cobaltstrike | d0a31967c6e920e52c1d09048b041deb482b3fbcca6bdbfa13cd7b5f884a9b9d

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22/01/2025, 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

620e3ba131451ba9534cbedd412e0773
SHA1

80133bb71cdfbbe22a3b131002faf12adf73f55d
SHA256

d0a31967c6e920e52c1d09048b041deb482b3fbcca6bdbfa13cd7b5f884a9b9d
SHA512

9b25ec6d6d353f07412831b3f7622c19271de5d4a310afe864fbbe980843b6562010f8f9e4454d06a4cb50ab0d753dd4d7fd3a5d100d755076df3e949f44e555
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUf:T+q56utgpPF8u/7f

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d0000000133b8-6.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d2c-20.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d0c-11.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d5c-40.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d64-55.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195a9-70.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ad-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b1-96.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b7-117.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c3-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c6-148.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c5-143.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001960c-159.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019820-185.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019bf5-196.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001998d-190.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197fd-180.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019761-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001975a-169.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019643-165.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c7-153.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195c1-133.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bd-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195bb-122.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b5-113.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195b3-106.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195af-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000195ab-77.dat	cobalt_reflective_dll
behavioral1/files/0x0002000000018334-62.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016ce0-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d52-33.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d3f-28.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/3044-0-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x000d0000000133b8-6.dat	xmrig
behavioral1/files/0x0007000000016d2c-20.dat	xmrig
behavioral1/memory/2076-15-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2904-14-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/files/0x0009000000016d0c-11.dat	xmrig
behavioral1/memory/3044-49-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d5c-40.dat	xmrig
behavioral1/files/0x0008000000016d64-55.dat	xmrig
behavioral1/files/0x00050000000195a9-70.dat	xmrig
behavioral1/files/0x00050000000195ad-94.dat	xmrig
behavioral1/files/0x00050000000195b1-96.dat	xmrig
behavioral1/files/0x00050000000195b7-117.dat	xmrig
behavioral1/files/0x00050000000195c3-137.dat	xmrig
behavioral1/files/0x00050000000195c6-148.dat	xmrig
behavioral1/files/0x00050000000195c5-143.dat	xmrig
behavioral1/memory/3044-150-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/files/0x000500000001960c-159.dat	xmrig
behavioral1/files/0x0005000000019820-185.dat	xmrig
behavioral1/memory/2352-242-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019bf5-196.dat	xmrig
behavioral1/files/0x000500000001998d-190.dat	xmrig
behavioral1/files/0x00050000000197fd-180.dat	xmrig
behavioral1/memory/3044-177-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019761-174.dat	xmrig
behavioral1/files/0x000500000001975a-169.dat	xmrig
behavioral1/files/0x0005000000019643-165.dat	xmrig
behavioral1/memory/1648-156-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195c7-153.dat	xmrig
behavioral1/files/0x00050000000195c1-133.dat	xmrig
behavioral1/files/0x00050000000195bd-127.dat	xmrig
behavioral1/files/0x00050000000195bb-122.dat	xmrig
behavioral1/files/0x00050000000195b5-113.dat	xmrig
behavioral1/files/0x00050000000195b3-106.dat	xmrig
behavioral1/memory/388-103-0x000000013FE40000-0x0000000140194000-memory.dmp	xmrig
behavioral1/memory/1100-97-0x000000013F370000-0x000000013F6C4000-memory.dmp	xmrig
behavioral1/memory/1648-84-0x000000013F690000-0x000000013F9E4000-memory.dmp	xmrig
behavioral1/memory/1852-74-0x000000013FEA0000-0x00000001401F4000-memory.dmp	xmrig
behavioral1/memory/2996-72-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2352-90-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195af-88.dat	xmrig
behavioral1/memory/2892-79-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000195ab-77.dat	xmrig
behavioral1/memory/2628-66-0x000000013F4E0000-0x000000013F834000-memory.dmp	xmrig
behavioral1/memory/2076-59-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2660-58-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x0002000000018334-62.dat	xmrig
behavioral1/memory/2908-50-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/files/0x0009000000016ce0-46.dat	xmrig
behavioral1/memory/2892-45-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2744-37-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d52-33.dat	xmrig
behavioral1/memory/2996-29-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d3f-28.dat	xmrig
behavioral1/memory/2832-26-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2076-1193-0x000000013F290000-0x000000013F5E4000-memory.dmp	xmrig
behavioral1/memory/2892-1195-0x000000013FE70000-0x00000001401C4000-memory.dmp	xmrig
behavioral1/memory/2996-1194-0x000000013FB10000-0x000000013FE64000-memory.dmp	xmrig
behavioral1/memory/2904-1197-0x000000013F2B0000-0x000000013F604000-memory.dmp	xmrig
behavioral1/memory/2660-1196-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/memory/2744-1198-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2908-1199-0x000000013F800000-0x000000013FB54000-memory.dmp	xmrig
behavioral1/memory/2832-1200-0x000000013F6B0000-0x000000013FA04000-memory.dmp	xmrig
behavioral1/memory/2352-1206-0x000000013F270000-0x000000013F5C4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2904	tEsEZJa.exe
2076	EbCzSSD.exe
2832	NwfdfWO.exe
2996	WozfHuI.exe
2744	sTKHUtw.exe
2892	tQJqYbF.exe
2908	gZVMkHS.exe
2660	WYAIaSv.exe
2628	KkNClMm.exe
1852	kecwMDh.exe
1648	gJBxnfB.exe
2352	xfgMcWJ.exe
1100	zJSdyHO.exe
388	GVFhcse.exe
2516	XlplKVQ.exe
1784	XYcdWHT.exe
528	MgTUhyn.exe
2700	xLyfOas.exe
436	CIWriUz.exe
2600	dVuRwZu.exe
1252	GWBokth.exe
584	FJXqmkN.exe
1756	RWBEjgn.exe
3016	Plhigfy.exe
2440	fMBkXMP.exe
1348	LtlQmWf.exe
1864	NrAWREN.exe
1744	RiATwbU.exe
1596	PNCwmev.exe
2156	LvIPCVX.exe
1552	GSkBsRT.exe
1536	xWNrHcZ.exe
948	VPmAcCd.exe
2488	KVfdgKJ.exe
2220	MOxBZFv.exe
1964	rBTUSFT.exe
1556	tbcHHJI.exe
1456	LQJqSWF.exe
1528	TFqiRMd.exe
2348	kxDznme.exe
2392	weyfQGo.exe
1796	eFPUJrH.exe
1248	BtTyeyC.exe
884	iikSCUg.exe
2044	lYpCOsk.exe
2040	JNUpmoT.exe
2980	OthzTwA.exe
548	joIlSXa.exe
1996	vrSnIXr.exe
2768	kJtLsxg.exe
1792	GHnAghw.exe
1688	oRAYVKB.exe
2844	BGqzaPT.exe
2784	beBspkO.exe
2972	fxDPRGB.exe
3064	ubxtwKj.exe
1056	zDgcaMY.exe
1788	AezuVeT.exe
1652	uCLjadZ.exe
636	rvWVUxO.exe
1116	ChBcAZM.exe
2424	oPuEviL.exe
2944	ThFSJTJ.exe
1020	lEIHfBn.exe

Loads dropped DLL 64 IoCs

pid	Process
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3044-0-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x000d0000000133b8-6.dat	upx
behavioral1/files/0x0007000000016d2c-20.dat	upx
behavioral1/memory/2076-15-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2904-14-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/files/0x0009000000016d0c-11.dat	upx
behavioral1/memory/3044-49-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0008000000016d5c-40.dat	upx
behavioral1/files/0x0008000000016d64-55.dat	upx
behavioral1/files/0x00050000000195a9-70.dat	upx
behavioral1/files/0x00050000000195ad-94.dat	upx
behavioral1/files/0x00050000000195b1-96.dat	upx
behavioral1/files/0x00050000000195b7-117.dat	upx
behavioral1/files/0x00050000000195c3-137.dat	upx
behavioral1/files/0x00050000000195c6-148.dat	upx
behavioral1/files/0x00050000000195c5-143.dat	upx
behavioral1/files/0x000500000001960c-159.dat	upx
behavioral1/files/0x0005000000019820-185.dat	upx
behavioral1/memory/2352-242-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x0005000000019bf5-196.dat	upx
behavioral1/files/0x000500000001998d-190.dat	upx
behavioral1/files/0x00050000000197fd-180.dat	upx
behavioral1/files/0x0005000000019761-174.dat	upx
behavioral1/files/0x000500000001975a-169.dat	upx
behavioral1/files/0x0005000000019643-165.dat	upx
behavioral1/memory/1648-156-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/files/0x00050000000195c7-153.dat	upx
behavioral1/files/0x00050000000195c1-133.dat	upx
behavioral1/files/0x00050000000195bd-127.dat	upx
behavioral1/files/0x00050000000195bb-122.dat	upx
behavioral1/files/0x00050000000195b5-113.dat	upx
behavioral1/files/0x00050000000195b3-106.dat	upx
behavioral1/memory/388-103-0x000000013FE40000-0x0000000140194000-memory.dmp	upx
behavioral1/memory/1100-97-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx
behavioral1/memory/1648-84-0x000000013F690000-0x000000013F9E4000-memory.dmp	upx
behavioral1/memory/1852-74-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/2996-72-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2352-90-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/files/0x00050000000195af-88.dat	upx
behavioral1/memory/2892-79-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/files/0x00050000000195ab-77.dat	upx
behavioral1/memory/2628-66-0x000000013F4E0000-0x000000013F834000-memory.dmp	upx
behavioral1/memory/2076-59-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2660-58-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x0002000000018334-62.dat	upx
behavioral1/memory/2908-50-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/files/0x0009000000016ce0-46.dat	upx
behavioral1/memory/2892-45-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2744-37-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0007000000016d52-33.dat	upx
behavioral1/memory/2996-29-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/files/0x0007000000016d3f-28.dat	upx
behavioral1/memory/2832-26-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2076-1193-0x000000013F290000-0x000000013F5E4000-memory.dmp	upx
behavioral1/memory/2892-1195-0x000000013FE70000-0x00000001401C4000-memory.dmp	upx
behavioral1/memory/2996-1194-0x000000013FB10000-0x000000013FE64000-memory.dmp	upx
behavioral1/memory/2904-1197-0x000000013F2B0000-0x000000013F604000-memory.dmp	upx
behavioral1/memory/2660-1196-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2744-1198-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2908-1199-0x000000013F800000-0x000000013FB54000-memory.dmp	upx
behavioral1/memory/2832-1200-0x000000013F6B0000-0x000000013FA04000-memory.dmp	upx
behavioral1/memory/2352-1206-0x000000013F270000-0x000000013F5C4000-memory.dmp	upx
behavioral1/memory/1852-1205-0x000000013FEA0000-0x00000001401F4000-memory.dmp	upx
behavioral1/memory/1100-1204-0x000000013F370000-0x000000013F6C4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\FJCgZGD.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VnNkWKU.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vfTbENv.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yLyXYjJ.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SoVjxuq.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RZJaeDR.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gtLdUJD.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FzmxFOc.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ijfViIj.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPlbbVY.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yhOFhnu.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\abobkTt.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfWyqNY.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VtcZYWW.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GWVVVyy.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bvtPoOo.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDAnbVZ.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BOYYZPh.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwuGjEC.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NDhgyyl.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LfskJrb.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ifFtGjE.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Irwitru.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VfashKX.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\khvoHGC.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JHVRaDP.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FmFvlsR.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RQmiLhx.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTFWBuT.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AklUlIQ.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MmhjeuS.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OJANEnt.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EjcVrDu.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pnWCwIj.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dbOQBVH.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WPbVNKy.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TeJukGg.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aKrqSve.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EufaspL.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SMPZGVN.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FTlNNsk.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WWsjyuk.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xMnrDls.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HBhVtfq.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xiPFQIt.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QjUKAAe.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QEppwYW.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LtlQmWf.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DrNuFft.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\inVGYzg.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UClJiFI.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oZhDyEB.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xtJYGKI.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ViWIvCX.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VAtfUhK.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TbQTJoT.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\clPCgNq.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jLCGTGN.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FADylpO.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\rBjOXIv.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fqRJtoL.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KVfdgKJ.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GwQFtbl.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DFdkkBD.exe	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2904	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3044 wrote to memory of 2904	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3044 wrote to memory of 2904	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 3044 wrote to memory of 2076	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3044 wrote to memory of 2076	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3044 wrote to memory of 2076	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 3044 wrote to memory of 2832	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3044 wrote to memory of 2832	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3044 wrote to memory of 2832	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 3044 wrote to memory of 2996	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3044 wrote to memory of 2996	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3044 wrote to memory of 2996	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 3044 wrote to memory of 2744	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3044 wrote to memory of 2744	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3044 wrote to memory of 2744	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 3044 wrote to memory of 2892	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3044 wrote to memory of 2892	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3044 wrote to memory of 2892	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 3044 wrote to memory of 2908	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3044 wrote to memory of 2908	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3044 wrote to memory of 2908	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 3044 wrote to memory of 2660	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3044 wrote to memory of 2660	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3044 wrote to memory of 2660	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 3044 wrote to memory of 2628	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3044 wrote to memory of 2628	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3044 wrote to memory of 2628	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 3044 wrote to memory of 1852	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3044 wrote to memory of 1852	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3044 wrote to memory of 1852	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 3044 wrote to memory of 1648	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3044 wrote to memory of 1648	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3044 wrote to memory of 1648	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 3044 wrote to memory of 1100	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3044 wrote to memory of 1100	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3044 wrote to memory of 1100	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 3044 wrote to memory of 2352	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3044 wrote to memory of 2352	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3044 wrote to memory of 2352	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 3044 wrote to memory of 388	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3044 wrote to memory of 388	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3044 wrote to memory of 388	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 3044 wrote to memory of 2516	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3044 wrote to memory of 2516	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3044 wrote to memory of 2516	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 3044 wrote to memory of 1784	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3044 wrote to memory of 1784	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3044 wrote to memory of 1784	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 3044 wrote to memory of 528	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3044 wrote to memory of 528	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3044 wrote to memory of 528	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 3044 wrote to memory of 2700	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3044 wrote to memory of 2700	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3044 wrote to memory of 2700	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 3044 wrote to memory of 436	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3044 wrote to memory of 436	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3044 wrote to memory of 436	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 3044 wrote to memory of 2600	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3044 wrote to memory of 2600	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3044 wrote to memory of 2600	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 3044 wrote to memory of 1252	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3044 wrote to memory of 1252	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3044 wrote to memory of 1252	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 3044 wrote to memory of 584	3044	2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_620e3ba131451ba9534cbedd412e0773_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\System\tEsEZJa.exe
  C:\Windows\System\tEsEZJa.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\EbCzSSD.exe
  C:\Windows\System\EbCzSSD.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\NwfdfWO.exe
  C:\Windows\System\NwfdfWO.exe
  2⤵
  - Executes dropped EXE
  PID:2832
- C:\Windows\System\WozfHuI.exe
  C:\Windows\System\WozfHuI.exe
  2⤵
  - Executes dropped EXE
  PID:2996
- C:\Windows\System\sTKHUtw.exe
  C:\Windows\System\sTKHUtw.exe
  2⤵
  - Executes dropped EXE
  PID:2744
- C:\Windows\System\tQJqYbF.exe
  C:\Windows\System\tQJqYbF.exe
  2⤵
  - Executes dropped EXE
  PID:2892
- C:\Windows\System\gZVMkHS.exe
  C:\Windows\System\gZVMkHS.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\WYAIaSv.exe
  C:\Windows\System\WYAIaSv.exe
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Windows\System\KkNClMm.exe
  C:\Windows\System\KkNClMm.exe
  2⤵
  - Executes dropped EXE
  PID:2628
- C:\Windows\System\kecwMDh.exe
  C:\Windows\System\kecwMDh.exe
  2⤵
  - Executes dropped EXE
  PID:1852
- C:\Windows\System\gJBxnfB.exe
  C:\Windows\System\gJBxnfB.exe
  2⤵
  - Executes dropped EXE
  PID:1648
- C:\Windows\System\zJSdyHO.exe
  C:\Windows\System\zJSdyHO.exe
  2⤵
  - Executes dropped EXE
  PID:1100
- C:\Windows\System\xfgMcWJ.exe
  C:\Windows\System\xfgMcWJ.exe
  2⤵
  - Executes dropped EXE
  PID:2352
- C:\Windows\System\GVFhcse.exe
  C:\Windows\System\GVFhcse.exe
  2⤵
  - Executes dropped EXE
  PID:388
- C:\Windows\System\XlplKVQ.exe
  C:\Windows\System\XlplKVQ.exe
  2⤵
  - Executes dropped EXE
  PID:2516
- C:\Windows\System\XYcdWHT.exe
  C:\Windows\System\XYcdWHT.exe
  2⤵
  - Executes dropped EXE
  PID:1784
- C:\Windows\System\MgTUhyn.exe
  C:\Windows\System\MgTUhyn.exe
  2⤵
  - Executes dropped EXE
  PID:528
- C:\Windows\System\xLyfOas.exe
  C:\Windows\System\xLyfOas.exe
  2⤵
  - Executes dropped EXE
  PID:2700
- C:\Windows\System\CIWriUz.exe
  C:\Windows\System\CIWriUz.exe
  2⤵
  - Executes dropped EXE
  PID:436
- C:\Windows\System\dVuRwZu.exe
  C:\Windows\System\dVuRwZu.exe
  2⤵
  - Executes dropped EXE
  PID:2600
- C:\Windows\System\GWBokth.exe
  C:\Windows\System\GWBokth.exe
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Windows\System\FJXqmkN.exe
  C:\Windows\System\FJXqmkN.exe
  2⤵
  - Executes dropped EXE
  PID:584
- C:\Windows\System\RWBEjgn.exe
  C:\Windows\System\RWBEjgn.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\Plhigfy.exe
  C:\Windows\System\Plhigfy.exe
  2⤵
  - Executes dropped EXE
  PID:3016
- C:\Windows\System\fMBkXMP.exe
  C:\Windows\System\fMBkXMP.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\LtlQmWf.exe
  C:\Windows\System\LtlQmWf.exe
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\System\NrAWREN.exe
  C:\Windows\System\NrAWREN.exe
  2⤵
  - Executes dropped EXE
  PID:1864
- C:\Windows\System\RiATwbU.exe
  C:\Windows\System\RiATwbU.exe
  2⤵
  - Executes dropped EXE
  PID:1744
- C:\Windows\System\PNCwmev.exe
  C:\Windows\System\PNCwmev.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\LvIPCVX.exe
  C:\Windows\System\LvIPCVX.exe
  2⤵
  - Executes dropped EXE
  PID:2156
- C:\Windows\System\GSkBsRT.exe
  C:\Windows\System\GSkBsRT.exe
  2⤵
  - Executes dropped EXE
  PID:1552
- C:\Windows\System\xWNrHcZ.exe
  C:\Windows\System\xWNrHcZ.exe
  2⤵
  - Executes dropped EXE
  PID:1536
- C:\Windows\System\VPmAcCd.exe
  C:\Windows\System\VPmAcCd.exe
  2⤵
  - Executes dropped EXE
  PID:948
- C:\Windows\System\KVfdgKJ.exe
  C:\Windows\System\KVfdgKJ.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Windows\System\MOxBZFv.exe
  C:\Windows\System\MOxBZFv.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\tbcHHJI.exe
  C:\Windows\System\tbcHHJI.exe
  2⤵
  - Executes dropped EXE
  PID:1556
- C:\Windows\System\rBTUSFT.exe
  C:\Windows\System\rBTUSFT.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\LQJqSWF.exe
  C:\Windows\System\LQJqSWF.exe
  2⤵
  - Executes dropped EXE
  PID:1456
- C:\Windows\System\TFqiRMd.exe
  C:\Windows\System\TFqiRMd.exe
  2⤵
  - Executes dropped EXE
  PID:1528
- C:\Windows\System\kxDznme.exe
  C:\Windows\System\kxDznme.exe
  2⤵
  - Executes dropped EXE
  PID:2348
- C:\Windows\System\weyfQGo.exe
  C:\Windows\System\weyfQGo.exe
  2⤵
  - Executes dropped EXE
  PID:2392
- C:\Windows\System\lYpCOsk.exe
  C:\Windows\System\lYpCOsk.exe
  2⤵
  - Executes dropped EXE
  PID:2044
- C:\Windows\System\eFPUJrH.exe
  C:\Windows\System\eFPUJrH.exe
  2⤵
  - Executes dropped EXE
  PID:1796
- C:\Windows\System\joIlSXa.exe
  C:\Windows\System\joIlSXa.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\BtTyeyC.exe
  C:\Windows\System\BtTyeyC.exe
  2⤵
  - Executes dropped EXE
  PID:1248
- C:\Windows\System\vrSnIXr.exe
  C:\Windows\System\vrSnIXr.exe
  2⤵
  - Executes dropped EXE
  PID:1996
- C:\Windows\System\iikSCUg.exe
  C:\Windows\System\iikSCUg.exe
  2⤵
  - Executes dropped EXE
  PID:884
- C:\Windows\System\GHnAghw.exe
  C:\Windows\System\GHnAghw.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\JNUpmoT.exe
  C:\Windows\System\JNUpmoT.exe
  2⤵
  - Executes dropped EXE
  PID:2040
- C:\Windows\System\oRAYVKB.exe
  C:\Windows\System\oRAYVKB.exe
  2⤵
  - Executes dropped EXE
  PID:1688
- C:\Windows\System\OthzTwA.exe
  C:\Windows\System\OthzTwA.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\BGqzaPT.exe
  C:\Windows\System\BGqzaPT.exe
  2⤵
  - Executes dropped EXE
  PID:2844
- C:\Windows\System\kJtLsxg.exe
  C:\Windows\System\kJtLsxg.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\beBspkO.exe
  C:\Windows\System\beBspkO.exe
  2⤵
  - Executes dropped EXE
  PID:2784
- C:\Windows\System\fxDPRGB.exe
  C:\Windows\System\fxDPRGB.exe
  2⤵
  - Executes dropped EXE
  PID:2972
- C:\Windows\System\zDgcaMY.exe
  C:\Windows\System\zDgcaMY.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\ubxtwKj.exe
  C:\Windows\System\ubxtwKj.exe
  2⤵
  - Executes dropped EXE
  PID:3064
- C:\Windows\System\uCLjadZ.exe
  C:\Windows\System\uCLjadZ.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\AezuVeT.exe
  C:\Windows\System\AezuVeT.exe
  2⤵
  - Executes dropped EXE
  PID:1788
- C:\Windows\System\ThFSJTJ.exe
  C:\Windows\System\ThFSJTJ.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\rvWVUxO.exe
  C:\Windows\System\rvWVUxO.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\XLufxmG.exe
  C:\Windows\System\XLufxmG.exe
  2⤵
  PID:940
- C:\Windows\System\ChBcAZM.exe
  C:\Windows\System\ChBcAZM.exe
  2⤵
  - Executes dropped EXE
  PID:1116
- C:\Windows\System\jOLvIer.exe
  C:\Windows\System\jOLvIer.exe
  2⤵
  PID:1588
- C:\Windows\System\oPuEviL.exe
  C:\Windows\System\oPuEviL.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Windows\System\iCfttkn.exe
  C:\Windows\System\iCfttkn.exe
  2⤵
  PID:2492
- C:\Windows\System\lEIHfBn.exe
  C:\Windows\System\lEIHfBn.exe
  2⤵
  - Executes dropped EXE
  PID:1020
- C:\Windows\System\PaGZKct.exe
  C:\Windows\System\PaGZKct.exe
  2⤵
  PID:1452
- C:\Windows\System\lhWmByX.exe
  C:\Windows\System\lhWmByX.exe
  2⤵
  PID:2152
- C:\Windows\System\vgOGLVA.exe
  C:\Windows\System\vgOGLVA.exe
  2⤵
  PID:1372
- C:\Windows\System\wlIpxOS.exe
  C:\Windows\System\wlIpxOS.exe
  2⤵
  PID:2408
- C:\Windows\System\DrNuFft.exe
  C:\Windows\System\DrNuFft.exe
  2⤵
  PID:1548
- C:\Windows\System\VKrJkki.exe
  C:\Windows\System\VKrJkki.exe
  2⤵
  PID:540
- C:\Windows\System\ubhTgix.exe
  C:\Windows\System\ubhTgix.exe
  2⤵
  PID:772
- C:\Windows\System\yjhTWnA.exe
  C:\Windows\System\yjhTWnA.exe
  2⤵
  PID:2088
- C:\Windows\System\pCLague.exe
  C:\Windows\System\pCLague.exe
  2⤵
  PID:652
- C:\Windows\System\PenybXx.exe
  C:\Windows\System\PenybXx.exe
  2⤵
  PID:2200
- C:\Windows\System\syZtrvy.exe
  C:\Windows\System\syZtrvy.exe
  2⤵
  PID:2984
- C:\Windows\System\dNCQrYV.exe
  C:\Windows\System\dNCQrYV.exe
  2⤵
  PID:2636
- C:\Windows\System\oXemGTx.exe
  C:\Windows\System\oXemGTx.exe
  2⤵
  PID:2684
- C:\Windows\System\KhUALYU.exe
  C:\Windows\System\KhUALYU.exe
  2⤵
  PID:892
- C:\Windows\System\fCrktOL.exe
  C:\Windows\System\fCrktOL.exe
  2⤵
  PID:1284
- C:\Windows\System\knEmpoG.exe
  C:\Windows\System\knEmpoG.exe
  2⤵
  PID:1236
- C:\Windows\System\jOWxRRg.exe
  C:\Windows\System\jOWxRRg.exe
  2⤵
  PID:568
- C:\Windows\System\OkcoRce.exe
  C:\Windows\System\OkcoRce.exe
  2⤵
  PID:524
- C:\Windows\System\nDfvtqz.exe
  C:\Windows\System\nDfvtqz.exe
  2⤵
  PID:1640
- C:\Windows\System\VZTuyxb.exe
  C:\Windows\System\VZTuyxb.exe
  2⤵
  PID:1940
- C:\Windows\System\BwJPMXE.exe
  C:\Windows\System\BwJPMXE.exe
  2⤵
  PID:3000
- C:\Windows\System\zVitHFU.exe
  C:\Windows\System\zVitHFU.exe
  2⤵
  PID:1856
- C:\Windows\System\qGlvAtU.exe
  C:\Windows\System\qGlvAtU.exe
  2⤵
  PID:236
- C:\Windows\System\gmRYZQA.exe
  C:\Windows\System\gmRYZQA.exe
  2⤵
  PID:3004
- C:\Windows\System\EZUVCHU.exe
  C:\Windows\System\EZUVCHU.exe
  2⤵
  PID:748
- C:\Windows\System\VHZtBlP.exe
  C:\Windows\System\VHZtBlP.exe
  2⤵
  PID:1572
- C:\Windows\System\VLYAupr.exe
  C:\Windows\System\VLYAupr.exe
  2⤵
  PID:824
- C:\Windows\System\gtLdUJD.exe
  C:\Windows\System\gtLdUJD.exe
  2⤵
  PID:2068
- C:\Windows\System\SkptDhq.exe
  C:\Windows\System\SkptDhq.exe
  2⤵
  PID:1580
- C:\Windows\System\xnbGtqA.exe
  C:\Windows\System\xnbGtqA.exe
  2⤵
  PID:2512
- C:\Windows\System\JuxyajK.exe
  C:\Windows\System\JuxyajK.exe
  2⤵
  PID:2896
- C:\Windows\System\uKeGxjW.exe
  C:\Windows\System\uKeGxjW.exe
  2⤵
  PID:2564
- C:\Windows\System\GCanwql.exe
  C:\Windows\System\GCanwql.exe
  2⤵
  PID:2864
- C:\Windows\System\EHmAfUp.exe
  C:\Windows\System\EHmAfUp.exe
  2⤵
  PID:2956
- C:\Windows\System\mhthffs.exe
  C:\Windows\System\mhthffs.exe
  2⤵
  PID:2464
- C:\Windows\System\GBevLHI.exe
  C:\Windows\System\GBevLHI.exe
  2⤵
  PID:1748
- C:\Windows\System\ffnYVLJ.exe
  C:\Windows\System\ffnYVLJ.exe
  2⤵
  PID:1828
- C:\Windows\System\aMRjTiz.exe
  C:\Windows\System\aMRjTiz.exe
  2⤵
  PID:2916
- C:\Windows\System\XpfWfAH.exe
  C:\Windows\System\XpfWfAH.exe
  2⤵
  PID:2556
- C:\Windows\System\cnmUJsm.exe
  C:\Windows\System\cnmUJsm.exe
  2⤵
  PID:3028
- C:\Windows\System\EwiuTWw.exe
  C:\Windows\System\EwiuTWw.exe
  2⤵
  PID:2484
- C:\Windows\System\ViWIvCX.exe
  C:\Windows\System\ViWIvCX.exe
  2⤵
  PID:2612
- C:\Windows\System\oUPPKbt.exe
  C:\Windows\System\oUPPKbt.exe
  2⤵
  PID:2292
- C:\Windows\System\tAMPQhq.exe
  C:\Windows\System\tAMPQhq.exe
  2⤵
  PID:1932
- C:\Windows\System\rWomlbB.exe
  C:\Windows\System\rWomlbB.exe
  2⤵
  PID:2360
- C:\Windows\System\UrrISph.exe
  C:\Windows\System\UrrISph.exe
  2⤵
  PID:2388
- C:\Windows\System\XjiwXiO.exe
  C:\Windows\System\XjiwXiO.exe
  2⤵
  PID:3092
- C:\Windows\System\ubfYQPM.exe
  C:\Windows\System\ubfYQPM.exe
  2⤵
  PID:3112
- C:\Windows\System\EClRlRh.exe
  C:\Windows\System\EClRlRh.exe
  2⤵
  PID:3132
- C:\Windows\System\kfGYOVR.exe
  C:\Windows\System\kfGYOVR.exe
  2⤵
  PID:3152
- C:\Windows\System\WWsjyuk.exe
  C:\Windows\System\WWsjyuk.exe
  2⤵
  PID:3176
- C:\Windows\System\bLquHzt.exe
  C:\Windows\System\bLquHzt.exe
  2⤵
  PID:3272
- C:\Windows\System\akYfpEH.exe
  C:\Windows\System\akYfpEH.exe
  2⤵
  PID:3292
- C:\Windows\System\lfbKwPm.exe
  C:\Windows\System\lfbKwPm.exe
  2⤵
  PID:3308
- C:\Windows\System\pxBrEVx.exe
  C:\Windows\System\pxBrEVx.exe
  2⤵
  PID:3328
- C:\Windows\System\zSqtGYi.exe
  C:\Windows\System\zSqtGYi.exe
  2⤵
  PID:3348
- C:\Windows\System\YMOIjkY.exe
  C:\Windows\System\YMOIjkY.exe
  2⤵
  PID:3372
- C:\Windows\System\bYwpCZn.exe
  C:\Windows\System\bYwpCZn.exe
  2⤵
  PID:3388
- C:\Windows\System\wHXfNLR.exe
  C:\Windows\System\wHXfNLR.exe
  2⤵
  PID:3412
- C:\Windows\System\xtDZHHI.exe
  C:\Windows\System\xtDZHHI.exe
  2⤵
  PID:3432
- C:\Windows\System\bAlfsVz.exe
  C:\Windows\System\bAlfsVz.exe
  2⤵
  PID:3448
- C:\Windows\System\xleUpJq.exe
  C:\Windows\System\xleUpJq.exe
  2⤵
  PID:3464
- C:\Windows\System\XVudupZ.exe
  C:\Windows\System\XVudupZ.exe
  2⤵
  PID:3480
- C:\Windows\System\tGOjZvT.exe
  C:\Windows\System\tGOjZvT.exe
  2⤵
  PID:3500
- C:\Windows\System\BXcXJTS.exe
  C:\Windows\System\BXcXJTS.exe
  2⤵
  PID:3516
- C:\Windows\System\BojXESV.exe
  C:\Windows\System\BojXESV.exe
  2⤵
  PID:3536
- C:\Windows\System\LfOfmsH.exe
  C:\Windows\System\LfOfmsH.exe
  2⤵
  PID:3552
- C:\Windows\System\CIRjXfs.exe
  C:\Windows\System\CIRjXfs.exe
  2⤵
  PID:3568
- C:\Windows\System\sbaaSbG.exe
  C:\Windows\System\sbaaSbG.exe
  2⤵
  PID:3584
- C:\Windows\System\TzbpSwj.exe
  C:\Windows\System\TzbpSwj.exe
  2⤵
  PID:3600
- C:\Windows\System\YAdwalg.exe
  C:\Windows\System\YAdwalg.exe
  2⤵
  PID:3616
- C:\Windows\System\IqPMmOi.exe
  C:\Windows\System\IqPMmOi.exe
  2⤵
  PID:3636
- C:\Windows\System\xRCAhan.exe
  C:\Windows\System\xRCAhan.exe
  2⤵
  PID:3672
- C:\Windows\System\FNXvXPo.exe
  C:\Windows\System\FNXvXPo.exe
  2⤵
  PID:3744
- C:\Windows\System\fDnwhLf.exe
  C:\Windows\System\fDnwhLf.exe
  2⤵
  PID:3760
- C:\Windows\System\GhFTzUf.exe
  C:\Windows\System\GhFTzUf.exe
  2⤵
  PID:3780
- C:\Windows\System\GSVQgim.exe
  C:\Windows\System\GSVQgim.exe
  2⤵
  PID:3796
- C:\Windows\System\KNuERHK.exe
  C:\Windows\System\KNuERHK.exe
  2⤵
  PID:3820
- C:\Windows\System\wWIPzWB.exe
  C:\Windows\System\wWIPzWB.exe
  2⤵
  PID:3836
- C:\Windows\System\ZfDqhfb.exe
  C:\Windows\System\ZfDqhfb.exe
  2⤵
  PID:3852
- C:\Windows\System\KbwKmuG.exe
  C:\Windows\System\KbwKmuG.exe
  2⤵
  PID:3868
- C:\Windows\System\NinzrWv.exe
  C:\Windows\System\NinzrWv.exe
  2⤵
  PID:3884
- C:\Windows\System\OoBUPKC.exe
  C:\Windows\System\OoBUPKC.exe
  2⤵
  PID:3916
- C:\Windows\System\nPklkOx.exe
  C:\Windows\System\nPklkOx.exe
  2⤵
  PID:3936
- C:\Windows\System\moFxZOx.exe
  C:\Windows\System\moFxZOx.exe
  2⤵
  PID:3956
- C:\Windows\System\pYGqebR.exe
  C:\Windows\System\pYGqebR.exe
  2⤵
  PID:3972
- C:\Windows\System\pZibHXf.exe
  C:\Windows\System\pZibHXf.exe
  2⤵
  PID:4004
- C:\Windows\System\yPSwfqr.exe
  C:\Windows\System\yPSwfqr.exe
  2⤵
  PID:4020
- C:\Windows\System\swDkYQO.exe
  C:\Windows\System\swDkYQO.exe
  2⤵
  PID:4044
- C:\Windows\System\KzYsVIp.exe
  C:\Windows\System\KzYsVIp.exe
  2⤵
  PID:4060
- C:\Windows\System\NTOlhjg.exe
  C:\Windows\System\NTOlhjg.exe
  2⤵
  PID:4076
- C:\Windows\System\gmpsYxM.exe
  C:\Windows\System\gmpsYxM.exe
  2⤵
  PID:3008
- C:\Windows\System\ivSdPOx.exe
  C:\Windows\System\ivSdPOx.exe
  2⤵
  PID:2656
- C:\Windows\System\zjLdMbH.exe
  C:\Windows\System\zjLdMbH.exe
  2⤵
  PID:3084
- C:\Windows\System\ocANpAS.exe
  C:\Windows\System\ocANpAS.exe
  2⤵
  PID:1636
- C:\Windows\System\jaARWVX.exe
  C:\Windows\System\jaARWVX.exe
  2⤵
  PID:3164
- C:\Windows\System\JhkHtXu.exe
  C:\Windows\System\JhkHtXu.exe
  2⤵
  PID:880
- C:\Windows\System\QbVvnia.exe
  C:\Windows\System\QbVvnia.exe
  2⤵
  PID:2336
- C:\Windows\System\vmYELBA.exe
  C:\Windows\System\vmYELBA.exe
  2⤵
  PID:3108
- C:\Windows\System\LMgtgAI.exe
  C:\Windows\System\LMgtgAI.exe
  2⤵
  PID:2880
- C:\Windows\System\WBRDBHf.exe
  C:\Windows\System\WBRDBHf.exe
  2⤵
  PID:2472
- C:\Windows\System\moTvOPq.exe
  C:\Windows\System\moTvOPq.exe
  2⤵
  PID:3252
- C:\Windows\System\FoCBKQN.exe
  C:\Windows\System\FoCBKQN.exe
  2⤵
  PID:3268
- C:\Windows\System\NTNZqAr.exe
  C:\Windows\System\NTNZqAr.exe
  2⤵
  PID:3316
- C:\Windows\System\LubwQjQ.exe
  C:\Windows\System\LubwQjQ.exe
  2⤵
  PID:3396
- C:\Windows\System\sQLYaqX.exe
  C:\Windows\System\sQLYaqX.exe
  2⤵
  PID:3444
- C:\Windows\System\GYfagUs.exe
  C:\Windows\System\GYfagUs.exe
  2⤵
  PID:3548
- C:\Windows\System\KpqRmso.exe
  C:\Windows\System\KpqRmso.exe
  2⤵
  PID:3608
- C:\Windows\System\AmtuzLZ.exe
  C:\Windows\System\AmtuzLZ.exe
  2⤵
  PID:3660
- C:\Windows\System\ptReBOD.exe
  C:\Windows\System\ptReBOD.exe
  2⤵
  PID:2780
- C:\Windows\System\ONXlDGh.exe
  C:\Windows\System\ONXlDGh.exe
  2⤵
  PID:3340
- C:\Windows\System\ZZyAYiL.exe
  C:\Windows\System\ZZyAYiL.exe
  2⤵
  PID:3560
- C:\Windows\System\MQTzYdM.exe
  C:\Windows\System\MQTzYdM.exe
  2⤵
  PID:3624
- C:\Windows\System\jGbkdVE.exe
  C:\Windows\System\jGbkdVE.exe
  2⤵
  PID:1268
- C:\Windows\System\SNCCeoH.exe
  C:\Windows\System\SNCCeoH.exe
  2⤵
  PID:1720
- C:\Windows\System\IpYxdao.exe
  C:\Windows\System\IpYxdao.exe
  2⤵
  PID:2752
- C:\Windows\System\xDlhtaV.exe
  C:\Windows\System\xDlhtaV.exe
  2⤵
  PID:2716
- C:\Windows\System\qWpDPdJ.exe
  C:\Windows\System\qWpDPdJ.exe
  2⤵
  PID:3688
- C:\Windows\System\rgcxAVo.exe
  C:\Windows\System\rgcxAVo.exe
  2⤵
  PID:2272
- C:\Windows\System\GPNGZIQ.exe
  C:\Windows\System\GPNGZIQ.exe
  2⤵
  PID:2304
- C:\Windows\System\YBXvhpj.exe
  C:\Windows\System\YBXvhpj.exe
  2⤵
  PID:976
- C:\Windows\System\ifQbqjn.exe
  C:\Windows\System\ifQbqjn.exe
  2⤵
  PID:2736
- C:\Windows\System\XamwYtY.exe
  C:\Windows\System\XamwYtY.exe
  2⤵
  PID:2800
- C:\Windows\System\pIgTEmy.exe
  C:\Windows\System\pIgTEmy.exe
  2⤵
  PID:2624
- C:\Windows\System\vXtUyXe.exe
  C:\Windows\System\vXtUyXe.exe
  2⤵
  PID:2432
- C:\Windows\System\belYnUF.exe
  C:\Windows\System\belYnUF.exe
  2⤵
  PID:3460
- C:\Windows\System\citbMBh.exe
  C:\Windows\System\citbMBh.exe
  2⤵
  PID:588
- C:\Windows\System\MBMZdld.exe
  C:\Windows\System\MBMZdld.exe
  2⤵
  PID:2872
- C:\Windows\System\gotSwnI.exe
  C:\Windows\System\gotSwnI.exe
  2⤵
  PID:2136
- C:\Windows\System\dEtbkKJ.exe
  C:\Windows\System\dEtbkKJ.exe
  2⤵
  PID:2876
- C:\Windows\System\BCYswVT.exe
  C:\Windows\System\BCYswVT.exe
  2⤵
  PID:3720
- C:\Windows\System\tzAlIYm.exe
  C:\Windows\System\tzAlIYm.exe
  2⤵
  PID:3752
- C:\Windows\System\hsEItSB.exe
  C:\Windows\System\hsEItSB.exe
  2⤵
  PID:3732
- C:\Windows\System\FzmxFOc.exe
  C:\Windows\System\FzmxFOc.exe
  2⤵
  PID:3832
- C:\Windows\System\ynbENqq.exe
  C:\Windows\System\ynbENqq.exe
  2⤵
  PID:3908
- C:\Windows\System\lWhPoQm.exe
  C:\Windows\System\lWhPoQm.exe
  2⤵
  PID:3804
- C:\Windows\System\bgktZDd.exe
  C:\Windows\System\bgktZDd.exe
  2⤵
  PID:3848
- C:\Windows\System\qmsKdip.exe
  C:\Windows\System\qmsKdip.exe
  2⤵
  PID:3948
- C:\Windows\System\EvZMzpQ.exe
  C:\Windows\System\EvZMzpQ.exe
  2⤵
  PID:3996
- C:\Windows\System\kYjvydB.exe
  C:\Windows\System\kYjvydB.exe
  2⤵
  PID:4028
- C:\Windows\System\XLRJrMx.exe
  C:\Windows\System\XLRJrMx.exe
  2⤵
  PID:3924
- C:\Windows\System\oUcpbbc.exe
  C:\Windows\System\oUcpbbc.exe
  2⤵
  PID:4052
- C:\Windows\System\FLPgCBi.exe
  C:\Windows\System\FLPgCBi.exe
  2⤵
  PID:4092
- C:\Windows\System\aYOdLxH.exe
  C:\Windows\System\aYOdLxH.exe
  2⤵
  PID:2820
- C:\Windows\System\HcxGaAd.exe
  C:\Windows\System\HcxGaAd.exe
  2⤵
  PID:3172
- C:\Windows\System\sWHETzC.exe
  C:\Windows\System\sWHETzC.exe
  2⤵
  PID:2796
- C:\Windows\System\jAytOrV.exe
  C:\Windows\System\jAytOrV.exe
  2⤵
  PID:2016
- C:\Windows\System\TkXAShD.exe
  C:\Windows\System\TkXAShD.exe
  2⤵
  PID:1428
- C:\Windows\System\KuWyIQg.exe
  C:\Windows\System\KuWyIQg.exe
  2⤵
  PID:2540
- C:\Windows\System\AnYbBuj.exe
  C:\Windows\System\AnYbBuj.exe
  2⤵
  PID:3184
- C:\Windows\System\ExQWIQt.exe
  C:\Windows\System\ExQWIQt.exe
  2⤵
  PID:3368
- C:\Windows\System\pMUrrEg.exe
  C:\Windows\System\pMUrrEg.exe
  2⤵
  PID:3380
- C:\Windows\System\KtVWOns.exe
  C:\Windows\System\KtVWOns.exe
  2⤵
  PID:3544
- C:\Windows\System\MAMuYua.exe
  C:\Windows\System\MAMuYua.exe
  2⤵
  PID:3652
- C:\Windows\System\aODpUGF.exe
  C:\Windows\System\aODpUGF.exe
  2⤵
  PID:3596
- C:\Windows\System\hrJokbB.exe
  C:\Windows\System\hrJokbB.exe
  2⤵
  PID:3680
- C:\Windows\System\ybovqGb.exe
  C:\Windows\System\ybovqGb.exe
  2⤵
  PID:3532
- C:\Windows\System\SSJbEBq.exe
  C:\Windows\System\SSJbEBq.exe
  2⤵
  PID:2728
- C:\Windows\System\jzYbKkg.exe
  C:\Windows\System\jzYbKkg.exe
  2⤵
  PID:2836
- C:\Windows\System\ojuXEWa.exe
  C:\Windows\System\ojuXEWa.exe
  2⤵
  PID:3692
- C:\Windows\System\mbDDNRM.exe
  C:\Windows\System\mbDDNRM.exe
  2⤵
  PID:3708
- C:\Windows\System\AMFPEnW.exe
  C:\Windows\System\AMFPEnW.exe
  2⤵
  PID:1040
- C:\Windows\System\BWtHzUg.exe
  C:\Windows\System\BWtHzUg.exe
  2⤵
  PID:2128
- C:\Windows\System\FCVjBOQ.exe
  C:\Windows\System\FCVjBOQ.exe
  2⤵
  PID:2328
- C:\Windows\System\ZxvIuiQ.exe
  C:\Windows\System\ZxvIuiQ.exe
  2⤵
  PID:956
- C:\Windows\System\YjLgEdy.exe
  C:\Windows\System\YjLgEdy.exe
  2⤵
  PID:2452
- C:\Windows\System\XHuJOzu.exe
  C:\Windows\System\XHuJOzu.exe
  2⤵
  PID:2124
- C:\Windows\System\TEZlZcT.exe
  C:\Windows\System\TEZlZcT.exe
  2⤵
  PID:1912
- C:\Windows\System\gxuRtBQ.exe
  C:\Windows\System\gxuRtBQ.exe
  2⤵
  PID:3712
- C:\Windows\System\ffLGzUq.exe
  C:\Windows\System\ffLGzUq.exe
  2⤵
  PID:1772
- C:\Windows\System\KwBSKeM.exe
  C:\Windows\System\KwBSKeM.exe
  2⤵
  PID:1028
- C:\Windows\System\tmvKoku.exe
  C:\Windows\System\tmvKoku.exe
  2⤵
  PID:3992
- C:\Windows\System\JUzzbrU.exe
  C:\Windows\System\JUzzbrU.exe
  2⤵
  PID:3772
- C:\Windows\System\wBmkxpS.exe
  C:\Windows\System\wBmkxpS.exe
  2⤵
  PID:3904
- C:\Windows\System\lledpBz.exe
  C:\Windows\System\lledpBz.exe
  2⤵
  PID:3984
- C:\Windows\System\ghimRog.exe
  C:\Windows\System\ghimRog.exe
  2⤵
  PID:4040
- C:\Windows\System\KGzimpX.exe
  C:\Windows\System\KGzimpX.exe
  2⤵
  PID:1192
- C:\Windows\System\CepuZEb.exe
  C:\Windows\System\CepuZEb.exe
  2⤵
  PID:1608
- C:\Windows\System\cqqZuLH.exe
  C:\Windows\System\cqqZuLH.exe
  2⤵
  PID:4084
- C:\Windows\System\aZtQrBZ.exe
  C:\Windows\System\aZtQrBZ.exe
  2⤵
  PID:4032
- C:\Windows\System\vIutnwh.exe
  C:\Windows\System\vIutnwh.exe
  2⤵
  PID:3248
- C:\Windows\System\gAcsWJp.exe
  C:\Windows\System\gAcsWJp.exe
  2⤵
  PID:3304
- C:\Windows\System\uRQRWYV.exe
  C:\Windows\System\uRQRWYV.exe
  2⤵
  PID:3632
- C:\Windows\System\wdueFXs.exe
  C:\Windows\System\wdueFXs.exe
  2⤵
  PID:2992
- C:\Windows\System\MaOSTZv.exe
  C:\Windows\System\MaOSTZv.exe
  2⤵
  PID:3496
- C:\Windows\System\pSYkXkG.exe
  C:\Windows\System\pSYkXkG.exe
  2⤵
  PID:3684
- C:\Windows\System\vNMFOIY.exe
  C:\Windows\System\vNMFOIY.exe
  2⤵
  PID:2524
- C:\Windows\System\vWYgSHz.exe
  C:\Windows\System\vWYgSHz.exe
  2⤵
  PID:2732
- C:\Windows\System\PcdftpX.exe
  C:\Windows\System\PcdftpX.exe
  2⤵
  PID:3488
- C:\Windows\System\TiCtwZF.exe
  C:\Windows\System\TiCtwZF.exe
  2⤵
  PID:2596
- C:\Windows\System\VQEsAgZ.exe
  C:\Windows\System\VQEsAgZ.exe
  2⤵
  PID:2032
- C:\Windows\System\rJPiKNS.exe
  C:\Windows\System\rJPiKNS.exe
  2⤵
  PID:2644
- C:\Windows\System\KvIMuMP.exe
  C:\Windows\System\KvIMuMP.exe
  2⤵
  PID:3828
- C:\Windows\System\RqXQCkc.exe
  C:\Windows\System\RqXQCkc.exe
  2⤵
  PID:692
- C:\Windows\System\UrMievQ.exe
  C:\Windows\System\UrMievQ.exe
  2⤵
  PID:4072
- C:\Windows\System\mgafIHM.exe
  C:\Windows\System\mgafIHM.exe
  2⤵
  PID:1724
- C:\Windows\System\dbOQBVH.exe
  C:\Windows\System\dbOQBVH.exe
  2⤵
  PID:2012
- C:\Windows\System\GqnSTBv.exe
  C:\Windows\System\GqnSTBv.exe
  2⤵
  PID:3400
- C:\Windows\System\zLtVmzp.exe
  C:\Windows\System\zLtVmzp.exe
  2⤵
  PID:3128
- C:\Windows\System\qELEklB.exe
  C:\Windows\System\qELEklB.exe
  2⤵
  PID:3244
- C:\Windows\System\qxhnuZw.exe
  C:\Windows\System\qxhnuZw.exe
  2⤵
  PID:3104
- C:\Windows\System\zYJzsYd.exe
  C:\Windows\System\zYJzsYd.exe
  2⤵
  PID:2368
- C:\Windows\System\TjxctLm.exe
  C:\Windows\System\TjxctLm.exe
  2⤵
  PID:2036
- C:\Windows\System\firHGkQ.exe
  C:\Windows\System\firHGkQ.exe
  2⤵
  PID:3068
- C:\Windows\System\DFdkkBD.exe
  C:\Windows\System\DFdkkBD.exe
  2⤵
  PID:576
- C:\Windows\System\AycRUQr.exe
  C:\Windows\System\AycRUQr.exe
  2⤵
  PID:2324
- C:\Windows\System\thJLOEJ.exe
  C:\Windows\System\thJLOEJ.exe
  2⤵
  PID:2704
- C:\Windows\System\frGGzyS.exe
  C:\Windows\System\frGGzyS.exe
  2⤵
  PID:2676
- C:\Windows\System\KjhOWcV.exe
  C:\Windows\System\KjhOWcV.exe
  2⤵
  PID:3148
- C:\Windows\System\TGzDQXP.exe
  C:\Windows\System\TGzDQXP.exe
  2⤵
  PID:3240
- C:\Windows\System\GoxqzlR.exe
  C:\Windows\System\GoxqzlR.exe
  2⤵
  PID:1300
- C:\Windows\System\VAtfUhK.exe
  C:\Windows\System\VAtfUhK.exe
  2⤵
  PID:3656
- C:\Windows\System\DwEZhWx.exe
  C:\Windows\System\DwEZhWx.exe
  2⤵
  PID:2188
- C:\Windows\System\lVdMkmd.exe
  C:\Windows\System\lVdMkmd.exe
  2⤵
  PID:3508
- C:\Windows\System\KOWXaYq.exe
  C:\Windows\System\KOWXaYq.exe
  2⤵
  PID:3440
- C:\Windows\System\nPDXgRo.exe
  C:\Windows\System\nPDXgRo.exe
  2⤵
  PID:4068
- C:\Windows\System\axVZHfO.exe
  C:\Windows\System\axVZHfO.exe
  2⤵
  PID:3360
- C:\Windows\System\IqcFzLu.exe
  C:\Windows\System\IqcFzLu.exe
  2⤵
  PID:3932
- C:\Windows\System\yYiqvhr.exe
  C:\Windows\System\yYiqvhr.exe
  2⤵
  PID:1576
- C:\Windows\System\oPwMbSr.exe
  C:\Windows\System\oPwMbSr.exe
  2⤵
  PID:1424
- C:\Windows\System\qMPEmEU.exe
  C:\Windows\System\qMPEmEU.exe
  2⤵
  PID:3144
- C:\Windows\System\fgteHZK.exe
  C:\Windows\System\fgteHZK.exe
  2⤵
  PID:3968
- C:\Windows\System\pkIaJTY.exe
  C:\Windows\System\pkIaJTY.exe
  2⤵
  PID:3724
- C:\Windows\System\ZuxSkmV.exe
  C:\Windows\System\ZuxSkmV.exe
  2⤵
  PID:1508
- C:\Windows\System\sMqoRtv.exe
  C:\Windows\System\sMqoRtv.exe
  2⤵
  PID:4112
- C:\Windows\System\wqmWvzA.exe
  C:\Windows\System\wqmWvzA.exe
  2⤵
  PID:4128
- C:\Windows\System\itpnjkB.exe
  C:\Windows\System\itpnjkB.exe
  2⤵
  PID:4144
- C:\Windows\System\NLgFBmx.exe
  C:\Windows\System\NLgFBmx.exe
  2⤵
  PID:4160
- C:\Windows\System\vWKIZMH.exe
  C:\Windows\System\vWKIZMH.exe
  2⤵
  PID:4192
- C:\Windows\System\fmuIxlm.exe
  C:\Windows\System\fmuIxlm.exe
  2⤵
  PID:4208
- C:\Windows\System\YbCggpR.exe
  C:\Windows\System\YbCggpR.exe
  2⤵
  PID:4228
- C:\Windows\System\rqCjyvx.exe
  C:\Windows\System\rqCjyvx.exe
  2⤵
  PID:4244
- C:\Windows\System\SGcXdgd.exe
  C:\Windows\System\SGcXdgd.exe
  2⤵
  PID:4264
- C:\Windows\System\uElmNKb.exe
  C:\Windows\System\uElmNKb.exe
  2⤵
  PID:4280
- C:\Windows\System\LnmWshw.exe
  C:\Windows\System\LnmWshw.exe
  2⤵
  PID:4296
- C:\Windows\System\NxmEFti.exe
  C:\Windows\System\NxmEFti.exe
  2⤵
  PID:4316
- C:\Windows\System\leOfdJe.exe
  C:\Windows\System\leOfdJe.exe
  2⤵
  PID:4332
- C:\Windows\System\chJnokB.exe
  C:\Windows\System\chJnokB.exe
  2⤵
  PID:4348
- C:\Windows\System\HCBzUSv.exe
  C:\Windows\System\HCBzUSv.exe
  2⤵
  PID:4372
- C:\Windows\System\fuCGXYw.exe
  C:\Windows\System\fuCGXYw.exe
  2⤵
  PID:4388
- C:\Windows\System\SDiQwvv.exe
  C:\Windows\System\SDiQwvv.exe
  2⤵
  PID:4408
- C:\Windows\System\oHUePlI.exe
  C:\Windows\System\oHUePlI.exe
  2⤵
  PID:4424
- C:\Windows\System\wLhFyAH.exe
  C:\Windows\System\wLhFyAH.exe
  2⤵
  PID:4448
- C:\Windows\System\mhgjgeW.exe
  C:\Windows\System\mhgjgeW.exe
  2⤵
  PID:4464
- C:\Windows\System\RBETCpo.exe
  C:\Windows\System\RBETCpo.exe
  2⤵
  PID:4516
- C:\Windows\System\IRTKxdq.exe
  C:\Windows\System\IRTKxdq.exe
  2⤵
  PID:4532
- C:\Windows\System\QqJDdSR.exe
  C:\Windows\System\QqJDdSR.exe
  2⤵
  PID:4548
- C:\Windows\System\icDvLqL.exe
  C:\Windows\System\icDvLqL.exe
  2⤵
  PID:4564
- C:\Windows\System\Tevckpc.exe
  C:\Windows\System\Tevckpc.exe
  2⤵
  PID:4596
- C:\Windows\System\wnkKlZn.exe
  C:\Windows\System\wnkKlZn.exe
  2⤵
  PID:4612
- C:\Windows\System\xKtedlA.exe
  C:\Windows\System\xKtedlA.exe
  2⤵
  PID:4632
- C:\Windows\System\XwuGjEC.exe
  C:\Windows\System\XwuGjEC.exe
  2⤵
  PID:4648
- C:\Windows\System\GOhFedH.exe
  C:\Windows\System\GOhFedH.exe
  2⤵
  PID:4664
- C:\Windows\System\NKyddXy.exe
  C:\Windows\System\NKyddXy.exe
  2⤵
  PID:4692
- C:\Windows\System\pHNuSXL.exe
  C:\Windows\System\pHNuSXL.exe
  2⤵
  PID:4708
- C:\Windows\System\uaOUlFm.exe
  C:\Windows\System\uaOUlFm.exe
  2⤵
  PID:4728
- C:\Windows\System\ZKhHkuu.exe
  C:\Windows\System\ZKhHkuu.exe
  2⤵
  PID:4744
- C:\Windows\System\sEqouui.exe
  C:\Windows\System\sEqouui.exe
  2⤵
  PID:4776
- C:\Windows\System\NEgbXRZ.exe
  C:\Windows\System\NEgbXRZ.exe
  2⤵
  PID:4792
- C:\Windows\System\FRnxInj.exe
  C:\Windows\System\FRnxInj.exe
  2⤵
  PID:4808
- C:\Windows\System\VSBHTnw.exe
  C:\Windows\System\VSBHTnw.exe
  2⤵
  PID:4824
- C:\Windows\System\MwDmAZN.exe
  C:\Windows\System\MwDmAZN.exe
  2⤵
  PID:4852
- C:\Windows\System\gkftteY.exe
  C:\Windows\System\gkftteY.exe
  2⤵
  PID:4872
- C:\Windows\System\TiWHNlH.exe
  C:\Windows\System\TiWHNlH.exe
  2⤵
  PID:4888
- C:\Windows\System\bWoZutT.exe
  C:\Windows\System\bWoZutT.exe
  2⤵
  PID:4904
- C:\Windows\System\QTDGRdI.exe
  C:\Windows\System\QTDGRdI.exe
  2⤵
  PID:4928
- C:\Windows\System\rRjAqHd.exe
  C:\Windows\System\rRjAqHd.exe
  2⤵
  PID:4944
- C:\Windows\System\AvOjxof.exe
  C:\Windows\System\AvOjxof.exe
  2⤵
  PID:4960
- C:\Windows\System\ocudCxE.exe
  C:\Windows\System\ocudCxE.exe
  2⤵
  PID:4980
- C:\Windows\System\BDyWUeD.exe
  C:\Windows\System\BDyWUeD.exe
  2⤵
  PID:4996
- C:\Windows\System\NQtwANy.exe
  C:\Windows\System\NQtwANy.exe
  2⤵
  PID:5020
- C:\Windows\System\jKadJbv.exe
  C:\Windows\System\jKadJbv.exe
  2⤵
  PID:5036
- C:\Windows\System\OBXPaQd.exe
  C:\Windows\System\OBXPaQd.exe
  2⤵
  PID:5064
- C:\Windows\System\tkkIXGw.exe
  C:\Windows\System\tkkIXGw.exe
  2⤵
  PID:5104
- C:\Windows\System\OaMwdwR.exe
  C:\Windows\System\OaMwdwR.exe
  2⤵
  PID:3324
- C:\Windows\System\UkOmNSN.exe
  C:\Windows\System\UkOmNSN.exe
  2⤵
  PID:4152
- C:\Windows\System\jUGifaa.exe
  C:\Windows\System\jUGifaa.exe
  2⤵
  PID:3980
- C:\Windows\System\kOdpfzQ.exe
  C:\Windows\System\kOdpfzQ.exe
  2⤵
  PID:4100
- C:\Windows\System\XNhWKIl.exe
  C:\Windows\System\XNhWKIl.exe
  2⤵
  PID:4168
- C:\Windows\System\siymrxa.exe
  C:\Windows\System\siymrxa.exe
  2⤵
  PID:4176
- C:\Windows\System\DhcwojJ.exe
  C:\Windows\System\DhcwojJ.exe
  2⤵
  PID:4236
- C:\Windows\System\RhVTJjY.exe
  C:\Windows\System\RhVTJjY.exe
  2⤵
  PID:4304
- C:\Windows\System\aploxOq.exe
  C:\Windows\System\aploxOq.exe
  2⤵
  PID:4384
- C:\Windows\System\MmhjeuS.exe
  C:\Windows\System\MmhjeuS.exe
  2⤵
  PID:4456
- C:\Windows\System\taqCEng.exe
  C:\Windows\System\taqCEng.exe
  2⤵
  PID:4292
- C:\Windows\System\JRZQNdv.exe
  C:\Windows\System\JRZQNdv.exe
  2⤵
  PID:4256
- C:\Windows\System\TuQMGlw.exe
  C:\Windows\System\TuQMGlw.exe
  2⤵
  PID:4560
- C:\Windows\System\ZhdgixC.exe
  C:\Windows\System\ZhdgixC.exe
  2⤵
  PID:4360
- C:\Windows\System\UsTtROT.exe
  C:\Windows\System\UsTtROT.exe
  2⤵
  PID:4432
- C:\Windows\System\HtXKHmF.exe
  C:\Windows\System\HtXKHmF.exe
  2⤵
  PID:4472
- C:\Windows\System\vUUSXOz.exe
  C:\Windows\System\vUUSXOz.exe
  2⤵
  PID:4492
- C:\Windows\System\yzfvhOb.exe
  C:\Windows\System\yzfvhOb.exe
  2⤵
  PID:4508
- C:\Windows\System\ZsxxedZ.exe
  C:\Windows\System\ZsxxedZ.exe
  2⤵
  PID:4588
- C:\Windows\System\oMHcXpY.exe
  C:\Windows\System\oMHcXpY.exe
  2⤵
  PID:4580
- C:\Windows\System\EZzoPeX.exe
  C:\Windows\System\EZzoPeX.exe
  2⤵
  PID:4608
- C:\Windows\System\kJMHYxu.exe
  C:\Windows\System\kJMHYxu.exe
  2⤵
  PID:4680
- C:\Windows\System\uaFJJIS.exe
  C:\Windows\System\uaFJJIS.exe
  2⤵
  PID:4716
- C:\Windows\System\kZrklTX.exe
  C:\Windows\System\kZrklTX.exe
  2⤵
  PID:4756
- C:\Windows\System\nNKOJdx.exe
  C:\Windows\System\nNKOJdx.exe
  2⤵
  PID:3900
- C:\Windows\System\XEhKljN.exe
  C:\Windows\System\XEhKljN.exe
  2⤵
  PID:4624
- C:\Windows\System\qhNVoLu.exe
  C:\Windows\System\qhNVoLu.exe
  2⤵
  PID:4772
- C:\Windows\System\SMPZGVN.exe
  C:\Windows\System\SMPZGVN.exe
  2⤵
  PID:4816
- C:\Windows\System\lYhYVby.exe
  C:\Windows\System\lYhYVby.exe
  2⤵
  PID:4836
- C:\Windows\System\pbDcDIj.exe
  C:\Windows\System\pbDcDIj.exe
  2⤵
  PID:4880
- C:\Windows\System\HrwDxWk.exe
  C:\Windows\System\HrwDxWk.exe
  2⤵
  PID:4784
- C:\Windows\System\uJgRLKT.exe
  C:\Windows\System\uJgRLKT.exe
  2⤵
  PID:4864
- C:\Windows\System\FHuIBJD.exe
  C:\Windows\System\FHuIBJD.exe
  2⤵
  PID:4120
- C:\Windows\System\UImytHQ.exe
  C:\Windows\System\UImytHQ.exe
  2⤵
  PID:4140
- C:\Windows\System\fbeTcRi.exe
  C:\Windows\System\fbeTcRi.exe
  2⤵
  PID:4380
- C:\Windows\System\pecPbvn.exe
  C:\Windows\System\pecPbvn.exe
  2⤵
  PID:4444
- C:\Windows\System\pNibWnH.exe
  C:\Windows\System\pNibWnH.exe
  2⤵
  PID:4584
- C:\Windows\System\rJYHzvh.exe
  C:\Windows\System\rJYHzvh.exe
  2⤵
  PID:4644
- C:\Windows\System\DVzHVSG.exe
  C:\Windows\System\DVzHVSG.exe
  2⤵
  PID:4540
- C:\Windows\System\adurKsy.exe
  C:\Windows\System\adurKsy.exe
  2⤵
  PID:4628
- C:\Windows\System\JLhrjmB.exe
  C:\Windows\System\JLhrjmB.exe
  2⤵
  PID:4848
- C:\Windows\System\sYrELTh.exe
  C:\Windows\System\sYrELTh.exe
  2⤵
  PID:4804
- C:\Windows\System\pkTkNtm.exe
  C:\Windows\System\pkTkNtm.exe
  2⤵
  PID:5096
- C:\Windows\System\optiNzX.exe
  C:\Windows\System\optiNzX.exe
  2⤵
  PID:4896
- C:\Windows\System\tHeTlYf.exe
  C:\Windows\System\tHeTlYf.exe
  2⤵
  PID:4868
- C:\Windows\System\MIeVCkc.exe
  C:\Windows\System\MIeVCkc.exe
  2⤵
  PID:4972
- C:\Windows\System\JYKxdxm.exe
  C:\Windows\System\JYKxdxm.exe
  2⤵
  PID:4184
- C:\Windows\System\vsKxzTm.exe
  C:\Windows\System\vsKxzTm.exe
  2⤵
  PID:5008
- C:\Windows\System\EoSklRT.exe
  C:\Windows\System\EoSklRT.exe
  2⤵
  PID:4272
- C:\Windows\System\xRnTUXX.exe
  C:\Windows\System\xRnTUXX.exe
  2⤵
  PID:4420
- C:\Windows\System\xfNYLTT.exe
  C:\Windows\System\xfNYLTT.exe
  2⤵
  PID:5116
- C:\Windows\System\kpOiNiJ.exe
  C:\Windows\System\kpOiNiJ.exe
  2⤵
  PID:4104
- C:\Windows\System\BWHyRVp.exe
  C:\Windows\System\BWHyRVp.exe
  2⤵
  PID:4524
- C:\Windows\System\TaqgYhT.exe
  C:\Windows\System\TaqgYhT.exe
  2⤵
  PID:4484
- C:\Windows\System\WGCTppe.exe
  C:\Windows\System\WGCTppe.exe
  2⤵
  PID:4752
- C:\Windows\System\YXhfQWV.exe
  C:\Windows\System\YXhfQWV.exe
  2⤵
  PID:4688
- C:\Windows\System\laksTwo.exe
  C:\Windows\System\laksTwo.exe
  2⤵
  PID:4924
- C:\Windows\System\vgfjfMM.exe
  C:\Windows\System\vgfjfMM.exe
  2⤵
  PID:5088
- C:\Windows\System\vQnIegD.exe
  C:\Windows\System\vQnIegD.exe
  2⤵
  PID:3492
- C:\Windows\System\rXkGxej.exe
  C:\Windows\System\rXkGxej.exe
  2⤵
  PID:4308
- C:\Windows\System\lVJLshr.exe
  C:\Windows\System\lVJLshr.exe
  2⤵
  PID:4620
- C:\Windows\System\PijyUSf.exe
  C:\Windows\System\PijyUSf.exe
  2⤵
  PID:4512
- C:\Windows\System\kjIANlG.exe
  C:\Windows\System\kjIANlG.exe
  2⤵
  PID:4956
- C:\Windows\System\DbKDoxy.exe
  C:\Windows\System\DbKDoxy.exe
  2⤵
  PID:4288
- C:\Windows\System\IAIFuUu.exe
  C:\Windows\System\IAIFuUu.exe
  2⤵
  PID:5004
- C:\Windows\System\IilBGIN.exe
  C:\Windows\System\IilBGIN.exe
  2⤵
  PID:5052
- C:\Windows\System\WZNRLWB.exe
  C:\Windows\System\WZNRLWB.exe
  2⤵
  PID:4224
- C:\Windows\System\wSXzdtj.exe
  C:\Windows\System\wSXzdtj.exe
  2⤵
  PID:4760
- C:\Windows\System\dUUQUqD.exe
  C:\Windows\System\dUUQUqD.exe
  2⤵
  PID:5028
- C:\Windows\System\SzOmvwX.exe
  C:\Windows\System\SzOmvwX.exe
  2⤵
  PID:4936
- C:\Windows\System\mbePhlR.exe
  C:\Windows\System\mbePhlR.exe
  2⤵
  PID:5048
- C:\Windows\System\RyKbgWh.exe
  C:\Windows\System\RyKbgWh.exe
  2⤵
  PID:5072
- C:\Windows\System\ZVNpzIV.exe
  C:\Windows\System\ZVNpzIV.exe
  2⤵
  PID:928
- C:\Windows\System\zgWYALi.exe
  C:\Windows\System\zgWYALi.exe
  2⤵
  PID:4860
- C:\Windows\System\glRbIcq.exe
  C:\Windows\System\glRbIcq.exe
  2⤵
  PID:4440
- C:\Windows\System\OJCfAHs.exe
  C:\Windows\System\OJCfAHs.exe
  2⤵
  PID:924
- C:\Windows\System\BYRMIWy.exe
  C:\Windows\System\BYRMIWy.exe
  2⤵
  PID:4900
- C:\Windows\System\FmFvlsR.exe
  C:\Windows\System\FmFvlsR.exe
  2⤵
  PID:4416
- C:\Windows\System\ZIiNUXT.exe
  C:\Windows\System\ZIiNUXT.exe
  2⤵
  PID:5132
- C:\Windows\System\ShFtugp.exe
  C:\Windows\System\ShFtugp.exe
  2⤵
  PID:5148
- C:\Windows\System\btZyKkR.exe
  C:\Windows\System\btZyKkR.exe
  2⤵
  PID:5168
- C:\Windows\System\NuzxRfl.exe
  C:\Windows\System\NuzxRfl.exe
  2⤵
  PID:5200
- C:\Windows\System\erphNFy.exe
  C:\Windows\System\erphNFy.exe
  2⤵
  PID:5216
- C:\Windows\System\zovtgvt.exe
  C:\Windows\System\zovtgvt.exe
  2⤵
  PID:5232
- C:\Windows\System\dbJzgvD.exe
  C:\Windows\System\dbJzgvD.exe
  2⤵
  PID:5252
- C:\Windows\System\gBKZQly.exe
  C:\Windows\System\gBKZQly.exe
  2⤵
  PID:5280
- C:\Windows\System\fuUbkRw.exe
  C:\Windows\System\fuUbkRw.exe
  2⤵
  PID:5296
- C:\Windows\System\KMWYmra.exe
  C:\Windows\System\KMWYmra.exe
  2⤵
  PID:5312
- C:\Windows\System\cKVPqrC.exe
  C:\Windows\System\cKVPqrC.exe
  2⤵
  PID:5328
- C:\Windows\System\TKhQivm.exe
  C:\Windows\System\TKhQivm.exe
  2⤵
  PID:5360
- C:\Windows\System\VacSZYE.exe
  C:\Windows\System\VacSZYE.exe
  2⤵
  PID:5376
- C:\Windows\System\JiAsYzh.exe
  C:\Windows\System\JiAsYzh.exe
  2⤵
  PID:5396
- C:\Windows\System\inVGYzg.exe
  C:\Windows\System\inVGYzg.exe
  2⤵
  PID:5412
- C:\Windows\System\LGgEtgs.exe
  C:\Windows\System\LGgEtgs.exe
  2⤵
  PID:5436
- C:\Windows\System\uuEuqCJ.exe
  C:\Windows\System\uuEuqCJ.exe
  2⤵
  PID:5452
- C:\Windows\System\IlIZFGR.exe
  C:\Windows\System\IlIZFGR.exe
  2⤵
  PID:5472
- C:\Windows\System\AfWUkkF.exe
  C:\Windows\System\AfWUkkF.exe
  2⤵
  PID:5500
- C:\Windows\System\AGaRyKO.exe
  C:\Windows\System\AGaRyKO.exe
  2⤵
  PID:5520
- C:\Windows\System\Ufxhesq.exe
  C:\Windows\System\Ufxhesq.exe
  2⤵
  PID:5536
- C:\Windows\System\YOrhlCh.exe
  C:\Windows\System\YOrhlCh.exe
  2⤵
  PID:5556
- C:\Windows\System\OJANEnt.exe
  C:\Windows\System\OJANEnt.exe
  2⤵
  PID:5584
- C:\Windows\System\wmvkIcl.exe
  C:\Windows\System\wmvkIcl.exe
  2⤵
  PID:5600
- C:\Windows\System\xfWKNpw.exe
  C:\Windows\System\xfWKNpw.exe
  2⤵
  PID:5616
- C:\Windows\System\QInikfo.exe
  C:\Windows\System\QInikfo.exe
  2⤵
  PID:5636
- C:\Windows\System\avXEYZv.exe
  C:\Windows\System\avXEYZv.exe
  2⤵
  PID:5652
- C:\Windows\System\jEGyYCw.exe
  C:\Windows\System\jEGyYCw.exe
  2⤵
  PID:5684
- C:\Windows\System\UUhOxjT.exe
  C:\Windows\System\UUhOxjT.exe
  2⤵
  PID:5700
- C:\Windows\System\pCuPZXw.exe
  C:\Windows\System\pCuPZXw.exe
  2⤵
  PID:5716
- C:\Windows\System\cJXOyhv.exe
  C:\Windows\System\cJXOyhv.exe
  2⤵
  PID:5732
- C:\Windows\System\hjecQRh.exe
  C:\Windows\System\hjecQRh.exe
  2⤵
  PID:5752
- C:\Windows\System\sAoEuRe.exe
  C:\Windows\System\sAoEuRe.exe
  2⤵
  PID:5772
- C:\Windows\System\qFmpKzt.exe
  C:\Windows\System\qFmpKzt.exe
  2⤵
  PID:5788
- C:\Windows\System\wnXqFiJ.exe
  C:\Windows\System\wnXqFiJ.exe
  2⤵
  PID:5804
- C:\Windows\System\XXNOotU.exe
  C:\Windows\System\XXNOotU.exe
  2⤵
  PID:5820
- C:\Windows\System\cVxOULd.exe
  C:\Windows\System\cVxOULd.exe
  2⤵
  PID:5836
- C:\Windows\System\FenfCsp.exe
  C:\Windows\System\FenfCsp.exe
  2⤵
  PID:5852
- C:\Windows\System\VZqWvPZ.exe
  C:\Windows\System\VZqWvPZ.exe
  2⤵
  PID:5868
- C:\Windows\System\fGPrFfS.exe
  C:\Windows\System\fGPrFfS.exe
  2⤵
  PID:5884
- C:\Windows\System\yhOFhnu.exe
  C:\Windows\System\yhOFhnu.exe
  2⤵
  PID:5900
- C:\Windows\System\EgIHsNR.exe
  C:\Windows\System\EgIHsNR.exe
  2⤵
  PID:5916
- C:\Windows\System\xXMJMGE.exe
  C:\Windows\System\xXMJMGE.exe
  2⤵
  PID:5936
- C:\Windows\System\XLbjxCI.exe
  C:\Windows\System\XLbjxCI.exe
  2⤵
  PID:5952
- C:\Windows\System\fhdegzp.exe
  C:\Windows\System\fhdegzp.exe
  2⤵
  PID:5968
- C:\Windows\System\cfrrNiY.exe
  C:\Windows\System\cfrrNiY.exe
  2⤵
  PID:5984
- C:\Windows\System\oOGkxdh.exe
  C:\Windows\System\oOGkxdh.exe
  2⤵
  PID:6000
- C:\Windows\System\vkxucNS.exe
  C:\Windows\System\vkxucNS.exe
  2⤵
  PID:6016
- C:\Windows\System\IbAVYYw.exe
  C:\Windows\System\IbAVYYw.exe
  2⤵
  PID:6032
- C:\Windows\System\YTgBGvY.exe
  C:\Windows\System\YTgBGvY.exe
  2⤵
  PID:6048
- C:\Windows\System\AQTjnps.exe
  C:\Windows\System\AQTjnps.exe
  2⤵
  PID:6064
- C:\Windows\System\PIaRygq.exe
  C:\Windows\System\PIaRygq.exe
  2⤵
  PID:6080
- C:\Windows\System\JbsiFoa.exe
  C:\Windows\System\JbsiFoa.exe
  2⤵
  PID:6096
- C:\Windows\System\FRYYSZw.exe
  C:\Windows\System\FRYYSZw.exe
  2⤵
  PID:6112
- C:\Windows\System\iEIjfYI.exe
  C:\Windows\System\iEIjfYI.exe
  2⤵
  PID:6128
- C:\Windows\System\KxzJVOb.exe
  C:\Windows\System\KxzJVOb.exe
  2⤵
  PID:5032
- C:\Windows\System\vpeKBEG.exe
  C:\Windows\System\vpeKBEG.exe
  2⤵
  PID:4700
- C:\Windows\System\FTlNNsk.exe
  C:\Windows\System\FTlNNsk.exe
  2⤵
  PID:5140
- C:\Windows\System\hFxqgEZ.exe
  C:\Windows\System\hFxqgEZ.exe
  2⤵
  PID:5192
- C:\Windows\System\KhsQGtd.exe
  C:\Windows\System\KhsQGtd.exe
  2⤵
  PID:5180
- C:\Windows\System\StFSJsy.exe
  C:\Windows\System\StFSJsy.exe
  2⤵
  PID:5160
- C:\Windows\System\bsbWOWO.exe
  C:\Windows\System\bsbWOWO.exe
  2⤵
  PID:5276
- C:\Windows\System\iofycyO.exe
  C:\Windows\System\iofycyO.exe
  2⤵
  PID:5264
- C:\Windows\System\dgydGxn.exe
  C:\Windows\System\dgydGxn.exe
  2⤵
  PID:5308
- C:\Windows\System\oSwWLaQ.exe
  C:\Windows\System\oSwWLaQ.exe
  2⤵
  PID:5344
- C:\Windows\System\EnouFWj.exe
  C:\Windows\System\EnouFWj.exe
  2⤵
  PID:5340
- C:\Windows\System\AmFpwEs.exe
  C:\Windows\System\AmFpwEs.exe
  2⤵
  PID:5392
- C:\Windows\System\OorowOA.exe
  C:\Windows\System\OorowOA.exe
  2⤵
  PID:5424
- C:\Windows\System\XoNjJFd.exe
  C:\Windows\System\XoNjJFd.exe
  2⤵
  PID:5468
- C:\Windows\System\HMexoFU.exe
  C:\Windows\System\HMexoFU.exe
  2⤵
  PID:5368
- C:\Windows\System\hzvYjav.exe
  C:\Windows\System\hzvYjav.exe
  2⤵
  PID:5544
- C:\Windows\System\wuMGluI.exe
  C:\Windows\System\wuMGluI.exe
  2⤵
  PID:5432
- C:\Windows\System\mIiNjja.exe
  C:\Windows\System\mIiNjja.exe
  2⤵
  PID:5488
- C:\Windows\System\sfVjher.exe
  C:\Windows\System\sfVjher.exe
  2⤵
  PID:5532
- C:\Windows\System\aySnCJE.exe
  C:\Windows\System\aySnCJE.exe
  2⤵
  PID:5580
- C:\Windows\System\EjpWOPP.exe
  C:\Windows\System\EjpWOPP.exe
  2⤵
  PID:5896
- C:\Windows\System\gIxorka.exe
  C:\Windows\System\gIxorka.exe
  2⤵
  PID:6012
- C:\Windows\System\jXTzSaH.exe
  C:\Windows\System\jXTzSaH.exe
  2⤵
  PID:6044
- C:\Windows\System\rDCCgCM.exe
  C:\Windows\System\rDCCgCM.exe
  2⤵
  PID:6076
- C:\Windows\System\oDSuRGA.exe
  C:\Windows\System\oDSuRGA.exe
  2⤵
  PID:6060
- C:\Windows\System\igXdLzT.exe
  C:\Windows\System\igXdLzT.exe
  2⤵
  PID:6124
- C:\Windows\System\hygPMmS.exe
  C:\Windows\System\hygPMmS.exe
  2⤵
  PID:4328
- C:\Windows\System\EtRjucH.exe
  C:\Windows\System\EtRjucH.exe
  2⤵
  PID:4844
- C:\Windows\System\NDhgyyl.exe
  C:\Windows\System\NDhgyyl.exe
  2⤵
  PID:5212
- C:\Windows\System\BfVFvWR.exe
  C:\Windows\System\BfVFvWR.exe
  2⤵
  PID:5304
- C:\Windows\System\sMCGyqf.exe
  C:\Windows\System\sMCGyqf.exe
  2⤵
  PID:5388
- C:\Windows\System\XiuWMWw.exe
  C:\Windows\System\XiuWMWw.exe
  2⤵
  PID:5552
- C:\Windows\System\ZpmEvYM.exe
  C:\Windows\System\ZpmEvYM.exe
  2⤵
  PID:5548
- C:\Windows\System\kJgmpsW.exe
  C:\Windows\System\kJgmpsW.exe
  2⤵
  PID:5568
- C:\Windows\System\mQGHDVN.exe
  C:\Windows\System\mQGHDVN.exe
  2⤵
  PID:5596
- C:\Windows\System\xmzOKFF.exe
  C:\Windows\System\xmzOKFF.exe
  2⤵
  PID:5668
- C:\Windows\System\EDMoUjR.exe
  C:\Windows\System\EDMoUjR.exe
  2⤵
  PID:5708
- C:\Windows\System\uFXaPhf.exe
  C:\Windows\System\uFXaPhf.exe
  2⤵
  PID:5696
- C:\Windows\System\MnaEhkb.exe
  C:\Windows\System\MnaEhkb.exe
  2⤵
  PID:5780
- C:\Windows\System\LzFTcVd.exe
  C:\Windows\System\LzFTcVd.exe
  2⤵
  PID:5760
- C:\Windows\System\rAUNQWc.exe
  C:\Windows\System\rAUNQWc.exe
  2⤵
  PID:5848
- C:\Windows\System\LUCHrHH.exe
  C:\Windows\System\LUCHrHH.exe
  2⤵
  PID:5828
- C:\Windows\System\wfXDDSS.exe
  C:\Windows\System\wfXDDSS.exe
  2⤵
  PID:5880
- C:\Windows\System\GhakasF.exe
  C:\Windows\System\GhakasF.exe
  2⤵
  PID:5892
- C:\Windows\System\edxkTFl.exe
  C:\Windows\System\edxkTFl.exe
  2⤵
  PID:5924
- C:\Windows\System\DcSHHOV.exe
  C:\Windows\System\DcSHHOV.exe
  2⤵
  PID:5964
- C:\Windows\System\IdvoLfV.exe
  C:\Windows\System\IdvoLfV.exe
  2⤵
  PID:6108
- C:\Windows\System\gJvUHoE.exe
  C:\Windows\System\gJvUHoE.exe
  2⤵
  PID:6136
- C:\Windows\System\nYMlblM.exe
  C:\Windows\System\nYMlblM.exe
  2⤵
  PID:960
- C:\Windows\System\IvBjQav.exe
  C:\Windows\System\IvBjQav.exe
  2⤵
  PID:5352
- C:\Windows\System\nekECss.exe
  C:\Windows\System\nekECss.exe
  2⤵
  PID:5384
- C:\Windows\System\OLyFodQ.exe
  C:\Windows\System\OLyFodQ.exe
  2⤵
  PID:5496
- C:\Windows\System\JCKHLNW.exe
  C:\Windows\System\JCKHLNW.exe
  2⤵
  PID:5124
- C:\Windows\System\GzUBvIG.exe
  C:\Windows\System\GzUBvIG.exe
  2⤵
  PID:5664
- C:\Windows\System\eGmYYgJ.exe
  C:\Windows\System\eGmYYgJ.exe
  2⤵
  PID:5516
- C:\Windows\System\vlDgwrL.exe
  C:\Windows\System\vlDgwrL.exe
  2⤵
  PID:5592
- C:\Windows\System\CrTfynf.exe
  C:\Windows\System\CrTfynf.exe
  2⤵
  PID:5644
- C:\Windows\System\lbiCXoi.exe
  C:\Windows\System\lbiCXoi.exe
  2⤵
  PID:5816
- C:\Windows\System\WobEqow.exe
  C:\Windows\System\WobEqow.exe
  2⤵
  PID:5832
- C:\Windows\System\hANhDsS.exe
  C:\Windows\System\hANhDsS.exe
  2⤵
  PID:5864
- C:\Windows\System\OIPAyIn.exe
  C:\Windows\System\OIPAyIn.exe
  2⤵
  PID:5912
- C:\Windows\System\UWsCkqi.exe
  C:\Windows\System\UWsCkqi.exe
  2⤵
  PID:5624
- C:\Windows\System\dncmYVM.exe
  C:\Windows\System\dncmYVM.exe
  2⤵
  PID:5512
- C:\Windows\System\zyFxAJr.exe
  C:\Windows\System\zyFxAJr.exe
  2⤵
  PID:5224
- C:\Windows\System\TMUehoh.exe
  C:\Windows\System\TMUehoh.exe
  2⤵
  PID:5632
- C:\Windows\System\BeEJZYL.exe
  C:\Windows\System\BeEJZYL.exe
  2⤵
  PID:5764
- C:\Windows\System\ASDNXyb.exe
  C:\Windows\System\ASDNXyb.exe
  2⤵
  PID:5484
- C:\Windows\System\OXjgBEq.exe
  C:\Windows\System\OXjgBEq.exe
  2⤵
  PID:5932
- C:\Windows\System\UJuIEcm.exe
  C:\Windows\System\UJuIEcm.exe
  2⤵
  PID:5420
- C:\Windows\System\QLCDLjZ.exe
  C:\Windows\System\QLCDLjZ.exe
  2⤵
  PID:5608
- C:\Windows\System\fneRLOt.exe
  C:\Windows\System\fneRLOt.exe
  2⤵
  PID:5960
- C:\Windows\System\nZCKxam.exe
  C:\Windows\System\nZCKxam.exe
  2⤵
  PID:5408
- C:\Windows\System\AjTRRaM.exe
  C:\Windows\System\AjTRRaM.exe
  2⤵
  PID:5356
- C:\Windows\System\tEBHtKl.exe
  C:\Windows\System\tEBHtKl.exe
  2⤵
  PID:5844
- C:\Windows\System\GFvJbWo.exe
  C:\Windows\System\GFvJbWo.exe
  2⤵
  PID:6160
- C:\Windows\System\mZQRqEL.exe
  C:\Windows\System\mZQRqEL.exe
  2⤵
  PID:6180
- C:\Windows\System\sGJiXen.exe
  C:\Windows\System\sGJiXen.exe
  2⤵
  PID:6196
- C:\Windows\System\MNfHKrb.exe
  C:\Windows\System\MNfHKrb.exe
  2⤵
  PID:6212
- C:\Windows\System\RwzehBb.exe
  C:\Windows\System\RwzehBb.exe
  2⤵
  PID:6228
- C:\Windows\System\UASPPVY.exe
  C:\Windows\System\UASPPVY.exe
  2⤵
  PID:6244
- C:\Windows\System\TEMIcVp.exe
  C:\Windows\System\TEMIcVp.exe
  2⤵
  PID:6260
- C:\Windows\System\vqSLuXq.exe
  C:\Windows\System\vqSLuXq.exe
  2⤵
  PID:6276
- C:\Windows\System\lcdDuUP.exe
  C:\Windows\System\lcdDuUP.exe
  2⤵
  PID:6292
- C:\Windows\System\mFtjKdj.exe
  C:\Windows\System\mFtjKdj.exe
  2⤵
  PID:6308
- C:\Windows\System\LDjNWNZ.exe
  C:\Windows\System\LDjNWNZ.exe
  2⤵
  PID:6324
- C:\Windows\System\LLipvPy.exe
  C:\Windows\System\LLipvPy.exe
  2⤵
  PID:6340
- C:\Windows\System\xzVyzno.exe
  C:\Windows\System\xzVyzno.exe
  2⤵
  PID:6356
- C:\Windows\System\AwwZKEj.exe
  C:\Windows\System\AwwZKEj.exe
  2⤵
  PID:6372
- C:\Windows\System\RgtrGni.exe
  C:\Windows\System\RgtrGni.exe
  2⤵
  PID:6388
- C:\Windows\System\UJhowiN.exe
  C:\Windows\System\UJhowiN.exe
  2⤵
  PID:6404
- C:\Windows\System\WvasFIR.exe
  C:\Windows\System\WvasFIR.exe
  2⤵
  PID:6420
- C:\Windows\System\qmejNlJ.exe
  C:\Windows\System\qmejNlJ.exe
  2⤵
  PID:6436
- C:\Windows\System\UzHoibg.exe
  C:\Windows\System\UzHoibg.exe
  2⤵
  PID:6456
- C:\Windows\System\qRNMZwK.exe
  C:\Windows\System\qRNMZwK.exe
  2⤵
  PID:6472
- C:\Windows\System\rubonTf.exe
  C:\Windows\System\rubonTf.exe
  2⤵
  PID:6488
- C:\Windows\System\wkNQaQL.exe
  C:\Windows\System\wkNQaQL.exe
  2⤵
  PID:6504
- C:\Windows\System\xcBajLG.exe
  C:\Windows\System\xcBajLG.exe
  2⤵
  PID:6520
- C:\Windows\System\BVEhclW.exe
  C:\Windows\System\BVEhclW.exe
  2⤵
  PID:6536
- C:\Windows\System\zNZeEmJ.exe
  C:\Windows\System\zNZeEmJ.exe
  2⤵
  PID:6552
- C:\Windows\System\xMnrDls.exe
  C:\Windows\System\xMnrDls.exe
  2⤵
  PID:6568
- C:\Windows\System\eZtvzdq.exe
  C:\Windows\System\eZtvzdq.exe
  2⤵
  PID:6584
- C:\Windows\System\QLSoGeq.exe
  C:\Windows\System\QLSoGeq.exe
  2⤵
  PID:6600
- C:\Windows\System\kDQlYHS.exe
  C:\Windows\System\kDQlYHS.exe
  2⤵
  PID:6616
- C:\Windows\System\aDYOtYR.exe
  C:\Windows\System\aDYOtYR.exe
  2⤵
  PID:6632
- C:\Windows\System\cVJQtvr.exe
  C:\Windows\System\cVJQtvr.exe
  2⤵
  PID:6648
- C:\Windows\System\RQmiLhx.exe
  C:\Windows\System\RQmiLhx.exe
  2⤵
  PID:6668
- C:\Windows\System\imMLtsW.exe
  C:\Windows\System\imMLtsW.exe
  2⤵
  PID:6684
- C:\Windows\System\xCMlSQI.exe
  C:\Windows\System\xCMlSQI.exe
  2⤵
  PID:6700
- C:\Windows\System\UWRHGZz.exe
  C:\Windows\System\UWRHGZz.exe
  2⤵
  PID:6716
- C:\Windows\System\SkTCTsF.exe
  C:\Windows\System\SkTCTsF.exe
  2⤵
  PID:6732
- C:\Windows\System\domYPgr.exe
  C:\Windows\System\domYPgr.exe
  2⤵
  PID:6748
- C:\Windows\System\gvgYQoF.exe
  C:\Windows\System\gvgYQoF.exe
  2⤵
  PID:6764
- C:\Windows\System\OrNQTms.exe
  C:\Windows\System\OrNQTms.exe
  2⤵
  PID:6780
- C:\Windows\System\vUvZWKV.exe
  C:\Windows\System\vUvZWKV.exe
  2⤵
  PID:6796
- C:\Windows\System\myMIeGV.exe
  C:\Windows\System\myMIeGV.exe
  2⤵
  PID:6812
- C:\Windows\System\hqrKwll.exe
  C:\Windows\System\hqrKwll.exe
  2⤵
  PID:6828
- C:\Windows\System\FPHbFOc.exe
  C:\Windows\System\FPHbFOc.exe
  2⤵
  PID:6844
- C:\Windows\System\ZebXUxd.exe
  C:\Windows\System\ZebXUxd.exe
  2⤵
  PID:6860
- C:\Windows\System\xPXFQLT.exe
  C:\Windows\System\xPXFQLT.exe
  2⤵
  PID:6876
- C:\Windows\System\aldShdH.exe
  C:\Windows\System\aldShdH.exe
  2⤵
  PID:6892
- C:\Windows\System\BWWGWLj.exe
  C:\Windows\System\BWWGWLj.exe
  2⤵
  PID:6908
- C:\Windows\System\sOzvltx.exe
  C:\Windows\System\sOzvltx.exe
  2⤵
  PID:6924
- C:\Windows\System\aDHiwTP.exe
  C:\Windows\System\aDHiwTP.exe
  2⤵
  PID:6940
- C:\Windows\System\IDGuPzp.exe
  C:\Windows\System\IDGuPzp.exe
  2⤵
  PID:6956
- C:\Windows\System\MkuAqyl.exe
  C:\Windows\System\MkuAqyl.exe
  2⤵
  PID:6972
- C:\Windows\System\rTVPdHV.exe
  C:\Windows\System\rTVPdHV.exe
  2⤵
  PID:6988
- C:\Windows\System\uRCQtXq.exe
  C:\Windows\System\uRCQtXq.exe
  2⤵
  PID:7004
- C:\Windows\System\LtSgrtM.exe
  C:\Windows\System\LtSgrtM.exe
  2⤵
  PID:7020
- C:\Windows\System\jJSdiQy.exe
  C:\Windows\System\jJSdiQy.exe
  2⤵
  PID:7036
- C:\Windows\System\NCqloGg.exe
  C:\Windows\System\NCqloGg.exe
  2⤵
  PID:7052
- C:\Windows\System\vJjnnaX.exe
  C:\Windows\System\vJjnnaX.exe
  2⤵
  PID:7068
- C:\Windows\System\eBftSdL.exe
  C:\Windows\System\eBftSdL.exe
  2⤵
  PID:7084
- C:\Windows\System\XVaAlVb.exe
  C:\Windows\System\XVaAlVb.exe
  2⤵
  PID:7100
- C:\Windows\System\leYKAWz.exe
  C:\Windows\System\leYKAWz.exe
  2⤵
  PID:7116
- C:\Windows\System\oMMQMfo.exe
  C:\Windows\System\oMMQMfo.exe
  2⤵
  PID:7132
- C:\Windows\System\DbtAYcr.exe
  C:\Windows\System\DbtAYcr.exe
  2⤵
  PID:7156
- C:\Windows\System\bHGjVxw.exe
  C:\Windows\System\bHGjVxw.exe
  2⤵
  PID:6156
- C:\Windows\System\fExMzQP.exe
  C:\Windows\System\fExMzQP.exe
  2⤵
  PID:6224
- C:\Windows\System\gBLCVWH.exe
  C:\Windows\System\gBLCVWH.exe
  2⤵
  PID:6140
- C:\Windows\System\GINlIOv.exe
  C:\Windows\System\GINlIOv.exe
  2⤵
  PID:5692
- C:\Windows\System\sTJFuGX.exe
  C:\Windows\System\sTJFuGX.exe
  2⤵
  PID:6288
- C:\Windows\System\EEMZiVn.exe
  C:\Windows\System\EEMZiVn.exe
  2⤵
  PID:6168
- C:\Windows\System\MiHPMeG.exe
  C:\Windows\System\MiHPMeG.exe
  2⤵
  PID:6268
- C:\Windows\System\XapYVOJ.exe
  C:\Windows\System\XapYVOJ.exe
  2⤵
  PID:6348
- C:\Windows\System\GwQFtbl.exe
  C:\Windows\System\GwQFtbl.exe
  2⤵
  PID:6384
- C:\Windows\System\pXhCoPF.exe
  C:\Windows\System\pXhCoPF.exe
  2⤵
  PID:6204
- C:\Windows\System\CaeyxpF.exe
  C:\Windows\System\CaeyxpF.exe
  2⤵
  PID:6208
- C:\Windows\System\kQsQVpC.exe
  C:\Windows\System\kQsQVpC.exe
  2⤵
  PID:6220
- C:\Windows\System\TbQTJoT.exe
  C:\Windows\System\TbQTJoT.exe
  2⤵
  PID:6416
- C:\Windows\System\mbwHxWM.exe
  C:\Windows\System\mbwHxWM.exe
  2⤵
  PID:6396
- C:\Windows\System\mjxhdgP.exe
  C:\Windows\System\mjxhdgP.exe
  2⤵
  PID:2364
- C:\Windows\System\JzuGFuQ.exe
  C:\Windows\System\JzuGFuQ.exe
  2⤵
  PID:6448
- C:\Windows\System\qagaUoL.exe
  C:\Windows\System\qagaUoL.exe
  2⤵
  PID:6512
- C:\Windows\System\EytHUFQ.exe
  C:\Windows\System\EytHUFQ.exe
  2⤵
  PID:6548
- C:\Windows\System\jCYLniE.exe
  C:\Windows\System\jCYLniE.exe
  2⤵
  PID:6528
- C:\Windows\System\SPiDKjk.exe
  C:\Windows\System\SPiDKjk.exe
  2⤵
  PID:6644
- C:\Windows\System\gvbMqdF.exe
  C:\Windows\System\gvbMqdF.exe
  2⤵
  PID:6624
- C:\Windows\System\qAagoEy.exe
  C:\Windows\System\qAagoEy.exe
  2⤵
  PID:6708
- C:\Windows\System\GnyaIxa.exe
  C:\Windows\System\GnyaIxa.exe
  2⤵
  PID:6772
- C:\Windows\System\MAIBdyc.exe
  C:\Windows\System\MAIBdyc.exe
  2⤵
  PID:6724
- C:\Windows\System\VJNSJBa.exe
  C:\Windows\System\VJNSJBa.exe
  2⤵
  PID:6728
- C:\Windows\System\MJyosjy.exe
  C:\Windows\System\MJyosjy.exe
  2⤵
  PID:6792
- C:\Windows\System\EXVnbqD.exe
  C:\Windows\System\EXVnbqD.exe
  2⤵
  PID:6872
- C:\Windows\System\khNJPrY.exe
  C:\Windows\System\khNJPrY.exe
  2⤵
  PID:6888
- C:\Windows\System\uOYFOsP.exe
  C:\Windows\System\uOYFOsP.exe
  2⤵
  PID:6932
- C:\Windows\System\VKOgHyz.exe
  C:\Windows\System\VKOgHyz.exe
  2⤵
  PID:6948
- C:\Windows\System\KWlyHid.exe
  C:\Windows\System\KWlyHid.exe
  2⤵
  PID:7012
- C:\Windows\System\EvYTSCk.exe
  C:\Windows\System\EvYTSCk.exe
  2⤵
  PID:7064
- C:\Windows\System\AgwpRmj.exe
  C:\Windows\System\AgwpRmj.exe
  2⤵
  PID:7080
- C:\Windows\System\keNpHxP.exe
  C:\Windows\System\keNpHxP.exe
  2⤵
  PID:7128
- C:\Windows\System\jOmmFxZ.exe
  C:\Windows\System\jOmmFxZ.exe
  2⤵
  PID:7152
- C:\Windows\System\uLoTSIV.exe
  C:\Windows\System\uLoTSIV.exe
  2⤵
  PID:7048
- C:\Windows\System\KrnFomx.exe
  C:\Windows\System\KrnFomx.exe
  2⤵
  PID:6304
- C:\Windows\System\IZKDZaq.exe
  C:\Windows\System\IZKDZaq.exe
  2⤵
  PID:6300
- C:\Windows\System\nujhCtF.exe
  C:\Windows\System\nujhCtF.exe
  2⤵
  PID:6428
- C:\Windows\System\nuCfjXE.exe
  C:\Windows\System\nuCfjXE.exe
  2⤵
  PID:6532
- C:\Windows\System\lLPSlZb.exe
  C:\Windows\System\lLPSlZb.exe
  2⤵
  PID:6592
- C:\Windows\System\sdUMAzv.exe
  C:\Windows\System\sdUMAzv.exe
  2⤵
  PID:6756
- C:\Windows\System\dORmPDl.exe
  C:\Windows\System\dORmPDl.exe
  2⤵
  PID:6608
- C:\Windows\System\iEbSvKz.exe
  C:\Windows\System\iEbSvKz.exe
  2⤵
  PID:6496
- C:\Windows\System\ewTMyTr.exe
  C:\Windows\System\ewTMyTr.exe
  2⤵
  PID:6836
- C:\Windows\System\XXjmeJn.exe
  C:\Windows\System\XXjmeJn.exe
  2⤵
  PID:6696
- C:\Windows\System\egDKqTC.exe
  C:\Windows\System\egDKqTC.exe
  2⤵
  PID:6856
- C:\Windows\System\cGQlLKu.exe
  C:\Windows\System\cGQlLKu.exe
  2⤵
  PID:7076
- C:\Windows\System\wrOcgzJ.exe
  C:\Windows\System\wrOcgzJ.exe
  2⤵
  PID:6240
- C:\Windows\System\MMOwTjU.exe
  C:\Windows\System\MMOwTjU.exe
  2⤵
  PID:7060
- C:\Windows\System\TOXSTLI.exe
  C:\Windows\System\TOXSTLI.exe
  2⤵
  PID:6500
- C:\Windows\System\EpBEDcI.exe
  C:\Windows\System\EpBEDcI.exe
  2⤵
  PID:7112
- C:\Windows\System\TvnIJwv.exe
  C:\Windows\System\TvnIJwv.exe
  2⤵
  PID:6192
- C:\Windows\System\NEujDru.exe
  C:\Windows\System\NEujDru.exe
  2⤵
  PID:6660
- C:\Windows\System\YNPSZSg.exe
  C:\Windows\System\YNPSZSg.exe
  2⤵
  PID:6352
- C:\Windows\System\fJwuvcN.exe
  C:\Windows\System\fJwuvcN.exe
  2⤵
  PID:6920
- C:\Windows\System\fKcmhQN.exe
  C:\Windows\System\fKcmhQN.exe
  2⤵
  PID:6692
- C:\Windows\System\itSATMi.exe
  C:\Windows\System\itSATMi.exe
  2⤵
  PID:6916
- C:\Windows\System\hCfHRaH.exe
  C:\Windows\System\hCfHRaH.exe
  2⤵
  PID:6236
- C:\Windows\System\bRbHuUZ.exe
  C:\Windows\System\bRbHuUZ.exe
  2⤵
  PID:6468
- C:\Windows\System\jggNmuV.exe
  C:\Windows\System\jggNmuV.exe
  2⤵
  PID:5164
- C:\Windows\System\Pmmrawg.exe
  C:\Windows\System\Pmmrawg.exe
  2⤵
  PID:1308
- C:\Windows\System\elwXVxI.exe
  C:\Windows\System\elwXVxI.exe
  2⤵
  PID:2448
- C:\Windows\System\fTdYoCA.exe
  C:\Windows\System\fTdYoCA.exe
  2⤵
  PID:6656
- C:\Windows\System\pIMYbYG.exe
  C:\Windows\System\pIMYbYG.exe
  2⤵
  PID:7164
- C:\Windows\System\vkHaNGh.exe
  C:\Windows\System\vkHaNGh.exe
  2⤵
  PID:6788
- C:\Windows\System\xFDGuNV.exe
  C:\Windows\System\xFDGuNV.exe
  2⤵
  PID:7044
- C:\Windows\System\UClJiFI.exe
  C:\Windows\System\UClJiFI.exe
  2⤵
  PID:868
- C:\Windows\System\qugQgsA.exe
  C:\Windows\System\qugQgsA.exe
  2⤵
  PID:3036
- C:\Windows\System\gbvBGiW.exe
  C:\Windows\System\gbvBGiW.exe
  2⤵
  PID:6776
- C:\Windows\System\VXhsUEq.exe
  C:\Windows\System\VXhsUEq.exe
  2⤵
  PID:6680
- C:\Windows\System\edFAtvU.exe
  C:\Windows\System\edFAtvU.exe
  2⤵
  PID:6452
- C:\Windows\System\FhsTTBL.exe
  C:\Windows\System\FhsTTBL.exe
  2⤵
  PID:6980
- C:\Windows\System\ZbnwmBu.exe
  C:\Windows\System\ZbnwmBu.exe
  2⤵
  PID:6840
- C:\Windows\System\axjjJWW.exe
  C:\Windows\System\axjjJWW.exe
  2⤵
  PID:6968
- C:\Windows\System\HBhVtfq.exe
  C:\Windows\System\HBhVtfq.exe
  2⤵
  PID:7188
- C:\Windows\System\JZHGEjS.exe
  C:\Windows\System\JZHGEjS.exe
  2⤵
  PID:7208
- C:\Windows\System\IcCogXx.exe
  C:\Windows\System\IcCogXx.exe
  2⤵
  PID:7224
- C:\Windows\System\olQhBuq.exe
  C:\Windows\System\olQhBuq.exe
  2⤵
  PID:7240
- C:\Windows\System\hilxaes.exe
  C:\Windows\System\hilxaes.exe
  2⤵
  PID:7260
- C:\Windows\System\WOEydPv.exe
  C:\Windows\System\WOEydPv.exe
  2⤵
  PID:7284
- C:\Windows\System\NhcKzWg.exe
  C:\Windows\System\NhcKzWg.exe
  2⤵
  PID:7304
- C:\Windows\System\DKeQfSc.exe
  C:\Windows\System\DKeQfSc.exe
  2⤵
  PID:7320
- C:\Windows\System\zDMLMCc.exe
  C:\Windows\System\zDMLMCc.exe
  2⤵
  PID:7340
- C:\Windows\System\KdqrBEp.exe
  C:\Windows\System\KdqrBEp.exe
  2⤵
  PID:7356
- C:\Windows\System\ywMfOgt.exe
  C:\Windows\System\ywMfOgt.exe
  2⤵
  PID:7376
- C:\Windows\System\wLcAMNn.exe
  C:\Windows\System\wLcAMNn.exe
  2⤵
  PID:7396
- C:\Windows\System\bgdYeGo.exe
  C:\Windows\System\bgdYeGo.exe
  2⤵
  PID:7428
- C:\Windows\System\sbahBaB.exe
  C:\Windows\System\sbahBaB.exe
  2⤵
  PID:7444
- C:\Windows\System\YYwojuC.exe
  C:\Windows\System\YYwojuC.exe
  2⤵
  PID:7464
- C:\Windows\System\QqJbgxY.exe
  C:\Windows\System\QqJbgxY.exe
  2⤵
  PID:7484
- C:\Windows\System\HppLras.exe
  C:\Windows\System\HppLras.exe
  2⤵
  PID:7512
- C:\Windows\System\bOOUpIp.exe
  C:\Windows\System\bOOUpIp.exe
  2⤵
  PID:7528
- C:\Windows\System\qPTOSCH.exe
  C:\Windows\System\qPTOSCH.exe
  2⤵
  PID:7544
- C:\Windows\System\ptxLajp.exe
  C:\Windows\System\ptxLajp.exe
  2⤵
  PID:7564
- C:\Windows\System\ypALyfO.exe
  C:\Windows\System\ypALyfO.exe
  2⤵
  PID:7584
- C:\Windows\System\dkTMRob.exe
  C:\Windows\System\dkTMRob.exe
  2⤵
  PID:7608
- C:\Windows\System\xfypKSi.exe
  C:\Windows\System\xfypKSi.exe
  2⤵
  PID:7624
- C:\Windows\System\QPhCita.exe
  C:\Windows\System\QPhCita.exe
  2⤵
  PID:7640
- C:\Windows\System\FqrxZtW.exe
  C:\Windows\System\FqrxZtW.exe
  2⤵
  PID:7656
- C:\Windows\System\vqjAqJQ.exe
  C:\Windows\System\vqjAqJQ.exe
  2⤵
  PID:7676
- C:\Windows\System\xXQvZyb.exe
  C:\Windows\System\xXQvZyb.exe
  2⤵
  PID:7696
- C:\Windows\System\nuLXhYv.exe
  C:\Windows\System\nuLXhYv.exe
  2⤵
  PID:7728
- C:\Windows\System\hNwrTSH.exe
  C:\Windows\System\hNwrTSH.exe
  2⤵
  PID:7744
- C:\Windows\System\TUyiIco.exe
  C:\Windows\System\TUyiIco.exe
  2⤵
  PID:7760
- C:\Windows\System\rkaGWJq.exe
  C:\Windows\System\rkaGWJq.exe
  2⤵
  PID:7784
- C:\Windows\System\Dkvuivr.exe
  C:\Windows\System\Dkvuivr.exe
  2⤵
  PID:7812
- C:\Windows\System\oZhDyEB.exe
  C:\Windows\System\oZhDyEB.exe
  2⤵
  PID:7828
- C:\Windows\System\JoqQulC.exe
  C:\Windows\System\JoqQulC.exe
  2⤵
  PID:7844
- C:\Windows\System\xhEkLQj.exe
  C:\Windows\System\xhEkLQj.exe
  2⤵
  PID:7864
- C:\Windows\System\VwNspcS.exe
  C:\Windows\System\VwNspcS.exe
  2⤵
  PID:7884
- C:\Windows\System\ykDvTmn.exe
  C:\Windows\System\ykDvTmn.exe
  2⤵
  PID:7900
- C:\Windows\System\uKigfTO.exe
  C:\Windows\System\uKigfTO.exe
  2⤵
  PID:7916
- C:\Windows\System\PBQFcWM.exe
  C:\Windows\System\PBQFcWM.exe
  2⤵
  PID:7932
- C:\Windows\System\jfYMjZw.exe
  C:\Windows\System\jfYMjZw.exe
  2⤵
  PID:7952
- C:\Windows\System\KjPCSuk.exe
  C:\Windows\System\KjPCSuk.exe
  2⤵
  PID:7968
- C:\Windows\System\oBnzoYj.exe
  C:\Windows\System\oBnzoYj.exe
  2⤵
  PID:7988
- C:\Windows\System\SPMlMCz.exe
  C:\Windows\System\SPMlMCz.exe
  2⤵
  PID:8008
- C:\Windows\System\FpGEqOX.exe
  C:\Windows\System\FpGEqOX.exe
  2⤵
  PID:8028
- C:\Windows\System\qaiuJWc.exe
  C:\Windows\System\qaiuJWc.exe
  2⤵
  PID:8044
- C:\Windows\System\icbuaXr.exe
  C:\Windows\System\icbuaXr.exe
  2⤵
  PID:8064
- C:\Windows\System\REAEioN.exe
  C:\Windows\System\REAEioN.exe
  2⤵
  PID:8084
- C:\Windows\System\sMIigVN.exe
  C:\Windows\System\sMIigVN.exe
  2⤵
  PID:8100
- C:\Windows\System\NlMBSbs.exe
  C:\Windows\System\NlMBSbs.exe
  2⤵
  PID:8116
- C:\Windows\System\mVyhzFo.exe
  C:\Windows\System\mVyhzFo.exe
  2⤵
  PID:8132
- C:\Windows\System\IaxaBEn.exe
  C:\Windows\System\IaxaBEn.exe
  2⤵
  PID:8152
- C:\Windows\System\yFzfBMF.exe
  C:\Windows\System\yFzfBMF.exe
  2⤵
  PID:8184
- C:\Windows\System\zbRvTHf.exe
  C:\Windows\System\zbRvTHf.exe
  2⤵
  PID:7176
- C:\Windows\System\ffUCPyy.exe
  C:\Windows\System\ffUCPyy.exe
  2⤵
  PID:6464
- C:\Windows\System\dbLXnNV.exe
  C:\Windows\System\dbLXnNV.exe
  2⤵
  PID:7200
- C:\Windows\System\abobkTt.exe
  C:\Windows\System\abobkTt.exe
  2⤵
  PID:7272
- C:\Windows\System\gDbZPJF.exe
  C:\Windows\System\gDbZPJF.exe
  2⤵
  PID:7252
- C:\Windows\System\NpCDSHd.exe
  C:\Windows\System\NpCDSHd.exe
  2⤵
  PID:7300
- C:\Windows\System\wUyMtiw.exe
  C:\Windows\System\wUyMtiw.exe
  2⤵
  PID:7384
- C:\Windows\System\gsORfAD.exe
  C:\Windows\System\gsORfAD.exe
  2⤵
  PID:7364
- C:\Windows\System\wCGRynR.exe
  C:\Windows\System\wCGRynR.exe
  2⤵
  PID:7336
- C:\Windows\System\HGmUbBj.exe
  C:\Windows\System\HGmUbBj.exe
  2⤵
  PID:7424
- C:\Windows\System\mKfbssn.exe
  C:\Windows\System\mKfbssn.exe
  2⤵
  PID:7480
- C:\Windows\System\OBhSGZO.exe
  C:\Windows\System\OBhSGZO.exe
  2⤵
  PID:7504
- C:\Windows\System\UuEyMOv.exe
  C:\Windows\System\UuEyMOv.exe
  2⤵
  PID:7552
- C:\Windows\System\FClQSoC.exe
  C:\Windows\System\FClQSoC.exe
  2⤵
  PID:7604
- C:\Windows\System\SilPhUx.exe
  C:\Windows\System\SilPhUx.exe
  2⤵
  PID:7572
- C:\Windows\System\bLeoauh.exe
  C:\Windows\System\bLeoauh.exe
  2⤵
  PID:7792
- C:\Windows\System\wTFWBuT.exe
  C:\Windows\System\wTFWBuT.exe
  2⤵
  PID:7804
- C:\Windows\System\ySVRnux.exe
  C:\Windows\System\ySVRnux.exe
  2⤵
  PID:7872
- C:\Windows\System\AQpFybd.exe
  C:\Windows\System\AQpFybd.exe
  2⤵
  PID:7692
- C:\Windows\System\TrBvQmH.exe
  C:\Windows\System\TrBvQmH.exe
  2⤵
  PID:7976
- C:\Windows\System\mdxfhKt.exe
  C:\Windows\System\mdxfhKt.exe
  2⤵
  PID:8052
- C:\Windows\System\CDnbDkj.exe
  C:\Windows\System\CDnbDkj.exe
  2⤵
  PID:8124
- C:\Windows\System\FJCgZGD.exe
  C:\Windows\System\FJCgZGD.exe
  2⤵
  PID:8176
- C:\Windows\System\vSlmApI.exe
  C:\Windows\System\vSlmApI.exe
  2⤵
  PID:1512
- C:\Windows\System\DBRZFym.exe
  C:\Windows\System\DBRZFym.exe
  2⤵
  PID:7780
- C:\Windows\System\UqDRWbq.exe
  C:\Windows\System\UqDRWbq.exe
  2⤵
  PID:7392
- C:\Windows\System\OqUYdKM.exe
  C:\Windows\System\OqUYdKM.exe
  2⤵
  PID:7420
- C:\Windows\System\YbyICMH.exe
  C:\Windows\System\YbyICMH.exe
  2⤵
  PID:7560
- C:\Windows\System\RJolXHA.exe
  C:\Windows\System\RJolXHA.exe
  2⤵
  PID:7592
- C:\Windows\System\mBXGclo.exe
  C:\Windows\System\mBXGclo.exe
  2⤵
  PID:7960
- C:\Windows\System\DgYzjMR.exe
  C:\Windows\System\DgYzjMR.exe
  2⤵
  PID:7196
- C:\Windows\System\WazpgNq.exe
  C:\Windows\System\WazpgNq.exe
  2⤵
  PID:7964
- C:\Windows\System\bskojQu.exe
  C:\Windows\System\bskojQu.exe
  2⤵
  PID:8004
- C:\Windows\System\VFHhMqN.exe
  C:\Windows\System\VFHhMqN.exe
  2⤵
  PID:8076
- C:\Windows\System\jYCgGIq.exe
  C:\Windows\System\jYCgGIq.exe
  2⤵
  PID:8108
- C:\Windows\System\JVYRpha.exe
  C:\Windows\System\JVYRpha.exe
  2⤵
  PID:8148
- C:\Windows\System\VlVrgED.exe
  C:\Windows\System\VlVrgED.exe
  2⤵
  PID:7028
- C:\Windows\System\tMSzsET.exe
  C:\Windows\System\tMSzsET.exe
  2⤵
  PID:7768
- C:\Windows\System\PCsoaBS.exe
  C:\Windows\System\PCsoaBS.exe
  2⤵
  PID:7216
- C:\Windows\System\MSdYYEG.exe
  C:\Windows\System\MSdYYEG.exe
  2⤵
  PID:7352
- C:\Windows\System\smLKZbQ.exe
  C:\Windows\System\smLKZbQ.exe
  2⤵
  PID:7476
- C:\Windows\System\ZzCUZbg.exe
  C:\Windows\System\ZzCUZbg.exe
  2⤵
  PID:7672
- C:\Windows\System\DHktHhV.exe
  C:\Windows\System\DHktHhV.exe
  2⤵
  PID:7940
- C:\Windows\System\VnNkWKU.exe
  C:\Windows\System\VnNkWKU.exe
  2⤵
  PID:7724
- C:\Windows\System\YNWAdoc.exe
  C:\Windows\System\YNWAdoc.exe
  2⤵
  PID:7688
- C:\Windows\System\xrfFPxK.exe
  C:\Windows\System\xrfFPxK.exe
  2⤵
  PID:7500
- C:\Windows\System\SztoUuK.exe
  C:\Windows\System\SztoUuK.exe
  2⤵
  PID:952
- C:\Windows\System\OUCRfKm.exe
  C:\Windows\System\OUCRfKm.exe
  2⤵
  PID:2444
- C:\Windows\System\vfTbENv.exe
  C:\Windows\System\vfTbENv.exe
  2⤵
  PID:2236
- C:\Windows\System\clPCgNq.exe
  C:\Windows\System\clPCgNq.exe
  2⤵
  PID:1984
- C:\Windows\System\WqBTFut.exe
  C:\Windows\System\WqBTFut.exe
  2⤵
  PID:2140
- C:\Windows\System\yEOwuqj.exe
  C:\Windows\System\yEOwuqj.exe
  2⤵
  PID:8056
- C:\Windows\System\unbBhFx.exe
  C:\Windows\System\unbBhFx.exe
  2⤵
  PID:8164
- C:\Windows\System\aGCXzFK.exe
  C:\Windows\System\aGCXzFK.exe
  2⤵
  PID:7268
- C:\Windows\System\rWmZZsd.exe
  C:\Windows\System\rWmZZsd.exe
  2⤵
  PID:7412
- C:\Windows\System\TAYaprK.exe
  C:\Windows\System\TAYaprK.exe
  2⤵
  PID:7440
- C:\Windows\System\ZIWcQnh.exe
  C:\Windows\System\ZIWcQnh.exe
  2⤵
  PID:7824
- C:\Windows\System\RAHjoBk.exe
  C:\Windows\System\RAHjoBk.exe
  2⤵
  PID:7928
- C:\Windows\System\ORursoZ.exe
  C:\Windows\System\ORursoZ.exe
  2⤵
  PID:7880
- C:\Windows\System\VXtSdna.exe
  C:\Windows\System\VXtSdna.exe
  2⤵
  PID:7708
- C:\Windows\System\ZYdjmon.exe
  C:\Windows\System\ZYdjmon.exe
  2⤵
  PID:7204
- C:\Windows\System\lKGKHFn.exe
  C:\Windows\System\lKGKHFn.exe
  2⤵
  PID:7332
- C:\Windows\System\wUMASYZ.exe
  C:\Windows\System\wUMASYZ.exe
  2⤵
  PID:7720
- C:\Windows\System\cQpihVi.exe
  C:\Windows\System\cQpihVi.exe
  2⤵
  PID:7664
- C:\Windows\System\CVSzvLl.exe
  C:\Windows\System\CVSzvLl.exe
  2⤵
  PID:8016
- C:\Windows\System\piQWkLi.exe
  C:\Windows\System\piQWkLi.exe
  2⤵
  PID:7296
- C:\Windows\System\UlfkECh.exe
  C:\Windows\System\UlfkECh.exe
  2⤵
  PID:7436
- C:\Windows\System\qmiXcgx.exe
  C:\Windows\System\qmiXcgx.exe
  2⤵
  PID:7460
- C:\Windows\System\lHRpYOH.exe
  C:\Windows\System\lHRpYOH.exe
  2⤵
  PID:7836
- C:\Windows\System\mvTiXkn.exe
  C:\Windows\System\mvTiXkn.exe
  2⤵
  PID:2096
- C:\Windows\System\TaCENpI.exe
  C:\Windows\System\TaCENpI.exe
  2⤵
  PID:7524
- C:\Windows\System\sTWCGox.exe
  C:\Windows\System\sTWCGox.exe
  2⤵
  PID:7800
- C:\Windows\System\WPbVNKy.exe
  C:\Windows\System\WPbVNKy.exe
  2⤵
  PID:2208
- C:\Windows\System\ddPbJpr.exe
  C:\Windows\System\ddPbJpr.exe
  2⤵
  PID:1988
- C:\Windows\System\VYumVkU.exe
  C:\Windows\System\VYumVkU.exe
  2⤵
  PID:8172
- C:\Windows\System\iLPrqYk.exe
  C:\Windows\System\iLPrqYk.exe
  2⤵
  PID:7740
- C:\Windows\System\nqyTaOg.exe
  C:\Windows\System\nqyTaOg.exe
  2⤵
  PID:8168
- C:\Windows\System\GHJngiq.exe
  C:\Windows\System\GHJngiq.exe
  2⤵
  PID:7616
- C:\Windows\System\LRYQYIP.exe
  C:\Windows\System\LRYQYIP.exe
  2⤵
  PID:7752
- C:\Windows\System\lvicVLe.exe
  C:\Windows\System\lvicVLe.exe
  2⤵
  PID:8080
- C:\Windows\System\bJxJZdE.exe
  C:\Windows\System\bJxJZdE.exe
  2⤵
  PID:1992
- C:\Windows\System\igmOCgO.exe
  C:\Windows\System\igmOCgO.exe
  2⤵
  PID:7808
- C:\Windows\System\RapFhCa.exe
  C:\Windows\System\RapFhCa.exe
  2⤵
  PID:1164
- C:\Windows\System\SRpYoxh.exe
  C:\Windows\System\SRpYoxh.exe
  2⤵
  PID:7776
- C:\Windows\System\fPtLekC.exe
  C:\Windows\System\fPtLekC.exe
  2⤵
  PID:7820
- C:\Windows\System\DoUvGCF.exe
  C:\Windows\System\DoUvGCF.exe
  2⤵
  PID:8196
- C:\Windows\System\MvprpAT.exe
  C:\Windows\System\MvprpAT.exe
  2⤵
  PID:8212
- C:\Windows\System\sNVUQjt.exe
  C:\Windows\System\sNVUQjt.exe
  2⤵
  PID:8232
- C:\Windows\System\qwHoNtj.exe
  C:\Windows\System\qwHoNtj.exe
  2⤵
  PID:8256
- C:\Windows\System\qSlMlOC.exe
  C:\Windows\System\qSlMlOC.exe
  2⤵
  PID:8272
- C:\Windows\System\Ouurznx.exe
  C:\Windows\System\Ouurznx.exe
  2⤵
  PID:8288
- C:\Windows\System\YQAsphx.exe
  C:\Windows\System\YQAsphx.exe
  2⤵
  PID:8304
- C:\Windows\System\wTuvCMm.exe
  C:\Windows\System\wTuvCMm.exe
  2⤵
  PID:8320
- C:\Windows\System\nQKFevD.exe
  C:\Windows\System\nQKFevD.exe
  2⤵
  PID:8336
- C:\Windows\System\jPJZlpK.exe
  C:\Windows\System\jPJZlpK.exe
  2⤵
  PID:8352
- C:\Windows\System\xTICaAQ.exe
  C:\Windows\System\xTICaAQ.exe
  2⤵
  PID:8368
- C:\Windows\System\pMCUeDJ.exe
  C:\Windows\System\pMCUeDJ.exe
  2⤵
  PID:8384
- C:\Windows\System\kbzJEGF.exe
  C:\Windows\System\kbzJEGF.exe
  2⤵
  PID:8400
- C:\Windows\System\HjpUEjO.exe
  C:\Windows\System\HjpUEjO.exe
  2⤵
  PID:8416
- C:\Windows\System\RVktZIV.exe
  C:\Windows\System\RVktZIV.exe
  2⤵
  PID:8432
- C:\Windows\System\jKWiHIp.exe
  C:\Windows\System\jKWiHIp.exe
  2⤵
  PID:8448
- C:\Windows\System\QGYKJVk.exe
  C:\Windows\System\QGYKJVk.exe
  2⤵
  PID:8464
- C:\Windows\System\kLogRIr.exe
  C:\Windows\System\kLogRIr.exe
  2⤵
  PID:8484
- C:\Windows\System\Aqydnou.exe
  C:\Windows\System\Aqydnou.exe
  2⤵
  PID:8508
- C:\Windows\System\hkTStQr.exe
  C:\Windows\System\hkTStQr.exe
  2⤵
  PID:8524
- C:\Windows\System\vqqgjkX.exe
  C:\Windows\System\vqqgjkX.exe
  2⤵
  PID:8540
- C:\Windows\System\RloEQRJ.exe
  C:\Windows\System\RloEQRJ.exe
  2⤵
  PID:8556
- C:\Windows\System\SOMMcsM.exe
  C:\Windows\System\SOMMcsM.exe
  2⤵
  PID:8572
- C:\Windows\System\tIRNfNs.exe
  C:\Windows\System\tIRNfNs.exe
  2⤵
  PID:8588
- C:\Windows\System\XeTynFK.exe
  C:\Windows\System\XeTynFK.exe
  2⤵
  PID:8604
- C:\Windows\System\cPLWwUw.exe
  C:\Windows\System\cPLWwUw.exe
  2⤵
  PID:8620
- C:\Windows\System\cqmPppG.exe
  C:\Windows\System\cqmPppG.exe
  2⤵
  PID:8636
- C:\Windows\System\IkHZfci.exe
  C:\Windows\System\IkHZfci.exe
  2⤵
  PID:8652
- C:\Windows\System\BthaOew.exe
  C:\Windows\System\BthaOew.exe
  2⤵
  PID:8668
- C:\Windows\System\klEEGcy.exe
  C:\Windows\System\klEEGcy.exe
  2⤵
  PID:8684
- C:\Windows\System\OfIuGOA.exe
  C:\Windows\System\OfIuGOA.exe
  2⤵
  PID:8700
- C:\Windows\System\feenvBz.exe
  C:\Windows\System\feenvBz.exe
  2⤵
  PID:8716
- C:\Windows\System\LfskJrb.exe
  C:\Windows\System\LfskJrb.exe
  2⤵
  PID:8732
- C:\Windows\System\sLyLZGy.exe
  C:\Windows\System\sLyLZGy.exe
  2⤵
  PID:8752
- C:\Windows\System\iyVdlBW.exe
  C:\Windows\System\iyVdlBW.exe
  2⤵
  PID:8768
- C:\Windows\System\ATdoxMG.exe
  C:\Windows\System\ATdoxMG.exe
  2⤵
  PID:8784
- C:\Windows\System\AtfjcCz.exe
  C:\Windows\System\AtfjcCz.exe
  2⤵
  PID:8800
- C:\Windows\System\kuaXOCt.exe
  C:\Windows\System\kuaXOCt.exe
  2⤵
  PID:8820
- C:\Windows\System\XjjBDIZ.exe
  C:\Windows\System\XjjBDIZ.exe
  2⤵
  PID:8836
- C:\Windows\System\DakRdue.exe
  C:\Windows\System\DakRdue.exe
  2⤵
  PID:8852
- C:\Windows\System\rKgfXuG.exe
  C:\Windows\System\rKgfXuG.exe
  2⤵
  PID:8868
- C:\Windows\System\MwQblrh.exe
  C:\Windows\System\MwQblrh.exe
  2⤵
  PID:8892
- C:\Windows\System\kOlKhKM.exe
  C:\Windows\System\kOlKhKM.exe
  2⤵
  PID:8908
- C:\Windows\System\xPUicil.exe
  C:\Windows\System\xPUicil.exe
  2⤵
  PID:8924
- C:\Windows\System\ibYVbTA.exe
  C:\Windows\System\ibYVbTA.exe
  2⤵
  PID:8940
- C:\Windows\System\hWhiMft.exe
  C:\Windows\System\hWhiMft.exe
  2⤵
  PID:8964
- C:\Windows\System\DWgIFID.exe
  C:\Windows\System\DWgIFID.exe
  2⤵
  PID:8220
- C:\Windows\System\YqYZApG.exe
  C:\Windows\System\YqYZApG.exe
  2⤵
  PID:856
- C:\Windows\System\YkyhYhl.exe
  C:\Windows\System\YkyhYhl.exe
  2⤵
  PID:7704
- C:\Windows\System\qhyvHrX.exe
  C:\Windows\System\qhyvHrX.exe
  2⤵
  PID:8240
- C:\Windows\System\imZUsVH.exe
  C:\Windows\System\imZUsVH.exe
  2⤵
  PID:8280
- C:\Windows\System\gNBOJQJ.exe
  C:\Windows\System\gNBOJQJ.exe
  2⤵
  PID:8312
- C:\Windows\System\uZGgYUZ.exe
  C:\Windows\System\uZGgYUZ.exe
  2⤵
  PID:8344
- C:\Windows\System\uZXAORL.exe
  C:\Windows\System\uZXAORL.exe
  2⤵
  PID:8408
- C:\Windows\System\dJCOKWZ.exe
  C:\Windows\System\dJCOKWZ.exe
  2⤵
  PID:8444
- C:\Windows\System\TZXUUzm.exe
  C:\Windows\System\TZXUUzm.exe
  2⤵
  PID:8424
- C:\Windows\System\dXxmOur.exe
  C:\Windows\System\dXxmOur.exe
  2⤵
  PID:8496
- C:\Windows\System\cSQHsWg.exe
  C:\Windows\System\cSQHsWg.exe
  2⤵
  PID:8532
- C:\Windows\System\LnNzpBj.exe
  C:\Windows\System\LnNzpBj.exe
  2⤵
  PID:8520
- C:\Windows\System\acCWbKE.exe
  C:\Windows\System\acCWbKE.exe
  2⤵
  PID:8628
- C:\Windows\System\hXMFHpy.exe
  C:\Windows\System\hXMFHpy.exe
  2⤵
  PID:8584
- C:\Windows\System\vzIRsun.exe
  C:\Windows\System\vzIRsun.exe
  2⤵
  PID:8660
- C:\Windows\System\NBGnlXC.exe
  C:\Windows\System\NBGnlXC.exe
  2⤵
  PID:8644
- C:\Windows\System\VsfQCSU.exe
  C:\Windows\System\VsfQCSU.exe
  2⤵
  PID:8712
- C:\Windows\System\uUOIYYs.exe
  C:\Windows\System\uUOIYYs.exe
  2⤵
  PID:8708
- C:\Windows\System\juAEvdt.exe
  C:\Windows\System\juAEvdt.exe
  2⤵
  PID:8776
- C:\Windows\System\aqbHnyc.exe
  C:\Windows\System\aqbHnyc.exe
  2⤵
  PID:8812
- C:\Windows\System\AcVpznG.exe
  C:\Windows\System\AcVpznG.exe
  2⤵
  PID:8844
- C:\Windows\System\xHYMyld.exe
  C:\Windows\System\xHYMyld.exe
  2⤵
  PID:1972
- C:\Windows\System\nPjXFNI.exe
  C:\Windows\System\nPjXFNI.exe
  2⤵
  PID:8932
- C:\Windows\System\jLCGTGN.exe
  C:\Windows\System\jLCGTGN.exe
  2⤵
  PID:8952
- C:\Windows\System\gJbRNPs.exe
  C:\Windows\System\gJbRNPs.exe
  2⤵
  PID:8936
- C:\Windows\System\pVUofnz.exe
  C:\Windows\System\pVUofnz.exe
  2⤵
  PID:8996
- C:\Windows\System\rzIuAeW.exe
  C:\Windows\System\rzIuAeW.exe
  2⤵
  PID:9012
- C:\Windows\System\lywkHsq.exe
  C:\Windows\System\lywkHsq.exe
  2⤵
  PID:9032
- C:\Windows\System\hBYyaqj.exe
  C:\Windows\System\hBYyaqj.exe
  2⤵
  PID:9048
- C:\Windows\System\TKUWJel.exe
  C:\Windows\System\TKUWJel.exe
  2⤵
  PID:9056
- C:\Windows\System\dKyfDvX.exe
  C:\Windows\System\dKyfDvX.exe
  2⤵
  PID:9084
- C:\Windows\System\lWZUYNi.exe
  C:\Windows\System\lWZUYNi.exe
  2⤵
  PID:9100
- C:\Windows\System\DvJklZs.exe
  C:\Windows\System\DvJklZs.exe
  2⤵
  PID:9120
- C:\Windows\System\ifFtGjE.exe
  C:\Windows\System\ifFtGjE.exe
  2⤵
  PID:9152
- C:\Windows\System\sMoZuOE.exe
  C:\Windows\System\sMoZuOE.exe
  2⤵
  PID:9168
- C:\Windows\System\AgWKZiH.exe
  C:\Windows\System\AgWKZiH.exe
  2⤵
  PID:9188
- C:\Windows\System\HfHFOMR.exe
  C:\Windows\System\HfHFOMR.exe
  2⤵
  PID:9208
- C:\Windows\System\kPfyjYo.exe
  C:\Windows\System\kPfyjYo.exe
  2⤵
  PID:8748
- C:\Windows\System\YdvPRrm.exe
  C:\Windows\System\YdvPRrm.exe
  2⤵
  PID:8228
- C:\Windows\System\sbnGkOm.exe
  C:\Windows\System\sbnGkOm.exe
  2⤵
  PID:8252
- C:\Windows\System\ILXPlig.exe
  C:\Windows\System\ILXPlig.exe
  2⤵
  PID:8204
- C:\Windows\System\fnyPSno.exe
  C:\Windows\System\fnyPSno.exe
  2⤵
  PID:8380
- C:\Windows\System\hwBOVIA.exe
  C:\Windows\System\hwBOVIA.exe
  2⤵
  PID:8460
- C:\Windows\System\HDElqhD.exe
  C:\Windows\System\HDElqhD.exe
  2⤵
  PID:8456
- C:\Windows\System\NBIKwdz.exe
  C:\Windows\System\NBIKwdz.exe
  2⤵
  PID:8568
- C:\Windows\System\irLQqTZ.exe
  C:\Windows\System\irLQqTZ.exe
  2⤵
  PID:8616
- C:\Windows\System\HESmCOI.exe
  C:\Windows\System\HESmCOI.exe
  2⤵
  PID:8676
- C:\Windows\System\snGmICo.exe
  C:\Windows\System\snGmICo.exe
  2⤵
  PID:8764
- C:\Windows\System\WtMNJiJ.exe
  C:\Windows\System\WtMNJiJ.exe
  2⤵
  PID:8876
- C:\Windows\System\geYUWyk.exe
  C:\Windows\System\geYUWyk.exe
  2⤵
  PID:7580
- C:\Windows\System\JpxrOWS.exe
  C:\Windows\System\JpxrOWS.exe
  2⤵
  PID:8956
- C:\Windows\System\DfBLIAi.exe
  C:\Windows\System\DfBLIAi.exe
  2⤵
  PID:9024
- C:\Windows\System\yLyXYjJ.exe
  C:\Windows\System\yLyXYjJ.exe
  2⤵
  PID:9008
- C:\Windows\System\arIIBud.exe
  C:\Windows\System\arIIBud.exe
  2⤵
  PID:9076
- C:\Windows\System\sdUboRO.exe
  C:\Windows\System\sdUboRO.exe
  2⤵
  PID:9112
- C:\Windows\System\gRBersT.exe
  C:\Windows\System\gRBersT.exe
  2⤵
  PID:9160
- C:\Windows\System\bwOvcFL.exe
  C:\Windows\System\bwOvcFL.exe
  2⤵
  PID:9196
- C:\Windows\System\KdxgPAD.exe
  C:\Windows\System\KdxgPAD.exe
  2⤵
  PID:8396
- C:\Windows\System\YMUlieE.exe
  C:\Windows\System\YMUlieE.exe
  2⤵
  PID:8492
- C:\Windows\System\hnghAVy.exe
  C:\Windows\System\hnghAVy.exe
  2⤵
  PID:7600
- C:\Windows\System\UTejbYM.exe
  C:\Windows\System\UTejbYM.exe
  2⤵
  PID:8476
- C:\Windows\System\nYSWzjs.exe
  C:\Windows\System\nYSWzjs.exe
  2⤵
  PID:8724
- C:\Windows\System\vrZQgyq.exe
  C:\Windows\System\vrZQgyq.exe
  2⤵
  PID:8860
- C:\Windows\System\yvfUsTr.exe
  C:\Windows\System\yvfUsTr.exe
  2⤵
  PID:8948
- C:\Windows\System\oFfaIcp.exe
  C:\Windows\System\oFfaIcp.exe
  2⤵
  PID:9036
- C:\Windows\System\URAwJPp.exe
  C:\Windows\System\URAwJPp.exe
  2⤵
  PID:8972
- C:\Windows\System\MJPbSIZ.exe
  C:\Windows\System\MJPbSIZ.exe
  2⤵
  PID:9176
- C:\Windows\System\GIeBSES.exe
  C:\Windows\System\GIeBSES.exe
  2⤵
  PID:2560
- C:\Windows\System\FFsirmu.exe
  C:\Windows\System\FFsirmu.exe
  2⤵
  PID:7536
- C:\Windows\System\oqNApql.exe
  C:\Windows\System\oqNApql.exe
  2⤵
  PID:8740
- C:\Windows\System\wOwAabC.exe
  C:\Windows\System\wOwAabC.exe
  2⤵
  PID:9088
- C:\Windows\System\MNiLNTh.exe
  C:\Windows\System\MNiLNTh.exe
  2⤵
  PID:9164
- C:\Windows\System\dfiBGaN.exe
  C:\Windows\System\dfiBGaN.exe
  2⤵
  PID:8360
- C:\Windows\System\WyyFviI.exe
  C:\Windows\System\WyyFviI.exe
  2⤵
  PID:8816
- C:\Windows\System\dzdECIw.exe
  C:\Windows\System\dzdECIw.exe
  2⤵
  PID:8744
- C:\Windows\System\cSTnsYg.exe
  C:\Windows\System\cSTnsYg.exe
  2⤵
  PID:9220
- C:\Windows\System\BAXlKLP.exe
  C:\Windows\System\BAXlKLP.exe
  2⤵
  PID:9236
- C:\Windows\System\QfWyqNY.exe
  C:\Windows\System\QfWyqNY.exe
  2⤵
  PID:9252
- C:\Windows\System\rHxkqTi.exe
  C:\Windows\System\rHxkqTi.exe
  2⤵
  PID:9268
- C:\Windows\System\gNPEnoB.exe
  C:\Windows\System\gNPEnoB.exe
  2⤵
  PID:9284
- C:\Windows\System\cIwgmay.exe
  C:\Windows\System\cIwgmay.exe
  2⤵
  PID:9300
- C:\Windows\System\ODIIVMz.exe
  C:\Windows\System\ODIIVMz.exe
  2⤵
  PID:9316
- C:\Windows\System\KHIbXtC.exe
  C:\Windows\System\KHIbXtC.exe
  2⤵
  PID:9332
- C:\Windows\System\GrvRyuK.exe
  C:\Windows\System\GrvRyuK.exe
  2⤵
  PID:9348
- C:\Windows\System\KRwIPoQ.exe
  C:\Windows\System\KRwIPoQ.exe
  2⤵
  PID:9364
- C:\Windows\System\zevfIaa.exe
  C:\Windows\System\zevfIaa.exe
  2⤵
  PID:9380
- C:\Windows\System\NKvfWNn.exe
  C:\Windows\System\NKvfWNn.exe
  2⤵
  PID:9396
- C:\Windows\System\ybFxJSJ.exe
  C:\Windows\System\ybFxJSJ.exe
  2⤵
  PID:9412
- C:\Windows\System\yOKXcej.exe
  C:\Windows\System\yOKXcej.exe
  2⤵
  PID:9428
- C:\Windows\System\pmojtUw.exe
  C:\Windows\System\pmojtUw.exe
  2⤵
  PID:9444
- C:\Windows\System\rYCpFic.exe
  C:\Windows\System\rYCpFic.exe
  2⤵
  PID:9460
- C:\Windows\System\jJiGoVh.exe
  C:\Windows\System\jJiGoVh.exe
  2⤵
  PID:9476
- C:\Windows\System\ysOVwUj.exe
  C:\Windows\System\ysOVwUj.exe
  2⤵
  PID:9492
- C:\Windows\System\GmZaYNy.exe
  C:\Windows\System\GmZaYNy.exe
  2⤵
  PID:9508
- C:\Windows\System\EEiLlJQ.exe
  C:\Windows\System\EEiLlJQ.exe
  2⤵
  PID:9524
- C:\Windows\System\ZbutQuO.exe
  C:\Windows\System\ZbutQuO.exe
  2⤵
  PID:9540
- C:\Windows\System\oDGbnvs.exe
  C:\Windows\System\oDGbnvs.exe
  2⤵
  PID:9556
- C:\Windows\System\xWMhqGy.exe
  C:\Windows\System\xWMhqGy.exe
  2⤵
  PID:9572
- C:\Windows\System\dLOZcLT.exe
  C:\Windows\System\dLOZcLT.exe
  2⤵
  PID:9588
- C:\Windows\System\HBEwbqg.exe
  C:\Windows\System\HBEwbqg.exe
  2⤵
  PID:9604
- C:\Windows\System\QzsuVjm.exe
  C:\Windows\System\QzsuVjm.exe
  2⤵
  PID:9620
- C:\Windows\System\dkkGBgA.exe
  C:\Windows\System\dkkGBgA.exe
  2⤵
  PID:9636
- C:\Windows\System\CVdqFqP.exe
  C:\Windows\System\CVdqFqP.exe
  2⤵
  PID:9656
- C:\Windows\System\MCPWdCT.exe
  C:\Windows\System\MCPWdCT.exe
  2⤵
  PID:9672
- C:\Windows\System\REwwTht.exe
  C:\Windows\System\REwwTht.exe
  2⤵
  PID:9688
- C:\Windows\System\QXbMumR.exe
  C:\Windows\System\QXbMumR.exe
  2⤵
  PID:9704
- C:\Windows\System\xaMQLDX.exe
  C:\Windows\System\xaMQLDX.exe
  2⤵
  PID:9720
- C:\Windows\System\xcBKrfF.exe
  C:\Windows\System\xcBKrfF.exe
  2⤵
  PID:9736
- C:\Windows\System\hoSQydf.exe
  C:\Windows\System\hoSQydf.exe
  2⤵
  PID:9752
- C:\Windows\System\PxJEUzA.exe
  C:\Windows\System\PxJEUzA.exe
  2⤵
  PID:9768
- C:\Windows\System\rVjAuWn.exe
  C:\Windows\System\rVjAuWn.exe
  2⤵
  PID:9784
- C:\Windows\System\rEOpntu.exe
  C:\Windows\System\rEOpntu.exe
  2⤵
  PID:9800
- C:\Windows\System\rnAoHoH.exe
  C:\Windows\System\rnAoHoH.exe
  2⤵
  PID:9816
- C:\Windows\System\TVqQIGN.exe
  C:\Windows\System\TVqQIGN.exe
  2⤵
  PID:9848
- C:\Windows\System\VUCNUaZ.exe
  C:\Windows\System\VUCNUaZ.exe
  2⤵
  PID:9864
- C:\Windows\System\KbXqPxE.exe
  C:\Windows\System\KbXqPxE.exe
  2⤵
  PID:9880
- C:\Windows\System\YdjLYCK.exe
  C:\Windows\System\YdjLYCK.exe
  2⤵
  PID:9896
- C:\Windows\System\MaCgsRW.exe
  C:\Windows\System\MaCgsRW.exe
  2⤵
  PID:9912
- C:\Windows\System\mQlfVNH.exe
  C:\Windows\System\mQlfVNH.exe
  2⤵
  PID:9928
- C:\Windows\System\pbxptzb.exe
  C:\Windows\System\pbxptzb.exe
  2⤵
  PID:9948
- C:\Windows\System\UUaduNk.exe
  C:\Windows\System\UUaduNk.exe
  2⤵
  PID:9964
- C:\Windows\System\rPBluTQ.exe
  C:\Windows\System\rPBluTQ.exe
  2⤵
  PID:9980
- C:\Windows\System\HliRsHm.exe
  C:\Windows\System\HliRsHm.exe
  2⤵
  PID:9996
- C:\Windows\System\sTadDpB.exe
  C:\Windows\System\sTadDpB.exe
  2⤵
  PID:10016
- C:\Windows\System\acVOsZJ.exe
  C:\Windows\System\acVOsZJ.exe
  2⤵
  PID:10032
- C:\Windows\System\MPEAlBv.exe
  C:\Windows\System\MPEAlBv.exe
  2⤵
  PID:10048
- C:\Windows\System\TeJukGg.exe
  C:\Windows\System\TeJukGg.exe
  2⤵
  PID:10064
- C:\Windows\System\SeeyNWS.exe
  C:\Windows\System\SeeyNWS.exe
  2⤵
  PID:10084
- C:\Windows\System\GOozYVt.exe
  C:\Windows\System\GOozYVt.exe
  2⤵
  PID:10100
- C:\Windows\System\uAssxXg.exe
  C:\Windows\System\uAssxXg.exe
  2⤵
  PID:10116
- C:\Windows\System\OfgizNJ.exe
  C:\Windows\System\OfgizNJ.exe
  2⤵
  PID:10132
- C:\Windows\System\TtJDYgl.exe
  C:\Windows\System\TtJDYgl.exe
  2⤵
  PID:10148
- C:\Windows\System\eSjcLyu.exe
  C:\Windows\System\eSjcLyu.exe
  2⤵
  PID:10164
- C:\Windows\System\MlxNPnx.exe
  C:\Windows\System\MlxNPnx.exe
  2⤵
  PID:10180
- C:\Windows\System\URmjeeh.exe
  C:\Windows\System\URmjeeh.exe
  2⤵
  PID:10196
- C:\Windows\System\DqGjlDL.exe
  C:\Windows\System\DqGjlDL.exe
  2⤵
  PID:10212
- C:\Windows\System\AIRHTho.exe
  C:\Windows\System\AIRHTho.exe
  2⤵
  PID:10228
- C:\Windows\System\cALwIXy.exe
  C:\Windows\System\cALwIXy.exe
  2⤵
  PID:9144
- C:\Windows\System\NKWXNtO.exe
  C:\Windows\System\NKWXNtO.exe
  2⤵
  PID:8976
- C:\Windows\System\aYzfLky.exe
  C:\Windows\System\aYzfLky.exe
  2⤵
  PID:9292
- C:\Windows\System\zxpDHrY.exe
  C:\Windows\System\zxpDHrY.exe
  2⤵
  PID:9276
- C:\Windows\System\KMJiuwl.exe
  C:\Windows\System\KMJiuwl.exe
  2⤵
  PID:9328
- C:\Windows\System\UmdEsFE.exe
  C:\Windows\System\UmdEsFE.exe
  2⤵
  PID:9372
- C:\Windows\System\enQgHMT.exe
  C:\Windows\System\enQgHMT.exe
  2⤵
  PID:9376
- C:\Windows\System\CgsRpvh.exe
  C:\Windows\System\CgsRpvh.exe
  2⤵
  PID:9420
- C:\Windows\System\kVIsiZz.exe
  C:\Windows\System\kVIsiZz.exe
  2⤵
  PID:9488
- C:\Windows\System\swVltEm.exe
  C:\Windows\System\swVltEm.exe
  2⤵
  PID:9548
- C:\Windows\System\MDeAZSy.exe
  C:\Windows\System\MDeAZSy.exe
  2⤵
  PID:9612
- C:\Windows\System\QHbGEgh.exe
  C:\Windows\System\QHbGEgh.exe
  2⤵
  PID:9440
- C:\Windows\System\sFvIELW.exe
  C:\Windows\System\sFvIELW.exe
  2⤵
  PID:9504
- C:\Windows\System\mAuDfNP.exe
  C:\Windows\System\mAuDfNP.exe
  2⤵
  PID:9568
- C:\Windows\System\Ywlvqwj.exe
  C:\Windows\System\Ywlvqwj.exe
  2⤵
  PID:9664
- C:\Windows\System\aKrqSve.exe
  C:\Windows\System\aKrqSve.exe
  2⤵
  PID:9632
- C:\Windows\System\baEeWNB.exe
  C:\Windows\System\baEeWNB.exe
  2⤵
  PID:9744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\CIWriUz.exe

Filesize
6.0MB

MD5
883ddd0cfce92f519e0ea37239d121cd

SHA1
6bd59d24cefec468b5bcded2574caec2e3bd7736

SHA256
efb7765e97dbcd6caabf393df2e5ee7214868864e6aeb966107577c48ef74935

SHA512
e987d64defe6203a1f66c8d8751638e352d3f2ecb3e9b8f5c28e810cc3102b35ece8331b582ef8915cd4cf16e1b7d4130afa2e1a3aef4c547571133b90072349

Download Submit
C:\Windows\system\EbCzSSD.exe

Filesize
6.0MB

MD5
7c290a3a5ae467a04f70aa8078146f1e

SHA1
b151cd3b48997a1209f52a2846d9345722001b0f

SHA256
18b1399ffb74df50c176c8ffc045199acaf6093a95b8537c8551737bfa557448

SHA512
4c25cbb4b46ac5815229e3246cfaf714f32c28571df19f7ee14b71d7d999126729279a9c8afc91cc4e9652600b7e9fa18f19a394046be365b06f679954a3e16a

Download Submit
C:\Windows\system\FJXqmkN.exe

Filesize
6.0MB

MD5
9a2f04855f4db51da288e68c030fb59d

SHA1
498901f9eec3812f386de082a9fddc6f9d9e5c3f

SHA256
745c258649b6a85b9c3c231c7b5a9947b273ba2255e4c49f016247bf9f8ec2ea

SHA512
a465678269217a2e4a7ccbda235d4b2f56c565247acd051baf8a379ab245722f97deefef6ad89741f84c0b96f685ae8de7c273a3bd43c7c3c38a2fe0a70f3650

Download Submit
C:\Windows\system\GSkBsRT.exe

Filesize
6.0MB

MD5
e97b032205abf5b2f9d0abe0cfc111f4

SHA1
eb4df2970ec6563bc6b1ce78a12ba7b3ab919420

SHA256
6923b6ac22902dae9313efef8fc687a3fbf23c021770b8fe726915770ca1b0aa

SHA512
ce8a83dc0369b43991c8b87a5841339d9f6b9e843c1bf7dfca6b11d7ce44f6fe6ca8738188005bdfbe9b210c850730c47825e8a6b48a99a994a6ee44a4a68b86

Download Submit
C:\Windows\system\GWBokth.exe

Filesize
6.0MB

MD5
d67aafc8e0217df2c68e11367461f6b8

SHA1
516f37ab8f57239098acdd21e42a2a3f511b49ea

SHA256
d0bbec3574e6aacb0bc3542fb86f3a6d983e49831aef555ed2b1771d50ab7be6

SHA512
fa3e5709ecfc8cdf655a92d5eec1337ad5abb78e3b7cb30a436e0f73200241e9590011fc7f1bf8727d477be62e220ade8b2105fecf2c29425a91daf484f96ee4

Download Submit
C:\Windows\system\KkNClMm.exe

Filesize
6.0MB

MD5
be26dbe93c8f0431c85a86606a1a5bb3

SHA1
33969dd8981e5f44e847307556bd8076752abb21

SHA256
42dcfa45e6e86387e6670c58a930d7c0f4f6f90f317d5503bc89cdf05a991c8b

SHA512
ff6fdfef7ad279951fbd2b20e2d9d29c66d871b509e820956f6bbd3a8be319fa25af15a95c4935f145ca6c2b8838d84a6df8158bf7b7cfdd23afee29651eb8ca

Download Submit
C:\Windows\system\LtlQmWf.exe

Filesize
6.0MB

MD5
d1a70ad6d5638807bfa32eaaeec96fe1

SHA1
1cb74fdeec42fc586c073f09612bf49e07fdd649

SHA256
3604881a36e3b3cceb4a4a2f3b03b6f4be07b9b6ab0b3389a08f9ac0775ddff8

SHA512
449cdf2aaa05756eba9fabc39d454db9824c50e86ebb10b9cafb1c82de99465354b35c63c4d7b8ba76118857993d82b5ef2591bb99628bfef92cd951734b25ee

Download Submit
C:\Windows\system\LvIPCVX.exe

Filesize
6.0MB

MD5
fe56f07af7a865caa91882f5437066d6

SHA1
0933c0008e55aa1724b62cedcde252ce91cc1912

SHA256
0c1e0d68bf5c417a6af917b666a378f7385b7d908e49758772e10507c398b0b9

SHA512
bec7e45cbff4bd5dc7f1f42db3cd3bcff05d2afc99288cd7f4ff2d4237c0bddba8972f1fafd6e1e3802d57bb86d2c296147c2501df3e40bc23a5ad89600055b7

Download Submit
C:\Windows\system\MgTUhyn.exe

Filesize
6.0MB

MD5
ce3d87c92f57072699ce3c49280fa23c

SHA1
a4c7560d75ef8c68848e0e8a97ef49e0fac0a798

SHA256
714ef1f721b337ee8414d67ea72dc238a6fcecbff48efd808958f6fe3938dd07

SHA512
8e95cee4f7c24d580a001400dc8e7095ce087d6c694f6ef4c4150efa321d43eed4c04ce8c64ec2fcc8d003d06eb3cb3ede76964667036f381f117f3313178dc2

Download Submit
C:\Windows\system\NrAWREN.exe

Filesize
6.0MB

MD5
715b81d94b5a1bf9dc76357efedd463f

SHA1
f70a1695a1629a7de86ce094d45630c007a89501

SHA256
bc52c4a78cdfbc71a072aa00ec9e0c3022433c8f8a54f2c21fc61d05beb15448

SHA512
4a9469eba8c09420d17efb2ffa1ceb803fae422e3baa5da01bb97bb26e4c089b097df75bc3522c61df2f43622e861712879d8e807c630e18840bbddec6d35e66

Download Submit
C:\Windows\system\NwfdfWO.exe

Filesize
6.0MB

MD5
bdafe20cb7626fc3f9631d2a93ce865a

SHA1
67de4110f627e97052f1bae158f13c225e51ba35

SHA256
bd52ad670327a9e063c5b24ef7478f66f1551bf0c92fb136fb7faa329e88f07f

SHA512
557cf07440485ff2344826d693789cd3b7961a423e30292189e63c7d454fc889a3ca19c2f281e18f8450d8e3038105ec93618cefaa200169cc7d4470a07d7843

Download Submit
C:\Windows\system\PNCwmev.exe

Filesize
6.0MB

MD5
3c48fb8f0d8795a03ace599ab22bb5b5

SHA1
f412f545f08363a0b64a61d6ca5545c6d06632ea

SHA256
681c13c0464d7b5a8e75a7716a2b0f7f8a6f60544072cf62f06dc911d377d062

SHA512
eb484d694de35de302ca33f59dc9d81fddc5a19a70596b1c326bba27736a5b24fea65bbc5ed0e5c48c9fa6243bd483e263bbe688224bdbf75126f7ef68c3ed32

Download Submit
C:\Windows\system\Plhigfy.exe

Filesize
6.0MB

MD5
201fc343f114aa5e263e984d7679f8f3

SHA1
416c8c7d850f490455a8659ffc49438786e5c5c7

SHA256
10cc890523c2ed44b462d05ac2ebb96cc27adba5adc52be15684b306c36a9b15

SHA512
d9fb78d4f4f4cfafab693616ca2db594714b680972a14e17ec6471d56f415e4e2bfc295a6c9eb934e8f0b8ebc7fce43e9636112dee646f54d6f09bad75e4ef82

Download Submit
C:\Windows\system\RWBEjgn.exe

Filesize
6.0MB

MD5
07d22b99168d93fc74e6d084cdceba47

SHA1
88a949ca63542c6e4e20e5b89f47253672e58717

SHA256
86d41e5c317d3e8c2336aa386ebd3eb1291dc1df1248265ecc91964783a0e6da

SHA512
a9c713d3a317a2ef4d4a62e28818fab83b2d52be8f6373e39771d9dd214cc28d5acaed5d8bea1e22ef2b68841e4c1e49469631489bb5d1e8cb1ae6e4fbbdf13f

Download Submit
C:\Windows\system\RiATwbU.exe

Filesize
6.0MB

MD5
8618327751cbab71cbfbb980fc1b7801

SHA1
3d20b6e0ddd0350a3ad217cd875d067ad758f3ca

SHA256
d387dad040c4cbb5e8080bd393bbd684f2e5a0b89007c2dac69a571c20aa7ffc

SHA512
e963148058a638d968d5e9735a1d6e18cbc8998a5c49246f407b754af54df794f7853a40de3b0ee852ee38215583d457960e1e0281ccc4538ae030791ab41f2f

Download Submit
C:\Windows\system\WYAIaSv.exe

Filesize
6.0MB

MD5
5fbfd43653e61f22b387f0e97ef8bc7c

SHA1
9e18b6cc1f36cabe5081b98ce8455e10ab97a8b9

SHA256
12cac32a5dfd3938f51c64d7597aa5cb8d55883c587c7ce235a674b612cc2ce9

SHA512
87158b9abce016c79321cc98e8783c94a070f01b6dc85ef2c08c7bf47ab9aec5f9c49b3856ccf7ef57bef4f8037e2d8935a906bd01b19c267d715ffe1ee8f729

Download Submit
C:\Windows\system\WozfHuI.exe

Filesize
6.0MB

MD5
92f5cda0c994b832162e374649e4e593

SHA1
9c0c88b6d66f76a04e92683e00fa62ac11aaddc2

SHA256
5587e94aa8f12715a1d9c8aec5c4cb2f4f69f12282e805473bc71a55a4f912c1

SHA512
29ffb29a5529fc8f1714728ac69bd1129c4bc984a13c94ef596fd9b1695fba09a028cb11bfb26df22fc2e6da4284cddfc37bacebf94b7da5b9cb6a446e865d5d

Download Submit
C:\Windows\system\XYcdWHT.exe

Filesize
6.0MB

MD5
735d3983f6550f2b22c6305b0fc0322d

SHA1
102994196810d7283876114fca6a9b72ebea365e

SHA256
fc1656ac17d505b34424836a8515947019d24923bc3c9c96d9d453f7fdf44f68

SHA512
ec94f7a8e8a695822d15cad704194993eb49b251d4d4e7be7f585eca6a8d27554dfdc63480a20fd13ee642e4e270493abb7b1dff75c422c70f6c75386049eca2

Download Submit
C:\Windows\system\XlplKVQ.exe

Filesize
6.0MB

MD5
ef400e30e60025c5230a7a7a610426ac

SHA1
fbe474265a19b9086e9feae6aa76d332bec9f923

SHA256
8e8cc38bd8b0ae15d2d216a84d31807d4a5ec88b363f1190a369771876975e60

SHA512
9f62efa2c01c060bf668269c59d6d8176e67277ead5ab16e40e8cb416b1d5c74bb5d7000184abb031906199edf386cf25ca0b539ea3143bda2353d8823727123

Download Submit
C:\Windows\system\dVuRwZu.exe

Filesize
6.0MB

MD5
8af7e9e77fa80f185da69591cedc48e4

SHA1
12499788bd224dce1a5760959c33f33bba62a70c

SHA256
04fb6f6baa9fa8be5de04ebddab36a1c5c22d3ddea27be216fa9d1c894e25049

SHA512
d79f4965a9d8fe3dd372f9c0effa2c3ab4d71dc9dc8f454564f474278ce84939a19ed373620b3def534ce3d041e062ed1957e500e5112a61ac30d299f2056636

Download Submit
C:\Windows\system\fMBkXMP.exe

Filesize
6.0MB

MD5
d98641b7b3247b8763c87407a10d7936

SHA1
7990d65d24d99f2e60a33b448ab3d0c22615dff3

SHA256
6ea40e8a86de7f24702a44abbae3730d16d7abae4dc2dc8d1c5b6d972d0356f8

SHA512
091be3cebd7e9cf9d50f7132a0b82230e78ca6f6b1f8f88dbb1b8b4abe046a42b8d59ea27b8738aebbe3ced42c3b27c8609f303045663d8f7fb380c915f43711

Download Submit
C:\Windows\system\gJBxnfB.exe

Filesize
6.0MB

MD5
20b0dd37267a70c337db85d59b436ef4

SHA1
00ece1d25fae32bd2ea99c92f4e9292e11f7c027

SHA256
03de0b2834881137d134028dce80495e8d6ba58e6d5c0934321531562d98f74b

SHA512
10c2f80deac0582d1fc51f48a4bce75b518f2d04d5c50b0a2534a64ab86f16bc8d3e7cd7438aca23013db14ae1ad915e0d9b8430a3eb059a882c361739f91711

Download Submit
C:\Windows\system\gZVMkHS.exe

Filesize
6.0MB

MD5
cee04fa446cc02614c4b353de20eae27

SHA1
b7f64168526fb1cdbe90fa84b51d357dcd7f4928

SHA256
f45b4d5b1e813a46e1d39caa7d28b4b53f16e189da4975cd117171d10bd84a7c

SHA512
f6b31125752cc3f3121da8acdcf4f2546b5749cc6dcbd8b1f4635cc8e870b1aeccc8e531a82983ed459d0fb7c4858dbdbe25d1abddd4160d81b78ea0a97ccafc

Download Submit
C:\Windows\system\kecwMDh.exe

Filesize
6.0MB

MD5
f4615cf024aa75f027b01dfb60347351

SHA1
036f125debfa3b6e9dc7e9f3106eb12396834554

SHA256
9c3474ad49e3154fd4a17e49dbf32dfb160707ccbb2ad4657f8f3c928e5d41d9

SHA512
0c9ac0752821af7fa08879c824475580c18b293a13eecd2e04d9b023e82eb78e668b0da187995e1fd3a0d630e961183786293d0f6768bc8b788fef940ce3b690

Download Submit
C:\Windows\system\sTKHUtw.exe

Filesize
6.0MB

MD5
f5f9742c020ebe17a635a92203b4a1cf

SHA1
7faaea248d32f256dc2074d3c2411e9976ffbe46

SHA256
1e05bcc8fae50451136680e6b104a9b3db801f63e40ef7a441be68c5a1b71b59

SHA512
13887890d5c07e301bd5dda4de0351f1f031d84010bded0e4fba0526bf2a3d90654c3de64de915c369dbf32449cf2f1c9388e78a6dc1cd2071b5b7a6eb41261b

Download Submit
C:\Windows\system\tEsEZJa.exe

Filesize
6.0MB

MD5
1e04ccb110c4d575740f76e377afd1eb

SHA1
050a7a46a6b8ee45d5846b4d36abdf8ea3f67193

SHA256
e1c5044e7d881db6fec05a6dff761c51326dc6c43a9909414b7fb544afba33c6

SHA512
ae4ce521bae6d9a62cfe03792fee4677c0f8fa092c35d96416bb2706b6019929bd308337fadd33a727486ec99a9e9b7997abe01f823269c86f8b28c3e07a68e9

Download Submit
C:\Windows\system\tQJqYbF.exe

Filesize
6.0MB

MD5
4898c5067430d3b47fa1d9d3c6755c16

SHA1
db70046acb65a6a6d3193d7e7b72cb85341dc53e

SHA256
b2e64a2e0723bbc9ec54b95b4e14d6b3fd856d8c67d6d0f5701c176e4715beb2

SHA512
29be2b3dbc3d2ef909fdd000bf5c1b8e2ef291542173b95654a4d47f76a96c3e4c17b6251391bd490daf1f065d59da6c08743213af85742735b7c7e8756d8c7c

Download Submit
C:\Windows\system\xLyfOas.exe

Filesize
6.0MB

MD5
fdba1088c2307db6508f23931a6982e9

SHA1
a0bb178766e25ae9854a38b5a77ed0090a004a76

SHA256
878894e7fa1d6d897e726ea179bfdf16f41b5b68a23f0ba4d641bbd4da9d9f14

SHA512
b6bdbddef6c5cd439dd9e9131ef0475712119a15da7d4351a2e4aae28e79aac9c8c27ff6ff8f96ae8d2f65a079648b735587e81d6c5a57e38751daa80efd7995

Download Submit
C:\Windows\system\xWNrHcZ.exe

Filesize
6.0MB

MD5
91ca0af4f63110b48e20f6b67b156b15

SHA1
a2e7a2076910628c36133664cb202c10230e528c

SHA256
f99c69d741e63335335a4734f295d01cb5209ed8c0908d2967ceb086b28268aa

SHA512
c89b1d32a979f412b5b40e78ba47f19ea6c63d637dc8f57a505b15328f1afd01308fc7fb17bc0c8ca50e6366f3cefad8e226176e0db333e3864ed8f1dddd3f9e

Download Submit
C:\Windows\system\xfgMcWJ.exe

Filesize
6.0MB

MD5
b0af0872a683a09d64b84e814c0eee7a

SHA1
bb7e15a53ebaa4e29ccb85c28f2d2d8270168e1c

SHA256
1df1a90ec8f792045420485f7f71233f68118b1b754b56c4df59c427e620587a

SHA512
b9ac312131bc6c83ecbd321e6f1f4e8235679035b002987306bf5c0a51ae9b61b7db147213d4601e571742dabc90ba167f7487e41f622e9524f6bd3518d3d341

Download Submit
C:\Windows\system\zJSdyHO.exe

Filesize
6.0MB

MD5
3642194365703b92548368e3b082ebf4

SHA1
bf60c5052cb80f5ad692f72bbb6291cd7cb1dc41

SHA256
162f1552fcf2674d85fb0983deeaf272a23fc580d7571dc1f5ee13c331b48b74

SHA512
b9a3009e09771e4154a371e651df8061372f6fe75718f5a0a5146d25febaebee702b2fa56345fedf5ac4a1b0377dfc1ece5fdc5c53c35c8996b9eaacf04aea56

Download Submit
\Windows\system\GVFhcse.exe

Filesize
6.0MB

MD5
a8cf3cbd4232a127d7e21fdf509ec2c1

SHA1
24b8cc1be943f1bbdcf7b6f5e15a736ab60ffe5e

SHA256
10c0799144bf34ac419be174ea2b042e8807c656fc568200dc16bf83deedba76

SHA512
ea4e35ce06b2acb0b5dc42e7fdc44c9fe3d130eb884025bf0028ddb08457bdddc6ea7f15bc49d65523b2d63bcea3c4345b707c9127fc44076695299f700a615e

Download Submit
memory/388-103-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/388-1201-0x000000013FE40000-0x0000000140194000-memory.dmp

Filesize
3.3MB

Download
memory/1100-1204-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1100-97-0x000000013F370000-0x000000013F6C4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-84-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-1202-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1648-156-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-1205-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/1852-74-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-59-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-15-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2076-1193-0x000000013F290000-0x000000013F5E4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-242-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-1206-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2352-90-0x000000013F270000-0x000000013F5C4000-memory.dmp

Filesize
3.3MB

Download
memory/2628-1203-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2628-66-0x000000013F4E0000-0x000000013F834000-memory.dmp

Filesize
3.3MB

Download
memory/2660-1196-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2660-58-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/2744-37-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2744-1198-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2832-26-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2832-1200-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/2892-79-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-1195-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2892-45-0x000000013FE70000-0x00000001401C4000-memory.dmp

Filesize
3.3MB

Download
memory/2904-14-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2904-1197-0x000000013F2B0000-0x000000013F604000-memory.dmp

Filesize
3.3MB

Download
memory/2908-1199-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2908-50-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/2996-72-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2996-1194-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/2996-29-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/3044-89-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/3044-98-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/3044-9-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/3044-91-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/3044-1-0x0000000000100000-0x0000000000110000-memory.dmp

Filesize
64KB

Download
memory/3044-27-0x000000013FB10000-0x000000013FE64000-memory.dmp

Filesize
3.3MB

Download
memory/3044-177-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-73-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-65-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/3044-48-0x000000013F800000-0x000000013FB54000-memory.dmp

Filesize
3.3MB

Download
memory/3044-21-0x000000013F6B0000-0x000000013FA04000-memory.dmp

Filesize
3.3MB

Download
memory/3044-57-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/3044-0-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-80-0x000000013F690000-0x000000013F9E4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-13-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/3044-36-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/3044-49-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-109-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/3044-150-0x000000013FEA0000-0x00000001401F4000-memory.dmp

Filesize
3.3MB

Download
memory/3044-390-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download
memory/3044-240-0x00000000023D0000-0x0000000002724000-memory.dmp

Filesize
3.3MB

Download