cobaltstrike | 7a48cee5ab2c3556b7de95ceddf7b08300c0e913220bdf3219e608fbcfe1fce5

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-01-2025 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

7e70836bde096ca08d005f0e082aedd5
SHA1

4ed82e3160db5c19ff415ab5fccdbc0ba4ae603f
SHA256

7a48cee5ab2c3556b7de95ceddf7b08300c0e913220bdf3219e608fbcfe1fce5
SHA512

23a17ee4c4601c38c22773e2f6398c1fbeebb7383129ae0a21d47519993c2d9742887e165cf0ba7b357bd162c5560c18dfbd829d885eb2a7b8a837439bef42a0
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU+:T+q56utgpPF8u/7+

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x0007000000012116-3.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d29-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d31-15.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3a-20.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d4a-25.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d5e-29.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d64-35.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d6d-39.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ee-44.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018728-54.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001878f-69.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d06-112.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019431-167.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001950c-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019461-181.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001944f-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019441-172.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019427-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001941e-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193e1-151.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c2-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019350-145.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193b4-140.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019334-132.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019282-127.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019261-122.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001925e-117.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000019023-109.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a5-89.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018784-64.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001873d-59.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186fd-49.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/592-0-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0007000000012116-3.dat	xmrig
behavioral1/files/0x0008000000016d29-11.dat	xmrig
behavioral1/files/0x0008000000016d31-15.dat	xmrig
behavioral1/files/0x0008000000016d3a-20.dat	xmrig
behavioral1/files/0x0007000000016d4a-25.dat	xmrig
behavioral1/files/0x0007000000016d5e-29.dat	xmrig
behavioral1/files/0x0007000000016d64-35.dat	xmrig
behavioral1/files/0x0008000000016d6d-39.dat	xmrig
behavioral1/files/0x00050000000186ee-44.dat	xmrig
behavioral1/files/0x0005000000018728-54.dat	xmrig
behavioral1/files/0x000500000001878f-69.dat	xmrig
behavioral1/memory/592-102-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/532-76-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d06-112.dat	xmrig
behavioral1/files/0x0005000000019431-167.dat	xmrig
behavioral1/memory/592-1410-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x000500000001950c-187.dat	xmrig
behavioral1/files/0x0005000000019461-181.dat	xmrig
behavioral1/files/0x000500000001944f-177.dat	xmrig
behavioral1/files/0x0005000000019441-172.dat	xmrig
behavioral1/files/0x0005000000019427-161.dat	xmrig
behavioral1/files/0x000500000001941e-157.dat	xmrig
behavioral1/files/0x00050000000193e1-151.dat	xmrig
behavioral1/files/0x00050000000193c2-146.dat	xmrig
behavioral1/files/0x0005000000019350-145.dat	xmrig
behavioral1/files/0x00050000000193b4-140.dat	xmrig
behavioral1/files/0x0005000000019334-132.dat	xmrig
behavioral1/files/0x0005000000019282-127.dat	xmrig
behavioral1/files/0x0005000000019261-122.dat	xmrig
behavioral1/files/0x000500000001925e-117.dat	xmrig
behavioral1/files/0x0006000000019023-109.dat	xmrig
behavioral1/memory/1932-80-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2292-78-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/592-104-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2896-103-0x000000013F830000-0x000000013FB84000-memory.dmp	xmrig
behavioral1/memory/2508-73-0x000000013F040000-0x000000013F394000-memory.dmp	xmrig
behavioral1/memory/2756-101-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/2276-99-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2912-97-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/592-95-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2724-94-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig
behavioral1/memory/2716-92-0x000000013F890000-0x000000013FBE4000-memory.dmp	xmrig
behavioral1/memory/592-91-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2908-90-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/files/0x00050000000187a5-89.dat	xmrig
behavioral1/memory/592-88-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/2884-87-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/592-86-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/748-84-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/1632-74-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/files/0x0005000000018784-64.dat	xmrig
behavioral1/files/0x000500000001873d-59.dat	xmrig
behavioral1/files/0x00050000000186fd-49.dat	xmrig
behavioral1/memory/2884-4046-0x000000013F970000-0x000000013FCC4000-memory.dmp	xmrig
behavioral1/memory/748-4048-0x000000013F3F0000-0x000000013F744000-memory.dmp	xmrig
behavioral1/memory/2912-4051-0x000000013F190000-0x000000013F4E4000-memory.dmp	xmrig
behavioral1/memory/2908-4049-0x000000013F620000-0x000000013F974000-memory.dmp	xmrig
behavioral1/memory/1932-4052-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2276-4055-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/2292-4056-0x000000013F030000-0x000000013F384000-memory.dmp	xmrig
behavioral1/memory/2756-4054-0x000000013F3E0000-0x000000013F734000-memory.dmp	xmrig
behavioral1/memory/532-4053-0x000000013F080000-0x000000013F3D4000-memory.dmp	xmrig
behavioral1/memory/2724-4057-0x000000013FA90000-0x000000013FDE4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2508	gsjTGdy.exe
1632	PnztTEf.exe
532	OwzODIR.exe
2292	MEfBCEK.exe
1932	QPixRaa.exe
748	YsuqnnL.exe
2884	UeWnpyu.exe
2908	mXAyYJT.exe
2716	FnHzxos.exe
2724	kWXmgSU.exe
2912	AMCENFA.exe
2276	ToqoyOU.exe
2756	BJIPNpK.exe
2896	dThNeXA.exe
524	gMHuXtj.exe
2128	TysqowG.exe
1620	KBfufkK.exe
1876	okvWmkB.exe
800	xWYRjcs.exe
1660	klSbdNQ.exe
1588	kcIBcNH.exe
2832	gRZDUrA.exe
1800	vNeYFYu.exe
2836	yhPKrUR.exe
380	qQMpIVN.exe
2200	MuFhFHa.exe
2980	YNKHtKn.exe
2372	cYoVjmw.exe
1128	HXdsknz.exe
448	JWjbtUq.exe
2784	WjHXmts.exe
2036	IjiSLXg.exe
1832	roOFvFo.exe
1536	MEeaiJl.exe
1472	oNXVPaW.exe
1272	OEhYhao.exe
2272	USRozmz.exe
900	uMzJkZK.exe
1200	LHNPGmh.exe
1992	qECYocX.exe
2204	fkKOrQN.exe
112	LoyxQZK.exe
2220	uYDfRFb.exe
784	jkhKZjj.exe
2232	LxJphUR.exe
2312	FBqnHby.exe
2280	QDcdHrn.exe
1812	lyyxRZb.exe
988	rfkBeyl.exe
2176	NpxglVZ.exe
1732	HmNsYEq.exe
1524	rmleWTu.exe
2424	iuVqNrk.exe
2732	SccJBoH.exe
2932	pkxfbfu.exe
1424	WjlLjuw.exe
2028	LIxIKtl.exe
1520	QbXxuAs.exe
2236	qzskpYv.exe
2328	OZxZaQc.exe
2744	WXNIteL.exe
2188	dcsRssr.exe
1952	xALfrpH.exe
2152	dXkeqww.exe

Loads dropped DLL 64 IoCs

pid	Process
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 60 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/592-0-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0007000000012116-3.dat	upx
behavioral1/files/0x0008000000016d29-11.dat	upx
behavioral1/files/0x0008000000016d31-15.dat	upx
behavioral1/files/0x0008000000016d3a-20.dat	upx
behavioral1/files/0x0007000000016d4a-25.dat	upx
behavioral1/files/0x0007000000016d5e-29.dat	upx
behavioral1/files/0x0007000000016d64-35.dat	upx
behavioral1/files/0x0008000000016d6d-39.dat	upx
behavioral1/files/0x00050000000186ee-44.dat	upx
behavioral1/files/0x0005000000018728-54.dat	upx
behavioral1/files/0x000500000001878f-69.dat	upx
behavioral1/memory/532-76-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/files/0x0008000000016d06-112.dat	upx
behavioral1/files/0x0005000000019431-167.dat	upx
behavioral1/memory/592-1410-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x000500000001950c-187.dat	upx
behavioral1/files/0x0005000000019461-181.dat	upx
behavioral1/files/0x000500000001944f-177.dat	upx
behavioral1/files/0x0005000000019441-172.dat	upx
behavioral1/files/0x0005000000019427-161.dat	upx
behavioral1/files/0x000500000001941e-157.dat	upx
behavioral1/files/0x00050000000193e1-151.dat	upx
behavioral1/files/0x00050000000193c2-146.dat	upx
behavioral1/files/0x0005000000019350-145.dat	upx
behavioral1/files/0x00050000000193b4-140.dat	upx
behavioral1/files/0x0005000000019334-132.dat	upx
behavioral1/files/0x0005000000019282-127.dat	upx
behavioral1/files/0x0005000000019261-122.dat	upx
behavioral1/files/0x000500000001925e-117.dat	upx
behavioral1/files/0x0006000000019023-109.dat	upx
behavioral1/memory/1932-80-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2292-78-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2896-103-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/2508-73-0x000000013F040000-0x000000013F394000-memory.dmp	upx
behavioral1/memory/2756-101-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/2276-99-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2912-97-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2724-94-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2716-92-0x000000013F890000-0x000000013FBE4000-memory.dmp	upx
behavioral1/memory/2908-90-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/files/0x00050000000187a5-89.dat	upx
behavioral1/memory/2884-87-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/748-84-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/1632-74-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/files/0x0005000000018784-64.dat	upx
behavioral1/files/0x000500000001873d-59.dat	upx
behavioral1/files/0x00050000000186fd-49.dat	upx
behavioral1/memory/2884-4046-0x000000013F970000-0x000000013FCC4000-memory.dmp	upx
behavioral1/memory/748-4048-0x000000013F3F0000-0x000000013F744000-memory.dmp	upx
behavioral1/memory/2912-4051-0x000000013F190000-0x000000013F4E4000-memory.dmp	upx
behavioral1/memory/2908-4049-0x000000013F620000-0x000000013F974000-memory.dmp	upx
behavioral1/memory/1932-4052-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2276-4055-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/2292-4056-0x000000013F030000-0x000000013F384000-memory.dmp	upx
behavioral1/memory/2756-4054-0x000000013F3E0000-0x000000013F734000-memory.dmp	upx
behavioral1/memory/532-4053-0x000000013F080000-0x000000013F3D4000-memory.dmp	upx
behavioral1/memory/2724-4057-0x000000013FA90000-0x000000013FDE4000-memory.dmp	upx
behavioral1/memory/2896-4058-0x000000013F830000-0x000000013FB84000-memory.dmp	upx
behavioral1/memory/1632-4059-0x000000013F420000-0x000000013F774000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\IDmIEgm.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZopyRTy.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AdBvVaQ.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rSXpKyC.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\heDCflV.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MTVnlWG.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eVCcBXW.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RyIKWFu.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pMrzndz.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TTDktpY.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ywPivwR.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KkNQXNY.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wQfVVZJ.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qjhMnNP.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vegogfQ.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mxXmKUS.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nTynGgh.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ihBqJXs.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aPTZjdH.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SbuRiJq.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mbStZdI.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\goSHizr.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xdBzWGY.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IDlaqfE.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTXcUBc.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xSlzMZC.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JoPLogY.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IcbCXPL.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zuNLiPw.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kJcfHfa.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WCNgGnj.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Otoksqz.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pAkQauY.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vVmliqF.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GgZZGdB.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WMYvQIN.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZrzZPtH.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhkRxQl.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIxIKtl.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aUaaFbr.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\eXSqMfS.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NcFGmWr.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RLgGoFq.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uGYPQwE.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mQKhCUs.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rdiVoab.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rLbopwC.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IVhQjUs.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PsipKTi.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dhzeVSs.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\okvWmkB.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QbDONrL.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uJPvset.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vQFgXbF.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ByNioMH.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CLBvnlj.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vuTGgVX.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hhTOoVo.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WzWxfFY.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBGNERP.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iiFpSXJ.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uHdzVxJ.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yTvEnhG.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VHQtpNC.exe	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 592 wrote to memory of 2508	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 592 wrote to memory of 2508	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 592 wrote to memory of 2508	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 592 wrote to memory of 1632	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 592 wrote to memory of 1632	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 592 wrote to memory of 1632	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 592 wrote to memory of 532	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 592 wrote to memory of 532	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 592 wrote to memory of 532	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 592 wrote to memory of 2292	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 592 wrote to memory of 2292	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 592 wrote to memory of 2292	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 592 wrote to memory of 1932	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 592 wrote to memory of 1932	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 592 wrote to memory of 1932	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 592 wrote to memory of 748	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 592 wrote to memory of 748	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 592 wrote to memory of 748	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 592 wrote to memory of 2884	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 592 wrote to memory of 2884	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 592 wrote to memory of 2884	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 592 wrote to memory of 2908	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 592 wrote to memory of 2908	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 592 wrote to memory of 2908	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 592 wrote to memory of 2716	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 592 wrote to memory of 2716	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 592 wrote to memory of 2716	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 592 wrote to memory of 2724	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 592 wrote to memory of 2724	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 592 wrote to memory of 2724	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 592 wrote to memory of 2912	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 592 wrote to memory of 2912	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 592 wrote to memory of 2912	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 592 wrote to memory of 2276	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 592 wrote to memory of 2276	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 592 wrote to memory of 2276	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 592 wrote to memory of 2756	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 592 wrote to memory of 2756	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 592 wrote to memory of 2756	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 592 wrote to memory of 2896	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 592 wrote to memory of 2896	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 592 wrote to memory of 2896	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 592 wrote to memory of 524	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 592 wrote to memory of 524	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 592 wrote to memory of 524	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 592 wrote to memory of 2128	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 592 wrote to memory of 2128	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 592 wrote to memory of 2128	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 592 wrote to memory of 1620	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 592 wrote to memory of 1620	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 592 wrote to memory of 1620	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 592 wrote to memory of 1876	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 592 wrote to memory of 1876	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 592 wrote to memory of 1876	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 592 wrote to memory of 800	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 592 wrote to memory of 800	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 592 wrote to memory of 800	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 592 wrote to memory of 1660	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 592 wrote to memory of 1660	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 592 wrote to memory of 1660	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 592 wrote to memory of 1588	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 592 wrote to memory of 1588	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 592 wrote to memory of 1588	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 592 wrote to memory of 1800	592	2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-21_7e70836bde096ca08d005f0e082aedd5_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:592
- C:\Windows\System\gsjTGdy.exe
  C:\Windows\System\gsjTGdy.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\PnztTEf.exe
  C:\Windows\System\PnztTEf.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\OwzODIR.exe
  C:\Windows\System\OwzODIR.exe
  2⤵
  - Executes dropped EXE
  PID:532
- C:\Windows\System\MEfBCEK.exe
  C:\Windows\System\MEfBCEK.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\QPixRaa.exe
  C:\Windows\System\QPixRaa.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\YsuqnnL.exe
  C:\Windows\System\YsuqnnL.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\UeWnpyu.exe
  C:\Windows\System\UeWnpyu.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\mXAyYJT.exe
  C:\Windows\System\mXAyYJT.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\FnHzxos.exe
  C:\Windows\System\FnHzxos.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\kWXmgSU.exe
  C:\Windows\System\kWXmgSU.exe
  2⤵
  - Executes dropped EXE
  PID:2724
- C:\Windows\System\AMCENFA.exe
  C:\Windows\System\AMCENFA.exe
  2⤵
  - Executes dropped EXE
  PID:2912
- C:\Windows\System\ToqoyOU.exe
  C:\Windows\System\ToqoyOU.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\BJIPNpK.exe
  C:\Windows\System\BJIPNpK.exe
  2⤵
  - Executes dropped EXE
  PID:2756
- C:\Windows\System\dThNeXA.exe
  C:\Windows\System\dThNeXA.exe
  2⤵
  - Executes dropped EXE
  PID:2896
- C:\Windows\System\gMHuXtj.exe
  C:\Windows\System\gMHuXtj.exe
  2⤵
  - Executes dropped EXE
  PID:524
- C:\Windows\System\TysqowG.exe
  C:\Windows\System\TysqowG.exe
  2⤵
  - Executes dropped EXE
  PID:2128
- C:\Windows\System\KBfufkK.exe
  C:\Windows\System\KBfufkK.exe
  2⤵
  - Executes dropped EXE
  PID:1620
- C:\Windows\System\okvWmkB.exe
  C:\Windows\System\okvWmkB.exe
  2⤵
  - Executes dropped EXE
  PID:1876
- C:\Windows\System\xWYRjcs.exe
  C:\Windows\System\xWYRjcs.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\klSbdNQ.exe
  C:\Windows\System\klSbdNQ.exe
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Windows\System\kcIBcNH.exe
  C:\Windows\System\kcIBcNH.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\vNeYFYu.exe
  C:\Windows\System\vNeYFYu.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\gRZDUrA.exe
  C:\Windows\System\gRZDUrA.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\yhPKrUR.exe
  C:\Windows\System\yhPKrUR.exe
  2⤵
  - Executes dropped EXE
  PID:2836
- C:\Windows\System\qQMpIVN.exe
  C:\Windows\System\qQMpIVN.exe
  2⤵
  - Executes dropped EXE
  PID:380
- C:\Windows\System\MuFhFHa.exe
  C:\Windows\System\MuFhFHa.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\YNKHtKn.exe
  C:\Windows\System\YNKHtKn.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\cYoVjmw.exe
  C:\Windows\System\cYoVjmw.exe
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Windows\System\HXdsknz.exe
  C:\Windows\System\HXdsknz.exe
  2⤵
  - Executes dropped EXE
  PID:1128
- C:\Windows\System\JWjbtUq.exe
  C:\Windows\System\JWjbtUq.exe
  2⤵
  - Executes dropped EXE
  PID:448
- C:\Windows\System\WjHXmts.exe
  C:\Windows\System\WjHXmts.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\IjiSLXg.exe
  C:\Windows\System\IjiSLXg.exe
  2⤵
  - Executes dropped EXE
  PID:2036
- C:\Windows\System\roOFvFo.exe
  C:\Windows\System\roOFvFo.exe
  2⤵
  - Executes dropped EXE
  PID:1832
- C:\Windows\System\MEeaiJl.exe
  C:\Windows\System\MEeaiJl.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\oNXVPaW.exe
  C:\Windows\System\oNXVPaW.exe
  2⤵
  - Executes dropped EXE
  PID:1472
- C:\Windows\System\OEhYhao.exe
  C:\Windows\System\OEhYhao.exe
  2⤵
  - Executes dropped EXE
  PID:1272
- C:\Windows\System\USRozmz.exe
  C:\Windows\System\USRozmz.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\uMzJkZK.exe
  C:\Windows\System\uMzJkZK.exe
  2⤵
  - Executes dropped EXE
  PID:900
- C:\Windows\System\LHNPGmh.exe
  C:\Windows\System\LHNPGmh.exe
  2⤵
  - Executes dropped EXE
  PID:1200
- C:\Windows\System\qECYocX.exe
  C:\Windows\System\qECYocX.exe
  2⤵
  - Executes dropped EXE
  PID:1992
- C:\Windows\System\fkKOrQN.exe
  C:\Windows\System\fkKOrQN.exe
  2⤵
  - Executes dropped EXE
  PID:2204
- C:\Windows\System\LoyxQZK.exe
  C:\Windows\System\LoyxQZK.exe
  2⤵
  - Executes dropped EXE
  PID:112
- C:\Windows\System\uYDfRFb.exe
  C:\Windows\System\uYDfRFb.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\LxJphUR.exe
  C:\Windows\System\LxJphUR.exe
  2⤵
  - Executes dropped EXE
  PID:2232
- C:\Windows\System\jkhKZjj.exe
  C:\Windows\System\jkhKZjj.exe
  2⤵
  - Executes dropped EXE
  PID:784
- C:\Windows\System\FBqnHby.exe
  C:\Windows\System\FBqnHby.exe
  2⤵
  - Executes dropped EXE
  PID:2312
- C:\Windows\System\QDcdHrn.exe
  C:\Windows\System\QDcdHrn.exe
  2⤵
  - Executes dropped EXE
  PID:2280
- C:\Windows\System\rfkBeyl.exe
  C:\Windows\System\rfkBeyl.exe
  2⤵
  - Executes dropped EXE
  PID:988
- C:\Windows\System\lyyxRZb.exe
  C:\Windows\System\lyyxRZb.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Windows\System\WjlLjuw.exe
  C:\Windows\System\WjlLjuw.exe
  2⤵
  - Executes dropped EXE
  PID:1424
- C:\Windows\System\NpxglVZ.exe
  C:\Windows\System\NpxglVZ.exe
  2⤵
  - Executes dropped EXE
  PID:2176
- C:\Windows\System\LIxIKtl.exe
  C:\Windows\System\LIxIKtl.exe
  2⤵
  - Executes dropped EXE
  PID:2028
- C:\Windows\System\HmNsYEq.exe
  C:\Windows\System\HmNsYEq.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\QbXxuAs.exe
  C:\Windows\System\QbXxuAs.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\rmleWTu.exe
  C:\Windows\System\rmleWTu.exe
  2⤵
  - Executes dropped EXE
  PID:1524
- C:\Windows\System\qzskpYv.exe
  C:\Windows\System\qzskpYv.exe
  2⤵
  - Executes dropped EXE
  PID:2236
- C:\Windows\System\iuVqNrk.exe
  C:\Windows\System\iuVqNrk.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\OZxZaQc.exe
  C:\Windows\System\OZxZaQc.exe
  2⤵
  - Executes dropped EXE
  PID:2328
- C:\Windows\System\SccJBoH.exe
  C:\Windows\System\SccJBoH.exe
  2⤵
  - Executes dropped EXE
  PID:2732
- C:\Windows\System\WXNIteL.exe
  C:\Windows\System\WXNIteL.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\pkxfbfu.exe
  C:\Windows\System\pkxfbfu.exe
  2⤵
  - Executes dropped EXE
  PID:2932
- C:\Windows\System\dcsRssr.exe
  C:\Windows\System\dcsRssr.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\xALfrpH.exe
  C:\Windows\System\xALfrpH.exe
  2⤵
  - Executes dropped EXE
  PID:1952
- C:\Windows\System\dXkeqww.exe
  C:\Windows\System\dXkeqww.exe
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System\eZReCAp.exe
  C:\Windows\System\eZReCAp.exe
  2⤵
  PID:288
- C:\Windows\System\QdIwKCj.exe
  C:\Windows\System\QdIwKCj.exe
  2⤵
  PID:1348
- C:\Windows\System\RGfAbwE.exe
  C:\Windows\System\RGfAbwE.exe
  2⤵
  PID:2796
- C:\Windows\System\sRkFXgo.exe
  C:\Windows\System\sRkFXgo.exe
  2⤵
  PID:2788
- C:\Windows\System\tlOVdxZ.exe
  C:\Windows\System\tlOVdxZ.exe
  2⤵
  PID:2164
- C:\Windows\System\LYYAngp.exe
  C:\Windows\System\LYYAngp.exe
  2⤵
  PID:2268
- C:\Windows\System\GfAMlhR.exe
  C:\Windows\System\GfAMlhR.exe
  2⤵
  PID:2416
- C:\Windows\System\qjhMnNP.exe
  C:\Windows\System\qjhMnNP.exe
  2⤵
  PID:1132
- C:\Windows\System\xFeQsZW.exe
  C:\Windows\System\xFeQsZW.exe
  2⤵
  PID:636
- C:\Windows\System\JScOfVO.exe
  C:\Windows\System\JScOfVO.exe
  2⤵
  PID:616
- C:\Windows\System\aQCsJZG.exe
  C:\Windows\System\aQCsJZG.exe
  2⤵
  PID:2032
- C:\Windows\System\JszIqNZ.exe
  C:\Windows\System\JszIqNZ.exe
  2⤵
  PID:1688
- C:\Windows\System\UYVcUSq.exe
  C:\Windows\System\UYVcUSq.exe
  2⤵
  PID:1408
- C:\Windows\System\pjzdVYg.exe
  C:\Windows\System\pjzdVYg.exe
  2⤵
  PID:2000
- C:\Windows\System\moTpAsx.exe
  C:\Windows\System\moTpAsx.exe
  2⤵
  PID:1600
- C:\Windows\System\XizsaBS.exe
  C:\Windows\System\XizsaBS.exe
  2⤵
  PID:1256
- C:\Windows\System\tanNjtk.exe
  C:\Windows\System\tanNjtk.exe
  2⤵
  PID:912
- C:\Windows\System\pYAavTG.exe
  C:\Windows\System\pYAavTG.exe
  2⤵
  PID:2080
- C:\Windows\System\BjmtfhU.exe
  C:\Windows\System\BjmtfhU.exe
  2⤵
  PID:2304
- C:\Windows\System\YxiRjkY.exe
  C:\Windows\System\YxiRjkY.exe
  2⤵
  PID:1468
- C:\Windows\System\TuqsxpH.exe
  C:\Windows\System\TuqsxpH.exe
  2⤵
  PID:2100
- C:\Windows\System\bidzBqj.exe
  C:\Windows\System\bidzBqj.exe
  2⤵
  PID:1916
- C:\Windows\System\EEZBwRs.exe
  C:\Windows\System\EEZBwRs.exe
  2⤵
  PID:2252
- C:\Windows\System\FKokAGf.exe
  C:\Windows\System\FKokAGf.exe
  2⤵
  PID:2880
- C:\Windows\System\VjKcEwZ.exe
  C:\Windows\System\VjKcEwZ.exe
  2⤵
  PID:1436
- C:\Windows\System\ZIPvUZf.exe
  C:\Windows\System\ZIPvUZf.exe
  2⤵
  PID:880
- C:\Windows\System\zIiVoYg.exe
  C:\Windows\System\zIiVoYg.exe
  2⤵
  PID:2180
- C:\Windows\System\IuzXDnW.exe
  C:\Windows\System\IuzXDnW.exe
  2⤵
  PID:2872
- C:\Windows\System\JYOLBWl.exe
  C:\Windows\System\JYOLBWl.exe
  2⤵
  PID:1944
- C:\Windows\System\MwnEQPv.exe
  C:\Windows\System\MwnEQPv.exe
  2⤵
  PID:2800
- C:\Windows\System\JgQGHZV.exe
  C:\Windows\System\JgQGHZV.exe
  2⤵
  PID:2216
- C:\Windows\System\TkDkaFZ.exe
  C:\Windows\System\TkDkaFZ.exe
  2⤵
  PID:1928
- C:\Windows\System\dhVOnNZ.exe
  C:\Windows\System\dhVOnNZ.exe
  2⤵
  PID:3080
- C:\Windows\System\uLYNHIW.exe
  C:\Windows\System\uLYNHIW.exe
  2⤵
  PID:3104
- C:\Windows\System\FnhGkos.exe
  C:\Windows\System\FnhGkos.exe
  2⤵
  PID:3120
- C:\Windows\System\SBiOrPT.exe
  C:\Windows\System\SBiOrPT.exe
  2⤵
  PID:3140
- C:\Windows\System\jqkuTZq.exe
  C:\Windows\System\jqkuTZq.exe
  2⤵
  PID:3156
- C:\Windows\System\VsSmFbl.exe
  C:\Windows\System\VsSmFbl.exe
  2⤵
  PID:3172
- C:\Windows\System\nRmcNnI.exe
  C:\Windows\System\nRmcNnI.exe
  2⤵
  PID:3192
- C:\Windows\System\GAdZadV.exe
  C:\Windows\System\GAdZadV.exe
  2⤵
  PID:3208
- C:\Windows\System\dXModHP.exe
  C:\Windows\System\dXModHP.exe
  2⤵
  PID:3224
- C:\Windows\System\mSeLIIx.exe
  C:\Windows\System\mSeLIIx.exe
  2⤵
  PID:3240
- C:\Windows\System\Yoqkhkp.exe
  C:\Windows\System\Yoqkhkp.exe
  2⤵
  PID:3260
- C:\Windows\System\TaUJEay.exe
  C:\Windows\System\TaUJEay.exe
  2⤵
  PID:3280
- C:\Windows\System\XlQvDim.exe
  C:\Windows\System\XlQvDim.exe
  2⤵
  PID:3300
- C:\Windows\System\THGbJuW.exe
  C:\Windows\System\THGbJuW.exe
  2⤵
  PID:3316
- C:\Windows\System\WDgydXa.exe
  C:\Windows\System\WDgydXa.exe
  2⤵
  PID:3336
- C:\Windows\System\ibyQDKS.exe
  C:\Windows\System\ibyQDKS.exe
  2⤵
  PID:3360
- C:\Windows\System\AUbzVXT.exe
  C:\Windows\System\AUbzVXT.exe
  2⤵
  PID:3384
- C:\Windows\System\ETbCinE.exe
  C:\Windows\System\ETbCinE.exe
  2⤵
  PID:3404
- C:\Windows\System\ezoUDjL.exe
  C:\Windows\System\ezoUDjL.exe
  2⤵
  PID:3428
- C:\Windows\System\WoxkpCP.exe
  C:\Windows\System\WoxkpCP.exe
  2⤵
  PID:3464
- C:\Windows\System\pfmZQAy.exe
  C:\Windows\System\pfmZQAy.exe
  2⤵
  PID:3484
- C:\Windows\System\IcbCXPL.exe
  C:\Windows\System\IcbCXPL.exe
  2⤵
  PID:3504
- C:\Windows\System\ZrTZycO.exe
  C:\Windows\System\ZrTZycO.exe
  2⤵
  PID:3524
- C:\Windows\System\uJHhUYc.exe
  C:\Windows\System\uJHhUYc.exe
  2⤵
  PID:3544
- C:\Windows\System\KMJZcJL.exe
  C:\Windows\System\KMJZcJL.exe
  2⤵
  PID:3564
- C:\Windows\System\umWYRdL.exe
  C:\Windows\System\umWYRdL.exe
  2⤵
  PID:3584
- C:\Windows\System\clcBEut.exe
  C:\Windows\System\clcBEut.exe
  2⤵
  PID:3604
- C:\Windows\System\kyqJkWZ.exe
  C:\Windows\System\kyqJkWZ.exe
  2⤵
  PID:3624
- C:\Windows\System\ISgROEf.exe
  C:\Windows\System\ISgROEf.exe
  2⤵
  PID:3644
- C:\Windows\System\FcueeSw.exe
  C:\Windows\System\FcueeSw.exe
  2⤵
  PID:3664
- C:\Windows\System\EsdQFBO.exe
  C:\Windows\System\EsdQFBO.exe
  2⤵
  PID:3684
- C:\Windows\System\bbFFRya.exe
  C:\Windows\System\bbFFRya.exe
  2⤵
  PID:3704
- C:\Windows\System\YxBdYdL.exe
  C:\Windows\System\YxBdYdL.exe
  2⤵
  PID:3724
- C:\Windows\System\rtolpDf.exe
  C:\Windows\System\rtolpDf.exe
  2⤵
  PID:3744
- C:\Windows\System\KBeYCkp.exe
  C:\Windows\System\KBeYCkp.exe
  2⤵
  PID:3764
- C:\Windows\System\IlhhtKC.exe
  C:\Windows\System\IlhhtKC.exe
  2⤵
  PID:3784
- C:\Windows\System\DIcYNos.exe
  C:\Windows\System\DIcYNos.exe
  2⤵
  PID:3804
- C:\Windows\System\WsjbeyJ.exe
  C:\Windows\System\WsjbeyJ.exe
  2⤵
  PID:3824
- C:\Windows\System\grPXPpE.exe
  C:\Windows\System\grPXPpE.exe
  2⤵
  PID:3844
- C:\Windows\System\XIWAvlD.exe
  C:\Windows\System\XIWAvlD.exe
  2⤵
  PID:3864
- C:\Windows\System\KbKjKvw.exe
  C:\Windows\System\KbKjKvw.exe
  2⤵
  PID:3884
- C:\Windows\System\MLDgbQu.exe
  C:\Windows\System\MLDgbQu.exe
  2⤵
  PID:3904
- C:\Windows\System\eywvhAJ.exe
  C:\Windows\System\eywvhAJ.exe
  2⤵
  PID:3924
- C:\Windows\System\PTsBDmt.exe
  C:\Windows\System\PTsBDmt.exe
  2⤵
  PID:3944
- C:\Windows\System\MGqBzAn.exe
  C:\Windows\System\MGqBzAn.exe
  2⤵
  PID:3964
- C:\Windows\System\aUaaFbr.exe
  C:\Windows\System\aUaaFbr.exe
  2⤵
  PID:3984
- C:\Windows\System\AwAIjkZ.exe
  C:\Windows\System\AwAIjkZ.exe
  2⤵
  PID:4004
- C:\Windows\System\lkllvek.exe
  C:\Windows\System\lkllvek.exe
  2⤵
  PID:4024
- C:\Windows\System\MbcZEju.exe
  C:\Windows\System\MbcZEju.exe
  2⤵
  PID:4044
- C:\Windows\System\QVXcsCB.exe
  C:\Windows\System\QVXcsCB.exe
  2⤵
  PID:4064
- C:\Windows\System\ABTEyUd.exe
  C:\Windows\System\ABTEyUd.exe
  2⤵
  PID:4084
- C:\Windows\System\DYTEraX.exe
  C:\Windows\System\DYTEraX.exe
  2⤵
  PID:1316
- C:\Windows\System\bCfjSVo.exe
  C:\Windows\System\bCfjSVo.exe
  2⤵
  PID:2924
- C:\Windows\System\bnamGiT.exe
  C:\Windows\System\bnamGiT.exe
  2⤵
  PID:1788
- C:\Windows\System\YSeJjQo.exe
  C:\Windows\System\YSeJjQo.exe
  2⤵
  PID:2132
- C:\Windows\System\WAYliHu.exe
  C:\Windows\System\WAYliHu.exe
  2⤵
  PID:2688
- C:\Windows\System\bLAompX.exe
  C:\Windows\System\bLAompX.exe
  2⤵
  PID:696
- C:\Windows\System\IcHnCyG.exe
  C:\Windows\System\IcHnCyG.exe
  2⤵
  PID:1176
- C:\Windows\System\csqlqyr.exe
  C:\Windows\System\csqlqyr.exe
  2⤵
  PID:1052
- C:\Windows\System\gvLYxDf.exe
  C:\Windows\System\gvLYxDf.exe
  2⤵
  PID:2888
- C:\Windows\System\AjyYOJw.exe
  C:\Windows\System\AjyYOJw.exe
  2⤵
  PID:2532
- C:\Windows\System\yjoKWMD.exe
  C:\Windows\System\yjoKWMD.exe
  2⤵
  PID:2528
- C:\Windows\System\UBfRWWh.exe
  C:\Windows\System\UBfRWWh.exe
  2⤵
  PID:2988
- C:\Windows\System\wCUEoiz.exe
  C:\Windows\System\wCUEoiz.exe
  2⤵
  PID:1804
- C:\Windows\System\LtBouiM.exe
  C:\Windows\System\LtBouiM.exe
  2⤵
  PID:3096
- C:\Windows\System\eXSqMfS.exe
  C:\Windows\System\eXSqMfS.exe
  2⤵
  PID:1896
- C:\Windows\System\HzGuSZg.exe
  C:\Windows\System\HzGuSZg.exe
  2⤵
  PID:3068
- C:\Windows\System\aSZYmWe.exe
  C:\Windows\System\aSZYmWe.exe
  2⤵
  PID:3128
- C:\Windows\System\ZteKHUf.exe
  C:\Windows\System\ZteKHUf.exe
  2⤵
  PID:3200
- C:\Windows\System\osOfdKs.exe
  C:\Windows\System\osOfdKs.exe
  2⤵
  PID:3276
- C:\Windows\System\nQLzePe.exe
  C:\Windows\System\nQLzePe.exe
  2⤵
  PID:3356
- C:\Windows\System\lSrcTjF.exe
  C:\Windows\System\lSrcTjF.exe
  2⤵
  PID:3152
- C:\Windows\System\DvKKKhR.exe
  C:\Windows\System\DvKKKhR.exe
  2⤵
  PID:3256
- C:\Windows\System\wSBDMml.exe
  C:\Windows\System\wSBDMml.exe
  2⤵
  PID:3332
- C:\Windows\System\noYoxnJ.exe
  C:\Windows\System\noYoxnJ.exe
  2⤵
  PID:3220
- C:\Windows\System\XfsCMGO.exe
  C:\Windows\System\XfsCMGO.exe
  2⤵
  PID:3400
- C:\Windows\System\oXDzUxp.exe
  C:\Windows\System\oXDzUxp.exe
  2⤵
  PID:3448
- C:\Windows\System\FdLMhwR.exe
  C:\Windows\System\FdLMhwR.exe
  2⤵
  PID:3416
- C:\Windows\System\JnermfE.exe
  C:\Windows\System\JnermfE.exe
  2⤵
  PID:3480
- C:\Windows\System\QbDONrL.exe
  C:\Windows\System\QbDONrL.exe
  2⤵
  PID:3520
- C:\Windows\System\jJEFbaC.exe
  C:\Windows\System\jJEFbaC.exe
  2⤵
  PID:3560
- C:\Windows\System\ExkwNkF.exe
  C:\Windows\System\ExkwNkF.exe
  2⤵
  PID:3592
- C:\Windows\System\iGzmpVn.exe
  C:\Windows\System\iGzmpVn.exe
  2⤵
  PID:3616
- C:\Windows\System\yvvhOUc.exe
  C:\Windows\System\yvvhOUc.exe
  2⤵
  PID:3660
- C:\Windows\System\pKbVBUD.exe
  C:\Windows\System\pKbVBUD.exe
  2⤵
  PID:3692
- C:\Windows\System\ccgXmDd.exe
  C:\Windows\System\ccgXmDd.exe
  2⤵
  PID:3712
- C:\Windows\System\vTzVDZd.exe
  C:\Windows\System\vTzVDZd.exe
  2⤵
  PID:3760
- C:\Windows\System\EktJYLB.exe
  C:\Windows\System\EktJYLB.exe
  2⤵
  PID:3792
- C:\Windows\System\vZOxVMB.exe
  C:\Windows\System\vZOxVMB.exe
  2⤵
  PID:3816
- C:\Windows\System\UpyNwnG.exe
  C:\Windows\System\UpyNwnG.exe
  2⤵
  PID:3836
- C:\Windows\System\Xcvmzsg.exe
  C:\Windows\System\Xcvmzsg.exe
  2⤵
  PID:3892
- C:\Windows\System\uRZwtVG.exe
  C:\Windows\System\uRZwtVG.exe
  2⤵
  PID:3932
- C:\Windows\System\ZqGhVJI.exe
  C:\Windows\System\ZqGhVJI.exe
  2⤵
  PID:3972
- C:\Windows\System\yoSVLKz.exe
  C:\Windows\System\yoSVLKz.exe
  2⤵
  PID:3992
- C:\Windows\System\EJgFhPo.exe
  C:\Windows\System\EJgFhPo.exe
  2⤵
  PID:4016
- C:\Windows\System\nEgLnfZ.exe
  C:\Windows\System\nEgLnfZ.exe
  2⤵
  PID:4060
- C:\Windows\System\apuKkcw.exe
  C:\Windows\System\apuKkcw.exe
  2⤵
  PID:4076
- C:\Windows\System\AinBYDl.exe
  C:\Windows\System\AinBYDl.exe
  2⤵
  PID:1836
- C:\Windows\System\GVhnekP.exe
  C:\Windows\System\GVhnekP.exe
  2⤵
  PID:2984
- C:\Windows\System\tKcmSyG.exe
  C:\Windows\System\tKcmSyG.exe
  2⤵
  PID:2768
- C:\Windows\System\gBKWpnx.exe
  C:\Windows\System\gBKWpnx.exe
  2⤵
  PID:1680
- C:\Windows\System\SQYHKWl.exe
  C:\Windows\System\SQYHKWl.exe
  2⤵
  PID:1496
- C:\Windows\System\OzLlHfa.exe
  C:\Windows\System\OzLlHfa.exe
  2⤵
  PID:2524
- C:\Windows\System\LimDaEF.exe
  C:\Windows\System\LimDaEF.exe
  2⤵
  PID:1636
- C:\Windows\System\mwHSRXR.exe
  C:\Windows\System\mwHSRXR.exe
  2⤵
  PID:1900
- C:\Windows\System\MSyefiy.exe
  C:\Windows\System\MSyefiy.exe
  2⤵
  PID:2728
- C:\Windows\System\ZOqRVPO.exe
  C:\Windows\System\ZOqRVPO.exe
  2⤵
  PID:948
- C:\Windows\System\heDCflV.exe
  C:\Windows\System\heDCflV.exe
  2⤵
  PID:3268
- C:\Windows\System\HceQCER.exe
  C:\Windows\System\HceQCER.exe
  2⤵
  PID:3112
- C:\Windows\System\ujODEnO.exe
  C:\Windows\System\ujODEnO.exe
  2⤵
  PID:3296
- C:\Windows\System\vjirRZx.exe
  C:\Windows\System\vjirRZx.exe
  2⤵
  PID:3380
- C:\Windows\System\qcxYZCW.exe
  C:\Windows\System\qcxYZCW.exe
  2⤵
  PID:3444
- C:\Windows\System\IQuRfrP.exe
  C:\Windows\System\IQuRfrP.exe
  2⤵
  PID:3440
- C:\Windows\System\AYSFFMB.exe
  C:\Windows\System\AYSFFMB.exe
  2⤵
  PID:3512
- C:\Windows\System\VlHKKoA.exe
  C:\Windows\System\VlHKKoA.exe
  2⤵
  PID:3536
- C:\Windows\System\uHdzVxJ.exe
  C:\Windows\System\uHdzVxJ.exe
  2⤵
  PID:3640
- C:\Windows\System\yTvEnhG.exe
  C:\Windows\System\yTvEnhG.exe
  2⤵
  PID:3676
- C:\Windows\System\vkAWPrj.exe
  C:\Windows\System\vkAWPrj.exe
  2⤵
  PID:3716
- C:\Windows\System\ckAVzYT.exe
  C:\Windows\System\ckAVzYT.exe
  2⤵
  PID:3780
- C:\Windows\System\toMkrQS.exe
  C:\Windows\System\toMkrQS.exe
  2⤵
  PID:3812
- C:\Windows\System\GaboCLJ.exe
  C:\Windows\System\GaboCLJ.exe
  2⤵
  PID:3896
- C:\Windows\System\qlqqBrq.exe
  C:\Windows\System\qlqqBrq.exe
  2⤵
  PID:4104
- C:\Windows\System\LOIcJcX.exe
  C:\Windows\System\LOIcJcX.exe
  2⤵
  PID:4124
- C:\Windows\System\BAwjJss.exe
  C:\Windows\System\BAwjJss.exe
  2⤵
  PID:4144
- C:\Windows\System\ffqMMkE.exe
  C:\Windows\System\ffqMMkE.exe
  2⤵
  PID:4164
- C:\Windows\System\tMztJPO.exe
  C:\Windows\System\tMztJPO.exe
  2⤵
  PID:4184
- C:\Windows\System\fpOZndV.exe
  C:\Windows\System\fpOZndV.exe
  2⤵
  PID:4204
- C:\Windows\System\rCvTPkD.exe
  C:\Windows\System\rCvTPkD.exe
  2⤵
  PID:4228
- C:\Windows\System\RhGWXSr.exe
  C:\Windows\System\RhGWXSr.exe
  2⤵
  PID:4248
- C:\Windows\System\ZKblJBq.exe
  C:\Windows\System\ZKblJBq.exe
  2⤵
  PID:4268
- C:\Windows\System\PEGkLjs.exe
  C:\Windows\System\PEGkLjs.exe
  2⤵
  PID:4288
- C:\Windows\System\vegogfQ.exe
  C:\Windows\System\vegogfQ.exe
  2⤵
  PID:4308
- C:\Windows\System\YITBXGw.exe
  C:\Windows\System\YITBXGw.exe
  2⤵
  PID:4328
- C:\Windows\System\HcHxWnN.exe
  C:\Windows\System\HcHxWnN.exe
  2⤵
  PID:4348
- C:\Windows\System\fitOigY.exe
  C:\Windows\System\fitOigY.exe
  2⤵
  PID:4368
- C:\Windows\System\tNVCIcd.exe
  C:\Windows\System\tNVCIcd.exe
  2⤵
  PID:4388
- C:\Windows\System\WqCykbR.exe
  C:\Windows\System\WqCykbR.exe
  2⤵
  PID:4408
- C:\Windows\System\wkjdfwG.exe
  C:\Windows\System\wkjdfwG.exe
  2⤵
  PID:4428
- C:\Windows\System\MTVnlWG.exe
  C:\Windows\System\MTVnlWG.exe
  2⤵
  PID:4448
- C:\Windows\System\vQFgXbF.exe
  C:\Windows\System\vQFgXbF.exe
  2⤵
  PID:4468
- C:\Windows\System\YWcxxwm.exe
  C:\Windows\System\YWcxxwm.exe
  2⤵
  PID:4488
- C:\Windows\System\MHuqbXP.exe
  C:\Windows\System\MHuqbXP.exe
  2⤵
  PID:4508
- C:\Windows\System\DqtBtaa.exe
  C:\Windows\System\DqtBtaa.exe
  2⤵
  PID:4528
- C:\Windows\System\cOPTrrq.exe
  C:\Windows\System\cOPTrrq.exe
  2⤵
  PID:4548
- C:\Windows\System\uJPvset.exe
  C:\Windows\System\uJPvset.exe
  2⤵
  PID:4568
- C:\Windows\System\GttQUIo.exe
  C:\Windows\System\GttQUIo.exe
  2⤵
  PID:4588
- C:\Windows\System\QbJbuOI.exe
  C:\Windows\System\QbJbuOI.exe
  2⤵
  PID:4608
- C:\Windows\System\xulSNgP.exe
  C:\Windows\System\xulSNgP.exe
  2⤵
  PID:4628
- C:\Windows\System\DCTEaHi.exe
  C:\Windows\System\DCTEaHi.exe
  2⤵
  PID:4648
- C:\Windows\System\cxrefxi.exe
  C:\Windows\System\cxrefxi.exe
  2⤵
  PID:4668
- C:\Windows\System\mPjdDxk.exe
  C:\Windows\System\mPjdDxk.exe
  2⤵
  PID:4688
- C:\Windows\System\ppaMTmY.exe
  C:\Windows\System\ppaMTmY.exe
  2⤵
  PID:4708
- C:\Windows\System\TGQBUWq.exe
  C:\Windows\System\TGQBUWq.exe
  2⤵
  PID:4728
- C:\Windows\System\NNRJSoC.exe
  C:\Windows\System\NNRJSoC.exe
  2⤵
  PID:4748
- C:\Windows\System\VFxjmuA.exe
  C:\Windows\System\VFxjmuA.exe
  2⤵
  PID:4768
- C:\Windows\System\osguUIa.exe
  C:\Windows\System\osguUIa.exe
  2⤵
  PID:4788
- C:\Windows\System\oTDYVKX.exe
  C:\Windows\System\oTDYVKX.exe
  2⤵
  PID:4808
- C:\Windows\System\rLbopwC.exe
  C:\Windows\System\rLbopwC.exe
  2⤵
  PID:4828
- C:\Windows\System\LJsfrbd.exe
  C:\Windows\System\LJsfrbd.exe
  2⤵
  PID:4848
- C:\Windows\System\VPAzWEV.exe
  C:\Windows\System\VPAzWEV.exe
  2⤵
  PID:4868
- C:\Windows\System\MgomWYR.exe
  C:\Windows\System\MgomWYR.exe
  2⤵
  PID:4888
- C:\Windows\System\IVhQjUs.exe
  C:\Windows\System\IVhQjUs.exe
  2⤵
  PID:4908
- C:\Windows\System\PsipKTi.exe
  C:\Windows\System\PsipKTi.exe
  2⤵
  PID:4928
- C:\Windows\System\lmwMhPC.exe
  C:\Windows\System\lmwMhPC.exe
  2⤵
  PID:4948
- C:\Windows\System\CzyGFxj.exe
  C:\Windows\System\CzyGFxj.exe
  2⤵
  PID:4968
- C:\Windows\System\dHSTlYQ.exe
  C:\Windows\System\dHSTlYQ.exe
  2⤵
  PID:4988
- C:\Windows\System\IPYxFDH.exe
  C:\Windows\System\IPYxFDH.exe
  2⤵
  PID:5008
- C:\Windows\System\pecoSTQ.exe
  C:\Windows\System\pecoSTQ.exe
  2⤵
  PID:5028
- C:\Windows\System\XMypnph.exe
  C:\Windows\System\XMypnph.exe
  2⤵
  PID:5048
- C:\Windows\System\nzkBakU.exe
  C:\Windows\System\nzkBakU.exe
  2⤵
  PID:5068
- C:\Windows\System\NvzRVlL.exe
  C:\Windows\System\NvzRVlL.exe
  2⤵
  PID:5088
- C:\Windows\System\MxDkJdw.exe
  C:\Windows\System\MxDkJdw.exe
  2⤵
  PID:5108
- C:\Windows\System\vNdetJY.exe
  C:\Windows\System\vNdetJY.exe
  2⤵
  PID:3956
- C:\Windows\System\HLHhGlb.exe
  C:\Windows\System\HLHhGlb.exe
  2⤵
  PID:4040
- C:\Windows\System\teOEBJb.exe
  C:\Windows\System\teOEBJb.exe
  2⤵
  PID:4092
- C:\Windows\System\tFduriR.exe
  C:\Windows\System\tFduriR.exe
  2⤵
  PID:2488
- C:\Windows\System\nRpOFwX.exe
  C:\Windows\System\nRpOFwX.exe
  2⤵
  PID:1252
- C:\Windows\System\whkcSCq.exe
  C:\Windows\System\whkcSCq.exe
  2⤵
  PID:1308
- C:\Windows\System\UXbqKDT.exe
  C:\Windows\System\UXbqKDT.exe
  2⤵
  PID:2056
- C:\Windows\System\OmIHWme.exe
  C:\Windows\System\OmIHWme.exe
  2⤵
  PID:1744
- C:\Windows\System\gqXMQgt.exe
  C:\Windows\System\gqXMQgt.exe
  2⤵
  PID:3076
- C:\Windows\System\EsrGROW.exe
  C:\Windows\System\EsrGROW.exe
  2⤵
  PID:3312
- C:\Windows\System\QqANqDI.exe
  C:\Windows\System\QqANqDI.exe
  2⤵
  PID:3328
- C:\Windows\System\vGiCpFf.exe
  C:\Windows\System\vGiCpFf.exe
  2⤵
  PID:3376
- C:\Windows\System\YkoRAvB.exe
  C:\Windows\System\YkoRAvB.exe
  2⤵
  PID:3460
- C:\Windows\System\xwVEUsX.exe
  C:\Windows\System\xwVEUsX.exe
  2⤵
  PID:3552
- C:\Windows\System\TqGaIZD.exe
  C:\Windows\System\TqGaIZD.exe
  2⤵
  PID:3696
- C:\Windows\System\hAeaDGb.exe
  C:\Windows\System\hAeaDGb.exe
  2⤵
  PID:3852
- C:\Windows\System\bxNKRGW.exe
  C:\Windows\System\bxNKRGW.exe
  2⤵
  PID:3872
- C:\Windows\System\omKkPjk.exe
  C:\Windows\System\omKkPjk.exe
  2⤵
  PID:3936
- C:\Windows\System\fRztSuz.exe
  C:\Windows\System\fRztSuz.exe
  2⤵
  PID:4116
- C:\Windows\System\osWROJc.exe
  C:\Windows\System\osWROJc.exe
  2⤵
  PID:4172
- C:\Windows\System\nItdLaV.exe
  C:\Windows\System\nItdLaV.exe
  2⤵
  PID:4212
- C:\Windows\System\RVKbGLP.exe
  C:\Windows\System\RVKbGLP.exe
  2⤵
  PID:4256
- C:\Windows\System\GPdVpwe.exe
  C:\Windows\System\GPdVpwe.exe
  2⤵
  PID:4276
- C:\Windows\System\PZZkEdi.exe
  C:\Windows\System\PZZkEdi.exe
  2⤵
  PID:4300
- C:\Windows\System\umMWHkS.exe
  C:\Windows\System\umMWHkS.exe
  2⤵
  PID:4344
- C:\Windows\System\fLRAaty.exe
  C:\Windows\System\fLRAaty.exe
  2⤵
  PID:4360
- C:\Windows\System\grJuveh.exe
  C:\Windows\System\grJuveh.exe
  2⤵
  PID:4404
- C:\Windows\System\UCtPaQq.exe
  C:\Windows\System\UCtPaQq.exe
  2⤵
  PID:4444
- C:\Windows\System\kwbltkZ.exe
  C:\Windows\System\kwbltkZ.exe
  2⤵
  PID:4496
- C:\Windows\System\inxSHas.exe
  C:\Windows\System\inxSHas.exe
  2⤵
  PID:4500
- C:\Windows\System\EjmlJII.exe
  C:\Windows\System\EjmlJII.exe
  2⤵
  PID:4544
- C:\Windows\System\zYsWMKY.exe
  C:\Windows\System\zYsWMKY.exe
  2⤵
  PID:4584
- C:\Windows\System\NcFGmWr.exe
  C:\Windows\System\NcFGmWr.exe
  2⤵
  PID:4600
- C:\Windows\System\nUehcAw.exe
  C:\Windows\System\nUehcAw.exe
  2⤵
  PID:4656
- C:\Windows\System\Cptkmyu.exe
  C:\Windows\System\Cptkmyu.exe
  2⤵
  PID:4676
- C:\Windows\System\aavClLS.exe
  C:\Windows\System\aavClLS.exe
  2⤵
  PID:4700
- C:\Windows\System\eqWaPhO.exe
  C:\Windows\System\eqWaPhO.exe
  2⤵
  PID:4744
- C:\Windows\System\iSATjUc.exe
  C:\Windows\System\iSATjUc.exe
  2⤵
  PID:4760
- C:\Windows\System\ceaXAnC.exe
  C:\Windows\System\ceaXAnC.exe
  2⤵
  PID:4816
- C:\Windows\System\tUZMPeW.exe
  C:\Windows\System\tUZMPeW.exe
  2⤵
  PID:4844
- C:\Windows\System\cTbRkaC.exe
  C:\Windows\System\cTbRkaC.exe
  2⤵
  PID:4876
- C:\Windows\System\BdCUHFW.exe
  C:\Windows\System\BdCUHFW.exe
  2⤵
  PID:4900
- C:\Windows\System\omNGZGZ.exe
  C:\Windows\System\omNGZGZ.exe
  2⤵
  PID:4944
- C:\Windows\System\TryFDpA.exe
  C:\Windows\System\TryFDpA.exe
  2⤵
  PID:4960
- C:\Windows\System\syvGqwr.exe
  C:\Windows\System\syvGqwr.exe
  2⤵
  PID:5016
- C:\Windows\System\TTDktpY.exe
  C:\Windows\System\TTDktpY.exe
  2⤵
  PID:5044
- C:\Windows\System\JciWFjR.exe
  C:\Windows\System\JciWFjR.exe
  2⤵
  PID:5076
- C:\Windows\System\vupiSiB.exe
  C:\Windows\System\vupiSiB.exe
  2⤵
  PID:5100
- C:\Windows\System\WGLWseL.exe
  C:\Windows\System\WGLWseL.exe
  2⤵
  PID:3952
- C:\Windows\System\LfZLans.exe
  C:\Windows\System\LfZLans.exe
  2⤵
  PID:4052
- C:\Windows\System\TpuSwhR.exe
  C:\Windows\System\TpuSwhR.exe
  2⤵
  PID:960
- C:\Windows\System\BfiSZhO.exe
  C:\Windows\System\BfiSZhO.exe
  2⤵
  PID:2608
- C:\Windows\System\fYbcyNY.exe
  C:\Windows\System\fYbcyNY.exe
  2⤵
  PID:1144
- C:\Windows\System\JyrmavM.exe
  C:\Windows\System\JyrmavM.exe
  2⤵
  PID:3232
- C:\Windows\System\fvHRexK.exe
  C:\Windows\System\fvHRexK.exe
  2⤵
  PID:3184
- C:\Windows\System\GtRGdqY.exe
  C:\Windows\System\GtRGdqY.exe
  2⤵
  PID:3492
- C:\Windows\System\XMeRxXK.exe
  C:\Windows\System\XMeRxXK.exe
  2⤵
  PID:3652
- C:\Windows\System\FKRklDu.exe
  C:\Windows\System\FKRklDu.exe
  2⤵
  PID:3840
- C:\Windows\System\GfWBmRI.exe
  C:\Windows\System\GfWBmRI.exe
  2⤵
  PID:4120
- C:\Windows\System\coqcJVg.exe
  C:\Windows\System\coqcJVg.exe
  2⤵
  PID:4160
- C:\Windows\System\fpRGLkA.exe
  C:\Windows\System\fpRGLkA.exe
  2⤵
  PID:4192
- C:\Windows\System\gFpgyez.exe
  C:\Windows\System\gFpgyez.exe
  2⤵
  PID:4240
- C:\Windows\System\oqqjdPe.exe
  C:\Windows\System\oqqjdPe.exe
  2⤵
  PID:4320
- C:\Windows\System\iPYuoDG.exe
  C:\Windows\System\iPYuoDG.exe
  2⤵
  PID:4424
- C:\Windows\System\WXrCRNI.exe
  C:\Windows\System\WXrCRNI.exe
  2⤵
  PID:4460
- C:\Windows\System\EeqwZwk.exe
  C:\Windows\System\EeqwZwk.exe
  2⤵
  PID:4524
- C:\Windows\System\ARKtvip.exe
  C:\Windows\System\ARKtvip.exe
  2⤵
  PID:4564
- C:\Windows\System\aIQbxqW.exe
  C:\Windows\System\aIQbxqW.exe
  2⤵
  PID:4604
- C:\Windows\System\eVCcBXW.exe
  C:\Windows\System\eVCcBXW.exe
  2⤵
  PID:4660
- C:\Windows\System\RrBPnAQ.exe
  C:\Windows\System\RrBPnAQ.exe
  2⤵
  PID:4756
- C:\Windows\System\NGJtyuw.exe
  C:\Windows\System\NGJtyuw.exe
  2⤵
  PID:4804
- C:\Windows\System\elxLwEf.exe
  C:\Windows\System\elxLwEf.exe
  2⤵
  PID:4864
- C:\Windows\System\LKGSlbp.exe
  C:\Windows\System\LKGSlbp.exe
  2⤵
  PID:4880
- C:\Windows\System\EwrTtav.exe
  C:\Windows\System\EwrTtav.exe
  2⤵
  PID:4964
- C:\Windows\System\ZEcbPuB.exe
  C:\Windows\System\ZEcbPuB.exe
  2⤵
  PID:5036
- C:\Windows\System\ypgzmVK.exe
  C:\Windows\System\ypgzmVK.exe
  2⤵
  PID:5080
- C:\Windows\System\DLOaVlV.exe
  C:\Windows\System\DLOaVlV.exe
  2⤵
  PID:4080
- C:\Windows\System\ftbArNt.exe
  C:\Windows\System\ftbArNt.exe
  2⤵
  PID:2448
- C:\Windows\System\DDGDAaN.exe
  C:\Windows\System\DDGDAaN.exe
  2⤵
  PID:1656
- C:\Windows\System\FApuQfm.exe
  C:\Windows\System\FApuQfm.exe
  2⤵
  PID:5136
- C:\Windows\System\llGXCMM.exe
  C:\Windows\System\llGXCMM.exe
  2⤵
  PID:5156
- C:\Windows\System\uXXcjpO.exe
  C:\Windows\System\uXXcjpO.exe
  2⤵
  PID:5176
- C:\Windows\System\rdZeIMB.exe
  C:\Windows\System\rdZeIMB.exe
  2⤵
  PID:5196
- C:\Windows\System\wDMFFlt.exe
  C:\Windows\System\wDMFFlt.exe
  2⤵
  PID:5216
- C:\Windows\System\uTwFAhO.exe
  C:\Windows\System\uTwFAhO.exe
  2⤵
  PID:5236
- C:\Windows\System\ELhYDNa.exe
  C:\Windows\System\ELhYDNa.exe
  2⤵
  PID:5256
- C:\Windows\System\mYYkjwk.exe
  C:\Windows\System\mYYkjwk.exe
  2⤵
  PID:5276
- C:\Windows\System\AdWsCwK.exe
  C:\Windows\System\AdWsCwK.exe
  2⤵
  PID:5296
- C:\Windows\System\ydbSLma.exe
  C:\Windows\System\ydbSLma.exe
  2⤵
  PID:5316
- C:\Windows\System\udJXERN.exe
  C:\Windows\System\udJXERN.exe
  2⤵
  PID:5336
- C:\Windows\System\wJCCSSc.exe
  C:\Windows\System\wJCCSSc.exe
  2⤵
  PID:5356
- C:\Windows\System\VpgyIRh.exe
  C:\Windows\System\VpgyIRh.exe
  2⤵
  PID:5376
- C:\Windows\System\DqFiwqH.exe
  C:\Windows\System\DqFiwqH.exe
  2⤵
  PID:5396
- C:\Windows\System\KQxCrIH.exe
  C:\Windows\System\KQxCrIH.exe
  2⤵
  PID:5416
- C:\Windows\System\ZwtVtyr.exe
  C:\Windows\System\ZwtVtyr.exe
  2⤵
  PID:5436
- C:\Windows\System\swHRfTl.exe
  C:\Windows\System\swHRfTl.exe
  2⤵
  PID:5456
- C:\Windows\System\ZnMqggq.exe
  C:\Windows\System\ZnMqggq.exe
  2⤵
  PID:5476
- C:\Windows\System\KRjAOGo.exe
  C:\Windows\System\KRjAOGo.exe
  2⤵
  PID:5496
- C:\Windows\System\EDGLYsR.exe
  C:\Windows\System\EDGLYsR.exe
  2⤵
  PID:5516
- C:\Windows\System\RftsHfX.exe
  C:\Windows\System\RftsHfX.exe
  2⤵
  PID:5536
- C:\Windows\System\VZrGQRX.exe
  C:\Windows\System\VZrGQRX.exe
  2⤵
  PID:5556
- C:\Windows\System\AtDkabE.exe
  C:\Windows\System\AtDkabE.exe
  2⤵
  PID:5576
- C:\Windows\System\yWKZCLV.exe
  C:\Windows\System\yWKZCLV.exe
  2⤵
  PID:5596
- C:\Windows\System\ljqzqlg.exe
  C:\Windows\System\ljqzqlg.exe
  2⤵
  PID:5616
- C:\Windows\System\qDVxZJG.exe
  C:\Windows\System\qDVxZJG.exe
  2⤵
  PID:5636
- C:\Windows\System\agPYMyW.exe
  C:\Windows\System\agPYMyW.exe
  2⤵
  PID:5656
- C:\Windows\System\yKgHFca.exe
  C:\Windows\System\yKgHFca.exe
  2⤵
  PID:5676
- C:\Windows\System\bHlRfXt.exe
  C:\Windows\System\bHlRfXt.exe
  2⤵
  PID:5696
- C:\Windows\System\pGrsthW.exe
  C:\Windows\System\pGrsthW.exe
  2⤵
  PID:5716
- C:\Windows\System\AWkqIVm.exe
  C:\Windows\System\AWkqIVm.exe
  2⤵
  PID:5736
- C:\Windows\System\bgGQIHA.exe
  C:\Windows\System\bgGQIHA.exe
  2⤵
  PID:5756
- C:\Windows\System\dULCdBf.exe
  C:\Windows\System\dULCdBf.exe
  2⤵
  PID:5776
- C:\Windows\System\NODaMyJ.exe
  C:\Windows\System\NODaMyJ.exe
  2⤵
  PID:5796
- C:\Windows\System\ENYvBYJ.exe
  C:\Windows\System\ENYvBYJ.exe
  2⤵
  PID:5816
- C:\Windows\System\WEwGKUg.exe
  C:\Windows\System\WEwGKUg.exe
  2⤵
  PID:5836
- C:\Windows\System\gxrrEpB.exe
  C:\Windows\System\gxrrEpB.exe
  2⤵
  PID:5860
- C:\Windows\System\hqrqUFm.exe
  C:\Windows\System\hqrqUFm.exe
  2⤵
  PID:5880
- C:\Windows\System\JonmRTZ.exe
  C:\Windows\System\JonmRTZ.exe
  2⤵
  PID:5900
- C:\Windows\System\QJvAeQg.exe
  C:\Windows\System\QJvAeQg.exe
  2⤵
  PID:5920
- C:\Windows\System\TsstwrW.exe
  C:\Windows\System\TsstwrW.exe
  2⤵
  PID:5940
- C:\Windows\System\KRZaNwW.exe
  C:\Windows\System\KRZaNwW.exe
  2⤵
  PID:5960
- C:\Windows\System\YhVhEbP.exe
  C:\Windows\System\YhVhEbP.exe
  2⤵
  PID:5980
- C:\Windows\System\ByNioMH.exe
  C:\Windows\System\ByNioMH.exe
  2⤵
  PID:6000
- C:\Windows\System\mETqRHh.exe
  C:\Windows\System\mETqRHh.exe
  2⤵
  PID:6020
- C:\Windows\System\Ehyjtty.exe
  C:\Windows\System\Ehyjtty.exe
  2⤵
  PID:6040
- C:\Windows\System\YhZpWLT.exe
  C:\Windows\System\YhZpWLT.exe
  2⤵
  PID:6060
- C:\Windows\System\IitJtFN.exe
  C:\Windows\System\IitJtFN.exe
  2⤵
  PID:6080
- C:\Windows\System\htOeCSb.exe
  C:\Windows\System\htOeCSb.exe
  2⤵
  PID:6100
- C:\Windows\System\DTMZMxa.exe
  C:\Windows\System\DTMZMxa.exe
  2⤵
  PID:6120
- C:\Windows\System\xdBzWGY.exe
  C:\Windows\System\xdBzWGY.exe
  2⤵
  PID:6140
- C:\Windows\System\bzQazcm.exe
  C:\Windows\System\bzQazcm.exe
  2⤵
  PID:2680
- C:\Windows\System\lcmCrBX.exe
  C:\Windows\System\lcmCrBX.exe
  2⤵
  PID:3540
- C:\Windows\System\ywPivwR.exe
  C:\Windows\System\ywPivwR.exe
  2⤵
  PID:3612
- C:\Windows\System\ImWTxes.exe
  C:\Windows\System\ImWTxes.exe
  2⤵
  PID:3876
- C:\Windows\System\wHTySEd.exe
  C:\Windows\System\wHTySEd.exe
  2⤵
  PID:4224
- C:\Windows\System\iviUgQj.exe
  C:\Windows\System\iviUgQj.exe
  2⤵
  PID:4324
- C:\Windows\System\cloTrVW.exe
  C:\Windows\System\cloTrVW.exe
  2⤵
  PID:4380
- C:\Windows\System\pHdpbhg.exe
  C:\Windows\System\pHdpbhg.exe
  2⤵
  PID:4484
- C:\Windows\System\pdicyEq.exe
  C:\Windows\System\pdicyEq.exe
  2⤵
  PID:4520
- C:\Windows\System\LCdqQZV.exe
  C:\Windows\System\LCdqQZV.exe
  2⤵
  PID:4680
- C:\Windows\System\uxccDcU.exe
  C:\Windows\System\uxccDcU.exe
  2⤵
  PID:4800
- C:\Windows\System\SHIWCZA.exe
  C:\Windows\System\SHIWCZA.exe
  2⤵
  PID:4840
- C:\Windows\System\UWCKfnU.exe
  C:\Windows\System\UWCKfnU.exe
  2⤵
  PID:4956
- C:\Windows\System\WoduCJc.exe
  C:\Windows\System\WoduCJc.exe
  2⤵
  PID:5004
- C:\Windows\System\Rannkqg.exe
  C:\Windows\System\Rannkqg.exe
  2⤵
  PID:4072
- C:\Windows\System\VHQtpNC.exe
  C:\Windows\System\VHQtpNC.exe
  2⤵
  PID:2468
- C:\Windows\System\yUQYzIW.exe
  C:\Windows\System\yUQYzIW.exe
  2⤵
  PID:5164
- C:\Windows\System\ZwockOQ.exe
  C:\Windows\System\ZwockOQ.exe
  2⤵
  PID:5184
- C:\Windows\System\UOlyfte.exe
  C:\Windows\System\UOlyfte.exe
  2⤵
  PID:5208
- C:\Windows\System\FWzfhex.exe
  C:\Windows\System\FWzfhex.exe
  2⤵
  PID:5252
- C:\Windows\System\hSJHNQk.exe
  C:\Windows\System\hSJHNQk.exe
  2⤵
  PID:5268
- C:\Windows\System\ZHVliWd.exe
  C:\Windows\System\ZHVliWd.exe
  2⤵
  PID:5332
- C:\Windows\System\olqpLHe.exe
  C:\Windows\System\olqpLHe.exe
  2⤵
  PID:5352
- C:\Windows\System\CopDsiE.exe
  C:\Windows\System\CopDsiE.exe
  2⤵
  PID:5384
- C:\Windows\System\ZGsLcYj.exe
  C:\Windows\System\ZGsLcYj.exe
  2⤵
  PID:5408
- C:\Windows\System\UdzYGRl.exe
  C:\Windows\System\UdzYGRl.exe
  2⤵
  PID:5452
- C:\Windows\System\ekUTZRZ.exe
  C:\Windows\System\ekUTZRZ.exe
  2⤵
  PID:5488
- C:\Windows\System\FntFYJY.exe
  C:\Windows\System\FntFYJY.exe
  2⤵
  PID:5532
- C:\Windows\System\tIcghzQ.exe
  C:\Windows\System\tIcghzQ.exe
  2⤵
  PID:5564
- C:\Windows\System\kYcooxW.exe
  C:\Windows\System\kYcooxW.exe
  2⤵
  PID:5604
- C:\Windows\System\DzHEWyi.exe
  C:\Windows\System\DzHEWyi.exe
  2⤵
  PID:5608
- C:\Windows\System\RJtPuaT.exe
  C:\Windows\System\RJtPuaT.exe
  2⤵
  PID:5628
- C:\Windows\System\nJYvSjg.exe
  C:\Windows\System\nJYvSjg.exe
  2⤵
  PID:5672
- C:\Windows\System\cPXtRCt.exe
  C:\Windows\System\cPXtRCt.exe
  2⤵
  PID:5712
- C:\Windows\System\RNRXTCT.exe
  C:\Windows\System\RNRXTCT.exe
  2⤵
  PID:5744
- C:\Windows\System\MSxAmTa.exe
  C:\Windows\System\MSxAmTa.exe
  2⤵
  PID:5784
- C:\Windows\System\qHJuMjZ.exe
  C:\Windows\System\qHJuMjZ.exe
  2⤵
  PID:5808
- C:\Windows\System\hsIuEKe.exe
  C:\Windows\System\hsIuEKe.exe
  2⤵
  PID:5828
- C:\Windows\System\akObazM.exe
  C:\Windows\System\akObazM.exe
  2⤵
  PID:5872
- C:\Windows\System\KkNQXNY.exe
  C:\Windows\System\KkNQXNY.exe
  2⤵
  PID:5928
- C:\Windows\System\NwAhTZR.exe
  C:\Windows\System\NwAhTZR.exe
  2⤵
  PID:5968
- C:\Windows\System\KlbPnxn.exe
  C:\Windows\System\KlbPnxn.exe
  2⤵
  PID:6016
- C:\Windows\System\WKVivTs.exe
  C:\Windows\System\WKVivTs.exe
  2⤵
  PID:6036
- C:\Windows\System\rbBSchi.exe
  C:\Windows\System\rbBSchi.exe
  2⤵
  PID:6068
- C:\Windows\System\IRGgYID.exe
  C:\Windows\System\IRGgYID.exe
  2⤵
  PID:6108
- C:\Windows\System\AhOqzGI.exe
  C:\Windows\System\AhOqzGI.exe
  2⤵
  PID:6132
- C:\Windows\System\akJhjVn.exe
  C:\Windows\System\akJhjVn.exe
  2⤵
  PID:3496
- C:\Windows\System\doQgOGV.exe
  C:\Windows\System\doQgOGV.exe
  2⤵
  PID:3776
- C:\Windows\System\mrjOTNu.exe
  C:\Windows\System\mrjOTNu.exe
  2⤵
  PID:4152
- C:\Windows\System\dVsHLmg.exe
  C:\Windows\System\dVsHLmg.exe
  2⤵
  PID:4376
- C:\Windows\System\IRMYJiE.exe
  C:\Windows\System\IRMYJiE.exe
  2⤵
  PID:4636
- C:\Windows\System\jEXABiX.exe
  C:\Windows\System\jEXABiX.exe
  2⤵
  PID:4640
- C:\Windows\System\EgCVqiW.exe
  C:\Windows\System\EgCVqiW.exe
  2⤵
  PID:4836
- C:\Windows\System\sjLNydP.exe
  C:\Windows\System\sjLNydP.exe
  2⤵
  PID:4924
- C:\Windows\System\LxUiimD.exe
  C:\Windows\System\LxUiimD.exe
  2⤵
  PID:5124
- C:\Windows\System\IHKMRCT.exe
  C:\Windows\System\IHKMRCT.exe
  2⤵
  PID:5168
- C:\Windows\System\ngVfFQB.exe
  C:\Windows\System\ngVfFQB.exe
  2⤵
  PID:5132
- C:\Windows\System\mFzgFZI.exe
  C:\Windows\System\mFzgFZI.exe
  2⤵
  PID:5324
- C:\Windows\System\JALAZzL.exe
  C:\Windows\System\JALAZzL.exe
  2⤵
  PID:5264
- C:\Windows\System\leUJjos.exe
  C:\Windows\System\leUJjos.exe
  2⤵
  PID:5344
- C:\Windows\System\vpQdSyW.exe
  C:\Windows\System\vpQdSyW.exe
  2⤵
  PID:5404
- C:\Windows\System\XOxNLsj.exe
  C:\Windows\System\XOxNLsj.exe
  2⤵
  PID:5484
- C:\Windows\System\KsEvgcA.exe
  C:\Windows\System\KsEvgcA.exe
  2⤵
  PID:5504
- C:\Windows\System\CPNTuhT.exe
  C:\Windows\System\CPNTuhT.exe
  2⤵
  PID:5568
- C:\Windows\System\eFnAJYa.exe
  C:\Windows\System\eFnAJYa.exe
  2⤵
  PID:5704
- C:\Windows\System\aqIohoq.exe
  C:\Windows\System\aqIohoq.exe
  2⤵
  PID:5592
- C:\Windows\System\ycuZDOa.exe
  C:\Windows\System\ycuZDOa.exe
  2⤵
  PID:5748
- C:\Windows\System\ZkBnaPc.exe
  C:\Windows\System\ZkBnaPc.exe
  2⤵
  PID:5792
- C:\Windows\System\ZGUeyWI.exe
  C:\Windows\System\ZGUeyWI.exe
  2⤵
  PID:5788
- C:\Windows\System\mchGPOd.exe
  C:\Windows\System\mchGPOd.exe
  2⤵
  PID:5888
- C:\Windows\System\whBPAbV.exe
  C:\Windows\System\whBPAbV.exe
  2⤵
  PID:5956
- C:\Windows\System\CuHnkco.exe
  C:\Windows\System\CuHnkco.exe
  2⤵
  PID:6088
- C:\Windows\System\mhErnrx.exe
  C:\Windows\System\mhErnrx.exe
  2⤵
  PID:6092
- C:\Windows\System\rEAEmdy.exe
  C:\Windows\System\rEAEmdy.exe
  2⤵
  PID:3580
- C:\Windows\System\VCsfQdS.exe
  C:\Windows\System\VCsfQdS.exe
  2⤵
  PID:3740
- C:\Windows\System\sHkURRZ.exe
  C:\Windows\System\sHkURRZ.exe
  2⤵
  PID:4156
- C:\Windows\System\zuNLiPw.exe
  C:\Windows\System\zuNLiPw.exe
  2⤵
  PID:4624
- C:\Windows\System\LPTDjQB.exe
  C:\Windows\System\LPTDjQB.exe
  2⤵
  PID:6152
- C:\Windows\System\sNbpeTd.exe
  C:\Windows\System\sNbpeTd.exe
  2⤵
  PID:6172
- C:\Windows\System\QHnKJGO.exe
  C:\Windows\System\QHnKJGO.exe
  2⤵
  PID:6192
- C:\Windows\System\GfIedSm.exe
  C:\Windows\System\GfIedSm.exe
  2⤵
  PID:6212
- C:\Windows\System\RyoVHtY.exe
  C:\Windows\System\RyoVHtY.exe
  2⤵
  PID:6232
- C:\Windows\System\TUvqVXB.exe
  C:\Windows\System\TUvqVXB.exe
  2⤵
  PID:6252
- C:\Windows\System\wzpBmPG.exe
  C:\Windows\System\wzpBmPG.exe
  2⤵
  PID:6272
- C:\Windows\System\OqiTwId.exe
  C:\Windows\System\OqiTwId.exe
  2⤵
  PID:6292
- C:\Windows\System\eSZTANU.exe
  C:\Windows\System\eSZTANU.exe
  2⤵
  PID:6312
- C:\Windows\System\UsPGsIg.exe
  C:\Windows\System\UsPGsIg.exe
  2⤵
  PID:6332
- C:\Windows\System\eKPjuaK.exe
  C:\Windows\System\eKPjuaK.exe
  2⤵
  PID:6352
- C:\Windows\System\BazJDoN.exe
  C:\Windows\System\BazJDoN.exe
  2⤵
  PID:6372
- C:\Windows\System\RDAVAUa.exe
  C:\Windows\System\RDAVAUa.exe
  2⤵
  PID:6392
- C:\Windows\System\pJkpweu.exe
  C:\Windows\System\pJkpweu.exe
  2⤵
  PID:6412
- C:\Windows\System\RLgGoFq.exe
  C:\Windows\System\RLgGoFq.exe
  2⤵
  PID:6436
- C:\Windows\System\fVpxaol.exe
  C:\Windows\System\fVpxaol.exe
  2⤵
  PID:6456
- C:\Windows\System\FbqcXFF.exe
  C:\Windows\System\FbqcXFF.exe
  2⤵
  PID:6476
- C:\Windows\System\zClJrbn.exe
  C:\Windows\System\zClJrbn.exe
  2⤵
  PID:6496
- C:\Windows\System\YKskFMC.exe
  C:\Windows\System\YKskFMC.exe
  2⤵
  PID:6516
- C:\Windows\System\GTMbVAO.exe
  C:\Windows\System\GTMbVAO.exe
  2⤵
  PID:6532
- C:\Windows\System\okYUvpx.exe
  C:\Windows\System\okYUvpx.exe
  2⤵
  PID:6556
- C:\Windows\System\dYMgYVC.exe
  C:\Windows\System\dYMgYVC.exe
  2⤵
  PID:6572
- C:\Windows\System\nwifJlN.exe
  C:\Windows\System\nwifJlN.exe
  2⤵
  PID:6588
- C:\Windows\System\RffZHbK.exe
  C:\Windows\System\RffZHbK.exe
  2⤵
  PID:6604
- C:\Windows\System\ROzmTcq.exe
  C:\Windows\System\ROzmTcq.exe
  2⤵
  PID:6620
- C:\Windows\System\FfHwMNH.exe
  C:\Windows\System\FfHwMNH.exe
  2⤵
  PID:6640
- C:\Windows\System\zicIhOm.exe
  C:\Windows\System\zicIhOm.exe
  2⤵
  PID:6660
- C:\Windows\System\YrOMbzQ.exe
  C:\Windows\System\YrOMbzQ.exe
  2⤵
  PID:6676
- C:\Windows\System\fYVBfye.exe
  C:\Windows\System\fYVBfye.exe
  2⤵
  PID:6692
- C:\Windows\System\ftLZiuK.exe
  C:\Windows\System\ftLZiuK.exe
  2⤵
  PID:6708
- C:\Windows\System\kilRXgj.exe
  C:\Windows\System\kilRXgj.exe
  2⤵
  PID:6728
- C:\Windows\System\eRYDjIc.exe
  C:\Windows\System\eRYDjIc.exe
  2⤵
  PID:6748
- C:\Windows\System\LSuYGAp.exe
  C:\Windows\System\LSuYGAp.exe
  2⤵
  PID:6764
- C:\Windows\System\mMXnTgS.exe
  C:\Windows\System\mMXnTgS.exe
  2⤵
  PID:6784
- C:\Windows\System\KalKtix.exe
  C:\Windows\System\KalKtix.exe
  2⤵
  PID:6804
- C:\Windows\System\yqsqqjY.exe
  C:\Windows\System\yqsqqjY.exe
  2⤵
  PID:6824
- C:\Windows\System\Tyvmnlt.exe
  C:\Windows\System\Tyvmnlt.exe
  2⤵
  PID:6844
- C:\Windows\System\TXOcwAd.exe
  C:\Windows\System\TXOcwAd.exe
  2⤵
  PID:6868
- C:\Windows\System\rCVulBa.exe
  C:\Windows\System\rCVulBa.exe
  2⤵
  PID:6888
- C:\Windows\System\iZIBmcy.exe
  C:\Windows\System\iZIBmcy.exe
  2⤵
  PID:6908
- C:\Windows\System\dJrhNpX.exe
  C:\Windows\System\dJrhNpX.exe
  2⤵
  PID:6928
- C:\Windows\System\OWFteGl.exe
  C:\Windows\System\OWFteGl.exe
  2⤵
  PID:6948
- C:\Windows\System\QVoixOX.exe
  C:\Windows\System\QVoixOX.exe
  2⤵
  PID:6980
- C:\Windows\System\SjjVMPv.exe
  C:\Windows\System\SjjVMPv.exe
  2⤵
  PID:7020
- C:\Windows\System\ZYKrpiP.exe
  C:\Windows\System\ZYKrpiP.exe
  2⤵
  PID:7040
- C:\Windows\System\GwaWvzY.exe
  C:\Windows\System\GwaWvzY.exe
  2⤵
  PID:7060
- C:\Windows\System\pdbvfsy.exe
  C:\Windows\System\pdbvfsy.exe
  2⤵
  PID:7080
- C:\Windows\System\wsxQGrg.exe
  C:\Windows\System\wsxQGrg.exe
  2⤵
  PID:7100
- C:\Windows\System\aTaqtmq.exe
  C:\Windows\System\aTaqtmq.exe
  2⤵
  PID:7120
- C:\Windows\System\DDMjsfY.exe
  C:\Windows\System\DDMjsfY.exe
  2⤵
  PID:7140
- C:\Windows\System\jNnkQdt.exe
  C:\Windows\System\jNnkQdt.exe
  2⤵
  PID:7160
- C:\Windows\System\dvrjNmm.exe
  C:\Windows\System\dvrjNmm.exe
  2⤵
  PID:4920
- C:\Windows\System\tWEIDLG.exe
  C:\Windows\System\tWEIDLG.exe
  2⤵
  PID:2868
- C:\Windows\System\WLhQdyX.exe
  C:\Windows\System\WLhQdyX.exe
  2⤵
  PID:5244
- C:\Windows\System\tLkhkXK.exe
  C:\Windows\System\tLkhkXK.exe
  2⤵
  PID:5312
- C:\Windows\System\ZeUBePE.exe
  C:\Windows\System\ZeUBePE.exe
  2⤵
  PID:5444
- C:\Windows\System\KFQIgBn.exe
  C:\Windows\System\KFQIgBn.exe
  2⤵
  PID:5464
- C:\Windows\System\yCVhGFo.exe
  C:\Windows\System\yCVhGFo.exe
  2⤵
  PID:5468
- C:\Windows\System\fNSefKo.exe
  C:\Windows\System\fNSefKo.exe
  2⤵
  PID:5588
- C:\Windows\System\rNYeyET.exe
  C:\Windows\System\rNYeyET.exe
  2⤵
  PID:5768
- C:\Windows\System\xFHJQwj.exe
  C:\Windows\System\xFHJQwj.exe
  2⤵
  PID:5908
- C:\Windows\System\IDlaqfE.exe
  C:\Windows\System\IDlaqfE.exe
  2⤵
  PID:5988
- C:\Windows\System\YgvchMe.exe
  C:\Windows\System\YgvchMe.exe
  2⤵
  PID:6136
- C:\Windows\System\htbASOC.exe
  C:\Windows\System\htbASOC.exe
  2⤵
  PID:3912
- C:\Windows\System\AiukKlp.exe
  C:\Windows\System\AiukKlp.exe
  2⤵
  PID:6188
- C:\Windows\System\lBnGsgr.exe
  C:\Windows\System\lBnGsgr.exe
  2⤵
  PID:6260
- C:\Windows\System\AfjkLBx.exe
  C:\Windows\System\AfjkLBx.exe
  2⤵
  PID:6304
- C:\Windows\System\eptRpBh.exe
  C:\Windows\System\eptRpBh.exe
  2⤵
  PID:6388
- C:\Windows\System\jmAZCNV.exe
  C:\Windows\System\jmAZCNV.exe
  2⤵
  PID:6464
- C:\Windows\System\aauMByo.exe
  C:\Windows\System\aauMByo.exe
  2⤵
  PID:6508
- C:\Windows\System\BdFaoLA.exe
  C:\Windows\System\BdFaoLA.exe
  2⤵
  PID:6072
- C:\Windows\System\tgBjqEc.exe
  C:\Windows\System\tgBjqEc.exe
  2⤵
  PID:3248
- C:\Windows\System\ngWJoBF.exe
  C:\Windows\System\ngWJoBF.exe
  2⤵
  PID:6168
- C:\Windows\System\eocORZz.exe
  C:\Windows\System\eocORZz.exe
  2⤵
  PID:6204
- C:\Windows\System\GrehauX.exe
  C:\Windows\System\GrehauX.exe
  2⤵
  PID:6248
- C:\Windows\System\eiXvVZa.exe
  C:\Windows\System\eiXvVZa.exe
  2⤵
  PID:6688
- C:\Windows\System\VPlYqLc.exe
  C:\Windows\System\VPlYqLc.exe
  2⤵
  PID:6288
- C:\Windows\System\gPRzNxu.exe
  C:\Windows\System\gPRzNxu.exe
  2⤵
  PID:6360
- C:\Windows\System\MpyxAFU.exe
  C:\Windows\System\MpyxAFU.exe
  2⤵
  PID:6404
- C:\Windows\System\rbWtKZQ.exe
  C:\Windows\System\rbWtKZQ.exe
  2⤵
  PID:6760
- C:\Windows\System\GaJVcTs.exe
  C:\Windows\System\GaJVcTs.exe
  2⤵
  PID:6796
- C:\Windows\System\dNGodky.exe
  C:\Windows\System\dNGodky.exe
  2⤵
  PID:6836
- C:\Windows\System\zlEFqbo.exe
  C:\Windows\System\zlEFqbo.exe
  2⤵
  PID:6876
- C:\Windows\System\ZkIUiKO.exe
  C:\Windows\System\ZkIUiKO.exe
  2⤵
  PID:6600
- C:\Windows\System\CycFpbd.exe
  C:\Windows\System\CycFpbd.exe
  2⤵
  PID:6744
- C:\Windows\System\tnFGLeI.exe
  C:\Windows\System\tnFGLeI.exe
  2⤵
  PID:6940
- C:\Windows\System\LUWQZcR.exe
  C:\Windows\System\LUWQZcR.exe
  2⤵
  PID:6900
- C:\Windows\System\JkBTBWV.exe
  C:\Windows\System\JkBTBWV.exe
  2⤵
  PID:6816
- C:\Windows\System\pjwXhkd.exe
  C:\Windows\System\pjwXhkd.exe
  2⤵
  PID:6740
- C:\Windows\System\urmMGub.exe
  C:\Windows\System\urmMGub.exe
  2⤵
  PID:6960
- C:\Windows\System\kxomFcy.exe
  C:\Windows\System\kxomFcy.exe
  2⤵
  PID:6972
- C:\Windows\System\yBcoxGq.exe
  C:\Windows\System\yBcoxGq.exe
  2⤵
  PID:7036
- C:\Windows\System\iZxgXru.exe
  C:\Windows\System\iZxgXru.exe
  2⤵
  PID:7032
- C:\Windows\System\MkHtQrT.exe
  C:\Windows\System\MkHtQrT.exe
  2⤵
  PID:7076
- C:\Windows\System\LefWaLR.exe
  C:\Windows\System\LefWaLR.exe
  2⤵
  PID:7116
- C:\Windows\System\HGmxzbG.exe
  C:\Windows\System\HGmxzbG.exe
  2⤵
  PID:7156
- C:\Windows\System\VPzJYAE.exe
  C:\Windows\System\VPzJYAE.exe
  2⤵
  PID:5172
- C:\Windows\System\shfjXfP.exe
  C:\Windows\System\shfjXfP.exe
  2⤵
  PID:5228
- C:\Windows\System\wcYkaUD.exe
  C:\Windows\System\wcYkaUD.exe
  2⤵
  PID:5204
- C:\Windows\System\aYmPyPU.exe
  C:\Windows\System\aYmPyPU.exe
  2⤵
  PID:2388
- C:\Windows\System\QRmnSkO.exe
  C:\Windows\System\QRmnSkO.exe
  2⤵
  PID:5544
- C:\Windows\System\OUSsohp.exe
  C:\Windows\System\OUSsohp.exe
  2⤵
  PID:5684
- C:\Windows\System\htHCsvP.exe
  C:\Windows\System\htHCsvP.exe
  2⤵
  PID:6056
- C:\Windows\System\eDyIntL.exe
  C:\Windows\System\eDyIntL.exe
  2⤵
  PID:4736
- C:\Windows\System\OPJduGe.exe
  C:\Windows\System\OPJduGe.exe
  2⤵
  PID:4416
- C:\Windows\System\XRJWbDx.exe
  C:\Windows\System\XRJWbDx.exe
  2⤵
  PID:6224
- C:\Windows\System\gyTyKEF.exe
  C:\Windows\System\gyTyKEF.exe
  2⤵
  PID:6380
- C:\Windows\System\xBWTMbQ.exe
  C:\Windows\System\xBWTMbQ.exe
  2⤵
  PID:6468
- C:\Windows\System\tURWVTA.exe
  C:\Windows\System\tURWVTA.exe
  2⤵
  PID:3252
- C:\Windows\System\vCmNftn.exe
  C:\Windows\System\vCmNftn.exe
  2⤵
  PID:6240
- C:\Windows\System\uGoQgIx.exe
  C:\Windows\System\uGoQgIx.exe
  2⤵
  PID:6720
- C:\Windows\System\XuBtHTD.exe
  C:\Windows\System\XuBtHTD.exe
  2⤵
  PID:6656
- C:\Windows\System\FsfjNvI.exe
  C:\Windows\System\FsfjNvI.exe
  2⤵
  PID:6792
- C:\Windows\System\CYqmgZF.exe
  C:\Windows\System\CYqmgZF.exe
  2⤵
  PID:6524
- C:\Windows\System\oXKZDPW.exe
  C:\Windows\System\oXKZDPW.exe
  2⤵
  PID:6448
- C:\Windows\System\kIoCvpg.exe
  C:\Windows\System\kIoCvpg.exe
  2⤵
  PID:6924
- C:\Windows\System\jsbPqdf.exe
  C:\Windows\System\jsbPqdf.exe
  2⤵
  PID:6596
- C:\Windows\System\WZWolkC.exe
  C:\Windows\System\WZWolkC.exe
  2⤵
  PID:6776
- C:\Windows\System\GnZhSIc.exe
  C:\Windows\System\GnZhSIc.exe
  2⤵
  PID:6904
- C:\Windows\System\ucPnPQN.exe
  C:\Windows\System\ucPnPQN.exe
  2⤵
  PID:6976
- C:\Windows\System\GWBfDKU.exe
  C:\Windows\System\GWBfDKU.exe
  2⤵
  PID:7012
- C:\Windows\System\ptESLWB.exe
  C:\Windows\System\ptESLWB.exe
  2⤵
  PID:6700
- C:\Windows\System\wXzicJO.exe
  C:\Windows\System\wXzicJO.exe
  2⤵
  PID:7016
- C:\Windows\System\HRZqQCR.exe
  C:\Windows\System\HRZqQCR.exe
  2⤵
  PID:7052
- C:\Windows\System\VKKMrfq.exe
  C:\Windows\System\VKKMrfq.exe
  2⤵
  PID:7152
- C:\Windows\System\XwECvfY.exe
  C:\Windows\System\XwECvfY.exe
  2⤵
  PID:5188
- C:\Windows\System\njpnkrN.exe
  C:\Windows\System\njpnkrN.exe
  2⤵
  PID:5688
- C:\Windows\System\sQcjqao.exe
  C:\Windows\System\sQcjqao.exe
  2⤵
  PID:5284
- C:\Windows\System\MhFrbYY.exe
  C:\Windows\System\MhFrbYY.exe
  2⤵
  PID:5548
- C:\Windows\System\ojZJacy.exe
  C:\Windows\System\ojZJacy.exe
  2⤵
  PID:4244
- C:\Windows\System\DjEmDeL.exe
  C:\Windows\System\DjEmDeL.exe
  2⤵
  PID:6432
- C:\Windows\System\aPTZjdH.exe
  C:\Windows\System\aPTZjdH.exe
  2⤵
  PID:6580
- C:\Windows\System\ncaQKUI.exe
  C:\Windows\System\ncaQKUI.exe
  2⤵
  PID:6164
- C:\Windows\System\NDuqbnZ.exe
  C:\Windows\System\NDuqbnZ.exe
  2⤵
  PID:6208
- C:\Windows\System\cZcpWQz.exe
  C:\Windows\System\cZcpWQz.exe
  2⤵
  PID:7184
- C:\Windows\System\GrAVwzL.exe
  C:\Windows\System\GrAVwzL.exe
  2⤵
  PID:7204
- C:\Windows\System\UiIsnYC.exe
  C:\Windows\System\UiIsnYC.exe
  2⤵
  PID:7224
- C:\Windows\System\GBIlRFT.exe
  C:\Windows\System\GBIlRFT.exe
  2⤵
  PID:7244
- C:\Windows\System\ywJeURb.exe
  C:\Windows\System\ywJeURb.exe
  2⤵
  PID:7264
- C:\Windows\System\bGAapYX.exe
  C:\Windows\System\bGAapYX.exe
  2⤵
  PID:7284
- C:\Windows\System\GkBJciH.exe
  C:\Windows\System\GkBJciH.exe
  2⤵
  PID:7304
- C:\Windows\System\YDQqdat.exe
  C:\Windows\System\YDQqdat.exe
  2⤵
  PID:7320
- C:\Windows\System\MgnElNA.exe
  C:\Windows\System\MgnElNA.exe
  2⤵
  PID:7336
- C:\Windows\System\JzyrbJr.exe
  C:\Windows\System\JzyrbJr.exe
  2⤵
  PID:7360
- C:\Windows\System\PgNDwim.exe
  C:\Windows\System\PgNDwim.exe
  2⤵
  PID:7376
- C:\Windows\System\qbGnrAR.exe
  C:\Windows\System\qbGnrAR.exe
  2⤵
  PID:7396
- C:\Windows\System\GtJaJYo.exe
  C:\Windows\System\GtJaJYo.exe
  2⤵
  PID:7416
- C:\Windows\System\MFSypbi.exe
  C:\Windows\System\MFSypbi.exe
  2⤵
  PID:7432
- C:\Windows\System\vuTGgVX.exe
  C:\Windows\System\vuTGgVX.exe
  2⤵
  PID:7452
- C:\Windows\System\JVmcIwl.exe
  C:\Windows\System\JVmcIwl.exe
  2⤵
  PID:7472
- C:\Windows\System\idBcNSr.exe
  C:\Windows\System\idBcNSr.exe
  2⤵
  PID:7492
- C:\Windows\System\UGaovZg.exe
  C:\Windows\System\UGaovZg.exe
  2⤵
  PID:7508
- C:\Windows\System\NApMlqM.exe
  C:\Windows\System\NApMlqM.exe
  2⤵
  PID:7528
- C:\Windows\System\BFFCfzJ.exe
  C:\Windows\System\BFFCfzJ.exe
  2⤵
  PID:7544
- C:\Windows\System\NPBfPoG.exe
  C:\Windows\System\NPBfPoG.exe
  2⤵
  PID:7560
- C:\Windows\System\VTPkqjv.exe
  C:\Windows\System\VTPkqjv.exe
  2⤵
  PID:7584
- C:\Windows\System\HItDvAI.exe
  C:\Windows\System\HItDvAI.exe
  2⤵
  PID:7604
- C:\Windows\System\RzYZQmz.exe
  C:\Windows\System\RzYZQmz.exe
  2⤵
  PID:7640
- C:\Windows\System\sAJCGec.exe
  C:\Windows\System\sAJCGec.exe
  2⤵
  PID:7664
- C:\Windows\System\NATxHet.exe
  C:\Windows\System\NATxHet.exe
  2⤵
  PID:7684
- C:\Windows\System\ZMZkcyj.exe
  C:\Windows\System\ZMZkcyj.exe
  2⤵
  PID:7704
- C:\Windows\System\EULifZg.exe
  C:\Windows\System\EULifZg.exe
  2⤵
  PID:7724
- C:\Windows\System\BxHSWLx.exe
  C:\Windows\System\BxHSWLx.exe
  2⤵
  PID:7744
- C:\Windows\System\rWFVlww.exe
  C:\Windows\System\rWFVlww.exe
  2⤵
  PID:7760
- C:\Windows\System\fyUnunR.exe
  C:\Windows\System\fyUnunR.exe
  2⤵
  PID:7784
- C:\Windows\System\xeTsTKc.exe
  C:\Windows\System\xeTsTKc.exe
  2⤵
  PID:7804
- C:\Windows\System\BewAMBw.exe
  C:\Windows\System\BewAMBw.exe
  2⤵
  PID:7824
- C:\Windows\System\UzypvCc.exe
  C:\Windows\System\UzypvCc.exe
  2⤵
  PID:7840
- C:\Windows\System\PpIvKpZ.exe
  C:\Windows\System\PpIvKpZ.exe
  2⤵
  PID:7864
- C:\Windows\System\TpZagnB.exe
  C:\Windows\System\TpZagnB.exe
  2⤵
  PID:7884
- C:\Windows\System\kLkmRHX.exe
  C:\Windows\System\kLkmRHX.exe
  2⤵
  PID:7904
- C:\Windows\System\IWJfzcU.exe
  C:\Windows\System\IWJfzcU.exe
  2⤵
  PID:7924
- C:\Windows\System\seCLGoy.exe
  C:\Windows\System\seCLGoy.exe
  2⤵
  PID:7944
- C:\Windows\System\pRPMFQi.exe
  C:\Windows\System\pRPMFQi.exe
  2⤵
  PID:7968
- C:\Windows\System\ukNUsYy.exe
  C:\Windows\System\ukNUsYy.exe
  2⤵
  PID:7988
- C:\Windows\System\AFJVgDo.exe
  C:\Windows\System\AFJVgDo.exe
  2⤵
  PID:8008
- C:\Windows\System\IIOQURq.exe
  C:\Windows\System\IIOQURq.exe
  2⤵
  PID:8024
- C:\Windows\System\EOMTAwT.exe
  C:\Windows\System\EOMTAwT.exe
  2⤵
  PID:8044
- C:\Windows\System\GAGDNfO.exe
  C:\Windows\System\GAGDNfO.exe
  2⤵
  PID:8068
- C:\Windows\System\PFSGcyd.exe
  C:\Windows\System\PFSGcyd.exe
  2⤵
  PID:8088
- C:\Windows\System\WGeNcnd.exe
  C:\Windows\System\WGeNcnd.exe
  2⤵
  PID:8108
- C:\Windows\System\azoxQjx.exe
  C:\Windows\System\azoxQjx.exe
  2⤵
  PID:8128
- C:\Windows\System\eWucXTY.exe
  C:\Windows\System\eWucXTY.exe
  2⤵
  PID:8148
- C:\Windows\System\CLBvnlj.exe
  C:\Windows\System\CLBvnlj.exe
  2⤵
  PID:8168
- C:\Windows\System\Cvvyswg.exe
  C:\Windows\System\Cvvyswg.exe
  2⤵
  PID:8188
- C:\Windows\System\XyeelbL.exe
  C:\Windows\System\XyeelbL.exe
  2⤵
  PID:6364
- C:\Windows\System\dFdySOX.exe
  C:\Windows\System\dFdySOX.exe
  2⤵
  PID:1612
- C:\Windows\System\AhbWrKR.exe
  C:\Windows\System\AhbWrKR.exe
  2⤵
  PID:6444
- C:\Windows\System\vCPVlaS.exe
  C:\Windows\System\vCPVlaS.exe
  2⤵
  PID:6628
- C:\Windows\System\iEHyatP.exe
  C:\Windows\System\iEHyatP.exe
  2⤵
  PID:6860
- C:\Windows\System\bgvMExc.exe
  C:\Windows\System\bgvMExc.exe
  2⤵
  PID:7008
- C:\Windows\System\SuJgqhw.exe
  C:\Windows\System\SuJgqhw.exe
  2⤵
  PID:4724
- C:\Windows\System\SbuRiJq.exe
  C:\Windows\System\SbuRiJq.exe
  2⤵
  PID:5584
- C:\Windows\System\IDmIEgm.exe
  C:\Windows\System\IDmIEgm.exe
  2⤵
  PID:6544
- C:\Windows\System\SaiBeUc.exe
  C:\Windows\System\SaiBeUc.exe
  2⤵
  PID:2060
- C:\Windows\System\rtHdvUA.exe
  C:\Windows\System\rtHdvUA.exe
  2⤵
  PID:6704
- C:\Windows\System\xznxBXn.exe
  C:\Windows\System\xznxBXn.exe
  2⤵
  PID:7260
- C:\Windows\System\IYztTCe.exe
  C:\Windows\System\IYztTCe.exe
  2⤵
  PID:5728
- C:\Windows\System\lPrrsbr.exe
  C:\Windows\System\lPrrsbr.exe
  2⤵
  PID:5932
- C:\Windows\System\lESRDlX.exe
  C:\Windows\System\lESRDlX.exe
  2⤵
  PID:6548
- C:\Windows\System\ybHkPwC.exe
  C:\Windows\System\ybHkPwC.exe
  2⤵
  PID:7332
- C:\Windows\System\hwbiqRk.exe
  C:\Windows\System\hwbiqRk.exe
  2⤵
  PID:7404
- C:\Windows\System\itHdxdm.exe
  C:\Windows\System\itHdxdm.exe
  2⤵
  PID:4576
- C:\Windows\System\YtGRHYC.exe
  C:\Windows\System\YtGRHYC.exe
  2⤵
  PID:7200
- C:\Windows\System\ivoSStT.exe
  C:\Windows\System\ivoSStT.exe
  2⤵
  PID:7444
- C:\Windows\System\vIoOiUn.exe
  C:\Windows\System\vIoOiUn.exe
  2⤵
  PID:7316
- C:\Windows\System\fZTZBVh.exe
  C:\Windows\System\fZTZBVh.exe
  2⤵
  PID:1740
- C:\Windows\System\NhxtIBI.exe
  C:\Windows\System\NhxtIBI.exe
  2⤵
  PID:7552
- C:\Windows\System\ESGJlfH.exe
  C:\Windows\System\ESGJlfH.exe
  2⤵
  PID:2148
- C:\Windows\System\sqNjCYl.exe
  C:\Windows\System\sqNjCYl.exe
  2⤵
  PID:1616
- C:\Windows\System\CkUkCHs.exe
  C:\Windows\System\CkUkCHs.exe
  2⤵
  PID:7500
- C:\Windows\System\oSQEnAJ.exe
  C:\Windows\System\oSQEnAJ.exe
  2⤵
  PID:7392
- C:\Windows\System\JAVJzmJ.exe
  C:\Windows\System\JAVJzmJ.exe
  2⤵
  PID:7568
- C:\Windows\System\xjBPoVy.exe
  C:\Windows\System\xjBPoVy.exe
  2⤵
  PID:2320
- C:\Windows\System\jwoOtYJ.exe
  C:\Windows\System\jwoOtYJ.exe
  2⤵
  PID:7624
- C:\Windows\System\lTJnmUp.exe
  C:\Windows\System\lTJnmUp.exe
  2⤵
  PID:7612
- C:\Windows\System\tEwyjdu.exe
  C:\Windows\System\tEwyjdu.exe
  2⤵
  PID:7680
- C:\Windows\System\aozTdEX.exe
  C:\Windows\System\aozTdEX.exe
  2⤵
  PID:7716
- C:\Windows\System\HprKXaV.exe
  C:\Windows\System\HprKXaV.exe
  2⤵
  PID:7752
- C:\Windows\System\EcQUwWX.exe
  C:\Windows\System\EcQUwWX.exe
  2⤵
  PID:7820
- C:\Windows\System\yQgwYEu.exe
  C:\Windows\System\yQgwYEu.exe
  2⤵
  PID:7848
- C:\Windows\System\LBCaSjy.exe
  C:\Windows\System\LBCaSjy.exe
  2⤵
  PID:7836
- C:\Windows\System\zruByxx.exe
  C:\Windows\System\zruByxx.exe
  2⤵
  PID:7900
- C:\Windows\System\udionlN.exe
  C:\Windows\System\udionlN.exe
  2⤵
  PID:7936
- C:\Windows\System\scJjaFB.exe
  C:\Windows\System\scJjaFB.exe
  2⤵
  PID:7976
- C:\Windows\System\Skenzvb.exe
  C:\Windows\System\Skenzvb.exe
  2⤵
  PID:7984
- C:\Windows\System\DqAyvQR.exe
  C:\Windows\System\DqAyvQR.exe
  2⤵
  PID:8064
- C:\Windows\System\nrtMeEv.exe
  C:\Windows\System\nrtMeEv.exe
  2⤵
  PID:8060
- C:\Windows\System\YgVidWd.exe
  C:\Windows\System\YgVidWd.exe
  2⤵
  PID:8104
- C:\Windows\System\UrcZUqG.exe
  C:\Windows\System\UrcZUqG.exe
  2⤵
  PID:8120
- C:\Windows\System\ooIhULr.exe
  C:\Windows\System\ooIhULr.exe
  2⤵
  PID:8180
- C:\Windows\System\EFhNcaX.exe
  C:\Windows\System\EFhNcaX.exe
  2⤵
  PID:6324
- C:\Windows\System\wCEFDua.exe
  C:\Windows\System\wCEFDua.exe
  2⤵
  PID:6880
- C:\Windows\System\QzoYBmL.exe
  C:\Windows\System\QzoYBmL.exe
  2⤵
  PID:6832
- C:\Windows\System\tcBzXAA.exe
  C:\Windows\System\tcBzXAA.exe
  2⤵
  PID:7000
- C:\Windows\System\njiaRXX.exe
  C:\Windows\System\njiaRXX.exe
  2⤵
  PID:5412
- C:\Windows\System\AmLneIo.exe
  C:\Windows\System\AmLneIo.exe
  2⤵
  PID:6348
- C:\Windows\System\WLpwmNM.exe
  C:\Windows\System\WLpwmNM.exe
  2⤵
  PID:7088
- C:\Windows\System\McZGJrr.exe
  C:\Windows\System\McZGJrr.exe
  2⤵
  PID:1512
- C:\Windows\System\gZTDxXl.exe
  C:\Windows\System\gZTDxXl.exe
  2⤵
  PID:5024
- C:\Windows\System\jYCjIoi.exe
  C:\Windows\System\jYCjIoi.exe
  2⤵
  PID:7408
- C:\Windows\System\vWZHcRi.exe
  C:\Windows\System\vWZHcRi.exe
  2⤵
  PID:6616
- C:\Windows\System\rxHaRUS.exe
  C:\Windows\System\rxHaRUS.exe
  2⤵
  PID:7236
- C:\Windows\System\CJdPfxG.exe
  C:\Windows\System\CJdPfxG.exe
  2⤵
  PID:2332
- C:\Windows\System\sbMBjoM.exe
  C:\Windows\System\sbMBjoM.exe
  2⤵
  PID:7312
- C:\Windows\System\WtLCIUn.exe
  C:\Windows\System\WtLCIUn.exe
  2⤵
  PID:7356
- C:\Windows\System\AKeiBvR.exe
  C:\Windows\System\AKeiBvR.exe
  2⤵
  PID:7536
- C:\Windows\System\UgWRAau.exe
  C:\Windows\System\UgWRAau.exe
  2⤵
  PID:7592
- C:\Windows\System\HHGOXQg.exe
  C:\Windows\System\HHGOXQg.exe
  2⤵
  PID:7656
- C:\Windows\System\DIoAbHK.exe
  C:\Windows\System\DIoAbHK.exe
  2⤵
  PID:7580
- C:\Windows\System\uGYPQwE.exe
  C:\Windows\System\uGYPQwE.exe
  2⤵
  PID:7636
- C:\Windows\System\WoeXBXV.exe
  C:\Windows\System\WoeXBXV.exe
  2⤵
  PID:2412
- C:\Windows\System\PrLiHkL.exe
  C:\Windows\System\PrLiHkL.exe
  2⤵
  PID:7792
- C:\Windows\System\iEbsDUK.exe
  C:\Windows\System\iEbsDUK.exe
  2⤵
  PID:7712
- C:\Windows\System\FSPcYMJ.exe
  C:\Windows\System\FSPcYMJ.exe
  2⤵
  PID:7832
- C:\Windows\System\OVsseXg.exe
  C:\Windows\System\OVsseXg.exe
  2⤵
  PID:7952
- C:\Windows\System\XdgJDbz.exe
  C:\Windows\System\XdgJDbz.exe
  2⤵
  PID:8056
- C:\Windows\System\ggXcewb.exe
  C:\Windows\System\ggXcewb.exe
  2⤵
  PID:8084
- C:\Windows\System\WptxOgI.exe
  C:\Windows\System\WptxOgI.exe
  2⤵
  PID:7960
- C:\Windows\System\PSbudEs.exe
  C:\Windows\System\PSbudEs.exe
  2⤵
  PID:8124
- C:\Windows\System\tAAJBZw.exe
  C:\Windows\System\tAAJBZw.exe
  2⤵
  PID:376
- C:\Windows\System\cpOZRul.exe
  C:\Windows\System\cpOZRul.exe
  2⤵
  PID:6936
- C:\Windows\System\ROBnSLs.exe
  C:\Windows\System\ROBnSLs.exe
  2⤵
  PID:7132
- C:\Windows\System\GXbtOcp.exe
  C:\Windows\System\GXbtOcp.exe
  2⤵
  PID:6820
- C:\Windows\System\bsAAKBV.exe
  C:\Windows\System\bsAAKBV.exe
  2⤵
  PID:7296
- C:\Windows\System\dxGKzEa.exe
  C:\Windows\System\dxGKzEa.exe
  2⤵
  PID:6012
- C:\Windows\System\HClwPvs.exe
  C:\Windows\System\HClwPvs.exe
  2⤵
  PID:1560
- C:\Windows\System\tYuJvCx.exe
  C:\Windows\System\tYuJvCx.exe
  2⤵
  PID:6112
- C:\Windows\System\TzWhpfN.exe
  C:\Windows\System\TzWhpfN.exe
  2⤵
  PID:2652
- C:\Windows\System\KzUqSHw.exe
  C:\Windows\System\KzUqSHw.exe
  2⤵
  PID:7672
- C:\Windows\System\kMekOoj.exe
  C:\Windows\System\kMekOoj.exe
  2⤵
  PID:7240
- C:\Windows\System\IxrEZhq.exe
  C:\Windows\System\IxrEZhq.exe
  2⤵
  PID:7520
- C:\Windows\System\uUEvpdb.exe
  C:\Windows\System\uUEvpdb.exe
  2⤵
  PID:7812
- C:\Windows\System\dfPDUkf.exe
  C:\Windows\System\dfPDUkf.exe
  2⤵
  PID:7892
- C:\Windows\System\eqvLRHr.exe
  C:\Windows\System\eqvLRHr.exe
  2⤵
  PID:8004
- C:\Windows\System\LSgTrwf.exe
  C:\Windows\System\LSgTrwf.exe
  2⤵
  PID:1484
- C:\Windows\System\ObKyBYR.exe
  C:\Windows\System\ObKyBYR.exe
  2⤵
  PID:8184
- C:\Windows\System\NRADFyd.exe
  C:\Windows\System\NRADFyd.exe
  2⤵
  PID:7880
- C:\Windows\System\uJBwdNk.exe
  C:\Windows\System\uJBwdNk.exe
  2⤵
  PID:5832
- C:\Windows\System\nxoVleL.exe
  C:\Windows\System\nxoVleL.exe
  2⤵
  PID:7068
- C:\Windows\System\OQPonue.exe
  C:\Windows\System\OQPonue.exe
  2⤵
  PID:8212
- C:\Windows\System\ZKgWPsz.exe
  C:\Windows\System\ZKgWPsz.exe
  2⤵
  PID:8228
- C:\Windows\System\ImDxZVb.exe
  C:\Windows\System\ImDxZVb.exe
  2⤵
  PID:8256
- C:\Windows\System\MFyKVGn.exe
  C:\Windows\System\MFyKVGn.exe
  2⤵
  PID:8276
- C:\Windows\System\fOWDMoO.exe
  C:\Windows\System\fOWDMoO.exe
  2⤵
  PID:8296
- C:\Windows\System\kDlTKNg.exe
  C:\Windows\System\kDlTKNg.exe
  2⤵
  PID:8312
- C:\Windows\System\JJGOlPK.exe
  C:\Windows\System\JJGOlPK.exe
  2⤵
  PID:8336
- C:\Windows\System\NeBxLwq.exe
  C:\Windows\System\NeBxLwq.exe
  2⤵
  PID:8356
- C:\Windows\System\bnRffmW.exe
  C:\Windows\System\bnRffmW.exe
  2⤵
  PID:8376
- C:\Windows\System\WWNrswf.exe
  C:\Windows\System\WWNrswf.exe
  2⤵
  PID:8396
- C:\Windows\System\UmWmzzZ.exe
  C:\Windows\System\UmWmzzZ.exe
  2⤵
  PID:8416
- C:\Windows\System\TteXudJ.exe
  C:\Windows\System\TteXudJ.exe
  2⤵
  PID:8436
- C:\Windows\System\jcdXpcG.exe
  C:\Windows\System\jcdXpcG.exe
  2⤵
  PID:8456
- C:\Windows\System\LHrjHDP.exe
  C:\Windows\System\LHrjHDP.exe
  2⤵
  PID:8476
- C:\Windows\System\cZgRscv.exe
  C:\Windows\System\cZgRscv.exe
  2⤵
  PID:8496
- C:\Windows\System\XAIMZqL.exe
  C:\Windows\System\XAIMZqL.exe
  2⤵
  PID:8516
- C:\Windows\System\CflfbsX.exe
  C:\Windows\System\CflfbsX.exe
  2⤵
  PID:8536
- C:\Windows\System\EqJiuuq.exe
  C:\Windows\System\EqJiuuq.exe
  2⤵
  PID:8556
- C:\Windows\System\pAkQauY.exe
  C:\Windows\System\pAkQauY.exe
  2⤵
  PID:8576
- C:\Windows\System\WMYvQIN.exe
  C:\Windows\System\WMYvQIN.exe
  2⤵
  PID:8592
- C:\Windows\System\rXDhjos.exe
  C:\Windows\System\rXDhjos.exe
  2⤵
  PID:8616
- C:\Windows\System\gVRdtzd.exe
  C:\Windows\System\gVRdtzd.exe
  2⤵
  PID:8636
- C:\Windows\System\MGQLKma.exe
  C:\Windows\System\MGQLKma.exe
  2⤵
  PID:8656
- C:\Windows\System\lHlIGiz.exe
  C:\Windows\System\lHlIGiz.exe
  2⤵
  PID:8676
- C:\Windows\System\nPeOnui.exe
  C:\Windows\System\nPeOnui.exe
  2⤵
  PID:8696
- C:\Windows\System\ZopyRTy.exe
  C:\Windows\System\ZopyRTy.exe
  2⤵
  PID:8712
- C:\Windows\System\Jpdxsfo.exe
  C:\Windows\System\Jpdxsfo.exe
  2⤵
  PID:8732
- C:\Windows\System\CRWUTBm.exe
  C:\Windows\System\CRWUTBm.exe
  2⤵
  PID:8748
- C:\Windows\System\PtVQeRQ.exe
  C:\Windows\System\PtVQeRQ.exe
  2⤵
  PID:8764
- C:\Windows\System\mrPELbo.exe
  C:\Windows\System\mrPELbo.exe
  2⤵
  PID:8780
- C:\Windows\System\IHhnQuf.exe
  C:\Windows\System\IHhnQuf.exe
  2⤵
  PID:8796
- C:\Windows\System\IjnCRmr.exe
  C:\Windows\System\IjnCRmr.exe
  2⤵
  PID:8812
- C:\Windows\System\DPLroyS.exe
  C:\Windows\System\DPLroyS.exe
  2⤵
  PID:8828
- C:\Windows\System\igsltUm.exe
  C:\Windows\System\igsltUm.exe
  2⤵
  PID:8844
- C:\Windows\System\EAsYrYg.exe
  C:\Windows\System\EAsYrYg.exe
  2⤵
  PID:8860
- C:\Windows\System\PLPglXk.exe
  C:\Windows\System\PLPglXk.exe
  2⤵
  PID:8876
- C:\Windows\System\xqrtWNq.exe
  C:\Windows\System\xqrtWNq.exe
  2⤵
  PID:8892
- C:\Windows\System\aIRJKVg.exe
  C:\Windows\System\aIRJKVg.exe
  2⤵
  PID:8908
- C:\Windows\System\WuruHKz.exe
  C:\Windows\System\WuruHKz.exe
  2⤵
  PID:8924
- C:\Windows\System\ohvniaO.exe
  C:\Windows\System\ohvniaO.exe
  2⤵
  PID:8940
- C:\Windows\System\YaHBeuY.exe
  C:\Windows\System\YaHBeuY.exe
  2⤵
  PID:8956
- C:\Windows\System\FHHsdTq.exe
  C:\Windows\System\FHHsdTq.exe
  2⤵
  PID:8976
- C:\Windows\System\mbStZdI.exe
  C:\Windows\System\mbStZdI.exe
  2⤵
  PID:8992
- C:\Windows\System\oLFbxuw.exe
  C:\Windows\System\oLFbxuw.exe
  2⤵
  PID:9008
- C:\Windows\System\nrLkhPV.exe
  C:\Windows\System\nrLkhPV.exe
  2⤵
  PID:9024
- C:\Windows\System\fZhBdQI.exe
  C:\Windows\System\fZhBdQI.exe
  2⤵
  PID:9048
- C:\Windows\System\aTdDsCO.exe
  C:\Windows\System\aTdDsCO.exe
  2⤵
  PID:9076
- C:\Windows\System\iLUexyz.exe
  C:\Windows\System\iLUexyz.exe
  2⤵
  PID:9092
- C:\Windows\System\FZBtbwz.exe
  C:\Windows\System\FZBtbwz.exe
  2⤵
  PID:9112
- C:\Windows\System\MHzooXd.exe
  C:\Windows\System\MHzooXd.exe
  2⤵
  PID:9128
- C:\Windows\System\bacjgya.exe
  C:\Windows\System\bacjgya.exe
  2⤵
  PID:9152
- C:\Windows\System\rPGWqGK.exe
  C:\Windows\System\rPGWqGK.exe
  2⤵
  PID:8164
- C:\Windows\System\rZkvbwr.exe
  C:\Windows\System\rZkvbwr.exe
  2⤵
  PID:7700
- C:\Windows\System\ibCvfBJ.exe
  C:\Windows\System\ibCvfBJ.exe
  2⤵
  PID:7484
- C:\Windows\System\ThVuLnD.exe
  C:\Windows\System\ThVuLnD.exe
  2⤵
  PID:7540
- C:\Windows\System\sypjqAd.exe
  C:\Windows\System\sypjqAd.exe
  2⤵
  PID:7348
- C:\Windows\System\HygCPpz.exe
  C:\Windows\System\HygCPpz.exe
  2⤵
  PID:7576
- C:\Windows\System\Yhhdyfq.exe
  C:\Windows\System\Yhhdyfq.exe
  2⤵
  PID:8080
- C:\Windows\System\hJwjiVd.exe
  C:\Windows\System\hJwjiVd.exe
  2⤵
  PID:6964
- C:\Windows\System\nedLsth.exe
  C:\Windows\System\nedLsth.exe
  2⤵
  PID:8240
- C:\Windows\System\lYneMpS.exe
  C:\Windows\System\lYneMpS.exe
  2⤵
  PID:2244
- C:\Windows\System\qyNbRRg.exe
  C:\Windows\System\qyNbRRg.exe
  2⤵
  PID:8332
- C:\Windows\System\jXebhKh.exe
  C:\Windows\System\jXebhKh.exe
  2⤵
  PID:8372
- C:\Windows\System\oISZMgG.exe
  C:\Windows\System\oISZMgG.exe
  2⤵
  PID:8392
- C:\Windows\System\PPgzuMy.exe
  C:\Windows\System\PPgzuMy.exe
  2⤵
  PID:8408
- C:\Windows\System\qooAhgz.exe
  C:\Windows\System\qooAhgz.exe
  2⤵
  PID:1912
- C:\Windows\System\ODzFlVp.exe
  C:\Windows\System\ODzFlVp.exe
  2⤵
  PID:8488
- C:\Windows\System\nVhPkEF.exe
  C:\Windows\System\nVhPkEF.exe
  2⤵
  PID:8472
- C:\Windows\System\aZnCNQb.exe
  C:\Windows\System\aZnCNQb.exe
  2⤵
  PID:8512
- C:\Windows\System\OARtwRd.exe
  C:\Windows\System\OARtwRd.exe
  2⤵
  PID:8564
- C:\Windows\System\EnpSBcU.exe
  C:\Windows\System\EnpSBcU.exe
  2⤵
  PID:8608
- C:\Windows\System\CaUBbGw.exe
  C:\Windows\System\CaUBbGw.exe
  2⤵
  PID:8548
- C:\Windows\System\iCfDpIS.exe
  C:\Windows\System\iCfDpIS.exe
  2⤵
  PID:8652
- C:\Windows\System\wOCWsFA.exe
  C:\Windows\System\wOCWsFA.exe
  2⤵
  PID:8632
- C:\Windows\System\KjdqBbE.exe
  C:\Windows\System\KjdqBbE.exe
  2⤵
  PID:8672
- C:\Windows\System\opwiDLS.exe
  C:\Windows\System\opwiDLS.exe
  2⤵
  PID:8688
- C:\Windows\System\JNErxmM.exe
  C:\Windows\System\JNErxmM.exe
  2⤵
  PID:8756
- C:\Windows\System\HXHOJyE.exe
  C:\Windows\System\HXHOJyE.exe
  2⤵
  PID:8744
- C:\Windows\System\LGmQgBI.exe
  C:\Windows\System\LGmQgBI.exe
  2⤵
  PID:8824
- C:\Windows\System\vVmliqF.exe
  C:\Windows\System\vVmliqF.exe
  2⤵
  PID:8808
- C:\Windows\System\wnDqBUT.exe
  C:\Windows\System\wnDqBUT.exe
  2⤵
  PID:8884
- C:\Windows\System\iUCRvgW.exe
  C:\Windows\System\iUCRvgW.exe
  2⤵
  PID:8872
- C:\Windows\System\VsgyEKH.exe
  C:\Windows\System\VsgyEKH.exe
  2⤵
  PID:8900
- C:\Windows\System\WVMoxvu.exe
  C:\Windows\System\WVMoxvu.exe
  2⤵
  PID:8952
- C:\Windows\System\wCVCnTh.exe
  C:\Windows\System\wCVCnTh.exe
  2⤵
  PID:8968
- C:\Windows\System\KyRWRMN.exe
  C:\Windows\System\KyRWRMN.exe
  2⤵
  PID:9004
- C:\Windows\System\GRSazNm.exe
  C:\Windows\System\GRSazNm.exe
  2⤵
  PID:9064
- C:\Windows\System\xXOUPxD.exe
  C:\Windows\System\xXOUPxD.exe
  2⤵
  PID:9040
- C:\Windows\System\mXIpgIV.exe
  C:\Windows\System\mXIpgIV.exe
  2⤵
  PID:9088
- C:\Windows\System\VHAHFEL.exe
  C:\Windows\System\VHAHFEL.exe
  2⤵
  PID:9124
- C:\Windows\System\vdoYIke.exe
  C:\Windows\System\vdoYIke.exe
  2⤵
  PID:9148
- C:\Windows\System\tJDKyvl.exe
  C:\Windows\System\tJDKyvl.exe
  2⤵
  PID:9176
- C:\Windows\System\BJZtRuu.exe
  C:\Windows\System\BJZtRuu.exe
  2⤵
  PID:9188
- C:\Windows\System\fgNvsfI.exe
  C:\Windows\System\fgNvsfI.exe
  2⤵
  PID:9200
- C:\Windows\System\eyzquhW.exe
  C:\Windows\System\eyzquhW.exe
  2⤵
  PID:6424
- C:\Windows\System\mLCuSVw.exe
  C:\Windows\System\mLCuSVw.exe
  2⤵
  PID:8040
- C:\Windows\System\sWQNkJb.exe
  C:\Windows\System\sWQNkJb.exe
  2⤵
  PID:2640
- C:\Windows\System\mWcAUfr.exe
  C:\Windows\System\mWcAUfr.exe
  2⤵
  PID:8160
- C:\Windows\System\xYRWwJn.exe
  C:\Windows\System\xYRWwJn.exe
  2⤵
  PID:7292
- C:\Windows\System\MdUTzQG.exe
  C:\Windows\System\MdUTzQG.exe
  2⤵
  PID:2996
- C:\Windows\System\WitudTt.exe
  C:\Windows\System\WitudTt.exe
  2⤵
  PID:2948
- C:\Windows\System\BfsAoEA.exe
  C:\Windows\System\BfsAoEA.exe
  2⤵
  PID:1824
- C:\Windows\System\MsSkXHW.exe
  C:\Windows\System\MsSkXHW.exe
  2⤵
  PID:1964
- C:\Windows\System\EssUmEh.exe
  C:\Windows\System\EssUmEh.exe
  2⤵
  PID:2952
- C:\Windows\System\WrkeboT.exe
  C:\Windows\System\WrkeboT.exe
  2⤵
  PID:2116
- C:\Windows\System\IseiTqa.exe
  C:\Windows\System\IseiTqa.exe
  2⤵
  PID:2336
- C:\Windows\System\mxXmKUS.exe
  C:\Windows\System\mxXmKUS.exe
  2⤵
  PID:2120
- C:\Windows\System\gYAhvVD.exe
  C:\Windows\System\gYAhvVD.exe
  2⤵
  PID:8524
- C:\Windows\System\UXKtlco.exe
  C:\Windows\System\UXKtlco.exe
  2⤵
  PID:8644
- C:\Windows\System\SNmJjHG.exe
  C:\Windows\System\SNmJjHG.exe
  2⤵
  PID:8788
- C:\Windows\System\qChIeJC.exe
  C:\Windows\System\qChIeJC.exe
  2⤵
  PID:8428
- C:\Windows\System\jArXwnD.exe
  C:\Windows\System\jArXwnD.exe
  2⤵
  PID:8432
- C:\Windows\System\XhUTeBh.exe
  C:\Windows\System\XhUTeBh.exe
  2⤵
  PID:8692
- C:\Windows\System\FfXFqyO.exe
  C:\Windows\System\FfXFqyO.exe
  2⤵
  PID:8532
- C:\Windows\System\kJcfHfa.exe
  C:\Windows\System\kJcfHfa.exe
  2⤵
  PID:8792
- C:\Windows\System\ctcUefv.exe
  C:\Windows\System\ctcUefv.exe
  2⤵
  PID:1924
- C:\Windows\System\VVknOFr.exe
  C:\Windows\System\VVknOFr.exe
  2⤵
  PID:8776
- C:\Windows\System\KqVFXId.exe
  C:\Windows\System\KqVFXId.exe
  2⤵
  PID:8932
- C:\Windows\System\YvKPwNn.exe
  C:\Windows\System\YvKPwNn.exe
  2⤵
  PID:9100
- C:\Windows\System\nIBIXfV.exe
  C:\Windows\System\nIBIXfV.exe
  2⤵
  PID:9104
- C:\Windows\System\wjQKPnp.exe
  C:\Windows\System\wjQKPnp.exe
  2⤵
  PID:9164
- C:\Windows\System\MRWFdGa.exe
  C:\Windows\System\MRWFdGa.exe
  2⤵
  PID:7232
- C:\Windows\System\tLOXlML.exe
  C:\Windows\System\tLOXlML.exe
  2⤵
  PID:8136
- C:\Windows\System\Ghnvgoh.exe
  C:\Windows\System\Ghnvgoh.exe
  2⤵
  PID:2760
- C:\Windows\System\WzWxfFY.exe
  C:\Windows\System\WzWxfFY.exe
  2⤵
  PID:9212
- C:\Windows\System\arzIjOi.exe
  C:\Windows\System\arzIjOi.exe
  2⤵
  PID:7440
- C:\Windows\System\WPlqFDf.exe
  C:\Windows\System\WPlqFDf.exe
  2⤵
  PID:5996
- C:\Windows\System\YFbhHym.exe
  C:\Windows\System\YFbhHym.exe
  2⤵
  PID:1996
- C:\Windows\System\rLejOZF.exe
  C:\Windows\System\rLejOZF.exe
  2⤵
  PID:1780
- C:\Windows\System\thbNQIZ.exe
  C:\Windows\System\thbNQIZ.exe
  2⤵
  PID:2572
- C:\Windows\System\DEVxbwR.exe
  C:\Windows\System\DEVxbwR.exe
  2⤵
  PID:1180
- C:\Windows\System\yBhexoX.exe
  C:\Windows\System\yBhexoX.exe
  2⤵
  PID:2968
- C:\Windows\System\AvbHpjh.exe
  C:\Windows\System\AvbHpjh.exe
  2⤵
  PID:2340
- C:\Windows\System\slWUBGG.exe
  C:\Windows\System\slWUBGG.exe
  2⤵
  PID:1948
- C:\Windows\System\CUMIZmA.exe
  C:\Windows\System\CUMIZmA.exe
  2⤵
  PID:676
- C:\Windows\System\NztMTPE.exe
  C:\Windows\System\NztMTPE.exe
  2⤵
  PID:8208
- C:\Windows\System\yVWAJQZ.exe
  C:\Windows\System\yVWAJQZ.exe
  2⤵
  PID:8272
- C:\Windows\System\gjCXdyu.exe
  C:\Windows\System\gjCXdyu.exe
  2⤵
  PID:8364
- C:\Windows\System\YClfZpi.exe
  C:\Windows\System\YClfZpi.exe
  2⤵
  PID:8492
- C:\Windows\System\ZSwfKfK.exe
  C:\Windows\System\ZSwfKfK.exe
  2⤵
  PID:8628
- C:\Windows\System\kQmmxPo.exe
  C:\Windows\System\kQmmxPo.exe
  2⤵
  PID:8604
- C:\Windows\System\mLExoen.exe
  C:\Windows\System\mLExoen.exe
  2⤵
  PID:8984
- C:\Windows\System\fGnpBdW.exe
  C:\Windows\System\fGnpBdW.exe
  2⤵
  PID:8868
- C:\Windows\System\ugPNjlz.exe
  C:\Windows\System\ugPNjlz.exe
  2⤵
  PID:8920
- C:\Windows\System\GjOydWl.exe
  C:\Windows\System\GjOydWl.exe
  2⤵
  PID:8888
- C:\Windows\System\SuCoEfT.exe
  C:\Windows\System\SuCoEfT.exe
  2⤵
  PID:7384
- C:\Windows\System\CrtUUAR.exe
  C:\Windows\System\CrtUUAR.exe
  2⤵
  PID:8804
- C:\Windows\System\JpAtNXu.exe
  C:\Windows\System\JpAtNXu.exe
  2⤵
  PID:3500
- C:\Windows\System\fuThcqM.exe
  C:\Windows\System\fuThcqM.exe
  2⤵
  PID:8252
- C:\Windows\System\XTXcUBc.exe
  C:\Windows\System\XTXcUBc.exe
  2⤵
  PID:8412
- C:\Windows\System\GCfVwbK.exe
  C:\Windows\System\GCfVwbK.exe
  2⤵
  PID:8324
- C:\Windows\System\aZmXMQg.exe
  C:\Windows\System\aZmXMQg.exe
  2⤵
  PID:8684
- C:\Windows\System\WRINftT.exe
  C:\Windows\System\WRINftT.exe
  2⤵
  PID:2904
- C:\Windows\System\HQmTydO.exe
  C:\Windows\System\HQmTydO.exe
  2⤵
  PID:9168
- C:\Windows\System\RRspWOD.exe
  C:\Windows\System\RRspWOD.exe
  2⤵
  PID:8464
- C:\Windows\System\NkOlXPz.exe
  C:\Windows\System\NkOlXPz.exe
  2⤵
  PID:1192
- C:\Windows\System\NDUKIKZ.exe
  C:\Windows\System\NDUKIKZ.exe
  2⤵
  PID:2808
- C:\Windows\System\TcPGjwE.exe
  C:\Windows\System\TcPGjwE.exe
  2⤵
  PID:2596
- C:\Windows\System\GXQHorL.exe
  C:\Windows\System\GXQHorL.exe
  2⤵
  PID:1728
- C:\Windows\System\qdBNHRX.exe
  C:\Windows\System\qdBNHRX.exe
  2⤵
  PID:9144
- C:\Windows\System\dhzeVSs.exe
  C:\Windows\System\dhzeVSs.exe
  2⤵
  PID:1540
- C:\Windows\System\IRneyjx.exe
  C:\Windows\System\IRneyjx.exe
  2⤵
  PID:8444
- C:\Windows\System\vBbdjFs.exe
  C:\Windows\System\vBbdjFs.exe
  2⤵
  PID:8348
- C:\Windows\System\OzzVXaf.exe
  C:\Windows\System\OzzVXaf.exe
  2⤵
  PID:9196
- C:\Windows\System\wsnzbIy.exe
  C:\Windows\System\wsnzbIy.exe
  2⤵
  PID:6008
- C:\Windows\System\JOAvjsU.exe
  C:\Windows\System\JOAvjsU.exe
  2⤵
  PID:1392
- C:\Windows\System\NDwjgYy.exe
  C:\Windows\System\NDwjgYy.exe
  2⤵
  PID:6652
- C:\Windows\System\GgZZGdB.exe
  C:\Windows\System\GgZZGdB.exe
  2⤵
  PID:2804
- C:\Windows\System\LwRHPOm.exe
  C:\Windows\System\LwRHPOm.exe
  2⤵
  PID:9172
- C:\Windows\System\RyIKWFu.exe
  C:\Windows\System\RyIKWFu.exe
  2⤵
  PID:9240
- C:\Windows\System\qvWDpxo.exe
  C:\Windows\System\qvWDpxo.exe
  2⤵
  PID:9256
- C:\Windows\System\ZoMIUeM.exe
  C:\Windows\System\ZoMIUeM.exe
  2⤵
  PID:9272
- C:\Windows\System\KdoRlyY.exe
  C:\Windows\System\KdoRlyY.exe
  2⤵
  PID:9296
- C:\Windows\System\mJPHcJr.exe
  C:\Windows\System\mJPHcJr.exe
  2⤵
  PID:9320
- C:\Windows\System\smYFMHf.exe
  C:\Windows\System\smYFMHf.exe
  2⤵
  PID:9340
- C:\Windows\System\PIRmTJc.exe
  C:\Windows\System\PIRmTJc.exe
  2⤵
  PID:9356
- C:\Windows\System\kpURPvl.exe
  C:\Windows\System\kpURPvl.exe
  2⤵
  PID:9380
- C:\Windows\System\sJPNzYw.exe
  C:\Windows\System\sJPNzYw.exe
  2⤵
  PID:9396
- C:\Windows\System\dtGcYGO.exe
  C:\Windows\System\dtGcYGO.exe
  2⤵
  PID:9420
- C:\Windows\System\JPPOtGn.exe
  C:\Windows\System\JPPOtGn.exe
  2⤵
  PID:9436
- C:\Windows\System\RuIaFyA.exe
  C:\Windows\System\RuIaFyA.exe
  2⤵
  PID:9456
- C:\Windows\System\iJlnlcb.exe
  C:\Windows\System\iJlnlcb.exe
  2⤵
  PID:9480
- C:\Windows\System\waDnFTY.exe
  C:\Windows\System\waDnFTY.exe
  2⤵
  PID:9500
- C:\Windows\System\fZRcJpL.exe
  C:\Windows\System\fZRcJpL.exe
  2⤵
  PID:9516
- C:\Windows\System\GTKDxGu.exe
  C:\Windows\System\GTKDxGu.exe
  2⤵
  PID:9532
- C:\Windows\System\PLJBLwv.exe
  C:\Windows\System\PLJBLwv.exe
  2⤵
  PID:9552
- C:\Windows\System\FclrnNb.exe
  C:\Windows\System\FclrnNb.exe
  2⤵
  PID:9572
- C:\Windows\System\GkPcuMp.exe
  C:\Windows\System\GkPcuMp.exe
  2⤵
  PID:9588
- C:\Windows\System\hzFvOdz.exe
  C:\Windows\System\hzFvOdz.exe
  2⤵
  PID:9604
- C:\Windows\System\DzOdzVW.exe
  C:\Windows\System\DzOdzVW.exe
  2⤵
  PID:9620
- C:\Windows\System\XdQbuzm.exe
  C:\Windows\System\XdQbuzm.exe
  2⤵
  PID:9636
- C:\Windows\System\pEjWubT.exe
  C:\Windows\System\pEjWubT.exe
  2⤵
  PID:9660
- C:\Windows\System\AdBvVaQ.exe
  C:\Windows\System\AdBvVaQ.exe
  2⤵
  PID:9680
- C:\Windows\System\jrSUGLk.exe
  C:\Windows\System\jrSUGLk.exe
  2⤵
  PID:9700
- C:\Windows\System\VMwOQAV.exe
  C:\Windows\System\VMwOQAV.exe
  2⤵
  PID:9716
- C:\Windows\System\OBGNERP.exe
  C:\Windows\System\OBGNERP.exe
  2⤵
  PID:9732
- C:\Windows\System\TBuiWac.exe
  C:\Windows\System\TBuiWac.exe
  2⤵
  PID:9752
- C:\Windows\System\uCUYTNV.exe
  C:\Windows\System\uCUYTNV.exe
  2⤵
  PID:9768
- C:\Windows\System\iiFpSXJ.exe
  C:\Windows\System\iiFpSXJ.exe
  2⤵
  PID:9784
- C:\Windows\System\SyJiLpw.exe
  C:\Windows\System\SyJiLpw.exe
  2⤵
  PID:9844
- C:\Windows\System\WMiyIGH.exe
  C:\Windows\System\WMiyIGH.exe
  2⤵
  PID:9860
- C:\Windows\System\rOeDKzO.exe
  C:\Windows\System\rOeDKzO.exe
  2⤵
  PID:9876
- C:\Windows\System\OKKpjoj.exe
  C:\Windows\System\OKKpjoj.exe
  2⤵
  PID:9896
- C:\Windows\System\JaYcMlp.exe
  C:\Windows\System\JaYcMlp.exe
  2⤵
  PID:9916
- C:\Windows\System\mZQXtQg.exe
  C:\Windows\System\mZQXtQg.exe
  2⤵
  PID:9936
- C:\Windows\System\WPHAmsS.exe
  C:\Windows\System\WPHAmsS.exe
  2⤵
  PID:9952
- C:\Windows\System\ivEsxdR.exe
  C:\Windows\System\ivEsxdR.exe
  2⤵
  PID:9972
- C:\Windows\System\vszTMcC.exe
  C:\Windows\System\vszTMcC.exe
  2⤵
  PID:9988
- C:\Windows\System\nXiDPVP.exe
  C:\Windows\System\nXiDPVP.exe
  2⤵
  PID:10008
- C:\Windows\System\IjZBqBF.exe
  C:\Windows\System\IjZBqBF.exe
  2⤵
  PID:10024
- C:\Windows\System\bmHrWcO.exe
  C:\Windows\System\bmHrWcO.exe
  2⤵
  PID:10040
- C:\Windows\System\lURoGUG.exe
  C:\Windows\System\lURoGUG.exe
  2⤵
  PID:10056
- C:\Windows\System\AURENFD.exe
  C:\Windows\System\AURENFD.exe
  2⤵
  PID:10072
- C:\Windows\System\pYFylte.exe
  C:\Windows\System\pYFylte.exe
  2⤵
  PID:10088
- C:\Windows\System\wQfVVZJ.exe
  C:\Windows\System\wQfVVZJ.exe
  2⤵
  PID:10104
- C:\Windows\System\yYpICqC.exe
  C:\Windows\System\yYpICqC.exe
  2⤵
  PID:10120
- C:\Windows\System\RUoWAfI.exe
  C:\Windows\System\RUoWAfI.exe
  2⤵
  PID:10136
- C:\Windows\System\PmjmixB.exe
  C:\Windows\System\PmjmixB.exe
  2⤵
  PID:10152
- C:\Windows\System\rwiiziP.exe
  C:\Windows\System\rwiiziP.exe
  2⤵
  PID:10168
- C:\Windows\System\djWMqsw.exe
  C:\Windows\System\djWMqsw.exe
  2⤵
  PID:10188
- C:\Windows\System\vGKozak.exe
  C:\Windows\System\vGKozak.exe
  2⤵
  PID:10216
- C:\Windows\System\MRTqosi.exe
  C:\Windows\System\MRTqosi.exe
  2⤵
  PID:796
- C:\Windows\System\pxBoTxs.exe
  C:\Windows\System\pxBoTxs.exe
  2⤵
  PID:9268
- C:\Windows\System\cVbqEAm.exe
  C:\Windows\System\cVbqEAm.exe
  2⤵
  PID:9316
- C:\Windows\System\KEeVRNs.exe
  C:\Windows\System\KEeVRNs.exe
  2⤵
  PID:9332
- C:\Windows\System\RCBjEuR.exe
  C:\Windows\System\RCBjEuR.exe
  2⤵
  PID:9368
- C:\Windows\System\VZjQBRO.exe
  C:\Windows\System\VZjQBRO.exe
  2⤵
  PID:9392
- C:\Windows\System\fYmtFKj.exe
  C:\Windows\System\fYmtFKj.exe
  2⤵
  PID:9408
- C:\Windows\System\djEBKEL.exe
  C:\Windows\System\djEBKEL.exe
  2⤵
  PID:9428
- C:\Windows\System\JdoaRaM.exe
  C:\Windows\System\JdoaRaM.exe
  2⤵
  PID:9472
- C:\Windows\System\AItqcJQ.exe
  C:\Windows\System\AItqcJQ.exe
  2⤵
  PID:9524
- C:\Windows\System\etVvfyy.exe
  C:\Windows\System\etVvfyy.exe
  2⤵
  PID:9508
- C:\Windows\System\VsgJBbU.exe
  C:\Windows\System\VsgJBbU.exe
  2⤵
  PID:9548
- C:\Windows\System\taRewbw.exe
  C:\Windows\System\taRewbw.exe
  2⤵
  PID:9628
- C:\Windows\System\moGJCLk.exe
  C:\Windows\System\moGJCLk.exe
  2⤵
  PID:9748
- C:\Windows\System\astDrch.exe
  C:\Windows\System\astDrch.exe
  2⤵
  PID:9688
- C:\Windows\System\jxdDJql.exe
  C:\Windows\System\jxdDJql.exe
  2⤵
  PID:9820
- C:\Windows\System\usqRejD.exe
  C:\Windows\System\usqRejD.exe
  2⤵
  PID:9696
- C:\Windows\System\LgaAbpQ.exe
  C:\Windows\System\LgaAbpQ.exe
  2⤵
  PID:9856
- C:\Windows\System\RxnMmpK.exe
  C:\Windows\System\RxnMmpK.exe
  2⤵
  PID:9892
- C:\Windows\System\SNBoqvE.exe
  C:\Windows\System\SNBoqvE.exe
  2⤵
  PID:9808
- C:\Windows\System\xsajxWW.exe
  C:\Windows\System\xsajxWW.exe
  2⤵
  PID:9964
- C:\Windows\System\dYNOfax.exe
  C:\Windows\System\dYNOfax.exe
  2⤵
  PID:9904
- C:\Windows\System\PxHERWC.exe
  C:\Windows\System\PxHERWC.exe
  2⤵
  PID:10000
- C:\Windows\System\rdmbkrm.exe
  C:\Windows\System\rdmbkrm.exe
  2⤵
  PID:10036
- C:\Windows\System\GjamdHl.exe
  C:\Windows\System\GjamdHl.exe
  2⤵
  PID:10064
- C:\Windows\System\ZrzZPtH.exe
  C:\Windows\System\ZrzZPtH.exe
  2⤵
  PID:10052
- C:\Windows\System\uvAKaLl.exe
  C:\Windows\System\uvAKaLl.exe
  2⤵
  PID:10132
- C:\Windows\System\wPdARPP.exe
  C:\Windows\System\wPdARPP.exe
  2⤵
  PID:10164
- C:\Windows\System\JOoPWuZ.exe
  C:\Windows\System\JOoPWuZ.exe
  2⤵
  PID:10176
- C:\Windows\System\VZJxKoe.exe
  C:\Windows\System\VZJxKoe.exe
  2⤵
  PID:10204
- C:\Windows\System\eLDNTuj.exe
  C:\Windows\System\eLDNTuj.exe
  2⤵
  PID:10212
- C:\Windows\System\WVbrGRk.exe
  C:\Windows\System\WVbrGRk.exe
  2⤵
  PID:10232
- C:\Windows\System\EwCztFv.exe
  C:\Windows\System\EwCztFv.exe
  2⤵
  PID:876
- C:\Windows\System\nQGmunW.exe
  C:\Windows\System\nQGmunW.exe
  2⤵
  PID:9280
- C:\Windows\System\EsbTxnl.exe
  C:\Windows\System\EsbTxnl.exe
  2⤵
  PID:1000
- C:\Windows\System\VIBUJyJ.exe
  C:\Windows\System\VIBUJyJ.exe
  2⤵
  PID:9348
- C:\Windows\System\OKzShKQ.exe
  C:\Windows\System\OKzShKQ.exe
  2⤵
  PID:9492
- C:\Windows\System\rcUEDdn.exe
  C:\Windows\System\rcUEDdn.exe
  2⤵
  PID:9600
- C:\Windows\System\uZktlwv.exe
  C:\Windows\System\uZktlwv.exe
  2⤵
  PID:9672
- C:\Windows\System\pWhAHUo.exe
  C:\Windows\System\pWhAHUo.exe
  2⤵
  PID:9452
- C:\Windows\System\QeYLIeY.exe
  C:\Windows\System\QeYLIeY.exe
  2⤵
  PID:9760
- C:\Windows\System\ABiBqTz.exe
  C:\Windows\System\ABiBqTz.exe
  2⤵
  PID:9832
- C:\Windows\System\GyNaAeu.exe
  C:\Windows\System\GyNaAeu.exe
  2⤵
  PID:9652
- C:\Windows\System\NGnghdJ.exe
  C:\Windows\System\NGnghdJ.exe
  2⤵
  PID:9828
- C:\Windows\System\kHwyiXG.exe
  C:\Windows\System\kHwyiXG.exe
  2⤵
  PID:9796
- C:\Windows\System\EddYrZn.exe
  C:\Windows\System\EddYrZn.exe
  2⤵
  PID:10100
- C:\Windows\System\ixKlYgA.exe
  C:\Windows\System\ixKlYgA.exe
  2⤵
  PID:10080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\AMCENFA.exe

Filesize
6.0MB

MD5
891e0ec2b01ce525127eb0d0e7ed8743

SHA1
df0107902d06e472677014a6e0e006ea88806dff

SHA256
9193ad91e27cc0564ddcd141c38642e7701b2169da4dbcb1087ebd8a32168d99

SHA512
6607784284a59a44a528991bdc96716e85ca0979288134799f5b0f4940210a93e393d6b21241195ca8108f0e04013eac33fc48e9ab3fb55c38e952d19d0d90aa

Download Submit
C:\Windows\system\BJIPNpK.exe

Filesize
6.0MB

MD5
61454501b59c40875aaeb2823384e017

SHA1
88c9acb3f80d0dd00fc4e8e6972bd2b285b893ce

SHA256
899b14cf18b03e31c9d7b2bb950f187161e41bc31fa607c50739acd0b9090d49

SHA512
46f9d0d822b1fe35ae6a10ceb054c5c9b26215a7791748bd16630e2ec24e5bf08b5ce775e4e4aa8dfa5fb0d48abbdb491137aead3a629491b576691fc3b9a343

Download Submit
C:\Windows\system\FnHzxos.exe

Filesize
6.0MB

MD5
35ddcf591f3a3fb4663914a21e94de3f

SHA1
4a383b2c4cc587d2eeca0f8126bd757c6049c0de

SHA256
6bd48dffe45b0508d640ba45e095f3085831e4108ff61d66129a41efa6de1579

SHA512
dc1ae66452baac37da922a8cfbe99b9b5ea10041146a1e3c2a82805e224657c1c89039f7dbf46aa76dd0c5e1c0e6122ed01f51dd9ab866cf68680d29741a5f23

Download Submit
C:\Windows\system\HXdsknz.exe

Filesize
6.0MB

MD5
86d2d07db932a6ac3db3a51fcf904a78

SHA1
4bc5a2b251f954bf2134e5a699f8e0d2651d9a0f

SHA256
c894c74cbbd5a19c274de94764d610bb4f15cd6222a9cad719925a15220fc803

SHA512
5eb745743f4581f96d5b3f429b77a58da1d171f4eb25908df81bcbf90222ad25fefcf0042a0c337fe224a2b485c4e3fb0c93dddc8ad10aadfa7e9af80eba4dc6

Download Submit
C:\Windows\system\IjiSLXg.exe

Filesize
6.0MB

MD5
b8bd4a15a59a9c5f94a6e270b1a12423

SHA1
f1a44a6116ca0b66cbaa34e3627c424032ac54ed

SHA256
b8cc5ed5098e513b41c4b137bc3252ae40ab45fb75fbe66342c571eadac26f03

SHA512
a166e39cebc30f4c768d7f674642ccf282f9fce4ab6651f3e6b98b04e25e9a2f6b1664742384fb7a45f9788f9904eb634bc4e8b2e0e02de7b707366411824112

Download Submit
C:\Windows\system\JWjbtUq.exe

Filesize
6.0MB

MD5
609a02e6c78b429b83b7e0ad5182b36a

SHA1
10c1526f01f117300700f6b60877d059dc501e0b

SHA256
73f91ebfe26c327c55c9e8ecddca08d3bc916f49be24187c1181b4a4e5cf6600

SHA512
78c91361231460fe7d3403c4f141f342b336645274990c289e8c0257c019c65f94b8b97076f99d5e0d05c8a963a1eb6720dc534a620506a09587fd2053d95958

Download Submit
C:\Windows\system\KBfufkK.exe

Filesize
6.0MB

MD5
0cf372b34da642843116d91e69e3fa93

SHA1
596eac24c8c15b1103ce8e7e4e4315578acb016c

SHA256
478570c2e0811dca1c159fa397f91fcc261ffc19131e0a1b5cce87d7c7648fc1

SHA512
3778f0d8674dcfc7456eae0cbd85c548b29efd18b9f46266411b699c53b220c5dc6e48faf4542c8b5f8b29baf60fe735be0a6a4c4a2b2256d949e9bf8d136ea3

Download Submit
C:\Windows\system\MEfBCEK.exe

Filesize
6.0MB

MD5
b2c769f017c616f3d10487abc28b7f7d

SHA1
41a7945677a8ccf3491f38745aa009ef4396f687

SHA256
6237fb5dbb1cb82cbce0227e8a47cb569013c3ffd5f0efc88d54bd353de5d787

SHA512
e9fa41f7d9adbc775537c6e5bc11464b4ebf782192aa2d0fb0a1d64919d3d8a2a345ad1d7f2c6bf6b7b91840f6b644c880d05849700dc1e1e14d2b536319eba5

Download Submit
C:\Windows\system\MuFhFHa.exe

Filesize
6.0MB

MD5
be2cd0d9199040fde41a5e5b4bcdfef2

SHA1
1a6fa248bb0d20a100ce6b89eeb0a1c68184f179

SHA256
dc8be5f41da53bb7a630c537c0a2c30e376eadbff923a29ef84af97edd9a29b8

SHA512
1fb9cd256d697559e8d4cdcd77b91ecb8672eb66d0f665f010b331d316bae30203a20671c3d55e56d2ac46dbfb854b3df4ed31a06b478492bb8c3dc535c8a31e

Download Submit
C:\Windows\system\OwzODIR.exe

Filesize
6.0MB

MD5
32388e7ddb1f189f1b2b837af72d37d8

SHA1
6fad27a4cc270960b656ca6a8a334b96d49ac264

SHA256
4a171de274c59c56df3a1f01fdcf89b0a2e1797a3357cbaa345af944ab1c0dfe

SHA512
1a16e02f1678159dd8a684746a71c189bdc08f7ddecf4068566b42b31a9dbf330877f89918dcdcb1d5bda39471cf4976161d1ee18cec11653e39109aa0fb97e4

Download Submit
C:\Windows\system\PnztTEf.exe

Filesize
6.0MB

MD5
c9d094148952876e203fc695d0e58123

SHA1
42e0ef9b0723b9d9ef24f6fdaae295d2541a4d48

SHA256
dfe37a798a0aa319c4da4389441373e1f754e9ff75b51e3755cce657d1a5f4c1

SHA512
36511358fdeffcabb45b3686fe85327fd318f5730386bbf3dfb387cbe700e66868c1d9cb97e0dce7553e1e35f3990700a67fff0b4650b9fff10084684e3ffa0e

Download Submit
C:\Windows\system\QPixRaa.exe

Filesize
6.0MB

MD5
3310dbd5e687c031753694f70fb4e453

SHA1
cc7fc1a40e5e6e3d4b01dccd0ad95bd5e295fb0f

SHA256
7e46e7453392d967d6c801e53cc85b672f4604835fe848acf1bb0b7ec34cf761

SHA512
75d494b91d7f29c26cc365bbbc0a345db2660bab6d8258ce30359da8484b7bd1bc73642c063c0a8492cbf715cb5a4cab1ae62b59cacfaf4732cfa7adc14f9506

Download Submit
C:\Windows\system\ToqoyOU.exe

Filesize
6.0MB

MD5
969e379c1dc2c250eb7801224a5fa555

SHA1
ab0a0769efc5f79bda24ec4c7789755b9d039f9d

SHA256
748ff683fa1b75271ba2549b7a7ce8e3571ca6645e7d7b68e1c8532328ddb048

SHA512
15c104c2d544dff0d6e5a7db6bf44d660a140b4e25a3c7d330a76f173ddd6640dfe03a701f855bca8910019a48ea2045d6f7e92af57303047d22eef627e5964f

Download Submit
C:\Windows\system\TysqowG.exe

Filesize
6.0MB

MD5
d12539137b35fc51000d5023aa951045

SHA1
9eade5355da6ebd61bdbf18fc900f658a48f4441

SHA256
f8eef2e5f107e016cc2e0fdd634ce42e8b867c76ab4e4e7cfdb3d0595a5adc12

SHA512
02a71c6590905eeac784262debfb2aad791d2011bdf744715b3a3c8cb2c1f55154fe7bb1e0d44345bd9cdfa44fa51b374c6508f2ce0b3b3d34f31ff25be7b52b

Download Submit
C:\Windows\system\UeWnpyu.exe

Filesize
6.0MB

MD5
5271981e8a5b6641ddfdc4765a5fb3e0

SHA1
bec6297f4393415d6b4715cbac05bbfd57113102

SHA256
4caa212c7e7ec29df13cc8eb5ef4c62a1b951f005e5ae292025deae721f10717

SHA512
b31b3acde77cd569f1aa8e3dce318d91dee146ded0e3666d18b9370f4b8191ab5f9d88931731cb6d1ad3530860d1d56dd9424e24e32765be93ffb77937432fb6

Download Submit
C:\Windows\system\WjHXmts.exe

Filesize
6.0MB

MD5
8ba1b34a0f31448621f4ced42ef056f2

SHA1
ff912873114ece0df1978c47f671162a5af52c1b

SHA256
c3e0536f06f00bf331df0c53f500d3841bc237862ad012e0adaf7c14d1594860

SHA512
3aac19882f3949d51d8409f37a9b870d4e8e7ee428045be79290bf335064a0455aae91c61ac6fc77640440136fd975e42e9cf9aec6996072b111c67e7bbbab90

Download Submit
C:\Windows\system\YNKHtKn.exe

Filesize
6.0MB

MD5
828289e5625b55a8925f527862ea5652

SHA1
aade001836ddebf2e4a01bdddd986fb4cd36da8f

SHA256
526e8f8789438cadde81bb7a8e61946d2fe4003909b2c20b32e1359cba0cf00c

SHA512
d18a9bd3466b54a26ee5c2a16214bc9051cebf50067e4345837df51838d1f8a25beba6daee8752f1cfc345c63e2d06affc034d34ec884320e9da091b1cdeb3b9

Download Submit
C:\Windows\system\YsuqnnL.exe

Filesize
6.0MB

MD5
c15c5af0284aa271776966e69e346f11

SHA1
736857d3db59eadf06d9256bbafc96fdf0112b3e

SHA256
bb936ebb4ac55a5e6eb628bd38d55c7e1cd71c5a3c22fb42b53c3ae18699e6dc

SHA512
0a7d9000089781d02899e6a6ce1f57b51d7110be882d6721f1fe78ec0c9601aaa9b2f7f74e1ddb07b9a8de8c88b989573e024269d8bf4a7499c356feb25a3f4e

Download Submit
C:\Windows\system\cYoVjmw.exe

Filesize
6.0MB

MD5
a1166a86811d558b4433894331f12c7d

SHA1
23bf5c56f76ad92010c412838298c8f22357d882

SHA256
7e2b79eff4c3d9c11cf2ae957dae2cbef330ce02615649d4e1febf2ea0b8e642

SHA512
407586a12bbf5a926b0e7a03ad55c4dc4f2c39a448f858f148e2a5b971ad00d3d064c7410bcc9d926f506a4d287190583d2aab9853e1faffc3961f6d9181733c

Download Submit
C:\Windows\system\dThNeXA.exe

Filesize
6.0MB

MD5
cc15ec4b992ea19204cfed40106aec1b

SHA1
e0e139368ccdd8db893879644a000667d3252e6d

SHA256
c6e8525f49b683c7d20541d51e9b7044b577331310b1f001610a76d6704515be

SHA512
0117b9d7e34a7bc771fb34e10375490c7895a1d4c64e1aee29f88bf7bdec4fdfd63210ca0f71c1c24581da5525c1d984686e9ae838ad695a7cd5a716f3371863

Download Submit
C:\Windows\system\gMHuXtj.exe

Filesize
6.0MB

MD5
b71fc97df8f844ce51c7f51df59c4f70

SHA1
39585bd18473a1bb329a6db4d37960e73a148ea6

SHA256
5eb1e868bdc288ee0da706c541001203b53d80c916c31799442ee0edd313eedc

SHA512
6fd781edded5bf0b88ff45832a4f59caddf1a9b3d7122137b4ba7687a1c883ac6e56d4313b3106c5626e3296b0d90076edb768330c3d409f0ab65c3b94807e17

Download Submit
C:\Windows\system\gRZDUrA.exe

Filesize
6.0MB

MD5
064280a8e2b068681c91ffbbc3e1cfe3

SHA1
b86eebf2d19a4e33fa7d2980c77a16bb88877bbc

SHA256
9c4f301eb86d2faf156b4ed8bc6f267388afc42ea87fbdcb4b90a720d0896c4c

SHA512
b22f97bf9b2c5a644e2500c5129c27bca4b8555bbc9c796b26fb8a4da81b263daa56a9825277c9d5671d839760cb2c5f49444b6be608a5b0de3dabdc8537a311

Download Submit
C:\Windows\system\kWXmgSU.exe

Filesize
6.0MB

MD5
f2d1917d9132509c03810564b64eaa54

SHA1
d192a90752c9d919abfda6f3bd42f7c80475be88

SHA256
79c8370f6452da0884c398e9a3fae1ab04df2cb66147db1117d59bec573afbe4

SHA512
eeb2e761bceef14994158b2850e335bbd89c4d7d976eb6dfcf44edcee83c62aa1281eb4565adabe93106ffa4a215edf76be9a930024648a4e227c7c3248381e8

Download Submit
C:\Windows\system\kcIBcNH.exe

Filesize
6.0MB

MD5
8e17cf8d9fabaf181be8208647a1b237

SHA1
05e172f73724841904f5547b51007267814639c9

SHA256
99bad8fae46d32c83ba09fada6a19aeb029577f06279d5e41f0eebb33ef49912

SHA512
1293f775ab20bea901737860d6191f31622cdff604f853201279148e182c25a954e4ff5566c90c98a97964e9f4d71ced2e5aae86c4772a9f6f4158f602553a7d

Download Submit
C:\Windows\system\klSbdNQ.exe

Filesize
6.0MB

MD5
7086524916a0924376737df9353a9219

SHA1
57aaa5135731d21376318185eccbe3a0490d6207

SHA256
65799b78960a629f230a5dd2555f27eb1439b3e3cc85150ec828a45ebf8ef0c6

SHA512
62fe68a795fa2e621166fd314d0868ac25f373ac171f61258f127d0f9be86c786dd783be17523b88c9cefb5db773ab0a9e5b4281b5101acaa52536f6d0da95ed

Download Submit
C:\Windows\system\mXAyYJT.exe

Filesize
6.0MB

MD5
9640c2ae1e442101b00138b15e3b680b

SHA1
3f506ddebd3eb1c37a4feba3612189d2b19c1c26

SHA256
31394dfe66f43cafb189c100de657eb9e3f839821df3c28d353e224f2c094d9b

SHA512
200c3e15e1653be2bad034a537fb3ec4b1074669005c68f5fcec1608522901ec2cb011d0fa99468b75baef894489838a30daddbbceabd4a7cf8bdfaea02ffa79

Download Submit
C:\Windows\system\okvWmkB.exe

Filesize
6.0MB

MD5
a4ab939fbb483ab3fe9da93f29861fdf

SHA1
b80f3c7149e67aa715a409731741731521686b6e

SHA256
2453c1c61c34520510edf386c283f770ae6a7ba819de9369e0080e10862a6ef5

SHA512
84122d6e82462a0578d4ee2f81c92d998b6c14e88f64166a13dfb17c9ea6ecc413fe19c186e76d99a655ba3617dd4cbdcf34529bff493df1f402a0e1d2f815b1

Download Submit
C:\Windows\system\qQMpIVN.exe

Filesize
6.0MB

MD5
1fd8ac34d5b15d3037683a1d7910caad

SHA1
ad13570ba2e1769388dfac058840edb16d455daa

SHA256
f61f97e911b995299536beb0248a17a0d6c3e348f43170fda325db791eee454a

SHA512
e350c85c07498770ac94362a84cd16b9a0d7c990e31de7ac75a75fb0a74c2189ea2556d38b1f19ab24ab90c82ba8bd15aced41dd30f180b6ed80a001dee9da1f

Download Submit
C:\Windows\system\vNeYFYu.exe

Filesize
6.0MB

MD5
ec47e3ae74c2c65d25ab09e8378af83c

SHA1
339fd2454886ea578a033c1c2d273fef8e6fe223

SHA256
668f1a2b130874fdd40430da3931c503e88491aa321e7a176cea5760ddde22e8

SHA512
e92e6ad5ee03e9e4974520395bcf3848c798e0da33e8c92c23864c1e764618590935f2f377852df6af80a30edb04313ece2cab2c6f0c2bad49b17421c2420165

Download Submit
C:\Windows\system\xWYRjcs.exe

Filesize
6.0MB

MD5
63a40861570bb612e10935a3373d999b

SHA1
70b274182249ae81ce6bc70f93b13392e5cd0b1b

SHA256
f250f7a7a6a73d49d672e97316f1f45c62dd1a2d7faffd6a156766d1ae9a95e9

SHA512
df8ae77f21e9354cb41dd03c4ec0304479fa7b1ee761dcaf082d4291fc48d0909a77286be14a12c84697e3b96399916860aef31ff0277b91c70858ae4bdd6145

Download Submit
C:\Windows\system\yhPKrUR.exe

Filesize
6.0MB

MD5
0b4cdb0be5299281db079cdc94764f24

SHA1
cebf11ddc1fac35de1fc020f03626c5c674ece8a

SHA256
d8dc7703ef965a5164f90c9b46951abc6337591dc800d9af641c0f0657349667

SHA512
7e043a663280135622ababc2f79b5a043969a0745eb001fe56f9230f403bd15676f8b56a57bbf87d23ff95961d02ab66b1b20172b17478978128b5d4beaaec15

Download Submit
\Windows\system\gsjTGdy.exe

Filesize
6.0MB

MD5
a56267f33262f7d766c37758071767cf

SHA1
0cf5b646be5298fde02826793bfb1ab92d1516f8

SHA256
f6df3b3b9d13c087f7857aee8fc4dccf0522ca2a81f637519f3bc32735e790ca

SHA512
f1ee78db89aa1bc30d819dd5701a9617ae35ec5545bd11154a413be241d0a44d96be3e55b179b332cd6dd527aa0437cd2e1c46b95c6a1205b2edf50e681939d6

Download Submit
memory/532-4053-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/532-76-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/592-77-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/592-1410-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/592-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/592-79-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/592-102-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/592-0-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/592-105-0x000000013F200000-0x000000013F554000-memory.dmp

Filesize
3.3MB

Download
memory/592-104-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/592-1579-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/592-1411-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/592-86-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/592-100-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/592-88-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/592-98-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/592-75-0x000000013F080000-0x000000013F3D4000-memory.dmp

Filesize
3.3MB

Download
memory/592-95-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/592-81-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/592-93-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/592-91-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/748-4048-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/748-84-0x000000013F3F0000-0x000000013F744000-memory.dmp

Filesize
3.3MB

Download
memory/1632-4059-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1632-74-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1932-80-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/1932-4052-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2276-4055-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2276-99-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/2292-78-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2292-4056-0x000000013F030000-0x000000013F384000-memory.dmp

Filesize
3.3MB

Download
memory/2508-73-0x000000013F040000-0x000000013F394000-memory.dmp

Filesize
3.3MB

Download
memory/2716-92-0x000000013F890000-0x000000013FBE4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-4057-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2724-94-0x000000013FA90000-0x000000013FDE4000-memory.dmp

Filesize
3.3MB

Download
memory/2756-101-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2756-4054-0x000000013F3E0000-0x000000013F734000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4046-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2884-87-0x000000013F970000-0x000000013FCC4000-memory.dmp

Filesize
3.3MB

Download
memory/2896-103-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2896-4058-0x000000013F830000-0x000000013FB84000-memory.dmp

Filesize
3.3MB

Download
memory/2908-4049-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2908-90-0x000000013F620000-0x000000013F974000-memory.dmp

Filesize
3.3MB

Download
memory/2912-4051-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download
memory/2912-97-0x000000013F190000-0x000000013F4E4000-memory.dmp

Filesize
3.3MB

Download