cobaltstrike | 253154a3a05aee2dffe4010bc481b5eaf0d160440d22f1ad9d579453734730cf

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
22-01-2025 15:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

94934f6f9d3048afc9684ff97191d404
SHA1

8a8e6f53f0a11f2e0a17cbbd170d5efd50e9644f
SHA256

253154a3a05aee2dffe4010bc481b5eaf0d160440d22f1ad9d579453734730cf
SHA512

84722dc9f32bf0df359fc8a9c0de2c0b493b8175cf1a6120eddc9fa97517674b459d928c1f3ff4890448fa6a525706c9a04c731dfe67dcefb547a2ce9a51fbf4
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU0:T+q56utgpPF8u/70

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x00080000000120ff-3.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016652-8.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016858-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016b17-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c76-42.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a2-61.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193af-74.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193c9-78.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-192.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-183.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-172.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-177.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-163.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-167.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-152.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-157.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-142.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-132.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-137.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-127.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-117.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-112.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-107.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016311-90.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193f8-101.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019384-72.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016cf8-52.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c81-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016bfc-31.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2444-0-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/files/0x00080000000120ff-3.dat	xmrig
behavioral1/files/0x0007000000016652-8.dat	xmrig
behavioral1/memory/2548-10-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/3040-22-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x0008000000016858-19.dat	xmrig
behavioral1/memory/2360-18-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/files/0x0007000000016b17-23.dat	xmrig
behavioral1/files/0x0007000000016c76-42.dat	xmrig
behavioral1/memory/2828-49-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/memory/2980-64-0x000000013F120000-0x000000013F474000-memory.dmp	xmrig
behavioral1/memory/2444-65-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/2444-63-0x000000013FEF0000-0x0000000140244000-memory.dmp	xmrig
behavioral1/files/0x00050000000193a2-61.dat	xmrig
behavioral1/memory/2792-76-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193af-74.dat	xmrig
behavioral1/memory/2652-73-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x00050000000193c9-78.dat	xmrig
behavioral1/memory/1600-84-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2360-83-0x000000013F330000-0x000000013F684000-memory.dmp	xmrig
behavioral1/memory/2776-96-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/memory/1916-94-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1372-102-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/1916-942-0x000000013F9D0000-0x000000013FD24000-memory.dmp	xmrig
behavioral1/memory/1372-1033-0x000000013F610000-0x000000013F964000-memory.dmp	xmrig
behavioral1/memory/1600-701-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2792-510-0x000000013F460000-0x000000013F7B4000-memory.dmp	xmrig
behavioral1/memory/2652-374-0x000000013F720000-0x000000013FA74000-memory.dmp	xmrig
behavioral1/files/0x000500000001961b-192.dat	xmrig
behavioral1/files/0x000500000001957c-183.dat	xmrig
behavioral1/files/0x0005000000019589-187.dat	xmrig
behavioral1/files/0x0005000000019515-172.dat	xmrig
behavioral1/files/0x000500000001953a-177.dat	xmrig
behavioral1/files/0x0005000000019501-163.dat	xmrig
behavioral1/files/0x0005000000019503-167.dat	xmrig
behavioral1/files/0x00050000000194f2-152.dat	xmrig
behavioral1/files/0x00050000000194f6-157.dat	xmrig
behavioral1/files/0x00050000000194e2-142.dat	xmrig
behavioral1/files/0x00050000000194ea-147.dat	xmrig
behavioral1/files/0x00050000000194d4-132.dat	xmrig
behavioral1/files/0x00050000000194da-137.dat	xmrig
behavioral1/files/0x00050000000194b4-127.dat	xmrig
behavioral1/files/0x00050000000194a7-122.dat	xmrig
behavioral1/files/0x0005000000019494-117.dat	xmrig
behavioral1/files/0x0005000000019408-112.dat	xmrig
behavioral1/files/0x00050000000193fa-107.dat	xmrig
behavioral1/memory/2324-92-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/3052-91-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0009000000016311-90.dat	xmrig
behavioral1/memory/2444-88-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/3040-87-0x000000013FA30000-0x000000013FD84000-memory.dmp	xmrig
behavioral1/files/0x00050000000193f8-101.dat	xmrig
behavioral1/files/0x0005000000019384-72.dat	xmrig
behavioral1/memory/2884-71-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/memory/2548-70-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0008000000016cf8-52.dat	xmrig
behavioral1/memory/2444-60-0x000000013F880000-0x000000013FBD4000-memory.dmp	xmrig
behavioral1/memory/2776-57-0x000000013F6F0000-0x000000013FA44000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c81-43.dat	xmrig
behavioral1/memory/2324-36-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2444-40-0x0000000002370000-0x00000000026C4000-memory.dmp	xmrig
behavioral1/memory/3052-32-0x000000013F250000-0x000000013F5A4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016bfc-31.dat	xmrig
behavioral1/memory/2548-4015-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
2548	YTRfSXW.exe
2360	tZoxubD.exe
3040	UoQfQhr.exe
3052	qfuxyBI.exe
2324	mkRbaoX.exe
2980	HiEfewb.exe
2828	wpDqQVa.exe
2776	FpshFyL.exe
2884	TLAaaXi.exe
2652	kTsWzLZ.exe
2792	vFBYwLj.exe
1600	sPMlDvQ.exe
1916	rTdLcFe.exe
1372	ARuEkTS.exe
1980	mPtoOWX.exe
1656	xEDWPJo.exe
1868	BGsxoIt.exe
2512	uNfrLKi.exe
1616	RZkvuVe.exe
1492	kHMZWcJ.exe
472	joRDNsy.exe
2000	bLauStM.exe
2952	ZgLInzO.exe
2296	YdbnqCE.exe
2656	ZhkmmeL.exe
2208	RxyTaCF.exe
2944	XFUOFDg.exe
1860	COsgiWz.exe
1956	BvbNUqN.exe
3004	BBkuFJx.exe
1596	BlmCPVZ.exe
1052	PQLWWGz.exe
2224	PaDDWqJ.exe
2084	XNQxSdE.exe
1800	ZkVdxHP.exe
888	OnBAZiS.exe
1520	FCHTObw.exe
932	nlsotRi.exe
2484	nGwDLPm.exe
740	MOmSbgI.exe
1532	iKRZwbi.exe
1772	uUiklXB.exe
2164	pRgISPm.exe
580	UiPRzYU.exe
1976	ofGkVwN.exe
392	BHDRUAh.exe
2024	qCjDLXT.exe
880	GmIfiWk.exe
2072	tTKxsbe.exe
2368	rFcTEAY.exe
2144	OesVRAJ.exe
1576	xSlecqp.exe
2528	KtvKLDS.exe
2112	gwjcfVV.exe
2316	rokOzGy.exe
2816	mKKUEVX.exe
2864	NtDYzYG.exe
2108	XoJrKaW.exe
2716	pPtIoSB.exe
2648	vSULtZp.exe
1076	wqNSSam.exe
1900	EWRseOr.exe
1932	WeeBfxz.exe
1320	lUvCUwu.exe

Loads dropped DLL 64 IoCs

pid	Process
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2444-0-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-3.dat	upx
behavioral1/files/0x0007000000016652-8.dat	upx
behavioral1/memory/2548-10-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/3040-22-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x0008000000016858-19.dat	upx
behavioral1/memory/2360-18-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/files/0x0007000000016b17-23.dat	upx
behavioral1/files/0x0007000000016c76-42.dat	upx
behavioral1/memory/2828-49-0x000000013FEF0000-0x0000000140244000-memory.dmp	upx
behavioral1/memory/2980-64-0x000000013F120000-0x000000013F474000-memory.dmp	upx
behavioral1/files/0x00050000000193a2-61.dat	upx
behavioral1/memory/2444-53-0x0000000002370000-0x00000000026C4000-memory.dmp	upx
behavioral1/memory/2792-76-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/files/0x00050000000193af-74.dat	upx
behavioral1/memory/2652-73-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x00050000000193c9-78.dat	upx
behavioral1/memory/1600-84-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2360-83-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/2776-96-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/memory/1916-94-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1372-102-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1916-942-0x000000013F9D0000-0x000000013FD24000-memory.dmp	upx
behavioral1/memory/1372-1033-0x000000013F610000-0x000000013F964000-memory.dmp	upx
behavioral1/memory/1600-701-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2792-510-0x000000013F460000-0x000000013F7B4000-memory.dmp	upx
behavioral1/memory/2652-374-0x000000013F720000-0x000000013FA74000-memory.dmp	upx
behavioral1/files/0x000500000001961b-192.dat	upx
behavioral1/files/0x000500000001957c-183.dat	upx
behavioral1/files/0x0005000000019589-187.dat	upx
behavioral1/files/0x0005000000019515-172.dat	upx
behavioral1/files/0x000500000001953a-177.dat	upx
behavioral1/files/0x0005000000019501-163.dat	upx
behavioral1/files/0x0005000000019503-167.dat	upx
behavioral1/files/0x00050000000194f2-152.dat	upx
behavioral1/files/0x00050000000194f6-157.dat	upx
behavioral1/files/0x00050000000194e2-142.dat	upx
behavioral1/files/0x00050000000194ea-147.dat	upx
behavioral1/files/0x00050000000194d4-132.dat	upx
behavioral1/files/0x00050000000194da-137.dat	upx
behavioral1/files/0x00050000000194b4-127.dat	upx
behavioral1/files/0x00050000000194a7-122.dat	upx
behavioral1/files/0x0005000000019494-117.dat	upx
behavioral1/files/0x0005000000019408-112.dat	upx
behavioral1/files/0x00050000000193fa-107.dat	upx
behavioral1/memory/2324-92-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/3052-91-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0009000000016311-90.dat	upx
behavioral1/memory/3040-87-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/files/0x00050000000193f8-101.dat	upx
behavioral1/files/0x0005000000019384-72.dat	upx
behavioral1/memory/2884-71-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2548-70-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0008000000016cf8-52.dat	upx
behavioral1/memory/2444-60-0x000000013F880000-0x000000013FBD4000-memory.dmp	upx
behavioral1/memory/2776-57-0x000000013F6F0000-0x000000013FA44000-memory.dmp	upx
behavioral1/files/0x0007000000016c81-43.dat	upx
behavioral1/memory/2324-36-0x000000013FAF0000-0x000000013FE44000-memory.dmp	upx
behavioral1/memory/3052-32-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx
behavioral1/files/0x0007000000016bfc-31.dat	upx
behavioral1/memory/2548-4015-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2360-4016-0x000000013F330000-0x000000013F684000-memory.dmp	upx
behavioral1/memory/3040-4017-0x000000013FA30000-0x000000013FD84000-memory.dmp	upx
behavioral1/memory/3052-4018-0x000000013F250000-0x000000013F5A4000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\ZxCmhXT.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LRYiGxU.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oCrMCKa.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fKHbzqa.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\gGbtdFU.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RAdKeBK.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GEpgBzh.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YyEDDzy.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\itxpVEo.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MNqxoFF.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YfPBXGc.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GhamFer.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SiHtPDw.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ykEoQql.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tUXPZQc.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SZsOiYz.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KoDDXJH.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bobXSjF.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PQLWWGz.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPfGeGU.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\WLnRKid.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DQDmhqE.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ShFDCLz.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VOwYZPy.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\odYZAtW.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LIUpBFa.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hypjKpk.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LHQXplK.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FPxnsYM.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KBNDefy.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kTsWzLZ.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tRkNkEm.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\sApOKVm.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pVwwiSo.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UkEuPYP.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PtnCZMZ.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EVNYyRH.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\veRaCQq.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uQqwpcD.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xLeaeeR.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iqjUPue.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YdYmkeg.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GxZIbZx.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZPbqNOW.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QnUGmBy.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RJsaLkJ.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oPBPkpn.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yfVrrlw.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\uBDyYyX.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cRVyhzd.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vLbRwib.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\awlzOnv.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yYstchF.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jOZxsKn.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qGppvjk.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BnxWsBX.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\xbCGAFs.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qutftYd.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oKwiFyW.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GQOVRzO.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MPzEENZ.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lMdLfAt.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIPUqxB.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YaliOqf.exe	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2548	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2444 wrote to memory of 2548	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2444 wrote to memory of 2548	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2444 wrote to memory of 2360	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2444 wrote to memory of 2360	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2444 wrote to memory of 2360	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2444 wrote to memory of 3040	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2444 wrote to memory of 3040	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2444 wrote to memory of 3040	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2444 wrote to memory of 3052	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2444 wrote to memory of 3052	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2444 wrote to memory of 3052	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2444 wrote to memory of 2324	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2444 wrote to memory of 2324	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2444 wrote to memory of 2324	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2444 wrote to memory of 2980	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2444 wrote to memory of 2980	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2444 wrote to memory of 2980	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2444 wrote to memory of 2828	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2444 wrote to memory of 2828	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2444 wrote to memory of 2828	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2444 wrote to memory of 2776	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2444 wrote to memory of 2776	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2444 wrote to memory of 2776	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2444 wrote to memory of 2652	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2444 wrote to memory of 2652	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2444 wrote to memory of 2652	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2444 wrote to memory of 2884	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2444 wrote to memory of 2884	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2444 wrote to memory of 2884	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2444 wrote to memory of 2792	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2444 wrote to memory of 2792	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2444 wrote to memory of 2792	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2444 wrote to memory of 1600	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2444 wrote to memory of 1600	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2444 wrote to memory of 1600	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2444 wrote to memory of 1916	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2444 wrote to memory of 1916	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2444 wrote to memory of 1916	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2444 wrote to memory of 1372	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2444 wrote to memory of 1372	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2444 wrote to memory of 1372	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2444 wrote to memory of 1980	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2444 wrote to memory of 1980	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2444 wrote to memory of 1980	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2444 wrote to memory of 1656	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2444 wrote to memory of 1656	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2444 wrote to memory of 1656	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2444 wrote to memory of 1868	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2444 wrote to memory of 1868	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2444 wrote to memory of 1868	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2444 wrote to memory of 2512	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2444 wrote to memory of 2512	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2444 wrote to memory of 2512	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2444 wrote to memory of 1616	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2444 wrote to memory of 1616	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2444 wrote to memory of 1616	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2444 wrote to memory of 1492	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2444 wrote to memory of 1492	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2444 wrote to memory of 1492	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2444 wrote to memory of 472	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2444 wrote to memory of 472	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2444 wrote to memory of 472	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 2444 wrote to memory of 2000	2444	2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-22_94934f6f9d3048afc9684ff97191d404_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\System\YTRfSXW.exe
  C:\Windows\System\YTRfSXW.exe
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Windows\System\tZoxubD.exe
  C:\Windows\System\tZoxubD.exe
  2⤵
  - Executes dropped EXE
  PID:2360
- C:\Windows\System\UoQfQhr.exe
  C:\Windows\System\UoQfQhr.exe
  2⤵
  - Executes dropped EXE
  PID:3040
- C:\Windows\System\qfuxyBI.exe
  C:\Windows\System\qfuxyBI.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\mkRbaoX.exe
  C:\Windows\System\mkRbaoX.exe
  2⤵
  - Executes dropped EXE
  PID:2324
- C:\Windows\System\HiEfewb.exe
  C:\Windows\System\HiEfewb.exe
  2⤵
  - Executes dropped EXE
  PID:2980
- C:\Windows\System\wpDqQVa.exe
  C:\Windows\System\wpDqQVa.exe
  2⤵
  - Executes dropped EXE
  PID:2828
- C:\Windows\System\FpshFyL.exe
  C:\Windows\System\FpshFyL.exe
  2⤵
  - Executes dropped EXE
  PID:2776
- C:\Windows\System\kTsWzLZ.exe
  C:\Windows\System\kTsWzLZ.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\TLAaaXi.exe
  C:\Windows\System\TLAaaXi.exe
  2⤵
  - Executes dropped EXE
  PID:2884
- C:\Windows\System\vFBYwLj.exe
  C:\Windows\System\vFBYwLj.exe
  2⤵
  - Executes dropped EXE
  PID:2792
- C:\Windows\System\sPMlDvQ.exe
  C:\Windows\System\sPMlDvQ.exe
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System\rTdLcFe.exe
  C:\Windows\System\rTdLcFe.exe
  2⤵
  - Executes dropped EXE
  PID:1916
- C:\Windows\System\ARuEkTS.exe
  C:\Windows\System\ARuEkTS.exe
  2⤵
  - Executes dropped EXE
  PID:1372
- C:\Windows\System\mPtoOWX.exe
  C:\Windows\System\mPtoOWX.exe
  2⤵
  - Executes dropped EXE
  PID:1980
- C:\Windows\System\xEDWPJo.exe
  C:\Windows\System\xEDWPJo.exe
  2⤵
  - Executes dropped EXE
  PID:1656
- C:\Windows\System\BGsxoIt.exe
  C:\Windows\System\BGsxoIt.exe
  2⤵
  - Executes dropped EXE
  PID:1868
- C:\Windows\System\uNfrLKi.exe
  C:\Windows\System\uNfrLKi.exe
  2⤵
  - Executes dropped EXE
  PID:2512
- C:\Windows\System\RZkvuVe.exe
  C:\Windows\System\RZkvuVe.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\kHMZWcJ.exe
  C:\Windows\System\kHMZWcJ.exe
  2⤵
  - Executes dropped EXE
  PID:1492
- C:\Windows\System\joRDNsy.exe
  C:\Windows\System\joRDNsy.exe
  2⤵
  - Executes dropped EXE
  PID:472
- C:\Windows\System\bLauStM.exe
  C:\Windows\System\bLauStM.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\ZgLInzO.exe
  C:\Windows\System\ZgLInzO.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\YdbnqCE.exe
  C:\Windows\System\YdbnqCE.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\ZhkmmeL.exe
  C:\Windows\System\ZhkmmeL.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\RxyTaCF.exe
  C:\Windows\System\RxyTaCF.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\XFUOFDg.exe
  C:\Windows\System\XFUOFDg.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\COsgiWz.exe
  C:\Windows\System\COsgiWz.exe
  2⤵
  - Executes dropped EXE
  PID:1860
- C:\Windows\System\BvbNUqN.exe
  C:\Windows\System\BvbNUqN.exe
  2⤵
  - Executes dropped EXE
  PID:1956
- C:\Windows\System\BBkuFJx.exe
  C:\Windows\System\BBkuFJx.exe
  2⤵
  - Executes dropped EXE
  PID:3004
- C:\Windows\System\BlmCPVZ.exe
  C:\Windows\System\BlmCPVZ.exe
  2⤵
  - Executes dropped EXE
  PID:1596
- C:\Windows\System\PQLWWGz.exe
  C:\Windows\System\PQLWWGz.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\PaDDWqJ.exe
  C:\Windows\System\PaDDWqJ.exe
  2⤵
  - Executes dropped EXE
  PID:2224
- C:\Windows\System\XNQxSdE.exe
  C:\Windows\System\XNQxSdE.exe
  2⤵
  - Executes dropped EXE
  PID:2084
- C:\Windows\System\ZkVdxHP.exe
  C:\Windows\System\ZkVdxHP.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\OnBAZiS.exe
  C:\Windows\System\OnBAZiS.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\FCHTObw.exe
  C:\Windows\System\FCHTObw.exe
  2⤵
  - Executes dropped EXE
  PID:1520
- C:\Windows\System\nlsotRi.exe
  C:\Windows\System\nlsotRi.exe
  2⤵
  - Executes dropped EXE
  PID:932
- C:\Windows\System\nGwDLPm.exe
  C:\Windows\System\nGwDLPm.exe
  2⤵
  - Executes dropped EXE
  PID:2484
- C:\Windows\System\MOmSbgI.exe
  C:\Windows\System\MOmSbgI.exe
  2⤵
  - Executes dropped EXE
  PID:740
- C:\Windows\System\iKRZwbi.exe
  C:\Windows\System\iKRZwbi.exe
  2⤵
  - Executes dropped EXE
  PID:1532
- C:\Windows\System\uUiklXB.exe
  C:\Windows\System\uUiklXB.exe
  2⤵
  - Executes dropped EXE
  PID:1772
- C:\Windows\System\pRgISPm.exe
  C:\Windows\System\pRgISPm.exe
  2⤵
  - Executes dropped EXE
  PID:2164
- C:\Windows\System\UiPRzYU.exe
  C:\Windows\System\UiPRzYU.exe
  2⤵
  - Executes dropped EXE
  PID:580
- C:\Windows\System\ofGkVwN.exe
  C:\Windows\System\ofGkVwN.exe
  2⤵
  - Executes dropped EXE
  PID:1976
- C:\Windows\System\BHDRUAh.exe
  C:\Windows\System\BHDRUAh.exe
  2⤵
  - Executes dropped EXE
  PID:392
- C:\Windows\System\qCjDLXT.exe
  C:\Windows\System\qCjDLXT.exe
  2⤵
  - Executes dropped EXE
  PID:2024
- C:\Windows\System\GmIfiWk.exe
  C:\Windows\System\GmIfiWk.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\tTKxsbe.exe
  C:\Windows\System\tTKxsbe.exe
  2⤵
  - Executes dropped EXE
  PID:2072
- C:\Windows\System\rFcTEAY.exe
  C:\Windows\System\rFcTEAY.exe
  2⤵
  - Executes dropped EXE
  PID:2368
- C:\Windows\System\OesVRAJ.exe
  C:\Windows\System\OesVRAJ.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\xSlecqp.exe
  C:\Windows\System\xSlecqp.exe
  2⤵
  - Executes dropped EXE
  PID:1576
- C:\Windows\System\KtvKLDS.exe
  C:\Windows\System\KtvKLDS.exe
  2⤵
  - Executes dropped EXE
  PID:2528
- C:\Windows\System\gwjcfVV.exe
  C:\Windows\System\gwjcfVV.exe
  2⤵
  - Executes dropped EXE
  PID:2112
- C:\Windows\System\rokOzGy.exe
  C:\Windows\System\rokOzGy.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\mKKUEVX.exe
  C:\Windows\System\mKKUEVX.exe
  2⤵
  - Executes dropped EXE
  PID:2816
- C:\Windows\System\NtDYzYG.exe
  C:\Windows\System\NtDYzYG.exe
  2⤵
  - Executes dropped EXE
  PID:2864
- C:\Windows\System\XoJrKaW.exe
  C:\Windows\System\XoJrKaW.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\pPtIoSB.exe
  C:\Windows\System\pPtIoSB.exe
  2⤵
  - Executes dropped EXE
  PID:2716
- C:\Windows\System\vSULtZp.exe
  C:\Windows\System\vSULtZp.exe
  2⤵
  - Executes dropped EXE
  PID:2648
- C:\Windows\System\wqNSSam.exe
  C:\Windows\System\wqNSSam.exe
  2⤵
  - Executes dropped EXE
  PID:1076
- C:\Windows\System\EWRseOr.exe
  C:\Windows\System\EWRseOr.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\WeeBfxz.exe
  C:\Windows\System\WeeBfxz.exe
  2⤵
  - Executes dropped EXE
  PID:1932
- C:\Windows\System\lUvCUwu.exe
  C:\Windows\System\lUvCUwu.exe
  2⤵
  - Executes dropped EXE
  PID:1320
- C:\Windows\System\huowyhU.exe
  C:\Windows\System\huowyhU.exe
  2⤵
  PID:1852
- C:\Windows\System\dqfNcVJ.exe
  C:\Windows\System\dqfNcVJ.exe
  2⤵
  PID:1944
- C:\Windows\System\tFzStIx.exe
  C:\Windows\System\tFzStIx.exe
  2⤵
  PID:2796
- C:\Windows\System\DgvpikA.exe
  C:\Windows\System\DgvpikA.exe
  2⤵
  PID:2464
- C:\Windows\System\tztuEPA.exe
  C:\Windows\System\tztuEPA.exe
  2⤵
  PID:2596
- C:\Windows\System\KhsMyVR.exe
  C:\Windows\System\KhsMyVR.exe
  2⤵
  PID:2712
- C:\Windows\System\MPzEENZ.exe
  C:\Windows\System\MPzEENZ.exe
  2⤵
  PID:1068
- C:\Windows\System\DmSylKr.exe
  C:\Windows\System\DmSylKr.exe
  2⤵
  PID:1316
- C:\Windows\System\UfzgUsQ.exe
  C:\Windows\System\UfzgUsQ.exe
  2⤵
  PID:1748
- C:\Windows\System\zGIiDDF.exe
  C:\Windows\System\zGIiDDF.exe
  2⤵
  PID:344
- C:\Windows\System\SMrnBZE.exe
  C:\Windows\System\SMrnBZE.exe
  2⤵
  PID:1660
- C:\Windows\System\IlrKlUH.exe
  C:\Windows\System\IlrKlUH.exe
  2⤵
  PID:916
- C:\Windows\System\rjsBtat.exe
  C:\Windows\System\rjsBtat.exe
  2⤵
  PID:1088
- C:\Windows\System\AoRcfOs.exe
  C:\Windows\System\AoRcfOs.exe
  2⤵
  PID:1340
- C:\Windows\System\ftHBtud.exe
  C:\Windows\System\ftHBtud.exe
  2⤵
  PID:1228
- C:\Windows\System\jJqZhDR.exe
  C:\Windows\System\jJqZhDR.exe
  2⤵
  PID:2352
- C:\Windows\System\CPfZUgc.exe
  C:\Windows\System\CPfZUgc.exe
  2⤵
  PID:1744
- C:\Windows\System\BvPIpHp.exe
  C:\Windows\System\BvPIpHp.exe
  2⤵
  PID:2008
- C:\Windows\System\cJKVRlv.exe
  C:\Windows\System\cJKVRlv.exe
  2⤵
  PID:1572
- C:\Windows\System\uBDyYyX.exe
  C:\Windows\System\uBDyYyX.exe
  2⤵
  PID:2364
- C:\Windows\System\YnWqKGj.exe
  C:\Windows\System\YnWqKGj.exe
  2⤵
  PID:1920
- C:\Windows\System\RxCCRjb.exe
  C:\Windows\System\RxCCRjb.exe
  2⤵
  PID:2756
- C:\Windows\System\hSoaoBT.exe
  C:\Windows\System\hSoaoBT.exe
  2⤵
  PID:2876
- C:\Windows\System\KHyxZea.exe
  C:\Windows\System\KHyxZea.exe
  2⤵
  PID:2832
- C:\Windows\System\WUlMISU.exe
  C:\Windows\System\WUlMISU.exe
  2⤵
  PID:1308
- C:\Windows\System\iqcqowz.exe
  C:\Windows\System\iqcqowz.exe
  2⤵
  PID:2452
- C:\Windows\System\mSbDvFs.exe
  C:\Windows\System\mSbDvFs.exe
  2⤵
  PID:1848
- C:\Windows\System\ykRNARf.exe
  C:\Windows\System\ykRNARf.exe
  2⤵
  PID:2016
- C:\Windows\System\dIKYBiW.exe
  C:\Windows\System\dIKYBiW.exe
  2⤵
  PID:3048
- C:\Windows\System\FglvEet.exe
  C:\Windows\System\FglvEet.exe
  2⤵
  PID:2988
- C:\Windows\System\dNtWeql.exe
  C:\Windows\System\dNtWeql.exe
  2⤵
  PID:2524
- C:\Windows\System\ssyZHWw.exe
  C:\Windows\System\ssyZHWw.exe
  2⤵
  PID:1080
- C:\Windows\System\CfsvgND.exe
  C:\Windows\System\CfsvgND.exe
  2⤵
  PID:548
- C:\Windows\System\YiqFuHL.exe
  C:\Windows\System\YiqFuHL.exe
  2⤵
  PID:1516
- C:\Windows\System\IOspwXe.exe
  C:\Windows\System\IOspwXe.exe
  2⤵
  PID:2288
- C:\Windows\System\TXtUWul.exe
  C:\Windows\System\TXtUWul.exe
  2⤵
  PID:1380
- C:\Windows\System\PLulEFs.exe
  C:\Windows\System\PLulEFs.exe
  2⤵
  PID:1432
- C:\Windows\System\iPSNBaE.exe
  C:\Windows\System\iPSNBaE.exe
  2⤵
  PID:2552
- C:\Windows\System\iZIiyZD.exe
  C:\Windows\System\iZIiyZD.exe
  2⤵
  PID:2536
- C:\Windows\System\jrMLlhx.exe
  C:\Windows\System\jrMLlhx.exe
  2⤵
  PID:2632
- C:\Windows\System\heCJZir.exe
  C:\Windows\System\heCJZir.exe
  2⤵
  PID:2204
- C:\Windows\System\xFraOPv.exe
  C:\Windows\System\xFraOPv.exe
  2⤵
  PID:2780
- C:\Windows\System\ACgCfgx.exe
  C:\Windows\System\ACgCfgx.exe
  2⤵
  PID:2772
- C:\Windows\System\ylHgJfk.exe
  C:\Windows\System\ylHgJfk.exe
  2⤵
  PID:112
- C:\Windows\System\dHACxCV.exe
  C:\Windows\System\dHACxCV.exe
  2⤵
  PID:2880
- C:\Windows\System\jDoLSNF.exe
  C:\Windows\System\jDoLSNF.exe
  2⤵
  PID:288
- C:\Windows\System\wfEnDXF.exe
  C:\Windows\System\wfEnDXF.exe
  2⤵
  PID:1288
- C:\Windows\System\bhxAhrQ.exe
  C:\Windows\System\bhxAhrQ.exe
  2⤵
  PID:2588
- C:\Windows\System\bLIgdHg.exe
  C:\Windows\System\bLIgdHg.exe
  2⤵
  PID:1644
- C:\Windows\System\IYzgcqE.exe
  C:\Windows\System\IYzgcqE.exe
  2⤵
  PID:2764
- C:\Windows\System\eeOUeSb.exe
  C:\Windows\System\eeOUeSb.exe
  2⤵
  PID:2440
- C:\Windows\System\jXneUhX.exe
  C:\Windows\System\jXneUhX.exe
  2⤵
  PID:1580
- C:\Windows\System\XONoksC.exe
  C:\Windows\System\XONoksC.exe
  2⤵
  PID:2216
- C:\Windows\System\GZiDTYL.exe
  C:\Windows\System\GZiDTYL.exe
  2⤵
  PID:2032
- C:\Windows\System\DiFJgKx.exe
  C:\Windows\System\DiFJgKx.exe
  2⤵
  PID:1584
- C:\Windows\System\JUNqCmJ.exe
  C:\Windows\System\JUNqCmJ.exe
  2⤵
  PID:2504
- C:\Windows\System\QlNkAyV.exe
  C:\Windows\System\QlNkAyV.exe
  2⤵
  PID:624
- C:\Windows\System\XrpAQbT.exe
  C:\Windows\System\XrpAQbT.exe
  2⤵
  PID:3084
- C:\Windows\System\givgmYH.exe
  C:\Windows\System\givgmYH.exe
  2⤵
  PID:3104
- C:\Windows\System\GNGWryz.exe
  C:\Windows\System\GNGWryz.exe
  2⤵
  PID:3124
- C:\Windows\System\lkEZlcP.exe
  C:\Windows\System\lkEZlcP.exe
  2⤵
  PID:3140
- C:\Windows\System\zqTXJZl.exe
  C:\Windows\System\zqTXJZl.exe
  2⤵
  PID:3160
- C:\Windows\System\KlkMzuO.exe
  C:\Windows\System\KlkMzuO.exe
  2⤵
  PID:3180
- C:\Windows\System\NfcPVrm.exe
  C:\Windows\System\NfcPVrm.exe
  2⤵
  PID:3200
- C:\Windows\System\kWUgpwa.exe
  C:\Windows\System\kWUgpwa.exe
  2⤵
  PID:3224
- C:\Windows\System\HjJGHIp.exe
  C:\Windows\System\HjJGHIp.exe
  2⤵
  PID:3244
- C:\Windows\System\hypjKpk.exe
  C:\Windows\System\hypjKpk.exe
  2⤵
  PID:3260
- C:\Windows\System\EUSBdzD.exe
  C:\Windows\System\EUSBdzD.exe
  2⤵
  PID:3284
- C:\Windows\System\fmlyyhX.exe
  C:\Windows\System\fmlyyhX.exe
  2⤵
  PID:3304
- C:\Windows\System\ZDBzUnL.exe
  C:\Windows\System\ZDBzUnL.exe
  2⤵
  PID:3324
- C:\Windows\System\CMMtnYs.exe
  C:\Windows\System\CMMtnYs.exe
  2⤵
  PID:3344
- C:\Windows\System\AbEzFZJ.exe
  C:\Windows\System\AbEzFZJ.exe
  2⤵
  PID:3364
- C:\Windows\System\ZEYRkhn.exe
  C:\Windows\System\ZEYRkhn.exe
  2⤵
  PID:3380
- C:\Windows\System\GVrYleu.exe
  C:\Windows\System\GVrYleu.exe
  2⤵
  PID:3404
- C:\Windows\System\gXUsDRu.exe
  C:\Windows\System\gXUsDRu.exe
  2⤵
  PID:3424
- C:\Windows\System\RCdCCpl.exe
  C:\Windows\System\RCdCCpl.exe
  2⤵
  PID:3444
- C:\Windows\System\uHhofJN.exe
  C:\Windows\System\uHhofJN.exe
  2⤵
  PID:3460
- C:\Windows\System\NZuERsK.exe
  C:\Windows\System\NZuERsK.exe
  2⤵
  PID:3480
- C:\Windows\System\lEvGSCb.exe
  C:\Windows\System\lEvGSCb.exe
  2⤵
  PID:3500
- C:\Windows\System\omgBAfs.exe
  C:\Windows\System\omgBAfs.exe
  2⤵
  PID:3528
- C:\Windows\System\UWnbfEX.exe
  C:\Windows\System\UWnbfEX.exe
  2⤵
  PID:3548
- C:\Windows\System\nSmvkGa.exe
  C:\Windows\System\nSmvkGa.exe
  2⤵
  PID:3568
- C:\Windows\System\tRkNkEm.exe
  C:\Windows\System\tRkNkEm.exe
  2⤵
  PID:3584
- C:\Windows\System\AVEGMJl.exe
  C:\Windows\System\AVEGMJl.exe
  2⤵
  PID:3600
- C:\Windows\System\ZGyjLSS.exe
  C:\Windows\System\ZGyjLSS.exe
  2⤵
  PID:3620
- C:\Windows\System\YFbEDmW.exe
  C:\Windows\System\YFbEDmW.exe
  2⤵
  PID:3648
- C:\Windows\System\XeLzPvw.exe
  C:\Windows\System\XeLzPvw.exe
  2⤵
  PID:3668
- C:\Windows\System\zNJsCUd.exe
  C:\Windows\System\zNJsCUd.exe
  2⤵
  PID:3688
- C:\Windows\System\TyzcJZs.exe
  C:\Windows\System\TyzcJZs.exe
  2⤵
  PID:3708
- C:\Windows\System\VcthDnq.exe
  C:\Windows\System\VcthDnq.exe
  2⤵
  PID:3728
- C:\Windows\System\FPfGeGU.exe
  C:\Windows\System\FPfGeGU.exe
  2⤵
  PID:3748
- C:\Windows\System\wQwhCoT.exe
  C:\Windows\System\wQwhCoT.exe
  2⤵
  PID:3768
- C:\Windows\System\TdplDxg.exe
  C:\Windows\System\TdplDxg.exe
  2⤵
  PID:3788
- C:\Windows\System\etfvrnF.exe
  C:\Windows\System\etfvrnF.exe
  2⤵
  PID:3808
- C:\Windows\System\eveNrfY.exe
  C:\Windows\System\eveNrfY.exe
  2⤵
  PID:3828
- C:\Windows\System\ThFtlxz.exe
  C:\Windows\System\ThFtlxz.exe
  2⤵
  PID:3848
- C:\Windows\System\hnkiRwt.exe
  C:\Windows\System\hnkiRwt.exe
  2⤵
  PID:3864
- C:\Windows\System\YgAnDYb.exe
  C:\Windows\System\YgAnDYb.exe
  2⤵
  PID:3888
- C:\Windows\System\RPmObpG.exe
  C:\Windows\System\RPmObpG.exe
  2⤵
  PID:3908
- C:\Windows\System\wminapY.exe
  C:\Windows\System\wminapY.exe
  2⤵
  PID:3932
- C:\Windows\System\gdwXLdZ.exe
  C:\Windows\System\gdwXLdZ.exe
  2⤵
  PID:3952
- C:\Windows\System\ywfARHZ.exe
  C:\Windows\System\ywfARHZ.exe
  2⤵
  PID:3972
- C:\Windows\System\yLuVNjA.exe
  C:\Windows\System\yLuVNjA.exe
  2⤵
  PID:3992
- C:\Windows\System\pNayXJQ.exe
  C:\Windows\System\pNayXJQ.exe
  2⤵
  PID:4012
- C:\Windows\System\cBQPAFg.exe
  C:\Windows\System\cBQPAFg.exe
  2⤵
  PID:4032
- C:\Windows\System\TboKYFy.exe
  C:\Windows\System\TboKYFy.exe
  2⤵
  PID:4052
- C:\Windows\System\lnvZlbr.exe
  C:\Windows\System\lnvZlbr.exe
  2⤵
  PID:4072
- C:\Windows\System\SahtxGQ.exe
  C:\Windows\System\SahtxGQ.exe
  2⤵
  PID:4092
- C:\Windows\System\homWduS.exe
  C:\Windows\System\homWduS.exe
  2⤵
  PID:2900
- C:\Windows\System\WieMzVR.exe
  C:\Windows\System\WieMzVR.exe
  2⤵
  PID:1992
- C:\Windows\System\iZnPubX.exe
  C:\Windows\System\iZnPubX.exe
  2⤵
  PID:2168
- C:\Windows\System\PQBWseh.exe
  C:\Windows\System\PQBWseh.exe
  2⤵
  PID:1552
- C:\Windows\System\ZxACZfH.exe
  C:\Windows\System\ZxACZfH.exe
  2⤵
  PID:3116
- C:\Windows\System\PCGHyqK.exe
  C:\Windows\System\PCGHyqK.exe
  2⤵
  PID:3096
- C:\Windows\System\hvDgoOj.exe
  C:\Windows\System\hvDgoOj.exe
  2⤵
  PID:3196
- C:\Windows\System\uKjWNbF.exe
  C:\Windows\System\uKjWNbF.exe
  2⤵
  PID:3232
- C:\Windows\System\CgPjqrw.exe
  C:\Windows\System\CgPjqrw.exe
  2⤵
  PID:3236
- C:\Windows\System\pQaxyGq.exe
  C:\Windows\System\pQaxyGq.exe
  2⤵
  PID:3220
- C:\Windows\System\SYBkymH.exe
  C:\Windows\System\SYBkymH.exe
  2⤵
  PID:3316
- C:\Windows\System\LOAGRlZ.exe
  C:\Windows\System\LOAGRlZ.exe
  2⤵
  PID:3356
- C:\Windows\System\njUuDnP.exe
  C:\Windows\System\njUuDnP.exe
  2⤵
  PID:3440
- C:\Windows\System\iDQqTpZ.exe
  C:\Windows\System\iDQqTpZ.exe
  2⤵
  PID:3340
- C:\Windows\System\yxANBEn.exe
  C:\Windows\System\yxANBEn.exe
  2⤵
  PID:3372
- C:\Windows\System\VBhnMfY.exe
  C:\Windows\System\VBhnMfY.exe
  2⤵
  PID:3412
- C:\Windows\System\txjudji.exe
  C:\Windows\System\txjudji.exe
  2⤵
  PID:3452
- C:\Windows\System\isCgqzb.exe
  C:\Windows\System\isCgqzb.exe
  2⤵
  PID:3556
- C:\Windows\System\kCDbmbx.exe
  C:\Windows\System\kCDbmbx.exe
  2⤵
  PID:3592
- C:\Windows\System\EKRSDYc.exe
  C:\Windows\System\EKRSDYc.exe
  2⤵
  PID:3608
- C:\Windows\System\XViHzjX.exe
  C:\Windows\System\XViHzjX.exe
  2⤵
  PID:3644
- C:\Windows\System\PoPcWOK.exe
  C:\Windows\System\PoPcWOK.exe
  2⤵
  PID:3656
- C:\Windows\System\rEoFEQN.exe
  C:\Windows\System\rEoFEQN.exe
  2⤵
  PID:3664
- C:\Windows\System\eOCbuPq.exe
  C:\Windows\System\eOCbuPq.exe
  2⤵
  PID:3696
- C:\Windows\System\HiZHlwf.exe
  C:\Windows\System\HiZHlwf.exe
  2⤵
  PID:3736
- C:\Windows\System\tSomwgM.exe
  C:\Windows\System\tSomwgM.exe
  2⤵
  PID:3796
- C:\Windows\System\MuCpgAa.exe
  C:\Windows\System\MuCpgAa.exe
  2⤵
  PID:3780
- C:\Windows\System\noSqyuk.exe
  C:\Windows\System\noSqyuk.exe
  2⤵
  PID:3872
- C:\Windows\System\GQLpzyZ.exe
  C:\Windows\System\GQLpzyZ.exe
  2⤵
  PID:2824
- C:\Windows\System\oJKynbo.exe
  C:\Windows\System\oJKynbo.exe
  2⤵
  PID:3904
- C:\Windows\System\QyVxRbm.exe
  C:\Windows\System\QyVxRbm.exe
  2⤵
  PID:3928
- C:\Windows\System\HEjRtma.exe
  C:\Windows\System\HEjRtma.exe
  2⤵
  PID:3948
- C:\Windows\System\HYLQlmc.exe
  C:\Windows\System\HYLQlmc.exe
  2⤵
  PID:4000
- C:\Windows\System\mpdrVrg.exe
  C:\Windows\System\mpdrVrg.exe
  2⤵
  PID:3984
- C:\Windows\System\naZpCCt.exe
  C:\Windows\System\naZpCCt.exe
  2⤵
  PID:4084
- C:\Windows\System\PLbtzgg.exe
  C:\Windows\System\PLbtzgg.exe
  2⤵
  PID:2056
- C:\Windows\System\GsxRwUV.exe
  C:\Windows\System\GsxRwUV.exe
  2⤵
  PID:1556
- C:\Windows\System\QMwegPY.exe
  C:\Windows\System\QMwegPY.exe
  2⤵
  PID:952
- C:\Windows\System\leNaska.exe
  C:\Windows\System\leNaska.exe
  2⤵
  PID:3132
- C:\Windows\System\vbLmron.exe
  C:\Windows\System\vbLmron.exe
  2⤵
  PID:2896
- C:\Windows\System\QCOQJDb.exe
  C:\Windows\System\QCOQJDb.exe
  2⤵
  PID:2784
- C:\Windows\System\LbPCrQo.exe
  C:\Windows\System\LbPCrQo.exe
  2⤵
  PID:3168
- C:\Windows\System\pQvjpxA.exe
  C:\Windows\System\pQvjpxA.exe
  2⤵
  PID:3360
- C:\Windows\System\WwHgXYh.exe
  C:\Windows\System\WwHgXYh.exe
  2⤵
  PID:3312
- C:\Windows\System\ldHAIcB.exe
  C:\Windows\System\ldHAIcB.exe
  2⤵
  PID:3512
- C:\Windows\System\DFmSiFL.exe
  C:\Windows\System\DFmSiFL.exe
  2⤵
  PID:3492
- C:\Windows\System\WFGBddz.exe
  C:\Windows\System\WFGBddz.exe
  2⤵
  PID:3420
- C:\Windows\System\elQgCDH.exe
  C:\Windows\System\elQgCDH.exe
  2⤵
  PID:3540
- C:\Windows\System\MbvSZKj.exe
  C:\Windows\System\MbvSZKj.exe
  2⤵
  PID:2888
- C:\Windows\System\nMraAXQ.exe
  C:\Windows\System\nMraAXQ.exe
  2⤵
  PID:3720
- C:\Windows\System\LXgHvkS.exe
  C:\Windows\System\LXgHvkS.exe
  2⤵
  PID:3844
- C:\Windows\System\JzfyTJc.exe
  C:\Windows\System\JzfyTJc.exe
  2⤵
  PID:3860
- C:\Windows\System\oNctwbC.exe
  C:\Windows\System\oNctwbC.exe
  2⤵
  PID:3968
- C:\Windows\System\mJaxhyB.exe
  C:\Windows\System\mJaxhyB.exe
  2⤵
  PID:3700
- C:\Windows\System\UUBIrxg.exe
  C:\Windows\System\UUBIrxg.exe
  2⤵
  PID:3800
- C:\Windows\System\qbiVVFT.exe
  C:\Windows\System\qbiVVFT.exe
  2⤵
  PID:4064
- C:\Windows\System\IqZfywA.exe
  C:\Windows\System\IqZfywA.exe
  2⤵
  PID:3820
- C:\Windows\System\uKYOrdq.exe
  C:\Windows\System\uKYOrdq.exe
  2⤵
  PID:3092
- C:\Windows\System\eSRTBZc.exe
  C:\Windows\System\eSRTBZc.exe
  2⤵
  PID:4080
- C:\Windows\System\SiHtPDw.exe
  C:\Windows\System\SiHtPDw.exe
  2⤵
  PID:3136
- C:\Windows\System\gGbtdFU.exe
  C:\Windows\System\gGbtdFU.exe
  2⤵
  PID:3152
- C:\Windows\System\YIBbKpg.exe
  C:\Windows\System\YIBbKpg.exe
  2⤵
  PID:3240
- C:\Windows\System\lQeNDkF.exe
  C:\Windows\System\lQeNDkF.exe
  2⤵
  PID:3300
- C:\Windows\System\aSkazBr.exe
  C:\Windows\System\aSkazBr.exe
  2⤵
  PID:3352
- C:\Windows\System\MAHKptx.exe
  C:\Windows\System\MAHKptx.exe
  2⤵
  PID:3432
- C:\Windows\System\WXRdLCg.exe
  C:\Windows\System\WXRdLCg.exe
  2⤵
  PID:2804
- C:\Windows\System\kecanfp.exe
  C:\Windows\System\kecanfp.exe
  2⤵
  PID:3640
- C:\Windows\System\aXhubTc.exe
  C:\Windows\System\aXhubTc.exe
  2⤵
  PID:3536
- C:\Windows\System\IOBrwUd.exe
  C:\Windows\System\IOBrwUd.exe
  2⤵
  PID:3680
- C:\Windows\System\lMdLfAt.exe
  C:\Windows\System\lMdLfAt.exe
  2⤵
  PID:4040
- C:\Windows\System\GLYGeHg.exe
  C:\Windows\System\GLYGeHg.exe
  2⤵
  PID:4044
- C:\Windows\System\dkwxJmH.exe
  C:\Windows\System\dkwxJmH.exe
  2⤵
  PID:2848
- C:\Windows\System\BRlfpcb.exe
  C:\Windows\System\BRlfpcb.exe
  2⤵
  PID:4088
- C:\Windows\System\BOIeIwA.exe
  C:\Windows\System\BOIeIwA.exe
  2⤵
  PID:1484
- C:\Windows\System\PDGSMum.exe
  C:\Windows\System\PDGSMum.exe
  2⤵
  PID:3296
- C:\Windows\System\TVejoOy.exe
  C:\Windows\System\TVejoOy.exe
  2⤵
  PID:3332
- C:\Windows\System\TYtTCwd.exe
  C:\Windows\System\TYtTCwd.exe
  2⤵
  PID:2156
- C:\Windows\System\jeftPel.exe
  C:\Windows\System\jeftPel.exe
  2⤵
  PID:2412
- C:\Windows\System\CJEDBBg.exe
  C:\Windows\System\CJEDBBg.exe
  2⤵
  PID:460
- C:\Windows\System\loWEbsi.exe
  C:\Windows\System\loWEbsi.exe
  2⤵
  PID:2964
- C:\Windows\System\UaxYmFv.exe
  C:\Windows\System\UaxYmFv.exe
  2⤵
  PID:2076
- C:\Windows\System\SorgnOc.exe
  C:\Windows\System\SorgnOc.exe
  2⤵
  PID:3824
- C:\Windows\System\dREdXdY.exe
  C:\Windows\System\dREdXdY.exe
  2⤵
  PID:3396
- C:\Windows\System\JWZJijr.exe
  C:\Windows\System\JWZJijr.exe
  2⤵
  PID:3508
- C:\Windows\System\viOFIDY.exe
  C:\Windows\System\viOFIDY.exe
  2⤵
  PID:3740
- C:\Windows\System\zWArWxg.exe
  C:\Windows\System\zWArWxg.exe
  2⤵
  PID:3960
- C:\Windows\System\opObmZs.exe
  C:\Windows\System\opObmZs.exe
  2⤵
  PID:2948
- C:\Windows\System\NdoNeXo.exe
  C:\Windows\System\NdoNeXo.exe
  2⤵
  PID:3496
- C:\Windows\System\OmQuxJx.exe
  C:\Windows\System\OmQuxJx.exe
  2⤵
  PID:4112
- C:\Windows\System\ykEoQql.exe
  C:\Windows\System\ykEoQql.exe
  2⤵
  PID:4132
- C:\Windows\System\CrbhoRl.exe
  C:\Windows\System\CrbhoRl.exe
  2⤵
  PID:4148
- C:\Windows\System\lqvyMZR.exe
  C:\Windows\System\lqvyMZR.exe
  2⤵
  PID:4176
- C:\Windows\System\daEAQAo.exe
  C:\Windows\System\daEAQAo.exe
  2⤵
  PID:4196
- C:\Windows\System\DEJyKSp.exe
  C:\Windows\System\DEJyKSp.exe
  2⤵
  PID:4216
- C:\Windows\System\LhSkQbk.exe
  C:\Windows\System\LhSkQbk.exe
  2⤵
  PID:4232
- C:\Windows\System\agwgLQT.exe
  C:\Windows\System\agwgLQT.exe
  2⤵
  PID:4252
- C:\Windows\System\HIElYSo.exe
  C:\Windows\System\HIElYSo.exe
  2⤵
  PID:4272
- C:\Windows\System\orKOIGh.exe
  C:\Windows\System\orKOIGh.exe
  2⤵
  PID:4292
- C:\Windows\System\yiQkpWa.exe
  C:\Windows\System\yiQkpWa.exe
  2⤵
  PID:4308
- C:\Windows\System\tMFrnQi.exe
  C:\Windows\System\tMFrnQi.exe
  2⤵
  PID:4328
- C:\Windows\System\pvZeFhT.exe
  C:\Windows\System\pvZeFhT.exe
  2⤵
  PID:4352
- C:\Windows\System\nKHqUGJ.exe
  C:\Windows\System\nKHqUGJ.exe
  2⤵
  PID:4368
- C:\Windows\System\sSWURzg.exe
  C:\Windows\System\sSWURzg.exe
  2⤵
  PID:4384
- C:\Windows\System\TQvBpuZ.exe
  C:\Windows\System\TQvBpuZ.exe
  2⤵
  PID:4404
- C:\Windows\System\NSxfgst.exe
  C:\Windows\System\NSxfgst.exe
  2⤵
  PID:4420
- C:\Windows\System\LfADCnK.exe
  C:\Windows\System\LfADCnK.exe
  2⤵
  PID:4464
- C:\Windows\System\QMVPyrs.exe
  C:\Windows\System\QMVPyrs.exe
  2⤵
  PID:4480
- C:\Windows\System\byJtxHg.exe
  C:\Windows\System\byJtxHg.exe
  2⤵
  PID:4508
- C:\Windows\System\fvJfpIZ.exe
  C:\Windows\System\fvJfpIZ.exe
  2⤵
  PID:4524
- C:\Windows\System\MbSMWUe.exe
  C:\Windows\System\MbSMWUe.exe
  2⤵
  PID:4548
- C:\Windows\System\OKIiRhH.exe
  C:\Windows\System\OKIiRhH.exe
  2⤵
  PID:4564
- C:\Windows\System\EZBCFDG.exe
  C:\Windows\System\EZBCFDG.exe
  2⤵
  PID:4584
- C:\Windows\System\ogFUAhx.exe
  C:\Windows\System\ogFUAhx.exe
  2⤵
  PID:4600
- C:\Windows\System\JdtoDAX.exe
  C:\Windows\System\JdtoDAX.exe
  2⤵
  PID:4628
- C:\Windows\System\lhIARdB.exe
  C:\Windows\System\lhIARdB.exe
  2⤵
  PID:4648
- C:\Windows\System\OgNECLe.exe
  C:\Windows\System\OgNECLe.exe
  2⤵
  PID:4672
- C:\Windows\System\opyDGyW.exe
  C:\Windows\System\opyDGyW.exe
  2⤵
  PID:4688
- C:\Windows\System\euPRXDQ.exe
  C:\Windows\System\euPRXDQ.exe
  2⤵
  PID:4704
- C:\Windows\System\PSmHosA.exe
  C:\Windows\System\PSmHosA.exe
  2⤵
  PID:4724
- C:\Windows\System\BaWnCUt.exe
  C:\Windows\System\BaWnCUt.exe
  2⤵
  PID:4744
- C:\Windows\System\awfoWBt.exe
  C:\Windows\System\awfoWBt.exe
  2⤵
  PID:4760
- C:\Windows\System\PjLAjej.exe
  C:\Windows\System\PjLAjej.exe
  2⤵
  PID:4776
- C:\Windows\System\TMPQpDs.exe
  C:\Windows\System\TMPQpDs.exe
  2⤵
  PID:4800
- C:\Windows\System\BbMKqPx.exe
  C:\Windows\System\BbMKqPx.exe
  2⤵
  PID:4816
- C:\Windows\System\QlhOeAM.exe
  C:\Windows\System\QlhOeAM.exe
  2⤵
  PID:4832
- C:\Windows\System\TuKxVXj.exe
  C:\Windows\System\TuKxVXj.exe
  2⤵
  PID:4864
- C:\Windows\System\veRaCQq.exe
  C:\Windows\System\veRaCQq.exe
  2⤵
  PID:4888
- C:\Windows\System\nXZeFpq.exe
  C:\Windows\System\nXZeFpq.exe
  2⤵
  PID:4908
- C:\Windows\System\JNosXSa.exe
  C:\Windows\System\JNosXSa.exe
  2⤵
  PID:4924
- C:\Windows\System\mBuFBfH.exe
  C:\Windows\System\mBuFBfH.exe
  2⤵
  PID:4940
- C:\Windows\System\MhSFbAu.exe
  C:\Windows\System\MhSFbAu.exe
  2⤵
  PID:4956
- C:\Windows\System\AeZWPCh.exe
  C:\Windows\System\AeZWPCh.exe
  2⤵
  PID:4972
- C:\Windows\System\LoDYqsW.exe
  C:\Windows\System\LoDYqsW.exe
  2⤵
  PID:4988
- C:\Windows\System\VWrMuYG.exe
  C:\Windows\System\VWrMuYG.exe
  2⤵
  PID:5012
- C:\Windows\System\akxUFjX.exe
  C:\Windows\System\akxUFjX.exe
  2⤵
  PID:5040
- C:\Windows\System\hLrQElM.exe
  C:\Windows\System\hLrQElM.exe
  2⤵
  PID:5068
- C:\Windows\System\abKQYLs.exe
  C:\Windows\System\abKQYLs.exe
  2⤵
  PID:5088
- C:\Windows\System\FVkToTF.exe
  C:\Windows\System\FVkToTF.exe
  2⤵
  PID:5112
- C:\Windows\System\gQoiQuk.exe
  C:\Windows\System\gQoiQuk.exe
  2⤵
  PID:3560
- C:\Windows\System\GvgoYal.exe
  C:\Windows\System\GvgoYal.exe
  2⤵
  PID:3724
- C:\Windows\System\MaIAnaj.exe
  C:\Windows\System\MaIAnaj.exe
  2⤵
  PID:2436
- C:\Windows\System\HmNmzEC.exe
  C:\Windows\System\HmNmzEC.exe
  2⤵
  PID:3964
- C:\Windows\System\xEhvNJP.exe
  C:\Windows\System\xEhvNJP.exe
  2⤵
  PID:4172
- C:\Windows\System\OJxEpSf.exe
  C:\Windows\System\OJxEpSf.exe
  2⤵
  PID:2616
- C:\Windows\System\JInfgGF.exe
  C:\Windows\System\JInfgGF.exe
  2⤵
  PID:4284
- C:\Windows\System\mCucFRx.exe
  C:\Windows\System\mCucFRx.exe
  2⤵
  PID:4260
- C:\Windows\System\YuzSqCm.exe
  C:\Windows\System\YuzSqCm.exe
  2⤵
  PID:4184
- C:\Windows\System\NhAmlVZ.exe
  C:\Windows\System\NhAmlVZ.exe
  2⤵
  PID:2628
- C:\Windows\System\MNXqDWJ.exe
  C:\Windows\System\MNXqDWJ.exe
  2⤵
  PID:4444
- C:\Windows\System\dLpLXHN.exe
  C:\Windows\System\dLpLXHN.exe
  2⤵
  PID:4460
- C:\Windows\System\IHrfFlY.exe
  C:\Windows\System\IHrfFlY.exe
  2⤵
  PID:4412
- C:\Windows\System\UbAyZiC.exe
  C:\Windows\System\UbAyZiC.exe
  2⤵
  PID:4340
- C:\Windows\System\AhPlhxo.exe
  C:\Windows\System\AhPlhxo.exe
  2⤵
  PID:2612
- C:\Windows\System\PYiWiLd.exe
  C:\Windows\System\PYiWiLd.exe
  2⤵
  PID:4500
- C:\Windows\System\xOVwTFT.exe
  C:\Windows\System\xOVwTFT.exe
  2⤵
  PID:372
- C:\Windows\System\KvIDKSA.exe
  C:\Windows\System\KvIDKSA.exe
  2⤵
  PID:4516
- C:\Windows\System\rrmKbFZ.exe
  C:\Windows\System\rrmKbFZ.exe
  2⤵
  PID:4536
- C:\Windows\System\KADWtMK.exe
  C:\Windows\System\KADWtMK.exe
  2⤵
  PID:2708
- C:\Windows\System\pxeoPCT.exe
  C:\Windows\System\pxeoPCT.exe
  2⤵
  PID:4608
- C:\Windows\System\xbCGAFs.exe
  C:\Windows\System\xbCGAFs.exe
  2⤵
  PID:2132
- C:\Windows\System\qZVjYIZ.exe
  C:\Windows\System\qZVjYIZ.exe
  2⤵
  PID:4636
- C:\Windows\System\LHQXplK.exe
  C:\Windows\System\LHQXplK.exe
  2⤵
  PID:2640
- C:\Windows\System\BslBeXj.exe
  C:\Windows\System\BslBeXj.exe
  2⤵
  PID:2720
- C:\Windows\System\KNyWcKd.exe
  C:\Windows\System\KNyWcKd.exe
  2⤵
  PID:4740
- C:\Windows\System\dhnSvpg.exe
  C:\Windows\System\dhnSvpg.exe
  2⤵
  PID:4716
- C:\Windows\System\YlRgtbq.exe
  C:\Windows\System\YlRgtbq.exe
  2⤵
  PID:4808
- C:\Windows\System\ZDynKEc.exe
  C:\Windows\System\ZDynKEc.exe
  2⤵
  PID:4856
- C:\Windows\System\zqBWZJe.exe
  C:\Windows\System\zqBWZJe.exe
  2⤵
  PID:4784
- C:\Windows\System\eWoeomd.exe
  C:\Windows\System\eWoeomd.exe
  2⤵
  PID:4824
- C:\Windows\System\PyafzxL.exe
  C:\Windows\System\PyafzxL.exe
  2⤵
  PID:4884
- C:\Windows\System\fOMhqZE.exe
  C:\Windows\System\fOMhqZE.exe
  2⤵
  PID:4964
- C:\Windows\System\sNLYXvo.exe
  C:\Windows\System\sNLYXvo.exe
  2⤵
  PID:5000
- C:\Windows\System\SKZZebw.exe
  C:\Windows\System\SKZZebw.exe
  2⤵
  PID:4916
- C:\Windows\System\jdnbCyK.exe
  C:\Windows\System\jdnbCyK.exe
  2⤵
  PID:5060
- C:\Windows\System\cTGMtYk.exe
  C:\Windows\System\cTGMtYk.exe
  2⤵
  PID:4952
- C:\Windows\System\vntQOCM.exe
  C:\Windows\System\vntQOCM.exe
  2⤵
  PID:5024
- C:\Windows\System\iqDEcSz.exe
  C:\Windows\System\iqDEcSz.exe
  2⤵
  PID:5084
- C:\Windows\System\sMlddFu.exe
  C:\Windows\System\sMlddFu.exe
  2⤵
  PID:2120
- C:\Windows\System\MZZFGLD.exe
  C:\Windows\System\MZZFGLD.exe
  2⤵
  PID:3024
- C:\Windows\System\mlqXCgO.exe
  C:\Windows\System\mlqXCgO.exe
  2⤵
  PID:3776
- C:\Windows\System\xjuHCaP.exe
  C:\Windows\System\xjuHCaP.exe
  2⤵
  PID:4108
- C:\Windows\System\uQIuGNh.exe
  C:\Windows\System\uQIuGNh.exe
  2⤵
  PID:4248
- C:\Windows\System\EccHVIZ.exe
  C:\Windows\System\EccHVIZ.exe
  2⤵
  PID:1712
- C:\Windows\System\BHRfCor.exe
  C:\Windows\System\BHRfCor.exe
  2⤵
  PID:4392
- C:\Windows\System\TSDqTbj.exe
  C:\Windows\System\TSDqTbj.exe
  2⤵
  PID:4364
- C:\Windows\System\VeQBrYT.exe
  C:\Windows\System\VeQBrYT.exe
  2⤵
  PID:4188
- C:\Windows\System\NUhwLZg.exe
  C:\Windows\System\NUhwLZg.exe
  2⤵
  PID:4268
- C:\Windows\System\LJJnvBd.exe
  C:\Windows\System\LJJnvBd.exe
  2⤵
  PID:1808
- C:\Windows\System\yOntlgP.exe
  C:\Windows\System\yOntlgP.exe
  2⤵
  PID:4376
- C:\Windows\System\xAaJBwb.exe
  C:\Windows\System\xAaJBwb.exe
  2⤵
  PID:4488
- C:\Windows\System\YzLwmpc.exe
  C:\Windows\System\YzLwmpc.exe
  2⤵
  PID:2728
- C:\Windows\System\czkKtVR.exe
  C:\Windows\System\czkKtVR.exe
  2⤵
  PID:4572
- C:\Windows\System\RlFXxMo.exe
  C:\Windows\System\RlFXxMo.exe
  2⤵
  PID:1108
- C:\Windows\System\TWhwuEJ.exe
  C:\Windows\System\TWhwuEJ.exe
  2⤵
  PID:2844
- C:\Windows\System\fieqGMz.exe
  C:\Windows\System\fieqGMz.exe
  2⤵
  PID:4656
- C:\Windows\System\gGcMgXb.exe
  C:\Windows\System\gGcMgXb.exe
  2⤵
  PID:2400
- C:\Windows\System\zJcvSYs.exe
  C:\Windows\System\zJcvSYs.exe
  2⤵
  PID:3000
- C:\Windows\System\cRVyhzd.exe
  C:\Windows\System\cRVyhzd.exe
  2⤵
  PID:4756
- C:\Windows\System\RQFcBBT.exe
  C:\Windows\System\RQFcBBT.exe
  2⤵
  PID:3924
- C:\Windows\System\uNgteUd.exe
  C:\Windows\System\uNgteUd.exe
  2⤵
  PID:4796
- C:\Windows\System\NpnujMT.exe
  C:\Windows\System\NpnujMT.exe
  2⤵
  PID:4920
- C:\Windows\System\FuWyXez.exe
  C:\Windows\System\FuWyXez.exe
  2⤵
  PID:4900
- C:\Windows\System\uLMiDil.exe
  C:\Windows\System\uLMiDil.exe
  2⤵
  PID:4984
- C:\Windows\System\waCrVPO.exe
  C:\Windows\System\waCrVPO.exe
  2⤵
  PID:5020
- C:\Windows\System\JLUfqER.exe
  C:\Windows\System\JLUfqER.exe
  2⤵
  PID:3280
- C:\Windows\System\RWzXMRF.exe
  C:\Windows\System\RWzXMRF.exe
  2⤵
  PID:4240
- C:\Windows\System\vYNjiXL.exe
  C:\Windows\System\vYNjiXL.exe
  2⤵
  PID:4280
- C:\Windows\System\EYdPWMf.exe
  C:\Windows\System\EYdPWMf.exe
  2⤵
  PID:4304
- C:\Windows\System\kqYvqcV.exe
  C:\Windows\System\kqYvqcV.exe
  2⤵
  PID:1664
- C:\Windows\System\PrKKjMt.exe
  C:\Windows\System\PrKKjMt.exe
  2⤵
  PID:5080
- C:\Windows\System\vGzaRov.exe
  C:\Windows\System\vGzaRov.exe
  2⤵
  PID:4228
- C:\Windows\System\EUnURAD.exe
  C:\Windows\System\EUnURAD.exe
  2⤵
  PID:4380
- C:\Windows\System\JvxeUpd.exe
  C:\Windows\System\JvxeUpd.exe
  2⤵
  PID:4224
- C:\Windows\System\xFmBorr.exe
  C:\Windows\System\xFmBorr.exe
  2⤵
  PID:4664
- C:\Windows\System\GlMkpqC.exe
  C:\Windows\System\GlMkpqC.exe
  2⤵
  PID:4700
- C:\Windows\System\oIdOeqM.exe
  C:\Windows\System\oIdOeqM.exe
  2⤵
  PID:1736
- C:\Windows\System\sxiaKvK.exe
  C:\Windows\System\sxiaKvK.exe
  2⤵
  PID:352
- C:\Windows\System\ROKeiVF.exe
  C:\Windows\System\ROKeiVF.exe
  2⤵
  PID:4772
- C:\Windows\System\tTgBQNE.exe
  C:\Windows\System\tTgBQNE.exe
  2⤵
  PID:5004
- C:\Windows\System\RNQadFc.exe
  C:\Windows\System\RNQadFc.exe
  2⤵
  PID:4212
- C:\Windows\System\rRFnaPL.exe
  C:\Windows\System\rRFnaPL.exe
  2⤵
  PID:5104
- C:\Windows\System\zcRwRDe.exe
  C:\Windows\System\zcRwRDe.exe
  2⤵
  PID:5052
- C:\Windows\System\pIOcPWs.exe
  C:\Windows\System\pIOcPWs.exe
  2⤵
  PID:4680
- C:\Windows\System\QLRWrnd.exe
  C:\Windows\System\QLRWrnd.exe
  2⤵
  PID:544
- C:\Windows\System\XahrkPk.exe
  C:\Windows\System\XahrkPk.exe
  2⤵
  PID:4948
- C:\Windows\System\KYXXaYS.exe
  C:\Windows\System\KYXXaYS.exe
  2⤵
  PID:2768
- C:\Windows\System\eEsSqDQ.exe
  C:\Windows\System\eEsSqDQ.exe
  2⤵
  PID:4496
- C:\Windows\System\ZPbqNOW.exe
  C:\Windows\System\ZPbqNOW.exe
  2⤵
  PID:3008
- C:\Windows\System\lFqttZJ.exe
  C:\Windows\System\lFqttZJ.exe
  2⤵
  PID:4204
- C:\Windows\System\NzObemm.exe
  C:\Windows\System\NzObemm.exe
  2⤵
  PID:3020
- C:\Windows\System\NMOXAHJ.exe
  C:\Windows\System\NMOXAHJ.exe
  2⤵
  PID:4904
- C:\Windows\System\IjYnUIW.exe
  C:\Windows\System\IjYnUIW.exe
  2⤵
  PID:2052
- C:\Windows\System\QyWPgqT.exe
  C:\Windows\System\QyWPgqT.exe
  2⤵
  PID:4264
- C:\Windows\System\MuauoAI.exe
  C:\Windows\System\MuauoAI.exe
  2⤵
  PID:4156
- C:\Windows\System\rXZmkUn.exe
  C:\Windows\System\rXZmkUn.exe
  2⤵
  PID:4668
- C:\Windows\System\HHIPqyl.exe
  C:\Windows\System\HHIPqyl.exe
  2⤵
  PID:4596
- C:\Windows\System\lIiKprw.exe
  C:\Windows\System\lIiKprw.exe
  2⤵
  PID:5132
- C:\Windows\System\VyOHUuY.exe
  C:\Windows\System\VyOHUuY.exe
  2⤵
  PID:5148
- C:\Windows\System\BlQLjug.exe
  C:\Windows\System\BlQLjug.exe
  2⤵
  PID:5164
- C:\Windows\System\PEGwyOb.exe
  C:\Windows\System\PEGwyOb.exe
  2⤵
  PID:5180
- C:\Windows\System\zsgxdOw.exe
  C:\Windows\System\zsgxdOw.exe
  2⤵
  PID:5196
- C:\Windows\System\zmaVyac.exe
  C:\Windows\System\zmaVyac.exe
  2⤵
  PID:5212
- C:\Windows\System\UMoMClo.exe
  C:\Windows\System\UMoMClo.exe
  2⤵
  PID:5228
- C:\Windows\System\QfjUCeE.exe
  C:\Windows\System\QfjUCeE.exe
  2⤵
  PID:5244
- C:\Windows\System\SAgjJtL.exe
  C:\Windows\System\SAgjJtL.exe
  2⤵
  PID:5324
- C:\Windows\System\oeYsRGo.exe
  C:\Windows\System\oeYsRGo.exe
  2⤵
  PID:5348
- C:\Windows\System\TaZxDfT.exe
  C:\Windows\System\TaZxDfT.exe
  2⤵
  PID:5364
- C:\Windows\System\lOkrhAR.exe
  C:\Windows\System\lOkrhAR.exe
  2⤵
  PID:5380
- C:\Windows\System\jcURMIr.exe
  C:\Windows\System\jcURMIr.exe
  2⤵
  PID:5396
- C:\Windows\System\vLbRwib.exe
  C:\Windows\System\vLbRwib.exe
  2⤵
  PID:5412
- C:\Windows\System\nKKvgkj.exe
  C:\Windows\System\nKKvgkj.exe
  2⤵
  PID:5428
- C:\Windows\System\UfZSMxa.exe
  C:\Windows\System\UfZSMxa.exe
  2⤵
  PID:5444
- C:\Windows\System\XagwOIX.exe
  C:\Windows\System\XagwOIX.exe
  2⤵
  PID:5460
- C:\Windows\System\BqdViSu.exe
  C:\Windows\System\BqdViSu.exe
  2⤵
  PID:5476
- C:\Windows\System\AZoYSps.exe
  C:\Windows\System\AZoYSps.exe
  2⤵
  PID:5500
- C:\Windows\System\GsVUbIj.exe
  C:\Windows\System\GsVUbIj.exe
  2⤵
  PID:5520
- C:\Windows\System\YalXzhk.exe
  C:\Windows\System\YalXzhk.exe
  2⤵
  PID:5540
- C:\Windows\System\MZWWZlf.exe
  C:\Windows\System\MZWWZlf.exe
  2⤵
  PID:5560
- C:\Windows\System\AhPOvdz.exe
  C:\Windows\System\AhPOvdz.exe
  2⤵
  PID:5612
- C:\Windows\System\GFHudGP.exe
  C:\Windows\System\GFHudGP.exe
  2⤵
  PID:5628
- C:\Windows\System\nwCiMRU.exe
  C:\Windows\System\nwCiMRU.exe
  2⤵
  PID:5644
- C:\Windows\System\ycSdNDt.exe
  C:\Windows\System\ycSdNDt.exe
  2⤵
  PID:5668
- C:\Windows\System\eBNlNhS.exe
  C:\Windows\System\eBNlNhS.exe
  2⤵
  PID:5684
- C:\Windows\System\zgCJKDV.exe
  C:\Windows\System\zgCJKDV.exe
  2⤵
  PID:5700
- C:\Windows\System\DPHFUbA.exe
  C:\Windows\System\DPHFUbA.exe
  2⤵
  PID:5716
- C:\Windows\System\TuMVBpf.exe
  C:\Windows\System\TuMVBpf.exe
  2⤵
  PID:5732
- C:\Windows\System\EVmxwDq.exe
  C:\Windows\System\EVmxwDq.exe
  2⤵
  PID:5748
- C:\Windows\System\sdDrmHR.exe
  C:\Windows\System\sdDrmHR.exe
  2⤵
  PID:5764
- C:\Windows\System\DmyKtRO.exe
  C:\Windows\System\DmyKtRO.exe
  2⤵
  PID:5780
- C:\Windows\System\XuVahIm.exe
  C:\Windows\System\XuVahIm.exe
  2⤵
  PID:5804
- C:\Windows\System\brMVXXh.exe
  C:\Windows\System\brMVXXh.exe
  2⤵
  PID:5824
- C:\Windows\System\qJDxFNj.exe
  C:\Windows\System\qJDxFNj.exe
  2⤵
  PID:5840
- C:\Windows\System\qvlYIcy.exe
  C:\Windows\System\qvlYIcy.exe
  2⤵
  PID:5868
- C:\Windows\System\tZEgXDJ.exe
  C:\Windows\System\tZEgXDJ.exe
  2⤵
  PID:5888
- C:\Windows\System\CEIpSdZ.exe
  C:\Windows\System\CEIpSdZ.exe
  2⤵
  PID:5908
- C:\Windows\System\xoavieM.exe
  C:\Windows\System\xoavieM.exe
  2⤵
  PID:5932
- C:\Windows\System\ySaOVpl.exe
  C:\Windows\System\ySaOVpl.exe
  2⤵
  PID:5956
- C:\Windows\System\FOqbOta.exe
  C:\Windows\System\FOqbOta.exe
  2⤵
  PID:5972
- C:\Windows\System\THRKdiV.exe
  C:\Windows\System\THRKdiV.exe
  2⤵
  PID:6012
- C:\Windows\System\IakqSat.exe
  C:\Windows\System\IakqSat.exe
  2⤵
  PID:6032
- C:\Windows\System\nCwXknc.exe
  C:\Windows\System\nCwXknc.exe
  2⤵
  PID:6048
- C:\Windows\System\PWThRnh.exe
  C:\Windows\System\PWThRnh.exe
  2⤵
  PID:6064
- C:\Windows\System\OGyOpOh.exe
  C:\Windows\System\OGyOpOh.exe
  2⤵
  PID:6084
- C:\Windows\System\bzcdkai.exe
  C:\Windows\System\bzcdkai.exe
  2⤵
  PID:6100
- C:\Windows\System\TtToiJg.exe
  C:\Windows\System\TtToiJg.exe
  2⤵
  PID:6116
- C:\Windows\System\zIHLONT.exe
  C:\Windows\System\zIHLONT.exe
  2⤵
  PID:6136
- C:\Windows\System\UUiiYdy.exe
  C:\Windows\System\UUiiYdy.exe
  2⤵
  PID:1156
- C:\Windows\System\oGiqVlp.exe
  C:\Windows\System\oGiqVlp.exe
  2⤵
  PID:1368
- C:\Windows\System\XedrVZl.exe
  C:\Windows\System\XedrVZl.exe
  2⤵
  PID:4788
- C:\Windows\System\GBRHQXC.exe
  C:\Windows\System\GBRHQXC.exe
  2⤵
  PID:5124
- C:\Windows\System\OmcyhYA.exe
  C:\Windows\System\OmcyhYA.exe
  2⤵
  PID:4476
- C:\Windows\System\TgIcCpZ.exe
  C:\Windows\System\TgIcCpZ.exe
  2⤵
  PID:5204
- C:\Windows\System\mPzTlOy.exe
  C:\Windows\System\mPzTlOy.exe
  2⤵
  PID:5240
- C:\Windows\System\HWsPoYr.exe
  C:\Windows\System\HWsPoYr.exe
  2⤵
  PID:5160
- C:\Windows\System\EdiNioc.exe
  C:\Windows\System\EdiNioc.exe
  2⤵
  PID:5268
- C:\Windows\System\WqmPxPq.exe
  C:\Windows\System\WqmPxPq.exe
  2⤵
  PID:5284
- C:\Windows\System\aShRsQK.exe
  C:\Windows\System\aShRsQK.exe
  2⤵
  PID:5300
- C:\Windows\System\OpcILvd.exe
  C:\Windows\System\OpcILvd.exe
  2⤵
  PID:5332
- C:\Windows\System\wWUjgaS.exe
  C:\Windows\System\wWUjgaS.exe
  2⤵
  PID:5344
- C:\Windows\System\UadYerk.exe
  C:\Windows\System\UadYerk.exe
  2⤵
  PID:5472
- C:\Windows\System\qMBfiXL.exe
  C:\Windows\System\qMBfiXL.exe
  2⤵
  PID:5356
- C:\Windows\System\uQqwpcD.exe
  C:\Windows\System\uQqwpcD.exe
  2⤵
  PID:5488
- C:\Windows\System\pnVwUtc.exe
  C:\Windows\System\pnVwUtc.exe
  2⤵
  PID:5420
- C:\Windows\System\IeIYQCR.exe
  C:\Windows\System\IeIYQCR.exe
  2⤵
  PID:5576
- C:\Windows\System\KBNDefy.exe
  C:\Windows\System\KBNDefy.exe
  2⤵
  PID:5424
- C:\Windows\System\nRwoSrK.exe
  C:\Windows\System\nRwoSrK.exe
  2⤵
  PID:5604
- C:\Windows\System\HRsXEiZ.exe
  C:\Windows\System\HRsXEiZ.exe
  2⤵
  PID:5620
- C:\Windows\System\kUcprnL.exe
  C:\Windows\System\kUcprnL.exe
  2⤵
  PID:5640
- C:\Windows\System\MKjWfZK.exe
  C:\Windows\System\MKjWfZK.exe
  2⤵
  PID:5692
- C:\Windows\System\EXkzGNp.exe
  C:\Windows\System\EXkzGNp.exe
  2⤵
  PID:5792
- C:\Windows\System\xEdEigw.exe
  C:\Windows\System\xEdEigw.exe
  2⤵
  PID:5832
- C:\Windows\System\Kvaaisq.exe
  C:\Windows\System\Kvaaisq.exe
  2⤵
  PID:5884
- C:\Windows\System\ROgBGXl.exe
  C:\Windows\System\ROgBGXl.exe
  2⤵
  PID:5928
- C:\Windows\System\mePcxAH.exe
  C:\Windows\System\mePcxAH.exe
  2⤵
  PID:1092
- C:\Windows\System\aycmTqm.exe
  C:\Windows\System\aycmTqm.exe
  2⤵
  PID:1824
- C:\Windows\System\jpRyWXI.exe
  C:\Windows\System\jpRyWXI.exe
  2⤵
  PID:5744
- C:\Windows\System\ubyiuDd.exe
  C:\Windows\System\ubyiuDd.exe
  2⤵
  PID:5940
- C:\Windows\System\JURyenZ.exe
  C:\Windows\System\JURyenZ.exe
  2⤵
  PID:5992
- C:\Windows\System\qGicjiR.exe
  C:\Windows\System\qGicjiR.exe
  2⤵
  PID:4620
- C:\Windows\System\kEvphYl.exe
  C:\Windows\System\kEvphYl.exe
  2⤵
  PID:2264
- C:\Windows\System\BbdYaYG.exe
  C:\Windows\System\BbdYaYG.exe
  2⤵
  PID:6004
- C:\Windows\System\CiYXHWF.exe
  C:\Windows\System\CiYXHWF.exe
  2⤵
  PID:6028
- C:\Windows\System\RaWebWT.exe
  C:\Windows\System\RaWebWT.exe
  2⤵
  PID:6060
- C:\Windows\System\shKWMfo.exe
  C:\Windows\System\shKWMfo.exe
  2⤵
  PID:6128
- C:\Windows\System\hNdcSVx.exe
  C:\Windows\System\hNdcSVx.exe
  2⤵
  PID:6044
- C:\Windows\System\aTHWNmT.exe
  C:\Windows\System\aTHWNmT.exe
  2⤵
  PID:3036
- C:\Windows\System\qutftYd.exe
  C:\Windows\System\qutftYd.exe
  2⤵
  PID:2152
- C:\Windows\System\hGexhKt.exe
  C:\Windows\System\hGexhKt.exe
  2⤵
  PID:5144
- C:\Windows\System\ohHutJi.exe
  C:\Windows\System\ohHutJi.exe
  2⤵
  PID:4456
- C:\Windows\System\hHhfZoc.exe
  C:\Windows\System\hHhfZoc.exe
  2⤵
  PID:4852
- C:\Windows\System\vRaPYnL.exe
  C:\Windows\System\vRaPYnL.exe
  2⤵
  PID:5308
- C:\Windows\System\HgblUxQ.exe
  C:\Windows\System\HgblUxQ.exe
  2⤵
  PID:5256
- C:\Windows\System\BzqAFvy.exe
  C:\Windows\System\BzqAFvy.exe
  2⤵
  PID:5408
- C:\Windows\System\uauukJE.exe
  C:\Windows\System\uauukJE.exe
  2⤵
  PID:5468
- C:\Windows\System\mvMEVWl.exe
  C:\Windows\System\mvMEVWl.exe
  2⤵
  PID:5516
- C:\Windows\System\Uxmezrn.exe
  C:\Windows\System\Uxmezrn.exe
  2⤵
  PID:5456
- C:\Windows\System\XxqnUzN.exe
  C:\Windows\System\XxqnUzN.exe
  2⤵
  PID:5496
- C:\Windows\System\niDVmil.exe
  C:\Windows\System\niDVmil.exe
  2⤵
  PID:5360
- C:\Windows\System\PLQfJbe.exe
  C:\Windows\System\PLQfJbe.exe
  2⤵
  PID:5664
- C:\Windows\System\dslrTCB.exe
  C:\Windows\System\dslrTCB.exe
  2⤵
  PID:5652
- C:\Windows\System\JIgIcdk.exe
  C:\Windows\System\JIgIcdk.exe
  2⤵
  PID:5584
- C:\Windows\System\ngqzotn.exe
  C:\Windows\System\ngqzotn.exe
  2⤵
  PID:2920
- C:\Windows\System\OhWdmkD.exe
  C:\Windows\System\OhWdmkD.exe
  2⤵
  PID:5760
- C:\Windows\System\NOsskOa.exe
  C:\Windows\System\NOsskOa.exe
  2⤵
  PID:5876
- C:\Windows\System\kWWeGtl.exe
  C:\Windows\System\kWWeGtl.exe
  2⤵
  PID:6000
- C:\Windows\System\bYmADtI.exe
  C:\Windows\System\bYmADtI.exe
  2⤵
  PID:6108
- C:\Windows\System\nncyDGq.exe
  C:\Windows\System\nncyDGq.exe
  2⤵
  PID:4996
- C:\Windows\System\DpAZoRh.exe
  C:\Windows\System\DpAZoRh.exe
  2⤵
  PID:5900
- C:\Windows\System\vUKgifQ.exe
  C:\Windows\System\vUKgifQ.exe
  2⤵
  PID:5988
- C:\Windows\System\CUoXLIa.exe
  C:\Windows\System\CUoXLIa.exe
  2⤵
  PID:696
- C:\Windows\System\msdNZKr.exe
  C:\Windows\System\msdNZKr.exe
  2⤵
  PID:5188
- C:\Windows\System\pjFtOXw.exe
  C:\Windows\System\pjFtOXw.exe
  2⤵
  PID:5220
- C:\Windows\System\KTVJjlH.exe
  C:\Windows\System\KTVJjlH.exe
  2⤵
  PID:5296
- C:\Windows\System\yPIayGJ.exe
  C:\Windows\System\yPIayGJ.exe
  2⤵
  PID:5484
- C:\Windows\System\YeylqVc.exe
  C:\Windows\System\YeylqVc.exe
  2⤵
  PID:5572
- C:\Windows\System\IWAmRVd.exe
  C:\Windows\System\IWAmRVd.exe
  2⤵
  PID:5140
- C:\Windows\System\zjxorne.exe
  C:\Windows\System\zjxorne.exe
  2⤵
  PID:2124
- C:\Windows\System\hlQTHsx.exe
  C:\Windows\System\hlQTHsx.exe
  2⤵
  PID:5864
- C:\Windows\System\VSRnVMV.exe
  C:\Windows\System\VSRnVMV.exe
  2⤵
  PID:5996
- C:\Windows\System\oKwiFyW.exe
  C:\Windows\System\oKwiFyW.exe
  2⤵
  PID:1984
- C:\Windows\System\iyKcmBX.exe
  C:\Windows\System\iyKcmBX.exe
  2⤵
  PID:1752
- C:\Windows\System\AVHFUuF.exe
  C:\Windows\System\AVHFUuF.exe
  2⤵
  PID:5224
- C:\Windows\System\FWsDkhR.exe
  C:\Windows\System\FWsDkhR.exe
  2⤵
  PID:5436
- C:\Windows\System\QVWmaux.exe
  C:\Windows\System\QVWmaux.exe
  2⤵
  PID:6076
- C:\Windows\System\GyFKWDh.exe
  C:\Windows\System\GyFKWDh.exe
  2⤵
  PID:6072
- C:\Windows\System\FPxnsYM.exe
  C:\Windows\System\FPxnsYM.exe
  2⤵
  PID:5708
- C:\Windows\System\PgOlvKz.exe
  C:\Windows\System\PgOlvKz.exe
  2⤵
  PID:5984
- C:\Windows\System\JCxriWe.exe
  C:\Windows\System\JCxriWe.exe
  2⤵
  PID:5176
- C:\Windows\System\Rrtxjjy.exe
  C:\Windows\System\Rrtxjjy.exe
  2⤵
  PID:5712
- C:\Windows\System\oPBPkpn.exe
  C:\Windows\System\oPBPkpn.exe
  2⤵
  PID:5280
- C:\Windows\System\ALfBlES.exe
  C:\Windows\System\ALfBlES.exe
  2⤵
  PID:4544
- C:\Windows\System\fGMUBSg.exe
  C:\Windows\System\fGMUBSg.exe
  2⤵
  PID:4896
- C:\Windows\System\PvQYTJi.exe
  C:\Windows\System\PvQYTJi.exe
  2⤵
  PID:4880
- C:\Windows\System\UdMPWzz.exe
  C:\Windows\System\UdMPWzz.exe
  2⤵
  PID:5548
- C:\Windows\System\WmmnZiW.exe
  C:\Windows\System\WmmnZiW.exe
  2⤵
  PID:5552
- C:\Windows\System\znlQpZP.exe
  C:\Windows\System\znlQpZP.exe
  2⤵
  PID:5388
- C:\Windows\System\CUkCEYQ.exe
  C:\Windows\System\CUkCEYQ.exe
  2⤵
  PID:5948
- C:\Windows\System\NfFWECa.exe
  C:\Windows\System\NfFWECa.exe
  2⤵
  PID:5896
- C:\Windows\System\dkzrhVI.exe
  C:\Windows\System\dkzrhVI.exe
  2⤵
  PID:5772
- C:\Windows\System\hfJvgMg.exe
  C:\Windows\System\hfJvgMg.exe
  2⤵
  PID:6160
- C:\Windows\System\xfOAZYI.exe
  C:\Windows\System\xfOAZYI.exe
  2⤵
  PID:6180
- C:\Windows\System\KGwtgRD.exe
  C:\Windows\System\KGwtgRD.exe
  2⤵
  PID:6196
- C:\Windows\System\DQDmhqE.exe
  C:\Windows\System\DQDmhqE.exe
  2⤵
  PID:6212
- C:\Windows\System\IWCSAoq.exe
  C:\Windows\System\IWCSAoq.exe
  2⤵
  PID:6228
- C:\Windows\System\tAIayJd.exe
  C:\Windows\System\tAIayJd.exe
  2⤵
  PID:6244
- C:\Windows\System\NeAXMEj.exe
  C:\Windows\System\NeAXMEj.exe
  2⤵
  PID:6260
- C:\Windows\System\XlfUZSv.exe
  C:\Windows\System\XlfUZSv.exe
  2⤵
  PID:6276
- C:\Windows\System\YpgHmPk.exe
  C:\Windows\System\YpgHmPk.exe
  2⤵
  PID:6296
- C:\Windows\System\qgTMxqd.exe
  C:\Windows\System\qgTMxqd.exe
  2⤵
  PID:6312
- C:\Windows\System\tuknuym.exe
  C:\Windows\System\tuknuym.exe
  2⤵
  PID:6328
- C:\Windows\System\cHwOzcb.exe
  C:\Windows\System\cHwOzcb.exe
  2⤵
  PID:6344
- C:\Windows\System\HGYMuxt.exe
  C:\Windows\System\HGYMuxt.exe
  2⤵
  PID:6360
- C:\Windows\System\XIPUqxB.exe
  C:\Windows\System\XIPUqxB.exe
  2⤵
  PID:6376
- C:\Windows\System\vfvAUrQ.exe
  C:\Windows\System\vfvAUrQ.exe
  2⤵
  PID:6392
- C:\Windows\System\KjHxHUo.exe
  C:\Windows\System\KjHxHUo.exe
  2⤵
  PID:6408
- C:\Windows\System\oDYPzBe.exe
  C:\Windows\System\oDYPzBe.exe
  2⤵
  PID:6424
- C:\Windows\System\tGntFBP.exe
  C:\Windows\System\tGntFBP.exe
  2⤵
  PID:6440
- C:\Windows\System\dGfbqQc.exe
  C:\Windows\System\dGfbqQc.exe
  2⤵
  PID:6456
- C:\Windows\System\IreoQKi.exe
  C:\Windows\System\IreoQKi.exe
  2⤵
  PID:6472
- C:\Windows\System\QGHWcdW.exe
  C:\Windows\System\QGHWcdW.exe
  2⤵
  PID:6488
- C:\Windows\System\bTqiELK.exe
  C:\Windows\System\bTqiELK.exe
  2⤵
  PID:6504
- C:\Windows\System\KRtJLWI.exe
  C:\Windows\System\KRtJLWI.exe
  2⤵
  PID:6524
- C:\Windows\System\YNZZvVS.exe
  C:\Windows\System\YNZZvVS.exe
  2⤵
  PID:6540
- C:\Windows\System\ATvQlIR.exe
  C:\Windows\System\ATvQlIR.exe
  2⤵
  PID:6556
- C:\Windows\System\YfDqNUL.exe
  C:\Windows\System\YfDqNUL.exe
  2⤵
  PID:6572
- C:\Windows\System\bOmQzXO.exe
  C:\Windows\System\bOmQzXO.exe
  2⤵
  PID:6588
- C:\Windows\System\dvuiEsp.exe
  C:\Windows\System\dvuiEsp.exe
  2⤵
  PID:6604
- C:\Windows\System\fNutdvP.exe
  C:\Windows\System\fNutdvP.exe
  2⤵
  PID:6620
- C:\Windows\System\kKQiBZj.exe
  C:\Windows\System\kKQiBZj.exe
  2⤵
  PID:6636
- C:\Windows\System\mATqsnz.exe
  C:\Windows\System\mATqsnz.exe
  2⤵
  PID:6652
- C:\Windows\System\ZWJtIve.exe
  C:\Windows\System\ZWJtIve.exe
  2⤵
  PID:6668
- C:\Windows\System\XjPPpnW.exe
  C:\Windows\System\XjPPpnW.exe
  2⤵
  PID:6684
- C:\Windows\System\NUaCsRY.exe
  C:\Windows\System\NUaCsRY.exe
  2⤵
  PID:6700
- C:\Windows\System\bQoIVqO.exe
  C:\Windows\System\bQoIVqO.exe
  2⤵
  PID:6716
- C:\Windows\System\yUvmThw.exe
  C:\Windows\System\yUvmThw.exe
  2⤵
  PID:6732
- C:\Windows\System\PqyLVpg.exe
  C:\Windows\System\PqyLVpg.exe
  2⤵
  PID:6748
- C:\Windows\System\zoswJUv.exe
  C:\Windows\System\zoswJUv.exe
  2⤵
  PID:6764
- C:\Windows\System\HTsrSCV.exe
  C:\Windows\System\HTsrSCV.exe
  2⤵
  PID:6780
- C:\Windows\System\SghrSaU.exe
  C:\Windows\System\SghrSaU.exe
  2⤵
  PID:6796
- C:\Windows\System\nUMJIMj.exe
  C:\Windows\System\nUMJIMj.exe
  2⤵
  PID:6812
- C:\Windows\System\lNhlYQC.exe
  C:\Windows\System\lNhlYQC.exe
  2⤵
  PID:6828
- C:\Windows\System\RAdKeBK.exe
  C:\Windows\System\RAdKeBK.exe
  2⤵
  PID:6844
- C:\Windows\System\lTQTllv.exe
  C:\Windows\System\lTQTllv.exe
  2⤵
  PID:6860
- C:\Windows\System\jyJBwKy.exe
  C:\Windows\System\jyJBwKy.exe
  2⤵
  PID:6876
- C:\Windows\System\tCwUUkh.exe
  C:\Windows\System\tCwUUkh.exe
  2⤵
  PID:6892
- C:\Windows\System\bMUmstZ.exe
  C:\Windows\System\bMUmstZ.exe
  2⤵
  PID:6908
- C:\Windows\System\XhieVcP.exe
  C:\Windows\System\XhieVcP.exe
  2⤵
  PID:6924
- C:\Windows\System\rMmBvjQ.exe
  C:\Windows\System\rMmBvjQ.exe
  2⤵
  PID:6940
- C:\Windows\System\cqTNpfv.exe
  C:\Windows\System\cqTNpfv.exe
  2⤵
  PID:6956
- C:\Windows\System\uBkSnqb.exe
  C:\Windows\System\uBkSnqb.exe
  2⤵
  PID:6972
- C:\Windows\System\QaPEKRf.exe
  C:\Windows\System\QaPEKRf.exe
  2⤵
  PID:6988
- C:\Windows\System\ipuVdOf.exe
  C:\Windows\System\ipuVdOf.exe
  2⤵
  PID:7004
- C:\Windows\System\VdVOhUD.exe
  C:\Windows\System\VdVOhUD.exe
  2⤵
  PID:7020
- C:\Windows\System\tTXsEOk.exe
  C:\Windows\System\tTXsEOk.exe
  2⤵
  PID:7036
- C:\Windows\System\hAqugKL.exe
  C:\Windows\System\hAqugKL.exe
  2⤵
  PID:7052
- C:\Windows\System\RYUMHHO.exe
  C:\Windows\System\RYUMHHO.exe
  2⤵
  PID:7068
- C:\Windows\System\aFidKQQ.exe
  C:\Windows\System\aFidKQQ.exe
  2⤵
  PID:7084
- C:\Windows\System\ZXLRsSO.exe
  C:\Windows\System\ZXLRsSO.exe
  2⤵
  PID:7100
- C:\Windows\System\GEpgBzh.exe
  C:\Windows\System\GEpgBzh.exe
  2⤵
  PID:7116
- C:\Windows\System\NYCJcxr.exe
  C:\Windows\System\NYCJcxr.exe
  2⤵
  PID:7132
- C:\Windows\System\BLPhfnx.exe
  C:\Windows\System\BLPhfnx.exe
  2⤵
  PID:7148
- C:\Windows\System\xCMvOMZ.exe
  C:\Windows\System\xCMvOMZ.exe
  2⤵
  PID:7164
- C:\Windows\System\dRtISMT.exe
  C:\Windows\System\dRtISMT.exe
  2⤵
  PID:6124
- C:\Windows\System\dlwBbiC.exe
  C:\Windows\System\dlwBbiC.exe
  2⤵
  PID:5860
- C:\Windows\System\gsLsHgu.exe
  C:\Windows\System\gsLsHgu.exe
  2⤵
  PID:5316
- C:\Windows\System\TkORmCC.exe
  C:\Windows\System\TkORmCC.exe
  2⤵
  PID:6156
- C:\Windows\System\fCfVzMc.exe
  C:\Windows\System\fCfVzMc.exe
  2⤵
  PID:6204
- C:\Windows\System\XOvazII.exe
  C:\Windows\System\XOvazII.exe
  2⤵
  PID:6268
- C:\Windows\System\nNDSTcS.exe
  C:\Windows\System\nNDSTcS.exe
  2⤵
  PID:6168
- C:\Windows\System\MfFnDJs.exe
  C:\Windows\System\MfFnDJs.exe
  2⤵
  PID:6284
- C:\Windows\System\FrtezoC.exe
  C:\Windows\System\FrtezoC.exe
  2⤵
  PID:6308
- C:\Windows\System\CIGliUQ.exe
  C:\Windows\System\CIGliUQ.exe
  2⤵
  PID:6324
- C:\Windows\System\tpRwALt.exe
  C:\Windows\System\tpRwALt.exe
  2⤵
  PID:6384
- C:\Windows\System\eZseDdz.exe
  C:\Windows\System\eZseDdz.exe
  2⤵
  PID:6452
- C:\Windows\System\JpfCJeO.exe
  C:\Windows\System\JpfCJeO.exe
  2⤵
  PID:6400
- C:\Windows\System\qwvNeoU.exe
  C:\Windows\System\qwvNeoU.exe
  2⤵
  PID:6464
- C:\Windows\System\uiyiZWr.exe
  C:\Windows\System\uiyiZWr.exe
  2⤵
  PID:6340
- C:\Windows\System\ipTQlKg.exe
  C:\Windows\System\ipTQlKg.exe
  2⤵
  PID:6484
- C:\Windows\System\vSlVINc.exe
  C:\Windows\System\vSlVINc.exe
  2⤵
  PID:6548
- C:\Windows\System\YqISSjJ.exe
  C:\Windows\System\YqISSjJ.exe
  2⤵
  PID:6612
- C:\Windows\System\gnqtjIP.exe
  C:\Windows\System\gnqtjIP.exe
  2⤵
  PID:6676
- C:\Windows\System\WLnRKid.exe
  C:\Windows\System\WLnRKid.exe
  2⤵
  PID:6568
- C:\Windows\System\MLNhnpR.exe
  C:\Windows\System\MLNhnpR.exe
  2⤵
  PID:6628
- C:\Windows\System\ECKOrAl.exe
  C:\Windows\System\ECKOrAl.exe
  2⤵
  PID:6712
- C:\Windows\System\dKOLMGQ.exe
  C:\Windows\System\dKOLMGQ.exe
  2⤵
  PID:6776
- C:\Windows\System\aCPILND.exe
  C:\Windows\System\aCPILND.exe
  2⤵
  PID:6820
- C:\Windows\System\pNAdcLj.exe
  C:\Windows\System\pNAdcLj.exe
  2⤵
  PID:6756
- C:\Windows\System\dPYXrsi.exe
  C:\Windows\System\dPYXrsi.exe
  2⤵
  PID:6840
- C:\Windows\System\HFlLBAq.exe
  C:\Windows\System\HFlLBAq.exe
  2⤵
  PID:6872
- C:\Windows\System\mUtSfrb.exe
  C:\Windows\System\mUtSfrb.exe
  2⤵
  PID:6884
- C:\Windows\System\dhJbWSq.exe
  C:\Windows\System\dhJbWSq.exe
  2⤵
  PID:6932
- C:\Windows\System\ZxCmhXT.exe
  C:\Windows\System\ZxCmhXT.exe
  2⤵
  PID:6996
- C:\Windows\System\TORLYzv.exe
  C:\Windows\System\TORLYzv.exe
  2⤵
  PID:7092
- C:\Windows\System\HihSPhq.exe
  C:\Windows\System\HihSPhq.exe
  2⤵
  PID:7096
- C:\Windows\System\nYrLMEm.exe
  C:\Windows\System\nYrLMEm.exe
  2⤵
  PID:7012
- C:\Windows\System\AJSuyKp.exe
  C:\Windows\System\AJSuyKp.exe
  2⤵
  PID:7160
- C:\Windows\System\XbwsRnY.exe
  C:\Windows\System\XbwsRnY.exe
  2⤵
  PID:7108
- C:\Windows\System\yFhPMig.exe
  C:\Windows\System\yFhPMig.exe
  2⤵
  PID:776
- C:\Windows\System\FIWrZWM.exe
  C:\Windows\System\FIWrZWM.exe
  2⤵
  PID:6148
- C:\Windows\System\prMZXTW.exe
  C:\Windows\System\prMZXTW.exe
  2⤵
  PID:6236
- C:\Windows\System\TWfcnQd.exe
  C:\Windows\System\TWfcnQd.exe
  2⤵
  PID:1668
- C:\Windows\System\BVyMAVz.exe
  C:\Windows\System\BVyMAVz.exe
  2⤵
  PID:5656
- C:\Windows\System\VVOxsfH.exe
  C:\Windows\System\VVOxsfH.exe
  2⤵
  PID:6292
- C:\Windows\System\NKgCjgP.exe
  C:\Windows\System\NKgCjgP.exe
  2⤵
  PID:6372
- C:\Windows\System\oRjEwxe.exe
  C:\Windows\System\oRjEwxe.exe
  2⤵
  PID:6436
- C:\Windows\System\ADdpKpv.exe
  C:\Windows\System\ADdpKpv.exe
  2⤵
  PID:6644
- C:\Windows\System\PUrPhFL.exe
  C:\Windows\System\PUrPhFL.exe
  2⤵
  PID:6724
- C:\Windows\System\mvDSNJJ.exe
  C:\Windows\System\mvDSNJJ.exe
  2⤵
  PID:6596
- C:\Windows\System\OTVOqEx.exe
  C:\Windows\System\OTVOqEx.exe
  2⤵
  PID:6532
- C:\Windows\System\GhjhLRo.exe
  C:\Windows\System\GhjhLRo.exe
  2⤵
  PID:7128
- C:\Windows\System\tmlouLV.exe
  C:\Windows\System\tmlouLV.exe
  2⤵
  PID:6272
- C:\Windows\System\MEWpIWo.exe
  C:\Windows\System\MEWpIWo.exe
  2⤵
  PID:6584
- C:\Windows\System\SJXOvvh.exe
  C:\Windows\System\SJXOvvh.exe
  2⤵
  PID:6660
- C:\Windows\System\Pravvvr.exe
  C:\Windows\System\Pravvvr.exe
  2⤵
  PID:6836
- C:\Windows\System\PAHPZbd.exe
  C:\Windows\System\PAHPZbd.exe
  2⤵
  PID:6968
- C:\Windows\System\oGmyISg.exe
  C:\Windows\System\oGmyISg.exe
  2⤵
  PID:7048
- C:\Windows\System\NUlDsEn.exe
  C:\Windows\System\NUlDsEn.exe
  2⤵
  PID:6256
- C:\Windows\System\rleBcEh.exe
  C:\Windows\System\rleBcEh.exe
  2⤵
  PID:7156
- C:\Windows\System\TfEWWoL.exe
  C:\Windows\System\TfEWWoL.exe
  2⤵
  PID:6368
- C:\Windows\System\SWodWeC.exe
  C:\Windows\System\SWodWeC.exe
  2⤵
  PID:6224
- C:\Windows\System\ammSDoT.exe
  C:\Windows\System\ammSDoT.exe
  2⤵
  PID:6304
- C:\Windows\System\aZmjmvc.exe
  C:\Windows\System\aZmjmvc.exe
  2⤵
  PID:7000
- C:\Windows\System\YaliOqf.exe
  C:\Windows\System\YaliOqf.exe
  2⤵
  PID:6868
- C:\Windows\System\HYcRhxD.exe
  C:\Windows\System\HYcRhxD.exe
  2⤵
  PID:5192
- C:\Windows\System\LlWEvNU.exe
  C:\Windows\System\LlWEvNU.exe
  2⤵
  PID:6664
- C:\Windows\System\awlzOnv.exe
  C:\Windows\System\awlzOnv.exe
  2⤵
  PID:6904
- C:\Windows\System\WngEZXk.exe
  C:\Windows\System\WngEZXk.exe
  2⤵
  PID:6448
- C:\Windows\System\EjiRvre.exe
  C:\Windows\System\EjiRvre.exe
  2⤵
  PID:6772
- C:\Windows\System\EUmHrQA.exe
  C:\Windows\System\EUmHrQA.exe
  2⤵
  PID:7076
- C:\Windows\System\CzMyFdr.exe
  C:\Windows\System\CzMyFdr.exe
  2⤵
  PID:6696
- C:\Windows\System\dYLtKMr.exe
  C:\Windows\System\dYLtKMr.exe
  2⤵
  PID:7044
- C:\Windows\System\MVGcIZA.exe
  C:\Windows\System\MVGcIZA.exe
  2⤵
  PID:7172
- C:\Windows\System\IKeaYCF.exe
  C:\Windows\System\IKeaYCF.exe
  2⤵
  PID:7188
- C:\Windows\System\gqAdVrs.exe
  C:\Windows\System\gqAdVrs.exe
  2⤵
  PID:7204
- C:\Windows\System\ACdXKNN.exe
  C:\Windows\System\ACdXKNN.exe
  2⤵
  PID:7220
- C:\Windows\System\DkTQBAX.exe
  C:\Windows\System\DkTQBAX.exe
  2⤵
  PID:7236
- C:\Windows\System\wxasVUs.exe
  C:\Windows\System\wxasVUs.exe
  2⤵
  PID:7256
- C:\Windows\System\usUmKOK.exe
  C:\Windows\System\usUmKOK.exe
  2⤵
  PID:7272
- C:\Windows\System\xydfLfy.exe
  C:\Windows\System\xydfLfy.exe
  2⤵
  PID:7288
- C:\Windows\System\mpEGRMr.exe
  C:\Windows\System\mpEGRMr.exe
  2⤵
  PID:7304
- C:\Windows\System\CRZWIWa.exe
  C:\Windows\System\CRZWIWa.exe
  2⤵
  PID:7320
- C:\Windows\System\eVAvlGb.exe
  C:\Windows\System\eVAvlGb.exe
  2⤵
  PID:7336
- C:\Windows\System\zBmlcCn.exe
  C:\Windows\System\zBmlcCn.exe
  2⤵
  PID:7352
- C:\Windows\System\HNkPdLa.exe
  C:\Windows\System\HNkPdLa.exe
  2⤵
  PID:7368
- C:\Windows\System\tvWUIae.exe
  C:\Windows\System\tvWUIae.exe
  2⤵
  PID:7384
- C:\Windows\System\CLTAyJF.exe
  C:\Windows\System\CLTAyJF.exe
  2⤵
  PID:7416
- C:\Windows\System\PbXrbZS.exe
  C:\Windows\System\PbXrbZS.exe
  2⤵
  PID:7432
- C:\Windows\System\EEaAoGc.exe
  C:\Windows\System\EEaAoGc.exe
  2⤵
  PID:7448
- C:\Windows\System\OkeRmDA.exe
  C:\Windows\System\OkeRmDA.exe
  2⤵
  PID:7464
- C:\Windows\System\eloDOJy.exe
  C:\Windows\System\eloDOJy.exe
  2⤵
  PID:7484
- C:\Windows\System\HrgBsKb.exe
  C:\Windows\System\HrgBsKb.exe
  2⤵
  PID:7500
- C:\Windows\System\xLeaeeR.exe
  C:\Windows\System\xLeaeeR.exe
  2⤵
  PID:7516
- C:\Windows\System\jpMmUsM.exe
  C:\Windows\System\jpMmUsM.exe
  2⤵
  PID:7532
- C:\Windows\System\ILwxAel.exe
  C:\Windows\System\ILwxAel.exe
  2⤵
  PID:7552
- C:\Windows\System\VPFGNmY.exe
  C:\Windows\System\VPFGNmY.exe
  2⤵
  PID:7568
- C:\Windows\System\UsLenMH.exe
  C:\Windows\System\UsLenMH.exe
  2⤵
  PID:7584
- C:\Windows\System\IvutoAQ.exe
  C:\Windows\System\IvutoAQ.exe
  2⤵
  PID:7600
- C:\Windows\System\YrhWUQg.exe
  C:\Windows\System\YrhWUQg.exe
  2⤵
  PID:7616
- C:\Windows\System\WvrdrhG.exe
  C:\Windows\System\WvrdrhG.exe
  2⤵
  PID:7632
- C:\Windows\System\drtyokV.exe
  C:\Windows\System\drtyokV.exe
  2⤵
  PID:7648
- C:\Windows\System\JIAxUSM.exe
  C:\Windows\System\JIAxUSM.exe
  2⤵
  PID:7664
- C:\Windows\System\RtVGfYL.exe
  C:\Windows\System\RtVGfYL.exe
  2⤵
  PID:7680
- C:\Windows\System\yYstchF.exe
  C:\Windows\System\yYstchF.exe
  2⤵
  PID:7696
- C:\Windows\System\sizxPdx.exe
  C:\Windows\System\sizxPdx.exe
  2⤵
  PID:7712
- C:\Windows\System\lDNpDmw.exe
  C:\Windows\System\lDNpDmw.exe
  2⤵
  PID:7728
- C:\Windows\System\rGyYOtm.exe
  C:\Windows\System\rGyYOtm.exe
  2⤵
  PID:7744
- C:\Windows\System\cbVtBwy.exe
  C:\Windows\System\cbVtBwy.exe
  2⤵
  PID:7764
- C:\Windows\System\ZkLEgTQ.exe
  C:\Windows\System\ZkLEgTQ.exe
  2⤵
  PID:6152
- C:\Windows\System\YXmTDKp.exe
  C:\Windows\System\YXmTDKp.exe
  2⤵
  PID:7180
- C:\Windows\System\patZCbD.exe
  C:\Windows\System\patZCbD.exe
  2⤵
  PID:7252
- C:\Windows\System\QGdJiaI.exe
  C:\Windows\System\QGdJiaI.exe
  2⤵
  PID:7312
- C:\Windows\System\CanrxpE.exe
  C:\Windows\System\CanrxpE.exe
  2⤵
  PID:7348
- C:\Windows\System\mHKYFTr.exe
  C:\Windows\System\mHKYFTr.exe
  2⤵
  PID:7360
- C:\Windows\System\mkDgAYU.exe
  C:\Windows\System\mkDgAYU.exe
  2⤵
  PID:7392
- C:\Windows\System\BFixZmz.exe
  C:\Windows\System\BFixZmz.exe
  2⤵
  PID:7264
- C:\Windows\System\FzFyabx.exe
  C:\Windows\System\FzFyabx.exe
  2⤵
  PID:7196
- C:\Windows\System\BtkTDYy.exe
  C:\Windows\System\BtkTDYy.exe
  2⤵
  PID:7408
- C:\Windows\System\yqoMDpV.exe
  C:\Windows\System\yqoMDpV.exe
  2⤵
  PID:7476
- C:\Windows\System\NTvwafU.exe
  C:\Windows\System\NTvwafU.exe
  2⤵
  PID:7480
- C:\Windows\System\PALepbt.exe
  C:\Windows\System\PALepbt.exe
  2⤵
  PID:7524
- C:\Windows\System\jOZxsKn.exe
  C:\Windows\System\jOZxsKn.exe
  2⤵
  PID:7708
- C:\Windows\System\uBAZRBB.exe
  C:\Windows\System\uBAZRBB.exe
  2⤵
  PID:7624
- C:\Windows\System\eIvtDru.exe
  C:\Windows\System\eIvtDru.exe
  2⤵
  PID:7724
- C:\Windows\System\tUXPZQc.exe
  C:\Windows\System\tUXPZQc.exe
  2⤵
  PID:7784
- C:\Windows\System\nJgVXZJ.exe
  C:\Windows\System\nJgVXZJ.exe
  2⤵
  PID:7800
- C:\Windows\System\xshroLb.exe
  C:\Windows\System\xshroLb.exe
  2⤵
  PID:7816
- C:\Windows\System\YNkxTAl.exe
  C:\Windows\System\YNkxTAl.exe
  2⤵
  PID:7832
- C:\Windows\System\XWdkIyH.exe
  C:\Windows\System\XWdkIyH.exe
  2⤵
  PID:7848
- C:\Windows\System\PoNRLAU.exe
  C:\Windows\System\PoNRLAU.exe
  2⤵
  PID:7868
- C:\Windows\System\fYkLlxp.exe
  C:\Windows\System\fYkLlxp.exe
  2⤵
  PID:7888
- C:\Windows\System\PkMeruy.exe
  C:\Windows\System\PkMeruy.exe
  2⤵
  PID:7908
- C:\Windows\System\WKFJDGr.exe
  C:\Windows\System\WKFJDGr.exe
  2⤵
  PID:7924
- C:\Windows\System\NuXSdMN.exe
  C:\Windows\System\NuXSdMN.exe
  2⤵
  PID:7964
- C:\Windows\System\PlOotel.exe
  C:\Windows\System\PlOotel.exe
  2⤵
  PID:7956
- C:\Windows\System\hbvydfe.exe
  C:\Windows\System\hbvydfe.exe
  2⤵
  PID:7980
- C:\Windows\System\NBTGgxZ.exe
  C:\Windows\System\NBTGgxZ.exe
  2⤵
  PID:7996
- C:\Windows\System\MQIgJxl.exe
  C:\Windows\System\MQIgJxl.exe
  2⤵
  PID:8016
- C:\Windows\System\ZcRHOsU.exe
  C:\Windows\System\ZcRHOsU.exe
  2⤵
  PID:8032
- C:\Windows\System\YAOfJac.exe
  C:\Windows\System\YAOfJac.exe
  2⤵
  PID:8048
- C:\Windows\System\TtsRCKH.exe
  C:\Windows\System\TtsRCKH.exe
  2⤵
  PID:8068
- C:\Windows\System\HicqttD.exe
  C:\Windows\System\HicqttD.exe
  2⤵
  PID:8084
- C:\Windows\System\ZHzPsZi.exe
  C:\Windows\System\ZHzPsZi.exe
  2⤵
  PID:8100
- C:\Windows\System\DPzKfuV.exe
  C:\Windows\System\DPzKfuV.exe
  2⤵
  PID:8116
- C:\Windows\System\HrimagO.exe
  C:\Windows\System\HrimagO.exe
  2⤵
  PID:8132
- C:\Windows\System\RzHXrMa.exe
  C:\Windows\System\RzHXrMa.exe
  2⤵
  PID:8148
- C:\Windows\System\zvApEde.exe
  C:\Windows\System\zvApEde.exe
  2⤵
  PID:8164
- C:\Windows\System\FRwHajj.exe
  C:\Windows\System\FRwHajj.exe
  2⤵
  PID:8180
- C:\Windows\System\FJzleiF.exe
  C:\Windows\System\FJzleiF.exe
  2⤵
  PID:7144
- C:\Windows\System\OkUjHwu.exe
  C:\Windows\System\OkUjHwu.exe
  2⤵
  PID:6952
- C:\Windows\System\UcLwGXN.exe
  C:\Windows\System\UcLwGXN.exe
  2⤵
  PID:7228
- C:\Windows\System\gXRWoEk.exe
  C:\Windows\System\gXRWoEk.exe
  2⤵
  PID:7364
- C:\Windows\System\SMgmVAy.exe
  C:\Windows\System\SMgmVAy.exe
  2⤵
  PID:7456
- C:\Windows\System\FuBcHOd.exe
  C:\Windows\System\FuBcHOd.exe
  2⤵
  PID:2356
- C:\Windows\System\WaisLBE.exe
  C:\Windows\System\WaisLBE.exe
  2⤵
  PID:7508
- C:\Windows\System\ybigiUO.exe
  C:\Windows\System\ybigiUO.exe
  2⤵
  PID:7492
- C:\Windows\System\bobXSjF.exe
  C:\Windows\System\bobXSjF.exe
  2⤵
  PID:7628
- C:\Windows\System\QnUGmBy.exe
  C:\Windows\System\QnUGmBy.exe
  2⤵
  PID:7812
- C:\Windows\System\oZKlkiR.exe
  C:\Windows\System\oZKlkiR.exe
  2⤵
  PID:7880
- C:\Windows\System\PSEFUsv.exe
  C:\Windows\System\PSEFUsv.exe
  2⤵
  PID:7596
- C:\Windows\System\MRGVMQK.exe
  C:\Windows\System\MRGVMQK.exe
  2⤵
  PID:7860
- C:\Windows\System\okKQZuH.exe
  C:\Windows\System\okKQZuH.exe
  2⤵
  PID:7580
- C:\Windows\System\NeOFhuG.exe
  C:\Windows\System\NeOFhuG.exe
  2⤵
  PID:7644
- C:\Windows\System\xdItEyB.exe
  C:\Windows\System\xdItEyB.exe
  2⤵
  PID:7928
- C:\Windows\System\EKTXbkz.exe
  C:\Windows\System\EKTXbkz.exe
  2⤵
  PID:7676
- C:\Windows\System\QfGqCQv.exe
  C:\Windows\System\QfGqCQv.exe
  2⤵
  PID:7792
- C:\Windows\System\yOVTXIs.exe
  C:\Windows\System\yOVTXIs.exe
  2⤵
  PID:7776
- C:\Windows\System\WMdFoWr.exe
  C:\Windows\System\WMdFoWr.exe
  2⤵
  PID:7940
- C:\Windows\System\XsBoCkv.exe
  C:\Windows\System\XsBoCkv.exe
  2⤵
  PID:8056
- C:\Windows\System\asPjTvB.exe
  C:\Windows\System\asPjTvB.exe
  2⤵
  PID:8096
- C:\Windows\System\ydEcqNg.exe
  C:\Windows\System\ydEcqNg.exe
  2⤵
  PID:8108
- C:\Windows\System\YYVRJOA.exe
  C:\Windows\System\YYVRJOA.exe
  2⤵
  PID:8156
- C:\Windows\System\QWWzBkH.exe
  C:\Windows\System\QWWzBkH.exe
  2⤵
  PID:8112
- C:\Windows\System\UoDBwfk.exe
  C:\Windows\System\UoDBwfk.exe
  2⤵
  PID:7284
- C:\Windows\System\BCQzvfk.exe
  C:\Windows\System\BCQzvfk.exe
  2⤵
  PID:7472
- C:\Windows\System\wDHcUeD.exe
  C:\Windows\System\wDHcUeD.exe
  2⤵
  PID:7404
- C:\Windows\System\HXQGgEK.exe
  C:\Windows\System\HXQGgEK.exe
  2⤵
  PID:7544
- C:\Windows\System\RsiElQD.exe
  C:\Windows\System\RsiElQD.exe
  2⤵
  PID:7576
- C:\Windows\System\LuJucUi.exe
  C:\Windows\System\LuJucUi.exe
  2⤵
  PID:7920
- C:\Windows\System\wDxdblk.exe
  C:\Windows\System\wDxdblk.exe
  2⤵
  PID:7808
- C:\Windows\System\XuYMxfw.exe
  C:\Windows\System\XuYMxfw.exe
  2⤵
  PID:7896
- C:\Windows\System\oALfRon.exe
  C:\Windows\System\oALfRon.exe
  2⤵
  PID:7640
- C:\Windows\System\fsxPYeB.exe
  C:\Windows\System\fsxPYeB.exe
  2⤵
  PID:7704
- C:\Windows\System\ixHuWVx.exe
  C:\Windows\System\ixHuWVx.exe
  2⤵
  PID:8024
- C:\Windows\System\fxylYDh.exe
  C:\Windows\System\fxylYDh.exe
  2⤵
  PID:8040
- C:\Windows\System\ENAtEuh.exe
  C:\Windows\System\ENAtEuh.exe
  2⤵
  PID:6520
- C:\Windows\System\ZvmMSLB.exe
  C:\Windows\System\ZvmMSLB.exe
  2⤵
  PID:8060
- C:\Windows\System\VMkMzty.exe
  C:\Windows\System\VMkMzty.exe
  2⤵
  PID:876
- C:\Windows\System\juGatnj.exe
  C:\Windows\System\juGatnj.exe
  2⤵
  PID:7540
- C:\Windows\System\ouvEGxj.exe
  C:\Windows\System\ouvEGxj.exe
  2⤵
  PID:7428
- C:\Windows\System\DyrIMcD.exe
  C:\Windows\System\DyrIMcD.exe
  2⤵
  PID:8076
- C:\Windows\System\IHTOQbu.exe
  C:\Windows\System\IHTOQbu.exe
  2⤵
  PID:7828
- C:\Windows\System\LGmLjrW.exe
  C:\Windows\System\LGmLjrW.exe
  2⤵
  PID:7876
- C:\Windows\System\zLrDsqh.exe
  C:\Windows\System\zLrDsqh.exe
  2⤵
  PID:7936
- C:\Windows\System\pNACbgT.exe
  C:\Windows\System\pNACbgT.exe
  2⤵
  PID:7772
- C:\Windows\System\xjWUDZb.exe
  C:\Windows\System\xjWUDZb.exe
  2⤵
  PID:7856
- C:\Windows\System\aQDmkPt.exe
  C:\Windows\System\aQDmkPt.exe
  2⤵
  PID:7844
- C:\Windows\System\LOJEbZK.exe
  C:\Windows\System\LOJEbZK.exe
  2⤵
  PID:8128
- C:\Windows\System\UUEztdx.exe
  C:\Windows\System\UUEztdx.exe
  2⤵
  PID:8208
- C:\Windows\System\VFvwlLw.exe
  C:\Windows\System\VFvwlLw.exe
  2⤵
  PID:8224
- C:\Windows\System\uPJLmGR.exe
  C:\Windows\System\uPJLmGR.exe
  2⤵
  PID:8240
- C:\Windows\System\CtmnUXm.exe
  C:\Windows\System\CtmnUXm.exe
  2⤵
  PID:8256
- C:\Windows\System\qgzHlGc.exe
  C:\Windows\System\qgzHlGc.exe
  2⤵
  PID:8272
- C:\Windows\System\AcJGqvC.exe
  C:\Windows\System\AcJGqvC.exe
  2⤵
  PID:8288
- C:\Windows\System\BNBubeg.exe
  C:\Windows\System\BNBubeg.exe
  2⤵
  PID:8308
- C:\Windows\System\YyEDDzy.exe
  C:\Windows\System\YyEDDzy.exe
  2⤵
  PID:8324
- C:\Windows\System\GrPVsCA.exe
  C:\Windows\System\GrPVsCA.exe
  2⤵
  PID:8340
- C:\Windows\System\glxdnDk.exe
  C:\Windows\System\glxdnDk.exe
  2⤵
  PID:8356
- C:\Windows\System\kHnCaPs.exe
  C:\Windows\System\kHnCaPs.exe
  2⤵
  PID:8372
- C:\Windows\System\bSlVfIE.exe
  C:\Windows\System\bSlVfIE.exe
  2⤵
  PID:8388
- C:\Windows\System\UPAftNV.exe
  C:\Windows\System\UPAftNV.exe
  2⤵
  PID:8404
- C:\Windows\System\DjXRvYC.exe
  C:\Windows\System\DjXRvYC.exe
  2⤵
  PID:8420
- C:\Windows\System\JYeATyN.exe
  C:\Windows\System\JYeATyN.exe
  2⤵
  PID:8448
- C:\Windows\System\zAwQlbc.exe
  C:\Windows\System\zAwQlbc.exe
  2⤵
  PID:8464
- C:\Windows\System\lMGukKs.exe
  C:\Windows\System\lMGukKs.exe
  2⤵
  PID:8480
- C:\Windows\System\UUODxpc.exe
  C:\Windows\System\UUODxpc.exe
  2⤵
  PID:8496
- C:\Windows\System\HWovUzk.exe
  C:\Windows\System\HWovUzk.exe
  2⤵
  PID:8512
- C:\Windows\System\DREYqrQ.exe
  C:\Windows\System\DREYqrQ.exe
  2⤵
  PID:8528
- C:\Windows\System\sxBdHdi.exe
  C:\Windows\System\sxBdHdi.exe
  2⤵
  PID:8544
- C:\Windows\System\FCdmeqp.exe
  C:\Windows\System\FCdmeqp.exe
  2⤵
  PID:8560
- C:\Windows\System\gUvwedv.exe
  C:\Windows\System\gUvwedv.exe
  2⤵
  PID:8576
- C:\Windows\System\OzSUCpL.exe
  C:\Windows\System\OzSUCpL.exe
  2⤵
  PID:8592
- C:\Windows\System\vLwGqVO.exe
  C:\Windows\System\vLwGqVO.exe
  2⤵
  PID:8608
- C:\Windows\System\HBeCsJF.exe
  C:\Windows\System\HBeCsJF.exe
  2⤵
  PID:8624
- C:\Windows\System\EUWDAle.exe
  C:\Windows\System\EUWDAle.exe
  2⤵
  PID:8640
- C:\Windows\System\PVOdqHD.exe
  C:\Windows\System\PVOdqHD.exe
  2⤵
  PID:8656
- C:\Windows\System\zSawkxk.exe
  C:\Windows\System\zSawkxk.exe
  2⤵
  PID:8672
- C:\Windows\System\WNjRMjI.exe
  C:\Windows\System\WNjRMjI.exe
  2⤵
  PID:8688
- C:\Windows\System\VQJlGma.exe
  C:\Windows\System\VQJlGma.exe
  2⤵
  PID:8704
- C:\Windows\System\IwVtvrK.exe
  C:\Windows\System\IwVtvrK.exe
  2⤵
  PID:8720
- C:\Windows\System\xbcwrOL.exe
  C:\Windows\System\xbcwrOL.exe
  2⤵
  PID:8736
- C:\Windows\System\tdveUFs.exe
  C:\Windows\System\tdveUFs.exe
  2⤵
  PID:8752
- C:\Windows\System\LPAPUGp.exe
  C:\Windows\System\LPAPUGp.exe
  2⤵
  PID:8772
- C:\Windows\System\eOpyTBY.exe
  C:\Windows\System\eOpyTBY.exe
  2⤵
  PID:8788
- C:\Windows\System\CKnygxy.exe
  C:\Windows\System\CKnygxy.exe
  2⤵
  PID:8820
- C:\Windows\System\UnbYrPO.exe
  C:\Windows\System\UnbYrPO.exe
  2⤵
  PID:8840
- C:\Windows\System\ShFDCLz.exe
  C:\Windows\System\ShFDCLz.exe
  2⤵
  PID:8856
- C:\Windows\System\QTGSPUq.exe
  C:\Windows\System\QTGSPUq.exe
  2⤵
  PID:8880
- C:\Windows\System\kBrZduX.exe
  C:\Windows\System\kBrZduX.exe
  2⤵
  PID:8896
- C:\Windows\System\GVUoyEA.exe
  C:\Windows\System\GVUoyEA.exe
  2⤵
  PID:8916
- C:\Windows\System\sDrFtYg.exe
  C:\Windows\System\sDrFtYg.exe
  2⤵
  PID:8936
- C:\Windows\System\SVyMiEA.exe
  C:\Windows\System\SVyMiEA.exe
  2⤵
  PID:8952
- C:\Windows\System\RlNHDUV.exe
  C:\Windows\System\RlNHDUV.exe
  2⤵
  PID:8972
- C:\Windows\System\hemUbYk.exe
  C:\Windows\System\hemUbYk.exe
  2⤵
  PID:8996
- C:\Windows\System\oWLjYsh.exe
  C:\Windows\System\oWLjYsh.exe
  2⤵
  PID:9012
- C:\Windows\System\AcPurRw.exe
  C:\Windows\System\AcPurRw.exe
  2⤵
  PID:9028
- C:\Windows\System\YrGbmpe.exe
  C:\Windows\System\YrGbmpe.exe
  2⤵
  PID:9044
- C:\Windows\System\hfORcNQ.exe
  C:\Windows\System\hfORcNQ.exe
  2⤵
  PID:9068
- C:\Windows\System\DIqHLkZ.exe
  C:\Windows\System\DIqHLkZ.exe
  2⤵
  PID:9092
- C:\Windows\System\LzCxdYp.exe
  C:\Windows\System\LzCxdYp.exe
  2⤵
  PID:9108
- C:\Windows\System\ssLCBVp.exe
  C:\Windows\System\ssLCBVp.exe
  2⤵
  PID:9124
- C:\Windows\System\gtSxFsF.exe
  C:\Windows\System\gtSxFsF.exe
  2⤵
  PID:9140
- C:\Windows\System\LRYiGxU.exe
  C:\Windows\System\LRYiGxU.exe
  2⤵
  PID:9156
- C:\Windows\System\qdQhIxI.exe
  C:\Windows\System\qdQhIxI.exe
  2⤵
  PID:9172
- C:\Windows\System\vZtdAEh.exe
  C:\Windows\System\vZtdAEh.exe
  2⤵
  PID:9188
- C:\Windows\System\iixvztU.exe
  C:\Windows\System\iixvztU.exe
  2⤵
  PID:9208
- C:\Windows\System\zMKYAsd.exe
  C:\Windows\System\zMKYAsd.exe
  2⤵
  PID:7332
- C:\Windows\System\BmpSqdt.exe
  C:\Windows\System\BmpSqdt.exe
  2⤵
  PID:8264
- C:\Windows\System\whaDjuY.exe
  C:\Windows\System\whaDjuY.exe
  2⤵
  PID:8296
- C:\Windows\System\LQaWikH.exe
  C:\Windows\System\LQaWikH.exe
  2⤵
  PID:8364
- C:\Windows\System\ZXAFtWG.exe
  C:\Windows\System\ZXAFtWG.exe
  2⤵
  PID:8320
- C:\Windows\System\RxtpnOS.exe
  C:\Windows\System\RxtpnOS.exe
  2⤵
  PID:8380
- C:\Windows\System\DbFTyGL.exe
  C:\Windows\System\DbFTyGL.exe
  2⤵
  PID:7952
- C:\Windows\System\jXmLihT.exe
  C:\Windows\System\jXmLihT.exe
  2⤵
  PID:7612
- C:\Windows\System\lgBATec.exe
  C:\Windows\System\lgBATec.exe
  2⤵
  PID:8432
- C:\Windows\System\DDUaOrm.exe
  C:\Windows\System\DDUaOrm.exe
  2⤵
  PID:8992
- C:\Windows\System\kGXvzcU.exe
  C:\Windows\System\kGXvzcU.exe
  2⤵
  PID:9064
- C:\Windows\System\puWVhNw.exe
  C:\Windows\System\puWVhNw.exe
  2⤵
  PID:7280
- C:\Windows\System\itxpVEo.exe
  C:\Windows\System\itxpVEo.exe
  2⤵
  PID:8232
- C:\Windows\System\FPdkQwk.exe
  C:\Windows\System\FPdkQwk.exe
  2⤵
  PID:8600
- C:\Windows\System\CqZEEyw.exe
  C:\Windows\System\CqZEEyw.exe
  2⤵
  PID:8804
- C:\Windows\System\MXmOHaK.exe
  C:\Windows\System\MXmOHaK.exe
  2⤵
  PID:8800
- C:\Windows\System\VOwYZPy.exe
  C:\Windows\System\VOwYZPy.exe
  2⤵
  PID:8892
- C:\Windows\System\gFXpMTY.exe
  C:\Windows\System\gFXpMTY.exe
  2⤵
  PID:8904
- C:\Windows\System\yGnvZMT.exe
  C:\Windows\System\yGnvZMT.exe
  2⤵
  PID:8968
- C:\Windows\System\CTwaTNw.exe
  C:\Windows\System\CTwaTNw.exe
  2⤵
  PID:9008
- C:\Windows\System\XggHBBW.exe
  C:\Windows\System\XggHBBW.exe
  2⤵
  PID:9056
- C:\Windows\System\ipNdOyL.exe
  C:\Windows\System\ipNdOyL.exe
  2⤵
  PID:9060
- C:\Windows\System\kJtAKEU.exe
  C:\Windows\System\kJtAKEU.exe
  2⤵
  PID:9104
- C:\Windows\System\fQzcLId.exe
  C:\Windows\System\fQzcLId.exe
  2⤵
  PID:9136
- C:\Windows\System\WiNzJZO.exe
  C:\Windows\System\WiNzJZO.exe
  2⤵
  PID:9196
- C:\Windows\System\jAiZdGJ.exe
  C:\Windows\System\jAiZdGJ.exe
  2⤵
  PID:9204
- C:\Windows\System\aHHMJFn.exe
  C:\Windows\System\aHHMJFn.exe
  2⤵
  PID:1676
- C:\Windows\System\taKfKBY.exe
  C:\Windows\System\taKfKBY.exe
  2⤵
  PID:8220
- C:\Windows\System\MMAnPeH.exe
  C:\Windows\System\MMAnPeH.exe
  2⤵
  PID:7692
- C:\Windows\System\MNqxoFF.exe
  C:\Windows\System\MNqxoFF.exe
  2⤵
  PID:8552
- C:\Windows\System\VGOdUWV.exe
  C:\Windows\System\VGOdUWV.exe
  2⤵
  PID:8680
- C:\Windows\System\vbYkRHA.exe
  C:\Windows\System\vbYkRHA.exe
  2⤵
  PID:8764
- C:\Windows\System\pVwwiSo.exe
  C:\Windows\System\pVwwiSo.exe
  2⤵
  PID:8768
- C:\Windows\System\YqWqMiy.exe
  C:\Windows\System\YqWqMiy.exe
  2⤵
  PID:8796
- C:\Windows\System\StmtlEt.exe
  C:\Windows\System\StmtlEt.exe
  2⤵
  PID:8444
- C:\Windows\System\OjMbGwa.exe
  C:\Windows\System\OjMbGwa.exe
  2⤵
  PID:8908
- C:\Windows\System\aXmEiqv.exe
  C:\Windows\System\aXmEiqv.exe
  2⤵
  PID:8536
- C:\Windows\System\RHCPChI.exe
  C:\Windows\System\RHCPChI.exe
  2⤵
  PID:8572
- C:\Windows\System\vkbfMqg.exe
  C:\Windows\System\vkbfMqg.exe
  2⤵
  PID:8864
- C:\Windows\System\qFMopzF.exe
  C:\Windows\System\qFMopzF.exe
  2⤵
  PID:9180
- C:\Windows\System\odYZAtW.exe
  C:\Windows\System\odYZAtW.exe
  2⤵
  PID:8868
- C:\Windows\System\QgObBKI.exe
  C:\Windows\System\QgObBKI.exe
  2⤵
  PID:8648
- C:\Windows\System\OAXLxVf.exe
  C:\Windows\System\OAXLxVf.exe
  2⤵
  PID:9120
- C:\Windows\System\mIrBAdw.exe
  C:\Windows\System\mIrBAdw.exe
  2⤵
  PID:8944
- C:\Windows\System\mjbAskJ.exe
  C:\Windows\System\mjbAskJ.exe
  2⤵
  PID:840
- C:\Windows\System\hbCamGo.exe
  C:\Windows\System\hbCamGo.exe
  2⤵
  PID:8284
- C:\Windows\System\pheRgiL.exe
  C:\Windows\System\pheRgiL.exe
  2⤵
  PID:8836
- C:\Windows\System\nnhZlcO.exe
  C:\Windows\System\nnhZlcO.exe
  2⤵
  PID:8620
- C:\Windows\System\atPXpki.exe
  C:\Windows\System\atPXpki.exe
  2⤵
  PID:8316
- C:\Windows\System\iONmHpK.exe
  C:\Windows\System\iONmHpK.exe
  2⤵
  PID:8780
- C:\Windows\System\nOeDcPb.exe
  C:\Windows\System\nOeDcPb.exe
  2⤵
  PID:8616
- C:\Windows\System\CngziLl.exe
  C:\Windows\System\CngziLl.exe
  2⤵
  PID:8728
- C:\Windows\System\oKRkswE.exe
  C:\Windows\System\oKRkswE.exe
  2⤵
  PID:8816
- C:\Windows\System\MPpAKBY.exe
  C:\Windows\System\MPpAKBY.exe
  2⤵
  PID:9132
- C:\Windows\System\veXggNl.exe
  C:\Windows\System\veXggNl.exe
  2⤵
  PID:8336
- C:\Windows\System\nKJxCnY.exe
  C:\Windows\System\nKJxCnY.exe
  2⤵
  PID:8852
- C:\Windows\System\cNkRYcg.exe
  C:\Windows\System\cNkRYcg.exe
  2⤵
  PID:8760
- C:\Windows\System\VCczaxT.exe
  C:\Windows\System\VCczaxT.exe
  2⤵
  PID:9200
- C:\Windows\System\JaZbnXI.exe
  C:\Windows\System\JaZbnXI.exe
  2⤵
  PID:8304
- C:\Windows\System\VFWiVmT.exe
  C:\Windows\System\VFWiVmT.exe
  2⤵
  PID:8876
- C:\Windows\System\CvqkjQS.exe
  C:\Windows\System\CvqkjQS.exe
  2⤵
  PID:7560
- C:\Windows\System\ADLOwuR.exe
  C:\Windows\System\ADLOwuR.exe
  2⤵
  PID:8508
- C:\Windows\System\WfbcYCZ.exe
  C:\Windows\System\WfbcYCZ.exe
  2⤵
  PID:8588
- C:\Windows\System\iFfxuMo.exe
  C:\Windows\System\iFfxuMo.exe
  2⤵
  PID:9148
- C:\Windows\System\YMTFPVj.exe
  C:\Windows\System\YMTFPVj.exe
  2⤵
  PID:8712
- C:\Windows\System\NdyesfS.exe
  C:\Windows\System\NdyesfS.exe
  2⤵
  PID:9168
- C:\Windows\System\nrecqRR.exe
  C:\Windows\System\nrecqRR.exe
  2⤵
  PID:9080
- C:\Windows\System\fnkGIEQ.exe
  C:\Windows\System\fnkGIEQ.exe
  2⤵
  PID:9152
- C:\Windows\System\TpepDHE.exe
  C:\Windows\System\TpepDHE.exe
  2⤵
  PID:9228
- C:\Windows\System\YRWZZCL.exe
  C:\Windows\System\YRWZZCL.exe
  2⤵
  PID:9252
- C:\Windows\System\MaeMjSm.exe
  C:\Windows\System\MaeMjSm.exe
  2⤵
  PID:9268
- C:\Windows\System\TWIHTeb.exe
  C:\Windows\System\TWIHTeb.exe
  2⤵
  PID:9296
- C:\Windows\System\kjuPiDj.exe
  C:\Windows\System\kjuPiDj.exe
  2⤵
  PID:9316
- C:\Windows\System\PJpjioj.exe
  C:\Windows\System\PJpjioj.exe
  2⤵
  PID:9336
- C:\Windows\System\raYezWr.exe
  C:\Windows\System\raYezWr.exe
  2⤵
  PID:9352
- C:\Windows\System\CiQGobt.exe
  C:\Windows\System\CiQGobt.exe
  2⤵
  PID:9368
- C:\Windows\System\GKJsXYl.exe
  C:\Windows\System\GKJsXYl.exe
  2⤵
  PID:9392
- C:\Windows\System\WLULEKi.exe
  C:\Windows\System\WLULEKi.exe
  2⤵
  PID:9424
- C:\Windows\System\JSwUljR.exe
  C:\Windows\System\JSwUljR.exe
  2⤵
  PID:9440
- C:\Windows\System\qRzkofl.exe
  C:\Windows\System\qRzkofl.exe
  2⤵
  PID:9456
- C:\Windows\System\wHopejr.exe
  C:\Windows\System\wHopejr.exe
  2⤵
  PID:9480
- C:\Windows\System\PYtpdHi.exe
  C:\Windows\System\PYtpdHi.exe
  2⤵
  PID:9496
- C:\Windows\System\gyLzcAF.exe
  C:\Windows\System\gyLzcAF.exe
  2⤵
  PID:9516
- C:\Windows\System\deTClrq.exe
  C:\Windows\System\deTClrq.exe
  2⤵
  PID:9536
- C:\Windows\System\UUOdfhO.exe
  C:\Windows\System\UUOdfhO.exe
  2⤵
  PID:9552
- C:\Windows\System\IZsBhsB.exe
  C:\Windows\System\IZsBhsB.exe
  2⤵
  PID:9572
- C:\Windows\System\OikcQIp.exe
  C:\Windows\System\OikcQIp.exe
  2⤵
  PID:9592
- C:\Windows\System\ElcHVBF.exe
  C:\Windows\System\ElcHVBF.exe
  2⤵
  PID:9624
- C:\Windows\System\FUEeekX.exe
  C:\Windows\System\FUEeekX.exe
  2⤵
  PID:9644
- C:\Windows\System\nOsDJwL.exe
  C:\Windows\System\nOsDJwL.exe
  2⤵
  PID:9668
- C:\Windows\System\BSurqRY.exe
  C:\Windows\System\BSurqRY.exe
  2⤵
  PID:9688
- C:\Windows\System\iNBLfoa.exe
  C:\Windows\System\iNBLfoa.exe
  2⤵
  PID:9704
- C:\Windows\System\ehPPdcg.exe
  C:\Windows\System\ehPPdcg.exe
  2⤵
  PID:9728
- C:\Windows\System\TGjBeqt.exe
  C:\Windows\System\TGjBeqt.exe
  2⤵
  PID:9744
- C:\Windows\System\NhPMjpx.exe
  C:\Windows\System\NhPMjpx.exe
  2⤵
  PID:9764
- C:\Windows\System\QuaLaIc.exe
  C:\Windows\System\QuaLaIc.exe
  2⤵
  PID:9788
- C:\Windows\System\SEgcDvf.exe
  C:\Windows\System\SEgcDvf.exe
  2⤵
  PID:9804
- C:\Windows\System\kvVVXmN.exe
  C:\Windows\System\kvVVXmN.exe
  2⤵
  PID:9820
- C:\Windows\System\SKxxNvu.exe
  C:\Windows\System\SKxxNvu.exe
  2⤵
  PID:9840
- C:\Windows\System\YPStbyg.exe
  C:\Windows\System\YPStbyg.exe
  2⤵
  PID:9856
- C:\Windows\System\ZqrMGYq.exe
  C:\Windows\System\ZqrMGYq.exe
  2⤵
  PID:9876
- C:\Windows\System\mZMlsEy.exe
  C:\Windows\System\mZMlsEy.exe
  2⤵
  PID:9896
- C:\Windows\System\ghFnWpW.exe
  C:\Windows\System\ghFnWpW.exe
  2⤵
  PID:9920
- C:\Windows\System\auUDnPt.exe
  C:\Windows\System\auUDnPt.exe
  2⤵
  PID:9944
- C:\Windows\System\ZxvKjsv.exe
  C:\Windows\System\ZxvKjsv.exe
  2⤵
  PID:9964
- C:\Windows\System\JmXgnJa.exe
  C:\Windows\System\JmXgnJa.exe
  2⤵
  PID:9980
- C:\Windows\System\Pqywpps.exe
  C:\Windows\System\Pqywpps.exe
  2⤵
  PID:10000
- C:\Windows\System\DHcqErZ.exe
  C:\Windows\System\DHcqErZ.exe
  2⤵
  PID:10016
- C:\Windows\System\RiAqLft.exe
  C:\Windows\System\RiAqLft.exe
  2⤵
  PID:10048
- C:\Windows\System\DuwhvTu.exe
  C:\Windows\System\DuwhvTu.exe
  2⤵
  PID:10064
- C:\Windows\System\RJsaLkJ.exe
  C:\Windows\System\RJsaLkJ.exe
  2⤵
  PID:10088
- C:\Windows\System\SBGkwSq.exe
  C:\Windows\System\SBGkwSq.exe
  2⤵
  PID:10108
- C:\Windows\System\lkFcDAj.exe
  C:\Windows\System\lkFcDAj.exe
  2⤵
  PID:10128
- C:\Windows\System\gDZVwQS.exe
  C:\Windows\System\gDZVwQS.exe
  2⤵
  PID:10144
- C:\Windows\System\xSxOMDp.exe
  C:\Windows\System\xSxOMDp.exe
  2⤵
  PID:10164
- C:\Windows\System\rTXkAnV.exe
  C:\Windows\System\rTXkAnV.exe
  2⤵
  PID:10180
- C:\Windows\System\rqXCtmE.exe
  C:\Windows\System\rqXCtmE.exe
  2⤵
  PID:10200
- C:\Windows\System\iohmRKU.exe
  C:\Windows\System\iohmRKU.exe
  2⤵
  PID:10216
- C:\Windows\System\QdsjfgB.exe
  C:\Windows\System\QdsjfgB.exe
  2⤵
  PID:10232
- C:\Windows\System\QprilPu.exe
  C:\Windows\System\QprilPu.exe
  2⤵
  PID:9260
- C:\Windows\System\ZBcmftb.exe
  C:\Windows\System\ZBcmftb.exe
  2⤵
  PID:9284
- C:\Windows\System\lNCikza.exe
  C:\Windows\System\lNCikza.exe
  2⤵
  PID:9304
- C:\Windows\System\azJMbuP.exe
  C:\Windows\System\azJMbuP.exe
  2⤵
  PID:9376
- C:\Windows\System\aucWcFJ.exe
  C:\Windows\System\aucWcFJ.exe
  2⤵
  PID:9364
- C:\Windows\System\wmEmlme.exe
  C:\Windows\System\wmEmlme.exe
  2⤵
  PID:9408
- C:\Windows\System\bmTGeCy.exe
  C:\Windows\System\bmTGeCy.exe
  2⤵
  PID:9468
- C:\Windows\System\TuIpVaK.exe
  C:\Windows\System\TuIpVaK.exe
  2⤵
  PID:9508
- C:\Windows\System\lklRteB.exe
  C:\Windows\System\lklRteB.exe
  2⤵
  PID:9584
- C:\Windows\System\qaFdRSa.exe
  C:\Windows\System\qaFdRSa.exe
  2⤵
  PID:9560
- C:\Windows\System\kcDLfjd.exe
  C:\Windows\System\kcDLfjd.exe
  2⤵
  PID:9600
- C:\Windows\System\HvDkwAC.exe
  C:\Windows\System\HvDkwAC.exe
  2⤵
  PID:9632
- C:\Windows\System\mcztszE.exe
  C:\Windows\System\mcztszE.exe
  2⤵
  PID:9664
- C:\Windows\System\nAyuyCD.exe
  C:\Windows\System\nAyuyCD.exe
  2⤵
  PID:9680
- C:\Windows\System\vzmgGLC.exe
  C:\Windows\System\vzmgGLC.exe
  2⤵
  PID:9716
- C:\Windows\System\cJizdXL.exe
  C:\Windows\System\cJizdXL.exe
  2⤵
  PID:9740
- C:\Windows\System\LRnxtJG.exe
  C:\Windows\System\LRnxtJG.exe
  2⤵
  PID:9772
- C:\Windows\System\PbRFFkS.exe
  C:\Windows\System\PbRFFkS.exe
  2⤵
  PID:9836
- C:\Windows\System\FDGWSQR.exe
  C:\Windows\System\FDGWSQR.exe
  2⤵
  PID:9812
- C:\Windows\System\yoLUyZq.exe
  C:\Windows\System\yoLUyZq.exe
  2⤵
  PID:9816
- C:\Windows\System\gAkfNwn.exe
  C:\Windows\System\gAkfNwn.exe
  2⤵
  PID:9952
- C:\Windows\System\wSNBLuD.exe
  C:\Windows\System\wSNBLuD.exe
  2⤵
  PID:9936
- C:\Windows\System\QtpOejv.exe
  C:\Windows\System\QtpOejv.exe
  2⤵
  PID:9996
- C:\Windows\System\OGqqKzY.exe
  C:\Windows\System\OGqqKzY.exe
  2⤵
  PID:10008
- C:\Windows\System\HTjeiCW.exe
  C:\Windows\System\HTjeiCW.exe
  2⤵
  PID:10044
- C:\Windows\System\qWhSmXg.exe
  C:\Windows\System\qWhSmXg.exe
  2⤵
  PID:10124
- C:\Windows\System\RHyezJZ.exe
  C:\Windows\System\RHyezJZ.exe
  2⤵
  PID:10188
- C:\Windows\System\TRYSdEa.exe
  C:\Windows\System\TRYSdEa.exe
  2⤵
  PID:10192
- C:\Windows\System\pTwpOEQ.exe
  C:\Windows\System\pTwpOEQ.exe
  2⤵
  PID:9244
- C:\Windows\System\sMQnGMP.exe
  C:\Windows\System\sMQnGMP.exe
  2⤵
  PID:9312
- C:\Windows\System\wDUPrnL.exe
  C:\Windows\System\wDUPrnL.exe
  2⤵
  PID:9360
- C:\Windows\System\zzKdfyZ.exe
  C:\Windows\System\zzKdfyZ.exe
  2⤵
  PID:9472
- C:\Windows\System\cRovlkJ.exe
  C:\Windows\System\cRovlkJ.exe
  2⤵
  PID:9432
- C:\Windows\System\lYgspvU.exe
  C:\Windows\System\lYgspvU.exe
  2⤵
  PID:8436
- C:\Windows\System\dtKWNrH.exe
  C:\Windows\System\dtKWNrH.exe
  2⤵
  PID:9224
- C:\Windows\System\gIClmRN.exe
  C:\Windows\System\gIClmRN.exe
  2⤵
  PID:9492
- C:\Windows\System\fZemUaI.exe
  C:\Windows\System\fZemUaI.exe
  2⤵
  PID:9608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\ARuEkTS.exe

Filesize
6.0MB

MD5
310b17443a042e58d997d4fe9f886c1b

SHA1
61b1d925bc11589f1ce390f07d4d8eb0194f503c

SHA256
f425bb08c7b6a0ae5e370d9f1e0638e8cf2da06ca08187cbdbc5d697b6516c57

SHA512
a7ad1818ce0379a6887d74c0c869bb4e21fdb3db9278045830e33a66c36758643a49daac33ef3abfaad828351664d5f9107fd2e12e758c6ea71035a32715fa64

Download Submit
C:\Windows\system\BBkuFJx.exe

Filesize
6.0MB

MD5
85f156044db8d6054ca774d1be8288fa

SHA1
8e946eac9e7436d4d15d3d65d3ebef148062338f

SHA256
9f6d95374ba4fda11183f5ed58e03094ab1496ea0d440ae273b32c3f61184297

SHA512
1477c1c5dceb8476cbbe4edcf81b6b97765d0c207e6ed66783a7b99740aef615fb6d5368ed77cc7c4e7eae895cd650ae0fc511506a524c74a77863a76cfc993b

Download Submit
C:\Windows\system\BGsxoIt.exe

Filesize
6.0MB

MD5
a701e2af3a69717669c89af0d5e61efb

SHA1
c8e370e34c01eedbdb1488b57c9eba9fe10bed32

SHA256
dad944c9d829b137f70b70ac583575eb34c98fd21832bf66128b93f329fc9ed2

SHA512
848868451542fa7ec37794dc820f24bca141be77f91f525042687bcd06d25157bd0c6c684b821622fc7f07646c28a00cad550580367098efc6fbf43da17ea486

Download Submit
C:\Windows\system\BlmCPVZ.exe

Filesize
6.0MB

MD5
4c335566acc9661ec66017c630d87ec0

SHA1
91522539e1186e332add1ede82a89b72d69f972e

SHA256
5d01ccc0d2b130c9df20e185e9da0d54b5e1bd13b2822b7a60726b9e7b1d61f2

SHA512
f02fc6196cac203690b48d2b4af089bb10e7a24c8cc877827f63b3ff240e31eecbdf61bc74850fb07ebe2f76b48270835599405525f92efd3c799b8a4cb8b1fa

Download Submit
C:\Windows\system\BvbNUqN.exe

Filesize
6.0MB

MD5
4cae449e182088c1b11de1826add6eba

SHA1
074be98a7c42f47c337c2eaee64ceb8a6f91c606

SHA256
88ca1a500f3bbce1ae6e29cb4ed4aa2c0748d3ebd37945e40f738d846d3061bc

SHA512
3d68aad46645d0bfa8482dc2cba4ec460b0977c17b6ed26110b82d1e67c6d5ba3c78d2e81030b531e338a8163b6473e036b21ebbf54cd9c56cc85f4ea2b27481

Download Submit
C:\Windows\system\COsgiWz.exe

Filesize
6.0MB

MD5
fa32615f014ba522eb84eef4218a7e2e

SHA1
099f46076ac148d269f0d86e0a8a473cb72dad2d

SHA256
84a44869e23c4e712681acb00e398782dba814beedf1e7bcae384b4ea6745c5c

SHA512
94b19ff03453d95ed815c1589b978313e7bfe701fd4b523fe256bc5e0ad7b9ad40d77738982a9668a08e53bbc895d4dd69cf908d46b57a6fcbb0b0999717632f

Download Submit
C:\Windows\system\FpshFyL.exe

Filesize
6.0MB

MD5
3e71967a1114c880435243ea99b978cf

SHA1
e1ebab6e1b9cf1881e3e662fdcc15a55e642fb9d

SHA256
fe825309a4177a71675db4e3403b3d38cd6a6d6a6413cfd7fc4dd4c9c453807c

SHA512
46e0f4027782e52288ddbc9022054f42cc02bec93606c36f89def8d2ab6eede2618c19ddcf4b922259aba9cf77b0934350f87375e9f7cde5586b4603cecc5a12

Download Submit
C:\Windows\system\HiEfewb.exe

Filesize
6.0MB

MD5
bb3960204da547480800ab5adcf03cdc

SHA1
4ad13cd37ac47f7449de5072099ebc5ae7a40ceb

SHA256
443b761bdd1bfc65ec3d4f1f3785334348daa3b7d960c87108ecb9b836b83ff9

SHA512
153debd35b05fc487f828557ba1e5f67b7710ce047563a6abb50f5b2f36100a423341d5a65da07fb010488e33f06e6cd6d9014f2bc507535c82555159f069108

Download Submit
C:\Windows\system\PQLWWGz.exe

Filesize
6.0MB

MD5
f4d8fa4b67a8ce05ced2e232261875ba

SHA1
b4b748c74082d23c164021001c46d54d19eaac21

SHA256
421497644fe06a17c2fc7a8b02676382ddf6f920ea919b91411c95a5d983d164

SHA512
ea471f4be33180bf56373ac85def9a1f7f10465580a78f120457b57411f3b8dc981004e2fa0e6f2bcc0eb2b615dacf124f4ae1b919f753c4b35c521dc0f47e37

Download Submit
C:\Windows\system\RZkvuVe.exe

Filesize
6.0MB

MD5
3177cf115147587e868ae284a6ebe71c

SHA1
6c056275c6c3bb664007a1ac954a481595551f30

SHA256
5d2d477235b1f34077e67e545cd8ce3ab603391fdd8e908aabbdb0deb46100f5

SHA512
daf7bc3bf113c24e5fd3c1b418122a397f06954a5ec3c1b15ae85a01bca17b2c8ad5b520343dc9b45adde35911e545e9fe5d7736fb6d63660ba7e19092c4cfa6

Download Submit
C:\Windows\system\RxyTaCF.exe

Filesize
6.0MB

MD5
85a9a32e9937e06dc0b001831e06b57b

SHA1
f6f4180a93175635f3679607884b917dead33e76

SHA256
0f38a50e6c6cc325076ad00846cccf7a755f9e0b66d98ce95a5608156bff453c

SHA512
a4a511be397e81fd22da42658868c29e3315eb997ed1720bf48239810dade36150d7fcb473340d46653d14b3e6f276a2e77699cc4116b16ad913574300f98ea4

Download Submit
C:\Windows\system\TLAaaXi.exe

Filesize
6.0MB

MD5
aee668eb1c05b2159b9a013762596b4c

SHA1
c1dbdd64d82e7cc480038c786919dbbb44d81133

SHA256
1f648c82a83e2eb9d65ebfc3a909e54bdeb4d983ffb30275b317cf9a32eeed21

SHA512
57d559e170b30e3777791f027e4c2959098b76526f91c243dca046977fbf17cf1c673937532a12ce89c1044321d719e01fd5d26b1bbd1e1768462934ad1079f8

Download Submit
C:\Windows\system\UoQfQhr.exe

Filesize
6.0MB

MD5
0dfc1f194c85a2c00cf7f9b5596fe1c9

SHA1
3fc251c5fe21f5e9d9227606a8069d5bc9af52bc

SHA256
a8b4b50e9e12be61b1a049a7af5eeb1f49cd6217314baa4301a735926702bb4a

SHA512
016542d9724283b261431979fd9d15a2d5ffe0d062b4dcb0f9ad99014707e4dbff6d3b9e971db7f0da444a6d6e319705abaf12df48cc3e44b6d6d2c956186220

Download Submit
C:\Windows\system\XFUOFDg.exe

Filesize
6.0MB

MD5
1e148d6e017d229b9ffb1d8baf229663

SHA1
04214920da494f8c2ef519de82c3380ba811041b

SHA256
56781489c77c1f7c24b392bc9db3f0ec11c25d803131e2981d6b9fad660d7e91

SHA512
761724a00a832b61fe5dee5f8b1f7c2e73c3fbb945f57bf66d0ebef5ca71e2c0eb7b9a7d8bd1a28d526bb5e248807c1251f6cc3df78b1cb384754e9c9ade6bdf

Download Submit
C:\Windows\system\YdbnqCE.exe

Filesize
6.0MB

MD5
8fad49b30ad8d0481010f8e39d7e1f14

SHA1
9ef77bac213a400000cf9f2dbaef58e62f52b909

SHA256
e304246dc0be14d8f58cd7758a3fd348bc55003cd92ac2e0df1a9e4cb5fe33a2

SHA512
26ba068f7737e5108cd03c0dc161c6d75b4b705890b05d38344e2ac96e6146849e554e6aa43294a935502cdd99abb5569b8290331aa2c933a22ca816fa66c1ae

Download Submit
C:\Windows\system\ZgLInzO.exe

Filesize
6.0MB

MD5
705ca3ac43ef18eae9693fa4cfc3296a

SHA1
702fa3b510e9e92f0997b3d57c0ade33477659f9

SHA256
5f391aac626aeee0b77678eeacfac2e805c95c64106bf1084bdc3e8c9fc8709c

SHA512
6325123d612ff71950c21ef073db96bf15a95520231e4391b880ab362fe19e290660b985303fda3062c3624e6ce1837beea20f5db79090fc387766560134c0db

Download Submit
C:\Windows\system\ZhkmmeL.exe

Filesize
6.0MB

MD5
02515e6801a9e5e3f910330795924ce2

SHA1
f6dc76bc2fc141c58c1c76fde16cbb100cd8b4d6

SHA256
0b7664656dd08b727e458fb993c5a896c27342d44f62ba0af0a6a9a5ebcd9d58

SHA512
e87e746f87c8ab9c5685fca12219675b4ba36051536f29c1cd37740e35bc2d5e63c7db73c9e52424016798803141b2bf52a65d0361ba20865d42b0ed1b6870c3

Download Submit
C:\Windows\system\bLauStM.exe

Filesize
6.0MB

MD5
d04d32d8963abfed37a5ec94cb7d446f

SHA1
dd4a4a9ff7571f14ae8d2b48ab62780d67121e83

SHA256
75d8937f2d7d86eb133aadc93d27eb658b1f13326092da87ae474a5de3e44f88

SHA512
a3f9427aeca493740794c087fcf82f36b534abd423bec3c09f560aa771d4702f92dba821fe149f7b1094e313905a1a27fa9abdf06f175132fdd0ec521440352a

Download Submit
C:\Windows\system\joRDNsy.exe

Filesize
6.0MB

MD5
b12caf635b6121eb59e751d935b8cf00

SHA1
4b20406fd3f411888bf3b8610fa477e57f36fa02

SHA256
4afc565052e9628adef771d720e14a8498705b490f17fe3004aadcf56bb977d1

SHA512
149ac0c7995165330f5f84157c56b47df5fe1d4b5c5fbb68c6aa96992a3a8f12a42953e9d52a31acae2132ff6c5fd9d4023c89aef384e3ae3456dcfd3dcc3e97

Download Submit
C:\Windows\system\kHMZWcJ.exe

Filesize
6.0MB

MD5
cfb1cc5dd7f3419b7110a7217d9b55ee

SHA1
edfce03f72cdd4f85d73aae6752fc89face13a45

SHA256
cda3b2d6c612da7f836014d830d07b72b79ca9d01b313c479a295cc010cfecf5

SHA512
050222bbc239a01282f5bbd4069519c1b056b1831165f09668956ca95b86b683c5f10e42f38cb326b3a541566776f16cde6b8be7c8f5de0aa3bbb8f022e9fb80

Download Submit
C:\Windows\system\kTsWzLZ.exe

Filesize
6.0MB

MD5
341fbdf859ac2207130d00a19bc30b74

SHA1
a683ead5c6a90cfcbe392d4a9d65c41e950cfdd0

SHA256
05cbe19076210e34a4aa5b219598f27c754a353fc7da23ebb6c8e1f4a3a2f8e6

SHA512
e285a5ee2e4d7fa12b78f931a02bdff0afffeb38e178b7f889630f44019e83857dd7aaffd148578f2e17ba3a3a76667f072e6e34fd935a91db6d18a23c85d67b

Download Submit
C:\Windows\system\mPtoOWX.exe

Filesize
6.0MB

MD5
bc20945a923478b95224b1a3f707ff24

SHA1
985772e379c6fa9d34a2d10283f955b3f44b0428

SHA256
04080c2345e3c502f4a3826c27676a9719b542606cc163135248297dbaf75723

SHA512
788458509afffd75a09e13b47e111f52c71ffecce951e9947f36ccf34cbaf3f6ad103188566a062c512234d2d9e15b88d5ff518054cca567e4a6e5c6f52b2611

Download Submit
C:\Windows\system\mkRbaoX.exe

Filesize
6.0MB

MD5
b2d26401aceb9fa2780fdb5c055531a1

SHA1
0a3b8ecb311029525dfbee858b1bb65233b8aa46

SHA256
18b5573789aa7e855e1c12b13e7d68bbcf3b068ec9c4bb8d62bc8c1b4935a468

SHA512
d7c38010d33441ab4fccb9fa7a6d5cc53211af2cfa49e8c63d15287be1b0acc6506fe46b06babaa5a8701aa697b36d8b89f768aeb922842bb282756625417f6f

Download Submit
C:\Windows\system\rTdLcFe.exe

Filesize
6.0MB

MD5
376e7ceb68202cb877ae115e09694277

SHA1
b42da879d1cab944e89af9265851ea60b05d1dad

SHA256
caf8962600caee8ad2e03c3d6e3a33418de6ede822ef9bb1c347f4630dbb80f6

SHA512
a2922a0b67ed91732fc4b7653fcfa50acb45c511ce3031afbbbe509f3e3e377f97ab3f954d732cf28b599389bf879f2090c7d592dc7e8d86d85cb7205a9cf016

Download Submit
C:\Windows\system\uNfrLKi.exe

Filesize
6.0MB

MD5
13450322ad67055e1314a03d699011c3

SHA1
9a639c04f3201ab68ea3c410b3d344dc74e2e374

SHA256
d0c077531a9cf23108ce0a1fb29bd927370650994f639ff8bc1e4eba01bf407c

SHA512
f10fdb1005f30bd46ca55ff14dfde56c17158813fa2948b466b1ec63ee1eb16d62b822815aa8dea9bb5e9d92af812769aed94974d98e0ee61dfb95cf8842b177

Download Submit
C:\Windows\system\vFBYwLj.exe

Filesize
6.0MB

MD5
b4e072458d8644bf7a95952da7453b6d

SHA1
64ba9621164a96f6e628429c75c2a39930e0f66b

SHA256
b910e0113b8aac83b080a9959583f3ee022c31a8587ee3b665533db2667a4a00

SHA512
716e5f1eb23e49f3848d5a5374f13c02ce2c42ab94a4626366ca84ee4e4b96cb1b4d2adf9cfe04b9dad042cea6f38813c931bc6d4b04a0d66fc568bdf99d9d9a

Download Submit
C:\Windows\system\wpDqQVa.exe

Filesize
6.0MB

MD5
b0e7a927681bc713a355ced0fe70c28b

SHA1
66b6723fc0d2019e71ff45776ec6e97090fee85f

SHA256
68838aee0aced548d95626fe99de30f7be446298ab8aeebe71fa223ba5616bcf

SHA512
bc2a2f5ce15d509edbf028132a71acbcaceb1748bfea566b0cb5697ce77a828ef517b4a177ad3f8a9e516f70da975322edbe4da105f484aa2a6ac79a1d51296f

Download Submit
C:\Windows\system\xEDWPJo.exe

Filesize
6.0MB

MD5
42b1ba5f8dad9788435dd5eba93df1ba

SHA1
f2692f19d99ce3cf9cd0669b3e600761ad43a178

SHA256
0ca4fad6774d07493bfae75b4679151567f8787067f3f4a858545a7df6c8acee

SHA512
b9c488c8672b2c61dbc1e79c6de5a72662d45347de200c8aeac7fbcfdf8a316d5de409b33eadebd662f05483a46f5774c4ba3955dbac87220bb1f57b8be4df16

Download Submit
\Windows\system\YTRfSXW.exe

Filesize
6.0MB

MD5
648c8f72ddbe376ab8d9706d57c2ab86

SHA1
ae50feb8b0cea2433e7096cd1dc0ddfee7ba2fb2

SHA256
7edfbdeebd37050a7a66cf602928301ceadbf12539c3daf424a11563fc16e10b

SHA512
7820ff2de4cb8febfb7ca7a867ae58129cfb56d5427331c81184dd7ea61f2fa764f248d81778cf95e45f01c02c3e4e420ec53133d798f4ec286e57a228c688ab

Download Submit
\Windows\system\qfuxyBI.exe

Filesize
6.0MB

MD5
0b078f041309fc64fba0077414e7edc2

SHA1
942c9fdae139438ec03b0c4f70e5be20038d238e

SHA256
047797e45a5b0e8cde01f1b612067c6413ea4ffddff7941dce59a7d3752d1520

SHA512
641711d3bfbcc70ed0a9a7064b0ca0c93a08ae4dce136f52d3999f621af9a82421cb03931a85d39a31716daaf1a72179675a56376b8bde7ed14749955bd82b18

Download Submit
\Windows\system\sPMlDvQ.exe

Filesize
6.0MB

MD5
3a6c9abb13d108dbc36b6896b458fec5

SHA1
4136de30731f63a1417df5ac4ff3d7b731aba8eb

SHA256
d4e38a3ce845965df47ec08109277c5f082926f2674e4def500cc844f3cd95c7

SHA512
8438695c365a4b3bda3ffb4f078be4f53d3c3355dc2cdf9d0e15c249e83e3d08fa0ebe4ab00d86b2c8a0ed54d2076bff2f10d51b7fa34e767af0d80214db4b77

Download Submit
\Windows\system\tZoxubD.exe

Filesize
6.0MB

MD5
c1cef6773939fc38436a4c70f3b53dd2

SHA1
74a4e94ef196ad2cd176d2f4380d2d4ad1b17f1f

SHA256
2e9220e21446b82127a57e993678ba16bf0a5abb24fda37093d3918ca6d4c889

SHA512
b062e3b5ae668f727f90d5bae353823bd81b20f98c3a385132dde3bdd4af0cb827def489527a381bf384c7e4676be93b105e413331076eded21258cddd89dd7c

Download Submit
memory/1372-102-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1372-1033-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1372-4027-0x000000013F610000-0x000000013F964000-memory.dmp

Filesize
3.3MB

Download
memory/1600-84-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-701-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1600-4025-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1916-4026-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1916-942-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/1916-94-0x000000013F9D0000-0x000000013FD24000-memory.dmp

Filesize
3.3MB

Download
memory/2324-92-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2324-4019-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2324-36-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2360-4016-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2360-83-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2360-18-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2444-79-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-60-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/2444-53-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-63-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2444-65-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-820-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-105-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2444-959-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-589-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-40-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-88-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-75-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2444-6-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-97-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-0-0x000000013F880000-0x000000013FBD4000-memory.dmp

Filesize
3.3MB

Download
memory/2444-16-0x000000013F330000-0x000000013F684000-memory.dmp

Filesize
3.3MB

Download
memory/2444-67-0x0000000002370000-0x00000000026C4000-memory.dmp

Filesize
3.3MB

Download
memory/2548-10-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2548-70-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2548-4015-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/2652-4024-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2652-374-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2652-73-0x000000013F720000-0x000000013FA74000-memory.dmp

Filesize
3.3MB

Download
memory/2776-4022-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2776-57-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2776-96-0x000000013F6F0000-0x000000013FA44000-memory.dmp

Filesize
3.3MB

Download
memory/2792-4028-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-76-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2792-510-0x000000013F460000-0x000000013F7B4000-memory.dmp

Filesize
3.3MB

Download
memory/2828-49-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2828-4021-0x000000013FEF0000-0x0000000140244000-memory.dmp

Filesize
3.3MB

Download
memory/2884-71-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2884-4023-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2980-4020-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/2980-64-0x000000013F120000-0x000000013F474000-memory.dmp

Filesize
3.3MB

Download
memory/3040-87-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3040-4017-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3040-22-0x000000013FA30000-0x000000013FD84000-memory.dmp

Filesize
3.3MB

Download
memory/3052-4018-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-91-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download
memory/3052-32-0x000000013F250000-0x000000013F5A4000-memory.dmp

Filesize
3.3MB

Download