cobaltstrike | 44ce32f7a5b8e58925f92a1a7369cbb2d1ce4eb358e49c7b7a7de9374027ee86

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

bff6f27aa55a36a883b411f872f815da
SHA1

b93ea020b9bf0af194552378cc4e85eb9636ac00
SHA256

44ce32f7a5b8e58925f92a1a7369cbb2d1ce4eb358e49c7b7a7de9374027ee86
SHA512

7e52dd8eeaeb61f6cb39e50d5a975522499fc4c8efc2eb2fe4ad5518635b04be8db6b45b65a6b437193be5e662466d6c13fffbdd3a8d0068b53c794b070e3db7
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU7:T+q56utgpPF8u/77

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012118-6.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d41-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d59-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d81-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f25-37.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d9f-115.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-195.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-189.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-180.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-175.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-169.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-160.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-155.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-150.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-145.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016ecf-140.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016df3-135.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016dea-130.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016de8-126.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d77-106.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000015d0e-96.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6b-89.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d4b-75.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d54-73.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d6f-99.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000016d67-85.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d43-62.dat	cobalt_reflective_dll
behavioral1/files/0x000900000001610d-56.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015f7b-47.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000015ec4-32.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2616-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000012118-6.dat	xmrig
behavioral1/files/0x0008000000015d41-8.dat	xmrig
behavioral1/memory/1736-15-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/1716-14-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d59-16.dat	xmrig
behavioral1/memory/3004-21-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/files/0x0008000000015d81-25.dat	xmrig
behavioral1/memory/2828-34-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f25-37.dat	xmrig
behavioral1/memory/2616-40-0x000000013FF50000-0x00000001402A4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d9f-115.dat	xmrig
behavioral1/memory/2332-915-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2672-547-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2700-294-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/2840-293-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2616-213-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/files/0x0005000000018739-195.dat	xmrig
behavioral1/files/0x00050000000186f4-185.dat	xmrig
behavioral1/files/0x0005000000018704-189.dat	xmrig
behavioral1/files/0x00050000000186f1-180.dat	xmrig
behavioral1/files/0x00050000000186ed-175.dat	xmrig
behavioral1/files/0x0005000000018686-165.dat	xmrig
behavioral1/files/0x00050000000186e7-169.dat	xmrig
behavioral1/files/0x000600000001755b-160.dat	xmrig
behavioral1/files/0x000600000001749c-155.dat	xmrig
behavioral1/files/0x0006000000017497-150.dat	xmrig
behavioral1/files/0x0006000000017049-145.dat	xmrig
behavioral1/files/0x0006000000016ecf-140.dat	xmrig
behavioral1/files/0x0006000000016df3-135.dat	xmrig
behavioral1/files/0x0006000000016dea-130.dat	xmrig
behavioral1/files/0x0006000000016de8-126.dat	xmrig
behavioral1/files/0x0006000000016d77-106.dat	xmrig
behavioral1/files/0x0008000000015d0e-96.dat	xmrig
behavioral1/memory/2740-119-0x000000013FB20000-0x000000013FE74000-memory.dmp	xmrig
behavioral1/memory/1756-118-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2616-117-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig
behavioral1/memory/2788-116-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d6b-89.dat	xmrig
behavioral1/memory/2672-80-0x000000013F310000-0x000000013F664000-memory.dmp	xmrig
behavioral1/memory/2828-77-0x000000013F850000-0x000000013FBA4000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d4b-75.dat	xmrig
behavioral1/files/0x0006000000016d54-73.dat	xmrig
behavioral1/memory/2700-68-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d6f-99.dat	xmrig
behavioral1/memory/2332-88-0x000000013F4F0000-0x000000013F844000-memory.dmp	xmrig
behavioral1/memory/2948-87-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/files/0x0006000000016d67-85.dat	xmrig
behavioral1/memory/2840-58-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/3004-57-0x000000013FED0000-0x0000000140224000-memory.dmp	xmrig
behavioral1/memory/2616-71-0x000000013F140000-0x000000013F494000-memory.dmp	xmrig
behavioral1/memory/2516-63-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d43-62.dat	xmrig
behavioral1/files/0x000900000001610d-56.dat	xmrig
behavioral1/memory/2616-55-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2948-39-0x000000013FFF0000-0x0000000140344000-memory.dmp	xmrig
behavioral1/memory/2804-51-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/1716-49-0x000000013F5E0000-0x000000013F934000-memory.dmp	xmrig
behavioral1/files/0x0007000000015f7b-47.dat	xmrig
behavioral1/files/0x0007000000015ec4-32.dat	xmrig
behavioral1/memory/2516-27-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1736-3900-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2804-3944-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/1756-4011-0x000000013F950000-0x000000013FCA4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1736	OikAONu.exe
1716	USKCtOX.exe
3004	QtRmBnK.exe
2516	SkIssoL.exe
2828	IuGvulP.exe
2948	SSEJaEq.exe
2804	ccmKKVm.exe
2840	UgCtmhO.exe
2700	cXnvYer.exe
2672	EnWnUNt.exe
2332	uYKvBXX.exe
2788	hSRjHtr.exe
1756	lfCYBrd.exe
2740	hqXzZAw.exe
316	tHAkGOG.exe
1680	smrfQyO.exe
3008	NlyHoVb.exe
324	QUYOBPa.exe
1096	fpRyZZY.exe
1420	vDjtCZh.exe
1324	vWcDeYk.exe
2104	AUSCEgW.exe
2440	ltycSpJ.exe
2412	lBLaqFa.exe
1796	DgJchCt.exe
2956	JyqrSZp.exe
408	xqsSDNm.exe
2188	bmrlIYA.exe
756	dzorCyq.exe
1344	dOgPgLz.exe
1924	sMGZajP.exe
2424	QZAXckH.exe
1544	dbWVWUS.exe
1352	OufHoww.exe
1904	ivpvfSf.exe
1944	XqDXtAc.exe
900	akDaHXT.exe
2572	YfpAnbC.exe
1244	MAmItuF.exe
2236	PDHCpWT.exe
1876	zUcGJGE.exe
2208	gHwgLTm.exe
1528	ZJrhgVr.exe
2108	jPtsQPW.exe
2744	LUomPaR.exe
1660	dMddyNx.exe
800	nFbjKbI.exe
2920	nhpxyFz.exe
2524	nOhVJxS.exe
2068	MsSHAjo.exe
1576	vgmlHFy.exe
1604	ZtXiRlU.exe
1712	YHKfwPK.exe
2172	mIrFHni.exe
2892	HwkoVvr.exe
3044	MMYSdmb.exe
2852	CXTqUkD.exe
2312	eNxHOzk.exe
2044	vPxOfZV.exe
2676	uVNfyBn.exe
3012	nHaGEVl.exe
1888	efUeUDp.exe
840	NwzQZXe.exe
1628	sJssDgI.exe

Loads dropped DLL 64 IoCs

pid	Process
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2616-0-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0007000000012118-6.dat	upx
behavioral1/files/0x0008000000015d41-8.dat	upx
behavioral1/memory/1736-15-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/1716-14-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x0008000000015d59-16.dat	upx
behavioral1/memory/3004-21-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/files/0x0008000000015d81-25.dat	upx
behavioral1/memory/2828-34-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0007000000015f25-37.dat	upx
behavioral1/memory/2616-40-0x000000013FF50000-0x00000001402A4000-memory.dmp	upx
behavioral1/files/0x0006000000016d9f-115.dat	upx
behavioral1/memory/2332-915-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2672-547-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2700-294-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/2840-293-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/files/0x0005000000018739-195.dat	upx
behavioral1/files/0x00050000000186f4-185.dat	upx
behavioral1/files/0x0005000000018704-189.dat	upx
behavioral1/files/0x00050000000186f1-180.dat	upx
behavioral1/files/0x00050000000186ed-175.dat	upx
behavioral1/files/0x0005000000018686-165.dat	upx
behavioral1/files/0x00050000000186e7-169.dat	upx
behavioral1/files/0x000600000001755b-160.dat	upx
behavioral1/files/0x000600000001749c-155.dat	upx
behavioral1/files/0x0006000000017497-150.dat	upx
behavioral1/files/0x0006000000017049-145.dat	upx
behavioral1/files/0x0006000000016ecf-140.dat	upx
behavioral1/files/0x0006000000016df3-135.dat	upx
behavioral1/files/0x0006000000016dea-130.dat	upx
behavioral1/files/0x0006000000016de8-126.dat	upx
behavioral1/files/0x0006000000016d77-106.dat	upx
behavioral1/files/0x0008000000015d0e-96.dat	upx
behavioral1/memory/2740-119-0x000000013FB20000-0x000000013FE74000-memory.dmp	upx
behavioral1/memory/1756-118-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2788-116-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/files/0x0006000000016d6b-89.dat	upx
behavioral1/memory/2672-80-0x000000013F310000-0x000000013F664000-memory.dmp	upx
behavioral1/memory/2828-77-0x000000013F850000-0x000000013FBA4000-memory.dmp	upx
behavioral1/files/0x0006000000016d4b-75.dat	upx
behavioral1/files/0x0006000000016d54-73.dat	upx
behavioral1/memory/2700-68-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/files/0x0006000000016d6f-99.dat	upx
behavioral1/memory/2332-88-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/2948-87-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/files/0x0006000000016d67-85.dat	upx
behavioral1/memory/2840-58-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/3004-57-0x000000013FED0000-0x0000000140224000-memory.dmp	upx
behavioral1/memory/2516-63-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x0008000000016d43-62.dat	upx
behavioral1/files/0x000900000001610d-56.dat	upx
behavioral1/memory/2948-39-0x000000013FFF0000-0x0000000140344000-memory.dmp	upx
behavioral1/memory/2804-51-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/1716-49-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx
behavioral1/files/0x0007000000015f7b-47.dat	upx
behavioral1/files/0x0007000000015ec4-32.dat	upx
behavioral1/memory/2516-27-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1736-3900-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2804-3944-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/2332-4010-0x000000013F4F0000-0x000000013F844000-memory.dmp	upx
behavioral1/memory/1756-4011-0x000000013F950000-0x000000013FCA4000-memory.dmp	upx
behavioral1/memory/2788-4022-0x000000013F140000-0x000000013F494000-memory.dmp	upx
behavioral1/memory/2516-4021-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1716-4019-0x000000013F5E0000-0x000000013F934000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\OUBgydA.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KfalLcP.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bpnLtfb.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\htChscK.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FslBBli.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eOuwamD.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ImjgoiC.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MzfKMvR.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pzFGKbJ.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GGzMhmK.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zqYGopJ.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cLKGxnS.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ukunbaJ.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zbLIsQY.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pZJIpmD.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ISpfRwE.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HTvjNKw.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xWFmBRc.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nqfuNBq.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UDKoTOR.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bduijvw.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YnECEAZ.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SGBqyFF.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gqhWXXf.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uAGbiDg.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EnWnUNt.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKlWfpW.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ogKczoO.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DtAFFzd.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sZnpGOq.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lfCYBrd.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOZNpCZ.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zRsmTuK.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LuJJxGA.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eNqDEzj.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LAuvufy.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\icdcNjd.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Nvcgeij.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NlyHoVb.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vFasCAm.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iiusjSo.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eelYZAo.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LcHwAiT.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uxVVNTa.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IuGvulP.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XKscLBp.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kDdArIO.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YteWcKF.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cYMDnWq.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\prnaBUQ.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tPGGjNE.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkPQgTG.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zOmwceN.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GucTYlj.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ztzNnoT.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GtpDact.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjxGuut.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OtaaOnD.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZJrhgVr.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hAOAebT.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBeWFmn.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OxHeOnJ.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AIdLjlt.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BeKBadg.exe	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 1736	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2616 wrote to memory of 1736	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2616 wrote to memory of 1736	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2616 wrote to memory of 1716	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2616 wrote to memory of 1716	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2616 wrote to memory of 1716	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2616 wrote to memory of 3004	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2616 wrote to memory of 3004	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2616 wrote to memory of 3004	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2616 wrote to memory of 2516	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2616 wrote to memory of 2516	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2616 wrote to memory of 2516	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2616 wrote to memory of 2828	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2616 wrote to memory of 2828	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2616 wrote to memory of 2828	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2616 wrote to memory of 2948	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2616 wrote to memory of 2948	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2616 wrote to memory of 2948	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2616 wrote to memory of 2804	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2616 wrote to memory of 2804	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2616 wrote to memory of 2804	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2616 wrote to memory of 2840	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2616 wrote to memory of 2840	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2616 wrote to memory of 2840	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2616 wrote to memory of 2700	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2616 wrote to memory of 2700	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2616 wrote to memory of 2700	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2616 wrote to memory of 2788	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2616 wrote to memory of 2788	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2616 wrote to memory of 2788	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2616 wrote to memory of 2672	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2616 wrote to memory of 2672	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2616 wrote to memory of 2672	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2616 wrote to memory of 2740	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2616 wrote to memory of 2740	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2616 wrote to memory of 2740	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2616 wrote to memory of 2332	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2616 wrote to memory of 2332	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2616 wrote to memory of 2332	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2616 wrote to memory of 316	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2616 wrote to memory of 316	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2616 wrote to memory of 316	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2616 wrote to memory of 1756	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2616 wrote to memory of 1756	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2616 wrote to memory of 1756	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2616 wrote to memory of 3008	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2616 wrote to memory of 3008	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2616 wrote to memory of 3008	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2616 wrote to memory of 1680	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2616 wrote to memory of 1680	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2616 wrote to memory of 1680	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2616 wrote to memory of 324	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2616 wrote to memory of 324	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2616 wrote to memory of 324	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2616 wrote to memory of 1096	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2616 wrote to memory of 1096	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2616 wrote to memory of 1096	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2616 wrote to memory of 1420	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2616 wrote to memory of 1420	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2616 wrote to memory of 1420	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2616 wrote to memory of 1324	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2616 wrote to memory of 1324	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2616 wrote to memory of 1324	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2616 wrote to memory of 2104	2616	2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_bff6f27aa55a36a883b411f872f815da_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Windows\System\OikAONu.exe
  C:\Windows\System\OikAONu.exe
  2⤵
  - Executes dropped EXE
  PID:1736
- C:\Windows\System\USKCtOX.exe
  C:\Windows\System\USKCtOX.exe
  2⤵
  - Executes dropped EXE
  PID:1716
- C:\Windows\System\QtRmBnK.exe
  C:\Windows\System\QtRmBnK.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\SkIssoL.exe
  C:\Windows\System\SkIssoL.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\IuGvulP.exe
  C:\Windows\System\IuGvulP.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\SSEJaEq.exe
  C:\Windows\System\SSEJaEq.exe
  2⤵
  - Executes dropped EXE
  PID:2948
- C:\Windows\System\ccmKKVm.exe
  C:\Windows\System\ccmKKVm.exe
  2⤵
  - Executes dropped EXE
  PID:2804
- C:\Windows\System\UgCtmhO.exe
  C:\Windows\System\UgCtmhO.exe
  2⤵
  - Executes dropped EXE
  PID:2840
- C:\Windows\System\cXnvYer.exe
  C:\Windows\System\cXnvYer.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\hSRjHtr.exe
  C:\Windows\System\hSRjHtr.exe
  2⤵
  - Executes dropped EXE
  PID:2788
- C:\Windows\System\EnWnUNt.exe
  C:\Windows\System\EnWnUNt.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\hqXzZAw.exe
  C:\Windows\System\hqXzZAw.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\uYKvBXX.exe
  C:\Windows\System\uYKvBXX.exe
  2⤵
  - Executes dropped EXE
  PID:2332
- C:\Windows\System\tHAkGOG.exe
  C:\Windows\System\tHAkGOG.exe
  2⤵
  - Executes dropped EXE
  PID:316
- C:\Windows\System\lfCYBrd.exe
  C:\Windows\System\lfCYBrd.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\NlyHoVb.exe
  C:\Windows\System\NlyHoVb.exe
  2⤵
  - Executes dropped EXE
  PID:3008
- C:\Windows\System\smrfQyO.exe
  C:\Windows\System\smrfQyO.exe
  2⤵
  - Executes dropped EXE
  PID:1680
- C:\Windows\System\QUYOBPa.exe
  C:\Windows\System\QUYOBPa.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\fpRyZZY.exe
  C:\Windows\System\fpRyZZY.exe
  2⤵
  - Executes dropped EXE
  PID:1096
- C:\Windows\System\vDjtCZh.exe
  C:\Windows\System\vDjtCZh.exe
  2⤵
  - Executes dropped EXE
  PID:1420
- C:\Windows\System\vWcDeYk.exe
  C:\Windows\System\vWcDeYk.exe
  2⤵
  - Executes dropped EXE
  PID:1324
- C:\Windows\System\AUSCEgW.exe
  C:\Windows\System\AUSCEgW.exe
  2⤵
  - Executes dropped EXE
  PID:2104
- C:\Windows\System\ltycSpJ.exe
  C:\Windows\System\ltycSpJ.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\lBLaqFa.exe
  C:\Windows\System\lBLaqFa.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Windows\System\DgJchCt.exe
  C:\Windows\System\DgJchCt.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\JyqrSZp.exe
  C:\Windows\System\JyqrSZp.exe
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Windows\System\xqsSDNm.exe
  C:\Windows\System\xqsSDNm.exe
  2⤵
  - Executes dropped EXE
  PID:408
- C:\Windows\System\bmrlIYA.exe
  C:\Windows\System\bmrlIYA.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\dzorCyq.exe
  C:\Windows\System\dzorCyq.exe
  2⤵
  - Executes dropped EXE
  PID:756
- C:\Windows\System\dOgPgLz.exe
  C:\Windows\System\dOgPgLz.exe
  2⤵
  - Executes dropped EXE
  PID:1344
- C:\Windows\System\sMGZajP.exe
  C:\Windows\System\sMGZajP.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\QZAXckH.exe
  C:\Windows\System\QZAXckH.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\dbWVWUS.exe
  C:\Windows\System\dbWVWUS.exe
  2⤵
  - Executes dropped EXE
  PID:1544
- C:\Windows\System\OufHoww.exe
  C:\Windows\System\OufHoww.exe
  2⤵
  - Executes dropped EXE
  PID:1352
- C:\Windows\System\ivpvfSf.exe
  C:\Windows\System\ivpvfSf.exe
  2⤵
  - Executes dropped EXE
  PID:1904
- C:\Windows\System\XqDXtAc.exe
  C:\Windows\System\XqDXtAc.exe
  2⤵
  - Executes dropped EXE
  PID:1944
- C:\Windows\System\akDaHXT.exe
  C:\Windows\System\akDaHXT.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\YfpAnbC.exe
  C:\Windows\System\YfpAnbC.exe
  2⤵
  - Executes dropped EXE
  PID:2572
- C:\Windows\System\MAmItuF.exe
  C:\Windows\System\MAmItuF.exe
  2⤵
  - Executes dropped EXE
  PID:1244
- C:\Windows\System\PDHCpWT.exe
  C:\Windows\System\PDHCpWT.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\zUcGJGE.exe
  C:\Windows\System\zUcGJGE.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\gHwgLTm.exe
  C:\Windows\System\gHwgLTm.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\ZJrhgVr.exe
  C:\Windows\System\ZJrhgVr.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\jPtsQPW.exe
  C:\Windows\System\jPtsQPW.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\LUomPaR.exe
  C:\Windows\System\LUomPaR.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\dMddyNx.exe
  C:\Windows\System\dMddyNx.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\nFbjKbI.exe
  C:\Windows\System\nFbjKbI.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\nhpxyFz.exe
  C:\Windows\System\nhpxyFz.exe
  2⤵
  - Executes dropped EXE
  PID:2920
- C:\Windows\System\nOhVJxS.exe
  C:\Windows\System\nOhVJxS.exe
  2⤵
  - Executes dropped EXE
  PID:2524
- C:\Windows\System\MsSHAjo.exe
  C:\Windows\System\MsSHAjo.exe
  2⤵
  - Executes dropped EXE
  PID:2068
- C:\Windows\System\vgmlHFy.exe
  C:\Windows\System\vgmlHFy.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\ZtXiRlU.exe
  C:\Windows\System\ZtXiRlU.exe
  2⤵
  - Executes dropped EXE
  PID:1604
- C:\Windows\System\YHKfwPK.exe
  C:\Windows\System\YHKfwPK.exe
  2⤵
  - Executes dropped EXE
  PID:1712
- C:\Windows\System\mIrFHni.exe
  C:\Windows\System\mIrFHni.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\HwkoVvr.exe
  C:\Windows\System\HwkoVvr.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\MMYSdmb.exe
  C:\Windows\System\MMYSdmb.exe
  2⤵
  - Executes dropped EXE
  PID:3044
- C:\Windows\System\CXTqUkD.exe
  C:\Windows\System\CXTqUkD.exe
  2⤵
  - Executes dropped EXE
  PID:2852
- C:\Windows\System\eNxHOzk.exe
  C:\Windows\System\eNxHOzk.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\vPxOfZV.exe
  C:\Windows\System\vPxOfZV.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\uVNfyBn.exe
  C:\Windows\System\uVNfyBn.exe
  2⤵
  - Executes dropped EXE
  PID:2676
- C:\Windows\System\nHaGEVl.exe
  C:\Windows\System\nHaGEVl.exe
  2⤵
  - Executes dropped EXE
  PID:3012
- C:\Windows\System\efUeUDp.exe
  C:\Windows\System\efUeUDp.exe
  2⤵
  - Executes dropped EXE
  PID:1888
- C:\Windows\System\NwzQZXe.exe
  C:\Windows\System\NwzQZXe.exe
  2⤵
  - Executes dropped EXE
  PID:840
- C:\Windows\System\sJssDgI.exe
  C:\Windows\System\sJssDgI.exe
  2⤵
  - Executes dropped EXE
  PID:1628
- C:\Windows\System\vnhNOAw.exe
  C:\Windows\System\vnhNOAw.exe
  2⤵
  PID:1860
- C:\Windows\System\VyyyzWr.exe
  C:\Windows\System\VyyyzWr.exe
  2⤵
  PID:1972
- C:\Windows\System\cLKGxnS.exe
  C:\Windows\System\cLKGxnS.exe
  2⤵
  PID:2408
- C:\Windows\System\zrigtsi.exe
  C:\Windows\System\zrigtsi.exe
  2⤵
  PID:3040
- C:\Windows\System\OxHeOnJ.exe
  C:\Windows\System\OxHeOnJ.exe
  2⤵
  PID:3052
- C:\Windows\System\dDKRpun.exe
  C:\Windows\System\dDKRpun.exe
  2⤵
  PID:1984
- C:\Windows\System\fuJsODI.exe
  C:\Windows\System\fuJsODI.exe
  2⤵
  PID:1840
- C:\Windows\System\eBvhqEA.exe
  C:\Windows\System\eBvhqEA.exe
  2⤵
  PID:832
- C:\Windows\System\GBnNHYs.exe
  C:\Windows\System\GBnNHYs.exe
  2⤵
  PID:1936
- C:\Windows\System\lxpkHGT.exe
  C:\Windows\System\lxpkHGT.exe
  2⤵
  PID:752
- C:\Windows\System\xfMXXAe.exe
  C:\Windows\System\xfMXXAe.exe
  2⤵
  PID:2492
- C:\Windows\System\UDKoTOR.exe
  C:\Windows\System\UDKoTOR.exe
  2⤵
  PID:1672
- C:\Windows\System\XlviSTt.exe
  C:\Windows\System\XlviSTt.exe
  2⤵
  PID:2148
- C:\Windows\System\dJdNLzO.exe
  C:\Windows\System\dJdNLzO.exe
  2⤵
  PID:2460
- C:\Windows\System\WzHvRWB.exe
  C:\Windows\System\WzHvRWB.exe
  2⤵
  PID:1484
- C:\Windows\System\qjOGVKg.exe
  C:\Windows\System\qjOGVKg.exe
  2⤵
  PID:880
- C:\Windows\System\OGpMjzG.exe
  C:\Windows\System\OGpMjzG.exe
  2⤵
  PID:2200
- C:\Windows\System\yiaoRkJ.exe
  C:\Windows\System\yiaoRkJ.exe
  2⤵
  PID:2444
- C:\Windows\System\ZCmuITI.exe
  C:\Windows\System\ZCmuITI.exe
  2⤵
  PID:1720
- C:\Windows\System\vEBbKQR.exe
  C:\Windows\System\vEBbKQR.exe
  2⤵
  PID:2500
- C:\Windows\System\RKlYyxv.exe
  C:\Windows\System\RKlYyxv.exe
  2⤵
  PID:2504
- C:\Windows\System\kZGeINx.exe
  C:\Windows\System\kZGeINx.exe
  2⤵
  PID:2932
- C:\Windows\System\hGUHveD.exe
  C:\Windows\System\hGUHveD.exe
  2⤵
  PID:1092
- C:\Windows\System\ogKczoO.exe
  C:\Windows\System\ogKczoO.exe
  2⤵
  PID:2112
- C:\Windows\System\zDUfpee.exe
  C:\Windows\System\zDUfpee.exe
  2⤵
  PID:1692
- C:\Windows\System\KcdzUnI.exe
  C:\Windows\System\KcdzUnI.exe
  2⤵
  PID:2168
- C:\Windows\System\zBhdluH.exe
  C:\Windows\System\zBhdluH.exe
  2⤵
  PID:1516
- C:\Windows\System\QbJPQAY.exe
  C:\Windows\System\QbJPQAY.exe
  2⤵
  PID:1816
- C:\Windows\System\jSnRhyb.exe
  C:\Windows\System\jSnRhyb.exe
  2⤵
  PID:2868
- C:\Windows\System\RFrqvTO.exe
  C:\Windows\System\RFrqvTO.exe
  2⤵
  PID:700
- C:\Windows\System\KoIXXNh.exe
  C:\Windows\System\KoIXXNh.exe
  2⤵
  PID:1940
- C:\Windows\System\wUNrJLt.exe
  C:\Windows\System\wUNrJLt.exe
  2⤵
  PID:1552
- C:\Windows\System\phszJlG.exe
  C:\Windows\System\phszJlG.exe
  2⤵
  PID:1732
- C:\Windows\System\DUdmTkv.exe
  C:\Windows\System\DUdmTkv.exe
  2⤵
  PID:2284
- C:\Windows\System\NjwpHIq.exe
  C:\Windows\System\NjwpHIq.exe
  2⤵
  PID:1540
- C:\Windows\System\SzeJtZy.exe
  C:\Windows\System\SzeJtZy.exe
  2⤵
  PID:1524
- C:\Windows\System\NLLuBpK.exe
  C:\Windows\System\NLLuBpK.exe
  2⤵
  PID:1724
- C:\Windows\System\mdgOijV.exe
  C:\Windows\System\mdgOijV.exe
  2⤵
  PID:2084
- C:\Windows\System\bYEOldX.exe
  C:\Windows\System\bYEOldX.exe
  2⤵
  PID:2816
- C:\Windows\System\cmCFtIY.exe
  C:\Windows\System\cmCFtIY.exe
  2⤵
  PID:3000
- C:\Windows\System\OFokpQO.exe
  C:\Windows\System\OFokpQO.exe
  2⤵
  PID:1908
- C:\Windows\System\OSnxAxK.exe
  C:\Windows\System\OSnxAxK.exe
  2⤵
  PID:2052
- C:\Windows\System\rliRJiR.exe
  C:\Windows\System\rliRJiR.exe
  2⤵
  PID:2036
- C:\Windows\System\PDvZMFj.exe
  C:\Windows\System\PDvZMFj.exe
  2⤵
  PID:948
- C:\Windows\System\raSoZND.exe
  C:\Windows\System\raSoZND.exe
  2⤵
  PID:1348
- C:\Windows\System\VVZaIyJ.exe
  C:\Windows\System\VVZaIyJ.exe
  2⤵
  PID:3068
- C:\Windows\System\zyRzige.exe
  C:\Windows\System\zyRzige.exe
  2⤵
  PID:3080
- C:\Windows\System\BOZNpCZ.exe
  C:\Windows\System\BOZNpCZ.exe
  2⤵
  PID:3100
- C:\Windows\System\qXsYckw.exe
  C:\Windows\System\qXsYckw.exe
  2⤵
  PID:3120
- C:\Windows\System\lQtwcLR.exe
  C:\Windows\System\lQtwcLR.exe
  2⤵
  PID:3140
- C:\Windows\System\pYarPGl.exe
  C:\Windows\System\pYarPGl.exe
  2⤵
  PID:3160
- C:\Windows\System\unilFWR.exe
  C:\Windows\System\unilFWR.exe
  2⤵
  PID:3180
- C:\Windows\System\KnDUupm.exe
  C:\Windows\System\KnDUupm.exe
  2⤵
  PID:3200
- C:\Windows\System\DirwaVL.exe
  C:\Windows\System\DirwaVL.exe
  2⤵
  PID:3220
- C:\Windows\System\fxVqLww.exe
  C:\Windows\System\fxVqLww.exe
  2⤵
  PID:3240
- C:\Windows\System\GtggWBW.exe
  C:\Windows\System\GtggWBW.exe
  2⤵
  PID:3260
- C:\Windows\System\BMtuxRM.exe
  C:\Windows\System\BMtuxRM.exe
  2⤵
  PID:3280
- C:\Windows\System\ZLkXKSQ.exe
  C:\Windows\System\ZLkXKSQ.exe
  2⤵
  PID:3304
- C:\Windows\System\KCLeXjn.exe
  C:\Windows\System\KCLeXjn.exe
  2⤵
  PID:3324
- C:\Windows\System\nlSIzOj.exe
  C:\Windows\System\nlSIzOj.exe
  2⤵
  PID:3344
- C:\Windows\System\pEWGHhl.exe
  C:\Windows\System\pEWGHhl.exe
  2⤵
  PID:3364
- C:\Windows\System\voyoMCY.exe
  C:\Windows\System\voyoMCY.exe
  2⤵
  PID:3384
- C:\Windows\System\NByARXe.exe
  C:\Windows\System\NByARXe.exe
  2⤵
  PID:3404
- C:\Windows\System\eXZhOFX.exe
  C:\Windows\System\eXZhOFX.exe
  2⤵
  PID:3424
- C:\Windows\System\xtMtDTl.exe
  C:\Windows\System\xtMtDTl.exe
  2⤵
  PID:3444
- C:\Windows\System\wPBjCRZ.exe
  C:\Windows\System\wPBjCRZ.exe
  2⤵
  PID:3464
- C:\Windows\System\iMsKSVP.exe
  C:\Windows\System\iMsKSVP.exe
  2⤵
  PID:3484
- C:\Windows\System\xVeEJfK.exe
  C:\Windows\System\xVeEJfK.exe
  2⤵
  PID:3504
- C:\Windows\System\ytDfuOo.exe
  C:\Windows\System\ytDfuOo.exe
  2⤵
  PID:3524
- C:\Windows\System\BeKBadg.exe
  C:\Windows\System\BeKBadg.exe
  2⤵
  PID:3544
- C:\Windows\System\KliGnSq.exe
  C:\Windows\System\KliGnSq.exe
  2⤵
  PID:3564
- C:\Windows\System\jrYHfJb.exe
  C:\Windows\System\jrYHfJb.exe
  2⤵
  PID:3584
- C:\Windows\System\phNLEGd.exe
  C:\Windows\System\phNLEGd.exe
  2⤵
  PID:3604
- C:\Windows\System\bZIdHgU.exe
  C:\Windows\System\bZIdHgU.exe
  2⤵
  PID:3624
- C:\Windows\System\DLfITRJ.exe
  C:\Windows\System\DLfITRJ.exe
  2⤵
  PID:3644
- C:\Windows\System\ERvEnvZ.exe
  C:\Windows\System\ERvEnvZ.exe
  2⤵
  PID:3664
- C:\Windows\System\nlDGwJR.exe
  C:\Windows\System\nlDGwJR.exe
  2⤵
  PID:3680
- C:\Windows\System\lsferri.exe
  C:\Windows\System\lsferri.exe
  2⤵
  PID:3700
- C:\Windows\System\kCtMMuZ.exe
  C:\Windows\System\kCtMMuZ.exe
  2⤵
  PID:3724
- C:\Windows\System\JwGCfIX.exe
  C:\Windows\System\JwGCfIX.exe
  2⤵
  PID:3740
- C:\Windows\System\QcWYOAp.exe
  C:\Windows\System\QcWYOAp.exe
  2⤵
  PID:3760
- C:\Windows\System\OtQbBjl.exe
  C:\Windows\System\OtQbBjl.exe
  2⤵
  PID:3780
- C:\Windows\System\KsAnMLp.exe
  C:\Windows\System\KsAnMLp.exe
  2⤵
  PID:3804
- C:\Windows\System\fnxoFfx.exe
  C:\Windows\System\fnxoFfx.exe
  2⤵
  PID:3824
- C:\Windows\System\tPGGjNE.exe
  C:\Windows\System\tPGGjNE.exe
  2⤵
  PID:3852
- C:\Windows\System\kkTOeJk.exe
  C:\Windows\System\kkTOeJk.exe
  2⤵
  PID:3868
- C:\Windows\System\hCfGbQo.exe
  C:\Windows\System\hCfGbQo.exe
  2⤵
  PID:3888
- C:\Windows\System\pkUwepf.exe
  C:\Windows\System\pkUwepf.exe
  2⤵
  PID:3912
- C:\Windows\System\nHVKjnq.exe
  C:\Windows\System\nHVKjnq.exe
  2⤵
  PID:3932
- C:\Windows\System\fDDUjQt.exe
  C:\Windows\System\fDDUjQt.exe
  2⤵
  PID:3952
- C:\Windows\System\TEDJbNZ.exe
  C:\Windows\System\TEDJbNZ.exe
  2⤵
  PID:3972
- C:\Windows\System\OHQAWJg.exe
  C:\Windows\System\OHQAWJg.exe
  2⤵
  PID:3988
- C:\Windows\System\ApxrUxm.exe
  C:\Windows\System\ApxrUxm.exe
  2⤵
  PID:4012
- C:\Windows\System\etgTQyV.exe
  C:\Windows\System\etgTQyV.exe
  2⤵
  PID:4032
- C:\Windows\System\IicInqH.exe
  C:\Windows\System\IicInqH.exe
  2⤵
  PID:4052
- C:\Windows\System\frWQjtd.exe
  C:\Windows\System\frWQjtd.exe
  2⤵
  PID:4076
- C:\Windows\System\tgEFSuV.exe
  C:\Windows\System\tgEFSuV.exe
  2⤵
  PID:1980
- C:\Windows\System\STTNSto.exe
  C:\Windows\System\STTNSto.exe
  2⤵
  PID:1408
- C:\Windows\System\rrYEYhu.exe
  C:\Windows\System\rrYEYhu.exe
  2⤵
  PID:3020
- C:\Windows\System\eiTxdWj.exe
  C:\Windows\System\eiTxdWj.exe
  2⤵
  PID:2228
- C:\Windows\System\ufKQHOj.exe
  C:\Windows\System\ufKQHOj.exe
  2⤵
  PID:2156
- C:\Windows\System\wagIqMg.exe
  C:\Windows\System\wagIqMg.exe
  2⤵
  PID:1164
- C:\Windows\System\LzEbQUB.exe
  C:\Windows\System\LzEbQUB.exe
  2⤵
  PID:2988
- C:\Windows\System\YyppOvy.exe
  C:\Windows\System\YyppOvy.exe
  2⤵
  PID:3088
- C:\Windows\System\VIxebqn.exe
  C:\Windows\System\VIxebqn.exe
  2⤵
  PID:3092
- C:\Windows\System\mJbEbYB.exe
  C:\Windows\System\mJbEbYB.exe
  2⤵
  PID:3136
- C:\Windows\System\rxUPjQV.exe
  C:\Windows\System\rxUPjQV.exe
  2⤵
  PID:3156
- C:\Windows\System\AhjVyiL.exe
  C:\Windows\System\AhjVyiL.exe
  2⤵
  PID:3192
- C:\Windows\System\zRsmTuK.exe
  C:\Windows\System\zRsmTuK.exe
  2⤵
  PID:3228
- C:\Windows\System\xwuiheV.exe
  C:\Windows\System\xwuiheV.exe
  2⤵
  PID:3288
- C:\Windows\System\TmsdQqb.exe
  C:\Windows\System\TmsdQqb.exe
  2⤵
  PID:3292
- C:\Windows\System\OYAZlSs.exe
  C:\Windows\System\OYAZlSs.exe
  2⤵
  PID:3312
- C:\Windows\System\jqRpGTh.exe
  C:\Windows\System\jqRpGTh.exe
  2⤵
  PID:3356
- C:\Windows\System\BJdlkls.exe
  C:\Windows\System\BJdlkls.exe
  2⤵
  PID:3416
- C:\Windows\System\JAlScOt.exe
  C:\Windows\System\JAlScOt.exe
  2⤵
  PID:3440
- C:\Windows\System\VcOUDPj.exe
  C:\Windows\System\VcOUDPj.exe
  2⤵
  PID:3492
- C:\Windows\System\UYPnlFo.exe
  C:\Windows\System\UYPnlFo.exe
  2⤵
  PID:3476
- C:\Windows\System\iuqxwUc.exe
  C:\Windows\System\iuqxwUc.exe
  2⤵
  PID:3520
- C:\Windows\System\LjTAkON.exe
  C:\Windows\System\LjTAkON.exe
  2⤵
  PID:3580
- C:\Windows\System\XjpaVhO.exe
  C:\Windows\System\XjpaVhO.exe
  2⤵
  PID:3560
- C:\Windows\System\aUQYRGb.exe
  C:\Windows\System\aUQYRGb.exe
  2⤵
  PID:3632
- C:\Windows\System\HuSpznu.exe
  C:\Windows\System\HuSpznu.exe
  2⤵
  PID:3656
- C:\Windows\System\khYTfTa.exe
  C:\Windows\System\khYTfTa.exe
  2⤵
  PID:3736
- C:\Windows\System\YQINiqi.exe
  C:\Windows\System\YQINiqi.exe
  2⤵
  PID:3720
- C:\Windows\System\IdGfnHC.exe
  C:\Windows\System\IdGfnHC.exe
  2⤵
  PID:3756
- C:\Windows\System\IfNBrGa.exe
  C:\Windows\System\IfNBrGa.exe
  2⤵
  PID:3748
- C:\Windows\System\VZCGIzt.exe
  C:\Windows\System\VZCGIzt.exe
  2⤵
  PID:3796
- C:\Windows\System\CyWHWcX.exe
  C:\Windows\System\CyWHWcX.exe
  2⤵
  PID:3896
- C:\Windows\System\MCwgcyK.exe
  C:\Windows\System\MCwgcyK.exe
  2⤵
  PID:3908
- C:\Windows\System\nQpJGSA.exe
  C:\Windows\System\nQpJGSA.exe
  2⤵
  PID:3928
- C:\Windows\System\PiJYPtS.exe
  C:\Windows\System\PiJYPtS.exe
  2⤵
  PID:3960
- C:\Windows\System\zBIWIWJ.exe
  C:\Windows\System\zBIWIWJ.exe
  2⤵
  PID:4008
- C:\Windows\System\hBmVDgC.exe
  C:\Windows\System\hBmVDgC.exe
  2⤵
  PID:4060
- C:\Windows\System\CDXtacF.exe
  C:\Windows\System\CDXtacF.exe
  2⤵
  PID:4064
- C:\Windows\System\KaFuQxc.exe
  C:\Windows\System\KaFuQxc.exe
  2⤵
  PID:4092
- C:\Windows\System\mZICMEw.exe
  C:\Windows\System\mZICMEw.exe
  2⤵
  PID:2936
- C:\Windows\System\kDdArIO.exe
  C:\Windows\System\kDdArIO.exe
  2⤵
  PID:2980
- C:\Windows\System\JcvIQlE.exe
  C:\Windows\System\JcvIQlE.exe
  2⤵
  PID:1512
- C:\Windows\System\VzxWzpx.exe
  C:\Windows\System\VzxWzpx.exe
  2⤵
  PID:3076
- C:\Windows\System\lmejbpa.exe
  C:\Windows\System\lmejbpa.exe
  2⤵
  PID:3128
- C:\Windows\System\iOzETSv.exe
  C:\Windows\System\iOzETSv.exe
  2⤵
  PID:3196
- C:\Windows\System\tCTONUx.exe
  C:\Windows\System\tCTONUx.exe
  2⤵
  PID:3232
- C:\Windows\System\XPOwKFo.exe
  C:\Windows\System\XPOwKFo.exe
  2⤵
  PID:3272
- C:\Windows\System\Tqlvhgz.exe
  C:\Windows\System\Tqlvhgz.exe
  2⤵
  PID:3316
- C:\Windows\System\fAbDvpc.exe
  C:\Windows\System\fAbDvpc.exe
  2⤵
  PID:3412
- C:\Windows\System\xgtvqom.exe
  C:\Windows\System\xgtvqom.exe
  2⤵
  PID:3460
- C:\Windows\System\SCtptOx.exe
  C:\Windows\System\SCtptOx.exe
  2⤵
  PID:4116
- C:\Windows\System\EFuQSrk.exe
  C:\Windows\System\EFuQSrk.exe
  2⤵
  PID:4136
- C:\Windows\System\jrbxAqf.exe
  C:\Windows\System\jrbxAqf.exe
  2⤵
  PID:4156
- C:\Windows\System\NRuNHer.exe
  C:\Windows\System\NRuNHer.exe
  2⤵
  PID:4176
- C:\Windows\System\OcwvtWM.exe
  C:\Windows\System\OcwvtWM.exe
  2⤵
  PID:4196
- C:\Windows\System\tAetwZu.exe
  C:\Windows\System\tAetwZu.exe
  2⤵
  PID:4216
- C:\Windows\System\zKHLlMZ.exe
  C:\Windows\System\zKHLlMZ.exe
  2⤵
  PID:4236
- C:\Windows\System\qRZSOSk.exe
  C:\Windows\System\qRZSOSk.exe
  2⤵
  PID:4256
- C:\Windows\System\eLgLNad.exe
  C:\Windows\System\eLgLNad.exe
  2⤵
  PID:4276
- C:\Windows\System\MYJJnCz.exe
  C:\Windows\System\MYJJnCz.exe
  2⤵
  PID:4296
- C:\Windows\System\LUmGAKa.exe
  C:\Windows\System\LUmGAKa.exe
  2⤵
  PID:4316
- C:\Windows\System\cLWIECz.exe
  C:\Windows\System\cLWIECz.exe
  2⤵
  PID:4336
- C:\Windows\System\eelYZAo.exe
  C:\Windows\System\eelYZAo.exe
  2⤵
  PID:4356
- C:\Windows\System\YmyKZly.exe
  C:\Windows\System\YmyKZly.exe
  2⤵
  PID:4376
- C:\Windows\System\ieVOuXo.exe
  C:\Windows\System\ieVOuXo.exe
  2⤵
  PID:4396
- C:\Windows\System\zWsaiBu.exe
  C:\Windows\System\zWsaiBu.exe
  2⤵
  PID:4416
- C:\Windows\System\Dredior.exe
  C:\Windows\System\Dredior.exe
  2⤵
  PID:4436
- C:\Windows\System\LzZhbkc.exe
  C:\Windows\System\LzZhbkc.exe
  2⤵
  PID:4456
- C:\Windows\System\izOamZl.exe
  C:\Windows\System\izOamZl.exe
  2⤵
  PID:4476
- C:\Windows\System\XEnYmNv.exe
  C:\Windows\System\XEnYmNv.exe
  2⤵
  PID:4496
- C:\Windows\System\ffRPyvv.exe
  C:\Windows\System\ffRPyvv.exe
  2⤵
  PID:4516
- C:\Windows\System\CSjukhR.exe
  C:\Windows\System\CSjukhR.exe
  2⤵
  PID:4536
- C:\Windows\System\EhzyEQr.exe
  C:\Windows\System\EhzyEQr.exe
  2⤵
  PID:4556
- C:\Windows\System\ENJrqKx.exe
  C:\Windows\System\ENJrqKx.exe
  2⤵
  PID:4580
- C:\Windows\System\OFmdCIS.exe
  C:\Windows\System\OFmdCIS.exe
  2⤵
  PID:4600
- C:\Windows\System\lNgcaIA.exe
  C:\Windows\System\lNgcaIA.exe
  2⤵
  PID:4620
- C:\Windows\System\MQCKzpm.exe
  C:\Windows\System\MQCKzpm.exe
  2⤵
  PID:4640
- C:\Windows\System\KNtFFbo.exe
  C:\Windows\System\KNtFFbo.exe
  2⤵
  PID:4660
- C:\Windows\System\MgBPFgU.exe
  C:\Windows\System\MgBPFgU.exe
  2⤵
  PID:4680
- C:\Windows\System\ByAziXF.exe
  C:\Windows\System\ByAziXF.exe
  2⤵
  PID:4700
- C:\Windows\System\EvQOGvG.exe
  C:\Windows\System\EvQOGvG.exe
  2⤵
  PID:4720
- C:\Windows\System\nWAcBBI.exe
  C:\Windows\System\nWAcBBI.exe
  2⤵
  PID:4740
- C:\Windows\System\YIvPBDT.exe
  C:\Windows\System\YIvPBDT.exe
  2⤵
  PID:4760
- C:\Windows\System\EWAdDxD.exe
  C:\Windows\System\EWAdDxD.exe
  2⤵
  PID:4780
- C:\Windows\System\TpwSQXk.exe
  C:\Windows\System\TpwSQXk.exe
  2⤵
  PID:4800
- C:\Windows\System\FIlVoPg.exe
  C:\Windows\System\FIlVoPg.exe
  2⤵
  PID:4820
- C:\Windows\System\QILxDoa.exe
  C:\Windows\System\QILxDoa.exe
  2⤵
  PID:4840
- C:\Windows\System\eBBxUsk.exe
  C:\Windows\System\eBBxUsk.exe
  2⤵
  PID:4860
- C:\Windows\System\zSlJDHH.exe
  C:\Windows\System\zSlJDHH.exe
  2⤵
  PID:4880
- C:\Windows\System\zkPQgTG.exe
  C:\Windows\System\zkPQgTG.exe
  2⤵
  PID:4900
- C:\Windows\System\VQhBgNe.exe
  C:\Windows\System\VQhBgNe.exe
  2⤵
  PID:4920
- C:\Windows\System\HoosdXx.exe
  C:\Windows\System\HoosdXx.exe
  2⤵
  PID:4940
- C:\Windows\System\LaFtfWl.exe
  C:\Windows\System\LaFtfWl.exe
  2⤵
  PID:4960
- C:\Windows\System\uBDpEiQ.exe
  C:\Windows\System\uBDpEiQ.exe
  2⤵
  PID:4980
- C:\Windows\System\OaVQReI.exe
  C:\Windows\System\OaVQReI.exe
  2⤵
  PID:5000
- C:\Windows\System\FuiOfJW.exe
  C:\Windows\System\FuiOfJW.exe
  2⤵
  PID:5020
- C:\Windows\System\LJezjFT.exe
  C:\Windows\System\LJezjFT.exe
  2⤵
  PID:5040
- C:\Windows\System\fdbMiJR.exe
  C:\Windows\System\fdbMiJR.exe
  2⤵
  PID:5060
- C:\Windows\System\SYZnxHW.exe
  C:\Windows\System\SYZnxHW.exe
  2⤵
  PID:5080
- C:\Windows\System\qTvHhqc.exe
  C:\Windows\System\qTvHhqc.exe
  2⤵
  PID:5100
- C:\Windows\System\bgRMxUt.exe
  C:\Windows\System\bgRMxUt.exe
  2⤵
  PID:3496
- C:\Windows\System\DvivlLd.exe
  C:\Windows\System\DvivlLd.exe
  2⤵
  PID:3536
- C:\Windows\System\ahNCXMB.exe
  C:\Windows\System\ahNCXMB.exe
  2⤵
  PID:3620
- C:\Windows\System\UWYJyxu.exe
  C:\Windows\System\UWYJyxu.exe
  2⤵
  PID:3692
- C:\Windows\System\gjLAdqq.exe
  C:\Windows\System\gjLAdqq.exe
  2⤵
  PID:3712
- C:\Windows\System\lotAKUY.exe
  C:\Windows\System\lotAKUY.exe
  2⤵
  PID:3752
- C:\Windows\System\dfDtkCj.exe
  C:\Windows\System\dfDtkCj.exe
  2⤵
  PID:3860
- C:\Windows\System\HZGKwXx.exe
  C:\Windows\System\HZGKwXx.exe
  2⤵
  PID:3920
- C:\Windows\System\TbemSAr.exe
  C:\Windows\System\TbemSAr.exe
  2⤵
  PID:3984
- C:\Windows\System\iigFedM.exe
  C:\Windows\System\iigFedM.exe
  2⤵
  PID:4024
- C:\Windows\System\aKjvWxP.exe
  C:\Windows\System\aKjvWxP.exe
  2⤵
  PID:3064
- C:\Windows\System\gZERcLB.exe
  C:\Windows\System\gZERcLB.exe
  2⤵
  PID:2264
- C:\Windows\System\ufTxnvm.exe
  C:\Windows\System\ufTxnvm.exe
  2⤵
  PID:2280
- C:\Windows\System\rzNJngq.exe
  C:\Windows\System\rzNJngq.exe
  2⤵
  PID:3148
- C:\Windows\System\kgRgKaK.exe
  C:\Windows\System\kgRgKaK.exe
  2⤵
  PID:3216
- C:\Windows\System\FsxzmCC.exe
  C:\Windows\System\FsxzmCC.exe
  2⤵
  PID:3320
- C:\Windows\System\sQPGplr.exe
  C:\Windows\System\sQPGplr.exe
  2⤵
  PID:3396
- C:\Windows\System\jMPTSsB.exe
  C:\Windows\System\jMPTSsB.exe
  2⤵
  PID:4112
- C:\Windows\System\zEboCgd.exe
  C:\Windows\System\zEboCgd.exe
  2⤵
  PID:4172
- C:\Windows\System\PfAHcyr.exe
  C:\Windows\System\PfAHcyr.exe
  2⤵
  PID:4204
- C:\Windows\System\YHDIchQ.exe
  C:\Windows\System\YHDIchQ.exe
  2⤵
  PID:4244
- C:\Windows\System\fAOlpyg.exe
  C:\Windows\System\fAOlpyg.exe
  2⤵
  PID:4272
- C:\Windows\System\gbZdEdu.exe
  C:\Windows\System\gbZdEdu.exe
  2⤵
  PID:3452
- C:\Windows\System\iYgofLa.exe
  C:\Windows\System\iYgofLa.exe
  2⤵
  PID:4308
- C:\Windows\System\VncvABM.exe
  C:\Windows\System\VncvABM.exe
  2⤵
  PID:4348
- C:\Windows\System\ukunbaJ.exe
  C:\Windows\System\ukunbaJ.exe
  2⤵
  PID:4412
- C:\Windows\System\mpgDyqV.exe
  C:\Windows\System\mpgDyqV.exe
  2⤵
  PID:4432
- C:\Windows\System\URqKIjS.exe
  C:\Windows\System\URqKIjS.exe
  2⤵
  PID:4464
- C:\Windows\System\LqUSskz.exe
  C:\Windows\System\LqUSskz.exe
  2⤵
  PID:4488
- C:\Windows\System\rpwrCjJ.exe
  C:\Windows\System\rpwrCjJ.exe
  2⤵
  PID:4532
- C:\Windows\System\iTFyBBH.exe
  C:\Windows\System\iTFyBBH.exe
  2⤵
  PID:4576
- C:\Windows\System\FmCoztE.exe
  C:\Windows\System\FmCoztE.exe
  2⤵
  PID:4592
- C:\Windows\System\RipaOWN.exe
  C:\Windows\System\RipaOWN.exe
  2⤵
  PID:4636
- C:\Windows\System\ncXcYmp.exe
  C:\Windows\System\ncXcYmp.exe
  2⤵
  PID:4676
- C:\Windows\System\nZwzXKA.exe
  C:\Windows\System\nZwzXKA.exe
  2⤵
  PID:4708
- C:\Windows\System\UKoMDli.exe
  C:\Windows\System\UKoMDli.exe
  2⤵
  PID:4732
- C:\Windows\System\BNEGDun.exe
  C:\Windows\System\BNEGDun.exe
  2⤵
  PID:4776
- C:\Windows\System\WpsQiia.exe
  C:\Windows\System\WpsQiia.exe
  2⤵
  PID:4792
- C:\Windows\System\DtAFFzd.exe
  C:\Windows\System\DtAFFzd.exe
  2⤵
  PID:4836
- C:\Windows\System\rDfKhmP.exe
  C:\Windows\System\rDfKhmP.exe
  2⤵
  PID:4876
- C:\Windows\System\RnzLGCQ.exe
  C:\Windows\System\RnzLGCQ.exe
  2⤵
  PID:4908
- C:\Windows\System\vEZEzEn.exe
  C:\Windows\System\vEZEzEn.exe
  2⤵
  PID:4932
- C:\Windows\System\hwQQkqd.exe
  C:\Windows\System\hwQQkqd.exe
  2⤵
  PID:4976
- C:\Windows\System\LBTZTzI.exe
  C:\Windows\System\LBTZTzI.exe
  2⤵
  PID:5008
- C:\Windows\System\WLkOhem.exe
  C:\Windows\System\WLkOhem.exe
  2⤵
  PID:5028
- C:\Windows\System\kDmwngK.exe
  C:\Windows\System\kDmwngK.exe
  2⤵
  PID:5076
- C:\Windows\System\hAOAebT.exe
  C:\Windows\System\hAOAebT.exe
  2⤵
  PID:5108
- C:\Windows\System\HnEuHvE.exe
  C:\Windows\System\HnEuHvE.exe
  2⤵
  PID:3472
- C:\Windows\System\GiUjIYR.exe
  C:\Windows\System\GiUjIYR.exe
  2⤵
  PID:3600
- C:\Windows\System\xkzdnPI.exe
  C:\Windows\System\xkzdnPI.exe
  2⤵
  PID:3772
- C:\Windows\System\anwJhGi.exe
  C:\Windows\System\anwJhGi.exe
  2⤵
  PID:3840
- C:\Windows\System\wbkyrcQ.exe
  C:\Windows\System\wbkyrcQ.exe
  2⤵
  PID:3944
- C:\Windows\System\oqsyIku.exe
  C:\Windows\System\oqsyIku.exe
  2⤵
  PID:4048
- C:\Windows\System\SztDyoH.exe
  C:\Windows\System\SztDyoH.exe
  2⤵
  PID:988
- C:\Windows\System\gPOYmBI.exe
  C:\Windows\System\gPOYmBI.exe
  2⤵
  PID:644
- C:\Windows\System\GzyryIs.exe
  C:\Windows\System\GzyryIs.exe
  2⤵
  PID:3268
- C:\Windows\System\wrpsYYi.exe
  C:\Windows\System\wrpsYYi.exe
  2⤵
  PID:4104
- C:\Windows\System\doZkseO.exe
  C:\Windows\System\doZkseO.exe
  2⤵
  PID:4144
- C:\Windows\System\QKNpSuX.exe
  C:\Windows\System\QKNpSuX.exe
  2⤵
  PID:4168
- C:\Windows\System\OJuuxoW.exe
  C:\Windows\System\OJuuxoW.exe
  2⤵
  PID:4284
- C:\Windows\System\jaOspcv.exe
  C:\Windows\System\jaOspcv.exe
  2⤵
  PID:4344
- C:\Windows\System\zaaYfaf.exe
  C:\Windows\System\zaaYfaf.exe
  2⤵
  PID:4424
- C:\Windows\System\IGlzMrB.exe
  C:\Windows\System\IGlzMrB.exe
  2⤵
  PID:4384
- C:\Windows\System\OvAsxOW.exe
  C:\Windows\System\OvAsxOW.exe
  2⤵
  PID:4492
- C:\Windows\System\foYcXWR.exe
  C:\Windows\System\foYcXWR.exe
  2⤵
  PID:4564
- C:\Windows\System\Ftbkrjx.exe
  C:\Windows\System\Ftbkrjx.exe
  2⤵
  PID:4616
- C:\Windows\System\bbvNhPW.exe
  C:\Windows\System\bbvNhPW.exe
  2⤵
  PID:4688
- C:\Windows\System\RAQqVoe.exe
  C:\Windows\System\RAQqVoe.exe
  2⤵
  PID:4712
- C:\Windows\System\FqyXKUy.exe
  C:\Windows\System\FqyXKUy.exe
  2⤵
  PID:4788
- C:\Windows\System\LcUtwNf.exe
  C:\Windows\System\LcUtwNf.exe
  2⤵
  PID:4848
- C:\Windows\System\QEExmyL.exe
  C:\Windows\System\QEExmyL.exe
  2⤵
  PID:4952
- C:\Windows\System\xTAwhll.exe
  C:\Windows\System\xTAwhll.exe
  2⤵
  PID:4912
- C:\Windows\System\boFNeIw.exe
  C:\Windows\System\boFNeIw.exe
  2⤵
  PID:4996
- C:\Windows\System\sIXfhSL.exe
  C:\Windows\System\sIXfhSL.exe
  2⤵
  PID:5068
- C:\Windows\System\KLreNFW.exe
  C:\Windows\System\KLreNFW.exe
  2⤵
  PID:5112
- C:\Windows\System\jvLsUUI.exe
  C:\Windows\System\jvLsUUI.exe
  2⤵
  PID:5132
- C:\Windows\System\ezMPFEV.exe
  C:\Windows\System\ezMPFEV.exe
  2⤵
  PID:5152
- C:\Windows\System\HSaPFZu.exe
  C:\Windows\System\HSaPFZu.exe
  2⤵
  PID:5172
- C:\Windows\System\dulcMFg.exe
  C:\Windows\System\dulcMFg.exe
  2⤵
  PID:5192
- C:\Windows\System\LuJJxGA.exe
  C:\Windows\System\LuJJxGA.exe
  2⤵
  PID:5212
- C:\Windows\System\IlyrAnh.exe
  C:\Windows\System\IlyrAnh.exe
  2⤵
  PID:5232
- C:\Windows\System\lZBMklz.exe
  C:\Windows\System\lZBMklz.exe
  2⤵
  PID:5252
- C:\Windows\System\RyjvVzJ.exe
  C:\Windows\System\RyjvVzJ.exe
  2⤵
  PID:5272
- C:\Windows\System\pQKiTOW.exe
  C:\Windows\System\pQKiTOW.exe
  2⤵
  PID:5292
- C:\Windows\System\mWswTir.exe
  C:\Windows\System\mWswTir.exe
  2⤵
  PID:5312
- C:\Windows\System\IbXeKJO.exe
  C:\Windows\System\IbXeKJO.exe
  2⤵
  PID:5332
- C:\Windows\System\oattYaV.exe
  C:\Windows\System\oattYaV.exe
  2⤵
  PID:5352
- C:\Windows\System\tWsqpwQ.exe
  C:\Windows\System\tWsqpwQ.exe
  2⤵
  PID:5372
- C:\Windows\System\BqIRmWf.exe
  C:\Windows\System\BqIRmWf.exe
  2⤵
  PID:5392
- C:\Windows\System\BqQGsGe.exe
  C:\Windows\System\BqQGsGe.exe
  2⤵
  PID:5412
- C:\Windows\System\OdldhoC.exe
  C:\Windows\System\OdldhoC.exe
  2⤵
  PID:5432
- C:\Windows\System\PkSewTL.exe
  C:\Windows\System\PkSewTL.exe
  2⤵
  PID:5452
- C:\Windows\System\SMglxuJ.exe
  C:\Windows\System\SMglxuJ.exe
  2⤵
  PID:5472
- C:\Windows\System\GkAiAHD.exe
  C:\Windows\System\GkAiAHD.exe
  2⤵
  PID:5492
- C:\Windows\System\zbLIsQY.exe
  C:\Windows\System\zbLIsQY.exe
  2⤵
  PID:5512
- C:\Windows\System\vLrCDHN.exe
  C:\Windows\System\vLrCDHN.exe
  2⤵
  PID:5532
- C:\Windows\System\fqfmnVq.exe
  C:\Windows\System\fqfmnVq.exe
  2⤵
  PID:5552
- C:\Windows\System\vbAjRMa.exe
  C:\Windows\System\vbAjRMa.exe
  2⤵
  PID:5572
- C:\Windows\System\BiJtudg.exe
  C:\Windows\System\BiJtudg.exe
  2⤵
  PID:5592
- C:\Windows\System\vyCAqEt.exe
  C:\Windows\System\vyCAqEt.exe
  2⤵
  PID:5612
- C:\Windows\System\yCBNFMH.exe
  C:\Windows\System\yCBNFMH.exe
  2⤵
  PID:5636
- C:\Windows\System\atRhzkK.exe
  C:\Windows\System\atRhzkK.exe
  2⤵
  PID:5656
- C:\Windows\System\jmdWhsZ.exe
  C:\Windows\System\jmdWhsZ.exe
  2⤵
  PID:5676
- C:\Windows\System\tzkrzMj.exe
  C:\Windows\System\tzkrzMj.exe
  2⤵
  PID:5696
- C:\Windows\System\orMRfek.exe
  C:\Windows\System\orMRfek.exe
  2⤵
  PID:5716
- C:\Windows\System\ZRTpkVp.exe
  C:\Windows\System\ZRTpkVp.exe
  2⤵
  PID:5736
- C:\Windows\System\viYwnce.exe
  C:\Windows\System\viYwnce.exe
  2⤵
  PID:5756
- C:\Windows\System\XTZZlxE.exe
  C:\Windows\System\XTZZlxE.exe
  2⤵
  PID:5780
- C:\Windows\System\woiZLRe.exe
  C:\Windows\System\woiZLRe.exe
  2⤵
  PID:5800
- C:\Windows\System\HkwxpMa.exe
  C:\Windows\System\HkwxpMa.exe
  2⤵
  PID:5820
- C:\Windows\System\pUAzEER.exe
  C:\Windows\System\pUAzEER.exe
  2⤵
  PID:5840
- C:\Windows\System\IupishQ.exe
  C:\Windows\System\IupishQ.exe
  2⤵
  PID:5860
- C:\Windows\System\DPnFFus.exe
  C:\Windows\System\DPnFFus.exe
  2⤵
  PID:5880
- C:\Windows\System\ZmxMwmk.exe
  C:\Windows\System\ZmxMwmk.exe
  2⤵
  PID:5900
- C:\Windows\System\hwrNSpN.exe
  C:\Windows\System\hwrNSpN.exe
  2⤵
  PID:5920
- C:\Windows\System\hxcIQjh.exe
  C:\Windows\System\hxcIQjh.exe
  2⤵
  PID:5940
- C:\Windows\System\KMYFEdd.exe
  C:\Windows\System\KMYFEdd.exe
  2⤵
  PID:5960
- C:\Windows\System\syxItwB.exe
  C:\Windows\System\syxItwB.exe
  2⤵
  PID:5980
- C:\Windows\System\ZfGAQPY.exe
  C:\Windows\System\ZfGAQPY.exe
  2⤵
  PID:6000
- C:\Windows\System\FslBBli.exe
  C:\Windows\System\FslBBli.exe
  2⤵
  PID:6020
- C:\Windows\System\MsXdpQg.exe
  C:\Windows\System\MsXdpQg.exe
  2⤵
  PID:6040
- C:\Windows\System\keKGWKn.exe
  C:\Windows\System\keKGWKn.exe
  2⤵
  PID:6060
- C:\Windows\System\uTWNcuV.exe
  C:\Windows\System\uTWNcuV.exe
  2⤵
  PID:6080
- C:\Windows\System\KklDXNI.exe
  C:\Windows\System\KklDXNI.exe
  2⤵
  PID:6100
- C:\Windows\System\rpXNhAX.exe
  C:\Windows\System\rpXNhAX.exe
  2⤵
  PID:6120
- C:\Windows\System\RfklUxn.exe
  C:\Windows\System\RfklUxn.exe
  2⤵
  PID:6140
- C:\Windows\System\JNlEARA.exe
  C:\Windows\System\JNlEARA.exe
  2⤵
  PID:3708
- C:\Windows\System\bKPzkiE.exe
  C:\Windows\System\bKPzkiE.exe
  2⤵
  PID:3876
- C:\Windows\System\mcKVaKH.exe
  C:\Windows\System\mcKVaKH.exe
  2⤵
  PID:3964
- C:\Windows\System\YUVxXuo.exe
  C:\Windows\System\YUVxXuo.exe
  2⤵
  PID:4084
- C:\Windows\System\BfqjFrz.exe
  C:\Windows\System\BfqjFrz.exe
  2⤵
  PID:3340
- C:\Windows\System\oaDwlNI.exe
  C:\Windows\System\oaDwlNI.exe
  2⤵
  PID:4184
- C:\Windows\System\SqXGROS.exe
  C:\Windows\System\SqXGROS.exe
  2⤵
  PID:4248
- C:\Windows\System\RMpovkT.exe
  C:\Windows\System\RMpovkT.exe
  2⤵
  PID:4324
- C:\Windows\System\FkhDQIY.exe
  C:\Windows\System\FkhDQIY.exe
  2⤵
  PID:4368
- C:\Windows\System\EeUIkjI.exe
  C:\Windows\System\EeUIkjI.exe
  2⤵
  PID:4508
- C:\Windows\System\FSEmTHK.exe
  C:\Windows\System\FSEmTHK.exe
  2⤵
  PID:4668
- C:\Windows\System\vNgYTfF.exe
  C:\Windows\System\vNgYTfF.exe
  2⤵
  PID:4736
- C:\Windows\System\SeLgeZU.exe
  C:\Windows\System\SeLgeZU.exe
  2⤵
  PID:4812
- C:\Windows\System\chdFoGy.exe
  C:\Windows\System\chdFoGy.exe
  2⤵
  PID:4896
- C:\Windows\System\jyyjumS.exe
  C:\Windows\System\jyyjumS.exe
  2⤵
  PID:4868
- C:\Windows\System\eNKHoRN.exe
  C:\Windows\System\eNKHoRN.exe
  2⤵
  PID:5048
- C:\Windows\System\kxthjik.exe
  C:\Windows\System\kxthjik.exe
  2⤵
  PID:5128
- C:\Windows\System\NqnXSGG.exe
  C:\Windows\System\NqnXSGG.exe
  2⤵
  PID:5180
- C:\Windows\System\PCuZDSZ.exe
  C:\Windows\System\PCuZDSZ.exe
  2⤵
  PID:5220
- C:\Windows\System\LsdoNKU.exe
  C:\Windows\System\LsdoNKU.exe
  2⤵
  PID:5240
- C:\Windows\System\YGVanps.exe
  C:\Windows\System\YGVanps.exe
  2⤵
  PID:5264
- C:\Windows\System\UszDAMG.exe
  C:\Windows\System\UszDAMG.exe
  2⤵
  PID:5304
- C:\Windows\System\RrvAgoq.exe
  C:\Windows\System\RrvAgoq.exe
  2⤵
  PID:5340
- C:\Windows\System\mWQDDyR.exe
  C:\Windows\System\mWQDDyR.exe
  2⤵
  PID:5380
- C:\Windows\System\DRpNctK.exe
  C:\Windows\System\DRpNctK.exe
  2⤵
  PID:5408
- C:\Windows\System\xdiAGJG.exe
  C:\Windows\System\xdiAGJG.exe
  2⤵
  PID:5440
- C:\Windows\System\wtpwXNM.exe
  C:\Windows\System\wtpwXNM.exe
  2⤵
  PID:5464
- C:\Windows\System\RvzgDmM.exe
  C:\Windows\System\RvzgDmM.exe
  2⤵
  PID:5508
- C:\Windows\System\ywXnjaK.exe
  C:\Windows\System\ywXnjaK.exe
  2⤵
  PID:5548
- C:\Windows\System\gQxYEuN.exe
  C:\Windows\System\gQxYEuN.exe
  2⤵
  PID:5564
- C:\Windows\System\MAWgJXu.exe
  C:\Windows\System\MAWgJXu.exe
  2⤵
  PID:5608
- C:\Windows\System\UHkWxCh.exe
  C:\Windows\System\UHkWxCh.exe
  2⤵
  PID:5644
- C:\Windows\System\nXMMYtG.exe
  C:\Windows\System\nXMMYtG.exe
  2⤵
  PID:5668
- C:\Windows\System\NDnjspA.exe
  C:\Windows\System\NDnjspA.exe
  2⤵
  PID:5688
- C:\Windows\System\zOmwceN.exe
  C:\Windows\System\zOmwceN.exe
  2⤵
  PID:5752
- C:\Windows\System\wkDNMxs.exe
  C:\Windows\System\wkDNMxs.exe
  2⤵
  PID:5796
- C:\Windows\System\PJrPgAl.exe
  C:\Windows\System\PJrPgAl.exe
  2⤵
  PID:5812
- C:\Windows\System\yazAhIi.exe
  C:\Windows\System\yazAhIi.exe
  2⤵
  PID:5856
- C:\Windows\System\behzWyP.exe
  C:\Windows\System\behzWyP.exe
  2⤵
  PID:5872
- C:\Windows\System\ERPAwRS.exe
  C:\Windows\System\ERPAwRS.exe
  2⤵
  PID:5916
- C:\Windows\System\eOuwamD.exe
  C:\Windows\System\eOuwamD.exe
  2⤵
  PID:5948
- C:\Windows\System\ImjgoiC.exe
  C:\Windows\System\ImjgoiC.exe
  2⤵
  PID:5988
- C:\Windows\System\CaYAzYO.exe
  C:\Windows\System\CaYAzYO.exe
  2⤵
  PID:6028
- C:\Windows\System\sgXeTev.exe
  C:\Windows\System\sgXeTev.exe
  2⤵
  PID:6032
- C:\Windows\System\iuiEfaa.exe
  C:\Windows\System\iuiEfaa.exe
  2⤵
  PID:6076
- C:\Windows\System\OxDewpW.exe
  C:\Windows\System\OxDewpW.exe
  2⤵
  PID:6116
- C:\Windows\System\votzPJG.exe
  C:\Windows\System\votzPJG.exe
  2⤵
  PID:3652
- C:\Windows\System\eNqDEzj.exe
  C:\Windows\System\eNqDEzj.exe
  2⤵
  PID:3996
- C:\Windows\System\YIxjTkw.exe
  C:\Windows\System\YIxjTkw.exe
  2⤵
  PID:2580
- C:\Windows\System\wjIZRbo.exe
  C:\Windows\System\wjIZRbo.exe
  2⤵
  PID:3168
- C:\Windows\System\nYGEKDU.exe
  C:\Windows\System\nYGEKDU.exe
  2⤵
  PID:4132
- C:\Windows\System\zGKWsdD.exe
  C:\Windows\System\zGKWsdD.exe
  2⤵
  PID:4352
- C:\Windows\System\gkoHJDt.exe
  C:\Windows\System\gkoHJDt.exe
  2⤵
  PID:4572
- C:\Windows\System\cvjLBAM.exe
  C:\Windows\System\cvjLBAM.exe
  2⤵
  PID:4752
- C:\Windows\System\JIOMWmD.exe
  C:\Windows\System\JIOMWmD.exe
  2⤵
  PID:4808
- C:\Windows\System\YteWcKF.exe
  C:\Windows\System\YteWcKF.exe
  2⤵
  PID:4992
- C:\Windows\System\uSeJGjK.exe
  C:\Windows\System\uSeJGjK.exe
  2⤵
  PID:5140
- C:\Windows\System\WfdOjTY.exe
  C:\Windows\System\WfdOjTY.exe
  2⤵
  PID:5144
- C:\Windows\System\eaWWYvA.exe
  C:\Windows\System\eaWWYvA.exe
  2⤵
  PID:5244
- C:\Windows\System\QqAQbus.exe
  C:\Windows\System\QqAQbus.exe
  2⤵
  PID:5308
- C:\Windows\System\tvBUGOv.exe
  C:\Windows\System\tvBUGOv.exe
  2⤵
  PID:5344
- C:\Windows\System\BQwBBFv.exe
  C:\Windows\System\BQwBBFv.exe
  2⤵
  PID:5420
- C:\Windows\System\NWypYEX.exe
  C:\Windows\System\NWypYEX.exe
  2⤵
  PID:5444
- C:\Windows\System\yECEbGZ.exe
  C:\Windows\System\yECEbGZ.exe
  2⤵
  PID:5500
- C:\Windows\System\BnxmsdG.exe
  C:\Windows\System\BnxmsdG.exe
  2⤵
  PID:5600
- C:\Windows\System\ASPCxKe.exe
  C:\Windows\System\ASPCxKe.exe
  2⤵
  PID:5604
- C:\Windows\System\rthkxUf.exe
  C:\Windows\System\rthkxUf.exe
  2⤵
  PID:5712
- C:\Windows\System\zuVoxts.exe
  C:\Windows\System\zuVoxts.exe
  2⤵
  PID:5764
- C:\Windows\System\LcHwAiT.exe
  C:\Windows\System\LcHwAiT.exe
  2⤵
  PID:5808
- C:\Windows\System\hxWXFdT.exe
  C:\Windows\System\hxWXFdT.exe
  2⤵
  PID:5852
- C:\Windows\System\klJDTYp.exe
  C:\Windows\System\klJDTYp.exe
  2⤵
  PID:5892
- C:\Windows\System\oszDyig.exe
  C:\Windows\System\oszDyig.exe
  2⤵
  PID:5976
- C:\Windows\System\VVeVbMr.exe
  C:\Windows\System\VVeVbMr.exe
  2⤵
  PID:6016
- C:\Windows\System\nPJUatv.exe
  C:\Windows\System\nPJUatv.exe
  2⤵
  PID:6088
- C:\Windows\System\SDqQsQP.exe
  C:\Windows\System\SDqQsQP.exe
  2⤵
  PID:3596
- C:\Windows\System\ezXsIEr.exe
  C:\Windows\System\ezXsIEr.exe
  2⤵
  PID:3672
- C:\Windows\System\zbGAOdG.exe
  C:\Windows\System\zbGAOdG.exe
  2⤵
  PID:3248
- C:\Windows\System\psDWlvE.exe
  C:\Windows\System\psDWlvE.exe
  2⤵
  PID:4288
- C:\Windows\System\ILzPaHk.exe
  C:\Windows\System\ILzPaHk.exe
  2⤵
  PID:6164
- C:\Windows\System\TIBfjjt.exe
  C:\Windows\System\TIBfjjt.exe
  2⤵
  PID:6184
- C:\Windows\System\yrEkCMS.exe
  C:\Windows\System\yrEkCMS.exe
  2⤵
  PID:6204
- C:\Windows\System\NsDHOms.exe
  C:\Windows\System\NsDHOms.exe
  2⤵
  PID:6224
- C:\Windows\System\EzRJGAq.exe
  C:\Windows\System\EzRJGAq.exe
  2⤵
  PID:6244
- C:\Windows\System\rJuUYAh.exe
  C:\Windows\System\rJuUYAh.exe
  2⤵
  PID:6264
- C:\Windows\System\QhscILv.exe
  C:\Windows\System\QhscILv.exe
  2⤵
  PID:6288
- C:\Windows\System\nsrMBUr.exe
  C:\Windows\System\nsrMBUr.exe
  2⤵
  PID:6308
- C:\Windows\System\UCkaUBM.exe
  C:\Windows\System\UCkaUBM.exe
  2⤵
  PID:6328
- C:\Windows\System\kxMakoO.exe
  C:\Windows\System\kxMakoO.exe
  2⤵
  PID:6348
- C:\Windows\System\RRIrRik.exe
  C:\Windows\System\RRIrRik.exe
  2⤵
  PID:6368
- C:\Windows\System\OnSBhCs.exe
  C:\Windows\System\OnSBhCs.exe
  2⤵
  PID:6388
- C:\Windows\System\ClBAWSP.exe
  C:\Windows\System\ClBAWSP.exe
  2⤵
  PID:6408
- C:\Windows\System\tOoxymE.exe
  C:\Windows\System\tOoxymE.exe
  2⤵
  PID:6428
- C:\Windows\System\TFzbUQe.exe
  C:\Windows\System\TFzbUQe.exe
  2⤵
  PID:6448
- C:\Windows\System\EvozZax.exe
  C:\Windows\System\EvozZax.exe
  2⤵
  PID:6468
- C:\Windows\System\oeaVjBM.exe
  C:\Windows\System\oeaVjBM.exe
  2⤵
  PID:6488
- C:\Windows\System\sOcrcGa.exe
  C:\Windows\System\sOcrcGa.exe
  2⤵
  PID:6508
- C:\Windows\System\mYWxIFb.exe
  C:\Windows\System\mYWxIFb.exe
  2⤵
  PID:6528
- C:\Windows\System\xEcwdTE.exe
  C:\Windows\System\xEcwdTE.exe
  2⤵
  PID:6548
- C:\Windows\System\GvnTWhC.exe
  C:\Windows\System\GvnTWhC.exe
  2⤵
  PID:6568
- C:\Windows\System\mXoSCDA.exe
  C:\Windows\System\mXoSCDA.exe
  2⤵
  PID:6588
- C:\Windows\System\NiTAggd.exe
  C:\Windows\System\NiTAggd.exe
  2⤵
  PID:6608
- C:\Windows\System\XGfOiDA.exe
  C:\Windows\System\XGfOiDA.exe
  2⤵
  PID:6632
- C:\Windows\System\yQacVhe.exe
  C:\Windows\System\yQacVhe.exe
  2⤵
  PID:6652
- C:\Windows\System\pZUYVXJ.exe
  C:\Windows\System\pZUYVXJ.exe
  2⤵
  PID:6672
- C:\Windows\System\LPmTjTX.exe
  C:\Windows\System\LPmTjTX.exe
  2⤵
  PID:6692
- C:\Windows\System\sCTrjds.exe
  C:\Windows\System\sCTrjds.exe
  2⤵
  PID:6712
- C:\Windows\System\OxAptQl.exe
  C:\Windows\System\OxAptQl.exe
  2⤵
  PID:6732
- C:\Windows\System\DiIWNMF.exe
  C:\Windows\System\DiIWNMF.exe
  2⤵
  PID:6752
- C:\Windows\System\tNRqfoO.exe
  C:\Windows\System\tNRqfoO.exe
  2⤵
  PID:6772
- C:\Windows\System\oMFonbt.exe
  C:\Windows\System\oMFonbt.exe
  2⤵
  PID:6792
- C:\Windows\System\SWGAulJ.exe
  C:\Windows\System\SWGAulJ.exe
  2⤵
  PID:6812
- C:\Windows\System\OHbrccO.exe
  C:\Windows\System\OHbrccO.exe
  2⤵
  PID:6832
- C:\Windows\System\lhuIHOo.exe
  C:\Windows\System\lhuIHOo.exe
  2⤵
  PID:6852
- C:\Windows\System\GucTYlj.exe
  C:\Windows\System\GucTYlj.exe
  2⤵
  PID:6872
- C:\Windows\System\VFBkwWC.exe
  C:\Windows\System\VFBkwWC.exe
  2⤵
  PID:6892
- C:\Windows\System\UlgXPpS.exe
  C:\Windows\System\UlgXPpS.exe
  2⤵
  PID:6912
- C:\Windows\System\rVeJDas.exe
  C:\Windows\System\rVeJDas.exe
  2⤵
  PID:6932
- C:\Windows\System\tClfOHM.exe
  C:\Windows\System\tClfOHM.exe
  2⤵
  PID:6952
- C:\Windows\System\EmiiPsp.exe
  C:\Windows\System\EmiiPsp.exe
  2⤵
  PID:6972
- C:\Windows\System\TUimkOH.exe
  C:\Windows\System\TUimkOH.exe
  2⤵
  PID:6992
- C:\Windows\System\huxDWGx.exe
  C:\Windows\System\huxDWGx.exe
  2⤵
  PID:7012
- C:\Windows\System\SkIHIkK.exe
  C:\Windows\System\SkIHIkK.exe
  2⤵
  PID:7032
- C:\Windows\System\zvYZKrh.exe
  C:\Windows\System\zvYZKrh.exe
  2⤵
  PID:7052
- C:\Windows\System\hELUXDY.exe
  C:\Windows\System\hELUXDY.exe
  2⤵
  PID:7072
- C:\Windows\System\ZdOyGbJ.exe
  C:\Windows\System\ZdOyGbJ.exe
  2⤵
  PID:7092
- C:\Windows\System\GbfVRuA.exe
  C:\Windows\System\GbfVRuA.exe
  2⤵
  PID:7112
- C:\Windows\System\uVSQhHO.exe
  C:\Windows\System\uVSQhHO.exe
  2⤵
  PID:7132
- C:\Windows\System\RSbHNNc.exe
  C:\Windows\System\RSbHNNc.exe
  2⤵
  PID:7148
- C:\Windows\System\TZEJgcx.exe
  C:\Windows\System\TZEJgcx.exe
  2⤵
  PID:4312
- C:\Windows\System\pZJIpmD.exe
  C:\Windows\System\pZJIpmD.exe
  2⤵
  PID:1988
- C:\Windows\System\LReXRJB.exe
  C:\Windows\System\LReXRJB.exe
  2⤵
  PID:5056
- C:\Windows\System\rOvzjVu.exe
  C:\Windows\System\rOvzjVu.exe
  2⤵
  PID:5088
- C:\Windows\System\OgaNWez.exe
  C:\Windows\System\OgaNWez.exe
  2⤵
  PID:5160
- C:\Windows\System\qXcEZCY.exe
  C:\Windows\System\qXcEZCY.exe
  2⤵
  PID:5268
- C:\Windows\System\PWNwAvU.exe
  C:\Windows\System\PWNwAvU.exe
  2⤵
  PID:5428
- C:\Windows\System\LsQrKNA.exe
  C:\Windows\System\LsQrKNA.exe
  2⤵
  PID:5540
- C:\Windows\System\cNKJWmn.exe
  C:\Windows\System\cNKJWmn.exe
  2⤵
  PID:5560
- C:\Windows\System\bvQPmEx.exe
  C:\Windows\System\bvQPmEx.exe
  2⤵
  PID:5692
- C:\Windows\System\CpYfejp.exe
  C:\Windows\System\CpYfejp.exe
  2⤵
  PID:5816
- C:\Windows\System\lsrDvFQ.exe
  C:\Windows\System\lsrDvFQ.exe
  2⤵
  PID:5848
- C:\Windows\System\pDmEFus.exe
  C:\Windows\System\pDmEFus.exe
  2⤵
  PID:5952
- C:\Windows\System\AmxtWON.exe
  C:\Windows\System\AmxtWON.exe
  2⤵
  PID:6056
- C:\Windows\System\iutOQVt.exe
  C:\Windows\System\iutOQVt.exe
  2⤵
  PID:2480
- C:\Windows\System\fMgJnDj.exe
  C:\Windows\System\fMgJnDj.exe
  2⤵
  PID:4000
- C:\Windows\System\rFfHCFW.exe
  C:\Windows\System\rFfHCFW.exe
  2⤵
  PID:6156
- C:\Windows\System\wgQLseZ.exe
  C:\Windows\System\wgQLseZ.exe
  2⤵
  PID:6192
- C:\Windows\System\AdDWyAl.exe
  C:\Windows\System\AdDWyAl.exe
  2⤵
  PID:6232
- C:\Windows\System\TdZeOBG.exe
  C:\Windows\System\TdZeOBG.exe
  2⤵
  PID:6256
- C:\Windows\System\AJWhDKq.exe
  C:\Windows\System\AJWhDKq.exe
  2⤵
  PID:6316
- C:\Windows\System\cYMDnWq.exe
  C:\Windows\System\cYMDnWq.exe
  2⤵
  PID:6336
- C:\Windows\System\LAuvufy.exe
  C:\Windows\System\LAuvufy.exe
  2⤵
  PID:6376
- C:\Windows\System\sMUiulZ.exe
  C:\Windows\System\sMUiulZ.exe
  2⤵
  PID:6400
- C:\Windows\System\VFcSjCA.exe
  C:\Windows\System\VFcSjCA.exe
  2⤵
  PID:6444
- C:\Windows\System\TnPVncF.exe
  C:\Windows\System\TnPVncF.exe
  2⤵
  PID:6476
- C:\Windows\System\OZpRVVr.exe
  C:\Windows\System\OZpRVVr.exe
  2⤵
  PID:6504
- C:\Windows\System\uryFTnZ.exe
  C:\Windows\System\uryFTnZ.exe
  2⤵
  PID:6536
- C:\Windows\System\xchXQeV.exe
  C:\Windows\System\xchXQeV.exe
  2⤵
  PID:6540
- C:\Windows\System\nPyDTtv.exe
  C:\Windows\System\nPyDTtv.exe
  2⤵
  PID:6580
- C:\Windows\System\MzfKMvR.exe
  C:\Windows\System\MzfKMvR.exe
  2⤵
  PID:6648
- C:\Windows\System\mmbNnoQ.exe
  C:\Windows\System\mmbNnoQ.exe
  2⤵
  PID:6280
- C:\Windows\System\PAfPpGg.exe
  C:\Windows\System\PAfPpGg.exe
  2⤵
  PID:6660
- C:\Windows\System\BobHYRL.exe
  C:\Windows\System\BobHYRL.exe
  2⤵
  PID:6840
- C:\Windows\System\HLZfMfY.exe
  C:\Windows\System\HLZfMfY.exe
  2⤵
  PID:6880
- C:\Windows\System\AUyzjUh.exe
  C:\Windows\System\AUyzjUh.exe
  2⤵
  PID:6864
- C:\Windows\System\kxoTLAZ.exe
  C:\Windows\System\kxoTLAZ.exe
  2⤵
  PID:6924
- C:\Windows\System\PjEJPLv.exe
  C:\Windows\System\PjEJPLv.exe
  2⤵
  PID:6968
- C:\Windows\System\goRMDbp.exe
  C:\Windows\System\goRMDbp.exe
  2⤵
  PID:6980
- C:\Windows\System\NhFZYzl.exe
  C:\Windows\System\NhFZYzl.exe
  2⤵
  PID:7048
- C:\Windows\System\fIWnBCc.exe
  C:\Windows\System\fIWnBCc.exe
  2⤵
  PID:7028
- C:\Windows\System\shIakfy.exe
  C:\Windows\System\shIakfy.exe
  2⤵
  PID:7088
- C:\Windows\System\llIyXtu.exe
  C:\Windows\System\llIyXtu.exe
  2⤵
  PID:7084
- C:\Windows\System\fhzFSZa.exe
  C:\Windows\System\fhzFSZa.exe
  2⤵
  PID:7100
- C:\Windows\System\RdSIFap.exe
  C:\Windows\System\RdSIFap.exe
  2⤵
  PID:7160
- C:\Windows\System\crDcDzm.exe
  C:\Windows\System\crDcDzm.exe
  2⤵
  PID:4452
- C:\Windows\System\LWlgEZs.exe
  C:\Windows\System\LWlgEZs.exe
  2⤵
  PID:4892
- C:\Windows\System\OAIPwfX.exe
  C:\Windows\System\OAIPwfX.exe
  2⤵
  PID:5448
- C:\Windows\System\ptrafaH.exe
  C:\Windows\System\ptrafaH.exe
  2⤵
  PID:5568
- C:\Windows\System\IjOoGXy.exe
  C:\Windows\System\IjOoGXy.exe
  2⤵
  PID:5744
- C:\Windows\System\SifyWPu.exe
  C:\Windows\System\SifyWPu.exe
  2⤵
  PID:5932
- C:\Windows\System\HdYTgNw.exe
  C:\Windows\System\HdYTgNw.exe
  2⤵
  PID:5836
- C:\Windows\System\gtONcIW.exe
  C:\Windows\System\gtONcIW.exe
  2⤵
  PID:6132
- C:\Windows\System\OoPswkq.exe
  C:\Windows\System\OoPswkq.exe
  2⤵
  PID:6068
- C:\Windows\System\YLvTDeP.exe
  C:\Windows\System\YLvTDeP.exe
  2⤵
  PID:6212
- C:\Windows\System\kbmqcAr.exe
  C:\Windows\System\kbmqcAr.exe
  2⤵
  PID:2380
- C:\Windows\System\eWYHGPe.exe
  C:\Windows\System\eWYHGPe.exe
  2⤵
  PID:6176
- C:\Windows\System\IToGzxj.exe
  C:\Windows\System\IToGzxj.exe
  2⤵
  PID:6416
- C:\Windows\System\jVpsqlk.exe
  C:\Windows\System\jVpsqlk.exe
  2⤵
  PID:6320
- C:\Windows\System\icdcNjd.exe
  C:\Windows\System\icdcNjd.exe
  2⤵
  PID:6556
- C:\Windows\System\dhUHVLu.exe
  C:\Windows\System\dhUHVLu.exe
  2⤵
  PID:6688
- C:\Windows\System\WnNlBGK.exe
  C:\Windows\System\WnNlBGK.exe
  2⤵
  PID:6404
- C:\Windows\System\pzFGKbJ.exe
  C:\Windows\System\pzFGKbJ.exe
  2⤵
  PID:6464
- C:\Windows\System\HvgwpnR.exe
  C:\Windows\System\HvgwpnR.exe
  2⤵
  PID:6828
- C:\Windows\System\jAmRSUa.exe
  C:\Windows\System\jAmRSUa.exe
  2⤵
  PID:6920
- C:\Windows\System\IlVZLCM.exe
  C:\Windows\System\IlVZLCM.exe
  2⤵
  PID:6984
- C:\Windows\System\CtMUODA.exe
  C:\Windows\System\CtMUODA.exe
  2⤵
  PID:7064
- C:\Windows\System\MAiJjxt.exe
  C:\Windows\System\MAiJjxt.exe
  2⤵
  PID:2908
- C:\Windows\System\leukKlu.exe
  C:\Windows\System\leukKlu.exe
  2⤵
  PID:7164
- C:\Windows\System\hmuVDGq.exe
  C:\Windows\System\hmuVDGq.exe
  2⤵
  PID:6868
- C:\Windows\System\uxOgTOf.exe
  C:\Windows\System\uxOgTOf.exe
  2⤵
  PID:6940
- C:\Windows\System\wkgVzit.exe
  C:\Windows\System\wkgVzit.exe
  2⤵
  PID:5360
- C:\Windows\System\hqKKjuh.exe
  C:\Windows\System\hqKKjuh.exe
  2⤵
  PID:6904
- C:\Windows\System\UFoKliz.exe
  C:\Windows\System\UFoKliz.exe
  2⤵
  PID:7080
- C:\Windows\System\ISpfRwE.exe
  C:\Windows\System\ISpfRwE.exe
  2⤵
  PID:1608
- C:\Windows\System\GqwKtjp.exe
  C:\Windows\System\GqwKtjp.exe
  2⤵
  PID:5204
- C:\Windows\System\XsAfuSR.exe
  C:\Windows\System\XsAfuSR.exe
  2⤵
  PID:6220
- C:\Windows\System\htChscK.exe
  C:\Windows\System\htChscK.exe
  2⤵
  PID:3028
- C:\Windows\System\wjYgRbu.exe
  C:\Windows\System\wjYgRbu.exe
  2⤵
  PID:5468
- C:\Windows\System\aTTcPpS.exe
  C:\Windows\System\aTTcPpS.exe
  2⤵
  PID:6560
- C:\Windows\System\GoeMKxz.exe
  C:\Windows\System\GoeMKxz.exe
  2⤵
  PID:6460
- C:\Windows\System\xKbuJKW.exe
  C:\Windows\System\xKbuJKW.exe
  2⤵
  PID:6988
- C:\Windows\System\KOScbam.exe
  C:\Windows\System\KOScbam.exe
  2⤵
  PID:6728
- C:\Windows\System\zuBUTPu.exe
  C:\Windows\System\zuBUTPu.exe
  2⤵
  PID:5776
- C:\Windows\System\YQMldZk.exe
  C:\Windows\System\YQMldZk.exe
  2⤵
  PID:5992
- C:\Windows\System\zRcWVCf.exe
  C:\Windows\System\zRcWVCf.exe
  2⤵
  PID:5996
- C:\Windows\System\oDCMrkX.exe
  C:\Windows\System\oDCMrkX.exe
  2⤵
  PID:6616
- C:\Windows\System\TXPPZsF.exe
  C:\Windows\System\TXPPZsF.exe
  2⤵
  PID:6496
- C:\Windows\System\kBqyVoF.exe
  C:\Windows\System\kBqyVoF.exe
  2⤵
  PID:6380
- C:\Windows\System\leWbAFe.exe
  C:\Windows\System\leWbAFe.exe
  2⤵
  PID:6576
- C:\Windows\System\RYgvlHN.exe
  C:\Windows\System\RYgvlHN.exe
  2⤵
  PID:6948
- C:\Windows\System\ziGcvnp.exe
  C:\Windows\System\ziGcvnp.exe
  2⤵
  PID:1436
- C:\Windows\System\wdUaCNU.exe
  C:\Windows\System\wdUaCNU.exe
  2⤵
  PID:4388
- C:\Windows\System\UfYUJNC.exe
  C:\Windows\System\UfYUJNC.exe
  2⤵
  PID:6152
- C:\Windows\System\phKtDVt.exe
  C:\Windows\System\phKtDVt.exe
  2⤵
  PID:7176
- C:\Windows\System\sNmYmtY.exe
  C:\Windows\System\sNmYmtY.exe
  2⤵
  PID:7196
- C:\Windows\System\bRjiTGk.exe
  C:\Windows\System\bRjiTGk.exe
  2⤵
  PID:7216
- C:\Windows\System\BZTGiot.exe
  C:\Windows\System\BZTGiot.exe
  2⤵
  PID:7232
- C:\Windows\System\fDOgbGg.exe
  C:\Windows\System\fDOgbGg.exe
  2⤵
  PID:7248
- C:\Windows\System\jbqyaCR.exe
  C:\Windows\System\jbqyaCR.exe
  2⤵
  PID:7268
- C:\Windows\System\IOcioHg.exe
  C:\Windows\System\IOcioHg.exe
  2⤵
  PID:7284
- C:\Windows\System\ZrHdUyR.exe
  C:\Windows\System\ZrHdUyR.exe
  2⤵
  PID:7304
- C:\Windows\System\cGBHcuL.exe
  C:\Windows\System\cGBHcuL.exe
  2⤵
  PID:7320
- C:\Windows\System\nlpDbCr.exe
  C:\Windows\System\nlpDbCr.exe
  2⤵
  PID:7340
- C:\Windows\System\JdeYbsv.exe
  C:\Windows\System\JdeYbsv.exe
  2⤵
  PID:7360
- C:\Windows\System\dirPBKI.exe
  C:\Windows\System\dirPBKI.exe
  2⤵
  PID:7376
- C:\Windows\System\PhHpChc.exe
  C:\Windows\System\PhHpChc.exe
  2⤵
  PID:7396
- C:\Windows\System\ULLbVnr.exe
  C:\Windows\System\ULLbVnr.exe
  2⤵
  PID:7412
- C:\Windows\System\OUBgydA.exe
  C:\Windows\System\OUBgydA.exe
  2⤵
  PID:7428
- C:\Windows\System\XKscLBp.exe
  C:\Windows\System\XKscLBp.exe
  2⤵
  PID:7448
- C:\Windows\System\TkawwFe.exe
  C:\Windows\System\TkawwFe.exe
  2⤵
  PID:7468
- C:\Windows\System\UmVFlgV.exe
  C:\Windows\System\UmVFlgV.exe
  2⤵
  PID:7496
- C:\Windows\System\gqDtYUO.exe
  C:\Windows\System\gqDtYUO.exe
  2⤵
  PID:7516
- C:\Windows\System\XaiNOVw.exe
  C:\Windows\System\XaiNOVw.exe
  2⤵
  PID:7532
- C:\Windows\System\WwJgxqf.exe
  C:\Windows\System\WwJgxqf.exe
  2⤵
  PID:7552
- C:\Windows\System\lkhWIkD.exe
  C:\Windows\System\lkhWIkD.exe
  2⤵
  PID:7568
- C:\Windows\System\RSMZLvA.exe
  C:\Windows\System\RSMZLvA.exe
  2⤵
  PID:7588
- C:\Windows\System\VzpGLPu.exe
  C:\Windows\System\VzpGLPu.exe
  2⤵
  PID:7604
- C:\Windows\System\JNSTlTs.exe
  C:\Windows\System\JNSTlTs.exe
  2⤵
  PID:7624
- C:\Windows\System\ADVrJIw.exe
  C:\Windows\System\ADVrJIw.exe
  2⤵
  PID:7644
- C:\Windows\System\yKHwitU.exe
  C:\Windows\System\yKHwitU.exe
  2⤵
  PID:7688
- C:\Windows\System\mwGZBXf.exe
  C:\Windows\System\mwGZBXf.exe
  2⤵
  PID:7716
- C:\Windows\System\NHqNqKh.exe
  C:\Windows\System\NHqNqKh.exe
  2⤵
  PID:7732
- C:\Windows\System\PWsTGgs.exe
  C:\Windows\System\PWsTGgs.exe
  2⤵
  PID:7756
- C:\Windows\System\uzYYugz.exe
  C:\Windows\System\uzYYugz.exe
  2⤵
  PID:7780
- C:\Windows\System\FbDHhwv.exe
  C:\Windows\System\FbDHhwv.exe
  2⤵
  PID:7800
- C:\Windows\System\AOQDMXX.exe
  C:\Windows\System\AOQDMXX.exe
  2⤵
  PID:7816
- C:\Windows\System\cNsiwfY.exe
  C:\Windows\System\cNsiwfY.exe
  2⤵
  PID:7844
- C:\Windows\System\inBLsXw.exe
  C:\Windows\System\inBLsXw.exe
  2⤵
  PID:7860
- C:\Windows\System\CsutMqI.exe
  C:\Windows\System\CsutMqI.exe
  2⤵
  PID:7880
- C:\Windows\System\LiAFvgF.exe
  C:\Windows\System\LiAFvgF.exe
  2⤵
  PID:7900
- C:\Windows\System\JgvuNZT.exe
  C:\Windows\System\JgvuNZT.exe
  2⤵
  PID:7920
- C:\Windows\System\FPgHNpR.exe
  C:\Windows\System\FPgHNpR.exe
  2⤵
  PID:7936
- C:\Windows\System\mYMAQYO.exe
  C:\Windows\System\mYMAQYO.exe
  2⤵
  PID:7960
- C:\Windows\System\WmqPxYV.exe
  C:\Windows\System\WmqPxYV.exe
  2⤵
  PID:7984
- C:\Windows\System\UgdAcKj.exe
  C:\Windows\System\UgdAcKj.exe
  2⤵
  PID:8004
- C:\Windows\System\tDmbzkh.exe
  C:\Windows\System\tDmbzkh.exe
  2⤵
  PID:8024
- C:\Windows\System\xwqfvVZ.exe
  C:\Windows\System\xwqfvVZ.exe
  2⤵
  PID:8044
- C:\Windows\System\VICwMHt.exe
  C:\Windows\System\VICwMHt.exe
  2⤵
  PID:8064
- C:\Windows\System\GHEPKke.exe
  C:\Windows\System\GHEPKke.exe
  2⤵
  PID:8084
- C:\Windows\System\KAHqyfS.exe
  C:\Windows\System\KAHqyfS.exe
  2⤵
  PID:8108
- C:\Windows\System\xgDmzDe.exe
  C:\Windows\System\xgDmzDe.exe
  2⤵
  PID:8128
- C:\Windows\System\MeZRAli.exe
  C:\Windows\System\MeZRAli.exe
  2⤵
  PID:8144
- C:\Windows\System\rHeEEBb.exe
  C:\Windows\System\rHeEEBb.exe
  2⤵
  PID:8164
- C:\Windows\System\kzMCfCW.exe
  C:\Windows\System\kzMCfCW.exe
  2⤵
  PID:8188
- C:\Windows\System\yvbEZvW.exe
  C:\Windows\System\yvbEZvW.exe
  2⤵
  PID:6276
- C:\Windows\System\LcjDpqU.exe
  C:\Windows\System\LcjDpqU.exe
  2⤵
  PID:6252
- C:\Windows\System\FKcNqhK.exe
  C:\Windows\System\FKcNqhK.exe
  2⤵
  PID:4544
- C:\Windows\System\NEdJiDm.exe
  C:\Windows\System\NEdJiDm.exe
  2⤵
  PID:7144
- C:\Windows\System\udrDMIC.exe
  C:\Windows\System\udrDMIC.exe
  2⤵
  PID:2832
- C:\Windows\System\NtwXCKQ.exe
  C:\Windows\System\NtwXCKQ.exe
  2⤵
  PID:6520
- C:\Windows\System\oLbdpuT.exe
  C:\Windows\System\oLbdpuT.exe
  2⤵
  PID:1488
- C:\Windows\System\uRdLMfN.exe
  C:\Windows\System\uRdLMfN.exe
  2⤵
  PID:7212
- C:\Windows\System\XanqrXT.exe
  C:\Windows\System\XanqrXT.exe
  2⤵
  PID:7312
- C:\Windows\System\XsLrlnF.exe
  C:\Windows\System\XsLrlnF.exe
  2⤵
  PID:7384
- C:\Windows\System\OgMLFQA.exe
  C:\Windows\System\OgMLFQA.exe
  2⤵
  PID:6284
- C:\Windows\System\nEFAaXX.exe
  C:\Windows\System\nEFAaXX.exe
  2⤵
  PID:7504
- C:\Windows\System\kPKuwsn.exe
  C:\Windows\System\kPKuwsn.exe
  2⤵
  PID:7540
- C:\Windows\System\SyzMVjy.exe
  C:\Windows\System\SyzMVjy.exe
  2⤵
  PID:572
- C:\Windows\System\MdYJbMZ.exe
  C:\Windows\System\MdYJbMZ.exe
  2⤵
  PID:2972
- C:\Windows\System\CqTaVsd.exe
  C:\Windows\System\CqTaVsd.exe
  2⤵
  PID:6424
- C:\Windows\System\rlBESqo.exe
  C:\Windows\System\rlBESqo.exe
  2⤵
  PID:7192
- C:\Windows\System\OsrbDgB.exe
  C:\Windows\System\OsrbDgB.exe
  2⤵
  PID:7224
- C:\Windows\System\GMIEQYt.exe
  C:\Windows\System\GMIEQYt.exe
  2⤵
  PID:7264
- C:\Windows\System\FVQAZPz.exe
  C:\Windows\System\FVQAZPz.exe
  2⤵
  PID:7656
- C:\Windows\System\WQnaTnQ.exe
  C:\Windows\System\WQnaTnQ.exe
  2⤵
  PID:7676
- C:\Windows\System\AebOXBV.exe
  C:\Windows\System\AebOXBV.exe
  2⤵
  PID:7292
- C:\Windows\System\YGqXefW.exe
  C:\Windows\System\YGqXefW.exe
  2⤵
  PID:7528
- C:\Windows\System\bqBPejY.exe
  C:\Windows\System\bqBPejY.exe
  2⤵
  PID:7436
- C:\Windows\System\LZMEcAS.exe
  C:\Windows\System\LZMEcAS.exe
  2⤵
  PID:7368
- C:\Windows\System\zFKEpEI.exe
  C:\Windows\System\zFKEpEI.exe
  2⤵
  PID:2996
- C:\Windows\System\lLBUPoX.exe
  C:\Windows\System\lLBUPoX.exe
  2⤵
  PID:7632
- C:\Windows\System\XRBkVIb.exe
  C:\Windows\System\XRBkVIb.exe
  2⤵
  PID:7812
- C:\Windows\System\sQcFQRh.exe
  C:\Windows\System\sQcFQRh.exe
  2⤵
  PID:7856
- C:\Windows\System\docayxV.exe
  C:\Windows\System\docayxV.exe
  2⤵
  PID:7744
- C:\Windows\System\owBDSLR.exe
  C:\Windows\System\owBDSLR.exe
  2⤵
  PID:7788
- C:\Windows\System\pzIyhFY.exe
  C:\Windows\System\pzIyhFY.exe
  2⤵
  PID:7976
- C:\Windows\System\SvvENcq.exe
  C:\Windows\System\SvvENcq.exe
  2⤵
  PID:7836
- C:\Windows\System\sRbkxzC.exe
  C:\Windows\System\sRbkxzC.exe
  2⤵
  PID:7876
- C:\Windows\System\FFoAGYY.exe
  C:\Windows\System\FFoAGYY.exe
  2⤵
  PID:8020
- C:\Windows\System\GGzMhmK.exe
  C:\Windows\System\GGzMhmK.exe
  2⤵
  PID:7952
- C:\Windows\System\iNmZepj.exe
  C:\Windows\System\iNmZepj.exe
  2⤵
  PID:8060
- C:\Windows\System\qGKyWZh.exe
  C:\Windows\System\qGKyWZh.exe
  2⤵
  PID:8100
- C:\Windows\System\HmMizSz.exe
  C:\Windows\System\HmMizSz.exe
  2⤵
  PID:8036
- C:\Windows\System\ZuBprSw.exe
  C:\Windows\System\ZuBprSw.exe
  2⤵
  PID:8140
- C:\Windows\System\xQpeuNg.exe
  C:\Windows\System\xQpeuNg.exe
  2⤵
  PID:8176
- C:\Windows\System\WMbrmdU.exe
  C:\Windows\System\WMbrmdU.exe
  2⤵
  PID:8156
- C:\Windows\System\OaopGMI.exe
  C:\Windows\System\OaopGMI.exe
  2⤵
  PID:5704
- C:\Windows\System\HTGzOws.exe
  C:\Windows\System\HTGzOws.exe
  2⤵
  PID:2708
- C:\Windows\System\iDBlaYQ.exe
  C:\Windows\System\iDBlaYQ.exe
  2⤵
  PID:5936
- C:\Windows\System\HwWAeLp.exe
  C:\Windows\System\HwWAeLp.exe
  2⤵
  PID:7208
- C:\Windows\System\TbsFBos.exe
  C:\Windows\System\TbsFBos.exe
  2⤵
  PID:6644
- C:\Windows\System\IKLKqog.exe
  C:\Windows\System\IKLKqog.exe
  2⤵
  PID:7128
- C:\Windows\System\KlcJQjA.exe
  C:\Windows\System\KlcJQjA.exe
  2⤵
  PID:7280
- C:\Windows\System\LWdApab.exe
  C:\Windows\System\LWdApab.exe
  2⤵
  PID:6480
- C:\Windows\System\mTFqSEs.exe
  C:\Windows\System\mTFqSEs.exe
  2⤵
  PID:7508
- C:\Windows\System\iFUkHtU.exe
  C:\Windows\System\iFUkHtU.exe
  2⤵
  PID:7512
- C:\Windows\System\fThzLzQ.exe
  C:\Windows\System\fThzLzQ.exe
  2⤵
  PID:7336
- C:\Windows\System\ehKlKDD.exe
  C:\Windows\System\ehKlKDD.exe
  2⤵
  PID:6860
- C:\Windows\System\mBEAqwr.exe
  C:\Windows\System\mBEAqwr.exe
  2⤵
  PID:2860
- C:\Windows\System\nABjtYr.exe
  C:\Windows\System\nABjtYr.exe
  2⤵
  PID:7664
- C:\Windows\System\jOSbLEm.exe
  C:\Windows\System\jOSbLEm.exe
  2⤵
  PID:7680
- C:\Windows\System\MCfqrAs.exe
  C:\Windows\System\MCfqrAs.exe
  2⤵
  PID:7808
- C:\Windows\System\cOVEVaW.exe
  C:\Windows\System\cOVEVaW.exe
  2⤵
  PID:7708
- C:\Windows\System\uypTtPK.exe
  C:\Windows\System\uypTtPK.exe
  2⤵
  PID:7764
- C:\Windows\System\ILfwKkf.exe
  C:\Windows\System\ILfwKkf.exe
  2⤵
  PID:7888
- C:\Windows\System\TrMxGby.exe
  C:\Windows\System\TrMxGby.exe
  2⤵
  PID:7892
- C:\Windows\System\TnQGerm.exe
  C:\Windows\System\TnQGerm.exe
  2⤵
  PID:2680
- C:\Windows\System\cqGlhla.exe
  C:\Windows\System\cqGlhla.exe
  2⤵
  PID:7944
- C:\Windows\System\UZWlHDq.exe
  C:\Windows\System\UZWlHDq.exe
  2⤵
  PID:8000
- C:\Windows\System\zlxzrgz.exe
  C:\Windows\System\zlxzrgz.exe
  2⤵
  PID:8076
- C:\Windows\System\rsswQHx.exe
  C:\Windows\System\rsswQHx.exe
  2⤵
  PID:8096
- C:\Windows\System\HTvjNKw.exe
  C:\Windows\System\HTvjNKw.exe
  2⤵
  PID:8180
- C:\Windows\System\DCOdERm.exe
  C:\Windows\System\DCOdERm.exe
  2⤵
  PID:1644
- C:\Windows\System\CZLWJsF.exe
  C:\Windows\System\CZLWJsF.exe
  2⤵
  PID:6944
- C:\Windows\System\oeNUphH.exe
  C:\Windows\System\oeNUphH.exe
  2⤵
  PID:7348
- C:\Windows\System\SBvecNx.exe
  C:\Windows\System\SBvecNx.exe
  2⤵
  PID:5520
- C:\Windows\System\aFFPVJv.exe
  C:\Windows\System\aFFPVJv.exe
  2⤵
  PID:2772
- C:\Windows\System\bYWfSgi.exe
  C:\Windows\System\bYWfSgi.exe
  2⤵
  PID:7188
- C:\Windows\System\ILjIWJb.exe
  C:\Windows\System\ILjIWJb.exe
  2⤵
  PID:7544
- C:\Windows\System\bJgVBCh.exe
  C:\Windows\System\bJgVBCh.exe
  2⤵
  PID:7548
- C:\Windows\System\Dbkpshm.exe
  C:\Windows\System\Dbkpshm.exe
  2⤵
  PID:7296
- C:\Windows\System\QNJKGlK.exe
  C:\Windows\System\QNJKGlK.exe
  2⤵
  PID:7672
- C:\Windows\System\iBaCwQI.exe
  C:\Windows\System\iBaCwQI.exe
  2⤵
  PID:7712
- C:\Windows\System\fPfXwUA.exe
  C:\Windows\System\fPfXwUA.exe
  2⤵
  PID:7700
- C:\Windows\System\kbwYNVx.exe
  C:\Windows\System\kbwYNVx.exe
  2⤵
  PID:7932
- C:\Windows\System\XpHOPXN.exe
  C:\Windows\System\XpHOPXN.exe
  2⤵
  PID:7828
- C:\Windows\System\iQjGQac.exe
  C:\Windows\System\iQjGQac.exe
  2⤵
  PID:8072
- C:\Windows\System\uKXeTDd.exe
  C:\Windows\System\uKXeTDd.exe
  2⤵
  PID:8172
- C:\Windows\System\JhOsZmM.exe
  C:\Windows\System\JhOsZmM.exe
  2⤵
  PID:7020
- C:\Windows\System\hQTDtse.exe
  C:\Windows\System\hQTDtse.exe
  2⤵
  PID:7352
- C:\Windows\System\cKBTjiT.exe
  C:\Windows\System\cKBTjiT.exe
  2⤵
  PID:5648
- C:\Windows\System\mDUSmwm.exe
  C:\Windows\System\mDUSmwm.exe
  2⤵
  PID:6344
- C:\Windows\System\xWDcJjv.exe
  C:\Windows\System\xWDcJjv.exe
  2⤵
  PID:7328
- C:\Windows\System\SpBpqYy.exe
  C:\Windows\System\SpBpqYy.exe
  2⤵
  PID:1272
- C:\Windows\System\LsdUYmT.exe
  C:\Windows\System\LsdUYmT.exe
  2⤵
  PID:7404
- C:\Windows\System\FULPHex.exe
  C:\Windows\System\FULPHex.exe
  2⤵
  PID:1332
- C:\Windows\System\FktgKQz.exe
  C:\Windows\System\FktgKQz.exe
  2⤵
  PID:7596
- C:\Windows\System\POzQMJa.exe
  C:\Windows\System\POzQMJa.exe
  2⤵
  PID:5032
- C:\Windows\System\zJdXQRG.exe
  C:\Windows\System\zJdXQRG.exe
  2⤵
  PID:8184
- C:\Windows\System\NMTTTLj.exe
  C:\Windows\System\NMTTTLj.exe
  2⤵
  PID:7004
- C:\Windows\System\eTqjras.exe
  C:\Windows\System\eTqjras.exe
  2⤵
  PID:7668
- C:\Windows\System\Nvcgeij.exe
  C:\Windows\System\Nvcgeij.exe
  2⤵
  PID:7832
- C:\Windows\System\xshOrUW.exe
  C:\Windows\System\xshOrUW.exe
  2⤵
  PID:7840
- C:\Windows\System\EEwiGlU.exe
  C:\Windows\System\EEwiGlU.exe
  2⤵
  PID:6700
- C:\Windows\System\rQPGKge.exe
  C:\Windows\System\rQPGKge.exe
  2⤵
  PID:8240
- C:\Windows\System\AZMcqTl.exe
  C:\Windows\System\AZMcqTl.exe
  2⤵
  PID:8260
- C:\Windows\System\gabKeiX.exe
  C:\Windows\System\gabKeiX.exe
  2⤵
  PID:8284
- C:\Windows\System\TarExtJ.exe
  C:\Windows\System\TarExtJ.exe
  2⤵
  PID:8304
- C:\Windows\System\wZObtCA.exe
  C:\Windows\System\wZObtCA.exe
  2⤵
  PID:8320
- C:\Windows\System\BeMivFI.exe
  C:\Windows\System\BeMivFI.exe
  2⤵
  PID:8344
- C:\Windows\System\BFmaoln.exe
  C:\Windows\System\BFmaoln.exe
  2⤵
  PID:8360
- C:\Windows\System\xWFmBRc.exe
  C:\Windows\System\xWFmBRc.exe
  2⤵
  PID:8392
- C:\Windows\System\KPuZwmo.exe
  C:\Windows\System\KPuZwmo.exe
  2⤵
  PID:8408
- C:\Windows\System\DwBPGYX.exe
  C:\Windows\System\DwBPGYX.exe
  2⤵
  PID:8432
- C:\Windows\System\RwANeMy.exe
  C:\Windows\System\RwANeMy.exe
  2⤵
  PID:8448
- C:\Windows\System\tVMBxfl.exe
  C:\Windows\System\tVMBxfl.exe
  2⤵
  PID:8468
- C:\Windows\System\KwVDaro.exe
  C:\Windows\System\KwVDaro.exe
  2⤵
  PID:8484
- C:\Windows\System\CLNcszP.exe
  C:\Windows\System\CLNcszP.exe
  2⤵
  PID:8504
- C:\Windows\System\xbCxaFZ.exe
  C:\Windows\System\xbCxaFZ.exe
  2⤵
  PID:8520
- C:\Windows\System\vhRlXNq.exe
  C:\Windows\System\vhRlXNq.exe
  2⤵
  PID:8536
- C:\Windows\System\WqGwCFM.exe
  C:\Windows\System\WqGwCFM.exe
  2⤵
  PID:8572
- C:\Windows\System\LHFupSY.exe
  C:\Windows\System\LHFupSY.exe
  2⤵
  PID:8588
- C:\Windows\System\zmUlkER.exe
  C:\Windows\System\zmUlkER.exe
  2⤵
  PID:8624
- C:\Windows\System\YeEXvzK.exe
  C:\Windows\System\YeEXvzK.exe
  2⤵
  PID:8640
- C:\Windows\System\pWTLuOX.exe
  C:\Windows\System\pWTLuOX.exe
  2⤵
  PID:8660
- C:\Windows\System\PMPlEfg.exe
  C:\Windows\System\PMPlEfg.exe
  2⤵
  PID:8684
- C:\Windows\System\ebnUTMq.exe
  C:\Windows\System\ebnUTMq.exe
  2⤵
  PID:8700
- C:\Windows\System\GWjzmkq.exe
  C:\Windows\System\GWjzmkq.exe
  2⤵
  PID:8716
- C:\Windows\System\OeQvOky.exe
  C:\Windows\System\OeQvOky.exe
  2⤵
  PID:8732
- C:\Windows\System\MGJInmq.exe
  C:\Windows\System\MGJInmq.exe
  2⤵
  PID:8748
- C:\Windows\System\tTegoQG.exe
  C:\Windows\System\tTegoQG.exe
  2⤵
  PID:8764
- C:\Windows\System\EtXxLng.exe
  C:\Windows\System\EtXxLng.exe
  2⤵
  PID:8780
- C:\Windows\System\aqZFQsG.exe
  C:\Windows\System\aqZFQsG.exe
  2⤵
  PID:8836
- C:\Windows\System\hLekexB.exe
  C:\Windows\System\hLekexB.exe
  2⤵
  PID:8852
- C:\Windows\System\VgRbJxx.exe
  C:\Windows\System\VgRbJxx.exe
  2⤵
  PID:8868
- C:\Windows\System\asaNDpx.exe
  C:\Windows\System\asaNDpx.exe
  2⤵
  PID:8884
- C:\Windows\System\uvlQwfI.exe
  C:\Windows\System\uvlQwfI.exe
  2⤵
  PID:8900
- C:\Windows\System\IKgApSl.exe
  C:\Windows\System\IKgApSl.exe
  2⤵
  PID:8916
- C:\Windows\System\vGEsRuQ.exe
  C:\Windows\System\vGEsRuQ.exe
  2⤵
  PID:8932
- C:\Windows\System\IVMZAVs.exe
  C:\Windows\System\IVMZAVs.exe
  2⤵
  PID:8980
- C:\Windows\System\GhUDqiL.exe
  C:\Windows\System\GhUDqiL.exe
  2⤵
  PID:8996
- C:\Windows\System\WIAtnAN.exe
  C:\Windows\System\WIAtnAN.exe
  2⤵
  PID:9012
- C:\Windows\System\gUAFFaC.exe
  C:\Windows\System\gUAFFaC.exe
  2⤵
  PID:9028
- C:\Windows\System\vtgpbxD.exe
  C:\Windows\System\vtgpbxD.exe
  2⤵
  PID:9048
- C:\Windows\System\EPxukgW.exe
  C:\Windows\System\EPxukgW.exe
  2⤵
  PID:9068
- C:\Windows\System\KmFDaTF.exe
  C:\Windows\System\KmFDaTF.exe
  2⤵
  PID:9088
- C:\Windows\System\nxUlpvR.exe
  C:\Windows\System\nxUlpvR.exe
  2⤵
  PID:9108
- C:\Windows\System\zoWdPOc.exe
  C:\Windows\System\zoWdPOc.exe
  2⤵
  PID:9124
- C:\Windows\System\XLyEbbn.exe
  C:\Windows\System\XLyEbbn.exe
  2⤵
  PID:9140
- C:\Windows\System\jGTjYBd.exe
  C:\Windows\System\jGTjYBd.exe
  2⤵
  PID:9160
- C:\Windows\System\jtwPjUj.exe
  C:\Windows\System\jtwPjUj.exe
  2⤵
  PID:9176
- C:\Windows\System\bSPGhnL.exe
  C:\Windows\System\bSPGhnL.exe
  2⤵
  PID:9196
- C:\Windows\System\gSlDFvq.exe
  C:\Windows\System\gSlDFvq.exe
  2⤵
  PID:9212
- C:\Windows\System\aFwACDw.exe
  C:\Windows\System\aFwACDw.exe
  2⤵
  PID:1572
- C:\Windows\System\GPhtXby.exe
  C:\Windows\System\GPhtXby.exe
  2⤵
  PID:7968
- C:\Windows\System\dUDTagm.exe
  C:\Windows\System\dUDTagm.exe
  2⤵
  PID:2316
- C:\Windows\System\EdDDhmc.exe
  C:\Windows\System\EdDDhmc.exe
  2⤵
  PID:8120
- C:\Windows\System\XxfviqZ.exe
  C:\Windows\System\XxfviqZ.exe
  2⤵
  PID:7260
- C:\Windows\System\uFicfIj.exe
  C:\Windows\System\uFicfIj.exe
  2⤵
  PID:8196
- C:\Windows\System\MFOJntf.exe
  C:\Windows\System\MFOJntf.exe
  2⤵
  PID:3832
- C:\Windows\System\PPhMUgT.exe
  C:\Windows\System\PPhMUgT.exe
  2⤵
  PID:7184
- C:\Windows\System\Cfshstc.exe
  C:\Windows\System\Cfshstc.exe
  2⤵
  PID:8200
- C:\Windows\System\lvZkfQZ.exe
  C:\Windows\System\lvZkfQZ.exe
  2⤵
  PID:1252
- C:\Windows\System\gtPumsc.exe
  C:\Windows\System\gtPumsc.exe
  2⤵
  PID:1148
- C:\Windows\System\fFTATxC.exe
  C:\Windows\System\fFTATxC.exe
  2⤵
  PID:8252
- C:\Windows\System\RFFGLkF.exe
  C:\Windows\System\RFFGLkF.exe
  2⤵
  PID:1708
- C:\Windows\System\WVravVb.exe
  C:\Windows\System\WVravVb.exe
  2⤵
  PID:8328
- C:\Windows\System\DkWvtAt.exe
  C:\Windows\System\DkWvtAt.exe
  2⤵
  PID:8340
- C:\Windows\System\lHgwPqf.exe
  C:\Windows\System\lHgwPqf.exe
  2⤵
  PID:2960
- C:\Windows\System\zqYGopJ.exe
  C:\Windows\System\zqYGopJ.exe
  2⤵
  PID:8584
- C:\Windows\System\ISZnlxd.exe
  C:\Windows\System\ISZnlxd.exe
  2⤵
  PID:8516
- C:\Windows\System\raYogqV.exe
  C:\Windows\System\raYogqV.exe
  2⤵
  PID:8596
- C:\Windows\System\sFMLLwP.exe
  C:\Windows\System\sFMLLwP.exe
  2⤵
  PID:8668
- C:\Windows\System\clkvZsZ.exe
  C:\Windows\System\clkvZsZ.exe
  2⤵
  PID:8712
- C:\Windows\System\MlWuJCy.exe
  C:\Windows\System\MlWuJCy.exe
  2⤵
  PID:8620
- C:\Windows\System\cqKjaak.exe
  C:\Windows\System\cqKjaak.exe
  2⤵
  PID:8724
- C:\Windows\System\APnSzmV.exe
  C:\Windows\System\APnSzmV.exe
  2⤵
  PID:2536
- C:\Windows\System\QeNqNIk.exe
  C:\Windows\System\QeNqNIk.exe
  2⤵
  PID:8804
- C:\Windows\System\pnIiQet.exe
  C:\Windows\System\pnIiQet.exe
  2⤵
  PID:8820
- C:\Windows\System\QgNuZgg.exe
  C:\Windows\System\QgNuZgg.exe
  2⤵
  PID:2732
- C:\Windows\System\ztzNnoT.exe
  C:\Windows\System\ztzNnoT.exe
  2⤵
  PID:8848
- C:\Windows\System\DIhxDOs.exe
  C:\Windows\System\DIhxDOs.exe
  2⤵
  PID:2752
- C:\Windows\System\MGHoopu.exe
  C:\Windows\System\MGHoopu.exe
  2⤵
  PID:8864
- C:\Windows\System\hEsNehU.exe
  C:\Windows\System\hEsNehU.exe
  2⤵
  PID:8896
- C:\Windows\System\PJKiSeN.exe
  C:\Windows\System\PJKiSeN.exe
  2⤵
  PID:8944
- C:\Windows\System\RWRGreR.exe
  C:\Windows\System\RWRGreR.exe
  2⤵
  PID:8928
- C:\Windows\System\GuHjIaN.exe
  C:\Windows\System\GuHjIaN.exe
  2⤵
  PID:1828
- C:\Windows\System\cjqEVPi.exe
  C:\Windows\System\cjqEVPi.exe
  2⤵
  PID:8976
- C:\Windows\System\sFeRnpM.exe
  C:\Windows\System\sFeRnpM.exe
  2⤵
  PID:9024
- C:\Windows\System\nqfuNBq.exe
  C:\Windows\System\nqfuNBq.exe
  2⤵
  PID:9004
- C:\Windows\System\NyPrAqC.exe
  C:\Windows\System\NyPrAqC.exe
  2⤵
  PID:9104
- C:\Windows\System\fQYryVS.exe
  C:\Windows\System\fQYryVS.exe
  2⤵
  PID:9076
- C:\Windows\System\OpTXjmL.exe
  C:\Windows\System\OpTXjmL.exe
  2⤵
  PID:9132
- C:\Windows\System\FkjaOsV.exe
  C:\Windows\System\FkjaOsV.exe
  2⤵
  PID:9156
- C:\Windows\System\rPPszyU.exe
  C:\Windows\System\rPPszyU.exe
  2⤵
  PID:6524
- C:\Windows\System\xAZqOiD.exe
  C:\Windows\System\xAZqOiD.exe
  2⤵
  PID:7996
- C:\Windows\System\ZgvIIJV.exe
  C:\Windows\System\ZgvIIJV.exe
  2⤵
  PID:7992
- C:\Windows\System\upDvJPU.exe
  C:\Windows\System\upDvJPU.exe
  2⤵
  PID:2808
- C:\Windows\System\kicmoDv.exe
  C:\Windows\System\kicmoDv.exe
  2⤵
  PID:4028
- C:\Windows\System\hfoZrda.exe
  C:\Windows\System\hfoZrda.exe
  2⤵
  PID:8212
- C:\Windows\System\Iswolwb.exe
  C:\Windows\System\Iswolwb.exe
  2⤵
  PID:2880
- C:\Windows\System\vOvdJIh.exe
  C:\Windows\System\vOvdJIh.exe
  2⤵
  PID:772
- C:\Windows\System\kampPyn.exe
  C:\Windows\System\kampPyn.exe
  2⤵
  PID:8940
- C:\Windows\System\mymadDo.exe
  C:\Windows\System\mymadDo.exe
  2⤵
  PID:8312
- C:\Windows\System\qUyDNEi.exe
  C:\Windows\System\qUyDNEi.exe
  2⤵
  PID:8460
- C:\Windows\System\jgmApyh.exe
  C:\Windows\System\jgmApyh.exe
  2⤵
  PID:8496
- C:\Windows\System\YQftPzZ.exe
  C:\Windows\System\YQftPzZ.exe
  2⤵
  PID:8512
- C:\Windows\System\sihUAYR.exe
  C:\Windows\System\sihUAYR.exe
  2⤵
  PID:8756
- C:\Windows\System\nfFLZqA.exe
  C:\Windows\System\nfFLZqA.exe
  2⤵
  PID:8972
- C:\Windows\System\BVenIiw.exe
  C:\Windows\System\BVenIiw.exe
  2⤵
  PID:8912
- C:\Windows\System\zhtRbMz.exe
  C:\Windows\System\zhtRbMz.exe
  2⤵
  PID:8832
- C:\Windows\System\htZpnCq.exe
  C:\Windows\System\htZpnCq.exe
  2⤵
  PID:1764
- C:\Windows\System\qWITXyI.exe
  C:\Windows\System\qWITXyI.exe
  2⤵
  PID:8964
- C:\Windows\System\tDfUZlQ.exe
  C:\Windows\System\tDfUZlQ.exe
  2⤵
  PID:8816
- C:\Windows\System\YRXHpmW.exe
  C:\Windows\System\YRXHpmW.exe
  2⤵
  PID:9040
- C:\Windows\System\OPlmBYZ.exe
  C:\Windows\System\OPlmBYZ.exe
  2⤵
  PID:9168
- C:\Windows\System\cbvsNOS.exe
  C:\Windows\System\cbvsNOS.exe
  2⤵
  PID:9172
- C:\Windows\System\snropmE.exe
  C:\Windows\System\snropmE.exe
  2⤵
  PID:2064
- C:\Windows\System\DcTPpWm.exe
  C:\Windows\System\DcTPpWm.exe
  2⤵
  PID:2692
- C:\Windows\System\auZFzCH.exe
  C:\Windows\System\auZFzCH.exe
  2⤵
  PID:8208
- C:\Windows\System\TeVRgpc.exe
  C:\Windows\System\TeVRgpc.exe
  2⤵
  PID:8332
- C:\Windows\System\XhVCUPm.exe
  C:\Windows\System\XhVCUPm.exe
  2⤵
  PID:2192
- C:\Windows\System\RnJeByf.exe
  C:\Windows\System\RnJeByf.exe
  2⤵
  PID:8420
- C:\Windows\System\DUfKyEg.exe
  C:\Windows\System\DUfKyEg.exe
  2⤵
  PID:2276
- C:\Windows\System\tiIlzTw.exe
  C:\Windows\System\tiIlzTw.exe
  2⤵
  PID:928
- C:\Windows\System\NtTNXKh.exe
  C:\Windows\System\NtTNXKh.exe
  2⤵
  PID:8532
- C:\Windows\System\ShQySCK.exe
  C:\Windows\System\ShQySCK.exe
  2⤵
  PID:8772
- C:\Windows\System\JadCRaC.exe
  C:\Windows\System\JadCRaC.exe
  2⤵
  PID:2368
- C:\Windows\System\AMVJGML.exe
  C:\Windows\System\AMVJGML.exe
  2⤵
  PID:3048
- C:\Windows\System\nnmZofV.exe
  C:\Windows\System\nnmZofV.exe
  2⤵
  PID:2780
- C:\Windows\System\TgrSaFT.exe
  C:\Windows\System\TgrSaFT.exe
  2⤵
  PID:8788
- C:\Windows\System\zSOfmfl.exe
  C:\Windows\System\zSOfmfl.exe
  2⤵
  PID:8876
- C:\Windows\System\vWgegCt.exe
  C:\Windows\System\vWgegCt.exe
  2⤵
  PID:8960
- C:\Windows\System\GpVClEl.exe
  C:\Windows\System\GpVClEl.exe
  2⤵
  PID:9096
- C:\Windows\System\ryzRYCh.exe
  C:\Windows\System\ryzRYCh.exe
  2⤵
  PID:8336
- C:\Windows\System\pjRFrNm.exe
  C:\Windows\System\pjRFrNm.exe
  2⤵
  PID:9084
- C:\Windows\System\gqhWXXf.exe
  C:\Windows\System\gqhWXXf.exe
  2⤵
  PID:1040
- C:\Windows\System\wnkQcyU.exe
  C:\Windows\System\wnkQcyU.exe
  2⤵
  PID:8384
- C:\Windows\System\VIDVlfM.exe
  C:\Windows\System\VIDVlfM.exe
  2⤵
  PID:8356
- C:\Windows\System\LxloKjD.exe
  C:\Windows\System\LxloKjD.exe
  2⤵
  PID:8424
- C:\Windows\System\hzzJeIz.exe
  C:\Windows\System\hzzJeIz.exe
  2⤵
  PID:8500
- C:\Windows\System\CmAnqFl.exe
  C:\Windows\System\CmAnqFl.exe
  2⤵
  PID:2292
- C:\Windows\System\gRjFnaO.exe
  C:\Windows\System\gRjFnaO.exe
  2⤵
  PID:8672
- C:\Windows\System\ujCYyjB.exe
  C:\Windows\System\ujCYyjB.exe
  2⤵
  PID:8708
- C:\Windows\System\gIKxnlW.exe
  C:\Windows\System\gIKxnlW.exe
  2⤵
  PID:8696
- C:\Windows\System\nNkcXfk.exe
  C:\Windows\System\nNkcXfk.exe
  2⤵
  PID:3056
- C:\Windows\System\PCDBWNv.exe
  C:\Windows\System\PCDBWNv.exe
  2⤵
  PID:8908
- C:\Windows\System\MEpcrOm.exe
  C:\Windows\System\MEpcrOm.exe
  2⤵
  PID:8924
- C:\Windows\System\LkTNSYn.exe
  C:\Windows\System\LkTNSYn.exe
  2⤵
  PID:8292
- C:\Windows\System\jsPNfJS.exe
  C:\Windows\System\jsPNfJS.exe
  2⤵
  PID:8388
- C:\Windows\System\tHayfuO.exe
  C:\Windows\System\tHayfuO.exe
  2⤵
  PID:9208
- C:\Windows\System\SlEKVig.exe
  C:\Windows\System\SlEKVig.exe
  2⤵
  PID:1140
- C:\Windows\System\kdfzkZk.exe
  C:\Windows\System\kdfzkZk.exe
  2⤵
  PID:8636
- C:\Windows\System\vJzYCRa.exe
  C:\Windows\System\vJzYCRa.exe
  2⤵
  PID:8828
- C:\Windows\System\wbdtzIV.exe
  C:\Windows\System\wbdtzIV.exe
  2⤵
  PID:9020
- C:\Windows\System\wcWyNGx.exe
  C:\Windows\System\wcWyNGx.exe
  2⤵
  PID:2136
- C:\Windows\System\wpToolx.exe
  C:\Windows\System\wpToolx.exe
  2⤵
  PID:1492
- C:\Windows\System\uniccTc.exe
  C:\Windows\System\uniccTc.exe
  2⤵
  PID:1004
- C:\Windows\System\iXYcDzL.exe
  C:\Windows\System\iXYcDzL.exe
  2⤵
  PID:8812
- C:\Windows\System\enxgesF.exe
  C:\Windows\System\enxgesF.exe
  2⤵
  PID:8316
- C:\Windows\System\MhWLeuA.exe
  C:\Windows\System\MhWLeuA.exe
  2⤵
  PID:8880
- C:\Windows\System\prnaBUQ.exe
  C:\Windows\System\prnaBUQ.exe
  2⤵
  PID:696
- C:\Windows\System\YbBTlWa.exe
  C:\Windows\System\YbBTlWa.exe
  2⤵
  PID:8492
- C:\Windows\System\xoXJyQP.exe
  C:\Windows\System\xoXJyQP.exe
  2⤵
  PID:8600
- C:\Windows\System\tdqCnDM.exe
  C:\Windows\System\tdqCnDM.exe
  2⤵
  PID:9228
- C:\Windows\System\DdDxrjd.exe
  C:\Windows\System\DdDxrjd.exe
  2⤵
  PID:9252
- C:\Windows\System\UmnoBUn.exe
  C:\Windows\System\UmnoBUn.exe
  2⤵
  PID:9276
- C:\Windows\System\qmPjeAu.exe
  C:\Windows\System\qmPjeAu.exe
  2⤵
  PID:9296
- C:\Windows\System\nZhBWbd.exe
  C:\Windows\System\nZhBWbd.exe
  2⤵
  PID:9316
- C:\Windows\System\DdkQcWD.exe
  C:\Windows\System\DdkQcWD.exe
  2⤵
  PID:9340
- C:\Windows\System\gajwwUT.exe
  C:\Windows\System\gajwwUT.exe
  2⤵
  PID:9360
- C:\Windows\System\JSxLvXS.exe
  C:\Windows\System\JSxLvXS.exe
  2⤵
  PID:9380
- C:\Windows\System\aIhOelT.exe
  C:\Windows\System\aIhOelT.exe
  2⤵
  PID:9400
- C:\Windows\System\FCtGsoX.exe
  C:\Windows\System\FCtGsoX.exe
  2⤵
  PID:9416
- C:\Windows\System\iBaOqAz.exe
  C:\Windows\System\iBaOqAz.exe
  2⤵
  PID:9432
- C:\Windows\System\uaAdkIS.exe
  C:\Windows\System\uaAdkIS.exe
  2⤵
  PID:9448
- C:\Windows\System\SGBqyFF.exe
  C:\Windows\System\SGBqyFF.exe
  2⤵
  PID:9464
- C:\Windows\System\TMuDzIM.exe
  C:\Windows\System\TMuDzIM.exe
  2⤵
  PID:9484
- C:\Windows\System\qnXqSlw.exe
  C:\Windows\System\qnXqSlw.exe
  2⤵
  PID:9500
- C:\Windows\System\FbEoMUL.exe
  C:\Windows\System\FbEoMUL.exe
  2⤵
  PID:9520
- C:\Windows\System\wchamjY.exe
  C:\Windows\System\wchamjY.exe
  2⤵
  PID:9536
- C:\Windows\System\jwMjOOJ.exe
  C:\Windows\System\jwMjOOJ.exe
  2⤵
  PID:9552
- C:\Windows\System\vlyfTPI.exe
  C:\Windows\System\vlyfTPI.exe
  2⤵
  PID:9568
- C:\Windows\System\xLDsVhq.exe
  C:\Windows\System\xLDsVhq.exe
  2⤵
  PID:9584
- C:\Windows\System\fdgPOME.exe
  C:\Windows\System\fdgPOME.exe
  2⤵
  PID:9632
- C:\Windows\System\CFSeSmA.exe
  C:\Windows\System\CFSeSmA.exe
  2⤵
  PID:9648
- C:\Windows\System\wTyQpQi.exe
  C:\Windows\System\wTyQpQi.exe
  2⤵
  PID:9664
- C:\Windows\System\XNeuUzZ.exe
  C:\Windows\System\XNeuUzZ.exe
  2⤵
  PID:9680
- C:\Windows\System\lxLTHoH.exe
  C:\Windows\System\lxLTHoH.exe
  2⤵
  PID:9724
- C:\Windows\System\lSIIMuJ.exe
  C:\Windows\System\lSIIMuJ.exe
  2⤵
  PID:9740
- C:\Windows\System\NMDSeZo.exe
  C:\Windows\System\NMDSeZo.exe
  2⤵
  PID:9756
- C:\Windows\System\MLQmNvq.exe
  C:\Windows\System\MLQmNvq.exe
  2⤵
  PID:9772
- C:\Windows\System\mCVtErP.exe
  C:\Windows\System\mCVtErP.exe
  2⤵
  PID:9792
- C:\Windows\System\ABuFPFG.exe
  C:\Windows\System\ABuFPFG.exe
  2⤵
  PID:9808
- C:\Windows\System\qlxBLBX.exe
  C:\Windows\System\qlxBLBX.exe
  2⤵
  PID:9828
- C:\Windows\System\TGsrrXG.exe
  C:\Windows\System\TGsrrXG.exe
  2⤵
  PID:9844
- C:\Windows\System\PtUmCXR.exe
  C:\Windows\System\PtUmCXR.exe
  2⤵
  PID:9860
- C:\Windows\System\OeAmIqA.exe
  C:\Windows\System\OeAmIqA.exe
  2⤵
  PID:9876
- C:\Windows\System\AyMsAMe.exe
  C:\Windows\System\AyMsAMe.exe
  2⤵
  PID:9892
- C:\Windows\System\bDCsnDo.exe
  C:\Windows\System\bDCsnDo.exe
  2⤵
  PID:9948
- C:\Windows\System\aOuEOBC.exe
  C:\Windows\System\aOuEOBC.exe
  2⤵
  PID:9964
- C:\Windows\System\EpnezNZ.exe
  C:\Windows\System\EpnezNZ.exe
  2⤵
  PID:9980
- C:\Windows\System\WleUrsm.exe
  C:\Windows\System\WleUrsm.exe
  2⤵
  PID:10000
- C:\Windows\System\LGFgIIe.exe
  C:\Windows\System\LGFgIIe.exe
  2⤵
  PID:10020
- C:\Windows\System\ZAPUlkY.exe
  C:\Windows\System\ZAPUlkY.exe
  2⤵
  PID:10036
- C:\Windows\System\sUscyhW.exe
  C:\Windows\System\sUscyhW.exe
  2⤵
  PID:10052
- C:\Windows\System\mzNkWlx.exe
  C:\Windows\System\mzNkWlx.exe
  2⤵
  PID:10072
- C:\Windows\System\yeHbXNA.exe
  C:\Windows\System\yeHbXNA.exe
  2⤵
  PID:10088
- C:\Windows\System\quEthax.exe
  C:\Windows\System\quEthax.exe
  2⤵
  PID:10108
- C:\Windows\System\VivvnuA.exe
  C:\Windows\System\VivvnuA.exe
  2⤵
  PID:10124
- C:\Windows\System\oNgyBGb.exe
  C:\Windows\System\oNgyBGb.exe
  2⤵
  PID:10140
- C:\Windows\System\HHTGXeP.exe
  C:\Windows\System\HHTGXeP.exe
  2⤵
  PID:10160
- C:\Windows\System\KfalLcP.exe
  C:\Windows\System\KfalLcP.exe
  2⤵
  PID:10176
- C:\Windows\System\SXeYOEG.exe
  C:\Windows\System\SXeYOEG.exe
  2⤵
  PID:10192
- C:\Windows\System\BMsaksY.exe
  C:\Windows\System\BMsaksY.exe
  2⤵
  PID:8404
- C:\Windows\System\XaaqIDI.exe
  C:\Windows\System\XaaqIDI.exe
  2⤵
  PID:9236
- C:\Windows\System\YDBkyUU.exe
  C:\Windows\System\YDBkyUU.exe
  2⤵
  PID:9268
- C:\Windows\System\tDaadOL.exe
  C:\Windows\System\tDaadOL.exe
  2⤵
  PID:9292
- C:\Windows\System\YKUuNqw.exe
  C:\Windows\System\YKUuNqw.exe
  2⤵
  PID:9312
- C:\Windows\System\aiBHiTo.exe
  C:\Windows\System\aiBHiTo.exe
  2⤵
  PID:9328
- C:\Windows\System\uAGbiDg.exe
  C:\Windows\System\uAGbiDg.exe
  2⤵
  PID:9352
- C:\Windows\System\tVIIBRS.exe
  C:\Windows\System\tVIIBRS.exe
  2⤵
  PID:9396
- C:\Windows\System\tnUmHas.exe
  C:\Windows\System\tnUmHas.exe
  2⤵
  PID:9496
- C:\Windows\System\BWWUuQj.exe
  C:\Windows\System\BWWUuQj.exe
  2⤵
  PID:9544
- C:\Windows\System\tQqcTne.exe
  C:\Windows\System\tQqcTne.exe
  2⤵
  PID:9476
- C:\Windows\System\bpnLtfb.exe
  C:\Windows\System\bpnLtfb.exe
  2⤵
  PID:9548
- C:\Windows\System\cNrfqgI.exe
  C:\Windows\System\cNrfqgI.exe
  2⤵
  PID:9644
- C:\Windows\System\NEfUwrr.exe
  C:\Windows\System\NEfUwrr.exe
  2⤵
  PID:9528
- C:\Windows\System\cnfMlgH.exe
  C:\Windows\System\cnfMlgH.exe
  2⤵
  PID:9596
- C:\Windows\System\jhpNgRk.exe
  C:\Windows\System\jhpNgRk.exe
  2⤵
  PID:9612
- C:\Windows\System\CeZkLLJ.exe
  C:\Windows\System\CeZkLLJ.exe
  2⤵
  PID:9660
- C:\Windows\System\QHDCIyd.exe
  C:\Windows\System\QHDCIyd.exe
  2⤵
  PID:9712
- C:\Windows\System\EARfLxM.exe
  C:\Windows\System\EARfLxM.exe
  2⤵
  PID:9768
- C:\Windows\System\mRdJIJD.exe
  C:\Windows\System\mRdJIJD.exe
  2⤵
  PID:9780
- C:\Windows\System\pCRuAJh.exe
  C:\Windows\System\pCRuAJh.exe
  2⤵
  PID:9868
- C:\Windows\System\cMKNFGf.exe
  C:\Windows\System\cMKNFGf.exe
  2⤵
  PID:9852
- C:\Windows\System\LghqwCE.exe
  C:\Windows\System\LghqwCE.exe
  2⤵
  PID:9908
- C:\Windows\System\KpepHnZ.exe
  C:\Windows\System\KpepHnZ.exe
  2⤵
  PID:9956
- C:\Windows\System\LKegttJ.exe
  C:\Windows\System\LKegttJ.exe
  2⤵
  PID:9988
- C:\Windows\System\uDGXJNP.exe
  C:\Windows\System\uDGXJNP.exe
  2⤵
  PID:10064
- C:\Windows\System\mEjjHUZ.exe
  C:\Windows\System\mEjjHUZ.exe
  2⤵
  PID:10104
- C:\Windows\System\GtpDact.exe
  C:\Windows\System\GtpDact.exe
  2⤵
  PID:9904
- C:\Windows\System\sXJgdTC.exe
  C:\Windows\System\sXJgdTC.exe
  2⤵
  PID:9972
- C:\Windows\System\oVFytUY.exe
  C:\Windows\System\oVFytUY.exe
  2⤵
  PID:10172
- C:\Windows\System\uJjcrjv.exe
  C:\Windows\System\uJjcrjv.exe
  2⤵
  PID:9928
- C:\Windows\System\yHKNzVx.exe
  C:\Windows\System\yHKNzVx.exe
  2⤵
  PID:10044
- C:\Windows\System\RCIoWqP.exe
  C:\Windows\System\RCIoWqP.exe
  2⤵
  PID:9976
- C:\Windows\System\QFYQbjz.exe
  C:\Windows\System\QFYQbjz.exe
  2⤵
  PID:10080
- C:\Windows\System\YvpHKDT.exe
  C:\Windows\System\YvpHKDT.exe
  2⤵
  PID:10152
- C:\Windows\System\HGbIIGw.exe
  C:\Windows\System\HGbIIGw.exe
  2⤵
  PID:10224
- C:\Windows\System\JlUFECg.exe
  C:\Windows\System\JlUFECg.exe
  2⤵
  PID:600
- C:\Windows\System\PMedFfC.exe
  C:\Windows\System\PMedFfC.exe
  2⤵
  PID:9220
- C:\Windows\System\bduijvw.exe
  C:\Windows\System\bduijvw.exe
  2⤵
  PID:9332
- C:\Windows\System\FBuigrq.exe
  C:\Windows\System\FBuigrq.exe
  2⤵
  PID:9372
- C:\Windows\System\qyxuHXc.exe
  C:\Windows\System\qyxuHXc.exe
  2⤵
  PID:9408
- C:\Windows\System\PNaoqKM.exe
  C:\Windows\System\PNaoqKM.exe
  2⤵
  PID:9508
- C:\Windows\System\AKyIUqw.exe
  C:\Windows\System\AKyIUqw.exe
  2⤵
  PID:9444
- C:\Windows\System\DXCyNNx.exe
  C:\Windows\System\DXCyNNx.exe
  2⤵
  PID:9560
- C:\Windows\System\oRAvemT.exe
  C:\Windows\System\oRAvemT.exe
  2⤵
  PID:10136
- C:\Windows\System\sZnpGOq.exe
  C:\Windows\System\sZnpGOq.exe
  2⤵
  PID:10188
- C:\Windows\System\utPvEPe.exe
  C:\Windows\System\utPvEPe.exe
  2⤵
  PID:10008
- C:\Windows\System\mlUlesr.exe
  C:\Windows\System\mlUlesr.exe
  2⤵
  PID:10048
- C:\Windows\System\fqxwxJN.exe
  C:\Windows\System\fqxwxJN.exe
  2⤵
  PID:9224
- C:\Windows\System\XcijTKU.exe
  C:\Windows\System\XcijTKU.exe
  2⤵
  PID:9412
- C:\Windows\System\rsChsTY.exe
  C:\Windows\System\rsChsTY.exe
  2⤵
  PID:9788
- C:\Windows\System\eUmizOM.exe
  C:\Windows\System\eUmizOM.exe
  2⤵
  PID:9248
- C:\Windows\System\XETtnqP.exe
  C:\Windows\System\XETtnqP.exe
  2⤵
  PID:9516
- C:\Windows\System\URbfdpd.exe
  C:\Windows\System\URbfdpd.exe
  2⤵
  PID:9920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AUSCEgW.exe

Filesize
6.0MB

MD5
0585dab2617067169d4e36915a572293

SHA1
c8eaa6c3e314755ed2ec3961cedf401acac7b5e5

SHA256
8b00f2562cfca6261a9a37aed5db134885ecd71e0db07b6f734b1d9a3a676cb8

SHA512
fb1b718e6f3a7a42b66fb506b721225ef12b529f5b2d13fb7f09c2d4621c06c578ba1e957275623b2c2fc62e6eb820b191b04426d355fff7bedf610c365a214d

Download Submit
C:\Windows\system\DgJchCt.exe

Filesize
6.0MB

MD5
f31110ebeca9c40a839cdafd94a2d338

SHA1
16214a3d122e0ed2ff5107c059b66fcb51f3d7d9

SHA256
b2144c77ac12e88214aa2099f1dd13f68e0a5b8d03f03eff63cb6ee3d6241903

SHA512
d534f0d61de5ef5efc1e0c439061ba994ad9eca6ec1bc340177c5d13b39704efa247f1ad0493a4a0d186565a3ea6dd6a6216adb5ba920a1b0502256507265a56

Download Submit
C:\Windows\system\EnWnUNt.exe

Filesize
6.0MB

MD5
bc175e52783ac7456a6e221eb175765c

SHA1
756343aa943ed773321d8f04b54eedd204758207

SHA256
b47b6cb27555712aa39232fa1ffb852f086df86f0fca09da9a8e9512bb70763c

SHA512
28aaf91b26782461543df00a93b942a843439e8c7ea51837b54f1d5fd5084374a173e12810dbe1e84d52e1fa89f0efe976e124c5dd4e422ceeef3c225b780d28

Download Submit
C:\Windows\system\IuGvulP.exe

Filesize
6.0MB

MD5
4a27d4fc41c0617ba285b476633b1fb5

SHA1
8f98aff8cae4e1a7999bea461519d4b812d1916f

SHA256
5309b6f1e5a35616867f5f7d5a6898d76621d5ffaa3072980514cbca40b6a42b

SHA512
82d38a1e551bcfa2e683ce72efd2299e1759bfee9af8dea95946e719428227b9aa3bcd4c464854624b09f58dbb8e1ffc24bf46d3a2515de282250f6b7152b576

Download Submit
C:\Windows\system\JyqrSZp.exe

Filesize
6.0MB

MD5
7c738ef6d96d449c165f0d159c2894ad

SHA1
9f2ac84383a241cbe1f5d15296b02f73e6a954bb

SHA256
3838be509ead2490bd7c1e560be894932464438c881a8930312c37be5059d1c5

SHA512
e670d6797199cca62fcac08ef17a4c6b07d606f469745900038f04ed0951a038374159332388df9357630abe6ecbc2ba7436e30946fe65e0c36e7af345f467a1

Download Submit
C:\Windows\system\OikAONu.exe

Filesize
6.0MB

MD5
59b0301ad6b0a8329b55671627a4bca2

SHA1
4cc07acef76ceb9503a54db3d27b62cfc199df31

SHA256
7c4c5fc174461c1caace11b8fd4f77993cb41b1001e2c17d6226dcbe9563025d

SHA512
2a9133ec34ae3c56571e8a8e8ddb6e21d6d71ea378d4011a9e7e10fc853cddbd2975a79aacee60e98426d794cc1a490722231a0536bb6315e9ba4aed71406e20

Download Submit
C:\Windows\system\QUYOBPa.exe

Filesize
6.0MB

MD5
7c5a457825804875e00dd25bbfe8ca7b

SHA1
d7a177d4a587dc166d360ee8d156e96933022166

SHA256
e8afd1c3dd497719cda0494c976515583fe4bc93190df85f9c72f31ea2c9264f

SHA512
6e385fad1af64a8c662751c90df7b39e3a3fae962aaf7e3905ad2a207f32b7d8a74301f17602cd6991c1d6d3b540b194d7a79230888a41af378ffa0fe304e383

Download Submit
C:\Windows\system\QZAXckH.exe

Filesize
6.0MB

MD5
d28c71f60efdf35ae28fe2e4b7110947

SHA1
02dbd333559a84ae57bd0f2e019ed16ade54a309

SHA256
af85032d7457ed0b9eb8252b2dbac26948bab5e9dc70a7142f657747c83af6f7

SHA512
45d51c5fd76cb7f38187f6d887c15175a7256351d238ec63cb38abd39ffa09bfac65e978b132cbe47572e6ac23178ebea2379d32d1ca5e6a9dd270ccb2627a30

Download Submit
C:\Windows\system\SSEJaEq.exe

Filesize
6.0MB

MD5
2b85713bdf09bae421db1300471e5b5e

SHA1
70a165d392d03d090c97d945705e207a20bb5cc1

SHA256
c657b1534afc33306d6e6508532ef55141ea3393bc7073c36c1ee7fbaa842592

SHA512
d20aa3aae60c4a16183359fe9ea01202948b23001ad10f6558158d39360115816c39b034cc36d0d3987e40f1a551120de06f3a72105599a375279ca9372588d3

Download Submit
C:\Windows\system\SkIssoL.exe

Filesize
6.0MB

MD5
7560ade0fd538a174b70a065189f6009

SHA1
cdf57f1c03d0f03159a7448eecce0694b99ea876

SHA256
43b1619ee55447824315fdb19cde564ade958954b9f5d3252141a045f4e9cfb0

SHA512
f27c19e70b95f40e2e1edb0b24f0d53302ee1653685175e5318928ed7dbf2ad33421f0821d313c8de25c95db82cf30920745699028a825eca338e2a83c696808

Download Submit
C:\Windows\system\UgCtmhO.exe

Filesize
6.0MB

MD5
c704fa86c3c20bdaee4c9114f638d159

SHA1
a9e9db5cd5e647a4c3145aad66fe777e7edadcfd

SHA256
ab1544aa0975be6c2800a7868e17e587a9eaceed84d3055b39dd78da42720511

SHA512
0845d9c208f2ac013460890199a7f1114420494923807804399ddede5db5282f93a58e9e59fa5f860db77f0f35574952237543c9a8abf76610a8c066716b3d64

Download Submit
C:\Windows\system\bmrlIYA.exe

Filesize
6.0MB

MD5
358c2c19b259907cd82a060a94886f99

SHA1
b0804582833248e2d9ea3549690911e03dafd37f

SHA256
34184ee140a7a439d46bf8e58b5487ead15b1f9853d54a9df0c1429c1c5d336a

SHA512
3bf34f79c4d7e9b7a6aef6ebf58f6705023dd2788d2dfda9cf6c29004a82d4676032208207c7e2513147403308c1a3d49f992bf360c05f98ae9b81ec693b4c0b

Download Submit
C:\Windows\system\cXnvYer.exe

Filesize
6.0MB

MD5
a81e8b55fac05e71b41a52f6746443a4

SHA1
534ac02e32af3a280f7dca45656bfee03d66aabc

SHA256
dc880fc0363adc39bc1cbe5e21df09b99bc8ab9145ed76afee1f145eafd8b620

SHA512
c87fd230ea15ceadacb3451cff7edb1a9c3af791e88cef043ca65ac146d864d95f967f0d975452a062ab50d8ef591a5cb9f2d3a64ea4eac51140ab08ded4c259

Download Submit
C:\Windows\system\ccmKKVm.exe

Filesize
6.0MB

MD5
2a15d39d0aaabc78aa95597f061b7137

SHA1
f56034282b54746d4dd24e14b728db42ff349140

SHA256
cbd546c4ab4dfcf1a85348fcb862448fd191d77a005b2f56edf428c96e60bb95

SHA512
2aafc86383f317130df4330d45c56e8cbc042fe337b56a30c3f47d09f087b67fd1b17215629812d8914fc461bb587f01b2221ebae35726490acace7e9c042545

Download Submit
C:\Windows\system\dOgPgLz.exe

Filesize
6.0MB

MD5
f06d7a0ce99861298f3658080a1ed109

SHA1
f137791433fa5cc638bf8f9f9608d209d5b8e744

SHA256
344e89384d81a486fa3084c9657afa5c19489d430d37dc5d19d8b030de7a0b58

SHA512
32416b21a48d28e8eaf3c88d2f606c0b2d694d5fba315c931d8bbf7553999899abcfacb273bb8e4dba8892ba0e6a86c2025063692dd251ea14820a5491abc5b8

Download Submit
C:\Windows\system\dzorCyq.exe

Filesize
6.0MB

MD5
b6c9e6f4fad8db5a339a0e928521ace5

SHA1
f7cd613ff111d8cf9e75f1cc2355420170380113

SHA256
580d4116bf5380cb9b24450eb8d99247f38520c1ed3bbf28038c8a133307cf57

SHA512
4c9a324af195d1d1b76d07d04307d348b1febf72660d42cd9264d17e7b581d18829e7ee6d1b872814c0b89eb23e51973eb525f98d31e15c9e09a3cdf7d969033

Download Submit
C:\Windows\system\fpRyZZY.exe

Filesize
6.0MB

MD5
33d9584b19bbcf93e16c339f82c29786

SHA1
1035a7a4c51f3ad17d906b8124b9a5dc7289c088

SHA256
5849f0c63185fcde60b9a478c4ee7875a97cd85ef2f61a7fbb471ba63b22ac26

SHA512
bfeaff39306cc659c72ae6b48f535451c9d18e99924816924ad862484295557580e43fd2f31383efd2fd4aeac41ffc5263c7be95bb9e9134b5d443540589c6b9

Download Submit
C:\Windows\system\hSRjHtr.exe

Filesize
6.0MB

MD5
87c0edf90a2ad4dd6dd2481697d2570e

SHA1
bd8fd938d434be7969196c780e98b32de2b0ddc4

SHA256
2d3e049610882f412b4f444a832a97c548dd9dc32b0753156d084cc27fc94376

SHA512
f66788ae76dc44eafd8e81685f32cfbf93dc8115ea5cac3e52836972997c7640c9d5bba841911fefc519f14a0012322fbb4a98b996e05508f434180177d7cee7

Download Submit
C:\Windows\system\lBLaqFa.exe

Filesize
6.0MB

MD5
1304a56c5b6c20bbea707cee345d9678

SHA1
5631129bb3bd70699c767fa8979c502d9227a7c0

SHA256
9d0b2145df5536401429f2e15a2fed53b794ec77c1df37cf592bf78ec1b86e6b

SHA512
39e5ae7a7ab22458997d98d2e2ec95e625e3cefc64bdfa618e2f94320eb5ce178a8fd3a6f486507512ebec1239113bff81e26f754fd01603bc691f2733a1a024

Download Submit
C:\Windows\system\lfCYBrd.exe

Filesize
6.0MB

MD5
b71067f59c435a0f3beb35a5993ec493

SHA1
53a3dc2e52c25b6d78c9372c4d6bc6cb418f8ddf

SHA256
8b481d3255333dc058bc68402d90c20ea57ea2f27741cd5bafc4c325dc1b496d

SHA512
7ddb90bb5f9fdc69cf9f994a07174608f2010287fd793d91733439cd8b6358d0484e5d711b202bbd01a54f328cddcd3d0a2b74bc40e036eb0f6d748e15f0e878

Download Submit
C:\Windows\system\ltycSpJ.exe

Filesize
6.0MB

MD5
88aa26c332008640ac0ea4040435c235

SHA1
c50f95b31ef7e3483c897413df57be2fbb4e05eb

SHA256
a5cf8a03944a0c02620b83bb17d9507007ef3932b4dd2dd6259561d44265b907

SHA512
ac864e72c9f2944cb858c8e32202efc031e6691ae79f9fd6168264aca073410f056c1b1d19f4e9bc5c5b66389f86b9963d0b4b2e57b28ddd0c39286f7dd264b9

Download Submit
C:\Windows\system\sMGZajP.exe

Filesize
6.0MB

MD5
a653e517bebebd8dcff4d43e2ddbc3b7

SHA1
fc136cf36d3ca78ea016106ac4c9e3104dbdde78

SHA256
1bebd1a3190dc1b446369c08e35e0eaed0e20a26fd0ff6bb5940cebaad9c5d87

SHA512
389aa4a443b24eb1a99c853ba7b1ecf79876ab770f5b1b0e4a9f722dbfd71a94673a3552f97f809921d8cb436bbd039338a0dcff75a835e32e04c3a834a0f625

Download Submit
C:\Windows\system\smrfQyO.exe

Filesize
6.0MB

MD5
66f3dd963e573da4288032c9e2971e2f

SHA1
47b879d284b44129f4299a93bb8073e5332db5b5

SHA256
c58d87069a6d122c95e7270fff413fa75a0dbd9b9ec20391785155155ee17b37

SHA512
7ad5d21512db08f42844a393f619f301011bd863bb91007a28f74907ffd9a7f53486e1c94127fb289858b0b2050a6878a3079a9bbfa4811ff2cd4fd7a2db0731

Download Submit
C:\Windows\system\uYKvBXX.exe

Filesize
6.0MB

MD5
3ea0fc9b38fbb989af3ba784adb952a5

SHA1
dabcb6fb7c246ea860e0df843e9bf9e918863d1c

SHA256
b3d711934541a042f7747d2ae0c981b2a42b81bf3ff59ec84f45c8078416bf96

SHA512
5fc861e7da7446e14299eaf1190876b708195d56ba7acb52c83d39098badc9618c5e91d035ebb3d5b7d19489266a50db36985b4b38b1dc18185b5d0e33426a3e

Download Submit
C:\Windows\system\vDjtCZh.exe

Filesize
6.0MB

MD5
5dde0f6357d59944d377c10e0cc28101

SHA1
4f627422959ae4dde16f39982b163b65b60ba375

SHA256
d71f78a36ce7af1a6b55e1f4758ab4a7baabf9dd5d2bb3ccc9773891efc188aa

SHA512
7d8bab85cc494142ff801afbdd83a592f4fd9547b96f74442e0494d2ff14ecb927528dee75b02e2929dd5cee50daa79de9f4f1f2bc8c218ca288abdfe7bbc979

Download Submit
C:\Windows\system\vWcDeYk.exe

Filesize
6.0MB

MD5
5269590c936909b15bcda7ac268a188f

SHA1
e49f233862b1cca8b320b567b6719e3baad717be

SHA256
a40f77cdc3d1168e687183344841066a3b789ee7a8fc4e81a5e2ccb81d58bdab

SHA512
39f0c400803256c677b36c9712e3877766ac00093b5fa608b9bf99cbdd461c5d34691e7c3d830ef4b086ac983edf2372fa03532ab827dac8e45c5d5bdb0cdbbc

Download Submit
C:\Windows\system\xqsSDNm.exe

Filesize
6.0MB

MD5
e0b5a1e0ff7159e4689021f158d47347

SHA1
b58b2a3d567bd6d6b577dca4e01ad30f002cbb3f

SHA256
ed6a97162890a70184f35e6eb1877bd291417e0a99386195a3873947f0b68080

SHA512
aec7036d4358633614446f3d39352562b6013053621770785f6f4952ddd61763818daf769357927d978f145e9f5c5dd27537da0a1524368e3c782c2358c77499

Download Submit
\Windows\system\NlyHoVb.exe

Filesize
6.0MB

MD5
fc2d35c554195eb4956ee0f6c7bdc7bf

SHA1
b68aac5a04a422b50de9c5c41331d3643bee0b81

SHA256
02433c8ef3880b9b38673a7aafb9edf97452eeb1a60228e30573fcb54154452b

SHA512
af43492b4b352287e07a37acabcff3b1fc40e115743f95f5a92041569595db1fac1a5c2de0acd094d46c9c5b4be8bf095732b89ce78e04be26e6c40427e076e8

Download Submit
\Windows\system\QtRmBnK.exe

Filesize
6.0MB

MD5
e45ab94d9ff1cd94f810a125d630eafe

SHA1
873e494b7b2b2a9ae0b94b523d155be20f36318f

SHA256
f48a50b23e61f0db44542c3c867b788c865b33b88c245687ba768ce803af28fb

SHA512
b12f4eaad265356d39d425c7c2dcc8ba89ed317eb8e432afe5a60bca51ff72d70da1c5eb0decc29a88cfb64467c8e6315a2b557e6a93c27b80f6f80ecc025467

Download Submit
\Windows\system\USKCtOX.exe

Filesize
6.0MB

MD5
5a40154a5e0dea8ece5160258261ef36

SHA1
bb55bb993460efafaf8ff3bb44bcd73f9cda521d

SHA256
d41ef2d8558f1f0790758aa2f38d55db1d5373fc54fb6e7337f2bd46375342df

SHA512
36e8964b5f93332c53009b17210547a8a001a82ce8b19905d79fb5f04dcc9ca72233ff5fdb7c389ec0a6c76ec1a782964b6a5f4cfc117010518ff81e0557a5f8

Download Submit
\Windows\system\hqXzZAw.exe

Filesize
6.0MB

MD5
8d091cfa3a82c50526191f0bd0bcb0ae

SHA1
00540dcb965818ad3a6dfe88e0557c6b6f16fcff

SHA256
eb2bb6052a96a54448adda1f27ea88f7b3e1a4f080466c0ed68f1a1190266001

SHA512
01b7b156117f503244e1166b26111ec2a084c15823329c9634fd610f56de6639027f7fd6b491b68b0687ebf6bca29539f51364105ffc614b3ea1b2a268740dc5

Download Submit
\Windows\system\tHAkGOG.exe

Filesize
6.0MB

MD5
d3ceca8010d55e445652039e10cabbc3

SHA1
0783755d0c868700213da24f5d8ff9d5411de2c4

SHA256
f27cef92dfdf6a61a3afc69fdbb1bd6b4810cfb5e64e887fa343c9cf4c2fd636

SHA512
5a1e48a28f27cdf8c50ff9fc2f52c32e0cb9f3aeebcf2347d94c2be40399fcf5afb12ecc3e88d5688df35acda59547e873140ac9bdef8e1e6f3e808c7de9b5ab

Download Submit
memory/1716-14-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1716-4019-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1716-49-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/1736-3900-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1736-15-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-4011-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/1756-118-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2332-88-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2332-915-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2332-4010-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2516-27-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-63-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2516-4021-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-86-0x000000013F4F0000-0x000000013F844000-memory.dmp

Filesize
3.3MB

Download
memory/2616-213-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2616-0-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-40-0x000000013FF50000-0x00000001402A4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-38-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-26-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-114-0x000000013F240000-0x000000013F594000-memory.dmp

Filesize
3.3MB

Download
memory/2616-117-0x000000013F950000-0x000000013FCA4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-19-0x0000000002360000-0x00000000026B4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-33-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-12-0x000000013F5E0000-0x000000013F934000-memory.dmp

Filesize
3.3MB

Download
memory/2616-78-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2616-110-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2616-84-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2616-71-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2616-64-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2616-382-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2616-546-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2616-1-0x0000000000200000-0x0000000000210000-memory.dmp

Filesize
64KB

Download
memory/2616-55-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2616-50-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2672-80-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2672-547-0x000000013F310000-0x000000013F664000-memory.dmp

Filesize
3.3MB

Download
memory/2700-294-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2700-68-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4025-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2740-119-0x000000013FB20000-0x000000013FE74000-memory.dmp

Filesize
3.3MB

Download
memory/2788-116-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2788-4022-0x000000013F140000-0x000000013F494000-memory.dmp

Filesize
3.3MB

Download
memory/2804-3944-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2804-51-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-77-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-3942-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-34-0x000000013F850000-0x000000013FBA4000-memory.dmp

Filesize
3.3MB

Download
memory/2840-4024-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2840-293-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2840-58-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2948-87-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2948-4023-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/2948-39-0x000000013FFF0000-0x0000000140344000-memory.dmp

Filesize
3.3MB

Download
memory/3004-21-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3004-3943-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download
memory/3004-57-0x000000013FED0000-0x0000000140224000-memory.dmp

Filesize
3.3MB

Download