cobaltstrike | 9d1077ca7bbcc5332d8918b300c0cb519af47d24625146be8393c4a7d13268be

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

612a9d4e324257d13543e93954233e3e
SHA1

6e815ea7872f8cfb6dca0ede8ac4cdf77fd1a282
SHA256

9d1077ca7bbcc5332d8918b300c0cb519af47d24625146be8393c4a7d13268be
SHA512

d813810d471774fcc40c7abe97bf2cc29d897eee18d64f601102d69bf2c6668d51cd73846c36edd12e5c3c0d721048b422b5fc77521f6eaceeccfac4b170eb50
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUc:T+q56utgpPF8u/7c

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120f9-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016c4b-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c7c-9.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cb2-27.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cc4-34.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001938e-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193d1-80.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e6-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001945c-109.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001958b-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c2-124.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000196a0-184.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019931-188.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019665-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-174.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195e0-169.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195d0-164.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195cc-155.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ce-158.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ca-149.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c8-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-139.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-135.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c4-130.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-115.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f0-104.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016bf7-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a8-76.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019382-71.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016ccd-51.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-47.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ca5-26.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1704-0-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x00080000000120f9-3.dat	xmrig
behavioral1/files/0x0009000000016c4b-11.dat	xmrig
behavioral1/memory/2380-13-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/1240-10-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c7c-9.dat	xmrig
behavioral1/files/0x0008000000016cb2-27.dat	xmrig
behavioral1/files/0x0007000000016cc4-34.dat	xmrig
behavioral1/files/0x000500000001938e-61.dat	xmrig
behavioral1/memory/2380-67-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/1180-66-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2716-57-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/files/0x00050000000193d1-80.dat	xmrig
behavioral1/files/0x00050000000193e6-94.dat	xmrig
behavioral1/memory/2924-98-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/files/0x000500000001945c-109.dat	xmrig
behavioral1/files/0x000500000001958b-118.dat	xmrig
behavioral1/files/0x00050000000195c2-124.dat	xmrig
behavioral1/memory/2892-392-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/1704-1117-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/2716-3529-0x000000013FF00000-0x0000000140254000-memory.dmp	xmrig
behavioral1/memory/1400-3521-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2380-3516-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2712-3550-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2476-3551-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2696-3600-0x000000013FDA0000-0x00000001400F4000-memory.dmp	xmrig
behavioral1/memory/2836-3569-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2744-3558-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig
behavioral1/memory/2924-3552-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2784-3548-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/memory/2892-3549-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/1240-3547-0x000000013F5D0000-0x000000013F924000-memory.dmp	xmrig
behavioral1/memory/1180-3541-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2812-3525-0x000000013F2D0000-0x000000013F624000-memory.dmp	xmrig
behavioral1/memory/2924-972-0x000000013F220000-0x000000013F574000-memory.dmp	xmrig
behavioral1/memory/2476-752-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/2712-563-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2784-299-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x00050000000196a0-184.dat	xmrig
behavioral1/files/0x0005000000019931-188.dat	xmrig
behavioral1/files/0x0005000000019665-179.dat	xmrig
behavioral1/files/0x0005000000019624-174.dat	xmrig
behavioral1/files/0x00050000000195e0-169.dat	xmrig
behavioral1/files/0x00050000000195d0-164.dat	xmrig
behavioral1/files/0x00050000000195cc-155.dat	xmrig
behavioral1/files/0x00050000000195ce-158.dat	xmrig
behavioral1/files/0x00050000000195ca-149.dat	xmrig
behavioral1/files/0x00050000000195c8-145.dat	xmrig
behavioral1/files/0x00050000000195c7-139.dat	xmrig
behavioral1/files/0x00050000000195c6-135.dat	xmrig
behavioral1/files/0x00050000000195c4-130.dat	xmrig
behavioral1/files/0x00050000000194e2-115.dat	xmrig
behavioral1/files/0x00050000000193f0-104.dat	xmrig
behavioral1/memory/1180-102-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2476-91-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016bf7-90.dat	xmrig
behavioral1/memory/2712-85-0x000000013F390000-0x000000013F6E4000-memory.dmp	xmrig
behavioral1/memory/2892-78-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2836-77-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a8-76.dat	xmrig
behavioral1/memory/2784-72-0x000000013F1D0000-0x000000013F524000-memory.dmp	xmrig
behavioral1/files/0x0006000000019382-71.dat	xmrig
behavioral1/memory/1704-60-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2744-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1240	GLpNXIF.exe
2380	qEyahgj.exe
2836	rIbTOwJ.exe
1400	MOQWuHo.exe
2696	lcYaeMR.exe
2812	NBvodgR.exe
2716	UjuSapV.exe
2744	fqABwQy.exe
1180	MrQNexa.exe
2784	lAOmLMe.exe
2892	ZgvDEtY.exe
2712	jujyDFw.exe
2476	JCAZBZJ.exe
2924	KYzhjWZ.exe
1640	LWodHaJ.exe
2912	MwJMlPb.exe
680	XwnKZRX.exe
1004	OHZDbBL.exe
1648	ADytWLW.exe
1904	RYMVcCY.exe
1824	ioslnxN.exe
2056	nenLAZG.exe
2300	NIWSvXm.exe
992	bqZRDwT.exe
1596	mRxvXTV.exe
2076	tmgoTGn.exe
1988	VDpUstb.exe
896	wuOFJiI.exe
2416	SFdtift.exe
3024	NdISYEd.exe
684	KaqNkZB.exe
316	agBCmYU.exe
1624	zXjzvih.exe
600	aoIIrlA.exe
1776	nHrgOWo.exe
1660	ILGHtju.exe
1720	mkSgRfj.exe
900	DYqAAXh.exe
944	NBlQdOI.exe
832	CQxRvgV.exe
2036	tWgTxTJ.exe
2504	pSRzlIq.exe
1512	GRsPeex.exe
1712	HvEnsEb.exe
3032	jJzaUgQ.exe
2556	mOVuazv.exe
3000	foXqUbA.exe
1768	ocznKOu.exe
2172	fuaoIEf.exe
2492	dOHmnxB.exe
1800	XzmcdYv.exe
1708	FIddrTe.exe
1328	tBBxTsI.exe
1804	gbBPlEZ.exe
2800	XzfwvAM.exe
2208	frFpfFg.exe
2804	YBrBhKm.exe
2764	nSXvboG.exe
2952	AtJleVU.exe
2668	eFMbUcl.exe
2256	iALHrMU.exe
2164	ZvmKCHb.exe
2920	lNQzPJv.exe
668	ceOkArH.exe

Loads dropped DLL 64 IoCs

pid	Process
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1704-0-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x00080000000120f9-3.dat	upx
behavioral1/files/0x0009000000016c4b-11.dat	upx
behavioral1/memory/2380-13-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/1240-10-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/files/0x0008000000016c7c-9.dat	upx
behavioral1/files/0x0008000000016cb2-27.dat	upx
behavioral1/files/0x0007000000016cc4-34.dat	upx
behavioral1/files/0x000500000001938e-61.dat	upx
behavioral1/memory/2380-67-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/1180-66-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2716-57-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/files/0x00050000000193d1-80.dat	upx
behavioral1/files/0x00050000000193e6-94.dat	upx
behavioral1/memory/2924-98-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/files/0x000500000001945c-109.dat	upx
behavioral1/files/0x000500000001958b-118.dat	upx
behavioral1/files/0x00050000000195c2-124.dat	upx
behavioral1/memory/2892-392-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2716-3529-0x000000013FF00000-0x0000000140254000-memory.dmp	upx
behavioral1/memory/1400-3521-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2380-3516-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2712-3550-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2476-3551-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2696-3600-0x000000013FDA0000-0x00000001400F4000-memory.dmp	upx
behavioral1/memory/2836-3569-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2744-3558-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/2924-3552-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2784-3548-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/memory/2892-3549-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/1240-3547-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx
behavioral1/memory/1180-3541-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2812-3525-0x000000013F2D0000-0x000000013F624000-memory.dmp	upx
behavioral1/memory/2924-972-0x000000013F220000-0x000000013F574000-memory.dmp	upx
behavioral1/memory/2476-752-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2712-563-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2784-299-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x00050000000196a0-184.dat	upx
behavioral1/files/0x0005000000019931-188.dat	upx
behavioral1/files/0x0005000000019665-179.dat	upx
behavioral1/files/0x0005000000019624-174.dat	upx
behavioral1/files/0x00050000000195e0-169.dat	upx
behavioral1/files/0x00050000000195d0-164.dat	upx
behavioral1/files/0x00050000000195cc-155.dat	upx
behavioral1/files/0x00050000000195ce-158.dat	upx
behavioral1/files/0x00050000000195ca-149.dat	upx
behavioral1/files/0x00050000000195c8-145.dat	upx
behavioral1/files/0x00050000000195c7-139.dat	upx
behavioral1/files/0x00050000000195c6-135.dat	upx
behavioral1/files/0x00050000000195c4-130.dat	upx
behavioral1/files/0x00050000000194e2-115.dat	upx
behavioral1/files/0x00050000000193f0-104.dat	upx
behavioral1/memory/1180-102-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2476-91-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/files/0x0009000000016bf7-90.dat	upx
behavioral1/memory/2712-85-0x000000013F390000-0x000000013F6E4000-memory.dmp	upx
behavioral1/memory/2892-78-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/2836-77-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/files/0x00050000000193a8-76.dat	upx
behavioral1/memory/2784-72-0x000000013F1D0000-0x000000013F524000-memory.dmp	upx
behavioral1/files/0x0006000000019382-71.dat	upx
behavioral1/memory/1704-60-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2744-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp	upx
behavioral1/memory/1240-65-0x000000013F5D0000-0x000000013F924000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fXakDuC.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gKCgCaY.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aVgSzmp.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqpCOfk.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ySyJNvt.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hMTVTwn.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dZlFvov.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZYCypZ.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RoTmcwL.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HdfXgHx.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PAylZzY.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aQmPAjN.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fewUtEJ.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iHomaIy.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jWmITte.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pHTSylU.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mIDjNkR.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RhnbHrq.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QJkKACR.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dqTDeaS.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mFaaCsf.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ePLqxwD.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OemdkGU.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kZEgZtO.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HaBEXzy.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CzmzHye.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MxhloXt.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MqskCog.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkNbQdX.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hZzKYSZ.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LUIuEBG.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KPRJpbi.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGxVXTK.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HllRxfe.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WgaEatt.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SpolcdV.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KJRNmsr.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eKftwdh.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wZQYeiN.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYhtAnC.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGRCpmC.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HmZvWuJ.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IEqgYlR.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YvwJlLU.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jehyrFl.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KgBCnOM.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jgEvDfp.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jRlAdug.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DzSdAXl.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DizJdTu.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UJhbwyq.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehPTIbj.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YkinpaP.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kuUZNOV.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rqHEzmZ.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uvaASLJ.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LxTAOxl.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cNrQrsr.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BGcOoRt.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hVSZRGu.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DjAySED.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ziOEYgn.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aYKKuCo.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\siaDfkd.exe	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1240	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1704 wrote to memory of 1240	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1704 wrote to memory of 1240	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1704 wrote to memory of 2380	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 2380	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 2380	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1704 wrote to memory of 2836	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 2836	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 2836	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1704 wrote to memory of 1400	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 1400	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 1400	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1704 wrote to memory of 2696	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 2696	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 2696	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1704 wrote to memory of 2812	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2812	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2812	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1704 wrote to memory of 2744	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2744	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2744	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1704 wrote to memory of 2716	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2716	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2716	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1704 wrote to memory of 2784	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 2784	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 2784	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1704 wrote to memory of 1180	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 1180	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 1180	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1704 wrote to memory of 2892	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 2892	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 2892	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1704 wrote to memory of 2712	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 2712	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 2712	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1704 wrote to memory of 2476	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 2476	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 2476	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1704 wrote to memory of 2924	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 2924	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 2924	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1704 wrote to memory of 1640	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 1640	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 1640	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 1704 wrote to memory of 2912	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 2912	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 2912	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1704 wrote to memory of 680	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 680	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 680	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1704 wrote to memory of 1004	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 1004	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 1004	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1704 wrote to memory of 1648	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 1648	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 1648	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1704 wrote to memory of 1904	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 1904	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 1904	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1704 wrote to memory of 1824	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1704 wrote to memory of 1824	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1704 wrote to memory of 1824	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1704 wrote to memory of 2056	1704	2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_612a9d4e324257d13543e93954233e3e_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\System\GLpNXIF.exe
  C:\Windows\System\GLpNXIF.exe
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Windows\System\qEyahgj.exe
  C:\Windows\System\qEyahgj.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\rIbTOwJ.exe
  C:\Windows\System\rIbTOwJ.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\MOQWuHo.exe
  C:\Windows\System\MOQWuHo.exe
  2⤵
  - Executes dropped EXE
  PID:1400
- C:\Windows\System\lcYaeMR.exe
  C:\Windows\System\lcYaeMR.exe
  2⤵
  - Executes dropped EXE
  PID:2696
- C:\Windows\System\NBvodgR.exe
  C:\Windows\System\NBvodgR.exe
  2⤵
  - Executes dropped EXE
  PID:2812
- C:\Windows\System\fqABwQy.exe
  C:\Windows\System\fqABwQy.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\UjuSapV.exe
  C:\Windows\System\UjuSapV.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\lAOmLMe.exe
  C:\Windows\System\lAOmLMe.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\MrQNexa.exe
  C:\Windows\System\MrQNexa.exe
  2⤵
  - Executes dropped EXE
  PID:1180
- C:\Windows\System\ZgvDEtY.exe
  C:\Windows\System\ZgvDEtY.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\jujyDFw.exe
  C:\Windows\System\jujyDFw.exe
  2⤵
  - Executes dropped EXE
  PID:2712
- C:\Windows\System\JCAZBZJ.exe
  C:\Windows\System\JCAZBZJ.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\KYzhjWZ.exe
  C:\Windows\System\KYzhjWZ.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\LWodHaJ.exe
  C:\Windows\System\LWodHaJ.exe
  2⤵
  - Executes dropped EXE
  PID:1640
- C:\Windows\System\MwJMlPb.exe
  C:\Windows\System\MwJMlPb.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\XwnKZRX.exe
  C:\Windows\System\XwnKZRX.exe
  2⤵
  - Executes dropped EXE
  PID:680
- C:\Windows\System\OHZDbBL.exe
  C:\Windows\System\OHZDbBL.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\ADytWLW.exe
  C:\Windows\System\ADytWLW.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\RYMVcCY.exe
  C:\Windows\System\RYMVcCY.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\ioslnxN.exe
  C:\Windows\System\ioslnxN.exe
  2⤵
  - Executes dropped EXE
  PID:1824
- C:\Windows\System\nenLAZG.exe
  C:\Windows\System\nenLAZG.exe
  2⤵
  - Executes dropped EXE
  PID:2056
- C:\Windows\System\NIWSvXm.exe
  C:\Windows\System\NIWSvXm.exe
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System\bqZRDwT.exe
  C:\Windows\System\bqZRDwT.exe
  2⤵
  - Executes dropped EXE
  PID:992
- C:\Windows\System\mRxvXTV.exe
  C:\Windows\System\mRxvXTV.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\tmgoTGn.exe
  C:\Windows\System\tmgoTGn.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\VDpUstb.exe
  C:\Windows\System\VDpUstb.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\wuOFJiI.exe
  C:\Windows\System\wuOFJiI.exe
  2⤵
  - Executes dropped EXE
  PID:896
- C:\Windows\System\SFdtift.exe
  C:\Windows\System\SFdtift.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\NdISYEd.exe
  C:\Windows\System\NdISYEd.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\KaqNkZB.exe
  C:\Windows\System\KaqNkZB.exe
  2⤵
  - Executes dropped EXE
  PID:684
- C:\Windows\System\agBCmYU.exe
  C:\Windows\System\agBCmYU.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\zXjzvih.exe
  C:\Windows\System\zXjzvih.exe
  2⤵
  - Executes dropped EXE
  PID:1624
- C:\Windows\System\aoIIrlA.exe
  C:\Windows\System\aoIIrlA.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\nHrgOWo.exe
  C:\Windows\System\nHrgOWo.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\ILGHtju.exe
  C:\Windows\System\ILGHtju.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\mkSgRfj.exe
  C:\Windows\System\mkSgRfj.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\DYqAAXh.exe
  C:\Windows\System\DYqAAXh.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\NBlQdOI.exe
  C:\Windows\System\NBlQdOI.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\CQxRvgV.exe
  C:\Windows\System\CQxRvgV.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\tWgTxTJ.exe
  C:\Windows\System\tWgTxTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\pSRzlIq.exe
  C:\Windows\System\pSRzlIq.exe
  2⤵
  - Executes dropped EXE
  PID:2504
- C:\Windows\System\GRsPeex.exe
  C:\Windows\System\GRsPeex.exe
  2⤵
  - Executes dropped EXE
  PID:1512
- C:\Windows\System\HvEnsEb.exe
  C:\Windows\System\HvEnsEb.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\jJzaUgQ.exe
  C:\Windows\System\jJzaUgQ.exe
  2⤵
  - Executes dropped EXE
  PID:3032
- C:\Windows\System\mOVuazv.exe
  C:\Windows\System\mOVuazv.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\foXqUbA.exe
  C:\Windows\System\foXqUbA.exe
  2⤵
  - Executes dropped EXE
  PID:3000
- C:\Windows\System\ocznKOu.exe
  C:\Windows\System\ocznKOu.exe
  2⤵
  - Executes dropped EXE
  PID:1768
- C:\Windows\System\fuaoIEf.exe
  C:\Windows\System\fuaoIEf.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\dOHmnxB.exe
  C:\Windows\System\dOHmnxB.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\XzmcdYv.exe
  C:\Windows\System\XzmcdYv.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\FIddrTe.exe
  C:\Windows\System\FIddrTe.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\tBBxTsI.exe
  C:\Windows\System\tBBxTsI.exe
  2⤵
  - Executes dropped EXE
  PID:1328
- C:\Windows\System\gbBPlEZ.exe
  C:\Windows\System\gbBPlEZ.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\XzfwvAM.exe
  C:\Windows\System\XzfwvAM.exe
  2⤵
  - Executes dropped EXE
  PID:2800
- C:\Windows\System\frFpfFg.exe
  C:\Windows\System\frFpfFg.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\YBrBhKm.exe
  C:\Windows\System\YBrBhKm.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\nSXvboG.exe
  C:\Windows\System\nSXvboG.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\AtJleVU.exe
  C:\Windows\System\AtJleVU.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\eFMbUcl.exe
  C:\Windows\System\eFMbUcl.exe
  2⤵
  - Executes dropped EXE
  PID:2668
- C:\Windows\System\iALHrMU.exe
  C:\Windows\System\iALHrMU.exe
  2⤵
  - Executes dropped EXE
  PID:2256
- C:\Windows\System\ZvmKCHb.exe
  C:\Windows\System\ZvmKCHb.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\lNQzPJv.exe
  C:\Windows\System\lNQzPJv.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\ceOkArH.exe
  C:\Windows\System\ceOkArH.exe
  2⤵
  - Executes dropped EXE
  PID:668
- C:\Windows\System\YkamGdl.exe
  C:\Windows\System\YkamGdl.exe
  2⤵
  PID:1788
- C:\Windows\System\cMrVtvg.exe
  C:\Windows\System\cMrVtvg.exe
  2⤵
  PID:720
- C:\Windows\System\hDXrGaW.exe
  C:\Windows\System\hDXrGaW.exe
  2⤵
  PID:2296
- C:\Windows\System\fdBfqEU.exe
  C:\Windows\System\fdBfqEU.exe
  2⤵
  PID:2396
- C:\Windows\System\BssLEqK.exe
  C:\Windows\System\BssLEqK.exe
  2⤵
  PID:3044
- C:\Windows\System\IAjuJnV.exe
  C:\Windows\System\IAjuJnV.exe
  2⤵
  PID:2080
- C:\Windows\System\LzgMrop.exe
  C:\Windows\System\LzgMrop.exe
  2⤵
  PID:1088
- C:\Windows\System\PsItUDW.exe
  C:\Windows\System\PsItUDW.exe
  2⤵
  PID:2152
- C:\Windows\System\HxQnRUd.exe
  C:\Windows\System\HxQnRUd.exe
  2⤵
  PID:1764
- C:\Windows\System\JQvJNtX.exe
  C:\Windows\System\JQvJNtX.exe
  2⤵
  PID:1380
- C:\Windows\System\piohzHE.exe
  C:\Windows\System\piohzHE.exe
  2⤵
  PID:712
- C:\Windows\System\qjKFeSK.exe
  C:\Windows\System\qjKFeSK.exe
  2⤵
  PID:756
- C:\Windows\System\jsSHsgZ.exe
  C:\Windows\System\jsSHsgZ.exe
  2⤵
  PID:2288
- C:\Windows\System\HJbOhRS.exe
  C:\Windows\System\HJbOhRS.exe
  2⤵
  PID:1164
- C:\Windows\System\VMnLkLZ.exe
  C:\Windows\System\VMnLkLZ.exe
  2⤵
  PID:1488
- C:\Windows\System\TOLnUVl.exe
  C:\Windows\System\TOLnUVl.exe
  2⤵
  PID:2444
- C:\Windows\System\yTOOcdN.exe
  C:\Windows\System\yTOOcdN.exe
  2⤵
  PID:1980
- C:\Windows\System\EoUCWfj.exe
  C:\Windows\System\EoUCWfj.exe
  2⤵
  PID:1956
- C:\Windows\System\DWxKyFR.exe
  C:\Windows\System\DWxKyFR.exe
  2⤵
  PID:1236
- C:\Windows\System\bLertTD.exe
  C:\Windows\System\bLertTD.exe
  2⤵
  PID:1580
- C:\Windows\System\wVhwBlW.exe
  C:\Windows\System\wVhwBlW.exe
  2⤵
  PID:2684
- C:\Windows\System\WiuPKaj.exe
  C:\Windows\System\WiuPKaj.exe
  2⤵
  PID:2740
- C:\Windows\System\ODqtHic.exe
  C:\Windows\System\ODqtHic.exe
  2⤵
  PID:2596
- C:\Windows\System\JNlwsxQ.exe
  C:\Windows\System\JNlwsxQ.exe
  2⤵
  PID:2904
- C:\Windows\System\VpPHZqW.exe
  C:\Windows\System\VpPHZqW.exe
  2⤵
  PID:2156
- C:\Windows\System\Lylgeuk.exe
  C:\Windows\System\Lylgeuk.exe
  2⤵
  PID:2856
- C:\Windows\System\NFtOlHR.exe
  C:\Windows\System\NFtOlHR.exe
  2⤵
  PID:1964
- C:\Windows\System\VJAQZhs.exe
  C:\Windows\System\VJAQZhs.exe
  2⤵
  PID:1628
- C:\Windows\System\nGEyCAh.exe
  C:\Windows\System\nGEyCAh.exe
  2⤵
  PID:2220
- C:\Windows\System\MFMmiWJ.exe
  C:\Windows\System\MFMmiWJ.exe
  2⤵
  PID:1312
- C:\Windows\System\IdEmsrO.exe
  C:\Windows\System\IdEmsrO.exe
  2⤵
  PID:2244
- C:\Windows\System\wbfjCXw.exe
  C:\Windows\System\wbfjCXw.exe
  2⤵
  PID:912
- C:\Windows\System\ByLvDaa.exe
  C:\Windows\System\ByLvDaa.exe
  2⤵
  PID:1248
- C:\Windows\System\oGqNxAD.exe
  C:\Windows\System\oGqNxAD.exe
  2⤵
  PID:2484
- C:\Windows\System\VUnwkfk.exe
  C:\Windows\System\VUnwkfk.exe
  2⤵
  PID:776
- C:\Windows\System\bYfktWP.exe
  C:\Windows\System\bYfktWP.exe
  2⤵
  PID:2844
- C:\Windows\System\hEWQWqw.exe
  C:\Windows\System\hEWQWqw.exe
  2⤵
  PID:2336
- C:\Windows\System\JEaxMsC.exe
  C:\Windows\System\JEaxMsC.exe
  2⤵
  PID:1092
- C:\Windows\System\uAHBzmu.exe
  C:\Windows\System\uAHBzmu.exe
  2⤵
  PID:2052
- C:\Windows\System\tuNRvOL.exe
  C:\Windows\System\tuNRvOL.exe
  2⤵
  PID:1612
- C:\Windows\System\BmwZaPS.exe
  C:\Windows\System\BmwZaPS.exe
  2⤵
  PID:2376
- C:\Windows\System\NAXysJb.exe
  C:\Windows\System\NAXysJb.exe
  2⤵
  PID:2736
- C:\Windows\System\VnMcYaO.exe
  C:\Windows\System\VnMcYaO.exe
  2⤵
  PID:2884
- C:\Windows\System\MqskCog.exe
  C:\Windows\System\MqskCog.exe
  2⤵
  PID:2620
- C:\Windows\System\FxRpEyG.exe
  C:\Windows\System\FxRpEyG.exe
  2⤵
  PID:2948
- C:\Windows\System\pSMYTGv.exe
  C:\Windows\System\pSMYTGv.exe
  2⤵
  PID:1268
- C:\Windows\System\wryPtGx.exe
  C:\Windows\System\wryPtGx.exe
  2⤵
  PID:444
- C:\Windows\System\SqMVUew.exe
  C:\Windows\System\SqMVUew.exe
  2⤵
  PID:2488
- C:\Windows\System\aLqfjmt.exe
  C:\Windows\System\aLqfjmt.exe
  2⤵
  PID:2268
- C:\Windows\System\TKGmjKX.exe
  C:\Windows\System\TKGmjKX.exe
  2⤵
  PID:3056
- C:\Windows\System\WsWKuBN.exe
  C:\Windows\System\WsWKuBN.exe
  2⤵
  PID:2216
- C:\Windows\System\fJUqtnH.exe
  C:\Windows\System\fJUqtnH.exe
  2⤵
  PID:2388
- C:\Windows\System\OzuXFVQ.exe
  C:\Windows\System\OzuXFVQ.exe
  2⤵
  PID:2584
- C:\Windows\System\WJUjgPv.exe
  C:\Windows\System\WJUjgPv.exe
  2⤵
  PID:2120
- C:\Windows\System\WFtlNnx.exe
  C:\Windows\System\WFtlNnx.exe
  2⤵
  PID:1732
- C:\Windows\System\CgJlBKa.exe
  C:\Windows\System\CgJlBKa.exe
  2⤵
  PID:1560
- C:\Windows\System\lgrHHte.exe
  C:\Windows\System\lgrHHte.exe
  2⤵
  PID:3084
- C:\Windows\System\nngycMA.exe
  C:\Windows\System\nngycMA.exe
  2⤵
  PID:3100
- C:\Windows\System\irsrnEC.exe
  C:\Windows\System\irsrnEC.exe
  2⤵
  PID:3120
- C:\Windows\System\RzcvlYR.exe
  C:\Windows\System\RzcvlYR.exe
  2⤵
  PID:3140
- C:\Windows\System\LHLtJpq.exe
  C:\Windows\System\LHLtJpq.exe
  2⤵
  PID:3164
- C:\Windows\System\uWIYPei.exe
  C:\Windows\System\uWIYPei.exe
  2⤵
  PID:3184
- C:\Windows\System\jSSvwea.exe
  C:\Windows\System\jSSvwea.exe
  2⤵
  PID:3204
- C:\Windows\System\dlEgnwk.exe
  C:\Windows\System\dlEgnwk.exe
  2⤵
  PID:3228
- C:\Windows\System\NcbiavH.exe
  C:\Windows\System\NcbiavH.exe
  2⤵
  PID:3248
- C:\Windows\System\LAODphh.exe
  C:\Windows\System\LAODphh.exe
  2⤵
  PID:3264
- C:\Windows\System\HzwkOFw.exe
  C:\Windows\System\HzwkOFw.exe
  2⤵
  PID:3288
- C:\Windows\System\SLbIbGL.exe
  C:\Windows\System\SLbIbGL.exe
  2⤵
  PID:3304
- C:\Windows\System\ZlXqsPs.exe
  C:\Windows\System\ZlXqsPs.exe
  2⤵
  PID:3324
- C:\Windows\System\VBjTayv.exe
  C:\Windows\System\VBjTayv.exe
  2⤵
  PID:3344
- C:\Windows\System\ZeAnAlv.exe
  C:\Windows\System\ZeAnAlv.exe
  2⤵
  PID:3364
- C:\Windows\System\IJESaUm.exe
  C:\Windows\System\IJESaUm.exe
  2⤵
  PID:3384
- C:\Windows\System\wlajNQx.exe
  C:\Windows\System\wlajNQx.exe
  2⤵
  PID:3404
- C:\Windows\System\rGofYjT.exe
  C:\Windows\System\rGofYjT.exe
  2⤵
  PID:3428
- C:\Windows\System\OhkcZop.exe
  C:\Windows\System\OhkcZop.exe
  2⤵
  PID:3448
- C:\Windows\System\sScYfvu.exe
  C:\Windows\System\sScYfvu.exe
  2⤵
  PID:3464
- C:\Windows\System\tLlGmhp.exe
  C:\Windows\System\tLlGmhp.exe
  2⤵
  PID:3488
- C:\Windows\System\MFEmolt.exe
  C:\Windows\System\MFEmolt.exe
  2⤵
  PID:3508
- C:\Windows\System\yFODOkr.exe
  C:\Windows\System\yFODOkr.exe
  2⤵
  PID:3528
- C:\Windows\System\EQfvxRL.exe
  C:\Windows\System\EQfvxRL.exe
  2⤵
  PID:3544
- C:\Windows\System\HZihjZg.exe
  C:\Windows\System\HZihjZg.exe
  2⤵
  PID:3564
- C:\Windows\System\iDwKzcw.exe
  C:\Windows\System\iDwKzcw.exe
  2⤵
  PID:3584
- C:\Windows\System\ayGKlNx.exe
  C:\Windows\System\ayGKlNx.exe
  2⤵
  PID:3604
- C:\Windows\System\oltxcZV.exe
  C:\Windows\System\oltxcZV.exe
  2⤵
  PID:3620
- C:\Windows\System\fbwxCwG.exe
  C:\Windows\System\fbwxCwG.exe
  2⤵
  PID:3640
- C:\Windows\System\ophbfTG.exe
  C:\Windows\System\ophbfTG.exe
  2⤵
  PID:3656
- C:\Windows\System\eRysYDc.exe
  C:\Windows\System\eRysYDc.exe
  2⤵
  PID:3676
- C:\Windows\System\kAOEfYY.exe
  C:\Windows\System\kAOEfYY.exe
  2⤵
  PID:3692
- C:\Windows\System\QPhQtRR.exe
  C:\Windows\System\QPhQtRR.exe
  2⤵
  PID:3712
- C:\Windows\System\FkRWLzq.exe
  C:\Windows\System\FkRWLzq.exe
  2⤵
  PID:3732
- C:\Windows\System\DjAySED.exe
  C:\Windows\System\DjAySED.exe
  2⤵
  PID:3752
- C:\Windows\System\BfDCRCj.exe
  C:\Windows\System\BfDCRCj.exe
  2⤵
  PID:3768
- C:\Windows\System\ETpduhR.exe
  C:\Windows\System\ETpduhR.exe
  2⤵
  PID:3804
- C:\Windows\System\Sjhexlf.exe
  C:\Windows\System\Sjhexlf.exe
  2⤵
  PID:3828
- C:\Windows\System\SLatxOK.exe
  C:\Windows\System\SLatxOK.exe
  2⤵
  PID:3848
- C:\Windows\System\rzACYNp.exe
  C:\Windows\System\rzACYNp.exe
  2⤵
  PID:3868
- C:\Windows\System\NrovTad.exe
  C:\Windows\System\NrovTad.exe
  2⤵
  PID:3888
- C:\Windows\System\oUKrCNW.exe
  C:\Windows\System\oUKrCNW.exe
  2⤵
  PID:3904
- C:\Windows\System\gCmrFKH.exe
  C:\Windows\System\gCmrFKH.exe
  2⤵
  PID:3932
- C:\Windows\System\VPdRniz.exe
  C:\Windows\System\VPdRniz.exe
  2⤵
  PID:3948
- C:\Windows\System\UljJOhi.exe
  C:\Windows\System\UljJOhi.exe
  2⤵
  PID:3972
- C:\Windows\System\qKiSdWl.exe
  C:\Windows\System\qKiSdWl.exe
  2⤵
  PID:3988
- C:\Windows\System\fypeqcH.exe
  C:\Windows\System\fypeqcH.exe
  2⤵
  PID:4012
- C:\Windows\System\yCKXuua.exe
  C:\Windows\System\yCKXuua.exe
  2⤵
  PID:4032
- C:\Windows\System\HxczMTq.exe
  C:\Windows\System\HxczMTq.exe
  2⤵
  PID:4052
- C:\Windows\System\qGbrOUM.exe
  C:\Windows\System\qGbrOUM.exe
  2⤵
  PID:4068
- C:\Windows\System\EDruRIf.exe
  C:\Windows\System\EDruRIf.exe
  2⤵
  PID:4088
- C:\Windows\System\jRlAdug.exe
  C:\Windows\System\jRlAdug.exe
  2⤵
  PID:2500
- C:\Windows\System\wGyukDv.exe
  C:\Windows\System\wGyukDv.exe
  2⤵
  PID:908
- C:\Windows\System\TpaeNvR.exe
  C:\Windows\System\TpaeNvR.exe
  2⤵
  PID:1600
- C:\Windows\System\VVtcPxc.exe
  C:\Windows\System\VVtcPxc.exe
  2⤵
  PID:772
- C:\Windows\System\qEkhJEO.exe
  C:\Windows\System\qEkhJEO.exe
  2⤵
  PID:3108
- C:\Windows\System\fxyKnMO.exe
  C:\Windows\System\fxyKnMO.exe
  2⤵
  PID:3156
- C:\Windows\System\mTIreuq.exe
  C:\Windows\System\mTIreuq.exe
  2⤵
  PID:3192
- C:\Windows\System\yCYqfpG.exe
  C:\Windows\System\yCYqfpG.exe
  2⤵
  PID:3136
- C:\Windows\System\fYGksfe.exe
  C:\Windows\System\fYGksfe.exe
  2⤵
  PID:3172
- C:\Windows\System\DBALOll.exe
  C:\Windows\System\DBALOll.exe
  2⤵
  PID:3280
- C:\Windows\System\gdfvBmg.exe
  C:\Windows\System\gdfvBmg.exe
  2⤵
  PID:3312
- C:\Windows\System\safxxAI.exe
  C:\Windows\System\safxxAI.exe
  2⤵
  PID:3300
- C:\Windows\System\eBwRCId.exe
  C:\Windows\System\eBwRCId.exe
  2⤵
  PID:3392
- C:\Windows\System\qFklFYQ.exe
  C:\Windows\System\qFklFYQ.exe
  2⤵
  PID:3476
- C:\Windows\System\FVejtXS.exe
  C:\Windows\System\FVejtXS.exe
  2⤵
  PID:3336
- C:\Windows\System\eBhZzuA.exe
  C:\Windows\System\eBhZzuA.exe
  2⤵
  PID:3372
- C:\Windows\System\SoNUMJj.exe
  C:\Windows\System\SoNUMJj.exe
  2⤵
  PID:3520
- C:\Windows\System\iyyVaco.exe
  C:\Windows\System\iyyVaco.exe
  2⤵
  PID:3600
- C:\Windows\System\mkXaxVH.exe
  C:\Windows\System\mkXaxVH.exe
  2⤵
  PID:3632
- C:\Windows\System\IlNKhDC.exe
  C:\Windows\System\IlNKhDC.exe
  2⤵
  PID:3708
- C:\Windows\System\TpwSdPd.exe
  C:\Windows\System\TpwSdPd.exe
  2⤵
  PID:3504
- C:\Windows\System\FPQmXmw.exe
  C:\Windows\System\FPQmXmw.exe
  2⤵
  PID:3536
- C:\Windows\System\zxiBAiq.exe
  C:\Windows\System\zxiBAiq.exe
  2⤵
  PID:3580
- C:\Windows\System\ifQYxzB.exe
  C:\Windows\System\ifQYxzB.exe
  2⤵
  PID:3612
- C:\Windows\System\zEdwVEz.exe
  C:\Windows\System\zEdwVEz.exe
  2⤵
  PID:3688
- C:\Windows\System\rufmcja.exe
  C:\Windows\System\rufmcja.exe
  2⤵
  PID:3800
- C:\Windows\System\mNjPcCT.exe
  C:\Windows\System\mNjPcCT.exe
  2⤵
  PID:3812
- C:\Windows\System\zfgFZHG.exe
  C:\Windows\System\zfgFZHG.exe
  2⤵
  PID:3880
- C:\Windows\System\heOsizT.exe
  C:\Windows\System\heOsizT.exe
  2⤵
  PID:3928
- C:\Windows\System\ETxPCEg.exe
  C:\Windows\System\ETxPCEg.exe
  2⤵
  PID:3996
- C:\Windows\System\DVIqBwU.exe
  C:\Windows\System\DVIqBwU.exe
  2⤵
  PID:3900
- C:\Windows\System\kttReMu.exe
  C:\Windows\System\kttReMu.exe
  2⤵
  PID:4040
- C:\Windows\System\lXSOgRl.exe
  C:\Windows\System\lXSOgRl.exe
  2⤵
  PID:4076
- C:\Windows\System\lfPoWWt.exe
  C:\Windows\System\lfPoWWt.exe
  2⤵
  PID:1284
- C:\Windows\System\cTIqAyD.exe
  C:\Windows\System\cTIqAyD.exe
  2⤵
  PID:4060
- C:\Windows\System\JEFEtNT.exe
  C:\Windows\System\JEFEtNT.exe
  2⤵
  PID:1968
- C:\Windows\System\vzGxeAp.exe
  C:\Windows\System\vzGxeAp.exe
  2⤵
  PID:3112
- C:\Windows\System\UlSAbGu.exe
  C:\Windows\System\UlSAbGu.exe
  2⤵
  PID:1668
- C:\Windows\System\qKuMYMN.exe
  C:\Windows\System\qKuMYMN.exe
  2⤵
  PID:3272
- C:\Windows\System\LiFOgwx.exe
  C:\Windows\System\LiFOgwx.exe
  2⤵
  PID:3096
- C:\Windows\System\YxcigYh.exe
  C:\Windows\System\YxcigYh.exe
  2⤵
  PID:3316
- C:\Windows\System\TFZwzJD.exe
  C:\Windows\System\TFZwzJD.exe
  2⤵
  PID:3276
- C:\Windows\System\yzlHMdI.exe
  C:\Windows\System\yzlHMdI.exe
  2⤵
  PID:3436
- C:\Windows\System\SpCalfi.exe
  C:\Windows\System\SpCalfi.exe
  2⤵
  PID:3592
- C:\Windows\System\lYKphep.exe
  C:\Windows\System\lYKphep.exe
  2⤵
  PID:3332
- C:\Windows\System\SUTbyIa.exe
  C:\Windows\System\SUTbyIa.exe
  2⤵
  PID:3668
- C:\Windows\System\hujuTUA.exe
  C:\Windows\System\hujuTUA.exe
  2⤵
  PID:3524
- C:\Windows\System\ZWcMibd.exe
  C:\Windows\System\ZWcMibd.exe
  2⤵
  PID:2308
- C:\Windows\System\sfRMXCY.exe
  C:\Windows\System\sfRMXCY.exe
  2⤵
  PID:3456
- C:\Windows\System\jpVCMzR.exe
  C:\Windows\System\jpVCMzR.exe
  2⤵
  PID:3796
- C:\Windows\System\IYFyeJX.exe
  C:\Windows\System\IYFyeJX.exe
  2⤵
  PID:3884
- C:\Windows\System\uopJcuE.exe
  C:\Windows\System\uopJcuE.exe
  2⤵
  PID:3836
- C:\Windows\System\XHbveea.exe
  C:\Windows\System\XHbveea.exe
  2⤵
  PID:3968
- C:\Windows\System\hjhetLD.exe
  C:\Windows\System\hjhetLD.exe
  2⤵
  PID:4008
- C:\Windows\System\dHcDfBl.exe
  C:\Windows\System\dHcDfBl.exe
  2⤵
  PID:2708
- C:\Windows\System\PxDTdbD.exe
  C:\Windows\System\PxDTdbD.exe
  2⤵
  PID:4044
- C:\Windows\System\yZLFKDE.exe
  C:\Windows\System\yZLFKDE.exe
  2⤵
  PID:1976
- C:\Windows\System\APvslCs.exe
  C:\Windows\System\APvslCs.exe
  2⤵
  PID:2108
- C:\Windows\System\mfqeAIC.exe
  C:\Windows\System\mfqeAIC.exe
  2⤵
  PID:3148
- C:\Windows\System\mPzOiGZ.exe
  C:\Windows\System\mPzOiGZ.exe
  2⤵
  PID:3160
- C:\Windows\System\kipitZN.exe
  C:\Windows\System\kipitZN.exe
  2⤵
  PID:3284
- C:\Windows\System\NGEZzQU.exe
  C:\Windows\System\NGEZzQU.exe
  2⤵
  PID:3396
- C:\Windows\System\QNSRnSQ.exe
  C:\Windows\System\QNSRnSQ.exe
  2⤵
  PID:3412
- C:\Windows\System\pfoCqts.exe
  C:\Windows\System\pfoCqts.exe
  2⤵
  PID:3672
- C:\Windows\System\OeFwIsZ.exe
  C:\Windows\System\OeFwIsZ.exe
  2⤵
  PID:3636
- C:\Windows\System\osVAOCR.exe
  C:\Windows\System\osVAOCR.exe
  2⤵
  PID:3576
- C:\Windows\System\BXZMAsq.exe
  C:\Windows\System\BXZMAsq.exe
  2⤵
  PID:3824
- C:\Windows\System\ktlArER.exe
  C:\Windows\System\ktlArER.exe
  2⤵
  PID:3924
- C:\Windows\System\zEVyNsE.exe
  C:\Windows\System\zEVyNsE.exe
  2⤵
  PID:3964
- C:\Windows\System\DzSdAXl.exe
  C:\Windows\System\DzSdAXl.exe
  2⤵
  PID:2440
- C:\Windows\System\KsHOoJF.exe
  C:\Windows\System\KsHOoJF.exe
  2⤵
  PID:3984
- C:\Windows\System\sthTzLw.exe
  C:\Windows\System\sthTzLw.exe
  2⤵
  PID:3176
- C:\Windows\System\fdlVcIX.exe
  C:\Windows\System\fdlVcIX.exe
  2⤵
  PID:3200
- C:\Windows\System\eDIsGMy.exe
  C:\Windows\System\eDIsGMy.exe
  2⤵
  PID:3360
- C:\Windows\System\VXHmfzH.exe
  C:\Windows\System\VXHmfzH.exe
  2⤵
  PID:3484
- C:\Windows\System\lBhpVJd.exe
  C:\Windows\System\lBhpVJd.exe
  2⤵
  PID:3560
- C:\Windows\System\rAVwGmc.exe
  C:\Windows\System\rAVwGmc.exe
  2⤵
  PID:3876
- C:\Windows\System\JJAnMJg.exe
  C:\Windows\System\JJAnMJg.exe
  2⤵
  PID:2796
- C:\Windows\System\TbzKJZT.exe
  C:\Windows\System\TbzKJZT.exe
  2⤵
  PID:2204
- C:\Windows\System\gUUGajO.exe
  C:\Windows\System\gUUGajO.exe
  2⤵
  PID:2908
- C:\Windows\System\noFTUOL.exe
  C:\Windows\System\noFTUOL.exe
  2⤵
  PID:3744
- C:\Windows\System\hGubaqq.exe
  C:\Windows\System\hGubaqq.exe
  2⤵
  PID:3864
- C:\Windows\System\BkBPIJi.exe
  C:\Windows\System\BkBPIJi.exe
  2⤵
  PID:3132
- C:\Windows\System\sHfJIVV.exe
  C:\Windows\System\sHfJIVV.exe
  2⤵
  PID:4112
- C:\Windows\System\GVyNauS.exe
  C:\Windows\System\GVyNauS.exe
  2⤵
  PID:4132
- C:\Windows\System\AgRRNeq.exe
  C:\Windows\System\AgRRNeq.exe
  2⤵
  PID:4152
- C:\Windows\System\dfVWaWH.exe
  C:\Windows\System\dfVWaWH.exe
  2⤵
  PID:4172
- C:\Windows\System\PMesScv.exe
  C:\Windows\System\PMesScv.exe
  2⤵
  PID:4192
- C:\Windows\System\oPbotrd.exe
  C:\Windows\System\oPbotrd.exe
  2⤵
  PID:4212
- C:\Windows\System\SkOESFP.exe
  C:\Windows\System\SkOESFP.exe
  2⤵
  PID:4232
- C:\Windows\System\WLALHal.exe
  C:\Windows\System\WLALHal.exe
  2⤵
  PID:4252
- C:\Windows\System\cTEbIFs.exe
  C:\Windows\System\cTEbIFs.exe
  2⤵
  PID:4272
- C:\Windows\System\LlzICaY.exe
  C:\Windows\System\LlzICaY.exe
  2⤵
  PID:4288
- C:\Windows\System\vIfCfhd.exe
  C:\Windows\System\vIfCfhd.exe
  2⤵
  PID:4312
- C:\Windows\System\MQtfqzR.exe
  C:\Windows\System\MQtfqzR.exe
  2⤵
  PID:4328
- C:\Windows\System\wZFQazP.exe
  C:\Windows\System\wZFQazP.exe
  2⤵
  PID:4352
- C:\Windows\System\CYRfCPl.exe
  C:\Windows\System\CYRfCPl.exe
  2⤵
  PID:4372
- C:\Windows\System\irjqqAh.exe
  C:\Windows\System\irjqqAh.exe
  2⤵
  PID:4392
- C:\Windows\System\mEBdmLP.exe
  C:\Windows\System\mEBdmLP.exe
  2⤵
  PID:4412
- C:\Windows\System\ktBUpbJ.exe
  C:\Windows\System\ktBUpbJ.exe
  2⤵
  PID:4432
- C:\Windows\System\efiNiCL.exe
  C:\Windows\System\efiNiCL.exe
  2⤵
  PID:4452
- C:\Windows\System\okCmlwa.exe
  C:\Windows\System\okCmlwa.exe
  2⤵
  PID:4472
- C:\Windows\System\OGTosmm.exe
  C:\Windows\System\OGTosmm.exe
  2⤵
  PID:4492
- C:\Windows\System\NPbkqhY.exe
  C:\Windows\System\NPbkqhY.exe
  2⤵
  PID:4512
- C:\Windows\System\AUjHsPb.exe
  C:\Windows\System\AUjHsPb.exe
  2⤵
  PID:4532
- C:\Windows\System\UEhYypw.exe
  C:\Windows\System\UEhYypw.exe
  2⤵
  PID:4552
- C:\Windows\System\yHQmycI.exe
  C:\Windows\System\yHQmycI.exe
  2⤵
  PID:4572
- C:\Windows\System\kUWcYhK.exe
  C:\Windows\System\kUWcYhK.exe
  2⤵
  PID:4592
- C:\Windows\System\LMYNDnm.exe
  C:\Windows\System\LMYNDnm.exe
  2⤵
  PID:4612
- C:\Windows\System\HLabUdy.exe
  C:\Windows\System\HLabUdy.exe
  2⤵
  PID:4632
- C:\Windows\System\esnPSzh.exe
  C:\Windows\System\esnPSzh.exe
  2⤵
  PID:4652
- C:\Windows\System\FJeLYaz.exe
  C:\Windows\System\FJeLYaz.exe
  2⤵
  PID:4672
- C:\Windows\System\GiIuBkb.exe
  C:\Windows\System\GiIuBkb.exe
  2⤵
  PID:4688
- C:\Windows\System\DTyMutl.exe
  C:\Windows\System\DTyMutl.exe
  2⤵
  PID:4712
- C:\Windows\System\MAOpwiB.exe
  C:\Windows\System\MAOpwiB.exe
  2⤵
  PID:4732
- C:\Windows\System\uvXYXin.exe
  C:\Windows\System\uvXYXin.exe
  2⤵
  PID:4752
- C:\Windows\System\FwYRyuv.exe
  C:\Windows\System\FwYRyuv.exe
  2⤵
  PID:4772
- C:\Windows\System\LNCGkZy.exe
  C:\Windows\System\LNCGkZy.exe
  2⤵
  PID:4792
- C:\Windows\System\HnscGws.exe
  C:\Windows\System\HnscGws.exe
  2⤵
  PID:4812
- C:\Windows\System\ZMKRBnz.exe
  C:\Windows\System\ZMKRBnz.exe
  2⤵
  PID:4840
- C:\Windows\System\SmVBOEA.exe
  C:\Windows\System\SmVBOEA.exe
  2⤵
  PID:4860
- C:\Windows\System\llBNrVt.exe
  C:\Windows\System\llBNrVt.exe
  2⤵
  PID:4880
- C:\Windows\System\ZPvmkOR.exe
  C:\Windows\System\ZPvmkOR.exe
  2⤵
  PID:4900
- C:\Windows\System\QreePsy.exe
  C:\Windows\System\QreePsy.exe
  2⤵
  PID:4920
- C:\Windows\System\vnvWuOg.exe
  C:\Windows\System\vnvWuOg.exe
  2⤵
  PID:4940
- C:\Windows\System\iqhPnls.exe
  C:\Windows\System\iqhPnls.exe
  2⤵
  PID:4960
- C:\Windows\System\bJqdnPp.exe
  C:\Windows\System\bJqdnPp.exe
  2⤵
  PID:4980
- C:\Windows\System\DPjodxx.exe
  C:\Windows\System\DPjodxx.exe
  2⤵
  PID:5000
- C:\Windows\System\glGwtmZ.exe
  C:\Windows\System\glGwtmZ.exe
  2⤵
  PID:5020
- C:\Windows\System\BjCXHwI.exe
  C:\Windows\System\BjCXHwI.exe
  2⤵
  PID:5040
- C:\Windows\System\lXwFMBh.exe
  C:\Windows\System\lXwFMBh.exe
  2⤵
  PID:5056
- C:\Windows\System\iUkQMRk.exe
  C:\Windows\System\iUkQMRk.exe
  2⤵
  PID:5080
- C:\Windows\System\EktMVne.exe
  C:\Windows\System\EktMVne.exe
  2⤵
  PID:5100
- C:\Windows\System\vzqrePq.exe
  C:\Windows\System\vzqrePq.exe
  2⤵
  PID:2704
- C:\Windows\System\HmZvWuJ.exe
  C:\Windows\System\HmZvWuJ.exe
  2⤵
  PID:3220
- C:\Windows\System\egHaDIu.exe
  C:\Windows\System\egHaDIu.exe
  2⤵
  PID:3944
- C:\Windows\System\eecadVC.exe
  C:\Windows\System\eecadVC.exe
  2⤵
  PID:1372
- C:\Windows\System\Fbjjhxa.exe
  C:\Windows\System\Fbjjhxa.exe
  2⤵
  PID:3460
- C:\Windows\System\RFipCIT.exe
  C:\Windows\System\RFipCIT.exe
  2⤵
  PID:1908
- C:\Windows\System\hUDtfvp.exe
  C:\Windows\System\hUDtfvp.exe
  2⤵
  PID:4128
- C:\Windows\System\ByMsFGv.exe
  C:\Windows\System\ByMsFGv.exe
  2⤵
  PID:4160
- C:\Windows\System\oAYgdNH.exe
  C:\Windows\System\oAYgdNH.exe
  2⤵
  PID:4220
- C:\Windows\System\LKvOUGh.exe
  C:\Windows\System\LKvOUGh.exe
  2⤵
  PID:4208
- C:\Windows\System\iQuYEXY.exe
  C:\Windows\System\iQuYEXY.exe
  2⤵
  PID:4264
- C:\Windows\System\XuKvasV.exe
  C:\Windows\System\XuKvasV.exe
  2⤵
  PID:4284
- C:\Windows\System\yPROFHs.exe
  C:\Windows\System\yPROFHs.exe
  2⤵
  PID:4340
- C:\Windows\System\DvUccSs.exe
  C:\Windows\System\DvUccSs.exe
  2⤵
  PID:4380
- C:\Windows\System\fwWcoAO.exe
  C:\Windows\System\fwWcoAO.exe
  2⤵
  PID:4400
- C:\Windows\System\OOiWWOz.exe
  C:\Windows\System\OOiWWOz.exe
  2⤵
  PID:4424
- C:\Windows\System\ybmMxmK.exe
  C:\Windows\System\ybmMxmK.exe
  2⤵
  PID:4468
- C:\Windows\System\TJTkbgg.exe
  C:\Windows\System\TJTkbgg.exe
  2⤵
  PID:4540
- C:\Windows\System\xNaDbsJ.exe
  C:\Windows\System\xNaDbsJ.exe
  2⤵
  PID:4520
- C:\Windows\System\oZtgFze.exe
  C:\Windows\System\oZtgFze.exe
  2⤵
  PID:4580
- C:\Windows\System\mybwoSJ.exe
  C:\Windows\System\mybwoSJ.exe
  2⤵
  PID:4620
- C:\Windows\System\EoITvIF.exe
  C:\Windows\System\EoITvIF.exe
  2⤵
  PID:4604
- C:\Windows\System\QegdAIs.exe
  C:\Windows\System\QegdAIs.exe
  2⤵
  PID:880
- C:\Windows\System\fwqNJDB.exe
  C:\Windows\System\fwqNJDB.exe
  2⤵
  PID:4704
- C:\Windows\System\lDFimrI.exe
  C:\Windows\System\lDFimrI.exe
  2⤵
  PID:4720
- C:\Windows\System\ysxaeWS.exe
  C:\Windows\System\ysxaeWS.exe
  2⤵
  PID:2616
- C:\Windows\System\IqTVtIE.exe
  C:\Windows\System\IqTVtIE.exe
  2⤵
  PID:4784
- C:\Windows\System\FjEhGGI.exe
  C:\Windows\System\FjEhGGI.exe
  2⤵
  PID:4820
- C:\Windows\System\PIBbRmd.exe
  C:\Windows\System\PIBbRmd.exe
  2⤵
  PID:4876
- C:\Windows\System\IEqgYlR.exe
  C:\Windows\System\IEqgYlR.exe
  2⤵
  PID:4852
- C:\Windows\System\uGcoyaK.exe
  C:\Windows\System\uGcoyaK.exe
  2⤵
  PID:4916
- C:\Windows\System\SHBHtHF.exe
  C:\Windows\System\SHBHtHF.exe
  2⤵
  PID:4948
- C:\Windows\System\DhSIkiY.exe
  C:\Windows\System\DhSIkiY.exe
  2⤵
  PID:4932
- C:\Windows\System\QeBKzrQ.exe
  C:\Windows\System\QeBKzrQ.exe
  2⤵
  PID:5028
- C:\Windows\System\UtCgqSQ.exe
  C:\Windows\System\UtCgqSQ.exe
  2⤵
  PID:5016
- C:\Windows\System\PSOcmyD.exe
  C:\Windows\System\PSOcmyD.exe
  2⤵
  PID:5068
- C:\Windows\System\uEqKtAx.exe
  C:\Windows\System\uEqKtAx.exe
  2⤵
  PID:5112
- C:\Windows\System\uNowhfW.exe
  C:\Windows\System\uNowhfW.exe
  2⤵
  PID:4028
- C:\Windows\System\mpTttrd.exe
  C:\Windows\System\mpTttrd.exe
  2⤵
  PID:3700
- C:\Windows\System\papSIrn.exe
  C:\Windows\System\papSIrn.exe
  2⤵
  PID:3616
- C:\Windows\System\HxESLCX.exe
  C:\Windows\System\HxESLCX.exe
  2⤵
  PID:4168
- C:\Windows\System\wXVKtdP.exe
  C:\Windows\System\wXVKtdP.exe
  2⤵
  PID:1524
- C:\Windows\System\SNzsKiV.exe
  C:\Windows\System\SNzsKiV.exe
  2⤵
  PID:4240
- C:\Windows\System\wAzjROM.exe
  C:\Windows\System\wAzjROM.exe
  2⤵
  PID:4336
- C:\Windows\System\xiKYndt.exe
  C:\Windows\System\xiKYndt.exe
  2⤵
  PID:4368
- C:\Windows\System\wGjkSvm.exe
  C:\Windows\System\wGjkSvm.exe
  2⤵
  PID:4324
- C:\Windows\System\VFymIbJ.exe
  C:\Windows\System\VFymIbJ.exe
  2⤵
  PID:4460
- C:\Windows\System\sFzBugl.exe
  C:\Windows\System\sFzBugl.exe
  2⤵
  PID:4488
- C:\Windows\System\FygkkvD.exe
  C:\Windows\System\FygkkvD.exe
  2⤵
  PID:4524
- C:\Windows\System\KYyzlJL.exe
  C:\Windows\System\KYyzlJL.exe
  2⤵
  PID:4544
- C:\Windows\System\bYDEHKH.exe
  C:\Windows\System\bYDEHKH.exe
  2⤵
  PID:4668
- C:\Windows\System\uVnwDSl.exe
  C:\Windows\System\uVnwDSl.exe
  2⤵
  PID:4644
- C:\Windows\System\MQNDJjP.exe
  C:\Windows\System\MQNDJjP.exe
  2⤵
  PID:4788
- C:\Windows\System\EVMKUyW.exe
  C:\Windows\System\EVMKUyW.exe
  2⤵
  PID:4804
- C:\Windows\System\yZEpOEN.exe
  C:\Windows\System\yZEpOEN.exe
  2⤵
  PID:4724
- C:\Windows\System\bkTVSCP.exe
  C:\Windows\System\bkTVSCP.exe
  2⤵
  PID:4908
- C:\Windows\System\aBhYFLu.exe
  C:\Windows\System\aBhYFLu.exe
  2⤵
  PID:4988
- C:\Windows\System\vxBiifz.exe
  C:\Windows\System\vxBiifz.exe
  2⤵
  PID:928
- C:\Windows\System\iMAfIjG.exe
  C:\Windows\System\iMAfIjG.exe
  2⤵
  PID:4992
- C:\Windows\System\BMnzPim.exe
  C:\Windows\System\BMnzPim.exe
  2⤵
  PID:3080
- C:\Windows\System\QaxdMhy.exe
  C:\Windows\System\QaxdMhy.exe
  2⤵
  PID:2700
- C:\Windows\System\hKzulbC.exe
  C:\Windows\System\hKzulbC.exe
  2⤵
  PID:2896
- C:\Windows\System\gKYgGWq.exe
  C:\Windows\System\gKYgGWq.exe
  2⤵
  PID:2464
- C:\Windows\System\rkrhrZY.exe
  C:\Windows\System\rkrhrZY.exe
  2⤵
  PID:3128
- C:\Windows\System\peWFGcZ.exe
  C:\Windows\System\peWFGcZ.exe
  2⤵
  PID:2636
- C:\Windows\System\dRlpCvg.exe
  C:\Windows\System\dRlpCvg.exe
  2⤵
  PID:4164
- C:\Windows\System\mQMnJDc.exe
  C:\Windows\System\mQMnJDc.exe
  2⤵
  PID:4184
- C:\Windows\System\lYTGkjv.exe
  C:\Windows\System\lYTGkjv.exe
  2⤵
  PID:4280
- C:\Windows\System\ivzonpr.exe
  C:\Windows\System\ivzonpr.exe
  2⤵
  PID:4224
- C:\Windows\System\MxOAqpa.exe
  C:\Windows\System\MxOAqpa.exe
  2⤵
  PID:2136
- C:\Windows\System\kMhQKRO.exe
  C:\Windows\System\kMhQKRO.exe
  2⤵
  PID:2928
- C:\Windows\System\AiJyfxy.exe
  C:\Windows\System\AiJyfxy.exe
  2⤵
  PID:1844
- C:\Windows\System\lKVFfrD.exe
  C:\Windows\System\lKVFfrD.exe
  2⤵
  PID:4608
- C:\Windows\System\HBcwGFA.exe
  C:\Windows\System\HBcwGFA.exe
  2⤵
  PID:2996
- C:\Windows\System\tstXuli.exe
  C:\Windows\System\tstXuli.exe
  2⤵
  PID:4708
- C:\Windows\System\hbzCkOV.exe
  C:\Windows\System\hbzCkOV.exe
  2⤵
  PID:4764
- C:\Windows\System\IAduHez.exe
  C:\Windows\System\IAduHez.exe
  2⤵
  PID:4912
- C:\Windows\System\wAXFCsP.exe
  C:\Windows\System\wAXFCsP.exe
  2⤵
  PID:1952
- C:\Windows\System\CjwPFfN.exe
  C:\Windows\System\CjwPFfN.exe
  2⤵
  PID:5048
- C:\Windows\System\TwstySo.exe
  C:\Windows\System\TwstySo.exe
  2⤵
  PID:2756
- C:\Windows\System\kirXBid.exe
  C:\Windows\System\kirXBid.exe
  2⤵
  PID:5052
- C:\Windows\System\DEGgzNC.exe
  C:\Windows\System\DEGgzNC.exe
  2⤵
  PID:4248
- C:\Windows\System\nbIbQGn.exe
  C:\Windows\System\nbIbQGn.exe
  2⤵
  PID:2752
- C:\Windows\System\DdjfDPV.exe
  C:\Windows\System\DdjfDPV.exe
  2⤵
  PID:4140
- C:\Windows\System\PpyptRP.exe
  C:\Windows\System\PpyptRP.exe
  2⤵
  PID:3016
- C:\Windows\System\qzNagRM.exe
  C:\Windows\System\qzNagRM.exe
  2⤵
  PID:2540
- C:\Windows\System\nbROZvO.exe
  C:\Windows\System\nbROZvO.exe
  2⤵
  PID:4892
- C:\Windows\System\fXakDuC.exe
  C:\Windows\System\fXakDuC.exe
  2⤵
  PID:1664
- C:\Windows\System\LxIQCSV.exe
  C:\Windows\System\LxIQCSV.exe
  2⤵
  PID:4504
- C:\Windows\System\NlzOhGf.exe
  C:\Windows\System\NlzOhGf.exe
  2⤵
  PID:1916
- C:\Windows\System\CbbvbMh.exe
  C:\Windows\System\CbbvbMh.exe
  2⤵
  PID:2780
- C:\Windows\System\kkPuCxp.exe
  C:\Windows\System\kkPuCxp.exe
  2⤵
  PID:2944
- C:\Windows\System\aRhVLWF.exe
  C:\Windows\System\aRhVLWF.exe
  2⤵
  PID:2624
- C:\Windows\System\xybvMQJ.exe
  C:\Windows\System\xybvMQJ.exe
  2⤵
  PID:5116
- C:\Windows\System\ApMTRhk.exe
  C:\Windows\System\ApMTRhk.exe
  2⤵
  PID:2160
- C:\Windows\System\ckamfSn.exe
  C:\Windows\System\ckamfSn.exe
  2⤵
  PID:4428
- C:\Windows\System\RNbFYdM.exe
  C:\Windows\System\RNbFYdM.exe
  2⤵
  PID:4484
- C:\Windows\System\XTmhxWx.exe
  C:\Windows\System\XTmhxWx.exe
  2⤵
  PID:4200
- C:\Windows\System\YbEyuEU.exe
  C:\Windows\System\YbEyuEU.exe
  2⤵
  PID:3376
- C:\Windows\System\UCNoBjC.exe
  C:\Windows\System\UCNoBjC.exe
  2⤵
  PID:4856
- C:\Windows\System\mMSSzBq.exe
  C:\Windows\System\mMSSzBq.exe
  2⤵
  PID:1924
- C:\Windows\System\hrwLmDG.exe
  C:\Windows\System\hrwLmDG.exe
  2⤵
  PID:5140
- C:\Windows\System\TZrCiap.exe
  C:\Windows\System\TZrCiap.exe
  2⤵
  PID:5156
- C:\Windows\System\tnrkbBQ.exe
  C:\Windows\System\tnrkbBQ.exe
  2⤵
  PID:5172
- C:\Windows\System\zazZgfH.exe
  C:\Windows\System\zazZgfH.exe
  2⤵
  PID:5188
- C:\Windows\System\EbeDzuy.exe
  C:\Windows\System\EbeDzuy.exe
  2⤵
  PID:5204
- C:\Windows\System\Eilifmn.exe
  C:\Windows\System\Eilifmn.exe
  2⤵
  PID:5224
- C:\Windows\System\ssqcmNw.exe
  C:\Windows\System\ssqcmNw.exe
  2⤵
  PID:5240
- C:\Windows\System\jurRHwd.exe
  C:\Windows\System\jurRHwd.exe
  2⤵
  PID:5260
- C:\Windows\System\XncXSgo.exe
  C:\Windows\System\XncXSgo.exe
  2⤵
  PID:5284
- C:\Windows\System\zehdVgp.exe
  C:\Windows\System\zehdVgp.exe
  2⤵
  PID:5304
- C:\Windows\System\sbFrJAy.exe
  C:\Windows\System\sbFrJAy.exe
  2⤵
  PID:5320
- C:\Windows\System\uKFHlyb.exe
  C:\Windows\System\uKFHlyb.exe
  2⤵
  PID:5344
- C:\Windows\System\iharrNb.exe
  C:\Windows\System\iharrNb.exe
  2⤵
  PID:5360
- C:\Windows\System\KAmhZkz.exe
  C:\Windows\System\KAmhZkz.exe
  2⤵
  PID:5376
- C:\Windows\System\UjNnipB.exe
  C:\Windows\System\UjNnipB.exe
  2⤵
  PID:5396
- C:\Windows\System\QDvzRAa.exe
  C:\Windows\System\QDvzRAa.exe
  2⤵
  PID:5412
- C:\Windows\System\RaYlKGm.exe
  C:\Windows\System\RaYlKGm.exe
  2⤵
  PID:5464
- C:\Windows\System\ONqwpjq.exe
  C:\Windows\System\ONqwpjq.exe
  2⤵
  PID:5484
- C:\Windows\System\MOtpKpO.exe
  C:\Windows\System\MOtpKpO.exe
  2⤵
  PID:5500
- C:\Windows\System\RCKwrKy.exe
  C:\Windows\System\RCKwrKy.exe
  2⤵
  PID:5524
- C:\Windows\System\JSqdVJY.exe
  C:\Windows\System\JSqdVJY.exe
  2⤵
  PID:5540
- C:\Windows\System\LiPIuND.exe
  C:\Windows\System\LiPIuND.exe
  2⤵
  PID:5556
- C:\Windows\System\pZDaPdS.exe
  C:\Windows\System\pZDaPdS.exe
  2⤵
  PID:5572
- C:\Windows\System\bqawMwM.exe
  C:\Windows\System\bqawMwM.exe
  2⤵
  PID:5588
- C:\Windows\System\TzuOjyx.exe
  C:\Windows\System\TzuOjyx.exe
  2⤵
  PID:5612
- C:\Windows\System\JWsLIch.exe
  C:\Windows\System\JWsLIch.exe
  2⤵
  PID:5628
- C:\Windows\System\AieXRpO.exe
  C:\Windows\System\AieXRpO.exe
  2⤵
  PID:5644
- C:\Windows\System\nTDymVu.exe
  C:\Windows\System\nTDymVu.exe
  2⤵
  PID:5660
- C:\Windows\System\hkGhOBD.exe
  C:\Windows\System\hkGhOBD.exe
  2⤵
  PID:5680
- C:\Windows\System\mNuVGhS.exe
  C:\Windows\System\mNuVGhS.exe
  2⤵
  PID:5732
- C:\Windows\System\qeWOTWD.exe
  C:\Windows\System\qeWOTWD.exe
  2⤵
  PID:5752
- C:\Windows\System\UjGiQbN.exe
  C:\Windows\System\UjGiQbN.exe
  2⤵
  PID:5772
- C:\Windows\System\PLeaTnL.exe
  C:\Windows\System\PLeaTnL.exe
  2⤵
  PID:5788
- C:\Windows\System\GIMHdUe.exe
  C:\Windows\System\GIMHdUe.exe
  2⤵
  PID:5804
- C:\Windows\System\tOBVcuB.exe
  C:\Windows\System\tOBVcuB.exe
  2⤵
  PID:5832
- C:\Windows\System\iZBZuwm.exe
  C:\Windows\System\iZBZuwm.exe
  2⤵
  PID:5848
- C:\Windows\System\NpnvDDW.exe
  C:\Windows\System\NpnvDDW.exe
  2⤵
  PID:5864
- C:\Windows\System\ypndWJw.exe
  C:\Windows\System\ypndWJw.exe
  2⤵
  PID:5884
- C:\Windows\System\rDcdINk.exe
  C:\Windows\System\rDcdINk.exe
  2⤵
  PID:5904
- C:\Windows\System\iegdxZF.exe
  C:\Windows\System\iegdxZF.exe
  2⤵
  PID:5920
- C:\Windows\System\lJWRsFV.exe
  C:\Windows\System\lJWRsFV.exe
  2⤵
  PID:5952
- C:\Windows\System\fNLxozS.exe
  C:\Windows\System\fNLxozS.exe
  2⤵
  PID:5968
- C:\Windows\System\BydVoIK.exe
  C:\Windows\System\BydVoIK.exe
  2⤵
  PID:5988
- C:\Windows\System\AXRZTXy.exe
  C:\Windows\System\AXRZTXy.exe
  2⤵
  PID:6004
- C:\Windows\System\HTzZvsz.exe
  C:\Windows\System\HTzZvsz.exe
  2⤵
  PID:6020
- C:\Windows\System\HmENXHl.exe
  C:\Windows\System\HmENXHl.exe
  2⤵
  PID:6036
- C:\Windows\System\VhFeiAi.exe
  C:\Windows\System\VhFeiAi.exe
  2⤵
  PID:6068
- C:\Windows\System\FZUzpvy.exe
  C:\Windows\System\FZUzpvy.exe
  2⤵
  PID:6084
- C:\Windows\System\rCetick.exe
  C:\Windows\System\rCetick.exe
  2⤵
  PID:6108
- C:\Windows\System\pXZnbvS.exe
  C:\Windows\System\pXZnbvS.exe
  2⤵
  PID:6128
- C:\Windows\System\pvtxwoD.exe
  C:\Windows\System\pvtxwoD.exe
  2⤵
  PID:4344
- C:\Windows\System\MVKbPpU.exe
  C:\Windows\System\MVKbPpU.exe
  2⤵
  PID:2728
- C:\Windows\System\hmmQbKI.exe
  C:\Windows\System\hmmQbKI.exe
  2⤵
  PID:3420
- C:\Windows\System\lxuWkCH.exe
  C:\Windows\System\lxuWkCH.exe
  2⤵
  PID:5164
- C:\Windows\System\iEyWwus.exe
  C:\Windows\System\iEyWwus.exe
  2⤵
  PID:5236
- C:\Windows\System\DDbJpZu.exe
  C:\Windows\System\DDbJpZu.exe
  2⤵
  PID:2600
- C:\Windows\System\CXMdZnb.exe
  C:\Windows\System\CXMdZnb.exe
  2⤵
  PID:5352
- C:\Windows\System\AucacRF.exe
  C:\Windows\System\AucacRF.exe
  2⤵
  PID:2588
- C:\Windows\System\SldzNXi.exe
  C:\Windows\System\SldzNXi.exe
  2⤵
  PID:5428
- C:\Windows\System\KMjGhsL.exe
  C:\Windows\System\KMjGhsL.exe
  2⤵
  PID:5448
- C:\Windows\System\rEpiCQT.exe
  C:\Windows\System\rEpiCQT.exe
  2⤵
  PID:5184
- C:\Windows\System\tWglRqo.exe
  C:\Windows\System\tWglRqo.exe
  2⤵
  PID:5300
- C:\Windows\System\FsgYuYq.exe
  C:\Windows\System\FsgYuYq.exe
  2⤵
  PID:5424
- C:\Windows\System\yZTnclf.exe
  C:\Windows\System\yZTnclf.exe
  2⤵
  PID:5368
- C:\Windows\System\eqzJQfQ.exe
  C:\Windows\System\eqzJQfQ.exe
  2⤵
  PID:5480
- C:\Windows\System\PIkrYtE.exe
  C:\Windows\System\PIkrYtE.exe
  2⤵
  PID:5536
- C:\Windows\System\miHICyN.exe
  C:\Windows\System\miHICyN.exe
  2⤵
  PID:5508
- C:\Windows\System\xhpfhCZ.exe
  C:\Windows\System\xhpfhCZ.exe
  2⤵
  PID:5608
- C:\Windows\System\gnIpQVE.exe
  C:\Windows\System\gnIpQVE.exe
  2⤵
  PID:5672
- C:\Windows\System\zDWXHEm.exe
  C:\Windows\System\zDWXHEm.exe
  2⤵
  PID:5548
- C:\Windows\System\sTxwAkR.exe
  C:\Windows\System\sTxwAkR.exe
  2⤵
  PID:5620
- C:\Windows\System\GSzwyBe.exe
  C:\Windows\System\GSzwyBe.exe
  2⤵
  PID:5688
- C:\Windows\System\BCZRTXZ.exe
  C:\Windows\System\BCZRTXZ.exe
  2⤵
  PID:5728
- C:\Windows\System\ghjnIWn.exe
  C:\Windows\System\ghjnIWn.exe
  2⤵
  PID:5780
- C:\Windows\System\kmoKTQM.exe
  C:\Windows\System\kmoKTQM.exe
  2⤵
  PID:5812
- C:\Windows\System\SMSdIup.exe
  C:\Windows\System\SMSdIup.exe
  2⤵
  PID:2008
- C:\Windows\System\rCViIEm.exe
  C:\Windows\System\rCViIEm.exe
  2⤵
  PID:5800
- C:\Windows\System\jlDTaMj.exe
  C:\Windows\System\jlDTaMj.exe
  2⤵
  PID:5880
- C:\Windows\System\ePLqxwD.exe
  C:\Windows\System\ePLqxwD.exe
  2⤵
  PID:5936
- C:\Windows\System\YvwJlLU.exe
  C:\Windows\System\YvwJlLU.exe
  2⤵
  PID:5876
- C:\Windows\System\KKdUZWA.exe
  C:\Windows\System\KKdUZWA.exe
  2⤵
  PID:6048
- C:\Windows\System\KhFHScx.exe
  C:\Windows\System\KhFHScx.exe
  2⤵
  PID:5916
- C:\Windows\System\iopypDx.exe
  C:\Windows\System\iopypDx.exe
  2⤵
  PID:6076
- C:\Windows\System\PaysTKg.exe
  C:\Windows\System\PaysTKg.exe
  2⤵
  PID:6140
- C:\Windows\System\csBWWOJ.exe
  C:\Windows\System\csBWWOJ.exe
  2⤵
  PID:2808
- C:\Windows\System\MIoaDYx.exe
  C:\Windows\System\MIoaDYx.exe
  2⤵
  PID:5008
- C:\Windows\System\VkhwzKk.exe
  C:\Windows\System\VkhwzKk.exe
  2⤵
  PID:1748
- C:\Windows\System\syRgCaP.exe
  C:\Windows\System\syRgCaP.exe
  2⤵
  PID:5316
- C:\Windows\System\tglqima.exe
  C:\Windows\System\tglqima.exe
  2⤵
  PID:5332
- C:\Windows\System\VlUWpmX.exe
  C:\Windows\System\VlUWpmX.exe
  2⤵
  PID:5420
- C:\Windows\System\NvwuqsF.exe
  C:\Windows\System\NvwuqsF.exe
  2⤵
  PID:5180
- C:\Windows\System\QXHfYvp.exe
  C:\Windows\System\QXHfYvp.exe
  2⤵
  PID:4588
- C:\Windows\System\NICDFrn.exe
  C:\Windows\System\NICDFrn.exe
  2⤵
  PID:5568
- C:\Windows\System\wGPBnug.exe
  C:\Windows\System\wGPBnug.exe
  2⤵
  PID:5668
- C:\Windows\System\fKCKolc.exe
  C:\Windows\System\fKCKolc.exe
  2⤵
  PID:5704
- C:\Windows\System\rlLDFAm.exe
  C:\Windows\System\rlLDFAm.exe
  2⤵
  PID:5768
- C:\Windows\System\UgVgpOP.exe
  C:\Windows\System\UgVgpOP.exe
  2⤵
  PID:5248
- C:\Windows\System\gSTRCQf.exe
  C:\Windows\System\gSTRCQf.exe
  2⤵
  PID:5696
- C:\Windows\System\eHuqlbM.exe
  C:\Windows\System\eHuqlbM.exe
  2⤵
  PID:5820
- C:\Windows\System\mQiKOXT.exe
  C:\Windows\System\mQiKOXT.exe
  2⤵
  PID:5944
- C:\Windows\System\IWdoYXk.exe
  C:\Windows\System\IWdoYXk.exe
  2⤵
  PID:5596
- C:\Windows\System\zDLcSFH.exe
  C:\Windows\System\zDLcSFH.exe
  2⤵
  PID:5872
- C:\Windows\System\phtXsFg.exe
  C:\Windows\System\phtXsFg.exe
  2⤵
  PID:6044
- C:\Windows\System\mRRFtZz.exe
  C:\Windows\System\mRRFtZz.exe
  2⤵
  PID:6028
- C:\Windows\System\wnRpsEM.exe
  C:\Windows\System\wnRpsEM.exe
  2⤵
  PID:3652
- C:\Windows\System\cNGKPnd.exe
  C:\Windows\System\cNGKPnd.exe
  2⤵
  PID:6060
- C:\Windows\System\ZVnrSYT.exe
  C:\Windows\System\ZVnrSYT.exe
  2⤵
  PID:6136
- C:\Windows\System\gXaziJl.exe
  C:\Windows\System\gXaziJl.exe
  2⤵
  PID:6120
- C:\Windows\System\lzTwpGt.exe
  C:\Windows\System\lzTwpGt.exe
  2⤵
  PID:5408
- C:\Windows\System\Ayzcdqg.exe
  C:\Windows\System\Ayzcdqg.exe
  2⤵
  PID:5896
- C:\Windows\System\niDYypN.exe
  C:\Windows\System\niDYypN.exe
  2⤵
  PID:5740
- C:\Windows\System\JtTcJIQ.exe
  C:\Windows\System\JtTcJIQ.exe
  2⤵
  PID:5136
- C:\Windows\System\sLrEOyP.exe
  C:\Windows\System\sLrEOyP.exe
  2⤵
  PID:5496
- C:\Windows\System\qSqnKoI.exe
  C:\Windows\System\qSqnKoI.exe
  2⤵
  PID:5760
- C:\Windows\System\IAuogto.exe
  C:\Windows\System\IAuogto.exe
  2⤵
  PID:5256
- C:\Windows\System\nVhxioy.exe
  C:\Windows\System\nVhxioy.exe
  2⤵
  PID:5840
- C:\Windows\System\mgYnYsG.exe
  C:\Windows\System\mgYnYsG.exe
  2⤵
  PID:5984
- C:\Windows\System\lYSARXs.exe
  C:\Windows\System\lYSARXs.exe
  2⤵
  PID:6000
- C:\Windows\System\PTRebOh.exe
  C:\Windows\System\PTRebOh.exe
  2⤵
  PID:6104
- C:\Windows\System\QCcWNKu.exe
  C:\Windows\System\QCcWNKu.exe
  2⤵
  PID:5280
- C:\Windows\System\hGVTzvz.exe
  C:\Windows\System\hGVTzvz.exe
  2⤵
  PID:5312
- C:\Windows\System\DyYtRKI.exe
  C:\Windows\System\DyYtRKI.exe
  2⤵
  PID:6124
- C:\Windows\System\iMihtQw.exe
  C:\Windows\System\iMihtQw.exe
  2⤵
  PID:5456
- C:\Windows\System\HJMrvcr.exe
  C:\Windows\System\HJMrvcr.exe
  2⤵
  PID:5716
- C:\Windows\System\gKiwOpA.exe
  C:\Windows\System\gKiwOpA.exe
  2⤵
  PID:5828
- C:\Windows\System\LFNarGR.exe
  C:\Windows\System\LFNarGR.exe
  2⤵
  PID:6032
- C:\Windows\System\RazXnWJ.exe
  C:\Windows\System\RazXnWJ.exe
  2⤵
  PID:5328
- C:\Windows\System\QenycDV.exe
  C:\Windows\System\QenycDV.exe
  2⤵
  PID:5700
- C:\Windows\System\vVfyOsg.exe
  C:\Windows\System\vVfyOsg.exe
  2⤵
  PID:5212
- C:\Windows\System\KxlPsFM.exe
  C:\Windows\System\KxlPsFM.exe
  2⤵
  PID:5392
- C:\Windows\System\xZOGgZD.exe
  C:\Windows\System\xZOGgZD.exe
  2⤵
  PID:5600
- C:\Windows\System\CDMNQpB.exe
  C:\Windows\System\CDMNQpB.exe
  2⤵
  PID:6012
- C:\Windows\System\BcNlbWe.exe
  C:\Windows\System\BcNlbWe.exe
  2⤵
  PID:6148
- C:\Windows\System\rZlcDMs.exe
  C:\Windows\System\rZlcDMs.exe
  2⤵
  PID:6164
- C:\Windows\System\KUoUDsp.exe
  C:\Windows\System\KUoUDsp.exe
  2⤵
  PID:6196
- C:\Windows\System\nXVZwBq.exe
  C:\Windows\System\nXVZwBq.exe
  2⤵
  PID:6216
- C:\Windows\System\aYCzCec.exe
  C:\Windows\System\aYCzCec.exe
  2⤵
  PID:6248
- C:\Windows\System\gTKkEZA.exe
  C:\Windows\System\gTKkEZA.exe
  2⤵
  PID:6264
- C:\Windows\System\XZmnASd.exe
  C:\Windows\System\XZmnASd.exe
  2⤵
  PID:6280
- C:\Windows\System\FVgbjKV.exe
  C:\Windows\System\FVgbjKV.exe
  2⤵
  PID:6304
- C:\Windows\System\WptVwxS.exe
  C:\Windows\System\WptVwxS.exe
  2⤵
  PID:6328
- C:\Windows\System\gbvAZSH.exe
  C:\Windows\System\gbvAZSH.exe
  2⤵
  PID:6344
- C:\Windows\System\XuBweQP.exe
  C:\Windows\System\XuBweQP.exe
  2⤵
  PID:6364
- C:\Windows\System\aQeEwyS.exe
  C:\Windows\System\aQeEwyS.exe
  2⤵
  PID:6384
- C:\Windows\System\VMGixkv.exe
  C:\Windows\System\VMGixkv.exe
  2⤵
  PID:6404
- C:\Windows\System\VHAFwlK.exe
  C:\Windows\System\VHAFwlK.exe
  2⤵
  PID:6424
- C:\Windows\System\SXbqefJ.exe
  C:\Windows\System\SXbqefJ.exe
  2⤵
  PID:6444
- C:\Windows\System\wZvwEmB.exe
  C:\Windows\System\wZvwEmB.exe
  2⤵
  PID:6460
- C:\Windows\System\PCOkXpa.exe
  C:\Windows\System\PCOkXpa.exe
  2⤵
  PID:6476
- C:\Windows\System\zTgzvLK.exe
  C:\Windows\System\zTgzvLK.exe
  2⤵
  PID:6492
- C:\Windows\System\beSeEPs.exe
  C:\Windows\System\beSeEPs.exe
  2⤵
  PID:6508
- C:\Windows\System\aDbKwnF.exe
  C:\Windows\System\aDbKwnF.exe
  2⤵
  PID:6524
- C:\Windows\System\aSYmjiN.exe
  C:\Windows\System\aSYmjiN.exe
  2⤵
  PID:6560
- C:\Windows\System\kuUwGtj.exe
  C:\Windows\System\kuUwGtj.exe
  2⤵
  PID:6576
- C:\Windows\System\vGlDeSA.exe
  C:\Windows\System\vGlDeSA.exe
  2⤵
  PID:6608
- C:\Windows\System\ASMDXtL.exe
  C:\Windows\System\ASMDXtL.exe
  2⤵
  PID:6628
- C:\Windows\System\DIVWSqL.exe
  C:\Windows\System\DIVWSqL.exe
  2⤵
  PID:6644
- C:\Windows\System\TwKnfRO.exe
  C:\Windows\System\TwKnfRO.exe
  2⤵
  PID:6668
- C:\Windows\System\CdNZSxM.exe
  C:\Windows\System\CdNZSxM.exe
  2⤵
  PID:6692
- C:\Windows\System\ziOEYgn.exe
  C:\Windows\System\ziOEYgn.exe
  2⤵
  PID:6708
- C:\Windows\System\ZUCpYJQ.exe
  C:\Windows\System\ZUCpYJQ.exe
  2⤵
  PID:6724
- C:\Windows\System\RSRoEAr.exe
  C:\Windows\System\RSRoEAr.exe
  2⤵
  PID:6740
- C:\Windows\System\hUeFkNg.exe
  C:\Windows\System\hUeFkNg.exe
  2⤵
  PID:6756
- C:\Windows\System\FBTFjKq.exe
  C:\Windows\System\FBTFjKq.exe
  2⤵
  PID:6776
- C:\Windows\System\kDkznev.exe
  C:\Windows\System\kDkznev.exe
  2⤵
  PID:6808
- C:\Windows\System\eFxcFzG.exe
  C:\Windows\System\eFxcFzG.exe
  2⤵
  PID:6828
- C:\Windows\System\NmmxaNz.exe
  C:\Windows\System\NmmxaNz.exe
  2⤵
  PID:6852
- C:\Windows\System\sYkOVkW.exe
  C:\Windows\System\sYkOVkW.exe
  2⤵
  PID:6868
- C:\Windows\System\fFltlXO.exe
  C:\Windows\System\fFltlXO.exe
  2⤵
  PID:6884
- C:\Windows\System\cNZYLkS.exe
  C:\Windows\System\cNZYLkS.exe
  2⤵
  PID:6900
- C:\Windows\System\thADDIZ.exe
  C:\Windows\System\thADDIZ.exe
  2⤵
  PID:6916
- C:\Windows\System\mJoMGke.exe
  C:\Windows\System\mJoMGke.exe
  2⤵
  PID:6932
- C:\Windows\System\wsYpPWL.exe
  C:\Windows\System\wsYpPWL.exe
  2⤵
  PID:6948
- C:\Windows\System\aeHxbge.exe
  C:\Windows\System\aeHxbge.exe
  2⤵
  PID:6964
- C:\Windows\System\jTmmPTi.exe
  C:\Windows\System\jTmmPTi.exe
  2⤵
  PID:6980
- C:\Windows\System\dKFSHsS.exe
  C:\Windows\System\dKFSHsS.exe
  2⤵
  PID:6996
- C:\Windows\System\HaMuniU.exe
  C:\Windows\System\HaMuniU.exe
  2⤵
  PID:7016
- C:\Windows\System\aXLTLWs.exe
  C:\Windows\System\aXLTLWs.exe
  2⤵
  PID:7072
- C:\Windows\System\YyREEke.exe
  C:\Windows\System\YyREEke.exe
  2⤵
  PID:7088
- C:\Windows\System\CHwzlVt.exe
  C:\Windows\System\CHwzlVt.exe
  2⤵
  PID:7108
- C:\Windows\System\AelIgdH.exe
  C:\Windows\System\AelIgdH.exe
  2⤵
  PID:7128
- C:\Windows\System\antDNPG.exe
  C:\Windows\System\antDNPG.exe
  2⤵
  PID:7148
- C:\Windows\System\nNkKnUM.exe
  C:\Windows\System\nNkKnUM.exe
  2⤵
  PID:5652
- C:\Windows\System\utShZuX.exe
  C:\Windows\System\utShZuX.exe
  2⤵
  PID:5404
- C:\Windows\System\IMCYiLt.exe
  C:\Windows\System\IMCYiLt.exe
  2⤵
  PID:6180
- C:\Windows\System\qRUnHPQ.exe
  C:\Windows\System\qRUnHPQ.exe
  2⤵
  PID:5336
- C:\Windows\System\jWxVtHf.exe
  C:\Windows\System\jWxVtHf.exe
  2⤵
  PID:6236
- C:\Windows\System\mVAEGFR.exe
  C:\Windows\System\mVAEGFR.exe
  2⤵
  PID:6156
- C:\Windows\System\mtVkuQa.exe
  C:\Windows\System\mtVkuQa.exe
  2⤵
  PID:6256
- C:\Windows\System\jepAZxJ.exe
  C:\Windows\System\jepAZxJ.exe
  2⤵
  PID:6312
- C:\Windows\System\dGvGhEJ.exe
  C:\Windows\System\dGvGhEJ.exe
  2⤵
  PID:6300
- C:\Windows\System\TlheLsG.exe
  C:\Windows\System\TlheLsG.exe
  2⤵
  PID:6352
- C:\Windows\System\XyofSuS.exe
  C:\Windows\System\XyofSuS.exe
  2⤵
  PID:6436
- C:\Windows\System\UFhvYxL.exe
  C:\Windows\System\UFhvYxL.exe
  2⤵
  PID:6500
- C:\Windows\System\YgHuZPM.exe
  C:\Windows\System\YgHuZPM.exe
  2⤵
  PID:6420
- C:\Windows\System\XffnvMT.exe
  C:\Windows\System\XffnvMT.exe
  2⤵
  PID:6556
- C:\Windows\System\cWrWLXV.exe
  C:\Windows\System\cWrWLXV.exe
  2⤵
  PID:6416
- C:\Windows\System\ZHyQNYn.exe
  C:\Windows\System\ZHyQNYn.exe
  2⤵
  PID:6412
- C:\Windows\System\slvAsVu.exe
  C:\Windows\System\slvAsVu.exe
  2⤵
  PID:6572
- C:\Windows\System\dcJsxwf.exe
  C:\Windows\System\dcJsxwf.exe
  2⤵
  PID:6624
- C:\Windows\System\Kdoclhs.exe
  C:\Windows\System\Kdoclhs.exe
  2⤵
  PID:6640
- C:\Windows\System\fXKxlUO.exe
  C:\Windows\System\fXKxlUO.exe
  2⤵
  PID:6664
- C:\Windows\System\apZVBGD.exe
  C:\Windows\System\apZVBGD.exe
  2⤵
  PID:6720
- C:\Windows\System\QROoknz.exe
  C:\Windows\System\QROoknz.exe
  2⤵
  PID:6700
- C:\Windows\System\ZgQjfJW.exe
  C:\Windows\System\ZgQjfJW.exe
  2⤵
  PID:6796
- C:\Windows\System\zxkVtwY.exe
  C:\Windows\System\zxkVtwY.exe
  2⤵
  PID:6736
- C:\Windows\System\TsIKHUV.exe
  C:\Windows\System\TsIKHUV.exe
  2⤵
  PID:6772
- C:\Windows\System\ZVTpuqR.exe
  C:\Windows\System\ZVTpuqR.exe
  2⤵
  PID:6840
- C:\Windows\System\MFrQmOJ.exe
  C:\Windows\System\MFrQmOJ.exe
  2⤵
  PID:6892
- C:\Windows\System\nLPrXnS.exe
  C:\Windows\System\nLPrXnS.exe
  2⤵
  PID:6944
- C:\Windows\System\ebPmrlI.exe
  C:\Windows\System\ebPmrlI.exe
  2⤵
  PID:6928
- C:\Windows\System\ZaswKWT.exe
  C:\Windows\System\ZaswKWT.exe
  2⤵
  PID:6924
- C:\Windows\System\gVRMbLQ.exe
  C:\Windows\System\gVRMbLQ.exe
  2⤵
  PID:7036
- C:\Windows\System\mDxoCPg.exe
  C:\Windows\System\mDxoCPg.exe
  2⤵
  PID:7100
- C:\Windows\System\RXXkXZL.exe
  C:\Windows\System\RXXkXZL.exe
  2⤵
  PID:7136
- C:\Windows\System\BlqaiOA.exe
  C:\Windows\System\BlqaiOA.exe
  2⤵
  PID:1484
- C:\Windows\System\GkzNsyH.exe
  C:\Windows\System\GkzNsyH.exe
  2⤵
  PID:2020
- C:\Windows\System\uuImgUZ.exe
  C:\Windows\System\uuImgUZ.exe
  2⤵
  PID:6184
- C:\Windows\System\LFDidSK.exe
  C:\Windows\System\LFDidSK.exe
  2⤵
  PID:5520
- C:\Windows\System\LDFISof.exe
  C:\Windows\System\LDFISof.exe
  2⤵
  PID:6272
- C:\Windows\System\utVLbNX.exe
  C:\Windows\System\utVLbNX.exe
  2⤵
  PID:6320
- C:\Windows\System\zKTaWjl.exe
  C:\Windows\System\zKTaWjl.exe
  2⤵
  PID:6276
- C:\Windows\System\duNAxqB.exe
  C:\Windows\System\duNAxqB.exe
  2⤵
  PID:6468
- C:\Windows\System\FBHTvzt.exe
  C:\Windows\System\FBHTvzt.exe
  2⤵
  PID:6592
- C:\Windows\System\wLCuFOr.exe
  C:\Windows\System\wLCuFOr.exe
  2⤵
  PID:6568
- C:\Windows\System\cpoNYtF.exe
  C:\Windows\System\cpoNYtF.exe
  2⤵
  PID:6684
- C:\Windows\System\dOEprXz.exe
  C:\Windows\System\dOEprXz.exe
  2⤵
  PID:6516
- C:\Windows\System\oFkVRaz.exe
  C:\Windows\System\oFkVRaz.exe
  2⤵
  PID:6784
- C:\Windows\System\pRqDygF.exe
  C:\Windows\System\pRqDygF.exe
  2⤵
  PID:6768
- C:\Windows\System\eklSTvg.exe
  C:\Windows\System\eklSTvg.exe
  2⤵
  PID:6864
- C:\Windows\System\MpzGhik.exe
  C:\Windows\System\MpzGhik.exe
  2⤵
  PID:7008
- C:\Windows\System\mwFBgul.exe
  C:\Windows\System\mwFBgul.exe
  2⤵
  PID:7032
- C:\Windows\System\BxggSzS.exe
  C:\Windows\System\BxggSzS.exe
  2⤵
  PID:7080
- C:\Windows\System\PawFdiS.exe
  C:\Windows\System\PawFdiS.exe
  2⤵
  PID:6844
- C:\Windows\System\PlzAveT.exe
  C:\Windows\System\PlzAveT.exe
  2⤵
  PID:7096
- C:\Windows\System\waOpHHl.exe
  C:\Windows\System\waOpHHl.exe
  2⤵
  PID:1376
- C:\Windows\System\glIbAKQ.exe
  C:\Windows\System\glIbAKQ.exe
  2⤵
  PID:5200
- C:\Windows\System\SiKgLRw.exe
  C:\Windows\System\SiKgLRw.exe
  2⤵
  PID:6540
- C:\Windows\System\qaUUWKp.exe
  C:\Windows\System\qaUUWKp.exe
  2⤵
  PID:6176
- C:\Windows\System\HwIiBGF.exe
  C:\Windows\System\HwIiBGF.exe
  2⤵
  PID:6336
- C:\Windows\System\KMNwUaD.exe
  C:\Windows\System\KMNwUaD.exe
  2⤵
  PID:6636
- C:\Windows\System\mPQLUIz.exe
  C:\Windows\System\mPQLUIz.exe
  2⤵
  PID:6484
- C:\Windows\System\lUDVyKr.exe
  C:\Windows\System\lUDVyKr.exe
  2⤵
  PID:6764
- C:\Windows\System\gzrMSKb.exe
  C:\Windows\System\gzrMSKb.exe
  2⤵
  PID:6940
- C:\Windows\System\kJfLrEx.exe
  C:\Windows\System\kJfLrEx.exe
  2⤵
  PID:7040
- C:\Windows\System\cbFPHFQ.exe
  C:\Windows\System\cbFPHFQ.exe
  2⤵
  PID:7104
- C:\Windows\System\mZzSUih.exe
  C:\Windows\System\mZzSUih.exe
  2⤵
  PID:6456
- C:\Windows\System\uljujYU.exe
  C:\Windows\System\uljujYU.exe
  2⤵
  PID:5720
- C:\Windows\System\dxUBSMC.exe
  C:\Windows\System\dxUBSMC.exe
  2⤵
  PID:6376
- C:\Windows\System\ICwlWpH.exe
  C:\Windows\System\ICwlWpH.exe
  2⤵
  PID:6296
- C:\Windows\System\xqOHbcq.exe
  C:\Windows\System\xqOHbcq.exe
  2⤵
  PID:6340
- C:\Windows\System\BIxUXqe.exe
  C:\Windows\System\BIxUXqe.exe
  2⤵
  PID:6988
- C:\Windows\System\xdfiISM.exe
  C:\Windows\System\xdfiISM.exe
  2⤵
  PID:7028
- C:\Windows\System\nSQsteq.exe
  C:\Windows\System\nSQsteq.exe
  2⤵
  PID:6660
- C:\Windows\System\TIyxlXQ.exe
  C:\Windows\System\TIyxlXQ.exe
  2⤵
  PID:6912
- C:\Windows\System\qDdUNck.exe
  C:\Windows\System\qDdUNck.exe
  2⤵
  PID:7120
- C:\Windows\System\zqcUTAv.exe
  C:\Windows\System\zqcUTAv.exe
  2⤵
  PID:7004
- C:\Windows\System\hnCnSXg.exe
  C:\Windows\System\hnCnSXg.exe
  2⤵
  PID:6244
- C:\Windows\System\UYNDOsy.exe
  C:\Windows\System\UYNDOsy.exe
  2⤵
  PID:6976
- C:\Windows\System\zWewwwn.exe
  C:\Windows\System\zWewwwn.exe
  2⤵
  PID:6016
- C:\Windows\System\MogxhWU.exe
  C:\Windows\System\MogxhWU.exe
  2⤵
  PID:6228
- C:\Windows\System\fmlNLim.exe
  C:\Windows\System\fmlNLim.exe
  2⤵
  PID:6820
- C:\Windows\System\pLOTpia.exe
  C:\Windows\System\pLOTpia.exe
  2⤵
  PID:6680
- C:\Windows\System\rGfImxk.exe
  C:\Windows\System\rGfImxk.exe
  2⤵
  PID:7180
- C:\Windows\System\WoFJxVD.exe
  C:\Windows\System\WoFJxVD.exe
  2⤵
  PID:7200
- C:\Windows\System\qqRejce.exe
  C:\Windows\System\qqRejce.exe
  2⤵
  PID:7216
- C:\Windows\System\eKftwdh.exe
  C:\Windows\System\eKftwdh.exe
  2⤵
  PID:7232
- C:\Windows\System\dTEhVkX.exe
  C:\Windows\System\dTEhVkX.exe
  2⤵
  PID:7248
- C:\Windows\System\aPBGJUu.exe
  C:\Windows\System\aPBGJUu.exe
  2⤵
  PID:7264
- C:\Windows\System\vwMZTII.exe
  C:\Windows\System\vwMZTII.exe
  2⤵
  PID:7280
- C:\Windows\System\ucjEOZm.exe
  C:\Windows\System\ucjEOZm.exe
  2⤵
  PID:7300
- C:\Windows\System\uHVkvZv.exe
  C:\Windows\System\uHVkvZv.exe
  2⤵
  PID:7316
- C:\Windows\System\SUpyZgV.exe
  C:\Windows\System\SUpyZgV.exe
  2⤵
  PID:7332
- C:\Windows\System\UOWcHNz.exe
  C:\Windows\System\UOWcHNz.exe
  2⤵
  PID:7356
- C:\Windows\System\gHRFsrQ.exe
  C:\Windows\System\gHRFsrQ.exe
  2⤵
  PID:7400
- C:\Windows\System\oOFzpvs.exe
  C:\Windows\System\oOFzpvs.exe
  2⤵
  PID:7416
- C:\Windows\System\WMOZyPe.exe
  C:\Windows\System\WMOZyPe.exe
  2⤵
  PID:7432
- C:\Windows\System\jTlowHW.exe
  C:\Windows\System\jTlowHW.exe
  2⤵
  PID:7460
- C:\Windows\System\hucJfzD.exe
  C:\Windows\System\hucJfzD.exe
  2⤵
  PID:7480
- C:\Windows\System\RncsOEr.exe
  C:\Windows\System\RncsOEr.exe
  2⤵
  PID:7496
- C:\Windows\System\lYDYHce.exe
  C:\Windows\System\lYDYHce.exe
  2⤵
  PID:7512
- C:\Windows\System\zxwcMsx.exe
  C:\Windows\System\zxwcMsx.exe
  2⤵
  PID:7528
- C:\Windows\System\nVHrfJZ.exe
  C:\Windows\System\nVHrfJZ.exe
  2⤵
  PID:7544
- C:\Windows\System\JXiADUQ.exe
  C:\Windows\System\JXiADUQ.exe
  2⤵
  PID:7560
- C:\Windows\System\GfXhMan.exe
  C:\Windows\System\GfXhMan.exe
  2⤵
  PID:7588
- C:\Windows\System\wiSXTYX.exe
  C:\Windows\System\wiSXTYX.exe
  2⤵
  PID:7612
- C:\Windows\System\buoGlXZ.exe
  C:\Windows\System\buoGlXZ.exe
  2⤵
  PID:7644
- C:\Windows\System\HEScxDu.exe
  C:\Windows\System\HEScxDu.exe
  2⤵
  PID:7660
- C:\Windows\System\fkevqCN.exe
  C:\Windows\System\fkevqCN.exe
  2⤵
  PID:7676
- C:\Windows\System\TTnLcCR.exe
  C:\Windows\System\TTnLcCR.exe
  2⤵
  PID:7696
- C:\Windows\System\GMUXtHL.exe
  C:\Windows\System\GMUXtHL.exe
  2⤵
  PID:7720
- C:\Windows\System\dktogOu.exe
  C:\Windows\System\dktogOu.exe
  2⤵
  PID:7736
- C:\Windows\System\UTOBXsQ.exe
  C:\Windows\System\UTOBXsQ.exe
  2⤵
  PID:7756
- C:\Windows\System\vzHaozP.exe
  C:\Windows\System\vzHaozP.exe
  2⤵
  PID:7772
- C:\Windows\System\TLNrNcC.exe
  C:\Windows\System\TLNrNcC.exe
  2⤵
  PID:7788
- C:\Windows\System\dkUmifY.exe
  C:\Windows\System\dkUmifY.exe
  2⤵
  PID:7820
- C:\Windows\System\qPMPFUc.exe
  C:\Windows\System\qPMPFUc.exe
  2⤵
  PID:7840
- C:\Windows\System\xPnRwcD.exe
  C:\Windows\System\xPnRwcD.exe
  2⤵
  PID:7856
- C:\Windows\System\maDjOSB.exe
  C:\Windows\System\maDjOSB.exe
  2⤵
  PID:7880
- C:\Windows\System\Vlwexbe.exe
  C:\Windows\System\Vlwexbe.exe
  2⤵
  PID:7896
- C:\Windows\System\BDerIYS.exe
  C:\Windows\System\BDerIYS.exe
  2⤵
  PID:7924
- C:\Windows\System\eXnwXMP.exe
  C:\Windows\System\eXnwXMP.exe
  2⤵
  PID:7940
- C:\Windows\System\RjvRptb.exe
  C:\Windows\System\RjvRptb.exe
  2⤵
  PID:7960
- C:\Windows\System\aKejZKE.exe
  C:\Windows\System\aKejZKE.exe
  2⤵
  PID:7976
- C:\Windows\System\nxeajbE.exe
  C:\Windows\System\nxeajbE.exe
  2⤵
  PID:8004
- C:\Windows\System\FpxmLCX.exe
  C:\Windows\System\FpxmLCX.exe
  2⤵
  PID:8020
- C:\Windows\System\bWSZwbp.exe
  C:\Windows\System\bWSZwbp.exe
  2⤵
  PID:8036
- C:\Windows\System\BWidrri.exe
  C:\Windows\System\BWidrri.exe
  2⤵
  PID:8060
- C:\Windows\System\AZPHSKH.exe
  C:\Windows\System\AZPHSKH.exe
  2⤵
  PID:8080
- C:\Windows\System\LAouhma.exe
  C:\Windows\System\LAouhma.exe
  2⤵
  PID:8100
- C:\Windows\System\EbvRnNg.exe
  C:\Windows\System\EbvRnNg.exe
  2⤵
  PID:8128
- C:\Windows\System\eyKcNCl.exe
  C:\Windows\System\eyKcNCl.exe
  2⤵
  PID:8144
- C:\Windows\System\KgBCnOM.exe
  C:\Windows\System\KgBCnOM.exe
  2⤵
  PID:8164
- C:\Windows\System\YrceOnk.exe
  C:\Windows\System\YrceOnk.exe
  2⤵
  PID:8184
- C:\Windows\System\EiqGVsF.exe
  C:\Windows\System\EiqGVsF.exe
  2⤵
  PID:6880
- C:\Windows\System\fpeTMEp.exe
  C:\Windows\System\fpeTMEp.exe
  2⤵
  PID:7196
- C:\Windows\System\GxuVWue.exe
  C:\Windows\System\GxuVWue.exe
  2⤵
  PID:7292
- C:\Windows\System\FAQOlaq.exe
  C:\Windows\System\FAQOlaq.exe
  2⤵
  PID:7260
- C:\Windows\System\EmOLpih.exe
  C:\Windows\System\EmOLpih.exe
  2⤵
  PID:7368
- C:\Windows\System\znUQWqt.exe
  C:\Windows\System\znUQWqt.exe
  2⤵
  PID:7384
- C:\Windows\System\VIsBiHt.exe
  C:\Windows\System\VIsBiHt.exe
  2⤵
  PID:7240
- C:\Windows\System\ClHypQH.exe
  C:\Windows\System\ClHypQH.exe
  2⤵
  PID:7308
- C:\Windows\System\eteWRHn.exe
  C:\Windows\System\eteWRHn.exe
  2⤵
  PID:7348
- C:\Windows\System\aIBZClR.exe
  C:\Windows\System\aIBZClR.exe
  2⤵
  PID:7424
- C:\Windows\System\VrTuyTC.exe
  C:\Windows\System\VrTuyTC.exe
  2⤵
  PID:7468
- C:\Windows\System\HirDfCB.exe
  C:\Windows\System\HirDfCB.exe
  2⤵
  PID:7536
- C:\Windows\System\RJuKcwM.exe
  C:\Windows\System\RJuKcwM.exe
  2⤵
  PID:7440
- C:\Windows\System\HtPlVVV.exe
  C:\Windows\System\HtPlVVV.exe
  2⤵
  PID:7444
- C:\Windows\System\wiDmvSB.exe
  C:\Windows\System\wiDmvSB.exe
  2⤵
  PID:7552
- C:\Windows\System\fQcqPxR.exe
  C:\Windows\System\fQcqPxR.exe
  2⤵
  PID:7628
- C:\Windows\System\rfnzTHD.exe
  C:\Windows\System\rfnzTHD.exe
  2⤵
  PID:7672
- C:\Windows\System\moWpwiV.exe
  C:\Windows\System\moWpwiV.exe
  2⤵
  PID:7692
- C:\Windows\System\HPIyvVO.exe
  C:\Windows\System\HPIyvVO.exe
  2⤵
  PID:7748
- C:\Windows\System\EUmiQeN.exe
  C:\Windows\System\EUmiQeN.exe
  2⤵
  PID:7764
- C:\Windows\System\UPddGTg.exe
  C:\Windows\System\UPddGTg.exe
  2⤵
  PID:7812
- C:\Windows\System\nWuInDC.exe
  C:\Windows\System\nWuInDC.exe
  2⤵
  PID:7816
- C:\Windows\System\wGmoEHf.exe
  C:\Windows\System\wGmoEHf.exe
  2⤵
  PID:7868
- C:\Windows\System\EYZFcgT.exe
  C:\Windows\System\EYZFcgT.exe
  2⤵
  PID:7876
- C:\Windows\System\fIeNTzk.exe
  C:\Windows\System\fIeNTzk.exe
  2⤵
  PID:7912
- C:\Windows\System\nETGxFD.exe
  C:\Windows\System\nETGxFD.exe
  2⤵
  PID:7948
- C:\Windows\System\ZcqtwjE.exe
  C:\Windows\System\ZcqtwjE.exe
  2⤵
  PID:7972
- C:\Windows\System\lwjlyVQ.exe
  C:\Windows\System\lwjlyVQ.exe
  2⤵
  PID:8032
- C:\Windows\System\JcmCEax.exe
  C:\Windows\System\JcmCEax.exe
  2⤵
  PID:8072
- C:\Windows\System\yGQbNlO.exe
  C:\Windows\System\yGQbNlO.exe
  2⤵
  PID:8088
- C:\Windows\System\nGHffGA.exe
  C:\Windows\System\nGHffGA.exe
  2⤵
  PID:8116
- C:\Windows\System\fbhBstr.exe
  C:\Windows\System\fbhBstr.exe
  2⤵
  PID:8160
- C:\Windows\System\RZqtgio.exe
  C:\Windows\System\RZqtgio.exe
  2⤵
  PID:7160
- C:\Windows\System\yVTHFEI.exe
  C:\Windows\System\yVTHFEI.exe
  2⤵
  PID:7084
- C:\Windows\System\TJktzin.exe
  C:\Windows\System\TJktzin.exe
  2⤵
  PID:7228
- C:\Windows\System\mZkJJvS.exe
  C:\Windows\System\mZkJJvS.exe
  2⤵
  PID:7272
- C:\Windows\System\QckgSJL.exe
  C:\Windows\System\QckgSJL.exe
  2⤵
  PID:7396
- C:\Windows\System\DEnPWfk.exe
  C:\Windows\System\DEnPWfk.exe
  2⤵
  PID:7476
- C:\Windows\System\ZTCrFzk.exe
  C:\Windows\System\ZTCrFzk.exe
  2⤵
  PID:7520
- C:\Windows\System\lUTItoH.exe
  C:\Windows\System\lUTItoH.exe
  2⤵
  PID:7376
- C:\Windows\System\UXaCiVr.exe
  C:\Windows\System\UXaCiVr.exe
  2⤵
  PID:7600
- C:\Windows\System\BdPPRXk.exe
  C:\Windows\System\BdPPRXk.exe
  2⤵
  PID:7632
- C:\Windows\System\HToFkzb.exe
  C:\Windows\System\HToFkzb.exe
  2⤵
  PID:7652
- C:\Windows\System\RXYgwEK.exe
  C:\Windows\System\RXYgwEK.exe
  2⤵
  PID:7732
- C:\Windows\System\oUuwWmH.exe
  C:\Windows\System\oUuwWmH.exe
  2⤵
  PID:7780
- C:\Windows\System\GZxxPKj.exe
  C:\Windows\System\GZxxPKj.exe
  2⤵
  PID:7920
- C:\Windows\System\SxLhSNQ.exe
  C:\Windows\System\SxLhSNQ.exe
  2⤵
  PID:8028
- C:\Windows\System\WmjGoDf.exe
  C:\Windows\System\WmjGoDf.exe
  2⤵
  PID:7992
- C:\Windows\System\qkiwApH.exe
  C:\Windows\System\qkiwApH.exe
  2⤵
  PID:7836
- C:\Windows\System\FfmDhDB.exe
  C:\Windows\System\FfmDhDB.exe
  2⤵
  PID:8076
- C:\Windows\System\gRSkrYF.exe
  C:\Windows\System\gRSkrYF.exe
  2⤵
  PID:8120
- C:\Windows\System\UdZeuqu.exe
  C:\Windows\System\UdZeuqu.exe
  2⤵
  PID:7208
- C:\Windows\System\rHmSlhW.exe
  C:\Windows\System\rHmSlhW.exe
  2⤵
  PID:6380
- C:\Windows\System\CNSWttG.exe
  C:\Windows\System\CNSWttG.exe
  2⤵
  PID:6652
- C:\Windows\System\MoonzQr.exe
  C:\Windows\System\MoonzQr.exe
  2⤵
  PID:7576
- C:\Windows\System\baKVPqu.exe
  C:\Windows\System\baKVPqu.exe
  2⤵
  PID:7364
- C:\Windows\System\PKEeQKb.exe
  C:\Windows\System\PKEeQKb.exe
  2⤵
  PID:7488
- C:\Windows\System\SYCaCiU.exe
  C:\Windows\System\SYCaCiU.exe
  2⤵
  PID:7668
- C:\Windows\System\GlepgCJ.exe
  C:\Windows\System\GlepgCJ.exe
  2⤵
  PID:7804
- C:\Windows\System\YVJRCNs.exe
  C:\Windows\System\YVJRCNs.exe
  2⤵
  PID:7956
- C:\Windows\System\RZSQOoK.exe
  C:\Windows\System\RZSQOoK.exe
  2⤵
  PID:7624
- C:\Windows\System\ETOYydy.exe
  C:\Windows\System\ETOYydy.exe
  2⤵
  PID:7380
- C:\Windows\System\iyHaKcF.exe
  C:\Windows\System\iyHaKcF.exe
  2⤵
  PID:7852
- C:\Windows\System\YlRgDCQ.exe
  C:\Windows\System\YlRgDCQ.exe
  2⤵
  PID:7796
- C:\Windows\System\xSLjiPY.exe
  C:\Windows\System\xSLjiPY.exe
  2⤵
  PID:7428
- C:\Windows\System\QBrbLzq.exe
  C:\Windows\System\QBrbLzq.exe
  2⤵
  PID:8112
- C:\Windows\System\oRYifxM.exe
  C:\Windows\System\oRYifxM.exe
  2⤵
  PID:8212
- C:\Windows\System\QmqVTsf.exe
  C:\Windows\System\QmqVTsf.exe
  2⤵
  PID:8228
- C:\Windows\System\BuyJnSA.exe
  C:\Windows\System\BuyJnSA.exe
  2⤵
  PID:8252
- C:\Windows\System\GfYlPDX.exe
  C:\Windows\System\GfYlPDX.exe
  2⤵
  PID:8272
- C:\Windows\System\HllRxfe.exe
  C:\Windows\System\HllRxfe.exe
  2⤵
  PID:8288
- C:\Windows\System\hoVJlHB.exe
  C:\Windows\System\hoVJlHB.exe
  2⤵
  PID:8308
- C:\Windows\System\prtScBJ.exe
  C:\Windows\System\prtScBJ.exe
  2⤵
  PID:8332
- C:\Windows\System\klRtNCK.exe
  C:\Windows\System\klRtNCK.exe
  2⤵
  PID:8348
- C:\Windows\System\XaspWXB.exe
  C:\Windows\System\XaspWXB.exe
  2⤵
  PID:8372
- C:\Windows\System\DzmHLVs.exe
  C:\Windows\System\DzmHLVs.exe
  2⤵
  PID:8392
- C:\Windows\System\oVylTGQ.exe
  C:\Windows\System\oVylTGQ.exe
  2⤵
  PID:8412
- C:\Windows\System\gAepkfm.exe
  C:\Windows\System\gAepkfm.exe
  2⤵
  PID:8432
- C:\Windows\System\OTJSmMw.exe
  C:\Windows\System\OTJSmMw.exe
  2⤵
  PID:8460
- C:\Windows\System\kMIffqy.exe
  C:\Windows\System\kMIffqy.exe
  2⤵
  PID:8476
- C:\Windows\System\aJtmscF.exe
  C:\Windows\System\aJtmscF.exe
  2⤵
  PID:8500
- C:\Windows\System\xjYCQli.exe
  C:\Windows\System\xjYCQli.exe
  2⤵
  PID:8516
- C:\Windows\System\qwZhbVu.exe
  C:\Windows\System\qwZhbVu.exe
  2⤵
  PID:8548
- C:\Windows\System\mMWRMYC.exe
  C:\Windows\System\mMWRMYC.exe
  2⤵
  PID:8592
- C:\Windows\System\xEwuHlV.exe
  C:\Windows\System\xEwuHlV.exe
  2⤵
  PID:8612
- C:\Windows\System\FFpZPsJ.exe
  C:\Windows\System\FFpZPsJ.exe
  2⤵
  PID:8628
- C:\Windows\System\UDUAhzg.exe
  C:\Windows\System\UDUAhzg.exe
  2⤵
  PID:8656
- C:\Windows\System\gckmSPt.exe
  C:\Windows\System\gckmSPt.exe
  2⤵
  PID:8672
- C:\Windows\System\fSoHVZL.exe
  C:\Windows\System\fSoHVZL.exe
  2⤵
  PID:8696
- C:\Windows\System\pNoMWcI.exe
  C:\Windows\System\pNoMWcI.exe
  2⤵
  PID:8712
- C:\Windows\System\qhXZJZO.exe
  C:\Windows\System\qhXZJZO.exe
  2⤵
  PID:8728
- C:\Windows\System\YuTPuaO.exe
  C:\Windows\System\YuTPuaO.exe
  2⤵
  PID:8752
- C:\Windows\System\YxYyGmC.exe
  C:\Windows\System\YxYyGmC.exe
  2⤵
  PID:8768
- C:\Windows\System\deevcgJ.exe
  C:\Windows\System\deevcgJ.exe
  2⤵
  PID:8784
- C:\Windows\System\JMuFYUo.exe
  C:\Windows\System\JMuFYUo.exe
  2⤵
  PID:8804
- C:\Windows\System\jzdWSrP.exe
  C:\Windows\System\jzdWSrP.exe
  2⤵
  PID:8820
- C:\Windows\System\EaecBfU.exe
  C:\Windows\System\EaecBfU.exe
  2⤵
  PID:8836
- C:\Windows\System\juISBVK.exe
  C:\Windows\System\juISBVK.exe
  2⤵
  PID:8852
- C:\Windows\System\pgWzdgb.exe
  C:\Windows\System\pgWzdgb.exe
  2⤵
  PID:8876
- C:\Windows\System\KObWlFJ.exe
  C:\Windows\System\KObWlFJ.exe
  2⤵
  PID:8896
- C:\Windows\System\AaYakDf.exe
  C:\Windows\System\AaYakDf.exe
  2⤵
  PID:8940
- C:\Windows\System\MwfrmRi.exe
  C:\Windows\System\MwfrmRi.exe
  2⤵
  PID:8960
- C:\Windows\System\KmvLBhK.exe
  C:\Windows\System\KmvLBhK.exe
  2⤵
  PID:8976
- C:\Windows\System\WDeYYDU.exe
  C:\Windows\System\WDeYYDU.exe
  2⤵
  PID:8992
- C:\Windows\System\bHWUaGL.exe
  C:\Windows\System\bHWUaGL.exe
  2⤵
  PID:9020
- C:\Windows\System\JwkNKlT.exe
  C:\Windows\System\JwkNKlT.exe
  2⤵
  PID:9036
- C:\Windows\System\gOIGAAC.exe
  C:\Windows\System\gOIGAAC.exe
  2⤵
  PID:9060
- C:\Windows\System\lMCLcJB.exe
  C:\Windows\System\lMCLcJB.exe
  2⤵
  PID:9080
- C:\Windows\System\RPUtkxj.exe
  C:\Windows\System\RPUtkxj.exe
  2⤵
  PID:9104
- C:\Windows\System\vDthTQq.exe
  C:\Windows\System\vDthTQq.exe
  2⤵
  PID:9120
- C:\Windows\System\ldrgnrj.exe
  C:\Windows\System\ldrgnrj.exe
  2⤵
  PID:9144
- C:\Windows\System\aneZZbV.exe
  C:\Windows\System\aneZZbV.exe
  2⤵
  PID:9160
- C:\Windows\System\bSsCBHV.exe
  C:\Windows\System\bSsCBHV.exe
  2⤵
  PID:9184
- C:\Windows\System\NMQfFkT.exe
  C:\Windows\System\NMQfFkT.exe
  2⤵
  PID:9200
- C:\Windows\System\LIUkhHn.exe
  C:\Windows\System\LIUkhHn.exe
  2⤵
  PID:8200
- C:\Windows\System\mEyqovF.exe
  C:\Windows\System\mEyqovF.exe
  2⤵
  PID:8140
- C:\Windows\System\IWFXLCU.exe
  C:\Windows\System\IWFXLCU.exe
  2⤵
  PID:7952
- C:\Windows\System\blYCkfh.exe
  C:\Windows\System\blYCkfh.exe
  2⤵
  PID:8096
- C:\Windows\System\IqxQkfs.exe
  C:\Windows\System\IqxQkfs.exe
  2⤵
  PID:7892
- C:\Windows\System\vubckRj.exe
  C:\Windows\System\vubckRj.exe
  2⤵
  PID:8236
- C:\Windows\System\XevIYgF.exe
  C:\Windows\System\XevIYgF.exe
  2⤵
  PID:7508
- C:\Windows\System\ZsFaqMI.exe
  C:\Windows\System\ZsFaqMI.exe
  2⤵
  PID:7212
- C:\Windows\System\liihYFP.exe
  C:\Windows\System\liihYFP.exe
  2⤵
  PID:8328
- C:\Windows\System\lzwjuLK.exe
  C:\Windows\System\lzwjuLK.exe
  2⤵
  PID:8260
- C:\Windows\System\KtmKWgq.exe
  C:\Windows\System\KtmKWgq.exe
  2⤵
  PID:8368
- C:\Windows\System\LdBpaQz.exe
  C:\Windows\System\LdBpaQz.exe
  2⤵
  PID:8404
- C:\Windows\System\BDFGNLA.exe
  C:\Windows\System\BDFGNLA.exe
  2⤵
  PID:8304
- C:\Windows\System\HXRgZOp.exe
  C:\Windows\System\HXRgZOp.exe
  2⤵
  PID:8444
- C:\Windows\System\aULJKpX.exe
  C:\Windows\System\aULJKpX.exe
  2⤵
  PID:8384
- C:\Windows\System\APwCfSF.exe
  C:\Windows\System\APwCfSF.exe
  2⤵
  PID:8492
- C:\Windows\System\SXvleji.exe
  C:\Windows\System\SXvleji.exe
  2⤵
  PID:8584
- C:\Windows\System\gwHiRyk.exe
  C:\Windows\System\gwHiRyk.exe
  2⤵
  PID:8604
- C:\Windows\System\JYWnGvR.exe
  C:\Windows\System\JYWnGvR.exe
  2⤵
  PID:8648
- C:\Windows\System\RPLgfWd.exe
  C:\Windows\System\RPLgfWd.exe
  2⤵
  PID:8668
- C:\Windows\System\rVhARrV.exe
  C:\Windows\System\rVhARrV.exe
  2⤵
  PID:8708
- C:\Windows\System\YnyjKSs.exe
  C:\Windows\System\YnyjKSs.exe
  2⤵
  PID:8736
- C:\Windows\System\cNLUNxn.exe
  C:\Windows\System\cNLUNxn.exe
  2⤵
  PID:8744
- C:\Windows\System\NYQFNUQ.exe
  C:\Windows\System\NYQFNUQ.exe
  2⤵
  PID:8864
- C:\Windows\System\enzFyKo.exe
  C:\Windows\System\enzFyKo.exe
  2⤵
  PID:8844
- C:\Windows\System\VwMBqTv.exe
  C:\Windows\System\VwMBqTv.exe
  2⤵
  PID:2772
- C:\Windows\System\rnBjgRS.exe
  C:\Windows\System\rnBjgRS.exe
  2⤵
  PID:8892
- C:\Windows\System\SIuNeYr.exe
  C:\Windows\System\SIuNeYr.exe
  2⤵
  PID:8924
- C:\Windows\System\zqCeJmV.exe
  C:\Windows\System\zqCeJmV.exe
  2⤵
  PID:8972
- C:\Windows\System\MHzytAx.exe
  C:\Windows\System\MHzytAx.exe
  2⤵
  PID:9012
- C:\Windows\System\CfJndrL.exe
  C:\Windows\System\CfJndrL.exe
  2⤵
  PID:9028
- C:\Windows\System\MGmxREI.exe
  C:\Windows\System\MGmxREI.exe
  2⤵
  PID:8932
- C:\Windows\System\yiMJDLm.exe
  C:\Windows\System\yiMJDLm.exe
  2⤵
  PID:1476
- C:\Windows\System\RFYFEkz.exe
  C:\Windows\System\RFYFEkz.exe
  2⤵
  PID:9136
- C:\Windows\System\qBPiZoz.exe
  C:\Windows\System\qBPiZoz.exe
  2⤵
  PID:9152
- C:\Windows\System\ldyBVro.exe
  C:\Windows\System\ldyBVro.exe
  2⤵
  PID:9172
- C:\Windows\System\bWFtyDC.exe
  C:\Windows\System\bWFtyDC.exe
  2⤵
  PID:7452
- C:\Windows\System\asEiuUg.exe
  C:\Windows\System\asEiuUg.exe
  2⤵
  PID:8240
- C:\Windows\System\IIBumCH.exe
  C:\Windows\System\IIBumCH.exe
  2⤵
  PID:8016
- C:\Windows\System\qBdiBnf.exe
  C:\Windows\System\qBdiBnf.exe
  2⤵
  PID:8324
- C:\Windows\System\fCzoqJs.exe
  C:\Windows\System\fCzoqJs.exe
  2⤵
  PID:8316
- C:\Windows\System\MEhQCRY.exe
  C:\Windows\System\MEhQCRY.exe
  2⤵
  PID:8364
- C:\Windows\System\ugZuFON.exe
  C:\Windows\System\ugZuFON.exe
  2⤵
  PID:8456
- C:\Windows\System\IySGxNw.exe
  C:\Windows\System\IySGxNw.exe
  2⤵
  PID:8496
- C:\Windows\System\JvWDmrB.exe
  C:\Windows\System\JvWDmrB.exe
  2⤵
  PID:8448
- C:\Windows\System\eRyXddt.exe
  C:\Windows\System\eRyXddt.exe
  2⤵
  PID:8540
- C:\Windows\System\oAROdtD.exe
  C:\Windows\System\oAROdtD.exe
  2⤵
  PID:8600
- C:\Windows\System\KOthBKW.exe
  C:\Windows\System\KOthBKW.exe
  2⤵
  PID:8684
- C:\Windows\System\YgXinRX.exe
  C:\Windows\System\YgXinRX.exe
  2⤵
  PID:8664
- C:\Windows\System\mvZvAOM.exe
  C:\Windows\System\mvZvAOM.exe
  2⤵
  PID:8796
- C:\Windows\System\rRoPQKG.exe
  C:\Windows\System\rRoPQKG.exe
  2⤵
  PID:8816
- C:\Windows\System\dxMRdOI.exe
  C:\Windows\System\dxMRdOI.exe
  2⤵
  PID:8832
- C:\Windows\System\iHomaIy.exe
  C:\Windows\System\iHomaIy.exe
  2⤵
  PID:8920
- C:\Windows\System\LkNNYrW.exe
  C:\Windows\System\LkNNYrW.exe
  2⤵
  PID:5252
- C:\Windows\System\wMsCNOD.exe
  C:\Windows\System\wMsCNOD.exe
  2⤵
  PID:9004
- C:\Windows\System\ELJbJvx.exe
  C:\Windows\System\ELJbJvx.exe
  2⤵
  PID:9052
- C:\Windows\System\NruJfhx.exe
  C:\Windows\System\NruJfhx.exe
  2⤵
  PID:9112
- C:\Windows\System\VJvXikh.exe
  C:\Windows\System\VJvXikh.exe
  2⤵
  PID:9176
- C:\Windows\System\JFGNHok.exe
  C:\Windows\System\JFGNHok.exe
  2⤵
  PID:7728
- C:\Windows\System\udifjwt.exe
  C:\Windows\System\udifjwt.exe
  2⤵
  PID:7504
- C:\Windows\System\vfTpBNr.exe
  C:\Windows\System\vfTpBNr.exe
  2⤵
  PID:7744
- C:\Windows\System\eUGFffJ.exe
  C:\Windows\System\eUGFffJ.exe
  2⤵
  PID:7620
- C:\Windows\System\JZjxtPL.exe
  C:\Windows\System\JZjxtPL.exe
  2⤵
  PID:8424
- C:\Windows\System\XAaWPGy.exe
  C:\Windows\System\XAaWPGy.exe
  2⤵
  PID:644
- C:\Windows\System\EkwoqNt.exe
  C:\Windows\System\EkwoqNt.exe
  2⤵
  PID:9092
- C:\Windows\System\ePSHByw.exe
  C:\Windows\System\ePSHByw.exe
  2⤵
  PID:8640
- C:\Windows\System\YUYbWfr.exe
  C:\Windows\System\YUYbWfr.exe
  2⤵
  PID:1036
- C:\Windows\System\BloQqgI.exe
  C:\Windows\System\BloQqgI.exe
  2⤵
  PID:8904
- C:\Windows\System\bDfkbpg.exe
  C:\Windows\System\bDfkbpg.exe
  2⤵
  PID:8636
- C:\Windows\System\rRFOqKK.exe
  C:\Windows\System\rRFOqKK.exe
  2⤵
  PID:8912
- C:\Windows\System\dmlIfoH.exe
  C:\Windows\System\dmlIfoH.exe
  2⤵
  PID:9044
- C:\Windows\System\jzBCjcm.exe
  C:\Windows\System\jzBCjcm.exe
  2⤵
  PID:1480
- C:\Windows\System\tUpSQjt.exe
  C:\Windows\System\tUpSQjt.exe
  2⤵
  PID:7712
- C:\Windows\System\UhxyGcA.exe
  C:\Windows\System\UhxyGcA.exe
  2⤵
  PID:8208
- C:\Windows\System\ubawMJr.exe
  C:\Windows\System\ubawMJr.exe
  2⤵
  PID:8536
- C:\Windows\System\vnjABRR.exe
  C:\Windows\System\vnjABRR.exe
  2⤵
  PID:8524
- C:\Windows\System\rebmCCR.exe
  C:\Windows\System\rebmCCR.exe
  2⤵
  PID:8360
- C:\Windows\System\OemdkGU.exe
  C:\Windows\System\OemdkGU.exe
  2⤵
  PID:8488
- C:\Windows\System\RKRlBZO.exe
  C:\Windows\System\RKRlBZO.exe
  2⤵
  PID:8916
- C:\Windows\System\jwSAoSS.exe
  C:\Windows\System\jwSAoSS.exe
  2⤵
  PID:9212
- C:\Windows\System\SEtxWnR.exe
  C:\Windows\System\SEtxWnR.exe
  2⤵
  PID:8956
- C:\Windows\System\Fcltupx.exe
  C:\Windows\System\Fcltupx.exe
  2⤵
  PID:9192
- C:\Windows\System\bRawWdR.exe
  C:\Windows\System\bRawWdR.exe
  2⤵
  PID:8356
- C:\Windows\System\tprJdwj.exe
  C:\Windows\System\tprJdwj.exe
  2⤵
  PID:2436
- C:\Windows\System\jDWYDcW.exe
  C:\Windows\System\jDWYDcW.exe
  2⤵
  PID:8812
- C:\Windows\System\iQoZpRZ.exe
  C:\Windows\System\iQoZpRZ.exe
  2⤵
  PID:8152
- C:\Windows\System\houjScl.exe
  C:\Windows\System\houjScl.exe
  2⤵
  PID:8344
- C:\Windows\System\VNotuHh.exe
  C:\Windows\System\VNotuHh.exe
  2⤵
  PID:996
- C:\Windows\System\OXpCdQT.exe
  C:\Windows\System\OXpCdQT.exe
  2⤵
  PID:8952
- C:\Windows\System\EVThwra.exe
  C:\Windows\System\EVThwra.exe
  2⤵
  PID:9076
- C:\Windows\System\YsthONX.exe
  C:\Windows\System\YsthONX.exe
  2⤵
  PID:8400
- C:\Windows\System\aRFAXot.exe
  C:\Windows\System\aRFAXot.exe
  2⤵
  PID:8936
- C:\Windows\System\DAsFagJ.exe
  C:\Windows\System\DAsFagJ.exe
  2⤵
  PID:8224
- C:\Windows\System\zRzVDfi.exe
  C:\Windows\System\zRzVDfi.exe
  2⤵
  PID:9228
- C:\Windows\System\Dqgxdhu.exe
  C:\Windows\System\Dqgxdhu.exe
  2⤵
  PID:9252
- C:\Windows\System\WyMNvgl.exe
  C:\Windows\System\WyMNvgl.exe
  2⤵
  PID:9272
- C:\Windows\System\ggpimkn.exe
  C:\Windows\System\ggpimkn.exe
  2⤵
  PID:9304
- C:\Windows\System\WeADXaQ.exe
  C:\Windows\System\WeADXaQ.exe
  2⤵
  PID:9320
- C:\Windows\System\tremBkU.exe
  C:\Windows\System\tremBkU.exe
  2⤵
  PID:9336
- C:\Windows\System\OlxajVH.exe
  C:\Windows\System\OlxajVH.exe
  2⤵
  PID:9352
- C:\Windows\System\eAbRFUK.exe
  C:\Windows\System\eAbRFUK.exe
  2⤵
  PID:9384
- C:\Windows\System\QpXGuAb.exe
  C:\Windows\System\QpXGuAb.exe
  2⤵
  PID:9400
- C:\Windows\System\SXgTDew.exe
  C:\Windows\System\SXgTDew.exe
  2⤵
  PID:9416
- C:\Windows\System\efvMQLo.exe
  C:\Windows\System\efvMQLo.exe
  2⤵
  PID:9440
- C:\Windows\System\qolURgC.exe
  C:\Windows\System\qolURgC.exe
  2⤵
  PID:9460
- C:\Windows\System\xjhyFPi.exe
  C:\Windows\System\xjhyFPi.exe
  2⤵
  PID:9488
- C:\Windows\System\sejyxfm.exe
  C:\Windows\System\sejyxfm.exe
  2⤵
  PID:9504
- C:\Windows\System\ViwqeuM.exe
  C:\Windows\System\ViwqeuM.exe
  2⤵
  PID:9520
- C:\Windows\System\ReKodrp.exe
  C:\Windows\System\ReKodrp.exe
  2⤵
  PID:9548
- C:\Windows\System\jiCzhXK.exe
  C:\Windows\System\jiCzhXK.exe
  2⤵
  PID:9564
- C:\Windows\System\FmWVPLO.exe
  C:\Windows\System\FmWVPLO.exe
  2⤵
  PID:9580
- C:\Windows\System\JNezSwE.exe
  C:\Windows\System\JNezSwE.exe
  2⤵
  PID:9596
- C:\Windows\System\hkijvVU.exe
  C:\Windows\System\hkijvVU.exe
  2⤵
  PID:9624
- C:\Windows\System\wYRvLRD.exe
  C:\Windows\System\wYRvLRD.exe
  2⤵
  PID:9648
- C:\Windows\System\dYwwdWa.exe
  C:\Windows\System\dYwwdWa.exe
  2⤵
  PID:9664
- C:\Windows\System\QjwUsym.exe
  C:\Windows\System\QjwUsym.exe
  2⤵
  PID:9684
- C:\Windows\System\GekpMfY.exe
  C:\Windows\System\GekpMfY.exe
  2⤵
  PID:9704
- C:\Windows\System\axJtxnm.exe
  C:\Windows\System\axJtxnm.exe
  2⤵
  PID:9724
- C:\Windows\System\NlQHERP.exe
  C:\Windows\System\NlQHERP.exe
  2⤵
  PID:9744
- C:\Windows\System\WcTIdCw.exe
  C:\Windows\System\WcTIdCw.exe
  2⤵
  PID:9764
- C:\Windows\System\UAnxOTY.exe
  C:\Windows\System\UAnxOTY.exe
  2⤵
  PID:9784
- C:\Windows\System\LXReoWY.exe
  C:\Windows\System\LXReoWY.exe
  2⤵
  PID:9800
- C:\Windows\System\sVwgAIf.exe
  C:\Windows\System\sVwgAIf.exe
  2⤵
  PID:9820
- C:\Windows\System\OsGWdPd.exe
  C:\Windows\System\OsGWdPd.exe
  2⤵
  PID:9840
- C:\Windows\System\FYbrZoe.exe
  C:\Windows\System\FYbrZoe.exe
  2⤵
  PID:9856
- C:\Windows\System\YTyAyQH.exe
  C:\Windows\System\YTyAyQH.exe
  2⤵
  PID:9872
- C:\Windows\System\ZEUnRWG.exe
  C:\Windows\System\ZEUnRWG.exe
  2⤵
  PID:9904
- C:\Windows\System\ZuhJiAI.exe
  C:\Windows\System\ZuhJiAI.exe
  2⤵
  PID:9920
- C:\Windows\System\yojnudQ.exe
  C:\Windows\System\yojnudQ.exe
  2⤵
  PID:9944
- C:\Windows\System\bzvZRcT.exe
  C:\Windows\System\bzvZRcT.exe
  2⤵
  PID:9968
- C:\Windows\System\fYnjapJ.exe
  C:\Windows\System\fYnjapJ.exe
  2⤵
  PID:9984
- C:\Windows\System\kaqIXro.exe
  C:\Windows\System\kaqIXro.exe
  2⤵
  PID:10000
- C:\Windows\System\pepMmJx.exe
  C:\Windows\System\pepMmJx.exe
  2⤵
  PID:10032
- C:\Windows\System\PGGopzf.exe
  C:\Windows\System\PGGopzf.exe
  2⤵
  PID:10052
- C:\Windows\System\gvByujd.exe
  C:\Windows\System\gvByujd.exe
  2⤵
  PID:10068
- C:\Windows\System\dFgRRwf.exe
  C:\Windows\System\dFgRRwf.exe
  2⤵
  PID:10092
- C:\Windows\System\uSGdfYf.exe
  C:\Windows\System\uSGdfYf.exe
  2⤵
  PID:10112
- C:\Windows\System\sQovAXb.exe
  C:\Windows\System\sQovAXb.exe
  2⤵
  PID:10128
- C:\Windows\System\goKJrOv.exe
  C:\Windows\System\goKJrOv.exe
  2⤵
  PID:10152
- C:\Windows\System\cLOJnpC.exe
  C:\Windows\System\cLOJnpC.exe
  2⤵
  PID:10168
- C:\Windows\System\gAldwCc.exe
  C:\Windows\System\gAldwCc.exe
  2⤵
  PID:10192
- C:\Windows\System\PdLpJLW.exe
  C:\Windows\System\PdLpJLW.exe
  2⤵
  PID:10208
- C:\Windows\System\cQxzDva.exe
  C:\Windows\System\cQxzDva.exe
  2⤵
  PID:10228
- C:\Windows\System\tsPeyeJ.exe
  C:\Windows\System\tsPeyeJ.exe
  2⤵
  PID:9236
- C:\Windows\System\rbtbguP.exe
  C:\Windows\System\rbtbguP.exe
  2⤵
  PID:576
- C:\Windows\System\DoqxGEq.exe
  C:\Windows\System\DoqxGEq.exe
  2⤵
  PID:8828
- C:\Windows\System\FxqNLze.exe
  C:\Windows\System\FxqNLze.exe
  2⤵
  PID:9300
- C:\Windows\System\PLeHTxF.exe
  C:\Windows\System\PLeHTxF.exe
  2⤵
  PID:9332
- C:\Windows\System\yIDLGZx.exe
  C:\Windows\System\yIDLGZx.exe
  2⤵
  PID:9372
- C:\Windows\System\jnlfgWJ.exe
  C:\Windows\System\jnlfgWJ.exe
  2⤵
  PID:9396
- C:\Windows\System\HvbVWCQ.exe
  C:\Windows\System\HvbVWCQ.exe
  2⤵
  PID:9424
- C:\Windows\System\dykodSb.exe
  C:\Windows\System\dykodSb.exe
  2⤵
  PID:9456
- C:\Windows\System\DNopnQL.exe
  C:\Windows\System\DNopnQL.exe
  2⤵
  PID:2248
- C:\Windows\System\MDdapOy.exe
  C:\Windows\System\MDdapOy.exe
  2⤵
  PID:9516
- C:\Windows\System\VQJPhtd.exe
  C:\Windows\System\VQJPhtd.exe
  2⤵
  PID:9572
- C:\Windows\System\yuSsrqa.exe
  C:\Windows\System\yuSsrqa.exe
  2⤵
  PID:9604
- C:\Windows\System\qsHZEYu.exe
  C:\Windows\System\qsHZEYu.exe
  2⤵
  PID:9612
- C:\Windows\System\tJXsvGt.exe
  C:\Windows\System\tJXsvGt.exe
  2⤵
  PID:9656
- C:\Windows\System\kGUtApU.exe
  C:\Windows\System\kGUtApU.exe
  2⤵
  PID:9680
- C:\Windows\System\vKnsbRI.exe
  C:\Windows\System\vKnsbRI.exe
  2⤵
  PID:9720
- C:\Windows\System\qiBBYMz.exe
  C:\Windows\System\qiBBYMz.exe
  2⤵
  PID:9780
- C:\Windows\System\TQiKcjV.exe
  C:\Windows\System\TQiKcjV.exe
  2⤵
  PID:9808
- C:\Windows\System\wVCidwT.exe
  C:\Windows\System\wVCidwT.exe
  2⤵
  PID:9828
- C:\Windows\System\jWmITte.exe
  C:\Windows\System\jWmITte.exe
  2⤵
  PID:9796
- C:\Windows\System\vBpFZmx.exe
  C:\Windows\System\vBpFZmx.exe
  2⤵
  PID:9888
- C:\Windows\System\QNfuYyv.exe
  C:\Windows\System\QNfuYyv.exe
  2⤵
  PID:9868
- C:\Windows\System\mXJKjsQ.exe
  C:\Windows\System\mXJKjsQ.exe
  2⤵
  PID:9916
- C:\Windows\System\BclRpLX.exe
  C:\Windows\System\BclRpLX.exe
  2⤵
  PID:9980
- C:\Windows\System\daldQGI.exe
  C:\Windows\System\daldQGI.exe
  2⤵
  PID:10016
- C:\Windows\System\kSzlHIx.exe
  C:\Windows\System\kSzlHIx.exe
  2⤵
  PID:10044
- C:\Windows\System\cWxCupw.exe
  C:\Windows\System\cWxCupw.exe
  2⤵
  PID:10088
- C:\Windows\System\CIIPylH.exe
  C:\Windows\System\CIIPylH.exe
  2⤵
  PID:10104
- C:\Windows\System\gDvtdkI.exe
  C:\Windows\System\gDvtdkI.exe
  2⤵
  PID:10144
- C:\Windows\System\QyrXaLl.exe
  C:\Windows\System\QyrXaLl.exe
  2⤵
  PID:10176
- C:\Windows\System\jBNpljK.exe
  C:\Windows\System\jBNpljK.exe
  2⤵
  PID:10204
- C:\Windows\System\TqkJNLB.exe
  C:\Windows\System\TqkJNLB.exe
  2⤵
  PID:9248
- C:\Windows\System\GlXuXfY.exe
  C:\Windows\System\GlXuXfY.exe
  2⤵
  PID:2320
- C:\Windows\System\rCOkwLu.exe
  C:\Windows\System\rCOkwLu.exe
  2⤵
  PID:9284
- C:\Windows\System\HVIdqWM.exe
  C:\Windows\System\HVIdqWM.exe
  2⤵
  PID:9316
- C:\Windows\System\EBeZNgR.exe
  C:\Windows\System\EBeZNgR.exe
  2⤵
  PID:9368
- C:\Windows\System\MApoTHA.exe
  C:\Windows\System\MApoTHA.exe
  2⤵
  PID:9392
- C:\Windows\System\FEowrnR.exe
  C:\Windows\System\FEowrnR.exe
  2⤵
  PID:9432
- C:\Windows\System\YGLZJuH.exe
  C:\Windows\System\YGLZJuH.exe
  2⤵
  PID:9500
- C:\Windows\System\XDJiGCK.exe
  C:\Windows\System\XDJiGCK.exe
  2⤵
  PID:9532
- C:\Windows\System\cSpnXpz.exe
  C:\Windows\System\cSpnXpz.exe
  2⤵
  PID:9632
- C:\Windows\System\FmymkiH.exe
  C:\Windows\System\FmymkiH.exe
  2⤵
  PID:9700
- C:\Windows\System\KJuEuBB.exe
  C:\Windows\System\KJuEuBB.exe
  2⤵
  PID:9732
- C:\Windows\System\TAQTjRk.exe
  C:\Windows\System\TAQTjRk.exe
  2⤵
  PID:9816
- C:\Windows\System\BYrItTm.exe
  C:\Windows\System\BYrItTm.exe
  2⤵
  PID:9864
- C:\Windows\System\SECTutv.exe
  C:\Windows\System\SECTutv.exe
  2⤵
  PID:9932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ADytWLW.exe

Filesize
6.0MB

MD5
19f4763689b131d42b60621558fdc52a

SHA1
d39689224ba6626f810a78c50d320bbb6a4ab614

SHA256
7b5cc99c88b6dcd04c40bfce0c33502397ddf08fbd6f18ec1b57c48a1cc6c0a5

SHA512
75ac45fbb3f87bc2a185630d30b2911fe005dfc39006a5b7663a6640fff66f697f807c92f85f1492f111172e0756c1b81d072506c3396b09ef2174f256b11dcc

Download Submit
C:\Windows\system\JCAZBZJ.exe

Filesize
6.0MB

MD5
e158acbd26021f0fc7d82d7a3a18b525

SHA1
9948903283e8eef510743c9c869485d988e5f301

SHA256
2ea6dc3dd8134a9997fcd81382688c0e90e37e67844da08a8f9c368e7ab3d1ea

SHA512
08d379ab1bb98bf63b585ced086b3fb347f98c30b58018e770ec24c02118f6510e6bfcc7112cac02a79ae2ab0128a489b8bbac0791922ed5c595e64e899d3e96

Download Submit
C:\Windows\system\KaqNkZB.exe

Filesize
6.0MB

MD5
af584acc2d277b36b577b7da8af36866

SHA1
020ea74d565f98a7171fe438492fef5f4f5f3470

SHA256
e9fa959802989de00c47dd4bb90dac5cf65408da4c5892aa65f656ac239526f3

SHA512
cf65ff46b61cc9b890010e40ec7d0ef038f1425e162a1f31fcd315f96c17c8be4a4328a35565c0d390dd3bd095852fe2aeec3e5bc0dfe77554152cf4ed3c3c7a

Download Submit
C:\Windows\system\LWodHaJ.exe

Filesize
6.0MB

MD5
ff0f617e78c2cfe400fcf45f46f99936

SHA1
03a6456fd65a50c80edf04611d7dedbcaa216fcf

SHA256
6db5f327c838defc335915ffc4598244bb44eaa50c25efd2979aec6f43741fbb

SHA512
a917033ba9eca991b90b40d009129e199cd48ddd2c56dacbcc6a8456a839a7b70c800bdc46fd699d6f4577d69b19f44080af005595a627e05402210165881ba0

Download Submit
C:\Windows\system\MOQWuHo.exe

Filesize
6.0MB

MD5
2001e5c5f44806fc4821179ce348ba26

SHA1
30f7c3244cea754c4df827397e3a2a4651b2032e

SHA256
0f9e125894611dbf06b16abb6f0b9d71b9efa8b5db40529115af076995d5b30d

SHA512
760949f23cf0e330feb85668f4c7dfefc8231f4567f45b9935f4d9a7c34036a40026e871f5576c788a4366bb33c6a1c963fa7b4f091ec11174e853b7b8b1961b

Download Submit
C:\Windows\system\MwJMlPb.exe

Filesize
6.0MB

MD5
20e600b11df09cfa5399141fd8865f6f

SHA1
a9f74f1b6870902ba1191e0a86225d08d0625d18

SHA256
d6ec4ac6f5fdaa0c264d2aea842e22ecd58336e17c77bf36a64ebce02579c6b9

SHA512
e4624a1dc3288ae103180afa921704616d4c8d0d4f07cdbb52b2932a59824c8f24991e3211c13dac77adf766261c9f75498264abf404ef007b6cac7bd9f96a6a

Download Submit
C:\Windows\system\NBvodgR.exe

Filesize
6.0MB

MD5
251fd4ecfc0f637b087cf07430c2eb44

SHA1
0993820e9324babd5ba2005ccc7322467cc49cc6

SHA256
3a8bb4f0fce1e65a26b82a54072c2153b2cd9d4c7979f2bdaaa30c2e35a2dd3d

SHA512
badc87deac49ab636aab43b54bb7fb8e296969fa22f547104a0cd1038bb5e9fb4c95d89ee76170cddedf0d6aeac78fe2b8d120328547cf4e03f8492fbb8f43d4

Download Submit
C:\Windows\system\NIWSvXm.exe

Filesize
6.0MB

MD5
a94262fd54c09a8a3c00a8200fc0c409

SHA1
d24ddc6c9a8d9e3bf4cfe5377eb8048d289a5ce0

SHA256
d99cde2dae8f10b3d371f8997193a396b92dddbd54eb3d30b90fe959a8a9b9c5

SHA512
e8eb1ee1bf943b8594c5926fc77b2fd4eb642206aae484acb95c7fdfa49fdb033a332f24ee86eebe533cc9bb9f7b52281876a8b352e1d01eb3dab7ad85dada50

Download Submit
C:\Windows\system\NdISYEd.exe

Filesize
6.0MB

MD5
395af1e33579ec9ce942fda59ac9f90a

SHA1
cbb756d8edc41ab1629d219a3d357e1a14e0d4ab

SHA256
8d3bf67d748e9ff9f352ad58f28486449e5eb5a55f4eb5f6bc476b2bd4446216

SHA512
2b756eaf252f132b72c001722bd86cacfb03ce695a1bdaa94b4ba1b0d9c1f966e89c6788a0fd2cee66c3ce596c04636929a28b2b3ff6af9346091f4ef37e7e1e

Download Submit
C:\Windows\system\OHZDbBL.exe

Filesize
6.0MB

MD5
f96c5fd2850afeb8e6f01e3c570fb4e1

SHA1
08464e18be7e44044a696c685def2f4cd16c3c5e

SHA256
7ff1b0114bb9be18d7b201c1b71b91f3063975926abb375b7e2d2c01956adbd7

SHA512
8333acb8471492cf00541b5635c2dc368e11f71e27d6bbe21c4589dbf8409c7e0909013d43c8129cbf9fd6ea5d4512e14e7c349ad8e755684cb40906719ab5f2

Download Submit
C:\Windows\system\RYMVcCY.exe

Filesize
6.0MB

MD5
e86a6194f191909dddb8f0898534b897

SHA1
0757db88541f59b69826ef803e8f1303fabd0eba

SHA256
7f473144058b284d9d5236cd7b97a636aeffe21bdc6db202dc44366b1d45d186

SHA512
bbbbd4d9d28022dee39f0cf7d4ce41c843da1a49af4f36f4b08cbfd29e63adf60810b967534a0a1141d1328542bb6fa051722f76c8c206b0742cddafa0dde6b6

Download Submit
C:\Windows\system\SFdtift.exe

Filesize
6.0MB

MD5
1b9f510e37bf8ab0d054b10792e9db70

SHA1
bf37550b29e0f346fcd13d883f1acff9e5740d18

SHA256
2531284e5c7d83387e15c4afb272e1217bfe28ea6fae629d8e7fb84e8f23225e

SHA512
32ffb15bcdb2ff725cea3c62b2f1897d4bb947f8f17f8524dcd0e1309ca0f7e1051af680e9cea0406e8809ad4f140d4a3994d85568033577f2b2e0e7add2e4c3

Download Submit
C:\Windows\system\UjuSapV.exe

Filesize
6.0MB

MD5
e5d15b4071e387d34535e5785cb5c6f0

SHA1
ed261e51052e8166b13c48a047f2aadf3c004523

SHA256
cdd56c3b294dc2ebc59ee2e761dc9b8b82a39c96dd32ca237f00964d7ef255de

SHA512
0c3bf592d6890e21569c9381fac4ae2e78bdd18687ce2ebe296bbe52d2e71d36d9603360c37e4c032cf823ef3526eef45756eef8e833e643188fdcfab501cf75

Download Submit
C:\Windows\system\VDpUstb.exe

Filesize
6.0MB

MD5
c86bf7ec56e428972cd32820fc761eb7

SHA1
6662fa1bfb3c9c8de49f6b2431e4c2e84be55833

SHA256
65effa1047bac53389eaeaf7e1704d0c0dd9a28552a3f40112400852686a81e5

SHA512
b450cb3d988275b18449df069371c1adbf6fb3ecfa8a5cbef083d34e128dc645f3d83469c76e097c60d442e2cd11ad0674be29d7ad7a1068a6d4e626139d4091

Download Submit
C:\Windows\system\XwnKZRX.exe

Filesize
6.0MB

MD5
b1ad3ae9f45c3624e3bebe5c86e2a418

SHA1
3af9b71fd81b1dde1bdc4ffa8747e6a6d8987349

SHA256
6f0559d19bcb5b01d9570b95b174eb47a07ae74b70f01dcce043da4270d7de02

SHA512
a6922c6505d3fbb4254895be092b6af3f071f4ee82d1bc79dcec7197c9a7758c84de07c6c95574c395cb7de10d8d121d52e84d1f35d2352f62e107a6f74d10a3

Download Submit
C:\Windows\system\ZgvDEtY.exe

Filesize
6.0MB

MD5
dc4a6c82c8c0a0a66075981843752f09

SHA1
50c7da1492e6ed3f924394668cddbee2db708fda

SHA256
4f9102aadc529b9a48d9ea11412d2787cfe550d64fcb2c2249d498262066abef

SHA512
2d62e0e39bd753e8cafebea77273c84b1f2e87797e879d7d730963a2d2db0f13d700009a7d2cf86d0b7c3aabb6cbc711b01d86e44fb42b10a6ed2917273dfb50

Download Submit
C:\Windows\system\agBCmYU.exe

Filesize
6.0MB

MD5
da6f76c4f00433efce4cb4a7c9f6f3bb

SHA1
b4e3b3e782c516cdcd361a51fd990fa1da1cca06

SHA256
daf8c511cca7e04fc4c041bde35af8e2f576114c80288eb0c935f276af986e48

SHA512
b0ec6d50dbed209914d415344bec889c4dbe12007aa637760a8cebcf06a2a5d4810f6824f583c78baefbd9712905a53fb267b1d37c3c76f175c3e5a689dba52c

Download Submit
C:\Windows\system\bqZRDwT.exe

Filesize
6.0MB

MD5
2e2e6d66f7f332ff37360d7712d26967

SHA1
38adccf1bcac05aa7c3aef1c7b82f313d9862b11

SHA256
01a76d6abfaf00d4e706b6cb0c28c6d1e532f89bc87db754a5fb18810e727f55

SHA512
054d970b8033068356b6797171448de7d2eed67d234ca983d4c75e9086dc73b57b2abb3b18123816d440b5c0f4f8b95e799cce3cc0869789be51496bb27e2255

Download Submit
C:\Windows\system\fqABwQy.exe

Filesize
6.0MB

MD5
369d53dd1dab7e9ab08dd7d43fff906f

SHA1
b537ba6df168a6edf19acce516a9a528a3e6fa35

SHA256
106b8dffeefa557c92e48ba353a0d2d2d07b2b9094e4078b5febc3cca4854f8f

SHA512
422b76892a8d4110634eec6dd9f8eb82843c06280f74fc4e40df40c27f7eaaa35883bdb23fd018c0bc743cb620aa3f782b933ff741d4e93cfc644f33b52ba7c7

Download Submit
C:\Windows\system\ioslnxN.exe

Filesize
6.0MB

MD5
5ebff775dd5bd11eef57762160be1723

SHA1
5b5e2cb656238bbd46b4df67329314cd085b3aa2

SHA256
cf960ee0c9f187d66e5e7bb9139a6232a26d577fd6b1116692cf9ccd194bdece

SHA512
002fbcecf7220daf4f782c5ebdb1c3e4d86b42e58a4a126479592ec290a6cc4a06b87406de1743e559ebb6504dc3d202e0c55dce6205c12b35f789b9ea5e6fd8

Download Submit
C:\Windows\system\lAOmLMe.exe

Filesize
6.0MB

MD5
3857591c4fe7a39eacefebaf8ec7bb21

SHA1
0bd10878f01255dcd73579f184951954322d7e0d

SHA256
cf30fa339e766586ee584bf4a966f4025d09e6ee1414146eda684bc7bfba1b93

SHA512
1b0e92d1d24ba8fbc063a0e518092b75e3e6935a7455b3052383b7aededd8b22f0661b3c4a06d2939160ca48d0189284d87edf1028ace059f483322a4749abd6

Download Submit
C:\Windows\system\mRxvXTV.exe

Filesize
6.0MB

MD5
48e6fa67d6abf5ef735a40f6d2c6e47e

SHA1
b67cedc89ff4fe3a959ee0d6730006181ec2244b

SHA256
3e58243a376eb1272fc4948be417046a4fa790e5d9fadc08ae6d8ce57fa27b8a

SHA512
babfc1b8c13d38db34c0d3f82c4aaa41c1defc664161c49bc3eb55e5c73a61ea545cd756cb7496c40584f19788016a2ab9247f4a64b5de59eda342970105591d

Download Submit
C:\Windows\system\nenLAZG.exe

Filesize
6.0MB

MD5
0479df2433c491973f1bbc83ed6fede7

SHA1
53a45a865de4ec7449f434e63271a99d693b5bea

SHA256
b074c5cfa09245cad0e71d91eaab37534056a2e2b650ce55aad5d9e1963f7c91

SHA512
0bbeb5337efc20c08acf78145291f782550d48738d1e7c8eaaf7ae575686b3ef8d48648ec88b8d540933622a0fbc1d4d20b4f8c369b5c8924a31964540564475

Download Submit
C:\Windows\system\pRrcnAg.exe

Filesize
8B

MD5
2d66e4fa78c8c1297ff267153a068e1a

SHA1
a210bc2a56c6f83685d5390533bb741186d235b7

SHA256
3c4ed9978c591364d00280cbe6760e0162a9207afa5c56ee8b5187c65a7cad10

SHA512
8c4b513b1c5d5461239a9e72573db4ac53254c52b53d7778ea90ef42e57b3e2100313a1f859709f2e5135373c596f3bd37f5af92df4a4a0fcb400fb9a63d169d

Download Submit
C:\Windows\system\qEyahgj.exe

Filesize
6.0MB

MD5
2ef214ae5941b6ccf549fa5893ddbb99

SHA1
a1b0b97f41564b3ddf02023fc29c12f5301b55e2

SHA256
dc01a7ebf94133a540c73fb6c3a9e90c46ae426a45504a14294d879c7c66d116

SHA512
17e34e86d9b00600a8b91551a84e314e1b96bc9987f40a6ac826c1d8f2eec2aa3426c7bcad160184a97ca411b01eafc9656a13ef1f65f500be7742c6445f302f

Download Submit
C:\Windows\system\rIbTOwJ.exe

Filesize
6.0MB

MD5
8f869b4a0d395f0bcda74625d0a99b93

SHA1
a4454d8843fb1c7b30f4ae16d68c032d8933a145

SHA256
45bda140236a79182295e257ab31bd78362909205f0201b131cc0a9379c822a4

SHA512
f6fa5941d6066a926b4baab286cbbbaa0b670280aa2d4faa2cf1107e1a72664fbae613801138ee074b1f6b14e0378052916f8221b5bb40b2ad28083c4b86a24f

Download Submit
C:\Windows\system\tmgoTGn.exe

Filesize
6.0MB

MD5
0f2d2e9988dd5164ed5b8cf52d3dad7d

SHA1
38f6dda1e3e35bc5d9100022ce51bbcdb822fc01

SHA256
0179d983f543195570ab34b18f1760334731b446f68a6ad6f1125fac7d05d296

SHA512
921821e7fc3bda2880c076b57379dcdfe20572611a6c44a10101c81d52d8d73cfe0d8f95ed584513c8b155d48e037d2a67772f450c9e7fcc0d70d5737736d734

Download Submit
C:\Windows\system\wuOFJiI.exe

Filesize
6.0MB

MD5
64ef82f33ec87f52b0b0afc8009ea963

SHA1
9f63f9716774f909fa50448c808f1f5d35b621f9

SHA256
3aa67d38b3866ceabafc67d9409583689b625cb57a16d675098ce88a19dd2ab3

SHA512
5024f6af8967c79d6a1c40daf1d56c6db2f5a9cf310d0955824a58b313c18c878176928d1ce0cdd1b8f51804434a232e2af4ebfa926bd45fd5c8e59408b1058d

Download Submit
\Windows\system\GLpNXIF.exe

Filesize
6.0MB

MD5
749541f0548f18d62eac2168ee7f3d16

SHA1
3438ed650a1d1034d3c1b6ce0b51f03e1d2c9239

SHA256
a7cee79449dfff02eed69b534f50bb6d2d0ba767a216ee9b50e608ed5cb96471

SHA512
7e03e1fdfddf8da4c21a592acdfa850bffcbcf8f1a4535721dcf30192673ec16fb09baa9ee7cdc4ea79ae6ff5fc8f4b40be3651504ecae7a7a454744266b3112

Download Submit
\Windows\system\KYzhjWZ.exe

Filesize
6.0MB

MD5
5847a3364dfbc6dd41c29cc2b105b7af

SHA1
25803f25825e0b383bad97d9c35395b8e503c99f

SHA256
612e3465c8007d116f91f4ee0165e11990ec6e95622a91432872fdcdbe578006

SHA512
621ee1a6c5dc959f3dfa5c459ba403661f797ee37d21b396bc593a6ef23522a2d9a40b0336edc46971be218620397c1a488e436f220f55864f7e8b45a2b0e04c

Download Submit
\Windows\system\MrQNexa.exe

Filesize
6.0MB

MD5
cf02c62b14280afcf36302bb2a63a52d

SHA1
a6fb8fd7a8df1d2f64209669ccfaa64a334a9151

SHA256
141897fd8fc9797f9bffc7eb77345684066136b384e93e7876cf4434c09e0dbe

SHA512
71bb88e57d3cd03b429c769e28331012f163c8018da7a06fa6fb3b1f502641ba87f1c9a57055e2050b8463c319e2cc73bb0e2160765c9d10f4a6461f385db2fa

Download Submit
\Windows\system\jujyDFw.exe

Filesize
6.0MB

MD5
9fb28877b2d8f0dc5585156025dfad0a

SHA1
b11be0891929748109bb27ea93585e955bb6f78e

SHA256
b67bbe29e9c434714d4ec13ed9880e1f0e7209a577d10d68f268d79ef581add7

SHA512
2dc0418749362407111f6a7aa9a0f36634a23da8bf42bdc850b6b2f48156045eb9cb8bf201580021f217070bbd608a66eb0063e9d0a83ba6a4d2291e0b43f710

Download Submit
\Windows\system\lcYaeMR.exe

Filesize
6.0MB

MD5
e2242c59d73b275ee955235b64a7af36

SHA1
a42339637a9a436fa0313c921cd78ce94bcb20da

SHA256
150779213b635956bdb4e67b33d4a575e36f9db8b2d3aa0b4716ca71b7314212

SHA512
f2bf22382efe02f13c78f758f0f0c50773ec20b79289acd39909b37a37976ad0fb78de1c0a6626c7ea0a248d6760016e4b385e1520c8a88db1a0f580636fc16f

Download Submit
memory/1180-102-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1180-3541-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1180-66-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1240-10-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1240-3547-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1240-65-0x000000013F5D0000-0x000000013F924000-memory.dmp

Filesize
3.3MB

Download
memory/1400-35-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1400-3521-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1704-95-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/1704-25-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/1704-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/1704-459-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-15-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1704-210-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1704-0-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1704-17-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/1704-50-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/1704-88-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-53-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-41-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1704-60-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/1704-81-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-69-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/1704-54-0x00000000023B0000-0x0000000002704000-memory.dmp

Filesize
3.3MB

Download
memory/1704-659-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/1704-1117-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2380-13-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2380-3516-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2380-67-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2476-91-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-3551-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2476-752-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-48-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2696-3600-0x000000013FDA0000-0x00000001400F4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-563-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-85-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2712-3550-0x000000013F390000-0x000000013F6E4000-memory.dmp

Filesize
3.3MB

Download
memory/2716-57-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2716-3529-0x000000013FF00000-0x0000000140254000-memory.dmp

Filesize
3.3MB

Download
memory/2744-3558-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-59-0x000000013FA80000-0x000000013FDD4000-memory.dmp

Filesize
3.3MB

Download
memory/2784-299-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2784-3548-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2784-72-0x000000013F1D0000-0x000000013F524000-memory.dmp

Filesize
3.3MB

Download
memory/2812-46-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2812-3525-0x000000013F2D0000-0x000000013F624000-memory.dmp

Filesize
3.3MB

Download
memory/2836-77-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2836-3569-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2892-3549-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2892-78-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2892-392-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2924-972-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2924-3552-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download
memory/2924-98-0x000000013F220000-0x000000013F574000-memory.dmp

Filesize
3.3MB

Download