cobaltstrike | a19d39f9f1e04f036dd08a2863baf9452354d7af7f9713575b0da7e000beb5f9

Analysis

max time kernel
148s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
21/01/2025, 12:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

a23514e48cf21866917b36ca35b0925f
SHA1

369a0ceeaf7f7535adc6daf48035c247d5765927
SHA256

a19d39f9f1e04f036dd08a2863baf9452354d7af7f9713575b0da7e000beb5f9
SHA512

9c292c9d1ff57036b598600fa28f08d4449c53b3f2823ff9f6ba3ce84c26b06cc8446eb3a052d5b6d2a082d9340cffa2af1c8f73737539a1ac776c3ec3f18e45
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU6:T+q56utgpPF8u/76

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x002c000000016d70-3.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000016fc9-12.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001756b-11.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186bb-39.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186c3-46.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000186b7-32.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-27.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b05-54.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000018b28-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-68.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-82.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-87.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-102.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-94.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-113.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-120.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-133.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-129.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf6-143.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf9-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019c3c-153.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d61-160.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d62-164.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019d6d-171.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019e92-174.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fd4-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019fdd-186.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a03c-190.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a049-194.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001a0b6-204.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2824-0-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/files/0x002c000000016d70-3.dat	xmrig
behavioral1/files/0x000d000000016fc9-12.dat	xmrig
behavioral1/memory/2860-13-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2492-15-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x000900000001756b-11.dat	xmrig
behavioral1/memory/2912-23-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2824-18-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/2836-35-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2692-36-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig
behavioral1/files/0x00060000000186bb-39.dat	xmrig
behavioral1/memory/2684-47-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2744-51-0x000000013FFD0000-0x0000000140324000-memory.dmp	xmrig
behavioral1/files/0x00060000000186c3-46.dat	xmrig
behavioral1/memory/2824-43-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/files/0x00060000000186b7-32.dat	xmrig
behavioral1/files/0x0002000000018334-27.dat	xmrig
behavioral1/files/0x0008000000018b05-54.dat	xmrig
behavioral1/memory/2824-57-0x000000013FCB0000-0x0000000140004000-memory.dmp	xmrig
behavioral1/memory/2824-58-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/832-59-0x000000013FD10000-0x0000000140064000-memory.dmp	xmrig
behavioral1/files/0x0008000000018b28-61.dat	xmrig
behavioral1/memory/2492-65-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/memory/1996-67-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c5-68.dat	xmrig
behavioral1/memory/2836-73-0x000000013F510000-0x000000013F864000-memory.dmp	xmrig
behavioral1/memory/2216-75-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2684-74-0x000000013FBC0000-0x000000013FF14000-memory.dmp	xmrig
behavioral1/memory/2824-88-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/memory/3004-89-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c6-82.dat	xmrig
behavioral1/files/0x00050000000195c7-87.dat	xmrig
behavioral1/memory/2412-86-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/memory/2216-103-0x000000013FC10000-0x000000013FF64000-memory.dmp	xmrig
behavioral1/memory/2956-104-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x0005000000019643-102.dat	xmrig
behavioral1/memory/2824-100-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/2824-99-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/2512-97-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-94.dat	xmrig
behavioral1/memory/2412-110-0x000000013F020000-0x000000013F374000-memory.dmp	xmrig
behavioral1/files/0x000500000001975a-113.dat	xmrig
behavioral1/files/0x0005000000019761-120.dat	xmrig
behavioral1/files/0x00050000000197fd-122.dat	xmrig
behavioral1/files/0x000500000001998d-133.dat	xmrig
behavioral1/files/0x0005000000019820-129.dat	xmrig
behavioral1/files/0x0005000000019bf5-138.dat	xmrig
behavioral1/files/0x0005000000019bf6-143.dat	xmrig
behavioral1/files/0x0005000000019bf9-151.dat	xmrig
behavioral1/files/0x0005000000019c3c-153.dat	xmrig
behavioral1/memory/3004-155-0x000000013F0D0000-0x000000013F424000-memory.dmp	xmrig
behavioral1/files/0x0005000000019d61-160.dat	xmrig
behavioral1/files/0x0005000000019d62-164.dat	xmrig
behavioral1/files/0x0005000000019d6d-171.dat	xmrig
behavioral1/files/0x0005000000019e92-174.dat	xmrig
behavioral1/files/0x0005000000019fd4-180.dat	xmrig
behavioral1/files/0x0005000000019fdd-186.dat	xmrig
behavioral1/files/0x000500000001a03c-190.dat	xmrig
behavioral1/files/0x000500000001a049-194.dat	xmrig
behavioral1/memory/2512-199-0x000000013FA50000-0x000000013FDA4000-memory.dmp	xmrig
behavioral1/memory/2824-200-0x00000000022F0000-0x0000000002644000-memory.dmp	xmrig
behavioral1/memory/2956-201-0x000000013FC20000-0x000000013FF74000-memory.dmp	xmrig
behavioral1/files/0x000500000001a0b6-204.dat	xmrig
behavioral1/memory/2692-745-0x000000013FB90000-0x000000013FEE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2860	OcoaHhv.exe
2492	nxnNifq.exe
2912	cJTkjLw.exe
2692	NzDefxe.exe
2836	ylBGlpa.exe
2684	jApmNOT.exe
2744	mFBWUcU.exe
832	PHRSrbl.exe
1996	ZwNVGNP.exe
2216	tHshtiJ.exe
2412	nelPDvn.exe
3004	WTEXqjH.exe
2512	IbkXsjx.exe
2956	bTKBwQB.exe
1484	UYoGotO.exe
1136	QdFrudC.exe
1776	mOQiyxJ.exe
2160	uKlHBum.exe
2144	ibWOkBU.exe
2388	HgjpdFl.exe
3056	ATZysdP.exe
2232	FRSMuhe.exe
2532	jvldBLJ.exe
2340	ukBnRFd.exe
1576	FndiDIG.exe
1600	eCwkkFE.exe
876	ipmkEmm.exe
1592	WKCFVkQ.exe
1712	hGMXjbm.exe
2612	YKGfCmO.exe
1520	yttMmjW.exe
1356	EbXsdJk.exe
2940	MvPgJKa.exe
588	sSXQGxQ.exe
1588	zVzdthC.exe
2324	EnwpVlf.exe
1664	EreWskw.exe
1688	JWrrOwQ.exe
2480	TkTyITN.exe
1004	ooYQEpA.exe
2604	BxduojS.exe
2880	PHNhFfE.exe
1704	ivQnAhB.exe
1068	CmgjofA.exe
2452	iQEPUof.exe
1556	kyzgfQt.exe
1564	dblquRX.exe
2924	CEzeUwa.exe
3012	xliIuqZ.exe
2672	lnPLvPz.exe
2264	MQQRgjg.exe
2100	sePEehh.exe
1184	ZgYniWx.exe
1384	runtpaR.exe
2196	QZpeTek.exe
2476	EnIURxa.exe
1036	XLJdnjb.exe
2984	GZiXXzU.exe
2736	coJjluO.exe
1860	wONDZHe.exe
2660	PsyYItE.exe
2936	QPVfYMn.exe
3052	ZoVIqCs.exe
1948	RwHHKSp.exe

Loads dropped DLL 64 IoCs

pid	Process
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2824-0-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/files/0x002c000000016d70-3.dat	upx
behavioral1/files/0x000d000000016fc9-12.dat	upx
behavioral1/memory/2860-13-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2492-15-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x000900000001756b-11.dat	upx
behavioral1/memory/2912-23-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2836-35-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2692-36-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/files/0x00060000000186bb-39.dat	upx
behavioral1/memory/2684-47-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/2744-51-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/files/0x00060000000186c3-46.dat	upx
behavioral1/files/0x00060000000186b7-32.dat	upx
behavioral1/files/0x0002000000018334-27.dat	upx
behavioral1/files/0x0008000000018b05-54.dat	upx
behavioral1/memory/2824-57-0x000000013FCB0000-0x0000000140004000-memory.dmp	upx
behavioral1/memory/832-59-0x000000013FD10000-0x0000000140064000-memory.dmp	upx
behavioral1/files/0x0008000000018b28-61.dat	upx
behavioral1/memory/2492-65-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/1996-67-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/files/0x00050000000195c5-68.dat	upx
behavioral1/memory/2836-73-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/2216-75-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2684-74-0x000000013FBC0000-0x000000013FF14000-memory.dmp	upx
behavioral1/memory/3004-89-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x00050000000195c6-82.dat	upx
behavioral1/files/0x00050000000195c7-87.dat	upx
behavioral1/memory/2412-86-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/memory/2216-103-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2956-104-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x0005000000019643-102.dat	upx
behavioral1/memory/2512-97-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/files/0x000500000001960c-94.dat	upx
behavioral1/memory/2412-110-0x000000013F020000-0x000000013F374000-memory.dmp	upx
behavioral1/files/0x000500000001975a-113.dat	upx
behavioral1/files/0x0005000000019761-120.dat	upx
behavioral1/files/0x00050000000197fd-122.dat	upx
behavioral1/files/0x000500000001998d-133.dat	upx
behavioral1/files/0x0005000000019820-129.dat	upx
behavioral1/files/0x0005000000019bf5-138.dat	upx
behavioral1/files/0x0005000000019bf6-143.dat	upx
behavioral1/files/0x0005000000019bf9-151.dat	upx
behavioral1/files/0x0005000000019c3c-153.dat	upx
behavioral1/memory/3004-155-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/files/0x0005000000019d61-160.dat	upx
behavioral1/files/0x0005000000019d62-164.dat	upx
behavioral1/files/0x0005000000019d6d-171.dat	upx
behavioral1/files/0x0005000000019e92-174.dat	upx
behavioral1/files/0x0005000000019fd4-180.dat	upx
behavioral1/files/0x0005000000019fdd-186.dat	upx
behavioral1/files/0x000500000001a03c-190.dat	upx
behavioral1/files/0x000500000001a049-194.dat	upx
behavioral1/memory/2512-199-0x000000013FA50000-0x000000013FDA4000-memory.dmp	upx
behavioral1/memory/2956-201-0x000000013FC20000-0x000000013FF74000-memory.dmp	upx
behavioral1/files/0x000500000001a0b6-204.dat	upx
behavioral1/memory/2692-745-0x000000013FB90000-0x000000013FEE4000-memory.dmp	upx
behavioral1/memory/2860-757-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/2836-765-0x000000013F510000-0x000000013F864000-memory.dmp	upx
behavioral1/memory/1996-771-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/3004-781-0x000000013F0D0000-0x000000013F424000-memory.dmp	upx
behavioral1/memory/2216-780-0x000000013FC10000-0x000000013FF64000-memory.dmp	upx
behavioral1/memory/2744-775-0x000000013FFD0000-0x0000000140324000-memory.dmp	upx
behavioral1/memory/2912-753-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\kiSbUXm.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IjDcNfq.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rIeWzBG.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FmPEooG.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VCXXslS.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UbHFgId.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hEFNTRQ.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iQEPUof.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DmUnTLs.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ROcOdQR.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yvRhibc.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BdhfxNT.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jeMnSyK.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sjJnQay.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mmoHeYW.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cJTkjLw.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sePEehh.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HCalCEo.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnqXbLe.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OQogLwy.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WhnEQEF.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PNKXydd.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UxYXHja.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BkZmWhL.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dJYtDKF.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BQXUCVL.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QuLWPMX.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JMBibUN.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mNyWgky.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukBnRFd.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xrfUrRE.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iRNzrYE.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tGNzgXn.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SfWSqoj.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awceaRy.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RvvAYbw.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cBPCoZM.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lTrTXpQ.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gTcWYGw.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDcasOg.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bjOKtAo.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xQAahHA.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bIqNHwM.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tJanPXV.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\opWhBMX.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CyncDQR.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RKinCuw.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bqzVwfL.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IBLvfCQ.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YYocbOP.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVWPZFt.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ycRXtqf.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\glWvpxD.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eWSSCJq.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mpZtlcS.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AVzvgIz.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CUfrhHX.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ecpfEAc.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aWFVxth.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PzMZSJm.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gulEBUz.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NwNgjJW.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SNlHIcV.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uVSCzkE.exe	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2860	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2824 wrote to memory of 2860	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2824 wrote to memory of 2860	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2824 wrote to memory of 2492	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2824 wrote to memory of 2492	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2824 wrote to memory of 2492	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2824 wrote to memory of 2912	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2824 wrote to memory of 2912	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2824 wrote to memory of 2912	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2824 wrote to memory of 2692	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2824 wrote to memory of 2692	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2824 wrote to memory of 2692	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2824 wrote to memory of 2836	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2824 wrote to memory of 2836	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2824 wrote to memory of 2836	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2824 wrote to memory of 2684	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2824 wrote to memory of 2684	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2824 wrote to memory of 2684	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2824 wrote to memory of 2744	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2824 wrote to memory of 2744	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2824 wrote to memory of 2744	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2824 wrote to memory of 832	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2824 wrote to memory of 832	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2824 wrote to memory of 832	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2824 wrote to memory of 1996	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2824 wrote to memory of 1996	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2824 wrote to memory of 1996	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2824 wrote to memory of 2216	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2824 wrote to memory of 2216	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2824 wrote to memory of 2216	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2824 wrote to memory of 2412	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2824 wrote to memory of 2412	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2824 wrote to memory of 2412	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2824 wrote to memory of 3004	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2824 wrote to memory of 3004	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2824 wrote to memory of 3004	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2824 wrote to memory of 2512	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2824 wrote to memory of 2512	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2824 wrote to memory of 2512	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2824 wrote to memory of 2956	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2824 wrote to memory of 2956	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2824 wrote to memory of 2956	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2824 wrote to memory of 1484	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2824 wrote to memory of 1484	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2824 wrote to memory of 1484	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2824 wrote to memory of 1136	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2824 wrote to memory of 1136	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2824 wrote to memory of 1136	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2824 wrote to memory of 1776	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2824 wrote to memory of 1776	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2824 wrote to memory of 1776	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2824 wrote to memory of 2160	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2824 wrote to memory of 2160	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2824 wrote to memory of 2160	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2824 wrote to memory of 2144	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2824 wrote to memory of 2144	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2824 wrote to memory of 2144	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2824 wrote to memory of 2388	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2824 wrote to memory of 2388	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2824 wrote to memory of 2388	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2824 wrote to memory of 3056	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2824 wrote to memory of 3056	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2824 wrote to memory of 3056	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2824 wrote to memory of 2232	2824	2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_a23514e48cf21866917b36ca35b0925f_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\System\OcoaHhv.exe
  C:\Windows\System\OcoaHhv.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\nxnNifq.exe
  C:\Windows\System\nxnNifq.exe
  2⤵
  - Executes dropped EXE
  PID:2492
- C:\Windows\System\cJTkjLw.exe
  C:\Windows\System\cJTkjLw.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\NzDefxe.exe
  C:\Windows\System\NzDefxe.exe
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\System\ylBGlpa.exe
  C:\Windows\System\ylBGlpa.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\jApmNOT.exe
  C:\Windows\System\jApmNOT.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\mFBWUcU.exe
  C:\Windows\System\mFBWUcU.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\PHRSrbl.exe
  C:\Windows\System\PHRSrbl.exe
  2⤵
  - Executes dropped EXE
  PID:832
- C:\Windows\System\ZwNVGNP.exe
  C:\Windows\System\ZwNVGNP.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\tHshtiJ.exe
  C:\Windows\System\tHshtiJ.exe
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\System\nelPDvn.exe
  C:\Windows\System\nelPDvn.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\WTEXqjH.exe
  C:\Windows\System\WTEXqjH.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\IbkXsjx.exe
  C:\Windows\System\IbkXsjx.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\bTKBwQB.exe
  C:\Windows\System\bTKBwQB.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\UYoGotO.exe
  C:\Windows\System\UYoGotO.exe
  2⤵
  - Executes dropped EXE
  PID:1484
- C:\Windows\System\QdFrudC.exe
  C:\Windows\System\QdFrudC.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\mOQiyxJ.exe
  C:\Windows\System\mOQiyxJ.exe
  2⤵
  - Executes dropped EXE
  PID:1776
- C:\Windows\System\uKlHBum.exe
  C:\Windows\System\uKlHBum.exe
  2⤵
  - Executes dropped EXE
  PID:2160
- C:\Windows\System\ibWOkBU.exe
  C:\Windows\System\ibWOkBU.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\HgjpdFl.exe
  C:\Windows\System\HgjpdFl.exe
  2⤵
  - Executes dropped EXE
  PID:2388
- C:\Windows\System\ATZysdP.exe
  C:\Windows\System\ATZysdP.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\FRSMuhe.exe
  C:\Windows\System\FRSMuhe.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\jvldBLJ.exe
  C:\Windows\System\jvldBLJ.exe
  2⤵
  - Executes dropped EXE
  PID:2532
- C:\Windows\System\ukBnRFd.exe
  C:\Windows\System\ukBnRFd.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\FndiDIG.exe
  C:\Windows\System\FndiDIG.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\eCwkkFE.exe
  C:\Windows\System\eCwkkFE.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\ipmkEmm.exe
  C:\Windows\System\ipmkEmm.exe
  2⤵
  - Executes dropped EXE
  PID:876
- C:\Windows\System\WKCFVkQ.exe
  C:\Windows\System\WKCFVkQ.exe
  2⤵
  - Executes dropped EXE
  PID:1592
- C:\Windows\System\hGMXjbm.exe
  C:\Windows\System\hGMXjbm.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\YKGfCmO.exe
  C:\Windows\System\YKGfCmO.exe
  2⤵
  - Executes dropped EXE
  PID:2612
- C:\Windows\System\yttMmjW.exe
  C:\Windows\System\yttMmjW.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\EbXsdJk.exe
  C:\Windows\System\EbXsdJk.exe
  2⤵
  - Executes dropped EXE
  PID:1356
- C:\Windows\System\MvPgJKa.exe
  C:\Windows\System\MvPgJKa.exe
  2⤵
  - Executes dropped EXE
  PID:2940
- C:\Windows\System\sSXQGxQ.exe
  C:\Windows\System\sSXQGxQ.exe
  2⤵
  - Executes dropped EXE
  PID:588
- C:\Windows\System\zVzdthC.exe
  C:\Windows\System\zVzdthC.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\EnwpVlf.exe
  C:\Windows\System\EnwpVlf.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\EreWskw.exe
  C:\Windows\System\EreWskw.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\JWrrOwQ.exe
  C:\Windows\System\JWrrOwQ.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\TkTyITN.exe
  C:\Windows\System\TkTyITN.exe
  2⤵
  - Executes dropped EXE
  PID:2480
- C:\Windows\System\ooYQEpA.exe
  C:\Windows\System\ooYQEpA.exe
  2⤵
  - Executes dropped EXE
  PID:1004
- C:\Windows\System\BxduojS.exe
  C:\Windows\System\BxduojS.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\PHNhFfE.exe
  C:\Windows\System\PHNhFfE.exe
  2⤵
  - Executes dropped EXE
  PID:2880
- C:\Windows\System\ivQnAhB.exe
  C:\Windows\System\ivQnAhB.exe
  2⤵
  - Executes dropped EXE
  PID:1704
- C:\Windows\System\CmgjofA.exe
  C:\Windows\System\CmgjofA.exe
  2⤵
  - Executes dropped EXE
  PID:1068
- C:\Windows\System\iQEPUof.exe
  C:\Windows\System\iQEPUof.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\kyzgfQt.exe
  C:\Windows\System\kyzgfQt.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\dblquRX.exe
  C:\Windows\System\dblquRX.exe
  2⤵
  - Executes dropped EXE
  PID:1564
- C:\Windows\System\CEzeUwa.exe
  C:\Windows\System\CEzeUwa.exe
  2⤵
  - Executes dropped EXE
  PID:2924
- C:\Windows\System\xliIuqZ.exe
  C:\Windows\System\xliIuqZ.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\lnPLvPz.exe
  C:\Windows\System\lnPLvPz.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\MQQRgjg.exe
  C:\Windows\System\MQQRgjg.exe
  2⤵
  - Executes dropped EXE
  PID:2264
- C:\Windows\System\sePEehh.exe
  C:\Windows\System\sePEehh.exe
  2⤵
  - Executes dropped EXE
  PID:2100
- C:\Windows\System\ZgYniWx.exe
  C:\Windows\System\ZgYniWx.exe
  2⤵
  - Executes dropped EXE
  PID:1184
- C:\Windows\System\runtpaR.exe
  C:\Windows\System\runtpaR.exe
  2⤵
  - Executes dropped EXE
  PID:1384
- C:\Windows\System\EnIURxa.exe
  C:\Windows\System\EnIURxa.exe
  2⤵
  - Executes dropped EXE
  PID:2476
- C:\Windows\System\QZpeTek.exe
  C:\Windows\System\QZpeTek.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\XLJdnjb.exe
  C:\Windows\System\XLJdnjb.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\GZiXXzU.exe
  C:\Windows\System\GZiXXzU.exe
  2⤵
  - Executes dropped EXE
  PID:2984
- C:\Windows\System\PsyYItE.exe
  C:\Windows\System\PsyYItE.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\coJjluO.exe
  C:\Windows\System\coJjluO.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\QPVfYMn.exe
  C:\Windows\System\QPVfYMn.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\wONDZHe.exe
  C:\Windows\System\wONDZHe.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\ZoVIqCs.exe
  C:\Windows\System\ZoVIqCs.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\RwHHKSp.exe
  C:\Windows\System\RwHHKSp.exe
  2⤵
  - Executes dropped EXE
  PID:1948
- C:\Windows\System\lDUbzME.exe
  C:\Windows\System\lDUbzME.exe
  2⤵
  PID:2928
- C:\Windows\System\WnmJGFF.exe
  C:\Windows\System\WnmJGFF.exe
  2⤵
  PID:1924
- C:\Windows\System\myWwHSJ.exe
  C:\Windows\System\myWwHSJ.exe
  2⤵
  PID:2996
- C:\Windows\System\ikjcAxg.exe
  C:\Windows\System\ikjcAxg.exe
  2⤵
  PID:2396
- C:\Windows\System\tEIxDBc.exe
  C:\Windows\System\tEIxDBc.exe
  2⤵
  PID:2768
- C:\Windows\System\BdYgDmF.exe
  C:\Windows\System\BdYgDmF.exe
  2⤵
  PID:2084
- C:\Windows\System\vbaxnEZ.exe
  C:\Windows\System\vbaxnEZ.exe
  2⤵
  PID:516
- C:\Windows\System\bPbCrDd.exe
  C:\Windows\System\bPbCrDd.exe
  2⤵
  PID:992
- C:\Windows\System\NwNgjJW.exe
  C:\Windows\System\NwNgjJW.exe
  2⤵
  PID:2248
- C:\Windows\System\txmNTLN.exe
  C:\Windows\System\txmNTLN.exe
  2⤵
  PID:1144
- C:\Windows\System\ULlRBlH.exe
  C:\Windows\System\ULlRBlH.exe
  2⤵
  PID:628
- C:\Windows\System\ltjmKXm.exe
  C:\Windows\System\ltjmKXm.exe
  2⤵
  PID:2200
- C:\Windows\System\YyLkIpo.exe
  C:\Windows\System\YyLkIpo.exe
  2⤵
  PID:2320
- C:\Windows\System\dgEZrjR.exe
  C:\Windows\System\dgEZrjR.exe
  2⤵
  PID:816
- C:\Windows\System\ItjZaQY.exe
  C:\Windows\System\ItjZaQY.exe
  2⤵
  PID:732
- C:\Windows\System\lnmtDTa.exe
  C:\Windows\System\lnmtDTa.exe
  2⤵
  PID:1884
- C:\Windows\System\pcMIXpq.exe
  C:\Windows\System\pcMIXpq.exe
  2⤵
  PID:568
- C:\Windows\System\mCprnYS.exe
  C:\Windows\System\mCprnYS.exe
  2⤵
  PID:1784
- C:\Windows\System\oHHruuI.exe
  C:\Windows\System\oHHruuI.exe
  2⤵
  PID:2988
- C:\Windows\System\yzNOJEp.exe
  C:\Windows\System\yzNOJEp.exe
  2⤵
  PID:1740
- C:\Windows\System\TzfDCkQ.exe
  C:\Windows\System\TzfDCkQ.exe
  2⤵
  PID:2764
- C:\Windows\System\nUUwStJ.exe
  C:\Windows\System\nUUwStJ.exe
  2⤵
  PID:2316
- C:\Windows\System\iBaJKBn.exe
  C:\Windows\System\iBaJKBn.exe
  2⤵
  PID:2336
- C:\Windows\System\HNvLSiW.exe
  C:\Windows\System\HNvLSiW.exe
  2⤵
  PID:1984
- C:\Windows\System\rQCzfNi.exe
  C:\Windows\System\rQCzfNi.exe
  2⤵
  PID:2624
- C:\Windows\System\IjDcNfq.exe
  C:\Windows\System\IjDcNfq.exe
  2⤵
  PID:1008
- C:\Windows\System\ZkyLFNP.exe
  C:\Windows\System\ZkyLFNP.exe
  2⤵
  PID:1048
- C:\Windows\System\OcdevOA.exe
  C:\Windows\System\OcdevOA.exe
  2⤵
  PID:2332
- C:\Windows\System\aiXYMdS.exe
  C:\Windows\System\aiXYMdS.exe
  2⤵
  PID:2792
- C:\Windows\System\HmGZLrg.exe
  C:\Windows\System\HmGZLrg.exe
  2⤵
  PID:3064
- C:\Windows\System\PZAsxvw.exe
  C:\Windows\System\PZAsxvw.exe
  2⤵
  PID:2676
- C:\Windows\System\lxqUKBU.exe
  C:\Windows\System\lxqUKBU.exe
  2⤵
  PID:2832
- C:\Windows\System\CWARxqt.exe
  C:\Windows\System\CWARxqt.exe
  2⤵
  PID:736
- C:\Windows\System\fcptXVf.exe
  C:\Windows\System\fcptXVf.exe
  2⤵
  PID:1076
- C:\Windows\System\GjMaNlz.exe
  C:\Windows\System\GjMaNlz.exe
  2⤵
  PID:2404
- C:\Windows\System\bEaeGRb.exe
  C:\Windows\System\bEaeGRb.exe
  2⤵
  PID:2900
- C:\Windows\System\tRthUgD.exe
  C:\Windows\System\tRthUgD.exe
  2⤵
  PID:2616
- C:\Windows\System\WuwFMkN.exe
  C:\Windows\System\WuwFMkN.exe
  2⤵
  PID:2968
- C:\Windows\System\NrDvBub.exe
  C:\Windows\System\NrDvBub.exe
  2⤵
  PID:2252
- C:\Windows\System\UUcpQvz.exe
  C:\Windows\System\UUcpQvz.exe
  2⤵
  PID:1668
- C:\Windows\System\KHNjUBe.exe
  C:\Windows\System\KHNjUBe.exe
  2⤵
  PID:2104
- C:\Windows\System\xUoACwC.exe
  C:\Windows\System\xUoACwC.exe
  2⤵
  PID:2004
- C:\Windows\System\dzkFBTD.exe
  C:\Windows\System\dzkFBTD.exe
  2⤵
  PID:3008
- C:\Windows\System\atqRama.exe
  C:\Windows\System\atqRama.exe
  2⤵
  PID:908
- C:\Windows\System\LnBRMoh.exe
  C:\Windows\System\LnBRMoh.exe
  2⤵
  PID:760
- C:\Windows\System\fUNOMSW.exe
  C:\Windows\System\fUNOMSW.exe
  2⤵
  PID:2024
- C:\Windows\System\YAylsJT.exe
  C:\Windows\System\YAylsJT.exe
  2⤵
  PID:2148
- C:\Windows\System\QgovrWb.exe
  C:\Windows\System\QgovrWb.exe
  2⤵
  PID:1868
- C:\Windows\System\XPLmnbs.exe
  C:\Windows\System\XPLmnbs.exe
  2⤵
  PID:2528
- C:\Windows\System\lzpUSWy.exe
  C:\Windows\System\lzpUSWy.exe
  2⤵
  PID:676
- C:\Windows\System\RNDLftH.exe
  C:\Windows\System\RNDLftH.exe
  2⤵
  PID:2516
- C:\Windows\System\GYfVOlX.exe
  C:\Windows\System\GYfVOlX.exe
  2⤵
  PID:2344
- C:\Windows\System\NbrXLlA.exe
  C:\Windows\System\NbrXLlA.exe
  2⤵
  PID:2392
- C:\Windows\System\lerUsHq.exe
  C:\Windows\System\lerUsHq.exe
  2⤵
  PID:956
- C:\Windows\System\DmUnTLs.exe
  C:\Windows\System\DmUnTLs.exe
  2⤵
  PID:952
- C:\Windows\System\ROlfpQj.exe
  C:\Windows\System\ROlfpQj.exe
  2⤵
  PID:1960
- C:\Windows\System\BxhoBHs.exe
  C:\Windows\System\BxhoBHs.exe
  2⤵
  PID:1512
- C:\Windows\System\WIazutL.exe
  C:\Windows\System\WIazutL.exe
  2⤵
  PID:2536
- C:\Windows\System\QuLWPMX.exe
  C:\Windows\System\QuLWPMX.exe
  2⤵
  PID:2432
- C:\Windows\System\dEMKBfq.exe
  C:\Windows\System\dEMKBfq.exe
  2⤵
  PID:752
- C:\Windows\System\SIGVGsD.exe
  C:\Windows\System\SIGVGsD.exe
  2⤵
  PID:2600
- C:\Windows\System\ZEcybKw.exe
  C:\Windows\System\ZEcybKw.exe
  2⤵
  PID:1620
- C:\Windows\System\YjZcBvI.exe
  C:\Windows\System\YjZcBvI.exe
  2⤵
  PID:1232
- C:\Windows\System\DxrGOSK.exe
  C:\Windows\System\DxrGOSK.exe
  2⤵
  PID:2872
- C:\Windows\System\CyncDQR.exe
  C:\Windows\System\CyncDQR.exe
  2⤵
  PID:2828
- C:\Windows\System\JyjAhnL.exe
  C:\Windows\System\JyjAhnL.exe
  2⤵
  PID:2884
- C:\Windows\System\JMBibUN.exe
  C:\Windows\System\JMBibUN.exe
  2⤵
  PID:2740
- C:\Windows\System\MtXNZGG.exe
  C:\Windows\System\MtXNZGG.exe
  2⤵
  PID:2908
- C:\Windows\System\glkyOVR.exe
  C:\Windows\System\glkyOVR.exe
  2⤵
  PID:1596
- C:\Windows\System\FxaTJup.exe
  C:\Windows\System\FxaTJup.exe
  2⤵
  PID:3000
- C:\Windows\System\pYRQlCH.exe
  C:\Windows\System\pYRQlCH.exe
  2⤵
  PID:2260
- C:\Windows\System\akyFgjX.exe
  C:\Windows\System\akyFgjX.exe
  2⤵
  PID:2076
- C:\Windows\System\bIZTlCe.exe
  C:\Windows\System\bIZTlCe.exe
  2⤵
  PID:900
- C:\Windows\System\NwSDqwo.exe
  C:\Windows\System\NwSDqwo.exe
  2⤵
  PID:896
- C:\Windows\System\RKVSNLF.exe
  C:\Windows\System\RKVSNLF.exe
  2⤵
  PID:2220
- C:\Windows\System\ROcOdQR.exe
  C:\Windows\System\ROcOdQR.exe
  2⤵
  PID:788
- C:\Windows\System\xtmUlOW.exe
  C:\Windows\System\xtmUlOW.exe
  2⤵
  PID:1472
- C:\Windows\System\RMeQJvu.exe
  C:\Windows\System\RMeQJvu.exe
  2⤵
  PID:2552
- C:\Windows\System\VqNEPob.exe
  C:\Windows\System\VqNEPob.exe
  2⤵
  PID:2732
- C:\Windows\System\deTIRMB.exe
  C:\Windows\System\deTIRMB.exe
  2⤵
  PID:2444
- C:\Windows\System\eKOiAPv.exe
  C:\Windows\System\eKOiAPv.exe
  2⤵
  PID:1980
- C:\Windows\System\qemxTRQ.exe
  C:\Windows\System\qemxTRQ.exe
  2⤵
  PID:784
- C:\Windows\System\RBQffVT.exe
  C:\Windows\System\RBQffVT.exe
  2⤵
  PID:740
- C:\Windows\System\XwqGBki.exe
  C:\Windows\System\XwqGBki.exe
  2⤵
  PID:1352
- C:\Windows\System\hQWDNuJ.exe
  C:\Windows\System\hQWDNuJ.exe
  2⤵
  PID:2056
- C:\Windows\System\wjCrdPl.exe
  C:\Windows\System\wjCrdPl.exe
  2⤵
  PID:2192
- C:\Windows\System\eWSSCJq.exe
  C:\Windows\System\eWSSCJq.exe
  2⤵
  PID:2300
- C:\Windows\System\bDDZwBx.exe
  C:\Windows\System\bDDZwBx.exe
  2⤵
  PID:1732
- C:\Windows\System\aomEGNk.exe
  C:\Windows\System\aomEGNk.exe
  2⤵
  PID:2720
- C:\Windows\System\KhgjCBL.exe
  C:\Windows\System\KhgjCBL.exe
  2⤵
  PID:912
- C:\Windows\System\EhLxXjw.exe
  C:\Windows\System\EhLxXjw.exe
  2⤵
  PID:1928
- C:\Windows\System\gOnfMtE.exe
  C:\Windows\System\gOnfMtE.exe
  2⤵
  PID:1692
- C:\Windows\System\DfubGHl.exe
  C:\Windows\System\DfubGHl.exe
  2⤵
  PID:1964
- C:\Windows\System\YOkPfta.exe
  C:\Windows\System\YOkPfta.exe
  2⤵
  PID:1188
- C:\Windows\System\UYdsckH.exe
  C:\Windows\System\UYdsckH.exe
  2⤵
  PID:936
- C:\Windows\System\lwXSlxH.exe
  C:\Windows\System\lwXSlxH.exe
  2⤵
  PID:1616
- C:\Windows\System\xQAahHA.exe
  C:\Windows\System\xQAahHA.exe
  2⤵
  PID:1736
- C:\Windows\System\GUIhuzM.exe
  C:\Windows\System\GUIhuzM.exe
  2⤵
  PID:1064
- C:\Windows\System\jyiFWRX.exe
  C:\Windows\System\jyiFWRX.exe
  2⤵
  PID:1872
- C:\Windows\System\YYegrvc.exe
  C:\Windows\System\YYegrvc.exe
  2⤵
  PID:1412
- C:\Windows\System\aBlRGHR.exe
  C:\Windows\System\aBlRGHR.exe
  2⤵
  PID:3020
- C:\Windows\System\kOHMudX.exe
  C:\Windows\System\kOHMudX.exe
  2⤵
  PID:2176
- C:\Windows\System\kmtodSJ.exe
  C:\Windows\System\kmtodSJ.exe
  2⤵
  PID:2124
- C:\Windows\System\HCalCEo.exe
  C:\Windows\System\HCalCEo.exe
  2⤵
  PID:1656
- C:\Windows\System\IEQYrUD.exe
  C:\Windows\System\IEQYrUD.exe
  2⤵
  PID:1916
- C:\Windows\System\faXFAMq.exe
  C:\Windows\System\faXFAMq.exe
  2⤵
  PID:1768
- C:\Windows\System\vAYNQkn.exe
  C:\Windows\System\vAYNQkn.exe
  2⤵
  PID:2020
- C:\Windows\System\ncrSrBd.exe
  C:\Windows\System\ncrSrBd.exe
  2⤵
  PID:1936
- C:\Windows\System\rIGRKjz.exe
  C:\Windows\System\rIGRKjz.exe
  2⤵
  PID:2156
- C:\Windows\System\TaOMUZP.exe
  C:\Windows\System\TaOMUZP.exe
  2⤵
  PID:2088
- C:\Windows\System\onhARJs.exe
  C:\Windows\System\onhARJs.exe
  2⤵
  PID:852
- C:\Windows\System\rpKqUWb.exe
  C:\Windows\System\rpKqUWb.exe
  2⤵
  PID:1804
- C:\Windows\System\jUWYIlM.exe
  C:\Windows\System\jUWYIlM.exe
  2⤵
  PID:2356
- C:\Windows\System\UDAPqRc.exe
  C:\Windows\System\UDAPqRc.exe
  2⤵
  PID:680
- C:\Windows\System\mLnTIXN.exe
  C:\Windows\System\mLnTIXN.exe
  2⤵
  PID:2112
- C:\Windows\System\CphWpaS.exe
  C:\Windows\System\CphWpaS.exe
  2⤵
  PID:2408
- C:\Windows\System\aWKaRji.exe
  C:\Windows\System\aWKaRji.exe
  2⤵
  PID:3088
- C:\Windows\System\AIJwHyE.exe
  C:\Windows\System\AIJwHyE.exe
  2⤵
  PID:3104
- C:\Windows\System\gVfuuBo.exe
  C:\Windows\System\gVfuuBo.exe
  2⤵
  PID:3128
- C:\Windows\System\NNTWUpq.exe
  C:\Windows\System\NNTWUpq.exe
  2⤵
  PID:3144
- C:\Windows\System\RCYHqFm.exe
  C:\Windows\System\RCYHqFm.exe
  2⤵
  PID:3172
- C:\Windows\System\VtfkDLN.exe
  C:\Windows\System\VtfkDLN.exe
  2⤵
  PID:3188
- C:\Windows\System\tVsjIdF.exe
  C:\Windows\System\tVsjIdF.exe
  2⤵
  PID:3212
- C:\Windows\System\AyStwwy.exe
  C:\Windows\System\AyStwwy.exe
  2⤵
  PID:3232
- C:\Windows\System\DtXBJOx.exe
  C:\Windows\System\DtXBJOx.exe
  2⤵
  PID:3248
- C:\Windows\System\ftJuVzO.exe
  C:\Windows\System\ftJuVzO.exe
  2⤵
  PID:3268
- C:\Windows\System\QSMUPZG.exe
  C:\Windows\System\QSMUPZG.exe
  2⤵
  PID:3288
- C:\Windows\System\hLssfJm.exe
  C:\Windows\System\hLssfJm.exe
  2⤵
  PID:3304
- C:\Windows\System\YYocbOP.exe
  C:\Windows\System\YYocbOP.exe
  2⤵
  PID:3324
- C:\Windows\System\faYEwTk.exe
  C:\Windows\System\faYEwTk.exe
  2⤵
  PID:3344
- C:\Windows\System\KEpmuFA.exe
  C:\Windows\System\KEpmuFA.exe
  2⤵
  PID:3364
- C:\Windows\System\cxZTJEV.exe
  C:\Windows\System\cxZTJEV.exe
  2⤵
  PID:3388
- C:\Windows\System\yvRhibc.exe
  C:\Windows\System\yvRhibc.exe
  2⤵
  PID:3404
- C:\Windows\System\bIqNHwM.exe
  C:\Windows\System\bIqNHwM.exe
  2⤵
  PID:3428
- C:\Windows\System\JgbbDFK.exe
  C:\Windows\System\JgbbDFK.exe
  2⤵
  PID:3452
- C:\Windows\System\NKCGTqY.exe
  C:\Windows\System\NKCGTqY.exe
  2⤵
  PID:3468
- C:\Windows\System\SfWSqoj.exe
  C:\Windows\System\SfWSqoj.exe
  2⤵
  PID:3488
- C:\Windows\System\pFVTYoV.exe
  C:\Windows\System\pFVTYoV.exe
  2⤵
  PID:3512
- C:\Windows\System\hVpZuDz.exe
  C:\Windows\System\hVpZuDz.exe
  2⤵
  PID:3528
- C:\Windows\System\YjEtEyk.exe
  C:\Windows\System\YjEtEyk.exe
  2⤵
  PID:3552
- C:\Windows\System\MCCFDPX.exe
  C:\Windows\System\MCCFDPX.exe
  2⤵
  PID:3568
- C:\Windows\System\GziskIE.exe
  C:\Windows\System\GziskIE.exe
  2⤵
  PID:3592
- C:\Windows\System\BdhfxNT.exe
  C:\Windows\System\BdhfxNT.exe
  2⤵
  PID:3612
- C:\Windows\System\VOlOxAW.exe
  C:\Windows\System\VOlOxAW.exe
  2⤵
  PID:3664
- C:\Windows\System\hizoZGl.exe
  C:\Windows\System\hizoZGl.exe
  2⤵
  PID:3684
- C:\Windows\System\tbrxsZp.exe
  C:\Windows\System\tbrxsZp.exe
  2⤵
  PID:3700
- C:\Windows\System\pnDIggt.exe
  C:\Windows\System\pnDIggt.exe
  2⤵
  PID:3720
- C:\Windows\System\txiHkVf.exe
  C:\Windows\System\txiHkVf.exe
  2⤵
  PID:3740
- C:\Windows\System\nCuFaPM.exe
  C:\Windows\System\nCuFaPM.exe
  2⤵
  PID:3756
- C:\Windows\System\tJanPXV.exe
  C:\Windows\System\tJanPXV.exe
  2⤵
  PID:3776
- C:\Windows\System\jeMnSyK.exe
  C:\Windows\System\jeMnSyK.exe
  2⤵
  PID:3832
- C:\Windows\System\njGWBAS.exe
  C:\Windows\System\njGWBAS.exe
  2⤵
  PID:3848
- C:\Windows\System\CuoFhBe.exe
  C:\Windows\System\CuoFhBe.exe
  2⤵
  PID:3864
- C:\Windows\System\wAtbCGa.exe
  C:\Windows\System\wAtbCGa.exe
  2⤵
  PID:3884
- C:\Windows\System\aWpAzgO.exe
  C:\Windows\System\aWpAzgO.exe
  2⤵
  PID:3900
- C:\Windows\System\QugJpZZ.exe
  C:\Windows\System\QugJpZZ.exe
  2⤵
  PID:3924
- C:\Windows\System\kpCgyHK.exe
  C:\Windows\System\kpCgyHK.exe
  2⤵
  PID:3984
- C:\Windows\System\TtAlvBt.exe
  C:\Windows\System\TtAlvBt.exe
  2⤵
  PID:4008
- C:\Windows\System\AOVkqeb.exe
  C:\Windows\System\AOVkqeb.exe
  2⤵
  PID:4024
- C:\Windows\System\FkUTBAc.exe
  C:\Windows\System\FkUTBAc.exe
  2⤵
  PID:4056
- C:\Windows\System\eVWPZFt.exe
  C:\Windows\System\eVWPZFt.exe
  2⤵
  PID:4080
- C:\Windows\System\wcXinxj.exe
  C:\Windows\System\wcXinxj.exe
  2⤵
  PID:1392
- C:\Windows\System\lqIySgR.exe
  C:\Windows\System\lqIySgR.exe
  2⤵
  PID:3076
- C:\Windows\System\rIeWzBG.exe
  C:\Windows\System\rIeWzBG.exe
  2⤵
  PID:3124
- C:\Windows\System\GZmzKlp.exe
  C:\Windows\System\GZmzKlp.exe
  2⤵
  PID:2756
- C:\Windows\System\tMQHQAd.exe
  C:\Windows\System\tMQHQAd.exe
  2⤵
  PID:3160
- C:\Windows\System\Zjnkhzk.exe
  C:\Windows\System\Zjnkhzk.exe
  2⤵
  PID:3208
- C:\Windows\System\CMTfawl.exe
  C:\Windows\System\CMTfawl.exe
  2⤵
  PID:3240
- C:\Windows\System\wFNpFxw.exe
  C:\Windows\System\wFNpFxw.exe
  2⤵
  PID:3280
- C:\Windows\System\UtHJsQF.exe
  C:\Windows\System\UtHJsQF.exe
  2⤵
  PID:3352
- C:\Windows\System\SNlHIcV.exe
  C:\Windows\System\SNlHIcV.exe
  2⤵
  PID:3336
- C:\Windows\System\HiSzoGR.exe
  C:\Windows\System\HiSzoGR.exe
  2⤵
  PID:3372
- C:\Windows\System\ShMPtpD.exe
  C:\Windows\System\ShMPtpD.exe
  2⤵
  PID:3436
- C:\Windows\System\STVCsMJ.exe
  C:\Windows\System\STVCsMJ.exe
  2⤵
  PID:3416
- C:\Windows\System\GKbQyva.exe
  C:\Windows\System\GKbQyva.exe
  2⤵
  PID:3496
- C:\Windows\System\gQQjnSa.exe
  C:\Windows\System\gQQjnSa.exe
  2⤵
  PID:3520
- C:\Windows\System\coEWcoI.exe
  C:\Windows\System\coEWcoI.exe
  2⤵
  PID:3544
- C:\Windows\System\jZjUkrU.exe
  C:\Windows\System\jZjUkrU.exe
  2⤵
  PID:3580
- C:\Windows\System\imYmrvC.exe
  C:\Windows\System\imYmrvC.exe
  2⤵
  PID:3620
- C:\Windows\System\DNOucAK.exe
  C:\Windows\System\DNOucAK.exe
  2⤵
  PID:3632
- C:\Windows\System\aTyLJrG.exe
  C:\Windows\System\aTyLJrG.exe
  2⤵
  PID:3672
- C:\Windows\System\FBvHOaO.exe
  C:\Windows\System\FBvHOaO.exe
  2⤵
  PID:3696
- C:\Windows\System\qSZZTwA.exe
  C:\Windows\System\qSZZTwA.exe
  2⤵
  PID:3748
- C:\Windows\System\xJpAZFv.exe
  C:\Windows\System\xJpAZFv.exe
  2⤵
  PID:3808
- C:\Windows\System\KHiuakQ.exe
  C:\Windows\System\KHiuakQ.exe
  2⤵
  PID:3828
- C:\Windows\System\dSYIRrt.exe
  C:\Windows\System\dSYIRrt.exe
  2⤵
  PID:3872
- C:\Windows\System\dxylvet.exe
  C:\Windows\System\dxylvet.exe
  2⤵
  PID:3892
- C:\Windows\System\tkiVjjv.exe
  C:\Windows\System\tkiVjjv.exe
  2⤵
  PID:3940
- C:\Windows\System\PslLKEu.exe
  C:\Windows\System\PslLKEu.exe
  2⤵
  PID:3972
- C:\Windows\System\KKlmvJt.exe
  C:\Windows\System\KKlmvJt.exe
  2⤵
  PID:3800
- C:\Windows\System\zAFwxIb.exe
  C:\Windows\System\zAFwxIb.exe
  2⤵
  PID:4004
- C:\Windows\System\PpdTWQN.exe
  C:\Windows\System\PpdTWQN.exe
  2⤵
  PID:3968
- C:\Windows\System\IZMKCsS.exe
  C:\Windows\System\IZMKCsS.exe
  2⤵
  PID:3820
- C:\Windows\System\trJjmeD.exe
  C:\Windows\System\trJjmeD.exe
  2⤵
  PID:4036
- C:\Windows\System\gESgiiV.exe
  C:\Windows\System\gESgiiV.exe
  2⤵
  PID:4088
- C:\Windows\System\uUldJPN.exe
  C:\Windows\System\uUldJPN.exe
  2⤵
  PID:3084
- C:\Windows\System\AOWXBdq.exe
  C:\Windows\System\AOWXBdq.exe
  2⤵
  PID:3164
- C:\Windows\System\eqlABHx.exe
  C:\Windows\System\eqlABHx.exe
  2⤵
  PID:3196
- C:\Windows\System\jnclVsl.exe
  C:\Windows\System\jnclVsl.exe
  2⤵
  PID:3264
- C:\Windows\System\wRCdLMj.exe
  C:\Windows\System\wRCdLMj.exe
  2⤵
  PID:3300
- C:\Windows\System\blrhaPU.exe
  C:\Windows\System\blrhaPU.exe
  2⤵
  PID:3332
- C:\Windows\System\QjOpmHJ.exe
  C:\Windows\System\QjOpmHJ.exe
  2⤵
  PID:3448
- C:\Windows\System\Jtmuljf.exe
  C:\Windows\System\Jtmuljf.exe
  2⤵
  PID:3480
- C:\Windows\System\ArjRPxM.exe
  C:\Windows\System\ArjRPxM.exe
  2⤵
  PID:3536
- C:\Windows\System\ssaoYvn.exe
  C:\Windows\System\ssaoYvn.exe
  2⤵
  PID:3608
- C:\Windows\System\NpMYBCC.exe
  C:\Windows\System\NpMYBCC.exe
  2⤵
  PID:3624
- C:\Windows\System\FHYOBfP.exe
  C:\Windows\System\FHYOBfP.exe
  2⤵
  PID:3728
- C:\Windows\System\EHfemXX.exe
  C:\Windows\System\EHfemXX.exe
  2⤵
  PID:3816
- C:\Windows\System\daqulaM.exe
  C:\Windows\System\daqulaM.exe
  2⤵
  PID:3856
- C:\Windows\System\gOcoyBd.exe
  C:\Windows\System\gOcoyBd.exe
  2⤵
  PID:3844
- C:\Windows\System\OrOYEvw.exe
  C:\Windows\System\OrOYEvw.exe
  2⤵
  PID:3960
- C:\Windows\System\FRkUTop.exe
  C:\Windows\System\FRkUTop.exe
  2⤵
  PID:3976
- C:\Windows\System\pyyBFrd.exe
  C:\Windows\System\pyyBFrd.exe
  2⤵
  PID:4044
- C:\Windows\System\NiQGKfp.exe
  C:\Windows\System\NiQGKfp.exe
  2⤵
  PID:3876
- C:\Windows\System\CtGgdci.exe
  C:\Windows\System\CtGgdci.exe
  2⤵
  PID:3788
- C:\Windows\System\jLnUHeP.exe
  C:\Windows\System\jLnUHeP.exe
  2⤵
  PID:3136
- C:\Windows\System\VQZzDSA.exe
  C:\Windows\System\VQZzDSA.exe
  2⤵
  PID:3276
- C:\Windows\System\BUWuTKw.exe
  C:\Windows\System\BUWuTKw.exe
  2⤵
  PID:3396
- C:\Windows\System\EZLmQcw.exe
  C:\Windows\System\EZLmQcw.exe
  2⤵
  PID:3400
- C:\Windows\System\xZPSiKu.exe
  C:\Windows\System\xZPSiKu.exe
  2⤵
  PID:3604
- C:\Windows\System\MlCWMOf.exe
  C:\Windows\System\MlCWMOf.exe
  2⤵
  PID:3640
- C:\Windows\System\gbHTyRc.exe
  C:\Windows\System\gbHTyRc.exe
  2⤵
  PID:3716
- C:\Windows\System\NDAMvyP.exe
  C:\Windows\System\NDAMvyP.exe
  2⤵
  PID:3792
- C:\Windows\System\kyFhTRQ.exe
  C:\Windows\System\kyFhTRQ.exe
  2⤵
  PID:3880
- C:\Windows\System\FmPEooG.exe
  C:\Windows\System\FmPEooG.exe
  2⤵
  PID:4064
- C:\Windows\System\CGXaxme.exe
  C:\Windows\System\CGXaxme.exe
  2⤵
  PID:3736
- C:\Windows\System\GfvdOWd.exe
  C:\Windows\System\GfvdOWd.exe
  2⤵
  PID:3120
- C:\Windows\System\vafrfBQ.exe
  C:\Windows\System\vafrfBQ.exe
  2⤵
  PID:3112
- C:\Windows\System\lHfwrWx.exe
  C:\Windows\System\lHfwrWx.exe
  2⤵
  PID:3320
- C:\Windows\System\HKFFdXI.exe
  C:\Windows\System\HKFFdXI.exe
  2⤵
  PID:3312
- C:\Windows\System\DQGOYJg.exe
  C:\Windows\System\DQGOYJg.exe
  2⤵
  PID:3600
- C:\Windows\System\tgKzDQA.exe
  C:\Windows\System\tgKzDQA.exe
  2⤵
  PID:3708
- C:\Windows\System\mAMjgKN.exe
  C:\Windows\System\mAMjgKN.exe
  2⤵
  PID:4092
- C:\Windows\System\VVECCzv.exe
  C:\Windows\System\VVECCzv.exe
  2⤵
  PID:3484
- C:\Windows\System\DYKfOvn.exe
  C:\Windows\System\DYKfOvn.exe
  2⤵
  PID:4000
- C:\Windows\System\XsEdNfO.exe
  C:\Windows\System\XsEdNfO.exe
  2⤵
  PID:3584
- C:\Windows\System\OAnoCze.exe
  C:\Windows\System\OAnoCze.exe
  2⤵
  PID:4100
- C:\Windows\System\xuHoTZc.exe
  C:\Windows\System\xuHoTZc.exe
  2⤵
  PID:4124
- C:\Windows\System\ecrHbhc.exe
  C:\Windows\System\ecrHbhc.exe
  2⤵
  PID:4148
- C:\Windows\System\avzKnQc.exe
  C:\Windows\System\avzKnQc.exe
  2⤵
  PID:4164
- C:\Windows\System\TUtgUFx.exe
  C:\Windows\System\TUtgUFx.exe
  2⤵
  PID:4188
- C:\Windows\System\eNzLXUv.exe
  C:\Windows\System\eNzLXUv.exe
  2⤵
  PID:4212
- C:\Windows\System\bfNbfTV.exe
  C:\Windows\System\bfNbfTV.exe
  2⤵
  PID:4232
- C:\Windows\System\lEajHTe.exe
  C:\Windows\System\lEajHTe.exe
  2⤵
  PID:4248
- C:\Windows\System\FluGDrB.exe
  C:\Windows\System\FluGDrB.exe
  2⤵
  PID:4264
- C:\Windows\System\bKPHACp.exe
  C:\Windows\System\bKPHACp.exe
  2⤵
  PID:4288
- C:\Windows\System\ezaYMJR.exe
  C:\Windows\System\ezaYMJR.exe
  2⤵
  PID:4312
- C:\Windows\System\VCXXslS.exe
  C:\Windows\System\VCXXslS.exe
  2⤵
  PID:4328
- C:\Windows\System\BqqivQr.exe
  C:\Windows\System\BqqivQr.exe
  2⤵
  PID:4348
- C:\Windows\System\EwaKBaR.exe
  C:\Windows\System\EwaKBaR.exe
  2⤵
  PID:4368
- C:\Windows\System\EvAGXus.exe
  C:\Windows\System\EvAGXus.exe
  2⤵
  PID:4384
- C:\Windows\System\rZgFuHV.exe
  C:\Windows\System\rZgFuHV.exe
  2⤵
  PID:4400
- C:\Windows\System\wEgnsFF.exe
  C:\Windows\System\wEgnsFF.exe
  2⤵
  PID:4420
- C:\Windows\System\vlnypZB.exe
  C:\Windows\System\vlnypZB.exe
  2⤵
  PID:4440
- C:\Windows\System\TQtoqwC.exe
  C:\Windows\System\TQtoqwC.exe
  2⤵
  PID:4456
- C:\Windows\System\EJTRHNW.exe
  C:\Windows\System\EJTRHNW.exe
  2⤵
  PID:4476
- C:\Windows\System\ypyXtAB.exe
  C:\Windows\System\ypyXtAB.exe
  2⤵
  PID:4492
- C:\Windows\System\fiPgplc.exe
  C:\Windows\System\fiPgplc.exe
  2⤵
  PID:4520
- C:\Windows\System\gGsVkVZ.exe
  C:\Windows\System\gGsVkVZ.exe
  2⤵
  PID:4540
- C:\Windows\System\NSMOxom.exe
  C:\Windows\System\NSMOxom.exe
  2⤵
  PID:4568
- C:\Windows\System\FrPqdpq.exe
  C:\Windows\System\FrPqdpq.exe
  2⤵
  PID:4592
- C:\Windows\System\fIPbuPe.exe
  C:\Windows\System\fIPbuPe.exe
  2⤵
  PID:4608
- C:\Windows\System\eSLBuxl.exe
  C:\Windows\System\eSLBuxl.exe
  2⤵
  PID:4624
- C:\Windows\System\PFrCpNG.exe
  C:\Windows\System\PFrCpNG.exe
  2⤵
  PID:4644
- C:\Windows\System\BSihuDm.exe
  C:\Windows\System\BSihuDm.exe
  2⤵
  PID:4660
- C:\Windows\System\zxTWfqg.exe
  C:\Windows\System\zxTWfqg.exe
  2⤵
  PID:4676
- C:\Windows\System\tzEimpx.exe
  C:\Windows\System\tzEimpx.exe
  2⤵
  PID:4692
- C:\Windows\System\NRogqpp.exe
  C:\Windows\System\NRogqpp.exe
  2⤵
  PID:4708
- C:\Windows\System\DYbKSpp.exe
  C:\Windows\System\DYbKSpp.exe
  2⤵
  PID:4724
- C:\Windows\System\CTtwLqd.exe
  C:\Windows\System\CTtwLqd.exe
  2⤵
  PID:4740
- C:\Windows\System\TZuWKGn.exe
  C:\Windows\System\TZuWKGn.exe
  2⤵
  PID:4764
- C:\Windows\System\wFzhuNx.exe
  C:\Windows\System\wFzhuNx.exe
  2⤵
  PID:4780
- C:\Windows\System\TlEYZzX.exe
  C:\Windows\System\TlEYZzX.exe
  2⤵
  PID:4796
- C:\Windows\System\TGnEvjn.exe
  C:\Windows\System\TGnEvjn.exe
  2⤵
  PID:4816
- C:\Windows\System\twBCZsz.exe
  C:\Windows\System\twBCZsz.exe
  2⤵
  PID:4872
- C:\Windows\System\jbRBWgs.exe
  C:\Windows\System\jbRBWgs.exe
  2⤵
  PID:4900
- C:\Windows\System\GODbpLZ.exe
  C:\Windows\System\GODbpLZ.exe
  2⤵
  PID:4968
- C:\Windows\System\KSWysEj.exe
  C:\Windows\System\KSWysEj.exe
  2⤵
  PID:4988
- C:\Windows\System\PbhNJrn.exe
  C:\Windows\System\PbhNJrn.exe
  2⤵
  PID:5004
- C:\Windows\System\ONEpyKd.exe
  C:\Windows\System\ONEpyKd.exe
  2⤵
  PID:5020
- C:\Windows\System\wZhkltz.exe
  C:\Windows\System\wZhkltz.exe
  2⤵
  PID:5060
- C:\Windows\System\Ohgjips.exe
  C:\Windows\System\Ohgjips.exe
  2⤵
  PID:5076
- C:\Windows\System\uVSCzkE.exe
  C:\Windows\System\uVSCzkE.exe
  2⤵
  PID:5096
- C:\Windows\System\IAVIqlA.exe
  C:\Windows\System\IAVIqlA.exe
  2⤵
  PID:5116
- C:\Windows\System\sJXcPRB.exe
  C:\Windows\System\sJXcPRB.exe
  2⤵
  PID:3184
- C:\Windows\System\qwFdafI.exe
  C:\Windows\System\qwFdafI.exe
  2⤵
  PID:3784
- C:\Windows\System\knJJtyY.exe
  C:\Windows\System\knJJtyY.exe
  2⤵
  PID:4108
- C:\Windows\System\rgIimny.exe
  C:\Windows\System\rgIimny.exe
  2⤵
  PID:3412
- C:\Windows\System\txTtSpP.exe
  C:\Windows\System\txTtSpP.exe
  2⤵
  PID:4184
- C:\Windows\System\AlnQpSv.exe
  C:\Windows\System\AlnQpSv.exe
  2⤵
  PID:4200
- C:\Windows\System\nxbrJrx.exe
  C:\Windows\System\nxbrJrx.exe
  2⤵
  PID:4260
- C:\Windows\System\FwspvCD.exe
  C:\Windows\System\FwspvCD.exe
  2⤵
  PID:4280
- C:\Windows\System\wylWOWH.exe
  C:\Windows\System\wylWOWH.exe
  2⤵
  PID:1672
- C:\Windows\System\mnkAuAX.exe
  C:\Windows\System\mnkAuAX.exe
  2⤵
  PID:4448
- C:\Windows\System\gcxLXFM.exe
  C:\Windows\System\gcxLXFM.exe
  2⤵
  PID:4428
- C:\Windows\System\TlZVmLd.exe
  C:\Windows\System\TlZVmLd.exe
  2⤵
  PID:4468
- C:\Windows\System\RrPIWBA.exe
  C:\Windows\System\RrPIWBA.exe
  2⤵
  PID:4536
- C:\Windows\System\aPaBNwn.exe
  C:\Windows\System\aPaBNwn.exe
  2⤵
  PID:4588
- C:\Windows\System\dtcaZBm.exe
  C:\Windows\System\dtcaZBm.exe
  2⤵
  PID:4512
- C:\Windows\System\ycRXtqf.exe
  C:\Windows\System\ycRXtqf.exe
  2⤵
  PID:4516
- C:\Windows\System\QwWOxLP.exe
  C:\Windows\System\QwWOxLP.exe
  2⤵
  PID:4564
- C:\Windows\System\LyLCnLn.exe
  C:\Windows\System\LyLCnLn.exe
  2⤵
  PID:4684
- C:\Windows\System\nxmuXtP.exe
  C:\Windows\System\nxmuXtP.exe
  2⤵
  PID:4704
- C:\Windows\System\OAKPlmU.exe
  C:\Windows\System\OAKPlmU.exe
  2⤵
  PID:4756
- C:\Windows\System\syRiMDX.exe
  C:\Windows\System\syRiMDX.exe
  2⤵
  PID:4792
- C:\Windows\System\RdEJRfJ.exe
  C:\Windows\System\RdEJRfJ.exe
  2⤵
  PID:4828
- C:\Windows\System\uUneBGr.exe
  C:\Windows\System\uUneBGr.exe
  2⤵
  PID:4836
- C:\Windows\System\yTgUuzX.exe
  C:\Windows\System\yTgUuzX.exe
  2⤵
  PID:1488
- C:\Windows\System\UAAvumi.exe
  C:\Windows\System\UAAvumi.exe
  2⤵
  PID:4848
- C:\Windows\System\TFlTaUh.exe
  C:\Windows\System\TFlTaUh.exe
  2⤵
  PID:4868
- C:\Windows\System\krljtDu.exe
  C:\Windows\System\krljtDu.exe
  2⤵
  PID:4884
- C:\Windows\System\ogLVxbg.exe
  C:\Windows\System\ogLVxbg.exe
  2⤵
  PID:4920
- C:\Windows\System\GNlhGhS.exe
  C:\Windows\System\GNlhGhS.exe
  2⤵
  PID:2760
- C:\Windows\System\GIxObdi.exe
  C:\Windows\System\GIxObdi.exe
  2⤵
  PID:2080
- C:\Windows\System\wVwBpxd.exe
  C:\Windows\System\wVwBpxd.exe
  2⤵
  PID:4912
- C:\Windows\System\rVBQMgb.exe
  C:\Windows\System\rVBQMgb.exe
  2⤵
  PID:4996
- C:\Windows\System\LhcFoeb.exe
  C:\Windows\System\LhcFoeb.exe
  2⤵
  PID:5012
- C:\Windows\System\awceaRy.exe
  C:\Windows\System\awceaRy.exe
  2⤵
  PID:2172
- C:\Windows\System\EYkxvxt.exe
  C:\Windows\System\EYkxvxt.exe
  2⤵
  PID:1172
- C:\Windows\System\leOZlSZ.exe
  C:\Windows\System\leOZlSZ.exe
  2⤵
  PID:5084
- C:\Windows\System\FQTYIRA.exe
  C:\Windows\System\FQTYIRA.exe
  2⤵
  PID:3840
- C:\Windows\System\YBeDRPd.exe
  C:\Windows\System\YBeDRPd.exe
  2⤵
  PID:5112
- C:\Windows\System\lNmzHAg.exe
  C:\Windows\System\lNmzHAg.exe
  2⤵
  PID:5104
- C:\Windows\System\tzmpgFL.exe
  C:\Windows\System\tzmpgFL.exe
  2⤵
  PID:4120
- C:\Windows\System\GIyoaFV.exe
  C:\Windows\System\GIyoaFV.exe
  2⤵
  PID:4196
- C:\Windows\System\tMLGjxQ.exe
  C:\Windows\System\tMLGjxQ.exe
  2⤵
  PID:4300
- C:\Windows\System\LoBAHPx.exe
  C:\Windows\System\LoBAHPx.exe
  2⤵
  PID:4380
- C:\Windows\System\NPglRRO.exe
  C:\Windows\System\NPglRRO.exe
  2⤵
  PID:4408
- C:\Windows\System\NCbwmsJ.exe
  C:\Windows\System\NCbwmsJ.exe
  2⤵
  PID:4432
- C:\Windows\System\aFsgBvW.exe
  C:\Windows\System\aFsgBvW.exe
  2⤵
  PID:4560
- C:\Windows\System\kiSbUXm.exe
  C:\Windows\System\kiSbUXm.exe
  2⤵
  PID:4604
- C:\Windows\System\NjkMMeT.exe
  C:\Windows\System\NjkMMeT.exe
  2⤵
  PID:4672
- C:\Windows\System\yEVhBvF.exe
  C:\Windows\System\yEVhBvF.exe
  2⤵
  PID:4720
- C:\Windows\System\YLZMgaZ.exe
  C:\Windows\System\YLZMgaZ.exe
  2⤵
  PID:4812
- C:\Windows\System\TqbBCnw.exe
  C:\Windows\System\TqbBCnw.exe
  2⤵
  PID:2568
- C:\Windows\System\qIqRavP.exe
  C:\Windows\System\qIqRavP.exe
  2⤵
  PID:4864
- C:\Windows\System\eHtnwZr.exe
  C:\Windows\System\eHtnwZr.exe
  2⤵
  PID:4916
- C:\Windows\System\hSmeFJc.exe
  C:\Windows\System\hSmeFJc.exe
  2⤵
  PID:4928
- C:\Windows\System\lGpeYgs.exe
  C:\Windows\System\lGpeYgs.exe
  2⤵
  PID:2052
- C:\Windows\System\mdEWYgz.exe
  C:\Windows\System\mdEWYgz.exe
  2⤵
  PID:5028
- C:\Windows\System\ngwXbZs.exe
  C:\Windows\System\ngwXbZs.exe
  2⤵
  PID:5036
- C:\Windows\System\BhRSmrd.exe
  C:\Windows\System\BhRSmrd.exe
  2⤵
  PID:5108
- C:\Windows\System\JVoqPEp.exe
  C:\Windows\System\JVoqPEp.exe
  2⤵
  PID:4220
- C:\Windows\System\ZvxIjef.exe
  C:\Windows\System\ZvxIjef.exe
  2⤵
  PID:4240
- C:\Windows\System\KdzufQH.exe
  C:\Windows\System\KdzufQH.exe
  2⤵
  PID:4504
- C:\Windows\System\KHXWfzL.exe
  C:\Windows\System\KHXWfzL.exe
  2⤵
  PID:3772
- C:\Windows\System\DitIIOz.exe
  C:\Windows\System\DitIIOz.exe
  2⤵
  PID:1236
- C:\Windows\System\ZpSSqFH.exe
  C:\Windows\System\ZpSSqFH.exe
  2⤵
  PID:4484
- C:\Windows\System\sTBXcbL.exe
  C:\Windows\System\sTBXcbL.exe
  2⤵
  PID:4552
- C:\Windows\System\dlibtaV.exe
  C:\Windows\System\dlibtaV.exe
  2⤵
  PID:4640
- C:\Windows\System\AfNpagF.exe
  C:\Windows\System\AfNpagF.exe
  2⤵
  PID:4752
- C:\Windows\System\WDnRsDH.exe
  C:\Windows\System\WDnRsDH.exe
  2⤵
  PID:1200
- C:\Windows\System\bwenJmd.exe
  C:\Windows\System\bwenJmd.exe
  2⤵
  PID:1612
- C:\Windows\System\ptsMCCy.exe
  C:\Windows\System\ptsMCCy.exe
  2⤵
  PID:4976
- C:\Windows\System\LdzOlXC.exe
  C:\Windows\System\LdzOlXC.exe
  2⤵
  PID:4936
- C:\Windows\System\hJLISMS.exe
  C:\Windows\System\hJLISMS.exe
  2⤵
  PID:2972
- C:\Windows\System\rSkjKqv.exe
  C:\Windows\System\rSkjKqv.exe
  2⤵
  PID:4528
- C:\Windows\System\DLVfDKQ.exe
  C:\Windows\System\DLVfDKQ.exe
  2⤵
  PID:4204
- C:\Windows\System\dnKsGlg.exe
  C:\Windows\System\dnKsGlg.exe
  2⤵
  PID:4620
- C:\Windows\System\ZjRqjIl.exe
  C:\Windows\System\ZjRqjIl.exe
  2⤵
  PID:4436
- C:\Windows\System\CVYOThr.exe
  C:\Windows\System\CVYOThr.exe
  2⤵
  PID:4600
- C:\Windows\System\WJoXypB.exe
  C:\Windows\System\WJoXypB.exe
  2⤵
  PID:4908
- C:\Windows\System\uuTyKrN.exe
  C:\Windows\System\uuTyKrN.exe
  2⤵
  PID:1896
- C:\Windows\System\yTsZhuV.exe
  C:\Windows\System\yTsZhuV.exe
  2⤵
  PID:5032
- C:\Windows\System\fAmbFur.exe
  C:\Windows\System\fAmbFur.exe
  2⤵
  PID:4068
- C:\Windows\System\GUGkNLP.exe
  C:\Windows\System\GUGkNLP.exe
  2⤵
  PID:1584
- C:\Windows\System\FegCvqH.exe
  C:\Windows\System\FegCvqH.exe
  2⤵
  PID:4776
- C:\Windows\System\jCeCNXC.exe
  C:\Windows\System\jCeCNXC.exe
  2⤵
  PID:3712
- C:\Windows\System\CHXNHdl.exe
  C:\Windows\System\CHXNHdl.exe
  2⤵
  PID:2256
- C:\Windows\System\PKpUXDN.exe
  C:\Windows\System\PKpUXDN.exe
  2⤵
  PID:5040
- C:\Windows\System\RzlfxIL.exe
  C:\Windows\System\RzlfxIL.exe
  2⤵
  PID:4888
- C:\Windows\System\wQlVAkt.exe
  C:\Windows\System\wQlVAkt.exe
  2⤵
  PID:5128
- C:\Windows\System\PZxWDsO.exe
  C:\Windows\System\PZxWDsO.exe
  2⤵
  PID:5152
- C:\Windows\System\sECrTXB.exe
  C:\Windows\System\sECrTXB.exe
  2⤵
  PID:5168
- C:\Windows\System\vuPyamg.exe
  C:\Windows\System\vuPyamg.exe
  2⤵
  PID:5184
- C:\Windows\System\HPXBflt.exe
  C:\Windows\System\HPXBflt.exe
  2⤵
  PID:5212
- C:\Windows\System\QmvBeTW.exe
  C:\Windows\System\QmvBeTW.exe
  2⤵
  PID:5228
- C:\Windows\System\hpAsqrr.exe
  C:\Windows\System\hpAsqrr.exe
  2⤵
  PID:5252
- C:\Windows\System\fZzesPN.exe
  C:\Windows\System\fZzesPN.exe
  2⤵
  PID:5268
- C:\Windows\System\QUVcyWi.exe
  C:\Windows\System\QUVcyWi.exe
  2⤵
  PID:5292
- C:\Windows\System\HDoleRY.exe
  C:\Windows\System\HDoleRY.exe
  2⤵
  PID:5308
- C:\Windows\System\PGcaiaT.exe
  C:\Windows\System\PGcaiaT.exe
  2⤵
  PID:5324
- C:\Windows\System\ffZxMbx.exe
  C:\Windows\System\ffZxMbx.exe
  2⤵
  PID:5344
- C:\Windows\System\BAVPZpY.exe
  C:\Windows\System\BAVPZpY.exe
  2⤵
  PID:5364
- C:\Windows\System\lSvquPp.exe
  C:\Windows\System\lSvquPp.exe
  2⤵
  PID:5388
- C:\Windows\System\FmigzUA.exe
  C:\Windows\System\FmigzUA.exe
  2⤵
  PID:5404
- C:\Windows\System\pVAEUeZ.exe
  C:\Windows\System\pVAEUeZ.exe
  2⤵
  PID:5424
- C:\Windows\System\UgDTPAd.exe
  C:\Windows\System\UgDTPAd.exe
  2⤵
  PID:5452
- C:\Windows\System\vrxXBgL.exe
  C:\Windows\System\vrxXBgL.exe
  2⤵
  PID:5468
- C:\Windows\System\VwWhHPa.exe
  C:\Windows\System\VwWhHPa.exe
  2⤵
  PID:5484
- C:\Windows\System\ecJbzeq.exe
  C:\Windows\System\ecJbzeq.exe
  2⤵
  PID:5504
- C:\Windows\System\SlCvLYy.exe
  C:\Windows\System\SlCvLYy.exe
  2⤵
  PID:5520
- C:\Windows\System\ryModzI.exe
  C:\Windows\System\ryModzI.exe
  2⤵
  PID:5556
- C:\Windows\System\kSnxxzq.exe
  C:\Windows\System\kSnxxzq.exe
  2⤵
  PID:5576
- C:\Windows\System\zlNDMIq.exe
  C:\Windows\System\zlNDMIq.exe
  2⤵
  PID:5592
- C:\Windows\System\BQKcxlV.exe
  C:\Windows\System\BQKcxlV.exe
  2⤵
  PID:5608
- C:\Windows\System\wlznywF.exe
  C:\Windows\System\wlznywF.exe
  2⤵
  PID:5636
- C:\Windows\System\UbHFgId.exe
  C:\Windows\System\UbHFgId.exe
  2⤵
  PID:5656
- C:\Windows\System\hKBZdUG.exe
  C:\Windows\System\hKBZdUG.exe
  2⤵
  PID:5672
- C:\Windows\System\dwHvtDP.exe
  C:\Windows\System\dwHvtDP.exe
  2⤵
  PID:5688
- C:\Windows\System\zAVlvEY.exe
  C:\Windows\System\zAVlvEY.exe
  2⤵
  PID:5704
- C:\Windows\System\XEZPEtE.exe
  C:\Windows\System\XEZPEtE.exe
  2⤵
  PID:5764
- C:\Windows\System\YCSUkww.exe
  C:\Windows\System\YCSUkww.exe
  2⤵
  PID:5780
- C:\Windows\System\nXGHqaX.exe
  C:\Windows\System\nXGHqaX.exe
  2⤵
  PID:5796
- C:\Windows\System\sTmBrDm.exe
  C:\Windows\System\sTmBrDm.exe
  2⤵
  PID:5812
- C:\Windows\System\lbkurmD.exe
  C:\Windows\System\lbkurmD.exe
  2⤵
  PID:5828
- C:\Windows\System\ZRBUOhX.exe
  C:\Windows\System\ZRBUOhX.exe
  2⤵
  PID:5844
- C:\Windows\System\MHzNmCP.exe
  C:\Windows\System\MHzNmCP.exe
  2⤵
  PID:5860
- C:\Windows\System\hsUDolD.exe
  C:\Windows\System\hsUDolD.exe
  2⤵
  PID:5904
- C:\Windows\System\GaLrpMp.exe
  C:\Windows\System\GaLrpMp.exe
  2⤵
  PID:5924
- C:\Windows\System\EgCgKQs.exe
  C:\Windows\System\EgCgKQs.exe
  2⤵
  PID:5940
- C:\Windows\System\raRYmdu.exe
  C:\Windows\System\raRYmdu.exe
  2⤵
  PID:5960
- C:\Windows\System\XiEkrQv.exe
  C:\Windows\System\XiEkrQv.exe
  2⤵
  PID:5980
- C:\Windows\System\LQhJXun.exe
  C:\Windows\System\LQhJXun.exe
  2⤵
  PID:6000
- C:\Windows\System\eyYWiHv.exe
  C:\Windows\System\eyYWiHv.exe
  2⤵
  PID:6020
- C:\Windows\System\kwSyWuj.exe
  C:\Windows\System\kwSyWuj.exe
  2⤵
  PID:6036
- C:\Windows\System\TCXUzNU.exe
  C:\Windows\System\TCXUzNU.exe
  2⤵
  PID:6056
- C:\Windows\System\JzSSdUp.exe
  C:\Windows\System\JzSSdUp.exe
  2⤵
  PID:6088
- C:\Windows\System\DpYorrL.exe
  C:\Windows\System\DpYorrL.exe
  2⤵
  PID:6104
- C:\Windows\System\agpaFnC.exe
  C:\Windows\System\agpaFnC.exe
  2⤵
  PID:6128
- C:\Windows\System\iPbaYMW.exe
  C:\Windows\System\iPbaYMW.exe
  2⤵
  PID:4788
- C:\Windows\System\maparkA.exe
  C:\Windows\System\maparkA.exe
  2⤵
  PID:5016
- C:\Windows\System\pqatMjy.exe
  C:\Windows\System\pqatMjy.exe
  2⤵
  PID:2284
- C:\Windows\System\KClchRs.exe
  C:\Windows\System\KClchRs.exe
  2⤵
  PID:5144
- C:\Windows\System\xGToIee.exe
  C:\Windows\System\xGToIee.exe
  2⤵
  PID:5180
- C:\Windows\System\CJiTEBP.exe
  C:\Windows\System\CJiTEBP.exe
  2⤵
  PID:5236
- C:\Windows\System\LUOxFPa.exe
  C:\Windows\System\LUOxFPa.exe
  2⤵
  PID:5264
- C:\Windows\System\XaeXpHT.exe
  C:\Windows\System\XaeXpHT.exe
  2⤵
  PID:5288
- C:\Windows\System\pqvmjBu.exe
  C:\Windows\System\pqvmjBu.exe
  2⤵
  PID:5316
- C:\Windows\System\bhgiUTE.exe
  C:\Windows\System\bhgiUTE.exe
  2⤵
  PID:5360
- C:\Windows\System\OJYeKUv.exe
  C:\Windows\System\OJYeKUv.exe
  2⤵
  PID:5444
- C:\Windows\System\zxfkWTo.exe
  C:\Windows\System\zxfkWTo.exe
  2⤵
  PID:5416
- C:\Windows\System\mczHOlk.exe
  C:\Windows\System\mczHOlk.exe
  2⤵
  PID:5476
- C:\Windows\System\cBPCoZM.exe
  C:\Windows\System\cBPCoZM.exe
  2⤵
  PID:5496
- C:\Windows\System\sPouOln.exe
  C:\Windows\System\sPouOln.exe
  2⤵
  PID:5464
- C:\Windows\System\Xlsblnb.exe
  C:\Windows\System\Xlsblnb.exe
  2⤵
  PID:5548
- C:\Windows\System\BiUoNOp.exe
  C:\Windows\System\BiUoNOp.exe
  2⤵
  PID:5584
- C:\Windows\System\ESSfgYi.exe
  C:\Windows\System\ESSfgYi.exe
  2⤵
  PID:5632
- C:\Windows\System\kQXOCGa.exe
  C:\Windows\System\kQXOCGa.exe
  2⤵
  PID:5684
- C:\Windows\System\ljnPKBg.exe
  C:\Windows\System\ljnPKBg.exe
  2⤵
  PID:5720
- C:\Windows\System\QXntRWL.exe
  C:\Windows\System\QXntRWL.exe
  2⤵
  PID:5732
- C:\Windows\System\nXgAzMm.exe
  C:\Windows\System\nXgAzMm.exe
  2⤵
  PID:5744
- C:\Windows\System\NJsdJks.exe
  C:\Windows\System\NJsdJks.exe
  2⤵
  PID:5776
- C:\Windows\System\zLIkzeS.exe
  C:\Windows\System\zLIkzeS.exe
  2⤵
  PID:5804
- C:\Windows\System\WOJvJHP.exe
  C:\Windows\System\WOJvJHP.exe
  2⤵
  PID:5868
- C:\Windows\System\lTrTXpQ.exe
  C:\Windows\System\lTrTXpQ.exe
  2⤵
  PID:5896
- C:\Windows\System\cixWQeB.exe
  C:\Windows\System\cixWQeB.exe
  2⤵
  PID:5872
- C:\Windows\System\STtanoJ.exe
  C:\Windows\System\STtanoJ.exe
  2⤵
  PID:5952
- C:\Windows\System\sjJnQay.exe
  C:\Windows\System\sjJnQay.exe
  2⤵
  PID:5992
- C:\Windows\System\eQaLjYp.exe
  C:\Windows\System\eQaLjYp.exe
  2⤵
  PID:6032
- C:\Windows\System\tOAaWqZ.exe
  C:\Windows\System\tOAaWqZ.exe
  2⤵
  PID:5972
- C:\Windows\System\wnaFmfv.exe
  C:\Windows\System\wnaFmfv.exe
  2⤵
  PID:6052
- C:\Windows\System\LOklGmM.exe
  C:\Windows\System\LOklGmM.exe
  2⤵
  PID:6096
- C:\Windows\System\TafIDiB.exe
  C:\Windows\System\TafIDiB.exe
  2⤵
  PID:4772
- C:\Windows\System\ycszvTE.exe
  C:\Windows\System\ycszvTE.exe
  2⤵
  PID:5996
- C:\Windows\System\QJNeGzY.exe
  C:\Windows\System\QJNeGzY.exe
  2⤵
  PID:5208
- C:\Windows\System\CYHgouw.exe
  C:\Windows\System\CYHgouw.exe
  2⤵
  PID:5224
- C:\Windows\System\yZKUmzQ.exe
  C:\Windows\System\yZKUmzQ.exe
  2⤵
  PID:5276
- C:\Windows\System\NCtUlcl.exe
  C:\Windows\System\NCtUlcl.exe
  2⤵
  PID:5356
- C:\Windows\System\UUjADFz.exe
  C:\Windows\System\UUjADFz.exe
  2⤵
  PID:5376
- C:\Windows\System\SYqjtJv.exe
  C:\Windows\System\SYqjtJv.exe
  2⤵
  PID:5516
- C:\Windows\System\yCYNYvS.exe
  C:\Windows\System\yCYNYvS.exe
  2⤵
  PID:5436
- C:\Windows\System\cofFxnB.exe
  C:\Windows\System\cofFxnB.exe
  2⤵
  PID:5448
- C:\Windows\System\jOkIBvl.exe
  C:\Windows\System\jOkIBvl.exe
  2⤵
  PID:5568
- C:\Windows\System\eIbgSlV.exe
  C:\Windows\System\eIbgSlV.exe
  2⤵
  PID:5648
- C:\Windows\System\AMuqadC.exe
  C:\Windows\System\AMuqadC.exe
  2⤵
  PID:5700
- C:\Windows\System\nSIwaTf.exe
  C:\Windows\System\nSIwaTf.exe
  2⤵
  PID:5772
- C:\Windows\System\xrfUrRE.exe
  C:\Windows\System\xrfUrRE.exe
  2⤵
  PID:5820
- C:\Windows\System\ITBqcce.exe
  C:\Windows\System\ITBqcce.exe
  2⤵
  PID:5892
- C:\Windows\System\PtdegjO.exe
  C:\Windows\System\PtdegjO.exe
  2⤵
  PID:5900
- C:\Windows\System\jNllEkm.exe
  C:\Windows\System\jNllEkm.exe
  2⤵
  PID:6028
- C:\Windows\System\moqYLwi.exe
  C:\Windows\System\moqYLwi.exe
  2⤵
  PID:6016
- C:\Windows\System\WTclBjA.exe
  C:\Windows\System\WTclBjA.exe
  2⤵
  PID:6080
- C:\Windows\System\mffSgFZ.exe
  C:\Windows\System\mffSgFZ.exe
  2⤵
  PID:6136
- C:\Windows\System\wvSWGhp.exe
  C:\Windows\System\wvSWGhp.exe
  2⤵
  PID:5192
- C:\Windows\System\ruLWBDK.exe
  C:\Windows\System\ruLWBDK.exe
  2⤵
  PID:5260
- C:\Windows\System\uBHLXwd.exe
  C:\Windows\System\uBHLXwd.exe
  2⤵
  PID:5400
- C:\Windows\System\KPaAhnF.exe
  C:\Windows\System\KPaAhnF.exe
  2⤵
  PID:5572
- C:\Windows\System\yHFeuHq.exe
  C:\Windows\System\yHFeuHq.exe
  2⤵
  PID:5564
- C:\Windows\System\CeyBHwx.exe
  C:\Windows\System\CeyBHwx.exe
  2⤵
  PID:5644
- C:\Windows\System\wramQYb.exe
  C:\Windows\System\wramQYb.exe
  2⤵
  PID:5696
- C:\Windows\System\ChdXyeJ.exe
  C:\Windows\System\ChdXyeJ.exe
  2⤵
  PID:5856
- C:\Windows\System\vXyHCRC.exe
  C:\Windows\System\vXyHCRC.exe
  2⤵
  PID:5920
- C:\Windows\System\toxcbIf.exe
  C:\Windows\System\toxcbIf.exe
  2⤵
  PID:6044
- C:\Windows\System\wdfnsSk.exe
  C:\Windows\System\wdfnsSk.exe
  2⤵
  PID:6116
- C:\Windows\System\yIcdjdW.exe
  C:\Windows\System\yIcdjdW.exe
  2⤵
  PID:5956
- C:\Windows\System\OjkLCKI.exe
  C:\Windows\System\OjkLCKI.exe
  2⤵
  PID:5244
- C:\Windows\System\LqiVVZt.exe
  C:\Windows\System\LqiVVZt.exe
  2⤵
  PID:5600
- C:\Windows\System\FqmZlEe.exe
  C:\Windows\System\FqmZlEe.exe
  2⤵
  PID:5352
- C:\Windows\System\ieNAFJf.exe
  C:\Windows\System\ieNAFJf.exe
  2⤵
  PID:5788
- C:\Windows\System\XYOSFzS.exe
  C:\Windows\System\XYOSFzS.exe
  2⤵
  PID:5932
- C:\Windows\System\rLuRwNi.exe
  C:\Windows\System\rLuRwNi.exe
  2⤵
  PID:5976
- C:\Windows\System\XhAHrbj.exe
  C:\Windows\System\XhAHrbj.exe
  2⤵
  PID:3944
- C:\Windows\System\FRUtGwN.exe
  C:\Windows\System\FRUtGwN.exe
  2⤵
  PID:4808
- C:\Windows\System\ckDdZgk.exe
  C:\Windows\System\ckDdZgk.exe
  2⤵
  PID:5664
- C:\Windows\System\jBwzpCQ.exe
  C:\Windows\System\jBwzpCQ.exe
  2⤵
  PID:5880
- C:\Windows\System\gQmmQOv.exe
  C:\Windows\System\gQmmQOv.exe
  2⤵
  PID:6012
- C:\Windows\System\KkFuOiC.exe
  C:\Windows\System\KkFuOiC.exe
  2⤵
  PID:5440
- C:\Windows\System\jEMbAxk.exe
  C:\Windows\System\jEMbAxk.exe
  2⤵
  PID:6156
- C:\Windows\System\hhmYnaO.exe
  C:\Windows\System\hhmYnaO.exe
  2⤵
  PID:6176
- C:\Windows\System\nIffRqT.exe
  C:\Windows\System\nIffRqT.exe
  2⤵
  PID:6200
- C:\Windows\System\oPJgdVQ.exe
  C:\Windows\System\oPJgdVQ.exe
  2⤵
  PID:6228
- C:\Windows\System\iBuBmHt.exe
  C:\Windows\System\iBuBmHt.exe
  2⤵
  PID:6244
- C:\Windows\System\vBQLDRi.exe
  C:\Windows\System\vBQLDRi.exe
  2⤵
  PID:6264
- C:\Windows\System\WTWJkSA.exe
  C:\Windows\System\WTWJkSA.exe
  2⤵
  PID:6280
- C:\Windows\System\EicGtEH.exe
  C:\Windows\System\EicGtEH.exe
  2⤵
  PID:6300
- C:\Windows\System\IHpaUpW.exe
  C:\Windows\System\IHpaUpW.exe
  2⤵
  PID:6320
- C:\Windows\System\wYVpACK.exe
  C:\Windows\System\wYVpACK.exe
  2⤵
  PID:6344
- C:\Windows\System\xrOAOtN.exe
  C:\Windows\System\xrOAOtN.exe
  2⤵
  PID:6364
- C:\Windows\System\xvUHztj.exe
  C:\Windows\System\xvUHztj.exe
  2⤵
  PID:6384
- C:\Windows\System\ubsbsje.exe
  C:\Windows\System\ubsbsje.exe
  2⤵
  PID:6404
- C:\Windows\System\dcORuCk.exe
  C:\Windows\System\dcORuCk.exe
  2⤵
  PID:6428
- C:\Windows\System\kYGVlPo.exe
  C:\Windows\System\kYGVlPo.exe
  2⤵
  PID:6444
- C:\Windows\System\KHfxlvB.exe
  C:\Windows\System\KHfxlvB.exe
  2⤵
  PID:6468
- C:\Windows\System\sULnaar.exe
  C:\Windows\System\sULnaar.exe
  2⤵
  PID:6484
- C:\Windows\System\uWjzwoC.exe
  C:\Windows\System\uWjzwoC.exe
  2⤵
  PID:6528
- C:\Windows\System\zvUVdnH.exe
  C:\Windows\System\zvUVdnH.exe
  2⤵
  PID:6548
- C:\Windows\System\WQvHnDF.exe
  C:\Windows\System\WQvHnDF.exe
  2⤵
  PID:6568
- C:\Windows\System\wLWyXMG.exe
  C:\Windows\System\wLWyXMG.exe
  2⤵
  PID:6588
- C:\Windows\System\NKQoSdZ.exe
  C:\Windows\System\NKQoSdZ.exe
  2⤵
  PID:6604
- C:\Windows\System\Pqoczft.exe
  C:\Windows\System\Pqoczft.exe
  2⤵
  PID:6624
- C:\Windows\System\HQttRCB.exe
  C:\Windows\System\HQttRCB.exe
  2⤵
  PID:6644
- C:\Windows\System\zVdUwDa.exe
  C:\Windows\System\zVdUwDa.exe
  2⤵
  PID:6668
- C:\Windows\System\AEjkkhT.exe
  C:\Windows\System\AEjkkhT.exe
  2⤵
  PID:6688
- C:\Windows\System\kzBdpIT.exe
  C:\Windows\System\kzBdpIT.exe
  2⤵
  PID:6704
- C:\Windows\System\dcsKUDX.exe
  C:\Windows\System\dcsKUDX.exe
  2⤵
  PID:6728
- C:\Windows\System\RvvAYbw.exe
  C:\Windows\System\RvvAYbw.exe
  2⤵
  PID:6752
- C:\Windows\System\IhxqiaD.exe
  C:\Windows\System\IhxqiaD.exe
  2⤵
  PID:6768
- C:\Windows\System\LbvykGT.exe
  C:\Windows\System\LbvykGT.exe
  2⤵
  PID:6784
- C:\Windows\System\JoXDdMX.exe
  C:\Windows\System\JoXDdMX.exe
  2⤵
  PID:6800
- C:\Windows\System\dHayFUU.exe
  C:\Windows\System\dHayFUU.exe
  2⤵
  PID:6828
- C:\Windows\System\xuWeghB.exe
  C:\Windows\System\xuWeghB.exe
  2⤵
  PID:6852
- C:\Windows\System\YskIzIU.exe
  C:\Windows\System\YskIzIU.exe
  2⤵
  PID:6868
- C:\Windows\System\fdNjoRi.exe
  C:\Windows\System\fdNjoRi.exe
  2⤵
  PID:6892
- C:\Windows\System\KoLzVLt.exe
  C:\Windows\System\KoLzVLt.exe
  2⤵
  PID:6908
- C:\Windows\System\seyVRVv.exe
  C:\Windows\System\seyVRVv.exe
  2⤵
  PID:6932
- C:\Windows\System\gwmTBCa.exe
  C:\Windows\System\gwmTBCa.exe
  2⤵
  PID:6948
- C:\Windows\System\twfIWow.exe
  C:\Windows\System\twfIWow.exe
  2⤵
  PID:6968
- C:\Windows\System\wQEuIJT.exe
  C:\Windows\System\wQEuIJT.exe
  2⤵
  PID:6984
- C:\Windows\System\JVHQEaO.exe
  C:\Windows\System\JVHQEaO.exe
  2⤵
  PID:7012
- C:\Windows\System\leGdJbn.exe
  C:\Windows\System\leGdJbn.exe
  2⤵
  PID:7028
- C:\Windows\System\alrabCD.exe
  C:\Windows\System\alrabCD.exe
  2⤵
  PID:7044
- C:\Windows\System\LANveQB.exe
  C:\Windows\System\LANveQB.exe
  2⤵
  PID:7064
- C:\Windows\System\fRjqJSC.exe
  C:\Windows\System\fRjqJSC.exe
  2⤵
  PID:7080
- C:\Windows\System\zbMAlBT.exe
  C:\Windows\System\zbMAlBT.exe
  2⤵
  PID:7108
- C:\Windows\System\GkYJgyt.exe
  C:\Windows\System\GkYJgyt.exe
  2⤵
  PID:7132
- C:\Windows\System\qRIJrfk.exe
  C:\Windows\System\qRIJrfk.exe
  2⤵
  PID:7148
- C:\Windows\System\ZakXNdo.exe
  C:\Windows\System\ZakXNdo.exe
  2⤵
  PID:5620
- C:\Windows\System\FscWxyo.exe
  C:\Windows\System\FscWxyo.exe
  2⤵
  PID:6164
- C:\Windows\System\cellKas.exe
  C:\Windows\System\cellKas.exe
  2⤵
  PID:5756
- C:\Windows\System\AsNRHiK.exe
  C:\Windows\System\AsNRHiK.exe
  2⤵
  PID:6148
- C:\Windows\System\snwfapV.exe
  C:\Windows\System\snwfapV.exe
  2⤵
  PID:6192
- C:\Windows\System\alSnSLP.exe
  C:\Windows\System\alSnSLP.exe
  2⤵
  PID:6216
- C:\Windows\System\xDREmzJ.exe
  C:\Windows\System\xDREmzJ.exe
  2⤵
  PID:6240
- C:\Windows\System\HsqcDxA.exe
  C:\Windows\System\HsqcDxA.exe
  2⤵
  PID:6308
- C:\Windows\System\ckqfSFd.exe
  C:\Windows\System\ckqfSFd.exe
  2⤵
  PID:6336
- C:\Windows\System\ImSyQMj.exe
  C:\Windows\System\ImSyQMj.exe
  2⤵
  PID:6356
- C:\Windows\System\llTInfm.exe
  C:\Windows\System\llTInfm.exe
  2⤵
  PID:6412
- C:\Windows\System\DZMxwQJ.exe
  C:\Windows\System\DZMxwQJ.exe
  2⤵
  PID:6440
- C:\Windows\System\yKqltVq.exe
  C:\Windows\System\yKqltVq.exe
  2⤵
  PID:6460
- C:\Windows\System\vvoBiAD.exe
  C:\Windows\System\vvoBiAD.exe
  2⤵
  PID:6504
- C:\Windows\System\zlxAezO.exe
  C:\Windows\System\zlxAezO.exe
  2⤵
  PID:6520
- C:\Windows\System\FCUOhQd.exe
  C:\Windows\System\FCUOhQd.exe
  2⤵
  PID:6544
- C:\Windows\System\nULuETl.exe
  C:\Windows\System\nULuETl.exe
  2⤵
  PID:6576
- C:\Windows\System\RUGtvVb.exe
  C:\Windows\System\RUGtvVb.exe
  2⤵
  PID:4144
- C:\Windows\System\fnWktHq.exe
  C:\Windows\System\fnWktHq.exe
  2⤵
  PID:6612
- C:\Windows\System\yxTpJRV.exe
  C:\Windows\System\yxTpJRV.exe
  2⤵
  PID:6620
- C:\Windows\System\lXKpaEz.exe
  C:\Windows\System\lXKpaEz.exe
  2⤵
  PID:6680
- C:\Windows\System\pSUdCEe.exe
  C:\Windows\System\pSUdCEe.exe
  2⤵
  PID:6716
- C:\Windows\System\JilvFTb.exe
  C:\Windows\System\JilvFTb.exe
  2⤵
  PID:6744
- C:\Windows\System\FSrasMm.exe
  C:\Windows\System\FSrasMm.exe
  2⤵
  PID:6824
- C:\Windows\System\mpZtlcS.exe
  C:\Windows\System\mpZtlcS.exe
  2⤵
  PID:6844
- C:\Windows\System\TQcrdpi.exe
  C:\Windows\System\TQcrdpi.exe
  2⤵
  PID:6880
- C:\Windows\System\GfPMeWm.exe
  C:\Windows\System\GfPMeWm.exe
  2⤵
  PID:6916
- C:\Windows\System\yvVoERk.exe
  C:\Windows\System\yvVoERk.exe
  2⤵
  PID:6904
- C:\Windows\System\hNPtHnT.exe
  C:\Windows\System\hNPtHnT.exe
  2⤵
  PID:6956
- C:\Windows\System\tAqnWoO.exe
  C:\Windows\System\tAqnWoO.exe
  2⤵
  PID:7004
- C:\Windows\System\SrwwAxA.exe
  C:\Windows\System\SrwwAxA.exe
  2⤵
  PID:7036
- C:\Windows\System\gTcWYGw.exe
  C:\Windows\System\gTcWYGw.exe
  2⤵
  PID:7096
- C:\Windows\System\BHkyeCl.exe
  C:\Windows\System\BHkyeCl.exe
  2⤵
  PID:7052
- C:\Windows\System\PtdENXs.exe
  C:\Windows\System\PtdENXs.exe
  2⤵
  PID:7124
- C:\Windows\System\PNKXydd.exe
  C:\Windows\System\PNKXydd.exe
  2⤵
  PID:5332
- C:\Windows\System\fBeqnTx.exe
  C:\Windows\System\fBeqnTx.exe
  2⤵
  PID:6172
- C:\Windows\System\hDIQcRE.exe
  C:\Windows\System\hDIQcRE.exe
  2⤵
  PID:6212
- C:\Windows\System\ijIUJFy.exe
  C:\Windows\System\ijIUJFy.exe
  2⤵
  PID:6272
- C:\Windows\System\QUhkxAB.exe
  C:\Windows\System\QUhkxAB.exe
  2⤵
  PID:6332
- C:\Windows\System\NEeGRFt.exe
  C:\Windows\System\NEeGRFt.exe
  2⤵
  PID:1396
- C:\Windows\System\eaKpsHD.exe
  C:\Windows\System\eaKpsHD.exe
  2⤵
  PID:6392
- C:\Windows\System\FwFdvCv.exe
  C:\Windows\System\FwFdvCv.exe
  2⤵
  PID:6508
- C:\Windows\System\mNyWgky.exe
  C:\Windows\System\mNyWgky.exe
  2⤵
  PID:6424
- C:\Windows\System\LkygqHE.exe
  C:\Windows\System\LkygqHE.exe
  2⤵
  PID:6664
- C:\Windows\System\CUfrhHX.exe
  C:\Windows\System\CUfrhHX.exe
  2⤵
  PID:6776
- C:\Windows\System\haKtiFZ.exe
  C:\Windows\System\haKtiFZ.exe
  2⤵
  PID:6476
- C:\Windows\System\CFkONWy.exe
  C:\Windows\System\CFkONWy.exe
  2⤵
  PID:6820
- C:\Windows\System\vSkDbVD.exe
  C:\Windows\System\vSkDbVD.exe
  2⤵
  PID:6696
- C:\Windows\System\vtsXZbv.exe
  C:\Windows\System\vtsXZbv.exe
  2⤵
  PID:6840
- C:\Windows\System\PqMBYTW.exe
  C:\Windows\System\PqMBYTW.exe
  2⤵
  PID:6864
- C:\Windows\System\AVzvgIz.exe
  C:\Windows\System\AVzvgIz.exe
  2⤵
  PID:6888
- C:\Windows\System\DNsVWQl.exe
  C:\Windows\System\DNsVWQl.exe
  2⤵
  PID:6940
- C:\Windows\System\dNaIgeP.exe
  C:\Windows\System\dNaIgeP.exe
  2⤵
  PID:6960
- C:\Windows\System\QdXJRGc.exe
  C:\Windows\System\QdXJRGc.exe
  2⤵
  PID:7104
- C:\Windows\System\oXpfNne.exe
  C:\Windows\System\oXpfNne.exe
  2⤵
  PID:7120
- C:\Windows\System\otGprUk.exe
  C:\Windows\System\otGprUk.exe
  2⤵
  PID:7116
- C:\Windows\System\ErmWOqz.exe
  C:\Windows\System\ErmWOqz.exe
  2⤵
  PID:1792
- C:\Windows\System\vQTRoti.exe
  C:\Windows\System\vQTRoti.exe
  2⤵
  PID:5372
- C:\Windows\System\JtlZAhe.exe
  C:\Windows\System\JtlZAhe.exe
  2⤵
  PID:6296
- C:\Windows\System\WgfkWiZ.exe
  C:\Windows\System\WgfkWiZ.exe
  2⤵
  PID:6512
- C:\Windows\System\VFMRMjq.exe
  C:\Windows\System\VFMRMjq.exe
  2⤵
  PID:6456
- C:\Windows\System\zKpyanQ.exe
  C:\Windows\System\zKpyanQ.exe
  2⤵
  PID:6640
- C:\Windows\System\yVDWIKj.exe
  C:\Windows\System\yVDWIKj.exe
  2⤵
  PID:6600
- C:\Windows\System\FRvZWXI.exe
  C:\Windows\System\FRvZWXI.exe
  2⤵
  PID:6660
- C:\Windows\System\sXKdfMa.exe
  C:\Windows\System\sXKdfMa.exe
  2⤵
  PID:6860
- C:\Windows\System\TphvseX.exe
  C:\Windows\System\TphvseX.exe
  2⤵
  PID:7020
- C:\Windows\System\wCJklQi.exe
  C:\Windows\System\wCJklQi.exe
  2⤵
  PID:6980
- C:\Windows\System\lLdmhfe.exe
  C:\Windows\System\lLdmhfe.exe
  2⤵
  PID:7160
- C:\Windows\System\AKGghrs.exe
  C:\Windows\System\AKGghrs.exe
  2⤵
  PID:6188
- C:\Windows\System\uDWOmDx.exe
  C:\Windows\System\uDWOmDx.exe
  2⤵
  PID:6316
- C:\Windows\System\EnaWKwG.exe
  C:\Windows\System\EnaWKwG.exe
  2⤵
  PID:6500
- C:\Windows\System\SWodPDd.exe
  C:\Windows\System\SWodPDd.exe
  2⤵
  PID:6812
- C:\Windows\System\egHxRhK.exe
  C:\Windows\System\egHxRhK.exe
  2⤵
  PID:6208
- C:\Windows\System\VLYrTwm.exe
  C:\Windows\System\VLYrTwm.exe
  2⤵
  PID:7092
- C:\Windows\System\nHxuJjN.exe
  C:\Windows\System\nHxuJjN.exe
  2⤵
  PID:5140
- C:\Windows\System\tWplCFP.exe
  C:\Windows\System\tWplCFP.exe
  2⤵
  PID:6884
- C:\Windows\System\NYdRzqs.exe
  C:\Windows\System\NYdRzqs.exe
  2⤵
  PID:6480
- C:\Windows\System\MZpcYcQ.exe
  C:\Windows\System\MZpcYcQ.exe
  2⤵
  PID:6652
- C:\Windows\System\zbYwTqd.exe
  C:\Windows\System\zbYwTqd.exe
  2⤵
  PID:7024
- C:\Windows\System\ndVsznQ.exe
  C:\Windows\System\ndVsznQ.exe
  2⤵
  PID:6816
- C:\Windows\System\kmeTgNh.exe
  C:\Windows\System\kmeTgNh.exe
  2⤵
  PID:5616
- C:\Windows\System\axDoWoR.exe
  C:\Windows\System\axDoWoR.exe
  2⤵
  PID:6396
- C:\Windows\System\PnRUdXZ.exe
  C:\Windows\System\PnRUdXZ.exe
  2⤵
  PID:6540
- C:\Windows\System\ogYhIcd.exe
  C:\Windows\System\ogYhIcd.exe
  2⤵
  PID:6292
- C:\Windows\System\WLQdPqG.exe
  C:\Windows\System\WLQdPqG.exe
  2⤵
  PID:6944
- C:\Windows\System\qMUlgjB.exe
  C:\Windows\System\qMUlgjB.exe
  2⤵
  PID:6900
- C:\Windows\System\innZTJS.exe
  C:\Windows\System\innZTJS.exe
  2⤵
  PID:7000
- C:\Windows\System\LCxjuHU.exe
  C:\Windows\System\LCxjuHU.exe
  2⤵
  PID:7180
- C:\Windows\System\GgHRduw.exe
  C:\Windows\System\GgHRduw.exe
  2⤵
  PID:7204
- C:\Windows\System\tjybJZR.exe
  C:\Windows\System\tjybJZR.exe
  2⤵
  PID:7220
- C:\Windows\System\FVxNxYR.exe
  C:\Windows\System\FVxNxYR.exe
  2⤵
  PID:7236
- C:\Windows\System\ojFNbbu.exe
  C:\Windows\System\ojFNbbu.exe
  2⤵
  PID:7260
- C:\Windows\System\EEYPJUP.exe
  C:\Windows\System\EEYPJUP.exe
  2⤵
  PID:7284
- C:\Windows\System\NWMtTHZ.exe
  C:\Windows\System\NWMtTHZ.exe
  2⤵
  PID:7300
- C:\Windows\System\tcimUKi.exe
  C:\Windows\System\tcimUKi.exe
  2⤵
  PID:7328
- C:\Windows\System\ecpfEAc.exe
  C:\Windows\System\ecpfEAc.exe
  2⤵
  PID:7348
- C:\Windows\System\aYDlHxS.exe
  C:\Windows\System\aYDlHxS.exe
  2⤵
  PID:7368
- C:\Windows\System\yEqUerk.exe
  C:\Windows\System\yEqUerk.exe
  2⤵
  PID:7384
- C:\Windows\System\ZdPOlwu.exe
  C:\Windows\System\ZdPOlwu.exe
  2⤵
  PID:7408
- C:\Windows\System\VCVeRyw.exe
  C:\Windows\System\VCVeRyw.exe
  2⤵
  PID:7428
- C:\Windows\System\dKplYle.exe
  C:\Windows\System\dKplYle.exe
  2⤵
  PID:7448
- C:\Windows\System\OHnMfcT.exe
  C:\Windows\System\OHnMfcT.exe
  2⤵
  PID:7464
- C:\Windows\System\taCdDpM.exe
  C:\Windows\System\taCdDpM.exe
  2⤵
  PID:7488
- C:\Windows\System\TorKjfn.exe
  C:\Windows\System\TorKjfn.exe
  2⤵
  PID:7508
- C:\Windows\System\VTbJYSv.exe
  C:\Windows\System\VTbJYSv.exe
  2⤵
  PID:7524
- C:\Windows\System\iqyUbEE.exe
  C:\Windows\System\iqyUbEE.exe
  2⤵
  PID:7544
- C:\Windows\System\IBLvfCQ.exe
  C:\Windows\System\IBLvfCQ.exe
  2⤵
  PID:7560
- C:\Windows\System\HcAcAGg.exe
  C:\Windows\System\HcAcAGg.exe
  2⤵
  PID:7588
- C:\Windows\System\uBCaOoh.exe
  C:\Windows\System\uBCaOoh.exe
  2⤵
  PID:7604
- C:\Windows\System\IHIkYFw.exe
  C:\Windows\System\IHIkYFw.exe
  2⤵
  PID:7624
- C:\Windows\System\yQSzznB.exe
  C:\Windows\System\yQSzznB.exe
  2⤵
  PID:7640
- C:\Windows\System\Ziwlxhu.exe
  C:\Windows\System\Ziwlxhu.exe
  2⤵
  PID:7660
- C:\Windows\System\aWFVxth.exe
  C:\Windows\System\aWFVxth.exe
  2⤵
  PID:7688
- C:\Windows\System\KtBYKNN.exe
  C:\Windows\System\KtBYKNN.exe
  2⤵
  PID:7704
- C:\Windows\System\TwoQcwc.exe
  C:\Windows\System\TwoQcwc.exe
  2⤵
  PID:7728
- C:\Windows\System\eWbmTeK.exe
  C:\Windows\System\eWbmTeK.exe
  2⤵
  PID:7748
- C:\Windows\System\iVCBGNy.exe
  C:\Windows\System\iVCBGNy.exe
  2⤵
  PID:7764
- C:\Windows\System\SgeMdff.exe
  C:\Windows\System\SgeMdff.exe
  2⤵
  PID:7784
- C:\Windows\System\XzrhNtC.exe
  C:\Windows\System\XzrhNtC.exe
  2⤵
  PID:7808
- C:\Windows\System\nAkBLGE.exe
  C:\Windows\System\nAkBLGE.exe
  2⤵
  PID:7824
- C:\Windows\System\BQwRoQZ.exe
  C:\Windows\System\BQwRoQZ.exe
  2⤵
  PID:7844
- C:\Windows\System\FsbXpOZ.exe
  C:\Windows\System\FsbXpOZ.exe
  2⤵
  PID:7868
- C:\Windows\System\QpfcBqS.exe
  C:\Windows\System\QpfcBqS.exe
  2⤵
  PID:7888
- C:\Windows\System\inNaZBG.exe
  C:\Windows\System\inNaZBG.exe
  2⤵
  PID:7908
- C:\Windows\System\RKinCuw.exe
  C:\Windows\System\RKinCuw.exe
  2⤵
  PID:7924
- C:\Windows\System\RwNsHqh.exe
  C:\Windows\System\RwNsHqh.exe
  2⤵
  PID:7944
- C:\Windows\System\BjcQpls.exe
  C:\Windows\System\BjcQpls.exe
  2⤵
  PID:7972
- C:\Windows\System\zmmfGXf.exe
  C:\Windows\System\zmmfGXf.exe
  2⤵
  PID:7988
- C:\Windows\System\vvCMwzh.exe
  C:\Windows\System\vvCMwzh.exe
  2⤵
  PID:8004
- C:\Windows\System\gDWeMNd.exe
  C:\Windows\System\gDWeMNd.exe
  2⤵
  PID:8024
- C:\Windows\System\ducUcTt.exe
  C:\Windows\System\ducUcTt.exe
  2⤵
  PID:8044
- C:\Windows\System\vKDspRx.exe
  C:\Windows\System\vKDspRx.exe
  2⤵
  PID:8060
- C:\Windows\System\gVpDyIV.exe
  C:\Windows\System\gVpDyIV.exe
  2⤵
  PID:8076
- C:\Windows\System\PFUIhND.exe
  C:\Windows\System\PFUIhND.exe
  2⤵
  PID:8096
- C:\Windows\System\GDLrDtC.exe
  C:\Windows\System\GDLrDtC.exe
  2⤵
  PID:8132
- C:\Windows\System\SlNNYQN.exe
  C:\Windows\System\SlNNYQN.exe
  2⤵
  PID:8152
- C:\Windows\System\iHkkfXX.exe
  C:\Windows\System\iHkkfXX.exe
  2⤵
  PID:8172
- C:\Windows\System\GCnrUHD.exe
  C:\Windows\System\GCnrUHD.exe
  2⤵
  PID:8188
- C:\Windows\System\mZdlSXU.exe
  C:\Windows\System\mZdlSXU.exe
  2⤵
  PID:7188
- C:\Windows\System\wqvGkoO.exe
  C:\Windows\System\wqvGkoO.exe
  2⤵
  PID:7212
- C:\Windows\System\MQAPfnH.exe
  C:\Windows\System\MQAPfnH.exe
  2⤵
  PID:7252
- C:\Windows\System\mmoHeYW.exe
  C:\Windows\System\mmoHeYW.exe
  2⤵
  PID:7292
- C:\Windows\System\TapSGha.exe
  C:\Windows\System\TapSGha.exe
  2⤵
  PID:7320
- C:\Windows\System\YNXwKBp.exe
  C:\Windows\System\YNXwKBp.exe
  2⤵
  PID:7360
- C:\Windows\System\qHgxcEq.exe
  C:\Windows\System\qHgxcEq.exe
  2⤵
  PID:7400
- C:\Windows\System\DfjOXSy.exe
  C:\Windows\System\DfjOXSy.exe
  2⤵
  PID:7424
- C:\Windows\System\RtkJZEc.exe
  C:\Windows\System\RtkJZEc.exe
  2⤵
  PID:7456
- C:\Windows\System\DvvRXFe.exe
  C:\Windows\System\DvvRXFe.exe
  2⤵
  PID:7496
- C:\Windows\System\jQjExrI.exe
  C:\Windows\System\jQjExrI.exe
  2⤵
  PID:7500
- C:\Windows\System\UVSNlus.exe
  C:\Windows\System\UVSNlus.exe
  2⤵
  PID:7540
- C:\Windows\System\uqxSHGE.exe
  C:\Windows\System\uqxSHGE.exe
  2⤵
  PID:7616
- C:\Windows\System\IzQLepB.exe
  C:\Windows\System\IzQLepB.exe
  2⤵
  PID:7636
- C:\Windows\System\YHYGBaG.exe
  C:\Windows\System\YHYGBaG.exe
  2⤵
  PID:7672
- C:\Windows\System\CbyqnMD.exe
  C:\Windows\System\CbyqnMD.exe
  2⤵
  PID:7712
- C:\Windows\System\CrOCEna.exe
  C:\Windows\System\CrOCEna.exe
  2⤵
  PID:7740
- C:\Windows\System\PyPyOfV.exe
  C:\Windows\System\PyPyOfV.exe
  2⤵
  PID:7772
- C:\Windows\System\mQXYJnf.exe
  C:\Windows\System\mQXYJnf.exe
  2⤵
  PID:7792
- C:\Windows\System\SgVPXCc.exe
  C:\Windows\System\SgVPXCc.exe
  2⤵
  PID:7832
- C:\Windows\System\cahFbbG.exe
  C:\Windows\System\cahFbbG.exe
  2⤵
  PID:7856
- C:\Windows\System\RNTqBNu.exe
  C:\Windows\System\RNTqBNu.exe
  2⤵
  PID:7916
- C:\Windows\System\swYjMtf.exe
  C:\Windows\System\swYjMtf.exe
  2⤵
  PID:7904
- C:\Windows\System\BkZmWhL.exe
  C:\Windows\System\BkZmWhL.exe
  2⤵
  PID:7940
- C:\Windows\System\dwfWPkw.exe
  C:\Windows\System\dwfWPkw.exe
  2⤵
  PID:8032
- C:\Windows\System\zrWSgPF.exe
  C:\Windows\System\zrWSgPF.exe
  2⤵
  PID:8072
- C:\Windows\System\FmmlSki.exe
  C:\Windows\System\FmmlSki.exe
  2⤵
  PID:8020
- C:\Windows\System\kOApIYm.exe
  C:\Windows\System\kOApIYm.exe
  2⤵
  PID:8088
- C:\Windows\System\lxYsnld.exe
  C:\Windows\System\lxYsnld.exe
  2⤵
  PID:8124
- C:\Windows\System\EWGAzzM.exe
  C:\Windows\System\EWGAzzM.exe
  2⤵
  PID:8144
- C:\Windows\System\qcOuImk.exe
  C:\Windows\System\qcOuImk.exe
  2⤵
  PID:7196
- C:\Windows\System\ONjAEMh.exe
  C:\Windows\System\ONjAEMh.exe
  2⤵
  PID:7248
- C:\Windows\System\EsXMdaY.exe
  C:\Windows\System\EsXMdaY.exe
  2⤵
  PID:7308
- C:\Windows\System\BkkxWZZ.exe
  C:\Windows\System\BkkxWZZ.exe
  2⤵
  PID:7380
- C:\Windows\System\jPePZxW.exe
  C:\Windows\System\jPePZxW.exe
  2⤵
  PID:7444
- C:\Windows\System\icBDleo.exe
  C:\Windows\System\icBDleo.exe
  2⤵
  PID:7356
- C:\Windows\System\ubhaXjF.exe
  C:\Windows\System\ubhaXjF.exe
  2⤵
  PID:7556
- C:\Windows\System\OfAyGVn.exe
  C:\Windows\System\OfAyGVn.exe
  2⤵
  PID:7596
- C:\Windows\System\TzQfFoY.exe
  C:\Windows\System\TzQfFoY.exe
  2⤵
  PID:7632
- C:\Windows\System\ZeOUViw.exe
  C:\Windows\System\ZeOUViw.exe
  2⤵
  PID:7716
- C:\Windows\System\wiMUMWp.exe
  C:\Windows\System\wiMUMWp.exe
  2⤵
  PID:7780
- C:\Windows\System\eGNIEtH.exe
  C:\Windows\System\eGNIEtH.exe
  2⤵
  PID:7952
- C:\Windows\System\nPIxMUP.exe
  C:\Windows\System\nPIxMUP.exe
  2⤵
  PID:7804
- C:\Windows\System\FzkSlRz.exe
  C:\Windows\System\FzkSlRz.exe
  2⤵
  PID:7880
- C:\Windows\System\hEFNTRQ.exe
  C:\Windows\System\hEFNTRQ.exe
  2⤵
  PID:7900
- C:\Windows\System\GAYQefP.exe
  C:\Windows\System\GAYQefP.exe
  2⤵
  PID:8068
- C:\Windows\System\zBwkmmD.exe
  C:\Windows\System\zBwkmmD.exe
  2⤵
  PID:8116
- C:\Windows\System\ustyoDK.exe
  C:\Windows\System\ustyoDK.exe
  2⤵
  PID:8140
- C:\Windows\System\aFfbSLX.exe
  C:\Windows\System\aFfbSLX.exe
  2⤵
  PID:7176
- C:\Windows\System\kykLzST.exe
  C:\Windows\System\kykLzST.exe
  2⤵
  PID:7272
- C:\Windows\System\KMBCIFJ.exe
  C:\Windows\System\KMBCIFJ.exe
  2⤵
  PID:7392
- C:\Windows\System\VqzqbuT.exe
  C:\Windows\System\VqzqbuT.exe
  2⤵
  PID:7416
- C:\Windows\System\cSdhlnD.exe
  C:\Windows\System\cSdhlnD.exe
  2⤵
  PID:7532
- C:\Windows\System\KIDDICl.exe
  C:\Windows\System\KIDDICl.exe
  2⤵
  PID:7656
- C:\Windows\System\xTRTJws.exe
  C:\Windows\System\xTRTJws.exe
  2⤵
  PID:7680
- C:\Windows\System\ExdAHXh.exe
  C:\Windows\System\ExdAHXh.exe
  2⤵
  PID:7840
- C:\Windows\System\MAZAqMd.exe
  C:\Windows\System\MAZAqMd.exe
  2⤵
  PID:7860
- C:\Windows\System\qAkyWQi.exe
  C:\Windows\System\qAkyWQi.exe
  2⤵
  PID:8040
- C:\Windows\System\MOYkodd.exe
  C:\Windows\System\MOYkodd.exe
  2⤵
  PID:6740
- C:\Windows\System\uuJitkB.exe
  C:\Windows\System\uuJitkB.exe
  2⤵
  PID:7232
- C:\Windows\System\MAxltdB.exe
  C:\Windows\System\MAxltdB.exe
  2⤵
  PID:7484
- C:\Windows\System\kRsavgz.exe
  C:\Windows\System\kRsavgz.exe
  2⤵
  PID:7504
- C:\Windows\System\EhTLQlA.exe
  C:\Windows\System\EhTLQlA.exe
  2⤵
  PID:7684
- C:\Windows\System\qBLkKJX.exe
  C:\Windows\System\qBLkKJX.exe
  2⤵
  PID:7776
- C:\Windows\System\fCgoydk.exe
  C:\Windows\System\fCgoydk.exe
  2⤵
  PID:7724
- C:\Windows\System\EpVKecl.exe
  C:\Windows\System\EpVKecl.exe
  2⤵
  PID:8108
- C:\Windows\System\CUULoOC.exe
  C:\Windows\System\CUULoOC.exe
  2⤵
  PID:7736
- C:\Windows\System\iyKubpQ.exe
  C:\Windows\System\iyKubpQ.exe
  2⤵
  PID:8012
- C:\Windows\System\LWWeKPO.exe
  C:\Windows\System\LWWeKPO.exe
  2⤵
  PID:7536
- C:\Windows\System\tORhkNu.exe
  C:\Windows\System\tORhkNu.exe
  2⤵
  PID:8016
- C:\Windows\System\WnNbkwv.exe
  C:\Windows\System\WnNbkwv.exe
  2⤵
  PID:7576
- C:\Windows\System\UytGJjG.exe
  C:\Windows\System\UytGJjG.exe
  2⤵
  PID:8180
- C:\Windows\System\IDcasOg.exe
  C:\Windows\System\IDcasOg.exe
  2⤵
  PID:7520
- C:\Windows\System\IxwVJfo.exe
  C:\Windows\System\IxwVJfo.exe
  2⤵
  PID:7932
- C:\Windows\System\jSHBlcV.exe
  C:\Windows\System\jSHBlcV.exe
  2⤵
  PID:8164
- C:\Windows\System\ceIeLTw.exe
  C:\Windows\System\ceIeLTw.exe
  2⤵
  PID:8148
- C:\Windows\System\CJoVoLs.exe
  C:\Windows\System\CJoVoLs.exe
  2⤵
  PID:8212
- C:\Windows\System\dJYtDKF.exe
  C:\Windows\System\dJYtDKF.exe
  2⤵
  PID:8236
- C:\Windows\System\LZsmYDg.exe
  C:\Windows\System\LZsmYDg.exe
  2⤵
  PID:8252
- C:\Windows\System\AfVLDOn.exe
  C:\Windows\System\AfVLDOn.exe
  2⤵
  PID:8268
- C:\Windows\System\QnqXbLe.exe
  C:\Windows\System\QnqXbLe.exe
  2⤵
  PID:8284
- C:\Windows\System\MTAfVgY.exe
  C:\Windows\System\MTAfVgY.exe
  2⤵
  PID:8304
- C:\Windows\System\EQSSnBt.exe
  C:\Windows\System\EQSSnBt.exe
  2⤵
  PID:8324
- C:\Windows\System\gVopjbE.exe
  C:\Windows\System\gVopjbE.exe
  2⤵
  PID:8352
- C:\Windows\System\LaUrDyA.exe
  C:\Windows\System\LaUrDyA.exe
  2⤵
  PID:8368
- C:\Windows\System\WQhnnaf.exe
  C:\Windows\System\WQhnnaf.exe
  2⤵
  PID:8404
- C:\Windows\System\AfEexTY.exe
  C:\Windows\System\AfEexTY.exe
  2⤵
  PID:8432
- C:\Windows\System\faDTfnh.exe
  C:\Windows\System\faDTfnh.exe
  2⤵
  PID:8448
- C:\Windows\System\vLGettG.exe
  C:\Windows\System\vLGettG.exe
  2⤵
  PID:8476
- C:\Windows\System\gKWGOBJ.exe
  C:\Windows\System\gKWGOBJ.exe
  2⤵
  PID:8492
- C:\Windows\System\xowjJKW.exe
  C:\Windows\System\xowjJKW.exe
  2⤵
  PID:8520
- C:\Windows\System\zIYhmtp.exe
  C:\Windows\System\zIYhmtp.exe
  2⤵
  PID:8540
- C:\Windows\System\FEOVRgZ.exe
  C:\Windows\System\FEOVRgZ.exe
  2⤵
  PID:8564
- C:\Windows\System\coQdBzM.exe
  C:\Windows\System\coQdBzM.exe
  2⤵
  PID:8584
- C:\Windows\System\Qclaoou.exe
  C:\Windows\System\Qclaoou.exe
  2⤵
  PID:8620
- C:\Windows\System\iRNzrYE.exe
  C:\Windows\System\iRNzrYE.exe
  2⤵
  PID:8640
- C:\Windows\System\eDFFAaU.exe
  C:\Windows\System\eDFFAaU.exe
  2⤵
  PID:8656
- C:\Windows\System\oqORnZb.exe
  C:\Windows\System\oqORnZb.exe
  2⤵
  PID:8672
- C:\Windows\System\naSaJci.exe
  C:\Windows\System\naSaJci.exe
  2⤵
  PID:8696
- C:\Windows\System\BIQTGko.exe
  C:\Windows\System\BIQTGko.exe
  2⤵
  PID:8712
- C:\Windows\System\CQgrcfR.exe
  C:\Windows\System\CQgrcfR.exe
  2⤵
  PID:8732
- C:\Windows\System\jhwVwLO.exe
  C:\Windows\System\jhwVwLO.exe
  2⤵
  PID:8748
- C:\Windows\System\yfqdNtE.exe
  C:\Windows\System\yfqdNtE.exe
  2⤵
  PID:8764
- C:\Windows\System\frIYzbp.exe
  C:\Windows\System\frIYzbp.exe
  2⤵
  PID:8800
- C:\Windows\System\CnKxbQg.exe
  C:\Windows\System\CnKxbQg.exe
  2⤵
  PID:8820
- C:\Windows\System\DqqTwdB.exe
  C:\Windows\System\DqqTwdB.exe
  2⤵
  PID:8844
- C:\Windows\System\DJKvxaT.exe
  C:\Windows\System\DJKvxaT.exe
  2⤵
  PID:8860
- C:\Windows\System\qBRhQBD.exe
  C:\Windows\System\qBRhQBD.exe
  2⤵
  PID:8888
- C:\Windows\System\vyBXXqm.exe
  C:\Windows\System\vyBXXqm.exe
  2⤵
  PID:8924
- C:\Windows\System\klIRiIg.exe
  C:\Windows\System\klIRiIg.exe
  2⤵
  PID:8944
- C:\Windows\System\LMfeDWq.exe
  C:\Windows\System\LMfeDWq.exe
  2⤵
  PID:8964
- C:\Windows\System\jprNIuu.exe
  C:\Windows\System\jprNIuu.exe
  2⤵
  PID:8980
- C:\Windows\System\dzaKeKc.exe
  C:\Windows\System\dzaKeKc.exe
  2⤵
  PID:9004
- C:\Windows\System\QLfQuTR.exe
  C:\Windows\System\QLfQuTR.exe
  2⤵
  PID:9024
- C:\Windows\System\iEUoNHA.exe
  C:\Windows\System\iEUoNHA.exe
  2⤵
  PID:9040
- C:\Windows\System\SWUwnAd.exe
  C:\Windows\System\SWUwnAd.exe
  2⤵
  PID:9060
- C:\Windows\System\qyiIpUV.exe
  C:\Windows\System\qyiIpUV.exe
  2⤵
  PID:9076
- C:\Windows\System\XsTuLUR.exe
  C:\Windows\System\XsTuLUR.exe
  2⤵
  PID:9100
- C:\Windows\System\bqPqhWX.exe
  C:\Windows\System\bqPqhWX.exe
  2⤵
  PID:9124
- C:\Windows\System\ZlgbiFI.exe
  C:\Windows\System\ZlgbiFI.exe
  2⤵
  PID:9140
- C:\Windows\System\pSZPUCm.exe
  C:\Windows\System\pSZPUCm.exe
  2⤵
  PID:9160
- C:\Windows\System\HxfEihL.exe
  C:\Windows\System\HxfEihL.exe
  2⤵
  PID:9180
- C:\Windows\System\jEQjIUA.exe
  C:\Windows\System\jEQjIUA.exe
  2⤵
  PID:9204
- C:\Windows\System\SJQxDzR.exe
  C:\Windows\System\SJQxDzR.exe
  2⤵
  PID:8200
- C:\Windows\System\SqzZVfS.exe
  C:\Windows\System\SqzZVfS.exe
  2⤵
  PID:8248
- C:\Windows\System\bWbFjPc.exe
  C:\Windows\System\bWbFjPc.exe
  2⤵
  PID:8220
- C:\Windows\System\PzMZSJm.exe
  C:\Windows\System\PzMZSJm.exe
  2⤵
  PID:8296
- C:\Windows\System\Kyzwxet.exe
  C:\Windows\System\Kyzwxet.exe
  2⤵
  PID:8332
- C:\Windows\System\lOGXeco.exe
  C:\Windows\System\lOGXeco.exe
  2⤵
  PID:8340
- C:\Windows\System\CnJyDpt.exe
  C:\Windows\System\CnJyDpt.exe
  2⤵
  PID:8416
- C:\Windows\System\IKQNndL.exe
  C:\Windows\System\IKQNndL.exe
  2⤵
  PID:8388
- C:\Windows\System\odaZfAK.exe
  C:\Windows\System\odaZfAK.exe
  2⤵
  PID:8464
- C:\Windows\System\awYNxAJ.exe
  C:\Windows\System\awYNxAJ.exe
  2⤵
  PID:8444
- C:\Windows\System\qtwxvlN.exe
  C:\Windows\System\qtwxvlN.exe
  2⤵
  PID:8512
- C:\Windows\System\jvIZINp.exe
  C:\Windows\System\jvIZINp.exe
  2⤵
  PID:8528
- C:\Windows\System\QabwivB.exe
  C:\Windows\System\QabwivB.exe
  2⤵
  PID:8576
- C:\Windows\System\pTEfTdh.exe
  C:\Windows\System\pTEfTdh.exe
  2⤵
  PID:8604
- C:\Windows\System\XJkFzxu.exe
  C:\Windows\System\XJkFzxu.exe
  2⤵
  PID:8652
- C:\Windows\System\jJHfmDU.exe
  C:\Windows\System\jJHfmDU.exe
  2⤵
  PID:8204
- C:\Windows\System\yxYyzlc.exe
  C:\Windows\System\yxYyzlc.exe
  2⤵
  PID:8692
- C:\Windows\System\aSjuWar.exe
  C:\Windows\System\aSjuWar.exe
  2⤵
  PID:8744
- C:\Windows\System\xJElWeo.exe
  C:\Windows\System\xJElWeo.exe
  2⤵
  PID:8784
- C:\Windows\System\TqWLkpg.exe
  C:\Windows\System\TqWLkpg.exe
  2⤵
  PID:8776
- C:\Windows\System\EFaeoXy.exe
  C:\Windows\System\EFaeoXy.exe
  2⤵
  PID:8836
- C:\Windows\System\gHswxEw.exe
  C:\Windows\System\gHswxEw.exe
  2⤵
  PID:8876
- C:\Windows\System\XIINzSs.exe
  C:\Windows\System\XIINzSs.exe
  2⤵
  PID:8908
- C:\Windows\System\OWVbqvq.exe
  C:\Windows\System\OWVbqvq.exe
  2⤵
  PID:8916
- C:\Windows\System\UhyveVt.exe
  C:\Windows\System\UhyveVt.exe
  2⤵
  PID:8936
- C:\Windows\System\ZqgrYJS.exe
  C:\Windows\System\ZqgrYJS.exe
  2⤵
  PID:8972
- C:\Windows\System\sIsnsNP.exe
  C:\Windows\System\sIsnsNP.exe
  2⤵
  PID:9020
- C:\Windows\System\GmbliZm.exe
  C:\Windows\System\GmbliZm.exe
  2⤵
  PID:9072
- C:\Windows\System\psaZtQF.exe
  C:\Windows\System\psaZtQF.exe
  2⤵
  PID:9084
- C:\Windows\System\msfNPfl.exe
  C:\Windows\System\msfNPfl.exe
  2⤵
  PID:9088
- C:\Windows\System\iJpeUIv.exe
  C:\Windows\System\iJpeUIv.exe
  2⤵
  PID:9152
- C:\Windows\System\MGSAqDf.exe
  C:\Windows\System\MGSAqDf.exe
  2⤵
  PID:9168
- C:\Windows\System\pNTSyzE.exe
  C:\Windows\System\pNTSyzE.exe
  2⤵
  PID:8120
- C:\Windows\System\gtstUen.exe
  C:\Windows\System\gtstUen.exe
  2⤵
  PID:8260
- C:\Windows\System\NMErQaS.exe
  C:\Windows\System\NMErQaS.exe
  2⤵
  PID:8364
- C:\Windows\System\VDRXbec.exe
  C:\Windows\System\VDRXbec.exe
  2⤵
  PID:8360
- C:\Windows\System\iTMrIXK.exe
  C:\Windows\System\iTMrIXK.exe
  2⤵
  PID:8424
- C:\Windows\System\lUumSEs.exe
  C:\Windows\System\lUumSEs.exe
  2⤵
  PID:8468
- C:\Windows\System\lwIiUGh.exe
  C:\Windows\System\lwIiUGh.exe
  2⤵
  PID:8508
- C:\Windows\System\rfPXCGc.exe
  C:\Windows\System\rfPXCGc.exe
  2⤵
  PID:8596
- C:\Windows\System\lvteCnh.exe
  C:\Windows\System\lvteCnh.exe
  2⤵
  PID:8628
- C:\Windows\System\tecLrVL.exe
  C:\Windows\System\tecLrVL.exe
  2⤵
  PID:8688
- C:\Windows\System\LEVaoYN.exe
  C:\Windows\System\LEVaoYN.exe
  2⤵
  PID:8780
- C:\Windows\System\qauHUvg.exe
  C:\Windows\System\qauHUvg.exe
  2⤵
  PID:8792
- C:\Windows\System\ZeqdmiZ.exe
  C:\Windows\System\ZeqdmiZ.exe
  2⤵
  PID:8868
- C:\Windows\System\FrPGZPf.exe
  C:\Windows\System\FrPGZPf.exe
  2⤵
  PID:8900
- C:\Windows\System\vMCNAHM.exe
  C:\Windows\System\vMCNAHM.exe
  2⤵
  PID:8940
- C:\Windows\System\XRgiHLh.exe
  C:\Windows\System\XRgiHLh.exe
  2⤵
  PID:8932
- C:\Windows\System\YyofOJE.exe
  C:\Windows\System\YyofOJE.exe
  2⤵
  PID:9036
- C:\Windows\System\IhYbxVW.exe
  C:\Windows\System\IhYbxVW.exe
  2⤵
  PID:9132
- C:\Windows\System\nDUUsnM.exe
  C:\Windows\System\nDUUsnM.exe
  2⤵
  PID:9116
- C:\Windows\System\Zzwtcii.exe
  C:\Windows\System\Zzwtcii.exe
  2⤵
  PID:9212
- C:\Windows\System\kMylOVI.exe
  C:\Windows\System\kMylOVI.exe
  2⤵
  PID:8300
- C:\Windows\System\CkHRKCy.exe
  C:\Windows\System\CkHRKCy.exe
  2⤵
  PID:8412
- C:\Windows\System\xbQSwir.exe
  C:\Windows\System\xbQSwir.exe
  2⤵
  PID:8548
- C:\Windows\System\OQogLwy.exe
  C:\Windows\System\OQogLwy.exe
  2⤵
  PID:8500
- C:\Windows\System\BWfSiiI.exe
  C:\Windows\System\BWfSiiI.exe
  2⤵
  PID:8636
- C:\Windows\System\oPcVExG.exe
  C:\Windows\System\oPcVExG.exe
  2⤵
  PID:8728
- C:\Windows\System\pshScJA.exe
  C:\Windows\System\pshScJA.exe
  2⤵
  PID:8796
- C:\Windows\System\UbnZmdE.exe
  C:\Windows\System\UbnZmdE.exe
  2⤵
  PID:8832
- C:\Windows\System\YSzxYRV.exe
  C:\Windows\System\YSzxYRV.exe
  2⤵
  PID:9000
- C:\Windows\System\jngPOEz.exe
  C:\Windows\System\jngPOEz.exe
  2⤵
  PID:9032
- C:\Windows\System\yRlXpKp.exe
  C:\Windows\System\yRlXpKp.exe
  2⤵
  PID:9112
- C:\Windows\System\GTZJSrF.exe
  C:\Windows\System\GTZJSrF.exe
  2⤵
  PID:9156
- C:\Windows\System\woKvSoU.exe
  C:\Windows\System\woKvSoU.exe
  2⤵
  PID:8376
- C:\Windows\System\PGacvBp.exe
  C:\Windows\System\PGacvBp.exe
  2⤵
  PID:8456
- C:\Windows\System\NVjXxKr.exe
  C:\Windows\System\NVjXxKr.exe
  2⤵
  PID:8556
- C:\Windows\System\sTIgHuF.exe
  C:\Windows\System\sTIgHuF.exe
  2⤵
  PID:8852
- C:\Windows\System\OcAxXbu.exe
  C:\Windows\System\OcAxXbu.exe
  2⤵
  PID:8808
- C:\Windows\System\CVOiepd.exe
  C:\Windows\System\CVOiepd.exe
  2⤵
  PID:8996
- C:\Windows\System\SYbzcbC.exe
  C:\Windows\System\SYbzcbC.exe
  2⤵
  PID:8592
- C:\Windows\System\aNpVDrf.exe
  C:\Windows\System\aNpVDrf.exe
  2⤵
  PID:8504
- C:\Windows\System\LUFdrEp.exe
  C:\Windows\System\LUFdrEp.exe
  2⤵
  PID:8872
- C:\Windows\System\tSqNUUS.exe
  C:\Windows\System\tSqNUUS.exe
  2⤵
  PID:8460
- C:\Windows\System\OpofXYm.exe
  C:\Windows\System\OpofXYm.exe
  2⤵
  PID:9148
- C:\Windows\System\idKfTjo.exe
  C:\Windows\System\idKfTjo.exe
  2⤵
  PID:8760
- C:\Windows\System\bTGhzOy.exe
  C:\Windows\System\bTGhzOy.exe
  2⤵
  PID:8708
- C:\Windows\System\bracWFm.exe
  C:\Windows\System\bracWFm.exe
  2⤵
  PID:9196
- C:\Windows\System\ntfRtdF.exe
  C:\Windows\System\ntfRtdF.exe
  2⤵
  PID:8740
- C:\Windows\System\bNQERCC.exe
  C:\Windows\System\bNQERCC.exe
  2⤵
  PID:9224
- C:\Windows\System\dwmbscJ.exe
  C:\Windows\System\dwmbscJ.exe
  2⤵
  PID:9248
- C:\Windows\System\xIUZaps.exe
  C:\Windows\System\xIUZaps.exe
  2⤵
  PID:9272
- C:\Windows\System\hltrKlZ.exe
  C:\Windows\System\hltrKlZ.exe
  2⤵
  PID:9288
- C:\Windows\System\azTEGpM.exe
  C:\Windows\System\azTEGpM.exe
  2⤵
  PID:9312
- C:\Windows\System\thXQPrE.exe
  C:\Windows\System\thXQPrE.exe
  2⤵
  PID:9328
- C:\Windows\System\iqhpmvO.exe
  C:\Windows\System\iqhpmvO.exe
  2⤵
  PID:9344
- C:\Windows\System\HUmTgix.exe
  C:\Windows\System\HUmTgix.exe
  2⤵
  PID:9360
- C:\Windows\System\kdliXMF.exe
  C:\Windows\System\kdliXMF.exe
  2⤵
  PID:9388
- C:\Windows\System\CtbypwP.exe
  C:\Windows\System\CtbypwP.exe
  2⤵
  PID:9404
- C:\Windows\System\vksxIHO.exe
  C:\Windows\System\vksxIHO.exe
  2⤵
  PID:9420
- C:\Windows\System\tRMMVod.exe
  C:\Windows\System\tRMMVod.exe
  2⤵
  PID:9436
- C:\Windows\System\tTlJRJt.exe
  C:\Windows\System\tTlJRJt.exe
  2⤵
  PID:9456
- C:\Windows\System\bjOKtAo.exe
  C:\Windows\System\bjOKtAo.exe
  2⤵
  PID:9488
- C:\Windows\System\zpnFNSs.exe
  C:\Windows\System\zpnFNSs.exe
  2⤵
  PID:9512
- C:\Windows\System\JSriSYJ.exe
  C:\Windows\System\JSriSYJ.exe
  2⤵
  PID:9528
- C:\Windows\System\Omtmkww.exe
  C:\Windows\System\Omtmkww.exe
  2⤵
  PID:9548
- C:\Windows\System\XicKjbR.exe
  C:\Windows\System\XicKjbR.exe
  2⤵
  PID:9576
- C:\Windows\System\TnAqwUc.exe
  C:\Windows\System\TnAqwUc.exe
  2⤵
  PID:9596
- C:\Windows\System\sJkQZQj.exe
  C:\Windows\System\sJkQZQj.exe
  2⤵
  PID:9612
- C:\Windows\System\jZtYtZT.exe
  C:\Windows\System\jZtYtZT.exe
  2⤵
  PID:9636
- C:\Windows\System\tVTymxq.exe
  C:\Windows\System\tVTymxq.exe
  2⤵
  PID:9652
- C:\Windows\System\eNdYDPm.exe
  C:\Windows\System\eNdYDPm.exe
  2⤵
  PID:9676
- C:\Windows\System\YhEulVM.exe
  C:\Windows\System\YhEulVM.exe
  2⤵
  PID:9692
- C:\Windows\System\CMQHiIB.exe
  C:\Windows\System\CMQHiIB.exe
  2⤵
  PID:9712
- C:\Windows\System\XVCNOfT.exe
  C:\Windows\System\XVCNOfT.exe
  2⤵
  PID:9736
- C:\Windows\System\YpRVEfb.exe
  C:\Windows\System\YpRVEfb.exe
  2⤵
  PID:9752
- C:\Windows\System\HQzpVZN.exe
  C:\Windows\System\HQzpVZN.exe
  2⤵
  PID:9772
- C:\Windows\System\AoxNXKV.exe
  C:\Windows\System\AoxNXKV.exe
  2⤵
  PID:9788
- C:\Windows\System\DeJAGlX.exe
  C:\Windows\System\DeJAGlX.exe
  2⤵
  PID:9804
- C:\Windows\System\nTCfckG.exe
  C:\Windows\System\nTCfckG.exe
  2⤵
  PID:9824
- C:\Windows\System\YiUrbBT.exe
  C:\Windows\System\YiUrbBT.exe
  2⤵
  PID:9840
- C:\Windows\System\nefwbvq.exe
  C:\Windows\System\nefwbvq.exe
  2⤵
  PID:9868
- C:\Windows\System\guKCpDB.exe
  C:\Windows\System\guKCpDB.exe
  2⤵
  PID:9896
- C:\Windows\System\ZqtVcLF.exe
  C:\Windows\System\ZqtVcLF.exe
  2⤵
  PID:9916
- C:\Windows\System\oapxHqO.exe
  C:\Windows\System\oapxHqO.exe
  2⤵
  PID:9932
- C:\Windows\System\wxNIBYW.exe
  C:\Windows\System\wxNIBYW.exe
  2⤵
  PID:9948
- C:\Windows\System\wQpzCzB.exe
  C:\Windows\System\wQpzCzB.exe
  2⤵
  PID:9964
- C:\Windows\System\IFQgpjU.exe
  C:\Windows\System\IFQgpjU.exe
  2⤵
  PID:9984
- C:\Windows\System\UbPbJmq.exe
  C:\Windows\System\UbPbJmq.exe
  2⤵
  PID:10004
- C:\Windows\System\RidGnBz.exe
  C:\Windows\System\RidGnBz.exe
  2⤵
  PID:10024
- C:\Windows\System\aVxlxOc.exe
  C:\Windows\System\aVxlxOc.exe
  2⤵
  PID:10060
- C:\Windows\System\WhnEQEF.exe
  C:\Windows\System\WhnEQEF.exe
  2⤵
  PID:10076
- C:\Windows\System\aiDVTuN.exe
  C:\Windows\System\aiDVTuN.exe
  2⤵
  PID:10096
- C:\Windows\System\KclwhVp.exe
  C:\Windows\System\KclwhVp.exe
  2⤵
  PID:10116
- C:\Windows\System\kwoRnwp.exe
  C:\Windows\System\kwoRnwp.exe
  2⤵
  PID:10140
- C:\Windows\System\vDRUzII.exe
  C:\Windows\System\vDRUzII.exe
  2⤵
  PID:10160
- C:\Windows\System\TomhJtP.exe
  C:\Windows\System\TomhJtP.exe
  2⤵
  PID:10176
- C:\Windows\System\IXKgtxR.exe
  C:\Windows\System\IXKgtxR.exe
  2⤵
  PID:10192
- C:\Windows\System\vOyOYCB.exe
  C:\Windows\System\vOyOYCB.exe
  2⤵
  PID:10212
- C:\Windows\System\cuSsbmc.exe
  C:\Windows\System\cuSsbmc.exe
  2⤵
  PID:8228
- C:\Windows\System\rIjuZTR.exe
  C:\Windows\System\rIjuZTR.exe
  2⤵
  PID:9232
- C:\Windows\System\bLHXPok.exe
  C:\Windows\System\bLHXPok.exe
  2⤵
  PID:9240
- C:\Windows\System\pLCNWCy.exe
  C:\Windows\System\pLCNWCy.exe
  2⤵
  PID:9296
- C:\Windows\System\PkomZWS.exe
  C:\Windows\System\PkomZWS.exe
  2⤵
  PID:9336
- C:\Windows\System\bFdIMKH.exe
  C:\Windows\System\bFdIMKH.exe
  2⤵
  PID:9376
- C:\Windows\System\PdDkCgZ.exe
  C:\Windows\System\PdDkCgZ.exe
  2⤵
  PID:9416
- C:\Windows\System\UqTofJN.exe
  C:\Windows\System\UqTofJN.exe
  2⤵
  PID:9480
- C:\Windows\System\IxVsWXq.exe
  C:\Windows\System\IxVsWXq.exe
  2⤵
  PID:9468
- C:\Windows\System\iRkzhaW.exe
  C:\Windows\System\iRkzhaW.exe
  2⤵
  PID:9464
- C:\Windows\System\PnSxJrX.exe
  C:\Windows\System\PnSxJrX.exe
  2⤵
  PID:9524
- C:\Windows\System\rRhLHwy.exe
  C:\Windows\System\rRhLHwy.exe
  2⤵
  PID:9560
- C:\Windows\System\MOThEKc.exe
  C:\Windows\System\MOThEKc.exe
  2⤵
  PID:9592
- C:\Windows\System\hMYiyGJ.exe
  C:\Windows\System\hMYiyGJ.exe
  2⤵
  PID:8992
- C:\Windows\System\bOCbNnG.exe
  C:\Windows\System\bOCbNnG.exe
  2⤵
  PID:9644
- C:\Windows\System\aWYMYJD.exe
  C:\Windows\System\aWYMYJD.exe
  2⤵
  PID:9684
- C:\Windows\System\gHQKcLo.exe
  C:\Windows\System\gHQKcLo.exe
  2⤵
  PID:9708
- C:\Windows\System\JzCTBHN.exe
  C:\Windows\System\JzCTBHN.exe
  2⤵
  PID:9852
- C:\Windows\System\CqOZJNM.exe
  C:\Windows\System\CqOZJNM.exe
  2⤵
  PID:9860
- C:\Windows\System\ZJZXnPk.exe
  C:\Windows\System\ZJZXnPk.exe
  2⤵
  PID:9768
- C:\Windows\System\ZgQnIyZ.exe
  C:\Windows\System\ZgQnIyZ.exe
  2⤵
  PID:9876
- C:\Windows\System\JEbYOSC.exe
  C:\Windows\System\JEbYOSC.exe
  2⤵
  PID:9892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\EbXsdJk.exe

Filesize
6.0MB

MD5
84302ff083eb6cf3934be417de20442d

SHA1
eefe320b25d002a6bc3c73308ae251134da7ac97

SHA256
223059a83cf25fdd2c8e016daf50585d7103b18e80ad9cf14c36c89b77d860a5

SHA512
472c77bb38e8ce622ab5c47869844354483a9fe5f39ead644fd68a9bf9192ebd647d0b89ad9d7f72e0f215a7664893f73f5a50fedd0a2582364917f279316544

Download Submit
C:\Windows\system\FRSMuhe.exe

Filesize
6.0MB

MD5
3c2aac529190ff129c0105665ffde08f

SHA1
51e237df8714ba2d3616a391b7d804e808548257

SHA256
4026ad8bdcf50a189243eb5017294ec74154b597e5691056f40d474b9b3f95ce

SHA512
2aca6b8568b22beea1b152b557c5731cf9d9b9715300c8af5bf71716231a1addcff26bb9f435cd7a2d2bf17cd9bd32f303d245f6b8dcba479b29d6f4ad78213f

Download Submit
C:\Windows\system\IbkXsjx.exe

Filesize
6.0MB

MD5
859b6a9b571b844f2daa41035cbacc65

SHA1
b7a1d70105554d31e7783bcaecf206f38c914b1c

SHA256
c9f658eb7e08f339602cf52134b952b0671b10c8e238cc0427fb922b65aeb01c

SHA512
d91ef9c84452e54c780384f74799b2d63c04924b9961e116a6ac9fd2ff0fe1ce7277f85c6ceb71f5f8cf1a9495f131fdb2886341ce5eb47c0204d73d9b3c85a6

Download Submit
C:\Windows\system\NzDefxe.exe

Filesize
6.0MB

MD5
7240e2fea816cbb7b7a98f1679610fe2

SHA1
8d501176f260ae55d49653a57ceef2166661b42a

SHA256
22d381b2c942c5c4f288386e1ff9d27b1b04dfefc1e15a2c98a495ffe0fcb8f0

SHA512
3e4ce07399c4f5cd16309fe194751277e9ad5313e0ac42cae722c2dca54de45fab98df0ae41acedd0039f41246f87c03ccf8ff94501c3533fa33b9353952be00

Download Submit
C:\Windows\system\PHRSrbl.exe

Filesize
6.0MB

MD5
fc68e13618c5b42bf21483a4a550c1c5

SHA1
476bacdddd30ed87721d63db16439d0b0ff9a4c1

SHA256
040f475246a394c2d9f6b12abb98bbf6bdbb9cedb50d70266d2e7513a11f336b

SHA512
c953ecffbe6a7a0cc55fe21d327e21885af4f6ae1449854f3a3bb43f0a8011e10c897a3ef42a256ef0cddb28781498f29debbb727ed3b9cc14c4dfccd672e041

Download Submit
C:\Windows\system\QdFrudC.exe

Filesize
6.0MB

MD5
d9526e50eecab2ed896896d0720e83d3

SHA1
161944da2637756febae8c43e365a7cc1f46288c

SHA256
27f043c7027f4f558fabe196edb286fb06b71c09f0cd6d5744ce2bed8cf57045

SHA512
988379a09efb84b4a907ace6ed967d90784687eda2ac2f7fcdc4da622dedea2ac91781be967f01840b3b41ed5379b1e6b5bc0d7cbd38bd8ab5d5bc5d05babc78

Download Submit
C:\Windows\system\UYoGotO.exe

Filesize
6.0MB

MD5
e01456c147103f720302b9ba636810a2

SHA1
5614c0c51263f85ced33c48785713d8b4e575c3a

SHA256
30e490205260dd3773a05725cd68792444e09ecc5938c265705483da554fee46

SHA512
9cc25f2fef702906cfa4e6dc9a4cfa574e322c3c3f24f0a2b772f49e25299352990daf9952760d909db5bc52df5b002c1a32feae8d2009c13fc00a649f818539

Download Submit
C:\Windows\system\WKCFVkQ.exe

Filesize
6.0MB

MD5
7282d116008d516588bbff911e98b113

SHA1
79939347a220f62d97f0317fb4f205c40475ae55

SHA256
6a7b24d0b66f1728814e2791164d7bc0a8981591269f8f137370822fd9f61b0c

SHA512
40b642b3ec5c7a953a53df1c5c36145e49b4fbe819edb5e5750595cb8f48162e9243a2f92cf07b733c72f48f559d6c100457776bd8396b95b5ff50654d3a274b

Download Submit
C:\Windows\system\WTEXqjH.exe

Filesize
6.0MB

MD5
f10f9ddc6dc1436f24e96f33a6e17978

SHA1
991d1740bd6a8dcd273b9e22bfb9d18f7ff14316

SHA256
a4d859a934804768130a562a37851297faf0bbdd42b1b3b352d85c8495d93f62

SHA512
ca0b6a795a4da94bb34688cbdd720b806d00414ce3682d874fdc3e39658f3ee88e271d3b480c55720fe040a6aa92cbe06def0d0b594914368ac9344dc0e7e3de

Download Submit
C:\Windows\system\YKGfCmO.exe

Filesize
6.0MB

MD5
277c6ad8132b4b80ad00099ab8775ecf

SHA1
2dd777bc2db50e24cf7f60bf59f4fcc41f111ab4

SHA256
6b5e356f0eef43de9351ad71dfa3fd3fd4c18b51772828fa4be63d996e9b845e

SHA512
93a9de1e584d5cd64907cd6dbd0f16a00a27d6fcdcfa26006138c1080c64de7dc65b45d4493eb8ca8ab6e7b432b43aa0d200f2577fbc3548e873df98772449bc

Download Submit
C:\Windows\system\bTKBwQB.exe

Filesize
6.0MB

MD5
ac7b3c1eb29492f7de7e02c2384748f8

SHA1
daaf595d8722824bfd07871d819ece4b77162806

SHA256
45131850c1a52ef47cc3ed59cda28b2e990031076351d2da7a73837064921250

SHA512
7c1152b85ef98e6b0223ab193595dc78be0e4fc344aaf92864500c664d2f054aab9eead87176859add51f5d029f14ed2a03a987a7b9fd895e240dc0237f422da

Download Submit
C:\Windows\system\cJTkjLw.exe

Filesize
6.0MB

MD5
29e483d55087fd361e27b5976a7ef0ff

SHA1
d64b13b6fdea9707cf00b6142b07455a6917ae01

SHA256
e9b7477b90dd5c63897cad253d3d608aa048276d722545a82ab0e7d635f2252d

SHA512
772280709a03a77e3def74c4b9593568da262f44d7df992abfda196eb710d2a63acb2f551c6d389dc9b3225f126b4a820d3e1399849041ad4263e212d8488108

Download Submit
C:\Windows\system\eCwkkFE.exe

Filesize
6.0MB

MD5
7cafc915f7d2e3ff1d4b5bae5d881fd1

SHA1
98449995e6519accbe02ca96f38fbae052fcc64c

SHA256
e10b0caae3414083ffb243bb31d8a312b4b0b1e98d0632791835902f5428a9b0

SHA512
20c721ef7609ffc7db2149aed1f148b9c46fba3b47ec66fe0877f0a4cdab6ba71cc50760fd0f14a43b904e233a5a48c6da523a3f10e49f5258866500bfb25970

Download Submit
C:\Windows\system\hGMXjbm.exe

Filesize
6.0MB

MD5
7a93e24ffa6e2a65fb2ec0ba07c292d3

SHA1
54cd4b77a0b68732f794df0201e88eee82b8d050

SHA256
d4b2ec55aaa055933904b8d2567144e36c9ca6f460446586c87b8391501a03f8

SHA512
38a6abf2b7f95318cb2e59ca2fa6666ecd2c9ea4a0dc8b6b2684e8ca98a6486764848c70754d9b84cdb7a2b4a15679b17da8bea12e4a2bc9b041e25f69981318

Download Submit
C:\Windows\system\jApmNOT.exe

Filesize
6.0MB

MD5
7a2b2cfc7ad59689923aa0ff35b36f52

SHA1
48742011b06f9955f55438ff399ad68b5413f5be

SHA256
6b99718bfd43775e254e2b46d5fa14400ce88058203e0e4f904ca997e716d497

SHA512
429afaf905814865931164a372d2105c848692cf70ec87aa215ad4e2f57d1eee3b0602ebbc1fcfd30a401d1e60ee2fe4a264d5b7d698773706cdd13481918353

Download Submit
C:\Windows\system\mFBWUcU.exe

Filesize
6.0MB

MD5
1cba96093a01eaf8aae66d5aeb2c3641

SHA1
8a48612beaafc1d25bc7ca70aebf7afff5294ad2

SHA256
4cbfd2d7fe63add0ad03574ee816eb09f8989b47467de8edb8348e8d93ee8c6f

SHA512
658b3791a257f8ab91f15619fb06776c11c11b97ba7c2f0422aaccae099bfb6b90550093af15ad39e3c975b986368dbe882487c95f6e69a8b7345aec45f613b5

Download Submit
C:\Windows\system\nelPDvn.exe

Filesize
6.0MB

MD5
e433901a57fc1d7665200d5ea469ec05

SHA1
0f1d261beaf6beedd40c8b685d3e12de1d56f70f

SHA256
c4fde06d21084867846c197d8df859809f743a2f640dbba7c84794062ec444ae

SHA512
53284f332fc2f42687b1c46fa314931b308e83d8312f6443695fce9bef00d41bbd623316982ad80fcd39708f325fe9ae1981e7ac0efde1a69d88b557dd6996fd

Download Submit
C:\Windows\system\nxnNifq.exe

Filesize
6.0MB

MD5
7ac39d3b23c2c643662848edabdc74e0

SHA1
52bd368b1df03ad8a354b74bc071a6230d4717dc

SHA256
0f04c03d91109c1531dc92b737229851e710d2bf32734213880e500b8852f6c4

SHA512
e928bf146f3bb223a8af46c0b7b8c34e7ee48887ae9e2126d50aad6ef6d99031a4b4311c912f38580a59881ad97850c890eb4087adcda735bc75a5c5ab5fceb4

Download Submit
C:\Windows\system\uKlHBum.exe

Filesize
6.0MB

MD5
d4e3851dad0d1822f90e3c77196d2b9d

SHA1
f14a40af7176c3400dd80bbb35974703966ac006

SHA256
4e482a56af4fe85da59e35ae728bab27a843af7ef5124325642c218f3637662c

SHA512
200b85d423ac57af69c5d7bddbb2b95ca735081fa5b2c1251c5ad2f1065e443d18e4ed89c5056dfce51f97f1d06d6f6eb1e87a394d181cc297f04862aa2610e3

Download Submit
C:\Windows\system\ukBnRFd.exe

Filesize
6.0MB

MD5
3f5700842a8dd37a42365ffbc3ec1e29

SHA1
b3aa70b538822296a85f7364587d5a0b2c27bade

SHA256
e285a24ed816e3199d8142573a3ad410a278d411202eb092cf8dec9e7896dc6c

SHA512
52ef5360b4339f278a12a237facf953edc712fecb12cbe4e379c6b45b07759b96e0e079f4a2a4eb192a94dcc26732f0f3d6cbca3d723c666b0c29cde241896a2

Download Submit
C:\Windows\system\ylBGlpa.exe

Filesize
6.0MB

MD5
a631369a57c0b78707474c22f2453b0f

SHA1
6df084b6aa8c22a0412b2954e32442edc6cdb504

SHA256
0a22caa751657bbd008e98275b4dccc9e6b5ae7ba3c4a0d164f568b6e3255d40

SHA512
49f529a0d2e84d7d16c8c233d197499a48d199a24f5f27867f72b3babc57e12a215b3b17147e131a2f62bd135d2a5607aa2d420e6c653554583074be8505108f

Download Submit
\Windows\system\ATZysdP.exe

Filesize
6.0MB

MD5
2b51da8fe282b142cac31246317fc251

SHA1
32ca38351fd829b8093dad1784e26755ce9e4498

SHA256
2ffc23f6f5c0f8c8a9fd2438c5c4d39c3e6e0c7efac42737eeb2585e59f95f9c

SHA512
336384589121856f7ee9179894cd9016f2c899654f3a67a6e59fe0321cb977c86897a7ee7d6b56fa1f0d9bc452b9aa8ab65c21bc5544f484d2b7dc15b924ae8a

Download Submit
\Windows\system\FndiDIG.exe

Filesize
6.0MB

MD5
b3a81d08b6da8042c04ee395f853ee9c

SHA1
a151a61a09465746ea25f52be9f12750ab4a3629

SHA256
8b7a24752014d45d3cf2958e39d8bdc146973d73aa9f29e694179fd218fd0806

SHA512
f39afe5b8e946c4e3652e17acc06a111772863e29a46cf4b5dea88bec98e42c347e7f3ba08544b4c77696850d5e8965426f0bd331f92d57a0a155469a548a237

Download Submit
\Windows\system\HgjpdFl.exe

Filesize
6.0MB

MD5
1d5533401564f0b1f7ccaa5406976994

SHA1
ffa0ee9a5f4f895843985bd4baba3ded09b1474d

SHA256
d0673e691cb4017442c71a335742cf4a46996e0e6da8177b0677b61fb920f370

SHA512
fcd5487cd6b3d99ad75bbef71f8399eeebc67f293f5f538fa73d351e67536841f22193a18ee624920282f9616154490a2fd22923266b68257d789b72437b1de2

Download Submit
\Windows\system\OcoaHhv.exe

Filesize
6.0MB

MD5
3682038682a0ebebd46f587ba4301ad6

SHA1
a39068e65fbfac685094de97cea0b3fe65ad4ca0

SHA256
95e81c4ad0669520839ce3c15e8d594d0c4b403ba97bf2bed1faba3f28d200a1

SHA512
63696d765c7222dcd48ab39189d0b1f115912ea3f2f4d4ffee37fbddc946c39ca33d01a59d722e84cdaff4b82bf42628f31180064592e142a7502cd0b0fa78a4

Download Submit
\Windows\system\ZwNVGNP.exe

Filesize
6.0MB

MD5
ab29fbcfd09b7c1134bcb5d6c64c09ce

SHA1
0df07bbc3ac14fa1cf84493d8cf91b9ac75bfd8d

SHA256
35aebc1c99681b75c940b9b691ace0745d13e4b40110ad2eb16810147f722f60

SHA512
a0a60e2adb2e5997587e5769a9dbb2690bf30598a8b7e313e05b6429e928d205a8b8ecea635b19daf8b6cc78144c8334aab7dcf3a08b0282b45b38da5f4de268

Download Submit
\Windows\system\ibWOkBU.exe

Filesize
6.0MB

MD5
2de6dfa7c5d9fe164a41d13cf2e40dc8

SHA1
8b04dcda844293e7f799d2441658a059610b864e

SHA256
75169444adfa1e195392e49ef01fea698e979903e5494315e00d4af1b60c1270

SHA512
b7937cb429a4d017b90b99a79450941d3a2addc566fda63744200179f340987ffa2f2e15c7aa99919b79261b48efac45e7f277d6d8398466ac8af77769fac4f0

Download Submit
\Windows\system\ipmkEmm.exe

Filesize
6.0MB

MD5
0d4411b0c2bec4aa584a4dee963262f3

SHA1
7c0137f2636f54fa1ad27ac3274fb45aa20311ef

SHA256
3751561119e04d5f217587d4ef73c541a463b258601dc964ff42e1d840def51a

SHA512
f4a6c17df42ef8130af71fa9408edcadeb93d16c9d693baad420fe1b10aed315b132e3754efd56e68b1eb778b67a433cfdd7d88ec9eff7bc26849b381a36ea20

Download Submit
\Windows\system\jvldBLJ.exe

Filesize
6.0MB

MD5
740db4d194e1701172f33f76b8c9ce30

SHA1
dcb582aef3d6aea7bd88391a573a381020de0068

SHA256
57243d35b1eb382898ec6a609eb7a3af8bcc04a5cda4c2a6cab935c1733f3270

SHA512
2b90fece5d18e5bc8127133b5717d8e68e475fa37786ea16f271f7a16c470b7d5233f0f948433c252a7941fe47e149247ee6c37e887817b7caebe61c138cf63f

Download Submit
\Windows\system\mOQiyxJ.exe

Filesize
6.0MB

MD5
9404c2f8d11b0189f1eca7d2262326dc

SHA1
93b8b4e64e2aaff7c87bec75752abeeae9170529

SHA256
3d20c81bbec92a41ed2ee07197dc9f9d157bb96762c746c693bf167aa898f63b

SHA512
09c2f6db4aa989dfa809446c9e1c60480b09146cf7d45537d3d7ff47eb044449fa179ee656c7e429da27797e5c3ebebe54939494cc1cd122ac39efe1c690f84a

Download Submit
\Windows\system\tHshtiJ.exe

Filesize
6.0MB

MD5
658b8cf6cade6c21745837f72d7f2f26

SHA1
58243739e1452d6d2c3028f25062cd9c20ebebb4

SHA256
dc426099717ca2b124b6fd17489e39cb90616dae4415c2d6cbe28fa6276d4fb4

SHA512
56f425f071f1f54ffc4f7abb2cb00bff1f8a667b0f92f9eb2abeee81e15eb5f90a1f2282bc7a212637bf082ce654612134e4c593a4660de0240eaed0ab976b77

Download Submit
\Windows\system\yttMmjW.exe

Filesize
6.0MB

MD5
6b2adc0f9f5b721aaa9712f363579fc1

SHA1
701cf2e0f1c730236d76aea94abec3a061c5868f

SHA256
d38a234db1aa50a1f8fbe9c2a96941b873b0a362da08bce6a931308f3653fe55

SHA512
275babb22b5f5d99f8c1f7204a5b35836a127617e2560f69c1d0bf2104770cbd76a78f531485a2a3b5cd088949a93a09132798b61425459488486ca89e19082c

Download Submit
memory/832-59-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/832-752-0x000000013FD10000-0x0000000140064000-memory.dmp

Filesize
3.3MB

Download
memory/1996-771-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/1996-67-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2216-103-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2216-780-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2216-75-0x000000013FC10000-0x000000013FF64000-memory.dmp

Filesize
3.3MB

Download
memory/2412-110-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2412-783-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2412-86-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2492-742-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2492-65-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2492-15-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/2512-199-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-97-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2512-793-0x000000013FA50000-0x000000013FDA4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-74-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2684-749-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2684-47-0x000000013FBC0000-0x000000013FF14000-memory.dmp

Filesize
3.3MB

Download
memory/2692-745-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2692-36-0x000000013FB90000-0x000000013FEE4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-775-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2744-51-0x000000013FFD0000-0x0000000140324000-memory.dmp

Filesize
3.3MB

Download
memory/2824-49-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-99-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-8-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2824-114-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-60-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2824-58-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-57-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2824-43-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2824-50-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-69-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-117-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2824-77-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-109-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2824-71-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-33-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-18-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-88-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/2824-81-0x000000013F020000-0x000000013F374000-memory.dmp

Filesize
3.3MB

Download
memory/2824-22-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-0-0x000000013FCB0000-0x0000000140004000-memory.dmp

Filesize
3.3MB

Download
memory/2824-200-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-83-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-100-0x00000000022F0000-0x0000000002644000-memory.dmp

Filesize
3.3MB

Download
memory/2824-209-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2824-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2836-35-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2836-765-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2836-73-0x000000013F510000-0x000000013F864000-memory.dmp

Filesize
3.3MB

Download
memory/2860-757-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2860-13-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2912-753-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2912-23-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/2956-796-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2956-104-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/2956-201-0x000000013FC20000-0x000000013FF74000-memory.dmp

Filesize
3.3MB

Download
memory/3004-155-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/3004-89-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download
memory/3004-781-0x000000013F0D0000-0x000000013F424000-memory.dmp

Filesize
3.3MB

Download