cobaltstrike | 1c2b5fd18c5c0c39a9ec80928502697f2e61e68aecd734578374d7e23b0466d8

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

bd4bf363c5be68b07e7a46db7de0fd05
SHA1

806a0582b82169765db1a6f81fd4a8fa4f12ad11
SHA256

1c2b5fd18c5c0c39a9ec80928502697f2e61e68aecd734578374d7e23b0466d8
SHA512

3de6edcd8566e89525662a1850d1cdb26318899256770ba74bcefb705fe1b4c194ff2b89ede361df3757ae946c16346c8844e0ae2aecf126723ba0018e9a06fd
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUR:T+q56utgpPF8u/7R

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 33 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d00000001277d-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015f4e-11.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015fa6-15.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000160da-21.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016141-26.dat	cobalt_reflective_dll
behavioral1/files/0x00070000000162e4-30.dat	cobalt_reflective_dll
behavioral1/files/0x00080000000164de-36.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016dd9-40.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016f02-65.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174b4-75.dat	cobalt_reflective_dll
behavioral1/files/0x000c000000015dac-101.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001870c-118.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d7b-138.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019203-157.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018fdf-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019237-160.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019056-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018745-131.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018d83-144.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018be7-136.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001871c-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018706-116.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018697-111.dat	cobalt_reflective_dll
behavioral1/files/0x000d000000018683-106.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f7-96.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000175f1-92.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017570-85.dat	cobalt_reflective_dll
behavioral1/files/0x00060000000174f8-80.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001707f-70.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016edc-60.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df8-55.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df5-50.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de9-45.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2396-0-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x000d00000001277d-6.dat	xmrig
behavioral1/files/0x0008000000015f4e-11.dat	xmrig
behavioral1/files/0x0007000000015fa6-15.dat	xmrig
behavioral1/files/0x00070000000160da-21.dat	xmrig
behavioral1/files/0x0007000000016141-26.dat	xmrig
behavioral1/files/0x00070000000162e4-30.dat	xmrig
behavioral1/files/0x00080000000164de-36.dat	xmrig
behavioral1/files/0x0008000000016dd9-40.dat	xmrig
behavioral1/files/0x0006000000016f02-65.dat	xmrig
behavioral1/files/0x00060000000174b4-75.dat	xmrig
behavioral1/memory/2396-88-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/files/0x000c000000015dac-101.dat	xmrig
behavioral1/files/0x000500000001870c-118.dat	xmrig
behavioral1/files/0x0006000000018d7b-138.dat	xmrig
behavioral1/files/0x0005000000019203-157.dat	xmrig
behavioral1/memory/2396-1486-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2792-1629-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2396-1732-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2684-1728-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2768-1545-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x0006000000018fdf-150.dat	xmrig
behavioral1/files/0x0005000000019237-160.dat	xmrig
behavioral1/files/0x0006000000019056-154.dat	xmrig
behavioral1/files/0x0005000000018745-131.dat	xmrig
behavioral1/files/0x0006000000018d83-144.dat	xmrig
behavioral1/files/0x0006000000018be7-136.dat	xmrig
behavioral1/files/0x000500000001871c-127.dat	xmrig
behavioral1/files/0x0005000000018706-116.dat	xmrig
behavioral1/files/0x0005000000018697-111.dat	xmrig
behavioral1/files/0x000d000000018683-106.dat	xmrig
behavioral1/files/0x00060000000175f7-96.dat	xmrig
behavioral1/files/0x00060000000175f1-92.dat	xmrig
behavioral1/files/0x0006000000017570-85.dat	xmrig
behavioral1/files/0x00060000000174f8-80.dat	xmrig
behavioral1/files/0x000600000001707f-70.dat	xmrig
behavioral1/files/0x0006000000016edc-60.dat	xmrig
behavioral1/files/0x0006000000016df8-55.dat	xmrig
behavioral1/files/0x0006000000016df5-50.dat	xmrig
behavioral1/files/0x0006000000016de9-45.dat	xmrig
behavioral1/memory/2596-1754-0x000000013FBE0000-0x000000013FF34000-memory.dmp	xmrig
behavioral1/memory/2732-1756-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2740-1759-0x000000013F4D0000-0x000000013F824000-memory.dmp	xmrig
behavioral1/memory/2600-1761-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/2396-1762-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2396-1764-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2004-1763-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/1716-1933-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/1696-1935-0x000000013F6E0000-0x000000013FA34000-memory.dmp	xmrig
behavioral1/memory/2920-1937-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1788-1939-0x000000013FC60000-0x000000013FFB4000-memory.dmp	xmrig
behavioral1/memory/1500-1986-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2764-2143-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2396-2984-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2396-3218-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/1716-3640-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/2764-3644-0x000000013FB00000-0x000000013FE54000-memory.dmp	xmrig
behavioral1/memory/2684-3650-0x000000013F090000-0x000000013F3E4000-memory.dmp	xmrig
behavioral1/memory/2732-3669-0x000000013F3C0000-0x000000013F714000-memory.dmp	xmrig
behavioral1/memory/2768-3697-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2004-3737-0x000000013FBB0000-0x000000013FF04000-memory.dmp	xmrig
behavioral1/memory/2600-3701-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	xmrig
behavioral1/memory/1500-3712-0x000000013F430000-0x000000013F784000-memory.dmp	xmrig
behavioral1/memory/2920-3705-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2764	iWAbdAL.exe
2768	qiqQndn.exe
2792	SrLaxiX.exe
2684	zLdpFCR.exe
2596	syxtJUk.exe
2732	WtKvNuX.exe
2740	xCJhdMx.exe
2600	TWcmUMP.exe
2004	pZrhlmZ.exe
1716	koHhWyS.exe
1696	ozqFfoi.exe
2920	yaUCBvD.exe
1788	iRLJoOE.exe
1500	AMZtyBu.exe
2112	zwvTIdx.exe
2528	wdafAan.exe
3044	HZZKeAB.exe
3020	eXeNbGL.exe
2856	oTsRfiR.exe
3036	hyNALrk.exe
2452	KMswqYM.exe
1988	axjNKEQ.exe
2332	SjehxoC.exe
536	ynsKPWR.exe
1928	gKPNbwp.exe
2132	uzyeycx.exe
1972	ykMkwWX.exe
2060	hvscJQL.exe
2408	OodkOBP.exe
2140	VJHUcXH.exe
936	gnYyEyd.exe
2432	GKvAaoU.exe
1680	iCGHdxS.exe
2524	jOSGXul.exe
1140	bcwYNff.exe
2472	afgCRnv.exe
1612	QmHWkeo.exe
2044	mDWamIa.exe
1808	lWCmXeS.exe
2980	GTxDnZz.exe
352	VNKLmTi.exe
948	fMtMfVc.exe
1876	lNGygET.exe
1780	XaioQnX.exe
1744	IlNgHkz.exe
1528	qjgBttc.exe
1504	LmWaHVP.exe
1952	QWnBwkC.exe
2892	CsFqLUp.exe
2548	bYcUnux.exe
2896	WifQJNc.exe
580	TtprUJv.exe
880	euJHQpx.exe
612	LXfsMVx.exe
1828	lQFXzHh.exe
1220	EXatUUS.exe
2196	HqhhlNe.exe
2496	DhXXRQE.exe
1596	iQkzIui.exe
2868	tGEZiOX.exe
2804	HTXjNbj.exe
2604	lGHpEqE.exe
2788	fXPuHLR.exe
2580	FdveKUi.exe

Loads dropped DLL 64 IoCs

pid	Process
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 63 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2396-0-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x000d00000001277d-6.dat	upx
behavioral1/files/0x0008000000015f4e-11.dat	upx
behavioral1/files/0x0007000000015fa6-15.dat	upx
behavioral1/files/0x00070000000160da-21.dat	upx
behavioral1/files/0x0007000000016141-26.dat	upx
behavioral1/files/0x00070000000162e4-30.dat	upx
behavioral1/files/0x00080000000164de-36.dat	upx
behavioral1/files/0x0008000000016dd9-40.dat	upx
behavioral1/files/0x0006000000016f02-65.dat	upx
behavioral1/files/0x00060000000174b4-75.dat	upx
behavioral1/files/0x000c000000015dac-101.dat	upx
behavioral1/files/0x000500000001870c-118.dat	upx
behavioral1/files/0x0006000000018d7b-138.dat	upx
behavioral1/files/0x0005000000019203-157.dat	upx
behavioral1/memory/2792-1629-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2684-1728-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2768-1545-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x0006000000018fdf-150.dat	upx
behavioral1/files/0x0005000000019237-160.dat	upx
behavioral1/files/0x0006000000019056-154.dat	upx
behavioral1/files/0x0005000000018745-131.dat	upx
behavioral1/files/0x0006000000018d83-144.dat	upx
behavioral1/files/0x0006000000018be7-136.dat	upx
behavioral1/files/0x000500000001871c-127.dat	upx
behavioral1/files/0x0005000000018706-116.dat	upx
behavioral1/files/0x0005000000018697-111.dat	upx
behavioral1/files/0x000d000000018683-106.dat	upx
behavioral1/files/0x00060000000175f7-96.dat	upx
behavioral1/files/0x00060000000175f1-92.dat	upx
behavioral1/files/0x0006000000017570-85.dat	upx
behavioral1/files/0x00060000000174f8-80.dat	upx
behavioral1/files/0x000600000001707f-70.dat	upx
behavioral1/files/0x0006000000016edc-60.dat	upx
behavioral1/files/0x0006000000016df8-55.dat	upx
behavioral1/files/0x0006000000016df5-50.dat	upx
behavioral1/files/0x0006000000016de9-45.dat	upx
behavioral1/memory/2596-1754-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx
behavioral1/memory/2732-1756-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2740-1759-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2600-1761-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/2004-1763-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/1716-1933-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1696-1935-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2920-1937-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/1788-1939-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/1500-1986-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2764-2143-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2396-2984-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/1716-3640-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/2764-3644-0x000000013FB00000-0x000000013FE54000-memory.dmp	upx
behavioral1/memory/2684-3650-0x000000013F090000-0x000000013F3E4000-memory.dmp	upx
behavioral1/memory/2732-3669-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2768-3697-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2004-3737-0x000000013FBB0000-0x000000013FF04000-memory.dmp	upx
behavioral1/memory/2600-3701-0x000000013FBA0000-0x000000013FEF4000-memory.dmp	upx
behavioral1/memory/1500-3712-0x000000013F430000-0x000000013F784000-memory.dmp	upx
behavioral1/memory/2920-3705-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/1788-3696-0x000000013FC60000-0x000000013FFB4000-memory.dmp	upx
behavioral1/memory/1696-3695-0x000000013F6E0000-0x000000013FA34000-memory.dmp	upx
behavioral1/memory/2792-3666-0x000000013F3C0000-0x000000013F714000-memory.dmp	upx
behavioral1/memory/2740-3665-0x000000013F4D0000-0x000000013F824000-memory.dmp	upx
behavioral1/memory/2596-3664-0x000000013FBE0000-0x000000013FF34000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\UHKHQZg.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLnPUho.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UcCUAon.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kNwKkxx.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AMZtOfI.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBIhyvi.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpVvLGG.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OuDPPoB.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fMtMfVc.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPvIXeU.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkVTcSF.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CgtcWav.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eALaaQr.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tItPGpR.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UobyEnv.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IbhIgsA.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QsWzFsp.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ELMgARU.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mGvEzwg.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KYjfEcS.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HgBYSXq.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cWIVdHr.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oiVytMb.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVyMgYF.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NZwldEj.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pqwJabL.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\txtIfwS.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\COBjiPo.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nNaFQTz.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nnMRzCU.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\INrWUso.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GpRaNiz.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fhyYEzD.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oxEUvVd.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bludosA.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AvpixST.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ozyXPiZ.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EhMszEo.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sCJoCic.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLTierh.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lnhIvRY.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AJkEapS.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YROnvik.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bJRCeSy.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ivnwOKR.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JGnOsZo.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CsFqLUp.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VrrQLhl.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UGMcmKg.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lADhRBv.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmXrZrT.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wkcjIvL.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHqQptx.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DPWfFXo.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GackqEd.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DfbjwBD.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZGVXbBO.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dVRoKYD.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aXqGNAy.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cfDsoDk.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JPgrbQY.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sGfekdX.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eQADnch.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Llaxfmc.exe	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2764	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 2764	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 2764	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2396 wrote to memory of 2768	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 2768	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 2768	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2396 wrote to memory of 2792	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 2792	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 2792	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2396 wrote to memory of 2684	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 2684	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 2684	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2396 wrote to memory of 2596	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2596	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2596	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2396 wrote to memory of 2732	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 2732	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 2732	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2396 wrote to memory of 2740	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 2740	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 2740	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2396 wrote to memory of 2600	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 2600	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 2600	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2396 wrote to memory of 2004	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 2004	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 2004	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2396 wrote to memory of 1716	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 1716	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 1716	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2396 wrote to memory of 1696	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 1696	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 1696	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2396 wrote to memory of 2920	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 2920	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 2920	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2396 wrote to memory of 1788	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 1788	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 1788	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2396 wrote to memory of 1500	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 1500	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 1500	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2396 wrote to memory of 2112	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 2112	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 2112	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2396 wrote to memory of 2528	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 2528	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 2528	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2396 wrote to memory of 3044	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 3044	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 3044	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2396 wrote to memory of 3020	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 3020	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 3020	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2396 wrote to memory of 2856	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 2856	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 2856	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2396 wrote to memory of 3036	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 3036	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 3036	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2396 wrote to memory of 2452	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2396 wrote to memory of 2452	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2396 wrote to memory of 2452	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2396 wrote to memory of 1988	2396	2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_bd4bf363c5be68b07e7a46db7de0fd05_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\System\iWAbdAL.exe
  C:\Windows\System\iWAbdAL.exe
  2⤵
  - Executes dropped EXE
  PID:2764
- C:\Windows\System\qiqQndn.exe
  C:\Windows\System\qiqQndn.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\SrLaxiX.exe
  C:\Windows\System\SrLaxiX.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\zLdpFCR.exe
  C:\Windows\System\zLdpFCR.exe
  2⤵
  - Executes dropped EXE
  PID:2684
- C:\Windows\System\syxtJUk.exe
  C:\Windows\System\syxtJUk.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\WtKvNuX.exe
  C:\Windows\System\WtKvNuX.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\xCJhdMx.exe
  C:\Windows\System\xCJhdMx.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\TWcmUMP.exe
  C:\Windows\System\TWcmUMP.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\pZrhlmZ.exe
  C:\Windows\System\pZrhlmZ.exe
  2⤵
  - Executes dropped EXE
  PID:2004
- C:\Windows\System\koHhWyS.exe
  C:\Windows\System\koHhWyS.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\ozqFfoi.exe
  C:\Windows\System\ozqFfoi.exe
  2⤵
  - Executes dropped EXE
  PID:1696
- C:\Windows\System\yaUCBvD.exe
  C:\Windows\System\yaUCBvD.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\iRLJoOE.exe
  C:\Windows\System\iRLJoOE.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\AMZtyBu.exe
  C:\Windows\System\AMZtyBu.exe
  2⤵
  - Executes dropped EXE
  PID:1500
- C:\Windows\System\zwvTIdx.exe
  C:\Windows\System\zwvTIdx.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\wdafAan.exe
  C:\Windows\System\wdafAan.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\HZZKeAB.exe
  C:\Windows\System\HZZKeAB.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\eXeNbGL.exe
  C:\Windows\System\eXeNbGL.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\oTsRfiR.exe
  C:\Windows\System\oTsRfiR.exe
  2⤵
  - Executes dropped EXE
  PID:2856
- C:\Windows\System\hyNALrk.exe
  C:\Windows\System\hyNALrk.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\KMswqYM.exe
  C:\Windows\System\KMswqYM.exe
  2⤵
  - Executes dropped EXE
  PID:2452
- C:\Windows\System\axjNKEQ.exe
  C:\Windows\System\axjNKEQ.exe
  2⤵
  - Executes dropped EXE
  PID:1988
- C:\Windows\System\SjehxoC.exe
  C:\Windows\System\SjehxoC.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\ynsKPWR.exe
  C:\Windows\System\ynsKPWR.exe
  2⤵
  - Executes dropped EXE
  PID:536
- C:\Windows\System\gKPNbwp.exe
  C:\Windows\System\gKPNbwp.exe
  2⤵
  - Executes dropped EXE
  PID:1928
- C:\Windows\System\uzyeycx.exe
  C:\Windows\System\uzyeycx.exe
  2⤵
  - Executes dropped EXE
  PID:2132
- C:\Windows\System\ykMkwWX.exe
  C:\Windows\System\ykMkwWX.exe
  2⤵
  - Executes dropped EXE
  PID:1972
- C:\Windows\System\OodkOBP.exe
  C:\Windows\System\OodkOBP.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\hvscJQL.exe
  C:\Windows\System\hvscJQL.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\VJHUcXH.exe
  C:\Windows\System\VJHUcXH.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\gnYyEyd.exe
  C:\Windows\System\gnYyEyd.exe
  2⤵
  - Executes dropped EXE
  PID:936
- C:\Windows\System\bcwYNff.exe
  C:\Windows\System\bcwYNff.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\GKvAaoU.exe
  C:\Windows\System\GKvAaoU.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\afgCRnv.exe
  C:\Windows\System\afgCRnv.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\iCGHdxS.exe
  C:\Windows\System\iCGHdxS.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\QmHWkeo.exe
  C:\Windows\System\QmHWkeo.exe
  2⤵
  - Executes dropped EXE
  PID:1612
- C:\Windows\System\jOSGXul.exe
  C:\Windows\System\jOSGXul.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\mDWamIa.exe
  C:\Windows\System\mDWamIa.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\lWCmXeS.exe
  C:\Windows\System\lWCmXeS.exe
  2⤵
  - Executes dropped EXE
  PID:1808
- C:\Windows\System\fMtMfVc.exe
  C:\Windows\System\fMtMfVc.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\GTxDnZz.exe
  C:\Windows\System\GTxDnZz.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\lNGygET.exe
  C:\Windows\System\lNGygET.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\VNKLmTi.exe
  C:\Windows\System\VNKLmTi.exe
  2⤵
  - Executes dropped EXE
  PID:352
- C:\Windows\System\XaioQnX.exe
  C:\Windows\System\XaioQnX.exe
  2⤵
  - Executes dropped EXE
  PID:1780
- C:\Windows\System\IlNgHkz.exe
  C:\Windows\System\IlNgHkz.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\QWnBwkC.exe
  C:\Windows\System\QWnBwkC.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\qjgBttc.exe
  C:\Windows\System\qjgBttc.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\CsFqLUp.exe
  C:\Windows\System\CsFqLUp.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\LmWaHVP.exe
  C:\Windows\System\LmWaHVP.exe
  2⤵
  - Executes dropped EXE
  PID:1504
- C:\Windows\System\TtprUJv.exe
  C:\Windows\System\TtprUJv.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\bYcUnux.exe
  C:\Windows\System\bYcUnux.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\LXfsMVx.exe
  C:\Windows\System\LXfsMVx.exe
  2⤵
  - Executes dropped EXE
  PID:612
- C:\Windows\System\WifQJNc.exe
  C:\Windows\System\WifQJNc.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\lQFXzHh.exe
  C:\Windows\System\lQFXzHh.exe
  2⤵
  - Executes dropped EXE
  PID:1828
- C:\Windows\System\euJHQpx.exe
  C:\Windows\System\euJHQpx.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\EXatUUS.exe
  C:\Windows\System\EXatUUS.exe
  2⤵
  - Executes dropped EXE
  PID:1220
- C:\Windows\System\HqhhlNe.exe
  C:\Windows\System\HqhhlNe.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\DhXXRQE.exe
  C:\Windows\System\DhXXRQE.exe
  2⤵
  - Executes dropped EXE
  PID:2496
- C:\Windows\System\iQkzIui.exe
  C:\Windows\System\iQkzIui.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\tGEZiOX.exe
  C:\Windows\System\tGEZiOX.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\HTXjNbj.exe
  C:\Windows\System\HTXjNbj.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\lGHpEqE.exe
  C:\Windows\System\lGHpEqE.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\fXPuHLR.exe
  C:\Windows\System\fXPuHLR.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\FdveKUi.exe
  C:\Windows\System\FdveKUi.exe
  2⤵
  - Executes dropped EXE
  PID:2580
- C:\Windows\System\jFzQSCp.exe
  C:\Windows\System\jFzQSCp.exe
  2⤵
  PID:2208
- C:\Windows\System\dIRyRwx.exe
  C:\Windows\System\dIRyRwx.exe
  2⤵
  PID:2912
- C:\Windows\System\ZzDfjnu.exe
  C:\Windows\System\ZzDfjnu.exe
  2⤵
  PID:1832
- C:\Windows\System\SEbpLNn.exe
  C:\Windows\System\SEbpLNn.exe
  2⤵
  PID:2108
- C:\Windows\System\RbLBhVm.exe
  C:\Windows\System\RbLBhVm.exe
  2⤵
  PID:2000
- C:\Windows\System\igSENpx.exe
  C:\Windows\System\igSENpx.exe
  2⤵
  PID:1232
- C:\Windows\System\VvdXPGA.exe
  C:\Windows\System\VvdXPGA.exe
  2⤵
  PID:2824
- C:\Windows\System\xLTierh.exe
  C:\Windows\System\xLTierh.exe
  2⤵
  PID:1312
- C:\Windows\System\wJRPdVo.exe
  C:\Windows\System\wJRPdVo.exe
  2⤵
  PID:1348
- C:\Windows\System\rGshBiy.exe
  C:\Windows\System\rGshBiy.exe
  2⤵
  PID:1444
- C:\Windows\System\LJsKWLu.exe
  C:\Windows\System\LJsKWLu.exe
  2⤵
  PID:2320
- C:\Windows\System\LoQPCdO.exe
  C:\Windows\System\LoQPCdO.exe
  2⤵
  PID:1508
- C:\Windows\System\ZbBJvJN.exe
  C:\Windows\System\ZbBJvJN.exe
  2⤵
  PID:1692
- C:\Windows\System\JKGhqcJ.exe
  C:\Windows\System\JKGhqcJ.exe
  2⤵
  PID:1304
- C:\Windows\System\XOjzrBk.exe
  C:\Windows\System\XOjzrBk.exe
  2⤵
  PID:2104
- C:\Windows\System\vDgFsuO.exe
  C:\Windows\System\vDgFsuO.exe
  2⤵
  PID:2376
- C:\Windows\System\mThamWu.exe
  C:\Windows\System\mThamWu.exe
  2⤵
  PID:1664
- C:\Windows\System\ZNBxYdU.exe
  C:\Windows\System\ZNBxYdU.exe
  2⤵
  PID:604
- C:\Windows\System\GxmXSAF.exe
  C:\Windows\System\GxmXSAF.exe
  2⤵
  PID:860
- C:\Windows\System\nMfMjYo.exe
  C:\Windows\System\nMfMjYo.exe
  2⤵
  PID:1088
- C:\Windows\System\uIVHbhL.exe
  C:\Windows\System\uIVHbhL.exe
  2⤵
  PID:1712
- C:\Windows\System\HfxJmfi.exe
  C:\Windows\System\HfxJmfi.exe
  2⤵
  PID:560
- C:\Windows\System\EgJnsDn.exe
  C:\Windows\System\EgJnsDn.exe
  2⤵
  PID:2160
- C:\Windows\System\AlAuLSZ.exe
  C:\Windows\System\AlAuLSZ.exe
  2⤵
  PID:1956
- C:\Windows\System\CKriYcq.exe
  C:\Windows\System\CKriYcq.exe
  2⤵
  PID:1724
- C:\Windows\System\FqPOlNw.exe
  C:\Windows\System\FqPOlNw.exe
  2⤵
  PID:1308
- C:\Windows\System\WzzNSbP.exe
  C:\Windows\System\WzzNSbP.exe
  2⤵
  PID:2748
- C:\Windows\System\tHAIJTA.exe
  C:\Windows\System\tHAIJTA.exe
  2⤵
  PID:2296
- C:\Windows\System\zxvWajv.exe
  C:\Windows\System\zxvWajv.exe
  2⤵
  PID:2776
- C:\Windows\System\IwDvheT.exe
  C:\Windows\System\IwDvheT.exe
  2⤵
  PID:1208
- C:\Windows\System\upfdgfV.exe
  C:\Windows\System\upfdgfV.exe
  2⤵
  PID:2116
- C:\Windows\System\dYpEzTN.exe
  C:\Windows\System\dYpEzTN.exe
  2⤵
  PID:576
- C:\Windows\System\YywxEAI.exe
  C:\Windows\System\YywxEAI.exe
  2⤵
  PID:2844
- C:\Windows\System\TztsOhA.exe
  C:\Windows\System\TztsOhA.exe
  2⤵
  PID:2612
- C:\Windows\System\krpBaok.exe
  C:\Windows\System\krpBaok.exe
  2⤵
  PID:2608
- C:\Windows\System\oQjhMrE.exe
  C:\Windows\System\oQjhMrE.exe
  2⤵
  PID:2996
- C:\Windows\System\EaNxnsr.exe
  C:\Windows\System\EaNxnsr.exe
  2⤵
  PID:2348
- C:\Windows\System\DfbjwBD.exe
  C:\Windows\System\DfbjwBD.exe
  2⤵
  PID:2284
- C:\Windows\System\URBxkcx.exe
  C:\Windows\System\URBxkcx.exe
  2⤵
  PID:544
- C:\Windows\System\vfCBFLt.exe
  C:\Windows\System\vfCBFLt.exe
  2⤵
  PID:1848
- C:\Windows\System\JlalbkH.exe
  C:\Windows\System\JlalbkH.exe
  2⤵
  PID:1996
- C:\Windows\System\MfHEQJf.exe
  C:\Windows\System\MfHEQJf.exe
  2⤵
  PID:2956
- C:\Windows\System\DTJaGWj.exe
  C:\Windows\System\DTJaGWj.exe
  2⤵
  PID:2928
- C:\Windows\System\DkyCGUj.exe
  C:\Windows\System\DkyCGUj.exe
  2⤵
  PID:1768
- C:\Windows\System\dNavkNI.exe
  C:\Windows\System\dNavkNI.exe
  2⤵
  PID:3000
- C:\Windows\System\EyQmwPF.exe
  C:\Windows\System\EyQmwPF.exe
  2⤵
  PID:1976
- C:\Windows\System\reORePN.exe
  C:\Windows\System\reORePN.exe
  2⤵
  PID:1516
- C:\Windows\System\cBYboZm.exe
  C:\Windows\System\cBYboZm.exe
  2⤵
  PID:1044
- C:\Windows\System\TJEpJRf.exe
  C:\Windows\System\TJEpJRf.exe
  2⤵
  PID:1936
- C:\Windows\System\IBSkUbk.exe
  C:\Windows\System\IBSkUbk.exe
  2⤵
  PID:1004
- C:\Windows\System\iPOCEUY.exe
  C:\Windows\System\iPOCEUY.exe
  2⤵
  PID:2808
- C:\Windows\System\ixmsPIA.exe
  C:\Windows\System\ixmsPIA.exe
  2⤵
  PID:2484
- C:\Windows\System\KuMZziV.exe
  C:\Windows\System\KuMZziV.exe
  2⤵
  PID:1224
- C:\Windows\System\bTMWGAq.exe
  C:\Windows\System\bTMWGAq.exe
  2⤵
  PID:1648
- C:\Windows\System\XxnCrEy.exe
  C:\Windows\System\XxnCrEy.exe
  2⤵
  PID:2188
- C:\Windows\System\XqANgPe.exe
  C:\Windows\System\XqANgPe.exe
  2⤵
  PID:1052
- C:\Windows\System\YcBUaho.exe
  C:\Windows\System\YcBUaho.exe
  2⤵
  PID:3076
- C:\Windows\System\GMaShqN.exe
  C:\Windows\System\GMaShqN.exe
  2⤵
  PID:3092
- C:\Windows\System\KjLObjv.exe
  C:\Windows\System\KjLObjv.exe
  2⤵
  PID:3112
- C:\Windows\System\UHKHQZg.exe
  C:\Windows\System\UHKHQZg.exe
  2⤵
  PID:3128
- C:\Windows\System\IXwJuki.exe
  C:\Windows\System\IXwJuki.exe
  2⤵
  PID:3152
- C:\Windows\System\jXfqYBJ.exe
  C:\Windows\System\jXfqYBJ.exe
  2⤵
  PID:3176
- C:\Windows\System\VJLVwdv.exe
  C:\Windows\System\VJLVwdv.exe
  2⤵
  PID:3196
- C:\Windows\System\zFKcdUF.exe
  C:\Windows\System\zFKcdUF.exe
  2⤵
  PID:3212
- C:\Windows\System\OitcGQv.exe
  C:\Windows\System\OitcGQv.exe
  2⤵
  PID:3232
- C:\Windows\System\QhcMdNe.exe
  C:\Windows\System\QhcMdNe.exe
  2⤵
  PID:3248
- C:\Windows\System\lnhIvRY.exe
  C:\Windows\System\lnhIvRY.exe
  2⤵
  PID:3268
- C:\Windows\System\nmEypIB.exe
  C:\Windows\System\nmEypIB.exe
  2⤵
  PID:3284
- C:\Windows\System\FHCyugu.exe
  C:\Windows\System\FHCyugu.exe
  2⤵
  PID:3304
- C:\Windows\System\IUKvyEk.exe
  C:\Windows\System\IUKvyEk.exe
  2⤵
  PID:3320
- C:\Windows\System\SYlQsHx.exe
  C:\Windows\System\SYlQsHx.exe
  2⤵
  PID:3340
- C:\Windows\System\iwLDKkR.exe
  C:\Windows\System\iwLDKkR.exe
  2⤵
  PID:3356
- C:\Windows\System\mKxjtkV.exe
  C:\Windows\System\mKxjtkV.exe
  2⤵
  PID:3376
- C:\Windows\System\BYpWmgs.exe
  C:\Windows\System\BYpWmgs.exe
  2⤵
  PID:3392
- C:\Windows\System\GzDDaoJ.exe
  C:\Windows\System\GzDDaoJ.exe
  2⤵
  PID:3420
- C:\Windows\System\yYcOHiC.exe
  C:\Windows\System\yYcOHiC.exe
  2⤵
  PID:3472
- C:\Windows\System\cpFgwhx.exe
  C:\Windows\System\cpFgwhx.exe
  2⤵
  PID:3500
- C:\Windows\System\ZyHLKSd.exe
  C:\Windows\System\ZyHLKSd.exe
  2⤵
  PID:3520
- C:\Windows\System\SyzCjpA.exe
  C:\Windows\System\SyzCjpA.exe
  2⤵
  PID:3536
- C:\Windows\System\OYcIHkd.exe
  C:\Windows\System\OYcIHkd.exe
  2⤵
  PID:3552
- C:\Windows\System\iwFMSIh.exe
  C:\Windows\System\iwFMSIh.exe
  2⤵
  PID:3572
- C:\Windows\System\EidvXWf.exe
  C:\Windows\System\EidvXWf.exe
  2⤵
  PID:3592
- C:\Windows\System\IXWROtA.exe
  C:\Windows\System\IXWROtA.exe
  2⤵
  PID:3616
- C:\Windows\System\YbALftN.exe
  C:\Windows\System\YbALftN.exe
  2⤵
  PID:3636
- C:\Windows\System\mrciWPN.exe
  C:\Windows\System\mrciWPN.exe
  2⤵
  PID:3652
- C:\Windows\System\mfuPbCq.exe
  C:\Windows\System\mfuPbCq.exe
  2⤵
  PID:3668
- C:\Windows\System\weLYWVB.exe
  C:\Windows\System\weLYWVB.exe
  2⤵
  PID:3692
- C:\Windows\System\peYuuTg.exe
  C:\Windows\System\peYuuTg.exe
  2⤵
  PID:3712
- C:\Windows\System\aMHaljE.exe
  C:\Windows\System\aMHaljE.exe
  2⤵
  PID:3732
- C:\Windows\System\ZxebKhe.exe
  C:\Windows\System\ZxebKhe.exe
  2⤵
  PID:3752
- C:\Windows\System\OCMHuJF.exe
  C:\Windows\System\OCMHuJF.exe
  2⤵
  PID:3768
- C:\Windows\System\DXubHyh.exe
  C:\Windows\System\DXubHyh.exe
  2⤵
  PID:3784
- C:\Windows\System\qefhVvl.exe
  C:\Windows\System\qefhVvl.exe
  2⤵
  PID:3808
- C:\Windows\System\avbWeeh.exe
  C:\Windows\System\avbWeeh.exe
  2⤵
  PID:3824
- C:\Windows\System\hEwqnTt.exe
  C:\Windows\System\hEwqnTt.exe
  2⤵
  PID:3848
- C:\Windows\System\XwQaEwN.exe
  C:\Windows\System\XwQaEwN.exe
  2⤵
  PID:3872
- C:\Windows\System\YsUVGLW.exe
  C:\Windows\System\YsUVGLW.exe
  2⤵
  PID:3888
- C:\Windows\System\QmHHylx.exe
  C:\Windows\System\QmHHylx.exe
  2⤵
  PID:3908
- C:\Windows\System\ldVGWdu.exe
  C:\Windows\System\ldVGWdu.exe
  2⤵
  PID:3924
- C:\Windows\System\aXqGNAy.exe
  C:\Windows\System\aXqGNAy.exe
  2⤵
  PID:3940
- C:\Windows\System\FaVlJfh.exe
  C:\Windows\System\FaVlJfh.exe
  2⤵
  PID:3960
- C:\Windows\System\GcMZfCl.exe
  C:\Windows\System\GcMZfCl.exe
  2⤵
  PID:3976
- C:\Windows\System\AJkEapS.exe
  C:\Windows\System\AJkEapS.exe
  2⤵
  PID:4024
- C:\Windows\System\WqdGkDZ.exe
  C:\Windows\System\WqdGkDZ.exe
  2⤵
  PID:4044
- C:\Windows\System\NZjzHbM.exe
  C:\Windows\System\NZjzHbM.exe
  2⤵
  PID:4060
- C:\Windows\System\aRRfnzb.exe
  C:\Windows\System\aRRfnzb.exe
  2⤵
  PID:4076
- C:\Windows\System\eBEiPoc.exe
  C:\Windows\System\eBEiPoc.exe
  2⤵
  PID:2364
- C:\Windows\System\xapPvdA.exe
  C:\Windows\System\xapPvdA.exe
  2⤵
  PID:2448
- C:\Windows\System\igYkEsb.exe
  C:\Windows\System\igYkEsb.exe
  2⤵
  PID:2080
- C:\Windows\System\bhNePBy.exe
  C:\Windows\System\bhNePBy.exe
  2⤵
  PID:2784
- C:\Windows\System\qLnPUho.exe
  C:\Windows\System\qLnPUho.exe
  2⤵
  PID:1728
- C:\Windows\System\jecMQbL.exe
  C:\Windows\System\jecMQbL.exe
  2⤵
  PID:3120
- C:\Windows\System\pmtvAwF.exe
  C:\Windows\System\pmtvAwF.exe
  2⤵
  PID:3204
- C:\Windows\System\oMBaeDz.exe
  C:\Windows\System\oMBaeDz.exe
  2⤵
  PID:1812
- C:\Windows\System\qvItIzr.exe
  C:\Windows\System\qvItIzr.exe
  2⤵
  PID:2288
- C:\Windows\System\IRxRhTD.exe
  C:\Windows\System\IRxRhTD.exe
  2⤵
  PID:320
- C:\Windows\System\etruvdY.exe
  C:\Windows\System\etruvdY.exe
  2⤵
  PID:408
- C:\Windows\System\QTDbpFM.exe
  C:\Windows\System\QTDbpFM.exe
  2⤵
  PID:1552
- C:\Windows\System\qaZYaWY.exe
  C:\Windows\System\qaZYaWY.exe
  2⤵
  PID:3388
- C:\Windows\System\nlvyZfw.exe
  C:\Windows\System\nlvyZfw.exe
  2⤵
  PID:3432
- C:\Windows\System\cJsdbIq.exe
  C:\Windows\System\cJsdbIq.exe
  2⤵
  PID:3228
- C:\Windows\System\iftdXOU.exe
  C:\Windows\System\iftdXOU.exe
  2⤵
  PID:3368
- C:\Windows\System\axoycCr.exe
  C:\Windows\System\axoycCr.exe
  2⤵
  PID:3364
- C:\Windows\System\UPMTfuO.exe
  C:\Windows\System\UPMTfuO.exe
  2⤵
  PID:3260
- C:\Windows\System\RfqRcgI.exe
  C:\Windows\System\RfqRcgI.exe
  2⤵
  PID:3144
- C:\Windows\System\keDatoP.exe
  C:\Windows\System\keDatoP.exe
  2⤵
  PID:3100
- C:\Windows\System\GamCajH.exe
  C:\Windows\System\GamCajH.exe
  2⤵
  PID:3460
- C:\Windows\System\FFlEmOP.exe
  C:\Windows\System\FFlEmOP.exe
  2⤵
  PID:1752
- C:\Windows\System\jcvziWn.exe
  C:\Windows\System\jcvziWn.exe
  2⤵
  PID:3412
- C:\Windows\System\rSJjvsS.exe
  C:\Windows\System\rSJjvsS.exe
  2⤵
  PID:3548
- C:\Windows\System\BKoKNBa.exe
  C:\Windows\System\BKoKNBa.exe
  2⤵
  PID:3632
- C:\Windows\System\WmsrHXl.exe
  C:\Windows\System\WmsrHXl.exe
  2⤵
  PID:3704
- C:\Windows\System\aDuwZBJ.exe
  C:\Windows\System\aDuwZBJ.exe
  2⤵
  PID:3744
- C:\Windows\System\sWAlXyV.exe
  C:\Windows\System\sWAlXyV.exe
  2⤵
  PID:3528
- C:\Windows\System\OcDYesG.exe
  C:\Windows\System\OcDYesG.exe
  2⤵
  PID:3820
- C:\Windows\System\AVctlng.exe
  C:\Windows\System\AVctlng.exe
  2⤵
  PID:3896
- C:\Windows\System\GpRaNiz.exe
  C:\Windows\System\GpRaNiz.exe
  2⤵
  PID:3608
- C:\Windows\System\EikjeDh.exe
  C:\Windows\System\EikjeDh.exe
  2⤵
  PID:3688
- C:\Windows\System\NxnVZyr.exe
  C:\Windows\System\NxnVZyr.exe
  2⤵
  PID:3612
- C:\Windows\System\sKekZLg.exe
  C:\Windows\System\sKekZLg.exe
  2⤵
  PID:3968
- C:\Windows\System\HuqVHTI.exe
  C:\Windows\System\HuqVHTI.exe
  2⤵
  PID:3844
- C:\Windows\System\WDoshYD.exe
  C:\Windows\System\WDoshYD.exe
  2⤵
  PID:3728
- C:\Windows\System\yIeUiJO.exe
  C:\Windows\System\yIeUiJO.exe
  2⤵
  PID:3884
- C:\Windows\System\FZNwMzr.exe
  C:\Windows\System\FZNwMzr.exe
  2⤵
  PID:3764
- C:\Windows\System\hxwuOmF.exe
  C:\Windows\System\hxwuOmF.exe
  2⤵
  PID:4004
- C:\Windows\System\CbKNAty.exe
  C:\Windows\System\CbKNAty.exe
  2⤵
  PID:4032
- C:\Windows\System\JoHdNLG.exe
  C:\Windows\System\JoHdNLG.exe
  2⤵
  PID:680
- C:\Windows\System\jIAQoVz.exe
  C:\Windows\System\jIAQoVz.exe
  2⤵
  PID:3088
- C:\Windows\System\ymPWvDi.exe
  C:\Windows\System\ymPWvDi.exe
  2⤵
  PID:4052
- C:\Windows\System\UcCUAon.exe
  C:\Windows\System\UcCUAon.exe
  2⤵
  PID:2780
- C:\Windows\System\OecLRXH.exe
  C:\Windows\System\OecLRXH.exe
  2⤵
  PID:3164
- C:\Windows\System\fzBnnma.exe
  C:\Windows\System\fzBnnma.exe
  2⤵
  PID:784
- C:\Windows\System\hXSImnH.exe
  C:\Windows\System\hXSImnH.exe
  2⤵
  PID:2444
- C:\Windows\System\ZriMoZj.exe
  C:\Windows\System\ZriMoZj.exe
  2⤵
  PID:3348
- C:\Windows\System\igdplcT.exe
  C:\Windows\System\igdplcT.exe
  2⤵
  PID:1168
- C:\Windows\System\rFzZObk.exe
  C:\Windows\System\rFzZObk.exe
  2⤵
  PID:3384
- C:\Windows\System\KwQdKmb.exe
  C:\Windows\System\KwQdKmb.exe
  2⤵
  PID:3300
- C:\Windows\System\mFezvJQ.exe
  C:\Windows\System\mFezvJQ.exe
  2⤵
  PID:2872
- C:\Windows\System\jCRjDCz.exe
  C:\Windows\System\jCRjDCz.exe
  2⤵
  PID:3436
- C:\Windows\System\RQEbiqR.exe
  C:\Windows\System\RQEbiqR.exe
  2⤵
  PID:1108
- C:\Windows\System\DryDFjQ.exe
  C:\Windows\System\DryDFjQ.exe
  2⤵
  PID:3456
- C:\Windows\System\RdvmPqp.exe
  C:\Windows\System\RdvmPqp.exe
  2⤵
  PID:3512
- C:\Windows\System\rKmhnIL.exe
  C:\Windows\System\rKmhnIL.exe
  2⤵
  PID:3584
- C:\Windows\System\ezMVZME.exe
  C:\Windows\System\ezMVZME.exe
  2⤵
  PID:3740
- C:\Windows\System\GmWNqAy.exe
  C:\Windows\System\GmWNqAy.exe
  2⤵
  PID:3568
- C:\Windows\System\bKUDfqI.exe
  C:\Windows\System\bKUDfqI.exe
  2⤵
  PID:3900
- C:\Windows\System\jgydkqs.exe
  C:\Windows\System\jgydkqs.exe
  2⤵
  PID:3644
- C:\Windows\System\GtVIhwL.exe
  C:\Windows\System\GtVIhwL.exe
  2⤵
  PID:3724
- C:\Windows\System\oTurvBa.exe
  C:\Windows\System\oTurvBa.exe
  2⤵
  PID:3836
- C:\Windows\System\pioPXTq.exe
  C:\Windows\System\pioPXTq.exe
  2⤵
  PID:4012
- C:\Windows\System\tyZOXDf.exe
  C:\Windows\System\tyZOXDf.exe
  2⤵
  PID:2488
- C:\Windows\System\ebbyhGO.exe
  C:\Windows\System\ebbyhGO.exe
  2⤵
  PID:3440
- C:\Windows\System\DvnZKNm.exe
  C:\Windows\System\DvnZKNm.exe
  2⤵
  PID:2712
- C:\Windows\System\DxMZPjs.exe
  C:\Windows\System\DxMZPjs.exe
  2⤵
  PID:2772
- C:\Windows\System\UGMcmKg.exe
  C:\Windows\System\UGMcmKg.exe
  2⤵
  PID:3280
- C:\Windows\System\mvpeifW.exe
  C:\Windows\System\mvpeifW.exe
  2⤵
  PID:1048
- C:\Windows\System\chicKkX.exe
  C:\Windows\System\chicKkX.exe
  2⤵
  PID:3352
- C:\Windows\System\JiMFShe.exe
  C:\Windows\System\JiMFShe.exe
  2⤵
  PID:3292
- C:\Windows\System\iyowGwZ.exe
  C:\Windows\System\iyowGwZ.exe
  2⤵
  PID:3220
- C:\Windows\System\AXiWbls.exe
  C:\Windows\System\AXiWbls.exe
  2⤵
  PID:3516
- C:\Windows\System\lADhRBv.exe
  C:\Windows\System\lADhRBv.exe
  2⤵
  PID:3544
- C:\Windows\System\ONRAMhL.exe
  C:\Windows\System\ONRAMhL.exe
  2⤵
  PID:3588
- C:\Windows\System\zltMJcj.exe
  C:\Windows\System\zltMJcj.exe
  2⤵
  PID:3816
- C:\Windows\System\KnLLVZO.exe
  C:\Windows\System\KnLLVZO.exe
  2⤵
  PID:3904
- C:\Windows\System\VXPtYDt.exe
  C:\Windows\System\VXPtYDt.exe
  2⤵
  PID:3800
- C:\Windows\System\FtyxTHX.exe
  C:\Windows\System\FtyxTHX.exe
  2⤵
  PID:3832
- C:\Windows\System\ajKmoXC.exe
  C:\Windows\System\ajKmoXC.exe
  2⤵
  PID:4036
- C:\Windows\System\bkpCNsJ.exe
  C:\Windows\System\bkpCNsJ.exe
  2⤵
  PID:3992
- C:\Windows\System\PaKtQJC.exe
  C:\Windows\System\PaKtQJC.exe
  2⤵
  PID:468
- C:\Windows\System\rOtAyvm.exe
  C:\Windows\System\rOtAyvm.exe
  2⤵
  PID:3172
- C:\Windows\System\RAFlHsH.exe
  C:\Windows\System\RAFlHsH.exe
  2⤵
  PID:4108
- C:\Windows\System\blugutg.exe
  C:\Windows\System\blugutg.exe
  2⤵
  PID:4128
- C:\Windows\System\DRHMubI.exe
  C:\Windows\System\DRHMubI.exe
  2⤵
  PID:4152
- C:\Windows\System\SWDPIot.exe
  C:\Windows\System\SWDPIot.exe
  2⤵
  PID:4168
- C:\Windows\System\JxANiuO.exe
  C:\Windows\System\JxANiuO.exe
  2⤵
  PID:4192
- C:\Windows\System\rfQOSlK.exe
  C:\Windows\System\rfQOSlK.exe
  2⤵
  PID:4208
- C:\Windows\System\bjrmTvA.exe
  C:\Windows\System\bjrmTvA.exe
  2⤵
  PID:4232
- C:\Windows\System\uhCuBEn.exe
  C:\Windows\System\uhCuBEn.exe
  2⤵
  PID:4252
- C:\Windows\System\kNwKkxx.exe
  C:\Windows\System\kNwKkxx.exe
  2⤵
  PID:4268
- C:\Windows\System\tpundLr.exe
  C:\Windows\System\tpundLr.exe
  2⤵
  PID:4288
- C:\Windows\System\EVUvdoh.exe
  C:\Windows\System\EVUvdoh.exe
  2⤵
  PID:4308
- C:\Windows\System\KzINPIK.exe
  C:\Windows\System\KzINPIK.exe
  2⤵
  PID:4328
- C:\Windows\System\sCJoCic.exe
  C:\Windows\System\sCJoCic.exe
  2⤵
  PID:4348
- C:\Windows\System\nNURbDu.exe
  C:\Windows\System\nNURbDu.exe
  2⤵
  PID:4372
- C:\Windows\System\eDXuUmS.exe
  C:\Windows\System\eDXuUmS.exe
  2⤵
  PID:4388
- C:\Windows\System\GurIpmx.exe
  C:\Windows\System\GurIpmx.exe
  2⤵
  PID:4408
- C:\Windows\System\QgMEKII.exe
  C:\Windows\System\QgMEKII.exe
  2⤵
  PID:4432
- C:\Windows\System\gdaorkA.exe
  C:\Windows\System\gdaorkA.exe
  2⤵
  PID:4452
- C:\Windows\System\qVCannT.exe
  C:\Windows\System\qVCannT.exe
  2⤵
  PID:4468
- C:\Windows\System\BnIATOh.exe
  C:\Windows\System\BnIATOh.exe
  2⤵
  PID:4488
- C:\Windows\System\zFuACTn.exe
  C:\Windows\System\zFuACTn.exe
  2⤵
  PID:4512
- C:\Windows\System\YjkzIty.exe
  C:\Windows\System\YjkzIty.exe
  2⤵
  PID:4532
- C:\Windows\System\hRkGqkr.exe
  C:\Windows\System\hRkGqkr.exe
  2⤵
  PID:4552
- C:\Windows\System\zyWfqCF.exe
  C:\Windows\System\zyWfqCF.exe
  2⤵
  PID:4572
- C:\Windows\System\mnYdMgn.exe
  C:\Windows\System\mnYdMgn.exe
  2⤵
  PID:4592
- C:\Windows\System\hbMBqjP.exe
  C:\Windows\System\hbMBqjP.exe
  2⤵
  PID:4612
- C:\Windows\System\xwfRQZT.exe
  C:\Windows\System\xwfRQZT.exe
  2⤵
  PID:4632
- C:\Windows\System\sZXTJof.exe
  C:\Windows\System\sZXTJof.exe
  2⤵
  PID:4652
- C:\Windows\System\iiszFVY.exe
  C:\Windows\System\iiszFVY.exe
  2⤵
  PID:4668
- C:\Windows\System\NZwldEj.exe
  C:\Windows\System\NZwldEj.exe
  2⤵
  PID:4692
- C:\Windows\System\dEapuho.exe
  C:\Windows\System\dEapuho.exe
  2⤵
  PID:4716
- C:\Windows\System\kMoycXv.exe
  C:\Windows\System\kMoycXv.exe
  2⤵
  PID:4736
- C:\Windows\System\XlhhnFC.exe
  C:\Windows\System\XlhhnFC.exe
  2⤵
  PID:4752
- C:\Windows\System\TspWumM.exe
  C:\Windows\System\TspWumM.exe
  2⤵
  PID:4772
- C:\Windows\System\nQIDzyr.exe
  C:\Windows\System\nQIDzyr.exe
  2⤵
  PID:4792
- C:\Windows\System\CLfCTFY.exe
  C:\Windows\System\CLfCTFY.exe
  2⤵
  PID:4812
- C:\Windows\System\JTpwmQT.exe
  C:\Windows\System\JTpwmQT.exe
  2⤵
  PID:4828
- C:\Windows\System\VdBkSEU.exe
  C:\Windows\System\VdBkSEU.exe
  2⤵
  PID:4848
- C:\Windows\System\vyIZsrW.exe
  C:\Windows\System\vyIZsrW.exe
  2⤵
  PID:4872
- C:\Windows\System\WGsfyGE.exe
  C:\Windows\System\WGsfyGE.exe
  2⤵
  PID:4892
- C:\Windows\System\IDPUSCM.exe
  C:\Windows\System\IDPUSCM.exe
  2⤵
  PID:4912
- C:\Windows\System\WDSjBIC.exe
  C:\Windows\System\WDSjBIC.exe
  2⤵
  PID:4932
- C:\Windows\System\BWFGTLR.exe
  C:\Windows\System\BWFGTLR.exe
  2⤵
  PID:4956
- C:\Windows\System\QXwDOZo.exe
  C:\Windows\System\QXwDOZo.exe
  2⤵
  PID:4976
- C:\Windows\System\ZnvztnK.exe
  C:\Windows\System\ZnvztnK.exe
  2⤵
  PID:4992
- C:\Windows\System\wZwcnmZ.exe
  C:\Windows\System\wZwcnmZ.exe
  2⤵
  PID:5012
- C:\Windows\System\oiLaWDs.exe
  C:\Windows\System\oiLaWDs.exe
  2⤵
  PID:5032
- C:\Windows\System\GyPGvQX.exe
  C:\Windows\System\GyPGvQX.exe
  2⤵
  PID:5052
- C:\Windows\System\nSsYvzZ.exe
  C:\Windows\System\nSsYvzZ.exe
  2⤵
  PID:5072
- C:\Windows\System\lUQtKpF.exe
  C:\Windows\System\lUQtKpF.exe
  2⤵
  PID:5096
- C:\Windows\System\TpeHIrv.exe
  C:\Windows\System\TpeHIrv.exe
  2⤵
  PID:5112
- C:\Windows\System\vBJwkkP.exe
  C:\Windows\System\vBJwkkP.exe
  2⤵
  PID:3444
- C:\Windows\System\CYRReve.exe
  C:\Windows\System\CYRReve.exe
  2⤵
  PID:3496
- C:\Windows\System\qTDZGvK.exe
  C:\Windows\System\qTDZGvK.exe
  2⤵
  PID:3408
- C:\Windows\System\ZGFfxsJ.exe
  C:\Windows\System\ZGFfxsJ.exe
  2⤵
  PID:3864
- C:\Windows\System\nEOOckM.exe
  C:\Windows\System\nEOOckM.exe
  2⤵
  PID:3920
- C:\Windows\System\DVlYshg.exe
  C:\Windows\System\DVlYshg.exe
  2⤵
  PID:4016
- C:\Windows\System\mJINXcf.exe
  C:\Windows\System\mJINXcf.exe
  2⤵
  PID:1496
- C:\Windows\System\FDIHZGe.exe
  C:\Windows\System\FDIHZGe.exe
  2⤵
  PID:1436
- C:\Windows\System\dHrtZTt.exe
  C:\Windows\System\dHrtZTt.exe
  2⤵
  PID:4100
- C:\Windows\System\GFRrlxB.exe
  C:\Windows\System\GFRrlxB.exe
  2⤵
  PID:4200
- C:\Windows\System\AKhXcJd.exe
  C:\Windows\System\AKhXcJd.exe
  2⤵
  PID:4184
- C:\Windows\System\YIvVHQi.exe
  C:\Windows\System\YIvVHQi.exe
  2⤵
  PID:4244
- C:\Windows\System\dYXVLFH.exe
  C:\Windows\System\dYXVLFH.exe
  2⤵
  PID:4264
- C:\Windows\System\CkSvllE.exe
  C:\Windows\System\CkSvllE.exe
  2⤵
  PID:4316
- C:\Windows\System\ZsTRPuN.exe
  C:\Windows\System\ZsTRPuN.exe
  2⤵
  PID:4320
- C:\Windows\System\YCTsXky.exe
  C:\Windows\System\YCTsXky.exe
  2⤵
  PID:4340
- C:\Windows\System\dqqXzlo.exe
  C:\Windows\System\dqqXzlo.exe
  2⤵
  PID:4400
- C:\Windows\System\NfFsYVC.exe
  C:\Windows\System\NfFsYVC.exe
  2⤵
  PID:4444
- C:\Windows\System\vqfrMfk.exe
  C:\Windows\System\vqfrMfk.exe
  2⤵
  PID:4476
- C:\Windows\System\QyCFmCB.exe
  C:\Windows\System\QyCFmCB.exe
  2⤵
  PID:4520
- C:\Windows\System\GGKNaCl.exe
  C:\Windows\System\GGKNaCl.exe
  2⤵
  PID:4568
- C:\Windows\System\ILlXOpV.exe
  C:\Windows\System\ILlXOpV.exe
  2⤵
  PID:4540
- C:\Windows\System\flOGghI.exe
  C:\Windows\System\flOGghI.exe
  2⤵
  PID:4584
- C:\Windows\System\MvXLmJl.exe
  C:\Windows\System\MvXLmJl.exe
  2⤵
  PID:4624
- C:\Windows\System\pkJszbt.exe
  C:\Windows\System\pkJszbt.exe
  2⤵
  PID:4688
- C:\Windows\System\nSLbdDk.exe
  C:\Windows\System\nSLbdDk.exe
  2⤵
  PID:4700
- C:\Windows\System\taJoMHh.exe
  C:\Windows\System\taJoMHh.exe
  2⤵
  PID:4712
- C:\Windows\System\CAykzDj.exe
  C:\Windows\System\CAykzDj.exe
  2⤵
  PID:4768
- C:\Windows\System\bihLprR.exe
  C:\Windows\System\bihLprR.exe
  2⤵
  PID:4836
- C:\Windows\System\hRiruvs.exe
  C:\Windows\System\hRiruvs.exe
  2⤵
  PID:4856
- C:\Windows\System\DiJhYaR.exe
  C:\Windows\System\DiJhYaR.exe
  2⤵
  PID:4884
- C:\Windows\System\dWUQfbF.exe
  C:\Windows\System\dWUQfbF.exe
  2⤵
  PID:4924
- C:\Windows\System\ZLTYsoG.exe
  C:\Windows\System\ZLTYsoG.exe
  2⤵
  PID:4944
- C:\Windows\System\hBZpVsY.exe
  C:\Windows\System\hBZpVsY.exe
  2⤵
  PID:4968
- C:\Windows\System\fzeWNFv.exe
  C:\Windows\System\fzeWNFv.exe
  2⤵
  PID:4988
- C:\Windows\System\urifrXu.exe
  C:\Windows\System\urifrXu.exe
  2⤵
  PID:5084
- C:\Windows\System\VDgdXvQ.exe
  C:\Windows\System\VDgdXvQ.exe
  2⤵
  PID:5060
- C:\Windows\System\RighTWo.exe
  C:\Windows\System\RighTWo.exe
  2⤵
  PID:3108
- C:\Windows\System\jPcPLtw.exe
  C:\Windows\System\jPcPLtw.exe
  2⤵
  PID:3720
- C:\Windows\System\wXwBdUk.exe
  C:\Windows\System\wXwBdUk.exe
  2⤵
  PID:3508
- C:\Windows\System\sLWBVsn.exe
  C:\Windows\System\sLWBVsn.exe
  2⤵
  PID:3560
- C:\Windows\System\TwHDkYg.exe
  C:\Windows\System\TwHDkYg.exe
  2⤵
  PID:2964
- C:\Windows\System\JmPAnBg.exe
  C:\Windows\System\JmPAnBg.exe
  2⤵
  PID:4104
- C:\Windows\System\kNdKYzs.exe
  C:\Windows\System\kNdKYzs.exe
  2⤵
  PID:4188
- C:\Windows\System\QNhIFtI.exe
  C:\Windows\System\QNhIFtI.exe
  2⤵
  PID:3428
- C:\Windows\System\RhgTPIi.exe
  C:\Windows\System\RhgTPIi.exe
  2⤵
  PID:4324
- C:\Windows\System\lTfFZsa.exe
  C:\Windows\System\lTfFZsa.exe
  2⤵
  PID:4368
- C:\Windows\System\uDaveEs.exe
  C:\Windows\System\uDaveEs.exe
  2⤵
  PID:4420
- C:\Windows\System\LNhfcFa.exe
  C:\Windows\System\LNhfcFa.exe
  2⤵
  PID:4280
- C:\Windows\System\fXMbwme.exe
  C:\Windows\System\fXMbwme.exe
  2⤵
  PID:4384
- C:\Windows\System\dhVdGYU.exe
  C:\Windows\System\dhVdGYU.exe
  2⤵
  PID:4608
- C:\Windows\System\kNvmdkF.exe
  C:\Windows\System\kNvmdkF.exe
  2⤵
  PID:4676
- C:\Windows\System\LYKuJVG.exe
  C:\Windows\System\LYKuJVG.exe
  2⤵
  PID:4644
- C:\Windows\System\HlvmEqk.exe
  C:\Windows\System\HlvmEqk.exe
  2⤵
  PID:4808
- C:\Windows\System\qJEWCYH.exe
  C:\Windows\System\qJEWCYH.exe
  2⤵
  PID:4732
- C:\Windows\System\FPWvUwG.exe
  C:\Windows\System\FPWvUwG.exe
  2⤵
  PID:4820
- C:\Windows\System\vYiMStd.exe
  C:\Windows\System\vYiMStd.exe
  2⤵
  PID:4908
- C:\Windows\System\MAiEpNI.exe
  C:\Windows\System\MAiEpNI.exe
  2⤵
  PID:4984
- C:\Windows\System\ZtVxQmR.exe
  C:\Windows\System\ZtVxQmR.exe
  2⤵
  PID:4952
- C:\Windows\System\GcJwdrI.exe
  C:\Windows\System\GcJwdrI.exe
  2⤵
  PID:5020
- C:\Windows\System\fxtePNX.exe
  C:\Windows\System\fxtePNX.exe
  2⤵
  PID:5048
- C:\Windows\System\BIKCtAs.exe
  C:\Windows\System\BIKCtAs.exe
  2⤵
  PID:3328
- C:\Windows\System\wAbggEP.exe
  C:\Windows\System\wAbggEP.exe
  2⤵
  PID:2248
- C:\Windows\System\rDJBTVs.exe
  C:\Windows\System\rDJBTVs.exe
  2⤵
  PID:4164
- C:\Windows\System\MGvkgFc.exe
  C:\Windows\System\MGvkgFc.exe
  2⤵
  PID:4180
- C:\Windows\System\yzzFoHa.exe
  C:\Windows\System\yzzFoHa.exe
  2⤵
  PID:4020
- C:\Windows\System\esPugcx.exe
  C:\Windows\System\esPugcx.exe
  2⤵
  PID:2120
- C:\Windows\System\KcXzPjy.exe
  C:\Windows\System\KcXzPjy.exe
  2⤵
  PID:4240
- C:\Windows\System\OaegzUJ.exe
  C:\Windows\System\OaegzUJ.exe
  2⤵
  PID:4640
- C:\Windows\System\wPgZzON.exe
  C:\Windows\System\wPgZzON.exe
  2⤵
  PID:4480
- C:\Windows\System\OLXTbmf.exe
  C:\Windows\System\OLXTbmf.exe
  2⤵
  PID:4648
- C:\Windows\System\TkhcPAw.exe
  C:\Windows\System\TkhcPAw.exe
  2⤵
  PID:4880
- C:\Windows\System\NVKStLi.exe
  C:\Windows\System\NVKStLi.exe
  2⤵
  PID:5004
- C:\Windows\System\nfihNsW.exe
  C:\Windows\System\nfihNsW.exe
  2⤵
  PID:5008
- C:\Windows\System\PCEwviv.exe
  C:\Windows\System\PCEwviv.exe
  2⤵
  PID:5068
- C:\Windows\System\pKcTEUe.exe
  C:\Windows\System\pKcTEUe.exe
  2⤵
  PID:5108
- C:\Windows\System\cfDsoDk.exe
  C:\Windows\System\cfDsoDk.exe
  2⤵
  PID:4140
- C:\Windows\System\hlaMfmL.exe
  C:\Windows\System\hlaMfmL.exe
  2⤵
  PID:324
- C:\Windows\System\vHOebpE.exe
  C:\Windows\System\vHOebpE.exe
  2⤵
  PID:4220
- C:\Windows\System\YBZLEAJ.exe
  C:\Windows\System\YBZLEAJ.exe
  2⤵
  PID:4396
- C:\Windows\System\giekvZW.exe
  C:\Windows\System\giekvZW.exe
  2⤵
  PID:5132
- C:\Windows\System\ZZLcFiN.exe
  C:\Windows\System\ZZLcFiN.exe
  2⤵
  PID:5156
- C:\Windows\System\wSkEfQH.exe
  C:\Windows\System\wSkEfQH.exe
  2⤵
  PID:5176
- C:\Windows\System\dNeNcTK.exe
  C:\Windows\System\dNeNcTK.exe
  2⤵
  PID:5196
- C:\Windows\System\gYiwHPF.exe
  C:\Windows\System\gYiwHPF.exe
  2⤵
  PID:5212
- C:\Windows\System\OYZCYRq.exe
  C:\Windows\System\OYZCYRq.exe
  2⤵
  PID:5236
- C:\Windows\System\ZNnmABh.exe
  C:\Windows\System\ZNnmABh.exe
  2⤵
  PID:5256
- C:\Windows\System\GTESGGa.exe
  C:\Windows\System\GTESGGa.exe
  2⤵
  PID:5276
- C:\Windows\System\IEXzBHQ.exe
  C:\Windows\System\IEXzBHQ.exe
  2⤵
  PID:5296
- C:\Windows\System\rvTLKeg.exe
  C:\Windows\System\rvTLKeg.exe
  2⤵
  PID:5316
- C:\Windows\System\UllOqDq.exe
  C:\Windows\System\UllOqDq.exe
  2⤵
  PID:5332
- C:\Windows\System\RkaqgqP.exe
  C:\Windows\System\RkaqgqP.exe
  2⤵
  PID:5360
- C:\Windows\System\TgzgCYG.exe
  C:\Windows\System\TgzgCYG.exe
  2⤵
  PID:5380
- C:\Windows\System\jPSNmOp.exe
  C:\Windows\System\jPSNmOp.exe
  2⤵
  PID:5400
- C:\Windows\System\KqlajWw.exe
  C:\Windows\System\KqlajWw.exe
  2⤵
  PID:5420
- C:\Windows\System\vBkSgoU.exe
  C:\Windows\System\vBkSgoU.exe
  2⤵
  PID:5436
- C:\Windows\System\ojcYfXa.exe
  C:\Windows\System\ojcYfXa.exe
  2⤵
  PID:5456
- C:\Windows\System\cVByWzX.exe
  C:\Windows\System\cVByWzX.exe
  2⤵
  PID:5480
- C:\Windows\System\ANPjVwY.exe
  C:\Windows\System\ANPjVwY.exe
  2⤵
  PID:5500
- C:\Windows\System\WZlZKsx.exe
  C:\Windows\System\WZlZKsx.exe
  2⤵
  PID:5516
- C:\Windows\System\JZOyARg.exe
  C:\Windows\System\JZOyARg.exe
  2⤵
  PID:5536
- C:\Windows\System\lzmkSye.exe
  C:\Windows\System\lzmkSye.exe
  2⤵
  PID:5556
- C:\Windows\System\hGROyZD.exe
  C:\Windows\System\hGROyZD.exe
  2⤵
  PID:5576
- C:\Windows\System\xHIbGya.exe
  C:\Windows\System\xHIbGya.exe
  2⤵
  PID:5596
- C:\Windows\System\ANdJKRl.exe
  C:\Windows\System\ANdJKRl.exe
  2⤵
  PID:5616
- C:\Windows\System\fJEPAJz.exe
  C:\Windows\System\fJEPAJz.exe
  2⤵
  PID:5640
- C:\Windows\System\TBeqmyS.exe
  C:\Windows\System\TBeqmyS.exe
  2⤵
  PID:5656
- C:\Windows\System\wBhQnKD.exe
  C:\Windows\System\wBhQnKD.exe
  2⤵
  PID:5676
- C:\Windows\System\LfhhODi.exe
  C:\Windows\System\LfhhODi.exe
  2⤵
  PID:5696
- C:\Windows\System\VnCDjTn.exe
  C:\Windows\System\VnCDjTn.exe
  2⤵
  PID:5716
- C:\Windows\System\LKLUegn.exe
  C:\Windows\System\LKLUegn.exe
  2⤵
  PID:5740
- C:\Windows\System\rLqJFnu.exe
  C:\Windows\System\rLqJFnu.exe
  2⤵
  PID:5760
- C:\Windows\System\wyvwAzn.exe
  C:\Windows\System\wyvwAzn.exe
  2⤵
  PID:5780
- C:\Windows\System\lvtAstt.exe
  C:\Windows\System\lvtAstt.exe
  2⤵
  PID:5800
- C:\Windows\System\gmYETrC.exe
  C:\Windows\System\gmYETrC.exe
  2⤵
  PID:5816
- C:\Windows\System\NITckGY.exe
  C:\Windows\System\NITckGY.exe
  2⤵
  PID:5836
- C:\Windows\System\SvLHFYk.exe
  C:\Windows\System\SvLHFYk.exe
  2⤵
  PID:5860
- C:\Windows\System\ssSPvOR.exe
  C:\Windows\System\ssSPvOR.exe
  2⤵
  PID:5880
- C:\Windows\System\eeLuiPP.exe
  C:\Windows\System\eeLuiPP.exe
  2⤵
  PID:5896
- C:\Windows\System\OybrAxf.exe
  C:\Windows\System\OybrAxf.exe
  2⤵
  PID:5916
- C:\Windows\System\mMBWZie.exe
  C:\Windows\System\mMBWZie.exe
  2⤵
  PID:5940
- C:\Windows\System\XwemHtd.exe
  C:\Windows\System\XwemHtd.exe
  2⤵
  PID:5956
- C:\Windows\System\nSkcKdi.exe
  C:\Windows\System\nSkcKdi.exe
  2⤵
  PID:5976
- C:\Windows\System\fuPXRwY.exe
  C:\Windows\System\fuPXRwY.exe
  2⤵
  PID:6000
- C:\Windows\System\pGmMUGp.exe
  C:\Windows\System\pGmMUGp.exe
  2⤵
  PID:6020
- C:\Windows\System\YXETjoH.exe
  C:\Windows\System\YXETjoH.exe
  2⤵
  PID:6036
- C:\Windows\System\ELMgARU.exe
  C:\Windows\System\ELMgARU.exe
  2⤵
  PID:6056
- C:\Windows\System\ZrWOCna.exe
  C:\Windows\System\ZrWOCna.exe
  2⤵
  PID:6080
- C:\Windows\System\JUKUezE.exe
  C:\Windows\System\JUKUezE.exe
  2⤵
  PID:6100
- C:\Windows\System\aYeDwJB.exe
  C:\Windows\System\aYeDwJB.exe
  2⤵
  PID:6120
- C:\Windows\System\wnSqDqR.exe
  C:\Windows\System\wnSqDqR.exe
  2⤵
  PID:6140
- C:\Windows\System\KmHPwNu.exe
  C:\Windows\System\KmHPwNu.exe
  2⤵
  PID:4484
- C:\Windows\System\LUFIPXY.exe
  C:\Windows\System\LUFIPXY.exe
  2⤵
  PID:4864
- C:\Windows\System\guiGCbU.exe
  C:\Windows\System\guiGCbU.exe
  2⤵
  PID:4920
- C:\Windows\System\ecyGmEO.exe
  C:\Windows\System\ecyGmEO.exe
  2⤵
  PID:2900
- C:\Windows\System\KzMkAOn.exe
  C:\Windows\System\KzMkAOn.exe
  2⤵
  PID:3860
- C:\Windows\System\BOCgTaC.exe
  C:\Windows\System\BOCgTaC.exe
  2⤵
  PID:4500
- C:\Windows\System\LonbrFT.exe
  C:\Windows\System\LonbrFT.exe
  2⤵
  PID:2392
- C:\Windows\System\ZkWaWux.exe
  C:\Windows\System\ZkWaWux.exe
  2⤵
  PID:4356
- C:\Windows\System\XEzxnyl.exe
  C:\Windows\System\XEzxnyl.exe
  2⤵
  PID:5152
- C:\Windows\System\BRvqKZz.exe
  C:\Windows\System\BRvqKZz.exe
  2⤵
  PID:5192
- C:\Windows\System\eMOcFCe.exe
  C:\Windows\System\eMOcFCe.exe
  2⤵
  PID:5220
- C:\Windows\System\lWOAVRH.exe
  C:\Windows\System\lWOAVRH.exe
  2⤵
  PID:5268
- C:\Windows\System\GOzgwYR.exe
  C:\Windows\System\GOzgwYR.exe
  2⤵
  PID:5324
- C:\Windows\System\jmEGGCu.exe
  C:\Windows\System\jmEGGCu.exe
  2⤵
  PID:5308
- C:\Windows\System\dDClkYT.exe
  C:\Windows\System\dDClkYT.exe
  2⤵
  PID:5352
- C:\Windows\System\cZhPONw.exe
  C:\Windows\System\cZhPONw.exe
  2⤵
  PID:5444
- C:\Windows\System\PYORsWS.exe
  C:\Windows\System\PYORsWS.exe
  2⤵
  PID:5392
- C:\Windows\System\tZFkVIa.exe
  C:\Windows\System\tZFkVIa.exe
  2⤵
  PID:5472
- C:\Windows\System\mGvEzwg.exe
  C:\Windows\System\mGvEzwg.exe
  2⤵
  PID:5508
- C:\Windows\System\jgYOfqB.exe
  C:\Windows\System\jgYOfqB.exe
  2⤵
  PID:5572
- C:\Windows\System\TcQTLLl.exe
  C:\Windows\System\TcQTLLl.exe
  2⤵
  PID:5552
- C:\Windows\System\PEmDMZq.exe
  C:\Windows\System\PEmDMZq.exe
  2⤵
  PID:5608
- C:\Windows\System\aXznVPG.exe
  C:\Windows\System\aXznVPG.exe
  2⤵
  PID:5648
- C:\Windows\System\CZEKxSs.exe
  C:\Windows\System\CZEKxSs.exe
  2⤵
  PID:5636
- C:\Windows\System\ZYrprmD.exe
  C:\Windows\System\ZYrprmD.exe
  2⤵
  PID:5724
- C:\Windows\System\lcXzWAI.exe
  C:\Windows\System\lcXzWAI.exe
  2⤵
  PID:5712
- C:\Windows\System\QchBOoe.exe
  C:\Windows\System\QchBOoe.exe
  2⤵
  PID:5756
- C:\Windows\System\xNqUUgC.exe
  C:\Windows\System\xNqUUgC.exe
  2⤵
  PID:5844
- C:\Windows\System\mFYOhUR.exe
  C:\Windows\System\mFYOhUR.exe
  2⤵
  PID:5828
- C:\Windows\System\PaRcVtO.exe
  C:\Windows\System\PaRcVtO.exe
  2⤵
  PID:5852
- C:\Windows\System\aVjIyAK.exe
  C:\Windows\System\aVjIyAK.exe
  2⤵
  PID:5876
- C:\Windows\System\rZMiOzv.exe
  C:\Windows\System\rZMiOzv.exe
  2⤵
  PID:5936
- C:\Windows\System\KPZMXSq.exe
  C:\Windows\System\KPZMXSq.exe
  2⤵
  PID:5908
- C:\Windows\System\DoXdiJV.exe
  C:\Windows\System\DoXdiJV.exe
  2⤵
  PID:5972
- C:\Windows\System\cdUeKPC.exe
  C:\Windows\System\cdUeKPC.exe
  2⤵
  PID:5996
- C:\Windows\System\HtnpvzK.exe
  C:\Windows\System\HtnpvzK.exe
  2⤵
  PID:6044
- C:\Windows\System\ANAosQl.exe
  C:\Windows\System\ANAosQl.exe
  2⤵
  PID:5344
- C:\Windows\System\JKxFJZL.exe
  C:\Windows\System\JKxFJZL.exe
  2⤵
  PID:6092
- C:\Windows\System\EearHDO.exe
  C:\Windows\System\EearHDO.exe
  2⤵
  PID:6132
- C:\Windows\System\LWwSySN.exe
  C:\Windows\System\LWwSySN.exe
  2⤵
  PID:4784
- C:\Windows\System\jJruRbi.exe
  C:\Windows\System\jJruRbi.exe
  2⤵
  PID:4580
- C:\Windows\System\DfVAXhu.exe
  C:\Windows\System\DfVAXhu.exe
  2⤵
  PID:5144
- C:\Windows\System\zrPuHBB.exe
  C:\Windows\System\zrPuHBB.exe
  2⤵
  PID:5024
- C:\Windows\System\lwXkkxE.exe
  C:\Windows\System\lwXkkxE.exe
  2⤵
  PID:4548
- C:\Windows\System\mAZVHdg.exe
  C:\Windows\System\mAZVHdg.exe
  2⤵
  PID:5264
- C:\Windows\System\ugfGurb.exe
  C:\Windows\System\ugfGurb.exe
  2⤵
  PID:5244
- C:\Windows\System\gyrVxOK.exe
  C:\Windows\System\gyrVxOK.exe
  2⤵
  PID:5412
- C:\Windows\System\BxzKoeN.exe
  C:\Windows\System\BxzKoeN.exe
  2⤵
  PID:5272
- C:\Windows\System\KisHBZl.exe
  C:\Windows\System\KisHBZl.exe
  2⤵
  PID:5532
- C:\Windows\System\QsYjwHE.exe
  C:\Windows\System\QsYjwHE.exe
  2⤵
  PID:5548
- C:\Windows\System\LRpuJdQ.exe
  C:\Windows\System\LRpuJdQ.exe
  2⤵
  PID:5584
- C:\Windows\System\mbHnYHm.exe
  C:\Windows\System\mbHnYHm.exe
  2⤵
  PID:5448
- C:\Windows\System\JaTeNlu.exe
  C:\Windows\System\JaTeNlu.exe
  2⤵
  PID:5732
- C:\Windows\System\NMYwewd.exe
  C:\Windows\System\NMYwewd.exe
  2⤵
  PID:5748
- C:\Windows\System\frLFgrR.exe
  C:\Windows\System\frLFgrR.exe
  2⤵
  PID:5776
- C:\Windows\System\oBfCRgs.exe
  C:\Windows\System\oBfCRgs.exe
  2⤵
  PID:5856
- C:\Windows\System\dQfOTkn.exe
  C:\Windows\System\dQfOTkn.exe
  2⤵
  PID:5792
- C:\Windows\System\eVGlwbn.exe
  C:\Windows\System\eVGlwbn.exe
  2⤵
  PID:6028
- C:\Windows\System\qRJmJJX.exe
  C:\Windows\System\qRJmJJX.exe
  2⤵
  PID:6064
- C:\Windows\System\rTVAfPI.exe
  C:\Windows\System\rTVAfPI.exe
  2⤵
  PID:6096
- C:\Windows\System\iIoxRdp.exe
  C:\Windows\System\iIoxRdp.exe
  2⤵
  PID:2324
- C:\Windows\System\ThSljvn.exe
  C:\Windows\System\ThSljvn.exe
  2⤵
  PID:4620
- C:\Windows\System\PuCxvoH.exe
  C:\Windows\System\PuCxvoH.exe
  2⤵
  PID:4928
- C:\Windows\System\VfxlCSm.exe
  C:\Windows\System\VfxlCSm.exe
  2⤵
  PID:6128
- C:\Windows\System\SvLXukJ.exe
  C:\Windows\System\SvLXukJ.exe
  2⤵
  PID:5904
- C:\Windows\System\uNHqapg.exe
  C:\Windows\System\uNHqapg.exe
  2⤵
  PID:4276
- C:\Windows\System\qnTlmHo.exe
  C:\Windows\System\qnTlmHo.exe
  2⤵
  PID:5172
- C:\Windows\System\GZXmiZc.exe
  C:\Windows\System\GZXmiZc.exe
  2⤵
  PID:5044
- C:\Windows\System\EwzaWTL.exe
  C:\Windows\System\EwzaWTL.exe
  2⤵
  PID:5492
- C:\Windows\System\ufruIuZ.exe
  C:\Windows\System\ufruIuZ.exe
  2⤵
  PID:5204
- C:\Windows\System\kQKWuUH.exe
  C:\Windows\System\kQKWuUH.exe
  2⤵
  PID:2680
- C:\Windows\System\UPHgFmJ.exe
  C:\Windows\System\UPHgFmJ.exe
  2⤵
  PID:5692
- C:\Windows\System\lKjnwZX.exe
  C:\Windows\System\lKjnwZX.exe
  2⤵
  PID:5468
- C:\Windows\System\RMuXTWj.exe
  C:\Windows\System\RMuXTWj.exe
  2⤵
  PID:5668
- C:\Windows\System\JwVWTqn.exe
  C:\Windows\System\JwVWTqn.exe
  2⤵
  PID:1192
- C:\Windows\System\cMzupXJ.exe
  C:\Windows\System\cMzupXJ.exe
  2⤵
  PID:1368
- C:\Windows\System\ylgMhQr.exe
  C:\Windows\System\ylgMhQr.exe
  2⤵
  PID:5736
- C:\Windows\System\jlKELci.exe
  C:\Windows\System\jlKELci.exe
  2⤵
  PID:5124
- C:\Windows\System\qQbedog.exe
  C:\Windows\System\qQbedog.exe
  2⤵
  PID:5140
- C:\Windows\System\eFNodeh.exe
  C:\Windows\System\eFNodeh.exe
  2⤵
  PID:1816
- C:\Windows\System\sawSGvx.exe
  C:\Windows\System\sawSGvx.exe
  2⤵
  PID:5928
- C:\Windows\System\jeHDHFY.exe
  C:\Windows\System\jeHDHFY.exe
  2⤵
  PID:2144
- C:\Windows\System\ERZxtcv.exe
  C:\Windows\System\ERZxtcv.exe
  2⤵
  PID:2056
- C:\Windows\System\ZTTfMpI.exe
  C:\Windows\System\ZTTfMpI.exe
  2⤵
  PID:5824
- C:\Windows\System\JPgrbQY.exe
  C:\Windows\System\JPgrbQY.exe
  2⤵
  PID:5288
- C:\Windows\System\HkTYiMf.exe
  C:\Windows\System\HkTYiMf.exe
  2⤵
  PID:5312
- C:\Windows\System\WiBMzdg.exe
  C:\Windows\System\WiBMzdg.exe
  2⤵
  PID:5376
- C:\Windows\System\eTmmndL.exe
  C:\Windows\System\eTmmndL.exe
  2⤵
  PID:5372
- C:\Windows\System\ILqVZMy.exe
  C:\Windows\System\ILqVZMy.exe
  2⤵
  PID:5432
- C:\Windows\System\tZnaGBH.exe
  C:\Windows\System\tZnaGBH.exe
  2⤵
  PID:5768
- C:\Windows\System\DmAQGGh.exe
  C:\Windows\System\DmAQGGh.exe
  2⤵
  PID:6052
- C:\Windows\System\xQhnsjk.exe
  C:\Windows\System\xQhnsjk.exe
  2⤵
  PID:6048
- C:\Windows\System\wPWAOjy.exe
  C:\Windows\System\wPWAOjy.exe
  2⤵
  PID:1608
- C:\Windows\System\vBUeIEF.exe
  C:\Windows\System\vBUeIEF.exe
  2⤵
  PID:4416
- C:\Windows\System\ksOGrmM.exe
  C:\Windows\System\ksOGrmM.exe
  2⤵
  PID:5588
- C:\Windows\System\JWsMDWe.exe
  C:\Windows\System\JWsMDWe.exe
  2⤵
  PID:2240
- C:\Windows\System\bUaLjqP.exe
  C:\Windows\System\bUaLjqP.exe
  2⤵
  PID:2828
- C:\Windows\System\DSqXUys.exe
  C:\Windows\System\DSqXUys.exe
  2⤵
  PID:2952
- C:\Windows\System\xZwKNTy.exe
  C:\Windows\System\xZwKNTy.exe
  2⤵
  PID:6164
- C:\Windows\System\pkCRuyA.exe
  C:\Windows\System\pkCRuyA.exe
  2⤵
  PID:6180
- C:\Windows\System\RcOsClG.exe
  C:\Windows\System\RcOsClG.exe
  2⤵
  PID:6200
- C:\Windows\System\hyDpvmo.exe
  C:\Windows\System\hyDpvmo.exe
  2⤵
  PID:6244
- C:\Windows\System\cCxkUOj.exe
  C:\Windows\System\cCxkUOj.exe
  2⤵
  PID:6264
- C:\Windows\System\SchBFOl.exe
  C:\Windows\System\SchBFOl.exe
  2⤵
  PID:6280
- C:\Windows\System\HUFxlBf.exe
  C:\Windows\System\HUFxlBf.exe
  2⤵
  PID:6296
- C:\Windows\System\OBjCxmu.exe
  C:\Windows\System\OBjCxmu.exe
  2⤵
  PID:6328
- C:\Windows\System\wooLPPs.exe
  C:\Windows\System\wooLPPs.exe
  2⤵
  PID:6352
- C:\Windows\System\walFVvv.exe
  C:\Windows\System\walFVvv.exe
  2⤵
  PID:6372
- C:\Windows\System\rUTsyiY.exe
  C:\Windows\System\rUTsyiY.exe
  2⤵
  PID:6392
- C:\Windows\System\DRUMyoH.exe
  C:\Windows\System\DRUMyoH.exe
  2⤵
  PID:6412
- C:\Windows\System\SpqylFr.exe
  C:\Windows\System\SpqylFr.exe
  2⤵
  PID:6432
- C:\Windows\System\kmsDdEx.exe
  C:\Windows\System\kmsDdEx.exe
  2⤵
  PID:6452
- C:\Windows\System\QoPyIrm.exe
  C:\Windows\System\QoPyIrm.exe
  2⤵
  PID:6472
- C:\Windows\System\XrPmIto.exe
  C:\Windows\System\XrPmIto.exe
  2⤵
  PID:6492
- C:\Windows\System\FPKwTUg.exe
  C:\Windows\System\FPKwTUg.exe
  2⤵
  PID:6512
- C:\Windows\System\WIBMUkZ.exe
  C:\Windows\System\WIBMUkZ.exe
  2⤵
  PID:6532
- C:\Windows\System\jcGjmye.exe
  C:\Windows\System\jcGjmye.exe
  2⤵
  PID:6552
- C:\Windows\System\UsJDtdk.exe
  C:\Windows\System\UsJDtdk.exe
  2⤵
  PID:6576
- C:\Windows\System\fjKQKyA.exe
  C:\Windows\System\fjKQKyA.exe
  2⤵
  PID:6616
- C:\Windows\System\DScmTjQ.exe
  C:\Windows\System\DScmTjQ.exe
  2⤵
  PID:6636
- C:\Windows\System\LVYuQUq.exe
  C:\Windows\System\LVYuQUq.exe
  2⤵
  PID:6652
- C:\Windows\System\udVFhWf.exe
  C:\Windows\System\udVFhWf.exe
  2⤵
  PID:6668
- C:\Windows\System\OLthMcR.exe
  C:\Windows\System\OLthMcR.exe
  2⤵
  PID:6684
- C:\Windows\System\CxspXfH.exe
  C:\Windows\System\CxspXfH.exe
  2⤵
  PID:6700
- C:\Windows\System\sCkDIfh.exe
  C:\Windows\System\sCkDIfh.exe
  2⤵
  PID:6716
- C:\Windows\System\IifDxBO.exe
  C:\Windows\System\IifDxBO.exe
  2⤵
  PID:6732
- C:\Windows\System\rDrUzRM.exe
  C:\Windows\System\rDrUzRM.exe
  2⤵
  PID:6812
- C:\Windows\System\PJCLNzk.exe
  C:\Windows\System\PJCLNzk.exe
  2⤵
  PID:6832
- C:\Windows\System\LQdhPpI.exe
  C:\Windows\System\LQdhPpI.exe
  2⤵
  PID:6848
- C:\Windows\System\zTYPODx.exe
  C:\Windows\System\zTYPODx.exe
  2⤵
  PID:6868
- C:\Windows\System\GWoeFTp.exe
  C:\Windows\System\GWoeFTp.exe
  2⤵
  PID:6884
- C:\Windows\System\jKBaMvd.exe
  C:\Windows\System\jKBaMvd.exe
  2⤵
  PID:6912
- C:\Windows\System\cuNTAgs.exe
  C:\Windows\System\cuNTAgs.exe
  2⤵
  PID:6928
- C:\Windows\System\WzJVSQz.exe
  C:\Windows\System\WzJVSQz.exe
  2⤵
  PID:6944
- C:\Windows\System\pVBWshe.exe
  C:\Windows\System\pVBWshe.exe
  2⤵
  PID:6960
- C:\Windows\System\NoEoAWK.exe
  C:\Windows\System\NoEoAWK.exe
  2⤵
  PID:6976
- C:\Windows\System\mDsSvGc.exe
  C:\Windows\System\mDsSvGc.exe
  2⤵
  PID:6992
- C:\Windows\System\nQEuZPE.exe
  C:\Windows\System\nQEuZPE.exe
  2⤵
  PID:7008
- C:\Windows\System\bbbniCl.exe
  C:\Windows\System\bbbniCl.exe
  2⤵
  PID:7040
- C:\Windows\System\GmxZDiu.exe
  C:\Windows\System\GmxZDiu.exe
  2⤵
  PID:7056
- C:\Windows\System\QxkqKvB.exe
  C:\Windows\System\QxkqKvB.exe
  2⤵
  PID:7072
- C:\Windows\System\qDGbycl.exe
  C:\Windows\System\qDGbycl.exe
  2⤵
  PID:7088
- C:\Windows\System\SlgwgNw.exe
  C:\Windows\System\SlgwgNw.exe
  2⤵
  PID:7104
- C:\Windows\System\iKMgAyw.exe
  C:\Windows\System\iKMgAyw.exe
  2⤵
  PID:7120
- C:\Windows\System\GoDDGxb.exe
  C:\Windows\System\GoDDGxb.exe
  2⤵
  PID:7136
- C:\Windows\System\IGctkxk.exe
  C:\Windows\System\IGctkxk.exe
  2⤵
  PID:7152
- C:\Windows\System\FiKUQuD.exe
  C:\Windows\System\FiKUQuD.exe
  2⤵
  PID:2128
- C:\Windows\System\oyzJPBq.exe
  C:\Windows\System\oyzJPBq.exe
  2⤵
  PID:2092
- C:\Windows\System\uAiuwMQ.exe
  C:\Windows\System\uAiuwMQ.exe
  2⤵
  PID:3012
- C:\Windows\System\ebsFDln.exe
  C:\Windows\System\ebsFDln.exe
  2⤵
  PID:6076
- C:\Windows\System\GJwuGBl.exe
  C:\Windows\System\GJwuGBl.exe
  2⤵
  PID:5892
- C:\Windows\System\kmXrZrT.exe
  C:\Windows\System\kmXrZrT.exe
  2⤵
  PID:2136
- C:\Windows\System\ECtpxkT.exe
  C:\Windows\System\ECtpxkT.exe
  2⤵
  PID:6216
- C:\Windows\System\jMWnrUb.exe
  C:\Windows\System\jMWnrUb.exe
  2⤵
  PID:6192
- C:\Windows\System\ctaZerS.exe
  C:\Windows\System\ctaZerS.exe
  2⤵
  PID:2164
- C:\Windows\System\wzUSFsh.exe
  C:\Windows\System\wzUSFsh.exe
  2⤵
  PID:6016
- C:\Windows\System\LWwBfTx.exe
  C:\Windows\System\LWwBfTx.exe
  2⤵
  PID:6312
- C:\Windows\System\moswegC.exe
  C:\Windows\System\moswegC.exe
  2⤵
  PID:6256
- C:\Windows\System\vnCZTWF.exe
  C:\Windows\System\vnCZTWF.exe
  2⤵
  PID:476
- C:\Windows\System\stDNown.exe
  C:\Windows\System\stDNown.exe
  2⤵
  PID:6344
- C:\Windows\System\zMESxYT.exe
  C:\Windows\System\zMESxYT.exe
  2⤵
  PID:6400
- C:\Windows\System\BsNMOev.exe
  C:\Windows\System\BsNMOev.exe
  2⤵
  PID:6420
- C:\Windows\System\gPsVRCI.exe
  C:\Windows\System\gPsVRCI.exe
  2⤵
  PID:6444
- C:\Windows\System\DTuCQzh.exe
  C:\Windows\System\DTuCQzh.exe
  2⤵
  PID:2840
- C:\Windows\System\oRDOMuQ.exe
  C:\Windows\System\oRDOMuQ.exe
  2⤵
  PID:6464
- C:\Windows\System\BeKnmAA.exe
  C:\Windows\System\BeKnmAA.exe
  2⤵
  PID:6484
- C:\Windows\System\RPumnMk.exe
  C:\Windows\System\RPumnMk.exe
  2⤵
  PID:2880
- C:\Windows\System\yclygxO.exe
  C:\Windows\System\yclygxO.exe
  2⤵
  PID:2936
- C:\Windows\System\fDFIgds.exe
  C:\Windows\System\fDFIgds.exe
  2⤵
  PID:1156
- C:\Windows\System\PktLuaD.exe
  C:\Windows\System\PktLuaD.exe
  2⤵
  PID:6624
- C:\Windows\System\OLfnHsl.exe
  C:\Windows\System\OLfnHsl.exe
  2⤵
  PID:6680
- C:\Windows\System\KYjfEcS.exe
  C:\Windows\System\KYjfEcS.exe
  2⤵
  PID:6696
- C:\Windows\System\ihdienq.exe
  C:\Windows\System\ihdienq.exe
  2⤵
  PID:6712
- C:\Windows\System\hBSTQPx.exe
  C:\Windows\System\hBSTQPx.exe
  2⤵
  PID:6548
- C:\Windows\System\pQuoDlC.exe
  C:\Windows\System\pQuoDlC.exe
  2⤵
  PID:6860
- C:\Windows\System\xodTebe.exe
  C:\Windows\System\xodTebe.exe
  2⤵
  PID:6804
- C:\Windows\System\mWymtee.exe
  C:\Windows\System\mWymtee.exe
  2⤵
  PID:6756
- C:\Windows\System\lTmHEja.exe
  C:\Windows\System\lTmHEja.exe
  2⤵
  PID:6904
- C:\Windows\System\sPTNint.exe
  C:\Windows\System\sPTNint.exe
  2⤵
  PID:6936
- C:\Windows\System\aYLqugD.exe
  C:\Windows\System\aYLqugD.exe
  2⤵
  PID:6876
- C:\Windows\System\bLoPHun.exe
  C:\Windows\System\bLoPHun.exe
  2⤵
  PID:7020
- C:\Windows\System\MTTqKPZ.exe
  C:\Windows\System\MTTqKPZ.exe
  2⤵
  PID:7036
- C:\Windows\System\rmRMbLG.exe
  C:\Windows\System\rmRMbLG.exe
  2⤵
  PID:7084
- C:\Windows\System\QIRppBU.exe
  C:\Windows\System\QIRppBU.exe
  2⤵
  PID:4788
- C:\Windows\System\VuuHXrP.exe
  C:\Windows\System\VuuHXrP.exe
  2⤵
  PID:2888
- C:\Windows\System\HKgzlSz.exe
  C:\Windows\System\HKgzlSz.exe
  2⤵
  PID:2572
- C:\Windows\System\AMZtOfI.exe
  C:\Windows\System\AMZtOfI.exe
  2⤵
  PID:6288
- C:\Windows\System\GEMvahR.exe
  C:\Windows\System\GEMvahR.exe
  2⤵
  PID:1652
- C:\Windows\System\xDXPTYr.exe
  C:\Windows\System\xDXPTYr.exe
  2⤵
  PID:6232
- C:\Windows\System\iWCxGVL.exe
  C:\Windows\System\iWCxGVL.exe
  2⤵
  PID:6160
- C:\Windows\System\AgxzaQV.exe
  C:\Windows\System\AgxzaQV.exe
  2⤵
  PID:6252
- C:\Windows\System\IZKbYzQ.exe
  C:\Windows\System\IZKbYzQ.exe
  2⤵
  PID:6348
- C:\Windows\System\PhEjZXB.exe
  C:\Windows\System\PhEjZXB.exe
  2⤵
  PID:1676
- C:\Windows\System\KKRjGtn.exe
  C:\Windows\System\KKRjGtn.exe
  2⤵
  PID:6784
- C:\Windows\System\AzzzZqz.exe
  C:\Windows\System\AzzzZqz.exe
  2⤵
  PID:6388
- C:\Windows\System\bubPpjG.exe
  C:\Windows\System\bubPpjG.exe
  2⤵
  PID:2836
- C:\Windows\System\DGWyKda.exe
  C:\Windows\System\DGWyKda.exe
  2⤵
  PID:6592
- C:\Windows\System\OzZNDHF.exe
  C:\Windows\System\OzZNDHF.exe
  2⤵
  PID:6764
- C:\Windows\System\WMWWFTo.exe
  C:\Windows\System\WMWWFTo.exe
  2⤵
  PID:6608
- C:\Windows\System\hLUHAdr.exe
  C:\Windows\System\hLUHAdr.exe
  2⤵
  PID:6564
- C:\Windows\System\ccHOAFE.exe
  C:\Windows\System\ccHOAFE.exe
  2⤵
  PID:6744
- C:\Windows\System\KutAKQp.exe
  C:\Windows\System\KutAKQp.exe
  2⤵
  PID:6820
- C:\Windows\System\iiAicdw.exe
  C:\Windows\System\iiAicdw.exe
  2⤵
  PID:6800
- C:\Windows\System\pbYtXrm.exe
  C:\Windows\System\pbYtXrm.exe
  2⤵
  PID:6896
- C:\Windows\System\kzbfEGZ.exe
  C:\Windows\System\kzbfEGZ.exe
  2⤵
  PID:7028
- C:\Windows\System\aSqSYar.exe
  C:\Windows\System\aSqSYar.exe
  2⤵
  PID:6920
- C:\Windows\System\PiTGxcX.exe
  C:\Windows\System\PiTGxcX.exe
  2⤵
  PID:7080
- C:\Windows\System\YROnvik.exe
  C:\Windows\System\YROnvik.exe
  2⤵
  PID:6740
- C:\Windows\System\HOPVQJN.exe
  C:\Windows\System\HOPVQJN.exe
  2⤵
  PID:5348
- C:\Windows\System\DbVWuss.exe
  C:\Windows\System\DbVWuss.exe
  2⤵
  PID:3060
- C:\Windows\System\nxXaHxE.exe
  C:\Windows\System\nxXaHxE.exe
  2⤵
  PID:5252
- C:\Windows\System\ScEPYvL.exe
  C:\Windows\System\ScEPYvL.exe
  2⤵
  PID:5952
- C:\Windows\System\dOYbhXy.exe
  C:\Windows\System\dOYbhXy.exe
  2⤵
  PID:5416
- C:\Windows\System\CeHCBIO.exe
  C:\Windows\System\CeHCBIO.exe
  2⤵
  PID:6228
- C:\Windows\System\qMUIMvV.exe
  C:\Windows\System\qMUIMvV.exe
  2⤵
  PID:6364
- C:\Windows\System\sDjYARY.exe
  C:\Windows\System\sDjYARY.exe
  2⤵
  PID:6508
- C:\Windows\System\gReaeFQ.exe
  C:\Windows\System\gReaeFQ.exe
  2⤵
  PID:6500
- C:\Windows\System\EMgmYcE.exe
  C:\Windows\System\EMgmYcE.exe
  2⤵
  PID:1568
- C:\Windows\System\vTClDIj.exe
  C:\Windows\System\vTClDIj.exe
  2⤵
  PID:2124
- C:\Windows\System\MtNmxTl.exe
  C:\Windows\System\MtNmxTl.exe
  2⤵
  PID:7144
- C:\Windows\System\JwFtEiR.exe
  C:\Windows\System\JwFtEiR.exe
  2⤵
  PID:6692
- C:\Windows\System\emVySqn.exe
  C:\Windows\System\emVySqn.exe
  2⤵
  PID:6972
- C:\Windows\System\lRfdQnx.exe
  C:\Windows\System\lRfdQnx.exe
  2⤵
  PID:6792
- C:\Windows\System\aKJAaeh.exe
  C:\Windows\System\aKJAaeh.exe
  2⤵
  PID:6828
- C:\Windows\System\ExgOQLK.exe
  C:\Windows\System\ExgOQLK.exe
  2⤵
  PID:7128
- C:\Windows\System\mVDjoJU.exe
  C:\Windows\System\mVDjoJU.exe
  2⤵
  PID:1480
- C:\Windows\System\RCXrNCK.exe
  C:\Windows\System\RCXrNCK.exe
  2⤵
  PID:1760
- C:\Windows\System\OxMXseh.exe
  C:\Windows\System\OxMXseh.exe
  2⤵
  PID:6488
- C:\Windows\System\NIMvmKD.exe
  C:\Windows\System\NIMvmKD.exe
  2⤵
  PID:6468
- C:\Windows\System\eyOhsQv.exe
  C:\Windows\System\eyOhsQv.exe
  2⤵
  PID:328
- C:\Windows\System\qufxsnz.exe
  C:\Windows\System\qufxsnz.exe
  2⤵
  PID:6844
- C:\Windows\System\VhAKYkB.exe
  C:\Windows\System\VhAKYkB.exe
  2⤵
  PID:6748
- C:\Windows\System\fhyYEzD.exe
  C:\Windows\System\fhyYEzD.exe
  2⤵
  PID:6780
- C:\Windows\System\GxiyUHW.exe
  C:\Windows\System\GxiyUHW.exe
  2⤵
  PID:2640
- C:\Windows\System\bgGeEdC.exe
  C:\Windows\System\bgGeEdC.exe
  2⤵
  PID:6208
- C:\Windows\System\FJPlWaL.exe
  C:\Windows\System\FJPlWaL.exe
  2⤵
  PID:6008
- C:\Windows\System\XXOyJok.exe
  C:\Windows\System\XXOyJok.exe
  2⤵
  PID:6156
- C:\Windows\System\bdiXQUn.exe
  C:\Windows\System\bdiXQUn.exe
  2⤵
  PID:2012
- C:\Windows\System\obTfUrB.exe
  C:\Windows\System\obTfUrB.exe
  2⤵
  PID:6088
- C:\Windows\System\cQtdPso.exe
  C:\Windows\System\cQtdPso.exe
  2⤵
  PID:6788
- C:\Windows\System\vjriYSw.exe
  C:\Windows\System\vjriYSw.exe
  2⤵
  PID:7004
- C:\Windows\System\VVMroVd.exe
  C:\Windows\System\VVMroVd.exe
  2⤵
  PID:7176
- C:\Windows\System\WBaodZH.exe
  C:\Windows\System\WBaodZH.exe
  2⤵
  PID:7192
- C:\Windows\System\rUnIWRr.exe
  C:\Windows\System\rUnIWRr.exe
  2⤵
  PID:7212
- C:\Windows\System\MoCBwpd.exe
  C:\Windows\System\MoCBwpd.exe
  2⤵
  PID:7232
- C:\Windows\System\fmqCeGu.exe
  C:\Windows\System\fmqCeGu.exe
  2⤵
  PID:7272
- C:\Windows\System\HoKVuVY.exe
  C:\Windows\System\HoKVuVY.exe
  2⤵
  PID:7292
- C:\Windows\System\wkFPYTS.exe
  C:\Windows\System\wkFPYTS.exe
  2⤵
  PID:7308
- C:\Windows\System\bOpMDLr.exe
  C:\Windows\System\bOpMDLr.exe
  2⤵
  PID:7340
- C:\Windows\System\KyJQyFp.exe
  C:\Windows\System\KyJQyFp.exe
  2⤵
  PID:7356
- C:\Windows\System\ISXNpWT.exe
  C:\Windows\System\ISXNpWT.exe
  2⤵
  PID:7372
- C:\Windows\System\WuBZaoP.exe
  C:\Windows\System\WuBZaoP.exe
  2⤵
  PID:7388
- C:\Windows\System\ANOOmsF.exe
  C:\Windows\System\ANOOmsF.exe
  2⤵
  PID:7404
- C:\Windows\System\sGhwRmn.exe
  C:\Windows\System\sGhwRmn.exe
  2⤵
  PID:7420
- C:\Windows\System\oUhvSww.exe
  C:\Windows\System\oUhvSww.exe
  2⤵
  PID:7436
- C:\Windows\System\rCqKECY.exe
  C:\Windows\System\rCqKECY.exe
  2⤵
  PID:7452
- C:\Windows\System\kBIhyvi.exe
  C:\Windows\System\kBIhyvi.exe
  2⤵
  PID:7468
- C:\Windows\System\kwxKWSq.exe
  C:\Windows\System\kwxKWSq.exe
  2⤵
  PID:7484
- C:\Windows\System\AZpCdFa.exe
  C:\Windows\System\AZpCdFa.exe
  2⤵
  PID:7500
- C:\Windows\System\sazRgcl.exe
  C:\Windows\System\sazRgcl.exe
  2⤵
  PID:7516
- C:\Windows\System\jfuYAid.exe
  C:\Windows\System\jfuYAid.exe
  2⤵
  PID:7544
- C:\Windows\System\zfxZSsV.exe
  C:\Windows\System\zfxZSsV.exe
  2⤵
  PID:7560
- C:\Windows\System\rsUvPLZ.exe
  C:\Windows\System\rsUvPLZ.exe
  2⤵
  PID:7576
- C:\Windows\System\HXuIbse.exe
  C:\Windows\System\HXuIbse.exe
  2⤵
  PID:7592
- C:\Windows\System\GwOqrab.exe
  C:\Windows\System\GwOqrab.exe
  2⤵
  PID:7608
- C:\Windows\System\YyWpYUx.exe
  C:\Windows\System\YyWpYUx.exe
  2⤵
  PID:7628
- C:\Windows\System\goEkbUs.exe
  C:\Windows\System\goEkbUs.exe
  2⤵
  PID:7644
- C:\Windows\System\IkoKZyF.exe
  C:\Windows\System\IkoKZyF.exe
  2⤵
  PID:7660
- C:\Windows\System\XuNzZhy.exe
  C:\Windows\System\XuNzZhy.exe
  2⤵
  PID:7680
- C:\Windows\System\erEabJp.exe
  C:\Windows\System\erEabJp.exe
  2⤵
  PID:7696
- C:\Windows\System\reriwBl.exe
  C:\Windows\System\reriwBl.exe
  2⤵
  PID:7712
- C:\Windows\System\JGgASOV.exe
  C:\Windows\System\JGgASOV.exe
  2⤵
  PID:7732
- C:\Windows\System\RHBwBih.exe
  C:\Windows\System\RHBwBih.exe
  2⤵
  PID:7748
- C:\Windows\System\EqcFcke.exe
  C:\Windows\System\EqcFcke.exe
  2⤵
  PID:7764
- C:\Windows\System\YlyvdPr.exe
  C:\Windows\System\YlyvdPr.exe
  2⤵
  PID:7780
- C:\Windows\System\FKDZHXI.exe
  C:\Windows\System\FKDZHXI.exe
  2⤵
  PID:7796
- C:\Windows\System\COBjiPo.exe
  C:\Windows\System\COBjiPo.exe
  2⤵
  PID:7820
- C:\Windows\System\ZJiVFlt.exe
  C:\Windows\System\ZJiVFlt.exe
  2⤵
  PID:7836
- C:\Windows\System\SPhzYSw.exe
  C:\Windows\System\SPhzYSw.exe
  2⤵
  PID:7852
- C:\Windows\System\WCXTSXi.exe
  C:\Windows\System\WCXTSXi.exe
  2⤵
  PID:7868
- C:\Windows\System\IDTYaws.exe
  C:\Windows\System\IDTYaws.exe
  2⤵
  PID:7884
- C:\Windows\System\qGppILv.exe
  C:\Windows\System\qGppILv.exe
  2⤵
  PID:7900
- C:\Windows\System\sliEnZF.exe
  C:\Windows\System\sliEnZF.exe
  2⤵
  PID:7916
- C:\Windows\System\ILGrHDc.exe
  C:\Windows\System\ILGrHDc.exe
  2⤵
  PID:7932
- C:\Windows\System\NCFDFsW.exe
  C:\Windows\System\NCFDFsW.exe
  2⤵
  PID:7972
- C:\Windows\System\SArFnSD.exe
  C:\Windows\System\SArFnSD.exe
  2⤵
  PID:7988
- C:\Windows\System\kfhpoSE.exe
  C:\Windows\System\kfhpoSE.exe
  2⤵
  PID:8004
- C:\Windows\System\qwyPLcB.exe
  C:\Windows\System\qwyPLcB.exe
  2⤵
  PID:8020
- C:\Windows\System\xdwbegg.exe
  C:\Windows\System\xdwbegg.exe
  2⤵
  PID:8036
- C:\Windows\System\QvlNmVK.exe
  C:\Windows\System\QvlNmVK.exe
  2⤵
  PID:8052
- C:\Windows\System\krZrdBa.exe
  C:\Windows\System\krZrdBa.exe
  2⤵
  PID:8068
- C:\Windows\System\UymhdWs.exe
  C:\Windows\System\UymhdWs.exe
  2⤵
  PID:8084
- C:\Windows\System\YwkDgzi.exe
  C:\Windows\System\YwkDgzi.exe
  2⤵
  PID:8100
- C:\Windows\System\SyTXceB.exe
  C:\Windows\System\SyTXceB.exe
  2⤵
  PID:8116
- C:\Windows\System\TeRkEnG.exe
  C:\Windows\System\TeRkEnG.exe
  2⤵
  PID:8132
- C:\Windows\System\mZSZvvA.exe
  C:\Windows\System\mZSZvvA.exe
  2⤵
  PID:8148
- C:\Windows\System\XQkBSuC.exe
  C:\Windows\System\XQkBSuC.exe
  2⤵
  PID:8168
- C:\Windows\System\HgBYSXq.exe
  C:\Windows\System\HgBYSXq.exe
  2⤵
  PID:7052
- C:\Windows\System\aeLbtWp.exe
  C:\Windows\System\aeLbtWp.exe
  2⤵
  PID:6856
- C:\Windows\System\AGMUJNY.exe
  C:\Windows\System\AGMUJNY.exe
  2⤵
  PID:6676
- C:\Windows\System\fYmmYsT.exe
  C:\Windows\System\fYmmYsT.exe
  2⤵
  PID:7220
- C:\Windows\System\htOEriI.exe
  C:\Windows\System\htOEriI.exe
  2⤵
  PID:7172
- C:\Windows\System\uBySKir.exe
  C:\Windows\System\uBySKir.exe
  2⤵
  PID:7240
- C:\Windows\System\RqEelSI.exe
  C:\Windows\System\RqEelSI.exe
  2⤵
  PID:7260
- C:\Windows\System\JgdTGUe.exe
  C:\Windows\System\JgdTGUe.exe
  2⤵
  PID:7280
- C:\Windows\System\DIdhACd.exe
  C:\Windows\System\DIdhACd.exe
  2⤵
  PID:7164
- C:\Windows\System\qAlCsri.exe
  C:\Windows\System\qAlCsri.exe
  2⤵
  PID:7284
- C:\Windows\System\wkcjIvL.exe
  C:\Windows\System\wkcjIvL.exe
  2⤵
  PID:7384
- C:\Windows\System\IHmjZcg.exe
  C:\Windows\System\IHmjZcg.exe
  2⤵
  PID:7328
- C:\Windows\System\TELvXTC.exe
  C:\Windows\System\TELvXTC.exe
  2⤵
  PID:7400
- C:\Windows\System\bTciiJs.exe
  C:\Windows\System\bTciiJs.exe
  2⤵
  PID:7336
- C:\Windows\System\NVQXKZx.exe
  C:\Windows\System\NVQXKZx.exe
  2⤵
  PID:7480
- C:\Windows\System\pntySwb.exe
  C:\Windows\System\pntySwb.exe
  2⤵
  PID:7556
- C:\Windows\System\IPeMbkA.exe
  C:\Windows\System\IPeMbkA.exe
  2⤵
  PID:7616
- C:\Windows\System\qRVqPNQ.exe
  C:\Windows\System\qRVqPNQ.exe
  2⤵
  PID:7572
- C:\Windows\System\SMncNRj.exe
  C:\Windows\System\SMncNRj.exe
  2⤵
  PID:7496
- C:\Windows\System\JoLoyBx.exe
  C:\Windows\System\JoLoyBx.exe
  2⤵
  PID:7532
- C:\Windows\System\ueGvuEn.exe
  C:\Windows\System\ueGvuEn.exe
  2⤵
  PID:7320
- C:\Windows\System\hkKXFKL.exe
  C:\Windows\System\hkKXFKL.exe
  2⤵
  PID:7708
- C:\Windows\System\bpVvLGG.exe
  C:\Windows\System\bpVvLGG.exe
  2⤵
  PID:7760
- C:\Windows\System\pFlkhty.exe
  C:\Windows\System\pFlkhty.exe
  2⤵
  PID:7808
- C:\Windows\System\nTPfqAT.exe
  C:\Windows\System\nTPfqAT.exe
  2⤵
  PID:7848
- C:\Windows\System\KAHblsr.exe
  C:\Windows\System\KAHblsr.exe
  2⤵
  PID:7912
- C:\Windows\System\ougLRnA.exe
  C:\Windows\System\ougLRnA.exe
  2⤵
  PID:7720
- C:\Windows\System\lutRuSe.exe
  C:\Windows\System\lutRuSe.exe
  2⤵
  PID:7832
- C:\Windows\System\oSvmvrF.exe
  C:\Windows\System\oSvmvrF.exe
  2⤵
  PID:7896
- C:\Windows\System\sPzgvMW.exe
  C:\Windows\System\sPzgvMW.exe
  2⤵
  PID:6196
- C:\Windows\System\XtQgPyO.exe
  C:\Windows\System\XtQgPyO.exe
  2⤵
  PID:8032
- C:\Windows\System\QsWzFsp.exe
  C:\Windows\System\QsWzFsp.exe
  2⤵
  PID:8012
- C:\Windows\System\cTlomQd.exe
  C:\Windows\System\cTlomQd.exe
  2⤵
  PID:8044
- C:\Windows\System\MTDthut.exe
  C:\Windows\System\MTDthut.exe
  2⤵
  PID:8096
- C:\Windows\System\LJKHNrY.exe
  C:\Windows\System\LJKHNrY.exe
  2⤵
  PID:8108
- C:\Windows\System\XXvGKbk.exe
  C:\Windows\System\XXvGKbk.exe
  2⤵
  PID:8160
- C:\Windows\System\ahbXIDd.exe
  C:\Windows\System\ahbXIDd.exe
  2⤵
  PID:8184
- C:\Windows\System\cWIVdHr.exe
  C:\Windows\System\cWIVdHr.exe
  2⤵
  PID:6952
- C:\Windows\System\zAwUaZL.exe
  C:\Windows\System\zAwUaZL.exe
  2⤵
  PID:7204
- C:\Windows\System\vzLzbZc.exe
  C:\Windows\System\vzLzbZc.exe
  2⤵
  PID:7268
- C:\Windows\System\nGbDLHo.exe
  C:\Windows\System\nGbDLHo.exe
  2⤵
  PID:7228
- C:\Windows\System\HjgiwMv.exe
  C:\Windows\System\HjgiwMv.exe
  2⤵
  PID:6708
- C:\Windows\System\UzKldob.exe
  C:\Windows\System\UzKldob.exe
  2⤵
  PID:7316
- C:\Windows\System\VMlNnOQ.exe
  C:\Windows\System\VMlNnOQ.exe
  2⤵
  PID:7432
- C:\Windows\System\FjPwAXO.exe
  C:\Windows\System\FjPwAXO.exe
  2⤵
  PID:7476
- C:\Windows\System\SVArGeS.exe
  C:\Windows\System\SVArGeS.exe
  2⤵
  PID:7528
- C:\Windows\System\XKRMNgx.exe
  C:\Windows\System\XKRMNgx.exe
  2⤵
  PID:7640
- C:\Windows\System\EVSGwwc.exe
  C:\Windows\System\EVSGwwc.exe
  2⤵
  PID:7540
- C:\Windows\System\XKtNxJK.exe
  C:\Windows\System\XKtNxJK.exe
  2⤵
  PID:7816
- C:\Windows\System\HCRVktF.exe
  C:\Windows\System\HCRVktF.exe
  2⤵
  PID:7676
- C:\Windows\System\ANBUPMi.exe
  C:\Windows\System\ANBUPMi.exe
  2⤵
  PID:7728
- C:\Windows\System\rHwYbqs.exe
  C:\Windows\System\rHwYbqs.exe
  2⤵
  PID:7688
- C:\Windows\System\eVedPMK.exe
  C:\Windows\System\eVedPMK.exe
  2⤵
  PID:7984
- C:\Windows\System\bZcCOne.exe
  C:\Windows\System\bZcCOne.exe
  2⤵
  PID:7940
- C:\Windows\System\MbWzchx.exe
  C:\Windows\System\MbWzchx.exe
  2⤵
  PID:8016
- C:\Windows\System\mwGJKaa.exe
  C:\Windows\System\mwGJKaa.exe
  2⤵
  PID:8164
- C:\Windows\System\pfddcLl.exe
  C:\Windows\System\pfddcLl.exe
  2⤵
  PID:7288
- C:\Windows\System\GlLCRTn.exe
  C:\Windows\System\GlLCRTn.exe
  2⤵
  PID:7604
- C:\Windows\System\nAKfBHS.exe
  C:\Windows\System\nAKfBHS.exe
  2⤵
  PID:7132
- C:\Windows\System\uqaZCKg.exe
  C:\Windows\System\uqaZCKg.exe
  2⤵
  PID:7844
- C:\Windows\System\bJRCeSy.exe
  C:\Windows\System\bJRCeSy.exe
  2⤵
  PID:8028
- C:\Windows\System\AZBjRNU.exe
  C:\Windows\System\AZBjRNU.exe
  2⤵
  PID:6968
- C:\Windows\System\xZYevhJ.exe
  C:\Windows\System\xZYevhJ.exe
  2⤵
  PID:8076
- C:\Windows\System\bxPabDY.exe
  C:\Windows\System\bxPabDY.exe
  2⤵
  PID:7188
- C:\Windows\System\ycgJgWy.exe
  C:\Windows\System\ycgJgWy.exe
  2⤵
  PID:7692
- C:\Windows\System\XOsvpqJ.exe
  C:\Windows\System\XOsvpqJ.exe
  2⤵
  PID:7672
- C:\Windows\System\HeGDmmo.exe
  C:\Windows\System\HeGDmmo.exe
  2⤵
  PID:8064
- C:\Windows\System\kNszUsf.exe
  C:\Windows\System\kNszUsf.exe
  2⤵
  PID:7252
- C:\Windows\System\jYItraM.exe
  C:\Windows\System\jYItraM.exe
  2⤵
  PID:7348
- C:\Windows\System\xatiqoE.exe
  C:\Windows\System\xatiqoE.exe
  2⤵
  PID:8000
- C:\Windows\System\FNShGXk.exe
  C:\Windows\System\FNShGXk.exe
  2⤵
  PID:7864
- C:\Windows\System\bMwlFMv.exe
  C:\Windows\System\bMwlFMv.exe
  2⤵
  PID:7756
- C:\Windows\System\fepKEyW.exe
  C:\Windows\System\fepKEyW.exe
  2⤵
  PID:7416
- C:\Windows\System\kpHyjQO.exe
  C:\Windows\System\kpHyjQO.exe
  2⤵
  PID:8204
- C:\Windows\System\YvOzdvW.exe
  C:\Windows\System\YvOzdvW.exe
  2⤵
  PID:8220
- C:\Windows\System\iXeWOjE.exe
  C:\Windows\System\iXeWOjE.exe
  2⤵
  PID:8260
- C:\Windows\System\HKUwnmp.exe
  C:\Windows\System\HKUwnmp.exe
  2⤵
  PID:8312
- C:\Windows\System\PNiUVCA.exe
  C:\Windows\System\PNiUVCA.exe
  2⤵
  PID:8332
- C:\Windows\System\MQyidyV.exe
  C:\Windows\System\MQyidyV.exe
  2⤵
  PID:8348
- C:\Windows\System\XWCIQAq.exe
  C:\Windows\System\XWCIQAq.exe
  2⤵
  PID:8364
- C:\Windows\System\nZuSgrk.exe
  C:\Windows\System\nZuSgrk.exe
  2⤵
  PID:8380
- C:\Windows\System\fLtTuHD.exe
  C:\Windows\System\fLtTuHD.exe
  2⤵
  PID:8396
- C:\Windows\System\yBfPKYn.exe
  C:\Windows\System\yBfPKYn.exe
  2⤵
  PID:8416
- C:\Windows\System\waUAZVp.exe
  C:\Windows\System\waUAZVp.exe
  2⤵
  PID:8432
- C:\Windows\System\MxczVBy.exe
  C:\Windows\System\MxczVBy.exe
  2⤵
  PID:8448
- C:\Windows\System\ivnwOKR.exe
  C:\Windows\System\ivnwOKR.exe
  2⤵
  PID:8488
- C:\Windows\System\OuDPPoB.exe
  C:\Windows\System\OuDPPoB.exe
  2⤵
  PID:8504
- C:\Windows\System\SYrsOgg.exe
  C:\Windows\System\SYrsOgg.exe
  2⤵
  PID:8520
- C:\Windows\System\ZrlzyoE.exe
  C:\Windows\System\ZrlzyoE.exe
  2⤵
  PID:8536
- C:\Windows\System\DZUXVSc.exe
  C:\Windows\System\DZUXVSc.exe
  2⤵
  PID:8552
- C:\Windows\System\RBXywrS.exe
  C:\Windows\System\RBXywrS.exe
  2⤵
  PID:8568
- C:\Windows\System\GDPRMBo.exe
  C:\Windows\System\GDPRMBo.exe
  2⤵
  PID:8584
- C:\Windows\System\xFBoeDk.exe
  C:\Windows\System\xFBoeDk.exe
  2⤵
  PID:8600
- C:\Windows\System\RWjCODp.exe
  C:\Windows\System\RWjCODp.exe
  2⤵
  PID:8616
- C:\Windows\System\tNJmnUw.exe
  C:\Windows\System\tNJmnUw.exe
  2⤵
  PID:8632
- C:\Windows\System\bUcJMXv.exe
  C:\Windows\System\bUcJMXv.exe
  2⤵
  PID:8648
- C:\Windows\System\yGcqkzi.exe
  C:\Windows\System\yGcqkzi.exe
  2⤵
  PID:8664
- C:\Windows\System\ycGMsgM.exe
  C:\Windows\System\ycGMsgM.exe
  2⤵
  PID:8680
- C:\Windows\System\GxZgcRl.exe
  C:\Windows\System\GxZgcRl.exe
  2⤵
  PID:8696
- C:\Windows\System\miXzAFX.exe
  C:\Windows\System\miXzAFX.exe
  2⤵
  PID:8712
- C:\Windows\System\murwclM.exe
  C:\Windows\System\murwclM.exe
  2⤵
  PID:8728
- C:\Windows\System\VaSCBHL.exe
  C:\Windows\System\VaSCBHL.exe
  2⤵
  PID:8744
- C:\Windows\System\LcIDFkW.exe
  C:\Windows\System\LcIDFkW.exe
  2⤵
  PID:8760
- C:\Windows\System\pgPLsSD.exe
  C:\Windows\System\pgPLsSD.exe
  2⤵
  PID:8776
- C:\Windows\System\kIwLptU.exe
  C:\Windows\System\kIwLptU.exe
  2⤵
  PID:8792
- C:\Windows\System\EnWwTWD.exe
  C:\Windows\System\EnWwTWD.exe
  2⤵
  PID:8808
- C:\Windows\System\mYuNobi.exe
  C:\Windows\System\mYuNobi.exe
  2⤵
  PID:8824
- C:\Windows\System\STEyZIp.exe
  C:\Windows\System\STEyZIp.exe
  2⤵
  PID:8840
- C:\Windows\System\RdxDUCH.exe
  C:\Windows\System\RdxDUCH.exe
  2⤵
  PID:8904
- C:\Windows\System\ymXziRb.exe
  C:\Windows\System\ymXziRb.exe
  2⤵
  PID:8920
- C:\Windows\System\VADgQtC.exe
  C:\Windows\System\VADgQtC.exe
  2⤵
  PID:8936
- C:\Windows\System\ZGitoCW.exe
  C:\Windows\System\ZGitoCW.exe
  2⤵
  PID:8952
- C:\Windows\System\ZwEhucz.exe
  C:\Windows\System\ZwEhucz.exe
  2⤵
  PID:8968
- C:\Windows\System\xsMhlFu.exe
  C:\Windows\System\xsMhlFu.exe
  2⤵
  PID:8984
- C:\Windows\System\oiVytMb.exe
  C:\Windows\System\oiVytMb.exe
  2⤵
  PID:9000
- C:\Windows\System\DVecEww.exe
  C:\Windows\System\DVecEww.exe
  2⤵
  PID:9016
- C:\Windows\System\imDyCjp.exe
  C:\Windows\System\imDyCjp.exe
  2⤵
  PID:9032
- C:\Windows\System\SrwfqmL.exe
  C:\Windows\System\SrwfqmL.exe
  2⤵
  PID:9048
- C:\Windows\System\ItmqKxu.exe
  C:\Windows\System\ItmqKxu.exe
  2⤵
  PID:9064
- C:\Windows\System\PwBrFSa.exe
  C:\Windows\System\PwBrFSa.exe
  2⤵
  PID:9140
- C:\Windows\System\vUlYqqh.exe
  C:\Windows\System\vUlYqqh.exe
  2⤵
  PID:9164
- C:\Windows\System\pJHblZh.exe
  C:\Windows\System\pJHblZh.exe
  2⤵
  PID:9192
- C:\Windows\System\SZrDzLz.exe
  C:\Windows\System\SZrDzLz.exe
  2⤵
  PID:7588
- C:\Windows\System\uhwFoGu.exe
  C:\Windows\System\uhwFoGu.exe
  2⤵
  PID:8240
- C:\Windows\System\EAkyCbD.exe
  C:\Windows\System\EAkyCbD.exe
  2⤵
  PID:8200
- C:\Windows\System\uHqQptx.exe
  C:\Windows\System\uHqQptx.exe
  2⤵
  PID:8268
- C:\Windows\System\qosKPbX.exe
  C:\Windows\System\qosKPbX.exe
  2⤵
  PID:8292
- C:\Windows\System\bznsalZ.exe
  C:\Windows\System\bznsalZ.exe
  2⤵
  PID:8376
- C:\Windows\System\veTYmps.exe
  C:\Windows\System\veTYmps.exe
  2⤵
  PID:8444
- C:\Windows\System\yscWGGm.exe
  C:\Windows\System\yscWGGm.exe
  2⤵
  PID:8424
- C:\Windows\System\OSJPCtv.exe
  C:\Windows\System\OSJPCtv.exe
  2⤵
  PID:8476
- C:\Windows\System\IdXAfsR.exe
  C:\Windows\System\IdXAfsR.exe
  2⤵
  PID:8456
- C:\Windows\System\JzCOGMT.exe
  C:\Windows\System\JzCOGMT.exe
  2⤵
  PID:8576
- C:\Windows\System\AgWrdmE.exe
  C:\Windows\System\AgWrdmE.exe
  2⤵
  PID:8564
- C:\Windows\System\SuzzoHu.exe
  C:\Windows\System\SuzzoHu.exe
  2⤵
  PID:8704
- C:\Windows\System\pdYLfeM.exe
  C:\Windows\System\pdYLfeM.exe
  2⤵
  PID:8768
- C:\Windows\System\hcQuNDV.exe
  C:\Windows\System\hcQuNDV.exe
  2⤵
  PID:8756
- C:\Windows\System\sXgqeJr.exe
  C:\Windows\System\sXgqeJr.exe
  2⤵
  PID:8816
- C:\Windows\System\tulvfBV.exe
  C:\Windows\System\tulvfBV.exe
  2⤵
  PID:8800
- C:\Windows\System\nFoBDRW.exe
  C:\Windows\System\nFoBDRW.exe
  2⤵
  PID:8864
- C:\Windows\System\TozisLw.exe
  C:\Windows\System\TozisLw.exe
  2⤵
  PID:8880
- C:\Windows\System\bqyzqSb.exe
  C:\Windows\System\bqyzqSb.exe
  2⤵
  PID:9024
- C:\Windows\System\OpMEcTa.exe
  C:\Windows\System\OpMEcTa.exe
  2⤵
  PID:9116
- C:\Windows\System\VedDDto.exe
  C:\Windows\System\VedDDto.exe
  2⤵
  PID:9136
- C:\Windows\System\lthbBJZ.exe
  C:\Windows\System\lthbBJZ.exe
  2⤵
  PID:9160
- C:\Windows\System\RONitti.exe
  C:\Windows\System\RONitti.exe
  2⤵
  PID:9172
- C:\Windows\System\KunvhoK.exe
  C:\Windows\System\KunvhoK.exe
  2⤵
  PID:9212
- C:\Windows\System\FRMTlAr.exe
  C:\Windows\System\FRMTlAr.exe
  2⤵
  PID:9200
- C:\Windows\System\yYLUOOj.exe
  C:\Windows\System\yYLUOOj.exe
  2⤵
  PID:8228
- C:\Windows\System\vTmulvm.exe
  C:\Windows\System\vTmulvm.exe
  2⤵
  PID:8236
- C:\Windows\System\jAziOfx.exe
  C:\Windows\System\jAziOfx.exe
  2⤵
  PID:8256
- C:\Windows\System\fjqJRRW.exe
  C:\Windows\System\fjqJRRW.exe
  2⤵
  PID:8300
- C:\Windows\System\plapfsj.exe
  C:\Windows\System\plapfsj.exe
  2⤵
  PID:8440
- C:\Windows\System\xcUWZED.exe
  C:\Windows\System\xcUWZED.exe
  2⤵
  PID:8328
- C:\Windows\System\SLKhViL.exe
  C:\Windows\System\SLKhViL.exe
  2⤵
  PID:7744
- C:\Windows\System\ldFjiwK.exe
  C:\Windows\System\ldFjiwK.exe
  2⤵
  PID:8548
- C:\Windows\System\iwdCbhy.exe
  C:\Windows\System\iwdCbhy.exe
  2⤵
  PID:8628
- C:\Windows\System\usRZWYc.exe
  C:\Windows\System\usRZWYc.exe
  2⤵
  PID:8612
- C:\Windows\System\pCBwPOK.exe
  C:\Windows\System\pCBwPOK.exe
  2⤵
  PID:8688
- C:\Windows\System\VvXHiRv.exe
  C:\Windows\System\VvXHiRv.exe
  2⤵
  PID:8820
- C:\Windows\System\TfxqeCV.exe
  C:\Windows\System\TfxqeCV.exe
  2⤵
  PID:8720
- C:\Windows\System\eSriPyv.exe
  C:\Windows\System\eSriPyv.exe
  2⤵
  PID:8676
- C:\Windows\System\BtgHckC.exe
  C:\Windows\System\BtgHckC.exe
  2⤵
  PID:8876
- C:\Windows\System\TCfSSKz.exe
  C:\Windows\System\TCfSSKz.exe
  2⤵
  PID:8896
- C:\Windows\System\SbVGeBf.exe
  C:\Windows\System\SbVGeBf.exe
  2⤵
  PID:7740
- C:\Windows\System\mdhrDBP.exe
  C:\Windows\System\mdhrDBP.exe
  2⤵
  PID:8916
- C:\Windows\System\yiTEJSK.exe
  C:\Windows\System\yiTEJSK.exe
  2⤵
  PID:8948
- C:\Windows\System\ncDoHct.exe
  C:\Windows\System\ncDoHct.exe
  2⤵
  PID:9040
- C:\Windows\System\DnVmHPx.exe
  C:\Windows\System\DnVmHPx.exe
  2⤵
  PID:9080
- C:\Windows\System\rgjQrqt.exe
  C:\Windows\System\rgjQrqt.exe
  2⤵
  PID:9096
- C:\Windows\System\dhQhmoX.exe
  C:\Windows\System\dhQhmoX.exe
  2⤵
  PID:9112
- C:\Windows\System\JbiKmWH.exe
  C:\Windows\System\JbiKmWH.exe
  2⤵
  PID:9132
- C:\Windows\System\NuEYDfz.exe
  C:\Windows\System\NuEYDfz.exe
  2⤵
  PID:8144
- C:\Windows\System\mEEDQpH.exe
  C:\Windows\System\mEEDQpH.exe
  2⤵
  PID:8284
- C:\Windows\System\CfwrLuo.exe
  C:\Windows\System\CfwrLuo.exe
  2⤵
  PID:8140
- C:\Windows\System\NILwzqn.exe
  C:\Windows\System\NILwzqn.exe
  2⤵
  PID:9156
- C:\Windows\System\ePzzIeU.exe
  C:\Windows\System\ePzzIeU.exe
  2⤵
  PID:8372
- C:\Windows\System\EEVHuVz.exe
  C:\Windows\System\EEVHuVz.exe
  2⤵
  PID:8660
- C:\Windows\System\gfGEJFE.exe
  C:\Windows\System\gfGEJFE.exe
  2⤵
  PID:8320
- C:\Windows\System\BhoCyZo.exe
  C:\Windows\System\BhoCyZo.exe
  2⤵
  PID:8852
- C:\Windows\System\vrYbKjq.exe
  C:\Windows\System\vrYbKjq.exe
  2⤵
  PID:8500
- C:\Windows\System\RMqZMKA.exe
  C:\Windows\System\RMqZMKA.exe
  2⤵
  PID:8692
- C:\Windows\System\mQIQgyh.exe
  C:\Windows\System\mQIQgyh.exe
  2⤵
  PID:8944
- C:\Windows\System\gONKdgK.exe
  C:\Windows\System\gONKdgK.exe
  2⤵
  PID:9100
- C:\Windows\System\InHmdIG.exe
  C:\Windows\System\InHmdIG.exe
  2⤵
  PID:8252
- C:\Windows\System\DPWfFXo.exe
  C:\Windows\System\DPWfFXo.exe
  2⤵
  PID:7724
- C:\Windows\System\dtFCcAc.exe
  C:\Windows\System\dtFCcAc.exe
  2⤵
  PID:8472
- C:\Windows\System\DSlRrJx.exe
  C:\Windows\System\DSlRrJx.exe
  2⤵
  PID:8544
- C:\Windows\System\ZuUehRq.exe
  C:\Windows\System\ZuUehRq.exe
  2⤵
  PID:8624
- C:\Windows\System\XdUxWrJ.exe
  C:\Windows\System\XdUxWrJ.exe
  2⤵
  PID:9012
- C:\Windows\System\BToszFW.exe
  C:\Windows\System\BToszFW.exe
  2⤵
  PID:8932
- C:\Windows\System\AoQjKVZ.exe
  C:\Windows\System\AoQjKVZ.exe
  2⤵
  PID:9072
- C:\Windows\System\KNAygoj.exe
  C:\Windows\System\KNAygoj.exe
  2⤵
  PID:8496
- C:\Windows\System\DXPTDdo.exe
  C:\Windows\System\DXPTDdo.exe
  2⤵
  PID:7804
- C:\Windows\System\aquIkKx.exe
  C:\Windows\System\aquIkKx.exe
  2⤵
  PID:8528
- C:\Windows\System\WWUmXHI.exe
  C:\Windows\System\WWUmXHI.exe
  2⤵
  PID:8672
- C:\Windows\System\XaioXvl.exe
  C:\Windows\System\XaioXvl.exe
  2⤵
  PID:9056
- C:\Windows\System\gVgYSXw.exe
  C:\Windows\System\gVgYSXw.exe
  2⤵
  PID:9092
- C:\Windows\System\eQzvxkl.exe
  C:\Windows\System\eQzvxkl.exe
  2⤵
  PID:9188
- C:\Windows\System\AIZSPlD.exe
  C:\Windows\System\AIZSPlD.exe
  2⤵
  PID:9224
- C:\Windows\System\udHIVbQ.exe
  C:\Windows\System\udHIVbQ.exe
  2⤵
  PID:9240
- C:\Windows\System\mTFzhqy.exe
  C:\Windows\System\mTFzhqy.exe
  2⤵
  PID:9256
- C:\Windows\System\KgVsIca.exe
  C:\Windows\System\KgVsIca.exe
  2⤵
  PID:9272
- C:\Windows\System\hBmOJrR.exe
  C:\Windows\System\hBmOJrR.exe
  2⤵
  PID:9288
- C:\Windows\System\XdGhARB.exe
  C:\Windows\System\XdGhARB.exe
  2⤵
  PID:9304
- C:\Windows\System\QjMqSXd.exe
  C:\Windows\System\QjMqSXd.exe
  2⤵
  PID:9320
- C:\Windows\System\yXoALnk.exe
  C:\Windows\System\yXoALnk.exe
  2⤵
  PID:9336
- C:\Windows\System\wFBnArV.exe
  C:\Windows\System\wFBnArV.exe
  2⤵
  PID:9352
- C:\Windows\System\VXTSCOw.exe
  C:\Windows\System\VXTSCOw.exe
  2⤵
  PID:9368
- C:\Windows\System\WakIwSi.exe
  C:\Windows\System\WakIwSi.exe
  2⤵
  PID:9384
- C:\Windows\System\GTNkLio.exe
  C:\Windows\System\GTNkLio.exe
  2⤵
  PID:9400
- C:\Windows\System\IlrBhDS.exe
  C:\Windows\System\IlrBhDS.exe
  2⤵
  PID:9416
- C:\Windows\System\IOjetGg.exe
  C:\Windows\System\IOjetGg.exe
  2⤵
  PID:9432
- C:\Windows\System\MxmhLGG.exe
  C:\Windows\System\MxmhLGG.exe
  2⤵
  PID:9452
- C:\Windows\System\fMITOxS.exe
  C:\Windows\System\fMITOxS.exe
  2⤵
  PID:9468
- C:\Windows\System\JGDOzDo.exe
  C:\Windows\System\JGDOzDo.exe
  2⤵
  PID:9484
- C:\Windows\System\qBnGHEW.exe
  C:\Windows\System\qBnGHEW.exe
  2⤵
  PID:9500
- C:\Windows\System\WxHzJuu.exe
  C:\Windows\System\WxHzJuu.exe
  2⤵
  PID:9516
- C:\Windows\System\jGuKgZb.exe
  C:\Windows\System\jGuKgZb.exe
  2⤵
  PID:9532
- C:\Windows\System\WxKvFLq.exe
  C:\Windows\System\WxKvFLq.exe
  2⤵
  PID:9552
- C:\Windows\System\raGIrcD.exe
  C:\Windows\System\raGIrcD.exe
  2⤵
  PID:9568
- C:\Windows\System\IGHExeh.exe
  C:\Windows\System\IGHExeh.exe
  2⤵
  PID:9588
- C:\Windows\System\LZMXnzp.exe
  C:\Windows\System\LZMXnzp.exe
  2⤵
  PID:9604
- C:\Windows\System\cOXuScT.exe
  C:\Windows\System\cOXuScT.exe
  2⤵
  PID:9668
- C:\Windows\System\BhKpkpw.exe
  C:\Windows\System\BhKpkpw.exe
  2⤵
  PID:9684
- C:\Windows\System\QuQKqPE.exe
  C:\Windows\System\QuQKqPE.exe
  2⤵
  PID:9700
- C:\Windows\System\YVdSvqR.exe
  C:\Windows\System\YVdSvqR.exe
  2⤵
  PID:9716
- C:\Windows\System\tMCIzvE.exe
  C:\Windows\System\tMCIzvE.exe
  2⤵
  PID:9732
- C:\Windows\System\nTbhSfZ.exe
  C:\Windows\System\nTbhSfZ.exe
  2⤵
  PID:9788
- C:\Windows\System\QfREWsO.exe
  C:\Windows\System\QfREWsO.exe
  2⤵
  PID:9884
- C:\Windows\System\vppMJgj.exe
  C:\Windows\System\vppMJgj.exe
  2⤵
  PID:9900
- C:\Windows\System\mXZtvEu.exe
  C:\Windows\System\mXZtvEu.exe
  2⤵
  PID:9924
- C:\Windows\System\NpBUGxf.exe
  C:\Windows\System\NpBUGxf.exe
  2⤵
  PID:10084
- C:\Windows\System\YvGrKfs.exe
  C:\Windows\System\YvGrKfs.exe
  2⤵
  PID:10120
- C:\Windows\System\MpLHauw.exe
  C:\Windows\System\MpLHauw.exe
  2⤵
  PID:10136
- C:\Windows\System\mWcUgoW.exe
  C:\Windows\System\mWcUgoW.exe
  2⤵
  PID:10152
- C:\Windows\System\xssdgau.exe
  C:\Windows\System\xssdgau.exe
  2⤵
  PID:10168
- C:\Windows\System\nNaFQTz.exe
  C:\Windows\System\nNaFQTz.exe
  2⤵
  PID:10188
- C:\Windows\System\NNYROOq.exe
  C:\Windows\System\NNYROOq.exe
  2⤵
  PID:10224
- C:\Windows\System\SsBozDQ.exe
  C:\Windows\System\SsBozDQ.exe
  2⤵
  PID:8872
- C:\Windows\System\VHcYtvD.exe
  C:\Windows\System\VHcYtvD.exe
  2⤵
  PID:9252
- C:\Windows\System\iZpcTEy.exe
  C:\Windows\System\iZpcTEy.exe
  2⤵
  PID:9316
- C:\Windows\System\FjYDbEn.exe
  C:\Windows\System\FjYDbEn.exe
  2⤵
  PID:9380
- C:\Windows\System\myADoqe.exe
  C:\Windows\System\myADoqe.exe
  2⤵
  PID:9264
- C:\Windows\System\vrHAYCj.exe
  C:\Windows\System\vrHAYCj.exe
  2⤵
  PID:9328
- C:\Windows\System\dMkMZXY.exe
  C:\Windows\System\dMkMZXY.exe
  2⤵
  PID:9364
- C:\Windows\System\KgexKaY.exe
  C:\Windows\System\KgexKaY.exe
  2⤵
  PID:9428
- C:\Windows\System\NhahvTw.exe
  C:\Windows\System\NhahvTw.exe
  2⤵
  PID:9476
- C:\Windows\System\bYBmHyo.exe
  C:\Windows\System\bYBmHyo.exe
  2⤵
  PID:9496
- C:\Windows\System\uSFCdZx.exe
  C:\Windows\System\uSFCdZx.exe
  2⤵
  PID:9540
- C:\Windows\System\cxEvmmc.exe
  C:\Windows\System\cxEvmmc.exe
  2⤵
  PID:9560
- C:\Windows\System\TdazhkR.exe
  C:\Windows\System\TdazhkR.exe
  2⤵
  PID:9596
- C:\Windows\System\iMWXBNB.exe
  C:\Windows\System\iMWXBNB.exe
  2⤵
  PID:9620
- C:\Windows\System\FjbamCl.exe
  C:\Windows\System\FjbamCl.exe
  2⤵
  PID:9636
- C:\Windows\System\KhntbWe.exe
  C:\Windows\System\KhntbWe.exe
  2⤵
  PID:9652
- C:\Windows\System\JZHaFHp.exe
  C:\Windows\System\JZHaFHp.exe
  2⤵
  PID:9760
- C:\Windows\System\oGcuPLA.exe
  C:\Windows\System\oGcuPLA.exe
  2⤵
  PID:9776
- C:\Windows\System\OvOHYkf.exe
  C:\Windows\System\OvOHYkf.exe
  2⤵
  PID:9808
- C:\Windows\System\dZXFfki.exe
  C:\Windows\System\dZXFfki.exe
  2⤵
  PID:9824
- C:\Windows\System\eRAUXes.exe
  C:\Windows\System\eRAUXes.exe
  2⤵
  PID:9840
- C:\Windows\System\NYLTKzy.exe
  C:\Windows\System\NYLTKzy.exe
  2⤵
  PID:9856
- C:\Windows\System\fZquNJa.exe
  C:\Windows\System\fZquNJa.exe
  2⤵
  PID:9872
- C:\Windows\System\IcLXvjB.exe
  C:\Windows\System\IcLXvjB.exe
  2⤵
  PID:9908
- C:\Windows\System\iIbOBVV.exe
  C:\Windows\System\iIbOBVV.exe
  2⤵
  PID:9932
- C:\Windows\System\cbcNCmR.exe
  C:\Windows\System\cbcNCmR.exe
  2⤵
  PID:9948
- C:\Windows\System\mRAoBOV.exe
  C:\Windows\System\mRAoBOV.exe
  2⤵
  PID:9976
- C:\Windows\System\zuqeDxu.exe
  C:\Windows\System\zuqeDxu.exe
  2⤵
  PID:10000
- C:\Windows\System\JSjpTdE.exe
  C:\Windows\System\JSjpTdE.exe
  2⤵
  PID:10016
- C:\Windows\System\fyTEawh.exe
  C:\Windows\System\fyTEawh.exe
  2⤵
  PID:10032
- C:\Windows\System\IoCxPRy.exe
  C:\Windows\System\IoCxPRy.exe
  2⤵
  PID:10056
- C:\Windows\System\bXYCGvf.exe
  C:\Windows\System\bXYCGvf.exe
  2⤵
  PID:10072
- C:\Windows\System\fjhDHPp.exe
  C:\Windows\System\fjhDHPp.exe
  2⤵
  PID:10096
- C:\Windows\System\fvcUEkr.exe
  C:\Windows\System\fvcUEkr.exe
  2⤵
  PID:10160
- C:\Windows\System\ZoSpPTU.exe
  C:\Windows\System\ZoSpPTU.exe
  2⤵
  PID:10204
- C:\Windows\System\THAmmaB.exe
  C:\Windows\System\THAmmaB.exe
  2⤵
  PID:10116
- C:\Windows\System\abZxhKS.exe
  C:\Windows\System\abZxhKS.exe
  2⤵
  PID:10180
- C:\Windows\System\rQQgLrt.exe
  C:\Windows\System\rQQgLrt.exe
  2⤵
  PID:9232
- C:\Windows\System\akvkKKd.exe
  C:\Windows\System\akvkKKd.exe
  2⤵
  PID:9300
- C:\Windows\System\QtXTqHc.exe
  C:\Windows\System\QtXTqHc.exe
  2⤵
  PID:9492
- C:\Windows\System\qoNzqvE.exe
  C:\Windows\System\qoNzqvE.exe
  2⤵
  PID:9600
- C:\Windows\System\rGyqgQP.exe
  C:\Windows\System\rGyqgQP.exe
  2⤵
  PID:9632
- C:\Windows\System\hHNfODv.exe
  C:\Windows\System\hHNfODv.exe
  2⤵
  PID:9480
- C:\Windows\System\sEAmdze.exe
  C:\Windows\System\sEAmdze.exe
  2⤵
  PID:9584
- C:\Windows\System\hXJLsej.exe
  C:\Windows\System\hXJLsej.exe
  2⤵
  PID:9644
- C:\Windows\System\MoUYMlr.exe
  C:\Windows\System\MoUYMlr.exe
  2⤵
  PID:9772
- C:\Windows\System\ZsvIKKS.exe
  C:\Windows\System\ZsvIKKS.exe
  2⤵
  PID:9740
- C:\Windows\System\LZDKbYG.exe
  C:\Windows\System\LZDKbYG.exe
  2⤵
  PID:9756
- C:\Windows\System\ygUyAAu.exe
  C:\Windows\System\ygUyAAu.exe
  2⤵
  PID:9820
- C:\Windows\System\SROTDrZ.exe
  C:\Windows\System\SROTDrZ.exe
  2⤵
  PID:9912
- C:\Windows\System\cDEVBkZ.exe
  C:\Windows\System\cDEVBkZ.exe
  2⤵
  PID:10044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AMZtyBu.exe

Filesize
6.0MB

MD5
edb2ca6857ae164989b8613f1e0281b4

SHA1
e0831659da78dc9c60fe30bcb515472a4d8de9c3

SHA256
0c9f7032e8395e44d091dba2195ae8bd6aca157c333ef398c76380ee38bd50e9

SHA512
bd37ddeb372112cdfb61b364df40ba5c9015333a8dd5e9a5ca1904ffb91ba178d19af5116a9674843675b7d6f38ae28635694ec1924da5cdcef0f9946192b631

Download Submit
C:\Windows\system\HZZKeAB.exe

Filesize
6.0MB

MD5
d3e7d623d1a4a74ae4605f693c27e743

SHA1
6f36ab09218b93a324fcd9fe838af48935087119

SHA256
640e39088843867f06ab16b89aa35826365b0b6e01e0595e19fe8d50aefe38d0

SHA512
6c102f26e4750c2d516b17af5f6df63673ba5f0d0b7b7a85042f5dde0cb2d2cc5cf8b1ee37468452fa5a5495f5bc2e80b3f0c0bb2fd0a8bda51b9104cc08a72c

Download Submit
C:\Windows\system\KMswqYM.exe

Filesize
6.0MB

MD5
bbbdbddaa68bc0ba16171ba6d3bb34a8

SHA1
de0aed00f134acfa986700930b8e110b92ba0e8e

SHA256
85d46a0f2d4355790aa460c0567f42eea40c2fbacb7f1dc83f0fcf2a4ca22bcd

SHA512
97f5c20c4148b320b721bedabe5af0b03c8aa0104bc586c009e7458bfe0b1ee0263b1f761badf6b539dc2db6647bdf9dce24d2b649c4fd3e668ebb883f6e7bb6

Download Submit
C:\Windows\system\SjehxoC.exe

Filesize
6.0MB

MD5
5a1a8f1f7d362f86b3bbf6527214d0e8

SHA1
0ad6f49aab8163b6b6136f0d9a011cb3510bb88b

SHA256
bc4a2888801485feacbd85bd4602b486dd92aa6642e977a6a7b523b9f2871927

SHA512
43ecd596791c962d0adc978ef279cf73564f06e5d0a01738474cd0d7367737f3730dfd2138ea0215d68413056febc5c1430ff28afaa11e5415b2088d45f7c0a1

Download Submit
C:\Windows\system\SrLaxiX.exe

Filesize
6.0MB

MD5
bbd23d3a39dc696bf4ad07748ad70de5

SHA1
b86e51af1a332f69f61f914e07bcc4aa8d796e41

SHA256
8658892b68d296098cf5ada96a730083493f0fb707556aeb022d7ca9b2a12a8d

SHA512
bbccd87540ac1ed8e6a660bff2b41d86efa6a2b7fc72536f9e129101ddea411edfcfc134ebc0cb4923a6c6a2f1dd06a5e8bbb5b3dc1a82c00062c5213798241e

Download Submit
C:\Windows\system\TWcmUMP.exe

Filesize
6.0MB

MD5
71b02006be48c78d001efc0738eace76

SHA1
9890df8dd4ed393a5eab3c8e99d9a3fbd0cdc84c

SHA256
6ba74696b163e6798dddb0aa8af1bbc06d46ff73b9c6a996fb3a145a85f08c5f

SHA512
c9c25f225219d205aa98100ad14f3218a802dfe0f762e24002a86ef98322432102f1153623389c2fffa32af8a51762c9e3bc08602420cf31faac7e80ee4f663e

Download Submit
C:\Windows\system\VJHUcXH.exe

Filesize
6.0MB

MD5
8953500b6e1a6f34da27b834bf8afc4a

SHA1
f4df17abab3f3d725ade69495f21d0107f13d7a7

SHA256
ade8cbdbc80a6f90146a7d3ebfe1527f8843ffd6dc65515d3451a2d7531ae827

SHA512
9e659b7dce8203062012ec8af31c8aaef258efb6f7d105a65eb3878f041c00db212d237744febec49c7740ecbd5af45641a8828a4bab200b510843a578c5a49f

Download Submit
C:\Windows\system\WtKvNuX.exe

Filesize
6.0MB

MD5
ee5837063b89cc17184ca76a8564cf89

SHA1
97af81f53c727259613481f6ce885442a8dfdd03

SHA256
eda85af5cfa766ff21979451f4273c2527169cee86bf9413daa3d867494b1ac9

SHA512
fcd64a1bd8008045897cf91ec3b8d760b5757bb35f829a4dfb8907c37d8cc4c9ec31c70c923107fa13c7d79364514ab506622f42575cd07d12bc10dd2ecf0e42

Download Submit
C:\Windows\system\axjNKEQ.exe

Filesize
6.0MB

MD5
1e8c67af56384c44700ed37bbfc78448

SHA1
3e356ea84ef8572622703255d002cc37818a5f8a

SHA256
d0510522fce3e2f908a59c2d09c23b808c8815d2e6e5a5c5e28c2691aa05ef8a

SHA512
9b6820df8424a356dac0e691d4904c4eaf44580c00f4c6b501095d2851ee870d2309f15bb89969ad82cf538db2c383d7689dbddf06274ec17118f1680557209b

Download Submit
C:\Windows\system\eXeNbGL.exe

Filesize
6.0MB

MD5
2bc99ce21d2db5496cee04775d8e586f

SHA1
40ea583c8ce968848cc94621824baab6ff1a65d3

SHA256
8f685466a144fd9eb26d36f344322b13ba0c8f8e3643a56bf12ee37c62e69a00

SHA512
eee626d9eed11c589fc26000d232b7f4bb4ad9ef8414b0abf8477d2298ce9c941d2bc12b72546634e80e5618c585a3d7d4f31e5fd2e76a1e1ae532b64c9da8e0

Download Submit
C:\Windows\system\gKPNbwp.exe

Filesize
6.0MB

MD5
442c8991895ab7d317af82fafced40df

SHA1
7ddea24e0814cfbf2c5557dab2a162134b6661fe

SHA256
c082b27f26ecd8b6bed8fa29f04cb2df2b295ff00431f23d0df3aaafdc76ceb5

SHA512
e7911375fd59b54bad16dc181f81193b4c3e8244908ccf7596872c4413e53a03987caae3fdcd9c091c730206e307fdb1ab2b882f3b3ae556e94857bfa94f50a7

Download Submit
C:\Windows\system\gnYyEyd.exe

Filesize
6.0MB

MD5
39582ff23243bb6926aee663ce0e9406

SHA1
55f208c5907d8ef4b0dc2f79f2fd73c8821d8d80

SHA256
a9ae23b65622ae5eb862f320d4104a33a81f02594e733a44832f6a769d65e7ac

SHA512
54cf19189e1881b3fabd6f7bf7ca805644986ea9b6fff2a5b58e7d28ed81b9b6e4547ee9e8818591f798594c1dd6a14a5086c866c5e55a4e9bb38d63f0aea74e

Download Submit
C:\Windows\system\hvscJQL.exe

Filesize
6.0MB

MD5
4e08fce4a3edae72e12d46d2e1cfa900

SHA1
7686b281d146c24a2a2072a8df1ba447a9b30f1b

SHA256
587369ec98874461c822b19f58b061a19b5cd487007baab7f1408bff5e6bb745

SHA512
31aa29af3bfffc92070ed28ead439c514a024fbaa77e0c1a8b68055b487b953c3617ecfbc9d8a8399c20b1e175661473741ac9518550a4f50d223e7bc2b00a2c

Download Submit
C:\Windows\system\hyNALrk.exe

Filesize
6.0MB

MD5
c764032dd35f19d3b99a7bc67ec4cac3

SHA1
14a1c873eb3534bd18c397b241878bd730777b4a

SHA256
b1d9097f1e04da505de2794022d0e5b3b94413793018e21898e19482c8094dc2

SHA512
1e5dad56a3ed45e015f9fdb5018fd55f89fd2b28391f70e35efa36f5e34522eda4b761fc3bd09b039bbd1b7e152cf79928ab86bdfbb592c55141674d884e4add

Download Submit
C:\Windows\system\iRLJoOE.exe

Filesize
6.0MB

MD5
39f52f1706b670a045417372c4e0eac1

SHA1
260340fc6e235f0a04d11c51037c7e250724bb67

SHA256
24db39656709e8b37a76fd6568ea83393031828de5baddf27b3f30b24af3d9ed

SHA512
18c709100abe329eb2273fe6fe6b54da0cf0e5d2c9c4a6a1bc6a5862b0be11b4c1a197b6ba51b244d8ad2f8c66e7b228f8b35fe0bfc451b1b71e9b26c7698da3

Download Submit
C:\Windows\system\iWAbdAL.exe

Filesize
6.0MB

MD5
246f0c620d5ae834a28cd726055eff2d

SHA1
45fb0e50afbf9729fbc98db6a5e84cbb75911b6c

SHA256
722f56ac898de961d5038ee6231acb49b46f4e35d953dab9beca50d56e4b856c

SHA512
52b05a4059f5cf0bcfdfce6737a2aa61c48eb41f30092378e8432bb397efa54be515e62f6edf928028b9d419ac99deeddcde9917b9ebb99eefdc97bb23d4c63b

Download Submit
C:\Windows\system\koHhWyS.exe

Filesize
6.0MB

MD5
b5db1789f116b52e6543662d1d82e58e

SHA1
399966d01a2e04817f430176fc9209d5bcaf195a

SHA256
76626812f4467c0a7e51eb845c90e1ecc5e46ee71c0defd480b68301cde193c5

SHA512
38730e932d666536a65a636ab10ae10e058163722640963823ae139e076220ff001bbd30d4989c10eab2b747406f9f42308a8bfd9514e7690b1db276e7137de4

Download Submit
C:\Windows\system\oTsRfiR.exe

Filesize
6.0MB

MD5
f33917a2610e7f5c6141fde301f15edd

SHA1
61a44ee31750306aa3e6f0d610504aa51bb70586

SHA256
3bfe24f8a93660be6c3de6e57df856fbf0367bdf4c283af8942e27c8fbd9741e

SHA512
1781ed6af7b229f6ee411f6f5342524a306b224d1f26cfe2f173c2153d8c2d5a466bafa430b35342b8aa5d3cd965eb4de158c5b0d95e85b257aaac2717ba4009

Download Submit
C:\Windows\system\ozqFfoi.exe

Filesize
6.0MB

MD5
07358bfc01d78d10a1603833c66f0b9b

SHA1
fe5e3687285107deb2c2b0df9321b88166c9ecc1

SHA256
6a44c0769da98a6ee9aa28cbc13c92bf66932a4dbef32b57f4392e112da5eb7e

SHA512
389d0068bc6a9ac2eb11acbf99620001ab35541d6f8ff6a845a0505e2e13876636a5693f5766df52ae197308e1f4dc40da8af3a91be39de24ef3e6348033836f

Download Submit
C:\Windows\system\pZrhlmZ.exe

Filesize
6.0MB

MD5
7a34c44d1dd292a61a77db152f1e973c

SHA1
1fdff51b40f3e6febf0a29e75eb932053046b748

SHA256
e47607b325df46507289a9da9764da87ea81d1d769e97d8cb04184aee5014cda

SHA512
47d5fc859c4d14d6d962e02e291355bd19f7eeb7e3032c749d6b3267abd48447c4916cf81aea2f76eb90dd0b70dbc4e65adc151576d1abcf8e77b7569ec3efd7

Download Submit
C:\Windows\system\qiqQndn.exe

Filesize
6.0MB

MD5
daa49bcdad99e6cf850098267fe6b6f2

SHA1
f1cd5bfc22495c1992b80ed40ae7d59dcdf9b51a

SHA256
404458a317134d7301a74ac29e15943ae5a8625113a0fbeb90ef79e1d16b7e10

SHA512
519c71fde8f818e479645b11a4b76810c430cdab72ad74f9347a7454652f833c0b843d7419ed28de4866ba9819bfa10ffe3c4da198bae2709efe19941eede05a

Download Submit
C:\Windows\system\syxtJUk.exe

Filesize
6.0MB

MD5
96f2c822963f37ebe0607f1cbbdd7be7

SHA1
773868610b7b03f020e843c06dd202817e069d96

SHA256
ce90f7cd15a268a7ea4831e8fd07a4332e4bce2b1d73a809fd66d9cd5a4f121f

SHA512
40913a6d4dd18bcc36421fec61e49161bce41cf38bf20a78be528c18964e2c03a5231564816f9a70a62a3e8d9577ad27f6d818b94f555c7fdedc010eb8a835b3

Download Submit
C:\Windows\system\uzyeycx.exe

Filesize
6.0MB

MD5
771313e094d2caebe2833bae28037d96

SHA1
0172076d180ece8de7223dccaba64e3479ae9efe

SHA256
bc225f12f3fd780812a528a44403da2a1bbbf1ce81bfd5f9aaa85ab5bf08b21d

SHA512
57a9b52d59aa000009f249eb798d44308fc23040bfe0ed34111d5baabde968adc65c68a6ed2058edb34305dd429ec6c1400d1cccc1e8072743c9198dd3d5df4e

Download Submit
C:\Windows\system\wdafAan.exe

Filesize
6.0MB

MD5
d7e2ddd46ed7a5bcaad7f3746c1db963

SHA1
754bde1192ed738e28356dafc8b93b02bdde42a6

SHA256
346c2dfeeb5faa7b00a5a501c312319ffebfe77ec8b12160bbb5a07ef886ed97

SHA512
67764c67343aa5116503b4d540115a4e99d0cc653ce82ce919a5e2c3b640ead90a45b6dfb0f0bb1de8459923acd9318c0bb3f4b61069df53d891517a0a531485

Download Submit
C:\Windows\system\xCJhdMx.exe

Filesize
6.0MB

MD5
fde78d1b203b9f1c856609633704f922

SHA1
cbb85082531bc79d8683c83494dab08e8419e1ca

SHA256
1b6afb8391dbe33015757553928b5d7e771395d926db298b6154755d418d0f60

SHA512
eccee00239bdb469ea1cbbb9a7874ac55c570e4ef6596c0178ad9a547f2e2ebf36ccadf9d2bcf4a2da36827e5fee3bb0f7828ee1f599a248b90dd9f6985715d4

Download Submit
C:\Windows\system\yaUCBvD.exe

Filesize
6.0MB

MD5
119c920d8ded534eca093f3311e4c312

SHA1
d4f1f6207237cbb91e2512475214e6d430ef4f81

SHA256
611f6b9a9f73f8e184da2b9f7f00b53d8536214b894e9631e9543370b9a12288

SHA512
06f9e881ff40a6412fb1df30879f6c37b2f65c393d1e613798889fd854787f72c35c03ba98eadb2c0e443208c3a883ddaa2897795e8881f8564b19a2b57e3691

Download Submit
C:\Windows\system\ykMkwWX.exe

Filesize
6.0MB

MD5
11a91b81952c8ecd8d6ce187c4f0a2a2

SHA1
6711edb1b04c2ba1788fdaf010c5cba5199c4e61

SHA256
eba153a65e770b73ab4f29bddbdee419bb6d965bb5cd8dcca4a874522c2b08ff

SHA512
5f8a46563d1c5ecd0e7536e19ad7fa1b3b6f45774f665715de1e499377a26a57309b223e7312bbcecabab3712a6ee731a25e4daefd4f29570e307db2cee463ff

Download Submit
C:\Windows\system\zLdpFCR.exe

Filesize
6.0MB

MD5
f6488dae2d20b4450116cf4b805960ef

SHA1
fe16e615abea60df5e9ebfe4eb23578dad01855c

SHA256
2776b5812add10692491d512e422efffb2059df75ea712bd4c38518131134435

SHA512
dc62f32d12ed8792cd2740345fc09a96952719f51ca8482e5a61e31a514a74a2b215353b6761261494a89de62f50eb6ab625354e485283b31a02ddc35b2777c8

Download Submit
C:\Windows\system\zwvTIdx.exe

Filesize
6.0MB

MD5
65deec1cb95dfb9eed292c06df133bb7

SHA1
dec940af16bcf553c5111194c016b7e06db3bfed

SHA256
65586f5abdc9fdc251aab2953439b056d97405769d7587676018293184906cca

SHA512
655af9ba0148f76d875642b56130b9fee6f838304ebab27b828a6087c88d39da005c255f3d0e9f838f7b42d0bb1b300a2d12c15c0a167aa6227217f1438f54be

Download Submit
\Windows\system\GKvAaoU.exe

Filesize
6.0MB

MD5
bdee22d8ef85b937aa1f0c6e90d142c1

SHA1
9731fc5d66c8b9d33d8c25eeb5ecccf233d80ef9

SHA256
3e610f302d38134159e0c7e81f94b0c3930d90683b78f0869208197ab4be508c

SHA512
2e09225632722549359035631b967f78e4bfa58852e4f356086a84d1bea67e46bc332e6ef37be8d0d60abb0094f6ac2c16c98621fe6f255b23b1e7a03fa80695

Download Submit
\Windows\system\OodkOBP.exe

Filesize
6.0MB

MD5
74241a07514521b4196b460bb14db803

SHA1
61422f56c844c43797998c511f04c11ced924145

SHA256
ec18b56e11f74dcf0b2fac58a8966b31e3de1bce87b3b42928e3fbd132632724

SHA512
3cea61725e0dfe3730812231bd68c3e3a265dfeccf3225e7a64c04cf78e7ee4afe59e380fc628af92ac33d87d11b12097ddb0e953734c06a2562b8804d3748ff

Download Submit
\Windows\system\bcwYNff.exe

Filesize
6.0MB

MD5
832e0cd6254e7685bb4fbac98e97f4ab

SHA1
75328979f75ff88106f3dbcb8b61caa60dbc7c7b

SHA256
cb59bc2d6373118c520942676e39d9f398a4a54d85fb0fa7f34307bb61c751f0

SHA512
b6ecf4c61994513800c1d185e0d2e59ec79a0b19586149b6216baa2d8d5c0f5d6aab60f2697e1ea12ca539ae72bd7466e758956ca1eb041f701914ac07e5ef4c

Download Submit
\Windows\system\ynsKPWR.exe

Filesize
6.0MB

MD5
a96ba4187ea741adb87fee939026268e

SHA1
a45134832d79b3035d180a81db75de1ccd013f00

SHA256
959b9a63bf7496f55d1c48d2b418d660114954a5af9b4b97d349276a2e61d644

SHA512
e541ead6d3b31f387cd6afe7d30023145f8e1506bad112dcae81f45c8fd6a7d9a8d41aa34b45557734dfcc89d741388b103a0799eb6fb348c538d1689ed9e8bd

Download Submit
memory/1500-1986-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1500-3712-0x000000013F430000-0x000000013F784000-memory.dmp

Filesize
3.3MB

Download
memory/1696-1935-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1696-3695-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/1716-3640-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1716-1933-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1788-1939-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/1788-3696-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2004-3737-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2004-1763-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1760-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3125-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1757-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2396-0-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2396-88-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1486-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1762-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1764-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1632-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3248-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1934-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1936-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1546-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1938-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3252-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1940-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3245-0x000000013FC60000-0x000000013FFB4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1732-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1989-0x000000013FE50000-0x00000001401A4000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3243-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2984-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/2396-2986-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3113-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3154-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2396-1755-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3124-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3171-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3204-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3223-0x000000013F6E0000-0x000000013FA34000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3222-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3221-0x000000013FBB0000-0x000000013FF04000-memory.dmp

Filesize
3.3MB

Download
memory/2396-3218-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2596-3664-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2596-1754-0x000000013FBE0000-0x000000013FF34000-memory.dmp

Filesize
3.3MB

Download
memory/2600-3701-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2600-1761-0x000000013FBA0000-0x000000013FEF4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-1728-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2684-3650-0x000000013F090000-0x000000013F3E4000-memory.dmp

Filesize
3.3MB

Download
memory/2732-3669-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2732-1756-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2740-1759-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2740-3665-0x000000013F4D0000-0x000000013F824000-memory.dmp

Filesize
3.3MB

Download
memory/2764-3644-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2764-2143-0x000000013FB00000-0x000000013FE54000-memory.dmp

Filesize
3.3MB

Download
memory/2768-3697-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2768-1545-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2792-1629-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2792-3666-0x000000013F3C0000-0x000000013F714000-memory.dmp

Filesize
3.3MB

Download
memory/2920-3705-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2920-1937-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download