cobaltstrike | 58e81230bc0e447883d08f7e92af686e3784d1f64603d0f592fe9805b0b76862

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
24-01-2025 23:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
Size

6.0MB
MD5

e52e817b5424bc558c398db1d1ff3205
SHA1

083827f0c4b7405029efb16865efb8ba35902416
SHA256

58e81230bc0e447883d08f7e92af686e3784d1f64603d0f592fe9805b0b76862
SHA512

4630a74f2bf1b4ee7f464e4e5682dc5a904d5a6e671524d182b27b645762571251ba7af3072a8b8723ded94a8f3baf90f96353581d884eb5e4cb651e15e11726
SSDEEP

98304:oemTLkNdfE0pZrD56utgpPFotBER/mQ32lUS:T+q56utgpPF8u/7S

Score

10^/10

cobaltstrike xmrig 0 backdoor miner persistence privilege_escalation trojan upx

Malware Config

Extracted

Family

cobaltstrike

Botnet

http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books

Attributes

access_type
512
beacon_type
256
create_remote_thread
768
crypto_scheme
256
host
ns7.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns8.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books,ns9.softline.top,/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http_header1
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAUSG9zdDogd3d3LmFtYXpvbi5jb20AAAAHAAAAAAAAAAMAAAACAAAADnNlc3Npb24tdG9rZW49AAAAAgAAAAxza2luPW5vc2tpbjsAAAABAAAALGNzbS1oaXQ9cy0yNEtVMTFCQjgyUlpTWUdKM0JES3wxNDE5ODk5MDEyOTk2AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
http_header2
AAAACgAAAAtBY2NlcHQ6ICovKgAAAAoAAAAWQ29udGVudC1UeXBlOiB0ZXh0L3htbAAAAAoAAAAgWC1SZXF1ZXN0ZWQtV2l0aDogWE1MSHR0cFJlcXVlc3QAAAAKAAAAFEhvc3Q6IHd3dy5hbWF6b24uY29tAAAACQAAAApzej0xNjB4NjAwAAAACQAAABFvZT1vZT1JU08tODg1OS0xOwAAAAcAAAAAAAAABQAAAAJzbgAAAAkAAAAGcz0zNzE3AAAACQAAACJkY19yZWY9aHR0cCUzQSUyRiUyRnd3dy5hbWF6b24uY29tAAAABwAAAAEAAAADAAAABAAAAAAAAA==
http_method1
GET
http_method2
POST
maxdns
255
pipe_name
\\%s\pipe\msagent_%x
polling_time
5000
port_number
443
sc_process32
%windir%\syswow64\rundll32.exe
sc_process64
%windir%\sysnative\rundll32.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDI579oVVII0cYncGonU6vTWyFhqmq8w5QwvI8qsoWeV68Ngy+MjNPX2crcSVVWKQ3j09FII28KTmoE1XFVjEXF3WytRSlDe1OKfOAHX3XYkS9LcUAy0eRl2h4a73hrg1ir/rpisNT6hHtYaK3tmH8DgW/n1XfTfbWk1MZ7cXQHWQIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4096
unknown2
AAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/N4215/adj/amzn.us.sr.aps
user_agent
Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
watermark
0

Signatures

Cobalt Strike reflective loader 32 IoCs

Detects the reflective loader used by Cobalt Strike.

resource	yara_rule
behavioral1/files/0x000c00000001202c-3.dat	cobalt_reflective_dll
behavioral1/files/0x0009000000016b47-12.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016c66-19.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016c88-23.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cf5-34.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017049-43.dat	cobalt_reflective_dll
behavioral1/files/0x0007000000016cd7-33.dat	cobalt_reflective_dll
behavioral1/files/0x0008000000016d3a-51.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000017497-48.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001749c-59.dat	cobalt_reflective_dll
behavioral1/files/0x000600000001755b-76.dat	cobalt_reflective_dll
behavioral1/files/0x00090000000165c7-75.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018686-88.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186e7-94.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186ed-102.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f1-109.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019360-170.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000193a6-174.dat	cobalt_reflective_dll
behavioral1/files/0x000500000001933f-166.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019297-162.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019284-158.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019278-154.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019269-150.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019250-146.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000019246-142.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018c16-138.dat	cobalt_reflective_dll
behavioral1/files/0x0006000000018b4e-134.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000187a8-130.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018744-126.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018739-122.dat	cobalt_reflective_dll
behavioral1/files/0x0005000000018704-118.dat	cobalt_reflective_dll
behavioral1/files/0x00050000000186f4-113.dat	cobalt_reflective_dll

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Cobaltstrike family
cobaltstrike
Xmrig family
xmrig
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/memory/1988-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/files/0x000c00000001202c-3.dat	xmrig
behavioral1/files/0x0009000000016b47-12.dat	xmrig
behavioral1/memory/1900-15-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/752-13-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/files/0x0008000000016c66-19.dat	xmrig
behavioral1/memory/2296-22-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1988-20-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/files/0x0007000000016c88-23.dat	xmrig
behavioral1/memory/2428-28-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/files/0x0007000000016cf5-34.dat	xmrig
behavioral1/memory/1232-36-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/files/0x0006000000017049-43.dat	xmrig
behavioral1/files/0x0007000000016cd7-33.dat	xmrig
behavioral1/files/0x0008000000016d3a-51.dat	xmrig
behavioral1/memory/1988-50-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x0006000000017497-48.dat	xmrig
behavioral1/memory/1988-42-0x000000013FA10000-0x000000013FD64000-memory.dmp	xmrig
behavioral1/memory/2868-62-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/files/0x000600000001749c-59.dat	xmrig
behavioral1/files/0x000600000001755b-76.dat	xmrig
behavioral1/memory/2656-82-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2520-84-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig
behavioral1/memory/2588-83-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2460-78-0x000000013F340000-0x000000013F694000-memory.dmp	xmrig
behavioral1/files/0x00090000000165c7-75.dat	xmrig
behavioral1/memory/2796-66-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2720-57-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/memory/2428-89-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/1232-93-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/1844-91-0x000000013FE30000-0x0000000140184000-memory.dmp	xmrig
behavioral1/files/0x0005000000018686-88.dat	xmrig
behavioral1/files/0x00050000000186e7-94.dat	xmrig
behavioral1/memory/1028-101-0x000000013F420000-0x000000013F774000-memory.dmp	xmrig
behavioral1/memory/2720-100-0x000000013F9E0000-0x000000013FD34000-memory.dmp	xmrig
behavioral1/files/0x00050000000186ed-102.dat	xmrig
behavioral1/files/0x00050000000186f1-109.dat	xmrig
behavioral1/files/0x0005000000019360-170.dat	xmrig
behavioral1/files/0x00050000000193a6-174.dat	xmrig
behavioral1/files/0x000500000001933f-166.dat	xmrig
behavioral1/files/0x0005000000019297-162.dat	xmrig
behavioral1/files/0x0005000000019284-158.dat	xmrig
behavioral1/files/0x0005000000019278-154.dat	xmrig
behavioral1/files/0x0005000000019269-150.dat	xmrig
behavioral1/files/0x0005000000019250-146.dat	xmrig
behavioral1/files/0x0005000000019246-142.dat	xmrig
behavioral1/files/0x0006000000018c16-138.dat	xmrig
behavioral1/files/0x0006000000018b4e-134.dat	xmrig
behavioral1/files/0x00050000000187a8-130.dat	xmrig
behavioral1/files/0x0005000000018744-126.dat	xmrig
behavioral1/files/0x0005000000018739-122.dat	xmrig
behavioral1/files/0x0005000000018704-118.dat	xmrig
behavioral1/files/0x00050000000186f4-113.dat	xmrig
behavioral1/memory/1988-106-0x00000000024B0000-0x0000000002804000-memory.dmp	xmrig
behavioral1/memory/752-3127-0x000000013F9F0000-0x000000013FD44000-memory.dmp	xmrig
behavioral1/memory/1900-3128-0x000000013F260000-0x000000013F5B4000-memory.dmp	xmrig
behavioral1/memory/2428-3164-0x000000013F490000-0x000000013F7E4000-memory.dmp	xmrig
behavioral1/memory/2296-3170-0x000000013F400000-0x000000013F754000-memory.dmp	xmrig
behavioral1/memory/1232-3175-0x000000013F900000-0x000000013FC54000-memory.dmp	xmrig
behavioral1/memory/2868-3174-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	xmrig
behavioral1/memory/2796-3173-0x000000013FBF0000-0x000000013FF44000-memory.dmp	xmrig
behavioral1/memory/2588-3227-0x000000013F1E0000-0x000000013F534000-memory.dmp	xmrig
behavioral1/memory/2656-3228-0x000000013F230000-0x000000013F584000-memory.dmp	xmrig
behavioral1/memory/2520-3226-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	xmrig

Executes dropped EXE 64 IoCs

pid	Process
752	LjeHzHv.exe
1900	yWMMhoL.exe
2296	Tiamseo.exe
2428	BoAvdhU.exe
1232	TchftPG.exe
2796	VjfrxFk.exe
2720	QcNEbBS.exe
2868	KSxsPux.exe
2460	hYTJAmE.exe
2656	aQBPjyx.exe
2520	zVbZqRI.exe
2588	Ukzxnct.exe
1844	kwDYjol.exe
1028	spCUoXr.exe
1964	YYIPbZL.exe
800	SLYKWBT.exe
2012	mHvalzh.exe
2016	UWOPMzA.exe
1968	UNddQiB.exe
1700	zERCdIn.exe
1732	vCNgicc.exe
2944	IesuFwC.exe
2860	BlvXSLf.exe
2820	rYyvQgv.exe
600	ZUHrNNJ.exe
2380	srkxXLl.exe
2988	bklPwVv.exe
2196	CwnrrUN.exe
2172	BFEZYxj.exe
872	OhBkpSU.exe
3036	RAMhygw.exe
1300	kESiQuY.exe
2144	pLolxrF.exe
692	ztapHsb.exe
1468	evxeEnR.exe
1304	YUBnyWU.exe
944	ueCGkPU.exe
1540	CNJfyvO.exe
1924	EVbQGeK.exe
2208	EBgtcXJ.exe
2340	pHwxTOe.exe
2076	FsiGrte.exe
1616	PQrYXAD.exe
748	dluKzno.exe
1208	EAsbnRG.exe
1136	ikKEzLg.exe
2420	GIPzxMH.exe
324	RLXgrdI.exe
596	AUuGDWR.exe
1236	AEayctT.exe
3052	XffEguu.exe
2936	TOsomAW.exe
2192	pNPjWPA.exe
272	UJTvmJO.exe
564	jkfXQCX.exe
2408	xAYqbzC.exe
3060	gIgJTZY.exe
2416	oqHlgUZ.exe
2228	hYDPgBj.exe
2556	JzhTYul.exe
2508	fsnLDMk.exe
1636	nbHcfjr.exe
2672	nCwyDGh.exe
2292	uBnzTlx.exe

Loads dropped DLL 64 IoCs

pid	Process
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1988-0-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-3.dat	upx
behavioral1/files/0x0009000000016b47-12.dat	upx
behavioral1/memory/1900-15-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/752-13-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/files/0x0008000000016c66-19.dat	upx
behavioral1/memory/2296-22-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/files/0x0007000000016c88-23.dat	upx
behavioral1/memory/2428-28-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/files/0x0007000000016cf5-34.dat	upx
behavioral1/memory/1232-36-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/files/0x0006000000017049-43.dat	upx
behavioral1/files/0x0007000000016cd7-33.dat	upx
behavioral1/files/0x0008000000016d3a-51.dat	upx
behavioral1/files/0x0006000000017497-48.dat	upx
behavioral1/memory/1988-42-0x000000013FA10000-0x000000013FD64000-memory.dmp	upx
behavioral1/memory/2868-62-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/files/0x000600000001749c-59.dat	upx
behavioral1/files/0x000600000001755b-76.dat	upx
behavioral1/memory/2656-82-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2520-84-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2588-83-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2460-78-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/files/0x00090000000165c7-75.dat	upx
behavioral1/memory/2796-66-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2720-57-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2428-89-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/1232-93-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/1844-91-0x000000013FE30000-0x0000000140184000-memory.dmp	upx
behavioral1/files/0x0005000000018686-88.dat	upx
behavioral1/files/0x00050000000186e7-94.dat	upx
behavioral1/memory/1028-101-0x000000013F420000-0x000000013F774000-memory.dmp	upx
behavioral1/memory/2720-100-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/files/0x00050000000186ed-102.dat	upx
behavioral1/files/0x00050000000186f1-109.dat	upx
behavioral1/files/0x0005000000019360-170.dat	upx
behavioral1/files/0x00050000000193a6-174.dat	upx
behavioral1/files/0x000500000001933f-166.dat	upx
behavioral1/files/0x0005000000019297-162.dat	upx
behavioral1/files/0x0005000000019284-158.dat	upx
behavioral1/files/0x0005000000019278-154.dat	upx
behavioral1/files/0x0005000000019269-150.dat	upx
behavioral1/files/0x0005000000019250-146.dat	upx
behavioral1/files/0x0005000000019246-142.dat	upx
behavioral1/files/0x0006000000018c16-138.dat	upx
behavioral1/files/0x0006000000018b4e-134.dat	upx
behavioral1/files/0x00050000000187a8-130.dat	upx
behavioral1/files/0x0005000000018744-126.dat	upx
behavioral1/files/0x0005000000018739-122.dat	upx
behavioral1/files/0x0005000000018704-118.dat	upx
behavioral1/files/0x00050000000186f4-113.dat	upx
behavioral1/memory/752-3127-0x000000013F9F0000-0x000000013FD44000-memory.dmp	upx
behavioral1/memory/1900-3128-0x000000013F260000-0x000000013F5B4000-memory.dmp	upx
behavioral1/memory/2428-3164-0x000000013F490000-0x000000013F7E4000-memory.dmp	upx
behavioral1/memory/2296-3170-0x000000013F400000-0x000000013F754000-memory.dmp	upx
behavioral1/memory/1232-3175-0x000000013F900000-0x000000013FC54000-memory.dmp	upx
behavioral1/memory/2868-3174-0x000000013F6A0000-0x000000013F9F4000-memory.dmp	upx
behavioral1/memory/2796-3173-0x000000013FBF0000-0x000000013FF44000-memory.dmp	upx
behavioral1/memory/2588-3227-0x000000013F1E0000-0x000000013F534000-memory.dmp	upx
behavioral1/memory/2656-3228-0x000000013F230000-0x000000013F584000-memory.dmp	upx
behavioral1/memory/2520-3226-0x000000013F1A0000-0x000000013F4F4000-memory.dmp	upx
behavioral1/memory/2720-3225-0x000000013F9E0000-0x000000013FD34000-memory.dmp	upx
behavioral1/memory/2460-3239-0x000000013F340000-0x000000013F694000-memory.dmp	upx
behavioral1/memory/1844-3536-0x000000013FE30000-0x0000000140184000-memory.dmp	upx

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\fAlaLiA.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fQkmDsd.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zdhGgOY.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PxCqtfR.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\FCeoxDA.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPTrogt.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mgxqfzi.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kAleUlm.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\CwnrrUN.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\lGGoxQa.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\nDjtkGb.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vGpnJWb.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\PlfYASK.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XXXSTvN.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\mYmPdXg.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\DqiLNRc.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\MKLmbus.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\dPfPcxV.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\fNAfAEU.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OBgWcAC.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\OXVsuoI.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zLawcQG.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jZpCkdl.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zHfFzTl.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ygMrXBK.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\IQTWhWu.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zpvTMCd.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\ZjQBDDa.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XTWzwQj.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\AALfhAc.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\yWINIuQ.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\JzhTYul.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LWQlFHB.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oSFEjya.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\jrpPnlo.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\oFeKenU.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KsnkNXQ.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kBpgXsI.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\kmYEuad.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\pYmUfCB.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RFvFyFx.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iGchtoS.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\varpNrU.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\LOVGIaW.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\vgIDwTt.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\RRuWrqQ.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\HPuVNqE.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XIjlpYZ.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\SLYKWBT.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XhfuvDy.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\XxAKhDr.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zkvoMOt.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\zFoiCVM.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\laYrilg.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\auUjevc.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\cdNsYEm.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\YjeRVzR.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\wTptxSs.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iaCWgFe.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\tFZotcl.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\KrSxbMU.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\BbHrsjJ.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\iUhXGjY.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
File created	C:\Windows\System\knUwNSp.exe	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 752	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1988 wrote to memory of 752	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1988 wrote to memory of 752	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	31
PID 1988 wrote to memory of 1900	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1988 wrote to memory of 1900	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1988 wrote to memory of 1900	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	32
PID 1988 wrote to memory of 2296	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1988 wrote to memory of 2296	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1988 wrote to memory of 2296	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	33
PID 1988 wrote to memory of 2428	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1988 wrote to memory of 2428	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1988 wrote to memory of 2428	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	34
PID 1988 wrote to memory of 1232	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1988 wrote to memory of 1232	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1988 wrote to memory of 1232	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	35
PID 1988 wrote to memory of 2796	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1988 wrote to memory of 2796	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1988 wrote to memory of 2796	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	36
PID 1988 wrote to memory of 2868	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1988 wrote to memory of 2868	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1988 wrote to memory of 2868	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	37
PID 1988 wrote to memory of 2720	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1988 wrote to memory of 2720	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1988 wrote to memory of 2720	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	38
PID 1988 wrote to memory of 2460	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1988 wrote to memory of 2460	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1988 wrote to memory of 2460	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	39
PID 1988 wrote to memory of 2520	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1988 wrote to memory of 2520	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1988 wrote to memory of 2520	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	40
PID 1988 wrote to memory of 2656	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1988 wrote to memory of 2656	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1988 wrote to memory of 2656	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	41
PID 1988 wrote to memory of 2588	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1988 wrote to memory of 2588	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1988 wrote to memory of 2588	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	42
PID 1988 wrote to memory of 1844	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1988 wrote to memory of 1844	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1988 wrote to memory of 1844	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	43
PID 1988 wrote to memory of 1028	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1988 wrote to memory of 1028	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1988 wrote to memory of 1028	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	44
PID 1988 wrote to memory of 1964	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1988 wrote to memory of 1964	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1988 wrote to memory of 1964	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	46
PID 1988 wrote to memory of 800	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1988 wrote to memory of 800	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1988 wrote to memory of 800	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	47
PID 1988 wrote to memory of 2012	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1988 wrote to memory of 2012	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1988 wrote to memory of 2012	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	48
PID 1988 wrote to memory of 2016	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1988 wrote to memory of 2016	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1988 wrote to memory of 2016	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	49
PID 1988 wrote to memory of 1968	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1988 wrote to memory of 1968	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1988 wrote to memory of 1968	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	50
PID 1988 wrote to memory of 1700	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1988 wrote to memory of 1700	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1988 wrote to memory of 1700	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	51
PID 1988 wrote to memory of 1732	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1988 wrote to memory of 1732	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1988 wrote to memory of 1732	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	52
PID 1988 wrote to memory of 2944	1988	2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe	53

C:\Users\Admin\AppData\Local\Temp\2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe
"C:\Users\Admin\AppData\Local\Temp\2025-01-24_e52e817b5424bc558c398db1d1ff3205_cobalt-strike_cobaltstrike_poet-rat.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\System\LjeHzHv.exe
  C:\Windows\System\LjeHzHv.exe
  2⤵
  - Executes dropped EXE
  PID:752
- C:\Windows\System\yWMMhoL.exe
  C:\Windows\System\yWMMhoL.exe
  2⤵
  - Executes dropped EXE
  PID:1900
- C:\Windows\System\Tiamseo.exe
  C:\Windows\System\Tiamseo.exe
  2⤵
  - Executes dropped EXE
  PID:2296
- C:\Windows\System\BoAvdhU.exe
  C:\Windows\System\BoAvdhU.exe
  2⤵
  - Executes dropped EXE
  PID:2428
- C:\Windows\System\TchftPG.exe
  C:\Windows\System\TchftPG.exe
  2⤵
  - Executes dropped EXE
  PID:1232
- C:\Windows\System\VjfrxFk.exe
  C:\Windows\System\VjfrxFk.exe
  2⤵
  - Executes dropped EXE
  PID:2796
- C:\Windows\System\KSxsPux.exe
  C:\Windows\System\KSxsPux.exe
  2⤵
  - Executes dropped EXE
  PID:2868
- C:\Windows\System\QcNEbBS.exe
  C:\Windows\System\QcNEbBS.exe
  2⤵
  - Executes dropped EXE
  PID:2720
- C:\Windows\System\hYTJAmE.exe
  C:\Windows\System\hYTJAmE.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\zVbZqRI.exe
  C:\Windows\System\zVbZqRI.exe
  2⤵
  - Executes dropped EXE
  PID:2520
- C:\Windows\System\aQBPjyx.exe
  C:\Windows\System\aQBPjyx.exe
  2⤵
  - Executes dropped EXE
  PID:2656
- C:\Windows\System\Ukzxnct.exe
  C:\Windows\System\Ukzxnct.exe
  2⤵
  - Executes dropped EXE
  PID:2588
- C:\Windows\System\kwDYjol.exe
  C:\Windows\System\kwDYjol.exe
  2⤵
  - Executes dropped EXE
  PID:1844
- C:\Windows\System\spCUoXr.exe
  C:\Windows\System\spCUoXr.exe
  2⤵
  - Executes dropped EXE
  PID:1028
- C:\Windows\System\YYIPbZL.exe
  C:\Windows\System\YYIPbZL.exe
  2⤵
  - Executes dropped EXE
  PID:1964
- C:\Windows\System\SLYKWBT.exe
  C:\Windows\System\SLYKWBT.exe
  2⤵
  - Executes dropped EXE
  PID:800
- C:\Windows\System\mHvalzh.exe
  C:\Windows\System\mHvalzh.exe
  2⤵
  - Executes dropped EXE
  PID:2012
- C:\Windows\System\UWOPMzA.exe
  C:\Windows\System\UWOPMzA.exe
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Windows\System\UNddQiB.exe
  C:\Windows\System\UNddQiB.exe
  2⤵
  - Executes dropped EXE
  PID:1968
- C:\Windows\System\zERCdIn.exe
  C:\Windows\System\zERCdIn.exe
  2⤵
  - Executes dropped EXE
  PID:1700
- C:\Windows\System\vCNgicc.exe
  C:\Windows\System\vCNgicc.exe
  2⤵
  - Executes dropped EXE
  PID:1732
- C:\Windows\System\IesuFwC.exe
  C:\Windows\System\IesuFwC.exe
  2⤵
  - Executes dropped EXE
  PID:2944
- C:\Windows\System\BlvXSLf.exe
  C:\Windows\System\BlvXSLf.exe
  2⤵
  - Executes dropped EXE
  PID:2860
- C:\Windows\System\rYyvQgv.exe
  C:\Windows\System\rYyvQgv.exe
  2⤵
  - Executes dropped EXE
  PID:2820
- C:\Windows\System\ZUHrNNJ.exe
  C:\Windows\System\ZUHrNNJ.exe
  2⤵
  - Executes dropped EXE
  PID:600
- C:\Windows\System\srkxXLl.exe
  C:\Windows\System\srkxXLl.exe
  2⤵
  - Executes dropped EXE
  PID:2380
- C:\Windows\System\bklPwVv.exe
  C:\Windows\System\bklPwVv.exe
  2⤵
  - Executes dropped EXE
  PID:2988
- C:\Windows\System\CwnrrUN.exe
  C:\Windows\System\CwnrrUN.exe
  2⤵
  - Executes dropped EXE
  PID:2196
- C:\Windows\System\BFEZYxj.exe
  C:\Windows\System\BFEZYxj.exe
  2⤵
  - Executes dropped EXE
  PID:2172
- C:\Windows\System\OhBkpSU.exe
  C:\Windows\System\OhBkpSU.exe
  2⤵
  - Executes dropped EXE
  PID:872
- C:\Windows\System\RAMhygw.exe
  C:\Windows\System\RAMhygw.exe
  2⤵
  - Executes dropped EXE
  PID:3036
- C:\Windows\System\kESiQuY.exe
  C:\Windows\System\kESiQuY.exe
  2⤵
  - Executes dropped EXE
  PID:1300
- C:\Windows\System\pLolxrF.exe
  C:\Windows\System\pLolxrF.exe
  2⤵
  - Executes dropped EXE
  PID:2144
- C:\Windows\System\ztapHsb.exe
  C:\Windows\System\ztapHsb.exe
  2⤵
  - Executes dropped EXE
  PID:692
- C:\Windows\System\evxeEnR.exe
  C:\Windows\System\evxeEnR.exe
  2⤵
  - Executes dropped EXE
  PID:1468
- C:\Windows\System\YUBnyWU.exe
  C:\Windows\System\YUBnyWU.exe
  2⤵
  - Executes dropped EXE
  PID:1304
- C:\Windows\System\ueCGkPU.exe
  C:\Windows\System\ueCGkPU.exe
  2⤵
  - Executes dropped EXE
  PID:944
- C:\Windows\System\CNJfyvO.exe
  C:\Windows\System\CNJfyvO.exe
  2⤵
  - Executes dropped EXE
  PID:1540
- C:\Windows\System\EVbQGeK.exe
  C:\Windows\System\EVbQGeK.exe
  2⤵
  - Executes dropped EXE
  PID:1924
- C:\Windows\System\EBgtcXJ.exe
  C:\Windows\System\EBgtcXJ.exe
  2⤵
  - Executes dropped EXE
  PID:2208
- C:\Windows\System\pHwxTOe.exe
  C:\Windows\System\pHwxTOe.exe
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\System\FsiGrte.exe
  C:\Windows\System\FsiGrte.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\PQrYXAD.exe
  C:\Windows\System\PQrYXAD.exe
  2⤵
  - Executes dropped EXE
  PID:1616
- C:\Windows\System\dluKzno.exe
  C:\Windows\System\dluKzno.exe
  2⤵
  - Executes dropped EXE
  PID:748
- C:\Windows\System\EAsbnRG.exe
  C:\Windows\System\EAsbnRG.exe
  2⤵
  - Executes dropped EXE
  PID:1208
- C:\Windows\System\ikKEzLg.exe
  C:\Windows\System\ikKEzLg.exe
  2⤵
  - Executes dropped EXE
  PID:1136
- C:\Windows\System\GIPzxMH.exe
  C:\Windows\System\GIPzxMH.exe
  2⤵
  - Executes dropped EXE
  PID:2420
- C:\Windows\System\RLXgrdI.exe
  C:\Windows\System\RLXgrdI.exe
  2⤵
  - Executes dropped EXE
  PID:324
- C:\Windows\System\AUuGDWR.exe
  C:\Windows\System\AUuGDWR.exe
  2⤵
  - Executes dropped EXE
  PID:596
- C:\Windows\System\AEayctT.exe
  C:\Windows\System\AEayctT.exe
  2⤵
  - Executes dropped EXE
  PID:1236
- C:\Windows\System\XffEguu.exe
  C:\Windows\System\XffEguu.exe
  2⤵
  - Executes dropped EXE
  PID:3052
- C:\Windows\System\TOsomAW.exe
  C:\Windows\System\TOsomAW.exe
  2⤵
  - Executes dropped EXE
  PID:2936
- C:\Windows\System\pNPjWPA.exe
  C:\Windows\System\pNPjWPA.exe
  2⤵
  - Executes dropped EXE
  PID:2192
- C:\Windows\System\UJTvmJO.exe
  C:\Windows\System\UJTvmJO.exe
  2⤵
  - Executes dropped EXE
  PID:272
- C:\Windows\System\jkfXQCX.exe
  C:\Windows\System\jkfXQCX.exe
  2⤵
  - Executes dropped EXE
  PID:564
- C:\Windows\System\xAYqbzC.exe
  C:\Windows\System\xAYqbzC.exe
  2⤵
  - Executes dropped EXE
  PID:2408
- C:\Windows\System\gIgJTZY.exe
  C:\Windows\System\gIgJTZY.exe
  2⤵
  - Executes dropped EXE
  PID:3060
- C:\Windows\System\oqHlgUZ.exe
  C:\Windows\System\oqHlgUZ.exe
  2⤵
  - Executes dropped EXE
  PID:2416
- C:\Windows\System\hYDPgBj.exe
  C:\Windows\System\hYDPgBj.exe
  2⤵
  - Executes dropped EXE
  PID:2228
- C:\Windows\System\JzhTYul.exe
  C:\Windows\System\JzhTYul.exe
  2⤵
  - Executes dropped EXE
  PID:2556
- C:\Windows\System\fsnLDMk.exe
  C:\Windows\System\fsnLDMk.exe
  2⤵
  - Executes dropped EXE
  PID:2508
- C:\Windows\System\nbHcfjr.exe
  C:\Windows\System\nbHcfjr.exe
  2⤵
  - Executes dropped EXE
  PID:1636
- C:\Windows\System\nCwyDGh.exe
  C:\Windows\System\nCwyDGh.exe
  2⤵
  - Executes dropped EXE
  PID:2672
- C:\Windows\System\uBnzTlx.exe
  C:\Windows\System\uBnzTlx.exe
  2⤵
  - Executes dropped EXE
  PID:2292
- C:\Windows\System\kCNjSbs.exe
  C:\Windows\System\kCNjSbs.exe
  2⤵
  PID:1668
- C:\Windows\System\bYyLHAi.exe
  C:\Windows\System\bYyLHAi.exe
  2⤵
  PID:2816
- C:\Windows\System\HImcOpN.exe
  C:\Windows\System\HImcOpN.exe
  2⤵
  PID:2600
- C:\Windows\System\bfBbKuJ.exe
  C:\Windows\System\bfBbKuJ.exe
  2⤵
  PID:2740
- C:\Windows\System\PHjVnDU.exe
  C:\Windows\System\PHjVnDU.exe
  2⤵
  PID:2884
- C:\Windows\System\KKxrncN.exe
  C:\Windows\System\KKxrncN.exe
  2⤵
  PID:2728
- C:\Windows\System\lLLnDCw.exe
  C:\Windows\System\lLLnDCw.exe
  2⤵
  PID:2612
- C:\Windows\System\BriFscK.exe
  C:\Windows\System\BriFscK.exe
  2⤵
  PID:2432
- C:\Windows\System\imlaXfq.exe
  C:\Windows\System\imlaXfq.exe
  2⤵
  PID:2500
- C:\Windows\System\rgSerdN.exe
  C:\Windows\System\rgSerdN.exe
  2⤵
  PID:2772
- C:\Windows\System\VuNlHJc.exe
  C:\Windows\System\VuNlHJc.exe
  2⤵
  PID:2596
- C:\Windows\System\WYzzMYb.exe
  C:\Windows\System\WYzzMYb.exe
  2⤵
  PID:2712
- C:\Windows\System\KsnkNXQ.exe
  C:\Windows\System\KsnkNXQ.exe
  2⤵
  PID:2000
- C:\Windows\System\gqWJJLb.exe
  C:\Windows\System\gqWJJLb.exe
  2⤵
  PID:2652
- C:\Windows\System\uxkWQJh.exe
  C:\Windows\System\uxkWQJh.exe
  2⤵
  PID:1884
- C:\Windows\System\YPAYLSy.exe
  C:\Windows\System\YPAYLSy.exe
  2⤵
  PID:2640
- C:\Windows\System\FCeoxDA.exe
  C:\Windows\System\FCeoxDA.exe
  2⤵
  PID:2676
- C:\Windows\System\FwKswsL.exe
  C:\Windows\System\FwKswsL.exe
  2⤵
  PID:2644
- C:\Windows\System\eqxTyMp.exe
  C:\Windows\System\eqxTyMp.exe
  2⤵
  PID:1000
- C:\Windows\System\FibtBrx.exe
  C:\Windows\System\FibtBrx.exe
  2⤵
  PID:1440
- C:\Windows\System\GsHsIrK.exe
  C:\Windows\System\GsHsIrK.exe
  2⤵
  PID:1676
- C:\Windows\System\mGCYHgd.exe
  C:\Windows\System\mGCYHgd.exe
  2⤵
  PID:2836
- C:\Windows\System\SfigWKt.exe
  C:\Windows\System\SfigWKt.exe
  2⤵
  PID:2980
- C:\Windows\System\DoSSkjQ.exe
  C:\Windows\System\DoSSkjQ.exe
  2⤵
  PID:2996
- C:\Windows\System\RLWnJXG.exe
  C:\Windows\System\RLWnJXG.exe
  2⤵
  PID:2948
- C:\Windows\System\FguJHRj.exe
  C:\Windows\System\FguJHRj.exe
  2⤵
  PID:408
- C:\Windows\System\XHooXmn.exe
  C:\Windows\System\XHooXmn.exe
  2⤵
  PID:2180
- C:\Windows\System\WifchNu.exe
  C:\Windows\System\WifchNu.exe
  2⤵
  PID:2332
- C:\Windows\System\rOqINOT.exe
  C:\Windows\System\rOqINOT.exe
  2⤵
  PID:1780
- C:\Windows\System\YTqDHXP.exe
  C:\Windows\System\YTqDHXP.exe
  2⤵
  PID:864
- C:\Windows\System\MKDdGMY.exe
  C:\Windows\System\MKDdGMY.exe
  2⤵
  PID:1460
- C:\Windows\System\hkztefv.exe
  C:\Windows\System\hkztefv.exe
  2⤵
  PID:1644
- C:\Windows\System\PdpmGSE.exe
  C:\Windows\System\PdpmGSE.exe
  2⤵
  PID:892
- C:\Windows\System\ybuKMEl.exe
  C:\Windows\System\ybuKMEl.exe
  2⤵
  PID:1692
- C:\Windows\System\zpvTMCd.exe
  C:\Windows\System\zpvTMCd.exe
  2⤵
  PID:1672
- C:\Windows\System\PyzvVCM.exe
  C:\Windows\System\PyzvVCM.exe
  2⤵
  PID:3008
- C:\Windows\System\GybwNtb.exe
  C:\Windows\System\GybwNtb.exe
  2⤵
  PID:1936
- C:\Windows\System\TfgEWis.exe
  C:\Windows\System\TfgEWis.exe
  2⤵
  PID:2288
- C:\Windows\System\FCVixQB.exe
  C:\Windows\System\FCVixQB.exe
  2⤵
  PID:2732
- C:\Windows\System\OHAkPyM.exe
  C:\Windows\System\OHAkPyM.exe
  2⤵
  PID:2124
- C:\Windows\System\pRCVOds.exe
  C:\Windows\System\pRCVOds.exe
  2⤵
  PID:1708
- C:\Windows\System\WYtvASg.exe
  C:\Windows\System\WYtvASg.exe
  2⤵
  PID:1528
- C:\Windows\System\SmbhgZD.exe
  C:\Windows\System\SmbhgZD.exe
  2⤵
  PID:2308
- C:\Windows\System\GdBjPPq.exe
  C:\Windows\System\GdBjPPq.exe
  2⤵
  PID:1436
- C:\Windows\System\nXPSMps.exe
  C:\Windows\System\nXPSMps.exe
  2⤵
  PID:2736
- C:\Windows\System\kBpgXsI.exe
  C:\Windows\System\kBpgXsI.exe
  2⤵
  PID:2240
- C:\Windows\System\wMMLYbH.exe
  C:\Windows\System\wMMLYbH.exe
  2⤵
  PID:2072
- C:\Windows\System\mgLudIB.exe
  C:\Windows\System\mgLudIB.exe
  2⤵
  PID:2444
- C:\Windows\System\jNmorOu.exe
  C:\Windows\System\jNmorOu.exe
  2⤵
  PID:3028
- C:\Windows\System\yqotfSJ.exe
  C:\Windows\System\yqotfSJ.exe
  2⤵
  PID:2892
- C:\Windows\System\KXdlUEx.exe
  C:\Windows\System\KXdlUEx.exe
  2⤵
  PID:1596
- C:\Windows\System\lizUHbi.exe
  C:\Windows\System\lizUHbi.exe
  2⤵
  PID:2084
- C:\Windows\System\LQZiBdr.exe
  C:\Windows\System\LQZiBdr.exe
  2⤵
  PID:2256
- C:\Windows\System\rDFOFpO.exe
  C:\Windows\System\rDFOFpO.exe
  2⤵
  PID:2752
- C:\Windows\System\nahzQud.exe
  C:\Windows\System\nahzQud.exe
  2⤵
  PID:1888
- C:\Windows\System\MItGRLx.exe
  C:\Windows\System\MItGRLx.exe
  2⤵
  PID:2992
- C:\Windows\System\ejSoWFo.exe
  C:\Windows\System\ejSoWFo.exe
  2⤵
  PID:2148
- C:\Windows\System\FMZFhwp.exe
  C:\Windows\System\FMZFhwp.exe
  2⤵
  PID:1544
- C:\Windows\System\hoHPwxU.exe
  C:\Windows\System\hoHPwxU.exe
  2⤵
  PID:1176
- C:\Windows\System\EEQrhsp.exe
  C:\Windows\System\EEQrhsp.exe
  2⤵
  PID:2876
- C:\Windows\System\bAInutv.exe
  C:\Windows\System\bAInutv.exe
  2⤵
  PID:1892
- C:\Windows\System\oRyqQWa.exe
  C:\Windows\System\oRyqQWa.exe
  2⤵
  PID:784
- C:\Windows\System\SSxPVJf.exe
  C:\Windows\System\SSxPVJf.exe
  2⤵
  PID:544
- C:\Windows\System\qmkeqBY.exe
  C:\Windows\System\qmkeqBY.exe
  2⤵
  PID:2412
- C:\Windows\System\yCbxdlh.exe
  C:\Windows\System\yCbxdlh.exe
  2⤵
  PID:1400
- C:\Windows\System\zFoiCVM.exe
  C:\Windows\System\zFoiCVM.exe
  2⤵
  PID:1532
- C:\Windows\System\SaOaUMQ.exe
  C:\Windows\System\SaOaUMQ.exe
  2⤵
  PID:1524
- C:\Windows\System\OMMkjpX.exe
  C:\Windows\System\OMMkjpX.exe
  2⤵
  PID:2792
- C:\Windows\System\uIwXpPV.exe
  C:\Windows\System\uIwXpPV.exe
  2⤵
  PID:2704
- C:\Windows\System\MaBWsPB.exe
  C:\Windows\System\MaBWsPB.exe
  2⤵
  PID:788
- C:\Windows\System\tYAwFRv.exe
  C:\Windows\System\tYAwFRv.exe
  2⤵
  PID:2624
- C:\Windows\System\VhMxGfs.exe
  C:\Windows\System\VhMxGfs.exe
  2⤵
  PID:2768
- C:\Windows\System\FQnmFTM.exe
  C:\Windows\System\FQnmFTM.exe
  2⤵
  PID:2904
- C:\Windows\System\XFNSZpk.exe
  C:\Windows\System\XFNSZpk.exe
  2⤵
  PID:1392
- C:\Windows\System\ceqyYpN.exe
  C:\Windows\System\ceqyYpN.exe
  2⤵
  PID:2176
- C:\Windows\System\xxFzIhs.exe
  C:\Windows\System\xxFzIhs.exe
  2⤵
  PID:1640
- C:\Windows\System\LWQlFHB.exe
  C:\Windows\System\LWQlFHB.exe
  2⤵
  PID:488
- C:\Windows\System\KYgIRWr.exe
  C:\Windows\System\KYgIRWr.exe
  2⤵
  PID:2856
- C:\Windows\System\VreKErT.exe
  C:\Windows\System\VreKErT.exe
  2⤵
  PID:1196
- C:\Windows\System\VhQdOsk.exe
  C:\Windows\System\VhQdOsk.exe
  2⤵
  PID:2684
- C:\Windows\System\QWLrTKL.exe
  C:\Windows\System\QWLrTKL.exe
  2⤵
  PID:3016
- C:\Windows\System\hJWhVWp.exe
  C:\Windows\System\hJWhVWp.exe
  2⤵
  PID:1832
- C:\Windows\System\nKxRlGb.exe
  C:\Windows\System\nKxRlGb.exe
  2⤵
  PID:2304
- C:\Windows\System\HIcVjly.exe
  C:\Windows\System\HIcVjly.exe
  2⤵
  PID:2896
- C:\Windows\System\YxmTEni.exe
  C:\Windows\System\YxmTEni.exe
  2⤵
  PID:1928
- C:\Windows\System\laFzsfT.exe
  C:\Windows\System\laFzsfT.exe
  2⤵
  PID:2888
- C:\Windows\System\xZXYiSM.exe
  C:\Windows\System\xZXYiSM.exe
  2⤵
  PID:1256
- C:\Windows\System\zLawcQG.exe
  C:\Windows\System\zLawcQG.exe
  2⤵
  PID:2744
- C:\Windows\System\iqslsRj.exe
  C:\Windows\System\iqslsRj.exe
  2⤵
  PID:3084
- C:\Windows\System\CfMtcvA.exe
  C:\Windows\System\CfMtcvA.exe
  2⤵
  PID:3100
- C:\Windows\System\iZIcrMd.exe
  C:\Windows\System\iZIcrMd.exe
  2⤵
  PID:3116
- C:\Windows\System\TDRimkL.exe
  C:\Windows\System\TDRimkL.exe
  2⤵
  PID:3132
- C:\Windows\System\wBlmTnY.exe
  C:\Windows\System\wBlmTnY.exe
  2⤵
  PID:3148
- C:\Windows\System\AulwPHS.exe
  C:\Windows\System\AulwPHS.exe
  2⤵
  PID:3164
- C:\Windows\System\MkFCGbA.exe
  C:\Windows\System\MkFCGbA.exe
  2⤵
  PID:3180
- C:\Windows\System\laYrilg.exe
  C:\Windows\System\laYrilg.exe
  2⤵
  PID:3196
- C:\Windows\System\GfvJKof.exe
  C:\Windows\System\GfvJKof.exe
  2⤵
  PID:3212
- C:\Windows\System\bijHNdm.exe
  C:\Windows\System\bijHNdm.exe
  2⤵
  PID:3228
- C:\Windows\System\IyeSlWD.exe
  C:\Windows\System\IyeSlWD.exe
  2⤵
  PID:3244
- C:\Windows\System\qsLxjwH.exe
  C:\Windows\System\qsLxjwH.exe
  2⤵
  PID:3260
- C:\Windows\System\kQBaUzp.exe
  C:\Windows\System\kQBaUzp.exe
  2⤵
  PID:3276
- C:\Windows\System\lZkvMnT.exe
  C:\Windows\System\lZkvMnT.exe
  2⤵
  PID:3292
- C:\Windows\System\EYgZrZl.exe
  C:\Windows\System\EYgZrZl.exe
  2⤵
  PID:3308
- C:\Windows\System\EcYOQKF.exe
  C:\Windows\System\EcYOQKF.exe
  2⤵
  PID:3324
- C:\Windows\System\uYCAMxW.exe
  C:\Windows\System\uYCAMxW.exe
  2⤵
  PID:3340
- C:\Windows\System\pPwjDVp.exe
  C:\Windows\System\pPwjDVp.exe
  2⤵
  PID:3356
- C:\Windows\System\bsEeBYF.exe
  C:\Windows\System\bsEeBYF.exe
  2⤵
  PID:3376
- C:\Windows\System\LeyWiCH.exe
  C:\Windows\System\LeyWiCH.exe
  2⤵
  PID:3392
- C:\Windows\System\eRmwiVM.exe
  C:\Windows\System\eRmwiVM.exe
  2⤵
  PID:3408
- C:\Windows\System\IvOVCsh.exe
  C:\Windows\System\IvOVCsh.exe
  2⤵
  PID:3424
- C:\Windows\System\PMQIFYD.exe
  C:\Windows\System\PMQIFYD.exe
  2⤵
  PID:3440
- C:\Windows\System\TEvPkVj.exe
  C:\Windows\System\TEvPkVj.exe
  2⤵
  PID:3456
- C:\Windows\System\bTAMXoT.exe
  C:\Windows\System\bTAMXoT.exe
  2⤵
  PID:3472
- C:\Windows\System\UKHEPMu.exe
  C:\Windows\System\UKHEPMu.exe
  2⤵
  PID:3488
- C:\Windows\System\QDIcZry.exe
  C:\Windows\System\QDIcZry.exe
  2⤵
  PID:3504
- C:\Windows\System\gXJtrVN.exe
  C:\Windows\System\gXJtrVN.exe
  2⤵
  PID:3520
- C:\Windows\System\pmwFBvc.exe
  C:\Windows\System\pmwFBvc.exe
  2⤵
  PID:3536
- C:\Windows\System\eZFiwnv.exe
  C:\Windows\System\eZFiwnv.exe
  2⤵
  PID:3552
- C:\Windows\System\wkdtnUY.exe
  C:\Windows\System\wkdtnUY.exe
  2⤵
  PID:3568
- C:\Windows\System\dmjPYcf.exe
  C:\Windows\System\dmjPYcf.exe
  2⤵
  PID:3584
- C:\Windows\System\xzrRNHZ.exe
  C:\Windows\System\xzrRNHZ.exe
  2⤵
  PID:3600
- C:\Windows\System\NgzcPVG.exe
  C:\Windows\System\NgzcPVG.exe
  2⤵
  PID:3616
- C:\Windows\System\rHWDtZv.exe
  C:\Windows\System\rHWDtZv.exe
  2⤵
  PID:3632
- C:\Windows\System\ceqcCVi.exe
  C:\Windows\System\ceqcCVi.exe
  2⤵
  PID:3648
- C:\Windows\System\VDBrySb.exe
  C:\Windows\System\VDBrySb.exe
  2⤵
  PID:3664
- C:\Windows\System\WcAygja.exe
  C:\Windows\System\WcAygja.exe
  2⤵
  PID:3680
- C:\Windows\System\beUOOPh.exe
  C:\Windows\System\beUOOPh.exe
  2⤵
  PID:3696
- C:\Windows\System\dFdIGti.exe
  C:\Windows\System\dFdIGti.exe
  2⤵
  PID:3712
- C:\Windows\System\meSRTia.exe
  C:\Windows\System\meSRTia.exe
  2⤵
  PID:3728
- C:\Windows\System\DoCRSGP.exe
  C:\Windows\System\DoCRSGP.exe
  2⤵
  PID:3744
- C:\Windows\System\AuSwcfi.exe
  C:\Windows\System\AuSwcfi.exe
  2⤵
  PID:3760
- C:\Windows\System\fgFuXTk.exe
  C:\Windows\System\fgFuXTk.exe
  2⤵
  PID:3776
- C:\Windows\System\cXKtsXz.exe
  C:\Windows\System\cXKtsXz.exe
  2⤵
  PID:3792
- C:\Windows\System\rnbdcoO.exe
  C:\Windows\System\rnbdcoO.exe
  2⤵
  PID:3808
- C:\Windows\System\LiTqPTi.exe
  C:\Windows\System\LiTqPTi.exe
  2⤵
  PID:3824
- C:\Windows\System\IuiZZnc.exe
  C:\Windows\System\IuiZZnc.exe
  2⤵
  PID:3840
- C:\Windows\System\ZvSLjpO.exe
  C:\Windows\System\ZvSLjpO.exe
  2⤵
  PID:3856
- C:\Windows\System\XRAaTGq.exe
  C:\Windows\System\XRAaTGq.exe
  2⤵
  PID:3872
- C:\Windows\System\FEuHuqH.exe
  C:\Windows\System\FEuHuqH.exe
  2⤵
  PID:3888
- C:\Windows\System\Rmptreu.exe
  C:\Windows\System\Rmptreu.exe
  2⤵
  PID:3904
- C:\Windows\System\UbVMBXc.exe
  C:\Windows\System\UbVMBXc.exe
  2⤵
  PID:3920
- C:\Windows\System\QyEkEbU.exe
  C:\Windows\System\QyEkEbU.exe
  2⤵
  PID:3936
- C:\Windows\System\EeyILnV.exe
  C:\Windows\System\EeyILnV.exe
  2⤵
  PID:3952
- C:\Windows\System\liIfBjn.exe
  C:\Windows\System\liIfBjn.exe
  2⤵
  PID:3976
- C:\Windows\System\lGGoxQa.exe
  C:\Windows\System\lGGoxQa.exe
  2⤵
  PID:3996
- C:\Windows\System\QVKtbJt.exe
  C:\Windows\System\QVKtbJt.exe
  2⤵
  PID:1488
- C:\Windows\System\HxxqRVe.exe
  C:\Windows\System\HxxqRVe.exe
  2⤵
  PID:3160
- C:\Windows\System\jzKnVKA.exe
  C:\Windows\System\jzKnVKA.exe
  2⤵
  PID:3176
- C:\Windows\System\dQUykow.exe
  C:\Windows\System\dQUykow.exe
  2⤵
  PID:3220
- C:\Windows\System\yGekAFm.exe
  C:\Windows\System\yGekAFm.exe
  2⤵
  PID:3236
- C:\Windows\System\JEOEUOC.exe
  C:\Windows\System\JEOEUOC.exe
  2⤵
  PID:3288
- C:\Windows\System\uUeGJNP.exe
  C:\Windows\System\uUeGJNP.exe
  2⤵
  PID:1980
- C:\Windows\System\AuzsTZI.exe
  C:\Windows\System\AuzsTZI.exe
  2⤵
  PID:3452
- C:\Windows\System\uovEOGv.exe
  C:\Windows\System\uovEOGv.exe
  2⤵
  PID:3468
- C:\Windows\System\YpngYHR.exe
  C:\Windows\System\YpngYHR.exe
  2⤵
  PID:3528
- C:\Windows\System\qaGONfn.exe
  C:\Windows\System\qaGONfn.exe
  2⤵
  PID:3560
- C:\Windows\System\kDEghcc.exe
  C:\Windows\System\kDEghcc.exe
  2⤵
  PID:3596
- C:\Windows\System\EVWnryh.exe
  C:\Windows\System\EVWnryh.exe
  2⤵
  PID:3656
- C:\Windows\System\iLplNco.exe
  C:\Windows\System\iLplNco.exe
  2⤵
  PID:3704
- C:\Windows\System\sjplvcf.exe
  C:\Windows\System\sjplvcf.exe
  2⤵
  PID:3720
- C:\Windows\System\adAdKMS.exe
  C:\Windows\System\adAdKMS.exe
  2⤵
  PID:112
- C:\Windows\System\ddvrkXM.exe
  C:\Windows\System\ddvrkXM.exe
  2⤵
  PID:3756
- C:\Windows\System\ftUuPOk.exe
  C:\Windows\System\ftUuPOk.exe
  2⤵
  PID:3788
- C:\Windows\System\TEVsRiz.exe
  C:\Windows\System\TEVsRiz.exe
  2⤵
  PID:3852
- C:\Windows\System\eBCgMKk.exe
  C:\Windows\System\eBCgMKk.exe
  2⤵
  PID:3916
- C:\Windows\System\lYTQKAN.exe
  C:\Windows\System\lYTQKAN.exe
  2⤵
  PID:4008
- C:\Windows\System\oGuXEMk.exe
  C:\Windows\System\oGuXEMk.exe
  2⤵
  PID:3992
- C:\Windows\System\IwLgyiY.exe
  C:\Windows\System\IwLgyiY.exe
  2⤵
  PID:4044
- C:\Windows\System\EPRcFBg.exe
  C:\Windows\System\EPRcFBg.exe
  2⤵
  PID:4060
- C:\Windows\System\IQnHOsf.exe
  C:\Windows\System\IQnHOsf.exe
  2⤵
  PID:4080
- C:\Windows\System\AgtXXXB.exe
  C:\Windows\System\AgtXXXB.exe
  2⤵
  PID:1388
- C:\Windows\System\mYZaVYZ.exe
  C:\Windows\System\mYZaVYZ.exe
  2⤵
  PID:3076
- C:\Windows\System\gNBCyGv.exe
  C:\Windows\System\gNBCyGv.exe
  2⤵
  PID:3272
- C:\Windows\System\BiSApKh.exe
  C:\Windows\System\BiSApKh.exe
  2⤵
  PID:3612
- C:\Windows\System\YBJOCUb.exe
  C:\Windows\System\YBJOCUb.exe
  2⤵
  PID:3784
- C:\Windows\System\HqTAJCU.exe
  C:\Windows\System\HqTAJCU.exe
  2⤵
  PID:3896
- C:\Windows\System\NuEevxQ.exe
  C:\Windows\System\NuEevxQ.exe
  2⤵
  PID:3932
- C:\Windows\System\dFlGvPZ.exe
  C:\Windows\System\dFlGvPZ.exe
  2⤵
  PID:3988
- C:\Windows\System\mtiofeh.exe
  C:\Windows\System\mtiofeh.exe
  2⤵
  PID:2724
- C:\Windows\System\oQQjfol.exe
  C:\Windows\System\oQQjfol.exe
  2⤵
  PID:3420
- C:\Windows\System\hLvISuI.exe
  C:\Windows\System\hLvISuI.exe
  2⤵
  PID:3464
- C:\Windows\System\rkogRYP.exe
  C:\Windows\System\rkogRYP.exe
  2⤵
  PID:3628
- C:\Windows\System\zAzFJoC.exe
  C:\Windows\System\zAzFJoC.exe
  2⤵
  PID:3820
- C:\Windows\System\JylugVy.exe
  C:\Windows\System\JylugVy.exe
  2⤵
  PID:3964
- C:\Windows\System\SAOnKVy.exe
  C:\Windows\System\SAOnKVy.exe
  2⤵
  PID:4020
- C:\Windows\System\xHGjBuG.exe
  C:\Windows\System\xHGjBuG.exe
  2⤵
  PID:1008
- C:\Windows\System\RRuWrqQ.exe
  C:\Windows\System\RRuWrqQ.exe
  2⤵
  PID:3432
- C:\Windows\System\thBaptn.exe
  C:\Windows\System\thBaptn.exe
  2⤵
  PID:3640
- C:\Windows\System\rQKHAkK.exe
  C:\Windows\System\rQKHAkK.exe
  2⤵
  PID:3080
- C:\Windows\System\mssYDTd.exe
  C:\Windows\System\mssYDTd.exe
  2⤵
  PID:3140
- C:\Windows\System\ZskVTso.exe
  C:\Windows\System\ZskVTso.exe
  2⤵
  PID:2760
- C:\Windows\System\IzWOAma.exe
  C:\Windows\System\IzWOAma.exe
  2⤵
  PID:4052
- C:\Windows\System\SjAusev.exe
  C:\Windows\System\SjAusev.exe
  2⤵
  PID:2104
- C:\Windows\System\FRNXfQA.exe
  C:\Windows\System\FRNXfQA.exe
  2⤵
  PID:3832
- C:\Windows\System\pJrNMIF.exe
  C:\Windows\System\pJrNMIF.exe
  2⤵
  PID:4004
- C:\Windows\System\IGIqycG.exe
  C:\Windows\System\IGIqycG.exe
  2⤵
  PID:3128
- C:\Windows\System\WxvyUBk.exe
  C:\Windows\System\WxvyUBk.exe
  2⤵
  PID:3500
- C:\Windows\System\DsnXznu.exe
  C:\Windows\System\DsnXznu.exe
  2⤵
  PID:3112
- C:\Windows\System\VNfKvDK.exe
  C:\Windows\System\VNfKvDK.exe
  2⤵
  PID:3156
- C:\Windows\System\ulkJuvu.exe
  C:\Windows\System\ulkJuvu.exe
  2⤵
  PID:4072
- C:\Windows\System\CjDCjWg.exe
  C:\Windows\System\CjDCjWg.exe
  2⤵
  PID:3448
- C:\Windows\System\ZobywDt.exe
  C:\Windows\System\ZobywDt.exe
  2⤵
  PID:3740
- C:\Windows\System\tivLBrg.exe
  C:\Windows\System\tivLBrg.exe
  2⤵
  PID:3480
- C:\Windows\System\SXfIVhk.exe
  C:\Windows\System\SXfIVhk.exe
  2⤵
  PID:2496
- C:\Windows\System\DreUjcF.exe
  C:\Windows\System\DreUjcF.exe
  2⤵
  PID:2828
- C:\Windows\System\MNXuduY.exe
  C:\Windows\System\MNXuduY.exe
  2⤵
  PID:2664
- C:\Windows\System\auUjevc.exe
  C:\Windows\System\auUjevc.exe
  2⤵
  PID:3692
- C:\Windows\System\kmYEuad.exe
  C:\Windows\System\kmYEuad.exe
  2⤵
  PID:3592
- C:\Windows\System\zXTDdgt.exe
  C:\Windows\System\zXTDdgt.exe
  2⤵
  PID:1728
- C:\Windows\System\qLftbkn.exe
  C:\Windows\System\qLftbkn.exe
  2⤵
  PID:4076
- C:\Windows\System\yOioWlU.exe
  C:\Windows\System\yOioWlU.exe
  2⤵
  PID:3364
- C:\Windows\System\vjPmVxx.exe
  C:\Windows\System\vjPmVxx.exe
  2⤵
  PID:2688
- C:\Windows\System\xajYWuI.exe
  C:\Windows\System\xajYWuI.exe
  2⤵
  PID:3912
- C:\Windows\System\LYuTXpM.exe
  C:\Windows\System\LYuTXpM.exe
  2⤵
  PID:3900
- C:\Windows\System\KUcbhsg.exe
  C:\Windows\System\KUcbhsg.exe
  2⤵
  PID:3608
- C:\Windows\System\HgNskyt.exe
  C:\Windows\System\HgNskyt.exe
  2⤵
  PID:3400
- C:\Windows\System\ffVtEzJ.exe
  C:\Windows\System\ffVtEzJ.exe
  2⤵
  PID:3580
- C:\Windows\System\dlRrZVE.exe
  C:\Windows\System\dlRrZVE.exe
  2⤵
  PID:4032
- C:\Windows\System\VAbDfik.exe
  C:\Windows\System\VAbDfik.exe
  2⤵
  PID:2044
- C:\Windows\System\hJIIwrc.exe
  C:\Windows\System\hJIIwrc.exe
  2⤵
  PID:3284
- C:\Windows\System\PvvZKLG.exe
  C:\Windows\System\PvvZKLG.exe
  2⤵
  PID:448
- C:\Windows\System\iVtPeTp.exe
  C:\Windows\System\iVtPeTp.exe
  2⤵
  PID:3188
- C:\Windows\System\AbHmHsk.exe
  C:\Windows\System\AbHmHsk.exe
  2⤵
  PID:3372
- C:\Windows\System\WWiPZQU.exe
  C:\Windows\System\WWiPZQU.exe
  2⤵
  PID:3020
- C:\Windows\System\rYTTELq.exe
  C:\Windows\System\rYTTELq.exe
  2⤵
  PID:3224
- C:\Windows\System\FqAXbdU.exe
  C:\Windows\System\FqAXbdU.exe
  2⤵
  PID:2348
- C:\Windows\System\erHRHym.exe
  C:\Windows\System\erHRHym.exe
  2⤵
  PID:2972
- C:\Windows\System\pDZZlCK.exe
  C:\Windows\System\pDZZlCK.exe
  2⤵
  PID:3124
- C:\Windows\System\XtANlOO.exe
  C:\Windows\System\XtANlOO.exe
  2⤵
  PID:1020
- C:\Windows\System\WHEmzno.exe
  C:\Windows\System\WHEmzno.exe
  2⤵
  PID:1696
- C:\Windows\System\WhWxABs.exe
  C:\Windows\System\WhWxABs.exe
  2⤵
  PID:2940
- C:\Windows\System\wvLRtHR.exe
  C:\Windows\System\wvLRtHR.exe
  2⤵
  PID:4092
- C:\Windows\System\ATBtxHi.exe
  C:\Windows\System\ATBtxHi.exe
  2⤵
  PID:4100
- C:\Windows\System\GImPfIg.exe
  C:\Windows\System\GImPfIg.exe
  2⤵
  PID:4116
- C:\Windows\System\AONXLan.exe
  C:\Windows\System\AONXLan.exe
  2⤵
  PID:4136
- C:\Windows\System\qKmcrFz.exe
  C:\Windows\System\qKmcrFz.exe
  2⤵
  PID:4156
- C:\Windows\System\tlkDWPH.exe
  C:\Windows\System\tlkDWPH.exe
  2⤵
  PID:4172
- C:\Windows\System\XBgZyTl.exe
  C:\Windows\System\XBgZyTl.exe
  2⤵
  PID:4188
- C:\Windows\System\NjEuSzD.exe
  C:\Windows\System\NjEuSzD.exe
  2⤵
  PID:4204
- C:\Windows\System\mnXpyTS.exe
  C:\Windows\System\mnXpyTS.exe
  2⤵
  PID:4220
- C:\Windows\System\rVvZJdt.exe
  C:\Windows\System\rVvZJdt.exe
  2⤵
  PID:4240
- C:\Windows\System\dTAEhjC.exe
  C:\Windows\System\dTAEhjC.exe
  2⤵
  PID:4256
- C:\Windows\System\CSRXrWa.exe
  C:\Windows\System\CSRXrWa.exe
  2⤵
  PID:4272
- C:\Windows\System\VOukdnV.exe
  C:\Windows\System\VOukdnV.exe
  2⤵
  PID:4288
- C:\Windows\System\VyJmsyp.exe
  C:\Windows\System\VyJmsyp.exe
  2⤵
  PID:4304
- C:\Windows\System\ZMlQqEs.exe
  C:\Windows\System\ZMlQqEs.exe
  2⤵
  PID:4320
- C:\Windows\System\GswiWwR.exe
  C:\Windows\System\GswiWwR.exe
  2⤵
  PID:4364
- C:\Windows\System\ZpbSdHo.exe
  C:\Windows\System\ZpbSdHo.exe
  2⤵
  PID:4400
- C:\Windows\System\gNSbvEr.exe
  C:\Windows\System\gNSbvEr.exe
  2⤵
  PID:4416
- C:\Windows\System\rRgCNgk.exe
  C:\Windows\System\rRgCNgk.exe
  2⤵
  PID:4432
- C:\Windows\System\VdemNEY.exe
  C:\Windows\System\VdemNEY.exe
  2⤵
  PID:4448
- C:\Windows\System\vELPXzg.exe
  C:\Windows\System\vELPXzg.exe
  2⤵
  PID:4472
- C:\Windows\System\kMzSHrL.exe
  C:\Windows\System\kMzSHrL.exe
  2⤵
  PID:4496
- C:\Windows\System\OJCDqil.exe
  C:\Windows\System\OJCDqil.exe
  2⤵
  PID:4512
- C:\Windows\System\IVHrjAS.exe
  C:\Windows\System\IVHrjAS.exe
  2⤵
  PID:4532
- C:\Windows\System\hgDYKwV.exe
  C:\Windows\System\hgDYKwV.exe
  2⤵
  PID:4548
- C:\Windows\System\MJANoAh.exe
  C:\Windows\System\MJANoAh.exe
  2⤵
  PID:4616
- C:\Windows\System\varpNrU.exe
  C:\Windows\System\varpNrU.exe
  2⤵
  PID:4632
- C:\Windows\System\aGjSWxH.exe
  C:\Windows\System\aGjSWxH.exe
  2⤵
  PID:4652
- C:\Windows\System\qAdssvY.exe
  C:\Windows\System\qAdssvY.exe
  2⤵
  PID:4668
- C:\Windows\System\eWdrGSv.exe
  C:\Windows\System\eWdrGSv.exe
  2⤵
  PID:4684
- C:\Windows\System\YGBWqev.exe
  C:\Windows\System\YGBWqev.exe
  2⤵
  PID:4704
- C:\Windows\System\pYmUfCB.exe
  C:\Windows\System\pYmUfCB.exe
  2⤵
  PID:4720
- C:\Windows\System\rrmYPky.exe
  C:\Windows\System\rrmYPky.exe
  2⤵
  PID:4736
- C:\Windows\System\ADqSbNu.exe
  C:\Windows\System\ADqSbNu.exe
  2⤵
  PID:4768
- C:\Windows\System\GNTOBdz.exe
  C:\Windows\System\GNTOBdz.exe
  2⤵
  PID:4788
- C:\Windows\System\JpcjBdb.exe
  C:\Windows\System\JpcjBdb.exe
  2⤵
  PID:4808
- C:\Windows\System\xabMSDy.exe
  C:\Windows\System\xabMSDy.exe
  2⤵
  PID:4824
- C:\Windows\System\uqTrWyN.exe
  C:\Windows\System\uqTrWyN.exe
  2⤵
  PID:4840
- C:\Windows\System\QdExXdR.exe
  C:\Windows\System\QdExXdR.exe
  2⤵
  PID:4856
- C:\Windows\System\YCpIrNu.exe
  C:\Windows\System\YCpIrNu.exe
  2⤵
  PID:4884
- C:\Windows\System\PBssQGJ.exe
  C:\Windows\System\PBssQGJ.exe
  2⤵
  PID:4900
- C:\Windows\System\GBPTBzo.exe
  C:\Windows\System\GBPTBzo.exe
  2⤵
  PID:4936
- C:\Windows\System\UcztzYT.exe
  C:\Windows\System\UcztzYT.exe
  2⤵
  PID:4952
- C:\Windows\System\EeSUkpM.exe
  C:\Windows\System\EeSUkpM.exe
  2⤵
  PID:4976
- C:\Windows\System\VrKMFHb.exe
  C:\Windows\System\VrKMFHb.exe
  2⤵
  PID:4992
- C:\Windows\System\xPGedgb.exe
  C:\Windows\System\xPGedgb.exe
  2⤵
  PID:5008
- C:\Windows\System\WWAgdQD.exe
  C:\Windows\System\WWAgdQD.exe
  2⤵
  PID:5024
- C:\Windows\System\AgrvWIr.exe
  C:\Windows\System\AgrvWIr.exe
  2⤵
  PID:5044
- C:\Windows\System\wOqZUJa.exe
  C:\Windows\System\wOqZUJa.exe
  2⤵
  PID:5064
- C:\Windows\System\cdNsYEm.exe
  C:\Windows\System\cdNsYEm.exe
  2⤵
  PID:5092
- C:\Windows\System\LMnBOiT.exe
  C:\Windows\System\LMnBOiT.exe
  2⤵
  PID:5112
- C:\Windows\System\lCruKuU.exe
  C:\Windows\System\lCruKuU.exe
  2⤵
  PID:1908
- C:\Windows\System\yYRfObZ.exe
  C:\Windows\System\yYRfObZ.exe
  2⤵
  PID:4164
- C:\Windows\System\ySSabpW.exe
  C:\Windows\System\ySSabpW.exe
  2⤵
  PID:4148
- C:\Windows\System\dGqRbnQ.exe
  C:\Windows\System\dGqRbnQ.exe
  2⤵
  PID:4212
- C:\Windows\System\bPTktLx.exe
  C:\Windows\System\bPTktLx.exe
  2⤵
  PID:4236
- C:\Windows\System\vkoJQwc.exe
  C:\Windows\System\vkoJQwc.exe
  2⤵
  PID:4328
- C:\Windows\System\hYEnWZp.exe
  C:\Windows\System\hYEnWZp.exe
  2⤵
  PID:4228
- C:\Windows\System\gZYXIET.exe
  C:\Windows\System\gZYXIET.exe
  2⤵
  PID:4128
- C:\Windows\System\sIZkvgj.exe
  C:\Windows\System\sIZkvgj.exe
  2⤵
  PID:4376
- C:\Windows\System\gYQYFMa.exe
  C:\Windows\System\gYQYFMa.exe
  2⤵
  PID:4388
- C:\Windows\System\vHGOzaW.exe
  C:\Windows\System\vHGOzaW.exe
  2⤵
  PID:4428
- C:\Windows\System\bvcGPQz.exe
  C:\Windows\System\bvcGPQz.exe
  2⤵
  PID:4508
- C:\Windows\System\EBkiUeT.exe
  C:\Windows\System\EBkiUeT.exe
  2⤵
  PID:4412
- C:\Windows\System\DErTFYV.exe
  C:\Windows\System\DErTFYV.exe
  2⤵
  PID:4480
- C:\Windows\System\ZELgYQM.exe
  C:\Windows\System\ZELgYQM.exe
  2⤵
  PID:4600
- C:\Windows\System\jrOKFIy.exe
  C:\Windows\System\jrOKFIy.exe
  2⤵
  PID:4524
- C:\Windows\System\nDWvsmD.exe
  C:\Windows\System\nDWvsmD.exe
  2⤵
  PID:4576
- C:\Windows\System\HMtcDYB.exe
  C:\Windows\System\HMtcDYB.exe
  2⤵
  PID:4624
- C:\Windows\System\OmHcrZO.exe
  C:\Windows\System\OmHcrZO.exe
  2⤵
  PID:4692
- C:\Windows\System\SJjnbLO.exe
  C:\Windows\System\SJjnbLO.exe
  2⤵
  PID:4728
- C:\Windows\System\ktiQFUg.exe
  C:\Windows\System\ktiQFUg.exe
  2⤵
  PID:4776
- C:\Windows\System\nDjtkGb.exe
  C:\Windows\System\nDjtkGb.exe
  2⤵
  PID:4820
- C:\Windows\System\zlrjibf.exe
  C:\Windows\System\zlrjibf.exe
  2⤵
  PID:4800
- C:\Windows\System\YjeRVzR.exe
  C:\Windows\System\YjeRVzR.exe
  2⤵
  PID:4896
- C:\Windows\System\OZbNgit.exe
  C:\Windows\System\OZbNgit.exe
  2⤵
  PID:4872
- C:\Windows\System\fpSGCcR.exe
  C:\Windows\System\fpSGCcR.exe
  2⤵
  PID:4916
- C:\Windows\System\MoonIGZ.exe
  C:\Windows\System\MoonIGZ.exe
  2⤵
  PID:4932
- C:\Windows\System\okLFeiB.exe
  C:\Windows\System\okLFeiB.exe
  2⤵
  PID:4968
- C:\Windows\System\nEmdGmz.exe
  C:\Windows\System\nEmdGmz.exe
  2⤵
  PID:5020
- C:\Windows\System\LDhtcGc.exe
  C:\Windows\System\LDhtcGc.exe
  2⤵
  PID:2096
- C:\Windows\System\DPBIPvI.exe
  C:\Windows\System\DPBIPvI.exe
  2⤵
  PID:5052
- C:\Windows\System\lleoKap.exe
  C:\Windows\System\lleoKap.exe
  2⤵
  PID:5036
- C:\Windows\System\pYKYSGa.exe
  C:\Windows\System\pYKYSGa.exe
  2⤵
  PID:3096
- C:\Windows\System\akrZlAt.exe
  C:\Windows\System\akrZlAt.exe
  2⤵
  PID:1568
- C:\Windows\System\UmEFeau.exe
  C:\Windows\System\UmEFeau.exe
  2⤵
  PID:4316
- C:\Windows\System\jurTHHg.exe
  C:\Windows\System\jurTHHg.exe
  2⤵
  PID:4280
- C:\Windows\System\kEouJiQ.exe
  C:\Windows\System\kEouJiQ.exe
  2⤵
  PID:4312
- C:\Windows\System\mPxRGrB.exe
  C:\Windows\System\mPxRGrB.exe
  2⤵
  PID:4300
- C:\Windows\System\XjWpnNy.exe
  C:\Windows\System\XjWpnNy.exe
  2⤵
  PID:4380
- C:\Windows\System\gxeWZaC.exe
  C:\Windows\System\gxeWZaC.exe
  2⤵
  PID:4460
- C:\Windows\System\dWcqVSS.exe
  C:\Windows\System\dWcqVSS.exe
  2⤵
  PID:4520
- C:\Windows\System\WTUgxJu.exe
  C:\Windows\System\WTUgxJu.exe
  2⤵
  PID:4608
- C:\Windows\System\SmXcJVI.exe
  C:\Windows\System\SmXcJVI.exe
  2⤵
  PID:4680
- C:\Windows\System\fAlaLiA.exe
  C:\Windows\System\fAlaLiA.exe
  2⤵
  PID:4556
- C:\Windows\System\ynArOEN.exe
  C:\Windows\System\ynArOEN.exe
  2⤵
  PID:4396
- C:\Windows\System\fHsnKyF.exe
  C:\Windows\System\fHsnKyF.exe
  2⤵
  PID:4572
- C:\Windows\System\PskceHY.exe
  C:\Windows\System\PskceHY.exe
  2⤵
  PID:4408
- C:\Windows\System\rFSJPMa.exe
  C:\Windows\System\rFSJPMa.exe
  2⤵
  PID:4716
- C:\Windows\System\jExDzzB.exe
  C:\Windows\System\jExDzzB.exe
  2⤵
  PID:4748
- C:\Windows\System\IdpnijQ.exe
  C:\Windows\System\IdpnijQ.exe
  2⤵
  PID:4644
- C:\Windows\System\oDIWeoK.exe
  C:\Windows\System\oDIWeoK.exe
  2⤵
  PID:4832
- C:\Windows\System\WRCynmt.exe
  C:\Windows\System\WRCynmt.exe
  2⤵
  PID:4960
- C:\Windows\System\POQrgWQ.exe
  C:\Windows\System\POQrgWQ.exe
  2⤵
  PID:5056
- C:\Windows\System\oSFEjya.exe
  C:\Windows\System\oSFEjya.exe
  2⤵
  PID:4144
- C:\Windows\System\iDopwdU.exe
  C:\Windows\System\iDopwdU.exe
  2⤵
  PID:4484
- C:\Windows\System\QIkshgp.exe
  C:\Windows\System\QIkshgp.exe
  2⤵
  PID:1260
- C:\Windows\System\RxbBLOH.exe
  C:\Windows\System\RxbBLOH.exe
  2⤵
  PID:4648
- C:\Windows\System\EYDzkLR.exe
  C:\Windows\System\EYDzkLR.exe
  2⤵
  PID:4944
- C:\Windows\System\vGpnJWb.exe
  C:\Windows\System\vGpnJWb.exe
  2⤵
  PID:5196
- C:\Windows\System\pYvKrKe.exe
  C:\Windows\System\pYvKrKe.exe
  2⤵
  PID:5212
- C:\Windows\System\bhJwaUu.exe
  C:\Windows\System\bhJwaUu.exe
  2⤵
  PID:5228
- C:\Windows\System\JHCmJLp.exe
  C:\Windows\System\JHCmJLp.exe
  2⤵
  PID:5244
- C:\Windows\System\lbvMQgX.exe
  C:\Windows\System\lbvMQgX.exe
  2⤵
  PID:5268
- C:\Windows\System\EueTjaM.exe
  C:\Windows\System\EueTjaM.exe
  2⤵
  PID:5284
- C:\Windows\System\dqTlHfH.exe
  C:\Windows\System\dqTlHfH.exe
  2⤵
  PID:5300
- C:\Windows\System\cocAzlf.exe
  C:\Windows\System\cocAzlf.exe
  2⤵
  PID:5316
- C:\Windows\System\bExHNZk.exe
  C:\Windows\System\bExHNZk.exe
  2⤵
  PID:5336
- C:\Windows\System\ZUxRgeY.exe
  C:\Windows\System\ZUxRgeY.exe
  2⤵
  PID:5356
- C:\Windows\System\EkpZNIB.exe
  C:\Windows\System\EkpZNIB.exe
  2⤵
  PID:5372
- C:\Windows\System\jZpCkdl.exe
  C:\Windows\System\jZpCkdl.exe
  2⤵
  PID:5396
- C:\Windows\System\kJfMvNR.exe
  C:\Windows\System\kJfMvNR.exe
  2⤵
  PID:5412
- C:\Windows\System\ivZyacM.exe
  C:\Windows\System\ivZyacM.exe
  2⤵
  PID:5428
- C:\Windows\System\NrkudFV.exe
  C:\Windows\System\NrkudFV.exe
  2⤵
  PID:5444
- C:\Windows\System\kRIEklC.exe
  C:\Windows\System\kRIEklC.exe
  2⤵
  PID:5476
- C:\Windows\System\ScwOaHs.exe
  C:\Windows\System\ScwOaHs.exe
  2⤵
  PID:5500
- C:\Windows\System\uwpvmEu.exe
  C:\Windows\System\uwpvmEu.exe
  2⤵
  PID:5516
- C:\Windows\System\ntscWIv.exe
  C:\Windows\System\ntscWIv.exe
  2⤵
  PID:5540
- C:\Windows\System\ZIkvySK.exe
  C:\Windows\System\ZIkvySK.exe
  2⤵
  PID:5560
- C:\Windows\System\qdoNfze.exe
  C:\Windows\System\qdoNfze.exe
  2⤵
  PID:5576
- C:\Windows\System\TIRBQlz.exe
  C:\Windows\System\TIRBQlz.exe
  2⤵
  PID:5592
- C:\Windows\System\VbbfenZ.exe
  C:\Windows\System\VbbfenZ.exe
  2⤵
  PID:5608
- C:\Windows\System\VUvtzeX.exe
  C:\Windows\System\VUvtzeX.exe
  2⤵
  PID:5624
- C:\Windows\System\JnuxuQW.exe
  C:\Windows\System\JnuxuQW.exe
  2⤵
  PID:5640
- C:\Windows\System\jlxviBf.exe
  C:\Windows\System\jlxviBf.exe
  2⤵
  PID:5656
- C:\Windows\System\MUucrIY.exe
  C:\Windows\System\MUucrIY.exe
  2⤵
  PID:5672
- C:\Windows\System\oFoREIy.exe
  C:\Windows\System\oFoREIy.exe
  2⤵
  PID:5688
- C:\Windows\System\TCalLwQ.exe
  C:\Windows\System\TCalLwQ.exe
  2⤵
  PID:5704
- C:\Windows\System\GulaFMm.exe
  C:\Windows\System\GulaFMm.exe
  2⤵
  PID:5720
- C:\Windows\System\hfqHqDS.exe
  C:\Windows\System\hfqHqDS.exe
  2⤵
  PID:5736
- C:\Windows\System\fQkmDsd.exe
  C:\Windows\System\fQkmDsd.exe
  2⤵
  PID:5752
- C:\Windows\System\mIHxove.exe
  C:\Windows\System\mIHxove.exe
  2⤵
  PID:5768
- C:\Windows\System\whkskTG.exe
  C:\Windows\System\whkskTG.exe
  2⤵
  PID:5792
- C:\Windows\System\lCLZBmq.exe
  C:\Windows\System\lCLZBmq.exe
  2⤵
  PID:5808
- C:\Windows\System\pnPYHxG.exe
  C:\Windows\System\pnPYHxG.exe
  2⤵
  PID:5828
- C:\Windows\System\jVrwPky.exe
  C:\Windows\System\jVrwPky.exe
  2⤵
  PID:5848
- C:\Windows\System\mAtGIJD.exe
  C:\Windows\System\mAtGIJD.exe
  2⤵
  PID:5864
- C:\Windows\System\cpWjPxt.exe
  C:\Windows\System\cpWjPxt.exe
  2⤵
  PID:5880
- C:\Windows\System\TNNUGfm.exe
  C:\Windows\System\TNNUGfm.exe
  2⤵
  PID:5900
- C:\Windows\System\TvZkLmT.exe
  C:\Windows\System\TvZkLmT.exe
  2⤵
  PID:5920
- C:\Windows\System\KfpusbE.exe
  C:\Windows\System\KfpusbE.exe
  2⤵
  PID:5936
- C:\Windows\System\hzwrzGr.exe
  C:\Windows\System\hzwrzGr.exe
  2⤵
  PID:5952
- C:\Windows\System\KtauLSf.exe
  C:\Windows\System\KtauLSf.exe
  2⤵
  PID:5968
- C:\Windows\System\DqiLNRc.exe
  C:\Windows\System\DqiLNRc.exe
  2⤵
  PID:5984
- C:\Windows\System\gStjhuu.exe
  C:\Windows\System\gStjhuu.exe
  2⤵
  PID:6000
- C:\Windows\System\UsJDlBI.exe
  C:\Windows\System\UsJDlBI.exe
  2⤵
  PID:6016
- C:\Windows\System\bWqxdtA.exe
  C:\Windows\System\bWqxdtA.exe
  2⤵
  PID:6036
- C:\Windows\System\ZEdgEQj.exe
  C:\Windows\System\ZEdgEQj.exe
  2⤵
  PID:6056
- C:\Windows\System\WjfxYuF.exe
  C:\Windows\System\WjfxYuF.exe
  2⤵
  PID:6076
- C:\Windows\System\sMzcQAt.exe
  C:\Windows\System\sMzcQAt.exe
  2⤵
  PID:6092
- C:\Windows\System\POaOVYB.exe
  C:\Windows\System\POaOVYB.exe
  2⤵
  PID:6108
- C:\Windows\System\HWYjwAi.exe
  C:\Windows\System\HWYjwAi.exe
  2⤵
  PID:6124
- C:\Windows\System\mQivWHs.exe
  C:\Windows\System\mQivWHs.exe
  2⤵
  PID:6140
- C:\Windows\System\JNmqpGc.exe
  C:\Windows\System\JNmqpGc.exe
  2⤵
  PID:4852
- C:\Windows\System\RZWjKbX.exe
  C:\Windows\System\RZWjKbX.exe
  2⤵
  PID:5076
- C:\Windows\System\JyRQbHu.exe
  C:\Windows\System\JyRQbHu.exe
  2⤵
  PID:4284
- C:\Windows\System\BqrluVO.exe
  C:\Windows\System\BqrluVO.exe
  2⤵
  PID:4504
- C:\Windows\System\XfofjNv.exe
  C:\Windows\System\XfofjNv.exe
  2⤵
  PID:4744
- C:\Windows\System\FxZkjoi.exe
  C:\Windows\System\FxZkjoi.exe
  2⤵
  PID:4464
- C:\Windows\System\zicoehs.exe
  C:\Windows\System\zicoehs.exe
  2⤵
  PID:4180
- C:\Windows\System\YaBnsJt.exe
  C:\Windows\System\YaBnsJt.exe
  2⤵
  PID:4984
- C:\Windows\System\qWMlfXz.exe
  C:\Windows\System\qWMlfXz.exe
  2⤵
  PID:5140
- C:\Windows\System\AxOXGyv.exe
  C:\Windows\System\AxOXGyv.exe
  2⤵
  PID:4168
- C:\Windows\System\BTwgGiC.exe
  C:\Windows\System\BTwgGiC.exe
  2⤵
  PID:4864
- C:\Windows\System\CLtdbCV.exe
  C:\Windows\System\CLtdbCV.exe
  2⤵
  PID:4564
- C:\Windows\System\rbFPhBV.exe
  C:\Windows\System\rbFPhBV.exe
  2⤵
  PID:4972
- C:\Windows\System\AbCWnPC.exe
  C:\Windows\System\AbCWnPC.exe
  2⤵
  PID:4676
- C:\Windows\System\MKLmbus.exe
  C:\Windows\System\MKLmbus.exe
  2⤵
  PID:5240
- C:\Windows\System\NugYWAg.exe
  C:\Windows\System\NugYWAg.exe
  2⤵
  PID:5380
- C:\Windows\System\DhPLZkA.exe
  C:\Windows\System\DhPLZkA.exe
  2⤵
  PID:5424
- C:\Windows\System\zdhGgOY.exe
  C:\Windows\System\zdhGgOY.exe
  2⤵
  PID:5264
- C:\Windows\System\wolPppI.exe
  C:\Windows\System\wolPppI.exe
  2⤵
  PID:5436
- C:\Windows\System\KOTegnA.exe
  C:\Windows\System\KOTegnA.exe
  2⤵
  PID:5296
- C:\Windows\System\yVlStse.exe
  C:\Windows\System\yVlStse.exe
  2⤵
  PID:5440
- C:\Windows\System\eYzfGuB.exe
  C:\Windows\System\eYzfGuB.exe
  2⤵
  PID:5512
- C:\Windows\System\NqsnCME.exe
  C:\Windows\System\NqsnCME.exe
  2⤵
  PID:5524
- C:\Windows\System\YsiZdYv.exe
  C:\Windows\System\YsiZdYv.exe
  2⤵
  PID:5552
- C:\Windows\System\JtLwjcS.exe
  C:\Windows\System\JtLwjcS.exe
  2⤵
  PID:5616
- C:\Windows\System\OSfKeVC.exe
  C:\Windows\System\OSfKeVC.exe
  2⤵
  PID:5680
- C:\Windows\System\NrKmXUZ.exe
  C:\Windows\System\NrKmXUZ.exe
  2⤵
  PID:5604
- C:\Windows\System\iWgmYLR.exe
  C:\Windows\System\iWgmYLR.exe
  2⤵
  PID:5716
- C:\Windows\System\YlzDkaP.exe
  C:\Windows\System\YlzDkaP.exe
  2⤵
  PID:5664
- C:\Windows\System\eCkkUdy.exe
  C:\Windows\System\eCkkUdy.exe
  2⤵
  PID:5700
- C:\Windows\System\dPfPcxV.exe
  C:\Windows\System\dPfPcxV.exe
  2⤵
  PID:5764
- C:\Windows\System\aQlcESu.exe
  C:\Windows\System\aQlcESu.exe
  2⤵
  PID:5824
- C:\Windows\System\bmQatgt.exe
  C:\Windows\System\bmQatgt.exe
  2⤵
  PID:5892
- C:\Windows\System\YAGAmeS.exe
  C:\Windows\System\YAGAmeS.exe
  2⤵
  PID:5964
- C:\Windows\System\beuNSXh.exe
  C:\Windows\System\beuNSXh.exe
  2⤵
  PID:6024
- C:\Windows\System\wTptxSs.exe
  C:\Windows\System\wTptxSs.exe
  2⤵
  PID:5840
- C:\Windows\System\hoztkzZ.exe
  C:\Windows\System\hoztkzZ.exe
  2⤵
  PID:6028
- C:\Windows\System\FixRtIf.exe
  C:\Windows\System\FixRtIf.exe
  2⤵
  PID:5980
- C:\Windows\System\VnrxCgG.exe
  C:\Windows\System\VnrxCgG.exe
  2⤵
  PID:5944
- C:\Windows\System\TMErWdy.exe
  C:\Windows\System\TMErWdy.exe
  2⤵
  PID:6100
- C:\Windows\System\vbZZgxl.exe
  C:\Windows\System\vbZZgxl.exe
  2⤵
  PID:6136
- C:\Windows\System\XMkLvbN.exe
  C:\Windows\System\XMkLvbN.exe
  2⤵
  PID:6048
- C:\Windows\System\PrzyCFG.exe
  C:\Windows\System\PrzyCFG.exe
  2⤵
  PID:1484
- C:\Windows\System\GTDpuib.exe
  C:\Windows\System\GTDpuib.exe
  2⤵
  PID:4036
- C:\Windows\System\QwarEdF.exe
  C:\Windows\System\QwarEdF.exe
  2⤵
  PID:5072
- C:\Windows\System\iaCWgFe.exe
  C:\Windows\System\iaCWgFe.exe
  2⤵
  PID:4596
- C:\Windows\System\IESEBoP.exe
  C:\Windows\System\IESEBoP.exe
  2⤵
  PID:5132
- C:\Windows\System\WWYLsdT.exe
  C:\Windows\System\WWYLsdT.exe
  2⤵
  PID:5184
- C:\Windows\System\GJuVtMT.exe
  C:\Windows\System\GJuVtMT.exe
  2⤵
  PID:5192
- C:\Windows\System\AyhdtZU.exe
  C:\Windows\System\AyhdtZU.exe
  2⤵
  PID:4360
- C:\Windows\System\unnSFmb.exe
  C:\Windows\System\unnSFmb.exe
  2⤵
  PID:5280
- C:\Windows\System\SuqeHmU.exe
  C:\Windows\System\SuqeHmU.exe
  2⤵
  PID:5344
- C:\Windows\System\nnNWtlW.exe
  C:\Windows\System\nnNWtlW.exe
  2⤵
  PID:5456
- C:\Windows\System\teUblpk.exe
  C:\Windows\System\teUblpk.exe
  2⤵
  PID:5204
- C:\Windows\System\ApIbuPC.exe
  C:\Windows\System\ApIbuPC.exe
  2⤵
  PID:5168
- C:\Windows\System\rGMYjif.exe
  C:\Windows\System\rGMYjif.exe
  2⤵
  PID:5188
- C:\Windows\System\KSiSeAw.exe
  C:\Windows\System\KSiSeAw.exe
  2⤵
  PID:5332
- C:\Windows\System\RCmTdIi.exe
  C:\Windows\System\RCmTdIi.exe
  2⤵
  PID:5368
- C:\Windows\System\jNDEloU.exe
  C:\Windows\System\jNDEloU.exe
  2⤵
  PID:5492
- C:\Windows\System\fXAVUsS.exe
  C:\Windows\System\fXAVUsS.exe
  2⤵
  PID:5732
- C:\Windows\System\rtkqWvd.exe
  C:\Windows\System\rtkqWvd.exe
  2⤵
  PID:5600
- C:\Windows\System\twpIWHw.exe
  C:\Windows\System\twpIWHw.exe
  2⤵
  PID:5632
- C:\Windows\System\AItMhXt.exe
  C:\Windows\System\AItMhXt.exe
  2⤵
  PID:5784
- C:\Windows\System\FdmqTvI.exe
  C:\Windows\System\FdmqTvI.exe
  2⤵
  PID:5896
- C:\Windows\System\ylbRhaR.exe
  C:\Windows\System\ylbRhaR.exe
  2⤵
  PID:5908
- C:\Windows\System\KtIUpIZ.exe
  C:\Windows\System\KtIUpIZ.exe
  2⤵
  PID:5996
- C:\Windows\System\BZjHOvU.exe
  C:\Windows\System\BZjHOvU.exe
  2⤵
  PID:6068
- C:\Windows\System\dzyFUDT.exe
  C:\Windows\System\dzyFUDT.exe
  2⤵
  PID:6116
- C:\Windows\System\JNzdOLy.exe
  C:\Windows\System\JNzdOLy.exe
  2⤵
  PID:5148
- C:\Windows\System\EYaYkVF.exe
  C:\Windows\System\EYaYkVF.exe
  2⤵
  PID:5312
- C:\Windows\System\pqSRnIj.exe
  C:\Windows\System\pqSRnIj.exe
  2⤵
  PID:5352
- C:\Windows\System\DDeNUXQ.exe
  C:\Windows\System\DDeNUXQ.exe
  2⤵
  PID:4196
- C:\Windows\System\hylhtpt.exe
  C:\Windows\System\hylhtpt.exe
  2⤵
  PID:4264
- C:\Windows\System\FbHRYgd.exe
  C:\Windows\System\FbHRYgd.exe
  2⤵
  PID:4560
- C:\Windows\System\BQPNYhf.exe
  C:\Windows\System\BQPNYhf.exe
  2⤵
  PID:4664
- C:\Windows\System\QjRLnpk.exe
  C:\Windows\System\QjRLnpk.exe
  2⤵
  PID:5220
- C:\Windows\System\JhTcLqM.exe
  C:\Windows\System\JhTcLqM.exe
  2⤵
  PID:5496
- C:\Windows\System\CxvSubt.exe
  C:\Windows\System\CxvSubt.exe
  2⤵
  PID:1820
- C:\Windows\System\rpOWNLW.exe
  C:\Windows\System\rpOWNLW.exe
  2⤵
  PID:5804
- C:\Windows\System\AhDCKiV.exe
  C:\Windows\System\AhDCKiV.exe
  2⤵
  PID:5888
- C:\Windows\System\BOLBkqX.exe
  C:\Windows\System\BOLBkqX.exe
  2⤵
  PID:5976
- C:\Windows\System\fHoODZx.exe
  C:\Windows\System\fHoODZx.exe
  2⤵
  PID:4928
- C:\Windows\System\ATADdqP.exe
  C:\Windows\System\ATADdqP.exe
  2⤵
  PID:5016
- C:\Windows\System\AgyNoPg.exe
  C:\Windows\System\AgyNoPg.exe
  2⤵
  PID:5208
- C:\Windows\System\gXbJHrL.exe
  C:\Windows\System\gXbJHrL.exe
  2⤵
  PID:5528
- C:\Windows\System\BOlrUci.exe
  C:\Windows\System\BOlrUci.exe
  2⤵
  PID:2472
- C:\Windows\System\LQrPFGw.exe
  C:\Windows\System\LQrPFGw.exe
  2⤵
  PID:5648
- C:\Windows\System\pgfbudE.exe
  C:\Windows\System\pgfbudE.exe
  2⤵
  PID:5856
- C:\Windows\System\NOCerbJ.exe
  C:\Windows\System\NOCerbJ.exe
  2⤵
  PID:5404
- C:\Windows\System\AVDlbjj.exe
  C:\Windows\System\AVDlbjj.exe
  2⤵
  PID:4440
- C:\Windows\System\qZBCweT.exe
  C:\Windows\System\qZBCweT.exe
  2⤵
  PID:4988
- C:\Windows\System\gcmnuhE.exe
  C:\Windows\System\gcmnuhE.exe
  2⤵
  PID:5172
- C:\Windows\System\iDjwBev.exe
  C:\Windows\System\iDjwBev.exe
  2⤵
  PID:5532
- C:\Windows\System\GLZkUUL.exe
  C:\Windows\System\GLZkUUL.exe
  2⤵
  PID:5388
- C:\Windows\System\duMrVGz.exe
  C:\Windows\System\duMrVGz.exe
  2⤵
  PID:6132
- C:\Windows\System\crlWJwf.exe
  C:\Windows\System\crlWJwf.exe
  2⤵
  PID:1548
- C:\Windows\System\HPuVNqE.exe
  C:\Windows\System\HPuVNqE.exe
  2⤵
  PID:6148
- C:\Windows\System\cYoMBVc.exe
  C:\Windows\System\cYoMBVc.exe
  2⤵
  PID:6164
- C:\Windows\System\dDJdvnu.exe
  C:\Windows\System\dDJdvnu.exe
  2⤵
  PID:6180
- C:\Windows\System\rcTELJF.exe
  C:\Windows\System\rcTELJF.exe
  2⤵
  PID:6196
- C:\Windows\System\HQnzBEm.exe
  C:\Windows\System\HQnzBEm.exe
  2⤵
  PID:6212
- C:\Windows\System\EKVAOgm.exe
  C:\Windows\System\EKVAOgm.exe
  2⤵
  PID:6248
- C:\Windows\System\gBOvleA.exe
  C:\Windows\System\gBOvleA.exe
  2⤵
  PID:6272
- C:\Windows\System\kMbXpzX.exe
  C:\Windows\System\kMbXpzX.exe
  2⤵
  PID:6288
- C:\Windows\System\wGAvkXT.exe
  C:\Windows\System\wGAvkXT.exe
  2⤵
  PID:6304
- C:\Windows\System\pwmOFIB.exe
  C:\Windows\System\pwmOFIB.exe
  2⤵
  PID:6320
- C:\Windows\System\bNWOZrY.exe
  C:\Windows\System\bNWOZrY.exe
  2⤵
  PID:6336
- C:\Windows\System\QVYHgkA.exe
  C:\Windows\System\QVYHgkA.exe
  2⤵
  PID:6352
- C:\Windows\System\IuHXxnk.exe
  C:\Windows\System\IuHXxnk.exe
  2⤵
  PID:6368
- C:\Windows\System\CgoMFxY.exe
  C:\Windows\System\CgoMFxY.exe
  2⤵
  PID:6384
- C:\Windows\System\KEjrGuB.exe
  C:\Windows\System\KEjrGuB.exe
  2⤵
  PID:6400
- C:\Windows\System\lKaAgxK.exe
  C:\Windows\System\lKaAgxK.exe
  2⤵
  PID:6416
- C:\Windows\System\cwCrNdD.exe
  C:\Windows\System\cwCrNdD.exe
  2⤵
  PID:6432
- C:\Windows\System\zkvoMOt.exe
  C:\Windows\System\zkvoMOt.exe
  2⤵
  PID:6448
- C:\Windows\System\LhNYoPQ.exe
  C:\Windows\System\LhNYoPQ.exe
  2⤵
  PID:6464
- C:\Windows\System\HlEvWrw.exe
  C:\Windows\System\HlEvWrw.exe
  2⤵
  PID:6480
- C:\Windows\System\aLseRfJ.exe
  C:\Windows\System\aLseRfJ.exe
  2⤵
  PID:6496
- C:\Windows\System\vBePgmD.exe
  C:\Windows\System\vBePgmD.exe
  2⤵
  PID:6516
- C:\Windows\System\KJZszEL.exe
  C:\Windows\System\KJZszEL.exe
  2⤵
  PID:6540
- C:\Windows\System\NhrEmDg.exe
  C:\Windows\System\NhrEmDg.exe
  2⤵
  PID:6568
- C:\Windows\System\XpryZva.exe
  C:\Windows\System\XpryZva.exe
  2⤵
  PID:6600
- C:\Windows\System\UTjUviQ.exe
  C:\Windows\System\UTjUviQ.exe
  2⤵
  PID:6620
- C:\Windows\System\kEiLHsc.exe
  C:\Windows\System\kEiLHsc.exe
  2⤵
  PID:6644
- C:\Windows\System\tjPyPxX.exe
  C:\Windows\System\tjPyPxX.exe
  2⤵
  PID:6660
- C:\Windows\System\YfMiuQV.exe
  C:\Windows\System\YfMiuQV.exe
  2⤵
  PID:6676
- C:\Windows\System\XAzOYrE.exe
  C:\Windows\System\XAzOYrE.exe
  2⤵
  PID:6700
- C:\Windows\System\rLVfZBn.exe
  C:\Windows\System\rLVfZBn.exe
  2⤵
  PID:6716
- C:\Windows\System\rVpElzu.exe
  C:\Windows\System\rVpElzu.exe
  2⤵
  PID:6732
- C:\Windows\System\mDAgmqR.exe
  C:\Windows\System\mDAgmqR.exe
  2⤵
  PID:6748
- C:\Windows\System\FKBsOdk.exe
  C:\Windows\System\FKBsOdk.exe
  2⤵
  PID:6776
- C:\Windows\System\IudwlzY.exe
  C:\Windows\System\IudwlzY.exe
  2⤵
  PID:6792
- C:\Windows\System\Gqsfeko.exe
  C:\Windows\System\Gqsfeko.exe
  2⤵
  PID:6808
- C:\Windows\System\cwcYojJ.exe
  C:\Windows\System\cwcYojJ.exe
  2⤵
  PID:6824
- C:\Windows\System\LkPnPkV.exe
  C:\Windows\System\LkPnPkV.exe
  2⤵
  PID:6840
- C:\Windows\System\JaukYST.exe
  C:\Windows\System\JaukYST.exe
  2⤵
  PID:6856
- C:\Windows\System\lyfIFNd.exe
  C:\Windows\System\lyfIFNd.exe
  2⤵
  PID:6872
- C:\Windows\System\kIqcvQS.exe
  C:\Windows\System\kIqcvQS.exe
  2⤵
  PID:6888
- C:\Windows\System\HeOdQlk.exe
  C:\Windows\System\HeOdQlk.exe
  2⤵
  PID:6904
- C:\Windows\System\xLzBfKm.exe
  C:\Windows\System\xLzBfKm.exe
  2⤵
  PID:6920
- C:\Windows\System\DYQxduI.exe
  C:\Windows\System\DYQxduI.exe
  2⤵
  PID:6944
- C:\Windows\System\TwHDEhv.exe
  C:\Windows\System\TwHDEhv.exe
  2⤵
  PID:6960
- C:\Windows\System\AazGGIO.exe
  C:\Windows\System\AazGGIO.exe
  2⤵
  PID:6976
- C:\Windows\System\IpuLGjM.exe
  C:\Windows\System\IpuLGjM.exe
  2⤵
  PID:6992
- C:\Windows\System\fSKTnsJ.exe
  C:\Windows\System\fSKTnsJ.exe
  2⤵
  PID:7012
- C:\Windows\System\SCnSYUo.exe
  C:\Windows\System\SCnSYUo.exe
  2⤵
  PID:7028
- C:\Windows\System\ANqAubL.exe
  C:\Windows\System\ANqAubL.exe
  2⤵
  PID:7044
- C:\Windows\System\DlcHjzX.exe
  C:\Windows\System\DlcHjzX.exe
  2⤵
  PID:7072
- C:\Windows\System\QvYRuOs.exe
  C:\Windows\System\QvYRuOs.exe
  2⤵
  PID:7088
- C:\Windows\System\ICkidwY.exe
  C:\Windows\System\ICkidwY.exe
  2⤵
  PID:7108
- C:\Windows\System\rbKLAGu.exe
  C:\Windows\System\rbKLAGu.exe
  2⤵
  PID:7124
- C:\Windows\System\JiRdPaw.exe
  C:\Windows\System\JiRdPaw.exe
  2⤵
  PID:7140
- C:\Windows\System\QakVLCn.exe
  C:\Windows\System\QakVLCn.exe
  2⤵
  PID:7156
- C:\Windows\System\nlNTEru.exe
  C:\Windows\System\nlNTEru.exe
  2⤵
  PID:5004
- C:\Windows\System\roaGXNz.exe
  C:\Windows\System\roaGXNz.exe
  2⤵
  PID:6156
- C:\Windows\System\vKPdbNX.exe
  C:\Windows\System\vKPdbNX.exe
  2⤵
  PID:6176
- C:\Windows\System\qCSNKJg.exe
  C:\Windows\System\qCSNKJg.exe
  2⤵
  PID:5872
- C:\Windows\System\dVGPtZT.exe
  C:\Windows\System\dVGPtZT.exe
  2⤵
  PID:6232
- C:\Windows\System\ZjhTsUL.exe
  C:\Windows\System\ZjhTsUL.exe
  2⤵
  PID:6240
- C:\Windows\System\adHJpJS.exe
  C:\Windows\System\adHJpJS.exe
  2⤵
  PID:6312
- C:\Windows\System\mMkXXzq.exe
  C:\Windows\System\mMkXXzq.exe
  2⤵
  PID:6268
- C:\Windows\System\fXnjypk.exe
  C:\Windows\System\fXnjypk.exe
  2⤵
  PID:6428
- C:\Windows\System\KqIGSzr.exe
  C:\Windows\System\KqIGSzr.exe
  2⤵
  PID:6580
- C:\Windows\System\mItElbt.exe
  C:\Windows\System\mItElbt.exe
  2⤵
  PID:6640
- C:\Windows\System\jjkJgwG.exe
  C:\Windows\System\jjkJgwG.exe
  2⤵
  PID:6592
- C:\Windows\System\OdJgUIj.exe
  C:\Windows\System\OdJgUIj.exe
  2⤵
  PID:6696
- C:\Windows\System\eMerZpI.exe
  C:\Windows\System\eMerZpI.exe
  2⤵
  PID:6756
- C:\Windows\System\wAnbHPW.exe
  C:\Windows\System\wAnbHPW.exe
  2⤵
  PID:6768
- C:\Windows\System\jzKfwJT.exe
  C:\Windows\System\jzKfwJT.exe
  2⤵
  PID:6832
- C:\Windows\System\cwHgumr.exe
  C:\Windows\System\cwHgumr.exe
  2⤵
  PID:6376
- C:\Windows\System\cNPajTl.exe
  C:\Windows\System\cNPajTl.exe
  2⤵
  PID:6444
- C:\Windows\System\blJTwiA.exe
  C:\Windows\System\blJTwiA.exe
  2⤵
  PID:6296
- C:\Windows\System\QfYPsxm.exe
  C:\Windows\System\QfYPsxm.exe
  2⤵
  PID:6512
- C:\Windows\System\JBucaYU.exe
  C:\Windows\System\JBucaYU.exe
  2⤵
  PID:6488
- C:\Windows\System\xwfxces.exe
  C:\Windows\System\xwfxces.exe
  2⤵
  PID:6556
- C:\Windows\System\aoXLDHm.exe
  C:\Windows\System\aoXLDHm.exe
  2⤵
  PID:6528
- C:\Windows\System\vNpRqGP.exe
  C:\Windows\System\vNpRqGP.exe
  2⤵
  PID:6656
- C:\Windows\System\sZzcFVp.exe
  C:\Windows\System\sZzcFVp.exe
  2⤵
  PID:6588
- C:\Windows\System\iOEhOND.exe
  C:\Windows\System\iOEhOND.exe
  2⤵
  PID:6628
- C:\Windows\System\PiitBVf.exe
  C:\Windows\System\PiitBVf.exe
  2⤵
  PID:6804
- C:\Windows\System\cINmcPE.exe
  C:\Windows\System\cINmcPE.exe
  2⤵
  PID:6760
- C:\Windows\System\XkCDMEU.exe
  C:\Windows\System\XkCDMEU.exe
  2⤵
  PID:6848
- C:\Windows\System\kDTnICE.exe
  C:\Windows\System\kDTnICE.exe
  2⤵
  PID:6788
- C:\Windows\System\NqnfbUR.exe
  C:\Windows\System\NqnfbUR.exe
  2⤵
  PID:6968
- C:\Windows\System\uGysShS.exe
  C:\Windows\System\uGysShS.exe
  2⤵
  PID:6984
- C:\Windows\System\jkktETS.exe
  C:\Windows\System\jkktETS.exe
  2⤵
  PID:7080
- C:\Windows\System\okfOJzb.exe
  C:\Windows\System\okfOJzb.exe
  2⤵
  PID:7120
- C:\Windows\System\wGQzTll.exe
  C:\Windows\System\wGQzTll.exe
  2⤵
  PID:7068
- C:\Windows\System\XIjlpYZ.exe
  C:\Windows\System\XIjlpYZ.exe
  2⤵
  PID:7104
- C:\Windows\System\tFZotcl.exe
  C:\Windows\System\tFZotcl.exe
  2⤵
  PID:7020
- C:\Windows\System\kHmUrfr.exe
  C:\Windows\System\kHmUrfr.exe
  2⤵
  PID:7164
- C:\Windows\System\vnzAMWe.exe
  C:\Windows\System\vnzAMWe.exe
  2⤵
  PID:6224
- C:\Windows\System\wkxtPsr.exe
  C:\Windows\System\wkxtPsr.exe
  2⤵
  PID:6264
- C:\Windows\System\lMeuzPb.exe
  C:\Windows\System\lMeuzPb.exe
  2⤵
  PID:6868
- C:\Windows\System\ZjQBDDa.exe
  C:\Windows\System\ZjQBDDa.exe
  2⤵
  PID:6380
- C:\Windows\System\SJeOCsC.exe
  C:\Windows\System\SJeOCsC.exe
  2⤵
  PID:6424
- C:\Windows\System\EMnrvoF.exe
  C:\Windows\System\EMnrvoF.exe
  2⤵
  PID:6608
- C:\Windows\System\jTzFBrE.exe
  C:\Windows\System\jTzFBrE.exe
  2⤵
  PID:6552
- C:\Windows\System\RwsVSPL.exe
  C:\Windows\System\RwsVSPL.exe
  2⤵
  PID:6584
- C:\Windows\System\ZLYYruz.exe
  C:\Windows\System\ZLYYruz.exe
  2⤵
  PID:6712
- C:\Windows\System\GcgpbIL.exe
  C:\Windows\System\GcgpbIL.exe
  2⤵
  PID:6820
- C:\Windows\System\KyTXrzF.exe
  C:\Windows\System\KyTXrzF.exe
  2⤵
  PID:6916
- C:\Windows\System\nVjefMO.exe
  C:\Windows\System\nVjefMO.exe
  2⤵
  PID:6932
- C:\Windows\System\chepQnj.exe
  C:\Windows\System\chepQnj.exe
  2⤵
  PID:6956
- C:\Windows\System\vFAWrOT.exe
  C:\Windows\System\vFAWrOT.exe
  2⤵
  PID:7060
- C:\Windows\System\nnFLMTC.exe
  C:\Windows\System\nnFLMTC.exe
  2⤵
  PID:7096
- C:\Windows\System\YSEyDhe.exe
  C:\Windows\System\YSEyDhe.exe
  2⤵
  PID:6328
- C:\Windows\System\iSliOZd.exe
  C:\Windows\System\iSliOZd.exe
  2⤵
  PID:5932
- C:\Windows\System\VzNbNIv.exe
  C:\Windows\System\VzNbNIv.exe
  2⤵
  PID:6412
- C:\Windows\System\mFIjJDf.exe
  C:\Windows\System\mFIjJDf.exe
  2⤵
  PID:6260
- C:\Windows\System\SPBTrgx.exe
  C:\Windows\System\SPBTrgx.exe
  2⤵
  PID:6396
- C:\Windows\System\xZUaOJy.exe
  C:\Windows\System\xZUaOJy.exe
  2⤵
  PID:6896
- C:\Windows\System\grMHzTI.exe
  C:\Windows\System\grMHzTI.exe
  2⤵
  PID:6952
- C:\Windows\System\yBbhSMN.exe
  C:\Windows\System\yBbhSMN.exe
  2⤵
  PID:6344
- C:\Windows\System\feUiZKg.exe
  C:\Windows\System\feUiZKg.exe
  2⤵
  PID:6912
- C:\Windows\System\pBAZttw.exe
  C:\Windows\System\pBAZttw.exe
  2⤵
  PID:6192
- C:\Windows\System\PbRTBIM.exe
  C:\Windows\System\PbRTBIM.exe
  2⤵
  PID:7000
- C:\Windows\System\xfwoCnG.exe
  C:\Windows\System\xfwoCnG.exe
  2⤵
  PID:6560
- C:\Windows\System\IvTFqEj.exe
  C:\Windows\System\IvTFqEj.exe
  2⤵
  PID:6864
- C:\Windows\System\nBZQjgi.exe
  C:\Windows\System\nBZQjgi.exe
  2⤵
  PID:7052
- C:\Windows\System\hpMVOnn.exe
  C:\Windows\System\hpMVOnn.exe
  2⤵
  PID:5860
- C:\Windows\System\xfaskSk.exe
  C:\Windows\System\xfaskSk.exe
  2⤵
  PID:6504
- C:\Windows\System\jRabSgt.exe
  C:\Windows\System\jRabSgt.exe
  2⤵
  PID:6880
- C:\Windows\System\otsIYzZ.exe
  C:\Windows\System\otsIYzZ.exe
  2⤵
  PID:6408
- C:\Windows\System\yUEtuXb.exe
  C:\Windows\System\yUEtuXb.exe
  2⤵
  PID:6940
- C:\Windows\System\uhoFpsb.exe
  C:\Windows\System\uhoFpsb.exe
  2⤵
  PID:7176
- C:\Windows\System\YPKOOzm.exe
  C:\Windows\System\YPKOOzm.exe
  2⤵
  PID:7196
- C:\Windows\System\GXlMIFO.exe
  C:\Windows\System\GXlMIFO.exe
  2⤵
  PID:7216
- C:\Windows\System\vKynFUv.exe
  C:\Windows\System\vKynFUv.exe
  2⤵
  PID:7236
- C:\Windows\System\vSqeDzI.exe
  C:\Windows\System\vSqeDzI.exe
  2⤵
  PID:7256
- C:\Windows\System\AlTltOP.exe
  C:\Windows\System\AlTltOP.exe
  2⤵
  PID:7280
- C:\Windows\System\dfGMkTU.exe
  C:\Windows\System\dfGMkTU.exe
  2⤵
  PID:7312
- C:\Windows\System\mkCPBBx.exe
  C:\Windows\System\mkCPBBx.exe
  2⤵
  PID:7332
- C:\Windows\System\MpWxciM.exe
  C:\Windows\System\MpWxciM.exe
  2⤵
  PID:7348
- C:\Windows\System\AbdEAeq.exe
  C:\Windows\System\AbdEAeq.exe
  2⤵
  PID:7368
- C:\Windows\System\lQxGZZy.exe
  C:\Windows\System\lQxGZZy.exe
  2⤵
  PID:7384
- C:\Windows\System\JDFIrhT.exe
  C:\Windows\System\JDFIrhT.exe
  2⤵
  PID:7400
- C:\Windows\System\nRDTCDn.exe
  C:\Windows\System\nRDTCDn.exe
  2⤵
  PID:7416
- C:\Windows\System\XTWzwQj.exe
  C:\Windows\System\XTWzwQj.exe
  2⤵
  PID:7436
- C:\Windows\System\WlckiCQ.exe
  C:\Windows\System\WlckiCQ.exe
  2⤵
  PID:7452
- C:\Windows\System\crdpUEV.exe
  C:\Windows\System\crdpUEV.exe
  2⤵
  PID:7468
- C:\Windows\System\ktLNDDW.exe
  C:\Windows\System\ktLNDDW.exe
  2⤵
  PID:7484
- C:\Windows\System\zRmbMzB.exe
  C:\Windows\System\zRmbMzB.exe
  2⤵
  PID:7500
- C:\Windows\System\HqEeSfp.exe
  C:\Windows\System\HqEeSfp.exe
  2⤵
  PID:7552
- C:\Windows\System\kVYDxRs.exe
  C:\Windows\System\kVYDxRs.exe
  2⤵
  PID:7568
- C:\Windows\System\oeibvbn.exe
  C:\Windows\System\oeibvbn.exe
  2⤵
  PID:7584
- C:\Windows\System\cMZKBMT.exe
  C:\Windows\System\cMZKBMT.exe
  2⤵
  PID:7608
- C:\Windows\System\xHMMZur.exe
  C:\Windows\System\xHMMZur.exe
  2⤵
  PID:7624
- C:\Windows\System\TbWnXYy.exe
  C:\Windows\System\TbWnXYy.exe
  2⤵
  PID:7644
- C:\Windows\System\OpVzhso.exe
  C:\Windows\System\OpVzhso.exe
  2⤵
  PID:7660
- C:\Windows\System\VqlNCiN.exe
  C:\Windows\System\VqlNCiN.exe
  2⤵
  PID:7676
- C:\Windows\System\zHfFzTl.exe
  C:\Windows\System\zHfFzTl.exe
  2⤵
  PID:7696
- C:\Windows\System\DiSuaiC.exe
  C:\Windows\System\DiSuaiC.exe
  2⤵
  PID:7716
- C:\Windows\System\jIhrgXK.exe
  C:\Windows\System\jIhrgXK.exe
  2⤵
  PID:7732
- C:\Windows\System\cRZVoUs.exe
  C:\Windows\System\cRZVoUs.exe
  2⤵
  PID:7752
- C:\Windows\System\zbPCjZJ.exe
  C:\Windows\System\zbPCjZJ.exe
  2⤵
  PID:7772
- C:\Windows\System\EhuqTiB.exe
  C:\Windows\System\EhuqTiB.exe
  2⤵
  PID:7788
- C:\Windows\System\MsLAuZm.exe
  C:\Windows\System\MsLAuZm.exe
  2⤵
  PID:7808
- C:\Windows\System\SClPrNt.exe
  C:\Windows\System\SClPrNt.exe
  2⤵
  PID:7824
- C:\Windows\System\QIcajJW.exe
  C:\Windows\System\QIcajJW.exe
  2⤵
  PID:7840
- C:\Windows\System\QwcEHiv.exe
  C:\Windows\System\QwcEHiv.exe
  2⤵
  PID:7860
- C:\Windows\System\QPlwiAr.exe
  C:\Windows\System\QPlwiAr.exe
  2⤵
  PID:7876
- C:\Windows\System\mCJgPXA.exe
  C:\Windows\System\mCJgPXA.exe
  2⤵
  PID:7900
- C:\Windows\System\bIYiuhb.exe
  C:\Windows\System\bIYiuhb.exe
  2⤵
  PID:7924
- C:\Windows\System\rxSrWAc.exe
  C:\Windows\System\rxSrWAc.exe
  2⤵
  PID:7952
- C:\Windows\System\XZspQzd.exe
  C:\Windows\System\XZspQzd.exe
  2⤵
  PID:7972
- C:\Windows\System\jZHVqZd.exe
  C:\Windows\System\jZHVqZd.exe
  2⤵
  PID:7996
- C:\Windows\System\SFmlFli.exe
  C:\Windows\System\SFmlFli.exe
  2⤵
  PID:8012
- C:\Windows\System\ECCQcpz.exe
  C:\Windows\System\ECCQcpz.exe
  2⤵
  PID:8028
- C:\Windows\System\oXJMzfq.exe
  C:\Windows\System\oXJMzfq.exe
  2⤵
  PID:8044
- C:\Windows\System\sgxVyPf.exe
  C:\Windows\System\sgxVyPf.exe
  2⤵
  PID:8060
- C:\Windows\System\hTVGlKj.exe
  C:\Windows\System\hTVGlKj.exe
  2⤵
  PID:8080
- C:\Windows\System\mVQzUfn.exe
  C:\Windows\System\mVQzUfn.exe
  2⤵
  PID:8104
- C:\Windows\System\VmUwXrR.exe
  C:\Windows\System\VmUwXrR.exe
  2⤵
  PID:8120
- C:\Windows\System\pjbsAzH.exe
  C:\Windows\System\pjbsAzH.exe
  2⤵
  PID:8148
- C:\Windows\System\iovZOQW.exe
  C:\Windows\System\iovZOQW.exe
  2⤵
  PID:8176
- C:\Windows\System\asCLcKk.exe
  C:\Windows\System\asCLcKk.exe
  2⤵
  PID:7040
- C:\Windows\System\kRbZemC.exe
  C:\Windows\System\kRbZemC.exe
  2⤵
  PID:7224
- C:\Windows\System\DkTWPpg.exe
  C:\Windows\System\DkTWPpg.exe
  2⤵
  PID:7264
- C:\Windows\System\ikSbdWA.exe
  C:\Windows\System\ikSbdWA.exe
  2⤵
  PID:7248
- C:\Windows\System\hqjktHA.exe
  C:\Windows\System\hqjktHA.exe
  2⤵
  PID:7136
- C:\Windows\System\mnfQdwX.exe
  C:\Windows\System\mnfQdwX.exe
  2⤵
  PID:7116
- C:\Windows\System\mDOmMbk.exe
  C:\Windows\System\mDOmMbk.exe
  2⤵
  PID:7212
- C:\Windows\System\BfUeXAf.exe
  C:\Windows\System\BfUeXAf.exe
  2⤵
  PID:7320
- C:\Windows\System\qVMDxpP.exe
  C:\Windows\System\qVMDxpP.exe
  2⤵
  PID:7344
- C:\Windows\System\yvxGmyU.exe
  C:\Windows\System\yvxGmyU.exe
  2⤵
  PID:7392
- C:\Windows\System\NGTCRNF.exe
  C:\Windows\System\NGTCRNF.exe
  2⤵
  PID:7532
- C:\Windows\System\opjtusn.exe
  C:\Windows\System\opjtusn.exe
  2⤵
  PID:7412
- C:\Windows\System\WStOHzD.exe
  C:\Windows\System\WStOHzD.exe
  2⤵
  PID:7544
- C:\Windows\System\vaGvUgE.exe
  C:\Windows\System\vaGvUgE.exe
  2⤵
  PID:7592
- C:\Windows\System\gemrKGd.exe
  C:\Windows\System\gemrKGd.exe
  2⤵
  PID:7632
- C:\Windows\System\tYRycqh.exe
  C:\Windows\System\tYRycqh.exe
  2⤵
  PID:7672
- C:\Windows\System\pKaHkcs.exe
  C:\Windows\System\pKaHkcs.exe
  2⤵
  PID:7744
- C:\Windows\System\gEUFVEV.exe
  C:\Windows\System\gEUFVEV.exe
  2⤵
  PID:7820
- C:\Windows\System\BEcEWwZ.exe
  C:\Windows\System\BEcEWwZ.exe
  2⤵
  PID:7884
- C:\Windows\System\XnHXAJC.exe
  C:\Windows\System\XnHXAJC.exe
  2⤵
  PID:7576
- C:\Windows\System\EQxGfBF.exe
  C:\Windows\System\EQxGfBF.exe
  2⤵
  PID:7940
- C:\Windows\System\GwWxfKw.exe
  C:\Windows\System\GwWxfKw.exe
  2⤵
  PID:7616
- C:\Windows\System\xJucprr.exe
  C:\Windows\System\xJucprr.exe
  2⤵
  PID:7652
- C:\Windows\System\LOVGIaW.exe
  C:\Windows\System\LOVGIaW.exe
  2⤵
  PID:7724
- C:\Windows\System\yfsraaB.exe
  C:\Windows\System\yfsraaB.exe
  2⤵
  PID:7992
- C:\Windows\System\eVKzBca.exe
  C:\Windows\System\eVKzBca.exe
  2⤵
  PID:8088
- C:\Windows\System\cNtzBqz.exe
  C:\Windows\System\cNtzBqz.exe
  2⤵
  PID:8132
- C:\Windows\System\cvAgNYu.exe
  C:\Windows\System\cvAgNYu.exe
  2⤵
  PID:8136
- C:\Windows\System\BjIFgOO.exe
  C:\Windows\System\BjIFgOO.exe
  2⤵
  PID:8184
- C:\Windows\System\KUglelM.exe
  C:\Windows\System\KUglelM.exe
  2⤵
  PID:7208
- C:\Windows\System\RZnbcbH.exe
  C:\Windows\System\RZnbcbH.exe
  2⤵
  PID:7764
- C:\Windows\System\aomLNiV.exe
  C:\Windows\System\aomLNiV.exe
  2⤵
  PID:7276
- C:\Windows\System\QRFmFGV.exe
  C:\Windows\System\QRFmFGV.exe
  2⤵
  PID:6236
- C:\Windows\System\bYoUgVK.exe
  C:\Windows\System\bYoUgVK.exe
  2⤵
  PID:8040
- C:\Windows\System\cHExAGs.exe
  C:\Windows\System\cHExAGs.exe
  2⤵
  PID:8116
- C:\Windows\System\XhfuvDy.exe
  C:\Windows\System\XhfuvDy.exe
  2⤵
  PID:7464
- C:\Windows\System\PtVWRXV.exe
  C:\Windows\System\PtVWRXV.exe
  2⤵
  PID:7516
- C:\Windows\System\cVnKfZB.exe
  C:\Windows\System\cVnKfZB.exe
  2⤵
  PID:7600
- C:\Windows\System\TEZeuDE.exe
  C:\Windows\System\TEZeuDE.exe
  2⤵
  PID:7708
- C:\Windows\System\FWtIklP.exe
  C:\Windows\System\FWtIklP.exe
  2⤵
  PID:7548
- C:\Windows\System\dgzMGbk.exe
  C:\Windows\System\dgzMGbk.exe
  2⤵
  PID:7580
- C:\Windows\System\bHDcCsC.exe
  C:\Windows\System\bHDcCsC.exe
  2⤵
  PID:7944
- C:\Windows\System\TpUdFJP.exe
  C:\Windows\System\TpUdFJP.exe
  2⤵
  PID:7804
- C:\Windows\System\FoONMrA.exe
  C:\Windows\System\FoONMrA.exe
  2⤵
  PID:7380
- C:\Windows\System\DpmDckJ.exe
  C:\Windows\System\DpmDckJ.exe
  2⤵
  PID:7984
- C:\Windows\System\FadmqXg.exe
  C:\Windows\System\FadmqXg.exe
  2⤵
  PID:8128
- C:\Windows\System\lwcvaFg.exe
  C:\Windows\System\lwcvaFg.exe
  2⤵
  PID:7872
- C:\Windows\System\YMKzKTM.exe
  C:\Windows\System\YMKzKTM.exe
  2⤵
  PID:8188
- C:\Windows\System\oUgjZiU.exe
  C:\Windows\System\oUgjZiU.exe
  2⤵
  PID:7968
- C:\Windows\System\SHAVxFe.exe
  C:\Windows\System\SHAVxFe.exe
  2⤵
  PID:7192
- C:\Windows\System\jvGysfm.exe
  C:\Windows\System\jvGysfm.exe
  2⤵
  PID:8008
- C:\Windows\System\SGKaXKw.exe
  C:\Windows\System\SGKaXKw.exe
  2⤵
  PID:7476
- C:\Windows\System\WkDQzIv.exe
  C:\Windows\System\WkDQzIv.exe
  2⤵
  PID:7704
- C:\Windows\System\PUSIurE.exe
  C:\Windows\System\PUSIurE.exe
  2⤵
  PID:7512
- C:\Windows\System\xORyMGL.exe
  C:\Windows\System\xORyMGL.exe
  2⤵
  PID:7428
- C:\Windows\System\zotUIzn.exe
  C:\Windows\System\zotUIzn.exe
  2⤵
  PID:7460
- C:\Windows\System\PlfYASK.exe
  C:\Windows\System\PlfYASK.exe
  2⤵
  PID:7444
- C:\Windows\System\SMbEOud.exe
  C:\Windows\System\SMbEOud.exe
  2⤵
  PID:7684
- C:\Windows\System\XxSPqKD.exe
  C:\Windows\System\XxSPqKD.exe
  2⤵
  PID:8096
- C:\Windows\System\dFQUfGF.exe
  C:\Windows\System\dFQUfGF.exe
  2⤵
  PID:7964
- C:\Windows\System\GXDbEgR.exe
  C:\Windows\System\GXDbEgR.exe
  2⤵
  PID:8164
- C:\Windows\System\HqBNyAI.exe
  C:\Windows\System\HqBNyAI.exe
  2⤵
  PID:7604
- C:\Windows\System\SbWzABB.exe
  C:\Windows\System\SbWzABB.exe
  2⤵
  PID:8112
- C:\Windows\System\meLsbHR.exe
  C:\Windows\System\meLsbHR.exe
  2⤵
  PID:7780
- C:\Windows\System\VRucQRB.exe
  C:\Windows\System\VRucQRB.exe
  2⤵
  PID:7448
- C:\Windows\System\TiSfNDj.exe
  C:\Windows\System\TiSfNDj.exe
  2⤵
  PID:7896
- C:\Windows\System\qItAKOa.exe
  C:\Windows\System\qItAKOa.exe
  2⤵
  PID:7188
- C:\Windows\System\EhuSZeU.exe
  C:\Windows\System\EhuSZeU.exe
  2⤵
  PID:7296
- C:\Windows\System\LMsJimV.exe
  C:\Windows\System\LMsJimV.exe
  2⤵
  PID:7980
- C:\Windows\System\NOPIlaG.exe
  C:\Windows\System\NOPIlaG.exe
  2⤵
  PID:7784
- C:\Windows\System\hgDoCfV.exe
  C:\Windows\System\hgDoCfV.exe
  2⤵
  PID:8140
- C:\Windows\System\jgPtBNe.exe
  C:\Windows\System\jgPtBNe.exe
  2⤵
  PID:7432
- C:\Windows\System\YeCCyty.exe
  C:\Windows\System\YeCCyty.exe
  2⤵
  PID:7728
- C:\Windows\System\QOWqTBV.exe
  C:\Windows\System\QOWqTBV.exe
  2⤵
  PID:7856
- C:\Windows\System\ulUoRHr.exe
  C:\Windows\System\ulUoRHr.exe
  2⤵
  PID:7816
- C:\Windows\System\sasnrDT.exe
  C:\Windows\System\sasnrDT.exe
  2⤵
  PID:7340
- C:\Windows\System\hbJmYTA.exe
  C:\Windows\System\hbJmYTA.exe
  2⤵
  PID:7796
- C:\Windows\System\IpMMJpn.exe
  C:\Windows\System\IpMMJpn.exe
  2⤵
  PID:8200
- C:\Windows\System\VtsiYbA.exe
  C:\Windows\System\VtsiYbA.exe
  2⤵
  PID:8224
- C:\Windows\System\DYZhppS.exe
  C:\Windows\System\DYZhppS.exe
  2⤵
  PID:8244
- C:\Windows\System\UaZRbCe.exe
  C:\Windows\System\UaZRbCe.exe
  2⤵
  PID:8260
- C:\Windows\System\nfMuODK.exe
  C:\Windows\System\nfMuODK.exe
  2⤵
  PID:8292
- C:\Windows\System\MKudxzk.exe
  C:\Windows\System\MKudxzk.exe
  2⤵
  PID:8308
- C:\Windows\System\jraTHNo.exe
  C:\Windows\System\jraTHNo.exe
  2⤵
  PID:8324
- C:\Windows\System\tfRFOdr.exe
  C:\Windows\System\tfRFOdr.exe
  2⤵
  PID:8340
- C:\Windows\System\EtxhoLy.exe
  C:\Windows\System\EtxhoLy.exe
  2⤵
  PID:8360
- C:\Windows\System\bQIiMWD.exe
  C:\Windows\System\bQIiMWD.exe
  2⤵
  PID:8380
- C:\Windows\System\kWotrah.exe
  C:\Windows\System\kWotrah.exe
  2⤵
  PID:8404
- C:\Windows\System\lHOwjbj.exe
  C:\Windows\System\lHOwjbj.exe
  2⤵
  PID:8420
- C:\Windows\System\rGUZjtm.exe
  C:\Windows\System\rGUZjtm.exe
  2⤵
  PID:8452
- C:\Windows\System\lVcITBW.exe
  C:\Windows\System\lVcITBW.exe
  2⤵
  PID:8468
- C:\Windows\System\epuAbdI.exe
  C:\Windows\System\epuAbdI.exe
  2⤵
  PID:8484
- C:\Windows\System\YNXlFVd.exe
  C:\Windows\System\YNXlFVd.exe
  2⤵
  PID:8504
- C:\Windows\System\glASSfB.exe
  C:\Windows\System\glASSfB.exe
  2⤵
  PID:8536
- C:\Windows\System\YxdMPnB.exe
  C:\Windows\System\YxdMPnB.exe
  2⤵
  PID:8556
- C:\Windows\System\Epkjouz.exe
  C:\Windows\System\Epkjouz.exe
  2⤵
  PID:8572
- C:\Windows\System\pbwOMWR.exe
  C:\Windows\System\pbwOMWR.exe
  2⤵
  PID:8592
- C:\Windows\System\zHIyZpZ.exe
  C:\Windows\System\zHIyZpZ.exe
  2⤵
  PID:8612
- C:\Windows\System\joqgwhH.exe
  C:\Windows\System\joqgwhH.exe
  2⤵
  PID:8636
- C:\Windows\System\KcEqgSk.exe
  C:\Windows\System\KcEqgSk.exe
  2⤵
  PID:8656
- C:\Windows\System\JHRxsiB.exe
  C:\Windows\System\JHRxsiB.exe
  2⤵
  PID:8672
- C:\Windows\System\hzwMFnX.exe
  C:\Windows\System\hzwMFnX.exe
  2⤵
  PID:8692
- C:\Windows\System\fvPFNLj.exe
  C:\Windows\System\fvPFNLj.exe
  2⤵
  PID:8712
- C:\Windows\System\PMsGzcv.exe
  C:\Windows\System\PMsGzcv.exe
  2⤵
  PID:8728
- C:\Windows\System\TjjkCyi.exe
  C:\Windows\System\TjjkCyi.exe
  2⤵
  PID:8748
- C:\Windows\System\gUjPzQv.exe
  C:\Windows\System\gUjPzQv.exe
  2⤵
  PID:8780
- C:\Windows\System\pIPufLt.exe
  C:\Windows\System\pIPufLt.exe
  2⤵
  PID:8796
- C:\Windows\System\ctOLNLv.exe
  C:\Windows\System\ctOLNLv.exe
  2⤵
  PID:8816
- C:\Windows\System\CDyErzI.exe
  C:\Windows\System\CDyErzI.exe
  2⤵
  PID:8844
- C:\Windows\System\dbLnsOo.exe
  C:\Windows\System\dbLnsOo.exe
  2⤵
  PID:8860
- C:\Windows\System\ccJtgET.exe
  C:\Windows\System\ccJtgET.exe
  2⤵
  PID:8880
- C:\Windows\System\MYAPSuw.exe
  C:\Windows\System\MYAPSuw.exe
  2⤵
  PID:8900
- C:\Windows\System\GEeocCt.exe
  C:\Windows\System\GEeocCt.exe
  2⤵
  PID:8916
- C:\Windows\System\WItzHAe.exe
  C:\Windows\System\WItzHAe.exe
  2⤵
  PID:8932
- C:\Windows\System\WCTDHwn.exe
  C:\Windows\System\WCTDHwn.exe
  2⤵
  PID:8952
- C:\Windows\System\mFfvcCA.exe
  C:\Windows\System\mFfvcCA.exe
  2⤵
  PID:8980
- C:\Windows\System\EyVUkJI.exe
  C:\Windows\System\EyVUkJI.exe
  2⤵
  PID:9008
- C:\Windows\System\GxvxZVu.exe
  C:\Windows\System\GxvxZVu.exe
  2⤵
  PID:9024
- C:\Windows\System\zPUsRQC.exe
  C:\Windows\System\zPUsRQC.exe
  2⤵
  PID:9044
- C:\Windows\System\khZfsKD.exe
  C:\Windows\System\khZfsKD.exe
  2⤵
  PID:9060
- C:\Windows\System\aMutziW.exe
  C:\Windows\System\aMutziW.exe
  2⤵
  PID:9076
- C:\Windows\System\lFshYUF.exe
  C:\Windows\System\lFshYUF.exe
  2⤵
  PID:9092
- C:\Windows\System\RFvFyFx.exe
  C:\Windows\System\RFvFyFx.exe
  2⤵
  PID:9116
- C:\Windows\System\fwhYhMn.exe
  C:\Windows\System\fwhYhMn.exe
  2⤵
  PID:9140
- C:\Windows\System\pjjGixl.exe
  C:\Windows\System\pjjGixl.exe
  2⤵
  PID:9168
- C:\Windows\System\ERqVHcO.exe
  C:\Windows\System\ERqVHcO.exe
  2⤵
  PID:9184
- C:\Windows\System\APkrnlf.exe
  C:\Windows\System\APkrnlf.exe
  2⤵
  PID:9204
- C:\Windows\System\CuMahTy.exe
  C:\Windows\System\CuMahTy.exe
  2⤵
  PID:8212
- C:\Windows\System\pHQTjKl.exe
  C:\Windows\System\pHQTjKl.exe
  2⤵
  PID:8232
- C:\Windows\System\XXXSTvN.exe
  C:\Windows\System\XXXSTvN.exe
  2⤵
  PID:8272
- C:\Windows\System\UjTXifC.exe
  C:\Windows\System\UjTXifC.exe
  2⤵
  PID:8288
- C:\Windows\System\TKoCDJt.exe
  C:\Windows\System\TKoCDJt.exe
  2⤵
  PID:8316
- C:\Windows\System\bhqqsCd.exe
  C:\Windows\System\bhqqsCd.exe
  2⤵
  PID:8376
- C:\Windows\System\McGcXgs.exe
  C:\Windows\System\McGcXgs.exe
  2⤵
  PID:8348
- C:\Windows\System\ZGiDrPW.exe
  C:\Windows\System\ZGiDrPW.exe
  2⤵
  PID:8432
- C:\Windows\System\wPiKJmS.exe
  C:\Windows\System\wPiKJmS.exe
  2⤵
  PID:8464
- C:\Windows\System\KXGLHbi.exe
  C:\Windows\System\KXGLHbi.exe
  2⤵
  PID:8480
- C:\Windows\System\PjRPQGl.exe
  C:\Windows\System\PjRPQGl.exe
  2⤵
  PID:8532
- C:\Windows\System\ZUdOiSs.exe
  C:\Windows\System\ZUdOiSs.exe
  2⤵
  PID:8564
- C:\Windows\System\ygMrXBK.exe
  C:\Windows\System\ygMrXBK.exe
  2⤵
  PID:8588
- C:\Windows\System\jrpPnlo.exe
  C:\Windows\System\jrpPnlo.exe
  2⤵
  PID:8604
- C:\Windows\System\ocSRfic.exe
  C:\Windows\System\ocSRfic.exe
  2⤵
  PID:8664
- C:\Windows\System\DVEbCzv.exe
  C:\Windows\System\DVEbCzv.exe
  2⤵
  PID:8708
- C:\Windows\System\MDJzwIi.exe
  C:\Windows\System\MDJzwIi.exe
  2⤵
  PID:8680
- C:\Windows\System\VLGYkSb.exe
  C:\Windows\System\VLGYkSb.exe
  2⤵
  PID:8756
- C:\Windows\System\jinBqKU.exe
  C:\Windows\System\jinBqKU.exe
  2⤵
  PID:8776
- C:\Windows\System\brHTUKG.exe
  C:\Windows\System\brHTUKG.exe
  2⤵
  PID:8824
- C:\Windows\System\jskZmRD.exe
  C:\Windows\System\jskZmRD.exe
  2⤵
  PID:8840
- C:\Windows\System\xYIbSCr.exe
  C:\Windows\System\xYIbSCr.exe
  2⤵
  PID:8876
- C:\Windows\System\tmZpmEG.exe
  C:\Windows\System\tmZpmEG.exe
  2⤵
  PID:8924
- C:\Windows\System\CYNlmcg.exe
  C:\Windows\System\CYNlmcg.exe
  2⤵
  PID:8972
- C:\Windows\System\whQkvgR.exe
  C:\Windows\System\whQkvgR.exe
  2⤵
  PID:8996
- C:\Windows\System\dFeCEqI.exe
  C:\Windows\System\dFeCEqI.exe
  2⤵
  PID:9036
- C:\Windows\System\EoEhUrC.exe
  C:\Windows\System\EoEhUrC.exe
  2⤵
  PID:9104
- C:\Windows\System\oMLEfln.exe
  C:\Windows\System\oMLEfln.exe
  2⤵
  PID:9148
- C:\Windows\System\GAergxG.exe
  C:\Windows\System\GAergxG.exe
  2⤵
  PID:9128
- C:\Windows\System\nbekzof.exe
  C:\Windows\System\nbekzof.exe
  2⤵
  PID:9152
- C:\Windows\System\dtRVzjj.exe
  C:\Windows\System\dtRVzjj.exe
  2⤵
  PID:8252
- C:\Windows\System\IOeTywL.exe
  C:\Windows\System\IOeTywL.exe
  2⤵
  PID:8236
- C:\Windows\System\RsmTNif.exe
  C:\Windows\System\RsmTNif.exe
  2⤵
  PID:8368
- C:\Windows\System\IlFLXUe.exe
  C:\Windows\System\IlFLXUe.exe
  2⤵
  PID:8240
- C:\Windows\System\wmiXlsB.exe
  C:\Windows\System\wmiXlsB.exe
  2⤵
  PID:8352
- C:\Windows\System\slEewMs.exe
  C:\Windows\System\slEewMs.exe
  2⤵
  PID:8444
- C:\Windows\System\RLDDJAy.exe
  C:\Windows\System\RLDDJAy.exe
  2⤵
  PID:8496
- C:\Windows\System\HeQDwnc.exe
  C:\Windows\System\HeQDwnc.exe
  2⤵
  PID:8520
- C:\Windows\System\iUShNio.exe
  C:\Windows\System\iUShNio.exe
  2⤵
  PID:8548
- C:\Windows\System\bXQaDeG.exe
  C:\Windows\System\bXQaDeG.exe
  2⤵
  PID:8700
- C:\Windows\System\goXHKTl.exe
  C:\Windows\System\goXHKTl.exe
  2⤵
  PID:8580
- C:\Windows\System\yyseUAc.exe
  C:\Windows\System\yyseUAc.exe
  2⤵
  PID:8804
- C:\Windows\System\iUhXGjY.exe
  C:\Windows\System\iUhXGjY.exe
  2⤵
  PID:8528
- C:\Windows\System\vNaKPew.exe
  C:\Windows\System\vNaKPew.exe
  2⤵
  PID:8888
- C:\Windows\System\RjxBJnC.exe
  C:\Windows\System\RjxBJnC.exe
  2⤵
  PID:8968
- C:\Windows\System\zcTUeTN.exe
  C:\Windows\System\zcTUeTN.exe
  2⤵
  PID:9004
- C:\Windows\System\FTVjGtf.exe
  C:\Windows\System\FTVjGtf.exe
  2⤵
  PID:9112
- C:\Windows\System\koZAOxG.exe
  C:\Windows\System\koZAOxG.exe
  2⤵
  PID:9124
- C:\Windows\System\nCOLTdb.exe
  C:\Windows\System\nCOLTdb.exe
  2⤵
  PID:9056
- C:\Windows\System\NVNKdoT.exe
  C:\Windows\System\NVNKdoT.exe
  2⤵
  PID:9196
- C:\Windows\System\mqliZdV.exe
  C:\Windows\System\mqliZdV.exe
  2⤵
  PID:8280
- C:\Windows\System\FMZQXhu.exe
  C:\Windows\System\FMZQXhu.exe
  2⤵
  PID:8440
- C:\Windows\System\PwpuUNU.exe
  C:\Windows\System\PwpuUNU.exe
  2⤵
  PID:8492
- C:\Windows\System\KPPRTGX.exe
  C:\Windows\System\KPPRTGX.exe
  2⤵
  PID:8644
- C:\Windows\System\cIxfxSJ.exe
  C:\Windows\System\cIxfxSJ.exe
  2⤵
  PID:8764
- C:\Windows\System\HFCMFil.exe
  C:\Windows\System\HFCMFil.exe
  2⤵
  PID:8608
- C:\Windows\System\vGluRuA.exe
  C:\Windows\System\vGluRuA.exe
  2⤵
  PID:8772
- C:\Windows\System\njyxmAq.exe
  C:\Windows\System\njyxmAq.exe
  2⤵
  PID:8960
- C:\Windows\System\dPTrogt.exe
  C:\Windows\System\dPTrogt.exe
  2⤵
  PID:9084
- C:\Windows\System\qnoXQZh.exe
  C:\Windows\System\qnoXQZh.exe
  2⤵
  PID:9180
- C:\Windows\System\dzslpoa.exe
  C:\Windows\System\dzslpoa.exe
  2⤵
  PID:8276
- C:\Windows\System\TtOVwTH.exe
  C:\Windows\System\TtOVwTH.exe
  2⤵
  PID:8216
- C:\Windows\System\ZqLUtax.exe
  C:\Windows\System\ZqLUtax.exe
  2⤵
  PID:8940
- C:\Windows\System\WQIJlsp.exe
  C:\Windows\System\WQIJlsp.exe
  2⤵
  PID:8808
- C:\Windows\System\oZsPQTh.exe
  C:\Windows\System\oZsPQTh.exe
  2⤵
  PID:8740
- C:\Windows\System\uhMbJtG.exe
  C:\Windows\System\uhMbJtG.exe
  2⤵
  PID:8992
- C:\Windows\System\BVLzVdC.exe
  C:\Windows\System\BVLzVdC.exe
  2⤵
  PID:9108
- C:\Windows\System\qZiJXBd.exe
  C:\Windows\System\qZiJXBd.exe
  2⤵
  PID:8336
- C:\Windows\System\knUwNSp.exe
  C:\Windows\System\knUwNSp.exe
  2⤵
  PID:8552
- C:\Windows\System\KUYSHbW.exe
  C:\Windows\System\KUYSHbW.exe
  2⤵
  PID:8768
- C:\Windows\System\mYmPdXg.exe
  C:\Windows\System\mYmPdXg.exe
  2⤵
  PID:8284
- C:\Windows\System\usQkONz.exe
  C:\Windows\System\usQkONz.exe
  2⤵
  PID:8392
- C:\Windows\System\dVhIloG.exe
  C:\Windows\System\dVhIloG.exe
  2⤵
  PID:8724
- C:\Windows\System\qcoyjwW.exe
  C:\Windows\System\qcoyjwW.exe
  2⤵
  PID:8944
- C:\Windows\System\AYuijiu.exe
  C:\Windows\System\AYuijiu.exe
  2⤵
  PID:8856
- C:\Windows\System\EAuQcZW.exe
  C:\Windows\System\EAuQcZW.exe
  2⤵
  PID:9136
- C:\Windows\System\JSlRuxN.exe
  C:\Windows\System\JSlRuxN.exe
  2⤵
  PID:9220
- C:\Windows\System\AhaHDme.exe
  C:\Windows\System\AhaHDme.exe
  2⤵
  PID:9244
- C:\Windows\System\kAkKGvn.exe
  C:\Windows\System\kAkKGvn.exe
  2⤵
  PID:9260
- C:\Windows\System\uJDlzWi.exe
  C:\Windows\System\uJDlzWi.exe
  2⤵
  PID:9288
- C:\Windows\System\QwJEcPo.exe
  C:\Windows\System\QwJEcPo.exe
  2⤵
  PID:9304
- C:\Windows\System\yABVFSF.exe
  C:\Windows\System\yABVFSF.exe
  2⤵
  PID:9324
- C:\Windows\System\nqIepfR.exe
  C:\Windows\System\nqIepfR.exe
  2⤵
  PID:9344
- C:\Windows\System\JuooNWm.exe
  C:\Windows\System\JuooNWm.exe
  2⤵
  PID:9360
- C:\Windows\System\FyLhLzx.exe
  C:\Windows\System\FyLhLzx.exe
  2⤵
  PID:9376
- C:\Windows\System\UUYFjct.exe
  C:\Windows\System\UUYFjct.exe
  2⤵
  PID:9396
- C:\Windows\System\gloEUaF.exe
  C:\Windows\System\gloEUaF.exe
  2⤵
  PID:9412
- C:\Windows\System\TAMVUhp.exe
  C:\Windows\System\TAMVUhp.exe
  2⤵
  PID:9428
- C:\Windows\System\vjUCBxI.exe
  C:\Windows\System\vjUCBxI.exe
  2⤵
  PID:9452
- C:\Windows\System\rLMGQYe.exe
  C:\Windows\System\rLMGQYe.exe
  2⤵
  PID:9472
- C:\Windows\System\zCpLsFV.exe
  C:\Windows\System\zCpLsFV.exe
  2⤵
  PID:9492
- C:\Windows\System\DBuUDNW.exe
  C:\Windows\System\DBuUDNW.exe
  2⤵
  PID:9508
- C:\Windows\System\vgIDwTt.exe
  C:\Windows\System\vgIDwTt.exe
  2⤵
  PID:9524
- C:\Windows\System\FvSaaEq.exe
  C:\Windows\System\FvSaaEq.exe
  2⤵
  PID:9548
- C:\Windows\System\RcSJNjE.exe
  C:\Windows\System\RcSJNjE.exe
  2⤵
  PID:9564
- C:\Windows\System\SPxAslB.exe
  C:\Windows\System\SPxAslB.exe
  2⤵
  PID:9588
- C:\Windows\System\hypjXLZ.exe
  C:\Windows\System\hypjXLZ.exe
  2⤵
  PID:9608
- C:\Windows\System\bQJHkRq.exe
  C:\Windows\System\bQJHkRq.exe
  2⤵
  PID:9652
- C:\Windows\System\GKSEISY.exe
  C:\Windows\System\GKSEISY.exe
  2⤵
  PID:9672
- C:\Windows\System\hsfUeEI.exe
  C:\Windows\System\hsfUeEI.exe
  2⤵
  PID:9688
- C:\Windows\System\uaYaEFp.exe
  C:\Windows\System\uaYaEFp.exe
  2⤵
  PID:9708
- C:\Windows\System\oRMdCfh.exe
  C:\Windows\System\oRMdCfh.exe
  2⤵
  PID:9736
- C:\Windows\System\KEsmqBH.exe
  C:\Windows\System\KEsmqBH.exe
  2⤵
  PID:9752
- C:\Windows\System\xrOAcoN.exe
  C:\Windows\System\xrOAcoN.exe
  2⤵
  PID:9768
- C:\Windows\System\DECkjvB.exe
  C:\Windows\System\DECkjvB.exe
  2⤵
  PID:9784
- C:\Windows\System\nGbpqMK.exe
  C:\Windows\System\nGbpqMK.exe
  2⤵
  PID:9800
- C:\Windows\System\ZCZNOsw.exe
  C:\Windows\System\ZCZNOsw.exe
  2⤵
  PID:9816
- C:\Windows\System\HhlFgFR.exe
  C:\Windows\System\HhlFgFR.exe
  2⤵
  PID:9844
- C:\Windows\System\WRZCIMy.exe
  C:\Windows\System\WRZCIMy.exe
  2⤵
  PID:9860
- C:\Windows\System\kQzXejE.exe
  C:\Windows\System\kQzXejE.exe
  2⤵
  PID:9876
- C:\Windows\System\stbwiBX.exe
  C:\Windows\System\stbwiBX.exe
  2⤵
  PID:9900
- C:\Windows\System\mUaFCyC.exe
  C:\Windows\System\mUaFCyC.exe
  2⤵
  PID:9924
- C:\Windows\System\VXJGNxI.exe
  C:\Windows\System\VXJGNxI.exe
  2⤵
  PID:9940
- C:\Windows\System\MbLxdgx.exe
  C:\Windows\System\MbLxdgx.exe
  2⤵
  PID:9956
- C:\Windows\System\zAzfyWV.exe
  C:\Windows\System\zAzfyWV.exe
  2⤵
  PID:9980
- C:\Windows\System\ahyVsbH.exe
  C:\Windows\System\ahyVsbH.exe
  2⤵
  PID:10000
- C:\Windows\System\hEWGrap.exe
  C:\Windows\System\hEWGrap.exe
  2⤵
  PID:10020
- C:\Windows\System\jSNxfUV.exe
  C:\Windows\System\jSNxfUV.exe
  2⤵
  PID:10036
- C:\Windows\System\eKfEzpq.exe
  C:\Windows\System\eKfEzpq.exe
  2⤵
  PID:10056
- C:\Windows\System\MUWRsik.exe
  C:\Windows\System\MUWRsik.exe
  2⤵
  PID:10080
- C:\Windows\System\eYlgLGk.exe
  C:\Windows\System\eYlgLGk.exe
  2⤵
  PID:10108
- C:\Windows\System\xvtJnGK.exe
  C:\Windows\System\xvtJnGK.exe
  2⤵
  PID:10132
- C:\Windows\System\CabPcnU.exe
  C:\Windows\System\CabPcnU.exe
  2⤵
  PID:10160
- C:\Windows\System\aPlNnVr.exe
  C:\Windows\System\aPlNnVr.exe
  2⤵
  PID:10176
- C:\Windows\System\ZWtwZcg.exe
  C:\Windows\System\ZWtwZcg.exe
  2⤵
  PID:10200
- C:\Windows\System\VDGMkxf.exe
  C:\Windows\System\VDGMkxf.exe
  2⤵
  PID:10216
- C:\Windows\System\EGYjrcb.exe
  C:\Windows\System\EGYjrcb.exe
  2⤵
  PID:10236
- C:\Windows\System\KGecCmH.exe
  C:\Windows\System\KGecCmH.exe
  2⤵
  PID:9268
- C:\Windows\System\iGchtoS.exe
  C:\Windows\System\iGchtoS.exe
  2⤵
  PID:9284
- C:\Windows\System\wkrOasn.exe
  C:\Windows\System\wkrOasn.exe
  2⤵
  PID:9272
- C:\Windows\System\AjAWVeU.exe
  C:\Windows\System\AjAWVeU.exe
  2⤵
  PID:9384
- C:\Windows\System\OJAjVrZ.exe
  C:\Windows\System\OJAjVrZ.exe
  2⤵
  PID:9460
- C:\Windows\System\BRmAKma.exe
  C:\Windows\System\BRmAKma.exe
  2⤵
  PID:9532
- C:\Windows\System\dKSKnEK.exe
  C:\Windows\System\dKSKnEK.exe
  2⤵
  PID:9576
- C:\Windows\System\oPSSRjW.exe
  C:\Windows\System\oPSSRjW.exe
  2⤵
  PID:9620
- C:\Windows\System\YWnflSc.exe
  C:\Windows\System\YWnflSc.exe
  2⤵
  PID:9444
- C:\Windows\System\whMVWaz.exe
  C:\Windows\System\whMVWaz.exe
  2⤵
  PID:9332
- C:\Windows\System\jvVqPAC.exe
  C:\Windows\System\jvVqPAC.exe
  2⤵
  PID:9372
- C:\Windows\System\ZWGPONH.exe
  C:\Windows\System\ZWGPONH.exe
  2⤵
  PID:9484
- C:\Windows\System\yoMBzMK.exe
  C:\Windows\System\yoMBzMK.exe
  2⤵
  PID:9556
- C:\Windows\System\UpJsZcQ.exe
  C:\Windows\System\UpJsZcQ.exe
  2⤵
  PID:9684
- C:\Windows\System\AWrGcVO.exe
  C:\Windows\System\AWrGcVO.exe
  2⤵
  PID:9668
- C:\Windows\System\qUyeiWZ.exe
  C:\Windows\System\qUyeiWZ.exe
  2⤵
  PID:9732
- C:\Windows\System\qKzFLMF.exe
  C:\Windows\System\qKzFLMF.exe
  2⤵
  PID:9796
- C:\Windows\System\khaSYYn.exe
  C:\Windows\System\khaSYYn.exe
  2⤵
  PID:9868
- C:\Windows\System\cbaHhHL.exe
  C:\Windows\System\cbaHhHL.exe
  2⤵
  PID:9780
- C:\Windows\System\dzegHaj.exe
  C:\Windows\System\dzegHaj.exe
  2⤵
  PID:9852
- C:\Windows\System\vwOkCKM.exe
  C:\Windows\System\vwOkCKM.exe
  2⤵
  PID:9892
- C:\Windows\System\bgNmMjI.exe
  C:\Windows\System\bgNmMjI.exe
  2⤵
  PID:9916
- C:\Windows\System\yykHuOW.exe
  C:\Windows\System\yykHuOW.exe
  2⤵
  PID:9988
- C:\Windows\System\TWEHodB.exe
  C:\Windows\System\TWEHodB.exe
  2⤵
  PID:9972
- C:\Windows\System\oNZjxxK.exe
  C:\Windows\System\oNZjxxK.exe
  2⤵
  PID:10088
- C:\Windows\System\FzFkjcA.exe
  C:\Windows\System\FzFkjcA.exe
  2⤵
  PID:10100
- C:\Windows\System\VlEHzJd.exe
  C:\Windows\System\VlEHzJd.exe
  2⤵
  PID:10124
- C:\Windows\System\vFxyMZx.exe
  C:\Windows\System\vFxyMZx.exe
  2⤵
  PID:10156
- C:\Windows\System\xhJXxKD.exe
  C:\Windows\System\xhJXxKD.exe
  2⤵
  PID:10188
- C:\Windows\System\lQsNzbT.exe
  C:\Windows\System\lQsNzbT.exe
  2⤵
  PID:10212
- C:\Windows\System\GdaNWtH.exe
  C:\Windows\System\GdaNWtH.exe
  2⤵
  PID:10232
- C:\Windows\System\QFYgsTf.exe
  C:\Windows\System\QFYgsTf.exe
  2⤵
  PID:9352
- C:\Windows\System\QRCmlsb.exe
  C:\Windows\System\QRCmlsb.exe
  2⤵
  PID:9424
- C:\Windows\System\YDPuakd.exe
  C:\Windows\System\YDPuakd.exe
  2⤵
  PID:9468
- C:\Windows\System\UfuEJFX.exe
  C:\Windows\System\UfuEJFX.exe
  2⤵
  PID:9572
- C:\Windows\System\GTQoiOI.exe
  C:\Windows\System\GTQoiOI.exe
  2⤵
  PID:9644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\system\BFEZYxj.exe

Filesize
6.0MB

MD5
3f75fa90bc1826a1a6cd0f982d51387a

SHA1
10add78645366efa631eda3ea46461d52d62a8a9

SHA256
413827cff3b984b144a5db9bea2a2cae41316f3728d93b2e6580f479b5c07371

SHA512
2d48fd99a77b550eba7a200a8eb22a6ebe7c6a655b0ba62a32ec4c3d3a86134e86cb75776b84f6b23c137c39e2bbe3de685c9b57883ca88884b9c85a37d12967

Download Submit
C:\Windows\system\BlvXSLf.exe

Filesize
6.0MB

MD5
c815f2c3e73a559ecc6892457f4dc525

SHA1
6c8f17d859376d6230b53872e681d88cb6066c06

SHA256
b20a1bcf3604f24fbeafb23223efd1598e51b609225c4d99362c2655be1206b2

SHA512
193563dd138e37103a7cc88b8714df2301e061a4f5af7a3ed94c66b0cc56cbe7ef8fa530924b4a671a77ff17a8f4a1004954a1ec8b7bcbeb84a8d7cbff03c34a

Download Submit
C:\Windows\system\CwnrrUN.exe

Filesize
6.0MB

MD5
56ef73ef0e43484820bde2238d1d6839

SHA1
94cda75aa67ddf0d902213cf17de69ed74625c35

SHA256
f16e486aeee5d36dd4c6bf99112d1e978c351189b0bb273405eefd843bb540d4

SHA512
b6707d0be5a3aa996f7095df7b5b2776a8ceedf1b074351c7d7a345928e284d60b716e5847161b526217a7a49e715eae5306479480a3e7d83ce4541a0103a0dc

Download Submit
C:\Windows\system\IesuFwC.exe

Filesize
6.0MB

MD5
94ec73266c4a77b5ba0b735ac517ea57

SHA1
8fec14f7e961d95aa2c2a880035314a0c73ea86f

SHA256
6bd8c593ec2d698d0a6cb493bcfb205d1989fbff9e8c9d88bf83a2f8830cbc9b

SHA512
5268321b3b6a852bb01d2da6776a25389b1aaaf5f807267016fda25a845d77e81dba21b63ea5df0f6100f0bae45af28d1a8b1a816150a1860ed1ce3dd0a178cf

Download Submit
C:\Windows\system\KSxsPux.exe

Filesize
6.0MB

MD5
c6e2db1d67acd32c71073d7aff384276

SHA1
8d266b135597645a58e49fefb1ee0c168010c255

SHA256
e0e4e718e98a3193310e771b2cd2d526494c0212a5e9becc7d213a9c9f8a8ce7

SHA512
93f16496f0ce589abb41f6cae38042ad210b6bd115f305b72420b415ef2f353d9a74745851c2029124ba1a65e7bba1f9a9a94485d022ca47cc013f96894d27ee

Download Submit
C:\Windows\system\OhBkpSU.exe

Filesize
6.0MB

MD5
e29c0941c4e8a684fc5cf66c8765249d

SHA1
e7378b2864a505a438446fb4deeda7f16fc8846f

SHA256
fb099d10ebbbd8b9b28d6360e832539631b96deba66ae6e5978e0e08c775b31a

SHA512
46c0febe55bec4d12e8908201a71b6d698576c23615e0d3d6274e9732cfa262214483d350dcfab38e8a78191f4a7935d816587b56fd8b2225cc1f3fdd9755030

Download Submit
C:\Windows\system\RAMhygw.exe

Filesize
6.0MB

MD5
22de891fbfad14a513f683bd85261d5e

SHA1
5b6cf8a94bdcdd99c5876aa576905eb0c5193801

SHA256
d821957a9c6b736bb0d9818dca9c1c9d5f51a2923168ae4e8bf0257809de02ed

SHA512
238102ee2c4047df79b194ddc2f95389d5e5006fe0e090bf822321b4364d63362653f474282d54acef3496755b0678016e69b96ea804e4efdf16a3de0a5b2c2d

Download Submit
C:\Windows\system\SLYKWBT.exe

Filesize
6.0MB

MD5
f32b5bffeda286975bf2ba20c9410de5

SHA1
195f9a1427609b0c0d5c92a78ebc60baa9a512ea

SHA256
f2b66f5910aa399ef923023eaed8adc251ca1c16a0c2f67672b9219b780020a2

SHA512
f0d85d7b7d88984db91859ff883fa572e82a9a87c4b63e7cfe7591bcc54c1229af5c7abe108b0662ac28eaf7ee118a6341f32136df08f77de03f99b7c1b1104e

Download Submit
C:\Windows\system\TchftPG.exe

Filesize
6.0MB

MD5
7bc4e9245f151d90b9a60d419b6a959d

SHA1
adeac6ac5b98f481880dad83cbaf0ae834f6fa11

SHA256
c54c1192e11487ce1af4f880f0876805fe69885101b8bc16079953478ca41c24

SHA512
e9d9f215395f167c77c5501f2abea449044cef1b4df7c7bd1cf2b1e9984ff60c356515fc8a76bb3a8cca9f5d3c504acf773b02158d92e2a506feabf3f5ef9228

Download Submit
C:\Windows\system\Tiamseo.exe

Filesize
6.0MB

MD5
814b2e4a95cb2f9c74e4fbbfc2e26817

SHA1
17045571a207f05f9611b9fa75073ddc390402ee

SHA256
24524b18cd77a389df593ca6dfbe262b8adec44ecac776265d10681b6cbabebf

SHA512
76396bb765e5e7a103b09217e7e3a6bc490824fb9afbc33565f397144b2764627d603a3fe84c4cd8268eba42c0af6ef1a9fdb0b8a03b2e8f1b4a132e623399eb

Download Submit
C:\Windows\system\UNddQiB.exe

Filesize
6.0MB

MD5
ee852a3e8f35aeab8aa6b5a380d3f805

SHA1
69e3a501b4ebe25e94aed9ef0b5f8a9a2aba1ae5

SHA256
01953a77dce239f8e552ec8e5ef40a0ad42286155fc86d3b09fa209166523d41

SHA512
063a99023982604003bb8347352329ccec2835a7a39cdc50e1b036df3f462df6c4e35f8464c45bffc5aa5f93b9b5fac8ae7ac6da926d00878a892e6f96bc672d

Download Submit
C:\Windows\system\UWOPMzA.exe

Filesize
6.0MB

MD5
2d863136204b4cac4cd45bcd7a6df64b

SHA1
34a87b4e4adbf715960240e339760da70ffa1864

SHA256
575f77a9832888de006a5a3dbdbba0d84794158109d7e7964874bfc6d905054b

SHA512
42b5959f5808247dc4b29e026c0e4df042f34e7a391a8756e1b7e1ae1b51767e0729e91c99346212d38ebd3e95d218568b232548de7725580403336ba0cf5757

Download Submit
C:\Windows\system\Ukzxnct.exe

Filesize
6.0MB

MD5
8546800a7feab4f2050bc987c006778d

SHA1
7c8f1397c9ec521031a8b34aaf3b07fafb2c5d5e

SHA256
b2cd2dba2fbda1ecbfc8a912ba8a13d64267c44989cbafe707a7e9b1c23c36c9

SHA512
8a931b76d9efc03331f3fc06b8ed83cc264d4b59964642d990d6b4778f3caa00bb0e5a95cff26f73550d2da9f300702bddbf95a476c3c7700257b2822029faff

Download Submit
C:\Windows\system\ZUHrNNJ.exe

Filesize
6.0MB

MD5
f7bc0ed1ef0cd70fe5322abbbcf4ad5d

SHA1
329391be2fc9be673dd14a6c7950bfc4568cb7d8

SHA256
df51af3cb006fd2fd858ef8543f7bfcd8de0e3aa305b2208aa3e7cfd77833678

SHA512
b9abd38f1ba67787f32f3408f485f5f80bc990fcffdb67aedb6cd4dd45fbf65127ac4ed7edda3ca748e9601dbaf0235e8548701324b0f4173d877769af01b23e

Download Submit
C:\Windows\system\bklPwVv.exe

Filesize
6.0MB

MD5
59cc653e10932fea7daa50bfbbaafef2

SHA1
dbe89f990391b5ff81fe92d4d0462d9cf03f1283

SHA256
cceb63fdbfb886ba906312519fecf5a4e6ca9029a616b0386920d721dfa86a7c

SHA512
67625b62a06f2cf2e29d4a10f96c66ee2790fb076175d9f8ebbc958209eb2c45d876234e1e46cccd73f226fd2c0d37559069e67d9dfa24447a8722d2c6acbdda

Download Submit
C:\Windows\system\kESiQuY.exe

Filesize
6.0MB

MD5
a890d270cc69d89079bfb21097006512

SHA1
69a803d230d405b01d364770c19217228990661a

SHA256
b2dbeb9a8ccc18dd9a06662161a739d7236890e57cd8d3f048a8ae28c05d6dfc

SHA512
004210089f6ac10ea990b31678998019faa85f82e4bffb9bbb0b7b6bea88321f059d8e3c84a8d37aa23a99949a96d5f073a494982f850af4180d659932a75c9c

Download Submit
C:\Windows\system\kwDYjol.exe

Filesize
6.0MB

MD5
e070c7a7aed239cc16fe21aedf2b6579

SHA1
f106976b4e16e22a3a225371b2dd2f74bd6a668a

SHA256
ca515a1f8ff4c456b0fc23bcd3f888d1334acb46075bf346bf0b9360eb2a74d4

SHA512
22446ce5c8817750b244192c48918b5f26d40201bbe6e5c4a8ccaf09c558115df3fe4bfe198c385cdb4b2f6a9501a68bf86740d3863c20393b45cf016941a238

Download Submit
C:\Windows\system\mHvalzh.exe

Filesize
6.0MB

MD5
6d9e185bba15d8507a6a3c7e43d99664

SHA1
6083f05a2a6c0318e7282791a66fe3f8147e2240

SHA256
c3510f35a6e09fd30950ed17455709d110b9c3c8ce80c6a6322ffcfd5f10aed3

SHA512
7737cdf1ac7af6e4f078485f910bf61ddd23d02da74655a75d58dfc0e92a8d0b4dc1f27ed7727923c9f9000f9d0709bb5ee93a444301080163d1f50105f6be96

Download Submit
C:\Windows\system\rYyvQgv.exe

Filesize
6.0MB

MD5
9c2f913a720217d6f4f06e2def2cb264

SHA1
b69577053b598002a40bd7f31371fea2bf894c16

SHA256
59cea144919b5a0dc8a2b91628a52979c127e950fdd8dccbd63cbfb1507e7d6b

SHA512
ec5d2faa010246509d631dd17d039d057bcc8e617ab1f3dcca208a14cb2fabd62ab031e4c5dd22f60cbbdd42e3d4cd0c7adb7bb79115144678bd7c819c161663

Download Submit
C:\Windows\system\srkxXLl.exe

Filesize
6.0MB

MD5
310cc4d4c7f285d9cdcaebfa97ca10e9

SHA1
1e081accb476b16d094e188592b41bd776c65671

SHA256
95e350269a791325b1e15d390d67cc80d01285fc6cb1789f8b81e1f04656731e

SHA512
94c5cdcba3ef87b5bc64ca152d2b984bbe1da3b7917c393d5658b4d8bb439d5cb4bc30f4388cdd476ebae5aaf41c6c654c33bf573b171fc48b8e9ec42a398b62

Download Submit
C:\Windows\system\vCNgicc.exe

Filesize
6.0MB

MD5
4d5e38ca82f7c263bc49d5db00fb0bd0

SHA1
fb7400f6856b47fc5dd7a9578217934b27aac237

SHA256
5c44c105c00ee6348ea25eff85f2c3d7e28fe79e0c723611fad7ae9fa8b1da7f

SHA512
6da4846c61788af82b478737adb205b7619a04a1de6b2a84b1b535a54df4a726e1c12a56baf603b0f70b29a59a0488ebae36ee0ca3837555c64909e59e39ce7f

Download Submit
C:\Windows\system\yWMMhoL.exe

Filesize
6.0MB

MD5
70891fba174f06f653843635ae5adf40

SHA1
8c94cd6fc2ea424ad2a311bcbb19b1e6225eb7e5

SHA256
51ce307940d54cf24cf1b4e570f07ba71582bb34c6a1349c29b5ac234fa96dde

SHA512
6cda48faa55a4993c9c146b9fdfd9fcec25a03472933eaf5f1f0a877442f755db0ec1044ec1891c5d8dfafad5b407247d8b2d2982057e2f231b048b4db18a250

Download Submit
C:\Windows\system\zERCdIn.exe

Filesize
6.0MB

MD5
38929e1342c763d9a8d58b64b80e0df7

SHA1
fa97e8ceb91a411166f2982750dedbefdfef40e9

SHA256
02e9d698009469cd09c8879ef1c7050f4cbfb961419453067a053c0487e22ec2

SHA512
388a2c09a586cceb8a7ff083e7b01aa31f817d8ee9987f34a6cd1139ec95e38b94d2865ae4acef88a8027ea376e1663b96cc0baedccef7b5cbb83340c6cb86f0

Download Submit
C:\Windows\system\zVbZqRI.exe

Filesize
6.0MB

MD5
40c25fa279f546c29415deeb88039a7b

SHA1
f833eb8d0aad33cb4ecbbdb51f31e0ce3109720d

SHA256
df2fa7918bc9d3300c4d1f2869e5754880c6d1c67d8abb06ff0bbe497a07f45b

SHA512
0704a956e8c1b1594e01b4fe765957e75919668e08f6ba504f9abb6c20f1dd0c0d6c1c8ab524e880f76e4a5a0a03556a1c85aced6c19359f2ad44dc09d11fb4a

Download Submit
\Windows\system\BoAvdhU.exe

Filesize
6.0MB

MD5
5cda4eb7012f19ddc7ed6bbe2e6fe10a

SHA1
5b4e4ff68caf27303d96092e749169b26e81ff4c

SHA256
703be18993328d012c0f75aecf94b5302ffd622e200c42cd78dca27bbb1c9b80

SHA512
82396d8c714df0b91840e6f220b8be04802b16674079b7c7f86f7831b54188eb64b5f489dbf7bfcf239991c79508d1c515100dbcb7f92f21e717f70a7ead210a

Download Submit
\Windows\system\LjeHzHv.exe

Filesize
6.0MB

MD5
9936367425cb798a6e6c27ce77bddb72

SHA1
98c3049242ff2eefb227faed5fb2c7f55b55a5fb

SHA256
842842fbf105b48f2ef8c9ff883c3a18f02765b88146e0e7dfc0501885a30c47

SHA512
7c062f5f187827fd34aad2ce88d59547d9bd7b118e8ff48abbffeb39cf5deff5d16a5d5ef42f1b375f043059387d647ee9591b03942325e4085b5308955684be

Download Submit
\Windows\system\QcNEbBS.exe

Filesize
6.0MB

MD5
f73a0e632a31c5a2c0c84e7fae8d5e3e

SHA1
523feaef5ca17a1951512eccd3fffe317227ee11

SHA256
29176a372d2dcf47fafce1b7c62766ecc5ec601c44580f1e2337e797c441b075

SHA512
69512f068a90f845a5014be61033f83397d94469d0899bbfcbf15a2607663e4c8e03c32b3946d60572aa3fc84747d4c737d01ad2a2d96dba3714eefd77d7eabf

Download Submit
\Windows\system\VjfrxFk.exe

Filesize
6.0MB

MD5
81c010703f12acc34b72f92dacb65816

SHA1
7f8bea86f4a4870452370720ae6b31b133db6b8f

SHA256
bf9b10e635348b8374c2de0b49a66a5df7269f541cb91540a36d1242b91f4ed2

SHA512
092b0a9899eff67cd85a8ce5916d50d6859ec8481181ffee65de2b63160d270292ff19ffc7fb093d104f64888badc51966ec1eaa43426a353dcd316d222cba39

Download Submit
\Windows\system\YYIPbZL.exe

Filesize
6.0MB

MD5
066a44c6ff146141fa1519c73b3c2cca

SHA1
cff665f1e3d1909b4fa442014d1bdbde3d1bf0b9

SHA256
17a37a4894e8e0fec496b5a4c7a04cc87c146e8b6776c0276f8d29da9cd237c2

SHA512
e2a3cb2df09b13e4250be20c70388dd36ec572eaa450ebf2be82b9c7f4f212ba6de102b8f8ae41153c7f5d3082e0fad47efaa8f249ae50a39b3937a138304b23

Download Submit
\Windows\system\aQBPjyx.exe

Filesize
6.0MB

MD5
c34c893d652f4713baa6c10fc5947b42

SHA1
981b2818c860f513a9a030476ad4df3094af9a03

SHA256
b1bdc43744e141aea8273d66193be58eaea3f088cd5e98fe2f9a6d0fb623c552

SHA512
88e51119fb1798005c1852b327cd3e44795fe459f35883e1c4bcaf1d505b247651f112fbd4fd40fe9ea3bdaa5116d84de2b1155f5ae895422d3b5d4ac24b1690

Download Submit
\Windows\system\hYTJAmE.exe

Filesize
6.0MB

MD5
42919c3906cdc1c9499fbdc018b9763f

SHA1
6131c32954ba8cde7b8e2cadb6e92d58c4ba7c6b

SHA256
bb8607adeb2b6ecbb7befdd8d08c7cc0579ef5fd3212c4bb137e5cae253bb42f

SHA512
1fe36c479d2390a496f1ec9a917f151c9d30e067dc86d4fe3447e2bd68bc7ea0cda916e151c77a179ed2fabe3de07a74c2ec876023534c143fd5bccb0cc68e66

Download Submit
\Windows\system\spCUoXr.exe

Filesize
6.0MB

MD5
5126d45c573b3ba7c274dbef1cf91e54

SHA1
7dd9be2d55d49272a0741e59d3896016172af9f8

SHA256
e21d60506bcfaa011ffed565e3fff3331743a0c6e79d3e1f420f2ee64274c121

SHA512
0dff32ceba32af338e054e10bbb05a7f44c0e15cffd9a700515af3ab721852e44c6a1c70d1e0e8d5144beea989ba9abc833a77da3fd7c51fac3b327d73529981

Download Submit
memory/752-3127-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/752-13-0x000000013F9F0000-0x000000013FD44000-memory.dmp

Filesize
3.3MB

Download
memory/1028-101-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1028-3562-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1232-3175-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1232-93-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1232-36-0x000000013F900000-0x000000013FC54000-memory.dmp

Filesize
3.3MB

Download
memory/1844-3536-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1844-91-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1900-15-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1900-3128-0x000000013F260000-0x000000013F5B4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-68-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/1988-77-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/1988-73-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/1988-97-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1988-1-0x00000000001F0000-0x0000000000200000-memory.dmp

Filesize
64KB

Download
memory/1988-586-0x000000013F420000-0x000000013F774000-memory.dmp

Filesize
3.3MB

Download
memory/1988-986-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1988-71-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-106-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1988-7-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1988-0-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1988-26-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-42-0x000000013FA10000-0x000000013FD64000-memory.dmp

Filesize
3.3MB

Download
memory/1988-50-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/1988-92-0x000000013FE30000-0x0000000140184000-memory.dmp

Filesize
3.3MB

Download
memory/1988-67-0x00000000024B0000-0x0000000002804000-memory.dmp

Filesize
3.3MB

Download
memory/1988-20-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2296-22-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2296-3170-0x000000013F400000-0x000000013F754000-memory.dmp

Filesize
3.3MB

Download
memory/2428-3164-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-89-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2428-28-0x000000013F490000-0x000000013F7E4000-memory.dmp

Filesize
3.3MB

Download
memory/2460-3239-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2460-78-0x000000013F340000-0x000000013F694000-memory.dmp

Filesize
3.3MB

Download
memory/2520-3226-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2520-84-0x000000013F1A0000-0x000000013F4F4000-memory.dmp

Filesize
3.3MB

Download
memory/2588-83-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2588-3227-0x000000013F1E0000-0x000000013F534000-memory.dmp

Filesize
3.3MB

Download
memory/2656-3228-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2656-82-0x000000013F230000-0x000000013F584000-memory.dmp

Filesize
3.3MB

Download
memory/2720-100-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2720-3225-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2720-57-0x000000013F9E0000-0x000000013FD34000-memory.dmp

Filesize
3.3MB

Download
memory/2796-3173-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2796-66-0x000000013FBF0000-0x000000013FF44000-memory.dmp

Filesize
3.3MB

Download
memory/2868-3174-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download
memory/2868-62-0x000000013F6A0000-0x000000013F9F4000-memory.dmp

Filesize
3.3MB

Download