZi.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\gfdmPPC.exe
  C:\Windows\System\gfdmPPC.exe
  2⤵
  - Executes dropped EXE
  PID:2468
- C:\Windows\System\YNHWhfO.exe
  C:\Windows\System\YNHWhfO.exe
  2⤵
  - Executes dropped EXE
  PID:2464
- C:\Windows\System\aYCYzRu.exe
  C:\Windows\System\aYCYzRu.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\lmCXyCB.exe
  C:\Windows\System\lmCXyCB.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\bUEhGFJ.exe
  C:\Windows\System\bUEhGFJ.exe
  2⤵
  - Executes dropped EXE
  PID:2680
- C:\Windows\System\xsanXdn.exe
  C:\Windows\System\xsanXdn.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\NvEIMnM.exe
  C:\Windows\System\NvEIMnM.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\AmCAArt.exe
  C:\Windows\System\AmCAArt.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\uyCiDNb.exe
  C:\Windows\System\uyCiDNb.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\pILCsQD.exe
  C:\Windows\System\pILCsQD.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\csVGjea.exe
  C:\Windows\System\csVGjea.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\CjdDiKG.exe
  C:\Windows\System\CjdDiKG.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\inGXevB.exe
  C:\Windows\System\inGXevB.exe
  2⤵
  - Executes dropped EXE
  PID:3048
- C:\Windows\System\GXnRCfn.exe
  C:\Windows\System\GXnRCfn.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\AuZvrRE.exe
  C:\Windows\System\AuZvrRE.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\mCBJhHy.exe
  C:\Windows\System\mCBJhHy.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\rLdlGCk.exe
  C:\Windows\System\rLdlGCk.exe
  2⤵
  PID:2828
- C:\Windows\System\XxpbKlB.exe
  C:\Windows\System\XxpbKlB.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Windows\System\muxSBJi.exe
  C:\Windows\System\muxSBJi.exe
  2⤵
  PID:2240
- C:\Windows\System\staABUo.exe
  C:\Windows\System\staABUo.exe
  2⤵
  PID:1296
- C:\Windows\System\qPnkcHY.exe
  C:\Windows\System\qPnkcHY.exe
  2⤵
  PID:968
- C:\Windows\System\RRvpiIj.exe
  C:\Windows\System\RRvpiIj.exe
  2⤵
  PID:2176
- C:\Windows\System\ywmwhgp.exe
  C:\Windows\System\ywmwhgp.exe
  2⤵
  PID:1564
- C:\Windows\System\VSiwLqW.exe
  C:\Windows\System\VSiwLqW.exe
  2⤵
  PID:2328
- C:\Windows\System\qeerrjP.exe
  C:\Windows\System\qeerrjP.exe
  2⤵
  PID:1168
- C:\Windows\System\WNSEttK.exe
  C:\Windows\System\WNSEttK.exe
  2⤵
  PID:1540
- C:\Windows\System\OGlAusu.exe
  C:\Windows\System\OGlAusu.exe
  2⤵
  PID:2452
- C:\Windows\System\YftVbGn.exe
  C:\Windows\System\YftVbGn.exe
  2⤵
  PID:1448
- C:\Windows\System\reeEcai.exe
  C:\Windows\System\reeEcai.exe
  2⤵
  PID:2336
- C:\Windows\System\HTlSkWi.exe
  C:\Windows\System\HTlSkWi.exe
  2⤵
  PID:1340
- C:\Windows\System\uTEzofD.exe
  C:\Windows\System\uTEzofD.exe
  2⤵
  PID:2012
- C:\Windows\System\NLXnatT.exe
  C:\Windows\System\NLXnatT.exe
  2⤵
  PID:1576
- C:\Windows\System\CXRLXtp.exe
  C:\Windows\System\CXRLXtp.exe
  2⤵
  PID:2716
- C:\Windows\System\odrsZNr.exe
  C:\Windows\System\odrsZNr.exe
  2⤵
  PID:2356
- C:\Windows\System\hHrEIrF.exe
  C:\Windows\System\hHrEIrF.exe
  2⤵
  PID:2888
- C:\Windows\System\lqFTCFQ.exe
  C:\Windows\System\lqFTCFQ.exe
  2⤵
  PID:1768
- C:\Windows\System\rhFgSBk.exe
  C:\Windows\System\rhFgSBk.exe
  2⤵
  PID:2036
- C:\Windows\System\qXmrDgi.exe
  C:\Windows\System\qXmrDgi.exe
  2⤵
  PID:3088
- C:\Windows\System\HXNsRVH.exe
  C:\Windows\System\HXNsRVH.exe
  2⤵
  PID:3108
- C:\Windows\System\Zdkvvyi.exe
  C:\Windows\System\Zdkvvyi.exe
  2⤵
  PID:3124
- C:\Windows\System\ijKhySD.exe
  C:\Windows\System\ijKhySD.exe
  2⤵
  PID:3140
- C:\Windows\System\ffOQsue.exe
  C:\Windows\System\ffOQsue.exe
  2⤵
  PID:3160
- C:\Windows\System\kOcPABt.exe
  C:\Windows\System\kOcPABt.exe
  2⤵
  PID:3176
- C:\Windows\System\qnAPfCz.exe
  C:\Windows\System\qnAPfCz.exe
  2⤵
  PID:3196
- C:\Windows\System\kLMdWPZ.exe
  C:\Windows\System\kLMdWPZ.exe
  2⤵
  PID:3212
- C:\Windows\System\jEaNDmA.exe
  C:\Windows\System\jEaNDmA.exe
  2⤵
  PID:3228
- C:\Windows\System\hxSyKin.exe
  C:\Windows\System\hxSyKin.exe
  2⤵
  PID:3244
- C:\Windows\System\eJjdlei.exe
  C:\Windows\System\eJjdlei.exe
  2⤵
  PID:3268
- C:\Windows\System\fbtblgV.exe
  C:\Windows\System\fbtblgV.exe
  2⤵
  PID:3292
- C:\Windows\System\pUzIgrm.exe
  C:\Windows\System\pUzIgrm.exe
  2⤵
  PID:3312
- C:\Windows\System\cBHLRfR.exe
  C:\Windows\System\cBHLRfR.exe
  2⤵
  PID:3328
- C:\Windows\System\pTpkQiK.exe
  C:\Windows\System\pTpkQiK.exe
  2⤵
  PID:3352
- C:\Windows\System\ryOqGqn.exe
  C:\Windows\System\ryOqGqn.exe
  2⤵
  PID:3368
- C:\Windows\System\ktLTKsL.exe
  C:\Windows\System\ktLTKsL.exe
  2⤵
  PID:3392
- C:\Windows\System\xwxWoOV.exe
  C:\Windows\System\xwxWoOV.exe
  2⤵
  PID:3412
- C:\Windows\System\GFNiLhT.exe
  C:\Windows\System\GFNiLhT.exe
  2⤵
  PID:3456
- C:\Windows\System\sBhKpCd.exe
  C:\Windows\System\sBhKpCd.exe
  2⤵
  PID:3476
- C:\Windows\System\kElpnbZ.exe
  C:\Windows\System\kElpnbZ.exe
  2⤵
  PID:3500
- C:\Windows\System\zEXiWEQ.exe
  C:\Windows\System\zEXiWEQ.exe
  2⤵
  PID:3520
- C:\Windows\System\HpyBsVt.exe
  C:\Windows\System\HpyBsVt.exe
  2⤵
  PID:3540
- C:\Windows\System\TUmYbRS.exe
  C:\Windows\System\TUmYbRS.exe
  2⤵
  PID:3560
- C:\Windows\System\iXtkZMH.exe
  C:\Windows\System\iXtkZMH.exe
  2⤵
  PID:3580
- C:\Windows\System\oHvzlWD.exe
  C:\Windows\System\oHvzlWD.exe
  2⤵
  PID:3600
- C:\Windows\System\RgNYbua.exe
  C:\Windows\System\RgNYbua.exe
  2⤵
  PID:3620
- C:\Windows\System\aiLCIHz.exe
  C:\Windows\System\aiLCIHz.exe
  2⤵
  PID:3640
- C:\Windows\System\hFkJvIL.exe
  C:\Windows\System\hFkJvIL.exe
  2⤵
  PID:3660
- C:\Windows\System\HizHiel.exe
  C:\Windows\System\HizHiel.exe
  2⤵
  PID:3680
- C:\Windows\System\UGvLfEI.exe
  C:\Windows\System\UGvLfEI.exe
  2⤵
  PID:3700
- C:\Windows\System\QSILItC.exe
  C:\Windows\System\QSILItC.exe
  2⤵
  PID:3720
- C:\Windows\System\cdUkkuy.exe
  C:\Windows\System\cdUkkuy.exe
  2⤵
  PID:3740
- C:\Windows\System\sDavgkB.exe
  C:\Windows\System\sDavgkB.exe
  2⤵
  PID:3760
- C:\Windows\System\yKhVHAG.exe
  C:\Windows\System\yKhVHAG.exe
  2⤵
  PID:3780
- C:\Windows\System\UzTDgmn.exe
  C:\Windows\System\UzTDgmn.exe
  2⤵
  PID:3800
- C:\Windows\System\yfyiPBZ.exe
  C:\Windows\System\yfyiPBZ.exe
  2⤵
  PID:3820
- C:\Windows\System\zGbYAXL.exe
  C:\Windows\System\zGbYAXL.exe
  2⤵
  PID:3840
- C:\Windows\System\vqdNYHU.exe
  C:\Windows\System\vqdNYHU.exe
  2⤵
  PID:3860
- C:\Windows\System\BGRBLyO.exe
  C:\Windows\System\BGRBLyO.exe
  2⤵
  PID:3880
- C:\Windows\System\FENxNlm.exe
  C:\Windows\System\FENxNlm.exe
  2⤵
  PID:3900
- C:\Windows\System\flNtkhO.exe
  C:\Windows\System\flNtkhO.exe
  2⤵
  PID:3920
- C:\Windows\System\wynSqgE.exe
  C:\Windows\System\wynSqgE.exe
  2⤵
  PID:3940
- C:\Windows\System\SQQGihM.exe
  C:\Windows\System\SQQGihM.exe
  2⤵
  PID:3960
- C:\Windows\System\ZqoHvUh.exe
  C:\Windows\System\ZqoHvUh.exe
  2⤵
  PID:3980
- C:\Windows\System\KOFKFUr.exe
  C:\Windows\System\KOFKFUr.exe
  2⤵
  PID:4000
- C:\Windows\System\UMdefSI.exe
  C:\Windows\System\UMdefSI.exe
  2⤵
  PID:4020
- C:\Windows\System\aLCswPn.exe
  C:\Windows\System\aLCswPn.exe
  2⤵
  PID:4040
- C:\Windows\System\PGDecvM.exe
  C:\Windows\System\PGDecvM.exe
  2⤵
  PID:4060
- C:\Windows\System\KNeykGe.exe
  C:\Windows\System\KNeykGe.exe
  2⤵
  PID:4080
- C:\Windows\System\hJoZXOM.exe
  C:\Windows\System\hJoZXOM.exe
  2⤵
  PID:1244
- C:\Windows\System\EgXYDOd.exe
  C:\Windows\System\EgXYDOd.exe
  2⤵
  PID:1036
- C:\Windows\System\RCrddVx.exe
  C:\Windows\System\RCrddVx.exe
  2⤵
  PID:1988
- C:\Windows\System\VOMUWwO.exe
  C:\Windows\System\VOMUWwO.exe
  2⤵
  PID:960
- C:\Windows\System\xouJwqQ.exe
  C:\Windows\System\xouJwqQ.exe
  2⤵
  PID:1160
- C:\Windows\System\APEkZpT.exe
  C:\Windows\System\APEkZpT.exe
  2⤵
  PID:2344
- C:\Windows\System\iZfHNZE.exe
  C:\Windows\System\iZfHNZE.exe
  2⤵
  PID:2348
- C:\Windows\System\yXmWppy.exe
  C:\Windows\System\yXmWppy.exe
  2⤵
  PID:2844
- C:\Windows\System\homsvHY.exe
  C:\Windows\System\homsvHY.exe
  2⤵
  PID:2708
- C:\Windows\System\PFSEwJy.exe
  C:\Windows\System\PFSEwJy.exe
  2⤵
  PID:876
- C:\Windows\System\xFkGMQB.exe
  C:\Windows\System\xFkGMQB.exe
  2⤵
  PID:1772
- C:\Windows\System\ruySxyz.exe
  C:\Windows\System\ruySxyz.exe
  2⤵
  PID:2776
- C:\Windows\System\heUamkq.exe
  C:\Windows\System\heUamkq.exe
  2⤵
  PID:1336
- C:\Windows\System\pOesIiP.exe
  C:\Windows\System\pOesIiP.exe
  2⤵
  PID:3136
- C:\Windows\System\UyMdJpL.exe
  C:\Windows\System\UyMdJpL.exe
  2⤵
  PID:3204
- C:\Windows\System\qHAxCbC.exe
  C:\Windows\System\qHAxCbC.exe
  2⤵
  PID:620
- C:\Windows\System\FjaoRmG.exe
  C:\Windows\System\FjaoRmG.exe
  2⤵
  PID:1512
- C:\Windows\System\pdxJSRW.exe
  C:\Windows\System\pdxJSRW.exe
  2⤵
  PID:2092
- C:\Windows\System\OIoZahv.exe
  C:\Windows\System\OIoZahv.exe
  2⤵
  PID:3288
- C:\Windows\System\hHiaame.exe
  C:\Windows\System\hHiaame.exe
  2⤵
  PID:1624
- C:\Windows\System\aNgahDh.exe
  C:\Windows\System\aNgahDh.exe
  2⤵
  PID:3360
- C:\Windows\System\JtigtJV.exe
  C:\Windows\System\JtigtJV.exe
  2⤵
  PID:3152
- C:\Windows\System\DtSBURO.exe
  C:\Windows\System\DtSBURO.exe
  2⤵
  PID:3260
- C:\Windows\System\RqQtiMx.exe
  C:\Windows\System\RqQtiMx.exe
  2⤵
  PID:3348
- C:\Windows\System\AtJhXwu.exe
  C:\Windows\System\AtJhXwu.exe
  2⤵
  PID:3188
- C:\Windows\System\MDLWxfq.exe
  C:\Windows\System\MDLWxfq.exe
  2⤵
  PID:3256
- C:\Windows\System\DBKWSrQ.exe
  C:\Windows\System\DBKWSrQ.exe
  2⤵
  PID:3420
- C:\Windows\System\pBVSAwt.exe
  C:\Windows\System\pBVSAwt.exe
  2⤵
  PID:3440
- C:\Windows\System\aXpOElp.exe
  C:\Windows\System\aXpOElp.exe
  2⤵
  PID:3452
- C:\Windows\System\syFMefI.exe
  C:\Windows\System\syFMefI.exe
  2⤵
  PID:3496
- C:\Windows\System\RFDRRPk.exe
  C:\Windows\System\RFDRRPk.exe
  2⤵
  PID:3556
- C:\Windows\System\ptpnJFo.exe
  C:\Windows\System\ptpnJFo.exe
  2⤵
  PID:3588
- C:\Windows\System\MtlkKAs.exe
  C:\Windows\System\MtlkKAs.exe
  2⤵
  PID:3608
- C:\Windows\System\GwoCODm.exe
  C:\Windows\System\GwoCODm.exe
  2⤵
  PID:3632
- C:\Windows\System\SXdPtZr.exe
  C:\Windows\System\SXdPtZr.exe
  2⤵
  PID:3652
- C:\Windows\System\xTaDzwY.exe
  C:\Windows\System\xTaDzwY.exe
  2⤵
  PID:3696
- C:\Windows\System\QhealUm.exe
  C:\Windows\System\QhealUm.exe
  2⤵
  PID:3756
- C:\Windows\System\qkXoTab.exe
  C:\Windows\System\qkXoTab.exe
  2⤵
  PID:3796
- C:\Windows\System\GKBUYWf.exe
  C:\Windows\System\GKBUYWf.exe
  2⤵
  PID:3808
- C:\Windows\System\DmAjKLy.exe
  C:\Windows\System\DmAjKLy.exe
  2⤵
  PID:3832
- C:\Windows\System\YEcEkZO.exe
  C:\Windows\System\YEcEkZO.exe
  2⤵
  PID:3852
- C:\Windows\System\ujEcRGJ.exe
  C:\Windows\System\ujEcRGJ.exe
  2⤵
  PID:3896
- C:\Windows\System\WUaWjPK.exe
  C:\Windows\System\WUaWjPK.exe
  2⤵
  PID:3956
- C:\Windows\System\eybUpXy.exe
  C:\Windows\System\eybUpXy.exe
  2⤵
  PID:3988
- C:\Windows\System\ALPFtlF.exe
  C:\Windows\System\ALPFtlF.exe
  2⤵
  PID:4008
- C:\Windows\System\aTdpYsD.exe
  C:\Windows\System\aTdpYsD.exe
  2⤵
  PID:4032
- C:\Windows\System\xDVkGwj.exe
  C:\Windows\System\xDVkGwj.exe
  2⤵
  PID:4072
- C:\Windows\System\HLiyTuW.exe
  C:\Windows\System\HLiyTuW.exe
  2⤵
  PID:4092
- C:\Windows\System\cSOuMLJ.exe
  C:\Windows\System\cSOuMLJ.exe
  2⤵
  PID:320
- C:\Windows\System\XFAGmfc.exe
  C:\Windows\System\XFAGmfc.exe
  2⤵
  PID:1964
- C:\Windows\System\AybzozS.exe
  C:\Windows\System\AybzozS.exe
  2⤵
  PID:540
- C:\Windows\System\MRRlSro.exe
  C:\Windows\System\MRRlSro.exe
  2⤵
  PID:1456
- C:\Windows\System\iulCufv.exe
  C:\Windows\System\iulCufv.exe
  2⤵
  PID:1812
- C:\Windows\System\kOuQpUW.exe
  C:\Windows\System\kOuQpUW.exe
  2⤵
  PID:2244
- C:\Windows\System\XzusEvf.exe
  C:\Windows\System\XzusEvf.exe
  2⤵
  PID:1548
- C:\Windows\System\lnusvpX.exe
  C:\Windows\System\lnusvpX.exe
  2⤵
  PID:3172
- C:\Windows\System\LdqYNOt.exe
  C:\Windows\System\LdqYNOt.exe
  2⤵
  PID:2860
- C:\Windows\System\ifeCyXW.exe
  C:\Windows\System\ifeCyXW.exe
  2⤵
  PID:3276
- C:\Windows\System\neDTqkY.exe
  C:\Windows\System\neDTqkY.exe
  2⤵
  PID:2324
- C:\Windows\System\FHFIebC.exe
  C:\Windows\System\FHFIebC.exe
  2⤵
  PID:3084
- C:\Windows\System\FhiHBHl.exe
  C:\Windows\System\FhiHBHl.exe
  2⤵
  PID:3156
- C:\Windows\System\LGHxxFK.exe
  C:\Windows\System\LGHxxFK.exe
  2⤵
  PID:3388
- C:\Windows\System\fhfpndL.exe
  C:\Windows\System\fhfpndL.exe
  2⤵
  PID:3224
- C:\Windows\System\iSTdKKf.exe
  C:\Windows\System\iSTdKKf.exe
  2⤵
  PID:3436
- C:\Windows\System\NHrHhPM.exe
  C:\Windows\System\NHrHhPM.exe
  2⤵
  PID:3516
- C:\Windows\System\LIkYqZo.exe
  C:\Windows\System\LIkYqZo.exe
  2⤵
  PID:3532
- C:\Windows\System\xjKzPtn.exe
  C:\Windows\System\xjKzPtn.exe
  2⤵
  PID:3596
- C:\Windows\System\qoaqbfr.exe
  C:\Windows\System\qoaqbfr.exe
  2⤵
  PID:3688
- C:\Windows\System\dHuwNVe.exe
  C:\Windows\System\dHuwNVe.exe
  2⤵
  PID:3656
- C:\Windows\System\SFvwUQf.exe
  C:\Windows\System\SFvwUQf.exe
  2⤵
  PID:3748
- C:\Windows\System\PZIfGNe.exe
  C:\Windows\System\PZIfGNe.exe
  2⤵
  PID:3776
- C:\Windows\System\vjRaocY.exe
  C:\Windows\System\vjRaocY.exe
  2⤵
  PID:3916
- C:\Windows\System\ggyqVbp.exe
  C:\Windows\System\ggyqVbp.exe
  2⤵
  PID:3912
- C:\Windows\System\bAXzlAZ.exe
  C:\Windows\System\bAXzlAZ.exe
  2⤵
  PID:4036
- C:\Windows\System\mczZxza.exe
  C:\Windows\System\mczZxza.exe
  2⤵
  PID:4088
- C:\Windows\System\nyHPude.exe
  C:\Windows\System\nyHPude.exe
  2⤵
  PID:2988
- C:\Windows\System\qRWQSzp.exe
  C:\Windows\System\qRWQSzp.exe
  2⤵
  PID:332
- C:\Windows\System\fjHBdxV.exe
  C:\Windows\System\fjHBdxV.exe
  2⤵
  PID:568
- C:\Windows\System\ckEabyo.exe
  C:\Windows\System\ckEabyo.exe
  2⤵
  PID:2644
- C:\Windows\System\dLsqKmU.exe
  C:\Windows\System\dLsqKmU.exe
  2⤵
  PID:864
- C:\Windows\System\BZBNNwC.exe
  C:\Windows\System\BZBNNwC.exe
  2⤵
  PID:2056
- C:\Windows\System\WcwcRkR.exe
  C:\Windows\System\WcwcRkR.exe
  2⤵
  PID:1704
- C:\Windows\System\mBrSGiA.exe
  C:\Windows\System\mBrSGiA.exe
  2⤵
  PID:2220
- C:\Windows\System\tlLEIHY.exe
  C:\Windows\System\tlLEIHY.exe
  2⤵
  PID:3192
- C:\Windows\System\cUHNvLp.exe
  C:\Windows\System\cUHNvLp.exe
  2⤵
  PID:3220
- C:\Windows\System\qKinLxc.exe
  C:\Windows\System\qKinLxc.exe
  2⤵
  PID:3472
- C:\Windows\System\dsxHtpJ.exe
  C:\Windows\System\dsxHtpJ.exe
  2⤵
  PID:3612
- C:\Windows\System\uSkEIMe.exe
  C:\Windows\System\uSkEIMe.exe
  2⤵
  PID:3552
- C:\Windows\System\nIoBzLx.exe
  C:\Windows\System\nIoBzLx.exe
  2⤵
  PID:3752
- C:\Windows\System\IhwDBEA.exe
  C:\Windows\System\IhwDBEA.exe
  2⤵
  PID:3772
- C:\Windows\System\FlKJvcN.exe
  C:\Windows\System\FlKJvcN.exe
  2⤵
  PID:3948
- C:\Windows\System\ZPKHTJa.exe
  C:\Windows\System\ZPKHTJa.exe
  2⤵
  PID:4076
- C:\Windows\System\RllakUk.exe
  C:\Windows\System\RllakUk.exe
  2⤵
  PID:4112
- C:\Windows\System\ApOLQGg.exe
  C:\Windows\System\ApOLQGg.exe
  2⤵
  PID:4136
- C:\Windows\System\gLfqssn.exe
  C:\Windows\System\gLfqssn.exe
  2⤵
  PID:4152
- C:\Windows\System\iafxIpS.exe
  C:\Windows\System\iafxIpS.exe
  2⤵
  PID:4176
- C:\Windows\System\HtmfbIo.exe
  C:\Windows\System\HtmfbIo.exe
  2⤵
  PID:4192
- C:\Windows\System\ukWykok.exe
  C:\Windows\System\ukWykok.exe
  2⤵
  PID:4212
- C:\Windows\System\TWeamxV.exe
  C:\Windows\System\TWeamxV.exe
  2⤵
  PID:4236
- C:\Windows\System\xXcXLHV.exe
  C:\Windows\System\xXcXLHV.exe
  2⤵
  PID:4256
- C:\Windows\System\zqCWCYh.exe
  C:\Windows\System\zqCWCYh.exe
  2⤵
  PID:4276
- C:\Windows\System\yHloVwX.exe
  C:\Windows\System\yHloVwX.exe
  2⤵
  PID:4296
- C:\Windows\System\MSvnTTB.exe
  C:\Windows\System\MSvnTTB.exe
  2⤵
  PID:4312
- C:\Windows\System\xwlzolw.exe
  C:\Windows\System\xwlzolw.exe
  2⤵
  PID:4332
- C:\Windows\System\gUNccaE.exe
  C:\Windows\System\gUNccaE.exe
  2⤵
  PID:4352
- C:\Windows\System\QRYxOhw.exe
  C:\Windows\System\QRYxOhw.exe
  2⤵
  PID:4372
- C:\Windows\System\PYVrtEF.exe
  C:\Windows\System\PYVrtEF.exe
  2⤵
  PID:4392
- C:\Windows\System\HrapYkT.exe
  C:\Windows\System\HrapYkT.exe
  2⤵
  PID:4416
- C:\Windows\System\aKPCfaK.exe
  C:\Windows\System\aKPCfaK.exe
  2⤵
  PID:4436
- C:\Windows\System\PvjEBjS.exe
  C:\Windows\System\PvjEBjS.exe
  2⤵
  PID:4456
- C:\Windows\System\RDhmIkW.exe
  C:\Windows\System\RDhmIkW.exe
  2⤵
  PID:4476
- C:\Windows\System\HrOFTOS.exe
  C:\Windows\System\HrOFTOS.exe
  2⤵
  PID:4496
- C:\Windows\System\KOIDIIE.exe
  C:\Windows\System\KOIDIIE.exe
  2⤵
  PID:4516
- C:\Windows\System\ZtAInga.exe
  C:\Windows\System\ZtAInga.exe
  2⤵
  PID:4532
- C:\Windows\System\twFVEri.exe
  C:\Windows\System\twFVEri.exe
  2⤵
  PID:4556
- C:\Windows\System\OuuQXwf.exe
  C:\Windows\System\OuuQXwf.exe
  2⤵
  PID:4576
- C:\Windows\System\oMzCcfz.exe
  C:\Windows\System\oMzCcfz.exe
  2⤵
  PID:4592
- C:\Windows\System\YVAkaWF.exe
  C:\Windows\System\YVAkaWF.exe
  2⤵
  PID:4616
- C:\Windows\System\yXKefkM.exe
  C:\Windows\System\yXKefkM.exe
  2⤵
  PID:4636
- C:\Windows\System\klEEUEs.exe
  C:\Windows\System\klEEUEs.exe
  2⤵
  PID:4656
- C:\Windows\System\hQpvVOV.exe
  C:\Windows\System\hQpvVOV.exe
  2⤵
  PID:4672
- C:\Windows\System\lYntWoo.exe
  C:\Windows\System\lYntWoo.exe
  2⤵
  PID:4688
- C:\Windows\System\NmMQgKP.exe
  C:\Windows\System\NmMQgKP.exe
  2⤵
  PID:4704
- C:\Windows\System\aOQprtq.exe
  C:\Windows\System\aOQprtq.exe
  2⤵
  PID:4720
- C:\Windows\System\FXTSCoj.exe
  C:\Windows\System\FXTSCoj.exe
  2⤵
  PID:4756
- C:\Windows\System\wuAWoEL.exe
  C:\Windows\System\wuAWoEL.exe
  2⤵
  PID:4772
- C:\Windows\System\tKybOyq.exe
  C:\Windows\System\tKybOyq.exe
  2⤵
  PID:4792
- C:\Windows\System\THhNWne.exe
  C:\Windows\System\THhNWne.exe
  2⤵
  PID:4816
- C:\Windows\System\lUrWxSv.exe
  C:\Windows\System\lUrWxSv.exe
  2⤵
  PID:4836
- C:\Windows\System\olDnmXZ.exe
  C:\Windows\System\olDnmXZ.exe
  2⤵
  PID:4852
- C:\Windows\System\ErSqfow.exe
  C:\Windows\System\ErSqfow.exe
  2⤵
  PID:4876
- C:\Windows\System\uvYDULZ.exe
  C:\Windows\System\uvYDULZ.exe
  2⤵
  PID:4892
- C:\Windows\System\rHVdmEO.exe
  C:\Windows\System\rHVdmEO.exe
  2⤵
  PID:4916
- C:\Windows\System\PaLwqln.exe
  C:\Windows\System\PaLwqln.exe
  2⤵
  PID:4944
- C:\Windows\System\CyYBYwa.exe
  C:\Windows\System\CyYBYwa.exe
  2⤵
  PID:4960
- C:\Windows\System\HThXadV.exe
  C:\Windows\System\HThXadV.exe
  2⤵
  PID:4984
- C:\Windows\System\ksMJlRN.exe
  C:\Windows\System\ksMJlRN.exe
  2⤵
  PID:5004
- C:\Windows\System\gRHBCiE.exe
  C:\Windows\System\gRHBCiE.exe
  2⤵
  PID:5024
- C:\Windows\System\bbbEUVK.exe
  C:\Windows\System\bbbEUVK.exe
  2⤵
  PID:5044
- C:\Windows\System\SlESXcy.exe
  C:\Windows\System\SlESXcy.exe
  2⤵
  PID:5064
- C:\Windows\System\ydqoSyN.exe
  C:\Windows\System\ydqoSyN.exe
  2⤵
  PID:5084
- C:\Windows\System\EXCzEWO.exe
  C:\Windows\System\EXCzEWO.exe
  2⤵
  PID:5104
- C:\Windows\System\zPQRtvT.exe
  C:\Windows\System\zPQRtvT.exe
  2⤵
  PID:3992
- C:\Windows\System\siBETuu.exe
  C:\Windows\System\siBETuu.exe
  2⤵
  PID:408
- C:\Windows\System\OalnnbM.exe
  C:\Windows\System\OalnnbM.exe
  2⤵
  PID:2096
- C:\Windows\System\tcphRuK.exe
  C:\Windows\System\tcphRuK.exe
  2⤵
  PID:3132
- C:\Windows\System\xVLkFZQ.exe
  C:\Windows\System\xVLkFZQ.exe
  2⤵
  PID:1748
- C:\Windows\System\DtERBvf.exe
  C:\Windows\System\DtERBvf.exe
  2⤵
  PID:3304
- C:\Windows\System\pZBpZvV.exe
  C:\Windows\System\pZBpZvV.exe
  2⤵
  PID:3340
- C:\Windows\System\cbKPTbj.exe
  C:\Windows\System\cbKPTbj.exe
  2⤵
  PID:3488
- C:\Windows\System\qNOFGfB.exe
  C:\Windows\System\qNOFGfB.exe
  2⤵
  PID:3888
- C:\Windows\System\yBUYcdS.exe
  C:\Windows\System\yBUYcdS.exe
  2⤵
  PID:3868
- C:\Windows\System\pSxKJky.exe
  C:\Windows\System\pSxKJky.exe
  2⤵
  PID:4120
- C:\Windows\System\Opxjxib.exe
  C:\Windows\System\Opxjxib.exe
  2⤵
  PID:4160
- C:\Windows\System\TlLwpvd.exe
  C:\Windows\System\TlLwpvd.exe
  2⤵
  PID:4172
- C:\Windows\System\jPnMKNV.exe
  C:\Windows\System\jPnMKNV.exe
  2⤵
  PID:4204
- C:\Windows\System\SUfJAXp.exe
  C:\Windows\System\SUfJAXp.exe
  2⤵
  PID:4248
- C:\Windows\System\FEYrRGb.exe
  C:\Windows\System\FEYrRGb.exe
  2⤵
  PID:4264
- C:\Windows\System\JiFlHKn.exe
  C:\Windows\System\JiFlHKn.exe
  2⤵
  PID:4288
- C:\Windows\System\ymZflUP.exe
  C:\Windows\System\ymZflUP.exe
  2⤵
  PID:4364
- C:\Windows\System\xklCief.exe
  C:\Windows\System\xklCief.exe
  2⤵
  PID:4344
- C:\Windows\System\RWHvRYL.exe
  C:\Windows\System\RWHvRYL.exe
  2⤵
  PID:4408
- C:\Windows\System\UkJdZyh.exe
  C:\Windows\System\UkJdZyh.exe
  2⤵
  PID:4424
- C:\Windows\System\oGNlUmg.exe
  C:\Windows\System\oGNlUmg.exe
  2⤵
  PID:4484
- C:\Windows\System\EeFscOp.exe
  C:\Windows\System\EeFscOp.exe
  2⤵
  PID:4528
- C:\Windows\System\JGgBSsT.exe
  C:\Windows\System\JGgBSsT.exe
  2⤵
  PID:4540
- C:\Windows\System\YZxBbfv.exe
  C:\Windows\System\YZxBbfv.exe
  2⤵
  PID:4608
- C:\Windows\System\oFoMBgo.exe
  C:\Windows\System\oFoMBgo.exe
  2⤵
  PID:4588
- C:\Windows\System\gXXZdQq.exe
  C:\Windows\System\gXXZdQq.exe
  2⤵
  PID:4628
- C:\Windows\System\txfVrDZ.exe
  C:\Windows\System\txfVrDZ.exe
  2⤵
  PID:4684
- C:\Windows\System\MKlURWD.exe
  C:\Windows\System\MKlURWD.exe
  2⤵
  PID:4768
- C:\Windows\System\nqgzTci.exe
  C:\Windows\System\nqgzTci.exe
  2⤵
  PID:4668
- C:\Windows\System\vPRqZnd.exe
  C:\Windows\System\vPRqZnd.exe
  2⤵
  PID:4748
- C:\Windows\System\lbukFpV.exe
  C:\Windows\System\lbukFpV.exe
  2⤵
  PID:4804
- C:\Windows\System\qlYLidZ.exe
  C:\Windows\System\qlYLidZ.exe
  2⤵
  PID:4844
- C:\Windows\System\CCESyvt.exe
  C:\Windows\System\CCESyvt.exe
  2⤵
  PID:4888
- C:\Windows\System\RdaiVyG.exe
  C:\Windows\System\RdaiVyG.exe
  2⤵
  PID:4904
- C:\Windows\System\tejshsV.exe
  C:\Windows\System\tejshsV.exe
  2⤵
  PID:4936
- C:\Windows\System\bOTDhdd.exe
  C:\Windows\System\bOTDhdd.exe
  2⤵
  PID:4980
- C:\Windows\System\fdhuFwW.exe
  C:\Windows\System\fdhuFwW.exe
  2⤵
  PID:5012
- C:\Windows\System\PoYMinA.exe
  C:\Windows\System\PoYMinA.exe
  2⤵
  PID:5036
- C:\Windows\System\XsXctzu.exe
  C:\Windows\System\XsXctzu.exe
  2⤵
  PID:5072
- C:\Windows\System\cEZbHEr.exe
  C:\Windows\System\cEZbHEr.exe
  2⤵
  PID:5112
- C:\Windows\System\CbrMnEH.exe
  C:\Windows\System\CbrMnEH.exe
  2⤵
  PID:2384
- C:\Windows\System\sqDaQox.exe
  C:\Windows\System\sqDaQox.exe
  2⤵
  PID:2968
- C:\Windows\System\OLHiGOs.exe
  C:\Windows\System\OLHiGOs.exe
  2⤵
  PID:3240
- C:\Windows\System\bepijyI.exe
  C:\Windows\System\bepijyI.exe
  2⤵
  PID:3336
- C:\Windows\System\xKiYckD.exe
  C:\Windows\System\xKiYckD.exe
  2⤵
  PID:3708
- C:\Windows\System\IzYFYYG.exe
  C:\Windows\System\IzYFYYG.exe
  2⤵
  PID:4168
- C:\Windows\System\UBLcitI.exe
  C:\Windows\System\UBLcitI.exe
  2⤵
  PID:3968
- C:\Windows\System\dcQUNsL.exe
  C:\Windows\System\dcQUNsL.exe
  2⤵
  PID:4148
- C:\Windows\System\DDUuxux.exe
  C:\Windows\System\DDUuxux.exe
  2⤵
  PID:4232
- C:\Windows\System\KhkaPDK.exe
  C:\Windows\System\KhkaPDK.exe
  2⤵
  PID:4328
- C:\Windows\System\AYWwGpi.exe
  C:\Windows\System\AYWwGpi.exe
  2⤵
  PID:4452
- C:\Windows\System\onPWNoM.exe
  C:\Windows\System\onPWNoM.exe
  2⤵
  PID:4340
- C:\Windows\System\HwcKdGT.exe
  C:\Windows\System\HwcKdGT.exe
  2⤵
  PID:4388
- C:\Windows\System\vpcBLvy.exe
  C:\Windows\System\vpcBLvy.exe
  2⤵
  PID:4524
- C:\Windows\System\pzdSdcm.exe
  C:\Windows\System\pzdSdcm.exe
  2⤵
  PID:4544
- C:\Windows\System\nVbedKn.exe
  C:\Windows\System\nVbedKn.exe
  2⤵
  PID:4644
- C:\Windows\System\kyvQWnF.exe
  C:\Windows\System\kyvQWnF.exe
  2⤵
  PID:4764
- C:\Windows\System\fTWEUkN.exe
  C:\Windows\System\fTWEUkN.exe
  2⤵
  PID:4784
- C:\Windows\System\HMKKjMR.exe
  C:\Windows\System\HMKKjMR.exe
  2⤵
  PID:4808
- C:\Windows\System\JJIDRsK.exe
  C:\Windows\System\JJIDRsK.exe
  2⤵
  PID:4884
- C:\Windows\System\itQIUWw.exe
  C:\Windows\System\itQIUWw.exe
  2⤵
  PID:4940
- C:\Windows\System\nKmXydu.exe
  C:\Windows\System\nKmXydu.exe
  2⤵
  PID:4996
- C:\Windows\System\mLSZtAH.exe
  C:\Windows\System\mLSZtAH.exe
  2⤵
  PID:5092
- C:\Windows\System\zTzrfTD.exe
  C:\Windows\System\zTzrfTD.exe
  2⤵
  PID:5076
- C:\Windows\System\kyvrnBy.exe
  C:\Windows\System\kyvrnBy.exe
  2⤵
  PID:3972
- C:\Windows\System\afLOcMp.exe
  C:\Windows\System\afLOcMp.exe
  2⤵
  PID:2768
- C:\Windows\System\erKhFYo.exe
  C:\Windows\System\erKhFYo.exe
  2⤵
  PID:3324
- C:\Windows\System\xxxfBmb.exe
  C:\Windows\System\xxxfBmb.exe
  2⤵
  PID:3548
- C:\Windows\System\faXULiY.exe
  C:\Windows\System\faXULiY.exe
  2⤵
  PID:4200
- C:\Windows\System\LDWJfXX.exe
  C:\Windows\System\LDWJfXX.exe
  2⤵
  PID:4224
- C:\Windows\System\FQQHRiE.exe
  C:\Windows\System\FQQHRiE.exe
  2⤵
  PID:4380
- C:\Windows\System\tEHkoWK.exe
  C:\Windows\System\tEHkoWK.exe
  2⤵
  PID:4292
- C:\Windows\System\zJisuAp.exe
  C:\Windows\System\zJisuAp.exe
  2⤵
  PID:4504
- C:\Windows\System\MxXjtef.exe
  C:\Windows\System\MxXjtef.exe
  2⤵
  PID:4572
- C:\Windows\System\KipBlHj.exe
  C:\Windows\System\KipBlHj.exe
  2⤵
  PID:4648
- C:\Windows\System\tEpkSrw.exe
  C:\Windows\System\tEpkSrw.exe
  2⤵
  PID:4740
- C:\Windows\System\TEimFVE.exe
  C:\Windows\System\TEimFVE.exe
  2⤵
  PID:4868
- C:\Windows\System\pBFeQVm.exe
  C:\Windows\System\pBFeQVm.exe
  2⤵
  PID:2588
- C:\Windows\System\KHLznnF.exe
  C:\Windows\System\KHLznnF.exe
  2⤵
  PID:5060
- C:\Windows\System\QTzTGbY.exe
  C:\Windows\System\QTzTGbY.exe
  2⤵
  PID:5100
- C:\Windows\System\fCZdMbL.exe
  C:\Windows\System\fCZdMbL.exe
  2⤵
  PID:5132
- C:\Windows\System\kHgyfmt.exe
  C:\Windows\System\kHgyfmt.exe
  2⤵
  PID:5152
- C:\Windows\System\tCEIrwH.exe
  C:\Windows\System\tCEIrwH.exe
  2⤵
  PID:5172
- C:\Windows\System\OJUZTBR.exe
  C:\Windows\System\OJUZTBR.exe
  2⤵
  PID:5192
- C:\Windows\System\sJtaRJf.exe
  C:\Windows\System\sJtaRJf.exe
  2⤵
  PID:5212
- C:\Windows\System\zvONlRy.exe
  C:\Windows\System\zvONlRy.exe
  2⤵
  PID:5232
- C:\Windows\System\NwnbgeB.exe
  C:\Windows\System\NwnbgeB.exe
  2⤵
  PID:5252
- C:\Windows\System\mNexmsv.exe
  C:\Windows\System\mNexmsv.exe
  2⤵
  PID:5272
- C:\Windows\System\DSoKAmI.exe
  C:\Windows\System\DSoKAmI.exe
  2⤵
  PID:5292
- C:\Windows\System\bLavlAK.exe
  C:\Windows\System\bLavlAK.exe
  2⤵
  PID:5312
- C:\Windows\System\gPKLQdG.exe
  C:\Windows\System\gPKLQdG.exe
  2⤵
  PID:5332
- C:\Windows\System\NlHejSv.exe
  C:\Windows\System\NlHejSv.exe
  2⤵
  PID:5352
- C:\Windows\System\gLiNSAa.exe
  C:\Windows\System\gLiNSAa.exe
  2⤵
  PID:5372
- C:\Windows\System\uZGkrjh.exe
  C:\Windows\System\uZGkrjh.exe
  2⤵
  PID:5392
- C:\Windows\System\HzyNLoD.exe
  C:\Windows\System\HzyNLoD.exe
  2⤵
  PID:5412
- C:\Windows\System\qgLeYZN.exe
  C:\Windows\System\qgLeYZN.exe
  2⤵
  PID:5432
- C:\Windows\System\SJXXzfb.exe
  C:\Windows\System\SJXXzfb.exe
  2⤵
  PID:5452
- C:\Windows\System\PQaxYSS.exe
  C:\Windows\System\PQaxYSS.exe
  2⤵
  PID:5472
- C:\Windows\System\jVxQHTO.exe
  C:\Windows\System\jVxQHTO.exe
  2⤵
  PID:5492
- C:\Windows\System\EQPOxcw.exe
  C:\Windows\System\EQPOxcw.exe
  2⤵
  PID:5512
- C:\Windows\System\HVgPrbX.exe
  C:\Windows\System\HVgPrbX.exe
  2⤵
  PID:5532
- C:\Windows\System\hJpMYCu.exe
  C:\Windows\System\hJpMYCu.exe
  2⤵
  PID:5552
- C:\Windows\System\HWklKNQ.exe
  C:\Windows\System\HWklKNQ.exe
  2⤵
  PID:5572
- C:\Windows\System\sssqOcr.exe
  C:\Windows\System\sssqOcr.exe
  2⤵
  PID:5592
- C:\Windows\System\dkfFdVK.exe
  C:\Windows\System\dkfFdVK.exe
  2⤵
  PID:5612
- C:\Windows\System\jVpSRLH.exe
  C:\Windows\System\jVpSRLH.exe
  2⤵
  PID:5632
- C:\Windows\System\pjyuyGs.exe
  C:\Windows\System\pjyuyGs.exe
  2⤵
  PID:5652
- C:\Windows\System\mpActXt.exe
  C:\Windows\System\mpActXt.exe
  2⤵
  PID:5672
- C:\Windows\System\ykPmmhp.exe
  C:\Windows\System\ykPmmhp.exe
  2⤵
  PID:5692
- C:\Windows\System\MpvtzwC.exe
  C:\Windows\System\MpvtzwC.exe
  2⤵
  PID:5712
- C:\Windows\System\RPGTVQk.exe
  C:\Windows\System\RPGTVQk.exe
  2⤵
  PID:5732
- C:\Windows\System\rgFbchQ.exe
  C:\Windows\System\rgFbchQ.exe
  2⤵
  PID:5752
- C:\Windows\System\cDETxTT.exe
  C:\Windows\System\cDETxTT.exe
  2⤵
  PID:5772
- C:\Windows\System\KmCmPVY.exe
  C:\Windows\System\KmCmPVY.exe
  2⤵
  PID:5792
- C:\Windows\System\FkcAWfd.exe
  C:\Windows\System\FkcAWfd.exe
  2⤵
  PID:5812
- C:\Windows\System\LCZuFOz.exe
  C:\Windows\System\LCZuFOz.exe
  2⤵
  PID:5832
- C:\Windows\System\niglKQo.exe
  C:\Windows\System\niglKQo.exe
  2⤵
  PID:5852
- C:\Windows\System\OVlnllI.exe
  C:\Windows\System\OVlnllI.exe
  2⤵
  PID:5872
- C:\Windows\System\yrnEDtg.exe
  C:\Windows\System\yrnEDtg.exe
  2⤵
  PID:5892
- C:\Windows\System\GuVSOMZ.exe
  C:\Windows\System\GuVSOMZ.exe
  2⤵
  PID:5912
- C:\Windows\System\hZZKvTJ.exe
  C:\Windows\System\hZZKvTJ.exe
  2⤵
  PID:5932
- C:\Windows\System\vqegkof.exe
  C:\Windows\System\vqegkof.exe
  2⤵
  PID:5952
- C:\Windows\System\lxAiAaH.exe
  C:\Windows\System\lxAiAaH.exe
  2⤵
  PID:5972
- C:\Windows\System\mouEMJw.exe
  C:\Windows\System\mouEMJw.exe
  2⤵
  PID:5992
- C:\Windows\System\pGztpHW.exe
  C:\Windows\System\pGztpHW.exe
  2⤵
  PID:6012
- C:\Windows\System\TZlAWPx.exe
  C:\Windows\System\TZlAWPx.exe
  2⤵
  PID:6032
- C:\Windows\System\wTPgIIC.exe
  C:\Windows\System\wTPgIIC.exe
  2⤵
  PID:6052
- C:\Windows\System\ydxYRDM.exe
  C:\Windows\System\ydxYRDM.exe
  2⤵
  PID:6072
- C:\Windows\System\PEbSdpe.exe
  C:\Windows\System\PEbSdpe.exe
  2⤵
  PID:6092
- C:\Windows\System\LgVdPvK.exe
  C:\Windows\System\LgVdPvK.exe
  2⤵
  PID:6112
- C:\Windows\System\lfZMVqP.exe
  C:\Windows\System\lfZMVqP.exe
  2⤵
  PID:6132
- C:\Windows\System\VgHmAMh.exe
  C:\Windows\System\VgHmAMh.exe
  2⤵
  PID:3344
- C:\Windows\System\pRGeNqt.exe
  C:\Windows\System\pRGeNqt.exe
  2⤵
  PID:4128
- C:\Windows\System\oPWrpua.exe
  C:\Windows\System\oPWrpua.exe
  2⤵
  PID:1004
- C:\Windows\System\HoLFlvN.exe
  C:\Windows\System\HoLFlvN.exe
  2⤵
  PID:4324
- C:\Windows\System\BQvDVcs.exe
  C:\Windows\System\BQvDVcs.exe
  2⤵
  PID:4444
- C:\Windows\System\cwBpjIT.exe
  C:\Windows\System\cwBpjIT.exe
  2⤵
  PID:4552
- C:\Windows\System\zKZxzHg.exe
  C:\Windows\System\zKZxzHg.exe
  2⤵
  PID:4828
- C:\Windows\System\MlUyhsI.exe
  C:\Windows\System\MlUyhsI.exe
  2⤵
  PID:4900
- C:\Windows\System\MzRZpZK.exe
  C:\Windows\System\MzRZpZK.exe
  2⤵
  PID:2760
- C:\Windows\System\NrhAZFZ.exe
  C:\Windows\System\NrhAZFZ.exe
  2⤵
  PID:5124
- C:\Windows\System\jkmiEXR.exe
  C:\Windows\System\jkmiEXR.exe
  2⤵
  PID:5168
- C:\Windows\System\fKDMYvH.exe
  C:\Windows\System\fKDMYvH.exe
  2⤵
  PID:5208
- C:\Windows\System\SmLfVMO.exe
  C:\Windows\System\SmLfVMO.exe
  2⤵
  PID:5248
- C:\Windows\System\XCJBiFn.exe
  C:\Windows\System\XCJBiFn.exe
  2⤵
  PID:5260
- C:\Windows\System\OqZeefy.exe
  C:\Windows\System\OqZeefy.exe
  2⤵
  PID:2088
- C:\Windows\System\kTXHRbo.exe
  C:\Windows\System\kTXHRbo.exe
  2⤵
  PID:5328
- C:\Windows\System\YDZJSOY.exe
  C:\Windows\System\YDZJSOY.exe
  2⤵
  PID:2916
- C:\Windows\System\frteKXw.exe
  C:\Windows\System\frteKXw.exe
  2⤵
  PID:5344
- C:\Windows\System\UtjNKzs.exe
  C:\Windows\System\UtjNKzs.exe
  2⤵
  PID:5388
- C:\Windows\System\VXhNpha.exe
  C:\Windows\System\VXhNpha.exe
  2⤵
  PID:5448
- C:\Windows\System\jGJMKMT.exe
  C:\Windows\System\jGJMKMT.exe
  2⤵
  PID:5460
- C:\Windows\System\mvJsBUr.exe
  C:\Windows\System\mvJsBUr.exe
  2⤵
  PID:2904
- C:\Windows\System\jdWxGhS.exe
  C:\Windows\System\jdWxGhS.exe
  2⤵
  PID:5500
- C:\Windows\System\oOPfNXp.exe
  C:\Windows\System\oOPfNXp.exe
  2⤵
  PID:5548
- C:\Windows\System\nzRZXEL.exe
  C:\Windows\System\nzRZXEL.exe
  2⤵
  PID:5600
- C:\Windows\System\QVuplYT.exe
  C:\Windows\System\QVuplYT.exe
  2⤵
  PID:5620
- C:\Windows\System\vtLQNfy.exe
  C:\Windows\System\vtLQNfy.exe
  2⤵
  PID:5644
- C:\Windows\System\FuIqIZg.exe
  C:\Windows\System\FuIqIZg.exe
  2⤵
  PID:5684
- C:\Windows\System\YeUIWxv.exe
  C:\Windows\System\YeUIWxv.exe
  2⤵
  PID:5700
- C:\Windows\System\RvjEiDY.exe
  C:\Windows\System\RvjEiDY.exe
  2⤵
  PID:5768
- C:\Windows\System\erPQqsm.exe
  C:\Windows\System\erPQqsm.exe
  2⤵
  PID:5744
- C:\Windows\System\IyaxJDj.exe
  C:\Windows\System\IyaxJDj.exe
  2⤵
  PID:5788
- C:\Windows\System\KdEyzVd.exe
  C:\Windows\System\KdEyzVd.exe
  2⤵
  PID:5820
- C:\Windows\System\MmLyRqJ.exe
  C:\Windows\System\MmLyRqJ.exe
  2⤵
  PID:5880
- C:\Windows\System\pMxorxy.exe
  C:\Windows\System\pMxorxy.exe
  2⤵
  PID:5920
- C:\Windows\System\TMZimlg.exe
  C:\Windows\System\TMZimlg.exe
  2⤵
  PID:5908
- C:\Windows\System\NFWfisE.exe
  C:\Windows\System\NFWfisE.exe
  2⤵
  PID:5940
- C:\Windows\System\sIISAkg.exe
  C:\Windows\System\sIISAkg.exe
  2⤵
  PID:5980
- C:\Windows\System\SCcyxIJ.exe
  C:\Windows\System\SCcyxIJ.exe
  2⤵
  PID:6020
- C:\Windows\System\vgVwuXS.exe
  C:\Windows\System\vgVwuXS.exe
  2⤵
  PID:6060
- C:\Windows\System\oIMPhSA.exe
  C:\Windows\System\oIMPhSA.exe
  2⤵
  PID:6120
- C:\Windows\System\BInbrbl.exe
  C:\Windows\System\BInbrbl.exe
  2⤵
  PID:6104
- C:\Windows\System\CsVxxMz.exe
  C:\Windows\System\CsVxxMz.exe
  2⤵
  PID:1784
- C:\Windows\System\aCfmPgP.exe
  C:\Windows\System\aCfmPgP.exe
  2⤵
  PID:2316
- C:\Windows\System\HNlYAFH.exe
  C:\Windows\System\HNlYAFH.exe
  2⤵
  PID:3876
- C:\Windows\System\ROJsDpk.exe
  C:\Windows\System\ROJsDpk.exe
  2⤵
  PID:4404
- C:\Windows\System\TCNjFdc.exe
  C:\Windows\System\TCNjFdc.exe
  2⤵
  PID:4832
- C:\Windows\System\JTpCyEJ.exe
  C:\Windows\System\JTpCyEJ.exe
  2⤵
  PID:4680
- C:\Windows\System\PugLQlS.exe
  C:\Windows\System\PugLQlS.exe
  2⤵
  PID:5128
- C:\Windows\System\lbnBPKl.exe
  C:\Windows\System\lbnBPKl.exe
  2⤵
  PID:5160
- C:\Windows\System\ySxUaXS.exe
  C:\Windows\System\ySxUaXS.exe
  2⤵
  PID:5148
- C:\Windows\System\YXTirrJ.exe
  C:\Windows\System\YXTirrJ.exe
  2⤵
  PID:5204
- C:\Windows\System\UwaUYCg.exe
  C:\Windows\System\UwaUYCg.exe
  2⤵
  PID:2932
- C:\Windows\System\uwNkDZU.exe
  C:\Windows\System\uwNkDZU.exe
  2⤵
  PID:5288
- C:\Windows\System\jFaxzXg.exe
  C:\Windows\System\jFaxzXg.exe
  2⤵
  PID:5340
- C:\Windows\System\lblAaQu.exe
  C:\Windows\System\lblAaQu.exe
  2⤵
  PID:5420
- C:\Windows\System\oJNJlXS.exe
  C:\Windows\System\oJNJlXS.exe
  2⤵
  PID:5504
- C:\Windows\System\mVVoCFC.exe
  C:\Windows\System\mVVoCFC.exe
  2⤵
  PID:5408
- C:\Windows\System\NCbkmgk.exe
  C:\Windows\System\NCbkmgk.exe
  2⤵
  PID:5568
- C:\Windows\System\GGhPOOx.exe
  C:\Windows\System\GGhPOOx.exe
  2⤵
  PID:5724
- C:\Windows\System\nxGEsaq.exe
  C:\Windows\System\nxGEsaq.exe
  2⤵
  PID:5808
- C:\Windows\System\fnHulmp.exe
  C:\Windows\System\fnHulmp.exe
  2⤵
  PID:5900
- C:\Windows\System\kEAJnvF.exe
  C:\Windows\System\kEAJnvF.exe
  2⤵
  PID:6028
- C:\Windows\System\GAAxBnv.exe
  C:\Windows\System\GAAxBnv.exe
  2⤵
  PID:6124
- C:\Windows\System\YbrqZkS.exe
  C:\Windows\System\YbrqZkS.exe
  2⤵
  PID:4736
- C:\Windows\System\yNvuzZw.exe
  C:\Windows\System\yNvuzZw.exe
  2⤵
  PID:5368
- C:\Windows\System\DNpfEVm.exe
  C:\Windows\System\DNpfEVm.exe
  2⤵
  PID:5400
- C:\Windows\System\Vkmywqh.exe
  C:\Windows\System\Vkmywqh.exe
  2⤵
  PID:5720
- C:\Windows\System\EeLoLCw.exe
  C:\Windows\System\EeLoLCw.exe
  2⤵
  PID:5704
- C:\Windows\System\ZGZPlad.exe
  C:\Windows\System\ZGZPlad.exe
  2⤵
  PID:5840
- C:\Windows\System\eIxErwb.exe
  C:\Windows\System\eIxErwb.exe
  2⤵
  PID:6192
- C:\Windows\System\BlFKFMj.exe
  C:\Windows\System\BlFKFMj.exe
  2⤵
  PID:6208
- C:\Windows\System\iGlCeND.exe
  C:\Windows\System\iGlCeND.exe
  2⤵
  PID:6224
- C:\Windows\System\qXLQkcv.exe
  C:\Windows\System\qXLQkcv.exe
  2⤵
  PID:6248
- C:\Windows\System\ygBVMEl.exe
  C:\Windows\System\ygBVMEl.exe
  2⤵
  PID:6268
- C:\Windows\System\MIdefYj.exe
  C:\Windows\System\MIdefYj.exe
  2⤵
  PID:6292
- C:\Windows\System\FOnawYS.exe
  C:\Windows\System\FOnawYS.exe
  2⤵
  PID:6312
- C:\Windows\System\YtTRxoV.exe
  C:\Windows\System\YtTRxoV.exe
  2⤵
  PID:6328
- C:\Windows\System\ZIvbTRu.exe
  C:\Windows\System\ZIvbTRu.exe
  2⤵
  PID:6344
- C:\Windows\System\ZOGlAai.exe
  C:\Windows\System\ZOGlAai.exe
  2⤵
  PID:6360
- C:\Windows\System\aHbeTgS.exe
  C:\Windows\System\aHbeTgS.exe
  2⤵
  PID:6384
- C:\Windows\System\UmDMXdu.exe
  C:\Windows\System\UmDMXdu.exe
  2⤵
  PID:6404
- C:\Windows\System\QJDXQNr.exe
  C:\Windows\System\QJDXQNr.exe
  2⤵
  PID:6432
- C:\Windows\System\FkrkIWf.exe
  C:\Windows\System\FkrkIWf.exe
  2⤵
  PID:6448
- C:\Windows\System\ddweVbh.exe
  C:\Windows\System\ddweVbh.exe
  2⤵
  PID:6464
- C:\Windows\System\NcLHoVu.exe
  C:\Windows\System\NcLHoVu.exe
  2⤵
  PID:6488
- C:\Windows\System\DkLQqBZ.exe
  C:\Windows\System\DkLQqBZ.exe
  2⤵
  PID:6512
- C:\Windows\System\rXoTqQQ.exe
  C:\Windows\System\rXoTqQQ.exe
  2⤵
  PID:6532
- C:\Windows\System\JMBsGjj.exe
  C:\Windows\System\JMBsGjj.exe
  2⤵
  PID:6556
- C:\Windows\System\qVCkNnV.exe
  C:\Windows\System\qVCkNnV.exe
  2⤵
  PID:6572
- C:\Windows\System\mHnAsGo.exe
  C:\Windows\System\mHnAsGo.exe
  2⤵
  PID:6588
- C:\Windows\System\bpCwWfp.exe
  C:\Windows\System\bpCwWfp.exe
  2⤵
  PID:6604
- C:\Windows\System\AwJRVQR.exe
  C:\Windows\System\AwJRVQR.exe
  2⤵
  PID:6620
- C:\Windows\System\FOMmHqA.exe
  C:\Windows\System\FOMmHqA.exe
  2⤵
  PID:6636
- C:\Windows\System\BdRpizq.exe
  C:\Windows\System\BdRpizq.exe
  2⤵
  PID:6656
- C:\Windows\System\SZPSTKa.exe
  C:\Windows\System\SZPSTKa.exe
  2⤵
  PID:6672
- C:\Windows\System\kGiCTQC.exe
  C:\Windows\System\kGiCTQC.exe
  2⤵
  PID:6700
- C:\Windows\System\XqsgoZc.exe
  C:\Windows\System\XqsgoZc.exe
  2⤵
  PID:6720
- C:\Windows\System\fRQytAm.exe
  C:\Windows\System\fRQytAm.exe
  2⤵
  PID:6740
- C:\Windows\System\XmPAHKP.exe
  C:\Windows\System\XmPAHKP.exe
  2⤵
  PID:6776
- C:\Windows\System\hLyANEC.exe
  C:\Windows\System\hLyANEC.exe
  2⤵
  PID:6792
- C:\Windows\System\PtnYmVB.exe
  C:\Windows\System\PtnYmVB.exe
  2⤵
  PID:6812
- C:\Windows\System\ZEtPGnS.exe
  C:\Windows\System\ZEtPGnS.exe
  2⤵
  PID:6832
- C:\Windows\System\mIKJbTF.exe
  C:\Windows\System\mIKJbTF.exe
  2⤵
  PID:6852
- C:\Windows\System\jyNiruD.exe
  C:\Windows\System\jyNiruD.exe
  2⤵
  PID:6872
- C:\Windows\System\XBHCYQd.exe
  C:\Windows\System\XBHCYQd.exe
  2⤵
  PID:6892
- C:\Windows\System\DFvjrwC.exe
  C:\Windows\System\DFvjrwC.exe
  2⤵
  PID:6912
- C:\Windows\System\QodqjmR.exe
  C:\Windows\System\QodqjmR.exe
  2⤵
  PID:6932
- C:\Windows\System\SAxlHJP.exe
  C:\Windows\System\SAxlHJP.exe
  2⤵
  PID:6952
- C:\Windows\System\FJErkhk.exe
  C:\Windows\System\FJErkhk.exe
  2⤵
  PID:6976
- C:\Windows\System\IyJkFbg.exe
  C:\Windows\System\IyJkFbg.exe
  2⤵
  PID:6996
- C:\Windows\System\PaxrepO.exe
  C:\Windows\System\PaxrepO.exe
  2⤵
  PID:7012
- C:\Windows\System\DItsUGf.exe
  C:\Windows\System\DItsUGf.exe
  2⤵
  PID:7032
- C:\Windows\System\wsVxgYT.exe
  C:\Windows\System\wsVxgYT.exe
  2⤵
  PID:7056
- C:\Windows\System\xxJUUga.exe
  C:\Windows\System\xxJUUga.exe
  2⤵
  PID:7076
- C:\Windows\System\GfghhXB.exe
  C:\Windows\System\GfghhXB.exe
  2⤵
  PID:7096
- C:\Windows\System\LMvdGrl.exe
  C:\Windows\System\LMvdGrl.exe
  2⤵
  PID:7116
- C:\Windows\System\XWinRsV.exe
  C:\Windows\System\XWinRsV.exe
  2⤵
  PID:7136
- C:\Windows\System\bjUigbZ.exe
  C:\Windows\System\bjUigbZ.exe
  2⤵
  PID:7156
- C:\Windows\System\fTlALRv.exe
  C:\Windows\System\fTlALRv.exe
  2⤵
  PID:5984
- C:\Windows\System\tfpnxHu.exe
  C:\Windows\System\tfpnxHu.exe
  2⤵
  PID:5960
- C:\Windows\System\hGimQeK.exe
  C:\Windows\System\hGimQeK.exe
  2⤵
  PID:5140
- C:\Windows\System\ZwhnKFt.exe
  C:\Windows\System\ZwhnKFt.exe
  2⤵
  PID:6100
- C:\Windows\System\UoIbFlf.exe
  C:\Windows\System\UoIbFlf.exe
  2⤵
  PID:4124
- C:\Windows\System\mvumuJt.exe
  C:\Windows\System\mvumuJt.exe
  2⤵
  PID:4304
- C:\Windows\System\XwlGTeH.exe
  C:\Windows\System\XwlGTeH.exe
  2⤵
  PID:4968
- C:\Windows\System\YEdCypE.exe
  C:\Windows\System\YEdCypE.exe
  2⤵
  PID:5520
- C:\Windows\System\qLipdok.exe
  C:\Windows\System\qLipdok.exe
  2⤵
  PID:5780
- C:\Windows\System\EeHWUlS.exe
  C:\Windows\System\EeHWUlS.exe
  2⤵
  PID:5404
- C:\Windows\System\skUCuvT.exe
  C:\Windows\System\skUCuvT.exe
  2⤵
  PID:5244
- C:\Windows\System\owcTvnL.exe
  C:\Windows\System\owcTvnL.exe
  2⤵
  PID:5944
- C:\Windows\System\vbIRkiM.exe
  C:\Windows\System\vbIRkiM.exe
  2⤵
  PID:5488
- C:\Windows\System\JhVrZPk.exe
  C:\Windows\System\JhVrZPk.exe
  2⤵
  PID:5300
- C:\Windows\System\aoSFOSV.exe
  C:\Windows\System\aoSFOSV.exe
  2⤵
  PID:5860
- C:\Windows\System\dxaEFwd.exe
  C:\Windows\System\dxaEFwd.exe
  2⤵
  PID:6236
- C:\Windows\System\jwXQyMe.exe
  C:\Windows\System\jwXQyMe.exe
  2⤵
  PID:6148
- C:\Windows\System\pUvYhCw.exe
  C:\Windows\System\pUvYhCw.exe
  2⤵
  PID:6168
- C:\Windows\System\gasiovm.exe
  C:\Windows\System\gasiovm.exe
  2⤵
  PID:1416
- C:\Windows\System\AeZGBKm.exe
  C:\Windows\System\AeZGBKm.exe
  2⤵
  PID:536
- C:\Windows\System\xZnAMDb.exe
  C:\Windows\System\xZnAMDb.exe
  2⤵
  PID:6256
- C:\Windows\System\mIeUQMK.exe
  C:\Windows\System\mIeUQMK.exe
  2⤵
  PID:6352
- C:\Windows\System\JAehjgf.exe
  C:\Windows\System\JAehjgf.exe
  2⤵
  PID:6440
- C:\Windows\System\sqiJriq.exe
  C:\Windows\System\sqiJriq.exe
  2⤵
  PID:6484
- C:\Windows\System\cLHVytO.exe
  C:\Windows\System\cLHVytO.exe
  2⤵
  PID:6524
- C:\Windows\System\kUOMPAP.exe
  C:\Windows\System\kUOMPAP.exe
  2⤵
  PID:6304
- C:\Windows\System\LCdEBTR.exe
  C:\Windows\System\LCdEBTR.exe
  2⤵
  PID:6420
- C:\Windows\System\BnHAyiU.exe
  C:\Windows\System\BnHAyiU.exe
  2⤵
  PID:6596
- C:\Windows\System\NSiDpxn.exe
  C:\Windows\System\NSiDpxn.exe
  2⤵
  PID:6456
- C:\Windows\System\uaumNjo.exe
  C:\Windows\System\uaumNjo.exe
  2⤵
  PID:6504
- C:\Windows\System\QYPWJbz.exe
  C:\Windows\System\QYPWJbz.exe
  2⤵
  PID:6552
- C:\Windows\System\faRPkBQ.exe
  C:\Windows\System\faRPkBQ.exe
  2⤵
  PID:6648
- C:\Windows\System\saEhUNh.exe
  C:\Windows\System\saEhUNh.exe
  2⤵
  PID:6728
- C:\Windows\System\OlekmHZ.exe
  C:\Windows\System\OlekmHZ.exe
  2⤵
  PID:6680
- C:\Windows\System\WHtBshR.exe
  C:\Windows\System\WHtBshR.exe
  2⤵
  PID:6736
- C:\Windows\System\XuuCqNT.exe
  C:\Windows\System\XuuCqNT.exe
  2⤵
  PID:6772
- C:\Windows\System\yweWTfU.exe
  C:\Windows\System\yweWTfU.exe
  2⤵
  PID:6788
- C:\Windows\System\GMZtnjd.exe
  C:\Windows\System\GMZtnjd.exe
  2⤵
  PID:6860
- C:\Windows\System\lnChWOw.exe
  C:\Windows\System\lnChWOw.exe
  2⤵
  PID:6868
- C:\Windows\System\jzkdwHU.exe
  C:\Windows\System\jzkdwHU.exe
  2⤵
  PID:6928
- C:\Windows\System\uRytCEB.exe
  C:\Windows\System\uRytCEB.exe
  2⤵
  PID:6944
- C:\Windows\System\mWhDZoK.exe
  C:\Windows\System\mWhDZoK.exe
  2⤵
  PID:6964
- C:\Windows\System\hfsMWss.exe
  C:\Windows\System\hfsMWss.exe
  2⤵
  PID:7020
- C:\Windows\System\jDaaUSY.exe
  C:\Windows\System\jDaaUSY.exe
  2⤵
  PID:7040
- C:\Windows\System\vDXjjNK.exe
  C:\Windows\System\vDXjjNK.exe
  2⤵
  PID:7072
- C:\Windows\System\okamVDF.exe
  C:\Windows\System\okamVDF.exe
  2⤵
  PID:7124
- C:\Windows\System\GlujVkh.exe
  C:\Windows\System\GlujVkh.exe
  2⤵
  PID:7144
- C:\Windows\System\MRuldje.exe
  C:\Windows\System\MRuldje.exe
  2⤵
  PID:6008
- C:\Windows\System\YhbpnnZ.exe
  C:\Windows\System\YhbpnnZ.exe
  2⤵
  PID:6024
- C:\Windows\System\CEPCvdh.exe
  C:\Windows\System\CEPCvdh.exe
  2⤵
  PID:6088
- C:\Windows\System\WUtUuQz.exe
  C:\Windows\System\WUtUuQz.exe
  2⤵
  PID:5664
- C:\Windows\System\tkbPqXR.exe
  C:\Windows\System\tkbPqXR.exe
  2⤵
  PID:5584
- C:\Windows\System\JNcnRpq.exe
  C:\Windows\System\JNcnRpq.exe
  2⤵
  PID:5564
- C:\Windows\System\PRjcTdY.exe
  C:\Windows\System\PRjcTdY.exe
  2⤵
  PID:5580
- C:\Windows\System\CwzyTKz.exe
  C:\Windows\System\CwzyTKz.exe
  2⤵
  PID:2136
- C:\Windows\System\purKoyz.exe
  C:\Windows\System\purKoyz.exe
  2⤵
  PID:5348
- C:\Windows\System\vkELWKc.exe
  C:\Windows\System\vkELWKc.exe
  2⤵
  PID:6288
- C:\Windows\System\LHCyblo.exe
  C:\Windows\System\LHCyblo.exe
  2⤵
  PID:2948
- C:\Windows\System\igefWtX.exe
  C:\Windows\System\igefWtX.exe
  2⤵
  PID:6184
- C:\Windows\System\BWICWuv.exe
  C:\Windows\System\BWICWuv.exe
  2⤵
  PID:2076
- C:\Windows\System\cuuRRow.exe
  C:\Windows\System\cuuRRow.exe
  2⤵
  PID:6320
- C:\Windows\System\lyjNXMS.exe
  C:\Windows\System\lyjNXMS.exe
  2⤵
  PID:6336
- C:\Windows\System\ccHjWVq.exe
  C:\Windows\System\ccHjWVq.exe
  2⤵
  PID:2676
- C:\Windows\System\QBXoLkd.exe
  C:\Windows\System\QBXoLkd.exe
  2⤵
  PID:6368
- C:\Windows\System\HwAMRlM.exe
  C:\Windows\System\HwAMRlM.exe
  2⤵
  PID:6424
- C:\Windows\System\fUDZbEm.exe
  C:\Windows\System\fUDZbEm.exe
  2⤵
  PID:6500
- C:\Windows\System\ysavWGc.exe
  C:\Windows\System\ysavWGc.exe
  2⤵
  PID:6716
- C:\Windows\System\PYVUzuj.exe
  C:\Windows\System\PYVUzuj.exe
  2⤵
  PID:6580
- C:\Windows\System\vDYITqo.exe
  C:\Windows\System\vDYITqo.exe
  2⤵
  PID:6756
- C:\Windows\System\XWtuhcJ.exe
  C:\Windows\System\XWtuhcJ.exe
  2⤵
  PID:6820
- C:\Windows\System\TCsHDSX.exe
  C:\Windows\System\TCsHDSX.exe
  2⤵
  PID:6904
- C:\Windows\System\RIbTfpG.exe
  C:\Windows\System\RIbTfpG.exe
  2⤵
  PID:6884
- C:\Windows\System\nsvnRYi.exe
  C:\Windows\System\nsvnRYi.exe
  2⤵
  PID:7008
- C:\Windows\System\UwhDdgK.exe
  C:\Windows\System\UwhDdgK.exe
  2⤵
  PID:7068
- C:\Windows\System\tEAHUyE.exe
  C:\Windows\System\tEAHUyE.exe
  2⤵
  PID:7128
- C:\Windows\System\PNBxCht.exe
  C:\Windows\System\PNBxCht.exe
  2⤵
  PID:7092
- C:\Windows\System\diqYHoK.exe
  C:\Windows\System\diqYHoK.exe
  2⤵
  PID:7148
- C:\Windows\System\gmiZSAq.exe
  C:\Windows\System\gmiZSAq.exe
  2⤵
  PID:4244
- C:\Windows\System\DeUEwzB.exe
  C:\Windows\System\DeUEwzB.exe
  2⤵
  PID:2068
- C:\Windows\System\cOYIKtv.exe
  C:\Windows\System\cOYIKtv.exe
  2⤵
  PID:5424
- C:\Windows\System\crfRmUv.exe
  C:\Windows\System\crfRmUv.exe
  2⤵
  PID:6284
- C:\Windows\System\kOFqqBH.exe
  C:\Windows\System\kOFqqBH.exe
  2⤵
  PID:6200
- C:\Windows\System\FtkoHFK.exe
  C:\Windows\System\FtkoHFK.exe
  2⤵
  PID:6160
- C:\Windows\System\zpvGFqI.exe
  C:\Windows\System\zpvGFqI.exe
  2⤵
  PID:2592
- C:\Windows\System\rfnXbDN.exe
  C:\Windows\System\rfnXbDN.exe
  2⤵
  PID:6520
- C:\Windows\System\OjQUkIc.exe
  C:\Windows\System\OjQUkIc.exe
  2⤵
  PID:6628
- C:\Windows\System\OWCDnTg.exe
  C:\Windows\System\OWCDnTg.exe
  2⤵
  PID:6692
- C:\Windows\System\vnybYUh.exe
  C:\Windows\System\vnybYUh.exe
  2⤵
  PID:6496
- C:\Windows\System\VxMkwDS.exe
  C:\Windows\System\VxMkwDS.exe
  2⤵
  PID:6584
- C:\Windows\System\GMSitNz.exe
  C:\Windows\System\GMSitNz.exe
  2⤵
  PID:6828
- C:\Windows\System\MtyQOkx.exe
  C:\Windows\System\MtyQOkx.exe
  2⤵
  PID:6824
- C:\Windows\System\hqNUjvp.exe
  C:\Windows\System\hqNUjvp.exe
  2⤵
  PID:6940
- C:\Windows\System\BLXXsZd.exe
  C:\Windows\System\BLXXsZd.exe
  2⤵
  PID:7024
- C:\Windows\System\pREdVlE.exe
  C:\Windows\System\pREdVlE.exe
  2⤵
  PID:5884
- C:\Windows\System\rzLasjz.exe
  C:\Windows\System\rzLasjz.exe
  2⤵
  PID:1152
- C:\Windows\System\wIBAMIx.exe
  C:\Windows\System\wIBAMIx.exe
  2⤵
  PID:2256
- C:\Windows\System\XmnxiiX.exe
  C:\Windows\System\XmnxiiX.exe
  2⤵
  PID:2908
- C:\Windows\System\wOUlpKK.exe
  C:\Windows\System\wOUlpKK.exe
  2⤵
  PID:5528
- C:\Windows\System\wmylwAd.exe
  C:\Windows\System\wmylwAd.exe
  2⤵
  PID:6204
- C:\Windows\System\WzrXBoo.exe
  C:\Windows\System\WzrXBoo.exe
  2⤵
  PID:6264
- C:\Windows\System\IeLZRxy.exe
  C:\Windows\System\IeLZRxy.exe
  2⤵
  PID:6528
- C:\Windows\System\CiPuCtS.exe
  C:\Windows\System\CiPuCtS.exe
  2⤵
  PID:6372
- C:\Windows\System\BNRNvfG.exe
  C:\Windows\System\BNRNvfG.exe
  2⤵
  PID:3012
- C:\Windows\System\KMxbwex.exe
  C:\Windows\System\KMxbwex.exe
  2⤵
  PID:6616
- C:\Windows\System\dSlzojq.exe
  C:\Windows\System\dSlzojq.exe
  2⤵
  PID:6972
- C:\Windows\System\ISGspeF.exe
  C:\Windows\System\ISGspeF.exe
  2⤵
  PID:5648
- C:\Windows\System\UmYTMmi.exe
  C:\Windows\System\UmYTMmi.exe
  2⤵
  PID:7048
- C:\Windows\System\xjrNzUP.exe
  C:\Windows\System\xjrNzUP.exe
  2⤵
  PID:7184
- C:\Windows\System\vIEKASP.exe
  C:\Windows\System\vIEKASP.exe
  2⤵
  PID:7204
- C:\Windows\System\QhhkFSV.exe
  C:\Windows\System\QhhkFSV.exe
  2⤵
  PID:7224
- C:\Windows\System\iIXOfsA.exe
  C:\Windows\System\iIXOfsA.exe
  2⤵
  PID:7244
- C:\Windows\System\rhVbDZx.exe
  C:\Windows\System\rhVbDZx.exe
  2⤵
  PID:7264
- C:\Windows\System\bvqvoSz.exe
  C:\Windows\System\bvqvoSz.exe
  2⤵
  PID:7284
- C:\Windows\System\cWyjFQC.exe
  C:\Windows\System\cWyjFQC.exe
  2⤵
  PID:7304
- C:\Windows\System\wVbBgxR.exe
  C:\Windows\System\wVbBgxR.exe
  2⤵
  PID:7324
- C:\Windows\System\eUrvoZm.exe
  C:\Windows\System\eUrvoZm.exe
  2⤵
  PID:7344
- C:\Windows\System\KyIgxDO.exe
  C:\Windows\System\KyIgxDO.exe
  2⤵
  PID:7364
- C:\Windows\System\pjVhSpG.exe
  C:\Windows\System\pjVhSpG.exe
  2⤵
  PID:7384
- C:\Windows\System\XSwljFp.exe
  C:\Windows\System\XSwljFp.exe
  2⤵
  PID:7404
- C:\Windows\System\aBaFUne.exe
  C:\Windows\System\aBaFUne.exe
  2⤵
  PID:7424
- C:\Windows\System\xDbtTWv.exe
  C:\Windows\System\xDbtTWv.exe
  2⤵
  PID:7444
- C:\Windows\System\ThlwwNk.exe
  C:\Windows\System\ThlwwNk.exe
  2⤵
  PID:7464
- C:\Windows\System\HRbHDOr.exe
  C:\Windows\System\HRbHDOr.exe
  2⤵
  PID:7484
- C:\Windows\System\EomTPeV.exe
  C:\Windows\System\EomTPeV.exe
  2⤵
  PID:7504
- C:\Windows\System\PdVKLXL.exe
  C:\Windows\System\PdVKLXL.exe
  2⤵
  PID:7524
- C:\Windows\System\NddbRNF.exe
  C:\Windows\System\NddbRNF.exe
  2⤵
  PID:7544
- C:\Windows\System\xxqUUgm.exe
  C:\Windows\System\xxqUUgm.exe
  2⤵
  PID:7568
- C:\Windows\System\EOPuwkg.exe
  C:\Windows\System\EOPuwkg.exe
  2⤵
  PID:7588
- C:\Windows\System\pDbueWL.exe
  C:\Windows\System\pDbueWL.exe
  2⤵
  PID:7608
- C:\Windows\System\VZFcqcZ.exe
  C:\Windows\System\VZFcqcZ.exe
  2⤵
  PID:7628
- C:\Windows\System\ZkGyPmH.exe
  C:\Windows\System\ZkGyPmH.exe
  2⤵
  PID:7648
- C:\Windows\System\LWxkYTe.exe
  C:\Windows\System\LWxkYTe.exe
  2⤵
  PID:7668
- C:\Windows\System\lRShqNo.exe
  C:\Windows\System\lRShqNo.exe
  2⤵
  PID:7688
- C:\Windows\System\GaXVrSj.exe
  C:\Windows\System\GaXVrSj.exe
  2⤵
  PID:7708
- C:\Windows\System\PnURehE.exe
  C:\Windows\System\PnURehE.exe
  2⤵
  PID:7728
- C:\Windows\System\vTCpmGz.exe
  C:\Windows\System\vTCpmGz.exe
  2⤵
  PID:7748
- C:\Windows\System\LHbMiwe.exe
  C:\Windows\System\LHbMiwe.exe
  2⤵
  PID:7772
- C:\Windows\System\JqsxFpw.exe
  C:\Windows\System\JqsxFpw.exe
  2⤵
  PID:7788
- C:\Windows\System\ThDgfkW.exe
  C:\Windows\System\ThDgfkW.exe
  2⤵
  PID:7808
- C:\Windows\System\xwKtUzd.exe
  C:\Windows\System\xwKtUzd.exe
  2⤵
  PID:7832
- C:\Windows\System\wJhzjLT.exe
  C:\Windows\System\wJhzjLT.exe
  2⤵
  PID:7852
- C:\Windows\System\edDScQx.exe
  C:\Windows\System\edDScQx.exe
  2⤵
  PID:7872
- C:\Windows\System\RLksdWL.exe
  C:\Windows\System\RLksdWL.exe
  2⤵
  PID:7892
- C:\Windows\System\sGwsMDz.exe
  C:\Windows\System\sGwsMDz.exe
  2⤵
  PID:7912
- C:\Windows\System\OZmFrTN.exe
  C:\Windows\System\OZmFrTN.exe
  2⤵
  PID:7932
- C:\Windows\System\LYhxBeq.exe
  C:\Windows\System\LYhxBeq.exe
  2⤵
  PID:7948
- C:\Windows\System\XzHgXHg.exe
  C:\Windows\System\XzHgXHg.exe
  2⤵
  PID:7972
- C:\Windows\System\BWsNizX.exe
  C:\Windows\System\BWsNizX.exe
  2⤵
  PID:7992
- C:\Windows\System\MkfqcBb.exe
  C:\Windows\System\MkfqcBb.exe
  2⤵
  PID:8012
- C:\Windows\System\EoRXjfe.exe
  C:\Windows\System\EoRXjfe.exe
  2⤵
  PID:8032
- C:\Windows\System\DQLVZCY.exe
  C:\Windows\System\DQLVZCY.exe
  2⤵
  PID:8048
- C:\Windows\System\GIjyMTG.exe
  C:\Windows\System\GIjyMTG.exe
  2⤵
  PID:8072
- C:\Windows\System\glAuvVU.exe
  C:\Windows\System\glAuvVU.exe
  2⤵
  PID:8092
- C:\Windows\System\EUjBQwO.exe
  C:\Windows\System\EUjBQwO.exe
  2⤵
  PID:8112
- C:\Windows\System\TRNuYxC.exe
  C:\Windows\System\TRNuYxC.exe
  2⤵
  PID:8132
- C:\Windows\System\LPueBwY.exe
  C:\Windows\System\LPueBwY.exe
  2⤵
  PID:8148
- C:\Windows\System\RjQkFzb.exe
  C:\Windows\System\RjQkFzb.exe
  2⤵
  PID:8172
- C:\Windows\System\NlMCFkR.exe
  C:\Windows\System\NlMCFkR.exe
  2⤵
  PID:3028
- C:\Windows\System\fvJfZQD.exe
  C:\Windows\System\fvJfZQD.exe
  2⤵
  PID:4716
- C:\Windows\System\IpZcOAt.exe
  C:\Windows\System\IpZcOAt.exe
  2⤵
  PID:2976
- C:\Windows\System\oYNxraC.exe
  C:\Windows\System\oYNxraC.exe
  2⤵
  PID:6684
- C:\Windows\System\KnjKueD.exe
  C:\Windows\System\KnjKueD.exe
  2⤵
  PID:6548
- C:\Windows\System\MrDLYWf.exe
  C:\Windows\System\MrDLYWf.exe
  2⤵
  PID:6380
- C:\Windows\System\jeVCnSB.exe
  C:\Windows\System\jeVCnSB.exe
  2⤵
  PID:6760
- C:\Windows\System\Dodsikw.exe
  C:\Windows\System\Dodsikw.exe
  2⤵
  PID:7004
- C:\Windows\System\AaVHRvU.exe
  C:\Windows\System\AaVHRvU.exe
  2⤵
  PID:7172
- C:\Windows\System\lyiZDHA.exe
  C:\Windows\System\lyiZDHA.exe
  2⤵
  PID:7232
- C:\Windows\System\mZWNSSq.exe
  C:\Windows\System\mZWNSSq.exe
  2⤵
  PID:7216
- C:\Windows\System\GtLjfIA.exe
  C:\Windows\System\GtLjfIA.exe
  2⤵
  PID:7252
- C:\Windows\System\GqbukJP.exe
  C:\Windows\System\GqbukJP.exe
  2⤵
  PID:2992
- C:\Windows\System\aCetXHs.exe
  C:\Windows\System\aCetXHs.exe
  2⤵
  PID:7316
- C:\Windows\System\iQbfSGD.exe
  C:\Windows\System\iQbfSGD.exe
  2⤵
  PID:7340
- C:\Windows\System\bpKOogg.exe
  C:\Windows\System\bpKOogg.exe
  2⤵
  PID:7396
- C:\Windows\System\CBnMJcK.exe
  C:\Windows\System\CBnMJcK.exe
  2⤵
  PID:7412
- C:\Windows\System\tztanuy.exe
  C:\Windows\System\tztanuy.exe
  2⤵
  PID:484
- C:\Windows\System\KdJGfcH.exe
  C:\Windows\System\KdJGfcH.exe
  2⤵
  PID:7460
- C:\Windows\System\ZsxoBxp.exe
  C:\Windows\System\ZsxoBxp.exe
  2⤵
  PID:7500
- C:\Windows\System\sYDkuWH.exe
  C:\Windows\System\sYDkuWH.exe
  2⤵
  PID:7532
- C:\Windows\System\ozIAaht.exe
  C:\Windows\System\ozIAaht.exe
  2⤵
  PID:7556
- C:\Windows\System\leKNHLI.exe
  C:\Windows\System\leKNHLI.exe
  2⤵
  PID:7584
- C:\Windows\System\UfpibVF.exe
  C:\Windows\System\UfpibVF.exe
  2⤵
  PID:7644
- C:\Windows\System\mHuiCQh.exe
  C:\Windows\System\mHuiCQh.exe
  2⤵
  PID:7664
- C:\Windows\System\VgBZSCj.exe
  C:\Windows\System\VgBZSCj.exe
  2⤵
  PID:7724
- C:\Windows\System\XYNoTVf.exe
  C:\Windows\System\XYNoTVf.exe
  2⤵
  PID:7720
- C:\Windows\System\CgQOEdX.exe
  C:\Windows\System\CgQOEdX.exe
  2⤵
  PID:3052
- C:\Windows\System\ECVsXnL.exe
  C:\Windows\System\ECVsXnL.exe
  2⤵
  PID:2372
- C:\Windows\System\RYqfVHt.exe
  C:\Windows\System\RYqfVHt.exe
  2⤵
  PID:7804
- C:\Windows\System\loPaBDF.exe
  C:\Windows\System\loPaBDF.exe
  2⤵
  PID:7784
- C:\Windows\System\RjFzjII.exe
  C:\Windows\System\RjFzjII.exe
  2⤵
  PID:3016
- C:\Windows\System\nGjcrVU.exe
  C:\Windows\System\nGjcrVU.exe
  2⤵
  PID:7828
- C:\Windows\System\HTDlkwZ.exe
  C:\Windows\System\HTDlkwZ.exe
  2⤵
  PID:7880
- C:\Windows\System\gfwVPkq.exe
  C:\Windows\System\gfwVPkq.exe
  2⤵
  PID:7868
- C:\Windows\System\RsxmQKe.exe
  C:\Windows\System\RsxmQKe.exe
  2⤵
  PID:7900
- C:\Windows\System\TRJbgMr.exe
  C:\Windows\System\TRJbgMr.exe
  2⤵
  PID:7960
- C:\Windows\System\mykYlaL.exe
  C:\Windows\System\mykYlaL.exe
  2⤵
  PID:8004
- C:\Windows\System\epjXkLe.exe
  C:\Windows\System\epjXkLe.exe
  2⤵
  PID:8028
- C:\Windows\System\UDovQVT.exe
  C:\Windows\System\UDovQVT.exe
  2⤵
  PID:8156
- C:\Windows\System\sxxrSAZ.exe
  C:\Windows\System\sxxrSAZ.exe
  2⤵
  PID:8144
- C:\Windows\System\LgtXaRf.exe
  C:\Windows\System\LgtXaRf.exe
  2⤵
  PID:4924
- C:\Windows\System\UqaLblH.exe
  C:\Windows\System\UqaLblH.exe
  2⤵
  PID:1620
- C:\Windows\System\BPLkrcG.exe
  C:\Windows\System\BPLkrcG.exe
  2⤵
  PID:6472
- C:\Windows\System\FHgYaPG.exe
  C:\Windows\System\FHgYaPG.exe
  2⤵
  PID:6960
- C:\Windows\System\UkxGtxB.exe
  C:\Windows\System\UkxGtxB.exe
  2⤵
  PID:7176
- C:\Windows\System\AcCkjAx.exe
  C:\Windows\System\AcCkjAx.exe
  2⤵
  PID:7220
- C:\Windows\System\eTlrOwf.exe
  C:\Windows\System\eTlrOwf.exe
  2⤵
  PID:7276
- C:\Windows\System\BFmeLdl.exe
  C:\Windows\System\BFmeLdl.exe
  2⤵
  PID:7392
- C:\Windows\System\yMwMcjB.exe
  C:\Windows\System\yMwMcjB.exe
  2⤵
  PID:7372
- C:\Windows\System\bCYNNIX.exe
  C:\Windows\System\bCYNNIX.exe
  2⤵
  PID:1672
- C:\Windows\System\LIELgKQ.exe
  C:\Windows\System\LIELgKQ.exe
  2⤵
  PID:7480
- C:\Windows\System\mJeJrEI.exe
  C:\Windows\System\mJeJrEI.exe
  2⤵
  PID:7512
- C:\Windows\System\kOxenhi.exe
  C:\Windows\System\kOxenhi.exe
  2⤵
  PID:7552
- C:\Windows\System\ploSzXP.exe
  C:\Windows\System\ploSzXP.exe
  2⤵
  PID:7616
- C:\Windows\System\ywNizMg.exe
  C:\Windows\System\ywNizMg.exe
  2⤵
  PID:7684
- C:\Windows\System\IjeRPiu.exe
  C:\Windows\System\IjeRPiu.exe
  2⤵
  PID:7680
- C:\Windows\System\kKOPNgD.exe
  C:\Windows\System\kKOPNgD.exe
  2⤵
  PID:7764
- C:\Windows\System\ZBhKxsr.exe
  C:\Windows\System\ZBhKxsr.exe
  2⤵
  PID:7928
- C:\Windows\System\lmzSdHz.exe
  C:\Windows\System\lmzSdHz.exe
  2⤵
  PID:8000
- C:\Windows\System\SLWEOZB.exe
  C:\Windows\System\SLWEOZB.exe
  2⤵
  PID:2636
- C:\Windows\System\UKkyCxo.exe
  C:\Windows\System\UKkyCxo.exe
  2⤵
  PID:1660
- C:\Windows\System\HGLXIUA.exe
  C:\Windows\System\HGLXIUA.exe
  2⤵
  PID:2924
- C:\Windows\System\uUzqcCo.exe
  C:\Windows\System\uUzqcCo.exe
  2⤵
  PID:2960
- C:\Windows\System\gyDjlWL.exe
  C:\Windows\System\gyDjlWL.exe
  2⤵
  PID:1352
- C:\Windows\System\GpwARvF.exe
  C:\Windows\System\GpwARvF.exe
  2⤵
  PID:2928
- C:\Windows\System\VmPmCtt.exe
  C:\Windows\System\VmPmCtt.exe
  2⤵
  PID:8088
- C:\Windows\System\YnqKJxz.exe
  C:\Windows\System\YnqKJxz.exe
  2⤵
  PID:2652
- C:\Windows\System\oDjERvy.exe
  C:\Windows\System\oDjERvy.exe
  2⤵
  PID:7700
- C:\Windows\System\DxURgPF.exe
  C:\Windows\System\DxURgPF.exe
  2⤵
  PID:7816
- C:\Windows\System\TKVsKIo.exe
  C:\Windows\System\TKVsKIo.exe
  2⤵
  PID:1744
- C:\Windows\System\NdgZFxx.exe
  C:\Windows\System\NdgZFxx.exe
  2⤵
  PID:8128
- C:\Windows\System\xTaSAdH.exe
  C:\Windows\System\xTaSAdH.exe
  2⤵
  PID:5180
- C:\Windows\System\mOIhsAl.exe
  C:\Windows\System\mOIhsAl.exe
  2⤵
  PID:8184
- C:\Windows\System\RehoOTS.exe
  C:\Windows\System\RehoOTS.exe
  2⤵
  PID:6412
- C:\Windows\System\tSXKxGz.exe
  C:\Windows\System\tSXKxGz.exe
  2⤵
  PID:6164
- C:\Windows\System\dNKZAqA.exe
  C:\Windows\System\dNKZAqA.exe
  2⤵
  PID:7196
- C:\Windows\System\uQUxmRM.exe
  C:\Windows\System\uQUxmRM.exe
  2⤵
  PID:7540
- C:\Windows\System\gDiElXs.exe
  C:\Windows\System\gDiElXs.exe
  2⤵
  PID:7988
- C:\Windows\System\wFpDags.exe
  C:\Windows\System\wFpDags.exe
  2⤵
  PID:1712
- C:\Windows\System\vKZHhyh.exe
  C:\Windows\System\vKZHhyh.exe
  2⤵
  PID:2188
- C:\Windows\System\liYSBZk.exe
  C:\Windows\System\liYSBZk.exe
  2⤵
  PID:8168
- C:\Windows\System\SxWikVA.exe
  C:\Windows\System\SxWikVA.exe
  2⤵
  PID:7536
- C:\Windows\System\RBDbqwF.exe
  C:\Windows\System\RBDbqwF.exe
  2⤵
  PID:8180
- C:\Windows\System\HBAWIZK.exe
  C:\Windows\System\HBAWIZK.exe
  2⤵
  PID:7520
- C:\Windows\System\FzUqsgC.exe
  C:\Windows\System\FzUqsgC.exe
  2⤵
  PID:2956
- C:\Windows\System\yKgNWtD.exe
  C:\Windows\System\yKgNWtD.exe
  2⤵
  PID:2376
- C:\Windows\System\GLwMoSk.exe
  C:\Windows\System\GLwMoSk.exe
  2⤵
  PID:7600
- C:\Windows\System\ZFOIyeK.exe
  C:\Windows\System\ZFOIyeK.exe
  2⤵
  PID:2944
- C:\Windows\System\yewWvYf.exe
  C:\Windows\System\yewWvYf.exe
  2⤵
  PID:8044
- C:\Windows\System\QHScYZf.exe
  C:\Windows\System\QHScYZf.exe
  2⤵
  PID:1140
- C:\Windows\System\YOReMdo.exe
  C:\Windows\System\YOReMdo.exe
  2⤵
  PID:7192
- C:\Windows\System\gXiTsmt.exe
  C:\Windows\System\gXiTsmt.exe
  2⤵
  PID:7416
- C:\Windows\System\VMZxWjU.exe
  C:\Windows\System\VMZxWjU.exe
  2⤵
  PID:2444
- C:\Windows\System\UWXQYbN.exe
  C:\Windows\System\UWXQYbN.exe
  2⤵
  PID:7956
- C:\Windows\System\LlCMBOx.exe
  C:\Windows\System\LlCMBOx.exe
  2⤵
  PID:7716
- C:\Windows\System\ztIjaBR.exe
  C:\Windows\System\ztIjaBR.exe
  2⤵
  PID:964
- C:\Windows\System\QzkOTxP.exe
  C:\Windows\System\QzkOTxP.exe
  2⤵
  PID:7352
- C:\Windows\System\xImhUPr.exe
  C:\Windows\System\xImhUPr.exe
  2⤵
  PID:1052
- C:\Windows\System\gKJZidT.exe
  C:\Windows\System\gKJZidT.exe
  2⤵
  PID:8208
- C:\Windows\System\iRSLALE.exe
  C:\Windows\System\iRSLALE.exe
  2⤵
  PID:8224
- C:\Windows\System\OtSFTOx.exe
  C:\Windows\System\OtSFTOx.exe
  2⤵
  PID:8240
- C:\Windows\System\aSJUdjv.exe
  C:\Windows\System\aSJUdjv.exe
  2⤵
  PID:8256
- C:\Windows\System\jwUtAml.exe
  C:\Windows\System\jwUtAml.exe
  2⤵
  PID:8272
- C:\Windows\System\jhOYhSl.exe
  C:\Windows\System\jhOYhSl.exe
  2⤵
  PID:8288
- C:\Windows\System\AcfCNbN.exe
  C:\Windows\System\AcfCNbN.exe
  2⤵
  PID:8304
- C:\Windows\System\JMryjpy.exe
  C:\Windows\System\JMryjpy.exe
  2⤵
  PID:8328
- C:\Windows\System\dAlGzPE.exe
  C:\Windows\System\dAlGzPE.exe
  2⤵
  PID:8348
- C:\Windows\System\xEJPOPr.exe
  C:\Windows\System\xEJPOPr.exe
  2⤵
  PID:8372
- C:\Windows\System\TJnwMCJ.exe
  C:\Windows\System\TJnwMCJ.exe
  2⤵
  PID:8392
- C:\Windows\System\WaNyfRj.exe
  C:\Windows\System\WaNyfRj.exe
  2⤵
  PID:8412
- C:\Windows\System\EpHUDvW.exe
  C:\Windows\System\EpHUDvW.exe
  2⤵
  PID:8432
- C:\Windows\System\rrZcBoi.exe
  C:\Windows\System\rrZcBoi.exe
  2⤵
  PID:8452
- C:\Windows\System\gtiVhdC.exe
  C:\Windows\System\gtiVhdC.exe
  2⤵
  PID:8476
- C:\Windows\System\rWyfYWi.exe
  C:\Windows\System\rWyfYWi.exe
  2⤵
  PID:8496
- C:\Windows\System\mYKIJYk.exe
  C:\Windows\System\mYKIJYk.exe
  2⤵
  PID:8516
- C:\Windows\System\peEhqcN.exe
  C:\Windows\System\peEhqcN.exe
  2⤵
  PID:8544
- C:\Windows\System\zzPTfOd.exe
  C:\Windows\System\zzPTfOd.exe
  2⤵
  PID:8560
- C:\Windows\System\PZAOsex.exe
  C:\Windows\System\PZAOsex.exe
  2⤵
  PID:8576
- C:\Windows\System\MIYThtk.exe
  C:\Windows\System\MIYThtk.exe
  2⤵
  PID:8592
- C:\Windows\System\mvxBrJT.exe
  C:\Windows\System\mvxBrJT.exe
  2⤵
  PID:8608
- C:\Windows\System\mDxmXXZ.exe
  C:\Windows\System\mDxmXXZ.exe
  2⤵
  PID:8624
- C:\Windows\System\VSJGJTX.exe
  C:\Windows\System\VSJGJTX.exe
  2⤵
  PID:8640
- C:\Windows\System\NChtIoH.exe
  C:\Windows\System\NChtIoH.exe
  2⤵
  PID:8656
- C:\Windows\System\pCJhyTm.exe
  C:\Windows\System\pCJhyTm.exe
  2⤵
  PID:8672
- C:\Windows\System\sRKOHZc.exe
  C:\Windows\System\sRKOHZc.exe
  2⤵
  PID:8688
- C:\Windows\System\dmXqaEk.exe
  C:\Windows\System\dmXqaEk.exe
  2⤵
  PID:8704
- C:\Windows\System\WYfEycZ.exe
  C:\Windows\System\WYfEycZ.exe
  2⤵
  PID:8724
- C:\Windows\System\NWKtRUa.exe
  C:\Windows\System\NWKtRUa.exe
  2⤵
  PID:8740
- C:\Windows\System\ysDqrfD.exe
  C:\Windows\System\ysDqrfD.exe
  2⤵
  PID:8756
- C:\Windows\System\NiecJFP.exe
  C:\Windows\System\NiecJFP.exe
  2⤵
  PID:8772
- C:\Windows\System\psWHDZk.exe
  C:\Windows\System\psWHDZk.exe
  2⤵
  PID:8788
- C:\Windows\System\zbIGeXt.exe
  C:\Windows\System\zbIGeXt.exe
  2⤵
  PID:8804
- C:\Windows\System\veLgkxl.exe
  C:\Windows\System\veLgkxl.exe
  2⤵
  PID:8820
- C:\Windows\System\ErccduA.exe
  C:\Windows\System\ErccduA.exe
  2⤵
  PID:8836
- C:\Windows\System\seAliAw.exe
  C:\Windows\System\seAliAw.exe
  2⤵
  PID:8852
- C:\Windows\System\DqTIzPz.exe
  C:\Windows\System\DqTIzPz.exe
  2⤵
  PID:8868
- C:\Windows\System\CXySkuV.exe
  C:\Windows\System\CXySkuV.exe
  2⤵
  PID:8884
- C:\Windows\System\ESsTlno.exe
  C:\Windows\System\ESsTlno.exe
  2⤵
  PID:8900
- C:\Windows\System\GlrHcjX.exe
  C:\Windows\System\GlrHcjX.exe
  2⤵
  PID:8916
- C:\Windows\System\nseszlB.exe
  C:\Windows\System\nseszlB.exe
  2⤵
  PID:8932
- C:\Windows\System\MnVAxeI.exe
  C:\Windows\System\MnVAxeI.exe
  2⤵
  PID:8948
- C:\Windows\System\loVvcMO.exe
  C:\Windows\System\loVvcMO.exe
  2⤵
  PID:8964
- C:\Windows\System\kRtIapb.exe
  C:\Windows\System\kRtIapb.exe
  2⤵
  PID:8980
- C:\Windows\System\pVtctAQ.exe
  C:\Windows\System\pVtctAQ.exe
  2⤵
  PID:8996
- C:\Windows\System\EZgXpqo.exe
  C:\Windows\System\EZgXpqo.exe
  2⤵
  PID:9012
- C:\Windows\System\yBsKYIs.exe
  C:\Windows\System\yBsKYIs.exe
  2⤵
  PID:9028
- C:\Windows\System\ndshPqp.exe
  C:\Windows\System\ndshPqp.exe
  2⤵
  PID:9044
- C:\Windows\System\uRXRFiF.exe
  C:\Windows\System\uRXRFiF.exe
  2⤵
  PID:9060
- C:\Windows\System\VJDmOvk.exe
  C:\Windows\System\VJDmOvk.exe
  2⤵
  PID:9076
- C:\Windows\System\ZPNkZfP.exe
  C:\Windows\System\ZPNkZfP.exe
  2⤵
  PID:9092
- C:\Windows\System\oPXbaEN.exe
  C:\Windows\System\oPXbaEN.exe
  2⤵
  PID:9108
- C:\Windows\System\WMBemdH.exe
  C:\Windows\System\WMBemdH.exe
  2⤵
  PID:9124
- C:\Windows\System\rfcozwn.exe
  C:\Windows\System\rfcozwn.exe
  2⤵
  PID:9152
- C:\Windows\System\ShIhzDn.exe
  C:\Windows\System\ShIhzDn.exe
  2⤵
  PID:9168
- C:\Windows\System\cyZYFMH.exe
  C:\Windows\System\cyZYFMH.exe
  2⤵
  PID:9184
- C:\Windows\System\NAksHHK.exe
  C:\Windows\System\NAksHHK.exe
  2⤵
  PID:9200
- C:\Windows\System\AGCBwbY.exe
  C:\Windows\System\AGCBwbY.exe
  2⤵
  PID:1968
- C:\Windows\System\RBShizC.exe
  C:\Windows\System\RBShizC.exe
  2⤵
  PID:7476
- C:\Windows\System\yTALSWs.exe
  C:\Windows\System\yTALSWs.exe
  2⤵
  PID:6176
- C:\Windows\System\tRwBUtL.exe
  C:\Windows\System\tRwBUtL.exe
  2⤵
  PID:8236
- C:\Windows\System\WMmoglF.exe
  C:\Windows\System\WMmoglF.exe
  2⤵
  PID:2740
- C:\Windows\System\OwSxMbH.exe
  C:\Windows\System\OwSxMbH.exe
  2⤵
  PID:7624
- C:\Windows\System\EipbYMR.exe
  C:\Windows\System\EipbYMR.exe
  2⤵
  PID:7356
- C:\Windows\System\QsjsOjE.exe
  C:\Windows\System\QsjsOjE.exe
  2⤵
  PID:7296
- C:\Windows\System\vyDMhpH.exe
  C:\Windows\System\vyDMhpH.exe
  2⤵
  PID:2276
- C:\Windows\System\xpqQuWJ.exe
  C:\Windows\System\xpqQuWJ.exe
  2⤵
  PID:8216
- C:\Windows\System\OZJVWGz.exe
  C:\Windows\System\OZJVWGz.exe
  2⤵
  PID:8280
- C:\Windows\System\VqVXULC.exe
  C:\Windows\System\VqVXULC.exe
  2⤵
  PID:8320
- C:\Windows\System\UxCGByP.exe
  C:\Windows\System\UxCGByP.exe
  2⤵
  PID:8344
- C:\Windows\System\XelGMzA.exe
  C:\Windows\System\XelGMzA.exe
  2⤵
  PID:8428
- C:\Windows\System\DoXvsCi.exe
  C:\Windows\System\DoXvsCi.exe
  2⤵
  PID:8388
- C:\Windows\System\yRneDZr.exe
  C:\Windows\System\yRneDZr.exe
  2⤵
  PID:8468
- C:\Windows\System\oDXUjrG.exe
  C:\Windows\System\oDXUjrG.exe
  2⤵
  PID:8444
- C:\Windows\System\VWfeeCB.exe
  C:\Windows\System\VWfeeCB.exe
  2⤵
  PID:3060
- C:\Windows\System\fraaajd.exe
  C:\Windows\System\fraaajd.exe
  2⤵
  PID:8364
- C:\Windows\System\qTzBTEw.exe
  C:\Windows\System\qTzBTEw.exe
  2⤵
  PID:8488
- C:\Windows\System\mZQmtxC.exe
  C:\Windows\System\mZQmtxC.exe
  2⤵
  PID:8552
- C:\Windows\System\fpMahts.exe
  C:\Windows\System\fpMahts.exe
  2⤵
  PID:8536
- C:\Windows\System\jjPYmyx.exe
  C:\Windows\System\jjPYmyx.exe
  2⤵
  PID:8600
- C:\Windows\System\Rynecpl.exe
  C:\Windows\System\Rynecpl.exe
  2⤵
  PID:8636
- C:\Windows\System\wVjTjbq.exe
  C:\Windows\System\wVjTjbq.exe
  2⤵
  PID:8664
- C:\Windows\System\zjDcZKs.exe
  C:\Windows\System\zjDcZKs.exe
  2⤵
  PID:8620
- C:\Windows\System\SgkUAsL.exe
  C:\Windows\System\SgkUAsL.exe
  2⤵
  PID:8652
- C:\Windows\System\KJoozPd.exe
  C:\Windows\System\KJoozPd.exe
  2⤵
  PID:8768
- C:\Windows\System\ngaKDsW.exe
  C:\Windows\System\ngaKDsW.exe
  2⤵
  PID:8748
- C:\Windows\System\oiRPHQW.exe
  C:\Windows\System\oiRPHQW.exe
  2⤵
  PID:8732
- C:\Windows\System\PmDfTlQ.exe
  C:\Windows\System\PmDfTlQ.exe
  2⤵
  PID:8832
- C:\Windows\System\ABGtdzr.exe
  C:\Windows\System\ABGtdzr.exe
  2⤵
  PID:8896
- C:\Windows\System\dSonVVU.exe
  C:\Windows\System\dSonVVU.exe
  2⤵
  PID:8848
- C:\Windows\System\hEhkALG.exe
  C:\Windows\System\hEhkALG.exe
  2⤵
  PID:8976
- C:\Windows\System\TPkeeGo.exe
  C:\Windows\System\TPkeeGo.exe
  2⤵
  PID:9040
- C:\Windows\System\RqALKZn.exe
  C:\Windows\System\RqALKZn.exe
  2⤵
  PID:8988
- C:\Windows\System\OSQRGuQ.exe
  C:\Windows\System\OSQRGuQ.exe
  2⤵
  PID:9052
- C:\Windows\System\CmqeZqd.exe
  C:\Windows\System\CmqeZqd.exe
  2⤵
  PID:9140
- C:\Windows\System\pXKqWAy.exe
  C:\Windows\System\pXKqWAy.exe
  2⤵
  PID:9100
- C:\Windows\System\RqvJRkj.exe
  C:\Windows\System\RqvJRkj.exe
  2⤵
  PID:9088
- C:\Windows\System\OLVPwdK.exe
  C:\Windows\System\OLVPwdK.exe
  2⤵
  PID:9208
- C:\Windows\System\onfjwTF.exe
  C:\Windows\System\onfjwTF.exe
  2⤵
  PID:9192
- C:\Windows\System\rzdPFcH.exe
  C:\Windows\System\rzdPFcH.exe
  2⤵
  PID:9212
- C:\Windows\System\sCCxKoN.exe
  C:\Windows\System\sCCxKoN.exe
  2⤵
  PID:2868
- C:\Windows\System\iaKYKqU.exe
  C:\Windows\System\iaKYKqU.exe
  2⤵
  PID:8188
- C:\Windows\System\kitXpLq.exe
  C:\Windows\System\kitXpLq.exe
  2⤵
  PID:2508
- C:\Windows\System\RZCkTIZ.exe
  C:\Windows\System\RZCkTIZ.exe
  2⤵
  PID:8420
- C:\Windows\System\ijrMPRc.exe
  C:\Windows\System\ijrMPRc.exe
  2⤵
  PID:7656
- C:\Windows\System\MtVVciC.exe
  C:\Windows\System\MtVVciC.exe
  2⤵
  PID:8400
- C:\Windows\System\LSGZAEJ.exe
  C:\Windows\System\LSGZAEJ.exe
  2⤵
  PID:8296
- C:\Windows\System\tMqSQhJ.exe
  C:\Windows\System\tMqSQhJ.exe
  2⤵
  PID:8232
- C:\Windows\System\ahUAWlN.exe
  C:\Windows\System\ahUAWlN.exe
  2⤵
  PID:8512
- C:\Windows\System\cXlpsNg.exe
  C:\Windows\System\cXlpsNg.exe
  2⤵
  PID:8464
- C:\Windows\System\qQXfCAg.exe
  C:\Windows\System\qQXfCAg.exe
  2⤵
  PID:8408
- C:\Windows\System\XaRKQwn.exe
  C:\Windows\System\XaRKQwn.exe
  2⤵
  PID:8632
- C:\Windows\System\JtigPIi.exe
  C:\Windows\System\JtigPIi.exe
  2⤵
  PID:8712
- C:\Windows\System\IENNsOn.exe
  C:\Windows\System\IENNsOn.exe
  2⤵
  PID:8736
- C:\Windows\System\CKBuoIE.exe
  C:\Windows\System\CKBuoIE.exe
  2⤵
  PID:8780
- C:\Windows\System\Wbkjrru.exe
  C:\Windows\System\Wbkjrru.exe
  2⤵
  PID:8784
- C:\Windows\System\xdHGenS.exe
  C:\Windows\System\xdHGenS.exe
  2⤵
  PID:8992
- C:\Windows\System\tcOScWC.exe
  C:\Windows\System\tcOScWC.exe
  2⤵
  PID:6908
- C:\Windows\System\rvjagiS.exe
  C:\Windows\System\rvjagiS.exe
  2⤵
  PID:8380
- C:\Windows\System\fLflKWa.exe
  C:\Windows\System\fLflKWa.exe
  2⤵
  PID:6340
- C:\Windows\System\NVndgye.exe
  C:\Windows\System\NVndgye.exe
  2⤵
  PID:8460
- C:\Windows\System\AtHciel.exe
  C:\Windows\System\AtHciel.exe
  2⤵
  PID:8508
- C:\Windows\System\ENVIcSd.exe
  C:\Windows\System\ENVIcSd.exe
  2⤵
  PID:9180
- C:\Windows\System\ZkYKhof.exe
  C:\Windows\System\ZkYKhof.exe
  2⤵
  PID:8764
- C:\Windows\System\BrICOsq.exe
  C:\Windows\System\BrICOsq.exe
  2⤵
  PID:8828
- C:\Windows\System\wIibvad.exe
  C:\Windows\System\wIibvad.exe
  2⤵
  PID:8972
- C:\Windows\System\aYKSZZi.exe
  C:\Windows\System\aYKSZZi.exe
  2⤵
  PID:9160
- C:\Windows\System\nLEgDTA.exe
  C:\Windows\System\nLEgDTA.exe
  2⤵
  PID:9020
- C:\Windows\System\KvjObVk.exe
  C:\Windows\System\KvjObVk.exe
  2⤵
  PID:8316
- C:\Windows\System\PZaOsne.exe
  C:\Windows\System\PZaOsne.exe
  2⤵
  PID:8340
- C:\Windows\System\yVuiYxV.exe
  C:\Windows\System\yVuiYxV.exe
  2⤵
  PID:8268
- C:\Windows\System\ZRPQmDH.exe
  C:\Windows\System\ZRPQmDH.exe
  2⤵
  PID:8524
- C:\Windows\System\xJgBfMM.exe
  C:\Windows\System\xJgBfMM.exe
  2⤵
  PID:8360
- C:\Windows\System\lsPCIXT.exe
  C:\Windows\System\lsPCIXT.exe
  2⤵
  PID:8912
- C:\Windows\System\IYZKkvW.exe
  C:\Windows\System\IYZKkvW.exe
  2⤵
  PID:8616
- C:\Windows\System\flHqNcS.exe
  C:\Windows\System\flHqNcS.exe
  2⤵
  PID:9056
- C:\Windows\System\npXODwK.exe
  C:\Windows\System\npXODwK.exe
  2⤵
  PID:9176
- C:\Windows\System\jznnqXo.exe
  C:\Windows\System\jznnqXo.exe
  2⤵
  PID:8300
- C:\Windows\System\bTUxxWV.exe
  C:\Windows\System\bTUxxWV.exe
  2⤵
  PID:9148
- C:\Windows\System\SgVAnBT.exe
  C:\Windows\System\SgVAnBT.exe
  2⤵
  PID:9036
- C:\Windows\System\coAIyHn.exe
  C:\Windows\System\coAIyHn.exe
  2⤵
  PID:9228
- C:\Windows\System\kJcUuKG.exe
  C:\Windows\System\kJcUuKG.exe
  2⤵
  PID:9244
- C:\Windows\System\iUIJYat.exe
  C:\Windows\System\iUIJYat.exe
  2⤵
  PID:9264
- C:\Windows\System\eHeKvwL.exe
  C:\Windows\System\eHeKvwL.exe
  2⤵
  PID:9280
- C:\Windows\System\kWooAxQ.exe
  C:\Windows\System\kWooAxQ.exe
  2⤵
  PID:9296
- C:\Windows\System\nRDpQoU.exe
  C:\Windows\System\nRDpQoU.exe
  2⤵
  PID:9316
- C:\Windows\System\SHUdWZr.exe
  C:\Windows\System\SHUdWZr.exe
  2⤵
  PID:9332
- C:\Windows\System\cgVKeFu.exe
  C:\Windows\System\cgVKeFu.exe
  2⤵
  PID:9348
- C:\Windows\System\oFVRnZh.exe
  C:\Windows\System\oFVRnZh.exe
  2⤵
  PID:9364
- C:\Windows\System\FFYuNCW.exe
  C:\Windows\System\FFYuNCW.exe
  2⤵
  PID:9380
- C:\Windows\System\YhDYAeF.exe
  C:\Windows\System\YhDYAeF.exe
  2⤵
  PID:9400
- C:\Windows\System\ChjLWdS.exe
  C:\Windows\System\ChjLWdS.exe
  2⤵
  PID:9416
- C:\Windows\System\iLTbFNj.exe
  C:\Windows\System\iLTbFNj.exe
  2⤵
  PID:9432
- C:\Windows\System\dooATYC.exe
  C:\Windows\System\dooATYC.exe
  2⤵
  PID:9448
- C:\Windows\System\PIjZnWC.exe
  C:\Windows\System\PIjZnWC.exe
  2⤵
  PID:9464
- C:\Windows\System\IayNzHK.exe
  C:\Windows\System\IayNzHK.exe
  2⤵
  PID:9480
- C:\Windows\System\CVxvKyU.exe
  C:\Windows\System\CVxvKyU.exe
  2⤵
  PID:9496
- C:\Windows\System\ZQLAQdk.exe
  C:\Windows\System\ZQLAQdk.exe
  2⤵
  PID:9512
- C:\Windows\System\ranWUIq.exe
  C:\Windows\System\ranWUIq.exe
  2⤵
  PID:9528
- C:\Windows\System\PbxUAvG.exe
  C:\Windows\System\PbxUAvG.exe
  2⤵
  PID:9548
- C:\Windows\System\AByhTqA.exe
  C:\Windows\System\AByhTqA.exe
  2⤵
  PID:9612
- C:\Windows\System\mLbgUSE.exe
  C:\Windows\System\mLbgUSE.exe
  2⤵
  PID:9628
- C:\Windows\System\qocZAIj.exe
  C:\Windows\System\qocZAIj.exe
  2⤵
  PID:9644
- C:\Windows\System\yzIJOSi.exe
  C:\Windows\System\yzIJOSi.exe
  2⤵
  PID:9660
- C:\Windows\System\TwJwdMz.exe
  C:\Windows\System\TwJwdMz.exe
  2⤵
  PID:9676
- C:\Windows\System\TeffhYu.exe
  C:\Windows\System\TeffhYu.exe
  2⤵
  PID:9692
- C:\Windows\System\AtLYYGf.exe
  C:\Windows\System\AtLYYGf.exe
  2⤵
  PID:9708
- C:\Windows\System\SLJCGQn.exe
  C:\Windows\System\SLJCGQn.exe
  2⤵
  PID:9724
- C:\Windows\System\pZNZuDL.exe
  C:\Windows\System\pZNZuDL.exe
  2⤵
  PID:9740
- C:\Windows\System\SzAFzWR.exe
  C:\Windows\System\SzAFzWR.exe
  2⤵
  PID:9756
- C:\Windows\System\ESLlzsq.exe
  C:\Windows\System\ESLlzsq.exe
  2⤵
  PID:9772
- C:\Windows\System\CHYIoZK.exe
  C:\Windows\System\CHYIoZK.exe
  2⤵
  PID:9788
- C:\Windows\System\RbrHyOv.exe
  C:\Windows\System\RbrHyOv.exe
  2⤵
  PID:9804
- C:\Windows\System\gtYrIhH.exe
  C:\Windows\System\gtYrIhH.exe
  2⤵
  PID:9824
- C:\Windows\System\BmkYPuv.exe
  C:\Windows\System\BmkYPuv.exe
  2⤵
  PID:9840
- C:\Windows\System\hdcylWu.exe
  C:\Windows\System\hdcylWu.exe
  2⤵
  PID:9856
- C:\Windows\System\BZjcooX.exe
  C:\Windows\System\BZjcooX.exe
  2⤵
  PID:9872
- C:\Windows\System\sQmbykI.exe
  C:\Windows\System\sQmbykI.exe
  2⤵
  PID:9888
- C:\Windows\System\WOVXDVm.exe
  C:\Windows\System\WOVXDVm.exe
  2⤵
  PID:9904
- C:\Windows\System\gGVfeoa.exe
  C:\Windows\System\gGVfeoa.exe
  2⤵
  PID:9920
- C:\Windows\System\Hroxzke.exe
  C:\Windows\System\Hroxzke.exe
  2⤵
  PID:9936
- C:\Windows\System\jgoEHZM.exe
  C:\Windows\System\jgoEHZM.exe
  2⤵
  PID:9956
- C:\Windows\System\ZUMnHLH.exe
  C:\Windows\System\ZUMnHLH.exe
  2⤵
  PID:9976
- C:\Windows\System\gmCgfhz.exe
  C:\Windows\System\gmCgfhz.exe
  2⤵
  PID:9996
- C:\Windows\System\eVvXrvW.exe
  C:\Windows\System\eVvXrvW.exe
  2⤵
  PID:10016
- C:\Windows\System\rjvCIBj.exe
  C:\Windows\System\rjvCIBj.exe
  2⤵
  PID:10052
- C:\Windows\System\SgaOTRV.exe
  C:\Windows\System\SgaOTRV.exe
  2⤵
  PID:10068
- C:\Windows\System\oRJRpTJ.exe
  C:\Windows\System\oRJRpTJ.exe
  2⤵
  PID:10084
- C:\Windows\System\DaONNTy.exe
  C:\Windows\System\DaONNTy.exe
  2⤵
  PID:10100
- C:\Windows\System\KzbDUQd.exe
  C:\Windows\System\KzbDUQd.exe
  2⤵
  PID:10116
- C:\Windows\System\boUwVMZ.exe
  C:\Windows\System\boUwVMZ.exe
  2⤵
  PID:10132
- C:\Windows\System\YuPfFWk.exe
  C:\Windows\System\YuPfFWk.exe
  2⤵
  PID:10148
- C:\Windows\System\xiDQlcO.exe
  C:\Windows\System\xiDQlcO.exe
  2⤵
  PID:10164
- C:\Windows\System\IpiGOqn.exe
  C:\Windows\System\IpiGOqn.exe
  2⤵
  PID:10180
- C:\Windows\System\NfVvlwF.exe
  C:\Windows\System\NfVvlwF.exe
  2⤵
  PID:10196
- C:\Windows\System\sRWpAJT.exe
  C:\Windows\System\sRWpAJT.exe
  2⤵
  PID:10212
- C:\Windows\System\nCOFzBz.exe
  C:\Windows\System\nCOFzBz.exe
  2⤵
  PID:10228
- C:\Windows\System\iwkzZmr.exe
  C:\Windows\System\iwkzZmr.exe
  2⤵
  PID:9252
- C:\Windows\System\WRVHuQK.exe
  C:\Windows\System\WRVHuQK.exe
  2⤵
  PID:1924
- C:\Windows\System\NDnkCnL.exe
  C:\Windows\System\NDnkCnL.exe
  2⤵
  PID:9276
- C:\Windows\System\UhXrZFk.exe
  C:\Windows\System\UhXrZFk.exe
  2⤵
  PID:9240
- C:\Windows\System\pxloVPQ.exe
  C:\Windows\System\pxloVPQ.exe
  2⤵
  PID:9224
- C:\Windows\System\nRYzFWC.exe
  C:\Windows\System\nRYzFWC.exe
  2⤵
  PID:9392
- C:\Windows\System\RBSjzVD.exe
  C:\Windows\System\RBSjzVD.exe
  2⤵
  PID:9428
- C:\Windows\System\UvoisyY.exe
  C:\Windows\System\UvoisyY.exe
  2⤵
  PID:9492
- C:\Windows\System\uBFXRBw.exe
  C:\Windows\System\uBFXRBw.exe
  2⤵
  PID:9440
- C:\Windows\System\yPpFZZJ.exe
  C:\Windows\System\yPpFZZJ.exe
  2⤵
  PID:9472
- C:\Windows\System\scBipun.exe
  C:\Windows\System\scBipun.exe
  2⤵
  PID:9540
- C:\Windows\System\UWNKldr.exe
  C:\Windows\System\UWNKldr.exe
  2⤵
  PID:9372
- C:\Windows\System\dmmnEQT.exe
  C:\Windows\System\dmmnEQT.exe
  2⤵
  PID:9564
- C:\Windows\System\uIhtcnA.exe
  C:\Windows\System\uIhtcnA.exe
  2⤵
  PID:9388
- C:\Windows\System\yPMlefr.exe
  C:\Windows\System\yPMlefr.exe
  2⤵
  PID:9576
- C:\Windows\System\lGWtsqN.exe
  C:\Windows\System\lGWtsqN.exe
  2⤵
  PID:9588
- C:\Windows\System\OtqHqKG.exe
  C:\Windows\System\OtqHqKG.exe
  2⤵
  PID:9620
- C:\Windows\System\QsCLGWS.exe
  C:\Windows\System\QsCLGWS.exe
  2⤵
  PID:2440
- C:\Windows\System\ghHaVZd.exe
  C:\Windows\System\ghHaVZd.exe
  2⤵
  PID:9684
- C:\Windows\System\NVqdXQa.exe
  C:\Windows\System\NVqdXQa.exe
  2⤵
  PID:9668
- C:\Windows\System\XwATGnY.exe
  C:\Windows\System\XwATGnY.exe
  2⤵
  PID:9748
- C:\Windows\System\QtEcVxu.exe
  C:\Windows\System\QtEcVxu.exe
  2⤵
  PID:9688
- C:\Windows\System\BdxxXBw.exe
  C:\Windows\System\BdxxXBw.exe
  2⤵
  PID:9852
- C:\Windows\System\FBENzLj.exe
  C:\Windows\System\FBENzLj.exe
  2⤵
  PID:9912
- C:\Windows\System\dtmAIjT.exe
  C:\Windows\System\dtmAIjT.exe
  2⤵
  PID:9700
- C:\Windows\System\sqpaZkS.exe
  C:\Windows\System\sqpaZkS.exe
  2⤵
  PID:9768
- C:\Windows\System\XdeAeBD.exe
  C:\Windows\System\XdeAeBD.exe
  2⤵
  PID:9932
- C:\Windows\System\anrFmiY.exe
  C:\Windows\System\anrFmiY.exe
  2⤵
  PID:9948
- C:\Windows\System\xQrgxKP.exe
  C:\Windows\System\xQrgxKP.exe
  2⤵
  PID:9952
- C:\Windows\System\Cixhfwu.exe
  C:\Windows\System\Cixhfwu.exe
  2⤵
  PID:9988
- C:\Windows\System\NTvIhtL.exe
  C:\Windows\System\NTvIhtL.exe
  2⤵
  PID:10024
- C:\Windows\System\EwqVctb.exe
  C:\Windows\System\EwqVctb.exe
  2⤵
  PID:10012
- C:\Windows\System\gNtGQLP.exe
  C:\Windows\System\gNtGQLP.exe
  2⤵
  PID:10064
- C:\Windows\System\fkGZJKn.exe
  C:\Windows\System\fkGZJKn.exe
  2⤵
  PID:10124
- C:\Windows\System\JKmQZED.exe
  C:\Windows\System\JKmQZED.exe
  2⤵
  PID:10112
- C:\Windows\System\EHUeXPp.exe
  C:\Windows\System\EHUeXPp.exe
  2⤵
  PID:10176
- C:\Windows\System\DAmIqat.exe
  C:\Windows\System\DAmIqat.exe
  2⤵
  PID:10188
- C:\Windows\System\bUjUnsn.exe
  C:\Windows\System\bUjUnsn.exe
  2⤵
  PID:9292
- C:\Windows\System\XWEzGYj.exe
  C:\Windows\System\XWEzGYj.exe
  2⤵
  PID:8880
- C:\Windows\System\ubRUXaq.exe
  C:\Windows\System\ubRUXaq.exe
  2⤵
  PID:9488
- C:\Windows\System\EezGXvR.exe
  C:\Windows\System\EezGXvR.exe
  2⤵
  PID:9340
- C:\Windows\System\adZqFmd.exe
  C:\Windows\System\adZqFmd.exe
  2⤵
  PID:9560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BAaHigU.exe

Filesize
6.0MB

MD5
c9a36a0b7c33e6e973cbf73665575aa3

SHA1
b32345e006409e86faef017bb9a4e8ac8c8ec003

SHA256
e2c9febed35a6a477db14a990472769cf4c56a97a85244eeefb057898782846e

SHA512
f4a31fa0fe2ccfd46f49923492ee00606164cb17fc52791e04976c7021a015b5b512be890e8c23996a657f956eeb43a42b2747650ac08bfcb396f201d6319282

Download Submit
C:\Windows\system\BeVRXNs.exe

Filesize
6.0MB

MD5
840e36eac2fca81dca6fda1052c465aa

SHA1
f5531f44df2e7cf3a7029a518c8b50024a0b979a

SHA256
f9f0023af89b755568ec0779637fb537cda061ddc1cdf76d2d2d358cb6440a63

SHA512
825c240ddc9bd5aa1834457320aac85996d1c805b9471066b415848789086e7c5af8cead09bd3fdbc6c176d1801f53147b327ef4a396dd8689e0f2925e8ea90d

Download Submit
C:\Windows\system\CfiUQme.exe

Filesize
6.0MB

MD5
a581c2f206c28c8c88afb4c37cb3705c

SHA1
0f0a7f8e36c48817b614d8ece8bb26d3eac4035c

SHA256
58067b289237f737211c1ddf96f2b386dc14449885f48951389b87788c83edfe

SHA512
924bfb3e286a34391ef990866dedd4cd55d3986c696483194d594c4bc4dca8d015299c32638658e9c7e79422e5ac3697f4ef30aeffa18a440eeb9ff311ba0404

Download Submit
C:\Windows\system\EaBELkz.exe

Filesize
6.0MB

MD5
8eb67b323268873168351eddef3f1976

SHA1
a6011c487c0376ce8e1a51ed9263c5b4b17e5b97

SHA256
510abb67d92ddb528ec906152511692f6c3259ce49b42e78e5c2b419b0c02fd0

SHA512
afb92f3a67995648c40171ad0721d6c2ac29dd199b6dbc2ec672a660fd1b78de267123b052f66157bc44fb78506be57f2121aea754287e4f17f3eb0344573da7

Download Submit
C:\Windows\system\IciwGWb.exe

Filesize
6.0MB

MD5
39a0957fa0e9871d6fbcf5c811b603da

SHA1
f55244e71eae9fe1fd582afe83adf6b005b66376

SHA256
3a40d1d95b34b3bb4564b23bed53d11472cc9bea38df67985ee0b9639c1d70e9

SHA512
84f6c4bb81ad8b5ef6161b937782fd30e4f1bcacd75efa88f48bbc86f9e47460b4d0b6bffa33537cfbefa781514e57edb68f8ad24ff719a61c0cf9955302cb69

Download Submit
C:\Windows\system\LclvAEX.exe

Filesize
6.0MB

MD5
3109da1be746c35b2928e81083335178

SHA1
c4293a003d5c04cab9b9e25e4d62cbaa185cf288

SHA256
468f6c66a18d18b6f494dfdab51613945a4ba83393c0e1540a143e70f751ab3c

SHA512
630e962670187d6e6e795d811c33efbfee5c70aaa0279afd99d5a12a14410a79db3a08da6d5863055c70c252b9a6cd69e47789d0fcea250233e4e98e4229773a

Download Submit
C:\Windows\system\OFhHnVL.exe

Filesize
6.0MB

MD5
f74a3bb512d822327df3b2c83d55e123

SHA1
27f7e405279ed6213d285fa7534a0c0605b12f16

SHA256
3e20d88b6be0f94719d2e3d2838a9ad5b3a264ad15ff581a56551231594c3268

SHA512
3e24f986e2519886c6c03f62b4c2457c383f4a8273a073a8b993ad74c67afc6771a10b605785abccebeca7a85a5bdb1b33bdcdb339bf4f7af200e5e91fbe76ac

Download Submit
C:\Windows\system\PYmbtOB.exe

Filesize
6.0MB

MD5
732b362d129239bec4d3e87bc831f291

SHA1
ffa5decc641bc6add23cabe8781b290bcc1e3739

SHA256
dc92c526c6a2ec657fe1d96e90f3e957d728c97d14ce9b413107b3ad4b30a8ad

SHA512
888adbcbd8e9200c0f4d79b357becefae0e6e03d5154822dbd7a35886309de0e20b64a234ae9618072d8db80a10cb2f3498853ce4ed7f4bb19d9579d3bef0000

Download Submit
C:\Windows\system\QDKTjVT.exe

Filesize
6.0MB

MD5
892ed06b13e6ff8002fdb59888bbe373

SHA1
1cacd196a8ce0dac182b21f841ab71348f4d6909

SHA256
7e2e89d4753ce9a04713786c6bcd1df3c5732d17184e1cf2a18f427e0ba2fba1

SHA512
ad6154b05bc74d8ebf21e6bf5bd6aedeb977e5fc327a9bfd19e703afb1ac2ed1164f4e127291a40620e5f01475f336c8566b5cb26f2d7a15cde8b68523330208

Download Submit
C:\Windows\system\QJFGeqm.exe

Filesize
6.0MB

MD5
5709e840ea2d5e82c657889e7ca91fae

SHA1
bc26ef6e772712f348d9b283cd009f1f621c7f6d

SHA256
3307bc256701a89bf8289117e9419f4c688c0efcade36078c9e678a9cec2d2bb

SHA512
e900b22fa56b573c2255202bc276d59c431ea82f8606556545a5a4bd953b428f64c5e738ae93e0326fa2d06bf1c6a837462a4f8320a0a408d6b7f7a6dbebff96

Download Submit
C:\Windows\system\QijIiNj.exe

Filesize
6.0MB

MD5
c17c5cfa316f37b132511f8517dc0db5

SHA1
baf87e638d75d53ea100be7e58d91b1cb0f78d2c

SHA256
31160a35931502d77a66c6d7e2655c689c4b667d95b500aeb9512f34e0222e8c

SHA512
4e3711d8a8fbf274ab291af7bb54d0296ac3782118babac1dc48a84051587ef166f8e75f081fea7f70107350502b3cafe4fab12df2c44aa087b5a250d349fb87

Download Submit
C:\Windows\system\RZREgmF.exe

Filesize
6.0MB

MD5
fb8f7cc9d90ac35e026b783c9459f951

SHA1
6c32aab7d973ea38e63aa31a695304e1b451c91a

SHA256
108bbd47c2f99b24fe08f2723cec11d080134b35cdef0668916d343c70ff8704

SHA512
6e31dbfa8035141780da72c788852321af6a1fc1a854b28dc4b96f273e63e23619359d23f948bf1e60da89fd01b28405e53401986b0d76acc4384d03fa9886b4

Download Submit
C:\Windows\system\SupKpMs.exe

Filesize
6.0MB

MD5
6157078399ddb26e7056bcc7a3314023

SHA1
4b40d10032fa8302e239c422e213f846822e4afe

SHA256
0ee1be81144927605601634ae1471126eac24c014c1714b585d861dddcaa0b26

SHA512
bb26ebf9b749e2d7a0b6f6d013b06c889625815ed4b09461c2ce91f3966b6e00f99ad624b542f6e769c945f7fa63f33846a5e3944c2642612d7d2e617fa2852d

Download Submit
C:\Windows\system\TluXgJk.exe

Filesize
6.0MB

MD5
e058664a59dbdafcc6a8e8ec07be7c14

SHA1
f877ca7326c980e7c66616d1cfdaec0883a028a8

SHA256
af627cfa897c251c1719b94dae4c5ccc0a6f955cd17517803fb47a7278732148

SHA512
e63a4e38bcb89fcacc0a53cea9c7bef0647d406e4d892b0248ee15a2e3df964a84fe02d2775eaa37bfd29eced899e66a6e26a7f3ef0bf94195ff6b8667116361

Download Submit
C:\Windows\system\UfUkOyD.exe

Filesize
6.0MB

MD5
5de73730870e6569b838a6636b377aa6

SHA1
5898ce1f4f2ed4c2653cd149653607b2b9df17a7

SHA256
8790ddbba292e0ea7c66f8933884501a099037716c3174169f57dd23aabb61fe

SHA512
8071720ec14c38505f80c4d8ecfe9527e84a25e5af4410902a275342834a598b2b5c70bc03cde48cd5d643b68c33dcad3a1eade6700a56c5e9a16854f4c26759

Download Submit
C:\Windows\system\UfVijUa.exe

Filesize
6.0MB

MD5
46f17af5434ddfc4b42ad5810c12c262

SHA1
0a42d67e5729ea15decd0c3e9a21741eebdecd09

SHA256
19e797734096552ffd8f0d8eb3f7dab1a408dd52a97025b4c8cbb747bfcaa314

SHA512
0a2b3e9e8270bd6a6400e6fa5b5f840286b7883b36a809462fa11e5736bd96b8e2d366d5254a47e63c6c1f9d0a2e73489555a806251d9d58c78f27c9f83d2409

Download Submit
C:\Windows\system\ZUUryyT.exe

Filesize
6.0MB

MD5
6b1d072e29ebd8339f1d8668d065172c

SHA1
4b731a67b073bf5813b987d04da8dfc66dd59a87

SHA256
b2d1e8fa7f725ca0e8fdf7e41b601304b651552186c5d050cf29537ba4fdbca5

SHA512
5636fb328435344f81d29ca506131ea30abfafd920ef9a51df8d506c25c6c9b15a3c78833884e2501d78abe79acb9799e2212f35e2548fe7c52c20dc4333a794

Download Submit
C:\Windows\system\dqnrvfi.exe

Filesize
6.0MB

MD5
b0ea4aa7a417a9a031922452714639f1

SHA1
e943ddcf8d68c7467b151b14240a95ceb8d4177c

SHA256
34af83dddc34f05b1266d98122de20ba256185ddce1a5635a270b8fd4aeb4ecc

SHA512
8f22f71ab23ca035d835410c8267376316968d4c80a9f4116979be985e94a5d2c8568f9d0609a7b2a346237578759aa61f2cedbd6a814ff303347843cedbf259

Download Submit
C:\Windows\system\eivEIYL.exe

Filesize
6.0MB

MD5
185959869c0930a1a0ae94e9d5fb56b7

SHA1
491fb20f253290bc657979919835d680e757ff7f

SHA256
de5a89f50bebdefe902dd85732510b2f70ac6847e8eed31ecf5926d375741cbb

SHA512
3bb46d3a0b681419ac135a67b0a2cb44e8d05012c1b48516c10b15b2e9a1d05c817a1f96adba4ab53b0e01f7336c0562a39dad6d240ca2f8f9e065d9ba14f190

Download Submit
C:\Windows\system\hnMXOsY.exe

Filesize
6.0MB

MD5
7213b76017daca1e60bb3a3e45ec087b

SHA1
5bc2351caf22c6e374b9a6c1e8ef3f696ecdcfb3

SHA256
891a5e97ea0259baf19e3194548b77006ef0bf578a918678dbfe6454e189e407

SHA512
5c5bf4e7af446ed4d69bd2e076ccaa0167ef5f007bdc416cca798afcd0b1bfa97569f8e4017d6b3608b7a76ab2f594f1197930b21930e616e528795882554995

Download Submit
C:\Windows\system\nLEqhlS.exe

Filesize
6.0MB

MD5
d707ca240018bae7c87356e6e2c10338

SHA1
8133067edd315b419389729fb62969059c4db4a9

SHA256
7f0c09475fd2f001b36d7bc70a274e4acccb4103cedb8f6b4328a4acae8abada

SHA512
f82e02dacbd97b97b1adc7b4db6fa31e31f3595ad34ff4ff09bd7e858a9f04e687f8cf1ba935d4edb04ab36d695a0b194aff0bfaea54bfaee0bd4f2de86ff2a3

Download Submit
C:\Windows\system\pQgQOUM.exe

Filesize
6.0MB

MD5
26b1b9a321d2768600fcc89df8e53707

SHA1
4f101f400acaafa7b6df56458387b1602237f44a

SHA256
17fb12d68977194c5e90fd6d5a9b0d10103c04450a4329f1983f4cade4ad91fd

SHA512
e0c0e59852ada5278a8a455ab811fb4bd296e467fea262c309dd61b820754fac03d3d078765526d0e1d6f8c8d51528c098056945c44ebf1ef2e3f07b192d18a0

Download Submit
C:\Windows\system\qESYRlE.exe

Filesize
6.0MB

MD5
d3bfd3b568f57fc907a262c072977994

SHA1
68415e0947fb5a0d314836b032b13e9b9496008b

SHA256
23279920f52313589b2b5508ecd376e2402be6125bf99f1c4c8b9f83fb14b7d7

SHA512
cf10e0a23cc0ef9b3989c96fdb513c38348b512452e35a99d47f4c59285d5afb061f4be30f353c7b47c0c3ffa257529d1144862d399e154617e017d15c2635b8

Download Submit
C:\Windows\system\qmoOvgP.exe

Filesize
6.0MB

MD5
ce6a0badfa7dd6f6bfe14866587ef1aa

SHA1
ad07e1eab3a6d6ecb5cacaac42abc94478f892b9

SHA256
efc085d424913f82249811ad3cc89bd0c930a162cc51a5c4e89230d77fe958b7

SHA512
26183b4aabcc23b20b673eec2464508b35b0bf6c867c186e37f4d9c30239f6d448f01eb586f87c7170f014edfedde4ab32f6996031b5a22793021518f329c807

Download Submit
C:\Windows\system\vKWsvGw.exe

Filesize
6.0MB

MD5
0a0d36e05cd30e7bd3a52e4e1cb919b5

SHA1
5fafc8153ea664b68037f0f5998b73417d720c25

SHA256
f592990923a92630a0be052368a05a6a3e2265fc68859c3c8820455522ac116d

SHA512
acd497b1c9ee56d3d5acefc034b46b57b7827f5f43323d0e8316f98e0391171fae46caa63f3fc62bfaa27faf2b48acfaa35abfb92ce0d9f3ce549061ad1a0954

Download Submit
C:\Windows\system\vafkUsS.exe

Filesize
6.0MB

MD5
b0648aa422f701956f604cb3d2c42dc9

SHA1
fa2ee754089faf4ca86ba58999e028f83321a673

SHA256
a1cd0ebdb4a3405d30c63e844ddc61e46fca69fae06aaf9bde7c33fdc7ff8836

SHA512
7b35450a29dc690f2e2f772097862556de0d4e28662ea33c66fb109c240d16a3f976c7b6dd7dfda4a2832e1b3f74847ab4229de4f03f0e7626f8d6eb9e5c09d1

Download Submit
C:\Windows\system\veCrHGy.exe

Filesize
6.0MB

MD5
4a48c32261a1e986e02d04ed48535122

SHA1
1464ad57d0684b8c511e6f84b710c905d82c84c0

SHA256
6c3f8e867f63b74adf31d3cbee73ac31b6a7324c6af27b04c1970a357fa4b5ac

SHA512
dcd004e43d7a5f61381cd80bb90eef02204006280fbf638195b7960ebb5860d06ed46828e3b6173a1a7dcc08b7b094220b53772551c02d811717cc32eb1512ee

Download Submit
\Windows\system\Hljfkes.exe

Filesize
6.0MB

MD5
f90aae4d3eb08da7a3d6b8e734fcb320

SHA1
a4388bf058d1c9bb35cbc54eefd8854222034f77

SHA256
8102cd3d91b5c1b35ffaaa6adc3bb3d8b7b793a1c5e790e39977aee3be08309c

SHA512
df9e5ecca33c2705383cf04de005387c2378ade9a82a7c9197756613cf81c2718de7db5d3727bc249b7e116fdb624282dcff4e7dd7124d8fefb036a903e13b0e

Download Submit
\Windows\system\JhYAjAo.exe

Filesize
6.0MB

MD5
0df4f72dd78d21fa48e12979524ebc0a

SHA1
ad883cd5613ed6e2fe08009114a1959f191a6279

SHA256
9bb96a16f99c0148b5d38f9e94327cf565722250fc92db9744837f7b1fc5d603

SHA512
1e14d78fcd68596a2d222be1a80b065b484624c02ab326baf8b8ad66742d0ffcecac939c21ae7027e05e9a0c7fa44fbe8b7620f64382c823c2cb71b35ee5f1ce

Download Submit
\Windows\system\enuwPHi.exe

Filesize
6.0MB

MD5
3dcb5fab57f06d29a23e0c23301e5191

SHA1
20a74aa72a5aea5f89a03bdcf1dfc44cb24fa3a2

SHA256
42226ab1c7c75716f31b350a98bc1ad218e1e82ced1adaf56cfcc5a4cd6df654

SHA512
debf2e1f1bdf60edc37e141233f60e3d23edc3f24723d3b4ac6ef1d258b13e6586f6e01b86bbc1bac8fb784851e1fab3f5e3ffca90b6a9d537051af7c3b0297e

Download Submit
\Windows\system\uDVxdCT.exe

Filesize
6.0MB

MD5
8b652c644e8a4927ed175ba010af4eae

SHA1
25eed63e31af36c7f3af670d26596ec062ad3626

SHA256
62df5582cc24a2fd10ee8b78bbc4a893999fdb114d4c8249cd1976b8351b4518

SHA512
b2c1b1af63691561164c4f3ea2244e52093a3b23d4703517b3e318a4ea15b3ce9604055e246f3927a19bad7fecd43398200aaeab2e6ca9d0c7326cd3c0bc95e1

Download Submit
\Windows\system\vkXxkpZ.exe

Filesize
6.0MB

MD5
1aad7eab305859e1c0b1a7c4a8703286

SHA1
4e691103381393958ca231c0bdf4ac8de73f1c02

SHA256
f5eb0339d322a2df5a06c1190815207cd2d17acb26e1db0c1a21661529e26436

SHA512
cf2dddc44b3ff613eb9a5412fb8bfc748b4ea234b486849f8555a8118913d9eb621790cd71368f790726f38a0a45dff7ed96311ee1f0df680cdc0de842d0b7b9

Download Submit
memory/776-3738-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/776-87-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-98-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2124-3736-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2572-108-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2692-74-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2692-3737-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2720-112-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2379-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-119-0x000000013F500000-0x000000013F854000-memory.dmp

Filesize
3.3MB

Download
memory/2720-992-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-85-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-118-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-32-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-31-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-0-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-891-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2378-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-65-0x000000013FD80000-0x00000001400D4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-2380-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-80-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2720-75-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-106-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-107-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2720-114-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-8-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-115-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/2720-53-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2720-1-0x0000000000080000-0x0000000000090000-memory.dmp

Filesize
64KB

Download
memory/2720-2243-0x0000000002270000-0x00000000025C4000-memory.dmp

Filesize
3.3MB

Download
memory/2720-36-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2720-26-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-3741-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2756-81-0x000000013FFE0000-0x0000000140334000-memory.dmp

Filesize
3.3MB

Download
memory/2772-3735-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2772-120-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3734-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-13-0x000000013F790000-0x000000013FAE4000-memory.dmp

Filesize
3.3MB

Download
memory/2820-3740-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2820-102-0x000000013F710000-0x000000013FA64000-memory.dmp

Filesize
3.3MB

Download
memory/2856-46-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2980-3739-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2980-90-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/3032-892-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/3032-20-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download
memory/3032-3766-0x000000013F9B0000-0x000000013FD04000-memory.dmp

Filesize
3.3MB

Download