cobaltstrike | ea287ab02983b299320468c0ed42f8814bbc48d69ec87ae23331d4b9bfbda134

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-01-2025 22:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

93d7e7776ff56776dd6c4666897805d1
SHA1

8a5c014324d48c051f75fbd0d7dbec2eb877922d
SHA256

ea287ab02983b299320468c0ed42f8814bbc48d69ec87ae23331d4b9bfbda134
SHA512

53fd5f2d84f8ff5cdabd8207196603340653da57ed72cfe7f8500b86235a6c8eec868a24dffe405ab6f03e33c3dfbb5317831896025b0930ee414984f92a8a57
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lU4:T+q56utgpPF8u/74

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000d000000012261-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016b17-10.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016bfc-16.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c81-26.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d11-41.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016d33-46.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf8-34.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016d46-53.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016652-65.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d4a-69.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193fa-79.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019408-85.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019494-97.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194da-121.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961b-175.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001961f-179.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019625-191.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000197c1-196.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019624-187.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019589-171.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001953a-161.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001957c-165.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019503-151.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019515-156.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019501-147.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f6-141.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194ea-131.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194f2-136.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194e2-126.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194b4-111.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194d4-116.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000194a7-104.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/2168-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/files/0x000d000000012261-3.dat	xmrig
behavioral1/files/0x0009000000016b17-10.dat	xmrig
behavioral1/memory/2092-15-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0008000000016bfc-16.dat	xmrig
behavioral1/files/0x0008000000016c81-26.dat	xmrig
behavioral1/memory/1804-30-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/memory/1884-21-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2168-19-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/1848-8-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/memory/2168-39-0x000000013F450000-0x000000013F7A4000-memory.dmp	xmrig
behavioral1/memory/2780-45-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	xmrig
behavioral1/memory/1792-42-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016d11-41.dat	xmrig
behavioral1/files/0x0007000000016d33-46.dat	xmrig
behavioral1/memory/2740-51-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/1848-47-0x000000013F1C0000-0x000000013F514000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf8-34.dat	xmrig
behavioral1/files/0x0009000000016d46-53.dat	xmrig
behavioral1/memory/2928-61-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/memory/1884-58-0x000000013FC80000-0x000000013FFD4000-memory.dmp	xmrig
behavioral1/memory/2092-57-0x000000013F910000-0x000000013FC64000-memory.dmp	xmrig
behavioral1/files/0x0009000000016652-65.dat	xmrig
behavioral1/memory/2768-68-0x000000013FA20000-0x000000013FD74000-memory.dmp	xmrig
behavioral1/files/0x0008000000016d4a-69.dat	xmrig
behavioral1/memory/2604-76-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000193fa-79.dat	xmrig
behavioral1/memory/3020-84-0x000000013F7B0000-0x000000013FB04000-memory.dmp	xmrig
behavioral1/memory/1804-72-0x000000013FDE0000-0x0000000140134000-memory.dmp	xmrig
behavioral1/files/0x0005000000019408-85.dat	xmrig
behavioral1/memory/2740-89-0x000000013FAC0000-0x000000013FE14000-memory.dmp	xmrig
behavioral1/memory/3028-90-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1664-98-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/files/0x0005000000019494-97.dat	xmrig
behavioral1/memory/2168-95-0x0000000002440000-0x0000000002794000-memory.dmp	xmrig
behavioral1/memory/2168-94-0x000000013F9C0000-0x000000013FD14000-memory.dmp	xmrig
behavioral1/files/0x00050000000194da-121.dat	xmrig
behavioral1/files/0x000500000001961b-175.dat	xmrig
behavioral1/files/0x000500000001961f-179.dat	xmrig
behavioral1/files/0x0005000000019625-191.dat	xmrig
behavioral1/memory/3028-696-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/2168-623-0x000000013FC40000-0x000000013FF94000-memory.dmp	xmrig
behavioral1/memory/1664-886-0x000000013F590000-0x000000013F8E4000-memory.dmp	xmrig
behavioral1/memory/880-1273-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/memory/2168-1520-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2604-272-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000197c1-196.dat	xmrig
behavioral1/files/0x0005000000019624-187.dat	xmrig
behavioral1/files/0x0005000000019589-171.dat	xmrig
behavioral1/files/0x000500000001953a-161.dat	xmrig
behavioral1/files/0x000500000001957c-165.dat	xmrig
behavioral1/files/0x0005000000019503-151.dat	xmrig
behavioral1/files/0x0005000000019515-156.dat	xmrig
behavioral1/files/0x0005000000019501-147.dat	xmrig
behavioral1/files/0x00050000000194f6-141.dat	xmrig
behavioral1/files/0x00050000000194ea-131.dat	xmrig
behavioral1/files/0x00050000000194f2-136.dat	xmrig
behavioral1/files/0x00050000000194e2-126.dat	xmrig
behavioral1/files/0x00050000000194b4-111.dat	xmrig
behavioral1/memory/2168-109-0x000000013FAF0000-0x000000013FE44000-memory.dmp	xmrig
behavioral1/memory/2168-108-0x000000013FF70000-0x00000001402C4000-memory.dmp	xmrig
behavioral1/files/0x00050000000194d4-116.dat	xmrig
behavioral1/memory/880-105-0x000000013FEB0000-0x0000000140204000-memory.dmp	xmrig
behavioral1/files/0x00050000000194a7-104.dat	xmrig

Executes dropped EXE 64 IoCs

pid	Process
1848	JYRhLKp.exe
2092	CvvlPdp.exe
1884	tCzoyuu.exe
1804	HtSpazv.exe
1792	VDdVaDJ.exe
2780	JgomPgK.exe
2740	NAHiEPZ.exe
2928	GHDyDux.exe
2768	gCVqINd.exe
2604	RgwMaTX.exe
3020	nfPcxOn.exe
3028	KjxJAcj.exe
1664	ngicFfW.exe
880	NvumRWT.exe
3036	FENArwJ.exe
2000	PjsSiNK.exe
2432	twpwfzo.exe
1312	kOiMSXV.exe
2908	WsgqPrK.exe
2904	GQiRAUp.exe
816	LpKRhoc.exe
1284	HjkdOTn.exe
288	qhleUSC.exe
2212	MWrVLuf.exe
1844	aiGWOtq.exe
2108	kneRyRs.exe
552	kbKAFxt.exe
2276	MhbViAX.exe
2196	KAJxuIg.exe
276	LqtYvIx.exe
2952	FebUCEf.exe
2188	OtdPcTi.exe
1140	dWwBgaR.exe
1632	lspzGIj.exe
1036	ekLCGum.exe
1800	xVHhlzp.exe
1748	rYwBSsw.exe
1740	JLkwwQN.exe
1708	jcYyVxM.exe
1732	MMjejMI.exe
944	xWzzYdw.exe
2272	qvQljkz.exe
3056	nWcsYBU.exe
1048	JbEzCCa.exe
2552	zYwPysh.exe
1056	ZRETsMP.exe
3060	yHPwFwE.exe
2124	uHRNJof.exe
2440	jxFVeTS.exe
888	oYjwsSe.exe
1044	rkxzZyD.exe
2536	eXEKJDa.exe
1616	qBeUoRS.exe
1720	FEoXrEg.exe
2316	yRUqbrA.exe
2220	QfkCfLi.exe
2144	UtRBiOl.exe
2116	BCCTOGm.exe
2848	QQwqHkk.exe
2876	EDuUgPn.exe
2652	jdGFXoj.exe
2140	OABUbCI.exe
1908	wHzWhVh.exe
2736	hXoQbai.exe

Loads dropped DLL 64 IoCs

pid	Process
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2168-0-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/files/0x000d000000012261-3.dat	upx
behavioral1/files/0x0009000000016b17-10.dat	upx
behavioral1/memory/2092-15-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0008000000016bfc-16.dat	upx
behavioral1/files/0x0008000000016c81-26.dat	upx
behavioral1/memory/1804-30-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/1884-21-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/1848-8-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/memory/2168-39-0x000000013F450000-0x000000013F7A4000-memory.dmp	upx
behavioral1/memory/2780-45-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/1792-42-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/files/0x0007000000016d11-41.dat	upx
behavioral1/files/0x0007000000016d33-46.dat	upx
behavioral1/memory/2740-51-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/1848-47-0x000000013F1C0000-0x000000013F514000-memory.dmp	upx
behavioral1/files/0x0007000000016cf8-34.dat	upx
behavioral1/files/0x0009000000016d46-53.dat	upx
behavioral1/memory/2928-61-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx
behavioral1/memory/1884-58-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/2092-57-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/files/0x0009000000016652-65.dat	upx
behavioral1/memory/2768-68-0x000000013FA20000-0x000000013FD74000-memory.dmp	upx
behavioral1/files/0x0008000000016d4a-69.dat	upx
behavioral1/memory/2604-76-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x00050000000193fa-79.dat	upx
behavioral1/memory/3020-84-0x000000013F7B0000-0x000000013FB04000-memory.dmp	upx
behavioral1/memory/1804-72-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/files/0x0005000000019408-85.dat	upx
behavioral1/memory/2740-89-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/3028-90-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1664-98-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/files/0x0005000000019494-97.dat	upx
behavioral1/files/0x00050000000194da-121.dat	upx
behavioral1/files/0x000500000001961b-175.dat	upx
behavioral1/files/0x000500000001961f-179.dat	upx
behavioral1/files/0x0005000000019625-191.dat	upx
behavioral1/memory/3028-696-0x000000013FC40000-0x000000013FF94000-memory.dmp	upx
behavioral1/memory/1664-886-0x000000013F590000-0x000000013F8E4000-memory.dmp	upx
behavioral1/memory/880-1273-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/memory/2604-272-0x000000013FF70000-0x00000001402C4000-memory.dmp	upx
behavioral1/files/0x00050000000197c1-196.dat	upx
behavioral1/files/0x0005000000019624-187.dat	upx
behavioral1/files/0x0005000000019589-171.dat	upx
behavioral1/files/0x000500000001953a-161.dat	upx
behavioral1/files/0x000500000001957c-165.dat	upx
behavioral1/files/0x0005000000019503-151.dat	upx
behavioral1/files/0x0005000000019515-156.dat	upx
behavioral1/files/0x0005000000019501-147.dat	upx
behavioral1/files/0x00050000000194f6-141.dat	upx
behavioral1/files/0x00050000000194ea-131.dat	upx
behavioral1/files/0x00050000000194f2-136.dat	upx
behavioral1/files/0x00050000000194e2-126.dat	upx
behavioral1/files/0x00050000000194b4-111.dat	upx
behavioral1/files/0x00050000000194d4-116.dat	upx
behavioral1/memory/880-105-0x000000013FEB0000-0x0000000140204000-memory.dmp	upx
behavioral1/files/0x00050000000194a7-104.dat	upx
behavioral1/memory/1884-4009-0x000000013FC80000-0x000000013FFD4000-memory.dmp	upx
behavioral1/memory/1804-4008-0x000000013FDE0000-0x0000000140134000-memory.dmp	upx
behavioral1/memory/2092-4007-0x000000013F910000-0x000000013FC64000-memory.dmp	upx
behavioral1/memory/2780-4011-0x000000013F0A0000-0x000000013F3F4000-memory.dmp	upx
behavioral1/memory/1792-4010-0x000000013F3A0000-0x000000013F6F4000-memory.dmp	upx
behavioral1/memory/2740-4012-0x000000013FAC0000-0x000000013FE14000-memory.dmp	upx
behavioral1/memory/2928-4013-0x000000013F9C0000-0x000000013FD14000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\xccPoSC.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DveypNc.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zSemPyQ.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VlEvHyj.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zDgjZjE.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZbEIPZe.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VwIPgHN.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BKEtjgV.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NtnKGlP.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\NvUaQDa.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\GkMFtvd.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\foEjEzm.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SHrrAkT.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\QfpkYKQ.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OhHLuqC.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jucAYxh.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cGZRtaD.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MuNswDI.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wtRhYob.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TgcMAsh.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\hlZmZro.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VagttuJ.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wjxomPc.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KmCFYzV.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TrqcwFd.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FawlcuN.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dOxyGKs.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oJyKHCt.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\UFPrHke.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\Hnheibw.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\urDLyoD.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZSpOnVJ.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cInJOGT.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vsKiAzK.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kPNbfdV.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\EqQOfme.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\VVreUkc.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\TvlPrrm.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wKOLmwg.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jCZntsT.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\frPrOms.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZRETsMP.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HAsoaGC.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ngJdarz.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HqpQTcq.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\llZUMTR.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FDXVpKY.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lSWWJLf.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XwbbpNO.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XbRxPeI.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\aomiMUG.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\swUSWlK.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oABYjyQ.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mjgvTcr.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGIDOVO.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\bHxLany.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DMsRdBo.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ehGWfuV.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZdvztLf.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LArsqia.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OUUXzjx.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JaKGjWs.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\qLpSTlB.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\omEAdUP.exe	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 1848	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2168 wrote to memory of 1848	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2168 wrote to memory of 1848	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 2168 wrote to memory of 2092	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2168 wrote to memory of 2092	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2168 wrote to memory of 2092	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 2168 wrote to memory of 1884	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2168 wrote to memory of 1884	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2168 wrote to memory of 1884	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 2168 wrote to memory of 1804	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2168 wrote to memory of 1804	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2168 wrote to memory of 1804	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 2168 wrote to memory of 1792	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2168 wrote to memory of 1792	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2168 wrote to memory of 1792	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 2168 wrote to memory of 2780	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2168 wrote to memory of 2780	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2168 wrote to memory of 2780	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 2168 wrote to memory of 2740	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2168 wrote to memory of 2740	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2168 wrote to memory of 2740	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 2168 wrote to memory of 2928	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2168 wrote to memory of 2928	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2168 wrote to memory of 2928	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 2168 wrote to memory of 2768	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2168 wrote to memory of 2768	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2168 wrote to memory of 2768	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 2168 wrote to memory of 2604	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2168 wrote to memory of 2604	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2168 wrote to memory of 2604	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 2168 wrote to memory of 3020	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2168 wrote to memory of 3020	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2168 wrote to memory of 3020	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 2168 wrote to memory of 3028	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2168 wrote to memory of 3028	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2168 wrote to memory of 3028	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 2168 wrote to memory of 1664	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2168 wrote to memory of 1664	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2168 wrote to memory of 1664	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 2168 wrote to memory of 880	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2168 wrote to memory of 880	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2168 wrote to memory of 880	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 2168 wrote to memory of 3036	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2168 wrote to memory of 3036	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2168 wrote to memory of 3036	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	45
PID 2168 wrote to memory of 2000	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2168 wrote to memory of 2000	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2168 wrote to memory of 2000	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 2168 wrote to memory of 2432	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2168 wrote to memory of 2432	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2168 wrote to memory of 2432	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 2168 wrote to memory of 1312	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2168 wrote to memory of 1312	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2168 wrote to memory of 1312	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 2168 wrote to memory of 2908	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2168 wrote to memory of 2908	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2168 wrote to memory of 2908	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 2168 wrote to memory of 2904	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2168 wrote to memory of 2904	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2168 wrote to memory of 2904	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 2168 wrote to memory of 816	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2168 wrote to memory of 816	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2168 wrote to memory of 816	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 2168 wrote to memory of 1284	2168	2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe	52

C:\Users\Admin\AppData\Local\Temp\2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-24_93d7e7776ff56776dd6c4666897805d1_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Windows\System\JYRhLKp.exe
  C:\Windows\System\JYRhLKp.exe
  2⤵
  - Executes dropped EXE
  PID:1848
- C:\Windows\System\CvvlPdp.exe
  C:\Windows\System\CvvlPdp.exe
  2⤵
  - Executes dropped EXE
  PID:2092
- C:\Windows\System\tCzoyuu.exe
  C:\Windows\System\tCzoyuu.exe
  2⤵
  - Executes dropped EXE
  PID:1884
- C:\Windows\System\HtSpazv.exe
  C:\Windows\System\HtSpazv.exe
  2⤵
  - Executes dropped EXE
  PID:1804
- C:\Windows\System\VDdVaDJ.exe
  C:\Windows\System\VDdVaDJ.exe
  2⤵
  - Executes dropped EXE
  PID:1792
- C:\Windows\System\JgomPgK.exe
  C:\Windows\System\JgomPgK.exe
  2⤵
  - Executes dropped EXE
  PID:2780
- C:\Windows\System\NAHiEPZ.exe
  C:\Windows\System\NAHiEPZ.exe
  2⤵
  - Executes dropped EXE
  PID:2740
- C:\Windows\System\GHDyDux.exe
  C:\Windows\System\GHDyDux.exe
  2⤵
  - Executes dropped EXE
  PID:2928
- C:\Windows\System\gCVqINd.exe
  C:\Windows\System\gCVqINd.exe
  2⤵
  - Executes dropped EXE
  PID:2768
- C:\Windows\System\RgwMaTX.exe
  C:\Windows\System\RgwMaTX.exe
  2⤵
  - Executes dropped EXE
  PID:2604
- C:\Windows\System\nfPcxOn.exe
  C:\Windows\System\nfPcxOn.exe
  2⤵
  - Executes dropped EXE
  PID:3020
- C:\Windows\System\KjxJAcj.exe
  C:\Windows\System\KjxJAcj.exe
  2⤵
  - Executes dropped EXE
  PID:3028
- C:\Windows\System\ngicFfW.exe
  C:\Windows\System\ngicFfW.exe
  2⤵
  - Executes dropped EXE
  PID:1664
- C:\Windows\System\NvumRWT.exe
  C:\Windows\System\NvumRWT.exe
  2⤵
  - Executes dropped EXE
  PID:880
- C:\Windows\System\FENArwJ.exe
  C:\Windows\System\FENArwJ.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\PjsSiNK.exe
  C:\Windows\System\PjsSiNK.exe
  2⤵
  - Executes dropped EXE
  PID:2000
- C:\Windows\System\twpwfzo.exe
  C:\Windows\System\twpwfzo.exe
  2⤵
  - Executes dropped EXE
  PID:2432
- C:\Windows\System\kOiMSXV.exe
  C:\Windows\System\kOiMSXV.exe
  2⤵
  - Executes dropped EXE
  PID:1312
- C:\Windows\System\WsgqPrK.exe
  C:\Windows\System\WsgqPrK.exe
  2⤵
  - Executes dropped EXE
  PID:2908
- C:\Windows\System\GQiRAUp.exe
  C:\Windows\System\GQiRAUp.exe
  2⤵
  - Executes dropped EXE
  PID:2904
- C:\Windows\System\LpKRhoc.exe
  C:\Windows\System\LpKRhoc.exe
  2⤵
  - Executes dropped EXE
  PID:816
- C:\Windows\System\HjkdOTn.exe
  C:\Windows\System\HjkdOTn.exe
  2⤵
  - Executes dropped EXE
  PID:1284
- C:\Windows\System\qhleUSC.exe
  C:\Windows\System\qhleUSC.exe
  2⤵
  - Executes dropped EXE
  PID:288
- C:\Windows\System\MWrVLuf.exe
  C:\Windows\System\MWrVLuf.exe
  2⤵
  - Executes dropped EXE
  PID:2212
- C:\Windows\System\aiGWOtq.exe
  C:\Windows\System\aiGWOtq.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\kneRyRs.exe
  C:\Windows\System\kneRyRs.exe
  2⤵
  - Executes dropped EXE
  PID:2108
- C:\Windows\System\kbKAFxt.exe
  C:\Windows\System\kbKAFxt.exe
  2⤵
  - Executes dropped EXE
  PID:552
- C:\Windows\System\MhbViAX.exe
  C:\Windows\System\MhbViAX.exe
  2⤵
  - Executes dropped EXE
  PID:2276
- C:\Windows\System\KAJxuIg.exe
  C:\Windows\System\KAJxuIg.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\LqtYvIx.exe
  C:\Windows\System\LqtYvIx.exe
  2⤵
  - Executes dropped EXE
  PID:276
- C:\Windows\System\FebUCEf.exe
  C:\Windows\System\FebUCEf.exe
  2⤵
  - Executes dropped EXE
  PID:2952
- C:\Windows\System\OtdPcTi.exe
  C:\Windows\System\OtdPcTi.exe
  2⤵
  - Executes dropped EXE
  PID:2188
- C:\Windows\System\dWwBgaR.exe
  C:\Windows\System\dWwBgaR.exe
  2⤵
  - Executes dropped EXE
  PID:1140
- C:\Windows\System\lspzGIj.exe
  C:\Windows\System\lspzGIj.exe
  2⤵
  - Executes dropped EXE
  PID:1632
- C:\Windows\System\ekLCGum.exe
  C:\Windows\System\ekLCGum.exe
  2⤵
  - Executes dropped EXE
  PID:1036
- C:\Windows\System\xVHhlzp.exe
  C:\Windows\System\xVHhlzp.exe
  2⤵
  - Executes dropped EXE
  PID:1800
- C:\Windows\System\rYwBSsw.exe
  C:\Windows\System\rYwBSsw.exe
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\System\JLkwwQN.exe
  C:\Windows\System\JLkwwQN.exe
  2⤵
  - Executes dropped EXE
  PID:1740
- C:\Windows\System\jcYyVxM.exe
  C:\Windows\System\jcYyVxM.exe
  2⤵
  - Executes dropped EXE
  PID:1708
- C:\Windows\System\MMjejMI.exe
  C:\Windows\System\MMjejMI.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\xWzzYdw.exe
  C:\Windows\System\xWzzYdw.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\qvQljkz.exe
  C:\Windows\System\qvQljkz.exe
  2⤵
  - Executes dropped EXE
  PID:2272
- C:\Windows\System\nWcsYBU.exe
  C:\Windows\System\nWcsYBU.exe
  2⤵
  - Executes dropped EXE
  PID:3056
- C:\Windows\System\JbEzCCa.exe
  C:\Windows\System\JbEzCCa.exe
  2⤵
  - Executes dropped EXE
  PID:1048
- C:\Windows\System\zYwPysh.exe
  C:\Windows\System\zYwPysh.exe
  2⤵
  - Executes dropped EXE
  PID:2552
- C:\Windows\System\ZRETsMP.exe
  C:\Windows\System\ZRETsMP.exe
  2⤵
  - Executes dropped EXE
  PID:1056
- C:\Windows\System\yHPwFwE.exe
  C:\Windows\System\yHPwFwE.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\uHRNJof.exe
  C:\Windows\System\uHRNJof.exe
  2⤵
  - Executes dropped EXE
  PID:2124
- C:\Windows\System\jxFVeTS.exe
  C:\Windows\System\jxFVeTS.exe
  2⤵
  - Executes dropped EXE
  PID:2440
- C:\Windows\System\oYjwsSe.exe
  C:\Windows\System\oYjwsSe.exe
  2⤵
  - Executes dropped EXE
  PID:888
- C:\Windows\System\eXEKJDa.exe
  C:\Windows\System\eXEKJDa.exe
  2⤵
  - Executes dropped EXE
  PID:2536
- C:\Windows\System\rkxzZyD.exe
  C:\Windows\System\rkxzZyD.exe
  2⤵
  - Executes dropped EXE
  PID:1044
- C:\Windows\System\qBeUoRS.exe
  C:\Windows\System\qBeUoRS.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\FEoXrEg.exe
  C:\Windows\System\FEoXrEg.exe
  2⤵
  - Executes dropped EXE
  PID:1720
- C:\Windows\System\yRUqbrA.exe
  C:\Windows\System\yRUqbrA.exe
  2⤵
  - Executes dropped EXE
  PID:2316
- C:\Windows\System\QfkCfLi.exe
  C:\Windows\System\QfkCfLi.exe
  2⤵
  - Executes dropped EXE
  PID:2220
- C:\Windows\System\UtRBiOl.exe
  C:\Windows\System\UtRBiOl.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\BCCTOGm.exe
  C:\Windows\System\BCCTOGm.exe
  2⤵
  - Executes dropped EXE
  PID:2116
- C:\Windows\System\QQwqHkk.exe
  C:\Windows\System\QQwqHkk.exe
  2⤵
  - Executes dropped EXE
  PID:2848
- C:\Windows\System\EDuUgPn.exe
  C:\Windows\System\EDuUgPn.exe
  2⤵
  - Executes dropped EXE
  PID:2876
- C:\Windows\System\jdGFXoj.exe
  C:\Windows\System\jdGFXoj.exe
  2⤵
  - Executes dropped EXE
  PID:2652
- C:\Windows\System\OABUbCI.exe
  C:\Windows\System\OABUbCI.exe
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Windows\System\wHzWhVh.exe
  C:\Windows\System\wHzWhVh.exe
  2⤵
  - Executes dropped EXE
  PID:1908
- C:\Windows\System\hXoQbai.exe
  C:\Windows\System\hXoQbai.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\yqubUHv.exe
  C:\Windows\System\yqubUHv.exe
  2⤵
  PID:1992
- C:\Windows\System\QwoVOSg.exe
  C:\Windows\System\QwoVOSg.exe
  2⤵
  PID:3000
- C:\Windows\System\jzBjsZm.exe
  C:\Windows\System\jzBjsZm.exe
  2⤵
  PID:2884
- C:\Windows\System\jbrVwNl.exe
  C:\Windows\System\jbrVwNl.exe
  2⤵
  PID:2896
- C:\Windows\System\DPvoyHq.exe
  C:\Windows\System\DPvoyHq.exe
  2⤵
  PID:1336
- C:\Windows\System\OLzAULl.exe
  C:\Windows\System\OLzAULl.exe
  2⤵
  PID:2280
- C:\Windows\System\ZQDkwoU.exe
  C:\Windows\System\ZQDkwoU.exe
  2⤵
  PID:824
- C:\Windows\System\gRGkWXp.exe
  C:\Windows\System\gRGkWXp.exe
  2⤵
  PID:1008
- C:\Windows\System\gVapcMM.exe
  C:\Windows\System\gVapcMM.exe
  2⤵
  PID:332
- C:\Windows\System\EkmdWFw.exe
  C:\Windows\System\EkmdWFw.exe
  2⤵
  PID:760
- C:\Windows\System\WjWSIXQ.exe
  C:\Windows\System\WjWSIXQ.exe
  2⤵
  PID:1816
- C:\Windows\System\kPNbfdV.exe
  C:\Windows\System\kPNbfdV.exe
  2⤵
  PID:1928
- C:\Windows\System\KTwRUMk.exe
  C:\Windows\System\KTwRUMk.exe
  2⤵
  PID:2044
- C:\Windows\System\vdzAjiK.exe
  C:\Windows\System\vdzAjiK.exe
  2⤵
  PID:2972
- C:\Windows\System\JCnlstz.exe
  C:\Windows\System\JCnlstz.exe
  2⤵
  PID:2980
- C:\Windows\System\tChYbKV.exe
  C:\Windows\System\tChYbKV.exe
  2⤵
  PID:1012
- C:\Windows\System\UNfmxbk.exe
  C:\Windows\System\UNfmxbk.exe
  2⤵
  PID:2428
- C:\Windows\System\pnDlPxp.exe
  C:\Windows\System\pnDlPxp.exe
  2⤵
  PID:2296
- C:\Windows\System\emLrXIc.exe
  C:\Windows\System\emLrXIc.exe
  2⤵
  PID:2504
- C:\Windows\System\afxuUHo.exe
  C:\Windows\System\afxuUHo.exe
  2⤵
  PID:2924
- C:\Windows\System\FnakmSJ.exe
  C:\Windows\System\FnakmSJ.exe
  2⤵
  PID:2992
- C:\Windows\System\yEGjHFQ.exe
  C:\Windows\System\yEGjHFQ.exe
  2⤵
  PID:1752
- C:\Windows\System\AUytSfA.exe
  C:\Windows\System\AUytSfA.exe
  2⤵
  PID:2400
- C:\Windows\System\zDgjZjE.exe
  C:\Windows\System\zDgjZjE.exe
  2⤵
  PID:1608
- C:\Windows\System\dkNefEp.exe
  C:\Windows\System\dkNefEp.exe
  2⤵
  PID:2012
- C:\Windows\System\ILwHSQr.exe
  C:\Windows\System\ILwHSQr.exe
  2⤵
  PID:2528
- C:\Windows\System\hEMjkvE.exe
  C:\Windows\System\hEMjkvE.exe
  2⤵
  PID:2344
- C:\Windows\System\ZwwUeyB.exe
  C:\Windows\System\ZwwUeyB.exe
  2⤵
  PID:2812
- C:\Windows\System\xmKSAFX.exe
  C:\Windows\System\xmKSAFX.exe
  2⤵
  PID:2476
- C:\Windows\System\EgLXmlT.exe
  C:\Windows\System\EgLXmlT.exe
  2⤵
  PID:2312
- C:\Windows\System\TfdGbIY.exe
  C:\Windows\System\TfdGbIY.exe
  2⤵
  PID:700
- C:\Windows\System\vDowbLm.exe
  C:\Windows\System\vDowbLm.exe
  2⤵
  PID:1852
- C:\Windows\System\Mozlwbq.exe
  C:\Windows\System\Mozlwbq.exe
  2⤵
  PID:1668
- C:\Windows\System\JfSSwjR.exe
  C:\Windows\System\JfSSwjR.exe
  2⤵
  PID:1296
- C:\Windows\System\nVFUEau.exe
  C:\Windows\System\nVFUEau.exe
  2⤵
  PID:2128
- C:\Windows\System\qvefBNK.exe
  C:\Windows\System\qvefBNK.exe
  2⤵
  PID:2252
- C:\Windows\System\iqMRPri.exe
  C:\Windows\System\iqMRPri.exe
  2⤵
  PID:2624
- C:\Windows\System\oxNYHov.exe
  C:\Windows\System\oxNYHov.exe
  2⤵
  PID:2824
- C:\Windows\System\eRggyIg.exe
  C:\Windows\System\eRggyIg.exe
  2⤵
  PID:2176
- C:\Windows\System\hOMbFKU.exe
  C:\Windows\System\hOMbFKU.exe
  2⤵
  PID:1376
- C:\Windows\System\oehOIvM.exe
  C:\Windows\System\oehOIvM.exe
  2⤵
  PID:1548
- C:\Windows\System\ednfcSm.exe
  C:\Windows\System\ednfcSm.exe
  2⤵
  PID:1760
- C:\Windows\System\HBgDFin.exe
  C:\Windows\System\HBgDFin.exe
  2⤵
  PID:2960
- C:\Windows\System\HAsoaGC.exe
  C:\Windows\System\HAsoaGC.exe
  2⤵
  PID:3064
- C:\Windows\System\sPVCBmr.exe
  C:\Windows\System\sPVCBmr.exe
  2⤵
  PID:1512
- C:\Windows\System\ngJdarz.exe
  C:\Windows\System\ngJdarz.exe
  2⤵
  PID:1624
- C:\Windows\System\TtrzIhB.exe
  C:\Windows\System\TtrzIhB.exe
  2⤵
  PID:2548
- C:\Windows\System\RFPQsEJ.exe
  C:\Windows\System\RFPQsEJ.exe
  2⤵
  PID:2392
- C:\Windows\System\kBxtaDW.exe
  C:\Windows\System\kBxtaDW.exe
  2⤵
  PID:2832
- C:\Windows\System\AqOnZYS.exe
  C:\Windows\System\AqOnZYS.exe
  2⤵
  PID:2840
- C:\Windows\System\oxGSsZV.exe
  C:\Windows\System\oxGSsZV.exe
  2⤵
  PID:1864
- C:\Windows\System\cCRSjRE.exe
  C:\Windows\System\cCRSjRE.exe
  2⤵
  PID:316
- C:\Windows\System\swLcnrl.exe
  C:\Windows\System\swLcnrl.exe
  2⤵
  PID:320
- C:\Windows\System\uFNDDqY.exe
  C:\Windows\System\uFNDDqY.exe
  2⤵
  PID:1660
- C:\Windows\System\cGZRtaD.exe
  C:\Windows\System\cGZRtaD.exe
  2⤵
  PID:2180
- C:\Windows\System\FMFzwdj.exe
  C:\Windows\System\FMFzwdj.exe
  2⤵
  PID:2872
- C:\Windows\System\ycXcfrV.exe
  C:\Windows\System\ycXcfrV.exe
  2⤵
  PID:1972
- C:\Windows\System\WxqKLEf.exe
  C:\Windows\System\WxqKLEf.exe
  2⤵
  PID:1724
- C:\Windows\System\xXzuHRZ.exe
  C:\Windows\System\xXzuHRZ.exe
  2⤵
  PID:1516
- C:\Windows\System\QkTjJjq.exe
  C:\Windows\System\QkTjJjq.exe
  2⤵
  PID:2408
- C:\Windows\System\BLppdKJ.exe
  C:\Windows\System\BLppdKJ.exe
  2⤵
  PID:1588
- C:\Windows\System\bAzfrBP.exe
  C:\Windows\System\bAzfrBP.exe
  2⤵
  PID:2784
- C:\Windows\System\DnzVQFI.exe
  C:\Windows\System\DnzVQFI.exe
  2⤵
  PID:2764
- C:\Windows\System\fHwfMuA.exe
  C:\Windows\System\fHwfMuA.exe
  2⤵
  PID:2136
- C:\Windows\System\vjQtjFL.exe
  C:\Windows\System\vjQtjFL.exe
  2⤵
  PID:3068
- C:\Windows\System\mnUTUKP.exe
  C:\Windows\System\mnUTUKP.exe
  2⤵
  PID:2460
- C:\Windows\System\mguQaGh.exe
  C:\Windows\System\mguQaGh.exe
  2⤵
  PID:2720
- C:\Windows\System\GEMIqTJ.exe
  C:\Windows\System\GEMIqTJ.exe
  2⤵
  PID:1356
- C:\Windows\System\LSQoYRG.exe
  C:\Windows\System\LSQoYRG.exe
  2⤵
  PID:2816
- C:\Windows\System\GhdemOy.exe
  C:\Windows\System\GhdemOy.exe
  2⤵
  PID:2656
- C:\Windows\System\zLLXmdo.exe
  C:\Windows\System\zLLXmdo.exe
  2⤵
  PID:2592
- C:\Windows\System\QjmzUDd.exe
  C:\Windows\System\QjmzUDd.exe
  2⤵
  PID:2304
- C:\Windows\System\DCrHpQh.exe
  C:\Windows\System\DCrHpQh.exe
  2⤵
  PID:1492
- C:\Windows\System\EhXkJud.exe
  C:\Windows\System\EhXkJud.exe
  2⤵
  PID:2856
- C:\Windows\System\LQDmTrC.exe
  C:\Windows\System\LQDmTrC.exe
  2⤵
  PID:2700
- C:\Windows\System\tCRAjIy.exe
  C:\Windows\System\tCRAjIy.exe
  2⤵
  PID:2156
- C:\Windows\System\GdErjgZ.exe
  C:\Windows\System\GdErjgZ.exe
  2⤵
  PID:3080
- C:\Windows\System\VuYyOPL.exe
  C:\Windows\System\VuYyOPL.exe
  2⤵
  PID:3100
- C:\Windows\System\AvJuVWb.exe
  C:\Windows\System\AvJuVWb.exe
  2⤵
  PID:3124
- C:\Windows\System\QSskwSN.exe
  C:\Windows\System\QSskwSN.exe
  2⤵
  PID:3140
- C:\Windows\System\upwQRbH.exe
  C:\Windows\System\upwQRbH.exe
  2⤵
  PID:3160
- C:\Windows\System\UpdjYAx.exe
  C:\Windows\System\UpdjYAx.exe
  2⤵
  PID:3180
- C:\Windows\System\oYobtbL.exe
  C:\Windows\System\oYobtbL.exe
  2⤵
  PID:3204
- C:\Windows\System\QJXXAfY.exe
  C:\Windows\System\QJXXAfY.exe
  2⤵
  PID:3220
- C:\Windows\System\cdEUCXu.exe
  C:\Windows\System\cdEUCXu.exe
  2⤵
  PID:3240
- C:\Windows\System\gJZJtIg.exe
  C:\Windows\System\gJZJtIg.exe
  2⤵
  PID:3260
- C:\Windows\System\CfLRpYR.exe
  C:\Windows\System\CfLRpYR.exe
  2⤵
  PID:3284
- C:\Windows\System\Dkvmhmh.exe
  C:\Windows\System\Dkvmhmh.exe
  2⤵
  PID:3304
- C:\Windows\System\DNbtewq.exe
  C:\Windows\System\DNbtewq.exe
  2⤵
  PID:3324
- C:\Windows\System\xccPoSC.exe
  C:\Windows\System\xccPoSC.exe
  2⤵
  PID:3340
- C:\Windows\System\WhJMiDo.exe
  C:\Windows\System\WhJMiDo.exe
  2⤵
  PID:3360
- C:\Windows\System\BeSGHMF.exe
  C:\Windows\System\BeSGHMF.exe
  2⤵
  PID:3384
- C:\Windows\System\lQsFdcu.exe
  C:\Windows\System\lQsFdcu.exe
  2⤵
  PID:3404
- C:\Windows\System\FMCxCag.exe
  C:\Windows\System\FMCxCag.exe
  2⤵
  PID:3424
- C:\Windows\System\sGbXVhK.exe
  C:\Windows\System\sGbXVhK.exe
  2⤵
  PID:3444
- C:\Windows\System\BhJjlGl.exe
  C:\Windows\System\BhJjlGl.exe
  2⤵
  PID:3464
- C:\Windows\System\aszwide.exe
  C:\Windows\System\aszwide.exe
  2⤵
  PID:3484
- C:\Windows\System\aOETRZM.exe
  C:\Windows\System\aOETRZM.exe
  2⤵
  PID:3508
- C:\Windows\System\ResgFVh.exe
  C:\Windows\System\ResgFVh.exe
  2⤵
  PID:3528
- C:\Windows\System\SvsnWou.exe
  C:\Windows\System\SvsnWou.exe
  2⤵
  PID:3548
- C:\Windows\System\qctqPtx.exe
  C:\Windows\System\qctqPtx.exe
  2⤵
  PID:3568
- C:\Windows\System\huVrYvT.exe
  C:\Windows\System\huVrYvT.exe
  2⤵
  PID:3588
- C:\Windows\System\sRcDEDG.exe
  C:\Windows\System\sRcDEDG.exe
  2⤵
  PID:3604
- C:\Windows\System\UEYVCkw.exe
  C:\Windows\System\UEYVCkw.exe
  2⤵
  PID:3628
- C:\Windows\System\nIWMWlW.exe
  C:\Windows\System\nIWMWlW.exe
  2⤵
  PID:3648
- C:\Windows\System\XBFKJiR.exe
  C:\Windows\System\XBFKJiR.exe
  2⤵
  PID:3668
- C:\Windows\System\INablJX.exe
  C:\Windows\System\INablJX.exe
  2⤵
  PID:3688
- C:\Windows\System\nkgZmaz.exe
  C:\Windows\System\nkgZmaz.exe
  2⤵
  PID:3708
- C:\Windows\System\HiIvnHQ.exe
  C:\Windows\System\HiIvnHQ.exe
  2⤵
  PID:3728
- C:\Windows\System\IObSOul.exe
  C:\Windows\System\IObSOul.exe
  2⤵
  PID:3752
- C:\Windows\System\shnCcPM.exe
  C:\Windows\System\shnCcPM.exe
  2⤵
  PID:3772
- C:\Windows\System\MLLoyca.exe
  C:\Windows\System\MLLoyca.exe
  2⤵
  PID:3792
- C:\Windows\System\nItoIcI.exe
  C:\Windows\System\nItoIcI.exe
  2⤵
  PID:3812
- C:\Windows\System\hcTRZde.exe
  C:\Windows\System\hcTRZde.exe
  2⤵
  PID:3832
- C:\Windows\System\IcGZOGD.exe
  C:\Windows\System\IcGZOGD.exe
  2⤵
  PID:3852
- C:\Windows\System\gXmFbZw.exe
  C:\Windows\System\gXmFbZw.exe
  2⤵
  PID:3872
- C:\Windows\System\IdLUVDc.exe
  C:\Windows\System\IdLUVDc.exe
  2⤵
  PID:3892
- C:\Windows\System\xwGPghb.exe
  C:\Windows\System\xwGPghb.exe
  2⤵
  PID:3912
- C:\Windows\System\JCmwRCd.exe
  C:\Windows\System\JCmwRCd.exe
  2⤵
  PID:3932
- C:\Windows\System\AavhQif.exe
  C:\Windows\System\AavhQif.exe
  2⤵
  PID:3952
- C:\Windows\System\oCtYuuz.exe
  C:\Windows\System\oCtYuuz.exe
  2⤵
  PID:3972
- C:\Windows\System\oRrrfZc.exe
  C:\Windows\System\oRrrfZc.exe
  2⤵
  PID:3992
- C:\Windows\System\gjVbrhP.exe
  C:\Windows\System\gjVbrhP.exe
  2⤵
  PID:4012
- C:\Windows\System\DLANKgj.exe
  C:\Windows\System\DLANKgj.exe
  2⤵
  PID:4032
- C:\Windows\System\XVvKhnc.exe
  C:\Windows\System\XVvKhnc.exe
  2⤵
  PID:4052
- C:\Windows\System\idCNfId.exe
  C:\Windows\System\idCNfId.exe
  2⤵
  PID:4072
- C:\Windows\System\iyDTxCh.exe
  C:\Windows\System\iyDTxCh.exe
  2⤵
  PID:4092
- C:\Windows\System\aomiMUG.exe
  C:\Windows\System\aomiMUG.exe
  2⤵
  PID:1672
- C:\Windows\System\arJLkDN.exe
  C:\Windows\System\arJLkDN.exe
  2⤵
  PID:1408
- C:\Windows\System\piyKZpy.exe
  C:\Windows\System\piyKZpy.exe
  2⤵
  PID:3116
- C:\Windows\System\WSkbniV.exe
  C:\Windows\System\WSkbniV.exe
  2⤵
  PID:2600
- C:\Windows\System\IjcOFXU.exe
  C:\Windows\System\IjcOFXU.exe
  2⤵
  PID:3188
- C:\Windows\System\vbfvqTX.exe
  C:\Windows\System\vbfvqTX.exe
  2⤵
  PID:3096
- C:\Windows\System\FhEsRGB.exe
  C:\Windows\System\FhEsRGB.exe
  2⤵
  PID:3176
- C:\Windows\System\hYXEVjL.exe
  C:\Windows\System\hYXEVjL.exe
  2⤵
  PID:3212
- C:\Windows\System\JChIlNF.exe
  C:\Windows\System\JChIlNF.exe
  2⤵
  PID:3248
- C:\Windows\System\tVxVzVB.exe
  C:\Windows\System\tVxVzVB.exe
  2⤵
  PID:3292
- C:\Windows\System\tfiRrZu.exe
  C:\Windows\System\tfiRrZu.exe
  2⤵
  PID:3356
- C:\Windows\System\EuSXclz.exe
  C:\Windows\System\EuSXclz.exe
  2⤵
  PID:3372
- C:\Windows\System\xXNBHWd.exe
  C:\Windows\System\xXNBHWd.exe
  2⤵
  PID:3376
- C:\Windows\System\bVueEaj.exe
  C:\Windows\System\bVueEaj.exe
  2⤵
  PID:2668
- C:\Windows\System\eJtvewa.exe
  C:\Windows\System\eJtvewa.exe
  2⤵
  PID:3472
- C:\Windows\System\nKvLAQB.exe
  C:\Windows\System\nKvLAQB.exe
  2⤵
  PID:3524
- C:\Windows\System\lzdhvRl.exe
  C:\Windows\System\lzdhvRl.exe
  2⤵
  PID:3564
- C:\Windows\System\wnGhBkA.exe
  C:\Windows\System\wnGhBkA.exe
  2⤵
  PID:3596
- C:\Windows\System\fHtDbTI.exe
  C:\Windows\System\fHtDbTI.exe
  2⤵
  PID:3636
- C:\Windows\System\OIbEvdu.exe
  C:\Windows\System\OIbEvdu.exe
  2⤵
  PID:3624
- C:\Windows\System\iNiEePH.exe
  C:\Windows\System\iNiEePH.exe
  2⤵
  PID:3664
- C:\Windows\System\cYUZaPr.exe
  C:\Windows\System\cYUZaPr.exe
  2⤵
  PID:3716
- C:\Windows\System\dgHuwHF.exe
  C:\Windows\System\dgHuwHF.exe
  2⤵
  PID:3704
- C:\Windows\System\WUhDdeb.exe
  C:\Windows\System\WUhDdeb.exe
  2⤵
  PID:3768
- C:\Windows\System\wmdERcO.exe
  C:\Windows\System\wmdERcO.exe
  2⤵
  PID:3804
- C:\Windows\System\gklYJsc.exe
  C:\Windows\System\gklYJsc.exe
  2⤵
  PID:3820
- C:\Windows\System\EGzxKqF.exe
  C:\Windows\System\EGzxKqF.exe
  2⤵
  PID:3860
- C:\Windows\System\NTULzSP.exe
  C:\Windows\System\NTULzSP.exe
  2⤵
  PID:3928
- C:\Windows\System\QbLodTs.exe
  C:\Windows\System\QbLodTs.exe
  2⤵
  PID:3904
- C:\Windows\System\beFZJuQ.exe
  C:\Windows\System\beFZJuQ.exe
  2⤵
  PID:3964
- C:\Windows\System\ELQrTfn.exe
  C:\Windows\System\ELQrTfn.exe
  2⤵
  PID:4000
- C:\Windows\System\wYpbwSe.exe
  C:\Windows\System\wYpbwSe.exe
  2⤵
  PID:3988
- C:\Windows\System\hAgILTF.exe
  C:\Windows\System\hAgILTF.exe
  2⤵
  PID:4024
- C:\Windows\System\zrXkNvb.exe
  C:\Windows\System\zrXkNvb.exe
  2⤵
  PID:4060
- C:\Windows\System\oJVBSJn.exe
  C:\Windows\System\oJVBSJn.exe
  2⤵
  PID:1148
- C:\Windows\System\PZipSTB.exe
  C:\Windows\System\PZipSTB.exe
  2⤵
  PID:1352
- C:\Windows\System\SyzksnP.exe
  C:\Windows\System\SyzksnP.exe
  2⤵
  PID:2096
- C:\Windows\System\jjBNiiI.exe
  C:\Windows\System\jjBNiiI.exe
  2⤵
  PID:2680
- C:\Windows\System\qNKfBgV.exe
  C:\Windows\System\qNKfBgV.exe
  2⤵
  PID:3500
- C:\Windows\System\KcgEgXK.exe
  C:\Windows\System\KcgEgXK.exe
  2⤵
  PID:1764
- C:\Windows\System\zLOoXro.exe
  C:\Windows\System\zLOoXro.exe
  2⤵
  PID:2596
- C:\Windows\System\hhQWcge.exe
  C:\Windows\System\hhQWcge.exe
  2⤵
  PID:2836
- C:\Windows\System\wYRMUxo.exe
  C:\Windows\System\wYRMUxo.exe
  2⤵
  PID:3268
- C:\Windows\System\CNmhgmK.exe
  C:\Windows\System\CNmhgmK.exe
  2⤵
  PID:3368
- C:\Windows\System\zeIiPgT.exe
  C:\Windows\System\zeIiPgT.exe
  2⤵
  PID:3252
- C:\Windows\System\muexTHW.exe
  C:\Windows\System\muexTHW.exe
  2⤵
  PID:3348
- C:\Windows\System\BzgPyaZ.exe
  C:\Windows\System\BzgPyaZ.exe
  2⤵
  PID:3544
- C:\Windows\System\gIDYBGx.exe
  C:\Windows\System\gIDYBGx.exe
  2⤵
  PID:3556
- C:\Windows\System\JaKGjWs.exe
  C:\Windows\System\JaKGjWs.exe
  2⤵
  PID:3580
- C:\Windows\System\SiELjZr.exe
  C:\Windows\System\SiELjZr.exe
  2⤵
  PID:3760
- C:\Windows\System\vOrnhlF.exe
  C:\Windows\System\vOrnhlF.exe
  2⤵
  PID:3720
- C:\Windows\System\ZbEIPZe.exe
  C:\Windows\System\ZbEIPZe.exe
  2⤵
  PID:2660
- C:\Windows\System\nTvwLVa.exe
  C:\Windows\System\nTvwLVa.exe
  2⤵
  PID:3840
- C:\Windows\System\sCATKjD.exe
  C:\Windows\System\sCATKjD.exe
  2⤵
  PID:3888
- C:\Windows\System\bniyelg.exe
  C:\Windows\System\bniyelg.exe
  2⤵
  PID:3868
- C:\Windows\System\NZjbiaE.exe
  C:\Windows\System\NZjbiaE.exe
  2⤵
  PID:1796
- C:\Windows\System\khglAeQ.exe
  C:\Windows\System\khglAeQ.exe
  2⤵
  PID:4088
- C:\Windows\System\kvYXOwH.exe
  C:\Windows\System\kvYXOwH.exe
  2⤵
  PID:4044
- C:\Windows\System\DwLCyEB.exe
  C:\Windows\System\DwLCyEB.exe
  2⤵
  PID:3908
- C:\Windows\System\Hnheibw.exe
  C:\Windows\System\Hnheibw.exe
  2⤵
  PID:356
- C:\Windows\System\alFORFH.exe
  C:\Windows\System\alFORFH.exe
  2⤵
  PID:2800
- C:\Windows\System\jUHNhWH.exe
  C:\Windows\System\jUHNhWH.exe
  2⤵
  PID:3156
- C:\Windows\System\easHpkp.exe
  C:\Windows\System\easHpkp.exe
  2⤵
  PID:1068
- C:\Windows\System\PcDCCoN.exe
  C:\Windows\System\PcDCCoN.exe
  2⤵
  PID:3320
- C:\Windows\System\yZugXsL.exe
  C:\Windows\System\yZugXsL.exe
  2⤵
  PID:2216
- C:\Windows\System\RpTsBiq.exe
  C:\Windows\System\RpTsBiq.exe
  2⤵
  PID:1520
- C:\Windows\System\iqmQFHc.exe
  C:\Windows\System\iqmQFHc.exe
  2⤵
  PID:3540
- C:\Windows\System\sNxLOpN.exe
  C:\Windows\System\sNxLOpN.exe
  2⤵
  PID:3640
- C:\Windows\System\xpGxuiA.exe
  C:\Windows\System\xpGxuiA.exe
  2⤵
  PID:3844
- C:\Windows\System\lcgmbeM.exe
  C:\Windows\System\lcgmbeM.exe
  2⤵
  PID:3808
- C:\Windows\System\PEXJRHT.exe
  C:\Windows\System\PEXJRHT.exe
  2⤵
  PID:2692
- C:\Windows\System\WpjmlJF.exe
  C:\Windows\System\WpjmlJF.exe
  2⤵
  PID:2776
- C:\Windows\System\PxiyNSV.exe
  C:\Windows\System\PxiyNSV.exe
  2⤵
  PID:2688
- C:\Windows\System\XsOrKCu.exe
  C:\Windows\System\XsOrKCu.exe
  2⤵
  PID:3236
- C:\Windows\System\ABnnIcT.exe
  C:\Windows\System\ABnnIcT.exe
  2⤵
  PID:3392
- C:\Windows\System\jYLBEWV.exe
  C:\Windows\System\jYLBEWV.exe
  2⤵
  PID:3256
- C:\Windows\System\MSiFRCy.exe
  C:\Windows\System\MSiFRCy.exe
  2⤵
  PID:3456
- C:\Windows\System\JBzMJfN.exe
  C:\Windows\System\JBzMJfN.exe
  2⤵
  PID:4084
- C:\Windows\System\tDfQbaj.exe
  C:\Windows\System\tDfQbaj.exe
  2⤵
  PID:3788
- C:\Windows\System\sEdTIrV.exe
  C:\Windows\System\sEdTIrV.exe
  2⤵
  PID:3676
- C:\Windows\System\qItwiOo.exe
  C:\Windows\System\qItwiOo.exe
  2⤵
  PID:4004
- C:\Windows\System\skAOvuH.exe
  C:\Windows\System\skAOvuH.exe
  2⤵
  PID:3944
- C:\Windows\System\gOAlGkM.exe
  C:\Windows\System\gOAlGkM.exe
  2⤵
  PID:3440
- C:\Windows\System\qLpSTlB.exe
  C:\Windows\System\qLpSTlB.exe
  2⤵
  PID:3088
- C:\Windows\System\PUxwJMY.exe
  C:\Windows\System\PUxwJMY.exe
  2⤵
  PID:4108
- C:\Windows\System\FDXVpKY.exe
  C:\Windows\System\FDXVpKY.exe
  2⤵
  PID:4128
- C:\Windows\System\NluTFPh.exe
  C:\Windows\System\NluTFPh.exe
  2⤵
  PID:4148
- C:\Windows\System\eUOyihs.exe
  C:\Windows\System\eUOyihs.exe
  2⤵
  PID:4172
- C:\Windows\System\ahMmwRD.exe
  C:\Windows\System\ahMmwRD.exe
  2⤵
  PID:4188
- C:\Windows\System\IaMvxKR.exe
  C:\Windows\System\IaMvxKR.exe
  2⤵
  PID:4204
- C:\Windows\System\UsrZvpY.exe
  C:\Windows\System\UsrZvpY.exe
  2⤵
  PID:4220
- C:\Windows\System\JWkvfcr.exe
  C:\Windows\System\JWkvfcr.exe
  2⤵
  PID:4284
- C:\Windows\System\KOwBlDI.exe
  C:\Windows\System\KOwBlDI.exe
  2⤵
  PID:4300
- C:\Windows\System\VpUapCH.exe
  C:\Windows\System\VpUapCH.exe
  2⤵
  PID:4316
- C:\Windows\System\nVvBueD.exe
  C:\Windows\System\nVvBueD.exe
  2⤵
  PID:4332
- C:\Windows\System\Htzjwoh.exe
  C:\Windows\System\Htzjwoh.exe
  2⤵
  PID:4356
- C:\Windows\System\yDZmPDd.exe
  C:\Windows\System\yDZmPDd.exe
  2⤵
  PID:4372
- C:\Windows\System\IBbuYKi.exe
  C:\Windows\System\IBbuYKi.exe
  2⤵
  PID:4388
- C:\Windows\System\fRBVlcu.exe
  C:\Windows\System\fRBVlcu.exe
  2⤵
  PID:4424
- C:\Windows\System\TIGkljR.exe
  C:\Windows\System\TIGkljR.exe
  2⤵
  PID:4440
- C:\Windows\System\dXDYvnb.exe
  C:\Windows\System\dXDYvnb.exe
  2⤵
  PID:4456
- C:\Windows\System\VfveJpj.exe
  C:\Windows\System\VfveJpj.exe
  2⤵
  PID:4472
- C:\Windows\System\uwXqQZK.exe
  C:\Windows\System\uwXqQZK.exe
  2⤵
  PID:4488
- C:\Windows\System\uKRmsUk.exe
  C:\Windows\System\uKRmsUk.exe
  2⤵
  PID:4508
- C:\Windows\System\gvOivuo.exe
  C:\Windows\System\gvOivuo.exe
  2⤵
  PID:4524
- C:\Windows\System\qhxYMDJ.exe
  C:\Windows\System\qhxYMDJ.exe
  2⤵
  PID:4540
- C:\Windows\System\zJovPyb.exe
  C:\Windows\System\zJovPyb.exe
  2⤵
  PID:4556
- C:\Windows\System\mtYEyrm.exe
  C:\Windows\System\mtYEyrm.exe
  2⤵
  PID:4584
- C:\Windows\System\ObJCWFh.exe
  C:\Windows\System\ObJCWFh.exe
  2⤵
  PID:4600
- C:\Windows\System\zSJtgZs.exe
  C:\Windows\System\zSJtgZs.exe
  2⤵
  PID:4636
- C:\Windows\System\oCWgouU.exe
  C:\Windows\System\oCWgouU.exe
  2⤵
  PID:4652
- C:\Windows\System\bZfqQxg.exe
  C:\Windows\System\bZfqQxg.exe
  2⤵
  PID:4668
- C:\Windows\System\TqPGsWy.exe
  C:\Windows\System\TqPGsWy.exe
  2⤵
  PID:4692
- C:\Windows\System\pGgufUl.exe
  C:\Windows\System\pGgufUl.exe
  2⤵
  PID:4716
- C:\Windows\System\HqpQTcq.exe
  C:\Windows\System\HqpQTcq.exe
  2⤵
  PID:4732
- C:\Windows\System\TztqPzp.exe
  C:\Windows\System\TztqPzp.exe
  2⤵
  PID:4748
- C:\Windows\System\qddWQOu.exe
  C:\Windows\System\qddWQOu.exe
  2⤵
  PID:4764
- C:\Windows\System\CfYzSMa.exe
  C:\Windows\System\CfYzSMa.exe
  2⤵
  PID:4804
- C:\Windows\System\hXzxdpe.exe
  C:\Windows\System\hXzxdpe.exe
  2⤵
  PID:4820
- C:\Windows\System\oCdBUDu.exe
  C:\Windows\System\oCdBUDu.exe
  2⤵
  PID:4836
- C:\Windows\System\onyTiQm.exe
  C:\Windows\System\onyTiQm.exe
  2⤵
  PID:4852
- C:\Windows\System\EuOdrcN.exe
  C:\Windows\System\EuOdrcN.exe
  2⤵
  PID:4872
- C:\Windows\System\ThRiNOy.exe
  C:\Windows\System\ThRiNOy.exe
  2⤵
  PID:4900
- C:\Windows\System\IwvrYQW.exe
  C:\Windows\System\IwvrYQW.exe
  2⤵
  PID:4920
- C:\Windows\System\gCPkBTd.exe
  C:\Windows\System\gCPkBTd.exe
  2⤵
  PID:4936
- C:\Windows\System\kLtZwEa.exe
  C:\Windows\System\kLtZwEa.exe
  2⤵
  PID:4952
- C:\Windows\System\UYzNgMv.exe
  C:\Windows\System\UYzNgMv.exe
  2⤵
  PID:4972
- C:\Windows\System\oALkhGr.exe
  C:\Windows\System\oALkhGr.exe
  2⤵
  PID:4996
- C:\Windows\System\LjgzdLN.exe
  C:\Windows\System\LjgzdLN.exe
  2⤵
  PID:5016
- C:\Windows\System\fOpgrpE.exe
  C:\Windows\System\fOpgrpE.exe
  2⤵
  PID:5032
- C:\Windows\System\cSBOIXI.exe
  C:\Windows\System\cSBOIXI.exe
  2⤵
  PID:5052
- C:\Windows\System\GkMFtvd.exe
  C:\Windows\System\GkMFtvd.exe
  2⤵
  PID:5068
- C:\Windows\System\BKXGomz.exe
  C:\Windows\System\BKXGomz.exe
  2⤵
  PID:5084
- C:\Windows\System\UmncLha.exe
  C:\Windows\System\UmncLha.exe
  2⤵
  PID:5108
- C:\Windows\System\tNyZSBq.exe
  C:\Windows\System\tNyZSBq.exe
  2⤵
  PID:4080
- C:\Windows\System\yfMHCws.exe
  C:\Windows\System\yfMHCws.exe
  2⤵
  PID:3736
- C:\Windows\System\CJaigqR.exe
  C:\Windows\System\CJaigqR.exe
  2⤵
  PID:3800
- C:\Windows\System\jVolunC.exe
  C:\Windows\System\jVolunC.exe
  2⤵
  PID:4164
- C:\Windows\System\vwzjlYJ.exe
  C:\Windows\System\vwzjlYJ.exe
  2⤵
  PID:4228
- C:\Windows\System\frCyQxz.exe
  C:\Windows\System\frCyQxz.exe
  2⤵
  PID:4248
- C:\Windows\System\TNOmlux.exe
  C:\Windows\System\TNOmlux.exe
  2⤵
  PID:2880
- C:\Windows\System\gZpDweD.exe
  C:\Windows\System\gZpDweD.exe
  2⤵
  PID:1888
- C:\Windows\System\EkNQRJn.exe
  C:\Windows\System\EkNQRJn.exe
  2⤵
  PID:4144
- C:\Windows\System\NFfnFLT.exe
  C:\Windows\System\NFfnFLT.exe
  2⤵
  PID:4136
- C:\Windows\System\cCrRwWQ.exe
  C:\Windows\System\cCrRwWQ.exe
  2⤵
  PID:4216
- C:\Windows\System\MPCrplI.exe
  C:\Windows\System\MPCrplI.exe
  2⤵
  PID:4308
- C:\Windows\System\SylEUkV.exe
  C:\Windows\System\SylEUkV.exe
  2⤵
  PID:4352
- C:\Windows\System\mIkfbhM.exe
  C:\Windows\System\mIkfbhM.exe
  2⤵
  PID:4324
- C:\Windows\System\rlJcRtj.exe
  C:\Windows\System\rlJcRtj.exe
  2⤵
  PID:4396
- C:\Windows\System\vTLGaXp.exe
  C:\Windows\System\vTLGaXp.exe
  2⤵
  PID:4412
- C:\Windows\System\gBtQnvX.exe
  C:\Windows\System\gBtQnvX.exe
  2⤵
  PID:4500
- C:\Windows\System\omEAdUP.exe
  C:\Windows\System\omEAdUP.exe
  2⤵
  PID:4564
- C:\Windows\System\qkijCJM.exe
  C:\Windows\System\qkijCJM.exe
  2⤵
  PID:4580
- C:\Windows\System\szbpvrk.exe
  C:\Windows\System\szbpvrk.exe
  2⤵
  PID:4552
- C:\Windows\System\hPeCnKb.exe
  C:\Windows\System\hPeCnKb.exe
  2⤵
  PID:3108
- C:\Windows\System\OZXMHEb.exe
  C:\Windows\System\OZXMHEb.exe
  2⤵
  PID:4632
- C:\Windows\System\zsyihzD.exe
  C:\Windows\System\zsyihzD.exe
  2⤵
  PID:4704
- C:\Windows\System\xVJqDau.exe
  C:\Windows\System\xVJqDau.exe
  2⤵
  PID:4772
- C:\Windows\System\ctVmBYO.exe
  C:\Windows\System\ctVmBYO.exe
  2⤵
  PID:4680
- C:\Windows\System\aIFfVeu.exe
  C:\Windows\System\aIFfVeu.exe
  2⤵
  PID:4788
- C:\Windows\System\szQyDFF.exe
  C:\Windows\System\szQyDFF.exe
  2⤵
  PID:4756
- C:\Windows\System\PhXRRiw.exe
  C:\Windows\System\PhXRRiw.exe
  2⤵
  PID:4688
- C:\Windows\System\PuCTEJx.exe
  C:\Windows\System\PuCTEJx.exe
  2⤵
  PID:4860
- C:\Windows\System\gjQFkGR.exe
  C:\Windows\System\gjQFkGR.exe
  2⤵
  PID:4816
- C:\Windows\System\nruUUwA.exe
  C:\Windows\System\nruUUwA.exe
  2⤵
  PID:2088
- C:\Windows\System\FLbAynf.exe
  C:\Windows\System\FLbAynf.exe
  2⤵
  PID:4948
- C:\Windows\System\xMEkEuU.exe
  C:\Windows\System\xMEkEuU.exe
  2⤵
  PID:4892
- C:\Windows\System\dOxyGKs.exe
  C:\Windows\System\dOxyGKs.exe
  2⤵
  PID:4888
- C:\Windows\System\ZYwIRfg.exe
  C:\Windows\System\ZYwIRfg.exe
  2⤵
  PID:4968
- C:\Windows\System\CLHRBzF.exe
  C:\Windows\System\CLHRBzF.exe
  2⤵
  PID:4928
- C:\Windows\System\wCInhKD.exe
  C:\Windows\System\wCInhKD.exe
  2⤵
  PID:5096
- C:\Windows\System\CztFrGK.exe
  C:\Windows\System\CztFrGK.exe
  2⤵
  PID:1116
- C:\Windows\System\MHVyiQi.exe
  C:\Windows\System\MHVyiQi.exe
  2⤵
  PID:5076
- C:\Windows\System\xHbLDSG.exe
  C:\Windows\System\xHbLDSG.exe
  2⤵
  PID:3400
- C:\Windows\System\bcEMzrA.exe
  C:\Windows\System\bcEMzrA.exe
  2⤵
  PID:4236
- C:\Windows\System\dRsonVp.exe
  C:\Windows\System\dRsonVp.exe
  2⤵
  PID:528
- C:\Windows\System\CCdAXho.exe
  C:\Windows\System\CCdAXho.exe
  2⤵
  PID:4268
- C:\Windows\System\ihEZMiy.exe
  C:\Windows\System\ihEZMiy.exe
  2⤵
  PID:4404
- C:\Windows\System\HWBOlZG.exe
  C:\Windows\System\HWBOlZG.exe
  2⤵
  PID:4256
- C:\Windows\System\bwLlbzE.exe
  C:\Windows\System\bwLlbzE.exe
  2⤵
  PID:4532
- C:\Windows\System\PNGvvkc.exe
  C:\Windows\System\PNGvvkc.exe
  2⤵
  PID:4484
- C:\Windows\System\MmBNBJF.exe
  C:\Windows\System\MmBNBJF.exe
  2⤵
  PID:4620
- C:\Windows\System\NXIXVWL.exe
  C:\Windows\System\NXIXVWL.exe
  2⤵
  PID:1808
- C:\Windows\System\CZiLvoS.exe
  C:\Windows\System\CZiLvoS.exe
  2⤵
  PID:4364
- C:\Windows\System\ivXuMcT.exe
  C:\Windows\System\ivXuMcT.exe
  2⤵
  PID:4612
- C:\Windows\System\bYBXtkt.exe
  C:\Windows\System\bYBXtkt.exe
  2⤵
  PID:4708
- C:\Windows\System\ReIICjo.exe
  C:\Windows\System\ReIICjo.exe
  2⤵
  PID:4700
- C:\Windows\System\NqfqRwc.exe
  C:\Windows\System\NqfqRwc.exe
  2⤵
  PID:1272
- C:\Windows\System\kBkMOaM.exe
  C:\Windows\System\kBkMOaM.exe
  2⤵
  PID:4644
- C:\Windows\System\KvZDqQd.exe
  C:\Windows\System\KvZDqQd.exe
  2⤵
  PID:4984
- C:\Windows\System\dqmuYeb.exe
  C:\Windows\System\dqmuYeb.exe
  2⤵
  PID:5008
- C:\Windows\System\QjPJJRX.exe
  C:\Windows\System\QjPJJRX.exe
  2⤵
  PID:4912
- C:\Windows\System\CNoYuFz.exe
  C:\Windows\System\CNoYuFz.exe
  2⤵
  PID:4960
- C:\Windows\System\sdzxfdd.exe
  C:\Windows\System\sdzxfdd.exe
  2⤵
  PID:3824
- C:\Windows\System\uzZLiez.exe
  C:\Windows\System\uzZLiez.exe
  2⤵
  PID:5028
- C:\Windows\System\GQpokTR.exe
  C:\Windows\System\GQpokTR.exe
  2⤵
  PID:4244
- C:\Windows\System\FOkoLHb.exe
  C:\Windows\System\FOkoLHb.exe
  2⤵
  PID:4384
- C:\Windows\System\YhkzGSb.exe
  C:\Windows\System\YhkzGSb.exe
  2⤵
  PID:4616
- C:\Windows\System\hlZmZro.exe
  C:\Windows\System\hlZmZro.exe
  2⤵
  PID:3516
- C:\Windows\System\BZwMUUR.exe
  C:\Windows\System\BZwMUUR.exe
  2⤵
  PID:4344
- C:\Windows\System\KubYLlW.exe
  C:\Windows\System\KubYLlW.exe
  2⤵
  PID:4196
- C:\Windows\System\bQmusCz.exe
  C:\Windows\System\bQmusCz.exe
  2⤵
  PID:1676
- C:\Windows\System\gXYMsoa.exe
  C:\Windows\System\gXYMsoa.exe
  2⤵
  PID:4100
- C:\Windows\System\UvEfTQk.exe
  C:\Windows\System\UvEfTQk.exe
  2⤵
  PID:4520
- C:\Windows\System\EefdNLr.exe
  C:\Windows\System\EefdNLr.exe
  2⤵
  PID:4944
- C:\Windows\System\RPiznEp.exe
  C:\Windows\System\RPiznEp.exe
  2⤵
  PID:3120
- C:\Windows\System\OTjMBkw.exe
  C:\Windows\System\OTjMBkw.exe
  2⤵
  PID:5116
- C:\Windows\System\IFduzvn.exe
  C:\Windows\System\IFduzvn.exe
  2⤵
  PID:4536
- C:\Windows\System\MZSTVcQ.exe
  C:\Windows\System\MZSTVcQ.exe
  2⤵
  PID:4292
- C:\Windows\System\PtYPdEX.exe
  C:\Windows\System\PtYPdEX.exe
  2⤵
  PID:3900
- C:\Windows\System\VagttuJ.exe
  C:\Windows\System\VagttuJ.exe
  2⤵
  PID:3680
- C:\Windows\System\UdCRyef.exe
  C:\Windows\System\UdCRyef.exe
  2⤵
  PID:4516
- C:\Windows\System\uVcrqrh.exe
  C:\Windows\System\uVcrqrh.exe
  2⤵
  PID:4796
- C:\Windows\System\yoCQbyG.exe
  C:\Windows\System\yoCQbyG.exe
  2⤵
  PID:2676
- C:\Windows\System\mUgEVFH.exe
  C:\Windows\System\mUgEVFH.exe
  2⤵
  PID:2052
- C:\Windows\System\SnBlIwz.exe
  C:\Windows\System\SnBlIwz.exe
  2⤵
  PID:4932
- C:\Windows\System\eYKlnTK.exe
  C:\Windows\System\eYKlnTK.exe
  2⤵
  PID:4916
- C:\Windows\System\OCyHeuy.exe
  C:\Windows\System\OCyHeuy.exe
  2⤵
  PID:4848
- C:\Windows\System\PDPVaij.exe
  C:\Windows\System\PDPVaij.exe
  2⤵
  PID:1568
- C:\Windows\System\NlUkNXz.exe
  C:\Windows\System\NlUkNXz.exe
  2⤵
  PID:2192
- C:\Windows\System\TNjznwI.exe
  C:\Windows\System\TNjznwI.exe
  2⤵
  PID:5104
- C:\Windows\System\BOonFXZ.exe
  C:\Windows\System\BOonFXZ.exe
  2⤵
  PID:4724
- C:\Windows\System\FgQTWko.exe
  C:\Windows\System\FgQTWko.exe
  2⤵
  PID:4124
- C:\Windows\System\XOUOQOx.exe
  C:\Windows\System\XOUOQOx.exe
  2⤵
  PID:4740
- C:\Windows\System\CIhAiaV.exe
  C:\Windows\System\CIhAiaV.exe
  2⤵
  PID:4160
- C:\Windows\System\moDzHSA.exe
  C:\Windows\System\moDzHSA.exe
  2⤵
  PID:5124
- C:\Windows\System\xbhiOVc.exe
  C:\Windows\System\xbhiOVc.exe
  2⤵
  PID:5140
- C:\Windows\System\SzQHVjN.exe
  C:\Windows\System\SzQHVjN.exe
  2⤵
  PID:5176
- C:\Windows\System\TONftVk.exe
  C:\Windows\System\TONftVk.exe
  2⤵
  PID:5192
- C:\Windows\System\lkpcjLy.exe
  C:\Windows\System\lkpcjLy.exe
  2⤵
  PID:5208
- C:\Windows\System\TwVClJx.exe
  C:\Windows\System\TwVClJx.exe
  2⤵
  PID:5224
- C:\Windows\System\YkmDhMP.exe
  C:\Windows\System\YkmDhMP.exe
  2⤵
  PID:5268
- C:\Windows\System\gBtxfPB.exe
  C:\Windows\System\gBtxfPB.exe
  2⤵
  PID:5284
- C:\Windows\System\VENmXoU.exe
  C:\Windows\System\VENmXoU.exe
  2⤵
  PID:5300
- C:\Windows\System\dQWtyxe.exe
  C:\Windows\System\dQWtyxe.exe
  2⤵
  PID:5316
- C:\Windows\System\UVsEHnW.exe
  C:\Windows\System\UVsEHnW.exe
  2⤵
  PID:5336
- C:\Windows\System\RROyubs.exe
  C:\Windows\System\RROyubs.exe
  2⤵
  PID:5364
- C:\Windows\System\gNrHNNM.exe
  C:\Windows\System\gNrHNNM.exe
  2⤵
  PID:5388
- C:\Windows\System\QhWcjNb.exe
  C:\Windows\System\QhWcjNb.exe
  2⤵
  PID:5404
- C:\Windows\System\CQMdsJl.exe
  C:\Windows\System\CQMdsJl.exe
  2⤵
  PID:5420
- C:\Windows\System\Gbqeubu.exe
  C:\Windows\System\Gbqeubu.exe
  2⤵
  PID:5436
- C:\Windows\System\qmgXrWY.exe
  C:\Windows\System\qmgXrWY.exe
  2⤵
  PID:5452
- C:\Windows\System\ZeeNlBi.exe
  C:\Windows\System\ZeeNlBi.exe
  2⤵
  PID:5468
- C:\Windows\System\XFEOxCw.exe
  C:\Windows\System\XFEOxCw.exe
  2⤵
  PID:5484
- C:\Windows\System\otHVvPt.exe
  C:\Windows\System\otHVvPt.exe
  2⤵
  PID:5512
- C:\Windows\System\MlFYIUp.exe
  C:\Windows\System\MlFYIUp.exe
  2⤵
  PID:5528
- C:\Windows\System\lhRJrTr.exe
  C:\Windows\System\lhRJrTr.exe
  2⤵
  PID:5544
- C:\Windows\System\cPkkjbo.exe
  C:\Windows\System\cPkkjbo.exe
  2⤵
  PID:5580
- C:\Windows\System\iPiLMMA.exe
  C:\Windows\System\iPiLMMA.exe
  2⤵
  PID:5596
- C:\Windows\System\JlohAtf.exe
  C:\Windows\System\JlohAtf.exe
  2⤵
  PID:5612
- C:\Windows\System\LouonSx.exe
  C:\Windows\System\LouonSx.exe
  2⤵
  PID:5628
- C:\Windows\System\QQlytSC.exe
  C:\Windows\System\QQlytSC.exe
  2⤵
  PID:5656
- C:\Windows\System\QXypcJe.exe
  C:\Windows\System\QXypcJe.exe
  2⤵
  PID:5672
- C:\Windows\System\CATzbfc.exe
  C:\Windows\System\CATzbfc.exe
  2⤵
  PID:5696
- C:\Windows\System\BmVmaHR.exe
  C:\Windows\System\BmVmaHR.exe
  2⤵
  PID:5724
- C:\Windows\System\XwQKGwl.exe
  C:\Windows\System\XwQKGwl.exe
  2⤵
  PID:5740
- C:\Windows\System\RcHSyCB.exe
  C:\Windows\System\RcHSyCB.exe
  2⤵
  PID:5764
- C:\Windows\System\QzNVPhQ.exe
  C:\Windows\System\QzNVPhQ.exe
  2⤵
  PID:5780
- C:\Windows\System\KtLNHnK.exe
  C:\Windows\System\KtLNHnK.exe
  2⤵
  PID:5796
- C:\Windows\System\uIApVWt.exe
  C:\Windows\System\uIApVWt.exe
  2⤵
  PID:5812
- C:\Windows\System\jUORzJO.exe
  C:\Windows\System\jUORzJO.exe
  2⤵
  PID:5832
- C:\Windows\System\FsjoVGI.exe
  C:\Windows\System\FsjoVGI.exe
  2⤵
  PID:5852
- C:\Windows\System\NwoyNNj.exe
  C:\Windows\System\NwoyNNj.exe
  2⤵
  PID:5876
- C:\Windows\System\rclQocp.exe
  C:\Windows\System\rclQocp.exe
  2⤵
  PID:5892
- C:\Windows\System\YfGTgGK.exe
  C:\Windows\System\YfGTgGK.exe
  2⤵
  PID:5928
- C:\Windows\System\lWwOaBL.exe
  C:\Windows\System\lWwOaBL.exe
  2⤵
  PID:5948
- C:\Windows\System\iXbTCeY.exe
  C:\Windows\System\iXbTCeY.exe
  2⤵
  PID:5964
- C:\Windows\System\GXYHpYS.exe
  C:\Windows\System\GXYHpYS.exe
  2⤵
  PID:5980
- C:\Windows\System\NdLJOsS.exe
  C:\Windows\System\NdLJOsS.exe
  2⤵
  PID:5996
- C:\Windows\System\qVtlJNr.exe
  C:\Windows\System\qVtlJNr.exe
  2⤵
  PID:6012
- C:\Windows\System\AxVoVEs.exe
  C:\Windows\System\AxVoVEs.exe
  2⤵
  PID:6028
- C:\Windows\System\XXMlyjK.exe
  C:\Windows\System\XXMlyjK.exe
  2⤵
  PID:6044
- C:\Windows\System\pUEDBxJ.exe
  C:\Windows\System\pUEDBxJ.exe
  2⤵
  PID:6060
- C:\Windows\System\wKOLmwg.exe
  C:\Windows\System\wKOLmwg.exe
  2⤵
  PID:6076
- C:\Windows\System\qDpLRbd.exe
  C:\Windows\System\qDpLRbd.exe
  2⤵
  PID:6092
- C:\Windows\System\fmtYcfS.exe
  C:\Windows\System\fmtYcfS.exe
  2⤵
  PID:6112
- C:\Windows\System\wEEPsSg.exe
  C:\Windows\System\wEEPsSg.exe
  2⤵
  PID:6132
- C:\Windows\System\btPwHtI.exe
  C:\Windows\System\btPwHtI.exe
  2⤵
  PID:5048
- C:\Windows\System\XCwMNql.exe
  C:\Windows\System\XCwMNql.exe
  2⤵
  PID:712
- C:\Windows\System\THjrlku.exe
  C:\Windows\System\THjrlku.exe
  2⤵
  PID:5132
- C:\Windows\System\ktLlMXb.exe
  C:\Windows\System\ktLlMXb.exe
  2⤵
  PID:5152
- C:\Windows\System\gMdpJJB.exe
  C:\Windows\System\gMdpJJB.exe
  2⤵
  PID:5172
- C:\Windows\System\uTKlpNf.exe
  C:\Windows\System\uTKlpNf.exe
  2⤵
  PID:5244
- C:\Windows\System\oRYtTwX.exe
  C:\Windows\System\oRYtTwX.exe
  2⤵
  PID:5256
- C:\Windows\System\TcxbpaP.exe
  C:\Windows\System\TcxbpaP.exe
  2⤵
  PID:5296
- C:\Windows\System\DnadVQA.exe
  C:\Windows\System\DnadVQA.exe
  2⤵
  PID:5332
- C:\Windows\System\hNPcYsz.exe
  C:\Windows\System\hNPcYsz.exe
  2⤵
  PID:5220
- C:\Windows\System\YDuNDty.exe
  C:\Windows\System\YDuNDty.exe
  2⤵
  PID:5280
- C:\Windows\System\OhVHkiB.exe
  C:\Windows\System\OhVHkiB.exe
  2⤵
  PID:5376
- C:\Windows\System\XVfxDXh.exe
  C:\Windows\System\XVfxDXh.exe
  2⤵
  PID:5412
- C:\Windows\System\PFvjbkg.exe
  C:\Windows\System\PFvjbkg.exe
  2⤵
  PID:5448
- C:\Windows\System\VkynGrS.exe
  C:\Windows\System\VkynGrS.exe
  2⤵
  PID:5568
- C:\Windows\System\nblukzO.exe
  C:\Windows\System\nblukzO.exe
  2⤵
  PID:5552
- C:\Windows\System\DVWCHOe.exe
  C:\Windows\System\DVWCHOe.exe
  2⤵
  PID:2496
- C:\Windows\System\seGgfsH.exe
  C:\Windows\System\seGgfsH.exe
  2⤵
  PID:5460
- C:\Windows\System\yBXzhKr.exe
  C:\Windows\System\yBXzhKr.exe
  2⤵
  PID:5640
- C:\Windows\System\EaLToJZ.exe
  C:\Windows\System\EaLToJZ.exe
  2⤵
  PID:5680
- C:\Windows\System\UDnOCNx.exe
  C:\Windows\System\UDnOCNx.exe
  2⤵
  PID:5588
- C:\Windows\System\rmXhqKi.exe
  C:\Windows\System\rmXhqKi.exe
  2⤵
  PID:5732
- C:\Windows\System\arYEDXS.exe
  C:\Windows\System\arYEDXS.exe
  2⤵
  PID:5620
- C:\Windows\System\lKvxUrY.exe
  C:\Windows\System\lKvxUrY.exe
  2⤵
  PID:5848
- C:\Windows\System\gTIMjAe.exe
  C:\Windows\System\gTIMjAe.exe
  2⤵
  PID:5664
- C:\Windows\System\BcUHEnI.exe
  C:\Windows\System\BcUHEnI.exe
  2⤵
  PID:5820
- C:\Windows\System\LpZGumy.exe
  C:\Windows\System\LpZGumy.exe
  2⤵
  PID:5884
- C:\Windows\System\kMZfzvE.exe
  C:\Windows\System\kMZfzvE.exe
  2⤵
  PID:5788
- C:\Windows\System\eGVMCCw.exe
  C:\Windows\System\eGVMCCw.exe
  2⤵
  PID:5748
- C:\Windows\System\QPnHBXj.exe
  C:\Windows\System\QPnHBXj.exe
  2⤵
  PID:5912
- C:\Windows\System\RbigHwn.exe
  C:\Windows\System\RbigHwn.exe
  2⤵
  PID:5944
- C:\Windows\System\gLpZTez.exe
  C:\Windows\System\gLpZTez.exe
  2⤵
  PID:6008
- C:\Windows\System\VorVmZQ.exe
  C:\Windows\System\VorVmZQ.exe
  2⤵
  PID:6072
- C:\Windows\System\wWLDpCE.exe
  C:\Windows\System\wWLDpCE.exe
  2⤵
  PID:6108
- C:\Windows\System\YEuFkBA.exe
  C:\Windows\System\YEuFkBA.exe
  2⤵
  PID:2708
- C:\Windows\System\iUfOYqm.exe
  C:\Windows\System\iUfOYqm.exe
  2⤵
  PID:5956
- C:\Windows\System\SQnatGP.exe
  C:\Windows\System\SQnatGP.exe
  2⤵
  PID:6120
- C:\Windows\System\PDqFnob.exe
  C:\Windows\System\PDqFnob.exe
  2⤵
  PID:5324
- C:\Windows\System\MuNswDI.exe
  C:\Windows\System\MuNswDI.exe
  2⤵
  PID:5308
- C:\Windows\System\PwYtbNW.exe
  C:\Windows\System\PwYtbNW.exe
  2⤵
  PID:5432
- C:\Windows\System\OdgBThb.exe
  C:\Windows\System\OdgBThb.exe
  2⤵
  PID:5148
- C:\Windows\System\JtMHIed.exe
  C:\Windows\System\JtMHIed.exe
  2⤵
  PID:5988
- C:\Windows\System\JEwXstZ.exe
  C:\Windows\System\JEwXstZ.exe
  2⤵
  PID:5504
- C:\Windows\System\eELOOVA.exe
  C:\Windows\System\eELOOVA.exe
  2⤵
  PID:5540
- C:\Windows\System\nYAsxvR.exe
  C:\Windows\System\nYAsxvR.exe
  2⤵
  PID:5264
- C:\Windows\System\bLAhcTq.exe
  C:\Windows\System\bLAhcTq.exe
  2⤵
  PID:5624
- C:\Windows\System\outQxHy.exe
  C:\Windows\System\outQxHy.exe
  2⤵
  PID:5476
- C:\Windows\System\tszqUnf.exe
  C:\Windows\System\tszqUnf.exe
  2⤵
  PID:616
- C:\Windows\System\jjwSOcG.exe
  C:\Windows\System\jjwSOcG.exe
  2⤵
  PID:5348
- C:\Windows\System\vyXxJEl.exe
  C:\Windows\System\vyXxJEl.exe
  2⤵
  PID:5860
- C:\Windows\System\EDSAgVG.exe
  C:\Windows\System\EDSAgVG.exe
  2⤵
  PID:6040
- C:\Windows\System\qVckFJL.exe
  C:\Windows\System\qVckFJL.exe
  2⤵
  PID:4572
- C:\Windows\System\vfKrKwp.exe
  C:\Windows\System\vfKrKwp.exe
  2⤵
  PID:5360
- C:\Windows\System\ZohcQCl.exe
  C:\Windows\System\ZohcQCl.exe
  2⤵
  PID:6100
- C:\Windows\System\doRgCsd.exe
  C:\Windows\System\doRgCsd.exe
  2⤵
  PID:4340
- C:\Windows\System\ZXAIpqT.exe
  C:\Windows\System\ZXAIpqT.exe
  2⤵
  PID:5804
- C:\Windows\System\FDWpWpt.exe
  C:\Windows\System\FDWpWpt.exe
  2⤵
  PID:5872
- C:\Windows\System\wlvvzpi.exe
  C:\Windows\System\wlvvzpi.exe
  2⤵
  PID:4728
- C:\Windows\System\prugzdy.exe
  C:\Windows\System\prugzdy.exe
  2⤵
  PID:5328
- C:\Windows\System\vUgMstV.exe
  C:\Windows\System\vUgMstV.exe
  2⤵
  PID:5344
- C:\Windows\System\dusTkEw.exe
  C:\Windows\System\dusTkEw.exe
  2⤵
  PID:5400
- C:\Windows\System\foEjEzm.exe
  C:\Windows\System\foEjEzm.exe
  2⤵
  PID:5556
- C:\Windows\System\vsvdhyK.exe
  C:\Windows\System\vsvdhyK.exe
  2⤵
  PID:5828
- C:\Windows\System\GFLVEpa.exe
  C:\Windows\System\GFLVEpa.exe
  2⤵
  PID:5960
- C:\Windows\System\UrFmfyl.exe
  C:\Windows\System\UrFmfyl.exe
  2⤵
  PID:5188
- C:\Windows\System\oqDjWJe.exe
  C:\Windows\System\oqDjWJe.exe
  2⤵
  PID:6068
- C:\Windows\System\nRpkvyY.exe
  C:\Windows\System\nRpkvyY.exe
  2⤵
  PID:5536
- C:\Windows\System\XCAGTjZ.exe
  C:\Windows\System\XCAGTjZ.exe
  2⤵
  PID:5464
- C:\Windows\System\swUSWlK.exe
  C:\Windows\System\swUSWlK.exe
  2⤵
  PID:448
- C:\Windows\System\ikPXOWe.exe
  C:\Windows\System\ikPXOWe.exe
  2⤵
  PID:1320
- C:\Windows\System\YKBfwkP.exe
  C:\Windows\System\YKBfwkP.exe
  2⤵
  PID:2068
- C:\Windows\System\ZKzTBow.exe
  C:\Windows\System\ZKzTBow.exe
  2⤵
  PID:5756
- C:\Windows\System\qQJNhDU.exe
  C:\Windows\System\qQJNhDU.exe
  2⤵
  PID:5520
- C:\Windows\System\chWIbRo.exe
  C:\Windows\System\chWIbRo.exe
  2⤵
  PID:2232
- C:\Windows\System\EyZMUmp.exe
  C:\Windows\System\EyZMUmp.exe
  2⤵
  PID:3748
- C:\Windows\System\InqIBZh.exe
  C:\Windows\System\InqIBZh.exe
  2⤵
  PID:6024
- C:\Windows\System\gVXynwN.exe
  C:\Windows\System\gVXynwN.exe
  2⤵
  PID:1652
- C:\Windows\System\jInBPBb.exe
  C:\Windows\System\jInBPBb.exe
  2⤵
  PID:4048
- C:\Windows\System\ulOhOOm.exe
  C:\Windows\System\ulOhOOm.exe
  2⤵
  PID:5232
- C:\Windows\System\TzsJPdi.exe
  C:\Windows\System\TzsJPdi.exe
  2⤵
  PID:5904
- C:\Windows\System\qfYNiEJ.exe
  C:\Windows\System\qfYNiEJ.exe
  2⤵
  PID:4864
- C:\Windows\System\cLQJvfk.exe
  C:\Windows\System\cLQJvfk.exe
  2⤵
  PID:6164
- C:\Windows\System\nBbzqKC.exe
  C:\Windows\System\nBbzqKC.exe
  2⤵
  PID:6184
- C:\Windows\System\dlQbNaG.exe
  C:\Windows\System\dlQbNaG.exe
  2⤵
  PID:6200
- C:\Windows\System\dStXKHY.exe
  C:\Windows\System\dStXKHY.exe
  2⤵
  PID:6216
- C:\Windows\System\DFmThGq.exe
  C:\Windows\System\DFmThGq.exe
  2⤵
  PID:6256
- C:\Windows\System\miHKhuu.exe
  C:\Windows\System\miHKhuu.exe
  2⤵
  PID:6288
- C:\Windows\System\UOkcDPr.exe
  C:\Windows\System\UOkcDPr.exe
  2⤵
  PID:6312
- C:\Windows\System\pWgWLkN.exe
  C:\Windows\System\pWgWLkN.exe
  2⤵
  PID:6336
- C:\Windows\System\ZqWyuOr.exe
  C:\Windows\System\ZqWyuOr.exe
  2⤵
  PID:6360
- C:\Windows\System\yxRipYO.exe
  C:\Windows\System\yxRipYO.exe
  2⤵
  PID:6376
- C:\Windows\System\SGSZAvb.exe
  C:\Windows\System\SGSZAvb.exe
  2⤵
  PID:6392
- C:\Windows\System\wpNOPSH.exe
  C:\Windows\System\wpNOPSH.exe
  2⤵
  PID:6408
- C:\Windows\System\wtRhYob.exe
  C:\Windows\System\wtRhYob.exe
  2⤵
  PID:6448
- C:\Windows\System\PajkPAb.exe
  C:\Windows\System\PajkPAb.exe
  2⤵
  PID:6464
- C:\Windows\System\DveypNc.exe
  C:\Windows\System\DveypNc.exe
  2⤵
  PID:6480
- C:\Windows\System\TknzSKg.exe
  C:\Windows\System\TknzSKg.exe
  2⤵
  PID:6500
- C:\Windows\System\ONUgFkv.exe
  C:\Windows\System\ONUgFkv.exe
  2⤵
  PID:6520
- C:\Windows\System\EAkmClO.exe
  C:\Windows\System\EAkmClO.exe
  2⤵
  PID:6536
- C:\Windows\System\zSemPyQ.exe
  C:\Windows\System\zSemPyQ.exe
  2⤵
  PID:6560
- C:\Windows\System\CqmjWMO.exe
  C:\Windows\System\CqmjWMO.exe
  2⤵
  PID:6580
- C:\Windows\System\IyJESdx.exe
  C:\Windows\System\IyJESdx.exe
  2⤵
  PID:6600
- C:\Windows\System\hKzXuKW.exe
  C:\Windows\System\hKzXuKW.exe
  2⤵
  PID:6616
- C:\Windows\System\JjixTBs.exe
  C:\Windows\System\JjixTBs.exe
  2⤵
  PID:6632
- C:\Windows\System\wDGEHZP.exe
  C:\Windows\System\wDGEHZP.exe
  2⤵
  PID:6648
- C:\Windows\System\czzfvts.exe
  C:\Windows\System\czzfvts.exe
  2⤵
  PID:6664
- C:\Windows\System\jDpPnhr.exe
  C:\Windows\System\jDpPnhr.exe
  2⤵
  PID:6680
- C:\Windows\System\UwyAcaS.exe
  C:\Windows\System\UwyAcaS.exe
  2⤵
  PID:6724
- C:\Windows\System\GTarcwk.exe
  C:\Windows\System\GTarcwk.exe
  2⤵
  PID:6740
- C:\Windows\System\yCLKHaN.exe
  C:\Windows\System\yCLKHaN.exe
  2⤵
  PID:6756
- C:\Windows\System\fvdkhnS.exe
  C:\Windows\System\fvdkhnS.exe
  2⤵
  PID:6776
- C:\Windows\System\tsxeWGi.exe
  C:\Windows\System\tsxeWGi.exe
  2⤵
  PID:6796
- C:\Windows\System\bAkafFU.exe
  C:\Windows\System\bAkafFU.exe
  2⤵
  PID:6812
- C:\Windows\System\dqDAfsN.exe
  C:\Windows\System\dqDAfsN.exe
  2⤵
  PID:6832
- C:\Windows\System\pIbwubK.exe
  C:\Windows\System\pIbwubK.exe
  2⤵
  PID:6852
- C:\Windows\System\qQzDgXj.exe
  C:\Windows\System\qQzDgXj.exe
  2⤵
  PID:6872
- C:\Windows\System\cXQKLAB.exe
  C:\Windows\System\cXQKLAB.exe
  2⤵
  PID:6896
- C:\Windows\System\NxtKBJH.exe
  C:\Windows\System\NxtKBJH.exe
  2⤵
  PID:6912
- C:\Windows\System\NiZveWb.exe
  C:\Windows\System\NiZveWb.exe
  2⤵
  PID:6928
- C:\Windows\System\gEdaYVj.exe
  C:\Windows\System\gEdaYVj.exe
  2⤵
  PID:6944
- C:\Windows\System\VCRLuPA.exe
  C:\Windows\System\VCRLuPA.exe
  2⤵
  PID:6960
- C:\Windows\System\TxhaiKm.exe
  C:\Windows\System\TxhaiKm.exe
  2⤵
  PID:7008
- C:\Windows\System\yCNSoXZ.exe
  C:\Windows\System\yCNSoXZ.exe
  2⤵
  PID:7024
- C:\Windows\System\SIejbMd.exe
  C:\Windows\System\SIejbMd.exe
  2⤵
  PID:7040
- C:\Windows\System\ignKrNR.exe
  C:\Windows\System\ignKrNR.exe
  2⤵
  PID:7056
- C:\Windows\System\dqRFrRW.exe
  C:\Windows\System\dqRFrRW.exe
  2⤵
  PID:7076
- C:\Windows\System\xnjolbV.exe
  C:\Windows\System\xnjolbV.exe
  2⤵
  PID:7096
- C:\Windows\System\ulrgMBl.exe
  C:\Windows\System\ulrgMBl.exe
  2⤵
  PID:7116
- C:\Windows\System\bBepBhb.exe
  C:\Windows\System\bBepBhb.exe
  2⤵
  PID:7144
- C:\Windows\System\HYuiskY.exe
  C:\Windows\System\HYuiskY.exe
  2⤵
  PID:6020
- C:\Windows\System\LOjsWjj.exe
  C:\Windows\System\LOjsWjj.exe
  2⤵
  PID:5716
- C:\Windows\System\jkWVBJi.exe
  C:\Windows\System\jkWVBJi.exe
  2⤵
  PID:6088
- C:\Windows\System\IHXPMhG.exe
  C:\Windows\System\IHXPMhG.exe
  2⤵
  PID:3980
- C:\Windows\System\DpfXTiW.exe
  C:\Windows\System\DpfXTiW.exe
  2⤵
  PID:6212
- C:\Windows\System\qcwjEnL.exe
  C:\Windows\System\qcwjEnL.exe
  2⤵
  PID:6232
- C:\Windows\System\XDZqCWf.exe
  C:\Windows\System\XDZqCWf.exe
  2⤵
  PID:5900
- C:\Windows\System\SHrrAkT.exe
  C:\Windows\System\SHrrAkT.exe
  2⤵
  PID:6244
- C:\Windows\System\bMCAfWc.exe
  C:\Windows\System\bMCAfWc.exe
  2⤵
  PID:6268
- C:\Windows\System\aksminC.exe
  C:\Windows\System\aksminC.exe
  2⤵
  PID:6248
- C:\Windows\System\KKiGFGa.exe
  C:\Windows\System\KKiGFGa.exe
  2⤵
  PID:3232
- C:\Windows\System\wUcLUPH.exe
  C:\Windows\System\wUcLUPH.exe
  2⤵
  PID:6320
- C:\Windows\System\YDAGutP.exe
  C:\Windows\System\YDAGutP.exe
  2⤵
  PID:6372
- C:\Windows\System\DTtkJPP.exe
  C:\Windows\System\DTtkJPP.exe
  2⤵
  PID:6304
- C:\Windows\System\BuoHktU.exe
  C:\Windows\System\BuoHktU.exe
  2⤵
  PID:6352
- C:\Windows\System\WWtqogd.exe
  C:\Windows\System\WWtqogd.exe
  2⤵
  PID:6388
- C:\Windows\System\vydSvjj.exe
  C:\Windows\System\vydSvjj.exe
  2⤵
  PID:5092
- C:\Windows\System\HEdWQuj.exe
  C:\Windows\System\HEdWQuj.exe
  2⤵
  PID:6472
- C:\Windows\System\rYOcwOP.exe
  C:\Windows\System\rYOcwOP.exe
  2⤵
  PID:6552
- C:\Windows\System\eafmARV.exe
  C:\Windows\System\eafmARV.exe
  2⤵
  PID:6440
- C:\Windows\System\DsmefkS.exe
  C:\Windows\System\DsmefkS.exe
  2⤵
  PID:6656
- C:\Windows\System\fOsKHfX.exe
  C:\Windows\System\fOsKHfX.exe
  2⤵
  PID:6608
- C:\Windows\System\jspOcgI.exe
  C:\Windows\System\jspOcgI.exe
  2⤵
  PID:6732
- C:\Windows\System\XBGybwv.exe
  C:\Windows\System\XBGybwv.exe
  2⤵
  PID:6628
- C:\Windows\System\QSMpFhU.exe
  C:\Windows\System\QSMpFhU.exe
  2⤵
  PID:6660
- C:\Windows\System\tYOHpaI.exe
  C:\Windows\System\tYOHpaI.exe
  2⤵
  PID:6844
- C:\Windows\System\uxltgEx.exe
  C:\Windows\System\uxltgEx.exe
  2⤵
  PID:6704
- C:\Windows\System\WiaXxUn.exe
  C:\Windows\System\WiaXxUn.exe
  2⤵
  PID:6720
- C:\Windows\System\dHZaWXM.exe
  C:\Windows\System\dHZaWXM.exe
  2⤵
  PID:6788
- C:\Windows\System\vlGRnve.exe
  C:\Windows\System\vlGRnve.exe
  2⤵
  PID:6956
- C:\Windows\System\JHUKMRi.exe
  C:\Windows\System\JHUKMRi.exe
  2⤵
  PID:6968
- C:\Windows\System\TpNwmdI.exe
  C:\Windows\System\TpNwmdI.exe
  2⤵
  PID:6988
- C:\Windows\System\zDihhYx.exe
  C:\Windows\System\zDihhYx.exe
  2⤵
  PID:6940
- C:\Windows\System\LaOmqRC.exe
  C:\Windows\System\LaOmqRC.exe
  2⤵
  PID:6972
- C:\Windows\System\OMnYtqZ.exe
  C:\Windows\System\OMnYtqZ.exe
  2⤵
  PID:7072
- C:\Windows\System\OiyABDu.exe
  C:\Windows\System\OiyABDu.exe
  2⤵
  PID:7112
- C:\Windows\System\OBJkkAz.exe
  C:\Windows\System\OBJkkAz.exe
  2⤵
  PID:7164
- C:\Windows\System\bSsAUgt.exe
  C:\Windows\System\bSsAUgt.exe
  2⤵
  PID:5576
- C:\Windows\System\iNwIhPs.exe
  C:\Windows\System\iNwIhPs.exe
  2⤵
  PID:6180
- C:\Windows\System\eujchYW.exe
  C:\Windows\System\eujchYW.exe
  2⤵
  PID:6236
- C:\Windows\System\yDqiIgQ.exe
  C:\Windows\System\yDqiIgQ.exe
  2⤵
  PID:6004
- C:\Windows\System\rkCPkfT.exe
  C:\Windows\System\rkCPkfT.exe
  2⤵
  PID:6404
- C:\Windows\System\vVGvGLN.exe
  C:\Windows\System\vVGvGLN.exe
  2⤵
  PID:6332
- C:\Windows\System\XNtyoLF.exe
  C:\Windows\System\XNtyoLF.exe
  2⤵
  PID:6384
- C:\Windows\System\hWcdaLx.exe
  C:\Windows\System\hWcdaLx.exe
  2⤵
  PID:5708
- C:\Windows\System\XCqyHmf.exe
  C:\Windows\System\XCqyHmf.exe
  2⤵
  PID:6488
- C:\Windows\System\FFrydxc.exe
  C:\Windows\System\FFrydxc.exe
  2⤵
  PID:6428
- C:\Windows\System\LdmAOsJ.exe
  C:\Windows\System\LdmAOsJ.exe
  2⤵
  PID:6516
- C:\Windows\System\KcGDGBD.exe
  C:\Windows\System\KcGDGBD.exe
  2⤵
  PID:6672
- C:\Windows\System\EggvwJU.exe
  C:\Windows\System\EggvwJU.exe
  2⤵
  PID:6592
- C:\Windows\System\WHVTXsk.exe
  C:\Windows\System\WHVTXsk.exe
  2⤵
  PID:6840
- C:\Windows\System\Fdqqlhz.exe
  C:\Windows\System\Fdqqlhz.exe
  2⤵
  PID:6792
- C:\Windows\System\ibvKpzR.exe
  C:\Windows\System\ibvKpzR.exe
  2⤵
  PID:6888
- C:\Windows\System\fEHDhPx.exe
  C:\Windows\System\fEHDhPx.exe
  2⤵
  PID:6696
- C:\Windows\System\qoehJch.exe
  C:\Windows\System\qoehJch.exe
  2⤵
  PID:6828
- C:\Windows\System\lSWWJLf.exe
  C:\Windows\System\lSWWJLf.exe
  2⤵
  PID:6908
- C:\Windows\System\GCjohEA.exe
  C:\Windows\System\GCjohEA.exe
  2⤵
  PID:6904
- C:\Windows\System\ewUsDty.exe
  C:\Windows\System\ewUsDty.exe
  2⤵
  PID:6868
- C:\Windows\System\yFPQUQu.exe
  C:\Windows\System\yFPQUQu.exe
  2⤵
  PID:7032
- C:\Windows\System\NwJwTDF.exe
  C:\Windows\System\NwJwTDF.exe
  2⤵
  PID:7092
- C:\Windows\System\lBtcYSn.exe
  C:\Windows\System\lBtcYSn.exe
  2⤵
  PID:6224
- C:\Windows\System\TfhoFQh.exe
  C:\Windows\System\TfhoFQh.exe
  2⤵
  PID:6296
- C:\Windows\System\yoLKGKT.exe
  C:\Windows\System\yoLKGKT.exe
  2⤵
  PID:6492
- C:\Windows\System\fcmGiAN.exe
  C:\Windows\System\fcmGiAN.exe
  2⤵
  PID:6284
- C:\Windows\System\KmCFYzV.exe
  C:\Windows\System\KmCFYzV.exe
  2⤵
  PID:6420
- C:\Windows\System\lVtMCio.exe
  C:\Windows\System\lVtMCio.exe
  2⤵
  PID:6548
- C:\Windows\System\UmuqzFk.exe
  C:\Windows\System\UmuqzFk.exe
  2⤵
  PID:6892
- C:\Windows\System\TZazsCf.exe
  C:\Windows\System\TZazsCf.exe
  2⤵
  PID:6952
- C:\Windows\System\yHUASEu.exe
  C:\Windows\System\yHUASEu.exe
  2⤵
  PID:7108
- C:\Windows\System\JmKZLNk.exe
  C:\Windows\System\JmKZLNk.exe
  2⤵
  PID:2864
- C:\Windows\System\YiTuoaI.exe
  C:\Windows\System\YiTuoaI.exe
  2⤵
  PID:6424
- C:\Windows\System\rmWvGRf.exe
  C:\Windows\System\rmWvGRf.exe
  2⤵
  PID:7132
- C:\Windows\System\sOFbAwl.exe
  C:\Windows\System\sOFbAwl.exe
  2⤵
  PID:4800
- C:\Windows\System\oVvstpS.exe
  C:\Windows\System\oVvstpS.exe
  2⤵
  PID:6864
- C:\Windows\System\lBAmgFr.exe
  C:\Windows\System\lBAmgFr.exe
  2⤵
  PID:6880
- C:\Windows\System\DFUwbdc.exe
  C:\Windows\System\DFUwbdc.exe
  2⤵
  PID:5864
- C:\Windows\System\ebUDUwn.exe
  C:\Windows\System\ebUDUwn.exe
  2⤵
  PID:6984
- C:\Windows\System\GyRIvPv.exe
  C:\Windows\System\GyRIvPv.exe
  2⤵
  PID:7068
- C:\Windows\System\KbwRKcx.exe
  C:\Windows\System\KbwRKcx.exe
  2⤵
  PID:6808
- C:\Windows\System\XljEpHB.exe
  C:\Windows\System\XljEpHB.exe
  2⤵
  PID:6496
- C:\Windows\System\CUnPVwc.exe
  C:\Windows\System\CUnPVwc.exe
  2⤵
  PID:7004
- C:\Windows\System\ehGWfuV.exe
  C:\Windows\System\ehGWfuV.exe
  2⤵
  PID:2576
- C:\Windows\System\PPjPuIE.exe
  C:\Windows\System\PPjPuIE.exe
  2⤵
  PID:7152
- C:\Windows\System\liKGSYY.exe
  C:\Windows\System\liKGSYY.exe
  2⤵
  PID:5652
- C:\Windows\System\NZpWxqC.exe
  C:\Windows\System\NZpWxqC.exe
  2⤵
  PID:6152
- C:\Windows\System\tvnHUrr.exe
  C:\Windows\System\tvnHUrr.exe
  2⤵
  PID:7156
- C:\Windows\System\MoyUdhO.exe
  C:\Windows\System\MoyUdhO.exe
  2⤵
  PID:7184
- C:\Windows\System\PlfUKma.exe
  C:\Windows\System\PlfUKma.exe
  2⤵
  PID:7200
- C:\Windows\System\OlCvuxb.exe
  C:\Windows\System\OlCvuxb.exe
  2⤵
  PID:7216
- C:\Windows\System\LtzOWNw.exe
  C:\Windows\System\LtzOWNw.exe
  2⤵
  PID:7264
- C:\Windows\System\mUvHPQM.exe
  C:\Windows\System\mUvHPQM.exe
  2⤵
  PID:7280
- C:\Windows\System\DSKvvmO.exe
  C:\Windows\System\DSKvvmO.exe
  2⤵
  PID:7296
- C:\Windows\System\zyssjCp.exe
  C:\Windows\System\zyssjCp.exe
  2⤵
  PID:7312
- C:\Windows\System\gRXZKVi.exe
  C:\Windows\System\gRXZKVi.exe
  2⤵
  PID:7328
- C:\Windows\System\CNGmtOH.exe
  C:\Windows\System\CNGmtOH.exe
  2⤵
  PID:7344
- C:\Windows\System\bXtmRCU.exe
  C:\Windows\System\bXtmRCU.exe
  2⤵
  PID:7360
- C:\Windows\System\UITCjXs.exe
  C:\Windows\System\UITCjXs.exe
  2⤵
  PID:7380
- C:\Windows\System\tHceayR.exe
  C:\Windows\System\tHceayR.exe
  2⤵
  PID:7400
- C:\Windows\System\ZqqnXfn.exe
  C:\Windows\System\ZqqnXfn.exe
  2⤵
  PID:7416
- C:\Windows\System\kZdkhOJ.exe
  C:\Windows\System\kZdkhOJ.exe
  2⤵
  PID:7432
- C:\Windows\System\tybKlWt.exe
  C:\Windows\System\tybKlWt.exe
  2⤵
  PID:7448
- C:\Windows\System\qaDbURv.exe
  C:\Windows\System\qaDbURv.exe
  2⤵
  PID:7464
- C:\Windows\System\rZWvHMv.exe
  C:\Windows\System\rZWvHMv.exe
  2⤵
  PID:7524
- C:\Windows\System\GVRHjem.exe
  C:\Windows\System\GVRHjem.exe
  2⤵
  PID:7540
- C:\Windows\System\CBGCGND.exe
  C:\Windows\System\CBGCGND.exe
  2⤵
  PID:7556
- C:\Windows\System\XwbbpNO.exe
  C:\Windows\System\XwbbpNO.exe
  2⤵
  PID:7572
- C:\Windows\System\nThknCz.exe
  C:\Windows\System\nThknCz.exe
  2⤵
  PID:7588
- C:\Windows\System\EOvVRyQ.exe
  C:\Windows\System\EOvVRyQ.exe
  2⤵
  PID:7604
- C:\Windows\System\xmPdAPp.exe
  C:\Windows\System\xmPdAPp.exe
  2⤵
  PID:7624
- C:\Windows\System\ENeCdHc.exe
  C:\Windows\System\ENeCdHc.exe
  2⤵
  PID:7644
- C:\Windows\System\QmNGaND.exe
  C:\Windows\System\QmNGaND.exe
  2⤵
  PID:7664
- C:\Windows\System\xqFbBnL.exe
  C:\Windows\System\xqFbBnL.exe
  2⤵
  PID:7680
- C:\Windows\System\ityyaiP.exe
  C:\Windows\System\ityyaiP.exe
  2⤵
  PID:7696
- C:\Windows\System\DGNWIQg.exe
  C:\Windows\System\DGNWIQg.exe
  2⤵
  PID:7712
- C:\Windows\System\grtBNkR.exe
  C:\Windows\System\grtBNkR.exe
  2⤵
  PID:7732
- C:\Windows\System\AJJNcOb.exe
  C:\Windows\System\AJJNcOb.exe
  2⤵
  PID:7780
- C:\Windows\System\ZBHPoAn.exe
  C:\Windows\System\ZBHPoAn.exe
  2⤵
  PID:7796
- C:\Windows\System\JbUhQGk.exe
  C:\Windows\System\JbUhQGk.exe
  2⤵
  PID:7816
- C:\Windows\System\fqLWXgB.exe
  C:\Windows\System\fqLWXgB.exe
  2⤵
  PID:7832
- C:\Windows\System\rTVaAOd.exe
  C:\Windows\System\rTVaAOd.exe
  2⤵
  PID:7848
- C:\Windows\System\wjGeSSY.exe
  C:\Windows\System\wjGeSSY.exe
  2⤵
  PID:7864
- C:\Windows\System\uhnubgd.exe
  C:\Windows\System\uhnubgd.exe
  2⤵
  PID:7888
- C:\Windows\System\vbtKRsX.exe
  C:\Windows\System\vbtKRsX.exe
  2⤵
  PID:7904
- C:\Windows\System\zzcrdxv.exe
  C:\Windows\System\zzcrdxv.exe
  2⤵
  PID:7928
- C:\Windows\System\eEWtZGM.exe
  C:\Windows\System\eEWtZGM.exe
  2⤵
  PID:7944
- C:\Windows\System\CDNezjZ.exe
  C:\Windows\System\CDNezjZ.exe
  2⤵
  PID:7964
- C:\Windows\System\ZdvztLf.exe
  C:\Windows\System\ZdvztLf.exe
  2⤵
  PID:7980
- C:\Windows\System\EUXVTsz.exe
  C:\Windows\System\EUXVTsz.exe
  2⤵
  PID:8012
- C:\Windows\System\QKOvwoo.exe
  C:\Windows\System\QKOvwoo.exe
  2⤵
  PID:8028
- C:\Windows\System\ebXMDtU.exe
  C:\Windows\System\ebXMDtU.exe
  2⤵
  PID:8044
- C:\Windows\System\ypsswMK.exe
  C:\Windows\System\ypsswMK.exe
  2⤵
  PID:8064
- C:\Windows\System\RlOjIkP.exe
  C:\Windows\System\RlOjIkP.exe
  2⤵
  PID:8080
- C:\Windows\System\WCwbNJS.exe
  C:\Windows\System\WCwbNJS.exe
  2⤵
  PID:8096
- C:\Windows\System\ZBehpts.exe
  C:\Windows\System\ZBehpts.exe
  2⤵
  PID:8116
- C:\Windows\System\oABYjyQ.exe
  C:\Windows\System\oABYjyQ.exe
  2⤵
  PID:8136
- C:\Windows\System\adUUvUj.exe
  C:\Windows\System\adUUvUj.exe
  2⤵
  PID:8152
- C:\Windows\System\JKkSSHZ.exe
  C:\Windows\System\JKkSSHZ.exe
  2⤵
  PID:8168
- C:\Windows\System\BQqphvv.exe
  C:\Windows\System\BQqphvv.exe
  2⤵
  PID:6544
- C:\Windows\System\idYknkj.exe
  C:\Windows\System\idYknkj.exe
  2⤵
  PID:6264
- C:\Windows\System\lhJIbBm.exe
  C:\Windows\System\lhJIbBm.exe
  2⤵
  PID:7208
- C:\Windows\System\JPKzetj.exe
  C:\Windows\System\JPKzetj.exe
  2⤵
  PID:7240
- C:\Windows\System\GFEjVOc.exe
  C:\Windows\System\GFEjVOc.exe
  2⤵
  PID:7244
- C:\Windows\System\XvMKZpz.exe
  C:\Windows\System\XvMKZpz.exe
  2⤵
  PID:7256
- C:\Windows\System\JNcYpwJ.exe
  C:\Windows\System\JNcYpwJ.exe
  2⤵
  PID:7304
- C:\Windows\System\rhwfHqI.exe
  C:\Windows\System\rhwfHqI.exe
  2⤵
  PID:7320
- C:\Windows\System\sprAQnO.exe
  C:\Windows\System\sprAQnO.exe
  2⤵
  PID:7424
- C:\Windows\System\TrqcwFd.exe
  C:\Windows\System\TrqcwFd.exe
  2⤵
  PID:7356
- C:\Windows\System\AIQtSox.exe
  C:\Windows\System\AIQtSox.exe
  2⤵
  PID:7340
- C:\Windows\System\ENGBlxa.exe
  C:\Windows\System\ENGBlxa.exe
  2⤵
  PID:7408
- C:\Windows\System\AogKMGM.exe
  C:\Windows\System\AogKMGM.exe
  2⤵
  PID:7512
- C:\Windows\System\xQDSnAH.exe
  C:\Windows\System\xQDSnAH.exe
  2⤵
  PID:7516
- C:\Windows\System\XeRIUWx.exe
  C:\Windows\System\XeRIUWx.exe
  2⤵
  PID:7584
- C:\Windows\System\XbRxPeI.exe
  C:\Windows\System\XbRxPeI.exe
  2⤵
  PID:7652
- C:\Windows\System\AdceBUC.exe
  C:\Windows\System\AdceBUC.exe
  2⤵
  PID:7724
- C:\Windows\System\UlKaBzb.exe
  C:\Windows\System\UlKaBzb.exe
  2⤵
  PID:7564
- C:\Windows\System\DNbbfQv.exe
  C:\Windows\System\DNbbfQv.exe
  2⤵
  PID:7632
- C:\Windows\System\KuIMLTG.exe
  C:\Windows\System\KuIMLTG.exe
  2⤵
  PID:7672
- C:\Windows\System\WtPZkVu.exe
  C:\Windows\System\WtPZkVu.exe
  2⤵
  PID:7740
- C:\Windows\System\WhgtGsS.exe
  C:\Windows\System\WhgtGsS.exe
  2⤵
  PID:7756
- C:\Windows\System\gljtjao.exe
  C:\Windows\System\gljtjao.exe
  2⤵
  PID:7772
- C:\Windows\System\nXhmuou.exe
  C:\Windows\System\nXhmuou.exe
  2⤵
  PID:7804
- C:\Windows\System\qaeGADZ.exe
  C:\Windows\System\qaeGADZ.exe
  2⤵
  PID:7872
- C:\Windows\System\GOgEzcd.exe
  C:\Windows\System\GOgEzcd.exe
  2⤵
  PID:7856
- C:\Windows\System\CDhkFaS.exe
  C:\Windows\System\CDhkFaS.exe
  2⤵
  PID:7912
- C:\Windows\System\BrMGCyH.exe
  C:\Windows\System\BrMGCyH.exe
  2⤵
  PID:7952
- C:\Windows\System\XIXvQAS.exe
  C:\Windows\System\XIXvQAS.exe
  2⤵
  PID:7988
- C:\Windows\System\CsMOHPj.exe
  C:\Windows\System\CsMOHPj.exe
  2⤵
  PID:7900
- C:\Windows\System\rxWHwma.exe
  C:\Windows\System\rxWHwma.exe
  2⤵
  PID:8060
- C:\Windows\System\eXpxpaA.exe
  C:\Windows\System\eXpxpaA.exe
  2⤵
  PID:7940
- C:\Windows\System\JWASkvm.exe
  C:\Windows\System\JWASkvm.exe
  2⤵
  PID:8164
- C:\Windows\System\glybXfe.exe
  C:\Windows\System\glybXfe.exe
  2⤵
  PID:8072
- C:\Windows\System\odejfmt.exe
  C:\Windows\System\odejfmt.exe
  2⤵
  PID:8108
- C:\Windows\System\HLojhZh.exe
  C:\Windows\System\HLojhZh.exe
  2⤵
  PID:7272
- C:\Windows\System\TsUvaPR.exe
  C:\Windows\System\TsUvaPR.exe
  2⤵
  PID:8188
- C:\Windows\System\ONndTaI.exe
  C:\Windows\System\ONndTaI.exe
  2⤵
  PID:7128
- C:\Windows\System\QgXwXLt.exe
  C:\Windows\System\QgXwXLt.exe
  2⤵
  PID:7176
- C:\Windows\System\dleYAES.exe
  C:\Windows\System\dleYAES.exe
  2⤵
  PID:7236
- C:\Windows\System\ZfPItou.exe
  C:\Windows\System\ZfPItou.exe
  2⤵
  PID:7428
- C:\Windows\System\LArsqia.exe
  C:\Windows\System\LArsqia.exe
  2⤵
  PID:7196
- C:\Windows\System\GJokkwe.exe
  C:\Windows\System\GJokkwe.exe
  2⤵
  PID:7444
- C:\Windows\System\AkBCavy.exe
  C:\Windows\System\AkBCavy.exe
  2⤵
  PID:6572
- C:\Windows\System\tqKFlsL.exe
  C:\Windows\System\tqKFlsL.exe
  2⤵
  PID:7392
- C:\Windows\System\rHtEqsn.exe
  C:\Windows\System\rHtEqsn.exe
  2⤵
  PID:7508
- C:\Windows\System\XAydZMA.exe
  C:\Windows\System\XAydZMA.exe
  2⤵
  PID:7688
- C:\Windows\System\JGwIxRy.exe
  C:\Windows\System\JGwIxRy.exe
  2⤵
  PID:7656
- C:\Windows\System\MsCDYoy.exe
  C:\Windows\System\MsCDYoy.exe
  2⤵
  PID:7728
- C:\Windows\System\elaKVeI.exe
  C:\Windows\System\elaKVeI.exe
  2⤵
  PID:7536
- C:\Windows\System\JVXJHIi.exe
  C:\Windows\System\JVXJHIi.exe
  2⤵
  PID:7812
- C:\Windows\System\ocGAdMV.exe
  C:\Windows\System\ocGAdMV.exe
  2⤵
  PID:7960
- C:\Windows\System\XsXOZYJ.exe
  C:\Windows\System\XsXOZYJ.exe
  2⤵
  PID:7748
- C:\Windows\System\PdLMFth.exe
  C:\Windows\System\PdLMFth.exe
  2⤵
  PID:7828
- C:\Windows\System\qMyNDEN.exe
  C:\Windows\System\qMyNDEN.exe
  2⤵
  PID:8052
- C:\Windows\System\lEFlGRo.exe
  C:\Windows\System\lEFlGRo.exe
  2⤵
  PID:8144
- C:\Windows\System\XgdXBoZ.exe
  C:\Windows\System\XgdXBoZ.exe
  2⤵
  PID:8088
- C:\Windows\System\VNNMQSQ.exe
  C:\Windows\System\VNNMQSQ.exe
  2⤵
  PID:7232
- C:\Windows\System\OoBrxOl.exe
  C:\Windows\System\OoBrxOl.exe
  2⤵
  PID:7088
- C:\Windows\System\CxNIXFb.exe
  C:\Windows\System\CxNIXFb.exe
  2⤵
  PID:6532
- C:\Windows\System\KJjayPx.exe
  C:\Windows\System\KJjayPx.exe
  2⤵
  PID:7376
- C:\Windows\System\nsMLDfd.exe
  C:\Windows\System\nsMLDfd.exe
  2⤵
  PID:7504
- C:\Windows\System\RxcjUdv.exe
  C:\Windows\System\RxcjUdv.exe
  2⤵
  PID:7552
- C:\Windows\System\MMYZmyL.exe
  C:\Windows\System\MMYZmyL.exe
  2⤵
  PID:7704
- C:\Windows\System\umFyeaH.exe
  C:\Windows\System\umFyeaH.exe
  2⤵
  PID:7884
- C:\Windows\System\QiiPksI.exe
  C:\Windows\System\QiiPksI.exe
  2⤵
  PID:7788
- C:\Windows\System\PjOEERa.exe
  C:\Windows\System\PjOEERa.exe
  2⤵
  PID:7976
- C:\Windows\System\FwLsWlr.exe
  C:\Windows\System\FwLsWlr.exe
  2⤵
  PID:6700
- C:\Windows\System\jhZXxnV.exe
  C:\Windows\System\jhZXxnV.exe
  2⤵
  PID:7972
- C:\Windows\System\fpAvVSU.exe
  C:\Windows\System\fpAvVSU.exe
  2⤵
  PID:8132
- C:\Windows\System\tpLOpIJ.exe
  C:\Windows\System\tpLOpIJ.exe
  2⤵
  PID:7620
- C:\Windows\System\IwuXzQd.exe
  C:\Windows\System\IwuXzQd.exe
  2⤵
  PID:7896
- C:\Windows\System\hjMOppm.exe
  C:\Windows\System\hjMOppm.exe
  2⤵
  PID:7996
- C:\Windows\System\ZMDKxka.exe
  C:\Windows\System\ZMDKxka.exe
  2⤵
  PID:7876
- C:\Windows\System\mkvruoF.exe
  C:\Windows\System\mkvruoF.exe
  2⤵
  PID:7500
- C:\Windows\System\MjqRpkO.exe
  C:\Windows\System\MjqRpkO.exe
  2⤵
  PID:7476
- C:\Windows\System\UqMWXbM.exe
  C:\Windows\System\UqMWXbM.exe
  2⤵
  PID:8204
- C:\Windows\System\ZKArXWf.exe
  C:\Windows\System\ZKArXWf.exe
  2⤵
  PID:8224
- C:\Windows\System\BLFNllI.exe
  C:\Windows\System\BLFNllI.exe
  2⤵
  PID:8240
- C:\Windows\System\czDDOYX.exe
  C:\Windows\System\czDDOYX.exe
  2⤵
  PID:8256
- C:\Windows\System\ILlxcAW.exe
  C:\Windows\System\ILlxcAW.exe
  2⤵
  PID:8272
- C:\Windows\System\zpYqrtq.exe
  C:\Windows\System\zpYqrtq.exe
  2⤵
  PID:8288
- C:\Windows\System\OCcLhLy.exe
  C:\Windows\System\OCcLhLy.exe
  2⤵
  PID:8304
- C:\Windows\System\mmrpOOz.exe
  C:\Windows\System\mmrpOOz.exe
  2⤵
  PID:8320
- C:\Windows\System\JCIImMe.exe
  C:\Windows\System\JCIImMe.exe
  2⤵
  PID:8336
- C:\Windows\System\GsigYGv.exe
  C:\Windows\System\GsigYGv.exe
  2⤵
  PID:8356
- C:\Windows\System\znEypZg.exe
  C:\Windows\System\znEypZg.exe
  2⤵
  PID:8372
- C:\Windows\System\exDKOFa.exe
  C:\Windows\System\exDKOFa.exe
  2⤵
  PID:8388
- C:\Windows\System\qsFJndA.exe
  C:\Windows\System\qsFJndA.exe
  2⤵
  PID:8404
- C:\Windows\System\sysrejT.exe
  C:\Windows\System\sysrejT.exe
  2⤵
  PID:8420
- C:\Windows\System\ynQAPLV.exe
  C:\Windows\System\ynQAPLV.exe
  2⤵
  PID:8436
- C:\Windows\System\usvExph.exe
  C:\Windows\System\usvExph.exe
  2⤵
  PID:8452
- C:\Windows\System\UyCtDSF.exe
  C:\Windows\System\UyCtDSF.exe
  2⤵
  PID:8468
- C:\Windows\System\NGTMQGi.exe
  C:\Windows\System\NGTMQGi.exe
  2⤵
  PID:8484
- C:\Windows\System\FSdskdC.exe
  C:\Windows\System\FSdskdC.exe
  2⤵
  PID:8500
- C:\Windows\System\aDRnZXy.exe
  C:\Windows\System\aDRnZXy.exe
  2⤵
  PID:8516
- C:\Windows\System\nrplPTd.exe
  C:\Windows\System\nrplPTd.exe
  2⤵
  PID:8532
- C:\Windows\System\yElrint.exe
  C:\Windows\System\yElrint.exe
  2⤵
  PID:8548
- C:\Windows\System\zDdczSN.exe
  C:\Windows\System\zDdczSN.exe
  2⤵
  PID:8564
- C:\Windows\System\SovPdXp.exe
  C:\Windows\System\SovPdXp.exe
  2⤵
  PID:8584
- C:\Windows\System\aAoSixW.exe
  C:\Windows\System\aAoSixW.exe
  2⤵
  PID:8640
- C:\Windows\System\wjxomPc.exe
  C:\Windows\System\wjxomPc.exe
  2⤵
  PID:8660
- C:\Windows\System\ADTCEjE.exe
  C:\Windows\System\ADTCEjE.exe
  2⤵
  PID:8988
- C:\Windows\System\cQKOOSG.exe
  C:\Windows\System\cQKOOSG.exe
  2⤵
  PID:9012
- C:\Windows\System\CfEPUgm.exe
  C:\Windows\System\CfEPUgm.exe
  2⤵
  PID:9032
- C:\Windows\System\HJvtrzz.exe
  C:\Windows\System\HJvtrzz.exe
  2⤵
  PID:9056
- C:\Windows\System\gDeStba.exe
  C:\Windows\System\gDeStba.exe
  2⤵
  PID:9072
- C:\Windows\System\hYtnfMA.exe
  C:\Windows\System\hYtnfMA.exe
  2⤵
  PID:9088
- C:\Windows\System\KGmOesx.exe
  C:\Windows\System\KGmOesx.exe
  2⤵
  PID:9104
- C:\Windows\System\CGiFaOH.exe
  C:\Windows\System\CGiFaOH.exe
  2⤵
  PID:9120
- C:\Windows\System\PVSNulb.exe
  C:\Windows\System\PVSNulb.exe
  2⤵
  PID:9156
- C:\Windows\System\lzzmcFH.exe
  C:\Windows\System\lzzmcFH.exe
  2⤵
  PID:9172
- C:\Windows\System\iuZsKxV.exe
  C:\Windows\System\iuZsKxV.exe
  2⤵
  PID:9192
- C:\Windows\System\VwIPgHN.exe
  C:\Windows\System\VwIPgHN.exe
  2⤵
  PID:9212
- C:\Windows\System\OyOiDDw.exe
  C:\Windows\System\OyOiDDw.exe
  2⤵
  PID:8212
- C:\Windows\System\fNPYwZe.exe
  C:\Windows\System\fNPYwZe.exe
  2⤵
  PID:6644
- C:\Windows\System\lZwrWEl.exe
  C:\Windows\System\lZwrWEl.exe
  2⤵
  PID:8264
- C:\Windows\System\wjLdyTJ.exe
  C:\Windows\System\wjLdyTJ.exe
  2⤵
  PID:8316
- C:\Windows\System\hJcXFeP.exe
  C:\Windows\System\hJcXFeP.exe
  2⤵
  PID:8384
- C:\Windows\System\dtpPImP.exe
  C:\Windows\System\dtpPImP.exe
  2⤵
  PID:8476
- C:\Windows\System\bXwGBFR.exe
  C:\Windows\System\bXwGBFR.exe
  2⤵
  PID:8512
- C:\Windows\System\ihcNTXT.exe
  C:\Windows\System\ihcNTXT.exe
  2⤵
  PID:8368
- C:\Windows\System\CSZqAhJ.exe
  C:\Windows\System\CSZqAhJ.exe
  2⤵
  PID:8492
- C:\Windows\System\slFOcbj.exe
  C:\Windows\System\slFOcbj.exe
  2⤵
  PID:8572
- C:\Windows\System\AVDwXMC.exe
  C:\Windows\System\AVDwXMC.exe
  2⤵
  PID:8592
- C:\Windows\System\ZrKFVgJ.exe
  C:\Windows\System\ZrKFVgJ.exe
  2⤵
  PID:8616
- C:\Windows\System\yWGXfVn.exe
  C:\Windows\System\yWGXfVn.exe
  2⤵
  PID:8628
- C:\Windows\System\nGETaqj.exe
  C:\Windows\System\nGETaqj.exe
  2⤵
  PID:8648
- C:\Windows\System\deIzECZ.exe
  C:\Windows\System\deIzECZ.exe
  2⤵
  PID:8680
- C:\Windows\System\WbuIpYB.exe
  C:\Windows\System\WbuIpYB.exe
  2⤵
  PID:8696
- C:\Windows\System\PFzwWZt.exe
  C:\Windows\System\PFzwWZt.exe
  2⤵
  PID:8712
- C:\Windows\System\GKZeirf.exe
  C:\Windows\System\GKZeirf.exe
  2⤵
  PID:8732
- C:\Windows\System\pechpyS.exe
  C:\Windows\System\pechpyS.exe
  2⤵
  PID:8752
- C:\Windows\System\ROkAqzi.exe
  C:\Windows\System\ROkAqzi.exe
  2⤵
  PID:8780
- C:\Windows\System\ZCQpkvJ.exe
  C:\Windows\System\ZCQpkvJ.exe
  2⤵
  PID:8796
- C:\Windows\System\sWgjgec.exe
  C:\Windows\System\sWgjgec.exe
  2⤵
  PID:8812
- C:\Windows\System\KUesgTD.exe
  C:\Windows\System\KUesgTD.exe
  2⤵
  PID:8832
- C:\Windows\System\nuGSwab.exe
  C:\Windows\System\nuGSwab.exe
  2⤵
  PID:8864
- C:\Windows\System\nYaNQhu.exe
  C:\Windows\System\nYaNQhu.exe
  2⤵
  PID:8896
- C:\Windows\System\VdryslD.exe
  C:\Windows\System\VdryslD.exe
  2⤵
  PID:8908
- C:\Windows\System\WEFlZzZ.exe
  C:\Windows\System\WEFlZzZ.exe
  2⤵
  PID:8916
- C:\Windows\System\EzSMwuE.exe
  C:\Windows\System\EzSMwuE.exe
  2⤵
  PID:8948
- C:\Windows\System\QZUgtjv.exe
  C:\Windows\System\QZUgtjv.exe
  2⤵
  PID:8976
- C:\Windows\System\LWaUaqx.exe
  C:\Windows\System\LWaUaqx.exe
  2⤵
  PID:9000
- C:\Windows\System\nYubFpI.exe
  C:\Windows\System\nYubFpI.exe
  2⤵
  PID:9040
- C:\Windows\System\zajdTpx.exe
  C:\Windows\System\zajdTpx.exe
  2⤵
  PID:9080
- C:\Windows\System\omFXDPT.exe
  C:\Windows\System\omFXDPT.exe
  2⤵
  PID:9136
- C:\Windows\System\cnUYFIo.exe
  C:\Windows\System\cnUYFIo.exe
  2⤵
  PID:9096
- C:\Windows\System\RUPcOJa.exe
  C:\Windows\System\RUPcOJa.exe
  2⤵
  PID:9168
- C:\Windows\System\sCpLEpD.exe
  C:\Windows\System\sCpLEpD.exe
  2⤵
  PID:9208
- C:\Windows\System\LPqhtOo.exe
  C:\Windows\System\LPqhtOo.exe
  2⤵
  PID:8200
- C:\Windows\System\LFZtYDk.exe
  C:\Windows\System\LFZtYDk.exe
  2⤵
  PID:8416
- C:\Windows\System\FRfgTfJ.exe
  C:\Windows\System\FRfgTfJ.exe
  2⤵
  PID:8496
- C:\Windows\System\zqJDxpK.exe
  C:\Windows\System\zqJDxpK.exe
  2⤵
  PID:8544
- C:\Windows\System\mWUzfgy.exe
  C:\Windows\System\mWUzfgy.exe
  2⤵
  PID:8600
- C:\Windows\System\QHIucfk.exe
  C:\Windows\System\QHIucfk.exe
  2⤵
  PID:8332
- C:\Windows\System\vwXshus.exe
  C:\Windows\System\vwXshus.exe
  2⤵
  PID:8672
- C:\Windows\System\jCVSmJD.exe
  C:\Windows\System\jCVSmJD.exe
  2⤵
  PID:8528
- C:\Windows\System\MzKTjKq.exe
  C:\Windows\System\MzKTjKq.exe
  2⤵
  PID:8400
- C:\Windows\System\YNxdiNj.exe
  C:\Windows\System\YNxdiNj.exe
  2⤵
  PID:8724
- C:\Windows\System\YTmUAnu.exe
  C:\Windows\System\YTmUAnu.exe
  2⤵
  PID:8676
- C:\Windows\System\RXTUwCs.exe
  C:\Windows\System\RXTUwCs.exe
  2⤵
  PID:8760
- C:\Windows\System\lsQarrb.exe
  C:\Windows\System\lsQarrb.exe
  2⤵
  PID:8792
- C:\Windows\System\FawlcuN.exe
  C:\Windows\System\FawlcuN.exe
  2⤵
  PID:8848
- C:\Windows\System\PdumNWv.exe
  C:\Windows\System\PdumNWv.exe
  2⤵
  PID:8884
- C:\Windows\System\crvDGtq.exe
  C:\Windows\System\crvDGtq.exe
  2⤵
  PID:8944
- C:\Windows\System\ZfZiEJC.exe
  C:\Windows\System\ZfZiEJC.exe
  2⤵
  PID:9044
- C:\Windows\System\xVebZRF.exe
  C:\Windows\System\xVebZRF.exe
  2⤵
  PID:8924
- C:\Windows\System\eNmQXMM.exe
  C:\Windows\System\eNmQXMM.exe
  2⤵
  PID:9184
- C:\Windows\System\pntcuyV.exe
  C:\Windows\System\pntcuyV.exe
  2⤵
  PID:9020
- C:\Windows\System\QXlIgWF.exe
  C:\Windows\System\QXlIgWF.exe
  2⤵
  PID:9112
- C:\Windows\System\elnhcVD.exe
  C:\Windows\System\elnhcVD.exe
  2⤵
  PID:8348
- C:\Windows\System\oHhBxwQ.exe
  C:\Windows\System\oHhBxwQ.exe
  2⤵
  PID:9180
- C:\Windows\System\pQkWDPN.exe
  C:\Windows\System\pQkWDPN.exe
  2⤵
  PID:8540
- C:\Windows\System\wAMWKcu.exe
  C:\Windows\System\wAMWKcu.exe
  2⤵
  PID:8872
- C:\Windows\System\czKLwZd.exe
  C:\Windows\System\czKLwZd.exe
  2⤵
  PID:8580
- C:\Windows\System\WilkxKL.exe
  C:\Windows\System\WilkxKL.exe
  2⤵
  PID:8704
- C:\Windows\System\SolzmLC.exe
  C:\Windows\System\SolzmLC.exe
  2⤵
  PID:8460
- C:\Windows\System\llZUMTR.exe
  C:\Windows\System\llZUMTR.exe
  2⤵
  PID:8744
- C:\Windows\System\fOzeuIL.exe
  C:\Windows\System\fOzeuIL.exe
  2⤵
  PID:8768
- C:\Windows\System\bbCCivp.exe
  C:\Windows\System\bbCCivp.exe
  2⤵
  PID:8940
- C:\Windows\System\wYvyYmQ.exe
  C:\Windows\System\wYvyYmQ.exe
  2⤵
  PID:8860
- C:\Windows\System\NTDvXbu.exe
  C:\Windows\System\NTDvXbu.exe
  2⤵
  PID:9064
- C:\Windows\System\AhyosYI.exe
  C:\Windows\System\AhyosYI.exe
  2⤵
  PID:8956
- C:\Windows\System\KlvdJNz.exe
  C:\Windows\System\KlvdJNz.exe
  2⤵
  PID:7752
- C:\Windows\System\bGIUVeh.exe
  C:\Windows\System\bGIUVeh.exe
  2⤵
  PID:9144
- C:\Windows\System\uOpJwED.exe
  C:\Windows\System\uOpJwED.exe
  2⤵
  PID:8728
- C:\Windows\System\LZPekYI.exe
  C:\Windows\System\LZPekYI.exe
  2⤵
  PID:8612
- C:\Windows\System\rKNJywH.exe
  C:\Windows\System\rKNJywH.exe
  2⤵
  PID:9204
- C:\Windows\System\eZFCzGr.exe
  C:\Windows\System\eZFCzGr.exe
  2⤵
  PID:8688
- C:\Windows\System\LwalWUD.exe
  C:\Windows\System\LwalWUD.exe
  2⤵
  PID:8968
- C:\Windows\System\xtMJceJ.exe
  C:\Windows\System\xtMJceJ.exe
  2⤵
  PID:8444
- C:\Windows\System\IlzgUKY.exe
  C:\Windows\System\IlzgUKY.exe
  2⤵
  PID:8692
- C:\Windows\System\CggThmK.exe
  C:\Windows\System\CggThmK.exe
  2⤵
  PID:9116
- C:\Windows\System\jQEDprW.exe
  C:\Windows\System\jQEDprW.exe
  2⤵
  PID:8284
- C:\Windows\System\stVmBob.exe
  C:\Windows\System\stVmBob.exe
  2⤵
  PID:8868
- C:\Windows\System\ADdIzRU.exe
  C:\Windows\System\ADdIzRU.exe
  2⤵
  PID:8876
- C:\Windows\System\TmRFFNb.exe
  C:\Windows\System\TmRFFNb.exe
  2⤵
  PID:9024
- C:\Windows\System\zEHiRwK.exe
  C:\Windows\System\zEHiRwK.exe
  2⤵
  PID:8996
- C:\Windows\System\beSOKKy.exe
  C:\Windows\System\beSOKKy.exe
  2⤵
  PID:8972
- C:\Windows\System\ygIaoiy.exe
  C:\Windows\System\ygIaoiy.exe
  2⤵
  PID:9228
- C:\Windows\System\PkUAHvM.exe
  C:\Windows\System\PkUAHvM.exe
  2⤵
  PID:9248
- C:\Windows\System\vlkPbbO.exe
  C:\Windows\System\vlkPbbO.exe
  2⤵
  PID:9272
- C:\Windows\System\wDKpiEj.exe
  C:\Windows\System\wDKpiEj.exe
  2⤵
  PID:9292
- C:\Windows\System\Uvxgvea.exe
  C:\Windows\System\Uvxgvea.exe
  2⤵
  PID:9312
- C:\Windows\System\WaUJRCH.exe
  C:\Windows\System\WaUJRCH.exe
  2⤵
  PID:9336
- C:\Windows\System\wYJYYoq.exe
  C:\Windows\System\wYJYYoq.exe
  2⤵
  PID:9356
- C:\Windows\System\GwFFjEk.exe
  C:\Windows\System\GwFFjEk.exe
  2⤵
  PID:9376
- C:\Windows\System\JIoieSN.exe
  C:\Windows\System\JIoieSN.exe
  2⤵
  PID:9396
- C:\Windows\System\EMlBbQY.exe
  C:\Windows\System\EMlBbQY.exe
  2⤵
  PID:9412
- C:\Windows\System\hoyuKUO.exe
  C:\Windows\System\hoyuKUO.exe
  2⤵
  PID:9432
- C:\Windows\System\fRrNaVR.exe
  C:\Windows\System\fRrNaVR.exe
  2⤵
  PID:9452
- C:\Windows\System\TGlFdlC.exe
  C:\Windows\System\TGlFdlC.exe
  2⤵
  PID:9484
- C:\Windows\System\yyXVpkM.exe
  C:\Windows\System\yyXVpkM.exe
  2⤵
  PID:9500
- C:\Windows\System\sTHdwDU.exe
  C:\Windows\System\sTHdwDU.exe
  2⤵
  PID:9520
- C:\Windows\System\wgzUCSk.exe
  C:\Windows\System\wgzUCSk.exe
  2⤵
  PID:9540
- C:\Windows\System\MImGwrU.exe
  C:\Windows\System\MImGwrU.exe
  2⤵
  PID:9560
- C:\Windows\System\fslprdI.exe
  C:\Windows\System\fslprdI.exe
  2⤵
  PID:9576
- C:\Windows\System\lDcdzxt.exe
  C:\Windows\System\lDcdzxt.exe
  2⤵
  PID:9592
- C:\Windows\System\ElLnlTC.exe
  C:\Windows\System\ElLnlTC.exe
  2⤵
  PID:9616
- C:\Windows\System\vfOdmmX.exe
  C:\Windows\System\vfOdmmX.exe
  2⤵
  PID:9632
- C:\Windows\System\DRMjhxR.exe
  C:\Windows\System\DRMjhxR.exe
  2⤵
  PID:9664
- C:\Windows\System\YBawlni.exe
  C:\Windows\System\YBawlni.exe
  2⤵
  PID:9684
- C:\Windows\System\RStPMIv.exe
  C:\Windows\System\RStPMIv.exe
  2⤵
  PID:9700
- C:\Windows\System\oZoGirN.exe
  C:\Windows\System\oZoGirN.exe
  2⤵
  PID:9720
- C:\Windows\System\mnCQmEv.exe
  C:\Windows\System\mnCQmEv.exe
  2⤵
  PID:9740
- C:\Windows\System\WXbDNFy.exe
  C:\Windows\System\WXbDNFy.exe
  2⤵
  PID:9764
- C:\Windows\System\qJUAbBN.exe
  C:\Windows\System\qJUAbBN.exe
  2⤵
  PID:9780
- C:\Windows\System\kbSlvms.exe
  C:\Windows\System\kbSlvms.exe
  2⤵
  PID:9796
- C:\Windows\System\wqypToS.exe
  C:\Windows\System\wqypToS.exe
  2⤵
  PID:9816
- C:\Windows\System\zDykjCs.exe
  C:\Windows\System\zDykjCs.exe
  2⤵
  PID:9832
- C:\Windows\System\KFeMyph.exe
  C:\Windows\System\KFeMyph.exe
  2⤵
  PID:9852
- C:\Windows\System\Nyvyzed.exe
  C:\Windows\System\Nyvyzed.exe
  2⤵
  PID:9876
- C:\Windows\System\nJCoUYS.exe
  C:\Windows\System\nJCoUYS.exe
  2⤵
  PID:9900
- C:\Windows\System\EqQOfme.exe
  C:\Windows\System\EqQOfme.exe
  2⤵
  PID:9924
- C:\Windows\System\BKEtjgV.exe
  C:\Windows\System\BKEtjgV.exe
  2⤵
  PID:9940
- C:\Windows\System\nUpCAxb.exe
  C:\Windows\System\nUpCAxb.exe
  2⤵
  PID:9960
- C:\Windows\System\PBpKOmN.exe
  C:\Windows\System\PBpKOmN.exe
  2⤵
  PID:9984
- C:\Windows\System\bqTVZil.exe
  C:\Windows\System\bqTVZil.exe
  2⤵
  PID:10000
- C:\Windows\System\GmlrSGi.exe
  C:\Windows\System\GmlrSGi.exe
  2⤵
  PID:10020
- C:\Windows\System\KRcgxjK.exe
  C:\Windows\System\KRcgxjK.exe
  2⤵
  PID:10040
- C:\Windows\System\LUsrHlf.exe
  C:\Windows\System\LUsrHlf.exe
  2⤵
  PID:10060
- C:\Windows\System\MbIhycD.exe
  C:\Windows\System\MbIhycD.exe
  2⤵
  PID:10080
- C:\Windows\System\cAJBXmV.exe
  C:\Windows\System\cAJBXmV.exe
  2⤵
  PID:10096
- C:\Windows\System\rKzexAt.exe
  C:\Windows\System\rKzexAt.exe
  2⤵
  PID:10112
- C:\Windows\System\zYEiXyc.exe
  C:\Windows\System\zYEiXyc.exe
  2⤵
  PID:10128
- C:\Windows\System\ShZQImM.exe
  C:\Windows\System\ShZQImM.exe
  2⤵
  PID:10144
- C:\Windows\System\rUGhFHI.exe
  C:\Windows\System\rUGhFHI.exe
  2⤵
  PID:10180
- C:\Windows\System\PupjjTP.exe
  C:\Windows\System\PupjjTP.exe
  2⤵
  PID:10200
- C:\Windows\System\yrftibz.exe
  C:\Windows\System\yrftibz.exe
  2⤵
  PID:10216
- C:\Windows\System\IBJMIEU.exe
  C:\Windows\System\IBJMIEU.exe
  2⤵
  PID:10232
- C:\Windows\System\nHXzHgk.exe
  C:\Windows\System\nHXzHgk.exe
  2⤵
  PID:8784
- C:\Windows\System\HXODlfw.exe
  C:\Windows\System\HXODlfw.exe
  2⤵
  PID:8820
- C:\Windows\System\HJHIjEH.exe
  C:\Windows\System\HJHIjEH.exe
  2⤵
  PID:9260
- C:\Windows\System\mewFXSH.exe
  C:\Windows\System\mewFXSH.exe
  2⤵
  PID:9304
- C:\Windows\System\OUUXzjx.exe
  C:\Windows\System\OUUXzjx.exe
  2⤵
  PID:9332
- C:\Windows\System\Zvfwgza.exe
  C:\Windows\System\Zvfwgza.exe
  2⤵
  PID:9352
- C:\Windows\System\nHBHTzA.exe
  C:\Windows\System\nHBHTzA.exe
  2⤵
  PID:9368
- C:\Windows\System\pHdaNVs.exe
  C:\Windows\System\pHdaNVs.exe
  2⤵
  PID:9420
- C:\Windows\System\ssswrwg.exe
  C:\Windows\System\ssswrwg.exe
  2⤵
  PID:9440
- C:\Windows\System\ohYBlCx.exe
  C:\Windows\System\ohYBlCx.exe
  2⤵
  PID:9460
- C:\Windows\System\oARZocu.exe
  C:\Windows\System\oARZocu.exe
  2⤵
  PID:9492
- C:\Windows\System\BbBxSMK.exe
  C:\Windows\System\BbBxSMK.exe
  2⤵
  PID:9528
- C:\Windows\System\hdtFZGK.exe
  C:\Windows\System\hdtFZGK.exe
  2⤵
  PID:9568
- C:\Windows\System\EOprdeM.exe
  C:\Windows\System\EOprdeM.exe
  2⤵
  PID:9644
- C:\Windows\System\wyDzFKO.exe
  C:\Windows\System\wyDzFKO.exe
  2⤵
  PID:9648
- C:\Windows\System\vmgFrJM.exe
  C:\Windows\System\vmgFrJM.exe
  2⤵
  PID:9680
- C:\Windows\System\DvUWjLw.exe
  C:\Windows\System\DvUWjLw.exe
  2⤵
  PID:9708
- C:\Windows\System\ATvKnvj.exe
  C:\Windows\System\ATvKnvj.exe
  2⤵
  PID:9736
- C:\Windows\System\fwZhkfM.exe
  C:\Windows\System\fwZhkfM.exe
  2⤵
  PID:9760
- C:\Windows\System\tDwKfjR.exe
  C:\Windows\System\tDwKfjR.exe
  2⤵
  PID:9792
- C:\Windows\System\cYQCNTK.exe
  C:\Windows\System\cYQCNTK.exe
  2⤵
  PID:9864
- C:\Windows\System\OWpgdEL.exe
  C:\Windows\System\OWpgdEL.exe
  2⤵
  PID:9840
- C:\Windows\System\XnNWhJL.exe
  C:\Windows\System\XnNWhJL.exe
  2⤵
  PID:9952
- C:\Windows\System\OFjwrxP.exe
  C:\Windows\System\OFjwrxP.exe
  2⤵
  PID:9980
- C:\Windows\System\mjgvTcr.exe
  C:\Windows\System\mjgvTcr.exe
  2⤵
  PID:10032
- C:\Windows\System\hZdxMsm.exe
  C:\Windows\System\hZdxMsm.exe
  2⤵
  PID:10072
- C:\Windows\System\vNuDXAL.exe
  C:\Windows\System\vNuDXAL.exe
  2⤵
  PID:10124
- C:\Windows\System\aXSPnJR.exe
  C:\Windows\System\aXSPnJR.exe
  2⤵
  PID:10052
- C:\Windows\System\kGBDNVG.exe
  C:\Windows\System\kGBDNVG.exe
  2⤵
  PID:10164
- C:\Windows\System\ZKxMqKV.exe
  C:\Windows\System\ZKxMqKV.exe
  2⤵
  PID:10192
- C:\Windows\System\IlrtgUH.exe
  C:\Windows\System\IlrtgUH.exe
  2⤵
  PID:8788
- C:\Windows\System\HHUoUMn.exe
  C:\Windows\System\HHUoUMn.exe
  2⤵
  PID:9236
- C:\Windows\System\hFoBaaZ.exe
  C:\Windows\System\hFoBaaZ.exe
  2⤵
  PID:9268
- C:\Windows\System\cjoIObC.exe
  C:\Windows\System\cjoIObC.exe
  2⤵
  PID:9328
- C:\Windows\System\LrPcxSO.exe
  C:\Windows\System\LrPcxSO.exe
  2⤵
  PID:9448
- C:\Windows\System\qvXuKxe.exe
  C:\Windows\System\qvXuKxe.exe
  2⤵
  PID:8844
- C:\Windows\System\WedAnrw.exe
  C:\Windows\System\WedAnrw.exe
  2⤵
  PID:9464
- C:\Windows\System\XWZkNYO.exe
  C:\Windows\System\XWZkNYO.exe
  2⤵
  PID:9496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\FENArwJ.exe

Filesize
6.0MB

MD5
e4f888e4536c727b691722a661bebaa1

SHA1
449568f23d9b5f9238ea753a30a963aa4b16fbd6

SHA256
82f9fbb3a5a6044d19a307c8dde7afd2418c5682092659db6795b2afeb51bcf6

SHA512
5e858599be585bcd5facb309f506fbf37f4ef1cca9a09ee60e2c0022d487fc99acedac8ded3cfe48afd396c37e60058c42b25d6f243a10bcfeb8da86ff5ebab7

Download Submit
C:\Windows\system\FebUCEf.exe

Filesize
6.0MB

MD5
13a7d6261c66c17ec5a283ab61c8782d

SHA1
11bcc51706d0830434a1cec85ec9ce883e1a9ae1

SHA256
bd2f6ae5218cbdbf45c3d48acf6bfec5e521da52aeeb3151bc9bf0664b02f465

SHA512
c777620712d85a23666cf7451c56b2ecff104aa5698337baf29211179be89cad7c66de411e664c92139ab145ed77e18c745eaf8390d1274b19c1658d97b6b840

Download Submit
C:\Windows\system\GQiRAUp.exe

Filesize
6.0MB

MD5
22180f1af5c3fa6e531185cb425205a9

SHA1
36b9199c7cd8539e4a451b8affb77cb180995efc

SHA256
1421ed4ce55c1cfe8937439666f127159b38396d611f4dd4fbe84bda7bf45c63

SHA512
a3c44729f4e4b1a24aada71d2c57fed1dadd39e604221f9c46cee33944af5f88ddd3caf11f2693c87ea055cb371b9533473f448eedbd69a0fbf5ef5fc0d0a877

Download Submit
C:\Windows\system\HjkdOTn.exe

Filesize
6.0MB

MD5
657ace3c2e08baa29c98b882a625de42

SHA1
b6506a2bcb86b0be83a43edefc1f99298a47ce1b

SHA256
63659a5e80055d935b2017ada9efe173b314014119ed615893e942995c120052

SHA512
b076a663d5062b26730c1b7395dc9b5d5872346f70dcb4581d7eff810f6389abf23c687b112b7873c1b39fcffb9dccdd2a6cbca44061bfcd4907bc0ad969c0ad

Download Submit
C:\Windows\system\HtSpazv.exe

Filesize
6.0MB

MD5
504c7583ff8d5120c9e3f9fa1094922f

SHA1
a228714bef6a847d4d96904630b5bf2785b1c3fe

SHA256
7e621b8cf1b1d107152235244c73003e969d57621de07b491bf523475f5daf96

SHA512
c55f0af38ea239f66bbee3b7e934b51d0f51677f49d29c8819e45323920b941f30c664af0c772a5f655e4247edfbf403fa5f28d04f407cf445634bf7a466d512

Download Submit
C:\Windows\system\JgomPgK.exe

Filesize
6.0MB

MD5
4aaaaf938faf3239b5f194417a503015

SHA1
161b2a53c64f238f63c184e552d7df4b3bba038a

SHA256
7edaa6a80e8035d967383c0b6c700716ed50796c1282b9194bad6384e55f8459

SHA512
d54c00b1b3b975a39956c729efa5a19dbf16b7a134681ff8c8929a90f120a54e11cb8fc10bdb9e1ab1b0c81529766ad94bb595a32424cfcd25413c853fc774eb

Download Submit
C:\Windows\system\LpKRhoc.exe

Filesize
6.0MB

MD5
e52d32c8ffb163d2b97b286f017bcdb5

SHA1
15ff3df3ee6239c5247cb95e928525f902230ca7

SHA256
435cea3eca1527770345457d418fa3783d61fb6d0f2fcbb907add949ec08d21f

SHA512
3abf58cc8bc4e65f955fa672f4ff0206d9610bf7d2cd55657dd4c6a3d51d92c4bf0fbe849fde261686713e729de5e8d8b112a2fde5f0101de8aec3e696fe94de

Download Submit
C:\Windows\system\LqtYvIx.exe

Filesize
6.0MB

MD5
a9b65533e23b43c3d1baf10b6b68b124

SHA1
124fbae766f95efc23703b66251cb0fb5a965012

SHA256
970a7673c49ab31a84887e5a6700db0f340eae13808ead0575b25fa6db37bf30

SHA512
b5507894b81294bce4da2577c93f83bdd4d9ff1b92746a85f02b9bfaad5df4fe248e61028b309087cf71afc5f2676b5dab8eadcff669fd315edcc8d387c46918

Download Submit
C:\Windows\system\MWrVLuf.exe

Filesize
6.0MB

MD5
276eef53a1efb5a852b635e7af033085

SHA1
8ff64e212fd76a9377bd94be879cfe828c0a54de

SHA256
11359436f10e28fefd1c72b00086b8a6709ac1c0fc7fbdad1c4f39e43661bffe

SHA512
ae47d5d819a68721f4b912fd3c55234259c75928c5b71c237694d7b1fc7b87eb4d17fd9a218cc8f4ac212e3fff379d9c18334c5ce337ee3153926d1ba553b0cd

Download Submit
C:\Windows\system\MhbViAX.exe

Filesize
6.0MB

MD5
b5a7c76fa703260bebbd879dc543db37

SHA1
6a92bb46cf8759e7434099cb33aa5a07cd51033d

SHA256
4830afa03fed5f579d4524cd598e9db79c12448968b80ff06c59fc9b09ef6622

SHA512
bbbbe3ca078bacad771040f15e75aac65e61825f91bf29f3315a4571657cadbeb8ae4dc85a58a488644b7f08b5cda8781cf21312b6d909bedf4e8456d967492a

Download Submit
C:\Windows\system\NvumRWT.exe

Filesize
6.0MB

MD5
5419d38ec20e5adf6e17c5b58d9a78bc

SHA1
03399c23baa1f8a3c04c6a5fb39ebe58c930d8c6

SHA256
09e10cee7f6f5ec9712b7422d684aa634bd83675835416d60665b115a80126f6

SHA512
6199072645d573e84820270fb65d4c3eec9ab8d8a861976624934fb6bb16877d7bedac0722cccfae97ef5b77fc10823118402ef6fc8f21641b7078fc86ac6310

Download Submit
C:\Windows\system\OtdPcTi.exe

Filesize
6.0MB

MD5
4fc655dca49600c203c51a03d60c4359

SHA1
e9545df7f41169fdde73a6725ca96ee2dd3bc3a6

SHA256
147d5b6e817d89c04dbd4df25f3d0aa63433e12dd42f3e972b33844b1754611e

SHA512
ad989e648b3d51f3954d1ff0b31140674bbe50a312d41fb9534703babeb053a2719bd7d24bd80ff7f7a45a374fa38aa6e60abee41d981b26b12ae8528cfc2f58

Download Submit
C:\Windows\system\PjsSiNK.exe

Filesize
6.0MB

MD5
4b714f8b7fed8c0e0902b04b06b09cb1

SHA1
911231091fcf3409f31d52bc208a3e5cdff4fd9e

SHA256
53f7ebb6d44ff824c12b5ecba412ee3afac3adb6916cb8bda715b16cdc1d7270

SHA512
0ae12b83fa60c9a90efad34df7fcf74ae432bdd0ca15a40c23ef20db6f57c6cd81f89c69b6abeb57c728858143933dc821ccdf54addc3be53b5c669d91c0ca82

Download Submit
C:\Windows\system\VDdVaDJ.exe

Filesize
6.0MB

MD5
81df1bdec62bb573da616f34168f5936

SHA1
f0de27ea65696d12b4acac656924167ce8b3eaa6

SHA256
61f9deed94d4377aa99fd8f0e5e042015eb203319b612069bef80d91f1a971cf

SHA512
9d067e5d0a50058d00e0751f9cff3eb45b6339001af4a68516d4c020b086c0a1f7044155e5ab2e95dee13cbf0e91b2a8717e75f6f68668e1bdd5679b0c16a82c

Download Submit
C:\Windows\system\WsgqPrK.exe

Filesize
6.0MB

MD5
4b0ecfc1b0e2aa530bf236e75ccd7f2e

SHA1
e52b7129a9325feacfb11f2cb17b5a05f5588c9e

SHA256
4cceee77a243b246c8b3f465d02fbd5d52d480b499e0490d96f3d96afbd8183e

SHA512
710b7f6a3fd3d09400cf41e198b64a98abef087f7971d2f43a88229fdfd2d3d8c4b78ba118efe4888e943c0d0fecee90600ecfc277ae09e58b2648e21c566a84

Download Submit
C:\Windows\system\aiGWOtq.exe

Filesize
6.0MB

MD5
7e8fb8c48b9d7f3fb2b5751ecc072b87

SHA1
418f5b0a6066995a9a9418f46a57295ba8fe0298

SHA256
789e500d8a2e221b4d5f0ce5dda230eb6a9e8854276563137a37851551c1adf1

SHA512
4139d9a6305b335fbbd8753527dcbf051310914b960460ad3b3ff988e33d282854a208dca88cedb6f35a4734a1aa078001d572b1a02a8fb860e1aa142b838054

Download Submit
C:\Windows\system\gCVqINd.exe

Filesize
6.0MB

MD5
584a56173799441fa5b660a390179ac3

SHA1
ffbd88f1c7675d969666a696a180069281ae14b0

SHA256
859daf02cce9542c61918b7f31ca828509870fb5f04354f3fff279681fe3cb00

SHA512
d6e6ba4eb73e08367417859f0fe4a6349f01f0dbb657fe11b0041bb2f91122ad519cade0fd7ab7dd6a0958355d2fda79556163ddf1ee6a818549c13d071cf897

Download Submit
C:\Windows\system\kOiMSXV.exe

Filesize
6.0MB

MD5
50b94caf9642d58da858a64ea08ee676

SHA1
efcdf6f222501f2c098598736767792b6494b225

SHA256
45c05954558618312fc7484938847a478dcbf941135c86b469bfc639fc566ff2

SHA512
fdcbd115db3917c933ddf7a09aa26ccfd615487ae9d8dd323b9715cebc516ff4c18f7833ba187d3459596b79eba3debb2c7bb0fb5e763e5fa741dfa0c8efd388

Download Submit
C:\Windows\system\kbKAFxt.exe

Filesize
6.0MB

MD5
d37557ba4898efe11d9fdd1763bebd20

SHA1
ac21b19e27d603aca5a8ff3a62b09993284ae063

SHA256
19b2bd363df10e1cb403d9666cf5a63681f94b85453974e23b26c0ab39293991

SHA512
e7060f119557c7a03791766e204092342842262f661b2f2c984ec4ab2f20cbd8ccf381b0e8e6cc0052480fd87a5f9c2b54ec3994b36400352b6e5d2796b46146

Download Submit
C:\Windows\system\kneRyRs.exe

Filesize
6.0MB

MD5
20f262450eea865648ef477ef1d461af

SHA1
7fefb1c88b0d7338ca3942e002caf95fd260014e

SHA256
f8313ad3c2b3f4c463d19183382d2dfc7a108849a27b178f061a8d3ca71045b9

SHA512
c219606e8f682a461e9b9bc05f3f17e6ce62588736a59b5ecf3dda562a7e0870fb5bb887ca99d2b52f2d6e577bccba8434b2f0c104704dd7fa0e932bf0f294a9

Download Submit
C:\Windows\system\nfPcxOn.exe

Filesize
6.0MB

MD5
0214c56a63f933808f43b6fc8b13c923

SHA1
cbf9b0c120c172ffba5539f307e6e3a5cd729995

SHA256
e333b1338c4a24e1b9928f893650ef44704d022f92eebd59f3510fa9df39a57b

SHA512
0790ab780419ed6f5be358e4564241fe989807389749e5eccd9628dada5faf17942541791ffde12762528f7cf4e129d4513c9345f34a391813e27cdca501f94d

Download Submit
C:\Windows\system\ngicFfW.exe

Filesize
6.0MB

MD5
475072f6bf1798c5af172ab362826edd

SHA1
980aa153fb6f84c0dc0d58d8c17fd95b4ee90825

SHA256
ec5b77d74935a4071b3c066ec4a00507de912aceffc7323cea250610cb6c7b80

SHA512
740c3d0f8e3ee238e6d3d9d9771dfe8c98a4b4a47178738fd7b19da4e39ce6a9325150e15994d5b2e32725c8e1a65675f22c54baa46e7cc1a8ab801a4ae25c53

Download Submit
C:\Windows\system\qhleUSC.exe

Filesize
6.0MB

MD5
d1387de988f0ac1e4321292901b9518f

SHA1
ce5afadbe9b7f4fc8a67da17182daf35416eba66

SHA256
08c6c61465ba89dfa3f5d2f19d4a11cc4e1ac46d312988b91b0b6006fe9d7593

SHA512
c4c56e4eaa5de367d2a24f6e6892abb87cfde6c97f9bd93e3e6d16f44d5ba16f5fef9a3e60194b0fe0cba34b34ea9a72c77dbc85fbb601b35b0e8c73f5918a0b

Download Submit
C:\Windows\system\twpwfzo.exe

Filesize
6.0MB

MD5
d759efe15736e0faa16b3d146cd3c509

SHA1
43d797c2b82c1e972a791eafe573f5ed416981ad

SHA256
60f782d0c90601dc7af8e6017f6e0d72d0b375e83c29e1b121ed8d14c3e018b8

SHA512
2274b68e02e85b7bb560c73361994323f8fc5c2e3ae28ca61dbc22fdd04e19635b605e68638a563dcf07a25937e1646bfe6e8b80c3f2f0a504a106fbdf2ffa42

Download Submit
\Windows\system\CvvlPdp.exe

Filesize
6.0MB

MD5
9158b6d0f75cdb1f4b7ec9a8871e0437

SHA1
4831b9788f034c1ed667f7fae2b1a19a86c41887

SHA256
f4caecdcdbcc814d3d781283060371d288ead0efee326f3f3bacdd6d033dee96

SHA512
d5911f834125887d4d847698953fc3891c7a5c7925331fed9c8230273b2697ce9b037e20f4c1473c8c2aded3c498d2335fdfc07a7c780eb1466a7c58886d5f5f

Download Submit
\Windows\system\GHDyDux.exe

Filesize
6.0MB

MD5
09525e09da6fc327be1e69425674fcd9

SHA1
bbfe70bbd2784332721470b813e898ea59bea76d

SHA256
699ade9ce3bba57be1970f9312aa424f6dab34e00f1cbcaacae3558659c4a489

SHA512
e9d58ff76986d9294b58263a211e597318f8f256fba0c18125142593f461985439cf68b239c33f817d460b7537a70c13173e791a3a9039bb1129964ecb6bd8d1

Download Submit
\Windows\system\JYRhLKp.exe

Filesize
6.0MB

MD5
63d0b67b76684c9e608b007eaf42050a

SHA1
d5013e8efd9fcad47a955d48b82d9261d94e8135

SHA256
5a7f3071354e02b1d617d559d81f4d88172917d6f9e5d0655e38db924962d9a0

SHA512
72c4ba5c8de9f4f034166e23b3fc907c1262a96defbb868495863d68453d049c1d586e85ba30e7f544dc58926362656ea13251aa776ef542ada77f1c0b1dc069

Download Submit
\Windows\system\KAJxuIg.exe

Filesize
6.0MB

MD5
0cc830a47fa609c031ee2f98a8a4b5f0

SHA1
b1af881053e35660b798a3d8f7742f8f5188fdc0

SHA256
401cfd02c5c21dbe3b89cd14629f27621d9a23440c16e4106ab356386f441e2d

SHA512
58c02fec9464ac8b4bebc2976f51ca3117bba5ab37ed566376f910421fd72f5775d1701c1f2558dee54a124a62c3e620f7a69989a8c9615b74b741e7909f4b21

Download Submit
\Windows\system\KjxJAcj.exe

Filesize
6.0MB

MD5
7f576472e33378bc22326f4ff56fa484

SHA1
48ca43dd10c9fd057569b9555d233dc20d873ca8

SHA256
09255be193dbca84feddf6b7a84d84f69018fbe28818cfeeb40ffb3f8f70dd17

SHA512
9ca40dbae318b99eb153a08699249a9b74e45254d4603c9e2addb2e2d81be19338b8a6472bdfb1423f26cd23958367f53f017aa869034748cbb8bbe7dd62eb75

Download Submit
\Windows\system\NAHiEPZ.exe

Filesize
6.0MB

MD5
3573054463e03f1660bac7e7e404852a

SHA1
d66604139f26726331f4e4128ba6b422d277b843

SHA256
bd9bf1cd2b84cf2e572dc31a4a9a6f2056cc55ec626348753e718cedd1ab0c52

SHA512
8ec4b59782f949c38fbba4fbf3296153c3d7b0e89d8439ebb3e4ab1518bc5d3609681da25e544ebefa66b165d61440b457a153c1b21183200ceca6870cc40a04

Download Submit
\Windows\system\RgwMaTX.exe

Filesize
6.0MB

MD5
88eef2f8116c1da35768f7843d5076ba

SHA1
3315bff0094471c02cb7b324e03ac97b2fa0e8ee

SHA256
877cd1d0bbf591548b27440e74500bdcb0fa22bb79e788d75a5e0aaa84cfd77f

SHA512
a55a4e39fbd04e7843e4032255ced53f0558504205b89d1a1492367401bdbe59ddc5503016d2a730f51b2902a2f3412df68d48ef5f228658a3c33d29836dbdd5

Download Submit
\Windows\system\tCzoyuu.exe

Filesize
6.0MB

MD5
d8195d67ea84aa7400963104fcc3eb5f

SHA1
404d20b09435b244444b34f8c85770d6eb77e9c2

SHA256
e32502d41a94a3aa3ced0e88fc53b43ce09c952872d8c0a9b3d9034062e8ce49

SHA512
820d82a1051a3f8533dda18faefd8e7a16c02469be5443e809a4422fc561a56e974a98c53856a007344850e1d4e249249f2e0404f846242b960c9e02326dd6a5

Download Submit
memory/880-105-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/880-1273-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/880-4018-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/1664-98-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-886-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1664-4019-0x000000013F590000-0x000000013F8E4000-memory.dmp

Filesize
3.3MB

Download
memory/1792-4010-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1792-42-0x000000013F3A0000-0x000000013F6F4000-memory.dmp

Filesize
3.3MB

Download
memory/1804-30-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1804-72-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1804-4008-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/1848-47-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1848-8-0x000000013F1C0000-0x000000013F514000-memory.dmp

Filesize
3.3MB

Download
memory/1884-4009-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-21-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/1884-58-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-4007-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2092-15-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2092-57-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2168-109-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2168-73-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-623-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2168-67-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2168-94-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2168-1520-0x000000013FAF0000-0x000000013FE44000-memory.dmp

Filesize
3.3MB

Download
memory/2168-1041-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2168-771-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2168-75-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2168-43-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-101-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2168-39-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-36-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2168-6-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2168-95-0x0000000002440000-0x0000000002794000-memory.dmp

Filesize
3.3MB

Download
memory/2168-13-0x000000013F910000-0x000000013FC64000-memory.dmp

Filesize
3.3MB

Download
memory/2168-27-0x000000013FDE0000-0x0000000140134000-memory.dmp

Filesize
3.3MB

Download
memory/2168-19-0x000000013FC80000-0x000000013FFD4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-86-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/2168-102-0x000000013FEB0000-0x0000000140204000-memory.dmp

Filesize
3.3MB

Download
memory/2168-1-0x00000000000F0000-0x0000000000100000-memory.dmp

Filesize
64KB

Download
memory/2168-82-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/2168-60-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2168-108-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2168-0-0x000000013F450000-0x000000013F7A4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-76-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-4015-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2604-272-0x000000013FF70000-0x00000001402C4000-memory.dmp

Filesize
3.3MB

Download
memory/2740-51-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2740-4012-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2740-89-0x000000013FAC0000-0x000000013FE14000-memory.dmp

Filesize
3.3MB

Download
memory/2768-68-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2768-4014-0x000000013FA20000-0x000000013FD74000-memory.dmp

Filesize
3.3MB

Download
memory/2780-4011-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2780-45-0x000000013F0A0000-0x000000013F3F4000-memory.dmp

Filesize
3.3MB

Download
memory/2928-4013-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/2928-61-0x000000013F9C0000-0x000000013FD14000-memory.dmp

Filesize
3.3MB

Download
memory/3020-84-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/3020-4016-0x000000013F7B0000-0x000000013FB04000-memory.dmp

Filesize
3.3MB

Download
memory/3028-696-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/3028-4017-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download
memory/3028-90-0x000000013FC40000-0x000000013FF94000-memory.dmp

Filesize
3.3MB

Download